diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
deleted file mode 100644
index 1a3526825a41e..0000000000000
--- a/.github/FUNDING.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-github: [ncw]
-patreon: njcw
-liberapay: ncw
-custom: ["https://rclone.org/donate/"]
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9463899d74610..123014908bebb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,10 +1,6 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "daily"
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 19113318b7d36..d12696daf1987 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,9 +8,9 @@ name: build
 on:
   push:
     branches:
-      - '*'
+      - '**'
     tags:
-      - '*'
+      - '**'
   pull_request:
   workflow_dispatch:
     inputs:
@@ -27,12 +27,12 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        job_name: ['linux', 'linux_386', 'mac_amd64', 'mac_arm64', 'windows', 'other_os', 'go1.18', 'go1.19']
+        job_name: ['linux', 'linux_386', 'mac_amd64', 'mac_arm64', 'windows', 'other_os', 'go1.19', 'go1.20']
 
         include:
           - job_name: linux
             os: ubuntu-latest
-            go: '1.20'
+            go: '1.21'
             gotags: cmount
             build_flags: '-include "^linux/"'
             check: true
@@ -43,14 +43,14 @@ jobs:
 
           - job_name: linux_386
             os: ubuntu-latest
-            go: '1.20'
+            go: '1.21'
             goarch: 386
             gotags: cmount
             quicktest: true
 
           - job_name: mac_amd64
             os: macos-11
-            go: '1.20'
+            go: '1.21'
             gotags: 'cmount'
             build_flags: '-include "^darwin/amd64" -cgo'
             quicktest: true
@@ -59,14 +59,14 @@ jobs:
 
           - job_name: mac_arm64
             os: macos-11
-            go: '1.20'
+            go: '1.21'
             gotags: 'cmount'
             build_flags: '-include "^darwin/arm64" -cgo -macos-arch arm64 -cgo-cflags=-I/usr/local/include -cgo-ldflags=-L/usr/local/lib'
             deploy: true
 
           - job_name: windows
             os: windows-latest
-            go: '1.20'
+            go: '1.21'
             gotags: cmount
             cgo: '0'
             build_flags: '-include "^windows/"'
@@ -76,20 +76,20 @@ jobs:
 
           - job_name: other_os
             os: ubuntu-latest
-            go: '1.20'
+            go: '1.21'
             build_flags: '-exclude "^(windows/|darwin/|linux/)"'
             compile_all: true
             deploy: true
 
-          - job_name: go1.18
+          - job_name: go1.19
             os: ubuntu-latest
-            go: '1.18'
+            go: '1.19'
             quicktest: true
             racequicktest: true
 
-          - job_name: go1.19
+          - job_name: go1.20
             os: ubuntu-latest
-            go: '1.19'
+            go: '1.20'
             quicktest: true
             racequicktest: true
 
@@ -99,12 +99,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Install Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{ matrix.go }}
           check-latest: true
@@ -130,6 +130,11 @@ jobs:
       - name: Install Libraries on macOS
         shell: bash
         run: |
+          # https://github.com/Homebrew/brew/issues/15621#issuecomment-1619266788
+          # https://github.com/orgs/Homebrew/discussions/4612#discussioncomment-6319008
+          unset HOMEBREW_NO_INSTALL_FROM_API
+          brew untap --force homebrew/core
+          brew untap --force homebrew/cask
           brew update
           brew install --cask macfuse
         if: matrix.os == 'macos-11'
@@ -211,13 +216,12 @@ jobs:
         shell: bash
         run: |
           if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then make release_dep_linux ; fi
-          if [[ "${{ matrix.os }}" == "windows-latest" ]]; then make release_dep_windows ; fi
           make ci_beta
         env:
           RCLONE_CONFIG_PASS: ${{ secrets.RCLONE_CONFIG_PASS }}
         # working-directory: '$(modulePath)'
         # Deploy binaries if enabled in config && not a PR && not a fork
-        if: matrix.deploy && github.head_ref == '' && github.repository == 'rclone/rclone'
+        if: env.RCLONE_CONFIG_PASS != '' && matrix.deploy && github.head_ref == '' && github.repository == 'rclone/rclone'
 
   lint:
     if: ${{ github.event.inputs.manual == 'true' || (github.repository == 'rclone/rclone' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)) }}
@@ -227,7 +231,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Code quality test
         uses: golangci/golangci-lint-action@v3
@@ -237,9 +241,9 @@ jobs:
 
       # Run govulncheck on the latest go version, the one we build binaries with
       - name: Install Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           check-latest: true
 
       - name: Install govulncheck
@@ -256,15 +260,15 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       # Upgrade together with NDK version
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.21'
 
       - name: Go module cache
         uses: actions/cache@v3
@@ -352,4 +356,4 @@ jobs:
         env:
           RCLONE_CONFIG_PASS: ${{ secrets.RCLONE_CONFIG_PASS }}
         # Upload artifacts if not a PR && not a fork
-        if: github.head_ref == '' && github.repository == 'rclone/rclone'
+        if: env.RCLONE_CONFIG_PASS != '' && github.head_ref == '' && github.repository == 'rclone/rclone'
diff --git a/.github/workflows/build_publish_beta_docker_image.yml b/.github/workflows/build_publish_beta_docker_image.yml
new file mode 100644
index 0000000000000..4c4f935c4ceae
--- /dev/null
+++ b/.github/workflows/build_publish_beta_docker_image.yml
@@ -0,0 +1,77 @@
+name: Docker beta build
+
+on:
+    push:
+      branches:
+        - master
+jobs:
+    build:
+        if: github.repository == 'rclone/rclone'
+        runs-on: ubuntu-latest
+        name: Build image job
+        steps:
+            - name: Free some space
+              shell: bash
+              run: |
+                df -h .
+                # Remove android SDK
+                sudo rm -rf /usr/local/lib/android || true
+                # Remove .net runtime
+                sudo rm -rf /usr/share/dotnet || true
+                df -h .
+            - name: Checkout master
+              uses: actions/checkout@v4
+              with:
+                fetch-depth: 0
+            - name: Login to Docker Hub
+              uses: docker/login-action@v3
+              with:
+                username: ${{ secrets.DOCKERHUB_USERNAME }}
+                password: ${{ secrets.DOCKERHUB_TOKEN }}
+            - name: Extract metadata (tags, labels) for Docker
+              id: meta
+              uses: docker/metadata-action@v5
+              with:
+                images: ghcr.io/${{ github.repository }}
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+            - name: Login to GitHub Container Registry
+              uses: docker/login-action@v3
+              with:
+                registry: ghcr.io
+                # This is the user that triggered the Workflow. In this case, it will
+                # either be the user whom created the Release or manually triggered
+                # the workflow_dispatch.
+                username: ${{ github.actor }}
+                # `secrets.GITHUB_TOKEN` is a secret that's automatically generated by
+                # GitHub Actions at the start of a workflow run to identify the job.
+                # This is used to authenticate against GitHub Container Registry.
+                # See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
+                # for more detailed information.
+                password: ${{ secrets.GITHUB_TOKEN }}
+            - name: Show disk usage
+              shell: bash
+              run: |
+                df -h .
+            - name: Build and publish image
+              uses: docker/build-push-action@v5
+              with:
+                file: Dockerfile
+                context: .
+                push: true # push the image to ghcr
+                tags: |
+                  ghcr.io/rclone/rclone:beta
+                  rclone/rclone:beta
+                labels: ${{ steps.meta.outputs.labels }}
+                platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6
+                cache-from: type=gha, scope=${{ github.workflow }}
+                cache-to: type=gha, mode=max, scope=${{ github.workflow }}
+                provenance: false
+              # Eventually cache will need to be cleared if builds more frequent than once a week
+              # https://github.com/docker/build-push-action/issues/252
+            - name: Show disk usage
+              shell: bash
+              run: |
+                df -h .
diff --git a/.github/workflows/build_publish_docker_image.yml b/.github/workflows/build_publish_docker_image.yml
deleted file mode 100644
index af52509732534..0000000000000
--- a/.github/workflows/build_publish_docker_image.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: Docker beta build
-
-on:
-    push:
-      branches:
-        - master
-
-jobs:
-    build:
-        if: github.repository == 'rclone/rclone'
-        runs-on: ubuntu-latest
-        name: Build image job
-        steps:
-            - name: Checkout master
-              uses: actions/checkout@v3
-              with:
-                fetch-depth: 0
-            - name: Build and publish image
-              uses: ilteoood/docker_buildx@1.1.0
-              with:
-                tag: beta
-                imageName: rclone/rclone
-                platform: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6
-                publish: true
-                dockerHubUser: ${{ secrets.DOCKER_HUB_USER }}
-                dockerHubPassword: ${{ secrets.DOCKER_HUB_PASSWORD }}
diff --git a/.github/workflows/build_publish_release_docker_image.yml b/.github/workflows/build_publish_release_docker_image.yml
index 6fe9213c78761..319ce1b3050c6 100644
--- a/.github/workflows/build_publish_release_docker_image.yml
+++ b/.github/workflows/build_publish_release_docker_image.yml
@@ -10,8 +10,17 @@ jobs:
         runs-on: ubuntu-latest
         name: Build image job
         steps:
+            - name: Free some space
+              shell: bash
+              run: |
+                df -h .
+                # Remove android SDK
+                sudo rm -rf /usr/local/lib/android || true
+                # Remove .net runtime
+                sudo rm -rf /usr/share/dotnet || true
+                df -h .
             - name: Checkout master
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                 fetch-depth: 0
             - name: Get actual patch version
@@ -39,8 +48,17 @@ jobs:
         runs-on: ubuntu-latest
         name: Build docker plugin job
         steps:
+            - name: Free some space
+              shell: bash
+              run: |
+                df -h .
+                # Remove android SDK
+                sudo rm -rf /usr/local/lib/android || true
+                # Remove .net runtime
+                sudo rm -rf /usr/share/dotnet || true
+                df -h .
             - name: Checkout master
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                 fetch-depth: 0
             - name: Build and publish docker plugin
diff --git a/.github/workflows/winget.yml b/.github/workflows/winget.yml
index db79b3aa34ecf..6a2264b93a015 100644
--- a/.github/workflows/winget.yml
+++ b/.github/workflows/winget.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   publish:
-    runs-on: windows-latest # Action can only run on Windows
+    runs-on: ubuntu-latest
     steps:
       - uses: vedantmgoyal2009/winget-releaser@v2
         with:
diff --git a/.gitignore b/.gitignore
index ff61403f32e3d..9627f353d8d97 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,10 +8,13 @@ rclone.iml
 .idea
 .history
 *.test
-*.log
 *.iml
 fuzz-build.zip
 *.orig
 *.rej
 Thumbs.db
 __pycache__
+.DS_Store
+/docs/static/img/logos/
+resource_windows_*.syso
+.devcontainer
diff --git a/.golangci.yml b/.golangci.yml
index 9828c53dd9df4..0d61df700a51f 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -2,15 +2,17 @@
 
 linters:
   enable:
-    - deadcode
     - errcheck
     - goimports
     - revive
     - ineffassign
-    - structcheck
-    - varcheck
     - govet
     - unconvert
+    - staticcheck
+    - gosimple
+    - stylecheck
+    - unused
+    - misspell
     #- prealloc
     #- maligned
   disable-all: true
@@ -25,6 +27,74 @@ issues:
   # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
   max-same-issues: 0
 
+  exclude-rules:
+
+    - linters:
+      - staticcheck
+      text: 'SA1019: "github.com/rclone/rclone/cmd/serve/httplib" is deprecated'
+
+  # don't disable the revive messages about comments on exported functions
+  include:
+    - EXC0012
+    - EXC0013
+    - EXC0014
+    - EXC0015
+
 run:
   # timeout for analysis, e.g. 30s, 5m, default is 1m
   timeout: 10m
+
+linters-settings:
+  revive:
+    # setting rules seems to disable all the rules, so re-enable them here
+    rules:
+      - name: blank-imports
+        disabled: false
+      - name: context-as-argument
+        disabled: false
+      - name: context-keys-type
+        disabled: false
+      - name: dot-imports
+        disabled: false
+      - name: empty-block
+        disabled: true
+      - name: error-naming
+        disabled: false
+      - name: error-return
+        disabled: false
+      - name: error-strings
+        disabled: false
+      - name: errorf
+        disabled: false
+      - name: exported
+        disabled: false
+      - name: increment-decrement
+        disabled: true
+      - name: indent-error-flow
+        disabled: false
+      - name: package-comments
+        disabled: false
+      - name: range
+        disabled: false
+      - name: receiver-naming
+        disabled: false
+      - name: redefines-builtin-id
+        disabled: true
+      - name: superfluous-else
+        disabled: true
+      - name: time-naming
+        disabled: false
+      - name: unexported-return
+        disabled: false
+      - name: unreachable-code
+        disabled: true
+      - name: unused-parameter
+        disabled: true
+      - name: var-declaration
+        disabled: false
+      - name: var-naming
+        disabled: false
+  stylecheck:
+    # Only enable the checks performed by the staticcheck stand-alone tool,
+    # as documented here: https://staticcheck.io/docs/configuration/options/#checks
+    checks: ["all", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022", "-ST1023"]
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 6f8ea2aface69..6e2e885ee4bf3 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,8 +1,8 @@
-# Contributing to rclone #
+# Contributing to rclone
 
 This is a short guide on how to contribute things to rclone.
 
-## Reporting a bug ##
+## Reporting a bug
 
 If you've just got a question or aren't sure if you've found a bug
 then please use the [rclone forum](https://forum.rclone.org/) instead
@@ -12,13 +12,13 @@ When filing an issue, please include the following information if
 possible as well as a description of the problem.  Make sure you test
 with the [latest beta of rclone](https://beta.rclone.org/):
 
-  * Rclone version (e.g. output from `rclone version`)
-  * Which OS you are using and how many bits (e.g. Windows 10, 64 bit)
-  * The command you were trying to run (e.g. `rclone copy /tmp remote:tmp`)
-  * A log of the command with the `-vv` flag (e.g. output from `rclone -vv copy /tmp remote:tmp`)
-    * if the log contains secrets then edit the file with a text editor first to obscure them
+- Rclone version (e.g. output from `rclone version`)
+- Which OS you are using and how many bits (e.g. Windows 10, 64 bit)
+- The command you were trying to run (e.g. `rclone copy /tmp remote:tmp`)
+- A log of the command with the `-vv` flag (e.g. output from `rclone -vv copy /tmp remote:tmp`)
+    - if the log contains secrets then edit the file with a text editor first to obscure them
 
-## Submitting a new feature or bug fix ##
+## Submitting a new feature or bug fix
 
 If you find a bug that you'd like to fix, or a new feature that you'd
 like to implement then please submit a pull request via GitHub.
@@ -73,9 +73,9 @@ This is typically enough if you made a simple bug fix, otherwise please read the
 
 Make sure you
 
-  * Add [unit tests](#testing) for a new feature.
-  * Add [documentation](#writing-documentation) for a new feature.
-  * [Commit your changes](#committing-your-changes) using the [message guideline](#commit-messages).
+- Add [unit tests](#testing) for a new feature.
+- Add [documentation](#writing-documentation) for a new feature.
+- [Commit your changes](#committing-your-changes) using the [commit message guidelines](#commit-messages).
 
 When you are done with that push your changes to GitHub:
 
@@ -88,9 +88,9 @@ Your changes will then get reviewed and you might get asked to fix some stuff. I
 
 You may sometimes be asked to [base your changes on the latest master](#basing-your-changes-on-the-latest-master) or [squash your commits](#squashing-your-commits).
 
-## Using Git and GitHub ##
+## Using Git and GitHub
 
-### Committing your changes ###
+### Committing your changes
 
 Follow the guideline for [commit messages](#commit-messages) and then:
 
@@ -107,7 +107,7 @@ You can modify the message or changes in the latest commit using:
 
 If you amend to commits that have been pushed to GitHub, then you will have to [replace your previously pushed commits](#replacing-your-previously-pushed-commits).
 
-### Replacing your previously pushed commits ###
+### Replacing your previously pushed commits
 
 Note that you are about to rewrite the GitHub history of your branch. It is good practice to involve your collaborators before modifying commits that have been pushed to GitHub.
 
@@ -115,7 +115,7 @@ Your previously pushed commits are replaced by:
 
     git push --force origin my-new-feature 
 
-### Basing your changes on the latest master ###
+### Basing your changes on the latest master
 
 To base your changes on the latest version of the [rclone master](https://github.com/rclone/rclone/tree/master) (upstream):
 
@@ -149,13 +149,21 @@ If you squash commits that have been pushed to GitHub, then you will have to [re
 
 Tip: You may like to use `git rebase -i master` if you are experienced or have a more complex situation.
 
-### GitHub Continuous Integration ###
+### GitHub Continuous Integration
 
 rclone currently uses [GitHub Actions](https://github.com/rclone/rclone/actions) to build and test the project, which should be automatically available for your fork too from the `Actions` tab in your repository.
 
-## Testing ##
+## Testing
 
-### Quick testing ###
+### Code quality tests
+
+If you install [golangci-lint](https://github.com/golangci/golangci-lint) then you can run the same tests as get run in the CI which can be very helpful.
+
+You can run them with `make check` or with `golangci-lint run ./...`.
+
+Using these tests ensures that the rclone codebase all uses the same coding standards. These tests also check for easy mistakes to make (like forgetting to check an error return).
+
+### Quick testing
 
 rclone's tests are run from the go testing framework, so at the top
 level you can run this to run all the tests.
@@ -168,7 +176,7 @@ You can also use `make`, if supported by your platform
 
 The quicktest is [automatically run by GitHub](#github-continuous-integration) when you push your branch to GitHub.
 
-### Backend testing ###
+### Backend testing
 
 rclone contains a mixture of unit tests and integration tests.
 Because it is difficult (and in some respects pointless) to test cloud
@@ -203,7 +211,7 @@ project root:
     go install github.com/rclone/rclone/fstest/test_all
     test_all -backend drive
 
-### Full integration testing ###
+### Full integration testing
 
 If you want to run all the integration tests against all the remotes,
 then change into the project root and run
@@ -218,55 +226,56 @@ The commands may require some extra go packages which you can install with
 The full integration tests are run daily on the integration test server. You can
 find the results at https://pub.rclone.org/integration-tests/
 
-## Code Organisation ##
+## Code Organisation
 
 Rclone code is organised into a small number of top level directories
 with modules beneath.
 
-  * backend - the rclone backends for interfacing to cloud providers -
-    * all - import this to load all the cloud providers
-    * ...providers
-  * bin - scripts for use while building or maintaining rclone
-  * cmd - the rclone commands
-    * all - import this to load all the commands
-    * ...commands
-  * cmdtest - end-to-end tests of commands, flags, environment variables,...
-  * docs - the documentation and website
-    * content - adjust these docs only - everything else is autogenerated
-      * command - these are auto-generated - edit the corresponding .go file
-  * fs - main rclone definitions - minimal amount of code
-    * accounting - bandwidth limiting and statistics
-    * asyncreader - an io.Reader which reads ahead
-    * config - manage the config file and flags
-    * driveletter - detect if a name is a drive letter
-    * filter - implements include/exclude filtering
-    * fserrors - rclone specific error handling
-    * fshttp - http handling for rclone
-    * fspath - path handling for rclone
-    * hash - defines rclone's hash types and functions
-    * list - list a remote
-    * log - logging facilities
-    * march - iterates directories in lock step
-    * object - in memory Fs objects
-    * operations - primitives for sync, e.g. Copy, Move
-    * sync - sync directories
-    * walk - walk a directory
-  * fstest - provides integration test framework
-    * fstests - integration tests for the backends
-    * mockdir - mocks an fs.Directory
-    * mockobject - mocks an fs.Object
-    * test_all - Runs integration tests for everything
-  * graphics - the images used in the website, etc.
-  * lib - libraries used by the backend
-    * atexit - register functions to run when rclone exits
-    * dircache - directory ID to name caching
-    * oauthutil - helpers for using oauth
-    * pacer - retries with backoff and paces operations
-    * readers - a selection of useful io.Readers
-    * rest - a thin abstraction over net/http for REST
-  * vfs - Virtual FileSystem layer for implementing rclone mount and similar
-
-## Writing Documentation ##
+- backend - the rclone backends for interfacing to cloud providers -
+    - all - import this to load all the cloud providers
+    - ...providers
+- bin - scripts for use while building or maintaining rclone
+- cmd - the rclone commands
+    - all - import this to load all the commands
+    - ...commands
+- cmdtest - end-to-end tests of commands, flags, environment variables,...
+- docs - the documentation and website
+    - content - adjust these docs only - everything else is autogenerated
+    - command - these are auto-generated - edit the corresponding .go file
+- fs - main rclone definitions - minimal amount of code
+    - accounting - bandwidth limiting and statistics
+    - asyncreader - an io.Reader which reads ahead
+    - config - manage the config file and flags
+    - driveletter - detect if a name is a drive letter
+    - filter - implements include/exclude filtering
+    - fserrors - rclone specific error handling
+    - fshttp - http handling for rclone
+    - fspath - path handling for rclone
+    - hash - defines rclone's hash types and functions
+    - list - list a remote
+    - log - logging facilities
+    - march - iterates directories in lock step
+    - object - in memory Fs objects
+    - operations - primitives for sync, e.g. Copy, Move
+    - sync - sync directories
+    - walk - walk a directory
+- fstest - provides integration test framework
+    - fstests - integration tests for the backends
+    - mockdir - mocks an fs.Directory
+    - mockobject - mocks an fs.Object
+    - test_all - Runs integration tests for everything
+- graphics - the images used in the website, etc.
+- lib - libraries used by the backend
+    - atexit - register functions to run when rclone exits
+    - dircache - directory ID to name caching
+    - oauthutil - helpers for using oauth
+    - pacer - retries with backoff and paces operations
+    - readers - a selection of useful io.Readers
+    - rest - a thin abstraction over net/http for REST
+- librclone - in memory interface to rclone's API for embedding rclone
+- vfs - Virtual FileSystem layer for implementing rclone mount and similar
+
+## Writing Documentation
 
 If you are adding a new feature then please update the documentation.
 
@@ -277,22 +286,22 @@ alphabetical order.
 If you add a new backend option/flag, then it should be documented in
 the source file in the `Help:` field.
 
-  * Start with the most important information about the option,
+- Start with the most important information about the option,
     as a single sentence on a single line.
-    * This text will be used for the command-line flag help.
-    * It will be combined with other information, such as any default value,
+    - This text will be used for the command-line flag help.
+    - It will be combined with other information, such as any default value,
       and the result will look odd if not written as a single sentence.
-    * It should end with a period/full stop character, which will be shown
+    - It should end with a period/full stop character, which will be shown
       in docs but automatically removed when producing the flag help.
-    * Try to keep it below 80 characters, to reduce text wrapping in the terminal.
-  * More details can be added in a new paragraph, after an empty line (`"\n\n"`).
-    * Like with docs generated from Markdown, a single line break is ignored
+    - Try to keep it below 80 characters, to reduce text wrapping in the terminal.
+- More details can be added in a new paragraph, after an empty line (`"\n\n"`).
+    - Like with docs generated from Markdown, a single line break is ignored
       and two line breaks creates a new paragraph.
-    * This text will be shown to the user in `rclone config`
+    - This text will be shown to the user in `rclone config`
       and in the docs (where it will be added by `make backenddocs`,
       normally run some time before next release).
-  * To create options of enumeration type use the `Examples:` field.
-    * Each example value have their own `Help:` field, but they are treated
+- To create options of enumeration type use the `Examples:` field.
+    - Each example value have their own `Help:` field, but they are treated
       a bit different than the main option help text. They will be shown
       as an unordered list, therefore a single line break is enough to
       create a new list item. Also, for enumeration texts like name of
@@ -312,12 +321,12 @@ combined unmodified with other information (such as any default value).
 Note that you can use [GitHub's online editor](https://help.github.com/en/github/managing-files-in-a-repository/editing-files-in-another-users-repository)
 for small changes in the docs which makes it very easy.
 
-## Making a release ##
+## Making a release
 
 There are separate instructions for making a release in the RELEASE.md
 file.
 
-## Commit messages ##
+## Commit messages
 
 Please make the first line of your commit message a summary of the
 change that a user (not a developer) of rclone would like to read, and
@@ -358,7 +367,7 @@ error fixing the hang.
 Fixes #1498
 ```
 
-## Adding a dependency ##
+## Adding a dependency
 
 rclone uses the [go
 modules](https://tip.golang.org/cmd/go/#hdr-Modules__module_versions__and_more)
@@ -370,7 +379,7 @@ To add a dependency `github.com/ncw/new_dependency` see the
 instructions below.  These will fetch the dependency and add it to
 `go.mod` and `go.sum`.
 
-    GO111MODULE=on go get github.com/ncw/new_dependency
+    go get github.com/ncw/new_dependency
 
 You can add constraints on that package when doing `go get` (see the
 go docs linked above), but don't unless you really need to.
@@ -378,15 +387,15 @@ go docs linked above), but don't unless you really need to.
 Please check in the changes generated by `go mod` including `go.mod`
 and `go.sum` in the same commit as your other changes.
 
-## Updating a dependency ##
+## Updating a dependency
 
 If you need to update a dependency then run
 
-    GO111MODULE=on go get -u golang.org/x/crypto
+    go get golang.org/x/crypto
 
 Check in a single commit as above.
 
-## Updating all the dependencies ##
+## Updating all the dependencies
 
 In order to update all the dependencies then run `make update`.  This
 just uses the go modules to update all the modules to their latest
@@ -395,7 +404,7 @@ stable release. Check in the changes in a single commit as above.
 This should be done early in the release cycle to pick up new versions
 of packages in time for them to get some testing.
 
-## Updating a backend ##
+## Updating a backend
 
 If you update a backend then please run the unit tests and the
 integration tests for that backend.
@@ -410,82 +419,133 @@ integration tests.
 
 The next section goes into more detail about the tests.
 
-## Writing a new backend ##
+## Writing a new backend
 
 Choose a name.  The docs here will use `remote` as an example.
 
 Note that in rclone terminology a file system backend is called a
 remote or an fs.
 
-Research
+### Research
 
-  * Look at the interfaces defined in `fs/fs.go`
-  * Study one or more of the existing remotes
+- Look at the interfaces defined in `fs/types.go`
+- Study one or more of the existing remotes
 
-Getting going
+### Getting going
 
-  * Create `backend/remote/remote.go` (copy this from a similar remote)
-    * box is a good one to start from if you have a directory-based remote
-    * b2 is a good one to start from if you have a bucket-based remote
-  * Add your remote to the imports in `backend/all/all.go`
-  * HTTP based remotes are easiest to maintain if they use rclone's rest module, but if there is a really good go SDK then use that instead.
-  * Try to implement as many optional methods as possible as it makes the remote more usable.
-  * Use lib/encoder to make sure we can encode any path name and `rclone info` to help determine the encodings needed
-    * `rclone purge -v TestRemote:rclone-info`
-    * `rclone test info --all --remote-encoding None -vv --write-json remote.json TestRemote:rclone-info`
-    * `go run cmd/test/info/internal/build_csv/main.go -o remote.csv remote.json`
-    * open `remote.csv` in a spreadsheet and examine
+- Create `backend/remote/remote.go` (copy this from a similar remote)
+    - box is a good one to start from if you have a directory-based remote (and shows how to use the directory cache)
+    - b2 is a good one to start from if you have a bucket-based remote
+- Add your remote to the imports in `backend/all/all.go`
+- HTTP based remotes are easiest to maintain if they use rclone's [lib/rest](https://pkg.go.dev/github.com/rclone/rclone/lib/rest) module, but if there is a really good Go SDK from the provider then use that instead.
+- Try to implement as many optional methods as possible as it makes the remote more usable.
+- Use [lib/encoder](https://pkg.go.dev/github.com/rclone/rclone/lib/encoder) to make sure we can encode any path name and `rclone info` to help determine the encodings needed
+    - `rclone purge -v TestRemote:rclone-info`
+    - `rclone test info --all --remote-encoding None -vv --write-json remote.json TestRemote:rclone-info`
+    - `go run cmd/test/info/internal/build_csv/main.go -o remote.csv remote.json`
+    - open `remote.csv` in a spreadsheet and examine
 
-Unit tests
+### Guidelines for a speedy merge
 
-  * Create a config entry called `TestRemote` for the unit tests to use
-  * Create a `backend/remote/remote_test.go` - copy and adjust your example remote
-  * Make sure all tests pass with `go test -v`
+- **Do** use [lib/rest](https://pkg.go.dev/github.com/rclone/rclone/lib/rest) if you are implementing a REST like backend and parsing XML/JSON in the backend.
+- **Do** use rclone's Client or Transport from [fs/fshttp](https://pkg.go.dev/github.com/rclone/rclone/fs/fshttp) if your backend is HTTP based - this adds features like `--dump bodies`, `--tpslimit`, `--user-agent` without you having to code anything!
+- **Do** follow your example backend exactly - use the same code order, function names, layout, structure. **Don't** move stuff around and **Don't** delete the comments.
+- **Do not** split your backend up into `fs.go` and `object.go` (there are a few backends like that - don't follow them!)
+- **Do** put your API type definitions in a separate file - by preference `api/types.go`
+- **Remember** we have >50 backends to maintain so keeping them as similar as possible to each other is a high priority!
 
-Integration tests
+### Unit tests
 
-  * Add your backend to `fstest/test_all/config.yaml`
-      * Once you've done that then you can use the integration test framework from the project root:
-      * go install ./...
-      * test_all -backends remote
+- Create a config entry called `TestRemote` for the unit tests to use
+- Create a `backend/remote/remote_test.go` - copy and adjust your example remote
+- Make sure all tests pass with `go test -v`
+
+### Integration tests
+
+- Add your backend to `fstest/test_all/config.yaml`
+    - Once you've done that then you can use the integration test framework from the project root:
+    - go install ./...
+    - test_all -backends remote
 
 Or if you want to run the integration tests manually:
 
-  * Make sure integration tests pass with
-      * `cd fs/operations`
-      * `go test -v -remote TestRemote:`
-      * `cd fs/sync`
-      * `go test -v -remote TestRemote:`
-  * If your remote defines `ListR` check with this also
-      * `go test -v -remote TestRemote: -fast-list`
+- Make sure integration tests pass with
+    - `cd fs/operations`
+    - `go test -v -remote TestRemote:`
+    - `cd fs/sync`
+    - `go test -v -remote TestRemote:`
+- If your remote defines `ListR` check with this also
+    - `go test -v -remote TestRemote: -fast-list`
 
 See the [testing](#testing) section for more information on integration tests.
 
-Add your fs to the docs - you'll need to pick an icon for it from
+### Backend documentation
+
+Add your backend to the docs - you'll need to pick an icon for it from
 [fontawesome](http://fontawesome.io/icons/).  Keep lists of remotes in
 alphabetical order of full name of remote (e.g. `drive` is ordered as
 `Google Drive`) but with the local file system last.
 
-  * `README.md` - main GitHub page
-  * `docs/content/remote.md` - main docs page (note the backend options are automatically added to this file with `make backenddocs`)
-    * make sure this has the `autogenerated options` comments in (see your reference backend docs)
-    * update them with `make backenddocs` - revert any changes in other backends
-  * `docs/content/overview.md` - overview docs
-  * `docs/content/docs.md` - list of remotes in config section
-  * `docs/content/_index.md` - front page of rclone.org
-  * `docs/layouts/chrome/navbar.html` - add it to the website navigation
-  * `bin/make_manual.py` - add the page to the `docs` constant
+- `README.md` - main GitHub page
+- `docs/content/remote.md` - main docs page (note the backend options are automatically added to this file with `make backenddocs`)
+    - make sure this has the `autogenerated options` comments in (see your reference backend docs)
+    - update them in your backend with `bin/make_backend_docs.py remote`
+- `docs/content/overview.md` - overview docs
+- `docs/content/docs.md` - list of remotes in config section
+- `docs/content/_index.md` - front page of rclone.org
+- `docs/layouts/chrome/navbar.html` - add it to the website navigation
+- `bin/make_manual.py` - add the page to the `docs` constant
 
 Once you've written the docs, run `make serve` and check they look OK
 in the web browser and the links (internal and external) all work.
 
-## Writing a plugin ##
+## Adding a new s3 provider
+
+It is quite easy to add a new S3 provider to rclone.
+
+You'll need to modify the following files
+
+- `backend/s3/s3.go`
+    - Add the provider to `providerOption` at the top of the file
+    - Add endpoints and other config for your provider gated on the provider in `fs.RegInfo`.
+    - Exclude your provider from genric config questions (eg `region` and `endpoint).
+    - Add the provider to the `setQuirks` function - see the documentation there.
+- `docs/content/s3.md`
+    - Add the provider at the top of the page.
+    - Add a section about the provider linked from there.
+    - Add a transcript of a trial `rclone config` session
+        - Edit the transcript to remove things which might change in subsequent versions
+    - **Do not** alter or add to the autogenerated parts of `s3.md`
+    - **Do not** run `make backenddocs` or `bin/make_backend_docs.py s3`
+- `README.md` - this is the home page in github
+    - Add the provider and a link to the section you wrote in `docs/contents/s3.md`
+- `docs/content/_index.md` - this is the home page of rclone.org
+    - Add the provider and a link to the section you wrote in `docs/contents/s3.md`
+
+When adding the provider, endpoints, quirks, docs etc keep them in
+alphabetical order by `Provider` name, but with `AWS` first and
+`Other` last.
+
+Once you've written the docs, run `make serve` and check they look OK
+in the web browser and the links (internal and external) all work.
+
+Once you've written the code, test `rclone config` works to your
+satisfaction, and check the integration tests work `go test -v -remote
+NewS3Provider:`. You may need to adjust the quirks to get them to
+pass. Some providers just can't pass the tests with control characters
+in the names so if these fail and the provider doesn't support
+`urlEncodeListings` in the quirks then ignore them. Note that the
+`SetTier` test may also fail on non AWS providers.
+
+For an example of adding an s3 provider see [eb3082a1](https://github.com/rclone/rclone/commit/eb3082a1ebdb76d5625f14cedec3f5154a5e7b10).
+
+## Writing a plugin
 
 New features (backends, commands) can also be added "out-of-tree", through Go plugins.
 Changes will be kept in a dynamically loaded file instead of being compiled into the main binary.
 This is useful if you can't merge your changes upstream or don't want to maintain a fork of rclone.
 
-Usage
+### Usage
 
  - Naming
    - Plugins names must have the pattern `librcloneplugin_KIND_NAME.so`.
@@ -500,7 +560,7 @@ Usage
    - Plugins must be compiled against the exact version of rclone to work.
      (The rclone used during building the plugin must be the same as the source of rclone)
 
-Building
+### Building
 
 To turn your existing additions into a Go plugin, move them to an external repository
 and change the top-level package name to `main`.
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
index 8b24b3e3691bd..3ab1c22482203 100644
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -16,6 +16,11 @@ Current active maintainers of rclone are:
 | Max Sum          | @Max-Sum          | union backend                |
 | Fred             | @creativeprojects | seafile backend              |
 | Caleb Case       | @calebcase        | storj backend                |
+| wiserain         | @wiserain         | pikpak backend               |
+| albertony        | @albertony        |                              |
+| Chun-Hung Tseng  | @henrybear327     | Proton Drive Backend         |
+| Hideo Aoyama     | @boukendesho      | snap packaging               |
+| nielash          | @nielash          | bisync                       |
 
 **This is a work in progress Draft**
 
diff --git a/MANUAL.html b/MANUAL.html
index 39b3e2d3321de..d16296fa0acd4 100644
--- a/MANUAL.html
+++ b/MANUAL.html
@@ -13,13 +13,75 @@
     div.column{display: inline-block; vertical-align: top; width: 50%;}
     div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
     ul.task-list{list-style: none;}
+    pre > code.sourceCode { white-space: pre; position: relative; }
+    pre > code.sourceCode > span { display: inline-block; line-height: 1.25; }
+    pre > code.sourceCode > span:empty { height: 1.2em; }
+    code.sourceCode > span { color: inherit; text-decoration: inherit; }
+    div.sourceCode { margin: 1em 0; }
+    pre.sourceCode { margin: 0; }
+    @media screen {
+    div.sourceCode { overflow: auto; }
+    }
+    @media print {
+    pre > code.sourceCode { white-space: pre-wrap; }
+    pre > code.sourceCode > span { text-indent: -5em; padding-left: 5em; }
+    }
+    pre.numberSource code
+      { counter-reset: source-line 0; }
+    pre.numberSource code > span
+      { position: relative; left: -4em; counter-increment: source-line; }
+    pre.numberSource code > span > a:first-child::before
+      { content: counter(source-line);
+        position: relative; left: -1em; text-align: right; vertical-align: baseline;
+        border: none; display: inline-block;
+        -webkit-touch-callout: none; -webkit-user-select: none;
+        -khtml-user-select: none; -moz-user-select: none;
+        -ms-user-select: none; user-select: none;
+        padding: 0 4px; width: 4em;
+        color: #aaaaaa;
+      }
+    pre.numberSource { margin-left: 3em; border-left: 1px solid #aaaaaa;  padding-left: 4px; }
+    div.sourceCode
+      {   }
+    @media screen {
+    pre > code.sourceCode > span > a:first-child::before { text-decoration: underline; }
+    }
+    code span.al { color: #ff0000; font-weight: bold; } /* Alert */
+    code span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
+    code span.at { color: #7d9029; } /* Attribute */
+    code span.bn { color: #40a070; } /* BaseN */
+    code span.bu { } /* BuiltIn */
+    code span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
+    code span.ch { color: #4070a0; } /* Char */
+    code span.cn { color: #880000; } /* Constant */
+    code span.co { color: #60a0b0; font-style: italic; } /* Comment */
+    code span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
+    code span.do { color: #ba2121; font-style: italic; } /* Documentation */
+    code span.dt { color: #902000; } /* DataType */
+    code span.dv { color: #40a070; } /* DecVal */
+    code span.er { color: #ff0000; font-weight: bold; } /* Error */
+    code span.ex { } /* Extension */
+    code span.fl { color: #40a070; } /* Float */
+    code span.fu { color: #06287e; } /* Function */
+    code span.im { } /* Import */
+    code span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
+    code span.kw { color: #007020; font-weight: bold; } /* Keyword */
+    code span.op { color: #666666; } /* Operator */
+    code span.ot { color: #007020; } /* Other */
+    code span.pp { color: #bc7a00; } /* Preprocessor */
+    code span.sc { color: #4070a0; } /* SpecialChar */
+    code span.ss { color: #bb6688; } /* SpecialString */
+    code span.st { color: #4070a0; } /* String */
+    code span.va { color: #19177c; } /* Variable */
+    code span.vs { color: #4070a0; } /* VerbatimString */
+    code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
   </style>
 </head>
 <body>
 <header id="title-block-header">
 <h1 class="title">rclone(1) User Manual</h1>
 <p class="author">Nick Craig-Wood</p>
-<p class="date">Mar 14, 2023</p>
+<p class="date">Nov 26, 2023</p>
 </header>
 <h1 id="rclone-syncs-your-files-to-cloud-storage">Rclone syncs your files to cloud storage</h1>
 <p><img width="50%" src="https://rclone.org/img/logo_on_light__horizontal_color.svg" alt="rclone logo" style="float:right; padding: 5px;" ></p>
@@ -33,7 +95,7 @@ <h1 id="rclone-syncs-your-files-to-cloud-storage">Rclone syncs your files to clo
 <li><a href="https://rclone.org/donate/">Donate.</a></li>
 </ul>
 <h2 id="about">About rclone</h2>
-<p>Rclone is a command-line program to manage files on cloud storage. It is a feature-rich alternative to cloud vendors' web storage interfaces. <a href="#providers">Over 40 cloud storage products</a> support rclone including S3 object stores, business &amp; consumer file storage services, as well as standard transfer protocols.</p>
+<p>Rclone is a command-line program to manage files on cloud storage. It is a feature-rich alternative to cloud vendors' web storage interfaces. <a href="#providers">Over 70 cloud storage products</a> support rclone including S3 object stores, business &amp; consumer file storage services, as well as standard transfer protocols.</p>
 <p>Rclone has powerful cloud equivalents to the unix commands rsync, cp, mv, mount, ls, ncdu, tree, rm, and cat. Rclone's familiar syntax includes shell pipeline support, and <code>--dry-run</code> protection. It is used at the command line, in scripts or via its <a href="/rc">API</a>.</p>
 <p>Users call rclone <em>"The Swiss army knife of cloud storage"</em>, and <em>"Technology indistinguishable from magic"</em>.</p>
 <p>Rclone really looks after your data. It preserves timestamps and verifies checksums at all times. Transfers over limited bandwidth; intermittent connections, or subject to quota can be restarted, from the last good file transferred. You can <a href="https://rclone.org/commands/rclone_check/">check</a> the integrity of your files. Where possible, rclone employs server-side transfers to minimise local bandwidth use and transfers from one provider to another without using local disk.</p>
@@ -91,6 +153,7 @@ <h2 id="providers">Supported providers</h2>
 <li>Dreamhost</li>
 <li>Dropbox</li>
 <li>Enterprise File Fabric</li>
+<li>Fastmail Files</li>
 <li>FTP</li>
 <li>Google Cloud Storage</li>
 <li>Google Drive</li>
@@ -105,26 +168,35 @@ <h2 id="providers">Supported providers</h2>
 <li>IDrive e2</li>
 <li>IONOS Cloud</li>
 <li>Koofr</li>
+<li>Leviia Object Storage</li>
 <li>Liara Object Storage</li>
+<li>Linkbox</li>
+<li>Linode Object Storage</li>
 <li>Mail.ru Cloud</li>
 <li>Memset Memstore</li>
 <li>Mega</li>
 <li>Memory</li>
 <li>Microsoft Azure Blob Storage</li>
+<li>Microsoft Azure Files Storage</li>
 <li>Microsoft OneDrive</li>
 <li>Minio</li>
 <li>Nextcloud</li>
 <li>OVH</li>
+<li>Blomp Cloud Storage</li>
 <li>OpenDrive</li>
 <li>OpenStack Swift</li>
 <li>Oracle Cloud Storage Swift</li>
 <li>Oracle Object Storage</li>
 <li>ownCloud</li>
 <li>pCloud</li>
+<li>Petabox</li>
+<li>PikPak</li>
 <li>premiumize.me</li>
 <li>put.io</li>
+<li>Proton Drive</li>
 <li>QingStor</li>
 <li>Qiniu Cloud Object Storage (Kodo)</li>
+<li>Quatrix by Maytech</li>
 <li>Rackspace Cloud Files</li>
 <li>rsync.net</li>
 <li>Scaleway</li>
@@ -136,6 +208,7 @@ <h2 id="providers">Supported providers</h2>
 <li>SMB / CIFS</li>
 <li>StackPath</li>
 <li>Storj</li>
+<li>Synology</li>
 <li>SugarSync</li>
 <li>Tencent Cloud Object Storage (COS)</li>
 <li>Uptobox</li>
@@ -176,6 +249,7 @@ <h2 id="quickstart">Quickstart</h2>
 <p>See below for some expanded Linux / macOS / Windows instructions.</p>
 <p>See the <a href="https://rclone.org/docs/">usage</a> docs for how to use rclone, or run <code>rclone -h</code>.</p>
 <p>Already installed rclone can be easily updated to the latest version using the <a href="https://rclone.org/commands/rclone_selfupdate/">rclone selfupdate</a> command.</p>
+<p>See <a href="https://rclone.org/release_signing/">the release signing docs</a> for how to verify signatures on the release.</p>
 <h2 id="script-installation">Script installation</h2>
 <p>To install rclone on Linux/macOS/BSD systems, run:</p>
 <pre><code>sudo -v ; curl https://rclone.org/install.sh | sudo bash</code></pre>
@@ -204,6 +278,12 @@ <h3 id="macos-brew">Installation with brew</h3>
 <p>NOTE: This version of rclone will not support <code>mount</code> any more (see <a href="https://github.com/rclone/rclone/issues/5373">#5373</a>). If mounting is wanted on macOS, either install a precompiled binary or enable the relevant option when <a href="#install-from-source">installing from source</a>.</p>
 <p>Note that this is a third party installer not controlled by the rclone developers so it may be out of date. Its current version is as below.</p>
 <p><a href="https://repology.org/project/rclone/versions"><img src="https://repology.org/badge/version-for-repo/homebrew/rclone.svg" alt="Homebrew package" /></a></p>
+<h3 id="installation-with-macports-macos-macports">Installation with MacPorts (#macos-macports)</h3>
+<p>On macOS, rclone can also be installed via <a href="https://www.macports.org">MacPorts</a>:</p>
+<pre><code>sudo port install rclone</code></pre>
+<p>Note that this is a third party installer not controlled by the rclone developers so it may be out of date. Its current version is as below.</p>
+<p><a href="https://repology.org/project/rclone/versions"><img src="https://repology.org/badge/version-for-repo/macports/rclone.svg" alt="MacPorts port" /></a></p>
+<p>More information <a href="https://ports.macports.org/port/rclone/">here</a>.</p>
 <h3 id="macos-precompiled">Precompiled binary, using curl</h3>
 <p>To avoid problems with macOS gatekeeper enforcing the binary to be signed and notarized it is enough to download with <code>curl</code>.</p>
 <p>Download the latest version of rclone.</p>
@@ -241,7 +321,10 @@ <h3 id="windows-precompiled">Precompiled binary</h3>
 <p>If you are planning to use the <a href="https://rclone.org/commands/rclone_mount/">rclone mount</a> feature then you will need to install the third party utility <a href="https://winfsp.dev/">WinFsp</a> also.</p>
 <h3 id="windows-chocolatey">Windows package manager (Winget)</h3>
 <p><a href="https://learn.microsoft.com/en-us/windows/package-manager/">Winget</a> comes pre-installed with the latest versions of Windows. If not, update the <a href="https://www.microsoft.com/p/app-installer/9nblggh4nns1">App Installer</a> package from the Microsoft store.</p>
+<p>To install rclone</p>
 <pre><code>winget install Rclone.Rclone</code></pre>
+<p>To uninstall rclone</p>
+<pre><code>winget uninstall Rclone.Rclone --force</code></pre>
 <h3 id="windows-chocolatey">Chocolatey package manager</h3>
 <p>Make sure you have <a href="https://chocolatey.org/">Choco</a> installed</p>
 <pre><code>choco search rclone
@@ -289,10 +372,16 @@ <h2 id="docker">Docker installation</h2>
 <pre><code># config on host at ~/.config/rclone/rclone.conf
 # data on host at ~/data
 
+# add a remote interactively
+docker run --rm -it \
+    --volume ~/.config/rclone:/config/rclone \
+    --user $(id -u):$(id -g) \
+    rclone/rclone \
+    config
+
 # make sure the config is ok by listing the remotes
 docker run --rm \
     --volume ~/.config/rclone:/config/rclone \
-    --volume ~/data:/data:shared \
     --user $(id -u):$(id -g) \
     rclone/rclone \
     listremotes
@@ -309,8 +398,23 @@ <h2 id="docker">Docker installation</h2>
     mount dropbox:Photos /data/mount &amp;
 ls ~/data/mount
 kill %1</code></pre>
+<h2 id="snap">Snap installation</h2>
+<p><a href="https://snapcraft.io/rclone"><img src="https://snapcraft.io/static/images/badges/en/snap-store-black.svg" alt="Get it from the Snap Store" /></a></p>
+<p>Make sure you have <a href="https://snapcraft.io/docs/installing-snapd">Snapd installed</a></p>
+<div class="sourceCode" id="cb23"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb23-1"><a href="#cb23-1" aria-hidden="true"></a>$ <span class="fu">sudo</span> snap install rclone</span></code></pre></div>
+<p>Due to the strict confinement of Snap, rclone snap cannot access real /home/$USER/.config/rclone directory, default config path is as below.</p>
+<ul>
+<li>Default config directory:
+<ul>
+<li>/home/$USER/snap/rclone/current/.config/rclone</li>
+</ul></li>
+</ul>
+<p>Note: Due to the strict confinement of Snap, <code>rclone mount</code> feature is <code>not</code> supported.</p>
+<p>If mounting is wanted, either install a precompiled binary or enable the relevant option when <a href="#source">installing from source</a>.</p>
+<p>Note that this is controlled by <a href="https://github.com/boukendesho/rclone-snap">community maintainer</a> not the rclone developers so it may be out of date. Its current version is as below.</p>
+<p><a href="https://snapcraft.io/rclone"><img src="https://snapcraft.io/rclone/badge.svg" alt="rclone" /></a></p>
 <h2 id="source">Source installation</h2>
-<p>Make sure you have git and <a href="https://golang.org/">Go</a> installed. Go version 1.17 or newer is required, latest release is recommended. You can get it from your package manager, or download it from <a href="https://golang.org/dl/">golang.org/dl</a>. Then you can run the following:</p>
+<p>Make sure you have git and <a href="https://golang.org/">Go</a> installed. Go version 1.18 or newer is required, the latest release is recommended. You can get it from your package manager, or download it from <a href="https://golang.org/dl/">golang.org/dl</a>. Then you can run the following:</p>
 <pre><code>git clone https://github.com/rclone/rclone.git
 cd rclone
 go build</code></pre>
@@ -318,19 +422,22 @@ <h2 id="source">Source installation</h2>
 <p>Note that on macOS and Windows the <a href="https://rclone.org/commands/rclone_mount/">mount</a> command will not be available unless you specify an additional build tag <code>cmount</code>.</p>
 <pre><code>go build -tags cmount</code></pre>
 <p>This assumes you have a GCC compatible C compiler (GCC or Clang) in your PATH, as it uses <a href="https://pkg.go.dev/cmd/cgo">cgo</a>. But on Windows, the <a href="https://github.com/winfsp/cgofuse">cgofuse</a> library that the cmount implementation is based on, also supports building <a href="https://github.com/golang/go/wiki/WindowsDLLs">without cgo</a>, i.e. by setting environment variable CGO_ENABLED to value 0 (static linking). This is how the official Windows release of rclone is being built, starting with version 1.59. It is still possible to build with cgo on Windows as well, by using the MinGW port of GCC, e.g. by installing it in a <a href="https://www.msys2.org">MSYS2</a> distribution (make sure you install it in the classic mingw64 subsystem, the ucrt64 version is not compatible).</p>
-<p>Additionally, on Windows, you must install the third party utility <a href="https://winfsp.dev/">WinFsp</a>, with the "Developer" feature selected. If building with cgo, you must also set environment variable CPATH pointing to the fuse include directory within the WinFsp installation (normally <code>C:\Program Files (x86)\WinFsp\inc\fuse</code>).</p>
-<p>You may also add arguments <code>-ldflags -s</code> (with or without <code>-tags cmount</code>), to omit symbol table and debug information, making the executable file smaller, and <code>-trimpath</code> to remove references to local file system paths. This is how the official rclone releases are built.</p>
+<p>Additionally, to build with mount on Windows, you must install the third party utility <a href="https://winfsp.dev/">WinFsp</a>, with the "Developer" feature selected. If building with cgo, you must also set environment variable CPATH pointing to the fuse include directory within the WinFsp installation (normally <code>C:\Program Files (x86)\WinFsp\inc\fuse</code>).</p>
+<p>You may add arguments <code>-ldflags -s</code> to omit symbol table and debug information, making the executable file smaller, and <code>-trimpath</code> to remove references to local file system paths. The official rclone releases are built with both of these.</p>
 <pre><code>go build -trimpath -ldflags -s -tags cmount</code></pre>
-<p>Instead of executing the <code>go build</code> command directly, you can run it via the Makefile. It changes the version number suffix from "-DEV" to "-beta" and appends commit details. It also copies the resulting rclone executable into your GOPATH bin folder (<code>$(go env GOPATH)/bin</code>, which corresponds to <code>~/go/bin/rclone</code> by default).</p>
+<p>If you want to customize the version string, as reported by the <code>rclone version</code> command, you can set one of the variables <code>fs.Version</code>, <code>fs.VersionTag</code> (to keep default suffix but customize the number), or <code>fs.VersionSuffix</code> (to keep default number but customize the suffix). This can be done from the build command, by adding to the <code>-ldflags</code> argument value as shown below.</p>
+<pre><code>go build -trimpath -ldflags &quot;-s -X github.com/rclone/rclone/fs.Version=v9.9.9-test&quot; -tags cmount</code></pre>
+<p>On Windows, the official executables also have the version information, as well as a file icon, embedded as binary resources. To get that with your own build you need to run the following command <strong>before</strong> the build command. It generates a Windows resource system object file, with extension .syso, e.g. <code>resource_windows_amd64.syso</code>, that will be automatically picked up by future build commands.</p>
+<pre><code>go run bin/resource_windows.go</code></pre>
+<p>The above command will generate a resource file containing version information based on the fs.Version variable in source at the time you run the command, which means if the value of this variable changes you need to re-run the command for it to be reflected in the version information. Also, if you override this version variable in the build command as described above, you need to do that also when generating the resource file, or else it will still use the value from the source.</p>
+<pre><code>go run bin/resource_windows.go -version v9.9.9-test</code></pre>
+<p>Instead of executing the <code>go build</code> command directly, you can run it via the Makefile. The default target changes the version suffix from "-DEV" to "-beta" followed by additional commit details, embeds version information binary resources on Windows, and copies the resulting rclone executable into your GOPATH bin folder (<code>$(go env GOPATH)/bin</code>, which corresponds to <code>~/go/bin/rclone</code> by default).</p>
 <pre><code>make</code></pre>
 <p>To include mount command on macOS and Windows with Makefile build:</p>
 <pre><code>make GOTAGS=cmount</code></pre>
-<p>There are other make targets that can be used for more advanced builds, such as cross-compiling for all supported os/architectures, embedding icon and version info resources into windows executable, and packaging results into release artifacts. See <a href="https://github.com/rclone/rclone/blob/master/Makefile">Makefile</a> and <a href="https://github.com/rclone/rclone/blob/master/bin/cross-compile.go">cross-compile.go</a> for details.</p>
-<p>Another alternative is to download the source, build and install rclone in one operation, as a regular Go package. The source will be stored it in the Go module cache, and the resulting executable will be in your GOPATH bin folder (<code>$(go env GOPATH)/bin</code>, which corresponds to <code>~/go/bin/rclone</code> by default).</p>
-<p>With Go version 1.17 or newer:</p>
+<p>There are other make targets that can be used for more advanced builds, such as cross-compiling for all supported os/architectures, and packaging results into release artifacts. See <a href="https://github.com/rclone/rclone/blob/master/Makefile">Makefile</a> and <a href="https://github.com/rclone/rclone/blob/master/bin/cross-compile.go">cross-compile.go</a> for details.</p>
+<p>Another alternative method for source installation is to download the source, build and install rclone - all in one operation, as a regular Go package. The source will be stored it in the Go module cache, and the resulting executable will be in your GOPATH bin folder (<code>$(go env GOPATH)/bin</code>, which corresponds to <code>~/go/bin/rclone</code> by default).</p>
 <pre><code>go install github.com/rclone/rclone@latest</code></pre>
-<p>With Go versions older than 1.17 (do <strong>not</strong> use the <code>-u</code> flag, it causes Go to try to update the dependencies that rclone uses and sometimes these don't work with the current version):</p>
-<pre><code>go get github.com/rclone/rclone</code></pre>
 <h2 id="ansible">Ansible installation</h2>
 <p>This can be done with <a href="https://github.com/stefangweichinger/ansible-rclone">Stefan Weichinger's ansible role</a>.</p>
 <p>Instructions</p>
@@ -371,7 +478,7 @@ <h5 id="mount-command-built-in-service-integration">Mount command built-in servi
 <p>The <a href="https://github.com/billziss-gh/winfsp/wiki/WinFsp-Service-Architecture">WinFsp service infrastructure</a> supports incorporating services for file system implementations, such as rclone, into its own launcher service, as kind of "child services". This has the additional advantage that it also implements a network provider that integrates into Windows standard methods for managing network drives. This is currently not officially supported by Rclone, but with WinFsp version 2019.3 B2 / v1.5B2 or later it should be possible through path rewriting as described <a href="https://github.com/rclone/rclone/issues/3340">here</a>.</p>
 <h5 id="third-party-service-integration">Third-party service integration</h5>
 <p>To Windows service running any rclone command, the excellent third-party utility <a href="http://nssm.cc">NSSM</a>, the "Non-Sucking Service Manager", can be used. It includes some advanced features such as adjusting process priority, defining process environment variables, redirect to file anything written to stdout, and customized response to different exit codes, with a GUI to configure everything from (although it can also be used from command line ).</p>
-<p>There are also several other alternatives. To mention one more, <a href="https://github.com/winsw/winsw">WinSW</a>, "Windows Service Wrapper", is worth checking out. It requires .NET Framework, but it is preinstalled on newer versions of Windows, and it also provides alternative standalone distributions which includes necessary runtime (.NET 5). WinSW is a command-line only utility, where you have to manually create an XML file with service configuration. This may be a drawback for some, but it can also be an advantage as it is easy to back up and re-use the configuration settings, without having go through manual steps in a GUI. One thing to note is that by default it does not restart the service on error, one have to explicit enable this in the configuration file (via the "onfailure" parameter).</p>
+<p>There are also several other alternatives. To mention one more, <a href="https://github.com/winsw/winsw">WinSW</a>, "Windows Service Wrapper", is worth checking out. It requires .NET Framework, but it is preinstalled on newer versions of Windows, and it also provides alternative standalone distributions which includes necessary runtime (.NET 5). WinSW is a command-line only utility, where you have to manually create an XML file with service configuration. This may be a drawback for some, but it can also be an advantage as it is easy to back up and reuse the configuration settings, without having go through manual steps in a GUI. One thing to note is that by default it does not restart the service on error, one have to explicit enable this in the configuration file (via the "onfailure" parameter).</p>
 <h3 id="autostart-on-linux">Autostart on Linux</h3>
 <h4 id="start-as-a-service">Start as a service</h4>
 <p>To always run rclone in background, relevant for mount commands etc, you can use systemd to set up rclone as a system or user service. Running as a system service ensures that it is run at startup even if the user it is running as has no active session. Running rclone as a user service ensures that it only starts after the configured user has logged into the system.</p>
@@ -412,18 +519,23 @@ <h2 id="configure">Configure</h2>
 <li><a href="https://rclone.org/internetarchive/">Internet Archive</a></li>
 <li><a href="https://rclone.org/jottacloud/">Jottacloud</a></li>
 <li><a href="https://rclone.org/koofr/">Koofr</a></li>
+<li><a href="https://rclone.org/linkbox/">Linkbox</a></li>
 <li><a href="https://rclone.org/mailru/">Mail.ru Cloud</a></li>
 <li><a href="https://rclone.org/mega/">Mega</a></li>
 <li><a href="https://rclone.org/memory/">Memory</a></li>
 <li><a href="https://rclone.org/azureblob/">Microsoft Azure Blob Storage</a></li>
+<li><a href="https://rclone.org/azurefiles/">Microsoft Azure Files Storage</a></li>
 <li><a href="https://rclone.org/onedrive/">Microsoft OneDrive</a></li>
-<li><a href="https://rclone.org/swift/">OpenStack Swift / Rackspace Cloudfiles / Memset Memstore</a></li>
+<li><a href="https://rclone.org/swift/">OpenStack Swift / Rackspace Cloudfiles / Blomp Cloud Storage / Memset Memstore</a></li>
 <li><a href="https://rclone.org/opendrive/">OpenDrive</a></li>
 <li><a href="https://rclone.org/oracleobjectstorage/">Oracle Object Storage</a></li>
 <li><a href="https://rclone.org/pcloud/">Pcloud</a></li>
+<li><a href="https://rclone.org/pikpak/">PikPak</a></li>
 <li><a href="https://rclone.org/premiumizeme/">premiumize.me</a></li>
 <li><a href="https://rclone.org/putio/">put.io</a></li>
+<li><a href="https://rclone.org/protondrive/">Proton Drive</a></li>
 <li><a href="https://rclone.org/qingstor/">QingStor</a></li>
+<li><a href="https://rclone.org/quatrix/">Quatrix by Maytech</a></li>
 <li><a href="https://rclone.org/seafile/">Seafile</a></li>
 <li><a href="https://rclone.org/sftp/">SFTP</a></li>
 <li><a href="https://rclone.org/sia/">Sia</a></li>
@@ -457,18 +569,20 @@ <h2 id="synopsis">Synopsis</h2>
 <h2 id="options">Options</h2>
 <pre><code>  -h, --help   help for config</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also">SEE ALSO</h2>
+<h1 id="see-also">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 <li><a href="https://rclone.org/commands/rclone_config_create/">rclone config create</a> - Create a new remote with name, type and options.</li>
 <li><a href="https://rclone.org/commands/rclone_config_delete/">rclone config delete</a> - Delete an existing remote.</li>
 <li><a href="https://rclone.org/commands/rclone_config_disconnect/">rclone config disconnect</a> - Disconnects user from remote</li>
 <li><a href="https://rclone.org/commands/rclone_config_dump/">rclone config dump</a> - Dump the config file as JSON.</li>
+<li><a href="https://rclone.org/commands/rclone_config_edit/">rclone config edit</a> - Enter an interactive configuration session.</li>
 <li><a href="https://rclone.org/commands/rclone_config_file/">rclone config file</a> - Show path of configuration file in use.</li>
 <li><a href="https://rclone.org/commands/rclone_config_password/">rclone config password</a> - Update password in an existing remote.</li>
 <li><a href="https://rclone.org/commands/rclone_config_paths/">rclone config paths</a> - Show paths used for configuration, cache, temp etc.</li>
 <li><a href="https://rclone.org/commands/rclone_config_providers/">rclone config providers</a> - List in JSON format all the providers and options.</li>
 <li><a href="https://rclone.org/commands/rclone_config_reconnect/">rclone config reconnect</a> - Re-authenticates user with remote.</li>
+<li><a href="https://rclone.org/commands/rclone_config_redacted/">rclone config redacted</a> - Print redacted (decrypted) config file, or the redacted config for a single remote.</li>
 <li><a href="https://rclone.org/commands/rclone_config_show/">rclone config show</a> - Print (decrypted) config file, or the config for a single remote.</li>
 <li><a href="https://rclone.org/commands/rclone_config_touch/">rclone config touch</a> - Ensure configuration file exists.</li>
 <li><a href="https://rclone.org/commands/rclone_config_update/">rclone config update</a> - Update options in an existing remote.</li>
@@ -502,8 +616,74 @@ <h2 id="synopsis-1">Synopsis</h2>
 <h2 id="options-1">Options</h2>
 <pre><code>      --create-empty-src-dirs   Create empty source dirs on destination after copy
   -h, --help                    help for copy</code></pre>
+<h2 id="copy-options">Copy Options</h2>
+<p>Flags for anything which can Copy a file.</p>
+<pre><code>      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size &amp; checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don&#39;t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don&#39;t check the destination, copy regardless
+      --no-traverse                                 Don&#39;t traverse destination file system on copy
+      --no-update-modtime                           Don&#39;t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default &quot;.partial&quot;)
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination</code></pre>
+<h2 id="important-options">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-1">SEE ALSO</h2>
+<h1 id="see-also-1">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -523,8 +703,87 @@ <h2 id="synopsis-2">Synopsis</h2>
 <h2 id="options-2">Options</h2>
 <pre><code>      --create-empty-src-dirs   Create empty source dirs on destination after sync
   -h, --help                    help for sync</code></pre>
+<h2 id="copy-options-1">Copy Options</h2>
+<p>Flags for anything which can Copy a file.</p>
+<pre><code>      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size &amp; checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don&#39;t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don&#39;t check the destination, copy regardless
+      --no-traverse                                 Don&#39;t traverse destination file system on copy
+      --no-update-modtime                           Don&#39;t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default &quot;.partial&quot;)
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination</code></pre>
+<h2 id="sync-options">Sync Options</h2>
+<p>Flags just used for <code>rclone sync</code>.</p>
+<pre><code>      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default &quot;hash&quot;)</code></pre>
+<h2 id="important-options-1">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options-1">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-1">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-2">SEE ALSO</h2>
+<h1 id="see-also-2">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -544,8 +803,74 @@ <h2 id="options-3">Options</h2>
 <pre><code>      --create-empty-src-dirs   Create empty source dirs on destination after move
       --delete-empty-src-dirs   Delete empty source dirs after move
   -h, --help                    help for move</code></pre>
+<h2 id="copy-options-2">Copy Options</h2>
+<p>Flags for anything which can Copy a file.</p>
+<pre><code>      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size &amp; checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don&#39;t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don&#39;t check the destination, copy regardless
+      --no-traverse                                 Don&#39;t traverse destination file system on copy
+      --no-update-modtime                           Don&#39;t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default &quot;.partial&quot;)
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination</code></pre>
+<h2 id="important-options-2">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options-2">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-2">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-3">SEE ALSO</h2>
+<h1 id="see-also-3">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -566,8 +891,41 @@ <h2 id="synopsis-4">Synopsis</h2>
 <h2 id="options-4">Options</h2>
 <pre><code>  -h, --help     help for delete
       --rmdirs   rmdirs removes empty directories but leaves root intact</code></pre>
+<h2 id="important-options-3">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options-3">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-3">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-4">SEE ALSO</h2>
+<h1 id="see-also-4">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -579,8 +937,13 @@ <h2 id="synopsis-5">Synopsis</h2>
 <pre><code>rclone purge remote:path [flags]</code></pre>
 <h2 id="options-5">Options</h2>
 <pre><code>  -h, --help   help for purge</code></pre>
+<h2 id="important-options-4">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-5">SEE ALSO</h2>
+<h1 id="see-also-5">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -589,8 +952,13 @@ <h1 id="rclone-mkdir">rclone mkdir</h1>
 <pre><code>rclone mkdir remote:path [flags]</code></pre>
 <h2 id="options-6">Options</h2>
 <pre><code>  -h, --help   help for mkdir</code></pre>
+<h2 id="important-options-5">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-6">SEE ALSO</h2>
+<h1 id="see-also-6">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -602,8 +970,13 @@ <h2 id="synopsis-6">Synopsis</h2>
 <pre><code>rclone rmdir remote:path [flags]</code></pre>
 <h2 id="options-7">Options</h2>
 <pre><code>  -h, --help   help for rmdir</code></pre>
+<h2 id="important-options-6">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-7">SEE ALSO</h2>
+<h1 id="see-also-7">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -611,7 +984,7 @@ <h1 id="rclone-check">rclone check</h1>
 <p>Checks the files in the source and destination match.</p>
 <h2 id="synopsis-7">Synopsis</h2>
 <p>Checks the files in the source and destination match. It compares sizes and hashes (MD5 or SHA1) and logs a report of files that don't match. It doesn't alter the source or destination.</p>
-<p>For the <a href="https://rclone.org/crypt/">crypt</a> remote there is a dedicated command, <a href="https://rclone.org/commands/rclone_cryptcheck/">cryptcheck</a>, that are able to check the checksums of the crypted files.</p>
+<p>For the <a href="https://rclone.org/crypt/">crypt</a> remote there is a dedicated command, <a href="https://rclone.org/commands/rclone_cryptcheck/">cryptcheck</a>, that are able to check the checksums of the encrypted files.</p>
 <p>If you supply the <code>--size-only</code> flag, it will only compare the sizes not the hashes as well. Use this for a quick check.</p>
 <p>If you supply the <code>--download</code> flag, it will download the data from both remotes and check them against each other on the fly. This can be useful for remotes that don't support hashes or if you really want to check all the data.</p>
 <p>If you supply the <code>--checkfile HASH</code> flag with a valid hash name, the <code>source:path</code> must point to a text file in the SUM format.</p>
@@ -625,6 +998,7 @@ <h2 id="synopsis-7">Synopsis</h2>
 <li>`* path` means path was present in source and destination but different.</li>
 <li><code>! path</code> means there was an error reading or hashing the source or dest.</li>
 </ul>
+<p>The default number of parallel checks is 8. See the <a href="https://rclone.org/docs/#checkers-n">--checkers=N</a> option for more information.</p>
 <pre><code>rclone check source:path dest:path [flags]</code></pre>
 <h2 id="options-8">Options</h2>
 <pre><code>  -C, --checkfile string        Treat source:path as a SUM file with hashes of given type
@@ -637,8 +1011,39 @@ <h2 id="options-8">Options</h2>
       --missing-on-dst string   Report all files missing from the destination to this file
       --missing-on-src string   Report all files missing from the source to this file
       --one-way                 Check one way only, source files must exist on remote</code></pre>
+<h2 id="check-options">Check Options</h2>
+<p>Flags used for <code>rclone check</code>.</p>
+<pre><code>      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)</code></pre>
+<h2 id="filter-options-4">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-4">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-8">SEE ALSO</h2>
+<h1 id="see-also-8">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -668,8 +1073,36 @@ <h2 id="synopsis-8">Synopsis</h2>
 <pre><code>rclone ls remote:path [flags]</code></pre>
 <h2 id="options-9">Options</h2>
 <pre><code>  -h, --help   help for ls</code></pre>
+<h2 id="filter-options-5">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-5">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-9">SEE ALSO</h2>
+<h1 id="see-also-9">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -704,8 +1137,36 @@ <h2 id="synopsis-9">Synopsis</h2>
 <h2 id="options-10">Options</h2>
 <pre><code>  -h, --help        help for lsd
   -R, --recursive   Recurse into the listing</code></pre>
+<h2 id="filter-options-6">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-6">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-10">SEE ALSO</h2>
+<h1 id="see-also-10">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -735,8 +1196,36 @@ <h2 id="synopsis-10">Synopsis</h2>
 <pre><code>rclone lsl remote:path [flags]</code></pre>
 <h2 id="options-11">Options</h2>
 <pre><code>  -h, --help   help for lsl</code></pre>
+<h2 id="filter-options-7">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-7">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-11">SEE ALSO</h2>
+<h1 id="see-also-11">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -754,8 +1243,36 @@ <h2 id="options-12">Options</h2>
       --download             Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote
   -h, --help                 help for md5sum
       --output-file string   Output hashsums to a file rather than the terminal</code></pre>
+<h2 id="filter-options-8">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-8">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-12">SEE ALSO</h2>
+<h1 id="see-also-12">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -774,8 +1291,36 @@ <h2 id="options-13">Options</h2>
       --download             Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote
   -h, --help                 help for sha1sum
       --output-file string   Output hashsums to a file rather than the terminal</code></pre>
+<h2 id="filter-options-9">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-9">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-13">SEE ALSO</h2>
+<h1 id="see-also-13">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -785,13 +1330,41 @@ <h2 id="synopsis-13">Synopsis</h2>
 <p>Counts objects in the path and calculates the total size. Prints the result to standard output.</p>
 <p>By default the output is in human-readable format, but shows values in both human-readable format as well as the raw numbers (global option <code>--human-readable</code> is not considered). Use option <code>--json</code> to format output as JSON instead.</p>
 <p>Recurses by default, use <code>--max-depth 1</code> to stop the recursion.</p>
-<p>Some backends do not always provide file sizes, see for example <a href="https://rclone.org/googlephotos/#size">Google Photos</a> and <a href="https://rclone.org/drive/#limitations-of-google-docs">Google Drive</a>. Rclone will then show a notice in the log indicating how many such files were encountered, and count them in as empty files in the output of the size command.</p>
+<p>Some backends do not always provide file sizes, see for example <a href="https://rclone.org/googlephotos/#size">Google Photos</a> and <a href="https://rclone.org/drive/#limitations-of-google-docs">Google Docs</a>. Rclone will then show a notice in the log indicating how many such files were encountered, and count them in as empty files in the output of the size command.</p>
 <pre><code>rclone size remote:path [flags]</code></pre>
 <h2 id="options-14">Options</h2>
 <pre><code>  -h, --help   help for size
       --json   Format output as JSON</code></pre>
+<h2 id="filter-options-10">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-10">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-14">SEE ALSO</h2>
+<h1 id="see-also-14">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -827,7 +1400,7 @@ <h2 id="options-15">Options</h2>
 <pre><code>      --check   Check for new version
   -h, --help    help for version</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-15">SEE ALSO</h2>
+<h1 id="see-also-15">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -838,8 +1411,13 @@ <h2 id="synopsis-15">Synopsis</h2>
 <pre><code>rclone cleanup remote:path [flags]</code></pre>
 <h2 id="options-16">Options</h2>
 <pre><code>  -h, --help   help for cleanup</code></pre>
+<h2 id="important-options-7">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-16">SEE ALSO</h2>
+<h1 id="see-also-16">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -917,8 +1495,13 @@ <h2 id="options-17">Options</h2>
 <pre><code>      --by-hash              Find identical hashes rather than names
       --dedupe-mode string   Dedupe mode interactive|skip|first|newest|oldest|largest|smallest|rename (default &quot;interactive&quot;)
   -h, --help                 help for dedupe</code></pre>
+<h2 id="important-options-8">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-17">SEE ALSO</h2>
+<h1 id="see-also-17">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -964,7 +1547,7 @@ <h2 id="options-18">Options</h2>
   -h, --help   help for about
       --json   Format output as JSON</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-18">SEE ALSO</h2>
+<h1 id="see-also-18">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -980,7 +1563,7 @@ <h2 id="options-19">Options</h2>
   -h, --help                   help for authorize
       --template string        The path to a custom Go template for generating HTML responses</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-19">SEE ALSO</h2>
+<h1 id="see-also-19">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -1003,8 +1586,13 @@ <h2 id="options-20">Options</h2>
 <pre><code>  -h, --help                 help for backend
       --json                 Always output in JSON format
   -o, --option stringArray   Option in the form name=value or name</code></pre>
+<h2 id="important-options-9">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-20">SEE ALSO</h2>
+<h1 id="see-also-20">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -1016,19 +1604,84 @@ <h2 id="synopsis-20">Synopsis</h2>
 <p>See <a href="https://rclone.org/bisync/">full bisync description</a> for details.</p>
 <pre><code>rclone bisync remote1:path1 remote2:path2 [flags]</code></pre>
 <h2 id="options-21">Options</h2>
-<pre><code>      --check-access            Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
-      --check-filename string   Filename for --check-access (default: RCLONE_TEST)
-      --check-sync string       Controls comparison of final listings: true|false|only (default: true) (default &quot;true&quot;)
-      --filters-file string     Read filtering patterns from a file
-      --force                   Bypass --max-delete safety check and run the sync. Consider using with --verbose
-  -h, --help                    help for bisync
-      --localtime               Use local time in listings (default: UTC)
-      --no-cleanup              Retain working files (useful for troubleshooting and testing).
-      --remove-empty-dirs       Remove empty directories at the final cleanup step.
-  -1, --resync                  Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
-      --workdir string          Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)</code></pre>
+<pre><code>      --check-access              Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
+      --check-filename string     Filename for --check-access (default: RCLONE_TEST)
+      --check-sync string         Controls comparison of final listings: true|false|only (default: true) (default &quot;true&quot;)
+      --create-empty-src-dirs     Sync creation and deletion of empty directories. (Not compatible with --remove-empty-dirs)
+      --filters-file string       Read filtering patterns from a file
+      --force                     Bypass --max-delete safety check and run the sync. Consider using with --verbose
+  -h, --help                      help for bisync
+      --ignore-listing-checksum   Do not use checksums for listings (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --localtime                 Use local time in listings (default: UTC)
+      --no-cleanup                Retain working files (useful for troubleshooting and testing).
+      --remove-empty-dirs         Remove ALL empty directories at the final cleanup step.
+      --resilient                 Allow future runs to retry after certain less-serious errors, instead of requiring --resync. Use at your own risk!
+  -1, --resync                    Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
+      --workdir string            Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)</code></pre>
+<h2 id="copy-options-3">Copy Options</h2>
+<p>Flags for anything which can Copy a file.</p>
+<pre><code>      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size &amp; checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don&#39;t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don&#39;t check the destination, copy regardless
+      --no-traverse                                 Don&#39;t traverse destination file system on copy
+      --no-update-modtime                           Don&#39;t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default &quot;.partial&quot;)
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination</code></pre>
+<h2 id="important-options-10">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options-11">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-21">SEE ALSO</h2>
+<h1 id="see-also-21">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -1043,24 +1696,61 @@ <h2 id="synopsis-21">Synopsis</h2>
 <p>Or like this to output any .txt files in dir or its subdirectories.</p>
 <pre><code>rclone --include &quot;*.txt&quot; cat remote:path/to/dir</code></pre>
 <p>Use the <code>--head</code> flag to print characters only at the start, <code>--tail</code> for the end and <code>--offset</code> and <code>--count</code> to print a section in the middle. Note that if offset is negative it will count from the end, so <code>--offset -1 --count 1</code> is equivalent to <code>--tail 1</code>.</p>
+<p>Use the <code>--separator</code> flag to print a separator value between files. Be sure to shell-escape special characters. For example, to print a newline between files, use:</p>
+<ul>
+<li><p>bash:</p>
+<pre><code>rclone --include &quot;*.txt&quot; --separator $&#39;\n&#39; cat remote:path/to/dir</code></pre></li>
+<li><p>powershell:</p>
+<pre><code>rclone --include &quot;*.txt&quot; --separator &quot;`n&quot; cat remote:path/to/dir</code></pre></li>
+</ul>
 <pre><code>rclone cat remote:path [flags]</code></pre>
 <h2 id="options-22">Options</h2>
-<pre><code>      --count int    Only print N characters (default -1)
-      --discard      Discard the output instead of printing
-      --head int     Only print the first N characters
-  -h, --help         help for cat
-      --offset int   Start printing at offset N (or from end if -ve)
-      --tail int     Only print the last N characters</code></pre>
+<pre><code>      --count int          Only print N characters (default -1)
+      --discard            Discard the output instead of printing
+      --head int           Only print the first N characters
+  -h, --help               help for cat
+      --offset int         Start printing at offset N (or from end if -ve)
+      --separator string   Separator to use between objects when printing multiple files
+      --tail int           Only print the last N characters</code></pre>
+<h2 id="filter-options-12">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-11">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-22">SEE ALSO</h2>
+<h1 id="see-also-22">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-checksum">rclone checksum</h1>
-<p>Checks the files in the source against a SUM file.</p>
+<p>Checks the files in the destination against a SUM file.</p>
 <h2 id="synopsis-22">Synopsis</h2>
-<p>Checks that hashsums of source files match the SUM file. It compares hashes (MD5, SHA1, etc) and logs a report of files which don't match. It doesn't alter the file system.</p>
-<p>If you supply the <code>--download</code> flag, it will download the data from remote and calculate the contents hash on the fly. This can be useful for remotes that don't support hashes or if you really want to check all the data.</p>
+<p>Checks that hashsums of destination files match the SUM file. It compares hashes (MD5, SHA1, etc) and logs a report of files which don't match. It doesn't alter the file system.</p>
+<p>The sumfile is treated as the source and the dst:path is treated as the destination for the purposes of the output.</p>
+<p>If you supply the <code>--download</code> flag, it will download the data from the remote and calculate the content hash on the fly. This can be useful for remotes that don't support hashes or if you really want to check all the data.</p>
 <p>Note that hash values in the SUM file are treated as case insensitive.</p>
 <p>If you supply the <code>--one-way</code> flag, it will only check that files in the source match the files in the destination, not the other way around. This means that extra files in the destination that are not in the source will not be detected.</p>
 <p>The <code>--differ</code>, <code>--missing-on-dst</code>, <code>--missing-on-src</code>, <code>--match</code> and <code>--error</code> flags write paths, one per line, to the file name (or stdout if it is <code>-</code>) supplied. What they write is described in the help below. For example <code>--differ</code> will write all paths which are present on both the source and destination but different.</p>
@@ -1072,7 +1762,8 @@ <h2 id="synopsis-22">Synopsis</h2>
 <li>`* path` means path was present in source and destination but different.</li>
 <li><code>! path</code> means there was an error reading or hashing the source or dest.</li>
 </ul>
-<pre><code>rclone checksum &lt;hash&gt; sumfile src:path [flags]</code></pre>
+<p>The default number of parallel checks is 8. See the <a href="https://rclone.org/docs/#checkers-n">--checkers=N</a> option for more information.</p>
+<pre><code>rclone checksum &lt;hash&gt; sumfile dst:path [flags]</code></pre>
 <h2 id="options-23">Options</h2>
 <pre><code>      --combined string         Make a combined report of changes to this file
       --differ string           Report all non-matching files to this file
@@ -1083,104 +1774,123 @@ <h2 id="options-23">Options</h2>
       --missing-on-dst string   Report all files missing from the destination to this file
       --missing-on-src string   Report all files missing from the source to this file
       --one-way                 Check one way only, source files must exist on remote</code></pre>
+<h2 id="filter-options-13">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-12">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-23">SEE ALSO</h2>
+<h1 id="see-also-23">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-completion">rclone completion</h1>
-<p>Generate the autocompletion script for the specified shell</p>
+<p>Output completion script for a given shell.</p>
 <h2 id="synopsis-23">Synopsis</h2>
-<p>Generate the autocompletion script for rclone for the specified shell. See each sub-command's help for details on how to use the generated script.</p>
+<p>Generates a shell completion script for rclone. Run with <code>--help</code> to list the supported shells.</p>
 <h2 id="options-24">Options</h2>
 <pre><code>  -h, --help   help for completion</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-24">SEE ALSO</h2>
+<h1 id="see-also-24">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
-<li><a href="https://rclone.org/commands/rclone_completion_bash/">rclone completion bash</a> - Generate the autocompletion script for bash</li>
-<li><a href="https://rclone.org/commands/rclone_completion_fish/">rclone completion fish</a> - Generate the autocompletion script for fish</li>
-<li><a href="https://rclone.org/commands/rclone_completion_powershell/">rclone completion powershell</a> - Generate the autocompletion script for powershell</li>
-<li><a href="https://rclone.org/commands/rclone_completion_zsh/">rclone completion zsh</a> - Generate the autocompletion script for zsh</li>
+<li><a href="https://rclone.org/commands/rclone_completion_bash/">rclone completion bash</a> - Output bash completion script for rclone.</li>
+<li><a href="https://rclone.org/commands/rclone_completion_fish/">rclone completion fish</a> - Output fish completion script for rclone.</li>
+<li><a href="https://rclone.org/commands/rclone_completion_powershell/">rclone completion powershell</a> - Output powershell completion script for rclone.</li>
+<li><a href="https://rclone.org/commands/rclone_completion_zsh/">rclone completion zsh</a> - Output zsh completion script for rclone.</li>
 </ul>
 <h1 id="rclone-completion-bash">rclone completion bash</h1>
-<p>Generate the autocompletion script for bash</p>
+<p>Output bash completion script for rclone.</p>
 <h2 id="synopsis-24">Synopsis</h2>
-<p>Generate the autocompletion script for the bash shell.</p>
-<p>This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager.</p>
-<p>To load completions in your current shell session:</p>
-<pre><code>source &lt;(rclone completion bash)</code></pre>
-<p>To load completions for every new session, execute once:</p>
-<h3 id="linux-1">Linux:</h3>
-<pre><code>rclone completion bash &gt; /etc/bash_completion.d/rclone</code></pre>
-<h3 id="macos-1">macOS:</h3>
-<pre><code>rclone completion bash &gt; $(brew --prefix)/etc/bash_completion.d/rclone</code></pre>
-<p>You will need to start a new shell for this setup to take effect.</p>
-<pre><code>rclone completion bash</code></pre>
+<p>Generates a bash shell autocompletion script for rclone.</p>
+<p>This writes to /etc/bash_completion.d/rclone by default so will probably need to be run with sudo or as root, e.g.</p>
+<pre><code>sudo rclone genautocomplete bash</code></pre>
+<p>Logout and login again to use the autocompletion scripts, or source them directly</p>
+<pre><code>. /etc/bash_completion</code></pre>
+<p>If you supply a command line argument the script will be written there.</p>
+<p>If output_file is "-", then the output will be written to stdout.</p>
+<pre><code>rclone completion bash [output_file] [flags]</code></pre>
 <h2 id="options-25">Options</h2>
-<pre><code>  -h, --help              help for bash
-      --no-descriptions   disable completion descriptions</code></pre>
+<pre><code>  -h, --help   help for bash</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-25">SEE ALSO</h2>
+<h1 id="see-also-25">SEE ALSO</h1>
 <ul>
-<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Generate the autocompletion script for the specified shell</li>
+<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Output completion script for a given shell.</li>
 </ul>
 <h1 id="rclone-completion-fish">rclone completion fish</h1>
-<p>Generate the autocompletion script for fish</p>
+<p>Output fish completion script for rclone.</p>
 <h2 id="synopsis-25">Synopsis</h2>
-<p>Generate the autocompletion script for the fish shell.</p>
-<p>To load completions in your current shell session:</p>
-<pre><code>rclone completion fish | source</code></pre>
-<p>To load completions for every new session, execute once:</p>
-<pre><code>rclone completion fish &gt; ~/.config/fish/completions/rclone.fish</code></pre>
-<p>You will need to start a new shell for this setup to take effect.</p>
-<pre><code>rclone completion fish [flags]</code></pre>
+<p>Generates a fish autocompletion script for rclone.</p>
+<p>This writes to /etc/fish/completions/rclone.fish by default so will probably need to be run with sudo or as root, e.g.</p>
+<pre><code>sudo rclone genautocomplete fish</code></pre>
+<p>Logout and login again to use the autocompletion scripts, or source them directly</p>
+<pre><code>. /etc/fish/completions/rclone.fish</code></pre>
+<p>If you supply a command line argument the script will be written there.</p>
+<p>If output_file is "-", then the output will be written to stdout.</p>
+<pre><code>rclone completion fish [output_file] [flags]</code></pre>
 <h2 id="options-26">Options</h2>
-<pre><code>  -h, --help              help for fish
-      --no-descriptions   disable completion descriptions</code></pre>
+<pre><code>  -h, --help   help for fish</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-26">SEE ALSO</h2>
+<h1 id="see-also-26">SEE ALSO</h1>
 <ul>
-<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Generate the autocompletion script for the specified shell</li>
+<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Output completion script for a given shell.</li>
 </ul>
 <h1 id="rclone-completion-powershell">rclone completion powershell</h1>
-<p>Generate the autocompletion script for powershell</p>
+<p>Output powershell completion script for rclone.</p>
 <h2 id="synopsis-26">Synopsis</h2>
 <p>Generate the autocompletion script for powershell.</p>
 <p>To load completions in your current shell session:</p>
 <pre><code>rclone completion powershell | Out-String | Invoke-Expression</code></pre>
 <p>To load completions for every new session, add the output of the above command to your powershell profile.</p>
-<pre><code>rclone completion powershell [flags]</code></pre>
+<p>If output_file is "-" or missing, then the output will be written to stdout.</p>
+<pre><code>rclone completion powershell [output_file] [flags]</code></pre>
 <h2 id="options-27">Options</h2>
-<pre><code>  -h, --help              help for powershell
-      --no-descriptions   disable completion descriptions</code></pre>
+<pre><code>  -h, --help   help for powershell</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-27">SEE ALSO</h2>
+<h1 id="see-also-27">SEE ALSO</h1>
 <ul>
-<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Generate the autocompletion script for the specified shell</li>
+<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Output completion script for a given shell.</li>
 </ul>
 <h1 id="rclone-completion-zsh">rclone completion zsh</h1>
-<p>Generate the autocompletion script for zsh</p>
+<p>Output zsh completion script for rclone.</p>
 <h2 id="synopsis-27">Synopsis</h2>
-<p>Generate the autocompletion script for the zsh shell.</p>
-<p>If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:</p>
-<pre><code>echo &quot;autoload -U compinit; compinit&quot; &gt;&gt; ~/.zshrc</code></pre>
-<p>To load completions in your current shell session:</p>
-<pre><code>source &lt;(rclone completion zsh); compdef _rclone rclone</code></pre>
-<p>To load completions for every new session, execute once:</p>
-<h3 id="linux-2">Linux:</h3>
-<pre><code>rclone completion zsh &gt; &quot;${fpath[1]}/_rclone&quot;</code></pre>
-<h3 id="macos-2">macOS:</h3>
-<pre><code>rclone completion zsh &gt; $(brew --prefix)/share/zsh/site-functions/_rclone</code></pre>
-<p>You will need to start a new shell for this setup to take effect.</p>
-<pre><code>rclone completion zsh [flags]</code></pre>
+<p>Generates a zsh autocompletion script for rclone.</p>
+<p>This writes to /usr/share/zsh/vendor-completions/_rclone by default so will probably need to be run with sudo or as root, e.g.</p>
+<pre><code>sudo rclone genautocomplete zsh</code></pre>
+<p>Logout and login again to use the autocompletion scripts, or source them directly</p>
+<pre><code>autoload -U compinit &amp;&amp; compinit</code></pre>
+<p>If you supply a command line argument the script will be written there.</p>
+<p>If output_file is "-", then the output will be written to stdout.</p>
+<pre><code>rclone completion zsh [output_file] [flags]</code></pre>
 <h2 id="options-28">Options</h2>
-<pre><code>  -h, --help              help for zsh
-      --no-descriptions   disable completion descriptions</code></pre>
+<pre><code>  -h, --help   help for zsh</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-28">SEE ALSO</h2>
+<h1 id="see-also-28">SEE ALSO</h1>
 <ul>
-<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Generate the autocompletion script for the specified shell</li>
+<li><a href="https://rclone.org/commands/rclone_completion/">rclone completion</a> - Output completion script for a given shell.</li>
 </ul>
 <h1 id="rclone-config-create">rclone config create</h1>
 <p>Create a new remote with name, type and options.</p>
@@ -1249,7 +1959,7 @@ <h2 id="options-29">Options</h2>
       --result string     Result - use with --continue
       --state string      State - use with --continue</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-29">SEE ALSO</h2>
+<h1 id="see-also-29">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
@@ -1259,7 +1969,7 @@ <h1 id="rclone-config-delete">rclone config delete</h1>
 <h2 id="options-30">Options</h2>
 <pre><code>  -h, --help   help for delete</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-30">SEE ALSO</h2>
+<h1 id="see-also-30">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
@@ -1273,7 +1983,7 @@ <h2 id="synopsis-29">Synopsis</h2>
 <h2 id="options-31">Options</h2>
 <pre><code>  -h, --help   help for disconnect</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-31">SEE ALSO</h2>
+<h1 id="see-also-31">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
@@ -1283,16 +1993,16 @@ <h1 id="rclone-config-dump">rclone config dump</h1>
 <h2 id="options-32">Options</h2>
 <pre><code>  -h, --help   help for dump</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-32">SEE ALSO</h2>
+<h1 id="see-also-32">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
 <h1 id="rclone-config-edit">rclone config edit</h1>
 <p>Enter an interactive configuration session.</p>
-<h1 id="synopsis-30">Synopsis</h1>
+<h2 id="synopsis-30">Synopsis</h2>
 <p>Enter an interactive configuration session where you can setup new remotes and manage existing ones. You may also set or remove a password to protect your configuration.</p>
 <pre><code>rclone config edit [flags]</code></pre>
-<h1 id="options-33">Options</h1>
+<h2 id="options-33">Options</h2>
 <pre><code>  -h, --help   help for edit</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
 <h1 id="see-also-33">SEE ALSO</h1>
@@ -1305,7 +2015,7 @@ <h1 id="rclone-config-file">rclone config file</h1>
 <h2 id="options-34">Options</h2>
 <pre><code>  -h, --help   help for file</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-34">SEE ALSO</h2>
+<h1 id="see-also-34">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
@@ -1321,7 +2031,7 @@ <h2 id="synopsis-31">Synopsis</h2>
 <h2 id="options-35">Options</h2>
 <pre><code>  -h, --help   help for password</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-35">SEE ALSO</h2>
+<h1 id="see-also-35">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
@@ -1331,7 +2041,7 @@ <h1 id="rclone-config-paths">rclone config paths</h1>
 <h2 id="options-36">Options</h2>
 <pre><code>  -h, --help   help for paths</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-36">SEE ALSO</h2>
+<h1 id="see-also-36">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
@@ -1341,7 +2051,7 @@ <h1 id="rclone-config-providers">rclone config providers</h1>
 <h2 id="options-37">Options</h2>
 <pre><code>  -h, --help   help for providers</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-37">SEE ALSO</h2>
+<h1 id="see-also-37">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
@@ -1355,33 +2065,48 @@ <h2 id="synopsis-32">Synopsis</h2>
 <h2 id="options-38">Options</h2>
 <pre><code>  -h, --help   help for reconnect</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-38">SEE ALSO</h2>
+<h1 id="see-also-38">SEE ALSO</h1>
+<ul>
+<li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
+</ul>
+<h1 id="rclone-config-redacted">rclone config redacted</h1>
+<p>Print redacted (decrypted) config file, or the redacted config for a single remote.</p>
+<h2 id="synopsis-33">Synopsis</h2>
+<p>This prints a redacted copy of the config file, either the whole config file or for a given remote.</p>
+<p>The config file will be redacted by replacing all passwords and other sensitive info with XXX.</p>
+<p>This makes the config file suitable for posting online for support.</p>
+<p>It should be double checked before posting as the redaction may not be perfect.</p>
+<pre><code>rclone config redacted [&lt;remote&gt;] [flags]</code></pre>
+<h2 id="options-39">Options</h2>
+<pre><code>  -h, --help   help for redacted</code></pre>
+<p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
+<h1 id="see-also-39">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
 <h1 id="rclone-config-show">rclone config show</h1>
 <p>Print (decrypted) config file, or the config for a single remote.</p>
 <pre><code>rclone config show [&lt;remote&gt;] [flags]</code></pre>
-<h2 id="options-39">Options</h2>
+<h2 id="options-40">Options</h2>
 <pre><code>  -h, --help   help for show</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-39">SEE ALSO</h2>
+<h1 id="see-also-40">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
 <h1 id="rclone-config-touch">rclone config touch</h1>
 <p>Ensure configuration file exists.</p>
 <pre><code>rclone config touch [flags]</code></pre>
-<h2 id="options-40">Options</h2>
+<h2 id="options-41">Options</h2>
 <pre><code>  -h, --help   help for touch</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-40">SEE ALSO</h2>
+<h1 id="see-also-41">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
 <h1 id="rclone-config-update">rclone config update</h1>
 <p>Update options in an existing remote.</p>
-<h2 id="synopsis-33">Synopsis</h2>
+<h2 id="synopsis-34">Synopsis</h2>
 <p>Update an existing remote's options. The options should be passed in pairs of <code>key</code> <code>value</code> or as <code>key=value</code>.</p>
 <p>For example, to update the env_auth field of a remote of name myremote you would do:</p>
 <pre><code>rclone config update myremote env_auth true
@@ -1436,7 +2161,7 @@ <h2 id="synopsis-33">Synopsis</h2>
 <p>If <code>--all</code> is passed then rclone will ask all the config questions, not just the post config questions. Any parameters are used as defaults for questions as usual.</p>
 <p>Note that <code>bin/config.py</code> in the rclone source implements this protocol as a readable demonstration.</p>
 <pre><code>rclone config update name [key value]+ [flags]</code></pre>
-<h2 id="options-41">Options</h2>
+<h2 id="options-42">Options</h2>
 <pre><code>      --all               Ask the full set of config questions
       --continue          Continue the configuration process with an answer
   -h, --help              help for update
@@ -1446,26 +2171,26 @@ <h2 id="options-41">Options</h2>
       --result string     Result - use with --continue
       --state string      State - use with --continue</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-41">SEE ALSO</h2>
+<h1 id="see-also-42">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
 <h1 id="rclone-config-userinfo">rclone config userinfo</h1>
 <p>Prints info about logged in user of remote.</p>
-<h2 id="synopsis-34">Synopsis</h2>
+<h2 id="synopsis-35">Synopsis</h2>
 <p>This prints the details of the person logged in to the cloud storage system.</p>
 <pre><code>rclone config userinfo remote: [flags]</code></pre>
-<h2 id="options-42">Options</h2>
+<h2 id="options-43">Options</h2>
 <pre><code>  -h, --help   help for userinfo
       --json   Format output as JSON</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-42">SEE ALSO</h2>
+<h1 id="see-also-43">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_config/">rclone config</a> - Enter an interactive configuration session.</li>
 </ul>
 <h1 id="rclone-copyto">rclone copyto</h1>
 <p>Copy files from source to dest, skipping identical files.</p>
-<h2 id="synopsis-35">Synopsis</h2>
+<h2 id="synopsis-36">Synopsis</h2>
 <p>If source:path is a file or directory then it copies it to a file or directory named dest:path.</p>
 <p>This can be used to upload single files to other than their current name. If the source is a directory then it acts exactly like the <a href="https://rclone.org/commands/rclone_copy/">copy</a> command.</p>
 <p>So</p>
@@ -1480,37 +2205,108 @@ <h2 id="synopsis-35">Synopsis</h2>
 <p>This doesn't transfer files that are identical on src and dst, testing by size and modification time or MD5SUM. It doesn't delete files from the destination.</p>
 <p><strong>Note</strong>: Use the <code>-P</code>/<code>--progress</code> flag to view real-time transfer statistics</p>
 <pre><code>rclone copyto source:path dest:path [flags]</code></pre>
-<h2 id="options-43">Options</h2>
+<h2 id="options-44">Options</h2>
 <pre><code>  -h, --help   help for copyto</code></pre>
+<h2 id="copy-options-4">Copy Options</h2>
+<p>Flags for anything which can Copy a file.</p>
+<pre><code>      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size &amp; checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don&#39;t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don&#39;t check the destination, copy regardless
+      --no-traverse                                 Don&#39;t traverse destination file system on copy
+      --no-update-modtime                           Don&#39;t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default &quot;.partial&quot;)
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination</code></pre>
+<h2 id="important-options-11">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options-14">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-13">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-43">SEE ALSO</h2>
+<h1 id="see-also-44">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-copyurl">rclone copyurl</h1>
 <p>Copy url content to dest.</p>
-<h2 id="synopsis-36">Synopsis</h2>
+<h2 id="synopsis-37">Synopsis</h2>
 <p>Download a URL's content and copy it to the destination without saving it in temporary storage.</p>
 <p>Setting <code>--auto-filename</code> will attempt to automatically determine the filename from the URL (after any redirections) and used in the destination path. With <code>--auto-filename-header</code> in addition, if a specific filename is set in HTTP headers, it will be used instead of the name from the URL. With <code>--print-filename</code> in addition, the resulting file name will be printed.</p>
 <p>Setting <code>--no-clobber</code> will prevent overwriting file on the destination if there is one with the same name.</p>
 <p>Setting <code>--stdout</code> or making the output file name <code>-</code> will cause the output to be written to standard output.</p>
 <pre><code>rclone copyurl https://example.com dest:path [flags]</code></pre>
-<h2 id="options-44">Options</h2>
+<h2 id="options-45">Options</h2>
 <pre><code>  -a, --auto-filename     Get the file name from the URL and use it for destination file path
       --header-filename   Get the file name from the Content-Disposition header
   -h, --help              help for copyurl
       --no-clobber        Prevent overwriting file with same name
   -p, --print-filename    Print the resulting name from --auto-filename
       --stdout            Write the output to stdout rather than a file</code></pre>
+<h2 id="important-options-12">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-44">SEE ALSO</h2>
+<h1 id="see-also-45">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-cryptcheck">rclone cryptcheck</h1>
-<p>Cryptcheck checks the integrity of a crypted remote.</p>
-<h2 id="synopsis-37">Synopsis</h2>
-<p>rclone cryptcheck checks a remote against a <a href="https://rclone.org/crypt/">crypted</a> remote. This is the equivalent of running rclone <a href="https://rclone.org/commands/rclone_check/">check</a>, but able to check the checksums of the crypted remote.</p>
+<p>Cryptcheck checks the integrity of an encrypted remote.</p>
+<h2 id="synopsis-38">Synopsis</h2>
+<p>rclone cryptcheck checks a remote against a <a href="https://rclone.org/crypt/">crypted</a> remote. This is the equivalent of running rclone <a href="https://rclone.org/commands/rclone_check/">check</a>, but able to check the checksums of the encrypted remote.</p>
 <p>For it to work the underlying remote of the cryptedremote must support some kind of checksum.</p>
 <p>It works by reading the nonce from each file on the cryptedremote: and using that to encrypt each file on the remote:. It then checks the checksum of the underlying file on the cryptedremote: against the checksum of the file it has just encrypted.</p>
 <p>Use it like this</p>
@@ -1528,8 +2324,9 @@ <h2 id="synopsis-37">Synopsis</h2>
 <li>`* path` means path was present in source and destination but different.</li>
 <li><code>! path</code> means there was an error reading or hashing the source or dest.</li>
 </ul>
+<p>The default number of parallel checks is 8. See the <a href="https://rclone.org/docs/#checkers-n">--checkers=N</a> option for more information.</p>
 <pre><code>rclone cryptcheck remote:path cryptedremote:path [flags]</code></pre>
-<h2 id="options-45">Options</h2>
+<h2 id="options-46">Options</h2>
 <pre><code>      --combined string         Make a combined report of changes to this file
       --differ string           Report all non-matching files to this file
       --error string            Report all files with errors (hashing or reading) to this file
@@ -1538,14 +2335,45 @@ <h2 id="options-45">Options</h2>
       --missing-on-dst string   Report all files missing from the destination to this file
       --missing-on-src string   Report all files missing from the source to this file
       --one-way                 Check one way only, source files must exist on remote</code></pre>
+<h2 id="check-options-1">Check Options</h2>
+<p>Flags used for <code>rclone check</code>.</p>
+<pre><code>      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)</code></pre>
+<h2 id="filter-options-15">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-14">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-45">SEE ALSO</h2>
+<h1 id="see-also-46">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-cryptdecode">rclone cryptdecode</h1>
 <p>Cryptdecode returns unencrypted file names.</p>
-<h2 id="synopsis-38">Synopsis</h2>
+<h2 id="synopsis-39">Synopsis</h2>
 <p>rclone cryptdecode returns unencrypted file names when provided with a list of encrypted file names. List limit is 10 items.</p>
 <p>If you supply the <code>--reverse</code> flag, it will return encrypted file names.</p>
 <p>use it like this</p>
@@ -1554,34 +2382,39 @@ <h2 id="synopsis-38">Synopsis</h2>
 rclone cryptdecode --reverse encryptedremote: filename1 filename2</code></pre>
 <p>Another way to accomplish this is by using the <code>rclone backend encode</code> (or <code>decode</code>) command. See the documentation on the <a href="https://rclone.org/crypt/">crypt</a> overlay for more info.</p>
 <pre><code>rclone cryptdecode encryptedremote: encryptedfilename [flags]</code></pre>
-<h2 id="options-46">Options</h2>
+<h2 id="options-47">Options</h2>
 <pre><code>  -h, --help      help for cryptdecode
       --reverse   Reverse cryptdecode, encrypts filenames</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-46">SEE ALSO</h2>
+<h1 id="see-also-47">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-deletefile">rclone deletefile</h1>
 <p>Remove a single file from remote.</p>
-<h2 id="synopsis-39">Synopsis</h2>
+<h2 id="synopsis-40">Synopsis</h2>
 <p>Remove a single file from remote. Unlike <code>delete</code> it cannot be used to remove a directory and it doesn't obey include/exclude filters - if the specified file exists, it will always be removed.</p>
 <pre><code>rclone deletefile remote:path [flags]</code></pre>
-<h2 id="options-47">Options</h2>
+<h2 id="options-48">Options</h2>
 <pre><code>  -h, --help   help for deletefile</code></pre>
+<h2 id="important-options-13">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-47">SEE ALSO</h2>
+<h1 id="see-also-48">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-genautocomplete">rclone genautocomplete</h1>
 <p>Output completion script for a given shell.</p>
-<h2 id="synopsis-40">Synopsis</h2>
+<h1 id="synopsis-41">Synopsis</h1>
 <p>Generates a shell completion script for rclone. Run with <code>--help</code> to list the supported shells.</p>
-<h2 id="options-48">Options</h2>
+<h1 id="options-49">Options</h1>
 <pre><code>  -h, --help   help for genautocomplete</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-48">SEE ALSO</h2>
+<h1 id="see-also-49">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 <li><a href="https://rclone.org/commands/rclone_genautocomplete_bash/">rclone genautocomplete bash</a> - Output bash completion script for rclone.</li>
@@ -1590,7 +2423,7 @@ <h2 id="see-also-48">SEE ALSO</h2>
 </ul>
 <h1 id="rclone-genautocomplete-bash">rclone genautocomplete bash</h1>
 <p>Output bash completion script for rclone.</p>
-<h2 id="synopsis-41">Synopsis</h2>
+<h1 id="synopsis-42">Synopsis</h1>
 <p>Generates a bash shell autocompletion script for rclone.</p>
 <p>This writes to /etc/bash_completion.d/rclone by default so will probably need to be run with sudo or as root, e.g.</p>
 <pre><code>sudo rclone genautocomplete bash</code></pre>
@@ -1599,16 +2432,16 @@ <h2 id="synopsis-41">Synopsis</h2>
 <p>If you supply a command line argument the script will be written there.</p>
 <p>If output_file is "-", then the output will be written to stdout.</p>
 <pre><code>rclone genautocomplete bash [output_file] [flags]</code></pre>
-<h2 id="options-49">Options</h2>
+<h1 id="options-50">Options</h1>
 <pre><code>  -h, --help   help for bash</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-49">SEE ALSO</h2>
+<h1 id="see-also-50">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_genautocomplete/">rclone genautocomplete</a> - Output completion script for a given shell.</li>
 </ul>
 <h1 id="rclone-genautocomplete-fish">rclone genautocomplete fish</h1>
 <p>Output fish completion script for rclone.</p>
-<h2 id="synopsis-42">Synopsis</h2>
+<h1 id="synopsis-43">Synopsis</h1>
 <p>Generates a fish autocompletion script for rclone.</p>
 <p>This writes to /etc/fish/completions/rclone.fish by default so will probably need to be run with sudo or as root, e.g.</p>
 <pre><code>sudo rclone genautocomplete fish</code></pre>
@@ -1617,16 +2450,16 @@ <h2 id="synopsis-42">Synopsis</h2>
 <p>If you supply a command line argument the script will be written there.</p>
 <p>If output_file is "-", then the output will be written to stdout.</p>
 <pre><code>rclone genautocomplete fish [output_file] [flags]</code></pre>
-<h2 id="options-50">Options</h2>
+<h1 id="options-51">Options</h1>
 <pre><code>  -h, --help   help for fish</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-50">SEE ALSO</h2>
+<h1 id="see-also-51">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_genautocomplete/">rclone genautocomplete</a> - Output completion script for a given shell.</li>
 </ul>
 <h1 id="rclone-genautocomplete-zsh">rclone genautocomplete zsh</h1>
 <p>Output zsh completion script for rclone.</p>
-<h2 id="synopsis-43">Synopsis</h2>
+<h1 id="synopsis-44">Synopsis</h1>
 <p>Generates a zsh autocompletion script for rclone.</p>
 <p>This writes to /usr/share/zsh/vendor-completions/_rclone by default so will probably need to be run with sudo or as root, e.g.</p>
 <pre><code>sudo rclone genautocomplete zsh</code></pre>
@@ -1635,28 +2468,28 @@ <h2 id="synopsis-43">Synopsis</h2>
 <p>If you supply a command line argument the script will be written there.</p>
 <p>If output_file is "-", then the output will be written to stdout.</p>
 <pre><code>rclone genautocomplete zsh [output_file] [flags]</code></pre>
-<h2 id="options-51">Options</h2>
+<h1 id="options-52">Options</h1>
 <pre><code>  -h, --help   help for zsh</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-51">SEE ALSO</h2>
+<h1 id="see-also-52">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_genautocomplete/">rclone genautocomplete</a> - Output completion script for a given shell.</li>
 </ul>
 <h1 id="rclone-gendocs">rclone gendocs</h1>
 <p>Output markdown docs for rclone to the directory supplied.</p>
-<h2 id="synopsis-44">Synopsis</h2>
+<h2 id="synopsis-45">Synopsis</h2>
 <p>This produces markdown docs for the rclone commands to the directory supplied. These are in a format suitable for hugo to render into the rclone.org website.</p>
 <pre><code>rclone gendocs output_directory [flags]</code></pre>
-<h2 id="options-52">Options</h2>
+<h2 id="options-53">Options</h2>
 <pre><code>  -h, --help   help for gendocs</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-52">SEE ALSO</h2>
+<h1 id="see-also-53">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-hashsum">rclone hashsum</h1>
 <p>Produces a hashsum file for all the objects in the path.</p>
-<h2 id="synopsis-45">Synopsis</h2>
+<h2 id="synopsis-46">Synopsis</h2>
 <p>Produces a hash file for all the objects in the path using the hash named. The output is in the same format as the standard md5sum/sha1sum tool.</p>
 <p>By default, the hash is requested from the remote. If the hash is not supported by the remote, no hash will be returned. With the download flag, the file will be downloaded from the remote and hashed locally enabling any hash for any remote.</p>
 <p>For the MD5 and SHA1 algorithms there are also dedicated commands, <a href="https://rclone.org/commands/rclone_md5sum/">md5sum</a> and <a href="https://rclone.org/commands/rclone_sha1sum/">sha1sum</a>.</p>
@@ -1668,29 +2501,53 @@ <h2 id="synopsis-45">Synopsis</h2>
   * sha1
   * whirlpool
   * crc32
-  * sha256
-  * dropbox
-  * hidrive
-  * mailru
-  * quickxor</code></pre>
+  * sha256</code></pre>
 <p>Then</p>
 <pre><code>$ rclone hashsum MD5 remote:path</code></pre>
 <p>Note that hash names are case insensitive and values are output in lower case.</p>
-<pre><code>rclone hashsum &lt;hash&gt; remote:path [flags]</code></pre>
-<h2 id="options-53">Options</h2>
+<pre><code>rclone hashsum [&lt;hash&gt; remote:path] [flags]</code></pre>
+<h2 id="options-54">Options</h2>
 <pre><code>      --base64               Output base64 encoded hashsum
   -C, --checkfile string     Validate hashes against a given SUM file instead of printing them
       --download             Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote
   -h, --help                 help for hashsum
       --output-file string   Output hashsums to a file rather than the terminal</code></pre>
+<h2 id="filter-options-16">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-15">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-53">SEE ALSO</h2>
+<h1 id="see-also-54">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-link">rclone link</h1>
 <p>Generate public link to file/folder.</p>
-<h2 id="synopsis-46">Synopsis</h2>
+<h2 id="synopsis-47">Synopsis</h2>
 <p>rclone link will create, retrieve or remove a public link to the given file or folder.</p>
 <pre><code>rclone link remote:path/to/file
 rclone link remote:path/to/folder/
@@ -1700,32 +2557,32 @@ <h2 id="synopsis-46">Synopsis</h2>
 <p>Use the --unlink flag to remove existing public links to the file or folder. <strong>Note</strong> not all backends support "--unlink" flag - those that don't will just ignore it.</p>
 <p>If successful, the last line of the output will contain the link. Exact capabilities depend on the remote, but the link will always by default be created with the least constraints – e.g. no expiry, no password protection, accessible without account.</p>
 <pre><code>rclone link remote:path [flags]</code></pre>
-<h2 id="options-54">Options</h2>
+<h2 id="options-55">Options</h2>
 <pre><code>      --expire Duration   The amount of time that the link will be valid (default off)
   -h, --help              help for link
       --unlink            Remove existing public link to file/folder</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-54">SEE ALSO</h2>
+<h1 id="see-also-55">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-listremotes">rclone listremotes</h1>
-<p>List all the remotes in the config file.</p>
-<h2 id="synopsis-47">Synopsis</h2>
+<p>List all the remotes in the config file and defined in environment variables.</p>
+<h2 id="synopsis-48">Synopsis</h2>
 <p>rclone listremotes lists all the available remotes from the config file.</p>
 <p>When used with the <code>--long</code> flag it lists the types too.</p>
 <pre><code>rclone listremotes [flags]</code></pre>
-<h2 id="options-55">Options</h2>
+<h2 id="options-56">Options</h2>
 <pre><code>  -h, --help   help for listremotes
       --long   Show the type as well as names</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-55">SEE ALSO</h2>
+<h1 id="see-also-56">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-lsf">rclone lsf</h1>
 <p>List directories and objects in remote:path formatted for parsing.</p>
-<h2 id="synopsis-48">Synopsis</h2>
+<h2 id="synopsis-49">Synopsis</h2>
 <p>List the contents of the source path (directories and objects) to standard output in a form which is easy to parse by scripts. By default this will just be the names of the objects and directories, one per line. The directories will have a / suffix.</p>
 <p>Eg</p>
 <pre><code>$ rclone lsf swift:bucket
@@ -1796,7 +2653,7 @@ <h2 id="synopsis-48">Synopsis</h2>
 <p>The other list commands <code>lsd</code>,<code>lsf</code>,<code>lsjson</code> do not recurse by default - use <code>-R</code> to make them recurse.</p>
 <p>Listing a nonexistent directory will produce an error except for remotes which can't have empty directories (e.g. s3, swift, or gcs - the bucket-based remotes).</p>
 <pre><code>rclone lsf remote:path [flags]</code></pre>
-<h2 id="options-56">Options</h2>
+<h2 id="options-57">Options</h2>
 <pre><code>      --absolute           Put a leading / in front of path names
       --csv                Output in CSV format
   -d, --dir-slash          Append a slash to directory names (default true)
@@ -1807,14 +2664,42 @@ <h2 id="options-56">Options</h2>
   -h, --help               help for lsf
   -R, --recursive          Recurse into the listing
   -s, --separator string   Separator for the items in the format (default &quot;;&quot;)</code></pre>
+<h2 id="filter-options-17">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-16">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-56">SEE ALSO</h2>
+<h1 id="see-also-57">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-lsjson">rclone lsjson</h1>
 <p>List directories and objects in the path in JSON format.</p>
-<h2 id="synopsis-49">Synopsis</h2>
+<h2 id="synopsis-50">Synopsis</h2>
 <p>List directories and objects in the path in JSON format.</p>
 <p>The output is an array of Items, where each Item looks like this</p>
 <pre><code>{
@@ -1862,7 +2747,7 @@ <h2 id="synopsis-49">Synopsis</h2>
 <p>The other list commands <code>lsd</code>,<code>lsf</code>,<code>lsjson</code> do not recurse by default - use <code>-R</code> to make them recurse.</p>
 <p>Listing a nonexistent directory will produce an error except for remotes which can't have empty directories (e.g. s3, swift, or gcs - the bucket-based remotes).</p>
 <pre><code>rclone lsjson remote:path [flags]</code></pre>
-<h2 id="options-57">Options</h2>
+<h2 id="options-58">Options</h2>
 <pre><code>      --dirs-only               Show only directories in the listing
       --encrypted               Show the encrypted names
       --files-only              Show only files in the listing
@@ -1875,14 +2760,42 @@ <h2 id="options-57">Options</h2>
       --original                Show the ID of the underlying Object
   -R, --recursive               Recurse into the listing
       --stat                    Just return the info for the pointed to file</code></pre>
+<h2 id="filter-options-18">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-17">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-57">SEE ALSO</h2>
+<h1 id="see-also-58">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-mount">rclone mount</h1>
 <p>Mount the remote as file system on a mountpoint.</p>
-<h2 id="synopsis-50">Synopsis</h2>
+<h2 id="synopsis-51">Synopsis</h2>
 <p>rclone mount allows Linux, FreeBSD, macOS and Windows to mount any of Rclone's cloud storage systems as a file system with FUSE.</p>
 <p>First set up your remote using <code>rclone config</code>. Check it works with <code>rclone ls</code> etc.</p>
 <p>On Linux and macOS, you can run mount in either foreground or background (aka daemon) mode. Mount runs in foreground mode by default. Use the <code>--daemon</code> flag to force background mode. On Windows you can run mount in foreground only, the flag is ignored.</p>
@@ -1943,7 +2856,14 @@ <h3 id="windows-caveats">Windows caveats</h3>
 <p>It is also possible to make a drive mount available to everyone on the system, by running the process creating it as the built-in SYSTEM account. There are several ways to do this: One is to use the command-line utility <a href="https://docs.microsoft.com/en-us/sysinternals/downloads/psexec">PsExec</a>, from Microsoft's Sysinternals suite, which has option <code>-s</code> to start processes as the SYSTEM account. Another alternative is to run the mount command from a Windows Scheduled Task, or a Windows Service, configured to run as the SYSTEM account. A third alternative is to use the <a href="https://github.com/winfsp/winfsp/wiki/WinFsp-Service-Architecture">WinFsp.Launcher infrastructure</a>). Read more in the <a href="https://rclone.org/install/">install documentation</a>. Note that when running rclone as another user, it will not use the configuration file from your profile unless you tell it to with the <a href="https://rclone.org/docs/#config-config-file"><code>--config</code></a> option. Note also that it is now the SYSTEM account that will have the owner permissions, and other accounts will have permissions according to the group or others scopes. As mentioned above, these will then not get the "write extended attributes" permission, and this may prevent writing to files. You can work around this with the FileSecurity option, see example above.</p>
 <p>Note that mapping to a directory path, instead of a drive letter, does not suffer from the same limitations.</p>
 <h2 id="mounting-on-macos">Mounting on macOS</h2>
-<p>Mounting on macOS can be done either via <a href="https://osxfuse.github.io/">macFUSE</a> (also known as osxfuse) or <a href="https://www.fuse-t.org/">FUSE-T</a>. macFUSE is a traditional FUSE driver utilizing a macOS kernel extension (kext). FUSE-T is an alternative FUSE system which "mounts" via an NFSv4 local server.</p>
+<p>Mounting on macOS can be done either via <a href="https://rclone.org/commands/rclone_serve_nfs/">built-in NFS server</a>, <a href="https://osxfuse.github.io/">macFUSE</a> (also known as osxfuse) or <a href="https://www.fuse-t.org/">FUSE-T</a>. macFUSE is a traditional FUSE driver utilizing a macOS kernel extension (kext). FUSE-T is an alternative FUSE system which "mounts" via an NFSv4 local server.</p>
+<h1 id="nfs-mount">NFS mount</h1>
+<p>This method spins up an NFS server using <a href="https://rclone.org/commands/rclone_serve_nfs/">serve nfs</a> command and mounts it to the specified mountpoint. If you run this in background mode using |--daemon|, you will need to send SIGTERM signal to the rclone process using |kill| command to stop the mount.</p>
+<h3 id="macfuse-notes">macFUSE Notes</h3>
+<p>If installing macFUSE using <a href="https://github.com/osxfuse/osxfuse/releases">dmg packages</a> from the website, rclone will locate the macFUSE libraries without any further intervention. If however, macFUSE is installed using the <a href="https://www.macports.org/">macports</a> package manager, the following addition steps are required.</p>
+<pre><code>sudo mkdir /usr/local/lib
+cd /usr/local/lib
+sudo ln -s /opt/local/lib/libfuse.2.dylib</code></pre>
 <h3 id="fuse-t-limitations-caveats-and-notes">FUSE-T Limitations, Caveats, and Notes</h3>
 <p>There are some limitations, caveats, and notes about how it works. These are current as of FUSE-T version 1.0.14.</p>
 <h4 id="modtime-update-on-read">ModTime update on read</h4>
@@ -1958,7 +2878,7 @@ <h4 id="unicode-normalization">Unicode Normalization</h4>
 <h4 id="read-only-mounts">Read Only mounts</h4>
 <p>When mounting with <code>--read-only</code>, attempts to write to files will fail <em>silently</em> as opposed to with a clear warning as in macFUSE.</p>
 <h2 id="limitations">Limitations</h2>
-<p>Without the use of <code>--vfs-cache-mode</code> this can only write files sequentially, it can only seek when reading. This means that many applications won't work with their files on an rclone mount without <code>--vfs-cache-mode writes</code> or <code>--vfs-cache-mode full</code>. See the <a href="#vfs-file-caching">VFS File Caching</a> section for more info.</p>
+<p>Without the use of <code>--vfs-cache-mode</code> this can only write files sequentially, it can only seek when reading. This means that many applications won't work with their files on an rclone mount without <code>--vfs-cache-mode writes</code> or <code>--vfs-cache-mode full</code>. See the <a href="#vfs-file-caching">VFS File Caching</a> section for more info. When using NFS mount on macOS, if you don't specify |--vfs-cache-mode| the mount point will be read-only.</p>
 <p>The bucket-based remotes (e.g. Swift, S3, Google Compute Storage, B2) do not support the concept of empty directories, so empty directories will have a tendency to disappear once they fall out of the directory cache.</p>
 <p>When <code>rclone mount</code> is invoked on Unix with <code>--daemon</code> flag, the main rclone program will wait for the background mount to become ready or until the timeout specified by the <code>--daemon-wait</code> flag. On Linux it can check mount status using ProcFS so the flag in fact sets <strong>maximum</strong> time to wait, while the real wait can be less. On macOS / BSD the time to wait is constant and the check is performed only at the end. We advise you to set wait time on macOS reasonably.</p>
 <p>Only supported on Linux, FreeBSD, OS X and Windows at the moment.</p>
@@ -1985,17 +2905,16 @@ <h2 id="rclone-as-unix-mount-helper">Rclone as Unix mount helper</h2>
 <p>or create systemd mount units:</p>
 <pre><code># /etc/systemd/system/mnt-data.mount
 [Unit]
-After=network-online.target
+Description=Mount for /mnt/data
 [Mount]
 Type=rclone
 What=sftp1:subdir
 Where=/mnt/data
-Options=rw,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone</code></pre>
+Options=rw,_netdev,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone</code></pre>
 <p>optionally accompanied by systemd automount unit</p>
 <pre><code># /etc/systemd/system/mnt-data.automount
 [Unit]
-After=network-online.target
-Before=remote-fs.target
+Description=AutoMount for /mnt/data
 [Automount]
 Where=/mnt/data
 TimeoutIdleSec=600
@@ -2011,9 +2930,8 @@ <h2 id="rclone-as-unix-mount-helper">Rclone as Unix mount helper</h2>
 <li><code>command=cmount</code> can be used to run <code>cmount</code> or any other rclone command rather than the default <code>mount</code>.</li>
 <li><code>args2env</code> will pass mount options to the mount helper running in background via environment variables instead of command line arguments. This allows to hide secrets from such commands as <code>ps</code> or <code>pgrep</code>.</li>
 <li><code>vv...</code> will be transformed into appropriate <code>--verbose=N</code></li>
-<li>standard mount options like <code>x-systemd.automount</code>, <code>_netdev</code>, <code>nosuid</code> and alike are intended only for Automountd and ignored by rclone.</li>
+<li>standard mount options like <code>x-systemd.automount</code>, <code>_netdev</code>, <code>nosuid</code> and alike are intended only for Automountd and ignored by rclone. ## VFS - Virtual File System</li>
 </ul>
-<h2 id="vfs---virtual-file-system">VFS - Virtual File System</h2>
 <p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
 <p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
 <p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
@@ -2037,16 +2955,18 @@ <h2 id="vfs-file-caching">VFS File Caching</h2>
 <p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
 <p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
 <p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
-<pre><code>--cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)</code></pre>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
 <p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
 <p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
 <p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
-<p>If using <code>--vfs-cache-max-size</code> note that the cache may exceed this size for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
 <p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
 <h3 id="vfs-cache-mode-off">--vfs-cache-mode off</h3>
 <p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
@@ -2129,7 +3049,7 @@ <h2 id="alternate-report-of-used-bytes">Alternate report of used bytes</h2>
 <p>Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running <code>df</code> on the filesystem, then pass the flag <code>--vfs-used-is-size</code> to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to <code>rclone size</code> and compute the total used space itself.</p>
 <p><em>WARNING.</em> Contrary to <code>rclone size</code>, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.</p>
 <pre><code>rclone mount remote:path /path/to/mountpoint [flags]</code></pre>
-<h2 id="options-58">Options</h2>
+<h2 id="options-59">Options</h2>
 <pre><code>      --allow-non-empty                        Allow mounting over a non-empty directory (not supported on Windows)
       --allow-other                            Allow access to other users (not supported on Windows)
       --allow-root                             Allow access to root user (not supported on Windows)
@@ -2148,6 +3068,7 @@ <h2 id="options-58">Options</h2>
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for mount
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don&#39;t compare checksums on up/download
       --no-modtime                             Don&#39;t read/write the modification time (can speed things up)
@@ -2159,8 +3080,9 @@ <h2 id="options-58">Options</h2>
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -2170,19 +3092,44 @@ <h2 id="options-58">Options</h2>
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
       --volname string                         Set the volume name (supported on Windows and OSX only)
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)</code></pre>
+<h2 id="filter-options-19">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-58">SEE ALSO</h2>
+<h1 id="see-also-59">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-moveto">rclone moveto</h1>
 <p>Move file or directory from source to dest.</p>
-<h2 id="synopsis-51">Synopsis</h2>
+<h2 id="synopsis-52">Synopsis</h2>
 <p>If source:path is a file or directory then it moves it to a file or directory named dest:path.</p>
 <p>This can be used to rename files or upload single files to other than their existing name. If the source is a directory then it acts exactly like the <a href="https://rclone.org/commands/rclone_move/">move</a> command.</p>
 <p>So</p>
@@ -2198,16 +3145,82 @@ <h2 id="synopsis-51">Synopsis</h2>
 <p><strong>Important</strong>: Since this can cause data loss, test first with the <code>--dry-run</code> or the <code>--interactive</code>/<code>-i</code> flag.</p>
 <p><strong>Note</strong>: Use the <code>-P</code>/<code>--progress</code> flag to view real-time transfer statistics.</p>
 <pre><code>rclone moveto source:path dest:path [flags]</code></pre>
-<h2 id="options-59">Options</h2>
+<h2 id="options-60">Options</h2>
 <pre><code>  -h, --help   help for moveto</code></pre>
+<h2 id="copy-options-5">Copy Options</h2>
+<p>Flags for anything which can Copy a file.</p>
+<pre><code>      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size &amp; checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don&#39;t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don&#39;t check the destination, copy regardless
+      --no-traverse                                 Don&#39;t traverse destination file system on copy
+      --no-update-modtime                           Don&#39;t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default &quot;.partial&quot;)
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination</code></pre>
+<h2 id="important-options-14">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options-20">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-18">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-59">SEE ALSO</h2>
+<h1 id="see-also-60">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-ncdu">rclone ncdu</h1>
 <p>Explore a remote with a text based user interface.</p>
-<h2 id="synopsis-52">Synopsis</h2>
+<h2 id="synopsis-53">Synopsis</h2>
 <p>This displays a text based user interface allowing the navigation of a remote. It is most useful for answering the question - "What is using all my disk space?".</p>
 <p>To make the user interface it first scans the entire remote given and builds an in memory representation. rclone ncdu can be used during this scanning phase and you will see it building up the directory structure as it goes along.</p>
 <p>You can interact with the user interface using key presses, press '?' to toggle the help on and off. The supported keys are:</p>
@@ -2227,6 +3240,7 @@ <h2 id="synopsis-52">Synopsis</h2>
  y copy current path to clipboard
  Y display current path
  ^L refresh screen (fix screen corruption)
+ r recalculate file sizes
  ? to toggle help on and off
  q/ESC/^c to quit</code></pre>
 <p>Listed files/directories may be prefixed by a one-character flag, some of them combined with a description in brackets at end of line. These flags have the following meaning:</p>
@@ -2244,16 +3258,44 @@ <h2 id="synopsis-52">Synopsis</h2>
 <p>Note that it might take some time to delete big files/directories. The UI won't respond in the meantime since the deletion is done synchronously.</p>
 <p>For a non-interactive listing of the remote, see the <a href="https://rclone.org/commands/rclone_tree/">tree</a> command. To just get the total size of the remote you can also use the <a href="https://rclone.org/commands/rclone_size/">size</a> command.</p>
 <pre><code>rclone ncdu remote:path [flags]</code></pre>
-<h2 id="options-60">Options</h2>
+<h2 id="options-61">Options</h2>
 <pre><code>  -h, --help   help for ncdu</code></pre>
+<h2 id="filter-options-21">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-19">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-60">SEE ALSO</h2>
+<h1 id="see-also-61">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-obscure">rclone obscure</h1>
 <p>Obscure password for use in the rclone config file.</p>
-<h2 id="synopsis-53">Synopsis</h2>
+<h2 id="synopsis-54">Synopsis</h2>
 <p>In the rclone config file, human-readable passwords are obscured. Obscuring them is done by encrypting them and writing them out in base64. This is <strong>not</strong> a secure way of encrypting these passwords as rclone can decrypt them - it is to prevent "eyedropping" - namely someone seeing a password in the rclone config file by accident.</p>
 <p>Many equally important things (like access tokens) are not obscured in the config file. However it is very hard to shoulder surf a 64 character hex token.</p>
 <p>This command can also accept a password through STDIN instead of an argument by passing a hyphen as an argument. This will use the first line of STDIN as the password not including the trailing newline.</p>
@@ -2261,16 +3303,16 @@ <h2 id="synopsis-53">Synopsis</h2>
 <p>If there is no data on STDIN to read, rclone obscure will default to obfuscating the hyphen itself.</p>
 <p>If you want to encrypt the config file then please use config file encryption - see <a href="https://rclone.org/commands/rclone_config/">rclone config</a> for more info.</p>
 <pre><code>rclone obscure password [flags]</code></pre>
-<h2 id="options-61">Options</h2>
+<h2 id="options-62">Options</h2>
 <pre><code>  -h, --help   help for obscure</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-61">SEE ALSO</h2>
+<h1 id="see-also-62">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-rc">rclone rc</h1>
 <p>Run a command against a running rclone.</p>
-<h2 id="synopsis-54">Synopsis</h2>
+<h2 id="synopsis-55">Synopsis</h2>
 <p>This runs a command against a running rclone. Use the <code>--url</code> flag to specify an non default URL to connect on. This can be either a ":port" which is taken to mean "http://localhost:port" or a "host:port" which is taken to mean "http://host:port"</p>
 <p>A username and password can be passed in with <code>--user</code> and <code>--pass</code>.</p>
 <p>Note that <code>--rc-addr</code>, <code>--rc-user</code>, <code>--rc-pass</code> will be read also for <code>--url</code>, <code>--user</code>, <code>--pass</code>.</p>
@@ -2289,7 +3331,7 @@ <h2 id="synopsis-54">Synopsis</h2>
 <pre><code>rclone rc --loopback operations/about fs=/</code></pre>
 <p>Use <code>rclone rc</code> to see a list of all possible commands.</p>
 <pre><code>rclone rc commands parameter [flags]</code></pre>
-<h2 id="options-62">Options</h2>
+<h2 id="options-63">Options</h2>
 <pre><code>  -a, --arg stringArray   Argument placed in the &quot;arg&quot; array
   -h, --help              help for rc
       --json string       Input JSON - use instead of key=value args
@@ -2300,13 +3342,13 @@ <h2 id="options-62">Options</h2>
       --url string        URL to connect to rclone remote control (default &quot;http://localhost:5572/&quot;)
       --user string       Username to use to rclone remote control</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-62">SEE ALSO</h2>
+<h1 id="see-also-63">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-rcat">rclone rcat</h1>
 <p>Copies standard input to file on remote.</p>
-<h2 id="synopsis-55">Synopsis</h2>
+<h2 id="synopsis-56">Synopsis</h2>
 <p>rclone rcat reads from standard input (stdin) and copies it to a single remote file.</p>
 <pre><code>echo &quot;hello world&quot; | rclone rcat remote:path/to/file
 ffmpeg - | rclone rcat remote:path/to/file</code></pre>
@@ -2314,37 +3356,42 @@ <h2 id="synopsis-55">Synopsis</h2>
 <p>rcat will try to upload small files in a single request, which is usually more efficient than the streaming/chunked upload endpoints, which use multiple requests. Exact behaviour depends on the remote. What is considered a small file may be set through <code>--streaming-upload-cutoff</code>. Uploading only starts after the cutoff is reached or if the file ends before that. The data must fit into RAM. The cutoff needs to be small enough to adhere the limits of your remote, please see there. Generally speaking, setting this cutoff too high will decrease your performance.</p>
 <p>Use the <code>--size</code> flag to preallocate the file in advance at the remote end and actually stream it, even if remote backend doesn't support streaming.</p>
 <p><code>--size</code> should be the exact size of the input stream in bytes. If the size of the stream is different in length to the <code>--size</code> passed in then the transfer will likely fail.</p>
-<p>Note that the upload can also not be retried because the data is not kept around until the upload succeeds. If you need to transfer a lot of data, you're better off caching locally and then <code>rclone move</code> it to the destination.</p>
+<p>Note that the upload cannot be retried because the data is not stored. If the backend supports multipart uploading then individual chunks can be retried. If you need to transfer a lot of data, you may be better off caching it locally and then <code>rclone move</code> it to the destination which can use retries.</p>
 <pre><code>rclone rcat remote:path [flags]</code></pre>
-<h2 id="options-63">Options</h2>
+<h2 id="options-64">Options</h2>
 <pre><code>  -h, --help       help for rcat
       --size int   File size hint to preallocate (default -1)</code></pre>
+<h2 id="important-options-15">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-63">SEE ALSO</h2>
+<h1 id="see-also-64">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-rcd">rclone rcd</h1>
 <p>Run rclone listening to remote control commands only.</p>
-<h2 id="synopsis-56">Synopsis</h2>
+<h2 id="synopsis-57">Synopsis</h2>
 <p>This runs rclone so that it only listens to remote control commands.</p>
 <p>This is useful if you are controlling rclone via the rc API.</p>
 <p>If you pass in a path to a directory, rclone will serve that directory for GET requests on the URL passed in. It will also open the URL in the browser when rclone is run.</p>
 <p>See the <a href="https://rclone.org/rc/">rc documentation</a> for more info on the rc flags.</p>
 <h2 id="server-options">Server options</h2>
-<p>Use <code>--addr</code> to specify which IP address and port the server should listen on, eg <code>--addr 1.2.3.4:8000</code> or <code>--addr :8080</code> to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
-<p>If you set <code>--addr</code> to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
+<p>Use <code>--rc-addr</code> to specify which IP address and port the server should listen on, eg <code>--rc-addr 1.2.3.4:8000</code> or <code>--rc-addr :8080</code> to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
+<p>If you set <code>--rc-addr</code> to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
 <p>You can use a unix socket by setting the url to <code>unix:///path/to/socket</code> or just by using an absolute path name. Note that unix sockets bypass the authentication - this is expected to be done with file system permissions.</p>
-<p><code>--addr</code> may be repeated to listen on multiple IPs/ports/sockets.</p>
-<p><code>--server-read-timeout</code> and <code>--server-write-timeout</code> can be used to control the timeouts on the server. Note that this is the total time for a transfer.</p>
-<p><code>--max-header-bytes</code> controls the maximum number of bytes the server will accept in the HTTP header.</p>
-<p><code>--baseurl</code> controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used <code>--baseurl "/rclone"</code> then rclone would serve from a URL starting with "/rclone/". This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing "/" on <code>--baseurl</code>, so <code>--baseurl "rclone"</code>, <code>--baseurl "/rclone"</code> and <code>--baseurl "/rclone/"</code> are all treated identically.</p>
+<p><code>--rc-addr</code> may be repeated to listen on multiple IPs/ports/sockets.</p>
+<p><code>--rc-server-read-timeout</code> and <code>--rc-server-write-timeout</code> can be used to control the timeouts on the server. Note that this is the total time for a transfer.</p>
+<p><code>--rc-max-header-bytes</code> controls the maximum number of bytes the server will accept in the HTTP header.</p>
+<p><code>--rc-baseurl</code> controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used <code>--rc-baseurl "/rclone"</code> then rclone would serve from a URL starting with "/rclone/". This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing "/" on <code>--rc-baseurl</code>, so <code>--rc-baseurl "rclone"</code>, <code>--rc-baseurl "/rclone"</code> and <code>--rc-baseurl "/rclone/"</code> are all treated identically.</p>
 <h3 id="tls-ssl">TLS (SSL)</h3>
-<p>By default this will serve over http. If you want you can serve over https. You will need to supply the <code>--cert</code> and <code>--key</code> flags. If you wish to do client side certificate validation then you will need to supply <code>--client-ca</code> also.</p>
-<p><code>--cert</code> should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. <code>--key</code> should be the PEM encoded private key and <code>--client-ca</code> should be the PEM encoded client certificate authority certificate.</p>
-<p>--min-tls-version is minimum TLS version that is acceptable. Valid values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").</p>
+<p>By default this will serve over http. If you want you can serve over https. You will need to supply the <code>--rc-cert</code> and <code>--rc-key</code> flags. If you wish to do client side certificate validation then you will need to supply <code>--rc-client-ca</code> also.</p>
+<p><code>--rc-cert</code> should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. <code>--krc-ey</code> should be the PEM encoded private key and <code>--rc-client-ca</code> should be the PEM encoded client certificate authority certificate.</p>
+<p>--rc-min-tls-version is minimum TLS version that is acceptable. Valid values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").</p>
 <h3 id="template">Template</h3>
-<p><code>--template</code> allows a user to specify a custom markup template for HTTP and WebDAV serve functions. The server exports the following markup to be used within the template to server pages:</p>
+<p><code>--rc-template</code> allows a user to specify a custom markup template for HTTP and WebDAV serve functions. The server exports the following markup to be used within the template to server pages:</p>
 <table>
 <colgroup>
 <col style="width: 50%" />
@@ -2423,54 +3470,122 @@ <h3 id="template">Template</h3>
 </tr>
 </tbody>
 </table>
+<p>The server also makes the following functions available so that they can be used within the template. These functions help extend the options for dynamic rendering of HTML. They can be used to render HTML based on specific conditions.</p>
+<table>
+<colgroup>
+<col style="width: 50%" />
+<col style="width: 50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th style="text-align: left;">Function</th>
+<th style="text-align: left;">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="text-align: left;">afterEpoch</td>
+<td style="text-align: left;">Returns the time since the epoch for the given time.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">contains</td>
+<td style="text-align: left;">Checks whether a given substring is present or not in a given string.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">hasPrefix</td>
+<td style="text-align: left;">Checks whether the given string begins with the specified prefix.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">hasSuffix</td>
+<td style="text-align: left;">Checks whether the given string end with the specified suffix.</td>
+</tr>
+</tbody>
+</table>
 <h3 id="authentication">Authentication</h3>
 <p>By default this will serve files without needing a login.</p>
-<p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the <code>--user</code> and <code>--pass</code> flags.</p>
-<p>Use <code>--htpasswd /path/to/htpasswd</code> to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
+<p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the <code>--rc-user</code> and <code>--rc-pass</code> flags.</p>
+<p>If no static users are configured by either of the above methods, and client certificates are required by the <code>--client-ca</code> flag passed to the server, the client certificate common name will be considered as the username.</p>
+<p>Use <code>--rc-htpasswd /path/to/htpasswd</code> to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
 <p>To create an htpasswd file:</p>
 <pre><code>touch htpasswd
 htpasswd -B htpasswd user
 htpasswd -B htpasswd anotherUser</code></pre>
 <p>The password file can be updated while rclone is running.</p>
-<p>Use <code>--realm</code> to set the authentication realm.</p>
-<p>Use <code>--salt</code> to change the password hashing salt from the default.</p>
+<p>Use <code>--rc-realm</code> to set the authentication realm.</p>
+<p>Use <code>--rc-salt</code> to change the password hashing salt from the default.</p>
 <pre><code>rclone rcd &lt;path to files to serve&gt;* [flags]</code></pre>
-<h2 id="options-64">Options</h2>
+<h2 id="options-65">Options</h2>
 <pre><code>  -h, --help   help for rcd</code></pre>
+<h2 id="rc-options">RC Options</h2>
+<p>Flags to control the Remote Control API.</p>
+<pre><code>      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default &quot;tls1.0&quot;)
+      --rc-no-auth                         Don&#39;t require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default &quot;dlPL2MqE&quot;)
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default &quot;https://api.github.com/repos/rclone/rclone-webui-react/releases/latest&quot;)
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don&#39;t open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-64">SEE ALSO</h2>
+<h1 id="see-also-65">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-rmdirs">rclone rmdirs</h1>
 <p>Remove empty directories under the path.</p>
-<h2 id="synopsis-57">Synopsis</h2>
+<h2 id="synopsis-58">Synopsis</h2>
 <p>This recursively removes any empty directories (including directories that only contain empty directories), that it finds under the path. The root path itself will also be removed if it is empty, unless you supply the <code>--leave-root</code> flag.</p>
 <p>Use command <a href="https://rclone.org/commands/rclone_rmdir/">rmdir</a> to delete just the empty directory given by path, not recurse.</p>
 <p>This is useful for tidying up remotes that rclone has left a lot of empty directories in. For example the <a href="https://rclone.org/commands/rclone_delete/">delete</a> command will delete files but leave the directory structure (unless used with option <code>--rmdirs</code>).</p>
-<p>To delete a path and any objects in it, use <a href="https://rclone.org/commands/rclone_purge/">purge</a> command.</p>
+<p>This will delete <code>--checkers</code> directories concurrently so if you have thousands of empty directories consider increasing this number.</p>
+<p>To delete a path and any objects in it, use the <a href="https://rclone.org/commands/rclone_purge/">purge</a> command.</p>
 <pre><code>rclone rmdirs remote:path [flags]</code></pre>
-<h2 id="options-65">Options</h2>
+<h2 id="options-66">Options</h2>
 <pre><code>  -h, --help         help for rmdirs
       --leave-root   Do not remove root directory if empty</code></pre>
+<h2 id="important-options-16">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-65">SEE ALSO</h2>
+<h1 id="see-also-66">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-selfupdate">rclone selfupdate</h1>
 <p>Update the rclone binary.</p>
-<h2 id="synopsis-58">Synopsis</h2>
-<p>This command downloads the latest release of rclone and replaces the currently running binary. The download is verified with a hashsum and cryptographically signed signature.</p>
+<h2 id="synopsis-59">Synopsis</h2>
+<p>This command downloads the latest release of rclone and replaces the currently running binary. The download is verified with a hashsum and cryptographically signed signature; see <a href="https://rclone.org/release_signing/">the release signing docs</a> for details.</p>
 <p>If used without flags (or with implied <code>--stable</code> flag), this command will install the latest stable release. However, some issues may be fixed (or features added) only in the latest beta release. In such cases you should run the command with the <code>--beta</code> flag, i.e. <code>rclone selfupdate --beta</code>. You can check in advance what version would be installed by adding the <code>--check</code> flag, then repeat the command without it when you are satisfied.</p>
 <p>Sometimes the rclone team may recommend you a concrete beta or stable rclone release to troubleshoot your issue or add a bleeding edge feature. The <code>--version VER</code> flag, if given, will update to the concrete version instead of the latest one. If you omit micro version from <code>VER</code> (for example <code>1.53</code>), the latest matching micro version will be used.</p>
 <p>Upon successful update rclone will print a message that contains a previous version number. You will need it if you later decide to revert your update for some reason. Then you'll have to note the previous version and run the following command: <code>rclone selfupdate [--beta] OLDVER</code>. If the old version contains only dots and digits (for example <code>v1.54.0</code>) then it's a stable release so you won't need the <code>--beta</code> flag. Beta releases have an additional information similar to <code>v1.54.0-beta.5111.06f1c0c61</code>. (if you are a developer and use a locally built rclone, the version number will end with <code>-DEV</code>, you will have to rebuild it as it obviously can't be distributed).</p>
 <p>If you previously installed rclone via a package manager, the package may include local documentation or configure services. You may wish to update with the flag <code>--package deb</code> or <code>--package rpm</code> (whichever is correct for your OS) to update these too. This command with the default <code>--package zip</code> will update only the rclone executable so the local manual may become inaccurate after it.</p>
-<p>The <code>rclone mount</code> command (https://rclone.org/commands/rclone_mount/) may or may not support extended FUSE options depending on the build and OS. <code>selfupdate</code> will refuse to update if the capability would be discarded.</p>
+<p>The <a href="https://rclone.org/commands/rclone_mount/">rclone mount</a> command may or may not support extended FUSE options depending on the build and OS. <code>selfupdate</code> will refuse to update if the capability would be discarded.</p>
 <p>Note: Windows forbids deletion of a currently running executable so this command will rename the old executable to 'rclone.old.exe' upon success.</p>
 <p>Please note that this command was not available before rclone version 1.55. If it fails for you with the message <code>unknown command "selfupdate"</code> then you will need to update manually following the install instructions located at https://rclone.org/install/</p>
 <pre><code>rclone selfupdate [flags]</code></pre>
-<h2 id="options-66">Options</h2>
+<h2 id="options-67">Options</h2>
 <pre><code>      --beta             Install beta release
       --check            Check for latest release, do not download
   -h, --help             help for selfupdate
@@ -2479,41 +3594,42 @@ <h2 id="options-66">Options</h2>
       --stable           Install stable release (this is the default)
       --version string   Install the given rclone version (default: latest)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-66">SEE ALSO</h2>
+<h1 id="see-also-67">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-serve">rclone serve</h1>
 <p>Serve a remote over a protocol.</p>
-<h2 id="synopsis-59">Synopsis</h2>
+<h2 id="synopsis-60">Synopsis</h2>
 <p>Serve a remote over a given protocol. Requires the use of a subcommand to specify the protocol, e.g.</p>
 <pre><code>rclone serve http remote:</code></pre>
 <p>Each subcommand has its own options which you can see in their help.</p>
 <pre><code>rclone serve &lt;protocol&gt; [opts] &lt;remote&gt; [flags]</code></pre>
-<h2 id="options-67">Options</h2>
+<h2 id="options-68">Options</h2>
 <pre><code>  -h, --help   help for serve</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-67">SEE ALSO</h2>
+<h1 id="see-also-68">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 <li><a href="https://rclone.org/commands/rclone_serve_dlna/">rclone serve dlna</a> - Serve remote:path over DLNA</li>
 <li><a href="https://rclone.org/commands/rclone_serve_docker/">rclone serve docker</a> - Serve any remote on docker's volume plugin API.</li>
 <li><a href="https://rclone.org/commands/rclone_serve_ftp/">rclone serve ftp</a> - Serve remote:path over FTP.</li>
 <li><a href="https://rclone.org/commands/rclone_serve_http/">rclone serve http</a> - Serve the remote over HTTP.</li>
+<li><a href="https://rclone.org/commands/rclone_serve_nfs/">rclone serve nfs</a> - Serve the remote as an NFS mount</li>
 <li><a href="https://rclone.org/commands/rclone_serve_restic/">rclone serve restic</a> - Serve the remote for restic's REST API.</li>
+<li><a href="https://rclone.org/commands/rclone_serve_s3/">rclone serve s3</a> - Serve remote:path over s3.</li>
 <li><a href="https://rclone.org/commands/rclone_serve_sftp/">rclone serve sftp</a> - Serve the remote over SFTP.</li>
 <li><a href="https://rclone.org/commands/rclone_serve_webdav/">rclone serve webdav</a> - Serve remote:path over WebDAV.</li>
 </ul>
 <h1 id="rclone-serve-dlna">rclone serve dlna</h1>
 <p>Serve remote:path over DLNA</p>
-<h2 id="synopsis-60">Synopsis</h2>
+<h2 id="synopsis-61">Synopsis</h2>
 <p>Run a DLNA media server for media stored in an rclone remote. Many devices, such as the Xbox and PlayStation, can automatically discover this server in the LAN and play audio/video from it. VLC is also supported. Service discovery uses UDP multicast packets (SSDP) and will thus only work on LANs.</p>
 <p>Rclone will list all files present in the remote, without filtering based on media formats or file extensions. Additionally, there is no media transcoding support. This means that some players might show files that they are not able to play back correctly.</p>
 <h2 id="server-options-1">Server options</h2>
 <p>Use <code>--addr</code> to specify which IP address and port the server should listen on, e.g. <code>--addr 1.2.3.4:8000</code> or <code>--addr :8080</code> to listen to all IPs.</p>
 <p>Use <code>--name</code> to choose the friendly server name, which is by default "rclone (hostname)".</p>
-<p>Use <code>--log-trace</code> in conjunction with <code>-vv</code> to enable additional debug logging of all UPNP traffic.</p>
-<h2 id="vfs---virtual-file-system-1">VFS - Virtual File System</h2>
+<p>Use <code>--log-trace</code> in conjunction with <code>-vv</code> to enable additional debug logging of all UPNP traffic. ## VFS - Virtual File System</p>
 <p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
 <p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
 <p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
@@ -2537,16 +3653,18 @@ <h2 id="vfs-file-caching-1">VFS File Caching</h2>
 <p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
 <p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
 <p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
-<pre><code>--cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)</code></pre>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
 <p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
 <p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
 <p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
-<p>If using <code>--vfs-cache-max-size</code> note that the cache may exceed this size for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
 <p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
 <h3 id="vfs-cache-mode-off-1">--vfs-cache-mode off</h3>
 <p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
@@ -2629,7 +3747,7 @@ <h2 id="alternate-report-of-used-bytes-1">Alternate report of used bytes</h2>
 <p>Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running <code>df</code> on the filesystem, then pass the flag <code>--vfs-used-is-size</code> to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to <code>rclone size</code> and compute the total used space itself.</p>
 <p><em>WARNING.</em> Contrary to <code>rclone size</code>, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.</p>
 <pre><code>rclone serve dlna remote:path [flags]</code></pre>
-<h2 id="options-68">Options</h2>
+<h2 id="options-69">Options</h2>
 <pre><code>      --addr string                            The ip:port or :port to bind the DLNA http server to (default &quot;:7879&quot;)
       --announce-interval Duration             The interval between SSDP announcements (default 12m0s)
       --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
@@ -2647,8 +3765,9 @@ <h2 id="options-68">Options</h2>
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -2658,25 +3777,49 @@ <h2 id="options-68">Options</h2>
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<h2 id="filter-options-22">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-68">SEE ALSO</h2>
+<h1 id="see-also-69">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
 </ul>
 <h1 id="rclone-serve-docker">rclone serve docker</h1>
 <p>Serve any remote on docker's volume plugin API.</p>
-<h2 id="synopsis-61">Synopsis</h2>
+<h2 id="synopsis-62">Synopsis</h2>
 <p>This command implements the Docker volume plugin API allowing docker to use rclone as a data storage mechanism for various cloud providers. rclone provides <a href="/docker">docker volume plugin</a> based on it.</p>
 <p>To create a docker plugin, one must create a Unix or TCP socket that Docker will look for when you use the plugin and then it listens for commands from docker daemon and runs the corresponding code when necessary. Docker plugins can run as a managed plugin under control of the docker daemon or as an independent native service. For testing, you can just run it directly from the command line, for example:</p>
 <pre><code>sudo rclone serve docker --base-dir /tmp/rclone-volumes --socket-addr localhost:8787 -vv</code></pre>
 <p>Running <code>rclone serve docker</code> will create the said socket, listening for commands from Docker to create the necessary Volumes. Normally you need not give the <code>--socket-addr</code> flag. The API will listen on the unix domain socket at <code>/run/docker/plugins/rclone.sock</code>. In the example above rclone will create a TCP socket and a small file <code>/etc/docker/plugins/rclone.spec</code> containing the socket address. We use <code>sudo</code> because both paths are writeable only by the root user.</p>
 <p>If you later decide to change listening socket, the docker daemon must be restarted to reconnect to <code>/run/docker/plugins/rclone.sock</code> or parse new <code>/etc/docker/plugins/rclone.spec</code>. Until you restart, any volume related docker commands will timeout trying to access the old socket. Running directly is supported on <strong>Linux only</strong>, not on Windows or MacOS. This is not a problem with managed plugin mode described in details in the <a href="https://rclone.org/docker">full documentation</a>.</p>
 <p>The command will create volume mounts under the path given by <code>--base-dir</code> (by default <code>/var/lib/docker-volumes/rclone</code> available only to root) and maintain the JSON formatted file <code>docker-plugin.state</code> in the rclone cache directory with book-keeping records of created and mounted volumes.</p>
-<p>All mount and VFS options are submitted by the docker daemon via API, but you can also provide defaults on the command line as well as set path to the config file and cache directory or adjust logging verbosity.</p>
-<h2 id="vfs---virtual-file-system-2">VFS - Virtual File System</h2>
+<p>All mount and VFS options are submitted by the docker daemon via API, but you can also provide defaults on the command line as well as set path to the config file and cache directory or adjust logging verbosity. ## VFS - Virtual File System</p>
 <p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
 <p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
 <p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
@@ -2700,16 +3843,18 @@ <h2 id="vfs-file-caching-2">VFS File Caching</h2>
 <p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
 <p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
 <p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
-<pre><code>--cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)</code></pre>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
 <p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
 <p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
 <p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
-<p>If using <code>--vfs-cache-max-size</code> note that the cache may exceed this size for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
 <p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
 <h3 id="vfs-cache-mode-off-2">--vfs-cache-mode off</h3>
 <p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
@@ -2792,7 +3937,7 @@ <h2 id="alternate-report-of-used-bytes-2">Alternate report of used bytes</h2>
 <p>Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running <code>df</code> on the filesystem, then pass the flag <code>--vfs-used-is-size</code> to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to <code>rclone size</code> and compute the total used space itself.</p>
 <p><em>WARNING.</em> Contrary to <code>rclone size</code>, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.</p>
 <pre><code>rclone serve docker [flags]</code></pre>
-<h2 id="options-69">Options</h2>
+<h2 id="options-70">Options</h2>
 <pre><code>      --allow-non-empty                        Allow mounting over a non-empty directory (not supported on Windows)
       --allow-other                            Allow access to other users (not supported on Windows)
       --allow-root                             Allow access to root user (not supported on Windows)
@@ -2813,6 +3958,7 @@ <h2 id="options-69">Options</h2>
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for docker
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don&#39;t compare checksums on up/download
       --no-modtime                             Don&#39;t read/write the modification time (can speed things up)
@@ -2827,8 +3973,9 @@ <h2 id="options-69">Options</h2>
       --socket-gid int                         GID for unix socket (default: current process GID) (default 1000)
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -2838,27 +3985,51 @@ <h2 id="options-69">Options</h2>
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
       --volname string                         Set the volume name (supported on Windows and OSX only)
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)</code></pre>
+<h2 id="filter-options-23">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-69">SEE ALSO</h2>
+<h1 id="see-also-70">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
 </ul>
 <h1 id="rclone-serve-ftp">rclone serve ftp</h1>
 <p>Serve remote:path over FTP.</p>
-<h2 id="synopsis-62">Synopsis</h2>
+<h2 id="synopsis-63">Synopsis</h2>
 <p>Run a basic FTP server to serve a remote over FTP protocol. This can be viewed with a FTP client or you can make a remote of type FTP to read and write it.</p>
 <h2 id="server-options-2">Server options</h2>
 <p>Use --addr to specify which IP address and port the server should listen on, e.g. --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
 <p>If you set --addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
 <h3 id="authentication-1">Authentication</h3>
 <p>By default this will serve files without needing a login.</p>
-<p>You can set a single username and password with the --user and --pass flags.</p>
-<h2 id="vfs---virtual-file-system-3">VFS - Virtual File System</h2>
+<p>You can set a single username and password with the --user and --pass flags. ## VFS - Virtual File System</p>
 <p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
 <p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
 <p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
@@ -2882,16 +4053,18 @@ <h2 id="vfs-file-caching-3">VFS File Caching</h2>
 <p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
 <p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
 <p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
-<pre><code>--cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)</code></pre>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
 <p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
 <p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
 <p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
-<p>If using <code>--vfs-cache-max-size</code> note that the cache may exceed this size for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
 <p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
 <h3 id="vfs-cache-mode-off-3">--vfs-cache-mode off</h3>
 <p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
@@ -3004,7 +4177,7 @@ <h2 id="auth-proxy">Auth Proxy</h2>
 <p>Note that an internal cache is keyed on <code>user</code> so only use that for configuration, don't use <code>pass</code> or <code>public_key</code>. This also means that if a user's password or public-key is changed the cache will need to expire (which takes 5 mins) before it takes effect.</p>
 <p>This can be used to build general purpose proxies to any kind of backend that rclone supports.</p>
 <pre><code>rclone serve ftp remote:path [flags]</code></pre>
-<h2 id="options-70">Options</h2>
+<h2 id="options-71">Options</h2>
 <pre><code>      --addr string                            IPaddress:Port or :Port to bind server to (default &quot;localhost:2121&quot;)
       --auth-proxy string                      A program to use to create the backend from the auth
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -3025,8 +4198,9 @@ <h2 id="options-70">Options</h2>
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication (default &quot;anonymous&quot;)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -3036,17 +4210,42 @@ <h2 id="options-70">Options</h2>
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<h2 id="filter-options-24">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-70">SEE ALSO</h2>
+<h1 id="see-also-71">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
 </ul>
 <h1 id="rclone-serve-http">rclone serve http</h1>
 <p>Serve the remote over HTTP.</p>
-<h2 id="synopsis-63">Synopsis</h2>
+<h2 id="synopsis-64">Synopsis</h2>
 <p>Run a basic web server to serve a remote over HTTP. This can be viewed in a web browser or you can make a remote of type http read from it.</p>
 <p>You can use the filter flags (e.g. <code>--include</code>, <code>--exclude</code>) to control what is served.</p>
 <p>The server will log errors. Use <code>-v</code> to see access logs.</p>
@@ -3143,9 +4342,41 @@ <h3 id="template-1">Template</h3>
 </tr>
 </tbody>
 </table>
+<p>The server also makes the following functions available so that they can be used within the template. These functions help extend the options for dynamic rendering of HTML. They can be used to render HTML based on specific conditions.</p>
+<table>
+<colgroup>
+<col style="width: 50%" />
+<col style="width: 50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th style="text-align: left;">Function</th>
+<th style="text-align: left;">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="text-align: left;">afterEpoch</td>
+<td style="text-align: left;">Returns the time since the epoch for the given time.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">contains</td>
+<td style="text-align: left;">Checks whether a given substring is present or not in a given string.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">hasPrefix</td>
+<td style="text-align: left;">Checks whether the given string begins with the specified prefix.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">hasSuffix</td>
+<td style="text-align: left;">Checks whether the given string end with the specified suffix.</td>
+</tr>
+</tbody>
+</table>
 <h3 id="authentication-2">Authentication</h3>
 <p>By default this will serve files without needing a login.</p>
 <p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the <code>--user</code> and <code>--pass</code> flags.</p>
+<p>If no static users are configured by either of the above methods, and client certificates are required by the <code>--client-ca</code> flag passed to the server, the client certificate common name will be considered as the username.</p>
 <p>Use <code>--htpasswd /path/to/htpasswd</code> to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
 <p>To create an htpasswd file:</p>
 <pre><code>touch htpasswd
@@ -3153,8 +4384,7 @@ <h3 id="authentication-2">Authentication</h3>
 htpasswd -B htpasswd anotherUser</code></pre>
 <p>The password file can be updated while rclone is running.</p>
 <p>Use <code>--realm</code> to set the authentication realm.</p>
-<p>Use <code>--salt</code> to change the password hashing salt from the default.</p>
-<h2 id="vfs---virtual-file-system-4">VFS - Virtual File System</h2>
+<p>Use <code>--salt</code> to change the password hashing salt from the default. ## VFS - Virtual File System</p>
 <p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
 <p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
 <p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
@@ -3178,16 +4408,18 @@ <h2 id="vfs-file-caching-4">VFS File Caching</h2>
 <p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
 <p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
 <p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
-<pre><code>--cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)</code></pre>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
 <p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
 <p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
 <p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
-<p>If using <code>--vfs-cache-max-size</code> note that the cache may exceed this size for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
 <p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
 <h3 id="vfs-cache-mode-off-4">--vfs-cache-mode off</h3>
 <p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
@@ -3300,8 +4532,9 @@ <h2 id="auth-proxy-1">Auth Proxy</h2>
 <p>Note that an internal cache is keyed on <code>user</code> so only use that for configuration, don't use <code>pass</code> or <code>public_key</code>. This also means that if a user's password or public-key is changed the cache will need to expire (which takes 5 mins) before it takes effect.</p>
 <p>This can be used to build general purpose proxies to any kind of backend that rclone supports.</p>
 <pre><code>rclone serve http remote:path [flags]</code></pre>
-<h2 id="options-71">Options</h2>
+<h2 id="options-72">Options</h2>
 <pre><code>      --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
       --auth-proxy string                      A program to use to create the backend from the auth
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -3329,8 +4562,9 @@ <h2 id="options-71">Options</h2>
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -3340,42 +4574,258 @@ <h2 id="options-71">Options</h2>
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<h2 id="filter-options-25">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-71">SEE ALSO</h2>
+<h1 id="see-also-72">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
 </ul>
-<h1 id="rclone-serve-restic">rclone serve restic</h1>
-<p>Serve the remote for restic's REST API.</p>
-<h2 id="synopsis-64">Synopsis</h2>
-<p>Run a basic web server to serve a remote over restic's REST backend API over HTTP. This allows restic to use rclone as a data storage mechanism for cloud providers that restic does not support directly.</p>
-<p><a href="https://restic.net/">Restic</a> is a command-line program for doing backups.</p>
-<p>The server will log errors. Use -v to see access logs.</p>
-<p><code>--bwlimit</code> will be respected for file transfers. Use <code>--stats</code> to control the stats printing.</p>
-<h2 id="setting-up-rclone-for-use-by-restic">Setting up rclone for use by restic</h2>
-<p>First <a href="https://rclone.org/docs/#configure">set up a remote for your chosen cloud provider</a>.</p>
-<p>Once you have set up the remote, check it is working with, for example "rclone lsd remote:". You may have called the remote something other than "remote:" - just substitute whatever you called it in the following instructions.</p>
-<p>Now start the rclone restic server</p>
-<pre><code>rclone serve restic -v remote:backup</code></pre>
-<p>Where you can replace "backup" in the above by whatever path in the remote you wish to use.</p>
-<p>By default this will serve on "localhost:8080" you can change this with use of the <code>--addr</code> flag.</p>
-<p>You might wish to start this server on boot.</p>
-<p>Adding <code>--cache-objects=false</code> will cause rclone to stop caching objects returned from the List call. Caching is normally desirable as it speeds up downloading objects, saves transactions and uses very little memory.</p>
-<h2 id="setting-up-restic-to-use-rclone">Setting up restic to use rclone</h2>
-<p>Now you can <a href="http://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server">follow the restic instructions</a> on setting up restic.</p>
-<p>Note that you will need restic 0.8.2 or later to interoperate with rclone.</p>
-<p>For the example above you will want to use "http://localhost:8080/" as the URL for the REST server.</p>
-<p>For example:</p>
-<pre><code>$ export RESTIC_REPOSITORY=rest:http://localhost:8080/
-$ export RESTIC_PASSWORD=yourpassword
-$ restic init
-created restic backend 8b1a4b56ae at rest:http://localhost:8080/
-
-Please note that knowledge of your password is required to access
-the repository. Losing your password means that your data is
+<h1 id="rclone-serve-nfs">rclone serve nfs</h1>
+<p>Serve the remote as an NFS mount</p>
+<h2 id="synopsis-65">Synopsis</h2>
+<p>Create an NFS server that serves the given remote over the network.</p>
+<p>The primary purpose for this command is to enable <a href="https://rclone.org/commands/rclone_mount/">mount command</a> on recent macOS versions where installing FUSE is very cumbersome.</p>
+<p>Since this is running on NFSv3, no authentication method is available. Any client will be able to access the data. To limit access, you can use serve NFS on loopback address and rely on secure tunnels (such as SSH). For this reason, by default, a random TCP port is chosen and loopback interface is used for the listening address; meaning that it is only available to the local machine. If you want other machines to access the NFS mount over local network, you need to specify the listening address and port using <code>--addr</code> flag.</p>
+<p>Modifying files through NFS protocol requires VFS caching. Usually you will need to specify <code>--vfs-cache-mode</code> in order to be able to write to the mountpoint (full is recommended). If you don't specify VFS cache mode, the mount will be read-only.</p>
+<p>To serve NFS over the network use following command:</p>
+<pre><code>rclone serve nfs remote: --addr 0.0.0.0:$PORT --vfs-cache-mode=full</code></pre>
+<p>We specify a specific port that we can use in the mount command:</p>
+<p>To mount the server under Linux/macOS, use the following command:</p>
+<pre><code>mount -oport=$PORT,mountport=$PORT $HOSTNAME: path/to/mountpoint</code></pre>
+<p>Where <code>$PORT</code> is the same port number we used in the serve nfs command.</p>
+<p>This feature is only available on Unix platforms.</p>
+<h2 id="vfs---virtual-file-system">VFS - Virtual File System</h2>
+<p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
+<p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
+<p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
+<h2 id="vfs-directory-cache-5">VFS Directory Cache</h2>
+<p>Using the <code>--dir-cache-time</code> flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the VFS will appear immediately or invalidate the cache.</p>
+<pre><code>--dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+--poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)</code></pre>
+<p>However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.</p>
+<p>You can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
+<pre><code>kill -SIGHUP $(pidof rclone)</code></pre>
+<p>If you configure rclone with a <a href="/rc">remote control</a> then you can use rclone rc to flush the whole directory cache:</p>
+<pre><code>rclone rc vfs/forget</code></pre>
+<p>Or individual files or directories:</p>
+<pre><code>rclone rc vfs/forget file=path/to/file dir=path/to/dir</code></pre>
+<h2 id="vfs-file-buffering-5">VFS File Buffering</h2>
+<p>The <code>--buffer-size</code> flag determines the amount of memory, that will be used to buffer data in advance.</p>
+<p>Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.</p>
+<p>This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.</p>
+<p>The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
+<h2 id="vfs-file-caching-5">VFS File Caching</h2>
+<p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
+<p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
+<p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
+<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
+<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
+<p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
+<p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
+<h3 id="vfs-cache-mode-off-5">--vfs-cache-mode off</h3>
+<p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
+<p>This will mean some operations are not possible</p>
+<ul>
+<li>Files can't be opened for both read AND write</li>
+<li>Files opened for write can't be seeked</li>
+<li>Existing files opened for write must have O_TRUNC set</li>
+<li>Files open for read with O_TRUNC will be opened write only</li>
+<li>Files open for write only will behave as if O_TRUNC was supplied</li>
+<li>Open modes O_APPEND, O_TRUNC are ignored</li>
+<li>If an upload fails it can't be retried</li>
+</ul>
+<h3 id="vfs-cache-mode-minimal-5">--vfs-cache-mode minimal</h3>
+<p>This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
+<p>These operations are not possible</p>
+<ul>
+<li>Files opened for write only can't be seeked</li>
+<li>Existing files opened for write must have O_TRUNC set</li>
+<li>Files opened for write only will ignore O_APPEND, O_TRUNC</li>
+<li>If an upload fails it can't be retried</li>
+</ul>
+<h3 id="vfs-cache-mode-writes-5">--vfs-cache-mode writes</h3>
+<p>In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.</p>
+<p>This mode should support all normal file system operations.</p>
+<p>If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.</p>
+<h3 id="vfs-cache-mode-full-5">--vfs-cache-mode full</h3>
+<p>In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.</p>
+<p>In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.</p>
+<p>So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.</p>
+<p>This mode should support all normal file system operations and is otherwise identical to <code>--vfs-cache-mode</code> writes.</p>
+<p>When reading a file rclone will read <code>--buffer-size</code> plus <code>--vfs-read-ahead</code> bytes ahead. The <code>--buffer-size</code> is buffered in memory whereas the <code>--vfs-read-ahead</code> is buffered on disk.</p>
+<p>When using this mode it is recommended that <code>--buffer-size</code> is not set too large and <code>--vfs-read-ahead</code> is set large if required.</p>
+<p><strong>IMPORTANT</strong> not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.</p>
+<h3 id="fingerprinting-5">Fingerprinting</h3>
+<p>Various parts of the VFS use fingerprinting to see if a local file copy has changed relative to a remote file. Fingerprints are made from:</p>
+<ul>
+<li>size</li>
+<li>modification time</li>
+<li>hash</li>
+</ul>
+<p>where available on an object.</p>
+<p>On some backends some of these attributes are slow to read (they take an extra API call per object, or extra work per object).</p>
+<p>For example <code>hash</code> is slow with the <code>local</code> and <code>sftp</code> backends as they have to read the entire file and hash it, and <code>modtime</code> is slow with the <code>s3</code>, <code>swift</code>, <code>ftp</code> and <code>qinqstor</code> backends because they need to do an extra API call to fetch it.</p>
+<p>If you use the <code>--vfs-fast-fingerprint</code> flag then rclone will not include the slow operations in the fingerprint. This makes the fingerprinting less accurate but much faster and will improve the opening time of cached files.</p>
+<p>If you are running a vfs cache over <code>local</code>, <code>s3</code> or <code>swift</code> backends then using this flag is recommended.</p>
+<p>Note that if you change the value of this flag, the fingerprints of the files in the cache may be invalidated and the files will need to be downloaded again.</p>
+<h2 id="vfs-chunked-reading-5">VFS Chunked Reading</h2>
+<p>When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This can reduce the used download quota for some remotes by requesting only chunks from the remote that are actually read, at the cost of an increased number of requests.</p>
+<p>These flags control the chunking:</p>
+<pre><code>--vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+--vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)</code></pre>
+<p>Rclone will start reading a chunk of size <code>--vfs-read-chunk-size</code>, and then double the size for each read. When <code>--vfs-read-chunk-size-limit</code> is specified, and greater than <code>--vfs-read-chunk-size</code>, the chunk size for each open file will get doubled only until the specified value is reached. If the value is "off", which is the default, the limit is disabled and the chunk size will grow indefinitely.</p>
+<p>With <code>--vfs-read-chunk-size 100M</code> and <code>--vfs-read-chunk-size-limit 0</code> the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on. When <code>--vfs-read-chunk-size-limit 500M</code> is specified, the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.</p>
+<p>Setting <code>--vfs-read-chunk-size</code> to <code>0</code> or "off" disables chunked reading.</p>
+<h2 id="vfs-performance-5">VFS Performance</h2>
+<p>These flags may be used to enable/disable features of the VFS for performance or other reasons. See also the <a href="#vfs-chunked-reading">chunked reading</a> feature.</p>
+<p>In particular S3 and Swift benefit hugely from the <code>--no-modtime</code> flag (or use <code>--use-server-modtime</code> for a slightly different effect) as each read of the modification time takes a transaction.</p>
+<pre><code>--no-checksum     Don&#39;t compare checksums on up/download.
+--no-modtime      Don&#39;t read/write the modification time (can speed things up).
+--no-seek         Don&#39;t allow seeking in files.
+--read-only       Only allow read-only access.</code></pre>
+<p>Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.</p>
+<pre><code>--vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+--vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<p>When using VFS write caching (<code>--vfs-cache-mode</code> with value writes or full), the global flag <code>--transfers</code> can be set to adjust the number of parallel uploads of modified files from the cache (the related global flag <code>--checkers</code> has no effect on the VFS).</p>
+<pre><code>--transfers int  Number of file transfers to run in parallel (default 4)</code></pre>
+<h2 id="vfs-case-sensitivity-5">VFS Case Sensitivity</h2>
+<p>Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.</p>
+<p>File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.</p>
+<p>Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default.</p>
+<p>The <code>--vfs-case-insensitive</code> VFS flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the remote as-is. If the flag is "true" (or appears without a value on the command line), rclone may perform a "fixup" as explained below.</p>
+<p>The user may specify a file name to open/delete/rename/etc with a case different than what is stored on the remote. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by the underlying remote.</p>
+<p>Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system presented by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.</p>
+<p>If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".</p>
+<h2 id="vfs-disk-options-5">VFS Disk Options</h2>
+<p>This flag allows you to manually set the statistics about the filing system. It can be useful when those statistics cannot be read correctly automatically.</p>
+<pre><code>--vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)</code></pre>
+<h2 id="alternate-report-of-used-bytes-5">Alternate report of used bytes</h2>
+<p>Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running <code>df</code> on the filesystem, then pass the flag <code>--vfs-used-is-size</code> to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to <code>rclone size</code> and compute the total used space itself.</p>
+<p><em>WARNING.</em> Contrary to <code>rclone size</code>, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.</p>
+<pre><code>rclone serve nfs remote:path [flags]</code></pre>
+<h2 id="options-73">Options</h2>
+<pre><code>      --addr string                            IPaddress:Port or :Port to bind server to
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --file-perms FileMode                    File permissions (default 0666)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for nfs
+      --no-checksum                            Don&#39;t compare checksums on up/download
+      --no-modtime                             Don&#39;t read/write the modification time (can speed things up)
+      --no-seek                                Don&#39;t allow seeking in files
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<h2 id="filter-options-26">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
+<h1 id="see-also-73">SEE ALSO</h1>
+<ul>
+<li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
+</ul>
+<h1 id="rclone-serve-restic">rclone serve restic</h1>
+<p>Serve the remote for restic's REST API.</p>
+<h2 id="synopsis-66">Synopsis</h2>
+<p>Run a basic web server to serve a remote over restic's REST backend API over HTTP. This allows restic to use rclone as a data storage mechanism for cloud providers that restic does not support directly.</p>
+<p><a href="https://restic.net/">Restic</a> is a command-line program for doing backups.</p>
+<p>The server will log errors. Use -v to see access logs.</p>
+<p><code>--bwlimit</code> will be respected for file transfers. Use <code>--stats</code> to control the stats printing.</p>
+<h2 id="setting-up-rclone-for-use-by-restic">Setting up rclone for use by restic</h2>
+<p>First <a href="https://rclone.org/docs/#configure">set up a remote for your chosen cloud provider</a>.</p>
+<p>Once you have set up the remote, check it is working with, for example "rclone lsd remote:". You may have called the remote something other than "remote:" - just substitute whatever you called it in the following instructions.</p>
+<p>Now start the rclone restic server</p>
+<pre><code>rclone serve restic -v remote:backup</code></pre>
+<p>Where you can replace "backup" in the above by whatever path in the remote you wish to use.</p>
+<p>By default this will serve on "localhost:8080" you can change this with use of the <code>--addr</code> flag.</p>
+<p>You might wish to start this server on boot.</p>
+<p>Adding <code>--cache-objects=false</code> will cause rclone to stop caching objects returned from the List call. Caching is normally desirable as it speeds up downloading objects, saves transactions and uses very little memory.</p>
+<h2 id="setting-up-restic-to-use-rclone">Setting up restic to use rclone</h2>
+<p>Now you can <a href="http://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server">follow the restic instructions</a> on setting up restic.</p>
+<p>Note that you will need restic 0.8.2 or later to interoperate with rclone.</p>
+<p>For the example above you will want to use "http://localhost:8080/" as the URL for the REST server.</p>
+<p>For example:</p>
+<pre><code>$ export RESTIC_REPOSITORY=rest:http://localhost:8080/
+$ export RESTIC_PASSWORD=yourpassword
+$ restic init
+created restic backend 8b1a4b56ae at rest:http://localhost:8080/
+
+Please note that knowledge of your password is required to access
+the repository. Losing your password means that your data is
 irrecoverably lost.
 $ restic backup /path/to/files/to/backup
 scan [/path/to/files/to/backup]
@@ -3406,6 +4856,7 @@ <h3 id="tls-ssl-2">TLS (SSL)</h3>
 <h3 id="authentication-3">Authentication</h3>
 <p>By default this will serve files without needing a login.</p>
 <p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the <code>--user</code> and <code>--pass</code> flags.</p>
+<p>If no static users are configured by either of the above methods, and client certificates are required by the <code>--client-ca</code> flag passed to the server, the client certificate common name will be considered as the username.</p>
 <p>Use <code>--htpasswd /path/to/htpasswd</code> to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
 <p>To create an htpasswd file:</p>
 <pre><code>touch htpasswd
@@ -3415,8 +4866,9 @@ <h3 id="authentication-3">Authentication</h3>
 <p>Use <code>--realm</code> to set the authentication realm.</p>
 <p>Use <code>--salt</code> to change the password hashing salt from the default.</p>
 <pre><code>rclone serve restic remote:path [flags]</code></pre>
-<h2 id="options-72">Options</h2>
+<h2 id="options-74">Options</h2>
 <pre><code>      --addr stringArray                IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string             Origin which cross-domain request (CORS) can be executed from
       --append-only                     Disallow deletion of repository data
       --baseurl string                  Prefix for URLs - leave blank for root
       --cache-objects                   Cache listed objects (default true)
@@ -3436,32 +4888,84 @@ <h2 id="options-72">Options</h2>
       --stdio                           Run an HTTP2 server on stdin/stdout
       --user string                     User name for authentication</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-72">SEE ALSO</h2>
+<h1 id="see-also-74">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
 </ul>
-<h1 id="rclone-serve-sftp">rclone serve sftp</h1>
-<p>Serve the remote over SFTP.</p>
-<h2 id="synopsis-65">Synopsis</h2>
-<p>Run an SFTP server to serve a remote over SFTP. This can be used with an SFTP client or you can make a remote of type <a href="/sftp">sftp</a> to use with it.</p>
-<p>You can use the <a href="/filtering">filter</a> flags (e.g. <code>--include</code>, <code>--exclude</code>) to control what is served.</p>
-<p>The server will respond to a small number of shell commands, mainly md5sum, sha1sum and df, which enable it to provide support for checksums and the about feature when accessed from an sftp remote.</p>
-<p>Note that this server uses standard 32 KiB packet payload size, which means you must not configure the client to expect anything else, e.g. with the <a href="https://rclone.org/sftp/#sftp-chunk-size">chunk_size</a> option on an sftp remote.</p>
-<p>The server will log errors. Use <code>-v</code> to see access logs.</p>
-<p><code>--bwlimit</code> will be respected for file transfers. Use <code>--stats</code> to control the stats printing.</p>
-<p>You must provide some means of authentication, either with <code>--user</code>/<code>--pass</code>, an authorized keys file (specify location with <code>--authorized-keys</code> - the default is the same as ssh), an <code>--auth-proxy</code>, or set the <code>--no-auth</code> flag for no authentication when logging in.</p>
-<p>If you don't supply a host <code>--key</code> then rclone will generate rsa, ecdsa and ed25519 variants, and cache them for later use in rclone's cache directory (see <code>rclone help flags cache-dir</code>) in the "serve-sftp" directory.</p>
-<p>By default the server binds to localhost:2022 - if you want it to be reachable externally then supply <code>--addr :2022</code> for example.</p>
-<p>Note that the default of <code>--vfs-cache-mode off</code> is fine for the rclone sftp backend, but it may not be with other SFTP clients.</p>
-<p>If <code>--stdio</code> is specified, rclone will serve SFTP over stdio, which can be used with sshd via ~/.ssh/authorized_keys, for example:</p>
-<pre><code>restrict,command=&quot;rclone serve sftp --stdio ./photos&quot; ssh-rsa ...</code></pre>
-<p>On the client you need to set <code>--transfers 1</code> when using <code>--stdio</code>. Otherwise multiple instances of the rclone server are started by OpenSSH which can lead to "corrupted on transfer" errors. This is the case because the client chooses indiscriminately which server to send commands to while the servers all have different views of the state of the filing system.</p>
-<p>The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from beeing used. Omitting "restrict" and using <code>--sftp-path-override</code> to enable checksumming is possible but less secure and you could use the SFTP server provided by OpenSSH in this case.</p>
-<h2 id="vfs---virtual-file-system-5">VFS - Virtual File System</h2>
+<h1 id="rclone-serve-s3">rclone serve s3</h1>
+<p>Serve remote:path over s3.</p>
+<h2 id="synopsis-67">Synopsis</h2>
+<p><code>serve s3</code> implements a basic s3 server that serves a remote via s3. This can be viewed with an s3 client, or you can make an <a href="https://rclone.org/s3/">s3 type remote</a> to read and write to it with rclone.</p>
+<p><code>serve s3</code> is considered <strong>Experimental</strong> so use with care.</p>
+<p>S3 server supports Signature Version 4 authentication. Just use <code>--auth-key accessKey,secretKey</code> and set the <code>Authorization</code> header correctly in the request. (See the <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">AWS docs</a>).</p>
+<p><code>--auth-key</code> can be repeated for multiple auth pairs. If <code>--auth-key</code> is not provided then <code>serve s3</code> will allow anonymous access.</p>
+<p>Please note that some clients may require HTTPS endpoints. See <a href="#ssl-tls">the SSL docs</a> for more information.</p>
+<p>This command uses the <a href="#vfs-virtual-file-system">VFS directory cache</a>. All the functionality will work with <code>--vfs-cache-mode off</code>. Using <code>--vfs-cache-mode full</code> (or <code>writes</code>) can be used to cache objects locally to improve performance.</p>
+<p>Use <code>--force-path-style=false</code> if you want to use the bucket name as a part of the hostname (such as mybucket.local)</p>
+<p>Use <code>--etag-hash</code> if you want to change the hash uses for the <code>ETag</code>. Note that using anything other than <code>MD5</code> (the default) is likely to cause problems for S3 clients which rely on the Etag being the MD5.</p>
+<h2 id="quickstart-1">Quickstart</h2>
+<p>For a simple set up, to serve <code>remote:path</code> over s3, run the server like this:</p>
+<pre><code>rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path</code></pre>
+<p>This will be compatible with an rclone remote which is defined like this:</p>
+<pre><code>[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false</code></pre>
+<p>Note that setting <code>disable_multipart_uploads = true</code> is to work around <a href="#bugs">a bug</a> which will be fixed in due course.</p>
+<h2 id="bugs">Bugs</h2>
+<p>When uploading multipart files <code>serve s3</code> holds all the parts in memory (see <a href="https://github.com/rclone/rclone/issues/7453">#7453</a>). This is a limitaton of the library rclone uses for serving S3 and will hopefully be fixed at some point.</p>
+<p>Multipart server side copies do not work (see <a href="https://github.com/rclone/rclone/issues/7454">#7454</a>). These take a very long time and eventually fail. The default threshold for multipart server side copies is 5G which is the maximum it can be, so files above this side will fail to be server side copied.</p>
+<p>For a current list of <code>serve s3</code> bugs see the <a href="https://github.com/rclone/rclone/labels/serve%20s3">serve s3</a> bug category on GitHub.</p>
+<h2 id="limitations-1">Limitations</h2>
+<p><code>serve s3</code> will treat all directories in the root as buckets and ignore all files in the root. You can use <code>CreateBucket</code> to create folders under the root, but you can't create empty folders under other folders not in the root.</p>
+<p>When using <code>PutObject</code> or <code>DeleteObject</code>, rclone will automatically create or clean up empty folders. If you don't want to clean up empty folders automatically, use <code>--no-cleanup</code>.</p>
+<p>When using <code>ListObjects</code>, rclone will use <code>/</code> when the delimiter is empty. This reduces backend requests with no effect on most operations, but if the delimiter is something other than <code>/</code> and empty, rclone will do a full recursive search of the backend, which can take some time.</p>
+<p>Versioning is not currently supported.</p>
+<p>Metadata will only be saved in memory other than the rclone <code>mtime</code> metadata which will be set as the modification time of the file.</p>
+<h2 id="supported-operations">Supported operations</h2>
+<p><code>serve s3</code> currently supports the following operations.</p>
+<ul>
+<li>Bucket
+<ul>
+<li><code>ListBuckets</code></li>
+<li><code>CreateBucket</code></li>
+<li><code>DeleteBucket</code></li>
+</ul></li>
+<li>Object
+<ul>
+<li><code>HeadObject</code></li>
+<li><code>ListObjects</code></li>
+<li><code>GetObject</code></li>
+<li><code>PutObject</code></li>
+<li><code>DeleteObject</code></li>
+<li><code>DeleteObjects</code></li>
+<li><code>CreateMultipartUpload</code></li>
+<li><code>CompleteMultipartUpload</code></li>
+<li><code>AbortMultipartUpload</code></li>
+<li><code>CopyObject</code></li>
+<li><code>UploadPart</code></li>
+</ul></li>
+</ul>
+<p>Other operations will return error <code>Unimplemented</code>.</p>
+<h2 id="server-options-5">Server options</h2>
+<p>Use <code>--addr</code> to specify which IP address and port the server should listen on, eg <code>--addr 1.2.3.4:8000</code> or <code>--addr :8080</code> to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
+<p>If you set <code>--addr</code> to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
+<p>You can use a unix socket by setting the url to <code>unix:///path/to/socket</code> or just by using an absolute path name. Note that unix sockets bypass the authentication - this is expected to be done with file system permissions.</p>
+<p><code>--addr</code> may be repeated to listen on multiple IPs/ports/sockets.</p>
+<p><code>--server-read-timeout</code> and <code>--server-write-timeout</code> can be used to control the timeouts on the server. Note that this is the total time for a transfer.</p>
+<p><code>--max-header-bytes</code> controls the maximum number of bytes the server will accept in the HTTP header.</p>
+<p><code>--baseurl</code> controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used <code>--baseurl "/rclone"</code> then rclone would serve from a URL starting with "/rclone/". This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing "/" on <code>--baseurl</code>, so <code>--baseurl "rclone"</code>, <code>--baseurl "/rclone"</code> and <code>--baseurl "/rclone/"</code> are all treated identically.</p>
+<h3 id="tls-ssl-3">TLS (SSL)</h3>
+<p>By default this will serve over http. If you want you can serve over https. You will need to supply the <code>--cert</code> and <code>--key</code> flags. If you wish to do client side certificate validation then you will need to supply <code>--client-ca</code> also.</p>
+<p><code>--cert</code> should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. <code>--key</code> should be the PEM encoded private key and <code>--client-ca</code> should be the PEM encoded client certificate authority certificate.</p>
+<p>--min-tls-version is minimum TLS version that is acceptable. Valid values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0"). ## VFS - Virtual File System</p>
 <p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
 <p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
 <p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
-<h2 id="vfs-directory-cache-5">VFS Directory Cache</h2>
+<h2 id="vfs-directory-cache-6">VFS Directory Cache</h2>
 <p>Using the <code>--dir-cache-time</code> flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the VFS will appear immediately or invalidate the cache.</p>
 <pre><code>--dir-cache-time duration   Time to cache directory entries for (default 5m0s)
 --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)</code></pre>
@@ -3472,27 +4976,29 @@ <h2 id="vfs-directory-cache-5">VFS Directory Cache</h2>
 <pre><code>rclone rc vfs/forget</code></pre>
 <p>Or individual files or directories:</p>
 <pre><code>rclone rc vfs/forget file=path/to/file dir=path/to/dir</code></pre>
-<h2 id="vfs-file-buffering-5">VFS File Buffering</h2>
+<h2 id="vfs-file-buffering-6">VFS File Buffering</h2>
 <p>The <code>--buffer-size</code> flag determines the amount of memory, that will be used to buffer data in advance.</p>
 <p>Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.</p>
 <p>This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.</p>
 <p>The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
-<h2 id="vfs-file-caching-5">VFS File Caching</h2>
+<h2 id="vfs-file-caching-6">VFS File Caching</h2>
 <p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
 <p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
 <p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
-<pre><code>--cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)</code></pre>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
 <p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
 <p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
 <p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
-<p>If using <code>--vfs-cache-max-size</code> note that the cache may exceed this size for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
 <p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
-<h3 id="vfs-cache-mode-off-5">--vfs-cache-mode off</h3>
+<h3 id="vfs-cache-mode-off-6">--vfs-cache-mode off</h3>
 <p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
 <p>This will mean some operations are not possible</p>
 <ul>
@@ -3504,7 +5010,7 @@ <h3 id="vfs-cache-mode-off-5">--vfs-cache-mode off</h3>
 <li>Open modes O_APPEND, O_TRUNC are ignored</li>
 <li>If an upload fails it can't be retried</li>
 </ul>
-<h3 id="vfs-cache-mode-minimal-5">--vfs-cache-mode minimal</h3>
+<h3 id="vfs-cache-mode-minimal-6">--vfs-cache-mode minimal</h3>
 <p>This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
 <p>These operations are not possible</p>
 <ul>
@@ -3513,11 +5019,11 @@ <h3 id="vfs-cache-mode-minimal-5">--vfs-cache-mode minimal</h3>
 <li>Files opened for write only will ignore O_APPEND, O_TRUNC</li>
 <li>If an upload fails it can't be retried</li>
 </ul>
-<h3 id="vfs-cache-mode-writes-5">--vfs-cache-mode writes</h3>
+<h3 id="vfs-cache-mode-writes-6">--vfs-cache-mode writes</h3>
 <p>In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.</p>
 <p>This mode should support all normal file system operations.</p>
 <p>If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.</p>
-<h3 id="vfs-cache-mode-full-5">--vfs-cache-mode full</h3>
+<h3 id="vfs-cache-mode-full-6">--vfs-cache-mode full</h3>
 <p>In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.</p>
 <p>In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.</p>
 <p>So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.</p>
@@ -3525,7 +5031,7 @@ <h3 id="vfs-cache-mode-full-5">--vfs-cache-mode full</h3>
 <p>When reading a file rclone will read <code>--buffer-size</code> plus <code>--vfs-read-ahead</code> bytes ahead. The <code>--buffer-size</code> is buffered in memory whereas the <code>--vfs-read-ahead</code> is buffered on disk.</p>
 <p>When using this mode it is recommended that <code>--buffer-size</code> is not set too large and <code>--vfs-read-ahead</code> is set large if required.</p>
 <p><strong>IMPORTANT</strong> not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.</p>
-<h3 id="fingerprinting-5">Fingerprinting</h3>
+<h3 id="fingerprinting-6">Fingerprinting</h3>
 <p>Various parts of the VFS use fingerprinting to see if a local file copy has changed relative to a remote file. Fingerprints are made from:</p>
 <ul>
 <li>size</li>
@@ -3538,7 +5044,7 @@ <h3 id="fingerprinting-5">Fingerprinting</h3>
 <p>If you use the <code>--vfs-fast-fingerprint</code> flag then rclone will not include the slow operations in the fingerprint. This makes the fingerprinting less accurate but much faster and will improve the opening time of cached files.</p>
 <p>If you are running a vfs cache over <code>local</code>, <code>s3</code> or <code>swift</code> backends then using this flag is recommended.</p>
 <p>Note that if you change the value of this flag, the fingerprints of the files in the cache may be invalidated and the files will need to be downloaded again.</p>
-<h2 id="vfs-chunked-reading-5">VFS Chunked Reading</h2>
+<h2 id="vfs-chunked-reading-6">VFS Chunked Reading</h2>
 <p>When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This can reduce the used download quota for some remotes by requesting only chunks from the remote that are actually read, at the cost of an increased number of requests.</p>
 <p>These flags control the chunking:</p>
 <pre><code>--vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
@@ -3546,7 +5052,7 @@ <h2 id="vfs-chunked-reading-5">VFS Chunked Reading</h2>
 <p>Rclone will start reading a chunk of size <code>--vfs-read-chunk-size</code>, and then double the size for each read. When <code>--vfs-read-chunk-size-limit</code> is specified, and greater than <code>--vfs-read-chunk-size</code>, the chunk size for each open file will get doubled only until the specified value is reached. If the value is "off", which is the default, the limit is disabled and the chunk size will grow indefinitely.</p>
 <p>With <code>--vfs-read-chunk-size 100M</code> and <code>--vfs-read-chunk-size-limit 0</code> the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on. When <code>--vfs-read-chunk-size-limit 500M</code> is specified, the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.</p>
 <p>Setting <code>--vfs-read-chunk-size</code> to <code>0</code> or "off" disables chunked reading.</p>
-<h2 id="vfs-performance-5">VFS Performance</h2>
+<h2 id="vfs-performance-6">VFS Performance</h2>
 <p>These flags may be used to enable/disable features of the VFS for performance or other reasons. See also the <a href="#vfs-chunked-reading">chunked reading</a> feature.</p>
 <p>In particular S3 and Swift benefit hugely from the <code>--no-modtime</code> flag (or use <code>--use-server-modtime</code> for a slightly different effect) as each read of the modification time takes a transaction.</p>
 <pre><code>--no-checksum     Don&#39;t compare checksums on up/download.
@@ -3558,7 +5064,7 @@ <h2 id="vfs-performance-5">VFS Performance</h2>
 --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)</code></pre>
 <p>When using VFS write caching (<code>--vfs-cache-mode</code> with value writes or full), the global flag <code>--transfers</code> can be set to adjust the number of parallel uploads of modified files from the cache (the related global flag <code>--checkers</code> has no effect on the VFS).</p>
 <pre><code>--transfers int  Number of file transfers to run in parallel (default 4)</code></pre>
-<h2 id="vfs-case-sensitivity-5">VFS Case Sensitivity</h2>
+<h2 id="vfs-case-sensitivity-6">VFS Case Sensitivity</h2>
 <p>Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.</p>
 <p>File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.</p>
 <p>Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default.</p>
@@ -3566,44 +5072,251 @@ <h2 id="vfs-case-sensitivity-5">VFS Case Sensitivity</h2>
 <p>The user may specify a file name to open/delete/rename/etc with a case different than what is stored on the remote. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by the underlying remote.</p>
 <p>Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system presented by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.</p>
 <p>If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".</p>
-<h2 id="vfs-disk-options-5">VFS Disk Options</h2>
+<h2 id="vfs-disk-options-6">VFS Disk Options</h2>
 <p>This flag allows you to manually set the statistics about the filing system. It can be useful when those statistics cannot be read correctly automatically.</p>
 <pre><code>--vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)</code></pre>
-<h2 id="alternate-report-of-used-bytes-5">Alternate report of used bytes</h2>
+<h2 id="alternate-report-of-used-bytes-6">Alternate report of used bytes</h2>
 <p>Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running <code>df</code> on the filesystem, then pass the flag <code>--vfs-used-is-size</code> to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to <code>rclone size</code> and compute the total used space itself.</p>
 <p><em>WARNING.</em> Contrary to <code>rclone size</code>, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.</p>
-<h2 id="auth-proxy-2">Auth Proxy</h2>
-<p>If you supply the parameter <code>--auth-proxy /path/to/program</code> then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocol with input on STDIN and output on STDOUT.</p>
-<p><strong>PLEASE NOTE:</strong> <code>--auth-proxy</code> and <code>--authorized-keys</code> cannot be used together, if <code>--auth-proxy</code> is set the authorized keys option will be ignored.</p>
-<p>There is an example program <a href="https://github.com/rclone/rclone/blob/master/test_proxy.py">bin/test_proxy.py</a> in the rclone source code.</p>
-<p>The program's job is to take a <code>user</code> and <code>pass</code> on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won't use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.</p>
-<p>This config generated must have this extra parameter - <code>_root</code> - root to use for the backend</p>
-<p>And it may have this parameter - <code>_obscure</code> - comma separated strings for parameters to obscure</p>
-<p>If password authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:</p>
-<pre><code>{
-    &quot;user&quot;: &quot;me&quot;,
-    &quot;pass&quot;: &quot;mypassword&quot;
-}</code></pre>
-<p>If public-key authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:</p>
-<pre><code>{
-    &quot;user&quot;: &quot;me&quot;,
-    &quot;public_key&quot;: &quot;AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf&quot;
-}</code></pre>
-<p>And as an example return this on STDOUT</p>
-<pre><code>{
-    &quot;type&quot;: &quot;sftp&quot;,
-    &quot;_root&quot;: &quot;&quot;,
-    &quot;_obscure&quot;: &quot;pass&quot;,
-    &quot;user&quot;: &quot;me&quot;,
-    &quot;pass&quot;: &quot;mypassword&quot;,
-    &quot;host&quot;: &quot;sftp.example.com&quot;
-}</code></pre>
+<pre><code>rclone serve s3 remote:path [flags]</code></pre>
+<h2 id="options-75">Options</h2>
+<pre><code>      --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
+      --auth-key stringArray                   Set key pair for v4 authorization: access_key_id,secret_access_key
+      --baseurl string                         Prefix for URLs - leave blank for root
+      --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
+      --client-ca string                       Client certificate authority to verify clients with
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off (default &quot;MD5&quot;)
+      --file-perms FileMode                    File permissions (default 0666)
+      --force-path-style                       If true use path style access if false use virtual hosted style (default true) (default true)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for s3
+      --key string                             TLS PEM Private key
+      --max-header-bytes int                   Maximum size of request header (default 4096)
+      --min-tls-version string                 Minimum TLS version that is acceptable (default &quot;tls1.0&quot;)
+      --no-checksum                            Don&#39;t compare checksums on up/download
+      --no-cleanup                             Not to cleanup empty folder after object is deleted
+      --no-modtime                             Don&#39;t read/write the modification time (can speed things up)
+      --no-seek                                Don&#39;t allow seeking in files
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --server-read-timeout Duration           Timeout for server reading data (default 1h0m0s)
+      --server-write-timeout Duration          Timeout for server writing data (default 1h0m0s)
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<h2 id="filter-options-27">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
+<h1 id="see-also-75">SEE ALSO</h1>
+<ul>
+<li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
+</ul>
+<h1 id="rclone-serve-sftp">rclone serve sftp</h1>
+<p>Serve the remote over SFTP.</p>
+<h2 id="synopsis-68">Synopsis</h2>
+<p>Run an SFTP server to serve a remote over SFTP. This can be used with an SFTP client or you can make a remote of type <a href="/sftp">sftp</a> to use with it.</p>
+<p>You can use the <a href="/filtering">filter</a> flags (e.g. <code>--include</code>, <code>--exclude</code>) to control what is served.</p>
+<p>The server will respond to a small number of shell commands, mainly md5sum, sha1sum and df, which enable it to provide support for checksums and the about feature when accessed from an sftp remote.</p>
+<p>Note that this server uses standard 32 KiB packet payload size, which means you must not configure the client to expect anything else, e.g. with the <a href="https://rclone.org/sftp/#sftp-chunk-size">chunk_size</a> option on an sftp remote.</p>
+<p>The server will log errors. Use <code>-v</code> to see access logs.</p>
+<p><code>--bwlimit</code> will be respected for file transfers. Use <code>--stats</code> to control the stats printing.</p>
+<p>You must provide some means of authentication, either with <code>--user</code>/<code>--pass</code>, an authorized keys file (specify location with <code>--authorized-keys</code> - the default is the same as ssh), an <code>--auth-proxy</code>, or set the <code>--no-auth</code> flag for no authentication when logging in.</p>
+<p>If you don't supply a host <code>--key</code> then rclone will generate rsa, ecdsa and ed25519 variants, and cache them for later use in rclone's cache directory (see <code>rclone help flags cache-dir</code>) in the "serve-sftp" directory.</p>
+<p>By default the server binds to localhost:2022 - if you want it to be reachable externally then supply <code>--addr :2022</code> for example.</p>
+<p>Note that the default of <code>--vfs-cache-mode off</code> is fine for the rclone sftp backend, but it may not be with other SFTP clients.</p>
+<p>If <code>--stdio</code> is specified, rclone will serve SFTP over stdio, which can be used with sshd via ~/.ssh/authorized_keys, for example:</p>
+<pre><code>restrict,command=&quot;rclone serve sftp --stdio ./photos&quot; ssh-rsa ...</code></pre>
+<p>On the client you need to set <code>--transfers 1</code> when using <code>--stdio</code>. Otherwise multiple instances of the rclone server are started by OpenSSH which can lead to "corrupted on transfer" errors. This is the case because the client chooses indiscriminately which server to send commands to while the servers all have different views of the state of the filing system.</p>
+<p>The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from being used. Omitting "restrict" and using <code>--sftp-path-override</code> to enable checksumming is possible but less secure and you could use the SFTP server provided by OpenSSH in this case.</p>
+<h2 id="vfs---virtual-file-system-1">VFS - Virtual File System</h2>
+<p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
+<p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
+<p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
+<h2 id="vfs-directory-cache-7">VFS Directory Cache</h2>
+<p>Using the <code>--dir-cache-time</code> flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the VFS will appear immediately or invalidate the cache.</p>
+<pre><code>--dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+--poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)</code></pre>
+<p>However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.</p>
+<p>You can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
+<pre><code>kill -SIGHUP $(pidof rclone)</code></pre>
+<p>If you configure rclone with a <a href="/rc">remote control</a> then you can use rclone rc to flush the whole directory cache:</p>
+<pre><code>rclone rc vfs/forget</code></pre>
+<p>Or individual files or directories:</p>
+<pre><code>rclone rc vfs/forget file=path/to/file dir=path/to/dir</code></pre>
+<h2 id="vfs-file-buffering-7">VFS File Buffering</h2>
+<p>The <code>--buffer-size</code> flag determines the amount of memory, that will be used to buffer data in advance.</p>
+<p>Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.</p>
+<p>This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.</p>
+<p>The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
+<h2 id="vfs-file-caching-7">VFS File Caching</h2>
+<p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
+<p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
+<p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
+<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
+<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
+<p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
+<p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
+<h3 id="vfs-cache-mode-off-7">--vfs-cache-mode off</h3>
+<p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
+<p>This will mean some operations are not possible</p>
+<ul>
+<li>Files can't be opened for both read AND write</li>
+<li>Files opened for write can't be seeked</li>
+<li>Existing files opened for write must have O_TRUNC set</li>
+<li>Files open for read with O_TRUNC will be opened write only</li>
+<li>Files open for write only will behave as if O_TRUNC was supplied</li>
+<li>Open modes O_APPEND, O_TRUNC are ignored</li>
+<li>If an upload fails it can't be retried</li>
+</ul>
+<h3 id="vfs-cache-mode-minimal-7">--vfs-cache-mode minimal</h3>
+<p>This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
+<p>These operations are not possible</p>
+<ul>
+<li>Files opened for write only can't be seeked</li>
+<li>Existing files opened for write must have O_TRUNC set</li>
+<li>Files opened for write only will ignore O_APPEND, O_TRUNC</li>
+<li>If an upload fails it can't be retried</li>
+</ul>
+<h3 id="vfs-cache-mode-writes-7">--vfs-cache-mode writes</h3>
+<p>In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.</p>
+<p>This mode should support all normal file system operations.</p>
+<p>If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.</p>
+<h3 id="vfs-cache-mode-full-7">--vfs-cache-mode full</h3>
+<p>In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.</p>
+<p>In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.</p>
+<p>So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.</p>
+<p>This mode should support all normal file system operations and is otherwise identical to <code>--vfs-cache-mode</code> writes.</p>
+<p>When reading a file rclone will read <code>--buffer-size</code> plus <code>--vfs-read-ahead</code> bytes ahead. The <code>--buffer-size</code> is buffered in memory whereas the <code>--vfs-read-ahead</code> is buffered on disk.</p>
+<p>When using this mode it is recommended that <code>--buffer-size</code> is not set too large and <code>--vfs-read-ahead</code> is set large if required.</p>
+<p><strong>IMPORTANT</strong> not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.</p>
+<h3 id="fingerprinting-7">Fingerprinting</h3>
+<p>Various parts of the VFS use fingerprinting to see if a local file copy has changed relative to a remote file. Fingerprints are made from:</p>
+<ul>
+<li>size</li>
+<li>modification time</li>
+<li>hash</li>
+</ul>
+<p>where available on an object.</p>
+<p>On some backends some of these attributes are slow to read (they take an extra API call per object, or extra work per object).</p>
+<p>For example <code>hash</code> is slow with the <code>local</code> and <code>sftp</code> backends as they have to read the entire file and hash it, and <code>modtime</code> is slow with the <code>s3</code>, <code>swift</code>, <code>ftp</code> and <code>qinqstor</code> backends because they need to do an extra API call to fetch it.</p>
+<p>If you use the <code>--vfs-fast-fingerprint</code> flag then rclone will not include the slow operations in the fingerprint. This makes the fingerprinting less accurate but much faster and will improve the opening time of cached files.</p>
+<p>If you are running a vfs cache over <code>local</code>, <code>s3</code> or <code>swift</code> backends then using this flag is recommended.</p>
+<p>Note that if you change the value of this flag, the fingerprints of the files in the cache may be invalidated and the files will need to be downloaded again.</p>
+<h2 id="vfs-chunked-reading-7">VFS Chunked Reading</h2>
+<p>When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This can reduce the used download quota for some remotes by requesting only chunks from the remote that are actually read, at the cost of an increased number of requests.</p>
+<p>These flags control the chunking:</p>
+<pre><code>--vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+--vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)</code></pre>
+<p>Rclone will start reading a chunk of size <code>--vfs-read-chunk-size</code>, and then double the size for each read. When <code>--vfs-read-chunk-size-limit</code> is specified, and greater than <code>--vfs-read-chunk-size</code>, the chunk size for each open file will get doubled only until the specified value is reached. If the value is "off", which is the default, the limit is disabled and the chunk size will grow indefinitely.</p>
+<p>With <code>--vfs-read-chunk-size 100M</code> and <code>--vfs-read-chunk-size-limit 0</code> the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on. When <code>--vfs-read-chunk-size-limit 500M</code> is specified, the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.</p>
+<p>Setting <code>--vfs-read-chunk-size</code> to <code>0</code> or "off" disables chunked reading.</p>
+<h2 id="vfs-performance-7">VFS Performance</h2>
+<p>These flags may be used to enable/disable features of the VFS for performance or other reasons. See also the <a href="#vfs-chunked-reading">chunked reading</a> feature.</p>
+<p>In particular S3 and Swift benefit hugely from the <code>--no-modtime</code> flag (or use <code>--use-server-modtime</code> for a slightly different effect) as each read of the modification time takes a transaction.</p>
+<pre><code>--no-checksum     Don&#39;t compare checksums on up/download.
+--no-modtime      Don&#39;t read/write the modification time (can speed things up).
+--no-seek         Don&#39;t allow seeking in files.
+--read-only       Only allow read-only access.</code></pre>
+<p>Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.</p>
+<pre><code>--vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+--vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<p>When using VFS write caching (<code>--vfs-cache-mode</code> with value writes or full), the global flag <code>--transfers</code> can be set to adjust the number of parallel uploads of modified files from the cache (the related global flag <code>--checkers</code> has no effect on the VFS).</p>
+<pre><code>--transfers int  Number of file transfers to run in parallel (default 4)</code></pre>
+<h2 id="vfs-case-sensitivity-7">VFS Case Sensitivity</h2>
+<p>Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.</p>
+<p>File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.</p>
+<p>Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default.</p>
+<p>The <code>--vfs-case-insensitive</code> VFS flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the remote as-is. If the flag is "true" (or appears without a value on the command line), rclone may perform a "fixup" as explained below.</p>
+<p>The user may specify a file name to open/delete/rename/etc with a case different than what is stored on the remote. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by the underlying remote.</p>
+<p>Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system presented by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.</p>
+<p>If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".</p>
+<h2 id="vfs-disk-options-7">VFS Disk Options</h2>
+<p>This flag allows you to manually set the statistics about the filing system. It can be useful when those statistics cannot be read correctly automatically.</p>
+<pre><code>--vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)</code></pre>
+<h2 id="alternate-report-of-used-bytes-7">Alternate report of used bytes</h2>
+<p>Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running <code>df</code> on the filesystem, then pass the flag <code>--vfs-used-is-size</code> to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to <code>rclone size</code> and compute the total used space itself.</p>
+<p><em>WARNING.</em> Contrary to <code>rclone size</code>, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.</p>
+<h2 id="auth-proxy-2">Auth Proxy</h2>
+<p>If you supply the parameter <code>--auth-proxy /path/to/program</code> then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocol with input on STDIN and output on STDOUT.</p>
+<p><strong>PLEASE NOTE:</strong> <code>--auth-proxy</code> and <code>--authorized-keys</code> cannot be used together, if <code>--auth-proxy</code> is set the authorized keys option will be ignored.</p>
+<p>There is an example program <a href="https://github.com/rclone/rclone/blob/master/test_proxy.py">bin/test_proxy.py</a> in the rclone source code.</p>
+<p>The program's job is to take a <code>user</code> and <code>pass</code> on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won't use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.</p>
+<p>This config generated must have this extra parameter - <code>_root</code> - root to use for the backend</p>
+<p>And it may have this parameter - <code>_obscure</code> - comma separated strings for parameters to obscure</p>
+<p>If password authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:</p>
+<pre><code>{
+    &quot;user&quot;: &quot;me&quot;,
+    &quot;pass&quot;: &quot;mypassword&quot;
+}</code></pre>
+<p>If public-key authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:</p>
+<pre><code>{
+    &quot;user&quot;: &quot;me&quot;,
+    &quot;public_key&quot;: &quot;AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf&quot;
+}</code></pre>
+<p>And as an example return this on STDOUT</p>
+<pre><code>{
+    &quot;type&quot;: &quot;sftp&quot;,
+    &quot;_root&quot;: &quot;&quot;,
+    &quot;_obscure&quot;: &quot;pass&quot;,
+    &quot;user&quot;: &quot;me&quot;,
+    &quot;pass&quot;: &quot;mypassword&quot;,
+    &quot;host&quot;: &quot;sftp.example.com&quot;
+}</code></pre>
 <p>This would mean that an SFTP backend would be created on the fly for the <code>user</code> and <code>pass</code>/<code>public_key</code> returned in the output to the host given. Note that since <code>_obscure</code> is set to <code>pass</code>, rclone will obscure the <code>pass</code> parameter before creating the backend (which is required for sftp backends).</p>
 <p>The program can manipulate the supplied <code>user</code> in any way, for example to make proxy to many different sftp backends, you could make the <code>user</code> be <code>user@example.com</code> and then set the <code>host</code> to <code>example.com</code> in the output and the user to <code>user</code>. For security you'd probably want to restrict the <code>host</code> to a limited list.</p>
 <p>Note that an internal cache is keyed on <code>user</code> so only use that for configuration, don't use <code>pass</code> or <code>public_key</code>. This also means that if a user's password or public-key is changed the cache will need to expire (which takes 5 mins) before it takes effect.</p>
 <p>This can be used to build general purpose proxies to any kind of backend that rclone supports.</p>
 <pre><code>rclone serve sftp remote:path [flags]</code></pre>
-<h2 id="options-73">Options</h2>
+<h2 id="options-76">Options</h2>
 <pre><code>      --addr string                            IPaddress:Port or :Port to bind server to (default &quot;localhost:2022&quot;)
       --auth-proxy string                      A program to use to create the backend from the auth
       --authorized-keys string                 Authorized keys file (default &quot;~/.ssh/authorized_keys&quot;)
@@ -3624,8 +5337,9 @@ <h2 id="options-73">Options</h2>
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -3635,17 +5349,42 @@ <h2 id="options-73">Options</h2>
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<h2 id="filter-options-28">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-73">SEE ALSO</h2>
+<h1 id="see-also-76">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
 </ul>
 <h1 id="rclone-serve-webdav">rclone serve webdav</h1>
 <p>Serve remote:path over WebDAV.</p>
-<h2 id="synopsis-66">Synopsis</h2>
+<h2 id="synopsis-69">Synopsis</h2>
 <p>Run a basic WebDAV server to serve a remote over HTTP via the WebDAV protocol. This can be viewed with a WebDAV client, through a web browser, or you can make a remote of type WebDAV to read and write it.</p>
 <h2 id="webdav-options">WebDAV options</h2>
 <h3 id="etag-hash">--etag-hash</h3>
@@ -3656,7 +5395,7 @@ <h2 id="access-webdav-on-windows">Access WebDAV on Windows</h2>
 <h2 id="access-office-applications-on-webdav">Access Office applications on WebDAV</h2>
 <p>Navigate to following registry HKEY_CURRENT_USER[14.0/15.0/16.0] Create a new DWORD BasicAuthLevel with value 2. 0 - Basic authentication disabled 1 - Basic authentication enabled for SSL connections only 2 - Basic authentication enabled for SSL and for non-SSL connections</p>
 <p>https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint</p>
-<h2 id="server-options-5">Server options</h2>
+<h2 id="server-options-6">Server options</h2>
 <p>Use <code>--addr</code> to specify which IP address and port the server should listen on, eg <code>--addr 1.2.3.4:8000</code> or <code>--addr :8080</code> to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
 <p>If you set <code>--addr</code> to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
 <p>You can use a unix socket by setting the url to <code>unix:///path/to/socket</code> or just by using an absolute path name. Note that unix sockets bypass the authentication - this is expected to be done with file system permissions.</p>
@@ -3664,7 +5403,7 @@ <h2 id="server-options-5">Server options</h2>
 <p><code>--server-read-timeout</code> and <code>--server-write-timeout</code> can be used to control the timeouts on the server. Note that this is the total time for a transfer.</p>
 <p><code>--max-header-bytes</code> controls the maximum number of bytes the server will accept in the HTTP header.</p>
 <p><code>--baseurl</code> controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used <code>--baseurl "/rclone"</code> then rclone would serve from a URL starting with "/rclone/". This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing "/" on <code>--baseurl</code>, so <code>--baseurl "rclone"</code>, <code>--baseurl "/rclone"</code> and <code>--baseurl "/rclone/"</code> are all treated identically.</p>
-<h3 id="tls-ssl-3">TLS (SSL)</h3>
+<h3 id="tls-ssl-4">TLS (SSL)</h3>
 <p>By default this will serve over http. If you want you can serve over https. You will need to supply the <code>--cert</code> and <code>--key</code> flags. If you wish to do client side certificate validation then you will need to supply <code>--client-ca</code> also.</p>
 <p><code>--cert</code> should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. <code>--key</code> should be the PEM encoded private key and <code>--client-ca</code> should be the PEM encoded client certificate authority certificate.</p>
 <p>--min-tls-version is minimum TLS version that is acceptable. Valid values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").</p>
@@ -3748,9 +5487,41 @@ <h3 id="template-2">Template</h3>
 </tr>
 </tbody>
 </table>
+<p>The server also makes the following functions available so that they can be used within the template. These functions help extend the options for dynamic rendering of HTML. They can be used to render HTML based on specific conditions.</p>
+<table>
+<colgroup>
+<col style="width: 50%" />
+<col style="width: 50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th style="text-align: left;">Function</th>
+<th style="text-align: left;">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="text-align: left;">afterEpoch</td>
+<td style="text-align: left;">Returns the time since the epoch for the given time.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">contains</td>
+<td style="text-align: left;">Checks whether a given substring is present or not in a given string.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">hasPrefix</td>
+<td style="text-align: left;">Checks whether the given string begins with the specified prefix.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">hasSuffix</td>
+<td style="text-align: left;">Checks whether the given string end with the specified suffix.</td>
+</tr>
+</tbody>
+</table>
 <h3 id="authentication-4">Authentication</h3>
 <p>By default this will serve files without needing a login.</p>
 <p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the <code>--user</code> and <code>--pass</code> flags.</p>
+<p>If no static users are configured by either of the above methods, and client certificates are required by the <code>--client-ca</code> flag passed to the server, the client certificate common name will be considered as the username.</p>
 <p>Use <code>--htpasswd /path/to/htpasswd</code> to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
 <p>To create an htpasswd file:</p>
 <pre><code>touch htpasswd
@@ -3758,12 +5529,11 @@ <h3 id="authentication-4">Authentication</h3>
 htpasswd -B htpasswd anotherUser</code></pre>
 <p>The password file can be updated while rclone is running.</p>
 <p>Use <code>--realm</code> to set the authentication realm.</p>
-<p>Use <code>--salt</code> to change the password hashing salt from the default.</p>
-<h2 id="vfs---virtual-file-system-6">VFS - Virtual File System</h2>
+<p>Use <code>--salt</code> to change the password hashing salt from the default. ## VFS - Virtual File System</p>
 <p>This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.</p>
 <p>Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.</p>
 <p>The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.</p>
-<h2 id="vfs-directory-cache-6">VFS Directory Cache</h2>
+<h2 id="vfs-directory-cache-8">VFS Directory Cache</h2>
 <p>Using the <code>--dir-cache-time</code> flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the VFS will appear immediately or invalidate the cache.</p>
 <pre><code>--dir-cache-time duration   Time to cache directory entries for (default 5m0s)
 --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)</code></pre>
@@ -3774,27 +5544,29 @@ <h2 id="vfs-directory-cache-6">VFS Directory Cache</h2>
 <pre><code>rclone rc vfs/forget</code></pre>
 <p>Or individual files or directories:</p>
 <pre><code>rclone rc vfs/forget file=path/to/file dir=path/to/dir</code></pre>
-<h2 id="vfs-file-buffering-6">VFS File Buffering</h2>
+<h2 id="vfs-file-buffering-8">VFS File Buffering</h2>
 <p>The <code>--buffer-size</code> flag determines the amount of memory, that will be used to buffer data in advance.</p>
 <p>Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.</p>
 <p>This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.</p>
 <p>The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
-<h2 id="vfs-file-caching-6">VFS File Caching</h2>
+<h2 id="vfs-file-caching-8">VFS File Caching</h2>
 <p>These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.</p>
 <p>For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.</p>
 <p>Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.</p>
-<pre><code>--cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)</code></pre>
+<pre><code>--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)</code></pre>
 <p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
 <p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
 <p>Note that files are written back to the remote only when they are closed and if they haven't been accessed for <code>--vfs-write-back</code> seconds. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.</p>
-<p>If using <code>--vfs-cache-max-size</code> note that the cache may exceed this size for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache.</p>
+<p>If using <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> note that the cache may exceed these quotas for two reasons. Firstly because it is only checked every <code>--vfs-cache-poll-interval</code>. Secondly because open files cannot be evicted from the cache. When <code>--vfs-cache-max-size</code> or <code>--vfs-cache-min-free-size</code> is exceeded, rclone will attempt to evict the least accessed files from the cache first. rclone will start with files that haven't been accessed for the longest. This cache flushing strategy is efficient and more relevant files are likely to remain cached.</p>
+<p>The <code>--vfs-cache-max-age</code> will evict files from the cache after the set time since last access has passed. The default value of 1 hour will start evicting files from cache that haven't been accessed for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0 and will wait for 1 more hour before evicting. Specify the time with standard notation, s, m, h, d, w .</p>
 <p>You <strong>should not</strong> run two copies of rclone using the same VFS cache with the same or overlapping remotes if using <code>--vfs-cache-mode &gt; off</code>. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with <code>--cache-dir</code>. You don't need to worry about this if the remotes in use don't overlap.</p>
-<h3 id="vfs-cache-mode-off-6">--vfs-cache-mode off</h3>
+<h3 id="vfs-cache-mode-off-8">--vfs-cache-mode off</h3>
 <p>In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.</p>
 <p>This will mean some operations are not possible</p>
 <ul>
@@ -3806,7 +5578,7 @@ <h3 id="vfs-cache-mode-off-6">--vfs-cache-mode off</h3>
 <li>Open modes O_APPEND, O_TRUNC are ignored</li>
 <li>If an upload fails it can't be retried</li>
 </ul>
-<h3 id="vfs-cache-mode-minimal-6">--vfs-cache-mode minimal</h3>
+<h3 id="vfs-cache-mode-minimal-8">--vfs-cache-mode minimal</h3>
 <p>This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
 <p>These operations are not possible</p>
 <ul>
@@ -3815,11 +5587,11 @@ <h3 id="vfs-cache-mode-minimal-6">--vfs-cache-mode minimal</h3>
 <li>Files opened for write only will ignore O_APPEND, O_TRUNC</li>
 <li>If an upload fails it can't be retried</li>
 </ul>
-<h3 id="vfs-cache-mode-writes-6">--vfs-cache-mode writes</h3>
+<h3 id="vfs-cache-mode-writes-8">--vfs-cache-mode writes</h3>
 <p>In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.</p>
 <p>This mode should support all normal file system operations.</p>
 <p>If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.</p>
-<h3 id="vfs-cache-mode-full-6">--vfs-cache-mode full</h3>
+<h3 id="vfs-cache-mode-full-8">--vfs-cache-mode full</h3>
 <p>In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.</p>
 <p>In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.</p>
 <p>So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.</p>
@@ -3827,7 +5599,7 @@ <h3 id="vfs-cache-mode-full-6">--vfs-cache-mode full</h3>
 <p>When reading a file rclone will read <code>--buffer-size</code> plus <code>--vfs-read-ahead</code> bytes ahead. The <code>--buffer-size</code> is buffered in memory whereas the <code>--vfs-read-ahead</code> is buffered on disk.</p>
 <p>When using this mode it is recommended that <code>--buffer-size</code> is not set too large and <code>--vfs-read-ahead</code> is set large if required.</p>
 <p><strong>IMPORTANT</strong> not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.</p>
-<h3 id="fingerprinting-6">Fingerprinting</h3>
+<h3 id="fingerprinting-8">Fingerprinting</h3>
 <p>Various parts of the VFS use fingerprinting to see if a local file copy has changed relative to a remote file. Fingerprints are made from:</p>
 <ul>
 <li>size</li>
@@ -3840,7 +5612,7 @@ <h3 id="fingerprinting-6">Fingerprinting</h3>
 <p>If you use the <code>--vfs-fast-fingerprint</code> flag then rclone will not include the slow operations in the fingerprint. This makes the fingerprinting less accurate but much faster and will improve the opening time of cached files.</p>
 <p>If you are running a vfs cache over <code>local</code>, <code>s3</code> or <code>swift</code> backends then using this flag is recommended.</p>
 <p>Note that if you change the value of this flag, the fingerprints of the files in the cache may be invalidated and the files will need to be downloaded again.</p>
-<h2 id="vfs-chunked-reading-6">VFS Chunked Reading</h2>
+<h2 id="vfs-chunked-reading-8">VFS Chunked Reading</h2>
 <p>When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This can reduce the used download quota for some remotes by requesting only chunks from the remote that are actually read, at the cost of an increased number of requests.</p>
 <p>These flags control the chunking:</p>
 <pre><code>--vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
@@ -3848,7 +5620,7 @@ <h2 id="vfs-chunked-reading-6">VFS Chunked Reading</h2>
 <p>Rclone will start reading a chunk of size <code>--vfs-read-chunk-size</code>, and then double the size for each read. When <code>--vfs-read-chunk-size-limit</code> is specified, and greater than <code>--vfs-read-chunk-size</code>, the chunk size for each open file will get doubled only until the specified value is reached. If the value is "off", which is the default, the limit is disabled and the chunk size will grow indefinitely.</p>
 <p>With <code>--vfs-read-chunk-size 100M</code> and <code>--vfs-read-chunk-size-limit 0</code> the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on. When <code>--vfs-read-chunk-size-limit 500M</code> is specified, the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.</p>
 <p>Setting <code>--vfs-read-chunk-size</code> to <code>0</code> or "off" disables chunked reading.</p>
-<h2 id="vfs-performance-6">VFS Performance</h2>
+<h2 id="vfs-performance-8">VFS Performance</h2>
 <p>These flags may be used to enable/disable features of the VFS for performance or other reasons. See also the <a href="#vfs-chunked-reading">chunked reading</a> feature.</p>
 <p>In particular S3 and Swift benefit hugely from the <code>--no-modtime</code> flag (or use <code>--use-server-modtime</code> for a slightly different effect) as each read of the modification time takes a transaction.</p>
 <pre><code>--no-checksum     Don&#39;t compare checksums on up/download.
@@ -3860,7 +5632,7 @@ <h2 id="vfs-performance-6">VFS Performance</h2>
 --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)</code></pre>
 <p>When using VFS write caching (<code>--vfs-cache-mode</code> with value writes or full), the global flag <code>--transfers</code> can be set to adjust the number of parallel uploads of modified files from the cache (the related global flag <code>--checkers</code> has no effect on the VFS).</p>
 <pre><code>--transfers int  Number of file transfers to run in parallel (default 4)</code></pre>
-<h2 id="vfs-case-sensitivity-6">VFS Case Sensitivity</h2>
+<h2 id="vfs-case-sensitivity-8">VFS Case Sensitivity</h2>
 <p>Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.</p>
 <p>File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.</p>
 <p>Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default.</p>
@@ -3868,10 +5640,10 @@ <h2 id="vfs-case-sensitivity-6">VFS Case Sensitivity</h2>
 <p>The user may specify a file name to open/delete/rename/etc with a case different than what is stored on the remote. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by the underlying remote.</p>
 <p>Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system presented by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.</p>
 <p>If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".</p>
-<h2 id="vfs-disk-options-6">VFS Disk Options</h2>
+<h2 id="vfs-disk-options-8">VFS Disk Options</h2>
 <p>This flag allows you to manually set the statistics about the filing system. It can be useful when those statistics cannot be read correctly automatically.</p>
 <pre><code>--vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)</code></pre>
-<h2 id="alternate-report-of-used-bytes-6">Alternate report of used bytes</h2>
+<h2 id="alternate-report-of-used-bytes-8">Alternate report of used bytes</h2>
 <p>Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running <code>df</code> on the filesystem, then pass the flag <code>--vfs-used-is-size</code> to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to <code>rclone size</code> and compute the total used space itself.</p>
 <p><em>WARNING.</em> Contrary to <code>rclone size</code>, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.</p>
 <h2 id="auth-proxy-3">Auth Proxy</h2>
@@ -3905,8 +5677,9 @@ <h2 id="auth-proxy-3">Auth Proxy</h2>
 <p>Note that an internal cache is keyed on <code>user</code> so only use that for configuration, don't use <code>pass</code> or <code>public_key</code>. This also means that if a user's password or public-key is changed the cache will need to expire (which takes 5 mins) before it takes effect.</p>
 <p>This can be used to build general purpose proxies to any kind of backend that rclone supports.</p>
 <pre><code>rclone serve webdav remote:path [flags]</code></pre>
-<h2 id="options-74">Options</h2>
+<h2 id="options-77">Options</h2>
 <pre><code>      --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
       --auth-proxy string                      A program to use to create the backend from the auth
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -3936,8 +5709,9 @@ <h2 id="options-74">Options</h2>
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -3947,17 +5721,42 @@ <h2 id="options-74">Options</h2>
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (&#39;off&#39; is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)</code></pre>
+<h2 id="filter-options-29">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-74">SEE ALSO</h2>
+<h1 id="see-also-77">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_serve/">rclone serve</a> - Serve a remote over a protocol.</li>
 </ul>
 <h1 id="rclone-settier">rclone settier</h1>
 <p>Changes storage class/tier of objects in remote.</p>
-<h2 id="synopsis-67">Synopsis</h2>
+<h2 id="synopsis-70">Synopsis</h2>
 <p>rclone settier changes storage tier or class at remote if supported. Few cloud storage services provides different storage classes on objects, for example AWS S3 and Glacier, Azure Blob storage - Hot, Cool and Archive, Google Cloud Storage, Regional Storage, Nearline, Coldline etc.</p>
 <p>Note that, certain tier changes make objects not available to access immediately. For example tiering to archive in azure blob storage makes objects in frozen state, user can restore by setting tier to Hot/Cool, similarly S3 to Glacier makes object inaccessible.true</p>
 <p>You can use it to tier single object</p>
@@ -3967,25 +5766,25 @@ <h2 id="synopsis-67">Synopsis</h2>
 <p>Or just provide remote directory and all files in directory will be tiered</p>
 <pre><code>rclone settier tier remote:path/dir</code></pre>
 <pre><code>rclone settier tier remote:path [flags]</code></pre>
-<h2 id="options-75">Options</h2>
+<h2 id="options-78">Options</h2>
 <pre><code>  -h, --help   help for settier</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-75">SEE ALSO</h2>
+<h1 id="see-also-78">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-test">rclone test</h1>
 <p>Run a test command</p>
-<h2 id="synopsis-68">Synopsis</h2>
+<h2 id="synopsis-71">Synopsis</h2>
 <p>Rclone test is used to run test commands.</p>
-<p>Select which test comand you want with the subcommand, eg</p>
+<p>Select which test command you want with the subcommand, eg</p>
 <pre><code>rclone test memory remote:</code></pre>
 <p>Each subcommand has its own options which you can see in their help.</p>
 <p><strong>NB</strong> Be careful running these commands, they may do strange things so reading their documentation first is recommended.</p>
-<h2 id="options-76">Options</h2>
+<h2 id="options-79">Options</h2>
 <pre><code>  -h, --help   help for test</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-76">SEE ALSO</h2>
+<h1 id="see-also-79">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 <li><a href="https://rclone.org/commands/rclone_test_changenotify/">rclone test changenotify</a> - Log any change notify requests for the remote passed in.</li>
@@ -3998,35 +5797,36 @@ <h2 id="see-also-76">SEE ALSO</h2>
 <h1 id="rclone-test-changenotify">rclone test changenotify</h1>
 <p>Log any change notify requests for the remote passed in.</p>
 <pre><code>rclone test changenotify remote: [flags]</code></pre>
-<h2 id="options-77">Options</h2>
+<h2 id="options-80">Options</h2>
 <pre><code>  -h, --help                     help for changenotify
       --poll-interval Duration   Time to wait between polling for changes (default 10s)</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-77">SEE ALSO</h2>
+<h1 id="see-also-80">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_test/">rclone test</a> - Run a test command</li>
 </ul>
 <h1 id="rclone-test-histogram">rclone test histogram</h1>
 <p>Makes a histogram of file name characters.</p>
-<h2 id="synopsis-69">Synopsis</h2>
+<h2 id="synopsis-72">Synopsis</h2>
 <p>This command outputs JSON which shows the histogram of characters used in filenames in the remote:path specified.</p>
 <p>The data doesn't contain any identifying information but is useful for the rclone developers when developing filename compression.</p>
 <pre><code>rclone test histogram [remote:path] [flags]</code></pre>
-<h2 id="options-78">Options</h2>
+<h2 id="options-81">Options</h2>
 <pre><code>  -h, --help   help for histogram</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-78">SEE ALSO</h2>
+<h1 id="see-also-81">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_test/">rclone test</a> - Run a test command</li>
 </ul>
 <h1 id="rclone-test-info">rclone test info</h1>
 <p>Discovers file name or other limitations for paths.</p>
-<h2 id="synopsis-70">Synopsis</h2>
+<h2 id="synopsis-73">Synopsis</h2>
 <p>rclone info discovers what filenames and upload methods are possible to write to the paths passed in and how long they can be. It can take some time. It will write test files into the remote:path passed in. It outputs a bit of go code for each one.</p>
 <p><strong>NB</strong> this can create undeletable files and other hazards - use with care</p>
 <pre><code>rclone test info [remote:path]+ [flags]</code></pre>
-<h2 id="options-79">Options</h2>
+<h2 id="options-82">Options</h2>
 <pre><code>      --all                    Run all tests
+      --check-base32768        Check can store all possible base32768 characters
       --check-control          Check control characters
       --check-length           Check max filename length
       --check-normalization    Check UTF-8 Normalization
@@ -4035,14 +5835,14 @@ <h2 id="options-79">Options</h2>
       --upload-wait Duration   Wait after writing a file (default 0s)
       --write-json string      Write results to file</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-79">SEE ALSO</h2>
+<h1 id="see-also-82">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_test/">rclone test</a> - Run a test command</li>
 </ul>
 <h1 id="rclone-test-makefile">rclone test makefile</h1>
 <p>Make files with random contents of the size given</p>
 <pre><code>rclone test makefile &lt;size&gt; [&lt;file&gt;]+ [flags]</code></pre>
-<h2 id="options-80">Options</h2>
+<h2 id="options-83">Options</h2>
 <pre><code>      --ascii      Fill files with random ASCII printable bytes only
       --chargen    Fill files with a ASCII chargen pattern
   -h, --help       help for makefile
@@ -4051,14 +5851,14 @@ <h2 id="options-80">Options</h2>
       --sparse     Make the files sparse (appear to be filled with ASCII 0x00)
       --zero       Fill files with ASCII 0x00</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-80">SEE ALSO</h2>
+<h1 id="see-also-83">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_test/">rclone test</a> - Run a test command</li>
 </ul>
 <h1 id="rclone-test-makefiles">rclone test makefiles</h1>
 <p>Make a random file hierarchy in a directory</p>
 <pre><code>rclone test makefiles &lt;dir&gt; [flags]</code></pre>
-<h2 id="options-81">Options</h2>
+<h2 id="options-84">Options</h2>
 <pre><code>      --ascii                      Fill files with random ASCII printable bytes only
       --chargen                    Fill files with a ASCII chargen pattern
       --files int                  Number of files to create (default 1000)
@@ -4074,23 +5874,23 @@ <h2 id="options-81">Options</h2>
       --sparse                     Make the files sparse (appear to be filled with ASCII 0x00)
       --zero                       Fill files with ASCII 0x00</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-81">SEE ALSO</h2>
+<h1 id="see-also-84">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_test/">rclone test</a> - Run a test command</li>
 </ul>
 <h1 id="rclone-test-memory">rclone test memory</h1>
 <p>Load all the objects at remote:path into memory and report memory stats.</p>
 <pre><code>rclone test memory remote:path [flags]</code></pre>
-<h2 id="options-82">Options</h2>
+<h2 id="options-85">Options</h2>
 <pre><code>  -h, --help   help for memory</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-82">SEE ALSO</h2>
+<h1 id="see-also-85">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone_test/">rclone test</a> - Run a test command</li>
 </ul>
 <h1 id="rclone-touch">rclone touch</h1>
 <p>Create new file or change file modification time.</p>
-<h2 id="synopsis-71">Synopsis</h2>
+<h2 id="synopsis-74">Synopsis</h2>
 <p>Set the modification time on file(s) as specified by remote:path to have the current time.</p>
 <p>If remote:path does not exist then a zero sized file will be created, unless <code>--no-create</code> or <code>--recursive</code> is provided.</p>
 <p>If <code>--recursive</code> is used then recursively sets the modification time on all existing files that is found under the path. Filters are supported, and you can test with the <code>--dry-run</code> or the <code>--interactive</code>/<code>-i</code> flag.</p>
@@ -4102,20 +5902,53 @@ <h2 id="synopsis-71">Synopsis</h2>
 </ul>
 <p>Note that value of <code>--timestamp</code> is in UTC. If you want local time then add the <code>--localtime</code> flag.</p>
 <pre><code>rclone touch remote:path [flags]</code></pre>
-<h2 id="options-83">Options</h2>
+<h2 id="options-86">Options</h2>
 <pre><code>  -h, --help               help for touch
       --localtime          Use localtime for timestamp, not UTC
   -C, --no-create          Do not create the file if it does not exist (implied with --recursive)
   -R, --recursive          Recursively touch all files
   -t, --timestamp string   Use specified time instead of the current time of day</code></pre>
+<h2 id="important-options-17">Important Options</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="filter-options-30">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-20">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-83">SEE ALSO</h2>
+<h1 id="see-also-86">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
 <h1 id="rclone-tree">rclone tree</h1>
 <p>List the contents of the remote in a tree like fashion.</p>
-<h2 id="synopsis-72">Synopsis</h2>
+<h2 id="synopsis-75">Synopsis</h2>
 <p>rclone tree lists the contents of a remote in a similar way to the unix tree command.</p>
 <p>For example</p>
 <pre><code>$ rclone tree remote:path
@@ -4132,7 +5965,7 @@ <h2 id="synopsis-72">Synopsis</h2>
 <p>The tree command has many options for controlling the listing which are compatible with the tree command, for example you can include file sizes with <code>--size</code>. Note that not all of them have short options as they conflict with rclone's short options.</p>
 <p>For a more interactive navigation of the remote see the <a href="https://rclone.org/commands/rclone_ncdu/">ncdu</a> command.</p>
 <pre><code>rclone tree remote:path [flags]</code></pre>
-<h2 id="options-84">Options</h2>
+<h2 id="options-87">Options</h2>
 <pre><code>  -a, --all             All files are listed (list . files too)
   -d, --dirs-only       List directories only
       --dirsfirst       List directories before files (-U disables)
@@ -4152,8 +5985,36 @@ <h2 id="options-84">Options</h2>
   -r, --sort-reverse    Reverse the order of the sort
   -U, --unsorted        Leave files unsorted
       --version         Sort files alphanumerically by version</code></pre>
+<h2 id="filter-options-31">Filter Options</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing-options-21">Listing Options</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
 <p>See the <a href="https://rclone.org/flags/">global flags page</a> for global options not listed here.</p>
-<h2 id="see-also-84">SEE ALSO</h2>
+<h1 id="see-also-87">SEE ALSO</h1>
 <ul>
 <li><a href="https://rclone.org/commands/rclone/">rclone</a> - Show help for rclone commands, flags and backends.</li>
 </ul>
@@ -4234,6 +6095,7 @@ <h4 id="connection-strings-config-and-logging">Connection strings, config and lo
 <h3 id="valid-remote-names">Valid remote names</h3>
 <p>Remote names are case sensitive, and must adhere to the following rules: - May contain number, letter, <code>_</code>, <code>-</code>, <code>.</code>, <code>+</code>, <code>@</code> and space. - May not start with <code>-</code> or space. - May not end with space.</p>
 <p>Starting with rclone version 1.61, any Unicode numbers and letters are allowed, while in older versions it was limited to plain ASCII (0-9, A-Z, a-z). If you use the same rclone configuration from different shells, which may be configured with different character encoding, you must be cautious to use characters that are possible to write in all of them. This is mostly a problem on Windows, where the console traditionally uses a non-Unicode character set - defined by the so-called "code page".</p>
+<p>Do not use single character names on Windows as it creates ambiguity with Windows drives' names, e.g.: remote called <code>C</code> is indistinguishable from <code>C</code> drive. Rclone will always assume that single letter name refers to a drive.</p>
 <h2 id="quoting-and-the-shell">Quoting and the shell</h2>
 <p>When you are typing commands to your computer you are using something called the command line shell. This interprets various characters in an OS specific way.</p>
 <p>Here are some gotchas which may help users unfamiliar with the shell rules</p>
@@ -4273,6 +6135,7 @@ <h2 id="metadata">Metadata support</h2>
 <p>Rclone only supports a one-time sync of metadata. This means that metadata will be synced from the source object to the destination object only when the source object has changed and needs to be re-uploaded. If the metadata subsequently changes on the source object without changing the object itself then it won't be synced to the destination object. This is in line with the way rclone syncs <code>Content-Type</code> without the <code>--metadata</code> flag.</p>
 <p>Using <code>--metadata</code> when syncing from local to local will preserve file attributes such as file mode, owner, extended attributes (not Windows).</p>
 <p>Note that arbitrary metadata may be added to objects using the <code>--metadata-set key=value</code> flag when the object is first uploaded. This flag can be repeated as many times as necessary.</p>
+<p>The <a href="#metadata-mapper">--metadata-mapper</a> flag can be used to pass the name of a program in which can transform metadata when it is being copied from source to destination.</p>
 <h3 id="types-of-metadata">Types of metadata</h3>
 <p>Metadata is divided into two type. System metadata and User metadata.</p>
 <p>Metadata which the backend uses itself is called system metadata. For example on the local backend the system metadata <code>uid</code> will store the user ID of the file when used on a unix based platform.</p>
@@ -4350,26 +6213,31 @@ <h3 id="standard-system-metadata">Standard system metadata</h3>
 <td>2006-01-02T15:04:05.999999999Z07:00</td>
 </tr>
 <tr class="even">
+<td>utime</td>
+<td>Time of file upload: RFC 3339</td>
+<td>2006-01-02T15:04:05.999999999Z07:00</td>
+</tr>
+<tr class="odd">
 <td>cache-control</td>
 <td>Cache-Control header</td>
 <td>no-cache</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>content-disposition</td>
 <td>Content-Disposition header</td>
 <td>inline</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>content-encoding</td>
 <td>Content-Encoding header</td>
 <td>gzip</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>content-language</td>
 <td>Content-Language header</td>
 <td>en-US</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>content-type</td>
 <td>Content-Type header</td>
 <td>text/plain</td>
@@ -4378,7 +6246,7 @@ <h3 id="standard-system-metadata">Standard system metadata</h3>
 </table>
 <p>The metadata keys <code>mtime</code> and <code>content-type</code> will take precedence if supplied in the metadata over reading the <code>Content-Type</code> or modification time of the source object.</p>
 <p>Hashes are not included in system metadata as there is a well defined way of reading those already.</p>
-<h2 id="options-85">Options</h2>
+<h2 id="options-88">Options</h2>
 <p>Rclone has a number of options to control its behaviour.</p>
 <p>Options that take parameters can have the values passed in two ways, <code>--option=value</code> or <code>--option value</code>. However boolean (true/false) options behave slightly differently to the other options in that <code>--boolean</code> sets the option to <code>true</code> and the absence of the flag sets it to <code>false</code>. It is also possible to specify <code>--boolean=false</code> or <code>--boolean=true</code>. Note that <code>--boolean false</code> is not valid - this is parsed as <code>--boolean</code> and the <code>false</code> is parsed as an extra command line argument for rclone.</p>
 <h3 id="time-option">Time or duration options</h3>
@@ -4414,6 +6282,7 @@ <h3 id="backup-dirdir">--backup-dir=DIR</h3>
 <p>See <code>--compare-dest</code> and <code>--copy-dest</code>.</p>
 <h3 id="bind-string">--bind string</h3>
 <p>Local address to bind to for outgoing connections. This can be an IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or host name. If the host name doesn't resolve or resolves to more than one IP address it will give an error.</p>
+<p>You can use <code>--bind 0.0.0.0</code> to force rclone to use IPv4 addresses and <code>--bind ::0</code> to force rclone to use IPv6 addresses.</p>
 <h3 id="bwlimitbandwidth_spec">--bwlimit=BANDWIDTH_SPEC</h3>
 <p>This option controls the bandwidth limit. For example</p>
 <pre><code>--bwlimit 10M</code></pre>
@@ -4479,7 +6348,7 @@ <h3 id="c---checksum">-c, --checksum</h3>
 <p>Eg <code>rclone --checksum sync s3:/bucket swift:/bucket</code> would run much quicker than without the <code>--checksum</code> flag.</p>
 <p>When using this flag, rclone won't update mtimes of remote files if they are incorrect as it would normally.</p>
 <h3 id="color-when">--color WHEN</h3>
-<p>Specifiy when colors (and other ANSI codes) should be added to the output.</p>
+<p>Specify when colors (and other ANSI codes) should be added to the output.</p>
 <p><code>AUTO</code> (default) only allows ANSI codes when the output is a terminal</p>
 <p><code>NEVER</code> never allow ANSI codes</p>
 <p><code>ALWAYS</code> always add ANSI codes, regardless of the output format (terminal or file)</p>
@@ -4525,6 +6394,8 @@ <h3 id="configconfig_file">--config=CONFIG_FILE</h3>
 <p>Note that passwords are in <a href="https://rclone.org/commands/rclone_obscure/">obscured</a> form. Also, many storage systems uses token-based authentication instead of passwords, and this requires additional steps. It is easier, and safer, to use the interactive command <code>rclone config</code> instead of manually editing the configuration file.</p>
 <p>The configuration file will typically contain login information, and should therefore have restricted permissions so that only the current user can read it. Rclone tries to ensure this when it writes the file. You may also choose to <a href="#configuration-encryption">encrypt</a> the file.</p>
 <p>When token-based authentication are used, the configuration file must be writable, because rclone needs to update the tokens inside it.</p>
+<p>To reduce risk of corrupting an existing configuration file, rclone will not write directly to it when saving changes. Instead it will first write to a new, temporary, file. If a configuration file already existed, it will (on Unix systems) try to mirror its permissions to the new file. Then it will rename the existing file to a temporary name as backup. Next, rclone will rename the new file to the correct name, before finally cleaning up by deleting the backup file.</p>
+<p>If the configuration file path used by rclone is a symbolic link, then this will be evaluated and rclone will write to the resolved path, instead of overwriting the symbolic link. Temporary files used in the process (described above) will be written to the same parent directory as that of the resolved configuration file, but if this directory is also a symbolic link it will not be resolved and the temporary files will be written to the location of the directory symbolic link.</p>
 <h3 id="contimeouttime">--contimeout=TIME</h3>
 <p>Set the connection timeout. This should be in go time format which looks like <code>5s</code> for 5 seconds, <code>10m</code> for 10 minutes, or <code>3h30m</code>.</p>
 <p>The connection timeout is the amount of time rclone will wait for a connection to go through to a remote object storage system. It is <code>1m</code> by default.</p>
@@ -4535,13 +6406,21 @@ <h3 id="copy-destdir">--copy-dest=DIR</h3>
 <h3 id="dedupe-mode-mode">--dedupe-mode MODE</h3>
 <p>Mode to run dedupe command in. One of <code>interactive</code>, <code>skip</code>, <code>first</code>, <code>newest</code>, <code>oldest</code>, <code>rename</code>. The default is <code>interactive</code>.<br />
 See the dedupe command for more information as to what these options mean.</p>
+<h3 id="default-time-time">--default-time TIME</h3>
+<p>If a file or directory does have a modification time rclone can read then rclone will display this fixed time instead.</p>
+<p>The default is <code>2000-01-01 00:00:00 UTC</code>. This can be configured in any of the ways shown in <a href="#time-option">the time or duration options</a>.</p>
+<p>For example <code>--default-time 2020-06-01</code> to set the default time to the 1st of June 2020 or <code>--default-time 0s</code> to set the default time to the time rclone started up.</p>
 <h3 id="disable-featurefeature...">--disable FEATURE,FEATURE,...</h3>
 <p>This disables a comma separated list of optional features. For example to disable server-side move and server-side copy use:</p>
 <pre><code>--disable move,copy</code></pre>
 <p>The features can be put in any case.</p>
 <p>To see a list of which features can be disabled use:</p>
 <pre><code>--disable help</code></pre>
+<p>The features a remote has can be seen in JSON format with:</p>
+<pre><code>rclone backend features remote:</code></pre>
 <p>See the overview <a href="https://rclone.org/overview/#features">features</a> and <a href="https://rclone.org/overview/#optional-features">optional features</a> to get an idea of which feature does what.</p>
+<p>Note that some features can be set to <code>true</code> if they are <code>true</code>/<code>false</code> feature flag features by prefixing them with <code>!</code>. For example the <code>CaseInsensitive</code> feature can be forced to <code>false</code> with <code>--disable CaseInsensitive</code> and forced to <code>true</code> with <code>--disable '!CaseInsensitive'</code>. In general it isn't a good idea doing this but it may be useful in extremis.</p>
+<p>(Note that <code>!</code> is a shell command which you will need to escape with single quotes or a backslash on unix like platforms.)</p>
 <p>This flag can be useful for debugging and in exceptional circumstances (e.g. Google Drive limiting the total volume of Server Side Copies to 100 GiB/day).</p>
 <h3 id="disable-http2">--disable-http2</h3>
 <p>This stops rclone from trying to use HTTP/2 if available. This can sometimes speed up transfers due to a <a href="https://github.com/golang/go/issues/37373">problem in the Go standard library</a>.</p>
@@ -4610,6 +6489,22 @@ <h3 id="immutable">--immutable</h3>
 <p>With this option set, files will be created and deleted as requested, but existing files will never be updated. If an existing file does not match between the source and destination, rclone will give the error <code>Source and destination exist but do not match: immutable file modified</code>.</p>
 <p>Note that only commands which transfer files (e.g. <code>sync</code>, <code>copy</code>, <code>move</code>) are affected by this behavior, and only modification is disallowed. Files may still be deleted explicitly (e.g. <code>delete</code>, <code>purge</code>) or implicitly (e.g. <code>sync</code>, <code>move</code>). Use <code>copy --immutable</code> if it is desired to avoid deletion as well as modification.</p>
 <p>This can be useful as an additional layer of protection for immutable or append-only data sets (notably backup archives), where modification implies corruption and should not be propagated.</p>
+<h3 id="inplace">--inplace</h3>
+<p>The <code>--inplace</code> flag changes the behaviour of rclone when uploading files to some backends (backends with the <code>PartialUploads</code> feature flag set) such as:</p>
+<ul>
+<li>local</li>
+<li>ftp</li>
+<li>sftp</li>
+</ul>
+<p>Without <code>--inplace</code> (the default) rclone will first upload to a temporary file with an extension like this, where <code>XXXXXX</code> represents a random string and <code>.partial</code> is <a href="#partial-suffix">--partial-suffix</a> value (<code>.partial</code> by default).</p>
+<pre><code>original-file-name.XXXXXX.partial</code></pre>
+<p>(rclone will make sure the final name is no longer than 100 characters by truncating the <code>original-file-name</code> part if necessary).</p>
+<p>When the upload is complete, rclone will rename the <code>.partial</code> file to the correct name, overwriting any existing file at that point. If the upload fails then the <code>.partial</code> file will be deleted.</p>
+<p>This prevents other users of the backend from seeing partially uploaded files in their new names and prevents overwriting the old file until the new one is completely uploaded.</p>
+<p>If the <code>--inplace</code> flag is supplied, rclone will upload directly to the final name without creating a <code>.partial</code> file.</p>
+<p>This means that an incomplete file will be visible in the directory listings while the upload is in progress and any existing files will be overwritten as soon as the upload starts. If the transfer fails then the file will be deleted. This can cause data loss of the existing file if the transfer fails.</p>
+<p>Note that on the local file system if you don't use <code>--inplace</code> hard links (Unix only) will be broken. And if you do use <code>--inplace</code> you won't be able to update in use executables.</p>
+<p>Note also that versions of rclone prior to v1.63.0 behave as if the <code>--inplace</code> flag is always supplied.</p>
 <h3 id="interactive">-i, --interactive</h3>
 <p>This flag can be used to tell rclone that you wish a manual confirmation before destructive operations.</p>
 <p>It is <strong>recommended</strong> that you use this flag while learning rclone especially with <code>rclone sync</code>.</p>
@@ -4669,46 +6564,119 @@ <h3 id="max-depthn">--max-depth=N</h3>
 <p>You can use this command to disable recursion (with <code>--max-depth 1</code>).</p>
 <p>Note that if you use this with <code>sync</code> and <code>--delete-excluded</code> the files not recursed through are considered excluded and will be deleted on the destination. Test first with <code>--dry-run</code> if you are not sure what will happen.</p>
 <h3 id="max-durationtime">--max-duration=TIME</h3>
-<p>Rclone will stop scheduling new transfers when it has run for the duration specified.</p>
-<p>Defaults to off.</p>
-<p>When the limit is reached any existing transfers will complete.</p>
-<p>Rclone won't exit with an error if the transfer limit is reached.</p>
+<p>Rclone will stop transferring when it has run for the duration specified. Defaults to off.</p>
+<p>When the limit is reached all transfers will stop immediately. Use <code>--cutoff-mode</code> to modify this behaviour.</p>
+<p>Rclone will exit with exit code 10 if the duration limit is reached.</p>
 <h3 id="max-transfersize">--max-transfer=SIZE</h3>
 <p>Rclone will stop transferring when it has reached the size specified. Defaults to off.</p>
-<p>When the limit is reached all transfers will stop immediately.</p>
+<p>When the limit is reached all transfers will stop immediately. Use <code>--cutoff-mode</code> to modify this behaviour.</p>
 <p>Rclone will exit with exit code 8 if the transfer limit is reached.</p>
-<h2 id="m---metadata">-M, --metadata</h2>
-<p>Setting this flag enables rclone to copy the metadata from the source to the destination. For local backends this is ownership, permissions, xattr etc. See the <a href="metadata%20section">#metadata</a> for more info.</p>
-<h3 id="metadata-set-keyvalue">--metadata-set key=value</h3>
-<p>Add metadata <code>key</code> = <code>value</code> when uploading. This can be repeated as many times as required. See the <a href="metadata%20section">#metadata</a> for more info.</p>
 <h3 id="cutoff-modehardsoftcautious">--cutoff-mode=hard|soft|cautious</h3>
-<p>This modifies the behavior of <code>--max-transfer</code> Defaults to <code>--cutoff-mode=hard</code>.</p>
+<p>This modifies the behavior of <code>--max-transfer</code> and <code>--max-duration</code> Defaults to <code>--cutoff-mode=hard</code>.</p>
 <p>Specifying <code>--cutoff-mode=hard</code> will stop transferring immediately when Rclone reaches the limit.</p>
 <p>Specifying <code>--cutoff-mode=soft</code> will stop starting new transfers when Rclone reaches the limit.</p>
-<p>Specifying <code>--cutoff-mode=cautious</code> will try to prevent Rclone from reaching the limit.</p>
+<p>Specifying <code>--cutoff-mode=cautious</code> will try to prevent Rclone from reaching the limit. Only applicable for <code>--max-transfer</code></p>
+<h2 id="m---metadata">-M, --metadata</h2>
+<p>Setting this flag enables rclone to copy the metadata from the source to the destination. For local backends this is ownership, permissions, xattr etc. See the <a href="#metadata">metadata section</a> for more info.</p>
+<h3 id="metadata-mapper">--metadata-mapper SpaceSepList</h3>
+<p>If you supply the parameter <code>--metadata-mapper /path/to/program</code> then rclone will use that program to map metadata from source object to destination object.</p>
+<p>The argument to this flag should be a command with an optional space separated list of arguments. If one of the arguments has a space in then enclose it in <code>"</code>, if you want a literal <code>"</code> in an argument then enclose the argument in <code>"</code> and double the <code>"</code>. See <a href="https://godoc.org/encoding/csv">CSV encoding</a> for more info.</p>
+<pre><code>--metadata-mapper &quot;python bin/test_metadata_mapper.py&quot;
+--metadata-mapper &#39;python bin/test_metadata_mapper.py &quot;argument with a space&quot;&#39;
+--metadata-mapper &#39;python bin/test_metadata_mapper.py &quot;argument with &quot;&quot;two&quot;&quot; quotes&quot;&#39;</code></pre>
+<p>This uses a simple JSON based protocol with input on STDIN and output on STDOUT. This will be called for every file and directory copied and may be called concurrently.</p>
+<p>The program's job is to take a metadata blob on the input and turn it into a metadata blob on the output suitable for the destination backend.</p>
+<p>Input to the program (via STDIN) might look like this. This provides some context for the <code>Metadata</code> which may be important.</p>
+<ul>
+<li><code>SrcFs</code> is the config string for the remote that the object is currently on.</li>
+<li><code>SrcFsType</code> is the name of the source backend.</li>
+<li><code>DstFs</code> is the config string for the remote that the object is being copied to</li>
+<li><code>DstFsType</code> is the name of the destination backend.</li>
+<li><code>Remote</code> is the path of the file relative to the root.</li>
+<li><code>Size</code>, <code>MimeType</code>, <code>ModTime</code> are attributes of the file.</li>
+<li><code>IsDir</code> is <code>true</code> if this is a directory (not yet implemented).</li>
+<li><code>ID</code> is the source <code>ID</code> of the file if known.</li>
+<li><code>Metadata</code> is the backend specific metadata as described in the backend docs.</li>
+</ul>
+<div class="sourceCode" id="cb559"><pre class="sourceCode json"><code class="sourceCode json"><span id="cb559-1"><a href="#cb559-1" aria-hidden="true"></a><span class="fu">{</span></span>
+<span id="cb559-2"><a href="#cb559-2" aria-hidden="true"></a>    <span class="dt">&quot;SrcFs&quot;</span><span class="fu">:</span> <span class="st">&quot;gdrive:&quot;</span><span class="fu">,</span></span>
+<span id="cb559-3"><a href="#cb559-3" aria-hidden="true"></a>    <span class="dt">&quot;SrcFsType&quot;</span><span class="fu">:</span> <span class="st">&quot;drive&quot;</span><span class="fu">,</span></span>
+<span id="cb559-4"><a href="#cb559-4" aria-hidden="true"></a>    <span class="dt">&quot;DstFs&quot;</span><span class="fu">:</span> <span class="st">&quot;newdrive:user&quot;</span><span class="fu">,</span></span>
+<span id="cb559-5"><a href="#cb559-5" aria-hidden="true"></a>    <span class="dt">&quot;DstFsType&quot;</span><span class="fu">:</span> <span class="st">&quot;onedrive&quot;</span><span class="fu">,</span></span>
+<span id="cb559-6"><a href="#cb559-6" aria-hidden="true"></a>    <span class="dt">&quot;Remote&quot;</span><span class="fu">:</span> <span class="st">&quot;test.txt&quot;</span><span class="fu">,</span></span>
+<span id="cb559-7"><a href="#cb559-7" aria-hidden="true"></a>    <span class="dt">&quot;Size&quot;</span><span class="fu">:</span> <span class="dv">6</span><span class="fu">,</span></span>
+<span id="cb559-8"><a href="#cb559-8" aria-hidden="true"></a>    <span class="dt">&quot;MimeType&quot;</span><span class="fu">:</span> <span class="st">&quot;text/plain; charset=utf-8&quot;</span><span class="fu">,</span></span>
+<span id="cb559-9"><a href="#cb559-9" aria-hidden="true"></a>    <span class="dt">&quot;ModTime&quot;</span><span class="fu">:</span> <span class="st">&quot;2022-10-11T17:53:10.286745272+01:00&quot;</span><span class="fu">,</span></span>
+<span id="cb559-10"><a href="#cb559-10" aria-hidden="true"></a>    <span class="dt">&quot;IsDir&quot;</span><span class="fu">:</span> <span class="kw">false</span><span class="fu">,</span></span>
+<span id="cb559-11"><a href="#cb559-11" aria-hidden="true"></a>    <span class="dt">&quot;ID&quot;</span><span class="fu">:</span> <span class="st">&quot;xyz&quot;</span><span class="fu">,</span></span>
+<span id="cb559-12"><a href="#cb559-12" aria-hidden="true"></a>    <span class="dt">&quot;Metadata&quot;</span><span class="fu">:</span> <span class="fu">{</span></span>
+<span id="cb559-13"><a href="#cb559-13" aria-hidden="true"></a>        <span class="dt">&quot;btime&quot;</span><span class="fu">:</span> <span class="st">&quot;2022-10-11T16:53:11Z&quot;</span><span class="fu">,</span></span>
+<span id="cb559-14"><a href="#cb559-14" aria-hidden="true"></a>        <span class="dt">&quot;content-type&quot;</span><span class="fu">:</span> <span class="st">&quot;text/plain; charset=utf-8&quot;</span><span class="fu">,</span></span>
+<span id="cb559-15"><a href="#cb559-15" aria-hidden="true"></a>        <span class="dt">&quot;mtime&quot;</span><span class="fu">:</span> <span class="st">&quot;2022-10-11T17:53:10.286745272+01:00&quot;</span><span class="fu">,</span></span>
+<span id="cb559-16"><a href="#cb559-16" aria-hidden="true"></a>        <span class="dt">&quot;owner&quot;</span><span class="fu">:</span> <span class="st">&quot;user1@domain1.com&quot;</span><span class="fu">,</span></span>
+<span id="cb559-17"><a href="#cb559-17" aria-hidden="true"></a>        <span class="dt">&quot;permissions&quot;</span><span class="fu">:</span> <span class="st">&quot;...&quot;</span><span class="fu">,</span></span>
+<span id="cb559-18"><a href="#cb559-18" aria-hidden="true"></a>        <span class="dt">&quot;description&quot;</span><span class="fu">:</span> <span class="st">&quot;my nice file&quot;</span><span class="fu">,</span></span>
+<span id="cb559-19"><a href="#cb559-19" aria-hidden="true"></a>        <span class="dt">&quot;starred&quot;</span><span class="fu">:</span> <span class="st">&quot;false&quot;</span></span>
+<span id="cb559-20"><a href="#cb559-20" aria-hidden="true"></a>    <span class="fu">}</span></span>
+<span id="cb559-21"><a href="#cb559-21" aria-hidden="true"></a><span class="fu">}</span></span></code></pre></div>
+<p>The program should then modify the input as desired and send it to STDOUT. The returned <code>Metadata</code> field will be used in its entirety for the destination object. Any other fields will be ignored. Note in this example we translate user names and permissions and add something to the description:</p>
+<div class="sourceCode" id="cb560"><pre class="sourceCode json"><code class="sourceCode json"><span id="cb560-1"><a href="#cb560-1" aria-hidden="true"></a><span class="fu">{</span></span>
+<span id="cb560-2"><a href="#cb560-2" aria-hidden="true"></a>    <span class="dt">&quot;Metadata&quot;</span><span class="fu">:</span> <span class="fu">{</span></span>
+<span id="cb560-3"><a href="#cb560-3" aria-hidden="true"></a>        <span class="dt">&quot;btime&quot;</span><span class="fu">:</span> <span class="st">&quot;2022-10-11T16:53:11Z&quot;</span><span class="fu">,</span></span>
+<span id="cb560-4"><a href="#cb560-4" aria-hidden="true"></a>        <span class="dt">&quot;content-type&quot;</span><span class="fu">:</span> <span class="st">&quot;text/plain; charset=utf-8&quot;</span><span class="fu">,</span></span>
+<span id="cb560-5"><a href="#cb560-5" aria-hidden="true"></a>        <span class="dt">&quot;mtime&quot;</span><span class="fu">:</span> <span class="st">&quot;2022-10-11T17:53:10.286745272+01:00&quot;</span><span class="fu">,</span></span>
+<span id="cb560-6"><a href="#cb560-6" aria-hidden="true"></a>        <span class="dt">&quot;owner&quot;</span><span class="fu">:</span> <span class="st">&quot;user1@domain2.com&quot;</span><span class="fu">,</span></span>
+<span id="cb560-7"><a href="#cb560-7" aria-hidden="true"></a>        <span class="dt">&quot;permissions&quot;</span><span class="fu">:</span> <span class="st">&quot;...&quot;</span><span class="fu">,</span></span>
+<span id="cb560-8"><a href="#cb560-8" aria-hidden="true"></a>        <span class="dt">&quot;description&quot;</span><span class="fu">:</span> <span class="st">&quot;my nice file [migrated from domain1]&quot;</span><span class="fu">,</span></span>
+<span id="cb560-9"><a href="#cb560-9" aria-hidden="true"></a>        <span class="dt">&quot;starred&quot;</span><span class="fu">:</span> <span class="st">&quot;false&quot;</span></span>
+<span id="cb560-10"><a href="#cb560-10" aria-hidden="true"></a>    <span class="fu">}</span></span>
+<span id="cb560-11"><a href="#cb560-11" aria-hidden="true"></a><span class="fu">}</span></span></code></pre></div>
+<p>Metadata can be removed here too.</p>
+<p>An example python program might look something like this to implement the above transformations.</p>
+<div class="sourceCode" id="cb561"><pre class="sourceCode python"><code class="sourceCode python"><span id="cb561-1"><a href="#cb561-1" aria-hidden="true"></a><span class="im">import</span> sys, json</span>
+<span id="cb561-2"><a href="#cb561-2" aria-hidden="true"></a></span>
+<span id="cb561-3"><a href="#cb561-3" aria-hidden="true"></a>i <span class="op">=</span> json.load(sys.stdin)</span>
+<span id="cb561-4"><a href="#cb561-4" aria-hidden="true"></a>metadata <span class="op">=</span> i[<span class="st">&quot;Metadata&quot;</span>]</span>
+<span id="cb561-5"><a href="#cb561-5" aria-hidden="true"></a><span class="co"># Add tag to description</span></span>
+<span id="cb561-6"><a href="#cb561-6" aria-hidden="true"></a><span class="cf">if</span> <span class="st">&quot;description&quot;</span> <span class="kw">in</span> metadata:</span>
+<span id="cb561-7"><a href="#cb561-7" aria-hidden="true"></a>    metadata[<span class="st">&quot;description&quot;</span>] <span class="op">+=</span> <span class="st">&quot; [migrated from domain1]&quot;</span></span>
+<span id="cb561-8"><a href="#cb561-8" aria-hidden="true"></a><span class="cf">else</span>:</span>
+<span id="cb561-9"><a href="#cb561-9" aria-hidden="true"></a>    metadata[<span class="st">&quot;description&quot;</span>] <span class="op">=</span> <span class="st">&quot;[migrated from domain1]&quot;</span></span>
+<span id="cb561-10"><a href="#cb561-10" aria-hidden="true"></a><span class="co"># Modify owner</span></span>
+<span id="cb561-11"><a href="#cb561-11" aria-hidden="true"></a><span class="cf">if</span> <span class="st">&quot;owner&quot;</span> <span class="kw">in</span> metadata:</span>
+<span id="cb561-12"><a href="#cb561-12" aria-hidden="true"></a>    metadata[<span class="st">&quot;owner&quot;</span>] <span class="op">=</span> metadata[<span class="st">&quot;owner&quot;</span>].replace(<span class="st">&quot;domain1.com&quot;</span>, <span class="st">&quot;domain2.com&quot;</span>)</span>
+<span id="cb561-13"><a href="#cb561-13" aria-hidden="true"></a>o <span class="op">=</span> { <span class="st">&quot;Metadata&quot;</span>: metadata }</span>
+<span id="cb561-14"><a href="#cb561-14" aria-hidden="true"></a>json.dump(o, sys.stdout, indent<span class="op">=</span><span class="st">&quot;</span><span class="ch">\t</span><span class="st">&quot;</span>)</span></code></pre></div>
+<p>You can find this example (slightly expanded) in the rclone source code at <a href="https://github.com/rclone/rclone/blob/master/test_metadata_mapper.py">bin/test_metadata_mapper.py</a>.</p>
+<p>If you want to see the input to the metadata mapper and the output returned from it in the log you can use <code>-vv --dump mapper</code>.</p>
+<p>See the <a href="#metadata">metadata section</a> for more info.</p>
+<h3 id="metadata-set-keyvalue">--metadata-set key=value</h3>
+<p>Add metadata <code>key</code> = <code>value</code> when uploading. This can be repeated as many times as required. See the <a href="#metadata">metadata section</a> for more info.</p>
 <h3 id="modify-windowtime">--modify-window=TIME</h3>
 <p>When checking whether a file has been modified, this is the maximum allowed time difference that a file can have and still be considered equivalent.</p>
 <p>The default is <code>1ns</code> unless this is overridden by a remote. For example OS X only stores modification times to the nearest second so if you are reading and writing to an OS X filing system this will be <code>1s</code> by default.</p>
 <p>This command line flag allows you to override that computed default.</p>
-<h3 id="multi-thread-cutoffsize">--multi-thread-cutoff=SIZE</h3>
-<p>When downloading files to the local backend above this size, rclone will use multiple threads to download the file (default 250M).</p>
-<p>Rclone preallocates the file (using <code>fallocate(FALLOC_FL_KEEP_SIZE)</code> on unix or <code>NTSetInformationFile</code> on Windows both of which takes no time) then each thread writes directly into the file at the correct place. This means that rclone won't create fragmented or sparse files and there won't be any assembly time at the end of the transfer.</p>
-<p>The number of threads used to download is controlled by <code>--multi-thread-streams</code>.</p>
+<h3 id="multi-thread-write-buffer-sizesize">--multi-thread-write-buffer-size=SIZE</h3>
+<p>When transferring with multiple threads, rclone will buffer SIZE bytes in memory before writing to disk for each thread.</p>
+<p>This can improve performance if the underlying filesystem does not deal well with a lot of small writes in different positions of the file, so if you see transfers being limited by disk write speed, you might want to experiment with different values. Specially for magnetic drives and remote file systems a higher value can be useful.</p>
+<p>Nevertheless, the default of <code>128k</code> should be fine for almost all use cases, so before changing it ensure that network is not really your bottleneck.</p>
+<p>As a final hint, size is not the only factor: block size (or similar concept) can have an impact. In one case, we observed that exact multiples of 16k performed much better than other values.</p>
+<h3 id="multi-thread-chunk-sizesizesuffix">--multi-thread-chunk-size=SizeSuffix</h3>
+<p>Normally the chunk size for multi thread transfers is set by the backend. However some backends such as <code>local</code> and <code>smb</code> (which implement <code>OpenWriterAt</code> but not <code>OpenChunkWriter</code>) don't have a natural chunk size.</p>
+<p>In this case the value of this option is used (default 64Mi).</p>
+<h3 id="multi-thread-cutoff">--multi-thread-cutoff=SIZE</h3>
+<p>When transferring files above SIZE to capable backends, rclone will use multiple threads to transfer the file (default 256M).</p>
+<p>Capable backends are marked in the <a href="https://rclone.org/overview/#optional-features">overview</a> as <code>MultithreadUpload</code>. (They need to implement either the <code>OpenWriterAt</code> or <code>OpenChunkedWriter</code> internal interfaces). These include include, <code>local</code>, <code>s3</code>, <code>azureblob</code>, <code>b2</code>, <code>oracleobjectstorage</code> and <code>smb</code> at the time of writing.</p>
+<p>On the local disk, rclone preallocates the file (using <code>fallocate(FALLOC_FL_KEEP_SIZE)</code> on unix or <code>NTSetInformationFile</code> on Windows both of which takes no time) then each thread writes directly into the file at the correct place. This means that rclone won't create fragmented or sparse files and there won't be any assembly time at the end of the transfer.</p>
+<p>The number of threads used to transfer is controlled by <code>--multi-thread-streams</code>.</p>
 <p>Use <code>-vv</code> if you wish to see info about the threads.</p>
-<p>This will work with the <code>sync</code>/<code>copy</code>/<code>move</code> commands and friends <code>copyto</code>/<code>moveto</code>. Multi thread downloads will be used with <code>rclone mount</code> and <code>rclone serve</code> if <code>--vfs-cache-mode</code> is set to <code>writes</code> or above.</p>
-<p><strong>NB</strong> that this <strong>only</strong> works for a local destination but will work with any source.</p>
-<p><strong>NB</strong> that multi thread copies are disabled for local to local copies as they are faster without unless <code>--multi-thread-streams</code> is set explicitly.</p>
-<p><strong>NB</strong> on Windows using multi-thread downloads will cause the resulting files to be <a href="https://en.wikipedia.org/wiki/Sparse_file">sparse</a>. Use <code>--local-no-sparse</code> to disable sparse files (which may cause long delays at the start of downloads) or disable multi-thread downloads with <code>--multi-thread-streams 0</code></p>
+<p>This will work with the <code>sync</code>/<code>copy</code>/<code>move</code> commands and friends <code>copyto</code>/<code>moveto</code>. Multi thread transfers will be used with <code>rclone mount</code> and <code>rclone serve</code> if <code>--vfs-cache-mode</code> is set to <code>writes</code> or above.</p>
+<p><strong>NB</strong> that this <strong>only</strong> works with supported backends as the destination but will work with any backend as the source.</p>
+<p><strong>NB</strong> that multi-thread copies are disabled for local to local copies as they are faster without unless <code>--multi-thread-streams</code> is set explicitly.</p>
+<p><strong>NB</strong> on Windows using multi-thread transfers to the local disk will cause the resulting files to be <a href="https://en.wikipedia.org/wiki/Sparse_file">sparse</a>. Use <code>--local-no-sparse</code> to disable sparse files (which may cause long delays at the start of transfers) or disable multi-thread transfers with <code>--multi-thread-streams 0</code></p>
 <h3 id="multi-thread-streamsn">--multi-thread-streams=N</h3>
-<p>When using multi thread downloads (see above <code>--multi-thread-cutoff</code>) this sets the maximum number of streams to use. Set to <code>0</code> to disable multi thread downloads (Default 4).</p>
-<p>Exactly how many streams rclone uses for the download depends on the size of the file. To calculate the number of download streams Rclone divides the size of the file by the <code>--multi-thread-cutoff</code> and rounds up, up to the maximum set with <code>--multi-thread-streams</code>.</p>
-<p>So if <code>--multi-thread-cutoff 250M</code> and <code>--multi-thread-streams 4</code> are in effect (the defaults):</p>
-<ul>
-<li>0..250 MiB files will be downloaded with 1 stream</li>
-<li>250..500 MiB files will be downloaded with 2 streams</li>
-<li>500..750 MiB files will be downloaded with 3 streams</li>
-<li>750+ MiB files will be downloaded with 4 streams</li>
-</ul>
+<p>When using multi thread transfers (see above <code>--multi-thread-cutoff</code>) this sets the number of streams to use. Set to <code>0</code> to disable multi thread transfers (Default 4).</p>
+<p>If the backend has a <code>--backend-upload-concurrency</code> setting (eg <code>--s3-upload-concurrency</code>) then this setting will be used as the number of transfers instead if it is larger than the value of <code>--multi-thread-streams</code> or <code>--multi-thread-streams</code> isn't set.</p>
 <h3 id="no-check-dest">--no-check-dest</h3>
 <p>The <code>--no-check-dest</code> can be used with <code>move</code> or <code>copy</code> and it causes rclone not to check the destination at all when copying files.</p>
 <p>This means that:</p>
@@ -4758,7 +6726,7 @@ <h3 id="order-by-string">--order-by string</h3>
 <li><code>--order-by name</code> - send the files with alphabetically by path first</li>
 </ul>
 <p>If the <code>--order-by</code> flag is not supplied or it is supplied with an empty string then the default ordering will be used which is as scanned. With <code>--checkers 1</code> this is mostly alphabetical, however with the default <code>--checkers 8</code> it is somewhat random.</p>
-<h4 id="limitations-1">Limitations</h4>
+<h4 id="limitations-2">Limitations</h4>
 <p>The <code>--order-by</code> flag does not do a separate pass over the data. This means that it may transfer some files out of the order specified if</p>
 <ul>
 <li>there are no files in the backlog or the source has not been fully scanned yet</li>
@@ -4766,13 +6734,17 @@ <h4 id="limitations-1">Limitations</h4>
 </ul>
 <p>Rclone will do its best to transfer the best file it has so in practice this should not cause a problem. Think of <code>--order-by</code> as being more of a best efforts flag rather than a perfect ordering.</p>
 <p>If you want perfect ordering then you will need to specify <a href="#check-first">--check-first</a> which will find all the files which need transferring first before transferring any.</p>
+<h3 id="partial-suffix">--partial-suffix</h3>
+<p>When <a href="#inplace">--inplace</a> is not used, it causes rclone to use the <code>--partial-suffix</code> as suffix for temporary files.</p>
+<p>Suffix length limit is 16 characters.</p>
+<p>The default is <code>.partial</code>.</p>
 <h3 id="password-command-spaceseplist">--password-command SpaceSepList</h3>
 <p>This flag supplies a program which should supply the config password when run. This is an alternative to rclone prompting for the password or setting the <code>RCLONE_CONFIG_PASS</code> variable.</p>
 <p>The argument to this should be a command with a space separated list of arguments. If one of the arguments has a space in then enclose it in <code>"</code>, if you want a literal <code>"</code> in an argument then enclose the argument in <code>"</code> and double the <code>"</code>. See <a href="https://godoc.org/encoding/csv">CSV encoding</a> for more info.</p>
 <p>Eg</p>
-<pre><code>--password-command echo hello
---password-command echo &quot;hello with space&quot;
---password-command echo &quot;hello with &quot;&quot;quotes&quot;&quot; and space&quot;</code></pre>
+<pre><code>--password-command &quot;echo hello&quot;
+--password-command &#39;echo &quot;hello with space&quot;&#39;
+--password-command &#39;echo &quot;hello with &quot;&quot;quotes&quot;&quot; and space&quot;&#39;</code></pre>
 <p>See the <a href="#configuration-encryption">Configuration Encryption</a> for more info.</p>
 <p>See a <a href="https://github.com/rclone/rclone/wiki/Windows-Powershell-use-rclone-password-command-for-Config-file-password">Windows PowerShell example on the Wiki</a>.</p>
 <h3 id="p---progress">-P, --progress</h3>
@@ -4843,6 +6815,7 @@ <h3 id="suffixsuffix">--suffix=SUFFIX</h3>
 <h3 id="suffix-keep-extension">--suffix-keep-extension</h3>
 <p>When using <code>--suffix</code>, setting this causes rclone put the SUFFIX before the extension of the files that it backs up rather than after.</p>
 <p>So let's say we had <code>--suffix -2019-01-01</code>, without the flag <code>file.txt</code> would be backed up to <code>file.txt-2019-01-01</code> and with the flag it would be backed up to <code>file-2019-01-01.txt</code>. This can be helpful to make sure the suffixed files can still be opened.</p>
+<p>If a file has two (or more) extensions and the second (or subsequent) extension is recognised as a valid mime type, then the suffix will go before that extension. So <code>file.tar.gz</code> would be backed up to <code>file-2019-01-01.tar.gz</code> whereas <code>file.badextension.gz</code> would be backed up to <code>file.badextension-2019-01-01.gz</code>.</p>
 <h3 id="syslog">--syslog</h3>
 <p>On capable OSes (not Windows or Plan9) send all log output to syslog.</p>
 <p>This can be useful for running rclone in a script or <code>rclone mount</code>.</p>
@@ -4894,18 +6867,12 @@ <h3 id="delete-beforeduringafter">--delete-(before,during,after)</h3>
 <p>Specifying <code>--delete-during</code> will delete files while checking and uploading files. This is the fastest option and uses the least memory.</p>
 <p>Specifying <code>--delete-after</code> (the default value) will delay deletion of files until all new/updated files have been successfully transferred. The files to be deleted are collected in the copy pass then deleted after the copy pass has completed successfully. The files to be deleted are held in memory so this mode may use more memory. This is the safest mode as it will only delete files if there have been no errors subsequent to that. If there have been errors before the deletions start then you will get the message <code>not deleting files as there were IO errors</code>.</p>
 <h3 id="fast-list">--fast-list</h3>
-<p>When doing anything which involves a directory listing (e.g. <code>sync</code>, <code>copy</code>, <code>ls</code> - in fact nearly every command), rclone normally lists a directory and processes it before using more directory lists to process any subdirectories. This can be parallelised and works very quickly using the least amount of memory.</p>
-<p>However, some remotes have a way of listing all files beneath a directory in one (or a small number) of transactions. These tend to be the bucket-based remotes (e.g. S3, B2, GCS, Swift).</p>
-<p>If you use the <code>--fast-list</code> flag then rclone will use this method for listing directories. This will have the following consequences for the listing:</p>
-<ul>
-<li>It <strong>will</strong> use fewer transactions (important if you pay for them)</li>
-<li>It <strong>will</strong> use more memory. Rclone has to load the whole listing into memory.</li>
-<li>It <em>may</em> be faster because it uses fewer transactions</li>
-<li>It <em>may</em> be slower because it can't be parallelized</li>
-</ul>
-<p>rclone should always give identical results with and without <code>--fast-list</code>.</p>
-<p>If you pay for transactions and can fit your entire sync listing into memory then <code>--fast-list</code> is recommended. If you have a very big sync to do then don't use <code>--fast-list</code> otherwise you will run out of memory.</p>
-<p>If you use <code>--fast-list</code> on a remote which doesn't support it, then rclone will just ignore it.</p>
+<p>When doing anything which involves a directory listing (e.g. <code>sync</code>, <code>copy</code>, <code>ls</code> - in fact nearly every command), rclone has different strategies to choose from.</p>
+<p>The basic strategy is to list one directory and processes it before using more directory lists to process any subdirectories. This is a mandatory backend feature, called <code>List</code>, which means it is supported by all backends. This strategy uses small amount of memory, and because it can be parallelised it is fast for operations involving processing of the list results.</p>
+<p>Some backends provide the support for an alternative strategy, where all files beneath a directory can be listed in one (or a small number) of transactions. Rclone supports this alternative strategy through an optional backend feature called <a href="https://rclone.org/overview/#listr"><code>ListR</code></a>. You can see in the storage system overview documentation's <a href="https://rclone.org/overview/#optional-features">optional features</a> section which backends it is enabled for (these tend to be the bucket-based ones, e.g. S3, B2, GCS, Swift). This strategy requires fewer transactions for highly recursive operations, which is important on backends where this is charged or heavily rate limited. It may be faster (due to fewer transactions) or slower (because it can't be parallelized) depending on different parameters, and may require more memory if rclone has to keep the whole listing in memory.</p>
+<p>Which listing strategy rclone picks for a given operation is complicated, but in general it tries to choose the best possible. It will prefer <code>ListR</code> in situations where it doesn't need to store the listed files in memory, e.g. for unlimited recursive <code>ls</code> command variants. In other situations it will prefer <code>List</code>, e.g. for <code>sync</code> and <code>copy</code>, where it needs to keep the listed files in memory, and is performing operations on them where parallelization may be a huge advantage.</p>
+<p>Rclone is not able to take all relevant parameters into account for deciding the best strategy, and therefore allows you to influence the choice in two ways: You can stop rclone from using <code>ListR</code> by disabling the feature, using the <a href="#disable-feature-feature">--disable</a> option (<code>--disable ListR</code>), or you can allow rclone to use <code>ListR</code> where it would normally choose not to do so due to higher memory usage, using the <code>--fast-list</code> option. Rclone should always produce identical results either way. Using <code>--disable ListR</code> or <code>--fast-list</code> on a remote which doesn't support <code>ListR</code> does nothing, rclone will just ignore it.</p>
+<p>A rule of thumb is that if you pay for transactions and can fit your entire sync listing into memory, then <code>--fast-list</code> is recommended. If you have a very big sync to do, then don't use <code>--fast-list</code>, otherwise you will run out of memory. Run some tests and compare before you decide, and if in doubt then just leave the default, let rclone decide, i.e. not use <code>--fast-list</code>.</p>
 <h3 id="timeouttime">--timeout=TIME</h3>
 <p>This sets the IO idle timeout. If a transfer has started but then becomes idle for this long it is considered broken and disconnected.</p>
 <p>The default is <code>5m</code>. Set to <code>0</code> to disable.</p>
@@ -5022,6 +6989,8 @@ <h4 id="dump-goroutines">--dump goroutines</h4>
 <p>This dumps a list of the running go-routines at the end of the command to standard output.</p>
 <h4 id="dump-openfiles">--dump openfiles</h4>
 <p>This dumps a list of the open files at the end of the command. It uses the <code>lsof</code> command to do that so you'll need that installed to use it.</p>
+<h4 id="dump-mapper">--dump mapper</h4>
+<p>This shows the JSON blobs being sent to the program supplied with <code>--metadata-mapper</code> and received from it. It can be useful for debugging the metadata mapper interface.</p>
 <h3 id="memprofilefile">--memprofile=FILE</h3>
 <p>Write memory profile to file. This can be analysed with <code>go tool pprof</code>.</p>
 <h2 id="filtering">Filtering</h2>
@@ -5084,10 +7053,11 @@ <h3 id="list-of-exit-codes">List of exit codes</h3>
 <li><code>7</code> - Fatal error (one that more retries won't fix, like account suspended) (Fatal errors)</li>
 <li><code>8</code> - Transfer exceeded - limit set by --max-transfer reached</li>
 <li><code>9</code> - Operation successful, but no files transferred</li>
+<li><code>10</code> - Duration exceeded - limit set by --max-duration reached</li>
 </ul>
 <h2 id="environment-variables">Environment Variables</h2>
 <p>Rclone can be configured entirely using environment variables. These can be used to set defaults for options or config file entries.</p>
-<h3 id="options-86">Options</h3>
+<h3 id="options-89">Options</h3>
 <p>Every option in rclone can have its default set by environment variable.</p>
 <p>To find the name of the environment variable, first, take the long option name, strip the leading <code>--</code>, change <code>-</code> to <code>_</code>, make upper case and prepend <code>RCLONE_</code>.</p>
 <p>For example, to always set <code>--stats 5s</code>, set the environment variable <code>RCLONE_STATS=5s</code>. If you set stats on the command line this will override the environment variable setting.</p>
@@ -5097,7 +7067,7 @@ <h3 id="options-86">Options</h3>
 <p>The options set by environment variables can be seen with the <code>-vv</code> flag, e.g. <code>rclone version -vv</code>.</p>
 <h3 id="config-file">Config file</h3>
 <p>You can set defaults for values in the config file on an individual remote basis. The names of the config items are documented in the page for each backend.</p>
-<p>To find the name of the environment variable, you need to set, take <code>RCLONE_CONFIG_</code> + name of remote + <code>_</code> + name of config file option and make it all uppercase.</p>
+<p>To find the name of the environment variable, you need to set, take <code>RCLONE_CONFIG_</code> + name of remote + <code>_</code> + name of config file option and make it all uppercase. Note one implication here is the remote's name must be convertible into a valid environment variable name, so it can only contain letters, digits, or the <code>_</code> (underscore) character.</p>
 <p>For example, to configure an S3 remote named <code>mys3:</code> without a config file (using unix ways of setting environment variables):</p>
 <pre><code>$ export RCLONE_CONFIG_MYS3_TYPE=s3
 $ export RCLONE_CONFIG_MYS3_ACCESS_KEY_ID=XXX
@@ -5224,7 +7194,7 @@ <h1 id="filtering-includes-and-excludes">Filtering, includes and excludes</h1>
 <p>To test filters without risk of damage to data, apply them to <code>rclone ls</code>, or with the <code>--dry-run</code> and <code>-vv</code> flags.</p>
 <p>Rclone filter patterns can only be used in filter command line options, not in the specification of a remote.</p>
 <p>E.g. <code>rclone copy "remote:dir*.jpg" /path/to/dir</code> does not have a filter effect. <code>rclone copy remote:dir /path/to/dir --include "*.jpg"</code> does.</p>
-<p><strong>Important</strong> Avoid mixing any two of <code>--include...</code>, <code>--exclude...</code> or <code>--filter...</code> flags in an rclone command. The results may not be what you expect. Instead use a <code>--filter...</code> flag.</p>
+<p><strong>Important</strong> Avoid mixing any two of <code>--include...</code>, <code>--exclude...</code> or <code>--filter...</code> flags in an rclone command. The results might not be what you expect. Instead use a <code>--filter...</code> flag.</p>
 <h2 id="patterns-for-matching-pathfile-names">Patterns for matching path/file names</h2>
 <h3 id="patterns">Pattern syntax</h3>
 <p>Here is a formal definition of the pattern syntax, <a href="#examples">examples</a> are below.</p>
@@ -5261,7 +7231,7 @@ <h3 id="patterns">Pattern syntax</h3>
 /file.jpg  - matches &quot;file.jpg&quot; in the root directory of the remote
            - doesn&#39;t match &quot;afile.jpg&quot;
            - doesn&#39;t match &quot;directory/file.jpg&quot;</code></pre>
-<p>The top level of the remote may not be the top level of the drive.</p>
+<p>The top level of the remote might not be the top level of the drive.</p>
 <p>E.g. for a Microsoft Windows local directory structure</p>
 <pre><code>F:
 ├── bkp
@@ -5296,7 +7266,7 @@ <h2 id="regexp">Using regular expressions in filter patterns</h2>
 <p>Not</p>
 <pre><code>{{start.*end\.jpg}}</code></pre>
 <p>Which will match a directory called <code>start</code> with a file called <code>end.jpg</code> in it as the <code>.*</code> will match <code>/</code> characters.</p>
-<p>Note that you can use <code>-vv --dump filters</code> to show the filter patterns in regexp format - rclone implements the glob patters by transforming them into regular expressions.</p>
+<p>Note that you can use <code>-vv --dump filters</code> to show the filter patterns in regexp format - rclone implements the glob patterns by transforming them into regular expressions.</p>
 <h2 id="examples">Filter pattern examples</h2>
 <table>
 <thead>
@@ -5490,7 +7460,7 @@ <h3 id="exclude---exclude-files-matching-pattern"><code>--exclude</code> - Exclu
 <p><code>--exclude</code> has no effect when combined with <code>--files-from</code> or <code>--files-from-raw</code> flags.</p>
 <p>E.g. <code>rclone ls remote: --exclude *.bak</code> excludes all .bak files from listing.</p>
 <p>E.g. <code>rclone size remote: "--exclude /dir/**"</code> returns the total size of all files on <code>remote:</code> excluding those in root directory <code>dir</code> and sub directories.</p>
-<p>E.g. on Microsoft Windows <code>rclone ls remote: --exclude "*\[{JP,KR,HK}\]*"</code> lists the files in <code>remote:</code> with <code>[JP]</code> or <code>[KR]</code> or <code>[HK]</code> in their name. Quotes prevent the shell from interpreting the <code>\</code> characters.<code>\</code> characters escape the <code>[</code> and <code>]</code> so an rclone filter treats them literally rather than as a character-range. The <code>{</code> and <code>}</code> define an rclone pattern list. For other operating systems single quotes are required ie <code>rclone ls remote: --exclude '*\[{JP,KR,HK}\]*'</code></p>
+<p>E.g. on Microsoft Windows <code>rclone ls remote: --exclude "*\[{JP,KR,HK}\]*"</code> lists the files in <code>remote:</code> without <code>[JP]</code> or <code>[KR]</code> or <code>[HK]</code> in their name. Quotes prevent the shell from interpreting the <code>\</code> characters.<code>\</code> characters escape the <code>[</code> and <code>]</code> so an rclone filter treats them literally rather than as a character-range. The <code>{</code> and <code>}</code> define an rclone pattern list. For other operating systems single quotes are required ie <code>rclone ls remote: --exclude '*\[{JP,KR,HK}\]*'</code></p>
 <h3 id="exclude-from---read-exclude-patterns-from-file"><code>--exclude-from</code> - Read exclude patterns from file</h3>
 <p>Excludes path/file names from an rclone command based on rules in a named file. The file contains a list of remarks and pattern rules.</p>
 <p>For an example <code>exclude-file.txt</code>:</p>
@@ -5901,7 +7871,7 @@ <h3 id="setting-config-flags-with-_config">Setting config flags with _config</h3
 <p>For example, if you wished to run a sync with the <code>--checksum</code> parameter, you would pass this parameter in your JSON blob.</p>
 <pre><code>&quot;_config&quot;:{&quot;CheckSum&quot;: true}</code></pre>
 <p>If using <code>rclone rc</code> this could be passed as</p>
-<pre><code>rclone rc operations/sync ... _config=&#39;{&quot;CheckSum&quot;: true}&#39;</code></pre>
+<pre><code>rclone rc sync/sync ... _config=&#39;{&quot;CheckSum&quot;: true}&#39;</code></pre>
 <p>Any config parameters you don't set will inherit the global defaults which were set with command line flags or environment variables.</p>
 <p>Note that it is possible to set some values as strings or integers - see <a href="#data-types">data types</a> for more info. Here is an example setting the equivalent of <code>--buffer-size</code> in string or integer format.</p>
 <pre><code>&quot;_config&quot;:{&quot;BufferSize&quot;: &quot;42M&quot;}
@@ -6052,7 +8022,7 @@ <h3 id="config-get">config/get: Get a remote in the config file.</h3>
 </ul>
 <p>See the <a href="https://rclone.org/commands/rclone_config_dump/">config dump</a> command for more information on the above.</p>
 <p><strong>Authentication is required for this call.</strong></p>
-<h3 id="config-listremotes">config/listremotes: Lists the remotes in the config file.</h3>
+<h3 id="config-listremotes">config/listremotes: Lists the remotes in the config file and defined in environment variables.</h3>
 <p>Returns - remotes - array of remote names</p>
 <p>See the <a href="https://rclone.org/commands/rclone_listremotes/">listremotes</a> command for more information on the above.</p>
 <p><strong>Authentication is required for this call.</strong></p>
@@ -6164,6 +8134,21 @@ <h3 id="core-command">core/command: Run a rclone terminal command over rc.</h3>
 }
 </code></pre>
 <p><strong>Authentication is required for this call.</strong></p>
+<h3 id="core-du">core/du: Returns disk usage of a locally attached disk.</h3>
+<p>This returns the disk usage for the local directory passed in as dir.</p>
+<p>If the directory is not passed in, it defaults to the directory pointed to by --cache-dir.</p>
+<ul>
+<li>dir - string (optional)</li>
+</ul>
+<p>Returns:</p>
+<pre><code>{
+    &quot;dir&quot;: &quot;/&quot;,
+    &quot;info&quot;: {
+        &quot;Available&quot;: 361769115648,
+        &quot;Free&quot;: 361785892864,
+        &quot;Total&quot;: 982141468672
+    }
+}</code></pre>
 <h3 id="core-gc">core/gc: Runs a garbage collection.</h3>
 <p>This tells the go runtime to do a garbage collection run. It isn't necessary to call this normally, but it can be useful for debugging memory problems.</p>
 <h3 id="core-group-list">core/group-list: Returns list of stats.</h3>
@@ -6215,6 +8200,10 @@ <h3 id="core-stats">core/stats: Returns stats about current transfers.</h3>
     &quot;lastError&quot;: last error string,
     &quot;renames&quot; : number of files renamed,
     &quot;retryError&quot;: boolean showing whether there has been at least one non-NoRetryError,
+        &quot;serverSideCopies&quot;: number of server side copies done,
+        &quot;serverSideCopyBytes&quot;: number bytes server side copied,
+        &quot;serverSideMoves&quot;: number of server side moves done,
+        &quot;serverSideMoveBytes&quot;: number bytes server side moved,
     &quot;speed&quot;: average speed in bytes per second since start of the group,
     &quot;totalBytes&quot;: total number of bytes in the group,
     &quot;totalChecks&quot;: total number of checks in the group,
@@ -6340,7 +8329,8 @@ <h3 id="job-list">job/list: Lists the IDs of the running jobs</h3>
 <p>Parameters: None.</p>
 <p>Results:</p>
 <ul>
-<li>jobids - array of integer job ids.</li>
+<li>executeId - string id of rclone executing (change after restart)</li>
+<li>jobids - array of integer job ids (starting at 1 on each restart)</li>
 </ul>
 <h3 id="job-status">job/status: Reads the status of the job ID</h3>
 <p>Parameters:</p>
@@ -6430,6 +8420,40 @@ <h3 id="operations-about">operations/about: Return the space used on the remote<
 <p>The result is as returned from rclone about --json</p>
 <p>See the <a href="https://rclone.org/commands/rclone_about/">about</a> command for more information on the above.</p>
 <p><strong>Authentication is required for this call.</strong></p>
+<h3 id="operations-check">operations/check: check the source and destination are the same</h3>
+<p>Checks the files in the source and destination match. It compares sizes and hashes and logs a report of files that don't match. It doesn't alter the source or destination.</p>
+<p>This takes the following parameters:</p>
+<ul>
+<li>srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem</li>
+<li>dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem</li>
+<li>download - check by downloading rather than with hash</li>
+<li>checkFileHash - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type</li>
+<li>checkFileFs - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type</li>
+<li>checkFileRemote - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type</li>
+<li>oneWay - check one way only, source files must exist on remote</li>
+<li>combined - make a combined report of changes (default false)</li>
+<li>missingOnSrc - report all files missing from the source (default true)</li>
+<li>missingOnDst - report all files missing from the destination (default true)</li>
+<li>match - report all matching files (default false)</li>
+<li>differ - report all non-matching files (default true)</li>
+<li>error - report all files with errors (hashing or reading) (default true)</li>
+</ul>
+<p>If you supply the download flag, it will download the data from both remotes and check them against each other on the fly. This can be useful for remotes that don't support hashes or if you really want to check all the data.</p>
+<p>If you supply the size-only global flag, it will only compare the sizes not the hashes as well. Use this for a quick check.</p>
+<p>If you supply the checkFileHash option with a valid hash name, the checkFileFs:checkFileRemote must point to a text file in the SUM format. This treats the checksum file as the source and dstFs as the destination. Note that srcFs is not used and should not be supplied in this case.</p>
+<p>Returns:</p>
+<ul>
+<li>success - true if no error, false otherwise</li>
+<li>status - textual summary of check, OK or text string</li>
+<li>hashType - hash used in check, may be missing</li>
+<li>combined - array of strings of combined report of changes</li>
+<li>missingOnSrc - array of strings of all files missing from the source</li>
+<li>missingOnDst - array of strings of all files missing from the destination</li>
+<li>match - array of strings of all matching files</li>
+<li>differ - array of strings of all non-matching files</li>
+<li>error - array of strings of all files with errors (hashing or reading)</li>
+</ul>
+<p><strong>Authentication is required for this call.</strong></p>
 <h3 id="operations-cleanup">operations/cleanup: Remove trashed files in the remote or path</h3>
 <p>This takes the following parameters:</p>
 <ul>
@@ -6440,9 +8464,9 @@ <h3 id="operations-cleanup">operations/cleanup: Remove trashed files in the remo
 <h3 id="operations-copyfile">operations/copyfile: Copy a file from source remote to destination remote</h3>
 <p>This takes the following parameters:</p>
 <ul>
-<li>srcFs - a remote name string e.g. "drive:" for the source</li>
+<li>srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem</li>
 <li>srcRemote - a path within that remote e.g. "file.txt" for the source</li>
-<li>dstFs - a remote name string e.g. "drive2:" for the destination</li>
+<li>dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem</li>
 <li>dstRemote - a path within that remote e.g. "file2.txt" for the destination</li>
 </ul>
 <p><strong>Authentication is required for this call.</strong></p>
@@ -6617,9 +8641,9 @@ <h3 id="operations-mkdir">operations/mkdir: Make a destination directory or cont
 <h3 id="operations-movefile">operations/movefile: Move a file from source remote to destination remote</h3>
 <p>This takes the following parameters:</p>
 <ul>
-<li>srcFs - a remote name string e.g. "drive:" for the source</li>
+<li>srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem</li>
 <li>srcRemote - a path within that remote e.g. "file.txt" for the source</li>
-<li>dstFs - a remote name string e.g. "drive2:" for the destination</li>
+<li>dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem</li>
 <li>dstRemote - a path within that remote e.g. "file2.txt" for the destination</li>
 </ul>
 <p><strong>Authentication is required for this call.</strong></p>
@@ -6662,6 +8686,21 @@ <h3 id="operations-rmdirs">operations/rmdirs: Remove all the empty directories i
 </ul>
 <p>See the <a href="https://rclone.org/commands/rclone_rmdirs/">rmdirs</a> command for more information on the above.</p>
 <p><strong>Authentication is required for this call.</strong></p>
+<h3 id="operations-settier">operations/settier: Changes storage tier or class on all files in the path</h3>
+<p>This takes the following parameters:</p>
+<ul>
+<li>fs - a remote name string e.g. "drive:"</li>
+</ul>
+<p>See the <a href="https://rclone.org/commands/rclone_settier/">settier</a> command for more information on the above.</p>
+<p><strong>Authentication is required for this call.</strong></p>
+<h3 id="operations-settierfile">operations/settierfile: Changes storage tier or class on the single file pointed to</h3>
+<p>This takes the following parameters:</p>
+<ul>
+<li>fs - a remote name string e.g. "drive:"</li>
+<li>remote - a path within that remote e.g. "dir"</li>
+</ul>
+<p>See the <a href="https://rclone.org/commands/rclone_settierfile/">settierfile</a> command for more information on the above.</p>
+<p><strong>Authentication is required for this call.</strong></p>
 <h3 id="operations-size">operations/size: Count the number of bytes and files in remote</h3>
 <p>This takes the following parameters:</p>
 <ul>
@@ -6809,10 +8848,13 @@ <h3 id="sync-bisync">sync/bisync: Perform bidirectional synchronization between
 <li>checkAccess - abort if RCLONE_TEST files are not found on both filesystems</li>
 <li>checkFilename - file name for checkAccess (default: RCLONE_TEST)</li>
 <li>maxDelete - abort sync if percentage of deleted files is above this threshold (default: 50)</li>
-<li>force - maxDelete safety check and run the sync</li>
+<li>force - Bypass maxDelete safety check and run the sync</li>
 <li>checkSync - <code>true</code> by default, <code>false</code> disables comparison of final listings, <code>only</code> will skip sync, only compare listings from the last run</li>
+<li>createEmptySrcDirs - Sync creation and deletion of empty directories. (Not compatible with --remove-empty-dirs)</li>
 <li>removeEmptyDirs - remove empty directories at the final cleanup step</li>
 <li>filtersFile - read filtering patterns from a file</li>
+<li>ignoreListingChecksum - Do not use checksums for listings</li>
+<li>resilient - Allow future runs to retry after certain less-serious errors, instead of requiring resync. Use at your own risk!</li>
 <li>workdir - server directory for history files (default: /home/ncw/.cache/rclone/bisync)</li>
 <li>noCleanup - retain working files</li>
 </ul>
@@ -7140,7 +9182,7 @@ <h2 id="features-1">Features</h2>
 </tr>
 <tr class="even">
 <td>Google Drive</td>
-<td style="text-align: center;">MD5</td>
+<td style="text-align: center;">MD5, SHA1, SHA256</td>
 <td style="text-align: center;">R/W</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -7199,7 +9241,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">R</td>
-<td style="text-align: center;">-</td>
+<td style="text-align: center;">RW</td>
 </tr>
 <tr class="odd">
 <td>Koofr</td>
@@ -7211,6 +9253,15 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 </tr>
 <tr class="even">
+<td>Linkbox</td>
+<td style="text-align: center;">-</td>
+<td style="text-align: center;">R</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">-</td>
+<td style="text-align: center;">-</td>
+</tr>
+<tr class="odd">
 <td>Mail.ru Cloud</td>
 <td style="text-align: center;">Mailru ⁶</td>
 <td style="text-align: center;">R/W</td>
@@ -7219,7 +9270,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>Mega</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
@@ -7228,7 +9279,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>Memory</td>
 <td style="text-align: center;">MD5</td>
 <td style="text-align: center;">R/W</td>
@@ -7237,7 +9288,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>Microsoft Azure Blob Storage</td>
 <td style="text-align: center;">MD5</td>
 <td style="text-align: center;">R/W</td>
@@ -7246,6 +9297,15 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">R/W</td>
 <td style="text-align: center;">-</td>
 </tr>
+<tr class="odd">
+<td>Microsoft Azure Files Storage</td>
+<td style="text-align: center;">MD5</td>
+<td style="text-align: center;">R/W</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">R/W</td>
+<td style="text-align: center;">-</td>
+</tr>
 <tr class="even">
 <td>Microsoft OneDrive</td>
 <td style="text-align: center;">QuickXorHash ⁵</td>
@@ -7292,6 +9352,15 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 </tr>
 <tr class="odd">
+<td>PikPak</td>
+<td style="text-align: center;">MD5</td>
+<td style="text-align: center;">R</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">R</td>
+<td style="text-align: center;">-</td>
+</tr>
+<tr class="even">
 <td>premiumize.me</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
@@ -7300,7 +9369,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">R</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>put.io</td>
 <td style="text-align: center;">CRC-32</td>
 <td style="text-align: center;">R/W</td>
@@ -7309,6 +9378,15 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">R</td>
 <td style="text-align: center;">-</td>
 </tr>
+<tr class="even">
+<td>Proton Drive</td>
+<td style="text-align: center;">SHA1</td>
+<td style="text-align: center;">R/W</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">R</td>
+<td style="text-align: center;">-</td>
+</tr>
 <tr class="odd">
 <td>QingStor</td>
 <td style="text-align: center;">MD5</td>
@@ -7319,6 +9397,15 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 </tr>
 <tr class="even">
+<td>Quatrix by Maytech</td>
+<td style="text-align: center;">-</td>
+<td style="text-align: center;">R/W</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">-</td>
+<td style="text-align: center;">-</td>
+</tr>
+<tr class="odd">
 <td>Seafile</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
@@ -7327,7 +9414,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>SFTP</td>
 <td style="text-align: center;">MD5, SHA1 ²</td>
 <td style="text-align: center;">R/W</td>
@@ -7336,7 +9423,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>Sia</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
@@ -7345,16 +9432,16 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>SMB</td>
 <td style="text-align: center;">-</td>
-<td style="text-align: center;">-</td>
+<td style="text-align: center;">R/W</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>SugarSync</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
@@ -7363,7 +9450,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>Storj</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">R</td>
@@ -7372,7 +9459,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>Uptobox</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
@@ -7381,7 +9468,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>WebDAV</td>
 <td style="text-align: center;">MD5, SHA1 ³</td>
 <td style="text-align: center;">R ⁴</td>
@@ -7390,7 +9477,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>Yandex Disk</td>
 <td style="text-align: center;">MD5</td>
 <td style="text-align: center;">R/W</td>
@@ -7399,7 +9486,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">R</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>Zoho WorkDrive</td>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
@@ -7408,7 +9495,7 @@ <h2 id="features-1">Features</h2>
 <td style="text-align: center;">-</td>
 <td style="text-align: center;">-</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>The local filesystem</td>
 <td style="text-align: center;">All</td>
 <td style="text-align: center;">R/W</td>
@@ -7419,17 +9506,16 @@ <h2 id="features-1">Features</h2>
 </tr>
 </tbody>
 </table>
-<h3 id="notes">Notes</h3>
 <p>¹ Dropbox supports <a href="https://www.dropbox.com/developers/reference/content-hash">its own custom hash</a>. This is an SHA256 sum of all the 4 MiB block SHA256s.</p>
 <p>² SFTP supports checksums if the same login has shell access and <code>md5sum</code> or <code>sha1sum</code> as well as <code>echo</code> are in the remote's PATH.</p>
-<p>³ WebDAV supports hashes when used with Owncloud and Nextcloud only.</p>
-<p>⁴ WebDAV supports modtimes when used with Owncloud and Nextcloud only.</p>
+<p>³ WebDAV supports hashes when used with Fastmail Files, Owncloud and Nextcloud only.</p>
+<p>⁴ WebDAV supports modtimes when used with Fastmail Files, Owncloud and Nextcloud only.</p>
 <p>⁵ <a href="https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash">QuickXorHash</a> is Microsoft's own hash.</p>
 <p>⁶ Mail.ru uses its own modified SHA1 hash</p>
 <p>⁷ pCloud only supports SHA1 (not MD5) in its EU region</p>
 <p>⁸ Opendrive does not support creation of duplicate files using their web client interface or other stock clients, but the underlying storage platform has been determined to allow duplicate files, and it is possible to create them with <code>rclone</code>. It may be that this is a mistake or an unsupported feature.</p>
 <p>⁹ QingStor does not support SetModTime for objects bigger than 5 GiB.</p>
-<p>¹⁰ FTP supports modtimes for the major FTP servers, and also others if they advertised required protocol extensions. See <a href="https://rclone.org/ftp/#modified-time">this</a> for more details.</p>
+<p>¹⁰ FTP supports modtimes for the major FTP servers, and also others if they advertised required protocol extensions. See <a href="https://rclone.org/ftp/#modification-times">this</a> for more details.</p>
 <p>¹¹ Internet Archive requires option <code>wait_archive</code> to be set to a non-zero value for full modtime support.</p>
 <p>¹² HiDrive supports <a href="https://static.hidrive.com/dev/0001">its own custom hash</a>. It combines SHA1 sums for each 4 KiB block hierarchically to a single top-level sum.</p>
 <h3 id="hash">Hash</h3>
@@ -7885,7 +9971,21 @@ <h3 id="metadata-1">Metadata</h3>
 <p>See <a href="https://rclone.org/docs/#metadata">the metadata docs</a> for more info.</p>
 <h2 id="optional-features">Optional Features</h2>
 <p>All rclone remotes support a base command set. Other features depend upon backend-specific capabilities.</p>
-<table>
+<table style="width:100%;">
+<colgroup>
+<col style="width: 20%" />
+<col style="width: 5%" />
+<col style="width: 4%" />
+<col style="width: 4%" />
+<col style="width: 6%" />
+<col style="width: 6%" />
+<col style="width: 5%" />
+<col style="width: 10%" />
+<col style="width: 13%" />
+<col style="width: 10%" />
+<col style="width: 5%" />
+<col style="width: 7%" />
+</colgroup>
 <thead>
 <tr class="header">
 <th>Name</th>
@@ -7896,6 +9996,7 @@ <h2 id="optional-features">Optional Features</h2>
 <th style="text-align: center;">CleanUp</th>
 <th style="text-align: center;">ListR</th>
 <th style="text-align: center;">StreamUpload</th>
+<th style="text-align: left;">MultithreadUpload</th>
 <th style="text-align: center;">LinkSharing</th>
 <th style="text-align: center;">About</th>
 <th style="text-align: center;">EmptyDir</th>
@@ -7911,6 +10012,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -7924,6 +10026,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -7937,6 +10040,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -7950,6 +10054,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
@@ -7963,6 +10068,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
@@ -7973,9 +10079,10 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
-<td style="text-align: center;">Yes ‡‡</td>
+<td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -7988,7 +10095,8 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
-<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8002,6 +10110,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8015,6 +10124,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8028,6 +10138,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8041,6 +10152,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
@@ -8054,6 +10166,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8067,6 +10180,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
@@ -8080,6 +10194,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8093,6 +10208,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8106,6 +10222,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8119,6 +10236,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
@@ -8132,6 +10250,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8145,6 +10264,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8158,6 +10278,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8171,6 +10292,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8184,6 +10306,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
@@ -8197,24 +10320,40 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 </tr>
 <tr class="even">
+<td>Microsoft Azure Files Storage</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: left;">Yes</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+</tr>
+<tr class="odd">
 <td>Microsoft OneDrive</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes ⁵</td>
 <td style="text-align: center;">No</td>
-<td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>OpenDrive</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8223,24 +10362,26 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>OpenStack Swift</td>
-<td style="text-align: center;">Yes †</td>
+<td style="text-align: center;">Yes ¹</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>Oracle Object Storage</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8249,11 +10390,12 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>pCloud</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8262,6 +10404,21 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+</tr>
+<tr class="even">
+<td>PikPak</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8275,6 +10432,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8288,11 +10446,26 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 </tr>
 <tr class="odd">
+<td>Proton Drive</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+</tr>
+<tr class="even">
 <td>QingStor</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8301,9 +10474,24 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+<td style="text-align: center;">No</td>
+</tr>
+<tr class="odd">
+<td>Quatrix by Maytech</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: center;">Yes</td>
+<td style="text-align: center;">Yes</td>
 </tr>
 <tr class="even">
 <td>Seafile</td>
@@ -8314,6 +10502,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8321,12 +10510,13 @@ <h2 id="optional-features">Optional Features</h2>
 <tr class="odd">
 <td>SFTP</td>
 <td style="text-align: center;">No</td>
-<td style="text-align: center;">No</td>
+<td style="text-align: center;">Yes ⁴</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8340,6 +10530,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8353,6 +10544,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
@@ -8366,19 +10558,21 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 </tr>
 <tr class="odd">
 <td>Storj</td>
-<td style="text-align: center;">Yes ☨</td>
+<td style="text-align: center;">Yes ²</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
@@ -8392,6 +10586,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
@@ -8404,7 +10599,8 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
-<td style="text-align: center;">Yes ‡</td>
+<td style="text-align: center;">Yes ³</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8418,6 +10614,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8431,6 +10628,7 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
+<td style="text-align: left;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
@@ -8444,17 +10642,20 @@ <h2 id="optional-features">Optional Features</h2>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
+<td style="text-align: left;">Yes</td>
 <td style="text-align: center;">No</td>
 <td style="text-align: center;">Yes</td>
 <td style="text-align: center;">Yes</td>
 </tr>
 </tbody>
 </table>
+<p>¹ Note Swift implements this in order to delete directory markers but it doesn't actually have a quicker way of deleting files other than deleting them individually.</p>
+<p>² Storj implements this efficiently only for entire buckets. If purging a directory inside a bucket, files are deleted individually.</p>
+<p>³ StreamUpload is not supported with Nextcloud</p>
+<p>⁴ Use the <code>--sftp-copy-is-hardlink</code> flag to enable.</p>
+<p>⁵ Use the <code>--onedrive-delta</code> flag to enable.</p>
 <h3 id="purge">Purge</h3>
 <p>This deletes a directory quicker than just deleting all the files in the directory.</p>
-<p>† Note Swift implements this in order to delete directory markers but they don't actually have a quicker way of deleting files other than deleting them individually.</p>
-<p>☨ Storj implements this efficiently only for entire buckets. If purging a directory inside a bucket, files are deleted individually.</p>
-<p>‡ StreamUpload is not supported with Nextcloud</p>
 <h3 id="copy">Copy</h3>
 <p>Used when copying an object to and from the same remote. This known as a server-side copy so you can copy a file without downloading it and uploading it again. It is used if you use <code>rclone copy</code> or <code>rclone move</code> if the remote doesn't support <code>Move</code> directly.</p>
 <p>If the server doesn't support <code>Copy</code> directly then for copy operations the file is downloaded then re-uploaded.</p>
@@ -8471,6 +10672,8 @@ <h3 id="listr">ListR</h3>
 <p>The remote supports a recursive list to list all the contents beneath a directory quickly. This enables the <code>--fast-list</code> flag to work. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
 <h3 id="streamupload">StreamUpload</h3>
 <p>Some remotes allow files to be uploaded without knowing the file size in advance. This allows certain operations to work without spooling the file to local disk first, e.g. <code>rclone rcat</code>.</p>
+<h3 id="multithreadupload">MultithreadUpload</h3>
+<p>Some remotes allow transfers to the remote to be sent as chunks in parallel. If this is supported then rclone will use multi-thread copying to transfer files much faster.</p>
 <h3 id="linksharing">LinkSharing</h3>
 <p>Sets the necessary permissions on a file or folder and prints a link that allows others to access them, even if they don't have an account on the particular cloud provider.</p>
 <h3 id="about-1">About</h3>
@@ -8481,719 +10684,876 @@ <h3 id="about-1">About</h3>
 <h3 id="emptydir">EmptyDir</h3>
 <p>The remote supports empty directories. See <a href="https://rclone.org/bugs/#limitations">Limitations</a> for details. Most Object/Bucket-based remotes do not support this.</p>
 <h1 id="global-flags">Global Flags</h1>
-<p>This describes the global flags available to every rclone command split into two groups, non backend and backend flags.</p>
-<h2 id="non-backend-flags">Non Backend Flags</h2>
-<p>These flags are available for every command.</p>
-<pre><code>      --ask-password                         Allow prompt for password for encrypted configuration (default true)
-      --auto-confirm                         If enabled, do not request console confirmation
-      --backup-dir string                    Make backups into hierarchy based in DIR
-      --bind string                          Local address to bind to for outgoing connections, IPv4, IPv6 or name
-      --buffer-size SizeSuffix               In memory buffer size when reading files for each --transfer (default 16Mi)
-      --bwlimit BwTimetable                  Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --bwlimit-file BwTimetable             Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --ca-cert stringArray                  CA certificate used to verify servers
-      --cache-dir string                     Directory rclone will use for caching (default &quot;$HOME/.cache/rclone&quot;)
-      --check-first                          Do all the checks before starting transfers
-      --checkers int                         Number of checkers to run in parallel (default 8)
-  -c, --checksum                             Skip based on checksum (if available) &amp; size, not mod-time &amp; size
-      --client-cert string                   Client SSL certificate (PEM) for mutual TLS auth
-      --client-key string                    Client SSL private key (PEM) for mutual TLS auth
-      --color string                         When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default &quot;AUTO&quot;)
-      --compare-dest stringArray             Include additional comma separated server-side paths during comparison
-      --config string                        Config file (default &quot;$HOME/.config/rclone/rclone.conf&quot;)
-      --contimeout Duration                  Connect timeout (default 1m0s)
-      --copy-dest stringArray                Implies --compare-dest but also copies files from paths into destination
-      --cpuprofile string                    Write cpu profile to file
-      --cutoff-mode string                   Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default &quot;HARD&quot;)
-      --delete-after                         When synchronizing, delete files on destination after transferring (default)
-      --delete-before                        When synchronizing, delete files on destination before transferring
-      --delete-during                        When synchronizing, delete files during transfer
-      --delete-excluded                      Delete files on dest excluded from sync
-      --disable string                       Disable a comma separated list of features (use --disable help to see a list)
-      --disable-http-keep-alives             Disable HTTP keep-alives and use each connection once.
-      --disable-http2                        Disable HTTP/2 in the global transport
-  -n, --dry-run                              Do a trial run with no permanent changes
-      --dscp string                          Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
-      --dump DumpFlags                       List of items to dump from: headers,bodies,requests,responses,auth,filters,goroutines,openfiles
-      --dump-bodies                          Dump HTTP headers and bodies - may contain sensitive info
-      --dump-headers                         Dump HTTP headers - may contain sensitive info
-      --error-on-no-transfer                 Sets exit code 9 if no files are transferred, useful in scripts
-      --exclude stringArray                  Exclude files matching pattern
-      --exclude-from stringArray             Read file exclude patterns from file (use - to read from stdin)
-      --exclude-if-present stringArray       Exclude directories if filename is present
-      --expect-continue-timeout Duration     Timeout when using expect / 100-continue in HTTP (default 1s)
-      --fast-list                            Use recursive list if available; uses more memory but fewer transactions
-      --files-from stringArray               Read list of source-file names from file (use - to read from stdin)
-      --files-from-raw stringArray           Read list of source-file names from file without any processing of lines (use - to read from stdin)
-  -f, --filter stringArray                   Add a file filtering rule
-      --filter-from stringArray              Read file filtering patterns from a file (use - to read from stdin)
-      --fs-cache-expire-duration Duration    Cache remotes for this long (0 to disable caching) (default 5m0s)
-      --fs-cache-expire-interval Duration    Interval to check for expired remotes (default 1m0s)
-      --header stringArray                   Set HTTP header for all transactions
-      --header-download stringArray          Set HTTP header for download transactions
-      --header-upload stringArray            Set HTTP header for upload transactions
-      --human-readable                       Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
-      --ignore-case                          Ignore case in filters (case insensitive)
-      --ignore-case-sync                     Ignore case when synchronizing
-      --ignore-checksum                      Skip post copy check of checksums
-      --ignore-errors                        Delete even if there are I/O errors
-      --ignore-existing                      Skip all files that exist on destination
-      --ignore-size                          Ignore size when skipping use mod-time or checksum
-  -I, --ignore-times                         Don&#39;t skip files that match size and time - transfer all files
-      --immutable                            Do not modify files, fail if existing files have been modified
-      --include stringArray                  Include files matching pattern
-      --include-from stringArray             Read file include patterns from file (use - to read from stdin)
-  -i, --interactive                          Enable interactive mode
-      --kv-lock-time Duration                Maximum time to keep key-value database locked by process (default 1s)
-      --log-file string                      Log everything to this file
-      --log-format string                    Comma separated list of log format options (default &quot;date,time&quot;)
-      --log-level string                     Log level DEBUG|INFO|NOTICE|ERROR (default &quot;NOTICE&quot;)
-      --log-systemd                          Activate systemd integration for the logger
-      --low-level-retries int                Number of low level retries to do (default 10)
-      --max-age Duration                     Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --max-backlog int                      Maximum number of objects in sync or check backlog (default 10000)
-      --max-delete int                       When synchronizing, limit the number of deletes (default -1)
-      --max-delete-size SizeSuffix           When synchronizing, limit the total size of deletes (default off)
-      --max-depth int                        If set limits the recursion depth to this (default -1)
-      --max-duration Duration                Maximum duration rclone will transfer data for (default 0s)
-      --max-size SizeSuffix                  Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
-      --max-stats-groups int                 Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
-      --max-transfer SizeSuffix              Maximum size of data to transfer (default off)
-      --memprofile string                    Write memory profile to file
-  -M, --metadata                             If set, preserve metadata when copying objects
-      --metadata-exclude stringArray         Exclude metadatas matching pattern
-      --metadata-exclude-from stringArray    Read metadata exclude patterns from file (use - to read from stdin)
-      --metadata-filter stringArray          Add a metadata filtering rule
-      --metadata-filter-from stringArray     Read metadata filtering patterns from a file (use - to read from stdin)
-      --metadata-include stringArray         Include metadatas matching pattern
-      --metadata-include-from stringArray    Read metadata include patterns from file (use - to read from stdin)
-      --metadata-set stringArray             Add metadata key=value when uploading
-      --min-age Duration                     Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --min-size SizeSuffix                  Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
-      --modify-window Duration               Max time diff to be considered the same (default 1ns)
-      --multi-thread-cutoff SizeSuffix       Use multi-thread downloads for files above this size (default 250Mi)
-      --multi-thread-streams int             Max number of streams to use for multi-thread downloads (default 4)
-      --no-check-certificate                 Do not verify the server SSL certificate (insecure)
-      --no-check-dest                        Don&#39;t check the destination, copy regardless
-      --no-console                           Hide console window (supported on Windows only)
-      --no-gzip-encoding                     Don&#39;t set Accept-Encoding: gzip
-      --no-traverse                          Don&#39;t traverse destination file system on copy
-      --no-unicode-normalization             Don&#39;t normalize unicode characters in filenames
-      --no-update-modtime                    Don&#39;t update destination mod-time if files identical
-      --order-by string                      Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
-      --password-command SpaceSepList        Command for supplying password for encrypted configuration
-  -P, --progress                             Show progress during transfer
-      --progress-terminal-title              Show progress on the terminal title (requires -P/--progress)
-  -q, --quiet                                Print as little stuff as possible
-      --rc                                   Enable the remote control server
-      --rc-addr stringArray                  IPaddress:Port or :Port to bind server to (default [localhost:5572])
-      --rc-allow-origin string               Set the allowed origin for CORS
-      --rc-baseurl string                    Prefix for URLs - leave blank for root
-      --rc-cert string                       TLS PEM key (concatenation of certificate and CA certificate)
-      --rc-client-ca string                  Client certificate authority to verify clients with
-      --rc-enable-metrics                    Enable prometheus metrics on /metrics
-      --rc-files string                      Path to local files to serve on the HTTP server
-      --rc-htpasswd string                   A htpasswd file - if not provided no authentication is done
-      --rc-job-expire-duration Duration      Expire finished async jobs older than this value (default 1m0s)
-      --rc-job-expire-interval Duration      Interval to check for expired async jobs (default 10s)
-      --rc-key string                        TLS PEM Private key
-      --rc-max-header-bytes int              Maximum size of request header (default 4096)
-      --rc-min-tls-version string            Minimum TLS version that is acceptable (default &quot;tls1.0&quot;)
-      --rc-no-auth                           Don&#39;t require auth for certain methods
-      --rc-pass string                       Password for authentication
-      --rc-realm string                      Realm for authentication
-      --rc-salt string                       Password hashing salt (default &quot;dlPL2MqE&quot;)
-      --rc-serve                             Enable the serving of remote objects
-      --rc-server-read-timeout Duration      Timeout for server reading data (default 1h0m0s)
-      --rc-server-write-timeout Duration     Timeout for server writing data (default 1h0m0s)
-      --rc-template string                   User-specified template
-      --rc-user string                       User name for authentication
-      --rc-web-fetch-url string              URL to fetch the releases for webgui (default &quot;https://api.github.com/repos/rclone/rclone-webui-react/releases/latest&quot;)
-      --rc-web-gui                           Launch WebGUI on localhost
-      --rc-web-gui-force-update              Force update to latest version of web gui
-      --rc-web-gui-no-open-browser           Don&#39;t open the browser automatically
-      --rc-web-gui-update                    Check and update to latest version of web gui
-      --refresh-times                        Refresh the modtime of remote files
-      --retries int                          Retry operations this many times if they fail (default 3)
-      --retries-sleep Duration               Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
-      --server-side-across-configs           Allow server-side operations (e.g. copy) to work across different configs
-      --size-only                            Skip based on size only, not mod-time or checksum
-      --stats Duration                       Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
-      --stats-file-name-length int           Max file name length in stats (0 for no limit) (default 45)
-      --stats-log-level string               Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default &quot;INFO&quot;)
-      --stats-one-line                       Make the stats fit on one line
-      --stats-one-line-date                  Enable --stats-one-line and add current date/time prefix
-      --stats-one-line-date-format string    Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes (&quot;), see https://golang.org/pkg/time/#Time.Format
-      --stats-unit string                    Show data rate in stats as either &#39;bits&#39; or &#39;bytes&#39; per second (default &quot;bytes&quot;)
-      --streaming-upload-cutoff SizeSuffix   Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
-      --suffix string                        Suffix to add to changed files
-      --suffix-keep-extension                Preserve the extension when using --suffix
-      --syslog                               Use Syslog for logging
-      --syslog-facility string               Facility for syslog, e.g. KERN,USER,... (default &quot;DAEMON&quot;)
-      --temp-dir string                      Directory rclone will use for temporary files (default &quot;/tmp&quot;)
-      --timeout Duration                     IO idle timeout (default 5m0s)
-      --tpslimit float                       Limit HTTP transactions per second to this
-      --tpslimit-burst int                   Max burst of transactions for --tpslimit (default 1)
-      --track-renames                        When synchronizing, track file renames and do a server-side move if possible
-      --track-renames-strategy string        Strategies to use when synchronizing using track-renames hash|modtime|leaf (default &quot;hash&quot;)
-      --transfers int                        Number of file transfers to run in parallel (default 4)
-  -u, --update                               Skip files that are newer on the destination
-      --use-cookies                          Enable session cookiejar
-      --use-json-log                         Use json log format
-      --use-mmap                             Use mmap allocator (see docs)
-      --use-server-modtime                   Use server modified time instead of object metadata
-      --user-agent string                    Set the user-agent to a specified string (default &quot;rclone/v1.62.0&quot;)
-  -v, --verbose count                        Print lots more stuff (repeat for more)</code></pre>
-<h2 id="backend-flags">Backend Flags</h2>
-<p>These flags are available for every command. They control the backends and may be set in the config file.</p>
-<pre><code>      --acd-auth-url string                            Auth server URL
-      --acd-client-id string                           OAuth Client Id
-      --acd-client-secret string                       OAuth Client Secret
-      --acd-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --acd-templink-threshold SizeSuffix              Files &gt;= this size will be downloaded via their tempLink (default 9Gi)
-      --acd-token string                               OAuth Access Token as a JSON blob
-      --acd-token-url string                           Token server url
-      --acd-upload-wait-per-gb Duration                Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
-      --alias-remote string                            Remote or path to alias
-      --azureblob-access-tier string                   Access tier of blob: hot, cool or archive
-      --azureblob-account string                       Azure Storage Account Name
-      --azureblob-archive-tier-delete                  Delete archive tier blobs before overwriting
-      --azureblob-chunk-size SizeSuffix                Upload chunk size (default 4Mi)
-      --azureblob-client-certificate-password string   Password for the certificate file (optional) (obscured)
-      --azureblob-client-certificate-path string       Path to a PEM or PKCS12 certificate file including the private key
-      --azureblob-client-id string                     The ID of the client in use
-      --azureblob-client-secret string                 One of the service principal&#39;s client secrets
-      --azureblob-client-send-certificate-chain        Send the certificate chain when using certificate auth
-      --azureblob-disable-checksum                     Don&#39;t store MD5 checksum with object metadata
-      --azureblob-encoding MultiEncoder                The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
-      --azureblob-endpoint string                      Endpoint for the service
-      --azureblob-env-auth                             Read credentials from runtime (environment variables, CLI or MSI)
-      --azureblob-key string                           Storage Account Shared Key
-      --azureblob-list-chunk int                       Size of blob list (default 5000)
-      --azureblob-memory-pool-flush-time Duration      How often internal memory buffer pools will be flushed (default 1m0s)
-      --azureblob-memory-pool-use-mmap                 Whether to use mmap buffers in internal memory pool
-      --azureblob-msi-client-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-msi-mi-res-id string                 Azure resource ID of the user-assigned MSI to use, if any
-      --azureblob-msi-object-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-no-check-container                   If set, don&#39;t attempt to check the container exists or create it
-      --azureblob-no-head-object                       If set, do not do HEAD before GET when getting objects
-      --azureblob-password string                      The user&#39;s password (obscured)
-      --azureblob-public-access string                 Public access level of a container: blob or container
-      --azureblob-sas-url string                       SAS URL for container level access only
-      --azureblob-service-principal-file string        Path to file containing credentials for use with a service principal
-      --azureblob-tenant string                        ID of the service principal&#39;s tenant. Also called its directory ID
-      --azureblob-upload-concurrency int               Concurrency for multipart uploads (default 16)
-      --azureblob-upload-cutoff string                 Cutoff for switching to chunked upload (&lt;= 256 MiB) (deprecated)
-      --azureblob-use-emulator                         Uses local storage emulator if provided as &#39;true&#39;
-      --azureblob-use-msi                              Use a managed service identity to authenticate (only works in Azure)
-      --azureblob-username string                      User name (usually an email address)
-      --b2-account string                              Account ID or Application Key ID
-      --b2-chunk-size SizeSuffix                       Upload chunk size (default 96Mi)
-      --b2-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4Gi)
-      --b2-disable-checksum                            Disable checksums for large (&gt; upload cutoff) files
-      --b2-download-auth-duration Duration             Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
-      --b2-download-url string                         Custom endpoint for downloads
-      --b2-encoding MultiEncoder                       The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --b2-endpoint string                             Endpoint for the service
-      --b2-hard-delete                                 Permanently delete files on remote removal, otherwise hide files
-      --b2-key string                                  Application Key
-      --b2-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --b2-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --b2-test-mode string                            A flag string for X-Bz-Test-Mode header for debugging
-      --b2-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --b2-version-at Time                             Show file versions as they were at the specified time (default off)
-      --b2-versions                                    Include old versions in directory listings
-      --box-access-token string                        Box App Primary Access Token
-      --box-auth-url string                            Auth server URL
-      --box-box-config-file string                     Box App config.json location
-      --box-box-sub-type string                         (default &quot;user&quot;)
-      --box-client-id string                           OAuth Client Id
-      --box-client-secret string                       OAuth Client Secret
-      --box-commit-retries int                         Max number of times to try committing a multipart file (default 100)
-      --box-encoding MultiEncoder                      The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
-      --box-list-chunk int                             Size of listing chunk 1-1000 (default 1000)
-      --box-owned-by string                            Only show items owned by the login (email address) passed in
-      --box-root-folder-id string                      Fill in for rclone to use a non root folder as its starting point
-      --box-token string                               OAuth Access Token as a JSON blob
-      --box-token-url string                           Token server url
-      --box-upload-cutoff SizeSuffix                   Cutoff for switching to multipart upload (&gt;= 50 MiB) (default 50Mi)
-      --cache-chunk-clean-interval Duration            How often should the cache perform cleanups of the chunk storage (default 1m0s)
-      --cache-chunk-no-memory                          Disable the in-memory cache for storing chunks during streaming
-      --cache-chunk-path string                        Directory to cache chunk files (default &quot;$HOME/.cache/rclone/cache-backend&quot;)
-      --cache-chunk-size SizeSuffix                    The size of a chunk (partial file data) (default 5Mi)
-      --cache-chunk-total-size SizeSuffix              The total size that the chunks can take up on the local disk (default 10Gi)
-      --cache-db-path string                           Directory to store file structure metadata DB (default &quot;$HOME/.cache/rclone/cache-backend&quot;)
-      --cache-db-purge                                 Clear all the cached data for this remote on start
-      --cache-db-wait-time Duration                    How long to wait for the DB to be available - 0 is unlimited (default 1s)
-      --cache-info-age Duration                        How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
-      --cache-plex-insecure string                     Skip all certificate verification when connecting to the Plex server
-      --cache-plex-password string                     The password of the Plex user (obscured)
-      --cache-plex-url string                          The URL of the Plex server
-      --cache-plex-username string                     The username of the Plex user
-      --cache-read-retries int                         How many times to retry a read from a cache storage (default 10)
-      --cache-remote string                            Remote to cache
-      --cache-rps int                                  Limits the number of requests per second to the source FS (-1 to disable) (default -1)
-      --cache-tmp-upload-path string                   Directory to keep temporary files until they are uploaded
-      --cache-tmp-wait-time Duration                   How long should files be stored in local cache before being uploaded (default 15s)
-      --cache-workers int                              How many workers should run in parallel to download chunks (default 4)
-      --cache-writes                                   Cache file data on writes through the FS
-      --chunker-chunk-size SizeSuffix                  Files larger than chunk size will be split in chunks (default 2Gi)
-      --chunker-fail-hard                              Choose how chunker should handle files with missing or invalid chunks
-      --chunker-hash-type string                       Choose how chunker handles hash sums (default &quot;md5&quot;)
-      --chunker-remote string                          Remote to chunk/unchunk
-      --combine-upstreams SpaceSepList                 Upstreams for combining
-      --compress-level int                             GZIP compression level (-2 to 9) (default -1)
-      --compress-mode string                           Compression mode (default &quot;gzip&quot;)
-      --compress-ram-cache-limit SizeSuffix            Some remotes don&#39;t allow the upload of files with unknown size (default 20Mi)
-      --compress-remote string                         Remote to compress
-  -L, --copy-links                                     Follow symlinks and copy the pointed to item
-      --crypt-directory-name-encryption                Option to either encrypt directory names or leave them intact (default true)
-      --crypt-filename-encoding string                 How to encode the encrypted filename to text string (default &quot;base32&quot;)
-      --crypt-filename-encryption string               How to encrypt the filenames (default &quot;standard&quot;)
-      --crypt-no-data-encryption                       Option to either encrypt file data or leave it unencrypted
-      --crypt-password string                          Password or pass phrase for encryption (obscured)
-      --crypt-password2 string                         Password or pass phrase for salt (obscured)
-      --crypt-remote string                            Remote to encrypt/decrypt
-      --crypt-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different crypt configs
-      --crypt-show-mapping                             For all files listed show how the names encrypt
-      --drive-acknowledge-abuse                        Set to allow files which return cannotDownloadAbusiveFile to be downloaded
-      --drive-allow-import-name-change                 Allow the filetype to change when uploading Google docs
-      --drive-auth-owner-only                          Only consider files owned by the authenticated user
-      --drive-auth-url string                          Auth server URL
-      --drive-chunk-size SizeSuffix                    Upload chunk size (default 8Mi)
-      --drive-client-id string                         Google Application Client Id
-      --drive-client-secret string                     OAuth Client Secret
-      --drive-copy-shortcut-content                    Server side copy contents of shortcuts instead of the shortcut
-      --drive-disable-http2                            Disable drive using http2 (default true)
-      --drive-encoding MultiEncoder                    The encoding for the backend (default InvalidUtf8)
-      --drive-export-formats string                    Comma separated list of preferred formats for downloading Google docs (default &quot;docx,xlsx,pptx,svg&quot;)
-      --drive-formats string                           Deprecated: See export_formats
-      --drive-impersonate string                       Impersonate this user when using a service account
-      --drive-import-formats string                    Comma separated list of preferred formats for uploading Google docs
-      --drive-keep-revision-forever                    Keep new head revision of each file forever
-      --drive-list-chunk int                           Size of listing chunk 100-1000, 0 to disable (default 1000)
-      --drive-pacer-burst int                          Number of API calls to allow without sleeping (default 100)
-      --drive-pacer-min-sleep Duration                 Minimum time to sleep between API calls (default 100ms)
-      --drive-resource-key string                      Resource key for accessing a link-shared file
-      --drive-root-folder-id string                    ID of the root folder
-      --drive-scope string                             Scope that rclone should use when requesting access from drive
-      --drive-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different drive configs
-      --drive-service-account-credentials string       Service Account Credentials JSON blob
-      --drive-service-account-file string              Service Account Credentials JSON file path
-      --drive-shared-with-me                           Only show files that are shared with me
-      --drive-size-as-quota                            Show sizes as storage quota usage, not actual size
-      --drive-skip-checksum-gphotos                    Skip MD5 checksum on Google photos and videos only
-      --drive-skip-dangling-shortcuts                  If set skip dangling shortcut files
-      --drive-skip-gdocs                               Skip google documents in all listings
-      --drive-skip-shortcuts                           If set skip shortcut files
-      --drive-starred-only                             Only show files that are starred
-      --drive-stop-on-download-limit                   Make download limit errors be fatal
-      --drive-stop-on-upload-limit                     Make upload limit errors be fatal
-      --drive-team-drive string                        ID of the Shared Drive (Team Drive)
-      --drive-token string                             OAuth Access Token as a JSON blob
-      --drive-token-url string                         Token server url
-      --drive-trashed-only                             Only show files that are in the trash
-      --drive-upload-cutoff SizeSuffix                 Cutoff for switching to chunked upload (default 8Mi)
-      --drive-use-created-date                         Use file created date instead of modified date
-      --drive-use-shared-date                          Use date file was shared instead of modified date
-      --drive-use-trash                                Send files to the trash instead of deleting permanently (default true)
-      --drive-v2-download-min-size SizeSuffix          If Object&#39;s are greater, use drive v2 API to download (default off)
-      --dropbox-auth-url string                        Auth server URL
-      --dropbox-batch-commit-timeout Duration          Max time to wait for a batch to finish committing (default 10m0s)
-      --dropbox-batch-mode string                      Upload file batching sync|async|off (default &quot;sync&quot;)
-      --dropbox-batch-size int                         Max number of files in upload batch
-      --dropbox-batch-timeout Duration                 Max time to allow an idle upload batch before uploading (default 0s)
-      --dropbox-chunk-size SizeSuffix                  Upload chunk size (&lt; 150Mi) (default 48Mi)
-      --dropbox-client-id string                       OAuth Client Id
-      --dropbox-client-secret string                   OAuth Client Secret
-      --dropbox-encoding MultiEncoder                  The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
-      --dropbox-impersonate string                     Impersonate this user when using a business account
-      --dropbox-shared-files                           Instructs rclone to work on individual shared files
-      --dropbox-shared-folders                         Instructs rclone to work on shared folders
-      --dropbox-token string                           OAuth Access Token as a JSON blob
-      --dropbox-token-url string                       Token server url
-      --fichier-api-key string                         Your API Key, get it from https://1fichier.com/console/params.pl
-      --fichier-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
-      --fichier-file-password string                   If you want to download a shared file that is password protected, add this parameter (obscured)
-      --fichier-folder-password string                 If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
-      --fichier-shared-folder string                   If you want to download a shared folder, add this parameter
-      --filefabric-encoding MultiEncoder               The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --filefabric-permanent-token string              Permanent Authentication Token
-      --filefabric-root-folder-id string               ID of the root folder
-      --filefabric-token string                        Session Token
-      --filefabric-token-expiry string                 Token expiry time
-      --filefabric-url string                          URL of the Enterprise File Fabric to connect to
-      --filefabric-version string                      Version read from the file fabric
-      --ftp-ask-password                               Allow asking for FTP password when needed
-      --ftp-close-timeout Duration                     Maximum time to wait for a response to close (default 1m0s)
-      --ftp-concurrency int                            Maximum number of FTP simultaneous connections, 0 for unlimited
-      --ftp-disable-epsv                               Disable using EPSV even if server advertises support
-      --ftp-disable-mlsd                               Disable using MLSD even if server advertises support
-      --ftp-disable-tls13                              Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
-      --ftp-disable-utf8                               Disable using UTF-8 even if server advertises support
-      --ftp-encoding MultiEncoder                      The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
-      --ftp-explicit-tls                               Use Explicit FTPS (FTP over TLS)
-      --ftp-force-list-hidden                          Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
-      --ftp-host string                                FTP host to connect to
-      --ftp-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --ftp-no-check-certificate                       Do not verify the TLS certificate of the server
-      --ftp-pass string                                FTP password (obscured)
-      --ftp-port int                                   FTP port number (default 21)
-      --ftp-shut-timeout Duration                      Maximum time to wait for data connection closing status (default 1m0s)
-      --ftp-tls                                        Use Implicit FTPS (FTP over TLS)
-      --ftp-tls-cache-size int                         Size of TLS session cache for all control and data connections (default 32)
-      --ftp-user string                                FTP username (default &quot;$USER&quot;)
-      --ftp-writing-mdtm                               Use MDTM to set modification time (VsFtpd quirk)
-      --gcs-anonymous                                  Access public buckets and objects without credentials
-      --gcs-auth-url string                            Auth server URL
-      --gcs-bucket-acl string                          Access Control List for new buckets
-      --gcs-bucket-policy-only                         Access checks should use bucket-level IAM policies
-      --gcs-client-id string                           OAuth Client Id
-      --gcs-client-secret string                       OAuth Client Secret
-      --gcs-decompress                                 If set this will decompress gzip encoded objects
-      --gcs-encoding MultiEncoder                      The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gcs-endpoint string                            Endpoint for the service
-      --gcs-env-auth                                   Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
-      --gcs-location string                            Location for the newly created buckets
-      --gcs-no-check-bucket                            If set, don&#39;t attempt to check the bucket exists or create it
-      --gcs-object-acl string                          Access Control List for new objects
-      --gcs-project-number string                      Project number
-      --gcs-service-account-file string                Service Account Credentials JSON file path
-      --gcs-storage-class string                       The storage class to use when storing objects in Google Cloud Storage
-      --gcs-token string                               OAuth Access Token as a JSON blob
-      --gcs-token-url string                           Token server url
-      --gphotos-auth-url string                        Auth server URL
-      --gphotos-client-id string                       OAuth Client Id
-      --gphotos-client-secret string                   OAuth Client Secret
-      --gphotos-encoding MultiEncoder                  The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gphotos-include-archived                       Also view and download archived media
-      --gphotos-read-only                              Set to make the Google Photos backend read only
-      --gphotos-read-size                              Set to read the size of media items
-      --gphotos-start-year int                         Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
-      --gphotos-token string                           OAuth Access Token as a JSON blob
-      --gphotos-token-url string                       Token server url
-      --hasher-auto-size SizeSuffix                    Auto-update checksum for files smaller than this size (disabled by default)
-      --hasher-hashes CommaSepList                     Comma separated list of supported checksum types (default md5,sha1)
-      --hasher-max-age Duration                        Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
-      --hasher-remote string                           Remote to cache checksums for (e.g. myRemote:path)
-      --hdfs-data-transfer-protection string           Kerberos data transfer protection: authentication|integrity|privacy
-      --hdfs-encoding MultiEncoder                     The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
-      --hdfs-namenode string                           Hadoop name node and port
-      --hdfs-service-principal-name string             Kerberos service principal name for the namenode
-      --hdfs-username string                           Hadoop user name
-      --hidrive-auth-url string                        Auth server URL
-      --hidrive-chunk-size SizeSuffix                  Chunksize for chunked uploads (default 48Mi)
-      --hidrive-client-id string                       OAuth Client Id
-      --hidrive-client-secret string                   OAuth Client Secret
-      --hidrive-disable-fetching-member-count          Do not fetch number of objects in directories unless it is absolutely necessary
-      --hidrive-encoding MultiEncoder                  The encoding for the backend (default Slash,Dot)
-      --hidrive-endpoint string                        Endpoint for the service (default &quot;https://api.hidrive.strato.com/2.1&quot;)
-      --hidrive-root-prefix string                     The root/parent folder for all paths (default &quot;/&quot;)
-      --hidrive-scope-access string                    Access permissions that rclone should use when requesting access from HiDrive (default &quot;rw&quot;)
-      --hidrive-scope-role string                      User-level that rclone should use when requesting access from HiDrive (default &quot;user&quot;)
-      --hidrive-token string                           OAuth Access Token as a JSON blob
-      --hidrive-token-url string                       Token server url
-      --hidrive-upload-concurrency int                 Concurrency for chunked uploads (default 4)
-      --hidrive-upload-cutoff SizeSuffix               Cutoff/Threshold for chunked uploads (default 96Mi)
-      --http-headers CommaSepList                      Set HTTP headers for all transactions
-      --http-no-head                                   Don&#39;t use HEAD requests
-      --http-no-slash                                  Set this if the site doesn&#39;t end directories with /
-      --http-url string                                URL of HTTP host to connect to
-      --internetarchive-access-key-id string           IAS3 Access Key
-      --internetarchive-disable-checksum               Don&#39;t ask the server to test against MD5 checksum calculated by rclone (default true)
-      --internetarchive-encoding MultiEncoder          The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
-      --internetarchive-endpoint string                IAS3 Endpoint (default &quot;https://s3.us.archive.org&quot;)
-      --internetarchive-front-endpoint string          Host of InternetArchive Frontend (default &quot;https://archive.org&quot;)
-      --internetarchive-secret-access-key string       IAS3 Secret Key (password)
-      --internetarchive-wait-archive Duration          Timeout for waiting the server&#39;s processing tasks (specifically archive and book_op) to finish (default 0s)
-      --jottacloud-encoding MultiEncoder               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
-      --jottacloud-hard-delete                         Delete files permanently rather than putting them into the trash
-      --jottacloud-md5-memory-limit SizeSuffix         Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
-      --jottacloud-no-versions                         Avoid server side versioning by deleting files and recreating files instead of overwriting them
-      --jottacloud-trashed-only                        Only show files that are in the trash
-      --jottacloud-upload-resume-limit SizeSuffix      Files bigger than this can be resumed if the upload fail&#39;s (default 10Mi)
-      --koofr-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --koofr-endpoint string                          The Koofr API endpoint to use
-      --koofr-mountid string                           Mount ID of the mount to use
-      --koofr-password string                          Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
-      --koofr-provider string                          Choose your storage provider
-      --koofr-setmtime                                 Does the backend support setting modification time (default true)
-      --koofr-user string                              Your user name
-  -l, --links                                          Translate symlinks to/from regular files with a &#39;.rclonelink&#39; extension
-      --local-case-insensitive                         Force the filesystem to report itself as case insensitive
-      --local-case-sensitive                           Force the filesystem to report itself as case sensitive
-      --local-encoding MultiEncoder                    The encoding for the backend (default Slash,Dot)
-      --local-no-check-updated                         Don&#39;t check to see if the files change during upload
-      --local-no-preallocate                           Disable preallocation of disk space for transferred files
-      --local-no-set-modtime                           Disable setting modtime
-      --local-no-sparse                                Disable sparse files for multi-thread downloads
-      --local-nounc                                    Disable UNC (long path names) conversion on Windows
-      --local-unicode-normalization                    Apply unicode NFC normalization to paths and filenames
-      --local-zero-size-links                          Assume the Stat size of links is zero (and read them instead) (deprecated)
-      --mailru-check-hash                              What should copy do if file checksum is mismatched or invalid (default true)
-      --mailru-encoding MultiEncoder                   The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --mailru-pass string                             Password (obscured)
-      --mailru-speedup-enable                          Skip full upload if there is another file with same data hash (default true)
-      --mailru-speedup-file-patterns string            Comma separated list of file name patterns eligible for speedup (put by hash) (default &quot;*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf&quot;)
-      --mailru-speedup-max-disk SizeSuffix             This option allows you to disable speedup (put by hash) for large files (default 3Gi)
-      --mailru-speedup-max-memory SizeSuffix           Files larger than the size given below will always be hashed on disk (default 32Mi)
-      --mailru-user string                             User name (usually email)
-      --mega-debug                                     Output more debug from Mega
-      --mega-encoding MultiEncoder                     The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --mega-hard-delete                               Delete files permanently rather than putting them into the trash
-      --mega-pass string                               Password (obscured)
-      --mega-use-https                                 Use HTTPS for transfers
-      --mega-user string                               User name
-      --netstorage-account string                      Set the NetStorage account name
-      --netstorage-host string                         Domain+path of NetStorage host to connect to
-      --netstorage-protocol string                     Select between HTTP or HTTPS protocol (default &quot;https&quot;)
-      --netstorage-secret string                       Set the NetStorage account secret/G2O key for authentication (obscured)
-  -x, --one-file-system                                Don&#39;t cross filesystem boundaries (unix/macOS only)
-      --onedrive-access-scopes SpaceSepList            Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
-      --onedrive-auth-url string                       Auth server URL
-      --onedrive-chunk-size SizeSuffix                 Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
-      --onedrive-client-id string                      OAuth Client Id
-      --onedrive-client-secret string                  OAuth Client Secret
-      --onedrive-drive-id string                       The ID of the drive to use
-      --onedrive-drive-type string                     The type of the drive (personal | business | documentLibrary)
-      --onedrive-encoding MultiEncoder                 The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --onedrive-expose-onenote-files                  Set to make OneNote files show up in directory listings
-      --onedrive-hash-type string                      Specify the hash in use for the backend (default &quot;auto&quot;)
-      --onedrive-link-password string                  Set the password for links created by the link command
-      --onedrive-link-scope string                     Set the scope of the links created by the link command (default &quot;anonymous&quot;)
-      --onedrive-link-type string                      Set the type of the links created by the link command (default &quot;view&quot;)
-      --onedrive-list-chunk int                        Size of listing chunk (default 1000)
-      --onedrive-no-versions                           Remove all versions on modifying operations
-      --onedrive-region string                         Choose national cloud region for OneDrive (default &quot;global&quot;)
-      --onedrive-root-folder-id string                 ID of the root folder
-      --onedrive-server-side-across-configs            Allow server-side operations (e.g. copy) to work across different onedrive configs
-      --onedrive-token string                          OAuth Access Token as a JSON blob
-      --onedrive-token-url string                      Token server url
-      --oos-chunk-size SizeSuffix                      Chunk size to use for uploading (default 5Mi)
-      --oos-compartment string                         Object storage compartment OCID
-      --oos-config-file string                         Path to OCI config file (default &quot;~/.oci/config&quot;)
-      --oos-config-profile string                      Profile name inside the oci config file (default &quot;Default&quot;)
-      --oos-copy-cutoff SizeSuffix                     Cutoff for switching to multipart copy (default 4.656Gi)
-      --oos-copy-timeout Duration                      Timeout for copy (default 1m0s)
-      --oos-disable-checksum                           Don&#39;t store MD5 checksum with object metadata
-      --oos-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --oos-endpoint string                            Endpoint for Object storage API
-      --oos-leave-parts-on-error                       If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --oos-namespace string                           Object storage namespace
-      --oos-no-check-bucket                            If set, don&#39;t attempt to check the bucket exists or create it
-      --oos-provider string                            Choose your Auth Provider (default &quot;env_auth&quot;)
-      --oos-region string                              Object storage Region
-      --oos-sse-customer-algorithm string              If using SSE-C, the optional header that specifies &quot;AES256&quot; as the encryption algorithm
-      --oos-sse-customer-key string                    To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
-      --oos-sse-customer-key-file string               To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
-      --oos-sse-customer-key-sha256 string             If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
-      --oos-sse-kms-key-id string                      if using using your own master key in vault, this header specifies the
-      --oos-storage-tier string                        The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default &quot;Standard&quot;)
-      --oos-upload-concurrency int                     Concurrency for multipart uploads (default 10)
-      --oos-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
-      --opendrive-chunk-size SizeSuffix                Files will be uploaded in chunks this size (default 10Mi)
-      --opendrive-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
-      --opendrive-password string                      Password (obscured)
-      --opendrive-username string                      Username
-      --pcloud-auth-url string                         Auth server URL
-      --pcloud-client-id string                        OAuth Client Id
-      --pcloud-client-secret string                    OAuth Client Secret
-      --pcloud-encoding MultiEncoder                   The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --pcloud-hostname string                         Hostname to connect to (default &quot;api.pcloud.com&quot;)
-      --pcloud-password string                         Your pcloud password (obscured)
-      --pcloud-root-folder-id string                   Fill in for rclone to use a non root folder as its starting point (default &quot;d0&quot;)
-      --pcloud-token string                            OAuth Access Token as a JSON blob
-      --pcloud-token-url string                        Token server url
-      --pcloud-username string                         Your pcloud username
-      --premiumizeme-encoding MultiEncoder             The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --putio-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --qingstor-access-key-id string                  QingStor Access Key ID
-      --qingstor-chunk-size SizeSuffix                 Chunk size to use for uploading (default 4Mi)
-      --qingstor-connection-retries int                Number of connection retries (default 3)
-      --qingstor-encoding MultiEncoder                 The encoding for the backend (default Slash,Ctl,InvalidUtf8)
-      --qingstor-endpoint string                       Enter an endpoint URL to connection QingStor API
-      --qingstor-env-auth                              Get QingStor credentials from runtime
-      --qingstor-secret-access-key string              QingStor Secret Access Key (password)
-      --qingstor-upload-concurrency int                Concurrency for multipart uploads (default 1)
-      --qingstor-upload-cutoff SizeSuffix              Cutoff for switching to chunked upload (default 200Mi)
-      --qingstor-zone string                           Zone to connect to
-      --s3-access-key-id string                        AWS Access Key ID
-      --s3-acl string                                  Canned ACL used when creating buckets and storing or copying objects
-      --s3-bucket-acl string                           Canned ACL used when creating buckets
-      --s3-chunk-size SizeSuffix                       Chunk size to use for uploading (default 5Mi)
-      --s3-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4.656Gi)
-      --s3-decompress                                  If set this will decompress gzip encoded objects
-      --s3-disable-checksum                            Don&#39;t store MD5 checksum with object metadata
-      --s3-disable-http2                               Disable usage of http2 for S3 backends
-      --s3-download-url string                         Custom endpoint for downloads
-      --s3-encoding MultiEncoder                       The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --s3-endpoint string                             Endpoint for S3 API
-      --s3-env-auth                                    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
-      --s3-force-path-style                            If true use path style access if false use virtual hosted style (default true)
-      --s3-leave-parts-on-error                        If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --s3-list-chunk int                              Size of listing chunk (response list for each ListObject S3 request) (default 1000)
-      --s3-list-url-encode Tristate                    Whether to url encode listings: true/false/unset (default unset)
-      --s3-list-version int                            Version of ListObjects to use: 1,2 or 0 for auto
-      --s3-location-constraint string                  Location constraint - must be set to match the Region
-      --s3-max-upload-parts int                        Maximum number of parts in a multipart upload (default 10000)
-      --s3-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --s3-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --s3-might-gzip Tristate                         Set this if the backend might gzip objects (default unset)
-      --s3-no-check-bucket                             If set, don&#39;t attempt to check the bucket exists or create it
-      --s3-no-head                                     If set, don&#39;t HEAD uploaded objects to check integrity
-      --s3-no-head-object                              If set, do not do HEAD before GET when getting objects
-      --s3-no-system-metadata                          Suppress setting and reading of system metadata
-      --s3-profile string                              Profile to use in the shared credentials file
-      --s3-provider string                             Choose your S3 provider
-      --s3-region string                               Region to connect to
-      --s3-requester-pays                              Enables requester pays option when interacting with S3 bucket
-      --s3-secret-access-key string                    AWS Secret Access Key (password)
-      --s3-server-side-encryption string               The server-side encryption algorithm used when storing this object in S3
-      --s3-session-token string                        An AWS session token
-      --s3-shared-credentials-file string              Path to the shared credentials file
-      --s3-sse-customer-algorithm string               If using SSE-C, the server-side encryption algorithm used when storing this object in S3
-      --s3-sse-customer-key string                     To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
-      --s3-sse-customer-key-base64 string              If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
-      --s3-sse-customer-key-md5 string                 If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
-      --s3-sse-kms-key-id string                       If using KMS ID you must provide the ARN of Key
-      --s3-storage-class string                        The storage class to use when storing new objects in S3
-      --s3-sts-endpoint string                         Endpoint for STS
-      --s3-upload-concurrency int                      Concurrency for multipart uploads (default 4)
-      --s3-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --s3-use-accelerate-endpoint                     If true use the AWS S3 accelerated endpoint
-      --s3-use-multipart-etag Tristate                 Whether to use ETag in multipart uploads for verification (default unset)
-      --s3-use-presigned-request                       Whether to use a presigned request or PutObject for single part uploads
-      --s3-v2-auth                                     If true use v2 authentication
-      --s3-version-at Time                             Show file versions as they were at the specified time (default off)
-      --s3-versions                                    Include old versions in directory listings
-      --seafile-2fa                                    Two-factor authentication (&#39;true&#39; if the account has 2FA enabled)
-      --seafile-create-library                         Should rclone create a library if it doesn&#39;t exist
-      --seafile-encoding MultiEncoder                  The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
-      --seafile-library string                         Name of the library
-      --seafile-library-key string                     Library password (for encrypted libraries only) (obscured)
-      --seafile-pass string                            Password (obscured)
-      --seafile-url string                             URL of seafile host to connect to
-      --seafile-user string                            User name (usually email address)
-      --sftp-ask-password                              Allow asking for SFTP password when needed
-      --sftp-chunk-size SizeSuffix                     Upload and download chunk size (default 32Ki)
-      --sftp-ciphers SpaceSepList                      Space separated list of ciphers to be used for session encryption, ordered by preference
-      --sftp-concurrency int                           The maximum number of outstanding requests for one file (default 64)
-      --sftp-disable-concurrent-reads                  If set don&#39;t use concurrent reads
-      --sftp-disable-concurrent-writes                 If set don&#39;t use concurrent writes
-      --sftp-disable-hashcheck                         Disable the execution of SSH commands to determine if remote file hashing is available
-      --sftp-host string                               SSH host to connect to
-      --sftp-idle-timeout Duration                     Max time before closing idle connections (default 1m0s)
-      --sftp-key-exchange SpaceSepList                 Space separated list of key exchange algorithms, ordered by preference
-      --sftp-key-file string                           Path to PEM-encoded private key file
-      --sftp-key-file-pass string                      The passphrase to decrypt the PEM-encoded private key file (obscured)
-      --sftp-key-pem string                            Raw PEM-encoded private key
-      --sftp-key-use-agent                             When set forces the usage of the ssh-agent
-      --sftp-known-hosts-file string                   Optional path to known_hosts file
-      --sftp-macs SpaceSepList                         Space separated list of MACs (message authentication code) algorithms, ordered by preference
-      --sftp-md5sum-command string                     The command used to read md5 hashes
-      --sftp-pass string                               SSH password, leave blank to use ssh-agent (obscured)
-      --sftp-path-override string                      Override path used by SSH shell commands
-      --sftp-port int                                  SSH port number (default 22)
-      --sftp-pubkey-file string                        Optional path to public key file
-      --sftp-server-command string                     Specifies the path or command to run a sftp server on the remote host
-      --sftp-set-env SpaceSepList                      Environment variables to pass to sftp and commands
-      --sftp-set-modtime                               Set the modified time on the remote if set (default true)
-      --sftp-sha1sum-command string                    The command used to read sha1 hashes
-      --sftp-shell-type string                         The type of SSH shell on remote server, if any
-      --sftp-skip-links                                Set to skip any symlinks and any other non regular files
-      --sftp-subsystem string                          Specifies the SSH2 subsystem on the remote host (default &quot;sftp&quot;)
-      --sftp-use-fstat                                 If set use fstat instead of stat
-      --sftp-use-insecure-cipher                       Enable the use of insecure ciphers and key exchange methods
-      --sftp-user string                               SSH username (default &quot;$USER&quot;)
-      --sharefile-chunk-size SizeSuffix                Upload chunk size (default 64Mi)
-      --sharefile-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --sharefile-endpoint string                      Endpoint for API calls
-      --sharefile-root-folder-id string                ID of the root folder
-      --sharefile-upload-cutoff SizeSuffix             Cutoff for switching to multipart upload (default 128Mi)
-      --sia-api-password string                        Sia Daemon API Password (obscured)
-      --sia-api-url string                             Sia daemon API URL, like http://sia.daemon.host:9980 (default &quot;http://127.0.0.1:9980&quot;)
-      --sia-encoding MultiEncoder                      The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
-      --sia-user-agent string                          Siad User Agent (default &quot;Sia-Agent&quot;)
-      --skip-links                                     Don&#39;t warn about skipped symlinks
-      --smb-case-insensitive                           Whether the server is configured to be case-insensitive (default true)
-      --smb-domain string                              Domain name for NTLM authentication (default &quot;WORKGROUP&quot;)
-      --smb-encoding MultiEncoder                      The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --smb-hide-special-share                         Hide special shares (e.g. print$) which users aren&#39;t supposed to access (default true)
-      --smb-host string                                SMB server hostname to connect to
-      --smb-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --smb-pass string                                SMB password (obscured)
-      --smb-port int                                   SMB port number (default 445)
-      --smb-spn string                                 Service principal name
-      --smb-user string                                SMB username (default &quot;$USER&quot;)
-      --storj-access-grant string                      Access grant
-      --storj-api-key string                           API key
-      --storj-passphrase string                        Encryption passphrase
-      --storj-provider string                          Choose an authentication method (default &quot;existing&quot;)
-      --storj-satellite-address string                 Satellite address (default &quot;us1.storj.io&quot;)
-      --sugarsync-access-key-id string                 Sugarsync Access Key ID
-      --sugarsync-app-id string                        Sugarsync App ID
-      --sugarsync-authorization string                 Sugarsync authorization
-      --sugarsync-authorization-expiry string          Sugarsync authorization expiry
-      --sugarsync-deleted-id string                    Sugarsync deleted folder id
-      --sugarsync-encoding MultiEncoder                The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
-      --sugarsync-hard-delete                          Permanently delete files if true
-      --sugarsync-private-access-key string            Sugarsync Private Access Key
-      --sugarsync-refresh-token string                 Sugarsync refresh token
-      --sugarsync-root-id string                       Sugarsync root id
-      --sugarsync-user string                          Sugarsync user
-      --swift-application-credential-id string         Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
-      --swift-application-credential-name string       Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
-      --swift-application-credential-secret string     Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
-      --swift-auth string                              Authentication URL for server (OS_AUTH_URL)
-      --swift-auth-token string                        Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-      --swift-auth-version int                         AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-      --swift-chunk-size SizeSuffix                    Above this size files will be chunked into a _segments container (default 5Gi)
-      --swift-domain string                            User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-      --swift-encoding MultiEncoder                    The encoding for the backend (default Slash,InvalidUtf8)
-      --swift-endpoint-type string                     Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default &quot;public&quot;)
-      --swift-env-auth                                 Get swift credentials from environment variables in standard OpenStack form
-      --swift-key string                               API key or password (OS_PASSWORD)
-      --swift-leave-parts-on-error                     If true avoid calling abort upload on a failure
-      --swift-no-chunk                                 Don&#39;t chunk files during streaming upload
-      --swift-no-large-objects                         Disable support for static and dynamic large objects
-      --swift-region string                            Region name - optional (OS_REGION_NAME)
-      --swift-storage-policy string                    The storage policy to use when creating a new container
-      --swift-storage-url string                       Storage URL - optional (OS_STORAGE_URL)
-      --swift-tenant string                            Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-      --swift-tenant-domain string                     Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-      --swift-tenant-id string                         Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-      --swift-user string                              User name to log in (OS_USERNAME)
-      --swift-user-id string                           User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
-      --union-action-policy string                     Policy to choose upstream on ACTION category (default &quot;epall&quot;)
-      --union-cache-time int                           Cache time of usage and free space (in seconds) (default 120)
-      --union-create-policy string                     Policy to choose upstream on CREATE category (default &quot;epmfs&quot;)
-      --union-min-free-space SizeSuffix                Minimum viable free space for lfs/eplfs policies (default 1Gi)
-      --union-search-policy string                     Policy to choose upstream on SEARCH category (default &quot;ff&quot;)
-      --union-upstreams string                         List of space separated upstreams
-      --uptobox-access-token string                    Your access token
-      --uptobox-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
-      --webdav-bearer-token string                     Bearer token instead of user/pass (e.g. a Macaroon)
-      --webdav-bearer-token-command string             Command to run to get a bearer token
-      --webdav-encoding string                         The encoding for the backend
-      --webdav-headers CommaSepList                    Set HTTP headers for all transactions
-      --webdav-pass string                             Password (obscured)
-      --webdav-url string                              URL of http host to connect to
-      --webdav-user string                             User name
-      --webdav-vendor string                           Name of the WebDAV site/service/software you are using
-      --yandex-auth-url string                         Auth server URL
-      --yandex-client-id string                        OAuth Client Id
-      --yandex-client-secret string                    OAuth Client Secret
-      --yandex-encoding MultiEncoder                   The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --yandex-hard-delete                             Delete files permanently rather than putting them into the trash
-      --yandex-token string                            OAuth Access Token as a JSON blob
-      --yandex-token-url string                        Token server url
-      --zoho-auth-url string                           Auth server URL
-      --zoho-client-id string                          OAuth Client Id
-      --zoho-client-secret string                      OAuth Client Secret
-      --zoho-encoding MultiEncoder                     The encoding for the backend (default Del,Ctl,InvalidUtf8)
-      --zoho-region string                             Zoho region to connect to
-      --zoho-token string                              OAuth Access Token as a JSON blob
-      --zoho-token-url string                          Token server url</code></pre>
+<p>This describes the global flags available to every rclone command split into groups.</p>
+<h2 id="copy-1">Copy</h2>
+<p>Flags for anything which can Copy a file.</p>
+<pre><code>      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size &amp; checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don&#39;t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don&#39;t check the destination, copy regardless
+      --no-traverse                                 Don&#39;t traverse destination file system on copy
+      --no-update-modtime                           Don&#39;t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. &#39;size,descending&#39;
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default &quot;.partial&quot;)
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination</code></pre>
+<h2 id="sync">Sync</h2>
+<p>Flags just used for <code>rclone sync</code>.</p>
+<pre><code>      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default &quot;hash&quot;)</code></pre>
+<h2 id="important">Important</h2>
+<p>Important flags useful for most commands.</p>
+<pre><code>  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)</code></pre>
+<h2 id="check">Check</h2>
+<p>Flags used for <code>rclone check</code>.</p>
+<pre><code>      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)</code></pre>
+<h2 id="networking">Networking</h2>
+<p>General networking and HTTP stuff.</p>
+<pre><code>      --bind string                        Local address to bind to for outgoing connections, IPv4, IPv6 or name
+      --bwlimit BwTimetable                Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --bwlimit-file BwTimetable           Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --ca-cert stringArray                CA certificate used to verify servers
+      --client-cert string                 Client SSL certificate (PEM) for mutual TLS auth
+      --client-key string                  Client SSL private key (PEM) for mutual TLS auth
+      --contimeout Duration                Connect timeout (default 1m0s)
+      --disable-http-keep-alives           Disable HTTP keep-alives and use each connection once.
+      --disable-http2                      Disable HTTP/2 in the global transport
+      --dscp string                        Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
+      --expect-continue-timeout Duration   Timeout when using expect / 100-continue in HTTP (default 1s)
+      --header stringArray                 Set HTTP header for all transactions
+      --header-download stringArray        Set HTTP header for download transactions
+      --header-upload stringArray          Set HTTP header for upload transactions
+      --no-check-certificate               Do not verify the server SSL certificate (insecure)
+      --no-gzip-encoding                   Don&#39;t set Accept-Encoding: gzip
+      --timeout Duration                   IO idle timeout (default 5m0s)
+      --tpslimit float                     Limit HTTP transactions per second to this
+      --tpslimit-burst int                 Max burst of transactions for --tpslimit (default 1)
+      --use-cookies                        Enable session cookiejar
+      --user-agent string                  Set the user-agent to a specified string (default &quot;rclone/v1.65.0&quot;)</code></pre>
+<h2 id="performance">Performance</h2>
+<p>Flags helpful for increasing performance.</p>
+<pre><code>      --buffer-size SizeSuffix   In memory buffer size when reading files for each --transfer (default 16Mi)
+      --checkers int             Number of checkers to run in parallel (default 8)
+      --transfers int            Number of file transfers to run in parallel (default 4)</code></pre>
+<h2 id="config">Config</h2>
+<p>General configuration of rclone.</p>
+<pre><code>      --ask-password                        Allow prompt for password for encrypted configuration (default true)
+      --auto-confirm                        If enabled, do not request console confirmation
+      --cache-dir string                    Directory rclone will use for caching (default &quot;$HOME/.cache/rclone&quot;)
+      --color AUTO|NEVER|ALWAYS             When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default AUTO)
+      --config string                       Config file (default &quot;$HOME/.config/rclone/rclone.conf&quot;)
+      --default-time Time                   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --disable string                      Disable a comma separated list of features (use --disable help to see a list)
+  -n, --dry-run                             Do a trial run with no permanent changes
+      --error-on-no-transfer                Sets exit code 9 if no files are transferred, useful in scripts
+      --fs-cache-expire-duration Duration   Cache remotes for this long (0 to disable caching) (default 5m0s)
+      --fs-cache-expire-interval Duration   Interval to check for expired remotes (default 1m0s)
+      --human-readable                      Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
+  -i, --interactive                         Enable interactive mode
+      --kv-lock-time Duration               Maximum time to keep key-value database locked by process (default 1s)
+      --low-level-retries int               Number of low level retries to do (default 10)
+      --no-console                          Hide console window (supported on Windows only)
+      --no-unicode-normalization            Don&#39;t normalize unicode characters in filenames
+      --password-command SpaceSepList       Command for supplying password for encrypted configuration
+      --retries int                         Retry operations this many times if they fail (default 3)
+      --retries-sleep Duration              Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
+      --temp-dir string                     Directory rclone will use for temporary files (default &quot;/tmp&quot;)
+      --use-mmap                            Use mmap allocator (see docs)
+      --use-server-modtime                  Use server modified time instead of object metadata</code></pre>
+<h2 id="debugging">Debugging</h2>
+<p>Flags for developers.</p>
+<pre><code>      --cpuprofile string   Write cpu profile to file
+      --dump DumpFlags      List of items to dump from: headers, bodies, requests, responses, auth, filters, goroutines, openfiles, mapper
+      --dump-bodies         Dump HTTP headers and bodies - may contain sensitive info
+      --dump-headers        Dump HTTP headers - may contain sensitive info
+      --memprofile string   Write memory profile to file</code></pre>
+<h2 id="filter">Filter</h2>
+<p>Flags for filtering directory listings.</p>
+<pre><code>      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)</code></pre>
+<h2 id="listing">Listing</h2>
+<p>Flags for listing directories.</p>
+<pre><code>      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions</code></pre>
+<h2 id="logging-1">Logging</h2>
+<p>Logging and statistics.</p>
+<pre><code>      --log-file string                     Log everything to this file
+      --log-format string                   Comma separated list of log format options (default &quot;date,time&quot;)
+      --log-level LogLevel                  Log level DEBUG|INFO|NOTICE|ERROR (default NOTICE)
+      --log-systemd                         Activate systemd integration for the logger
+      --max-stats-groups int                Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
+  -P, --progress                            Show progress during transfer
+      --progress-terminal-title             Show progress on the terminal title (requires -P/--progress)
+  -q, --quiet                               Print as little stuff as possible
+      --stats Duration                      Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
+      --stats-file-name-length int          Max file name length in stats (0 for no limit) (default 45)
+      --stats-log-level LogLevel            Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default INFO)
+      --stats-one-line                      Make the stats fit on one line
+      --stats-one-line-date                 Enable --stats-one-line and add current date/time prefix
+      --stats-one-line-date-format string   Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes (&quot;), see https://golang.org/pkg/time/#Time.Format
+      --stats-unit string                   Show data rate in stats as either &#39;bits&#39; or &#39;bytes&#39; per second (default &quot;bytes&quot;)
+      --syslog                              Use Syslog for logging
+      --syslog-facility string              Facility for syslog, e.g. KERN,USER,... (default &quot;DAEMON&quot;)
+      --use-json-log                        Use json log format
+  -v, --verbose count                       Print lots more stuff (repeat for more)</code></pre>
+<h2 id="metadata-2">Metadata</h2>
+<p>Flags to control metadata.</p>
+<pre><code>  -M, --metadata                            If set, preserve metadata when copying objects
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --metadata-mapper SpaceSepList        Program to run to transforming metadata before upload
+      --metadata-set stringArray            Add metadata key=value when uploading</code></pre>
+<h2 id="rc-1">RC</h2>
+<p>Flags to control the Remote Control API.</p>
+<pre><code>      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default &quot;tls1.0&quot;)
+      --rc-no-auth                         Don&#39;t require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default &quot;dlPL2MqE&quot;)
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default &quot;https://api.github.com/repos/rclone/rclone-webui-react/releases/latest&quot;)
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don&#39;t open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui</code></pre>
+<h2 id="backend">Backend</h2>
+<p>Backend only flags. These can be set in the config file also.</p>
+<pre><code>      --acd-auth-url string                                 Auth server URL
+      --acd-client-id string                                OAuth Client Id
+      --acd-client-secret string                            OAuth Client Secret
+      --acd-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --acd-templink-threshold SizeSuffix                   Files &gt;= this size will be downloaded via their tempLink (default 9Gi)
+      --acd-token string                                    OAuth Access Token as a JSON blob
+      --acd-token-url string                                Token server url
+      --acd-upload-wait-per-gb Duration                     Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
+      --alias-remote string                                 Remote or path to alias
+      --azureblob-access-tier string                        Access tier of blob: hot, cool, cold or archive
+      --azureblob-account string                            Azure Storage Account Name
+      --azureblob-archive-tier-delete                       Delete archive tier blobs before overwriting
+      --azureblob-chunk-size SizeSuffix                     Upload chunk size (default 4Mi)
+      --azureblob-client-certificate-password string        Password for the certificate file (optional) (obscured)
+      --azureblob-client-certificate-path string            Path to a PEM or PKCS12 certificate file including the private key
+      --azureblob-client-id string                          The ID of the client in use
+      --azureblob-client-secret string                      One of the service principal&#39;s client secrets
+      --azureblob-client-send-certificate-chain             Send the certificate chain when using certificate auth
+      --azureblob-directory-markers                         Upload an empty object with a trailing slash when a new directory is created
+      --azureblob-disable-checksum                          Don&#39;t store MD5 checksum with object metadata
+      --azureblob-encoding Encoding                         The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
+      --azureblob-endpoint string                           Endpoint for the service
+      --azureblob-env-auth                                  Read credentials from runtime (environment variables, CLI or MSI)
+      --azureblob-key string                                Storage Account Shared Key
+      --azureblob-list-chunk int                            Size of blob list (default 5000)
+      --azureblob-msi-client-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-msi-mi-res-id string                      Azure resource ID of the user-assigned MSI to use, if any
+      --azureblob-msi-object-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-no-check-container                        If set, don&#39;t attempt to check the container exists or create it
+      --azureblob-no-head-object                            If set, do not do HEAD before GET when getting objects
+      --azureblob-password string                           The user&#39;s password (obscured)
+      --azureblob-public-access string                      Public access level of a container: blob or container
+      --azureblob-sas-url string                            SAS URL for container level access only
+      --azureblob-service-principal-file string             Path to file containing credentials for use with a service principal
+      --azureblob-tenant string                             ID of the service principal&#39;s tenant. Also called its directory ID
+      --azureblob-upload-concurrency int                    Concurrency for multipart uploads (default 16)
+      --azureblob-upload-cutoff string                      Cutoff for switching to chunked upload (&lt;= 256 MiB) (deprecated)
+      --azureblob-use-emulator                              Uses local storage emulator if provided as &#39;true&#39;
+      --azureblob-use-msi                                   Use a managed service identity to authenticate (only works in Azure)
+      --azureblob-username string                           User name (usually an email address)
+      --azurefiles-account string                           Azure Storage Account Name
+      --azurefiles-chunk-size SizeSuffix                    Upload chunk size (default 4Mi)
+      --azurefiles-client-certificate-password string       Password for the certificate file (optional) (obscured)
+      --azurefiles-client-certificate-path string           Path to a PEM or PKCS12 certificate file including the private key
+      --azurefiles-client-id string                         The ID of the client in use
+      --azurefiles-client-secret string                     One of the service principal&#39;s client secrets
+      --azurefiles-client-send-certificate-chain            Send the certificate chain when using certificate auth
+      --azurefiles-connection-string string                 Azure Files Connection String
+      --azurefiles-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot)
+      --azurefiles-endpoint string                          Endpoint for the service
+      --azurefiles-env-auth                                 Read credentials from runtime (environment variables, CLI or MSI)
+      --azurefiles-key string                               Storage Account Shared Key
+      --azurefiles-max-stream-size SizeSuffix               Max size for streamed files (default 10Gi)
+      --azurefiles-msi-client-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-mi-res-id string                     Azure resource ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-object-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-password string                          The user&#39;s password (obscured)
+      --azurefiles-sas-url string                           SAS URL
+      --azurefiles-service-principal-file string            Path to file containing credentials for use with a service principal
+      --azurefiles-share-name string                        Azure Files Share Name
+      --azurefiles-tenant string                            ID of the service principal&#39;s tenant. Also called its directory ID
+      --azurefiles-upload-concurrency int                   Concurrency for multipart uploads (default 16)
+      --azurefiles-use-msi                                  Use a managed service identity to authenticate (only works in Azure)
+      --azurefiles-username string                          User name (usually an email address)
+      --b2-account string                                   Account ID or Application Key ID
+      --b2-chunk-size SizeSuffix                            Upload chunk size (default 96Mi)
+      --b2-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4Gi)
+      --b2-disable-checksum                                 Disable checksums for large (&gt; upload cutoff) files
+      --b2-download-auth-duration Duration                  Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
+      --b2-download-url string                              Custom endpoint for downloads
+      --b2-encoding Encoding                                The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --b2-endpoint string                                  Endpoint for the service
+      --b2-hard-delete                                      Permanently delete files on remote removal, otherwise hide files
+      --b2-key string                                       Application Key
+      --b2-lifecycle int                                    Set the number of days deleted files should be kept when creating a bucket
+      --b2-test-mode string                                 A flag string for X-Bz-Test-Mode header for debugging
+      --b2-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --b2-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --b2-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --b2-versions                                         Include old versions in directory listings
+      --box-access-token string                             Box App Primary Access Token
+      --box-auth-url string                                 Auth server URL
+      --box-box-config-file string                          Box App config.json location
+      --box-box-sub-type string                              (default &quot;user&quot;)
+      --box-client-id string                                OAuth Client Id
+      --box-client-secret string                            OAuth Client Secret
+      --box-commit-retries int                              Max number of times to try committing a multipart file (default 100)
+      --box-encoding Encoding                               The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
+      --box-impersonate string                              Impersonate this user ID when using a service account
+      --box-list-chunk int                                  Size of listing chunk 1-1000 (default 1000)
+      --box-owned-by string                                 Only show items owned by the login (email address) passed in
+      --box-root-folder-id string                           Fill in for rclone to use a non root folder as its starting point
+      --box-token string                                    OAuth Access Token as a JSON blob
+      --box-token-url string                                Token server url
+      --box-upload-cutoff SizeSuffix                        Cutoff for switching to multipart upload (&gt;= 50 MiB) (default 50Mi)
+      --cache-chunk-clean-interval Duration                 How often should the cache perform cleanups of the chunk storage (default 1m0s)
+      --cache-chunk-no-memory                               Disable the in-memory cache for storing chunks during streaming
+      --cache-chunk-path string                             Directory to cache chunk files (default &quot;$HOME/.cache/rclone/cache-backend&quot;)
+      --cache-chunk-size SizeSuffix                         The size of a chunk (partial file data) (default 5Mi)
+      --cache-chunk-total-size SizeSuffix                   The total size that the chunks can take up on the local disk (default 10Gi)
+      --cache-db-path string                                Directory to store file structure metadata DB (default &quot;$HOME/.cache/rclone/cache-backend&quot;)
+      --cache-db-purge                                      Clear all the cached data for this remote on start
+      --cache-db-wait-time Duration                         How long to wait for the DB to be available - 0 is unlimited (default 1s)
+      --cache-info-age Duration                             How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
+      --cache-plex-insecure string                          Skip all certificate verification when connecting to the Plex server
+      --cache-plex-password string                          The password of the Plex user (obscured)
+      --cache-plex-url string                               The URL of the Plex server
+      --cache-plex-username string                          The username of the Plex user
+      --cache-read-retries int                              How many times to retry a read from a cache storage (default 10)
+      --cache-remote string                                 Remote to cache
+      --cache-rps int                                       Limits the number of requests per second to the source FS (-1 to disable) (default -1)
+      --cache-tmp-upload-path string                        Directory to keep temporary files until they are uploaded
+      --cache-tmp-wait-time Duration                        How long should files be stored in local cache before being uploaded (default 15s)
+      --cache-workers int                                   How many workers should run in parallel to download chunks (default 4)
+      --cache-writes                                        Cache file data on writes through the FS
+      --chunker-chunk-size SizeSuffix                       Files larger than chunk size will be split in chunks (default 2Gi)
+      --chunker-fail-hard                                   Choose how chunker should handle files with missing or invalid chunks
+      --chunker-hash-type string                            Choose how chunker handles hash sums (default &quot;md5&quot;)
+      --chunker-remote string                               Remote to chunk/unchunk
+      --combine-upstreams SpaceSepList                      Upstreams for combining
+      --compress-level int                                  GZIP compression level (-2 to 9) (default -1)
+      --compress-mode string                                Compression mode (default &quot;gzip&quot;)
+      --compress-ram-cache-limit SizeSuffix                 Some remotes don&#39;t allow the upload of files with unknown size (default 20Mi)
+      --compress-remote string                              Remote to compress
+  -L, --copy-links                                          Follow symlinks and copy the pointed to item
+      --crypt-directory-name-encryption                     Option to either encrypt directory names or leave them intact (default true)
+      --crypt-filename-encoding string                      How to encode the encrypted filename to text string (default &quot;base32&quot;)
+      --crypt-filename-encryption string                    How to encrypt the filenames (default &quot;standard&quot;)
+      --crypt-no-data-encryption                            Option to either encrypt file data or leave it unencrypted
+      --crypt-pass-bad-blocks                               If set this will pass bad blocks through as all 0
+      --crypt-password string                               Password or pass phrase for encryption (obscured)
+      --crypt-password2 string                              Password or pass phrase for salt (obscured)
+      --crypt-remote string                                 Remote to encrypt/decrypt
+      --crypt-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --crypt-show-mapping                                  For all files listed show how the names encrypt
+      --crypt-suffix string                                 If this is set it will override the default suffix of &quot;.bin&quot; (default &quot;.bin&quot;)
+      --drive-acknowledge-abuse                             Set to allow files which return cannotDownloadAbusiveFile to be downloaded
+      --drive-allow-import-name-change                      Allow the filetype to change when uploading Google docs
+      --drive-auth-owner-only                               Only consider files owned by the authenticated user
+      --drive-auth-url string                               Auth server URL
+      --drive-chunk-size SizeSuffix                         Upload chunk size (default 8Mi)
+      --drive-client-id string                              Google Application Client Id
+      --drive-client-secret string                          OAuth Client Secret
+      --drive-copy-shortcut-content                         Server side copy contents of shortcuts instead of the shortcut
+      --drive-disable-http2                                 Disable drive using http2 (default true)
+      --drive-encoding Encoding                             The encoding for the backend (default InvalidUtf8)
+      --drive-env-auth                                      Get IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --drive-export-formats string                         Comma separated list of preferred formats for downloading Google docs (default &quot;docx,xlsx,pptx,svg&quot;)
+      --drive-fast-list-bug-fix                             Work around a bug in Google Drive listing (default true)
+      --drive-formats string                                Deprecated: See export_formats
+      --drive-impersonate string                            Impersonate this user when using a service account
+      --drive-import-formats string                         Comma separated list of preferred formats for uploading Google docs
+      --drive-keep-revision-forever                         Keep new head revision of each file forever
+      --drive-list-chunk int                                Size of listing chunk 100-1000, 0 to disable (default 1000)
+      --drive-metadata-labels Bits                          Control whether labels should be read or written in metadata (default off)
+      --drive-metadata-owner Bits                           Control whether owner should be read or written in metadata (default read)
+      --drive-metadata-permissions Bits                     Control whether permissions should be read or written in metadata (default off)
+      --drive-pacer-burst int                               Number of API calls to allow without sleeping (default 100)
+      --drive-pacer-min-sleep Duration                      Minimum time to sleep between API calls (default 100ms)
+      --drive-resource-key string                           Resource key for accessing a link-shared file
+      --drive-root-folder-id string                         ID of the root folder
+      --drive-scope string                                  Comma separated list of scopes that rclone should use when requesting access from drive
+      --drive-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --drive-service-account-credentials string            Service Account Credentials JSON blob
+      --drive-service-account-file string                   Service Account Credentials JSON file path
+      --drive-shared-with-me                                Only show files that are shared with me
+      --drive-show-all-gdocs                                Show all Google Docs including non-exportable ones in listings
+      --drive-size-as-quota                                 Show sizes as storage quota usage, not actual size
+      --drive-skip-checksum-gphotos                         Skip checksums on Google photos and videos only
+      --drive-skip-dangling-shortcuts                       If set skip dangling shortcut files
+      --drive-skip-gdocs                                    Skip google documents in all listings
+      --drive-skip-shortcuts                                If set skip shortcut files
+      --drive-starred-only                                  Only show files that are starred
+      --drive-stop-on-download-limit                        Make download limit errors be fatal
+      --drive-stop-on-upload-limit                          Make upload limit errors be fatal
+      --drive-team-drive string                             ID of the Shared Drive (Team Drive)
+      --drive-token string                                  OAuth Access Token as a JSON blob
+      --drive-token-url string                              Token server url
+      --drive-trashed-only                                  Only show files that are in the trash
+      --drive-upload-cutoff SizeSuffix                      Cutoff for switching to chunked upload (default 8Mi)
+      --drive-use-created-date                              Use file created date instead of modified date
+      --drive-use-shared-date                               Use date file was shared instead of modified date
+      --drive-use-trash                                     Send files to the trash instead of deleting permanently (default true)
+      --drive-v2-download-min-size SizeSuffix               If Object&#39;s are greater, use drive v2 API to download (default off)
+      --dropbox-auth-url string                             Auth server URL
+      --dropbox-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --dropbox-batch-mode string                           Upload file batching sync|async|off (default &quot;sync&quot;)
+      --dropbox-batch-size int                              Max number of files in upload batch
+      --dropbox-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --dropbox-chunk-size SizeSuffix                       Upload chunk size (&lt; 150Mi) (default 48Mi)
+      --dropbox-client-id string                            OAuth Client Id
+      --dropbox-client-secret string                        OAuth Client Secret
+      --dropbox-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
+      --dropbox-impersonate string                          Impersonate this user when using a business account
+      --dropbox-pacer-min-sleep Duration                    Minimum time to sleep between API calls (default 10ms)
+      --dropbox-shared-files                                Instructs rclone to work on individual shared files
+      --dropbox-shared-folders                              Instructs rclone to work on shared folders
+      --dropbox-token string                                OAuth Access Token as a JSON blob
+      --dropbox-token-url string                            Token server url
+      --fichier-api-key string                              Your API Key, get it from https://1fichier.com/console/params.pl
+      --fichier-cdn                                         Set if you wish to use CDN download links
+      --fichier-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --fichier-file-password string                        If you want to download a shared file that is password protected, add this parameter (obscured)
+      --fichier-folder-password string                      If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
+      --fichier-shared-folder string                        If you want to download a shared folder, add this parameter
+      --filefabric-encoding Encoding                        The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --filefabric-permanent-token string                   Permanent Authentication Token
+      --filefabric-root-folder-id string                    ID of the root folder
+      --filefabric-token string                             Session Token
+      --filefabric-token-expiry string                      Token expiry time
+      --filefabric-url string                               URL of the Enterprise File Fabric to connect to
+      --filefabric-version string                           Version read from the file fabric
+      --ftp-ask-password                                    Allow asking for FTP password when needed
+      --ftp-close-timeout Duration                          Maximum time to wait for a response to close (default 1m0s)
+      --ftp-concurrency int                                 Maximum number of FTP simultaneous connections, 0 for unlimited
+      --ftp-disable-epsv                                    Disable using EPSV even if server advertises support
+      --ftp-disable-mlsd                                    Disable using MLSD even if server advertises support
+      --ftp-disable-tls13                                   Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+      --ftp-disable-utf8                                    Disable using UTF-8 even if server advertises support
+      --ftp-encoding Encoding                               The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
+      --ftp-explicit-tls                                    Use Explicit FTPS (FTP over TLS)
+      --ftp-force-list-hidden                               Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
+      --ftp-host string                                     FTP host to connect to
+      --ftp-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --ftp-no-check-certificate                            Do not verify the TLS certificate of the server
+      --ftp-pass string                                     FTP password (obscured)
+      --ftp-port int                                        FTP port number (default 21)
+      --ftp-shut-timeout Duration                           Maximum time to wait for data connection closing status (default 1m0s)
+      --ftp-socks-proxy string                              Socks 5 proxy host
+      --ftp-tls                                             Use Implicit FTPS (FTP over TLS)
+      --ftp-tls-cache-size int                              Size of TLS session cache for all control and data connections (default 32)
+      --ftp-user string                                     FTP username (default &quot;$USER&quot;)
+      --ftp-writing-mdtm                                    Use MDTM to set modification time (VsFtpd quirk)
+      --gcs-anonymous                                       Access public buckets and objects without credentials
+      --gcs-auth-url string                                 Auth server URL
+      --gcs-bucket-acl string                               Access Control List for new buckets
+      --gcs-bucket-policy-only                              Access checks should use bucket-level IAM policies
+      --gcs-client-id string                                OAuth Client Id
+      --gcs-client-secret string                            OAuth Client Secret
+      --gcs-decompress                                      If set this will decompress gzip encoded objects
+      --gcs-directory-markers                               Upload an empty object with a trailing slash when a new directory is created
+      --gcs-encoding Encoding                               The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gcs-endpoint string                                 Endpoint for the service
+      --gcs-env-auth                                        Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --gcs-location string                                 Location for the newly created buckets
+      --gcs-no-check-bucket                                 If set, don&#39;t attempt to check the bucket exists or create it
+      --gcs-object-acl string                               Access Control List for new objects
+      --gcs-project-number string                           Project number
+      --gcs-service-account-file string                     Service Account Credentials JSON file path
+      --gcs-storage-class string                            The storage class to use when storing objects in Google Cloud Storage
+      --gcs-token string                                    OAuth Access Token as a JSON blob
+      --gcs-token-url string                                Token server url
+      --gcs-user-project string                             User project
+      --gphotos-auth-url string                             Auth server URL
+      --gphotos-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --gphotos-batch-mode string                           Upload file batching sync|async|off (default &quot;sync&quot;)
+      --gphotos-batch-size int                              Max number of files in upload batch
+      --gphotos-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --gphotos-client-id string                            OAuth Client Id
+      --gphotos-client-secret string                        OAuth Client Secret
+      --gphotos-encoding Encoding                           The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gphotos-include-archived                            Also view and download archived media
+      --gphotos-read-only                                   Set to make the Google Photos backend read only
+      --gphotos-read-size                                   Set to read the size of media items
+      --gphotos-start-year int                              Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
+      --gphotos-token string                                OAuth Access Token as a JSON blob
+      --gphotos-token-url string                            Token server url
+      --hasher-auto-size SizeSuffix                         Auto-update checksum for files smaller than this size (disabled by default)
+      --hasher-hashes CommaSepList                          Comma separated list of supported checksum types (default md5,sha1)
+      --hasher-max-age Duration                             Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
+      --hasher-remote string                                Remote to cache checksums for (e.g. myRemote:path)
+      --hdfs-data-transfer-protection string                Kerberos data transfer protection: authentication|integrity|privacy
+      --hdfs-encoding Encoding                              The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
+      --hdfs-namenode CommaSepList                          Hadoop name nodes and ports
+      --hdfs-service-principal-name string                  Kerberos service principal name for the namenode
+      --hdfs-username string                                Hadoop user name
+      --hidrive-auth-url string                             Auth server URL
+      --hidrive-chunk-size SizeSuffix                       Chunksize for chunked uploads (default 48Mi)
+      --hidrive-client-id string                            OAuth Client Id
+      --hidrive-client-secret string                        OAuth Client Secret
+      --hidrive-disable-fetching-member-count               Do not fetch number of objects in directories unless it is absolutely necessary
+      --hidrive-encoding Encoding                           The encoding for the backend (default Slash,Dot)
+      --hidrive-endpoint string                             Endpoint for the service (default &quot;https://api.hidrive.strato.com/2.1&quot;)
+      --hidrive-root-prefix string                          The root/parent folder for all paths (default &quot;/&quot;)
+      --hidrive-scope-access string                         Access permissions that rclone should use when requesting access from HiDrive (default &quot;rw&quot;)
+      --hidrive-scope-role string                           User-level that rclone should use when requesting access from HiDrive (default &quot;user&quot;)
+      --hidrive-token string                                OAuth Access Token as a JSON blob
+      --hidrive-token-url string                            Token server url
+      --hidrive-upload-concurrency int                      Concurrency for chunked uploads (default 4)
+      --hidrive-upload-cutoff SizeSuffix                    Cutoff/Threshold for chunked uploads (default 96Mi)
+      --http-headers CommaSepList                           Set HTTP headers for all transactions
+      --http-no-head                                        Don&#39;t use HEAD requests
+      --http-no-slash                                       Set this if the site doesn&#39;t end directories with /
+      --http-url string                                     URL of HTTP host to connect to
+      --imagekit-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket)
+      --imagekit-endpoint string                            You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-only-signed Restrict unsigned image URLs   If you have configured Restrict unsigned image URLs in your dashboard settings, set this to true
+      --imagekit-private-key string                         You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-public-key string                          You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-upload-tags string                         Tags to add to the uploaded files, e.g. &quot;tag1,tag2&quot;
+      --imagekit-versions                                   Include old versions in directory listings
+      --internetarchive-access-key-id string                IAS3 Access Key
+      --internetarchive-disable-checksum                    Don&#39;t ask the server to test against MD5 checksum calculated by rclone (default true)
+      --internetarchive-encoding Encoding                   The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
+      --internetarchive-endpoint string                     IAS3 Endpoint (default &quot;https://s3.us.archive.org&quot;)
+      --internetarchive-front-endpoint string               Host of InternetArchive Frontend (default &quot;https://archive.org&quot;)
+      --internetarchive-secret-access-key string            IAS3 Secret Key (password)
+      --internetarchive-wait-archive Duration               Timeout for waiting the server&#39;s processing tasks (specifically archive and book_op) to finish (default 0s)
+      --jottacloud-auth-url string                          Auth server URL
+      --jottacloud-client-id string                         OAuth Client Id
+      --jottacloud-client-secret string                     OAuth Client Secret
+      --jottacloud-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
+      --jottacloud-hard-delete                              Delete files permanently rather than putting them into the trash
+      --jottacloud-md5-memory-limit SizeSuffix              Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
+      --jottacloud-no-versions                              Avoid server side versioning by deleting files and recreating files instead of overwriting them
+      --jottacloud-token string                             OAuth Access Token as a JSON blob
+      --jottacloud-token-url string                         Token server url
+      --jottacloud-trashed-only                             Only show files that are in the trash
+      --jottacloud-upload-resume-limit SizeSuffix           Files bigger than this can be resumed if the upload fail&#39;s (default 10Mi)
+      --koofr-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --koofr-endpoint string                               The Koofr API endpoint to use
+      --koofr-mountid string                                Mount ID of the mount to use
+      --koofr-password string                               Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
+      --koofr-provider string                               Choose your storage provider
+      --koofr-setmtime                                      Does the backend support setting modification time (default true)
+      --koofr-user string                                   Your user name
+      --linkbox-token string                                Token from https://www.linkbox.to/admin/account
+  -l, --links                                               Translate symlinks to/from regular files with a &#39;.rclonelink&#39; extension
+      --local-case-insensitive                              Force the filesystem to report itself as case insensitive
+      --local-case-sensitive                                Force the filesystem to report itself as case sensitive
+      --local-encoding Encoding                             The encoding for the backend (default Slash,Dot)
+      --local-no-check-updated                              Don&#39;t check to see if the files change during upload
+      --local-no-preallocate                                Disable preallocation of disk space for transferred files
+      --local-no-set-modtime                                Disable setting modtime
+      --local-no-sparse                                     Disable sparse files for multi-thread downloads
+      --local-nounc                                         Disable UNC (long path names) conversion on Windows
+      --local-unicode-normalization                         Apply unicode NFC normalization to paths and filenames
+      --local-zero-size-links                               Assume the Stat size of links is zero (and read them instead) (deprecated)
+      --mailru-auth-url string                              Auth server URL
+      --mailru-check-hash                                   What should copy do if file checksum is mismatched or invalid (default true)
+      --mailru-client-id string                             OAuth Client Id
+      --mailru-client-secret string                         OAuth Client Secret
+      --mailru-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --mailru-pass string                                  Password (obscured)
+      --mailru-speedup-enable                               Skip full upload if there is another file with same data hash (default true)
+      --mailru-speedup-file-patterns string                 Comma separated list of file name patterns eligible for speedup (put by hash) (default &quot;*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf&quot;)
+      --mailru-speedup-max-disk SizeSuffix                  This option allows you to disable speedup (put by hash) for large files (default 3Gi)
+      --mailru-speedup-max-memory SizeSuffix                Files larger than the size given below will always be hashed on disk (default 32Mi)
+      --mailru-token string                                 OAuth Access Token as a JSON blob
+      --mailru-token-url string                             Token server url
+      --mailru-user string                                  User name (usually email)
+      --mega-debug                                          Output more debug from Mega
+      --mega-encoding Encoding                              The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --mega-hard-delete                                    Delete files permanently rather than putting them into the trash
+      --mega-pass string                                    Password (obscured)
+      --mega-use-https                                      Use HTTPS for transfers
+      --mega-user string                                    User name
+      --netstorage-account string                           Set the NetStorage account name
+      --netstorage-host string                              Domain+path of NetStorage host to connect to
+      --netstorage-protocol string                          Select between HTTP or HTTPS protocol (default &quot;https&quot;)
+      --netstorage-secret string                            Set the NetStorage account secret/G2O key for authentication (obscured)
+  -x, --one-file-system                                     Don&#39;t cross filesystem boundaries (unix/macOS only)
+      --onedrive-access-scopes SpaceSepList                 Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
+      --onedrive-auth-url string                            Auth server URL
+      --onedrive-av-override                                Allows download of files the server thinks has a virus
+      --onedrive-chunk-size SizeSuffix                      Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
+      --onedrive-client-id string                           OAuth Client Id
+      --onedrive-client-secret string                       OAuth Client Secret
+      --onedrive-delta                                      If set rclone will use delta listing to implement recursive listings
+      --onedrive-drive-id string                            The ID of the drive to use
+      --onedrive-drive-type string                          The type of the drive (personal | business | documentLibrary)
+      --onedrive-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --onedrive-expose-onenote-files                       Set to make OneNote files show up in directory listings
+      --onedrive-hash-type string                           Specify the hash in use for the backend (default &quot;auto&quot;)
+      --onedrive-link-password string                       Set the password for links created by the link command
+      --onedrive-link-scope string                          Set the scope of the links created by the link command (default &quot;anonymous&quot;)
+      --onedrive-link-type string                           Set the type of the links created by the link command (default &quot;view&quot;)
+      --onedrive-list-chunk int                             Size of listing chunk (default 1000)
+      --onedrive-no-versions                                Remove all versions on modifying operations
+      --onedrive-region string                              Choose national cloud region for OneDrive (default &quot;global&quot;)
+      --onedrive-root-folder-id string                      ID of the root folder
+      --onedrive-server-side-across-configs                 Deprecated: use --server-side-across-configs instead
+      --onedrive-token string                               OAuth Access Token as a JSON blob
+      --onedrive-token-url string                           Token server url
+      --oos-attempt-resume-upload                           If true attempt to resume previously started multipart upload for the object
+      --oos-chunk-size SizeSuffix                           Chunk size to use for uploading (default 5Mi)
+      --oos-compartment string                              Object storage compartment OCID
+      --oos-config-file string                              Path to OCI config file (default &quot;~/.oci/config&quot;)
+      --oos-config-profile string                           Profile name inside the oci config file (default &quot;Default&quot;)
+      --oos-copy-cutoff SizeSuffix                          Cutoff for switching to multipart copy (default 4.656Gi)
+      --oos-copy-timeout Duration                           Timeout for copy (default 1m0s)
+      --oos-disable-checksum                                Don&#39;t store MD5 checksum with object metadata
+      --oos-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --oos-endpoint string                                 Endpoint for Object storage API
+      --oos-leave-parts-on-error                            If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery
+      --oos-max-upload-parts int                            Maximum number of parts in a multipart upload (default 10000)
+      --oos-namespace string                                Object storage namespace
+      --oos-no-check-bucket                                 If set, don&#39;t attempt to check the bucket exists or create it
+      --oos-provider string                                 Choose your Auth Provider (default &quot;env_auth&quot;)
+      --oos-region string                                   Object storage Region
+      --oos-sse-customer-algorithm string                   If using SSE-C, the optional header that specifies &quot;AES256&quot; as the encryption algorithm
+      --oos-sse-customer-key string                         To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+      --oos-sse-customer-key-file string                    To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+      --oos-sse-customer-key-sha256 string                  If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+      --oos-sse-kms-key-id string                           if using your own master key in vault, this header specifies the
+      --oos-storage-tier string                             The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default &quot;Standard&quot;)
+      --oos-upload-concurrency int                          Concurrency for multipart uploads (default 10)
+      --oos-upload-cutoff SizeSuffix                        Cutoff for switching to chunked upload (default 200Mi)
+      --opendrive-chunk-size SizeSuffix                     Files will be uploaded in chunks this size (default 10Mi)
+      --opendrive-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
+      --opendrive-password string                           Password (obscured)
+      --opendrive-username string                           Username
+      --pcloud-auth-url string                              Auth server URL
+      --pcloud-client-id string                             OAuth Client Id
+      --pcloud-client-secret string                         OAuth Client Secret
+      --pcloud-encoding Encoding                            The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --pcloud-hostname string                              Hostname to connect to (default &quot;api.pcloud.com&quot;)
+      --pcloud-password string                              Your pcloud password (obscured)
+      --pcloud-root-folder-id string                        Fill in for rclone to use a non root folder as its starting point (default &quot;d0&quot;)
+      --pcloud-token string                                 OAuth Access Token as a JSON blob
+      --pcloud-token-url string                             Token server url
+      --pcloud-username string                              Your pcloud username
+      --pikpak-auth-url string                              Auth server URL
+      --pikpak-client-id string                             OAuth Client Id
+      --pikpak-client-secret string                         OAuth Client Secret
+      --pikpak-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --pikpak-hash-memory-limit SizeSuffix                 Files bigger than this will be cached on disk to calculate hash if required (default 10Mi)
+      --pikpak-pass string                                  Pikpak password (obscured)
+      --pikpak-root-folder-id string                        ID of the root folder
+      --pikpak-token string                                 OAuth Access Token as a JSON blob
+      --pikpak-token-url string                             Token server url
+      --pikpak-trashed-only                                 Only show files that are in the trash
+      --pikpak-use-trash                                    Send files to the trash instead of deleting permanently (default true)
+      --pikpak-user string                                  Pikpak username
+      --premiumizeme-auth-url string                        Auth server URL
+      --premiumizeme-client-id string                       OAuth Client Id
+      --premiumizeme-client-secret string                   OAuth Client Secret
+      --premiumizeme-encoding Encoding                      The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --premiumizeme-token string                           OAuth Access Token as a JSON blob
+      --premiumizeme-token-url string                       Token server url
+      --protondrive-2fa string                              The 2FA code
+      --protondrive-app-version string                      The app version string (default &quot;macos-drive@1.0.0-alpha.1+rclone&quot;)
+      --protondrive-enable-caching                          Caches the files and folders metadata to reduce API calls (default true)
+      --protondrive-encoding Encoding                       The encoding for the backend (default Slash,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --protondrive-mailbox-password string                 The mailbox password of your two-password proton account (obscured)
+      --protondrive-original-file-size                      Return the file size before encryption (default true)
+      --protondrive-password string                         The password of your proton account (obscured)
+      --protondrive-replace-existing-draft                  Create a new revision when filename conflict is detected
+      --protondrive-username string                         The username of your proton account
+      --putio-auth-url string                               Auth server URL
+      --putio-client-id string                              OAuth Client Id
+      --putio-client-secret string                          OAuth Client Secret
+      --putio-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --putio-token string                                  OAuth Access Token as a JSON blob
+      --putio-token-url string                              Token server url
+      --qingstor-access-key-id string                       QingStor Access Key ID
+      --qingstor-chunk-size SizeSuffix                      Chunk size to use for uploading (default 4Mi)
+      --qingstor-connection-retries int                     Number of connection retries (default 3)
+      --qingstor-encoding Encoding                          The encoding for the backend (default Slash,Ctl,InvalidUtf8)
+      --qingstor-endpoint string                            Enter an endpoint URL to connection QingStor API
+      --qingstor-env-auth                                   Get QingStor credentials from runtime
+      --qingstor-secret-access-key string                   QingStor Secret Access Key (password)
+      --qingstor-upload-concurrency int                     Concurrency for multipart uploads (default 1)
+      --qingstor-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
+      --qingstor-zone string                                Zone to connect to
+      --quatrix-api-key string                              API key for accessing Quatrix account
+      --quatrix-effective-upload-time string                Wanted upload time for one chunk (default &quot;4s&quot;)
+      --quatrix-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --quatrix-hard-delete                                 Delete files permanently rather than putting them into the trash
+      --quatrix-host string                                 Host name of Quatrix account
+      --quatrix-maximal-summary-chunk-size SizeSuffix       The maximal summary for all chunks. It should not be less than &#39;transfers&#39;*&#39;minimal_chunk_size&#39; (default 95.367Mi)
+      --quatrix-minimal-chunk-size SizeSuffix               The minimal size for one chunk (default 9.537Mi)
+      --s3-access-key-id string                             AWS Access Key ID
+      --s3-acl string                                       Canned ACL used when creating buckets and storing or copying objects
+      --s3-bucket-acl string                                Canned ACL used when creating buckets
+      --s3-chunk-size SizeSuffix                            Chunk size to use for uploading (default 5Mi)
+      --s3-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4.656Gi)
+      --s3-decompress                                       If set this will decompress gzip encoded objects
+      --s3-directory-markers                                Upload an empty object with a trailing slash when a new directory is created
+      --s3-disable-checksum                                 Don&#39;t store MD5 checksum with object metadata
+      --s3-disable-http2                                    Disable usage of http2 for S3 backends
+      --s3-download-url string                              Custom endpoint for downloads
+      --s3-encoding Encoding                                The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --s3-endpoint string                                  Endpoint for S3 API
+      --s3-env-auth                                         Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
+      --s3-force-path-style                                 If true use path style access if false use virtual hosted style (default true)
+      --s3-leave-parts-on-error                             If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
+      --s3-list-chunk int                                   Size of listing chunk (response list for each ListObject S3 request) (default 1000)
+      --s3-list-url-encode Tristate                         Whether to url encode listings: true/false/unset (default unset)
+      --s3-list-version int                                 Version of ListObjects to use: 1,2 or 0 for auto
+      --s3-location-constraint string                       Location constraint - must be set to match the Region
+      --s3-max-upload-parts int                             Maximum number of parts in a multipart upload (default 10000)
+      --s3-might-gzip Tristate                              Set this if the backend might gzip objects (default unset)
+      --s3-no-check-bucket                                  If set, don&#39;t attempt to check the bucket exists or create it
+      --s3-no-head                                          If set, don&#39;t HEAD uploaded objects to check integrity
+      --s3-no-head-object                                   If set, do not do HEAD before GET when getting objects
+      --s3-no-system-metadata                               Suppress setting and reading of system metadata
+      --s3-profile string                                   Profile to use in the shared credentials file
+      --s3-provider string                                  Choose your S3 provider
+      --s3-region string                                    Region to connect to
+      --s3-requester-pays                                   Enables requester pays option when interacting with S3 bucket
+      --s3-secret-access-key string                         AWS Secret Access Key (password)
+      --s3-server-side-encryption string                    The server-side encryption algorithm used when storing this object in S3
+      --s3-session-token string                             An AWS session token
+      --s3-shared-credentials-file string                   Path to the shared credentials file
+      --s3-sse-customer-algorithm string                    If using SSE-C, the server-side encryption algorithm used when storing this object in S3
+      --s3-sse-customer-key string                          To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
+      --s3-sse-customer-key-base64 string                   If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
+      --s3-sse-customer-key-md5 string                      If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
+      --s3-sse-kms-key-id string                            If using KMS ID you must provide the ARN of Key
+      --s3-storage-class string                             The storage class to use when storing new objects in S3
+      --s3-sts-endpoint string                              Endpoint for STS
+      --s3-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --s3-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --s3-use-accelerate-endpoint                          If true use the AWS S3 accelerated endpoint
+      --s3-use-accept-encoding-gzip Accept-Encoding: gzip   Whether to send Accept-Encoding: gzip header (default unset)
+      --s3-use-already-exists Tristate                      Set if rclone should report BucketAlreadyExists errors on bucket creation (default unset)
+      --s3-use-multipart-etag Tristate                      Whether to use ETag in multipart uploads for verification (default unset)
+      --s3-use-multipart-uploads Tristate                   Set if rclone should use multipart uploads (default unset)
+      --s3-use-presigned-request                            Whether to use a presigned request or PutObject for single part uploads
+      --s3-v2-auth                                          If true use v2 authentication
+      --s3-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --s3-versions                                         Include old versions in directory listings
+      --seafile-2fa                                         Two-factor authentication (&#39;true&#39; if the account has 2FA enabled)
+      --seafile-create-library                              Should rclone create a library if it doesn&#39;t exist
+      --seafile-encoding Encoding                           The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
+      --seafile-library string                              Name of the library
+      --seafile-library-key string                          Library password (for encrypted libraries only) (obscured)
+      --seafile-pass string                                 Password (obscured)
+      --seafile-url string                                  URL of seafile host to connect to
+      --seafile-user string                                 User name (usually email address)
+      --sftp-ask-password                                   Allow asking for SFTP password when needed
+      --sftp-chunk-size SizeSuffix                          Upload and download chunk size (default 32Ki)
+      --sftp-ciphers SpaceSepList                           Space separated list of ciphers to be used for session encryption, ordered by preference
+      --sftp-concurrency int                                The maximum number of outstanding requests for one file (default 64)
+      --sftp-copy-is-hardlink                               Set to enable server side copies using hardlinks
+      --sftp-disable-concurrent-reads                       If set don&#39;t use concurrent reads
+      --sftp-disable-concurrent-writes                      If set don&#39;t use concurrent writes
+      --sftp-disable-hashcheck                              Disable the execution of SSH commands to determine if remote file hashing is available
+      --sftp-host string                                    SSH host to connect to
+      --sftp-host-key-algorithms SpaceSepList               Space separated list of host key algorithms, ordered by preference
+      --sftp-idle-timeout Duration                          Max time before closing idle connections (default 1m0s)
+      --sftp-key-exchange SpaceSepList                      Space separated list of key exchange algorithms, ordered by preference
+      --sftp-key-file string                                Path to PEM-encoded private key file
+      --sftp-key-file-pass string                           The passphrase to decrypt the PEM-encoded private key file (obscured)
+      --sftp-key-pem string                                 Raw PEM-encoded private key
+      --sftp-key-use-agent                                  When set forces the usage of the ssh-agent
+      --sftp-known-hosts-file string                        Optional path to known_hosts file
+      --sftp-macs SpaceSepList                              Space separated list of MACs (message authentication code) algorithms, ordered by preference
+      --sftp-md5sum-command string                          The command used to read md5 hashes
+      --sftp-pass string                                    SSH password, leave blank to use ssh-agent (obscured)
+      --sftp-path-override string                           Override path used by SSH shell commands
+      --sftp-port int                                       SSH port number (default 22)
+      --sftp-pubkey-file string                             Optional path to public key file
+      --sftp-server-command string                          Specifies the path or command to run a sftp server on the remote host
+      --sftp-set-env SpaceSepList                           Environment variables to pass to sftp and commands
+      --sftp-set-modtime                                    Set the modified time on the remote if set (default true)
+      --sftp-sha1sum-command string                         The command used to read sha1 hashes
+      --sftp-shell-type string                              The type of SSH shell on remote server, if any
+      --sftp-skip-links                                     Set to skip any symlinks and any other non regular files
+      --sftp-socks-proxy string                             Socks 5 proxy host
+      --sftp-ssh SpaceSepList                               Path and arguments to external ssh binary
+      --sftp-subsystem string                               Specifies the SSH2 subsystem on the remote host (default &quot;sftp&quot;)
+      --sftp-use-fstat                                      If set use fstat instead of stat
+      --sftp-use-insecure-cipher                            Enable the use of insecure ciphers and key exchange methods
+      --sftp-user string                                    SSH username (default &quot;$USER&quot;)
+      --sharefile-auth-url string                           Auth server URL
+      --sharefile-chunk-size SizeSuffix                     Upload chunk size (default 64Mi)
+      --sharefile-client-id string                          OAuth Client Id
+      --sharefile-client-secret string                      OAuth Client Secret
+      --sharefile-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --sharefile-endpoint string                           Endpoint for API calls
+      --sharefile-root-folder-id string                     ID of the root folder
+      --sharefile-token string                              OAuth Access Token as a JSON blob
+      --sharefile-token-url string                          Token server url
+      --sharefile-upload-cutoff SizeSuffix                  Cutoff for switching to multipart upload (default 128Mi)
+      --sia-api-password string                             Sia Daemon API Password (obscured)
+      --sia-api-url string                                  Sia daemon API URL, like http://sia.daemon.host:9980 (default &quot;http://127.0.0.1:9980&quot;)
+      --sia-encoding Encoding                               The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
+      --sia-user-agent string                               Siad User Agent (default &quot;Sia-Agent&quot;)
+      --skip-links                                          Don&#39;t warn about skipped symlinks
+      --smb-case-insensitive                                Whether the server is configured to be case-insensitive (default true)
+      --smb-domain string                                   Domain name for NTLM authentication (default &quot;WORKGROUP&quot;)
+      --smb-encoding Encoding                               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --smb-hide-special-share                              Hide special shares (e.g. print$) which users aren&#39;t supposed to access (default true)
+      --smb-host string                                     SMB server hostname to connect to
+      --smb-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --smb-pass string                                     SMB password (obscured)
+      --smb-port int                                        SMB port number (default 445)
+      --smb-spn string                                      Service principal name
+      --smb-user string                                     SMB username (default &quot;$USER&quot;)
+      --storj-access-grant string                           Access grant
+      --storj-api-key string                                API key
+      --storj-passphrase string                             Encryption passphrase
+      --storj-provider string                               Choose an authentication method (default &quot;existing&quot;)
+      --storj-satellite-address string                      Satellite address (default &quot;us1.storj.io&quot;)
+      --sugarsync-access-key-id string                      Sugarsync Access Key ID
+      --sugarsync-app-id string                             Sugarsync App ID
+      --sugarsync-authorization string                      Sugarsync authorization
+      --sugarsync-authorization-expiry string               Sugarsync authorization expiry
+      --sugarsync-deleted-id string                         Sugarsync deleted folder id
+      --sugarsync-encoding Encoding                         The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
+      --sugarsync-hard-delete                               Permanently delete files if true
+      --sugarsync-private-access-key string                 Sugarsync Private Access Key
+      --sugarsync-refresh-token string                      Sugarsync refresh token
+      --sugarsync-root-id string                            Sugarsync root id
+      --sugarsync-user string                               Sugarsync user
+      --swift-application-credential-id string              Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
+      --swift-application-credential-name string            Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
+      --swift-application-credential-secret string          Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
+      --swift-auth string                                   Authentication URL for server (OS_AUTH_URL)
+      --swift-auth-token string                             Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
+      --swift-auth-version int                              AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
+      --swift-chunk-size SizeSuffix                         Above this size files will be chunked into a _segments container (default 5Gi)
+      --swift-domain string                                 User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+      --swift-encoding Encoding                             The encoding for the backend (default Slash,InvalidUtf8)
+      --swift-endpoint-type string                          Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default &quot;public&quot;)
+      --swift-env-auth                                      Get swift credentials from environment variables in standard OpenStack form
+      --swift-key string                                    API key or password (OS_PASSWORD)
+      --swift-leave-parts-on-error                          If true avoid calling abort upload on a failure
+      --swift-no-chunk                                      Don&#39;t chunk files during streaming upload
+      --swift-no-large-objects                              Disable support for static and dynamic large objects
+      --swift-region string                                 Region name - optional (OS_REGION_NAME)
+      --swift-storage-policy string                         The storage policy to use when creating a new container
+      --swift-storage-url string                            Storage URL - optional (OS_STORAGE_URL)
+      --swift-tenant string                                 Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
+      --swift-tenant-domain string                          Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
+      --swift-tenant-id string                              Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
+      --swift-user string                                   User name to log in (OS_USERNAME)
+      --swift-user-id string                                User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
+      --union-action-policy string                          Policy to choose upstream on ACTION category (default &quot;epall&quot;)
+      --union-cache-time int                                Cache time of usage and free space (in seconds) (default 120)
+      --union-create-policy string                          Policy to choose upstream on CREATE category (default &quot;epmfs&quot;)
+      --union-min-free-space SizeSuffix                     Minimum viable free space for lfs/eplfs policies (default 1Gi)
+      --union-search-policy string                          Policy to choose upstream on SEARCH category (default &quot;ff&quot;)
+      --union-upstreams string                              List of space separated upstreams
+      --uptobox-access-token string                         Your access token
+      --uptobox-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
+      --uptobox-private                                     Set to make uploaded files private
+      --webdav-bearer-token string                          Bearer token instead of user/pass (e.g. a Macaroon)
+      --webdav-bearer-token-command string                  Command to run to get a bearer token
+      --webdav-encoding string                              The encoding for the backend
+      --webdav-headers CommaSepList                         Set HTTP headers for all transactions
+      --webdav-nextcloud-chunk-size SizeSuffix              Nextcloud upload chunk size (default 10Mi)
+      --webdav-pacer-min-sleep Duration                     Minimum time to sleep between API calls (default 10ms)
+      --webdav-pass string                                  Password (obscured)
+      --webdav-url string                                   URL of http host to connect to
+      --webdav-user string                                  User name
+      --webdav-vendor string                                Name of the WebDAV site/service/software you are using
+      --yandex-auth-url string                              Auth server URL
+      --yandex-client-id string                             OAuth Client Id
+      --yandex-client-secret string                         OAuth Client Secret
+      --yandex-encoding Encoding                            The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --yandex-hard-delete                                  Delete files permanently rather than putting them into the trash
+      --yandex-token string                                 OAuth Access Token as a JSON blob
+      --yandex-token-url string                             Token server url
+      --zoho-auth-url string                                Auth server URL
+      --zoho-client-id string                               OAuth Client Id
+      --zoho-client-secret string                           OAuth Client Secret
+      --zoho-encoding Encoding                              The encoding for the backend (default Del,Ctl,InvalidUtf8)
+      --zoho-region string                                  Zoho region to connect to
+      --zoho-token string                                   OAuth Access Token as a JSON blob
+      --zoho-token-url string                               Token server url</code></pre>
 <h1 id="docker-volume-plugin">Docker Volume Plugin</h1>
 <h2 id="introduction">Introduction</h2>
 <p>Docker 1.9 has added support for creating <a href="https://docs.docker.com/storage/volumes/">named volumes</a> via <a href="https://docs.docker.com/engine/reference/commandline/volume_create/">command-line interface</a> and mounting them in containers as a way to share data between them. Since Docker 1.10 you can create named volumes with <a href="https://docs.docker.com/compose/">Docker Compose</a> by descriptions in <a href="https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference">docker-compose.yml</a> files for use by container groups on a single host. As of Docker 1.12 volumes are supported by <a href="https://docs.docker.com/engine/swarm/key-concepts/">Docker Swarm</a> included with Docker Engine and created from descriptions in <a href="https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference">swarm compose v3</a> files for use with <em>swarm stacks</em> across multiple cluster nodes.</p>
@@ -9449,10 +11809,16 @@ <h2 id="command-line-syntax">Command line syntax</h2>
                                 If exceeded, the bisync run will abort. (default: 50%)
       --force                   Bypass `--max-delete` safety check and run the sync.
                                 Consider using with `--verbose`
+      --create-empty-src-dirs   Sync creation and deletion of empty directories. 
+                                  (Not compatible with --remove-empty-dirs)
       --remove-empty-dirs       Remove empty directories at the final cleanup step.
   -1, --resync                  Performs the resync run.
                                 Warning: Path1 files may overwrite Path2 versions.
                                 Consider using `--verbose` or `--dry-run` first.
+      --ignore-listing-checksum Do not use checksums for listings 
+                                  (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --resilient               Allow future runs to retry after certain less-serious errors, 
+                                  instead of requiring --resync. Use at your own risk!
       --localtime               Use local time in listings (default: UTC)
       --no-cleanup              Retain working files (useful for troubleshooting and testing).
       --workdir PATH            Use custom working directory (useful for testing).
@@ -9464,31 +11830,54 @@ <h2 id="command-line-syntax">Command line syntax</h2>
 <p>Arbitrary rclone flags may be specified on the <a href="https://rclone.org/commands/rclone_bisync/">bisync command line</a>, for example <code>rclone bisync ./testdir/path1/ gdrive:testdir/path2/ --drive-skip-gdocs -v -v --timeout 10s</code> Note that interactions of various rclone flags with bisync process flow has not been fully tested yet.</p>
 <h3 id="paths">Paths</h3>
 <p>Path1 and Path2 arguments may be references to any mix of local directory paths (absolute or relative), UNC paths (<code>//server/share/path</code>), Windows drive paths (with a drive letter and <code>:</code>) or configured <a href="https://rclone.org/docs/#syntax-of-remote-paths">remotes</a> with optional subdirectory paths. Cloud references are distinguished by having a <code>:</code> in the argument (see <a href="#windows">Windows support</a> below).</p>
-<p>Path1 and Path2 are treated equally, in that neither has priority for file changes, and access efficiency does not change whether a remote is on Path1 or Path2.</p>
+<p>Path1 and Path2 are treated equally, in that neither has priority for file changes (except during <a href="#resync"><code>--resync</code></a>), and access efficiency does not change whether a remote is on Path1 or Path2.</p>
 <p>The listings in bisync working directory (default: <code>~/.cache/rclone/bisync</code>) are named based on the Path1 and Path2 arguments so that separate syncs to individual directories within the tree may be set up, e.g.: <code>path_to_local_tree..dropbox_subdir.lst</code>.</p>
-<p>Any empty directories after the sync on both the Path1 and Path2 filesystems are not deleted by default. If the <code>--remove-empty-dirs</code> flag is specified, then both paths will have any empty directories purged as the last step in the process.</p>
+<p>Any empty directories after the sync on both the Path1 and Path2 filesystems are not deleted by default, unless <code>--create-empty-src-dirs</code> is specified. If the <code>--remove-empty-dirs</code> flag is specified, then both paths will have ALL empty directories purged as the last step in the process.</p>
 <h2 id="command-line-flags">Command-line flags</h2>
 <h4 id="resync">--resync</h4>
-<p>This will effectively make both Path1 and Path2 filesystems contain a matching superset of all files. Path2 files that do not exist in Path1 will be copied to Path1, and the process will then sync the Path1 tree to Path2.</p>
-<p>The base directories on the both Path1 and Path2 filesystems must exist or bisync will fail. This is required for safety - that bisync can verify that both paths are valid.</p>
-<p>When using <code>--resync</code>, a newer version of a file either on Path1 or Path2 filesystem, will overwrite the file on the other path (only the last version will be kept). Carefully evaluate deltas using <a href="https://rclone.org/flags/#non-backend-flags">--dry-run</a>.</p>
+<p>This will effectively make both Path1 and Path2 filesystems contain a matching superset of all files. Path2 files that do not exist in Path1 will be copied to Path1, and the process will then copy the Path1 tree to Path2.</p>
+<p>The <code>--resync</code> sequence is roughly equivalent to:</p>
+<pre><code>rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2</code></pre>
+<p>Or, if using <code>--create-empty-src-dirs</code>:</p>
+<pre><code>rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2 --create-empty-src-dirs
+rclone copy Path2 Path1 --create-empty-src-dirs</code></pre>
+<p>The base directories on both Path1 and Path2 filesystems must exist or bisync will fail. This is required for safety - that bisync can verify that both paths are valid.</p>
+<p>When using <code>--resync</code>, a newer version of a file on the Path2 filesystem will be overwritten by the Path1 filesystem version. (Note that this is <a href="https://github.com/rclone/rclone/issues/5681#issuecomment-938761815">NOT entirely symmetrical</a>.) Carefully evaluate deltas using <a href="https://rclone.org/flags/#non-backend-flags">--dry-run</a>.</p>
 <p>For a resync run, one of the paths may be empty (no files in the path tree). The resync run should result in files on both paths, else a normal non-resync run will fail.</p>
 <p>For a non-resync run, either path being empty (no files in the tree) fails with <code>Empty current PathN listing. Cannot sync to an empty directory: X.pathN.lst</code> This is a safety check that an unexpected empty path does not result in deleting <strong>everything</strong> in the other path.</p>
 <h4 id="check-access">--check-access</h4>
-<p>Access check files are an additional safety measure against data loss. bisync will ensure it can find matching <code>RCLONE_TEST</code> files in the same places in the Path1 and Path2 filesystems. <code>RCLONE_TEST</code> files are not generated automatically. For <code>--check-access</code>to succeed, you must first either: <strong>A)</strong> Place one or more <code>RCLONE_TEST</code> files in the Path1 or Path2 filesystem and then do either a run without <code>--check-access</code> or a <a href="#resync">--resync</a> to set matching files on both filesystems, or <strong>B)</strong> Set <code>--check-filename</code> to a filename already in use in various locations throughout your sync'd fileset. Time stamps and file contents are not important, just the names and locations. If you have symbolic links in your sync tree it is recommended to place <code>RCLONE_TEST</code> files in the linked-to directory tree to protect against bisync assuming a bunch of deleted files if the linked-to tree should not be accessible. See also the <a href="--check-filename">--check-filename</a> flag.</p>
+<p>Access check files are an additional safety measure against data loss. bisync will ensure it can find matching <code>RCLONE_TEST</code> files in the same places in the Path1 and Path2 filesystems. <code>RCLONE_TEST</code> files are not generated automatically. For <code>--check-access</code> to succeed, you must first either: <strong>A)</strong> Place one or more <code>RCLONE_TEST</code> files in both systems, or <strong>B)</strong> Set <code>--check-filename</code> to a filename already in use in various locations throughout your sync'd fileset. Recommended methods for <strong>A)</strong> include: * <code>rclone touch Path1/RCLONE_TEST</code> (create a new file) * <code>rclone copyto Path1/RCLONE_TEST Path2/RCLONE_TEST</code> (copy an existing file) * <code>rclone copy Path1/RCLONE_TEST Path2/RCLONE_TEST  --include "RCLONE_TEST"</code> (copy multiple files at once, recursively) * create the files manually (outside of rclone) * run <code>bisync</code> once <em>without</em> <code>--check-access</code> to set matching files on both filesystems will also work, but is not preferred, due to potential for user error (you are temporarily disabling the safety feature).</p>
+<p>Note that <code>--check-access</code> is still enforced on <code>--resync</code>, so <code>bisync --resync --check-access</code> will not work as a method of initially setting the files (this is to ensure that bisync can't <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should">inadvertently circumvent its own safety switch</a>.)</p>
+<p>Time stamps and file contents for <code>RCLONE_TEST</code> files are not important, just the names and locations. If you have symbolic links in your sync tree it is recommended to place <code>RCLONE_TEST</code> files in the linked-to directory tree to protect against bisync assuming a bunch of deleted files if the linked-to tree should not be accessible. See also the <a href="--check-filename">--check-filename</a> flag.</p>
 <h4 id="check-filename">--check-filename</h4>
 <p>Name of the file(s) used in access health validation. The default <code>--check-filename</code> is <code>RCLONE_TEST</code>. One or more files having this filename must exist, synchronized between your source and destination filesets, in order for <code>--check-access</code> to succeed. See <a href="#check-access">--check-access</a> for additional details.</p>
 <h4 id="max-delete">--max-delete</h4>
-<p>As a safety check, if greater than the <code>--max-delete</code> percent of files were deleted on either the Path1 or Path2 filesystem, then bisync will abort with a warning message, without making any changes. The default <code>--max-delete</code> is <code>50%</code>. One way to trigger this limit is to rename a directory that contains more than half of your files. This will appear to bisync as a bunch of deleted files and a bunch of new files. This safety check is intended to block bisync from deleting all of the files on both filesystems due to a temporary network access issue, or if the user had inadvertently deleted the files on one side or the other. To force the sync either set a different delete percentage limit, e.g. <code>--max-delete 75</code> (allows up to 75% deletion), or use <code>--force</code> to bypass the check.</p>
+<p>As a safety check, if greater than the <code>--max-delete</code> percent of files were deleted on either the Path1 or Path2 filesystem, then bisync will abort with a warning message, without making any changes. The default <code>--max-delete</code> is <code>50%</code>. One way to trigger this limit is to rename a directory that contains more than half of your files. This will appear to bisync as a bunch of deleted files and a bunch of new files. This safety check is intended to block bisync from deleting all of the files on both filesystems due to a temporary network access issue, or if the user had inadvertently deleted the files on one side or the other. To force the sync, either set a different delete percentage limit, e.g. <code>--max-delete 75</code> (allows up to 75% deletion), or use <code>--force</code> to bypass the check.</p>
 <p>Also see the <a href="#all-files-changed">all files changed</a> check.</p>
 <h4 id="filters-file">--filters-file</h4>
 <p>By using rclone filter features you can exclude file types or directory sub-trees from the sync. See the <a href="#filtering">bisync filters</a> section and generic <a href="https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file">--filter-from</a> documentation. An <a href="#example-filters-file">example filters file</a> contains filters for non-allowed files for synching with Dropbox.</p>
-<p>If you make changes to your filters file then bisync requires a run with <code>--resync</code>. This is a safety feature, which avoids existing files on the Path1 and/or Path2 side from seeming to disappear from view (since they are excluded in the new listings), which would fool bisync into seeing them as deleted (as compared to the prior run listings), and then bisync would proceed to delete them for real.</p>
-<p>To block this from happening bisync calculates an MD5 hash of the filters file and stores the hash in a <code>.md5</code> file in the same place as your filters file. On the next runs with <code>--filters-file</code> set, bisync re-calculates the MD5 hash of the current filters file and compares it to the hash stored in <code>.md5</code> file. If they don't match the run aborts with a critical error and thus forces you to do a <code>--resync</code>, likely avoiding a disaster.</p>
+<p>If you make changes to your filters file then bisync requires a run with <code>--resync</code>. This is a safety feature, which prevents existing files on the Path1 and/or Path2 side from seeming to disappear from view (since they are excluded in the new listings), which would fool bisync into seeing them as deleted (as compared to the prior run listings), and then bisync would proceed to delete them for real.</p>
+<p>To block this from happening, bisync calculates an MD5 hash of the filters file and stores the hash in a <code>.md5</code> file in the same place as your filters file. On the next run with <code>--filters-file</code> set, bisync re-calculates the MD5 hash of the current filters file and compares it to the hash stored in the <code>.md5</code> file. If they don't match, the run aborts with a critical error and thus forces you to do a <code>--resync</code>, likely avoiding a disaster.</p>
 <h4 id="check-sync">--check-sync</h4>
 <p>Enabled by default, the check-sync function checks that all of the same files exist in both the Path1 and Path2 history listings. This <em>check-sync</em> integrity check is performed at the end of the sync run by default. Any untrapped failing copy/deletes between the two paths might result in differences between the two listings and in the untracked file content differences between the two paths. A resync run would correct the error.</p>
 <p>Note that the default-enabled integrity check locally executes a load of both the final Path1 and Path2 listings, and thus adds to the run time of a sync. Using <code>--check-sync=false</code> will disable it and may significantly reduce the sync run times for very large numbers of files.</p>
 <p>The check may be run manually with <code>--check-sync=only</code>. It runs only the integrity check and terminates without actually synching.</p>
+<p>See also: <a href="#concurrent-modifications">Concurrent modifications</a></p>
+<h4 id="ignore-listing-checksum">--ignore-listing-checksum</h4>
+<p>By default, bisync will retrieve (or generate) checksums (for backends that support them) when creating the listings for both paths, and store the checksums in the listing files. <code>--ignore-listing-checksum</code> will disable this behavior, which may speed things up considerably, especially on backends (such as <a href="https://rclone.org/local/">local</a>) where hashes must be computed on the fly instead of retrieved. Please note the following:</p>
+<ul>
+<li>While checksums are (by default) generated and stored in the listing files, they are NOT currently used for determining diffs (deltas). It is anticipated that full checksum support will be added in a future version.</li>
+<li><code>--ignore-listing-checksum</code> is NOT the same as <a href="https://rclone.org/docs/#ignore-checksum"><code>--ignore-checksum</code></a>, and you may wish to use one or the other, or both. In a nutshell: <code>--ignore-listing-checksum</code> controls whether checksums are considered when scanning for diffs, while <code>--ignore-checksum</code> controls whether checksums are considered during the copy/sync operations that follow, if there ARE diffs.</li>
+<li>Unless <code>--ignore-listing-checksum</code> is passed, bisync currently computes hashes for one path <em>even when there's no common hash with the other path</em> (for example, a <a href="https://rclone.org/crypt/#modification-times-and-hashes">crypt</a> remote.)</li>
+<li>If both paths support checksums and have a common hash, AND <code>--ignore-listing-checksum</code> was not specified when creating the listings, <code>--check-sync=only</code> can be used to compare Path1 vs. Path2 checksums (as of the time the previous listings were created.) However, <code>--check-sync=only</code> will NOT include checksums if the previous listings were generated on a run using <code>--ignore-listing-checksum</code>. For a more robust integrity check of the current state, consider using <a href="commands/rclone_check/"><code>check</code></a> (or <a href="https://rclone.org/commands/rclone_cryptcheck/"><code>cryptcheck</code></a>, if at least one path is a <code>crypt</code> remote.)</li>
+</ul>
+<h4 id="resilient">--resilient</h4>
+<p><strong><em>Caution: this is an experimental feature. Use at your own risk!</em></strong></p>
+<p>By default, most errors or interruptions will cause bisync to abort and require <a href="#resync"><code>--resync</code></a> to recover. This is a safety feature, to prevent bisync from running again until a user checks things out. However, in some cases, bisync can go too far and enforce a lockout when one isn't actually necessary, like for certain less-serious errors that might resolve themselves on the next run. When <code>--resilient</code> is specified, bisync tries its best to recover and self-correct, and only requires <code>--resync</code> as a last resort when a human's involvement is absolutely necessary. The intended use case is for running bisync as a background process (such as via scheduled <a href="#cron">cron</a>).</p>
+<p>When using <code>--resilient</code> mode, bisync will still report the error and abort, however it will not lock out future runs -- allowing the possibility of retrying at the next normally scheduled time, without requiring a <code>--resync</code> first. Examples of such retryable errors include access test failures, missing listing files, and filter change detections. These safety features will still prevent the <em>current</em> run from proceeding -- the difference is that if conditions have improved by the time of the <em>next</em> run, that next run will be allowed to proceed. Certain more serious errors will still enforce a <code>--resync</code> lockout, even in <code>--resilient</code> mode, to prevent data loss.</p>
+<p>Behavior of <code>--resilient</code> may change in a future version.</p>
 <h2 id="operation">Operation</h2>
 <h3 id="runtime-flow-details">Runtime flow details</h3>
 <p>bisync retains the listings of the <code>Path1</code> and <code>Path2</code> filesystems from the prior run. On each successive run it will:</p>
@@ -9589,30 +11978,36 @@ <h3 id="unusual-sync-checks">Unusual sync checks</h3>
 </thead>
 <tbody>
 <tr class="odd">
+<td>Path1 new/changed AND Path2 new/changed AND Path1 == Path2</td>
+<td>File is new/changed on Path1 AND new/changed on Path2 AND Path1 version is currently identical to Path2</td>
+<td>No change</td>
+<td>None</td>
+</tr>
+<tr class="even">
 <td>Path1 new AND Path2 new</td>
-<td>File is new on Path1 AND new on Path2</td>
+<td>File is new on Path1 AND new on Path2 (and Path1 version is NOT identical to Path2)</td>
 <td>Files renamed to _Path1 and _Path2</td>
 <td><code>rclone copy</code> _Path2 file to Path1, <code>rclone copy</code> _Path1 file to Path2</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>Path2 newer AND Path1 changed</td>
-<td>File is newer on Path2 AND also changed (newer/older/size) on Path1</td>
+<td>File is newer on Path2 AND also changed (newer/older/size) on Path1 (and Path1 version is NOT identical to Path2)</td>
 <td>Files renamed to _Path1 and _Path2</td>
 <td><code>rclone copy</code> _Path2 file to Path1, <code>rclone copy</code> _Path1 file to Path2</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>Path2 newer AND Path1 deleted</td>
 <td>File is newer on Path2 AND also deleted on Path1</td>
 <td>Path2 version survives</td>
 <td><code>rclone copy</code> Path2 to Path1</td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>Path2 deleted AND Path1 changed</td>
 <td>File is deleted on Path2 AND changed (newer/older/size) on Path1</td>
 <td>Path1 version survives</td>
 <td><code>rclone copy</code> Path1 to Path2</td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>Path1 deleted AND Path2 changed</td>
 <td>File is deleted on Path1 AND changed (newer/older/size) on Path2</td>
 <td>Path2 version survives</td>
@@ -9620,9 +12015,10 @@ <h3 id="unusual-sync-checks">Unusual sync checks</h3>
 </tr>
 </tbody>
 </table>
+<p>As of <code>rclone v1.64</code>, bisync is now better at detecting <em>false positive</em> sync conflicts, which would previously have resulted in unnecessary renames and duplicates. Now, when bisync comes to a file that it wants to rename (because it is new/changed on both sides), it first checks whether the Path1 and Path2 versions are currently <em>identical</em> (using the same underlying function as <a href="commands/rclone_check/"><code>check</code></a>.) If bisync concludes that the files are identical, it will skip them and move on. Otherwise, it will create renamed <code>..Path1</code> and <code>..Path2</code> duplicates, as before. This behavior also <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=Renamed%20directories">improves the experience of renaming directories</a>, as a <code>--resync</code> is no longer required, so long as the same change has been made on both sides.</p>
 <h3 id="all-files-changed">All files changed check</h3>
-<p>if <em>all</em> prior existing files on either of the filesystems have changed (e.g. timestamps have changed due to changing the system's timezone) then bisync will abort without making any changes. Any new files are not considered for this check. You could use <code>--force</code> to force the sync (whichever side has the changed timestamp files wins). Alternately, a <code>--resync</code> may be used (Path1 versions will be pushed to Path2). Consider the situation carefully and perhaps use <code>--dry-run</code> before you commit to the changes.</p>
-<h3 id="modification-time">Modification time</h3>
+<p>If <em>all</em> prior existing files on either of the filesystems have changed (e.g. timestamps have changed due to changing the system's timezone) then bisync will abort without making any changes. Any new files are not considered for this check. You could use <code>--force</code> to force the sync (whichever side has the changed timestamp files wins). Alternately, a <code>--resync</code> may be used (Path1 versions will be pushed to Path2). Consider the situation carefully and perhaps use <code>--dry-run</code> before you commit to the changes.</p>
+<h3 id="modification-times">Modification times</h3>
 <p>Bisync relies on file timestamps to identify changed files and will <em>refuse</em> to operate if backend lacks the modification time support.</p>
 <p>If you or your application should change the content of a file without changing the modification time then bisync will <em>not</em> notice the change, and thus will not copy it to the other side.</p>
 <p>Note that on some cloud storage systems it is not possible to have file timestamps that match <em>precisely</em> between the local and other filesystems.</p>
@@ -9630,30 +12026,48 @@ <h3 id="modification-time">Modification time</h3>
 <h3 id="error-handling">Error handling</h3>
 <p>Certain bisync critical errors, such as file copy/move failing, will result in a bisync lockout of following runs. The lockout is asserted because the sync status and history of the Path1 and Path2 filesystems cannot be trusted, so it is safer to block any further changes until someone checks things out. The recovery is to do a <code>--resync</code> again.</p>
 <p>It is recommended to use <code>--resync --dry-run --verbose</code> initially and <em>carefully</em> review what changes will be made before running the <code>--resync</code> without <code>--dry-run</code>.</p>
-<p>Most of these events come up due to a error status from an internal call. On such a critical error the <code>{...}.path1.lst</code> and <code>{...}.path2.lst</code> listing files are renamed to extension <code>.lst-err</code>, which blocks any future bisync runs (since the normal <code>.lst</code> files are not found). Bisync keeps them under <code>bisync</code> subdirectory of the rclone cache directory, typically at <code>${HOME}/.cache/rclone/bisync/</code> on Linux.</p>
+<p>Most of these events come up due to an error status from an internal call. On such a critical error the <code>{...}.path1.lst</code> and <code>{...}.path2.lst</code> listing files are renamed to extension <code>.lst-err</code>, which blocks any future bisync runs (since the normal <code>.lst</code> files are not found). Bisync keeps them under <code>bisync</code> subdirectory of the rclone cache directory, typically at <code>${HOME}/.cache/rclone/bisync/</code> on Linux.</p>
 <p>Some errors are considered temporary and re-running the bisync is not blocked. The <em>critical return</em> blocks further bisync runs.</p>
+<p>See also: <a href="#resilient"><code>--resilient</code></a></p>
 <h3 id="lock-file">Lock file</h3>
 <p>When bisync is running, a lock file is created in the bisync working directory, typically at <code>~/.cache/rclone/bisync/PATH1..PATH2.lck</code> on Linux. If bisync should crash or hang, the lock file will remain in place and block any further runs of bisync <em>for the same paths</em>. Delete the lock file as part of debugging the situation. The lock file effectively blocks follow-on (e.g., scheduled by <em>cron</em>) runs when the prior invocation is taking a long time. The lock file contains <em>PID</em> of the blocking process, which may help in debug.</p>
 <p><strong>Note</strong> that while concurrent bisync runs are allowed, <em>be very cautious</em> that there is no overlap in the trees being synched between concurrent runs, lest there be replicated files, deleted files and general mayhem.</p>
 <h3 id="return-codes">Return codes</h3>
 <p><code>rclone bisync</code> returns the following codes to calling program: - <code>0</code> on a successful run, - <code>1</code> for a non-critical failing run (a rerun may be successful), - <code>2</code> for a critically aborted run (requires a <code>--resync</code> to recover).</p>
-<h2 id="limitations-2">Limitations</h2>
+<h2 id="limitations-3">Limitations</h2>
 <h3 id="supported-backends">Supported backends</h3>
 <p>Bisync is considered <em>BETA</em> and has been tested with the following backends: - Local filesystem - Google Drive - Dropbox - OneDrive - S3 - SFTP - Yandex Disk</p>
 <p>It has not been fully tested with other services yet. If it works, or sorta works, please let us know and we'll update the list. Run the test suite to check for proper operation as described below.</p>
-<p>First release of <code>rclone bisync</code> requires that underlying backend supported the modification time feature and will refuse to run otherwise. This limitation will be lifted in a future <code>rclone bisync</code> release.</p>
+<p>First release of <code>rclone bisync</code> requires that underlying backend supports the modification time feature and will refuse to run otherwise. This limitation will be lifted in a future <code>rclone bisync</code> release.</p>
 <h3 id="concurrent-modifications">Concurrent modifications</h3>
 <p>When using <strong>Local, FTP or SFTP</strong> remotes rclone does not create <em>temporary</em> files at the destination when copying, and thus if the connection is lost the created file may be corrupt, which will likely propagate back to the original path on the next sync, resulting in data loss. This will be solved in a future release, there is no workaround at the moment.</p>
-<p>Files that <strong>change during</strong> a bisync run may result in data loss. This has been seen in a highly dynamic environment, where the filesystem is getting hammered by running processes during the sync. The solution is to sync at quiet times or <a href="#filtering">filter out</a> unnecessary directories and files.</p>
+<p>Files that <strong>change during</strong> a bisync run may result in data loss. This has been seen in a highly dynamic environment, where the filesystem is getting hammered by running processes during the sync. The currently recommended solution is to sync at quiet times or <a href="#filtering">filter out</a> unnecessary directories and files.</p>
+<p>As an <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=scans%2C%20to%20avoid-,errors%20if%20files%20changed%20during%20sync,-Given%20the%20number">alternative approach</a>, consider using <code>--check-sync=false</code> (and possibly <code>--resilient</code>) to make bisync more forgiving of filesystems that change during the sync. Be advised that this may cause bisync to miss events that occur during a bisync run, so it is a good idea to supplement this with a periodic independent integrity check, and corrective sync if diffs are found. For example, a possible sequence could look like this:</p>
+<ol type="1">
+<li>Normally scheduled bisync run:</li>
+</ol>
+<pre><code>rclone bisync Path1 Path2 -MPc --check-access --max-delete 10 --filters-file /path/to/filters.txt -v --check-sync=false --no-cleanup --ignore-listing-checksum --disable ListR --checkers=16 --drive-pacer-min-sleep=10ms --create-empty-src-dirs --resilient</code></pre>
+<ol start="2" type="1">
+<li>Periodic independent integrity check (perhaps scheduled nightly or weekly):</li>
+</ol>
+<pre><code>rclone check -MvPc Path1 Path2 --filter-from /path/to/filters.txt</code></pre>
+<ol start="3" type="1">
+<li>If diffs are found, you have some choices to correct them. If one side is more up-to-date and you want to make the other side match it, you could run:</li>
+</ol>
+<pre><code>rclone sync Path1 Path2 --filter-from /path/to/filters.txt --create-empty-src-dirs -MPc -v  </code></pre>
+<p>(or switch Path1 and Path2 to make Path2 the source-of-truth)</p>
+<p>Or, if neither side is totally up-to-date, you could run a <code>--resync</code> to bring them back into agreement (but remember that this could cause deleted files to re-appear.)</p>
+<p>*Note also that <code>rclone check</code> does not currently include empty directories, so if you want to know if any empty directories are out of sync, consider alternatively running the above <code>rclone sync</code> command with <code>--dry-run</code> added.</p>
 <h3 id="empty-directories">Empty directories</h3>
-<p>New empty directories on one path are <em>not</em> propagated to the other side. This is because bisync (and rclone) natively works on files not directories. The following sequence is a workaround but will not propagate the delete of an empty directory to the other side:</p>
-<pre><code>rclone bisync PATH1 PATH2
-rclone copy PATH1 PATH2 --filter &quot;+ */&quot; --filter &quot;- **&quot; --create-empty-src-dirs
-rclone copy PATH2 PATH2 --filter &quot;+ */&quot; --filter &quot;- **&quot; --create-empty-src-dirs</code></pre>
+<p>By default, new/deleted empty directories on one path are <em>not</em> propagated to the other side. This is because bisync (and rclone) natively works on files, not directories. However, this can be changed with the <code>--create-empty-src-dirs</code> flag, which works in much the same way as in <a href="https://rclone.org/commands/rclone_sync/"><code>sync</code></a> and <a href="https://rclone.org/commands/rclone_copy/"><code>copy</code></a>. When used, empty directories created or deleted on one side will also be created or deleted on the other side. The following should be noted: * <code>--create-empty-src-dirs</code> is not compatible with <code>--remove-empty-dirs</code>. Use only one or the other (or neither). * It is not recommended to switch back and forth between <code>--create-empty-src-dirs</code> and the default (no <code>--create-empty-src-dirs</code>) without running <code>--resync</code>. This is because it may appear as though all directories (not just the empty ones) were created/deleted, when actually you've just toggled between making them visible/invisible to bisync. It looks scarier than it is, but it's still probably best to stick to one or the other, and use <code>--resync</code> when you need to switch.</p>
 <h3 id="renamed-directories">Renamed directories</h3>
-<p>Renaming a folder on the Path1 side results is deleting all files on the Path2 side and then copying all files again from Path1 to Path2. Bisync sees this as all files in the old directory name as deleted and all files in the new directory name as new. Similarly, renaming a directory on both sides to the same name will result in creating <code>..path1</code> and <code>..path2</code> files on both sides. Currently the most effective and efficient method of renaming a directory is to rename it on both sides, then do a <code>--resync</code>.</p>
+<p>Renaming a folder on the Path1 side results in deleting all files on the Path2 side and then copying all files again from Path1 to Path2. Bisync sees this as all files in the old directory name as deleted and all files in the new directory name as new. Currently, the most effective and efficient method of renaming a directory is to rename it to the same name on both sides. (As of <code>rclone v1.64</code>, a <code>--resync</code> is no longer required after doing so, as bisync will automatically detect that Path1 and Path2 are in agreement.)</p>
+<h3 id="fast-list-used-by-default"><code>--fast-list</code> used by default</h3>
+<p>Unlike most other rclone commands, bisync uses <a href="https://rclone.org/docs/#fast-list"><code>--fast-list</code></a> by default, for backends that support it. In many cases this is desirable, however, there are some scenarios in which bisync could be faster <em>without</em> <code>--fast-list</code>, and there is also a <a href="https://github.com/rclone/rclone/commit/cbf3d4356135814921382dd3285d859d15d0aa77">known issue concerning Google Drive users with many empty directories</a>. For now, the recommended way to avoid using <code>--fast-list</code> is to add <code>--disable ListR</code> to all bisync commands. The default behavior may change in a future version.</p>
+<h3 id="overridden-configs">Overridden Configs</h3>
+<p>When rclone detects an overridden config, it adds a suffix like <code>{ABCDE}</code> on the fly to the internal name of the remote. Bisync follows suit by including this suffix in its listing filenames. However, this suffix does not necessarily persist from run to run, especially if different flags are provided. So if next time the suffix assigned is <code>{FGHIJ}</code>, bisync will get confused, because it's looking for a listing file with <code>{FGHIJ}</code>, when the file it wants has <code>{ABCDE}</code>. As a result, it throws <code>Bisync critical error: cannot find prior Path1 or Path2 listings, likely due to critical error on prior run</code> and refuses to run again until the user runs a <code>--resync</code> (unless using <code>--resilient</code>). The best workaround at the moment is to set any backend-specific flags in the <a href="https://rclone.org/commands/rclone_config/">config file</a> instead of specifying them with command flags. (You can still override them as needed for other rclone commands.)</p>
 <h3 id="case-sensitivity">Case sensitivity</h3>
-<p>Synching with <strong>case-insensitive</strong> filesystems, such as Windows or <code>Box</code>, can result in file name conflicts. This will be fixed in a future release. The near term workaround is to make sure that files on both sides don't have spelling case differences (<code>Smile.jpg</code> vs. <code>smile.jpg</code>).</p>
+<p>Synching with <strong>case-insensitive</strong> filesystems, such as Windows or <code>Box</code>, can result in file name conflicts. This will be fixed in a future release. The near-term workaround is to make sure that files on both sides don't have spelling case differences (<code>Smile.jpg</code> vs. <code>smile.jpg</code>).</p>
 <h2 id="windows">Windows support</h2>
 <p>Bisync has been tested on Windows 8.1, Windows 10 Pro 64-bit and on Windows GitHub runners.</p>
 <p>Drive letters are allowed, including drive letters mapped to network drives (<code>rclone bisync J:\localsync GDrive:</code>). If a drive letter is omitted, the shell current drive is the default. Drive letters are a single character follows by <code>:</code>, so cloud names must be more than one character long.</p>
@@ -9678,7 +12092,7 @@ <h3 id="filters-file-writing-guidelines">Filters file writing guidelines</h3>
 <li>Excluding such dirs first will make rclone operations (much) faster.</li>
 <li>Specific files may also be excluded, as with the Dropbox exclusions example below.</li>
 </ul></li>
-<li>Decide if its easier (or cleaner) to:
+<li>Decide if it's easier (or cleaner) to:
 <ul>
 <li>Include select directories and therefore <em>exclude everything else</em> -- or --</li>
 <li>Exclude select directories and therefore <em>include everything else</em></li>
@@ -9695,7 +12109,7 @@ <h3 id="filters-file-writing-guidelines">Filters file writing guidelines</h3>
 <li>Exclude select directories:
 <ul>
 <li>Add more lines like in step 1. For example: <code>-/Desktop/tempfiles/</code>, or `- /testdir/<code>.    Again, a</code>**` on the end is not necessary.</li>
-<li>Do <em>not</em> add a `- **` in the file. Without this line, everything will be included that has not be explicitly excluded.</li>
+<li>Do <em>not</em> add a `- **` in the file. Without this line, everything will be included that has not been explicitly excluded.</li>
 <li>Disregard step 3.</li>
 </ul></li>
 </ol>
@@ -9743,7 +12157,7 @@ <h3 id="example-filters-file">Example filters file for Dropbox</h3>
 # NOTICE: If you make changes to this file you MUST do a --resync run.
 #         Run with --dry-run to see what changes will be made.
 
-# Dropbox wont sync some files so filter them away here.
+# Dropbox won&#39;t sync some files so filter them away here.
 # See https://help.dropbox.com/installs-integrations/sync-uploads/files-not-syncing
 - .dropbox.attr
 - ~*.tmp
@@ -9783,11 +12197,11 @@ <h3 id="reading-bisync-logs">Reading bisync logs</h3>
 2021/05/16 00:36:52 INFO  : Validating listings for Path1 &quot;/path/to/local/tree/&quot; vs Path2 &quot;dropbox:/&quot;
 2021/05/16 00:36:52 INFO  : Bisync successful</code></pre>
 <h3 id="dry-run-oddity">Dry run oddity</h3>
-<p>The <code>--dry-run</code> messages may indicate that it would try to delete some files. For example, if a file is new on Path2 and does not exist on Path1 then it would normally be copied to Path1, but with <code>--dry-run</code> enabled those copies don't happen, which leads to the attempted delete on the Path2, blocked again by --dry-run: <code>... Not deleting as --dry-run</code>.</p>
+<p>The <code>--dry-run</code> messages may indicate that it would try to delete some files. For example, if a file is new on Path2 and does not exist on Path1 then it would normally be copied to Path1, but with <code>--dry-run</code> enabled those copies don't happen, which leads to the attempted delete on Path2, blocked again by --dry-run: <code>... Not deleting as --dry-run</code>.</p>
 <p>This whole confusing situation is an artifact of the <code>--dry-run</code> flag. Scrutinize the proposed deletes carefully, and if the files would have been copied to Path1 then the threatened deletes on Path2 may be disregarded.</p>
 <h3 id="retries">Retries</h3>
-<p>Rclone has built in retries. If you run with <code>--verbose</code> you'll see error and retry messages such as shown below. This is usually not a bug. If at the end of the run you see <code>Bisync successful</code> and not <code>Bisync critical error</code> or <code>Bisync aborted</code> then the run was successful, and you can ignore the error messages.</p>
-<p>The following run shows an intermittent fail. Lines <em>5</em> and _6- are low level messages. Line <em>6</em> is a bubbled-up <em>warning</em> message, conveying the error. Rclone normally retries failing commands, so there may be numerous such messages in the log.</p>
+<p>Rclone has built-in retries. If you run with <code>--verbose</code> you'll see error and retry messages such as shown below. This is usually not a bug. If at the end of the run, you see <code>Bisync successful</code> and not <code>Bisync critical error</code> or <code>Bisync aborted</code> then the run was successful, and you can ignore the error messages.</p>
+<p>The following run shows an intermittent fail. Lines <em>5</em> and _6- are low-level messages. Line <em>6</em> is a bubbled-up <em>warning</em> message, conveying the error. Rclone normally retries failing commands, so there may be numerous such messages in the log.</p>
 <p>Since there are no final error/warning messages on line <em>7</em>, rclone has recovered from failure after a retry, and the overall sync was successful.</p>
 <pre><code>1: 2021/05/14 00:44:12 INFO  : Synching Path1 &quot;/path/to/local/tree&quot; with Path2 &quot;dropbox:&quot;
 2: 2021/05/14 00:44:12 INFO  : Path1 checking for diffs
@@ -9823,7 +12237,7 @@ <h3 id="cron">Cron</h3>
 #                     Day of Week (0-6 or Sun-Sat)
 #                         Command
   */5  *    *    *    *   /path/to/rclone bisync /local/files MyCloud: --check-access --filters-file /path/to/bysync-filters.txt --log-file /path/to//bisync.log</code></pre>
-<p>See <a href="https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES">crontab syntax</a>). for the details of crontab time interval expressions.</p>
+<p>See <a href="https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES">crontab syntax</a> for the details of crontab time interval expressions.</p>
 <p>If you run <code>rclone bisync</code> as a cron job, redirect stdout/stderr to a file. The 2nd example runs a sync to Dropbox every hour and logs all stdout (via the <code>&gt;&gt;</code>) and stderr (via <code>2&gt;&amp;1</code>) to a log file.</p>
 <pre><code>0 * * * * /path/to/rclone bisync /path/to/local/dropbox Dropbox: --check-access --filters-file /home/user/filters.txt &gt;&gt; /path/to/logs/dropbox-run.log 2&gt;&amp;1</code></pre>
 <h3 id="sharing-an-encrypted-folder-tree-between-hosts">Sharing an encrypted folder tree between hosts</h3>
@@ -9912,7 +12326,7 @@ <h3 id="notes-about-testing">Notes about testing</h3>
 <li><code>path1</code> and/or <code>path2</code> subdirectories are created in a temporary directory under the respective local or cloud test remote.</li>
 <li>By default, the Path1 and Path2 test dirs and workdir will be deleted after each test run. The <code>-no-cleanup</code> flag disables purging these directories when validating and debugging a given test. These directories will be flushed before running another test, independent of the <code>-no-cleanup</code> usage.</li>
 <li>You will likely want to add `- /testdir/<code>to your normal   bisync</code>--filters-file<code>so that normal syncs do not attempt to sync   the test temporary directories, which may have</code>RCLONE_TEST<code>miscompares   in some testcases which would otherwise trip the</code>--check-access<code>system.   The</code>--check-access<code>mechanism is hard-coded to ignore</code>RCLONE_TEST<code>files beneath</code>bisync/testdata`, so the test cases may reside on the synched tree even if there are check file mismatches in the test tree.</li>
-<li>Some Dropbox tests can fail, notably printing the following message: <code>src and dst identical but can't set mod time without deleting and re-uploading</code> This is expected and happens due a way Dropbox handles modification times. You should use the <code>-refresh-times</code> test flag to make up for this.</li>
+<li>Some Dropbox tests can fail, notably printing the following message: <code>src and dst identical but can't set mod time without deleting and re-uploading</code> This is expected and happens due to the way Dropbox handles modification times. You should use the <code>-refresh-times</code> test flag to make up for this.</li>
 <li>If Dropbox tests hit request limit for you and print error message <code>too_many_requests/...: Too many requests or write operations.</code> then follow the <a href="https://rclone.org/dropbox/#get-your-own-dropbox-app-id">Dropbox App ID instructions</a>.</li>
 </ul>
 <h3 id="updating-golden-results">Updating golden results</h3>
@@ -9933,7 +12347,7 @@ <h3 id="supported-test-commands">Supported test commands</h3>
 <li><code>move-listings &lt;prefix&gt;</code> Similar to <code>copy-listings</code> but removes the source</li>
 <li><code>purge-children &lt;dir&gt;</code> This will delete all child files and purge all child subdirs under given directory but keep the parent intact. This behavior is important for tests with Google Drive because removing and re-creating the parent would change its ID.</li>
 <li><code>delete-file &lt;file&gt;</code> Delete a single file.</li>
-<li><code>delete-glob &lt;dir&gt; &lt;pattern&gt;</code> Delete a group of files located one level deep in the given directory with names maching a given glob pattern.</li>
+<li><code>delete-glob &lt;dir&gt; &lt;pattern&gt;</code> Delete a group of files located one level deep in the given directory with names matching a given glob pattern.</li>
 <li><code>touch-glob YYYY-MM-DD &lt;dir&gt; &lt;pattern&gt;</code> Change modification time on a group of files.</li>
 <li><code>touch-copy YYYY-MM-DD &lt;source-file&gt; &lt;dest-dir&gt;</code> Change file modification time then copy it to destination.</li>
 <li><code>copy-file &lt;source-file&gt; &lt;dest-dir&gt;</code> Copy a single file to given directory.</li>
@@ -10023,8 +12437,111 @@ <h2 id="references">References</h2>
 <li><a href="https://github.com/Jwink3101/syncrclone">jwink3101/syncrclone</a></li>
 <li><a href="https://github.com/DavideRossi/upback">DavideRossi/upback</a></li>
 </ul>
-<p>Bisync adopts the differential synchronization technique, which is based on keeping history of changes performed by both synchronizing sides. See the <em>Dual Shadow Method</em> section in the <a href="https://neil.fraser.name/writing/sync/">Neil Fraser's article</a>.</p>
+<p>Bisync adopts the differential synchronization technique, which is based on keeping history of changes performed by both synchronizing sides. See the <em>Dual Shadow Method</em> section in <a href="https://neil.fraser.name/writing/sync/">Neil Fraser's article</a>.</p>
 <p>Also note a number of academic publications by <a href="http://www.cis.upenn.edu/%7Ebcpierce/papers/index.shtml#File%20Synchronization">Benjamin Pierce</a> about <em>Unison</em> and synchronization in general.</p>
+<h2 id="changelog">Changelog</h2>
+<h3 id="v1.64"><code>v1.64</code></h3>
+<ul>
+<li>Fixed an <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Dry%20runs%20are%20not%20completely%20dry">issue</a> causing dry runs to inadvertently commit filter changes</li>
+<li>Fixed an <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20%2D%2Dresync%20deletes%20data%2C%20contrary%20to%20docs">issue</a> causing <code>--resync</code> to erroneously delete empty folders and duplicate files unique to Path2</li>
+<li><code>--check-access</code> is now enforced during <code>--resync</code>, preventing data loss in <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should">certain user error scenarios</a></li>
+<li>Fixed an <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=5.%20Bisync%20reads%20files%20in%20excluded%20directories%20during%20delete%20operations">issue</a> causing bisync to consider more files than necessary due to overbroad filters during delete operations</li>
+<li><a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Identical%20files%20should%20be%20left%20alone%2C%20even%20if%20new/newer/changed%20on%20both%20sides">Improved detection of false positive change conflicts</a> (identical files are now left alone instead of renamed)</li>
+<li>Added <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20Bisync%20should%20create/delete%20empty%20directories%20as%20sync%20does%2C%20when%20%2D%2Dcreate%2Dempty%2Dsrc%2Ddirs%20is%20passed">support for <code>--create-empty-src-dirs</code></a></li>
+<li>Added experimental <code>--resilient</code> mode to allow <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20Bisync%20should%20be%20more%20resilient%20to%20self%2Dcorrectable%20errors">recovery from self-correctable errors</a></li>
+<li>Added <a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20%2D%2Dignore%2Dchecksum%20should%20be%20split%20into%20two%20flags%20for%20separate%20purposes">new <code>--ignore-listing-checksum</code> flag</a> to distinguish from <code>--ignore-checksum</code></li>
+<li><a href="https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20Deletes%20take%20several%20times%20longer%20than%20copies">Performance improvements</a> for large remotes</li>
+<li>Documentation and testing improvements</li>
+</ul>
+<h1 id="release-signing">Release signing</h1>
+<p>The hashes of the binary artefacts of the rclone release are signed with a public PGP/GPG key. This can be verified manually as described below.</p>
+<p>The same mechanism is also used by <a href="https://rclone.org/commands/rclone_selfupdate/">rclone selfupdate</a> to verify that the release has not been tampered with before the new update is installed. This checks the SHA256 hash and the signature with a public key compiled into the rclone binary.</p>
+<h2 id="release-signing-key">Release signing key</h2>
+<p>You may obtain the release signing key from:</p>
+<ul>
+<li>From <a href="/KEYS">KEYS</a> on this website - this file contains all past signing keys also.</li>
+<li>The git repository hosted on GitHub - https://github.com/rclone/rclone/blob/master/docs/content/KEYS</li>
+<li><code>gpg --keyserver hkps://keys.openpgp.org --search nick@craig-wood.com</code></li>
+<li><code>gpg --keyserver hkps://keyserver.ubuntu.com --search nick@craig-wood.com</code></li>
+<li>https://www.craig-wood.com/nick/pub/pgp-key.txt</li>
+</ul>
+<p>After importing the key, verify that the fingerprint of one of the keys matches: <code>FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA</code> as this key is used for signing.</p>
+<p>We recommend that you cross-check the fingerprint shown above through the domains listed below. By cross-checking the integrity of the fingerprint across multiple domains you can be confident that you obtained the correct key.</p>
+<ul>
+<li>The <a href="https://github.com/rclone/rclone/blob/master/docs/content/release_signing.md">source for this page on GitHub</a>.</li>
+<li>Through DNS <code>dig key.rclone.org txt</code></li>
+</ul>
+<p>If you find anything that doesn't not match, please contact the developers at once.</p>
+<h2 id="how-to-verify-the-release">How to verify the release</h2>
+<p>In the release directory you will see the release files and some files called <code>MD5SUMS</code>, <code>SHA1SUMS</code> and <code>SHA256SUMS</code>.</p>
+<pre><code>$ rclone lsf --http-url https://downloads.rclone.org/v1.63.1 :http:
+MD5SUMS
+SHA1SUMS
+SHA256SUMS
+rclone-v1.63.1-freebsd-386.zip
+rclone-v1.63.1-freebsd-amd64.zip
+...
+rclone-v1.63.1-windows-arm64.zip
+rclone-v1.63.1.tar.gz
+version.txt</code></pre>
+<p>The <code>MD5SUMS</code>, <code>SHA1SUMS</code> and <code>SHA256SUMS</code> contain hashes of the binary files in the release directory along with a signature.</p>
+<p>For example:</p>
+<pre><code>$ rclone cat --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113  rclone-v1.63.1-freebsd-386.zip
+7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e  rclone-v1.63.1-freebsd-amd64.zip
+...
+66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73  rclone-v1.63.1-windows-amd64.zip
+bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0  rclone-v1.63.1-windows-arm64.zip
+-----BEGIN PGP SIGNATURE-----
+
+iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZLVKJQAKCRCTk14C/ztU
++pZuAJ0XJ+QWLP/3jCtkmgcgc4KAwd/rrwCcCRZQ7E+oye1FPY46HOVzCFU3L7g=
+=8qrL
+-----END PGP SIGNATURE-----</code></pre>
+<h3 id="download-the-files">Download the files</h3>
+<p>The first step is to download the binary and SUMs file and verify that the SUMs you have downloaded match. Here we download <code>rclone-v1.63.1-windows-amd64.zip</code> - choose the binary (or binaries) appropriate to your architecture. We've also chosen the <code>SHA256SUMS</code> as these are the most secure. You could verify the other types of hash also for extra security. <code>rclone selfupdate</code> verifies just the <code>SHA256SUMS</code>.</p>
+<pre><code>$ mkdir /tmp/check
+$ cd /tmp/check
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS .
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:rclone-v1.63.1-windows-amd64.zip .</code></pre>
+<h3 id="verify-the-signatures">Verify the signatures</h3>
+<p>First verify the signatures on the SHA256 file.</p>
+<p>Import the key. See above for ways to verify this key is correct.</p>
+<pre><code>$ gpg --keyserver keyserver.ubuntu.com --receive-keys FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: key 93935E02FF3B54FA: public key &quot;Nick Craig-Wood &lt;nick@craig-wood.com&gt;&quot; imported
+gpg: Total number processed: 1
+gpg:               imported: 1</code></pre>
+<p>Then check the signature:</p>
+<pre><code>$ gpg --verify SHA256SUMS 
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from &quot;Nick Craig-Wood &lt;nick@craig-wood.com&gt;&quot; [ultimate]</code></pre>
+<p>Verify the signature was good and is using the fingerprint shown above.</p>
+<p>Repeat for <code>MD5SUMS</code> and <code>SHA1SUMS</code> if desired.</p>
+<h3 id="verify-the-hashes">Verify the hashes</h3>
+<p>Now that we know the signatures on the hashes are OK we can verify the binaries match the hashes, completing the verification.</p>
+<pre><code>$ sha256sum -c SHA256SUMS 2&gt;&amp;1 | grep OK
+rclone-v1.63.1-windows-amd64.zip: OK</code></pre>
+<p>Or do the check with rclone</p>
+<pre><code>$ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip 
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 0
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 1
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 49
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: 4 warning(s) suppressed...
+= rclone-v1.63.1-windows-amd64.zip
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 0 differences found
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 1 matching files</code></pre>
+<h3 id="verify-signatures-and-hashes-together">Verify signatures and hashes together</h3>
+<p>You can verify the signatures and hashes in one command line like this:</p>
+<pre><code>$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from &quot;Nick Craig-Wood &lt;nick@craig-wood.com&gt;&quot; [ultimate]
+gpg:                 aka &quot;Nick Craig-Wood &lt;nick@memset.com&gt;&quot; [unknown]
+rclone-v1.63.1-windows-amd64.zip: OK</code></pre>
 <h1 id="fichier">1Fichier</h1>
 <p>This is a backend for the <a href="https://1fichier.com">1fichier</a> cloud storage service. Note that a Premium subscription is required to use the API.</p>
 <p>Paths are specified as <code>remote:path</code></p>
@@ -10075,7 +12592,7 @@ <h2 id="configuration">Configuration</h2>
 <pre><code>rclone ls remote:</code></pre>
 <p>To copy a local directory to a 1Fichier directory called backup</p>
 <pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-hashes">Modified time and hashes</h3>
+<h3 id="modification-times-and-hashes">Modification times and hashes</h3>
 <p>1Fichier does not support modification times. It supports the Whirlpool hash algorithm.</p>
 <h3 id="duplicated-files">Duplicated files</h3>
 <p>1Fichier can have two files with exactly the same name and path (unlike a normal file system).</p>
@@ -10188,6 +12705,15 @@ <h4 id="fichier-folder-password">--fichier-folder-password</h4>
 <li>Type: string</li>
 <li>Required: false</li>
 </ul>
+<h4 id="fichier-cdn">--fichier-cdn</h4>
+<p>Set if you wish to use CDN download links.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: cdn</li>
+<li>Env Var: RCLONE_FICHIER_CDN</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
 <h4 id="fichier-encoding">--fichier-encoding</h4>
 <p>The encoding for the backend.</p>
 <p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
@@ -10195,10 +12721,10 @@ <h4 id="fichier-encoding">--fichier-encoding</h4>
 <ul>
 <li>Config: encoding</li>
 <li>Env Var: RCLONE_FICHIER_ENCODING</li>
-<li>Type: MultiEncoder</li>
+<li>Type: Encoding</li>
 <li>Default: Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot</li>
 </ul>
-<h2 id="limitations-3">Limitations</h2>
+<h2 id="limitations-4">Limitations</h2>
 <p><code>rclone about</code> is not supported by the 1Fichier backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
 <p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
 <h1 id="alias">Alias</h1>
@@ -10341,9 +12867,9 @@ <h2 id="configuration-2">Configuration</h2>
 <pre><code>rclone ls remote:</code></pre>
 <p>To copy a local directory to an Amazon Drive directory called backup</p>
 <pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-md5sums">Modified time and MD5SUMs</h3>
+<h3 id="modification-times-and-hashes-1">Modification times and hashes</h3>
 <p>Amazon Drive doesn't allow modification times to be changed via the API so these won't be accurate or used for syncing.</p>
-<p>It does store MD5SUMs so for a more accurate sync, you can use the <code>--checksum</code> flag.</p>
+<p>It does support the MD5 hash algorithm, so for a more accurate sync, you can use the <code>--checksum</code> flag.</p>
 <h3 id="restricted-filename-characters-1">Restricted filename characters</h3>
 <table>
 <thead>
@@ -10465,10 +12991,10 @@ <h4 id="acd-encoding">--acd-encoding</h4>
 <ul>
 <li>Config: encoding</li>
 <li>Env Var: RCLONE_ACD_ENCODING</li>
-<li>Type: MultiEncoder</li>
+<li>Type: Encoding</li>
 <li>Default: Slash,InvalidUtf8,Dot</li>
 </ul>
-<h2 id="limitations-4">Limitations</h2>
+<h2 id="limitations-5">Limitations</h2>
 <p>Note that Amazon Drive is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
 <p>Amazon Drive has rate limiting so you may notice errors in the sync (429 errors). rclone will automatically retry the sync up to 3 times by default (see <code>--retries</code> flag) which should hopefully work around this problem.</p>
 <p>Amazon Drive has an internal limit of file sizes that can be uploaded to the service. This limit is not officially published, but all files larger than this will fail.</p>
@@ -10487,19 +13013,25 @@ <h1 id="amazon-s3-storage-providers">Amazon S3 Storage Providers</h1>
 <li>Arvan Cloud Object Storage (AOS)</li>
 <li>DigitalOcean Spaces</li>
 <li>Dreamhost</li>
+<li>GCS</li>
 <li>Huawei OBS</li>
 <li>IBM COS S3</li>
 <li>IDrive e2</li>
 <li>IONOS Cloud</li>
+<li>Leviia Object Storage</li>
 <li>Liara Object Storage</li>
+<li>Linode Object Storage</li>
 <li>Minio</li>
+<li>Petabox</li>
 <li>Qiniu Cloud Object Storage (Kodo)</li>
 <li>RackCorp Object Storage</li>
+<li>Rclone Serve S3</li>
 <li>Scaleway</li>
 <li>Seagate Lyve Cloud</li>
 <li>SeaweedFS</li>
 <li>StackPath</li>
 <li>Storj</li>
+<li>Synology C2 Object Storage</li>
 <li>Tencent Cloud Object Storage (COS)</li>
 <li>Wasabi</li>
 </ul>
@@ -10712,10 +13244,18 @@ <h2 id="configuration-3">Configuration</h2>
 e) Edit this remote
 d) Delete this remote
 y/e/d&gt;</code></pre>
-<h3 id="modified-time">Modified time</h3>
+<h3 id="modification-times-and-hashes-2">Modification times and hashes</h3>
+<h4 id="modification-times-1">Modification times</h4>
 <p>The modified time is stored as metadata on the object as <code>X-Amz-Meta-Mtime</code> as floating point since the epoch, accurate to 1 ns.</p>
 <p>If the modification time needs to be updated rclone will attempt to perform a server side copy to update the modification if the object can be copied in a single part. In the case the object is larger than 5Gb or is in Glacier or Glacier Deep Archive storage the object will be uploaded rather than copied.</p>
 <p>Note that reading this from the object takes an additional <code>HEAD</code> request as the metadata isn't returned in object listings.</p>
+<h4 id="hashes">Hashes</h4>
+<p>For small objects which weren't uploaded as multipart uploads (objects sized below <code>--s3-upload-cutoff</code> if uploaded with rclone) rclone uses the <code>ETag:</code> header as an MD5 checksum.</p>
+<p>However for objects which were uploaded as multipart uploads or with server side encryption (SSE-AWS or SSE-C) the <code>ETag</code> header is no longer the MD5 sum of the data, so rclone adds an additional piece of metadata <code>X-Amz-Meta-Md5chksum</code> which is a base64 encoded MD5 hash (in the same format as is required for <code>Content-MD5</code>). You can use base64 -d and hexdump to check this value manually:</p>
+<pre><code>echo &#39;VWTGdNx3LyXQDfA0e2Edxw==&#39; | base64 -d | hexdump</code></pre>
+<p>or you can use <code>rclone check</code> to verify the hashes are OK.</p>
+<p>For large objects, calculating this hash can take some time so the addition of this hash can be disabled with <code>--s3-disable-checksum</code>. This will mean that these objects do not have an MD5 checksum.</p>
+<p>Note that reading this from the object takes an additional <code>HEAD</code> request as the metadata isn't returned in object listings.</p>
 <h3 id="reducing-costs">Reducing costs</h3>
 <h4 id="avoiding-head-requests-to-read-the-modification-time">Avoiding HEAD requests to read the modification time</h4>
 <p>By default, rclone will use the modification time of objects stored in S3 for syncing. This is stored in object metadata which unfortunately takes an extra HEAD request to read which can be expensive (in time and money).</p>
@@ -10762,11 +13302,6 @@ <h4 id="avoiding-head-requests-after-put">Avoiding HEAD requests after PUT</h4>
 <p>By default, rclone will HEAD every object it uploads. It does this to check the object got uploaded correctly.</p>
 <p>You can disable this with the <a href="#s3-no-head">--s3-no-head</a> option - see there for more details.</p>
 <p>Setting this flag increases the chance for undetected upload failures.</p>
-<h3 id="hashes">Hashes</h3>
-<p>For small objects which weren't uploaded as multipart uploads (objects sized below <code>--s3-upload-cutoff</code> if uploaded with rclone) rclone uses the <code>ETag:</code> header as an MD5 checksum.</p>
-<p>However for objects which were uploaded as multipart uploads or with server side encryption (SSE-AWS or SSE-C) the <code>ETag</code> header is no longer the MD5 sum of the data, so rclone adds an additional piece of metadata <code>X-Amz-Meta-Md5chksum</code> which is a base64 encoded MD5 hash (in the same format as is required for <code>Content-MD5</code>).</p>
-<p>For large objects, calculating this hash can take some time so the addition of this hash can be disabled with <code>--s3-disable-checksum</code>. This will mean that these objects do not have an MD5 checksum.</p>
-<p>Note that reading this from the object takes an additional <code>HEAD</code> request as the metadata isn't returned in object listings.</p>
 <h3 id="versions">Versions</h3>
 <p>When bucket versioning is enabled (this can be done with rclone with the <a href="#versioning"><code>rclone backend versioning</code></a> command) when rclone uploads a new version of a file it creates a <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html">new version of it</a> Likewise when you delete a file, the old version will be marked hidden and still be available.</p>
 <p>Old versions of files, where available, are visible using the <a href="#s3-versions"><code>--s3-versions</code></a> flag.</p>
@@ -10797,6 +13332,12 @@ <h3 id="versions">Versions</h3>
 
 $ rclone -q --s3-versions ls s3:cleanup-test
         9 one.txt</code></pre>
+<h4 id="versions-naming-caveat">Versions naming caveat</h4>
+<p>When using <code>--s3-versions</code> flag rclone is relying on the file name to work out whether the objects are versions or not. Versions' names are created by inserting timestamp between file name and its extension.</p>
+<pre><code>        9 file.txt
+        8 file-v2023-07-17-161032-000.txt
+       16 file-v2023-06-15-141003-000.txt</code></pre>
+<p>If there are real files present with the same names as versions, then behaviour of <code>--s3-versions</code> can be unpredictable.</p>
 <h3 id="cleanup-1">Cleanup</h3>
 <p>If you run <code>rclone cleanup s3:bucket</code> then it will remove all pending multipart uploads older than 24 hours. You can use the <code>--interactive</code>/<code>i</code> or <code>--dry-run</code> flag to see exactly what it will do. If you want more control over the expiry date then run <code>rclone backend cleanup s3:bucket -o max-age=1h</code> to expire all uploads older than one hour. You can use <code>rclone backend list-multipart-uploads s3:bucket</code> to see the pending multipart uploads.</p>
 <h3 id="restricted-filename-characters-2">Restricted filename characters</h3>
@@ -10870,7 +13411,7 @@ <h3 id="authentication-5">Authentication</h3>
 <li>Secret Access Key: <code>AWS_SECRET_ACCESS_KEY</code> or <code>AWS_SECRET_KEY</code></li>
 <li>Session Token: <code>AWS_SESSION_TOKEN</code> (optional)</li>
 </ul></li>
-<li>Or, use a <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html">named profile</a>:
+<li>Or, use a <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html">named profile</a>:
 <ul>
 <li>Profile files are standard files used by AWS CLI tools</li>
 <li>By default it will use the profile in your home directory (e.g. <code>~/.aws/credentials</code> on unix based systems) file and the "default" profile, to change set these environment variables:
@@ -10941,9 +13482,9 @@ <h3 id="object-lock-enabled-s3-bucket">Object-lock enabled S3 bucket</h3>
 <blockquote>
 <p>If you configure a default retention period on a bucket, requests to upload objects in such a bucket must include the Content-MD5 header.</p>
 </blockquote>
-<p>As mentioned in the <a href="#hashes">Hashes</a> section, small files that are not uploaded as multipart, use a different tag, causing the upload to fail. A simple solution is to set the <code>--s3-upload-cutoff 0</code> and force all the files to be uploaded as multipart.</p>
+<p>As mentioned in the <a href="#modification-times-and-hashes">Modification times and hashes</a> section, small files that are not uploaded as multipart, use a different tag, causing the upload to fail. A simple solution is to set the <code>--s3-upload-cutoff 0</code> and force all the files to be uploaded as multipart.</p>
 <h3 id="standard-options-3">Standard options</h3>
-<p>Here are the Standard options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).</p>
+<p>Here are the Standard options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others).</p>
 <h4 id="s3-provider">--s3-provider</h4>
 <p>Choose your S3 provider.</p>
 <p>Properties:</p>
@@ -10962,6 +13503,10 @@ <h4 id="s3-provider">--s3-provider</h4>
 <ul>
 <li>Alibaba Cloud Object Storage System (OSS) formerly Aliyun</li>
 </ul></li>
+<li>"ArvanCloud"
+<ul>
+<li>Arvan Cloud Object Storage (AOS)</li>
+</ul></li>
 <li>"Ceph"
 <ul>
 <li>Ceph Object Storage</li>
@@ -10974,10 +13519,6 @@ <h4 id="s3-provider">--s3-provider</h4>
 <ul>
 <li>Cloudflare R2 Storage</li>
 </ul></li>
-<li>"ArvanCloud"
-<ul>
-<li>Arvan Cloud Object Storage (AOS)</li>
-</ul></li>
 <li>"DigitalOcean"
 <ul>
 <li>DigitalOcean Spaces</li>
@@ -10986,6 +13527,10 @@ <h4 id="s3-provider">--s3-provider</h4>
 <ul>
 <li>Dreamhost DreamObjects</li>
 </ul></li>
+<li>"GCS"
+<ul>
+<li>Google Cloud Storage</li>
+</ul></li>
 <li>"HuaweiOBS"
 <ul>
 <li>Huawei Object Storage Service</li>
@@ -11006,10 +13551,18 @@ <h4 id="s3-provider">--s3-provider</h4>
 <ul>
 <li>Seagate Lyve Cloud</li>
 </ul></li>
+<li>"Leviia"
+<ul>
+<li>Leviia Object Storage</li>
+</ul></li>
 <li>"Liara"
 <ul>
 <li>Liara Object Storage</li>
 </ul></li>
+<li>"Linode"
+<ul>
+<li>Linode Object Storage</li>
+</ul></li>
 <li>"Minio"
 <ul>
 <li>Minio Object Storage</li>
@@ -11018,10 +13571,18 @@ <h4 id="s3-provider">--s3-provider</h4>
 <ul>
 <li>Netease Object Storage (NOS)</li>
 </ul></li>
+<li>"Petabox"
+<ul>
+<li>Petabox Object Storage</li>
+</ul></li>
 <li>"RackCorp"
 <ul>
 <li>RackCorp Object Storage</li>
 </ul></li>
+<li>"Rclone"
+<ul>
+<li>Rclone S3 Server</li>
+</ul></li>
 <li>"Scaleway"
 <ul>
 <li>Scaleway Object Storage</li>
@@ -11038,6 +13599,10 @@ <h4 id="s3-provider">--s3-provider</h4>
 <ul>
 <li>Storj (S3 Compatible Gateway)</li>
 </ul></li>
+<li>"Synology"
+<ul>
+<li>Synology C2 Object Storage</li>
+</ul></li>
 <li>"TencentCOS"
 <ul>
 <li>Tencent Cloud Object Storage (COS)</li>
@@ -11236,15951 +13801,19685 @@ <h4 id="s3-region">--s3-region</h4>
 </ul></li>
 </ul></li>
 </ul>
-<h4 id="s3-region-1">--s3-region</h4>
-<p>region - the location where your bucket will be created and your data stored.</p>
+<h4 id="s3-endpoint">--s3-endpoint</h4>
+<p>Endpoint for S3 API.</p>
+<p>Leave blank if using AWS to use the default endpoint for the region.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_S3_REGION</li>
-<li>Provider: RackCorp</li>
+<li>Config: endpoint</li>
+<li>Env Var: RCLONE_S3_ENDPOINT</li>
+<li>Provider: AWS</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="s3-location-constraint">--s3-location-constraint</h4>
+<p>Location constraint - must be set to match the Region.</p>
+<p>Used when creating buckets only.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: location_constraint</li>
+<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
+<li>Provider: AWS</li>
 <li>Type: string</li>
 <li>Required: false</li>
 <li>Examples:
 <ul>
-<li>"global"
+<li>""
 <ul>
-<li>Global CDN (All locations) Region</li>
+<li>Empty for US Region, Northern Virginia, or Pacific Northwest</li>
 </ul></li>
-<li>"au"
+<li>"us-east-2"
 <ul>
-<li>Australia (All states)</li>
+<li>US East (Ohio) Region</li>
 </ul></li>
-<li>"au-nsw"
+<li>"us-west-1"
 <ul>
-<li>NSW (Australia) Region</li>
+<li>US West (Northern California) Region</li>
 </ul></li>
-<li>"au-qld"
+<li>"us-west-2"
 <ul>
-<li>QLD (Australia) Region</li>
+<li>US West (Oregon) Region</li>
 </ul></li>
-<li>"au-vic"
+<li>"ca-central-1"
 <ul>
-<li>VIC (Australia) Region</li>
+<li>Canada (Central) Region</li>
 </ul></li>
-<li>"au-wa"
+<li>"eu-west-1"
 <ul>
-<li>Perth (Australia) Region</li>
+<li>EU (Ireland) Region</li>
 </ul></li>
-<li>"ph"
+<li>"eu-west-2"
 <ul>
-<li>Manila (Philippines) Region</li>
+<li>EU (London) Region</li>
 </ul></li>
-<li>"th"
+<li>"eu-west-3"
 <ul>
-<li>Bangkok (Thailand) Region</li>
+<li>EU (Paris) Region</li>
 </ul></li>
-<li>"hk"
+<li>"eu-north-1"
 <ul>
-<li>HK (Hong Kong) Region</li>
+<li>EU (Stockholm) Region</li>
 </ul></li>
-<li>"mn"
+<li>"eu-south-1"
 <ul>
-<li>Ulaanbaatar (Mongolia) Region</li>
+<li>EU (Milan) Region</li>
 </ul></li>
-<li>"kg"
+<li>"EU"
 <ul>
-<li>Bishkek (Kyrgyzstan) Region</li>
+<li>EU Region</li>
 </ul></li>
-<li>"id"
+<li>"ap-southeast-1"
 <ul>
-<li>Jakarta (Indonesia) Region</li>
+<li>Asia Pacific (Singapore) Region</li>
 </ul></li>
-<li>"jp"
+<li>"ap-southeast-2"
 <ul>
-<li>Tokyo (Japan) Region</li>
+<li>Asia Pacific (Sydney) Region</li>
 </ul></li>
-<li>"sg"
+<li>"ap-northeast-1"
 <ul>
-<li>SG (Singapore) Region</li>
+<li>Asia Pacific (Tokyo) Region</li>
 </ul></li>
-<li>"de"
+<li>"ap-northeast-2"
 <ul>
-<li>Frankfurt (Germany) Region</li>
+<li>Asia Pacific (Seoul) Region</li>
 </ul></li>
-<li>"us"
+<li>"ap-northeast-3"
 <ul>
-<li>USA (AnyCast) Region</li>
+<li>Asia Pacific (Osaka-Local) Region</li>
 </ul></li>
-<li>"us-east-1"
+<li>"ap-south-1"
 <ul>
-<li>New York (USA) Region</li>
+<li>Asia Pacific (Mumbai) Region</li>
 </ul></li>
-<li>"us-west-1"
+<li>"ap-east-1"
 <ul>
-<li>Freemont (USA) Region</li>
+<li>Asia Pacific (Hong Kong) Region</li>
 </ul></li>
-<li>"nz"
+<li>"sa-east-1"
 <ul>
-<li>Auckland (New Zealand) Region</li>
+<li>South America (Sao Paulo) Region</li>
 </ul></li>
+<li>"me-south-1"
+<ul>
+<li>Middle East (Bahrain) Region</li>
 </ul></li>
-</ul>
-<h4 id="s3-region-2">--s3-region</h4>
-<p>Region to connect to.</p>
-<p>Properties:</p>
+<li>"af-south-1"
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_S3_REGION</li>
-<li>Provider: Scaleway</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
+<li>Africa (Cape Town) Region</li>
+</ul></li>
+<li>"cn-north-1"
 <ul>
-<li>"nl-ams"
+<li>China (Beijing) Region</li>
+</ul></li>
+<li>"cn-northwest-1"
 <ul>
-<li>Amsterdam, The Netherlands</li>
+<li>China (Ningxia) Region</li>
 </ul></li>
-<li>"fr-par"
+<li>"us-gov-east-1"
 <ul>
-<li>Paris, France</li>
+<li>AWS GovCloud (US-East) Region</li>
 </ul></li>
-<li>"pl-waw"
+<li>"us-gov-west-1"
 <ul>
-<li>Warsaw, Poland</li>
+<li>AWS GovCloud (US) Region</li>
 </ul></li>
 </ul></li>
 </ul>
-<h4 id="s3-region-3">--s3-region</h4>
-<p>Region to connect to. - the location where your bucket will be created and your data stored. Need bo be same with your endpoint.</p>
+<h4 id="s3-acl">--s3-acl</h4>
+<p>Canned ACL used when creating buckets and storing or copying objects.</p>
+<p>This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.</p>
+<p>For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl</p>
+<p>Note that this ACL is applied when server-side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one.</p>
+<p>If the acl is an empty string then no X-Amz-Acl: header is added and the default (private) will be used.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_S3_REGION</li>
-<li>Provider: HuaweiOBS</li>
+<li>Config: acl</li>
+<li>Env Var: RCLONE_S3_ACL</li>
+<li>Provider: !Storj,Synology,Cloudflare</li>
 <li>Type: string</li>
 <li>Required: false</li>
 <li>Examples:
 <ul>
-<li>"af-south-1"
+<li>"default"
 <ul>
-<li>AF-Johannesburg</li>
+<li>Owner gets Full_CONTROL.</li>
+<li>No one else has access rights (default).</li>
 </ul></li>
-<li>"ap-southeast-2"
+<li>"private"
 <ul>
-<li>AP-Bangkok</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>No one else has access rights (default).</li>
 </ul></li>
-<li>"ap-southeast-3"
+<li>"public-read"
 <ul>
-<li>AP-Singapore</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AllUsers group gets READ access.</li>
 </ul></li>
-<li>"cn-east-3"
+<li>"public-read-write"
 <ul>
-<li>CN East-Shanghai1</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AllUsers group gets READ and WRITE access.</li>
+<li>Granting this on a bucket is generally not recommended.</li>
 </ul></li>
-<li>"cn-east-2"
+<li>"authenticated-read"
 <ul>
-<li>CN East-Shanghai2</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AuthenticatedUsers group gets READ access.</li>
 </ul></li>
-<li>"cn-north-1"
+<li>"bucket-owner-read"
 <ul>
-<li>CN North-Beijing1</li>
+<li>Object owner gets FULL_CONTROL.</li>
+<li>Bucket owner gets READ access.</li>
+<li>If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.</li>
 </ul></li>
-<li>"cn-north-4"
+<li>"bucket-owner-full-control"
 <ul>
-<li>CN North-Beijing4</li>
+<li>Both the object owner and the bucket owner get FULL_CONTROL over the object.</li>
+<li>If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.</li>
 </ul></li>
-<li>"cn-south-1"
+<li>"private"
 <ul>
-<li>CN South-Guangzhou</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>No one else has access rights (default).</li>
+<li>This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS.</li>
 </ul></li>
-<li>"ap-southeast-1"
+<li>"public-read"
 <ul>
-<li>CN-Hong Kong</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AllUsers group gets READ access.</li>
+<li>This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS.</li>
 </ul></li>
-<li>"sa-argentina-1"
+<li>"public-read-write"
 <ul>
-<li>LA-Buenos Aires1</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AllUsers group gets READ and WRITE access.</li>
+<li>This acl is available on IBM Cloud (Infra), On-Premise IBM COS.</li>
 </ul></li>
-<li>"sa-peru-1"
+<li>"authenticated-read"
 <ul>
-<li>LA-Lima1</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AuthenticatedUsers group gets READ access.</li>
+<li>Not supported on Buckets.</li>
+<li>This acl is available on IBM Cloud (Infra) and On-Premise IBM COS.</li>
 </ul></li>
-<li>"na-mexico-1"
-<ul>
-<li>LA-Mexico City1</li>
 </ul></li>
-<li>"sa-chile-1"
+</ul>
+<h4 id="s3-server-side-encryption">--s3-server-side-encryption</h4>
+<p>The server-side encryption algorithm used when storing this object in S3.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: server_side_encryption</li>
+<li>Env Var: RCLONE_S3_SERVER_SIDE_ENCRYPTION</li>
+<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
+<li>Type: string</li>
+<li>Required: false</li>
+<li>Examples:
+<ul>
+<li>""
 <ul>
-<li>LA-Santiago2</li>
+<li>None</li>
 </ul></li>
-<li>"sa-brazil-1"
+<li>"AES256"
 <ul>
-<li>LA-Sao Paulo1</li>
+<li>AES256</li>
 </ul></li>
-<li>"ru-northwest-2"
+<li>"aws:kms"
 <ul>
-<li>RU-Moscow2</li>
+<li>aws:kms</li>
 </ul></li>
 </ul></li>
 </ul>
-<h4 id="s3-region-4">--s3-region</h4>
-<p>Region to connect to.</p>
+<h4 id="s3-sse-kms-key-id">--s3-sse-kms-key-id</h4>
+<p>If using KMS ID you must provide the ARN of Key.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_S3_REGION</li>
-<li>Provider: Cloudflare</li>
+<li>Config: sse_kms_key_id</li>
+<li>Env Var: RCLONE_S3_SSE_KMS_KEY_ID</li>
+<li>Provider: AWS,Ceph,Minio</li>
 <li>Type: string</li>
 <li>Required: false</li>
 <li>Examples:
 <ul>
-<li>"auto"
+<li>""
+<ul>
+<li>None</li>
+</ul></li>
+<li>"arn:aws:kms:us-east-1:*"
 <ul>
-<li>R2 buckets are automatically distributed across Cloudflare's data centers for low latency.</li>
+<li>arn:aws:kms:*</li>
 </ul></li>
 </ul></li>
 </ul>
-<h4 id="s3-region-5">--s3-region</h4>
-<p>Region to connect to.</p>
+<h4 id="s3-storage-class">--s3-storage-class</h4>
+<p>The storage class to use when storing new objects in S3.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_S3_REGION</li>
-<li>Provider: Qiniu</li>
+<li>Config: storage_class</li>
+<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
+<li>Provider: AWS</li>
 <li>Type: string</li>
 <li>Required: false</li>
 <li>Examples:
 <ul>
-<li>"cn-east-1"
+<li>""
 <ul>
-<li>The default endpoint - a good choice if you are unsure.</li>
-<li>East China Region 1.</li>
-<li>Needs location constraint cn-east-1.</li>
+<li>Default</li>
 </ul></li>
-<li>"cn-east-2"
+<li>"STANDARD"
 <ul>
-<li>East China Region 2.</li>
-<li>Needs location constraint cn-east-2.</li>
+<li>Standard storage class</li>
 </ul></li>
-<li>"cn-north-1"
+<li>"REDUCED_REDUNDANCY"
 <ul>
-<li>North China Region 1.</li>
-<li>Needs location constraint cn-north-1.</li>
+<li>Reduced redundancy storage class</li>
+</ul></li>
+<li>"STANDARD_IA"
+<ul>
+<li>Standard Infrequent Access storage class</li>
 </ul></li>
-<li>"cn-south-1"
+<li>"ONEZONE_IA"
 <ul>
-<li>South China Region 1.</li>
-<li>Needs location constraint cn-south-1.</li>
+<li>One Zone Infrequent Access storage class</li>
 </ul></li>
-<li>"us-north-1"
+<li>"GLACIER"
 <ul>
-<li>North America Region.</li>
-<li>Needs location constraint us-north-1.</li>
+<li>Glacier storage class</li>
 </ul></li>
-<li>"ap-southeast-1"
+<li>"DEEP_ARCHIVE"
 <ul>
-<li>Southeast Asia Region 1.</li>
-<li>Needs location constraint ap-southeast-1.</li>
+<li>Glacier Deep Archive storage class</li>
 </ul></li>
-<li>"ap-northeast-1"
+<li>"INTELLIGENT_TIERING"
 <ul>
-<li>Northeast Asia Region 1.</li>
-<li>Needs location constraint ap-northeast-1.</li>
+<li>Intelligent-Tiering storage class</li>
+</ul></li>
+<li>"GLACIER_IR"
+<ul>
+<li>Glacier Instant Retrieval storage class</li>
 </ul></li>
 </ul></li>
 </ul>
-<h4 id="s3-region-6">--s3-region</h4>
-<p>Region where your bucket will be created and your data stored.</p>
+<h3 id="advanced-options-2">Advanced options</h3>
+<p>Here are the Advanced options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others).</p>
+<h4 id="s3-bucket-acl">--s3-bucket-acl</h4>
+<p>Canned ACL used when creating buckets.</p>
+<p>For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl</p>
+<p>Note that this ACL is applied when only when creating buckets. If it isn't set then "acl" is used instead.</p>
+<p>If the "acl" and "bucket_acl" are empty strings then no X-Amz-Acl: header is added and the default (private) will be used.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_S3_REGION</li>
-<li>Provider: IONOS</li>
+<li>Config: bucket_acl</li>
+<li>Env Var: RCLONE_S3_BUCKET_ACL</li>
 <li>Type: string</li>
 <li>Required: false</li>
 <li>Examples:
 <ul>
-<li>"de"
+<li>"private"
+<ul>
+<li>Owner gets FULL_CONTROL.</li>
+<li>No one else has access rights (default).</li>
+</ul></li>
+<li>"public-read"
 <ul>
-<li>Frankfurt, Germany</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AllUsers group gets READ access.</li>
 </ul></li>
-<li>"eu-central-2"
+<li>"public-read-write"
 <ul>
-<li>Berlin, Germany</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AllUsers group gets READ and WRITE access.</li>
+<li>Granting this on a bucket is generally not recommended.</li>
 </ul></li>
-<li>"eu-south-2"
+<li>"authenticated-read"
 <ul>
-<li>Logrono, Spain</li>
+<li>Owner gets FULL_CONTROL.</li>
+<li>The AuthenticatedUsers group gets READ access.</li>
 </ul></li>
 </ul></li>
 </ul>
-<h4 id="s3-region-7">--s3-region</h4>
-<p>Region to connect to.</p>
-<p>Leave blank if you are using an S3 clone and you don't have a region.</p>
+<h4 id="s3-requester-pays">--s3-requester-pays</h4>
+<p>Enables requester pays option when interacting with S3 bucket.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_S3_REGION</li>
-<li>Provider: !AWS,Alibaba,ChinaMobile,Cloudflare,IONOS,ArvanCloud,Liara,Qiniu,RackCorp,Scaleway,Storj,TencentCOS,HuaweiOBS,IDrive</li>
+<li>Config: requester_pays</li>
+<li>Env Var: RCLONE_S3_REQUESTER_PAYS</li>
+<li>Provider: AWS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-sse-customer-algorithm">--s3-sse-customer-algorithm</h4>
+<p>If using SSE-C, the server-side encryption algorithm used when storing this object in S3.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: sse_customer_algorithm</li>
+<li>Env Var: RCLONE_S3_SSE_CUSTOMER_ALGORITHM</li>
+<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
 <li>Type: string</li>
 <li>Required: false</li>
 <li>Examples:
 <ul>
 <li>""
 <ul>
-<li>Use this if unsure.</li>
-<li>Will use v4 signatures and an empty region.</li>
+<li>None</li>
 </ul></li>
-<li>"other-v2-signature"
+<li>"AES256"
 <ul>
-<li>Use this only if v4 signatures don't work.</li>
-<li>E.g. pre Jewel/v10 CEPH.</li>
+<li>AES256</li>
 </ul></li>
 </ul></li>
 </ul>
-<h4 id="s3-endpoint">--s3-endpoint</h4>
-<p>Endpoint for S3 API.</p>
-<p>Leave blank if using AWS to use the default endpoint for the region.</p>
+<h4 id="s3-sse-customer-key">--s3-sse-customer-key</h4>
+<p>To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data.</p>
+<p>Alternatively you can provide --sse-customer-key-base64.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: AWS</li>
+<li>Config: sse_customer_key</li>
+<li>Env Var: RCLONE_S3_SSE_CUSTOMER_KEY</li>
+<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
 <li>Type: string</li>
 <li>Required: false</li>
+<li>Examples:
+<ul>
+<li>""
+<ul>
+<li>None</li>
+</ul></li>
+</ul></li>
 </ul>
-<h4 id="s3-endpoint-1">--s3-endpoint</h4>
-<p>Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.</p>
+<h4 id="s3-sse-customer-key-base64">--s3-sse-customer-key-base64</h4>
+<p>If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data.</p>
+<p>Alternatively you can provide --sse-customer-key.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: ChinaMobile</li>
+<li>Config: sse_customer_key_base64</li>
+<li>Env Var: RCLONE_S3_SSE_CUSTOMER_KEY_BASE64</li>
+<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
 <li>Type: string</li>
 <li>Required: false</li>
 <li>Examples:
 <ul>
-<li>"eos-wuxi-1.cmecloud.cn"
+<li>""
 <ul>
-<li>The default endpoint - a good choice if you are unsure.</li>
-<li>East China (Suzhou)</li>
+<li>None</li>
 </ul></li>
-<li>"eos-jinan-1.cmecloud.cn"
-<ul>
-<li>East China (Jinan)</li>
 </ul></li>
-<li>"eos-ningbo-1.cmecloud.cn"
-<ul>
-<li>East China (Hangzhou)</li>
-</ul></li>
-<li>"eos-shanghai-1.cmecloud.cn"
-<ul>
-<li>East China (Shanghai-1)</li>
-</ul></li>
-<li>"eos-zhengzhou-1.cmecloud.cn"
-<ul>
-<li>Central China (Zhengzhou)</li>
-</ul></li>
-<li>"eos-hunan-1.cmecloud.cn"
-<ul>
-<li>Central China (Changsha-1)</li>
-</ul></li>
-<li>"eos-zhuzhou-1.cmecloud.cn"
-<ul>
-<li>Central China (Changsha-2)</li>
-</ul></li>
-<li>"eos-guangzhou-1.cmecloud.cn"
-<ul>
-<li>South China (Guangzhou-2)</li>
-</ul></li>
-<li>"eos-dongguan-1.cmecloud.cn"
-<ul>
-<li>South China (Guangzhou-3)</li>
-</ul></li>
-<li>"eos-beijing-1.cmecloud.cn"
-<ul>
-<li>North China (Beijing-1)</li>
-</ul></li>
-<li>"eos-beijing-2.cmecloud.cn"
-<ul>
-<li>North China (Beijing-2)</li>
-</ul></li>
-<li>"eos-beijing-4.cmecloud.cn"
-<ul>
-<li>North China (Beijing-3)</li>
-</ul></li>
-<li>"eos-huhehaote-1.cmecloud.cn"
-<ul>
-<li>North China (Huhehaote)</li>
-</ul></li>
-<li>"eos-chengdu-1.cmecloud.cn"
-<ul>
-<li>Southwest China (Chengdu)</li>
-</ul></li>
-<li>"eos-chongqing-1.cmecloud.cn"
-<ul>
-<li>Southwest China (Chongqing)</li>
-</ul></li>
-<li>"eos-guiyang-1.cmecloud.cn"
-<ul>
-<li>Southwest China (Guiyang)</li>
-</ul></li>
-<li>"eos-xian-1.cmecloud.cn"
-<ul>
-<li>Nouthwest China (Xian)</li>
-</ul></li>
-<li>"eos-yunnan.cmecloud.cn"
-<ul>
-<li>Yunnan China (Kunming)</li>
-</ul></li>
-<li>"eos-yunnan-2.cmecloud.cn"
-<ul>
-<li>Yunnan China (Kunming-2)</li>
-</ul></li>
-<li>"eos-tianjin-1.cmecloud.cn"
-<ul>
-<li>Tianjin China (Tianjin)</li>
-</ul></li>
-<li>"eos-jilin-1.cmecloud.cn"
-<ul>
-<li>Jilin China (Changchun)</li>
-</ul></li>
-<li>"eos-hubei-1.cmecloud.cn"
+</ul>
+<h4 id="s3-sse-customer-key-md5">--s3-sse-customer-key-md5</h4>
+<p>If using SSE-C you may provide the secret encryption key MD5 checksum (optional).</p>
+<p>If you leave it blank, this is calculated automatically from the sse_customer_key provided.</p>
+<p>Properties:</p>
 <ul>
-<li>Hubei China (Xiangyan)</li>
-</ul></li>
-<li>"eos-jiangxi-1.cmecloud.cn"
+<li>Config: sse_customer_key_md5</li>
+<li>Env Var: RCLONE_S3_SSE_CUSTOMER_KEY_MD5</li>
+<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
+<li>Type: string</li>
+<li>Required: false</li>
+<li>Examples:
 <ul>
-<li>Jiangxi China (Nanchang)</li>
-</ul></li>
-<li>"eos-gansu-1.cmecloud.cn"
+<li>""
 <ul>
-<li>Gansu China (Lanzhou)</li>
+<li>None</li>
 </ul></li>
-<li>"eos-shanxi-1.cmecloud.cn"
-<ul>
-<li>Shanxi China (Taiyuan)</li>
 </ul></li>
-<li>"eos-liaoning-1.cmecloud.cn"
+</ul>
+<h4 id="s3-upload-cutoff">--s3-upload-cutoff</h4>
+<p>Cutoff for switching to chunked upload.</p>
+<p>Any files larger than this will be uploaded in chunks of chunk_size. The minimum is 0 and the maximum is 5 GiB.</p>
+<p>Properties:</p>
 <ul>
-<li>Liaoning China (Shenyang)</li>
-</ul></li>
-<li>"eos-hebei-1.cmecloud.cn"
+<li>Config: upload_cutoff</li>
+<li>Env Var: RCLONE_S3_UPLOAD_CUTOFF</li>
+<li>Type: SizeSuffix</li>
+<li>Default: 200Mi</li>
+</ul>
+<h4 id="s3-chunk-size">--s3-chunk-size</h4>
+<p>Chunk size to use for uploading.</p>
+<p>When uploading files larger than upload_cutoff or files with unknown size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google photos or google docs) they will be uploaded as multipart uploads using this chunk size.</p>
+<p>Note that "--s3-upload-concurrency" chunks of this size are buffered in memory per transfer.</p>
+<p>If you are transferring large files over high-speed links and you have enough memory, then increasing this will speed up the transfers.</p>
+<p>Rclone will automatically increase the chunk size when uploading a large file of known size to stay below the 10,000 chunks limit.</p>
+<p>Files of unknown size are uploaded with the configured chunk_size. Since the default chunk size is 5 MiB and there can be at most 10,000 chunks, this means that by default the maximum size of a file you can stream upload is 48 GiB. If you wish to stream upload larger files then you will need to increase chunk_size.</p>
+<p>Increasing the chunk size decreases the accuracy of the progress statistics displayed with "-P" flag. Rclone treats chunk as sent when it's buffered by the AWS SDK, when in fact it may still be uploading. A bigger chunk size means a bigger AWS SDK buffer and progress reporting more deviating from the truth.</p>
+<p>Properties:</p>
 <ul>
-<li>Hebei China (Shijiazhuang)</li>
-</ul></li>
-<li>"eos-fujian-1.cmecloud.cn"
+<li>Config: chunk_size</li>
+<li>Env Var: RCLONE_S3_CHUNK_SIZE</li>
+<li>Type: SizeSuffix</li>
+<li>Default: 5Mi</li>
+</ul>
+<h4 id="s3-max-upload-parts">--s3-max-upload-parts</h4>
+<p>Maximum number of parts in a multipart upload.</p>
+<p>This option defines the maximum number of multipart chunks to use when doing a multipart upload.</p>
+<p>This can be useful if a service does not support the AWS S3 specification of 10,000 chunks.</p>
+<p>Rclone will automatically increase the chunk size when uploading a large file of a known size to stay below this number of chunks limit.</p>
+<p>Properties:</p>
 <ul>
-<li>Fujian China (Xiamen)</li>
-</ul></li>
-<li>"eos-guangxi-1.cmecloud.cn"
+<li>Config: max_upload_parts</li>
+<li>Env Var: RCLONE_S3_MAX_UPLOAD_PARTS</li>
+<li>Type: int</li>
+<li>Default: 10000</li>
+</ul>
+<h4 id="s3-copy-cutoff">--s3-copy-cutoff</h4>
+<p>Cutoff for switching to multipart copy.</p>
+<p>Any files larger than this that need to be server-side copied will be copied in chunks of this size.</p>
+<p>The minimum is 0 and the maximum is 5 GiB.</p>
+<p>Properties:</p>
 <ul>
-<li>Guangxi China (Nanning)</li>
-</ul></li>
-<li>"eos-anhui-1.cmecloud.cn"
+<li>Config: copy_cutoff</li>
+<li>Env Var: RCLONE_S3_COPY_CUTOFF</li>
+<li>Type: SizeSuffix</li>
+<li>Default: 4.656Gi</li>
+</ul>
+<h4 id="s3-disable-checksum">--s3-disable-checksum</h4>
+<p>Don't store MD5 checksum with object metadata.</p>
+<p>Normally rclone will calculate the MD5 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.</p>
+<p>Properties:</p>
 <ul>
-<li>Anhui China (Huainan)</li>
-</ul></li>
-</ul></li>
+<li>Config: disable_checksum</li>
+<li>Env Var: RCLONE_S3_DISABLE_CHECKSUM</li>
+<li>Type: bool</li>
+<li>Default: false</li>
 </ul>
-<h4 id="s3-endpoint-2">--s3-endpoint</h4>
-<p>Endpoint for Arvan Cloud Object Storage (AOS) API.</p>
+<h4 id="s3-shared-credentials-file">--s3-shared-credentials-file</h4>
+<p>Path to the shared credentials file.</p>
+<p>If env_auth = true then rclone can use a shared credentials file.</p>
+<p>If this variable is empty rclone will look for the "AWS_SHARED_CREDENTIALS_FILE" env variable. If the env value is empty it will default to the current user's home directory.</p>
+<pre><code>Linux/OSX: &quot;$HOME/.aws/credentials&quot;
+Windows:   &quot;%USERPROFILE%\.aws\credentials&quot;</code></pre>
 <p>Properties:</p>
 <ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: ArvanCloud</li>
+<li>Config: shared_credentials_file</li>
+<li>Env Var: RCLONE_S3_SHARED_CREDENTIALS_FILE</li>
 <li>Type: string</li>
 <li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"s3.ir-thr-at1.arvanstorage.com"
-<ul>
-<li>The default endpoint - a good choice if you are unsure.</li>
-<li>Tehran Iran (Asiatech)</li>
-</ul></li>
-<li>"s3.ir-tbz-sh1.arvanstorage.com"
+</ul>
+<h4 id="s3-profile">--s3-profile</h4>
+<p>Profile to use in the shared credentials file.</p>
+<p>If env_auth = true then rclone can use a shared credentials file. This variable controls which profile is used in that file.</p>
+<p>If empty it will default to the environment variable "AWS_PROFILE" or "default" if that environment variable is also not set.</p>
+<p>Properties:</p>
 <ul>
-<li>Tabriz Iran (Shahriar)</li>
-</ul></li>
-</ul></li>
+<li>Config: profile</li>
+<li>Env Var: RCLONE_S3_PROFILE</li>
+<li>Type: string</li>
+<li>Required: false</li>
 </ul>
-<h4 id="s3-endpoint-3">--s3-endpoint</h4>
-<p>Endpoint for IBM COS S3 API.</p>
-<p>Specify if using an IBM COS On Premise.</p>
+<h4 id="s3-session-token">--s3-session-token</h4>
+<p>An AWS session token.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: IBMCOS</li>
+<li>Config: session_token</li>
+<li>Env Var: RCLONE_S3_SESSION_TOKEN</li>
 <li>Type: string</li>
 <li>Required: false</li>
-<li>Examples:
+</ul>
+<h4 id="s3-upload-concurrency">--s3-upload-concurrency</h4>
+<p>Concurrency for multipart uploads.</p>
+<p>This is the number of chunks of the same file that are uploaded concurrently.</p>
+<p>If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.</p>
+<p>Properties:</p>
 <ul>
-<li>"s3.us.cloud-object-storage.appdomain.cloud"
+<li>Config: upload_concurrency</li>
+<li>Env Var: RCLONE_S3_UPLOAD_CONCURRENCY</li>
+<li>Type: int</li>
+<li>Default: 4</li>
+</ul>
+<h4 id="s3-force-path-style">--s3-force-path-style</h4>
+<p>If true use path style access if false use virtual hosted style.</p>
+<p>If this is true (the default) then rclone will use path style access, if false then rclone will use virtual path style. See <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro">the AWS S3 docs</a> for more info.</p>
+<p>Some providers (e.g. AWS, Aliyun OSS, Netease COS, or Tencent COS) require this set to false - rclone will do this automatically based on the provider setting.</p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region Endpoint</li>
-</ul></li>
-<li>"s3.dal.us.cloud-object-storage.appdomain.cloud"
+<li>Config: force_path_style</li>
+<li>Env Var: RCLONE_S3_FORCE_PATH_STYLE</li>
+<li>Type: bool</li>
+<li>Default: true</li>
+</ul>
+<h4 id="s3-v2-auth">--s3-v2-auth</h4>
+<p>If true use v2 authentication.</p>
+<p>If this is false (the default) then rclone will use v4 authentication. If it is set then rclone will use v2 authentication.</p>
+<p>Use this only if v4 signatures don't work, e.g. pre Jewel/v10 CEPH.</p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region Dallas Endpoint</li>
-</ul></li>
-<li>"s3.wdc.us.cloud-object-storage.appdomain.cloud"
+<li>Config: v2_auth</li>
+<li>Env Var: RCLONE_S3_V2_AUTH</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-use-accelerate-endpoint">--s3-use-accelerate-endpoint</h4>
+<p>If true use the AWS S3 accelerated endpoint.</p>
+<p>See: <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration-examples.html">AWS S3 Transfer acceleration</a></p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region Washington DC Endpoint</li>
-</ul></li>
-<li>"s3.sjc.us.cloud-object-storage.appdomain.cloud"
+<li>Config: use_accelerate_endpoint</li>
+<li>Env Var: RCLONE_S3_USE_ACCELERATE_ENDPOINT</li>
+<li>Provider: AWS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-leave-parts-on-error">--s3-leave-parts-on-error</h4>
+<p>If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.</p>
+<p>It should be set to true for resuming uploads across different sessions.</p>
+<p>WARNING: Storing parts of an incomplete multipart upload counts towards space usage on S3 and will add additional costs if not cleaned up.</p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region San Jose Endpoint</li>
-</ul></li>
-<li>"s3.private.us.cloud-object-storage.appdomain.cloud"
+<li>Config: leave_parts_on_error</li>
+<li>Env Var: RCLONE_S3_LEAVE_PARTS_ON_ERROR</li>
+<li>Provider: AWS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-list-chunk">--s3-list-chunk</h4>
+<p>Size of listing chunk (response list for each ListObject S3 request).</p>
+<p>This option is also known as "MaxKeys", "max-items", or "page-size" from the AWS S3 specification. Most services truncate the response list to 1000 objects even if requested more than that. In AWS S3 this is a global maximum and cannot be changed, see <a href="https://docs.aws.amazon.com/cli/latest/reference/s3/ls.html">AWS S3</a>. In Ceph, this can be increased with the "rgw list buckets max chunk" option.</p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region Private Endpoint</li>
-</ul></li>
-<li>"s3.private.dal.us.cloud-object-storage.appdomain.cloud"
+<li>Config: list_chunk</li>
+<li>Env Var: RCLONE_S3_LIST_CHUNK</li>
+<li>Type: int</li>
+<li>Default: 1000</li>
+</ul>
+<h4 id="s3-list-version">--s3-list-version</h4>
+<p>Version of ListObjects to use: 1,2 or 0 for auto.</p>
+<p>When S3 originally launched it only provided the ListObjects call to enumerate objects in a bucket.</p>
+<p>However in May 2016 the ListObjectsV2 call was introduced. This is much higher performance and should be used if at all possible.</p>
+<p>If set to the default, 0, rclone will guess according to the provider set which list objects method to call. If it guesses wrong, then it may be set manually here.</p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region Dallas Private Endpoint</li>
-</ul></li>
-<li>"s3.private.wdc.us.cloud-object-storage.appdomain.cloud"
+<li>Config: list_version</li>
+<li>Env Var: RCLONE_S3_LIST_VERSION</li>
+<li>Type: int</li>
+<li>Default: 0</li>
+</ul>
+<h4 id="s3-list-url-encode">--s3-list-url-encode</h4>
+<p>Whether to url encode listings: true/false/unset</p>
+<p>Some providers support URL encoding listings and where this is available this is more reliable when using control characters in file names. If this is set to unset (the default) then rclone will choose according to the provider setting what to apply, but you can override rclone's choice here.</p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region Washington DC Private Endpoint</li>
-</ul></li>
-<li>"s3.private.sjc.us.cloud-object-storage.appdomain.cloud"
+<li>Config: list_url_encode</li>
+<li>Env Var: RCLONE_S3_LIST_URL_ENCODE</li>
+<li>Type: Tristate</li>
+<li>Default: unset</li>
+</ul>
+<h4 id="s3-no-check-bucket">--s3-no-check-bucket</h4>
+<p>If set, don't attempt to check the bucket exists or create it.</p>
+<p>This can be useful when trying to minimise the number of transactions rclone does if you know the bucket exists already.</p>
+<p>It can also be needed if the user you are using does not have bucket creation permissions. Before v1.52.0 this would have passed silently due to a bug.</p>
+<p>Properties:</p>
 <ul>
-<li>US Cross Region San Jose Private Endpoint</li>
-</ul></li>
-<li>"s3.us-east.cloud-object-storage.appdomain.cloud"
+<li>Config: no_check_bucket</li>
+<li>Env Var: RCLONE_S3_NO_CHECK_BUCKET</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-no-head">--s3-no-head</h4>
+<p>If set, don't HEAD uploaded objects to check integrity.</p>
+<p>This can be useful when trying to minimise the number of transactions rclone does.</p>
+<p>Setting it means that if rclone receives a 200 OK message after uploading an object with PUT then it will assume that it got uploaded properly.</p>
+<p>In particular it will assume:</p>
 <ul>
-<li>US Region East Endpoint</li>
-</ul></li>
-<li>"s3.private.us-east.cloud-object-storage.appdomain.cloud"
+<li>the metadata, including modtime, storage class and content type was as uploaded</li>
+<li>the size was as uploaded</li>
+</ul>
+<p>It reads the following items from the response for a single part PUT:</p>
 <ul>
-<li>US Region East Private Endpoint</li>
-</ul></li>
-<li>"s3.us-south.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>US Region South Endpoint</li>
-</ul></li>
-<li>"s3.private.us-south.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>US Region South Private Endpoint</li>
-</ul></li>
-<li>"s3.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Endpoint</li>
-</ul></li>
-<li>"s3.fra.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Frankfurt Endpoint</li>
-</ul></li>
-<li>"s3.mil.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Milan Endpoint</li>
-</ul></li>
-<li>"s3.ams.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Amsterdam Endpoint</li>
-</ul></li>
-<li>"s3.private.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Private Endpoint</li>
-</ul></li>
-<li>"s3.private.fra.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Frankfurt Private Endpoint</li>
-</ul></li>
-<li>"s3.private.mil.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Milan Private Endpoint</li>
-</ul></li>
-<li>"s3.private.ams.eu.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Cross Region Amsterdam Private Endpoint</li>
-</ul></li>
-<li>"s3.eu-gb.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Great Britain Endpoint</li>
-</ul></li>
-<li>"s3.private.eu-gb.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Great Britain Private Endpoint</li>
-</ul></li>
-<li>"s3.eu-de.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Region DE Endpoint</li>
-</ul></li>
-<li>"s3.private.eu-de.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>EU Region DE Private Endpoint</li>
-</ul></li>
-<li>"s3.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional Endpoint</li>
-</ul></li>
-<li>"s3.tok.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional Tokyo Endpoint</li>
-</ul></li>
-<li>"s3.hkg.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional HongKong Endpoint</li>
-</ul></li>
-<li>"s3.seo.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional Seoul Endpoint</li>
-</ul></li>
-<li>"s3.private.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional Private Endpoint</li>
-</ul></li>
-<li>"s3.private.tok.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional Tokyo Private Endpoint</li>
-</ul></li>
-<li>"s3.private.hkg.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional HongKong Private Endpoint</li>
-</ul></li>
-<li>"s3.private.seo.ap.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Cross Regional Seoul Private Endpoint</li>
-</ul></li>
-<li>"s3.jp-tok.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Region Japan Endpoint</li>
-</ul></li>
-<li>"s3.private.jp-tok.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Region Japan Private Endpoint</li>
-</ul></li>
-<li>"s3.au-syd.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Region Australia Endpoint</li>
-</ul></li>
-<li>"s3.private.au-syd.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>APAC Region Australia Private Endpoint</li>
-</ul></li>
-<li>"s3.ams03.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Amsterdam Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.ams03.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Amsterdam Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.che01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Chennai Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.che01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Chennai Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.mel01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Melbourne Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.mel01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Melbourne Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.osl01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Oslo Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.osl01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Oslo Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.tor01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Toronto Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.tor01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Toronto Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.seo01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Seoul Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.seo01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Seoul Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.mon01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Montreal Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.mon01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Montreal Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.mex01.cloud-object-storage.appdomain.cloud"
-<ul>
-<li>Mexico Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.mex01.cloud-object-storage.appdomain.cloud"
+<li>the MD5SUM</li>
+<li>The uploaded date</li>
+</ul>
+<p>For multipart uploads these items aren't read.</p>
+<p>If an source object of unknown length is uploaded then rclone <strong>will</strong> do a HEAD request.</p>
+<p>Setting this flag increases the chance for undetected upload failures, in particular an incorrect size, so it isn't recommended for normal operation. In practice the chance of an undetected upload failure is very small even with this flag.</p>
+<p>Properties:</p>
 <ul>
-<li>Mexico Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.sjc04.cloud-object-storage.appdomain.cloud"
+<li>Config: no_head</li>
+<li>Env Var: RCLONE_S3_NO_HEAD</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-no-head-object">--s3-no-head-object</h4>
+<p>If set, do not do HEAD before GET when getting objects.</p>
+<p>Properties:</p>
 <ul>
-<li>San Jose Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.sjc04.cloud-object-storage.appdomain.cloud"
+<li>Config: no_head_object</li>
+<li>Env Var: RCLONE_S3_NO_HEAD_OBJECT</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-encoding">--s3-encoding</h4>
+<p>The encoding for the backend.</p>
+<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
+<p>Properties:</p>
 <ul>
-<li>San Jose Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.mil01.cloud-object-storage.appdomain.cloud"
+<li>Config: encoding</li>
+<li>Env Var: RCLONE_S3_ENCODING</li>
+<li>Type: Encoding</li>
+<li>Default: Slash,InvalidUtf8,Dot</li>
+</ul>
+<h4 id="s3-memory-pool-flush-time">--s3-memory-pool-flush-time</h4>
+<p>How often internal memory buffer pools will be flushed. (no longer used)</p>
+<p>Properties:</p>
 <ul>
-<li>Milan Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.mil01.cloud-object-storage.appdomain.cloud"
+<li>Config: memory_pool_flush_time</li>
+<li>Env Var: RCLONE_S3_MEMORY_POOL_FLUSH_TIME</li>
+<li>Type: Duration</li>
+<li>Default: 1m0s</li>
+</ul>
+<h4 id="s3-memory-pool-use-mmap">--s3-memory-pool-use-mmap</h4>
+<p>Whether to use mmap buffers in internal memory pool. (no longer used)</p>
+<p>Properties:</p>
 <ul>
-<li>Milan Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.hkg02.cloud-object-storage.appdomain.cloud"
+<li>Config: memory_pool_use_mmap</li>
+<li>Env Var: RCLONE_S3_MEMORY_POOL_USE_MMAP</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-disable-http2">--s3-disable-http2</h4>
+<p>Disable usage of http2 for S3 backends.</p>
+<p>There is currently an unsolved issue with the s3 (specifically minio) backend and HTTP/2. HTTP/2 is enabled by default for the s3 backend but can be disabled here. When the issue is solved this flag will be removed.</p>
+<p>See: https://github.com/rclone/rclone/issues/4673, https://github.com/rclone/rclone/issues/3631</p>
+<p>Properties:</p>
 <ul>
-<li>Hong Kong Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.hkg02.cloud-object-storage.appdomain.cloud"
+<li>Config: disable_http2</li>
+<li>Env Var: RCLONE_S3_DISABLE_HTTP2</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-download-url">--s3-download-url</h4>
+<p>Custom endpoint for downloads. This is usually set to a CloudFront CDN URL as AWS S3 offers cheaper egress for data downloaded through the CloudFront network.</p>
+<p>Properties:</p>
 <ul>
-<li>Hong Kong Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.par01.cloud-object-storage.appdomain.cloud"
+<li>Config: download_url</li>
+<li>Env Var: RCLONE_S3_DOWNLOAD_URL</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="s3-directory-markers">--s3-directory-markers</h4>
+<p>Upload an empty object with a trailing slash when a new directory is created</p>
+<p>Empty folders are unsupported for bucket based remotes, this option creates an empty object ending with "/", to persist the folder.</p>
+<p>Properties:</p>
 <ul>
-<li>Paris Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.par01.cloud-object-storage.appdomain.cloud"
+<li>Config: directory_markers</li>
+<li>Env Var: RCLONE_S3_DIRECTORY_MARKERS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-use-multipart-etag">--s3-use-multipart-etag</h4>
+<p>Whether to use ETag in multipart uploads for verification</p>
+<p>This should be true, false or left unset to use the default for the provider.</p>
+<p>Properties:</p>
 <ul>
-<li>Paris Single Site Private Endpoint</li>
-</ul></li>
-<li>"s3.sng01.cloud-object-storage.appdomain.cloud"
+<li>Config: use_multipart_etag</li>
+<li>Env Var: RCLONE_S3_USE_MULTIPART_ETAG</li>
+<li>Type: Tristate</li>
+<li>Default: unset</li>
+</ul>
+<h4 id="s3-use-presigned-request">--s3-use-presigned-request</h4>
+<p>Whether to use a presigned request or PutObject for single part uploads</p>
+<p>If this is false rclone will use PutObject from the AWS SDK to upload an object.</p>
+<p>Versions of rclone &lt; 1.59 use presigned requests to upload a single part object and setting this flag to true will re-enable that functionality. This shouldn't be necessary except in exceptional circumstances or for testing.</p>
+<p>Properties:</p>
 <ul>
-<li>Singapore Single Site Endpoint</li>
-</ul></li>
-<li>"s3.private.sng01.cloud-object-storage.appdomain.cloud"
+<li>Config: use_presigned_request</li>
+<li>Env Var: RCLONE_S3_USE_PRESIGNED_REQUEST</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-versions">--s3-versions</h4>
+<p>Include old versions in directory listings.</p>
+<p>Properties:</p>
 <ul>
-<li>Singapore Single Site Private Endpoint</li>
-</ul></li>
-</ul></li>
+<li>Config: versions</li>
+<li>Env Var: RCLONE_S3_VERSIONS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
 </ul>
-<h4 id="s3-endpoint-4">--s3-endpoint</h4>
-<p>Endpoint for IONOS S3 Object Storage.</p>
-<p>Specify the endpoint from the same region.</p>
+<h4 id="s3-version-at">--s3-version-at</h4>
+<p>Show file versions as they were at the specified time.</p>
+<p>The parameter should be a date, "2006-01-02", datetime "2006-01-02 15:04:05" or a duration for that long ago, eg "100d" or "1h".</p>
+<p>Note that when using this no file write operations are permitted, so you can't upload files or delete them.</p>
+<p>See <a href="https://rclone.org/docs/#time-option">the time option docs</a> for valid formats.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: IONOS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
+<li>Config: version_at</li>
+<li>Env Var: RCLONE_S3_VERSION_AT</li>
+<li>Type: Time</li>
+<li>Default: off</li>
+</ul>
+<h4 id="s3-decompress">--s3-decompress</h4>
+<p>If set this will decompress gzip encoded objects.</p>
+<p>It is possible to upload objects to S3 with "Content-Encoding: gzip" set. Normally rclone will download these files as compressed objects.</p>
+<p>If this flag is set then rclone will decompress these files with "Content-Encoding: gzip" as they are received. This means that rclone can't check the size and hash but the file contents will be decompressed.</p>
+<p>Properties:</p>
 <ul>
-<li>"s3-eu-central-1.ionoscloud.com"
+<li>Config: decompress</li>
+<li>Env Var: RCLONE_S3_DECOMPRESS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="s3-might-gzip">--s3-might-gzip</h4>
+<p>Set this if the backend might gzip objects.</p>
+<p>Normally providers will not alter objects when they are downloaded. If an object was not uploaded with <code>Content-Encoding: gzip</code> then it won't be set on download.</p>
+<p>However some providers may gzip objects even if they weren't uploaded with <code>Content-Encoding: gzip</code> (eg Cloudflare).</p>
+<p>A symptom of this would be receiving errors like</p>
+<pre><code>ERROR corrupted on transfer: sizes differ NNN vs MMM</code></pre>
+<p>If you set this flag and rclone downloads an object with Content-Encoding: gzip set and chunked transfer encoding, then rclone will decompress the object on the fly.</p>
+<p>If this is set to unset (the default) then rclone will choose according to the provider setting what to apply, but you can override rclone's choice here.</p>
+<p>Properties:</p>
 <ul>
-<li>Frankfurt, Germany</li>
-</ul></li>
-<li>"s3-eu-central-2.ionoscloud.com"
+<li>Config: might_gzip</li>
+<li>Env Var: RCLONE_S3_MIGHT_GZIP</li>
+<li>Type: Tristate</li>
+<li>Default: unset</li>
+</ul>
+<h4 id="s3-use-accept-encoding-gzip">--s3-use-accept-encoding-gzip</h4>
+<p>Whether to send <code>Accept-Encoding: gzip</code> header.</p>
+<p>By default, rclone will append <code>Accept-Encoding: gzip</code> to the request to download compressed objects whenever possible.</p>
+<p>However some providers such as Google Cloud Storage may alter the HTTP headers, breaking the signature of the request.</p>
+<p>A symptom of this would be receiving errors like</p>
+<pre><code>SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.</code></pre>
+<p>In this case, you might want to try disabling this option.</p>
+<p>Properties:</p>
 <ul>
-<li>Berlin, Germany</li>
-</ul></li>
-<li>"s3-eu-south-2.ionoscloud.com"
+<li>Config: use_accept_encoding_gzip</li>
+<li>Env Var: RCLONE_S3_USE_ACCEPT_ENCODING_GZIP</li>
+<li>Type: Tristate</li>
+<li>Default: unset</li>
+</ul>
+<h4 id="s3-no-system-metadata">--s3-no-system-metadata</h4>
+<p>Suppress setting and reading of system metadata</p>
+<p>Properties:</p>
 <ul>
-<li>Logrono, Spain</li>
-</ul></li>
-</ul></li>
+<li>Config: no_system_metadata</li>
+<li>Env Var: RCLONE_S3_NO_SYSTEM_METADATA</li>
+<li>Type: bool</li>
+<li>Default: false</li>
 </ul>
-<h4 id="s3-endpoint-5">--s3-endpoint</h4>
-<p>Endpoint for Liara Object Storage API.</p>
+<h4 id="s3-sts-endpoint">--s3-sts-endpoint</h4>
+<p>Endpoint for STS.</p>
+<p>Leave blank if using AWS to use the default endpoint for the region.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: Liara</li>
+<li>Config: sts_endpoint</li>
+<li>Env Var: RCLONE_S3_STS_ENDPOINT</li>
+<li>Provider: AWS</li>
 <li>Type: string</li>
 <li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"storage.iran.liara.space"
+</ul>
+<h4 id="s3-use-already-exists">--s3-use-already-exists</h4>
+<p>Set if rclone should report BucketAlreadyExists errors on bucket creation.</p>
+<p>At some point during the evolution of the s3 protocol, AWS started returning an <code>AlreadyOwnedByYou</code> error when attempting to create a bucket that the user already owned, rather than a <code>BucketAlreadyExists</code> error.</p>
+<p>Unfortunately exactly what has been implemented by s3 clones is a little inconsistent, some return <code>AlreadyOwnedByYou</code>, some return <code>BucketAlreadyExists</code> and some return no error at all.</p>
+<p>This is important to rclone because it ensures the bucket exists by creating it on quite a lot of operations (unless <code>--s3-no-check-bucket</code> is used).</p>
+<p>If rclone knows the provider can return <code>AlreadyOwnedByYou</code> or returns no error then it can report <code>BucketAlreadyExists</code> errors when the user attempts to create a bucket not owned by them. Otherwise rclone ignores the <code>BucketAlreadyExists</code> error which can lead to confusion.</p>
+<p>This should be automatically set correctly for all providers rclone knows about - please make a bug report if not.</p>
+<p>Properties:</p>
 <ul>
-<li>The default endpoint</li>
-<li>Iran</li>
-</ul></li>
-</ul></li>
+<li>Config: use_already_exists</li>
+<li>Env Var: RCLONE_S3_USE_ALREADY_EXISTS</li>
+<li>Type: Tristate</li>
+<li>Default: unset</li>
 </ul>
-<h4 id="s3-endpoint-6">--s3-endpoint</h4>
-<p>Endpoint for OSS API.</p>
+<h4 id="s3-use-multipart-uploads">--s3-use-multipart-uploads</h4>
+<p>Set if rclone should use multipart uploads.</p>
+<p>You can change this if you want to disable the use of multipart uploads. This shouldn't be necessary in normal operation.</p>
+<p>This should be automatically set correctly for all providers rclone knows about - please make a bug report if not.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: Alibaba</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"oss-accelerate.aliyuncs.com"
-<ul>
-<li>Global Accelerate</li>
-</ul></li>
-<li>"oss-accelerate-overseas.aliyuncs.com"
-<ul>
-<li>Global Accelerate (outside mainland China)</li>
-</ul></li>
-<li>"oss-cn-hangzhou.aliyuncs.com"
-<ul>
-<li>East China 1 (Hangzhou)</li>
-</ul></li>
-<li>"oss-cn-shanghai.aliyuncs.com"
-<ul>
-<li>East China 2 (Shanghai)</li>
-</ul></li>
-<li>"oss-cn-qingdao.aliyuncs.com"
-<ul>
-<li>North China 1 (Qingdao)</li>
-</ul></li>
-<li>"oss-cn-beijing.aliyuncs.com"
-<ul>
-<li>North China 2 (Beijing)</li>
-</ul></li>
-<li>"oss-cn-zhangjiakou.aliyuncs.com"
-<ul>
-<li>North China 3 (Zhangjiakou)</li>
-</ul></li>
-<li>"oss-cn-huhehaote.aliyuncs.com"
-<ul>
-<li>North China 5 (Hohhot)</li>
-</ul></li>
-<li>"oss-cn-wulanchabu.aliyuncs.com"
-<ul>
-<li>North China 6 (Ulanqab)</li>
-</ul></li>
-<li>"oss-cn-shenzhen.aliyuncs.com"
-<ul>
-<li>South China 1 (Shenzhen)</li>
-</ul></li>
-<li>"oss-cn-heyuan.aliyuncs.com"
-<ul>
-<li>South China 2 (Heyuan)</li>
-</ul></li>
-<li>"oss-cn-guangzhou.aliyuncs.com"
-<ul>
-<li>South China 3 (Guangzhou)</li>
-</ul></li>
-<li>"oss-cn-chengdu.aliyuncs.com"
-<ul>
-<li>West China 1 (Chengdu)</li>
-</ul></li>
-<li>"oss-cn-hongkong.aliyuncs.com"
-<ul>
-<li>Hong Kong (Hong Kong)</li>
-</ul></li>
-<li>"oss-us-west-1.aliyuncs.com"
-<ul>
-<li>US West 1 (Silicon Valley)</li>
-</ul></li>
-<li>"oss-us-east-1.aliyuncs.com"
-<ul>
-<li>US East 1 (Virginia)</li>
-</ul></li>
-<li>"oss-ap-southeast-1.aliyuncs.com"
-<ul>
-<li>Southeast Asia Southeast 1 (Singapore)</li>
-</ul></li>
-<li>"oss-ap-southeast-2.aliyuncs.com"
-<ul>
-<li>Asia Pacific Southeast 2 (Sydney)</li>
-</ul></li>
-<li>"oss-ap-southeast-3.aliyuncs.com"
-<ul>
-<li>Southeast Asia Southeast 3 (Kuala Lumpur)</li>
-</ul></li>
-<li>"oss-ap-southeast-5.aliyuncs.com"
-<ul>
-<li>Asia Pacific Southeast 5 (Jakarta)</li>
-</ul></li>
-<li>"oss-ap-northeast-1.aliyuncs.com"
-<ul>
-<li>Asia Pacific Northeast 1 (Japan)</li>
-</ul></li>
-<li>"oss-ap-south-1.aliyuncs.com"
-<ul>
-<li>Asia Pacific South 1 (Mumbai)</li>
-</ul></li>
-<li>"oss-eu-central-1.aliyuncs.com"
-<ul>
-<li>Central Europe 1 (Frankfurt)</li>
-</ul></li>
-<li>"oss-eu-west-1.aliyuncs.com"
-<ul>
-<li>West Europe (London)</li>
-</ul></li>
-<li>"oss-me-east-1.aliyuncs.com"
-<ul>
-<li>Middle East 1 (Dubai)</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-endpoint-7">--s3-endpoint</h4>
-<p>Endpoint for OBS API.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: HuaweiOBS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"obs.af-south-1.myhuaweicloud.com"
-<ul>
-<li>AF-Johannesburg</li>
-</ul></li>
-<li>"obs.ap-southeast-2.myhuaweicloud.com"
-<ul>
-<li>AP-Bangkok</li>
-</ul></li>
-<li>"obs.ap-southeast-3.myhuaweicloud.com"
-<ul>
-<li>AP-Singapore</li>
-</ul></li>
-<li>"obs.cn-east-3.myhuaweicloud.com"
-<ul>
-<li>CN East-Shanghai1</li>
-</ul></li>
-<li>"obs.cn-east-2.myhuaweicloud.com"
-<ul>
-<li>CN East-Shanghai2</li>
-</ul></li>
-<li>"obs.cn-north-1.myhuaweicloud.com"
-<ul>
-<li>CN North-Beijing1</li>
-</ul></li>
-<li>"obs.cn-north-4.myhuaweicloud.com"
-<ul>
-<li>CN North-Beijing4</li>
-</ul></li>
-<li>"obs.cn-south-1.myhuaweicloud.com"
-<ul>
-<li>CN South-Guangzhou</li>
-</ul></li>
-<li>"obs.ap-southeast-1.myhuaweicloud.com"
-<ul>
-<li>CN-Hong Kong</li>
-</ul></li>
-<li>"obs.sa-argentina-1.myhuaweicloud.com"
-<ul>
-<li>LA-Buenos Aires1</li>
-</ul></li>
-<li>"obs.sa-peru-1.myhuaweicloud.com"
-<ul>
-<li>LA-Lima1</li>
-</ul></li>
-<li>"obs.na-mexico-1.myhuaweicloud.com"
-<ul>
-<li>LA-Mexico City1</li>
-</ul></li>
-<li>"obs.sa-chile-1.myhuaweicloud.com"
-<ul>
-<li>LA-Santiago2</li>
-</ul></li>
-<li>"obs.sa-brazil-1.myhuaweicloud.com"
-<ul>
-<li>LA-Sao Paulo1</li>
-</ul></li>
-<li>"obs.ru-northwest-2.myhuaweicloud.com"
-<ul>
-<li>RU-Moscow2</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-endpoint-8">--s3-endpoint</h4>
-<p>Endpoint for Scaleway Object Storage.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: Scaleway</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"s3.nl-ams.scw.cloud"
-<ul>
-<li>Amsterdam Endpoint</li>
-</ul></li>
-<li>"s3.fr-par.scw.cloud"
-<ul>
-<li>Paris Endpoint</li>
-</ul></li>
-<li>"s3.pl-waw.scw.cloud"
-<ul>
-<li>Warsaw Endpoint</li>
-</ul></li>
-</ul></li>
+<li>Config: use_multipart_uploads</li>
+<li>Env Var: RCLONE_S3_USE_MULTIPART_UPLOADS</li>
+<li>Type: Tristate</li>
+<li>Default: unset</li>
 </ul>
-<h4 id="s3-endpoint-9">--s3-endpoint</h4>
-<p>Endpoint for StackPath Object Storage.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: StackPath</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"s3.us-east-2.stackpathstorage.com"
-<ul>
-<li>US East Endpoint</li>
-</ul></li>
-<li>"s3.us-west-1.stackpathstorage.com"
-<ul>
-<li>US West Endpoint</li>
-</ul></li>
-<li>"s3.eu-central-1.stackpathstorage.com"
+<h3 id="metadata-3">Metadata</h3>
+<p>User metadata is stored as x-amz-meta- keys. S3 metadata keys are case insensitive and are always returned in lower case.</p>
+<p>Here are the possible system metadata items for the s3 backend.</p>
+<table>
+<colgroup>
+<col style="width: 15%" />
+<col style="width: 15%" />
+<col style="width: 15%" />
+<col style="width: 23%" />
+<col style="width: 28%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Name</th>
+<th>Help</th>
+<th>Type</th>
+<th>Example</th>
+<th>Read Only</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>btime</td>
+<td>Time of file birth (creation) read from Last-Modified header</td>
+<td>RFC 3339</td>
+<td>2006-01-02T15:04:05.999999999Z07:00</td>
+<td><strong>Y</strong></td>
+</tr>
+<tr class="even">
+<td>cache-control</td>
+<td>Cache-Control header</td>
+<td>string</td>
+<td>no-cache</td>
+<td>N</td>
+</tr>
+<tr class="odd">
+<td>content-disposition</td>
+<td>Content-Disposition header</td>
+<td>string</td>
+<td>inline</td>
+<td>N</td>
+</tr>
+<tr class="even">
+<td>content-encoding</td>
+<td>Content-Encoding header</td>
+<td>string</td>
+<td>gzip</td>
+<td>N</td>
+</tr>
+<tr class="odd">
+<td>content-language</td>
+<td>Content-Language header</td>
+<td>string</td>
+<td>en-US</td>
+<td>N</td>
+</tr>
+<tr class="even">
+<td>content-type</td>
+<td>Content-Type header</td>
+<td>string</td>
+<td>text/plain</td>
+<td>N</td>
+</tr>
+<tr class="odd">
+<td>mtime</td>
+<td>Time of last modification, read from rclone metadata</td>
+<td>RFC 3339</td>
+<td>2006-01-02T15:04:05.999999999Z07:00</td>
+<td>N</td>
+</tr>
+<tr class="even">
+<td>tier</td>
+<td>Tier of the object</td>
+<td>string</td>
+<td>GLACIER</td>
+<td><strong>Y</strong></td>
+</tr>
+</tbody>
+</table>
+<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
+<h2 id="backend-commands">Backend commands</h2>
+<p>Here are the commands specific to the s3 backend.</p>
+<p>Run them with</p>
+<pre><code>rclone backend COMMAND remote:</code></pre>
+<p>The help below will explain what arguments each command takes.</p>
+<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
+<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
+<h3 id="restore">restore</h3>
+<p>Restore objects from GLACIER to normal storage</p>
+<pre><code>rclone backend restore remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This command can be used to restore one or more objects from GLACIER to normal storage.</p>
+<p>Usage Examples:</p>
+<pre><code>rclone backend restore s3:bucket/path/to/object -o priority=PRIORITY -o lifetime=DAYS
+rclone backend restore s3:bucket/path/to/directory -o priority=PRIORITY -o lifetime=DAYS
+rclone backend restore s3:bucket -o priority=PRIORITY -o lifetime=DAYS</code></pre>
+<p>This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags</p>
+<pre><code>rclone --interactive backend restore --include &quot;*.txt&quot; s3:bucket/path -o priority=Standard -o lifetime=1</code></pre>
+<p>All the objects shown will be marked for restore, then</p>
+<pre><code>rclone backend restore --include &quot;*.txt&quot; s3:bucket/path -o priority=Standard -o lifetime=1</code></pre>
+<p>It returns a list of status dictionaries with Remote and Status keys. The Status will be OK if it was successful or an error message if not.</p>
+<pre><code>[
+    {
+        &quot;Status&quot;: &quot;OK&quot;,
+        &quot;Remote&quot;: &quot;test.txt&quot;
+    },
+    {
+        &quot;Status&quot;: &quot;OK&quot;,
+        &quot;Remote&quot;: &quot;test/file4.txt&quot;
+    }
+]</code></pre>
+<p>Options:</p>
 <ul>
-<li>EU Endpoint</li>
-</ul></li>
-</ul></li>
+<li>"description": The optional description for the job.</li>
+<li>"lifetime": Lifetime of the active copy in days</li>
+<li>"priority": Priority of restore: Standard|Expedited|Bulk</li>
 </ul>
-<h4 id="s3-endpoint-10">--s3-endpoint</h4>
-<p>Endpoint for Storj Gateway.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: Storj</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"gateway.storjshare.io"
+<h3 id="restore-status">restore-status</h3>
+<p>Show the restore status for objects being restored from GLACIER to normal storage</p>
+<pre><code>rclone backend restore-status remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This command can be used to show the status for objects being restored from GLACIER to normal storage.</p>
+<p>Usage Examples:</p>
+<pre><code>rclone backend restore-status s3:bucket/path/to/object
+rclone backend restore-status s3:bucket/path/to/directory
+rclone backend restore-status -o all s3:bucket/path/to/directory</code></pre>
+<p>This command does not obey the filters.</p>
+<p>It returns a list of status dictionaries.</p>
+<pre><code>[
+    {
+        &quot;Remote&quot;: &quot;file.txt&quot;,
+        &quot;VersionID&quot;: null,
+        &quot;RestoreStatus&quot;: {
+            &quot;IsRestoreInProgress&quot;: true,
+            &quot;RestoreExpiryDate&quot;: &quot;2023-09-06T12:29:19+01:00&quot;
+        },
+        &quot;StorageClass&quot;: &quot;GLACIER&quot;
+    },
+    {
+        &quot;Remote&quot;: &quot;test.pdf&quot;,
+        &quot;VersionID&quot;: null,
+        &quot;RestoreStatus&quot;: {
+            &quot;IsRestoreInProgress&quot;: false,
+            &quot;RestoreExpiryDate&quot;: &quot;2023-09-06T12:29:19+01:00&quot;
+        },
+        &quot;StorageClass&quot;: &quot;DEEP_ARCHIVE&quot;
+    }
+]</code></pre>
+<p>Options:</p>
 <ul>
-<li>Global Hosted Gateway</li>
-</ul></li>
-</ul></li>
+<li>"all": if set then show all objects, not just ones with restore status</li>
 </ul>
-<h4 id="s3-endpoint-11">--s3-endpoint</h4>
-<p>Endpoint for Tencent COS API.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: TencentCOS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"cos.ap-beijing.myqcloud.com"
-<ul>
-<li>Beijing Region</li>
-</ul></li>
-<li>"cos.ap-nanjing.myqcloud.com"
-<ul>
-<li>Nanjing Region</li>
-</ul></li>
-<li>"cos.ap-shanghai.myqcloud.com"
-<ul>
-<li>Shanghai Region</li>
-</ul></li>
-<li>"cos.ap-guangzhou.myqcloud.com"
-<ul>
-<li>Guangzhou Region</li>
-</ul></li>
-<li>"cos.ap-nanjing.myqcloud.com"
-<ul>
-<li>Nanjing Region</li>
-</ul></li>
-<li>"cos.ap-chengdu.myqcloud.com"
-<ul>
-<li>Chengdu Region</li>
-</ul></li>
-<li>"cos.ap-chongqing.myqcloud.com"
-<ul>
-<li>Chongqing Region</li>
-</ul></li>
-<li>"cos.ap-hongkong.myqcloud.com"
-<ul>
-<li>Hong Kong (China) Region</li>
-</ul></li>
-<li>"cos.ap-singapore.myqcloud.com"
-<ul>
-<li>Singapore Region</li>
-</ul></li>
-<li>"cos.ap-mumbai.myqcloud.com"
-<ul>
-<li>Mumbai Region</li>
-</ul></li>
-<li>"cos.ap-seoul.myqcloud.com"
-<ul>
-<li>Seoul Region</li>
-</ul></li>
-<li>"cos.ap-bangkok.myqcloud.com"
-<ul>
-<li>Bangkok Region</li>
-</ul></li>
-<li>"cos.ap-tokyo.myqcloud.com"
-<ul>
-<li>Tokyo Region</li>
-</ul></li>
-<li>"cos.na-siliconvalley.myqcloud.com"
-<ul>
-<li>Silicon Valley Region</li>
-</ul></li>
-<li>"cos.na-ashburn.myqcloud.com"
-<ul>
-<li>Virginia Region</li>
-</ul></li>
-<li>"cos.na-toronto.myqcloud.com"
-<ul>
-<li>Toronto Region</li>
-</ul></li>
-<li>"cos.eu-frankfurt.myqcloud.com"
-<ul>
-<li>Frankfurt Region</li>
-</ul></li>
-<li>"cos.eu-moscow.myqcloud.com"
-<ul>
-<li>Moscow Region</li>
-</ul></li>
-<li>"cos.accelerate.myqcloud.com"
-<ul>
-<li>Use Tencent COS Accelerate Endpoint</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-endpoint-12">--s3-endpoint</h4>
-<p>Endpoint for RackCorp Object Storage.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: RackCorp</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"s3.rackcorp.com"
-<ul>
-<li>Global (AnyCast) Endpoint</li>
-</ul></li>
-<li>"au.s3.rackcorp.com"
-<ul>
-<li>Australia (Anycast) Endpoint</li>
-</ul></li>
-<li>"au-nsw.s3.rackcorp.com"
-<ul>
-<li>Sydney (Australia) Endpoint</li>
-</ul></li>
-<li>"au-qld.s3.rackcorp.com"
-<ul>
-<li>Brisbane (Australia) Endpoint</li>
-</ul></li>
-<li>"au-vic.s3.rackcorp.com"
-<ul>
-<li>Melbourne (Australia) Endpoint</li>
-</ul></li>
-<li>"au-wa.s3.rackcorp.com"
-<ul>
-<li>Perth (Australia) Endpoint</li>
-</ul></li>
-<li>"ph.s3.rackcorp.com"
-<ul>
-<li>Manila (Philippines) Endpoint</li>
-</ul></li>
-<li>"th.s3.rackcorp.com"
-<ul>
-<li>Bangkok (Thailand) Endpoint</li>
-</ul></li>
-<li>"hk.s3.rackcorp.com"
-<ul>
-<li>HK (Hong Kong) Endpoint</li>
-</ul></li>
-<li>"mn.s3.rackcorp.com"
-<ul>
-<li>Ulaanbaatar (Mongolia) Endpoint</li>
-</ul></li>
-<li>"kg.s3.rackcorp.com"
-<ul>
-<li>Bishkek (Kyrgyzstan) Endpoint</li>
-</ul></li>
-<li>"id.s3.rackcorp.com"
-<ul>
-<li>Jakarta (Indonesia) Endpoint</li>
-</ul></li>
-<li>"jp.s3.rackcorp.com"
-<ul>
-<li>Tokyo (Japan) Endpoint</li>
-</ul></li>
-<li>"sg.s3.rackcorp.com"
-<ul>
-<li>SG (Singapore) Endpoint</li>
-</ul></li>
-<li>"de.s3.rackcorp.com"
-<ul>
-<li>Frankfurt (Germany) Endpoint</li>
-</ul></li>
-<li>"us.s3.rackcorp.com"
-<ul>
-<li>USA (AnyCast) Endpoint</li>
-</ul></li>
-<li>"us-east-1.s3.rackcorp.com"
-<ul>
-<li>New York (USA) Endpoint</li>
-</ul></li>
-<li>"us-west-1.s3.rackcorp.com"
-<ul>
-<li>Freemont (USA) Endpoint</li>
-</ul></li>
-<li>"nz.s3.rackcorp.com"
-<ul>
-<li>Auckland (New Zealand) Endpoint</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-endpoint-13">--s3-endpoint</h4>
-<p>Endpoint for Qiniu Object Storage.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: Qiniu</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"s3-cn-east-1.qiniucs.com"
-<ul>
-<li>East China Endpoint 1</li>
-</ul></li>
-<li>"s3-cn-east-2.qiniucs.com"
-<ul>
-<li>East China Endpoint 2</li>
-</ul></li>
-<li>"s3-cn-north-1.qiniucs.com"
-<ul>
-<li>North China Endpoint 1</li>
-</ul></li>
-<li>"s3-cn-south-1.qiniucs.com"
-<ul>
-<li>South China Endpoint 1</li>
-</ul></li>
-<li>"s3-us-north-1.qiniucs.com"
-<ul>
-<li>North America Endpoint 1</li>
-</ul></li>
-<li>"s3-ap-southeast-1.qiniucs.com"
-<ul>
-<li>Southeast Asia Endpoint 1</li>
-</ul></li>
-<li>"s3-ap-northeast-1.qiniucs.com"
-<ul>
-<li>Northeast Asia Endpoint 1</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-endpoint-14">--s3-endpoint</h4>
-<p>Endpoint for S3 API.</p>
-<p>Required when using an S3 clone.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_S3_ENDPOINT</li>
-<li>Provider: !AWS,IBMCOS,IDrive,IONOS,TencentCOS,HuaweiOBS,Alibaba,ChinaMobile,Liara,ArvanCloud,Scaleway,StackPath,Storj,RackCorp,Qiniu</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"objects-us-east-1.dream.io"
-<ul>
-<li>Dream Objects endpoint</li>
-</ul></li>
-<li>"syd1.digitaloceanspaces.com"
-<ul>
-<li>DigitalOcean Spaces Sydney 1</li>
-</ul></li>
-<li>"sfo3.digitaloceanspaces.com"
-<ul>
-<li>DigitalOcean Spaces San Francisco 3</li>
-</ul></li>
-<li>"fra1.digitaloceanspaces.com"
-<ul>
-<li>DigitalOcean Spaces Frankfurt 1</li>
-</ul></li>
-<li>"nyc3.digitaloceanspaces.com"
-<ul>
-<li>DigitalOcean Spaces New York 3</li>
-</ul></li>
-<li>"ams3.digitaloceanspaces.com"
-<ul>
-<li>DigitalOcean Spaces Amsterdam 3</li>
-</ul></li>
-<li>"sgp1.digitaloceanspaces.com"
-<ul>
-<li>DigitalOcean Spaces Singapore 1</li>
-</ul></li>
-<li>"localhost:8333"
-<ul>
-<li>SeaweedFS S3 localhost</li>
-</ul></li>
-<li>"s3.us-east-1.lyvecloud.seagate.com"
-<ul>
-<li>Seagate Lyve Cloud US East 1 (Virginia)</li>
-</ul></li>
-<li>"s3.us-west-1.lyvecloud.seagate.com"
-<ul>
-<li>Seagate Lyve Cloud US West 1 (California)</li>
-</ul></li>
-<li>"s3.ap-southeast-1.lyvecloud.seagate.com"
-<ul>
-<li>Seagate Lyve Cloud AP Southeast 1 (Singapore)</li>
-</ul></li>
-<li>"s3.wasabisys.com"
-<ul>
-<li>Wasabi US East 1 (N. Virginia)</li>
-</ul></li>
-<li>"s3.us-east-2.wasabisys.com"
-<ul>
-<li>Wasabi US East 2 (N. Virginia)</li>
-</ul></li>
-<li>"s3.us-central-1.wasabisys.com"
-<ul>
-<li>Wasabi US Central 1 (Texas)</li>
-</ul></li>
-<li>"s3.us-west-1.wasabisys.com"
-<ul>
-<li>Wasabi US West 1 (Oregon)</li>
-</ul></li>
-<li>"s3.ca-central-1.wasabisys.com"
-<ul>
-<li>Wasabi CA Central 1 (Toronto)</li>
-</ul></li>
-<li>"s3.eu-central-1.wasabisys.com"
-<ul>
-<li>Wasabi EU Central 1 (Amsterdam)</li>
-</ul></li>
-<li>"s3.eu-central-2.wasabisys.com"
-<ul>
-<li>Wasabi EU Central 2 (Frankfurt)</li>
-</ul></li>
-<li>"s3.eu-west-1.wasabisys.com"
-<ul>
-<li>Wasabi EU West 1 (London)</li>
-</ul></li>
-<li>"s3.eu-west-2.wasabisys.com"
-<ul>
-<li>Wasabi EU West 2 (Paris)</li>
-</ul></li>
-<li>"s3.ap-northeast-1.wasabisys.com"
-<ul>
-<li>Wasabi AP Northeast 1 (Tokyo) endpoint</li>
-</ul></li>
-<li>"s3.ap-northeast-2.wasabisys.com"
-<ul>
-<li>Wasabi AP Northeast 2 (Osaka) endpoint</li>
-</ul></li>
-<li>"s3.ap-southeast-1.wasabisys.com"
-<ul>
-<li>Wasabi AP Southeast 1 (Singapore)</li>
-</ul></li>
-<li>"s3.ap-southeast-2.wasabisys.com"
-<ul>
-<li>Wasabi AP Southeast 2 (Sydney)</li>
-</ul></li>
-<li>"storage.iran.liara.space"
-<ul>
-<li>Liara Iran endpoint</li>
-</ul></li>
-<li>"s3.ir-thr-at1.arvanstorage.com"
+<h3 id="list-multipart-uploads">list-multipart-uploads</h3>
+<p>List the unfinished multipart uploads</p>
+<pre><code>rclone backend list-multipart-uploads remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This command lists the unfinished multipart uploads in JSON format.</p>
+<pre><code>rclone backend list-multipart s3:bucket/path/to/object</code></pre>
+<p>It returns a dictionary of buckets with values as lists of unfinished multipart uploads.</p>
+<p>You can call it with no bucket in which case it lists all bucket, with a bucket or with a bucket and path.</p>
+<pre><code>{
+  &quot;rclone&quot;: [
+    {
+      &quot;Initiated&quot;: &quot;2020-06-26T14:20:36Z&quot;,
+      &quot;Initiator&quot;: {
+        &quot;DisplayName&quot;: &quot;XXX&quot;,
+        &quot;ID&quot;: &quot;arn:aws:iam::XXX:user/XXX&quot;
+      },
+      &quot;Key&quot;: &quot;KEY&quot;,
+      &quot;Owner&quot;: {
+        &quot;DisplayName&quot;: null,
+        &quot;ID&quot;: &quot;XXX&quot;
+      },
+      &quot;StorageClass&quot;: &quot;STANDARD&quot;,
+      &quot;UploadId&quot;: &quot;XXX&quot;
+    }
+  ],
+  &quot;rclone-1000files&quot;: [],
+  &quot;rclone-dst&quot;: []
+}</code></pre>
+<h3 id="cleanup-2">cleanup</h3>
+<p>Remove unfinished multipart uploads.</p>
+<pre><code>rclone backend cleanup remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This command removes unfinished multipart uploads of age greater than max-age which defaults to 24 hours.</p>
+<p>Note that you can use --interactive/-i or --dry-run with this command to see what it would do.</p>
+<pre><code>rclone backend cleanup s3:bucket/path/to/object
+rclone backend cleanup -o max-age=7w s3:bucket/path/to/object</code></pre>
+<p>Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.</p>
+<p>Options:</p>
 <ul>
-<li>ArvanCloud Tehran Iran (Asiatech) endpoint</li>
-</ul></li>
-</ul></li>
+<li>"max-age": Max age of upload to delete</li>
 </ul>
-<h4 id="s3-location-constraint">--s3-location-constraint</h4>
-<p>Location constraint - must be set to match the Region.</p>
-<p>Used when creating buckets only.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location_constraint</li>
-<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
-<li>Provider: AWS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Empty for US Region, Northern Virginia, or Pacific Northwest</li>
-</ul></li>
-<li>"us-east-2"
-<ul>
-<li>US East (Ohio) Region</li>
-</ul></li>
-<li>"us-west-1"
-<ul>
-<li>US West (Northern California) Region</li>
-</ul></li>
-<li>"us-west-2"
-<ul>
-<li>US West (Oregon) Region</li>
-</ul></li>
-<li>"ca-central-1"
-<ul>
-<li>Canada (Central) Region</li>
-</ul></li>
-<li>"eu-west-1"
-<ul>
-<li>EU (Ireland) Region</li>
-</ul></li>
-<li>"eu-west-2"
-<ul>
-<li>EU (London) Region</li>
-</ul></li>
-<li>"eu-west-3"
-<ul>
-<li>EU (Paris) Region</li>
-</ul></li>
-<li>"eu-north-1"
-<ul>
-<li>EU (Stockholm) Region</li>
-</ul></li>
-<li>"eu-south-1"
-<ul>
-<li>EU (Milan) Region</li>
-</ul></li>
-<li>"EU"
-<ul>
-<li>EU Region</li>
-</ul></li>
-<li>"ap-southeast-1"
-<ul>
-<li>Asia Pacific (Singapore) Region</li>
-</ul></li>
-<li>"ap-southeast-2"
-<ul>
-<li>Asia Pacific (Sydney) Region</li>
-</ul></li>
-<li>"ap-northeast-1"
-<ul>
-<li>Asia Pacific (Tokyo) Region</li>
-</ul></li>
-<li>"ap-northeast-2"
-<ul>
-<li>Asia Pacific (Seoul) Region</li>
-</ul></li>
-<li>"ap-northeast-3"
-<ul>
-<li>Asia Pacific (Osaka-Local) Region</li>
-</ul></li>
-<li>"ap-south-1"
-<ul>
-<li>Asia Pacific (Mumbai) Region</li>
-</ul></li>
-<li>"ap-east-1"
-<ul>
-<li>Asia Pacific (Hong Kong) Region</li>
-</ul></li>
-<li>"sa-east-1"
-<ul>
-<li>South America (Sao Paulo) Region</li>
-</ul></li>
-<li>"me-south-1"
-<ul>
-<li>Middle East (Bahrain) Region</li>
-</ul></li>
-<li>"af-south-1"
-<ul>
-<li>Africa (Cape Town) Region</li>
-</ul></li>
-<li>"cn-north-1"
-<ul>
-<li>China (Beijing) Region</li>
-</ul></li>
-<li>"cn-northwest-1"
-<ul>
-<li>China (Ningxia) Region</li>
-</ul></li>
-<li>"us-gov-east-1"
-<ul>
-<li>AWS GovCloud (US-East) Region</li>
-</ul></li>
-<li>"us-gov-west-1"
-<ul>
-<li>AWS GovCloud (US) Region</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-location-constraint-1">--s3-location-constraint</h4>
-<p>Location constraint - must match endpoint.</p>
-<p>Used when creating buckets only.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location_constraint</li>
-<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
-<li>Provider: ChinaMobile</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"wuxi1"
-<ul>
-<li>East China (Suzhou)</li>
-</ul></li>
-<li>"jinan1"
-<ul>
-<li>East China (Jinan)</li>
-</ul></li>
-<li>"ningbo1"
-<ul>
-<li>East China (Hangzhou)</li>
-</ul></li>
-<li>"shanghai1"
-<ul>
-<li>East China (Shanghai-1)</li>
-</ul></li>
-<li>"zhengzhou1"
-<ul>
-<li>Central China (Zhengzhou)</li>
-</ul></li>
-<li>"hunan1"
-<ul>
-<li>Central China (Changsha-1)</li>
-</ul></li>
-<li>"zhuzhou1"
-<ul>
-<li>Central China (Changsha-2)</li>
-</ul></li>
-<li>"guangzhou1"
-<ul>
-<li>South China (Guangzhou-2)</li>
-</ul></li>
-<li>"dongguan1"
-<ul>
-<li>South China (Guangzhou-3)</li>
-</ul></li>
-<li>"beijing1"
-<ul>
-<li>North China (Beijing-1)</li>
-</ul></li>
-<li>"beijing2"
-<ul>
-<li>North China (Beijing-2)</li>
-</ul></li>
-<li>"beijing4"
-<ul>
-<li>North China (Beijing-3)</li>
-</ul></li>
-<li>"huhehaote1"
-<ul>
-<li>North China (Huhehaote)</li>
-</ul></li>
-<li>"chengdu1"
-<ul>
-<li>Southwest China (Chengdu)</li>
-</ul></li>
-<li>"chongqing1"
-<ul>
-<li>Southwest China (Chongqing)</li>
-</ul></li>
-<li>"guiyang1"
-<ul>
-<li>Southwest China (Guiyang)</li>
-</ul></li>
-<li>"xian1"
-<ul>
-<li>Nouthwest China (Xian)</li>
-</ul></li>
-<li>"yunnan"
-<ul>
-<li>Yunnan China (Kunming)</li>
-</ul></li>
-<li>"yunnan2"
-<ul>
-<li>Yunnan China (Kunming-2)</li>
-</ul></li>
-<li>"tianjin1"
-<ul>
-<li>Tianjin China (Tianjin)</li>
-</ul></li>
-<li>"jilin1"
-<ul>
-<li>Jilin China (Changchun)</li>
-</ul></li>
-<li>"hubei1"
-<ul>
-<li>Hubei China (Xiangyan)</li>
-</ul></li>
-<li>"jiangxi1"
-<ul>
-<li>Jiangxi China (Nanchang)</li>
-</ul></li>
-<li>"gansu1"
-<ul>
-<li>Gansu China (Lanzhou)</li>
-</ul></li>
-<li>"shanxi1"
-<ul>
-<li>Shanxi China (Taiyuan)</li>
-</ul></li>
-<li>"liaoning1"
-<ul>
-<li>Liaoning China (Shenyang)</li>
-</ul></li>
-<li>"hebei1"
-<ul>
-<li>Hebei China (Shijiazhuang)</li>
-</ul></li>
-<li>"fujian1"
-<ul>
-<li>Fujian China (Xiamen)</li>
-</ul></li>
-<li>"guangxi1"
-<ul>
-<li>Guangxi China (Nanning)</li>
-</ul></li>
-<li>"anhui1"
-<ul>
-<li>Anhui China (Huainan)</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-location-constraint-2">--s3-location-constraint</h4>
-<p>Location constraint - must match endpoint.</p>
-<p>Used when creating buckets only.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location_constraint</li>
-<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
-<li>Provider: ArvanCloud</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"ir-thr-at1"
-<ul>
-<li>Tehran Iran (Asiatech)</li>
-</ul></li>
-<li>"ir-tbz-sh1"
-<ul>
-<li>Tabriz Iran (Shahriar)</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-location-constraint-3">--s3-location-constraint</h4>
-<p>Location constraint - must match endpoint when using IBM Cloud Public.</p>
-<p>For on-prem COS, do not make a selection from this list, hit enter.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location_constraint</li>
-<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
-<li>Provider: IBMCOS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"us-standard"
-<ul>
-<li>US Cross Region Standard</li>
-</ul></li>
-<li>"us-vault"
-<ul>
-<li>US Cross Region Vault</li>
-</ul></li>
-<li>"us-cold"
-<ul>
-<li>US Cross Region Cold</li>
-</ul></li>
-<li>"us-flex"
-<ul>
-<li>US Cross Region Flex</li>
-</ul></li>
-<li>"us-east-standard"
-<ul>
-<li>US East Region Standard</li>
-</ul></li>
-<li>"us-east-vault"
-<ul>
-<li>US East Region Vault</li>
-</ul></li>
-<li>"us-east-cold"
-<ul>
-<li>US East Region Cold</li>
-</ul></li>
-<li>"us-east-flex"
-<ul>
-<li>US East Region Flex</li>
-</ul></li>
-<li>"us-south-standard"
-<ul>
-<li>US South Region Standard</li>
-</ul></li>
-<li>"us-south-vault"
-<ul>
-<li>US South Region Vault</li>
-</ul></li>
-<li>"us-south-cold"
-<ul>
-<li>US South Region Cold</li>
-</ul></li>
-<li>"us-south-flex"
-<ul>
-<li>US South Region Flex</li>
-</ul></li>
-<li>"eu-standard"
-<ul>
-<li>EU Cross Region Standard</li>
-</ul></li>
-<li>"eu-vault"
-<ul>
-<li>EU Cross Region Vault</li>
-</ul></li>
-<li>"eu-cold"
-<ul>
-<li>EU Cross Region Cold</li>
-</ul></li>
-<li>"eu-flex"
-<ul>
-<li>EU Cross Region Flex</li>
-</ul></li>
-<li>"eu-gb-standard"
-<ul>
-<li>Great Britain Standard</li>
-</ul></li>
-<li>"eu-gb-vault"
-<ul>
-<li>Great Britain Vault</li>
-</ul></li>
-<li>"eu-gb-cold"
-<ul>
-<li>Great Britain Cold</li>
-</ul></li>
-<li>"eu-gb-flex"
-<ul>
-<li>Great Britain Flex</li>
-</ul></li>
-<li>"ap-standard"
-<ul>
-<li>APAC Standard</li>
-</ul></li>
-<li>"ap-vault"
-<ul>
-<li>APAC Vault</li>
-</ul></li>
-<li>"ap-cold"
-<ul>
-<li>APAC Cold</li>
-</ul></li>
-<li>"ap-flex"
-<ul>
-<li>APAC Flex</li>
-</ul></li>
-<li>"mel01-standard"
-<ul>
-<li>Melbourne Standard</li>
-</ul></li>
-<li>"mel01-vault"
-<ul>
-<li>Melbourne Vault</li>
-</ul></li>
-<li>"mel01-cold"
-<ul>
-<li>Melbourne Cold</li>
-</ul></li>
-<li>"mel01-flex"
-<ul>
-<li>Melbourne Flex</li>
-</ul></li>
-<li>"tor01-standard"
-<ul>
-<li>Toronto Standard</li>
-</ul></li>
-<li>"tor01-vault"
-<ul>
-<li>Toronto Vault</li>
-</ul></li>
-<li>"tor01-cold"
-<ul>
-<li>Toronto Cold</li>
-</ul></li>
-<li>"tor01-flex"
-<ul>
-<li>Toronto Flex</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-location-constraint-4">--s3-location-constraint</h4>
-<p>Location constraint - the location where your bucket will be located and your data stored.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location_constraint</li>
-<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
-<li>Provider: RackCorp</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"global"
-<ul>
-<li>Global CDN Region</li>
-</ul></li>
-<li>"au"
-<ul>
-<li>Australia (All locations)</li>
-</ul></li>
-<li>"au-nsw"
-<ul>
-<li>NSW (Australia) Region</li>
-</ul></li>
-<li>"au-qld"
-<ul>
-<li>QLD (Australia) Region</li>
-</ul></li>
-<li>"au-vic"
-<ul>
-<li>VIC (Australia) Region</li>
-</ul></li>
-<li>"au-wa"
-<ul>
-<li>Perth (Australia) Region</li>
-</ul></li>
-<li>"ph"
-<ul>
-<li>Manila (Philippines) Region</li>
-</ul></li>
-<li>"th"
-<ul>
-<li>Bangkok (Thailand) Region</li>
-</ul></li>
-<li>"hk"
-<ul>
-<li>HK (Hong Kong) Region</li>
-</ul></li>
-<li>"mn"
-<ul>
-<li>Ulaanbaatar (Mongolia) Region</li>
-</ul></li>
-<li>"kg"
-<ul>
-<li>Bishkek (Kyrgyzstan) Region</li>
-</ul></li>
-<li>"id"
-<ul>
-<li>Jakarta (Indonesia) Region</li>
-</ul></li>
-<li>"jp"
-<ul>
-<li>Tokyo (Japan) Region</li>
-</ul></li>
-<li>"sg"
-<ul>
-<li>SG (Singapore) Region</li>
-</ul></li>
-<li>"de"
-<ul>
-<li>Frankfurt (Germany) Region</li>
-</ul></li>
-<li>"us"
-<ul>
-<li>USA (AnyCast) Region</li>
-</ul></li>
-<li>"us-east-1"
-<ul>
-<li>New York (USA) Region</li>
-</ul></li>
-<li>"us-west-1"
-<ul>
-<li>Freemont (USA) Region</li>
-</ul></li>
-<li>"nz"
-<ul>
-<li>Auckland (New Zealand) Region</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-location-constraint-5">--s3-location-constraint</h4>
-<p>Location constraint - must be set to match the Region.</p>
-<p>Used when creating buckets only.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location_constraint</li>
-<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
-<li>Provider: Qiniu</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"cn-east-1"
-<ul>
-<li>East China Region 1</li>
-</ul></li>
-<li>"cn-east-2"
-<ul>
-<li>East China Region 2</li>
-</ul></li>
-<li>"cn-north-1"
-<ul>
-<li>North China Region 1</li>
-</ul></li>
-<li>"cn-south-1"
-<ul>
-<li>South China Region 1</li>
-</ul></li>
-<li>"us-north-1"
-<ul>
-<li>North America Region 1</li>
-</ul></li>
-<li>"ap-southeast-1"
-<ul>
-<li>Southeast Asia Region 1</li>
-</ul></li>
-<li>"ap-northeast-1"
-<ul>
-<li>Northeast Asia Region 1</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-location-constraint-6">--s3-location-constraint</h4>
-<p>Location constraint - must be set to match the Region.</p>
-<p>Leave blank if not sure. Used when creating buckets only.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location_constraint</li>
-<li>Env Var: RCLONE_S3_LOCATION_CONSTRAINT</li>
-<li>Provider: !AWS,Alibaba,HuaweiOBS,ChinaMobile,Cloudflare,IBMCOS,IDrive,IONOS,Liara,ArvanCloud,Qiniu,RackCorp,Scaleway,StackPath,Storj,TencentCOS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="s3-acl">--s3-acl</h4>
-<p>Canned ACL used when creating buckets and storing or copying objects.</p>
-<p>This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.</p>
-<p>For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl</p>
-<p>Note that this ACL is applied when server-side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one.</p>
-<p>If the acl is an empty string then no X-Amz-Acl: header is added and the default (private) will be used.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: acl</li>
-<li>Env Var: RCLONE_S3_ACL</li>
-<li>Provider: !Storj,Cloudflare</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"default"
-<ul>
-<li>Owner gets Full_CONTROL.</li>
-<li>No one else has access rights (default).</li>
-</ul></li>
-<li>"private"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>No one else has access rights (default).</li>
-</ul></li>
-<li>"public-read"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AllUsers group gets READ access.</li>
-</ul></li>
-<li>"public-read-write"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AllUsers group gets READ and WRITE access.</li>
-<li>Granting this on a bucket is generally not recommended.</li>
-</ul></li>
-<li>"authenticated-read"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AuthenticatedUsers group gets READ access.</li>
-</ul></li>
-<li>"bucket-owner-read"
-<ul>
-<li>Object owner gets FULL_CONTROL.</li>
-<li>Bucket owner gets READ access.</li>
-<li>If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.</li>
-</ul></li>
-<li>"bucket-owner-full-control"
-<ul>
-<li>Both the object owner and the bucket owner get FULL_CONTROL over the object.</li>
-<li>If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.</li>
-</ul></li>
-<li>"private"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>No one else has access rights (default).</li>
-<li>This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS.</li>
-</ul></li>
-<li>"public-read"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AllUsers group gets READ access.</li>
-<li>This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS.</li>
-</ul></li>
-<li>"public-read-write"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AllUsers group gets READ and WRITE access.</li>
-<li>This acl is available on IBM Cloud (Infra), On-Premise IBM COS.</li>
-</ul></li>
-<li>"authenticated-read"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AuthenticatedUsers group gets READ access.</li>
-<li>Not supported on Buckets.</li>
-<li>This acl is available on IBM Cloud (Infra) and On-Premise IBM COS.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-server-side-encryption">--s3-server-side-encryption</h4>
-<p>The server-side encryption algorithm used when storing this object in S3.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: server_side_encryption</li>
-<li>Env Var: RCLONE_S3_SERVER_SIDE_ENCRYPTION</li>
-<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-<li>"AES256"
-<ul>
-<li>AES256</li>
-</ul></li>
-<li>"aws:kms"
-<ul>
-<li>aws:kms</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-sse-kms-key-id">--s3-sse-kms-key-id</h4>
-<p>If using KMS ID you must provide the ARN of Key.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_kms_key_id</li>
-<li>Env Var: RCLONE_S3_SSE_KMS_KEY_ID</li>
-<li>Provider: AWS,Ceph,Minio</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-<li>"arn:aws:kms:us-east-1:*"
-<ul>
-<li>arn:aws:kms:*</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in S3.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: AWS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Default</li>
-</ul></li>
-<li>"STANDARD"
-<ul>
-<li>Standard storage class</li>
-</ul></li>
-<li>"REDUCED_REDUNDANCY"
-<ul>
-<li>Reduced redundancy storage class</li>
-</ul></li>
-<li>"STANDARD_IA"
-<ul>
-<li>Standard Infrequent Access storage class</li>
-</ul></li>
-<li>"ONEZONE_IA"
-<ul>
-<li>One Zone Infrequent Access storage class</li>
-</ul></li>
-<li>"GLACIER"
-<ul>
-<li>Glacier storage class</li>
-</ul></li>
-<li>"DEEP_ARCHIVE"
-<ul>
-<li>Glacier Deep Archive storage class</li>
-</ul></li>
-<li>"INTELLIGENT_TIERING"
-<ul>
-<li>Intelligent-Tiering storage class</li>
-</ul></li>
-<li>"GLACIER_IR"
-<ul>
-<li>Glacier Instant Retrieval storage class</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class-1">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in OSS.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: Alibaba</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Default</li>
-</ul></li>
-<li>"STANDARD"
-<ul>
-<li>Standard storage class</li>
-</ul></li>
-<li>"GLACIER"
-<ul>
-<li>Archive storage mode</li>
-</ul></li>
-<li>"STANDARD_IA"
-<ul>
-<li>Infrequent access storage mode</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class-2">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in ChinaMobile.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: ChinaMobile</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Default</li>
-</ul></li>
-<li>"STANDARD"
-<ul>
-<li>Standard storage class</li>
-</ul></li>
-<li>"GLACIER"
-<ul>
-<li>Archive storage mode</li>
-</ul></li>
-<li>"STANDARD_IA"
-<ul>
-<li>Infrequent access storage mode</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class-3">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in Liara</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: Liara</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"STANDARD"
-<ul>
-<li>Standard storage class</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class-4">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in ArvanCloud.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: ArvanCloud</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"STANDARD"
-<ul>
-<li>Standard storage class</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class-5">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in Tencent COS.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: TencentCOS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Default</li>
-</ul></li>
-<li>"STANDARD"
-<ul>
-<li>Standard storage class</li>
-</ul></li>
-<li>"ARCHIVE"
-<ul>
-<li>Archive storage mode</li>
-</ul></li>
-<li>"STANDARD_IA"
-<ul>
-<li>Infrequent access storage mode</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class-6">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in S3.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: Scaleway</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Default.</li>
-</ul></li>
-<li>"STANDARD"
-<ul>
-<li>The Standard class for any upload.</li>
-<li>Suitable for on-demand content like streaming or CDN.</li>
-</ul></li>
-<li>"GLACIER"
-<ul>
-<li>Archived storage.</li>
-<li>Prices are lower, but it needs to be restored first to be accessed.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-storage-class-7">--s3-storage-class</h4>
-<p>The storage class to use when storing new objects in Qiniu.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_S3_STORAGE_CLASS</li>
-<li>Provider: Qiniu</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"STANDARD"
-<ul>
-<li>Standard storage class</li>
-</ul></li>
-<li>"LINE"
-<ul>
-<li>Infrequent access storage mode</li>
-</ul></li>
-<li>"GLACIER"
-<ul>
-<li>Archive storage mode</li>
-</ul></li>
-<li>"DEEP_ARCHIVE"
-<ul>
-<li>Deep archive storage mode</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-2">Advanced options</h3>
-<p>Here are the Advanced options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).</p>
-<h4 id="s3-bucket-acl">--s3-bucket-acl</h4>
-<p>Canned ACL used when creating buckets.</p>
-<p>For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl</p>
-<p>Note that this ACL is applied when only when creating buckets. If it isn't set then "acl" is used instead.</p>
-<p>If the "acl" and "bucket_acl" are empty strings then no X-Amz-Acl: header is added and the default (private) will be used.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: bucket_acl</li>
-<li>Env Var: RCLONE_S3_BUCKET_ACL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"private"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>No one else has access rights (default).</li>
-</ul></li>
-<li>"public-read"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AllUsers group gets READ access.</li>
-</ul></li>
-<li>"public-read-write"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AllUsers group gets READ and WRITE access.</li>
-<li>Granting this on a bucket is generally not recommended.</li>
-</ul></li>
-<li>"authenticated-read"
-<ul>
-<li>Owner gets FULL_CONTROL.</li>
-<li>The AuthenticatedUsers group gets READ access.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-requester-pays">--s3-requester-pays</h4>
-<p>Enables requester pays option when interacting with S3 bucket.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: requester_pays</li>
-<li>Env Var: RCLONE_S3_REQUESTER_PAYS</li>
-<li>Provider: AWS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-sse-customer-algorithm">--s3-sse-customer-algorithm</h4>
-<p>If using SSE-C, the server-side encryption algorithm used when storing this object in S3.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_algorithm</li>
-<li>Env Var: RCLONE_S3_SSE_CUSTOMER_ALGORITHM</li>
-<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-<li>"AES256"
-<ul>
-<li>AES256</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-sse-customer-key">--s3-sse-customer-key</h4>
-<p>To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data.</p>
-<p>Alternatively you can provide --sse-customer-key-base64.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_key</li>
-<li>Env Var: RCLONE_S3_SSE_CUSTOMER_KEY</li>
-<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-sse-customer-key-base64">--s3-sse-customer-key-base64</h4>
-<p>If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data.</p>
-<p>Alternatively you can provide --sse-customer-key.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_key_base64</li>
-<li>Env Var: RCLONE_S3_SSE_CUSTOMER_KEY_BASE64</li>
-<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-sse-customer-key-md5">--s3-sse-customer-key-md5</h4>
-<p>If using SSE-C you may provide the secret encryption key MD5 checksum (optional).</p>
-<p>If you leave it blank, this is calculated automatically from the sse_customer_key provided.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_key_md5</li>
-<li>Env Var: RCLONE_S3_SSE_CUSTOMER_KEY_MD5</li>
-<li>Provider: AWS,Ceph,ChinaMobile,Minio</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="s3-upload-cutoff">--s3-upload-cutoff</h4>
-<p>Cutoff for switching to chunked upload.</p>
-<p>Any files larger than this will be uploaded in chunks of chunk_size. The minimum is 0 and the maximum is 5 GiB.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_S3_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 200Mi</li>
-</ul>
-<h4 id="s3-chunk-size">--s3-chunk-size</h4>
-<p>Chunk size to use for uploading.</p>
-<p>When uploading files larger than upload_cutoff or files with unknown size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google photos or google docs) they will be uploaded as multipart uploads using this chunk size.</p>
-<p>Note that "--s3-upload-concurrency" chunks of this size are buffered in memory per transfer.</p>
-<p>If you are transferring large files over high-speed links and you have enough memory, then increasing this will speed up the transfers.</p>
-<p>Rclone will automatically increase the chunk size when uploading a large file of known size to stay below the 10,000 chunks limit.</p>
-<p>Files of unknown size are uploaded with the configured chunk_size. Since the default chunk size is 5 MiB and there can be at most 10,000 chunks, this means that by default the maximum size of a file you can stream upload is 48 GiB. If you wish to stream upload larger files then you will need to increase chunk_size.</p>
-<p>Increasing the chunk size decreases the accuracy of the progress statistics displayed with "-P" flag. Rclone treats chunk as sent when it's buffered by the AWS SDK, when in fact it may still be uploading. A bigger chunk size means a bigger AWS SDK buffer and progress reporting more deviating from the truth.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_S3_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 5Mi</li>
-</ul>
-<h4 id="s3-max-upload-parts">--s3-max-upload-parts</h4>
-<p>Maximum number of parts in a multipart upload.</p>
-<p>This option defines the maximum number of multipart chunks to use when doing a multipart upload.</p>
-<p>This can be useful if a service does not support the AWS S3 specification of 10,000 chunks.</p>
-<p>Rclone will automatically increase the chunk size when uploading a large file of a known size to stay below this number of chunks limit.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: max_upload_parts</li>
-<li>Env Var: RCLONE_S3_MAX_UPLOAD_PARTS</li>
-<li>Type: int</li>
-<li>Default: 10000</li>
-</ul>
-<h4 id="s3-copy-cutoff">--s3-copy-cutoff</h4>
-<p>Cutoff for switching to multipart copy.</p>
-<p>Any files larger than this that need to be server-side copied will be copied in chunks of this size.</p>
-<p>The minimum is 0 and the maximum is 5 GiB.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: copy_cutoff</li>
-<li>Env Var: RCLONE_S3_COPY_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 4.656Gi</li>
-</ul>
-<h4 id="s3-disable-checksum">--s3-disable-checksum</h4>
-<p>Don't store MD5 checksum with object metadata.</p>
-<p>Normally rclone will calculate the MD5 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_checksum</li>
-<li>Env Var: RCLONE_S3_DISABLE_CHECKSUM</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-shared-credentials-file">--s3-shared-credentials-file</h4>
-<p>Path to the shared credentials file.</p>
-<p>If env_auth = true then rclone can use a shared credentials file.</p>
-<p>If this variable is empty rclone will look for the "AWS_SHARED_CREDENTIALS_FILE" env variable. If the env value is empty it will default to the current user's home directory.</p>
-<pre><code>Linux/OSX: &quot;$HOME/.aws/credentials&quot;
-Windows:   &quot;%USERPROFILE%\.aws\credentials&quot;</code></pre>
-<p>Properties:</p>
-<ul>
-<li>Config: shared_credentials_file</li>
-<li>Env Var: RCLONE_S3_SHARED_CREDENTIALS_FILE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="s3-profile">--s3-profile</h4>
-<p>Profile to use in the shared credentials file.</p>
-<p>If env_auth = true then rclone can use a shared credentials file. This variable controls which profile is used in that file.</p>
-<p>If empty it will default to the environment variable "AWS_PROFILE" or "default" if that environment variable is also not set.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: profile</li>
-<li>Env Var: RCLONE_S3_PROFILE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="s3-session-token">--s3-session-token</h4>
-<p>An AWS session token.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: session_token</li>
-<li>Env Var: RCLONE_S3_SESSION_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="s3-upload-concurrency">--s3-upload-concurrency</h4>
-<p>Concurrency for multipart uploads.</p>
-<p>This is the number of chunks of the same file that are uploaded concurrently.</p>
-<p>If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_concurrency</li>
-<li>Env Var: RCLONE_S3_UPLOAD_CONCURRENCY</li>
-<li>Type: int</li>
-<li>Default: 4</li>
-</ul>
-<h4 id="s3-force-path-style">--s3-force-path-style</h4>
-<p>If true use path style access if false use virtual hosted style.</p>
-<p>If this is true (the default) then rclone will use path style access, if false then rclone will use virtual path style. See <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro">the AWS S3 docs</a> for more info.</p>
-<p>Some providers (e.g. AWS, Aliyun OSS, Netease COS, or Tencent COS) require this set to false - rclone will do this automatically based on the provider setting.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: force_path_style</li>
-<li>Env Var: RCLONE_S3_FORCE_PATH_STYLE</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-</ul>
-<h4 id="s3-v2-auth">--s3-v2-auth</h4>
-<p>If true use v2 authentication.</p>
-<p>If this is false (the default) then rclone will use v4 authentication. If it is set then rclone will use v2 authentication.</p>
-<p>Use this only if v4 signatures don't work, e.g. pre Jewel/v10 CEPH.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: v2_auth</li>
-<li>Env Var: RCLONE_S3_V2_AUTH</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-use-accelerate-endpoint">--s3-use-accelerate-endpoint</h4>
-<p>If true use the AWS S3 accelerated endpoint.</p>
-<p>See: <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration-examples.html">AWS S3 Transfer acceleration</a></p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_accelerate_endpoint</li>
-<li>Env Var: RCLONE_S3_USE_ACCELERATE_ENDPOINT</li>
-<li>Provider: AWS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-leave-parts-on-error">--s3-leave-parts-on-error</h4>
-<p>If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.</p>
-<p>It should be set to true for resuming uploads across different sessions.</p>
-<p>WARNING: Storing parts of an incomplete multipart upload counts towards space usage on S3 and will add additional costs if not cleaned up.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: leave_parts_on_error</li>
-<li>Env Var: RCLONE_S3_LEAVE_PARTS_ON_ERROR</li>
-<li>Provider: AWS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-list-chunk">--s3-list-chunk</h4>
-<p>Size of listing chunk (response list for each ListObject S3 request).</p>
-<p>This option is also known as "MaxKeys", "max-items", or "page-size" from the AWS S3 specification. Most services truncate the response list to 1000 objects even if requested more than that. In AWS S3 this is a global maximum and cannot be changed, see <a href="https://docs.aws.amazon.com/cli/latest/reference/s3/ls.html">AWS S3</a>. In Ceph, this can be increased with the "rgw list buckets max chunk" option.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: list_chunk</li>
-<li>Env Var: RCLONE_S3_LIST_CHUNK</li>
-<li>Type: int</li>
-<li>Default: 1000</li>
-</ul>
-<h4 id="s3-list-version">--s3-list-version</h4>
-<p>Version of ListObjects to use: 1,2 or 0 for auto.</p>
-<p>When S3 originally launched it only provided the ListObjects call to enumerate objects in a bucket.</p>
-<p>However in May 2016 the ListObjectsV2 call was introduced. This is much higher performance and should be used if at all possible.</p>
-<p>If set to the default, 0, rclone will guess according to the provider set which list objects method to call. If it guesses wrong, then it may be set manually here.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: list_version</li>
-<li>Env Var: RCLONE_S3_LIST_VERSION</li>
-<li>Type: int</li>
-<li>Default: 0</li>
-</ul>
-<h4 id="s3-list-url-encode">--s3-list-url-encode</h4>
-<p>Whether to url encode listings: true/false/unset</p>
-<p>Some providers support URL encoding listings and where this is available this is more reliable when using control characters in file names. If this is set to unset (the default) then rclone will choose according to the provider setting what to apply, but you can override rclone's choice here.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: list_url_encode</li>
-<li>Env Var: RCLONE_S3_LIST_URL_ENCODE</li>
-<li>Type: Tristate</li>
-<li>Default: unset</li>
-</ul>
-<h4 id="s3-no-check-bucket">--s3-no-check-bucket</h4>
-<p>If set, don't attempt to check the bucket exists or create it.</p>
-<p>This can be useful when trying to minimise the number of transactions rclone does if you know the bucket exists already.</p>
-<p>It can also be needed if the user you are using does not have bucket creation permissions. Before v1.52.0 this would have passed silently due to a bug.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_check_bucket</li>
-<li>Env Var: RCLONE_S3_NO_CHECK_BUCKET</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-no-head">--s3-no-head</h4>
-<p>If set, don't HEAD uploaded objects to check integrity.</p>
-<p>This can be useful when trying to minimise the number of transactions rclone does.</p>
-<p>Setting it means that if rclone receives a 200 OK message after uploading an object with PUT then it will assume that it got uploaded properly.</p>
-<p>In particular it will assume:</p>
-<ul>
-<li>the metadata, including modtime, storage class and content type was as uploaded</li>
-<li>the size was as uploaded</li>
-</ul>
-<p>It reads the following items from the response for a single part PUT:</p>
-<ul>
-<li>the MD5SUM</li>
-<li>The uploaded date</li>
-</ul>
-<p>For multipart uploads these items aren't read.</p>
-<p>If an source object of unknown length is uploaded then rclone <strong>will</strong> do a HEAD request.</p>
-<p>Setting this flag increases the chance for undetected upload failures, in particular an incorrect size, so it isn't recommended for normal operation. In practice the chance of an undetected upload failure is very small even with this flag.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_head</li>
-<li>Env Var: RCLONE_S3_NO_HEAD</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-no-head-object">--s3-no-head-object</h4>
-<p>If set, do not do HEAD before GET when getting objects.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_head_object</li>
-<li>Env Var: RCLONE_S3_NO_HEAD_OBJECT</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-encoding">--s3-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_S3_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,InvalidUtf8,Dot</li>
-</ul>
-<h4 id="s3-memory-pool-flush-time">--s3-memory-pool-flush-time</h4>
-<p>How often internal memory buffer pools will be flushed.</p>
-<p>Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations. This option controls how often unused buffers will be removed from the pool.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: memory_pool_flush_time</li>
-<li>Env Var: RCLONE_S3_MEMORY_POOL_FLUSH_TIME</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="s3-memory-pool-use-mmap">--s3-memory-pool-use-mmap</h4>
-<p>Whether to use mmap buffers in internal memory pool.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: memory_pool_use_mmap</li>
-<li>Env Var: RCLONE_S3_MEMORY_POOL_USE_MMAP</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-disable-http2">--s3-disable-http2</h4>
-<p>Disable usage of http2 for S3 backends.</p>
-<p>There is currently an unsolved issue with the s3 (specifically minio) backend and HTTP/2. HTTP/2 is enabled by default for the s3 backend but can be disabled here. When the issue is solved this flag will be removed.</p>
-<p>See: https://github.com/rclone/rclone/issues/4673, https://github.com/rclone/rclone/issues/3631</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_http2</li>
-<li>Env Var: RCLONE_S3_DISABLE_HTTP2</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-download-url">--s3-download-url</h4>
-<p>Custom endpoint for downloads. This is usually set to a CloudFront CDN URL as AWS S3 offers cheaper egress for data downloaded through the CloudFront network.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: download_url</li>
-<li>Env Var: RCLONE_S3_DOWNLOAD_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="s3-use-multipart-etag">--s3-use-multipart-etag</h4>
-<p>Whether to use ETag in multipart uploads for verification</p>
-<p>This should be true, false or left unset to use the default for the provider.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_multipart_etag</li>
-<li>Env Var: RCLONE_S3_USE_MULTIPART_ETAG</li>
-<li>Type: Tristate</li>
-<li>Default: unset</li>
-</ul>
-<h4 id="s3-use-presigned-request">--s3-use-presigned-request</h4>
-<p>Whether to use a presigned request or PutObject for single part uploads</p>
-<p>If this is false rclone will use PutObject from the AWS SDK to upload an object.</p>
-<p>Versions of rclone &lt; 1.59 use presigned requests to upload a single part object and setting this flag to true will re-enable that functionality. This shouldn't be necessary except in exceptional circumstances or for testing.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_presigned_request</li>
-<li>Env Var: RCLONE_S3_USE_PRESIGNED_REQUEST</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-versions">--s3-versions</h4>
-<p>Include old versions in directory listings.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: versions</li>
-<li>Env Var: RCLONE_S3_VERSIONS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-version-at">--s3-version-at</h4>
-<p>Show file versions as they were at the specified time.</p>
-<p>The parameter should be a date, "2006-01-02", datetime "2006-01-02 15:04:05" or a duration for that long ago, eg "100d" or "1h".</p>
-<p>Note that when using this no file write operations are permitted, so you can't upload files or delete them.</p>
-<p>See <a href="https://rclone.org/docs/#time-option">the time option docs</a> for valid formats.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: version_at</li>
-<li>Env Var: RCLONE_S3_VERSION_AT</li>
-<li>Type: Time</li>
-<li>Default: off</li>
-</ul>
-<h4 id="s3-decompress">--s3-decompress</h4>
-<p>If set this will decompress gzip encoded objects.</p>
-<p>It is possible to upload objects to S3 with "Content-Encoding: gzip" set. Normally rclone will download these files as compressed objects.</p>
-<p>If this flag is set then rclone will decompress these files with "Content-Encoding: gzip" as they are received. This means that rclone can't check the size and hash but the file contents will be decompressed.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: decompress</li>
-<li>Env Var: RCLONE_S3_DECOMPRESS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-might-gzip">--s3-might-gzip</h4>
-<p>Set this if the backend might gzip objects.</p>
-<p>Normally providers will not alter objects when they are downloaded. If an object was not uploaded with <code>Content-Encoding: gzip</code> then it won't be set on download.</p>
-<p>However some providers may gzip objects even if they weren't uploaded with <code>Content-Encoding: gzip</code> (eg Cloudflare).</p>
-<p>A symptom of this would be receiving errors like</p>
-<pre><code>ERROR corrupted on transfer: sizes differ NNN vs MMM</code></pre>
-<p>If you set this flag and rclone downloads an object with Content-Encoding: gzip set and chunked transfer encoding, then rclone will decompress the object on the fly.</p>
-<p>If this is set to unset (the default) then rclone will choose according to the provider setting what to apply, but you can override rclone's choice here.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: might_gzip</li>
-<li>Env Var: RCLONE_S3_MIGHT_GZIP</li>
-<li>Type: Tristate</li>
-<li>Default: unset</li>
-</ul>
-<h4 id="s3-no-system-metadata">--s3-no-system-metadata</h4>
-<p>Suppress setting and reading of system metadata</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_system_metadata</li>
-<li>Env Var: RCLONE_S3_NO_SYSTEM_METADATA</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="s3-sts-endpoint">--s3-sts-endpoint</h4>
-<p>Endpoint for STS.</p>
-<p>Leave blank if using AWS to use the default endpoint for the region.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sts_endpoint</li>
-<li>Env Var: RCLONE_S3_STS_ENDPOINT</li>
-<li>Provider: AWS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="metadata-2">Metadata</h3>
-<p>User metadata is stored as x-amz-meta- keys. S3 metadata keys are case insensitive and are always returned in lower case.</p>
-<p>Here are the possible system metadata items for the s3 backend.</p>
-<table>
-<colgroup>
-<col style="width: 15%" />
-<col style="width: 15%" />
-<col style="width: 15%" />
-<col style="width: 23%" />
-<col style="width: 28%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Name</th>
-<th>Help</th>
-<th>Type</th>
-<th>Example</th>
-<th>Read Only</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>btime</td>
-<td>Time of file birth (creation) read from Last-Modified header</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z07:00</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="even">
-<td>cache-control</td>
-<td>Cache-Control header</td>
-<td>string</td>
-<td>no-cache</td>
-<td>N</td>
-</tr>
-<tr class="odd">
-<td>content-disposition</td>
-<td>Content-Disposition header</td>
-<td>string</td>
-<td>inline</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>content-encoding</td>
-<td>Content-Encoding header</td>
-<td>string</td>
-<td>gzip</td>
-<td>N</td>
-</tr>
-<tr class="odd">
-<td>content-language</td>
-<td>Content-Language header</td>
-<td>string</td>
-<td>en-US</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>content-type</td>
-<td>Content-Type header</td>
-<td>string</td>
-<td>text/plain</td>
-<td>N</td>
-</tr>
-<tr class="odd">
-<td>mtime</td>
-<td>Time of last modification, read from rclone metadata</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z07:00</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>tier</td>
-<td>Tier of the object</td>
-<td>string</td>
-<td>GLACIER</td>
-<td><strong>Y</strong></td>
-</tr>
-</tbody>
-</table>
-<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
-<h2 id="backend-commands">Backend commands</h2>
-<p>Here are the commands specific to the s3 backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="restore">restore</h3>
-<p>Restore objects from GLACIER to normal storage</p>
-<pre><code>rclone backend restore remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command can be used to restore one or more objects from GLACIER to normal storage.</p>
-<p>Usage Examples:</p>
-<pre><code>rclone backend restore s3:bucket/path/to/object [-o priority=PRIORITY] [-o lifetime=DAYS]
-rclone backend restore s3:bucket/path/to/directory [-o priority=PRIORITY] [-o lifetime=DAYS]
-rclone backend restore s3:bucket [-o priority=PRIORITY] [-o lifetime=DAYS]</code></pre>
-<p>This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags</p>
-<pre><code>rclone --interactive backend restore --include &quot;*.txt&quot; s3:bucket/path -o priority=Standard</code></pre>
-<p>All the objects shown will be marked for restore, then</p>
-<pre><code>rclone backend restore --include &quot;*.txt&quot; s3:bucket/path -o priority=Standard</code></pre>
-<p>It returns a list of status dictionaries with Remote and Status keys. The Status will be OK if it was successful or an error message if not.</p>
-<pre><code>[
-    {
-        &quot;Status&quot;: &quot;OK&quot;,
-        &quot;Path&quot;: &quot;test.txt&quot;
-    },
-    {
-        &quot;Status&quot;: &quot;OK&quot;,
-        &quot;Path&quot;: &quot;test/file4.txt&quot;
-    }
-]</code></pre>
-<p>Options:</p>
-<ul>
-<li>"description": The optional description for the job.</li>
-<li>"lifetime": Lifetime of the active copy in days</li>
-<li>"priority": Priority of restore: Standard|Expedited|Bulk</li>
-</ul>
-<h3 id="list-multipart-uploads">list-multipart-uploads</h3>
-<p>List the unfinished multipart uploads</p>
-<pre><code>rclone backend list-multipart-uploads remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command lists the unfinished multipart uploads in JSON format.</p>
-<pre><code>rclone backend list-multipart s3:bucket/path/to/object</code></pre>
-<p>It returns a dictionary of buckets with values as lists of unfinished multipart uploads.</p>
-<p>You can call it with no bucket in which case it lists all bucket, with a bucket or with a bucket and path.</p>
-<pre><code>{
-  &quot;rclone&quot;: [
-    {
-      &quot;Initiated&quot;: &quot;2020-06-26T14:20:36Z&quot;,
-      &quot;Initiator&quot;: {
-        &quot;DisplayName&quot;: &quot;XXX&quot;,
-        &quot;ID&quot;: &quot;arn:aws:iam::XXX:user/XXX&quot;
-      },
-      &quot;Key&quot;: &quot;KEY&quot;,
-      &quot;Owner&quot;: {
-        &quot;DisplayName&quot;: null,
-        &quot;ID&quot;: &quot;XXX&quot;
-      },
-      &quot;StorageClass&quot;: &quot;STANDARD&quot;,
-      &quot;UploadId&quot;: &quot;XXX&quot;
-    }
-  ],
-  &quot;rclone-1000files&quot;: [],
-  &quot;rclone-dst&quot;: []
-}</code></pre>
-<h3 id="cleanup-2">cleanup</h3>
-<p>Remove unfinished multipart uploads.</p>
-<pre><code>rclone backend cleanup remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command removes unfinished multipart uploads of age greater than max-age which defaults to 24 hours.</p>
-<p>Note that you can use --interactive/-i or --dry-run with this command to see what it would do.</p>
-<pre><code>rclone backend cleanup s3:bucket/path/to/object
-rclone backend cleanup -o max-age=7w s3:bucket/path/to/object</code></pre>
-<p>Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.</p>
-<p>Options:</p>
-<ul>
-<li>"max-age": Max age of upload to delete</li>
-</ul>
-<h3 id="cleanup-hidden">cleanup-hidden</h3>
-<p>Remove old versions of files.</p>
-<pre><code>rclone backend cleanup-hidden remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command removes any old hidden versions of files on a versions enabled bucket.</p>
-<p>Note that you can use --interactive/-i or --dry-run with this command to see what it would do.</p>
-<pre><code>rclone backend cleanup-hidden s3:bucket/path/to/dir</code></pre>
-<h3 id="versioning">versioning</h3>
-<p>Set/get versioning support for a bucket.</p>
-<pre><code>rclone backend versioning remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command sets versioning support if a parameter is passed and then returns the current versioning status for the bucket supplied.</p>
-<pre><code>rclone backend versioning s3:bucket # read status only
-rclone backend versioning s3:bucket Enabled
-rclone backend versioning s3:bucket Suspended</code></pre>
-<p>It may return "Enabled", "Suspended" or "Unversioned". Note that once versioning has been enabled the status can't be set back to "Unversioned".</p>
-<h3 id="anonymous-access-to-public-buckets">Anonymous access to public buckets</h3>
-<p>If you want to use rclone to access a public bucket, configure with a blank <code>access_key_id</code> and <code>secret_access_key</code>. Your config should end up looking like this:</p>
-<pre><code>[anons3]
-type = s3
-provider = AWS
-env_auth = false
-access_key_id =
-secret_access_key =
-region = us-east-1
-endpoint =
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =</code></pre>
-<p>Then use it as normal with the name of the public bucket, e.g.</p>
-<pre><code>rclone lsd anons3:1000genomes</code></pre>
-<p>You will be able to list and copy data but not upload it.</p>
-<h2 id="providers-1">Providers</h2>
-<h3 id="aws-s3">AWS S3</h3>
-<p>This is the provider used as main example and described in the <a href="#configuration">configuration</a> section above.</p>
-<h3 id="aws-snowball-edge">AWS Snowball Edge</h3>
-<p><a href="https://aws.amazon.com/snowball/">AWS Snowball</a> is a hardware appliance used for transferring bulk data back to AWS. Its main software interface is S3 object storage.</p>
-<p>To use rclone with AWS Snowball Edge devices, configure as standard for an 'S3 Compatible Service'.</p>
-<p>If using rclone pre v1.59 be sure to set <code>upload_cutoff = 0</code> otherwise you will run into authentication header issues as the snowball device does not support query parameter based authentication.</p>
-<p>With rclone v1.59 or later setting <code>upload_cutoff</code> should not be necessary.</p>
-<p>eg.</p>
-<pre><code>[snowball]
-type = s3
-provider = Other
-access_key_id = YOUR_ACCESS_KEY
-secret_access_key = YOUR_SECRET_KEY
-endpoint = http://[IP of Snowball]:8080
-upload_cutoff = 0</code></pre>
-<h3 id="ceph">Ceph</h3>
-<p><a href="https://ceph.com/">Ceph</a> is an open-source, unified, distributed storage system designed for excellent performance, reliability and scalability. It has an S3 compatible object storage interface.</p>
-<p>To use rclone with Ceph, configure as above but leave the region blank and set the endpoint. You should end up with something like this in your config:</p>
-<pre><code>[ceph]
-type = s3
-provider = Ceph
-env_auth = false
-access_key_id = XXX
-secret_access_key = YYY
-region =
-endpoint = https://ceph.endpoint.example.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =</code></pre>
-<p>If you are using an older version of CEPH (e.g. 10.2.x Jewel) and a version of rclone before v1.59 then you may need to supply the parameter <code>--s3-upload-cutoff 0</code> or put this in the config file as <code>upload_cutoff 0</code> to work around a bug which causes uploading of small files to fail.</p>
-<p>Note also that Ceph sometimes puts <code>/</code> in the passwords it gives users. If you read the secret access key using the command line tools you will get a JSON blob with the <code>/</code> escaped as <code>\/</code>. Make sure you only write <code>/</code> in the secret access key.</p>
-<p>Eg the dump from Ceph looks something like this (irrelevant keys removed).</p>
-<pre><code>{
-    &quot;user_id&quot;: &quot;xxx&quot;,
-    &quot;display_name&quot;: &quot;xxxx&quot;,
-    &quot;keys&quot;: [
-        {
-            &quot;user&quot;: &quot;xxx&quot;,
-            &quot;access_key&quot;: &quot;xxxxxx&quot;,
-            &quot;secret_key&quot;: &quot;xxxxxx\/xxxx&quot;
-        }
-    ],
-}</code></pre>
-<p>Because this is a json dump, it is encoding the <code>/</code> as <code>\/</code>, so if you use the secret key as <code>xxxxxx/xxxx</code> it will work fine.</p>
-<h3 id="cloudflare-r2">Cloudflare R2</h3>
-<p><a href="https://blog.cloudflare.com/r2-open-beta/">Cloudflare R2</a> Storage allows developers to store large amounts of unstructured data without the costly egress bandwidth fees associated with typical cloud storage services.</p>
-<p>Here is an example of making a Cloudflare R2 configuration. First run:</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<p>Note that all buckets are private, and all are stored in the same "auto" region. It is necessary to use Cloudflare workers to share the content of a bucket publicly.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; r2
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-...
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-...
-Storage&gt; s3
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-...
-XX / Cloudflare R2 Storage
-   \ (Cloudflare)
-...
-provider&gt; Cloudflare
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth&gt; 1
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; ACCESS_KEY
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; SECRET_ACCESS_KEY
-Option region.
-Region to connect to.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / R2 buckets are automatically distributed across Cloudflare&#39;s data centers for low latency.
-   \ (auto)
-region&gt; 1
-Option endpoint.
-Endpoint for S3 API.
-Required when using an S3 clone.
-Enter a value. Press Enter to leave empty.
-endpoint&gt; https://ACCOUNT_ID.r2.cloudflarestorage.com
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This will leave your config looking something like:</p>
-<pre><code>[r2]
-type = s3
-provider = Cloudflare
-access_key_id = ACCESS_KEY
-secret_access_key = SECRET_ACCESS_KEY
-region = auto
-endpoint = https://ACCOUNT_ID.r2.cloudflarestorage.com
-acl = private</code></pre>
-<p>Now run <code>rclone lsf r2:</code> to see your buckets and <code>rclone lsf r2:bucket</code> to look within a bucket.</p>
-<h3 id="dreamhost">Dreamhost</h3>
-<p>Dreamhost <a href="https://www.dreamhost.com/cloud/storage/">DreamObjects</a> is an object storage system based on CEPH.</p>
-<p>To use rclone with Dreamhost, configure as above but leave the region blank and set the endpoint. You should end up with something like this in your config:</p>
-<pre><code>[dreamobjects]
-type = s3
-provider = DreamHost
-env_auth = false
-access_key_id = your_access_key
-secret_access_key = your_secret_key
-region =
-endpoint = objects-us-west-1.dream.io
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =</code></pre>
-<h3 id="digitalocean-spaces">DigitalOcean Spaces</h3>
-<p><a href="https://www.digitalocean.com/products/object-storage/">Spaces</a> is an <a href="https://developers.digitalocean.com/documentation/spaces/">S3-interoperable</a> object storage service from cloud provider DigitalOcean.</p>
-<p>To connect to DigitalOcean Spaces you will need an access key and secret key. These can be retrieved on the "<a href="https://cloud.digitalocean.com/settings/api/tokens">Applications &amp; API</a>" page of the DigitalOcean control panel. They will be needed when prompted by <code>rclone config</code> for your <code>access_key_id</code> and <code>secret_access_key</code>.</p>
-<p>When prompted for a <code>region</code> or <code>location_constraint</code>, press enter to use the default value. The region must be included in the <code>endpoint</code> setting (e.g. <code>nyc3.digitaloceanspaces.com</code>). The default values can be used for other settings.</p>
-<p>Going through the whole process of creating a new remote by running <code>rclone config</code>, each prompt should be answered as shown below:</p>
-<pre><code>Storage&gt; s3
-env_auth&gt; 1
-access_key_id&gt; YOUR_ACCESS_KEY
-secret_access_key&gt; YOUR_SECRET_KEY
-region&gt;
-endpoint&gt; nyc3.digitaloceanspaces.com
-location_constraint&gt;
-acl&gt;
-storage_class&gt;</code></pre>
-<p>The resulting configuration file should look like:</p>
-<pre><code>[spaces]
-type = s3
-provider = DigitalOcean
-env_auth = false
-access_key_id = YOUR_ACCESS_KEY
-secret_access_key = YOUR_SECRET_KEY
-region =
-endpoint = nyc3.digitaloceanspaces.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =</code></pre>
-<p>Once configured, you can create a new Space and begin copying files. For example:</p>
-<pre><code>rclone mkdir spaces:my-new-space
-rclone copy /path/to/files spaces:my-new-space</code></pre>
-<h3 id="huawei-obs">Huawei OBS</h3>
-<p>Object Storage Service (OBS) provides stable, secure, efficient, and easy-to-use cloud storage that lets you store virtually any volume of unstructured data in any format and access it from anywhere.</p>
-<p>OBS provides an S3 interface, you can copy and modify the following configuration and add it to your rclone configuration file.</p>
-<pre><code>[obs]
-type = s3
-provider = HuaweiOBS
-access_key_id = your-access-key-id
-secret_access_key = your-secret-access-key
-region = af-south-1
-endpoint = obs.af-south-1.myhuaweicloud.com
-acl = private</code></pre>
-<p>Or you can also configure via the interactive command line:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; obs
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-[snip]
-Storage&gt; 5
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
- 9 / Huawei Object Storage Service
-   \ (HuaweiOBS)
-[snip]
-provider&gt; 9
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth&gt; 1
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; your-access-key-id
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; your-secret-access-key
-Option region.
-Region to connect to.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / AF-Johannesburg
-   \ (af-south-1)
- 2 / AP-Bangkok
-   \ (ap-southeast-2)
-[snip]
-region&gt; 1
-Option endpoint.
-Endpoint for OBS API.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / AF-Johannesburg
-   \ (obs.af-south-1.myhuaweicloud.com)
- 2 / AP-Bangkok
-   \ (obs.ap-southeast-2.myhuaweicloud.com)
-[snip]
-endpoint&gt; 1
-Option acl.
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-[snip]
-acl&gt; 1
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt;
---------------------
-[obs]
-type = s3
-provider = HuaweiOBS
-access_key_id = your-access-key-id
-secret_access_key = your-secret-access-key
-region = af-south-1
-endpoint = obs.af-south-1.myhuaweicloud.com
-acl = private
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y
-Current remotes:
-
-Name                 Type
-====                 ====
-obs                  s3
-
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q&gt; q</code></pre>
-<h3 id="ibm-cos-s3">IBM COS (S3)</h3>
-<p>Information stored with IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations, and accessed through an implementation of the S3 API. This service makes use of the distributed storage technologies provided by IBM’s Cloud Object Storage System (formerly Cleversafe). For more information visit: (http://www.ibm.com/cloud/object-storage)</p>
-<p>To configure access to IBM COS S3, follow the steps below:</p>
-<ol type="1">
-<li>Run rclone config and select n for a new remote.</li>
-</ol>
-<pre><code>    2018/02/14 14:13:11 NOTICE: Config file &quot;C:\\Users\\a\\.config\\rclone\\rclone.conf&quot; not found - using defaults
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q&gt; n</code></pre>
-<ol start="2" type="1">
-<li>Enter the name for the configuration</li>
-</ol>
-<pre><code>    name&gt; &lt;YOUR NAME&gt;</code></pre>
-<ol start="3" type="1">
-<li>Select "s3" storage.</li>
-</ol>
-<pre><code>Choose a number from below, or type in your own value
-    1 / Alias for an existing remote
-    \ &quot;alias&quot;
-    2 / Amazon Drive
-    \ &quot;amazon cloud drive&quot;
-    3 / Amazon S3 Complaint Storage Providers (Dreamhost, Ceph, ChinaMobile, Liara, ArvanCloud, Minio, IBM COS)
-    \ &quot;s3&quot;
-    4 / Backblaze B2
-    \ &quot;b2&quot;
-[snip]
-    23 / HTTP
-    \ &quot;http&quot;
-Storage&gt; 3</code></pre>
-<ol start="4" type="1">
-<li>Select IBM COS as the S3 Storage Provider.</li>
-</ol>
-<pre><code>Choose the S3 provider.
-Choose a number from below, or type in your own value
-     1 / Choose this option to configure Storage to AWS S3
-       \ &quot;AWS&quot;
-     2 / Choose this option to configure Storage to Ceph Systems
-     \ &quot;Ceph&quot;
-     3 /  Choose this option to configure Storage to Dreamhost
-     \ &quot;Dreamhost&quot;
-   4 / Choose this option to the configure Storage to IBM COS S3
-     \ &quot;IBMCOS&quot;
-     5 / Choose this option to the configure Storage to Minio
-     \ &quot;Minio&quot;
-     Provider&gt;4</code></pre>
-<ol start="5" type="1">
-<li>Enter the Access Key and Secret.</li>
-</ol>
-<pre><code>    AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-    access_key_id&gt; &lt;&gt;
-    AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-    secret_access_key&gt; &lt;&gt;</code></pre>
-<ol start="6" type="1">
-<li>Specify the endpoint for IBM COS. For Public IBM COS, choose from the option below. For On Premise IBM COS, enter an endpoint address.</li>
-</ol>
-<pre><code>    Endpoint for IBM COS S3 API.
-    Specify if using an IBM COS On Premise.
-    Choose a number from below, or type in your own value
-     1 / US Cross Region Endpoint
-       \ &quot;s3-api.us-geo.objectstorage.softlayer.net&quot;
-     2 / US Cross Region Dallas Endpoint
-       \ &quot;s3-api.dal.us-geo.objectstorage.softlayer.net&quot;
-     3 / US Cross Region Washington DC Endpoint
-       \ &quot;s3-api.wdc-us-geo.objectstorage.softlayer.net&quot;
-     4 / US Cross Region San Jose Endpoint
-       \ &quot;s3-api.sjc-us-geo.objectstorage.softlayer.net&quot;
-     5 / US Cross Region Private Endpoint
-       \ &quot;s3-api.us-geo.objectstorage.service.networklayer.com&quot;
-     6 / US Cross Region Dallas Private Endpoint
-       \ &quot;s3-api.dal-us-geo.objectstorage.service.networklayer.com&quot;
-     7 / US Cross Region Washington DC Private Endpoint
-       \ &quot;s3-api.wdc-us-geo.objectstorage.service.networklayer.com&quot;
-     8 / US Cross Region San Jose Private Endpoint
-       \ &quot;s3-api.sjc-us-geo.objectstorage.service.networklayer.com&quot;
-     9 / US Region East Endpoint
-       \ &quot;s3.us-east.objectstorage.softlayer.net&quot;
-    10 / US Region East Private Endpoint
-       \ &quot;s3.us-east.objectstorage.service.networklayer.com&quot;
-    11 / US Region South Endpoint
-[snip]
-    34 / Toronto Single Site Private Endpoint
-       \ &quot;s3.tor01.objectstorage.service.networklayer.com&quot;
-    endpoint&gt;1</code></pre>
-<ol start="7" type="1">
-<li>Specify a IBM COS Location Constraint. The location constraint must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter</li>
-</ol>
-<pre><code>     1 / US Cross Region Standard
-       \ &quot;us-standard&quot;
-     2 / US Cross Region Vault
-       \ &quot;us-vault&quot;
-     3 / US Cross Region Cold
-       \ &quot;us-cold&quot;
-     4 / US Cross Region Flex
-       \ &quot;us-flex&quot;
-     5 / US East Region Standard
-       \ &quot;us-east-standard&quot;
-     6 / US East Region Vault
-       \ &quot;us-east-vault&quot;
-     7 / US East Region Cold
-       \ &quot;us-east-cold&quot;
-     8 / US East Region Flex
-       \ &quot;us-east-flex&quot;
-     9 / US South Region Standard
-       \ &quot;us-south-standard&quot;
-    10 / US South Region Vault
-       \ &quot;us-south-vault&quot;
-[snip]
-    32 / Toronto Flex
-       \ &quot;tor01-flex&quot;
-location_constraint&gt;1</code></pre>
-<ol start="9" type="1">
-<li>Specify a canned ACL. IBM Cloud (Storage) supports "public-read" and "private". IBM Cloud(Infra) supports all the canned ACLs. On-Premise COS supports all the canned ACLs.</li>
-</ol>
-<pre><code>Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
-      1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
-      \ &quot;private&quot;
-      2  / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
-      \ &quot;public-read&quot;
-      3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
-      \ &quot;public-read-write&quot;
-      4  / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
-      \ &quot;authenticated-read&quot;
-acl&gt; 1</code></pre>
-<ol start="12" type="1">
-<li>Review the displayed configuration and accept to save the "remote" then quit. The config file should look like this</li>
-</ol>
-<pre><code>    [xxx]
-    type = s3
-    Provider = IBMCOS
-    access_key_id = xxx
-    secret_access_key = yyy
-    endpoint = s3-api.us-geo.objectstorage.softlayer.net
-    location_constraint = us-standard
-    acl = private</code></pre>
-<ol start="13" type="1">
-<li>Execute rclone commands</li>
-</ol>
-<pre><code>    1)  Create a bucket.
-        rclone mkdir IBM-COS-XREGION:newbucket
-    2)  List available buckets.
-        rclone lsd IBM-COS-XREGION:
-        -1 2017-11-08 21:16:22        -1 test
-        -1 2018-02-14 20:16:39        -1 newbucket
-    3)  List contents of a bucket.
-        rclone ls IBM-COS-XREGION:newbucket
-        18685952 test.exe
-    4)  Copy a file from local to remote.
-        rclone copy /Users/file.txt IBM-COS-XREGION:newbucket
-    5)  Copy a file from remote to local.
-        rclone copy IBM-COS-XREGION:newbucket/file.txt .
-    6)  Delete a file on remote.
-        rclone delete IBM-COS-XREGION:newbucket/file.txt</code></pre>
-<h3 id="idrive-e2">IDrive e2</h3>
-<p>Here is an example of making an <a href="https://www.idrive.com/e2/">IDrive e2</a> configuration. First run:</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-
-Enter name for new remote.
-name&gt; e2
-
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-[snip]
-Storage&gt; s3
-
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
-XX / IDrive e2
-   \ (IDrive)
-[snip]
-provider&gt; IDrive
-
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth&gt; 
-
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; YOUR_ACCESS_KEY
-
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; YOUR_SECRET_KEY
-
-Option acl.
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-   / Owner gets FULL_CONTROL.
- 2 | The AllUsers group gets READ access.
-   \ (public-read)
-   / Owner gets FULL_CONTROL.
- 3 | The AllUsers group gets READ and WRITE access.
-   | Granting this on a bucket is generally not recommended.
-   \ (public-read-write)
-   / Owner gets FULL_CONTROL.
- 4 | The AuthenticatedUsers group gets READ access.
-   \ (authenticated-read)
-   / Object owner gets FULL_CONTROL.
- 5 | Bucket owner gets READ access.
-   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \ (bucket-owner-read)
-   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
- 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \ (bucket-owner-full-control)
-acl&gt; 
-
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; 
-
-Configuration complete.
-Options:
-- type: s3
-- provider: IDrive
-- access_key_id: YOUR_ACCESS_KEY
-- secret_access_key: YOUR_SECRET_KEY
-- endpoint: q9d9.la12.idrivee2-5.com
-Keep this &quot;e2&quot; remote?
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="ionos">IONOS Cloud</h3>
-<p><a href="https://cloud.ionos.com/storage/object-storage">IONOS S3 Object Storage</a> is a service offered by IONOS for storing and accessing unstructured data. To connect to the service, you will need an access key and a secret key. These can be found in the <a href="https://dcd.ionos.com/">Data Center Designer</a>, by selecting <strong>Manager resources</strong> &gt; <strong>Object Storage Key Manager</strong>.</p>
-<p>Here is an example of a configuration. First, run <code>rclone config</code>. This will walk you through an interactive setup process. Type <code>n</code> to add the new remote, and then enter a name:</p>
-<pre><code>Enter name for new remote.
-name&gt; ionos-fra</code></pre>
-<p>Type <code>s3</code> to choose the connection type:</p>
-<pre><code>Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-[snip]
-Storage&gt; s3</code></pre>
-<p>Type <code>IONOS</code>:</p>
-<pre><code>Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
-XX / IONOS Cloud
-   \ (IONOS)
-[snip]
-provider&gt; IONOS</code></pre>
-<p>Press Enter to choose the default option <code>Enter AWS credentials in the next step</code>:</p>
-<pre><code>Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth&gt;</code></pre>
-<p>Enter your Access Key and Secret key. These can be retrieved in the <a href="https://dcd.ionos.com/">Data Center Designer</a>, click on the menu “Manager resources” / "Object Storage Key Manager".</p>
-<pre><code>Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; YOUR_ACCESS_KEY
-
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; YOUR_SECRET_KEY</code></pre>
-<p>Choose the region where your bucket is located:</p>
-<pre><code>Option region.
-Region where your bucket will be created and your data stored.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Frankfurt, Germany
-   \ (de)
- 2 / Berlin, Germany
-   \ (eu-central-2)
- 3 / Logrono, Spain
-   \ (eu-south-2)
-region&gt; 2</code></pre>
-<p>Choose the endpoint from the same region:</p>
-<pre><code>Option endpoint.
-Endpoint for IONOS S3 Object Storage.
-Specify the endpoint from the same region.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Frankfurt, Germany
-   \ (s3-eu-central-1.ionoscloud.com)
- 2 / Berlin, Germany
-   \ (s3-eu-central-2.ionoscloud.com)
- 3 / Logrono, Spain
-   \ (s3-eu-south-2.ionoscloud.com)
-endpoint&gt; 1</code></pre>
-<p>Press Enter to choose the default option or choose the desired ACL setting:</p>
-<pre><code>Option acl.
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-   / Owner gets FULL_CONTROL.
-[snip]
-acl&gt;</code></pre>
-<p>Press Enter to skip the advanced config:</p>
-<pre><code>Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt;</code></pre>
-<p>Press Enter to save the configuration, and then <code>q</code> to quit the configuration process:</p>
-<pre><code>Configuration complete.
-Options:
-- type: s3
-- provider: IONOS
-- access_key_id: YOUR_ACCESS_KEY
-- secret_access_key: YOUR_SECRET_KEY
-- endpoint: s3-eu-central-1.ionoscloud.com
-Keep this &quot;ionos-fra&quot; remote?
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>Done! Now you can try some commands (for macOS, use <code>./rclone</code> instead of <code>rclone</code>).</p>
-<ol type="1">
-<li>Create a bucket (the name must be unique within the whole IONOS S3)</li>
-</ol>
-<pre><code>rclone mkdir ionos-fra:my-bucket</code></pre>
-<ol start="2" type="1">
-<li>List available buckets</li>
-</ol>
-<pre><code>rclone lsd ionos-fra:</code></pre>
-<ol start="4" type="1">
-<li>Copy a file from local to remote</li>
-</ol>
-<pre><code>rclone copy /Users/file.txt ionos-fra:my-bucket</code></pre>
-<ol start="3" type="1">
-<li>List contents of a bucket</li>
-</ol>
-<pre><code>rclone ls ionos-fra:my-bucket</code></pre>
-<ol start="5" type="1">
-<li>Copy a file from remote to local</li>
-</ol>
-<pre><code>rclone copy ionos-fra:my-bucket/file.txt</code></pre>
-<h3 id="minio">Minio</h3>
-<p><a href="https://minio.io/">Minio</a> is an object storage server built for cloud application developers and devops.</p>
-<p>It is very easy to install and provides an S3 compatible server which can be used by rclone.</p>
-<p>To use it, install Minio following the instructions <a href="https://docs.minio.io/docs/minio-quickstart-guide">here</a>.</p>
-<p>When it configures itself Minio will print something like this</p>
-<pre><code>Endpoint:  http://192.168.1.106:9000  http://172.23.0.1:9000
-AccessKey: USWUXHGYZQYFYFFIT3RE
-SecretKey: MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
-Region:    us-east-1
-SQS ARNs:  arn:minio:sqs:us-east-1:1:redis arn:minio:sqs:us-east-1:2:redis
-
-Browser Access:
-   http://192.168.1.106:9000  http://172.23.0.1:9000
-
-Command-line Access: https://docs.minio.io/docs/minio-client-quickstart-guide
-   $ mc config host add myminio http://192.168.1.106:9000 USWUXHGYZQYFYFFIT3RE MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
-
-Object API (Amazon S3 compatible):
-   Go:         https://docs.minio.io/docs/golang-client-quickstart-guide
-   Java:       https://docs.minio.io/docs/java-client-quickstart-guide
-   Python:     https://docs.minio.io/docs/python-client-quickstart-guide
-   JavaScript: https://docs.minio.io/docs/javascript-client-quickstart-guide
-   .NET:       https://docs.minio.io/docs/dotnet-client-quickstart-guide
-
-Drive Capacity: 26 GiB Free, 165 GiB Total</code></pre>
-<p>These details need to go into <code>rclone config</code> like this. Note that it is important to put the region in as stated above.</p>
-<pre><code>env_auth&gt; 1
-access_key_id&gt; USWUXHGYZQYFYFFIT3RE
-secret_access_key&gt; MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
-region&gt; us-east-1
-endpoint&gt; http://192.168.1.106:9000
-location_constraint&gt;
-server_side_encryption&gt;</code></pre>
-<p>Which makes the config file look like this</p>
-<pre><code>[minio]
-type = s3
-provider = Minio
-env_auth = false
-access_key_id = USWUXHGYZQYFYFFIT3RE
-secret_access_key = MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
-region = us-east-1
-endpoint = http://192.168.1.106:9000
-location_constraint =
-server_side_encryption =</code></pre>
-<p>So once set up, for example, to copy files into a bucket</p>
-<pre><code>rclone copy /path/to/files minio:bucket</code></pre>
-<h3 id="qiniu">Qiniu Cloud Object Storage (Kodo)</h3>
-<p><a href="https://www.qiniu.com/en/products/kodo">Qiniu Cloud Object Storage (Kodo)</a>, a completely independent-researched core technology which is proven by repeated customer experience has occupied absolute leading market leader position. Kodo can be widely applied to mass data management.</p>
-<p>To configure access to Qiniu Kodo, follow the steps below:</p>
-<ol type="1">
-<li>Run <code>rclone config</code> and select <code>n</code> for a new remote.</li>
-</ol>
-<pre><code>rclone config
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n</code></pre>
-<ol start="2" type="1">
-<li>Give the name of the configuration. For example, name it 'qiniu'.</li>
-</ol>
-<pre><code>name&gt; qiniu</code></pre>
-<ol start="3" type="1">
-<li>Select <code>s3</code> storage.</li>
-</ol>
-<pre><code>Choose a number from below, or type in your own value
- 1 / 1Fichier
-   \ (fichier)
- 2 / Akamai NetStorage
-   \ (netstorage)
- 3 / Alias for an existing remote
-   \ (alias)
- 4 / Amazon Drive
-   \ (amazon cloud drive)
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi
-   \ (s3)
-[snip]
-Storage&gt; s3</code></pre>
-<ol start="4" type="1">
-<li>Select <code>Qiniu</code> provider.</li>
-</ol>
-<pre><code>Choose a number from below, or type in your own value
-1 / Amazon Web Services (AWS) S3
-   \ &quot;AWS&quot;
-[snip]
-22 / Qiniu Object Storage (Kodo)
-   \ (Qiniu)
-[snip]
-provider&gt; Qiniu</code></pre>
-<ol start="5" type="1">
-<li>Enter your SecretId and SecretKey of Qiniu Kodo.</li>
-</ol>
-<pre><code>Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ &quot;false&quot;
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ &quot;true&quot;
-env_auth&gt; 1
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-access_key_id&gt; AKIDxxxxxxxxxx
-AWS Secret Access Key (password)
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-secret_access_key&gt; xxxxxxxxxxx</code></pre>
-<ol start="6" type="1">
-<li>Select endpoint for Qiniu Kodo. This is the standard endpoint for different region.</li>
-</ol>
-<pre><code>   / The default endpoint - a good choice if you are unsure.
- 1 | East China Region 1.
-   | Needs location constraint cn-east-1.
-   \ (cn-east-1)
-   / East China Region 2.
- 2 | Needs location constraint cn-east-2.
-   \ (cn-east-2)
-   / North China Region 1.
- 3 | Needs location constraint cn-north-1.
-   \ (cn-north-1)
-   / South China Region 1.
- 4 | Needs location constraint cn-south-1.
-   \ (cn-south-1)
-   / North America Region.
- 5 | Needs location constraint us-north-1.
-   \ (us-north-1)
-   / Southeast Asia Region 1.
- 6 | Needs location constraint ap-southeast-1.
-   \ (ap-southeast-1)
-   / Northeast Asia Region 1.
- 7 | Needs location constraint ap-northeast-1.
-   \ (ap-northeast-1)
-[snip]
-endpoint&gt; 1
-
-Option endpoint.
-Endpoint for Qiniu Object Storage.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / East China Endpoint 1
-   \ (s3-cn-east-1.qiniucs.com)
- 2 / East China Endpoint 2
-   \ (s3-cn-east-2.qiniucs.com)
- 3 / North China Endpoint 1
-   \ (s3-cn-north-1.qiniucs.com)
- 4 / South China Endpoint 1
-   \ (s3-cn-south-1.qiniucs.com)
- 5 / North America Endpoint 1
-   \ (s3-us-north-1.qiniucs.com)
- 6 / Southeast Asia Endpoint 1
-   \ (s3-ap-southeast-1.qiniucs.com)
- 7 / Northeast Asia Endpoint 1
-   \ (s3-ap-northeast-1.qiniucs.com)
-endpoint&gt; 1
-
-Option location_constraint.
-Location constraint - must be set to match the Region.
-Used when creating buckets only.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / East China Region 1
-   \ (cn-east-1)
- 2 / East China Region 2
-   \ (cn-east-2)
- 3 / North China Region 1
-   \ (cn-north-1)
- 4 / South China Region 1
-   \ (cn-south-1)
- 5 / North America Region 1
-   \ (us-north-1)
- 6 / Southeast Asia Region 1
-   \ (ap-southeast-1)
- 7 / Northeast Asia Region 1
-   \ (ap-northeast-1)
-location_constraint&gt; 1</code></pre>
-<ol start="7" type="1">
-<li>Choose acl and storage class.</li>
-</ol>
-<pre><code>Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-   / Owner gets FULL_CONTROL.
- 2 | The AllUsers group gets READ access.
-   \ (public-read)
-[snip]
-acl&gt; 2
-The storage class to use when storing new objects in Tencent COS.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Standard storage class
-   \ (STANDARD)
- 2 / Infrequent access storage mode
-   \ (LINE)
- 3 / Archive storage mode
-   \ (GLACIER)
- 4 / Deep archive storage mode
-   \ (DEEP_ARCHIVE)
-[snip]
-storage_class&gt; 1
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
---------------------
-[qiniu]
-- type: s3
-- provider: Qiniu
-- access_key_id: xxx
-- secret_access_key: xxx
-- region: cn-east-1
-- endpoint: s3-cn-east-1.qiniucs.com
-- location_constraint: cn-east-1
-- acl: public-read
-- storage_class: STANDARD
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y
-Current remotes:
-
-Name                 Type
-====                 ====
-qiniu                s3</code></pre>
-<h3 id="RackCorp">RackCorp</h3>
-<p><a href="https://www.rackcorp.com/storage/s3storage">RackCorp Object Storage</a> is an S3 compatible object storage platform from your friendly cloud provider RackCorp. The service is fast, reliable, well priced and located in many strategic locations unserviced by others, to ensure you can maintain data sovereignty.</p>
-<p>Before you can use RackCorp Object Storage, you'll need to "<a href="https://www.rackcorp.com/signup">sign up</a>" for an account on our "<a href="https://portal.rackcorp.com">portal</a>". Next you can create an <code>access key</code>, a <code>secret key</code> and <code>buckets</code>, in your location of choice with ease. These details are required for the next steps of configuration, when <code>rclone config</code> asks for your <code>access_key_id</code> and <code>secret_access_key</code>.</p>
-<p>Your config should end up looking a bit like this:</p>
-<pre><code>[RCS3-demo-config]
-type = s3
-provider = RackCorp
-env_auth = true
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region = au-nsw
-endpoint = s3.rackcorp.com
-location_constraint = au-nsw</code></pre>
-<h3 id="scaleway">Scaleway</h3>
-<p><a href="https://www.scaleway.com/object-storage/">Scaleway</a> The Object Storage platform allows you to store anything from backups, logs and web assets to documents and photos. Files can be dropped from the Scaleway console or transferred through our API and CLI or using any S3-compatible tool.</p>
-<p>Scaleway provides an S3 interface which can be configured for use with rclone like this:</p>
-<pre><code>[scaleway]
-type = s3
-provider = Scaleway
-env_auth = false
-endpoint = s3.nl-ams.scw.cloud
-access_key_id = SCWXXXXXXXXXXXXXX
-secret_access_key = 1111111-2222-3333-44444-55555555555555
-region = nl-ams
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =</code></pre>
-<p><a href="https://www.online.net/en/storage/c14-cold-storage">C14 Cold Storage</a> is the low-cost S3 Glacier alternative from Scaleway and it works the same way as on S3 by accepting the "GLACIER" <code>storage_class</code>. So you can configure your remote with the <code>storage_class = GLACIER</code> option to upload directly to C14. Don't forget that in this state you can't read files back after, you will need to restore them to "STANDARD" storage_class first before being able to read them (see "restore" section above)</p>
-<h3 id="lyve">Seagate Lyve Cloud</h3>
-<p><a href="https://www.seagate.com/gb/en/services/cloud/storage/">Seagate Lyve Cloud</a> is an S3 compatible object storage platform from <a href="https://seagate.com/">Seagate</a> intended for enterprise use.</p>
-<p>Here is a config run through for a remote called <code>remote</code> - you may choose a different name of course. Note that to create an access key and secret key you will need to create a service account first.</p>
-<pre><code>$ rclone config
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote</code></pre>
-<p>Choose <code>s3</code> backend</p>
-<pre><code>Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
-   \ (s3)
-[snip]
-Storage&gt; s3</code></pre>
-<p>Choose <code>LyveCloud</code> as S3 provider</p>
-<pre><code>Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
-XX / Seagate Lyve Cloud
-   \ (LyveCloud)
-[snip]
-provider&gt; LyveCloud</code></pre>
-<p>Take the default (just press enter) to enter access key and secret in the config file.</p>
-<pre><code>Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth&gt;</code></pre>
-<pre><code>AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; XXX</code></pre>
-<pre><code>AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; YYY</code></pre>
-<p>Leave region blank</p>
-<pre><code>Region to connect to.
-Leave blank if you are using an S3 clone and you don&#39;t have a region.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Use this if unsure.
- 1 | Will use v4 signatures and an empty region.
-   \ ()
-   / Use this only if v4 signatures don&#39;t work.
- 2 | E.g. pre Jewel/v10 CEPH.
-   \ (other-v2-signature)
-region&gt;</code></pre>
-<p>Choose an endpoint from the list</p>
-<pre><code>Endpoint for S3 API.
-Required when using an S3 clone.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Seagate Lyve Cloud US East 1 (Virginia)
-   \ (s3.us-east-1.lyvecloud.seagate.com)
- 2 / Seagate Lyve Cloud US West 1 (California)
-   \ (s3.us-west-1.lyvecloud.seagate.com)
- 3 / Seagate Lyve Cloud AP Southeast 1 (Singapore)
-   \ (s3.ap-southeast-1.lyvecloud.seagate.com)
-endpoint&gt; 1</code></pre>
-<p>Leave location constraint blank</p>
-<pre><code>Location constraint - must be set to match the Region.
-Leave blank if not sure. Used when creating buckets only.
-Enter a value. Press Enter to leave empty.
-location_constraint&gt;</code></pre>
-<p>Choose default ACL (<code>private</code>).</p>
-<pre><code>Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-[snip]
-acl&gt;</code></pre>
-<p>And the config file should end up looking like this:</p>
-<pre><code>[remote]
-type = s3
-provider = LyveCloud
-access_key_id = XXX
-secret_access_key = YYY
-endpoint = s3.us-east-1.lyvecloud.seagate.com</code></pre>
-<h3 id="seaweedfs">SeaweedFS</h3>
-<p><a href="https://github.com/chrislusf/seaweedfs/">SeaweedFS</a> is a distributed storage system for blobs, objects, files, and data lake, with O(1) disk seek and a scalable file metadata store. It has an S3 compatible object storage interface. SeaweedFS can also act as a <a href="https://github.com/chrislusf/seaweedfs/wiki/Gateway-to-Remote-Object-Storage">gateway to remote S3 compatible object store</a> to cache data and metadata with asynchronous write back, for fast local speed and minimize access cost.</p>
-<p>Assuming the SeaweedFS are configured with <code>weed shell</code> as such:</p>
-<pre><code>&gt; s3.bucket.create -name foo
-&gt; s3.configure -access_key=any -secret_key=any -buckets=foo -user=me -actions=Read,Write,List,Tagging,Admin -apply
-{
-  &quot;identities&quot;: [
-    {
-      &quot;name&quot;: &quot;me&quot;,
-      &quot;credentials&quot;: [
-        {
-          &quot;accessKey&quot;: &quot;any&quot;,
-          &quot;secretKey&quot;: &quot;any&quot;
-        }
-      ],
-      &quot;actions&quot;: [
-        &quot;Read:foo&quot;,
-        &quot;Write:foo&quot;,
-        &quot;List:foo&quot;,
-        &quot;Tagging:foo&quot;,
-        &quot;Admin:foo&quot;
-      ]
-    }
-  ]
-}</code></pre>
-<p>To use rclone with SeaweedFS, above configuration should end up with something like this in your config:</p>
-<pre><code>[seaweedfs_s3]
-type = s3
-provider = SeaweedFS
-access_key_id = any
-secret_access_key = any
-endpoint = localhost:8333</code></pre>
-<p>So once set up, for example to copy files into a bucket</p>
-<pre><code>rclone copy /path/to/files seaweedfs_s3:foo</code></pre>
-<h3 id="wasabi">Wasabi</h3>
-<p><a href="https://wasabi.com">Wasabi</a> is a cloud-based object storage service for a broad range of applications and use cases. Wasabi is designed for individuals and organizations that require a high-performance, reliable, and secure data storage infrastructure at minimal cost.</p>
-<p>Wasabi provides an S3 interface which can be configured for use with rclone like this.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-n/s&gt; n
-name&gt; wasabi
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Minio, Liara)
-   \ &quot;s3&quot;
-[snip]
-Storage&gt; s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ &quot;false&quot;
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ &quot;true&quot;
-env_auth&gt; 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id&gt; YOURACCESSKEY
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key&gt; YOURSECRETACCESSKEY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint - a good choice if you are unsure.
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \ &quot;us-east-1&quot;
-[snip]
-region&gt; us-east-1
-Endpoint for S3 API.
-Leave blank if using AWS to use the default endpoint for the region.
-Specify if using an S3 clone such as Ceph.
-endpoint&gt; s3.wasabisys.com
-Location constraint - must be set to match the Region. Used when creating buckets only.
-Choose a number from below, or type in your own value
- 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
-   \ &quot;&quot;
-[snip]
-location_constraint&gt;
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ &quot;private&quot;
-[snip]
-acl&gt;
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value
- 1 / None
-   \ &quot;&quot;
- 2 / AES256
-   \ &quot;AES256&quot;
-server_side_encryption&gt;
-The storage class to use when storing objects in S3.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ &quot;&quot;
- 2 / Standard storage class
-   \ &quot;STANDARD&quot;
- 3 / Reduced redundancy storage class
-   \ &quot;REDUCED_REDUNDANCY&quot;
- 4 / Standard Infrequent Access storage class
-   \ &quot;STANDARD_IA&quot;
-storage_class&gt;
-Remote config
---------------------
-[wasabi]
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region = us-east-1
-endpoint = s3.wasabisys.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This will leave the config file looking like this.</p>
-<pre><code>[wasabi]
-type = s3
-provider = Wasabi
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region =
-endpoint = s3.wasabisys.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =</code></pre>
-<h3 id="alibaba-oss">Alibaba OSS</h3>
-<p>Here is an example of making an <a href="https://www.alibabacloud.com/product/oss/">Alibaba Cloud (Aliyun) OSS</a> configuration. First run:</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; oss
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
- 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
-   \ &quot;s3&quot;
-[snip]
-Storage&gt; s3
-Choose your S3 provider.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Amazon Web Services (AWS) S3
-   \ &quot;AWS&quot;
- 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
-   \ &quot;Alibaba&quot;
- 3 / Ceph Object Storage
-   \ &quot;Ceph&quot;
-[snip]
-provider&gt; Alibaba
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ &quot;false&quot;
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ &quot;true&quot;
-env_auth&gt; 1
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-access_key_id&gt; accesskeyid
-AWS Secret Access Key (password)
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-secret_access_key&gt; secretaccesskey
-Endpoint for OSS API.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / East China 1 (Hangzhou)
-   \ &quot;oss-cn-hangzhou.aliyuncs.com&quot;
- 2 / East China 2 (Shanghai)
-   \ &quot;oss-cn-shanghai.aliyuncs.com&quot;
- 3 / North China 1 (Qingdao)
-   \ &quot;oss-cn-qingdao.aliyuncs.com&quot;
-[snip]
-endpoint&gt; 1
-Canned ACL used when creating buckets and storing or copying objects.
-
-Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ &quot;private&quot;
- 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
-   \ &quot;public-read&quot;
-   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
-[snip]
-acl&gt; 1
-The storage class to use when storing new objects in OSS.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Default
-   \ &quot;&quot;
- 2 / Standard storage class
-   \ &quot;STANDARD&quot;
- 3 / Archive storage mode.
-   \ &quot;GLACIER&quot;
- 4 / Infrequent access storage mode.
-   \ &quot;STANDARD_IA&quot;
-storage_class&gt; 1
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n&gt; n
-Remote config
---------------------
-[oss]
-type = s3
-provider = Alibaba
-env_auth = false
-access_key_id = accesskeyid
-secret_access_key = secretaccesskey
-endpoint = oss-cn-hangzhou.aliyuncs.com
-acl = private
-storage_class = Standard
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="china-mobile-ecloud-eos">China Mobile Ecloud Elastic Object Storage (EOS)</h3>
-<p>Here is an example of making an <a href="https:///ecloud.10086.cn/home/product-introduction/eos/">China Mobile Ecloud Elastic Object Storage (EOS)</a> configuration. First run:</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; ChinaMobile
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
- ...
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
-   \ (s3)
- ...
-Storage&gt; s3
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- ...
- 4 / China Mobile Ecloud Elastic Object Storage (EOS)
-   \ (ChinaMobile)
- ...
-provider&gt; ChinaMobile
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth&gt;
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; accesskeyid
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; secretaccesskey
-Option endpoint.
-Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / The default endpoint - a good choice if you are unsure.
- 1 | East China (Suzhou)
-   \ (eos-wuxi-1.cmecloud.cn)
- 2 / East China (Jinan)
-   \ (eos-jinan-1.cmecloud.cn)
- 3 / East China (Hangzhou)
-   \ (eos-ningbo-1.cmecloud.cn)
- 4 / East China (Shanghai-1)
-   \ (eos-shanghai-1.cmecloud.cn)
- 5 / Central China (Zhengzhou)
-   \ (eos-zhengzhou-1.cmecloud.cn)
- 6 / Central China (Changsha-1)
-   \ (eos-hunan-1.cmecloud.cn)
- 7 / Central China (Changsha-2)
-   \ (eos-zhuzhou-1.cmecloud.cn)
- 8 / South China (Guangzhou-2)
-   \ (eos-guangzhou-1.cmecloud.cn)
- 9 / South China (Guangzhou-3)
-   \ (eos-dongguan-1.cmecloud.cn)
-10 / North China (Beijing-1)
-   \ (eos-beijing-1.cmecloud.cn)
-11 / North China (Beijing-2)
-   \ (eos-beijing-2.cmecloud.cn)
-12 / North China (Beijing-3)
-   \ (eos-beijing-4.cmecloud.cn)
-13 / North China (Huhehaote)
-   \ (eos-huhehaote-1.cmecloud.cn)
-14 / Southwest China (Chengdu)
-   \ (eos-chengdu-1.cmecloud.cn)
-15 / Southwest China (Chongqing)
-   \ (eos-chongqing-1.cmecloud.cn)
-16 / Southwest China (Guiyang)
-   \ (eos-guiyang-1.cmecloud.cn)
-17 / Nouthwest China (Xian)
-   \ (eos-xian-1.cmecloud.cn)
-18 / Yunnan China (Kunming)
-   \ (eos-yunnan.cmecloud.cn)
-19 / Yunnan China (Kunming-2)
-   \ (eos-yunnan-2.cmecloud.cn)
-20 / Tianjin China (Tianjin)
-   \ (eos-tianjin-1.cmecloud.cn)
-21 / Jilin China (Changchun)
-   \ (eos-jilin-1.cmecloud.cn)
-22 / Hubei China (Xiangyan)
-   \ (eos-hubei-1.cmecloud.cn)
-23 / Jiangxi China (Nanchang)
-   \ (eos-jiangxi-1.cmecloud.cn)
-24 / Gansu China (Lanzhou)
-   \ (eos-gansu-1.cmecloud.cn)
-25 / Shanxi China (Taiyuan)
-   \ (eos-shanxi-1.cmecloud.cn)
-26 / Liaoning China (Shenyang)
-   \ (eos-liaoning-1.cmecloud.cn)
-27 / Hebei China (Shijiazhuang)
-   \ (eos-hebei-1.cmecloud.cn)
-28 / Fujian China (Xiamen)
-   \ (eos-fujian-1.cmecloud.cn)
-29 / Guangxi China (Nanning)
-   \ (eos-guangxi-1.cmecloud.cn)
-30 / Anhui China (Huainan)
-   \ (eos-anhui-1.cmecloud.cn)
-endpoint&gt; 1
-Option location_constraint.
-Location constraint - must match endpoint.
-Used when creating buckets only.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / East China (Suzhou)
-   \ (wuxi1)
- 2 / East China (Jinan)
-   \ (jinan1)
- 3 / East China (Hangzhou)
-   \ (ningbo1)
- 4 / East China (Shanghai-1)
-   \ (shanghai1)
- 5 / Central China (Zhengzhou)
-   \ (zhengzhou1)
- 6 / Central China (Changsha-1)
-   \ (hunan1)
- 7 / Central China (Changsha-2)
-   \ (zhuzhou1)
- 8 / South China (Guangzhou-2)
-   \ (guangzhou1)
- 9 / South China (Guangzhou-3)
-   \ (dongguan1)
-10 / North China (Beijing-1)
-   \ (beijing1)
-11 / North China (Beijing-2)
-   \ (beijing2)
-12 / North China (Beijing-3)
-   \ (beijing4)
-13 / North China (Huhehaote)
-   \ (huhehaote1)
-14 / Southwest China (Chengdu)
-   \ (chengdu1)
-15 / Southwest China (Chongqing)
-   \ (chongqing1)
-16 / Southwest China (Guiyang)
-   \ (guiyang1)
-17 / Nouthwest China (Xian)
-   \ (xian1)
-18 / Yunnan China (Kunming)
-   \ (yunnan)
-19 / Yunnan China (Kunming-2)
-   \ (yunnan2)
-20 / Tianjin China (Tianjin)
-   \ (tianjin1)
-21 / Jilin China (Changchun)
-   \ (jilin1)
-22 / Hubei China (Xiangyan)
-   \ (hubei1)
-23 / Jiangxi China (Nanchang)
-   \ (jiangxi1)
-24 / Gansu China (Lanzhou)
-   \ (gansu1)
-25 / Shanxi China (Taiyuan)
-   \ (shanxi1)
-26 / Liaoning China (Shenyang)
-   \ (liaoning1)
-27 / Hebei China (Shijiazhuang)
-   \ (hebei1)
-28 / Fujian China (Xiamen)
-   \ (fujian1)
-29 / Guangxi China (Nanning)
-   \ (guangxi1)
-30 / Anhui China (Huainan)
-   \ (anhui1)
-location_constraint&gt; 1
-Option acl.
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-   / Owner gets FULL_CONTROL.
- 2 | The AllUsers group gets READ access.
-   \ (public-read)
-   / Owner gets FULL_CONTROL.
- 3 | The AllUsers group gets READ and WRITE access.
-   | Granting this on a bucket is generally not recommended.
-   \ (public-read-write)
-   / Owner gets FULL_CONTROL.
- 4 | The AuthenticatedUsers group gets READ access.
-   \ (authenticated-read)
-   / Object owner gets FULL_CONTROL.
-acl&gt; private
-Option server_side_encryption.
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / None
-   \ ()
- 2 / AES256
-   \ (AES256)
-server_side_encryption&gt;
-Option storage_class.
-The storage class to use when storing new objects in ChinaMobile.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Default
-   \ ()
- 2 / Standard storage class
-   \ (STANDARD)
- 3 / Archive storage mode
-   \ (GLACIER)
- 4 / Infrequent access storage mode
-   \ (STANDARD_IA)
-storage_class&gt;
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n
---------------------
-[ChinaMobile]
-type = s3
-provider = ChinaMobile
-access_key_id = accesskeyid
-secret_access_key = secretaccesskey
-endpoint = eos-wuxi-1.cmecloud.cn
-location_constraint = wuxi1
-acl = private
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="liara-cloud">Liara</h3>
-<p>Here is an example of making a <a href="https://liara.ir/landing/object-storage">Liara Object Storage</a> configuration. First run:</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-n/s&gt; n
-name&gt; Liara
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
-   \ &quot;s3&quot;
-[snip]
-Storage&gt; s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ &quot;false&quot;
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ &quot;true&quot;
-env_auth&gt; 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id&gt; YOURACCESSKEY
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key&gt; YOURSECRETACCESSKEY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \ &quot;us-east-1&quot;
-[snip]
-region&gt;
-Endpoint for S3 API.
-Leave blank if using Liara to use the default endpoint for the region.
-Specify if using an S3 clone such as Ceph.
-endpoint&gt; storage.iran.liara.space
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ &quot;private&quot;
-[snip]
-acl&gt;
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value
- 1 / None
-   \ &quot;&quot;
- 2 / AES256
-   \ &quot;AES256&quot;
-server_side_encryption&gt;
-The storage class to use when storing objects in S3.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ &quot;&quot;
- 2 / Standard storage class
-   \ &quot;STANDARD&quot;
-storage_class&gt;
-Remote config
---------------------
-[Liara]
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-endpoint = storage.iran.liara.space
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This will leave the config file looking like this.</p>
-<pre><code>[Liara]
-type = s3
-provider = Liara
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region =
-endpoint = storage.iran.liara.space
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =</code></pre>
-<h3 id="arvan-cloud">ArvanCloud</h3>
-<p><a href="https://www.arvancloud.com/en/products/cloud-storage">ArvanCloud</a> ArvanCloud Object Storage goes beyond the limited traditional file storage. It gives you access to backup and archived files and allows sharing. Files like profile image in the app, images sent by users or scanned documents can be stored securely and easily in our Object Storage service.</p>
-<p>ArvanCloud provides an S3 interface which can be configured for use with rclone like this.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-n/s&gt; n
-name&gt; ArvanCloud
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
-   \ &quot;s3&quot;
-[snip]
-Storage&gt; s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ &quot;false&quot;
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ &quot;true&quot;
-env_auth&gt; 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id&gt; YOURACCESSKEY
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key&gt; YOURSECRETACCESSKEY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint - a good choice if you are unsure.
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \ &quot;us-east-1&quot;
-[snip]
-region&gt; 
-Endpoint for S3 API.
-Leave blank if using ArvanCloud to use the default endpoint for the region.
-Specify if using an S3 clone such as Ceph.
-endpoint&gt; s3.arvanstorage.com
-Location constraint - must be set to match the Region. Used when creating buckets only.
-Choose a number from below, or type in your own value
- 1 / Empty for Iran-Tehran Region.
-   \ &quot;&quot;
-[snip]
-location_constraint&gt;
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ &quot;private&quot;
-[snip]
-acl&gt;
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value
- 1 / None
-   \ &quot;&quot;
- 2 / AES256
-   \ &quot;AES256&quot;
-server_side_encryption&gt;
-The storage class to use when storing objects in S3.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ &quot;&quot;
- 2 / Standard storage class
-   \ &quot;STANDARD&quot;
-storage_class&gt;
-Remote config
---------------------
-[ArvanCloud]
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region = ir-thr-at1
-endpoint = s3.arvanstorage.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This will leave the config file looking like this.</p>
-<pre><code>[ArvanCloud]
-type = s3
-provider = ArvanCloud
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region =
-endpoint = s3.arvanstorage.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =</code></pre>
-<h3 id="tencent-cos">Tencent COS</h3>
-<p><a href="https://intl.cloud.tencent.com/product/cos">Tencent Cloud Object Storage (COS)</a> is a distributed storage service offered by Tencent Cloud for unstructured data. It is secure, stable, massive, convenient, low-delay and low-cost.</p>
-<p>To configure access to Tencent COS, follow the steps below:</p>
-<ol type="1">
-<li>Run <code>rclone config</code> and select <code>n</code> for a new remote.</li>
-</ol>
-<pre><code>rclone config
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n</code></pre>
-<ol start="2" type="1">
-<li>Give the name of the configuration. For example, name it 'cos'.</li>
-</ol>
-<pre><code>name&gt; cos</code></pre>
-<ol start="3" type="1">
-<li>Select <code>s3</code> storage.</li>
-</ol>
-<pre><code>Choose a number from below, or type in your own value
-1 / 1Fichier
-   \ &quot;fichier&quot;
- 2 / Alias for an existing remote
-   \ &quot;alias&quot;
- 3 / Amazon Drive
-   \ &quot;amazon cloud drive&quot;
- 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
-   \ &quot;s3&quot;
-[snip]
-Storage&gt; s3</code></pre>
-<ol start="4" type="1">
-<li>Select <code>TencentCOS</code> provider.</li>
-</ol>
-<pre><code>Choose a number from below, or type in your own value
-1 / Amazon Web Services (AWS) S3
-   \ &quot;AWS&quot;
-[snip]
-11 / Tencent Cloud Object Storage (COS)
-   \ &quot;TencentCOS&quot;
-[snip]
-provider&gt; TencentCOS</code></pre>
-<ol start="5" type="1">
-<li>Enter your SecretId and SecretKey of Tencent Cloud.</li>
-</ol>
-<pre><code>Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ &quot;false&quot;
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ &quot;true&quot;
-env_auth&gt; 1
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-access_key_id&gt; AKIDxxxxxxxxxx
-AWS Secret Access Key (password)
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-secret_access_key&gt; xxxxxxxxxxx</code></pre>
-<ol start="6" type="1">
-<li>Select endpoint for Tencent COS. This is the standard endpoint for different region.</li>
-</ol>
-<pre><code> 1 / Beijing Region.
-   \ &quot;cos.ap-beijing.myqcloud.com&quot;
- 2 / Nanjing Region.
-   \ &quot;cos.ap-nanjing.myqcloud.com&quot;
- 3 / Shanghai Region.
-   \ &quot;cos.ap-shanghai.myqcloud.com&quot;
- 4 / Guangzhou Region.
-   \ &quot;cos.ap-guangzhou.myqcloud.com&quot;
-[snip]
-endpoint&gt; 4</code></pre>
-<ol start="7" type="1">
-<li>Choose acl and storage class.</li>
-</ol>
-<pre><code>Note that this ACL is applied when server-side copying objects as S3
-doesn&#39;t copy the ACL from the source but rather writes a fresh one.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Owner gets Full_CONTROL. No one else has access rights (default).
-   \ &quot;default&quot;
-[snip]
-acl&gt; 1
-The storage class to use when storing new objects in Tencent COS.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Default
-   \ &quot;&quot;
-[snip]
-storage_class&gt; 1
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
---------------------
-[cos]
-type = s3
-provider = TencentCOS
-env_auth = false
-access_key_id = xxx
-secret_access_key = xxx
-endpoint = cos.ap-guangzhou.myqcloud.com
-acl = default
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y
-Current remotes:
-
-Name                 Type
-====                 ====
-cos                  s3</code></pre>
-<h3 id="netease-nos">Netease NOS</h3>
-<p>For Netease NOS configure as per the configurator <code>rclone config</code> setting the provider <code>Netease</code>. This will automatically set <code>force_path_style = false</code> which is necessary for it to run properly.</p>
-<h3 id="storj">Storj</h3>
-<p>Storj is a decentralized cloud storage which can be used through its native protocol or an S3 compatible gateway.</p>
-<p>The S3 compatible gateway is configured using <code>rclone config</code> with a type of <code>s3</code> and with a provider name of <code>Storj</code>. Here is an example run of the configurator.</p>
-<pre><code>Type of storage to configure.
-Storage&gt; s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth&gt; 1
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; XXXX (as shown when creating the access grant)
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; XXXX (as shown when creating the access grant)
-Option endpoint.
-Endpoint of the Shared Gateway.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / EU1 Shared Gateway
-   \ (gateway.eu1.storjshare.io)
- 2 / US1 Shared Gateway
-   \ (gateway.us1.storjshare.io)
- 3 / Asia-Pacific Shared Gateway
-   \ (gateway.ap1.storjshare.io)
-endpoint&gt; 1 (as shown when creating the access grant)
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n</code></pre>
-<p>Note that s3 credentials are generated when you <a href="https://docs.storj.io/dcs/api-reference/s3-compatible-gateway#usage">create an access grant</a>.</p>
-<h4 id="backend-quirks">Backend quirks</h4>
-<ul>
-<li><code>--chunk-size</code> is forced to be 64 MiB or greater. This will use more memory than the default of 5 MiB.</li>
-<li>Server side copy is disabled as it isn't currently supported in the gateway.</li>
-<li>GetTier and SetTier are not supported.</li>
-</ul>
-<h4 id="backend-bugs">Backend bugs</h4>
-<p>Due to <a href="https://github.com/storj/gateway-mt/issues/39">issue #39</a> uploading multipart files via the S3 gateway causes them to lose their metadata. For rclone's purpose this means that the modification time is not stored, nor is any MD5SUM (if one is available from the source).</p>
-<p>This has the following consequences:</p>
-<ul>
-<li>Using <code>rclone rcat</code> will fail as the medatada doesn't match after upload</li>
-<li>Uploading files with <code>rclone mount</code> will fail for the same reason
-<ul>
-<li>This can worked around by using <code>--vfs-cache-mode writes</code> or <code>--vfs-cache-mode full</code> or setting <code>--s3-upload-cutoff</code> large</li>
-</ul></li>
-<li>Files uploaded via a multipart upload won't have their modtimes
-<ul>
-<li>This will mean that <code>rclone sync</code> will likely keep trying to upload files bigger than <code>--s3-upload-cutoff</code></li>
-<li>This can be worked around with <code>--checksum</code> or <code>--size-only</code> or setting <code>--s3-upload-cutoff</code> large</li>
-<li>The maximum value for <code>--s3-upload-cutoff</code> is 5GiB though</li>
-</ul></li>
-</ul>
-<p>One general purpose workaround is to set <code>--s3-upload-cutoff 5G</code>. This means that rclone will upload files smaller than 5GiB as single parts. Note that this can be set in the config file with <code>upload_cutoff = 5G</code> or configured in the advanced settings. If you regularly transfer files larger than 5G then using <code>--checksum</code> or <code>--size-only</code> in <code>rclone sync</code> is the recommended workaround.</p>
-<h4 id="comparison-with-the-native-protocol">Comparison with the native protocol</h4>
-<p>Use the <a href="/storj">the native protocol</a> to take advantage of client-side encryption as well as to achieve the best possible download performance. Uploads will be erasure-coded locally, thus a 1gb upload will result in 2.68gb of data being uploaded to storage nodes across the network.</p>
-<p>Use this backend and the S3 compatible Hosted Gateway to increase upload performance and reduce the load on your systems and network. Uploads will be encrypted and erasure-coded server-side, thus a 1GB upload will result in only in 1GB of data being uploaded to storage nodes across the network.</p>
-<p>For more detailed comparison please check the documentation of the <a href="/storj">storj</a> backend.</p>
-<h2 id="limitations-5">Limitations</h2>
-<p><code>rclone about</code> is not supported by the S3 backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="backblaze-b2">Backblaze B2</h1>
-<p>B2 is <a href="https://www.backblaze.com/b2/">Backblaze's cloud storage system</a>.</p>
-<p>Paths are specified as <code>remote:bucket</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:bucket/path/to/dir</code>.</p>
-<h2 id="configuration-4">Configuration</h2>
-<p>Here is an example of making a b2 configuration. First run</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process. To authenticate you will either need your Account ID (a short hex number) and Master Application Key (a long hex number) OR an Application Key, which is the recommended method. See below for further details on generating and using an Application Key.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-q) Quit config
-n/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Backblaze B2
-   \ &quot;b2&quot;
-[snip]
-Storage&gt; b2
-Account ID or Application Key ID
-account&gt; 123456789abc
-Application Key
-key&gt; 0123456789abcdef0123456789abcdef0123456789
-Endpoint for the service - leave blank normally.
-endpoint&gt;
-Remote config
---------------------
-[remote]
-account = 123456789abc
-key = 0123456789abcdef0123456789abcdef0123456789
-endpoint =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This remote is called <code>remote</code> and can now be used like this</p>
-<p>See all buckets</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Create a new bucket</p>
-<pre><code>rclone mkdir remote:bucket</code></pre>
-<p>List the contents of a bucket</p>
-<pre><code>rclone ls remote:bucket</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote bucket, deleting any excess files in the bucket.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:bucket</code></pre>
-<h3 id="application-keys">Application Keys</h3>
-<p>B2 supports multiple <a href="https://www.backblaze.com/b2/docs/application_keys.html">Application Keys for different access permission to B2 Buckets</a>.</p>
-<p>You can use these with rclone too; you will need to use rclone version 1.43 or later.</p>
-<p>Follow Backblaze's docs to create an Application Key with the required permission and add the <code>applicationKeyId</code> as the <code>account</code> and the <code>Application Key</code> itself as the <code>key</code>.</p>
-<p>Note that you must put the <em>applicationKeyId</em> as the <code>account</code> – you can't use the master Account ID. If you try then B2 will return 401 errors.</p>
-<h3 id="fast-list-1">--fast-list</h3>
-<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
-<h3 id="modified-time-1">Modified time</h3>
-<p>The modified time is stored as metadata on the object as <code>X-Bz-Info-src_last_modified_millis</code> as milliseconds since 1970-01-01 in the Backblaze standard. Other tools should be able to use this as a modified time.</p>
-<p>Modified times are used in syncing and are fully supported. Note that if a modification time needs to be updated on an object then it will create a new version of the object.</p>
-<h3 id="restricted-filename-characters-3">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<p>Note that in 2020-05 Backblaze started allowing  characters in file names. Rclone hasn't changed its encoding as this could cause syncs to re-transfer files. If you want rclone not to replace  then see the <code>--b2-encoding</code> flag below and remove the <code>BackSlash</code> from the string. This can be set in the config.</p>
-<h3 id="sha1-checksums">SHA1 checksums</h3>
-<p>The SHA1 checksums of the files are checked on upload and download and will be used in the syncing process.</p>
-<p>Large files (bigger than the limit in <code>--b2-upload-cutoff</code>) which are uploaded in chunks will store their SHA1 on the object as <code>X-Bz-Info-large_file_sha1</code> as recommended by Backblaze.</p>
-<p>For a large file to be uploaded with an SHA1 checksum, the source needs to support SHA1 checksums. The local disk supports SHA1 checksums so large file transfers from local disk will have an SHA1. See <a href="https://rclone.org/overview/#features">the overview</a> for exactly which remotes support SHA1.</p>
-<p>Sources which don't support SHA1, in particular <code>crypt</code> will upload large files without SHA1 checksums. This may be fixed in the future (see <a href="https://github.com/rclone/rclone/issues/1767">#1767</a>).</p>
-<p>Files sizes below <code>--b2-upload-cutoff</code> will always have an SHA1 regardless of the source.</p>
-<h3 id="transfers">Transfers</h3>
-<p>Backblaze recommends that you do lots of transfers simultaneously for maximum speed. In tests from my SSD equipped laptop the optimum setting is about <code>--transfers 32</code> though higher numbers may be used for a slight speed improvement. The optimum number for you may vary depending on your hardware, how big the files are, how much you want to load your computer, etc. The default of <code>--transfers 4</code> is definitely too low for Backblaze B2 though.</p>
-<p>Note that uploading big files (bigger than 200 MiB by default) will use a 96 MiB RAM buffer by default. There can be at most <code>--transfers</code> of these in use at any moment, so this sets the upper limit on the memory used.</p>
-<h3 id="versions-1">Versions</h3>
-<p>When rclone uploads a new version of a file it creates a <a href="https://www.backblaze.com/b2/docs/file_versions.html">new version of it</a>. Likewise when you delete a file, the old version will be marked hidden and still be available. Conversely, you may opt in to a "hard delete" of files with the <code>--b2-hard-delete</code> flag which would permanently remove the file instead of hiding it.</p>
-<p>Old versions of files, where available, are visible using the <code>--b2-versions</code> flag.</p>
-<p>It is also possible to view a bucket as it was at a certain point in time, using the <code>--b2-version-at</code> flag. This will show the file versions as they were at that time, showing files that have been deleted afterwards, and hiding files that were created since.</p>
-<p>If you wish to remove all the old versions then you can use the <code>rclone cleanup remote:bucket</code> command which will delete all the old versions of files, leaving the current ones intact. You can also supply a path and only old versions under that path will be deleted, e.g. <code>rclone cleanup remote:bucket/path/to/stuff</code>.</p>
-<p>Note that <code>cleanup</code> will remove partially uploaded files from the bucket if they are more than a day old.</p>
-<p>When you <code>purge</code> a bucket, the current and the old versions will be deleted then the bucket will be deleted.</p>
-<p>However <code>delete</code> will cause the current versions of the files to become hidden old versions.</p>
-<p>Here is a session showing the listing and retrieval of an old version followed by a <code>cleanup</code> of the old versions.</p>
-<p>Show current version and all the versions with <code>--b2-versions</code> flag.</p>
-<pre><code>$ rclone -q ls b2:cleanup-test
-        9 one.txt
-
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt</code></pre>
-<p>Retrieve an old version</p>
-<pre><code>$ rclone -q --b2-versions copy b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
-
-$ ls -l /tmp/one-v2016-07-04-141003-000.txt
--rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt</code></pre>
-<p>Clean up all the old versions and show that they've gone.</p>
-<pre><code>$ rclone -q cleanup b2:cleanup-test
-
-$ rclone -q ls b2:cleanup-test
-        9 one.txt
-
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt</code></pre>
-<h3 id="data-usage">Data usage</h3>
-<p>It is useful to know how many requests are sent to the server in different scenarios.</p>
-<p>All copy commands send the following 4 requests:</p>
-<pre><code>/b2api/v1/b2_authorize_account
-/b2api/v1/b2_create_bucket
-/b2api/v1/b2_list_buckets
-/b2api/v1/b2_list_file_names</code></pre>
-<p>The <code>b2_list_file_names</code> request will be sent once for every 1k files in the remote path, providing the checksum and modification time of the listed files. As of version 1.33 issue <a href="https://github.com/rclone/rclone/issues/818">#818</a> causes extra requests to be sent when using B2 with Crypt. When a copy operation does not require any files to be uploaded, no more requests will be sent.</p>
-<p>Uploading files that do not require chunking, will send 2 requests per file upload:</p>
-<pre><code>/b2api/v1/b2_get_upload_url
-/b2api/v1/b2_upload_file/</code></pre>
-<p>Uploading files requiring chunking, will send 2 requests (one each to start and finish the upload) and another 2 requests for each chunk:</p>
-<pre><code>/b2api/v1/b2_start_large_file
-/b2api/v1/b2_get_upload_part_url
-/b2api/v1/b2_upload_part/
-/b2api/v1/b2_finish_large_file</code></pre>
-<h4 id="versions-2">Versions</h4>
-<p>Versions can be viewed with the <code>--b2-versions</code> flag. When it is set rclone will show and act on older versions of files. For example</p>
-<p>Listing without <code>--b2-versions</code></p>
-<pre><code>$ rclone -q ls b2:cleanup-test
-        9 one.txt</code></pre>
-<p>And with</p>
-<pre><code>$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt</code></pre>
-<p>Showing that the current version is unchanged but older versions can be seen. These have the UTC date that they were uploaded to the server to the nearest millisecond appended to them.</p>
-<p>Note that when using <code>--b2-versions</code> no file write operations are permitted, so you can't upload files or delete them.</p>
-<h3 id="b2-and-rclone-link">B2 and rclone link</h3>
-<p>Rclone supports generating file share links for private B2 buckets. They can either be for a file for example:</p>
-<pre><code>./rclone link B2:bucket/path/to/file.txt
-https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
-</code></pre>
-<p>or if run on a directory you will get:</p>
-<pre><code>./rclone link B2:bucket/path
-https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx</code></pre>
-<p>you can then use the authorization token (the part of the url from the <code>?Authorization=</code> on) on any file path under that directory. For example:</p>
-<pre><code>https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx
-https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx
-https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx
-</code></pre>
-<h3 id="standard-options-4">Standard options</h3>
-<p>Here are the Standard options specific to b2 (Backblaze B2).</p>
-<h4 id="b2-account">--b2-account</h4>
-<p>Account ID or Application Key ID.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: account</li>
-<li>Env Var: RCLONE_B2_ACCOUNT</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="b2-key">--b2-key</h4>
-<p>Application Key.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: key</li>
-<li>Env Var: RCLONE_B2_KEY</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="b2-hard-delete">--b2-hard-delete</h4>
-<p>Permanently delete files on remote removal, otherwise hide files.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: hard_delete</li>
-<li>Env Var: RCLONE_B2_HARD_DELETE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h3 id="advanced-options-3">Advanced options</h3>
-<p>Here are the Advanced options specific to b2 (Backblaze B2).</p>
-<h4 id="b2-endpoint">--b2-endpoint</h4>
-<p>Endpoint for the service.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_B2_ENDPOINT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="b2-test-mode">--b2-test-mode</h4>
-<p>A flag string for X-Bz-Test-Mode header for debugging.</p>
-<p>This is for debugging purposes only. Setting it to one of the strings below will cause b2 to return specific errors:</p>
-<ul>
-<li>"fail_some_uploads"</li>
-<li>"expire_some_account_authorization_tokens"</li>
-<li>"force_cap_exceeded"</li>
-</ul>
-<p>These will be set in the "X-Bz-Test-Mode" header which is documented in the <a href="https://www.backblaze.com/b2/docs/integration_checklist.html">b2 integrations checklist</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: test_mode</li>
-<li>Env Var: RCLONE_B2_TEST_MODE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="b2-versions">--b2-versions</h4>
-<p>Include old versions in directory listings.</p>
-<p>Note that when using this no file write operations are permitted, so you can't upload files or delete them.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: versions</li>
-<li>Env Var: RCLONE_B2_VERSIONS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="b2-version-at">--b2-version-at</h4>
-<p>Show file versions as they were at the specified time.</p>
-<p>Note that when using this no file write operations are permitted, so you can't upload files or delete them.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: version_at</li>
-<li>Env Var: RCLONE_B2_VERSION_AT</li>
-<li>Type: Time</li>
-<li>Default: off</li>
-</ul>
-<h4 id="b2-upload-cutoff">--b2-upload-cutoff</h4>
-<p>Cutoff for switching to chunked upload.</p>
-<p>Files above this size will be uploaded in chunks of "--b2-chunk-size".</p>
-<p>This value should be set no larger than 4.657 GiB (== 5 GB).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_B2_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 200Mi</li>
-</ul>
-<h4 id="b2-copy-cutoff">--b2-copy-cutoff</h4>
-<p>Cutoff for switching to multipart copy.</p>
-<p>Any files larger than this that need to be server-side copied will be copied in chunks of this size.</p>
-<p>The minimum is 0 and the maximum is 4.6 GiB.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: copy_cutoff</li>
-<li>Env Var: RCLONE_B2_COPY_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 4Gi</li>
-</ul>
-<h4 id="b2-chunk-size">--b2-chunk-size</h4>
-<p>Upload chunk size.</p>
-<p>When uploading large files, chunk the file into this size.</p>
-<p>Must fit in memory. These chunks are buffered in memory and there might a maximum of "--transfers" chunks in progress at once.</p>
-<p>5,000,000 Bytes is the minimum size.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_B2_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 96Mi</li>
-</ul>
-<h4 id="b2-disable-checksum">--b2-disable-checksum</h4>
-<p>Disable checksums for large (&gt; upload cutoff) files.</p>
-<p>Normally rclone will calculate the SHA1 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_checksum</li>
-<li>Env Var: RCLONE_B2_DISABLE_CHECKSUM</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="b2-download-url">--b2-download-url</h4>
-<p>Custom endpoint for downloads.</p>
-<p>This is usually set to a Cloudflare CDN URL as Backblaze offers free egress for data downloaded through the Cloudflare network. Rclone works with private buckets by sending an "Authorization" header. If the custom endpoint rewrites the requests for authentication, e.g., in Cloudflare Workers, this header needs to be handled properly. Leave blank if you want to use the endpoint provided by Backblaze.</p>
-<p>The URL provided here SHOULD have the protocol and SHOULD NOT have a trailing slash or specify the /file/bucket subpath as rclone will request files with "{download_url}/file/{bucket_name}/{path}".</p>
-<p>Example: &gt; https://mysubdomain.mydomain.tld (No trailing "/", "file" or "bucket")</p>
-<p>Properties:</p>
-<ul>
-<li>Config: download_url</li>
-<li>Env Var: RCLONE_B2_DOWNLOAD_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="b2-download-auth-duration">--b2-download-auth-duration</h4>
-<p>Time before the authorization token will expire in s or suffix ms|s|m|h|d.</p>
-<p>The duration before the download authorization token will expire. The minimum value is 1 second. The maximum value is one week.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: download_auth_duration</li>
-<li>Env Var: RCLONE_B2_DOWNLOAD_AUTH_DURATION</li>
-<li>Type: Duration</li>
-<li>Default: 1w</li>
-</ul>
-<h4 id="b2-memory-pool-flush-time">--b2-memory-pool-flush-time</h4>
-<p>How often internal memory buffer pools will be flushed. Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations. This option controls how often unused buffers will be removed from the pool.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: memory_pool_flush_time</li>
-<li>Env Var: RCLONE_B2_MEMORY_POOL_FLUSH_TIME</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="b2-memory-pool-use-mmap">--b2-memory-pool-use-mmap</h4>
-<p>Whether to use mmap buffers in internal memory pool.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: memory_pool_use_mmap</li>
-<li>Env Var: RCLONE_B2_MEMORY_POOL_USE_MMAP</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="b2-encoding">--b2-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_B2_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-6">Limitations</h2>
-<p><code>rclone about</code> is not supported by the B2 backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="box">Box</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<p>The initial setup for Box involves getting a token from Box which you can do either in your browser, or with a config.json downloaded from Box to use JWT authentication. <code>rclone config</code> walks you through it.</p>
-<h2 id="configuration-5">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Box
-   \ &quot;box&quot;
-[snip]
-Storage&gt; box
-Box App Client Id - leave blank normally.
-client_id&gt; 
-Box App Client Secret - leave blank normally.
-client_secret&gt;
-Box App config.json location
-Leave blank normally.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-box_config_file&gt;
-Box App Primary Access Token
-Leave blank normally.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-access_token&gt;
-
-Enter a string value. Press Enter for the default (&quot;user&quot;).
-Choose a number from below, or type in your own value
- 1 / Rclone should act on behalf of a user
-   \ &quot;user&quot;
- 2 / Rclone should act on behalf of a service account
-   \ &quot;enterprise&quot;
-box_sub_type&gt;
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-client_id = 
-client_secret = 
-token = {&quot;access_token&quot;:&quot;XXX&quot;,&quot;token_type&quot;:&quot;bearer&quot;,&quot;refresh_token&quot;:&quot;XXX&quot;,&quot;expiry&quot;:&quot;XXX&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Box. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your Box</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your Box</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an Box directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="using-rclone-with-an-enterprise-account-with-sso">Using rclone with an Enterprise account with SSO</h3>
-<p>If you have an "Enterprise" account type with Box with single sign on (SSO), you need to create a password to use Box with rclone. This can be done at your Enterprise Box account by going to Settings, "Account" Tab, and then set the password in the "Authentication" field.</p>
-<p>Once you have done this, you can setup your Enterprise Box account using the same procedure detailed above in the, using the password you have just set.</p>
-<h3 id="invalid-refresh-token">Invalid refresh token</h3>
-<p>According to the <a href="https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens">box docs</a>:</p>
-<blockquote>
-<p>Each refresh_token is valid for one use in 60 days.</p>
-</blockquote>
-<p>This means that if you</p>
-<ul>
-<li>Don't use the box remote for 60 days</li>
-<li>Copy the config file with a box refresh token in and use it in two places</li>
-<li>Get an error on a token refresh</li>
-</ul>
-<p>then rclone will return an error which includes the text <code>Invalid refresh token</code>.</p>
-<p>To fix this you will need to use oauth2 again to update the refresh token. You can use the methods in <a href="https://rclone.org/remote_setup/">the remote setup docs</a>, bearing in mind that if you use the copy the config file method, you should not use that remote on the computer you did the authentication on.</p>
-<p>Here is how to do it.</p>
-<pre><code>$ rclone config
-Current remotes:
-
-Name                 Type
-====                 ====
-remote               box
-
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q&gt; e
-Choose a number from below, or type in an existing value
- 1 &gt; remote
-remote&gt; remote
---------------------
-[remote]
-type = box
-token = {&quot;access_token&quot;:&quot;XXX&quot;,&quot;token_type&quot;:&quot;bearer&quot;,&quot;refresh_token&quot;:&quot;XXX&quot;,&quot;expiry&quot;:&quot;2017-07-08T23:40:08.059167677+01:00&quot;}
---------------------
-Edit remote
-Value &quot;client_id&quot; = &quot;&quot;
-Edit? (y/n)&gt;
-y) Yes
-n) No
-y/n&gt; n
-Value &quot;client_secret&quot; = &quot;&quot;
-Edit? (y/n)&gt;
-y) Yes
-n) No
-y/n&gt; n
-Remote config
-Already have a token - refresh?
-y) Yes
-n) No
-y/n&gt; y
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = box
-token = {&quot;access_token&quot;:&quot;YYY&quot;,&quot;token_type&quot;:&quot;bearer&quot;,&quot;refresh_token&quot;:&quot;YYY&quot;,&quot;expiry&quot;:&quot;2017-07-23T12:22:29.259137901+01:00&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="modified-time-and-hashes-1">Modified time and hashes</h3>
-<p>Box allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
-<p>Box supports SHA1 type hashes, so you can use the <code>--checksum</code> flag.</p>
-<h3 id="restricted-filename-characters-4">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-</tbody>
-</table>
-<p>File names can also not end with the following characters. These only get replaced if they are the last character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="transfers-1">Transfers</h3>
-<p>For files above 50 MiB rclone will use a chunked transfer. Rclone will upload up to <code>--transfers</code> chunks at the same time (shared among all the multipart uploads). Chunks are buffered in memory and are normally 8 MiB so increasing <code>--transfers</code> will increase memory use.</p>
-<h3 id="deleting-files-1">Deleting files</h3>
-<p>Depending on the enterprise settings for your user, the item will either be actually deleted from Box or moved to the trash.</p>
-<p>Emptying the trash is supported via the rclone however cleanup command however this deletes every trashed file and folder individually so it may take a very long time. Emptying the trash via the WebUI does not have this limitation so it is advised to empty the trash via the WebUI.</p>
-<h3 id="root-folder-id">Root folder ID</h3>
-<p>You can set the <code>root_folder_id</code> for rclone. This is the directory (identified by its <code>Folder ID</code>) that rclone considers to be the root of your Box drive.</p>
-<p>Normally you will leave this blank and rclone will determine the correct root to use itself.</p>
-<p>However you can set this to restrict rclone to a specific folder hierarchy.</p>
-<p>In order to do this you will have to find the <code>Folder ID</code> of the directory you wish rclone to display. This will be the last segment of the URL when you open the relevant folder in the Box web interface.</p>
-<p>So if the folder you want rclone to use has a URL which looks like <code>https://app.box.com/folder/11xxxxxxxxx8</code> in the browser, then you use <code>11xxxxxxxxx8</code> as the <code>root_folder_id</code> in the config.</p>
-<h3 id="standard-options-5">Standard options</h3>
-<p>Here are the Standard options specific to box (Box).</p>
-<h4 id="box-client-id">--box-client-id</h4>
-<p>OAuth Client Id.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_BOX_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-client-secret">--box-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_BOX_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-box-config-file">--box-box-config-file</h4>
-<p>Box App config.json location</p>
-<p>Leave blank normally.</p>
-<p>Leading <code>~</code> will be expanded in the file name as will environment variables such as <code>${RCLONE_CONFIG_DIR}</code>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: box_config_file</li>
-<li>Env Var: RCLONE_BOX_BOX_CONFIG_FILE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-access-token">--box-access-token</h4>
-<p>Box App Primary Access Token</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: access_token</li>
-<li>Env Var: RCLONE_BOX_ACCESS_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-box-sub-type">--box-box-sub-type</h4>
-<p>Properties:</p>
-<ul>
-<li>Config: box_sub_type</li>
-<li>Env Var: RCLONE_BOX_BOX_SUB_TYPE</li>
-<li>Type: string</li>
-<li>Default: "user"</li>
-<li>Examples:
-<ul>
-<li>"user"
-<ul>
-<li>Rclone should act on behalf of a user.</li>
-</ul></li>
-<li>"enterprise"
-<ul>
-<li>Rclone should act on behalf of a service account.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-4">Advanced options</h3>
-<p>Here are the Advanced options specific to box (Box).</p>
-<h4 id="box-token">--box-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_BOX_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-auth-url">--box-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_BOX_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-token-url">--box-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_BOX_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-root-folder-id">--box-root-folder-id</h4>
-<p>Fill in for rclone to use a non root folder as its starting point.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: root_folder_id</li>
-<li>Env Var: RCLONE_BOX_ROOT_FOLDER_ID</li>
-<li>Type: string</li>
-<li>Default: "0"</li>
-</ul>
-<h4 id="box-upload-cutoff">--box-upload-cutoff</h4>
-<p>Cutoff for switching to multipart upload (&gt;= 50 MiB).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_BOX_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 50Mi</li>
-</ul>
-<h4 id="box-commit-retries">--box-commit-retries</h4>
-<p>Max number of times to try committing a multipart file.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: commit_retries</li>
-<li>Env Var: RCLONE_BOX_COMMIT_RETRIES</li>
-<li>Type: int</li>
-<li>Default: 100</li>
-</ul>
-<h4 id="box-list-chunk">--box-list-chunk</h4>
-<p>Size of listing chunk 1-1000.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: list_chunk</li>
-<li>Env Var: RCLONE_BOX_LIST_CHUNK</li>
-<li>Type: int</li>
-<li>Default: 1000</li>
-</ul>
-<h4 id="box-owned-by">--box-owned-by</h4>
-<p>Only show items owned by the login (email address) passed in.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: owned_by</li>
-<li>Env Var: RCLONE_BOX_OWNED_BY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="box-encoding">--box-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_BOX_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-7">Limitations</h2>
-<p>Note that Box is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<p>Box file names can't have the <code>\</code> character in. rclone maps this to and from an identical looking unicode equivalent <code>＼</code> (U+FF3C Fullwidth Reverse Solidus).</p>
-<p>Box only supports filenames up to 255 characters in length.</p>
-<p>Box has <a href="https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/">API rate limits</a> that sometimes reduce the speed of rclone.</p>
-<p><code>rclone about</code> is not supported by the Box backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="cache">Cache</h1>
-<p>The <code>cache</code> remote wraps another existing remote and stores file structure and its data for long running tasks like <code>rclone mount</code>.</p>
-<h2 id="status-1">Status</h2>
-<p>The cache backend code is working but it currently doesn't have a maintainer so there are <a href="https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug+label%3A%22Remote%3A+Cache%22">outstanding bugs</a> which aren't getting fixed.</p>
-<p>The cache backend is due to be phased out in favour of the VFS caching layer eventually which is more tightly integrated into rclone.</p>
-<p>Until this happens we recommend only using the cache backend if you find you can't work without it. There are many docs online describing the use of the cache backend to minimize API hits and by-and-large these are out of date and the cache backend isn't needed in those scenarios any more.</p>
-<h2 id="configuration-6">Configuration</h2>
-<p>To get started you just need to have an existing remote which can be configured with <code>cache</code>.</p>
-<p>Here is an example of how to make a remote called <code>test-cache</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q&gt; n
-name&gt; test-cache
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Cache a remote
-   \ &quot;cache&quot;
-[snip]
-Storage&gt; cache
-Remote to cache.
-Normally should contain a &#39;:&#39; and a path, e.g. &quot;myremote:path/to/dir&quot;,
-&quot;myremote:bucket&quot; or maybe &quot;myremote:&quot; (not recommended).
-remote&gt; local:/test
-Optional: The URL of the Plex server
-plex_url&gt; http://127.0.0.1:32400
-Optional: The username of the Plex user
-plex_username&gt; dummyusername
-Optional: The password of the Plex user
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-The size of a chunk. Lower value good for slow connections but can affect seamless reading.
-Default: 5M
-Choose a number from below, or type in your own value
- 1 / 1 MiB
-   \ &quot;1M&quot;
- 2 / 5 MiB
-   \ &quot;5M&quot;
- 3 / 10 MiB
-   \ &quot;10M&quot;
-chunk_size&gt; 2
-How much time should object info (file size, file hashes, etc.) be stored in cache. Use a very high value if you don&#39;t plan on changing the source FS from outside the cache.
-Accepted units are: &quot;s&quot;, &quot;m&quot;, &quot;h&quot;.
-Default: 5m
-Choose a number from below, or type in your own value
- 1 / 1 hour
-   \ &quot;1h&quot;
- 2 / 24 hours
-   \ &quot;24h&quot;
- 3 / 24 hours
-   \ &quot;48h&quot;
-info_age&gt; 2
-The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted.
-Default: 10G
-Choose a number from below, or type in your own value
- 1 / 500 MiB
-   \ &quot;500M&quot;
- 2 / 1 GiB
-   \ &quot;1G&quot;
- 3 / 10 GiB
-   \ &quot;10G&quot;
-chunk_total_size&gt; 3
-Remote config
---------------------
-[test-cache]
-remote = local:/test
-plex_url = http://127.0.0.1:32400
-plex_username = dummyusername
-plex_password = *** ENCRYPTED ***
-chunk_size = 5M
-info_age = 48h
-chunk_total_size = 10G</code></pre>
-<p>You can then use it like this,</p>
-<p>List directories in top level of your drive</p>
-<pre><code>rclone lsd test-cache:</code></pre>
-<p>List all the files in your drive</p>
-<pre><code>rclone ls test-cache:</code></pre>
-<p>To start a cached mount</p>
-<pre><code>rclone mount --allow-other test-cache: /var/tmp/test-cache</code></pre>
-<h3 id="write-features">Write Features</h3>
-<h3 id="offline-uploading">Offline uploading</h3>
-<p>In an effort to make writing through cache more reliable, the backend now supports this feature which can be activated by specifying a <code>cache-tmp-upload-path</code>.</p>
-<p>A files goes through these states when using this feature:</p>
-<ol type="1">
-<li>An upload is started (usually by copying a file on the cache remote)</li>
-<li>When the copy to the temporary location is complete the file is part of the cached remote and looks and behaves like any other file (reading included)</li>
-<li>After <code>cache-tmp-wait-time</code> passes and the file is next in line, <code>rclone move</code> is used to move the file to the cloud provider</li>
-<li>Reading the file still works during the upload but most modifications on it will be prohibited</li>
-<li>Once the move is complete the file is unlocked for modifications as it becomes as any other regular file</li>
-<li>If the file is being read through <code>cache</code> when it's actually deleted from the temporary path then <code>cache</code> will simply swap the source to the cloud provider without interrupting the reading (small blip can happen though)</li>
-</ol>
-<p>Files are uploaded in sequence and only one file is uploaded at a time. Uploads will be stored in a queue and be processed based on the order they were added. The queue and the temporary storage is persistent across restarts but can be cleared on startup with the <code>--cache-db-purge</code> flag.</p>
-<h3 id="write-support">Write Support</h3>
-<p>Writes are supported through <code>cache</code>. One caveat is that a mounted cache remote does not add any retry or fallback mechanism to the upload operation. This will depend on the implementation of the wrapped remote. Consider using <code>Offline uploading</code> for reliable writes.</p>
-<p>One special case is covered with <code>cache-writes</code> which will cache the file data at the same time as the upload when it is enabled making it available from the cache store immediately once the upload is finished.</p>
-<h3 id="read-features">Read Features</h3>
-<h4 id="multiple-connections">Multiple connections</h4>
-<p>To counter the high latency between a local PC where rclone is running and cloud providers, the cache remote can split multiple requests to the cloud provider for smaller file chunks and combines them together locally where they can be available almost immediately before the reader usually needs them.</p>
-<p>This is similar to buffering when media files are played online. Rclone will stay around the current marker but always try its best to stay ahead and prepare the data before.</p>
-<h4 id="plex-integration">Plex Integration</h4>
-<p>There is a direct integration with Plex which allows cache to detect during reading if the file is in playback or not. This helps cache to adapt how it queries the cloud provider depending on what is needed for.</p>
-<p>Scans will have a minimum amount of workers (1) while in a confirmed playback cache will deploy the configured number of workers.</p>
-<p>This integration opens the doorway to additional performance improvements which will be explored in the near future.</p>
-<p><strong>Note:</strong> If Plex options are not configured, <code>cache</code> will function with its configured options without adapting any of its settings.</p>
-<p>How to enable? Run <code>rclone config</code> and add all the Plex options (endpoint, username and password) in your remote and it will be automatically enabled.</p>
-<p>Affected settings: - <code>cache-workers</code>: <em>Configured value</em> during confirmed playback or <em>1</em> all the other times</p>
-<h5 id="certificate-validation">Certificate Validation</h5>
-<p>When the Plex server is configured to only accept secure connections, it is possible to use <code>.plex.direct</code> URLs to ensure certificate validation succeeds. These URLs are used by Plex internally to connect to the Plex server securely.</p>
-<p>The format for these URLs is the following:</p>
-<p><code>https://ip-with-dots-replaced.server-hash.plex.direct:32400/</code></p>
-<p>The <code>ip-with-dots-replaced</code> part can be any IPv4 address, where the dots have been replaced with dashes, e.g. <code>127.0.0.1</code> becomes <code>127-0-0-1</code>.</p>
-<p>To get the <code>server-hash</code> part, the easiest way is to visit</p>
-<p>https://plex.tv/api/resources?includeHttps=1&amp;X-Plex-Token=your-plex-token</p>
-<p>This page will list all the available Plex servers for your account with at least one <code>.plex.direct</code> link for each. Copy one URL and replace the IP address with the desired address. This can be used as the <code>plex_url</code> value.</p>
-<h3 id="known-issues">Known issues</h3>
-<h4 id="mount-and---dir-cache-time">Mount and --dir-cache-time</h4>
-<p>--dir-cache-time controls the first layer of directory caching which works at the mount layer. Being an independent caching mechanism from the <code>cache</code> backend, it will manage its own entries based on the configured time.</p>
-<p>To avoid getting in a scenario where dir cache has obsolete data and cache would have the correct one, try to set <code>--dir-cache-time</code> to a lower time than <code>--cache-info-age</code>. Default values are already configured in this way.</p>
-<h4 id="windows-support---experimental">Windows support - Experimental</h4>
-<p>There are a couple of issues with Windows <code>mount</code> functionality that still require some investigations. It should be considered as experimental thus far as fixes come in for this OS.</p>
-<p>Most of the issues seem to be related to the difference between filesystems on Linux flavors and Windows as cache is heavily dependent on them.</p>
-<p>Any reports or feedback on how cache behaves on this OS is greatly appreciated.</p>
-<ul>
-<li>https://github.com/rclone/rclone/issues/1935</li>
-<li>https://github.com/rclone/rclone/issues/1907</li>
-<li>https://github.com/rclone/rclone/issues/1834</li>
-</ul>
-<h4 id="risk-of-throttling">Risk of throttling</h4>
-<p>Future iterations of the cache backend will make use of the pooling functionality of the cloud provider to synchronize and at the same time make writing through it more tolerant to failures.</p>
-<p>There are a couple of enhancements in track to add these but in the meantime there is a valid concern that the expiring cache listings can lead to cloud provider throttles or bans due to repeated queries on it for very large mounts.</p>
-<p>Some recommendations: - don't use a very small interval for entry information (<code>--cache-info-age</code>) - while writes aren't yet optimised, you can still write through <code>cache</code> which gives you the advantage of adding the file in the cache at the same time if configured to do so.</p>
-<p>Future enhancements:</p>
-<ul>
-<li>https://github.com/rclone/rclone/issues/1937</li>
-<li>https://github.com/rclone/rclone/issues/1936</li>
-</ul>
-<h4 id="cache-and-crypt">cache and crypt</h4>
-<p>One common scenario is to keep your data encrypted in the cloud provider using the <code>crypt</code> remote. <code>crypt</code> uses a similar technique to wrap around an existing remote and handles this translation in a seamless way.</p>
-<p>There is an issue with wrapping the remotes in this order: <strong>cloud remote</strong> -&gt; <strong>crypt</strong> -&gt; <strong>cache</strong></p>
-<p>During testing, I experienced a lot of bans with the remotes in this order. I suspect it might be related to how crypt opens files on the cloud provider which makes it think we're downloading the full file instead of small chunks. Organizing the remotes in this order yields better results: <strong>cloud remote</strong> -&gt; <strong>cache</strong> -&gt; <strong>crypt</strong></p>
-<h4 id="absolute-remote-paths">absolute remote paths</h4>
-<p><code>cache</code> can not differentiate between relative and absolute paths for the wrapped remote. Any path given in the <code>remote</code> config setting and on the command line will be passed to the wrapped remote as is, but for storing the chunks on disk the path will be made relative by removing any leading <code>/</code> character.</p>
-<p>This behavior is irrelevant for most backend types, but there are backends where a leading <code>/</code> changes the effective directory, e.g. in the <code>sftp</code> backend paths starting with a <code>/</code> are relative to the root of the SSH server and paths without are relative to the user home directory. As a result <code>sftp:bin</code> and <code>sftp:/bin</code> will share the same cache folder, even if they represent a different directory on the SSH server.</p>
-<h3 id="cache-and-remote-control---rc">Cache and Remote Control (--rc)</h3>
-<p>Cache supports the new <code>--rc</code> mode in rclone and can be remote controlled through the following end points: By default, the listener is disabled if you do not add the flag.</p>
-<h3 id="rc-cacheexpire">rc cache/expire</h3>
-<p>Purge a remote from the cache backend. Supports either a directory or a file. It supports both encrypted and unencrypted file names if cache is wrapped by crypt.</p>
-<p>Params: - <strong>remote</strong> = path to remote <strong>(required)</strong> - <strong>withData</strong> = true/false to delete cached data (chunks) as well <em>(optional, false by default)</em></p>
-<h3 id="standard-options-6">Standard options</h3>
-<p>Here are the Standard options specific to cache (Cache a remote).</p>
-<h4 id="cache-remote">--cache-remote</h4>
-<p>Remote to cache.</p>
-<p>Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: remote</li>
-<li>Env Var: RCLONE_CACHE_REMOTE</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="cache-plex-url">--cache-plex-url</h4>
-<p>The URL of the Plex server.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: plex_url</li>
-<li>Env Var: RCLONE_CACHE_PLEX_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="cache-plex-username">--cache-plex-username</h4>
-<p>The username of the Plex user.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: plex_username</li>
-<li>Env Var: RCLONE_CACHE_PLEX_USERNAME</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="cache-plex-password">--cache-plex-password</h4>
-<p>The password of the Plex user.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: plex_password</li>
-<li>Env Var: RCLONE_CACHE_PLEX_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="cache-chunk-size">--cache-chunk-size</h4>
-<p>The size of a chunk (partial file data).</p>
-<p>Use lower numbers for slower connections. If the chunk size is changed, any downloaded chunks will be invalid and cache-chunk-path will need to be cleared or unexpected EOF errors will occur.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_CACHE_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 5Mi</li>
-<li>Examples:
-<ul>
-<li>"1M"
-<ul>
-<li>1 MiB</li>
-</ul></li>
-<li>"5M"
-<ul>
-<li>5 MiB</li>
-</ul></li>
-<li>"10M"
-<ul>
-<li>10 MiB</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="cache-info-age">--cache-info-age</h4>
-<p>How long to cache file structure information (directory listings, file size, times, etc.). If all write operations are done through the cache then you can safely make this value very large as the cache store will also be updated in real time.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: info_age</li>
-<li>Env Var: RCLONE_CACHE_INFO_AGE</li>
-<li>Type: Duration</li>
-<li>Default: 6h0m0s</li>
-<li>Examples:
-<ul>
-<li>"1h"
-<ul>
-<li>1 hour</li>
-</ul></li>
-<li>"24h"
-<ul>
-<li>24 hours</li>
-</ul></li>
-<li>"48h"
-<ul>
-<li>48 hours</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="cache-chunk-total-size">--cache-chunk-total-size</h4>
-<p>The total size that the chunks can take up on the local disk.</p>
-<p>If the cache exceeds this value then it will start to delete the oldest chunks until it goes under this value.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_total_size</li>
-<li>Env Var: RCLONE_CACHE_CHUNK_TOTAL_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 10Gi</li>
-<li>Examples:
-<ul>
-<li>"500M"
-<ul>
-<li>500 MiB</li>
-</ul></li>
-<li>"1G"
-<ul>
-<li>1 GiB</li>
-</ul></li>
-<li>"10G"
-<ul>
-<li>10 GiB</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-5">Advanced options</h3>
-<p>Here are the Advanced options specific to cache (Cache a remote).</p>
-<h4 id="cache-plex-token">--cache-plex-token</h4>
-<p>The plex token for authentication - auto set normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: plex_token</li>
-<li>Env Var: RCLONE_CACHE_PLEX_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="cache-plex-insecure">--cache-plex-insecure</h4>
-<p>Skip all certificate verification when connecting to the Plex server.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: plex_insecure</li>
-<li>Env Var: RCLONE_CACHE_PLEX_INSECURE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="cache-db-path">--cache-db-path</h4>
-<p>Directory to store file structure metadata DB.</p>
-<p>The remote name is used as the DB file name.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: db_path</li>
-<li>Env Var: RCLONE_CACHE_DB_PATH</li>
-<li>Type: string</li>
-<li>Default: "$HOME/.cache/rclone/cache-backend"</li>
-</ul>
-<h4 id="cache-chunk-path">--cache-chunk-path</h4>
-<p>Directory to cache chunk files.</p>
-<p>Path to where partial file data (chunks) are stored locally. The remote name is appended to the final path.</p>
-<p>This config follows the "--cache-db-path". If you specify a custom location for "--cache-db-path" and don't specify one for "--cache-chunk-path" then "--cache-chunk-path" will use the same path as "--cache-db-path".</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_path</li>
-<li>Env Var: RCLONE_CACHE_CHUNK_PATH</li>
-<li>Type: string</li>
-<li>Default: "$HOME/.cache/rclone/cache-backend"</li>
-</ul>
-<h4 id="cache-db-purge">--cache-db-purge</h4>
-<p>Clear all the cached data for this remote on start.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: db_purge</li>
-<li>Env Var: RCLONE_CACHE_DB_PURGE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="cache-chunk-clean-interval">--cache-chunk-clean-interval</h4>
-<p>How often should the cache perform cleanups of the chunk storage.</p>
-<p>The default value should be ok for most people. If you find that the cache goes over "cache-chunk-total-size" too often then try to lower this value to force it to perform cleanups more often.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_clean_interval</li>
-<li>Env Var: RCLONE_CACHE_CHUNK_CLEAN_INTERVAL</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="cache-read-retries">--cache-read-retries</h4>
-<p>How many times to retry a read from a cache storage.</p>
-<p>Since reading from a cache stream is independent from downloading file data, readers can get to a point where there's no more data in the cache. Most of the times this can indicate a connectivity issue if cache isn't able to provide file data anymore.</p>
-<p>For really slow connections, increase this to a point where the stream is able to provide data but your experience will be very stuttering.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: read_retries</li>
-<li>Env Var: RCLONE_CACHE_READ_RETRIES</li>
-<li>Type: int</li>
-<li>Default: 10</li>
-</ul>
-<h4 id="cache-workers">--cache-workers</h4>
-<p>How many workers should run in parallel to download chunks.</p>
-<p>Higher values will mean more parallel processing (better CPU needed) and more concurrent requests on the cloud provider. This impacts several aspects like the cloud provider API limits, more stress on the hardware that rclone runs on but it also means that streams will be more fluid and data will be available much more faster to readers.</p>
-<p><strong>Note</strong>: If the optional Plex integration is enabled then this setting will adapt to the type of reading performed and the value specified here will be used as a maximum number of workers to use.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: workers</li>
-<li>Env Var: RCLONE_CACHE_WORKERS</li>
-<li>Type: int</li>
-<li>Default: 4</li>
-</ul>
-<h4 id="cache-chunk-no-memory">--cache-chunk-no-memory</h4>
-<p>Disable the in-memory cache for storing chunks during streaming.</p>
-<p>By default, cache will keep file data during streaming in RAM as well to provide it to readers as fast as possible.</p>
-<p>This transient data is evicted as soon as it is read and the number of chunks stored doesn't exceed the number of workers. However, depending on other settings like "cache-chunk-size" and "cache-workers" this footprint can increase if there are parallel streams too (multiple files being read at the same time).</p>
-<p>If the hardware permits it, use this feature to provide an overall better performance during streaming but it can also be disabled if RAM is not available on the local machine.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_no_memory</li>
-<li>Env Var: RCLONE_CACHE_CHUNK_NO_MEMORY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="cache-rps">--cache-rps</h4>
-<p>Limits the number of requests per second to the source FS (-1 to disable).</p>
-<p>This setting places a hard limit on the number of requests per second that cache will be doing to the cloud provider remote and try to respect that value by setting waits between reads.</p>
-<p>If you find that you're getting banned or limited on the cloud provider through cache and know that a smaller number of requests per second will allow you to work with it then you can use this setting for that.</p>
-<p>A good balance of all the other settings should make this setting useless but it is available to set for more special cases.</p>
-<p><strong>NOTE</strong>: This will limit the number of requests during streams but other API calls to the cloud provider like directory listings will still pass.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: rps</li>
-<li>Env Var: RCLONE_CACHE_RPS</li>
-<li>Type: int</li>
-<li>Default: -1</li>
-</ul>
-<h4 id="cache-writes">--cache-writes</h4>
-<p>Cache file data on writes through the FS.</p>
-<p>If you need to read files immediately after you upload them through cache you can enable this flag to have their data stored in the cache store at the same time during upload.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: writes</li>
-<li>Env Var: RCLONE_CACHE_WRITES</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="cache-tmp-upload-path">--cache-tmp-upload-path</h4>
-<p>Directory to keep temporary files until they are uploaded.</p>
-<p>This is the path where cache will use as a temporary storage for new files that need to be uploaded to the cloud provider.</p>
-<p>Specifying a value will enable this feature. Without it, it is completely disabled and files will be uploaded directly to the cloud provider</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tmp_upload_path</li>
-<li>Env Var: RCLONE_CACHE_TMP_UPLOAD_PATH</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="cache-tmp-wait-time">--cache-tmp-wait-time</h4>
-<p>How long should files be stored in local cache before being uploaded.</p>
-<p>This is the duration that a file must wait in the temporary location <em>cache-tmp-upload-path</em> before it is selected for upload.</p>
-<p>Note that only one file is uploaded at a time and it can take longer to start the upload if a queue formed for this purpose.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tmp_wait_time</li>
-<li>Env Var: RCLONE_CACHE_TMP_WAIT_TIME</li>
-<li>Type: Duration</li>
-<li>Default: 15s</li>
-</ul>
-<h4 id="cache-db-wait-time">--cache-db-wait-time</h4>
-<p>How long to wait for the DB to be available - 0 is unlimited.</p>
-<p>Only one process can have the DB open at any one time, so rclone waits for this duration for the DB to become available before it gives an error.</p>
-<p>If you set it to 0 then it will wait forever.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: db_wait_time</li>
-<li>Env Var: RCLONE_CACHE_DB_WAIT_TIME</li>
-<li>Type: Duration</li>
-<li>Default: 1s</li>
-</ul>
-<h2 id="backend-commands-1">Backend commands</h2>
-<p>Here are the commands specific to the cache backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="stats">stats</h3>
-<p>Print stats on the cache backend in JSON format.</p>
-<pre><code>rclone backend stats remote: [options] [&lt;arguments&gt;+]</code></pre>
-<h1 id="chunker">Chunker</h1>
-<p>The <code>chunker</code> overlay transparently splits large files into smaller chunks during upload to wrapped remote and transparently assembles them back when the file is downloaded. This allows to effectively overcome size limits imposed by storage providers.</p>
-<h2 id="configuration-7">Configuration</h2>
-<p>To use it, first set up the underlying remote following the configuration instructions for that remote. You can also use a local pathname instead of a remote.</p>
-<p>First check your chosen remote is working - we'll call it <code>remote:path</code> here. Note that anything inside <code>remote:path</code> will be chunked and anything outside won't. This means that if you are using a bucket-based remote (e.g. S3, B2, swift) then you should probably put the bucket in the remote <code>s3:bucket</code>.</p>
-<p>Now configure <code>chunker</code> using <code>rclone config</code>. We will call this one <code>overlay</code> to separate it from the <code>remote</code> itself.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; overlay
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Transparently chunk/split large files
-   \ &quot;chunker&quot;
-[snip]
-Storage&gt; chunker
-Remote to chunk/unchunk.
-Normally should contain a &#39;:&#39; and a path, e.g. &quot;myremote:path/to/dir&quot;,
-&quot;myremote:bucket&quot; or maybe &quot;myremote:&quot; (not recommended).
-Enter a string value. Press Enter for the default (&quot;&quot;).
-remote&gt; remote:path
-Files larger than chunk size will be split in chunks.
-Enter a size with suffix K,M,G,T. Press Enter for the default (&quot;2G&quot;).
-chunk_size&gt; 100M
-Choose how chunker handles hash sums. All modes but &quot;none&quot; require metadata.
-Enter a string value. Press Enter for the default (&quot;md5&quot;).
-Choose a number from below, or type in your own value
- 1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise
-   \ &quot;none&quot;
- 2 / MD5 for composite files
-   \ &quot;md5&quot;
- 3 / SHA1 for composite files
-   \ &quot;sha1&quot;
- 4 / MD5 for all files
-   \ &quot;md5all&quot;
- 5 / SHA1 for all files
-   \ &quot;sha1all&quot;
- 6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported
-   \ &quot;md5quick&quot;
- 7 / Similar to &quot;md5quick&quot; but prefers SHA1 over MD5
-   \ &quot;sha1quick&quot;
-hash_type&gt; md5
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n&gt; n
-Remote config
---------------------
-[overlay]
-type = chunker
-remote = remote:bucket
-chunk_size = 100M
-hash_type = md5
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="specifying-the-remote">Specifying the remote</h3>
-<p>In normal use, make sure the remote has a <code>:</code> in. If you specify the remote without a <code>:</code> then rclone will use a local directory of that name. So if you use a remote of <code>/path/to/secret/files</code> then rclone will chunk stuff in that directory. If you use a remote of <code>name</code> then rclone will put files in a directory called <code>name</code> in the current directory.</p>
-<h3 id="chunking">Chunking</h3>
-<p>When rclone starts a file upload, chunker checks the file size. If it doesn't exceed the configured chunk size, chunker will just pass the file to the wrapped remote. If a file is large, chunker will transparently cut data in pieces with temporary names and stream them one by one, on the fly. Each data chunk will contain the specified number of bytes, except for the last one which may have less data. If file size is unknown in advance (this is called a streaming upload), chunker will internally create a temporary copy, record its size and repeat the above process.</p>
-<p>When upload completes, temporary chunk files are finally renamed. This scheme guarantees that operations can be run in parallel and look from outside as atomic. A similar method with hidden temporary chunks is used for other operations (copy/move/rename, etc.). If an operation fails, hidden chunks are normally destroyed, and the target composite file stays intact.</p>
-<p>When a composite file download is requested, chunker transparently assembles it by concatenating data chunks in order. As the split is trivial one could even manually concatenate data chunks together to obtain the original content.</p>
-<p>When the <code>list</code> rclone command scans a directory on wrapped remote, the potential chunk files are accounted for, grouped and assembled into composite directory entries. Any temporary chunks are hidden.</p>
-<p>List and other commands can sometimes come across composite files with missing or invalid chunks, e.g. shadowed by like-named directory or another file. This usually means that wrapped file system has been directly tampered with or damaged. If chunker detects a missing chunk it will by default print warning, skip the whole incomplete group of chunks but proceed with current command. You can set the <code>--chunker-fail-hard</code> flag to have commands abort with error message in such cases.</p>
-<h4 id="chunk-names">Chunk names</h4>
-<p>The default chunk name format is <code>*.rclone_chunk.###</code>, hence by default chunk names are <code>BIG_FILE_NAME.rclone_chunk.001</code>, <code>BIG_FILE_NAME.rclone_chunk.002</code> etc. You can configure another name format using the <code>name_format</code> configuration file option. The format uses asterisk <code>*</code> as a placeholder for the base file name and one or more consecutive hash characters <code>#</code> as a placeholder for sequential chunk number. There must be one and only one asterisk. The number of consecutive hash characters defines the minimum length of a string representing a chunk number. If decimal chunk number has less digits than the number of hashes, it is left-padded by zeros. If the decimal string is longer, it is left intact. By default numbering starts from 1 but there is another option that allows user to start from 0, e.g. for compatibility with legacy software.</p>
-<p>For example, if name format is <code>big_*-##.part</code> and original file name is <code>data.txt</code> and numbering starts from 0, then the first chunk will be named <code>big_data.txt-00.part</code>, the 99th chunk will be <code>big_data.txt-98.part</code> and the 302nd chunk will become <code>big_data.txt-301.part</code>.</p>
-<p>Note that <code>list</code> assembles composite directory entries only when chunk names match the configured format and treats non-conforming file names as normal non-chunked files.</p>
-<p>When using <code>norename</code> transactions, chunk names will additionally have a unique file version suffix. For example, <code>BIG_FILE_NAME.rclone_chunk.001_bp562k</code>.</p>
-<h3 id="metadata-3">Metadata</h3>
-<p>Besides data chunks chunker will by default create metadata object for a composite file. The object is named after the original file. Chunker allows user to disable metadata completely (the <code>none</code> format). Note that metadata is normally not created for files smaller than the configured chunk size. This may change in future rclone releases.</p>
-<h4 id="simple-json-metadata-format">Simple JSON metadata format</h4>
-<p>This is the default format. It supports hash sums and chunk validation for composite files. Meta objects carry the following fields:</p>
-<ul>
-<li><code>ver</code> - version of format, currently <code>1</code></li>
-<li><code>size</code> - total size of composite file</li>
-<li><code>nchunks</code> - number of data chunks in file</li>
-<li><code>md5</code> - MD5 hashsum of composite file (if present)</li>
-<li><code>sha1</code> - SHA1 hashsum (if present)</li>
-<li><code>txn</code> - identifies current version of the file</li>
-</ul>
-<p>There is no field for composite file name as it's simply equal to the name of meta object on the wrapped remote. Please refer to respective sections for details on hashsums and modified time handling.</p>
-<h4 id="no-metadata">No metadata</h4>
-<p>You can disable meta objects by setting the meta format option to <code>none</code>. In this mode chunker will scan directory for all files that follow configured chunk name format, group them by detecting chunks with the same base name and show group names as virtual composite files. This method is more prone to missing chunk errors (especially missing last chunk) than format with metadata enabled.</p>
-<h3 id="hashsums">Hashsums</h3>
-<p>Chunker supports hashsums only when a compatible metadata is present. Hence, if you choose metadata format of <code>none</code>, chunker will report hashsum as <code>UNSUPPORTED</code>.</p>
-<p>Please note that by default metadata is stored only for composite files. If a file is smaller than configured chunk size, chunker will transparently redirect hash requests to wrapped remote, so support depends on that. You will see the empty string as a hashsum of requested type for small files if the wrapped remote doesn't support it.</p>
-<p>Many storage backends support MD5 and SHA1 hash types, so does chunker. With chunker you can choose one or another but not both. MD5 is set by default as the most supported type. Since chunker keeps hashes for composite files and falls back to the wrapped remote hash for non-chunked ones, we advise you to choose the same hash type as supported by wrapped remote so that your file listings look coherent.</p>
-<p>If your storage backend does not support MD5 or SHA1 but you need consistent file hashing, configure chunker with <code>md5all</code> or <code>sha1all</code>. These two modes guarantee given hash for all files. If wrapped remote doesn't support it, chunker will then add metadata to all files, even small. However, this can double the amount of small files in storage and incur additional service charges. You can even use chunker to force md5/sha1 support in any other remote at expense of sidecar meta objects by setting e.g. <code>chunk_type=sha1all</code> to force hashsums and <code>chunk_size=1P</code> to effectively disable chunking.</p>
-<p>Normally, when a file is copied to chunker controlled remote, chunker will ask the file source for compatible file hash and revert to on-the-fly calculation if none is found. This involves some CPU overhead but provides a guarantee that given hashsum is available. Also, chunker will reject a server-side copy or move operation if source and destination hashsum types are different resulting in the extra network bandwidth, too. In some rare cases this may be undesired, so chunker provides two optional choices: <code>sha1quick</code> and <code>md5quick</code>. If the source does not support primary hash type and the quick mode is enabled, chunker will try to fall back to the secondary type. This will save CPU and bandwidth but can result in empty hashsums at destination. Beware of consequences: the <code>sync</code> command will revert (sometimes silently) to time/size comparison if compatible hashsums between source and target are not found.</p>
-<h3 id="modified-time-2">Modified time</h3>
-<p>Chunker stores modification times using the wrapped remote so support depends on that. For a small non-chunked file the chunker overlay simply manipulates modification time of the wrapped remote file. For a composite file with metadata chunker will get and set modification time of the metadata object on the wrapped remote. If file is chunked but metadata format is <code>none</code> then chunker will use modification time of the first data chunk.</p>
-<h3 id="migrations">Migrations</h3>
-<p>The idiomatic way to migrate to a different chunk size, hash type, transaction style or chunk naming scheme is to:</p>
-<ul>
-<li>Collect all your chunked files under a directory and have your chunker remote point to it.</li>
-<li>Create another directory (most probably on the same cloud storage) and configure a new remote with desired metadata format, hash type, chunk naming etc.</li>
-<li>Now run <code>rclone sync --interactive oldchunks: newchunks:</code> and all your data will be transparently converted in transfer. This may take some time, yet chunker will try server-side copy if possible.</li>
-<li>After checking data integrity you may remove configuration section of the old remote.</li>
-</ul>
-<p>If rclone gets killed during a long operation on a big composite file, hidden temporary chunks may stay in the directory. They will not be shown by the <code>list</code> command but will eat up your account quota. Please note that the <code>deletefile</code> command deletes only active chunks of a file. As a workaround, you can use remote of the wrapped file system to see them. An easy way to get rid of hidden garbage is to copy littered directory somewhere using the chunker remote and purge the original directory. The <code>copy</code> command will copy only active chunks while the <code>purge</code> will remove everything including garbage.</p>
-<h3 id="caveats-and-limitations">Caveats and Limitations</h3>
-<p>Chunker requires wrapped remote to support server-side <code>move</code> (or <code>copy</code> + <code>delete</code>) operations, otherwise it will explicitly refuse to start. This is because it internally renames temporary chunk files to their final names when an operation completes successfully.</p>
-<p>Chunker encodes chunk number in file name, so with default <code>name_format</code> setting it adds 17 characters. Also chunker adds 7 characters of temporary suffix during operations. Many file systems limit base file name without path by 255 characters. Using rclone's crypt remote as a base file system limits file name by 143 characters. Thus, maximum name length is 231 for most files and 119 for chunker-over-crypt. A user in need can change name format to e.g. <code>*.rcc##</code> and save 10 characters (provided at most 99 chunks per file).</p>
-<p>Note that a move implemented using the copy-and-delete method may incur double charging with some cloud storage providers.</p>
-<p>Chunker will not automatically rename existing chunks when you run <code>rclone config</code> on a live remote and change the chunk name format. Beware that in result of this some files which have been treated as chunks before the change can pop up in directory listings as normal files and vice versa. The same warning holds for the chunk size. If you desperately need to change critical chunking settings, you should run data migration as described above.</p>
-<p>If wrapped remote is case insensitive, the chunker overlay will inherit that property (so you can't have a file called "Hello.doc" and "hello.doc" in the same directory).</p>
-<p>Chunker included in rclone releases up to <code>v1.54</code> can sometimes fail to detect metadata produced by recent versions of rclone. We recommend users to keep rclone up-to-date to avoid data corruption.</p>
-<p>Changing <code>transactions</code> is dangerous and requires explicit migration.</p>
-<h3 id="standard-options-7">Standard options</h3>
-<p>Here are the Standard options specific to chunker (Transparently chunk/split large files).</p>
-<h4 id="chunker-remote">--chunker-remote</h4>
-<p>Remote to chunk/unchunk.</p>
-<p>Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: remote</li>
-<li>Env Var: RCLONE_CHUNKER_REMOTE</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="chunker-chunk-size">--chunker-chunk-size</h4>
-<p>Files larger than chunk size will be split in chunks.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_CHUNKER_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 2Gi</li>
-</ul>
-<h4 id="chunker-hash-type">--chunker-hash-type</h4>
-<p>Choose how chunker handles hash sums.</p>
-<p>All modes but "none" require metadata.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: hash_type</li>
-<li>Env Var: RCLONE_CHUNKER_HASH_TYPE</li>
-<li>Type: string</li>
-<li>Default: "md5"</li>
-<li>Examples:
-<ul>
-<li>"none"
-<ul>
-<li>Pass any hash supported by wrapped remote for non-chunked files.</li>
-<li>Return nothing otherwise.</li>
-</ul></li>
-<li>"md5"
-<ul>
-<li>MD5 for composite files.</li>
-</ul></li>
-<li>"sha1"
-<ul>
-<li>SHA1 for composite files.</li>
-</ul></li>
-<li>"md5all"
-<ul>
-<li>MD5 for all files.</li>
-</ul></li>
-<li>"sha1all"
-<ul>
-<li>SHA1 for all files.</li>
-</ul></li>
-<li>"md5quick"
-<ul>
-<li>Copying a file to chunker will request MD5 from the source.</li>
-<li>Falling back to SHA1 if unsupported.</li>
-</ul></li>
-<li>"sha1quick"
-<ul>
-<li>Similar to "md5quick" but prefers SHA1 over MD5.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-6">Advanced options</h3>
-<p>Here are the Advanced options specific to chunker (Transparently chunk/split large files).</p>
-<h4 id="chunker-name-format">--chunker-name-format</h4>
-<p>String format of chunk file names.</p>
-<p>The two placeholders are: base file name (*) and chunk number (#...). There must be one and only one asterisk and one or more consecutive hash characters. If chunk number has less digits than the number of hashes, it is left-padded by zeros. If there are more digits in the number, they are left as is. Possible chunk files are ignored if their name does not match given format.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: name_format</li>
-<li>Env Var: RCLONE_CHUNKER_NAME_FORMAT</li>
-<li>Type: string</li>
-<li>Default: "*.rclone_chunk.###"</li>
-</ul>
-<h4 id="chunker-start-from">--chunker-start-from</h4>
-<p>Minimum valid chunk number. Usually 0 or 1.</p>
-<p>By default chunk numbers start from 1.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: start_from</li>
-<li>Env Var: RCLONE_CHUNKER_START_FROM</li>
-<li>Type: int</li>
-<li>Default: 1</li>
-</ul>
-<h4 id="chunker-meta-format">--chunker-meta-format</h4>
-<p>Format of the metadata object or "none".</p>
-<p>By default "simplejson". Metadata is a small JSON file named after the composite file.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: meta_format</li>
-<li>Env Var: RCLONE_CHUNKER_META_FORMAT</li>
-<li>Type: string</li>
-<li>Default: "simplejson"</li>
-<li>Examples:
-<ul>
-<li>"none"
-<ul>
-<li>Do not use metadata files at all.</li>
-<li>Requires hash type "none".</li>
-</ul></li>
-<li>"simplejson"
-<ul>
-<li>Simple JSON supports hash sums and chunk validation.</li>
-<li></li>
-<li>It has the following fields: ver, size, nchunks, md5, sha1.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="chunker-fail-hard">--chunker-fail-hard</h4>
-<p>Choose how chunker should handle files with missing or invalid chunks.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: fail_hard</li>
-<li>Env Var: RCLONE_CHUNKER_FAIL_HARD</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-<li>Examples:
-<ul>
-<li>"true"
-<ul>
-<li>Report errors and abort current command.</li>
-</ul></li>
-<li>"false"
-<ul>
-<li>Warn user, skip incomplete file and proceed.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="chunker-transactions">--chunker-transactions</h4>
-<p>Choose how chunker should handle temporary files during transactions.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: transactions</li>
-<li>Env Var: RCLONE_CHUNKER_TRANSACTIONS</li>
-<li>Type: string</li>
-<li>Default: "rename"</li>
-<li>Examples:
-<ul>
-<li>"rename"
-<ul>
-<li>Rename temporary files after a successful transaction.</li>
-</ul></li>
-<li>"norename"
-<ul>
-<li>Leave temporary file names and write transaction ID to metadata file.</li>
-<li>Metadata is required for no rename transactions (meta format cannot be "none").</li>
-<li>If you are using norename transactions you should be careful not to downgrade Rclone</li>
-<li>as older versions of Rclone don't support this transaction style and will misinterpret</li>
-<li>files manipulated by norename transactions.</li>
-<li>This method is EXPERIMENTAL, don't use on production systems.</li>
-</ul></li>
-<li>"auto"
-<ul>
-<li>Rename or norename will be used depending on capabilities of the backend.</li>
-<li>If meta format is set to "none", rename transactions will always be used.</li>
-<li>This method is EXPERIMENTAL, don't use on production systems.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h1 id="citrix-sharefile">Citrix ShareFile</h1>
-<p><a href="https://sharefile.com">Citrix ShareFile</a> is a secure file sharing and transfer service aimed as business.</p>
-<h2 id="configuration-8">Configuration</h2>
-<p>The initial setup for Citrix ShareFile involves getting a token from Citrix ShareFile which you can in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-XX / Citrix Sharefile
-   \ &quot;sharefile&quot;
-Storage&gt; sharefile
-** See help for sharefile backend at: https://rclone.org/sharefile/ **
-
-ID of the root folder
-
-Leave blank to access &quot;Personal Folders&quot;.  You can use one of the
-standard values here or any folder ID (long hex number ID).
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Access the Personal Folders. (Default)
-   \ &quot;&quot;
- 2 / Access the Favorites folder.
-   \ &quot;favorites&quot;
- 3 / Access all the shared folders.
-   \ &quot;allshared&quot;
- 4 / Access all the individual connectors.
-   \ &quot;connectors&quot;
- 5 / Access the home, favorites, and shared folders as well as the connectors.
-   \ &quot;top&quot;
-root_folder_id&gt; 
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n&gt; n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = sharefile
-endpoint = https://XXX.sharefile.com
-token = {&quot;access_token&quot;:&quot;XXX&quot;,&quot;token_type&quot;:&quot;bearer&quot;,&quot;refresh_token&quot;:&quot;XXX&quot;,&quot;expiry&quot;:&quot;2019-09-30T19:41:45.878561877+01:00&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Citrix ShareFile. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your ShareFile</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your ShareFile</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an ShareFile directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h3 id="modified-time-and-hashes-2">Modified time and hashes</h3>
-<p>ShareFile allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
-<p>ShareFile supports MD5 type hashes, so you can use the <code>--checksum</code> flag.</p>
-<h3 id="transfers-2">Transfers</h3>
-<p>For files above 128 MiB rclone will use a chunked transfer. Rclone will upload up to <code>--transfers</code> chunks at the same time (shared among all the multipart uploads). Chunks are buffered in memory and are normally 64 MiB so increasing <code>--transfers</code> will increase memory use.</p>
-<h3 id="restricted-filename-characters-5">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-<tr class="even">
-<td>*</td>
-<td style="text-align: center;">0x2A</td>
-<td style="text-align: center;">＊</td>
-</tr>
-<tr class="odd">
-<td>&lt;</td>
-<td style="text-align: center;">0x3C</td>
-<td style="text-align: center;">＜</td>
-</tr>
-<tr class="even">
-<td>&gt;</td>
-<td style="text-align: center;">0x3E</td>
-<td style="text-align: center;">＞</td>
-</tr>
-<tr class="odd">
-<td>?</td>
-<td style="text-align: center;">0x3F</td>
-<td style="text-align: center;">？</td>
-</tr>
-<tr class="even">
-<td>:</td>
-<td style="text-align: center;">0x3A</td>
-<td style="text-align: center;">：</td>
-</tr>
-<tr class="odd">
-<td>|</td>
-<td style="text-align: center;">0x7C</td>
-<td style="text-align: center;">｜</td>
-</tr>
-<tr class="even">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-</tbody>
-</table>
-<p>File names can also not start or end with the following characters. These only get replaced if they are the first or last character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
-</tr>
-<tr class="even">
-<td>.</td>
-<td style="text-align: center;">0x2E</td>
-<td style="text-align: center;">．</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-8">Standard options</h3>
-<p>Here are the Standard options specific to sharefile (Citrix Sharefile).</p>
-<h4 id="sharefile-root-folder-id">--sharefile-root-folder-id</h4>
-<p>ID of the root folder.</p>
-<p>Leave blank to access "Personal Folders". You can use one of the standard values here or any folder ID (long hex number ID).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: root_folder_id</li>
-<li>Env Var: RCLONE_SHAREFILE_ROOT_FOLDER_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Access the Personal Folders (default).</li>
-</ul></li>
-<li>"favorites"
-<ul>
-<li>Access the Favorites folder.</li>
-</ul></li>
-<li>"allshared"
-<ul>
-<li>Access all the shared folders.</li>
-</ul></li>
-<li>"connectors"
-<ul>
-<li>Access all the individual connectors.</li>
-</ul></li>
-<li>"top"
-<ul>
-<li>Access the home, favorites, and shared folders as well as the connectors.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-7">Advanced options</h3>
-<p>Here are the Advanced options specific to sharefile (Citrix Sharefile).</p>
-<h4 id="sharefile-upload-cutoff">--sharefile-upload-cutoff</h4>
-<p>Cutoff for switching to multipart upload.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_SHAREFILE_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 128Mi</li>
-</ul>
-<h4 id="sharefile-chunk-size">--sharefile-chunk-size</h4>
-<p>Upload chunk size.</p>
-<p>Must a power of 2 &gt;= 256k.</p>
-<p>Making this larger will improve performance, but note that each chunk is buffered in memory one per transfer.</p>
-<p>Reducing this will reduce memory usage but decrease performance.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_SHAREFILE_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 64Mi</li>
-</ul>
-<h4 id="sharefile-endpoint">--sharefile-endpoint</h4>
-<p>Endpoint for API calls.</p>
-<p>This is usually auto discovered as part of the oauth process, but can be set manually to something like: https://XXX.sharefile.com</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_SHAREFILE_ENDPOINT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="sharefile-encoding">--sharefile-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_SHAREFILE_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-8">Limitations</h2>
-<p>Note that ShareFile is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<p>ShareFile only supports filenames up to 256 characters in length.</p>
-<p><code>rclone about</code> is not supported by the Citrix ShareFile backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="crypt">Crypt</h1>
-<p>Rclone <code>crypt</code> remotes encrypt and decrypt other remotes.</p>
-<p>A remote of type <code>crypt</code> does not access a <a href="https://rclone.org/overview/">storage system</a> directly, but instead wraps another remote, which in turn accesses the storage system. This is similar to how <a href="https://rclone.org/alias/">alias</a>, <a href="https://rclone.org/union/">union</a>, <a href="https://rclone.org/chunker/">chunker</a> and a few others work. It makes the usage very flexible, as you can add a layer, in this case an encryption layer, on top of any other backend, even in multiple layers. Rclone's functionality can be used as with any other remote, for example you can <a href="https://rclone.org/commands/rclone_mount/">mount</a> a crypt remote.</p>
-<p>Accessing a storage system through a crypt remote realizes client-side encryption, which makes it safe to keep your data in a location you do not trust will not get compromised. When working against the <code>crypt</code> remote, rclone will automatically encrypt (before uploading) and decrypt (after downloading) on your local system as needed on the fly, leaving the data encrypted at rest in the wrapped remote. If you access the storage system using an application other than rclone, or access the wrapped remote directly using rclone, there will not be any encryption/decryption: Downloading existing content will just give you the encrypted (scrambled) format, and anything you upload will <em>not</em> become encrypted.</p>
-<p>The encryption is a secret-key encryption (also called symmetric key encryption) algorithm, where a password (or pass phrase) is used to generate real encryption key. The password can be supplied by user, or you may chose to let rclone generate one. It will be stored in the configuration file, in a lightly obscured form. If you are in an environment where you are not able to keep your configuration secured, you should add <a href="https://rclone.org/docs/#configuration-encryption">configuration encryption</a> as protection. As long as you have this configuration file, you will be able to decrypt your data. Without the configuration file, as long as you remember the password (or keep it in a safe place), you can re-create the configuration and gain access to the existing data. You may also configure a corresponding remote in a different installation to access the same data. See below for guidance to <a href="#changing-password">changing password</a>.</p>
-<p>Encryption uses <a href="https://en.wikipedia.org/wiki/Salt_(cryptography)">cryptographic salt</a>, to permute the encryption key so that the same string may be encrypted in different ways. When configuring the crypt remote it is optional to enter a salt, or to let rclone generate a unique salt. If omitted, rclone uses a built-in unique string. Normally in cryptography, the salt is stored together with the encrypted content, and do not have to be memorized by the user. This is not the case in rclone, because rclone does not store any additional information on the remotes. Use of custom salt is effectively a second password that must be memorized.</p>
-<p><a href="#file-encryption">File content</a> encryption is performed using <a href="https://godoc.org/golang.org/x/crypto/nacl/secretbox">NaCl SecretBox</a>, based on XSalsa20 cipher and Poly1305 for integrity. <a href="#name-encryption">Names</a> (file- and directory names) are also encrypted by default, but this has some implications and is therefore possible to be turned off.</p>
-<h2 id="configuration-9">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>secret</code>.</p>
-<p>To use <code>crypt</code>, first set up the underlying remote. Follow the <code>rclone config</code> instructions for the specific backend.</p>
-<p>Before configuring the crypt remote, check the underlying remote is working. In this example the underlying remote is called <code>remote</code>. We will configure a path <code>path</code> within this remote to contain the encrypted content. Anything inside <code>remote:path</code> will be encrypted and anything outside will not.</p>
-<p>Configure <code>crypt</code> using <code>rclone config</code>. In this example the <code>crypt</code> remote is called <code>secret</code>, to differentiate it from the underlying <code>remote</code>.</p>
-<p>When you are done you can use the crypt remote named <code>secret</code> just as you would with any other remote, e.g. <code>rclone copy D:\docs secret:\docs</code>, and rclone will encrypt and decrypt as needed on the fly. If you access the wrapped remote <code>remote:path</code> directly you will bypass the encryption, and anything you read will be in encrypted form, and anything you write will be unencrypted. To avoid issues it is best to configure a dedicated path for encrypted content, and access it exclusively through a crypt remote.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; secret
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Encrypt/Decrypt a remote
-   \ &quot;crypt&quot;
-[snip]
-Storage&gt; crypt
-** See help for crypt backend at: https://rclone.org/crypt/ **
-
-Remote to encrypt/decrypt.
-Normally should contain a &#39;:&#39; and a path, eg &quot;myremote:path/to/dir&quot;,
-&quot;myremote:bucket&quot; or maybe &quot;myremote:&quot; (not recommended).
-Enter a string value. Press Enter for the default (&quot;&quot;).
-remote&gt; remote:path
-How to encrypt the filenames.
-Enter a string value. Press Enter for the default (&quot;standard&quot;).
-Choose a number from below, or type in your own value.
-   / Encrypt the filenames.
- 1 | See the docs for the details.
-   \ &quot;standard&quot;
- 2 / Very simple filename obfuscation.
-   \ &quot;obfuscate&quot;
-   / Don&#39;t encrypt the file names.
- 3 | Adds a &quot;.bin&quot; extension only.
-   \ &quot;off&quot;
-filename_encryption&gt;
-Option to either encrypt directory names or leave them intact.
-
-NB If filename_encryption is &quot;off&quot; then this option will do nothing.
-Enter a boolean value (true or false). Press Enter for the default (&quot;true&quot;).
-Choose a number from below, or type in your own value
- 1 / Encrypt directory names.
-   \ &quot;true&quot;
- 2 / Don&#39;t encrypt directory names, leave them intact.
-   \ &quot;false&quot;
-directory_name_encryption&gt;
-Password or pass phrase for encryption.
-y) Yes type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Password or pass phrase for salt. Optional but recommended.
-Should be different to the previous password.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n&gt; g
-Password strength in bits.
-64 is just about memorable
-128 is secure
-1024 is the maximum
-Bits&gt; 128
-Your password is: JAsJvRcgR-_veXNfy_sGmQ
-Use this password? Please note that an obscured version of this
-password (and not the password itself) will be stored under your
-configuration file, so keep this generated password in a safe place.
-y) Yes (default)
-n) No
-y/n&gt;
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt;
-Remote config
---------------------
-[secret]
-type = crypt
-remote = remote:path
-password = *** ENCRYPTED ***
-password2 = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt;</code></pre>
-<p><strong>Important</strong> The crypt password stored in <code>rclone.conf</code> is lightly obscured. That only protects it from cursory inspection. It is not secure unless <a href="https://rclone.org/docs/#configuration-encryption">configuration encryption</a> of <code>rclone.conf</code> is specified.</p>
-<p>A long passphrase is recommended, or <code>rclone config</code> can generate a random one.</p>
-<p>The obscured password is created using AES-CTR with a static key. The salt is stored verbatim at the beginning of the obscured password. This static key is shared between all versions of rclone.</p>
-<p>If you reconfigure rclone with the same passwords/passphrases elsewhere it will be compatible, but the obscured version will be different due to the different salt.</p>
-<p>Rclone does not encrypt</p>
-<ul>
-<li>file length - this can be calculated within 16 bytes</li>
-<li>modification time - used for syncing</li>
-</ul>
-<h3 id="specifying-the-remote-1">Specifying the remote</h3>
-<p>When configuring the remote to encrypt/decrypt, you may specify any string that rclone accepts as a source/destination of other commands.</p>
-<p>The primary use case is to specify the path into an already configured remote (e.g. <code>remote:path/to/dir</code> or <code>remote:bucket</code>), such that data in a remote untrusted location can be stored encrypted.</p>
-<p>You may also specify a local filesystem path, such as <code>/path/to/dir</code> on Linux, <code>C:\path\to\dir</code> on Windows. By creating a crypt remote pointing to such a local filesystem path, you can use rclone as a utility for pure local file encryption, for example to keep encrypted files on a removable USB drive.</p>
-<p><strong>Note</strong>: A string which do not contain a <code>:</code> will by rclone be treated as a relative path in the local filesystem. For example, if you enter the name <code>remote</code> without the trailing <code>:</code>, it will be treated as a subdirectory of the current directory with name "remote".</p>
-<p>If a path <code>remote:path/to/dir</code> is specified, rclone stores encrypted files in <code>path/to/dir</code> on the remote. With file name encryption, files saved to <code>secret:subdir/subfile</code> are stored in the unencrypted path <code>path/to/dir</code> but the <code>subdir/subpath</code> element is encrypted.</p>
-<p>The path you specify does not have to exist, rclone will create it when needed.</p>
-<p>If you intend to use the wrapped remote both directly for keeping unencrypted content, as well as through a crypt remote for encrypted content, it is recommended to point the crypt remote to a separate directory within the wrapped remote. If you use a bucket-based storage system (e.g. Swift, S3, Google Compute Storage, B2) it is generally advisable to wrap the crypt remote around a specific bucket (<code>s3:bucket</code>). If wrapping around the entire root of the storage (<code>s3:</code>), and use the optional file name encryption, rclone will encrypt the bucket name.</p>
-<h3 id="changing-password">Changing password</h3>
-<p>Should the password, or the configuration file containing a lightly obscured form of the password, be compromised, you need to re-encrypt your data with a new password. Since rclone uses secret-key encryption, where the encryption key is generated directly from the password kept on the client, it is not possible to change the password/key of already encrypted content. Just changing the password configured for an existing crypt remote means you will no longer able to decrypt any of the previously encrypted content. The only possibility is to re-upload everything via a crypt remote configured with your new password.</p>
-<p>Depending on the size of your data, your bandwidth, storage quota etc, there are different approaches you can take: - If you have everything in a different location, for example on your local system, you could remove all of the prior encrypted files, change the password for your configured crypt remote (or delete and re-create the crypt configuration), and then re-upload everything from the alternative location. - If you have enough space on the storage system you can create a new crypt remote pointing to a separate directory on the same backend, and then use rclone to copy everything from the original crypt remote to the new, effectively decrypting everything on the fly using the old password and re-encrypting using the new password. When done, delete the original crypt remote directory and finally the rclone crypt configuration with the old password. All data will be streamed from the storage system and back, so you will get half the bandwidth and be charged twice if you have upload and download quota on the storage system.</p>
-<p><strong>Note</strong>: A security problem related to the random password generator was fixed in rclone version 1.53.3 (released 2020-11-19). Passwords generated by rclone config in version 1.49.0 (released 2019-08-26) to 1.53.2 (released 2020-10-26) are not considered secure and should be changed. If you made up your own password, or used rclone version older than 1.49.0 or newer than 1.53.2 to generate it, you are <em>not</em> affected by this issue. See <a href="https://github.com/rclone/rclone/issues/4783">issue #4783</a> for more details, and a tool you can use to check if you are affected.</p>
-<h3 id="example">Example</h3>
-<p>Create the following file structure using "standard" file name encryption.</p>
-<pre><code>plaintext/
-├── file0.txt
-├── file1.txt
-└── subdir
-    ├── file2.txt
-    ├── file3.txt
-    └── subsubdir
-        └── file4.txt</code></pre>
-<p>Copy these to the remote, and list them</p>
-<pre><code>$ rclone -q copy plaintext secret:
-$ rclone -q ls secret:
-        7 file1.txt
-        6 file0.txt
-        8 subdir/file2.txt
-       10 subdir/subsubdir/file4.txt
-        9 subdir/file3.txt</code></pre>
-<p>The crypt remote looks like</p>
-<pre><code>$ rclone -q ls remote:path
-       55 hagjclgavj2mbiqm6u6cnjjqcg
-       54 v05749mltvv1tf4onltun46gls
-       57 86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo
-       58 86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
-       56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps</code></pre>
-<p>The directory structure is preserved</p>
-<pre><code>$ rclone -q ls secret:subdir
-        8 file2.txt
-        9 file3.txt
-       10 subsubdir/file4.txt</code></pre>
-<p>Without file name encryption <code>.bin</code> extensions are added to underlying names. This prevents the cloud provider attempting to interpret file content.</p>
-<pre><code>$ rclone -q ls remote:path
-       54 file0.txt.bin
-       57 subdir/file3.txt.bin
-       56 subdir/file2.txt.bin
-       58 subdir/subsubdir/file4.txt.bin
-       55 file1.txt.bin</code></pre>
-<h3 id="file-name-encryption-modes">File name encryption modes</h3>
-<p>Off</p>
-<ul>
-<li>doesn't hide file names or directory structure</li>
-<li>allows for longer file names (~246 characters)</li>
-<li>can use sub paths and copy single files</li>
-</ul>
-<p>Standard</p>
-<ul>
-<li>file names encrypted</li>
-<li>file names can't be as long (~143 characters)</li>
-<li>can use sub paths and copy single files</li>
-<li>directory structure visible</li>
-<li>identical files names will have identical uploaded names</li>
-<li>can use shortcuts to shorten the directory recursion</li>
-</ul>
-<p>Obfuscation</p>
-<p>This is a simple "rotate" of the filename, with each file having a rot distance based on the filename. Rclone stores the distance at the beginning of the filename. A file called "hello" may become "53.jgnnq".</p>
-<p>Obfuscation is not a strong encryption of filenames, but hinders automated scanning tools picking up on filename patterns. It is an intermediate between "off" and "standard" which allows for longer path segment names.</p>
-<p>There is a possibility with some unicode based filenames that the obfuscation is weak and may map lower case characters to upper case equivalents.</p>
-<p>Obfuscation cannot be relied upon for strong protection.</p>
-<ul>
-<li>file names very lightly obfuscated</li>
-<li>file names can be longer than standard encryption</li>
-<li>can use sub paths and copy single files</li>
-<li>directory structure visible</li>
-<li>identical files names will have identical uploaded names</li>
-</ul>
-<p>Cloud storage systems have limits on file name length and total path length which rclone is more likely to breach using "Standard" file name encryption. Where file names are less than 156 characters in length issues should not be encountered, irrespective of cloud storage provider.</p>
-<p>An experimental advanced option <code>filename_encoding</code> is now provided to address this problem to a certain degree. For cloud storage systems with case sensitive file names (e.g. Google Drive), <code>base64</code> can be used to reduce file name length. For cloud storage systems using UTF-16 to store file names internally (e.g. OneDrive), <code>base32768</code> can be used to drastically reduce file name length.</p>
-<p>An alternative, future rclone file name encryption mode may tolerate backend provider path length limits.</p>
-<h3 id="directory-name-encryption">Directory name encryption</h3>
-<p>Crypt offers the option of encrypting dir names or leaving them intact. There are two options:</p>
-<p>True</p>
-<p>Encrypts the whole file path including directory names Example: <code>1/12/123.txt</code> is encrypted to <code>p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0</code></p>
-<p>False</p>
-<p>Only encrypts file names, skips directory names Example: <code>1/12/123.txt</code> is encrypted to <code>1/12/qgm4avr35m5loi1th53ato71v0</code></p>
-<h3 id="modified-time-and-hashes-3">Modified time and hashes</h3>
-<p>Crypt stores modification times using the underlying remote so support depends on that.</p>
-<p>Hashes are not stored for crypt. However the data integrity is protected by an extremely strong crypto authenticator.</p>
-<p>Use the <code>rclone cryptcheck</code> command to check the integrity of a crypted remote instead of <code>rclone check</code> which can't check the checksums properly.</p>
-<h3 id="standard-options-9">Standard options</h3>
-<p>Here are the Standard options specific to crypt (Encrypt/Decrypt a remote).</p>
-<h4 id="crypt-remote">--crypt-remote</h4>
-<p>Remote to encrypt/decrypt.</p>
-<p>Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: remote</li>
-<li>Env Var: RCLONE_CRYPT_REMOTE</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="crypt-filename-encryption">--crypt-filename-encryption</h4>
-<p>How to encrypt the filenames.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: filename_encryption</li>
-<li>Env Var: RCLONE_CRYPT_FILENAME_ENCRYPTION</li>
-<li>Type: string</li>
-<li>Default: "standard"</li>
-<li>Examples:
-<ul>
-<li>"standard"
-<ul>
-<li>Encrypt the filenames.</li>
-<li>See the docs for the details.</li>
-</ul></li>
-<li>"obfuscate"
-<ul>
-<li>Very simple filename obfuscation.</li>
-</ul></li>
-<li>"off"
-<ul>
-<li>Don't encrypt the file names.</li>
-<li>Adds a ".bin" extension only.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="crypt-directory-name-encryption">--crypt-directory-name-encryption</h4>
-<p>Option to either encrypt directory names or leave them intact.</p>
-<p>NB If filename_encryption is "off" then this option will do nothing.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: directory_name_encryption</li>
-<li>Env Var: RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-<li>Examples:
-<ul>
-<li>"true"
-<ul>
-<li>Encrypt directory names.</li>
-</ul></li>
-<li>"false"
-<ul>
-<li>Don't encrypt directory names, leave them intact.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="crypt-password">--crypt-password</h4>
-<p>Password or pass phrase for encryption.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password</li>
-<li>Env Var: RCLONE_CRYPT_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="crypt-password2">--crypt-password2</h4>
-<p>Password or pass phrase for salt.</p>
-<p>Optional but recommended. Should be different to the previous password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password2</li>
-<li>Env Var: RCLONE_CRYPT_PASSWORD2</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-8">Advanced options</h3>
-<p>Here are the Advanced options specific to crypt (Encrypt/Decrypt a remote).</p>
-<h4 id="crypt-server-side-across-configs">--crypt-server-side-across-configs</h4>
-<p>Allow server-side operations (e.g. copy) to work across different crypt configs.</p>
-<p>Normally this option is not what you want, but if you have two crypts pointing to the same backend you can use it.</p>
-<p>This can be used, for example, to change file name encryption type without re-uploading all the data. Just make two crypt backends pointing to two different directories with the single changed parameter and use rclone move to move the files between the crypt remotes.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: server_side_across_configs</li>
-<li>Env Var: RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="crypt-show-mapping">--crypt-show-mapping</h4>
-<p>For all files listed show how the names encrypt.</p>
-<p>If this flag is set then for each file that the remote is asked to list, it will log (at level INFO) a line stating the decrypted file name and the encrypted file name.</p>
-<p>This is so you can work out which encrypted names are which decrypted names just in case you need to do something with the encrypted file names, or for debugging purposes.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: show_mapping</li>
-<li>Env Var: RCLONE_CRYPT_SHOW_MAPPING</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="crypt-no-data-encryption">--crypt-no-data-encryption</h4>
-<p>Option to either encrypt file data or leave it unencrypted.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_data_encryption</li>
-<li>Env Var: RCLONE_CRYPT_NO_DATA_ENCRYPTION</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-<li>Examples:
-<ul>
-<li>"true"
-<ul>
-<li>Don't encrypt file data, leave it unencrypted.</li>
-</ul></li>
-<li>"false"
-<ul>
-<li>Encrypt file data.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="crypt-filename-encoding">--crypt-filename-encoding</h4>
-<p>How to encode the encrypted filename to text string.</p>
-<p>This option could help with shortening the encrypted filename. The suitable option would depend on the way your remote count the filename length and if it's case sensitive.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: filename_encoding</li>
-<li>Env Var: RCLONE_CRYPT_FILENAME_ENCODING</li>
-<li>Type: string</li>
-<li>Default: "base32"</li>
-<li>Examples:
-<ul>
-<li>"base32"
-<ul>
-<li>Encode using base32. Suitable for all remote.</li>
-</ul></li>
-<li>"base64"
-<ul>
-<li>Encode using base64. Suitable for case sensitive remote.</li>
-</ul></li>
-<li>"base32768"
-<ul>
-<li>Encode using base32768. Suitable if your remote counts UTF-16 or</li>
-<li>Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive)</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="metadata-4">Metadata</h3>
-<p>Any metadata supported by the underlying remote is read and written.</p>
-<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
-<h2 id="backend-commands-2">Backend commands</h2>
-<p>Here are the commands specific to the crypt backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="encode">encode</h3>
-<p>Encode the given filename(s)</p>
-<pre><code>rclone backend encode remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This encodes the filenames given as arguments returning a list of strings of the encoded results.</p>
-<p>Usage Example:</p>
-<pre><code>rclone backend encode crypt: file1 [file2...]
-rclone rc backend/command command=encode fs=crypt: file1 [file2...]</code></pre>
-<h3 id="decode">decode</h3>
-<p>Decode the given filename(s)</p>
-<pre><code>rclone backend decode remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This decodes the filenames given as arguments returning a list of strings of the decoded results. It will return an error if any of the inputs are invalid.</p>
-<p>Usage Example:</p>
-<pre><code>rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
-rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]</code></pre>
-<h2 id="backing-up-a-crypted-remote">Backing up a crypted remote</h2>
-<p>If you wish to backup a crypted remote, it is recommended that you use <code>rclone sync</code> on the encrypted files, and make sure the passwords are the same in the new encrypted remote.</p>
-<p>This will have the following advantages</p>
-<ul>
-<li><code>rclone sync</code> will check the checksums while copying</li>
-<li>you can use <code>rclone check</code> between the encrypted remotes</li>
-<li>you don't decrypt and encrypt unnecessarily</li>
-</ul>
-<p>For example, let's say you have your original remote at <code>remote:</code> with the encrypted version at <code>eremote:</code> with path <code>remote:crypt</code>. You would then set up the new remote <code>remote2:</code> and then the encrypted version <code>eremote2:</code> with path <code>remote2:crypt</code> using the same passwords as <code>eremote:</code>.</p>
-<p>To sync the two remotes you would do</p>
-<pre><code>rclone sync --interactive remote:crypt remote2:crypt</code></pre>
-<p>And to check the integrity you would do</p>
-<pre><code>rclone check remote:crypt remote2:crypt</code></pre>
-<h2 id="file-formats">File formats</h2>
-<h3 id="file-encryption">File encryption</h3>
-<p>Files are encrypted 1:1 source file to destination object. The file has a header and is divided into chunks.</p>
-<h4 id="header-1">Header</h4>
-<ul>
-<li>8 bytes magic string <code>RCLONE\x00\x00</code></li>
-<li>24 bytes Nonce (IV)</li>
-</ul>
-<p>The initial nonce is generated from the operating systems crypto strong random number generator. The nonce is incremented for each chunk read making sure each nonce is unique for each block written. The chance of a nonce being re-used is minuscule. If you wrote an exabyte of data (10¹⁸ bytes) you would have a probability of approximately 2×10⁻³² of re-using a nonce.</p>
-<h4 id="chunk">Chunk</h4>
-<p>Each chunk will contain 64 KiB of data, except for the last one which may have less data. The data chunk is in standard NaCl SecretBox format. SecretBox uses XSalsa20 and Poly1305 to encrypt and authenticate messages.</p>
-<p>Each chunk contains:</p>
-<ul>
-<li>16 Bytes of Poly1305 authenticator</li>
-<li>1 - 65536 bytes XSalsa20 encrypted data</li>
-</ul>
-<p>64k chunk size was chosen as the best performing chunk size (the authenticator takes too much time below this and the performance drops off due to cache effects above this). Note that these chunks are buffered in memory so they can't be too big.</p>
-<p>This uses a 32 byte (256 bit key) key derived from the user password.</p>
-<h4 id="examples-1">Examples</h4>
-<p>1 byte file will encrypt to</p>
-<ul>
-<li>32 bytes header</li>
-<li>17 bytes data chunk</li>
-</ul>
-<p>49 bytes total</p>
-<p>1 MiB (1048576 bytes) file will encrypt to</p>
-<ul>
-<li>32 bytes header</li>
-<li>16 chunks of 65568 bytes</li>
-</ul>
-<p>1049120 bytes total (a 0.05% overhead). This is the overhead for big files.</p>
-<h3 id="name-encryption">Name encryption</h3>
-<p>File names are encrypted segment by segment - the path is broken up into <code>/</code> separated strings and these are encrypted individually.</p>
-<p>File segments are padded using PKCS#7 to a multiple of 16 bytes before encryption.</p>
-<p>They are then encrypted with EME using AES with 256 bit key. EME (ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003 paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway.</p>
-<p>This makes for deterministic encryption which is what we want - the same filename must encrypt to the same thing otherwise we can't find it on the cloud storage system.</p>
-<p>This means that</p>
-<ul>
-<li>filenames with the same name will encrypt the same</li>
-<li>filenames which start the same won't have a common prefix</li>
-</ul>
-<p>This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of which are derived from the user password.</p>
-<p>After encryption they are written out using a modified version of standard <code>base32</code> encoding as described in RFC4648. The standard encoding is modified in two ways:</p>
-<ul>
-<li>it becomes lower case (no-one likes upper case filenames!)</li>
-<li>we strip the padding character <code>=</code></li>
-</ul>
-<p><code>base32</code> is used rather than the more efficient <code>base64</code> so rclone can be used on case insensitive remotes (e.g. Windows, Amazon Drive).</p>
-<h3 id="key-derivation">Key derivation</h3>
-<p>Rclone uses <code>scrypt</code> with parameters <code>N=16384, r=8, p=1</code> with an optional user supplied salt (password2) to derive the 32+32+16 = 80 bytes of key material required. If the user doesn't supply a salt then rclone uses an internal one.</p>
-<p><code>scrypt</code> makes it impractical to mount a dictionary attack on rclone encrypted data. For full protection against this you should always use a salt.</p>
-<h2 id="see-also-85">SEE ALSO</h2>
-<ul>
-<li><a href="https://rclone.org/commands/rclone_cryptdecode/">rclone cryptdecode</a> - Show forward/reverse mapping of encrypted filenames</li>
-</ul>
-<h1 id="compress">Compress</h1>
-<h2 id="warning">Warning</h2>
-<p>This remote is currently <strong>experimental</strong>. Things may break and data may be lost. Anything you do with this remote is at your own risk. Please understand the risks associated with using experimental code and don't use this remote in critical applications.</p>
-<p>The <code>Compress</code> remote adds compression to another remote. It is best used with remotes containing many large compressible files.</p>
-<h2 id="configuration-10">Configuration</h2>
-<p>To use this remote, all you need to do is specify another remote and a compression mode to use:</p>
-<pre><code>Current remotes:
-
-Name                 Type
-====                 ====
-remote_to_press      sometype
-
-e) Edit existing remote
-$ rclone config
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q&gt; n
-name&gt; compress
-...
- 8 / Compress a remote
-   \ &quot;compress&quot;
-...
-Storage&gt; compress
-** See help for compress backend at: https://rclone.org/compress/ **
-
-Remote to compress.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-remote&gt; remote_to_press:subdir 
-Compression mode.
-Enter a string value. Press Enter for the default (&quot;gzip&quot;).
-Choose a number from below, or type in your own value
- 1 / Gzip compression balanced for speed and compression strength.
-   \ &quot;gzip&quot;
-compression_mode&gt; gzip
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
---------------------
-[compress]
-type = compress
-remote = remote_to_press:subdir
-compression_mode = gzip
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="compression-modes">Compression Modes</h3>
-<p>Currently only gzip compression is supported. It provides a decent balance between speed and size and is well supported by other applications. Compression strength can further be configured via an advanced setting where 0 is no compression and 9 is strongest compression.</p>
-<h3 id="file-types">File types</h3>
-<p>If you open a remote wrapped by compress, you will see that there are many files with an extension corresponding to the compression algorithm you chose. These files are standard files that can be opened by various archive programs, but they have some hidden metadata that allows them to be used by rclone. While you may download and decompress these files at will, do <strong>not</strong> manually delete or rename files. Files without correct metadata files will not be recognized by rclone.</p>
-<h3 id="file-names">File names</h3>
-<p>The compressed files will be named <code>*.###########.gz</code> where <code>*</code> is the base file and the <code>#</code> part is base64 encoded size of the uncompressed file. The file names should not be changed by anything other than the rclone compression backend.</p>
-<h3 id="standard-options-10">Standard options</h3>
-<p>Here are the Standard options specific to compress (Compress a remote).</p>
-<h4 id="compress-remote">--compress-remote</h4>
-<p>Remote to compress.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: remote</li>
-<li>Env Var: RCLONE_COMPRESS_REMOTE</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="compress-mode">--compress-mode</h4>
-<p>Compression mode.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: mode</li>
-<li>Env Var: RCLONE_COMPRESS_MODE</li>
-<li>Type: string</li>
-<li>Default: "gzip"</li>
-<li>Examples:
-<ul>
-<li>"gzip"
-<ul>
-<li>Standard gzip compression with fastest parameters.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-9">Advanced options</h3>
-<p>Here are the Advanced options specific to compress (Compress a remote).</p>
-<h4 id="compress-level">--compress-level</h4>
-<p>GZIP compression level (-2 to 9).</p>
-<p>Generally -1 (default, equivalent to 5) is recommended. Levels 1 to 9 increase compression at the cost of speed. Going past 6 generally offers very little return.</p>
-<p>Level -2 uses Huffman encoding only. Only use if you know what you are doing. Level 0 turns off compression.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: level</li>
-<li>Env Var: RCLONE_COMPRESS_LEVEL</li>
-<li>Type: int</li>
-<li>Default: -1</li>
-</ul>
-<h4 id="compress-ram-cache-limit">--compress-ram-cache-limit</h4>
-<p>Some remotes don't allow the upload of files with unknown size. In this case the compressed file will need to be cached to determine it's size.</p>
-<p>Files smaller than this limit will be cached in RAM, files larger than this limit will be cached on disk.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: ram_cache_limit</li>
-<li>Env Var: RCLONE_COMPRESS_RAM_CACHE_LIMIT</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 20Mi</li>
-</ul>
-<h3 id="metadata-5">Metadata</h3>
-<p>Any metadata supported by the underlying remote is read and written.</p>
-<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
-<h1 id="combine">Combine</h1>
-<p>The <code>combine</code> backend joins remotes together into a single directory tree.</p>
-<p>For example you might have a remote for images on one provider:</p>
-<pre><code>$ rclone tree s3:imagesbucket
-/
-├── image1.jpg
-└── image2.jpg</code></pre>
-<p>And a remote for files on another:</p>
-<pre><code>$ rclone tree drive:important/files
-/
-├── file1.txt
-└── file2.txt</code></pre>
-<p>The <code>combine</code> backend can join these together into a synthetic directory structure like this:</p>
-<pre><code>$ rclone tree combined:
-/
-├── files
-│   ├── file1.txt
-│   └── file2.txt
-└── images
-    ├── image1.jpg
-    └── image2.jpg</code></pre>
-<p>You'd do this by specifying an <code>upstreams</code> parameter in the config like this</p>
-<pre><code>upstreams = images=s3:imagesbucket files=drive:important/files</code></pre>
-<p>During the initial setup with <code>rclone config</code> you will specify the upstreams remotes as a space separated list. The upstream remotes can either be a local paths or other remotes.</p>
-<h2 id="configuration-11">Configuration</h2>
-<p>Here is an example of how to make a combine called <code>remote</code> for the example above. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-...
-XX / Combine several remotes into one
-   \ (combine)
-...
-Storage&gt; combine
-Option upstreams.
-Upstreams for combining
-These should be in the form
-    dir=remote:path dir2=remote2:path
-Where before the = is specified the root directory and after is the remote to
-put there.
-Embedded spaces can be added using quotes
-    &quot;dir=remote:path with space&quot; &quot;dir2=remote2:path with space&quot;
-Enter a fs.SpaceSepList value.
-upstreams&gt; images=s3:imagesbucket files=drive:important/files
---------------------
-[remote]
-type = combine
-upstreams = images=s3:imagesbucket files=drive:important/files
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="configuring-for-google-drive-shared-drives">Configuring for Google Drive Shared Drives</h3>
-<p>Rclone has a convenience feature for making a combine backend for all the shared drives you have access to.</p>
-<p>Assuming your main (non shared drive) Google drive remote is called <code>drive:</code> you would run</p>
-<pre><code>rclone backend -o config drives drive:</code></pre>
-<p>This would produce something like this:</p>
-<pre><code>[My Drive]
-type = alias
-remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
-
-[Test Drive]
-type = alias
-remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
-
-[AllDrives]
-type = combine
-upstreams = &quot;My Drive=My Drive:&quot; &quot;Test Drive=Test Drive:&quot;</code></pre>
-<p>If you then add that config to your config file (find it with <code>rclone config file</code>) then you can access all the shared drives in one place with the <code>AllDrives:</code> remote.</p>
-<p>See <a href="https://rclone.org/drive/#drives">the Google Drive docs</a> for full info.</p>
-<h3 id="standard-options-11">Standard options</h3>
-<p>Here are the Standard options specific to combine (Combine several remotes into one).</p>
-<h4 id="combine-upstreams">--combine-upstreams</h4>
-<p>Upstreams for combining</p>
-<p>These should be in the form</p>
-<pre><code>dir=remote:path dir2=remote2:path</code></pre>
-<p>Where before the = is specified the root directory and after is the remote to put there.</p>
-<p>Embedded spaces can be added using quotes</p>
-<pre><code>&quot;dir=remote:path with space&quot; &quot;dir2=remote2:path with space&quot;</code></pre>
-<p>Properties:</p>
-<ul>
-<li>Config: upstreams</li>
-<li>Env Var: RCLONE_COMBINE_UPSTREAMS</li>
-<li>Type: SpaceSepList</li>
-<li>Default:</li>
-</ul>
-<h3 id="metadata-6">Metadata</h3>
-<p>Any metadata supported by the underlying remote is read and written.</p>
-<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
-<h1 id="dropbox">Dropbox</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Dropbox paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-12">Configuration</h2>
-<p>The initial setup for dropbox involves getting a token from Dropbox which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Dropbox
-   \ &quot;dropbox&quot;
-[snip]
-Storage&gt; dropbox
-Dropbox App Key - leave blank normally.
-app_key&gt;
-Dropbox App Secret - leave blank normally.
-app_secret&gt;
-Remote config
-Please visit:
-https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&amp;response_type=code
-Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX
---------------------
-[remote]
-app_key =
-app_secret =
-token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Dropbox. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</p>
-<p>You can then use it like this,</p>
-<p>List directories in top level of your dropbox</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your dropbox</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to a dropbox directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="dropbox-for-business">Dropbox for business</h3>
-<p>Rclone supports Dropbox for business and Team Folders.</p>
-<p>When using Dropbox for business <code>remote:</code> and <code>remote:path/to/file</code> will refer to your personal folder.</p>
-<p>If you wish to see Team Folders you must use a leading <code>/</code> in the path, so <code>rclone lsd remote:/</code> will refer to the root and show you all Team Folders and your User Folder.</p>
-<p>You can then use team folders like this <code>remote:/TeamFolder</code> and <code>remote:/TeamFolder/path/to/file</code>.</p>
-<p>A leading <code>/</code> for a Dropbox personal account will do nothing, but it will take an extra HTTP transaction so it should be avoided.</p>
-<h3 id="modified-time-and-hashes-4">Modified time and Hashes</h3>
-<p>Dropbox supports modified times, but the only way to set a modification time is to re-upload the file.</p>
-<p>This means that if you uploaded your data with an older version of rclone which didn't support the v2 API and modified times, rclone will decide to upload all your old data to fix the modification times. If you don't want this to happen use <code>--size-only</code> or <code>--checksum</code> flag to stop it.</p>
-<p>Dropbox supports <a href="https://www.dropbox.com/developers/reference/content-hash">its own hash type</a> which is checked for all transfers.</p>
-<h3 id="restricted-filename-characters-6">Restricted filename characters</h3>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>NUL</td>
-<td style="text-align: center;">0x00</td>
-<td style="text-align: center;">␀</td>
-</tr>
-<tr class="even">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-<tr class="odd">
-<td>DEL</td>
-<td style="text-align: center;">0x7F</td>
-<td style="text-align: center;">␡</td>
-</tr>
-<tr class="even">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-</tbody>
-</table>
-<p>File names can also not end with the following characters. These only get replaced if they are the last character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="batch-mode">Batch mode uploads</h3>
-<p>Using batch mode uploads is very important for performance when using the Dropbox API. See <a href="https://developers.dropbox.com/dbx-performance-guide">the dropbox performance guide</a> for more info.</p>
-<p>There are 3 modes rclone can use for uploads.</p>
-<h4 id="dropbox-batch-mode-off">--dropbox-batch-mode off</h4>
-<p>In this mode rclone will not use upload batching. This was the default before rclone v1.55. It has the disadvantage that it is very likely to encounter <code>too_many_requests</code> errors like this</p>
-<pre><code>NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.</code></pre>
-<p>When rclone receives these it has to wait for 15s or sometimes 300s before continuing which really slows down transfers.</p>
-<p>This will happen especially if <code>--transfers</code> is large, so this mode isn't recommended except for compatibility or investigating problems.</p>
-<h4 id="dropbox-batch-mode-sync">--dropbox-batch-mode sync</h4>
-<p>In this mode rclone will batch up uploads to the size specified by <code>--dropbox-batch-size</code> and commit them together.</p>
-<p>Using this mode means you can use a much higher <code>--transfers</code> parameter (32 or 64 works fine) without receiving <code>too_many_requests</code> errors.</p>
-<p>This mode ensures full data integrity.</p>
-<p>Note that there may be a pause when quitting rclone while rclone finishes up the last batch using this mode.</p>
-<h4 id="dropbox-batch-mode-async">--dropbox-batch-mode async</h4>
-<p>In this mode rclone will batch up uploads to the size specified by <code>--dropbox-batch-size</code> and commit them together.</p>
-<p>However it will not wait for the status of the batch to be returned to the caller. This means rclone can use a much bigger batch size (much bigger than <code>--transfers</code>), at the cost of not being able to check the status of the upload.</p>
-<p>This provides the maximum possible upload speed especially with lots of small files, however rclone can't check the file got uploaded properly using this mode.</p>
-<p>If you are using this mode then using "rclone check" after the transfer completes is recommended. Or you could do an initial transfer with <code>--dropbox-batch-mode async</code> then do a final transfer with <code>--dropbox-batch-mode sync</code> (the default).</p>
-<p>Note that there may be a pause when quitting rclone while rclone finishes up the last batch using this mode.</p>
-<h3 id="standard-options-12">Standard options</h3>
-<p>Here are the Standard options specific to dropbox (Dropbox).</p>
-<h4 id="dropbox-client-id">--dropbox-client-id</h4>
-<p>OAuth Client Id.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_DROPBOX_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="dropbox-client-secret">--dropbox-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_DROPBOX_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-10">Advanced options</h3>
-<p>Here are the Advanced options specific to dropbox (Dropbox).</p>
-<h4 id="dropbox-token">--dropbox-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_DROPBOX_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="dropbox-auth-url">--dropbox-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_DROPBOX_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="dropbox-token-url">--dropbox-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_DROPBOX_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="dropbox-chunk-size">--dropbox-chunk-size</h4>
-<p>Upload chunk size (&lt; 150Mi).</p>
-<p>Any files larger than this will be uploaded in chunks of this size.</p>
-<p>Note that chunks are buffered in memory (one at a time) so rclone can deal with retries. Setting this larger will increase the speed slightly (at most 10% for 128 MiB in tests) at the cost of using more memory. It can be set smaller if you are tight on memory.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_DROPBOX_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 48Mi</li>
-</ul>
-<h4 id="dropbox-impersonate">--dropbox-impersonate</h4>
-<p>Impersonate this user when using a business account.</p>
-<p>Note that if you want to use impersonate, you should make sure this flag is set when running "rclone config" as this will cause rclone to request the "members.read" scope which it won't normally. This is needed to lookup a members email address into the internal ID that dropbox uses in the API.</p>
-<p>Using the "members.read" scope will require a Dropbox Team Admin to approve during the OAuth flow.</p>
-<p>You will have to use your own App (setting your own client_id and client_secret) to use this option as currently rclone's default set of permissions doesn't include "members.read". This can be added once v1.55 or later is in use everywhere.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: impersonate</li>
-<li>Env Var: RCLONE_DROPBOX_IMPERSONATE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="dropbox-shared-files">--dropbox-shared-files</h4>
-<p>Instructs rclone to work on individual shared files.</p>
-<p>In this mode rclone's features are extremely limited - only list (ls, lsl, etc.) operations and read operations (e.g. downloading) are supported in this mode. All other operations will be disabled.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: shared_files</li>
-<li>Env Var: RCLONE_DROPBOX_SHARED_FILES</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="dropbox-shared-folders">--dropbox-shared-folders</h4>
-<p>Instructs rclone to work on shared folders.</p>
-<p>When this flag is used with no path only the List operation is supported and all available shared folders will be listed. If you specify a path the first part will be interpreted as the name of shared folder. Rclone will then try to mount this shared to the root namespace. On success shared folder rclone proceeds normally. The shared folder is now pretty much a normal folder and all normal operations are supported.</p>
-<p>Note that we don't unmount the shared folder afterwards so the --dropbox-shared-folders can be omitted after the first use of a particular shared folder.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: shared_folders</li>
-<li>Env Var: RCLONE_DROPBOX_SHARED_FOLDERS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="dropbox-batch-mode">--dropbox-batch-mode</h4>
-<p>Upload file batching sync|async|off.</p>
-<p>This sets the batch mode used by rclone.</p>
-<p>For full info see <a href="https://rclone.org/dropbox/#batch-mode">the main docs</a></p>
-<p>This has 3 possible values</p>
-<ul>
-<li>off - no batching</li>
-<li>sync - batch uploads and check completion (default)</li>
-<li>async - batch upload and don't check completion</li>
-</ul>
-<p>Rclone will close any outstanding batches when it exits which may make a delay on quit.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: batch_mode</li>
-<li>Env Var: RCLONE_DROPBOX_BATCH_MODE</li>
-<li>Type: string</li>
-<li>Default: "sync"</li>
-</ul>
-<h4 id="dropbox-batch-size">--dropbox-batch-size</h4>
-<p>Max number of files in upload batch.</p>
-<p>This sets the batch size of files to upload. It has to be less than 1000.</p>
-<p>By default this is 0 which means rclone which calculate the batch size depending on the setting of batch_mode.</p>
-<ul>
-<li>batch_mode: async - default batch_size is 100</li>
-<li>batch_mode: sync - default batch_size is the same as --transfers</li>
-<li>batch_mode: off - not in use</li>
-</ul>
-<p>Rclone will close any outstanding batches when it exits which may make a delay on quit.</p>
-<p>Setting this is a great idea if you are uploading lots of small files as it will make them a lot quicker. You can use --transfers 32 to maximise throughput.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: batch_size</li>
-<li>Env Var: RCLONE_DROPBOX_BATCH_SIZE</li>
-<li>Type: int</li>
-<li>Default: 0</li>
-</ul>
-<h4 id="dropbox-batch-timeout">--dropbox-batch-timeout</h4>
-<p>Max time to allow an idle upload batch before uploading.</p>
-<p>If an upload batch is idle for more than this long then it will be uploaded.</p>
-<p>The default for this is 0 which means rclone will choose a sensible default based on the batch_mode in use.</p>
-<ul>
-<li>batch_mode: async - default batch_timeout is 500ms</li>
-<li>batch_mode: sync - default batch_timeout is 10s</li>
-<li>batch_mode: off - not in use</li>
-</ul>
-<p>Properties:</p>
-<ul>
-<li>Config: batch_timeout</li>
-<li>Env Var: RCLONE_DROPBOX_BATCH_TIMEOUT</li>
-<li>Type: Duration</li>
-<li>Default: 0s</li>
-</ul>
-<h4 id="dropbox-batch-commit-timeout">--dropbox-batch-commit-timeout</h4>
-<p>Max time to wait for a batch to finish committing</p>
-<p>Properties:</p>
-<ul>
-<li>Config: batch_commit_timeout</li>
-<li>Env Var: RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT</li>
-<li>Type: Duration</li>
-<li>Default: 10m0s</li>
-</ul>
-<h4 id="dropbox-encoding">--dropbox-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_DROPBOX_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-9">Limitations</h2>
-<p>Note that Dropbox is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<p>There are some file names such as <code>thumbs.db</code> which Dropbox can't store. There is a full list of them in the <a href="https://www.dropbox.com/en/help/145">"Ignored Files" section of this document</a>. Rclone will issue an error message <code>File name disallowed - not uploading</code> if it attempts to upload one of those file names, but the sync won't fail.</p>
-<p>Some errors may occur if you try to sync copyright-protected files because Dropbox has its own <a href="https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/">copyright detector</a> that prevents this sort of file being downloaded. This will return the error <code>ERROR : /path/to/your/file: Failed to copy: failed to open source object: path/restricted_content/.</code></p>
-<p>If you have more than 10,000 files in a directory then <code>rclone purge dropbox:dir</code> will return the error <code>Failed to purge: There are too many files involved in this operation</code>. As a work-around do an <code>rclone delete dropbox:dir</code> followed by an <code>rclone rmdir dropbox:dir</code>.</p>
-<p>When using <code>rclone link</code> you'll need to set <code>--expire</code> if using a non-personal account otherwise the visibility may not be correct. (Note that <code>--expire</code> isn't supported on personal accounts). See the <a href="https://forum.rclone.org/t/rclone-link-dropbox-permissions/23211">forum discussion</a> and the <a href="https://github.com/dropbox/dropbox-sdk-go-unofficial/issues/75">dropbox SDK issue</a>.</p>
-<h2 id="get-your-own-dropbox-app-id">Get your own Dropbox App ID</h2>
-<p>When you use rclone with Dropbox in its default configuration you are using rclone's App ID. This is shared between all the rclone users.</p>
-<p>Here is how to create your own Dropbox App ID for rclone:</p>
-<ol type="1">
-<li><p>Log into the <a href="https://www.dropbox.com/developers/apps/create">Dropbox App console</a> with your Dropbox Account (It need not to be the same account as the Dropbox you want to access)</p></li>
-<li><p>Choose an API =&gt; Usually this should be <code>Dropbox API</code></p></li>
-<li><p>Choose the type of access you want to use =&gt; <code>Full Dropbox</code> or <code>App Folder</code></p></li>
-<li><p>Name your App. The app name is global, so you can't use <code>rclone</code> for example</p></li>
-<li><p>Click the button <code>Create App</code></p></li>
-<li><p>Switch to the <code>Permissions</code> tab. Enable at least the following permissions: <code>account_info.read</code>, <code>files.metadata.write</code>, <code>files.content.write</code>, <code>files.content.read</code>, <code>sharing.write</code>. The <code>files.metadata.read</code> and <code>sharing.read</code> checkboxes will be marked too. Click <code>Submit</code></p></li>
-<li><p>Switch to the <code>Settings</code> tab. Fill <code>OAuth2 - Redirect URIs</code> as <code>http://localhost:53682/</code></p></li>
-<li><p>Find the <code>App key</code> and <code>App secret</code> values on the <code>Settings</code> tab. Use these values in rclone config to add a new remote or edit an existing remote. The <code>App key</code> setting corresponds to <code>client_id</code> in rclone config, the <code>App secret</code> corresponds to <code>client_secret</code></p></li>
-</ol>
-<h1 id="enterprise-file-fabric">Enterprise File Fabric</h1>
-<p>This backend supports <a href="https://storagemadeeasy.com/about/">Storage Made Easy's Enterprise File Fabric™</a> which provides a software solution to integrate and unify File and Object Storage accessible through a global file system.</p>
-<h2 id="configuration-13">Configuration</h2>
-<p>The initial setup for the Enterprise File Fabric backend involves getting a token from the Enterprise File Fabric which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Enterprise File Fabric
-   \ &quot;filefabric&quot;
-[snip]
-Storage&gt; filefabric
-** See help for filefabric backend at: https://rclone.org/filefabric/ **
-
-URL of the Enterprise File Fabric to connect to
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Storage Made Easy US
-   \ &quot;https://storagemadeeasy.com&quot;
- 2 / Storage Made Easy EU
-   \ &quot;https://eu.storagemadeeasy.com&quot;
- 3 / Connect to your Enterprise File Fabric
-   \ &quot;https://yourfabric.smestorage.com&quot;
-url&gt; https://yourfabric.smestorage.com/
-ID of the root folder
-Leave blank normally.
-
-Fill in to make rclone start with directory of a given ID.
-
-Enter a string value. Press Enter for the default (&quot;&quot;).
-root_folder_id&gt; 
-Permanent Authentication Token
-
-A Permanent Authentication Token can be created in the Enterprise File
-Fabric, on the users Dashboard under Security, there is an entry
-you&#39;ll see called &quot;My Authentication Tokens&quot;. Click the Manage button
-to create one.
-
-These tokens are normally valid for several years.
-
-For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
-
-Enter a string value. Press Enter for the default (&quot;&quot;).
-permanent_token&gt; xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
---------------------
-[remote]
-type = filefabric
-url = https://yourfabric.smestorage.com/
-permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your Enterprise File Fabric</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your Enterprise File Fabric</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an Enterprise File Fabric directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-hashes-5">Modified time and hashes</h3>
-<p>The Enterprise File Fabric allows modification times to be set on files accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
-<p>The Enterprise File Fabric does not support any data hashes at this time.</p>
-<h3 id="restricted-filename-characters-7">Restricted filename characters</h3>
-<p>The <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> will be replaced.</p>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="empty-files">Empty files</h3>
-<p>Empty files aren't supported by the Enterprise File Fabric. Rclone will therefore upload an empty file as a single space with a mime type of <code>application/vnd.rclone.empty.file</code> and files with that mime type are treated as empty.</p>
-<h3 id="root-folder-id-1">Root folder ID</h3>
-<p>You can set the <code>root_folder_id</code> for rclone. This is the directory (identified by its <code>Folder ID</code>) that rclone considers to be the root of your Enterprise File Fabric.</p>
-<p>Normally you will leave this blank and rclone will determine the correct root to use itself.</p>
-<p>However you can set this to restrict rclone to a specific folder hierarchy.</p>
-<p>In order to do this you will have to find the <code>Folder ID</code> of the directory you wish rclone to display. These aren't displayed in the web interface, but you can use <code>rclone lsf</code> to find them, for example</p>
-<pre><code>$ rclone lsf --dirs-only -Fip --csv filefabric:
-120673758,Burnt PDFs/
-120673759,My Quick Uploads/
-120673755,My Syncs/
-120673756,My backups/
-120673757,My contacts/
-120673761,S3 Storage/</code></pre>
-<p>The ID for "S3 Storage" would be <code>120673761</code>.</p>
-<h3 id="standard-options-13">Standard options</h3>
-<p>Here are the Standard options specific to filefabric (Enterprise File Fabric).</p>
-<h4 id="filefabric-url">--filefabric-url</h4>
-<p>URL of the Enterprise File Fabric to connect to.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: url</li>
-<li>Env Var: RCLONE_FILEFABRIC_URL</li>
-<li>Type: string</li>
-<li>Required: true</li>
-<li>Examples:
-<ul>
-<li>"https://storagemadeeasy.com"
-<ul>
-<li>Storage Made Easy US</li>
-</ul></li>
-<li>"https://eu.storagemadeeasy.com"
-<ul>
-<li>Storage Made Easy EU</li>
-</ul></li>
-<li>"https://yourfabric.smestorage.com"
-<ul>
-<li>Connect to your Enterprise File Fabric</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="filefabric-root-folder-id">--filefabric-root-folder-id</h4>
-<p>ID of the root folder.</p>
-<p>Leave blank normally.</p>
-<p>Fill in to make rclone start with directory of a given ID.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: root_folder_id</li>
-<li>Env Var: RCLONE_FILEFABRIC_ROOT_FOLDER_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="filefabric-permanent-token">--filefabric-permanent-token</h4>
-<p>Permanent Authentication Token.</p>
-<p>A Permanent Authentication Token can be created in the Enterprise File Fabric, on the users Dashboard under Security, there is an entry you'll see called "My Authentication Tokens". Click the Manage button to create one.</p>
-<p>These tokens are normally valid for several years.</p>
-<p>For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens</p>
-<p>Properties:</p>
-<ul>
-<li>Config: permanent_token</li>
-<li>Env Var: RCLONE_FILEFABRIC_PERMANENT_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-11">Advanced options</h3>
-<p>Here are the Advanced options specific to filefabric (Enterprise File Fabric).</p>
-<h4 id="filefabric-token">--filefabric-token</h4>
-<p>Session Token.</p>
-<p>This is a session token which rclone caches in the config file. It is usually valid for 1 hour.</p>
-<p>Don't set this value - rclone will set it automatically.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_FILEFABRIC_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="filefabric-token-expiry">--filefabric-token-expiry</h4>
-<p>Token expiry time.</p>
-<p>Don't set this value - rclone will set it automatically.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_expiry</li>
-<li>Env Var: RCLONE_FILEFABRIC_TOKEN_EXPIRY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="filefabric-version">--filefabric-version</h4>
-<p>Version read from the file fabric.</p>
-<p>Don't set this value - rclone will set it automatically.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: version</li>
-<li>Env Var: RCLONE_FILEFABRIC_VERSION</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="filefabric-encoding">--filefabric-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_FILEFABRIC_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h1 id="ftp">FTP</h1>
-<p>FTP is the File Transfer Protocol. Rclone FTP support is provided using the <a href="https://godoc.org/github.com/jlaffaye/ftp">github.com/jlaffaye/ftp</a> package.</p>
-<p><a href="#limitations">Limitations of Rclone's FTP backend</a></p>
-<p>Paths are specified as <code>remote:path</code>. If the path does not begin with a <code>/</code> it is relative to the home directory of the user. An empty path <code>remote:</code> refers to the user's home directory.</p>
-<h2 id="configuration-14">Configuration</h2>
-<p>To create an FTP configuration named <code>remote</code>, run</p>
-<pre><code>rclone config</code></pre>
-<p>Rclone config guides you through an interactive setup process. A minimal rclone FTP remote definition only requires host, username and password. For an anonymous FTP server, see <a href="#anonymous-ftp">below</a>.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / FTP
-   \ &quot;ftp&quot;
-[snip]
-Storage&gt; ftp
-** See help for ftp backend at: https://rclone.org/ftp/ **
-
-FTP host to connect to
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Connect to ftp.example.com
-   \ &quot;ftp.example.com&quot;
-host&gt; ftp.example.com
-FTP username
-Enter a string value. Press Enter for the default (&quot;$USER&quot;).
-user&gt; 
-FTP port number
-Enter a signed integer. Press Enter for the default (21).
-port&gt; 
-FTP password
-y) Yes type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Use FTP over TLS (Implicit)
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-tls&gt; 
-Use FTP over TLS (Explicit)
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-explicit_tls&gt; 
-Remote config
---------------------
-[remote]
-type = ftp
-host = ftp.example.com
-pass = *** ENCRYPTED ***
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>To see all directories in the home directory of <code>remote</code></p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Make a new directory</p>
-<pre><code>rclone mkdir remote:path/to/directory</code></pre>
-<p>List the contents of a directory</p>
-<pre><code>rclone ls remote:path/to/directory</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote directory, deleting any excess files in the directory.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:directory</code></pre>
-<h3 id="anonymous-ftp">Anonymous FTP</h3>
-<p>When connecting to a FTP server that allows anonymous login, you can use the special "anonymous" username. Traditionally, this user account accepts any string as a password, although it is common to use either the password "anonymous" or "guest". Some servers require the use of a valid e-mail address as password.</p>
-<p>Using <a href="#backend-path-to-dir">on-the-fly</a> or <a href="https://rclone.org/docs/#connection-strings">connection string</a> remotes makes it easy to access such servers, without requiring any configuration in advance. The following are examples of that:</p>
-<pre><code>rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
-rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):</code></pre>
-<p>The above examples work in Linux shells and in PowerShell, but not Windows Command Prompt. They execute the <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a> command to create a password string in the format required by the <a href="#ftp-pass">pass</a> option. The following examples are exactly the same, except use an already obscured string representation of the same password "dummy", and therefore works even in Windows Command Prompt:</p>
-<pre><code>rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
-rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:</code></pre>
-<h3 id="implicit-tls">Implicit TLS</h3>
-<p>Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to be enabled in the FTP backend config for the remote, or with <a href="#ftp-tls"><code>--ftp-tls</code></a>. The default FTPS port is <code>990</code>, not <code>21</code> and can be set with <a href="#ftp-port"><code>--ftp-port</code></a>.</p>
-<h3 id="restricted-filename-characters-8">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<p>File names cannot end with the following characters. Replacement is limited to the last character in a file name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
-</tr>
-</tbody>
-</table>
-<p>Not all FTP servers can have all characters in file names, for example:</p>
-<table>
-<thead>
-<tr class="header">
-<th>FTP Server</th>
-<th style="text-align: center;">Forbidden characters</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>proftpd</td>
-<td style="text-align: center;"><code>*</code></td>
-</tr>
-<tr class="even">
-<td>pureftpd</td>
-<td style="text-align: center;"><code>\ [ ]</code></td>
-</tr>
-</tbody>
-</table>
-<p>This backend's interactive configuration wizard provides a selection of sensible encoding settings for major FTP servers: ProFTPd, PureFTPd, VsFTPd. Just hit a selection number when prompted.</p>
-<h3 id="standard-options-14">Standard options</h3>
-<p>Here are the Standard options specific to ftp (FTP).</p>
-<h4 id="ftp-host">--ftp-host</h4>
-<p>FTP host to connect to.</p>
-<p>E.g. "ftp.example.com".</p>
-<p>Properties:</p>
-<ul>
-<li>Config: host</li>
-<li>Env Var: RCLONE_FTP_HOST</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="ftp-user">--ftp-user</h4>
-<p>FTP username.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user</li>
-<li>Env Var: RCLONE_FTP_USER</li>
-<li>Type: string</li>
-<li>Default: "$USER"</li>
-</ul>
-<h4 id="ftp-port">--ftp-port</h4>
-<p>FTP port number.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: port</li>
-<li>Env Var: RCLONE_FTP_PORT</li>
-<li>Type: int</li>
-<li>Default: 21</li>
-</ul>
-<h4 id="ftp-pass">--ftp-pass</h4>
-<p>FTP password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: pass</li>
-<li>Env Var: RCLONE_FTP_PASS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="ftp-tls">--ftp-tls</h4>
-<p>Use Implicit FTPS (FTP over TLS).</p>
-<p>When using implicit FTP over TLS the client connects using TLS right from the start which breaks compatibility with non-TLS-aware servers. This is usually served over port 990 rather than port 21. Cannot be used in combination with explicit FTPS.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tls</li>
-<li>Env Var: RCLONE_FTP_TLS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-explicit-tls">--ftp-explicit-tls</h4>
-<p>Use Explicit FTPS (FTP over TLS).</p>
-<p>When using explicit FTP over TLS the client explicitly requests security from the server in order to upgrade a plain text connection to an encrypted one. Cannot be used in combination with implicit FTPS.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: explicit_tls</li>
-<li>Env Var: RCLONE_FTP_EXPLICIT_TLS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h3 id="advanced-options-12">Advanced options</h3>
-<p>Here are the Advanced options specific to ftp (FTP).</p>
-<h4 id="ftp-concurrency">--ftp-concurrency</h4>
-<p>Maximum number of FTP simultaneous connections, 0 for unlimited.</p>
-<p>Note that setting this is very likely to cause deadlocks so it should be used with care.</p>
-<p>If you are doing a sync or copy then make sure concurrency is one more than the sum of <code>--transfers</code> and <code>--checkers</code>.</p>
-<p>If you use <code>--check-first</code> then it just needs to be one more than the maximum of <code>--checkers</code> and <code>--transfers</code>.</p>
-<p>So for <code>concurrency 3</code> you'd use <code>--checkers 2 --transfers 2 --check-first</code> or <code>--checkers 1 --transfers 1</code>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: concurrency</li>
-<li>Env Var: RCLONE_FTP_CONCURRENCY</li>
-<li>Type: int</li>
-<li>Default: 0</li>
-</ul>
-<h4 id="ftp-no-check-certificate">--ftp-no-check-certificate</h4>
-<p>Do not verify the TLS certificate of the server.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_check_certificate</li>
-<li>Env Var: RCLONE_FTP_NO_CHECK_CERTIFICATE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-disable-epsv">--ftp-disable-epsv</h4>
-<p>Disable using EPSV even if server advertises support.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_epsv</li>
-<li>Env Var: RCLONE_FTP_DISABLE_EPSV</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-disable-mlsd">--ftp-disable-mlsd</h4>
-<p>Disable using MLSD even if server advertises support.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_mlsd</li>
-<li>Env Var: RCLONE_FTP_DISABLE_MLSD</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-disable-utf8">--ftp-disable-utf8</h4>
-<p>Disable using UTF-8 even if server advertises support.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_utf8</li>
-<li>Env Var: RCLONE_FTP_DISABLE_UTF8</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-writing-mdtm">--ftp-writing-mdtm</h4>
-<p>Use MDTM to set modification time (VsFtpd quirk)</p>
-<p>Properties:</p>
-<ul>
-<li>Config: writing_mdtm</li>
-<li>Env Var: RCLONE_FTP_WRITING_MDTM</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-force-list-hidden">--ftp-force-list-hidden</h4>
-<p>Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: force_list_hidden</li>
-<li>Env Var: RCLONE_FTP_FORCE_LIST_HIDDEN</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-idle-timeout">--ftp-idle-timeout</h4>
-<p>Max time before closing idle connections.</p>
-<p>If no connections have been returned to the connection pool in the time given, rclone will empty the connection pool.</p>
-<p>Set to 0 to keep connections indefinitely.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: idle_timeout</li>
-<li>Env Var: RCLONE_FTP_IDLE_TIMEOUT</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="ftp-close-timeout">--ftp-close-timeout</h4>
-<p>Maximum time to wait for a response to close.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: close_timeout</li>
-<li>Env Var: RCLONE_FTP_CLOSE_TIMEOUT</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="ftp-tls-cache-size">--ftp-tls-cache-size</h4>
-<p>Size of TLS session cache for all control and data connections.</p>
-<p>TLS cache allows to resume TLS sessions and reuse PSK between connections. Increase if default size is not enough resulting in TLS resumption errors. Enabled by default. Use 0 to disable.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tls_cache_size</li>
-<li>Env Var: RCLONE_FTP_TLS_CACHE_SIZE</li>
-<li>Type: int</li>
-<li>Default: 32</li>
-</ul>
-<h4 id="ftp-disable-tls13">--ftp-disable-tls13</h4>
-<p>Disable TLS 1.3 (workaround for FTP servers with buggy TLS)</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_tls13</li>
-<li>Env Var: RCLONE_FTP_DISABLE_TLS13</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-shut-timeout">--ftp-shut-timeout</h4>
-<p>Maximum time to wait for data connection closing status.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: shut_timeout</li>
-<li>Env Var: RCLONE_FTP_SHUT_TIMEOUT</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="ftp-ask-password">--ftp-ask-password</h4>
-<p>Allow asking for FTP password when needed.</p>
-<p>If this is set and no password is supplied then rclone will ask for a password</p>
-<p>Properties:</p>
-<ul>
-<li>Config: ask_password</li>
-<li>Env Var: RCLONE_FTP_ASK_PASSWORD</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="ftp-encoding">--ftp-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_FTP_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,Del,Ctl,RightSpace,Dot</li>
-<li>Examples:
-<ul>
-<li>"Asterisk,Ctl,Dot,Slash"
-<ul>
-<li>ProFTPd can't handle '*' in file names</li>
-</ul></li>
-<li>"BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket"
-<ul>
-<li>PureFTPd can't handle '[]' or '*' in file names</li>
-</ul></li>
-<li>"Ctl,LeftPeriod,Slash"
-<ul>
-<li>VsFTPd can't handle file names starting with dot</li>
-</ul></li>
-</ul></li>
-</ul>
-<h2 id="limitations-10">Limitations</h2>
-<p>FTP servers acting as rclone remotes must support <code>passive</code> mode. The mode cannot be configured as <code>passive</code> is the only supported one. Rclone's FTP implementation is not compatible with <code>active</code> mode as <a href="https://github.com/jlaffaye/ftp/issues/29">the library it uses doesn't support it</a>. This will likely never be supported due to security concerns.</p>
-<p>Rclone's FTP backend does not support any checksums but can compare file sizes.</p>
-<p><code>rclone about</code> is not supported by the FTP backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<p>The implementation of : <code>--dump headers</code>, <code>--dump bodies</code>, <code>--dump auth</code> for debugging isn't the same as for rclone HTTP based backends - it has less fine grained control.</p>
-<p><code>--timeout</code> isn't supported (but <code>--contimeout</code> is).</p>
-<p><code>--bind</code> isn't supported.</p>
-<p>Rclone's FTP backend could support server-side move but does not at present.</p>
-<p>The <code>ftp_proxy</code> environment variable is not currently supported.</p>
-<h4 id="modified-time-3">Modified time</h4>
-<p>File modification time (timestamps) is supported to 1 second resolution for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP server. The <code>VsFTPd</code> server has non-standard implementation of time related protocol commands and needs a special configuration setting: <code>writing_mdtm = true</code>.</p>
-<p>Support for precise file time with other FTP servers varies depending on what protocol extensions they advertise. If all the <code>MLSD</code>, <code>MDTM</code> and <code>MFTM</code> extensions are present, rclone will use them together to provide precise time. Otherwise the times you see on the FTP server through rclone are those of the last file upload.</p>
-<p>You can use the following command to check whether rclone can use precise time with your FTP server: <code>rclone backend features your_ftp_remote:</code> (the trailing colon is important). Look for the number in the line tagged by <code>Precision</code> designating the remote time precision expressed as nanoseconds. A value of <code>1000000000</code> means that file time precision of 1 second is available. A value of <code>3153600000000000000</code> (or another large number) means "unsupported".</p>
-<h1 id="google-cloud-storage">Google Cloud Storage</h1>
-<p>Paths are specified as <code>remote:bucket</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:bucket/path/to/dir</code>.</p>
-<h2 id="configuration-15">Configuration</h2>
-<p>The initial setup for google cloud storage involves getting a token from Google Cloud Storage which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Cloud Storage (this is not Google Drive)
-   \ &quot;google cloud storage&quot;
-[snip]
-Storage&gt; google cloud storage
-Google Application Client Id - leave blank normally.
-client_id&gt;
-Google Application Client Secret - leave blank normally.
-client_secret&gt;
-Project number optional - needed only for list/create/delete buckets - see your developer console.
-project_number&gt; 12345678
-Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-service_account_file&gt;
-Access Control List for new objects.
-Choose a number from below, or type in your own value
- 1 / Object owner gets OWNER access, and all Authenticated Users get READER access.
-   \ &quot;authenticatedRead&quot;
- 2 / Object owner gets OWNER access, and project team owners get OWNER access.
-   \ &quot;bucketOwnerFullControl&quot;
- 3 / Object owner gets OWNER access, and project team owners get READER access.
-   \ &quot;bucketOwnerRead&quot;
- 4 / Object owner gets OWNER access [default if left blank].
-   \ &quot;private&quot;
- 5 / Object owner gets OWNER access, and project team members get access according to their roles.
-   \ &quot;projectPrivate&quot;
- 6 / Object owner gets OWNER access, and all Users get READER access.
-   \ &quot;publicRead&quot;
-object_acl&gt; 4
-Access Control List for new buckets.
-Choose a number from below, or type in your own value
- 1 / Project team owners get OWNER access, and all Authenticated Users get READER access.
-   \ &quot;authenticatedRead&quot;
- 2 / Project team owners get OWNER access [default if left blank].
-   \ &quot;private&quot;
- 3 / Project team members get access according to their roles.
-   \ &quot;projectPrivate&quot;
- 4 / Project team owners get OWNER access, and all Users get READER access.
-   \ &quot;publicRead&quot;
- 5 / Project team owners get OWNER access, and all Users get WRITER access.
-   \ &quot;publicReadWrite&quot;
-bucket_acl&gt; 2
-Location for the newly created buckets.
-Choose a number from below, or type in your own value
- 1 / Empty for default location (US).
-   \ &quot;&quot;
- 2 / Multi-regional location for Asia.
-   \ &quot;asia&quot;
- 3 / Multi-regional location for Europe.
-   \ &quot;eu&quot;
- 4 / Multi-regional location for United States.
-   \ &quot;us&quot;
- 5 / Taiwan.
-   \ &quot;asia-east1&quot;
- 6 / Tokyo.
-   \ &quot;asia-northeast1&quot;
- 7 / Singapore.
-   \ &quot;asia-southeast1&quot;
- 8 / Sydney.
-   \ &quot;australia-southeast1&quot;
- 9 / Belgium.
-   \ &quot;europe-west1&quot;
-10 / London.
-   \ &quot;europe-west2&quot;
-11 / Iowa.
-   \ &quot;us-central1&quot;
-12 / South Carolina.
-   \ &quot;us-east1&quot;
-13 / Northern Virginia.
-   \ &quot;us-east4&quot;
-14 / Oregon.
-   \ &quot;us-west1&quot;
-location&gt; 12
-The storage class to use when storing objects in Google Cloud Storage.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ &quot;&quot;
- 2 / Multi-regional storage class
-   \ &quot;MULTI_REGIONAL&quot;
- 3 / Regional storage class
-   \ &quot;REGIONAL&quot;
- 4 / Nearline storage class
-   \ &quot;NEARLINE&quot;
- 5 / Coldline storage class
-   \ &quot;COLDLINE&quot;
- 6 / Durable reduced availability storage class
-   \ &quot;DURABLE_REDUCED_AVAILABILITY&quot;
-storage_class&gt; 5
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = google cloud storage
-client_id =
-client_secret =
-token = {&quot;AccessToken&quot;:&quot;xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&quot;,&quot;RefreshToken&quot;:&quot;x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx&quot;,&quot;Expiry&quot;:&quot;2014-07-17T20:49:14.929208288+01:00&quot;,&quot;Extra&quot;:null}
-project_number = 12345678
-object_acl = private
-bucket_acl = private
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Google if using web browser to automatically authenticate. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</p>
-<p>This remote is called <code>remote</code> and can now be used like this</p>
-<p>See all the buckets in your project</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Make a new bucket</p>
-<pre><code>rclone mkdir remote:bucket</code></pre>
-<p>List the contents of a bucket</p>
-<pre><code>rclone ls remote:bucket</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote bucket, deleting any excess files in the bucket.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:bucket</code></pre>
-<h3 id="service-account-support">Service Account support</h3>
-<p>You can set up rclone with Google Cloud Storage in an unattended mode, i.e. not tied to a specific end-user Google account. This is useful when you want to synchronise files onto machines that don't have actively logged-in users, for example build machines.</p>
-<p>To get credentials for Google Cloud Platform <a href="https://cloud.google.com/iam/docs/service-accounts">IAM Service Accounts</a>, please head to the <a href="https://console.cloud.google.com/permissions/serviceaccounts">Service Account</a> section of the Google Developer Console. Service Accounts behave just like normal <code>User</code> permissions in <a href="https://cloud.google.com/storage/docs/access-control">Google Cloud Storage ACLs</a>, so you can limit their access (e.g. make them read only). After creating an account, a JSON file containing the Service Account's credentials will be downloaded onto your machines. These credentials are what rclone will use for authentication.</p>
-<p>To use a Service Account instead of OAuth2 token flow, enter the path to your Service Account credentials at the <code>service_account_file</code> prompt and rclone won't use the browser based authentication flow. If you'd rather stuff the contents of the credentials file into the rclone config file, you can set <code>service_account_credentials</code> with the actual contents of the file instead, or set the equivalent environment variable.</p>
-<h3 id="anonymous-access">Anonymous Access</h3>
-<p>For downloads of objects that permit public access you can configure rclone to use anonymous access by setting <code>anonymous</code> to <code>true</code>. With unauthorized access you can't write or create files but only read or list those buckets and objects that have public read access.</p>
-<h3 id="application-default-credentials">Application Default Credentials</h3>
-<p>If no other source of credentials is provided, rclone will fall back to <a href="https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials">Application Default Credentials</a> this is useful both when you already have configured authentication for your developer account, or in production when running on a google compute host. Note that if running in docker, you may need to run additional commands on your google compute machine - <a href="https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper">see this page</a>.</p>
-<p>Note that in the case application default credentials are used, there is no need to explicitly configure a project number.</p>
-<h3 id="fast-list-2">--fast-list</h3>
-<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
-<h3 id="custom-upload-headers">Custom upload headers</h3>
-<p>You can set custom upload headers with the <code>--header-upload</code> flag. Google Cloud Storage supports the headers as described in the <a href="https://cloud.google.com/storage/docs/gsutil/addlhelp/WorkingWithObjectMetadata">working with metadata documentation</a></p>
-<ul>
-<li>Cache-Control</li>
-<li>Content-Disposition</li>
-<li>Content-Encoding</li>
-<li>Content-Language</li>
-<li>Content-Type</li>
-<li>X-Goog-Storage-Class</li>
-<li>X-Goog-Meta-</li>
-</ul>
-<p>Eg <code>--header-upload "Content-Type text/potato"</code></p>
-<p>Note that the last of these is for setting custom metadata in the form <code>--header-upload "x-goog-meta-key: value"</code></p>
-<h3 id="modification-time-1">Modification time</h3>
-<p>Google Cloud Storage stores md5sum natively. Google's <a href="https://cloud.google.com/storage/docs/gsutil">gsutil</a> tool stores modification time with one-second precision as <code>goog-reserved-file-mtime</code> in file metadata.</p>
-<p>To ensure compatibility with gsutil, rclone stores modification time in 2 separate metadata entries. <code>mtime</code> uses RFC3339 format with one-nanosecond precision. <code>goog-reserved-file-mtime</code> uses Unix timestamp format with one-second precision. To get modification time from object metadata, rclone reads the metadata in the following order: <code>mtime</code>, <code>goog-reserved-file-mtime</code>, object updated time.</p>
-<p>Note that rclone's default modify window is 1ns. Files uploaded by gsutil only contain timestamps with one-second precision. If you use rclone to sync files previously uploaded by gsutil, rclone will attempt to update modification time for all these files. To avoid these possibly unnecessary updates, use <code>--modify-window 1s</code>.</p>
-<h3 id="restricted-filename-characters-9">Restricted filename characters</h3>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>NUL</td>
-<td style="text-align: center;">0x00</td>
-<td style="text-align: center;">␀</td>
-</tr>
-<tr class="even">
-<td>LF</td>
-<td style="text-align: center;">0x0A</td>
-<td style="text-align: center;">␊</td>
-</tr>
-<tr class="odd">
-<td>CR</td>
-<td style="text-align: center;">0x0D</td>
-<td style="text-align: center;">␍</td>
-</tr>
-<tr class="even">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-15">Standard options</h3>
-<p>Here are the Standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).</p>
-<h4 id="gcs-client-id">--gcs-client-id</h4>
-<p>OAuth Client Id.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_GCS_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-client-secret">--gcs-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_GCS_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-project-number">--gcs-project-number</h4>
-<p>Project number.</p>
-<p>Optional - needed only for list/create/delete buckets - see your developer console.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: project_number</li>
-<li>Env Var: RCLONE_GCS_PROJECT_NUMBER</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-service-account-file">--gcs-service-account-file</h4>
-<p>Service Account Credentials JSON file path.</p>
-<p>Leave blank normally. Needed only if you want use SA instead of interactive login.</p>
-<p>Leading <code>~</code> will be expanded in the file name as will environment variables such as <code>${RCLONE_CONFIG_DIR}</code>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: service_account_file</li>
-<li>Env Var: RCLONE_GCS_SERVICE_ACCOUNT_FILE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-service-account-credentials">--gcs-service-account-credentials</h4>
-<p>Service Account Credentials JSON blob.</p>
-<p>Leave blank normally. Needed only if you want use SA instead of interactive login.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: service_account_credentials</li>
-<li>Env Var: RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-anonymous">--gcs-anonymous</h4>
-<p>Access public buckets and objects without credentials.</p>
-<p>Set to 'true' if you just want to download files and don't configure credentials.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: anonymous</li>
-<li>Env Var: RCLONE_GCS_ANONYMOUS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="gcs-object-acl">--gcs-object-acl</h4>
-<p>Access Control List for new objects.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: object_acl</li>
-<li>Env Var: RCLONE_GCS_OBJECT_ACL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"authenticatedRead"
-<ul>
-<li>Object owner gets OWNER access.</li>
-<li>All Authenticated Users get READER access.</li>
-</ul></li>
-<li>"bucketOwnerFullControl"
-<ul>
-<li>Object owner gets OWNER access.</li>
-<li>Project team owners get OWNER access.</li>
-</ul></li>
-<li>"bucketOwnerRead"
-<ul>
-<li>Object owner gets OWNER access.</li>
-<li>Project team owners get READER access.</li>
-</ul></li>
-<li>"private"
-<ul>
-<li>Object owner gets OWNER access.</li>
-<li>Default if left blank.</li>
-</ul></li>
-<li>"projectPrivate"
-<ul>
-<li>Object owner gets OWNER access.</li>
-<li>Project team members get access according to their roles.</li>
-</ul></li>
-<li>"publicRead"
-<ul>
-<li>Object owner gets OWNER access.</li>
-<li>All Users get READER access.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="gcs-bucket-acl">--gcs-bucket-acl</h4>
-<p>Access Control List for new buckets.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: bucket_acl</li>
-<li>Env Var: RCLONE_GCS_BUCKET_ACL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"authenticatedRead"
-<ul>
-<li>Project team owners get OWNER access.</li>
-<li>All Authenticated Users get READER access.</li>
-</ul></li>
-<li>"private"
-<ul>
-<li>Project team owners get OWNER access.</li>
-<li>Default if left blank.</li>
-</ul></li>
-<li>"projectPrivate"
-<ul>
-<li>Project team members get access according to their roles.</li>
-</ul></li>
-<li>"publicRead"
-<ul>
-<li>Project team owners get OWNER access.</li>
-<li>All Users get READER access.</li>
-</ul></li>
-<li>"publicReadWrite"
-<ul>
-<li>Project team owners get OWNER access.</li>
-<li>All Users get WRITER access.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="gcs-bucket-policy-only">--gcs-bucket-policy-only</h4>
-<p>Access checks should use bucket-level IAM policies.</p>
-<p>If you want to upload objects to a bucket with Bucket Policy Only set then you will need to set this.</p>
-<p>When it is set, rclone:</p>
-<ul>
-<li>ignores ACLs set on buckets</li>
-<li>ignores ACLs set on objects</li>
-<li>creates buckets with Bucket Policy Only set</li>
-</ul>
-<p>Docs: https://cloud.google.com/storage/docs/bucket-policy-only</p>
-<p>Properties:</p>
-<ul>
-<li>Config: bucket_policy_only</li>
-<li>Env Var: RCLONE_GCS_BUCKET_POLICY_ONLY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="gcs-location">--gcs-location</h4>
-<p>Location for the newly created buckets.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: location</li>
-<li>Env Var: RCLONE_GCS_LOCATION</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Empty for default location (US)</li>
-</ul></li>
-<li>"asia"
-<ul>
-<li>Multi-regional location for Asia</li>
-</ul></li>
-<li>"eu"
-<ul>
-<li>Multi-regional location for Europe</li>
-</ul></li>
-<li>"us"
-<ul>
-<li>Multi-regional location for United States</li>
-</ul></li>
-<li>"asia-east1"
-<ul>
-<li>Taiwan</li>
-</ul></li>
-<li>"asia-east2"
-<ul>
-<li>Hong Kong</li>
-</ul></li>
-<li>"asia-northeast1"
-<ul>
-<li>Tokyo</li>
-</ul></li>
-<li>"asia-northeast2"
-<ul>
-<li>Osaka</li>
-</ul></li>
-<li>"asia-northeast3"
-<ul>
-<li>Seoul</li>
-</ul></li>
-<li>"asia-south1"
-<ul>
-<li>Mumbai</li>
-</ul></li>
-<li>"asia-south2"
-<ul>
-<li>Delhi</li>
-</ul></li>
-<li>"asia-southeast1"
-<ul>
-<li>Singapore</li>
-</ul></li>
-<li>"asia-southeast2"
-<ul>
-<li>Jakarta</li>
-</ul></li>
-<li>"australia-southeast1"
-<ul>
-<li>Sydney</li>
-</ul></li>
-<li>"australia-southeast2"
-<ul>
-<li>Melbourne</li>
-</ul></li>
-<li>"europe-north1"
-<ul>
-<li>Finland</li>
-</ul></li>
-<li>"europe-west1"
-<ul>
-<li>Belgium</li>
-</ul></li>
-<li>"europe-west2"
-<ul>
-<li>London</li>
-</ul></li>
-<li>"europe-west3"
-<ul>
-<li>Frankfurt</li>
-</ul></li>
-<li>"europe-west4"
-<ul>
-<li>Netherlands</li>
-</ul></li>
-<li>"europe-west6"
-<ul>
-<li>Zürich</li>
-</ul></li>
-<li>"europe-central2"
-<ul>
-<li>Warsaw</li>
-</ul></li>
-<li>"us-central1"
-<ul>
-<li>Iowa</li>
-</ul></li>
-<li>"us-east1"
-<ul>
-<li>South Carolina</li>
-</ul></li>
-<li>"us-east4"
-<ul>
-<li>Northern Virginia</li>
-</ul></li>
-<li>"us-west1"
-<ul>
-<li>Oregon</li>
-</ul></li>
-<li>"us-west2"
-<ul>
-<li>California</li>
-</ul></li>
-<li>"us-west3"
-<ul>
-<li>Salt Lake City</li>
-</ul></li>
-<li>"us-west4"
-<ul>
-<li>Las Vegas</li>
-</ul></li>
-<li>"northamerica-northeast1"
-<ul>
-<li>Montréal</li>
-</ul></li>
-<li>"northamerica-northeast2"
-<ul>
-<li>Toronto</li>
-</ul></li>
-<li>"southamerica-east1"
-<ul>
-<li>São Paulo</li>
-</ul></li>
-<li>"southamerica-west1"
-<ul>
-<li>Santiago</li>
-</ul></li>
-<li>"asia1"
-<ul>
-<li>Dual region: asia-northeast1 and asia-northeast2.</li>
-</ul></li>
-<li>"eur4"
-<ul>
-<li>Dual region: europe-north1 and europe-west4.</li>
-</ul></li>
-<li>"nam4"
-<ul>
-<li>Dual region: us-central1 and us-east1.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="gcs-storage-class">--gcs-storage-class</h4>
-<p>The storage class to use when storing objects in Google Cloud Storage.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_class</li>
-<li>Env Var: RCLONE_GCS_STORAGE_CLASS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Default</li>
-</ul></li>
-<li>"MULTI_REGIONAL"
-<ul>
-<li>Multi-regional storage class</li>
-</ul></li>
-<li>"REGIONAL"
-<ul>
-<li>Regional storage class</li>
-</ul></li>
-<li>"NEARLINE"
-<ul>
-<li>Nearline storage class</li>
-</ul></li>
-<li>"COLDLINE"
-<ul>
-<li>Coldline storage class</li>
-</ul></li>
-<li>"ARCHIVE"
-<ul>
-<li>Archive storage class</li>
-</ul></li>
-<li>"DURABLE_REDUCED_AVAILABILITY"
-<ul>
-<li>Durable reduced availability storage class</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="gcs-env-auth">--gcs-env-auth</h4>
-<p>Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars).</p>
-<p>Only applies if service_account_file and service_account_credentials is blank.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: env_auth</li>
-<li>Env Var: RCLONE_GCS_ENV_AUTH</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-<li>Examples:
-<ul>
-<li>"false"
-<ul>
-<li>Enter credentials in the next step.</li>
-</ul></li>
-<li>"true"
-<ul>
-<li>Get GCP IAM credentials from the environment (env vars or IAM).</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-13">Advanced options</h3>
-<p>Here are the Advanced options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).</p>
-<h4 id="gcs-token">--gcs-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_GCS_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-auth-url">--gcs-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_GCS_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-token-url">--gcs-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_GCS_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-no-check-bucket">--gcs-no-check-bucket</h4>
-<p>If set, don't attempt to check the bucket exists or create it.</p>
-<p>This can be useful when trying to minimise the number of transactions rclone does if you know the bucket exists already.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_check_bucket</li>
-<li>Env Var: RCLONE_GCS_NO_CHECK_BUCKET</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="gcs-decompress">--gcs-decompress</h4>
-<p>If set this will decompress gzip encoded objects.</p>
-<p>It is possible to upload objects to GCS with "Content-Encoding: gzip" set. Normally rclone will download these files as compressed objects.</p>
-<p>If this flag is set then rclone will decompress these files with "Content-Encoding: gzip" as they are received. This means that rclone can't check the size and hash but the file contents will be decompressed.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: decompress</li>
-<li>Env Var: RCLONE_GCS_DECOMPRESS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="gcs-endpoint">--gcs-endpoint</h4>
-<p>Endpoint for the service.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_GCS_ENDPOINT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gcs-encoding">--gcs-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_GCS_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,CrLf,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-11">Limitations</h2>
-<p><code>rclone about</code> is not supported by the Google Cloud Storage backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="google-drive">Google Drive</h1>
-<p>Paths are specified as <code>drive:path</code></p>
-<p>Drive paths may be as deep as required, e.g. <code>drive:directory/subdirectory</code>.</p>
-<h2 id="configuration-16">Configuration</h2>
-<p>The initial setup for drive involves getting a token from Google drive which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Drive
-   \ &quot;drive&quot;
-[snip]
-Storage&gt; drive
-Google Application Client Id - leave blank normally.
-client_id&gt;
-Google Application Client Secret - leave blank normally.
-client_secret&gt;
-Scope that rclone should use when requesting access from drive.
-Choose a number from below, or type in your own value
- 1 / Full access all files, excluding Application Data Folder.
-   \ &quot;drive&quot;
- 2 / Read-only access to file metadata and file contents.
-   \ &quot;drive.readonly&quot;
-   / Access to files created by rclone only.
- 3 | These are visible in the drive website.
-   | File authorization is revoked when the user deauthorizes the app.
-   \ &quot;drive.file&quot;
-   / Allows read and write access to the Application Data folder.
- 4 | This is not visible in the drive website.
-   \ &quot;drive.appfolder&quot;
-   / Allows read-only access to file metadata but
- 5 | does not allow any access to read or download file content.
-   \ &quot;drive.metadata.readonly&quot;
-scope&gt; 1
-Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-service_account_file&gt;
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-Configure this as a Shared Drive (Team Drive)?
-y) Yes
-n) No
-y/n&gt; n
---------------------
-[remote]
-client_id = 
-client_secret = 
-scope = drive
-root_folder_id = 
-service_account_file =
-token = {&quot;access_token&quot;:&quot;XXX&quot;,&quot;token_type&quot;:&quot;Bearer&quot;,&quot;refresh_token&quot;:&quot;XXX&quot;,&quot;expiry&quot;:&quot;2014-03-16T13:57:58.955387075Z&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Google if using web browser to automatically authenticate. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</p>
-<p>You can then use it like this,</p>
-<p>List directories in top level of your drive</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your drive</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to a drive directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="scopes">Scopes</h3>
-<p>Rclone allows you to select which scope you would like for rclone to use. This changes what type of token is granted to rclone. <a href="https://developers.google.com/drive/v3/web/about-auth">The scopes are defined here</a>.</p>
-<p>The scope are</p>
-<h4 id="drive">drive</h4>
-<p>This is the default scope and allows full access to all files, except for the Application Data Folder (see below).</p>
-<p>Choose this one if you aren't sure.</p>
-<h4 id="drive.readonly">drive.readonly</h4>
-<p>This allows read only access to all files. Files may be listed and downloaded but not uploaded, renamed or deleted.</p>
-<h4 id="drive.file">drive.file</h4>
-<p>With this scope rclone can read/view/modify only those files and folders it creates.</p>
-<p>So if you uploaded files to drive via the web interface (or any other means) they will not be visible to rclone.</p>
-<p>This can be useful if you are using rclone to backup data and you want to be sure confidential data on your drive is not visible to rclone.</p>
-<p>Files created with this scope are visible in the web interface.</p>
-<h4 id="drive.appfolder">drive.appfolder</h4>
-<p>This gives rclone its own private area to store files. Rclone will not be able to see any other files on your drive and you won't be able to see rclone's files from the web interface either.</p>
-<h4 id="drive.metadata.readonly">drive.metadata.readonly</h4>
-<p>This allows read only access to file names only. It does not allow rclone to download or upload data, or rename or delete files or directories.</p>
-<h3 id="root-folder-id-2">Root folder ID</h3>
-<p>This option has been moved to the advanced section. You can set the <code>root_folder_id</code> for rclone. This is the directory (identified by its <code>Folder ID</code>) that rclone considers to be the root of your drive.</p>
-<p>Normally you will leave this blank and rclone will determine the correct root to use itself.</p>
-<p>However you can set this to restrict rclone to a specific folder hierarchy or to access data within the "Computers" tab on the drive web interface (where files from Google's Backup and Sync desktop program go).</p>
-<p>In order to do this you will have to find the <code>Folder ID</code> of the directory you wish rclone to display. This will be the last segment of the URL when you open the relevant folder in the drive web interface.</p>
-<p>So if the folder you want rclone to use has a URL which looks like <code>https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh</code> in the browser, then you use <code>1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh</code> as the <code>root_folder_id</code> in the config.</p>
-<p><strong>NB</strong> folders under the "Computers" tab seem to be read only (drive gives a 500 error) when using rclone.</p>
-<p>There doesn't appear to be an API to discover the folder IDs of the "Computers" tab - please contact us if you know otherwise!</p>
-<p>Note also that rclone can't access any data under the "Backups" tab on the google drive web interface yet.</p>
-<h3 id="service-account-support-1">Service Account support</h3>
-<p>You can set up rclone with Google Drive in an unattended mode, i.e. not tied to a specific end-user Google account. This is useful when you want to synchronise files onto machines that don't have actively logged-in users, for example build machines.</p>
-<p>To use a Service Account instead of OAuth2 token flow, enter the path to your Service Account credentials at the <code>service_account_file</code> prompt during <code>rclone config</code> and rclone won't use the browser based authentication flow. If you'd rather stuff the contents of the credentials file into the rclone config file, you can set <code>service_account_credentials</code> with the actual contents of the file instead, or set the equivalent environment variable.</p>
-<h4 id="use-case---google-appsg-suite-account-and-individual-drive">Use case - Google Apps/G-suite account and individual Drive</h4>
-<p>Let's say that you are the administrator of a Google Apps (old) or G-suite account. The goal is to store data on an individual's Drive account, who IS a member of the domain. We'll call the domain <strong>example.com</strong>, and the user <strong>foo@example.com</strong>.</p>
-<p>There's a few steps we need to go through to accomplish this:</p>
-<h5 id="create-a-service-account-for-example.com">1. Create a service account for example.com</h5>
-<ul>
-<li>To create a service account and obtain its credentials, go to the <a href="https://console.developers.google.com">Google Developer Console</a>.</li>
-<li>You must have a project - create one if you don't.</li>
-<li>Then go to "IAM &amp; admin" -&gt; "Service Accounts".</li>
-<li>Use the "Create Credentials" button. Fill in "Service account name" with something that identifies your client. "Role" can be empty.</li>
-<li>Tick "Furnish a new private key" - select "Key type JSON".</li>
-<li>Tick "Enable G Suite Domain-wide Delegation". This option makes "impersonation" possible, as documented here: <a href="https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority">Delegating domain-wide authority to the service account</a></li>
-<li>These credentials are what rclone will use for authentication. If you ever need to remove access, press the "Delete service account key" button.</li>
-</ul>
-<h5 id="allowing-api-access-to-example.com-google-drive">2. Allowing API access to example.com Google Drive</h5>
-<ul>
-<li>Go to example.com's admin console</li>
-<li>Go into "Security" (or use the search bar)</li>
-<li>Select "Show more" and then "Advanced settings"</li>
-<li>Select "Manage API client access" in the "Authentication" section</li>
-<li>In the "Client Name" field enter the service account's "Client ID" - this can be found in the Developer Console under "IAM &amp; Admin" -&gt; "Service Accounts", then "View Client ID" for the newly created service account. It is a ~21 character numerical string.</li>
-<li>In the next field, "One or More API Scopes", enter <code>https://www.googleapis.com/auth/drive</code> to grant access to Google Drive specifically.</li>
-</ul>
-<h5 id="configure-rclone-assuming-a-new-install">3. Configure rclone, assuming a new install</h5>
-<pre><code>rclone config
-
-n/s/q&gt; n         # New
-name&gt;gdrive      # Gdrive is an example name
-Storage&gt;         # Select the number shown for Google Drive
-client_id&gt;       # Can be left blank
-client_secret&gt;   # Can be left blank
-scope&gt;           # Select your scope, 1 for example
-root_folder_id&gt;  # Can be left blank
-service_account_file&gt; /home/foo/myJSONfile.json # This is where the JSON file goes!
-y/n&gt;             # Auto config, n
-</code></pre>
-<h5 id="verify-that-its-working">4. Verify that it's working</h5>
-<ul>
-<li><code>rclone -v --drive-impersonate foo@example.com lsf gdrive:backup</code></li>
-<li>The arguments do:
-<ul>
-<li><code>-v</code> - verbose logging</li>
-<li><code>--drive-impersonate foo@example.com</code> - this is what does the magic, pretending to be user foo.</li>
-<li><code>lsf</code> - list files in a parsing friendly way</li>
-<li><code>gdrive:backup</code> - use the remote called gdrive, work in the folder named backup.</li>
-</ul></li>
-</ul>
-<p>Note: in case you configured a specific root folder on gdrive and rclone is unable to access the contents of that folder when using <code>--drive-impersonate</code>, do this instead: - in the gdrive web interface, share your root folder with the user/email of the new Service Account you created/selected at step #1 - use rclone without specifying the <code>--drive-impersonate</code> option, like this: <code>rclone -v lsf gdrive:backup</code></p>
-<h3 id="shared-drives-team-drives">Shared drives (team drives)</h3>
-<p>If you want to configure the remote to point to a Google Shared Drive (previously known as Team Drives) then answer <code>y</code> to the question <code>Configure this as a Shared Drive (Team Drive)?</code>.</p>
-<p>This will fetch the list of Shared Drives from google and allow you to configure which one you want to use. You can also type in a Shared Drive ID if you prefer.</p>
-<p>For example:</p>
-<pre><code>Configure this as a Shared Drive (Team Drive)?
-y) Yes
-n) No
-y/n&gt; y
-Fetching Shared Drive list...
-Choose a number from below, or type in your own value
- 1 / Rclone Test
-   \ &quot;xxxxxxxxxxxxxxxxxxxx&quot;
- 2 / Rclone Test 2
-   \ &quot;yyyyyyyyyyyyyyyyyyyy&quot;
- 3 / Rclone Test 3
-   \ &quot;zzzzzzzzzzzzzzzzzzzz&quot;
-Enter a Shared Drive ID&gt; 1
---------------------
-[remote]
-client_id =
-client_secret =
-token = {&quot;AccessToken&quot;:&quot;xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&quot;,&quot;RefreshToken&quot;:&quot;1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx&quot;,&quot;Expiry&quot;:&quot;2014-03-16T13:57:58.955387075Z&quot;,&quot;Extra&quot;:null}
-team_drive = xxxxxxxxxxxxxxxxxxxx
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="fast-list-3">--fast-list</h3>
-<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
-<p>It does this by combining multiple <code>list</code> calls into a single API request.</p>
-<p>This works by combining many <code>'%s' in parents</code> filters into one expression. To list the contents of directories a, b and c, the following requests will be send by the regular <code>List</code> function:</p>
-<pre><code>trashed=false and &#39;a&#39; in parents
-trashed=false and &#39;b&#39; in parents
-trashed=false and &#39;c&#39; in parents</code></pre>
-<p>These can now be combined into a single request:</p>
-<pre><code>trashed=false and (&#39;a&#39; in parents or &#39;b&#39; in parents or &#39;c&#39; in parents)</code></pre>
-<p>The implementation of <code>ListR</code> will put up to 50 <code>parents</code> filters into one request. It will use the <code>--checkers</code> value to specify the number of requests to run in parallel.</p>
-<p>In tests, these batch requests were up to 20x faster than the regular method. Running the following command against different sized folders gives:</p>
-<pre><code>rclone lsjson -vv -R --checkers=6 gdrive:folder</code></pre>
-<p>small folder (220 directories, 700 files):</p>
-<ul>
-<li>without <code>--fast-list</code>: 38s</li>
-<li>with <code>--fast-list</code>: 10s</li>
-</ul>
-<p>large folder (10600 directories, 39000 files):</p>
-<ul>
-<li>without <code>--fast-list</code>: 22:05 min</li>
-<li>with <code>--fast-list</code>: 58s</li>
-</ul>
-<h3 id="modified-time-4">Modified time</h3>
-<p>Google drive stores modification times accurate to 1 ms.</p>
-<h3 id="restricted-filename-characters-10">Restricted filename characters</h3>
-<p>Only Invalid UTF-8 bytes will be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<p>In contrast to other backends, <code>/</code> can also be used in names and <code>.</code> or <code>..</code> are valid names.</p>
-<h3 id="revisions">Revisions</h3>
-<p>Google drive stores revisions of files. When you upload a change to an existing file to google drive using rclone it will create a new revision of that file.</p>
-<p>Revisions follow the standard google policy which at time of writing was</p>
-<ul>
-<li>They are deleted after 30 days or 100 revisions (whatever comes first).</li>
-<li>They do not count towards a user storage quota.</li>
-</ul>
-<h3 id="deleting-files-2">Deleting files</h3>
-<p>By default rclone will send all files to the trash when deleting files. If deleting them permanently is required then use the <code>--drive-use-trash=false</code> flag, or set the equivalent environment variable.</p>
-<h3 id="shortcuts">Shortcuts</h3>
-<p>In March 2020 Google introduced a new feature in Google Drive called <a href="https://support.google.com/drive/answer/9700156">drive shortcuts</a> (<a href="https://developers.google.com/drive/api/v3/shortcuts">API</a>). These will (by September 2020) <a href="https://cloud.google.com/blog/products/g-suite/simplifying-google-drives-folder-structure-and-sharing-models">replace the ability for files or folders to be in multiple folders at once</a>.</p>
-<p>Shortcuts are files that link to other files on Google Drive somewhat like a symlink in unix, except they point to the underlying file data (e.g. the inode in unix terms) so they don't break if the source is renamed or moved about.</p>
-<p>Be default rclone treats these as follows.</p>
-<p>For shortcuts pointing to files:</p>
-<ul>
-<li>When listing a file shortcut appears as the destination file.</li>
-<li>When downloading the contents of the destination file is downloaded.</li>
-<li>When updating shortcut file with a non shortcut file, the shortcut is removed then a new file is uploaded in place of the shortcut.</li>
-<li>When server-side moving (renaming) the shortcut is renamed, not the destination file.</li>
-<li>When server-side copying the shortcut is copied, not the contents of the shortcut. (unless <code>--drive-copy-shortcut-content</code> is in use in which case the contents of the shortcut gets copied).</li>
-<li>When deleting the shortcut is deleted not the linked file.</li>
-<li>When setting the modification time, the modification time of the linked file will be set.</li>
-</ul>
-<p>For shortcuts pointing to folders:</p>
-<ul>
-<li>When listing the shortcut appears as a folder and that folder will contain the contents of the linked folder appear (including any sub folders)</li>
-<li>When downloading the contents of the linked folder and sub contents are downloaded</li>
-<li>When uploading to a shortcut folder the file will be placed in the linked folder</li>
-<li>When server-side moving (renaming) the shortcut is renamed, not the destination folder</li>
-<li>When server-side copying the contents of the linked folder is copied, not the shortcut.</li>
-<li>When deleting with <code>rclone rmdir</code> or <code>rclone purge</code> the shortcut is deleted not the linked folder.</li>
-<li><strong>NB</strong> When deleting with <code>rclone remove</code> or <code>rclone mount</code> the contents of the linked folder will be deleted.</li>
-</ul>
-<p>The <a href="https://rclone.org/commands/rclone_backend/">rclone backend</a> command can be used to create shortcuts.</p>
-<p>Shortcuts can be completely ignored with the <code>--drive-skip-shortcuts</code> flag or the corresponding <code>skip_shortcuts</code> configuration setting.</p>
-<h3 id="emptying-trash">Emptying trash</h3>
-<p>If you wish to empty your trash you can use the <code>rclone cleanup remote:</code> command which will permanently delete all your trashed files. This command does not take any path arguments.</p>
-<p>Note that Google Drive takes some time (minutes to days) to empty the trash even though the command returns within a few seconds. No output is echoed, so there will be no confirmation even using -v or -vv.</p>
-<h3 id="quota-information">Quota information</h3>
-<p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your usage limit (quota), the usage in Google Drive, the size of all files in the Trash and the space used by other Google services such as Gmail. This command does not take any path arguments.</p>
-<h4 id="importexport-of-google-documents">Import/Export of google documents</h4>
-<p>Google documents can be exported from and uploaded to Google Drive.</p>
-<p>When rclone downloads a Google doc it chooses a format to download depending upon the <code>--drive-export-formats</code> setting. By default the export formats are <code>docx,xlsx,pptx,svg</code> which are a sensible default for an editable document.</p>
-<p>When choosing a format, rclone runs down the list provided in order and chooses the first file format the doc can be exported as from the list. If the file can't be exported to a format on the formats list, then rclone will choose a format from the default list.</p>
-<p>If you prefer an archive copy then you might use <code>--drive-export-formats pdf</code>, or if you prefer openoffice/libreoffice formats you might use <code>--drive-export-formats ods,odt,odp</code>.</p>
-<p>Note that rclone adds the extension to the google doc, so if it is called <code>My Spreadsheet</code> on google docs, it will be exported as <code>My Spreadsheet.xlsx</code> or <code>My Spreadsheet.pdf</code> etc.</p>
-<p>When importing files into Google Drive, rclone will convert all files with an extension in <code>--drive-import-formats</code> to their associated document type. rclone will not convert any files by default, since the conversion is lossy process.</p>
-<p>The conversion must result in a file with the same extension when the <code>--drive-export-formats</code> rules are applied to the uploaded document.</p>
-<p>Here are some examples for allowed and prohibited conversions.</p>
-<table>
-<thead>
-<tr class="header">
-<th>export-formats</th>
-<th>import-formats</th>
-<th>Upload Ext</th>
-<th>Document Ext</th>
-<th>Allowed</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>odt</td>
-<td>odt</td>
-<td>odt</td>
-<td>odt</td>
-<td>Yes</td>
-</tr>
-<tr class="even">
-<td>odt</td>
-<td>docx,odt</td>
-<td>odt</td>
-<td>odt</td>
-<td>Yes</td>
-</tr>
-<tr class="odd">
-<td></td>
-<td>docx</td>
-<td>docx</td>
-<td>docx</td>
-<td>Yes</td>
-</tr>
-<tr class="even">
-<td></td>
-<td>odt</td>
-<td>odt</td>
-<td>docx</td>
-<td>No</td>
-</tr>
-<tr class="odd">
-<td>odt,docx</td>
-<td>docx,odt</td>
-<td>docx</td>
-<td>odt</td>
-<td>No</td>
-</tr>
-<tr class="even">
-<td>docx,odt</td>
-<td>docx,odt</td>
-<td>docx</td>
-<td>docx</td>
-<td>Yes</td>
-</tr>
-<tr class="odd">
-<td>docx,odt</td>
-<td>docx,odt</td>
-<td>odt</td>
-<td>docx</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
-<p>This limitation can be disabled by specifying <code>--drive-allow-import-name-change</code>. When using this flag, rclone can convert multiple files types resulting in the same document type at once, e.g. with <code>--drive-import-formats docx,odt,txt</code>, all files having these extension would result in a document represented as a docx file. This brings the additional risk of overwriting a document, if multiple files have the same stem. Many rclone operations will not handle this name change in any way. They assume an equal name when copying files and might copy the file again or delete them when the name changes.</p>
-<p>Here are the possible export extensions with their corresponding mime types. Most of these can also be used for importing, but there more that are not listed here. Some of these additional ones might only be available when the operating system provides the correct MIME type entries.</p>
-<p>This list can be changed by Google Drive at any time and might not represent the currently available conversions.</p>
-<table>
-<colgroup>
-<col style="width: 28%" />
-<col style="width: 34%" />
-<col style="width: 37%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Extension</th>
-<th>Mime Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>bmp</td>
-<td>image/bmp</td>
-<td>Windows Bitmap format</td>
-</tr>
-<tr class="even">
-<td>csv</td>
-<td>text/csv</td>
-<td>Standard CSV format for Spreadsheets</td>
-</tr>
-<tr class="odd">
-<td>doc</td>
-<td>application/msword</td>
-<td>Classic Word file</td>
-</tr>
-<tr class="even">
-<td>docx</td>
-<td>application/vnd.openxmlformats-officedocument.wordprocessingml.document</td>
-<td>Microsoft Office Document</td>
-</tr>
-<tr class="odd">
-<td>epub</td>
-<td>application/epub+zip</td>
-<td>E-book format</td>
-</tr>
-<tr class="even">
-<td>html</td>
-<td>text/html</td>
-<td>An HTML Document</td>
-</tr>
-<tr class="odd">
-<td>jpg</td>
-<td>image/jpeg</td>
-<td>A JPEG Image File</td>
-</tr>
-<tr class="even">
-<td>json</td>
-<td>application/vnd.google-apps.script+json</td>
-<td>JSON Text Format for Google Apps scripts</td>
-</tr>
-<tr class="odd">
-<td>odp</td>
-<td>application/vnd.oasis.opendocument.presentation</td>
-<td>Openoffice Presentation</td>
-</tr>
-<tr class="even">
-<td>ods</td>
-<td>application/vnd.oasis.opendocument.spreadsheet</td>
-<td>Openoffice Spreadsheet</td>
-</tr>
-<tr class="odd">
-<td>ods</td>
-<td>application/x-vnd.oasis.opendocument.spreadsheet</td>
-<td>Openoffice Spreadsheet</td>
-</tr>
-<tr class="even">
-<td>odt</td>
-<td>application/vnd.oasis.opendocument.text</td>
-<td>Openoffice Document</td>
-</tr>
-<tr class="odd">
-<td>pdf</td>
-<td>application/pdf</td>
-<td>Adobe PDF Format</td>
-</tr>
-<tr class="even">
-<td>pjpeg</td>
-<td>image/pjpeg</td>
-<td>Progressive JPEG Image</td>
-</tr>
-<tr class="odd">
-<td>png</td>
-<td>image/png</td>
-<td>PNG Image Format</td>
-</tr>
-<tr class="even">
-<td>pptx</td>
-<td>application/vnd.openxmlformats-officedocument.presentationml.presentation</td>
-<td>Microsoft Office Powerpoint</td>
-</tr>
-<tr class="odd">
-<td>rtf</td>
-<td>application/rtf</td>
-<td>Rich Text Format</td>
-</tr>
-<tr class="even">
-<td>svg</td>
-<td>image/svg+xml</td>
-<td>Scalable Vector Graphics Format</td>
-</tr>
-<tr class="odd">
-<td>tsv</td>
-<td>text/tab-separated-values</td>
-<td>Standard TSV format for spreadsheets</td>
-</tr>
-<tr class="even">
-<td>txt</td>
-<td>text/plain</td>
-<td>Plain Text</td>
-</tr>
-<tr class="odd">
-<td>wmf</td>
-<td>application/x-msmetafile</td>
-<td>Windows Meta File</td>
-</tr>
-<tr class="even">
-<td>xls</td>
-<td>application/vnd.ms-excel</td>
-<td>Classic Excel file</td>
-</tr>
-<tr class="odd">
-<td>xlsx</td>
-<td>application/vnd.openxmlformats-officedocument.spreadsheetml.sheet</td>
-<td>Microsoft Office Spreadsheet</td>
-</tr>
-<tr class="even">
-<td>zip</td>
-<td>application/zip</td>
-<td>A ZIP file of HTML, Images CSS</td>
-</tr>
-</tbody>
-</table>
-<p>Google documents can also be exported as link files. These files will open a browser window for the Google Docs website of that document when opened. The link file extension has to be specified as a <code>--drive-export-formats</code> parameter. They will match all available Google Documents.</p>
-<table>
-<thead>
-<tr class="header">
-<th>Extension</th>
-<th>Description</th>
-<th>OS Support</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>desktop</td>
-<td>freedesktop.org specified desktop entry</td>
-<td>Linux</td>
-</tr>
-<tr class="even">
-<td>link.html</td>
-<td>An HTML Document with a redirect</td>
-<td>All</td>
-</tr>
-<tr class="odd">
-<td>url</td>
-<td>INI style link file</td>
-<td>macOS, Windows</td>
-</tr>
-<tr class="even">
-<td>webloc</td>
-<td>macOS specific XML format</td>
-<td>macOS</td>
-</tr>
-</tbody>
-</table>
-<h3 id="standard-options-16">Standard options</h3>
-<p>Here are the Standard options specific to drive (Google Drive).</p>
-<h4 id="drive-client-id">--drive-client-id</h4>
-<p>Google Application Client Id Setting your own is recommended. See https://rclone.org/drive/#making-your-own-client-id for how to create your own. If you leave this blank, it will use an internal key which is low performance.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_DRIVE_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-client-secret">--drive-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_DRIVE_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-scope">--drive-scope</h4>
-<p>Scope that rclone should use when requesting access from drive.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: scope</li>
-<li>Env Var: RCLONE_DRIVE_SCOPE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"drive"
-<ul>
-<li>Full access all files, excluding Application Data Folder.</li>
-</ul></li>
-<li>"drive.readonly"
-<ul>
-<li>Read-only access to file metadata and file contents.</li>
-</ul></li>
-<li>"drive.file"
-<ul>
-<li>Access to files created by rclone only.</li>
-<li>These are visible in the drive website.</li>
-<li>File authorization is revoked when the user deauthorizes the app.</li>
-</ul></li>
-<li>"drive.appfolder"
-<ul>
-<li>Allows read and write access to the Application Data folder.</li>
-<li>This is not visible in the drive website.</li>
-</ul></li>
-<li>"drive.metadata.readonly"
-<ul>
-<li>Allows read-only access to file metadata but</li>
-<li>does not allow any access to read or download file content.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="drive-service-account-file">--drive-service-account-file</h4>
-<p>Service Account Credentials JSON file path.</p>
-<p>Leave blank normally. Needed only if you want use SA instead of interactive login.</p>
-<p>Leading <code>~</code> will be expanded in the file name as will environment variables such as <code>${RCLONE_CONFIG_DIR}</code>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: service_account_file</li>
-<li>Env Var: RCLONE_DRIVE_SERVICE_ACCOUNT_FILE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-alternate-export">--drive-alternate-export</h4>
-<p>Deprecated: No longer needed.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: alternate_export</li>
-<li>Env Var: RCLONE_DRIVE_ALTERNATE_EXPORT</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h3 id="advanced-options-14">Advanced options</h3>
-<p>Here are the Advanced options specific to drive (Google Drive).</p>
-<h4 id="drive-token">--drive-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_DRIVE_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-auth-url">--drive-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_DRIVE_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-token-url">--drive-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_DRIVE_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-root-folder-id">--drive-root-folder-id</h4>
-<p>ID of the root folder. Leave blank normally.</p>
-<p>Fill in to access "Computers" folders (see docs), or for rclone to use a non root folder as its starting point.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: root_folder_id</li>
-<li>Env Var: RCLONE_DRIVE_ROOT_FOLDER_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-service-account-credentials">--drive-service-account-credentials</h4>
-<p>Service Account Credentials JSON blob.</p>
-<p>Leave blank normally. Needed only if you want use SA instead of interactive login.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: service_account_credentials</li>
-<li>Env Var: RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-team-drive">--drive-team-drive</h4>
-<p>ID of the Shared Drive (Team Drive).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: team_drive</li>
-<li>Env Var: RCLONE_DRIVE_TEAM_DRIVE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-auth-owner-only">--drive-auth-owner-only</h4>
-<p>Only consider files owned by the authenticated user.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_owner_only</li>
-<li>Env Var: RCLONE_DRIVE_AUTH_OWNER_ONLY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-use-trash">--drive-use-trash</h4>
-<p>Send files to the trash instead of deleting permanently.</p>
-<p>Defaults to true, namely sending files to the trash. Use <code>--drive-use-trash=false</code> to delete files permanently instead.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_trash</li>
-<li>Env Var: RCLONE_DRIVE_USE_TRASH</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-</ul>
-<h4 id="drive-copy-shortcut-content">--drive-copy-shortcut-content</h4>
-<p>Server side copy contents of shortcuts instead of the shortcut.</p>
-<p>When doing server side copies, normally rclone will copy shortcuts as shortcuts.</p>
-<p>If this flag is used then rclone will copy the contents of shortcuts rather than shortcuts themselves when doing server side copies.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: copy_shortcut_content</li>
-<li>Env Var: RCLONE_DRIVE_COPY_SHORTCUT_CONTENT</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-skip-gdocs">--drive-skip-gdocs</h4>
-<p>Skip google documents in all listings.</p>
-<p>If given, gdocs practically become invisible to rclone.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: skip_gdocs</li>
-<li>Env Var: RCLONE_DRIVE_SKIP_GDOCS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-skip-checksum-gphotos">--drive-skip-checksum-gphotos</h4>
-<p>Skip MD5 checksum on Google photos and videos only.</p>
-<p>Use this if you get checksum errors when transferring Google photos or videos.</p>
-<p>Setting this flag will cause Google photos and videos to return a blank MD5 checksum.</p>
-<p>Google photos are identified by being in the "photos" space.</p>
-<p>Corrupted checksums are caused by Google modifying the image/video but not updating the checksum.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: skip_checksum_gphotos</li>
-<li>Env Var: RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-shared-with-me">--drive-shared-with-me</h4>
-<p>Only show files that are shared with me.</p>
-<p>Instructs rclone to operate on your "Shared with me" folder (where Google Drive lets you access the files and folders others have shared with you).</p>
-<p>This works both with the "list" (lsd, lsl, etc.) and the "copy" commands (copy, sync, etc.), and with all other commands too.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: shared_with_me</li>
-<li>Env Var: RCLONE_DRIVE_SHARED_WITH_ME</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-trashed-only">--drive-trashed-only</h4>
-<p>Only show files that are in the trash.</p>
-<p>This will show trashed files in their original directory structure.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: trashed_only</li>
-<li>Env Var: RCLONE_DRIVE_TRASHED_ONLY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-starred-only">--drive-starred-only</h4>
-<p>Only show files that are starred.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: starred_only</li>
-<li>Env Var: RCLONE_DRIVE_STARRED_ONLY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-formats">--drive-formats</h4>
-<p>Deprecated: See export_formats.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: formats</li>
-<li>Env Var: RCLONE_DRIVE_FORMATS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-export-formats">--drive-export-formats</h4>
-<p>Comma separated list of preferred formats for downloading Google docs.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: export_formats</li>
-<li>Env Var: RCLONE_DRIVE_EXPORT_FORMATS</li>
-<li>Type: string</li>
-<li>Default: "docx,xlsx,pptx,svg"</li>
-</ul>
-<h4 id="drive-import-formats">--drive-import-formats</h4>
-<p>Comma separated list of preferred formats for uploading Google docs.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: import_formats</li>
-<li>Env Var: RCLONE_DRIVE_IMPORT_FORMATS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-allow-import-name-change">--drive-allow-import-name-change</h4>
-<p>Allow the filetype to change when uploading Google docs.</p>
-<p>E.g. file.doc to file.docx. This will confuse sync and reupload every time.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: allow_import_name_change</li>
-<li>Env Var: RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-use-created-date">--drive-use-created-date</h4>
-<p>Use file created date instead of modified date.</p>
-<p>Useful when downloading data and you want the creation date used in place of the last modified date.</p>
-<p><strong>WARNING</strong>: This flag may have some unexpected consequences.</p>
-<p>When uploading to your drive all files will be overwritten unless they haven't been modified since their creation. And the inverse will occur while downloading. This side effect can be avoided by using the "--checksum" flag.</p>
-<p>This feature was implemented to retain photos capture date as recorded by google photos. You will first need to check the "Create a Google Photos folder" option in your google drive settings. You can then copy or move the photos locally and use the date the image was taken (created) set as the modification date.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_created_date</li>
-<li>Env Var: RCLONE_DRIVE_USE_CREATED_DATE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-use-shared-date">--drive-use-shared-date</h4>
-<p>Use date file was shared instead of modified date.</p>
-<p>Note that, as with "--drive-use-created-date", this flag may have unexpected consequences when uploading/downloading files.</p>
-<p>If both this flag and "--drive-use-created-date" are set, the created date is used.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_shared_date</li>
-<li>Env Var: RCLONE_DRIVE_USE_SHARED_DATE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-list-chunk">--drive-list-chunk</h4>
-<p>Size of listing chunk 100-1000, 0 to disable.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: list_chunk</li>
-<li>Env Var: RCLONE_DRIVE_LIST_CHUNK</li>
-<li>Type: int</li>
-<li>Default: 1000</li>
-</ul>
-<h4 id="drive-impersonate">--drive-impersonate</h4>
-<p>Impersonate this user when using a service account.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: impersonate</li>
-<li>Env Var: RCLONE_DRIVE_IMPERSONATE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-upload-cutoff">--drive-upload-cutoff</h4>
-<p>Cutoff for switching to chunked upload.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_DRIVE_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 8Mi</li>
-</ul>
-<h4 id="drive-chunk-size">--drive-chunk-size</h4>
-<p>Upload chunk size.</p>
-<p>Must a power of 2 &gt;= 256k.</p>
-<p>Making this larger will improve performance, but note that each chunk is buffered in memory one per transfer.</p>
-<p>Reducing this will reduce memory usage but decrease performance.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_DRIVE_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 8Mi</li>
-</ul>
-<h4 id="drive-acknowledge-abuse">--drive-acknowledge-abuse</h4>
-<p>Set to allow files which return cannotDownloadAbusiveFile to be downloaded.</p>
-<p>If downloading a file returns the error "This file has been identified as malware or spam and cannot be downloaded" with the error code "cannotDownloadAbusiveFile" then supply this flag to rclone to indicate you acknowledge the risks of downloading the file and rclone will download it anyway.</p>
-<p>Note that if you are using service account it will need Manager permission (not Content Manager) to for this flag to work. If the SA does not have the right permission, Google will just ignore the flag.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: acknowledge_abuse</li>
-<li>Env Var: RCLONE_DRIVE_ACKNOWLEDGE_ABUSE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-keep-revision-forever">--drive-keep-revision-forever</h4>
-<p>Keep new head revision of each file forever.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: keep_revision_forever</li>
-<li>Env Var: RCLONE_DRIVE_KEEP_REVISION_FOREVER</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-size-as-quota">--drive-size-as-quota</h4>
-<p>Show sizes as storage quota usage, not actual size.</p>
-<p>Show the size of a file as the storage quota used. This is the current version plus any older versions that have been set to keep forever.</p>
-<p><strong>WARNING</strong>: This flag may have some unexpected consequences.</p>
-<p>It is not recommended to set this flag in your config - the recommended usage is using the flag form --drive-size-as-quota when doing rclone ls/lsl/lsf/lsjson/etc only.</p>
-<p>If you do use this flag for syncing (not recommended) then you will need to use --ignore size also.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: size_as_quota</li>
-<li>Env Var: RCLONE_DRIVE_SIZE_AS_QUOTA</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-v2-download-min-size">--drive-v2-download-min-size</h4>
-<p>If Object's are greater, use drive v2 API to download.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: v2_download_min_size</li>
-<li>Env Var: RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: off</li>
-</ul>
-<h4 id="drive-pacer-min-sleep">--drive-pacer-min-sleep</h4>
-<p>Minimum time to sleep between API calls.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: pacer_min_sleep</li>
-<li>Env Var: RCLONE_DRIVE_PACER_MIN_SLEEP</li>
-<li>Type: Duration</li>
-<li>Default: 100ms</li>
-</ul>
-<h4 id="drive-pacer-burst">--drive-pacer-burst</h4>
-<p>Number of API calls to allow without sleeping.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: pacer_burst</li>
-<li>Env Var: RCLONE_DRIVE_PACER_BURST</li>
-<li>Type: int</li>
-<li>Default: 100</li>
-</ul>
-<h4 id="drive-server-side-across-configs">--drive-server-side-across-configs</h4>
-<p>Allow server-side operations (e.g. copy) to work across different drive configs.</p>
-<p>This can be useful if you wish to do a server-side copy between two different Google drives. Note that this isn't enabled by default because it isn't easy to tell if it will work between any two configurations.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: server_side_across_configs</li>
-<li>Env Var: RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-disable-http2">--drive-disable-http2</h4>
-<p>Disable drive using http2.</p>
-<p>There is currently an unsolved issue with the google drive backend and HTTP/2. HTTP/2 is therefore disabled by default for the drive backend but can be re-enabled here. When the issue is solved this flag will be removed.</p>
-<p>See: https://github.com/rclone/rclone/issues/3631</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_http2</li>
-<li>Env Var: RCLONE_DRIVE_DISABLE_HTTP2</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-</ul>
-<h4 id="drive-stop-on-upload-limit">--drive-stop-on-upload-limit</h4>
-<p>Make upload limit errors be fatal.</p>
-<p>At the time of writing it is only possible to upload 750 GiB of data to Google Drive a day (this is an undocumented limit). When this limit is reached Google Drive produces a slightly different error message. When this flag is set it causes these errors to be fatal. These will stop the in-progress sync.</p>
-<p>Note that this detection is relying on error message strings which Google don't document so it may break in the future.</p>
-<p>See: https://github.com/rclone/rclone/issues/3857</p>
-<p>Properties:</p>
-<ul>
-<li>Config: stop_on_upload_limit</li>
-<li>Env Var: RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-stop-on-download-limit">--drive-stop-on-download-limit</h4>
-<p>Make download limit errors be fatal.</p>
-<p>At the time of writing it is only possible to download 10 TiB of data from Google Drive a day (this is an undocumented limit). When this limit is reached Google Drive produces a slightly different error message. When this flag is set it causes these errors to be fatal. These will stop the in-progress sync.</p>
-<p>Note that this detection is relying on error message strings which Google don't document so it may break in the future.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: stop_on_download_limit</li>
-<li>Env Var: RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-skip-shortcuts">--drive-skip-shortcuts</h4>
-<p>If set skip shortcut files.</p>
-<p>Normally rclone dereferences shortcut files making them appear as if they are the original file (see <a href="#shortcuts">the shortcuts section</a>). If this flag is set then rclone will ignore shortcut files completely.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: skip_shortcuts</li>
-<li>Env Var: RCLONE_DRIVE_SKIP_SHORTCUTS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-skip-dangling-shortcuts">--drive-skip-dangling-shortcuts</h4>
-<p>If set skip dangling shortcut files.</p>
-<p>If this is set then rclone will not show any dangling shortcuts in listings.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: skip_dangling_shortcuts</li>
-<li>Env Var: RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="drive-resource-key">--drive-resource-key</h4>
-<p>Resource key for accessing a link-shared file.</p>
-<p>If you need to access files shared with a link like this</p>
-<pre><code>https://drive.google.com/drive/folders/XXX?resourcekey=YYY&amp;usp=sharing</code></pre>
-<p>Then you will need to use the first part "XXX" as the "root_folder_id" and the second part "YYY" as the "resource_key" otherwise you will get 404 not found errors when trying to access the directory.</p>
-<p>See: https://developers.google.com/drive/api/guides/resource-keys</p>
-<p>This resource key requirement only applies to a subset of old files.</p>
-<p>Note also that opening the folder once in the web interface (with the user you've authenticated rclone with) seems to be enough so that the resource key is no needed.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: resource_key</li>
-<li>Env Var: RCLONE_DRIVE_RESOURCE_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="drive-encoding">--drive-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_DRIVE_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: InvalidUtf8</li>
-</ul>
-<h2 id="backend-commands-3">Backend commands</h2>
-<p>Here are the commands specific to the drive backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="get">get</h3>
-<p>Get command for fetching the drive config parameters</p>
-<pre><code>rclone backend get remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This is a get command which will be used to fetch the various drive config parameters</p>
-<p>Usage Examples:</p>
-<pre><code>rclone backend get drive: [-o service_account_file] [-o chunk_size]
-rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]</code></pre>
-<p>Options:</p>
-<ul>
-<li>"chunk_size": show the current upload chunk size</li>
-<li>"service_account_file": show the current service account file</li>
-</ul>
-<h3 id="set">set</h3>
-<p>Set command for updating the drive config parameters</p>
-<pre><code>rclone backend set remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This is a set command which will be used to update the various drive config parameters</p>
-<p>Usage Examples:</p>
-<pre><code>rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
-rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]</code></pre>
-<p>Options:</p>
-<ul>
-<li>"chunk_size": update the current upload chunk size</li>
-<li>"service_account_file": update the current service account file</li>
-</ul>
-<h3 id="shortcut">shortcut</h3>
-<p>Create shortcuts from files or directories</p>
-<pre><code>rclone backend shortcut remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command creates shortcuts from files or directories.</p>
-<p>Usage:</p>
-<pre><code>rclone backend shortcut drive: source_item destination_shortcut
-rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut</code></pre>
-<p>In the first example this creates a shortcut from the "source_item" which can be a file or a directory to the "destination_shortcut". The "source_item" and the "destination_shortcut" should be relative paths from "drive:"</p>
-<p>In the second example this creates a shortcut from the "source_item" relative to "drive:" to the "destination_shortcut" relative to "drive2:". This may fail with a permission error if the user authenticated with "drive2:" can't read files from "drive:".</p>
-<p>Options:</p>
-<ul>
-<li>"target": optional target remote for the shortcut destination</li>
-</ul>
-<h3 id="drives">drives</h3>
-<p>List the Shared Drives available to this account</p>
-<pre><code>rclone backend drives remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command lists the Shared Drives (Team Drives) available to this account.</p>
-<p>Usage:</p>
-<pre><code>rclone backend [-o config] drives drive:</code></pre>
-<p>This will return a JSON list of objects like this</p>
-<pre><code>[
-    {
-        &quot;id&quot;: &quot;0ABCDEF-01234567890&quot;,
-        &quot;kind&quot;: &quot;drive#teamDrive&quot;,
-        &quot;name&quot;: &quot;My Drive&quot;
-    },
-    {
-        &quot;id&quot;: &quot;0ABCDEFabcdefghijkl&quot;,
-        &quot;kind&quot;: &quot;drive#teamDrive&quot;,
-        &quot;name&quot;: &quot;Test Drive&quot;
-    }
-]</code></pre>
-<p>With the -o config parameter it will output the list in a format suitable for adding to a config file to make aliases for all the drives found and a combined drive.</p>
-<pre><code>[My Drive]
-type = alias
-remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
-
-[Test Drive]
-type = alias
-remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
-
-[AllDrives]
-type = combine
-upstreams = &quot;My Drive=My Drive:&quot; &quot;Test Drive=Test Drive:&quot;</code></pre>
-<p>Adding this to the rclone config file will cause those team drives to be accessible with the aliases shown. Any illegal characters will be substituted with "_" and duplicate names will have numbers suffixed. It will also add a remote called AllDrives which shows all the shared drives combined into one directory tree.</p>
-<h3 id="untrash">untrash</h3>
-<p>Untrash files and directories</p>
-<pre><code>rclone backend untrash remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command untrashes all the files and directories in the directory passed in recursively.</p>
-<p>Usage:</p>
-<p>This takes an optional directory to trash which make this easier to use via the API.</p>
-<pre><code>rclone backend untrash drive:directory
-rclone backend --interactive untrash drive:directory subdir</code></pre>
-<p>Use the --interactive/-i or --dry-run flag to see what would be restored before restoring it.</p>
-<p>Result:</p>
-<pre><code>{
-    &quot;Untrashed&quot;: 17,
-    &quot;Errors&quot;: 0
-}</code></pre>
-<h3 id="copyid">copyid</h3>
-<p>Copy files by ID</p>
-<pre><code>rclone backend copyid remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command copies files by ID</p>
-<p>Usage:</p>
-<pre><code>rclone backend copyid drive: ID path
-rclone backend copyid drive: ID1 path1 ID2 path2</code></pre>
-<p>It copies the drive file with ID given to the path (an rclone path which will be passed internally to rclone copyto). The ID and path pairs can be repeated.</p>
-<p>The path should end with a / to indicate copy the file as named to this directory. If it doesn't end with a / then the last path component will be used as the file name.</p>
-<p>If the destination is a drive backend then server-side copying will be attempted if possible.</p>
-<p>Use the --interactive/-i or --dry-run flag to see what would be copied before copying.</p>
-<h3 id="exportformats">exportformats</h3>
-<p>Dump the export formats for debug purposes</p>
-<pre><code>rclone backend exportformats remote: [options] [&lt;arguments&gt;+]</code></pre>
-<h3 id="importformats">importformats</h3>
-<p>Dump the import formats for debug purposes</p>
-<pre><code>rclone backend importformats remote: [options] [&lt;arguments&gt;+]</code></pre>
-<h2 id="limitations-12">Limitations</h2>
-<p>Drive has quite a lot of rate limiting. This causes rclone to be limited to transferring about 2 files per second only. Individual files may be transferred much faster at 100s of MiB/s but lots of small files can take a long time.</p>
-<p>Server side copies are also subject to a separate rate limit. If you see User rate limit exceeded errors, wait at least 24 hours and retry. You can disable server-side copies with <code>--disable copy</code> to download and upload the files if you prefer.</p>
-<h3 id="limitations-of-google-docs">Limitations of Google Docs</h3>
-<p>Google docs will appear as size -1 in <code>rclone ls</code>, <code>rclone ncdu</code> etc, and as size 0 in anything which uses the VFS layer, e.g. <code>rclone mount</code> and <code>rclone serve</code>. When calculating directory totals, e.g. in <code>rclone size</code> and <code>rclone ncdu</code>, they will be counted in as empty files.</p>
-<p>This is because rclone can't find out the size of the Google docs without downloading them.</p>
-<p>Google docs will transfer correctly with <code>rclone sync</code>, <code>rclone copy</code> etc as rclone knows to ignore the size when doing the transfer.</p>
-<p>However an unfortunate consequence of this is that you may not be able to download Google docs using <code>rclone mount</code>. If it doesn't work you will get a 0 sized file. If you try again the doc may gain its correct size and be downloadable. Whether it will work on not depends on the application accessing the mount and the OS you are running - experiment to find out if it does work for you!</p>
-<h3 id="duplicated-files-1">Duplicated files</h3>
-<p>Sometimes, for no reason I've been able to track down, drive will duplicate a file that rclone uploads. Drive unlike all the other remotes can have duplicated files.</p>
-<p>Duplicated files cause problems with the syncing and you will see messages in the log about duplicates.</p>
-<p>Use <code>rclone dedupe</code> to fix duplicated files.</p>
-<p>Note that this isn't just a problem with rclone, even Google Photos on Android duplicates files on drive sometimes.</p>
-<h3 id="rclone-appears-to-be-re-copying-files-it-shouldnt">Rclone appears to be re-copying files it shouldn't</h3>
-<p>The most likely cause of this is the duplicated file issue above - run <code>rclone dedupe</code> and check your logs for duplicate object or directory messages.</p>
-<p>This can also be caused by a delay/caching on google drive's end when comparing directory listings. Specifically with team drives used in combination with --fast-list. Files that were uploaded recently may not appear on the directory list sent to rclone when using --fast-list.</p>
-<p>Waiting a moderate period of time between attempts (estimated to be approximately 1 hour) and/or not using --fast-list both seem to be effective in preventing the problem.</p>
-<h2 id="making-your-own-client_id">Making your own client_id</h2>
-<p>When you use rclone with Google drive in its default configuration you are using rclone's client_id. This is shared between all the rclone users. There is a global rate limit on the number of queries per second that each client_id can do set by Google. rclone already has a high quota and I will continue to make sure it is high enough by contacting Google.</p>
-<p>It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.</p>
-<p>Here is how to create your own Google Drive client ID for rclone:</p>
-<ol type="1">
-<li><p>Log into the <a href="https://console.developers.google.com/">Google API Console</a> with your Google account. It doesn't matter what Google account you use. (It need not be the same account as the Google Drive you want to access)</p></li>
-<li><p>Select a project or create a new project.</p></li>
-<li><p>Under "ENABLE APIS AND SERVICES" search for "Drive", and enable the "Google Drive API".</p></li>
-<li><p>Click "Credentials" in the left-side panel (not "Create credentials", which opens the wizard), then "Create credentials"</p></li>
-<li><p>If you already configured an "Oauth Consent Screen", then skip to the next step; if not, click on "CONFIGURE CONSENT SCREEN" button (near the top right corner of the right panel), then select "External" and click on "CREATE"; on the next screen, enter an "Application name" ("rclone" is OK); enter "User Support Email" (your own email is OK); enter "Developer Contact Email" (your own email is OK); then click on "Save" (all other data is optional). You will also have to add some scopes, including <code>.../auth/docs</code> and <code>.../auth/drive</code> in order to be able to edit, create and delete files with RClone. You may also want to include the <code>../auth/drive.metadata.readonly</code> scope. After adding scopes, click "Save and continue" to add test users. Be sure to add your own account to the test users. Once you've added yourself as a test user and saved the changes, click again on "Credentials" on the left panel to go back to the "Credentials" screen.</p>
-<p>(PS: if you are a GSuite user, you could also select "Internal" instead of "External" above, but this will restrict API use to Google Workspace users in your organisation).</p></li>
-<li><p>Click on the "+ CREATE CREDENTIALS" button at the top of the screen, then select "OAuth client ID".</p></li>
-<li><p>Choose an application type of "Desktop app" and click "Create". (the default name is fine)</p></li>
-<li><p>It will show you a client ID and client secret. Make a note of these.</p>
-<p>(If you selected "External" at Step 5 continue to Step 9. If you chose "Internal" you don't need to publish and can skip straight to Step 10 but your destination drive must be part of the same Google Workspace.)</p></li>
-<li><p>Go to "Oauth consent screen" and then click "PUBLISH APP" button and confirm. You will also want to add yourself as a test user.</p></li>
-<li><p>Provide the noted client ID and client secret to rclone.</p></li>
-</ol>
-<p>Be aware that, due to the "enhanced security" recently introduced by Google, you are theoretically expected to "submit your app for verification" and then wait a few weeks(!) for their response; in practice, you can go right ahead and use the client ID and client secret with rclone, the only issue will be a very scary confirmation screen shown when you connect via your browser for rclone to be able to get its token-id (but as this only happens during the remote configuration, it's not such a big deal). Keeping the application in "Testing" will work as well, but the limitation is that any grants will expire after a week, which can be annoying to refresh constantly. If, for whatever reason, a short grant time is not a problem, then keeping the application in testing mode would also be sufficient.</p>
-<p>(Thanks to <span class="citation" data-cites="balazer">@balazer</span> on github for these instructions.)</p>
-<p>Sometimes, creation of an OAuth consent in Google API Console fails due to an error message “The request failed because changes to one of the field of the resource is not supported”. As a convenient workaround, the necessary Google Drive API key can be created on the <a href="https://developers.google.com/drive/api/v3/quickstart/python">Python Quickstart</a> page. Just push the Enable the Drive API button to receive the Client ID and Secret. Note that it will automatically create a new project in the API Console.</p>
-<h1 id="google-photos">Google Photos</h1>
-<p>The rclone backend for <a href="https://www.google.com/photos/about/">Google Photos</a> is a specialized backend for transferring photos and videos to and from Google Photos.</p>
-<p><strong>NB</strong> The Google Photos API which rclone uses has quite a few limitations, so please read the <a href="#limitations">limitations section</a> carefully to make sure it is suitable for your use.</p>
-<h2 id="configuration-17">Configuration</h2>
-<p>The initial setup for google cloud storage involves getting a token from Google Photos which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Photos
-   \ &quot;google photos&quot;
-[snip]
-Storage&gt; google photos
-** See help for google photos backend at: https://rclone.org/googlephotos/ **
-
-Google Application Client Id
-Leave blank normally.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-client_id&gt; 
-Google Application Client Secret
-Leave blank normally.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-client_secret&gt; 
-Set to make the Google Photos backend read only.
-
-If you choose read only then rclone will only request read only access
-to your photos, otherwise rclone will request full access.
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-read_only&gt; 
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n&gt; n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-
-*** IMPORTANT: All media items uploaded to Google Photos with rclone
-*** are stored in full resolution at original quality.  These uploads
-*** will count towards storage in your Google Account.
-
---------------------
-[remote]
-type = google photos
-token = {&quot;access_token&quot;:&quot;XXX&quot;,&quot;token_type&quot;:&quot;Bearer&quot;,&quot;refresh_token&quot;:&quot;XXX&quot;,&quot;expiry&quot;:&quot;2019-06-28T17:38:04.644930156+01:00&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Google if using web browser to automatically authenticate. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</p>
-<p>This remote is called <code>remote</code> and can now be used like this</p>
-<p>See all the albums in your photos</p>
-<pre><code>rclone lsd remote:album</code></pre>
-<p>Make a new album</p>
-<pre><code>rclone mkdir remote:album/newAlbum</code></pre>
-<p>List the contents of an album</p>
-<pre><code>rclone ls remote:album/newAlbum</code></pre>
-<p>Sync <code>/home/local/images</code> to the Google Photos, removing any excess files in the album.</p>
-<pre><code>rclone sync --interactive /home/local/image remote:album/newAlbum</code></pre>
-<h3 id="layout">Layout</h3>
-<p>As Google Photos is not a general purpose cloud storage system, the backend is laid out to help you navigate it.</p>
-<p>The directories under <code>media</code> show different ways of categorizing the media. Each file will appear multiple times. So if you want to make a backup of your google photos you might choose to backup <code>remote:media/by-month</code>. (<strong>NB</strong> <code>remote:media/by-day</code> is rather slow at the moment so avoid for syncing.)</p>
-<p>Note that all your photos and videos will appear somewhere under <code>media</code>, but they may not appear under <code>album</code> unless you've put them into albums.</p>
-<pre><code>/
-- upload
-    - file1.jpg
-    - file2.jpg
-    - ...
-- media
-    - all
-        - file1.jpg
-        - file2.jpg
-        - ...
-    - by-year
-        - 2000
-            - file1.jpg
-            - ...
-        - 2001
-            - file2.jpg
-            - ...
-        - ...
-    - by-month
-        - 2000
-            - 2000-01
-                - file1.jpg
-                - ...
-            - 2000-02
-                - file2.jpg
-                - ...
-        - ...
-    - by-day
-        - 2000
-            - 2000-01-01
-                - file1.jpg
-                - ...
-            - 2000-01-02
-                - file2.jpg
-                - ...
-        - ...
-- album
-    - album name
-    - album name/sub
-- shared-album
-    - album name
-    - album name/sub
-- feature
-    - favorites
-        - file1.jpg
-        - file2.jpg</code></pre>
-<p>There are two writable parts of the tree, the <code>upload</code> directory and sub directories of the <code>album</code> directory.</p>
-<p>The <code>upload</code> directory is for uploading files you don't want to put into albums. This will be empty to start with and will contain the files you've uploaded for one rclone session only, becoming empty again when you restart rclone. The use case for this would be if you have a load of files you just want to once off dump into Google Photos. For repeated syncing, uploading to <code>album</code> will work better.</p>
-<p>Directories within the <code>album</code> directory are also writeable and you may create new directories (albums) under <code>album</code>. If you copy files with a directory hierarchy in there then rclone will create albums with the <code>/</code> character in them. For example if you do</p>
-<pre><code>rclone copy /path/to/images remote:album/images</code></pre>
-<p>and the images directory contains</p>
-<pre><code>images
-    - file1.jpg
-    dir
-        file2.jpg
-    dir2
-        dir3
-            file3.jpg</code></pre>
-<p>Then rclone will create the following albums with the following files in</p>
-<ul>
-<li>images
-<ul>
-<li>file1.jpg</li>
-</ul></li>
-<li>images/dir
-<ul>
-<li>file2.jpg</li>
-</ul></li>
-<li>images/dir2/dir3
-<ul>
-<li>file3.jpg</li>
-</ul></li>
-</ul>
-<p>This means that you can use the <code>album</code> path pretty much like a normal filesystem and it is a good target for repeated syncing.</p>
-<p>The <code>shared-album</code> directory shows albums shared with you or by you. This is similar to the Sharing tab in the Google Photos web interface.</p>
-<h3 id="standard-options-17">Standard options</h3>
-<p>Here are the Standard options specific to google photos (Google Photos).</p>
-<h4 id="gphotos-client-id">--gphotos-client-id</h4>
-<p>OAuth Client Id.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_GPHOTOS_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gphotos-client-secret">--gphotos-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_GPHOTOS_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gphotos-read-only">--gphotos-read-only</h4>
-<p>Set to make the Google Photos backend read only.</p>
-<p>If you choose read only then rclone will only request read only access to your photos, otherwise rclone will request full access.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: read_only</li>
-<li>Env Var: RCLONE_GPHOTOS_READ_ONLY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h3 id="advanced-options-15">Advanced options</h3>
-<p>Here are the Advanced options specific to google photos (Google Photos).</p>
-<h4 id="gphotos-token">--gphotos-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_GPHOTOS_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gphotos-auth-url">--gphotos-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_GPHOTOS_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gphotos-token-url">--gphotos-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_GPHOTOS_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="gphotos-read-size">--gphotos-read-size</h4>
-<p>Set to read the size of media items.</p>
-<p>Normally rclone does not read the size of media items since this takes another transaction. This isn't necessary for syncing. However rclone mount needs to know the size of files in advance of reading them, so setting this flag when using rclone mount is recommended if you want to read the media.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: read_size</li>
-<li>Env Var: RCLONE_GPHOTOS_READ_SIZE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="gphotos-start-year">--gphotos-start-year</h4>
-<p>Year limits the photos to be downloaded to those which are uploaded after the given year.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: start_year</li>
-<li>Env Var: RCLONE_GPHOTOS_START_YEAR</li>
-<li>Type: int</li>
-<li>Default: 2000</li>
-</ul>
-<h4 id="gphotos-include-archived">--gphotos-include-archived</h4>
-<p>Also view and download archived media.</p>
-<p>By default, rclone does not request archived media. Thus, when syncing, archived media is not visible in directory listings or transferred.</p>
-<p>Note that media in albums is always visible and synced, no matter their archive status.</p>
-<p>With this flag, archived media are always visible in directory listings and transferred.</p>
-<p>Without this flag, archived media will not be visible in directory listings and won't be transferred.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: include_archived</li>
-<li>Env Var: RCLONE_GPHOTOS_INCLUDE_ARCHIVED</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="gphotos-encoding">--gphotos-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_GPHOTOS_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,CrLf,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-13">Limitations</h2>
-<p>Only images and videos can be uploaded. If you attempt to upload non videos or images or formats that Google Photos doesn't understand, rclone will upload the file, then Google Photos will give an error when it is put turned into a media item.</p>
-<p>Note that all media items uploaded to Google Photos through the API are stored in full resolution at "original quality" and <strong>will</strong> count towards your storage quota in your Google Account. The API does <strong>not</strong> offer a way to upload in "high quality" mode..</p>
-<p><code>rclone about</code> is not supported by the Google Photos backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> See <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h3 id="downloading-images">Downloading Images</h3>
-<p>When Images are downloaded this strips EXIF location (according to the docs and my tests). This is a limitation of the Google Photos API and is covered by <a href="https://issuetracker.google.com/issues/112096115">bug #112096115</a>.</p>
-<p><strong>The current google API does not allow photos to be downloaded at original resolution. This is very important if you are, for example, relying on "Google Photos" as a backup of your photos. You will not be able to use rclone to redownload original images. You could use 'google takeout' to recover the original photos as a last resort</strong></p>
-<h3 id="downloading-videos">Downloading Videos</h3>
-<p>When videos are downloaded they are downloaded in a really compressed version of the video compared to downloading it via the Google Photos web interface. This is covered by <a href="https://issuetracker.google.com/issues/113672044">bug #113672044</a>.</p>
-<h3 id="duplicates">Duplicates</h3>
-<p>If a file name is duplicated in a directory then rclone will add the file ID into its name. So two files called <code>file.jpg</code> would then appear as <code>file {123456}.jpg</code> and <code>file {ABCDEF}.jpg</code> (the actual IDs are a lot longer alas!).</p>
-<p>If you upload the same image (with the same binary data) twice then Google Photos will deduplicate it. However it will retain the filename from the first upload which may confuse rclone. For example if you uploaded an image to <code>upload</code> then uploaded the same image to <code>album/my_album</code> the filename of the image in <code>album/my_album</code> will be what it was uploaded with initially, not what you uploaded it with to <code>album</code>. In practise this shouldn't cause too many problems.</p>
-<h3 id="modified-time-5">Modified time</h3>
-<p>The date shown of media in Google Photos is the creation date as determined by the EXIF information, or the upload date if that is not known.</p>
-<p>This is not changeable by rclone and is not the modification date of the media on local disk. This means that rclone cannot use the dates from Google Photos for syncing purposes.</p>
-<h3 id="size">Size</h3>
-<p>The Google Photos API does not return the size of media. This means that when syncing to Google Photos, rclone can only do a file existence check.</p>
-<p>It is possible to read the size of the media, but this needs an extra HTTP HEAD request per media item so is <strong>very slow</strong> and uses up a lot of transactions. This can be enabled with the <code>--gphotos-read-size</code> option or the <code>read_size = true</code> config parameter.</p>
-<p>If you want to use the backend with <code>rclone mount</code> you may need to enable this flag (depending on your OS and application using the photos) otherwise you may not be able to read media off the mount. You'll need to experiment to see if it works for you without the flag.</p>
-<h3 id="albums">Albums</h3>
-<p>Rclone can only upload files to albums it created. This is a <a href="https://developers.google.com/photos/library/guides/manage-albums">limitation of the Google Photos API</a>.</p>
-<p>Rclone can remove files it uploaded from albums it created only.</p>
-<h3 id="deleting-files-3">Deleting files</h3>
-<p>Rclone can remove files from albums it created, but note that the Google Photos API does not allow media to be deleted permanently so this media will still remain. See <a href="https://issuetracker.google.com/issues/109759781">bug #109759781</a>.</p>
-<p>Rclone cannot delete files anywhere except under <code>album</code>.</p>
-<h3 id="deleting-albums">Deleting albums</h3>
-<p>The Google Photos API does not support deleting albums - see <a href="https://issuetracker.google.com/issues/135714733">bug #135714733</a>.</p>
-<h1 id="hasher">Hasher</h1>
-<p>Hasher is a special overlay backend to create remotes which handle checksums for other remotes. It's main functions include: - Emulate hash types unimplemented by backends - Cache checksums to help with slow hashing of large local or (S)FTP files - Warm up checksum cache from external SUM files</p>
-<h2 id="getting-started-1">Getting started</h2>
-<p>To use Hasher, first set up the underlying remote following the configuration instructions for that remote. You can also use a local pathname instead of a remote. Check that your base remote is working.</p>
-<p>Let's call the base remote <code>myRemote:path</code> here. Note that anything inside <code>myRemote:path</code> will be handled by hasher and anything outside won't. This means that if you are using a bucket based remote (S3, B2, Swift) then you should put the bucket in the remote <code>s3:bucket</code>.</p>
-<p>Now proceed to interactive or manual configuration.</p>
-<h3 id="interactive-configuration">Interactive configuration</h3>
-<p>Run <code>rclone config</code>:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; Hasher1
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Handle checksums for other remotes
-   \ &quot;hasher&quot;
-[snip]
-Storage&gt; hasher
-Remote to cache checksums for, like myremote:mypath.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-remote&gt; myRemote:path
-Comma separated list of supported checksum types.
-Enter a string value. Press Enter for the default (&quot;md5,sha1&quot;).
-hashsums&gt; md5
-Maximum time to keep checksums in cache. 0 = no cache, off = cache forever.
-max_age&gt; off
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n&gt; n
-Remote config
---------------------
-[Hasher1]
-type = hasher
-remote = myRemote:path
-hashsums = md5
-max_age = off
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="manual-configuration">Manual configuration</h3>
-<p>Run <code>rclone config path</code> to see the path of current active config file, usually <code>YOURHOME/.config/rclone/rclone.conf</code>. Open it in your favorite text editor, find section for the base remote and create new section for hasher like in the following examples:</p>
-<pre><code>[Hasher1]
-type = hasher
-remote = myRemote:path
-hashes = md5
-max_age = off
-
-[Hasher2]
-type = hasher
-remote = /local/path
-hashes = dropbox,sha1
-max_age = 24h</code></pre>
-<p>Hasher takes basically the following parameters: - <code>remote</code> is required, - <code>hashes</code> is a comma separated list of supported checksums (by default <code>md5,sha1</code>), - <code>max_age</code> - maximum time to keep a checksum value in the cache, <code>0</code> will disable caching completely, <code>off</code> will cache "forever" (that is until the files get changed).</p>
-<p>Make sure the <code>remote</code> has <code>:</code> (colon) in. If you specify the remote without a colon then rclone will use a local directory of that name. So if you use a remote of <code>/local/path</code> then rclone will handle hashes for that directory. If you use <code>remote = name</code> literally then rclone will put files <strong>in a directory called <code>name</code> located under current directory</strong>.</p>
-<h2 id="usage-1">Usage</h2>
-<h3 id="basic-operations">Basic operations</h3>
-<p>Now you can use it as <code>Hasher2:subdir/file</code> instead of base remote. Hasher will transparently update cache with new checksums when a file is fully read or overwritten, like:</p>
-<pre><code>rclone copy External:path/file Hasher:dest/path
-
-rclone cat Hasher:path/to/file &gt; /dev/null</code></pre>
-<p>The way to refresh <strong>all</strong> cached checksums (even unsupported by the base backend) for a subtree is to <strong>re-download</strong> all files in the subtree. For example, use <code>hashsum --download</code> using <strong>any</strong> supported hashsum on the command line (we just care to re-read):</p>
-<pre><code>rclone hashsum MD5 --download Hasher:path/to/subtree &gt; /dev/null
-
-rclone backend dump Hasher:path/to/subtree</code></pre>
-<p>You can print or drop hashsum cache using custom backend commands:</p>
-<pre><code>rclone backend dump Hasher:dir/subdir
-
-rclone backend drop Hasher:</code></pre>
-<h3 id="pre-seed-from-a-sum-file">Pre-Seed from a SUM File</h3>
-<p>Hasher supports two backend commands: generic SUM file <code>import</code> and faster but less consistent <code>stickyimport</code>.</p>
-<pre><code>rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM [--checkers 4]</code></pre>
-<p>Instead of SHA1 it can be any hash supported by the remote. The last argument can point to either a local or an <code>other-remote:path</code> text file in SUM format. The command will parse the SUM file, then walk down the path given by the first argument, snapshot current fingerprints and fill in the cache entries correspondingly. - Paths in the SUM file are treated as relative to <code>hasher:dir/subdir</code>. - The command will <strong>not</strong> check that supplied values are correct. You <strong>must know</strong> what you are doing. - This is a one-time action. The SUM file will not get "attached" to the remote. Cache entries can still be overwritten later, should the object's fingerprint change. - The tree walk can take long depending on the tree size. You can increase <code>--checkers</code> to make it faster. Or use <code>stickyimport</code> if you don't care about fingerprints and consistency.</p>
-<pre><code>rclone backend stickyimport hasher:path/to/data sha1 remote:/path/to/sum.sha1</code></pre>
-<p><code>stickyimport</code> is similar to <code>import</code> but works much faster because it does not need to stat existing files and skips initial tree walk. Instead of binding cache entries to file fingerprints it creates <em>sticky</em> entries bound to the file name alone ignoring size, modification time etc. Such hash entries can be replaced only by <code>purge</code>, <code>delete</code>, <code>backend drop</code> or by full re-read/re-write of the files.</p>
-<h2 id="configuration-reference">Configuration reference</h2>
-<h3 id="standard-options-18">Standard options</h3>
-<p>Here are the Standard options specific to hasher (Better checksums for other remotes).</p>
-<h4 id="hasher-remote">--hasher-remote</h4>
-<p>Remote to cache checksums for (e.g. myRemote:path).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: remote</li>
-<li>Env Var: RCLONE_HASHER_REMOTE</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="hasher-hashes">--hasher-hashes</h4>
-<p>Comma separated list of supported checksum types.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: hashes</li>
-<li>Env Var: RCLONE_HASHER_HASHES</li>
-<li>Type: CommaSepList</li>
-<li>Default: md5,sha1</li>
-</ul>
-<h4 id="hasher-max-age">--hasher-max-age</h4>
-<p>Maximum time to keep checksums in cache (0 = no cache, off = cache forever).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: max_age</li>
-<li>Env Var: RCLONE_HASHER_MAX_AGE</li>
-<li>Type: Duration</li>
-<li>Default: off</li>
-</ul>
-<h3 id="advanced-options-16">Advanced options</h3>
-<p>Here are the Advanced options specific to hasher (Better checksums for other remotes).</p>
-<h4 id="hasher-auto-size">--hasher-auto-size</h4>
-<p>Auto-update checksum for files smaller than this size (disabled by default).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auto_size</li>
-<li>Env Var: RCLONE_HASHER_AUTO_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 0</li>
-</ul>
-<h3 id="metadata-7">Metadata</h3>
-<p>Any metadata supported by the underlying remote is read and written.</p>
-<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
-<h2 id="backend-commands-4">Backend commands</h2>
-<p>Here are the commands specific to the hasher backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="drop">drop</h3>
-<p>Drop cache</p>
-<pre><code>rclone backend drop remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>Completely drop checksum cache. Usage Example: rclone backend drop hasher:</p>
-<h3 id="dump">dump</h3>
-<p>Dump the database</p>
-<pre><code>rclone backend dump remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>Dump cache records covered by the current remote</p>
-<h3 id="fulldump">fulldump</h3>
-<p>Full dump of the database</p>
-<pre><code>rclone backend fulldump remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>Dump all cache records in the database</p>
-<h3 id="import">import</h3>
-<p>Import a SUM file</p>
-<pre><code>rclone backend import remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>Amend hash cache from a SUM file and bind checksums to files by size/time. Usage Example: rclone backend import hasher:subdir md5 /path/to/sum.md5</p>
-<h3 id="stickyimport">stickyimport</h3>
-<p>Perform fast import of a SUM file</p>
-<pre><code>rclone backend stickyimport remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>Fill hash cache from a SUM file without verifying file fingerprints. Usage Example: rclone backend stickyimport hasher:subdir md5 remote:path/to/sum.md5</p>
-<h2 id="implementation-details-advanced">Implementation details (advanced)</h2>
-<p>This section explains how various rclone operations work on a hasher remote.</p>
-<p><strong>Disclaimer. This section describes current implementation which can change in future rclone versions!.</strong></p>
-<h3 id="hashsum-command">Hashsum command</h3>
-<p>The <code>rclone hashsum</code> (or <code>md5sum</code> or <code>sha1sum</code>) command will:</p>
-<ol type="1">
-<li>if requested hash is supported by lower level, just pass it.</li>
-<li>if object size is below <code>auto_size</code> then download object and calculate <em>requested</em> hashes on the fly.</li>
-<li>if unsupported and the size is big enough, build object <code>fingerprint</code> (including size, modtime if supported, first-found <em>other</em> hash if any).</li>
-<li>if the strict match is found in cache for the requested remote, return the stored hash.</li>
-<li>if remote found but fingerprint mismatched, then purge the entry and proceed to step 6.</li>
-<li>if remote not found or had no requested hash type or after step 5: download object, calculate all <em>supported</em> hashes on the fly and store in cache; return requested hash.</li>
-</ol>
-<h3 id="other-operations">Other operations</h3>
-<ul>
-<li>whenever a file is uploaded or downloaded <strong>in full</strong>, capture the stream to calculate all supported hashes on the fly and update database</li>
-<li>server-side <code>move</code> will update keys of existing cache entries</li>
-<li><code>deletefile</code> will remove a single cache entry</li>
-<li><code>purge</code> will remove all cache entries under the purged path</li>
-</ul>
-<p>Note that setting <code>max_age = 0</code> will disable checksum caching completely.</p>
-<p>If you set <code>max_age = off</code>, checksums in cache will never age, unless you fully rewrite or delete the file.</p>
-<h3 id="cache-storage">Cache storage</h3>
-<p>Cached checksums are stored as <code>bolt</code> database files under rclone cache directory, usually <code>~/.cache/rclone/kv/</code>. Databases are maintained one per <em>base</em> backend, named like <code>BaseRemote~hasher.bolt</code>. Checksums for multiple <code>alias</code>-es into a single base backend will be stored in the single database. All local paths are treated as aliases into the <code>local</code> backend (unless crypted or chunked) and stored in <code>~/.cache/rclone/kv/local~hasher.bolt</code>. Databases can be shared between multiple rclone processes.</p>
-<h1 id="hdfs">HDFS</h1>
-<p><a href="https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html">HDFS</a> is a distributed file-system, part of the <a href="https://hadoop.apache.org/">Apache Hadoop</a> framework.</p>
-<p>Paths are specified as <code>remote:</code> or <code>remote:path/to/dir</code>.</p>
-<h2 id="configuration-18">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[skip]
-XX / Hadoop distributed file system
-   \ &quot;hdfs&quot;
-[skip]
-Storage&gt; hdfs
-** See help for hdfs backend at: https://rclone.org/hdfs/ **
-
-hadoop name node and port
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Connect to host namenode at port 8020
-   \ &quot;namenode:8020&quot;
-namenode&gt; namenode.hadoop:8020
-hadoop user name
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Connect to hdfs as root
-   \ &quot;root&quot;
-username&gt; root
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
---------------------
-[remote]
-type = hdfs
-namenode = namenode.hadoop:8020
-username = root
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y
-Current remotes:
-
-Name                 Type
-====                 ====
-hadoop               hdfs
-
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q&gt; q</code></pre>
-<p>This remote is called <code>remote</code> and can now be used like this</p>
-<p>See all the top level directories</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List the contents of a directory</p>
-<pre><code>rclone ls remote:directory</code></pre>
-<p>Sync the remote <code>directory</code> to <code>/home/local/directory</code>, deleting any excess files.</p>
-<pre><code>rclone sync --interactive remote:directory /home/local/directory</code></pre>
-<h3 id="setting-up-your-own-hdfs-instance-for-testing">Setting up your own HDFS instance for testing</h3>
-<p>You may start with a <a href="https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html">manual setup</a> or use the docker image from the tests:</p>
-<p>If you want to build the docker image</p>
-<pre><code>git clone https://github.com/rclone/rclone.git
-cd rclone/fstest/testserver/images/test-hdfs
-docker build --rm -t rclone/test-hdfs .</code></pre>
-<p>Or you can just use the latest one pushed</p>
-<pre><code>docker run --rm --name &quot;rclone-hdfs&quot; -p 127.0.0.1:9866:9866 -p 127.0.0.1:8020:8020 --hostname &quot;rclone-hdfs&quot; rclone/test-hdfs</code></pre>
-<p><strong>NB</strong> it need few seconds to startup.</p>
-<p>For this docker image the remote needs to be configured like this:</p>
-<pre><code>[remote]
-type = hdfs
-namenode = 127.0.0.1:8020
-username = root</code></pre>
-<p>You can stop this image with <code>docker kill rclone-hdfs</code> (<strong>NB</strong> it does not use volumes, so all data uploaded will be lost.)</p>
-<h3 id="modified-time-6">Modified time</h3>
-<p>Time accurate to 1 second is stored.</p>
-<h3 id="checksum">Checksum</h3>
-<p>No checksums are implemented.</p>
-<h3 id="usage-information">Usage information</h3>
-<p>You can use the <code>rclone about remote:</code> command which will display filesystem size and current usage.</p>
-<h3 id="restricted-filename-characters-11">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>:</td>
-<td style="text-align: center;">0x3A</td>
-<td style="text-align: center;">：</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>.</p>
-<h3 id="standard-options-19">Standard options</h3>
-<p>Here are the Standard options specific to hdfs (Hadoop distributed file system).</p>
-<h4 id="hdfs-namenode">--hdfs-namenode</h4>
-<p>Hadoop name node and port.</p>
-<p>E.g. "namenode:8020" to connect to host namenode at port 8020.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: namenode</li>
-<li>Env Var: RCLONE_HDFS_NAMENODE</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="hdfs-username">--hdfs-username</h4>
-<p>Hadoop user name.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: username</li>
-<li>Env Var: RCLONE_HDFS_USERNAME</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"root"
-<ul>
-<li>Connect to hdfs as root.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-17">Advanced options</h3>
-<p>Here are the Advanced options specific to hdfs (Hadoop distributed file system).</p>
-<h4 id="hdfs-service-principal-name">--hdfs-service-principal-name</h4>
-<p>Kerberos service principal name for the namenode.</p>
-<p>Enables KERBEROS authentication. Specifies the Service Principal Name (SERVICE/FQDN) for the namenode. E.g. "hdfs/namenode.hadoop.docker" for namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: service_principal_name</li>
-<li>Env Var: RCLONE_HDFS_SERVICE_PRINCIPAL_NAME</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="hdfs-data-transfer-protection">--hdfs-data-transfer-protection</h4>
-<p>Kerberos data transfer protection: authentication|integrity|privacy.</p>
-<p>Specifies whether or not authentication, data signature integrity checks, and wire encryption is required when communicating the the datanodes. Possible values are 'authentication', 'integrity' and 'privacy'. Used only with KERBEROS enabled.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: data_transfer_protection</li>
-<li>Env Var: RCLONE_HDFS_DATA_TRANSFER_PROTECTION</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"privacy"
-<ul>
-<li>Ensure authentication, integrity and encryption enabled.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="hdfs-encoding">--hdfs-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_HDFS_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,Colon,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-14">Limitations</h2>
-<ul>
-<li>No server-side <code>Move</code> or <code>DirMove</code>.</li>
-<li>Checksums not implemented.</li>
-</ul>
-<h1 id="hidrive">HiDrive</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<p>The initial setup for hidrive involves getting a token from HiDrive which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<h2 id="configuration-19">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found - make a new one
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / HiDrive
-   \ &quot;hidrive&quot;
-[snip]
-Storage&gt; hidrive
-OAuth Client Id - Leave blank normally.
-client_id&gt;
-OAuth Client Secret - Leave blank normally.
-client_secret&gt;
-Access permissions that rclone should use when requesting access from HiDrive.
-Leave blank normally.
-scope_access&gt;
-Edit advanced config?
-y/n&gt; n
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = hidrive
-token = {&quot;access_token&quot;:&quot;xxxxxxxxxxxxxxxxxxxx&quot;,&quot;token_type&quot;:&quot;Bearer&quot;,&quot;refresh_token&quot;:&quot;xxxxxxxxxxxxxxxxxxxxxxx&quot;,&quot;expiry&quot;:&quot;xxxxxxxxxxxxxxxxxxxxxxx&quot;}
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p><strong>You should be aware that OAuth-tokens can be used to access your account and hence should not be shared with other persons.</strong> See the <a href="#keeping-your-tokens-safe">below section</a> for more information.</p>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from HiDrive. This only runs from the moment it opens your browser to the moment you get back the verification code. The webserver runs on <code>http://127.0.0.1:53682/</code>. If local port <code>53682</code> is protected by a firewall you may need to temporarily unblock the firewall to complete authorization.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your HiDrive root folder</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your HiDrive filesystem</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to a HiDrive directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="keeping-your-tokens-safe">Keeping your tokens safe</h3>
-<p>Any OAuth-tokens will be stored by rclone in the remote's configuration file as unencrypted text. Anyone can use a valid refresh-token to access your HiDrive filesystem without knowing your password. Therefore you should make sure no one else can access your configuration.</p>
-<p>It is possible to encrypt rclone's configuration file. You can find information on securing your configuration file by viewing the <a href="https://rclone.org/docs/#configuration-encryption">configuration encryption docs</a>.</p>
-<h3 id="invalid-refresh-token-1">Invalid refresh token</h3>
-<p>As can be verified <a href="https://developer.hidrive.com/basics-flows/">here</a>, each <code>refresh_token</code> (for Native Applications) is valid for 60 days. If used to access HiDrivei, its validity will be automatically extended.</p>
-<p>This means that if you</p>
-<ul>
-<li>Don't use the HiDrive remote for 60 days</li>
-</ul>
-<p>then rclone will return an error which includes a text that implies the refresh token is <em>invalid</em> or <em>expired</em>.</p>
-<p>To fix this you will need to authorize rclone to access your HiDrive account again.</p>
-<p>Using</p>
-<pre><code>rclone config reconnect remote:</code></pre>
-<p>the process is very similar to the process of initial setup exemplified before.</p>
-<h3 id="modified-time-and-hashes-6">Modified time and hashes</h3>
-<p>HiDrive allows modification times to be set on objects accurate to 1 second.</p>
-<p>HiDrive supports <a href="https://static.hidrive.com/dev/0001">its own hash type</a> which is used to verify the integrity of file contents after successful transfers.</p>
-<h3 id="restricted-filename-characters-12">Restricted filename characters</h3>
-<p>HiDrive cannot store files or folders that include <code>/</code> (0x2F) or null-bytes (0x00) in their name. Any other characters can be used in the names of files or folders. Additionally, files or folders cannot be named either of the following: <code>.</code> or <code>..</code></p>
-<p>Therefore rclone will automatically replace these characters, if files or folders are stored or accessed with such names.</p>
-<p>You can read about how this filename encoding works in general <a href="overview/#restricted-filenames">here</a>.</p>
-<p>Keep in mind that HiDrive only supports file or folder names with a length of 255 characters or less.</p>
-<h3 id="transfers-3">Transfers</h3>
-<p>HiDrive limits file sizes per single request to a maximum of 2 GiB. To allow storage of larger files and allow for better upload performance, the hidrive backend will use a chunked transfer for files larger than 96 MiB. Rclone will upload multiple parts/chunks of the file at the same time. Chunks in the process of being uploaded are buffered in memory, so you may want to restrict this behaviour on systems with limited resources.</p>
-<p>You can customize this behaviour using the following options:</p>
-<ul>
-<li><code>chunk_size</code>: size of file parts</li>
-<li><code>upload_cutoff</code>: files larger or equal to this in size will use a chunked transfer</li>
-<li><code>upload_concurrency</code>: number of file-parts to upload at the same time</li>
-</ul>
-<p>See the below section about configuration options for more details.</p>
-<h3 id="root-folder">Root folder</h3>
-<p>You can set the root folder for rclone. This is the directory that rclone considers to be the root of your HiDrive.</p>
-<p>Usually, you will leave this blank, and rclone will use the root of the account.</p>
-<p>However, you can set this to restrict rclone to a specific folder hierarchy.</p>
-<p>This works by prepending the contents of the <code>root_prefix</code> option to any paths accessed by rclone. For example, the following two ways to access the home directory are equivalent:</p>
-<pre><code>rclone lsd --hidrive-root-prefix=&quot;/users/test/&quot; remote:path
-
-rclone lsd remote:/users/test/path</code></pre>
-<p>See the below section about configuration options for more details.</p>
-<h3 id="directory-member-count">Directory member count</h3>
-<p>By default, rclone will know the number of directory members contained in a directory. For example, <code>rclone lsd</code> uses this information.</p>
-<p>The acquisition of this information will result in additional time costs for HiDrive's API. When dealing with large directory structures, it may be desirable to circumvent this time cost, especially when this information is not explicitly needed. For this, the <code>disable_fetching_member_count</code> option can be used.</p>
-<p>See the below section about configuration options for more details.</p>
-<h3 id="standard-options-20">Standard options</h3>
-<p>Here are the Standard options specific to hidrive (HiDrive).</p>
-<h4 id="hidrive-client-id">--hidrive-client-id</h4>
-<p>OAuth Client Id.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_HIDRIVE_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="hidrive-client-secret">--hidrive-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_HIDRIVE_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="hidrive-scope-access">--hidrive-scope-access</h4>
-<p>Access permissions that rclone should use when requesting access from HiDrive.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: scope_access</li>
-<li>Env Var: RCLONE_HIDRIVE_SCOPE_ACCESS</li>
-<li>Type: string</li>
-<li>Default: "rw"</li>
-<li>Examples:
-<ul>
-<li>"rw"
-<ul>
-<li>Read and write access to resources.</li>
-</ul></li>
-<li>"ro"
-<ul>
-<li>Read-only access to resources.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-18">Advanced options</h3>
-<p>Here are the Advanced options specific to hidrive (HiDrive).</p>
-<h4 id="hidrive-token">--hidrive-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_HIDRIVE_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="hidrive-auth-url">--hidrive-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_HIDRIVE_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="hidrive-token-url">--hidrive-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_HIDRIVE_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="hidrive-scope-role">--hidrive-scope-role</h4>
-<p>User-level that rclone should use when requesting access from HiDrive.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: scope_role</li>
-<li>Env Var: RCLONE_HIDRIVE_SCOPE_ROLE</li>
-<li>Type: string</li>
-<li>Default: "user"</li>
-<li>Examples:
-<ul>
-<li>"user"
-<ul>
-<li>User-level access to management permissions.</li>
-<li>This will be sufficient in most cases.</li>
-</ul></li>
-<li>"admin"
-<ul>
-<li>Extensive access to management permissions.</li>
-</ul></li>
-<li>"owner"
-<ul>
-<li>Full access to management permissions.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="hidrive-root-prefix">--hidrive-root-prefix</h4>
-<p>The root/parent folder for all paths.</p>
-<p>Fill in to use the specified folder as the parent for all paths given to the remote. This way rclone can use any folder as its starting point.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: root_prefix</li>
-<li>Env Var: RCLONE_HIDRIVE_ROOT_PREFIX</li>
-<li>Type: string</li>
-<li>Default: "/"</li>
-<li>Examples:
-<ul>
-<li>"/"
-<ul>
-<li>The topmost directory accessible by rclone.</li>
-<li>This will be equivalent with "root" if rclone uses a regular HiDrive user account.</li>
-</ul></li>
-<li>"root"
-<ul>
-<li>The topmost directory of the HiDrive user account</li>
-</ul></li>
-<li>""
-<ul>
-<li>This specifies that there is no root-prefix for your paths.</li>
-<li>When using this you will always need to specify paths to this remote with a valid parent e.g. "remote:/path/to/dir" or "remote:root/path/to/dir".</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="hidrive-endpoint">--hidrive-endpoint</h4>
-<p>Endpoint for the service.</p>
-<p>This is the URL that API-calls will be made to.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_HIDRIVE_ENDPOINT</li>
-<li>Type: string</li>
-<li>Default: "https://api.hidrive.strato.com/2.1"</li>
-</ul>
-<h4 id="hidrive-disable-fetching-member-count">--hidrive-disable-fetching-member-count</h4>
-<p>Do not fetch number of objects in directories unless it is absolutely necessary.</p>
-<p>Requests may be faster if the number of objects in subdirectories is not fetched.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_fetching_member_count</li>
-<li>Env Var: RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="hidrive-chunk-size">--hidrive-chunk-size</h4>
-<p>Chunksize for chunked uploads.</p>
-<p>Any files larger than the configured cutoff (or files of unknown size) will be uploaded in chunks of this size.</p>
-<p>The upper limit for this is 2147483647 bytes (about 2.000Gi). That is the maximum amount of bytes a single upload-operation will support. Setting this above the upper limit or to a negative value will cause uploads to fail.</p>
-<p>Setting this to larger values may increase the upload speed at the cost of using more memory. It can be set to smaller values smaller to save on memory.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_HIDRIVE_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 48Mi</li>
-</ul>
-<h4 id="hidrive-upload-cutoff">--hidrive-upload-cutoff</h4>
-<p>Cutoff/Threshold for chunked uploads.</p>
-<p>Any files larger than this will be uploaded in chunks of the configured chunksize.</p>
-<p>The upper limit for this is 2147483647 bytes (about 2.000Gi). That is the maximum amount of bytes a single upload-operation will support. Setting this above the upper limit will cause uploads to fail.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_HIDRIVE_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 96Mi</li>
-</ul>
-<h4 id="hidrive-upload-concurrency">--hidrive-upload-concurrency</h4>
-<p>Concurrency for chunked uploads.</p>
-<p>This is the upper limit for how many transfers for the same file are running concurrently. Setting this above to a value smaller than 1 will cause uploads to deadlock.</p>
-<p>If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_concurrency</li>
-<li>Env Var: RCLONE_HIDRIVE_UPLOAD_CONCURRENCY</li>
-<li>Type: int</li>
-<li>Default: 4</li>
-</ul>
-<h4 id="hidrive-encoding">--hidrive-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_HIDRIVE_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,Dot</li>
-</ul>
-<h2 id="limitations-15">Limitations</h2>
-<h3 id="symbolic-links">Symbolic links</h3>
-<p>HiDrive is able to store symbolic links (<em>symlinks</em>) by design, for example, when unpacked from a zip archive.</p>
-<p>There exists no direct mechanism to manage native symlinks in remotes. As such this implementation has chosen to ignore any native symlinks present in the remote. rclone will not be able to access or show any symlinks stored in the hidrive-remote. This means symlinks cannot be individually removed, copied, or moved, except when removing, copying, or moving the parent folder.</p>
-<p><em>This does not affect the <code>.rclonelink</code>-files that rclone uses to encode and store symbolic links.</em></p>
-<h3 id="sparse-files">Sparse files</h3>
-<p>It is possible to store sparse files in HiDrive.</p>
-<p>Note that copying a sparse file will expand the holes into null-byte (0x00) regions that will then consume disk space. Likewise, when downloading a sparse file, the resulting file will have null-byte regions in the place of file holes.</p>
-<h1 id="http">HTTP</h1>
-<p>The HTTP remote is a read only remote for reading files of a webserver. The webserver should provide file listings which rclone will read and turn into a remote. This has been tested with common webservers such as Apache/Nginx/Caddy and will likely work with file listings from most web servers. (If it doesn't then please file an issue, or send a pull request!)</p>
-<p>Paths are specified as <code>remote:</code> or <code>remote:path</code>.</p>
-<p>The <code>remote:</code> represents the configured <a href="#http-url">url</a>, and any path following it will be resolved relative to this url, according to the URL standard. This means with remote url <code>https://beta.rclone.org/branch</code> and path <code>fix</code>, the resolved URL will be <code>https://beta.rclone.org/branch/fix</code>, while with path <code>/fix</code> the resolved URL will be <code>https://beta.rclone.org/fix</code> as the absolute path is resolved from the root of the domain.</p>
-<p>If the path following the <code>remote:</code> ends with <code>/</code> it will be assumed to point to a directory. If the path does not end with <code>/</code>, then a HEAD request is sent and the response used to decide if it it is treated as a file or a directory (run with <code>-vv</code> to see details). When <a href="#http-no-head">--http-no-head</a> is specified, a path without ending <code>/</code> is always assumed to be a file. If rclone incorrectly assumes the path is a file, the solution is to specify the path with ending <code>/</code>. When you know the path is a directory, ending it with <code>/</code> is always better as it avoids the initial HEAD request.</p>
-<p>To just download a single file it is easier to use <a href="https://rclone.org/commands/rclone_copyurl/">copyurl</a>.</p>
-<h2 id="configuration-20">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / HTTP
-   \ &quot;http&quot;
-[snip]
-Storage&gt; http
-URL of http host to connect to
-Choose a number from below, or type in your own value
- 1 / Connect to example.com
-   \ &quot;https://example.com&quot;
-url&gt; https://beta.rclone.org
-Remote config
---------------------
-[remote]
-url = https://beta.rclone.org
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y
-Current remotes:
-
-Name                 Type
-====                 ====
-remote               http
-
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q&gt; q</code></pre>
-<p>This remote is called <code>remote</code> and can now be used like this</p>
-<p>See all the top level directories</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List the contents of a directory</p>
-<pre><code>rclone ls remote:directory</code></pre>
-<p>Sync the remote <code>directory</code> to <code>/home/local/directory</code>, deleting any excess files.</p>
-<pre><code>rclone sync --interactive remote:directory /home/local/directory</code></pre>
-<h3 id="read-only">Read only</h3>
-<p>This remote is read only - you can't upload files to an HTTP server.</p>
-<h3 id="modified-time-7">Modified time</h3>
-<p>Most HTTP servers store time accurate to 1 second.</p>
-<h3 id="checksum-1">Checksum</h3>
-<p>No checksums are stored.</p>
-<h3 id="usage-without-a-config-file">Usage without a config file</h3>
-<p>Since the http remote only has one config parameter it is easy to use without a config file:</p>
-<pre><code>rclone lsd --http-url https://beta.rclone.org :http:</code></pre>
-<p>or:</p>
-<pre><code>rclone lsd :http,url=&#39;https://beta.rclone.org&#39;:</code></pre>
-<h3 id="standard-options-21">Standard options</h3>
-<p>Here are the Standard options specific to http (HTTP).</p>
-<h4 id="http-url">--http-url</h4>
-<p>URL of HTTP host to connect to.</p>
-<p>E.g. "https://example.com", or "https://user:pass@example.com" to use a username and password.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: url</li>
-<li>Env Var: RCLONE_HTTP_URL</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h3 id="advanced-options-19">Advanced options</h3>
-<p>Here are the Advanced options specific to http (HTTP).</p>
-<h4 id="http-headers">--http-headers</h4>
-<p>Set HTTP headers for all transactions.</p>
-<p>Use this to set additional HTTP headers for all transactions.</p>
-<p>The input format is comma separated list of key,value pairs. Standard <a href="https://godoc.org/encoding/csv">CSV encoding</a> may be used.</p>
-<p>For example, to set a Cookie use 'Cookie,name=value', or '"Cookie","name=value"'.</p>
-<p>You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: headers</li>
-<li>Env Var: RCLONE_HTTP_HEADERS</li>
-<li>Type: CommaSepList</li>
-<li>Default:</li>
-</ul>
-<h4 id="http-no-slash">--http-no-slash</h4>
-<p>Set this if the site doesn't end directories with /.</p>
-<p>Use this if your target website does not use / on the end of directories.</p>
-<p>A / on the end of a path is how rclone normally tells the difference between files and directories. If this flag is set, then rclone will treat all files with Content-Type: text/html as directories and read URLs from them rather than downloading them.</p>
-<p>Note that this may cause rclone to confuse genuine HTML files with directories.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_slash</li>
-<li>Env Var: RCLONE_HTTP_NO_SLASH</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="http-no-head">--http-no-head</h4>
-<p>Don't use HEAD requests.</p>
-<p>HEAD requests are mainly used to find file sizes in dir listing. If your site is being very slow to load then you can try this option. Normally rclone does a HEAD request for each potential file in a directory listing to:</p>
-<ul>
-<li>find its size</li>
-<li>check it really exists</li>
-<li>check to see if it is a directory</li>
-</ul>
-<p>If you set this option, rclone will not do the HEAD request. This will mean that directory listings are much quicker, but rclone won't have the times or sizes of any files, and some files that don't exist may be in the listing.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_head</li>
-<li>Env Var: RCLONE_HTTP_NO_HEAD</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h2 id="limitations-16">Limitations</h2>
-<p><code>rclone about</code> is not supported by the HTTP backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="internet-archive">Internet Archive</h1>
-<p>The Internet Archive backend utilizes Items on <a href="https://archive.org/">archive.org</a></p>
-<p>Refer to <a href="https://archive.org/services/docs/api/ias3.html">IAS3 API documentation</a> for the API this backend uses.</p>
-<p>Paths are specified as <code>remote:bucket</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:item/path/to/dir</code>.</p>
-<p>Unlike S3, listing up all items uploaded by you isn't supported.</p>
-<p>Once you have made a remote, you can use it like this:</p>
-<p>Make a new item</p>
-<pre><code>rclone mkdir remote:item</code></pre>
-<p>List the contents of a item</p>
-<pre><code>rclone ls remote:item</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote item, deleting any excess files in the item.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:item</code></pre>
-<h2 id="notes-1">Notes</h2>
-<p>Because of Internet Archive's architecture, it enqueues write operations (and extra post-processings) in a per-item queue. You can check item's queue at https://catalogd.archive.org/history/item-name-here . Because of that, all uploads/deletes will not show up immediately and takes some time to be available. The per-item queue is enqueued to an another queue, Item Deriver Queue. <a href="https://catalogd.archive.org/catalog.php?whereami=1">You can check the status of Item Deriver Queue here.</a> This queue has a limit, and it may block you from uploading, or even deleting. You should avoid uploading a lot of small files for better behavior.</p>
-<p>You can optionally wait for the server's processing to finish, by setting non-zero value to <code>wait_archive</code> key. By making it wait, rclone can do normal file comparison. Make sure to set a large enough value (e.g. <code>30m0s</code> for smaller files) as it can take a long time depending on server's queue.</p>
-<h2 id="about-metadata">About metadata</h2>
-<p>This backend supports setting, updating and reading metadata of each file. The metadata will appear as file metadata on Internet Archive. However, some fields are reserved by both Internet Archive and rclone.</p>
-<p>The following are reserved by Internet Archive: - <code>name</code> - <code>source</code> - <code>size</code> - <code>md5</code> - <code>crc32</code> - <code>sha1</code> - <code>format</code> - <code>old_version</code> - <code>viruscheck</code> - <code>summation</code></p>
-<p>Trying to set values to these keys is ignored with a warning. Only setting <code>mtime</code> is an exception. Doing so make it the identical behavior as setting ModTime.</p>
-<p>rclone reserves all the keys starting with <code>rclone-</code>. Setting value for these keys will give you warnings, but values are set according to request.</p>
-<p>If there are multiple values for a key, only the first one is returned. This is a limitation of rclone, that supports one value per one key. It can be triggered when you did a server-side copy.</p>
-<p>Reading metadata will also provide custom (non-standard nor reserved) ones.</p>
-<h2 id="filtering-auto-generated-files">Filtering auto generated files</h2>
-<p>The Internet Archive automatically creates metadata files after upload. These can cause problems when doing an <code>rclone sync</code> as rclone will try, and fail, to delete them. These metadata files are not changeable, as they are created by the Internet Archive automatically.</p>
-<p>These auto-created files can be excluded from the sync using <a href="https://rclone.org/filtering/#metadata">metadata filtering</a>.</p>
-<pre><code>rclone sync ... --metadata-exclude &quot;source=metadata&quot; --metadata-exclude &quot;format=Metadata&quot;</code></pre>
-<p>Which excludes from the sync any files which have the <code>source=metadata</code> or <code>format=Metadata</code> flags which are added to Internet Archive auto-created files.</p>
-<h2 id="configuration-21">Configuration</h2>
-<p>Here is an example of making an internetarchive configuration. Most applies to the other providers as well, any differences are described <a href="#providers">below</a>.</p>
-<p>First run</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-XX / InternetArchive Items
-   \ (internetarchive)
-Storage&gt; internetarchive
-Option access_key_id.
-IAS3 Access Key.
-Leave blank for anonymous access.
-You can find one here: https://archive.org/account/s3.php
-Enter a value. Press Enter to leave empty.
-access_key_id&gt; XXXX
-Option secret_access_key.
-IAS3 Secret Key (password).
-Leave blank for anonymous access.
-Enter a value. Press Enter to leave empty.
-secret_access_key&gt; XXXX
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; y
-Option endpoint.
-IAS3 Endpoint.
-Leave blank for default value.
-Enter a string value. Press Enter for the default (https://s3.us.archive.org).
-endpoint&gt; 
-Option front_endpoint.
-Host of InternetArchive Frontend.
-Leave blank for default value.
-Enter a string value. Press Enter for the default (https://archive.org).
-front_endpoint&gt; 
-Option disable_checksum.
-Don&#39;t store MD5 checksum with object metadata.
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can ask the server to check the object against checksum.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
-Enter a boolean value (true or false). Press Enter for the default (true).
-disable_checksum&gt; true
-Option encoding.
-The encoding for the backend.
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
-Enter a encoder.MultiEncoder value. Press Enter for the default (Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot).
-encoding&gt; 
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n
---------------------
-[remote]
-type = internetarchive
-access_key_id = XXXX
-secret_access_key = XXXX
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="standard-options-22">Standard options</h3>
-<p>Here are the Standard options specific to internetarchive (Internet Archive).</p>
-<h4 id="internetarchive-access-key-id">--internetarchive-access-key-id</h4>
-<p>IAS3 Access Key.</p>
-<p>Leave blank for anonymous access. You can find one here: https://archive.org/account/s3.php</p>
-<p>Properties:</p>
-<ul>
-<li>Config: access_key_id</li>
-<li>Env Var: RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="internetarchive-secret-access-key">--internetarchive-secret-access-key</h4>
-<p>IAS3 Secret Key (password).</p>
-<p>Leave blank for anonymous access.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: secret_access_key</li>
-<li>Env Var: RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-20">Advanced options</h3>
-<p>Here are the Advanced options specific to internetarchive (Internet Archive).</p>
-<h4 id="internetarchive-endpoint">--internetarchive-endpoint</h4>
-<p>IAS3 Endpoint.</p>
-<p>Leave blank for default value.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_INTERNETARCHIVE_ENDPOINT</li>
-<li>Type: string</li>
-<li>Default: "https://s3.us.archive.org"</li>
-</ul>
-<h4 id="internetarchive-front-endpoint">--internetarchive-front-endpoint</h4>
-<p>Host of InternetArchive Frontend.</p>
-<p>Leave blank for default value.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: front_endpoint</li>
-<li>Env Var: RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT</li>
-<li>Type: string</li>
-<li>Default: "https://archive.org"</li>
-</ul>
-<h4 id="internetarchive-disable-checksum">--internetarchive-disable-checksum</h4>
-<p>Don't ask the server to test against MD5 checksum calculated by rclone. Normally rclone will calculate the MD5 checksum of the input before uploading it so it can ask the server to check the object against checksum. This is great for data integrity checking but can cause long delays for large files to start uploading.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_checksum</li>
-<li>Env Var: RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-</ul>
-<h4 id="internetarchive-wait-archive">--internetarchive-wait-archive</h4>
-<p>Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish. Only enable if you need to be guaranteed to be reflected after write operations. 0 to disable waiting. No errors to be thrown in case of timeout.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: wait_archive</li>
-<li>Env Var: RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE</li>
-<li>Type: Duration</li>
-<li>Default: 0s</li>
-</ul>
-<h4 id="internetarchive-encoding">--internetarchive-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_INTERNETARCHIVE_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h3 id="metadata-8">Metadata</h3>
-<p>Metadata fields provided by Internet Archive. If there are multiple values for a key, only the first one is returned. This is a limitation of Rclone, that supports one value per one key.</p>
-<p>Owner is able to add custom keys. Metadata feature grabs all the keys including them.</p>
-<p>Here are the possible system metadata items for the internetarchive backend.</p>
-<table>
-<colgroup>
-<col style="width: 15%" />
-<col style="width: 15%" />
-<col style="width: 15%" />
-<col style="width: 23%" />
-<col style="width: 28%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Name</th>
-<th>Help</th>
-<th>Type</th>
-<th>Example</th>
-<th>Read Only</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>crc32</td>
-<td>CRC32 calculated by Internet Archive</td>
-<td>string</td>
-<td>01234567</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="even">
-<td>format</td>
-<td>Name of format identified by Internet Archive</td>
-<td>string</td>
-<td>Comma-Separated Values</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="odd">
-<td>md5</td>
-<td>MD5 hash calculated by Internet Archive</td>
-<td>string</td>
-<td>01234567012345670123456701234567</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="even">
-<td>mtime</td>
-<td>Time of last modification, managed by Rclone</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="odd">
-<td>name</td>
-<td>Full file path, without the bucket part</td>
-<td>filename</td>
-<td>backend/internetarchive/internetarchive.go</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="even">
-<td>old_version</td>
-<td>Whether the file was replaced and moved by keep-old-version flag</td>
-<td>boolean</td>
-<td>true</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="odd">
-<td>rclone-ia-mtime</td>
-<td>Time of last modification, managed by Internet Archive</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>rclone-mtime</td>
-<td>Time of last modification, managed by Rclone</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z</td>
-<td>N</td>
-</tr>
-<tr class="odd">
-<td>rclone-update-track</td>
-<td>Random value used by Rclone for tracking changes inside Internet Archive</td>
-<td>string</td>
-<td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>sha1</td>
-<td>SHA1 hash calculated by Internet Archive</td>
-<td>string</td>
-<td>0123456701234567012345670123456701234567</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="odd">
-<td>size</td>
-<td>File size in bytes</td>
-<td>decimal number</td>
-<td>123456</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="even">
-<td>source</td>
-<td>The source of the file</td>
-<td>string</td>
-<td>original</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="odd">
-<td>summation</td>
-<td>Check https://forum.rclone.org/t/31922 for how it is used</td>
-<td>string</td>
-<td>md5</td>
-<td><strong>Y</strong></td>
-</tr>
-<tr class="even">
-<td>viruscheck</td>
-<td>The last time viruscheck process was run for the file (?)</td>
-<td>unixtime</td>
-<td>1654191352</td>
-<td><strong>Y</strong></td>
-</tr>
-</tbody>
-</table>
-<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
-<h1 id="jottacloud">Jottacloud</h1>
-<p>Jottacloud is a cloud storage service provider from a Norwegian company, using its own datacenters in Norway. In addition to the official service at <a href="https://www.jottacloud.com/">jottacloud.com</a>, it also provides white-label solutions to different companies, such as: * Telia * Telia Cloud (cloud.telia.se) * Telia Sky (sky.telia.no) * Tele2 * Tele2 Cloud (mittcloud.tele2.se) * Elkjøp (with subsidiaries): * Elkjøp Cloud (cloud.elkjop.no) * Elgiganten Sweden (cloud.elgiganten.se) * Elgiganten Denmark (cloud.elgiganten.dk) * Giganti Cloud (cloud.gigantti.fi) * ELKO Cloud (cloud.elko.is)</p>
-<p>Most of the white-label versions are supported by this backend, although may require different authentication setup - described below.</p>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="authentication-types">Authentication types</h2>
-<p>Some of the whitelabel versions uses a different authentication method than the official service, and you have to choose the correct one when setting up the remote.</p>
-<h3 id="standard-authentication">Standard authentication</h3>
-<p>The standard authentication method used by the official service (jottacloud.com), as well as some of the whitelabel services, requires you to generate a single-use personal login token from the account security settings in the service's web interface. Log in to your account, go to "Settings" and then "Security", or use the direct link presented to you by rclone when configuring the remote: <a href="https://www.jottacloud.com/web/secure" class="uri">https://www.jottacloud.com/web/secure</a>. Scroll down to the section "Personal login token", and click the "Generate" button. Note that if you are using a whitelabel service you probably can't use the direct link, you need to find the same page in their dedicated web interface, and also it may be in a different location than described above.</p>
-<p>To access your account from multiple instances of rclone, you need to configure each of them with a separate personal login token. E.g. you create a Jottacloud remote with rclone in one location, and copy the configuration file to a second location where you also want to run rclone and access the same remote. Then you need to replace the token for one of them, using the <a href="https://rclone.org/commands/rclone_config_reconnect/">config reconnect</a> command, which requires you to generate a new personal login token and supply as input. If you do not do this, the token may easily end up being invalidated, resulting in both instances failing with an error message something along the lines of:</p>
-<pre><code>oauth2: cannot fetch token: 400 Bad Request
-Response: {&quot;error&quot;:&quot;invalid_grant&quot;,&quot;error_description&quot;:&quot;Stale token&quot;}</code></pre>
-<p>When this happens, you need to replace the token as described above to be able to use your remote again.</p>
-<p>All personal login tokens you have taken into use will be listed in the web interface under "My logged in devices", and from the right side of that list you can click the "X" button to revoke individual tokens.</p>
-<h3 id="legacy-authentication">Legacy authentication</h3>
-<p>If you are using one of the whitelabel versions (e.g. from Elkjøp) you may not have the option to generate a CLI token. In this case you'll have to use the legacy authentication. To do this select yes when the setup asks for legacy authentication and enter your username and password. The rest of the setup is identical to the default setup.</p>
-<h3 id="telia-cloud-authentication">Telia Cloud authentication</h3>
-<p>Similar to other whitelabel versions Telia Cloud doesn't offer the option of creating a CLI token, and additionally uses a separate authentication flow where the username is generated internally. To setup rclone to use Telia Cloud, choose Telia Cloud authentication in the setup. The rest of the setup is identical to the default setup.</p>
-<h3 id="tele2-cloud-authentication">Tele2 Cloud authentication</h3>
-<p>As Tele2-Com Hem merger was completed this authentication can be used for former Com Hem Cloud and Tele2 Cloud customers as no support for creating a CLI token exists, and additionally uses a separate authentication flow where the username is generated internally. To setup rclone to use Tele2 Cloud, choose Tele2 Cloud authentication in the setup. The rest of the setup is identical to the default setup.</p>
-<h2 id="configuration-22">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>remote</code> with the default setup. First run:</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-XX / Jottacloud
-   \ (jottacloud)
-[snip]
-Storage&gt; jottacloud
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n
-Option config_type.
-Select authentication type.
-Choose a number from below, or type in an existing string value.
-Press Enter for the default (standard).
-   / Standard authentication.
- 1 | Use this if you&#39;re a normal Jottacloud user.
-   \ (standard)
-   / Legacy authentication.
- 2 | This is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.
-   \ (legacy)
-   / Telia Cloud authentication.
- 3 | Use this if you are using Telia Cloud.
-   \ (telia)
-   / Tele2 Cloud authentication.
- 4 | Use this if you are using Tele2 Cloud.
-   \ (tele2)
-config_type&gt; 1
-Personal login token.
-Generate here: https://www.jottacloud.com/web/secure
-Login Token&gt; &lt;your token here&gt;
-Use a non-standard device/mountpoint?
-Choosing no, the default, will let you access the storage used for the archive
-section of the official Jottacloud client. If you instead want to access the
-sync or the backup section, for example, you must choose yes.
-y) Yes
-n) No (default)
-y/n&gt; y
-Option config_device.
-The device to use. In standard setup the built-in Jotta device is used,
-which contains predefined mountpoints for archive, sync etc. All other devices
-are treated as backup devices by the official Jottacloud client. You may create
-a new by entering a unique name.
-Choose a number from below, or type in your own string value.
-Press Enter for the default (DESKTOP-3H31129).
- 1 &gt; DESKTOP-3H31129
- 2 &gt; Jotta
-config_device&gt; 2
-Option config_mountpoint.
-The mountpoint to use for the built-in device Jotta.
-The standard setup is to use the Archive mountpoint. Most other mountpoints
-have very limited support in rclone and should generally be avoided.
-Choose a number from below, or type in an existing string value.
-Press Enter for the default (Archive).
- 1 &gt; Archive
- 2 &gt; Shared
- 3 &gt; Sync
-config_mountpoint&gt; 1
---------------------
-[remote]
-type = jottacloud
-configVersion = 1
-client_id = jottacli
-client_secret =
-tokenURL = https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token
-token = {........}
-username = 2940e57271a93d987d6f8a21
-device = Jotta
-mountpoint = Archive
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your Jottacloud</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your Jottacloud</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an Jottacloud directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="devices-and-mountpoints">Devices and Mountpoints</h3>
-<p>The official Jottacloud client registers a device for each computer you install it on, and shows them in the backup section of the user interface. For each folder you select for backup it will create a mountpoint within this device. A built-in device called Jotta is special, and contains mountpoints Archive, Sync and some others, used for corresponding features in official clients.</p>
-<p>With rclone you'll want to use the standard Jotta/Archive device/mountpoint in most cases. However, you may for example want to access files from the sync or backup functionality provided by the official clients, and rclone therefore provides the option to select other devices and mountpoints during config.</p>
-<p>You are allowed to create new devices and mountpoints. All devices except the built-in Jotta device are treated as backup devices by official Jottacloud clients, and the mountpoints on them are individual backup sets.</p>
-<p>With the built-in Jotta device, only existing, built-in, mountpoints can be selected. In addition to the mentioned Archive and Sync, it may contain several other mountpoints such as: Latest, Links, Shared and Trash. All of these are special mountpoints with a different internal representation than the "regular" mountpoints. Rclone will only to a very limited degree support them. Generally you should avoid these, unless you know what you are doing.</p>
-<h3 id="fast-list-4">--fast-list</h3>
-<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
-<p>Note that the implementation in Jottacloud always uses only a single API request to get the entire list, so for large folders this could lead to long wait time before the first results are shown.</p>
-<p>Note also that with rclone version 1.58 and newer information about <a href="https://rclone.org/overview/#mime-type">MIME types</a> are not available when using <code>--fast-list</code>.</p>
-<h3 id="modified-time-and-hashes-7">Modified time and hashes</h3>
-<p>Jottacloud allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
-<p>Jottacloud supports MD5 type hashes, so you can use the <code>--checksum</code> flag.</p>
-<p>Note that Jottacloud requires the MD5 hash before upload so if the source does not have an MD5 checksum then the file will be cached temporarily on disk (in location given by <a href="https://rclone.org/docs/#temp-dir-dir">--temp-dir</a>) before it is uploaded. Small files will be cached in memory - see the <a href="#jottacloud-md5-memory-limit">--jottacloud-md5-memory-limit</a> flag. When uploading from local disk the source checksum is always available, so this does not apply. Starting with rclone version 1.52 the same is true for crypted remotes (in older versions the crypt backend would not calculate hashes for uploads from local disk, so the Jottacloud backend had to do it as described above).</p>
-<h3 id="restricted-filename-characters-13">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-<tr class="even">
-<td>*</td>
-<td style="text-align: center;">0x2A</td>
-<td style="text-align: center;">＊</td>
-</tr>
-<tr class="odd">
-<td>:</td>
-<td style="text-align: center;">0x3A</td>
-<td style="text-align: center;">：</td>
-</tr>
-<tr class="even">
-<td>&lt;</td>
-<td style="text-align: center;">0x3C</td>
-<td style="text-align: center;">＜</td>
-</tr>
-<tr class="odd">
-<td>&gt;</td>
-<td style="text-align: center;">0x3E</td>
-<td style="text-align: center;">＞</td>
-</tr>
-<tr class="even">
-<td>?</td>
-<td style="text-align: center;">0x3F</td>
-<td style="text-align: center;">？</td>
-</tr>
-<tr class="odd">
-<td>|</td>
-<td style="text-align: center;">0x7C</td>
-<td style="text-align: center;">｜</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in XML strings.</p>
-<h3 id="deleting-files-4">Deleting files</h3>
-<p>By default, rclone will send all files to the trash when deleting files. They will be permanently deleted automatically after 30 days. You may bypass the trash and permanently delete files immediately by using the <a href="#jottacloud-hard-delete">--jottacloud-hard-delete</a> flag, or set the equivalent environment variable. Emptying the trash is supported by the <a href="https://rclone.org/commands/rclone_cleanup/">cleanup</a> command.</p>
-<h3 id="versions-3">Versions</h3>
-<p>Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it. Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.</p>
-<p>Versioning can be disabled by <code>--jottacloud-no-versions</code> option. This is achieved by deleting the remote file prior to uploading a new version. If the upload the fails no version of the file will be available in the remote.</p>
-<h3 id="quota-information-1">Quota information</h3>
-<p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your usage limit (unless it is unlimited) and the current usage.</p>
-<h3 id="advanced-options-21">Advanced options</h3>
-<p>Here are the Advanced options specific to jottacloud (Jottacloud).</p>
-<h4 id="jottacloud-md5-memory-limit">--jottacloud-md5-memory-limit</h4>
-<p>Files bigger than this will be cached on disk to calculate the MD5 if required.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: md5_memory_limit</li>
-<li>Env Var: RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 10Mi</li>
-</ul>
-<h4 id="jottacloud-trashed-only">--jottacloud-trashed-only</h4>
-<p>Only show files that are in the trash.</p>
-<p>This will show trashed files in their original directory structure.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: trashed_only</li>
-<li>Env Var: RCLONE_JOTTACLOUD_TRASHED_ONLY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="jottacloud-hard-delete">--jottacloud-hard-delete</h4>
-<p>Delete files permanently rather than putting them into the trash.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: hard_delete</li>
-<li>Env Var: RCLONE_JOTTACLOUD_HARD_DELETE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="jottacloud-upload-resume-limit">--jottacloud-upload-resume-limit</h4>
-<p>Files bigger than this can be resumed if the upload fail's.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_resume_limit</li>
-<li>Env Var: RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 10Mi</li>
-</ul>
-<h4 id="jottacloud-no-versions">--jottacloud-no-versions</h4>
-<p>Avoid server side versioning by deleting files and recreating files instead of overwriting them.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_versions</li>
-<li>Env Var: RCLONE_JOTTACLOUD_NO_VERSIONS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="jottacloud-encoding">--jottacloud-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_JOTTACLOUD_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-17">Limitations</h2>
-<p>Note that Jottacloud is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<p>There are quite a few characters that can't be in Jottacloud file names. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a ? in it will be mapped to ？ instead.</p>
-<p>Jottacloud only supports filenames up to 255 characters in length.</p>
-<h2 id="troubleshooting-1">Troubleshooting</h2>
-<p>Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove operations to previously deleted paths to fail. Emptying the trash should help in such cases.</p>
-<h1 id="koofr">Koofr</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-23">Configuration</h2>
-<p>The initial setup for Koofr involves creating an application password for rclone. You can do that by opening the Koofr <a href="https://app.koofr.net/app/admin/preferences/password">web application</a>, giving the password a nice name like <code>rclone</code> and clicking on generate.</p>
-<p>Here is an example of how to make a remote called <code>koofr</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; koofr
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \ (koofr)
-[snip]
-Storage&gt; koofr
-Option provider.
-Choose your storage provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \ (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \ (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \ (other)
-provider&gt; 1    
-Option user.
-Your user name.
-Enter a value.
-user&gt; USERNAME
-Option password.
-Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
-Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
---------------------
-[koofr]
-type = koofr
-provider = koofr
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>You can choose to edit advanced config in order to enter your own service URL if you use an on-premise or white label Koofr instance, or choose an alternative mount instead of your primary storage.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your Koofr</p>
-<pre><code>rclone lsd koofr:</code></pre>
-<p>List all the files in your Koofr</p>
-<pre><code>rclone ls koofr:</code></pre>
-<p>To copy a local directory to an Koofr directory called backup</p>
-<pre><code>rclone copy /home/source koofr:backup</code></pre>
-<h3 id="restricted-filename-characters-14">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in XML strings.</p>
-<h3 id="standard-options-23">Standard options</h3>
-<p>Here are the Standard options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).</p>
-<h4 id="koofr-provider">--koofr-provider</h4>
-<p>Choose your storage provider.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: provider</li>
-<li>Env Var: RCLONE_KOOFR_PROVIDER</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"koofr"
-<ul>
-<li>Koofr, https://app.koofr.net/</li>
-</ul></li>
-<li>"digistorage"
-<ul>
-<li>Digi Storage, https://storage.rcs-rds.ro/</li>
-</ul></li>
-<li>"other"
-<ul>
-<li>Any other Koofr API compatible storage service</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="koofr-endpoint">--koofr-endpoint</h4>
-<p>The Koofr API endpoint to use.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_KOOFR_ENDPOINT</li>
-<li>Provider: other</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="koofr-user">--koofr-user</h4>
-<p>Your user name.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user</li>
-<li>Env Var: RCLONE_KOOFR_USER</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="koofr-password">--koofr-password</h4>
-<p>Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password</li>
-<li>Env Var: RCLONE_KOOFR_PASSWORD</li>
-<li>Provider: koofr</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="koofr-password-1">--koofr-password</h4>
-<p>Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password</li>
-<li>Env Var: RCLONE_KOOFR_PASSWORD</li>
-<li>Provider: digistorage</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="koofr-password-2">--koofr-password</h4>
-<p>Your password for rclone (generate one at your service's settings page).</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password</li>
-<li>Env Var: RCLONE_KOOFR_PASSWORD</li>
-<li>Provider: other</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h3 id="advanced-options-22">Advanced options</h3>
-<p>Here are the Advanced options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).</p>
-<h4 id="koofr-mountid">--koofr-mountid</h4>
-<p>Mount ID of the mount to use.</p>
-<p>If omitted, the primary mount is used.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: mountid</li>
-<li>Env Var: RCLONE_KOOFR_MOUNTID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="koofr-setmtime">--koofr-setmtime</h4>
-<p>Does the backend support setting modification time.</p>
-<p>Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: setmtime</li>
-<li>Env Var: RCLONE_KOOFR_SETMTIME</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-</ul>
-<h4 id="koofr-encoding">--koofr-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_KOOFR_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-18">Limitations</h2>
-<p>Note that Koofr is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<h2 id="providers-2">Providers</h2>
-<h3 id="koofr-1">Koofr</h3>
-<p>This is the original <a href="https://koofr.eu">Koofr</a> storage provider used as main example and described in the <a href="#configuration">configuration</a> section above.</p>
-<h3 id="digi-storage">Digi Storage</h3>
-<p><a href="https://www.digi.ro/servicii/online/digi-storage">Digi Storage</a> is a cloud storage service run by <a href="https://www.digi.ro/">Digi.ro</a> that provides a Koofr API.</p>
-<p>Here is an example of how to make a remote called <code>ds</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; ds
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \ (koofr)
-[snip]
-Storage&gt; koofr
-Option provider.
-Choose your storage provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \ (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \ (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \ (other)
-provider&gt; 2
-Option user.
-Your user name.
-Enter a value.
-user&gt; USERNAME
-Option password.
-Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).
-Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n
---------------------
-[ds]
-type = koofr
-provider = digistorage
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h3 id="other">Other</h3>
-<p>You may also want to use another, public or private storage provider that runs a Koofr API compatible service, by simply providing the base URL to connect to.</p>
-<p>Here is an example of how to make a remote called <code>other</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; other
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \ (koofr)
-[snip]
-Storage&gt; koofr
-Option provider.
-Choose your storage provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \ (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \ (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \ (other)
-provider&gt; 3
-Option endpoint.
-The Koofr API endpoint to use.
-Enter a value.
-endpoint&gt; https://koofr.other.org
-Option user.
-Your user name.
-Enter a value.
-user&gt; USERNAME
-Option password.
-Your password for rclone (generate one at your service&#39;s settings page).
-Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n&gt; n
---------------------
-[other]
-type = koofr
-provider = other
-endpoint = https://koofr.other.org
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<h1 id="mail.ru-cloud">Mail.ru Cloud</h1>
-<p><a href="https://cloud.mail.ru/">Mail.ru Cloud</a> is a cloud storage provided by a Russian internet company <a href="https://mail.ru">Mail.Ru Group</a>. The official desktop client is <a href="https://disk-o.cloud/en">Disk-O:</a>, available on Windows and Mac OS.</p>
-<p>Currently it is recommended to disable 2FA on Mail.ru accounts intended for rclone until it gets eventually implemented.</p>
-<h2 id="features-highlights">Features highlights</h2>
-<ul>
-<li>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code></li>
-<li>Files have a <code>last modified time</code> property, directories don't</li>
-<li>Deleted files are by default moved to the trash</li>
-<li>Files and directories can be shared via public links</li>
-<li>Partial uploads or streaming are not supported, file size must be known before upload</li>
-<li>Maximum file size is limited to 2G for a free account, unlimited for paid accounts</li>
-<li>Storage keeps hash for all files and performs transparent deduplication, the hash algorithm is a modified SHA1</li>
-<li>If a particular file is already present in storage, one can quickly submit file hash instead of long file upload (this optimization is supported by rclone)</li>
-</ul>
-<h2 id="configuration-24">Configuration</h2>
-<p>Here is an example of making a mailru configuration.</p>
-<p>First create a Mail.ru Cloud account and choose a tariff.</p>
-<p>You will need to log in and create an app password for rclone. Rclone <strong>will not work</strong> with your normal username and password - it will give an error like <code>oauth2: server response missing access_token</code>.</p>
-<ul>
-<li>Click on your user icon in the top right</li>
-<li>Go to Security / "Пароль и безопасность"</li>
-<li>Click password for apps / "Пароли для внешних приложений"</li>
-<li>Add the password - give it a name - eg "rclone"</li>
-<li>Copy the password and use this password below - your normal login password won't work.</li>
-</ul>
-<p>Now run</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Mail.ru Cloud
-   \ &quot;mailru&quot;
-[snip]
-Storage&gt; mailru
-User name (usually email)
-Enter a string value. Press Enter for the default (&quot;&quot;).
-user&gt; username@mail.ru
-Password
-
-This must be an app password - rclone will not work with your normal
-password. See the Configuration section in the docs for how to make an
-app password.
-y) Yes type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Skip full upload if there is another file with same data hash.
-This feature is called &quot;speedup&quot; or &quot;put by hash&quot;. It is especially efficient
-in case of generally available files like popular books, video or audio clips
-[snip]
-Enter a boolean value (true or false). Press Enter for the default (&quot;true&quot;).
-Choose a number from below, or type in your own value
- 1 / Enable
-   \ &quot;true&quot;
- 2 / Disable
-   \ &quot;false&quot;
-speedup_enable&gt; 1
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n&gt; n
-Remote config
---------------------
-[remote]
-type = mailru
-user = username@mail.ru
-pass = *** ENCRYPTED ***
-speedup_enable = true
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>Configuration of this backend does not require a local web browser. You can use the configured backend as shown below:</p>
-<p>See top level directories</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Make a new directory</p>
-<pre><code>rclone mkdir remote:directory</code></pre>
-<p>List the contents of a directory</p>
-<pre><code>rclone ls remote:directory</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote path, deleting any excess files in the path.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:directory</code></pre>
-<h3 id="modified-time-8">Modified time</h3>
-<p>Files support a modification time attribute with up to 1 second precision. Directories do not have a modification time, which is shown as "Jan 1 1970".</p>
-<h3 id="hash-checksums">Hash checksums</h3>
-<p>Hash sums use a custom Mail.ru algorithm based on SHA1. If file size is less than or equal to the SHA1 block size (20 bytes), its hash is simply its data right-padded with zero bytes. Hash sum of a larger file is computed as a SHA1 sum of the file data bytes concatenated with a decimal representation of the data length.</p>
-<h3 id="emptying-trash-1">Emptying Trash</h3>
-<p>Removing a file or directory actually moves it to the trash, which is not visible to rclone but can be seen in a web browser. The trashed file still occupies part of total quota. If you wish to empty your trash and free some quota, you can use the <code>rclone cleanup remote:</code> command, which will permanently delete all your trashed files. This command does not take any path arguments.</p>
-<h3 id="quota-information-2">Quota information</h3>
-<p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your usage limit (quota) and the current usage.</p>
-<h3 id="restricted-filename-characters-15">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-<tr class="even">
-<td>*</td>
-<td style="text-align: center;">0x2A</td>
-<td style="text-align: center;">＊</td>
-</tr>
-<tr class="odd">
-<td>:</td>
-<td style="text-align: center;">0x3A</td>
-<td style="text-align: center;">：</td>
-</tr>
-<tr class="even">
-<td>&lt;</td>
-<td style="text-align: center;">0x3C</td>
-<td style="text-align: center;">＜</td>
-</tr>
-<tr class="odd">
-<td>&gt;</td>
-<td style="text-align: center;">0x3E</td>
-<td style="text-align: center;">＞</td>
-</tr>
-<tr class="even">
-<td>?</td>
-<td style="text-align: center;">0x3F</td>
-<td style="text-align: center;">？</td>
-</tr>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-<tr class="even">
-<td>|</td>
-<td style="text-align: center;">0x7C</td>
-<td style="text-align: center;">｜</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-24">Standard options</h3>
-<p>Here are the Standard options specific to mailru (Mail.ru Cloud).</p>
-<h4 id="mailru-user">--mailru-user</h4>
-<p>User name (usually email).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user</li>
-<li>Env Var: RCLONE_MAILRU_USER</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="mailru-pass">--mailru-pass</h4>
-<p>Password.</p>
-<p>This must be an app password - rclone will not work with your normal password. See the Configuration section in the docs for how to make an app password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: pass</li>
-<li>Env Var: RCLONE_MAILRU_PASS</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="mailru-speedup-enable">--mailru-speedup-enable</h4>
-<p>Skip full upload if there is another file with same data hash.</p>
-<p>This feature is called "speedup" or "put by hash". It is especially efficient in case of generally available files like popular books, video or audio clips, because files are searched by hash in all accounts of all mailru users. It is meaningless and ineffective if source file is unique or encrypted. Please note that rclone may need local memory and disk space to calculate content hash in advance and decide whether full upload is required. Also, if rclone does not know file size in advance (e.g. in case of streaming or partial uploads), it will not even try this optimization.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: speedup_enable</li>
-<li>Env Var: RCLONE_MAILRU_SPEEDUP_ENABLE</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-<li>Examples:
-<ul>
-<li>"true"
-<ul>
-<li>Enable</li>
-</ul></li>
-<li>"false"
-<ul>
-<li>Disable</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-23">Advanced options</h3>
-<p>Here are the Advanced options specific to mailru (Mail.ru Cloud).</p>
-<h4 id="mailru-speedup-file-patterns">--mailru-speedup-file-patterns</h4>
-<p>Comma separated list of file name patterns eligible for speedup (put by hash).</p>
-<p>Patterns are case insensitive and can contain '*' or '?' meta characters.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: speedup_file_patterns</li>
-<li>Env Var: RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS</li>
-<li>Type: string</li>
-<li>Default: "<em>.mkv,</em>.avi,<em>.mp4,</em>.mp3,<em>.zip,</em>.gz,<em>.rar,</em>.pdf"</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Empty list completely disables speedup (put by hash).</li>
-</ul></li>
-<li>"*"
-<ul>
-<li>All files will be attempted for speedup.</li>
-</ul></li>
-<li>"<em>.mkv,</em>.avi,<em>.mp4,</em>.mp3"
-<ul>
-<li>Only common audio/video files will be tried for put by hash.</li>
-</ul></li>
-<li>"<em>.zip,</em>.gz,<em>.rar,</em>.pdf"
-<ul>
-<li>Only common archives or PDF books will be tried for speedup.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="mailru-speedup-max-disk">--mailru-speedup-max-disk</h4>
-<p>This option allows you to disable speedup (put by hash) for large files.</p>
-<p>Reason is that preliminary hashing can exhaust your RAM or disk space.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: speedup_max_disk</li>
-<li>Env Var: RCLONE_MAILRU_SPEEDUP_MAX_DISK</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 3Gi</li>
-<li>Examples:
-<ul>
-<li>"0"
-<ul>
-<li>Completely disable speedup (put by hash).</li>
-</ul></li>
-<li>"1G"
-<ul>
-<li>Files larger than 1Gb will be uploaded directly.</li>
-</ul></li>
-<li>"3G"
-<ul>
-<li>Choose this option if you have less than 3Gb free on local disk.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="mailru-speedup-max-memory">--mailru-speedup-max-memory</h4>
-<p>Files larger than the size given below will always be hashed on disk.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: speedup_max_memory</li>
-<li>Env Var: RCLONE_MAILRU_SPEEDUP_MAX_MEMORY</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 32Mi</li>
-<li>Examples:
-<ul>
-<li>"0"
-<ul>
-<li>Preliminary hashing will always be done in a temporary disk location.</li>
-</ul></li>
-<li>"32M"
-<ul>
-<li>Do not dedicate more than 32Mb RAM for preliminary hashing.</li>
-</ul></li>
-<li>"256M"
-<ul>
-<li>You have at most 256Mb RAM free for hash calculations.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="mailru-check-hash">--mailru-check-hash</h4>
-<p>What should copy do if file checksum is mismatched or invalid.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: check_hash</li>
-<li>Env Var: RCLONE_MAILRU_CHECK_HASH</li>
-<li>Type: bool</li>
-<li>Default: true</li>
-<li>Examples:
-<ul>
-<li>"true"
-<ul>
-<li>Fail with error.</li>
-</ul></li>
-<li>"false"
-<ul>
-<li>Ignore and continue.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="mailru-user-agent">--mailru-user-agent</h4>
-<p>HTTP user agent used internally by client.</p>
-<p>Defaults to "rclone/VERSION" or "--user-agent" provided on command line.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user_agent</li>
-<li>Env Var: RCLONE_MAILRU_USER_AGENT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="mailru-quirks">--mailru-quirks</h4>
-<p>Comma separated list of internal maintenance flags.</p>
-<p>This option must not be used by an ordinary user. It is intended only to facilitate remote troubleshooting of backend issues. Strict meaning of flags is not documented and not guaranteed to persist between releases. Quirks will be removed when the backend grows stable. Supported quirks: atomicmkdir binlist unknowndirs</p>
-<p>Properties:</p>
-<ul>
-<li>Config: quirks</li>
-<li>Env Var: RCLONE_MAILRU_QUIRKS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="mailru-encoding">--mailru-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_MAILRU_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-19">Limitations</h2>
-<p>File size limits depend on your account. A single file size is limited by 2G for a free account and unlimited for paid tariffs. Please refer to the Mail.ru site for the total uploaded size limits.</p>
-<p>Note that Mailru is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<h1 id="mega">Mega</h1>
-<p><a href="https://mega.nz/">Mega</a> is a cloud storage and file hosting service known for its security feature where all files are encrypted locally before they are uploaded. This prevents anyone (including employees of Mega) from accessing the files without knowledge of the key used for encryption.</p>
-<p>This is an rclone backend for Mega which supports the file transfer features of Mega using the same client side encryption.</p>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-25">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Mega
-   \ &quot;mega&quot;
-[snip]
-Storage&gt; mega
-User name
-user&gt; you@example.com
-Password.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Remote config
---------------------
-[remote]
-type = mega
-user = you@example.com
-pass = *** ENCRYPTED ***
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p><strong>NOTE:</strong> The encryption keys need to have been already generated after a regular login via the browser, otherwise attempting to use the credentials in <code>rclone</code> will fail.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your Mega</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your Mega</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an Mega directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-hashes-8">Modified time and hashes</h3>
-<p>Mega does not support modification times or hashes yet.</p>
-<h3 id="restricted-filename-characters-16">Restricted filename characters</h3>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>NUL</td>
-<td style="text-align: center;">0x00</td>
-<td style="text-align: center;">␀</td>
-</tr>
-<tr class="even">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="duplicated-files-2">Duplicated files</h3>
-<p>Mega can have two files with exactly the same name and path (unlike a normal file system).</p>
-<p>Duplicated files cause problems with the syncing and you will see messages in the log about duplicates.</p>
-<p>Use <code>rclone dedupe</code> to fix duplicated files.</p>
-<h3 id="failure-to-log-in">Failure to log-in</h3>
-<h4 id="object-not-found">Object not found</h4>
-<p>If you are connecting to your Mega remote for the first time, to test access and synchronization, you may receive an error such as</p>
-<pre><code>Failed to create file system for &quot;my-mega-remote:&quot;: 
-couldn&#39;t login: Object (typically, node or user) not found</code></pre>
-<p>The diagnostic steps often recommended in the <a href="https://forum.rclone.org/search?q=mega">rclone forum</a> start with the <strong>MEGAcmd</strong> utility. Note that this refers to the official C++ command from https://github.com/meganz/MEGAcmd and not the go language built command from t3rm1n4l/megacmd that is no longer maintained.</p>
-<p>Follow the instructions for installing MEGAcmd and try accessing your remote as they recommend. You can establish whether or not you can log in using MEGAcmd, and obtain diagnostic information to help you, and search or work with others in the forum.</p>
-<pre><code>MEGA CMD&gt; login me@example.com
-Password:
-Fetching nodes ...
-Loading transfers from local cache
-Login complete as me@example.com
-me@example.com:/$ </code></pre>
-<p>Note that some have found issues with passwords containing special characters. If you can not log on with rclone, but MEGAcmd logs on just fine, then consider changing your password temporarily to pure alphanumeric characters, in case that helps.</p>
-<h4 id="repeated-commands-blocks-access">Repeated commands blocks access</h4>
-<p>Mega remotes seem to get blocked (reject logins) under "heavy use". We haven't worked out the exact blocking rules but it seems to be related to fast paced, successive rclone commands.</p>
-<p>For example, executing this command 90 times in a row <code>rclone link remote:file</code> will cause the remote to become "blocked". This is not an abnormal situation, for example if you wish to get the public links of a directory with hundred of files... After more or less a week, the remote will remote accept rclone logins normally again.</p>
-<p>You can mitigate this issue by mounting the remote it with <code>rclone mount</code>. This will log-in when mounting and a log-out when unmounting only. You can also run <code>rclone rcd</code> and then use <code>rclone rc</code> to run the commands over the API to avoid logging in each time.</p>
-<p>Rclone does not currently close mega sessions (you can see them in the web interface), however closing the sessions does not solve the issue.</p>
-<p>If you space rclone commands by 3 seconds it will avoid blocking the remote. We haven't identified the exact blocking rules, so perhaps one could execute the command 80 times without waiting and avoid blocking by waiting 3 seconds, then continuing...</p>
-<p>Note that this has been observed by trial and error and might not be set in stone.</p>
-<p>Other tools seem not to produce this blocking effect, as they use a different working approach (state-based, using sessionIDs instead of log-in) which isn't compatible with the current stateless rclone approach.</p>
-<p>Note that once blocked, the use of other tools (such as megacmd) is not a sure workaround: following megacmd login times have been observed in succession for blocked remote: 7 minutes, 20 min, 30min, 30 min, 30min. Web access looks unaffected though.</p>
-<p>Investigation is continuing in relation to workarounds based on timeouts, pacers, retrials and tpslimits - if you discover something relevant, please post on the forum.</p>
-<p>So, if rclone was working nicely and suddenly you are unable to log-in and you are sure the user and the password are correct, likely you have got the remote blocked for a while.</p>
-<h3 id="standard-options-25">Standard options</h3>
-<p>Here are the Standard options specific to mega (Mega).</p>
-<h4 id="mega-user">--mega-user</h4>
-<p>User name.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user</li>
-<li>Env Var: RCLONE_MEGA_USER</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="mega-pass">--mega-pass</h4>
-<p>Password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: pass</li>
-<li>Env Var: RCLONE_MEGA_PASS</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h3 id="advanced-options-24">Advanced options</h3>
-<p>Here are the Advanced options specific to mega (Mega).</p>
-<h4 id="mega-debug">--mega-debug</h4>
-<p>Output more debug from Mega.</p>
-<p>If this flag is set (along with -vv) it will print further debugging information from the mega backend.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: debug</li>
-<li>Env Var: RCLONE_MEGA_DEBUG</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="mega-hard-delete">--mega-hard-delete</h4>
-<p>Delete files permanently rather than putting them into the trash.</p>
-<p>Normally the mega backend will put all deletions into the trash rather than permanently deleting them. If you specify this then rclone will permanently delete objects instead.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: hard_delete</li>
-<li>Env Var: RCLONE_MEGA_HARD_DELETE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="mega-use-https">--mega-use-https</h4>
-<p>Use HTTPS for transfers.</p>
-<p>MEGA uses plain text HTTP connections by default. Some ISPs throttle HTTP connections, this causes transfers to become very slow. Enabling this will force MEGA to use HTTPS for all transfers. HTTPS is normally not necesary since all data is already encrypted anyway. Enabling it will increase CPU usage and add network overhead.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_https</li>
-<li>Env Var: RCLONE_MEGA_USE_HTTPS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="mega-encoding">--mega-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_MEGA_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-20">Limitations</h2>
-<p>This backend uses the <a href="https://github.com/t3rm1n4l/go-mega">go-mega go library</a> which is an opensource go library implementing the Mega API. There doesn't appear to be any documentation for the mega protocol beyond the <a href="https://github.com/meganz/sdk">mega C++ SDK</a> source code so there are likely quite a few errors still remaining in this library.</p>
-<p>Mega allows duplicate files which may confuse rclone.</p>
-<h1 id="memory">Memory</h1>
-<p>The memory backend is an in RAM backend. It does not persist its data - use the local backend for that.</p>
-<p>The memory backend behaves like a bucket-based remote (e.g. like s3). Because it has no parameters you can just use it with the <code>:memory:</code> remote name.</p>
-<h2 id="configuration-26">Configuration</h2>
-<p>You can configure it as a remote like this with <code>rclone config</code> too if you want to:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Memory
-   \ &quot;memory&quot;
-[snip]
-Storage&gt; memory
-** See help for memory backend at: https://rclone.org/memory/ **
-
-Remote config
-
---------------------
-[remote]
-type = memory
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>Because the memory backend isn't persistent it is most useful for testing or with an rclone server or rclone mount, e.g.</p>
-<pre><code>rclone mount :memory: /mnt/tmp
-rclone serve webdav :memory:
-rclone serve sftp :memory:</code></pre>
-<h3 id="modified-time-and-hashes-9">Modified time and hashes</h3>
-<p>The memory backend supports MD5 hashes and modification times accurate to 1 nS.</p>
-<h3 id="restricted-filename-characters-17">Restricted filename characters</h3>
-<p>The memory backend replaces the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a>.</p>
-<h1 id="akamai-netstorage">Akamai NetStorage</h1>
-<p>Paths are specified as <code>remote:</code> You may put subdirectories in too, e.g. <code>remote:/path/to/dir</code>. If you have a CP code you can use that as the folder after the domain such as &lt;domain&gt;/&lt;cpcode&gt;/&lt;internal directories within cpcode&gt;.</p>
-<p>For example, this is commonly configured with or without a CP code: * <strong>With a CP code</strong>. <code>[your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/</code> * <strong>Without a CP code</strong>. <code>[your-domain-prefix]-nsu.akamaihd.net</code></p>
-<p>See all buckets rclone lsd remote: The initial setup for Netstorage involves getting an account and secret. Use <code>rclone config</code> to walk you through the setup process.</p>
-<h2 id="configuration-27">Configuration</h2>
-<p>Here's an example of how to make a remote called <code>ns1</code>.</p>
-<ol type="1">
-<li>To begin the interactive configuration process, enter this command:</li>
-</ol>
-<pre><code>rclone config</code></pre>
-<ol start="2" type="1">
-<li>Type <code>n</code> to create a new remote.</li>
-</ol>
-<pre><code>n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q&gt; n</code></pre>
-<ol start="3" type="1">
-<li>For this example, enter <code>ns1</code> when you reach the name&gt; prompt.</li>
-</ol>
-<pre><code>name&gt; ns1</code></pre>
-<ol start="4" type="1">
-<li>Enter <code>netstorage</code> as the type of storage to configure.</li>
-</ol>
-<pre><code>Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-XX / NetStorage
-   \ &quot;netstorage&quot;
-Storage&gt; netstorage</code></pre>
-<ol start="5" type="1">
-<li>Select between the HTTP or HTTPS protocol. Most users should choose HTTPS, which is the default. HTTP is provided primarily for debugging purposes.</li>
-</ol>
-<pre><code>Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / HTTP protocol
-   \ &quot;http&quot;
- 2 / HTTPS protocol
-   \ &quot;https&quot;
-protocol&gt; 1</code></pre>
-<ol start="6" type="1">
-<li>Specify your NetStorage host, CP code, and any necessary content paths using this format: <code>&lt;domain&gt;/&lt;cpcode&gt;/&lt;content&gt;/</code></li>
-</ol>
-<pre><code>Enter a string value. Press Enter for the default (&quot;&quot;).
-host&gt; baseball-nsu.akamaihd.net/123456/content/</code></pre>
-<ol start="7" type="1">
-<li>Set the netstorage account name</li>
-</ol>
-<pre><code>Enter a string value. Press Enter for the default (&quot;&quot;).
-account&gt; username</code></pre>
-<ol start="8" type="1">
-<li>Set the Netstorage account secret/G2O key which will be used for authentication purposes. Select the <code>y</code> option to set your own password then enter your secret. Note: The secret is stored in the <code>rclone.conf</code> file with hex-encoded encryption.</li>
-</ol>
-<pre><code>y) Yes type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:</code></pre>
-<ol start="9" type="1">
-<li>View the summary and confirm your remote configuration.</li>
-</ol>
-<pre><code>[ns1]
-type = netstorage
-protocol = http
-host = baseball-nsu.akamaihd.net/123456/content/
-account = username
-secret = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This remote is called <code>ns1</code> and can now be used.</p>
-<h2 id="example-operations">Example operations</h2>
-<p>Get started with rclone and NetStorage with these examples. For additional rclone commands, visit https://rclone.org/commands/.</p>
-<h3 id="see-contents-of-a-directory-in-your-project">See contents of a directory in your project</h3>
-<pre><code>rclone lsd ns1:/974012/testing/</code></pre>
-<h3 id="sync-the-contents-local-with-remote">Sync the contents local with remote</h3>
-<pre><code>rclone sync . ns1:/974012/testing/</code></pre>
-<h3 id="upload-local-content-to-remote">Upload local content to remote</h3>
-<pre><code>rclone copy notes.txt ns1:/974012/testing/</code></pre>
-<h3 id="delete-content-on-remote">Delete content on remote</h3>
-<pre><code>rclone delete ns1:/974012/testing/notes.txt</code></pre>
-<h3 id="move-or-copy-content-between-cp-codes.">Move or copy content between CP codes.</h3>
-<p>Your credentials must have access to two CP codes on the same remote. You can't perform operations between different remotes.</p>
-<pre><code>rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/</code></pre>
-<h2 id="features-2">Features</h2>
-<h3 id="symlink-support">Symlink Support</h3>
-<p>The Netstorage backend changes the rclone <code>--links, -l</code> behavior. When uploading, instead of creating the .rclonelink file, use the "symlink" API in order to create the corresponding symlink on the remote. The .rclonelink file will not be created, the upload will be intercepted and only the symlink file that matches the source file name with no suffix will be created on the remote.</p>
-<p>This will effectively allow commands like copy/copyto, move/moveto and sync to upload from local to remote and download from remote to local directories with symlinks. Due to internal rclone limitations, it is not possible to upload an individual symlink file to any remote backend. You can always use the "backend symlink" command to create a symlink on the NetStorage server, refer to "symlink" section below.</p>
-<p>Individual symlink files on the remote can be used with the commands like "cat" to print the destination name, or "delete" to delete symlink, or copy, copy/to and move/moveto to download from the remote to local. Note: individual symlink files on the remote should be specified including the suffix .rclonelink.</p>
-<p><strong>Note</strong>: No file with the suffix .rclonelink should ever exist on the server since it is not possible to actually upload/create a file with .rclonelink suffix with rclone, it can only exist if it is manually created through a non-rclone method on the remote.</p>
-<h3 id="implicit-vs.-explicit-directories">Implicit vs. Explicit Directories</h3>
-<p>With NetStorage, directories can exist in one of two forms:</p>
-<ol type="1">
-<li><strong>Explicit Directory</strong>. This is an actual, physical directory that you have created in a storage group.</li>
-<li><strong>Implicit Directory</strong>. This refers to a directory within a path that has not been physically created. For example, during upload of a file, nonexistent subdirectories can be specified in the target path. NetStorage creates these as "implicit." While the directories aren't physically created, they exist implicitly and the noted path is connected with the uploaded file.</li>
-</ol>
-<p>Rclone will intercept all file uploads and mkdir commands for the NetStorage remote and will explicitly issue the mkdir command for each directory in the uploading path. This will help with the interoperability with the other Akamai services such as SFTP and the Content Management Shell (CMShell). Rclone will not guarantee correctness of operations with implicit directories which might have been created as a result of using an upload API directly.</p>
-<h3 id="fast-list-listr-support"><code>--fast-list</code> / ListR support</h3>
-<p>NetStorage remote supports the ListR feature by using the "list" NetStorage API action to return a lexicographical list of all objects within the specified CP code, recursing into subdirectories as they're encountered.</p>
-<ul>
-<li><p><strong>Rclone will use the ListR method for some commands by default</strong>. Commands such as <code>lsf -R</code> will use ListR by default. To disable this, include the <code>--disable listR</code> option to use the non-recursive method of listing objects.</p></li>
-<li><p><strong>Rclone will not use the ListR method for some commands</strong>. Commands such as <code>sync</code> don't use ListR by default. To force using the ListR method, include the <code>--fast-list</code> option.</p></li>
-</ul>
-<p>There are pros and cons of using the ListR method, refer to <a href="https://rclone.org/docs/#fast-list">rclone documentation</a>. In general, the sync command over an existing deep tree on the remote will run faster with the "--fast-list" flag but with extra memory usage as a side effect. It might also result in higher CPU utilization but the whole task can be completed faster.</p>
-<p><strong>Note</strong>: There is a known limitation that "lsf -R" will display number of files in the directory and directory size as -1 when ListR method is used. The workaround is to pass "--disable listR" flag if these numbers are important in the output.</p>
-<h3 id="purge-1">Purge</h3>
-<p>NetStorage remote supports the purge feature by using the "quick-delete" NetStorage API action. The quick-delete action is disabled by default for security reasons and can be enabled for the account through the Akamai portal. Rclone will first try to use quick-delete action for the purge command and if this functionality is disabled then will fall back to a standard delete method.</p>
-<p><strong>Note</strong>: Read the <a href="https://learn.akamai.com/en-us/webhelp/netstorage/netstorage-http-api-developer-guide/GUID-15836617-9F50-405A-833C-EA2556756A30.html">NetStorage Usage API</a> for considerations when using "quick-delete". In general, using quick-delete method will not delete the tree immediately and objects targeted for quick-delete may still be accessible.</p>
-<h3 id="standard-options-26">Standard options</h3>
-<p>Here are the Standard options specific to netstorage (Akamai NetStorage).</p>
-<h4 id="netstorage-host">--netstorage-host</h4>
-<p>Domain+path of NetStorage host to connect to.</p>
-<p>Format should be <code>&lt;domain&gt;/&lt;internal folders&gt;</code></p>
-<p>Properties:</p>
-<ul>
-<li>Config: host</li>
-<li>Env Var: RCLONE_NETSTORAGE_HOST</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="netstorage-account">--netstorage-account</h4>
-<p>Set the NetStorage account name</p>
-<p>Properties:</p>
-<ul>
-<li>Config: account</li>
-<li>Env Var: RCLONE_NETSTORAGE_ACCOUNT</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="netstorage-secret">--netstorage-secret</h4>
-<p>Set the NetStorage account secret/G2O key for authentication.</p>
-<p>Please choose the 'y' option to set your own password then enter your secret.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: secret</li>
-<li>Env Var: RCLONE_NETSTORAGE_SECRET</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h3 id="advanced-options-25">Advanced options</h3>
-<p>Here are the Advanced options specific to netstorage (Akamai NetStorage).</p>
-<h4 id="netstorage-protocol">--netstorage-protocol</h4>
-<p>Select between HTTP or HTTPS protocol.</p>
-<p>Most users should choose HTTPS, which is the default. HTTP is provided primarily for debugging purposes.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: protocol</li>
-<li>Env Var: RCLONE_NETSTORAGE_PROTOCOL</li>
-<li>Type: string</li>
-<li>Default: "https"</li>
-<li>Examples:
-<ul>
-<li>"http"
-<ul>
-<li>HTTP protocol</li>
-</ul></li>
-<li>"https"
-<ul>
-<li>HTTPS protocol</li>
-</ul></li>
-</ul></li>
-</ul>
-<h2 id="backend-commands-5">Backend commands</h2>
-<p>Here are the commands specific to the netstorage backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="du">du</h3>
-<p>Return disk usage information for a specified directory</p>
-<pre><code>rclone backend du remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>The usage information returned, includes the targeted directory as well as all files stored in any sub-directories that may exist.</p>
-<h3 id="symlink">symlink</h3>
-<p>You can create a symbolic link in ObjectStore with the symlink action.</p>
-<pre><code>rclone backend symlink remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>The desired path location (including applicable sub-directories) ending in the object that will be the target of the symlink (for example, /links/mylink). Include the file extension for the object, if applicable. <code>rclone backend symlink &lt;src&gt; &lt;path&gt;</code></p>
-<h1 id="microsoft-azure-blob-storage">Microsoft Azure Blob Storage</h1>
-<p>Paths are specified as <code>remote:container</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:container/path/to/dir</code>.</p>
-<h2 id="configuration-28">Configuration</h2>
-<p>Here is an example of making a Microsoft Azure Blob Storage configuration. For a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Microsoft Azure Blob Storage
-   \ &quot;azureblob&quot;
-[snip]
-Storage&gt; azureblob
-Storage Account Name
-account&gt; account_name
-Storage Account Key
-key&gt; base64encodedkey==
-Endpoint for the service - leave blank normally.
-endpoint&gt; 
-Remote config
---------------------
-[remote]
-account = account_name
-key = base64encodedkey==
-endpoint = 
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See all containers</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Make a new container</p>
-<pre><code>rclone mkdir remote:container</code></pre>
-<p>List the contents of a container</p>
-<pre><code>rclone ls remote:container</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote container, deleting any excess files in the container.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:container</code></pre>
-<h3 id="fast-list-5">--fast-list</h3>
-<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
-<h3 id="modified-time-9">Modified time</h3>
-<p>The modified time is stored as metadata on the object with the <code>mtime</code> key. It is stored using RFC3339 Format time with nanosecond precision. The metadata is supplied during directory listings so there is no performance overhead to using it.</p>
-<p>If you wish to use the Azure standard <code>LastModified</code> time stored on the object as the modified time, then use the <code>--use-server-modtime</code> flag. Note that rclone can't set <code>LastModified</code>, so using the <code>--update</code> flag when syncing is recommended if using <code>--use-server-modtime</code>.</p>
-<h3 id="performance">Performance</h3>
-<p>When uploading large files, increasing the value of <code>--azureblob-upload-concurrency</code> will increase performance at the cost of using more memory. The default of 16 is set quite conservatively to use less memory. It maybe be necessary raise it to 64 or higher to fully utilize a 1 GBit/s link with a single file transfer.</p>
-<h3 id="restricted-filename-characters-18">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-<tr class="even">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-</tbody>
-</table>
-<p>File names can also not end with the following characters. These only get replaced if they are the last character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>.</td>
-<td style="text-align: center;">0x2E</td>
-<td style="text-align: center;">．</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="hashes-1">Hashes</h3>
-<p>MD5 hashes are stored with blobs. However blobs that were uploaded in chunks only have an MD5 if the source remote was capable of MD5 hashes, e.g. the local disk.</p>
-<h3 id="authentication">Authentication</h3>
-<p>There are a number of ways of supplying credentials for Azure Blob Storage. Rclone tries them in the order of the sections below.</p>
-<h4 id="env-auth">Env Auth</h4>
-<p>If the <code>env_auth</code> config parameter is <code>true</code> then rclone will pull credentials from the environment or runtime.</p>
-<p>It tries these authentication methods in this order:</p>
-<ol type="1">
-<li>Environment Variables</li>
-<li>Managed Service Identity Credentials</li>
-<li>Azure CLI credentials (as used by the az tool)</li>
-</ol>
-<p>These are described in the following sections</p>
-<h5 id="env-auth-1.-environment-variables">Env Auth: 1. Environment Variables</h5>
-<p>If <code>env_auth</code> is set and environment variables are present rclone authenticates a service principal with a secret or certificate, or a user with a password, depending on which environment variable are set. It reads configuration from these variables, in the following order:</p>
-<ol type="1">
-<li>Service principal with client secret
-<ul>
-<li><code>AZURE_TENANT_ID</code>: ID of the service principal's tenant. Also called its "directory" ID.</li>
-<li><code>AZURE_CLIENT_ID</code>: the service principal's client ID</li>
-<li><code>AZURE_CLIENT_SECRET</code>: one of the service principal's client secrets</li>
-</ul></li>
-<li>Service principal with certificate
-<ul>
-<li><code>AZURE_TENANT_ID</code>: ID of the service principal's tenant. Also called its "directory" ID.</li>
-<li><code>AZURE_CLIENT_ID</code>: the service principal's client ID</li>
-<li><code>AZURE_CLIENT_CERTIFICATE_PATH</code>: path to a PEM or PKCS12 certificate file including the private key.</li>
-<li><code>AZURE_CLIENT_CERTIFICATE_PASSWORD</code>: (optional) password for the certificate file.</li>
-<li><code>AZURE_CLIENT_SEND_CERTIFICATE_CHAIN</code>: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.</li>
-</ul></li>
-<li>User with username and password
-<ul>
-<li><code>AZURE_TENANT_ID</code>: (optional) tenant to authenticate in. Defaults to "organizations".</li>
-<li><code>AZURE_CLIENT_ID</code>: client ID of the application the user will authenticate to</li>
-<li><code>AZURE_USERNAME</code>: a username (usually an email address)</li>
-<li><code>AZURE_PASSWORD</code>: the user's password</li>
-</ul></li>
-</ol>
-<h5 id="env-auth-2.-managed-service-identity-credentials">Env Auth: 2. Managed Service Identity Credentials</h5>
-<p>When using Managed Service Identity if the VM(SS) on which this program is running has a system-assigned identity, it will be used by default. If the resource has no system-assigned but exactly one user-assigned identity, the user-assigned identity will be used by default.</p>
-<p>If the resource has multiple user-assigned identities you will need to unset <code>env_auth</code> and set <code>use_msi</code> instead. See the <a href="#use_msi"><code>use_msi</code> section</a>.</p>
-<h5 id="env-auth-3.-azure-cli-credentials-as-used-by-the-az-tool">Env Auth: 3. Azure CLI credentials (as used by the az tool)</h5>
-<p>Credentials created with the <code>az</code> tool can be picked up using <code>env_auth</code>.</p>
-<p>For example if you were to login with a service principal like this:</p>
-<pre><code>az login --service-principal -u XXX -p XXX --tenant XXX</code></pre>
-<p>Then you could access rclone resources like this:</p>
-<pre><code>rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER</code></pre>
-<p>Or</p>
-<pre><code>rclone lsf --azureblob-env-auth --azureblob-acccount=ACCOUNT :azureblob:CONTAINER</code></pre>
-<p>Which is analogous to using the <code>az</code> tool:</p>
-<pre><code>az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login</code></pre>
-<h4 id="account-and-shared-key">Account and Shared Key</h4>
-<p>This is the most straight forward and least flexible way. Just fill in the <code>account</code> and <code>key</code> lines and leave the rest blank.</p>
-<h4 id="sas-url">SAS URL</h4>
-<p>This can be an account level SAS URL or container level SAS URL.</p>
-<p>To use it leave <code>account</code> and <code>key</code> blank and fill in <code>sas_url</code>.</p>
-<p>An account level SAS URL or container level SAS URL can be obtained from the Azure portal or the Azure Storage Explorer. To get a container level SAS URL right click on a container in the Azure Blob explorer in the Azure portal.</p>
-<p>If you use a container level SAS URL, rclone operations are permitted only on a particular container, e.g.</p>
-<pre><code>rclone ls azureblob:container</code></pre>
-<p>You can also list the single container from the root. This will only show the container specified by the SAS URL.</p>
-<pre><code>$ rclone lsd azureblob:
-container/</code></pre>
-<p>Note that you can't see or access any other containers - this will fail</p>
-<pre><code>rclone ls azureblob:othercontainer</code></pre>
-<p>Container level SAS URLs are useful for temporarily allowing third parties access to a single container or putting credentials into an untrusted environment such as a CI build server.</p>
-<h4 id="service-principal-with-client-secret">Service principal with client secret</h4>
-<p>If these variables are set, rclone will authenticate with a service principal with a client secret.</p>
-<ul>
-<li><code>tenant</code>: ID of the service principal's tenant. Also called its "directory" ID.</li>
-<li><code>client_id</code>: the service principal's client ID</li>
-<li><code>client_secret</code>: one of the service principal's client secrets</li>
-</ul>
-<p>The credentials can also be placed in a file using the <code>service_principal_file</code> configuration option.</p>
-<h4 id="service-principal-with-certificate">Service principal with certificate</h4>
-<p>If these variables are set, rclone will authenticate with a service principal with certificate.</p>
-<ul>
-<li><code>tenant</code>: ID of the service principal's tenant. Also called its "directory" ID.</li>
-<li><code>client_id</code>: the service principal's client ID</li>
-<li><code>client_certificate_path</code>: path to a PEM or PKCS12 certificate file including the private key.</li>
-<li><code>client_certificate_password</code>: (optional) password for the certificate file.</li>
-<li><code>client_send_certificate_chain</code>: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.</li>
-</ul>
-<p><strong>NB</strong> <code>client_certificate_password</code> must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<h4 id="user-with-username-and-password">User with username and password</h4>
-<p>If these variables are set, rclone will authenticate with username and password.</p>
-<ul>
-<li><code>tenant</code>: (optional) tenant to authenticate in. Defaults to "organizations".</li>
-<li><code>client_id</code>: client ID of the application the user will authenticate to</li>
-<li><code>username</code>: a username (usually an email address)</li>
-<li><code>password</code>: the user's password</li>
-</ul>
-<p>Microsoft doesn't recommend this kind of authentication, because it's less secure than other authentication flows. This method is not interactive, so it isn't compatible with any form of multi-factor authentication, and the application must already have user or admin consent. This credential can only authenticate work and school accounts; it can't authenticate Microsoft accounts.</p>
-<p><strong>NB</strong> <code>password</code> must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<h4 id="use_msi">Managed Service Identity Credentials</h4>
-<p>If <code>use_msi</code> is set then managed service identity credentials are used. This authentication only works when running in an Azure service. <code>env_auth</code> needs to be unset to use this.</p>
-<p>However if you have multiple user identities to choose from these must be explicitly specified using exactly one of the <code>msi_object_id</code>, <code>msi_client_id</code>, or <code>msi_mi_res_id</code> parameters.</p>
-<p>If none of <code>msi_object_id</code>, <code>msi_client_id</code>, or <code>msi_mi_res_id</code> is set, this is is equivalent to using <code>env_auth</code>.</p>
-<h3 id="standard-options-27">Standard options</h3>
-<p>Here are the Standard options specific to azureblob (Microsoft Azure Blob Storage).</p>
-<h4 id="azureblob-account">--azureblob-account</h4>
-<p>Azure Storage Account Name.</p>
-<p>Set this to the Azure Storage Account Name in use.</p>
-<p>Leave blank to use SAS URL or Emulator, otherwise it needs to be set.</p>
-<p>If this is blank and if env_auth is set it will be read from the environment variable <code>AZURE_STORAGE_ACCOUNT_NAME</code> if possible.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: account</li>
-<li>Env Var: RCLONE_AZUREBLOB_ACCOUNT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-env-auth">--azureblob-env-auth</h4>
-<p>Read credentials from runtime (environment variables, CLI or MSI).</p>
-<p>See the <a href="/azureblob#authentication">authentication docs</a> for full info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: env_auth</li>
-<li>Env Var: RCLONE_AZUREBLOB_ENV_AUTH</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-key">--azureblob-key</h4>
-<p>Storage Account Shared Key.</p>
-<p>Leave blank to use SAS URL or Emulator.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: key</li>
-<li>Env Var: RCLONE_AZUREBLOB_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-sas-url">--azureblob-sas-url</h4>
-<p>SAS URL for container level access only.</p>
-<p>Leave blank if using account/key or Emulator.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sas_url</li>
-<li>Env Var: RCLONE_AZUREBLOB_SAS_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-tenant">--azureblob-tenant</h4>
-<p>ID of the service principal's tenant. Also called its directory ID.</p>
-<p>Set this if using - Service principal with client secret - Service principal with certificate - User with username and password</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tenant</li>
-<li>Env Var: RCLONE_AZUREBLOB_TENANT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-client-id">--azureblob-client-id</h4>
-<p>The ID of the client in use.</p>
-<p>Set this if using - Service principal with client secret - Service principal with certificate - User with username and password</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_AZUREBLOB_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-client-secret">--azureblob-client-secret</h4>
-<p>One of the service principal's client secrets</p>
-<p>Set this if using - Service principal with client secret</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_AZUREBLOB_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-client-certificate-path">--azureblob-client-certificate-path</h4>
-<p>Path to a PEM or PKCS12 certificate file including the private key.</p>
-<p>Set this if using - Service principal with certificate</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_certificate_path</li>
-<li>Env Var: RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-client-certificate-password">--azureblob-client-certificate-password</h4>
-<p>Password for the certificate file (optional).</p>
-<p>Optionally set this if using - Service principal with certificate</p>
-<p>And the certificate has a password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_certificate_password</li>
-<li>Env Var: RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-26">Advanced options</h3>
-<p>Here are the Advanced options specific to azureblob (Microsoft Azure Blob Storage).</p>
-<h4 id="azureblob-client-send-certificate-chain">--azureblob-client-send-certificate-chain</h4>
-<p>Send the certificate chain when using certificate auth.</p>
-<p>Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to true, authentication requests include the x5c header.</p>
-<p>Optionally set this if using - Service principal with certificate</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_send_certificate_chain</li>
-<li>Env Var: RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-username">--azureblob-username</h4>
-<p>User name (usually an email address)</p>
-<p>Set this if using - User with username and password</p>
-<p>Properties:</p>
-<ul>
-<li>Config: username</li>
-<li>Env Var: RCLONE_AZUREBLOB_USERNAME</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-password">--azureblob-password</h4>
-<p>The user's password</p>
-<p>Set this if using - User with username and password</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password</li>
-<li>Env Var: RCLONE_AZUREBLOB_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-service-principal-file">--azureblob-service-principal-file</h4>
-<p>Path to file containing credentials for use with a service principal.</p>
-<p>Leave blank normally. Needed only if you want to use a service principal instead of interactive login.</p>
-<pre><code>$ az ad sp create-for-rbac --name &quot;&lt;name&gt;&quot; \
-  --role &quot;Storage Blob Data Owner&quot; \
-  --scopes &quot;/subscriptions/&lt;subscription&gt;/resourceGroups/&lt;resource-group&gt;/providers/Microsoft.Storage/storageAccounts/&lt;storage-account&gt;/blobServices/default/containers/&lt;container&gt;&quot; \
-  &gt; azure-principal.json</code></pre>
-<p>See <a href="https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli">"Create an Azure service principal"</a> and <a href="https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli">"Assign an Azure role for access to blob data"</a> pages for more details.</p>
-<p>It may be more convenient to put the credentials directly into the rclone config file under the <code>client_id</code>, <code>tenant</code> and <code>client_secret</code> keys instead of setting <code>service_principal_file</code>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: service_principal_file</li>
-<li>Env Var: RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-use-msi">--azureblob-use-msi</h4>
-<p>Use a managed service identity to authenticate (only works in Azure).</p>
-<p>When true, use a <a href="https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/">managed service identity</a> to authenticate to Azure Storage instead of a SAS token or account key.</p>
-<p>If the VM(SS) on which this program is running has a system-assigned identity, it will be used by default. If the resource has no system-assigned but exactly one user-assigned identity, the user-assigned identity will be used by default. If the resource has multiple user-assigned identities, the identity to use must be explicitly specified using exactly one of the msi_object_id, msi_client_id, or msi_mi_res_id parameters.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_msi</li>
-<li>Env Var: RCLONE_AZUREBLOB_USE_MSI</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-msi-object-id">--azureblob-msi-object-id</h4>
-<p>Object ID of the user-assigned MSI to use, if any.</p>
-<p>Leave blank if msi_client_id or msi_mi_res_id specified.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: msi_object_id</li>
-<li>Env Var: RCLONE_AZUREBLOB_MSI_OBJECT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-msi-client-id">--azureblob-msi-client-id</h4>
-<p>Object ID of the user-assigned MSI to use, if any.</p>
-<p>Leave blank if msi_object_id or msi_mi_res_id specified.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: msi_client_id</li>
-<li>Env Var: RCLONE_AZUREBLOB_MSI_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-msi-mi-res-id">--azureblob-msi-mi-res-id</h4>
-<p>Azure resource ID of the user-assigned MSI to use, if any.</p>
-<p>Leave blank if msi_client_id or msi_object_id specified.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: msi_mi_res_id</li>
-<li>Env Var: RCLONE_AZUREBLOB_MSI_MI_RES_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-use-emulator">--azureblob-use-emulator</h4>
-<p>Uses local storage emulator if provided as 'true'.</p>
-<p>Leave blank if using real azure storage endpoint.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: use_emulator</li>
-<li>Env Var: RCLONE_AZUREBLOB_USE_EMULATOR</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-endpoint">--azureblob-endpoint</h4>
-<p>Endpoint for the service.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_AZUREBLOB_ENDPOINT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-upload-cutoff">--azureblob-upload-cutoff</h4>
-<p>Cutoff for switching to chunked upload (&lt;= 256 MiB) (deprecated).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_AZUREBLOB_UPLOAD_CUTOFF</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-chunk-size">--azureblob-chunk-size</h4>
-<p>Upload chunk size.</p>
-<p>Note that this is stored in memory and there may be up to "--transfers" * "--azureblob-upload-concurrency" chunks stored at once in memory.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_AZUREBLOB_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 4Mi</li>
-</ul>
-<h4 id="azureblob-upload-concurrency">--azureblob-upload-concurrency</h4>
-<p>Concurrency for multipart uploads.</p>
-<p>This is the number of chunks of the same file that are uploaded concurrently.</p>
-<p>If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.</p>
-<p>In tests, upload speed increases almost linearly with upload concurrency. For example to fill a gigabit pipe it may be necessary to raise this to 64. Note that this will use more memory.</p>
-<p>Note that chunks are stored in memory and there may be up to "--transfers" * "--azureblob-upload-concurrency" chunks stored at once in memory.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_concurrency</li>
-<li>Env Var: RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY</li>
-<li>Type: int</li>
-<li>Default: 16</li>
-</ul>
-<h4 id="azureblob-list-chunk">--azureblob-list-chunk</h4>
-<p>Size of blob list.</p>
-<p>This sets the number of blobs requested in each listing chunk. Default is the maximum, 5000. "List blobs" requests are permitted 2 minutes per megabyte to complete. If an operation is taking longer than 2 minutes per megabyte on average, it will time out ( <a href="https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval">source</a> ). This can be used to limit the number of blobs items to return, to avoid the time out.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: list_chunk</li>
-<li>Env Var: RCLONE_AZUREBLOB_LIST_CHUNK</li>
-<li>Type: int</li>
-<li>Default: 5000</li>
-</ul>
-<h4 id="azureblob-access-tier">--azureblob-access-tier</h4>
-<p>Access tier of blob: hot, cool or archive.</p>
-<p>Archived blobs can be restored by setting access tier to hot or cool. Leave blank if you intend to use default access tier, which is set at account level</p>
-<p>If there is no "access tier" specified, rclone doesn't apply any tier. rclone performs "Set Tier" operation on blobs while uploading, if objects are not modified, specifying "access tier" to new one will have no effect. If blobs are in "archive tier" at remote, trying to perform data transfer operations from remote will not be allowed. User should first restore by tiering blob to "Hot" or "Cool".</p>
-<p>Properties:</p>
-<ul>
-<li>Config: access_tier</li>
-<li>Env Var: RCLONE_AZUREBLOB_ACCESS_TIER</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="azureblob-archive-tier-delete">--azureblob-archive-tier-delete</h4>
-<p>Delete archive tier blobs before overwriting.</p>
-<p>Archive tier blobs cannot be updated. So without this flag, if you attempt to update an archive tier blob, then rclone will produce the error:</p>
-<pre><code>can&#39;t update archive tier blob without --azureblob-archive-tier-delete</code></pre>
-<p>With this flag set then before rclone attempts to overwrite an archive tier blob, it will delete the existing blob before uploading its replacement. This has the potential for data loss if the upload fails (unlike updating a normal blob) and also may cost more since deleting archive tier blobs early may be chargable.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: archive_tier_delete</li>
-<li>Env Var: RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-disable-checksum">--azureblob-disable-checksum</h4>
-<p>Don't store MD5 checksum with object metadata.</p>
-<p>Normally rclone will calculate the MD5 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_checksum</li>
-<li>Env Var: RCLONE_AZUREBLOB_DISABLE_CHECKSUM</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-memory-pool-flush-time">--azureblob-memory-pool-flush-time</h4>
-<p>How often internal memory buffer pools will be flushed.</p>
-<p>Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations. This option controls how often unused buffers will be removed from the pool.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: memory_pool_flush_time</li>
-<li>Env Var: RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="azureblob-memory-pool-use-mmap">--azureblob-memory-pool-use-mmap</h4>
-<p>Whether to use mmap buffers in internal memory pool.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: memory_pool_use_mmap</li>
-<li>Env Var: RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-encoding">--azureblob-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_AZUREBLOB_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8</li>
-</ul>
-<h4 id="azureblob-public-access">--azureblob-public-access</h4>
-<p>Public access level of a container: blob or container.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: public_access</li>
-<li>Env Var: RCLONE_AZUREBLOB_PUBLIC_ACCESS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>The container and its blobs can be accessed only with an authorized request.</li>
-<li>It's a default value.</li>
-</ul></li>
-<li>"blob"
-<ul>
-<li>Blob data within this container can be read via anonymous request.</li>
-</ul></li>
-<li>"container"
-<ul>
-<li>Allow full public read access for container and blob data.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="azureblob-no-check-container">--azureblob-no-check-container</h4>
-<p>If set, don't attempt to check the container exists or create it.</p>
-<p>This can be useful when trying to minimise the number of transactions rclone does if you know the container exists already.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_check_container</li>
-<li>Env Var: RCLONE_AZUREBLOB_NO_CHECK_CONTAINER</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="azureblob-no-head-object">--azureblob-no-head-object</h4>
-<p>If set, do not do HEAD before GET when getting objects.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_head_object</li>
-<li>Env Var: RCLONE_AZUREBLOB_NO_HEAD_OBJECT</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h3 id="custom-upload-headers-1">Custom upload headers</h3>
-<p>You can set custom upload headers with the <code>--header-upload</code> flag.</p>
-<ul>
-<li>Cache-Control</li>
-<li>Content-Disposition</li>
-<li>Content-Encoding</li>
-<li>Content-Language</li>
-<li>Content-Type</li>
-</ul>
-<p>Eg <code>--header-upload "Content-Type: text/potato"</code></p>
-<h2 id="limitations-21">Limitations</h2>
-<p>MD5 sums are only uploaded with chunked files if the source has an MD5 sum. This will always be the case for a local to azure copy.</p>
-<p><code>rclone about</code> is not supported by the Microsoft Azure Blob storage backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h2 id="azure-storage-emulator-support">Azure Storage Emulator Support</h2>
-<p>You can run rclone with the storage emulator (usually <em>azurite</em>).</p>
-<p>To do this, just set up a new remote with <code>rclone config</code> following the instructions in the introduction and set <code>use_emulator</code> in the advanced settings as <code>true</code>. You do not need to provide a default account name nor an account key. But you can override them in the <code>account</code> and <code>key</code> options. (Prior to v1.61 they were hard coded to <em>azurite</em>'s <code>devstoreaccount1</code>.)</p>
-<p>Also, if you want to access a storage emulator instance running on a different machine, you can override the <code>endpoint</code> parameter in the advanced settings, setting it to <code>http(s)://&lt;host&gt;:&lt;port&gt;/devstoreaccount1</code> (e.g. <code>http://10.254.2.5:10000/devstoreaccount1</code>).</p>
-<h1 id="microsoft-onedrive">Microsoft OneDrive</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-29">Configuration</h2>
-<p>The initial setup for OneDrive involves getting a token from Microsoft which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Microsoft OneDrive
-   \ &quot;onedrive&quot;
-[snip]
-Storage&gt; onedrive
-Microsoft App Client Id
-Leave blank normally.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-client_id&gt;
-Microsoft App Client Secret
-Leave blank normally.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-client_secret&gt;
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n&gt; n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-Choose a number from below, or type in an existing value
- 1 / OneDrive Personal or Business
-   \ &quot;onedrive&quot;
- 2 / Sharepoint site
-   \ &quot;sharepoint&quot;
- 3 / Type in driveID
-   \ &quot;driveid&quot;
- 4 / Type in SiteID
-   \ &quot;siteid&quot;
- 5 / Search a Sharepoint site
-   \ &quot;search&quot;
-Your choice&gt; 1
-Found 1 drives, please select the one you want to use:
-0: OneDrive (business) id=b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
-Chose drive to use:&gt; 0
-Found drive &#39;root&#39; of type &#39;business&#39;, URL: https://org-my.sharepoint.com/personal/you/Documents
-Is that okay?
-y) Yes
-n) No
-y/n&gt; y
---------------------
-[remote]
-type = onedrive
-token = {&quot;access_token&quot;:&quot;youraccesstoken&quot;,&quot;token_type&quot;:&quot;Bearer&quot;,&quot;refresh_token&quot;:&quot;yourrefreshtoken&quot;,&quot;expiry&quot;:&quot;2018-08-26T22:39:52.486512262+08:00&quot;}
-drive_id = b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
-drive_type = business
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Microsoft. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your OneDrive</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your OneDrive</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an OneDrive directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="getting-your-own-client-id-and-key">Getting your own Client ID and Key</h3>
-<p>rclone uses a default Client ID when talking to OneDrive, unless a custom <code>client_id</code> is specified in the config. The default Client ID and Key are shared by all rclone users when performing requests.</p>
-<p>You may choose to create and use your own Client ID, in case the default one does not work well for you. For example, you might see throttling.</p>
-<h4 id="creating-client-id-for-onedrive-personal">Creating Client ID for OneDrive Personal</h4>
-<p>To create your own Client ID, please follow these steps:</p>
-<ol type="1">
-<li>Open https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and then click <code>New registration</code>.</li>
-<li>Enter a name for your app, choose account type <code>Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)</code>, select <code>Web</code> in <code>Redirect URI</code>, then type (do not copy and paste) <code>http://localhost:53682/</code> and click Register. Copy and keep the <code>Application (client) ID</code> under the app name for later use.</li>
-<li>Under <code>manage</code> select <code>Certificates &amp; secrets</code>, click <code>New client secret</code>. Enter a description (can be anything) and set <code>Expires</code> to 24 months. Copy and keep that secret <em>Value</em> for later use (you <em>won't</em> be able to see this value afterwards).</li>
-<li>Under <code>manage</code> select <code>API permissions</code>, click <code>Add a permission</code> and select <code>Microsoft Graph</code> then select <code>delegated permissions</code>.</li>
-<li>Search and select the following permissions: <code>Files.Read</code>, <code>Files.ReadWrite</code>, <code>Files.Read.All</code>, <code>Files.ReadWrite.All</code>, <code>offline_access</code>, <code>User.Read</code> and <code>Sites.Read.All</code> (if custom access scopes are configured, select the permissions accordingly). Once selected click <code>Add permissions</code> at the bottom.</li>
-</ol>
-<p>Now the application is complete. Run <code>rclone config</code> to create or edit a OneDrive remote. Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.</p>
-<p>The access_scopes option allows you to configure the permissions requested by rclone. See <a href="https://docs.microsoft.com/en-us/graph/permissions-reference#files-permissions">Microsoft Docs</a> for more information about the different scopes.</p>
-<p>The <code>Sites.Read.All</code> permission is required if you need to <a href="https://github.com/rclone/rclone/pull/5883">search SharePoint sites when configuring the remote</a>. However, if that permission is not assigned, you need to exclude <code>Sites.Read.All</code> from your access scopes or set <code>disable_site_permission</code> option to true in the advanced options.</p>
-<h4 id="creating-client-id-for-onedrive-business">Creating Client ID for OneDrive Business</h4>
-<p>The steps for OneDrive Personal may or may not work for OneDrive Business, depending on the security settings of the organization. A common error is that the publisher of the App is not verified.</p>
-<p>You may try to <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview">verify you account</a>, or try to limit the App to your organization only, as shown below.</p>
-<ol type="1">
-<li>Make sure to create the App with your business account.</li>
-<li>Follow the steps above to create an App. However, we need a different account type here: <code>Accounts in this organizational directory only (*** - Single tenant)</code>. Note that you can also change the account type after creating the App.</li>
-<li>Find the <a href="https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant">tenant ID</a> of your organization.</li>
-<li>In the rclone config, set <code>auth_url</code> to <code>https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/authorize</code>.</li>
-<li>In the rclone config, set <code>token_url</code> to <code>https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token</code>.</li>
-</ol>
-<p>Note: If you have a special region, you may need a different host in step 4 and 5. Here are <a href="https://github.com/rclone/rclone/blob/bc23bf11db1c78c6ebbf8ea538fbebf7058b4176/backend/onedrive/onedrive.go#L86">some hints</a>.</p>
-<h3 id="modification-time-and-hashes">Modification time and hashes</h3>
-<p>OneDrive allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
-<p>OneDrive Personal, OneDrive for Business and Sharepoint Server support <a href="https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash">QuickXorHash</a>.</p>
-<p>Before rclone 1.62 the default hash for Onedrive Personal was <code>SHA1</code>. For rclone 1.62 and above the default for all Onedrive backends is <code>QuickXorHash</code>.</p>
-<p>Starting from July 2023 <code>SHA1</code> support is being phased out in Onedrive Personal in favour of <code>QuickXorHash</code>. If necessary the <code>--onedrive-hash-type</code> flag (or <code>hash_type</code> config option) can be used to select <code>SHA1</code> during the transition period if this is important your workflow.</p>
-<p>For all types of OneDrive you can use the <code>--checksum</code> flag.</p>
-<h3 id="restricted-filename-characters-19">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-<tr class="even">
-<td>*</td>
-<td style="text-align: center;">0x2A</td>
-<td style="text-align: center;">＊</td>
-</tr>
-<tr class="odd">
-<td>:</td>
-<td style="text-align: center;">0x3A</td>
-<td style="text-align: center;">：</td>
-</tr>
-<tr class="even">
-<td>&lt;</td>
-<td style="text-align: center;">0x3C</td>
-<td style="text-align: center;">＜</td>
-</tr>
-<tr class="odd">
-<td>&gt;</td>
-<td style="text-align: center;">0x3E</td>
-<td style="text-align: center;">＞</td>
-</tr>
-<tr class="even">
-<td>?</td>
-<td style="text-align: center;">0x3F</td>
-<td style="text-align: center;">？</td>
-</tr>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-<tr class="even">
-<td>|</td>
-<td style="text-align: center;">0x7C</td>
-<td style="text-align: center;">｜</td>
-</tr>
-</tbody>
-</table>
-<p>File names can also not end with the following characters. These only get replaced if they are the last character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
-</tr>
-<tr class="even">
-<td>.</td>
-<td style="text-align: center;">0x2E</td>
-<td style="text-align: center;">．</td>
-</tr>
-</tbody>
-</table>
-<p>File names can also not begin with the following characters. These only get replaced if they are the first character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
-</tr>
-<tr class="even">
-<td>~</td>
-<td style="text-align: center;">0x7E</td>
-<td style="text-align: center;">～</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="deleting-files-5">Deleting files</h3>
-<p>Any files you delete with rclone will end up in the trash. Microsoft doesn't provide an API to permanently delete files, nor to empty the trash, so you will have to do that with one of Microsoft's apps or via the OneDrive website.</p>
-<h3 id="standard-options-28">Standard options</h3>
-<p>Here are the Standard options specific to onedrive (Microsoft OneDrive).</p>
-<h4 id="onedrive-client-id">--onedrive-client-id</h4>
-<p>OAuth Client Id.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_ONEDRIVE_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-client-secret">--onedrive-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_ONEDRIVE_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-region">--onedrive-region</h4>
-<p>Choose national cloud region for OneDrive.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_ONEDRIVE_REGION</li>
-<li>Type: string</li>
-<li>Default: "global"</li>
-<li>Examples:
-<ul>
-<li>"global"
-<ul>
-<li>Microsoft Cloud Global</li>
-</ul></li>
-<li>"us"
-<ul>
-<li>Microsoft Cloud for US Government</li>
-</ul></li>
-<li>"de"
-<ul>
-<li>Microsoft Cloud Germany</li>
-</ul></li>
-<li>"cn"
-<ul>
-<li>Azure and Office 365 operated by Vnet Group in China</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-27">Advanced options</h3>
-<p>Here are the Advanced options specific to onedrive (Microsoft OneDrive).</p>
-<h4 id="onedrive-token">--onedrive-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_ONEDRIVE_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-auth-url">--onedrive-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_ONEDRIVE_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-token-url">--onedrive-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_ONEDRIVE_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-chunk-size">--onedrive-chunk-size</h4>
-<p>Chunk size to upload files with - must be multiple of 320k (327,680 bytes).</p>
-<p>Above this size files will be chunked - must be multiple of 320k (327,680 bytes) and should not exceed 250M (262,144,000 bytes) else you may encounter "Microsoft.SharePoint.Client.InvalidClientQueryException: The request message is too big." Note that the chunks will be buffered into memory.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_ONEDRIVE_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 10Mi</li>
-</ul>
-<h4 id="onedrive-drive-id">--onedrive-drive-id</h4>
-<p>The ID of the drive to use.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: drive_id</li>
-<li>Env Var: RCLONE_ONEDRIVE_DRIVE_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-drive-type">--onedrive-drive-type</h4>
-<p>The type of the drive (personal | business | documentLibrary).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: drive_type</li>
-<li>Env Var: RCLONE_ONEDRIVE_DRIVE_TYPE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-root-folder-id">--onedrive-root-folder-id</h4>
-<p>ID of the root folder.</p>
-<p>This isn't normally needed, but in special circumstances you might know the folder ID that you wish to access but not be able to get there through a path traversal.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: root_folder_id</li>
-<li>Env Var: RCLONE_ONEDRIVE_ROOT_FOLDER_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-access-scopes">--onedrive-access-scopes</h4>
-<p>Set scopes to be requested by rclone.</p>
-<p>Choose or manually enter a custom space separated list with all scopes, that rclone should request.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: access_scopes</li>
-<li>Env Var: RCLONE_ONEDRIVE_ACCESS_SCOPES</li>
-<li>Type: SpaceSepList</li>
-<li>Default: Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access</li>
-<li>Examples:
-<ul>
-<li>"Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access"
-<ul>
-<li>Read and write access to all resources</li>
-</ul></li>
-<li>"Files.Read Files.Read.All Sites.Read.All offline_access"
-<ul>
-<li>Read only access to all resources</li>
-</ul></li>
-<li>"Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All offline_access"
-<ul>
-<li>Read and write access to all resources, without the ability to browse SharePoint sites.</li>
-<li>Same as if disable_site_permission was set to true</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="onedrive-disable-site-permission">--onedrive-disable-site-permission</h4>
-<p>Disable the request for Sites.Read.All permission.</p>
-<p>If set to true, you will no longer be able to search for a SharePoint site when configuring drive ID, because rclone will not request Sites.Read.All permission. Set it to true if your organization didn't assign Sites.Read.All permission to the application, and your organization disallows users to consent app permission request on their own.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_site_permission</li>
-<li>Env Var: RCLONE_ONEDRIVE_DISABLE_SITE_PERMISSION</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="onedrive-expose-onenote-files">--onedrive-expose-onenote-files</h4>
-<p>Set to make OneNote files show up in directory listings.</p>
-<p>By default, rclone will hide OneNote files in directory listings because operations like "Open" and "Update" won't work on them. But this behaviour may also prevent you from deleting them. If you want to delete OneNote files or otherwise want them to show up in directory listing, set this option.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: expose_onenote_files</li>
-<li>Env Var: RCLONE_ONEDRIVE_EXPOSE_ONENOTE_FILES</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="onedrive-server-side-across-configs">--onedrive-server-side-across-configs</h4>
-<p>Allow server-side operations (e.g. copy) to work across different onedrive configs.</p>
-<p>This will only work if you are copying between two OneDrive <em>Personal</em> drives AND the files to copy are already shared between them. In other cases, rclone will fall back to normal copy (which will be slightly slower).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: server_side_across_configs</li>
-<li>Env Var: RCLONE_ONEDRIVE_SERVER_SIDE_ACROSS_CONFIGS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="onedrive-list-chunk">--onedrive-list-chunk</h4>
-<p>Size of listing chunk.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: list_chunk</li>
-<li>Env Var: RCLONE_ONEDRIVE_LIST_CHUNK</li>
-<li>Type: int</li>
-<li>Default: 1000</li>
-</ul>
-<h4 id="onedrive-no-versions">--onedrive-no-versions</h4>
-<p>Remove all versions on modifying operations.</p>
-<p>Onedrive for business creates versions when rclone uploads new files overwriting an existing one and when it sets the modification time.</p>
-<p>These versions take up space out of the quota.</p>
-<p>This flag checks for versions after file upload and setting modification time and removes all but the last version.</p>
-<p><strong>NB</strong> Onedrive personal can't currently delete versions so don't use this flag there.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_versions</li>
-<li>Env Var: RCLONE_ONEDRIVE_NO_VERSIONS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="onedrive-link-scope">--onedrive-link-scope</h4>
-<p>Set the scope of the links created by the link command.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: link_scope</li>
-<li>Env Var: RCLONE_ONEDRIVE_LINK_SCOPE</li>
-<li>Type: string</li>
-<li>Default: "anonymous"</li>
-<li>Examples:
-<ul>
-<li>"anonymous"
-<ul>
-<li>Anyone with the link has access, without needing to sign in.</li>
-<li>This may include people outside of your organization.</li>
-<li>Anonymous link support may be disabled by an administrator.</li>
-</ul></li>
-<li>"organization"
-<ul>
-<li>Anyone signed into your organization (tenant) can use the link to get access.</li>
-<li>Only available in OneDrive for Business and SharePoint.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="onedrive-link-type">--onedrive-link-type</h4>
-<p>Set the type of the links created by the link command.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: link_type</li>
-<li>Env Var: RCLONE_ONEDRIVE_LINK_TYPE</li>
-<li>Type: string</li>
-<li>Default: "view"</li>
-<li>Examples:
-<ul>
-<li>"view"
-<ul>
-<li>Creates a read-only link to the item.</li>
-</ul></li>
-<li>"edit"
-<ul>
-<li>Creates a read-write link to the item.</li>
-</ul></li>
-<li>"embed"
-<ul>
-<li>Creates an embeddable link to the item.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="onedrive-link-password">--onedrive-link-password</h4>
-<p>Set the password for links created by the link command.</p>
-<p>At the time of writing this only works with OneDrive personal paid accounts.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: link_password</li>
-<li>Env Var: RCLONE_ONEDRIVE_LINK_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="onedrive-hash-type">--onedrive-hash-type</h4>
-<p>Specify the hash in use for the backend.</p>
-<p>This specifies the hash type in use. If set to "auto" it will use the default hash which is is QuickXorHash.</p>
-<p>Before rclone 1.62 an SHA1 hash was used by default for Onedrive Personal. For 1.62 and later the default is to use a QuickXorHash for all onedrive types. If an SHA1 hash is desired then set this option accordingly.</p>
-<p>From July 2023 QuickXorHash will be the only available hash for both OneDrive for Business and OneDriver Personal.</p>
-<p>This can be set to "none" to not use any hashes.</p>
-<p>If the hash requested does not exist on the object, it will be returned as an empty string which is treated as a missing hash by rclone.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: hash_type</li>
-<li>Env Var: RCLONE_ONEDRIVE_HASH_TYPE</li>
-<li>Type: string</li>
-<li>Default: "auto"</li>
-<li>Examples:
-<ul>
-<li>"auto"
-<ul>
-<li>Rclone chooses the best hash</li>
-</ul></li>
-<li>"quickxor"
-<ul>
-<li>QuickXor</li>
-</ul></li>
-<li>"sha1"
-<ul>
-<li>SHA1</li>
-</ul></li>
-<li>"sha256"
-<ul>
-<li>SHA256</li>
-</ul></li>
-<li>"crc32"
-<ul>
-<li>CRC32</li>
-</ul></li>
-<li>"none"
-<ul>
-<li>None - don't use any hashes</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="onedrive-encoding">--onedrive-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_ONEDRIVE_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-22">Limitations</h2>
-<p>If you don't use rclone for 90 days the refresh token will expire. This will result in authorization problems. This is easy to fix by running the <code>rclone config reconnect remote:</code> command to get a new token and refresh token.</p>
-<h3 id="naming">Naming</h3>
-<p>Note that OneDrive is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<p>There are quite a few characters that can't be in OneDrive file names. These can't occur on Windows platforms, but on non-Windows platforms they are common. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a <code>?</code> in it will be mapped to <code>？</code> instead.</p>
-<h3 id="file-sizes">File sizes</h3>
-<p>The largest allowed file size is 250 GiB for both OneDrive Personal and OneDrive for Business <a href="https://support.microsoft.com/en-us/office/invalid-file-names-and-file-types-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa?ui=en-us&amp;rs=en-us&amp;ad=us#individualfilesize">(Updated 13 Jan 2021)</a>.</p>
-<h3 id="path-length">Path length</h3>
-<p>The entire path, including the file name, must contain fewer than 400 characters for OneDrive, OneDrive for Business and SharePoint Online. If you are encrypting file and folder names with rclone, you may want to pay attention to this limitation because the encrypted names are typically longer than the original ones.</p>
-<h3 id="number-of-files">Number of files</h3>
-<p>OneDrive seems to be OK with at least 50,000 files in a folder, but at 100,000 rclone will get errors listing the directory like <code>couldn’t list files: UnknownError:</code>. See <a href="https://github.com/rclone/rclone/issues/2707">#2707</a> for more info.</p>
-<p>An official document about the limitations for different types of OneDrive can be found <a href="https://support.office.com/en-us/article/invalid-file-names-and-file-types-in-onedrive-onedrive-for-business-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa">here</a>.</p>
-<h2 id="versions-4">Versions</h2>
-<p>Every change in a file OneDrive causes the service to create a new version of the file. This counts against a users quota. For example changing the modification time of a file creates a second version, so the file apparently uses twice the space.</p>
-<p>For example the <code>copy</code> command is affected by this as rclone copies the file and then afterwards sets the modification time to match the source file which uses another version.</p>
-<p>You can use the <code>rclone cleanup</code> command (see below) to remove all old versions.</p>
-<p>Or you can set the <code>no_versions</code> parameter to <code>true</code> and rclone will remove versions after operations which create new versions. This takes extra transactions so only enable it if you need it.</p>
-<p><strong>Note</strong> At the time of writing Onedrive Personal creates versions (but not for setting the modification time) but the API for removing them returns "API not found" so cleanup and <code>no_versions</code> should not be used on Onedrive Personal.</p>
-<h3 id="disabling-versioning">Disabling versioning</h3>
-<p>Starting October 2018, users will no longer be able to disable versioning by default. This is because Microsoft has brought an <a href="https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/New-Updates-to-OneDrive-and-SharePoint-Team-Site-Versioning/ba-p/204390">update</a> to the mechanism. To change this new default setting, a PowerShell command is required to be run by a SharePoint admin. If you are an admin, you can run these commands in PowerShell to change that setting:</p>
+<h3 id="cleanup-hidden">cleanup-hidden</h3>
+<p>Remove old versions of files.</p>
+<pre><code>rclone backend cleanup-hidden remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This command removes any old hidden versions of files on a versions enabled bucket.</p>
+<p>Note that you can use --interactive/-i or --dry-run with this command to see what it would do.</p>
+<pre><code>rclone backend cleanup-hidden s3:bucket/path/to/dir</code></pre>
+<h3 id="versioning">versioning</h3>
+<p>Set/get versioning support for a bucket.</p>
+<pre><code>rclone backend versioning remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This command sets versioning support if a parameter is passed and then returns the current versioning status for the bucket supplied.</p>
+<pre><code>rclone backend versioning s3:bucket # read status only
+rclone backend versioning s3:bucket Enabled
+rclone backend versioning s3:bucket Suspended</code></pre>
+<p>It may return "Enabled", "Suspended" or "Unversioned". Note that once versioning has been enabled the status can't be set back to "Unversioned".</p>
+<h3 id="set">set</h3>
+<p>Set command for updating the config parameters.</p>
+<pre><code>rclone backend set remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This set command can be used to update the config parameters for a running s3 backend.</p>
+<p>Usage Examples:</p>
+<pre><code>rclone backend set s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+rclone rc backend/command command=set fs=s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+rclone rc backend/command command=set fs=s3: -o session_token=X -o access_key_id=X -o secret_access_key=X</code></pre>
+<p>The option keys are named as they are in the config file.</p>
+<p>This rebuilds the connection to the s3 backend when it is called with the new parameters. Only new parameters need be passed as the values will default to those currently in use.</p>
+<p>It doesn't return anything.</p>
+<h3 id="anonymous-access-to-public-buckets">Anonymous access to public buckets</h3>
+<p>If you want to use rclone to access a public bucket, configure with a blank <code>access_key_id</code> and <code>secret_access_key</code>. Your config should end up looking like this:</p>
+<pre><code>[anons3]
+type = s3
+provider = AWS
+env_auth = false
+access_key_id =
+secret_access_key =
+region = us-east-1
+endpoint =
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =</code></pre>
+<p>Then use it as normal with the name of the public bucket, e.g.</p>
+<pre><code>rclone lsd anons3:1000genomes</code></pre>
+<p>You will be able to list and copy data but not upload it.</p>
+<h2 id="providers-1">Providers</h2>
+<h3 id="aws-s3">AWS S3</h3>
+<p>This is the provider used as main example and described in the <a href="#configuration">configuration</a> section above.</p>
+<h3 id="aws-snowball-edge">AWS Snowball Edge</h3>
+<p><a href="https://aws.amazon.com/snowball/">AWS Snowball</a> is a hardware appliance used for transferring bulk data back to AWS. Its main software interface is S3 object storage.</p>
+<p>To use rclone with AWS Snowball Edge devices, configure as standard for an 'S3 Compatible Service'.</p>
+<p>If using rclone pre v1.59 be sure to set <code>upload_cutoff = 0</code> otherwise you will run into authentication header issues as the snowball device does not support query parameter based authentication.</p>
+<p>With rclone v1.59 or later setting <code>upload_cutoff</code> should not be necessary.</p>
+<p>eg.</p>
+<pre><code>[snowball]
+type = s3
+provider = Other
+access_key_id = YOUR_ACCESS_KEY
+secret_access_key = YOUR_SECRET_KEY
+endpoint = http://[IP of Snowball]:8080
+upload_cutoff = 0</code></pre>
+<h3 id="ceph">Ceph</h3>
+<p><a href="https://ceph.com/">Ceph</a> is an open-source, unified, distributed storage system designed for excellent performance, reliability and scalability. It has an S3 compatible object storage interface.</p>
+<p>To use rclone with Ceph, configure as above but leave the region blank and set the endpoint. You should end up with something like this in your config:</p>
+<pre><code>[ceph]
+type = s3
+provider = Ceph
+env_auth = false
+access_key_id = XXX
+secret_access_key = YYY
+region =
+endpoint = https://ceph.endpoint.example.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =</code></pre>
+<p>If you are using an older version of CEPH (e.g. 10.2.x Jewel) and a version of rclone before v1.59 then you may need to supply the parameter <code>--s3-upload-cutoff 0</code> or put this in the config file as <code>upload_cutoff 0</code> to work around a bug which causes uploading of small files to fail.</p>
+<p>Note also that Ceph sometimes puts <code>/</code> in the passwords it gives users. If you read the secret access key using the command line tools you will get a JSON blob with the <code>/</code> escaped as <code>\/</code>. Make sure you only write <code>/</code> in the secret access key.</p>
+<p>Eg the dump from Ceph looks something like this (irrelevant keys removed).</p>
+<pre><code>{
+    &quot;user_id&quot;: &quot;xxx&quot;,
+    &quot;display_name&quot;: &quot;xxxx&quot;,
+    &quot;keys&quot;: [
+        {
+            &quot;user&quot;: &quot;xxx&quot;,
+            &quot;access_key&quot;: &quot;xxxxxx&quot;,
+            &quot;secret_key&quot;: &quot;xxxxxx\/xxxx&quot;
+        }
+    ],
+}</code></pre>
+<p>Because this is a json dump, it is encoding the <code>/</code> as <code>\/</code>, so if you use the secret key as <code>xxxxxx/xxxx</code> it will work fine.</p>
+<h3 id="cloudflare-r2">Cloudflare R2</h3>
+<p><a href="https://blog.cloudflare.com/r2-open-beta/">Cloudflare R2</a> Storage allows developers to store large amounts of unstructured data without the costly egress bandwidth fees associated with typical cloud storage services.</p>
+<p>Here is an example of making a Cloudflare R2 configuration. First run:</p>
+<pre><code>rclone config</code></pre>
+<p>This will guide you through an interactive setup process.</p>
+<p>Note that all buckets are private, and all are stored in the same "auto" region. It is necessary to use Cloudflare workers to share the content of a bucket publicly.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n
+name&gt; r2
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+...
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+...
+Storage&gt; s3
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+...
+XX / Cloudflare R2 Storage
+   \ (Cloudflare)
+...
+provider&gt; Cloudflare
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt; 1
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; ACCESS_KEY
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; SECRET_ACCESS_KEY
+Option region.
+Region to connect to.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / R2 buckets are automatically distributed across Cloudflare&#39;s data centers for low latency.
+   \ (auto)
+region&gt; 1
+Option endpoint.
+Endpoint for S3 API.
+Required when using an S3 clone.
+Enter a value. Press Enter to leave empty.
+endpoint&gt; https://ACCOUNT_ID.r2.cloudflarestorage.com
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n&gt; n
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<p>This will leave your config looking something like:</p>
+<pre><code>[r2]
+type = s3
+provider = Cloudflare
+access_key_id = ACCESS_KEY
+secret_access_key = SECRET_ACCESS_KEY
+region = auto
+endpoint = https://ACCOUNT_ID.r2.cloudflarestorage.com
+acl = private</code></pre>
+<p>Now run <code>rclone lsf r2:</code> to see your buckets and <code>rclone lsf r2:bucket</code> to look within a bucket.</p>
+<h3 id="dreamhost">Dreamhost</h3>
+<p>Dreamhost <a href="https://www.dreamhost.com/cloud/storage/">DreamObjects</a> is an object storage system based on CEPH.</p>
+<p>To use rclone with Dreamhost, configure as above but leave the region blank and set the endpoint. You should end up with something like this in your config:</p>
+<pre><code>[dreamobjects]
+type = s3
+provider = DreamHost
+env_auth = false
+access_key_id = your_access_key
+secret_access_key = your_secret_key
+region =
+endpoint = objects-us-west-1.dream.io
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =</code></pre>
+<h3 id="google-cloud-storage">Google Cloud Storage</h3>
+<p><a href="https://cloud.google.com/storage/docs">GoogleCloudStorage</a> is an <a href="https://cloud.google.com/storage/docs/interoperability">S3-interoperable</a> object storage service from Google Cloud Platform.</p>
+<p>To connect to Google Cloud Storage you will need an access key and secret key. These can be retrieved by creating an <a href="https://cloud.google.com/storage/docs/authentication/managing-hmackeys">HMAC key</a>.</p>
+<pre><code>[gs]
+type = s3
+provider = GCS
+access_key_id = your_access_key
+secret_access_key = your_secret_key
+endpoint = https://storage.googleapis.com</code></pre>
+<p><strong>Note</strong> that <code>--s3-versions</code> does not work with GCS when it needs to do directory paging. Rclone will return the error:</p>
+<pre><code>s3 protocol error: received versions listing with IsTruncated set with no NextKeyMarker</code></pre>
+<p>This is Google bug <a href="https://issuetracker.google.com/u/0/issues/312292516">#312292516</a>.</p>
+<h3 id="digitalocean-spaces">DigitalOcean Spaces</h3>
+<p><a href="https://www.digitalocean.com/products/object-storage/">Spaces</a> is an <a href="https://developers.digitalocean.com/documentation/spaces/">S3-interoperable</a> object storage service from cloud provider DigitalOcean.</p>
+<p>To connect to DigitalOcean Spaces you will need an access key and secret key. These can be retrieved on the "<a href="https://cloud.digitalocean.com/settings/api/tokens">Applications &amp; API</a>" page of the DigitalOcean control panel. They will be needed when prompted by <code>rclone config</code> for your <code>access_key_id</code> and <code>secret_access_key</code>.</p>
+<p>When prompted for a <code>region</code> or <code>location_constraint</code>, press enter to use the default value. The region must be included in the <code>endpoint</code> setting (e.g. <code>nyc3.digitaloceanspaces.com</code>). The default values can be used for other settings.</p>
+<p>Going through the whole process of creating a new remote by running <code>rclone config</code>, each prompt should be answered as shown below:</p>
+<pre><code>Storage&gt; s3
+env_auth&gt; 1
+access_key_id&gt; YOUR_ACCESS_KEY
+secret_access_key&gt; YOUR_SECRET_KEY
+region&gt;
+endpoint&gt; nyc3.digitaloceanspaces.com
+location_constraint&gt;
+acl&gt;
+storage_class&gt;</code></pre>
+<p>The resulting configuration file should look like:</p>
+<pre><code>[spaces]
+type = s3
+provider = DigitalOcean
+env_auth = false
+access_key_id = YOUR_ACCESS_KEY
+secret_access_key = YOUR_SECRET_KEY
+region =
+endpoint = nyc3.digitaloceanspaces.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =</code></pre>
+<p>Once configured, you can create a new Space and begin copying files. For example:</p>
+<pre><code>rclone mkdir spaces:my-new-space
+rclone copy /path/to/files spaces:my-new-space</code></pre>
+<h3 id="huawei-obs">Huawei OBS</h3>
+<p>Object Storage Service (OBS) provides stable, secure, efficient, and easy-to-use cloud storage that lets you store virtually any volume of unstructured data in any format and access it from anywhere.</p>
+<p>OBS provides an S3 interface, you can copy and modify the following configuration and add it to your rclone configuration file.</p>
+<pre><code>[obs]
+type = s3
+provider = HuaweiOBS
+access_key_id = your-access-key-id
+secret_access_key = your-secret-access-key
+region = af-south-1
+endpoint = obs.af-south-1.myhuaweicloud.com
+acl = private</code></pre>
+<p>Or you can also configure via the interactive command line:</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n
+name&gt; obs
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+[snip]
+Storage&gt; 5
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+ 9 / Huawei Object Storage Service
+   \ (HuaweiOBS)
+[snip]
+provider&gt; 9
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt; 1
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; your-access-key-id
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; your-secret-access-key
+Option region.
+Region to connect to.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / AF-Johannesburg
+   \ (af-south-1)
+ 2 / AP-Bangkok
+   \ (ap-southeast-2)
+[snip]
+region&gt; 1
+Option endpoint.
+Endpoint for OBS API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / AF-Johannesburg
+   \ (obs.af-south-1.myhuaweicloud.com)
+ 2 / AP-Bangkok
+   \ (obs.ap-southeast-2.myhuaweicloud.com)
+[snip]
+endpoint&gt; 1
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+[snip]
+acl&gt; 1
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n&gt;
+--------------------
+[obs]
+type = s3
+provider = HuaweiOBS
+access_key_id = your-access-key-id
+secret_access_key = your-secret-access-key
+region = af-south-1
+endpoint = obs.af-south-1.myhuaweicloud.com
+acl = private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y
+Current remotes:
+
+Name                 Type
+====                 ====
+obs                  s3
+
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q&gt; q</code></pre>
+<h3 id="ibm-cos-s3">IBM COS (S3)</h3>
+<p>Information stored with IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations, and accessed through an implementation of the S3 API. This service makes use of the distributed storage technologies provided by IBM’s Cloud Object Storage System (formerly Cleversafe). For more information visit: (http://www.ibm.com/cloud/object-storage)</p>
+<p>To configure access to IBM COS S3, follow the steps below:</p>
+<ol type="1">
+<li>Run rclone config and select n for a new remote.</li>
+</ol>
+<pre><code>    2018/02/14 14:13:11 NOTICE: Config file &quot;C:\\Users\\a\\.config\\rclone\\rclone.conf&quot; not found - using defaults
+    No remotes found, make a new one?
+    n) New remote
+    s) Set configuration password
+    q) Quit config
+    n/s/q&gt; n</code></pre>
+<ol start="2" type="1">
+<li>Enter the name for the configuration</li>
+</ol>
+<pre><code>    name&gt; &lt;YOUR NAME&gt;</code></pre>
+<ol start="3" type="1">
+<li>Select "s3" storage.</li>
+</ol>
+<pre><code>Choose a number from below, or type in your own value
+    1 / Alias for an existing remote
+    \ &quot;alias&quot;
+    2 / Amazon Drive
+    \ &quot;amazon cloud drive&quot;
+    3 / Amazon S3 Complaint Storage Providers (Dreamhost, Ceph, ChinaMobile, Liara, ArvanCloud, Minio, IBM COS)
+    \ &quot;s3&quot;
+    4 / Backblaze B2
+    \ &quot;b2&quot;
+[snip]
+    23 / HTTP
+    \ &quot;http&quot;
+Storage&gt; 3</code></pre>
+<ol start="4" type="1">
+<li>Select IBM COS as the S3 Storage Provider.</li>
+</ol>
+<pre><code>Choose the S3 provider.
+Choose a number from below, or type in your own value
+     1 / Choose this option to configure Storage to AWS S3
+       \ &quot;AWS&quot;
+     2 / Choose this option to configure Storage to Ceph Systems
+     \ &quot;Ceph&quot;
+     3 /  Choose this option to configure Storage to Dreamhost
+     \ &quot;Dreamhost&quot;
+   4 / Choose this option to the configure Storage to IBM COS S3
+     \ &quot;IBMCOS&quot;
+     5 / Choose this option to the configure Storage to Minio
+     \ &quot;Minio&quot;
+     Provider&gt;4</code></pre>
+<ol start="5" type="1">
+<li>Enter the Access Key and Secret.</li>
+</ol>
+<pre><code>    AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+    access_key_id&gt; &lt;&gt;
+    AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+    secret_access_key&gt; &lt;&gt;</code></pre>
+<ol start="6" type="1">
+<li>Specify the endpoint for IBM COS. For Public IBM COS, choose from the option below. For On Premise IBM COS, enter an endpoint address.</li>
+</ol>
+<pre><code>    Endpoint for IBM COS S3 API.
+    Specify if using an IBM COS On Premise.
+    Choose a number from below, or type in your own value
+     1 / US Cross Region Endpoint
+       \ &quot;s3-api.us-geo.objectstorage.softlayer.net&quot;
+     2 / US Cross Region Dallas Endpoint
+       \ &quot;s3-api.dal.us-geo.objectstorage.softlayer.net&quot;
+     3 / US Cross Region Washington DC Endpoint
+       \ &quot;s3-api.wdc-us-geo.objectstorage.softlayer.net&quot;
+     4 / US Cross Region San Jose Endpoint
+       \ &quot;s3-api.sjc-us-geo.objectstorage.softlayer.net&quot;
+     5 / US Cross Region Private Endpoint
+       \ &quot;s3-api.us-geo.objectstorage.service.networklayer.com&quot;
+     6 / US Cross Region Dallas Private Endpoint
+       \ &quot;s3-api.dal-us-geo.objectstorage.service.networklayer.com&quot;
+     7 / US Cross Region Washington DC Private Endpoint
+       \ &quot;s3-api.wdc-us-geo.objectstorage.service.networklayer.com&quot;
+     8 / US Cross Region San Jose Private Endpoint
+       \ &quot;s3-api.sjc-us-geo.objectstorage.service.networklayer.com&quot;
+     9 / US Region East Endpoint
+       \ &quot;s3.us-east.objectstorage.softlayer.net&quot;
+    10 / US Region East Private Endpoint
+       \ &quot;s3.us-east.objectstorage.service.networklayer.com&quot;
+    11 / US Region South Endpoint
+[snip]
+    34 / Toronto Single Site Private Endpoint
+       \ &quot;s3.tor01.objectstorage.service.networklayer.com&quot;
+    endpoint&gt;1</code></pre>
+<ol start="7" type="1">
+<li>Specify a IBM COS Location Constraint. The location constraint must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter</li>
+</ol>
+<pre><code>     1 / US Cross Region Standard
+       \ &quot;us-standard&quot;
+     2 / US Cross Region Vault
+       \ &quot;us-vault&quot;
+     3 / US Cross Region Cold
+       \ &quot;us-cold&quot;
+     4 / US Cross Region Flex
+       \ &quot;us-flex&quot;
+     5 / US East Region Standard
+       \ &quot;us-east-standard&quot;
+     6 / US East Region Vault
+       \ &quot;us-east-vault&quot;
+     7 / US East Region Cold
+       \ &quot;us-east-cold&quot;
+     8 / US East Region Flex
+       \ &quot;us-east-flex&quot;
+     9 / US South Region Standard
+       \ &quot;us-south-standard&quot;
+    10 / US South Region Vault
+       \ &quot;us-south-vault&quot;
+[snip]
+    32 / Toronto Flex
+       \ &quot;tor01-flex&quot;
+location_constraint&gt;1</code></pre>
+<ol start="9" type="1">
+<li>Specify a canned ACL. IBM Cloud (Storage) supports "public-read" and "private". IBM Cloud(Infra) supports all the canned ACLs. On-Premise COS supports all the canned ACLs.</li>
+</ol>
+<pre><code>Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+      1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
+      \ &quot;private&quot;
+      2  / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
+      \ &quot;public-read&quot;
+      3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
+      \ &quot;public-read-write&quot;
+      4  / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
+      \ &quot;authenticated-read&quot;
+acl&gt; 1</code></pre>
+<ol start="12" type="1">
+<li>Review the displayed configuration and accept to save the "remote" then quit. The config file should look like this</li>
+</ol>
+<pre><code>    [xxx]
+    type = s3
+    Provider = IBMCOS
+    access_key_id = xxx
+    secret_access_key = yyy
+    endpoint = s3-api.us-geo.objectstorage.softlayer.net
+    location_constraint = us-standard
+    acl = private</code></pre>
+<ol start="13" type="1">
+<li>Execute rclone commands</li>
+</ol>
+<pre><code>    1)  Create a bucket.
+        rclone mkdir IBM-COS-XREGION:newbucket
+    2)  List available buckets.
+        rclone lsd IBM-COS-XREGION:
+        -1 2017-11-08 21:16:22        -1 test
+        -1 2018-02-14 20:16:39        -1 newbucket
+    3)  List contents of a bucket.
+        rclone ls IBM-COS-XREGION:newbucket
+        18685952 test.exe
+    4)  Copy a file from local to remote.
+        rclone copy /Users/file.txt IBM-COS-XREGION:newbucket
+    5)  Copy a file from remote to local.
+        rclone copy IBM-COS-XREGION:newbucket/file.txt .
+    6)  Delete a file on remote.
+        rclone delete IBM-COS-XREGION:newbucket/file.txt</code></pre>
+<h3 id="idrive-e2">IDrive e2</h3>
+<p>Here is an example of making an <a href="https://www.idrive.com/e2/">IDrive e2</a> configuration. First run:</p>
+<pre><code>rclone config</code></pre>
+<p>This will guide you through an interactive setup process.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n
+
+Enter name for new remote.
+name&gt; e2
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+[snip]
+Storage&gt; s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / IDrive e2
+   \ (IDrive)
+[snip]
+provider&gt; IDrive
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt; 
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; YOUR_ACCESS_KEY
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; YOUR_SECRET_KEY
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+   / Owner gets FULL_CONTROL.
+ 3 | The AllUsers group gets READ and WRITE access.
+   | Granting this on a bucket is generally not recommended.
+   \ (public-read-write)
+   / Owner gets FULL_CONTROL.
+ 4 | The AuthenticatedUsers group gets READ access.
+   \ (authenticated-read)
+   / Object owner gets FULL_CONTROL.
+ 5 | Bucket owner gets READ access.
+   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-read)
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-full-control)
+acl&gt; 
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n&gt; 
+
+Configuration complete.
+Options:
+- type: s3
+- provider: IDrive
+- access_key_id: YOUR_ACCESS_KEY
+- secret_access_key: YOUR_SECRET_KEY
+- endpoint: q9d9.la12.idrivee2-5.com
+Keep this &quot;e2&quot; remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<h3 id="ionos">IONOS Cloud</h3>
+<p><a href="https://cloud.ionos.com/storage/object-storage">IONOS S3 Object Storage</a> is a service offered by IONOS for storing and accessing unstructured data. To connect to the service, you will need an access key and a secret key. These can be found in the <a href="https://dcd.ionos.com/">Data Center Designer</a>, by selecting <strong>Manager resources</strong> &gt; <strong>Object Storage Key Manager</strong>.</p>
+<p>Here is an example of a configuration. First, run <code>rclone config</code>. This will walk you through an interactive setup process. Type <code>n</code> to add the new remote, and then enter a name:</p>
+<pre><code>Enter name for new remote.
+name&gt; ionos-fra</code></pre>
+<p>Type <code>s3</code> to choose the connection type:</p>
+<pre><code>Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+[snip]
+Storage&gt; s3</code></pre>
+<p>Type <code>IONOS</code>:</p>
+<pre><code>Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / IONOS Cloud
+   \ (IONOS)
+[snip]
+provider&gt; IONOS</code></pre>
+<p>Press Enter to choose the default option <code>Enter AWS credentials in the next step</code>:</p>
+<pre><code>Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt;</code></pre>
+<p>Enter your Access Key and Secret key. These can be retrieved in the <a href="https://dcd.ionos.com/">Data Center Designer</a>, click on the menu “Manager resources” / "Object Storage Key Manager".</p>
+<pre><code>Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; YOUR_ACCESS_KEY
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; YOUR_SECRET_KEY</code></pre>
+<p>Choose the region where your bucket is located:</p>
+<pre><code>Option region.
+Region where your bucket will be created and your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Frankfurt, Germany
+   \ (de)
+ 2 / Berlin, Germany
+   \ (eu-central-2)
+ 3 / Logrono, Spain
+   \ (eu-south-2)
+region&gt; 2</code></pre>
+<p>Choose the endpoint from the same region:</p>
+<pre><code>Option endpoint.
+Endpoint for IONOS S3 Object Storage.
+Specify the endpoint from the same region.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Frankfurt, Germany
+   \ (s3-eu-central-1.ionoscloud.com)
+ 2 / Berlin, Germany
+   \ (s3-eu-central-2.ionoscloud.com)
+ 3 / Logrono, Spain
+   \ (s3-eu-south-2.ionoscloud.com)
+endpoint&gt; 1</code></pre>
+<p>Press Enter to choose the default option or choose the desired ACL setting:</p>
+<pre><code>Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+[snip]
+acl&gt;</code></pre>
+<p>Press Enter to skip the advanced config:</p>
+<pre><code>Edit advanced config?
+y) Yes
+n) No (default)
+y/n&gt;</code></pre>
+<p>Press Enter to save the configuration, and then <code>q</code> to quit the configuration process:</p>
+<pre><code>Configuration complete.
+Options:
+- type: s3
+- provider: IONOS
+- access_key_id: YOUR_ACCESS_KEY
+- secret_access_key: YOUR_SECRET_KEY
+- endpoint: s3-eu-central-1.ionoscloud.com
+Keep this &quot;ionos-fra&quot; remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<p>Done! Now you can try some commands (for macOS, use <code>./rclone</code> instead of <code>rclone</code>).</p>
+<ol type="1">
+<li>Create a bucket (the name must be unique within the whole IONOS S3)</li>
+</ol>
+<pre><code>rclone mkdir ionos-fra:my-bucket</code></pre>
+<ol start="2" type="1">
+<li>List available buckets</li>
+</ol>
+<pre><code>rclone lsd ionos-fra:</code></pre>
+<ol start="4" type="1">
+<li>Copy a file from local to remote</li>
+</ol>
+<pre><code>rclone copy /Users/file.txt ionos-fra:my-bucket</code></pre>
+<ol start="3" type="1">
+<li>List contents of a bucket</li>
+</ol>
+<pre><code>rclone ls ionos-fra:my-bucket</code></pre>
+<ol start="5" type="1">
+<li>Copy a file from remote to local</li>
+</ol>
+<pre><code>rclone copy ionos-fra:my-bucket/file.txt</code></pre>
+<h3 id="minio">Minio</h3>
+<p><a href="https://minio.io/">Minio</a> is an object storage server built for cloud application developers and devops.</p>
+<p>It is very easy to install and provides an S3 compatible server which can be used by rclone.</p>
+<p>To use it, install Minio following the instructions <a href="https://docs.minio.io/docs/minio-quickstart-guide">here</a>.</p>
+<p>When it configures itself Minio will print something like this</p>
+<pre><code>Endpoint:  http://192.168.1.106:9000  http://172.23.0.1:9000
+AccessKey: USWUXHGYZQYFYFFIT3RE
+SecretKey: MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+Region:    us-east-1
+SQS ARNs:  arn:minio:sqs:us-east-1:1:redis arn:minio:sqs:us-east-1:2:redis
+
+Browser Access:
+   http://192.168.1.106:9000  http://172.23.0.1:9000
+
+Command-line Access: https://docs.minio.io/docs/minio-client-quickstart-guide
+   $ mc config host add myminio http://192.168.1.106:9000 USWUXHGYZQYFYFFIT3RE MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+
+Object API (Amazon S3 compatible):
+   Go:         https://docs.minio.io/docs/golang-client-quickstart-guide
+   Java:       https://docs.minio.io/docs/java-client-quickstart-guide
+   Python:     https://docs.minio.io/docs/python-client-quickstart-guide
+   JavaScript: https://docs.minio.io/docs/javascript-client-quickstart-guide
+   .NET:       https://docs.minio.io/docs/dotnet-client-quickstart-guide
+
+Drive Capacity: 26 GiB Free, 165 GiB Total</code></pre>
+<p>These details need to go into <code>rclone config</code> like this. Note that it is important to put the region in as stated above.</p>
+<pre><code>env_auth&gt; 1
+access_key_id&gt; USWUXHGYZQYFYFFIT3RE
+secret_access_key&gt; MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+region&gt; us-east-1
+endpoint&gt; http://192.168.1.106:9000
+location_constraint&gt;
+server_side_encryption&gt;</code></pre>
+<p>Which makes the config file look like this</p>
+<pre><code>[minio]
+type = s3
+provider = Minio
+env_auth = false
+access_key_id = USWUXHGYZQYFYFFIT3RE
+secret_access_key = MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+region = us-east-1
+endpoint = http://192.168.1.106:9000
+location_constraint =
+server_side_encryption =</code></pre>
+<p>So once set up, for example, to copy files into a bucket</p>
+<pre><code>rclone copy /path/to/files minio:bucket</code></pre>
+<h3 id="qiniu">Qiniu Cloud Object Storage (Kodo)</h3>
+<p><a href="https://www.qiniu.com/en/products/kodo">Qiniu Cloud Object Storage (Kodo)</a>, a completely independent-researched core technology which is proven by repeated customer experience has occupied absolute leading market leader position. Kodo can be widely applied to mass data management.</p>
+<p>To configure access to Qiniu Kodo, follow the steps below:</p>
+<ol type="1">
+<li>Run <code>rclone config</code> and select <code>n</code> for a new remote.</li>
+</ol>
+<pre><code>rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n</code></pre>
+<ol start="2" type="1">
+<li>Give the name of the configuration. For example, name it 'qiniu'.</li>
+</ol>
+<pre><code>name&gt; qiniu</code></pre>
+<ol start="3" type="1">
+<li>Select <code>s3</code> storage.</li>
+</ol>
+<pre><code>Choose a number from below, or type in your own value
+ 1 / 1Fichier
+   \ (fichier)
+ 2 / Akamai NetStorage
+   \ (netstorage)
+ 3 / Alias for an existing remote
+   \ (alias)
+ 4 / Amazon Drive
+   \ (amazon cloud drive)
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ (s3)
+[snip]
+Storage&gt; s3</code></pre>
+<ol start="4" type="1">
+<li>Select <code>Qiniu</code> provider.</li>
+</ol>
+<pre><code>Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \ &quot;AWS&quot;
+[snip]
+22 / Qiniu Object Storage (Kodo)
+   \ (Qiniu)
+[snip]
+provider&gt; Qiniu</code></pre>
+<ol start="5" type="1">
+<li>Enter your SecretId and SecretKey of Qiniu Kodo.</li>
+</ol>
+<pre><code>Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+env_auth&gt; 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+access_key_id&gt; AKIDxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+secret_access_key&gt; xxxxxxxxxxx</code></pre>
+<ol start="6" type="1">
+<li>Select endpoint for Qiniu Kodo. This is the standard endpoint for different region.</li>
+</ol>
+<pre><code>   / The default endpoint - a good choice if you are unsure.
+ 1 | East China Region 1.
+   | Needs location constraint cn-east-1.
+   \ (cn-east-1)
+   / East China Region 2.
+ 2 | Needs location constraint cn-east-2.
+   \ (cn-east-2)
+   / North China Region 1.
+ 3 | Needs location constraint cn-north-1.
+   \ (cn-north-1)
+   / South China Region 1.
+ 4 | Needs location constraint cn-south-1.
+   \ (cn-south-1)
+   / North America Region.
+ 5 | Needs location constraint us-north-1.
+   \ (us-north-1)
+   / Southeast Asia Region 1.
+ 6 | Needs location constraint ap-southeast-1.
+   \ (ap-southeast-1)
+   / Northeast Asia Region 1.
+ 7 | Needs location constraint ap-northeast-1.
+   \ (ap-northeast-1)
+[snip]
+endpoint&gt; 1
+
+Option endpoint.
+Endpoint for Qiniu Object Storage.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / East China Endpoint 1
+   \ (s3-cn-east-1.qiniucs.com)
+ 2 / East China Endpoint 2
+   \ (s3-cn-east-2.qiniucs.com)
+ 3 / North China Endpoint 1
+   \ (s3-cn-north-1.qiniucs.com)
+ 4 / South China Endpoint 1
+   \ (s3-cn-south-1.qiniucs.com)
+ 5 / North America Endpoint 1
+   \ (s3-us-north-1.qiniucs.com)
+ 6 / Southeast Asia Endpoint 1
+   \ (s3-ap-southeast-1.qiniucs.com)
+ 7 / Northeast Asia Endpoint 1
+   \ (s3-ap-northeast-1.qiniucs.com)
+endpoint&gt; 1
+
+Option location_constraint.
+Location constraint - must be set to match the Region.
+Used when creating buckets only.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / East China Region 1
+   \ (cn-east-1)
+ 2 / East China Region 2
+   \ (cn-east-2)
+ 3 / North China Region 1
+   \ (cn-north-1)
+ 4 / South China Region 1
+   \ (cn-south-1)
+ 5 / North America Region 1
+   \ (us-north-1)
+ 6 / Southeast Asia Region 1
+   \ (ap-southeast-1)
+ 7 / Northeast Asia Region 1
+   \ (ap-northeast-1)
+location_constraint&gt; 1</code></pre>
+<ol start="7" type="1">
+<li>Choose acl and storage class.</li>
+</ol>
+<pre><code>Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+[snip]
+acl&gt; 2
+The storage class to use when storing new objects in Tencent COS.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 1 / Standard storage class
+   \ (STANDARD)
+ 2 / Infrequent access storage mode
+   \ (LINE)
+ 3 / Archive storage mode
+   \ (GLACIER)
+ 4 / Deep archive storage mode
+   \ (DEEP_ARCHIVE)
+[snip]
+storage_class&gt; 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n&gt; n
+Remote config
+--------------------
+[qiniu]
+- type: s3
+- provider: Qiniu
+- access_key_id: xxx
+- secret_access_key: xxx
+- region: cn-east-1
+- endpoint: s3-cn-east-1.qiniucs.com
+- location_constraint: cn-east-1
+- acl: public-read
+- storage_class: STANDARD
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y
+Current remotes:
+
+Name                 Type
+====                 ====
+qiniu                s3</code></pre>
+<h3 id="RackCorp">RackCorp</h3>
+<p><a href="https://www.rackcorp.com/storage/s3storage">RackCorp Object Storage</a> is an S3 compatible object storage platform from your friendly cloud provider RackCorp. The service is fast, reliable, well priced and located in many strategic locations unserviced by others, to ensure you can maintain data sovereignty.</p>
+<p>Before you can use RackCorp Object Storage, you'll need to "<a href="https://www.rackcorp.com/signup">sign up</a>" for an account on our "<a href="https://portal.rackcorp.com">portal</a>". Next you can create an <code>access key</code>, a <code>secret key</code> and <code>buckets</code>, in your location of choice with ease. These details are required for the next steps of configuration, when <code>rclone config</code> asks for your <code>access_key_id</code> and <code>secret_access_key</code>.</p>
+<p>Your config should end up looking a bit like this:</p>
+<pre><code>[RCS3-demo-config]
+type = s3
+provider = RackCorp
+env_auth = true
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region = au-nsw
+endpoint = s3.rackcorp.com
+location_constraint = au-nsw</code></pre>
+<h3 id="rclone">Rclone Serve S3</h3>
+<p>Rclone can serve any remote over the S3 protocol. For details see the <a href="https://rclone.org/commands/rclone_serve_http/">rclone serve s3</a> documentation.</p>
+<p>For example, to serve <code>remote:path</code> over s3, run the server like this:</p>
+<pre><code>rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path</code></pre>
+<p>This will be compatible with an rclone remote which is defined like this:</p>
+<pre><code>[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false</code></pre>
+<p>Note that setting <code>disable_multipart_uploads = true</code> is to work around <a href="https://rclone.org/commands/rclone_serve_http/#bugs">a bug</a> which will be fixed in due course.</p>
+<h3 id="scaleway">Scaleway</h3>
+<p><a href="https://www.scaleway.com/object-storage/">Scaleway</a> The Object Storage platform allows you to store anything from backups, logs and web assets to documents and photos. Files can be dropped from the Scaleway console or transferred through our API and CLI or using any S3-compatible tool.</p>
+<p>Scaleway provides an S3 interface which can be configured for use with rclone like this:</p>
+<pre><code>[scaleway]
+type = s3
+provider = Scaleway
+env_auth = false
+endpoint = s3.nl-ams.scw.cloud
+access_key_id = SCWXXXXXXXXXXXXXX
+secret_access_key = 1111111-2222-3333-44444-55555555555555
+region = nl-ams
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =</code></pre>
+<p><a href="https://www.online.net/en/storage/c14-cold-storage">C14 Cold Storage</a> is the low-cost S3 Glacier alternative from Scaleway and it works the same way as on S3 by accepting the "GLACIER" <code>storage_class</code>. So you can configure your remote with the <code>storage_class = GLACIER</code> option to upload directly to C14. Don't forget that in this state you can't read files back after, you will need to restore them to "STANDARD" storage_class first before being able to read them (see "restore" section above)</p>
+<h3 id="lyve">Seagate Lyve Cloud</h3>
+<p><a href="https://www.seagate.com/gb/en/services/cloud/storage/">Seagate Lyve Cloud</a> is an S3 compatible object storage platform from <a href="https://seagate.com/">Seagate</a> intended for enterprise use.</p>
+<p>Here is a config run through for a remote called <code>remote</code> - you may choose a different name of course. Note that to create an access key and secret key you will need to create a service account first.</p>
+<pre><code>$ rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n
+name&gt; remote</code></pre>
+<p>Choose <code>s3</code> backend</p>
+<pre><code>Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
+   \ (s3)
+[snip]
+Storage&gt; s3</code></pre>
+<p>Choose <code>LyveCloud</code> as S3 provider</p>
+<pre><code>Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Seagate Lyve Cloud
+   \ (LyveCloud)
+[snip]
+provider&gt; LyveCloud</code></pre>
+<p>Take the default (just press enter) to enter access key and secret in the config file.</p>
+<pre><code>Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt;</code></pre>
+<pre><code>AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; XXX</code></pre>
+<pre><code>AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; YYY</code></pre>
+<p>Leave region blank</p>
+<pre><code>Region to connect to.
+Leave blank if you are using an S3 clone and you don&#39;t have a region.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Use this if unsure.
+ 1 | Will use v4 signatures and an empty region.
+   \ ()
+   / Use this only if v4 signatures don&#39;t work.
+ 2 | E.g. pre Jewel/v10 CEPH.
+   \ (other-v2-signature)
+region&gt;</code></pre>
+<p>Choose an endpoint from the list</p>
+<pre><code>Endpoint for S3 API.
+Required when using an S3 clone.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Seagate Lyve Cloud US East 1 (Virginia)
+   \ (s3.us-east-1.lyvecloud.seagate.com)
+ 2 / Seagate Lyve Cloud US West 1 (California)
+   \ (s3.us-west-1.lyvecloud.seagate.com)
+ 3 / Seagate Lyve Cloud AP Southeast 1 (Singapore)
+   \ (s3.ap-southeast-1.lyvecloud.seagate.com)
+endpoint&gt; 1</code></pre>
+<p>Leave location constraint blank</p>
+<pre><code>Location constraint - must be set to match the Region.
+Leave blank if not sure. Used when creating buckets only.
+Enter a value. Press Enter to leave empty.
+location_constraint&gt;</code></pre>
+<p>Choose default ACL (<code>private</code>).</p>
+<pre><code>Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+[snip]
+acl&gt;</code></pre>
+<p>And the config file should end up looking like this:</p>
+<pre><code>[remote]
+type = s3
+provider = LyveCloud
+access_key_id = XXX
+secret_access_key = YYY
+endpoint = s3.us-east-1.lyvecloud.seagate.com</code></pre>
+<h3 id="seaweedfs">SeaweedFS</h3>
+<p><a href="https://github.com/chrislusf/seaweedfs/">SeaweedFS</a> is a distributed storage system for blobs, objects, files, and data lake, with O(1) disk seek and a scalable file metadata store. It has an S3 compatible object storage interface. SeaweedFS can also act as a <a href="https://github.com/chrislusf/seaweedfs/wiki/Gateway-to-Remote-Object-Storage">gateway to remote S3 compatible object store</a> to cache data and metadata with asynchronous write back, for fast local speed and minimize access cost.</p>
+<p>Assuming the SeaweedFS are configured with <code>weed shell</code> as such:</p>
+<pre><code>&gt; s3.bucket.create -name foo
+&gt; s3.configure -access_key=any -secret_key=any -buckets=foo -user=me -actions=Read,Write,List,Tagging,Admin -apply
+{
+  &quot;identities&quot;: [
+    {
+      &quot;name&quot;: &quot;me&quot;,
+      &quot;credentials&quot;: [
+        {
+          &quot;accessKey&quot;: &quot;any&quot;,
+          &quot;secretKey&quot;: &quot;any&quot;
+        }
+      ],
+      &quot;actions&quot;: [
+        &quot;Read:foo&quot;,
+        &quot;Write:foo&quot;,
+        &quot;List:foo&quot;,
+        &quot;Tagging:foo&quot;,
+        &quot;Admin:foo&quot;
+      ]
+    }
+  ]
+}</code></pre>
+<p>To use rclone with SeaweedFS, above configuration should end up with something like this in your config:</p>
+<pre><code>[seaweedfs_s3]
+type = s3
+provider = SeaweedFS
+access_key_id = any
+secret_access_key = any
+endpoint = localhost:8333</code></pre>
+<p>So once set up, for example to copy files into a bucket</p>
+<pre><code>rclone copy /path/to/files seaweedfs_s3:foo</code></pre>
+<h3 id="wasabi">Wasabi</h3>
+<p><a href="https://wasabi.com">Wasabi</a> is a cloud-based object storage service for a broad range of applications and use cases. Wasabi is designed for individuals and organizations that require a high-performance, reliable, and secure data storage infrastructure at minimal cost.</p>
+<p>Wasabi provides an S3 interface which can be configured for use with rclone like this.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s&gt; n
+name&gt; wasabi
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Minio, Liara)
+   \ &quot;s3&quot;
+[snip]
+Storage&gt; s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+env_auth&gt; 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id&gt; YOURACCESSKEY
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key&gt; YOURSECRETACCESSKEY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint - a good choice if you are unsure.
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \ &quot;us-east-1&quot;
+[snip]
+region&gt; us-east-1
+Endpoint for S3 API.
+Leave blank if using AWS to use the default endpoint for the region.
+Specify if using an S3 clone such as Ceph.
+endpoint&gt; s3.wasabisys.com
+Location constraint - must be set to match the Region. Used when creating buckets only.
+Choose a number from below, or type in your own value
+ 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
+   \ &quot;&quot;
+[snip]
+location_constraint&gt;
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ &quot;private&quot;
+[snip]
+acl&gt;
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \ &quot;&quot;
+ 2 / AES256
+   \ &quot;AES256&quot;
+server_side_encryption&gt;
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ &quot;&quot;
+ 2 / Standard storage class
+   \ &quot;STANDARD&quot;
+ 3 / Reduced redundancy storage class
+   \ &quot;REDUCED_REDUNDANCY&quot;
+ 4 / Standard Infrequent Access storage class
+   \ &quot;STANDARD_IA&quot;
+storage_class&gt;
+Remote config
+--------------------
+[wasabi]
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region = us-east-1
+endpoint = s3.wasabisys.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<p>This will leave the config file looking like this.</p>
+<pre><code>[wasabi]
+type = s3
+provider = Wasabi
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region =
+endpoint = s3.wasabisys.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =</code></pre>
+<h3 id="alibaba-oss">Alibaba OSS</h3>
+<p>Here is an example of making an <a href="https://www.alibabacloud.com/product/oss/">Alibaba Cloud (Aliyun) OSS</a> configuration. First run:</p>
+<pre><code>rclone config</code></pre>
+<p>This will guide you through an interactive setup process.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n
+name&gt; oss
+Type of storage to configure.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+[snip]
+ 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
+   \ &quot;s3&quot;
+[snip]
+Storage&gt; s3
+Choose your S3 provider.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 1 / Amazon Web Services (AWS) S3
+   \ &quot;AWS&quot;
+ 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
+   \ &quot;Alibaba&quot;
+ 3 / Ceph Object Storage
+   \ &quot;Ceph&quot;
+[snip]
+provider&gt; Alibaba
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+env_auth&gt; 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+access_key_id&gt; accesskeyid
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+secret_access_key&gt; secretaccesskey
+Endpoint for OSS API.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 1 / East China 1 (Hangzhou)
+   \ &quot;oss-cn-hangzhou.aliyuncs.com&quot;
+ 2 / East China 2 (Shanghai)
+   \ &quot;oss-cn-shanghai.aliyuncs.com&quot;
+ 3 / North China 1 (Qingdao)
+   \ &quot;oss-cn-qingdao.aliyuncs.com&quot;
+[snip]
+endpoint&gt; 1
+Canned ACL used when creating buckets and storing or copying objects.
+
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ &quot;private&quot;
+ 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
+   \ &quot;public-read&quot;
+   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
+[snip]
+acl&gt; 1
+The storage class to use when storing new objects in OSS.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ &quot;&quot;
+ 2 / Standard storage class
+   \ &quot;STANDARD&quot;
+ 3 / Archive storage mode.
+   \ &quot;GLACIER&quot;
+ 4 / Infrequent access storage mode.
+   \ &quot;STANDARD_IA&quot;
+storage_class&gt; 1
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n&gt; n
+Remote config
+--------------------
+[oss]
+type = s3
+provider = Alibaba
+env_auth = false
+access_key_id = accesskeyid
+secret_access_key = secretaccesskey
+endpoint = oss-cn-hangzhou.aliyuncs.com
+acl = private
+storage_class = Standard
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<h3 id="china-mobile-ecloud-eos">China Mobile Ecloud Elastic Object Storage (EOS)</h3>
+<p>Here is an example of making an <a href="https:///ecloud.10086.cn/home/product-introduction/eos/">China Mobile Ecloud Elastic Object Storage (EOS)</a> configuration. First run:</p>
+<pre><code>rclone config</code></pre>
+<p>This will guide you through an interactive setup process.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n
+name&gt; ChinaMobile
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+ ...
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
+   \ (s3)
+ ...
+Storage&gt; s3
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ ...
+ 4 / China Mobile Ecloud Elastic Object Storage (EOS)
+   \ (ChinaMobile)
+ ...
+provider&gt; ChinaMobile
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt;
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; accesskeyid
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; secretaccesskey
+Option endpoint.
+Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / The default endpoint - a good choice if you are unsure.
+ 1 | East China (Suzhou)
+   \ (eos-wuxi-1.cmecloud.cn)
+ 2 / East China (Jinan)
+   \ (eos-jinan-1.cmecloud.cn)
+ 3 / East China (Hangzhou)
+   \ (eos-ningbo-1.cmecloud.cn)
+ 4 / East China (Shanghai-1)
+   \ (eos-shanghai-1.cmecloud.cn)
+ 5 / Central China (Zhengzhou)
+   \ (eos-zhengzhou-1.cmecloud.cn)
+ 6 / Central China (Changsha-1)
+   \ (eos-hunan-1.cmecloud.cn)
+ 7 / Central China (Changsha-2)
+   \ (eos-zhuzhou-1.cmecloud.cn)
+ 8 / South China (Guangzhou-2)
+   \ (eos-guangzhou-1.cmecloud.cn)
+ 9 / South China (Guangzhou-3)
+   \ (eos-dongguan-1.cmecloud.cn)
+10 / North China (Beijing-1)
+   \ (eos-beijing-1.cmecloud.cn)
+11 / North China (Beijing-2)
+   \ (eos-beijing-2.cmecloud.cn)
+12 / North China (Beijing-3)
+   \ (eos-beijing-4.cmecloud.cn)
+13 / North China (Huhehaote)
+   \ (eos-huhehaote-1.cmecloud.cn)
+14 / Southwest China (Chengdu)
+   \ (eos-chengdu-1.cmecloud.cn)
+15 / Southwest China (Chongqing)
+   \ (eos-chongqing-1.cmecloud.cn)
+16 / Southwest China (Guiyang)
+   \ (eos-guiyang-1.cmecloud.cn)
+17 / Nouthwest China (Xian)
+   \ (eos-xian-1.cmecloud.cn)
+18 / Yunnan China (Kunming)
+   \ (eos-yunnan.cmecloud.cn)
+19 / Yunnan China (Kunming-2)
+   \ (eos-yunnan-2.cmecloud.cn)
+20 / Tianjin China (Tianjin)
+   \ (eos-tianjin-1.cmecloud.cn)
+21 / Jilin China (Changchun)
+   \ (eos-jilin-1.cmecloud.cn)
+22 / Hubei China (Xiangyan)
+   \ (eos-hubei-1.cmecloud.cn)
+23 / Jiangxi China (Nanchang)
+   \ (eos-jiangxi-1.cmecloud.cn)
+24 / Gansu China (Lanzhou)
+   \ (eos-gansu-1.cmecloud.cn)
+25 / Shanxi China (Taiyuan)
+   \ (eos-shanxi-1.cmecloud.cn)
+26 / Liaoning China (Shenyang)
+   \ (eos-liaoning-1.cmecloud.cn)
+27 / Hebei China (Shijiazhuang)
+   \ (eos-hebei-1.cmecloud.cn)
+28 / Fujian China (Xiamen)
+   \ (eos-fujian-1.cmecloud.cn)
+29 / Guangxi China (Nanning)
+   \ (eos-guangxi-1.cmecloud.cn)
+30 / Anhui China (Huainan)
+   \ (eos-anhui-1.cmecloud.cn)
+endpoint&gt; 1
+Option location_constraint.
+Location constraint - must match endpoint.
+Used when creating buckets only.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / East China (Suzhou)
+   \ (wuxi1)
+ 2 / East China (Jinan)
+   \ (jinan1)
+ 3 / East China (Hangzhou)
+   \ (ningbo1)
+ 4 / East China (Shanghai-1)
+   \ (shanghai1)
+ 5 / Central China (Zhengzhou)
+   \ (zhengzhou1)
+ 6 / Central China (Changsha-1)
+   \ (hunan1)
+ 7 / Central China (Changsha-2)
+   \ (zhuzhou1)
+ 8 / South China (Guangzhou-2)
+   \ (guangzhou1)
+ 9 / South China (Guangzhou-3)
+   \ (dongguan1)
+10 / North China (Beijing-1)
+   \ (beijing1)
+11 / North China (Beijing-2)
+   \ (beijing2)
+12 / North China (Beijing-3)
+   \ (beijing4)
+13 / North China (Huhehaote)
+   \ (huhehaote1)
+14 / Southwest China (Chengdu)
+   \ (chengdu1)
+15 / Southwest China (Chongqing)
+   \ (chongqing1)
+16 / Southwest China (Guiyang)
+   \ (guiyang1)
+17 / Nouthwest China (Xian)
+   \ (xian1)
+18 / Yunnan China (Kunming)
+   \ (yunnan)
+19 / Yunnan China (Kunming-2)
+   \ (yunnan2)
+20 / Tianjin China (Tianjin)
+   \ (tianjin1)
+21 / Jilin China (Changchun)
+   \ (jilin1)
+22 / Hubei China (Xiangyan)
+   \ (hubei1)
+23 / Jiangxi China (Nanchang)
+   \ (jiangxi1)
+24 / Gansu China (Lanzhou)
+   \ (gansu1)
+25 / Shanxi China (Taiyuan)
+   \ (shanxi1)
+26 / Liaoning China (Shenyang)
+   \ (liaoning1)
+27 / Hebei China (Shijiazhuang)
+   \ (hebei1)
+28 / Fujian China (Xiamen)
+   \ (fujian1)
+29 / Guangxi China (Nanning)
+   \ (guangxi1)
+30 / Anhui China (Huainan)
+   \ (anhui1)
+location_constraint&gt; 1
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+   / Owner gets FULL_CONTROL.
+ 3 | The AllUsers group gets READ and WRITE access.
+   | Granting this on a bucket is generally not recommended.
+   \ (public-read-write)
+   / Owner gets FULL_CONTROL.
+ 4 | The AuthenticatedUsers group gets READ access.
+   \ (authenticated-read)
+   / Object owner gets FULL_CONTROL.
+acl&gt; private
+Option server_side_encryption.
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / None
+   \ ()
+ 2 / AES256
+   \ (AES256)
+server_side_encryption&gt;
+Option storage_class.
+The storage class to use when storing new objects in ChinaMobile.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Default
+   \ ()
+ 2 / Standard storage class
+   \ (STANDARD)
+ 3 / Archive storage mode
+   \ (GLACIER)
+ 4 / Infrequent access storage mode
+   \ (STANDARD_IA)
+storage_class&gt;
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n&gt; n
+--------------------
+[ChinaMobile]
+type = s3
+provider = ChinaMobile
+access_key_id = accesskeyid
+secret_access_key = secretaccesskey
+endpoint = eos-wuxi-1.cmecloud.cn
+location_constraint = wuxi1
+acl = private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<h3 id="leviia">Leviia Cloud Object Storage</h3>
+<p><a href="https://www.leviia.com/object-storage/">Leviia Object Storage</a>, backup and secure your data in a 100% French cloud, independent of GAFAM..</p>
+<p>To configure access to Leviia, follow the steps below:</p>
 <ol type="1">
-<li><code>Install-Module -Name Microsoft.Online.SharePoint.PowerShell</code> (in case you haven't installed this already)</li>
-<li><code>Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking</code></li>
-<li><code>Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU@YOURSITE.COM</code> (replacing <code>YOURSITE</code>, <code>YOU</code>, <code>YOURSITE.COM</code> with the actual values; this will prompt for your credentials)</li>
-<li><code>Set-SPOTenant -EnableMinimumVersionRequirement $False</code></li>
-<li><code>Disconnect-SPOService</code> (to disconnect from the server)</li>
+<li>Run <code>rclone config</code> and select <code>n</code> for a new remote.</li>
 </ol>
-<p><em>Below are the steps for normal users to disable versioning. If you don't see the "No Versioning" option, make sure the above requirements are met.</em></p>
-<p>User <a href="https://github.com/Weropol">Weropol</a> has found a method to disable versioning on OneDrive</p>
-<ol type="1">
-<li>Open the settings menu by clicking on the gear symbol at the top of the OneDrive Business page.</li>
-<li>Click Site settings.</li>
-<li>Once on the Site settings page, navigate to Site Administration &gt; Site libraries and lists.</li>
-<li>Click Customize "Documents".</li>
-<li>Click General Settings &gt; Versioning Settings.</li>
-<li>Under Document Version History select the option No versioning. Note: This will disable the creation of new file versions, but will not remove any previous versions. Your documents are safe.</li>
-<li>Apply the changes by clicking OK.</li>
-<li>Use rclone to upload or modify files. (I also use the --no-update-modtime flag)</li>
-<li>Restore the versioning settings after using rclone. (Optional)</li>
+<pre><code>rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n</code></pre>
+<ol start="2" type="1">
+<li>Give the name of the configuration. For example, name it 'leviia'.</li>
 </ol>
-<h2 id="cleanup-3">Cleanup</h2>
-<p>OneDrive supports <code>rclone cleanup</code> which causes rclone to look through every file under the path supplied and delete all version but the current version. Because this involves traversing all the files, then querying each file for versions it can be quite slow. Rclone does <code>--checkers</code> tests in parallel. The command also supports <code>--interactive</code>/<code>i</code> or <code>--dry-run</code> which is a great way to see what it would do.</p>
-<pre><code>rclone cleanup --interactive remote:path/subdir # interactively remove all old version for path/subdir
-rclone cleanup remote:path/subdir               # unconditionally remove all old version for path/subdir</code></pre>
-<p><strong>NB</strong> Onedrive personal can't currently delete versions</p>
-<h2 id="troubleshooting-2">Troubleshooting</h2>
-<h3 id="excessive-throttling-or-blocked-on-sharepoint">Excessive throttling or blocked on SharePoint</h3>
-<p>If you experience excessive throttling or is being blocked on SharePoint then it may help to set the user agent explicitly with a flag like this: <code>--user-agent "ISV|rclone.org|rclone/v1.55.1"</code></p>
-<p>The specific details can be found in the Microsoft document: <a href="https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic-to-avoid-throttling">Avoid getting throttled or blocked in SharePoint Online</a></p>
-<h3 id="unexpected-file-sizehash-differences-on-sharepoint">Unexpected file size/hash differences on Sharepoint</h3>
-<p>It is a <a href="https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631">known</a> issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and hash checks to fail. There are also other situations that will cause OneDrive to report inconsistent file sizes. To use rclone with such affected files on Sharepoint, you may disable these checks with the following command line arguments:</p>
-<pre><code>--ignore-checksum --ignore-size</code></pre>
-<p>Alternatively, if you have write access to the OneDrive files, it may be possible to fix this problem for certain files, by attempting the steps below. Open the web interface for <a href="https://onedrive.live.com">OneDrive</a> and find the affected files (which will be in the error messages/log for rclone). Simply click on each of these files, causing OneDrive to open them on the web. This will cause each file to be converted in place to a format that is functionally equivalent but which will no longer trigger the size discrepancy. Once all problematic files are converted you will no longer need the ignore options above.</p>
-<h3 id="replacingdeleting-existing-files-on-sharepoint-gets-item-not-found">Replacing/deleting existing files on Sharepoint gets "item not found"</h3>
-<p>It is a <a href="https://github.com/OneDrive/onedrive-api-docs/issues/1068">known</a> issue that Sharepoint (not OneDrive or OneDrive for Business) may return "item not found" errors when users try to replace or delete uploaded files; this seems to mainly affect Office files (.docx, .xlsx, etc.) and web files (.html, .aspx, etc.). As a workaround, you may use the <code>--backup-dir &lt;BACKUP_DIR&gt;</code> command line argument so rclone moves the files to be replaced/deleted into a given backup directory (instead of directly replacing/deleting them). For example, to instruct rclone to move the files into the directory <code>rclone-backup-dir</code> on backend <code>mysharepoint</code>, you may use:</p>
-<pre><code>--backup-dir mysharepoint:rclone-backup-dir</code></pre>
-<h3 id="access_denied-aadsts65005">access_denied (AADSTS65005)</h3>
-<pre><code>Error: access_denied
-Code: AADSTS65005
-Description: Using application &#39;rclone&#39; is currently not supported for your organization [YOUR_ORGANIZATION] because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of [YOUR_ORGANIZATION] before the application rclone can be provisioned.</code></pre>
-<p>This means that rclone can't use the OneDrive for Business API with your account. You can't do much about it, maybe write an email to your admins.</p>
-<p>However, there are other ways to interact with your OneDrive account. Have a look at the WebDAV backend: https://rclone.org/webdav/#sharepoint</p>
-<h3 id="invalid_grant-aadsts50076">invalid_grant (AADSTS50076)</h3>
-<pre><code>Error: invalid_grant
-Code: AADSTS50076
-Description: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access &#39;...&#39;.</code></pre>
-<p>If you see the error above after enabling multi-factor authentication for your account, you can fix it by refreshing your OAuth refresh token. To do that, run <code>rclone config</code>, and choose to edit your OneDrive backend. Then, you don't need to actually make any changes until you reach this question: <code>Already have a token - refresh?</code>. For this question, answer <code>y</code> and go through the process to refresh your token, just like the first time the backend is configured. After this, rclone should work again for this backend.</p>
-<h3 id="invalid-request-when-making-public-links">Invalid request when making public links</h3>
-<p>On Sharepoint and OneDrive for Business, <code>rclone link</code> may return an "Invalid request" error. A possible cause is that the organisation admin didn't allow public links to be made for the organisation/sharepoint library. To fix the permissions as an admin, take a look at the docs: <a href="https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off">1</a>, <a href="https://support.microsoft.com/en-us/office/set-up-and-manage-access-requests-94b26e0b-2822-49d4-929a-8455698654b3">2</a>.</p>
-<h3 id="can-not-access-shared-with-me-files">Can not access <code>Shared</code> with me files</h3>
-<p>Shared with me files is not supported by rclone <a href="https://github.com/rclone/rclone/issues/4062">currently</a>, but there is a workaround:</p>
-<ol type="1">
-<li>Visit <a href="https://onedrive.live.com/">https://onedrive.live.com</a></li>
-<li>Right click a item in <code>Shared</code>, then click <code>Add shortcut to My files</code> in the context <img src="https://user-images.githubusercontent.com/60313789/206118040-7e762b3b-aa61-41a1-8649-cc18889f3572.png" title="Screenshot (Shared with me)" alt="make_shortcut" /></li>
-<li>The shortcut will appear in <code>My files</code>, you can access it with rclone, it behaves like a normal folder/file. <img src="https://i.imgur.com/0S8H3li.png" title="Screenshot (My Files)" alt="in_my_files" /> <img src="https://i.imgur.com/2Iq66sW.png" title="Screenshot (rclone mount)" alt="rclone_mount" /></li>
+<pre><code>name&gt; leviia</code></pre>
+<ol start="3" type="1">
+<li>Select <code>s3</code> storage.</li>
 </ol>
-<h3 id="live-photos-uploaded-from-ios-small-video-clips-in-.heic-files">Live Photos uploaded from iOS (small video clips in .heic files)</h3>
-<p>The iOS OneDrive app introduced <a href="https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/live-photos-come-to-onedrive/ba-p/1953452">upload and storage</a> of <a href="https://support.apple.com/en-gb/HT207310">Live Photos</a> in 2020. The usage and download of these uploaded Live Photos is unfortunately still work-in-progress and this introduces several issues when copying, synchronising and mounting – both in rclone and in the native OneDrive client on Windows.</p>
-<p>The root cause can easily be seen if you locate one of your Live Photos in the OneDrive web interface. Then download the photo from the web interface. You will then see that the size of downloaded .heic file is smaller than the size displayed in the web interface. The downloaded file is smaller because it only contains a single frame (still photo) extracted from the Live Photo (movie) stored in OneDrive.</p>
-<p>The different sizes will cause <code>rclone copy/sync</code> to repeatedly recopy unmodified photos something like this:</p>
-<pre><code>DEBUG : 20230203_123826234_iOS.heic: Sizes differ (src 4470314 vs dst 1298667)
-DEBUG : 20230203_123826234_iOS.heic: sha1 = fc2edde7863b7a7c93ca6771498ac797f8460750 OK
-INFO  : 20230203_123826234_iOS.heic: Copied (replaced existing)</code></pre>
-<p>These recopies can be worked around by adding <code>--ignore-size</code>. Please note that this workaround only syncs the still-picture not the movie clip, and relies on modification dates being correctly updated on all files in all situations.</p>
-<p>The different sizes will also cause <code>rclone check</code> to report size errors something like this:</p>
-<pre><code>ERROR : 20230203_123826234_iOS.heic: sizes differ</code></pre>
-<p>These check errors can be suppressed by adding <code>--ignore-size</code>.</p>
-<p>The different sizes will also cause <code>rclone mount</code> to fail downloading with an error something like this:</p>
-<pre><code>ERROR : 20230203_123826234_iOS.heic: ReadFileHandle.Read error: low level retry 1/10: unexpected EOF</code></pre>
-<p>or like this when using <code>--cache-mode=full</code>:</p>
-<pre><code>INFO  : 20230203_123826234_iOS.heic: vfs cache: downloader: error count now 1: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
-ERROR : 20230203_123826234_iOS.heic: vfs cache: failed to download: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:</code></pre>
-<h1 id="opendrive">OpenDrive</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-30">Configuration</h2>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q&gt; n
-name&gt; remote
+<pre><code>Choose a number from below, or type in your own value
+ 1 / 1Fichier
+   \ (fichier)
+ 2 / Akamai NetStorage
+   \ (netstorage)
+ 3 / Alias for an existing remote
+   \ (alias)
+ 4 / Amazon Drive
+   \ (amazon cloud drive)
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ (s3)
+[snip]
+Storage&gt; s3</code></pre>
+<ol start="4" type="1">
+<li>Select <code>Leviia</code> provider.</li>
+</ol>
+<pre><code>Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \ &quot;AWS&quot;
+[snip]
+15 / Leviia Object Storage
+   \ (Leviia)
+[snip]
+provider&gt; Leviia</code></pre>
+<ol start="5" type="1">
+<li>Enter your SecretId and SecretKey of Leviia.</li>
+</ol>
+<pre><code>Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+env_auth&gt; 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+access_key_id&gt; ZnIx.xxxxxxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+secret_access_key&gt; xxxxxxxxxxx</code></pre>
+<ol start="6" type="1">
+<li>Select endpoint for Leviia.</li>
+</ol>
+<pre><code>   / The default endpoint
+ 1 | Leviia.
+   \ (s3.leviia.com)
+[snip]
+endpoint&gt; 1</code></pre>
+<ol start="7" type="1">
+<li>Choose acl.</li>
+</ol>
+<pre><code>Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+[snip]
+acl&gt; 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n&gt; n
+Remote config
+--------------------
+[leviia]
+- type: s3
+- provider: Leviia
+- access_key_id: ZnIx.xxxxxxx
+- secret_access_key: xxxxxxxx
+- endpoint: s3.leviia.com
+- acl: private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y
+Current remotes:
+
+Name                 Type
+====                 ====
+leviia                s3</code></pre>
+<h3 id="liara-cloud">Liara</h3>
+<p>Here is an example of making a <a href="https://liara.ir/landing/object-storage">Liara Object Storage</a> configuration. First run:</p>
+<pre><code>rclone config</code></pre>
+<p>This will guide you through an interactive setup process.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s&gt; n
+name&gt; Liara
 Type of storage to configure.
 Choose a number from below, or type in your own value
 [snip]
-XX / OpenDrive
-   \ &quot;opendrive&quot;
+XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
+   \ &quot;s3&quot;
 [snip]
-Storage&gt; opendrive
-Username
-username&gt;
-Password
-y) Yes type in my own password
-g) Generate random password
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
+Storage&gt; s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+env_auth&gt; 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id&gt; YOURACCESSKEY
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key&gt; YOURSECRETACCESSKEY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \ &quot;us-east-1&quot;
+[snip]
+region&gt;
+Endpoint for S3 API.
+Leave blank if using Liara to use the default endpoint for the region.
+Specify if using an S3 clone such as Ceph.
+endpoint&gt; storage.iran.liara.space
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ &quot;private&quot;
+[snip]
+acl&gt;
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \ &quot;&quot;
+ 2 / AES256
+   \ &quot;AES256&quot;
+server_side_encryption&gt;
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ &quot;&quot;
+ 2 / Standard storage class
+   \ &quot;STANDARD&quot;
+storage_class&gt;
+Remote config
 --------------------
-[remote]
-username =
-password = *** ENCRYPTED ***
+[Liara]
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+endpoint = storage.iran.liara.space
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
 --------------------
 y) Yes this is OK
 e) Edit this remote
 d) Delete this remote
 y/e/d&gt; y</code></pre>
-<p>List directories in top level of your OpenDrive</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your OpenDrive</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an OpenDrive directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-md5sums-1">Modified time and MD5SUMs</h3>
-<p>OpenDrive allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
-<h3 id="restricted-filename-characters-20">Restricted filename characters</h3>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>NUL</td>
-<td style="text-align: center;">0x00</td>
-<td style="text-align: center;">␀</td>
-</tr>
-<tr class="even">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-<tr class="odd">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-<tr class="even">
-<td>*</td>
-<td style="text-align: center;">0x2A</td>
-<td style="text-align: center;">＊</td>
-</tr>
-<tr class="odd">
-<td>:</td>
-<td style="text-align: center;">0x3A</td>
-<td style="text-align: center;">：</td>
-</tr>
-<tr class="even">
-<td>&lt;</td>
-<td style="text-align: center;">0x3C</td>
-<td style="text-align: center;">＜</td>
-</tr>
-<tr class="odd">
-<td>&gt;</td>
-<td style="text-align: center;">0x3E</td>
-<td style="text-align: center;">＞</td>
-</tr>
-<tr class="even">
-<td>?</td>
-<td style="text-align: center;">0x3F</td>
-<td style="text-align: center;">？</td>
-</tr>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-<tr class="even">
-<td>|</td>
-<td style="text-align: center;">0x7C</td>
-<td style="text-align: center;">｜</td>
-</tr>
-</tbody>
-</table>
-<p>File names can also not begin or end with the following characters. These only get replaced if they are the first or last character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
-</tr>
-<tr class="even">
-<td>HT</td>
-<td style="text-align: center;">0x09</td>
-<td style="text-align: center;">␉</td>
-</tr>
-<tr class="odd">
-<td>LF</td>
-<td style="text-align: center;">0x0A</td>
-<td style="text-align: center;">␊</td>
-</tr>
-<tr class="even">
-<td>VT</td>
-<td style="text-align: center;">0x0B</td>
-<td style="text-align: center;">␋</td>
-</tr>
-<tr class="odd">
-<td>CR</td>
-<td style="text-align: center;">0x0D</td>
-<td style="text-align: center;">␍</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-29">Standard options</h3>
-<p>Here are the Standard options specific to opendrive (OpenDrive).</p>
-<h4 id="opendrive-username">--opendrive-username</h4>
-<p>Username.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: username</li>
-<li>Env Var: RCLONE_OPENDRIVE_USERNAME</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="opendrive-password">--opendrive-password</h4>
-<p>Password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password</li>
-<li>Env Var: RCLONE_OPENDRIVE_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h3 id="advanced-options-28">Advanced options</h3>
-<p>Here are the Advanced options specific to opendrive (OpenDrive).</p>
-<h4 id="opendrive-encoding">--opendrive-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_OPENDRIVE_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot</li>
-</ul>
-<h4 id="opendrive-chunk-size">--opendrive-chunk-size</h4>
-<p>Files will be uploaded in chunks this size.</p>
-<p>Note that these chunks are buffered in memory so increasing them will increase memory use.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_OPENDRIVE_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 10Mi</li>
-</ul>
-<h2 id="limitations-23">Limitations</h2>
-<p>Note that OpenDrive is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<p>There are quite a few characters that can't be in OpenDrive file names. These can't occur on Windows platforms, but on non-Windows platforms they are common. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a <code>?</code> in it will be mapped to <code>？</code> instead.</p>
-<p><code>rclone about</code> is not supported by the OpenDrive backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
-<p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="oracle-object-storage">Oracle Object Storage</h1>
-<p><a href="https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm">Oracle Object Storage Overview</a></p>
-<p><a href="https://www.oracle.com/cloud/storage/object-storage/faq/">Oracle Object Storage FAQ</a></p>
-<p>Paths are specified as <code>remote:bucket</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:bucket/path/to/dir</code>.</p>
-<h2 id="configuration-31">Configuration</h2>
-<p>Here is an example of making an oracle object storage configuration. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
+<p>This will leave the config file looking like this.</p>
+<pre><code>[Liara]
+type = s3
+provider = Liara
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region =
+endpoint = storage.iran.liara.space
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =</code></pre>
+<h3 id="linode">Linode</h3>
+<p>Here is an example of making a <a href="https://www.linode.com/products/object-storage/">Linode Object Storage</a> configuration. First run:</p>
+<pre><code>rclone config</code></pre>
+<p>This will guide you through an interactive setup process.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
 s) Set configuration password
 q) Quit config
-e/n/d/r/c/s/q&gt; n
+n/s/q&gt; n
 
 Enter name for new remote.
-name&gt; remote
+name&gt; linode
 
 Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 [snip]
-XX / Oracle Cloud Infrastructure Object Storage
-   \ (oracleobjectstorage)
-Storage&gt; oracleobjectstorage
+ X / Amazon S3 Compliant Storage Providers including AWS, ...Linode, ...and others
+   \ (s3)
+[snip]
+Storage&gt; s3
 
 Option provider.
-Choose your Auth Provider
-Choose a number from below, or type in your own string value.
-Press Enter for the default (env_auth).
- 1 / automatically pickup the credentials from runtime(env), first one to provide auth wins
-   \ (env_auth)
-   / use an OCI user and an API key for authentication.
- 2 | you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
-   | https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
-   \ (user_principal_auth)
-   / use instance principals to authorize an instance to make API calls. 
- 3 | each instance has its own identity, and authenticates using the certificates that are read from instance metadata. 
-   | https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
-   \ (instance_principal_auth)
- 4 / use resource principals to make API calls
-   \ (resource_principal_auth)
- 5 / no credentials needed, this is typically for reading public buckets
-   \ (no_auth)
-provider&gt; 2
-
-Option namespace.
-Object storage namespace
-Enter a value.
-namespace&gt; idbamagbg734
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Linode Object Storage
+   \ (Linode)
+[snip]
+provider&gt; Linode
 
-Option compartment.
-Object storage compartment OCID
-Enter a value.
-compartment&gt; ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt; 
 
-Option region.
-Object storage Region
-Enter a value.
-region&gt; us-ashburn-1
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; ACCESS_KEY
 
-Option endpoint.
-Endpoint for Object storage API.
-Leave blank to use the default endpoint for the region.
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
 Enter a value. Press Enter to leave empty.
-endpoint&gt; 
-
-Option config_file.
-Full Path to OCI config file
-Choose a number from below, or type in your own string value.
-Press Enter for the default (~/.oci/config).
- 1 / oci configuration file location
-   \ (~/.oci/config)
-config_file&gt; /etc/oci/dev.conf
-
-Option config_profile.
-Profile name inside OCI config file
-Choose a number from below, or type in your own string value.
-Press Enter for the default (Default).
- 1 / Use the default profile
-   \ (Default)
-config_profile&gt; Test
+secret_access_key&gt; SECRET_ACCESS_KEY
+
+Option endpoint.
+Endpoint for Linode Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Atlanta, GA (USA), us-southeast-1
+   \ (us-southeast-1.linodeobjects.com)
+ 2 / Chicago, IL (USA), us-ord-1
+   \ (us-ord-1.linodeobjects.com)
+ 3 / Frankfurt (Germany), eu-central-1
+   \ (eu-central-1.linodeobjects.com)
+ 4 / Milan (Italy), it-mil-1
+   \ (it-mil-1.linodeobjects.com)
+ 5 / Newark, NJ (USA), us-east-1
+   \ (us-east-1.linodeobjects.com)
+ 6 / Paris (France), fr-par-1
+   \ (fr-par-1.linodeobjects.com)
+ 7 / Seattle, WA (USA), us-sea-1
+   \ (us-sea-1.linodeobjects.com)
+ 8 / Singapore ap-south-1
+   \ (ap-south-1.linodeobjects.com)
+ 9 / Stockholm (Sweden), se-sto-1
+   \ (se-sto-1.linodeobjects.com)
+10 / Washington, DC, (USA), us-iad-1
+   \ (us-iad-1.linodeobjects.com)
+endpoint&gt; 3
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+[snip]
+acl&gt; 
 
 Edit advanced config?
 y) Yes
 n) No (default)
 y/n&gt; n
-
-Configuration complete.
-Options:
-- type: oracleobjectstorage
-- namespace: idbamagbg734
-- compartment: ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
-- region: us-ashburn-1
-- provider: user_principal_auth
-- config_file: /etc/oci/dev.conf
-- config_profile: Test
-Keep this &quot;remote&quot; remote?
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See all buckets</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Create a new bucket</p>
-<pre><code>rclone mkdir remote:bucket</code></pre>
-<p>List the contents of a bucket</p>
-<pre><code>rclone ls remote:bucket
-rclone ls remote:bucket --max-depth 1</code></pre>
-<h3 id="oci-authentication-provider">OCI Authentication Provider</h3>
-<p>OCI has various authentication methods. To learn more about authentication methods please refer <a href="https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm">oci authentication methods</a> These choices can be specified in the rclone config file.</p>
-<p>Rclone supports the following OCI authentication provider.</p>
-<pre><code>User Principal
-Instance Principal
-Resource Principal
-No authentication</code></pre>
-<h4 id="authentication-provider-choice-user-principal">Authentication provider choice: User Principal</h4>
-<p>Sample rclone config file for Authentication Provider User Principal:</p>
-<pre><code>[oos]
-type = oracleobjectstorage
-namespace = id&lt;redacted&gt;34
-compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;ba
-region = us-ashburn-1
-provider = user_principal_auth
-config_file = /home/opc/.oci/config
-config_profile = Default</code></pre>
-<p>Advantages: - One can use this method from any server within OCI or on-premises or from other cloud provider.</p>
-<p>Considerations: - you need to configure user’s privileges / policy to allow access to object storage - Overhead of managing users and keys. - If the user is deleted, the config file will no longer work and may cause automation regressions that use the user's credentials.</p>
-<h4 id="authentication-provider-choice-instance-principal">Authentication provider choice: Instance Principal</h4>
-<p>An OCI compute instance can be authorized to use rclone by using it's identity and certificates as an instance principal. With this approach no credentials have to be stored and managed.</p>
-<p>Sample rclone configuration file for Authentication Provider Instance Principal:</p>
-<pre><code>[opc@rclone ~]$ cat ~/.config/rclone/rclone.conf
-[oos]
-type = oracleobjectstorage
-namespace = id&lt;redacted&gt;fn
-compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;k7a
-region = us-ashburn-1
-provider = instance_principal_auth</code></pre>
-<p>Advantages:</p>
-<ul>
-<li>With instance principals, you don't need to configure user credentials and transfer/ save it to disk in your compute instances or rotate the credentials.</li>
-<li>You don’t need to deal with users and keys.</li>
-<li>Greatly helps in automation as you don't have to manage access keys, user private keys, storing them in vault, using kms etc.</li>
-</ul>
-<p>Considerations:</p>
-<ul>
-<li>You need to configure a dynamic group having this instance as member and add policy to read object storage to that dynamic group.</li>
-<li>Everyone who has access to this machine can execute the CLI commands.</li>
-<li>It is applicable for oci compute instances only. It cannot be used on external instance or resources.</li>
-</ul>
-<h4 id="authentication-provider-choice-resource-principal">Authentication provider choice: Resource Principal</h4>
-<p>Resource principal auth is very similar to instance principal auth but used for resources that are not compute instances such as <a href="https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm">serverless functions</a>. To use resource principal ensure Rclone process is started with these environment variables set in its process.</p>
-<pre><code>export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
-export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
-export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
-export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token</code></pre>
-<p>Sample rclone configuration file for Authentication Provider Resource Principal:</p>
-<pre><code>[oos]
-type = oracleobjectstorage
-namespace = id&lt;redacted&gt;34
-compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;ba
-region = us-ashburn-1
-provider = resource_principal_auth</code></pre>
-<h4 id="authentication-provider-choice-no-authentication">Authentication provider choice: No authentication</h4>
-<p>Public buckets do not require any authentication mechanism to read objects. Sample rclone configuration file for No authentication:</p>
-<pre><code>[oos]
-type = oracleobjectstorage
-namespace = id&lt;redacted&gt;34
-compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;ba
-region = us-ashburn-1
-provider = no_auth</code></pre>
-<h2 id="options-87">Options</h2>
-<h3 id="modified-time-10">Modified time</h3>
-<p>The modified time is stored as metadata on the object as <code>opc-meta-mtime</code> as floating point since the epoch, accurate to 1 ns.</p>
-<p>If the modification time needs to be updated rclone will attempt to perform a server side copy to update the modification if the object can be copied in a single part. In the case the object is larger than 5Gb, the object will be uploaded rather than copied.</p>
-<p>Note that reading this from the object takes an additional <code>HEAD</code> request as the metadata isn't returned in object listings.</p>
-<h3 id="multipart-uploads-1">Multipart uploads</h3>
-<p>rclone supports multipart uploads with OOS which means that it can upload files bigger than 5 GiB.</p>
-<p>Note that files uploaded <em>both</em> with multipart upload <em>and</em> through crypt remotes do not have MD5 sums.</p>
-<p>rclone switches from single part uploads to multipart uploads at the point specified by <code>--oos-upload-cutoff</code>. This can be a maximum of 5 GiB and a minimum of 0 (ie always upload multipart files).</p>
-<p>The chunk sizes used in the multipart upload are specified by <code>--oos-chunk-size</code> and the number of chunks uploaded concurrently is specified by <code>--oos-upload-concurrency</code>.</p>
-<p>Multipart uploads will use <code>--transfers</code> * <code>--oos-upload-concurrency</code> * <code>--oos-chunk-size</code> extra memory. Single part uploads to not use extra memory.</p>
-<p>Single part transfers can be faster than multipart transfers or slower depending on your latency from oos - the more latency, the more likely single part transfers will be faster.</p>
-<p>Increasing <code>--oos-upload-concurrency</code> will increase throughput (8 would be a sensible value) and increasing <code>--oos-chunk-size</code> also increases throughput (16M would be sensible). Increasing either of these will use more memory. The default values are high enough to gain most of the possible performance without using too much memory.</p>
-<h3 id="standard-options-30">Standard options</h3>
-<p>Here are the Standard options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).</p>
-<h4 id="oos-provider">--oos-provider</h4>
-<p>Choose your Auth Provider</p>
-<p>Properties:</p>
-<ul>
-<li>Config: provider</li>
-<li>Env Var: RCLONE_OOS_PROVIDER</li>
-<li>Type: string</li>
-<li>Default: "env_auth"</li>
-<li>Examples:
-<ul>
-<li>"env_auth"
-<ul>
-<li>automatically pickup the credentials from runtime(env), first one to provide auth wins</li>
-</ul></li>
-<li>"user_principal_auth"
-<ul>
-<li>use an OCI user and an API key for authentication.</li>
-<li>you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.</li>
-<li>https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm</li>
-</ul></li>
-<li>"instance_principal_auth"
-<ul>
-<li>use instance principals to authorize an instance to make API calls.</li>
-<li>each instance has its own identity, and authenticates using the certificates that are read from instance metadata.</li>
-<li>https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm</li>
-</ul></li>
-<li>"resource_principal_auth"
-<ul>
-<li>use resource principals to make API calls</li>
-</ul></li>
-<li>"no_auth"
-<ul>
-<li>no credentials needed, this is typically for reading public buckets</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="oos-namespace">--oos-namespace</h4>
-<p>Object storage namespace</p>
-<p>Properties:</p>
-<ul>
-<li>Config: namespace</li>
-<li>Env Var: RCLONE_OOS_NAMESPACE</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="oos-compartment">--oos-compartment</h4>
-<p>Object storage compartment OCID</p>
-<p>Properties:</p>
-<ul>
-<li>Config: compartment</li>
-<li>Env Var: RCLONE_OOS_COMPARTMENT</li>
-<li>Provider: !no_auth</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="oos-region">--oos-region</h4>
-<p>Object storage Region</p>
-<p>Properties:</p>
-<ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_OOS_REGION</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="oos-endpoint">--oos-endpoint</h4>
-<p>Endpoint for Object storage API.</p>
-<p>Leave blank to use the default endpoint for the region.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_OOS_ENDPOINT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="oos-config-file">--oos-config-file</h4>
-<p>Path to OCI config file</p>
-<p>Properties:</p>
-<ul>
-<li>Config: config_file</li>
-<li>Env Var: RCLONE_OOS_CONFIG_FILE</li>
-<li>Provider: user_principal_auth</li>
-<li>Type: string</li>
-<li>Default: "~/.oci/config"</li>
-<li>Examples:
-<ul>
-<li>"~/.oci/config"
-<ul>
-<li>oci configuration file location</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="oos-config-profile">--oos-config-profile</h4>
-<p>Profile name inside the oci config file</p>
-<p>Properties:</p>
-<ul>
-<li>Config: config_profile</li>
-<li>Env Var: RCLONE_OOS_CONFIG_PROFILE</li>
-<li>Provider: user_principal_auth</li>
-<li>Type: string</li>
-<li>Default: "Default"</li>
-<li>Examples:
-<ul>
-<li>"Default"
-<ul>
-<li>Use the default profile</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-29">Advanced options</h3>
-<p>Here are the Advanced options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).</p>
-<h4 id="oos-storage-tier">--oos-storage-tier</h4>
-<p>The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_tier</li>
-<li>Env Var: RCLONE_OOS_STORAGE_TIER</li>
-<li>Type: string</li>
-<li>Default: "Standard"</li>
-<li>Examples:
-<ul>
-<li>"Standard"
-<ul>
-<li>Standard storage tier, this is the default tier</li>
-</ul></li>
-<li>"InfrequentAccess"
-<ul>
-<li>InfrequentAccess storage tier</li>
-</ul></li>
-<li>"Archive"
-<ul>
-<li>Archive storage tier</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="oos-upload-cutoff">--oos-upload-cutoff</h4>
-<p>Cutoff for switching to chunked upload.</p>
-<p>Any files larger than this will be uploaded in chunks of chunk_size. The minimum is 0 and the maximum is 5 GiB.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_OOS_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 200Mi</li>
-</ul>
-<h4 id="oos-chunk-size">--oos-chunk-size</h4>
-<p>Chunk size to use for uploading.</p>
-<p>When uploading files larger than upload_cutoff or files with unknown size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google photos or google docs) they will be uploaded as multipart uploads using this chunk size.</p>
-<p>Note that "upload_concurrency" chunks of this size are buffered in memory per transfer.</p>
-<p>If you are transferring large files over high-speed links and you have enough memory, then increasing this will speed up the transfers.</p>
-<p>Rclone will automatically increase the chunk size when uploading a large file of known size to stay below the 10,000 chunks limit.</p>
-<p>Files of unknown size are uploaded with the configured chunk_size. Since the default chunk size is 5 MiB and there can be at most 10,000 chunks, this means that by default the maximum size of a file you can stream upload is 48 GiB. If you wish to stream upload larger files then you will need to increase chunk_size.</p>
-<p>Increasing the chunk size decreases the accuracy of the progress statistics displayed with "-P" flag.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_OOS_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 5Mi</li>
-</ul>
-<h4 id="oos-upload-concurrency">--oos-upload-concurrency</h4>
-<p>Concurrency for multipart uploads.</p>
-<p>This is the number of chunks of the same file that are uploaded concurrently.</p>
-<p>If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_concurrency</li>
-<li>Env Var: RCLONE_OOS_UPLOAD_CONCURRENCY</li>
-<li>Type: int</li>
-<li>Default: 10</li>
-</ul>
-<h4 id="oos-copy-cutoff">--oos-copy-cutoff</h4>
-<p>Cutoff for switching to multipart copy.</p>
-<p>Any files larger than this that need to be server-side copied will be copied in chunks of this size.</p>
-<p>The minimum is 0 and the maximum is 5 GiB.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: copy_cutoff</li>
-<li>Env Var: RCLONE_OOS_COPY_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 4.656Gi</li>
-</ul>
-<h4 id="oos-copy-timeout">--oos-copy-timeout</h4>
-<p>Timeout for copy.</p>
-<p>Copy is an asynchronous operation, specify timeout to wait for copy to succeed</p>
-<p>Properties:</p>
-<ul>
-<li>Config: copy_timeout</li>
-<li>Env Var: RCLONE_OOS_COPY_TIMEOUT</li>
-<li>Type: Duration</li>
-<li>Default: 1m0s</li>
-</ul>
-<h4 id="oos-disable-checksum">--oos-disable-checksum</h4>
-<p>Don't store MD5 checksum with object metadata.</p>
-<p>Normally rclone will calculate the MD5 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: disable_checksum</li>
-<li>Env Var: RCLONE_OOS_DISABLE_CHECKSUM</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="oos-encoding">--oos-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_OOS_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,InvalidUtf8,Dot</li>
-</ul>
-<h4 id="oos-leave-parts-on-error">--oos-leave-parts-on-error</h4>
-<p>If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.</p>
-<p>It should be set to true for resuming uploads across different sessions.</p>
-<p>WARNING: Storing parts of an incomplete multipart upload counts towards space usage on object storage and will add additional costs if not cleaned up.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: leave_parts_on_error</li>
-<li>Env Var: RCLONE_OOS_LEAVE_PARTS_ON_ERROR</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="oos-no-check-bucket">--oos-no-check-bucket</h4>
-<p>If set, don't attempt to check the bucket exists or create it.</p>
-<p>This can be useful when trying to minimise the number of transactions rclone does if you know the bucket exists already.</p>
-<p>It can also be needed if the user you are using does not have bucket creation permissions.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_check_bucket</li>
-<li>Env Var: RCLONE_OOS_NO_CHECK_BUCKET</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="oos-sse-customer-key-file">--oos-sse-customer-key-file</h4>
-<p>To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated with the object. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.'</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_key_file</li>
-<li>Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_FILE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="oos-sse-customer-key">--oos-sse-customer-key</h4>
-<p>To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt the data. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed. For more information, see Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm)</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_key</li>
-<li>Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="oos-sse-customer-key-sha256">--oos-sse-customer-key-sha256</h4>
-<p>If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption key. This value is used to check the integrity of the encryption key. see Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_key_sha256</li>
-<li>Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="oos-sse-kms-key-id">--oos-sse-kms-key-id</h4>
-<p>if using using your own master key in vault, this header specifies the OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_kms_key_id</li>
-<li>Env Var: RCLONE_OOS_SSE_KMS_KEY_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="oos-sse-customer-algorithm">--oos-sse-customer-algorithm</h4>
-<p>If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm. Object Storage supports "AES256" as the encryption algorithm. For more information, see Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: sse_customer_algorithm</li>
-<li>Env Var: RCLONE_OOS_SSE_CUSTOMER_ALGORITHM</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>None</li>
-</ul></li>
-<li>"AES256"
-<ul>
-<li>AES256</li>
-</ul></li>
-</ul></li>
-</ul>
-<h2 id="backend-commands-6">Backend commands</h2>
-<p>Here are the commands specific to the oracleobjectstorage backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="rename">rename</h3>
-<p>change the name of an object</p>
-<pre><code>rclone backend rename remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command can be used to rename a object.</p>
-<p>Usage Examples:</p>
-<pre><code>rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name</code></pre>
-<h3 id="list-multipart-uploads-1">list-multipart-uploads</h3>
-<p>List the unfinished multipart uploads</p>
-<pre><code>rclone backend list-multipart-uploads remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command lists the unfinished multipart uploads in JSON format.</p>
-<pre><code>rclone backend list-multipart-uploads oos:bucket/path/to/object</code></pre>
-<p>It returns a dictionary of buckets with values as lists of unfinished multipart uploads.</p>
-<p>You can call it with no bucket in which case it lists all bucket, with a bucket or with a bucket and path.</p>
-<pre><code>{
-  &quot;test-bucket&quot;: [
-            {
-                    &quot;namespace&quot;: &quot;test-namespace&quot;,
-                    &quot;bucket&quot;: &quot;test-bucket&quot;,
-                    &quot;object&quot;: &quot;600m.bin&quot;,
-                    &quot;uploadId&quot;: &quot;51dd8114-52a4-b2f2-c42f-5291f05eb3c8&quot;,
-                    &quot;timeCreated&quot;: &quot;2022-07-29T06:21:16.595Z&quot;,
-                    &quot;storageTier&quot;: &quot;Standard&quot;
-            }
-    ]</code></pre>
-<h3 id="cleanup-4">cleanup</h3>
-<p>Remove unfinished multipart uploads.</p>
-<pre><code>rclone backend cleanup remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This command removes unfinished multipart uploads of age greater than max-age which defaults to 24 hours.</p>
-<p>Note that you can use --interactive/-i or --dry-run with this command to see what it would do.</p>
-<pre><code>rclone backend cleanup oos:bucket/path/to/object
-rclone backend cleanup -o max-age=7w oos:bucket/path/to/object</code></pre>
-<p>Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.</p>
-<p>Options:</p>
-<ul>
-<li>"max-age": Max age of upload to delete</li>
-</ul>
-<h1 id="qingstor">QingStor</h1>
-<p>Paths are specified as <code>remote:bucket</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:bucket/path/to/dir</code>.</p>
-<h2 id="configuration-32">Configuration</h2>
-<p>Here is an example of making an QingStor configuration. First run</p>
-<pre><code>rclone config</code></pre>
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Linode
+- access_key_id: ACCESS_KEY
+- secret_access_key: SECRET_ACCESS_KEY
+- endpoint: eu-central-1.linodeobjects.com
+Keep this &quot;linode&quot; remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<p>This will leave the config file looking like this.</p>
+<pre><code>[linode]
+type = s3
+provider = Linode
+access_key_id = ACCESS_KEY
+secret_access_key = SECRET_ACCESS_KEY
+endpoint = eu-central-1.linodeobjects.com</code></pre>
+<h3 id="arvan-cloud">ArvanCloud</h3>
+<p><a href="https://www.arvancloud.com/en/products/cloud-storage">ArvanCloud</a> ArvanCloud Object Storage goes beyond the limited traditional file storage. It gives you access to backup and archived files and allows sharing. Files like profile image in the app, images sent by users or scanned documents can be stored securely and easily in our Object Storage service.</p>
+<p>ArvanCloud provides an S3 interface which can be configured for use with rclone like this.</p>
+<pre><code>No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s&gt; n
+name&gt; ArvanCloud
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
+   \ &quot;s3&quot;
+[snip]
+Storage&gt; s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+env_auth&gt; 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id&gt; YOURACCESSKEY
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key&gt; YOURSECRETACCESSKEY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint - a good choice if you are unsure.
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \ &quot;us-east-1&quot;
+[snip]
+region&gt; 
+Endpoint for S3 API.
+Leave blank if using ArvanCloud to use the default endpoint for the region.
+Specify if using an S3 clone such as Ceph.
+endpoint&gt; s3.arvanstorage.com
+Location constraint - must be set to match the Region. Used when creating buckets only.
+Choose a number from below, or type in your own value
+ 1 / Empty for Iran-Tehran Region.
+   \ &quot;&quot;
+[snip]
+location_constraint&gt;
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ &quot;private&quot;
+[snip]
+acl&gt;
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \ &quot;&quot;
+ 2 / AES256
+   \ &quot;AES256&quot;
+server_side_encryption&gt;
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ &quot;&quot;
+ 2 / Standard storage class
+   \ &quot;STANDARD&quot;
+storage_class&gt;
+Remote config
+--------------------
+[ArvanCloud]
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region = ir-thr-at1
+endpoint = s3.arvanstorage.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y</code></pre>
+<p>This will leave the config file looking like this.</p>
+<pre><code>[ArvanCloud]
+type = s3
+provider = ArvanCloud
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region =
+endpoint = s3.arvanstorage.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =</code></pre>
+<h3 id="tencent-cos">Tencent COS</h3>
+<p><a href="https://intl.cloud.tencent.com/product/cos">Tencent Cloud Object Storage (COS)</a> is a distributed storage service offered by Tencent Cloud for unstructured data. It is secure, stable, massive, convenient, low-delay and low-cost.</p>
+<p>To configure access to Tencent COS, follow the steps below:</p>
+<ol type="1">
+<li>Run <code>rclone config</code> and select <code>n</code> for a new remote.</li>
+</ol>
+<pre><code>rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q&gt; n</code></pre>
+<ol start="2" type="1">
+<li>Give the name of the configuration. For example, name it 'cos'.</li>
+</ol>
+<pre><code>name&gt; cos</code></pre>
+<ol start="3" type="1">
+<li>Select <code>s3</code> storage.</li>
+</ol>
+<pre><code>Choose a number from below, or type in your own value
+1 / 1Fichier
+   \ &quot;fichier&quot;
+ 2 / Alias for an existing remote
+   \ &quot;alias&quot;
+ 3 / Amazon Drive
+   \ &quot;amazon cloud drive&quot;
+ 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
+   \ &quot;s3&quot;
+[snip]
+Storage&gt; s3</code></pre>
+<ol start="4" type="1">
+<li>Select <code>TencentCOS</code> provider.</li>
+</ol>
+<pre><code>Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \ &quot;AWS&quot;
+[snip]
+11 / Tencent Cloud Object Storage (COS)
+   \ &quot;TencentCOS&quot;
+[snip]
+provider&gt; TencentCOS</code></pre>
+<ol start="5" type="1">
+<li>Enter your SecretId and SecretKey of Tencent Cloud.</li>
+</ol>
+<pre><code>Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+env_auth&gt; 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+access_key_id&gt; AKIDxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+secret_access_key&gt; xxxxxxxxxxx</code></pre>
+<ol start="6" type="1">
+<li>Select endpoint for Tencent COS. This is the standard endpoint for different region.</li>
+</ol>
+<pre><code> 1 / Beijing Region.
+   \ &quot;cos.ap-beijing.myqcloud.com&quot;
+ 2 / Nanjing Region.
+   \ &quot;cos.ap-nanjing.myqcloud.com&quot;
+ 3 / Shanghai Region.
+   \ &quot;cos.ap-shanghai.myqcloud.com&quot;
+ 4 / Guangzhou Region.
+   \ &quot;cos.ap-guangzhou.myqcloud.com&quot;
+[snip]
+endpoint&gt; 4</code></pre>
+<ol start="7" type="1">
+<li>Choose acl and storage class.</li>
+</ol>
+<pre><code>Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 1 / Owner gets Full_CONTROL. No one else has access rights (default).
+   \ &quot;default&quot;
+[snip]
+acl&gt; 1
+The storage class to use when storing new objects in Tencent COS.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ &quot;&quot;
+[snip]
+storage_class&gt; 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n&gt; n
+Remote config
+--------------------
+[cos]
+type = s3
+provider = TencentCOS
+env_auth = false
+access_key_id = xxx
+secret_access_key = xxx
+endpoint = cos.ap-guangzhou.myqcloud.com
+acl = default
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d&gt; y
+Current remotes:
+
+Name                 Type
+====                 ====
+cos                  s3</code></pre>
+<h3 id="netease-nos">Netease NOS</h3>
+<p>For Netease NOS configure as per the configurator <code>rclone config</code> setting the provider <code>Netease</code>. This will automatically set <code>force_path_style = false</code> which is necessary for it to run properly.</p>
+<h3 id="petabox">Petabox</h3>
+<p>Here is an example of making a <a href="https://petabox.io/">Petabox</a> configuration. First run:</p>
+<div class="sourceCode" id="cb918"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb918-1"><a href="#cb918-1" aria-hidden="true"></a><span class="ex">rclone</span> config</span></code></pre></div>
 <p>This will guide you through an interactive setup process.</p>
 <pre><code>No remotes found, make a new one?
 n) New remote
-r) Rename remote
-c) Copy remote
 s) Set configuration password
-q) Quit config
-n/r/c/s/q&gt; n
-name&gt; remote
+n/s&gt; n
+
+Enter name for new remote.
+name&gt; My Petabox Storage
+
+Option Storage.
 Type of storage to configure.
-Choose a number from below, or type in your own value
+Choose a number from below, or type in your own value.
 [snip]
-XX / QingStor Object Storage
-   \ &quot;qingstor&quot;
+XX / Amazon S3 Compliant Storage Providers including AWS, ...
+   \ &quot;s3&quot;
 [snip]
-Storage&gt; qingstor
-Get QingStor credentials from runtime. Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter QingStor credentials in the next step
-   \ &quot;false&quot;
- 2 / Get QingStor credentials from the environment (env vars or IAM)
-   \ &quot;true&quot;
+Storage&gt; s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Petabox Object Storage
+   \ (Petabox)
+[snip]
+provider&gt; Petabox
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
 env_auth&gt; 1
-QingStor Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id&gt; access_key
-QingStor Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key&gt; secret_key
-Enter an endpoint URL to connection QingStor API.
-Leave blank will use the default value &quot;https://qingstor.com:443&quot;
-endpoint&gt;
-Zone connect to. Default is &quot;pek3a&quot;.
-Choose a number from below, or type in your own value
-   / The Beijing (China) Three Zone
- 1 | Needs location constraint pek3a.
-   \ &quot;pek3a&quot;
-   / The Shanghai (China) First Zone
- 2 | Needs location constraint sh1a.
-   \ &quot;sh1a&quot;
-zone&gt; 1
-Number of connection retry.
-Leave blank will use the default value &quot;3&quot;.
-connection_retries&gt;
-Remote config
---------------------
-[remote]
-env_auth = false
-access_key_id = access_key
-secret_access_key = secret_key
-endpoint =
-zone = pek3a
-connection_retries =
---------------------
-y) Yes this is OK
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; YOUR_ACCESS_KEY_ID
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; YOUR_SECRET_ACCESS_KEY
+
+Option region.
+Region where your bucket will be created and your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / US East (N. Virginia)
+   \ (us-east-1)
+ 2 / Europe (Frankfurt)
+   \ (eu-central-1)
+ 3 / Asia Pacific (Singapore)
+   \ (ap-southeast-1)
+ 4 / Middle East (Bahrain)
+   \ (me-south-1)
+ 5 / South America (São Paulo)
+   \ (sa-east-1)
+region&gt; 1
+
+Option endpoint.
+Endpoint for Petabox S3 Object Storage.
+Specify the endpoint from the same region.
+Choose a number from below, or type in your own value.
+ 1 / US East (N. Virginia)
+   \ (s3.petabox.io)
+ 2 / US East (N. Virginia)
+   \ (s3.us-east-1.petabox.io)
+ 3 / Europe (Frankfurt)
+   \ (s3.eu-central-1.petabox.io)
+ 4 / Asia Pacific (Singapore)
+   \ (s3.ap-southeast-1.petabox.io)
+ 5 / Middle East (Bahrain)
+   \ (s3.me-south-1.petabox.io)
+ 6 / South America (São Paulo)
+   \ (s3.sa-east-1.petabox.io)
+endpoint&gt; 1
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn&#39;t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn&#39;t copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+   / Owner gets FULL_CONTROL.
+ 3 | The AllUsers group gets READ and WRITE access.
+   | Granting this on a bucket is generally not recommended.
+   \ (public-read-write)
+   / Owner gets FULL_CONTROL.
+ 4 | The AuthenticatedUsers group gets READ access.
+   \ (authenticated-read)
+   / Object owner gets FULL_CONTROL.
+ 5 | Bucket owner gets READ access.
+   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-read)
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-full-control)
+acl&gt; 1
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n&gt; No
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Petabox
+- access_key_id: YOUR_ACCESS_KEY_ID
+- secret_access_key: YOUR_SECRET_ACCESS_KEY
+- region: us-east-1
+- endpoint: s3.petabox.io
+Keep this &quot;My Petabox Storage&quot; remote?
+y) Yes this is OK (default)
 e) Edit this remote
 d) Delete this remote
 y/e/d&gt; y</code></pre>
-<p>This remote is called <code>remote</code> and can now be used like this</p>
-<p>See all buckets</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Make a new bucket</p>
-<pre><code>rclone mkdir remote:bucket</code></pre>
-<p>List the contents of a bucket</p>
-<pre><code>rclone ls remote:bucket</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote bucket, deleting any excess files in the bucket.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:bucket</code></pre>
-<h3 id="fast-list-6">--fast-list</h3>
-<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
-<h3 id="multipart-uploads-2">Multipart uploads</h3>
-<p>rclone supports multipart uploads with QingStor which means that it can upload files bigger than 5 GiB. Note that files uploaded with multipart upload don't have an MD5SUM.</p>
-<p>Note that incomplete multipart uploads older than 24 hours can be removed with <code>rclone cleanup remote:bucket</code> just for one bucket <code>rclone cleanup remote:</code> for all buckets. QingStor does not ever remove incomplete multipart uploads so it may be necessary to run this from time to time.</p>
-<h3 id="buckets-and-zone">Buckets and Zone</h3>
-<p>With QingStor you can list buckets (<code>rclone lsd</code>) using any zone, but you can only access the content of a bucket from the zone it was created in. If you attempt to access a bucket from the wrong zone, you will get an error, <code>incorrect zone, the bucket is not in 'XXX' zone</code>.</p>
-<h3 id="authentication-6">Authentication</h3>
-<p>There are two ways to supply <code>rclone</code> with a set of QingStor credentials. In order of precedence:</p>
-<ul>
-<li>Directly in the rclone configuration file (as configured by <code>rclone config</code>)
-<ul>
-<li>set <code>access_key_id</code> and <code>secret_access_key</code></li>
-</ul></li>
-<li>Runtime configuration:
-<ul>
-<li>set <code>env_auth</code> to <code>true</code> in the config file</li>
-<li>Exporting the following environment variables before running <code>rclone</code>
-<ul>
-<li>Access Key ID: <code>QS_ACCESS_KEY_ID</code> or <code>QS_ACCESS_KEY</code></li>
-<li>Secret Access Key: <code>QS_SECRET_ACCESS_KEY</code> or <code>QS_SECRET_KEY</code></li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="restricted-filename-characters-21">Restricted filename characters</h3>
-<p>The control characters 0x00-0x1F and / are replaced as in the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a>. Note that 0x7F is not replaced.</p>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-31">Standard options</h3>
-<p>Here are the Standard options specific to qingstor (QingCloud Object Storage).</p>
-<h4 id="qingstor-env-auth">--qingstor-env-auth</h4>
-<p>Get QingStor credentials from runtime.</p>
-<p>Only applies if access_key_id and secret_access_key is blank.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: env_auth</li>
-<li>Env Var: RCLONE_QINGSTOR_ENV_AUTH</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-<li>Examples:
-<ul>
-<li>"false"
-<ul>
-<li>Enter QingStor credentials in the next step.</li>
-</ul></li>
-<li>"true"
-<ul>
-<li>Get QingStor credentials from the environment (env vars or IAM).</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="qingstor-access-key-id">--qingstor-access-key-id</h4>
-<p>QingStor Access Key ID.</p>
-<p>Leave blank for anonymous access or runtime credentials.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: access_key_id</li>
-<li>Env Var: RCLONE_QINGSTOR_ACCESS_KEY_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="qingstor-secret-access-key">--qingstor-secret-access-key</h4>
-<p>QingStor Secret Access Key (password).</p>
-<p>Leave blank for anonymous access or runtime credentials.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: secret_access_key</li>
-<li>Env Var: RCLONE_QINGSTOR_SECRET_ACCESS_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="qingstor-endpoint">--qingstor-endpoint</h4>
-<p>Enter an endpoint URL to connection QingStor API.</p>
-<p>Leave blank will use the default value "https://qingstor.com:443".</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint</li>
-<li>Env Var: RCLONE_QINGSTOR_ENDPOINT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="qingstor-zone">--qingstor-zone</h4>
-<p>Zone to connect to.</p>
-<p>Default is "pek3a".</p>
-<p>Properties:</p>
-<ul>
-<li>Config: zone</li>
-<li>Env Var: RCLONE_QINGSTOR_ZONE</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"pek3a"
-<ul>
-<li>The Beijing (China) Three Zone.</li>
-<li>Needs location constraint pek3a.</li>
-</ul></li>
-<li>"sh1a"
-<ul>
-<li>The Shanghai (China) First Zone.</li>
-<li>Needs location constraint sh1a.</li>
-</ul></li>
-<li>"gd2a"
-<ul>
-<li>The Guangdong (China) Second Zone.</li>
-<li>Needs location constraint gd2a.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-30">Advanced options</h3>
-<p>Here are the Advanced options specific to qingstor (QingCloud Object Storage).</p>
-<h4 id="qingstor-connection-retries">--qingstor-connection-retries</h4>
-<p>Number of connection retries.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: connection_retries</li>
-<li>Env Var: RCLONE_QINGSTOR_CONNECTION_RETRIES</li>
-<li>Type: int</li>
-<li>Default: 3</li>
-</ul>
-<h4 id="qingstor-upload-cutoff">--qingstor-upload-cutoff</h4>
-<p>Cutoff for switching to chunked upload.</p>
-<p>Any files larger than this will be uploaded in chunks of chunk_size. The minimum is 0 and the maximum is 5 GiB.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: upload_cutoff</li>
-<li>Env Var: RCLONE_QINGSTOR_UPLOAD_CUTOFF</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 200Mi</li>
-</ul>
-<h4 id="qingstor-chunk-size">--qingstor-chunk-size</h4>
-<p>Chunk size to use for uploading.</p>
-<p>When uploading files larger than upload_cutoff they will be uploaded as multipart uploads using this chunk size.</p>
-<p>Note that "--qingstor-upload-concurrency" chunks of this size are buffered in memory per transfer.</p>
-<p>If you are transferring large files over high-speed links and you have enough memory, then increasing this will speed up the transfers.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_QINGSTOR_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 4Mi</li>
-</ul>
-<h4 id="qingstor-upload-concurrency">--qingstor-upload-concurrency</h4>
-<p>Concurrency for multipart uploads.</p>
-<p>This is the number of chunks of the same file that are uploaded concurrently.</p>
-<p>NB if you set this to &gt; 1 then the checksums of multipart uploads become corrupted (the uploads themselves are not corrupted though).</p>
-<p>If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.</p>
-<p>Properties:</p>
+<p>This will leave the config file looking like this.</p>
+<pre><code>[My Petabox Storage]
+type = s3
+provider = Petabox
+access_key_id = YOUR_ACCESS_KEY_ID
+secret_access_key = YOUR_SECRET_ACCESS_KEY
+region = us-east-1
+endpoint = s3.petabox.io</code></pre>
+<h3 id="storj">Storj</h3>
+<p>Storj is a decentralized cloud storage which can be used through its native protocol or an S3 compatible gateway.</p>
+<p>The S3 compatible gateway is configured using <code>rclone config</code> with a type of <code>s3</code> and with a provider name of <code>Storj</code>. Here is an example run of the configurator.</p>
+<pre><code>Type of storage to configure.
+Storage&gt; s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth&gt; 1
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id&gt; XXXX (as shown when creating the access grant)
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key&gt; XXXX (as shown when creating the access grant)
+Option endpoint.
+Endpoint of the Shared Gateway.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / EU1 Shared Gateway
+   \ (gateway.eu1.storjshare.io)
+ 2 / US1 Shared Gateway
+   \ (gateway.us1.storjshare.io)
+ 3 / Asia-Pacific Shared Gateway
+   \ (gateway.ap1.storjshare.io)
+endpoint&gt; 1 (as shown when creating the access grant)
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n&gt; n</code></pre>
+<p>Note that s3 credentials are generated when you <a href="https://docs.storj.io/dcs/api-reference/s3-compatible-gateway#usage">create an access grant</a>.</p>
+<h4 id="backend-quirks">Backend quirks</h4>
 <ul>
-<li>Config: upload_concurrency</li>
-<li>Env Var: RCLONE_QINGSTOR_UPLOAD_CONCURRENCY</li>
-<li>Type: int</li>
-<li>Default: 1</li>
+<li><code>--chunk-size</code> is forced to be 64 MiB or greater. This will use more memory than the default of 5 MiB.</li>
+<li>Server side copy is disabled as it isn't currently supported in the gateway.</li>
+<li>GetTier and SetTier are not supported.</li>
 </ul>
-<h4 id="qingstor-encoding">--qingstor-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
+<h4 id="backend-bugs">Backend bugs</h4>
+<p>Due to <a href="https://github.com/storj/gateway-mt/issues/39">issue #39</a> uploading multipart files via the S3 gateway causes them to lose their metadata. For rclone's purpose this means that the modification time is not stored, nor is any MD5SUM (if one is available from the source).</p>
+<p>This has the following consequences:</p>
 <ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_QINGSTOR_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,Ctl,InvalidUtf8</li>
+<li>Using <code>rclone rcat</code> will fail as the medatada doesn't match after upload</li>
+<li>Uploading files with <code>rclone mount</code> will fail for the same reason
+<ul>
+<li>This can worked around by using <code>--vfs-cache-mode writes</code> or <code>--vfs-cache-mode full</code> or setting <code>--s3-upload-cutoff</code> large</li>
+</ul></li>
+<li>Files uploaded via a multipart upload won't have their modtimes
+<ul>
+<li>This will mean that <code>rclone sync</code> will likely keep trying to upload files bigger than <code>--s3-upload-cutoff</code></li>
+<li>This can be worked around with <code>--checksum</code> or <code>--size-only</code> or setting <code>--s3-upload-cutoff</code> large</li>
+<li>The maximum value for <code>--s3-upload-cutoff</code> is 5GiB though</li>
+</ul></li>
 </ul>
-<h2 id="limitations-24">Limitations</h2>
-<p><code>rclone about</code> is not supported by the qingstor backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
+<p>One general purpose workaround is to set <code>--s3-upload-cutoff 5G</code>. This means that rclone will upload files smaller than 5GiB as single parts. Note that this can be set in the config file with <code>upload_cutoff = 5G</code> or configured in the advanced settings. If you regularly transfer files larger than 5G then using <code>--checksum</code> or <code>--size-only</code> in <code>rclone sync</code> is the recommended workaround.</p>
+<h4 id="comparison-with-the-native-protocol">Comparison with the native protocol</h4>
+<p>Use the <a href="/storj">the native protocol</a> to take advantage of client-side encryption as well as to achieve the best possible download performance. Uploads will be erasure-coded locally, thus a 1gb upload will result in 2.68gb of data being uploaded to storage nodes across the network.</p>
+<p>Use this backend and the S3 compatible Hosted Gateway to increase upload performance and reduce the load on your systems and network. Uploads will be encrypted and erasure-coded server-side, thus a 1GB upload will result in only in 1GB of data being uploaded to storage nodes across the network.</p>
+<p>For more detailed comparison please check the documentation of the <a href="/storj">storj</a> backend.</p>
+<h2 id="limitations-6">Limitations</h2>
+<p><code>rclone about</code> is not supported by the S3 backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
 <p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h1 id="sia">Sia</h1>
-<p>Sia (<a href="https://sia.tech/">sia.tech</a>) is a decentralized cloud storage platform based on the <a href="https://wikipedia.org/wiki/Blockchain">blockchain</a> technology. With rclone you can use it like any other remote filesystem or mount Sia folders locally. The technology behind it involves a number of new concepts such as Siacoins and Wallet, Blockchain and Consensus, Renting and Hosting, and so on. If you are new to it, you'd better first familiarize yourself using their excellent <a href="https://support.sia.tech/">support documentation</a>.</p>
-<h2 id="introduction-1">Introduction</h2>
-<p>Before you can use rclone with Sia, you will need to have a running copy of <code>Sia-UI</code> or <code>siad</code> (the Sia daemon) locally on your computer or on local network (e.g. a NAS). Please follow the <a href="https://sia.tech/get-started">Get started</a> guide and install one.</p>
-<p>rclone interacts with Sia network by talking to the Sia daemon via <a href="https://sia.tech/docs/">HTTP API</a> which is usually available on port <em>9980</em>. By default you will run the daemon locally on the same computer so it's safe to leave the API password blank (the API URL will be <code>http://127.0.0.1:9980</code> making external access impossible).</p>
-<p>However, if you want to access Sia daemon running on another node, for example due to memory constraints or because you want to share single daemon between several rclone and Sia-UI instances, you'll need to make a few more provisions: - Ensure you have <em>Sia daemon</em> installed directly or in a <a href="https://github.com/SiaFoundation/siad/pkgs/container/siad">docker container</a> because Sia-UI does not support this mode natively. - Run it on externally accessible port, for example provide <code>--api-addr :9980</code> and <code>--disable-api-security</code> arguments on the daemon command line. - Enforce API password for the <code>siad</code> daemon via environment variable <code>SIA_API_PASSWORD</code> or text file named <code>apipassword</code> in the daemon directory. - Set rclone backend option <code>api_password</code> taking it from above locations.</p>
-<p>Notes: 1. If your wallet is locked, rclone cannot unlock it automatically. You should either unlock it in advance by using Sia-UI or via command line <code>siac wallet unlock</code>. Alternatively you can make <code>siad</code> unlock your wallet automatically upon startup by running it with environment variable <code>SIA_WALLET_PASSWORD</code>. 2. If <code>siad</code> cannot find the <code>SIA_API_PASSWORD</code> variable or the <code>apipassword</code> file in the <code>SIA_DIR</code> directory, it will generate a random password and store in the text file named <code>apipassword</code> under <code>YOUR_HOME/.sia/</code> directory on Unix or <code>C:\Users\YOUR_HOME\AppData\Local\Sia\apipassword</code> on Windows. Remember this when you configure password in rclone. 3. The only way to use <code>siad</code> without API password is to run it <strong>on localhost</strong> with command line argument <code>--authorize-api=false</code>, but this is insecure and <strong>strongly discouraged</strong>.</p>
-<h2 id="configuration-33">Configuration</h2>
-<p>Here is an example of how to make a <code>sia</code> remote called <code>mySia</code>. First, run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
+<h3 id="synology-c2">Synology C2 Object Storage</h3>
+<p><a href="https://c2.synology.com/en-global/object-storage/overview">Synology C2 Object Storage</a> provides a secure, S3-compatible, and cost-effective cloud storage solution without API request, download fees, and deletion penalty.</p>
+<p>The S3 compatible gateway is configured using <code>rclone config</code> with a type of <code>s3</code> and with a provider name of <code>Synology</code>. Here is an example run of the configurator.</p>
+<p>First run:</p>
+<pre><code>rclone config</code></pre>
+<p>This will guide you through an interactive setup process.</p>
 <pre><code>No remotes found, make a new one?
 n) New remote
 s) Set configuration password
 q) Quit config
+
 n/s/q&gt; n
-name&gt; mySia
+
+Enter name for new remote.1
+name&gt; syno
+
 Type of storage to configure.
 Enter a string value. Press Enter for the default (&quot;&quot;).
 Choose a number from below, or type in your own value
-...
-29 / Sia Decentralized Cloud
-   \ &quot;sia&quot;
-...
-Storage&gt; sia
-Sia daemon API URL, like http://sia.daemon.host:9980.
-Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
-Keep default if Sia daemon runs on localhost.
-Enter a string value. Press Enter for the default (&quot;http://127.0.0.1:9980&quot;).
-api_url&gt; http://127.0.0.1:9980
-Sia Daemon API Password.
-Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
+
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, GCS, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, Petabox, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ &quot;s3&quot;
+
+Storage&gt; s3
+
+Choose your S3 provider.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+Choose a number from below, or type in your own value
+ 24 / Synology C2 Object Storage
+   \ (Synology)
+
+provider&gt; Synology
+
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ &quot;false&quot;
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ &quot;true&quot;
+
+env_auth&gt; 1
+
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+
+access_key_id&gt; accesskeyid
+
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (&quot;&quot;).
+
+secret_access_key&gt; secretaccesskey
+
+Region where your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Europe Region 1
+   \ (eu-001)
+ 2 / Europe Region 2
+   \ (eu-002)
+ 3 / US Region 1
+   \ (us-001)
+ 4 / US Region 2
+   \ (us-002)
+ 5 / Asia (Taiwan)
+   \ (tw-001)
+
+region &gt; 1
+
+Option endpoint.
+Endpoint for Synology C2 Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / EU Endpoint 1
+   \ (eu-001.s3.synologyc2.net)
+ 2 / US Endpoint 1
+   \ (us-001.s3.synologyc2.net)
+ 3 / TW Endpoint 1
+   \ (tw-001.s3.synologyc2.net)
+
+endpoint&gt; 1
+
+Option location_constraint.
+Location constraint - must be set to match the Region.
+Leave blank if not sure. Used when creating buckets only.
+Enter a value. Press Enter to leave empty.
+location_constraint&gt;
+
+Edit advanced config? (y/n)
 y) Yes
-n) No (default)
-y/n&gt; n
---------------------
-[mySia]
-type = sia
-api_url = http://127.0.0.1:9980
-api_password = *** ENCRYPTED ***
---------------------
+n) No
+y/n&gt; y
+
+Option no_check_bucket.
+If set, don&#39;t attempt to check the bucket exists or create it.
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
+It can also be needed if the user you are using does not have bucket
+creation permissions. Before v1.52.0 this would have passed silently
+due to a bug.
+Enter a boolean value (true or false). Press Enter for the default (true).
+
+no_check_bucket&gt; true
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Synology
+- region: eu-001
+- endpoint: eu-001.s3.synologyc2.net
+- no_check_bucket: true
+Keep this &quot;syno&quot; remote?
 y) Yes this is OK (default)
 e) Edit this remote
 d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>Once configured, you can then use <code>rclone</code> like this:</p>
-<ul>
-<li>List directories in top level of your Sia storage</li>
-</ul>
-<pre><code>rclone lsd mySia:</code></pre>
-<ul>
-<li>List all the files in your Sia storage</li>
-</ul>
-<pre><code>rclone ls mySia:</code></pre>
-<ul>
-<li>Upload a local directory to the Sia directory called <em>backup</em></li>
-</ul>
-<pre><code>rclone copy /home/source mySia:backup</code></pre>
-<h3 id="standard-options-32">Standard options</h3>
-<p>Here are the Standard options specific to sia (Sia Decentralized Cloud).</p>
-<h4 id="sia-api-url">--sia-api-url</h4>
-<p>Sia daemon API URL, like http://sia.daemon.host:9980.</p>
-<p>Note that siad must run with --disable-api-security to open API port for other hosts (not recommended). Keep default if Sia daemon runs on localhost.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: api_url</li>
-<li>Env Var: RCLONE_SIA_API_URL</li>
-<li>Type: string</li>
-<li>Default: "http://127.0.0.1:9980"</li>
-</ul>
-<h4 id="sia-api-password">--sia-api-password</h4>
-<p>Sia Daemon API Password.</p>
-<p>Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
+
+y/e/d&gt; y
+
+#  Backblaze B2
+
+B2 is [Backblaze&#39;s cloud storage system](https://www.backblaze.com/b2/).
+
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+
+## Configuration
+
+Here is an example of making a b2 configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.  To authenticate
+you will either need your Account ID (a short hex number) and Master
+Application Key (a long hex number) OR an Application Key, which is the
+recommended method. See below for further details on generating and using
+an Application Key.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote q) Quit config n/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Backblaze B2  "b2" [snip] Storage&gt; b2 Account ID or Application Key ID account&gt; 123456789abc Application Key key&gt; 0123456789abcdef0123456789abcdef0123456789 Endpoint for the service - leave blank normally. endpoint&gt; Remote config -------------------- [remote] account = 123456789abc key = 0123456789abcdef0123456789abcdef0123456789 endpoint = -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+This remote is called `remote` and can now be used like this
+
+See all buckets
+
+    rclone lsd remote:
+
+Create a new bucket
+
+    rclone mkdir remote:bucket
+
+List the contents of a bucket
+
+    rclone ls remote:bucket
+
+Sync `/home/local/directory` to the remote bucket, deleting any
+excess files in the bucket.
+
+    rclone sync --interactive /home/local/directory remote:bucket
+
+### Application Keys
+
+B2 supports multiple [Application Keys for different access permission
+to B2 Buckets](https://www.backblaze.com/b2/docs/application_keys.html).
+
+You can use these with rclone too; you will need to use rclone version 1.43
+or later.
+
+Follow Backblaze&#39;s docs to create an Application Key with the required
+permission and add the `applicationKeyId` as the `account` and the
+`Application Key` itself as the `key`.
+
+Note that you must put the _applicationKeyId_ as the `account` – you
+can&#39;t use the master Account ID.  If you try then B2 will return 401
+errors.
+
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Modification times
+
+The modification time is stored as metadata on the object as
+`X-Bz-Info-src_last_modified_millis` as milliseconds since 1970-01-01
+in the Backblaze standard.  Other tools should be able to use this as
+a modified time.
+
+Modified times are used in syncing and are fully supported. Note that
+if a modification time needs to be updated on an object then it will
+create a new version of the object.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+Note that in 2020-05 Backblaze started allowing \ characters in file
+names. Rclone hasn&#39;t changed its encoding as this could cause syncs to
+re-transfer files. If you want rclone not to replace \ then see the
+`--b2-encoding` flag below and remove the `BackSlash` from the
+string. This can be set in the config.
+
+### SHA1 checksums
+
+The SHA1 checksums of the files are checked on upload and download and
+will be used in the syncing process.
+
+Large files (bigger than the limit in `--b2-upload-cutoff`) which are
+uploaded in chunks will store their SHA1 on the object as
+`X-Bz-Info-large_file_sha1` as recommended by Backblaze.
+
+For a large file to be uploaded with an SHA1 checksum, the source
+needs to support SHA1 checksums. The local disk supports SHA1
+checksums so large file transfers from local disk will have an SHA1.
+See [the overview](https://rclone.org/overview/#features) for exactly which remotes
+support SHA1.
+
+Sources which don&#39;t support SHA1, in particular `crypt` will upload
+large files without SHA1 checksums.  This may be fixed in the future
+(see [#1767](https://github.com/rclone/rclone/issues/1767)).
+
+Files sizes below `--b2-upload-cutoff` will always have an SHA1
+regardless of the source.
+
+### Transfers
+
+Backblaze recommends that you do lots of transfers simultaneously for
+maximum speed.  In tests from my SSD equipped laptop the optimum
+setting is about `--transfers 32` though higher numbers may be used
+for a slight speed improvement. The optimum number for you may vary
+depending on your hardware, how big the files are, how much you want
+to load your computer, etc.  The default of `--transfers 4` is
+definitely too low for Backblaze B2 though.
+
+Note that uploading big files (bigger than 200 MiB by default) will use
+a 96 MiB RAM buffer by default.  There can be at most `--transfers` of
+these in use at any moment, so this sets the upper limit on the memory
+used.
+
+### Versions
+
+When rclone uploads a new version of a file it creates a [new version
+of it](https://www.backblaze.com/b2/docs/file_versions.html).
+Likewise when you delete a file, the old version will be marked hidden
+and still be available.  Conversely, you may opt in to a &quot;hard delete&quot;
+of files with the `--b2-hard-delete` flag which would permanently remove
+the file instead of hiding it.
+
+Old versions of files, where available, are visible using the 
+`--b2-versions` flag.
+
+It is also possible to view a bucket as it was at a certain point in time,
+using the `--b2-version-at` flag. This will show the file versions as they
+were at that time, showing files that have been deleted afterwards, and
+hiding files that were created since.
+
+If you wish to remove all the old versions then you can use the
+`rclone cleanup remote:bucket` command which will delete all the old
+versions of files, leaving the current ones intact.  You can also
+supply a path and only old versions under that path will be deleted,
+e.g. `rclone cleanup remote:bucket/path/to/stuff`.
+
+Note that `cleanup` will remove partially uploaded files from the bucket
+if they are more than a day old.
+
+When you `purge` a bucket, the current and the old versions will be
+deleted then the bucket will be deleted.
+
+However `delete` will cause the current versions of the files to
+become hidden old versions.
+
+Here is a session showing the listing and retrieval of an old
+version followed by a `cleanup` of the old versions.
+
+Show current version and all the versions with `--b2-versions` flag.
+</code></pre>
+<p>$ rclone -q ls b2:cleanup-test 9 one.txt</p>
+<p>$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt 8 one-v2016-07-04-141032-000.txt 16 one-v2016-07-04-141003-000.txt 15 one-v2016-07-02-155621-000.txt</p>
+<pre><code>
+Retrieve an old version
+</code></pre>
+<p>$ rclone -q --b2-versions copy b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp</p>
+<p>$ ls -l /tmp/one-v2016-07-04-141003-000.txt -rw-rw-r-- 1 ncw ncw 16 Jul 2 17:46 /tmp/one-v2016-07-04-141003-000.txt</p>
+<pre><code>
+Clean up all the old versions and show that they&#39;ve gone.
+</code></pre>
+<p>$ rclone -q cleanup b2:cleanup-test</p>
+<p>$ rclone -q ls b2:cleanup-test 9 one.txt</p>
+<p>$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt</p>
+<pre><code>
+#### Versions naming caveat
+
+When using `--b2-versions` flag rclone is relying on the file name
+to work out whether the objects are versions or not. Versions&#39; names
+are created by inserting timestamp between file name and its extension.</code></pre>
+<pre><code>    9 file.txt
+    8 file-v2023-07-17-161032-000.txt
+   16 file-v2023-06-15-141003-000.txt</code></pre>
+<pre><code>If there are real files present with the same names as versions, then
+behaviour of `--b2-versions` can be unpredictable.
+
+### Data usage
+
+It is useful to know how many requests are sent to the server in different scenarios.
+
+All copy commands send the following 4 requests:
+</code></pre>
+<p>/b2api/v1/b2_authorize_account /b2api/v1/b2_create_bucket /b2api/v1/b2_list_buckets /b2api/v1/b2_list_file_names</p>
+<pre><code>
+The `b2_list_file_names` request will be sent once for every 1k files
+in the remote path, providing the checksum and modification time of
+the listed files. As of version 1.33 issue
+[#818](https://github.com/rclone/rclone/issues/818) causes extra requests
+to be sent when using B2 with Crypt. When a copy operation does not
+require any files to be uploaded, no more requests will be sent.
+
+Uploading files that do not require chunking, will send 2 requests per
+file upload:
+</code></pre>
+<p>/b2api/v1/b2_get_upload_url /b2api/v1/b2_upload_file/</p>
+<pre><code>
+Uploading files requiring chunking, will send 2 requests (one each to
+start and finish the upload) and another 2 requests for each chunk:
+</code></pre>
+<p>/b2api/v1/b2_start_large_file /b2api/v1/b2_get_upload_part_url /b2api/v1/b2_upload_part/ /b2api/v1/b2_finish_large_file</p>
+<pre><code>
+#### Versions
+
+Versions can be viewed with the `--b2-versions` flag. When it is set
+rclone will show and act on older versions of files.  For example
+
+Listing without `--b2-versions`
+</code></pre>
+<p>$ rclone -q ls b2:cleanup-test 9 one.txt</p>
+<pre><code>
+And with
+</code></pre>
+<p>$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt 8 one-v2016-07-04-141032-000.txt 16 one-v2016-07-04-141003-000.txt 15 one-v2016-07-02-155621-000.txt</p>
+<pre><code>
+Showing that the current version is unchanged but older versions can
+be seen.  These have the UTC date that they were uploaded to the
+server to the nearest millisecond appended to them.
+
+Note that when using `--b2-versions` no file write operations are
+permitted, so you can&#39;t upload files or delete them.
+
+### B2 and rclone link
+
+Rclone supports generating file share links for private B2 buckets.
+They can either be for a file for example:
+</code></pre>
+<p>./rclone link B2:bucket/path/to/file.txt https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx</p>
+<pre><code>
+or if run on a directory you will get:
+</code></pre>
+<p>./rclone link B2:bucket/path https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx</p>
+<pre><code>
+you can then use the authorization token (the part of the url from the
+ `?Authorization=` on) on any file path under that directory. For example:
+</code></pre>
+<p>https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx</p>
+<pre><code>
+
+### Standard options
+
+Here are the Standard options specific to b2 (Backblaze B2).
+
+#### --b2-account
+
+Account ID or Application Key ID.
+
+Properties:
+
+- Config:      account
+- Env Var:     RCLONE_B2_ACCOUNT
+- Type:        string
+- Required:    true
+
+#### --b2-key
+
+Application Key.
+
+Properties:
+
+- Config:      key
+- Env Var:     RCLONE_B2_KEY
+- Type:        string
+- Required:    true
+
+#### --b2-hard-delete
+
+Permanently delete files on remote removal, otherwise hide files.
+
+Properties:
+
+- Config:      hard_delete
+- Env Var:     RCLONE_B2_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+### Advanced options
+
+Here are the Advanced options specific to b2 (Backblaze B2).
+
+#### --b2-endpoint
+
+Endpoint for the service.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_B2_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --b2-test-mode
+
+A flag string for X-Bz-Test-Mode header for debugging.
+
+This is for debugging purposes only. Setting it to one of the strings
+below will cause b2 to return specific errors:
+
+  * &quot;fail_some_uploads&quot;
+  * &quot;expire_some_account_authorization_tokens&quot;
+  * &quot;force_cap_exceeded&quot;
+
+These will be set in the &quot;X-Bz-Test-Mode&quot; header which is documented
+in the [b2 integrations checklist](https://www.backblaze.com/b2/docs/integration_checklist.html).
+
+Properties:
+
+- Config:      test_mode
+- Env Var:     RCLONE_B2_TEST_MODE
+- Type:        string
+- Required:    false
+
+#### --b2-versions
+
+Include old versions in directory listings.
+
+Note that when using this no file write operations are permitted,
+so you can&#39;t upload files or delete them.
+
+Properties:
+
+- Config:      versions
+- Env Var:     RCLONE_B2_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --b2-version-at
+
+Show file versions as they were at the specified time.
+
+Note that when using this no file write operations are permitted,
+so you can&#39;t upload files or delete them.
+
+Properties:
+
+- Config:      version_at
+- Env Var:     RCLONE_B2_VERSION_AT
+- Type:        Time
+- Default:     off
+
+#### --b2-upload-cutoff
+
+Cutoff for switching to chunked upload.
+
+Files above this size will be uploaded in chunks of &quot;--b2-chunk-size&quot;.
+
+This value should be set no larger than 4.657 GiB (== 5 GB).
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_B2_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
+
+#### --b2-copy-cutoff
+
+Cutoff for switching to multipart copy.
+
+Any files larger than this that need to be server-side copied will be
+copied in chunks of this size.
+
+The minimum is 0 and the maximum is 4.6 GiB.
+
+Properties:
+
+- Config:      copy_cutoff
+- Env Var:     RCLONE_B2_COPY_CUTOFF
+- Type:        SizeSuffix
+- Default:     4Gi
+
+#### --b2-chunk-size
+
+Upload chunk size.
+
+When uploading large files, chunk the file into this size.
+
+Must fit in memory. These chunks are buffered in memory and there
+might a maximum of &quot;--transfers&quot; chunks in progress at once.
+
+5,000,000 Bytes is the minimum size.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_B2_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     96Mi
+
+#### --b2-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+Note that chunks are stored in memory and there may be up to
+&quot;--transfers&quot; * &quot;--b2-upload-concurrency&quot; chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_B2_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
+
+#### --b2-disable-checksum
+
+Disable checksums for large (&gt; upload cutoff) files.
+
+Normally rclone will calculate the SHA1 checksum of the input before
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
+
+Properties:
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_B2_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
+
+#### --b2-download-url
+
+Custom endpoint for downloads.
+
+This is usually set to a Cloudflare CDN URL as Backblaze offers
+free egress for data downloaded through the Cloudflare network.
+Rclone works with private buckets by sending an &quot;Authorization&quot; header.
+If the custom endpoint rewrites the requests for authentication,
+e.g., in Cloudflare Workers, this header needs to be handled properly.
+Leave blank if you want to use the endpoint provided by Backblaze.
+
+The URL provided here SHOULD have the protocol and SHOULD NOT have
+a trailing slash or specify the /file/bucket subpath as rclone will
+request files with &quot;{download_url}/file/{bucket_name}/{path}&quot;.
+
+Example:
+&gt; https://mysubdomain.mydomain.tld
+(No trailing &quot;/&quot;, &quot;file&quot; or &quot;bucket&quot;)
+
+Properties:
+
+- Config:      download_url
+- Env Var:     RCLONE_B2_DOWNLOAD_URL
+- Type:        string
+- Required:    false
+
+#### --b2-download-auth-duration
+
+Time before the authorization token will expire in s or suffix ms|s|m|h|d.
+
+The duration before the download authorization token will expire.
+The minimum value is 1 second. The maximum value is one week.
+
+Properties:
+
+- Config:      download_auth_duration
+- Env Var:     RCLONE_B2_DOWNLOAD_AUTH_DURATION
+- Type:        Duration
+- Default:     1w
+
+#### --b2-memory-pool-flush-time
+
+How often internal memory buffer pools will be flushed. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_flush_time
+- Env Var:     RCLONE_B2_MEMORY_POOL_FLUSH_TIME
+- Type:        Duration
+- Default:     1m0s
+
+#### --b2-memory-pool-use-mmap
+
+Whether to use mmap buffers in internal memory pool. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_use_mmap
+- Env Var:     RCLONE_B2_MEMORY_POOL_USE_MMAP
+- Type:        bool
+- Default:     false
+
+#### --b2-lifecycle
+
+Set the number of days deleted files should be kept when creating a bucket.
+
+On bucket creation, this parameter is used to create a lifecycle rule
+for the entire bucket.
+
+If lifecycle is 0 (the default) it does not create a lifecycle rule so
+the default B2 behaviour applies. This is to create versions of files
+on delete and overwrite and to keep them indefinitely.
+
+If lifecycle is &gt;0 then it creates a single rule setting the number of
+days before a file that is deleted or overwritten is deleted
+permanently. This is known as daysFromHidingToDeleting in the b2 docs.
+
+The minimum value for this parameter is 1 day.
+
+You can also enable hard_delete in the config also which will mean
+deletions won&#39;t cause versions but overwrites will still cause
+versions to be made.
+
+See: [rclone backend lifecycle](#lifecycle) for setting lifecycles after bucket creation.
+
+
+Properties:
+
+- Config:      lifecycle
+- Env Var:     RCLONE_B2_LIFECYCLE
+- Type:        int
+- Default:     0
+
+#### --b2-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_B2_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+## Backend commands
+
+Here are the commands specific to the b2 backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### lifecycle
+
+Read or set the lifecycle for a bucket
+
+    rclone backend lifecycle remote: [options] [&lt;arguments&gt;+]
+
+This command can be used to read or set the lifecycle for a bucket.
+
+Usage Examples:
+
+To show the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket
+
+This will dump something like this showing the lifecycle rules.
+
+    [
+        {
+            &quot;daysFromHidingToDeleting&quot;: 1,
+            &quot;daysFromUploadingToHiding&quot;: null,
+            &quot;fileNamePrefix&quot;: &quot;&quot;
+        }
+    ]
+
+If there are no lifecycle rules (the default) then it will just return [].
+
+To reset the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=30
+    rclone backend lifecycle b2:bucket -o daysFromUploadingToHiding=5 -o daysFromHidingToDeleting=1
+
+This will run and then print the new lifecycle rules as above.
+
+Rclone only lets you set lifecycles for the whole bucket with the
+fileNamePrefix = &quot;&quot;.
+
+You can&#39;t disable versioning with B2. The best you can do is to set
+the daysFromHidingToDeleting to 1 day. You can enable hard_delete in
+the config also which will mean deletions won&#39;t cause versions but
+overwrites will still cause versions to be made.
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=1
+
+See: https://www.backblaze.com/docs/cloud-storage-lifecycle-rules
+
+
+Options:
+
+- &quot;daysFromHidingToDeleting&quot;: After a file has been hidden for this many days it is deleted. 0 is off.
+- &quot;daysFromUploadingToHiding&quot;: This many days after uploading a file is hidden
+
+
+
+## Limitations
+
+`rclone about` is not supported by the B2 backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Box
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+The initial setup for Box involves getting a token from Box which you
+can do either in your browser, or with a config.json downloaded from Box
+to use JWT authentication.  `rclone config` walks you through it.
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Box  "box" [snip] Storage&gt; box Box App Client Id - leave blank normally. client_id&gt; Box App Client Secret - leave blank normally. client_secret&gt; Box App config.json location Leave blank normally. Enter a string value. Press Enter for the default (""). box_config_file&gt; Box App Primary Access Token Leave blank normally. Enter a string value. Press Enter for the default (""). access_token&gt;</p>
+<p>Enter a string value. Press Enter for the default ("user"). Choose a number from below, or type in your own value 1 / Rclone should act on behalf of a user  "user" 2 / Rclone should act on behalf of a service account  "enterprise" box_sub_type&gt; Remote config Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y) Yes n) No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code -------------------- [remote] client_id = client_secret = token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"XXX"} -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Box. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on `http://127.0.0.1:53682/` and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Box
+
+    rclone lsd remote:
+
+List all the files in your Box
+
+    rclone ls remote:
+
+To copy a local directory to an Box directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Using rclone with an Enterprise account with SSO
+
+If you have an &quot;Enterprise&quot; account type with Box with single sign on
+(SSO), you need to create a password to use Box with rclone. This can
+be done at your Enterprise Box account by going to Settings, &quot;Account&quot;
+Tab, and then set the password in the &quot;Authentication&quot; field.
+
+Once you have done this, you can setup your Enterprise Box account
+using the same procedure detailed above in the, using the password you
+have just set.
+
+### Invalid refresh token
+
+According to the [box docs](https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens):
+
+&gt; Each refresh_token is valid for one use in 60 days.
+
+This means that if you
+
+  * Don&#39;t use the box remote for 60 days
+  * Copy the config file with a box refresh token in and use it in two places
+  * Get an error on a token refresh
+
+then rclone will return an error which includes the text `Invalid
+refresh token`.
+
+To fix this you will need to use oauth2 again to update the refresh
+token.  You can use the methods in [the remote setup
+docs](https://rclone.org/remote_setup/), bearing in mind that if you use the copy the
+config file method, you should not use that remote on the computer you
+did the authentication on.
+
+Here is how to do it.
+</code></pre>
+<p>$ rclone config Current remotes:</p>
+<p>Name Type ==== ==== remote box</p>
+<ol start="5" type="a">
+<li>Edit existing remote</li>
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Rename remote</li>
+<li>Copy remote</li>
+<li>Set configuration password</li>
+<li>Quit config e/n/d/r/c/s/q&gt; e Choose a number from below, or type in an existing value 1 &gt; remote remote&gt; remote -------------------- [remote] type = box token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2017-07-08T23:40:08.059167677+01:00"} -------------------- Edit remote Value "client_id" = "" Edit? (y/n)&gt;</li>
+<li>Yes</li>
+<li>No y/n&gt; n Value "client_secret" = "" Edit? (y/n)&gt;</li>
+<li>Yes</li>
+<li>No y/n&gt; n Remote config Already have a token - refresh?</li>
+<li>Yes</li>
+<li>No y/n&gt; y Use web browser to automatically authenticate rclone with remote?</li>
+</ol>
 <ul>
-<li>Config: api_password</li>
-<li>Env Var: RCLONE_SIA_API_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: false</li>
+<li>Say Y if the machine running rclone has a web browser you can use</li>
+<li>Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N.</li>
 </ul>
-<h3 id="advanced-options-31">Advanced options</h3>
-<p>Here are the Advanced options specific to sia (Sia Decentralized Cloud).</p>
-<h4 id="sia-user-agent">--sia-user-agent</h4>
-<p>Siad User Agent</p>
-<p>Sia daemon requires the 'Sia-Agent' user agent by default for security</p>
-<p>Properties:</p>
+<ol start="25" type="a">
+<li>Yes</li>
+<li>No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code -------------------- [remote] type = box token = {"access_token":"YYY","token_type":"bearer","refresh_token":"YYY","expiry":"2017-07-23T12:22:29.259137901+01:00"} --------------------</li>
+<li>Yes this is OK</li>
+<li>Edit this remote</li>
+<li>Delete this remote y/e/d&gt; y</li>
+</ol>
+<pre><code>
+### Modification times and hashes
+
+Box allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
+
+Box supports SHA1 type hashes, so you can use the `--checksum`
+flag.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Transfers
+
+For files above 50 MiB rclone will use a chunked transfer.  Rclone will
+upload up to `--transfers` chunks at the same time (shared among all
+the multipart uploads).  Chunks are buffered in memory and are
+normally 8 MiB so increasing `--transfers` will increase memory use.
+
+### Deleting files
+
+Depending on the enterprise settings for your user, the item will
+either be actually deleted from Box or moved to the trash.
+
+Emptying the trash is supported via the rclone however cleanup command
+however this deletes every trashed file and folder individually so it
+may take a very long time. 
+Emptying the trash via the  WebUI does not have this limitation 
+so it is advised to empty the trash via the WebUI.
+
+### Root folder ID
+
+You can set the `root_folder_id` for rclone.  This is the directory
+(identified by its `Folder ID`) that rclone considers to be the root
+of your Box drive.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
+However you can set this to restrict rclone to a specific folder
+hierarchy.
+
+In order to do this you will have to find the `Folder ID` of the
+directory you wish rclone to display.  This will be the last segment
+of the URL when you open the relevant folder in the Box web
+interface.
+
+So if the folder you want rclone to use has a URL which looks like
+`https://app.box.com/folder/11xxxxxxxxx8`
+in the browser, then you use `11xxxxxxxxx8` as
+the `root_folder_id` in the config.
+
+
+### Standard options
+
+Here are the Standard options specific to box (Box).
+
+#### --box-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_BOX_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --box-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_BOX_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --box-box-config-file
+
+Box App config.json location
+
+Leave blank normally.
+
+Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
+
+Properties:
+
+- Config:      box_config_file
+- Env Var:     RCLONE_BOX_BOX_CONFIG_FILE
+- Type:        string
+- Required:    false
+
+#### --box-access-token
+
+Box App Primary Access Token
+
+Leave blank normally.
+
+Properties:
+
+- Config:      access_token
+- Env Var:     RCLONE_BOX_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --box-box-sub-type
+
+
+
+Properties:
+
+- Config:      box_sub_type
+- Env Var:     RCLONE_BOX_BOX_SUB_TYPE
+- Type:        string
+- Default:     &quot;user&quot;
+- Examples:
+    - &quot;user&quot;
+        - Rclone should act on behalf of a user.
+    - &quot;enterprise&quot;
+        - Rclone should act on behalf of a service account.
+
+### Advanced options
+
+Here are the Advanced options specific to box (Box).
+
+#### --box-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_BOX_TOKEN
+- Type:        string
+- Required:    false
+
+#### --box-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_BOX_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --box-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_BOX_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --box-root-folder-id
+
+Fill in for rclone to use a non root folder as its starting point.
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_BOX_ROOT_FOLDER_ID
+- Type:        string
+- Default:     &quot;0&quot;
+
+#### --box-upload-cutoff
+
+Cutoff for switching to multipart upload (&gt;= 50 MiB).
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_BOX_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     50Mi
+
+#### --box-commit-retries
+
+Max number of times to try committing a multipart file.
+
+Properties:
+
+- Config:      commit_retries
+- Env Var:     RCLONE_BOX_COMMIT_RETRIES
+- Type:        int
+- Default:     100
+
+#### --box-list-chunk
+
+Size of listing chunk 1-1000.
+
+Properties:
+
+- Config:      list_chunk
+- Env Var:     RCLONE_BOX_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --box-owned-by
+
+Only show items owned by the login (email address) passed in.
+
+Properties:
+
+- Config:      owned_by
+- Env Var:     RCLONE_BOX_OWNED_BY
+- Type:        string
+- Required:    false
+
+#### --box-impersonate
+
+Impersonate this user ID when using a service account.
+
+Setting this flag allows rclone, when using a JWT service account, to
+act on behalf of another user by setting the as-user header.
+
+The user ID is the Box identifier for a user. User IDs can found for
+any user via the GET /users endpoint, which is only available to
+admins, or by calling the GET /users/me endpoint with an authenticated
+user session.
+
+See: https://developer.box.com/guides/authentication/jwt/as-user/
+
+
+Properties:
+
+- Config:      impersonate
+- Env Var:     RCLONE_BOX_IMPERSONATE
+- Type:        string
+- Required:    false
+
+#### --box-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_BOX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+Note that Box is case insensitive so you can&#39;t have a file called
+&quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+Box file names can&#39;t have the `\` character in.  rclone maps this to
+and from an identical looking unicode equivalent `＼` (U+FF3C Fullwidth
+Reverse Solidus).
+
+Box only supports filenames up to 255 characters in length.
+
+Box has [API rate limits](https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/) that sometimes reduce the speed of rclone.
+
+`rclone about` is not supported by the Box backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+## Get your own Box App ID
+
+Here is how to create your own Box App ID for rclone:
+
+1. Go to the [Box Developer Console](https://app.box.com/developers/console)
+and login, then click `My Apps` on the sidebar. Click `Create New App`
+and select `Custom App`.
+
+2. In the first screen on the box that pops up, you can pretty much enter
+whatever you want. The `App Name` can be whatever. For `Purpose` choose
+automation to avoid having to fill out anything else. Click `Next`.
+
+3. In the second screen of the creation screen, select
+`User Authentication (OAuth 2.0)`. Then click `Create App`.
+
+4. You should now be on the `Configuration` tab of your new app. If not,
+click on it at the top of the webpage. Copy down `Client ID`
+and `Client Secret`, you&#39;ll need those for rclone.
+
+5. Under &quot;OAuth 2.0 Redirect URI&quot;, add `http://127.0.0.1:53682/`
+
+6. For `Application Scopes`, select `Read all files and folders stored in Box`
+and `Write all files and folders stored in box` (assuming you want to do both).
+Leave others unchecked. Click `Save Changes` at the top right.
+
+#  Cache
+
+The `cache` remote wraps another existing remote and stores file structure
+and its data for long running tasks like `rclone mount`.
+
+## Status
+
+The cache backend code is working but it currently doesn&#39;t
+have a maintainer so there are [outstanding bugs](https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug+label%3A%22Remote%3A+Cache%22) which aren&#39;t getting fixed.
+
+The cache backend is due to be phased out in favour of the VFS caching
+layer eventually which is more tightly integrated into rclone.
+
+Until this happens we recommend only using the cache backend if you
+find you can&#39;t work without it. There are many docs online describing
+the use of the cache backend to minimize API hits and by-and-large
+these are out of date and the cache backend isn&#39;t needed in those
+scenarios any more.
+
+## Configuration
+
+To get started you just need to have an existing remote which can be configured
+with `cache`.
+
+Here is an example of how to make a remote called `test-cache`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q&gt; n name&gt; test-cache Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Cache a remote  "cache" [snip] Storage&gt; cache Remote to cache. Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended). remote&gt; local:/test Optional: The URL of the Plex server plex_url&gt; http://127.0.0.1:32400 Optional: The username of the Plex user plex_username&gt; dummyusername Optional: The password of the Plex user y) Yes type in my own password g) Generate random password n) No leave this optional password blank y/g/n&gt; y Enter the password: password: Confirm the password: password: The size of a chunk. Lower value good for slow connections but can affect seamless reading. Default: 5M Choose a number from below, or type in your own value 1 / 1 MiB  "1M" 2 / 5 MiB  "5M" 3 / 10 MiB  "10M" chunk_size&gt; 2 How much time should object info (file size, file hashes, etc.) be stored in cache. Use a very high value if you don't plan on changing the source FS from outside the cache. Accepted units are: "s", "m", "h". Default: 5m Choose a number from below, or type in your own value 1 / 1 hour  "1h" 2 / 24 hours  "24h" 3 / 24 hours  "48h" info_age&gt; 2 The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted. Default: 10G Choose a number from below, or type in your own value 1 / 500 MiB  "500M" 2 / 1 GiB  "1G" 3 / 10 GiB  "10G" chunk_total_size&gt; 3 Remote config -------------------- [test-cache] remote = local:/test plex_url = http://127.0.0.1:32400 plex_username = dummyusername plex_password = *** ENCRYPTED *** chunk_size = 5M info_age = 48h chunk_total_size = 10G</p>
+<pre><code>
+You can then use it like this,
+
+List directories in top level of your drive
+
+    rclone lsd test-cache:
+
+List all the files in your drive
+
+    rclone ls test-cache:
+
+To start a cached mount
+
+    rclone mount --allow-other test-cache: /var/tmp/test-cache
+
+### Write Features ###
+
+### Offline uploading ###
+
+In an effort to make writing through cache more reliable, the backend 
+now supports this feature which can be activated by specifying a
+`cache-tmp-upload-path`.
+
+A files goes through these states when using this feature:
+
+1. An upload is started (usually by copying a file on the cache remote)
+2. When the copy to the temporary location is complete the file is part 
+of the cached remote and looks and behaves like any other file (reading included)
+3. After `cache-tmp-wait-time` passes and the file is next in line, `rclone move` 
+is used to move the file to the cloud provider
+4. Reading the file still works during the upload but most modifications on it will be prohibited
+5. Once the move is complete the file is unlocked for modifications as it
+becomes as any other regular file
+6. If the file is being read through `cache` when it&#39;s actually
+deleted from the temporary path then `cache` will simply swap the source
+to the cloud provider without interrupting the reading (small blip can happen though)
+
+Files are uploaded in sequence and only one file is uploaded at a time.
+Uploads will be stored in a queue and be processed based on the order they were added.
+The queue and the temporary storage is persistent across restarts but
+can be cleared on startup with the `--cache-db-purge` flag.
+
+### Write Support ###
+
+Writes are supported through `cache`.
+One caveat is that a mounted cache remote does not add any retry or fallback
+mechanism to the upload operation. This will depend on the implementation
+of the wrapped remote. Consider using `Offline uploading` for reliable writes.
+
+One special case is covered with `cache-writes` which will cache the file
+data at the same time as the upload when it is enabled making it available
+from the cache store immediately once the upload is finished.
+
+### Read Features ###
+
+#### Multiple connections ####
+
+To counter the high latency between a local PC where rclone is running
+and cloud providers, the cache remote can split multiple requests to the
+cloud provider for smaller file chunks and combines them together locally
+where they can be available almost immediately before the reader usually
+needs them.
+
+This is similar to buffering when media files are played online. Rclone
+will stay around the current marker but always try its best to stay ahead
+and prepare the data before.
+
+#### Plex Integration ####
+
+There is a direct integration with Plex which allows cache to detect during reading
+if the file is in playback or not. This helps cache to adapt how it queries
+the cloud provider depending on what is needed for.
+
+Scans will have a minimum amount of workers (1) while in a confirmed playback cache
+will deploy the configured number of workers.
+
+This integration opens the doorway to additional performance improvements
+which will be explored in the near future.
+
+**Note:** If Plex options are not configured, `cache` will function with its
+configured options without adapting any of its settings.
+
+How to enable? Run `rclone config` and add all the Plex options (endpoint, username
+and password) in your remote and it will be automatically enabled.
+
+Affected settings:
+- `cache-workers`: _Configured value_ during confirmed playback or _1_ all the other times
+
+##### Certificate Validation #####
+
+When the Plex server is configured to only accept secure connections, it is
+possible to use `.plex.direct` URLs to ensure certificate validation succeeds.
+These URLs are used by Plex internally to connect to the Plex server securely.
+
+The format for these URLs is the following:
+
+`https://ip-with-dots-replaced.server-hash.plex.direct:32400/`
+
+The `ip-with-dots-replaced` part can be any IPv4 address, where the dots
+have been replaced with dashes, e.g. `127.0.0.1` becomes `127-0-0-1`.
+
+To get the `server-hash` part, the easiest way is to visit
+
+https://plex.tv/api/resources?includeHttps=1&amp;X-Plex-Token=your-plex-token
+
+This page will list all the available Plex servers for your account
+with at least one `.plex.direct` link for each. Copy one URL and replace
+the IP address with the desired address. This can be used as the
+`plex_url` value.
+
+### Known issues ###
+
+#### Mount and --dir-cache-time ####
+
+--dir-cache-time controls the first layer of directory caching which works at the mount layer.
+Being an independent caching mechanism from the `cache` backend, it will manage its own entries
+based on the configured time.
+
+To avoid getting in a scenario where dir cache has obsolete data and cache would have the correct
+one, try to set `--dir-cache-time` to a lower time than `--cache-info-age`. Default values are
+already configured in this way. 
+
+#### Windows support - Experimental ####
+
+There are a couple of issues with Windows `mount` functionality that still require some investigations.
+It should be considered as experimental thus far as fixes come in for this OS.
+
+Most of the issues seem to be related to the difference between filesystems
+on Linux flavors and Windows as cache is heavily dependent on them.
+
+Any reports or feedback on how cache behaves on this OS is greatly appreciated.
+ 
+- https://github.com/rclone/rclone/issues/1935
+- https://github.com/rclone/rclone/issues/1907
+- https://github.com/rclone/rclone/issues/1834 
+
+#### Risk of throttling ####
+
+Future iterations of the cache backend will make use of the pooling functionality
+of the cloud provider to synchronize and at the same time make writing through it
+more tolerant to failures. 
+
+There are a couple of enhancements in track to add these but in the meantime
+there is a valid concern that the expiring cache listings can lead to cloud provider
+throttles or bans due to repeated queries on it for very large mounts.
+
+Some recommendations:
+- don&#39;t use a very small interval for entry information (`--cache-info-age`)
+- while writes aren&#39;t yet optimised, you can still write through `cache` which gives you the advantage
+of adding the file in the cache at the same time if configured to do so.
+
+Future enhancements:
+
+- https://github.com/rclone/rclone/issues/1937
+- https://github.com/rclone/rclone/issues/1936 
+
+#### cache and crypt ####
+
+One common scenario is to keep your data encrypted in the cloud provider
+using the `crypt` remote. `crypt` uses a similar technique to wrap around
+an existing remote and handles this translation in a seamless way.
+
+There is an issue with wrapping the remotes in this order:
+**cloud remote** -&gt; **crypt** -&gt; **cache**
+
+During testing, I experienced a lot of bans with the remotes in this order.
+I suspect it might be related to how crypt opens files on the cloud provider
+which makes it think we&#39;re downloading the full file instead of small chunks.
+Organizing the remotes in this order yields better results:
+**cloud remote** -&gt; **cache** -&gt; **crypt**
+
+#### absolute remote paths ####
+
+`cache` can not differentiate between relative and absolute paths for the wrapped remote.
+Any path given in the `remote` config setting and on the command line will be passed to
+the wrapped remote as is, but for storing the chunks on disk the path will be made
+relative by removing any leading `/` character.
+
+This behavior is irrelevant for most backend types, but there are backends where a leading `/`
+changes the effective directory, e.g. in the `sftp` backend paths starting with a `/` are
+relative to the root of the SSH server and paths without are relative to the user home directory.
+As a result `sftp:bin` and `sftp:/bin` will share the same cache folder, even if they represent
+a different directory on the SSH server.
+
+### Cache and Remote Control (--rc) ###
+Cache supports the new `--rc` mode in rclone and can be remote controlled through the following end points:
+By default, the listener is disabled if you do not add the flag.
+
+### rc cache/expire
+Purge a remote from the cache backend. Supports either a directory or a file.
+It supports both encrypted and unencrypted file names if cache is wrapped by crypt.
+
+Params:
+  - **remote** = path to remote **(required)**
+  - **withData** = true/false to delete cached data (chunks) as well _(optional, false by default)_
+
+
+### Standard options
+
+Here are the Standard options specific to cache (Cache a remote).
+
+#### --cache-remote
+
+Remote to cache.
+
+Normally should contain a &#39;:&#39; and a path, e.g. &quot;myremote:path/to/dir&quot;,
+&quot;myremote:bucket&quot; or maybe &quot;myremote:&quot; (not recommended).
+
+Properties:
+
+- Config:      remote
+- Env Var:     RCLONE_CACHE_REMOTE
+- Type:        string
+- Required:    true
+
+#### --cache-plex-url
+
+The URL of the Plex server.
+
+Properties:
+
+- Config:      plex_url
+- Env Var:     RCLONE_CACHE_PLEX_URL
+- Type:        string
+- Required:    false
+
+#### --cache-plex-username
+
+The username of the Plex user.
+
+Properties:
+
+- Config:      plex_username
+- Env Var:     RCLONE_CACHE_PLEX_USERNAME
+- Type:        string
+- Required:    false
+
+#### --cache-plex-password
+
+The password of the Plex user.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      plex_password
+- Env Var:     RCLONE_CACHE_PLEX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --cache-chunk-size
+
+The size of a chunk (partial file data).
+
+Use lower numbers for slower connections. If the chunk size is
+changed, any downloaded chunks will be invalid and cache-chunk-path
+will need to be cleared or unexpected EOF errors will occur.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_CACHE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Mi
+- Examples:
+    - &quot;1M&quot;
+        - 1 MiB
+    - &quot;5M&quot;
+        - 5 MiB
+    - &quot;10M&quot;
+        - 10 MiB
+
+#### --cache-info-age
+
+How long to cache file structure information (directory listings, file size, times, etc.). 
+If all write operations are done through the cache then you can safely make
+this value very large as the cache store will also be updated in real time.
+
+Properties:
+
+- Config:      info_age
+- Env Var:     RCLONE_CACHE_INFO_AGE
+- Type:        Duration
+- Default:     6h0m0s
+- Examples:
+    - &quot;1h&quot;
+        - 1 hour
+    - &quot;24h&quot;
+        - 24 hours
+    - &quot;48h&quot;
+        - 48 hours
+
+#### --cache-chunk-total-size
+
+The total size that the chunks can take up on the local disk.
+
+If the cache exceeds this value then it will start to delete the
+oldest chunks until it goes under this value.
+
+Properties:
+
+- Config:      chunk_total_size
+- Env Var:     RCLONE_CACHE_CHUNK_TOTAL_SIZE
+- Type:        SizeSuffix
+- Default:     10Gi
+- Examples:
+    - &quot;500M&quot;
+        - 500 MiB
+    - &quot;1G&quot;
+        - 1 GiB
+    - &quot;10G&quot;
+        - 10 GiB
+
+### Advanced options
+
+Here are the Advanced options specific to cache (Cache a remote).
+
+#### --cache-plex-token
+
+The plex token for authentication - auto set normally.
+
+Properties:
+
+- Config:      plex_token
+- Env Var:     RCLONE_CACHE_PLEX_TOKEN
+- Type:        string
+- Required:    false
+
+#### --cache-plex-insecure
+
+Skip all certificate verification when connecting to the Plex server.
+
+Properties:
+
+- Config:      plex_insecure
+- Env Var:     RCLONE_CACHE_PLEX_INSECURE
+- Type:        string
+- Required:    false
+
+#### --cache-db-path
+
+Directory to store file structure metadata DB.
+
+The remote name is used as the DB file name.
+
+Properties:
+
+- Config:      db_path
+- Env Var:     RCLONE_CACHE_DB_PATH
+- Type:        string
+- Default:     &quot;$HOME/.cache/rclone/cache-backend&quot;
+
+#### --cache-chunk-path
+
+Directory to cache chunk files.
+
+Path to where partial file data (chunks) are stored locally. The remote
+name is appended to the final path.
+
+This config follows the &quot;--cache-db-path&quot;. If you specify a custom
+location for &quot;--cache-db-path&quot; and don&#39;t specify one for &quot;--cache-chunk-path&quot;
+then &quot;--cache-chunk-path&quot; will use the same path as &quot;--cache-db-path&quot;.
+
+Properties:
+
+- Config:      chunk_path
+- Env Var:     RCLONE_CACHE_CHUNK_PATH
+- Type:        string
+- Default:     &quot;$HOME/.cache/rclone/cache-backend&quot;
+
+#### --cache-db-purge
+
+Clear all the cached data for this remote on start.
+
+Properties:
+
+- Config:      db_purge
+- Env Var:     RCLONE_CACHE_DB_PURGE
+- Type:        bool
+- Default:     false
+
+#### --cache-chunk-clean-interval
+
+How often should the cache perform cleanups of the chunk storage.
+
+The default value should be ok for most people. If you find that the
+cache goes over &quot;cache-chunk-total-size&quot; too often then try to lower
+this value to force it to perform cleanups more often.
+
+Properties:
+
+- Config:      chunk_clean_interval
+- Env Var:     RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
+- Type:        Duration
+- Default:     1m0s
+
+#### --cache-read-retries
+
+How many times to retry a read from a cache storage.
+
+Since reading from a cache stream is independent from downloading file
+data, readers can get to a point where there&#39;s no more data in the
+cache.  Most of the times this can indicate a connectivity issue if
+cache isn&#39;t able to provide file data anymore.
+
+For really slow connections, increase this to a point where the stream is
+able to provide data but your experience will be very stuttering.
+
+Properties:
+
+- Config:      read_retries
+- Env Var:     RCLONE_CACHE_READ_RETRIES
+- Type:        int
+- Default:     10
+
+#### --cache-workers
+
+How many workers should run in parallel to download chunks.
+
+Higher values will mean more parallel processing (better CPU needed)
+and more concurrent requests on the cloud provider.  This impacts
+several aspects like the cloud provider API limits, more stress on the
+hardware that rclone runs on but it also means that streams will be
+more fluid and data will be available much more faster to readers.
+
+**Note**: If the optional Plex integration is enabled then this
+setting will adapt to the type of reading performed and the value
+specified here will be used as a maximum number of workers to use.
+
+Properties:
+
+- Config:      workers
+- Env Var:     RCLONE_CACHE_WORKERS
+- Type:        int
+- Default:     4
+
+#### --cache-chunk-no-memory
+
+Disable the in-memory cache for storing chunks during streaming.
+
+By default, cache will keep file data during streaming in RAM as well
+to provide it to readers as fast as possible.
+
+This transient data is evicted as soon as it is read and the number of
+chunks stored doesn&#39;t exceed the number of workers. However, depending
+on other settings like &quot;cache-chunk-size&quot; and &quot;cache-workers&quot; this footprint
+can increase if there are parallel streams too (multiple files being read
+at the same time).
+
+If the hardware permits it, use this feature to provide an overall better
+performance during streaming but it can also be disabled if RAM is not
+available on the local machine.
+
+Properties:
+
+- Config:      chunk_no_memory
+- Env Var:     RCLONE_CACHE_CHUNK_NO_MEMORY
+- Type:        bool
+- Default:     false
+
+#### --cache-rps
+
+Limits the number of requests per second to the source FS (-1 to disable).
+
+This setting places a hard limit on the number of requests per second
+that cache will be doing to the cloud provider remote and try to
+respect that value by setting waits between reads.
+
+If you find that you&#39;re getting banned or limited on the cloud
+provider through cache and know that a smaller number of requests per
+second will allow you to work with it then you can use this setting
+for that.
+
+A good balance of all the other settings should make this setting
+useless but it is available to set for more special cases.
+
+**NOTE**: This will limit the number of requests during streams but
+other API calls to the cloud provider like directory listings will
+still pass.
+
+Properties:
+
+- Config:      rps
+- Env Var:     RCLONE_CACHE_RPS
+- Type:        int
+- Default:     -1
+
+#### --cache-writes
+
+Cache file data on writes through the FS.
+
+If you need to read files immediately after you upload them through
+cache you can enable this flag to have their data stored in the
+cache store at the same time during upload.
+
+Properties:
+
+- Config:      writes
+- Env Var:     RCLONE_CACHE_WRITES
+- Type:        bool
+- Default:     false
+
+#### --cache-tmp-upload-path
+
+Directory to keep temporary files until they are uploaded.
+
+This is the path where cache will use as a temporary storage for new
+files that need to be uploaded to the cloud provider.
+
+Specifying a value will enable this feature. Without it, it is
+completely disabled and files will be uploaded directly to the cloud
+provider
+
+Properties:
+
+- Config:      tmp_upload_path
+- Env Var:     RCLONE_CACHE_TMP_UPLOAD_PATH
+- Type:        string
+- Required:    false
+
+#### --cache-tmp-wait-time
+
+How long should files be stored in local cache before being uploaded.
+
+This is the duration that a file must wait in the temporary location
+_cache-tmp-upload-path_ before it is selected for upload.
+
+Note that only one file is uploaded at a time and it can take longer
+to start the upload if a queue formed for this purpose.
+
+Properties:
+
+- Config:      tmp_wait_time
+- Env Var:     RCLONE_CACHE_TMP_WAIT_TIME
+- Type:        Duration
+- Default:     15s
+
+#### --cache-db-wait-time
+
+How long to wait for the DB to be available - 0 is unlimited.
+
+Only one process can have the DB open at any one time, so rclone waits
+for this duration for the DB to become available before it gives an
+error.
+
+If you set it to 0 then it will wait forever.
+
+Properties:
+
+- Config:      db_wait_time
+- Env Var:     RCLONE_CACHE_DB_WAIT_TIME
+- Type:        Duration
+- Default:     1s
+
+## Backend commands
+
+Here are the commands specific to the cache backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### stats
+
+Print stats on the cache backend in JSON format.
+
+    rclone backend stats remote: [options] [&lt;arguments&gt;+]
+
+
+
+#  Chunker
+
+The `chunker` overlay transparently splits large files into smaller chunks
+during upload to wrapped remote and transparently assembles them back
+when the file is downloaded. This allows to effectively overcome size limits
+imposed by storage providers.
+
+## Configuration
+
+To use it, first set up the underlying remote following the configuration
+instructions for that remote. You can also use a local pathname instead of
+a remote.
+
+First check your chosen remote is working - we&#39;ll call it `remote:path` here.
+Note that anything inside `remote:path` will be chunked and anything outside
+won&#39;t. This means that if you are using a bucket-based remote (e.g. S3, B2, swift)
+then you should probably put the bucket in the remote `s3:bucket`.
+
+Now configure `chunker` using `rclone config`. We will call this one `overlay`
+to separate it from the `remote` itself.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; overlay Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Transparently chunk/split large files  "chunker" [snip] Storage&gt; chunker Remote to chunk/unchunk. Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended). Enter a string value. Press Enter for the default (""). remote&gt; remote:path Files larger than chunk size will be split in chunks. Enter a size with suffix K,M,G,T. Press Enter for the default ("2G"). chunk_size&gt; 100M Choose how chunker handles hash sums. All modes but "none" require metadata. Enter a string value. Press Enter for the default ("md5"). Choose a number from below, or type in your own value 1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise  "none" 2 / MD5 for composite files  "md5" 3 / SHA1 for composite files  "sha1" 4 / MD5 for all files  "md5all" 5 / SHA1 for all files  "sha1all" 6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported  "md5quick" 7 / Similar to "md5quick" but prefers SHA1 over MD5  "sha1quick" hash_type&gt; md5 Edit advanced config? (y/n) y) Yes n) No y/n&gt; n Remote config -------------------- [overlay] type = chunker remote = remote:bucket chunk_size = 100M hash_type = md5 -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+### Specifying the remote
+
+In normal use, make sure the remote has a `:` in. If you specify the remote
+without a `:` then rclone will use a local directory of that name.
+So if you use a remote of `/path/to/secret/files` then rclone will
+chunk stuff in that directory. If you use a remote of `name` then rclone
+will put files in a directory called `name` in the current directory.
+
+
+### Chunking
+
+When rclone starts a file upload, chunker checks the file size. If it
+doesn&#39;t exceed the configured chunk size, chunker will just pass the file
+to the wrapped remote (however, see caveat below). If a file is large, chunker will transparently cut
+data in pieces with temporary names and stream them one by one, on the fly.
+Each data chunk will contain the specified number of bytes, except for the
+last one which may have less data. If file size is unknown in advance
+(this is called a streaming upload), chunker will internally create
+a temporary copy, record its size and repeat the above process.
+
+When upload completes, temporary chunk files are finally renamed.
+This scheme guarantees that operations can be run in parallel and look
+from outside as atomic.
+A similar method with hidden temporary chunks is used for other operations
+(copy/move/rename, etc.). If an operation fails, hidden chunks are normally
+destroyed, and the target composite file stays intact.
+
+When a composite file download is requested, chunker transparently
+assembles it by concatenating data chunks in order. As the split is trivial
+one could even manually concatenate data chunks together to obtain the
+original content.
+
+When the `list` rclone command scans a directory on wrapped remote,
+the potential chunk files are accounted for, grouped and assembled into
+composite directory entries. Any temporary chunks are hidden.
+
+List and other commands can sometimes come across composite files with
+missing or invalid chunks, e.g. shadowed by like-named directory or
+another file. This usually means that wrapped file system has been directly
+tampered with or damaged. If chunker detects a missing chunk it will
+by default print warning, skip the whole incomplete group of chunks but
+proceed with current command.
+You can set the `--chunker-fail-hard` flag to have commands abort with
+error message in such cases.
+
+**Caveat**: As it is now, chunker will always create a temporary file in the 
+backend and then rename it, even if the file is below the chunk threshold.
+This will result in unnecessary API calls and can severely restrict throughput
+when handling transfers primarily composed of small files on some backends (e.g. Box).
+A workaround to this issue is to use chunker only for files above the chunk threshold
+via `--min-size` and then perform a separate call without chunker on the remaining
+files. 
+
+
+#### Chunk names
+
+The default chunk name format is `*.rclone_chunk.###`, hence by default
+chunk names are `BIG_FILE_NAME.rclone_chunk.001`,
+`BIG_FILE_NAME.rclone_chunk.002` etc. You can configure another name format
+using the `name_format` configuration file option. The format uses asterisk
+`*` as a placeholder for the base file name and one or more consecutive
+hash characters `#` as a placeholder for sequential chunk number.
+There must be one and only one asterisk. The number of consecutive hash
+characters defines the minimum length of a string representing a chunk number.
+If decimal chunk number has less digits than the number of hashes, it is
+left-padded by zeros. If the decimal string is longer, it is left intact.
+By default numbering starts from 1 but there is another option that allows
+user to start from 0, e.g. for compatibility with legacy software.
+
+For example, if name format is `big_*-##.part` and original file name is
+`data.txt` and numbering starts from 0, then the first chunk will be named
+`big_data.txt-00.part`, the 99th chunk will be `big_data.txt-98.part`
+and the 302nd chunk will become `big_data.txt-301.part`.
+
+Note that `list` assembles composite directory entries only when chunk names
+match the configured format and treats non-conforming file names as normal
+non-chunked files.
+
+When using `norename` transactions, chunk names will additionally have a unique
+file version suffix. For example, `BIG_FILE_NAME.rclone_chunk.001_bp562k`.
+
+
+### Metadata
+
+Besides data chunks chunker will by default create metadata object for
+a composite file. The object is named after the original file.
+Chunker allows user to disable metadata completely (the `none` format).
+Note that metadata is normally not created for files smaller than the
+configured chunk size. This may change in future rclone releases.
+
+#### Simple JSON metadata format
+
+This is the default format. It supports hash sums and chunk validation
+for composite files. Meta objects carry the following fields:
+
+- `ver`     - version of format, currently `1`
+- `size`    - total size of composite file
+- `nchunks` - number of data chunks in file
+- `md5`     - MD5 hashsum of composite file (if present)
+- `sha1`    - SHA1 hashsum (if present)
+- `txn`     - identifies current version of the file
+
+There is no field for composite file name as it&#39;s simply equal to the name
+of meta object on the wrapped remote. Please refer to respective sections
+for details on hashsums and modified time handling.
+
+#### No metadata
+
+You can disable meta objects by setting the meta format option to `none`.
+In this mode chunker will scan directory for all files that follow
+configured chunk name format, group them by detecting chunks with the same
+base name and show group names as virtual composite files.
+This method is more prone to missing chunk errors (especially missing
+last chunk) than format with metadata enabled.
+
+
+### Hashsums
+
+Chunker supports hashsums only when a compatible metadata is present.
+Hence, if you choose metadata format of `none`, chunker will report hashsum
+as `UNSUPPORTED`.
+
+Please note that by default metadata is stored only for composite files.
+If a file is smaller than configured chunk size, chunker will transparently
+redirect hash requests to wrapped remote, so support depends on that.
+You will see the empty string as a hashsum of requested type for small
+files if the wrapped remote doesn&#39;t support it.
+
+Many storage backends support MD5 and SHA1 hash types, so does chunker.
+With chunker you can choose one or another but not both.
+MD5 is set by default as the most supported type.
+Since chunker keeps hashes for composite files and falls back to the
+wrapped remote hash for non-chunked ones, we advise you to choose the same
+hash type as supported by wrapped remote so that your file listings
+look coherent.
+
+If your storage backend does not support MD5 or SHA1 but you need consistent
+file hashing, configure chunker with `md5all` or `sha1all`. These two modes
+guarantee given hash for all files. If wrapped remote doesn&#39;t support it,
+chunker will then add metadata to all files, even small. However, this can
+double the amount of small files in storage and incur additional service charges.
+You can even use chunker to force md5/sha1 support in any other remote
+at expense of sidecar meta objects by setting e.g. `hash_type=sha1all`
+to force hashsums and `chunk_size=1P` to effectively disable chunking.
+
+Normally, when a file is copied to chunker controlled remote, chunker
+will ask the file source for compatible file hash and revert to on-the-fly
+calculation if none is found. This involves some CPU overhead but provides
+a guarantee that given hashsum is available. Also, chunker will reject
+a server-side copy or move operation if source and destination hashsum
+types are different resulting in the extra network bandwidth, too.
+In some rare cases this may be undesired, so chunker provides two optional
+choices: `sha1quick` and `md5quick`. If the source does not support primary
+hash type and the quick mode is enabled, chunker will try to fall back to
+the secondary type. This will save CPU and bandwidth but can result in empty
+hashsums at destination. Beware of consequences: the `sync` command will
+revert (sometimes silently) to time/size comparison if compatible hashsums
+between source and target are not found.
+
+
+### Modification times
+
+Chunker stores modification times using the wrapped remote so support
+depends on that. For a small non-chunked file the chunker overlay simply
+manipulates modification time of the wrapped remote file.
+For a composite file with metadata chunker will get and set
+modification time of the metadata object on the wrapped remote.
+If file is chunked but metadata format is `none` then chunker will
+use modification time of the first data chunk.
+
+
+### Migrations
+
+The idiomatic way to migrate to a different chunk size, hash type, transaction
+style or chunk naming scheme is to:
+
+- Collect all your chunked files under a directory and have your
+  chunker remote point to it.
+- Create another directory (most probably on the same cloud storage)
+  and configure a new remote with desired metadata format,
+  hash type, chunk naming etc.
+- Now run `rclone sync --interactive oldchunks: newchunks:` and all your data
+  will be transparently converted in transfer.
+  This may take some time, yet chunker will try server-side
+  copy if possible.
+- After checking data integrity you may remove configuration section
+  of the old remote.
+
+If rclone gets killed during a long operation on a big composite file,
+hidden temporary chunks may stay in the directory. They will not be
+shown by the `list` command but will eat up your account quota.
+Please note that the `deletefile` command deletes only active
+chunks of a file. As a workaround, you can use remote of the wrapped
+file system to see them.
+An easy way to get rid of hidden garbage is to copy littered directory
+somewhere using the chunker remote and purge the original directory.
+The `copy` command will copy only active chunks while the `purge` will
+remove everything including garbage.
+
+
+### Caveats and Limitations
+
+Chunker requires wrapped remote to support server-side `move` (or `copy` +
+`delete`) operations, otherwise it will explicitly refuse to start.
+This is because it internally renames temporary chunk files to their final
+names when an operation completes successfully.
+
+Chunker encodes chunk number in file name, so with default `name_format`
+setting it adds 17 characters. Also chunker adds 7 characters of temporary
+suffix during operations. Many file systems limit base file name without path
+by 255 characters. Using rclone&#39;s crypt remote as a base file system limits
+file name by 143 characters. Thus, maximum name length is 231 for most files
+and 119 for chunker-over-crypt. A user in need can change name format to
+e.g. `*.rcc##` and save 10 characters (provided at most 99 chunks per file).
+
+Note that a move implemented using the copy-and-delete method may incur
+double charging with some cloud storage providers.
+
+Chunker will not automatically rename existing chunks when you run
+`rclone config` on a live remote and change the chunk name format.
+Beware that in result of this some files which have been treated as chunks
+before the change can pop up in directory listings as normal files
+and vice versa. The same warning holds for the chunk size.
+If you desperately need to change critical chunking settings, you should
+run data migration as described above.
+
+If wrapped remote is case insensitive, the chunker overlay will inherit
+that property (so you can&#39;t have a file called &quot;Hello.doc&quot; and &quot;hello.doc&quot;
+in the same directory).
+
+Chunker included in rclone releases up to `v1.54` can sometimes fail to
+detect metadata produced by recent versions of rclone. We recommend users
+to keep rclone up-to-date to avoid data corruption.
+
+Changing `transactions` is dangerous and requires explicit migration.
+
+
+### Standard options
+
+Here are the Standard options specific to chunker (Transparently chunk/split large files).
+
+#### --chunker-remote
+
+Remote to chunk/unchunk.
+
+Normally should contain a &#39;:&#39; and a path, e.g. &quot;myremote:path/to/dir&quot;,
+&quot;myremote:bucket&quot; or maybe &quot;myremote:&quot; (not recommended).
+
+Properties:
+
+- Config:      remote
+- Env Var:     RCLONE_CHUNKER_REMOTE
+- Type:        string
+- Required:    true
+
+#### --chunker-chunk-size
+
+Files larger than chunk size will be split in chunks.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_CHUNKER_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     2Gi
+
+#### --chunker-hash-type
+
+Choose how chunker handles hash sums.
+
+All modes but &quot;none&quot; require metadata.
+
+Properties:
+
+- Config:      hash_type
+- Env Var:     RCLONE_CHUNKER_HASH_TYPE
+- Type:        string
+- Default:     &quot;md5&quot;
+- Examples:
+    - &quot;none&quot;
+        - Pass any hash supported by wrapped remote for non-chunked files.
+        - Return nothing otherwise.
+    - &quot;md5&quot;
+        - MD5 for composite files.
+    - &quot;sha1&quot;
+        - SHA1 for composite files.
+    - &quot;md5all&quot;
+        - MD5 for all files.
+    - &quot;sha1all&quot;
+        - SHA1 for all files.
+    - &quot;md5quick&quot;
+        - Copying a file to chunker will request MD5 from the source.
+        - Falling back to SHA1 if unsupported.
+    - &quot;sha1quick&quot;
+        - Similar to &quot;md5quick&quot; but prefers SHA1 over MD5.
+
+### Advanced options
+
+Here are the Advanced options specific to chunker (Transparently chunk/split large files).
+
+#### --chunker-name-format
+
+String format of chunk file names.
+
+The two placeholders are: base file name (*) and chunk number (#...).
+There must be one and only one asterisk and one or more consecutive hash characters.
+If chunk number has less digits than the number of hashes, it is left-padded by zeros.
+If there are more digits in the number, they are left as is.
+Possible chunk files are ignored if their name does not match given format.
+
+Properties:
+
+- Config:      name_format
+- Env Var:     RCLONE_CHUNKER_NAME_FORMAT
+- Type:        string
+- Default:     &quot;*.rclone_chunk.###&quot;
+
+#### --chunker-start-from
+
+Minimum valid chunk number. Usually 0 or 1.
+
+By default chunk numbers start from 1.
+
+Properties:
+
+- Config:      start_from
+- Env Var:     RCLONE_CHUNKER_START_FROM
+- Type:        int
+- Default:     1
+
+#### --chunker-meta-format
+
+Format of the metadata object or &quot;none&quot;.
+
+By default &quot;simplejson&quot;.
+Metadata is a small JSON file named after the composite file.
+
+Properties:
+
+- Config:      meta_format
+- Env Var:     RCLONE_CHUNKER_META_FORMAT
+- Type:        string
+- Default:     &quot;simplejson&quot;
+- Examples:
+    - &quot;none&quot;
+        - Do not use metadata files at all.
+        - Requires hash type &quot;none&quot;.
+    - &quot;simplejson&quot;
+        - Simple JSON supports hash sums and chunk validation.
+        - 
+        - It has the following fields: ver, size, nchunks, md5, sha1.
+
+#### --chunker-fail-hard
+
+Choose how chunker should handle files with missing or invalid chunks.
+
+Properties:
+
+- Config:      fail_hard
+- Env Var:     RCLONE_CHUNKER_FAIL_HARD
+- Type:        bool
+- Default:     false
+- Examples:
+    - &quot;true&quot;
+        - Report errors and abort current command.
+    - &quot;false&quot;
+        - Warn user, skip incomplete file and proceed.
+
+#### --chunker-transactions
+
+Choose how chunker should handle temporary files during transactions.
+
+Properties:
+
+- Config:      transactions
+- Env Var:     RCLONE_CHUNKER_TRANSACTIONS
+- Type:        string
+- Default:     &quot;rename&quot;
+- Examples:
+    - &quot;rename&quot;
+        - Rename temporary files after a successful transaction.
+    - &quot;norename&quot;
+        - Leave temporary file names and write transaction ID to metadata file.
+        - Metadata is required for no rename transactions (meta format cannot be &quot;none&quot;).
+        - If you are using norename transactions you should be careful not to downgrade Rclone
+        - as older versions of Rclone don&#39;t support this transaction style and will misinterpret
+        - files manipulated by norename transactions.
+        - This method is EXPERIMENTAL, don&#39;t use on production systems.
+    - &quot;auto&quot;
+        - Rename or norename will be used depending on capabilities of the backend.
+        - If meta format is set to &quot;none&quot;, rename transactions will always be used.
+        - This method is EXPERIMENTAL, don&#39;t use on production systems.
+
+
+
+#  Citrix ShareFile
+
+[Citrix ShareFile](https://sharefile.com) is a secure file sharing and transfer service aimed as business.
+
+## Configuration
+
+The initial setup for Citrix ShareFile involves getting a token from
+Citrix ShareFile which you can in your browser.  `rclone config` walks you
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value XX / Citrix Sharefile  "sharefile" Storage&gt; sharefile ** See help for sharefile backend at: https://rclone.org/sharefile/ **</p>
+<p>ID of the root folder</p>
+<p>Leave blank to access "Personal Folders". You can use one of the standard values here or any folder ID (long hex number ID). Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Access the Personal Folders. (Default)  "" 2 / Access the Favorites folder.  "favorites" 3 / Access all the shared folders.  "allshared" 4 / Access all the individual connectors.  "connectors" 5 / Access the home, favorites, and shared folders as well as the connectors.  "top" root_folder_id&gt; Edit advanced config? (y/n) y) Yes n) No y/n&gt; n Remote config Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y) Yes n) No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX Log in and authorize rclone for access Waiting for code... Got code -------------------- [remote] type = sharefile endpoint = https://XXX.sharefile.com token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2019-09-30T19:41:45.878561877+01:00"} -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Citrix ShareFile. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on `http://127.0.0.1:53682/` and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your ShareFile
+
+    rclone lsd remote:
+
+List all the files in your ShareFile
+
+    rclone ls remote:
+
+To copy a local directory to an ShareFile directory called backup
+
+    rclone copy /home/source remote:backup
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+### Modification times and hashes
+
+ShareFile allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
+
+ShareFile supports MD5 type hashes, so you can use the `--checksum`
+flag.
+
+### Transfers
+
+For files above 128 MiB rclone will use a chunked transfer.  Rclone will
+upload up to `--transfers` chunks at the same time (shared among all
+the multipart uploads).  Chunks are buffered in memory and are
+normally 64 MiB so increasing `--transfers` will increase memory use.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \\        | 0x5C  | ＼           |
+| *         | 0x2A  | ＊           |
+| &lt;         | 0x3C  | ＜           |
+| &gt;         | 0x3E  | ＞           |
+| ?         | 0x3F  | ？           |
+| :         | 0x3A  | ：           |
+| \|        | 0x7C  | ｜           |
+| &quot;         | 0x22  | ＂           |
+
+File names can also not start or end with the following characters.
+These only get replaced if they are the first or last character in the
+name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+| .         | 0x2E  | ．           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to sharefile (Citrix Sharefile).
+
+#### --sharefile-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_SHAREFILE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --sharefile-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_SHAREFILE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --sharefile-root-folder-id
+
+ID of the root folder.
+
+Leave blank to access &quot;Personal Folders&quot;.  You can use one of the
+standard values here or any folder ID (long hex number ID).
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_SHAREFILE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - Access the Personal Folders (default).
+    - &quot;favorites&quot;
+        - Access the Favorites folder.
+    - &quot;allshared&quot;
+        - Access all the shared folders.
+    - &quot;connectors&quot;
+        - Access all the individual connectors.
+    - &quot;top&quot;
+        - Access the home, favorites, and shared folders as well as the connectors.
+
+### Advanced options
+
+Here are the Advanced options specific to sharefile (Citrix Sharefile).
+
+#### --sharefile-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_SHAREFILE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --sharefile-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_SHAREFILE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --sharefile-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_SHAREFILE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --sharefile-upload-cutoff
+
+Cutoff for switching to multipart upload.
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_SHAREFILE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     128Mi
+
+#### --sharefile-chunk-size
+
+Upload chunk size.
+
+Must a power of 2 &gt;= 256k.
+
+Making this larger will improve performance, but note that each chunk
+is buffered in memory one per transfer.
+
+Reducing this will reduce memory usage but decrease performance.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_SHAREFILE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     64Mi
+
+#### --sharefile-endpoint
+
+Endpoint for API calls.
+
+This is usually auto discovered as part of the oauth process, but can
+be set manually to something like: https://XXX.sharefile.com
+
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_SHAREFILE_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --sharefile-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_SHAREFILE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+
+## Limitations
+
+Note that ShareFile is case insensitive so you can&#39;t have a file called
+&quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+ShareFile only supports filenames up to 256 characters in length.
+
+`rclone about` is not supported by the Citrix ShareFile backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Crypt
+
+Rclone `crypt` remotes encrypt and decrypt other remotes.
+
+A remote of type `crypt` does not access a [storage system](https://rclone.org/overview/)
+directly, but instead wraps another remote, which in turn accesses
+the storage system. This is similar to how [alias](https://rclone.org/alias/),
+[union](https://rclone.org/union/), [chunker](https://rclone.org/chunker/)
+and a few others work. It makes the usage very flexible, as you can
+add a layer, in this case an encryption layer, on top of any other
+backend, even in multiple layers. Rclone&#39;s functionality
+can be used as with any other remote, for example you can
+[mount](https://rclone.org/commands/rclone_mount/) a crypt remote.
+
+Accessing a storage system through a crypt remote realizes client-side
+encryption, which makes it safe to keep your data in a location you do
+not trust will not get compromised.
+When working against the `crypt` remote, rclone will automatically
+encrypt (before uploading) and decrypt (after downloading) on your local
+system as needed on the fly, leaving the data encrypted at rest in the
+wrapped remote. If you access the storage system using an application
+other than rclone, or access the wrapped remote directly using rclone,
+there will not be any encryption/decryption: Downloading existing content
+will just give you the encrypted (scrambled) format, and anything you
+upload will *not* become encrypted.
+
+The encryption is a secret-key encryption (also called symmetric key encryption)
+algorithm, where a password (or pass phrase) is used to generate real encryption key.
+The password can be supplied by user, or you may chose to let rclone
+generate one. It will be stored in the configuration file, in a lightly obscured form.
+If you are in an environment where you are not able to keep your configuration
+secured, you should add
+[configuration encryption](https://rclone.org/docs/#configuration-encryption)
+as protection. As long as you have this configuration file, you will be able to
+decrypt your data. Without the configuration file, as long as you remember
+the password (or keep it in a safe place), you can re-create the configuration
+and gain access to the existing data. You may also configure a corresponding
+remote in a different installation to access the same data.
+See below for guidance to [changing password](#changing-password).
+
+Encryption uses [cryptographic salt](https://en.wikipedia.org/wiki/Salt_(cryptography)),
+to permute the encryption key so that the same string may be encrypted in
+different ways. When configuring the crypt remote it is optional to enter a salt,
+or to let rclone generate a unique salt. If omitted, rclone uses a built-in unique string.
+Normally in cryptography, the salt is stored together with the encrypted content,
+and do not have to be memorized by the user. This is not the case in rclone,
+because rclone does not store any additional information on the remotes. Use of
+custom salt is effectively a second password that must be memorized.
+
+[File content](#file-encryption) encryption is performed using
+[NaCl SecretBox](https://godoc.org/golang.org/x/crypto/nacl/secretbox),
+based on XSalsa20 cipher and Poly1305 for integrity.
+[Names](#name-encryption) (file- and directory names) are also encrypted
+by default, but this has some implications and is therefore
+possible to be turned off.
+
+## Configuration
+
+Here is an example of how to make a remote called `secret`.
+
+To use `crypt`, first set up the underlying remote. Follow the
+`rclone config` instructions for the specific backend.
+
+Before configuring the crypt remote, check the underlying remote is
+working. In this example the underlying remote is called `remote`.
+We will configure a path `path` within this remote to contain the
+encrypted content. Anything inside `remote:path` will be encrypted
+and anything outside will not.
+
+Configure `crypt` using `rclone config`. In this example the `crypt`
+remote is called `secret`, to differentiate it from the underlying
+`remote`.
+
+When you are done you can use the crypt remote named `secret` just
+as you would with any other remote, e.g. `rclone copy D:\docs secret:\docs`,
+and rclone will encrypt and decrypt as needed on the fly.
+If you access the wrapped remote `remote:path` directly you will bypass
+the encryption, and anything you read will be in encrypted form, and
+anything you write will be unencrypted. To avoid issues it is best to
+configure a dedicated path for encrypted content, and access it
+exclusively through a crypt remote.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; secret Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Encrypt/Decrypt a remote  "crypt" [snip] Storage&gt; crypt ** See help for crypt backend at: https://rclone.org/crypt/ **</p>
+<p>Remote to encrypt/decrypt. Normally should contain a ':' and a path, eg "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended). Enter a string value. Press Enter for the default (""). remote&gt; remote:path How to encrypt the filenames. Enter a string value. Press Enter for the default ("standard"). Choose a number from below, or type in your own value. / Encrypt the filenames. 1 | See the docs for the details.  "standard" 2 / Very simple filename obfuscation.  "obfuscate" / Don't encrypt the file names. 3 | Adds a ".bin" extension only.  "off" filename_encryption&gt; Option to either encrypt directory names or leave them intact.</p>
+<p>NB If filename_encryption is "off" then this option will do nothing. Enter a boolean value (true or false). Press Enter for the default ("true"). Choose a number from below, or type in your own value 1 / Encrypt directory names.  "true" 2 / Don't encrypt directory names, leave them intact.  "false" directory_name_encryption&gt; Password or pass phrase for encryption. y) Yes type in my own password g) Generate random password y/g&gt; y Enter the password: password: Confirm the password: password: Password or pass phrase for salt. Optional but recommended. Should be different to the previous password. y) Yes type in my own password g) Generate random password n) No leave this optional password blank (default) y/g/n&gt; g Password strength in bits. 64 is just about memorable 128 is secure 1024 is the maximum Bits&gt; 128 Your password is: JAsJvRcgR-_veXNfy_sGmQ Use this password? Please note that an obscured version of this password (and not the password itself) will be stored under your configuration file, so keep this generated password in a safe place. y) Yes (default) n) No y/n&gt; Edit advanced config? (y/n) y) Yes n) No (default) y/n&gt; Remote config -------------------- [secret] type = crypt remote = remote:path password = *** ENCRYPTED <strong><em> password2 = </em></strong> ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt;</p>
+<pre><code>
+**Important** The crypt password stored in `rclone.conf` is lightly
+obscured. That only protects it from cursory inspection. It is not
+secure unless [configuration encryption](https://rclone.org/docs/#configuration-encryption) of `rclone.conf` is specified.
+
+A long passphrase is recommended, or `rclone config` can generate a
+random one.
+
+The obscured password is created using AES-CTR with a static key. The
+salt is stored verbatim at the beginning of the obscured password. This
+static key is shared between all versions of rclone.
+
+If you reconfigure rclone with the same passwords/passphrases
+elsewhere it will be compatible, but the obscured version will be different
+due to the different salt.
+
+Rclone does not encrypt
+
+  * file length - this can be calculated within 16 bytes
+  * modification time - used for syncing
+
+### Specifying the remote
+
+When configuring the remote to encrypt/decrypt, you may specify any
+string that rclone accepts as a source/destination of other commands.
+
+The primary use case is to specify the path into an already configured
+remote (e.g. `remote:path/to/dir` or `remote:bucket`), such that
+data in a remote untrusted location can be stored encrypted.
+
+You may also specify a local filesystem path, such as
+`/path/to/dir` on Linux, `C:\path\to\dir` on Windows. By creating
+a crypt remote pointing to such a local filesystem path, you can
+use rclone as a utility for pure local file encryption, for example
+to keep encrypted files on a removable USB drive.
+
+**Note**: A string which do not contain a `:` will by rclone be treated
+as a relative path in the local filesystem. For example, if you enter
+the name `remote` without the trailing `:`, it will be treated as
+a subdirectory of the current directory with name &quot;remote&quot;.
+
+If a path `remote:path/to/dir` is specified, rclone stores encrypted
+files in `path/to/dir` on the remote. With file name encryption, files
+saved to `secret:subdir/subfile` are stored in the unencrypted path
+`path/to/dir` but the `subdir/subpath` element is encrypted.
+
+The path you specify does not have to exist, rclone will create
+it when needed.
+
+If you intend to use the wrapped remote both directly for keeping
+unencrypted content, as well as through a crypt remote for encrypted
+content, it is recommended to point the crypt remote to a separate
+directory within the wrapped remote. If you use a bucket-based storage
+system (e.g. Swift, S3, Google Compute Storage, B2) it is generally
+advisable to wrap the crypt remote around a specific bucket (`s3:bucket`).
+If wrapping around the entire root of the storage (`s3:`), and use the
+optional file name encryption, rclone will encrypt the bucket name.
+
+### Changing password
+
+Should the password, or the configuration file containing a lightly obscured
+form of the password, be compromised, you need to re-encrypt your data with
+a new password. Since rclone uses secret-key encryption, where the encryption
+key is generated directly from the password kept on the client, it is not
+possible to change the password/key of already encrypted content. Just changing
+the password configured for an existing crypt remote means you will no longer
+able to decrypt any of the previously encrypted content. The only possibility
+is to re-upload everything via a crypt remote configured with your new password.
+
+Depending on the size of your data, your bandwidth, storage quota etc, there are
+different approaches you can take:
+- If you have everything in a different location, for example on your local system,
+you could remove all of the prior encrypted files, change the password for your
+configured crypt remote (or delete and re-create the crypt configuration),
+and then re-upload everything from the alternative location.
+- If you have enough space on the storage system you can create a new crypt
+remote pointing to a separate directory on the same backend, and then use
+rclone to copy everything from the original crypt remote to the new,
+effectively decrypting everything on the fly using the old password and
+re-encrypting using the new password. When done, delete the original crypt
+remote directory and finally the rclone crypt configuration with the old password.
+All data will be streamed from the storage system and back, so you will
+get half the bandwidth and be charged twice if you have upload and download quota
+on the storage system.
+
+**Note**: A security problem related to the random password generator
+was fixed in rclone version 1.53.3 (released 2020-11-19). Passwords generated
+by rclone config in version 1.49.0 (released 2019-08-26) to 1.53.2
+(released 2020-10-26) are not considered secure and should be changed.
+If you made up your own password, or used rclone version older than 1.49.0 or
+newer than 1.53.2 to generate it, you are *not* affected by this issue.
+See [issue #4783](https://github.com/rclone/rclone/issues/4783) for more
+details, and a tool you can use to check if you are affected.
+
+### Example
+
+Create the following file structure using &quot;standard&quot; file name
+encryption.
+</code></pre>
+<p>plaintext/ ├── file0.txt ├── file1.txt └── subdir ├── file2.txt ├── file3.txt └── subsubdir └── file4.txt</p>
+<pre><code>
+Copy these to the remote, and list them
+</code></pre>
+<p>$ rclone -q copy plaintext secret: $ rclone -q ls secret: 7 file1.txt 6 file0.txt 8 subdir/file2.txt 10 subdir/subsubdir/file4.txt 9 subdir/file3.txt</p>
+<pre><code>
+The crypt remote looks like
+</code></pre>
+<p>$ rclone -q ls remote:path 55 hagjclgavj2mbiqm6u6cnjjqcg 54 v05749mltvv1tf4onltun46gls 57 86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo 58 86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc 56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps</p>
+<pre><code>
+The directory structure is preserved
+</code></pre>
+<p>$ rclone -q ls secret:subdir 8 file2.txt 9 file3.txt 10 subsubdir/file4.txt</p>
+<pre><code>
+Without file name encryption `.bin` extensions are added to underlying
+names. This prevents the cloud provider attempting to interpret file
+content.
+</code></pre>
+<p>$ rclone -q ls remote:path 54 file0.txt.bin 57 subdir/file3.txt.bin 56 subdir/file2.txt.bin 58 subdir/subsubdir/file4.txt.bin 55 file1.txt.bin</p>
+<pre><code>
+### File name encryption modes
+
+Off
+
+  * doesn&#39;t hide file names or directory structure
+  * allows for longer file names (~246 characters)
+  * can use sub paths and copy single files
+
+Standard
+
+  * file names encrypted
+  * file names can&#39;t be as long (~143 characters)
+  * can use sub paths and copy single files
+  * directory structure visible
+  * identical files names will have identical uploaded names
+  * can use shortcuts to shorten the directory recursion
+
+Obfuscation
+
+This is a simple &quot;rotate&quot; of the filename, with each file having a rot
+distance based on the filename. Rclone stores the distance at the
+beginning of the filename. A file called &quot;hello&quot; may become &quot;53.jgnnq&quot;.
+
+Obfuscation is not a strong encryption of filenames, but hinders
+automated scanning tools picking up on filename patterns. It is an
+intermediate between &quot;off&quot; and &quot;standard&quot; which allows for longer path
+segment names.
+
+There is a possibility with some unicode based filenames that the
+obfuscation is weak and may map lower case characters to upper case
+equivalents.
+
+Obfuscation cannot be relied upon for strong protection.
+
+  * file names very lightly obfuscated
+  * file names can be longer than standard encryption
+  * can use sub paths and copy single files
+  * directory structure visible
+  * identical files names will have identical uploaded names
+
+Cloud storage systems have limits on file name length and
+total path length which rclone is more likely to breach using
+&quot;Standard&quot; file name encryption.  Where file names are less than 156
+characters in length issues should not be encountered, irrespective of
+cloud storage provider.
+
+An experimental advanced option `filename_encoding` is now provided to
+address this problem to a certain degree.
+For cloud storage systems with case sensitive file names (e.g. Google Drive),
+`base64` can be used to reduce file name length. 
+For cloud storage systems using UTF-16 to store file names internally
+(e.g. OneDrive, Dropbox, Box), `base32768` can be used to drastically reduce
+file name length. 
+
+An alternative, future rclone file name encryption mode may tolerate
+backend provider path length limits.
+
+### Directory name encryption
+
+Crypt offers the option of encrypting dir names or leaving them intact.
+There are two options:
+
+True
+
+Encrypts the whole file path including directory names
+Example:
+`1/12/123.txt` is encrypted to
+`p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0`
+
+False
+
+Only encrypts file names, skips directory names
+Example:
+`1/12/123.txt` is encrypted to
+`1/12/qgm4avr35m5loi1th53ato71v0`
+
+
+### Modification times and hashes
+
+Crypt stores modification times using the underlying remote so support
+depends on that.
+
+Hashes are not stored for crypt. However the data integrity is
+protected by an extremely strong crypto authenticator.
+
+Use the `rclone cryptcheck` command to check the
+integrity of an encrypted remote instead of `rclone check` which can&#39;t
+check the checksums properly.
+
+
+### Standard options
+
+Here are the Standard options specific to crypt (Encrypt/Decrypt a remote).
+
+#### --crypt-remote
+
+Remote to encrypt/decrypt.
+
+Normally should contain a &#39;:&#39; and a path, e.g. &quot;myremote:path/to/dir&quot;,
+&quot;myremote:bucket&quot; or maybe &quot;myremote:&quot; (not recommended).
+
+Properties:
+
+- Config:      remote
+- Env Var:     RCLONE_CRYPT_REMOTE
+- Type:        string
+- Required:    true
+
+#### --crypt-filename-encryption
+
+How to encrypt the filenames.
+
+Properties:
+
+- Config:      filename_encryption
+- Env Var:     RCLONE_CRYPT_FILENAME_ENCRYPTION
+- Type:        string
+- Default:     &quot;standard&quot;
+- Examples:
+    - &quot;standard&quot;
+        - Encrypt the filenames.
+        - See the docs for the details.
+    - &quot;obfuscate&quot;
+        - Very simple filename obfuscation.
+    - &quot;off&quot;
+        - Don&#39;t encrypt the file names.
+        - Adds a &quot;.bin&quot;, or &quot;suffix&quot; extension only.
+
+#### --crypt-directory-name-encryption
+
+Option to either encrypt directory names or leave them intact.
+
+NB If filename_encryption is &quot;off&quot; then this option will do nothing.
+
+Properties:
+
+- Config:      directory_name_encryption
+- Env Var:     RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
+- Type:        bool
+- Default:     true
+- Examples:
+    - &quot;true&quot;
+        - Encrypt directory names.
+    - &quot;false&quot;
+        - Don&#39;t encrypt directory names, leave them intact.
+
+#### --crypt-password
+
+Password or pass phrase for encryption.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_CRYPT_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --crypt-password2
+
+Password or pass phrase for salt.
+
+Optional but recommended.
+Should be different to the previous password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password2
+- Env Var:     RCLONE_CRYPT_PASSWORD2
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to crypt (Encrypt/Decrypt a remote).
+
+#### --crypt-server-side-across-configs
+
+Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different crypt configs.
+
+Normally this option is not what you want, but if you have two crypts
+pointing to the same backend you can use it.
+
+This can be used, for example, to change file name encryption type
+without re-uploading all the data. Just make two crypt backends
+pointing to two different directories with the single changed
+parameter and use rclone move to move the files between the crypt
+remotes.
+
+Properties:
+
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
+
+#### --crypt-show-mapping
+
+For all files listed show how the names encrypt.
+
+If this flag is set then for each file that the remote is asked to
+list, it will log (at level INFO) a line stating the decrypted file
+name and the encrypted file name.
+
+This is so you can work out which encrypted names are which decrypted
+names just in case you need to do something with the encrypted file
+names, or for debugging purposes.
+
+Properties:
+
+- Config:      show_mapping
+- Env Var:     RCLONE_CRYPT_SHOW_MAPPING
+- Type:        bool
+- Default:     false
+
+#### --crypt-no-data-encryption
+
+Option to either encrypt file data or leave it unencrypted.
+
+Properties:
+
+- Config:      no_data_encryption
+- Env Var:     RCLONE_CRYPT_NO_DATA_ENCRYPTION
+- Type:        bool
+- Default:     false
+- Examples:
+    - &quot;true&quot;
+        - Don&#39;t encrypt file data, leave it unencrypted.
+    - &quot;false&quot;
+        - Encrypt file data.
+
+#### --crypt-pass-bad-blocks
+
+If set this will pass bad blocks through as all 0.
+
+This should not be set in normal operation, it should only be set if
+trying to recover an encrypted file with errors and it is desired to
+recover as much of the file as possible.
+
+Properties:
+
+- Config:      pass_bad_blocks
+- Env Var:     RCLONE_CRYPT_PASS_BAD_BLOCKS
+- Type:        bool
+- Default:     false
+
+#### --crypt-filename-encoding
+
+How to encode the encrypted filename to text string.
+
+This option could help with shortening the encrypted filename. The 
+suitable option would depend on the way your remote count the filename
+length and if it&#39;s case sensitive.
+
+Properties:
+
+- Config:      filename_encoding
+- Env Var:     RCLONE_CRYPT_FILENAME_ENCODING
+- Type:        string
+- Default:     &quot;base32&quot;
+- Examples:
+    - &quot;base32&quot;
+        - Encode using base32. Suitable for all remote.
+    - &quot;base64&quot;
+        - Encode using base64. Suitable for case sensitive remote.
+    - &quot;base32768&quot;
+        - Encode using base32768. Suitable if your remote counts UTF-16 or
+        - Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive, Dropbox)
+
+#### --crypt-suffix
+
+If this is set it will override the default suffix of &quot;.bin&quot;.
+
+Setting suffix to &quot;none&quot; will result in an empty suffix. This may be useful 
+when the path length is critical.
+
+Properties:
+
+- Config:      suffix
+- Env Var:     RCLONE_CRYPT_SUFFIX
+- Type:        string
+- Default:     &quot;.bin&quot;
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+## Backend commands
+
+Here are the commands specific to the crypt backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### encode
+
+Encode the given filename(s)
+
+    rclone backend encode remote: [options] [&lt;arguments&gt;+]
+
+This encodes the filenames given as arguments returning a list of
+strings of the encoded results.
+
+Usage Example:
+
+    rclone backend encode crypt: file1 [file2...]
+    rclone rc backend/command command=encode fs=crypt: file1 [file2...]
+
+
+### decode
+
+Decode the given filename(s)
+
+    rclone backend decode remote: [options] [&lt;arguments&gt;+]
+
+This decodes the filenames given as arguments returning a list of
+strings of the decoded results. It will return an error if any of the
+inputs are invalid.
+
+Usage Example:
+
+    rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
+    rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
+
+
+
+
+## Backing up an encrypted remote
+
+If you wish to backup an encrypted remote, it is recommended that you use
+`rclone sync` on the encrypted files, and make sure the passwords are
+the same in the new encrypted remote.
+
+This will have the following advantages
+
+  * `rclone sync` will check the checksums while copying
+  * you can use `rclone check` between the encrypted remotes
+  * you don&#39;t decrypt and encrypt unnecessarily
+
+For example, let&#39;s say you have your original remote at `remote:` with
+the encrypted version at `eremote:` with path `remote:crypt`.  You
+would then set up the new remote `remote2:` and then the encrypted
+version `eremote2:` with path `remote2:crypt` using the same passwords
+as `eremote:`.
+
+To sync the two remotes you would do
+
+    rclone sync --interactive remote:crypt remote2:crypt
+
+And to check the integrity you would do
+
+    rclone check remote:crypt remote2:crypt
+
+## File formats
+
+### File encryption
+
+Files are encrypted 1:1 source file to destination object.  The file
+has a header and is divided into chunks.
+
+#### Header
+
+  * 8 bytes magic string `RCLONE\x00\x00`
+  * 24 bytes Nonce (IV)
+
+The initial nonce is generated from the operating systems crypto
+strong random number generator.  The nonce is incremented for each
+chunk read making sure each nonce is unique for each block written.
+The chance of a nonce being reused is minuscule.  If you wrote an
+exabyte of data (10¹⁸ bytes) you would have a probability of
+approximately 2×10⁻³² of re-using a nonce.
+
+#### Chunk
+
+Each chunk will contain 64 KiB of data, except for the last one which
+may have less data. The data chunk is in standard NaCl SecretBox
+format. SecretBox uses XSalsa20 and Poly1305 to encrypt and
+authenticate messages.
+
+Each chunk contains:
+
+  * 16 Bytes of Poly1305 authenticator
+  * 1 - 65536 bytes XSalsa20 encrypted data
+
+64k chunk size was chosen as the best performing chunk size (the
+authenticator takes too much time below this and the performance drops
+off due to cache effects above this).  Note that these chunks are
+buffered in memory so they can&#39;t be too big.
+
+This uses a 32 byte (256 bit key) key derived from the user password.
+
+#### Examples
+
+1 byte file will encrypt to
+
+  * 32 bytes header
+  * 17 bytes data chunk
+
+49 bytes total
+
+1 MiB (1048576 bytes) file will encrypt to
+
+  * 32 bytes header
+  * 16 chunks of 65568 bytes
+
+1049120 bytes total (a 0.05% overhead). This is the overhead for big
+files.
+
+### Name encryption
+
+File names are encrypted segment by segment - the path is broken up
+into `/` separated strings and these are encrypted individually.
+
+File segments are padded using PKCS#7 to a multiple of 16 bytes
+before encryption.
+
+They are then encrypted with EME using AES with 256 bit key. EME
+(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
+paper &quot;A Parallelizable Enciphering Mode&quot; by Halevi and Rogaway.
+
+This makes for deterministic encryption which is what we want - the
+same filename must encrypt to the same thing otherwise we can&#39;t find
+it on the cloud storage system.
+
+This means that
+
+  * filenames with the same name will encrypt the same
+  * filenames which start the same won&#39;t have a common prefix
+
+This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of
+which are derived from the user password.
+
+After encryption they are written out using a modified version of
+standard `base32` encoding as described in RFC4648.  The standard
+encoding is modified in two ways:
+
+  * it becomes lower case (no-one likes upper case filenames!)
+  * we strip the padding character `=`
+
+`base32` is used rather than the more efficient `base64` so rclone can be
+used on case insensitive remotes (e.g. Windows, Amazon Drive).
+
+### Key derivation
+
+Rclone uses `scrypt` with parameters `N=16384, r=8, p=1` with an
+optional user supplied salt (password2) to derive the 32+32+16 = 80
+bytes of key material required.  If the user doesn&#39;t supply a salt
+then rclone uses an internal one.
+
+`scrypt` makes it impractical to mount a dictionary attack on rclone
+encrypted data.  For full protection against this you should always use
+a salt.
+
+## SEE ALSO
+
+* [rclone cryptdecode](https://rclone.org/commands/rclone_cryptdecode/)    - Show forward/reverse mapping of encrypted filenames
+
+#  Compress
+
+## Warning
+
+This remote is currently **experimental**. Things may break and data may be lost. Anything you do with this remote is
+at your own risk. Please understand the risks associated with using experimental code and don&#39;t use this remote in
+critical applications.
+
+The `Compress` remote adds compression to another remote. It is best used with remotes containing
+many large compressible files.
+
+## Configuration
+
+To use this remote, all you need to do is specify another remote and a compression mode to use:
+</code></pre>
+<p>Current remotes:</p>
+<p>Name Type ==== ==== remote_to_press sometype</p>
+<ol start="5" type="a">
+<li>Edit existing remote $ rclone config</li>
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Rename remote</li>
+<li>Copy remote</li>
+<li>Set configuration password</li>
+<li>Quit config e/n/d/r/c/s/q&gt; n name&gt; compress ... 8 / Compress a remote  "compress" ... Storage&gt; compress ** See help for compress backend at: https://rclone.org/compress/ **</li>
+</ol>
+<p>Remote to compress. Enter a string value. Press Enter for the default (""). remote&gt; remote_to_press:subdir Compression mode. Enter a string value. Press Enter for the default ("gzip"). Choose a number from below, or type in your own value 1 / Gzip compression balanced for speed and compression strength.  "gzip" compression_mode&gt; gzip Edit advanced config? (y/n) y) Yes n) No (default) y/n&gt; n Remote config -------------------- [compress] type = compress remote = remote_to_press:subdir compression_mode = gzip -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+### Compression Modes
+
+Currently only gzip compression is supported. It provides a decent balance between speed and size and is well
+supported by other applications. Compression strength can further be configured via an advanced setting where 0 is no
+compression and 9 is strongest compression.
+
+### File types
+
+If you open a remote wrapped by compress, you will see that there are many files with an extension corresponding to
+the compression algorithm you chose. These files are standard files that can be opened by various archive programs, 
+but they have some hidden metadata that allows them to be used by rclone.
+While you may download and decompress these files at will, do **not** manually delete or rename files. Files without
+correct metadata files will not be recognized by rclone.
+
+### File names
+
+The compressed files will be named `*.###########.gz` where `*` is the base file and the `#` part is base64 encoded 
+size of the uncompressed file. The file names should not be changed by anything other than the rclone compression backend.
+
+
+### Standard options
+
+Here are the Standard options specific to compress (Compress a remote).
+
+#### --compress-remote
+
+Remote to compress.
+
+Properties:
+
+- Config:      remote
+- Env Var:     RCLONE_COMPRESS_REMOTE
+- Type:        string
+- Required:    true
+
+#### --compress-mode
+
+Compression mode.
+
+Properties:
+
+- Config:      mode
+- Env Var:     RCLONE_COMPRESS_MODE
+- Type:        string
+- Default:     &quot;gzip&quot;
+- Examples:
+    - &quot;gzip&quot;
+        - Standard gzip compression with fastest parameters.
+
+### Advanced options
+
+Here are the Advanced options specific to compress (Compress a remote).
+
+#### --compress-level
+
+GZIP compression level (-2 to 9).
+
+Generally -1 (default, equivalent to 5) is recommended.
+Levels 1 to 9 increase compression at the cost of speed. Going past 6 
+generally offers very little return.
+
+Level -2 uses Huffman encoding only. Only use if you know what you
+are doing.
+Level 0 turns off compression.
+
+Properties:
+
+- Config:      level
+- Env Var:     RCLONE_COMPRESS_LEVEL
+- Type:        int
+- Default:     -1
+
+#### --compress-ram-cache-limit
+
+Some remotes don&#39;t allow the upload of files with unknown size.
+In this case the compressed file will need to be cached to determine
+it&#39;s size.
+
+Files smaller than this limit will be cached in RAM, files larger than 
+this limit will be cached on disk.
+
+Properties:
+
+- Config:      ram_cache_limit
+- Env Var:     RCLONE_COMPRESS_RAM_CACHE_LIMIT
+- Type:        SizeSuffix
+- Default:     20Mi
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Combine
+
+The `combine` backend joins remotes together into a single directory
+tree.
+
+For example you might have a remote for images on one provider:
+</code></pre>
+<p>$ rclone tree s3:imagesbucket / ├── image1.jpg └── image2.jpg</p>
+<pre><code>
+And a remote for files on another:
+</code></pre>
+<p>$ rclone tree drive:important/files / ├── file1.txt └── file2.txt</p>
+<pre><code>
+The `combine` backend can join these together into a synthetic
+directory structure like this:
+</code></pre>
+<p>$ rclone tree combined: / ├── files │ ├── file1.txt │ └── file2.txt └── images ├── image1.jpg └── image2.jpg</p>
+<pre><code>
+You&#39;d do this by specifying an `upstreams` parameter in the config
+like this
+
+    upstreams = images=s3:imagesbucket files=drive:important/files
+
+During the initial setup with `rclone config` you will specify the
+upstreams remotes as a space separated list. The upstream remotes can
+either be a local paths or other remotes.
+
+## Configuration
+
+Here is an example of how to make a combine called `remote` for the
+example above. First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. ... XX / Combine several remotes into one  (combine) ... Storage&gt; combine Option upstreams. Upstreams for combining These should be in the form dir=remote:path dir2=remote2:path Where before the = is specified the root directory and after is the remote to put there. Embedded spaces can be added using quotes "dir=remote:path with space" "dir2=remote2:path with space" Enter a fs.SpaceSepList value. upstreams&gt; images=s3:imagesbucket files=drive:important/files -------------------- [remote] type = combine upstreams = images=s3:imagesbucket files=drive:important/files -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+### Configuring for Google Drive Shared Drives
+
+Rclone has a convenience feature for making a combine backend for all
+the shared drives you have access to.
+
+Assuming your main (non shared drive) Google drive remote is called
+`drive:` you would run
+
+    rclone backend -o config drives drive:
+
+This would produce something like this:
+
+    [My Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+
+    [Test Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+
+    [AllDrives]
+    type = combine
+    upstreams = &quot;My Drive=My Drive:&quot; &quot;Test Drive=Test Drive:&quot;
+
+If you then add that config to your config file (find it with `rclone
+config file`) then you can access all the shared drives in one place
+with the `AllDrives:` remote.
+
+See [the Google Drive docs](https://rclone.org/drive/#drives) for full info.
+
+
+### Standard options
+
+Here are the Standard options specific to combine (Combine several remotes into one).
+
+#### --combine-upstreams
+
+Upstreams for combining
+
+These should be in the form
+
+    dir=remote:path dir2=remote2:path
+
+Where before the = is specified the root directory and after is the remote to
+put there.
+
+Embedded spaces can be added using quotes
+
+    &quot;dir=remote:path with space&quot; &quot;dir2=remote2:path with space&quot;
+
+
+
+Properties:
+
+- Config:      upstreams
+- Env Var:     RCLONE_COMBINE_UPSTREAMS
+- Type:        SpaceSepList
+- Default:     
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Dropbox
+
+Paths are specified as `remote:path`
+
+Dropbox paths may be as deep as required, e.g.
+`remote:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for dropbox involves getting a token from Dropbox
+which you need to do in your browser.  `rclone config` walks you
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<ol start="14" type="a">
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Quit config e/n/d/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Dropbox  "dropbox" [snip] Storage&gt; dropbox Dropbox App Key - leave blank normally. app_key&gt; Dropbox App Secret - leave blank normally. app_secret&gt; Remote config Please visit: https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&amp;response_type=code Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX -------------------- [remote] app_key = app_secret = token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX --------------------</li>
+<li>Yes this is OK</li>
+<li>Edit this remote</li>
+<li>Delete this remote y/e/d&gt; y</li>
+</ol>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Dropbox. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and it
+may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
+You can then use it like this,
+
+List directories in top level of your dropbox
+
+    rclone lsd remote:
+
+List all the files in your dropbox
+
+    rclone ls remote:
+
+To copy a local directory to a dropbox directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Dropbox for business
+
+Rclone supports Dropbox for business and Team Folders.
+
+When using Dropbox for business `remote:` and `remote:path/to/file`
+will refer to your personal folder.
+
+If you wish to see Team Folders you must use a leading `/` in the
+path, so `rclone lsd remote:/` will refer to the root and show you all
+Team Folders and your User Folder.
+
+You can then use team folders like this `remote:/TeamFolder` and
+`remote:/TeamFolder/path/to/file`.
+
+A leading `/` for a Dropbox personal account will do nothing, but it
+will take an extra HTTP transaction so it should be avoided.
+
+### Modification times and hashes
+
+Dropbox supports modified times, but the only way to set a
+modification time is to re-upload the file.
+
+This means that if you uploaded your data with an older version of
+rclone which didn&#39;t support the v2 API and modified times, rclone will
+decide to upload all your old data to fix the modification times.  If
+you don&#39;t want this to happen use `--size-only` or `--checksum` flag
+to stop it.
+
+Dropbox supports [its own hash
+type](https://www.dropbox.com/developers/reference/content-hash) which
+is checked for all transfers.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／           |
+| DEL       | 0x7F  | ␡           |
+| \         | 0x5C  | ＼           |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Batch mode uploads {#batch-mode}
+
+Using batch mode uploads is very important for performance when using
+the Dropbox API. See [the dropbox performance guide](https://developers.dropbox.com/dbx-performance-guide)
+for more info.
+
+There are 3 modes rclone can use for uploads.
+
+#### --dropbox-batch-mode off
+
+In this mode rclone will not use upload batching. This was the default
+before rclone v1.55. It has the disadvantage that it is very likely to
+encounter `too_many_requests` errors like this
+
+    NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
+
+When rclone receives these it has to wait for 15s or sometimes 300s
+before continuing which really slows down transfers.
+
+This will happen especially if `--transfers` is large, so this mode
+isn&#39;t recommended except for compatibility or investigating problems.
+
+#### --dropbox-batch-mode sync
+
+In this mode rclone will batch up uploads to the size specified by
+`--dropbox-batch-size` and commit them together.
+
+Using this mode means you can use a much higher `--transfers`
+parameter (32 or 64 works fine) without receiving `too_many_requests`
+errors.
+
+This mode ensures full data integrity.
+
+Note that there may be a pause when quitting rclone while rclone
+finishes up the last batch using this mode.
+
+#### --dropbox-batch-mode async
+
+In this mode rclone will batch up uploads to the size specified by
+`--dropbox-batch-size` and commit them together.
+
+However it will not wait for the status of the batch to be returned to
+the caller. This means rclone can use a much bigger batch size (much
+bigger than `--transfers`), at the cost of not being able to check the
+status of the upload.
+
+This provides the maximum possible upload speed especially with lots
+of small files, however rclone can&#39;t check the file got uploaded
+properly using this mode.
+
+If you are using this mode then using &quot;rclone check&quot; after the
+transfer completes is recommended. Or you could do an initial transfer
+with `--dropbox-batch-mode async` then do a final transfer with
+`--dropbox-batch-mode sync` (the default).
+
+Note that there may be a pause when quitting rclone while rclone
+finishes up the last batch using this mode.
+
+
+
+### Standard options
+
+Here are the Standard options specific to dropbox (Dropbox).
+
+#### --dropbox-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_DROPBOX_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --dropbox-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_DROPBOX_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to dropbox (Dropbox).
+
+#### --dropbox-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_DROPBOX_TOKEN
+- Type:        string
+- Required:    false
+
+#### --dropbox-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_DROPBOX_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --dropbox-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_DROPBOX_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --dropbox-chunk-size
+
+Upload chunk size (&lt; 150Mi).
+
+Any files larger than this will be uploaded in chunks of this size.
+
+Note that chunks are buffered in memory (one at a time) so rclone can
+deal with retries.  Setting this larger will increase the speed
+slightly (at most 10% for 128 MiB in tests) at the cost of using more
+memory.  It can be set smaller if you are tight on memory.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_DROPBOX_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     48Mi
+
+#### --dropbox-impersonate
+
+Impersonate this user when using a business account.
+
+Note that if you want to use impersonate, you should make sure this
+flag is set when running &quot;rclone config&quot; as this will cause rclone to
+request the &quot;members.read&quot; scope which it won&#39;t normally. This is
+needed to lookup a members email address into the internal ID that
+dropbox uses in the API.
+
+Using the &quot;members.read&quot; scope will require a Dropbox Team Admin
+to approve during the OAuth flow.
+
+You will have to use your own App (setting your own client_id and
+client_secret) to use this option as currently rclone&#39;s default set of
+permissions doesn&#39;t include &quot;members.read&quot;. This can be added once
+v1.55 or later is in use everywhere.
+
+
+Properties:
+
+- Config:      impersonate
+- Env Var:     RCLONE_DROPBOX_IMPERSONATE
+- Type:        string
+- Required:    false
+
+#### --dropbox-shared-files
+
+Instructs rclone to work on individual shared files.
+
+In this mode rclone&#39;s features are extremely limited - only list (ls, lsl, etc.) 
+operations and read operations (e.g. downloading) are supported in this mode.
+All other operations will be disabled.
+
+Properties:
+
+- Config:      shared_files
+- Env Var:     RCLONE_DROPBOX_SHARED_FILES
+- Type:        bool
+- Default:     false
+
+#### --dropbox-shared-folders
+
+Instructs rclone to work on shared folders.
+            
+When this flag is used with no path only the List operation is supported and 
+all available shared folders will be listed. If you specify a path the first part 
+will be interpreted as the name of shared folder. Rclone will then try to mount this 
+shared to the root namespace. On success shared folder rclone proceeds normally. 
+The shared folder is now pretty much a normal folder and all normal operations 
+are supported. 
+
+Note that we don&#39;t unmount the shared folder afterwards so the 
+--dropbox-shared-folders can be omitted after the first use of a particular 
+shared folder.
+
+Properties:
+
+- Config:      shared_folders
+- Env Var:     RCLONE_DROPBOX_SHARED_FOLDERS
+- Type:        bool
+- Default:     false
+
+#### --dropbox-pacer-min-sleep
+
+Minimum time to sleep between API calls.
+
+Properties:
+
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_DROPBOX_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     10ms
+
+#### --dropbox-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_DROPBOX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
+
+#### --dropbox-batch-mode
+
+Upload file batching sync|async|off.
+
+This sets the batch mode used by rclone.
+
+For full info see [the main docs](https://rclone.org/dropbox/#batch-mode)
+
+This has 3 possible values
+
+- off - no batching
+- sync - batch uploads and check completion (default)
+- async - batch upload and don&#39;t check completion
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+
+Properties:
+
+- Config:      batch_mode
+- Env Var:     RCLONE_DROPBOX_BATCH_MODE
+- Type:        string
+- Default:     &quot;sync&quot;
+
+#### --dropbox-batch-size
+
+Max number of files in upload batch.
+
+This sets the batch size of files to upload. It has to be less than 1000.
+
+By default this is 0 which means rclone which calculate the batch size
+depending on the setting of batch_mode.
+
+- batch_mode: async - default batch_size is 100
+- batch_mode: sync - default batch_size is the same as --transfers
+- batch_mode: off - not in use
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+Setting this is a great idea if you are uploading lots of small files
+as it will make them a lot quicker. You can use --transfers 32 to
+maximise throughput.
+
+
+Properties:
+
+- Config:      batch_size
+- Env Var:     RCLONE_DROPBOX_BATCH_SIZE
+- Type:        int
+- Default:     0
+
+#### --dropbox-batch-timeout
+
+Max time to allow an idle upload batch before uploading.
+
+If an upload batch is idle for more than this long then it will be
+uploaded.
+
+The default for this is 0 which means rclone will choose a sensible
+default based on the batch_mode in use.
+
+- batch_mode: async - default batch_timeout is 10s
+- batch_mode: sync - default batch_timeout is 500ms
+- batch_mode: off - not in use
+
+
+Properties:
+
+- Config:      batch_timeout
+- Env Var:     RCLONE_DROPBOX_BATCH_TIMEOUT
+- Type:        Duration
+- Default:     0s
+
+#### --dropbox-batch-commit-timeout
+
+Max time to wait for a batch to finish committing
+
+Properties:
+
+- Config:      batch_commit_timeout
+- Env Var:     RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT
+- Type:        Duration
+- Default:     10m0s
+
+
+
+## Limitations
+
+Note that Dropbox is case insensitive so you can&#39;t have a file called
+&quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+There are some file names such as `thumbs.db` which Dropbox can&#39;t
+store.  There is a full list of them in the [&quot;Ignored Files&quot; section
+of this document](https://www.dropbox.com/en/help/145).  Rclone will
+issue an error message `File name disallowed - not uploading` if it
+attempts to upload one of those file names, but the sync won&#39;t fail.
+
+Some errors may occur if you try to sync copyright-protected files
+because Dropbox has its own [copyright detector](https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/) that
+prevents this sort of file being downloaded. This will return the error `ERROR :
+/path/to/your/file: Failed to copy: failed to open source object:
+path/restricted_content/.`
+
+If you have more than 10,000 files in a directory then `rclone purge
+dropbox:dir` will return the error `Failed to purge: There are too
+many files involved in this operation`.  As a work-around do an
+`rclone delete dropbox:dir` followed by an `rclone rmdir dropbox:dir`.
+
+When using `rclone link` you&#39;ll need to set `--expire` if using a
+non-personal account otherwise the visibility may not be correct.
+(Note that `--expire` isn&#39;t supported on personal accounts). See the
+[forum discussion](https://forum.rclone.org/t/rclone-link-dropbox-permissions/23211) and the 
+[dropbox SDK issue](https://github.com/dropbox/dropbox-sdk-go-unofficial/issues/75).
+
+## Get your own Dropbox App ID
+
+When you use rclone with Dropbox in its default configuration you are using rclone&#39;s App ID. This is shared between all the rclone users.
+
+Here is how to create your own Dropbox App ID for rclone:
+
+1. Log into the [Dropbox App console](https://www.dropbox.com/developers/apps/create) with your Dropbox Account (It need not
+to be the same account as the Dropbox you want to access)
+
+2. Choose an API =&gt; Usually this should be `Dropbox API`
+
+3. Choose the type of access you want to use =&gt; `Full Dropbox` or `App Folder`. If you want to use Team Folders, `Full Dropbox` is required ([see here](https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-create-team-folder-inside-my-app-s-folder/m-p/601005/highlight/true#M27911)).
+
+4. Name your App. The app name is global, so you can&#39;t use `rclone` for example
+
+5. Click the button `Create App`
+
+6. Switch to the `Permissions` tab. Enable at least the following permissions: `account_info.read`, `files.metadata.write`, `files.content.write`, `files.content.read`, `sharing.write`. The `files.metadata.read` and `sharing.read` checkboxes will be marked too. Click `Submit`
+
+7. Switch to the `Settings` tab. Fill `OAuth2 - Redirect URIs` as `http://localhost:53682/` and click on `Add`
+
+8. Find the `App key` and `App secret` values on the `Settings` tab. Use these values in rclone config to add a new remote or edit an existing remote. The `App key` setting corresponds to `client_id` in rclone config, the `App secret` corresponds to `client_secret`
+
+#  Enterprise File Fabric
+
+This backend supports [Storage Made Easy&#39;s Enterprise File
+Fabric™](https://storagemadeeasy.com/about/) which provides a software
+solution to integrate and unify File and Object Storage accessible
+through a global file system.
+
+## Configuration
+
+The initial setup for the Enterprise File Fabric backend involves
+getting a token from the Enterprise File Fabric which you need to
+do in your browser.  `rclone config` walks you through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Enterprise File Fabric  "filefabric" [snip] Storage&gt; filefabric ** See help for filefabric backend at: https://rclone.org/filefabric/ **</p>
+<p>URL of the Enterprise File Fabric to connect to Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Storage Made Easy US  "https://storagemadeeasy.com" 2 / Storage Made Easy EU  "https://eu.storagemadeeasy.com" 3 / Connect to your Enterprise File Fabric  "https://yourfabric.smestorage.com" url&gt; https://yourfabric.smestorage.com/ ID of the root folder Leave blank normally.</p>
+<p>Fill in to make rclone start with directory of a given ID.</p>
+<p>Enter a string value. Press Enter for the default (""). root_folder_id&gt; Permanent Authentication Token</p>
+<p>A Permanent Authentication Token can be created in the Enterprise File Fabric, on the users Dashboard under Security, there is an entry you'll see called "My Authentication Tokens". Click the Manage button to create one.</p>
+<p>These tokens are normally valid for several years.</p>
+<p>For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens</p>
+<p>Enter a string value. Press Enter for the default (""). permanent_token&gt; xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx Edit advanced config? (y/n) y) Yes n) No (default) y/n&gt; n Remote config -------------------- [remote] type = filefabric url = https://yourfabric.smestorage.com/ permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Enterprise File Fabric
+
+    rclone lsd remote:
+
+List all the files in your Enterprise File Fabric
+
+    rclone ls remote:
+
+To copy a local directory to an Enterprise File Fabric directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+The Enterprise File Fabric allows modification times to be set on
+files accurate to 1 second.  These will be used to detect whether
+objects need syncing or not.
+
+The Enterprise File Fabric does not support any data hashes at this time.
+
+### Restricted filename characters
+
+The [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+will be replaced.
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Empty files
+
+Empty files aren&#39;t supported by the Enterprise File Fabric. Rclone will therefore
+upload an empty file as a single space with a mime type of
+`application/vnd.rclone.empty.file` and files with that mime type are
+treated as empty.
+
+### Root folder ID ###
+
+You can set the `root_folder_id` for rclone.  This is the directory
+(identified by its `Folder ID`) that rclone considers to be the root
+of your Enterprise File Fabric.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
+However you can set this to restrict rclone to a specific folder
+hierarchy.
+
+In order to do this you will have to find the `Folder ID` of the
+directory you wish rclone to display.  These aren&#39;t displayed in the
+web interface, but you can use `rclone lsf` to find them, for example
+</code></pre>
+<p>$ rclone lsf --dirs-only -Fip --csv filefabric: 120673758,Burnt PDFs/ 120673759,My Quick Uploads/ 120673755,My Syncs/ 120673756,My backups/ 120673757,My contacts/ 120673761,S3 Storage/</p>
+<pre><code>
+The ID for &quot;S3 Storage&quot; would be `120673761`.
+
+
+### Standard options
+
+Here are the Standard options specific to filefabric (Enterprise File Fabric).
+
+#### --filefabric-url
+
+URL of the Enterprise File Fabric to connect to.
+
+Properties:
+
+- Config:      url
+- Env Var:     RCLONE_FILEFABRIC_URL
+- Type:        string
+- Required:    true
+- Examples:
+    - &quot;https://storagemadeeasy.com&quot;
+        - Storage Made Easy US
+    - &quot;https://eu.storagemadeeasy.com&quot;
+        - Storage Made Easy EU
+    - &quot;https://yourfabric.smestorage.com&quot;
+        - Connect to your Enterprise File Fabric
+
+#### --filefabric-root-folder-id
+
+ID of the root folder.
+
+Leave blank normally.
+
+Fill in to make rclone start with directory of a given ID.
+
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_FILEFABRIC_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --filefabric-permanent-token
+
+Permanent Authentication Token.
+
+A Permanent Authentication Token can be created in the Enterprise File
+Fabric, on the users Dashboard under Security, there is an entry
+you&#39;ll see called &quot;My Authentication Tokens&quot;. Click the Manage button
+to create one.
+
+These tokens are normally valid for several years.
+
+For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+
+
+Properties:
+
+- Config:      permanent_token
+- Env Var:     RCLONE_FILEFABRIC_PERMANENT_TOKEN
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to filefabric (Enterprise File Fabric).
+
+#### --filefabric-token
+
+Session Token.
+
+This is a session token which rclone caches in the config file. It is
+usually valid for 1 hour.
+
+Don&#39;t set this value - rclone will set it automatically.
+
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_FILEFABRIC_TOKEN
+- Type:        string
+- Required:    false
+
+#### --filefabric-token-expiry
+
+Token expiry time.
+
+Don&#39;t set this value - rclone will set it automatically.
+
+
+Properties:
+
+- Config:      token_expiry
+- Env Var:     RCLONE_FILEFABRIC_TOKEN_EXPIRY
+- Type:        string
+- Required:    false
+
+#### --filefabric-version
+
+Version read from the file fabric.
+
+Don&#39;t set this value - rclone will set it automatically.
+
+
+Properties:
+
+- Config:      version
+- Env Var:     RCLONE_FILEFABRIC_VERSION
+- Type:        string
+- Required:    false
+
+#### --filefabric-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_FILEFABRIC_ENCODING
+- Type:        Encoding
+- Default:     Slash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+#  FTP
+
+FTP is the File Transfer Protocol. Rclone FTP support is provided using the
+[github.com/jlaffaye/ftp](https://godoc.org/github.com/jlaffaye/ftp)
+package.
+
+[Limitations of Rclone&#39;s FTP backend](#limitations)
+
+Paths are specified as `remote:path`. If the path does not begin with
+a `/` it is relative to the home directory of the user.  An empty path
+`remote:` refers to the user&#39;s home directory.
+
+## Configuration
+
+To create an FTP configuration named `remote`, run
+
+    rclone config
+
+Rclone config guides you through an interactive setup process. A minimal
+rclone FTP remote definition only requires host, username and password.
+For an anonymous FTP server, see [below](#anonymous-ftp).
+</code></pre>
+<p>No remotes found, make a new one? n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / FTP  "ftp" [snip] Storage&gt; ftp ** See help for ftp backend at: https://rclone.org/ftp/ **</p>
+<p>FTP host to connect to Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Connect to ftp.example.com  "ftp.example.com" host&gt; ftp.example.com FTP username Enter a string value. Press Enter for the default ("$USER"). user&gt; FTP port number Enter a signed integer. Press Enter for the default (21). port&gt; FTP password y) Yes type in my own password g) Generate random password y/g&gt; y Enter the password: password: Confirm the password: password: Use FTP over TLS (Implicit) Enter a boolean value (true or false). Press Enter for the default ("false"). tls&gt; Use FTP over TLS (Explicit) Enter a boolean value (true or false). Press Enter for the default ("false"). explicit_tls&gt; Remote config -------------------- [remote] type = ftp host = ftp.example.com pass = *** ENCRYPTED *** -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+To see all directories in the home directory of `remote`
+
+    rclone lsd remote:
+
+Make a new directory
+
+    rclone mkdir remote:path/to/directory
+
+List the contents of a directory
+
+    rclone ls remote:path/to/directory
+
+Sync `/home/local/directory` to the remote directory, deleting any
+excess files in the directory.
+
+    rclone sync --interactive /home/local/directory remote:directory
+
+### Anonymous FTP
+
+When connecting to a FTP server that allows anonymous login, you can use the
+special &quot;anonymous&quot; username. Traditionally, this user account accepts any
+string as a password, although it is common to use either the password
+&quot;anonymous&quot; or &quot;guest&quot;. Some servers require the use of a valid e-mail
+address as password.
+
+Using [on-the-fly](#backend-path-to-dir) or
+[connection string](https://rclone.org/docs/#connection-strings) remotes makes it easy to access
+such servers, without requiring any configuration in advance. The following
+are examples of that:
+
+    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
+    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):
+
+The above examples work in Linux shells and in PowerShell, but not Windows
+Command Prompt. They execute the [rclone obscure](https://rclone.org/commands/rclone_obscure/)
+command to create a password string in the format required by the
+[pass](#ftp-pass) option. The following examples are exactly the same, except use
+an already obscured string representation of the same password &quot;dummy&quot;, and
+therefore works even in Windows Command Prompt:
+
+    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
+    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:
+
+### Implicit TLS
+
+Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to
+be enabled in the FTP backend config for the remote, or with
+[`--ftp-tls`](#ftp-tls). The default FTPS port is `990`, not `21` and
+can be set with [`--ftp-port`](#ftp-port).
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+File names cannot end with the following characters. Replacement is
+limited to the last character in a file name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+
+Not all FTP servers can have all characters in file names, for example:
+
+| FTP Server| Forbidden characters |
+| --------- |:--------------------:|
+| proftpd   | `*`                  |
+| pureftpd  | `\ [ ]`              |
+
+This backend&#39;s interactive configuration wizard provides a selection of
+sensible encoding settings for major FTP servers: ProFTPd, PureFTPd, VsFTPd.
+Just hit a selection number when prompted.
+
+
+### Standard options
+
+Here are the Standard options specific to ftp (FTP).
+
+#### --ftp-host
+
+FTP host to connect to.
+
+E.g. &quot;ftp.example.com&quot;.
+
+Properties:
+
+- Config:      host
+- Env Var:     RCLONE_FTP_HOST
+- Type:        string
+- Required:    true
+
+#### --ftp-user
+
+FTP username.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_FTP_USER
+- Type:        string
+- Default:     &quot;$USER&quot;
+
+#### --ftp-port
+
+FTP port number.
+
+Properties:
+
+- Config:      port
+- Env Var:     RCLONE_FTP_PORT
+- Type:        int
+- Default:     21
+
+#### --ftp-pass
+
+FTP password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_FTP_PASS
+- Type:        string
+- Required:    false
+
+#### --ftp-tls
+
+Use Implicit FTPS (FTP over TLS).
+
+When using implicit FTP over TLS the client connects using TLS
+right from the start which breaks compatibility with
+non-TLS-aware servers. This is usually served over port 990 rather
+than port 21. Cannot be used in combination with explicit FTPS.
+
+Properties:
+
+- Config:      tls
+- Env Var:     RCLONE_FTP_TLS
+- Type:        bool
+- Default:     false
+
+#### --ftp-explicit-tls
+
+Use Explicit FTPS (FTP over TLS).
+
+When using explicit FTP over TLS the client explicitly requests
+security from the server in order to upgrade a plain text connection
+to an encrypted one. Cannot be used in combination with implicit FTPS.
+
+Properties:
+
+- Config:      explicit_tls
+- Env Var:     RCLONE_FTP_EXPLICIT_TLS
+- Type:        bool
+- Default:     false
+
+### Advanced options
+
+Here are the Advanced options specific to ftp (FTP).
+
+#### --ftp-concurrency
+
+Maximum number of FTP simultaneous connections, 0 for unlimited.
+
+Note that setting this is very likely to cause deadlocks so it should
+be used with care.
+
+If you are doing a sync or copy then make sure concurrency is one more
+than the sum of `--transfers` and `--checkers`.
+
+If you use `--check-first` then it just needs to be one more than the
+maximum of `--checkers` and `--transfers`.
+
+So for `concurrency 3` you&#39;d use `--checkers 2 --transfers 2
+--check-first` or `--checkers 1 --transfers 1`.
+
+
+
+Properties:
+
+- Config:      concurrency
+- Env Var:     RCLONE_FTP_CONCURRENCY
+- Type:        int
+- Default:     0
+
+#### --ftp-no-check-certificate
+
+Do not verify the TLS certificate of the server.
+
+Properties:
+
+- Config:      no_check_certificate
+- Env Var:     RCLONE_FTP_NO_CHECK_CERTIFICATE
+- Type:        bool
+- Default:     false
+
+#### --ftp-disable-epsv
+
+Disable using EPSV even if server advertises support.
+
+Properties:
+
+- Config:      disable_epsv
+- Env Var:     RCLONE_FTP_DISABLE_EPSV
+- Type:        bool
+- Default:     false
+
+#### --ftp-disable-mlsd
+
+Disable using MLSD even if server advertises support.
+
+Properties:
+
+- Config:      disable_mlsd
+- Env Var:     RCLONE_FTP_DISABLE_MLSD
+- Type:        bool
+- Default:     false
+
+#### --ftp-disable-utf8
+
+Disable using UTF-8 even if server advertises support.
+
+Properties:
+
+- Config:      disable_utf8
+- Env Var:     RCLONE_FTP_DISABLE_UTF8
+- Type:        bool
+- Default:     false
+
+#### --ftp-writing-mdtm
+
+Use MDTM to set modification time (VsFtpd quirk)
+
+Properties:
+
+- Config:      writing_mdtm
+- Env Var:     RCLONE_FTP_WRITING_MDTM
+- Type:        bool
+- Default:     false
+
+#### --ftp-force-list-hidden
+
+Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD.
+
+Properties:
+
+- Config:      force_list_hidden
+- Env Var:     RCLONE_FTP_FORCE_LIST_HIDDEN
+- Type:        bool
+- Default:     false
+
+#### --ftp-idle-timeout
+
+Max time before closing idle connections.
+
+If no connections have been returned to the connection pool in the time
+given, rclone will empty the connection pool.
+
+Set to 0 to keep connections indefinitely.
+
+
+Properties:
+
+- Config:      idle_timeout
+- Env Var:     RCLONE_FTP_IDLE_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --ftp-close-timeout
+
+Maximum time to wait for a response to close.
+
+Properties:
+
+- Config:      close_timeout
+- Env Var:     RCLONE_FTP_CLOSE_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --ftp-tls-cache-size
+
+Size of TLS session cache for all control and data connections.
+
+TLS cache allows to resume TLS sessions and reuse PSK between connections.
+Increase if default size is not enough resulting in TLS resumption errors.
+Enabled by default. Use 0 to disable.
+
+Properties:
+
+- Config:      tls_cache_size
+- Env Var:     RCLONE_FTP_TLS_CACHE_SIZE
+- Type:        int
+- Default:     32
+
+#### --ftp-disable-tls13
+
+Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+
+Properties:
+
+- Config:      disable_tls13
+- Env Var:     RCLONE_FTP_DISABLE_TLS13
+- Type:        bool
+- Default:     false
+
+#### --ftp-shut-timeout
+
+Maximum time to wait for data connection closing status.
+
+Properties:
+
+- Config:      shut_timeout
+- Env Var:     RCLONE_FTP_SHUT_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --ftp-ask-password
+
+Allow asking for FTP password when needed.
+
+If this is set and no password is supplied then rclone will ask for a password
+
+
+Properties:
+
+- Config:      ask_password
+- Env Var:     RCLONE_FTP_ASK_PASSWORD
+- Type:        bool
+- Default:     false
+
+#### --ftp-socks-proxy
+
+Socks 5 proxy host.
+        
+        Supports the format user:pass@host:port, user@host:port, host:port.
+        
+        Example:
+        
+            myUser:myPass@localhost:9005
+        
+
+Properties:
+
+- Config:      socks_proxy
+- Env Var:     RCLONE_FTP_SOCKS_PROXY
+- Type:        string
+- Required:    false
+
+#### --ftp-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_FTP_ENCODING
+- Type:        Encoding
+- Default:     Slash,Del,Ctl,RightSpace,Dot
+- Examples:
+    - &quot;Asterisk,Ctl,Dot,Slash&quot;
+        - ProFTPd can&#39;t handle &#39;*&#39; in file names
+    - &quot;BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket&quot;
+        - PureFTPd can&#39;t handle &#39;[]&#39; or &#39;*&#39; in file names
+    - &quot;Ctl,LeftPeriod,Slash&quot;
+        - VsFTPd can&#39;t handle file names starting with dot
+
+
+
+## Limitations
+
+FTP servers acting as rclone remotes must support `passive` mode.
+The mode cannot be configured as `passive` is the only supported one.
+Rclone&#39;s FTP implementation is not compatible with `active` mode
+as [the library it uses doesn&#39;t support it](https://github.com/jlaffaye/ftp/issues/29).
+This will likely never be supported due to security concerns.
+
+Rclone&#39;s FTP backend does not support any checksums but can compare
+file sizes.
+
+`rclone about` is not supported by the FTP backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+The implementation of : `--dump headers`,
+`--dump bodies`, `--dump auth` for debugging isn&#39;t the same as
+for rclone HTTP based backends - it has less fine grained control.
+
+`--timeout` isn&#39;t supported (but `--contimeout` is).
+
+`--bind` isn&#39;t supported.
+
+Rclone&#39;s FTP backend could support server-side move but does not
+at present.
+
+The `ftp_proxy` environment variable is not currently supported.
+
+### Modification times
+
+File modification time (timestamps) is supported to 1 second resolution
+for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP server.
+The `VsFTPd` server has non-standard implementation of time related protocol
+commands and needs a special configuration setting: `writing_mdtm = true`.
+
+Support for precise file time with other FTP servers varies depending on what
+protocol extensions they advertise. If all the `MLSD`, `MDTM` and `MFTM`
+extensions are present, rclone will use them together to provide precise time.
+Otherwise the times you see on the FTP server through rclone are those of the
+last file upload.
+
+You can use the following command to check whether rclone can use precise time
+with your FTP server: `rclone backend features your_ftp_remote:` (the trailing
+colon is important). Look for the number in the line tagged by `Precision`
+designating the remote time precision expressed as nanoseconds. A value of
+`1000000000` means that file time precision of 1 second is available.
+A value of `3153600000000000000` (or another large number) means &quot;unsupported&quot;.
+
+#  Google Cloud Storage
+
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+
+## Configuration
+
+The initial setup for google cloud storage involves getting a token from Google Cloud Storage
+which you need to do in your browser.  `rclone config` walks you
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<ol start="14" type="a">
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Quit config e/n/d/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Google Cloud Storage (this is not Google Drive)  "google cloud storage" [snip] Storage&gt; google cloud storage Google Application Client Id - leave blank normally. client_id&gt; Google Application Client Secret - leave blank normally. client_secret&gt; Project number optional - needed only for list/create/delete buckets - see your developer console. project_number&gt; 12345678 Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login. service_account_file&gt; Access Control List for new objects. Choose a number from below, or type in your own value 1 / Object owner gets OWNER access, and all Authenticated Users get READER access.  "authenticatedRead" 2 / Object owner gets OWNER access, and project team owners get OWNER access.  "bucketOwnerFullControl" 3 / Object owner gets OWNER access, and project team owners get READER access.  "bucketOwnerRead" 4 / Object owner gets OWNER access [default if left blank].  "private" 5 / Object owner gets OWNER access, and project team members get access according to their roles.  "projectPrivate" 6 / Object owner gets OWNER access, and all Users get READER access.  "publicRead" object_acl&gt; 4 Access Control List for new buckets. Choose a number from below, or type in your own value 1 / Project team owners get OWNER access, and all Authenticated Users get READER access.  "authenticatedRead" 2 / Project team owners get OWNER access [default if left blank].  "private" 3 / Project team members get access according to their roles.  "projectPrivate" 4 / Project team owners get OWNER access, and all Users get READER access.  "publicRead" 5 / Project team owners get OWNER access, and all Users get WRITER access.  "publicReadWrite" bucket_acl&gt; 2 Location for the newly created buckets. Choose a number from below, or type in your own value 1 / Empty for default location (US).  "" 2 / Multi-regional location for Asia.  "asia" 3 / Multi-regional location for Europe.  "eu" 4 / Multi-regional location for United States.  "us" 5 / Taiwan.  "asia-east1" 6 / Tokyo.  "asia-northeast1" 7 / Singapore.  "asia-southeast1" 8 / Sydney.  "australia-southeast1" 9 / Belgium.  "europe-west1" 10 / London.  "europe-west2" 11 / Iowa.  "us-central1" 12 / South Carolina.  "us-east1" 13 / Northern Virginia.  "us-east4" 14 / Oregon.  "us-west1" location&gt; 12 The storage class to use when storing objects in Google Cloud Storage. Choose a number from below, or type in your own value 1 / Default  "" 2 / Multi-regional storage class  "MULTI_REGIONAL" 3 / Regional storage class  "REGIONAL" 4 / Nearline storage class  "NEARLINE" 5 / Coldline storage class  "COLDLINE" 6 / Durable reduced availability storage class  "DURABLE_REDUCED_AVAILABILITY" storage_class&gt; 5 Remote config Use web browser to automatically authenticate rclone with remote?</li>
+</ol>
 <ul>
-<li>Config: user_agent</li>
-<li>Env Var: RCLONE_SIA_USER_AGENT</li>
-<li>Type: string</li>
-<li>Default: "Sia-Agent"</li>
+<li>Say Y if the machine running rclone has a web browser you can use</li>
+<li>Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N.</li>
 </ul>
-<h4 id="sia-encoding">--sia-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_SIA_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-25">Limitations</h2>
-<ul>
-<li>Modification times not supported</li>
-<li>Checksums not supported</li>
-<li><code>rclone about</code> not supported</li>
-<li>rclone can work only with <em>Siad</em> or <em>Sia-UI</em> at the moment, the <strong>SkyNet daemon is not supported yet.</strong></li>
-<li>Sia does not allow control characters or symbols like question and pound signs in file names. rclone will transparently <a href="https://rclone.org/overview/#encoding">encode</a> them for you, but you'd better be aware</li>
-</ul>
-<h1 id="swift">Swift</h1>
-<p>Swift refers to <a href="https://docs.openstack.org/swift/latest/">OpenStack Object Storage</a>. Commercial implementations of that being:</p>
-<ul>
-<li><a href="https://www.rackspace.com/cloud/files/">Rackspace Cloud Files</a></li>
-<li><a href="https://www.memset.com/cloud/storage/">Memset Memstore</a></li>
-<li><a href="https://www.ovh.co.uk/public-cloud/storage/object-storage/">OVH Object Storage</a></li>
-<li><a href="https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html">Oracle Cloud Storage</a></li>
-<li><a href="https://console.bluemix.net/docs/infrastructure/objectstorage-swift/index.html">IBM Bluemix Cloud ObjectStorage Swift</a></li>
-</ul>
-<p>Paths are specified as <code>remote:container</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:container/path/to/dir</code>.</p>
-<h2 id="configuration-34">Configuration</h2>
-<p>Here is an example of making a swift configuration. First run</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
-   \ &quot;swift&quot;
-[snip]
-Storage&gt; swift
-Get swift credentials from environment variables in standard OpenStack form.
-Choose a number from below, or type in your own value
- 1 / Enter swift credentials in the next step
-   \ &quot;false&quot;
- 2 / Get swift credentials from environment vars. Leave other fields blank if using this.
-   \ &quot;true&quot;
-env_auth&gt; true
-User name to log in (OS_USERNAME).
-user&gt; 
-API key or password (OS_PASSWORD).
-key&gt; 
-Authentication URL for server (OS_AUTH_URL).
-Choose a number from below, or type in your own value
- 1 / Rackspace US
-   \ &quot;https://auth.api.rackspacecloud.com/v1.0&quot;
- 2 / Rackspace UK
-   \ &quot;https://lon.auth.api.rackspacecloud.com/v1.0&quot;
- 3 / Rackspace v2
-   \ &quot;https://identity.api.rackspacecloud.com/v2.0&quot;
- 4 / Memset Memstore UK
-   \ &quot;https://auth.storage.memset.com/v1.0&quot;
- 5 / Memset Memstore UK v2
-   \ &quot;https://auth.storage.memset.com/v2.0&quot;
- 6 / OVH
-   \ &quot;https://auth.cloud.ovh.net/v3&quot;
-auth&gt; 
-User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
-user_id&gt; 
-User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-domain&gt; 
-Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-tenant&gt; 
-Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-tenant_id&gt; 
-Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-tenant_domain&gt; 
-Region name - optional (OS_REGION_NAME)
-region&gt; 
-Storage URL - optional (OS_STORAGE_URL)
-storage_url&gt; 
-Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-auth_token&gt; 
-AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-auth_version&gt; 
-Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE)
-Choose a number from below, or type in your own value
- 1 / Public (default, choose this if not sure)
-   \ &quot;public&quot;
- 2 / Internal (use internal service net)
-   \ &quot;internal&quot;
- 3 / Admin
-   \ &quot;admin&quot;
-endpoint_type&gt; 
-Remote config
---------------------
-[test]
-env_auth = true
-user = 
-key = 
-auth = 
-user_id = 
-domain = 
-tenant = 
-tenant_id = 
-tenant_domain = 
-region = 
-storage_url = 
-auth_token = 
-auth_version = 
-endpoint_type = 
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This remote is called <code>remote</code> and can now be used like this</p>
-<p>See all containers</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>Make a new container</p>
-<pre><code>rclone mkdir remote:container</code></pre>
-<p>List the contents of a container</p>
-<pre><code>rclone ls remote:container</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote container, deleting any excess files in the container.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:container</code></pre>
-<h3 id="configuration-from-an-openstack-credentials-file">Configuration from an OpenStack credentials file</h3>
-<p>An OpenStack credentials file typically looks something something like this (without the comments)</p>
-<pre><code>export OS_AUTH_URL=https://a.provider.net/v2.0
-export OS_TENANT_ID=ffffffffffffffffffffffffffffffff
-export OS_TENANT_NAME=&quot;1234567890123456&quot;
-export OS_USERNAME=&quot;123abc567xy&quot;
-echo &quot;Please enter your OpenStack Password: &quot;
-read -sr OS_PASSWORD_INPUT
-export OS_PASSWORD=$OS_PASSWORD_INPUT
-export OS_REGION_NAME=&quot;SBG1&quot;
-if [ -z &quot;$OS_REGION_NAME&quot; ]; then unset OS_REGION_NAME; fi</code></pre>
-<p>The config file needs to look something like this where <code>$OS_USERNAME</code> represents the value of the <code>OS_USERNAME</code> variable - <code>123abc567xy</code> in the example above.</p>
-<pre><code>[remote]
-type = swift
-user = $OS_USERNAME
-key = $OS_PASSWORD
-auth = $OS_AUTH_URL
-tenant = $OS_TENANT_NAME</code></pre>
-<p>Note that you may (or may not) need to set <code>region</code> too - try without first.</p>
-<h3 id="configuration-from-the-environment">Configuration from the environment</h3>
-<p>If you prefer you can configure rclone to use swift using a standard set of OpenStack environment variables.</p>
-<p>When you run through the config, make sure you choose <code>true</code> for <code>env_auth</code> and leave everything else blank.</p>
-<p>rclone will then set any empty config parameters from the environment using standard OpenStack environment variables. There is <a href="https://godoc.org/github.com/ncw/swift#Connection.ApplyEnvironment">a list of the variables</a> in the docs for the swift library.</p>
-<h3 id="using-an-alternate-authentication-method">Using an alternate authentication method</h3>
-<p>If your OpenStack installation uses a non-standard authentication method that might not be yet supported by rclone or the underlying swift library, you can authenticate externally (e.g. calling manually the <code>openstack</code> commands to get a token). Then, you just need to pass the two configuration variables <code>auth_token</code> and <code>storage_url</code>. If they are both provided, the other variables are ignored. rclone will not try to authenticate but instead assume it is already authenticated and use these two variables to access the OpenStack installation.</p>
-<h4 id="using-rclone-without-a-config-file">Using rclone without a config file</h4>
-<p>You can use rclone with swift without a config file, if desired, like this:</p>
-<pre><code>source openstack-credentials-file
-export RCLONE_CONFIG_MYREMOTE_TYPE=swift
-export RCLONE_CONFIG_MYREMOTE_ENV_AUTH=true
-rclone lsd myremote:</code></pre>
-<h3 id="fast-list-7">--fast-list</h3>
-<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details.</p>
-<h3 id="update-and---use-server-modtime">--update and --use-server-modtime</h3>
-<p>As noted below, the modified time is stored on metadata on the object. It is used by default for all operations that require checking the time a file was last updated. It allows rclone to treat the remote more like a true filesystem, but it is inefficient because it requires an extra API call to retrieve the metadata.</p>
-<p>For many operations, the time the object was last uploaded to the remote is sufficient to determine if it is "dirty". By using <code>--update</code> along with <code>--use-server-modtime</code>, you can avoid the extra API call and simply upload files whose local modtime is newer than the time it was last uploaded.</p>
-<h3 id="modified-time-11">Modified time</h3>
-<p>The modified time is stored as metadata on the object as <code>X-Object-Meta-Mtime</code> as floating point since the epoch accurate to 1 ns.</p>
-<p>This is a de facto standard (used in the official python-swiftclient amongst others) for storing the modification time for an object.</p>
-<h3 id="restricted-filename-characters-22">Restricted filename characters</h3>
+<ol start="25" type="a">
+<li>Yes</li>
+<li>No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code -------------------- [remote] type = google cloud storage client_id = client_secret = token = {"AccessToken":"xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx","Expiry":"2014-07-17T20:49:14.929208288+01:00","Extra":null} project_number = 12345678 object_acl = private bucket_acl = private --------------------</li>
+<li>Yes this is OK</li>
+<li>Edit this remote</li>
+<li>Delete this remote y/e/d&gt; y</li>
+</ol>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Google if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and this
+it may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
+This remote is called `remote` and can now be used like this
+
+See all the buckets in your project
+
+    rclone lsd remote:
+
+Make a new bucket
+
+    rclone mkdir remote:bucket
+
+List the contents of a bucket
+
+    rclone ls remote:bucket
+
+Sync `/home/local/directory` to the remote bucket, deleting any excess
+files in the bucket.
+
+    rclone sync --interactive /home/local/directory remote:bucket
+
+### Service Account support
+
+You can set up rclone with Google Cloud Storage in an unattended mode,
+i.e. not tied to a specific end-user Google account. This is useful
+when you want to synchronise files onto machines that don&#39;t have
+actively logged-in users, for example build machines.
+
+To get credentials for Google Cloud Platform
+[IAM Service Accounts](https://cloud.google.com/iam/docs/service-accounts),
+please head to the
+[Service Account](https://console.cloud.google.com/permissions/serviceaccounts)
+section of the Google Developer Console. Service Accounts behave just
+like normal `User` permissions in
+[Google Cloud Storage ACLs](https://cloud.google.com/storage/docs/access-control),
+so you can limit their access (e.g. make them read only). After
+creating an account, a JSON file containing the Service Account&#39;s
+credentials will be downloaded onto your machines. These credentials
+are what rclone will use for authentication.
+
+To use a Service Account instead of OAuth2 token flow, enter the path
+to your Service Account credentials at the `service_account_file`
+prompt and rclone won&#39;t use the browser based authentication
+flow. If you&#39;d rather stuff the contents of the credentials file into
+the rclone config file, you can set `service_account_credentials` with
+the actual contents of the file instead, or set the equivalent
+environment variable.
+
+### Anonymous Access
+
+For downloads of objects that permit public access you can configure rclone
+to use anonymous access by setting `anonymous` to `true`.
+With unauthorized access you can&#39;t write or create files but only read or list
+those buckets and objects that have public read access.
+
+### Application Default Credentials
+
+If no other source of credentials is provided, rclone will fall back
+to
+[Application Default Credentials](https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials)
+this is useful both when you already have configured authentication
+for your developer account, or in production when running on a google
+compute host. Note that if running in docker, you may need to run
+additional commands on your google compute machine -
+[see this page](https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper).
+
+Note that in the case application default credentials are used, there
+is no need to explicitly configure a project number.
+
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Custom upload headers
+
+You can set custom upload headers with the `--header-upload`
+flag. Google Cloud Storage supports the headers as described in the
+[working with metadata documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WorkingWithObjectMetadata)
+
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+- X-Goog-Storage-Class
+- X-Goog-Meta-
+
+Eg `--header-upload &quot;Content-Type text/potato&quot;`
+
+Note that the last of these is for setting custom metadata in the form
+`--header-upload &quot;x-goog-meta-key: value&quot;`
+
+### Modification times
+
+Google Cloud Storage stores md5sum natively.
+Google&#39;s [gsutil](https://cloud.google.com/storage/docs/gsutil) tool stores modification time
+with one-second precision as `goog-reserved-file-mtime` in file metadata.
+
+To ensure compatibility with gsutil, rclone stores modification time in 2 separate metadata entries.
+`mtime` uses RFC3339 format with one-nanosecond precision.
+`goog-reserved-file-mtime` uses Unix timestamp format with one-second precision.
+To get modification time from object metadata, rclone reads the metadata in the following order: `mtime`, `goog-reserved-file-mtime`, object updated time.
+
+Note that rclone&#39;s default modify window is 1ns.
+Files uploaded by gsutil only contain timestamps with one-second precision.
+If you use rclone to sync files previously uploaded by gsutil,
+rclone will attempt to update modification time for all these files.
+To avoid these possibly unnecessary updates, use `--modify-window 1s`.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| LF        | 0x0A  | ␊           |
+| CR        | 0x0D  | ␍           |
+| /         | 0x2F  | ／          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
+
+#### --gcs-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_GCS_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --gcs-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_GCS_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --gcs-project-number
+
+Project number.
+
+Optional - needed only for list/create/delete buckets - see your developer console.
+
+Properties:
+
+- Config:      project_number
+- Env Var:     RCLONE_GCS_PROJECT_NUMBER
+- Type:        string
+- Required:    false
+
+#### --gcs-user-project
+
+User project.
+
+Optional - needed only for requester pays.
+
+Properties:
+
+- Config:      user_project
+- Env Var:     RCLONE_GCS_USER_PROJECT
+- Type:        string
+- Required:    false
+
+#### --gcs-service-account-file
+
+Service Account Credentials JSON file path.
+
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
+
+Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
+
+Properties:
+
+- Config:      service_account_file
+- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_FILE
+- Type:        string
+- Required:    false
+
+#### --gcs-service-account-credentials
+
+Service Account Credentials JSON blob.
+
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
+
+Properties:
+
+- Config:      service_account_credentials
+- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
+- Type:        string
+- Required:    false
+
+#### --gcs-anonymous
+
+Access public buckets and objects without credentials.
+
+Set to &#39;true&#39; if you just want to download files and don&#39;t configure credentials.
+
+Properties:
+
+- Config:      anonymous
+- Env Var:     RCLONE_GCS_ANONYMOUS
+- Type:        bool
+- Default:     false
+
+#### --gcs-object-acl
+
+Access Control List for new objects.
+
+Properties:
+
+- Config:      object_acl
+- Env Var:     RCLONE_GCS_OBJECT_ACL
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;authenticatedRead&quot;
+        - Object owner gets OWNER access.
+        - All Authenticated Users get READER access.
+    - &quot;bucketOwnerFullControl&quot;
+        - Object owner gets OWNER access.
+        - Project team owners get OWNER access.
+    - &quot;bucketOwnerRead&quot;
+        - Object owner gets OWNER access.
+        - Project team owners get READER access.
+    - &quot;private&quot;
+        - Object owner gets OWNER access.
+        - Default if left blank.
+    - &quot;projectPrivate&quot;
+        - Object owner gets OWNER access.
+        - Project team members get access according to their roles.
+    - &quot;publicRead&quot;
+        - Object owner gets OWNER access.
+        - All Users get READER access.
+
+#### --gcs-bucket-acl
+
+Access Control List for new buckets.
+
+Properties:
+
+- Config:      bucket_acl
+- Env Var:     RCLONE_GCS_BUCKET_ACL
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;authenticatedRead&quot;
+        - Project team owners get OWNER access.
+        - All Authenticated Users get READER access.
+    - &quot;private&quot;
+        - Project team owners get OWNER access.
+        - Default if left blank.
+    - &quot;projectPrivate&quot;
+        - Project team members get access according to their roles.
+    - &quot;publicRead&quot;
+        - Project team owners get OWNER access.
+        - All Users get READER access.
+    - &quot;publicReadWrite&quot;
+        - Project team owners get OWNER access.
+        - All Users get WRITER access.
+
+#### --gcs-bucket-policy-only
+
+Access checks should use bucket-level IAM policies.
+
+If you want to upload objects to a bucket with Bucket Policy Only set
+then you will need to set this.
+
+When it is set, rclone:
+
+- ignores ACLs set on buckets
+- ignores ACLs set on objects
+- creates buckets with Bucket Policy Only set
+
+Docs: https://cloud.google.com/storage/docs/bucket-policy-only
+
+
+Properties:
+
+- Config:      bucket_policy_only
+- Env Var:     RCLONE_GCS_BUCKET_POLICY_ONLY
+- Type:        bool
+- Default:     false
+
+#### --gcs-location
+
+Location for the newly created buckets.
+
+Properties:
+
+- Config:      location
+- Env Var:     RCLONE_GCS_LOCATION
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - Empty for default location (US)
+    - &quot;asia&quot;
+        - Multi-regional location for Asia
+    - &quot;eu&quot;
+        - Multi-regional location for Europe
+    - &quot;us&quot;
+        - Multi-regional location for United States
+    - &quot;asia-east1&quot;
+        - Taiwan
+    - &quot;asia-east2&quot;
+        - Hong Kong
+    - &quot;asia-northeast1&quot;
+        - Tokyo
+    - &quot;asia-northeast2&quot;
+        - Osaka
+    - &quot;asia-northeast3&quot;
+        - Seoul
+    - &quot;asia-south1&quot;
+        - Mumbai
+    - &quot;asia-south2&quot;
+        - Delhi
+    - &quot;asia-southeast1&quot;
+        - Singapore
+    - &quot;asia-southeast2&quot;
+        - Jakarta
+    - &quot;australia-southeast1&quot;
+        - Sydney
+    - &quot;australia-southeast2&quot;
+        - Melbourne
+    - &quot;europe-north1&quot;
+        - Finland
+    - &quot;europe-west1&quot;
+        - Belgium
+    - &quot;europe-west2&quot;
+        - London
+    - &quot;europe-west3&quot;
+        - Frankfurt
+    - &quot;europe-west4&quot;
+        - Netherlands
+    - &quot;europe-west6&quot;
+        - Zürich
+    - &quot;europe-central2&quot;
+        - Warsaw
+    - &quot;us-central1&quot;
+        - Iowa
+    - &quot;us-east1&quot;
+        - South Carolina
+    - &quot;us-east4&quot;
+        - Northern Virginia
+    - &quot;us-west1&quot;
+        - Oregon
+    - &quot;us-west2&quot;
+        - California
+    - &quot;us-west3&quot;
+        - Salt Lake City
+    - &quot;us-west4&quot;
+        - Las Vegas
+    - &quot;northamerica-northeast1&quot;
+        - Montréal
+    - &quot;northamerica-northeast2&quot;
+        - Toronto
+    - &quot;southamerica-east1&quot;
+        - São Paulo
+    - &quot;southamerica-west1&quot;
+        - Santiago
+    - &quot;asia1&quot;
+        - Dual region: asia-northeast1 and asia-northeast2.
+    - &quot;eur4&quot;
+        - Dual region: europe-north1 and europe-west4.
+    - &quot;nam4&quot;
+        - Dual region: us-central1 and us-east1.
+
+#### --gcs-storage-class
+
+The storage class to use when storing objects in Google Cloud Storage.
+
+Properties:
+
+- Config:      storage_class
+- Env Var:     RCLONE_GCS_STORAGE_CLASS
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - Default
+    - &quot;MULTI_REGIONAL&quot;
+        - Multi-regional storage class
+    - &quot;REGIONAL&quot;
+        - Regional storage class
+    - &quot;NEARLINE&quot;
+        - Nearline storage class
+    - &quot;COLDLINE&quot;
+        - Coldline storage class
+    - &quot;ARCHIVE&quot;
+        - Archive storage class
+    - &quot;DURABLE_REDUCED_AVAILABILITY&quot;
+        - Durable reduced availability storage class
+
+#### --gcs-env-auth
+
+Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars).
+
+Only applies if service_account_file and service_account_credentials is blank.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_GCS_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - &quot;false&quot;
+        - Enter credentials in the next step.
+    - &quot;true&quot;
+        - Get GCP IAM credentials from the environment (env vars or IAM).
+
+### Advanced options
+
+Here are the Advanced options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
+
+#### --gcs-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_GCS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --gcs-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_GCS_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --gcs-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_GCS_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --gcs-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with &quot;/&quot;, to persist the folder.
+
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_GCS_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
+#### --gcs-no-check-bucket
+
+If set, don&#39;t attempt to check the bucket exists or create it.
+
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
+
+
+Properties:
+
+- Config:      no_check_bucket
+- Env Var:     RCLONE_GCS_NO_CHECK_BUCKET
+- Type:        bool
+- Default:     false
+
+#### --gcs-decompress
+
+If set this will decompress gzip encoded objects.
+
+It is possible to upload objects to GCS with &quot;Content-Encoding: gzip&quot;
+set. Normally rclone will download these files as compressed objects.
+
+If this flag is set then rclone will decompress these files with
+&quot;Content-Encoding: gzip&quot; as they are received. This means that rclone
+can&#39;t check the size and hash but the file contents will be decompressed.
+
+
+Properties:
+
+- Config:      decompress
+- Env Var:     RCLONE_GCS_DECOMPRESS
+- Type:        bool
+- Default:     false
+
+#### --gcs-endpoint
+
+Endpoint for the service.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_GCS_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --gcs-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_GCS_ENCODING
+- Type:        Encoding
+- Default:     Slash,CrLf,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+`rclone about` is not supported by the Google Cloud Storage backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Google Drive
+
+Paths are specified as `drive:path`
+
+Drive paths may be as deep as required, e.g. `drive:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for drive involves getting a token from Google drive
+which you need to do in your browser.  `rclone config` walks you
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Google Drive  "drive" [snip] Storage&gt; drive Google Application Client Id - leave blank normally. client_id&gt; Google Application Client Secret - leave blank normally. client_secret&gt; Scope that rclone should use when requesting access from drive. Choose a number from below, or type in your own value 1 / Full access all files, excluding Application Data Folder.  "drive" 2 / Read-only access to file metadata and file contents.  "drive.readonly" / Access to files created by rclone only. 3 | These are visible in the drive website. | File authorization is revoked when the user deauthorizes the app.  "drive.file" / Allows read and write access to the Application Data folder. 4 | This is not visible in the drive website.  "drive.appfolder" / Allows read-only access to file metadata but 5 | does not allow any access to read or download file content.  "drive.metadata.readonly" scope&gt; 1 Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login. service_account_file&gt; Remote config Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y) Yes n) No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code Configure this as a Shared Drive (Team Drive)? y) Yes n) No y/n&gt; n -------------------- [remote] client_id = client_secret = scope = drive root_folder_id = service_account_file = token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2014-03-16T13:57:58.955387075Z"} -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Google if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and it
+may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
+You can then use it like this,
+
+List directories in top level of your drive
+
+    rclone lsd remote:
+
+List all the files in your drive
+
+    rclone ls remote:
+
+To copy a local directory to a drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Scopes
+
+Rclone allows you to select which scope you would like for rclone to
+use.  This changes what type of token is granted to rclone.  [The
+scopes are defined
+here](https://developers.google.com/drive/v3/web/about-auth).
+
+A comma-separated list is allowed e.g. `drive.readonly,drive.file`.
+
+The scope are
+
+#### drive
+
+This is the default scope and allows full access to all files, except
+for the Application Data Folder (see below).
+
+Choose this one if you aren&#39;t sure.
+
+#### drive.readonly
+
+This allows read only access to all files.  Files may be listed and
+downloaded but not uploaded, renamed or deleted.
+
+#### drive.file
+
+With this scope rclone can read/view/modify only those files and
+folders it creates.
+
+So if you uploaded files to drive via the web interface (or any other
+means) they will not be visible to rclone.
+
+This can be useful if you are using rclone to backup data and you want
+to be sure confidential data on your drive is not visible to rclone.
+
+Files created with this scope are visible in the web interface.
+
+#### drive.appfolder
+
+This gives rclone its own private area to store files.  Rclone will
+not be able to see any other files on your drive and you won&#39;t be able
+to see rclone&#39;s files from the web interface either.
+
+#### drive.metadata.readonly
+
+This allows read only access to file names only.  It does not allow
+rclone to download or upload data, or rename or delete files or
+directories.
+
+### Root folder ID
+
+This option has been moved to the advanced section. You can set the `root_folder_id` for rclone.  This is the directory
+(identified by its `Folder ID`) that rclone considers to be the root
+of your drive.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
+However you can set this to restrict rclone to a specific folder
+hierarchy or to access data within the &quot;Computers&quot; tab on the drive
+web interface (where files from Google&#39;s Backup and Sync desktop
+program go).
+
+In order to do this you will have to find the `Folder ID` of the
+directory you wish rclone to display.  This will be the last segment
+of the URL when you open the relevant folder in the drive web
+interface.
+
+So if the folder you want rclone to use has a URL which looks like
+`https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh`
+in the browser, then you use `1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh` as
+the `root_folder_id` in the config.
+
+**NB** folders under the &quot;Computers&quot; tab seem to be read only (drive
+gives a 500 error) when using rclone.
+
+There doesn&#39;t appear to be an API to discover the folder IDs of the
+&quot;Computers&quot; tab - please contact us if you know otherwise!
+
+Note also that rclone can&#39;t access any data under the &quot;Backups&quot; tab on
+the google drive web interface yet.
+
+### Service Account support
+
+You can set up rclone with Google Drive in an unattended mode,
+i.e. not tied to a specific end-user Google account. This is useful
+when you want to synchronise files onto machines that don&#39;t have
+actively logged-in users, for example build machines.
+
+To use a Service Account instead of OAuth2 token flow, enter the path
+to your Service Account credentials at the `service_account_file`
+prompt during `rclone config` and rclone won&#39;t use the browser based
+authentication flow. If you&#39;d rather stuff the contents of the
+credentials file into the rclone config file, you can set
+`service_account_credentials` with the actual contents of the file
+instead, or set the equivalent environment variable.
+
+#### Use case - Google Apps/G-suite account and individual Drive
+
+Let&#39;s say that you are the administrator of a Google Apps (old) or
+G-suite account.
+The goal is to store data on an individual&#39;s Drive account, who IS
+a member of the domain.
+We&#39;ll call the domain **example.com**, and the user
+**foo@example.com**.
+
+There&#39;s a few steps we need to go through to accomplish this:
+
+##### 1. Create a service account for example.com
+  - To create a service account and obtain its credentials, go to the
+[Google Developer Console](https://console.developers.google.com).
+  - You must have a project - create one if you don&#39;t.
+  - Then go to &quot;IAM &amp; admin&quot; -&gt; &quot;Service Accounts&quot;.
+  - Use the &quot;Create Service Account&quot; button. Fill in &quot;Service account name&quot;
+and &quot;Service account ID&quot; with something that identifies your client.
+  - Select &quot;Create And Continue&quot;. Step 2 and 3 are optional.
+  - These credentials are what rclone will use for authentication.
+If you ever need to remove access, press the &quot;Delete service
+account key&quot; button.
+
+##### 2. Allowing API access to example.com Google Drive
+  - Go to example.com&#39;s admin console
+  - Go into &quot;Security&quot; (or use the search bar)
+  - Select &quot;Show more&quot; and then &quot;Advanced settings&quot;
+  - Select &quot;Manage API client access&quot; in the &quot;Authentication&quot; section
+  - In the &quot;Client Name&quot; field enter the service account&#39;s
+&quot;Client ID&quot; - this can be found in the Developer Console under
+&quot;IAM &amp; Admin&quot; -&gt; &quot;Service Accounts&quot;, then &quot;View Client ID&quot; for
+the newly created service account.
+It is a ~21 character numerical string.
+  - In the next field, &quot;One or More API Scopes&quot;, enter
+`https://www.googleapis.com/auth/drive`
+to grant access to Google Drive specifically.
+
+##### 3. Configure rclone, assuming a new install
+</code></pre>
+<p>rclone config</p>
+<p>n/s/q&gt; n # New name&gt;gdrive # Gdrive is an example name Storage&gt; # Select the number shown for Google Drive client_id&gt; # Can be left blank client_secret&gt; # Can be left blank scope&gt; # Select your scope, 1 for example root_folder_id&gt; # Can be left blank service_account_file&gt; /home/foo/myJSONfile.json # This is where the JSON file goes! y/n&gt; # Auto config, n</p>
+<pre><code>
+##### 4. Verify that it&#39;s working
+  - `rclone -v --drive-impersonate foo@example.com lsf gdrive:backup`
+  - The arguments do:
+    - `-v` - verbose logging
+    - `--drive-impersonate foo@example.com` - this is what does
+the magic, pretending to be user foo.
+    - `lsf` - list files in a parsing friendly way
+    - `gdrive:backup` - use the remote called gdrive, work in
+the folder named backup.
+
+Note: in case you configured a specific root folder on gdrive and rclone is unable to access the contents of that folder when using `--drive-impersonate`, do this instead:
+  - in the gdrive web interface, share your root folder with the user/email of the new Service Account you created/selected at step #1
+  - use rclone without specifying the `--drive-impersonate` option, like this:
+        `rclone -v lsf gdrive:backup`
+
+
+### Shared drives (team drives)
+
+If you want to configure the remote to point to a Google Shared Drive
+(previously known as Team Drives) then answer `y` to the question
+`Configure this as a Shared Drive (Team Drive)?`.
+
+This will fetch the list of Shared Drives from google and allow you to
+configure which one you want to use. You can also type in a Shared
+Drive ID if you prefer.
+
+For example:
+</code></pre>
+<p>Configure this as a Shared Drive (Team Drive)? y) Yes n) No y/n&gt; y Fetching Shared Drive list... Choose a number from below, or type in your own value 1 / Rclone Test  "xxxxxxxxxxxxxxxxxxxx" 2 / Rclone Test 2  "yyyyyyyyyyyyyyyyyyyy" 3 / Rclone Test 3  "zzzzzzzzzzzzzzzzzzzz" Enter a Shared Drive ID&gt; 1 -------------------- [remote] client_id = client_secret = token = {"AccessToken":"xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx","Expiry":"2014-03-16T13:57:58.955387075Z","Extra":null} team_drive = xxxxxxxxxxxxxxxxxxxx -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+It does this by combining multiple `list` calls into a single API request.
+
+This works by combining many `&#39;%s&#39; in parents` filters into one expression.
+To list the contents of directories a, b and c, the following requests will be send by the regular `List` function:</code></pre>
+<p>trashed=false and 'a' in parents trashed=false and 'b' in parents trashed=false and 'c' in parents</p>
+<pre><code>These can now be combined into a single request:</code></pre>
+<p>trashed=false and ('a' in parents or 'b' in parents or 'c' in parents)</p>
+<pre><code>
+The implementation of `ListR` will put up to 50 `parents` filters into one request.
+It will  use the `--checkers` value to specify the number of requests to run in parallel.
+
+In tests, these batch requests were up to 20x faster than the regular method.
+Running the following command against different sized folders gives:</code></pre>
+<p>rclone lsjson -vv -R --checkers=6 gdrive:folder</p>
+<pre><code>
+small folder (220 directories, 700 files):
+
+- without `--fast-list`: 38s
+- with `--fast-list`: 10s
+
+large folder (10600 directories, 39000 files):
+
+- without `--fast-list`: 22:05 min
+- with `--fast-list`: 58s
+
+### Modification times and hashes
+
+Google drive stores modification times accurate to 1 ms.
+
+Hash algorithms MD5, SHA1 and SHA256 are supported. Note, however,
+that a small fraction of files uploaded may not have SHA1 or SHA256
+hashes especially if they were uploaded before 2018.
+
+### Restricted filename characters
+
+Only Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+In contrast to other backends, `/` can also be used in names and `.`
+or `..` are valid names.
+
+### Revisions
+
+Google drive stores revisions of files.  When you upload a change to
+an existing file to google drive using rclone it will create a new
+revision of that file.
+
+Revisions follow the standard google policy which at time of writing
+was
+
+  * They are deleted after 30 days or 100 revisions (whatever comes first).
+  * They do not count towards a user storage quota.
+
+### Deleting files
+
+By default rclone will send all files to the trash when deleting
+files.  If deleting them permanently is required then use the
+`--drive-use-trash=false` flag, or set the equivalent environment
+variable.
+
+### Shortcuts
+
+In March 2020 Google introduced a new feature in Google Drive called
+[drive shortcuts](https://support.google.com/drive/answer/9700156)
+([API](https://developers.google.com/drive/api/v3/shortcuts)). These
+will (by September 2020) [replace the ability for files or folders to
+be in multiple folders at once](https://cloud.google.com/blog/products/g-suite/simplifying-google-drives-folder-structure-and-sharing-models).
+
+Shortcuts are files that link to other files on Google Drive somewhat
+like a symlink in unix, except they point to the underlying file data
+(e.g. the inode in unix terms) so they don&#39;t break if the source is
+renamed or moved about.
+
+By default rclone treats these as follows.
+
+For shortcuts pointing to files:
+
+- When listing a file shortcut appears as the destination file.
+- When downloading the contents of the destination file is downloaded.
+- When updating shortcut file with a non shortcut file, the shortcut is removed then a new file is uploaded in place of the shortcut.
+- When server-side moving (renaming) the shortcut is renamed, not the destination file.
+- When server-side copying the shortcut is copied, not the contents of the shortcut. (unless `--drive-copy-shortcut-content` is in use in which case the contents of the shortcut gets copied).
+- When deleting the shortcut is deleted not the linked file.
+- When setting the modification time, the modification time of the linked file will be set.
+
+For shortcuts pointing to folders:
+
+- When listing the shortcut appears as a folder and that folder will contain the contents of the linked folder appear (including any sub folders)
+- When downloading the contents of the linked folder and sub contents are downloaded
+- When uploading to a shortcut folder the file will be placed in the linked folder
+- When server-side moving (renaming) the shortcut is renamed, not the destination folder
+- When server-side copying the contents of the linked folder is copied, not the shortcut.
+- When deleting with `rclone rmdir` or `rclone purge` the shortcut is deleted not the linked folder.
+- **NB** When deleting with `rclone remove` or `rclone mount` the contents of the linked folder will be deleted.
+
+The [rclone backend](https://rclone.org/commands/rclone_backend/) command can be used to create shortcuts.  
+
+Shortcuts can be completely ignored with the `--drive-skip-shortcuts` flag
+or the corresponding `skip_shortcuts` configuration setting.
+
+### Emptying trash
+
+If you wish to empty your trash you can use the `rclone cleanup remote:`
+command which will permanently delete all your trashed files. This command
+does not take any path arguments.
+
+Note that Google Drive takes some time (minutes to days) to empty the
+trash even though the command returns within a few seconds.  No output
+is echoed, so there will be no confirmation even using -v or -vv.
+
+### Quota information
+
+To view your current quota you can use the `rclone about remote:`
+command which will display your usage limit (quota), the usage in Google
+Drive, the size of all files in the Trash and the space used by other
+Google services such as Gmail. This command does not take any path
+arguments.
+
+#### Import/Export of google documents
+
+Google documents can be exported from and uploaded to Google Drive.
+
+When rclone downloads a Google doc it chooses a format to download
+depending upon the `--drive-export-formats` setting.
+By default the export formats are `docx,xlsx,pptx,svg` which are a
+sensible default for an editable document.
+
+When choosing a format, rclone runs down the list provided in order
+and chooses the first file format the doc can be exported as from the
+list. If the file can&#39;t be exported to a format on the formats list,
+then rclone will choose a format from the default list.
+
+If you prefer an archive copy then you might use `--drive-export-formats
+pdf`, or if you prefer openoffice/libreoffice formats you might use
+`--drive-export-formats ods,odt,odp`.
+
+Note that rclone adds the extension to the google doc, so if it is
+called `My Spreadsheet` on google docs, it will be exported as `My
+Spreadsheet.xlsx` or `My Spreadsheet.pdf` etc.
+
+When importing files into Google Drive, rclone will convert all
+files with an extension in `--drive-import-formats` to their
+associated document type.
+rclone will not convert any files by default, since the conversion
+is lossy process.
+
+The conversion must result in a file with the same extension when
+the `--drive-export-formats` rules are applied to the uploaded document.
+
+Here are some examples for allowed and prohibited conversions.
+
+| export-formats | import-formats | Upload Ext | Document Ext | Allowed |
+| -------------- | -------------- | ---------- | ------------ | ------- |
+| odt | odt | odt | odt | Yes |
+| odt | docx,odt | odt | odt | Yes |
+|  | docx | docx | docx | Yes |
+|  | odt | odt | docx | No |
+| odt,docx | docx,odt | docx | odt | No |
+| docx,odt | docx,odt | docx | docx | Yes |
+| docx,odt | docx,odt | odt | docx | No |
+
+This limitation can be disabled by specifying `--drive-allow-import-name-change`.
+When using this flag, rclone can convert multiple files types resulting
+in the same document type at once, e.g. with `--drive-import-formats docx,odt,txt`,
+all files having these extension would result in a document represented as a docx file.
+This brings the additional risk of overwriting a document, if multiple files
+have the same stem. Many rclone operations will not handle this name change
+in any way. They assume an equal name when copying files and might copy the
+file again or delete them when the name changes. 
+
+Here are the possible export extensions with their corresponding mime types.
+Most of these can also be used for importing, but there more that are not
+listed here. Some of these additional ones might only be available when
+the operating system provides the correct MIME type entries.
+
+This list can be changed by Google Drive at any time and might not
+represent the currently available conversions.
+
+| Extension | Mime Type | Description |
+| --------- |-----------| ------------|
+| bmp  | image/bmp | Windows Bitmap format |
+| csv  | text/csv | Standard CSV format for Spreadsheets |
+| doc  | application/msword | Classic Word file |
+| docx | application/vnd.openxmlformats-officedocument.wordprocessingml.document | Microsoft Office Document |
+| epub | application/epub+zip | E-book format |
+| html | text/html | An HTML Document |
+| jpg  | image/jpeg | A JPEG Image File |
+| json | application/vnd.google-apps.script+json | JSON Text Format for Google Apps scripts |
+| odp  | application/vnd.oasis.opendocument.presentation | Openoffice Presentation |
+| ods  | application/vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+| ods  | application/x-vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+| odt  | application/vnd.oasis.opendocument.text | Openoffice Document |
+| pdf  | application/pdf | Adobe PDF Format |
+| pjpeg | image/pjpeg | Progressive JPEG Image |
+| png  | image/png | PNG Image Format|
+| pptx | application/vnd.openxmlformats-officedocument.presentationml.presentation | Microsoft Office Powerpoint |
+| rtf  | application/rtf | Rich Text Format |
+| svg  | image/svg+xml | Scalable Vector Graphics Format |
+| tsv  | text/tab-separated-values | Standard TSV format for spreadsheets |
+| txt  | text/plain | Plain Text |
+| wmf  | application/x-msmetafile | Windows Meta File |
+| xls  | application/vnd.ms-excel | Classic Excel file |
+| xlsx | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | Microsoft Office Spreadsheet |
+| zip  | application/zip | A ZIP file of HTML, Images CSS |
+
+Google documents can also be exported as link files. These files will
+open a browser window for the Google Docs website of that document
+when opened. The link file extension has to be specified as a
+`--drive-export-formats` parameter. They will match all available
+Google Documents.
+
+| Extension | Description | OS Support |
+| --------- | ----------- | ---------- |
+| desktop | freedesktop.org specified desktop entry | Linux |
+| link.html | An HTML Document with a redirect | All |
+| url | INI style link file | macOS, Windows |
+| webloc | macOS specific XML format | macOS |
+
+
+### Standard options
+
+Here are the Standard options specific to drive (Google Drive).
+
+#### --drive-client-id
+
+Google Application Client Id
+Setting your own is recommended.
+See https://rclone.org/drive/#making-your-own-client-id for how to create your own.
+If you leave this blank, it will use an internal key which is low performance.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_DRIVE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --drive-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_DRIVE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --drive-scope
+
+Comma separated list of scopes that rclone should use when requesting access from drive.
+
+Properties:
+
+- Config:      scope
+- Env Var:     RCLONE_DRIVE_SCOPE
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;drive&quot;
+        - Full access all files, excluding Application Data Folder.
+    - &quot;drive.readonly&quot;
+        - Read-only access to file metadata and file contents.
+    - &quot;drive.file&quot;
+        - Access to files created by rclone only.
+        - These are visible in the drive website.
+        - File authorization is revoked when the user deauthorizes the app.
+    - &quot;drive.appfolder&quot;
+        - Allows read and write access to the Application Data folder.
+        - This is not visible in the drive website.
+    - &quot;drive.metadata.readonly&quot;
+        - Allows read-only access to file metadata but
+        - does not allow any access to read or download file content.
+
+#### --drive-service-account-file
+
+Service Account Credentials JSON file path.
+
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
+
+Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
+
+Properties:
+
+- Config:      service_account_file
+- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_FILE
+- Type:        string
+- Required:    false
+
+#### --drive-alternate-export
+
+Deprecated: No longer needed.
+
+Properties:
+
+- Config:      alternate_export
+- Env Var:     RCLONE_DRIVE_ALTERNATE_EXPORT
+- Type:        bool
+- Default:     false
+
+### Advanced options
+
+Here are the Advanced options specific to drive (Google Drive).
+
+#### --drive-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_DRIVE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --drive-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_DRIVE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --drive-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_DRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --drive-root-folder-id
+
+ID of the root folder.
+Leave blank normally.
+
+Fill in to access &quot;Computers&quot; folders (see docs), or for rclone to use
+a non root folder as its starting point.
+
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_DRIVE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --drive-service-account-credentials
+
+Service Account Credentials JSON blob.
+
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
+
+Properties:
+
+- Config:      service_account_credentials
+- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS
+- Type:        string
+- Required:    false
+
+#### --drive-team-drive
+
+ID of the Shared Drive (Team Drive).
+
+Properties:
+
+- Config:      team_drive
+- Env Var:     RCLONE_DRIVE_TEAM_DRIVE
+- Type:        string
+- Required:    false
+
+#### --drive-auth-owner-only
+
+Only consider files owned by the authenticated user.
+
+Properties:
+
+- Config:      auth_owner_only
+- Env Var:     RCLONE_DRIVE_AUTH_OWNER_ONLY
+- Type:        bool
+- Default:     false
+
+#### --drive-use-trash
+
+Send files to the trash instead of deleting permanently.
+
+Defaults to true, namely sending files to the trash.
+Use `--drive-use-trash=false` to delete files permanently instead.
+
+Properties:
+
+- Config:      use_trash
+- Env Var:     RCLONE_DRIVE_USE_TRASH
+- Type:        bool
+- Default:     true
+
+#### --drive-copy-shortcut-content
+
+Server side copy contents of shortcuts instead of the shortcut.
+
+When doing server side copies, normally rclone will copy shortcuts as
+shortcuts.
+
+If this flag is used then rclone will copy the contents of shortcuts
+rather than shortcuts themselves when doing server side copies.
+
+Properties:
+
+- Config:      copy_shortcut_content
+- Env Var:     RCLONE_DRIVE_COPY_SHORTCUT_CONTENT
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-gdocs
+
+Skip google documents in all listings.
+
+If given, gdocs practically become invisible to rclone.
+
+Properties:
+
+- Config:      skip_gdocs
+- Env Var:     RCLONE_DRIVE_SKIP_GDOCS
+- Type:        bool
+- Default:     false
+
+#### --drive-show-all-gdocs
+
+Show all Google Docs including non-exportable ones in listings.
+
+If you try a server side copy on a Google Form without this flag, you
+will get this error:
+
+    No export formats found for &quot;application/vnd.google-apps.form&quot;
+
+However adding this flag will allow the form to be server side copied.
+
+Note that rclone doesn&#39;t add extensions to the Google Docs file names
+in this mode.
+
+Do **not** use this flag when trying to download Google Docs - rclone
+will fail to download them.
+
+
+Properties:
+
+- Config:      show_all_gdocs
+- Env Var:     RCLONE_DRIVE_SHOW_ALL_GDOCS
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-checksum-gphotos
+
+Skip checksums on Google photos and videos only.
+
+Use this if you get checksum errors when transferring Google photos or
+videos.
+
+Setting this flag will cause Google photos and videos to return a
+blank checksums.
+
+Google photos are identified by being in the &quot;photos&quot; space.
+
+Corrupted checksums are caused by Google modifying the image/video but
+not updating the checksum.
+
+Properties:
+
+- Config:      skip_checksum_gphotos
+- Env Var:     RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS
+- Type:        bool
+- Default:     false
+
+#### --drive-shared-with-me
+
+Only show files that are shared with me.
+
+Instructs rclone to operate on your &quot;Shared with me&quot; folder (where
+Google Drive lets you access the files and folders others have shared
+with you).
+
+This works both with the &quot;list&quot; (lsd, lsl, etc.) and the &quot;copy&quot;
+commands (copy, sync, etc.), and with all other commands too.
+
+Properties:
+
+- Config:      shared_with_me
+- Env Var:     RCLONE_DRIVE_SHARED_WITH_ME
+- Type:        bool
+- Default:     false
+
+#### --drive-trashed-only
+
+Only show files that are in the trash.
+
+This will show trashed files in their original directory structure.
+
+Properties:
+
+- Config:      trashed_only
+- Env Var:     RCLONE_DRIVE_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --drive-starred-only
+
+Only show files that are starred.
+
+Properties:
+
+- Config:      starred_only
+- Env Var:     RCLONE_DRIVE_STARRED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --drive-formats
+
+Deprecated: See export_formats.
+
+Properties:
+
+- Config:      formats
+- Env Var:     RCLONE_DRIVE_FORMATS
+- Type:        string
+- Required:    false
+
+#### --drive-export-formats
+
+Comma separated list of preferred formats for downloading Google docs.
+
+Properties:
+
+- Config:      export_formats
+- Env Var:     RCLONE_DRIVE_EXPORT_FORMATS
+- Type:        string
+- Default:     &quot;docx,xlsx,pptx,svg&quot;
+
+#### --drive-import-formats
+
+Comma separated list of preferred formats for uploading Google docs.
+
+Properties:
+
+- Config:      import_formats
+- Env Var:     RCLONE_DRIVE_IMPORT_FORMATS
+- Type:        string
+- Required:    false
+
+#### --drive-allow-import-name-change
+
+Allow the filetype to change when uploading Google docs.
+
+E.g. file.doc to file.docx. This will confuse sync and reupload every time.
+
+Properties:
+
+- Config:      allow_import_name_change
+- Env Var:     RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE
+- Type:        bool
+- Default:     false
+
+#### --drive-use-created-date
+
+Use file created date instead of modified date.
+
+Useful when downloading data and you want the creation date used in
+place of the last modified date.
+
+**WARNING**: This flag may have some unexpected consequences.
+
+When uploading to your drive all files will be overwritten unless they
+haven&#39;t been modified since their creation. And the inverse will occur
+while downloading.  This side effect can be avoided by using the
+&quot;--checksum&quot; flag.
+
+This feature was implemented to retain photos capture date as recorded
+by google photos. You will first need to check the &quot;Create a Google
+Photos folder&quot; option in your google drive settings. You can then copy
+or move the photos locally and use the date the image was taken
+(created) set as the modification date.
+
+Properties:
+
+- Config:      use_created_date
+- Env Var:     RCLONE_DRIVE_USE_CREATED_DATE
+- Type:        bool
+- Default:     false
+
+#### --drive-use-shared-date
+
+Use date file was shared instead of modified date.
+
+Note that, as with &quot;--drive-use-created-date&quot;, this flag may have
+unexpected consequences when uploading/downloading files.
+
+If both this flag and &quot;--drive-use-created-date&quot; are set, the created
+date is used.
+
+Properties:
+
+- Config:      use_shared_date
+- Env Var:     RCLONE_DRIVE_USE_SHARED_DATE
+- Type:        bool
+- Default:     false
+
+#### --drive-list-chunk
+
+Size of listing chunk 100-1000, 0 to disable.
+
+Properties:
+
+- Config:      list_chunk
+- Env Var:     RCLONE_DRIVE_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --drive-impersonate
+
+Impersonate this user when using a service account.
+
+Properties:
+
+- Config:      impersonate
+- Env Var:     RCLONE_DRIVE_IMPERSONATE
+- Type:        string
+- Required:    false
+
+#### --drive-upload-cutoff
+
+Cutoff for switching to chunked upload.
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_DRIVE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     8Mi
+
+#### --drive-chunk-size
+
+Upload chunk size.
+
+Must a power of 2 &gt;= 256k.
+
+Making this larger will improve performance, but note that each chunk
+is buffered in memory one per transfer.
+
+Reducing this will reduce memory usage but decrease performance.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_DRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     8Mi
+
+#### --drive-acknowledge-abuse
+
+Set to allow files which return cannotDownloadAbusiveFile to be downloaded.
+
+If downloading a file returns the error &quot;This file has been identified
+as malware or spam and cannot be downloaded&quot; with the error code
+&quot;cannotDownloadAbusiveFile&quot; then supply this flag to rclone to
+indicate you acknowledge the risks of downloading the file and rclone
+will download it anyway.
+
+Note that if you are using service account it will need Manager
+permission (not Content Manager) to for this flag to work. If the SA
+does not have the right permission, Google will just ignore the flag.
+
+Properties:
+
+- Config:      acknowledge_abuse
+- Env Var:     RCLONE_DRIVE_ACKNOWLEDGE_ABUSE
+- Type:        bool
+- Default:     false
+
+#### --drive-keep-revision-forever
+
+Keep new head revision of each file forever.
+
+Properties:
+
+- Config:      keep_revision_forever
+- Env Var:     RCLONE_DRIVE_KEEP_REVISION_FOREVER
+- Type:        bool
+- Default:     false
+
+#### --drive-size-as-quota
+
+Show sizes as storage quota usage, not actual size.
+
+Show the size of a file as the storage quota used. This is the
+current version plus any older versions that have been set to keep
+forever.
+
+**WARNING**: This flag may have some unexpected consequences.
+
+It is not recommended to set this flag in your config - the
+recommended usage is using the flag form --drive-size-as-quota when
+doing rclone ls/lsl/lsf/lsjson/etc only.
+
+If you do use this flag for syncing (not recommended) then you will
+need to use --ignore size also.
+
+Properties:
+
+- Config:      size_as_quota
+- Env Var:     RCLONE_DRIVE_SIZE_AS_QUOTA
+- Type:        bool
+- Default:     false
+
+#### --drive-v2-download-min-size
+
+If Object&#39;s are greater, use drive v2 API to download.
+
+Properties:
+
+- Config:      v2_download_min_size
+- Env Var:     RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE
+- Type:        SizeSuffix
+- Default:     off
+
+#### --drive-pacer-min-sleep
+
+Minimum time to sleep between API calls.
+
+Properties:
+
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_DRIVE_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     100ms
+
+#### --drive-pacer-burst
+
+Number of API calls to allow without sleeping.
+
+Properties:
+
+- Config:      pacer_burst
+- Env Var:     RCLONE_DRIVE_PACER_BURST
+- Type:        int
+- Default:     100
+
+#### --drive-server-side-across-configs
+
+Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different drive configs.
+
+This can be useful if you wish to do a server-side copy between two
+different Google drives.  Note that this isn&#39;t enabled by default
+because it isn&#39;t easy to tell if it will work between any two
+configurations.
+
+Properties:
+
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
+
+#### --drive-disable-http2
+
+Disable drive using http2.
+
+There is currently an unsolved issue with the google drive backend and
+HTTP/2.  HTTP/2 is therefore disabled by default for the drive backend
+but can be re-enabled here.  When the issue is solved this flag will
+be removed.
+
+See: https://github.com/rclone/rclone/issues/3631
+
+
+
+Properties:
+
+- Config:      disable_http2
+- Env Var:     RCLONE_DRIVE_DISABLE_HTTP2
+- Type:        bool
+- Default:     true
+
+#### --drive-stop-on-upload-limit
+
+Make upload limit errors be fatal.
+
+At the time of writing it is only possible to upload 750 GiB of data to
+Google Drive a day (this is an undocumented limit). When this limit is
+reached Google Drive produces a slightly different error message. When
+this flag is set it causes these errors to be fatal.  These will stop
+the in-progress sync.
+
+Note that this detection is relying on error message strings which
+Google don&#39;t document so it may break in the future.
+
+See: https://github.com/rclone/rclone/issues/3857
+
+
+Properties:
+
+- Config:      stop_on_upload_limit
+- Env Var:     RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT
+- Type:        bool
+- Default:     false
+
+#### --drive-stop-on-download-limit
+
+Make download limit errors be fatal.
+
+At the time of writing it is only possible to download 10 TiB of data from
+Google Drive a day (this is an undocumented limit). When this limit is
+reached Google Drive produces a slightly different error message. When
+this flag is set it causes these errors to be fatal.  These will stop
+the in-progress sync.
+
+Note that this detection is relying on error message strings which
+Google don&#39;t document so it may break in the future.
+
+
+Properties:
+
+- Config:      stop_on_download_limit
+- Env Var:     RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-shortcuts
+
+If set skip shortcut files.
+
+Normally rclone dereferences shortcut files making them appear as if
+they are the original file (see [the shortcuts section](#shortcuts)).
+If this flag is set then rclone will ignore shortcut files completely.
+
+
+Properties:
+
+- Config:      skip_shortcuts
+- Env Var:     RCLONE_DRIVE_SKIP_SHORTCUTS
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-dangling-shortcuts
+
+If set skip dangling shortcut files.
+
+If this is set then rclone will not show any dangling shortcuts in listings.
+
+
+Properties:
+
+- Config:      skip_dangling_shortcuts
+- Env Var:     RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS
+- Type:        bool
+- Default:     false
+
+#### --drive-resource-key
+
+Resource key for accessing a link-shared file.
+
+If you need to access files shared with a link like this
+
+    https://drive.google.com/drive/folders/XXX?resourcekey=YYY&amp;usp=sharing
+
+Then you will need to use the first part &quot;XXX&quot; as the &quot;root_folder_id&quot;
+and the second part &quot;YYY&quot; as the &quot;resource_key&quot; otherwise you will get
+404 not found errors when trying to access the directory.
+
+See: https://developers.google.com/drive/api/guides/resource-keys
+
+This resource key requirement only applies to a subset of old files.
+
+Note also that opening the folder once in the web interface (with the
+user you&#39;ve authenticated rclone with) seems to be enough so that the
+resource key is not needed.
+
+
+Properties:
+
+- Config:      resource_key
+- Env Var:     RCLONE_DRIVE_RESOURCE_KEY
+- Type:        string
+- Required:    false
+
+#### --drive-fast-list-bug-fix
+
+Work around a bug in Google Drive listing.
+
+Normally rclone will work around a bug in Google Drive when using
+--fast-list (ListR) where the search &quot;(A in parents) or (B in
+parents)&quot; returns nothing sometimes. See #3114, #4289 and
+https://issuetracker.google.com/issues/149522397
+
+Rclone detects this by finding no items in more than one directory
+when listing and retries them as lists of individual directories.
+
+This means that if you have a lot of empty directories rclone will end
+up listing them all individually and this can take many more API
+calls.
+
+This flag allows the work-around to be disabled. This is **not**
+recommended in normal use - only if you have a particular case you are
+having trouble with like many empty directories.
+
+
+Properties:
+
+- Config:      fast_list_bug_fix
+- Env Var:     RCLONE_DRIVE_FAST_LIST_BUG_FIX
+- Type:        bool
+- Default:     true
+
+#### --drive-metadata-owner
+
+Control whether owner should be read or written in metadata.
+
+Owner is a standard part of the file metadata so is easy to read. But it
+isn&#39;t always desirable to set the owner from the metadata.
+
+Note that you can&#39;t set the owner on Shared Drives, and that setting
+ownership will generate an email to the new owner (this can&#39;t be
+disabled), and you can&#39;t transfer ownership to someone outside your
+organization.
+
+
+Properties:
+
+- Config:      metadata_owner
+- Env Var:     RCLONE_DRIVE_METADATA_OWNER
+- Type:        Bits
+- Default:     read
+- Examples:
+    - &quot;off&quot;
+        - Do not read or write the value
+    - &quot;read&quot;
+        - Read the value only
+    - &quot;write&quot;
+        - Write the value only
+    - &quot;read,write&quot;
+        - Read and Write the value.
+
+#### --drive-metadata-permissions
+
+Control whether permissions should be read or written in metadata.
+
+Reading permissions metadata from files can be done quickly, but it
+isn&#39;t always desirable to set the permissions from the metadata.
+
+Note that rclone drops any inherited permissions on Shared Drives and
+any owner permission on My Drives as these are duplicated in the owner
+metadata.
+
+
+Properties:
+
+- Config:      metadata_permissions
+- Env Var:     RCLONE_DRIVE_METADATA_PERMISSIONS
+- Type:        Bits
+- Default:     off
+- Examples:
+    - &quot;off&quot;
+        - Do not read or write the value
+    - &quot;read&quot;
+        - Read the value only
+    - &quot;write&quot;
+        - Write the value only
+    - &quot;read,write&quot;
+        - Read and Write the value.
+
+#### --drive-metadata-labels
+
+Control whether labels should be read or written in metadata.
+
+Reading labels metadata from files takes an extra API transaction and
+will slow down listings. It isn&#39;t always desirable to set the labels
+from the metadata.
+
+The format of labels is documented in the drive API documentation at
+https://developers.google.com/drive/api/reference/rest/v3/Label -
+rclone just provides a JSON dump of this format.
+
+When setting labels, the label and fields must already exist - rclone
+will not create them. This means that if you are transferring labels
+from two different accounts you will have to create the labels in
+advance and use the metadata mapper to translate the IDs between the
+two accounts.
+
+
+Properties:
+
+- Config:      metadata_labels
+- Env Var:     RCLONE_DRIVE_METADATA_LABELS
+- Type:        Bits
+- Default:     off
+- Examples:
+    - &quot;off&quot;
+        - Do not read or write the value
+    - &quot;read&quot;
+        - Read the value only
+    - &quot;write&quot;
+        - Write the value only
+    - &quot;read,write&quot;
+        - Read and Write the value.
+
+#### --drive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_DRIVE_ENCODING
+- Type:        Encoding
+- Default:     InvalidUtf8
+
+#### --drive-env-auth
+
+Get IAM credentials from runtime (environment variables or instance meta data if no env vars).
+
+Only applies if service_account_file and service_account_credentials is blank.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_DRIVE_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - &quot;false&quot;
+        - Enter credentials in the next step.
+    - &quot;true&quot;
+        - Get GCP IAM credentials from the environment (env vars or IAM).
+
+### Metadata
+
+User metadata is stored in the properties field of the drive object.
+
+Here are the possible system metadata items for the drive backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation) with mS accuracy. Note that this is only writable on fresh uploads - it can&#39;t be written for updates. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| content-type | The MIME type of the file. | string | text/plain | N |
+| copy-requires-writer-permission | Whether the options to copy, print, or download this file, should be disabled for readers and commenters. | boolean | true | N |
+| description | A short description of the file. | string | Contract for signing | N |
+| folder-color-rgb | The color for a folder or a shortcut to a folder as an RGB hex string. | string | 881133 | N |
+| labels | Labels attached to this file in a JSON dump of Googled drive format. Enable with --drive-metadata-labels. | JSON | [] | N |
+| mtime | Time of last modification with mS accuracy. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| owner | The owner of the file. Usually an email address. Enable with --drive-metadata-owner. | string | user@example.com | N |
+| permissions | Permissions in a JSON dump of Google drive format. On shared drives these will only be present if they aren&#39;t inherited. Enable with --drive-metadata-permissions. | JSON | {} | N |
+| starred | Whether the user has starred the file. | boolean | false | N |
+| viewed-by-me | Whether the file has been viewed by this user. | boolean | true | **Y** |
+| writers-can-share | Whether users with only writer permission can modify the file&#39;s permissions. Not populated for items in shared drives. | boolean | false | N |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+## Backend commands
+
+Here are the commands specific to the drive backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### get
+
+Get command for fetching the drive config parameters
+
+    rclone backend get remote: [options] [&lt;arguments&gt;+]
+
+This is a get command which will be used to fetch the various drive config parameters
+
+Usage Examples:
+
+    rclone backend get drive: [-o service_account_file] [-o chunk_size]
+    rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
+
+
+Options:
+
+- &quot;chunk_size&quot;: show the current upload chunk size
+- &quot;service_account_file&quot;: show the current service account file
+
+### set
+
+Set command for updating the drive config parameters
+
+    rclone backend set remote: [options] [&lt;arguments&gt;+]
+
+This is a set command which will be used to update the various drive config parameters
+
+Usage Examples:
+
+    rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+    rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+
+
+Options:
+
+- &quot;chunk_size&quot;: update the current upload chunk size
+- &quot;service_account_file&quot;: update the current service account file
+
+### shortcut
+
+Create shortcuts from files or directories
+
+    rclone backend shortcut remote: [options] [&lt;arguments&gt;+]
+
+This command creates shortcuts from files or directories.
+
+Usage:
+
+    rclone backend shortcut drive: source_item destination_shortcut
+    rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
+
+In the first example this creates a shortcut from the &quot;source_item&quot;
+which can be a file or a directory to the &quot;destination_shortcut&quot;. The
+&quot;source_item&quot; and the &quot;destination_shortcut&quot; should be relative paths
+from &quot;drive:&quot;
+
+In the second example this creates a shortcut from the &quot;source_item&quot;
+relative to &quot;drive:&quot; to the &quot;destination_shortcut&quot; relative to
+&quot;drive2:&quot;. This may fail with a permission error if the user
+authenticated with &quot;drive2:&quot; can&#39;t read files from &quot;drive:&quot;.
+
+
+Options:
+
+- &quot;target&quot;: optional target remote for the shortcut destination
+
+### drives
+
+List the Shared Drives available to this account
+
+    rclone backend drives remote: [options] [&lt;arguments&gt;+]
+
+This command lists the Shared Drives (Team Drives) available to this
+account.
+
+Usage:
+
+    rclone backend [-o config] drives drive:
+
+This will return a JSON list of objects like this
+
+    [
+        {
+            &quot;id&quot;: &quot;0ABCDEF-01234567890&quot;,
+            &quot;kind&quot;: &quot;drive#teamDrive&quot;,
+            &quot;name&quot;: &quot;My Drive&quot;
+        },
+        {
+            &quot;id&quot;: &quot;0ABCDEFabcdefghijkl&quot;,
+            &quot;kind&quot;: &quot;drive#teamDrive&quot;,
+            &quot;name&quot;: &quot;Test Drive&quot;
+        }
+    ]
+
+With the -o config parameter it will output the list in a format
+suitable for adding to a config file to make aliases for all the
+drives found and a combined drive.
+
+    [My Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+
+    [Test Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+
+    [AllDrives]
+    type = combine
+    upstreams = &quot;My Drive=My Drive:&quot; &quot;Test Drive=Test Drive:&quot;
+
+Adding this to the rclone config file will cause those team drives to
+be accessible with the aliases shown. Any illegal characters will be
+substituted with &quot;_&quot; and duplicate names will have numbers suffixed.
+It will also add a remote called AllDrives which shows all the shared
+drives combined into one directory tree.
+
+
+### untrash
+
+Untrash files and directories
+
+    rclone backend untrash remote: [options] [&lt;arguments&gt;+]
+
+This command untrashes all the files and directories in the directory
+passed in recursively.
+
+Usage:
+
+This takes an optional directory to trash which make this easier to
+use via the API.
+
+    rclone backend untrash drive:directory
+    rclone backend --interactive untrash drive:directory subdir
+
+Use the --interactive/-i or --dry-run flag to see what would be restored before restoring it.
+
+Result:
+
+    {
+        &quot;Untrashed&quot;: 17,
+        &quot;Errors&quot;: 0
+    }
+
+
+### copyid
+
+Copy files by ID
+
+    rclone backend copyid remote: [options] [&lt;arguments&gt;+]
+
+This command copies files by ID
+
+Usage:
+
+    rclone backend copyid drive: ID path
+    rclone backend copyid drive: ID1 path1 ID2 path2
+
+It copies the drive file with ID given to the path (an rclone path which
+will be passed internally to rclone copyto). The ID and path pairs can be
+repeated.
+
+The path should end with a / to indicate copy the file as named to
+this directory. If it doesn&#39;t end with a / then the last path
+component will be used as the file name.
+
+If the destination is a drive backend then server-side copying will be
+attempted if possible.
+
+Use the --interactive/-i or --dry-run flag to see what would be copied before copying.
+
+
+### exportformats
+
+Dump the export formats for debug purposes
+
+    rclone backend exportformats remote: [options] [&lt;arguments&gt;+]
+
+### importformats
+
+Dump the import formats for debug purposes
+
+    rclone backend importformats remote: [options] [&lt;arguments&gt;+]
+
+
+
+## Limitations
+
+Drive has quite a lot of rate limiting.  This causes rclone to be
+limited to transferring about 2 files per second only.  Individual
+files may be transferred much faster at 100s of MiB/s but lots of
+small files can take a long time.
+
+Server side copies are also subject to a separate rate limit. If you
+see User rate limit exceeded errors, wait at least 24 hours and retry.
+You can disable server-side copies with `--disable copy` to download
+and upload the files if you prefer.
+
+### Limitations of Google Docs
+
+Google docs will appear as size -1 in `rclone ls`, `rclone ncdu` etc,
+and as size 0 in anything which uses the VFS layer, e.g. `rclone mount`
+and `rclone serve`. When calculating directory totals, e.g. in
+`rclone size` and `rclone ncdu`, they will be counted in as empty
+files.
+
+This is because rclone can&#39;t find out the size of the Google docs
+without downloading them.
+
+Google docs will transfer correctly with `rclone sync`, `rclone copy`
+etc as rclone knows to ignore the size when doing the transfer.
+
+However an unfortunate consequence of this is that you may not be able
+to download Google docs using `rclone mount`. If it doesn&#39;t work you
+will get a 0 sized file.  If you try again the doc may gain its
+correct size and be downloadable. Whether it will work on not depends
+on the application accessing the mount and the OS you are running -
+experiment to find out if it does work for you!
+
+### Duplicated files
+
+Sometimes, for no reason I&#39;ve been able to track down, drive will
+duplicate a file that rclone uploads.  Drive unlike all the other
+remotes can have duplicated files.
+
+Duplicated files cause problems with the syncing and you will see
+messages in the log about duplicates.
+
+Use `rclone dedupe` to fix duplicated files.
+
+Note that this isn&#39;t just a problem with rclone, even Google Photos on
+Android duplicates files on drive sometimes.
+
+### Rclone appears to be re-copying files it shouldn&#39;t
+
+The most likely cause of this is the duplicated file issue above - run
+`rclone dedupe` and check your logs for duplicate object or directory
+messages.
+
+This can also be caused by a delay/caching on google drive&#39;s end when
+comparing directory listings. Specifically with team drives used in
+combination with --fast-list. Files that were uploaded recently may
+not appear on the directory list sent to rclone when using --fast-list.
+
+Waiting a moderate period of time between attempts (estimated to be
+approximately 1 hour) and/or not using --fast-list both seem to be
+effective in preventing the problem.
+
+### SHA1 or SHA256 hashes may be missing
+
+All files have MD5 hashes, but a small fraction of files uploaded may
+not have SHA1 or SHA256 hashes especially if they were uploaded before 2018.
+
+## Making your own client_id
+
+When you use rclone with Google drive in its default configuration you
+are using rclone&#39;s client_id.  This is shared between all the rclone
+users.  There is a global rate limit on the number of queries per
+second that each client_id can do set by Google.  rclone already has a
+high quota and I will continue to make sure it is high enough by
+contacting Google.
+
+It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.
+
+Here is how to create your own Google Drive client ID for rclone:
+
+1. Log into the [Google API
+Console](https://console.developers.google.com/) with your Google
+account. It doesn&#39;t matter what Google account you use. (It need not
+be the same account as the Google Drive you want to access)
+
+2. Select a project or create a new project.
+
+3. Under &quot;ENABLE APIS AND SERVICES&quot; search for &quot;Drive&quot;, and enable the
+&quot;Google Drive API&quot;.
+
+4. Click &quot;Credentials&quot; in the left-side panel (not &quot;Create
+credentials&quot;, which opens the wizard).
+
+5. If you already configured an &quot;Oauth Consent Screen&quot;, then skip
+to the next step; if not, click on &quot;CONFIGURE CONSENT SCREEN&quot; button 
+(near the top right corner of the right panel), then select &quot;External&quot;
+and click on &quot;CREATE&quot;; on the next screen, enter an &quot;Application name&quot;
+(&quot;rclone&quot; is OK); enter &quot;User Support Email&quot; (your own email is OK); 
+enter &quot;Developer Contact Email&quot; (your own email is OK); then click on
+&quot;Save&quot; (all other data is optional). You will also have to add some scopes,
+including `.../auth/docs` and `.../auth/drive` in order to be able to edit,
+create and delete files with RClone. You may also want to include the
+`../auth/drive.metadata.readonly` scope. After adding scopes, click
+&quot;Save and continue&quot; to add test users. Be sure to add your own account to
+the test users. Once you&#39;ve added yourself as a test user and saved the
+changes, click again on &quot;Credentials&quot; on the left panel to go back to
+the &quot;Credentials&quot; screen.
+
+   (PS: if you are a GSuite user, you could also select &quot;Internal&quot; instead
+of &quot;External&quot; above, but this will restrict API use to Google Workspace 
+users in your organisation). 
+
+6.  Click on the &quot;+ CREATE CREDENTIALS&quot; button at the top of the screen,
+then select &quot;OAuth client ID&quot;.
+
+7. Choose an application type of &quot;Desktop app&quot; and click &quot;Create&quot;. (the default name is fine)
+
+8. It will show you a client ID and client secret. Make a note of these.
+   
+   (If you selected &quot;External&quot; at Step 5 continue to Step 9. 
+   If you chose &quot;Internal&quot; you don&#39;t need to publish and can skip straight to
+   Step 10 but your destination drive must be part of the same Google Workspace.)
+
+9. Go to &quot;Oauth consent screen&quot; and then click &quot;PUBLISH APP&quot; button and confirm.
+   You will also want to add yourself as a test user.
+
+10. Provide the noted client ID and client secret to rclone.
+
+Be aware that, due to the &quot;enhanced security&quot; recently introduced by
+Google, you are theoretically expected to &quot;submit your app for verification&quot;
+and then wait a few weeks(!) for their response; in practice, you can go right
+ahead and use the client ID and client secret with rclone, the only issue will
+be a very scary confirmation screen shown when you connect via your browser 
+for rclone to be able to get its token-id (but as this only happens during 
+the remote configuration, it&#39;s not such a big deal). Keeping the application in
+&quot;Testing&quot; will work as well, but the limitation is that any grants will expire
+after a week, which can be annoying to refresh constantly. If, for whatever
+reason, a short grant time is not a problem, then keeping the application in
+testing mode would also be sufficient.
+
+(Thanks to @balazer on github for these instructions.)
+
+Sometimes, creation of an OAuth consent in Google API Console fails due to an error message
+“The request failed because changes to one of the field of the resource is not supported”.
+As a convenient workaround, the necessary Google Drive API key can be created on the
+[Python Quickstart](https://developers.google.com/drive/api/v3/quickstart/python) page.
+Just push the Enable the Drive API button to receive the Client ID and Secret.
+Note that it will automatically create a new project in the API Console.
+
+#  Google Photos
+
+The rclone backend for [Google Photos](https://www.google.com/photos/about/) is
+a specialized backend for transferring photos and videos to and from
+Google Photos.
+
+**NB** The Google Photos API which rclone uses has quite a few
+limitations, so please read the [limitations section](#limitations)
+carefully to make sure it is suitable for your use.
+
+## Configuration
+
+The initial setup for google cloud storage involves getting a token from Google Photos
+which you need to do in your browser.  `rclone config` walks you
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Google Photos  "google photos" [snip] Storage&gt; google photos ** See help for google photos backend at: https://rclone.org/googlephotos/ **</p>
+<p>Google Application Client Id Leave blank normally. Enter a string value. Press Enter for the default (""). client_id&gt; Google Application Client Secret Leave blank normally. Enter a string value. Press Enter for the default (""). client_secret&gt; Set to make the Google Photos backend read only.</p>
+<p>If you choose read only then rclone will only request read only access to your photos, otherwise rclone will request full access. Enter a boolean value (true or false). Press Enter for the default ("false"). read_only&gt; Edit advanced config? (y/n) y) Yes n) No y/n&gt; n Remote config Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y) Yes n) No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code</p>
+<p>*** IMPORTANT: All media items uploaded to Google Photos with rclone *** are stored in full resolution at original quality. These uploads *** will count towards storage in your Google Account.</p>
+<table style="width:29%;">
+<colgroup>
+<col style="width: 29%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th style="text-align: left;">[remote] type = google photos token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2019-06-28T17:38:04.644930156+01:00"}</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="text-align: left;">y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y ```</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Note that rclone runs a webserver on your local machine to collect the token as returned from Google if using web browser to automatically authenticate. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">This remote is called <code>remote</code> and can now be used like this</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">See all the albums in your photos</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone lsd remote:album</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Make a new album</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone mkdir remote:album/newAlbum</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">List the contents of an album</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone ls remote:album/newAlbum</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Sync <code>/home/local/images</code> to the Google Photos, removing any excess files in the album.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone sync --interactive /home/local/image remote:album/newAlbum</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Layout</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">As Google Photos is not a general purpose cloud storage system, the backend is laid out to help you navigate it.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The directories under <code>media</code> show different ways of categorizing the media. Each file will appear multiple times. So if you want to make a backup of your google photos you might choose to backup <code>remote:media/by-month</code>. (<strong>NB</strong> <code>remote:media/by-day</code> is rather slow at the moment so avoid for syncing.)</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Note that all your photos and videos will appear somewhere under <code>media</code>, but they may not appear under <code>album</code> unless you've put them into albums.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;"><code>/ - upload - file1.jpg - file2.jpg - ... - media - all - file1.jpg - file2.jpg - ... - by-year - 2000 - file1.jpg - ... - 2001 - file2.jpg - ... - ... - by-month - 2000 - 2000-01 - file1.jpg - ... - 2000-02 - file2.jpg - ... - ... - by-day - 2000 - 2000-01-01 - file1.jpg - ... - 2000-01-02 - file2.jpg - ... - ... - album - album name - album name/sub - shared-album - album name - album name/sub - feature - favorites - file1.jpg - file2.jpg</code></td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">There are two writable parts of the tree, the <code>upload</code> directory and sub directories of the <code>album</code> directory.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The <code>upload</code> directory is for uploading files you don't want to put into albums. This will be empty to start with and will contain the files you've uploaded for one rclone session only, becoming empty again when you restart rclone. The use case for this would be if you have a load of files you just want to once off dump into Google Photos. For repeated syncing, uploading to <code>album</code> will work better.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Directories within the <code>album</code> directory are also writeable and you may create new directories (albums) under <code>album</code>. If you copy files with a directory hierarchy in there then rclone will create albums with the <code>/</code> character in them. For example if you do</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">rclone copy /path/to/images remote:album/images</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">and the images directory contains</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;"><code>images - file1.jpg dir file2.jpg dir2 dir3 file3.jpg</code></td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Then rclone will create the following albums with the following files in</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- images - file1.jpg - images/dir - file2.jpg - images/dir2/dir3 - file3.jpg</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">This means that you can use the <code>album</code> path pretty much like a normal filesystem and it is a good target for repeated syncing.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The <code>shared-album</code> directory shows albums shared with you or by you. This is similar to the Sharing tab in the Google Photos web interface.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">### Standard options</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Here are the Standard options specific to google photos (Google Photos).</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --gphotos-client-id</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">OAuth Client Id.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Leave blank normally.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: client_id - Env Var: RCLONE_GPHOTOS_CLIENT_ID - Type: string - Required: false</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --gphotos-client-secret</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">OAuth Client Secret.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Leave blank normally.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: client_secret - Env Var: RCLONE_GPHOTOS_CLIENT_SECRET - Type: string - Required: false</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --gphotos-read-only</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Set to make the Google Photos backend read only.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">If you choose read only then rclone will only request read only access to your photos, otherwise rclone will request full access.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: read_only - Env Var: RCLONE_GPHOTOS_READ_ONLY - Type: bool - Default: false</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Advanced options</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Here are the Advanced options specific to google photos (Google Photos).</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --gphotos-token</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">OAuth Access Token as a JSON blob.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: token - Env Var: RCLONE_GPHOTOS_TOKEN - Type: string - Required: false</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --gphotos-auth-url</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Auth server URL.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Leave blank to use the provider defaults.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: auth_url - Env Var: RCLONE_GPHOTOS_AUTH_URL - Type: string - Required: false</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --gphotos-token-url</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Token server url.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Leave blank to use the provider defaults.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: token_url - Env Var: RCLONE_GPHOTOS_TOKEN_URL - Type: string - Required: false</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --gphotos-read-size</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Set to read the size of media items.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Normally rclone does not read the size of media items since this takes another transaction. This isn't necessary for syncing. However rclone mount needs to know the size of files in advance of reading them, so setting this flag when using rclone mount is recommended if you want to read the media.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: read_size - Env Var: RCLONE_GPHOTOS_READ_SIZE - Type: bool - Default: false</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --gphotos-start-year</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Year limits the photos to be downloaded to those which are uploaded after the given year.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: start_year - Env Var: RCLONE_GPHOTOS_START_YEAR - Type: int - Default: 2000</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --gphotos-include-archived</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Also view and download archived media.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">By default, rclone does not request archived media. Thus, when syncing, archived media is not visible in directory listings or transferred.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Note that media in albums is always visible and synced, no matter their archive status.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">With this flag, archived media are always visible in directory listings and transferred.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Without this flag, archived media will not be visible in directory listings and won't be transferred.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: include_archived - Env Var: RCLONE_GPHOTOS_INCLUDE_ARCHIVED - Type: bool - Default: false</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --gphotos-encoding</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The encoding for the backend.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: encoding - Env Var: RCLONE_GPHOTOS_ENCODING - Type: Encoding - Default: Slash,CrLf,InvalidUtf8,Dot</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --gphotos-batch-mode</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Upload file batching sync|async|off.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">This sets the batch mode used by rclone.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">This has 3 possible values</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- off - no batching - sync - batch uploads and check completion (default) - async - batch upload and don't check completion</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Rclone will close any outstanding batches when it exits which may make a delay on quit.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: batch_mode - Env Var: RCLONE_GPHOTOS_BATCH_MODE - Type: string - Default: "sync"</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --gphotos-batch-size</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Max number of files in upload batch.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">This sets the batch size of files to upload. It has to be less than 50.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">By default this is 0 which means rclone which calculate the batch size depending on the setting of batch_mode.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- batch_mode: async - default batch_size is 50 - batch_mode: sync - default batch_size is the same as --transfers - batch_mode: off - not in use</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Rclone will close any outstanding batches when it exits which may make a delay on quit.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Setting this is a great idea if you are uploading lots of small files as it will make them a lot quicker. You can use --transfers 32 to maximise throughput.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: batch_size - Env Var: RCLONE_GPHOTOS_BATCH_SIZE - Type: int - Default: 0</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --gphotos-batch-timeout</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Max time to allow an idle upload batch before uploading.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">If an upload batch is idle for more than this long then it will be uploaded.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The default for this is 0 which means rclone will choose a sensible default based on the batch_mode in use.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- batch_mode: async - default batch_timeout is 10s - batch_mode: sync - default batch_timeout is 1s - batch_mode: off - not in use</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: batch_timeout - Env Var: RCLONE_GPHOTOS_BATCH_TIMEOUT - Type: Duration - Default: 0s</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --gphotos-batch-commit-timeout</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Max time to wait for a batch to finish committing</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: batch_commit_timeout - Env Var: RCLONE_GPHOTOS_BATCH_COMMIT_TIMEOUT - Type: Duration - Default: 10m0s</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">## Limitations</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Only images and videos can be uploaded. If you attempt to upload non videos or images or formats that Google Photos doesn't understand, rclone will upload the file, then Google Photos will give an error when it is put turned into a media item.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Note that all media items uploaded to Google Photos through the API are stored in full resolution at "original quality" and <strong>will</strong> count towards your storage quota in your Google Account. The API does <strong>not</strong> offer a way to upload in "high quality" mode..</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;"><code>rclone about</code> is not supported by the Google Photos backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> See <a href="https://rclone.org/commands/rclone_about/">rclone about</a></td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">### Downloading Images</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">When Images are downloaded this strips EXIF location (according to the docs and my tests). This is a limitation of the Google Photos API and is covered by <a href="https://issuetracker.google.com/issues/112096115">bug #112096115</a>.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;"><strong>The current google API does not allow photos to be downloaded at original resolution. This is very important if you are, for example, relying on "Google Photos" as a backup of your photos. You will not be able to use rclone to redownload original images. You could use 'google takeout' to recover the original photos as a last resort</strong></td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Downloading Videos</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">When videos are downloaded they are downloaded in a really compressed version of the video compared to downloading it via the Google Photos web interface. This is covered by <a href="https://issuetracker.google.com/issues/113672044">bug #113672044</a>.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Duplicates</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">If a file name is duplicated in a directory then rclone will add the file ID into its name. So two files called <code>file.jpg</code> would then appear as <code>file {123456}.jpg</code> and <code>file {ABCDEF}.jpg</code> (the actual IDs are a lot longer alas!).</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">If you upload the same image (with the same binary data) twice then Google Photos will deduplicate it. However it will retain the filename from the first upload which may confuse rclone. For example if you uploaded an image to <code>upload</code> then uploaded the same image to <code>album/my_album</code> the filename of the image in <code>album/my_album</code> will be what it was uploaded with initially, not what you uploaded it with to <code>album</code>. In practise this shouldn't cause too many problems.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">### Modification times</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The date shown of media in Google Photos is the creation date as determined by the EXIF information, or the upload date if that is not known.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">This is not changeable by rclone and is not the modification date of the media on local disk. This means that rclone cannot use the dates from Google Photos for syncing purposes.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Size</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">The Google Photos API does not return the size of media. This means that when syncing to Google Photos, rclone can only do a file existence check.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">It is possible to read the size of the media, but this needs an extra HTTP HEAD request per media item so is <strong>very slow</strong> and uses up a lot of transactions. This can be enabled with the <code>--gphotos-read-size</code> option or the <code>read_size = true</code> config parameter.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">If you want to use the backend with <code>rclone mount</code> you may need to enable this flag (depending on your OS and application using the photos) otherwise you may not be able to read media off the mount. You'll need to experiment to see if it works for you without the flag.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Albums</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Rclone can only upload files to albums it created. This is a <a href="https://developers.google.com/photos/library/guides/manage-albums">limitation of the Google Photos API</a>.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Rclone can remove files it uploaded from albums it created only.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">### Deleting files</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Rclone can remove files from albums it created, but note that the Google Photos API does not allow media to be deleted permanently so this media will still remain. See <a href="https://issuetracker.google.com/issues/109759781">bug #109759781</a>.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Rclone cannot delete files anywhere except under <code>album</code>.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Deleting albums</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">The Google Photos API does not support deleting albums - see <a href="https://issuetracker.google.com/issues/135714733">bug #135714733</a>.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;"># Hasher</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Hasher is a special overlay backend to create remotes which handle checksums for other remotes. It's main functions include: - Emulate hash types unimplemented by backends - Cache checksums to help with slow hashing of large local or (S)FTP files - Warm up checksum cache from external SUM files</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">## Getting started</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">To use Hasher, first set up the underlying remote following the configuration instructions for that remote. You can also use a local pathname instead of a remote. Check that your base remote is working.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Let's call the base remote <code>myRemote:path</code> here. Note that anything inside <code>myRemote:path</code> will be handled by hasher and anything outside won't. This means that if you are using a bucket based remote (S3, B2, Swift) then you should put the bucket in the remote <code>s3:bucket</code>.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Now proceed to interactive or manual configuration.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Interactive configuration</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Run <code>rclone config</code>: ``` No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; Hasher1 Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Handle checksums for other remotes  "hasher" [snip] Storage&gt; hasher Remote to cache checksums for, like myremote:mypath. Enter a string value. Press Enter for the default (""). remote&gt; myRemote:path Comma separated list of supported checksum types. Enter a string value. Press Enter for the default ("md5,sha1"). hashsums&gt; md5 Maximum time to keep checksums in cache. 0 = no cache, off = cache forever. max_age&gt; off Edit advanced config? (y/n) y) Yes n) No y/n&gt; n Remote config</td>
+</tr>
+</tbody>
+</table>
+<p>[Hasher1] type = hasher remote = myRemote:path hashsums = md5 max_age = off -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+### Manual configuration
+
+Run `rclone config path` to see the path of current active config file,
+usually `YOURHOME/.config/rclone/rclone.conf`.
+Open it in your favorite text editor, find section for the base remote
+and create new section for hasher like in the following examples:
+</code></pre>
+<p>[Hasher1] type = hasher remote = myRemote:path hashes = md5 max_age = off</p>
+<p>[Hasher2] type = hasher remote = /local/path hashes = dropbox,sha1 max_age = 24h</p>
+<pre><code>
+Hasher takes basically the following parameters:
+- `remote` is required,
+- `hashes` is a comma separated list of supported checksums
+   (by default `md5,sha1`),
+- `max_age` - maximum time to keep a checksum value in the cache,
+   `0` will disable caching completely,
+   `off` will cache &quot;forever&quot; (that is until the files get changed).
+
+Make sure the `remote` has `:` (colon) in. If you specify the remote without
+a colon then rclone will use a local directory of that name. So if you use
+a remote of `/local/path` then rclone will handle hashes for that directory.
+If you use `remote = name` literally then rclone will put files
+**in a directory called `name` located under current directory**.
+
+## Usage
+
+### Basic operations
+
+Now you can use it as `Hasher2:subdir/file` instead of base remote.
+Hasher will transparently update cache with new checksums when a file
+is fully read or overwritten, like:</code></pre>
+<p>rclone copy External:path/file Hasher:dest/path</p>
+<p>rclone cat Hasher:path/to/file &gt; /dev/null</p>
+<pre><code>
+The way to refresh **all** cached checksums (even unsupported by the base backend)
+for a subtree is to **re-download** all files in the subtree. For example,
+use `hashsum --download` using **any** supported hashsum on the command line
+(we just care to re-read):</code></pre>
+<p>rclone hashsum MD5 --download Hasher:path/to/subtree &gt; /dev/null</p>
+<p>rclone backend dump Hasher:path/to/subtree</p>
+<pre><code>
+You can print or drop hashsum cache using custom backend commands:</code></pre>
+<p>rclone backend dump Hasher:dir/subdir</p>
+<p>rclone backend drop Hasher:</p>
+<pre><code>
+### Pre-Seed from a SUM File
+
+Hasher supports two backend commands: generic SUM file `import` and faster
+but less consistent `stickyimport`.
+</code></pre>
+<p>rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM [--checkers 4]</p>
+<pre><code>
+Instead of SHA1 it can be any hash supported by the remote. The last argument
+can point to either a local or an `other-remote:path` text file in SUM format.
+The command will parse the SUM file, then walk down the path given by the
+first argument, snapshot current fingerprints and fill in the cache entries
+correspondingly.
+- Paths in the SUM file are treated as relative to `hasher:dir/subdir`.
+- The command will **not** check that supplied values are correct.
+  You **must know** what you are doing.
+- This is a one-time action. The SUM file will not get &quot;attached&quot; to the
+  remote. Cache entries can still be overwritten later, should the object&#39;s
+  fingerprint change.
+- The tree walk can take long depending on the tree size. You can increase
+  `--checkers` to make it faster. Or use `stickyimport` if you don&#39;t care
+  about fingerprints and consistency.
+</code></pre>
+<p>rclone backend stickyimport hasher:path/to/data sha1 remote:/path/to/sum.sha1</p>
+<pre><code>
+`stickyimport` is similar to `import` but works much faster because it
+does not need to stat existing files and skips initial tree walk.
+Instead of binding cache entries to file fingerprints it creates _sticky_
+entries bound to the file name alone ignoring size, modification time etc.
+Such hash entries can be replaced only by `purge`, `delete`, `backend drop`
+or by full re-read/re-write of the files.
+
+## Configuration reference
+
+
+### Standard options
+
+Here are the Standard options specific to hasher (Better checksums for other remotes).
+
+#### --hasher-remote
+
+Remote to cache checksums for (e.g. myRemote:path).
+
+Properties:
+
+- Config:      remote
+- Env Var:     RCLONE_HASHER_REMOTE
+- Type:        string
+- Required:    true
+
+#### --hasher-hashes
+
+Comma separated list of supported checksum types.
+
+Properties:
+
+- Config:      hashes
+- Env Var:     RCLONE_HASHER_HASHES
+- Type:        CommaSepList
+- Default:     md5,sha1
+
+#### --hasher-max-age
+
+Maximum time to keep checksums in cache (0 = no cache, off = cache forever).
+
+Properties:
+
+- Config:      max_age
+- Env Var:     RCLONE_HASHER_MAX_AGE
+- Type:        Duration
+- Default:     off
+
+### Advanced options
+
+Here are the Advanced options specific to hasher (Better checksums for other remotes).
+
+#### --hasher-auto-size
+
+Auto-update checksum for files smaller than this size (disabled by default).
+
+Properties:
+
+- Config:      auto_size
+- Env Var:     RCLONE_HASHER_AUTO_SIZE
+- Type:        SizeSuffix
+- Default:     0
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+## Backend commands
+
+Here are the commands specific to the hasher backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### drop
+
+Drop cache
+
+    rclone backend drop remote: [options] [&lt;arguments&gt;+]
+
+Completely drop checksum cache.
+Usage Example:
+    rclone backend drop hasher:
+
+
+### dump
+
+Dump the database
+
+    rclone backend dump remote: [options] [&lt;arguments&gt;+]
+
+Dump cache records covered by the current remote
+
+### fulldump
+
+Full dump of the database
+
+    rclone backend fulldump remote: [options] [&lt;arguments&gt;+]
+
+Dump all cache records in the database
+
+### import
+
+Import a SUM file
+
+    rclone backend import remote: [options] [&lt;arguments&gt;+]
+
+Amend hash cache from a SUM file and bind checksums to files by size/time.
+Usage Example:
+    rclone backend import hasher:subdir md5 /path/to/sum.md5
+
+
+### stickyimport
+
+Perform fast import of a SUM file
+
+    rclone backend stickyimport remote: [options] [&lt;arguments&gt;+]
+
+Fill hash cache from a SUM file without verifying file fingerprints.
+Usage Example:
+    rclone backend stickyimport hasher:subdir md5 remote:path/to/sum.md5
+
+
+
+
+## Implementation details (advanced)
+
+This section explains how various rclone operations work on a hasher remote.
+
+**Disclaimer. This section describes current implementation which can
+change in future rclone versions!.**
+
+### Hashsum command
+
+The `rclone hashsum` (or `md5sum` or `sha1sum`) command will:
+
+1. if requested hash is supported by lower level, just pass it.
+2. if object size is below `auto_size` then download object and calculate
+   _requested_ hashes on the fly.
+3. if unsupported and the size is big enough, build object `fingerprint`
+   (including size, modtime if supported, first-found _other_ hash if any).
+4. if the strict match is found in cache for the requested remote, return
+   the stored hash.
+5. if remote found but fingerprint mismatched, then purge the entry and
+   proceed to step 6.
+6. if remote not found or had no requested hash type or after step 5:
+   download object, calculate all _supported_ hashes on the fly and store
+   in cache; return requested hash.
+
+### Other operations
+
+- whenever a file is uploaded or downloaded **in full**, capture the stream
+  to calculate all supported hashes on the fly and update database
+- server-side `move`  will update keys of existing cache entries
+- `deletefile` will remove a single cache entry
+- `purge` will remove all cache entries under the purged path
+
+Note that setting `max_age = 0` will disable checksum caching completely.
+
+If you set `max_age = off`, checksums in cache will never age, unless you
+fully rewrite or delete the file.
+
+### Cache storage
+
+Cached checksums are stored as `bolt` database files under rclone cache
+directory, usually `~/.cache/rclone/kv/`. Databases are maintained
+one per _base_ backend, named like `BaseRemote~hasher.bolt`.
+Checksums for multiple `alias`-es into a single base backend
+will be stored in the single database. All local paths are treated as
+aliases into the `local` backend (unless encrypted or chunked) and stored
+in `~/.cache/rclone/kv/local~hasher.bolt`.
+Databases can be shared between multiple rclone processes.
+
+#  HDFS
+
+[HDFS](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html) is a
+distributed file-system, part of the [Apache Hadoop](https://hadoop.apache.org/) framework.
+
+Paths are specified as `remote:` or `remote:path/to/dir`.
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`. First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [skip] XX / Hadoop distributed file system  "hdfs" [skip] Storage&gt; hdfs ** See help for hdfs backend at: https://rclone.org/hdfs/ **</p>
+<p>hadoop name node and port Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Connect to host namenode at port 8020  "namenode:8020" namenode&gt; namenode.hadoop:8020 hadoop user name Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Connect to hdfs as root  "root" username&gt; root Edit advanced config? (y/n) y) Yes n) No (default) y/n&gt; n Remote config -------------------- [remote] type = hdfs namenode = namenode.hadoop:8020 username = root -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y Current remotes:</p>
+<p>Name Type ==== ==== hadoop hdfs</p>
+<ol start="5" type="a">
+<li>Edit existing remote</li>
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Rename remote</li>
+<li>Copy remote</li>
+<li>Set configuration password</li>
+<li>Quit config e/n/d/r/c/s/q&gt; q</li>
+</ol>
+<pre><code>
+This remote is called `remote` and can now be used like this
+
+See all the top level directories
+
+    rclone lsd remote:
+
+List the contents of a directory
+
+    rclone ls remote:directory
+
+Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
+
+    rclone sync --interactive remote:directory /home/local/directory
+
+### Setting up your own HDFS instance for testing
+
+You may start with a [manual setup](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html)
+or use the docker image from the tests:
+
+If you want to build the docker image
+</code></pre>
+<p>git clone https://github.com/rclone/rclone.git cd rclone/fstest/testserver/images/test-hdfs docker build --rm -t rclone/test-hdfs .</p>
+<pre><code>
+Or you can just use the latest one pushed
+</code></pre>
+<p>docker run --rm --name "rclone-hdfs" -p 127.0.0.1:9866:9866 -p 127.0.0.1:8020:8020 --hostname "rclone-hdfs" rclone/test-hdfs</p>
+<pre><code>
+**NB** it need few seconds to startup.
+
+For this docker image the remote needs to be configured like this:
+</code></pre>
+<p>[remote] type = hdfs namenode = 127.0.0.1:8020 username = root</p>
+<pre><code>
+You can stop this image with `docker kill rclone-hdfs` (**NB** it does not use volumes, so all data
+uploaded will be lost.)
+
+### Modification times
+
+Time accurate to 1 second is stored.
+
+### Checksum
+
+No checksums are implemented.
+
+### Usage information
+
+You can use the `rclone about remote:` command which will display filesystem size and current usage.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| :         | 0x3A  | ：           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8).
+
+
+### Standard options
+
+Here are the Standard options specific to hdfs (Hadoop distributed file system).
+
+#### --hdfs-namenode
+
+Hadoop name nodes and ports.
+
+E.g. &quot;namenode-1:8020,namenode-2:8020,...&quot; to connect to host namenodes at port 8020.
+
+Properties:
+
+- Config:      namenode
+- Env Var:     RCLONE_HDFS_NAMENODE
+- Type:        CommaSepList
+- Default:     
+
+#### --hdfs-username
+
+Hadoop user name.
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_HDFS_USERNAME
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;root&quot;
+        - Connect to hdfs as root.
+
+### Advanced options
+
+Here are the Advanced options specific to hdfs (Hadoop distributed file system).
+
+#### --hdfs-service-principal-name
+
+Kerberos service principal name for the namenode.
+
+Enables KERBEROS authentication. Specifies the Service Principal Name
+(SERVICE/FQDN) for the namenode. E.g. \&quot;hdfs/namenode.hadoop.docker\&quot;
+for namenode running as service &#39;hdfs&#39; with FQDN &#39;namenode.hadoop.docker&#39;.
+
+Properties:
+
+- Config:      service_principal_name
+- Env Var:     RCLONE_HDFS_SERVICE_PRINCIPAL_NAME
+- Type:        string
+- Required:    false
+
+#### --hdfs-data-transfer-protection
+
+Kerberos data transfer protection: authentication|integrity|privacy.
+
+Specifies whether or not authentication, data signature integrity
+checks, and wire encryption are required when communicating with
+the datanodes. Possible values are &#39;authentication&#39;, &#39;integrity&#39;
+and &#39;privacy&#39;. Used only with KERBEROS enabled.
+
+Properties:
+
+- Config:      data_transfer_protection
+- Env Var:     RCLONE_HDFS_DATA_TRANSFER_PROTECTION
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;privacy&quot;
+        - Ensure authentication, integrity and encryption enabled.
+
+#### --hdfs-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_HDFS_ENCODING
+- Type:        Encoding
+- Default:     Slash,Colon,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+- No server-side `Move` or `DirMove`.
+- Checksums not implemented.
+
+#  HiDrive
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+The initial setup for hidrive involves getting a token from HiDrive
+which you need to do in your browser.
+`rclone config` walks you through it.
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / HiDrive  "hidrive" [snip] Storage&gt; hidrive OAuth Client Id - Leave blank normally. client_id&gt; OAuth Client Secret - Leave blank normally. client_secret&gt; Access permissions that rclone should use when requesting access from HiDrive. Leave blank normally. scope_access&gt; Edit advanced config? y/n&gt; n Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx Log in and authorize rclone for access Waiting for code... Got code -------------------- [remote] type = hidrive token = {"access_token":"xxxxxxxxxxxxxxxxxxxx","token_type":"Bearer","refresh_token":"xxxxxxxxxxxxxxxxxxxxxxx","expiry":"xxxxxxxxxxxxxxxxxxxxxxx"} -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+**You should be aware that OAuth-tokens can be used to access your account
+and hence should not be shared with other persons.**
+See the [below section](#keeping-your-tokens-safe) for more information.
+
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from HiDrive. This only runs from the moment it opens
+your browser to the moment you get back the verification code.
+The webserver runs on `http://127.0.0.1:53682/`.
+If local port `53682` is protected by a firewall you may need to temporarily
+unblock the firewall to complete authorization.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your HiDrive root folder
+
+    rclone lsd remote:
+
+List all the files in your HiDrive filesystem
+
+    rclone ls remote:
+
+To copy a local directory to a HiDrive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Keeping your tokens safe
+
+Any OAuth-tokens will be stored by rclone in the remote&#39;s configuration file as unencrypted text.
+Anyone can use a valid refresh-token to access your HiDrive filesystem without knowing your password.
+Therefore you should make sure no one else can access your configuration.
+
+It is possible to encrypt rclone&#39;s configuration file.
+You can find information on securing your configuration file by viewing the [configuration encryption docs](https://rclone.org/docs/#configuration-encryption).
+
+### Invalid refresh token
+
+As can be verified [here](https://developer.hidrive.com/basics-flows/),
+each `refresh_token` (for Native Applications) is valid for 60 days.
+If used to access HiDrivei, its validity will be automatically extended.
+
+This means that if you
+
+  * Don&#39;t use the HiDrive remote for 60 days
+
+then rclone will return an error which includes a text
+that implies the refresh token is *invalid* or *expired*.
+
+To fix this you will need to authorize rclone to access your HiDrive account again.
+
+Using
+
+    rclone config reconnect remote:
+
+the process is very similar to the process of initial setup exemplified before.
+
+### Modification times and hashes
+
+HiDrive allows modification times to be set on objects accurate to 1 second.
+
+HiDrive supports [its own hash type](https://static.hidrive.com/dev/0001)
+which is used to verify the integrity of file contents after successful transfers.
+
+### Restricted filename characters
+
+HiDrive cannot store files or folders that include
+`/` (0x2F) or null-bytes (0x00) in their name.
+Any other characters can be used in the names of files or folders.
+Additionally, files or folders cannot be named either of the following: `.` or `..`
+
+Therefore rclone will automatically replace these characters,
+if files or folders are stored or accessed with such names.
+
+You can read about how this filename encoding works in general
+[here](overview/#restricted-filenames).
+
+Keep in mind that HiDrive only supports file or folder names
+with a length of 255 characters or less.
+
+### Transfers
+
+HiDrive limits file sizes per single request to a maximum of 2 GiB.
+To allow storage of larger files and allow for better upload performance,
+the hidrive backend will use a chunked transfer for files larger than 96 MiB.
+Rclone will upload multiple parts/chunks of the file at the same time.
+Chunks in the process of being uploaded are buffered in memory,
+so you may want to restrict this behaviour on systems with limited resources.
+
+You can customize this behaviour using the following options:
+
+* `chunk_size`: size of file parts
+* `upload_cutoff`: files larger or equal to this in size will use a chunked transfer
+* `upload_concurrency`: number of file-parts to upload at the same time
+
+See the below section about configuration options for more details.
+
+### Root folder
+
+You can set the root folder for rclone.
+This is the directory that rclone considers to be the root of your HiDrive.
+
+Usually, you will leave this blank, and rclone will use the root of the account.
+
+However, you can set this to restrict rclone to a specific folder hierarchy.
+
+This works by prepending the contents of the `root_prefix` option
+to any paths accessed by rclone.
+For example, the following two ways to access the home directory are equivalent:
+
+    rclone lsd --hidrive-root-prefix=&quot;/users/test/&quot; remote:path
+
+    rclone lsd remote:/users/test/path
+
+See the below section about configuration options for more details.
+
+### Directory member count
+
+By default, rclone will know the number of directory members contained in a directory.
+For example, `rclone lsd` uses this information.
+
+The acquisition of this information will result in additional time costs for HiDrive&#39;s API.
+When dealing with large directory structures, it may be desirable to circumvent this time cost,
+especially when this information is not explicitly needed.
+For this, the `disable_fetching_member_count` option can be used.
+
+See the below section about configuration options for more details.
+
+
+### Standard options
+
+Here are the Standard options specific to hidrive (HiDrive).
+
+#### --hidrive-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_HIDRIVE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --hidrive-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_HIDRIVE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --hidrive-scope-access
+
+Access permissions that rclone should use when requesting access from HiDrive.
+
+Properties:
+
+- Config:      scope_access
+- Env Var:     RCLONE_HIDRIVE_SCOPE_ACCESS
+- Type:        string
+- Default:     &quot;rw&quot;
+- Examples:
+    - &quot;rw&quot;
+        - Read and write access to resources.
+    - &quot;ro&quot;
+        - Read-only access to resources.
+
+### Advanced options
+
+Here are the Advanced options specific to hidrive (HiDrive).
+
+#### --hidrive-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_HIDRIVE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --hidrive-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_HIDRIVE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --hidrive-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_HIDRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --hidrive-scope-role
+
+User-level that rclone should use when requesting access from HiDrive.
+
+Properties:
+
+- Config:      scope_role
+- Env Var:     RCLONE_HIDRIVE_SCOPE_ROLE
+- Type:        string
+- Default:     &quot;user&quot;
+- Examples:
+    - &quot;user&quot;
+        - User-level access to management permissions.
+        - This will be sufficient in most cases.
+    - &quot;admin&quot;
+        - Extensive access to management permissions.
+    - &quot;owner&quot;
+        - Full access to management permissions.
+
+#### --hidrive-root-prefix
+
+The root/parent folder for all paths.
+
+Fill in to use the specified folder as the parent for all paths given to the remote.
+This way rclone can use any folder as its starting point.
+
+Properties:
+
+- Config:      root_prefix
+- Env Var:     RCLONE_HIDRIVE_ROOT_PREFIX
+- Type:        string
+- Default:     &quot;/&quot;
+- Examples:
+    - &quot;/&quot;
+        - The topmost directory accessible by rclone.
+        - This will be equivalent with &quot;root&quot; if rclone uses a regular HiDrive user account.
+    - &quot;root&quot;
+        - The topmost directory of the HiDrive user account
+    - &quot;&quot;
+        - This specifies that there is no root-prefix for your paths.
+        - When using this you will always need to specify paths to this remote with a valid parent e.g. &quot;remote:/path/to/dir&quot; or &quot;remote:root/path/to/dir&quot;.
+
+#### --hidrive-endpoint
+
+Endpoint for the service.
+
+This is the URL that API-calls will be made to.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_HIDRIVE_ENDPOINT
+- Type:        string
+- Default:     &quot;https://api.hidrive.strato.com/2.1&quot;
+
+#### --hidrive-disable-fetching-member-count
+
+Do not fetch number of objects in directories unless it is absolutely necessary.
+
+Requests may be faster if the number of objects in subdirectories is not fetched.
+
+Properties:
+
+- Config:      disable_fetching_member_count
+- Env Var:     RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT
+- Type:        bool
+- Default:     false
+
+#### --hidrive-chunk-size
+
+Chunksize for chunked uploads.
+
+Any files larger than the configured cutoff (or files of unknown size) will be uploaded in chunks of this size.
+
+The upper limit for this is 2147483647 bytes (about 2.000Gi).
+That is the maximum amount of bytes a single upload-operation will support.
+Setting this above the upper limit or to a negative value will cause uploads to fail.
+
+Setting this to larger values may increase the upload speed at the cost of using more memory.
+It can be set to smaller values smaller to save on memory.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_HIDRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     48Mi
+
+#### --hidrive-upload-cutoff
+
+Cutoff/Threshold for chunked uploads.
+
+Any files larger than this will be uploaded in chunks of the configured chunksize.
+
+The upper limit for this is 2147483647 bytes (about 2.000Gi).
+That is the maximum amount of bytes a single upload-operation will support.
+Setting this above the upper limit will cause uploads to fail.
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_HIDRIVE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     96Mi
+
+#### --hidrive-upload-concurrency
+
+Concurrency for chunked uploads.
+
+This is the upper limit for how many transfers for the same file are running concurrently.
+Setting this above to a value smaller than 1 will cause uploads to deadlock.
+
+If you are uploading small numbers of large files over high-speed links
+and these uploads do not fully utilize your bandwidth, then increasing
+this may help to speed up the transfers.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_HIDRIVE_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
+
+#### --hidrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_HIDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,Dot
+
+
+
+## Limitations
+
+### Symbolic links
+
+HiDrive is able to store symbolic links (*symlinks*) by design,
+for example, when unpacked from a zip archive.
+
+There exists no direct mechanism to manage native symlinks in remotes.
+As such this implementation has chosen to ignore any native symlinks present in the remote.
+rclone will not be able to access or show any symlinks stored in the hidrive-remote.
+This means symlinks cannot be individually removed, copied, or moved,
+except when removing, copying, or moving the parent folder.
+
+*This does not affect the `.rclonelink`-files
+that rclone uses to encode and store symbolic links.*
+
+### Sparse files
+
+It is possible to store sparse files in HiDrive.
+
+Note that copying a sparse file will expand the holes
+into null-byte (0x00) regions that will then consume disk space.
+Likewise, when downloading a sparse file,
+the resulting file will have null-byte regions in the place of file holes.
+
+#  HTTP
+
+The HTTP remote is a read only remote for reading files of a
+webserver.  The webserver should provide file listings which rclone
+will read and turn into a remote.  This has been tested with common
+webservers such as Apache/Nginx/Caddy and will likely work with file
+listings from most web servers.  (If it doesn&#39;t then please file an
+issue, or send a pull request!)
+
+Paths are specified as `remote:` or `remote:path`.
+
+The `remote:` represents the configured [url](#http-url), and any path following
+it will be resolved relative to this url, according to the URL standard. This
+means with remote url `https://beta.rclone.org/branch` and path `fix`, the
+resolved URL will be `https://beta.rclone.org/branch/fix`, while with path
+`/fix` the resolved URL will be `https://beta.rclone.org/fix` as the absolute
+path is resolved from the root of the domain.
+
+If the path following the `remote:` ends with `/` it will be assumed to point
+to a directory. If the path does not end with `/`, then a HEAD request is sent
+and the response used to decide if it it is treated as a file or a directory
+(run with `-vv` to see details). When [--http-no-head](#http-no-head) is
+specified, a path without ending `/` is always assumed to be a file. If rclone
+incorrectly assumes the path is a file, the solution is to specify the path with
+ending `/`. When you know the path is a directory, ending it with `/` is always
+better as it avoids the initial HEAD request.
+
+To just download a single file it is easier to use
+[copyurl](https://rclone.org/commands/rclone_copyurl/).
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First
+run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / HTTP  "http" [snip] Storage&gt; http URL of http host to connect to Choose a number from below, or type in your own value 1 / Connect to example.com  "https://example.com" url&gt; https://beta.rclone.org Remote config -------------------- [remote] url = https://beta.rclone.org -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y Current remotes:</p>
+<p>Name Type ==== ==== remote http</p>
+<ol start="5" type="a">
+<li>Edit existing remote</li>
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Rename remote</li>
+<li>Copy remote</li>
+<li>Set configuration password</li>
+<li>Quit config e/n/d/r/c/s/q&gt; q</li>
+</ol>
+<pre><code>
+This remote is called `remote` and can now be used like this
+
+See all the top level directories
+
+    rclone lsd remote:
+
+List the contents of a directory
+
+    rclone ls remote:directory
+
+Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
+
+    rclone sync --interactive remote:directory /home/local/directory
+
+### Read only
+
+This remote is read only - you can&#39;t upload files to an HTTP server.
+
+### Modification times
+
+Most HTTP servers store time accurate to 1 second.
+
+### Checksum
+
+No checksums are stored.
+
+### Usage without a config file
+
+Since the http remote only has one config parameter it is easy to use
+without a config file:
+
+    rclone lsd --http-url https://beta.rclone.org :http:
+
+or:
+
+    rclone lsd :http,url=&#39;https://beta.rclone.org&#39;:
+
+
+### Standard options
+
+Here are the Standard options specific to http (HTTP).
+
+#### --http-url
+
+URL of HTTP host to connect to.
+
+E.g. &quot;https://example.com&quot;, or &quot;https://user:pass@example.com&quot; to use a username and password.
+
+Properties:
+
+- Config:      url
+- Env Var:     RCLONE_HTTP_URL
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to http (HTTP).
+
+#### --http-headers
+
+Set HTTP headers for all transactions.
+
+Use this to set additional HTTP headers for all transactions.
+
+The input format is comma separated list of key,value pairs.  Standard
+[CSV encoding](https://godoc.org/encoding/csv) may be used.
+
+For example, to set a Cookie use &#39;Cookie,name=value&#39;, or &#39;&quot;Cookie&quot;,&quot;name=value&quot;&#39;.
+
+You can set multiple headers, e.g. &#39;&quot;Cookie&quot;,&quot;name=value&quot;,&quot;Authorization&quot;,&quot;xxx&quot;&#39;.
+
+Properties:
+
+- Config:      headers
+- Env Var:     RCLONE_HTTP_HEADERS
+- Type:        CommaSepList
+- Default:     
+
+#### --http-no-slash
+
+Set this if the site doesn&#39;t end directories with /.
+
+Use this if your target website does not use / on the end of
+directories.
+
+A / on the end of a path is how rclone normally tells the difference
+between files and directories.  If this flag is set, then rclone will
+treat all files with Content-Type: text/html as directories and read
+URLs from them rather than downloading them.
+
+Note that this may cause rclone to confuse genuine HTML files with
+directories.
+
+Properties:
+
+- Config:      no_slash
+- Env Var:     RCLONE_HTTP_NO_SLASH
+- Type:        bool
+- Default:     false
+
+#### --http-no-head
+
+Don&#39;t use HEAD requests.
+
+HEAD requests are mainly used to find file sizes in dir listing.
+If your site is being very slow to load then you can try this option.
+Normally rclone does a HEAD request for each potential file in a
+directory listing to:
+
+- find its size
+- check it really exists
+- check to see if it is a directory
+
+If you set this option, rclone will not do the HEAD request. This will mean
+that directory listings are much quicker, but rclone won&#39;t have the times or
+sizes of any files, and some files that don&#39;t exist may be in the listing.
+
+Properties:
+
+- Config:      no_head
+- Env Var:     RCLONE_HTTP_NO_HEAD
+- Type:        bool
+- Default:     false
+
+## Backend commands
+
+Here are the commands specific to the http backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### set
+
+Set command for updating the config parameters.
+
+    rclone backend set remote: [options] [&lt;arguments&gt;+]
+
+This set command can be used to update the config parameters
+for a running http backend.
+
+Usage Examples:
+
+    rclone backend set remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: -o url=https://example.com
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the http backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn&#39;t return anything.
+
+
+
+
+## Limitations
+
+`rclone about` is not supported by the HTTP backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  ImageKit
+This is a backend for the [ImageKit.io](https://imagekit.io/) storage service.
+
+#### About ImageKit
+[ImageKit.io](https://imagekit.io/)  provides real-time image and video optimizations, transformations, and CDN delivery. Over 1,000 businesses and 70,000 developers trust ImageKit with their images and videos on the web.
+
+
+#### Accounts &amp; Pricing
+
+To use this backend, you need to [create an account](https://imagekit.io/registration/) on ImageKit. Start with a free plan with generous usage limits. Then, as your requirements grow, upgrade to a plan that best fits your needs. See [the pricing details](https://imagekit.io/plans).
+
+## Configuration
+
+Here is an example of making an imagekit configuration.
+
+Firstly create a [ImageKit.io](https://imagekit.io/) account and choose a plan.
+
+You will need to log in and get the `publicKey` and `privateKey` for your account from the developer section.
+
+Now run</code></pre>
+<p>rclone config</p>
+<pre><code>
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n</p>
+<p>Enter the name for the new remote. name&gt; imagekit-media-library</p>
+<p>Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. [snip] XX / ImageKit.io  (imagekit) [snip] Storage&gt; imagekit</p>
+<p>Option endpoint. You can find your ImageKit.io URL endpoint in your <a href="https://imagekit.io/dashboard/developer/api-keys">dashboard</a> Enter a value. endpoint&gt; https://ik.imagekit.io/imagekit_id</p>
+<p>Option public_key. You can find your ImageKit.io public key in your <a href="https://imagekit.io/dashboard/developer/api-keys">dashboard</a> Enter a value. public_key&gt; public_****************************</p>
+<p>Option private_key. You can find your ImageKit.io private key in your <a href="https://imagekit.io/dashboard/developer/api-keys">dashboard</a> Enter a value. private_key&gt; private_****************************</p>
+<p>Edit advanced config? y) Yes n) No (default) y/n&gt; n</p>
+<p>Configuration complete. Options: - type: imagekit - endpoint: https://ik.imagekit.io/imagekit_id - public_key: public_**************************** - private_key: private_****************************</p>
+<p>Keep this "imagekit-media-library" remote? y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>List directories in the top level of your Media Library</code></pre>
+<p>rclone lsd imagekit-media-library:</p>
+<pre><code>Make a new directory.</code></pre>
+<p>rclone mkdir imagekit-media-library:directory</p>
+<pre><code>List the contents of a directory.</code></pre>
+<p>rclone ls imagekit-media-library:directory</p>
+<pre><code>
+###   Modified time and hashes
+
+ImageKit does not support modification times or hashes yet.
+
+### Checksums
+
+No checksums are supported.
+
+
+### Standard options
+
+Here are the Standard options specific to imagekit (ImageKit.io).
+
+#### --imagekit-endpoint
+
+You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_IMAGEKIT_ENDPOINT
+- Type:        string
+- Required:    true
+
+#### --imagekit-public-key
+
+You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+Properties:
+
+- Config:      public_key
+- Env Var:     RCLONE_IMAGEKIT_PUBLIC_KEY
+- Type:        string
+- Required:    true
+
+#### --imagekit-private-key
+
+You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+Properties:
+
+- Config:      private_key
+- Env Var:     RCLONE_IMAGEKIT_PRIVATE_KEY
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to imagekit (ImageKit.io).
+
+#### --imagekit-only-signed
+
+If you have configured `Restrict unsigned image URLs` in your dashboard settings, set this to true.
+
+Properties:
+
+- Config:      only_signed
+- Env Var:     RCLONE_IMAGEKIT_ONLY_SIGNED
+- Type:        bool
+- Default:     false
+
+#### --imagekit-versions
+
+Include old versions in directory listings.
+
+Properties:
+
+- Config:      versions
+- Env Var:     RCLONE_IMAGEKIT_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --imagekit-upload-tags
+
+Tags to add to the uploaded files, e.g. &quot;tag1,tag2&quot;.
+
+Properties:
+
+- Config:      upload_tags
+- Env Var:     RCLONE_IMAGEKIT_UPLOAD_TAGS
+- Type:        string
+- Required:    false
+
+#### --imagekit-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_IMAGEKIT_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+Here are the possible system metadata items for the imagekit backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| aws-tags | AI generated tags by AWS Rekognition associated with the image | string | tag1,tag2 | **Y** |
+| btime | Time of file birth (creation) read from Last-Modified header | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+| custom-coordinates | Custom coordinates of the file | string | 0,0,100,100 | **Y** |
+| file-type | Type of the file | string | image | **Y** |
+| google-tags | AI generated tags by Google Cloud Vision associated with the image | string | tag1,tag2 | **Y** |
+| has-alpha | Whether the image has alpha channel or not | bool |  | **Y** |
+| height | Height of the image or video in pixels | int |  | **Y** |
+| is-private-file | Whether the file is private or not | bool |  | **Y** |
+| size | Size of the object in bytes | int64 |  | **Y** |
+| tags | Tags associated with the file | string | tag1,tag2 | **Y** |
+| width | Width of the image or video in pixels | int |  | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Internet Archive
+
+The Internet Archive backend utilizes Items on [archive.org](https://archive.org/)
+
+Refer to [IAS3 API documentation](https://archive.org/services/docs/api/ias3.html) for the API this backend uses.
+
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:item/path/to/dir`.
+
+Unlike S3, listing up all items uploaded by you isn&#39;t supported.
+
+Once you have made a remote, you can use it like this:
+
+Make a new item
+
+    rclone mkdir remote:item
+
+List the contents of a item
+
+    rclone ls remote:item
+
+Sync `/home/local/directory` to the remote item, deleting any excess
+files in the item.
+
+    rclone sync --interactive /home/local/directory remote:item
+
+## Notes
+Because of Internet Archive&#39;s architecture, it enqueues write operations (and extra post-processings) in a per-item queue. You can check item&#39;s queue at https://catalogd.archive.org/history/item-name-here . Because of that, all uploads/deletes will not show up immediately and takes some time to be available.
+The per-item queue is enqueued to an another queue, Item Deriver Queue. [You can check the status of Item Deriver Queue here.](https://catalogd.archive.org/catalog.php?whereami=1) This queue has a limit, and it may block you from uploading, or even deleting. You should avoid uploading a lot of small files for better behavior.
+
+You can optionally wait for the server&#39;s processing to finish, by setting non-zero value to `wait_archive` key.
+By making it wait, rclone can do normal file comparison.
+Make sure to set a large enough value (e.g. `30m0s` for smaller files) as it can take a long time depending on server&#39;s queue.
+
+## About metadata
+This backend supports setting, updating and reading metadata of each file.
+The metadata will appear as file metadata on Internet Archive.
+However, some fields are reserved by both Internet Archive and rclone.
+
+The following are reserved by Internet Archive:
+- `name`
+- `source`
+- `size`
+- `md5`
+- `crc32`
+- `sha1`
+- `format`
+- `old_version`
+- `viruscheck`
+- `summation`
+
+Trying to set values to these keys is ignored with a warning.
+Only setting `mtime` is an exception. Doing so make it the identical behavior as setting ModTime.
+
+rclone reserves all the keys starting with `rclone-`. Setting value for these keys will give you warnings, but values are set according to request.
+
+If there are multiple values for a key, only the first one is returned.
+This is a limitation of rclone, that supports one value per one key.
+It can be triggered when you did a server-side copy.
+
+Reading metadata will also provide custom (non-standard nor reserved) ones.
+
+## Filtering auto generated files
+
+The Internet Archive automatically creates metadata files after
+upload. These can cause problems when doing an `rclone sync` as rclone
+will try, and fail, to delete them. These metadata files are not
+changeable, as they are created by the Internet Archive automatically.
+
+These auto-created files can be excluded from the sync using [metadata
+filtering](https://rclone.org/filtering/#metadata).
+
+    rclone sync ... --metadata-exclude &quot;source=metadata&quot; --metadata-exclude &quot;format=Metadata&quot;
+
+Which excludes from the sync any files which have the
+`source=metadata` or `format=Metadata` flags which are added to
+Internet Archive auto-created files.
+
+## Configuration
+
+Here is an example of making an internetarchive configuration.
+Most applies to the other providers as well, any differences are described [below](#providers).
+
+First run
+
+    rclone config
+
+This will guide you through an interactive setup process.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. XX / InternetArchive Items  (internetarchive) Storage&gt; internetarchive Option access_key_id. IAS3 Access Key. Leave blank for anonymous access. You can find one here: https://archive.org/account/s3.php Enter a value. Press Enter to leave empty. access_key_id&gt; XXXX Option secret_access_key. IAS3 Secret Key (password). Leave blank for anonymous access. Enter a value. Press Enter to leave empty. secret_access_key&gt; XXXX Edit advanced config? y) Yes n) No (default) y/n&gt; y Option endpoint. IAS3 Endpoint. Leave blank for default value. Enter a string value. Press Enter for the default (https://s3.us.archive.org). endpoint&gt; Option front_endpoint. Host of InternetArchive Frontend. Leave blank for default value. Enter a string value. Press Enter for the default (https://archive.org). front_endpoint&gt; Option disable_checksum. Don't store MD5 checksum with object metadata. Normally rclone will calculate the MD5 checksum of the input before uploading it so it can ask the server to check the object against checksum. This is great for data integrity checking but can cause long delays for large files to start uploading. Enter a boolean value (true or false). Press Enter for the default (true). disable_checksum&gt; true Option encoding. The encoding for the backend. See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info. Enter a encoder.MultiEncoder value. Press Enter for the default (Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot). encoding&gt; Edit advanced config? y) Yes n) No (default) y/n&gt; n -------------------- [remote] type = internetarchive access_key_id = XXXX secret_access_key = XXXX -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+
+### Standard options
+
+Here are the Standard options specific to internetarchive (Internet Archive).
+
+#### --internetarchive-access-key-id
+
+IAS3 Access Key.
+
+Leave blank for anonymous access.
+You can find one here: https://archive.org/account/s3.php
+
+Properties:
+
+- Config:      access_key_id
+- Env Var:     RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID
+- Type:        string
+- Required:    false
+
+#### --internetarchive-secret-access-key
+
+IAS3 Secret Key (password).
+
+Leave blank for anonymous access.
+
+Properties:
+
+- Config:      secret_access_key
+- Env Var:     RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to internetarchive (Internet Archive).
+
+#### --internetarchive-endpoint
+
+IAS3 Endpoint.
+
+Leave blank for default value.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_INTERNETARCHIVE_ENDPOINT
+- Type:        string
+- Default:     &quot;https://s3.us.archive.org&quot;
+
+#### --internetarchive-front-endpoint
+
+Host of InternetArchive Frontend.
+
+Leave blank for default value.
+
+Properties:
+
+- Config:      front_endpoint
+- Env Var:     RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT
+- Type:        string
+- Default:     &quot;https://archive.org&quot;
+
+#### --internetarchive-disable-checksum
+
+Don&#39;t ask the server to test against MD5 checksum calculated by rclone.
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can ask the server to check the object against checksum.
+This is great for data integrity checking but can cause long delays for
+large files to start uploading.
+
+Properties:
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     true
+
+#### --internetarchive-wait-archive
+
+Timeout for waiting the server&#39;s processing tasks (specifically archive and book_op) to finish.
+Only enable if you need to be guaranteed to be reflected after write operations.
+0 to disable waiting. No errors to be thrown in case of timeout.
+
+Properties:
+
+- Config:      wait_archive
+- Env Var:     RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE
+- Type:        Duration
+- Default:     0s
+
+#### --internetarchive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_INTERNETARCHIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
+
+### Metadata
+
+Metadata fields provided by Internet Archive.
+If there are multiple values for a key, only the first one is returned.
+This is a limitation of Rclone, that supports one value per one key.
+
+Owner is able to add custom keys. Metadata feature grabs all the keys including them.
+
+Here are the possible system metadata items for the internetarchive backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| crc32 | CRC32 calculated by Internet Archive | string | 01234567 | **Y** |
+| format | Name of format identified by Internet Archive | string | Comma-Separated Values | **Y** |
+| md5 | MD5 hash calculated by Internet Archive | string | 01234567012345670123456701234567 | **Y** |
+| mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | **Y** |
+| name | Full file path, without the bucket part | filename | backend/internetarchive/internetarchive.go | **Y** |
+| old_version | Whether the file was replaced and moved by keep-old-version flag | boolean | true | **Y** |
+| rclone-ia-mtime | Time of last modification, managed by Internet Archive | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+| rclone-mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+| rclone-update-track | Random value used by Rclone for tracking changes inside Internet Archive | string | aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | N |
+| sha1 | SHA1 hash calculated by Internet Archive | string | 0123456701234567012345670123456701234567 | **Y** |
+| size | File size in bytes | decimal number | 123456 | **Y** |
+| source | The source of the file | string | original | **Y** |
+| summation | Check https://forum.rclone.org/t/31922 for how it is used | string | md5 | **Y** |
+| viruscheck | The last time viruscheck process was run for the file (?) | unixtime | 1654191352 | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Jottacloud
+
+Jottacloud is a cloud storage service provider from a Norwegian company, using its own datacenters
+in Norway. In addition to the official service at [jottacloud.com](https://www.jottacloud.com/),
+it also provides white-label solutions to different companies, such as:
+* Telia
+  * Telia Cloud (cloud.telia.se)
+  * Telia Sky (sky.telia.no)
+* Tele2
+  * Tele2 Cloud (mittcloud.tele2.se)
+* Onlime
+  * Onlime Cloud Storage (onlime.dk)
+* Elkjøp (with subsidiaries):
+  * Elkjøp Cloud (cloud.elkjop.no)
+  * Elgiganten Sweden (cloud.elgiganten.se)
+  * Elgiganten Denmark (cloud.elgiganten.dk)
+  * Giganti Cloud  (cloud.gigantti.fi)
+  * ELKO Cloud (cloud.elko.is)
+
+Most of the white-label versions are supported by this backend, although may require different
+authentication setup - described below.
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Authentication types
+
+Some of the whitelabel versions uses a different authentication method than the official service,
+and you have to choose the correct one when setting up the remote.
+
+### Standard authentication
+
+The standard authentication method used by the official service (jottacloud.com), as well as
+some of the whitelabel services, requires you to generate a single-use personal login token
+from the account security settings in the service&#39;s web interface. Log in to your account,
+go to &quot;Settings&quot; and then &quot;Security&quot;, or use the direct link presented to you by rclone when
+configuring the remote: &lt;https://www.jottacloud.com/web/secure&gt;. Scroll down to the section
+&quot;Personal login token&quot;, and click the &quot;Generate&quot; button. Note that if you are using a
+whitelabel service you probably can&#39;t use the direct link, you need to find the same page in
+their dedicated web interface, and also it may be in a different location than described above.
+
+To access your account from multiple instances of rclone, you need to configure each of them
+with a separate personal login token. E.g. you create a Jottacloud remote with rclone in one
+location, and copy the configuration file to a second location where you also want to run
+rclone and access the same remote. Then you need to replace the token for one of them, using
+the [config reconnect](https://rclone.org/commands/rclone_config_reconnect/) command, which
+requires you to generate a new personal login token and supply as input. If you do not
+do this, the token may easily end up being invalidated, resulting in both instances failing
+with an error message something along the lines of:
+
+    oauth2: cannot fetch token: 400 Bad Request
+    Response: {&quot;error&quot;:&quot;invalid_grant&quot;,&quot;error_description&quot;:&quot;Stale token&quot;}
+
+When this happens, you need to replace the token as described above to be able to use your
+remote again.
+
+All personal login tokens you have taken into use will be listed in the web interface under
+&quot;My logged in devices&quot;, and from the right side of that list you can click the &quot;X&quot; button to
+revoke individual tokens.
+
+### Legacy authentication
+
+If you are using one of the whitelabel versions (e.g. from Elkjøp) you may not have the option
+to generate a CLI token. In this case you&#39;ll have to use the legacy authentication. To do this select
+yes when the setup asks for legacy authentication and enter your username and password.
+The rest of the setup is identical to the default setup.
+
+### Telia Cloud authentication
+
+Similar to other whitelabel versions Telia Cloud doesn&#39;t offer the option of creating a CLI token, and
+additionally uses a separate authentication flow where the username is generated internally. To setup
+rclone to use Telia Cloud, choose Telia Cloud authentication in the setup. The rest of the setup is
+identical to the default setup.
+
+### Tele2 Cloud authentication
+
+As Tele2-Com Hem merger was completed this authentication can be used for former Com Hem Cloud and
+Tele2 Cloud customers as no support for creating a CLI token exists, and additionally uses a separate
+authentication flow where the username is generated internally. To setup rclone to use Tele2 Cloud,
+choose Tele2 Cloud authentication in the setup. The rest of the setup is identical to the default setup.
+
+### Onlime Cloud Storage authentication
+
+Onlime has sold access to Jottacloud proper, while providing localized support to Danish Customers, but
+have recently set up their own hosting, transferring their customers from Jottacloud servers to their
+own ones.
+
+This, of course, necessitates using their servers for authentication, but otherwise functionality and
+architecture seems equivalent to Jottacloud.
+
+To setup rclone to use Onlime Cloud Storage, choose Onlime Cloud authentication in the setup. The rest
+of the setup is identical to the default setup.
+
+## Configuration
+
+Here is an example of how to make a remote called `remote` with the default setup.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. [snip] XX / Jottacloud  (jottacloud) [snip] Storage&gt; jottacloud Edit advanced config? y) Yes n) No (default) y/n&gt; n Option config_type. Select authentication type. Choose a number from below, or type in an existing string value. Press Enter for the default (standard). / Standard authentication. 1 | Use this if you're a normal Jottacloud user.  (standard) / Legacy authentication. 2 | This is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.  (legacy) / Telia Cloud authentication. 3 | Use this if you are using Telia Cloud.  (telia) / Tele2 Cloud authentication. 4 | Use this if you are using Tele2 Cloud.  (tele2) / Onlime Cloud authentication. 5 | Use this if you are using Onlime Cloud.  (onlime) config_type&gt; 1 Personal login token. Generate here: https://www.jottacloud.com/web/secure Login Token&gt; <your token here> Use a non-standard device/mountpoint? Choosing no, the default, will let you access the storage used for the archive section of the official Jottacloud client. If you instead want to access the sync or the backup section, for example, you must choose yes. y) Yes n) No (default) y/n&gt; y Option config_device. The device to use. In standard setup the built-in Jotta device is used, which contains predefined mountpoints for archive, sync etc. All other devices are treated as backup devices by the official Jottacloud client. You may create a new by entering a unique name. Choose a number from below, or type in your own string value. Press Enter for the default (DESKTOP-3H31129). 1 &gt; DESKTOP-3H31129 2 &gt; Jotta config_device&gt; 2 Option config_mountpoint. The mountpoint to use for the built-in device Jotta. The standard setup is to use the Archive mountpoint. Most other mountpoints have very limited support in rclone and should generally be avoided. Choose a number from below, or type in an existing string value. Press Enter for the default (Archive). 1 &gt; Archive 2 &gt; Shared 3 &gt; Sync config_mountpoint&gt; 1 -------------------- [remote] type = jottacloud configVersion = 1 client_id = jottacli client_secret = tokenURL = https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token token = {........} username = 2940e57271a93d987d6f8a21 device = Jotta mountpoint = Archive -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Jottacloud
+
+    rclone lsd remote:
+
+List all the files in your Jottacloud
+
+    rclone ls remote:
+
+To copy a local directory to an Jottacloud directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Devices and Mountpoints
+
+The official Jottacloud client registers a device for each computer you install
+it on, and shows them in the backup section of the user interface. For each
+folder you select for backup it will create a mountpoint within this device.
+A built-in device called Jotta is special, and contains mountpoints Archive,
+Sync and some others, used for corresponding features in official clients.
+
+With rclone you&#39;ll want to use the standard Jotta/Archive device/mountpoint in
+most cases. However, you may for example want to access files from the sync or
+backup functionality provided by the official clients, and rclone therefore
+provides the option to select other devices and mountpoints during config.
+
+You are allowed to create new devices and mountpoints. All devices except the
+built-in Jotta device are treated as backup devices by official Jottacloud
+clients, and the mountpoints on them are individual backup sets.
+
+With the built-in Jotta device, only existing, built-in, mountpoints can be
+selected. In addition to the mentioned Archive and Sync, it may contain
+several other mountpoints such as: Latest, Links, Shared and Trash. All of
+these are special mountpoints with a different internal representation than
+the &quot;regular&quot; mountpoints. Rclone will only to a very limited degree support
+them. Generally you should avoid these, unless you know what you are doing.
+
+### --fast-list
+
+This backend supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+Note that the implementation in Jottacloud always uses only a single
+API request to get the entire list, so for large folders this could
+lead to long wait time before the first results are shown.
+
+Note also that with rclone version 1.58 and newer, information about
+[MIME types](https://rclone.org/overview/#mime-type) and metadata item [utime](#metadata)
+are not available when using `--fast-list`.
+
+### Modification times and hashes
+
+Jottacloud allows modification times to be set on objects accurate to 1
+second. These will be used to detect whether objects need syncing or
+not.
+
+Jottacloud supports MD5 type hashes, so you can use the `--checksum`
+flag.
+
+Note that Jottacloud requires the MD5 hash before upload so if the
+source does not have an MD5 checksum then the file will be cached
+temporarily on disk (in location given by
+[--temp-dir](https://rclone.org/docs/#temp-dir-dir)) before it is uploaded.
+Small files will be cached in memory - see the
+[--jottacloud-md5-memory-limit](#jottacloud-md5-memory-limit) flag.
+When uploading from local disk the source checksum is always available,
+so this does not apply. Starting with rclone version 1.52 the same is
+true for encrypted remotes (in older versions the crypt backend would not
+calculate hashes for uploads from local disk, so the Jottacloud
+backend had to do it as described above).
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| &quot;         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| &lt;         | 0x3C  | ＜          |
+| &gt;         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \|        | 0x7C  | ｜          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in XML strings.
+
+### Deleting files
+
+By default, rclone will send all files to the trash when deleting files. They will be permanently
+deleted automatically after 30 days. You may bypass the trash and permanently delete files immediately
+by using the [--jottacloud-hard-delete](#jottacloud-hard-delete) flag, or set the equivalent environment variable.
+Emptying the trash is supported by the [cleanup](https://rclone.org/commands/rclone_cleanup/) command.
+
+### Versions
+
+Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it.
+Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.
+
+Versioning can be disabled by `--jottacloud-no-versions` option. This is achieved by deleting the remote file prior to uploading
+a new version. If the upload the fails no version of the file will be available in the remote.
+
+### Quota information
+
+To view your current quota you can use the `rclone about remote:`
+command which will display your usage limit (unless it is unlimited)
+and the current usage.
+
+
+### Standard options
+
+Here are the Standard options specific to jottacloud (Jottacloud).
+
+#### --jottacloud-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --jottacloud-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to jottacloud (Jottacloud).
+
+#### --jottacloud-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN
+- Type:        string
+- Required:    false
+
+#### --jottacloud-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_JOTTACLOUD_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --jottacloud-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --jottacloud-md5-memory-limit
+
+Files bigger than this will be cached on disk to calculate the MD5 if required.
+
+Properties:
+
+- Config:      md5_memory_limit
+- Env Var:     RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --jottacloud-trashed-only
+
+Only show files that are in the trash.
+
+This will show trashed files in their original directory structure.
+
+Properties:
+
+- Config:      trashed_only
+- Env Var:     RCLONE_JOTTACLOUD_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --jottacloud-hard-delete
+
+Delete files permanently rather than putting them into the trash.
+
+Properties:
+
+- Config:      hard_delete
+- Env Var:     RCLONE_JOTTACLOUD_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+#### --jottacloud-upload-resume-limit
+
+Files bigger than this can be resumed if the upload fail&#39;s.
+
+Properties:
+
+- Config:      upload_resume_limit
+- Env Var:     RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --jottacloud-no-versions
+
+Avoid server side versioning by deleting files and recreating files instead of overwriting them.
+
+Properties:
+
+- Config:      no_versions
+- Env Var:     RCLONE_JOTTACLOUD_NO_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --jottacloud-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_JOTTACLOUD_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
+
+### Metadata
+
+Jottacloud has limited support for metadata, currently an extended set of timestamps.
+
+Here are the possible system metadata items for the jottacloud backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation), read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| content-type | MIME type, also known as media type | string | text/plain | **Y** |
+| mtime | Time of last modification, read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| utime | Time of last upload, when current revision was created, generated by backend | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+## Limitations
+
+Note that Jottacloud is case insensitive so you can&#39;t have a file called
+&quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+There are quite a few characters that can&#39;t be in Jottacloud file names. Rclone will map these names to and from an identical
+looking unicode equivalent. For example if a file has a ? in it will be mapped to ？ instead.
+
+Jottacloud only supports filenames up to 255 characters in length.
+
+## Troubleshooting
+
+Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove
+operations to previously deleted paths to fail. Emptying the trash should help in such cases.
+
+#  Koofr
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for Koofr involves creating an application password for
+rclone. You can do that by opening the Koofr
+[web application](https://app.koofr.net/app/admin/preferences/password),
+giving the password a nice name like `rclone` and clicking on generate.
+
+Here is an example of how to make a remote called `koofr`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; koofr Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. [snip] 22 / Koofr, Digi Storage and other Koofr-compatible storage providers  (koofr) [snip] Storage&gt; koofr Option provider. Choose your storage provider. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / Koofr, https://app.koofr.net/  (koofr) 2 / Digi Storage, https://storage.rcs-rds.ro/  (digistorage) 3 / Any other Koofr API compatible storage service  (other) provider&gt; 1<br />
+Option user. Your user name. Enter a value. user&gt; USERNAME Option password. Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password). Choose an alternative below. y) Yes, type in my own password g) Generate random password y/g&gt; y Enter the password: password: Confirm the password: password: Edit advanced config? y) Yes n) No (default) y/n&gt; n Remote config -------------------- [koofr] type = koofr provider = koofr user = USERNAME password = *** ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+You can choose to edit advanced config in order to enter your own service URL
+if you use an on-premise or white label Koofr instance, or choose an alternative
+mount instead of your primary storage.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Koofr
+
+    rclone lsd koofr:
+
+List all the files in your Koofr
+
+    rclone ls koofr:
+
+To copy a local directory to an Koofr directory called backup
+
+    rclone copy /home/source koofr:backup
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in XML strings.
+
+
+### Standard options
+
+Here are the Standard options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+
+#### --koofr-provider
+
+Choose your storage provider.
+
+Properties:
+
+- Config:      provider
+- Env Var:     RCLONE_KOOFR_PROVIDER
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;koofr&quot;
+        - Koofr, https://app.koofr.net/
+    - &quot;digistorage&quot;
+        - Digi Storage, https://storage.rcs-rds.ro/
+    - &quot;other&quot;
+        - Any other Koofr API compatible storage service
+
+#### --koofr-endpoint
+
+The Koofr API endpoint to use.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_KOOFR_ENDPOINT
+- Provider:    other
+- Type:        string
+- Required:    true
+
+#### --koofr-user
+
+Your user name.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_KOOFR_USER
+- Type:        string
+- Required:    true
+
+#### --koofr-password
+
+Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_KOOFR_PASSWORD
+- Provider:    koofr
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+
+#### --koofr-mountid
+
+Mount ID of the mount to use.
+
+If omitted, the primary mount is used.
+
+Properties:
+
+- Config:      mountid
+- Env Var:     RCLONE_KOOFR_MOUNTID
+- Type:        string
+- Required:    false
+
+#### --koofr-setmtime
+
+Does the backend support setting modification time.
+
+Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.
+
+Properties:
+
+- Config:      setmtime
+- Env Var:     RCLONE_KOOFR_SETMTIME
+- Type:        bool
+- Default:     true
+
+#### --koofr-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_KOOFR_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+Note that Koofr is case insensitive so you can&#39;t have a file called
+&quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+## Providers
+
+### Koofr
+
+This is the original [Koofr](https://koofr.eu) storage provider used as main example and described in the [configuration](#configuration) section above.
+
+### Digi Storage 
+
+[Digi Storage](https://www.digi.ro/servicii/online/digi-storage) is a cloud storage service run by [Digi.ro](https://www.digi.ro/) that
+provides a Koofr API.
+
+Here is an example of how to make a remote called `ds`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; ds Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. [snip] 22 / Koofr, Digi Storage and other Koofr-compatible storage providers  (koofr) [snip] Storage&gt; koofr Option provider. Choose your storage provider. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / Koofr, https://app.koofr.net/  (koofr) 2 / Digi Storage, https://storage.rcs-rds.ro/  (digistorage) 3 / Any other Koofr API compatible storage service  (other) provider&gt; 2 Option user. Your user name. Enter a value. user&gt; USERNAME Option password. Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password). Choose an alternative below. y) Yes, type in my own password g) Generate random password y/g&gt; y Enter the password: password: Confirm the password: password: Edit advanced config? y) Yes n) No (default) y/n&gt; n -------------------- [ds] type = koofr provider = digistorage user = USERNAME password = *** ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+### Other
+
+You may also want to use another, public or private storage provider that runs a Koofr API compatible service, by simply providing the base URL to connect to.
+
+Here is an example of how to make a remote called `other`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; other Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. [snip] 22 / Koofr, Digi Storage and other Koofr-compatible storage providers  (koofr) [snip] Storage&gt; koofr Option provider. Choose your storage provider. Choose a number from below, or type in your own value. Press Enter to leave empty. 1 / Koofr, https://app.koofr.net/  (koofr) 2 / Digi Storage, https://storage.rcs-rds.ro/  (digistorage) 3 / Any other Koofr API compatible storage service  (other) provider&gt; 3 Option endpoint. The Koofr API endpoint to use. Enter a value. endpoint&gt; https://koofr.other.org Option user. Your user name. Enter a value. user&gt; USERNAME Option password. Your password for rclone (generate one at your service's settings page). Choose an alternative below. y) Yes, type in my own password g) Generate random password y/g&gt; y Enter the password: password: Confirm the password: password: Edit advanced config? y) Yes n) No (default) y/n&gt; n -------------------- [other] type = koofr provider = other endpoint = https://koofr.other.org user = USERNAME password = *** ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+#  Linkbox
+
+Linkbox is [a private cloud drive](https://linkbox.to/).
+
+## Configuration
+
+Here is an example of making a remote for Linkbox.
+
+First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n</p>
+<p>Enter name for new remote. name&gt; remote</p>
+<p>Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. XX / Linkbox  (linkbox) Storage&gt; XX</p>
+<p>Option token. Token from https://www.linkbox.to/admin/account Enter a value. token&gt; testFromCLToken</p>
+<p>Configuration complete. Options: - type: linkbox - token: XXXXXXXXXXX Keep this "linkbox" remote? y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+
+### Standard options
+
+Here are the Standard options specific to linkbox (Linkbox).
+
+#### --linkbox-token
+
+Token from https://www.linkbox.to/admin/account
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_LINKBOX_TOKEN
+- Type:        string
+- Required:    true
+
+
+
+## Limitations
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+#  Mail.ru Cloud
+
+[Mail.ru Cloud](https://cloud.mail.ru/) is a cloud storage provided by a Russian internet company [Mail.Ru Group](https://mail.ru). The official desktop client is [Disk-O:](https://disk-o.cloud/en), available on Windows and Mac OS.
+
+## Features highlights
+
+- Paths may be as deep as required, e.g. `remote:directory/subdirectory`
+- Files have a `last modified time` property, directories don&#39;t
+- Deleted files are by default moved to the trash
+- Files and directories can be shared via public links
+- Partial uploads or streaming are not supported, file size must be known before upload
+- Maximum file size is limited to 2G for a free account, unlimited for paid accounts
+- Storage keeps hash for all files and performs transparent deduplication,
+  the hash algorithm is a modified SHA1
+- If a particular file is already present in storage, one can quickly submit file hash
+  instead of long file upload (this optimization is supported by rclone)
+
+## Configuration
+
+Here is an example of making a mailru configuration.
+
+First create a Mail.ru Cloud account and choose a tariff.
+
+You will need to log in and create an app password for rclone. Rclone
+**will not work** with your normal username and password - it will
+give an error like `oauth2: server response missing access_token`.
+
+- Click on your user icon in the top right
+- Go to Security / &quot;Пароль и безопасность&quot;
+- Click password for apps / &quot;Пароли для внешних приложений&quot;
+- Add the password - give it a name - eg &quot;rclone&quot;
+- Copy the password and use this password below - your normal login password won&#39;t work.
+
+Now run
+
+    rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Mail.ru Cloud  "mailru" [snip] Storage&gt; mailru User name (usually email) Enter a string value. Press Enter for the default (""). user&gt; username@mail.ru Password</p>
+<p>This must be an app password - rclone will not work with your normal password. See the Configuration section in the docs for how to make an app password. y) Yes type in my own password g) Generate random password y/g&gt; y Enter the password: password: Confirm the password: password: Skip full upload if there is another file with same data hash. This feature is called "speedup" or "put by hash". It is especially efficient in case of generally available files like popular books, video or audio clips [snip] Enter a boolean value (true or false). Press Enter for the default ("true"). Choose a number from below, or type in your own value 1 / Enable  "true" 2 / Disable  "false" speedup_enable&gt; 1 Edit advanced config? (y/n) y) Yes n) No y/n&gt; n Remote config -------------------- [remote] type = mailru user = username@mail.ru pass = *** ENCRYPTED *** speedup_enable = true -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+Configuration of this backend does not require a local web browser.
+You can use the configured backend as shown below:
+
+See top level directories
+
+    rclone lsd remote:
+
+Make a new directory
+
+    rclone mkdir remote:directory
+
+List the contents of a directory
+
+    rclone ls remote:directory
+
+Sync `/home/local/directory` to the remote path, deleting any
+excess files in the path.
+
+    rclone sync --interactive /home/local/directory remote:directory
+
+### Modification times and hashes
+
+Files support a modification time attribute with up to 1 second precision.
+Directories do not have a modification time, which is shown as &quot;Jan 1 1970&quot;.
+
+File hashes are supported, with a custom Mail.ru algorithm based on SHA1.
+If file size is less than or equal to the SHA1 block size (20 bytes),
+its hash is simply its data right-padded with zero bytes.
+Hashes of a larger file is computed as a SHA1 of the file data
+bytes concatenated with a decimal representation of the data length.
+
+### Emptying Trash
+
+Removing a file or directory actually moves it to the trash, which is not
+visible to rclone but can be seen in a web browser. The trashed file
+still occupies part of total quota. If you wish to empty your trash
+and free some quota, you can use the `rclone cleanup remote:` command,
+which will permanently delete all your trashed files.
+This command does not take any path arguments.
+
+### Quota information
+
+To view your current quota you can use the `rclone about remote:`
+command which will display your usage limit (quota) and the current usage.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| &quot;         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| &lt;         | 0x3C  | ＜          |
+| &gt;         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \         | 0x5C  | ＼          |
+| \|        | 0x7C  | ｜          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to mailru (Mail.ru Cloud).
+
+#### --mailru-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_MAILRU_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --mailru-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_MAILRU_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --mailru-user
+
+User name (usually email).
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_MAILRU_USER
+- Type:        string
+- Required:    true
+
+#### --mailru-pass
+
+Password.
+
+This must be an app password - rclone will not work with your normal
+password. See the Configuration section in the docs for how to make an
+app password.
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_MAILRU_PASS
+- Type:        string
+- Required:    true
+
+#### --mailru-speedup-enable
+
+Skip full upload if there is another file with same data hash.
+
+This feature is called &quot;speedup&quot; or &quot;put by hash&quot;. It is especially efficient
+in case of generally available files like popular books, video or audio clips,
+because files are searched by hash in all accounts of all mailru users.
+It is meaningless and ineffective if source file is unique or encrypted.
+Please note that rclone may need local memory and disk space to calculate
+content hash in advance and decide whether full upload is required.
+Also, if rclone does not know file size in advance (e.g. in case of
+streaming or partial uploads), it will not even try this optimization.
+
+Properties:
+
+- Config:      speedup_enable
+- Env Var:     RCLONE_MAILRU_SPEEDUP_ENABLE
+- Type:        bool
+- Default:     true
+- Examples:
+    - &quot;true&quot;
+        - Enable
+    - &quot;false&quot;
+        - Disable
+
+### Advanced options
+
+Here are the Advanced options specific to mailru (Mail.ru Cloud).
+
+#### --mailru-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_MAILRU_TOKEN
+- Type:        string
+- Required:    false
+
+#### --mailru-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_MAILRU_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --mailru-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_MAILRU_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --mailru-speedup-file-patterns
+
+Comma separated list of file name patterns eligible for speedup (put by hash).
+
+Patterns are case insensitive and can contain &#39;*&#39; or &#39;?&#39; meta characters.
+
+Properties:
+
+- Config:      speedup_file_patterns
+- Env Var:     RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS
+- Type:        string
+- Default:     &quot;*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf&quot;
+- Examples:
+    - &quot;&quot;
+        - Empty list completely disables speedup (put by hash).
+    - &quot;*&quot;
+        - All files will be attempted for speedup.
+    - &quot;*.mkv,*.avi,*.mp4,*.mp3&quot;
+        - Only common audio/video files will be tried for put by hash.
+    - &quot;*.zip,*.gz,*.rar,*.pdf&quot;
+        - Only common archives or PDF books will be tried for speedup.
+
+#### --mailru-speedup-max-disk
+
+This option allows you to disable speedup (put by hash) for large files.
+
+Reason is that preliminary hashing can exhaust your RAM or disk space.
+
+Properties:
+
+- Config:      speedup_max_disk
+- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_DISK
+- Type:        SizeSuffix
+- Default:     3Gi
+- Examples:
+    - &quot;0&quot;
+        - Completely disable speedup (put by hash).
+    - &quot;1G&quot;
+        - Files larger than 1Gb will be uploaded directly.
+    - &quot;3G&quot;
+        - Choose this option if you have less than 3Gb free on local disk.
+
+#### --mailru-speedup-max-memory
+
+Files larger than the size given below will always be hashed on disk.
+
+Properties:
+
+- Config:      speedup_max_memory
+- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_MEMORY
+- Type:        SizeSuffix
+- Default:     32Mi
+- Examples:
+    - &quot;0&quot;
+        - Preliminary hashing will always be done in a temporary disk location.
+    - &quot;32M&quot;
+        - Do not dedicate more than 32Mb RAM for preliminary hashing.
+    - &quot;256M&quot;
+        - You have at most 256Mb RAM free for hash calculations.
+
+#### --mailru-check-hash
+
+What should copy do if file checksum is mismatched or invalid.
+
+Properties:
+
+- Config:      check_hash
+- Env Var:     RCLONE_MAILRU_CHECK_HASH
+- Type:        bool
+- Default:     true
+- Examples:
+    - &quot;true&quot;
+        - Fail with error.
+    - &quot;false&quot;
+        - Ignore and continue.
+
+#### --mailru-user-agent
+
+HTTP user agent used internally by client.
+
+Defaults to &quot;rclone/VERSION&quot; or &quot;--user-agent&quot; provided on command line.
+
+Properties:
+
+- Config:      user_agent
+- Env Var:     RCLONE_MAILRU_USER_AGENT
+- Type:        string
+- Required:    false
+
+#### --mailru-quirks
+
+Comma separated list of internal maintenance flags.
+
+This option must not be used by an ordinary user. It is intended only to
+facilitate remote troubleshooting of backend issues. Strict meaning of
+flags is not documented and not guaranteed to persist between releases.
+Quirks will be removed when the backend grows stable.
+Supported quirks: atomicmkdir binlist unknowndirs
+
+Properties:
+
+- Config:      quirks
+- Env Var:     RCLONE_MAILRU_QUIRKS
+- Type:        string
+- Required:    false
+
+#### --mailru-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_MAILRU_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+File size limits depend on your account. A single file size is limited by 2G
+for a free account and unlimited for paid tariffs. Please refer to the Mail.ru
+site for the total uploaded size limits.
+
+Note that Mailru is case insensitive so you can&#39;t have a file called
+&quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+#  Mega
+
+[Mega](https://mega.nz/) is a cloud storage and file hosting service
+known for its security feature where all files are encrypted locally
+before they are uploaded. This prevents anyone (including employees of
+Mega) from accessing the files without knowledge of the key used for
+encryption.
+
+This is an rclone backend for Mega which supports the file transfer
+features of Mega using the same client side encryption.
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Mega  "mega" [snip] Storage&gt; mega User name user&gt; you@example.com Password. y) Yes type in my own password g) Generate random password n) No leave this optional password blank y/g/n&gt; y Enter the password: password: Confirm the password: password: Remote config -------------------- [remote] type = mega user = you@example.com pass = *** ENCRYPTED *** -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+**NOTE:** The encryption keys need to have been already generated after a regular login
+via the browser, otherwise attempting to use the credentials in `rclone` will fail.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Mega
+
+    rclone lsd remote:
+
+List all the files in your Mega
+
+    rclone ls remote:
+
+To copy a local directory to an Mega directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Mega does not support modification times or hashes yet.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Duplicated files
+
+Mega can have two files with exactly the same name and path (unlike a
+normal file system).
+
+Duplicated files cause problems with the syncing and you will see
+messages in the log about duplicates.
+
+Use `rclone dedupe` to fix duplicated files.
+
+### Failure to log-in
+
+#### Object not found
+
+If you are connecting to your Mega remote for the first time, 
+to test access and synchronization, you may receive an error such as 
+</code></pre>
+<p>Failed to create file system for "my-mega-remote:": couldn't login: Object (typically, node or user) not found</p>
+<pre><code>
+The diagnostic steps often recommended in the [rclone forum](https://forum.rclone.org/search?q=mega)
+start with the **MEGAcmd** utility. Note that this refers to 
+the official C++ command from https://github.com/meganz/MEGAcmd 
+and not the go language built command from t3rm1n4l/megacmd 
+that is no longer maintained. 
+
+Follow the instructions for installing MEGAcmd and try accessing 
+your remote as they recommend. You can establish whether or not 
+you can log in using MEGAcmd, and obtain diagnostic information 
+to help you, and search or work with others in the forum. 
+</code></pre>
+<p>MEGA CMD&gt; login me@example.com Password: Fetching nodes ... Loading transfers from local cache Login complete as me@example.com me@example.com:/$</p>
+<pre><code>
+Note that some have found issues with passwords containing special 
+characters. If you can not log on with rclone, but MEGAcmd logs on 
+just fine, then consider changing your password temporarily to 
+pure alphanumeric characters, in case that helps.
+
+
+#### Repeated commands blocks access
+
+Mega remotes seem to get blocked (reject logins) under &quot;heavy use&quot;.
+We haven&#39;t worked out the exact blocking rules but it seems to be
+related to fast paced, successive rclone commands.
+
+For example, executing this command 90 times in a row `rclone link
+remote:file` will cause the remote to become &quot;blocked&quot;. This is not an
+abnormal situation, for example if you wish to get the public links of
+a directory with hundred of files...  After more or less a week, the
+remote will remote accept rclone logins normally again.
+
+You can mitigate this issue by mounting the remote it with `rclone
+mount`. This will log-in when mounting and a log-out when unmounting
+only. You can also run `rclone rcd` and then use `rclone rc` to run
+the commands over the API to avoid logging in each time.
+
+Rclone does not currently close mega sessions (you can see them in the
+web interface), however closing the sessions does not solve the issue.
+
+If you space rclone commands by 3 seconds it will avoid blocking the
+remote. We haven&#39;t identified the exact blocking rules, so perhaps one
+could execute the command 80 times without waiting and avoid blocking
+by waiting 3 seconds, then continuing...
+
+Note that this has been observed by trial and error and might not be
+set in stone.
+
+Other tools seem not to produce this blocking effect, as they use a
+different working approach (state-based, using sessionIDs instead of
+log-in) which isn&#39;t compatible with the current stateless rclone
+approach.
+
+Note that once blocked, the use of other tools (such as megacmd) is
+not a sure workaround: following megacmd login times have been
+observed in succession for blocked remote: 7 minutes, 20 min, 30min, 30
+min, 30min. Web access looks unaffected though.
+
+Investigation is continuing in relation to workarounds based on
+timeouts, pacers, retrials and tpslimits - if you discover something
+relevant, please post on the forum.
+
+So, if rclone was working nicely and suddenly you are unable to log-in
+and you are sure the user and the password are correct, likely you
+have got the remote blocked for a while.
+
+
+### Standard options
+
+Here are the Standard options specific to mega (Mega).
+
+#### --mega-user
+
+User name.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_MEGA_USER
+- Type:        string
+- Required:    true
+
+#### --mega-pass
+
+Password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_MEGA_PASS
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to mega (Mega).
+
+#### --mega-debug
+
+Output more debug from Mega.
+
+If this flag is set (along with -vv) it will print further debugging
+information from the mega backend.
+
+Properties:
+
+- Config:      debug
+- Env Var:     RCLONE_MEGA_DEBUG
+- Type:        bool
+- Default:     false
+
+#### --mega-hard-delete
+
+Delete files permanently rather than putting them into the trash.
+
+Normally the mega backend will put all deletions into the trash rather
+than permanently deleting them.  If you specify this then rclone will
+permanently delete objects instead.
+
+Properties:
+
+- Config:      hard_delete
+- Env Var:     RCLONE_MEGA_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+#### --mega-use-https
+
+Use HTTPS for transfers.
+
+MEGA uses plain text HTTP connections by default.
+Some ISPs throttle HTTP connections, this causes transfers to become very slow.
+Enabling this will force MEGA to use HTTPS for all transfers.
+HTTPS is normally not necessary since all data is already encrypted anyway.
+Enabling it will increase CPU usage and add network overhead.
+
+Properties:
+
+- Config:      use_https
+- Env Var:     RCLONE_MEGA_USE_HTTPS
+- Type:        bool
+- Default:     false
+
+#### --mega-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_MEGA_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8,Dot
+
+
+
+### Process `killed`
+
+On accounts with large files or something else, memory usage can significantly increase when executing list/sync instructions. When running on cloud providers (like AWS with EC2), check if the instance type has sufficient memory/CPU to execute the commands. Use the resource monitoring tools to inspect after sending the commands. Look [at this issue](https://forum.rclone.org/t/rclone-with-mega-appears-to-work-only-in-some-accounts/40233/4).
+
+## Limitations
+
+This backend uses the [go-mega go library](https://github.com/t3rm1n4l/go-mega) which is an opensource
+go library implementing the Mega API. There doesn&#39;t appear to be any
+documentation for the mega protocol beyond the [mega C++ SDK](https://github.com/meganz/sdk) source code
+so there are likely quite a few errors still remaining in this library.
+
+Mega allows duplicate files which may confuse rclone.
+
+#  Memory
+
+The memory backend is an in RAM backend. It does not persist its
+data - use the local backend for that.
+
+The memory backend behaves like a bucket-based remote (e.g. like
+s3). Because it has no parameters you can just use it with the
+`:memory:` remote name.
+
+## Configuration
+
+You can configure it as a remote like this with `rclone config` too if
+you want to:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Memory  "memory" [snip] Storage&gt; memory ** See help for memory backend at: https://rclone.org/memory/ **</p>
+<p>Remote config</p>
 <table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td>NUL</td>
-<td style="text-align: center;">0x00</td>
-<td style="text-align: center;">␀</td>
+<td style="text-align: left;">[remote]</td>
 </tr>
 <tr class="even">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
+<td style="text-align: left;">type = memory</td>
 </tr>
 </tbody>
 </table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-33">Standard options</h3>
-<p>Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).</p>
-<h4 id="swift-env-auth">--swift-env-auth</h4>
-<p>Get swift credentials from environment variables in standard OpenStack form.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: env_auth</li>
-<li>Env Var: RCLONE_SWIFT_ENV_AUTH</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-<li>Examples:
-<ul>
-<li>"false"
-<ul>
-<li>Enter swift credentials in the next step.</li>
-</ul></li>
-<li>"true"
-<ul>
-<li>Get swift credentials from environment vars.</li>
-<li>Leave other fields blank if using this.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="swift-user">--swift-user</h4>
-<p>User name to log in (OS_USERNAME).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user</li>
-<li>Env Var: RCLONE_SWIFT_USER</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-key">--swift-key</h4>
-<p>API key or password (OS_PASSWORD).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: key</li>
-<li>Env Var: RCLONE_SWIFT_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-auth">--swift-auth</h4>
-<p>Authentication URL for server (OS_AUTH_URL).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth</li>
-<li>Env Var: RCLONE_SWIFT_AUTH</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"https://auth.api.rackspacecloud.com/v1.0"
-<ul>
-<li>Rackspace US</li>
-</ul></li>
-<li>"https://lon.auth.api.rackspacecloud.com/v1.0"
-<ul>
-<li>Rackspace UK</li>
-</ul></li>
-<li>"https://identity.api.rackspacecloud.com/v2.0"
-<ul>
-<li>Rackspace v2</li>
-</ul></li>
-<li>"https://auth.storage.memset.com/v1.0"
-<ul>
-<li>Memset Memstore UK</li>
-</ul></li>
-<li>"https://auth.storage.memset.com/v2.0"
-<ul>
-<li>Memset Memstore UK v2</li>
-</ul></li>
-<li>"https://auth.cloud.ovh.net/v3"
-<ul>
-<li>OVH</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="swift-user-id">--swift-user-id</h4>
-<p>User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user_id</li>
-<li>Env Var: RCLONE_SWIFT_USER_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-domain">--swift-domain</h4>
-<p>User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)</p>
-<p>Properties:</p>
-<ul>
-<li>Config: domain</li>
-<li>Env Var: RCLONE_SWIFT_DOMAIN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-tenant">--swift-tenant</h4>
-<p>Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tenant</li>
-<li>Env Var: RCLONE_SWIFT_TENANT</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-tenant-id">--swift-tenant-id</h4>
-<p>Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tenant_id</li>
-<li>Env Var: RCLONE_SWIFT_TENANT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-tenant-domain">--swift-tenant-domain</h4>
-<p>Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: tenant_domain</li>
-<li>Env Var: RCLONE_SWIFT_TENANT_DOMAIN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-region">--swift-region</h4>
-<p>Region name - optional (OS_REGION_NAME).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_SWIFT_REGION</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-storage-url">--swift-storage-url</h4>
-<p>Storage URL - optional (OS_STORAGE_URL).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_url</li>
-<li>Env Var: RCLONE_SWIFT_STORAGE_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-auth-token">--swift-auth-token</h4>
-<p>Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_token</li>
-<li>Env Var: RCLONE_SWIFT_AUTH_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-application-credential-id">--swift-application-credential-id</h4>
-<p>Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: application_credential_id</li>
-<li>Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-application-credential-name">--swift-application-credential-name</h4>
-<p>Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: application_credential_name</li>
-<li>Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_NAME</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-application-credential-secret">--swift-application-credential-secret</h4>
-<p>Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: application_credential_secret</li>
-<li>Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="swift-auth-version">--swift-auth-version</h4>
-<p>AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_version</li>
-<li>Env Var: RCLONE_SWIFT_AUTH_VERSION</li>
-<li>Type: int</li>
-<li>Default: 0</li>
-</ul>
-<h4 id="swift-endpoint-type">--swift-endpoint-type</h4>
-<p>Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: endpoint_type</li>
-<li>Env Var: RCLONE_SWIFT_ENDPOINT_TYPE</li>
-<li>Type: string</li>
-<li>Default: "public"</li>
-<li>Examples:
-<ul>
-<li>"public"
-<ul>
-<li>Public (default, choose this if not sure)</li>
-</ul></li>
-<li>"internal"
-<ul>
-<li>Internal (use internal service net)</li>
-</ul></li>
-<li>"admin"
-<ul>
-<li>Admin</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="swift-storage-policy">--swift-storage-policy</h4>
-<p>The storage policy to use when creating a new container.</p>
-<p>This applies the specified storage policy when creating a new container. The policy cannot be changed afterwards. The allowed configuration values and their meaning depend on your Swift storage provider.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: storage_policy</li>
-<li>Env Var: RCLONE_SWIFT_STORAGE_POLICY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>""
-<ul>
-<li>Default</li>
-</ul></li>
-<li>"pcs"
-<ul>
-<li>OVH Public Cloud Storage</li>
-</ul></li>
-<li>"pca"
-<ul>
-<li>OVH Public Cloud Archive</li>
-</ul></li>
-</ul></li>
-</ul>
-<h3 id="advanced-options-32">Advanced options</h3>
-<p>Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).</p>
-<h4 id="swift-leave-parts-on-error">--swift-leave-parts-on-error</h4>
-<p>If true avoid calling abort upload on a failure.</p>
-<p>It should be set to true for resuming uploads across different sessions.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: leave_parts_on_error</li>
-<li>Env Var: RCLONE_SWIFT_LEAVE_PARTS_ON_ERROR</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="swift-chunk-size">--swift-chunk-size</h4>
-<p>Above this size files will be chunked into a _segments container.</p>
-<p>Above this size files will be chunked into a _segments container. The default for this is 5 GiB which is its maximum value.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: chunk_size</li>
-<li>Env Var: RCLONE_SWIFT_CHUNK_SIZE</li>
-<li>Type: SizeSuffix</li>
-<li>Default: 5Gi</li>
-</ul>
-<h4 id="swift-no-chunk">--swift-no-chunk</h4>
-<p>Don't chunk files during streaming upload.</p>
-<p>When doing streaming uploads (e.g. using rcat or mount) setting this flag will cause the swift backend to not upload chunked files.</p>
-<p>This will limit the maximum upload size to 5 GiB. However non chunked files are easier to deal with and have an MD5SUM.</p>
-<p>Rclone will still chunk files bigger than chunk_size when doing normal copy operations.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_chunk</li>
-<li>Env Var: RCLONE_SWIFT_NO_CHUNK</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="swift-no-large-objects">--swift-no-large-objects</h4>
-<p>Disable support for static and dynamic large objects</p>
-<p>Swift cannot transparently store files bigger than 5 GiB. There are two schemes for doing that, static or dynamic large objects, and the API does not allow rclone to determine whether a file is a static or dynamic large object without doing a HEAD on the object. Since these need to be treated differently, this means rclone has to issue HEAD requests for objects for example when reading checksums.</p>
-<p>When <code>no_large_objects</code> is set, rclone will assume that there are no static or dynamic large objects stored. This means it can stop doing the extra HEAD calls which in turn increases performance greatly especially when doing a swift to swift transfer with <code>--checksum</code> set.</p>
-<p>Setting this option implies <code>no_chunk</code> and also that no files will be uploaded in chunks, so files bigger than 5 GiB will just fail on upload.</p>
-<p>If you set this option and there <em>are</em> static or dynamic large objects, then this will give incorrect hashes for them. Downloads will succeed, but other operations such as Remove and Copy will fail.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: no_large_objects</li>
-<li>Env Var: RCLONE_SWIFT_NO_LARGE_OBJECTS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="swift-encoding">--swift-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
+<ol start="25" type="a">
+<li>Yes this is OK (default)</li>
+<li>Edit this remote</li>
+<li>Delete this remote y/e/d&gt; y</li>
+</ol>
+<pre><code>
+Because the memory backend isn&#39;t persistent it is most useful for
+testing or with an rclone server or rclone mount, e.g.
+
+    rclone mount :memory: /mnt/tmp
+    rclone serve webdav :memory:
+    rclone serve sftp :memory:
+
+### Modification times and hashes
+
+The memory backend supports MD5 hashes and modification times accurate to 1 nS.
+
+### Restricted filename characters
+
+The memory backend replaces the [default restricted characters
+set](https://rclone.org/overview/#restricted-characters).
+
+
+
+
+#  Akamai NetStorage
+
+Paths are specified as `remote:`
+You may put subdirectories in too, e.g. `remote:/path/to/dir`.
+If you have a CP code you can use that as the folder after the domain such as \&lt;domain&gt;\/\&lt;cpcode&gt;\/\&lt;internal directories within cpcode&gt;.
+
+For example, this is commonly configured with or without a CP code:
+* **With a CP code**. `[your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/`
+* **Without a CP code**. `[your-domain-prefix]-nsu.akamaihd.net`
+
+
+See all buckets
+   rclone lsd remote:
+The initial setup for Netstorage involves getting an account and secret. Use `rclone config` to walk you through the setup process.
+
+## Configuration
+
+Here&#39;s an example of how to make a remote called `ns1`.
+
+1. To begin the interactive configuration process, enter this command:
+</code></pre>
+<p>rclone config</p>
+<pre><code>
+2. Type `n` to create a new remote.
+</code></pre>
+<ol start="14" type="a">
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Quit config e/n/d/q&gt; n</li>
+</ol>
+<pre><code>
+3. For this example, enter `ns1` when you reach the name&gt; prompt.
+</code></pre>
+<p>name&gt; ns1</p>
+<pre><code>
+4. Enter `netstorage` as the type of storage to configure.
+</code></pre>
+<p>Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value XX / NetStorage  "netstorage" Storage&gt; netstorage</p>
+<pre><code>
+5. Select between the HTTP or HTTPS protocol. Most users should choose HTTPS, which is the default. HTTP is provided primarily for debugging purposes.
+
+</code></pre>
+<p>Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / HTTP protocol  "http" 2 / HTTPS protocol  "https" protocol&gt; 1</p>
+<pre><code>
+6. Specify your NetStorage host, CP code, and any necessary content paths using this format: `&lt;domain&gt;/&lt;cpcode&gt;/&lt;content&gt;/`
+</code></pre>
+<p>Enter a string value. Press Enter for the default (""). host&gt; baseball-nsu.akamaihd.net/123456/content/</p>
+<pre><code>
+7. Set the netstorage account name</code></pre>
+<p>Enter a string value. Press Enter for the default (""). account&gt; username</p>
+<pre><code>
+8. Set the Netstorage account secret/G2O key which will be used for authentication purposes. Select the `y` option to set your own password then enter your secret.
+Note: The secret is stored in the `rclone.conf` file with hex-encoded encryption.
+</code></pre>
+<ol start="25" type="a">
+<li>Yes type in my own password</li>
+<li>Generate random password y/g&gt; y Enter the password: password: Confirm the password: password:</li>
+</ol>
+<pre><code>
+9. View the summary and confirm your remote configuration.
+</code></pre>
+<p>[ns1] type = netstorage protocol = http host = baseball-nsu.akamaihd.net/123456/content/ account = username secret = *** ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+This remote is called `ns1` and can now be used.
+
+## Example operations
+
+Get started with rclone and NetStorage with these examples. For additional rclone commands, visit https://rclone.org/commands/.
+
+### See contents of a directory in your project
+
+    rclone lsd ns1:/974012/testing/
+
+### Sync the contents local with remote
+
+    rclone sync . ns1:/974012/testing/
+
+### Upload local content to remote
+    rclone copy notes.txt ns1:/974012/testing/
+
+### Delete content on remote
+    rclone delete ns1:/974012/testing/notes.txt
+
+### Move or copy content between CP codes.
+
+Your credentials must have access to two CP codes on the same remote. You can&#39;t perform operations between different remotes.
+
+    rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/
+
+## Features
+
+### Symlink Support
+
+The Netstorage backend changes the rclone `--links, -l` behavior. When uploading, instead of creating the .rclonelink file, use the &quot;symlink&quot; API in order to create the corresponding symlink on the remote. The .rclonelink file will not be created, the upload will be intercepted and only the symlink file that matches the source file name with no suffix will be created on the remote.
+
+This will effectively allow commands like copy/copyto, move/moveto and sync to upload from local to remote and download from remote to local directories with symlinks. Due to internal rclone limitations, it is not possible to upload an individual symlink file to any remote backend. You can always use the &quot;backend symlink&quot; command to create a symlink on the NetStorage server, refer to &quot;symlink&quot; section below.
+
+Individual symlink files on the remote can be used with the commands like &quot;cat&quot; to print the destination name, or &quot;delete&quot; to delete symlink, or copy, copy/to and move/moveto to download from the remote to local. Note: individual symlink files on the remote should be specified including the suffix .rclonelink.
+
+**Note**: No file with the suffix .rclonelink should ever exist on the server since it is not possible to actually upload/create a file with .rclonelink suffix with rclone, it can only exist if it is manually created through a non-rclone method on the remote.
+
+### Implicit vs. Explicit Directories
+
+With NetStorage, directories can exist in one of two forms:
+
+1. **Explicit Directory**. This is an actual, physical directory that you have created in a storage group.
+2. **Implicit Directory**. This refers to a directory within a path that has not been physically created. For example, during upload of a file, nonexistent subdirectories can be specified in the target path. NetStorage creates these as &quot;implicit.&quot; While the directories aren&#39;t physically created, they exist implicitly and the noted path is connected with the uploaded file.
+
+Rclone will intercept all file uploads and mkdir commands for the NetStorage remote and will explicitly issue the mkdir command for each directory in the uploading path. This will help with the interoperability with the other Akamai services such as SFTP and the Content Management Shell (CMShell). Rclone will not guarantee correctness of operations with implicit directories which might have been created as a result of using an upload API directly.
+
+### `--fast-list` / ListR support
+
+NetStorage remote supports the ListR feature by using the &quot;list&quot; NetStorage API action to return a lexicographical list of all objects within the specified CP code, recursing into subdirectories as they&#39;re encountered.
+
+* **Rclone will use the ListR method for some commands by default**. Commands such as `lsf -R` will use ListR by default. To disable this, include the `--disable listR` option to use the non-recursive method of listing objects.
+
+* **Rclone will not use the ListR method for some commands**. Commands such as `sync` don&#39;t use ListR by default. To force using the ListR method, include the  `--fast-list` option.
+
+There are pros and cons of using the ListR method, refer to [rclone documentation](https://rclone.org/docs/#fast-list). In general, the sync command over an existing deep tree on the remote will run faster with the &quot;--fast-list&quot; flag but with extra memory usage as a side effect. It might also result in higher CPU utilization but the whole task can be completed faster.
+
+**Note**: There is a known limitation that &quot;lsf -R&quot; will display number of files in the directory and directory size as -1 when ListR method is used. The workaround is to pass &quot;--disable listR&quot; flag if these numbers are important in the output.
+
+### Purge
+
+NetStorage remote supports the purge feature by using the &quot;quick-delete&quot; NetStorage API action. The quick-delete action is disabled by default for security reasons and can be enabled for the account through the Akamai portal. Rclone will first try to use quick-delete action for the purge command and if this functionality is disabled then will fall back to a standard delete method.
+
+**Note**: Read the [NetStorage Usage API](https://learn.akamai.com/en-us/webhelp/netstorage/netstorage-http-api-developer-guide/GUID-15836617-9F50-405A-833C-EA2556756A30.html) for considerations when using &quot;quick-delete&quot;. In general, using quick-delete method will not delete the tree immediately and objects targeted for quick-delete may still be accessible.
+
+
+### Standard options
+
+Here are the Standard options specific to netstorage (Akamai NetStorage).
+
+#### --netstorage-host
+
+Domain+path of NetStorage host to connect to.
+
+Format should be `&lt;domain&gt;/&lt;internal folders&gt;`
+
+Properties:
+
+- Config:      host
+- Env Var:     RCLONE_NETSTORAGE_HOST
+- Type:        string
+- Required:    true
+
+#### --netstorage-account
+
+Set the NetStorage account name
+
+Properties:
+
+- Config:      account
+- Env Var:     RCLONE_NETSTORAGE_ACCOUNT
+- Type:        string
+- Required:    true
+
+#### --netstorage-secret
+
+Set the NetStorage account secret/G2O key for authentication.
+
+Please choose the &#39;y&#39; option to set your own password then enter your secret.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      secret
+- Env Var:     RCLONE_NETSTORAGE_SECRET
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to netstorage (Akamai NetStorage).
+
+#### --netstorage-protocol
+
+Select between HTTP or HTTPS protocol.
+
+Most users should choose HTTPS, which is the default.
+HTTP is provided primarily for debugging purposes.
+
+Properties:
+
+- Config:      protocol
+- Env Var:     RCLONE_NETSTORAGE_PROTOCOL
+- Type:        string
+- Default:     &quot;https&quot;
+- Examples:
+    - &quot;http&quot;
+        - HTTP protocol
+    - &quot;https&quot;
+        - HTTPS protocol
+
+## Backend commands
+
+Here are the commands specific to the netstorage backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### du
+
+Return disk usage information for a specified directory
+
+    rclone backend du remote: [options] [&lt;arguments&gt;+]
+
+The usage information returned, includes the targeted directory as well as all
+files stored in any sub-directories that may exist.
+
+### symlink
+
+You can create a symbolic link in ObjectStore with the symlink action.
+
+    rclone backend symlink remote: [options] [&lt;arguments&gt;+]
+
+The desired path location (including applicable sub-directories) ending in
+the object that will be the target of the symlink (for example, /links/mylink).
+Include the file extension for the object, if applicable.
+`rclone backend symlink &lt;src&gt; &lt;path&gt;`
+
+
+
+#  Microsoft Azure Blob Storage
+
+Paths are specified as `remote:container` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g.
+`remote:container/path/to/dir`.
+
+## Configuration
+
+Here is an example of making a Microsoft Azure Blob Storage
+configuration.  For a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Microsoft Azure Blob Storage  "azureblob" [snip] Storage&gt; azureblob Storage Account Name account&gt; account_name Storage Account Key key&gt; base64encodedkey== Endpoint for the service - leave blank normally. endpoint&gt; Remote config -------------------- [remote] account = account_name key = base64encodedkey== endpoint = -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+See all containers
+
+    rclone lsd remote:
+
+Make a new container
+
+    rclone mkdir remote:container
+
+List the contents of a container
+
+    rclone ls remote:container
+
+Sync `/home/local/directory` to the remote container, deleting any excess
+files in the container.
+
+    rclone sync --interactive /home/local/directory remote:container
+
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Modification times and hashes
+
+The modification time is stored as metadata on the object with the
+`mtime` key.  It is stored using RFC3339 Format time with nanosecond
+precision.  The metadata is supplied during directory listings so
+there is no performance overhead to using it.
+
+If you wish to use the Azure standard `LastModified` time stored on
+the object as the modified time, then use the `--use-server-modtime`
+flag. Note that rclone can&#39;t set `LastModified`, so using the
+`--update` flag when syncing is recommended if using
+`--use-server-modtime`.
+
+MD5 hashes are stored with blobs. However blobs that were uploaded in
+chunks only have an MD5 if the source remote was capable of MD5
+hashes, e.g. the local disk.
+
+### Performance
+
+When uploading large files, increasing the value of
+`--azureblob-upload-concurrency` will increase performance at the cost
+of using more memory. The default of 16 is set quite conservatively to
+use less memory. It maybe be necessary raise it to 64 or higher to
+fully utilize a 1 GBit/s link with a single file transfer.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| /         | 0x2F  | ／           |
+| \         | 0x5C  | ＼           |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| .         | 0x2E  | ．          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Authentication {#authentication}
+
+There are a number of ways of supplying credentials for Azure Blob
+Storage. Rclone tries them in the order of the sections below.
+
+#### Env Auth
+
+If the `env_auth` config parameter is `true` then rclone will pull
+credentials from the environment or runtime.
+
+It tries these authentication methods in this order:
+
+1. Environment Variables
+2. Managed Service Identity Credentials
+3. Azure CLI credentials (as used by the az tool)
+
+These are described in the following sections
+
+##### Env Auth: 1. Environment Variables
+
+If `env_auth` is set and environment variables are present rclone
+authenticates a service principal with a secret or certificate, or a
+user with a password, depending on which environment variable are set.
+It reads configuration from these variables, in the following order:
+
+1. Service principal with client secret
+    - `AZURE_TENANT_ID`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+    - `AZURE_CLIENT_ID`: the service principal&#39;s client ID
+    - `AZURE_CLIENT_SECRET`: one of the service principal&#39;s client secrets
+2. Service principal with certificate
+    - `AZURE_TENANT_ID`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+    - `AZURE_CLIENT_ID`: the service principal&#39;s client ID
+    - `AZURE_CLIENT_CERTIFICATE_PATH`: path to a PEM or PKCS12 certificate file including the private key.
+    - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+    - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to &quot;true&quot; or &quot;1&quot;, authentication requests include the x5c header.
+3. User with username and password
+    - `AZURE_TENANT_ID`: (optional) tenant to authenticate in. Defaults to &quot;organizations&quot;.
+    - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
+    - `AZURE_USERNAME`: a username (usually an email address)
+    - `AZURE_PASSWORD`: the user&#39;s password
+4. Workload Identity
+    - `AZURE_TENANT_ID`: Tenant to authenticate in.
+    - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+    - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+    - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
+
+##### Env Auth: 2. Managed Service Identity Credentials
+
+When using Managed Service Identity if the VM(SS) on which this
+program is running has a system-assigned identity, it will be used by
+default. If the resource has no system-assigned but exactly one
+user-assigned identity, the user-assigned identity will be used by
+default.
+
+If the resource has multiple user-assigned identities you will need to
+unset `env_auth` and set `use_msi` instead. See the [`use_msi`
+section](#use_msi).
+
+##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
+
+Credentials created with the `az` tool can be picked up using `env_auth`.
+
+For example if you were to login with a service principal like this:
+
+    az login --service-principal -u XXX -p XXX --tenant XXX
+
+Then you could access rclone resources like this:
+
+    rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER
+
+Or
+
+    rclone lsf --azureblob-env-auth --azureblob-account=ACCOUNT :azureblob:CONTAINER
+
+Which is analogous to using the `az` tool:
+
+    az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login
+
+#### Account and Shared Key
+
+This is the most straight forward and least flexible way.  Just fill
+in the `account` and `key` lines and leave the rest blank.
+
+#### SAS URL
+
+This can be an account level SAS URL or container level SAS URL.
+
+To use it leave `account` and `key` blank and fill in `sas_url`.
+
+An account level SAS URL or container level SAS URL can be obtained
+from the Azure portal or the Azure Storage Explorer.  To get a
+container level SAS URL right click on a container in the Azure Blob
+explorer in the Azure portal.
+
+If you use a container level SAS URL, rclone operations are permitted
+only on a particular container, e.g.
+
+    rclone ls azureblob:container
+
+You can also list the single container from the root. This will only
+show the container specified by the SAS URL.
+
+    $ rclone lsd azureblob:
+    container/
+
+Note that you can&#39;t see or access any other containers - this will
+fail
+
+    rclone ls azureblob:othercontainer
+
+Container level SAS URLs are useful for temporarily allowing third
+parties access to a single container or putting credentials into an
+untrusted environment such as a CI build server.
+
+#### Service principal with client secret
+
+If these variables are set, rclone will authenticate with a service principal with a client secret.
+
+- `tenant`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+- `client_id`: the service principal&#39;s client ID
+- `client_secret`: one of the service principal&#39;s client secrets
+
+The credentials can also be placed in a file using the
+`service_principal_file` configuration option.
+
+#### Service principal with certificate
+
+If these variables are set, rclone will authenticate with a service principal with certificate.
+
+- `tenant`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+- `client_id`: the service principal&#39;s client ID
+- `client_certificate_path`: path to a PEM or PKCS12 certificate file including the private key.
+- `client_certificate_password`: (optional) password for the certificate file.
+- `client_send_certificate_chain`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to &quot;true&quot; or &quot;1&quot;, authentication requests include the x5c header.
+
+**NB** `client_certificate_password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### User with username and password
+
+If these variables are set, rclone will authenticate with username and password.
+
+- `tenant`: (optional) tenant to authenticate in. Defaults to &quot;organizations&quot;.
+- `client_id`: client ID of the application the user will authenticate to
+- `username`: a username (usually an email address)
+- `password`: the user&#39;s password
+
+Microsoft doesn&#39;t recommend this kind of authentication, because it&#39;s
+less secure than other authentication flows. This method is not
+interactive, so it isn&#39;t compatible with any form of multi-factor
+authentication, and the application must already have user or admin
+consent. This credential can only authenticate work and school
+accounts; it can&#39;t authenticate Microsoft accounts.
+
+**NB** `password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### Managed Service Identity Credentials {#use_msi}
+
+If `use_msi` is set then managed service identity credentials are
+used. This authentication only works when running in an Azure service.
+`env_auth` needs to be unset to use this.
+
+However if you have multiple user identities to choose from these must
+be explicitly specified using exactly one of the `msi_object_id`,
+`msi_client_id`, or `msi_mi_res_id` parameters.
+
+If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
+set, this is is equivalent to using `env_auth`.
+
+
+### Standard options
+
+Here are the Standard options specific to azureblob (Microsoft Azure Blob Storage).
+
+#### --azureblob-account
+
+Azure Storage Account Name.
+
+Set this to the Azure Storage Account Name in use.
+
+Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
+
+If this is blank and if env_auth is set it will be read from the
+environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
+
+
+Properties:
+
+- Config:      account
+- Env Var:     RCLONE_AZUREBLOB_ACCOUNT
+- Type:        string
+- Required:    false
+
+#### --azureblob-env-auth
+
+Read credentials from runtime (environment variables, CLI or MSI).
+
+See the [authentication docs](/azureblob#authentication) for full info.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_AZUREBLOB_ENV_AUTH
+- Type:        bool
+- Default:     false
+
+#### --azureblob-key
+
+Storage Account Shared Key.
+
+Leave blank to use SAS URL or Emulator.
+
+Properties:
+
+- Config:      key
+- Env Var:     RCLONE_AZUREBLOB_KEY
+- Type:        string
+- Required:    false
+
+#### --azureblob-sas-url
+
+SAS URL for container level access only.
+
+Leave blank if using account/key or Emulator.
+
+Properties:
+
+- Config:      sas_url
+- Env Var:     RCLONE_AZUREBLOB_SAS_URL
+- Type:        string
+- Required:    false
+
+#### --azureblob-tenant
+
+ID of the service principal&#39;s tenant. Also called its directory ID.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      tenant
+- Env Var:     RCLONE_AZUREBLOB_TENANT
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-id
+
+The ID of the client in use.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-secret
+
+One of the service principal&#39;s client secrets
+
+Set this if using
+- Service principal with client secret
+
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-certificate-path
+
+Path to a PEM or PKCS12 certificate file including the private key.
+
+Set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_certificate_path
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-certificate-password
+
+Password for the certificate file (optional).
+
+Optionally set this if using
+- Service principal with certificate
+
+And the certificate has a password.
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      client_certificate_password
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to azureblob (Microsoft Azure Blob Storage).
+
+#### --azureblob-client-send-certificate-chain
+
+Send the certificate chain when using certificate auth.
+
+Specifies whether an authentication request will include an x5c header
+to support subject name / issuer based authentication. When set to
+true, authentication requests include the x5c header.
+
+Optionally set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_send_certificate_chain
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN
+- Type:        bool
+- Default:     false
+
+#### --azureblob-username
+
+User name (usually an email address)
+
+Set this if using
+- User with username and password
+
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_AZUREBLOB_USERNAME
+- Type:        string
+- Required:    false
+
+#### --azureblob-password
+
+The user&#39;s password
+
+Set this if using
+- User with username and password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_AZUREBLOB_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --azureblob-service-principal-file
+
+Path to file containing credentials for use with a service principal.
+
+Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
+
+    $ az ad sp create-for-rbac --name &quot;&lt;name&gt;&quot; \
+      --role &quot;Storage Blob Data Owner&quot; \
+      --scopes &quot;/subscriptions/&lt;subscription&gt;/resourceGroups/&lt;resource-group&gt;/providers/Microsoft.Storage/storageAccounts/&lt;storage-account&gt;/blobServices/default/containers/&lt;container&gt;&quot; \
+      &gt; azure-principal.json
+
+See [&quot;Create an Azure service principal&quot;](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and [&quot;Assign an Azure role for access to blob data&quot;](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+It may be more convenient to put the credentials directly into the
+rclone config file under the `client_id`, `tenant` and `client_secret`
+keys instead of setting `service_principal_file`.
+
+
+Properties:
+
+- Config:      service_principal_file
+- Env Var:     RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE
+- Type:        string
+- Required:    false
+
+#### --azureblob-use-msi
+
+Use a managed service identity to authenticate (only works in Azure).
+
+When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+to authenticate to Azure Storage instead of a SAS token or account key.
+
+If the VM(SS) on which this program is running has a system-assigned identity, it will
+be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+the user-assigned identity will be used by default. If the resource has multiple user-assigned
+identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+msi_client_id, or msi_mi_res_id parameters.
+
+Properties:
+
+- Config:      use_msi
+- Env Var:     RCLONE_AZUREBLOB_USE_MSI
+- Type:        bool
+- Default:     false
+
+#### --azureblob-msi-object-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_object_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_OBJECT_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-msi-client-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_object_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_client_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-msi-mi-res-id
+
+Azure resource ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_object_id specified.
+
+Properties:
+
+- Config:      msi_mi_res_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_MI_RES_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-use-emulator
+
+Uses local storage emulator if provided as &#39;true&#39;.
+
+Leave blank if using real azure storage endpoint.
+
+Properties:
+
+- Config:      use_emulator
+- Env Var:     RCLONE_AZUREBLOB_USE_EMULATOR
+- Type:        bool
+- Default:     false
+
+#### --azureblob-endpoint
+
+Endpoint for the service.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_AZUREBLOB_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --azureblob-upload-cutoff
+
+Cutoff for switching to chunked upload (&lt;= 256 MiB) (deprecated).
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CUTOFF
+- Type:        string
+- Required:    false
+
+#### --azureblob-chunk-size
+
+Upload chunk size.
+
+Note that this is stored in memory and there may be up to
+&quot;--transfers&quot; * &quot;--azureblob-upload-concurrency&quot; chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_AZUREBLOB_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
+
+#### --azureblob-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+If you are uploading small numbers of large files over high-speed
+links and these uploads do not fully utilize your bandwidth, then
+increasing this may help to speed up the transfers.
+
+In tests, upload speed increases almost linearly with upload
+concurrency. For example to fill a gigabit pipe it may be necessary to
+raise this to 64. Note that this will use more memory.
+
+Note that chunks are stored in memory and there may be up to
+&quot;--transfers&quot; * &quot;--azureblob-upload-concurrency&quot; chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     16
+
+#### --azureblob-list-chunk
+
+Size of blob list.
+
+This sets the number of blobs requested in each listing chunk. Default
+is the maximum, 5000. &quot;List blobs&quot; requests are permitted 2 minutes
+per megabyte to complete. If an operation is taking longer than 2
+minutes per megabyte on average, it will time out (
+[source](https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval)
+). This can be used to limit the number of blobs items to return, to
+avoid the time out.
+
+Properties:
+
+- Config:      list_chunk
+- Env Var:     RCLONE_AZUREBLOB_LIST_CHUNK
+- Type:        int
+- Default:     5000
+
+#### --azureblob-access-tier
+
+Access tier of blob: hot, cool, cold or archive.
+
+Archived blobs can be restored by setting access tier to hot, cool or
+cold. Leave blank if you intend to use default access tier, which is
+set at account level
+
+If there is no &quot;access tier&quot; specified, rclone doesn&#39;t apply any tier.
+rclone performs &quot;Set Tier&quot; operation on blobs while uploading, if objects
+are not modified, specifying &quot;access tier&quot; to new one will have no effect.
+If blobs are in &quot;archive tier&quot; at remote, trying to perform data transfer
+operations from remote will not be allowed. User should first restore by
+tiering blob to &quot;Hot&quot;, &quot;Cool&quot; or &quot;Cold&quot;.
+
+Properties:
+
+- Config:      access_tier
+- Env Var:     RCLONE_AZUREBLOB_ACCESS_TIER
+- Type:        string
+- Required:    false
+
+#### --azureblob-archive-tier-delete
+
+Delete archive tier blobs before overwriting.
+
+Archive tier blobs cannot be updated. So without this flag, if you
+attempt to update an archive tier blob, then rclone will produce the
+error:
+
+    can&#39;t update archive tier blob without --azureblob-archive-tier-delete
+
+With this flag set then before rclone attempts to overwrite an archive
+tier blob, it will delete the existing blob before uploading its
+replacement.  This has the potential for data loss if the upload fails
+(unlike updating a normal blob) and also may cost more since deleting
+archive tier blobs early may be chargable.
+
+
+Properties:
+
+- Config:      archive_tier_delete
+- Env Var:     RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE
+- Type:        bool
+- Default:     false
+
+#### --azureblob-disable-checksum
+
+Don&#39;t store MD5 checksum with object metadata.
+
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
+
+Properties:
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_AZUREBLOB_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
+
+#### --azureblob-memory-pool-flush-time
+
+How often internal memory buffer pools will be flushed. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_flush_time
+- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME
+- Type:        Duration
+- Default:     1m0s
+
+#### --azureblob-memory-pool-use-mmap
+
+Whether to use mmap buffers in internal memory pool. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_use_mmap
+- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP
+- Type:        bool
+- Default:     false
+
+#### --azureblob-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_AZUREBLOB_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
+
+#### --azureblob-public-access
+
+Public access level of a container: blob or container.
+
+Properties:
+
+- Config:      public_access
+- Env Var:     RCLONE_AZUREBLOB_PUBLIC_ACCESS
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - The container and its blobs can be accessed only with an authorized request.
+        - It&#39;s a default value.
+    - &quot;blob&quot;
+        - Blob data within this container can be read via anonymous request.
+    - &quot;container&quot;
+        - Allow full public read access for container and blob data.
+
+#### --azureblob-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option
+creates an empty object ending with &quot;/&quot;, to persist the folder.
+
+This object also has the metadata &quot;hdi_isfolder = true&quot; to conform to
+the Microsoft standard.
+ 
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_AZUREBLOB_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
+#### --azureblob-no-check-container
+
+If set, don&#39;t attempt to check the container exists or create it.
+
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the container exists already.
+
+
+Properties:
+
+- Config:      no_check_container
+- Env Var:     RCLONE_AZUREBLOB_NO_CHECK_CONTAINER
+- Type:        bool
+- Default:     false
+
+#### --azureblob-no-head-object
+
+If set, do not do HEAD before GET when getting objects.
+
+Properties:
+
+- Config:      no_head_object
+- Env Var:     RCLONE_AZUREBLOB_NO_HEAD_OBJECT
+- Type:        bool
+- Default:     false
+
+
+
+### Custom upload headers
+
+You can set custom upload headers with the `--header-upload` flag. 
+
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+
+Eg `--header-upload &quot;Content-Type: text/potato&quot;`
+
+## Limitations
+
+MD5 sums are only uploaded with chunked files if the source has an MD5
+sum.  This will always be the case for a local to azure copy.
+
+`rclone about` is not supported by the Microsoft Azure Blob storage backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+## Azure Storage Emulator Support
+
+You can run rclone with the storage emulator (usually _azurite_).
+
+To do this, just set up a new remote with `rclone config` following
+the instructions in the introduction and set `use_emulator` in the
+advanced settings as `true`. You do not need to provide a default
+account name nor an account key. But you can override them in the
+`account` and `key` options. (Prior to v1.61 they were hard coded to
+_azurite_&#39;s `devstoreaccount1`.)
+
+Also, if you want to access a storage emulator instance running on a
+different machine, you can override the `endpoint` parameter in the
+advanced settings, setting it to
+`http(s)://&lt;host&gt;:&lt;port&gt;/devstoreaccount1`
+(e.g. `http://10.254.2.5:10000/devstoreaccount1`).
+
+#  Microsoft Azure Files Storage
+
+Paths are specified as `remote:` You may put subdirectories in too,
+e.g. `remote:path/to/dir`.
+
+## Configuration
+
+Here is an example of making a Microsoft Azure Files Storage
+configuration.  For a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Microsoft Azure Files Storage  "azurefiles" [snip]</p>
+<p>Option account. Azure Storage Account Name. Set this to the Azure Storage Account Name in use. Leave blank to use SAS URL or connection string, otherwise it needs to be set. If this is blank and if env_auth is set it will be read from the environment variable <code>AZURE_STORAGE_ACCOUNT_NAME</code> if possible. Enter a value. Press Enter to leave empty. account&gt; account_name</p>
+<p>Option share_name. Azure Files Share Name. This is required and is the name of the share to access. Enter a value. Press Enter to leave empty. share_name&gt; share_name</p>
+<p>Option env_auth. Read credentials from runtime (environment variables, CLI or MSI). See the <a href="/azurefiles#authentication">authentication docs</a> for full info. Enter a boolean value (true or false). Press Enter for the default (false). env_auth&gt;</p>
+<p>Option key. Storage Account Shared Key. Leave blank to use SAS URL or connection string. Enter a value. Press Enter to leave empty. key&gt; base64encodedkey==</p>
+<p>Option sas_url. SAS URL. Leave blank if using account/key or connection string. Enter a value. Press Enter to leave empty. sas_url&gt;</p>
+<p>Option connection_string. Azure Files Connection String. Enter a value. Press Enter to leave empty. connection_string&gt; [snip]</p>
+<p>Configuration complete. Options: - type: azurefiles - account: account_name - share_name: share_name - key: base64encodedkey== Keep this "remote" remote? y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt;</p>
+<pre><code>
+Once configured you can use rclone.
+
+See all files in the top level:
+
+    rclone lsf remote:
+
+Make a new directory in the root:
+
+    rclone mkdir remote:dir
+
+Recursively List the contents:
+
+    rclone ls remote:
+
+Sync `/home/local/directory` to the remote directory, deleting any
+excess files in the directory.
+
+    rclone sync --interactive /home/local/directory remote:dir
+
+### Modified time
+
+The modified time is stored as Azure standard `LastModified` time on
+files
+
+### Performance
+
+When uploading large files, increasing the value of
+`--azurefiles-upload-concurrency` will increase performance at the cost
+of using more memory. The default of 16 is set quite conservatively to
+use less memory. It maybe be necessary raise it to 64 or higher to
+fully utilize a 1 GBit/s link with a single file transfer.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| &quot;         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| &lt;         | 0x3C  | ＜          |
+| &gt;         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \         | 0x5C  | ＼          |
+| \|        | 0x7C  | ｜          |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| .         | 0x2E  | ．          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Hashes
+
+MD5 hashes are stored with files. Not all files will have MD5 hashes
+as these have to be uploaded with the file.
+
+### Authentication {#authentication}
+
+There are a number of ways of supplying credentials for Azure Files
+Storage. Rclone tries them in the order of the sections below.
+
+#### Env Auth
+
+If the `env_auth` config parameter is `true` then rclone will pull
+credentials from the environment or runtime.
+
+It tries these authentication methods in this order:
+
+1. Environment Variables
+2. Managed Service Identity Credentials
+3. Azure CLI credentials (as used by the az tool)
+
+These are described in the following sections
+
+##### Env Auth: 1. Environment Variables
+
+If `env_auth` is set and environment variables are present rclone
+authenticates a service principal with a secret or certificate, or a
+user with a password, depending on which environment variable are set.
+It reads configuration from these variables, in the following order:
+
+1. Service principal with client secret
+    - `AZURE_TENANT_ID`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+    - `AZURE_CLIENT_ID`: the service principal&#39;s client ID
+    - `AZURE_CLIENT_SECRET`: one of the service principal&#39;s client secrets
+2. Service principal with certificate
+    - `AZURE_TENANT_ID`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+    - `AZURE_CLIENT_ID`: the service principal&#39;s client ID
+    - `AZURE_CLIENT_CERTIFICATE_PATH`: path to a PEM or PKCS12 certificate file including the private key.
+    - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+    - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to &quot;true&quot; or &quot;1&quot;, authentication requests include the x5c header.
+3. User with username and password
+    - `AZURE_TENANT_ID`: (optional) tenant to authenticate in. Defaults to &quot;organizations&quot;.
+    - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
+    - `AZURE_USERNAME`: a username (usually an email address)
+    - `AZURE_PASSWORD`: the user&#39;s password
+4. Workload Identity
+    - `AZURE_TENANT_ID`: Tenant to authenticate in.
+    - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+    - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+    - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
+
+##### Env Auth: 2. Managed Service Identity Credentials
+
+When using Managed Service Identity if the VM(SS) on which this
+program is running has a system-assigned identity, it will be used by
+default. If the resource has no system-assigned but exactly one
+user-assigned identity, the user-assigned identity will be used by
+default.
+
+If the resource has multiple user-assigned identities you will need to
+unset `env_auth` and set `use_msi` instead. See the [`use_msi`
+section](#use_msi).
+
+##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
+
+Credentials created with the `az` tool can be picked up using `env_auth`.
+
+For example if you were to login with a service principal like this:
+
+    az login --service-principal -u XXX -p XXX --tenant XXX
+
+Then you could access rclone resources like this:
+
+    rclone lsf :azurefiles,env_auth,account=ACCOUNT:
+
+Or
+
+    rclone lsf --azurefiles-env-auth --azurefiles-account=ACCOUNT :azurefiles:
+
+#### Account and Shared Key
+
+This is the most straight forward and least flexible way.  Just fill
+in the `account` and `key` lines and leave the rest blank.
+
+#### SAS URL
+
+To use it leave `account`, `key` and `connection_string` blank and fill in `sas_url`.
+
+#### Connection String
+
+To use it leave `account`, `key` and &quot;sas_url&quot; blank and fill in `connection_string`.
+
+#### Service principal with client secret
+
+If these variables are set, rclone will authenticate with a service principal with a client secret.
+
+- `tenant`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+- `client_id`: the service principal&#39;s client ID
+- `client_secret`: one of the service principal&#39;s client secrets
+
+The credentials can also be placed in a file using the
+`service_principal_file` configuration option.
+
+#### Service principal with certificate
+
+If these variables are set, rclone will authenticate with a service principal with certificate.
+
+- `tenant`: ID of the service principal&#39;s tenant. Also called its &quot;directory&quot; ID.
+- `client_id`: the service principal&#39;s client ID
+- `client_certificate_path`: path to a PEM or PKCS12 certificate file including the private key.
+- `client_certificate_password`: (optional) password for the certificate file.
+- `client_send_certificate_chain`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to &quot;true&quot; or &quot;1&quot;, authentication requests include the x5c header.
+
+**NB** `client_certificate_password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### User with username and password
+
+If these variables are set, rclone will authenticate with username and password.
+
+- `tenant`: (optional) tenant to authenticate in. Defaults to &quot;organizations&quot;.
+- `client_id`: client ID of the application the user will authenticate to
+- `username`: a username (usually an email address)
+- `password`: the user&#39;s password
+
+Microsoft doesn&#39;t recommend this kind of authentication, because it&#39;s
+less secure than other authentication flows. This method is not
+interactive, so it isn&#39;t compatible with any form of multi-factor
+authentication, and the application must already have user or admin
+consent. This credential can only authenticate work and school
+accounts; it can&#39;t authenticate Microsoft accounts.
+
+**NB** `password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### Managed Service Identity Credentials {#use_msi}
+
+If `use_msi` is set then managed service identity credentials are
+used. This authentication only works when running in an Azure service.
+`env_auth` needs to be unset to use this.
+
+However if you have multiple user identities to choose from these must
+be explicitly specified using exactly one of the `msi_object_id`,
+`msi_client_id`, or `msi_mi_res_id` parameters.
+
+If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
+set, this is is equivalent to using `env_auth`.
+
+
+### Standard options
+
+Here are the Standard options specific to azurefiles (Microsoft Azure Files).
+
+#### --azurefiles-account
+
+Azure Storage Account Name.
+
+Set this to the Azure Storage Account Name in use.
+
+Leave blank to use SAS URL or connection string, otherwise it needs to be set.
+
+If this is blank and if env_auth is set it will be read from the
+environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
+
+
+Properties:
+
+- Config:      account
+- Env Var:     RCLONE_AZUREFILES_ACCOUNT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-share-name
+
+Azure Files Share Name.
+
+This is required and is the name of the share to access.
+
+
+Properties:
+
+- Config:      share_name
+- Env Var:     RCLONE_AZUREFILES_SHARE_NAME
+- Type:        string
+- Required:    false
+
+#### --azurefiles-env-auth
+
+Read credentials from runtime (environment variables, CLI or MSI).
+
+See the [authentication docs](/azurefiles#authentication) for full info.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_AZUREFILES_ENV_AUTH
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-key
+
+Storage Account Shared Key.
+
+Leave blank to use SAS URL or connection string.
+
+Properties:
+
+- Config:      key
+- Env Var:     RCLONE_AZUREFILES_KEY
+- Type:        string
+- Required:    false
+
+#### --azurefiles-sas-url
+
+SAS URL.
+
+Leave blank if using account/key or connection string.
+
+Properties:
+
+- Config:      sas_url
+- Env Var:     RCLONE_AZUREFILES_SAS_URL
+- Type:        string
+- Required:    false
+
+#### --azurefiles-connection-string
+
+Azure Files Connection String.
+
+Properties:
+
+- Config:      connection_string
+- Env Var:     RCLONE_AZUREFILES_CONNECTION_STRING
+- Type:        string
+- Required:    false
+
+#### --azurefiles-tenant
+
+ID of the service principal&#39;s tenant. Also called its directory ID.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      tenant
+- Env Var:     RCLONE_AZUREFILES_TENANT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-id
+
+The ID of the client in use.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_AZUREFILES_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-secret
+
+One of the service principal&#39;s client secrets
+
+Set this if using
+- Service principal with client secret
+
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-certificate-path
+
+Path to a PEM or PKCS12 certificate file including the private key.
+
+Set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_certificate_path
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PATH
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-certificate-password
+
+Password for the certificate file (optional).
+
+Optionally set this if using
+- Service principal with certificate
+
+And the certificate has a password.
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      client_certificate_password
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PASSWORD
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to azurefiles (Microsoft Azure Files).
+
+#### --azurefiles-client-send-certificate-chain
+
+Send the certificate chain when using certificate auth.
+
+Specifies whether an authentication request will include an x5c header
+to support subject name / issuer based authentication. When set to
+true, authentication requests include the x5c header.
+
+Optionally set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_send_certificate_chain
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SEND_CERTIFICATE_CHAIN
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-username
+
+User name (usually an email address)
+
+Set this if using
+- User with username and password
+
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_AZUREFILES_USERNAME
+- Type:        string
+- Required:    false
+
+#### --azurefiles-password
+
+The user&#39;s password
+
+Set this if using
+- User with username and password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_AZUREFILES_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --azurefiles-service-principal-file
+
+Path to file containing credentials for use with a service principal.
+
+Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
+
+    $ az ad sp create-for-rbac --name &quot;&lt;name&gt;&quot; \
+      --role &quot;Storage Files Data Owner&quot; \
+      --scopes &quot;/subscriptions/&lt;subscription&gt;/resourceGroups/&lt;resource-group&gt;/providers/Microsoft.Storage/storageAccounts/&lt;storage-account&gt;/blobServices/default/containers/&lt;container&gt;&quot; \
+      &gt; azure-principal.json
+
+See [&quot;Create an Azure service principal&quot;](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and [&quot;Assign an Azure role for access to files data&quot;](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+**NB** this section needs updating for Azure Files - pull requests appreciated!
+
+It may be more convenient to put the credentials directly into the
+rclone config file under the `client_id`, `tenant` and `client_secret`
+keys instead of setting `service_principal_file`.
+
+
+Properties:
+
+- Config:      service_principal_file
+- Env Var:     RCLONE_AZUREFILES_SERVICE_PRINCIPAL_FILE
+- Type:        string
+- Required:    false
+
+#### --azurefiles-use-msi
+
+Use a managed service identity to authenticate (only works in Azure).
+
+When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+to authenticate to Azure Storage instead of a SAS token or account key.
+
+If the VM(SS) on which this program is running has a system-assigned identity, it will
+be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+the user-assigned identity will be used by default. If the resource has multiple user-assigned
+identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+msi_client_id, or msi_mi_res_id parameters.
+
+Properties:
+
+- Config:      use_msi
+- Env Var:     RCLONE_AZUREFILES_USE_MSI
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-msi-object-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_object_id
+- Env Var:     RCLONE_AZUREFILES_MSI_OBJECT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-msi-client-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_object_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_client_id
+- Env Var:     RCLONE_AZUREFILES_MSI_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-msi-mi-res-id
+
+Azure resource ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_object_id specified.
+
+Properties:
+
+- Config:      msi_mi_res_id
+- Env Var:     RCLONE_AZUREFILES_MSI_MI_RES_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-endpoint
+
+Endpoint for the service.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_AZUREFILES_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-chunk-size
+
+Upload chunk size.
+
+Note that this is stored in memory and there may be up to
+&quot;--transfers&quot; * &quot;--azurefile-upload-concurrency&quot; chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_AZUREFILES_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
+
+#### --azurefiles-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+If you are uploading small numbers of large files over high-speed
+links and these uploads do not fully utilize your bandwidth, then
+increasing this may help to speed up the transfers.
+
+Note that chunks are stored in memory and there may be up to
+&quot;--transfers&quot; * &quot;--azurefile-upload-concurrency&quot; chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_AZUREFILES_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     16
+
+#### --azurefiles-max-stream-size
+
+Max size for streamed files.
+
+Azure files needs to know in advance how big the file will be. When
+rclone doesn&#39;t know it uses this value instead.
+
+This will be used when rclone is streaming data, the most common uses are:
+
+- Uploading files with `--vfs-cache-mode off` with `rclone mount`
+- Using `rclone rcat`
+- Copying files with unknown length
+
+You will need this much free space in the share as the file will be this size temporarily.
+
+
+Properties:
+
+- Config:      max_stream_size
+- Env Var:     RCLONE_AZUREFILES_MAX_STREAM_SIZE
+- Type:        SizeSuffix
+- Default:     10Gi
+
+#### --azurefiles-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_AZUREFILES_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot
+
+
+
+### Custom upload headers
+
+You can set custom upload headers with the `--header-upload` flag. 
+
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+
+Eg `--header-upload &quot;Content-Type: text/potato&quot;`
+
+## Limitations
+
+MD5 sums are only uploaded with chunked files if the source has an MD5
+sum.  This will always be the case for a local to azure copy.
+
+#  Microsoft OneDrive
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for OneDrive involves getting a token from
+Microsoft which you need to do in your browser.  `rclone config` walks
+you through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<ol start="5" type="a">
+<li>Edit existing remote</li>
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Rename remote</li>
+<li>Copy remote</li>
+<li>Set configuration password</li>
+<li>Quit config e/n/d/r/c/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Microsoft OneDrive  "onedrive" [snip] Storage&gt; onedrive Microsoft App Client Id Leave blank normally. Enter a string value. Press Enter for the default (""). client_id&gt; Microsoft App Client Secret Leave blank normally. Enter a string value. Press Enter for the default (""). client_secret&gt; Edit advanced config? (y/n)</li>
+<li>Yes</li>
+<li>No y/n&gt; n Remote config Use web browser to automatically authenticate rclone with remote?</li>
+</ol>
 <ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_SWIFT_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,InvalidUtf8</li>
-</ul>
-<h2 id="limitations-26">Limitations</h2>
-<p>The Swift API doesn't return a correct MD5SUM for segmented files (Dynamic or Static Large Objects) so rclone won't check or use the MD5SUM for these.</p>
-<h2 id="troubleshooting-3">Troubleshooting</h2>
-<h3 id="rclone-gives-failed-to-create-file-system-for-remote-bad-request">Rclone gives Failed to create file system for "remote:": Bad Request</h3>
-<p>Due to an oddity of the underlying swift library, it gives a "Bad Request" error rather than a more sensible error when the authentication fails for Swift.</p>
-<p>So this most likely means your username / password is wrong. You can investigate further with the <code>--dump-bodies</code> flag.</p>
-<p>This may also be caused by specifying the region when you shouldn't have (e.g. OVH).</p>
-<h3 id="rclone-gives-failed-to-create-file-system-response-didnt-have-storage-url-and-auth-token">Rclone gives Failed to create file system: Response didn't have storage url and auth token</h3>
-<p>This is most likely caused by forgetting to specify your tenant when setting up a swift remote.</p>
-<h2 id="ovh-cloud-archive">OVH Cloud Archive</h2>
-<p>To use rclone with OVH cloud archive, first use <code>rclone config</code> to set up a <code>swift</code> backend with OVH, choosing <code>pca</code> as the <code>storage_policy</code>.</p>
-<h3 id="uploading-objects">Uploading Objects</h3>
-<p>Uploading objects to OVH cloud archive is no different to object storage, you just simply run the command you like (move, copy or sync) to upload the objects. Once uploaded the objects will show in a "Frozen" state within the OVH control panel.</p>
-<h3 id="retrieving-objects">Retrieving Objects</h3>
-<p>To retrieve objects use <code>rclone copy</code> as normal. If the objects are in a frozen state then rclone will ask for them all to be unfrozen and it will wait at the end of the output with a message like the following:</p>
-<p><code>2019/03/23 13:06:33 NOTICE: Received retry after error - sleeping until 2019-03-23T13:16:33.481657164+01:00 (9m59.99985121s)</code></p>
-<p>Rclone will wait for the time specified then retry the copy.</p>
-<h1 id="pcloud">pCloud</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-35">Configuration</h2>
-<p>The initial setup for pCloud involves getting a token from pCloud which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Pcloud
-   \ &quot;pcloud&quot;
-[snip]
-Storage&gt; pcloud
-Pcloud App Client Id - leave blank normally.
-client_id&gt; 
-Pcloud App Client Secret - leave blank normally.
-client_secret&gt; 
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-client_id = 
-client_secret = 
-token = {&quot;access_token&quot;:&quot;XXX&quot;,&quot;token_type&quot;:&quot;bearer&quot;,&quot;expiry&quot;:&quot;0001-01-01T00:00:00Z&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from pCloud. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your pCloud</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your pCloud</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to a pCloud directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-hashes-10">Modified time and hashes</h3>
-<p>pCloud allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not. In order to set a Modification time pCloud requires the object be re-uploaded.</p>
-<p>pCloud supports MD5 and SHA1 hashes in the US region, and SHA1 and SHA256 hashes in the EU region, so you can use the <code>--checksum</code> flag.</p>
-<h3 id="restricted-filename-characters-23">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
+<li>Say Y if the machine running rclone has a web browser you can use</li>
+<li>Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N.</li>
+</ul>
+<ol start="25" type="a">
+<li>Yes</li>
+<li>No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code Choose a number from below, or type in an existing value 1 / OneDrive Personal or Business  "onedrive" 2 / Sharepoint site  "sharepoint" 3 / Type in driveID  "driveid" 4 / Type in SiteID  "siteid" 5 / Search a Sharepoint site  "search" Your choice&gt; 1 Found 1 drives, please select the one you want to use: 0: OneDrive (business) id=b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk Chose drive to use:&gt; 0 Found drive 'root' of type 'business', URL: https://org-my.sharepoint.com/personal/you/Documents Is that okay?</li>
+<li>Yes</li>
+<li>No y/n&gt; y -------------------- [remote] type = onedrive token = {"access_token":"youraccesstoken","token_type":"Bearer","refresh_token":"yourrefreshtoken","expiry":"2018-08-26T22:39:52.486512262+08:00"} drive_id = b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk drive_type = business --------------------</li>
+<li>Yes this is OK</li>
+<li>Edit this remote</li>
+<li>Delete this remote y/e/d&gt; y</li>
+</ol>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Microsoft. This only runs from the moment it
+opens your browser to the moment you get back the verification
+code.  This is on `http://127.0.0.1:53682/` and this it may require
+you to unblock it temporarily if you are running a host firewall.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your OneDrive
+
+    rclone lsd remote:
+
+List all the files in your OneDrive
+
+    rclone ls remote:
+
+To copy a local directory to an OneDrive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Getting your own Client ID and Key
+
+rclone uses a default Client ID when talking to OneDrive, unless a custom `client_id` is specified in the config.
+The default Client ID and Key are shared by all rclone users when performing requests.
+
+You may choose to create and use your own Client ID, in case the default one does not work well for you. 
+For example, you might see throttling.
+
+#### Creating Client ID for OneDrive Personal
+
+To create your own Client ID, please follow these steps:
+
+1. Open https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and then click `New registration`.
+2. Enter a name for your app, choose account type `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`, select `Web` in `Redirect URI`, then type (do not copy and paste) `http://localhost:53682/` and click Register. Copy and keep the `Application (client) ID` under the app name for later use.
+3. Under `manage` select `Certificates &amp; secrets`, click `New client secret`. Enter a description (can be anything) and set `Expires` to 24 months. Copy and keep that secret _Value_ for later use (you _won&#39;t_ be able to see this value afterwards).
+4. Under `manage` select `API permissions`, click `Add a permission` and select `Microsoft Graph` then select `delegated permissions`.
+5. Search and select the following permissions: `Files.Read`, `Files.ReadWrite`, `Files.Read.All`, `Files.ReadWrite.All`, `offline_access`, `User.Read` and `Sites.Read.All` (if custom access scopes are configured, select the permissions accordingly). Once selected click `Add permissions` at the bottom.
+
+Now the application is complete. Run `rclone config` to create or edit a OneDrive remote.
+Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.
+
+The access_scopes option allows you to configure the permissions requested by rclone.
+See [Microsoft Docs](https://docs.microsoft.com/en-us/graph/permissions-reference#files-permissions) for more information about the different scopes.
+
+The `Sites.Read.All` permission is required if you need to [search SharePoint sites when configuring the remote](https://github.com/rclone/rclone/pull/5883). However, if that permission is not assigned, you need to exclude `Sites.Read.All` from your access scopes or set `disable_site_permission` option to true in the advanced options.
+
+#### Creating Client ID for OneDrive Business
+
+The steps for OneDrive Personal may or may not work for OneDrive Business, depending on the security settings of the organization.
+A common error is that the publisher of the App is not verified.
+
+You may try to [verify you account](https://docs.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview), or try to limit the App to your organization only, as shown below.
+
+1. Make sure to create the App with your business account.
+2. Follow the steps above to create an App. However, we need a different account type here: `Accounts in this organizational directory only (*** - Single tenant)`. Note that you can also change the account type after creating the App.
+3. Find the [tenant ID](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) of your organization.
+4. In the rclone config, set `auth_url` to `https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/authorize`.
+5. In the rclone config, set `token_url` to `https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token`.
+
+Note: If you have a special region, you may need a different host in step 4 and 5. Here are [some hints](https://github.com/rclone/rclone/blob/bc23bf11db1c78c6ebbf8ea538fbebf7058b4176/backend/onedrive/onedrive.go#L86).
+
+
+### Modification times and hashes
+
+OneDrive allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
+
+OneDrive Personal, OneDrive for Business and Sharepoint Server support
+[QuickXorHash](https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash).
+
+Before rclone 1.62 the default hash for Onedrive Personal was `SHA1`.
+For rclone 1.62 and above the default for all Onedrive backends is
+`QuickXorHash`.
+
+Starting from July 2023 `SHA1` support is being phased out in Onedrive
+Personal in favour of `QuickXorHash`. If necessary the
+`--onedrive-hash-type` flag (or `hash_type` config option) can be used
+to select `SHA1` during the transition period if this is important
+your workflow.
+
+For all types of OneDrive you can use the `--checksum` flag.
+
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+This must be enabled with the `--onedrive-delta` flag (or `delta =
+true` in the config file) as it can cause performance degradation.
+
+It does this by using the delta listing facilities of OneDrive which
+returns all the files in the remote very efficiently. This is much
+more efficient than listing directories recursively and is Microsoft&#39;s
+recommended way of reading all the file information from a drive.
+
+This can be useful with `rclone mount` and [rclone rc vfs/refresh
+recursive=true](https://rclone.org/rc/#vfs-refresh)) to very quickly fill the mount with
+information about all the files.
+
+The API used for the recursive listing (`ListR`) only supports listing
+from the root of the drive. This will become increasingly inefficient
+the further away you get from the root as rclone will have to discard
+files outside of the directory you are using.
+
+Some commands (like `rclone lsf -R`) will use `ListR` by default - you
+can turn this off with `--disable ListR` if you need to.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| &quot;         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| &lt;         | 0x3C  | ＜          |
+| &gt;         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \         | 0x5C  | ＼          |
+| \|        | 0x7C  | ｜          |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+| .         | 0x2E  | ．          |
+
+File names can also not begin with the following characters.
+These only get replaced if they are the first character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+| ~         | 0x7E  | ～          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Deleting files
+
+Any files you delete with rclone will end up in the trash.  Microsoft
+doesn&#39;t provide an API to permanently delete files, nor to empty the
+trash, so you will have to do that with one of Microsoft&#39;s apps or via
+the OneDrive website.
+
+
+### Standard options
+
+Here are the Standard options specific to onedrive (Microsoft OneDrive).
+
+#### --onedrive-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_ONEDRIVE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --onedrive-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_ONEDRIVE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --onedrive-region
+
+Choose national cloud region for OneDrive.
+
+Properties:
+
+- Config:      region
+- Env Var:     RCLONE_ONEDRIVE_REGION
+- Type:        string
+- Default:     &quot;global&quot;
+- Examples:
+    - &quot;global&quot;
+        - Microsoft Cloud Global
+    - &quot;us&quot;
+        - Microsoft Cloud for US Government
+    - &quot;de&quot;
+        - Microsoft Cloud Germany
+    - &quot;cn&quot;
+        - Azure and Office 365 operated by Vnet Group in China
+
+### Advanced options
+
+Here are the Advanced options specific to onedrive (Microsoft OneDrive).
+
+#### --onedrive-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_ONEDRIVE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --onedrive-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_ONEDRIVE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --onedrive-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_ONEDRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --onedrive-chunk-size
+
+Chunk size to upload files with - must be multiple of 320k (327,680 bytes).
+
+Above this size files will be chunked - must be multiple of 320k (327,680 bytes) and
+should not exceed 250M (262,144,000 bytes) else you may encounter \&quot;Microsoft.SharePoint.Client.InvalidClientQueryException: The request message is too big.\&quot;
+Note that the chunks will be buffered into memory.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_ONEDRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --onedrive-drive-id
+
+The ID of the drive to use.
+
+Properties:
+
+- Config:      drive_id
+- Env Var:     RCLONE_ONEDRIVE_DRIVE_ID
+- Type:        string
+- Required:    false
+
+#### --onedrive-drive-type
+
+The type of the drive (personal | business | documentLibrary).
+
+Properties:
+
+- Config:      drive_type
+- Env Var:     RCLONE_ONEDRIVE_DRIVE_TYPE
+- Type:        string
+- Required:    false
+
+#### --onedrive-root-folder-id
+
+ID of the root folder.
+
+This isn&#39;t normally needed, but in special circumstances you might
+know the folder ID that you wish to access but not be able to get
+there through a path traversal.
+
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_ONEDRIVE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --onedrive-access-scopes
+
+Set scopes to be requested by rclone.
+
+Choose or manually enter a custom space separated list with all scopes, that rclone should request.
+
+
+Properties:
+
+- Config:      access_scopes
+- Env Var:     RCLONE_ONEDRIVE_ACCESS_SCOPES
+- Type:        SpaceSepList
+- Default:     Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access
+- Examples:
+    - &quot;Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access&quot;
+        - Read and write access to all resources
+    - &quot;Files.Read Files.Read.All Sites.Read.All offline_access&quot;
+        - Read only access to all resources
+    - &quot;Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All offline_access&quot;
+        - Read and write access to all resources, without the ability to browse SharePoint sites. 
+        - Same as if disable_site_permission was set to true
+
+#### --onedrive-disable-site-permission
+
+Disable the request for Sites.Read.All permission.
+
+If set to true, you will no longer be able to search for a SharePoint site when
+configuring drive ID, because rclone will not request Sites.Read.All permission.
+Set it to true if your organization didn&#39;t assign Sites.Read.All permission to the
+application, and your organization disallows users to consent app permission
+request on their own.
+
+Properties:
+
+- Config:      disable_site_permission
+- Env Var:     RCLONE_ONEDRIVE_DISABLE_SITE_PERMISSION
+- Type:        bool
+- Default:     false
+
+#### --onedrive-expose-onenote-files
+
+Set to make OneNote files show up in directory listings.
+
+By default, rclone will hide OneNote files in directory listings because
+operations like &quot;Open&quot; and &quot;Update&quot; won&#39;t work on them.  But this
+behaviour may also prevent you from deleting them.  If you want to
+delete OneNote files or otherwise want them to show up in directory
+listing, set this option.
+
+Properties:
+
+- Config:      expose_onenote_files
+- Env Var:     RCLONE_ONEDRIVE_EXPOSE_ONENOTE_FILES
+- Type:        bool
+- Default:     false
+
+#### --onedrive-server-side-across-configs
+
+Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different onedrive configs.
+
+This will only work if you are copying between two OneDrive *Personal* drives AND
+the files to copy are already shared between them.  In other cases, rclone will
+fall back to normal copy (which will be slightly slower).
+
+Properties:
+
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_ONEDRIVE_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
+
+#### --onedrive-list-chunk
+
+Size of listing chunk.
+
+Properties:
+
+- Config:      list_chunk
+- Env Var:     RCLONE_ONEDRIVE_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --onedrive-no-versions
+
+Remove all versions on modifying operations.
+
+Onedrive for business creates versions when rclone uploads new files
+overwriting an existing one and when it sets the modification time.
+
+These versions take up space out of the quota.
+
+This flag checks for versions after file upload and setting
+modification time and removes all but the last version.
+
+**NB** Onedrive personal can&#39;t currently delete versions so don&#39;t use
+this flag there.
+
+
+Properties:
+
+- Config:      no_versions
+- Env Var:     RCLONE_ONEDRIVE_NO_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --onedrive-link-scope
+
+Set the scope of the links created by the link command.
+
+Properties:
+
+- Config:      link_scope
+- Env Var:     RCLONE_ONEDRIVE_LINK_SCOPE
+- Type:        string
+- Default:     &quot;anonymous&quot;
+- Examples:
+    - &quot;anonymous&quot;
+        - Anyone with the link has access, without needing to sign in.
+        - This may include people outside of your organization.
+        - Anonymous link support may be disabled by an administrator.
+    - &quot;organization&quot;
+        - Anyone signed into your organization (tenant) can use the link to get access.
+        - Only available in OneDrive for Business and SharePoint.
+
+#### --onedrive-link-type
+
+Set the type of the links created by the link command.
+
+Properties:
+
+- Config:      link_type
+- Env Var:     RCLONE_ONEDRIVE_LINK_TYPE
+- Type:        string
+- Default:     &quot;view&quot;
+- Examples:
+    - &quot;view&quot;
+        - Creates a read-only link to the item.
+    - &quot;edit&quot;
+        - Creates a read-write link to the item.
+    - &quot;embed&quot;
+        - Creates an embeddable link to the item.
+
+#### --onedrive-link-password
+
+Set the password for links created by the link command.
+
+At the time of writing this only works with OneDrive personal paid accounts.
+
+
+Properties:
+
+- Config:      link_password
+- Env Var:     RCLONE_ONEDRIVE_LINK_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --onedrive-hash-type
+
+Specify the hash in use for the backend.
+
+This specifies the hash type in use. If set to &quot;auto&quot; it will use the
+default hash which is QuickXorHash.
+
+Before rclone 1.62 an SHA1 hash was used by default for Onedrive
+Personal. For 1.62 and later the default is to use a QuickXorHash for
+all onedrive types. If an SHA1 hash is desired then set this option
+accordingly.
+
+From July 2023 QuickXorHash will be the only available hash for
+both OneDrive for Business and OneDriver Personal.
+
+This can be set to &quot;none&quot; to not use any hashes.
+
+If the hash requested does not exist on the object, it will be
+returned as an empty string which is treated as a missing hash by
+rclone.
+
+
+Properties:
+
+- Config:      hash_type
+- Env Var:     RCLONE_ONEDRIVE_HASH_TYPE
+- Type:        string
+- Default:     &quot;auto&quot;
+- Examples:
+    - &quot;auto&quot;
+        - Rclone chooses the best hash
+    - &quot;quickxor&quot;
+        - QuickXor
+    - &quot;sha1&quot;
+        - SHA1
+    - &quot;sha256&quot;
+        - SHA256
+    - &quot;crc32&quot;
+        - CRC32
+    - &quot;none&quot;
+        - None - don&#39;t use any hashes
+
+#### --onedrive-av-override
+
+Allows download of files the server thinks has a virus.
+
+The onedrive/sharepoint server may check files uploaded with an Anti
+Virus checker. If it detects any potential viruses or malware it will
+block download of the file.
+
+In this case you will see a message like this
+
+    server reports this file is infected with a virus - use --onedrive-av-override to download anyway: Infected (name of virus): 403 Forbidden: 
+
+If you are 100% sure you want to download this file anyway then use
+the --onedrive-av-override flag, or av_override = true in the config
+file.
+
+
+Properties:
+
+- Config:      av_override
+- Env Var:     RCLONE_ONEDRIVE_AV_OVERRIDE
+- Type:        bool
+- Default:     false
+
+#### --onedrive-delta
+
+If set rclone will use delta listing to implement recursive listings.
+
+If this flag is set the the onedrive backend will advertise `ListR`
+support for recursive listings.
+
+Setting this flag speeds up these things greatly:
+
+    rclone lsf -R onedrive:
+    rclone size onedrive:
+    rclone rc vfs/refresh recursive=true
+
+**However** the delta listing API **only** works at the root of the
+drive. If you use it not at the root then it recurses from the root
+and discards all the data that is not under the directory you asked
+for. So it will be correct but may not be very efficient.
+
+This is why this flag is not set as the default.
+
+As a rule of thumb if nearly all of your data is under rclone&#39;s root
+directory (the `root/directory` in `onedrive:root/directory`) then
+using this flag will be be a big performance win. If your data is
+mostly not under the root then using this flag will be a big
+performance loss.
+
+It is recommended if you are mounting your onedrive at the root
+(or near the root when using crypt) and using rclone `rc vfs/refresh`.
+
+
+Properties:
+
+- Config:      delta
+- Env Var:     RCLONE_ONEDRIVE_DELTA
+- Type:        bool
+- Default:     false
+
+#### --onedrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_ONEDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+If you don&#39;t use rclone for 90 days the refresh token will
+expire. This will result in authorization problems. This is easy to
+fix by running the `rclone config reconnect remote:` command to get a
+new token and refresh token.
+
+### Naming
+
+Note that OneDrive is case insensitive so you can&#39;t have a
+file called &quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+There are quite a few characters that can&#39;t be in OneDrive file
+names.  These can&#39;t occur on Windows platforms, but on non-Windows
+platforms they are common.  Rclone will map these names to and from an
+identical looking unicode equivalent.  For example if a file has a `?`
+in it will be mapped to `？` instead.
+
+### File sizes
+
+The largest allowed file size is 250 GiB for both OneDrive Personal and OneDrive for Business [(Updated 13 Jan 2021)](https://support.microsoft.com/en-us/office/invalid-file-names-and-file-types-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa?ui=en-us&amp;rs=en-us&amp;ad=us#individualfilesize).
+
+### Path length
+
+The entire path, including the file name, must contain fewer than 400 characters for OneDrive, OneDrive for Business and SharePoint Online. If you are encrypting file and folder names with rclone, you may want to pay attention to this limitation because the encrypted names are typically longer than the original ones.
+
+### Number of files
+
+OneDrive seems to be OK with at least 50,000 files in a folder, but at
+100,000 rclone will get errors listing the directory like `couldn’t
+list files: UnknownError:`.  See
+[#2707](https://github.com/rclone/rclone/issues/2707) for more info.
+
+An official document about the limitations for different types of OneDrive can be found [here](https://support.office.com/en-us/article/invalid-file-names-and-file-types-in-onedrive-onedrive-for-business-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa).
+
+## Versions
+
+Every change in a file OneDrive causes the service to create a new
+version of the file.  This counts against a users quota.  For
+example changing the modification time of a file creates a second
+version, so the file apparently uses twice the space.
+
+For example the `copy` command is affected by this as rclone copies
+the file and then afterwards sets the modification time to match the
+source file which uses another version.
+
+You can use the `rclone cleanup` command (see below) to remove all old
+versions.
+
+Or you can set the `no_versions` parameter to `true` and rclone will
+remove versions after operations which create new versions. This takes
+extra transactions so only enable it if you need it.
+
+**Note** At the time of writing Onedrive Personal creates versions
+(but not for setting the modification time) but the API for removing
+them returns &quot;API not found&quot; so cleanup and `no_versions` should not
+be used on Onedrive Personal.
+
+### Disabling versioning
+
+Starting October 2018, users will no longer be able to
+disable versioning by default. This is because Microsoft has brought
+an
+[update](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/New-Updates-to-OneDrive-and-SharePoint-Team-Site-Versioning/ba-p/204390)
+to the mechanism. To change this new default setting, a PowerShell
+command is required to be run by a SharePoint admin. If you are an
+admin, you can run these commands in PowerShell to change that
+setting:
+
+1. `Install-Module -Name Microsoft.Online.SharePoint.PowerShell` (in case you haven&#39;t installed this already)
+2. `Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking`
+3. `Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU@YOURSITE.COM` (replacing `YOURSITE`, `YOU`, `YOURSITE.COM` with the actual values; this will prompt for your credentials)
+4. `Set-SPOTenant -EnableMinimumVersionRequirement $False`
+5. `Disconnect-SPOService` (to disconnect from the server)
+
+*Below are the steps for normal users to disable versioning. If you don&#39;t see the &quot;No Versioning&quot; option, make sure the above requirements are met.*
+
+User [Weropol](https://github.com/Weropol) has found a method to disable
+versioning on OneDrive
+
+1. Open the settings menu by clicking on the gear symbol at the top of the OneDrive Business page.
+2. Click Site settings.
+3. Once on the Site settings page, navigate to Site Administration &gt; Site libraries and lists.
+4. Click Customize &quot;Documents&quot;.
+5. Click General Settings &gt; Versioning Settings.
+6. Under Document Version History select the option No versioning.
+Note: This will disable the creation of new file versions, but will not remove any previous versions. Your documents are safe.
+7. Apply the changes by clicking OK.
+8. Use rclone to upload or modify files. (I also use the --no-update-modtime flag)
+9. Restore the versioning settings after using rclone. (Optional)
+
+## Cleanup
+
+OneDrive supports `rclone cleanup` which causes rclone to look through
+every file under the path supplied and delete all version but the
+current version. Because this involves traversing all the files, then
+querying each file for versions it can be quite slow. Rclone does
+`--checkers` tests in parallel. The command also supports `--interactive`/`i`
+or `--dry-run` which is a great way to see what it would do.
+
+    rclone cleanup --interactive remote:path/subdir # interactively remove all old version for path/subdir
+    rclone cleanup remote:path/subdir               # unconditionally remove all old version for path/subdir
+
+**NB** Onedrive personal can&#39;t currently delete versions
+
+## Troubleshooting ##
+
+### Excessive throttling or blocked on SharePoint
+
+If you experience excessive throttling or is being blocked on SharePoint then it may help to set the user agent explicitly with a flag like this: `--user-agent &quot;ISV|rclone.org|rclone/v1.55.1&quot;`
+
+The specific details can be found in the Microsoft document: [Avoid getting throttled or blocked in SharePoint Online](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic-to-avoid-throttling)
+
+### Unexpected file size/hash differences on Sharepoint ####
+
+It is a
+[known](https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631)
+issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies
+uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and
+hash checks to fail. There are also other situations that will cause OneDrive to
+report inconsistent file sizes. To use rclone with such
+affected files on Sharepoint, you
+may disable these checks with the following command line arguments:
+</code></pre>
+<p>--ignore-checksum --ignore-size</p>
+<pre><code>
+Alternatively, if you have write access to the OneDrive files, it may be possible
+to fix this problem for certain files, by attempting the steps below.
+Open the web interface for [OneDrive](https://onedrive.live.com) and find the
+affected files (which will be in the error messages/log for rclone). Simply click on
+each of these files, causing OneDrive to open them on the web. This will cause each
+file to be converted in place to a format that is functionally equivalent
+but which will no longer trigger the size discrepancy. Once all problematic files
+are converted you will no longer need the ignore options above.
+
+### Replacing/deleting existing files on Sharepoint gets &quot;item not found&quot; ####
+
+It is a [known](https://github.com/OneDrive/onedrive-api-docs/issues/1068) issue
+that Sharepoint (not OneDrive or OneDrive for Business) may return &quot;item not
+found&quot; errors when users try to replace or delete uploaded files; this seems to
+mainly affect Office files (.docx, .xlsx, etc.) and web files (.html, .aspx, etc.). As a workaround, you may use
+the `--backup-dir &lt;BACKUP_DIR&gt;` command line argument so rclone moves the
+files to be replaced/deleted into a given backup directory (instead of directly
+replacing/deleting them). For example, to instruct rclone to move the files into
+the directory `rclone-backup-dir` on backend `mysharepoint`, you may use:
+</code></pre>
+<p>--backup-dir mysharepoint:rclone-backup-dir</p>
+<pre><code>
+### access\_denied (AADSTS65005) ####
+</code></pre>
+<p>Error: access_denied Code: AADSTS65005 Description: Using application 'rclone' is currently not supported for your organization [YOUR_ORGANIZATION] because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of [YOUR_ORGANIZATION] before the application rclone can be provisioned.</p>
+<pre><code>
+This means that rclone can&#39;t use the OneDrive for Business API with your account. You can&#39;t do much about it, maybe write an email to your admins.
+
+However, there are other ways to interact with your OneDrive account. Have a look at the WebDAV backend: https://rclone.org/webdav/#sharepoint
+
+### invalid\_grant (AADSTS50076) ####
+</code></pre>
+<p>Error: invalid_grant Code: AADSTS50076 Description: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '...'.</p>
+<pre><code>
+If you see the error above after enabling multi-factor authentication for your account, you can fix it by refreshing your OAuth refresh token. To do that, run `rclone config`, and choose to edit your OneDrive backend. Then, you don&#39;t need to actually make any changes until you reach this question: `Already have a token - refresh?`. For this question, answer `y` and go through the process to refresh your token, just like the first time the backend is configured. After this, rclone should work again for this backend.
+
+### Invalid request when making public links ####
+
+On Sharepoint and OneDrive for Business, `rclone link` may return an &quot;Invalid
+request&quot; error. A possible cause is that the organisation admin didn&#39;t allow
+public links to be made for the organisation/sharepoint library. To fix the
+permissions as an admin, take a look at the docs:
+[1](https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off),
+[2](https://support.microsoft.com/en-us/office/set-up-and-manage-access-requests-94b26e0b-2822-49d4-929a-8455698654b3).
+
+### Can not access `Shared` with me files
+
+Shared with me files is not supported by rclone [currently](https://github.com/rclone/rclone/issues/4062), but there is a workaround:
+
+1. Visit [https://onedrive.live.com](https://onedrive.live.com/)
+2. Right click a item in `Shared`, then click `Add shortcut to My files` in the context
+    ![make_shortcut](https://user-images.githubusercontent.com/60313789/206118040-7e762b3b-aa61-41a1-8649-cc18889f3572.png &quot;Screenshot (Shared with me)&quot;)
+3. The shortcut will appear in `My files`, you can access it with rclone, it behaves like a normal folder/file.
+    ![in_my_files](https://i.imgur.com/0S8H3li.png &quot;Screenshot (My Files)&quot;)
+    ![rclone_mount](https://i.imgur.com/2Iq66sW.png &quot;Screenshot (rclone mount)&quot;)
+
+### Live Photos uploaded from iOS (small video clips in .heic files)
+
+The iOS OneDrive app introduced [upload and storage](https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/live-photos-come-to-onedrive/ba-p/1953452) 
+of [Live Photos](https://support.apple.com/en-gb/HT207310) in 2020. 
+The usage and download of these uploaded Live Photos is unfortunately still work-in-progress 
+and this introduces several issues when copying, synchronising and mounting – both in rclone and in the native OneDrive client on Windows.
+
+The root cause can easily be seen if you locate one of your Live Photos in the OneDrive web interface. 
+Then download the photo from the web interface. You will then see that the size of downloaded .heic file is smaller than the size displayed in the web interface. 
+The downloaded file is smaller because it only contains a single frame (still photo) extracted from the Live Photo (movie) stored in OneDrive.
+
+The different sizes will cause `rclone copy/sync` to repeatedly recopy unmodified photos something like this:
+
+    DEBUG : 20230203_123826234_iOS.heic: Sizes differ (src 4470314 vs dst 1298667)
+    DEBUG : 20230203_123826234_iOS.heic: sha1 = fc2edde7863b7a7c93ca6771498ac797f8460750 OK
+    INFO  : 20230203_123826234_iOS.heic: Copied (replaced existing)
+
+These recopies can be worked around by adding `--ignore-size`. Please note that this workaround only syncs the still-picture not the movie clip, 
+and relies on modification dates being correctly updated on all files in all situations.
+
+The different sizes will also cause `rclone check` to report size errors something like this:
+
+    ERROR : 20230203_123826234_iOS.heic: sizes differ
+
+These check errors can be suppressed by adding `--ignore-size`.
+
+The different sizes will also cause `rclone mount` to fail downloading with an error something like this:
+
+    ERROR : 20230203_123826234_iOS.heic: ReadFileHandle.Read error: low level retry 1/10: unexpected EOF
+
+or like this when using `--cache-mode=full`:
+
+    INFO  : 20230203_123826234_iOS.heic: vfs cache: downloader: error count now 1: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
+    ERROR : 20230203_123826234_iOS.heic: vfs cache: failed to download: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
+
+#  OpenDrive
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<ol start="14" type="a">
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Quit config e/n/d/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / OpenDrive  "opendrive" [snip] Storage&gt; opendrive Username username&gt; Password</li>
+<li>Yes type in my own password</li>
+<li>Generate random password y/g&gt; y Enter the password: password: Confirm the password: password: -------------------- [remote] username = password = *** ENCRYPTED *** --------------------</li>
+<li>Yes this is OK</li>
+<li>Edit this remote</li>
+<li>Delete this remote y/e/d&gt; y</li>
+</ol>
+<pre><code>
+List directories in top level of your OpenDrive
+
+    rclone lsd remote:
+
+List all the files in your OpenDrive
+
+    rclone ls remote:
+
+To copy a local directory to an OpenDrive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+OpenDrive allows modification times to be set on objects accurate to 1
+second. These will be used to detect whether objects need syncing or
+not.
+
+The MD5 hash algorithm is supported.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／          |
+| &quot;         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| &lt;         | 0x3C  | ＜          |
+| &gt;         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \         | 0x5C  | ＼          |
+| \|        | 0x7C  | ｜          |
+
+File names can also not begin or end with the following characters.
+These only get replaced if they are the first or last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+| HT        | 0x09  | ␉           |
+| LF        | 0x0A  | ␊           |
+| VT        | 0x0B  | ␋           |
+| CR        | 0x0D  | ␍           |
+
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to opendrive (OpenDrive).
+
+#### --opendrive-username
+
+Username.
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_OPENDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --opendrive-password
+
+Password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_OPENDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to opendrive (OpenDrive).
+
+#### --opendrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_OPENDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot
+
+#### --opendrive-chunk-size
+
+Files will be uploaded in chunks this size.
+
+Note that these chunks are buffered in memory so increasing them will
+increase memory use.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_OPENDRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     10Mi
+
+
+
+## Limitations
+
+Note that OpenDrive is case insensitive so you can&#39;t have a
+file called &quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+There are quite a few characters that can&#39;t be in OpenDrive file
+names.  These can&#39;t occur on Windows platforms, but on non-Windows
+platforms they are common.  Rclone will map these names to and from an
+identical looking unicode equivalent.  For example if a file has a `?`
+in it will be mapped to `？` instead.
+
+`rclone about` is not supported by the OpenDrive backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Oracle Object Storage
+- [Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
+- [Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
+- [Oracle Object Storage Limits](https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/oci-object-storage-best-practices.pdf)
+
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd` command.)  You may put subdirectories in 
+too, e.g. `remote:bucket/path/to/dir`.
+
+Sample command to transfer local artifacts to remote:bucket in oracle object storage:
+
+`rclone -vvv  --progress --stats-one-line --max-stats-groups 10 --log-format date,time,UTC,longfile --fast-list --buffer-size 256Mi --oos-no-check-bucket --oos-upload-cutoff 10Mi --multi-thread-cutoff 16Mi --multi-thread-streams 3000 --transfers 3000 --checkers 64  --retries 2  --oos-chunk-size 10Mi --oos-upload-concurrency 10000  --oos-attempt-resume-upload --oos-leave-parts-on-error sync ./artifacts  remote:bucket -vv`
+
+## Configuration
+
+Here is an example of making an oracle object storage configuration. `rclone config` walks you 
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+</code></pre>
+<ol start="14" type="a">
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Rename remote</li>
+<li>Copy remote</li>
+<li>Set configuration password</li>
+<li>Quit config e/n/d/r/c/s/q&gt; n</li>
+</ol>
+<p>Enter name for new remote. name&gt; remote</p>
+<p>Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. [snip] XX / Oracle Cloud Infrastructure Object Storage  (oracleobjectstorage) Storage&gt; oracleobjectstorage</p>
+<p>Option provider. Choose your Auth Provider Choose a number from below, or type in your own string value. Press Enter for the default (env_auth). 1 / automatically pickup the credentials from runtime(env), first one to provide auth wins  (env_auth) / use an OCI user and an API key for authentication. 2 | you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key. | https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm  (user_principal_auth) / use instance principals to authorize an instance to make API calls. 3 | each instance has its own identity, and authenticates using the certificates that are read from instance metadata. | https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm  (instance_principal_auth) 4 / use resource principals to make API calls  (resource_principal_auth) 5 / no credentials needed, this is typically for reading public buckets  (no_auth) provider&gt; 2</p>
+<p>Option namespace. Object storage namespace Enter a value. namespace&gt; idbamagbg734</p>
+<p>Option compartment. Object storage compartment OCID Enter a value. compartment&gt; ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba</p>
+<p>Option region. Object storage Region Enter a value. region&gt; us-ashburn-1</p>
+<p>Option endpoint. Endpoint for Object storage API. Leave blank to use the default endpoint for the region. Enter a value. Press Enter to leave empty. endpoint&gt;</p>
+<p>Option config_file. Full Path to OCI config file Choose a number from below, or type in your own string value. Press Enter for the default (~/.oci/config). 1 / oci configuration file location  (~/.oci/config) config_file&gt; /etc/oci/dev.conf</p>
+<p>Option config_profile. Profile name inside OCI config file Choose a number from below, or type in your own string value. Press Enter for the default (Default). 1 / Use the default profile  (Default) config_profile&gt; Test</p>
+<p>Edit advanced config? y) Yes n) No (default) y/n&gt; n</p>
+<p>Configuration complete. Options: - type: oracleobjectstorage - namespace: idbamagbg734 - compartment: ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba - region: us-ashburn-1 - provider: user_principal_auth - config_file: /etc/oci/dev.conf - config_profile: Test Keep this "remote" remote? y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+See all buckets
+
+    rclone lsd remote:
+
+Create a new bucket
+
+    rclone mkdir remote:bucket
+
+List the contents of a bucket
+
+    rclone ls remote:bucket
+    rclone ls remote:bucket --max-depth 1
+
+## Authentication Providers 
+
+OCI has various authentication methods. To learn more about authentication methods please refer [oci authentication 
+methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm) 
+These choices can be specified in the rclone config file.
+
+Rclone supports the following OCI authentication provider.
+
+    User Principal
+    Instance Principal
+    Resource Principal
+    No authentication
+
+### User Principal
+
+Sample rclone config file for Authentication Provider User Principal:
+
+    [oos]
+    type = oracleobjectstorage
+    namespace = id&lt;redacted&gt;34
+    compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;ba
+    region = us-ashburn-1
+    provider = user_principal_auth
+    config_file = /home/opc/.oci/config
+    config_profile = Default
+
+Advantages:
+- One can use this method from any server within OCI or on-premises or from other cloud provider.
+
+Considerations:
+- you need to configure user’s privileges / policy to allow access to object storage
+- Overhead of managing users and keys.
+- If the user is deleted, the config file will no longer work and may cause automation regressions that use the user&#39;s credentials.
+
+###  Instance Principal
+
+An OCI compute instance can be authorized to use rclone by using it&#39;s identity and certificates as an instance principal. 
+With this approach no credentials have to be stored and managed.
+
+Sample rclone configuration file for Authentication Provider Instance Principal:
+
+    [opc@rclone ~]$ cat ~/.config/rclone/rclone.conf
+    [oos]
+    type = oracleobjectstorage
+    namespace = id&lt;redacted&gt;fn
+    compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;k7a
+    region = us-ashburn-1
+    provider = instance_principal_auth
+
+Advantages:
+
+- With instance principals, you don&#39;t need to configure user credentials and transfer/ save it to disk in your compute 
+  instances or rotate the credentials.
+- You don’t need to deal with users and keys.
+- Greatly helps in automation as you don&#39;t have to manage access keys, user private keys, storing them in vault, 
+  using kms etc.
+
+Considerations:
+
+- You need to configure a dynamic group having this instance as member and add policy to read object storage to that 
+  dynamic group.
+- Everyone who has access to this machine can execute the CLI commands.
+- It is applicable for oci compute instances only. It cannot be used on external instance or resources.
+
+### Resource Principal
+
+Resource principal auth is very similar to instance principal auth but used for resources that are not 
+compute instances such as [serverless functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm). 
+To use resource principal ensure Rclone process is started with these environment variables set in its process.
+
+    export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
+    export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
+    export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
+    export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token
+
+Sample rclone configuration file for Authentication Provider Resource Principal:
+
+    [oos]
+    type = oracleobjectstorage
+    namespace = id&lt;redacted&gt;34
+    compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;ba
+    region = us-ashburn-1
+    provider = resource_principal_auth
+
+### No authentication
+
+Public buckets do not require any authentication mechanism to read objects.
+Sample rclone configuration file for No authentication:
+    
+    [oos]
+    type = oracleobjectstorage
+    namespace = id&lt;redacted&gt;34
+    compartment = ocid1.compartment.oc1..aa&lt;redacted&gt;ba
+    region = us-ashburn-1
+    provider = no_auth
+
+### Modification times and hashes
+
+The modification time is stored as metadata on the object as
+`opc-meta-mtime` as floating point since the epoch, accurate to 1 ns.
+
+If the modification time needs to be updated rclone will attempt to perform a server
+side copy to update the modification if the object can be copied in a single part.
+In the case the object is larger than 5Gb, the object will be uploaded rather than copied.
+
+Note that reading this from the object takes an additional `HEAD` request as the metadata
+isn&#39;t returned in object listings.
+
+The MD5 hash algorithm is supported.
+
+### Multipart uploads
+
+rclone supports multipart uploads with OOS which means that it can
+upload files bigger than 5 GiB.
+
+Note that files uploaded *both* with multipart upload *and* through
+crypt remotes do not have MD5 sums.
+
+rclone switches from single part uploads to multipart uploads at the
+point specified by `--oos-upload-cutoff`.  This can be a maximum of 5 GiB
+and a minimum of 0 (ie always upload multipart files).
+
+The chunk sizes used in the multipart upload are specified by
+`--oos-chunk-size` and the number of chunks uploaded concurrently is
+specified by `--oos-upload-concurrency`.
+
+Multipart uploads will use `--transfers` * `--oos-upload-concurrency` *
+`--oos-chunk-size` extra memory.  Single part uploads to not use extra
+memory.
+
+Single part transfers can be faster than multipart transfers or slower
+depending on your latency from oos - the more latency, the more likely
+single part transfers will be faster.
+
+Increasing `--oos-upload-concurrency` will increase throughput (8 would
+be a sensible value) and increasing `--oos-chunk-size` also increases
+throughput (16M would be sensible).  Increasing either of these will
+use more memory.  The default values are high enough to gain most of
+the possible performance without using too much memory.
+
+
+### Standard options
+
+Here are the Standard options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
+
+#### --oos-provider
+
+Choose your Auth Provider
+
+Properties:
+
+- Config:      provider
+- Env Var:     RCLONE_OOS_PROVIDER
+- Type:        string
+- Default:     &quot;env_auth&quot;
+- Examples:
+    - &quot;env_auth&quot;
+        - automatically pickup the credentials from runtime(env), first one to provide auth wins
+    - &quot;user_principal_auth&quot;
+        - use an OCI user and an API key for authentication.
+        - you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
+        - https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
+    - &quot;instance_principal_auth&quot;
+        - use instance principals to authorize an instance to make API calls. 
+        - each instance has its own identity, and authenticates using the certificates that are read from instance metadata. 
+        - https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
+    - &quot;resource_principal_auth&quot;
+        - use resource principals to make API calls
+    - &quot;no_auth&quot;
+        - no credentials needed, this is typically for reading public buckets
+
+#### --oos-namespace
+
+Object storage namespace
+
+Properties:
+
+- Config:      namespace
+- Env Var:     RCLONE_OOS_NAMESPACE
+- Type:        string
+- Required:    true
+
+#### --oos-compartment
+
+Object storage compartment OCID
+
+Properties:
+
+- Config:      compartment
+- Env Var:     RCLONE_OOS_COMPARTMENT
+- Provider:    !no_auth
+- Type:        string
+- Required:    true
+
+#### --oos-region
+
+Object storage Region
+
+Properties:
+
+- Config:      region
+- Env Var:     RCLONE_OOS_REGION
+- Type:        string
+- Required:    true
+
+#### --oos-endpoint
+
+Endpoint for Object storage API.
+
+Leave blank to use the default endpoint for the region.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_OOS_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --oos-config-file
+
+Path to OCI config file
+
+Properties:
+
+- Config:      config_file
+- Env Var:     RCLONE_OOS_CONFIG_FILE
+- Provider:    user_principal_auth
+- Type:        string
+- Default:     &quot;~/.oci/config&quot;
+- Examples:
+    - &quot;~/.oci/config&quot;
+        - oci configuration file location
+
+#### --oos-config-profile
+
+Profile name inside the oci config file
+
+Properties:
+
+- Config:      config_profile
+- Env Var:     RCLONE_OOS_CONFIG_PROFILE
+- Provider:    user_principal_auth
+- Type:        string
+- Default:     &quot;Default&quot;
+- Examples:
+    - &quot;Default&quot;
+        - Use the default profile
+
+### Advanced options
+
+Here are the Advanced options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
+
+#### --oos-storage-tier
+
+The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm
+
+Properties:
+
+- Config:      storage_tier
+- Env Var:     RCLONE_OOS_STORAGE_TIER
+- Type:        string
+- Default:     &quot;Standard&quot;
+- Examples:
+    - &quot;Standard&quot;
+        - Standard storage tier, this is the default tier
+    - &quot;InfrequentAccess&quot;
+        - InfrequentAccess storage tier
+    - &quot;Archive&quot;
+        - Archive storage tier
+
+#### --oos-upload-cutoff
+
+Cutoff for switching to chunked upload.
+
+Any files larger than this will be uploaded in chunks of chunk_size.
+The minimum is 0 and the maximum is 5 GiB.
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_OOS_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
+
+#### --oos-chunk-size
+
+Chunk size to use for uploading.
+
+When uploading files larger than upload_cutoff or files with unknown
+size (e.g. from &quot;rclone rcat&quot; or uploaded with &quot;rclone mount&quot; they will be uploaded 
+as multipart uploads using this chunk size.
+
+Note that &quot;upload_concurrency&quot; chunks of this size are buffered
+in memory per transfer.
+
+If you are transferring large files over high-speed links and you have
+enough memory, then increasing this will speed up the transfers.
+
+Rclone will automatically increase the chunk size when uploading a
+large file of known size to stay below the 10,000 chunks limit.
+
+Files of unknown size are uploaded with the configured
+chunk_size. Since the default chunk size is 5 MiB and there can be at
+most 10,000 chunks, this means that by default the maximum size of
+a file you can stream upload is 48 GiB.  If you wish to stream upload
+larger files then you will need to increase chunk_size.
+
+Increasing the chunk size decreases the accuracy of the progress
+statistics displayed with &quot;-P&quot; flag.
+
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_OOS_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Mi
+
+#### --oos-max-upload-parts
+
+Maximum number of parts in a multipart upload.
+
+This option defines the maximum number of multipart chunks to use
+when doing a multipart upload.
+
+OCI has max parts limit of 10,000 chunks.
+
+Rclone will automatically increase the chunk size when uploading a
+large file of a known size to stay below this number of chunks limit.
+
+
+Properties:
+
+- Config:      max_upload_parts
+- Env Var:     RCLONE_OOS_MAX_UPLOAD_PARTS
+- Type:        int
+- Default:     10000
+
+#### --oos-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+If you are uploading small numbers of large files over high-speed links
+and these uploads do not fully utilize your bandwidth, then increasing
+this may help to speed up the transfers.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_OOS_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     10
+
+#### --oos-copy-cutoff
+
+Cutoff for switching to multipart copy.
+
+Any files larger than this that need to be server-side copied will be
+copied in chunks of this size.
+
+The minimum is 0 and the maximum is 5 GiB.
+
+Properties:
+
+- Config:      copy_cutoff
+- Env Var:     RCLONE_OOS_COPY_CUTOFF
+- Type:        SizeSuffix
+- Default:     4.656Gi
+
+#### --oos-copy-timeout
+
+Timeout for copy.
+
+Copy is an asynchronous operation, specify timeout to wait for copy to succeed
+
+
+Properties:
+
+- Config:      copy_timeout
+- Env Var:     RCLONE_OOS_COPY_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --oos-disable-checksum
+
+Don&#39;t store MD5 checksum with object metadata.
+
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
+
+Properties:
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_OOS_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
+
+#### --oos-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_OOS_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8,Dot
+
+#### --oos-leave-parts-on-error
+
+If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
+
+It should be set to true for resuming uploads across different sessions.
+
+WARNING: Storing parts of an incomplete multipart upload counts towards space usage on object storage and will add
+additional costs if not cleaned up.
+
+
+Properties:
+
+- Config:      leave_parts_on_error
+- Env Var:     RCLONE_OOS_LEAVE_PARTS_ON_ERROR
+- Type:        bool
+- Default:     false
+
+#### --oos-attempt-resume-upload
+
+If true attempt to resume previously started multipart upload for the object.
+This will be helpful to speed up multipart transfers by resuming uploads from past session.
+
+WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is 
+aborted and a new multipart upload is started with the new chunk size.
+
+The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
+
+
+Properties:
+
+- Config:      attempt_resume_upload
+- Env Var:     RCLONE_OOS_ATTEMPT_RESUME_UPLOAD
+- Type:        bool
+- Default:     false
+
+#### --oos-no-check-bucket
+
+If set, don&#39;t attempt to check the bucket exists or create it.
+
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
+
+It can also be needed if the user you are using does not have bucket
+creation permissions.
+
+
+Properties:
+
+- Config:      no_check_bucket
+- Env Var:     RCLONE_OOS_NO_CHECK_BUCKET
+- Type:        bool
+- Default:     false
+
+#### --oos-sse-customer-key-file
+
+To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+with the object. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.&#39;
+
+Properties:
+
+- Config:      sse_customer_key_file
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY_FILE
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - None
+
+#### --oos-sse-customer-key
+
+To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+encrypt or  decrypt the data. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is
+needed. For more information, see Using Your Own Keys for Server-Side Encryption 
+(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm)
+
+Properties:
+
+- Config:      sse_customer_key
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - None
+
+#### --oos-sse-customer-key-sha256
+
+If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+key. This value is used to check the integrity of the encryption key. see Using Your Own Keys for 
+Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
+
+Properties:
+
+- Config:      sse_customer_key_sha256
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - None
+
+#### --oos-sse-kms-key-id
+
+if using your own master key in vault, this header specifies the
+OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
+the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
+Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
+
+Properties:
+
+- Config:      sse_kms_key_id
+- Env Var:     RCLONE_OOS_SSE_KMS_KEY_ID
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - None
+
+#### --oos-sse-customer-algorithm
+
+If using SSE-C, the optional header that specifies &quot;AES256&quot; as the encryption algorithm.
+Object Storage supports &quot;AES256&quot; as the encryption algorithm. For more information, see
+Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
+
+Properties:
+
+- Config:      sse_customer_algorithm
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_ALGORITHM
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - None
+    - &quot;AES256&quot;
+        - AES256
+
+## Backend commands
+
+Here are the commands specific to the oracleobjectstorage backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### rename
+
+change the name of an object
+
+    rclone backend rename remote: [options] [&lt;arguments&gt;+]
+
+This command can be used to rename a object.
+
+Usage Examples:
+
+    rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name
+
+
+### list-multipart-uploads
+
+List the unfinished multipart uploads
+
+    rclone backend list-multipart-uploads remote: [options] [&lt;arguments&gt;+]
+
+This command lists the unfinished multipart uploads in JSON format.
+
+    rclone backend list-multipart-uploads oos:bucket/path/to/object
+
+It returns a dictionary of buckets with values as lists of unfinished
+multipart uploads.
+
+You can call it with no bucket in which case it lists all bucket, with
+a bucket or with a bucket and path.
+
+    {
+      &quot;test-bucket&quot;: [
+                {
+                        &quot;namespace&quot;: &quot;test-namespace&quot;,
+                        &quot;bucket&quot;: &quot;test-bucket&quot;,
+                        &quot;object&quot;: &quot;600m.bin&quot;,
+                        &quot;uploadId&quot;: &quot;51dd8114-52a4-b2f2-c42f-5291f05eb3c8&quot;,
+                        &quot;timeCreated&quot;: &quot;2022-07-29T06:21:16.595Z&quot;,
+                        &quot;storageTier&quot;: &quot;Standard&quot;
+                }
+        ]
+
+
+### cleanup
+
+Remove unfinished multipart uploads.
+
+    rclone backend cleanup remote: [options] [&lt;arguments&gt;+]
+
+This command removes unfinished multipart uploads of age greater than
+max-age which defaults to 24 hours.
+
+Note that you can use --interactive/-i or --dry-run with this command to see what
+it would do.
+
+    rclone backend cleanup oos:bucket/path/to/object
+    rclone backend cleanup -o max-age=7w oos:bucket/path/to/object
+
+Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
+
+
+Options:
+
+- &quot;max-age&quot;: Max age of upload to delete
+
+
+
+## Tutorials
+### [Mounting Buckets](https://rclone.org/oracleobjectstorage/tutorial_mount/)
+
+#  QingStor
+
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+
+## Configuration
+
+Here is an example of making an QingStor configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / QingStor Object Storage  "qingstor" [snip] Storage&gt; qingstor Get QingStor credentials from runtime. Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own value 1 / Enter QingStor credentials in the next step  "false" 2 / Get QingStor credentials from the environment (env vars or IAM)  "true" env_auth&gt; 1 QingStor Access Key ID - leave blank for anonymous access or runtime credentials. access_key_id&gt; access_key QingStor Secret Access Key (password) - leave blank for anonymous access or runtime credentials. secret_access_key&gt; secret_key Enter an endpoint URL to connection QingStor API. Leave blank will use the default value "https://qingstor.com:443" endpoint&gt; Zone connect to. Default is "pek3a". Choose a number from below, or type in your own value / The Beijing (China) Three Zone 1 | Needs location constraint pek3a.  "pek3a" / The Shanghai (China) First Zone 2 | Needs location constraint sh1a.  "sh1a" zone&gt; 1 Number of connection retry. Leave blank will use the default value "3". connection_retries&gt; Remote config -------------------- [remote] env_auth = false access_key_id = access_key secret_access_key = secret_key endpoint = zone = pek3a connection_retries = -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+This remote is called `remote` and can now be used like this
+
+See all buckets
+
+    rclone lsd remote:
+
+Make a new bucket
+
+    rclone mkdir remote:bucket
+
+List the contents of a bucket
+
+    rclone ls remote:bucket
+
+Sync `/home/local/directory` to the remote bucket, deleting any excess
+files in the bucket.
+
+    rclone sync --interactive /home/local/directory remote:bucket
+
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Multipart uploads
+
+rclone supports multipart uploads with QingStor which means that it can
+upload files bigger than 5 GiB. Note that files uploaded with multipart
+upload don&#39;t have an MD5SUM.
+
+Note that incomplete multipart uploads older than 24 hours can be
+removed with `rclone cleanup remote:bucket` just for one bucket
+`rclone cleanup remote:` for all buckets. QingStor does not ever
+remove incomplete multipart uploads so it may be necessary to run this
+from time to time.
+
+### Buckets and Zone
+
+With QingStor you can list buckets (`rclone lsd`) using any zone,
+but you can only access the content of a bucket from the zone it was
+created in.  If you attempt to access a bucket from the wrong zone,
+you will get an error, `incorrect zone, the bucket is not in &#39;XXX&#39;
+zone`.
+
+### Authentication
+
+There are two ways to supply `rclone` with a set of QingStor
+credentials. In order of precedence:
+
+ - Directly in the rclone configuration file (as configured by `rclone config`)
+   - set `access_key_id` and `secret_access_key`
+ - Runtime configuration:
+   - set `env_auth` to `true` in the config file
+   - Exporting the following environment variables before running `rclone`
+     - Access Key ID: `QS_ACCESS_KEY_ID` or `QS_ACCESS_KEY`
+     - Secret Access Key: `QS_SECRET_ACCESS_KEY` or `QS_SECRET_KEY`
+
+### Restricted filename characters
+
+The control characters 0x00-0x1F and / are replaced as in the [default
+restricted characters set](https://rclone.org/overview/#restricted-characters).  Note
+that 0x7F is not replaced.
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to qingstor (QingCloud Object Storage).
+
+#### --qingstor-env-auth
+
+Get QingStor credentials from runtime.
+
+Only applies if access_key_id and secret_access_key is blank.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_QINGSTOR_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - &quot;false&quot;
+        - Enter QingStor credentials in the next step.
+    - &quot;true&quot;
+        - Get QingStor credentials from the environment (env vars or IAM).
+
+#### --qingstor-access-key-id
+
+QingStor Access Key ID.
+
+Leave blank for anonymous access or runtime credentials.
+
+Properties:
+
+- Config:      access_key_id
+- Env Var:     RCLONE_QINGSTOR_ACCESS_KEY_ID
+- Type:        string
+- Required:    false
+
+#### --qingstor-secret-access-key
+
+QingStor Secret Access Key (password).
+
+Leave blank for anonymous access or runtime credentials.
+
+Properties:
+
+- Config:      secret_access_key
+- Env Var:     RCLONE_QINGSTOR_SECRET_ACCESS_KEY
+- Type:        string
+- Required:    false
+
+#### --qingstor-endpoint
+
+Enter an endpoint URL to connection QingStor API.
+
+Leave blank will use the default value &quot;https://qingstor.com:443&quot;.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_QINGSTOR_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --qingstor-zone
+
+Zone to connect to.
+
+Default is &quot;pek3a&quot;.
+
+Properties:
+
+- Config:      zone
+- Env Var:     RCLONE_QINGSTOR_ZONE
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;pek3a&quot;
+        - The Beijing (China) Three Zone.
+        - Needs location constraint pek3a.
+    - &quot;sh1a&quot;
+        - The Shanghai (China) First Zone.
+        - Needs location constraint sh1a.
+    - &quot;gd2a&quot;
+        - The Guangdong (China) Second Zone.
+        - Needs location constraint gd2a.
+
+### Advanced options
+
+Here are the Advanced options specific to qingstor (QingCloud Object Storage).
+
+#### --qingstor-connection-retries
+
+Number of connection retries.
+
+Properties:
+
+- Config:      connection_retries
+- Env Var:     RCLONE_QINGSTOR_CONNECTION_RETRIES
+- Type:        int
+- Default:     3
+
+#### --qingstor-upload-cutoff
+
+Cutoff for switching to chunked upload.
+
+Any files larger than this will be uploaded in chunks of chunk_size.
+The minimum is 0 and the maximum is 5 GiB.
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_QINGSTOR_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
+
+#### --qingstor-chunk-size
+
+Chunk size to use for uploading.
+
+When uploading files larger than upload_cutoff they will be uploaded
+as multipart uploads using this chunk size.
+
+Note that &quot;--qingstor-upload-concurrency&quot; chunks of this size are buffered
+in memory per transfer.
+
+If you are transferring large files over high-speed links and you have
+enough memory, then increasing this will speed up the transfers.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_QINGSTOR_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
+
+#### --qingstor-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+NB if you set this to &gt; 1 then the checksums of multipart uploads
+become corrupted (the uploads themselves are not corrupted though).
+
+If you are uploading small numbers of large files over high-speed links
+and these uploads do not fully utilize your bandwidth, then increasing
+this may help to speed up the transfers.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_QINGSTOR_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     1
+
+#### --qingstor-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_QINGSTOR_ENCODING
+- Type:        Encoding
+- Default:     Slash,Ctl,InvalidUtf8
+
+
+
+## Limitations
+
+`rclone about` is not supported by the qingstor backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Quatrix
+
+Quatrix by Maytech is [Quatrix Secure Compliant File Sharing | Maytech](https://www.maytech.net/products/quatrix-business).
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g., `remote:directory/subdirectory`.
+
+The initial setup for Quatrix involves getting an API Key from Quatrix. You can get the API key in the user&#39;s profile at `https://&lt;account&gt;/profile/api-keys`
+or with the help of the API - https://docs.maytech.net/quatrix/quatrix-api/api-explorer#/API-Key/post_api_key_create.
+
+See complete Swagger documentation for Quatrix - https://docs.maytech.net/quatrix/quatrix-api/api-explorer
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Quatrix by Maytech  "quatrix" [snip] Storage&gt; quatrix API key for accessing Quatrix account. api_key&gt; your_api_key Host name of Quatrix account. host&gt; example.quatrix.it</p>
+<table style="width:29%;">
+<colgroup>
+<col style="width: 29%" />
+</colgroup>
 <thead>
 <tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
+<th style="text-align: left;">[remote] api_key = your_api_key host = example.quatrix.it</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
+<td style="text-align: left;">y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y ```</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Once configured you can then use <code>rclone</code> like this,</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">List directories in top level of your Quatrix</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone lsd remote:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">List all the files in your Quatrix</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone ls remote:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">To copy a local directory to an Quatrix directory called backup</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone copy /home/source remote:backup</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### API key validity</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">API Key is created with no expiration date. It will be valid until you delete or deactivate it in your account. After disabling, the API Key can be enabled back. If the API Key was deleted and a new key was created, you can update it in rclone config. The same happens if the hostname was changed.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">``` $ rclone config Current remotes:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Name Type ==== ==== remote quatrix</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">e) Edit existing remote n) New remote d) Delete remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config e/n/d/r/c/s/q&gt; e Choose a number from below, or type in an existing value 1 &gt; remote remote&gt; remote</td>
 </tr>
 </tbody>
 </table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="deleting-files-6">Deleting files</h3>
-<p>Deleted files will be moved to the trash. Your subscription level will determine how long items stay in the trash. <code>rclone cleanup</code> can be used to empty the trash.</p>
-<h3 id="emptying-the-trash">Emptying the trash</h3>
-<p>Due to an API limitation, the <code>rclone cleanup</code> command will only work if you set your username and password in the advanced options for this backend. Since we generally want to avoid storing user passwords in the rclone config file, we advise you to only set this up if you need the <code>rclone cleanup</code> command to work.</p>
-<h3 id="root-folder-id-3">Root folder ID</h3>
-<p>You can set the <code>root_folder_id</code> for rclone. This is the directory (identified by its <code>Folder ID</code>) that rclone considers to be the root of your pCloud drive.</p>
-<p>Normally you will leave this blank and rclone will determine the correct root to use itself.</p>
-<p>However you can set this to restrict rclone to a specific folder hierarchy.</p>
-<p>In order to do this you will have to find the <code>Folder ID</code> of the directory you wish rclone to display. This will be the <code>folder</code> field of the URL when you open the relevant folder in the pCloud web interface.</p>
-<p>So if the folder you want rclone to use has a URL which looks like <code>https://my.pcloud.com/#page=filemanager&amp;folder=5xxxxxxxx8&amp;tpl=foldergrid</code> in the browser, then you use <code>5xxxxxxxx8</code> as the <code>root_folder_id</code> in the config.</p>
-<h3 id="standard-options-34">Standard options</h3>
-<p>Here are the Standard options specific to pcloud (Pcloud).</p>
-<h4 id="pcloud-client-id">--pcloud-client-id</h4>
-<p>OAuth Client Id.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_PCLOUD_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="pcloud-client-secret">--pcloud-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_PCLOUD_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-33">Advanced options</h3>
-<p>Here are the Advanced options specific to pcloud (Pcloud).</p>
-<h4 id="pcloud-token">--pcloud-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_PCLOUD_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="pcloud-auth-url">--pcloud-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_PCLOUD_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="pcloud-token-url">--pcloud-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_PCLOUD_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="pcloud-encoding">--pcloud-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_PCLOUD_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h4 id="pcloud-root-folder-id">--pcloud-root-folder-id</h4>
-<p>Fill in for rclone to use a non root folder as its starting point.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: root_folder_id</li>
-<li>Env Var: RCLONE_PCLOUD_ROOT_FOLDER_ID</li>
-<li>Type: string</li>
-<li>Default: "d0"</li>
-</ul>
-<h4 id="pcloud-hostname">--pcloud-hostname</h4>
-<p>Hostname to connect to.</p>
-<p>This is normally set when rclone initially does the oauth connection, however you will need to set it by hand if you are using remote config with rclone authorize.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: hostname</li>
-<li>Env Var: RCLONE_PCLOUD_HOSTNAME</li>
-<li>Type: string</li>
-<li>Default: "api.pcloud.com"</li>
-<li>Examples:
-<ul>
-<li>"api.pcloud.com"
-<ul>
-<li>Original/US region</li>
-</ul></li>
-<li>"eapi.pcloud.com"
-<ul>
-<li>EU region</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="pcloud-username">--pcloud-username</h4>
-<p>Your pcloud username.</p>
-<p>This is only required when you want to use the cleanup command. Due to a bug in the pcloud API the required API does not support OAuth authentication so we have to rely on user password authentication for it.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: username</li>
-<li>Env Var: RCLONE_PCLOUD_USERNAME</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="pcloud-password">--pcloud-password</h4>
-<p>Your pcloud password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: password</li>
-<li>Env Var: RCLONE_PCLOUD_PASSWORD</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h1 id="premiumize.me">premiumize.me</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-36">Configuration</h2>
-<p>The initial setup for <a href="https://premiumize.me/">premiumize.me</a> involves getting a token from premiumize.me which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / premiumize.me
-   \ &quot;premiumizeme&quot;
-[snip]
-Storage&gt; premiumizeme
-** See help for premiumizeme backend at: https://rclone.org/premiumizeme/ **
+<p>[remote] type = quatrix host = some_host.quatrix.it api_key = your_api_key -------------------- Edit remote Option api_key. API key for accessing Quatrix account Enter a string value. Press Enter for the default (your_api_key) api_key&gt; Option host. Host name of Quatrix account Enter a string value. Press Enter for the default (some_host.quatrix.it).</p>
+<table style="width:29%;">
+<colgroup>
+<col style="width: 29%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th style="text-align: left;">[remote] type = quatrix host = some_host.quatrix.it api_key = your_api_key</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="text-align: left;">y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y ```</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">### Modification times and hashes</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Quatrix allows modification times to be set on objects accurate to 1 microsecond. These will be used to detect whether objects need syncing or not.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Quatrix does not support hashes, so you cannot use the <code>--checksum</code> flag.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Restricted filename characters</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">File names in Quatrix are case sensitive and have limitations like the maximum length of a filename is 255, and the minimum length is 1. A file name cannot be equal to <code>.</code> or <code>..</code> nor contain <code>/</code> , <code>\</code> or non-printable ascii.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Transfers</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">For files above 50 MiB rclone will use a chunked transfer. Rclone will upload up to <code>--transfers</code> chunks at the same time (shared among all multipart uploads). Chunks are buffered in memory, and the minimal chunk size is 10_000_000 bytes by default, and it can be changed in the advanced configuration, so increasing <code>--transfers</code> will increase the memory use. The chunk size has a maximum size limit, which is set to 100_000_000 bytes by default and can be changed in the advanced configuration. The size of the uploaded chunk will dynamically change depending on the upload speed. The total memory use equals the number of transfers multiplied by the minimal chunk size. In case there's free memory allocated for the upload (which equals the difference of <code>maximal_summary_chunk_size</code> and <code>minimal_chunk_size</code> * <code>transfers</code>), the chunk size may increase in case of high upload speed. As well as it can decrease in case of upload speed problems. If no free memory is available, all chunks will equal <code>minimal_chunk_size</code>.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Deleting files</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Files you delete with rclone will end up in Trash and be stored there for 30 days. Quatrix also provides an API to permanently delete files and an API to empty the Trash so that you can remove files permanently from your account.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Standard options</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Here are the Standard options specific to quatrix (Quatrix by Maytech).</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --quatrix-api-key</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">API key for accessing Quatrix account</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: api_key - Env Var: RCLONE_QUATRIX_API_KEY - Type: string - Required: true</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --quatrix-host</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Host name of Quatrix account</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">- Config: host - Env Var: RCLONE_QUATRIX_HOST - Type: string - Required: true</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">### Advanced options</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Here are the Advanced options specific to quatrix (Quatrix by Maytech).</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">#### --quatrix-encoding</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">The encoding for the backend.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: encoding - Env Var: RCLONE_QUATRIX_ENCODING - Type: Encoding - Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --quatrix-effective-upload-time</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Wanted upload time for one chunk</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: effective_upload_time - Env Var: RCLONE_QUATRIX_EFFECTIVE_UPLOAD_TIME - Type: string - Default: "4s"</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --quatrix-minimal-chunk-size</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The minimal size for one chunk</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: minimal_chunk_size - Env Var: RCLONE_QUATRIX_MINIMAL_CHUNK_SIZE - Type: SizeSuffix - Default: 9.537Mi</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --quatrix-maximal-summary-chunk-size</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size'</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: maximal_summary_chunk_size - Env Var: RCLONE_QUATRIX_MAXIMAL_SUMMARY_CHUNK_SIZE - Type: SizeSuffix - Default: 95.367Mi</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">#### --quatrix-hard-delete</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Delete files permanently rather than putting them into the trash.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Properties:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">- Config: hard_delete - Env Var: RCLONE_QUATRIX_HARD_DELETE - Type: bool - Default: false</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">## Storage usage</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">The storage usage in Quatrix is restricted to the account during the purchase. You can restrict any user with a smaller storage limit. The account limit is applied if the user has no custom storage limit. Once you've reached the limit, the upload of files will fail. This can be fixed by freeing up the space or increasing the quota.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">## Server-side operations</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Quatrix supports server-side operations (copy and move). In case of conflict, files are overwritten during server-side operation.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;"># Sia</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Sia (<a href="https://sia.tech/">sia.tech</a>) is a decentralized cloud storage platform based on the <a href="https://wikipedia.org/wiki/Blockchain">blockchain</a> technology. With rclone you can use it like any other remote filesystem or mount Sia folders locally. The technology behind it involves a number of new concepts such as Siacoins and Wallet, Blockchain and Consensus, Renting and Hosting, and so on. If you are new to it, you'd better first familiarize yourself using their excellent <a href="https://support.sia.tech/">support documentation</a>.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">## Introduction</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">Before you can use rclone with Sia, you will need to have a running copy of <code>Sia-UI</code> or <code>siad</code> (the Sia daemon) locally on your computer or on local network (e.g. a NAS). Please follow the <a href="https://sia.tech/get-started">Get started</a> guide and install one.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">rclone interacts with Sia network by talking to the Sia daemon via <a href="https://sia.tech/docs/">HTTP API</a> which is usually available on port <em>9980</em>. By default you will run the daemon locally on the same computer so it's safe to leave the API password blank (the API URL will be <code>http://127.0.0.1:9980</code> making external access impossible).</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">However, if you want to access Sia daemon running on another node, for example due to memory constraints or because you want to share single daemon between several rclone and Sia-UI instances, you'll need to make a few more provisions: - Ensure you have <em>Sia daemon</em> installed directly or in a <a href="https://github.com/SiaFoundation/siad/pkgs/container/siad">docker container</a> because Sia-UI does not support this mode natively. - Run it on externally accessible port, for example provide <code>--api-addr :9980</code> and <code>--disable-api-security</code> arguments on the daemon command line. - Enforce API password for the <code>siad</code> daemon via environment variable <code>SIA_API_PASSWORD</code> or text file named <code>apipassword</code> in the daemon directory. - Set rclone backend option <code>api_password</code> taking it from above locations.</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Notes: 1. If your wallet is locked, rclone cannot unlock it automatically. You should either unlock it in advance by using Sia-UI or via command line <code>siac wallet unlock</code>. Alternatively you can make <code>siad</code> unlock your wallet automatically upon startup by running it with environment variable <code>SIA_WALLET_PASSWORD</code>. 2. If <code>siad</code> cannot find the <code>SIA_API_PASSWORD</code> variable or the <code>apipassword</code> file in the <code>SIA_DIR</code> directory, it will generate a random password and store in the text file named <code>apipassword</code> under <code>YOUR_HOME/.sia/</code> directory on Unix or <code>C:\Users\YOUR_HOME\AppData\Local\Sia\apipassword</code> on Windows. Remember this when you configure password in rclone. 3. The only way to use <code>siad</code> without API password is to run it <strong>on localhost</strong> with command line argument <code>--authorize-api=false</code>, but this is insecure and <strong>strongly discouraged</strong>.</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">## Configuration</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">Here is an example of how to make a <code>sia</code> remote called <code>mySia</code>. First, run:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">rclone config</td>
+</tr>
+<tr class="even">
+<td style="text-align: left;">This will guide you through an interactive setup process:</td>
+</tr>
+<tr class="odd">
+<td style="text-align: left;">``` No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; mySia Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value ... 29 / Sia Decentralized Cloud  "sia" ... Storage&gt; sia Sia daemon API URL, like http://sia.daemon.host:9980. Note that siad must run with --disable-api-security to open API port for other hosts (not recommended). Keep default if Sia daemon runs on localhost. Enter a string value. Press Enter for the default ("http://127.0.0.1:9980"). api_url&gt; http://127.0.0.1:9980 Sia Daemon API Password. Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory. y) Yes type in my own password g) Generate random password n) No leave this optional password blank (default) y/g/n&gt; y Enter the password: password: Confirm the password: password: Edit advanced config? y) Yes n) No (default) y/n&gt; n</td>
+</tr>
+</tbody>
+</table>
+<p>[mySia] type = sia api_url = http://127.0.0.1:9980 api_password = *** ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+Once configured, you can then use `rclone` like this:
+
+- List directories in top level of your Sia storage
+</code></pre>
+<p>rclone lsd mySia:</p>
+<pre><code>
+- List all the files in your Sia storage
+</code></pre>
+<p>rclone ls mySia:</p>
+<pre><code>
+- Upload a local directory to the Sia directory called _backup_
+</code></pre>
+<p>rclone copy /home/source mySia:backup</p>
+<pre><code>
+
+### Standard options
+
+Here are the Standard options specific to sia (Sia Decentralized Cloud).
+
+#### --sia-api-url
+
+Sia daemon API URL, like http://sia.daemon.host:9980.
+
+Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
+Keep default if Sia daemon runs on localhost.
+
+Properties:
+
+- Config:      api_url
+- Env Var:     RCLONE_SIA_API_URL
+- Type:        string
+- Default:     &quot;http://127.0.0.1:9980&quot;
+
+#### --sia-api-password
+
+Sia Daemon API Password.
+
+Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      api_password
+- Env Var:     RCLONE_SIA_API_PASSWORD
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to sia (Sia Decentralized Cloud).
+
+#### --sia-user-agent
+
+Siad User Agent
+
+Sia daemon requires the &#39;Sia-Agent&#39; user agent by default for security
+
+Properties:
+
+- Config:      user_agent
+- Env Var:     RCLONE_SIA_USER_AGENT
+- Type:        string
+- Default:     &quot;Sia-Agent&quot;
+
+#### --sia-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_SIA_ENCODING
+- Type:        Encoding
+- Default:     Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+- Modification times not supported
+- Checksums not supported
+- `rclone about` not supported
+- rclone can work only with _Siad_ or _Sia-UI_ at the moment,
+  the **SkyNet daemon is not supported yet.**
+- Sia does not allow control characters or symbols like question and pound
+  signs in file names. rclone will transparently [encode](https://rclone.org/overview/#encoding)
+  them for you, but you&#39;d better be aware
+
+#  Swift
+
+Swift refers to [OpenStack Object Storage](https://docs.openstack.org/swift/latest/).
+Commercial implementations of that being:
+
+  * [Rackspace Cloud Files](https://www.rackspace.com/cloud/files/)
+  * [Memset Memstore](https://www.memset.com/cloud/storage/)
+  * [OVH Object Storage](https://www.ovh.co.uk/public-cloud/storage/object-storage/)
+  * [Oracle Cloud Storage](https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html)
+  * [Blomp Cloud Storage](https://www.blomp.com/cloud-storage/)
+  * [IBM Bluemix Cloud ObjectStorage Swift](https://console.bluemix.net/docs/infrastructure/objectstorage-swift/index.html)
+
+Paths are specified as `remote:container` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:container/path/to/dir`.
+
+## Configuration
+
+Here is an example of making a swift configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)  "swift" [snip] Storage&gt; swift Get swift credentials from environment variables in standard OpenStack form. Choose a number from below, or type in your own value 1 / Enter swift credentials in the next step  "false" 2 / Get swift credentials from environment vars. Leave other fields blank if using this.  "true" env_auth&gt; true User name to log in (OS_USERNAME). user&gt; API key or password (OS_PASSWORD). key&gt; Authentication URL for server (OS_AUTH_URL). Choose a number from below, or type in your own value 1 / Rackspace US  "https://auth.api.rackspacecloud.com/v1.0" 2 / Rackspace UK  "https://lon.auth.api.rackspacecloud.com/v1.0" 3 / Rackspace v2  "https://identity.api.rackspacecloud.com/v2.0" 4 / Memset Memstore UK  "https://auth.storage.memset.com/v1.0" 5 / Memset Memstore UK v2  "https://auth.storage.memset.com/v2.0" 6 / OVH  "https://auth.cloud.ovh.net/v3" 7 / Blomp Cloud Storage  "https://authenticate.ain.net" auth&gt; User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID). user_id&gt; User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME) domain&gt; Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME) tenant&gt; Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID) tenant_id&gt; Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME) tenant_domain&gt; Region name - optional (OS_REGION_NAME) region&gt; Storage URL - optional (OS_STORAGE_URL) storage_url&gt; Auth Token from alternate authentication - optional (OS_AUTH_TOKEN) auth_token&gt; AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION) auth_version&gt; Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) Choose a number from below, or type in your own value 1 / Public (default, choose this if not sure)  "public" 2 / Internal (use internal service net)  "internal" 3 / Admin  "admin" endpoint_type&gt; Remote config -------------------- [test] env_auth = true user = key = auth = user_id = domain = tenant = tenant_id = tenant_domain = region = storage_url = auth_token = auth_version = endpoint_type = -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+This remote is called `remote` and can now be used like this
+
+See all containers
+
+    rclone lsd remote:
+
+Make a new container
+
+    rclone mkdir remote:container
+
+List the contents of a container
+
+    rclone ls remote:container
+
+Sync `/home/local/directory` to the remote container, deleting any
+excess files in the container.
+
+    rclone sync --interactive /home/local/directory remote:container
+
+### Configuration from an OpenStack credentials file
+
+An OpenStack credentials file typically looks something something
+like this (without the comments)
+</code></pre>
+<p>export OS_AUTH_URL=https://a.provider.net/v2.0 export OS_TENANT_ID=ffffffffffffffffffffffffffffffff export OS_TENANT_NAME="1234567890123456" export OS_USERNAME="123abc567xy" echo "Please enter your OpenStack Password: " read -sr OS_PASSWORD_INPUT export OS_PASSWORD=<span class="math inline">$OS_PASSWORD_INPUT export OS_REGION_NAME="SBG1" if [ -z "$</span>OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi</p>
+<pre><code>
+The config file needs to look something like this where `$OS_USERNAME`
+represents the value of the `OS_USERNAME` variable - `123abc567xy` in
+the example above.
+</code></pre>
+<p>[remote] type = swift user = $OS_USERNAME key = $OS_PASSWORD auth = $OS_AUTH_URL tenant = $OS_TENANT_NAME</p>
+<pre><code>
+Note that you may (or may not) need to set `region` too - try without first.
+
+### Configuration from the environment
+
+If you prefer you can configure rclone to use swift using a standard
+set of OpenStack environment variables.
+
+When you run through the config, make sure you choose `true` for
+`env_auth` and leave everything else blank.
+
+rclone will then set any empty config parameters from the environment
+using standard OpenStack environment variables.  There is [a list of
+the
+variables](https://godoc.org/github.com/ncw/swift#Connection.ApplyEnvironment)
+in the docs for the swift library.
+
+### Using an alternate authentication method
+
+If your OpenStack installation uses a non-standard authentication method
+that might not be yet supported by rclone or the underlying swift library, 
+you can authenticate externally (e.g. calling manually the `openstack` 
+commands to get a token). Then, you just need to pass the two 
+configuration variables ``auth_token`` and ``storage_url``. 
+If they are both provided, the other variables are ignored. rclone will 
+not try to authenticate but instead assume it is already authenticated 
+and use these two variables to access the OpenStack installation.
+
+#### Using rclone without a config file
+
+You can use rclone with swift without a config file, if desired, like
+this:
+</code></pre>
+<p>source openstack-credentials-file export RCLONE_CONFIG_MYREMOTE_TYPE=swift export RCLONE_CONFIG_MYREMOTE_ENV_AUTH=true rclone lsd myremote:</p>
+<pre><code>
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### --update and --use-server-modtime
+
+As noted below, the modified time is stored on metadata on the object. It is
+used by default for all operations that require checking the time a file was
+last updated. It allows rclone to treat the remote more like a true filesystem,
+but it is inefficient because it requires an extra API call to retrieve the
+metadata.
+
+For many operations, the time the object was last uploaded to the remote is
+sufficient to determine if it is &quot;dirty&quot;. By using `--update` along with
+`--use-server-modtime`, you can avoid the extra API call and simply upload
+files whose local modtime is newer than the time it was last uploaded.
+
+### Modification times and hashes
+
+The modified time is stored as metadata on the object as
+`X-Object-Meta-Mtime` as floating point since the epoch accurate to 1
+ns.
+
+This is a de facto standard (used in the official python-swiftclient
+amongst others) for storing the modification time for an object.
+
+The MD5 hash algorithm is supported.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
+
+#### --swift-env-auth
+
+Get swift credentials from environment variables in standard OpenStack form.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_SWIFT_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - &quot;false&quot;
+        - Enter swift credentials in the next step.
+    - &quot;true&quot;
+        - Get swift credentials from environment vars.
+        - Leave other fields blank if using this.
+
+#### --swift-user
+
+User name to log in (OS_USERNAME).
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_SWIFT_USER
+- Type:        string
+- Required:    false
+
+#### --swift-key
+
+API key or password (OS_PASSWORD).
+
+Properties:
+
+- Config:      key
+- Env Var:     RCLONE_SWIFT_KEY
+- Type:        string
+- Required:    false
+
+#### --swift-auth
+
+Authentication URL for server (OS_AUTH_URL).
+
+Properties:
+
+- Config:      auth
+- Env Var:     RCLONE_SWIFT_AUTH
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;https://auth.api.rackspacecloud.com/v1.0&quot;
+        - Rackspace US
+    - &quot;https://lon.auth.api.rackspacecloud.com/v1.0&quot;
+        - Rackspace UK
+    - &quot;https://identity.api.rackspacecloud.com/v2.0&quot;
+        - Rackspace v2
+    - &quot;https://auth.storage.memset.com/v1.0&quot;
+        - Memset Memstore UK
+    - &quot;https://auth.storage.memset.com/v2.0&quot;
+        - Memset Memstore UK v2
+    - &quot;https://auth.cloud.ovh.net/v3&quot;
+        - OVH
+    - &quot;https://authenticate.ain.net&quot;
+        - Blomp Cloud Storage
+
+#### --swift-user-id
+
+User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
+
+Properties:
+
+- Config:      user_id
+- Env Var:     RCLONE_SWIFT_USER_ID
+- Type:        string
+- Required:    false
+
+#### --swift-domain
+
+User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+
+Properties:
+
+- Config:      domain
+- Env Var:     RCLONE_SWIFT_DOMAIN
+- Type:        string
+- Required:    false
+
+#### --swift-tenant
+
+Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).
+
+Properties:
+
+- Config:      tenant
+- Env Var:     RCLONE_SWIFT_TENANT
+- Type:        string
+- Required:    false
+
+#### --swift-tenant-id
+
+Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).
+
+Properties:
+
+- Config:      tenant_id
+- Env Var:     RCLONE_SWIFT_TENANT_ID
+- Type:        string
+- Required:    false
+
+#### --swift-tenant-domain
+
+Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).
+
+Properties:
+
+- Config:      tenant_domain
+- Env Var:     RCLONE_SWIFT_TENANT_DOMAIN
+- Type:        string
+- Required:    false
+
+#### --swift-region
+
+Region name - optional (OS_REGION_NAME).
+
+Properties:
+
+- Config:      region
+- Env Var:     RCLONE_SWIFT_REGION
+- Type:        string
+- Required:    false
+
+#### --swift-storage-url
+
+Storage URL - optional (OS_STORAGE_URL).
+
+Properties:
+
+- Config:      storage_url
+- Env Var:     RCLONE_SWIFT_STORAGE_URL
+- Type:        string
+- Required:    false
+
+#### --swift-auth-token
+
+Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).
+
+Properties:
+
+- Config:      auth_token
+- Env Var:     RCLONE_SWIFT_AUTH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --swift-application-credential-id
+
+Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).
+
+Properties:
+
+- Config:      application_credential_id
+- Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_ID
+- Type:        string
+- Required:    false
+
+#### --swift-application-credential-name
+
+Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).
+
+Properties:
+
+- Config:      application_credential_name
+- Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_NAME
+- Type:        string
+- Required:    false
+
+#### --swift-application-credential-secret
+
+Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).
+
+Properties:
+
+- Config:      application_credential_secret
+- Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_SECRET
+- Type:        string
+- Required:    false
+
+#### --swift-auth-version
+
+AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION).
+
+Properties:
+
+- Config:      auth_version
+- Env Var:     RCLONE_SWIFT_AUTH_VERSION
+- Type:        int
+- Default:     0
+
+#### --swift-endpoint-type
+
+Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE).
+
+Properties:
+
+- Config:      endpoint_type
+- Env Var:     RCLONE_SWIFT_ENDPOINT_TYPE
+- Type:        string
+- Default:     &quot;public&quot;
+- Examples:
+    - &quot;public&quot;
+        - Public (default, choose this if not sure)
+    - &quot;internal&quot;
+        - Internal (use internal service net)
+    - &quot;admin&quot;
+        - Admin
+
+#### --swift-storage-policy
+
+The storage policy to use when creating a new container.
+
+This applies the specified storage policy when creating a new
+container. The policy cannot be changed afterwards. The allowed
+configuration values and their meaning depend on your Swift storage
+provider.
+
+Properties:
+
+- Config:      storage_policy
+- Env Var:     RCLONE_SWIFT_STORAGE_POLICY
+- Type:        string
+- Required:    false
+- Examples:
+    - &quot;&quot;
+        - Default
+    - &quot;pcs&quot;
+        - OVH Public Cloud Storage
+    - &quot;pca&quot;
+        - OVH Public Cloud Archive
+
+### Advanced options
+
+Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
+
+#### --swift-leave-parts-on-error
+
+If true avoid calling abort upload on a failure.
+
+It should be set to true for resuming uploads across different sessions.
+
+Properties:
+
+- Config:      leave_parts_on_error
+- Env Var:     RCLONE_SWIFT_LEAVE_PARTS_ON_ERROR
+- Type:        bool
+- Default:     false
+
+#### --swift-chunk-size
+
+Above this size files will be chunked into a _segments container.
+
+Above this size files will be chunked into a _segments container.  The
+default for this is 5 GiB which is its maximum value.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_SWIFT_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Gi
+
+#### --swift-no-chunk
+
+Don&#39;t chunk files during streaming upload.
+
+When doing streaming uploads (e.g. using rcat or mount) setting this
+flag will cause the swift backend to not upload chunked files.
+
+This will limit the maximum upload size to 5 GiB. However non chunked
+files are easier to deal with and have an MD5SUM.
+
+Rclone will still chunk files bigger than chunk_size when doing normal
+copy operations.
+
+Properties:
+
+- Config:      no_chunk
+- Env Var:     RCLONE_SWIFT_NO_CHUNK
+- Type:        bool
+- Default:     false
+
+#### --swift-no-large-objects
+
+Disable support for static and dynamic large objects
+
+Swift cannot transparently store files bigger than 5 GiB. There are
+two schemes for doing that, static or dynamic large objects, and the
+API does not allow rclone to determine whether a file is a static or
+dynamic large object without doing a HEAD on the object. Since these
+need to be treated differently, this means rclone has to issue HEAD
+requests for objects for example when reading checksums.
+
+When `no_large_objects` is set, rclone will assume that there are no
+static or dynamic large objects stored. This means it can stop doing
+the extra HEAD calls which in turn increases performance greatly
+especially when doing a swift to swift transfer with `--checksum` set.
+
+Setting this option implies `no_chunk` and also that no files will be
+uploaded in chunks, so files bigger than 5 GiB will just fail on
+upload.
+
+If you set this option and there *are* static or dynamic large objects,
+then this will give incorrect hashes for them. Downloads will succeed,
+but other operations such as Remove and Copy will fail.
+
+
+Properties:
+
+- Config:      no_large_objects
+- Env Var:     RCLONE_SWIFT_NO_LARGE_OBJECTS
+- Type:        bool
+- Default:     false
+
+#### --swift-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_SWIFT_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8
+
+
+
+## Limitations
+
+The Swift API doesn&#39;t return a correct MD5SUM for segmented files
+(Dynamic or Static Large Objects) so rclone won&#39;t check or use the
+MD5SUM for these.
+
+## Troubleshooting
+
+### Rclone gives Failed to create file system for &quot;remote:&quot;: Bad Request
+
+Due to an oddity of the underlying swift library, it gives a &quot;Bad
+Request&quot; error rather than a more sensible error when the
+authentication fails for Swift.
+
+So this most likely means your username / password is wrong.  You can
+investigate further with the `--dump-bodies` flag.
+
+This may also be caused by specifying the region when you shouldn&#39;t
+have (e.g. OVH).
+
+### Rclone gives Failed to create file system: Response didn&#39;t have storage url and auth token
+
+This is most likely caused by forgetting to specify your tenant when
+setting up a swift remote.
+
+## OVH Cloud Archive
+
+To use rclone with OVH cloud archive, first use `rclone config` to set up a `swift` backend with OVH, choosing `pca` as the `storage_policy`.
+
+### Uploading Objects
+
+Uploading objects to OVH cloud archive is no different to object storage, you just simply run the command you like (move, copy or sync) to upload the objects. Once uploaded the objects will show in a &quot;Frozen&quot; state within the OVH control panel.
+
+### Retrieving Objects
+
+To retrieve objects use `rclone copy` as normal. If the objects are in a frozen state then rclone will ask for them all to be unfrozen and it will wait at the end of the output with a message like the following:
+
+`2019/03/23 13:06:33 NOTICE: Received retry after error - sleeping until 2019-03-23T13:16:33.481657164+01:00 (9m59.99985121s)`
+
+Rclone will wait for the time specified then retry the copy.
+
+#  pCloud
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for pCloud involves getting a token from pCloud which you
+need to do in your browser.  `rclone config` walks you through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Pcloud  "pcloud" [snip] Storage&gt; pcloud Pcloud App Client Id - leave blank normally. client_id&gt; Pcloud App Client Secret - leave blank normally. client_secret&gt; Remote config Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y) Yes n) No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code -------------------- [remote] client_id = client_secret = token = {"access_token":"XXX","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"} -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from pCloud. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on `http://127.0.0.1:53682/` and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your pCloud
+
+    rclone lsd remote:
+
+List all the files in your pCloud
+
+    rclone ls remote:
+
+To copy a local directory to a pCloud directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+pCloud allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.  In order to set a Modification time pCloud requires the object
+be re-uploaded.
+
+pCloud supports MD5 and SHA1 hashes in the US region, and SHA1 and SHA256
+hashes in the EU region, so you can use the `--checksum` flag.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Deleting files
+
+Deleted files will be moved to the trash.  Your subscription level
+will determine how long items stay in the trash.  `rclone cleanup` can
+be used to empty the trash.
+
+### Emptying the trash
+
+Due to an API limitation, the `rclone cleanup` command will only work if you 
+set your username and password in the advanced options for this backend. 
+Since we generally want to avoid storing user passwords in the rclone config
+file, we advise you to only set this up if you need the `rclone cleanup` command to work.
+
+### Root folder ID
+
+You can set the `root_folder_id` for rclone.  This is the directory
+(identified by its `Folder ID`) that rclone considers to be the root
+of your pCloud drive.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
+However you can set this to restrict rclone to a specific folder
+hierarchy.
+
+In order to do this you will have to find the `Folder ID` of the
+directory you wish rclone to display.  This will be the `folder` field
+of the URL when you open the relevant folder in the pCloud web
+interface.
+
+So if the folder you want rclone to use has a URL which looks like
+`https://my.pcloud.com/#page=filemanager&amp;folder=5xxxxxxxx8&amp;tpl=foldergrid`
+in the browser, then you use `5xxxxxxxx8` as
+the `root_folder_id` in the config.
+
+
+### Standard options
+
+Here are the Standard options specific to pcloud (Pcloud).
+
+#### --pcloud-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PCLOUD_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --pcloud-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PCLOUD_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to pcloud (Pcloud).
+
+#### --pcloud-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PCLOUD_TOKEN
+- Type:        string
+- Required:    false
+
+#### --pcloud-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PCLOUD_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --pcloud-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PCLOUD_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --pcloud-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PCLOUD_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+#### --pcloud-root-folder-id
+
+Fill in for rclone to use a non root folder as its starting point.
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_PCLOUD_ROOT_FOLDER_ID
+- Type:        string
+- Default:     &quot;d0&quot;
+
+#### --pcloud-hostname
+
+Hostname to connect to.
+
+This is normally set when rclone initially does the oauth connection,
+however you will need to set it by hand if you are using remote config
+with rclone authorize.
+
+
+Properties:
+
+- Config:      hostname
+- Env Var:     RCLONE_PCLOUD_HOSTNAME
+- Type:        string
+- Default:     &quot;api.pcloud.com&quot;
+- Examples:
+    - &quot;api.pcloud.com&quot;
+        - Original/US region
+    - &quot;eapi.pcloud.com&quot;
+        - EU region
+
+#### --pcloud-username
+
+Your pcloud username.
+            
+This is only required when you want to use the cleanup command. Due to a bug
+in the pcloud API the required API does not support OAuth authentication so
+we have to rely on user password authentication for it.
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PCLOUD_USERNAME
+- Type:        string
+- Required:    false
+
+#### --pcloud-password
+
+Your pcloud password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PCLOUD_PASSWORD
+- Type:        string
+- Required:    false
+
+
+
+#  PikPak
+
+PikPak is [a private cloud drive](https://mypikpak.com/).
+
+Paths are specified as `remote:path`, and may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+Here is an example of making a remote for PikPak.
+
+First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n</p>
+<p>Enter name for new remote. name&gt; remote</p>
+<p>Option Storage. Type of storage to configure. Choose a number from below, or type in your own value. XX / PikPak  (pikpak) Storage&gt; XX</p>
+<p>Option user. Pikpak username. Enter a value. user&gt; USERNAME</p>
+<p>Option pass. Pikpak password. Choose an alternative below. y) Yes, type in my own password g) Generate random password y/g&gt; y Enter the password: password: Confirm the password: password:</p>
+<p>Edit advanced config? y) Yes n) No (default) y/n&gt;</p>
+<p>Configuration complete. Options: - type: pikpak - user: USERNAME - pass: *** ENCRYPTED *** - token: {"access_token":"eyJ...","token_type":"Bearer","refresh_token":"os...","expiry":"2023-01-26T18:54:32.170582647+09:00"} Keep this "remote" remote? y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+### Modification times and hashes
+
+PikPak keeps modification times on objects, and updates them when uploading objects,
+but it does not support changing only the modification time
+
+The MD5 hash algorithm is supported.
+
+
+### Standard options
+
+Here are the Standard options specific to pikpak (PikPak).
+
+#### --pikpak-user
+
+Pikpak username.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_PIKPAK_USER
+- Type:        string
+- Required:    true
+
+#### --pikpak-pass
+
+Pikpak password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_PIKPAK_PASS
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to pikpak (PikPak).
+
+#### --pikpak-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PIKPAK_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PIKPAK_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --pikpak-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PIKPAK_TOKEN
+- Type:        string
+- Required:    false
+
+#### --pikpak-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PIKPAK_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PIKPAK_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-root-folder-id
+
+ID of the root folder.
+Leave blank normally.
+
+Fill in for rclone to use a non root folder as its starting point.
+
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_PIKPAK_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-use-trash
+
+Send files to the trash instead of deleting permanently.
+
+Defaults to true, namely sending files to the trash.
+Use `--pikpak-use-trash=false` to delete files permanently instead.
+
+Properties:
+
+- Config:      use_trash
+- Env Var:     RCLONE_PIKPAK_USE_TRASH
+- Type:        bool
+- Default:     true
+
+#### --pikpak-trashed-only
+
+Only show files that are in the trash.
+
+This will show trashed files in their original directory structure.
+
+Properties:
+
+- Config:      trashed_only
+- Env Var:     RCLONE_PIKPAK_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --pikpak-hash-memory-limit
+
+Files bigger than this will be cached on disk to calculate hash if required.
+
+Properties:
+
+- Config:      hash_memory_limit
+- Env Var:     RCLONE_PIKPAK_HASH_MEMORY_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --pikpak-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PIKPAK_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+## Backend commands
+
+Here are the commands specific to the pikpak backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### addurl
+
+Add offline download task for url
+
+    rclone backend addurl remote: [options] [&lt;arguments&gt;+]
+
+This command adds offline download task for url.
+
+Usage:
+
+    rclone backend addurl pikpak:dirpath url
+
+Downloads will be stored in &#39;dirpath&#39;. If &#39;dirpath&#39; is invalid, 
+download will fallback to default &#39;My Pack&#39; folder.
+
+
+### decompress
+
+Request decompress of a file/files in a folder
+
+    rclone backend decompress remote: [options] [&lt;arguments&gt;+]
+
+This command requests decompress of file/files in a folder.
+
+Usage:
+
+    rclone backend decompress pikpak:dirpath {filename} -o password=password
+    rclone backend decompress pikpak:dirpath {filename} -o delete-src-file
+
+An optional argument &#39;filename&#39; can be specified for a file located in 
+&#39;pikpak:dirpath&#39;. You may want to pass &#39;-o password=password&#39; for a 
+password-protected files. Also, pass &#39;-o delete-src-file&#39; to delete 
+source files after decompression finished.
+
+Result:
+
+    {
+        &quot;Decompressed&quot;: 17,
+        &quot;SourceDeleted&quot;: 0,
+        &quot;Errors&quot;: 0
+    }
+
+
+
+
+## Limitations
+
+### Hashes may be empty
+
+PikPak supports MD5 hash, but sometimes given empty especially for user-uploaded files.
+
+### Deleted files still visible with trashed-only
+
+Deleted files will still be visible with `--pikpak-trashed-only` even after the
+trash emptied. This goes away after few days.
+
+#  premiumize.me
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for [premiumize.me](https://premiumize.me/) involves getting a token from premiumize.me which you
+need to do in your browser.  `rclone config` walks you through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / premiumize.me  "premiumizeme" [snip] Storage&gt; premiumizeme ** See help for premiumizeme backend at: https://rclone.org/premiumizeme/ **</p>
+<p>Remote config Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y) Yes n) No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code -------------------- [remote] type = premiumizeme token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2029-08-07T18:44:15.548915378+01:00"} -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt;</p>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from premiumize.me. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on `http://127.0.0.1:53682/` and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your premiumize.me
+
+    rclone lsd remote:
+
+List all the files in your premiumize.me
+
+    rclone ls remote:
+
+To copy a local directory to an premiumize.me directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+premiumize.me does not support modification times or hashes, therefore
+syncing will default to `--size-only` checking.  Note that using
+`--update` will work.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+| &quot;         | 0x22  | ＂           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to premiumizeme (premiumize.me).
+
+#### --premiumizeme-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-api-key
+
+API Key.
+
+This is not normally used - use oauth instead.
+
+
+Properties:
+
+- Config:      api_key
+- Env Var:     RCLONE_PREMIUMIZEME_API_KEY
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to premiumizeme (premiumize.me).
+
+#### --premiumizeme-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PREMIUMIZEME_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PREMIUMIZEME_ENCODING
+- Type:        Encoding
+- Default:     Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+Note that premiumize.me is case insensitive so you can&#39;t have a file called
+&quot;Hello.doc&quot; and one called &quot;hello.doc&quot;.
+
+premiumize.me file names can&#39;t have the `\` or `&quot;` characters in.
+rclone maps these to and from an identical looking unicode equivalents
+`＼` and `＂`
+
+premiumize.me only supports filenames up to 255 characters in length.
+
+#  Proton Drive
+
+[Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+ for your files that protects your data.
+
+This is an rclone backend for Proton Drive which supports the file transfer
+features of Proton Drive using the same client-side encryption.
+
+Due to the fact that Proton Drive doesn&#39;t publish its API documentation, this 
+backend is implemented with best efforts by reading the open-sourced client 
+source code and observing the Proton Drive traffic in the browser.
+
+**NB** This backend is currently in Beta. It is believed to be correct
+and all the integration tests pass. However the Proton Drive protocol
+has evolved over time there may be accounts it is not compatible
+with. Please [post on the rclone forum](https://forum.rclone.org/) if
+you find an incompatibility.
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configurations
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Proton Drive  "Proton Drive" [snip] Storage&gt; protondrive User name user&gt; you@protonmail.com Password. y) Yes type in my own password g) Generate random password n) No leave this optional password blank y/g/n&gt; y Enter the password: password: Confirm the password: password: Option 2fa. 2FA code (if the account requires one) Enter a value. Press Enter to leave empty. 2fa&gt; 123456 Remote config -------------------- [remote] type = protondrive user = you@protonmail.com pass = *** ENCRYPTED *** -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+**NOTE:** The Proton Drive encryption keys need to have been already generated 
+after a regular login via the browser, otherwise attempting to use the 
+credentials in `rclone` will fail.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Proton Drive
+
+    rclone lsd remote:
+
+List all the files in your Proton Drive
+
+    rclone ls remote:
+
+To copy a local directory to an Proton Drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Proton Drive Bridge does not support updating modification times yet.
+
+The SHA1 hash algorithm is supported.
+
+### Restricted filename characters
+
+Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
+
+### Duplicated files
+
+Proton Drive can not have two files with exactly the same name and path. If the 
+conflict occurs, depending on the advanced config, the file might or might not 
+be overwritten.
+
+### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
+
+Please set your mailbox password in the advanced config section.
+
+### Caching
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+
+### Standard options
+
+Here are the Standard options specific to protondrive (Proton Drive).
+
+#### --protondrive-username
+
+The username of your proton account
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PROTONDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --protondrive-password
+
+The password of your proton account.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --protondrive-2fa
+
+The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_PROTONDRIVE_2FA
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to protondrive (Proton Drive).
+
+#### --protondrive-mailbox-password
+
+The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      mailbox_password
+- Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-uid
+
+Client uid key (internal use only)
+
+Properties:
+
+- Config:      client_uid
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-access-token
+
+Client access token key (internal use only)
+
+Properties:
+
+- Config:      client_access_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-refresh-token
+
+Client refresh token key (internal use only)
+
+Properties:
+
+- Config:      client_refresh_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-salted-key-pass
+
+Client salted key pass key (internal use only)
+
+Properties:
+
+- Config:      client_salted_key_pass
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+- Type:        string
+- Required:    false
+
+#### --protondrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PROTONDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
+
+#### --protondrive-original-file-size
+
+Return the file size before encryption
+            
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly
+
+Properties:
+
+- Config:      original_file_size
+- Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+- Type:        bool
+- Default:     true
+
+#### --protondrive-app-version
+
+The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.
+
+Properties:
+
+- Config:      app_version
+- Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+- Type:        string
+- Default:     &quot;macos-drive@1.0.0-alpha.1+rclone&quot;
+
+#### --protondrive-replace-existing-draft
+
+Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error &quot;a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt&quot; 
+will be returned, and no upload will happen.
+
+Properties:
+
+- Config:      replace_existing_draft
+- Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+- Type:        bool
+- Default:     false
+
+#### --protondrive-enable-caching
+
+Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn&#39;t update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+Properties:
+
+- Config:      enable_caching
+- Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+- Type:        bool
+- Default:     true
+
+
+
+## Limitations
+
+This backend uses the 
+[Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
+
+There is no official API documentation available from Proton Drive. But, thanks 
+to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+and the web, iOS, and Android client codebases, we don&#39;t need to completely 
+reverse engineer the APIs by observing the web client traffic! 
+
+[proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+building blocks of API calls and error handling, such as 429 exponential 
+back-off, but it is pretty much just a barebone interface to the Proton API. 
+For example, the encryption and decryption of the Proton Drive file are not 
+provided in this library. 
+
+The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+top of this quickly. This codebase handles the intricate tasks before and after 
+calling Proton APIs, particularly the complex encryption scheme, allowing 
+developers to implement features for other software on top of this codebase. 
+There are likely quite a few errors in this library, as there isn&#39;t official 
+documentation available.
+
+#  put.io
+
+Paths are specified as `remote:path`
+
+put.io paths may be as deep as required, e.g.
+`remote:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for put.io involves getting a token from put.io
+which you need to do in your browser.  `rclone config` walks you
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; putio Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Put.io  "putio" [snip] Storage&gt; putio ** See help for putio backend at: https://rclone.org/putio/ **</p>
+<p>Remote config Use web browser to automatically authenticate rclone with remote? * Say Y if the machine running rclone has a web browser you can use * Say N if running rclone on a (remote) machine without web browser access If not sure try Y. If Y failed, try N. y) Yes n) No y/n&gt; y If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code... Got code -------------------- [putio] type = putio token = {"access_token":"XXXXXXXX","expiry":"0001-01-01T00:00:00Z"} -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y Current remotes:</p>
+<p>Name Type ==== ==== putio putio</p>
+<ol start="5" type="a">
+<li>Edit existing remote</li>
+<li>New remote</li>
+<li>Delete remote</li>
+<li>Rename remote</li>
+<li>Copy remote</li>
+<li>Set configuration password</li>
+<li>Quit config e/n/d/r/c/s/q&gt; q</li>
+</ol>
+<pre><code>
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from put.io  if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and this
+it may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
+You can then use it like this,
+
+List directories in top level of your put.io
+
+    rclone lsd remote:
+
+List all the files in your put.io
+
+    rclone ls remote:
+
+To copy a local directory to a put.io directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to putio (Put.io).
+
+#### --putio-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PUTIO_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --putio-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PUTIO_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to putio (Put.io).
+
+#### --putio-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PUTIO_TOKEN
+- Type:        string
+- Required:    false
+
+#### --putio-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PUTIO_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --putio-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PUTIO_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --putio-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PUTIO_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+put.io has rate limiting. When you hit a limit, rclone automatically
+retries after waiting the amount of time requested by the server.
+
+If you want to avoid ever hitting these limits, you may use the
+`--tpslimit` flag with a low number. Note that the imposed limits
+may be different for different operations, and may change over time.
+
+#  Proton Drive
+
+[Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+ for your files that protects your data.
+
+This is an rclone backend for Proton Drive which supports the file transfer
+features of Proton Drive using the same client-side encryption.
+
+Due to the fact that Proton Drive doesn&#39;t publish its API documentation, this 
+backend is implemented with best efforts by reading the open-sourced client 
+source code and observing the Proton Drive traffic in the browser.
+
+**NB** This backend is currently in Beta. It is believed to be correct
+and all the integration tests pass. However the Proton Drive protocol
+has evolved over time there may be accounts it is not compatible
+with. Please [post on the rclone forum](https://forum.rclone.org/) if
+you find an incompatibility.
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configurations
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Proton Drive  "Proton Drive" [snip] Storage&gt; protondrive User name user&gt; you@protonmail.com Password. y) Yes type in my own password g) Generate random password n) No leave this optional password blank y/g/n&gt; y Enter the password: password: Confirm the password: password: Option 2fa. 2FA code (if the account requires one) Enter a value. Press Enter to leave empty. 2fa&gt; 123456 Remote config -------------------- [remote] type = protondrive user = you@protonmail.com pass = *** ENCRYPTED *** -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+**NOTE:** The Proton Drive encryption keys need to have been already generated 
+after a regular login via the browser, otherwise attempting to use the 
+credentials in `rclone` will fail.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Proton Drive
+
+    rclone lsd remote:
+
+List all the files in your Proton Drive
+
+    rclone ls remote:
+
+To copy a local directory to an Proton Drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Proton Drive Bridge does not support updating modification times yet.
+
+The SHA1 hash algorithm is supported.
+
+### Restricted filename characters
+
+Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
+
+### Duplicated files
+
+Proton Drive can not have two files with exactly the same name and path. If the 
+conflict occurs, depending on the advanced config, the file might or might not 
+be overwritten.
+
+### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
+
+Please set your mailbox password in the advanced config section.
+
+### Caching
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+
+### Standard options
+
+Here are the Standard options specific to protondrive (Proton Drive).
+
+#### --protondrive-username
+
+The username of your proton account
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PROTONDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --protondrive-password
+
+The password of your proton account.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --protondrive-2fa
+
+The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_PROTONDRIVE_2FA
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to protondrive (Proton Drive).
+
+#### --protondrive-mailbox-password
+
+The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      mailbox_password
+- Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-uid
+
+Client uid key (internal use only)
+
+Properties:
+
+- Config:      client_uid
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-access-token
+
+Client access token key (internal use only)
+
+Properties:
+
+- Config:      client_access_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+- Type:        string
+- Required:    false
 
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = premiumizeme
-token = {&quot;access_token&quot;:&quot;XXX&quot;,&quot;token_type&quot;:&quot;Bearer&quot;,&quot;refresh_token&quot;:&quot;XXX&quot;,&quot;expiry&quot;:&quot;2029-08-07T18:44:15.548915378+01:00&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; </code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from premiumize.me. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
-<p>Once configured you can then use <code>rclone</code> like this,</p>
-<p>List directories in top level of your premiumize.me</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your premiumize.me</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to an premiumize.me directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-hashes-11">Modified time and hashes</h3>
-<p>premiumize.me does not support modification times or hashes, therefore syncing will default to <code>--size-only</code> checking. Note that using <code>--update</code> will work.</p>
-<h3 id="restricted-filename-characters-24">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-<tr class="even">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-35">Standard options</h3>
-<p>Here are the Standard options specific to premiumizeme (premiumize.me).</p>
-<h4 id="premiumizeme-api-key">--premiumizeme-api-key</h4>
-<p>API Key.</p>
-<p>This is not normally used - use oauth instead.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: api_key</li>
-<li>Env Var: RCLONE_PREMIUMIZEME_API_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-34">Advanced options</h3>
-<p>Here are the Advanced options specific to premiumizeme (premiumize.me).</p>
-<h4 id="premiumizeme-encoding">--premiumizeme-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_PREMIUMIZEME_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-27">Limitations</h2>
-<p>Note that premiumize.me is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".</p>
-<p>premiumize.me file names can't have the <code>\</code> or <code>"</code> characters in. rclone maps these to and from an identical looking unicode equivalents <code>＼</code> and <code>＂</code></p>
-<p>premiumize.me only supports filenames up to 255 characters in length.</p>
-<h1 id="put.io">put.io</h1>
-<p>Paths are specified as <code>remote:path</code></p>
-<p>put.io paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-37">Configuration</h2>
-<p>The initial setup for put.io involves getting a token from put.io which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
-<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
-<pre><code> rclone config</code></pre>
-<p>This will guide you through an interactive setup process:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; putio
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Put.io
-   \ &quot;putio&quot;
-[snip]
-Storage&gt; putio
-** See help for putio backend at: https://rclone.org/putio/ **
+#### --protondrive-client-refresh-token
 
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n&gt; y
-If your browser doesn&#39;t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[putio]
-type = putio
-token = {&quot;access_token&quot;:&quot;XXXXXXXX&quot;,&quot;expiry&quot;:&quot;0001-01-01T00:00:00Z&quot;}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y
-Current remotes:
+Client refresh token key (internal use only)
+
+Properties:
+
+- Config:      client_refresh_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-salted-key-pass
+
+Client salted key pass key (internal use only)
+
+Properties:
+
+- Config:      client_salted_key_pass
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+- Type:        string
+- Required:    false
+
+#### --protondrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PROTONDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
+
+#### --protondrive-original-file-size
+
+Return the file size before encryption
+            
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly
+
+Properties:
+
+- Config:      original_file_size
+- Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+- Type:        bool
+- Default:     true
+
+#### --protondrive-app-version
+
+The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.
+
+Properties:
+
+- Config:      app_version
+- Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+- Type:        string
+- Default:     &quot;macos-drive@1.0.0-alpha.1+rclone&quot;
+
+#### --protondrive-replace-existing-draft
+
+Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error &quot;a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt&quot; 
+will be returned, and no upload will happen.
+
+Properties:
+
+- Config:      replace_existing_draft
+- Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+- Type:        bool
+- Default:     false
+
+#### --protondrive-enable-caching
+
+Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn&#39;t update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+Properties:
+
+- Config:      enable_caching
+- Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+- Type:        bool
+- Default:     true
+
+
+
+## Limitations
+
+This backend uses the 
+[Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
+
+There is no official API documentation available from Proton Drive. But, thanks 
+to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+and the web, iOS, and Android client codebases, we don&#39;t need to completely 
+reverse engineer the APIs by observing the web client traffic! 
+
+[proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+building blocks of API calls and error handling, such as 429 exponential 
+back-off, but it is pretty much just a barebone interface to the Proton API. 
+For example, the encryption and decryption of the Proton Drive file are not 
+provided in this library. 
+
+The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+top of this quickly. This codebase handles the intricate tasks before and after 
+calling Proton APIs, particularly the complex encryption scheme, allowing 
+developers to implement features for other software on top of this codebase. 
+There are likely quite a few errors in this library, as there isn&#39;t official 
+documentation available.
+
+#  Seafile
+
+This is a backend for the [Seafile](https://www.seafile.com/) storage service:
+- It works with both the free community edition or the professional edition.
+- Seafile versions 6.x, 7.x, 8.x and 9.x are all supported.
+- Encrypted libraries are also supported.
+- It supports 2FA enabled users
+- Using a Library API Token is **not** supported
+
+## Configuration
+
+There are two distinct modes you can setup your remote:
+- you point your remote to the **root of the server**, meaning you don&#39;t specify a library during the configuration:
+Paths are specified as `remote:library`. You may put subdirectories in too, e.g. `remote:library/path/to/dir`.
+- you point your remote to a specific library during the configuration:
+Paths are specified as `remote:path/to/dir`. **This is the recommended mode when using encrypted libraries**. (_This mode is possibly slightly faster than the root mode_)
+
+### Configuration in root mode
+
+Here is an example of making a seafile configuration for a user with **no** two-factor authentication.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process. To authenticate
+you will need the URL of your server, your email (or username) and your password.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; seafile Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Seafile  "seafile" [snip] Storage&gt; seafile ** See help for seafile backend at: https://rclone.org/seafile/ **</p>
+<p>URL of seafile host to connect to Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Connect to cloud.seafile.com  "https://cloud.seafile.com/" url&gt; http://my.seafile.server/ User name (usually email address) Enter a string value. Press Enter for the default (""). user&gt; me@example.com Password y) Yes type in my own password g) Generate random password n) No leave this optional password blank (default) y/g&gt; y Enter the password: password: Confirm the password: password: Two-factor authentication ('true' if the account has 2FA enabled) Enter a boolean value (true or false). Press Enter for the default ("false"). 2fa&gt; false Name of the library. Leave blank to access all non-encrypted libraries. Enter a string value. Press Enter for the default (""). library&gt; Library password (for encrypted libraries only). Leave blank if you pass it through the command line. y) Yes type in my own password g) Generate random password n) No leave this optional password blank (default) y/g/n&gt; n Edit advanced config? (y/n) y) Yes n) No (default) y/n&gt; n Remote config Two-factor authentication is not enabled on this account. -------------------- [seafile] type = seafile url = http://my.seafile.server/ user = me@example.com pass = *** ENCRYPTED *** 2fa = false -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+This remote is called `seafile`. It&#39;s pointing to the root of your seafile server and can now be used like this:
+
+See all libraries
+
+    rclone lsd seafile:
+
+Create a new library
+
+    rclone mkdir seafile:library
+
+List the contents of a library
+
+    rclone ls seafile:library
+
+Sync `/home/local/directory` to the remote library, deleting any
+excess files in the library.
+
+    rclone sync --interactive /home/local/directory seafile:library
+
+### Configuration in library mode
+
+Here&#39;s an example of a configuration in library mode with a user that has the two-factor authentication enabled. Your 2FA code will be asked at the end of the configuration, and will attempt to authenticate you:
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; seafile Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value [snip] XX / Seafile  "seafile" [snip] Storage&gt; seafile ** See help for seafile backend at: https://rclone.org/seafile/ **</p>
+<p>URL of seafile host to connect to Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Connect to cloud.seafile.com  "https://cloud.seafile.com/" url&gt; http://my.seafile.server/ User name (usually email address) Enter a string value. Press Enter for the default (""). user&gt; me@example.com Password y) Yes type in my own password g) Generate random password n) No leave this optional password blank (default) y/g&gt; y Enter the password: password: Confirm the password: password: Two-factor authentication ('true' if the account has 2FA enabled) Enter a boolean value (true or false). Press Enter for the default ("false"). 2fa&gt; true Name of the library. Leave blank to access all non-encrypted libraries. Enter a string value. Press Enter for the default (""). library&gt; My Library Library password (for encrypted libraries only). Leave blank if you pass it through the command line. y) Yes type in my own password g) Generate random password n) No leave this optional password blank (default) y/g/n&gt; n Edit advanced config? (y/n) y) Yes n) No (default) y/n&gt; n Remote config Two-factor authentication: please enter your 2FA code 2fa code&gt; 123456 Authenticating... Success! -------------------- [seafile] type = seafile url = http://my.seafile.server/ user = me@example.com pass = 2fa = true library = My Library -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+You&#39;ll notice your password is blank in the configuration. It&#39;s because we only need the password to authenticate you once.
+
+You specified `My Library` during the configuration. The root of the remote is pointing at the
+root of the library `My Library`:
+
+See all files in the library:
+
+    rclone lsd seafile:
+
+Create a new directory inside the library
+
+    rclone mkdir seafile:directory
+
+List the contents of a directory
+
+    rclone ls seafile:directory
+
+Sync `/home/local/directory` to the remote library, deleting any
+excess files in the library.
+
+    rclone sync --interactive /home/local/directory seafile:
+
+
+### --fast-list
+
+Seafile version 7+ supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+Please note this is not supported on seafile server version 6.x
+
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| /         | 0x2F  | ／          |
+| &quot;         | 0x22  | ＂          |
+| \         | 0x5C  | ＼           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can&#39;t be used in JSON strings.
+
+### Seafile and rclone link
+
+Rclone supports generating share links for non-encrypted libraries only.
+They can either be for a file or a directory:
+</code></pre>
+<p>rclone link seafile:seafile-tutorial.doc http://my.seafile.server/f/fdcd8a2f93f84b8b90f4/</p>
+<pre><code>
+or if run on a directory you will get:
+</code></pre>
+<p>rclone link seafile:dir http://my.seafile.server/d/9ea2455f6f55478bbb0d/</p>
+<pre><code>
+Please note a share link is unique for each file or directory. If you run a link command on a file/dir
+that has already been shared, you will get the exact same link.
+
+### Compatibility
+
+It has been actively developed using the [seafile docker image](https://github.com/haiwen/seafile-docker) of these versions:
+- 6.3.4 community edition
+- 7.0.5 community edition
+- 7.1.3 community edition
+- 9.0.10 community edition
+
+Versions below 6.0 are not supported.
+Versions between 6.0 and 6.3 haven&#39;t been tested and might not work properly.
+
+Each new version of `rclone` is automatically tested against the [latest docker image](https://hub.docker.com/r/seafileltd/seafile-mc/) of the seafile community server.
+
+
+### Standard options
+
+Here are the Standard options specific to seafile (seafile).
+
+#### --seafile-url
+
+URL of seafile host to connect to.
+
+Properties:
+
+- Config:      url
+- Env Var:     RCLONE_SEAFILE_URL
+- Type:        string
+- Required:    true
+- Examples:
+    - &quot;https://cloud.seafile.com/&quot;
+        - Connect to cloud.seafile.com.
+
+#### --seafile-user
+
+User name (usually email address).
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_SEAFILE_USER
+- Type:        string
+- Required:    true
+
+#### --seafile-pass
+
+Password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_SEAFILE_PASS
+- Type:        string
+- Required:    false
+
+#### --seafile-2fa
+
+Two-factor authentication (&#39;true&#39; if the account has 2FA enabled).
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_SEAFILE_2FA
+- Type:        bool
+- Default:     false
+
+#### --seafile-library
+
+Name of the library.
+
+Leave blank to access all non-encrypted libraries.
+
+Properties:
+
+- Config:      library
+- Env Var:     RCLONE_SEAFILE_LIBRARY
+- Type:        string
+- Required:    false
+
+#### --seafile-library-key
+
+Library password (for encrypted libraries only).
+
+Leave blank if you pass it through the command line.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      library_key
+- Env Var:     RCLONE_SEAFILE_LIBRARY_KEY
+- Type:        string
+- Required:    false
+
+#### --seafile-auth-token
+
+Authentication token.
+
+Properties:
+
+- Config:      auth_token
+- Env Var:     RCLONE_SEAFILE_AUTH_TOKEN
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to seafile (seafile).
+
+#### --seafile-create-library
+
+Should rclone create a library if it doesn&#39;t exist.
+
+Properties:
+
+- Config:      create_library
+- Env Var:     RCLONE_SEAFILE_CREATE_LIBRARY
+- Type:        bool
+- Default:     false
+
+#### --seafile-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_SEAFILE_ENCODING
+- Type:        Encoding
+- Default:     Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8
+
+
+
+#  SFTP
+
+SFTP is the [Secure (or SSH) File Transfer
+Protocol](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol).
+
+The SFTP backend can be used with a number of different providers:
+
+
+- Hetzner Storage Box
+- rsync.net
+
+
+SFTP runs over SSH v2 and is installed as standard with most modern
+SSH installations.
+
+Paths are specified as `remote:path`. If the path does not begin with
+a `/` it is relative to the home directory of the user.  An empty path
+`remote:` refers to the user&#39;s home directory. For example, `rclone lsd remote:` 
+would list the home directory of the user configured in the rclone remote config 
+(`i.e /home/sftpuser`). However, `rclone lsd remote:/` would list the root 
+directory for remote machine (i.e. `/`)
+
+Note that some SFTP servers will need the leading / - Synology is a
+good example of this. rsync.net and Hetzner, on the other hand, requires users to
+OMIT the leading /.
+
+Note that by default rclone will try to execute shell commands on
+the server, see [shell access considerations](#shell-access-considerations).
+
+## Configuration
+
+Here is an example of making an SFTP configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.
+</code></pre>
+<p>No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q&gt; n name&gt; remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / SSH/SFTP  "sftp" [snip] Storage&gt; sftp SSH host to connect to Choose a number from below, or type in your own value 1 / Connect to example.com  "example.com" host&gt; example.com SSH username Enter a string value. Press Enter for the default ("$USER"). user&gt; sftpuser SSH port number Enter a signed integer. Press Enter for the default (22). port&gt; SSH password, leave blank to use ssh-agent. y) Yes type in my own password g) Generate random password n) No leave this optional password blank y/g/n&gt; n Path to unencrypted PEM-encoded private key file, leave blank to use ssh-agent. key_file&gt; Remote config -------------------- [remote] host = example.com user = sftpuser port = pass = key_file = -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d&gt; y</p>
+<pre><code>
+This remote is called `remote` and can now be used like this:
+
+See all directories in the home directory
+
+    rclone lsd remote:
+
+See all directories in the root directory
+
+    rclone lsd remote:/
+
+Make a new directory
+
+    rclone mkdir remote:path/to/directory
+
+List the contents of a directory
+
+    rclone ls remote:path/to/directory
+
+Sync `/home/local/directory` to the remote directory, deleting any
+excess files in the directory.
+
+    rclone sync --interactive /home/local/directory remote:directory
+
+Mount the remote path `/srv/www-data/` to the local path
+`/mnt/www-data`
 
-Name                 Type
-====                 ====
-putio                putio
+    rclone mount remote:/srv/www-data/ /mnt/www-data
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q&gt; q</code></pre>
-<p>See the <a href="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
-<p>Note that rclone runs a webserver on your local machine to collect the token as returned from put.io if using web browser to automatically authenticate. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</p>
-<p>You can then use it like this,</p>
-<p>List directories in top level of your put.io</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>List all the files in your put.io</p>
-<pre><code>rclone ls remote:</code></pre>
-<p>To copy a local directory to a put.io directory called backup</p>
-<pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="restricted-filename-characters-25">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="advanced-options-35">Advanced options</h3>
-<p>Here are the Advanced options specific to putio (Put.io).</p>
-<h4 id="putio-encoding">--putio-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_PUTIO_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot</li>
-</ul>
-<h2 id="limitations-28">Limitations</h2>
-<p>put.io has rate limiting. When you hit a limit, rclone automatically retries after waiting the amount of time requested by the server.</p>
-<p>If you want to avoid ever hitting these limits, you may use the <code>--tpslimit</code> flag with a low number. Note that the imposed limits may be different for different operations, and may change over time.</p>
-<h1 id="seafile">Seafile</h1>
-<p>This is a backend for the <a href="https://www.seafile.com/">Seafile</a> storage service: - It works with both the free community edition or the professional edition. - Seafile versions 6.x, 7.x, 8.x and 9.x are all supported. - Encrypted libraries are also supported. - It supports 2FA enabled users - Using a Library API Token is <strong>not</strong> supported</p>
-<h2 id="configuration-38">Configuration</h2>
-<p>There are two distinct modes you can setup your remote: - you point your remote to the <strong>root of the server</strong>, meaning you don't specify a library during the configuration: Paths are specified as <code>remote:library</code>. You may put subdirectories in too, e.g. <code>remote:library/path/to/dir</code>. - you point your remote to a specific library during the configuration: Paths are specified as <code>remote:path/to/dir</code>. <strong>This is the recommended mode when using encrypted libraries</strong>. (<em>This mode is possibly slightly faster than the root mode</em>)</p>
-<h3 id="configuration-in-root-mode">Configuration in root mode</h3>
-<p>Here is an example of making a seafile configuration for a user with <strong>no</strong> two-factor authentication. First run</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process. To authenticate you will need the URL of your server, your email (or username) and your password.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; seafile
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Seafile
-   \ &quot;seafile&quot;
-[snip]
-Storage&gt; seafile
-** See help for seafile backend at: https://rclone.org/seafile/ **
+### SSH Authentication
 
-URL of seafile host to connect to
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Connect to cloud.seafile.com
-   \ &quot;https://cloud.seafile.com/&quot;
-url&gt; http://my.seafile.server/
-User name (usually email address)
-Enter a string value. Press Enter for the default (&quot;&quot;).
-user&gt; me@example.com
-Password
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Two-factor authentication (&#39;true&#39; if the account has 2FA enabled)
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-2fa&gt; false
-Name of the library. Leave blank to access all non-encrypted libraries.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-library&gt;
-Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n&gt; n
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
-Two-factor authentication is not enabled on this account.
---------------------
-[seafile]
-type = seafile
-url = http://my.seafile.server/
-user = me@example.com
-pass = *** ENCRYPTED ***
-2fa = false
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This remote is called <code>seafile</code>. It's pointing to the root of your seafile server and can now be used like this:</p>
-<p>See all libraries</p>
-<pre><code>rclone lsd seafile:</code></pre>
-<p>Create a new library</p>
-<pre><code>rclone mkdir seafile:library</code></pre>
-<p>List the contents of a library</p>
-<pre><code>rclone ls seafile:library</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote library, deleting any excess files in the library.</p>
-<pre><code>rclone sync --interactive /home/local/directory seafile:library</code></pre>
-<h3 id="configuration-in-library-mode">Configuration in library mode</h3>
-<p>Here's an example of a configuration in library mode with a user that has the two-factor authentication enabled. Your 2FA code will be asked at the end of the configuration, and will attempt to authenticate you:</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; seafile
-Type of storage to configure.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
-[snip]
-XX / Seafile
-   \ &quot;seafile&quot;
-[snip]
-Storage&gt; seafile
-** See help for seafile backend at: https://rclone.org/seafile/ **
+The SFTP remote supports three authentication methods:
 
-URL of seafile host to connect to
-Enter a string value. Press Enter for the default (&quot;&quot;).
-Choose a number from below, or type in your own value
- 1 / Connect to cloud.seafile.com
-   \ &quot;https://cloud.seafile.com/&quot;
-url&gt; http://my.seafile.server/
-User name (usually email address)
-Enter a string value. Press Enter for the default (&quot;&quot;).
-user&gt; me@example.com
-Password
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g&gt; y
-Enter the password:
-password:
-Confirm the password:
-password:
-Two-factor authentication (&#39;true&#39; if the account has 2FA enabled)
-Enter a boolean value (true or false). Press Enter for the default (&quot;false&quot;).
-2fa&gt; true
-Name of the library. Leave blank to access all non-encrypted libraries.
-Enter a string value. Press Enter for the default (&quot;&quot;).
-library&gt; My Library
-Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n&gt; n
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n&gt; n
-Remote config
-Two-factor authentication: please enter your 2FA code
-2fa code&gt; 123456
-Authenticating...
-Success!
---------------------
-[seafile]
-type = seafile
-url = http://my.seafile.server/
-user = me@example.com
-pass = 
-2fa = true
-library = My Library
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>You'll notice your password is blank in the configuration. It's because we only need the password to authenticate you once.</p>
-<p>You specified <code>My Library</code> during the configuration. The root of the remote is pointing at the root of the library <code>My Library</code>:</p>
-<p>See all files in the library:</p>
-<pre><code>rclone lsd seafile:</code></pre>
-<p>Create a new directory inside the library</p>
-<pre><code>rclone mkdir seafile:directory</code></pre>
-<p>List the contents of a directory</p>
-<pre><code>rclone ls seafile:directory</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote library, deleting any excess files in the library.</p>
-<pre><code>rclone sync --interactive /home/local/directory seafile:</code></pre>
-<h3 id="fast-list-8">--fast-list</h3>
-<p>Seafile version 7+ supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <a href="https://rclone.org/docs/#fast-list">rclone docs</a> for more details. Please note this is not supported on seafile server version 6.x</p>
-<h3 id="restricted-filename-characters-26">Restricted filename characters</h3>
-<p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-<tr class="even">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-<tr class="odd">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
-</tr>
-</tbody>
-</table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="seafile-and-rclone-link">Seafile and rclone link</h3>
-<p>Rclone supports generating share links for non-encrypted libraries only. They can either be for a file or a directory:</p>
-<pre><code>rclone link seafile:seafile-tutorial.doc
-http://my.seafile.server/f/fdcd8a2f93f84b8b90f4/
+  * Password
+  * Key file, including certificate signed keys
+  * ssh-agent
+
+Key files should be PEM-encoded private key files. For instance `/home/$USER/.ssh/id_rsa`.
+Only unencrypted OpenSSH or PEM encrypted files are supported.
+
+The key file can be specified in either an external file (key_file) or contained within the 
+rclone config file (key_pem).  If using key_pem in the config file, the entry should be on a
+single line with new line (&#39;\n&#39; or &#39;\r\n&#39;) separating lines.  i.e.
+
+    key_pem = -----BEGIN RSA PRIVATE KEY-----\nMaMbaIXtE\n0gAMbMbaSsd\nMbaass\n-----END RSA PRIVATE KEY-----
+
+This will generate it correctly for key_pem for use in the config:
+
+    awk &#39;{printf &quot;%s\\n&quot;, $0}&#39; &lt; ~/.ssh/id_rsa
+
+If you don&#39;t specify `pass`, `key_file`, or `key_pem` or `ask_password` then
+rclone will attempt to contact an ssh-agent. You can also specify `key_use_agent`
+to force the usage of an ssh-agent. In this case `key_file` or `key_pem` can
+also be specified to force the usage of a specific key in the ssh-agent.
+
+Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.
+
+If you set the `ask_password` option, rclone will prompt for a password when
+needed and no password has been configured.
+
+#### Certificate-signed keys
+
+With traditional key-based authentication, you configure your private key only,
+and the public key built into it will be used during the authentication process.
+
+If you have a certificate you may use it to sign your public key, creating a
+separate SSH user certificate that should be used instead of the plain public key
+extracted from the private key. Then you must provide the path to the
+user certificate public key file in `pubkey_file`.
+
+Note: This is not the traditional public key paired with your private key,
+typically saved as `/home/$USER/.ssh/id_rsa.pub`. Setting this path in
+`pubkey_file` will not work.
+
+Example:
 </code></pre>
-<p>or if run on a directory you will get:</p>
-<pre><code>rclone link seafile:dir
-http://my.seafile.server/d/9ea2455f6f55478bbb0d/</code></pre>
-<p>Please note a share link is unique for each file or directory. If you run a link command on a file/dir that has already been shared, you will get the exact same link.</p>
-<h3 id="compatibility">Compatibility</h3>
-<p>It has been actively developed using the <a href="https://github.com/haiwen/seafile-docker">seafile docker image</a> of these versions: - 6.3.4 community edition - 7.0.5 community edition - 7.1.3 community edition - 9.0.10 community edition</p>
-<p>Versions below 6.0 are not supported. Versions between 6.0 and 6.3 haven't been tested and might not work properly.</p>
-<p>Each new version of <code>rclone</code> is automatically tested against the <a href="https://hub.docker.com/r/seafileltd/seafile-mc/">latest docker image</a> of the seafile community server.</p>
-<h3 id="standard-options-36">Standard options</h3>
-<p>Here are the Standard options specific to seafile (seafile).</p>
-<h4 id="seafile-url">--seafile-url</h4>
-<p>URL of seafile host to connect to.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: url</li>
-<li>Env Var: RCLONE_SEAFILE_URL</li>
-<li>Type: string</li>
-<li>Required: true</li>
-<li>Examples:
-<ul>
-<li>"https://cloud.seafile.com/"
-<ul>
-<li>Connect to cloud.seafile.com.</li>
-</ul></li>
-</ul></li>
-</ul>
-<h4 id="seafile-user">--seafile-user</h4>
-<p>User name (usually email address).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: user</li>
-<li>Env Var: RCLONE_SEAFILE_USER</li>
-<li>Type: string</li>
-<li>Required: true</li>
-</ul>
-<h4 id="seafile-pass">--seafile-pass</h4>
-<p>Password.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: pass</li>
-<li>Env Var: RCLONE_SEAFILE_PASS</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="seafile-2fa">--seafile-2fa</h4>
-<p>Two-factor authentication ('true' if the account has 2FA enabled).</p>
-<p>Properties:</p>
-<ul>
-<li>Config: 2fa</li>
-<li>Env Var: RCLONE_SEAFILE_2FA</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="seafile-library">--seafile-library</h4>
-<p>Name of the library.</p>
-<p>Leave blank to access all non-encrypted libraries.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: library</li>
-<li>Env Var: RCLONE_SEAFILE_LIBRARY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="seafile-library-key">--seafile-library-key</h4>
-<p>Library password (for encrypted libraries only).</p>
-<p>Leave blank if you pass it through the command line.</p>
-<p><strong>NB</strong> Input to this must be obscured - see <a href="https://rclone.org/commands/rclone_obscure/">rclone obscure</a>.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: library_key</li>
-<li>Env Var: RCLONE_SEAFILE_LIBRARY_KEY</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h4 id="seafile-auth-token">--seafile-auth-token</h4>
-<p>Authentication token.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: auth_token</li>
-<li>Env Var: RCLONE_SEAFILE_AUTH_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
-</ul>
-<h3 id="advanced-options-36">Advanced options</h3>
-<p>Here are the Advanced options specific to seafile (seafile).</p>
-<h4 id="seafile-create-library">--seafile-create-library</h4>
-<p>Should rclone create a library if it doesn't exist.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: create_library</li>
-<li>Env Var: RCLONE_SEAFILE_CREATE_LIBRARY</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="seafile-encoding">--seafile-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
-<ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_SEAFILE_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8</li>
-</ul>
-<h1 id="sftp">SFTP</h1>
-<p>SFTP is the <a href="https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol">Secure (or SSH) File Transfer Protocol</a>.</p>
-<p>The SFTP backend can be used with a number of different providers:</p>
-<ul>
-<li>Hetzner Storage Box</li>
-<li>rsync.net</li>
-</ul>
-<p>SFTP runs over SSH v2 and is installed as standard with most modern SSH installations.</p>
-<p>Paths are specified as <code>remote:path</code>. If the path does not begin with a <code>/</code> it is relative to the home directory of the user. An empty path <code>remote:</code> refers to the user's home directory. For example, <code>rclone lsd remote:</code> would list the home directory of the user configured in the rclone remote config (<code>i.e /home/sftpuser</code>). However, <code>rclone lsd remote:/</code> would list the root directory for remote machine (i.e. <code>/</code>)</p>
-<p>Note that some SFTP servers will need the leading / - Synology is a good example of this. rsync.net and Hetzner, on the other hand, requires users to OMIT the leading /.</p>
-<p>Note that by default rclone will try to execute shell commands on the server, see <a href="#shell-access-considerations">shell access considerations</a>.</p>
-<h2 id="configuration-39">Configuration</h2>
-<p>Here is an example of making an SFTP configuration. First run</p>
-<pre><code>rclone config</code></pre>
-<p>This will guide you through an interactive setup process.</p>
-<pre><code>No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q&gt; n
-name&gt; remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / SSH/SFTP
-   \ &quot;sftp&quot;
-[snip]
-Storage&gt; sftp
-SSH host to connect to
-Choose a number from below, or type in your own value
- 1 / Connect to example.com
-   \ &quot;example.com&quot;
-host&gt; example.com
-SSH username
-Enter a string value. Press Enter for the default (&quot;$USER&quot;).
-user&gt; sftpuser
-SSH port number
-Enter a signed integer. Press Enter for the default (22).
-port&gt;
-SSH password, leave blank to use ssh-agent.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n&gt; n
-Path to unencrypted PEM-encoded private key file, leave blank to use ssh-agent.
-key_file&gt;
-Remote config
---------------------
+<p>[remote] type = sftp host = example.com user = sftpuser key_file = ~/id_rsa pubkey_file = ~/id_rsa-cert.pub</p>
+<pre><code>
+If you concatenate a cert with a private key then you can specify the
+merged file in both places.
+
+Note: the cert must come first in the file.  e.g.
+
+```
+cat id_rsa-cert.pub id_rsa &gt; merged_key
+```
+
+### Host key validation
+
+By default rclone will not check the server&#39;s host key for validation.  This
+can allow an attacker to replace a server with their own and if you use
+password authentication then this can lead to that password being exposed.
+
+Host key matching, using standard `known_hosts` files can be turned on by
+enabling the `known_hosts_file` option.  This can point to the file maintained
+by `OpenSSH` or can point to a unique file.
+
+e.g. using the OpenSSH `known_hosts` file:
+
+```
 [remote]
-host = example.com
-user = sftpuser
-port =
-pass =
-key_file =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d&gt; y</code></pre>
-<p>This remote is called <code>remote</code> and can now be used like this:</p>
-<p>See all directories in the home directory</p>
-<pre><code>rclone lsd remote:</code></pre>
-<p>See all directories in the root directory</p>
-<pre><code>rclone lsd remote:/</code></pre>
-<p>Make a new directory</p>
-<pre><code>rclone mkdir remote:path/to/directory</code></pre>
-<p>List the contents of a directory</p>
-<pre><code>rclone ls remote:path/to/directory</code></pre>
-<p>Sync <code>/home/local/directory</code> to the remote directory, deleting any excess files in the directory.</p>
-<pre><code>rclone sync --interactive /home/local/directory remote:directory</code></pre>
-<p>Mount the remote path <code>/srv/www-data/</code> to the local path <code>/mnt/www-data</code></p>
-<pre><code>rclone mount remote:/srv/www-data/ /mnt/www-data</code></pre>
-<h3 id="ssh-authentication">SSH Authentication</h3>
-<p>The SFTP remote supports three authentication methods:</p>
-<ul>
-<li>Password</li>
-<li>Key file, including certificate signed keys</li>
-<li>ssh-agent</li>
-</ul>
-<p>Key files should be PEM-encoded private key files. For instance <code>/home/$USER/.ssh/id_rsa</code>. Only unencrypted OpenSSH or PEM encrypted files are supported.</p>
-<p>The key file can be specified in either an external file (key_file) or contained within the rclone config file (key_pem). If using key_pem in the config file, the entry should be on a single line with new line ('' or '') separating lines. i.e.</p>
-<pre><code>key_pem = -----BEGIN RSA PRIVATE KEY-----\nMaMbaIXtE\n0gAMbMbaSsd\nMbaass\n-----END RSA PRIVATE KEY-----</code></pre>
-<p>This will generate it correctly for key_pem for use in the config:</p>
-<pre><code>awk &#39;{printf &quot;%s\\n&quot;, $0}&#39; &lt; ~/.ssh/id_rsa</code></pre>
-<p>If you don't specify <code>pass</code>, <code>key_file</code>, or <code>key_pem</code> or <code>ask_password</code> then rclone will attempt to contact an ssh-agent. You can also specify <code>key_use_agent</code> to force the usage of an ssh-agent. In this case <code>key_file</code> or <code>key_pem</code> can also be specified to force the usage of a specific key in the ssh-agent.</p>
-<p>Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.</p>
-<p>If you set the <code>ask_password</code> option, rclone will prompt for a password when needed and no password has been configured.</p>
-<h4 id="certificate-signed-keys">Certificate-signed keys</h4>
-<p>With traditional key-based authentication, you configure your private key only, and the public key built into it will be used during the authentication process.</p>
-<p>If you have a certificate you may use it to sign your public key, creating a separate SSH user certificate that should be used instead of the plain public key extracted from the private key. Then you must provide the path to the user certificate public key file in <code>pubkey_file</code>.</p>
-<p>Note: This is not the traditional public key paired with your private key, typically saved as <code>/home/$USER/.ssh/id_rsa.pub</code>. Setting this path in <code>pubkey_file</code> will not work.</p>
-<p>Example:</p>
-<pre><code>[remote]
-type = sftp
-host = example.com
-user = sftpuser
-key_file = ~/id_rsa
-pubkey_file = ~/id_rsa-cert.pub</code></pre>
-<p>If you concatenate a cert with a private key then you can specify the merged file in both places.</p>
-<p>Note: the cert must come first in the file. e.g.</p>
-<pre><code>cat id_rsa-cert.pub id_rsa &gt; merged_key</code></pre>
-<h3 id="host-key-validation">Host key validation</h3>
-<p>By default rclone will not check the server's host key for validation. This can allow an attacker to replace a server with their own and if you use password authentication then this can lead to that password being exposed.</p>
-<p>Host key matching, using standard <code>known_hosts</code> files can be turned on by enabling the <code>known_hosts_file</code> option. This can point to the file maintained by <code>OpenSSH</code> or can point to a unique file.</p>
-<p>e.g. using the OpenSSH <code>known_hosts</code> file:</p>
-<pre><code>[remote]
 type = sftp
 host = example.com
 user = sftpuser
@@ -27215,21 +33514,21 @@ <h3 id="shell-access">Shell access</h3>
 <h4 id="shell-access-considerations">Shell access considerations</h4>
 <p>The shell type auto-detection logic, described above, means that by default rclone will try to run a shell command the first time a new sftp remote is accessed. If you configure a sftp remote without a config file, e.g. an <a href="https://rclone.org/docs/#backend-path-to-dir%5D">on the fly</a> remote, rclone will have nowhere to store the result, and it will re-run the command on every access. To avoid this you should explicitly set the <code>shell_type</code> option to the correct value, or to <code>none</code> if you want to prevent rclone from executing any remote shell commands.</p>
 <p>It is also important to note that, since the shell type decides how quoting and escaping of file paths used as command-line arguments are performed, configuring the wrong shell type may leave you exposed to command injection exploits. Make sure to confirm the auto-detected shell type, or explicitly set the shell type you know is correct, or disable shell access until you know.</p>
-<h3 id="checksum-2">Checksum</h3>
+<h3 id="checksum">Checksum</h3>
 <p>SFTP does not natively support checksums (file hash), but rclone is able to use checksumming if the same login has shell access, and can execute remote commands. If there is a command that can calculate compatible checksums on the remote system, Rclone can then be configured to execute this whenever a checksum is needed, and read back the results. Currently MD5 and SHA-1 are supported.</p>
 <p>Normally this requires an external utility being available on the server. By default rclone will try commands <code>md5sum</code>, <code>md5</code> and <code>rclone md5sum</code> for MD5 checksums, and the first one found usable will be picked. Same with <code>sha1sum</code>, <code>sha1</code> and <code>rclone sha1sum</code> commands for SHA-1 checksums. These utilities normally need to be in the remote's PATH to be found.</p>
 <p>In some cases the shell itself is capable of calculating checksums. PowerShell is an example of such a shell. If rclone detects that the remote shell is PowerShell, which means it most probably is a Windows OpenSSH server, rclone will use a predefined script block to produce the checksums when no external checksum commands are found (see <a href="#shell-access">shell access</a>). This assumes PowerShell version 4.0 or newer.</p>
 <p>The options <code>md5sum_command</code> and <code>sha1_command</code> can be used to customize the command to be executed for calculation of checksums. You can for example set a specific path to where md5sum and sha1sum executables are located, or use them to specify some other tools that print checksums in compatible format. The value can include command-line arguments, or even shell script blocks as with PowerShell. Rclone has subcommands <a href="https://rclone.org/commands/rclone_md5sum/">md5sum</a> and <a href="https://rclone.org/commands/rclone_sha1sum/">sha1sum</a> that use compatible format, which means if you have an rclone executable on the server it can be used. As mentioned above, they will be automatically picked up if found in PATH, but if not you can set something like <code>/path/to/rclone md5sum</code> as the value of option <code>md5sum_command</code> to make sure a specific executable is used.</p>
 <p>Remote checksumming is recommended and enabled by default. First time rclone is using a SFTP remote, if options <code>md5sum_command</code> or <code>sha1_command</code> are not set, it will check if any of the default commands for each of them, as described above, can be used. The result will be saved in the remote configuration, so next time it will use the same. Value <code>none</code> will be set if none of the default commands could be used for a specific algorithm, and this algorithm will not be supported by the remote.</p>
 <p>Disabling the checksumming may be required if you are connecting to SFTP servers which are not under your control, and to which the execution of remote shell commands is prohibited. Set the configuration option <code>disable_hashcheck</code> to <code>true</code> to disable checksumming entirely, or set <code>shell_type</code> to <code>none</code> to disable all functionality based on remote shell command execution.</p>
-<h3 id="modified-time-12">Modified time</h3>
+<h3 id="modification-times-and-hashes-3">Modification times and hashes</h3>
 <p>Modified times are stored on the server to 1 second precision.</p>
 <p>Modified times are used in syncing and are fully supported.</p>
 <p>Some SFTP servers disable setting/modifying the file modification time after upload (for example, certain configurations of ProFTPd with mod_sftp). If you are using one of these servers, you can set the option <code>set_modtime = false</code> in your RClone backend configuration to disable this behaviour.</p>
 <h3 id="about-command">About command</h3>
 <p>The <code>about</code> command returns the total space, free space, and used space on the remote for the disk of the specified path on the remote or, if not set, the disk of the root on the remote.</p>
 <p>SFTP usually supports the <a href="https://rclone.org/commands/rclone_about/">about</a> command, but it depends on the server. If the server implements the vendor-specific VFS statistics extension, which is normally the case with OpenSSH instances, it will be used. If not, but the same login has access to a Unix shell, where the <code>df</code> command is available (e.g. in the remote's PATH), then this will be used instead. If the server shell is PowerShell, probably with a Windows OpenSSH server, rclone will use a built-in shell command (see <a href="#shell-access">shell access</a>). If none of the above is applicable, <code>about</code> will fail.</p>
-<h3 id="standard-options-37">Standard options</h3>
+<h3 id="standard-options-4">Standard options</h3>
 <p>Here are the Standard options specific to sftp (SSH/SFTP).</p>
 <h4 id="sftp-host">--sftp-host</h4>
 <p>SSH host to connect to.</p>
@@ -27363,7 +33662,24 @@ <h4 id="sftp-disable-hashcheck">--sftp-disable-hashcheck</h4>
 <li>Type: bool</li>
 <li>Default: false</li>
 </ul>
-<h3 id="advanced-options-37">Advanced options</h3>
+<h4 id="sftp-ssh">--sftp-ssh</h4>
+<p>Path and arguments to external ssh binary.</p>
+<p>Normally rclone will use its internal ssh library to connect to the SFTP server. However it does not implement all possible ssh options so it may be desirable to use an external ssh binary.</p>
+<p>Rclone ignores all the internal config if you use this option and expects you to configure the ssh binary with the user/host/port and any other options you need.</p>
+<p><strong>Important</strong> The ssh command must log in without asking for a password so needs to be configured with keys or certificates.</p>
+<p>Rclone will run the command supplied either with the additional arguments "-s sftp" to access the SFTP subsystem or with commands such as "md5sum /path/to/file" appended to read checksums.</p>
+<p>Any arguments with spaces in should be surrounded by "double quotes".</p>
+<p>An example setting might be:</p>
+<pre><code>ssh -o ServerAliveInterval=20 user@example.com</code></pre>
+<p>Note that when using an external ssh binary rclone makes a new ssh connection for every hash it calculates.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: ssh</li>
+<li>Env Var: RCLONE_SFTP_SSH</li>
+<li>Type: SpaceSepList</li>
+<li>Default:</li>
+</ul>
+<h3 id="advanced-options-3">Advanced options</h3>
 <p>Here are the Advanced options specific to sftp (SSH/SFTP).</p>
 <h4 id="sftp-known-hosts-file">--sftp-known-hosts-file</h4>
 <p>Optional path to known_hosts file.</p>
@@ -27400,6 +33716,12 @@ <h4 id="sftp-path-override">--sftp-path-override</h4>
 <pre><code>rclone sync /home/local/directory remote:/directory --sftp-path-override /volume2/directory</code></pre>
 <p>E.g. if home directory can be found in a shared folder called "home":</p>
 <pre><code>rclone sync /home/local/directory remote:/home/directory --sftp-path-override /volume1/homes/USER/directory</code></pre>
+<p>To specify only the path to the SFTP remote's root, and allow rclone to add any relative subpaths automatically (including unwrapping/decrypting remotes as necessary), add the '@' character to the beginning of the path.</p>
+<p>E.g. the first example above could be rewritten as:</p>
+<pre><code>rclone sync /home/local/directory remote:/directory --sftp-path-override @/volume2</code></pre>
+<p>Note that when using this method with Synology "home" folders, the full "/homes/USER" path should be specified instead of "/home".</p>
+<p>E.g. the second example above should be rewritten as:</p>
+<pre><code>rclone sync /home/local/directory remote:/homes/USER/directory --sftp-path-override @/volume1</code></pre>
 <p>Properties:</p>
 <ul>
 <li>Config: path_override</li>
@@ -27486,6 +33808,11 @@ <h4 id="sftp-subsystem">--sftp-subsystem</h4>
 <h4 id="sftp-server-command">--sftp-server-command</h4>
 <p>Specifies the path or command to run a sftp server on the remote host.</p>
 <p>The subsystem option is ignored when server_command is defined.</p>
+<p>If adding server_command to the configuration file please note that it should not be enclosed in quotes, since that will make rclone fail.</p>
+<p>A working example is:</p>
+<pre><code>[remote_name]
+type = sftp
+server_command = sudo /usr/libexec/openssh/sftp-server</code></pre>
 <p>Properties:</p>
 <ul>
 <li>Config: server_command</li>
@@ -27568,7 +33895,7 @@ <h4 id="sftp-set-env">--sftp-set-env</h4>
 <p>to be passed to the sftp client and to any commands run (eg md5sum).</p>
 <p>Pass multiple variables space separated, eg</p>
 <pre><code>VAR1=value VAR2=value</code></pre>
-<p>and pass variables with spaces in in quotes, eg</p>
+<p>and pass variables with spaces in quotes, eg</p>
 <pre><code>&quot;VAR3=value with space&quot; &quot;VAR4=value with space&quot; VAR5=nospacehere</code></pre>
 <p>Properties:</p>
 <ul>
@@ -27615,7 +33942,46 @@ <h4 id="sftp-macs">--sftp-macs</h4>
 <li>Type: SpaceSepList</li>
 <li>Default:</li>
 </ul>
-<h2 id="limitations-29">Limitations</h2>
+<h4 id="sftp-host-key-algorithms">--sftp-host-key-algorithms</h4>
+<p>Space separated list of host key algorithms, ordered by preference.</p>
+<p>At least one must match with server configuration. This can be checked for example using ssh -Q HostKeyAlgorithms.</p>
+<p>Note: This can affect the outcome of key negotiation with the server even if server host key validation is not enabled.</p>
+<p>Example:</p>
+<pre><code>ssh-ed25519 ssh-rsa ssh-dss</code></pre>
+<p>Properties:</p>
+<ul>
+<li>Config: host_key_algorithms</li>
+<li>Env Var: RCLONE_SFTP_HOST_KEY_ALGORITHMS</li>
+<li>Type: SpaceSepList</li>
+<li>Default:</li>
+</ul>
+<h4 id="sftp-socks-proxy">--sftp-socks-proxy</h4>
+<p>Socks 5 proxy host.</p>
+<p>Supports the format user:pass@host:port, user@host:port, host:port.</p>
+<p>Example:</p>
+<pre><code>myUser:myPass@localhost:9005</code></pre>
+<p>Properties:</p>
+<ul>
+<li>Config: socks_proxy</li>
+<li>Env Var: RCLONE_SFTP_SOCKS_PROXY</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="sftp-copy-is-hardlink">--sftp-copy-is-hardlink</h4>
+<p>Set to enable server side copies using hardlinks.</p>
+<p>The SFTP protocol does not define a copy command so normally server side copies are not allowed with the sftp backend.</p>
+<p>However the SFTP protocol does support hardlinking, and if you enable this flag then the sftp backend will support server side copies. These will be implemented by doing a hardlink from the source to the destination.</p>
+<p>Not all sftp servers support this.</p>
+<p>Note that hardlinking two files together will use no additional space as the source and the destination will be the same file.</p>
+<p>This feature may be useful backups made with --copy-dest.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: copy_is_hardlink</li>
+<li>Env Var: RCLONE_SFTP_COPY_IS_HARDLINK</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h2 id="limitations-7">Limitations</h2>
 <p>On some SFTP servers (e.g. Synology) the paths are different for SSH and SFTP so the hashes can't be calculated properly. For them using <code>disable_hashcheck</code> is a good idea.</p>
 <p>The only ssh agent supported under Windows is Putty's pageant.</p>
 <p>The Go SSH library disables the use of the aes128-cbc cipher by default, due to security concerns. This can be re-enabled on a per-connection basis by setting the <code>use_insecure_cipher</code> setting in the configuration file to <code>true</code>. Further details on the insecurity of this cipher can be found <a href="http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf">in this paper</a>.</p>
@@ -27632,11 +33998,11 @@ <h1 id="smb">SMB</h1>
 <p>SMB is <a href="https://en.wikipedia.org/wiki/Server_Message_Block">a communication protocol to share files over network</a>.</p>
 <p>This relies on <a href="https://github.com/hirochachacha/go-smb2/">go-smb2 library</a> for communication with SMB protocol.</p>
 <p>Paths are specified as <code>remote:sharename</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, e.g. <code>remote:item/path/to/dir</code>.</p>
-<h2 id="notes-2">Notes</h2>
-<p>The first path segment must be the name of the share, which you entered when you started to share on Windows. On smbd, it's the section title in <code>smb.conf</code> (usually in <code>/etc/samba/</code>) file. You can find shares by quering the root if you're unsure (e.g. <code>rclone lsd remote:</code>).</p>
+<h2 id="notes">Notes</h2>
+<p>The first path segment must be the name of the share, which you entered when you started to share on Windows. On smbd, it's the section title in <code>smb.conf</code> (usually in <code>/etc/samba/</code>) file. You can find shares by querying the root if you're unsure (e.g. <code>rclone lsd remote:</code>).</p>
 <p>You can't access to the shared printers from rclone, obviously.</p>
 <p>You can't use Anonymous access for logging in. You have to use the <code>guest</code> user with an empty password instead. The rclone client tries to avoid 8.3 names when uploading files by encoding trailing spaces and periods. Alternatively, <a href="https://rclone.org/local/#paths-on-windows">the local backend</a> on Windows can access SMB servers using UNC paths, by <code>\\server\share</code>. This doesn't apply to non-Windows OSes, such as Linux and macOS.</p>
-<h2 id="configuration-40">Configuration</h2>
+<h2 id="configuration-4">Configuration</h2>
 <p>Here is an example of making a SMB configuration.</p>
 <p>First run</p>
 <pre><code>rclone config</code></pre>
@@ -27711,7 +34077,7 @@ <h2 id="configuration-40">Configuration</h2>
 e) Edit this remote
 d) Delete this remote
 y/e/d&gt; d</code></pre>
-<h3 id="standard-options-38">Standard options</h3>
+<h3 id="standard-options-5">Standard options</h3>
 <p>Here are the Standard options specific to smb (SMB / CIFS).</p>
 <h4 id="smb-host">--smb-host</h4>
 <p>SMB server hostname to connect to.</p>
@@ -27772,7 +34138,7 @@ <h4 id="smb-spn">--smb-spn</h4>
 <li>Type: string</li>
 <li>Required: false</li>
 </ul>
-<h3 id="advanced-options-38">Advanced options</h3>
+<h3 id="advanced-options-4">Advanced options</h3>
 <p>Here are the Advanced options specific to smb (SMB / CIFS).</p>
 <h4 id="smb-idle-timeout">--smb-idle-timeout</h4>
 <p>Max time before closing idle connections.</p>
@@ -27811,7 +34177,7 @@ <h4 id="smb-encoding">--smb-encoding</h4>
 <ul>
 <li>Config: encoding</li>
 <li>Env Var: RCLONE_SMB_ENCODING</li>
-<li>Type: MultiEncoder</li>
+<li>Type: Encoding</li>
 <li>Default: Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot</li>
 </ul>
 <h1 id="storj-1">Storj</h1>
@@ -27873,7 +34239,7 @@ <h2 id="backend-options">Backend options</h2>
 <li><em>S3 backend</em>: secret encryption key is shared with the gateway</li>
 </ul></li>
 </ul>
-<h2 id="configuration-41">Configuration</h2>
+<h2 id="configuration-5">Configuration</h2>
 <p>To make a new Storj configuration you need one of the following: * Access Grant that someone else shared with you. * <a href="https://documentation.storj.io/getting-started/uploading-your-first-object/create-an-api-key">API Key</a> of a Storj project you are a member of.</p>
 <p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
 <pre><code> rclone config</code></pre>
@@ -27970,7 +34336,7 @@ <h3 id="setup-with-api-key-and-passphrase">Setup with API key and passphrase</h3
 e) Edit this remote
 d) Delete this remote
 y/e/d&gt; y</code></pre>
-<h3 id="standard-options-39">Standard options</h3>
+<h3 id="standard-options-6">Standard options</h3>
 <p>Here are the Standard options specific to storj (Storj Decentralized Cloud Storage).</p>
 <h4 id="storj-provider">--storj-provider</h4>
 <p>Choose an authentication method.</p>
@@ -28049,7 +34415,7 @@ <h4 id="storj-passphrase">--storj-passphrase</h4>
 <li>Type: string</li>
 <li>Required: false</li>
 </ul>
-<h2 id="usage-2">Usage</h2>
+<h2 id="usage-1">Usage</h2>
 <p>Paths are specified as <code>remote:bucket</code> (or <code>remote:</code> for the <code>lsf</code> command.) You may put subdirectories in too, e.g. <code>remote:bucket/path/to/dir</code>.</p>
 <p>Once configured you can then use <code>rclone</code> like this.</p>
 <h3 id="create-a-new-bucket">Create a new bucket</h3>
@@ -28103,15 +34469,15 @@ <h3 id="sync-two-locations">Sync two Locations</h3>
 <pre><code>rclone sync --interactive --progress remote-us:bucket/path/to/dir/ remote-europe:bucket/path/to/dir/</code></pre>
 <p>Or even between another cloud storage and Storj.</p>
 <pre><code>rclone sync --interactive --progress s3:bucket/path/to/dir/ storj:bucket/path/to/dir/</code></pre>
-<h2 id="limitations-30">Limitations</h2>
+<h2 id="limitations-8">Limitations</h2>
 <p><code>rclone about</code> is not supported by the rclone Storj backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
 <p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
-<h2 id="known-issues-1">Known issues</h2>
+<h2 id="known-issues">Known issues</h2>
 <p>If you get errors like <code>too many open files</code> this usually happens when the default <code>ulimit</code> for system max open files is exceeded. Native Storj protocol opens a large number of TCP connections (each of which is counted as an open file). For a single upload stream you can expect 110 TCP connections to be opened. For a single download stream you can expect 35. This batch of connections will be opened for every 64 MiB segment and you should also expect TCP connections to be reused. If you do many transfers you eventually open a connection to most storage nodes (thousands of nodes).</p>
 <p>To fix these, please raise your system limits. You can do this issuing a <code>ulimit -n 65536</code> just before you run rclone. To change the limits more permanently you can add this to your shell startup script, e.g. <code>$HOME/.bashrc</code>, or change the system-wide configuration, usually <code>/etc/sysctl.conf</code> and/or <code>/etc/security/limits.conf</code>, but please refer to your operating system manual.</p>
 <h1 id="sugarsync">SugarSync</h1>
 <p><a href="https://sugarsync.com">SugarSync</a> is a cloud service that enables active synchronization of files across computers and other devices for file backup, access, syncing, and sharing.</p>
-<h2 id="configuration-42">Configuration</h2>
+<h2 id="configuration-6">Configuration</h2>
 <p>The initial setup for SugarSync involves getting a token from SugarSync which you can do with rclone. <code>rclone config</code> walks you through it.</p>
 <p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
 <pre><code> rclone config</code></pre>
@@ -28176,15 +34542,15 @@ <h2 id="configuration-42">Configuration</h2>
 <p>Paths are specified as <code>remote:path</code></p>
 <p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
 <p><strong>NB</strong> you can't create files in the top level folder you have to create a folder, which rclone will create as a "Sync Folder" with SugarSync.</p>
-<h3 id="modified-time-and-hashes-12">Modified time and hashes</h3>
+<h3 id="modification-times-and-hashes-4">Modification times and hashes</h3>
 <p>SugarSync does not support modification times or hashes, therefore syncing will default to <code>--size-only</code> checking. Note that using <code>--update</code> will work as rclone can read the time files were uploaded.</p>
-<h3 id="restricted-filename-characters-27">Restricted filename characters</h3>
+<h3 id="restricted-filename-characters-3">Restricted filename characters</h3>
 <p>SugarSync replaces the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> except for DEL.</p>
 <p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in XML strings.</p>
-<h3 id="deleting-files-7">Deleting files</h3>
+<h3 id="deleting-files-1">Deleting files</h3>
 <p>Deleted files will be moved to the "Deleted items" folder by default.</p>
 <p>However you can supply the flag <code>--sugarsync-hard-delete</code> or set the config parameter <code>hard_delete = true</code> if you would like files to be deleted straight away.</p>
-<h3 id="standard-options-40">Standard options</h3>
+<h3 id="standard-options-7">Standard options</h3>
 <p>Here are the Standard options specific to sugarsync (Sugarsync).</p>
 <h4 id="sugarsync-app-id">--sugarsync-app-id</h4>
 <p>Sugarsync App ID.</p>
@@ -28225,7 +34591,7 @@ <h4 id="sugarsync-hard-delete">--sugarsync-hard-delete</h4>
 <li>Type: bool</li>
 <li>Default: false</li>
 </ul>
-<h3 id="advanced-options-39">Advanced options</h3>
+<h3 id="advanced-options-5">Advanced options</h3>
 <p>Here are the Advanced options specific to sugarsync (Sugarsync).</p>
 <h4 id="sugarsync-refresh-token">--sugarsync-refresh-token</h4>
 <p>Sugarsync refresh token.</p>
@@ -28294,10 +34660,10 @@ <h4 id="sugarsync-encoding">--sugarsync-encoding</h4>
 <ul>
 <li>Config: encoding</li>
 <li>Env Var: RCLONE_SUGARSYNC_ENCODING</li>
-<li>Type: MultiEncoder</li>
+<li>Type: Encoding</li>
 <li>Default: Slash,Ctl,InvalidUtf8,Dot</li>
 </ul>
-<h2 id="limitations-31">Limitations</h2>
+<h2 id="limitations-9">Limitations</h2>
 <p><code>rclone about</code> is not supported by the SugarSync backend. Backends without this capability cannot determine free space for an rclone mount or use policy <code>mfs</code> (most free space) as a member of an rclone union remote.</p>
 <p>See <a href="https://rclone.org/overview/#optional-features">List of backends that do not support rclone about</a> and <a href="https://rclone.org/commands/rclone_about/">rclone about</a></p>
 <h1 id="tardigrade">Tardigrade</h1>
@@ -28306,7 +34672,7 @@ <h1 id="uptobox">Uptobox</h1>
 <p>This is a Backend for Uptobox file storage service. Uptobox is closer to a one-click hoster than a traditional cloud storage provider and therefore not suitable for long term storage.</p>
 <p>Paths are specified as <code>remote:path</code></p>
 <p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-43">Configuration</h2>
+<h2 id="configuration-7">Configuration</h2>
 <p>To configure an Uptobox backend you'll need your personal api token. You'll find it in your <a href="https://uptobox.com/my_account">account settings</a></p>
 <p>Here is an example of how to make a remote called <code>remote</code> with the default setup. First run:</p>
 <pre><code>rclone config</code></pre>
@@ -28360,9 +34726,9 @@ <h2 id="configuration-43">Configuration</h2>
 <pre><code>rclone ls remote:</code></pre>
 <p>To copy a local directory to an Uptobox directory called backup</p>
 <pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-hashes-13">Modified time and hashes</h3>
-<p>Uptobox supports neither modified times nor checksums.</p>
-<h3 id="restricted-filename-characters-28">Restricted filename characters</h3>
+<h3 id="modification-times-and-hashes-5">Modification times and hashes</h3>
+<p>Uptobox supports neither modified times nor checksums. All timestamps will read as that set by <code>--default-time</code>.</p>
+<h3 id="restricted-filename-characters-4">Restricted filename characters</h3>
 <p>In addition to the <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
 <table>
 <thead>
@@ -28386,7 +34752,7 @@ <h3 id="restricted-filename-characters-28">Restricted filename characters</h3>
 </tbody>
 </table>
 <p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in XML strings.</p>
-<h3 id="standard-options-41">Standard options</h3>
+<h3 id="standard-options-8">Standard options</h3>
 <p>Here are the Standard options specific to uptobox (Uptobox).</p>
 <h4 id="uptobox-access-token">--uptobox-access-token</h4>
 <p>Your access token.</p>
@@ -28398,8 +34764,17 @@ <h4 id="uptobox-access-token">--uptobox-access-token</h4>
 <li>Type: string</li>
 <li>Required: false</li>
 </ul>
-<h3 id="advanced-options-40">Advanced options</h3>
+<h3 id="advanced-options-6">Advanced options</h3>
 <p>Here are the Advanced options specific to uptobox (Uptobox).</p>
+<h4 id="uptobox-private">--uptobox-private</h4>
+<p>Set to make uploaded files private</p>
+<p>Properties:</p>
+<ul>
+<li>Config: private</li>
+<li>Env Var: RCLONE_UPTOBOX_PRIVATE</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
 <h4 id="uptobox-encoding">--uptobox-encoding</h4>
 <p>The encoding for the backend.</p>
 <p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
@@ -28407,20 +34782,24 @@ <h4 id="uptobox-encoding">--uptobox-encoding</h4>
 <ul>
 <li>Config: encoding</li>
 <li>Env Var: RCLONE_UPTOBOX_ENCODING</li>
-<li>Type: MultiEncoder</li>
+<li>Type: Encoding</li>
 <li>Default: Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot</li>
 </ul>
-<h2 id="limitations-32">Limitations</h2>
+<h2 id="limitations-10">Limitations</h2>
 <p>Uptobox will delete inactive files that have not been accessed in 60 days.</p>
 <p><code>rclone about</code> is not supported by this backend an overview of used space can however been seen in the uptobox web interface.</p>
 <h1 id="union">Union</h1>
-<p>The <code>union</code> remote provides a unification similar to UnionFS using other remotes.</p>
-<p>Paths may be as deep as required or a local path, e.g. <code>remote:directory/subdirectory</code> or <code>/directory/subdirectory</code>.</p>
+<p>The <code>union</code> backend joins several remotes together to make a single unified view of them.</p>
 <p>During the initial setup with <code>rclone config</code> you will specify the upstream remotes as a space separated list. The upstream remotes can either be a local paths or other remotes.</p>
-<p>Attribute <code>:ro</code> and <code>:nc</code> can be attach to the end of path to tag the remote as <strong>read only</strong> or <strong>no create</strong>, e.g. <code>remote:directory/subdirectory:ro</code> or <code>remote:directory/subdirectory:nc</code>.</p>
+<p>The attributes <code>:ro</code>, <code>:nc</code> and <code>:writeback</code> can be attached to the end of the remote to tag the remote as <strong>read only</strong>, <strong>no create</strong> or <strong>writeback</strong>, e.g. <code>remote:directory/subdirectory:ro</code> or <code>remote:directory/subdirectory:nc</code>.</p>
+<ul>
+<li><code>:ro</code> means files will only be read from here and never written</li>
+<li><code>:nc</code> means new files or directories won't be created here</li>
+<li><code>:writeback</code> means files found in different remotes will be written back here. See the <a href="#writeback">writeback section</a> for more info.</li>
+</ul>
 <p>Subfolders can be used in upstream remotes. Assume a union remote named <code>backup</code> with the remotes <code>mydrive:private/backup</code>. Invoking <code>rclone mkdir backup:desktop</code> is exactly the same as invoking <code>rclone mkdir mydrive:private/backup/desktop</code>.</p>
-<p>There will be no special handling of paths containing <code>..</code> segments. Invoking <code>rclone mkdir backup:../desktop</code> is exactly the same as invoking <code>rclone mkdir mydrive:private/backup/../desktop</code>.</p>
-<h2 id="configuration-44">Configuration</h2>
+<p>There is no special handling of paths containing <code>..</code> segments. Invoking <code>rclone mkdir backup:../desktop</code> is exactly the same as invoking <code>rclone mkdir mydrive:private/backup/../desktop</code>.</p>
+<h2 id="configuration-8">Configuration</h2>
 <p>Here is an example of how to make a union called <code>remote</code> for local folders. First run:</p>
 <pre><code> rclone config</code></pre>
 <p>This will guide you through an interactive setup process:</p>
@@ -28641,7 +35020,19 @@ <h3 id="policy-descriptions">Policy descriptions</h3>
 </tr>
 </tbody>
 </table>
-<h3 id="standard-options-42">Standard options</h3>
+<h3 id="writeback">Writeback</h3>
+<p>The tag <code>:writeback</code> on an upstream remote can be used to make a simple cache system like this:</p>
+<pre><code>[union]
+type = union
+action_policy = all
+create_policy = all
+search_policy = ff
+upstreams = /local:writeback remote:dir</code></pre>
+<p>When files are opened for read, if the file is in <code>remote:dir</code> but not <code>/local</code> then rclone will copy the file entirely into <code>/local</code> before returning a reference to the file in <code>/local</code>. The copy will be done with the equivalent of <code>rclone copy</code> so will use <code>--multi-thread-streams</code> if configured. Any copies will be logged with an INFO log.</p>
+<p>When files are written, they will be written to both <code>remote:dir</code> and <code>/local</code>.</p>
+<p>As many remotes as desired can be added to <code>upstreams</code> but there should only be one <code>:writeback</code> tag.</p>
+<p>Rclone does not manage the <code>:writeback</code> remote in any way other than writing files back to it. So if you need to expire old files or manage the size then you will have to do this yourself.</p>
+<h3 id="standard-options-9">Standard options</h3>
 <p>Here are the Standard options specific to union (Union merges the contents of several upstream fs).</p>
 <h4 id="union-upstreams">--union-upstreams</h4>
 <p>List of space separated upstreams.</p>
@@ -28690,7 +35081,7 @@ <h4 id="union-cache-time">--union-cache-time</h4>
 <li>Type: int</li>
 <li>Default: 120</li>
 </ul>
-<h3 id="advanced-options-41">Advanced options</h3>
+<h3 id="advanced-options-7">Advanced options</h3>
 <p>Here are the Advanced options specific to union (Union merges the contents of several upstream fs).</p>
 <h4 id="union-min-free-space">--union-min-free-space</h4>
 <p>Minimum viable free space for lfs/eplfs policies.</p>
@@ -28702,13 +35093,13 @@ <h4 id="union-min-free-space">--union-min-free-space</h4>
 <li>Type: SizeSuffix</li>
 <li>Default: 1Gi</li>
 </ul>
-<h3 id="metadata-9">Metadata</h3>
+<h3 id="metadata-4">Metadata</h3>
 <p>Any metadata supported by the underlying remote is read and written.</p>
 <p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
 <h1 id="webdav">WebDAV</h1>
 <p>Paths are specified as <code>remote:path</code></p>
 <p>Paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h2 id="configuration-45">Configuration</h2>
+<h2 id="configuration-9">Configuration</h2>
 <p>To configure the WebDAV remote you will need to have a URL for it, and a username and password. If you know what kind of system you are connecting to then rclone can enable extra features.</p>
 <p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
 <pre><code> rclone config</code></pre>
@@ -28733,17 +35124,21 @@ <h2 id="configuration-45">Configuration</h2>
 url&gt; https://example.com/remote.php/webdav/
 Name of the WebDAV site/service/software you are using
 Choose a number from below, or type in your own value
- 1 / Nextcloud
-   \ &quot;nextcloud&quot;
- 2 / Owncloud
-   \ &quot;owncloud&quot;
- 3 / Sharepoint Online, authenticated by Microsoft account.
-   \ &quot;sharepoint&quot;
- 4 / Sharepoint with NTLM authentication. Usually self-hosted or on-premises.
-   \ &quot;sharepoint-ntlm&quot;
- 5 / Other site/service or software
-   \ &quot;other&quot;
-vendor&gt; 1
+ 1 / Fastmail Files
+   \ (fastmail)
+ 2 / Nextcloud
+   \ (nextcloud)
+ 3 / Owncloud
+   \ (owncloud)
+ 4 / Sharepoint Online, authenticated by Microsoft account
+   \ (sharepoint)
+ 5 / Sharepoint with NTLM authentication, usually self-hosted or on-premises
+   \ (sharepoint-ntlm)
+ 6 / rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
+   \ (rclone)
+ 7 / Other site/service or software
+   \ (other)
+vendor&gt; 2
 User name
 user&gt; user
 Password.
@@ -28778,10 +35173,10 @@ <h2 id="configuration-45">Configuration</h2>
 <pre><code>rclone ls remote:</code></pre>
 <p>To copy a local directory to an WebDAV directory called backup</p>
 <pre><code>rclone copy /home/source remote:backup</code></pre>
-<h3 id="modified-time-and-hashes-14">Modified time and hashes</h3>
-<p>Plain WebDAV does not support modified times. However when used with Owncloud or Nextcloud rclone will support modified times.</p>
-<p>Likewise plain WebDAV does not support hashes, however when used with Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes. Depending on the exact version of Owncloud or Nextcloud hashes may appear on all objects, or only on objects which had a hash uploaded with them.</p>
-<h3 id="standard-options-43">Standard options</h3>
+<h3 id="modification-times-and-hashes-6">Modification times and hashes</h3>
+<p>Plain WebDAV does not support modified times. However when used with Fastmail Files, Owncloud or Nextcloud rclone will support modified times.</p>
+<p>Likewise plain WebDAV does not support hashes, however when used with Fastmail Files, Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes. Depending on the exact version of Owncloud or Nextcloud hashes may appear on all objects, or only on objects which had a hash uploaded with them.</p>
+<h3 id="standard-options-10">Standard options</h3>
 <p>Here are the Standard options specific to webdav (WebDAV).</p>
 <h4 id="webdav-url">--webdav-url</h4>
 <p>URL of http host to connect to.</p>
@@ -28803,6 +35198,10 @@ <h4 id="webdav-vendor">--webdav-vendor</h4>
 <li>Required: false</li>
 <li>Examples:
 <ul>
+<li>"fastmail"
+<ul>
+<li>Fastmail Files</li>
+</ul></li>
 <li>"nextcloud"
 <ul>
 <li>Nextcloud</li>
@@ -28819,6 +35218,10 @@ <h4 id="webdav-vendor">--webdav-vendor</h4>
 <ul>
 <li>Sharepoint with NTLM authentication, usually self-hosted or on-premises</li>
 </ul></li>
+<li>"rclone"
+<ul>
+<li>rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol</li>
+</ul></li>
 <li>"other"
 <ul>
 <li>Other site/service or software</li>
@@ -28854,7 +35257,7 @@ <h4 id="webdav-bearer-token">--webdav-bearer-token</h4>
 <li>Type: string</li>
 <li>Required: false</li>
 </ul>
-<h3 id="advanced-options-42">Advanced options</h3>
+<h3 id="advanced-options-8">Advanced options</h3>
 <p>Here are the Advanced options specific to webdav (WebDAV).</p>
 <h4 id="webdav-bearer-token-command">--webdav-bearer-token-command</h4>
 <p>Command to run to get a bearer token.</p>
@@ -28889,8 +35292,31 @@ <h4 id="webdav-headers">--webdav-headers</h4>
 <li>Type: CommaSepList</li>
 <li>Default:</li>
 </ul>
+<h4 id="webdav-pacer-min-sleep">--webdav-pacer-min-sleep</h4>
+<p>Minimum time to sleep between API calls.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: pacer_min_sleep</li>
+<li>Env Var: RCLONE_WEBDAV_PACER_MIN_SLEEP</li>
+<li>Type: Duration</li>
+<li>Default: 10ms</li>
+</ul>
+<h4 id="webdav-nextcloud-chunk-size">--webdav-nextcloud-chunk-size</h4>
+<p>Nextcloud upload chunk size.</p>
+<p>We recommend configuring your NextCloud instance to increase the max chunk size to 1 GB for better upload performances. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#adjust-chunk-size-on-nextcloud-side</p>
+<p>Set to 0 to disable chunked uploading.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: nextcloud_chunk_size</li>
+<li>Env Var: RCLONE_WEBDAV_NEXTCLOUD_CHUNK_SIZE</li>
+<li>Type: SizeSuffix</li>
+<li>Default: 10Mi</li>
+</ul>
 <h2 id="provider-notes">Provider notes</h2>
 <p>See below for notes on specific providers.</p>
+<h2 id="fastmail-files">Fastmail Files</h2>
+<p>Use <code>https://webdav.fastmail.com/</code> or a subdirectory as the URL, and your Fastmail email <code>username@domain.tld</code> as the username. Follow <a href="https://www.fastmail.help/hc/en-us/articles/360058752854-App-passwords">this documentation</a> to create an app password with access to <code>Files (WebDAV)</code> and use this as the password.</p>
+<p>Fastmail supports modified times using the <code>X-OC-Mtime</code> header.</p>
 <h3 id="owncloud">Owncloud</h3>
 <p>Click on the settings cog in the bottom right of the page and this will show the WebDAV URL that rclone needs in the config step. It will look something like <code>https://example.com/remote.php/webdav/</code>.</p>
 <p>Owncloud supports modified times using the <code>X-OC-Mtime</code> header.</p>
@@ -28931,6 +35357,9 @@ <h4 id="required-flags-for-sharepoint">Required Flags for SharePoint</h4>
 <p>As SharePoint does some special things with uploaded documents, you won't be able to use the documents size or the documents hash to compare if a file has been changed since the upload / which file is newer.</p>
 <p>For Rclone calls copying files (especially Office files such as .docx, .xlsx, etc.) from/to SharePoint (like copy, sync, etc.), you should append these flags to ensure Rclone uses the "Last Modified" datetime property to compare your documents:</p>
 <pre><code>--ignore-size --ignore-checksum --update</code></pre>
+<h2 id="rclone-1">Rclone</h2>
+<p>Use this option if you are hosting remotes over WebDAV provided by rclone. Read <a href="commands/rclone_serve_webdav/">rclone serve webdav</a> for more details.</p>
+<p>rclone serve supports modified times using the <code>X-OC-Mtime</code> header.</p>
 <h3 id="dcache">dCache</h3>
 <p>dCache is a storage system that supports many protocols and authentication/authorisation schemes. For WebDAV clients, it allows users to authenticate with username and password (BASIC), X.509, Kerberos, and various bearer tokens, including <a href="https://www.dcache.org/manuals/workshop-2017-05-29-Umea/000-Final/anupam_macaroons_v02.pdf">Macaroons</a> and <a href="https://en.wikipedia.org/wiki/OpenID_Connect">OpenID-Connect</a> access tokens.</p>
 <p>Configure as normal using the <code>other</code> type. Don't enter a username or password, instead enter your Macaroon as the <code>bearer_token</code>.</p>
@@ -28961,7 +35390,7 @@ <h3 id="openid-connect">OpenID-Connect</h3>
 bearer_token_command = oidc-token XDC</code></pre>
 <h1 id="yandex-disk">Yandex Disk</h1>
 <p><a href="https://disk.yandex.com">Yandex Disk</a> is a cloud storage solution created by <a href="https://yandex.com">Yandex</a>.</p>
-<h2 id="configuration-46">Configuration</h2>
+<h2 id="configuration-10">Configuration</h2>
 <p>Here is an example of making a yandex configuration. First run</p>
 <pre><code>rclone config</code></pre>
 <p>This will guide you through an interactive setup process:</p>
@@ -29015,18 +35444,17 @@ <h2 id="configuration-46">Configuration</h2>
 <p>Sync <code>/home/local/directory</code> to the remote path, deleting any excess files in the path.</p>
 <pre><code>rclone sync --interactive /home/local/directory remote:directory</code></pre>
 <p>Yandex paths may be as deep as required, e.g. <code>remote:directory/subdirectory</code>.</p>
-<h3 id="modified-time-13">Modified time</h3>
+<h3 id="modification-times-and-hashes-7">Modification times and hashes</h3>
 <p>Modified times are supported and are stored accurate to 1 ns in custom metadata called <code>rclone_modified</code> in RFC3339 with nanoseconds format.</p>
-<h3 id="md5-checksums">MD5 checksums</h3>
-<p>MD5 checksums are natively supported by Yandex Disk.</p>
-<h3 id="emptying-trash-2">Emptying Trash</h3>
+<p>The MD5 hash algorithm is natively supported by Yandex Disk.</p>
+<h3 id="emptying-trash">Emptying Trash</h3>
 <p>If you wish to empty your trash you can use the <code>rclone cleanup remote:</code> command which will permanently delete all your trashed files. This command does not take any path arguments.</p>
-<h3 id="quota-information-3">Quota information</h3>
+<h3 id="quota-information">Quota information</h3>
 <p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your usage limit (quota) and the current usage.</p>
-<h3 id="restricted-filename-characters-29">Restricted filename characters</h3>
+<h3 id="restricted-filename-characters-5">Restricted filename characters</h3>
 <p>The <a href="https://rclone.org/overview/#restricted-characters">default restricted characters set</a> are replaced.</p>
 <p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be used in JSON strings.</p>
-<h3 id="standard-options-44">Standard options</h3>
+<h3 id="standard-options-11">Standard options</h3>
 <p>Here are the Standard options specific to yandex (Yandex Disk).</p>
 <h4 id="yandex-client-id">--yandex-client-id</h4>
 <p>OAuth Client Id.</p>
@@ -29048,7 +35476,7 @@ <h4 id="yandex-client-secret">--yandex-client-secret</h4>
 <li>Type: string</li>
 <li>Required: false</li>
 </ul>
-<h3 id="advanced-options-43">Advanced options</h3>
+<h3 id="advanced-options-9">Advanced options</h3>
 <p>Here are the Advanced options specific to yandex (Yandex Disk).</p>
 <h4 id="yandex-token">--yandex-token</h4>
 <p>OAuth Access Token as a JSON blob.</p>
@@ -29095,16 +35523,16 @@ <h4 id="yandex-encoding">--yandex-encoding</h4>
 <ul>
 <li>Config: encoding</li>
 <li>Env Var: RCLONE_YANDEX_ENCODING</li>
-<li>Type: MultiEncoder</li>
+<li>Type: Encoding</li>
 <li>Default: Slash,Del,Ctl,InvalidUtf8,Dot</li>
 </ul>
-<h2 id="limitations-33">Limitations</h2>
+<h2 id="limitations-11">Limitations</h2>
 <p>When uploading very large files (bigger than about 5 GiB) you will need to increase the <code>--timeout</code> parameter. This is because Yandex pauses (perhaps to calculate the MD5SUM for the entire file) before returning confirmation that the file has been uploaded. The default handling of timeouts in rclone is to assume a 5 minute pause is an error and close the connection - you'll see <code>net/http: timeout awaiting response headers</code> errors in the logs if this is happening. Setting the timeout to twice the max size of file in GiB should be enough, so if you want to upload a 30 GiB file set a timeout of <code>2 * 30 = 60m</code>, that is <code>--timeout 60m</code>.</p>
 <p>Having a Yandex Mail account is mandatory to use the Yandex.Disk subscription. Token generation will work without a mail account, but Rclone won't be able to complete any actions.</p>
 <pre><code>[403 - DiskUnsupportedUserAccountTypeError] User account type is not supported.</code></pre>
 <h1 id="zoho-workdrive">Zoho Workdrive</h1>
 <p><a href="https://www.zoho.com/workdrive/">Zoho WorkDrive</a> is a cloud storage solution created by <a href="https://zoho.com">Zoho</a>.</p>
-<h2 id="configuration-47">Configuration</h2>
+<h2 id="configuration-11">Configuration</h2>
 <p>Here is an example of making a zoho configuration. First run</p>
 <pre><code>rclone config</code></pre>
 <p>This will guide you through an interactive setup process:</p>
@@ -29177,751 +35605,1491 @@ <h2 id="configuration-47">Configuration</h2>
 <p>Sync <code>/home/local/directory</code> to the remote path, deleting any excess files in the path.</p>
 <pre><code>rclone sync --interactive /home/local/directory remote:directory</code></pre>
 <p>Zoho paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
-<h3 id="modified-time-14">Modified time</h3>
+<h3 id="modification-times-and-hashes-8">Modification times and hashes</h3>
 <p>Modified times are currently not supported for Zoho Workdrive</p>
-<h3 id="checksums">Checksums</h3>
-<p>No checksums are supported.</p>
-<h3 id="usage-information-1">Usage information</h3>
+<p>No hash algorithms are supported.</p>
+<h3 id="usage-information">Usage information</h3>
 <p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your current usage.</p>
-<h3 id="restricted-filename-characters-30">Restricted filename characters</h3>
+<h3 id="restricted-filename-characters-6">Restricted filename characters</h3>
 <p>Only control characters and invalid UTF-8 are replaced. In addition most Unicode full-width characters are not supported at all and will be removed from filenames during upload.</p>
-<h3 id="standard-options-45">Standard options</h3>
+<h3 id="standard-options-12">Standard options</h3>
 <p>Here are the Standard options specific to zoho (Zoho).</p>
 <h4 id="zoho-client-id">--zoho-client-id</h4>
 <p>OAuth Client Id.</p>
 <p>Leave blank normally.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: client_id</li>
-<li>Env Var: RCLONE_ZOHO_CLIENT_ID</li>
-<li>Type: string</li>
-<li>Required: false</li>
+<li>Config: client_id</li>
+<li>Env Var: RCLONE_ZOHO_CLIENT_ID</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="zoho-client-secret">--zoho-client-secret</h4>
+<p>OAuth Client Secret.</p>
+<p>Leave blank normally.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: client_secret</li>
+<li>Env Var: RCLONE_ZOHO_CLIENT_SECRET</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="zoho-region">--zoho-region</h4>
+<p>Zoho region to connect to.</p>
+<p>You'll have to use the region your organization is registered in. If not sure use the same top level domain as you connect to in your browser.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: region</li>
+<li>Env Var: RCLONE_ZOHO_REGION</li>
+<li>Type: string</li>
+<li>Required: false</li>
+<li>Examples:
+<ul>
+<li>"com"
+<ul>
+<li>United states / Global</li>
+</ul></li>
+<li>"eu"
+<ul>
+<li>Europe</li>
+</ul></li>
+<li>"in"
+<ul>
+<li>India</li>
+</ul></li>
+<li>"jp"
+<ul>
+<li>Japan</li>
+</ul></li>
+<li>"com.cn"
+<ul>
+<li>China</li>
+</ul></li>
+<li>"com.au"
+<ul>
+<li>Australia</li>
+</ul></li>
+</ul></li>
+</ul>
+<h3 id="advanced-options-10">Advanced options</h3>
+<p>Here are the Advanced options specific to zoho (Zoho).</p>
+<h4 id="zoho-token">--zoho-token</h4>
+<p>OAuth Access Token as a JSON blob.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: token</li>
+<li>Env Var: RCLONE_ZOHO_TOKEN</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="zoho-auth-url">--zoho-auth-url</h4>
+<p>Auth server URL.</p>
+<p>Leave blank to use the provider defaults.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: auth_url</li>
+<li>Env Var: RCLONE_ZOHO_AUTH_URL</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="zoho-token-url">--zoho-token-url</h4>
+<p>Token server url.</p>
+<p>Leave blank to use the provider defaults.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: token_url</li>
+<li>Env Var: RCLONE_ZOHO_TOKEN_URL</li>
+<li>Type: string</li>
+<li>Required: false</li>
+</ul>
+<h4 id="zoho-encoding">--zoho-encoding</h4>
+<p>The encoding for the backend.</p>
+<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: encoding</li>
+<li>Env Var: RCLONE_ZOHO_ENCODING</li>
+<li>Type: Encoding</li>
+<li>Default: Del,Ctl,InvalidUtf8</li>
+</ul>
+<h2 id="setting-up-your-own-client_id">Setting up your own client_id</h2>
+<p>For Zoho we advise you to set up your own client_id. To do so you have to complete the following steps.</p>
+<ol type="1">
+<li><p>Log in to the <a href="https://api-console.zoho.com">Zoho API Console</a></p></li>
+<li><p>Create a new client of type "Server-based Application". The name and website don't matter, but you must add the redirect URL <code>http://localhost:53682/</code>.</p></li>
+<li><p>Once the client is created, you can go to the settings tab and enable it in other regions.</p></li>
+</ol>
+<p>The client id and client secret can now be used with rclone.</p>
+<h1 id="local-filesystem">Local Filesystem</h1>
+<p>Local paths are specified as normal filesystem paths, e.g. <code>/path/to/wherever</code>, so</p>
+<pre><code>rclone sync --interactive /home/source /tmp/destination</code></pre>
+<p>Will sync <code>/home/source</code> to <code>/tmp/destination</code>.</p>
+<h2 id="configuration-12">Configuration</h2>
+<p>For consistencies sake one can also configure a remote of type <code>local</code> in the config file, and access the local filesystem using rclone remote paths, e.g. <code>remote:path/to/wherever</code>, but it is probably easier not to.</p>
+<h3 id="modification-times-2">Modification times</h3>
+<p>Rclone reads and writes the modification times using an accuracy determined by the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second on OS X.</p>
+<h3 id="filenames">Filenames</h3>
+<p>Filenames should be encoded in UTF-8 on disk. This is the normal case for Windows and OS X.</p>
+<p>There is a bit more uncertainty in the Linux world, but new distributions will have UTF-8 encoded files names. If you are using an old Linux filesystem with non UTF-8 file names (e.g. latin1) then you can use the <code>convmv</code> tool to convert the filesystem to UTF-8. This tool is available in most distributions' package managers.</p>
+<p>If an invalid (non-UTF8) filename is read, the invalid characters will be replaced with a quoted representation of the invalid bytes. The name <code>gro\xdf</code> will be transferred as <code>gro‛DF</code>. <code>rclone</code> will emit a debug message in this case (use <code>-v</code> to see), e.g.</p>
+<pre><code>Local file system at .: Replacing invalid UTF-8 characters in &quot;gro\xdf&quot;</code></pre>
+<h4 id="restricted-characters-1">Restricted characters</h4>
+<p>With the local backend, restrictions on the characters that are usable in file or directory names depend on the operating system. To check what rclone will replace by default on your system, run <code>rclone help flags local-encoding</code>.</p>
+<p>On non Windows platforms the following characters are replaced when handling file names.</p>
+<table>
+<thead>
+<tr class="header">
+<th>Character</th>
+<th style="text-align: center;">Value</th>
+<th style="text-align: center;">Replacement</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>NUL</td>
+<td style="text-align: center;">0x00</td>
+<td style="text-align: center;">␀</td>
+</tr>
+<tr class="even">
+<td>/</td>
+<td style="text-align: center;">0x2F</td>
+<td style="text-align: center;">／</td>
+</tr>
+</tbody>
+</table>
+<p>When running on Windows the following characters are replaced. This list is based on the <a href="https://docs.microsoft.com/de-de/windows/desktop/FileIO/naming-a-file#naming-conventions">Windows file naming conventions</a>.</p>
+<table>
+<thead>
+<tr class="header">
+<th>Character</th>
+<th style="text-align: center;">Value</th>
+<th style="text-align: center;">Replacement</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>NUL</td>
+<td style="text-align: center;">0x00</td>
+<td style="text-align: center;">␀</td>
+</tr>
+<tr class="even">
+<td>SOH</td>
+<td style="text-align: center;">0x01</td>
+<td style="text-align: center;">␁</td>
+</tr>
+<tr class="odd">
+<td>STX</td>
+<td style="text-align: center;">0x02</td>
+<td style="text-align: center;">␂</td>
+</tr>
+<tr class="even">
+<td>ETX</td>
+<td style="text-align: center;">0x03</td>
+<td style="text-align: center;">␃</td>
+</tr>
+<tr class="odd">
+<td>EOT</td>
+<td style="text-align: center;">0x04</td>
+<td style="text-align: center;">␄</td>
+</tr>
+<tr class="even">
+<td>ENQ</td>
+<td style="text-align: center;">0x05</td>
+<td style="text-align: center;">␅</td>
+</tr>
+<tr class="odd">
+<td>ACK</td>
+<td style="text-align: center;">0x06</td>
+<td style="text-align: center;">␆</td>
+</tr>
+<tr class="even">
+<td>BEL</td>
+<td style="text-align: center;">0x07</td>
+<td style="text-align: center;">␇</td>
+</tr>
+<tr class="odd">
+<td>BS</td>
+<td style="text-align: center;">0x08</td>
+<td style="text-align: center;">␈</td>
+</tr>
+<tr class="even">
+<td>HT</td>
+<td style="text-align: center;">0x09</td>
+<td style="text-align: center;">␉</td>
+</tr>
+<tr class="odd">
+<td>LF</td>
+<td style="text-align: center;">0x0A</td>
+<td style="text-align: center;">␊</td>
+</tr>
+<tr class="even">
+<td>VT</td>
+<td style="text-align: center;">0x0B</td>
+<td style="text-align: center;">␋</td>
+</tr>
+<tr class="odd">
+<td>FF</td>
+<td style="text-align: center;">0x0C</td>
+<td style="text-align: center;">␌</td>
+</tr>
+<tr class="even">
+<td>CR</td>
+<td style="text-align: center;">0x0D</td>
+<td style="text-align: center;">␍</td>
+</tr>
+<tr class="odd">
+<td>SO</td>
+<td style="text-align: center;">0x0E</td>
+<td style="text-align: center;">␎</td>
+</tr>
+<tr class="even">
+<td>SI</td>
+<td style="text-align: center;">0x0F</td>
+<td style="text-align: center;">␏</td>
+</tr>
+<tr class="odd">
+<td>DLE</td>
+<td style="text-align: center;">0x10</td>
+<td style="text-align: center;">␐</td>
+</tr>
+<tr class="even">
+<td>DC1</td>
+<td style="text-align: center;">0x11</td>
+<td style="text-align: center;">␑</td>
+</tr>
+<tr class="odd">
+<td>DC2</td>
+<td style="text-align: center;">0x12</td>
+<td style="text-align: center;">␒</td>
+</tr>
+<tr class="even">
+<td>DC3</td>
+<td style="text-align: center;">0x13</td>
+<td style="text-align: center;">␓</td>
+</tr>
+<tr class="odd">
+<td>DC4</td>
+<td style="text-align: center;">0x14</td>
+<td style="text-align: center;">␔</td>
+</tr>
+<tr class="even">
+<td>NAK</td>
+<td style="text-align: center;">0x15</td>
+<td style="text-align: center;">␕</td>
+</tr>
+<tr class="odd">
+<td>SYN</td>
+<td style="text-align: center;">0x16</td>
+<td style="text-align: center;">␖</td>
+</tr>
+<tr class="even">
+<td>ETB</td>
+<td style="text-align: center;">0x17</td>
+<td style="text-align: center;">␗</td>
+</tr>
+<tr class="odd">
+<td>CAN</td>
+<td style="text-align: center;">0x18</td>
+<td style="text-align: center;">␘</td>
+</tr>
+<tr class="even">
+<td>EM</td>
+<td style="text-align: center;">0x19</td>
+<td style="text-align: center;">␙</td>
+</tr>
+<tr class="odd">
+<td>SUB</td>
+<td style="text-align: center;">0x1A</td>
+<td style="text-align: center;">␚</td>
+</tr>
+<tr class="even">
+<td>ESC</td>
+<td style="text-align: center;">0x1B</td>
+<td style="text-align: center;">␛</td>
+</tr>
+<tr class="odd">
+<td>FS</td>
+<td style="text-align: center;">0x1C</td>
+<td style="text-align: center;">␜</td>
+</tr>
+<tr class="even">
+<td>GS</td>
+<td style="text-align: center;">0x1D</td>
+<td style="text-align: center;">␝</td>
+</tr>
+<tr class="odd">
+<td>RS</td>
+<td style="text-align: center;">0x1E</td>
+<td style="text-align: center;">␞</td>
+</tr>
+<tr class="even">
+<td>US</td>
+<td style="text-align: center;">0x1F</td>
+<td style="text-align: center;">␟</td>
+</tr>
+<tr class="odd">
+<td>/</td>
+<td style="text-align: center;">0x2F</td>
+<td style="text-align: center;">／</td>
+</tr>
+<tr class="even">
+<td>"</td>
+<td style="text-align: center;">0x22</td>
+<td style="text-align: center;">＂</td>
+</tr>
+<tr class="odd">
+<td>*</td>
+<td style="text-align: center;">0x2A</td>
+<td style="text-align: center;">＊</td>
+</tr>
+<tr class="even">
+<td>:</td>
+<td style="text-align: center;">0x3A</td>
+<td style="text-align: center;">：</td>
+</tr>
+<tr class="odd">
+<td>&lt;</td>
+<td style="text-align: center;">0x3C</td>
+<td style="text-align: center;">＜</td>
+</tr>
+<tr class="even">
+<td>&gt;</td>
+<td style="text-align: center;">0x3E</td>
+<td style="text-align: center;">＞</td>
+</tr>
+<tr class="odd">
+<td>?</td>
+<td style="text-align: center;">0x3F</td>
+<td style="text-align: center;">？</td>
+</tr>
+<tr class="even">
+<td>\</td>
+<td style="text-align: center;">0x5C</td>
+<td style="text-align: center;">＼</td>
+</tr>
+<tr class="odd">
+<td>|</td>
+<td style="text-align: center;">0x7C</td>
+<td style="text-align: center;">｜</td>
+</tr>
+</tbody>
+</table>
+<p>File names on Windows can also not end with the following characters. These only get replaced if they are the last character in the name:</p>
+<table>
+<thead>
+<tr class="header">
+<th>Character</th>
+<th style="text-align: center;">Value</th>
+<th style="text-align: center;">Replacement</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>SP</td>
+<td style="text-align: center;">0x20</td>
+<td style="text-align: center;">␠</td>
+</tr>
+<tr class="even">
+<td>.</td>
+<td style="text-align: center;">0x2E</td>
+<td style="text-align: center;">．</td>
+</tr>
+</tbody>
+</table>
+<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be converted to UTF-16.</p>
+<h3 id="paths-on-windows">Paths on Windows</h3>
+<p>On Windows there are many ways of specifying a path to a file system resource. Local paths can be absolute, like <code>C:\path\to\wherever</code>, or relative, like <code>..\wherever</code>. Network paths in UNC format, <code>\\server\share</code>, are also supported. Path separator can be either <code>\</code> (as in <code>C:\path\to\wherever</code>) or <code>/</code> (as in <code>C:/path/to/wherever</code>). Length of these paths are limited to 259 characters for files and 247 characters for directories, but there is an alternative extended-length path format increasing the limit to (approximately) 32,767 characters. This format requires absolute paths and the use of prefix <code>\\?\</code>, e.g. <code>\\?\D:\some\very\long\path</code>. For convenience rclone will automatically convert regular paths into the corresponding extended-length paths, so in most cases you do not have to worry about this (read more <a href="#long-paths">below</a>).</p>
+<p>Note that Windows supports using the same prefix <code>\\?\</code> to specify path to volumes identified by their GUID, e.g. <code>\\?\Volume{b75e2c83-0000-0000-0000-602f00000000}\some\path</code>. This is <em>not</em> supported in rclone, due to an <a href="https://github.com/golang/go/issues/39785">issue</a> in go.</p>
+<h4 id="long-paths">Long paths</h4>
+<p>Rclone handles long paths automatically, by converting all paths to <a href="https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation">extended-length path format</a>, which allows paths up to 32,767 characters.</p>
+<p>This conversion will ensure paths are absolute and prefix them with the <code>\\?\</code>. This is why you will see that your paths, for instance <code>.\files</code> is shown as path <code>\\?\C:\files</code> in the output, and <code>\\server\share</code> as <code>\\?\UNC\server\share</code>.</p>
+<p>However, in rare cases this may cause problems with buggy file system drivers like <a href="https://github.com/rclone/rclone/issues/261">EncFS</a>. To disable UNC conversion globally, add this to your <code>.rclone.conf</code> file:</p>
+<pre><code>[local]
+nounc = true</code></pre>
+<p>If you want to selectively disable UNC, you can add it to a separate entry like this:</p>
+<pre><code>[nounc]
+type = local
+nounc = true</code></pre>
+<p>And use rclone like this:</p>
+<p><code>rclone copy c:\src nounc:z:\dst</code></p>
+<p>This will use UNC paths on <code>c:\src</code> but not on <code>z:\dst</code>. Of course this will cause problems if the absolute path length of a file exceeds 259 characters on z, so only use this option if you have to.</p>
+<h3 id="symlinks-junction-points">Symlinks / Junction points</h3>
+<p>Normally rclone will ignore symlinks or junction points (which behave like symlinks under Windows).</p>
+<p>If you supply <code>--copy-links</code> or <code>-L</code> then rclone will follow the symlink and copy the pointed to file or directory. Note that this flag is incompatible with <code>--links</code> / <code>-l</code>.</p>
+<p>This flag applies to all commands.</p>
+<p>For example, supposing you have a directory structure like this</p>
+<pre><code>$ tree /tmp/a
+/tmp/a
+├── b -&gt; ../b
+├── expected -&gt; ../expected
+├── one
+└── two
+    └── three</code></pre>
+<p>Then you can see the difference with and without the flag like this</p>
+<pre><code>$ rclone ls /tmp/a
+        6 one
+        6 two/three</code></pre>
+<p>and</p>
+<pre><code>$ rclone -L ls /tmp/a
+     4174 expected
+        6 one
+        6 two/three
+        6 b/two
+        6 b/one</code></pre>
+<h4 id="links--l">--links, -l</h4>
+<p>Normally rclone will ignore symlinks or junction points (which behave like symlinks under Windows).</p>
+<p>If you supply this flag then rclone will copy symbolic links from the local storage, and store them as text files, with a '.rclonelink' suffix in the remote storage.</p>
+<p>The text file will contain the target of the symbolic link (see example).</p>
+<p>This flag applies to all commands.</p>
+<p>For example, supposing you have a directory structure like this</p>
+<pre><code>$ tree /tmp/a
+/tmp/a
+├── file1 -&gt; ./file4
+└── file2 -&gt; /home/user/file3</code></pre>
+<p>Copying the entire directory with '-l'</p>
+<pre><code>$ rclone copyto -l /tmp/a/file1 remote:/tmp/a/</code></pre>
+<p>The remote files are created with a '.rclonelink' suffix</p>
+<pre><code>$ rclone ls remote:/tmp/a
+       5 file1.rclonelink
+      14 file2.rclonelink</code></pre>
+<p>The remote files will contain the target of the symbolic links</p>
+<pre><code>$ rclone cat remote:/tmp/a/file1.rclonelink
+./file4
+
+$ rclone cat remote:/tmp/a/file2.rclonelink
+/home/user/file3</code></pre>
+<p>Copying them back with '-l'</p>
+<pre><code>$ rclone copyto -l remote:/tmp/a/ /tmp/b/
+
+$ tree /tmp/b
+/tmp/b
+├── file1 -&gt; ./file4
+└── file2 -&gt; /home/user/file3</code></pre>
+<p>However, if copied back without '-l'</p>
+<pre><code>$ rclone copyto remote:/tmp/a/ /tmp/b/
+
+$ tree /tmp/b
+/tmp/b
+├── file1.rclonelink
+└── file2.rclonelink</code></pre>
+<p>Note that this flag is incompatible with <code>-copy-links</code> / <code>-L</code>.</p>
+<h3 id="restricting-filesystems-with---one-file-system">Restricting filesystems with --one-file-system</h3>
+<p>Normally rclone will recurse through filesystems as mounted.</p>
+<p>However if you set <code>--one-file-system</code> or <code>-x</code> this tells rclone to stay in the filesystem specified by the root and not to recurse into different file systems.</p>
+<p>For example if you have a directory hierarchy like this</p>
+<pre><code>root
+├── disk1     - disk1 mounted on the root
+│   └── file3 - stored on disk1
+├── disk2     - disk2 mounted on the root
+│   └── file4 - stored on disk12
+├── file1     - stored on the root disk
+└── file2     - stored on the root disk</code></pre>
+<p>Using <code>rclone --one-file-system copy root remote:</code> will only copy <code>file1</code> and <code>file2</code>. Eg</p>
+<pre><code>$ rclone -q --one-file-system ls root
+        0 file1
+        0 file2</code></pre>
+<pre><code>$ rclone -q ls root
+        0 disk1/file3
+        0 disk2/file4
+        0 file1
+        0 file2</code></pre>
+<p><strong>NB</strong> Rclone (like most unix tools such as <code>du</code>, <code>rsync</code> and <code>tar</code>) treats a bind mount to the same device as being on the same filesystem.</p>
+<p><strong>NB</strong> This flag is only available on Unix based systems. On systems where it isn't supported (e.g. Windows) it will be ignored.</p>
+<h3 id="advanced-options-11">Advanced options</h3>
+<p>Here are the Advanced options specific to local (Local Disk).</p>
+<h4 id="local-nounc">--local-nounc</h4>
+<p>Disable UNC (long path names) conversion on Windows.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: nounc</li>
+<li>Env Var: RCLONE_LOCAL_NOUNC</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+<li>Examples:
+<ul>
+<li>"true"
+<ul>
+<li>Disables long file names.</li>
+</ul></li>
+</ul></li>
 </ul>
-<h4 id="zoho-client-secret">--zoho-client-secret</h4>
-<p>OAuth Client Secret.</p>
-<p>Leave blank normally.</p>
+<h4 id="copy-links--l">--copy-links / -L</h4>
+<p>Follow symlinks and copy the pointed to item.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: client_secret</li>
-<li>Env Var: RCLONE_ZOHO_CLIENT_SECRET</li>
-<li>Type: string</li>
-<li>Required: false</li>
+<li>Config: copy_links</li>
+<li>Env Var: RCLONE_LOCAL_COPY_LINKS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
 </ul>
-<h4 id="zoho-region">--zoho-region</h4>
-<p>Zoho region to connect to.</p>
-<p>You'll have to use the region your organization is registered in. If not sure use the same top level domain as you connect to in your browser.</p>
+<h4 id="links--l-1">--links / -l</h4>
+<p>Translate symlinks to/from regular files with a '.rclonelink' extension.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: region</li>
-<li>Env Var: RCLONE_ZOHO_REGION</li>
-<li>Type: string</li>
-<li>Required: false</li>
-<li>Examples:
-<ul>
-<li>"com"
-<ul>
-<li>United states / Global</li>
-</ul></li>
-<li>"eu"
+<li>Config: links</li>
+<li>Env Var: RCLONE_LOCAL_LINKS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="skip-links">--skip-links</h4>
+<p>Don't warn about skipped symlinks.</p>
+<p>This flag disables warning messages on skipped symlinks or junction points, as you explicitly acknowledge that they should be skipped.</p>
+<p>Properties:</p>
 <ul>
-<li>Europe</li>
-</ul></li>
-<li>"in"
+<li>Config: skip_links</li>
+<li>Env Var: RCLONE_LOCAL_SKIP_LINKS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="local-zero-size-links">--local-zero-size-links</h4>
+<p>Assume the Stat size of links is zero (and read them instead) (deprecated).</p>
+<p>Rclone used to use the Stat size of links as the link size, but this fails in quite a few places:</p>
 <ul>
-<li>India</li>
-</ul></li>
-<li>"jp"
+<li>Windows</li>
+<li>On some virtual filesystems (such ash LucidLink)</li>
+<li>Android</li>
+</ul>
+<p>So rclone now always reads the link.</p>
+<p>Properties:</p>
 <ul>
-<li>Japan</li>
-</ul></li>
-<li>"com.cn"
+<li>Config: zero_size_links</li>
+<li>Env Var: RCLONE_LOCAL_ZERO_SIZE_LINKS</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="local-unicode-normalization">--local-unicode-normalization</h4>
+<p>Apply unicode NFC normalization to paths and filenames.</p>
+<p>This flag can be used to normalize file names into unicode NFC form that are read from the local filesystem.</p>
+<p>Rclone does not normally touch the encoding of file names it reads from the file system.</p>
+<p>This can be useful when using macOS as it normally provides decomposed (NFD) unicode which in some language (eg Korean) doesn't display properly on some OSes.</p>
+<p>Note that rclone compares filenames with unicode normalization in the sync routine so this flag shouldn't normally be used.</p>
+<p>Properties:</p>
 <ul>
-<li>China</li>
-</ul></li>
-<li>"com.au"
+<li>Config: unicode_normalization</li>
+<li>Env Var: RCLONE_LOCAL_UNICODE_NORMALIZATION</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="local-no-check-updated">--local-no-check-updated</h4>
+<p>Don't check to see if the files change during upload.</p>
+<p>Normally rclone checks the size and modification time of files as they are being uploaded and aborts with a message which starts "can't copy - source file is being updated" if the file changes during upload.</p>
+<p>However on some file systems this modification time check may fail (e.g. <a href="https://github.com/rclone/rclone/issues/2206">Glusterfs #2206</a>) so this check can be disabled with this flag.</p>
+<p>If this flag is set, rclone will use its best efforts to transfer a file which is being updated. If the file is only having things appended to it (e.g. a log) then rclone will transfer the log file with the size it had the first time rclone saw it.</p>
+<p>If the file is being modified throughout (not just appended to) then the transfer may fail with a hash check failure.</p>
+<p>In detail, once the file has had stat() called on it for the first time we:</p>
 <ul>
-<li>Australia</li>
-</ul></li>
-</ul></li>
+<li>Only transfer the size that stat gave</li>
+<li>Only checksum the size that stat gave</li>
+<li>Don't update the stat info for the file</li>
 </ul>
-<h3 id="advanced-options-44">Advanced options</h3>
-<p>Here are the Advanced options specific to zoho (Zoho).</p>
-<h4 id="zoho-token">--zoho-token</h4>
-<p>OAuth Access Token as a JSON blob.</p>
+<p><strong>NB</strong> do not use this flag on a Windows Volume Shadow (VSS). For some unknown reason, files in a VSS sometimes show different sizes from the directory listing (where the initial stat value comes from on Windows) and when stat is called on them directly. Other copy tools always use the direct stat value and setting this flag will disable that.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: token</li>
-<li>Env Var: RCLONE_ZOHO_TOKEN</li>
-<li>Type: string</li>
-<li>Required: false</li>
+<li>Config: no_check_updated</li>
+<li>Env Var: RCLONE_LOCAL_NO_CHECK_UPDATED</li>
+<li>Type: bool</li>
+<li>Default: false</li>
 </ul>
-<h4 id="zoho-auth-url">--zoho-auth-url</h4>
-<p>Auth server URL.</p>
-<p>Leave blank to use the provider defaults.</p>
+<h4 id="one-file-system--x">--one-file-system / -x</h4>
+<p>Don't cross filesystem boundaries (unix/macOS only).</p>
 <p>Properties:</p>
 <ul>
-<li>Config: auth_url</li>
-<li>Env Var: RCLONE_ZOHO_AUTH_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
+<li>Config: one_file_system</li>
+<li>Env Var: RCLONE_LOCAL_ONE_FILE_SYSTEM</li>
+<li>Type: bool</li>
+<li>Default: false</li>
 </ul>
-<h4 id="zoho-token-url">--zoho-token-url</h4>
-<p>Token server url.</p>
-<p>Leave blank to use the provider defaults.</p>
+<h4 id="local-case-sensitive">--local-case-sensitive</h4>
+<p>Force the filesystem to report itself as case sensitive.</p>
+<p>Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: token_url</li>
-<li>Env Var: RCLONE_ZOHO_TOKEN_URL</li>
-<li>Type: string</li>
-<li>Required: false</li>
+<li>Config: case_sensitive</li>
+<li>Env Var: RCLONE_LOCAL_CASE_SENSITIVE</li>
+<li>Type: bool</li>
+<li>Default: false</li>
 </ul>
-<h4 id="zoho-encoding">--zoho-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
+<h4 id="local-case-insensitive">--local-case-insensitive</h4>
+<p>Force the filesystem to report itself as case insensitive.</p>
+<p>Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.</p>
 <p>Properties:</p>
 <ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_ZOHO_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Del,Ctl,InvalidUtf8</li>
-</ul>
-<h2 id="setting-up-your-own-client_id">Setting up your own client_id</h2>
-<p>For Zoho we advise you to set up your own client_id. To do so you have to complete the following steps.</p>
-<ol type="1">
-<li><p>Log in to the <a href="https://api-console.zoho.com">Zoho API Console</a></p></li>
-<li><p>Create a new client of type "Server-based Application". The name and website don't matter, but you must add the redirect URL <code>http://localhost:53682/</code>.</p></li>
-<li><p>Once the client is created, you can go to the settings tab and enable it in other regions.</p></li>
-</ol>
-<p>The client id and client secret can now be used with rclone.</p>
-<h1 id="local-filesystem">Local Filesystem</h1>
-<p>Local paths are specified as normal filesystem paths, e.g. <code>/path/to/wherever</code>, so</p>
-<pre><code>rclone sync --interactive /home/source /tmp/destination</code></pre>
-<p>Will sync <code>/home/source</code> to <code>/tmp/destination</code>.</p>
-<h2 id="configuration-48">Configuration</h2>
-<p>For consistencies sake one can also configure a remote of type <code>local</code> in the config file, and access the local filesystem using rclone remote paths, e.g. <code>remote:path/to/wherever</code>, but it is probably easier not to.</p>
-<h3 id="modified-time-15">Modified time</h3>
-<p>Rclone reads and writes the modified time using an accuracy determined by the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second on OS X.</p>
-<h3 id="filenames">Filenames</h3>
-<p>Filenames should be encoded in UTF-8 on disk. This is the normal case for Windows and OS X.</p>
-<p>There is a bit more uncertainty in the Linux world, but new distributions will have UTF-8 encoded files names. If you are using an old Linux filesystem with non UTF-8 file names (e.g. latin1) then you can use the <code>convmv</code> tool to convert the filesystem to UTF-8. This tool is available in most distributions' package managers.</p>
-<p>If an invalid (non-UTF8) filename is read, the invalid characters will be replaced with a quoted representation of the invalid bytes. The name <code>gro\xdf</code> will be transferred as <code>gro‛DF</code>. <code>rclone</code> will emit a debug message in this case (use <code>-v</code> to see), e.g.</p>
-<pre><code>Local file system at .: Replacing invalid UTF-8 characters in &quot;gro\xdf&quot;</code></pre>
-<h4 id="restricted-characters-1">Restricted characters</h4>
-<p>With the local backend, restrictions on the characters that are usable in file or directory names depend on the operating system. To check what rclone will replace by default on your system, run <code>rclone help flags local-encoding</code>.</p>
-<p>On non Windows platforms the following characters are replaced when handling file names.</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>NUL</td>
-<td style="text-align: center;">0x00</td>
-<td style="text-align: center;">␀</td>
-</tr>
-<tr class="even">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-</tbody>
-</table>
-<p>When running on Windows the following characters are replaced. This list is based on the <a href="https://docs.microsoft.com/de-de/windows/desktop/FileIO/naming-a-file#naming-conventions">Windows file naming conventions</a>.</p>
+<li>Config: case_insensitive</li>
+<li>Env Var: RCLONE_LOCAL_CASE_INSENSITIVE</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="local-no-preallocate">--local-no-preallocate</h4>
+<p>Disable preallocation of disk space for transferred files.</p>
+<p>Preallocation of disk space helps prevent filesystem fragmentation. However, some virtual filesystem layers (such as Google Drive File Stream) may incorrectly set the actual file size equal to the preallocated space, causing checksum and file size checks to fail. Use this flag to disable preallocation.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: no_preallocate</li>
+<li>Env Var: RCLONE_LOCAL_NO_PREALLOCATE</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="local-no-sparse">--local-no-sparse</h4>
+<p>Disable sparse files for multi-thread downloads.</p>
+<p>On Windows platforms rclone will make sparse files when doing multi-thread downloads. This avoids long pauses on large files where the OS zeros the file. However sparse files may be undesirable as they cause disk fragmentation and can be slow to work with.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: no_sparse</li>
+<li>Env Var: RCLONE_LOCAL_NO_SPARSE</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="local-no-set-modtime">--local-no-set-modtime</h4>
+<p>Disable setting modtime.</p>
+<p>Normally rclone updates modification time of files after they are done uploading. This can cause permissions issues on Linux platforms when the user rclone is running as does not own the file uploaded, such as when copying to a CIFS mount owned by another user. If this option is enabled, rclone will no longer update the modtime after copying a file.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: no_set_modtime</li>
+<li>Env Var: RCLONE_LOCAL_NO_SET_MODTIME</li>
+<li>Type: bool</li>
+<li>Default: false</li>
+</ul>
+<h4 id="local-encoding">--local-encoding</h4>
+<p>The encoding for the backend.</p>
+<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
+<p>Properties:</p>
+<ul>
+<li>Config: encoding</li>
+<li>Env Var: RCLONE_LOCAL_ENCODING</li>
+<li>Type: Encoding</li>
+<li>Default: Slash,Dot</li>
+</ul>
+<h3 id="metadata-5">Metadata</h3>
+<p>Depending on which OS is in use the local backend may return only some of the system metadata. Setting system metadata is supported on all OSes but setting user metadata is only supported on linux, freebsd, netbsd, macOS and Solaris. It is <strong>not</strong> supported on Windows yet (<a href="https://github.com/pkg/xattr/issues/47">see pkg/attrs#47</a>).</p>
+<p>User metadata is stored as extended attributes (which may not be supported by all file systems) under the "user.*" prefix.</p>
+<p>Here are the possible system metadata items for the local backend.</p>
 <table>
+<colgroup>
+<col style="width: 15%" />
+<col style="width: 15%" />
+<col style="width: 15%" />
+<col style="width: 23%" />
+<col style="width: 28%" />
+</colgroup>
 <thead>
 <tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
+<th>Name</th>
+<th>Help</th>
+<th>Type</th>
+<th>Example</th>
+<th>Read Only</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
-<td>NUL</td>
-<td style="text-align: center;">0x00</td>
-<td style="text-align: center;">␀</td>
-</tr>
-<tr class="even">
-<td>SOH</td>
-<td style="text-align: center;">0x01</td>
-<td style="text-align: center;">␁</td>
-</tr>
-<tr class="odd">
-<td>STX</td>
-<td style="text-align: center;">0x02</td>
-<td style="text-align: center;">␂</td>
-</tr>
-<tr class="even">
-<td>ETX</td>
-<td style="text-align: center;">0x03</td>
-<td style="text-align: center;">␃</td>
-</tr>
-<tr class="odd">
-<td>EOT</td>
-<td style="text-align: center;">0x04</td>
-<td style="text-align: center;">␄</td>
-</tr>
-<tr class="even">
-<td>ENQ</td>
-<td style="text-align: center;">0x05</td>
-<td style="text-align: center;">␅</td>
-</tr>
-<tr class="odd">
-<td>ACK</td>
-<td style="text-align: center;">0x06</td>
-<td style="text-align: center;">␆</td>
-</tr>
-<tr class="even">
-<td>BEL</td>
-<td style="text-align: center;">0x07</td>
-<td style="text-align: center;">␇</td>
-</tr>
-<tr class="odd">
-<td>BS</td>
-<td style="text-align: center;">0x08</td>
-<td style="text-align: center;">␈</td>
-</tr>
-<tr class="even">
-<td>HT</td>
-<td style="text-align: center;">0x09</td>
-<td style="text-align: center;">␉</td>
-</tr>
-<tr class="odd">
-<td>LF</td>
-<td style="text-align: center;">0x0A</td>
-<td style="text-align: center;">␊</td>
-</tr>
-<tr class="even">
-<td>VT</td>
-<td style="text-align: center;">0x0B</td>
-<td style="text-align: center;">␋</td>
-</tr>
-<tr class="odd">
-<td>FF</td>
-<td style="text-align: center;">0x0C</td>
-<td style="text-align: center;">␌</td>
-</tr>
-<tr class="even">
-<td>CR</td>
-<td style="text-align: center;">0x0D</td>
-<td style="text-align: center;">␍</td>
-</tr>
-<tr class="odd">
-<td>SO</td>
-<td style="text-align: center;">0x0E</td>
-<td style="text-align: center;">␎</td>
-</tr>
-<tr class="even">
-<td>SI</td>
-<td style="text-align: center;">0x0F</td>
-<td style="text-align: center;">␏</td>
-</tr>
-<tr class="odd">
-<td>DLE</td>
-<td style="text-align: center;">0x10</td>
-<td style="text-align: center;">␐</td>
-</tr>
-<tr class="even">
-<td>DC1</td>
-<td style="text-align: center;">0x11</td>
-<td style="text-align: center;">␑</td>
-</tr>
-<tr class="odd">
-<td>DC2</td>
-<td style="text-align: center;">0x12</td>
-<td style="text-align: center;">␒</td>
-</tr>
-<tr class="even">
-<td>DC3</td>
-<td style="text-align: center;">0x13</td>
-<td style="text-align: center;">␓</td>
-</tr>
-<tr class="odd">
-<td>DC4</td>
-<td style="text-align: center;">0x14</td>
-<td style="text-align: center;">␔</td>
-</tr>
-<tr class="even">
-<td>NAK</td>
-<td style="text-align: center;">0x15</td>
-<td style="text-align: center;">␕</td>
-</tr>
-<tr class="odd">
-<td>SYN</td>
-<td style="text-align: center;">0x16</td>
-<td style="text-align: center;">␖</td>
-</tr>
-<tr class="even">
-<td>ETB</td>
-<td style="text-align: center;">0x17</td>
-<td style="text-align: center;">␗</td>
-</tr>
-<tr class="odd">
-<td>CAN</td>
-<td style="text-align: center;">0x18</td>
-<td style="text-align: center;">␘</td>
-</tr>
-<tr class="even">
-<td>EM</td>
-<td style="text-align: center;">0x19</td>
-<td style="text-align: center;">␙</td>
-</tr>
-<tr class="odd">
-<td>SUB</td>
-<td style="text-align: center;">0x1A</td>
-<td style="text-align: center;">␚</td>
-</tr>
-<tr class="even">
-<td>ESC</td>
-<td style="text-align: center;">0x1B</td>
-<td style="text-align: center;">␛</td>
-</tr>
-<tr class="odd">
-<td>FS</td>
-<td style="text-align: center;">0x1C</td>
-<td style="text-align: center;">␜</td>
-</tr>
-<tr class="even">
-<td>GS</td>
-<td style="text-align: center;">0x1D</td>
-<td style="text-align: center;">␝</td>
-</tr>
-<tr class="odd">
-<td>RS</td>
-<td style="text-align: center;">0x1E</td>
-<td style="text-align: center;">␞</td>
-</tr>
-<tr class="even">
-<td>US</td>
-<td style="text-align: center;">0x1F</td>
-<td style="text-align: center;">␟</td>
-</tr>
-<tr class="odd">
-<td>/</td>
-<td style="text-align: center;">0x2F</td>
-<td style="text-align: center;">／</td>
-</tr>
-<tr class="even">
-<td>"</td>
-<td style="text-align: center;">0x22</td>
-<td style="text-align: center;">＂</td>
-</tr>
-<tr class="odd">
-<td>*</td>
-<td style="text-align: center;">0x2A</td>
-<td style="text-align: center;">＊</td>
-</tr>
-<tr class="even">
-<td>:</td>
-<td style="text-align: center;">0x3A</td>
-<td style="text-align: center;">：</td>
-</tr>
-<tr class="odd">
-<td>&lt;</td>
-<td style="text-align: center;">0x3C</td>
-<td style="text-align: center;">＜</td>
-</tr>
-<tr class="even">
-<td>&gt;</td>
-<td style="text-align: center;">0x3E</td>
-<td style="text-align: center;">＞</td>
-</tr>
-<tr class="odd">
-<td>?</td>
-<td style="text-align: center;">0x3F</td>
-<td style="text-align: center;">？</td>
+<td>atime</td>
+<td>Time of last access</td>
+<td>RFC 3339</td>
+<td>2006-01-02T15:04:05.999999999Z07:00</td>
+<td>N</td>
 </tr>
 <tr class="even">
-<td>\</td>
-<td style="text-align: center;">0x5C</td>
-<td style="text-align: center;">＼</td>
+<td>btime</td>
+<td>Time of file birth (creation)</td>
+<td>RFC 3339</td>
+<td>2006-01-02T15:04:05.999999999Z07:00</td>
+<td>N</td>
 </tr>
 <tr class="odd">
-<td>|</td>
-<td style="text-align: center;">0x7C</td>
-<td style="text-align: center;">｜</td>
+<td>gid</td>
+<td>Group ID of owner</td>
+<td>decimal number</td>
+<td>500</td>
+<td>N</td>
 </tr>
-</tbody>
-</table>
-<p>File names on Windows can also not end with the following characters. These only get replaced if they are the last character in the name:</p>
-<table>
-<thead>
-<tr class="header">
-<th>Character</th>
-<th style="text-align: center;">Value</th>
-<th style="text-align: center;">Replacement</th>
+<tr class="even">
+<td>mode</td>
+<td>File type and mode</td>
+<td>octal, unix style</td>
+<td>0100664</td>
+<td>N</td>
 </tr>
-</thead>
-<tbody>
 <tr class="odd">
-<td>SP</td>
-<td style="text-align: center;">0x20</td>
-<td style="text-align: center;">␠</td>
+<td>mtime</td>
+<td>Time of last modification</td>
+<td>RFC 3339</td>
+<td>2006-01-02T15:04:05.999999999Z07:00</td>
+<td>N</td>
 </tr>
 <tr class="even">
-<td>.</td>
-<td style="text-align: center;">0x2E</td>
-<td style="text-align: center;">．</td>
+<td>rdev</td>
+<td>Device ID (if special file)</td>
+<td>hexadecimal</td>
+<td>1abc</td>
+<td>N</td>
+</tr>
+<tr class="odd">
+<td>uid</td>
+<td>User ID of owner</td>
+<td>decimal number</td>
+<td>500</td>
+<td>N</td>
 </tr>
 </tbody>
 </table>
-<p>Invalid UTF-8 bytes will also be <a href="https://rclone.org/overview/#invalid-utf8">replaced</a>, as they can't be converted to UTF-16.</p>
-<h3 id="paths-on-windows">Paths on Windows</h3>
-<p>On Windows there are many ways of specifying a path to a file system resource. Local paths can be absolute, like <code>C:\path\to\wherever</code>, or relative, like <code>..\wherever</code>. Network paths in UNC format, <code>\\server\share</code>, are also supported. Path separator can be either <code>\</code> (as in <code>C:\path\to\wherever</code>) or <code>/</code> (as in <code>C:/path/to/wherever</code>). Length of these paths are limited to 259 characters for files and 247 characters for directories, but there is an alternative extended-length path format increasing the limit to (approximately) 32,767 characters. This format requires absolute paths and the use of prefix <code>\\?\</code>, e.g. <code>\\?\D:\some\very\long\path</code>. For convenience rclone will automatically convert regular paths into the corresponding extended-length paths, so in most cases you do not have to worry about this (read more <a href="#long-paths">below</a>).</p>
-<p>Note that Windows supports using the same prefix <code>\\?\</code> to specify path to volumes identified by their GUID, e.g. <code>\\?\Volume{b75e2c83-0000-0000-0000-602f00000000}\some\path</code>. This is <em>not</em> supported in rclone, due to an <a href="https://github.com/golang/go/issues/39785">issue</a> in go.</p>
-<h4 id="long-paths">Long paths</h4>
-<p>Rclone handles long paths automatically, by converting all paths to <a href="https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation">extended-length path format</a>, which allows paths up to 32,767 characters.</p>
-<p>This conversion will ensure paths are absolute and prefix them with the <code>\\?\</code>. This is why you will see that your paths, for instance <code>.\files</code> is shown as path <code>\\?\C:\files</code> in the output, and <code>\\server\share</code> as <code>\\?\UNC\server\share</code>.</p>
-<p>However, in rare cases this may cause problems with buggy file system drivers like <a href="https://github.com/rclone/rclone/issues/261">EncFS</a>. To disable UNC conversion globally, add this to your <code>.rclone.conf</code> file:</p>
-<pre><code>[local]
-nounc = true</code></pre>
-<p>If you want to selectively disable UNC, you can add it to a separate entry like this:</p>
-<pre><code>[nounc]
-type = local
-nounc = true</code></pre>
-<p>And use rclone like this:</p>
-<p><code>rclone copy c:\src nounc:z:\dst</code></p>
-<p>This will use UNC paths on <code>c:\src</code> but not on <code>z:\dst</code>. Of course this will cause problems if the absolute path length of a file exceeds 259 characters on z, so only use this option if you have to.</p>
-<h3 id="symlinks-junction-points">Symlinks / Junction points</h3>
-<p>Normally rclone will ignore symlinks or junction points (which behave like symlinks under Windows).</p>
-<p>If you supply <code>--copy-links</code> or <code>-L</code> then rclone will follow the symlink and copy the pointed to file or directory. Note that this flag is incompatible with <code>--links</code> / <code>-l</code>.</p>
-<p>This flag applies to all commands.</p>
-<p>For example, supposing you have a directory structure like this</p>
-<pre><code>$ tree /tmp/a
-/tmp/a
-├── b -&gt; ../b
-├── expected -&gt; ../expected
-├── one
-└── two
-    └── three</code></pre>
-<p>Then you can see the difference with and without the flag like this</p>
-<pre><code>$ rclone ls /tmp/a
-        6 one
-        6 two/three</code></pre>
-<p>and</p>
-<pre><code>$ rclone -L ls /tmp/a
-     4174 expected
-        6 one
-        6 two/three
-        6 b/two
-        6 b/one</code></pre>
-<h4 id="links--l">--links, -l</h4>
-<p>Normally rclone will ignore symlinks or junction points (which behave like symlinks under Windows).</p>
-<p>If you supply this flag then rclone will copy symbolic links from the local storage, and store them as text files, with a '.rclonelink' suffix in the remote storage.</p>
-<p>The text file will contain the target of the symbolic link (see example).</p>
-<p>This flag applies to all commands.</p>
-<p>For example, supposing you have a directory structure like this</p>
-<pre><code>$ tree /tmp/a
-/tmp/a
-├── file1 -&gt; ./file4
-└── file2 -&gt; /home/user/file3</code></pre>
-<p>Copying the entire directory with '-l'</p>
-<pre><code>$ rclone copyto -l /tmp/a/file1 remote:/tmp/a/</code></pre>
-<p>The remote files are created with a '.rclonelink' suffix</p>
-<pre><code>$ rclone ls remote:/tmp/a
-       5 file1.rclonelink
-      14 file2.rclonelink</code></pre>
-<p>The remote files will contain the target of the symbolic links</p>
-<pre><code>$ rclone cat remote:/tmp/a/file1.rclonelink
-./file4
-
-$ rclone cat remote:/tmp/a/file2.rclonelink
-/home/user/file3</code></pre>
-<p>Copying them back with '-l'</p>
-<pre><code>$ rclone copyto -l remote:/tmp/a/ /tmp/b/
-
-$ tree /tmp/b
-/tmp/b
-├── file1 -&gt; ./file4
-└── file2 -&gt; /home/user/file3</code></pre>
-<p>However, if copied back without '-l'</p>
-<pre><code>$ rclone copyto remote:/tmp/a/ /tmp/b/
-
-$ tree /tmp/b
-/tmp/b
-├── file1.rclonelink
-└── file2.rclonelink</code></pre>
-<p>Note that this flag is incompatible with <code>-copy-links</code> / <code>-L</code>.</p>
-<h3 id="restricting-filesystems-with---one-file-system">Restricting filesystems with --one-file-system</h3>
-<p>Normally rclone will recurse through filesystems as mounted.</p>
-<p>However if you set <code>--one-file-system</code> or <code>-x</code> this tells rclone to stay in the filesystem specified by the root and not to recurse into different file systems.</p>
-<p>For example if you have a directory hierarchy like this</p>
-<pre><code>root
-├── disk1     - disk1 mounted on the root
-│   └── file3 - stored on disk1
-├── disk2     - disk2 mounted on the root
-│   └── file4 - stored on disk12
-├── file1     - stored on the root disk
-└── file2     - stored on the root disk</code></pre>
-<p>Using <code>rclone --one-file-system copy root remote:</code> will only copy <code>file1</code> and <code>file2</code>. Eg</p>
-<pre><code>$ rclone -q --one-file-system ls root
-        0 file1
-        0 file2</code></pre>
-<pre><code>$ rclone -q ls root
-        0 disk1/file3
-        0 disk2/file4
-        0 file1
-        0 file2</code></pre>
-<p><strong>NB</strong> Rclone (like most unix tools such as <code>du</code>, <code>rsync</code> and <code>tar</code>) treats a bind mount to the same device as being on the same filesystem.</p>
-<p><strong>NB</strong> This flag is only available on Unix based systems. On systems where it isn't supported (e.g. Windows) it will be ignored.</p>
-<h3 id="advanced-options-45">Advanced options</h3>
-<p>Here are the Advanced options specific to local (Local Disk).</p>
-<h4 id="local-nounc">--local-nounc</h4>
-<p>Disable UNC (long path names) conversion on Windows.</p>
-<p>Properties:</p>
+<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
+<h2 id="backend-commands-1">Backend commands</h2>
+<p>Here are the commands specific to the local backend.</p>
+<p>Run them with</p>
+<pre><code>rclone backend COMMAND remote:</code></pre>
+<p>The help below will explain what arguments each command takes.</p>
+<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
+<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
+<h3 id="noop">noop</h3>
+<p>A null operation for testing backend commands</p>
+<pre><code>rclone backend noop remote: [options] [&lt;arguments&gt;+]</code></pre>
+<p>This is a test command which has some options you can try to change the output.</p>
+<p>Options:</p>
+<ul>
+<li>"echo": echo the input arguments</li>
+<li>"error": return an error based on option value</li>
+</ul>
+<h1 id="changelog-1">Changelog</h1>
+<h2 id="v1.65.0---2023-11-26">v1.65.0 - 2023-11-26</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.64.0...v1.65.0">See commits</a></p>
+<ul>
+<li>New backends
+<ul>
+<li>Azure Files (karan, moongdal, Nick Craig-Wood)</li>
+<li>ImageKit (Abhinav Dhiman)</li>
+<li>Linkbox (viktor, Nick Craig-Wood)</li>
+</ul></li>
+<li>New commands
+<ul>
+<li><code>serve s3</code>: Let rclone act as an S3 compatible server (Mikubill, Artur Neumann, Saw-jan, Nick Craig-Wood)</li>
+<li><code>nfsmount</code>: mount command to provide mount mechanism on macOS without FUSE (Saleh Dindar)</li>
+<li><code>serve nfs</code>: to serve a remote for use by <code>nfsmount</code> (Saleh Dindar)</li>
+</ul></li>
+<li>New Features
+<ul>
+<li>install.sh: Clean up temp files in install script (Jacob Hands)</li>
+<li>build
+<ul>
+<li>Update all dependencies (Nick Craig-Wood)</li>
+<li>Refactor version info and icon resource handling on windows (albertony)</li>
+</ul></li>
+<li>doc updates (albertony, alfish2000, asdffdsazqqq, Dimitri Papadopoulos, Herby Gillot, Joda Stößer, Manoj Ghosh, Nick Craig-Wood)</li>
+<li>Implement <code>--metadata-mapper</code> to transform metatadata with a user supplied program (Nick Craig-Wood)</li>
+<li>Add <code>ChunkWriterDoesntSeek</code> feature flag and set it for b2 (Nick Craig-Wood)</li>
+<li>lib/http: Export basic go string functions for use in <code>--template</code> (Gabriel Espinoza)</li>
+<li>makefile: Use POSIX compatible install arguments (Mina Galić)</li>
+<li>operations
+<ul>
+<li>Use less memory when doing multithread uploads (Nick Craig-Wood)</li>
+<li>Implement <code>--partial-suffix</code> to control extension of temporary file names (Volodymyr)</li>
+</ul></li>
+<li>rc
+<ul>
+<li>Add <code>operations/check</code> to the rc API (Nick Craig-Wood)</li>
+<li>Always report an error as JSON (Nick Craig-Wood)</li>
+<li>Set <code>Last-Modified</code> header for files served by <code>--rc-serve</code> (Nikita Shoshin)</li>
+</ul></li>
+<li>size: Dont show duplicate object count when less than 1k (albertony)</li>
+</ul></li>
+<li>Bug Fixes
+<ul>
+<li>fshttp: Fix <code>--contimeout</code> being ignored (你知道未来吗)</li>
+<li>march: Fix excessive parallelism when using <code>--no-traverse</code> (Nick Craig-Wood)</li>
+<li>ncdu: Fix crash when re-entering changed directory after rescan (Nick Craig-Wood)</li>
+<li>operations
+<ul>
+<li>Fix overwrite of destination when multi-thread transfer fails (Nick Craig-Wood)</li>
+<li>Fix invalid UTF-8 when truncating file names when not using <code>--inplace</code> (Nick Craig-Wood)</li>
+</ul></li>
+<li>serve dnla: Fix crash on graceful exit (wuxingzhong)</li>
+</ul></li>
+<li>Mount
+<ul>
+<li>Disable mount for freebsd and alias cmount as mount on that platform (Nick Craig-Wood)</li>
+</ul></li>
+<li>VFS
+<ul>
+<li>Add <code>--vfs-refresh</code> flag to read all the directories on start (Beyond Meat)</li>
+<li>Implement Name() method in WriteFileHandle and ReadFileHandle (Saleh Dindar)</li>
+<li>Add go-billy dependency and make sure vfs.Handle implements billy.File (Saleh Dindar)</li>
+<li>Error out early if can't upload 0 length file (Nick Craig-Wood)</li>
+</ul></li>
+<li>Local
+<ul>
+<li>Fix copying from Windows Volume Shadows (Nick Craig-Wood)</li>
+</ul></li>
+<li>Azure Blob
+<ul>
+<li>Add support for cold tier (Ivan Yanitra)</li>
+</ul></li>
+<li>B2
+<ul>
+<li>Implement "rclone backend lifecycle" to read and set bucket lifecycles (Nick Craig-Wood)</li>
+<li>Implement <code>--b2-lifecycle</code> to control lifecycle when creating buckets (Nick Craig-Wood)</li>
+<li>Fix listing all buckets when not needed (Nick Craig-Wood)</li>
+<li>Fix multi-thread upload with copyto going to wrong name (Nick Craig-Wood)</li>
+<li>Fix server side chunked copy when file size was exactly <code>--b2-copy-cutoff</code> (Nick Craig-Wood)</li>
+<li>Fix streaming chunked files an exact multiple of chunk size (Nick Craig-Wood)</li>
+</ul></li>
+<li>Box
+<ul>
+<li>Filter more EventIDs when polling (David Sze)</li>
+<li>Add more logging for polling (David Sze)</li>
+<li>Fix performance problem reading metadata for single files (Nick Craig-Wood)</li>
+</ul></li>
+<li>Drive
+<ul>
+<li>Add read/write metadata support (Nick Craig-Wood)</li>
+<li>Add support for SHA-1 and SHA-256 checksums (rinsuki)</li>
+<li>Add <code>--drive-show-all-gdocs</code> to allow unexportable gdocs to be server side copied (Nick Craig-Wood)</li>
+<li>Add a note that <code>--drive-scope</code> accepts comma-separated list of scopes (Keigo Imai)</li>
+<li>Fix error updating created time metadata on existing object (Nick Craig-Wood)</li>
+<li>Fix integration tests by enabling metadata support from the context (Nick Craig-Wood)</li>
+</ul></li>
+<li>Dropbox
+<ul>
+<li>Factor batcher into lib/batcher (Nick Craig-Wood)</li>
+<li>Fix missing encoding for rclone purge (Nick Craig-Wood)</li>
+</ul></li>
+<li>Google Cloud Storage
+<ul>
+<li>Fix 400 Bad request errors when using multi-thread copy (Nick Craig-Wood)</li>
+</ul></li>
+<li>Googlephotos
+<ul>
+<li>Implement batcher for uploads (Nick Craig-Wood)</li>
+</ul></li>
+<li>Hdfs
+<ul>
+<li>Added support for list of namenodes in hdfs remote config (Tayo-pasedaRJ)</li>
+</ul></li>
+<li>HTTP
+<ul>
+<li>Implement set backend command to update running backend (Nick Craig-Wood)</li>
+<li>Enable methods used with WebDAV (Alen Šiljak)</li>
+</ul></li>
+<li>Jottacloud
+<ul>
+<li>Add support for reading and writing metadata (albertony)</li>
+</ul></li>
+<li>Onedrive
+<ul>
+<li>Implement ListR method which gives <code>--fast-list</code> support (Nick Craig-Wood)
+<ul>
+<li>This must be enabled with the <code>--onedrive-delta</code> flag</li>
+</ul></li>
+</ul></li>
+<li>Quatrix
+<ul>
+<li>Add partial upload support (Oksana Zhykina)</li>
+<li>Overwrite files on conflict during server-side move (Oksana Zhykina)</li>
+</ul></li>
+<li>S3
+<ul>
+<li>Add Linode provider (Nick Craig-Wood)</li>
+<li>Add docs on how to add a new provider (Nick Craig-Wood)</li>
+<li>Fix no error being returned when creating a bucket we don't own (Nick Craig-Wood)</li>
+<li>Emit a debug message if anonymous credentials are in use (Nick Craig-Wood)</li>
+<li>Add <code>--s3-disable-multipart-uploads</code> flag (Nick Craig-Wood)</li>
+<li>Detect looping when using gcs and versions (Nick Craig-Wood)</li>
+</ul></li>
+<li>SFTP
+<ul>
+<li>Implement <code>--sftp-copy-is-hardlink</code> to server side copy as hardlink (Nick Craig-Wood)</li>
+</ul></li>
+<li>Smb
 <ul>
-<li>Config: nounc</li>
-<li>Env Var: RCLONE_LOCAL_NOUNC</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-<li>Examples:
+<li>Fix incorrect <code>about</code> size by switching to <code>github.com/cloudsoda/go-smb2</code> fork (Nick Craig-Wood)</li>
+<li>Fix modtime of multithread uploads by setting PartialUploads (Nick Craig-Wood)</li>
+</ul></li>
+<li>WebDAV
+<ul>
+<li>Added an rclone vendor to work with <code>rclone serve webdav</code> (Adithya Kumar)</li>
+</ul></li>
+</ul>
+<h2 id="v1.64.2---2023-10-19">v1.64.2 - 2023-10-19</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.64.1...v1.64.2">See commits</a></p>
+<ul>
+<li>Bug Fixes
+<ul>
+<li>selfupdate: Fix "invalid hashsum signature" error (Nick Craig-Wood)</li>
+<li>build: Fix docker build running out of space (Nick Craig-Wood)</li>
+</ul></li>
+</ul>
+<h2 id="v1.64.1---2023-10-17">v1.64.1 - 2023-10-17</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.64.0...v1.64.1">See commits</a></p>
+<ul>
+<li>Bug Fixes
+<ul>
+<li>cmd: Make <code>--progress</code> output logs in the same format as without (Nick Craig-Wood)</li>
+<li>docs fixes (Dimitri Papadopoulos Orfanos, Herby Gillot, Manoj Ghosh, Nick Craig-Wood)</li>
+<li>lsjson: Make sure we set the global metadata flag too (Nick Craig-Wood)</li>
+<li>operations
+<ul>
+<li>Ensure concurrency is no greater than the number of chunks (Pat Patterson)</li>
+<li>Fix OpenOptions ignored in copy if operation was a multiThreadCopy (Vitor Gomes)</li>
+<li>Fix error message on delete to have file name (Nick Craig-Wood)</li>
+</ul></li>
+<li>serve sftp: Return not supported error for not supported commands (Nick Craig-Wood)</li>
+<li>build: Upgrade golang.org/x/net to v0.17.0 to fix HTTP/2 rapid reset (Nick Craig-Wood)</li>
+<li>pacer: Fix b2 deadlock by defaulting max connections to unlimited (Nick Craig-Wood)</li>
+</ul></li>
+<li>Mount
+<ul>
+<li>Fix automount not detecting drive is ready (Nick Craig-Wood)</li>
+</ul></li>
+<li>VFS
+<ul>
+<li>Fix update dir modification time (Saleh Dindar)</li>
+</ul></li>
+<li>Azure Blob
+<ul>
+<li>Fix "fatal error: concurrent map writes" (Nick Craig-Wood)</li>
+</ul></li>
+<li>B2
+<ul>
+<li>Fix multipart upload: corrupted on transfer: sizes differ XXX vs 0 (Nick Craig-Wood)</li>
+<li>Fix locking window when getting mutipart upload URL (Nick Craig-Wood)</li>
+<li>Fix server side copies greater than 4GB (Nick Craig-Wood)</li>
+<li>Fix chunked streaming uploads (Nick Craig-Wood)</li>
+<li>Reduce default <code>--b2-upload-concurrency</code> to 4 to reduce memory usage (Nick Craig-Wood)</li>
+</ul></li>
+<li>Onedrive
+<ul>
+<li>Fix the configurator to allow <code>/teams/ID</code> in the config (Nick Craig-Wood)</li>
+</ul></li>
+<li>Oracleobjectstorage
+<ul>
+<li>Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Nick Craig-Wood)</li>
+</ul></li>
+<li>S3
+<ul>
+<li>Fix slice bounds out of range error when listing (Nick Craig-Wood)</li>
+<li>Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Vitor Gomes)</li>
+</ul></li>
+<li>Storj
+<ul>
+<li>Update storj.io/uplink to v1.12.0 (Kaloyan Raev)</li>
+</ul></li>
+</ul>
+<h2 id="v1.64.0---2023-09-11">v1.64.0 - 2023-09-11</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.63.0...v1.64.0">See commits</a></p>
+<ul>
+<li>New backends
+<ul>
+<li><a href="https://rclone.org/protondrive/">Proton Drive</a> (Chun-Hung Tseng)</li>
+<li><a href="https://rclone.org/quatrix/">Quatrix</a> (Oksana, Volodymyr Kit)</li>
+<li>New S3 providers
+<ul>
+<li><a href="https://rclone.org/s3/#synology-c2">Synology C2</a> (BakaWang)</li>
+<li><a href="https://rclone.org/s3/#leviia">Leviia</a> (Benjamin)</li>
+</ul></li>
+<li>New Jottacloud providers
+<ul>
+<li><a href="https://rclone.org/jottacloud/">Onlime</a> (Fjodor42)</li>
+<li><a href="https://rclone.org/jottacloud/">Telia Sky</a> (NoLooseEnds)</li>
+</ul></li>
+</ul></li>
+<li>Major changes
+<ul>
+<li>Multi-thread transfers (Vitor Gomes, Nick Craig-Wood, Manoj Ghosh, Edwin Mackenzie-Owen)
+<ul>
+<li>Multi-thread transfers are now available when transferring to:
+<ul>
+<li><code>local</code>, <code>s3</code>, <code>azureblob</code>, <code>b2</code>, <code>oracleobjectstorage</code> and <code>smb</code></li>
+</ul></li>
+<li>This greatly improves transfer speed between two network sources.</li>
+<li>In memory buffering has been unified between all backends and should share memory better.</li>
+<li>See <a href="https://rclone.org/docs/#multi-thread-cutoff">--multi-thread docs</a> for more info</li>
+</ul></li>
+</ul></li>
+<li>New commands
+<ul>
+<li><code>rclone config redacted</code> support mechanism for showing redacted config (Nick Craig-Wood)</li>
+</ul></li>
+<li>New Features
+<ul>
+<li>accounting
+<ul>
+<li>Show server side stats in own lines and not as bytes transferred (Nick Craig-Wood)</li>
+</ul></li>
+<li>bisync
+<ul>
+<li>Add new <code>--ignore-listing-checksum</code> flag to distinguish from <code>--ignore-checksum</code> (nielash)</li>
+<li>Add experimental <code>--resilient</code> mode to allow recovery from self-correctable errors (nielash)</li>
+<li>Add support for <code>--create-empty-src-dirs</code> (nielash)</li>
+<li>Dry runs no longer commit filter changes (nielash)</li>
+<li>Enforce <code>--check-access</code> during <code>--resync</code> (nielash)</li>
+<li>Apply filters correctly during deletes (nielash)</li>
+<li>Equality check before renaming (leave identical files alone) (nielash)</li>
+<li>Fix <code>dryRun</code> rc parameter being ignored (nielash)</li>
+</ul></li>
+<li>build
+<ul>
+<li>Update to <code>go1.21</code> and make <code>go1.19</code> the minimum required version (Anagh Kumar Baranwal, Nick Craig-Wood)</li>
+<li>Update dependencies (Nick Craig-Wood)</li>
+<li>Add snap installation (hideo aoyama)</li>
+<li>Change Winget Releaser job to <code>ubuntu-latest</code> (sitiom)</li>
+</ul></li>
+<li>cmd: Refactor and use sysdnotify in more commands (eNV25)</li>
+<li>config: Add <code>--multi-thread-chunk-size</code> flag (Vitor Gomes)</li>
+<li>doc updates (antoinetran, Benjamin, Bjørn Smith, Dean Attali, gabriel-suela, James Braza, Justin Hellings, kapitainsky, Mahad, Masamune3210, Nick Craig-Wood, Nihaal Sangha, Niklas Hambüchen, Raymond Berger, r-ricci, Sawada Tsunayoshi, Tiago Boeing, Vladislav Vorobev)</li>
+<li>fs
+<ul>
+<li>Use atomic types everywhere (Roberto Ricci)</li>
+<li>When <code>--max-transfer</code> limit is reached exit with code (10) (kapitainsky)</li>
+<li>Add rclone completion powershell - basic implementation only (Nick Craig-Wood)</li>
+</ul></li>
+<li>http servers: Allow CORS to be set with <code>--allow-origin</code> flag (yuudi)</li>
+<li>lib/rest: Remove unnecessary <code>nil</code> check (Eng Zer Jun)</li>
+<li>ncdu: Add keybinding to rescan filesystem (eNV25)</li>
+<li>rc
+<ul>
+<li>Add <code>executeId</code> to job listings (yuudi)</li>
+<li>Add <code>core/du</code> to measure local disk usage (Nick Craig-Wood)</li>
+<li>Add <code>operations/settier</code> to API (Drew Stinnett)</li>
+</ul></li>
+<li>rclone test info: Add <code>--check-base32768</code> flag to check can store all base32768 characters (Nick Craig-Wood)</li>
+<li>rmdirs: Remove directories concurrently controlled by <code>--checkers</code> (Nick Craig-Wood)</li>
+</ul></li>
+<li>Bug Fixes
+<ul>
+<li>accounting: Don't stop calculating average transfer speed until the operation is complete (Jacob Hands)</li>
+<li>fs: Fix <code>transferTime</code> not being set in JSON logs (Jacob Hands)</li>
+<li>fshttp: Fix <code>--bind 0.0.0.0</code> allowing IPv6 and <code>--bind ::0</code> allowing IPv4 (Nick Craig-Wood)</li>
+<li>operations: Fix overlapping check on case insensitive file systems (Nick Craig-Wood)</li>
+<li>serve dlna: Fix MIME type if backend can't identify it (Nick Craig-Wood)</li>
+<li>serve ftp: Fix race condition when using the auth proxy (Nick Craig-Wood)</li>
+<li>serve sftp: Fix hash calculations with <code>--vfs-cache-mode full</code> (Nick Craig-Wood)</li>
+<li>serve webdav: Fix error: Expecting fs.Object or fs.Directory, got <code>nil</code> (Nick Craig-Wood)</li>
+<li>sync: Fix lockup with <code>--cutoff-mode=soft</code> and <code>--max-duration</code> (Nick Craig-Wood)</li>
+</ul></li>
+<li>Mount
+<ul>
+<li>fix: Mount parsing for linux (Anagh Kumar Baranwal)</li>
+</ul></li>
+<li>VFS
+<ul>
+<li>Add <code>--vfs-cache-min-free-space</code> to control minimum free space on the disk containing the cache (Nick Craig-Wood)</li>
+<li>Added cache cleaner for directories to reduce memory usage (Anagh Kumar Baranwal)</li>
+<li>Update parent directory modtimes on vfs actions (David Pedersen)</li>
+<li>Keep virtual directory status accurate and reduce deadlock potential (Anagh Kumar Baranwal)</li>
+<li>Make sure struct field is aligned for atomic access (Roberto Ricci)</li>
+</ul></li>
+<li>Local
+<ul>
+<li>Rmdir return an error if the path is not a dir (zjx20)</li>
+</ul></li>
+<li>Azure Blob
+<ul>
+<li>Implement <code>OpenChunkWriter</code> and multi-thread uploads (Nick Craig-Wood)</li>
+<li>Fix creation of directory markers (Nick Craig-Wood)</li>
+<li>Fix purging with directory markers (Nick Craig-Wood)</li>
+</ul></li>
+<li>B2
+<ul>
+<li>Implement <code>OpenChunkWriter</code> and multi-thread uploads (Nick Craig-Wood)</li>
+<li>Fix rclone link when object path contains special characters (Alishan Ladhani)</li>
+</ul></li>
+<li>Box
+<ul>
+<li>Add polling support (David Sze)</li>
+<li>Add <code>--box-impersonate</code> to impersonate a user ID (Nick Craig-Wood)</li>
+<li>Fix unhelpful decoding of error messages into decimal numbers (Nick Craig-Wood)</li>
+</ul></li>
+<li>Chunker
+<ul>
+<li>Update documentation to mention issue with small files (Ricardo D'O. Albanus)</li>
+</ul></li>
+<li>Compress
+<ul>
+<li>Fix ChangeNotify (Nick Craig-Wood)</li>
+</ul></li>
+<li>Drive
+<ul>
+<li>Add <code>--drive-fast-list-bug-fix</code> to control ListR bug workaround (Nick Craig-Wood)</li>
+</ul></li>
+<li>Fichier
+<ul>
+<li>Implement <code>DirMove</code> (Nick Craig-Wood)</li>
+<li>Fix error code parsing (alexia)</li>
+</ul></li>
+<li>FTP
+<ul>
+<li>Add socks_proxy support for SOCKS5 proxies (Zach)</li>
+<li>Fix 425 "TLS session of data connection not resumed" errors (Nick Craig-Wood)</li>
+</ul></li>
+<li>Hdfs
+<ul>
+<li>Retry "replication in progress" errors when uploading (Nick Craig-Wood)</li>
+<li>Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)</li>
+</ul></li>
+<li>HTTP
+<ul>
+<li>CORS should not be sent if not set (yuudi)</li>
+<li>Fix webdav OPTIONS response (yuudi)</li>
+</ul></li>
+<li>Opendrive
+<ul>
+<li>Fix List on a just deleted and remade directory (Nick Craig-Wood)</li>
+</ul></li>
+<li>Oracleobjectstorage
+<ul>
+<li>Use rclone's rate limiter in multipart transfers (Manoj Ghosh)</li>
+<li>Implement <code>OpenChunkWriter</code> and multi-thread uploads (Manoj Ghosh)</li>
+</ul></li>
+<li>S3
+<ul>
+<li>Refactor multipart upload to use <code>OpenChunkWriter</code> and <code>ChunkWriter</code> (Vitor Gomes)</li>
+<li>Factor generic multipart upload into <code>lib/multipart</code> (Nick Craig-Wood)</li>
+<li>Fix purging of root directory with <code>--s3-directory-markers</code> (Nick Craig-Wood)</li>
+<li>Add <code>rclone backend set</code> command to update the running config (Nick Craig-Wood)</li>
+<li>Add <code>rclone backend restore-status</code> command (Nick Craig-Wood)</li>
+</ul></li>
+<li>SFTP
+<ul>
+<li>Stop uploads re-using the same ssh connection to improve performance (Nick Craig-Wood)</li>
+<li>Add <code>--sftp-ssh</code> to specify an external ssh binary to use (Nick Craig-Wood)</li>
+<li>Add socks_proxy support for SOCKS5 proxies (Zach)</li>
+<li>Support dynamic <code>--sftp-path-override</code> (nielash)</li>
+<li>Fix spurious warning when using <code>--sftp-ssh</code> (Nick Craig-Wood)</li>
+</ul></li>
+<li>Smb
+<ul>
+<li>Implement multi-threaded writes for copies to smb (Edwin Mackenzie-Owen)</li>
+</ul></li>
+<li>Storj
+<ul>
+<li>Performance improvement for large file uploads (Kaloyan Raev)</li>
+</ul></li>
+<li>Swift
+<ul>
+<li>Fix HEADing 0-length objects when <code>--swift-no-large-objects</code> set (Julian Lepinski)</li>
+</ul></li>
+<li>Union
+<ul>
+<li>Add <code>:writback</code> to act as a simple cache (Nick Craig-Wood)</li>
+</ul></li>
+<li>WebDAV
+<ul>
+<li>Nextcloud: fix segment violation in low-level retry (Paul)</li>
+</ul></li>
+<li>Zoho
+<ul>
+<li>Remove Range requests workarounds to fix integration tests (Nick Craig-Wood)</li>
+</ul></li>
+</ul>
+<h2 id="v1.63.1---2023-07-17">v1.63.1 - 2023-07-17</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.63.0...v1.63.1">See commits</a></p>
+<ul>
+<li>Bug Fixes
+<ul>
+<li>build: Fix macos builds for versions &lt; 12 (Anagh Kumar Baranwal)</li>
+<li>dirtree: Fix performance with large directories of directories and <code>--fast-list</code> (Nick Craig-Wood)</li>
+<li>operations
+<ul>
+<li>Fix deadlock when using <code>lsd</code>/<code>ls</code> with <code>--progress</code> (Nick Craig-Wood)</li>
+<li>Fix <code>.rclonelink</code> files not being converted back to symlinks (Nick Craig-Wood)</li>
+</ul></li>
+<li>doc fixes (Dean Attali, Mahad, Nick Craig-Wood, Sawada Tsunayoshi, Vladislav Vorobev)</li>
+</ul></li>
+<li>Local
+<ul>
+<li>Fix partial directory read for corrupted filesystem (Nick Craig-Wood)</li>
+</ul></li>
+<li>Box
+<ul>
+<li>Fix reconnect failing with HTTP 400 Bad Request (albertony)</li>
+</ul></li>
+<li>Smb
+<ul>
+<li>Fix "Statfs failed: bucket or container name is needed" when mounting (Nick Craig-Wood)</li>
+</ul></li>
+<li>WebDAV
+<ul>
+<li>Nextcloud: fix must use /dav/files/USER endpoint not /webdav error (Paul)</li>
+<li>Nextcloud chunking: add more guidance for the user to check the config (darix)</li>
+</ul></li>
+</ul>
+<h2 id="v1.63.0---2023-06-30">v1.63.0 - 2023-06-30</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.62.0...v1.63.0">See commits</a></p>
+<ul>
+<li>New backends
+<ul>
+<li><a href="https://rclone.org/pikpak/">Pikpak</a> (wiserain)</li>
+<li>New S3 providers
+<ul>
+<li><a href="https://rclone.org/s3/#petabox">petabox.io</a> (Andrei Smirnov)</li>
+<li><a href="https://rclone.org/s3/#google-cloud-storage">Google Cloud Storage</a> (Anthony Pessy)</li>
+</ul></li>
+<li>New WebDAV providers
+<ul>
+<li><a href="https://rclone.org/webdav/#fastmail-files">Fastmail</a> (Arnavion)</li>
+</ul></li>
+</ul></li>
+<li>Major changes
+<ul>
+<li>Files will be copied to a temporary name ending in <code>.partial</code> when copying to <code>local</code>,<code>ftp</code>,<code>sftp</code> then renamed at the end of the transfer. (Janne Hellsten, Nick Craig-Wood)
+<ul>
+<li>This helps with data integrity as we don't delete the existing file until the new one is complete.</li>
+<li>It can be disabled with the <a href="https://rclone.org/docs/#inplace">--inplace</a> flag.</li>
+<li>This behaviour will also happen if the backend is wrapped, for example <code>sftp</code> wrapped with <code>crypt</code>.</li>
+</ul></li>
+<li>The <a href="https://rclone.org/s3/#s3-directory-markers">s3</a>, <a href="/azureblob/#azureblob-directory-markers">azureblob</a> and <a href="/googlecloudstorage/#gcs-directory-markers">gcs</a> backends now support directory markers so empty directories are supported (Jānis Bebrītis, Nick Craig-Wood)</li>
+<li>The <a href="https://rclone.org/docs/#default-time-time">--default-time</a> flag now controls the unknown modification time of files/dirs (Nick Craig-Wood)
+<ul>
+<li>If a file or directory does not have a modification time rclone can read then rclone will display this fixed time instead.</li>
+<li>For the old behaviour use <code>--default-time 0s</code> which will set this time to the time rclone started up.</li>
+</ul></li>
+</ul></li>
+<li>New Features
+<ul>
+<li>build
+<ul>
+<li>Modernise linters in use and fixup all affected code (albertony)</li>
+<li>Push docker beta to GHCR (GitHub container registry) (Richard Tweed)</li>
+</ul></li>
+<li>cat: Add <code>--separator</code> option to cat command (Loren Gordon)</li>
+<li>config
+<ul>
+<li>Do not remove/overwrite other files during config file save (albertony)</li>
+<li>Do not overwrite config file symbolic link (albertony)</li>
+<li>Stop <code>config create</code> making invalid config files (Nick Craig-Wood)</li>
+</ul></li>
+<li>doc updates (Adam K, Aditya Basu, albertony, asdffdsazqqq, Damo, danielkrajnik, Dimitri Papadopoulos, dlitster, Drew Parsons, jumbi77, kapitainsky, mac-15, Mariusz Suchodolski, Nick Craig-Wood, NickIAm, Rintze Zelle, Stanislav Gromov, Tareq Sharafy, URenko, yuudi, Zach Kipp)</li>
+<li>fs
+<ul>
+<li>Add <code>size</code> to JSON logs when moving or copying an object (Nick Craig-Wood)</li>
+<li>Allow boolean features to be enabled with <code>--disable !Feature</code> (Nick Craig-Wood)</li>
+</ul></li>
+<li>genautocomplete: Rename to <code>completion</code> with alias to the old name (Nick Craig-Wood)</li>
+<li>librclone: Added example on using <code>librclone</code> with Go (alankrit)</li>
+<li>lsjson: Make <code>--stat</code> more efficient (Nick Craig-Wood)</li>
+<li>operations
+<ul>
+<li>Implement <code>--multi-thread-write-buffer-size</code> for speed improvements on downloads (Paulo Schreiner)</li>
+<li>Reopen downloads on error when using <code>check --download</code> and <code>cat</code> (Nick Craig-Wood)</li>
+</ul></li>
+<li>rc: <code>config/listremotes</code> includes remotes defined with environment variables (kapitainsky)</li>
+<li>selfupdate: Obey <code>--no-check-certificate</code> flag (Nick Craig-Wood)</li>
+<li>serve restic: Trigger systemd notify (Shyim)</li>
+<li>serve webdav: Implement owncloud checksum and modtime extensions (WeidiDeng)</li>
+<li>sync: <code>--suffix-keep-extension</code> preserve 2 part extensions like .tar.gz (Nick Craig-Wood)</li>
+</ul></li>
+<li>Bug Fixes
+<ul>
+<li>accounting
+<ul>
+<li>Fix Prometheus metrics to be the same as <code>core/stats</code> (Nick Craig-Wood)</li>
+<li>Bwlimit signal handler should always start (Sam Lai)</li>
+</ul></li>
+<li>bisync: Fix <code>maxDelete</code> parameter being ignored via the rc (Nick Craig-Wood)</li>
+<li>cmd/ncdu: Fix screen corruption when logging (eNV25)</li>
+<li>filter: Fix deadlock with errors on <code>--files-from</code> (douchen)</li>
+<li>fs
+<ul>
+<li>Fix interaction between <code>--progress</code> and <code>--interactive</code> (Nick Craig-Wood)</li>
+<li>Fix infinite recursive call in pacer ModifyCalculator (fixes issue reported by the staticcheck linter) (albertony)</li>
+</ul></li>
+<li>lib/atexit: Ensure OnError only calls cancel function once (Nick Craig-Wood)</li>
+<li>lib/rest: Fix problems re-using HTTP connections (Nick Craig-Wood)</li>
+<li>rc
+<ul>
+<li>Fix <code>operations/stat</code> with trailing <code>/</code> (Nick Craig-Wood)</li>
+<li>Fix missing <code>--rc</code> flags (Nick Craig-Wood)</li>
+<li>Fix output of Time values in <code>options/get</code> (Nick Craig-Wood)</li>
+</ul></li>
+<li>serve dlna: Fix potential data race (Nick Craig-Wood)</li>
+<li>version: Fix reported os/kernel version for windows (albertony)</li>
+</ul></li>
+<li>Mount
+<ul>
+<li>Add <code>--mount-case-insensitive</code> to force the mount to be case insensitive (Nick Craig-Wood)</li>
+<li>Removed unnecessary byte slice allocation for reads (Anagh Kumar Baranwal)</li>
+<li>Clarify rclone mount error when installed via homebrew (Nick Craig-Wood)</li>
+<li>Added _netdev to the example mount so it gets treated as a remote-fs rather than local-fs (Anagh Kumar Baranwal)</li>
+</ul></li>
+<li>Mount2
+<ul>
+<li>Updated go-fuse version (Anagh Kumar Baranwal)</li>
+<li>Fixed statfs (Anagh Kumar Baranwal)</li>
+<li>Disable xattrs (Anagh Kumar Baranwal)</li>
+</ul></li>
+<li>VFS
+<ul>
+<li>Add MkdirAll function to make a directory and all beneath (Nick Craig-Wood)</li>
+<li>Fix reload: failed to add virtual dir entry: file does not exist (Nick Craig-Wood)</li>
+<li>Fix writing to a read only directory creating spurious directory entries (WeidiDeng)</li>
+<li>Fix potential data race (Nick Craig-Wood)</li>
+<li>Fix backends being Shutdown too early when startup takes a long time (Nick Craig-Wood)</li>
+</ul></li>
+<li>Local
+<ul>
+<li>Fix filtering of symlinks with <code>-l</code>/<code>--links</code> flag (Nick Craig-Wood)</li>
+<li>Fix /path/to/file.rclonelink when <code>-l</code>/<code>--links</code> is in use (Nick Craig-Wood)</li>
+<li>Fix crash with <code>--metadata</code> on Android (Nick Craig-Wood)</li>
+</ul></li>
+<li>Cache
+<ul>
+<li>Fix backends shutting down when in use when used via the rc (Nick Craig-Wood)</li>
+</ul></li>
+<li>Crypt
+<ul>
+<li>Add <code>--crypt-suffix</code> option to set a custom suffix for encrypted files (jladbrook)</li>
+<li>Add <code>--crypt-pass-bad-blocks</code> to allow corrupted file output (Nick Craig-Wood)</li>
+<li>Fix reading 0 length files (Nick Craig-Wood)</li>
+<li>Try not to return "unexpected EOF" error (Nick Craig-Wood)</li>
+<li>Reduce allocations (albertony)</li>
+<li>Recommend Dropbox for <code>base32768</code> encoding (Nick Craig-Wood)</li>
+</ul></li>
+<li>Azure Blob
+<ul>
+<li>Empty directory markers (Nick Craig-Wood)</li>
+<li>Support azure workload identities (Tareq Sharafy)</li>
+<li>Fix azure blob uploads with multiple bits of metadata (Nick Craig-Wood)</li>
+<li>Fix azurite compatibility by sending nil tier if set to empty string (Roel Arents)</li>
+</ul></li>
+<li>Combine
+<ul>
+<li>Implement missing methods (Nick Craig-Wood)</li>
+<li>Fix goroutine stack overflow on bad object (Nick Craig-Wood)</li>
+</ul></li>
+<li>Drive
+<ul>
+<li>Add <code>--drive-env-auth</code> to get IAM credentials from runtime (Peter Brunner)</li>
+<li>Update drive service account guide (Juang, Yi-Lin)</li>
+<li>Fix change notify picking up files outside the root (Nick Craig-Wood)</li>
+<li>Fix trailing slash mis-identificaton of folder as file (Nick Craig-Wood)</li>
+<li>Fix incorrect remote after Update on object (Nick Craig-Wood)</li>
+</ul></li>
+<li>Dropbox
+<ul>
+<li>Implement <code>--dropbox-pacer-min-sleep</code> flag (Nick Craig-Wood)</li>
+<li>Fix the dropbox batcher stalling (Misty)</li>
+</ul></li>
+<li>Fichier
+<ul>
+<li>Add <code>--ficicher-cdn</code> option to use the CDN for download (Nick Craig-Wood)</li>
+</ul></li>
+<li>FTP
+<ul>
+<li>Lower log message priority when <code>SetModTime</code> is not supported to debug (Tobias Gion)</li>
+<li>Fix "unsupported LIST line" errors on startup (Nick Craig-Wood)</li>
+<li>Fix "501 Not a valid pathname." errors when creating directories (Nick Craig-Wood)</li>
+</ul></li>
+<li>Google Cloud Storage
+<ul>
+<li>Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)</li>
+<li>Added <code>--gcs-user-project</code> needed for requester pays (Christopher Merry)</li>
+</ul></li>
+<li>HTTP
+<ul>
+<li>Add client certificate user auth middleware. This can auth <code>serve restic</code> from the username in the client cert. (Peter Fern)</li>
+</ul></li>
+<li>Jottacloud
 <ul>
-<li>"true"
+<li>Fix vfs writeback stuck in a failed upload loop with file versioning disabled (albertony)</li>
+</ul></li>
+<li>Onedrive
 <ul>
-<li>Disables long file names.</li>
+<li>Add <code>--onedrive-av-override</code> flag to download files flagged as virus (Nick Craig-Wood)</li>
+<li>Fix quickxorhash on 32 bit architectures (Nick Craig-Wood)</li>
+<li>Report any list errors during <code>rclone cleanup</code> (albertony)</li>
 </ul></li>
+<li>Putio
+<ul>
+<li>Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)</li>
+<li>Fix modification times not being preserved for server side copy and move (Nick Craig-Wood)</li>
+<li>Fix server side copy failures (400 errors) (Nick Craig-Wood)</li>
 </ul></li>
-</ul>
-<h4 id="copy-links--l">--copy-links / -L</h4>
-<p>Follow symlinks and copy the pointed to item.</p>
-<p>Properties:</p>
+<li>S3
 <ul>
-<li>Config: copy_links</li>
-<li>Env Var: RCLONE_LOCAL_COPY_LINKS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="links--l-1">--links / -l</h4>
-<p>Translate symlinks to/from regular files with a '.rclonelink' extension.</p>
-<p>Properties:</p>
+<li>Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)</li>
+<li>Update Scaleway storage classes (Brian Starkey)</li>
+<li>Fix <code>--s3-versions</code> on individual objects (Nick Craig-Wood)</li>
+<li>Fix hang on aborting multipart upload with iDrive e2 (Nick Craig-Wood)</li>
+<li>Fix missing "tier" metadata (Nick Craig-Wood)</li>
+<li>Fix V3sign: add missing subresource delete (cc)</li>
+<li>Fix Arvancloud Domain and region changes and alphabetise the provider (Ehsan Tadayon)</li>
+<li>Fix Qiniu KODO quirks virtualHostStyle is false (zzq)</li>
+</ul></li>
+<li>SFTP
 <ul>
-<li>Config: links</li>
-<li>Env Var: RCLONE_LOCAL_LINKS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="skip-links">--skip-links</h4>
-<p>Don't warn about skipped symlinks.</p>
-<p>This flag disables warning messages on skipped symlinks or junction points, as you explicitly acknowledge that they should be skipped.</p>
-<p>Properties:</p>
+<li>Add <code>--sftp-host-key-algorithms</code> to allow specifying SSH host key algorithms (Joel)</li>
+<li>Fix using <code>--sftp-key-use-agent</code> and <code>--sftp-key-file</code> together needing private key file (Arnav Singh)</li>
+<li>Fix move to allow overwriting existing files (Nick Craig-Wood)</li>
+<li>Don't stat directories before listing them (Nick Craig-Wood)</li>
+<li>Don't check remote points to a file if it ends with / (Nick Craig-Wood)</li>
+</ul></li>
+<li>Sharefile
 <ul>
-<li>Config: skip_links</li>
-<li>Env Var: RCLONE_LOCAL_SKIP_LINKS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="local-zero-size-links">--local-zero-size-links</h4>
-<p>Assume the Stat size of links is zero (and read them instead) (deprecated).</p>
-<p>Rclone used to use the Stat size of links as the link size, but this fails in quite a few places:</p>
+<li>Disable streamed transfers as they no longer work (Nick Craig-Wood)</li>
+</ul></li>
+<li>Smb
 <ul>
-<li>Windows</li>
-<li>On some virtual filesystems (such ash LucidLink)</li>
-<li>Android</li>
-</ul>
-<p>So rclone now always reads the link.</p>
-<p>Properties:</p>
+<li>Code cleanup to avoid overwriting ctx before first use (fixes issue reported by the staticcheck linter) (albertony)</li>
+</ul></li>
+<li>Storj
 <ul>
-<li>Config: zero_size_links</li>
-<li>Env Var: RCLONE_LOCAL_ZERO_SIZE_LINKS</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="local-unicode-normalization">--local-unicode-normalization</h4>
-<p>Apply unicode NFC normalization to paths and filenames.</p>
-<p>This flag can be used to normalize file names into unicode NFC form that are read from the local filesystem.</p>
-<p>Rclone does not normally touch the encoding of file names it reads from the file system.</p>
-<p>This can be useful when using macOS as it normally provides decomposed (NFD) unicode which in some language (eg Korean) doesn't display properly on some OSes.</p>
-<p>Note that rclone compares filenames with unicode normalization in the sync routine so this flag shouldn't normally be used.</p>
-<p>Properties:</p>
+<li>Fix "uplink: too many requests" errors when uploading to the same file (Nick Craig-Wood)</li>
+<li>Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)</li>
+</ul></li>
+<li>Swift
 <ul>
-<li>Config: unicode_normalization</li>
-<li>Env Var: RCLONE_LOCAL_UNICODE_NORMALIZATION</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="local-no-check-updated">--local-no-check-updated</h4>
-<p>Don't check to see if the files change during upload.</p>
-<p>Normally rclone checks the size and modification time of files as they are being uploaded and aborts with a message which starts "can't copy - source file is being updated" if the file changes during upload.</p>
-<p>However on some file systems this modification time check may fail (e.g. <a href="https://github.com/rclone/rclone/issues/2206">Glusterfs #2206</a>) so this check can be disabled with this flag.</p>
-<p>If this flag is set, rclone will use its best efforts to transfer a file which is being updated. If the file is only having things appended to it (e.g. a log) then rclone will transfer the log file with the size it had the first time rclone saw it.</p>
-<p>If the file is being modified throughout (not just appended to) then the transfer may fail with a hash check failure.</p>
-<p>In detail, once the file has had stat() called on it for the first time we:</p>
+<li>Ignore 404 error when deleting an object (Nick Craig-Wood)</li>
+</ul></li>
+<li>Union
 <ul>
-<li>Only transfer the size that stat gave</li>
-<li>Only checksum the size that stat gave</li>
-<li>Don't update the stat info for the file</li>
-</ul>
-<p>Properties:</p>
+<li>Implement missing methods (Nick Craig-Wood)</li>
+<li>Allow errors to be unwrapped for inspection (Nick Craig-Wood)</li>
+</ul></li>
+<li>Uptobox
 <ul>
-<li>Config: no_check_updated</li>
-<li>Env Var: RCLONE_LOCAL_NO_CHECK_UPDATED</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="one-file-system--x">--one-file-system / -x</h4>
-<p>Don't cross filesystem boundaries (unix/macOS only).</p>
-<p>Properties:</p>
+<li>Add <code>--uptobox-private</code> flag to make all uploaded files private (Nick Craig-Wood)</li>
+<li>Fix improper regex (Aaron Gokaslan)</li>
+<li>Fix Update returning the wrong object (Nick Craig-Wood)</li>
+<li>Fix rmdir declaring that directories weren't empty (Nick Craig-Wood)</li>
+</ul></li>
+<li>WebDAV
 <ul>
-<li>Config: one_file_system</li>
-<li>Env Var: RCLONE_LOCAL_ONE_FILE_SYSTEM</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="local-case-sensitive">--local-case-sensitive</h4>
-<p>Force the filesystem to report itself as case sensitive.</p>
-<p>Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.</p>
-<p>Properties:</p>
+<li>nextcloud: Add support for chunked uploads (Paul)</li>
+<li>Set modtime using propset for owncloud and nextcloud (WeidiDeng)</li>
+<li>Make pacer minSleep configurable with <code>--webdav-pacer-min-sleep</code> (ed)</li>
+<li>Fix server side copy/move not overwriting (WeidiDeng)</li>
+<li>Fix modtime on server side copy for owncloud and nextcloud (Nick Craig-Wood)</li>
+</ul></li>
+<li>Yandex
 <ul>
-<li>Config: case_sensitive</li>
-<li>Env Var: RCLONE_LOCAL_CASE_SENSITIVE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="local-case-insensitive">--local-case-insensitive</h4>
-<p>Force the filesystem to report itself as case insensitive.</p>
-<p>Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.</p>
-<p>Properties:</p>
+<li>Fix 400 Bad Request on transfer failure (Nick Craig-Wood)</li>
+</ul></li>
+<li>Zoho
 <ul>
-<li>Config: case_insensitive</li>
-<li>Env Var: RCLONE_LOCAL_CASE_INSENSITIVE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
+<li>Fix downloads with <code>Range:</code> header returning the wrong data (Nick Craig-Wood)</li>
+</ul></li>
 </ul>
-<h4 id="local-no-preallocate">--local-no-preallocate</h4>
-<p>Disable preallocation of disk space for transferred files.</p>
-<p>Preallocation of disk space helps prevent filesystem fragmentation. However, some virtual filesystem layers (such as Google Drive File Stream) may incorrectly set the actual file size equal to the preallocated space, causing checksum and file size checks to fail. Use this flag to disable preallocation.</p>
-<p>Properties:</p>
+<h2 id="v1.62.2---2023-03-16">v1.62.2 - 2023-03-16</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.62.1...v1.62.2">See commits</a></p>
 <ul>
-<li>Config: no_preallocate</li>
-<li>Env Var: RCLONE_LOCAL_NO_PREALLOCATE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="local-no-sparse">--local-no-sparse</h4>
-<p>Disable sparse files for multi-thread downloads.</p>
-<p>On Windows platforms rclone will make sparse files when doing multi-thread downloads. This avoids long pauses on large files where the OS zeros the file. However sparse files may be undesirable as they cause disk fragmentation and can be slow to work with.</p>
-<p>Properties:</p>
+<li>Bug Fixes
 <ul>
-<li>Config: no_sparse</li>
-<li>Env Var: RCLONE_LOCAL_NO_SPARSE</li>
-<li>Type: bool</li>
-<li>Default: false</li>
-</ul>
-<h4 id="local-no-set-modtime">--local-no-set-modtime</h4>
-<p>Disable setting modtime.</p>
-<p>Normally rclone updates modification time of files after they are done uploading. This can cause permissions issues on Linux platforms when the user rclone is running as does not own the file uploaded, such as when copying to a CIFS mount owned by another user. If this option is enabled, rclone will no longer update the modtime after copying a file.</p>
-<p>Properties:</p>
+<li>docker volume plugin: Add missing fuse3 dependency (Nick Craig-Wood)</li>
+<li>docs: Fix size documentation (asdffdsazqqq)</li>
+</ul></li>
+<li>FTP
 <ul>
-<li>Config: no_set_modtime</li>
-<li>Env Var: RCLONE_LOCAL_NO_SET_MODTIME</li>
-<li>Type: bool</li>
-<li>Default: false</li>
+<li>Fix 426 errors on downloads with vsftpd (Lesmiscore)</li>
+</ul></li>
 </ul>
-<h4 id="local-encoding">--local-encoding</h4>
-<p>The encoding for the backend.</p>
-<p>See the <a href="https://rclone.org/overview/#encoding">encoding section in the overview</a> for more info.</p>
-<p>Properties:</p>
+<h2 id="v1.62.1---2023-03-15">v1.62.1 - 2023-03-15</h2>
+<p><a href="https://github.com/rclone/rclone/compare/v1.62.0...v1.62.1">See commits</a></p>
 <ul>
-<li>Config: encoding</li>
-<li>Env Var: RCLONE_LOCAL_ENCODING</li>
-<li>Type: MultiEncoder</li>
-<li>Default: Slash,Dot</li>
-</ul>
-<h3 id="metadata-10">Metadata</h3>
-<p>Depending on which OS is in use the local backend may return only some of the system metadata. Setting system metadata is supported on all OSes but setting user metadata is only supported on linux, freebsd, netbsd, macOS and Solaris. It is <strong>not</strong> supported on Windows yet (<a href="https://github.com/pkg/xattr/issues/47">see pkg/attrs#47</a>).</p>
-<p>User metadata is stored as extended attributes (which may not be supported by all file systems) under the "user.*" prefix.</p>
-<p>Here are the possible system metadata items for the local backend.</p>
-<table>
-<colgroup>
-<col style="width: 15%" />
-<col style="width: 15%" />
-<col style="width: 15%" />
-<col style="width: 23%" />
-<col style="width: 28%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Name</th>
-<th>Help</th>
-<th>Type</th>
-<th>Example</th>
-<th>Read Only</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>atime</td>
-<td>Time of last access</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z07:00</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>btime</td>
-<td>Time of file birth (creation)</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z07:00</td>
-<td>N</td>
-</tr>
-<tr class="odd">
-<td>gid</td>
-<td>Group ID of owner</td>
-<td>decimal number</td>
-<td>500</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>mode</td>
-<td>File type and mode</td>
-<td>octal, unix style</td>
-<td>0100664</td>
-<td>N</td>
-</tr>
-<tr class="odd">
-<td>mtime</td>
-<td>Time of last modification</td>
-<td>RFC 3339</td>
-<td>2006-01-02T15:04:05.999999999Z07:00</td>
-<td>N</td>
-</tr>
-<tr class="even">
-<td>rdev</td>
-<td>Device ID (if special file)</td>
-<td>hexadecimal</td>
-<td>1abc</td>
-<td>N</td>
-</tr>
-<tr class="odd">
-<td>uid</td>
-<td>User ID of owner</td>
-<td>decimal number</td>
-<td>500</td>
-<td>N</td>
-</tr>
-</tbody>
-</table>
-<p>See the <a href="https://rclone.org/docs/#metadata">metadata</a> docs for more info.</p>
-<h2 id="backend-commands-7">Backend commands</h2>
-<p>Here are the commands specific to the local backend.</p>
-<p>Run them with</p>
-<pre><code>rclone backend COMMAND remote:</code></pre>
-<p>The help below will explain what arguments each command takes.</p>
-<p>See the <a href="https://rclone.org/commands/rclone_backend/">backend</a> command for more info on how to pass options and arguments.</p>
-<p>These can be run on a running backend using the rc command <a href="https://rclone.org/rc/#backend-command">backend/command</a>.</p>
-<h3 id="noop">noop</h3>
-<p>A null operation for testing backend commands</p>
-<pre><code>rclone backend noop remote: [options] [&lt;arguments&gt;+]</code></pre>
-<p>This is a test command which has some options you can try to change the output.</p>
-<p>Options:</p>
+<li>Bug Fixes
 <ul>
-<li>"echo": echo the input arguments</li>
-<li>"error": return an error based on option value</li>
+<li>docker: Add missing fuse3 dependency (cycneuramus)</li>
+<li>build: Update release docs to be more careful with the tag (Nick Craig-Wood)</li>
+<li>build: Set Github release to draft while uploading binaries (Nick Craig-Wood)</li>
+</ul></li>
 </ul>
-<h1 id="changelog">Changelog</h1>
 <h2 id="v1.62.0---2023-03-14">v1.62.0 - 2023-03-14</h2>
 <p><a href="https://github.com/rclone/rclone/compare/v1.61.0...v1.62.0">See commits</a></p>
 <ul>
@@ -32883,8 +40051,8 @@ <h2 id="v1.52.0---2020-05-27">v1.52.0 - 2020-05-27</h2>
 <ul>
 <li>Calculate hashes for uploads from local disk (Nick Craig-Wood)
 <ul>
-<li>This allows crypted Jottacloud uploads without using local disk</li>
-<li>This means crypted s3/b2 uploads will now have hashes</li>
+<li>This allows encrypted Jottacloud uploads without using local disk</li>
+<li>This means encrypted s3/b2 uploads will now have hashes</li>
 </ul></li>
 <li>Added <code>rclone backend decode</code>/<code>encode</code> commands to replicate functionality of <code>cryptdecode</code> (Anagh Kumar Baranwal)</li>
 <li>Get rid of the unused Cipher interface as it obfuscated the code (Nick Craig-Wood)</li>
@@ -34690,7 +41858,7 @@ <h2 id="v1.42---2018-06-16">v1.42 - 2018-06-16</h2>
 </ul></li>
 <li>Crypt
 <ul>
-<li>Check the crypted hash of files when uploading for extra data security</li>
+<li>Check the encrypted hash of files when uploading for extra data security</li>
 </ul></li>
 <li>Dropbox
 <ul>
@@ -35245,7 +42413,7 @@ <h2 id="v1.38---2017-09-30">v1.38 - 2017-09-30</h2>
 <ul>
 <li><code>rcat</code> - read from standard input and stream upload</li>
 <li><code>tree</code> - shows a nicely formatted recursive listing</li>
-<li><code>cryptdecode</code> - decode crypted file names (thanks ishuah)</li>
+<li><code>cryptdecode</code> - decode encrypted file names (thanks ishuah)</li>
 <li><code>config show</code> - print the config file</li>
 <li><code>config file</code> - print the config file location</li>
 </ul></li>
@@ -35281,7 +42449,7 @@ <h2 id="v1.38---2017-09-30">v1.38 - 2017-09-30</h2>
 </ul></li>
 <li>Mount
 <ul>
-<li>Re-use <code>rcat</code> internals to support uploads from all remotes</li>
+<li>Reuse <code>rcat</code> internals to support uploads from all remotes</li>
 </ul></li>
 <li>Dropbox
 <ul>
@@ -35688,7 +42856,7 @@ <h2 id="v1.34---2016-11-06">v1.34 - 2016-11-06</h2>
 <li>Delete src files which already existed in dst</li>
 <li>Fix deletion of src file when dst file older</li>
 </ul></li>
-<li>Fix <code>rclone check</code> on crypted file systems</li>
+<li>Fix <code>rclone check</code> on encrypted file systems</li>
 <li>Make failed uploads not count as "Transferred"</li>
 <li>Make sure high level retries show with <code>-q</code></li>
 <li>Use a vendor directory with godep for repeatable builds</li>
@@ -36456,7 +43624,7 @@ <h2 id="v0.00---2012-11-18">v0.00 - 2012-11-18</h2>
 <li>Project started</li>
 </ul>
 <h1 id="bugs-and-limitations">Bugs and Limitations</h1>
-<h2 id="limitations-34">Limitations</h2>
+<h2 id="limitations-12">Limitations</h2>
 <h3 id="directory-timestamps-arent-preserved">Directory timestamps aren't preserved</h3>
 <p>Rclone doesn't currently preserve the timestamps of directories. This is because rclone only really considers objects when syncing.</p>
 <h3 id="rclone-struggles-with-millions-of-files-in-a-directorybucket">Rclone struggles with millions of files in a directory/bucket</h3>
@@ -36465,7 +43633,7 @@ <h3 id="rclone-struggles-with-millions-of-files-in-a-directorybucket">Rclone str
 <h3 id="bucket-based-remotes-and-folders">Bucket-based remotes and folders</h3>
 <p>Bucket-based remotes (e.g. S3/GCS/Swift/B2) do not have a concept of directories. Rclone therefore cannot create directories in them which means that empty directories on a bucket-based remote will tend to disappear.</p>
 <p>Some software creates empty keys ending in <code>/</code> as directory markers. Rclone doesn't do this as it potentially creates more objects and costs more. This ability may be added in the future (probably via a flag/option).</p>
-<h2 id="bugs">Bugs</h2>
+<h2 id="bugs-1">Bugs</h2>
 <p>Bugs are stored in rclone's GitHub project:</p>
 <ul>
 <li><a href="https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug">Reported bugs</a></li>
@@ -36544,7 +43712,14 @@ <h3 id="tcp-lookup-some.domain.com-no-such-host">tcp lookup some.domain.com no s
 dig www.googleapis.com          # resolve using your default DNS
 dig www.googleapis.com @8.8.8.8 # resolve with Google&#39;s DNS server</code></pre>
 <p>If you are using <code>systemd-resolved</code> (default on Arch Linux), ensure it is at version 233 or higher. Previous releases contain a bug which causes not all domains to be resolved properly.</p>
-<p>Additionally with the <code>GODEBUG=netdns=</code> environment variable the Go resolver decision can be influenced. This also allows to resolve certain issues with DNS resolution. See the <a href="https://golang.org/pkg/net/#hdr-Name_Resolution">name resolution section in the go docs</a>.</p>
+<p>The Go resolver decision can be influenced with the <code>GODEBUG=netdns=...</code> environment variable. This also allows to resolve certain issues with DNS resolution. On Windows or MacOS systems, try forcing use of the internal Go resolver by setting <code>GODEBUG=netdns=go</code> at runtime. On other systems (Linux, *BSD, etc) try forcing use of the system name resolver by setting <code>GODEBUG=netdns=cgo</code> (and recompile rclone from source with CGO enabled if necessary). See the <a href="https://golang.org/pkg/net/#hdr-Name_Resolution">name resolution section in the go docs</a>.</p>
+<h3 id="failed-to-start-auth-webserver-on-windows">Failed to start auth webserver on Windows</h3>
+<pre><code>Error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+...
+yyyy/mm/dd hh:mm:ss Fatal error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.</code></pre>
+<p>This is sometimes caused by the Host Network Service causing issues with opening the port on the host.</p>
+<p>A simple solution may be restarting the Host Network Service with eg. Powershell</p>
+<pre><code>Restart-Service hns</code></pre>
 <h3 id="the-total-size-reported-in-the-stats-for-a-sync-is-wrong-and-keeps-changing">The total size reported in the stats for a sync is wrong and keeps changing</h3>
 <p>It is likely you have more than 10,000 files that need to be synced. By default, rclone only gets 10,000 files ahead in a sync so as not to use up too much memory. You can change this default with the <a href="https://rclone.org/docs/#max-backlog-n">--max-backlog</a> flag.</p>
 <h3 id="rclone-is-using-too-much-memory-or-appears-to-have-a-memory-leak">Rclone is using too much memory or appears to have a memory leak</h3>
@@ -36581,7 +43756,7 @@ <h2 id="authors">Authors</h2>
 <li>Nick Craig-Wood <a href="mailto:nick@craig-wood.com" class="email">nick@craig-wood.com</a></li>
 </ul>
 <h2 id="contributors">Contributors</h2>
-<p>{{&lt; rem <code>email addresses removed from here need to be addeed to bin/.ignore-emails to make sure update-authors.py doesn't immediately put them back in again.</code> &gt;}}</p>
+<p>{{&lt; rem <code>email addresses removed from here need to be added to bin/.ignore-emails to make sure update-authors.py doesn't immediately put them back in again.</code> &gt;}}</p>
 <ul>
 <li>Alex Couper <a href="mailto:amcouper@gmail.com" class="email">amcouper@gmail.com</a></li>
 <li>Leonid Shalupov <a href="mailto:leonid@shalupov.com" class="email">leonid@shalupov.com</a> <a href="mailto:shalupov@diverse.org.ru" class="email">shalupov@diverse.org.ru</a></li>
@@ -37092,7 +44267,7 @@ <h2 id="contributors">Contributors</h2>
 <li>HNGamingUK <a href="mailto:connor@earnshawhome.co.uk" class="email">connor@earnshawhome.co.uk</a></li>
 <li>Jonta <a href="mailto:359397+Jonta@users.noreply.github.com" class="email">359397+Jonta@users.noreply.github.com</a></li>
 <li>YenForYang <a href="mailto:YenForYang@users.noreply.github.com" class="email">YenForYang@users.noreply.github.com</a></li>
-<li>Joda Stößer <a href="mailto:stoesser@yay-digital.de" class="email">stoesser@yay-digital.de</a> <a href="mailto:services+github@simjo.st" class="email">services+github@simjo.st</a></li>
+<li>SimJoSt / Joda Stößer <a href="mailto:git@simjo.st" class="email">git@simjo.st</a></li>
 <li>Logeshwaran <a href="mailto:waranlogesh@gmail.com" class="email">waranlogesh@gmail.com</a></li>
 <li>Rajat Goel <a href="mailto:rajat@dropbox.com" class="email">rajat@dropbox.com</a></li>
 <li>r0kk3rz <a href="mailto:r0kk3rz@gmail.com" class="email">r0kk3rz@gmail.com</a></li>
@@ -37107,7 +44282,6 @@ <h2 id="contributors">Contributors</h2>
 <li>Chris Nelson <a href="mailto:stuff@cjnaz.com" class="email">stuff@cjnaz.com</a></li>
 <li>Felix Bünemann <a href="mailto:felix.buenemann@gmail.com" class="email">felix.buenemann@gmail.com</a></li>
 <li>Atílio Antônio <a href="mailto:atiliodadalto@hotmail.com" class="email">atiliodadalto@hotmail.com</a></li>
-<li>Roberto Ricci <a href="mailto:ricci@disroot.org" class="email">ricci@disroot.org</a></li>
 <li>Carlo Mion <a href="mailto:mion00@gmail.com" class="email">mion00@gmail.com</a></li>
 <li>Chris Lu <a href="mailto:chris.lu@gmail.com" class="email">chris.lu@gmail.com</a></li>
 <li>Vitor Arruda <a href="mailto:vitor.pimenta.arruda@gmail.com" class="email">vitor.pimenta.arruda@gmail.com</a></li>
@@ -37153,7 +44327,7 @@ <h2 id="contributors">Contributors</h2>
 <li>Leroy van Logchem <a href="mailto:lr.vanlogchem@gmail.com" class="email">lr.vanlogchem@gmail.com</a></li>
 <li>Zsolt Ero <a href="mailto:zsolt.ero@gmail.com" class="email">zsolt.ero@gmail.com</a></li>
 <li>Lesmiscore <a href="mailto:nao20010128@gmail.com" class="email">nao20010128@gmail.com</a></li>
-<li>ehsantdy <a href="mailto:ehsan.tadayon@arvancloud.com" class="email">ehsan.tadayon@arvancloud.com</a></li>
+<li>ehsantdy <a href="mailto:ehsan.tadayon@arvancloud.com" class="email">ehsan.tadayon@arvancloud.com</a> <a href="mailto:ehsantadayon85@gmail.com" class="email">ehsantadayon85@gmail.com</a></li>
 <li>SwazRGB <a href="mailto:65694696+swazrgb@users.noreply.github.com" class="email">65694696+swazrgb@users.noreply.github.com</a></li>
 <li>Mateusz Puczyński <a href="mailto:mati6095@gmail.com" class="email">mati6095@gmail.com</a></li>
 <li>Michael C Tiernan - MIT-Research Computing Project <a href="mailto:mtiernan@mit.edu" class="email">mtiernan@mit.edu</a></li>
@@ -37163,6 +44337,7 @@ <h2 id="contributors">Contributors</h2>
 <li>Christian Galo <a href="mailto:36752715+cgalo5758@users.noreply.github.com" class="email">36752715+cgalo5758@users.noreply.github.com</a></li>
 <li>Erik van Velzen <a href="mailto:erik@evanv.nl" class="email">erik@evanv.nl</a></li>
 <li>Derek Battams <a href="mailto:derek@battams.ca" class="email">derek@battams.ca</a></li>
+<li>Paul <a href="mailto:devnoname120@gmail.com" class="email">devnoname120@gmail.com</a></li>
 <li>SimonLiu <a href="mailto:simonliu009@users.noreply.github.com" class="email">simonliu009@users.noreply.github.com</a></li>
 <li>Hugo Laloge <a href="mailto:hla@lescompanions.com" class="email">hla@lescompanions.com</a></li>
 <li>Mr-Kanister <a href="mailto:68117355+Mr-Kanister@users.noreply.github.com" class="email">68117355+Mr-Kanister@users.noreply.github.com</a></li>
@@ -37261,6 +44436,116 @@ <h2 id="contributors">Contributors</h2>
 <li>Peter Brunner <a href="mailto:peter@psykhe.com" class="email">peter@psykhe.com</a></li>
 <li>Leandro Sacchet <a href="mailto:leandro.sacchet@animati.com.br" class="email">leandro.sacchet@animati.com.br</a></li>
 <li>dependabot[bot] &lt;49699333+dependabot[bot]<span class="citation" data-cites="users.noreply.github.com">@users.noreply.github.com</span>&gt;</li>
+<li>cycneuramus <a href="mailto:56681631+cycneuramus@users.noreply.github.com" class="email">56681631+cycneuramus@users.noreply.github.com</a></li>
+<li>Arnavion <a href="mailto:me@arnavion.dev" class="email">me@arnavion.dev</a></li>
+<li>Christopher Merry <a href="mailto:christopher.merry@mlb.com" class="email">christopher.merry@mlb.com</a></li>
+<li>Thibault Coupin <a href="mailto:thibault.coupin@gmail.com" class="email">thibault.coupin@gmail.com</a></li>
+<li>Richard Tweed <a href="mailto:RichardoC@users.noreply.github.com" class="email">RichardoC@users.noreply.github.com</a></li>
+<li>Zach Kipp <a href="mailto:Zacho2@users.noreply.github.com" class="email">Zacho2@users.noreply.github.com</a></li>
+<li>yuudi <a href="mailto:26199752+yuudi@users.noreply.github.com" class="email">26199752+yuudi@users.noreply.github.com</a></li>
+<li>NickIAm <a href="mailto:NickIAm@users.noreply.github.com" class="email">NickIAm@users.noreply.github.com</a></li>
+<li>Juang, Yi-Lin <a href="mailto:frankyjuang@gmail.com" class="email">frankyjuang@gmail.com</a></li>
+<li>jumbi77 <a href="mailto:jumbi77@users.noreply.github.com" class="email">jumbi77@users.noreply.github.com</a></li>
+<li>Aditya Basu <a href="mailto:ab.aditya.basu@gmail.com" class="email">ab.aditya.basu@gmail.com</a></li>
+<li>ed <a href="mailto:s@ocv.me" class="email">s@ocv.me</a></li>
+<li>Drew Parsons <a href="mailto:dparsons@emerall.com" class="email">dparsons@emerall.com</a></li>
+<li>Joel <a href="mailto:joelnb@users.noreply.github.com" class="email">joelnb@users.noreply.github.com</a></li>
+<li>wiserain <a href="mailto:mail275@gmail.com" class="email">mail275@gmail.com</a></li>
+<li>Roel Arents <a href="mailto:roel.arents@kadaster.nl" class="email">roel.arents@kadaster.nl</a></li>
+<li>Shyim <a href="mailto:github@shyim.de" class="email">github@shyim.de</a></li>
+<li>Rintze Zelle <a href="mailto:78232505+rzelle-lallemand@users.noreply.github.com" class="email">78232505+rzelle-lallemand@users.noreply.github.com</a></li>
+<li>Damo <a href="mailto:damoclark@users.noreply.github.com" class="email">damoclark@users.noreply.github.com</a></li>
+<li>WeidiDeng <a href="mailto:weidi_deng@icloud.com" class="email">weidi_deng@icloud.com</a></li>
+<li>Brian Starkey <a href="mailto:stark3y@gmail.com" class="email">stark3y@gmail.com</a></li>
+<li>jladbrook <a href="mailto:jhladbrook@gmail.com" class="email">jhladbrook@gmail.com</a></li>
+<li>Loren Gordon <a href="mailto:lorengordon@users.noreply.github.com" class="email">lorengordon@users.noreply.github.com</a></li>
+<li>dlitster <a href="mailto:davidlitster@gmail.com" class="email">davidlitster@gmail.com</a></li>
+<li>Tobias Gion <a href="mailto:tobias@gion.io" class="email">tobias@gion.io</a></li>
+<li>Jānis Bebrītis <a href="mailto:janis.bebritis@wunder.io" class="email">janis.bebritis@wunder.io</a></li>
+<li>Adam K <a href="mailto:github.com@ak.tidy.email" class="email">github.com@ak.tidy.email</a></li>
+<li>Andrei Smirnov <a href="mailto:smirnov.captain@gmail.com" class="email">smirnov.captain@gmail.com</a></li>
+<li>Janne Hellsten <a href="mailto:jjhellst@gmail.com" class="email">jjhellst@gmail.com</a></li>
+<li>cc <a href="mailto:12904584+shvc@users.noreply.github.com" class="email">12904584+shvc@users.noreply.github.com</a></li>
+<li>Tareq Sharafy <a href="mailto:tareq.sha@gmail.com" class="email">tareq.sha@gmail.com</a></li>
+<li>kapitainsky <a href="mailto:dariuszb@me.com" class="email">dariuszb@me.com</a></li>
+<li>douchen <a href="mailto:playgoobug@gmail.com" class="email">playgoobug@gmail.com</a></li>
+<li>Sam Lai <a href="mailto:70988+slai@users.noreply.github.com" class="email">70988+slai@users.noreply.github.com</a></li>
+<li>URenko <a href="mailto:18209292+URenko@users.noreply.github.com" class="email">18209292+URenko@users.noreply.github.com</a></li>
+<li>Stanislav Gromov <a href="mailto:kullfar@gmail.com" class="email">kullfar@gmail.com</a></li>
+<li>Paulo Schreiner <a href="mailto:paulo.schreiner@delivion.de" class="email">paulo.schreiner@delivion.de</a></li>
+<li>Mariusz Suchodolski <a href="mailto:mariusz@suchodol.ski" class="email">mariusz@suchodol.ski</a></li>
+<li>danielkrajnik <a href="mailto:dan94kra@gmail.com" class="email">dan94kra@gmail.com</a></li>
+<li>Peter Fern <a href="mailto:github@0xc0dedbad.com" class="email">github@0xc0dedbad.com</a></li>
+<li>zzq <a href="mailto:i@zhangzqs.cn" class="email">i@zhangzqs.cn</a></li>
+<li>mac-15 <a href="mailto:usman.ilamdin@phpstudios.com" class="email">usman.ilamdin@phpstudios.com</a></li>
+<li>Sawada Tsunayoshi <a href="mailto:34431649+TsunayoshiSawada@users.noreply.github.com" class="email">34431649+TsunayoshiSawada@users.noreply.github.com</a></li>
+<li>Dean Attali <a href="mailto:daattali@gmail.com" class="email">daattali@gmail.com</a></li>
+<li>Fjodor42 <a href="mailto:molgaard@gmail.com" class="email">molgaard@gmail.com</a></li>
+<li>BakaWang <a href="mailto:wa11579@hotmail.com" class="email">wa11579@hotmail.com</a></li>
+<li>Mahad <a href="mailto:56235065+Mahad-lab@users.noreply.github.com" class="email">56235065+Mahad-lab@users.noreply.github.com</a></li>
+<li>Vladislav Vorobev <a href="mailto:x.miere@gmail.com" class="email">x.miere@gmail.com</a></li>
+<li>darix <a href="mailto:darix@users.noreply.github.com" class="email">darix@users.noreply.github.com</a></li>
+<li>Benjamin <a href="mailto:36415086+bbenjamin-sys@users.noreply.github.com" class="email">36415086+bbenjamin-sys@users.noreply.github.com</a></li>
+<li>Chun-Hung Tseng <a href="mailto:henrybear327@users.noreply.github.com" class="email">henrybear327@users.noreply.github.com</a></li>
+<li>Ricardo D'O. Albanus <a href="mailto:rdalbanus@users.noreply.github.com" class="email">rdalbanus@users.noreply.github.com</a></li>
+<li>gabriel-suela <a href="mailto:gscsuela@gmail.com" class="email">gscsuela@gmail.com</a></li>
+<li>Tiago Boeing <a href="mailto:contato@tiagoboeing.com" class="email">contato@tiagoboeing.com</a></li>
+<li>Edwin Mackenzie-Owen <a href="mailto:edwin.mowen@gmail.com" class="email">edwin.mowen@gmail.com</a></li>
+<li>Niklas Hambüchen <a href="mailto:mail@nh2.me" class="email">mail@nh2.me</a></li>
+<li>yuudi <a href="mailto:yuudi@users.noreply.github.com" class="email">yuudi@users.noreply.github.com</a></li>
+<li>Zach <a href="mailto:github@prozach.org" class="email">github@prozach.org</a></li>
+<li>nielash <a href="mailto:31582349+nielash@users.noreply.github.com" class="email">31582349+nielash@users.noreply.github.com</a></li>
+<li>Julian Lepinski <a href="mailto:lepinsk@users.noreply.github.com" class="email">lepinsk@users.noreply.github.com</a></li>
+<li>Raymond Berger <a href="mailto:RayBB@users.noreply.github.com" class="email">RayBB@users.noreply.github.com</a></li>
+<li>Nihaal Sangha <a href="mailto:nihaal.git@gmail.com" class="email">nihaal.git@gmail.com</a></li>
+<li>Masamune3210 <a href="mailto:1053504+Masamune3210@users.noreply.github.com" class="email">1053504+Masamune3210@users.noreply.github.com</a></li>
+<li>James Braza <a href="mailto:jamesbraza@gmail.com" class="email">jamesbraza@gmail.com</a></li>
+<li>antoinetran <a href="mailto:antoinetran@users.noreply.github.com" class="email">antoinetran@users.noreply.github.com</a></li>
+<li>alexia <a href="mailto:me@alexia.lol" class="email">me@alexia.lol</a></li>
+<li>nielash <a href="mailto:nielronash@gmail.com" class="email">nielronash@gmail.com</a></li>
+<li>Vitor Gomes <a href="mailto:vitor.gomes@delivion.de" class="email">vitor.gomes@delivion.de</a> <a href="mailto:mail@vitorgomes.com" class="email">mail@vitorgomes.com</a></li>
+<li>Jacob Hands <a href="mailto:jacob@gogit.io" class="email">jacob@gogit.io</a></li>
+<li>hideo aoyama <a href="mailto:100831251+boukendesho@users.noreply.github.com" class="email">100831251+boukendesho@users.noreply.github.com</a></li>
+<li>Roberto Ricci <a href="mailto:io@r-ricci.it" class="email">io@r-ricci.it</a></li>
+<li>Bjørn Smith <a href="mailto:bjornsmith@gmail.com" class="email">bjornsmith@gmail.com</a></li>
+<li>Alishan Ladhani <a href="mailto:8869764+aladh@users.noreply.github.com" class="email">8869764+aladh@users.noreply.github.com</a></li>
+<li>zjx20 <a href="mailto:zhoujianxiong2@gmail.com" class="email">zhoujianxiong2@gmail.com</a></li>
+<li>Oksana <a href="mailto:142890647+oks-maytech@users.noreply.github.com" class="email">142890647+oks-maytech@users.noreply.github.com</a></li>
+<li>Volodymyr Kit <a href="mailto:v.kit@maytech.net" class="email">v.kit@maytech.net</a></li>
+<li>David Pedersen <a href="mailto:limero@me.com" class="email">limero@me.com</a></li>
+<li>Drew Stinnett <a href="mailto:drew@drewlink.com" class="email">drew@drewlink.com</a></li>
+<li>Pat Patterson <a href="mailto:pat@backblaze.com" class="email">pat@backblaze.com</a></li>
+<li>Herby Gillot <a href="mailto:herby.gillot@gmail.com" class="email">herby.gillot@gmail.com</a></li>
+<li>Nikita Shoshin <a href="mailto:shoshin_nikita@fastmail.com" class="email">shoshin_nikita@fastmail.com</a></li>
+<li>rinsuki <a href="mailto:428rinsuki+git@gmail.com" class="email">428rinsuki+git@gmail.com</a></li>
+<li>Beyond Meat <a href="mailto:51850644+beyondmeat@users.noreply.github.com" class="email">51850644+beyondmeat@users.noreply.github.com</a></li>
+<li>Saleh Dindar <a href="mailto:salh@fb.com" class="email">salh@fb.com</a></li>
+<li>Volodymyr <a href="mailto:142890760+vkit-maytech@users.noreply.github.com" class="email">142890760+vkit-maytech@users.noreply.github.com</a></li>
+<li>Gabriel Espinoza <a href="mailto:31670639+gspinoza@users.noreply.github.com" class="email">31670639+gspinoza@users.noreply.github.com</a></li>
+<li>Keigo Imai <a href="mailto:keigo.imai@gmail.com" class="email">keigo.imai@gmail.com</a></li>
+<li>Ivan Yanitra <a href="mailto:iyanitra@tesla-consulting.com" class="email">iyanitra@tesla-consulting.com</a></li>
+<li>alfish2000 <a href="mailto:alfish2000@gmail.com" class="email">alfish2000@gmail.com</a></li>
+<li>wuxingzhong <a href="mailto:qq330332812@gmail.com" class="email">qq330332812@gmail.com</a></li>
+<li>Adithya Kumar <a href="mailto:akumar42@protonmail.com" class="email">akumar42@protonmail.com</a></li>
+<li>Tayo-pasedaRJ <a href="mailto:138471223+Tayo-pasedaRJ@users.noreply.github.com" class="email">138471223+Tayo-pasedaRJ@users.noreply.github.com</a></li>
+<li>Peter Kreuser <a href="mailto:logo@kreuser.name" class="email">logo@kreuser.name</a></li>
+<li>Piyush <piyushgarg80></li>
+<li>fotile96 <a href="mailto:fotile96@users.noreply.github.com" class="email">fotile96@users.noreply.github.com</a></li>
+<li>Luc Ritchie <a href="mailto:luc.ritchie@gmail.com" class="email">luc.ritchie@gmail.com</a></li>
+<li>cynful <a href="mailto:cynful@users.noreply.github.com" class="email">cynful@users.noreply.github.com</a></li>
+<li>wjielai <a href="mailto:wjielai@tencent.com" class="email">wjielai@tencent.com</a></li>
+<li>Jack Deng <a href="mailto:jackdeng@gmail.com" class="email">jackdeng@gmail.com</a></li>
+<li>Mikubill <a href="mailto:31246794+Mikubill@users.noreply.github.com" class="email">31246794+Mikubill@users.noreply.github.com</a></li>
+<li>Artur Neumann <a href="mailto:artur@jankaritech.com" class="email">artur@jankaritech.com</a></li>
+<li>Saw-jan <a href="mailto:saw.jan.grg3e@gmail.com" class="email">saw.jan.grg3e@gmail.com</a></li>
+<li>Oksana Zhykina <a href="mailto:o.zhykina@maytech.net" class="email">o.zhykina@maytech.net</a></li>
+<li>karan <a href="mailto:karan.gupta92@gmail.com" class="email">karan.gupta92@gmail.com</a></li>
+<li>viktor <a href="mailto:viktor@yakovchuk.net" class="email">viktor@yakovchuk.net</a></li>
+<li>moongdal <a href="mailto:moongdal@tutanota.com" class="email">moongdal@tutanota.com</a></li>
+<li>Mina Galić <a href="mailto:freebsd@igalic.co" class="email">freebsd@igalic.co</a></li>
+<li>Alen Šiljak <a href="mailto:dev@alensiljak.eu.org" class="email">dev@alensiljak.eu.org</a></li>
+<li>你知道未来吗 <a href="mailto:rkonfj@gmail.com" class="email">rkonfj@gmail.com</a></li>
+<li>Abhinav Dhiman <a href="mailto:8640877+ahnv@users.noreply.github.com" class="email">8640877+ahnv@users.noreply.github.com</a></li>
 </ul>
 <h1 id="contact-the-rclone-project">Contact the rclone project</h1>
 <h2 id="forum">Forum</h2>
@@ -37268,6 +44553,12 @@ <h2 id="forum">Forum</h2>
 <ul>
 <li>https://forum.rclone.org</li>
 </ul>
+<h2 id="business-support">Business support</h2>
+<p>For business support or sponsorship enquiries please see:</p>
+<ul>
+<li>https://rclone.com/</li>
+<li>sponsorship@rclone.com</li>
+</ul>
 <h2 id="github-repository">GitHub repository</h2>
 <p>The project's repository is located at:</p>
 <ul>
@@ -37275,11 +44566,15 @@ <h2 id="github-repository">GitHub repository</h2>
 </ul>
 <p>There you can file bug reports or contribute with pull requests.</p>
 <h2 id="twitter">Twitter</h2>
-<p>You can also follow me on twitter for rclone announcements:</p>
+<p>You can also follow Nick on twitter for rclone announcements:</p>
 <ul>
 <li><span class="citation" data-cites="njcw">[@njcw]</span>(https://twitter.com/njcw)</li>
 </ul>
 <h2 id="email">Email</h2>
-<p>Or if all else fails or you want to ask something private or confidential email <a href="mailto:nick@craig-wood.com">Nick Craig-Wood</a>. Please don't email me requests for help - those are better directed to the forum. Thanks!</p>
+<p>Or if all else fails or you want to ask something private or confidential</p>
+<ul>
+<li>info@rclone.com</li>
+</ul>
+<p>Please don't email requests for help to this address - those are better directed to the forum unless you'd like to sign up for business support.</p>
 </body>
 </html>
diff --git a/MANUAL.md b/MANUAL.md
index 430ad23bc54a1..13bee7b753b3e 100644
--- a/MANUAL.md
+++ b/MANUAL.md
@@ -1,6 +1,6 @@
 % rclone(1) User Manual
 % Nick Craig-Wood
-% Mar 14, 2023
+% Nov 26, 2023
 
 # Rclone syncs your files to cloud storage
 
@@ -18,7 +18,7 @@
 
 Rclone is a command-line program to manage files on cloud storage. It
 is a feature-rich alternative to cloud vendors' web storage
-interfaces. [Over 40 cloud storage products](#providers) support
+interfaces. [Over 70 cloud storage products](#providers) support
 rclone including S3 object stores, business & consumer file storage
 services, as well as standard transfer protocols.
 
@@ -118,6 +118,7 @@ WebDAV or S3, that work out of the box.)
 - Dreamhost
 - Dropbox
 - Enterprise File Fabric
+- Fastmail Files
 - FTP
 - Google Cloud Storage
 - Google Drive
@@ -132,26 +133,35 @@ WebDAV or S3, that work out of the box.)
 - IDrive e2
 - IONOS Cloud
 - Koofr
+- Leviia Object Storage
 - Liara Object Storage
+- Linkbox
+- Linode Object Storage
 - Mail.ru Cloud
 - Memset Memstore
 - Mega
 - Memory
 - Microsoft Azure Blob Storage
+- Microsoft Azure Files Storage
 - Microsoft OneDrive
 - Minio
 - Nextcloud
 - OVH
+- Blomp Cloud Storage
 - OpenDrive
 - OpenStack Swift
 - Oracle Cloud Storage Swift
 - Oracle Object Storage
 - ownCloud
 - pCloud
+- Petabox
+- PikPak
 - premiumize.me
 - put.io
+- Proton Drive
 - QingStor
 - Qiniu Cloud Object Storage (Kodo)
+- Quatrix by Maytech
 - Rackspace Cloud Files
 - rsync.net
 - Scaleway
@@ -163,6 +173,7 @@ WebDAV or S3, that work out of the box.)
 - SMB / CIFS
 - StackPath
 - Storj
+- Synology
 - SugarSync
 - Tencent Cloud Object Storage (COS)
 - Uptobox
@@ -213,6 +224,9 @@ run `rclone -h`.
 Already installed rclone can be easily updated to the latest version
 using the [rclone selfupdate](https://rclone.org/commands/rclone_selfupdate/) command.
 
+See [the release signing docs](https://rclone.org/release_signing/) for how to verify
+signatures on the release.
+
 ## Script installation
 
 To install rclone on Linux/macOS/BSD systems, run:
@@ -268,6 +282,19 @@ developers so it may be out of date. Its current version is as below.
 
 [![Homebrew package](https://repology.org/badge/version-for-repo/homebrew/rclone.svg)](https://repology.org/project/rclone/versions)
 
+### Installation with MacPorts (#macos-macports)
+
+On macOS, rclone can also be installed via [MacPorts](https://www.macports.org):
+
+    sudo port install rclone
+
+Note that this is a third party installer not controlled by the rclone
+developers so it may be out of date. Its current version is as below.
+
+[![MacPorts port](https://repology.org/badge/version-for-repo/macports/rclone.svg)](https://repology.org/project/rclone/versions)
+
+More information [here](https://ports.macports.org/port/rclone/).
+
 ### Precompiled binary, using curl {#macos-precompiled}
 
 To avoid problems with macOS gatekeeper enforcing the binary to be signed and
@@ -337,9 +364,14 @@ feature then you will need to install the third party utility
 
 [Winget](https://learn.microsoft.com/en-us/windows/package-manager/) comes pre-installed with the latest versions of Windows. If not, update the [App Installer](https://www.microsoft.com/p/app-installer/9nblggh4nns1) package from the Microsoft store.
 
+To install rclone
 ```
 winget install Rclone.Rclone
 ```
+To uninstall rclone
+```
+winget uninstall Rclone.Rclone --force
+```
 
 ### Chocolatey package manager {#windows-chocolatey}
 
@@ -449,10 +481,16 @@ Here are some commands tested on an Ubuntu 18.04.3 host:
 # config on host at ~/.config/rclone/rclone.conf
 # data on host at ~/data
 
+# add a remote interactively
+docker run --rm -it \
+    --volume ~/.config/rclone:/config/rclone \
+    --user $(id -u):$(id -g) \
+    rclone/rclone \
+    config
+
 # make sure the config is ok by listing the remotes
 docker run --rm \
     --volume ~/.config/rclone:/config/rclone \
-    --volume ~/data:/data:shared \
     --user $(id -u):$(id -g) \
     rclone/rclone \
     listremotes
@@ -470,11 +508,33 @@ docker run --rm \
 ls ~/data/mount
 kill %1
 ```
+## Snap installation {#snap}
+
+[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/rclone)
+
+Make sure you have [Snapd installed](https://snapcraft.io/docs/installing-snapd)
+
+```bash
+$ sudo snap install rclone
+```
+Due to the strict confinement of Snap, rclone snap cannot access real /home/$USER/.config/rclone directory, default config path is as below.
+
+- Default config directory:
+    - /home/$USER/snap/rclone/current/.config/rclone
+
+Note: Due to the strict confinement of Snap, `rclone mount` feature is `not` supported.
+
+If mounting is wanted, either install a precompiled binary or enable the relevant option when [installing from source](#source).
+
+Note that this is controlled by [community maintainer](https://github.com/boukendesho/rclone-snap) not the rclone developers so it may be out of date. Its current version is as below.
+
+[![rclone](https://snapcraft.io/rclone/badge.svg)](https://snapcraft.io/rclone)
+
 
 ## Source installation {#source}
 
 Make sure you have git and [Go](https://golang.org/) installed.
-Go version 1.17 or newer is required, latest release is recommended.
+Go version 1.18 or newer is required, the latest release is recommended.
 You can get it from your package manager, or download it from
 [golang.org/dl](https://golang.org/dl/). Then you can run the following:
 
@@ -508,26 +568,59 @@ port of GCC, e.g. by installing it in a [MSYS2](https://www.msys2.org)
 distribution (make sure you install it in the classic mingw64 subsystem, the
 ucrt64 version is not compatible).
 
-Additionally, on Windows, you must install the third party utility
-[WinFsp](https://winfsp.dev/), with the "Developer" feature selected.
+Additionally, to build with mount on Windows, you must install the third party
+utility [WinFsp](https://winfsp.dev/), with the "Developer" feature selected.
 If building with cgo, you must also set environment variable CPATH pointing to
 the fuse include directory within the WinFsp installation
 (normally `C:\Program Files (x86)\WinFsp\inc\fuse`).
 
-You may also add arguments `-ldflags -s` (with or without `-tags cmount`),
-to omit symbol table and debug information, making the executable file smaller,
-and `-trimpath` to remove references to local file system paths. This is how
-the official rclone releases are built.
+You may add arguments `-ldflags -s` to omit symbol table and debug information,
+making the executable file smaller, and `-trimpath` to remove references to
+local file system paths. The official rclone releases are built with both of these.
 
 ```
 go build -trimpath -ldflags -s -tags cmount
 ```
 
+If you want to customize the version string, as reported by
+the `rclone version` command, you can set one of the variables `fs.Version`,
+`fs.VersionTag` (to keep default suffix but customize the number),
+or `fs.VersionSuffix` (to keep default number but customize the suffix).
+This can be done from the build command, by adding to the `-ldflags`
+argument value as shown below.
+
+```
+go build -trimpath -ldflags "-s -X github.com/rclone/rclone/fs.Version=v9.9.9-test" -tags cmount
+```
+
+On Windows, the official executables also have the version information,
+as well as a file icon, embedded as binary resources. To get that with your
+own build you need to run the following command **before** the build command.
+It generates a Windows resource system object file, with extension .syso, e.g.
+`resource_windows_amd64.syso`, that will be automatically picked up by
+future build commands.
+
+```
+go run bin/resource_windows.go
+```
+
+The above command will generate a resource file containing version information
+based on the fs.Version variable in source at the time you run the command,
+which means if the value of this variable changes you need to re-run the
+command for it to be reflected in the version information. Also, if you
+override this version variable in the build command as described above, you
+need to do that also when generating the resource file, or else it will still
+use the value from the source.
+
+```
+go run bin/resource_windows.go -version v9.9.9-test
+```
+
 Instead of executing the `go build` command directly, you can run it via the
-Makefile. It changes the version number suffix from "-DEV" to "-beta" and
-appends commit details. It also copies the resulting rclone executable into
-your GOPATH bin folder (`$(go env GOPATH)/bin`, which corresponds to
-`~/go/bin/rclone` by default).
+Makefile. The default target changes the version suffix from "-DEV" to "-beta"
+followed by additional commit details, embeds version information binary resources
+on Windows, and copies the resulting rclone executable into your GOPATH bin folder
+(`$(go env GOPATH)/bin`, which corresponds to `~/go/bin/rclone` by default).
 
 ```
 make
@@ -540,32 +633,22 @@ make GOTAGS=cmount
 ```
 
 There are other make targets that can be used for more advanced builds,
-such as cross-compiling for all supported os/architectures, embedding
-icon and version info resources into windows executable, and packaging
+such as cross-compiling for all supported os/architectures, and packaging
 results into release artifacts.
 See [Makefile](https://github.com/rclone/rclone/blob/master/Makefile)
 and [cross-compile.go](https://github.com/rclone/rclone/blob/master/bin/cross-compile.go)
 for details.
 
-Another alternative is to download the source, build and install rclone in one
-operation, as a regular Go package. The source will be stored it in the Go
-module cache, and the resulting executable will be in your GOPATH bin folder
-(`$(go env GOPATH)/bin`, which corresponds to `~/go/bin/rclone` by default).
-
-With Go version 1.17 or newer:
+Another alternative method for source installation is to download the source,
+build and install rclone - all in one operation, as a regular Go package.
+The source will be stored it in the Go module cache, and the resulting
+executable will be in your GOPATH bin folder (`$(go env GOPATH)/bin`,
+which corresponds to `~/go/bin/rclone` by default).
 
 ```
 go install github.com/rclone/rclone@latest
 ```
 
-With Go versions older than 1.17 (do **not** use the `-u` flag, it causes Go to
-try to update the dependencies that rclone uses and sometimes these don't work
-with the current version):
-
-```
-go get github.com/rclone/rclone
-```
-
 ## Ansible installation {#ansible}
 
 This can be done with [Stefan Weichinger's ansible
@@ -727,7 +810,7 @@ It requires .NET Framework, but it is preinstalled on newer versions of Windows,
 also provides alternative standalone distributions which includes necessary runtime (.NET 5).
 WinSW is a command-line only utility, where you have to manually create an XML file with
 service configuration. This may be a drawback for some, but it can also be an advantage
-as it is easy to back up and re-use the configuration
+as it is easy to back up and reuse the configuration
 settings, without having go through manual steps in a GUI. One thing to note is that
 by default it does not restart the service on error, one have to explicit enable this
 in the configuration file (via the "onfailure" parameter).
@@ -797,18 +880,23 @@ See the following for detailed instructions for
   * [Internet Archive](https://rclone.org/internetarchive/)
   * [Jottacloud](https://rclone.org/jottacloud/)
   * [Koofr](https://rclone.org/koofr/)
+  * [Linkbox](https://rclone.org/linkbox/)
   * [Mail.ru Cloud](https://rclone.org/mailru/)
   * [Mega](https://rclone.org/mega/)
   * [Memory](https://rclone.org/memory/)
   * [Microsoft Azure Blob Storage](https://rclone.org/azureblob/)
+  * [Microsoft Azure Files Storage](https://rclone.org/azurefiles/)
   * [Microsoft OneDrive](https://rclone.org/onedrive/)
-  * [OpenStack Swift / Rackspace Cloudfiles / Memset Memstore](https://rclone.org/swift/)
+  * [OpenStack Swift / Rackspace Cloudfiles / Blomp Cloud Storage / Memset Memstore](https://rclone.org/swift/)
   * [OpenDrive](https://rclone.org/opendrive/)
   * [Oracle Object Storage](https://rclone.org/oracleobjectstorage/)
   * [Pcloud](https://rclone.org/pcloud/)
+  * [PikPak](https://rclone.org/pikpak/)
   * [premiumize.me](https://rclone.org/premiumizeme/)
   * [put.io](https://rclone.org/putio/)
+  * [Proton Drive](https://rclone.org/protondrive/)
   * [QingStor](https://rclone.org/qingstor/)
+  * [Quatrix by Maytech](https://rclone.org/quatrix/)
   * [Seafile](https://rclone.org/seafile/)
   * [SFTP](https://rclone.org/sftp/)
   * [Sia](https://rclone.org/sia/)
@@ -870,20 +958,23 @@ rclone config [flags]
   -h, --help   help for config
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 * [rclone config create](https://rclone.org/commands/rclone_config_create/)	 - Create a new remote with name, type and options.
 * [rclone config delete](https://rclone.org/commands/rclone_config_delete/)	 - Delete an existing remote.
 * [rclone config disconnect](https://rclone.org/commands/rclone_config_disconnect/)	 - Disconnects user from remote
 * [rclone config dump](https://rclone.org/commands/rclone_config_dump/)	 - Dump the config file as JSON.
+* [rclone config edit](https://rclone.org/commands/rclone_config_edit/)	 - Enter an interactive configuration session.
 * [rclone config file](https://rclone.org/commands/rclone_config_file/)	 - Show path of configuration file in use.
 * [rclone config password](https://rclone.org/commands/rclone_config_password/)	 - Update password in an existing remote.
 * [rclone config paths](https://rclone.org/commands/rclone_config_paths/)	 - Show paths used for configuration, cache, temp etc.
 * [rclone config providers](https://rclone.org/commands/rclone_config_providers/)	 - List in JSON format all the providers and options.
 * [rclone config reconnect](https://rclone.org/commands/rclone_config_reconnect/)	 - Re-authenticates user with remote.
+* [rclone config redacted](https://rclone.org/commands/rclone_config_redacted/)	 - Print redacted (decrypted) config file, or the redacted config for a single remote.
 * [rclone config show](https://rclone.org/commands/rclone_config_show/)	 - Print (decrypted) config file, or the config for a single remote.
 * [rclone config touch](https://rclone.org/commands/rclone_config_touch/)	 - Ensure configuration file exists.
 * [rclone config update](https://rclone.org/commands/rclone_config_update/)	 - Update options in an existing remote.
@@ -964,9 +1055,96 @@ rclone copy source:path dest:path [flags]
   -h, --help                    help for copy
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1024,9 +1202,114 @@ rclone sync source:path dest:path [flags]
   -h, --help                    help for sync
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Sync Options
+
+Flags just used for `rclone sync`.
+
+```
+      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1080,9 +1363,96 @@ rclone move source:path dest:path [flags]
   -h, --help                    help for move
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1132,9 +1502,58 @@ rclone delete remote:path [flags]
       --rmdirs   rmdirs removes empty directories but leaves root intact
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1165,9 +1584,20 @@ rclone purge remote:path [flags]
   -h, --help   help for purge
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1185,9 +1615,20 @@ rclone mkdir remote:path [flags]
   -h, --help   help for mkdir
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1216,9 +1657,20 @@ rclone rmdir remote:path [flags]
   -h, --help   help for rmdir
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1235,7 +1687,7 @@ match.  It doesn't alter the source or destination.
 
 For the [crypt](https://rclone.org/crypt/) remote there is a dedicated command,
 [cryptcheck](https://rclone.org/commands/rclone_cryptcheck/), that are able to check
-the checksums of the crypted files.
+the checksums of the encrypted files.
 
 If you supply the `--size-only` flag, it will only compare the sizes not
 the hashes as well.  Use this for a quick check.
@@ -1269,6 +1721,9 @@ you what happened to it. These are reminiscent of diff files.
 - `* path` means path was present in source and destination but different.
 - `! path` means there was an error reading or hashing the source or dest.
 
+The default number of parallel checks is 8. See the [--checkers=N](https://rclone.org/docs/#checkers-n)
+option for more information.
+
 
 ```
 rclone check source:path dest:path [flags]
@@ -1289,9 +1744,56 @@ rclone check source:path dest:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 ```
 
+
+## Check Options
+
+Flags used for `rclone check`.
+
+```
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1347,9 +1849,48 @@ rclone ls remote:path [flags]
   -h, --help   help for ls
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1416,9 +1957,48 @@ rclone lsd remote:path [flags]
   -R, --recursive   Recurse into the listing
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1474,9 +2054,48 @@ rclone lsl remote:path [flags]
   -h, --help   help for lsl
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1519,9 +2138,48 @@ rclone md5sum remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1567,9 +2225,48 @@ rclone sha1sum remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1593,7 +2290,7 @@ recursion.
 
 Some backends do not always provide file sizes, see for example
 [Google Photos](https://rclone.org/googlephotos/#size) and
-[Google Drive](https://rclone.org/drive/#limitations-of-google-docs).
+[Google Docs](https://rclone.org/drive/#limitations-of-google-docs).
 Rclone will then show a notice in the log indicating how many such
 files were encountered, and count them in as empty files in the output
 of the size command.
@@ -1610,9 +2307,48 @@ rclone size remote:path [flags]
       --json   Format output as JSON
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1672,9 +2408,10 @@ rclone version [flags]
   -h, --help    help for version
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1699,9 +2436,20 @@ rclone cleanup remote:path [flags]
   -h, --help   help for cleanup
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1831,9 +2579,20 @@ rclone dedupe [mode] remote:path [flags]
   -h, --help                 help for dedupe
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1903,9 +2662,10 @@ rclone about remote: [flags]
       --json   Format output as JSON
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1937,9 +2697,10 @@ rclone authorize [flags]
       --template string        The path to a custom Go template for generating HTML responses
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -1989,9 +2750,20 @@ rclone backend <command> remote:path [opts] <args> [flags]
   -o, --option stringArray   Option in the form name=value or name
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -2021,22 +2793,103 @@ rclone bisync remote1:path1 remote2:path2 [flags]
 ## Options
 
 ```
-      --check-access            Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
-      --check-filename string   Filename for --check-access (default: RCLONE_TEST)
-      --check-sync string       Controls comparison of final listings: true|false|only (default: true) (default "true")
-      --filters-file string     Read filtering patterns from a file
-      --force                   Bypass --max-delete safety check and run the sync. Consider using with --verbose
-  -h, --help                    help for bisync
-      --localtime               Use local time in listings (default: UTC)
-      --no-cleanup              Retain working files (useful for troubleshooting and testing).
-      --remove-empty-dirs       Remove empty directories at the final cleanup step.
-  -1, --resync                  Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
-      --workdir string          Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+      --check-access              Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
+      --check-filename string     Filename for --check-access (default: RCLONE_TEST)
+      --check-sync string         Controls comparison of final listings: true|false|only (default: true) (default "true")
+      --create-empty-src-dirs     Sync creation and deletion of empty directories. (Not compatible with --remove-empty-dirs)
+      --filters-file string       Read filtering patterns from a file
+      --force                     Bypass --max-delete safety check and run the sync. Consider using with --verbose
+  -h, --help                      help for bisync
+      --ignore-listing-checksum   Do not use checksums for listings (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --localtime                 Use local time in listings (default: UTC)
+      --no-cleanup                Retain working files (useful for troubleshooting and testing).
+      --remove-empty-dirs         Remove ALL empty directories at the final cleanup step.
+      --resilient                 Allow future runs to retry after certain less-serious errors, instead of requiring --resync. Use at your own risk!
+  -1, --resync                    Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
+      --workdir string            Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+```
+
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 ```
 
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -2066,6 +2919,18 @@ the end and `--offset` and `--count` to print a section in the middle.
 Note that if offset is negative it will count from the end, so
 `--offset -1 --count 1` is equivalent to `--tail 1`.
 
+Use the `--separator` flag to print a separator value between files. Be sure to
+shell-escape special characters. For example, to print a newline between
+files, use:
+
+* bash:
+
+      rclone --include "*.txt" --separator $'\n' cat remote:path/to/dir
+
+* powershell:
+
+      rclone --include "*.txt" --separator "`n" cat remote:path/to/dir
+
 
 ```
 rclone cat remote:path [flags]
@@ -2074,33 +2939,76 @@ rclone cat remote:path [flags]
 ## Options
 
 ```
-      --count int    Only print N characters (default -1)
-      --discard      Discard the output instead of printing
-      --head int     Only print the first N characters
-  -h, --help         help for cat
-      --offset int   Start printing at offset N (or from end if -ve)
-      --tail int     Only print the last N characters
+      --count int          Only print N characters (default -1)
+      --discard            Discard the output instead of printing
+      --head int           Only print the first N characters
+  -h, --help               help for cat
+      --offset int         Start printing at offset N (or from end if -ve)
+      --separator string   Separator to use between objects when printing multiple files
+      --tail int           Only print the last N characters
+```
+
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
 ```
 
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
 # rclone checksum
 
-Checks the files in the source against a SUM file.
+Checks the files in the destination against a SUM file.
 
 ## Synopsis
 
 
-Checks that hashsums of source files match the SUM file.
+Checks that hashsums of destination files match the SUM file.
 It compares hashes (MD5, SHA1, etc) and logs a report of files which
 don't match.  It doesn't alter the file system.
 
-If you supply the `--download` flag, it will download the data from remote
-and calculate the contents hash on the fly.  This can be useful for remotes
+The sumfile is treated as the source and the dst:path is treated as
+the destination for the purposes of the output.
+
+If you supply the `--download` flag, it will download the data from the remote
+and calculate the content hash on the fly.  This can be useful for remotes
 that don't support hashes or if you really want to check all the data.
 
 Note that hash values in the SUM file are treated as case insensitive.
@@ -2126,9 +3034,12 @@ you what happened to it. These are reminiscent of diff files.
 - `* path` means path was present in source and destination but different.
 - `! path` means there was an error reading or hashing the source or dest.
 
+The default number of parallel checks is 8. See the [--checkers=N](https://rclone.org/docs/#checkers-n)
+option for more information.
+
 
 ```
-rclone checksum <hash> sumfile src:path [flags]
+rclone checksum <hash> sumfile dst:path [flags]
 ```
 
 ## Options
@@ -2145,20 +3056,60 @@ rclone checksum <hash> sumfile src:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
 # rclone completion
 
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 
 ## Synopsis
 
-Generate the autocompletion script for rclone for the specified shell.
-See each sub-command's help for details on how to use the generated script.
+
+Generates a shell completion script for rclone.
+Run with `--help` to list the supported shells.
 
 
 ## Options
@@ -2167,176 +3118,178 @@ See each sub-command's help for details on how to use the generated script.
   -h, --help   help for completion
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
-* [rclone completion bash](https://rclone.org/commands/rclone_completion_bash/)	 - Generate the autocompletion script for bash
-* [rclone completion fish](https://rclone.org/commands/rclone_completion_fish/)	 - Generate the autocompletion script for fish
-* [rclone completion powershell](https://rclone.org/commands/rclone_completion_powershell/)	 - Generate the autocompletion script for powershell
-* [rclone completion zsh](https://rclone.org/commands/rclone_completion_zsh/)	 - Generate the autocompletion script for zsh
+* [rclone completion bash](https://rclone.org/commands/rclone_completion_bash/)	 - Output bash completion script for rclone.
+* [rclone completion fish](https://rclone.org/commands/rclone_completion_fish/)	 - Output fish completion script for rclone.
+* [rclone completion powershell](https://rclone.org/commands/rclone_completion_powershell/)	 - Output powershell completion script for rclone.
+* [rclone completion zsh](https://rclone.org/commands/rclone_completion_zsh/)	 - Output zsh completion script for rclone.
 
 # rclone completion bash
 
-Generate the autocompletion script for bash
+Output bash completion script for rclone.
 
 ## Synopsis
 
-Generate the autocompletion script for the bash shell.
-
-This script depends on the 'bash-completion' package.
-If it is not installed already, you can install it via your OS's package manager.
 
-To load completions in your current shell session:
-
-	source <(rclone completion bash)
+Generates a bash shell autocompletion script for rclone.
 
-To load completions for every new session, execute once:
+This writes to /etc/bash_completion.d/rclone by default so will
+probably need to be run with sudo or as root, e.g.
 
-### Linux:
+    sudo rclone genautocomplete bash
 
-	rclone completion bash > /etc/bash_completion.d/rclone
+Logout and login again to use the autocompletion scripts, or source
+them directly
 
-### macOS:
+    . /etc/bash_completion
 
-	rclone completion bash > $(brew --prefix)/etc/bash_completion.d/rclone
+If you supply a command line argument the script will be written
+there.
 
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
 
 ```
-rclone completion bash
+rclone completion bash [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for bash
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for bash
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Output completion script for a given shell.
 
 # rclone completion fish
 
-Generate the autocompletion script for fish
+Output fish completion script for rclone.
 
 ## Synopsis
 
-Generate the autocompletion script for the fish shell.
 
-To load completions in your current shell session:
+Generates a fish autocompletion script for rclone.
+
+This writes to /etc/fish/completions/rclone.fish by default so will
+probably need to be run with sudo or as root, e.g.
+
+    sudo rclone genautocomplete fish
 
-	rclone completion fish | source
+Logout and login again to use the autocompletion scripts, or source
+them directly
 
-To load completions for every new session, execute once:
+    . /etc/fish/completions/rclone.fish
 
-	rclone completion fish > ~/.config/fish/completions/rclone.fish
+If you supply a command line argument the script will be written
+there.
 
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
 
 ```
-rclone completion fish [flags]
+rclone completion fish [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for fish
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for fish
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Output completion script for a given shell.
 
 # rclone completion powershell
 
-Generate the autocompletion script for powershell
+Output powershell completion script for rclone.
 
 ## Synopsis
 
+
 Generate the autocompletion script for powershell.
 
 To load completions in your current shell session:
 
-	rclone completion powershell | Out-String | Invoke-Expression
+    rclone completion powershell | Out-String | Invoke-Expression
 
 To load completions for every new session, add the output of the above command
 to your powershell profile.
 
+If output_file is "-" or missing, then the output will be written to stdout.
+
 
 ```
-rclone completion powershell [flags]
+rclone completion powershell [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for powershell
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for powershell
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Output completion script for a given shell.
 
 # rclone completion zsh
 
-Generate the autocompletion script for zsh
+Output zsh completion script for rclone.
 
 ## Synopsis
 
-Generate the autocompletion script for the zsh shell.
 
-If shell completion is not already enabled in your environment you will need
-to enable it.  You can execute the following once:
-
-	echo "autoload -U compinit; compinit" >> ~/.zshrc
-
-To load completions in your current shell session:
-
-	source <(rclone completion zsh); compdef _rclone rclone
+Generates a zsh autocompletion script for rclone.
 
-To load completions for every new session, execute once:
+This writes to /usr/share/zsh/vendor-completions/_rclone by default so will
+probably need to be run with sudo or as root, e.g.
 
-### Linux:
+    sudo rclone genautocomplete zsh
 
-	rclone completion zsh > "${fpath[1]}/_rclone"
+Logout and login again to use the autocompletion scripts, or source
+them directly
 
-### macOS:
+    autoload -U compinit && compinit
 
-	rclone completion zsh > $(brew --prefix)/share/zsh/site-functions/_rclone
+If you supply a command line argument the script will be written
+there.
 
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
 
 ```
-rclone completion zsh [flags]
+rclone completion zsh [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for zsh
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for zsh
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](https://rclone.org/commands/rclone_completion/)	 - Output completion script for a given shell.
 
 # rclone config create
 
@@ -2464,9 +3417,10 @@ rclone config create name type [key value]* [flags]
       --state string      State - use with --continue
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2484,9 +3438,10 @@ rclone config delete name [flags]
   -h, --help   help for delete
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2514,9 +3469,10 @@ rclone config disconnect remote: [flags]
   -h, --help   help for disconnect
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2534,9 +3490,10 @@ rclone config dump [flags]
   -h, --help   help for dump
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2544,7 +3501,7 @@ See the [global flags page](https://rclone.org/flags/) for global options not li
 
 Enter an interactive configuration session.
 
-# Synopsis
+## Synopsis
 
 Enter an interactive configuration session where you can setup new
 remotes and manage existing ones. You may also set or remove a
@@ -2555,12 +3512,13 @@ password to protect your configuration.
 rclone config edit [flags]
 ```
 
-# Options
+## Options
 
 ```
   -h, --help   help for edit
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
 # SEE ALSO
@@ -2581,9 +3539,10 @@ rclone config file [flags]
   -h, --help   help for file
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2617,9 +3576,10 @@ rclone config password name [key value]+ [flags]
   -h, --help   help for password
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2637,9 +3597,10 @@ rclone config paths [flags]
   -h, --help   help for paths
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2657,9 +3618,10 @@ rclone config providers [flags]
   -h, --help   help for providers
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2687,9 +3649,45 @@ rclone config reconnect remote: [flags]
   -h, --help   help for reconnect
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
+
+* [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
+
+# rclone config redacted
+
+Print redacted (decrypted) config file, or the redacted config for a single remote.
+
+## Synopsis
+
+This prints a redacted copy of the config file, either the
+whole config file or for a given remote.
+
+The config file will be redacted by replacing all passwords and other
+sensitive info with XXX.
+
+This makes the config file suitable for posting online for support.
+
+It should be double checked before posting as the redaction may not be perfect.
+
+
+
+```
+rclone config redacted [<remote>] [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for redacted
+```
+
+
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2707,9 +3705,10 @@ rclone config show [<remote>] [flags]
   -h, --help   help for show
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2727,9 +3726,10 @@ rclone config touch [flags]
   -h, --help   help for touch
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2859,9 +3859,10 @@ rclone config update name [key value]+ [flags]
       --state string      State - use with --continue
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2887,9 +3888,10 @@ rclone config userinfo remote: [flags]
       --json   Format output as JSON
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](https://rclone.org/commands/rclone_config/)	 - Enter an interactive configuration session.
 
@@ -2939,9 +3941,96 @@ rclone copyto source:path dest:path [flags]
   -h, --help   help for copyto
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -2983,22 +4072,33 @@ rclone copyurl https://example.com dest:path [flags]
       --stdout            Write the output to stdout rather than a file
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
 # rclone cryptcheck
 
-Cryptcheck checks the integrity of a crypted remote.
+Cryptcheck checks the integrity of an encrypted remote.
 
 ## Synopsis
 
 
 rclone cryptcheck checks a remote against a [crypted](https://rclone.org/crypt/) remote.
 This is the equivalent of running rclone [check](https://rclone.org/commands/rclone_check/),
-but able to check the checksums of the crypted remote.
+but able to check the checksums of the encrypted remote.
 
 For it to work the underlying remote of the cryptedremote must support
 some kind of checksum.
@@ -3040,6 +4140,9 @@ you what happened to it. These are reminiscent of diff files.
 - `* path` means path was present in source and destination but different.
 - `! path` means there was an error reading or hashing the source or dest.
 
+The default number of parallel checks is 8. See the [--checkers=N](https://rclone.org/docs/#checkers-n)
+option for more information.
+
 
 ```
 rclone cryptcheck remote:path cryptedremote:path [flags]
@@ -3058,9 +4161,56 @@ rclone cryptcheck remote:path cryptedremote:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 ```
 
+
+## Check Options
+
+Flags used for `rclone check`.
+
+```
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3097,9 +4247,10 @@ rclone cryptdecode encryptedremote: encryptedfilename [flags]
       --reverse   Reverse cryptdecode, encrypts filenames
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3125,9 +4276,20 @@ rclone deletefile remote:path [flags]
   -h, --help   help for deletefile
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3135,14 +4297,14 @@ See the [global flags page](https://rclone.org/flags/) for global options not li
 
 Output completion script for a given shell.
 
-## Synopsis
+# Synopsis
 
 
 Generates a shell completion script for rclone.
 Run with `--help` to list the supported shells.
 
 
-## Options
+# Options
 
 ```
   -h, --help   help for genautocomplete
@@ -3150,7 +4312,7 @@ Run with `--help` to list the supported shells.
 
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 * [rclone genautocomplete bash](https://rclone.org/commands/rclone_genautocomplete_bash/)	 - Output bash completion script for rclone.
@@ -3161,7 +4323,7 @@ See the [global flags page](https://rclone.org/flags/) for global options not li
 
 Output bash completion script for rclone.
 
-## Synopsis
+# Synopsis
 
 
 Generates a bash shell autocompletion script for rclone.
@@ -3186,7 +4348,7 @@ If output_file is "-", then the output will be written to stdout.
 rclone genautocomplete bash [output_file] [flags]
 ```
 
-## Options
+# Options
 
 ```
   -h, --help   help for bash
@@ -3194,7 +4356,7 @@ rclone genautocomplete bash [output_file] [flags]
 
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone genautocomplete](https://rclone.org/commands/rclone_genautocomplete/)	 - Output completion script for a given shell.
 
@@ -3202,7 +4364,7 @@ See the [global flags page](https://rclone.org/flags/) for global options not li
 
 Output fish completion script for rclone.
 
-## Synopsis
+# Synopsis
 
 
 Generates a fish autocompletion script for rclone.
@@ -3227,7 +4389,7 @@ If output_file is "-", then the output will be written to stdout.
 rclone genautocomplete fish [output_file] [flags]
 ```
 
-## Options
+# Options
 
 ```
   -h, --help   help for fish
@@ -3235,7 +4397,7 @@ rclone genautocomplete fish [output_file] [flags]
 
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone genautocomplete](https://rclone.org/commands/rclone_genautocomplete/)	 - Output completion script for a given shell.
 
@@ -3243,7 +4405,7 @@ See the [global flags page](https://rclone.org/flags/) for global options not li
 
 Output zsh completion script for rclone.
 
-## Synopsis
+# Synopsis
 
 
 Generates a zsh autocompletion script for rclone.
@@ -3268,7 +4430,7 @@ If output_file is "-", then the output will be written to stdout.
 rclone genautocomplete zsh [output_file] [flags]
 ```
 
-## Options
+# Options
 
 ```
   -h, --help   help for zsh
@@ -3276,7 +4438,7 @@ rclone genautocomplete zsh [output_file] [flags]
 
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone genautocomplete](https://rclone.org/commands/rclone_genautocomplete/)	 - Output completion script for a given shell.
 
@@ -3301,9 +4463,10 @@ rclone gendocs output_directory [flags]
   -h, --help   help for gendocs
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3340,10 +4503,6 @@ Run without a hash to see the list of all supported hashes, e.g.
       * whirlpool
       * crc32
       * sha256
-      * dropbox
-      * hidrive
-      * mailru
-      * quickxor
 
 Then
 
@@ -3353,7 +4512,7 @@ Note that hash names are case insensitive and values are output in lower case.
 
 
 ```
-rclone hashsum <hash> remote:path [flags]
+rclone hashsum [<hash> remote:path] [flags]
 ```
 
 ## Options
@@ -3366,9 +4525,48 @@ rclone hashsum <hash> remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3413,15 +4611,16 @@ rclone link remote:path [flags]
       --unlink            Remove existing public link to file/folder
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
 # rclone listremotes
 
-List all the remotes in the config file.
+List all the remotes in the config file and defined in environment variables.
 
 ## Synopsis
 
@@ -3442,9 +4641,10 @@ rclone listremotes [flags]
       --long   Show the type as well as names
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3593,9 +4793,48 @@ rclone lsf remote:path [flags]
   -s, --separator string   Separator for the items in the format (default ";")
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3722,9 +4961,48 @@ rclone lsjson remote:path [flags]
       --stat                    Just return the info for the pointed to file
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -3734,7 +5012,6 @@ Mount the remote as file system on a mountpoint.
 
 ## Synopsis
 
-
 rclone mount allows Linux, FreeBSD, macOS and Windows to
 mount any of Rclone's cloud storage systems as a file system with
 FUSE.
@@ -3989,11 +5266,28 @@ does not suffer from the same limitations.
 
 ## Mounting on macOS
 
-Mounting on macOS can be done either via [macFUSE](https://osxfuse.github.io/) 
+Mounting on macOS can be done either via [built-in NFS server](https://rclone.org/commands/rclone_serve_nfs/), [macFUSE](https://osxfuse.github.io/) 
 (also known as osxfuse) or [FUSE-T](https://www.fuse-t.org/). macFUSE is a traditional
 FUSE driver utilizing a macOS kernel extension (kext). FUSE-T is an alternative FUSE system
 which "mounts" via an NFSv4 local server.
 
+# NFS mount
+
+This method spins up an NFS server using [serve nfs](https://rclone.org/commands/rclone_serve_nfs/) command and mounts
+it to the specified mountpoint. If you run this in background mode using |--daemon|, you will need to
+send SIGTERM signal to the rclone process using |kill| command to stop the mount.
+
+### macFUSE Notes
+
+If installing macFUSE using [dmg packages](https://github.com/osxfuse/osxfuse/releases) from
+the website, rclone will locate the macFUSE libraries without any further intervention.
+If however, macFUSE is installed using the [macports](https://www.macports.org/) package manager,
+the following addition steps are required.
+
+    sudo mkdir /usr/local/lib
+    cd /usr/local/lib
+    sudo ln -s /opt/local/lib/libfuse.2.dylib
+
 ### FUSE-T Limitations, Caveats, and Notes
 
 There are some limitations, caveats, and notes about how it works. These are current as 
@@ -4032,6 +5326,8 @@ sequentially, it can only seek when reading.  This means that many
 applications won't work with their files on an rclone mount without
 `--vfs-cache-mode writes` or `--vfs-cache-mode full`.
 See the [VFS File Caching](#vfs-file-caching) section for more info.
+When using NFS mount on macOS, if you don't specify |--vfs-cache-mode|
+the mount point will be read-only.
 
 The bucket-based remotes (e.g. Swift, S3, Google Compute Storage, B2)
 do not support the concept of empty directories, so empty
@@ -4130,20 +5426,19 @@ or create systemd mount units:
 ```
 # /etc/systemd/system/mnt-data.mount
 [Unit]
-After=network-online.target
+Description=Mount for /mnt/data
 [Mount]
 Type=rclone
 What=sftp1:subdir
 Where=/mnt/data
-Options=rw,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
+Options=rw,_netdev,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
 ```
 
 optionally accompanied by systemd automount unit
 ```
 # /etc/systemd/system/mnt-data.automount
 [Unit]
-After=network-online.target
-Before=remote-fs.target
+Description=AutoMount for /mnt/data
 [Automount]
 Where=/mnt/data
 TimeoutIdleSec=600
@@ -4179,7 +5474,6 @@ Mount option syntax includes a few extra options treated specially:
 - `vv...` will be transformed into appropriate `--verbose=N`
 - standard mount options like `x-systemd.automount`, `_netdev`, `nosuid` and alike
   are intended only for Automountd and ignored by rclone.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -4254,12 +5548,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -4276,10 +5571,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -4524,6 +5831,7 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for mount
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don't compare checksums on up/download
       --no-modtime                             Don't read/write the modification time (can speed things up)
@@ -4535,8 +5843,9 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -4546,6 +5855,7 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
@@ -4553,9 +5863,39 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -4608,9 +5948,96 @@ rclone moveto source:path dest:path [flags]
   -h, --help   help for moveto
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -4651,6 +6078,7 @@ press '?' to toggle the help on and off. The supported keys are:
      y copy current path to clipboard
      Y display current path
      ^L refresh screen (fix screen corruption)
+     r recalculate file sizes
      ? to toggle help on and off
      q/ESC/^c to quit
 
@@ -4691,9 +6119,48 @@ rclone ncdu remote:path [flags]
   -h, --help   help for ncdu
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -4737,9 +6204,10 @@ rclone obscure password [flags]
   -h, --help   help for obscure
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -4818,9 +6286,10 @@ rclone rc commands parameter [flags]
       --user string       Username to use to rclone remote control
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -4856,10 +6325,11 @@ and actually stream it, even if remote backend doesn't support streaming.
 size of the stream is different in length to the `--size` passed in
 then the transfer will likely fail.
 
-Note that the upload can also not be retried because the data is
-not kept around until the upload succeeds. If you need to transfer
-a lot of data, you're better off caching locally and then
-`rclone move` it to the destination.
+Note that the upload cannot be retried because the data is not stored.
+If the backend supports multipart uploading then individual chunks can
+be retried. If you need to transfer a lot of data, you may be better
+off caching it locally and then `rclone move` it to the
+destination which can use retries.
 
 ```
 rclone rcat remote:path [flags]
@@ -4872,9 +6342,20 @@ rclone rcat remote:path [flags]
       --size int   File size hint to preallocate (default -1)
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -4897,54 +6378,54 @@ See the [rc documentation](https://rclone.org/rc/) for more info on the rc flags
 
 ## Server options
 
-Use `--addr` to specify which IP address and port the server should
-listen on, eg `--addr 1.2.3.4:8000` or `--addr :8080` to listen to all
+Use `--rc-addr` to specify which IP address and port the server should
+listen on, eg `--rc-addr 1.2.3.4:8000` or `--rc-addr :8080` to listen to all
 IPs.  By default it only listens on localhost.  You can use port
 :0 to let the OS choose an available port.
 
-If you set `--addr` to listen on a public or LAN accessible IP address
+If you set `--rc-addr` to listen on a public or LAN accessible IP address
 then using Authentication is advised - see the next section for info.
 
 You can use a unix socket by setting the url to `unix:///path/to/socket`
 or just by using an absolute path name. Note that unix sockets bypass the
 authentication - this is expected to be done with file system permissions.
 
-`--addr` may be repeated to listen on multiple IPs/ports/sockets.
+`--rc-addr` may be repeated to listen on multiple IPs/ports/sockets.
 
-`--server-read-timeout` and `--server-write-timeout` can be used to
+`--rc-server-read-timeout` and `--rc-server-write-timeout` can be used to
 control the timeouts on the server.  Note that this is the total time
 for a transfer.
 
-`--max-header-bytes` controls the maximum number of bytes the server will
+`--rc-max-header-bytes` controls the maximum number of bytes the server will
 accept in the HTTP header.
 
-`--baseurl` controls the URL prefix that rclone serves from.  By default
-rclone will serve from the root.  If you used `--baseurl "/rclone"` then
+`--rc-baseurl` controls the URL prefix that rclone serves from.  By default
+rclone will serve from the root.  If you used `--rc-baseurl "/rclone"` then
 rclone would serve from a URL starting with "/rclone/".  This is
 useful if you wish to proxy rclone serve.  Rclone automatically
-inserts leading and trailing "/" on `--baseurl`, so `--baseurl "rclone"`,
-`--baseurl "/rclone"` and `--baseurl "/rclone/"` are all treated
+inserts leading and trailing "/" on `--rc-baseurl`, so `--rc-baseurl "rclone"`,
+`--rc-baseurl "/rclone"` and `--rc-baseurl "/rclone/"` are all treated
 identically.
 
 ### TLS (SSL)
 
 By default this will serve over http.  If you want you can serve over
-https.  You will need to supply the `--cert` and `--key` flags.
+https.  You will need to supply the `--rc-cert` and `--rc-key` flags.
 If you wish to do client side certificate validation then you will need to
-supply `--client-ca` also.
+supply `--rc-client-ca` also.
 
-`--cert` should be a either a PEM encoded certificate or a concatenation
-of that with the CA certificate.  `--key` should be the PEM encoded
-private key and `--client-ca` should be the PEM encoded client
+`--rc-cert` should be a either a PEM encoded certificate or a concatenation
+of that with the CA certificate.  `--krc-ey` should be the PEM encoded
+private key and `--rc-client-ca` should be the PEM encoded client
 certificate authority certificate.
 
---min-tls-version is minimum TLS version that is acceptable. Valid
+--rc-min-tls-version is minimum TLS version that is acceptable. Valid
   values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
   "tls1.0").
 
 ### Template
 
-`--template` allows a user to specify a custom markup template for HTTP
+`--rc-template` allows a user to specify a custom markup template for HTTP
 and WebDAV serve functions.  The server exports the following markup
 to be used within the template to server pages:
 
@@ -4967,14 +6448,29 @@ to be used within the template to server pages:
 |-- .Size     | Size in Bytes of the entry. |
 |-- .ModTime  | The UTC timestamp of an entry. |
 
+The server also makes the following functions available so that they can be used within the
+template. These functions help extend the options for dynamic rendering of HTML. They can
+be used to render HTML based on specific conditions.
+
+| Function   | Description |
+| :---------- | :---------- |
+| afterEpoch  | Returns the time since the epoch for the given time. |
+| contains    | Checks whether a given substring is present or not in a given string. |
+| hasPrefix   | Checks whether the given string begins with the specified prefix. |
+| hasSuffix   | Checks whether the given string end with the specified suffix. |
+
 ### Authentication
 
 By default this will serve files without needing a login.
 
 You can either use an htpasswd file which can take lots of users, or
-set a single username and password with the `--user` and `--pass` flags.
+set a single username and password with the `--rc-user` and `--rc-pass` flags.
 
-Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
+
+Use `--rc-htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
 
@@ -4986,9 +6482,9 @@ To create an htpasswd file:
 
 The password file can be updated while rclone is running.
 
-Use `--realm` to set the authentication realm.
+Use `--rc-realm` to set the authentication realm.
 
-Use `--salt` to change the password hashing salt from the default.
+Use `--rc-salt` to change the password hashing salt from the default.
 
 
 ```
@@ -5001,9 +6497,45 @@ rclone rcd <path to files to serve>* [flags]
   -h, --help   help for rcd
 ```
 
+
+## RC Options
+
+Flags to control the Remote Control API.
+
+```
+      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
+      --rc-no-auth                         Don't require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default "dlPL2MqE")
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don't open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -5027,7 +6559,10 @@ empty directories in. For example the [delete](https://rclone.org/commands/rclon
 command will delete files but leave the directory structure (unless
 used with option `--rmdirs`).
 
-To delete a path and any objects in it, use [purge](https://rclone.org/commands/rclone_purge/)
+This will delete `--checkers` directories concurrently so
+if you have thousands of empty directories consider increasing this number.
+
+To delete a path and any objects in it, use the [purge](https://rclone.org/commands/rclone_purge/)
 command.
 
 
@@ -5042,9 +6577,20 @@ rclone rmdirs remote:path [flags]
       --leave-root   Do not remove root directory if empty
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -5054,10 +6600,10 @@ Update the rclone binary.
 
 ## Synopsis
 
-
-This command downloads the latest release of rclone and replaces
-the currently running binary. The download is verified with a hashsum
-and cryptographically signed signature.
+This command downloads the latest release of rclone and replaces the
+currently running binary. The download is verified with a hashsum and
+cryptographically signed signature; see [the release signing
+docs](https://rclone.org/release_signing/) for details.
 
 If used without flags (or with implied `--stable` flag), this command
 will install the latest stable release. However, some issues may be fixed
@@ -5090,7 +6636,7 @@ your OS) to update these too. This command with the default `--package zip`
 will update only the rclone executable so the local manual may become
 inaccurate after it.
 
-The `rclone mount` command (https://rclone.org/commands/rclone_mount/) may
+The [rclone mount](https://rclone.org/commands/rclone_mount/) command may
 or may not support extended FUSE options depending on the build and OS.
 `selfupdate` will refuse to update if the capability would be discarded.
 
@@ -5119,9 +6665,10 @@ rclone selfupdate [flags]
       --version string   Install the given rclone version (default: latest)
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
@@ -5149,16 +6696,19 @@ rclone serve <protocol> [opts] <remote> [flags]
   -h, --help   help for serve
 ```
 
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 * [rclone serve dlna](https://rclone.org/commands/rclone_serve_dlna/)	 - Serve remote:path over DLNA
 * [rclone serve docker](https://rclone.org/commands/rclone_serve_docker/)	 - Serve any remote on docker's volume plugin API.
 * [rclone serve ftp](https://rclone.org/commands/rclone_serve_ftp/)	 - Serve remote:path over FTP.
 * [rclone serve http](https://rclone.org/commands/rclone_serve_http/)	 - Serve the remote over HTTP.
+* [rclone serve nfs](https://rclone.org/commands/rclone_serve_nfs/)	 - Serve the remote as an NFS mount
 * [rclone serve restic](https://rclone.org/commands/rclone_serve_restic/)	 - Serve the remote for restic's REST API.
+* [rclone serve s3](https://rclone.org/commands/rclone_serve_s3/)	 - Serve remote:path over s3.
 * [rclone serve sftp](https://rclone.org/commands/rclone_serve_sftp/)	 - Serve the remote over SFTP.
 * [rclone serve webdav](https://rclone.org/commands/rclone_serve_webdav/)	 - Serve remote:path over WebDAV.
 
@@ -5191,7 +6741,6 @@ default "rclone (hostname)".
 
 Use `--log-trace` in conjunction with `-vv` to enable additional debug
 logging of all UPNP traffic.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -5266,12 +6815,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -5288,10 +6838,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -5535,8 +7097,9 @@ rclone serve dlna remote:path [flags]
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -5546,14 +7109,45 @@ rclone serve dlna remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
@@ -5563,7 +7157,6 @@ Serve any remote on docker's volume plugin API.
 
 ## Synopsis
 
-
 This command implements the Docker volume plugin API allowing docker to use
 rclone as a data storage mechanism for various cloud providers.
 rclone provides [docker volume plugin](/docker) based on it.
@@ -5602,7 +7195,6 @@ directory with book-keeping records of created and mounted volumes.
 All mount and VFS options are submitted by the docker daemon via API, but
 you can also provide defaults on the command line as well as set path to the
 config file and cache directory or adjust logging verbosity.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -5677,12 +7269,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -5699,10 +7292,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -5949,6 +7554,7 @@ rclone serve docker [flags]
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for docker
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don't compare checksums on up/download
       --no-modtime                             Don't read/write the modification time (can speed things up)
@@ -5963,8 +7569,9 @@ rclone serve docker [flags]
       --socket-gid int                         GID for unix socket (default: current process GID) (default 1000)
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -5974,6 +7581,7 @@ rclone serve docker [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
@@ -5981,9 +7589,39 @@ rclone serve docker [flags]
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
@@ -6013,7 +7651,6 @@ then using Authentication is advised - see the next section for info.
 By default this will serve files without needing a login.
 
 You can set a single username and password with the --user and --pass flags.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -6088,12 +7725,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -6110,10 +7748,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -6441,8 +8091,9 @@ rclone serve ftp remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication (default "anonymous")
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -6452,14 +8103,45 @@ rclone serve ftp remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
@@ -6553,6 +8235,17 @@ to be used within the template to server pages:
 |-- .Size     | Size in Bytes of the entry. |
 |-- .ModTime  | The UTC timestamp of an entry. |
 
+The server also makes the following functions available so that they can be used within the
+template. These functions help extend the options for dynamic rendering of HTML. They can
+be used to render HTML based on specific conditions.
+
+| Function   | Description |
+| :---------- | :---------- |
+| afterEpoch  | Returns the time since the epoch for the given time. |
+| contains    | Checks whether a given substring is present or not in a given string. |
+| hasPrefix   | Checks whether the given string begins with the specified prefix. |
+| hasSuffix   | Checks whether the given string end with the specified suffix. |
+
 ### Authentication
 
 By default this will serve files without needing a login.
@@ -6560,6 +8253,10 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or
 set a single username and password with the `--user` and `--pass` flags.
 
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
+
 Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
@@ -6575,7 +8272,6 @@ The password file can be updated while rclone is running.
 Use `--realm` to set the authentication realm.
 
 Use `--salt` to change the password hashing salt from the default.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -6650,12 +8346,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -6672,10 +8369,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -6984,6 +8693,7 @@ rclone serve http remote:path [flags]
 
 ```
       --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
       --auth-proxy string                      A program to use to create the backend from the auth
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -7011,8 +8721,9 @@ rclone serve http remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -7022,268 +8733,82 @@ rclone serve http remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
-
-## SEE ALSO
-
-* [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
-
-# rclone serve restic
-
-Serve the remote for restic's REST API.
-
-## Synopsis
-
-Run a basic web server to serve a remote over restic's REST backend
-API over HTTP.  This allows restic to use rclone as a data storage
-mechanism for cloud providers that restic does not support directly.
-
-[Restic](https://restic.net/) is a command-line program for doing
-backups.
-
-The server will log errors.  Use -v to see access logs.
-
-`--bwlimit` will be respected for file transfers.
-Use `--stats` to control the stats printing.
-
-## Setting up rclone for use by restic ###
-
-First [set up a remote for your chosen cloud provider](https://rclone.org/docs/#configure).
-
-Once you have set up the remote, check it is working with, for example
-"rclone lsd remote:".  You may have called the remote something other
-than "remote:" - just substitute whatever you called it in the
-following instructions.
-
-Now start the rclone restic server
-
-    rclone serve restic -v remote:backup
-
-Where you can replace "backup" in the above by whatever path in the
-remote you wish to use.
-
-By default this will serve on "localhost:8080" you can change this
-with use of the `--addr` flag.
-
-You might wish to start this server on boot.
-
-Adding `--cache-objects=false` will cause rclone to stop caching objects
-returned from the List call. Caching is normally desirable as it speeds
-up downloading objects, saves transactions and uses very little memory.
-
-## Setting up restic to use rclone ###
-
-Now you can [follow the restic
-instructions](http://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server)
-on setting up restic.
-
-Note that you will need restic 0.8.2 or later to interoperate with
-rclone.
-
-For the example above you will want to use "http://localhost:8080/" as
-the URL for the REST server.
-
-For example:
 
-    $ export RESTIC_REPOSITORY=rest:http://localhost:8080/
-    $ export RESTIC_PASSWORD=yourpassword
-    $ restic init
-    created restic backend 8b1a4b56ae at rest:http://localhost:8080/
-
-    Please note that knowledge of your password is required to access
-    the repository. Losing your password means that your data is
-    irrecoverably lost.
-    $ restic backup /path/to/files/to/backup
-    scan [/path/to/files/to/backup]
-    scanned 189 directories, 312 files in 0:00
-    [0:00] 100.00%  38.128 MiB / 38.128 MiB  501 / 501 items  0 errors  ETA 0:00
-    duration: 0:00
-    snapshot 45c8fdd8 saved
-
-### Multiple repositories ####
-
-Note that you can use the endpoint to host multiple repositories.  Do
-this by adding a directory name or path after the URL.  Note that
-these **must** end with /.  Eg
-
-    $ export RESTIC_REPOSITORY=rest:http://localhost:8080/user1repo/
-    # backup user1 stuff
-    $ export RESTIC_REPOSITORY=rest:http://localhost:8080/user2repo/
-    # backup user2 stuff
-
-### Private repositories ####
-
-The`--private-repos` flag can be used to limit users to repositories starting
-with a path of `/<username>/`.
-
-## Server options
-
-Use `--addr` to specify which IP address and port the server should
-listen on, eg `--addr 1.2.3.4:8000` or `--addr :8080` to listen to all
-IPs.  By default it only listens on localhost.  You can use port
-:0 to let the OS choose an available port.
-
-If you set `--addr` to listen on a public or LAN accessible IP address
-then using Authentication is advised - see the next section for info.
-
-You can use a unix socket by setting the url to `unix:///path/to/socket`
-or just by using an absolute path name. Note that unix sockets bypass the
-authentication - this is expected to be done with file system permissions.
-
-`--addr` may be repeated to listen on multiple IPs/ports/sockets.
-
-`--server-read-timeout` and `--server-write-timeout` can be used to
-control the timeouts on the server.  Note that this is the total time
-for a transfer.
-
-`--max-header-bytes` controls the maximum number of bytes the server will
-accept in the HTTP header.
-
-`--baseurl` controls the URL prefix that rclone serves from.  By default
-rclone will serve from the root.  If you used `--baseurl "/rclone"` then
-rclone would serve from a URL starting with "/rclone/".  This is
-useful if you wish to proxy rclone serve.  Rclone automatically
-inserts leading and trailing "/" on `--baseurl`, so `--baseurl "rclone"`,
-`--baseurl "/rclone"` and `--baseurl "/rclone/"` are all treated
-identically.
-
-### TLS (SSL)
-
-By default this will serve over http.  If you want you can serve over
-https.  You will need to supply the `--cert` and `--key` flags.
-If you wish to do client side certificate validation then you will need to
-supply `--client-ca` also.
-
-`--cert` should be a either a PEM encoded certificate or a concatenation
-of that with the CA certificate.  `--key` should be the PEM encoded
-private key and `--client-ca` should be the PEM encoded client
-certificate authority certificate.
-
---min-tls-version is minimum TLS version that is acceptable. Valid
-  values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
-  "tls1.0").
-
-### Authentication
-
-By default this will serve files without needing a login.
-
-You can either use an htpasswd file which can take lots of users, or
-set a single username and password with the `--user` and `--pass` flags.
-
-Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
-in standard apache format and supports MD5, SHA1 and BCrypt for basic
-authentication.  Bcrypt is recommended.
-
-To create an htpasswd file:
-
-    touch htpasswd
-    htpasswd -B htpasswd user
-    htpasswd -B htpasswd anotherUser
-
-The password file can be updated while rclone is running.
-
-Use `--realm` to set the authentication realm.
-
-Use `--salt` to change the password hashing salt from the default.
+## Filter Options
 
+Flags for filtering directory listings.
 
 ```
-rclone serve restic remote:path [flags]
-```
-
-## Options
-
-```
-      --addr stringArray                IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
-      --append-only                     Disallow deletion of repository data
-      --baseurl string                  Prefix for URLs - leave blank for root
-      --cache-objects                   Cache listed objects (default true)
-      --cert string                     TLS PEM key (concatenation of certificate and CA certificate)
-      --client-ca string                Client certificate authority to verify clients with
-  -h, --help                            help for restic
-      --htpasswd string                 A htpasswd file - if not provided no authentication is done
-      --key string                      TLS PEM Private key
-      --max-header-bytes int            Maximum size of request header (default 4096)
-      --min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
-      --pass string                     Password for authentication
-      --private-repos                   Users can only access their private repo
-      --realm string                    Realm for authentication
-      --salt string                     Password hashing salt (default "dlPL2MqE")
-      --server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
-      --server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
-      --stdio                           Run an HTTP2 server on stdin/stdout
-      --user string                     User name for authentication
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 ```
 
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
-# rclone serve sftp
+# rclone serve nfs
 
-Serve the remote over SFTP.
+Serve the remote as an NFS mount
 
 ## Synopsis
 
-Run an SFTP server to serve a remote over SFTP. This can be used
-with an SFTP client or you can make a remote of type [sftp](/sftp) to use with it.
+Create an NFS server that serves the given remote over the network.
+	
+The primary purpose for this command is to enable [mount command](https://rclone.org/commands/rclone_mount/) on recent macOS versions where
+installing FUSE is very cumbersome. 
 
-You can use the [filter](/filtering) flags (e.g. `--include`, `--exclude`)
-to control what is served.
+Since this is running on NFSv3, no authentication method is available. Any client
+will be able to access the data. To limit access, you can use serve NFS on loopback address
+and rely on secure tunnels (such as SSH). For this reason, by default, a random TCP port is chosen and loopback interface is used for the listening address;
+meaning that it is only available to the local machine. If you want other machines to access the
+NFS mount over local network, you need to specify the listening address and port using `--addr` flag.
 
-The server will respond to a small number of shell commands, mainly
-md5sum, sha1sum and df, which enable it to provide support for checksums
-and the about feature when accessed from an sftp remote.
+Modifying files through NFS protocol requires VFS caching. Usually you will need to specify `--vfs-cache-mode`
+in order to be able to write to the mountpoint (full is recommended). If you don't specify VFS cache mode,
+the mount will be read-only.
 
-Note that this server uses standard 32 KiB packet payload size, which
-means you must not configure the client to expect anything else, e.g.
-with the [chunk_size](https://rclone.org/sftp/#sftp-chunk-size) option on an sftp remote.
+To serve NFS over the network use following command:
 
-The server will log errors.  Use `-v` to see access logs.
+    rclone serve nfs remote: --addr 0.0.0.0:$PORT --vfs-cache-mode=full
 
-`--bwlimit` will be respected for file transfers.
-Use `--stats` to control the stats printing.
+We specify a specific port that we can use in the mount command:
 
-You must provide some means of authentication, either with
-`--user`/`--pass`, an authorized keys file (specify location with
-`--authorized-keys` - the default is the same as ssh), an
-`--auth-proxy`, or set the `--no-auth` flag for no
-authentication when logging in.
-
-If you don't supply a host `--key` then rclone will generate rsa, ecdsa
-and ed25519 variants, and cache them for later use in rclone's cache
-directory (see `rclone help flags cache-dir`) in the "serve-sftp"
-directory.
-
-By default the server binds to localhost:2022 - if you want it to be
-reachable externally then supply `--addr :2022` for example.
-
-Note that the default of `--vfs-cache-mode off` is fine for the rclone
-sftp backend, but it may not be with other SFTP clients.
-
-If `--stdio` is specified, rclone will serve SFTP over stdio, which can
-be used with sshd via ~/.ssh/authorized_keys, for example:
-
-    restrict,command="rclone serve sftp --stdio ./photos" ssh-rsa ...
-
-On the client you need to set `--transfers 1` when using `--stdio`.
-Otherwise multiple instances of the rclone server are started by OpenSSH
-which can lead to "corrupted on transfer" errors. This is the case because
-the client chooses indiscriminately which server to send commands to while
-the servers all have different views of the state of the filing system.
+To mount the server under Linux/macOS, use the following command:
+    
+    mount -oport=$PORT,mountport=$PORT $HOSTNAME: path/to/mountpoint
 
-The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from beeing
-used. Omitting "restrict" and using  `--sftp-path-override` to enable
-checksumming is possible but less secure and you could use the SFTP server
-provided by OpenSSH in this case.
+Where `$PORT` is the same port number we used in the serve nfs command.
 
+This feature is only available on Unix platforms.
 
 ## VFS - Virtual File System
 
@@ -7359,12 +8884,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -7381,10 +8907,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -7603,117 +9141,30 @@ _WARNING._ Contrary to `rclone size`, this flag ignores filters so that the
 result is accurate. However, this is very inefficient and may cost lots of API
 calls resulting in extra charges. Use it as a last resort and only with caching.
 
-## Auth Proxy
-
-If you supply the parameter `--auth-proxy /path/to/program` then
-rclone will use that program to generate backends on the fly which
-then are used to authenticate incoming requests.  This uses a simple
-JSON based protocol with input on STDIN and output on STDOUT.
-
-**PLEASE NOTE:** `--auth-proxy` and `--authorized-keys` cannot be used
-together, if `--auth-proxy` is set the authorized keys option will be
-ignored.
-
-There is an example program
-[bin/test_proxy.py](https://github.com/rclone/rclone/blob/master/test_proxy.py)
-in the rclone source code.
-
-The program's job is to take a `user` and `pass` on the input and turn
-those into the config for a backend on STDOUT in JSON format.  This
-config will have any default parameters for the backend added, but it
-won't use configuration from environment variables or command line
-options - it is the job of the proxy program to make a complete
-config.
-
-This config generated must have this extra parameter
-- `_root` - root to use for the backend
-
-And it may have this parameter
-- `_obscure` - comma separated strings for parameters to obscure
-
-If password authentication was used by the client, input to the proxy
-process (on STDIN) would look similar to this:
-
-```
-{
-	"user": "me",
-	"pass": "mypassword"
-}
-```
-
-If public-key authentication was used by the client, input to the
-proxy process (on STDIN) would look similar to this:
-
-```
-{
-	"user": "me",
-	"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf"
-}
-```
-
-And as an example return this on STDOUT
-
-```
-{
-	"type": "sftp",
-	"_root": "",
-	"_obscure": "pass",
-	"user": "me",
-	"pass": "mypassword",
-	"host": "sftp.example.com"
-}
-```
-
-This would mean that an SFTP backend would be created on the fly for
-the `user` and `pass`/`public_key` returned in the output to the host given.  Note
-that since `_obscure` is set to `pass`, rclone will obscure the `pass`
-parameter before creating the backend (which is required for sftp
-backends).
-
-The program can manipulate the supplied `user` in any way, for example
-to make proxy to many different sftp backends, you could make the
-`user` be `user@example.com` and then set the `host` to `example.com`
-in the output and the user to `user`. For security you'd probably want
-to restrict the `host` to a limited list.
-
-Note that an internal cache is keyed on `user` so only use that for
-configuration, don't use `pass` or `public_key`.  This also means that if a user's
-password or public-key is changed the cache will need to expire (which takes 5 mins)
-before it takes effect.
-
-This can be used to build general purpose proxies to any kind of
-backend that rclone supports.  
-
 
 ```
-rclone serve sftp remote:path [flags]
+rclone serve nfs remote:path [flags]
 ```
 
 ## Options
 
 ```
-      --addr string                            IPaddress:Port or :Port to bind server to (default "localhost:2022")
-      --auth-proxy string                      A program to use to create the backend from the auth
-      --authorized-keys string                 Authorized keys file (default "~/.ssh/authorized_keys")
+      --addr string                            IPaddress:Port or :Port to bind server to
       --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
       --dir-perms FileMode                     Directory permissions (default 0777)
       --file-perms FileMode                    File permissions (default 0666)
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
-  -h, --help                                   help for sftp
-      --key stringArray                        SSH private host key file (Can be multi-valued, leave blank to auto generate)
-      --no-auth                                Allow connections with no authentication if set
+  -h, --help                                   help for nfs
       --no-checksum                            Don't compare checksums on up/download
       --no-modtime                             Don't read/write the modification time (can speed things up)
       --no-seek                                Don't allow seeking in files
-      --pass string                            Password for authentication
       --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
       --read-only                              Only allow read-only access
-      --stdio                                  Run an sftp server on stdin/stdout
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -7723,63 +9174,135 @@ rclone serve sftp remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
-# rclone serve webdav
+# rclone serve restic
 
-Serve remote:path over WebDAV.
+Serve the remote for restic's REST API.
 
 ## Synopsis
 
-Run a basic WebDAV server to serve a remote over HTTP via the
-WebDAV protocol. This can be viewed with a WebDAV client, through a web
-browser, or you can make a remote of type WebDAV to read and write it.
+Run a basic web server to serve a remote over restic's REST backend
+API over HTTP.  This allows restic to use rclone as a data storage
+mechanism for cloud providers that restic does not support directly.
 
-## WebDAV options
+[Restic](https://restic.net/) is a command-line program for doing
+backups.
 
-### --etag-hash 
+The server will log errors.  Use -v to see access logs.
 
-This controls the ETag header.  Without this flag the ETag will be
-based on the ModTime and Size of the object.
+`--bwlimit` will be respected for file transfers.
+Use `--stats` to control the stats printing.
 
-If this flag is set to "auto" then rclone will choose the first
-supported hash on the backend or you can use a named hash such as
-"MD5" or "SHA-1". Use the [hashsum](https://rclone.org/commands/rclone_hashsum/) command
-to see the full list.
+## Setting up rclone for use by restic ###
 
-## Access WebDAV on Windows
-WebDAV shared folder can be mapped as a drive on Windows, however the default settings prevent it.
-Windows will fail to connect to the server using insecure Basic authentication.
-It will not even display any login dialog. Windows requires SSL / HTTPS connection to be used with Basic.
-If you try to connect via Add Network Location Wizard you will get the following error:
-"The folder you entered does not appear to be valid. Please choose another".
-However, you still can connect if you set the following registry key on a client machine:
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\BasicAuthLevel to 2.
-The BasicAuthLevel can be set to the following values:
-    0 - Basic authentication disabled
-    1 - Basic authentication enabled for SSL connections only
-    2 - Basic authentication enabled for SSL connections and for non-SSL connections
-If required, increase the FileSizeLimitInBytes to a higher value.
-Navigate to the Services interface, then restart the WebClient service.
+First [set up a remote for your chosen cloud provider](https://rclone.org/docs/#configure).
 
-## Access Office applications on WebDAV
-Navigate to following registry HKEY_CURRENT_USER\Software\Microsoft\Office\[14.0/15.0/16.0]\Common\Internet
-Create a new DWORD BasicAuthLevel with value 2.
-    0 - Basic authentication disabled
-    1 - Basic authentication enabled for SSL connections only
-    2 - Basic authentication enabled for SSL and for non-SSL connections
+Once you have set up the remote, check it is working with, for example
+"rclone lsd remote:".  You may have called the remote something other
+than "remote:" - just substitute whatever you called it in the
+following instructions.
 
-https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint
+Now start the rclone restic server
+
+    rclone serve restic -v remote:backup
+
+Where you can replace "backup" in the above by whatever path in the
+remote you wish to use.
+
+By default this will serve on "localhost:8080" you can change this
+with use of the `--addr` flag.
+
+You might wish to start this server on boot.
+
+Adding `--cache-objects=false` will cause rclone to stop caching objects
+returned from the List call. Caching is normally desirable as it speeds
+up downloading objects, saves transactions and uses very little memory.
+
+## Setting up restic to use rclone ###
+
+Now you can [follow the restic
+instructions](http://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server)
+on setting up restic.
+
+Note that you will need restic 0.8.2 or later to interoperate with
+rclone.
+
+For the example above you will want to use "http://localhost:8080/" as
+the URL for the REST server.
+
+For example:
+
+    $ export RESTIC_REPOSITORY=rest:http://localhost:8080/
+    $ export RESTIC_PASSWORD=yourpassword
+    $ restic init
+    created restic backend 8b1a4b56ae at rest:http://localhost:8080/
+
+    Please note that knowledge of your password is required to access
+    the repository. Losing your password means that your data is
+    irrecoverably lost.
+    $ restic backup /path/to/files/to/backup
+    scan [/path/to/files/to/backup]
+    scanned 189 directories, 312 files in 0:00
+    [0:00] 100.00%  38.128 MiB / 38.128 MiB  501 / 501 items  0 errors  ETA 0:00
+    duration: 0:00
+    snapshot 45c8fdd8 saved
+
+### Multiple repositories ####
+
+Note that you can use the endpoint to host multiple repositories.  Do
+this by adding a directory name or path after the URL.  Note that
+these **must** end with /.  Eg
+
+    $ export RESTIC_REPOSITORY=rest:http://localhost:8080/user1repo/
+    # backup user1 stuff
+    $ export RESTIC_REPOSITORY=rest:http://localhost:8080/user2repo/
+    # backup user2 stuff
 
+### Private repositories ####
+
+The`--private-repos` flag can be used to limit users to repositories starting
+with a path of `/<username>/`.
 
 ## Server options
 
@@ -7828,31 +9351,6 @@ certificate authority certificate.
   values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
   "tls1.0").
 
-### Template
-
-`--template` allows a user to specify a custom markup template for HTTP
-and WebDAV serve functions.  The server exports the following markup
-to be used within the template to server pages:
-
-| Parameter   | Description |
-| :---------- | :---------- |
-| .Name       | The full path of a file/directory. |
-| .Title      | Directory listing of .Name |
-| .Sort       | The current sort used.  This is changeable via ?sort= parameter |
-|             | Sort Options: namedirfirst,name,size,time (default namedirfirst) |
-| .Order      | The current ordering used.  This is changeable via ?order= parameter |
-|             | Order Options: asc,desc (default asc) |
-| .Query      | Currently unused. |
-| .Breadcrumb | Allows for creating a relative navigation |
-|-- .Link     | The relative to the root link of the Text. |
-|-- .Text     | The Name of the directory. |
-| .Entries    | Information about a specific file/directory. |
-|-- .URL      | The 'url' of an entry.  |
-|-- .Leaf     | Currently same as 'URL' but intended to be 'just' the name. |
-|-- .IsDir    | Boolean for if an entry is a directory or not. |
-|-- .Size     | Size in Bytes of the entry. |
-|-- .ModTime  | The UTC timestamp of an entry. |
-
 ### Authentication
 
 By default this will serve files without needing a login.
@@ -7860,6 +9358,10 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or
 set a single username and password with the `--user` and `--pass` flags.
 
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
+
 Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
@@ -7876,6 +9378,211 @@ Use `--realm` to set the authentication realm.
 
 Use `--salt` to change the password hashing salt from the default.
 
+
+```
+rclone serve restic remote:path [flags]
+```
+
+## Options
+
+```
+      --addr stringArray                IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --append-only                     Disallow deletion of repository data
+      --baseurl string                  Prefix for URLs - leave blank for root
+      --cache-objects                   Cache listed objects (default true)
+      --cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --client-ca string                Client certificate authority to verify clients with
+  -h, --help                            help for restic
+      --htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --key string                      TLS PEM Private key
+      --max-header-bytes int            Maximum size of request header (default 4096)
+      --min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
+      --pass string                     Password for authentication
+      --private-repos                   Users can only access their private repo
+      --realm string                    Realm for authentication
+      --salt string                     Password hashing salt (default "dlPL2MqE")
+      --server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --stdio                           Run an HTTP2 server on stdin/stdout
+      --user string                     User name for authentication
+```
+
+
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+
+# SEE ALSO
+
+* [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
+
+# rclone serve s3
+
+Serve remote:path over s3.
+
+## Synopsis
+
+`serve s3` implements a basic s3 server that serves a remote via s3.
+This can be viewed with an s3 client, or you can make an [s3 type
+remote](https://rclone.org/s3/) to read and write to it with rclone.
+
+`serve s3` is considered **Experimental** so use with care.
+
+S3 server supports Signature Version 4 authentication. Just use
+`--auth-key accessKey,secretKey` and set the `Authorization`
+header correctly in the request. (See the [AWS
+docs](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)).
+
+`--auth-key` can be repeated for multiple auth pairs. If
+`--auth-key` is not provided then `serve s3` will allow anonymous
+access.
+
+Please note that some clients may require HTTPS endpoints. See [the
+SSL docs](#ssl-tls) for more information.
+
+This command uses the [VFS directory cache](#vfs-virtual-file-system).
+All the functionality will work with `--vfs-cache-mode off`. Using
+`--vfs-cache-mode full` (or `writes`) can be used to cache objects
+locally to improve performance.
+
+Use `--force-path-style=false` if you want to use the bucket name as a
+part of the hostname (such as mybucket.local)
+
+Use `--etag-hash` if you want to change the hash uses for the `ETag`.
+Note that using anything other than `MD5` (the default) is likely to
+cause problems for S3 clients which rely on the Etag being the MD5.
+
+## Quickstart
+
+For a simple set up, to serve `remote:path` over s3, run the server
+like this:
+
+```
+rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+```
+
+This will be compatible with an rclone remote which is defined like this:
+
+```
+[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false
+```
+
+Note that setting `disable_multipart_uploads = true` is to work around
+[a bug](#bugs) which will be fixed in due course.
+
+## Bugs
+
+When uploading multipart files `serve s3` holds all the parts in
+memory (see [#7453](https://github.com/rclone/rclone/issues/7453)).
+This is a limitaton of the library rclone uses for serving S3 and will
+hopefully be fixed at some point.
+
+Multipart server side copies do not work (see
+[#7454](https://github.com/rclone/rclone/issues/7454)). These take a
+very long time and eventually fail. The default threshold for
+multipart server side copies is 5G which is the maximum it can be, so
+files above this side will fail to be server side copied.
+
+For a current list of `serve s3` bugs see the [serve
+s3](https://github.com/rclone/rclone/labels/serve%20s3) bug category
+on GitHub.
+
+## Limitations
+
+`serve s3` will treat all directories in the root as buckets and
+ignore all files in the root. You can use `CreateBucket` to create
+folders under the root, but you can't create empty folders under other
+folders not in the root.
+
+When using `PutObject` or `DeleteObject`, rclone will automatically
+create or clean up empty folders. If you don't want to clean up empty
+folders automatically, use `--no-cleanup`.
+
+When using `ListObjects`, rclone will use `/` when the delimiter is
+empty. This reduces backend requests with no effect on most
+operations, but if the delimiter is something other than `/` and
+empty, rclone will do a full recursive search of the backend, which
+can take some time.
+
+Versioning is not currently supported.
+
+Metadata will only be saved in memory other than the rclone `mtime`
+metadata which will be set as the modification time of the file.
+
+## Supported operations
+
+`serve s3` currently supports the following operations.
+
+- Bucket
+    - `ListBuckets`
+    - `CreateBucket`
+    - `DeleteBucket`
+- Object
+    - `HeadObject`
+    - `ListObjects`
+    - `GetObject`
+    - `PutObject`
+    - `DeleteObject`
+    - `DeleteObjects`
+    - `CreateMultipartUpload`
+    - `CompleteMultipartUpload`
+    - `AbortMultipartUpload`
+    - `CopyObject`
+    - `UploadPart`
+
+Other operations will return error `Unimplemented`.
+
+## Server options
+
+Use `--addr` to specify which IP address and port the server should
+listen on, eg `--addr 1.2.3.4:8000` or `--addr :8080` to listen to all
+IPs.  By default it only listens on localhost.  You can use port
+:0 to let the OS choose an available port.
+
+If you set `--addr` to listen on a public or LAN accessible IP address
+then using Authentication is advised - see the next section for info.
+
+You can use a unix socket by setting the url to `unix:///path/to/socket`
+or just by using an absolute path name. Note that unix sockets bypass the
+authentication - this is expected to be done with file system permissions.
+
+`--addr` may be repeated to listen on multiple IPs/ports/sockets.
+
+`--server-read-timeout` and `--server-write-timeout` can be used to
+control the timeouts on the server.  Note that this is the total time
+for a transfer.
+
+`--max-header-bytes` controls the maximum number of bytes the server will
+accept in the HTTP header.
+
+`--baseurl` controls the URL prefix that rclone serves from.  By default
+rclone will serve from the root.  If you used `--baseurl "/rclone"` then
+rclone would serve from a URL starting with "/rclone/".  This is
+useful if you wish to proxy rclone serve.  Rclone automatically
+inserts leading and trailing "/" on `--baseurl`, so `--baseurl "rclone"`,
+`--baseurl "/rclone"` and `--baseurl "/rclone/"` are all treated
+identically.
+
+### TLS (SSL)
+
+By default this will serve over http.  If you want you can serve over
+https.  You will need to supply the `--cert` and `--key` flags.
+If you wish to do client side certificate validation then you will need to
+supply `--client-ca` also.
+
+`--cert` should be a either a PEM encoded certificate or a concatenation
+of that with the CA certificate.  `--key` should be the PEM encoded
+private key and `--client-ca` should be the PEM encoded client
+certificate authority certificate.
+
+--min-tls-version is minimum TLS version that is acceptable. Valid
+  values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
+  "tls1.0").
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -7950,12 +9657,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -7972,10 +9680,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -8194,127 +9914,43 @@ _WARNING._ Contrary to `rclone size`, this flag ignores filters so that the
 result is accurate. However, this is very inefficient and may cost lots of API
 calls resulting in extra charges. Use it as a last resort and only with caching.
 
-## Auth Proxy
-
-If you supply the parameter `--auth-proxy /path/to/program` then
-rclone will use that program to generate backends on the fly which
-then are used to authenticate incoming requests.  This uses a simple
-JSON based protocol with input on STDIN and output on STDOUT.
-
-**PLEASE NOTE:** `--auth-proxy` and `--authorized-keys` cannot be used
-together, if `--auth-proxy` is set the authorized keys option will be
-ignored.
-
-There is an example program
-[bin/test_proxy.py](https://github.com/rclone/rclone/blob/master/test_proxy.py)
-in the rclone source code.
-
-The program's job is to take a `user` and `pass` on the input and turn
-those into the config for a backend on STDOUT in JSON format.  This
-config will have any default parameters for the backend added, but it
-won't use configuration from environment variables or command line
-options - it is the job of the proxy program to make a complete
-config.
-
-This config generated must have this extra parameter
-- `_root` - root to use for the backend
-
-And it may have this parameter
-- `_obscure` - comma separated strings for parameters to obscure
-
-If password authentication was used by the client, input to the proxy
-process (on STDIN) would look similar to this:
-
-```
-{
-	"user": "me",
-	"pass": "mypassword"
-}
-```
-
-If public-key authentication was used by the client, input to the
-proxy process (on STDIN) would look similar to this:
-
-```
-{
-	"user": "me",
-	"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf"
-}
-```
-
-And as an example return this on STDOUT
-
-```
-{
-	"type": "sftp",
-	"_root": "",
-	"_obscure": "pass",
-	"user": "me",
-	"pass": "mypassword",
-	"host": "sftp.example.com"
-}
-```
-
-This would mean that an SFTP backend would be created on the fly for
-the `user` and `pass`/`public_key` returned in the output to the host given.  Note
-that since `_obscure` is set to `pass`, rclone will obscure the `pass`
-parameter before creating the backend (which is required for sftp
-backends).
-
-The program can manipulate the supplied `user` in any way, for example
-to make proxy to many different sftp backends, you could make the
-`user` be `user@example.com` and then set the `host` to `example.com`
-in the output and the user to `user`. For security you'd probably want
-to restrict the `host` to a limited list.
-
-Note that an internal cache is keyed on `user` so only use that for
-configuration, don't use `pass` or `public_key`.  This also means that if a user's
-password or public-key is changed the cache will need to expire (which takes 5 mins)
-before it takes effect.
-
-This can be used to build general purpose proxies to any kind of
-backend that rclone supports.  
-
 
 ```
-rclone serve webdav remote:path [flags]
+rclone serve s3 remote:path [flags]
 ```
 
 ## Options
 
 ```
       --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
-      --auth-proxy string                      A program to use to create the backend from the auth
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
+      --auth-key stringArray                   Set key pair for v4 authorization: access_key_id,secret_access_key
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
       --client-ca string                       Client certificate authority to verify clients with
       --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
       --dir-perms FileMode                     Directory permissions (default 0777)
-      --disable-dir-list                       Disable HTML directory list on GET request for a directory
-      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off
+      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off (default "MD5")
       --file-perms FileMode                    File permissions (default 0666)
+      --force-path-style                       If true use path style access if false use virtual hosted style (default true) (default true)
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
-  -h, --help                                   help for webdav
-      --htpasswd string                        A htpasswd file - if not provided no authentication is done
+  -h, --help                                   help for s3
       --key string                             TLS PEM Private key
       --max-header-bytes int                   Maximum size of request header (default 4096)
       --min-tls-version string                 Minimum TLS version that is acceptable (default "tls1.0")
       --no-checksum                            Don't compare checksums on up/download
+      --no-cleanup                             Not to cleanup empty folder after object is deleted
       --no-modtime                             Don't read/write the modification time (can speed things up)
       --no-seek                                Don't allow seeking in files
-      --pass string                            Password for authentication
       --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
       --read-only                              Only allow read-only access
-      --realm string                           Realm for authentication
-      --salt string                            Password hashing salt (default "dlPL2MqE")
       --server-read-timeout Duration           Timeout for server reading data (default 1h0m0s)
       --server-write-timeout Duration          Timeout for server writing data (default 1h0m0s)
-      --template string                        User-specified template
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -8324,12236 +9960,11739 @@ rclone serve webdav remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
-
-## SEE ALSO
 
-* [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
+## Filter Options
 
-# rclone settier
+Flags for filtering directory listings.
 
-Changes storage class/tier of objects in remote.
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
 
-## Synopsis
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
+# SEE ALSO
 
-rclone settier changes storage tier or class at remote if supported.
-Few cloud storage services provides different storage classes on objects,
-for example AWS S3 and Glacier, Azure Blob storage - Hot, Cool and Archive,
-Google Cloud Storage, Regional Storage, Nearline, Coldline etc.
+* [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
-Note that, certain tier changes make objects not available to access immediately.
-For example tiering to archive in azure blob storage makes objects in frozen state,
-user can restore by setting tier to Hot/Cool, similarly S3 to Glacier makes object
-inaccessible.true
+# rclone serve sftp
 
-You can use it to tier single object
+Serve the remote over SFTP.
 
-    rclone settier Cool remote:path/file
+## Synopsis
 
-Or use rclone filters to set tier on only specific files
+Run an SFTP server to serve a remote over SFTP. This can be used
+with an SFTP client or you can make a remote of type [sftp](/sftp) to use with it.
 
-	rclone --include "*.txt" settier Hot remote:path/dir
+You can use the [filter](/filtering) flags (e.g. `--include`, `--exclude`)
+to control what is served.
 
-Or just provide remote directory and all files in directory will be tiered
+The server will respond to a small number of shell commands, mainly
+md5sum, sha1sum and df, which enable it to provide support for checksums
+and the about feature when accessed from an sftp remote.
 
-    rclone settier tier remote:path/dir
+Note that this server uses standard 32 KiB packet payload size, which
+means you must not configure the client to expect anything else, e.g.
+with the [chunk_size](https://rclone.org/sftp/#sftp-chunk-size) option on an sftp remote.
 
+The server will log errors.  Use `-v` to see access logs.
 
-```
-rclone settier tier remote:path [flags]
-```
+`--bwlimit` will be respected for file transfers.
+Use `--stats` to control the stats printing.
 
-## Options
+You must provide some means of authentication, either with
+`--user`/`--pass`, an authorized keys file (specify location with
+`--authorized-keys` - the default is the same as ssh), an
+`--auth-proxy`, or set the `--no-auth` flag for no
+authentication when logging in.
 
-```
-  -h, --help   help for settier
-```
+If you don't supply a host `--key` then rclone will generate rsa, ecdsa
+and ed25519 variants, and cache them for later use in rclone's cache
+directory (see `rclone help flags cache-dir`) in the "serve-sftp"
+directory.
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+By default the server binds to localhost:2022 - if you want it to be
+reachable externally then supply `--addr :2022` for example.
 
-## SEE ALSO
+Note that the default of `--vfs-cache-mode off` is fine for the rclone
+sftp backend, but it may not be with other SFTP clients.
 
-* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
+If `--stdio` is specified, rclone will serve SFTP over stdio, which can
+be used with sshd via ~/.ssh/authorized_keys, for example:
 
-# rclone test
+    restrict,command="rclone serve sftp --stdio ./photos" ssh-rsa ...
 
-Run a test command
-
-## Synopsis
+On the client you need to set `--transfers 1` when using `--stdio`.
+Otherwise multiple instances of the rclone server are started by OpenSSH
+which can lead to "corrupted on transfer" errors. This is the case because
+the client chooses indiscriminately which server to send commands to while
+the servers all have different views of the state of the filing system.
 
-Rclone test is used to run test commands.
+The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from being
+used. Omitting "restrict" and using  `--sftp-path-override` to enable
+checksumming is possible but less secure and you could use the SFTP server
+provided by OpenSSH in this case.
 
-Select which test comand you want with the subcommand, eg
+## VFS - Virtual File System
 
-    rclone test memory remote:
+This command uses the VFS layer. This adapts the cloud storage objects
+that rclone uses into something which looks much more like a disk
+filing system.
 
-Each subcommand has its own options which you can see in their help.
+Cloud storage objects have lots of properties which aren't like disk
+files - you can't extend them or write to the middle of them, so the
+VFS layer has to deal with that. Because there is no one right way of
+doing this there are various options explained below.
 
-**NB** Be careful running these commands, they may do strange things
-so reading their documentation first is recommended.
+The VFS layer also implements a directory cache - this caches info
+about files and directories (but not the data) in memory.
 
+## VFS Directory Cache
 
-## Options
+Using the `--dir-cache-time` flag, you can control how long a
+directory should be considered up to date and not refreshed from the
+backend. Changes made through the VFS will appear immediately or
+invalidate the cache.
 
-```
-  -h, --help   help for test
-```
+    --dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+    --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+However, changes made directly on the cloud storage by the web
+interface or a different copy of rclone will only be picked up once
+the directory cache expires if the backend configured does not support
+polling for changes. If the backend supports polling, changes will be
+picked up within the polling interval.
 
-## SEE ALSO
+You can send a `SIGHUP` signal to rclone for it to flush all
+directory caches, regardless of how old they are.  Assuming only one
+rclone instance is running, you can reset the cache like this:
 
-* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
-* [rclone test changenotify](https://rclone.org/commands/rclone_test_changenotify/)	 - Log any change notify requests for the remote passed in.
-* [rclone test histogram](https://rclone.org/commands/rclone_test_histogram/)	 - Makes a histogram of file name characters.
-* [rclone test info](https://rclone.org/commands/rclone_test_info/)	 - Discovers file name or other limitations for paths.
-* [rclone test makefile](https://rclone.org/commands/rclone_test_makefile/)	 - Make files with random contents of the size given
-* [rclone test makefiles](https://rclone.org/commands/rclone_test_makefiles/)	 - Make a random file hierarchy in a directory
-* [rclone test memory](https://rclone.org/commands/rclone_test_memory/)	 - Load all the objects at remote:path into memory and report memory stats.
+    kill -SIGHUP $(pidof rclone)
 
-# rclone test changenotify
+If you configure rclone with a [remote control](/rc) then you can use
+rclone rc to flush the whole directory cache:
 
-Log any change notify requests for the remote passed in.
+    rclone rc vfs/forget
 
-```
-rclone test changenotify remote: [flags]
-```
+Or individual files or directories:
 
-## Options
+    rclone rc vfs/forget file=path/to/file dir=path/to/dir
 
-```
-  -h, --help                     help for changenotify
-      --poll-interval Duration   Time to wait between polling for changes (default 10s)
-```
+## VFS File Buffering
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+The `--buffer-size` flag determines the amount of memory,
+that will be used to buffer data in advance.
 
-## SEE ALSO
+Each open file will try to keep the specified amount of data in memory
+at all times. The buffered data is bound to one open file and won't be
+shared.
 
-* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
+This flag is a upper limit for the used memory per open file.  The
+buffer will only use memory for data that is downloaded but not not
+yet read. If the buffer is empty, only a small amount of memory will
+be used.
 
-# rclone test histogram
+The maximum memory used by rclone for buffering can be up to
+`--buffer-size * open files`.
 
-Makes a histogram of file name characters.
+## VFS File Caching
 
-## Synopsis
+These flags control the VFS file caching options. File caching is
+necessary to make the VFS layer appear compatible with a normal file
+system. It can be disabled at the cost of some compatibility.
 
-This command outputs JSON which shows the histogram of characters used
-in filenames in the remote:path specified.
+For example you'll need to enable VFS caching if you want to read and
+write simultaneously to a file.  See below for more details.
 
-The data doesn't contain any identifying information but is useful for
-the rclone developers when developing filename compression.
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
 
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
-```
-rclone test histogram [remote:path] [flags]
-```
+If run with `-vv` rclone will print the location of the file cache.  The
+files are stored in the user cache file area which is OS dependent but
+can be controlled with `--cache-dir` or setting the appropriate
+environment variable.
 
-## Options
+The cache has 4 different modes selected by `--vfs-cache-mode`.
+The higher the cache mode the more compatible rclone becomes at the
+cost of using disk space.
 
-```
-  -h, --help   help for histogram
-```
+Note that files are written back to the remote only when they are
+closed and if they haven't been accessed for `--vfs-write-back`
+seconds. If rclone is quit or dies with files that haven't been
+uploaded, these will be uploaded next time rclone is run with the same
+flags.
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
-## SEE ALSO
+You **should not** run two copies of rclone using the same VFS cache
+with the same or overlapping remotes if using `--vfs-cache-mode > off`.
+This can potentially cause data corruption if you do. You can work
+around this by giving each rclone its own cache hierarchy with
+`--cache-dir`. You don't need to worry about this if the remotes in
+use don't overlap.
 
-* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
+### --vfs-cache-mode off
 
-# rclone test info
+In this mode (the default) the cache will read directly from the remote and write
+directly to the remote without caching anything on disk.
 
-Discovers file name or other limitations for paths.
+This will mean some operations are not possible
 
-## Synopsis
+  * Files can't be opened for both read AND write
+  * Files opened for write can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files open for read with O_TRUNC will be opened write only
+  * Files open for write only will behave as if O_TRUNC was supplied
+  * Open modes O_APPEND, O_TRUNC are ignored
+  * If an upload fails it can't be retried
 
-rclone info discovers what filenames and upload methods are possible
-to write to the paths passed in and how long they can be.  It can take some
-time.  It will write test files into the remote:path passed in.  It outputs
-a bit of go code for each one.
+### --vfs-cache-mode minimal
 
-**NB** this can create undeletable files and other hazards - use with care
+This is very similar to "off" except that files opened for read AND
+write will be buffered to disk.  This means that files opened for
+write will be a lot more compatible, but uses the minimal disk space.
 
+These operations are not possible
 
-```
-rclone test info [remote:path]+ [flags]
-```
+  * Files opened for write only can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files opened for write only will ignore O_APPEND, O_TRUNC
+  * If an upload fails it can't be retried
 
-## Options
+### --vfs-cache-mode writes
 
-```
-      --all                    Run all tests
-      --check-control          Check control characters
-      --check-length           Check max filename length
-      --check-normalization    Check UTF-8 Normalization
-      --check-streaming        Check uploads with indeterminate file size
-  -h, --help                   help for info
-      --upload-wait Duration   Wait after writing a file (default 0s)
-      --write-json string      Write results to file
-```
+In this mode files opened for read only are still read directly from
+the remote, write only and read/write files are buffered to disk
+first.
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+This mode should support all normal file system operations.
 
-## SEE ALSO
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
 
-* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
+### --vfs-cache-mode full
 
-# rclone test makefile
+In this mode all reads and writes are buffered to and from disk. When
+data is read from the remote this is buffered to disk as well.
 
-Make files with random contents of the size given
+In this mode the files in the cache will be sparse files and rclone
+will keep track of which bits of the files it has downloaded.
 
-```
-rclone test makefile <size> [<file>]+ [flags]
-```
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file. These files will appear to be
+their full size in the cache, but they will be sparse files with only
+the data that has been downloaded present in them.
 
-## Options
+This mode should support all normal file system operations and is
+otherwise identical to `--vfs-cache-mode` writes.
 
-```
-      --ascii      Fill files with random ASCII printable bytes only
-      --chargen    Fill files with a ASCII chargen pattern
-  -h, --help       help for makefile
-      --pattern    Fill files with a periodic pattern
-      --seed int   Seed for the random number generator (0 for random) (default 1)
-      --sparse     Make the files sparse (appear to be filled with ASCII 0x00)
-      --zero       Fill files with ASCII 0x00
-```
+When reading a file rclone will read `--buffer-size` plus
+`--vfs-read-ahead` bytes ahead.  The `--buffer-size` is buffered in memory
+whereas the `--vfs-read-ahead` is buffered on disk.
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+When using this mode it is recommended that `--buffer-size` is not set
+too large and `--vfs-read-ahead` is set large if required.
 
-## SEE ALSO
+**IMPORTANT** not all file systems support sparse files. In particular
+FAT/exFAT do not. Rclone will perform very badly if the cache
+directory is on a filesystem which doesn't support sparse files and it
+will log an ERROR message if one is detected.
 
-* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
+### Fingerprinting
 
-# rclone test makefiles
+Various parts of the VFS use fingerprinting to see if a local file
+copy has changed relative to a remote file. Fingerprints are made
+from:
 
-Make a random file hierarchy in a directory
+- size
+- modification time
+- hash
 
-```
-rclone test makefiles <dir> [flags]
-```
+where available on an object.
 
-## Options
+On some backends some of these attributes are slow to read (they take
+an extra API call per object, or extra work per object).
 
-```
-      --ascii                      Fill files with random ASCII printable bytes only
-      --chargen                    Fill files with a ASCII chargen pattern
-      --files int                  Number of files to create (default 1000)
-      --files-per-directory int    Average number of files per directory (default 10)
-  -h, --help                       help for makefiles
-      --max-depth int              Maximum depth of directory hierarchy (default 10)
-      --max-file-size SizeSuffix   Maximum size of files to create (default 100)
-      --max-name-length int        Maximum size of file names (default 12)
-      --min-file-size SizeSuffix   Minimum size of file to create
-      --min-name-length int        Minimum size of file names (default 4)
-      --pattern                    Fill files with a periodic pattern
-      --seed int                   Seed for the random number generator (0 for random) (default 1)
-      --sparse                     Make the files sparse (appear to be filled with ASCII 0x00)
-      --zero                       Fill files with ASCII 0x00
-```
+For example `hash` is slow with the `local` and `sftp` backends as
+they have to read the entire file and hash it, and `modtime` is slow
+with the `s3`, `swift`, `ftp` and `qinqstor` backends because they
+need to do an extra API call to fetch it.
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+If you use the `--vfs-fast-fingerprint` flag then rclone will not
+include the slow operations in the fingerprint. This makes the
+fingerprinting less accurate but much faster and will improve the
+opening time of cached files.
 
-## SEE ALSO
+If you are running a vfs cache over `local`, `s3` or `swift` backends
+then using this flag is recommended.
 
-* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
+Note that if you change the value of this flag, the fingerprints of
+the files in the cache may be invalidated and the files will need to
+be downloaded again.
 
-# rclone test memory
+## VFS Chunked Reading
 
-Load all the objects at remote:path into memory and report memory stats.
+When rclone reads files from a remote it reads them in chunks. This
+means that rather than requesting the whole file rclone reads the
+chunk specified.  This can reduce the used download quota for some
+remotes by requesting only chunks from the remote that are actually
+read, at the cost of an increased number of requests.
 
-```
-rclone test memory remote:path [flags]
-```
+These flags control the chunking:
 
-## Options
+    --vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+    --vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
 
-```
-  -h, --help   help for memory
-```
+Rclone will start reading a chunk of size `--vfs-read-chunk-size`,
+and then double the size for each read. When `--vfs-read-chunk-size-limit` is
+specified, and greater than `--vfs-read-chunk-size`, the chunk size for each
+open file will get doubled only until the specified value is reached. If the
+value is "off", which is the default, the limit is disabled and the chunk size
+will grow indefinitely.
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+With `--vfs-read-chunk-size 100M` and `--vfs-read-chunk-size-limit 0`
+the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on.
+When `--vfs-read-chunk-size-limit 500M` is specified, the result would be
+0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.
 
-## SEE ALSO
+Setting `--vfs-read-chunk-size` to `0` or "off" disables chunked reading.
 
-* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
+## VFS Performance
 
-# rclone touch
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons. See also the [chunked reading](#vfs-chunked-reading)
+feature.
 
-Create new file or change file modification time.
+In particular S3 and Swift benefit hugely from the `--no-modtime` flag
+(or use `--use-server-modtime` for a slightly different effect) as each
+read of the modification time takes a transaction.
 
-## Synopsis
+    --no-checksum     Don't compare checksums on up/download.
+    --no-modtime      Don't read/write the modification time (can speed things up).
+    --no-seek         Don't allow seeking in files.
+    --read-only       Only allow read-only access.
 
+Sometimes rclone is delivered reads or writes out of order. Rather
+than seeking rclone will wait a short time for the in sequence read or
+write to come in. These flags only come into effect when not using an
+on disk cache file.
 
-Set the modification time on file(s) as specified by remote:path to
-have the current time.
+    --vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+    --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
 
-If remote:path does not exist then a zero sized file will be created,
-unless `--no-create` or `--recursive` is provided.
+When using VFS write caching (`--vfs-cache-mode` with value writes or full),
+the global flag `--transfers` can be set to adjust the number of parallel uploads of
+modified files from the cache (the related global flag `--checkers` has no effect on the VFS).
 
-If `--recursive` is used then recursively sets the modification
-time on all existing files that is found under the path. Filters are supported,
-and you can test with the `--dry-run` or the `--interactive`/`-i` flag.
+    --transfers int  Number of file transfers to run in parallel (default 4)
 
-If `--timestamp` is used then sets the modification time to that
-time instead of the current time. Times may be specified as one of:
+## VFS Case Sensitivity
 
-- 'YYMMDD' - e.g. 17.10.30
-- 'YYYY-MM-DDTHH:MM:SS' - e.g. 2006-01-02T15:04:05
-- 'YYYY-MM-DDTHH:MM:SS.SSS' - e.g. 2006-01-02T15:04:05.123456789
+Linux file systems are case-sensitive: two files can differ only
+by case, and the exact case must be used when opening a file.
 
-Note that value of `--timestamp` is in UTC. If you want local time
-then add the `--localtime` flag.
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case used
+to create the file is preserved and available for programs to query.
+It is not allowed for two files in the same directory to differ only by case.
 
+Usually file systems on macOS are case-insensitive. It is possible to make macOS
+file systems case-sensitive but that is not the default.
 
-```
-rclone touch remote:path [flags]
-```
+The `--vfs-case-insensitive` VFS flag controls how rclone handles these
+two cases. If its value is "false", rclone passes file names to the remote
+as-is. If the flag is "true" (or appears without a value on the
+command line), rclone may perform a "fixup" as explained below.
 
-## Options
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote. If an argument refers
+to an existing file with exactly the same name, then the case of the existing
+file on the disk will be used. However, if a file name with exactly the same
+name is not found but a name differing only by case exists, rclone will
+transparently fixup the name. This fixup happens only when an existing file
+is requested. Case sensitivity of file names created anew by rclone is
+controlled by the underlying remote.
 
-```
-  -h, --help               help for touch
-      --localtime          Use localtime for timestamp, not UTC
-  -C, --no-create          Do not create the file if it does not exist (implied with --recursive)
-  -R, --recursive          Recursively touch all files
-  -t, --timestamp string   Use specified time instead of the current time of day
-```
+Note that case sensitivity of the operating system running rclone (the target)
+may differ from case sensitivity of a file system presented by rclone (the source).
+The flag controls whether "fixup" is performed to satisfy the target.
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+If the flag is not provided on the command line, then its default value depends
+on the operating system where rclone runs: "true" on Windows and macOS, "false"
+otherwise. If the flag is provided without a value, then it is "true".
 
-## SEE ALSO
+## VFS Disk Options
 
-* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
+This flag allows you to manually set the statistics about the filing system.
+It can be useful when those statistics cannot be read correctly automatically.
 
-# rclone tree
+    --vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
 
-List the contents of the remote in a tree like fashion.
+## Alternate report of used bytes
 
-## Synopsis
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running `df` on the
+filesystem, then pass the flag `--vfs-used-is-size` to rclone.
+With this flag set, instead of relying on the backend to report this
+information, rclone will scan the whole remote similar to `rclone size`
+and compute the total used space itself.
 
+_WARNING._ Contrary to `rclone size`, this flag ignores filters so that the
+result is accurate. However, this is very inefficient and may cost lots of API
+calls resulting in extra charges. Use it as a last resort and only with caching.
 
-rclone tree lists the contents of a remote in a similar way to the
-unix tree command.
+## Auth Proxy
 
-For example
+If you supply the parameter `--auth-proxy /path/to/program` then
+rclone will use that program to generate backends on the fly which
+then are used to authenticate incoming requests.  This uses a simple
+JSON based protocol with input on STDIN and output on STDOUT.
 
-    $ rclone tree remote:path
-    /
-    ├── file1
-    ├── file2
-    ├── file3
-    └── subdir
-        ├── file4
-        └── file5
+**PLEASE NOTE:** `--auth-proxy` and `--authorized-keys` cannot be used
+together, if `--auth-proxy` is set the authorized keys option will be
+ignored.
 
-    1 directories, 5 files
+There is an example program
+[bin/test_proxy.py](https://github.com/rclone/rclone/blob/master/test_proxy.py)
+in the rclone source code.
 
-You can use any of the filtering options with the tree command (e.g.
-`--include` and `--exclude`.  You can also use `--fast-list`.
+The program's job is to take a `user` and `pass` on the input and turn
+those into the config for a backend on STDOUT in JSON format.  This
+config will have any default parameters for the backend added, but it
+won't use configuration from environment variables or command line
+options - it is the job of the proxy program to make a complete
+config.
 
-The tree command has many options for controlling the listing which
-are compatible with the tree command, for example you can include file
-sizes with `--size`.  Note that not all of them have
-short options as they conflict with rclone's short options.
+This config generated must have this extra parameter
+- `_root` - root to use for the backend
 
-For a more interactive navigation of the remote see the
-[ncdu](https://rclone.org/commands/rclone_ncdu/) command.
+And it may have this parameter
+- `_obscure` - comma separated strings for parameters to obscure
 
+If password authentication was used by the client, input to the proxy
+process (on STDIN) would look similar to this:
 
 ```
-rclone tree remote:path [flags]
+{
+	"user": "me",
+	"pass": "mypassword"
+}
 ```
 
-## Options
+If public-key authentication was used by the client, input to the
+proxy process (on STDIN) would look similar to this:
 
 ```
-  -a, --all             All files are listed (list . files too)
-  -d, --dirs-only       List directories only
-      --dirsfirst       List directories before files (-U disables)
-      --full-path       Print the full path prefix for each file
-  -h, --help            help for tree
-      --level int       Descend only level directories deep
-  -D, --modtime         Print the date of last modification.
-      --noindent        Don't print indentation lines
-      --noreport        Turn off file/directory count at end of tree listing
-  -o, --output string   Output to file instead of stdout
-  -p, --protections     Print the protections for each file.
-  -Q, --quote           Quote filenames with double quotes.
-  -s, --size            Print the size in bytes of each file.
-      --sort string     Select sort: name,version,size,mtime,ctime
-      --sort-ctime      Sort files by last status change time
-  -t, --sort-modtime    Sort files by last modification time
-  -r, --sort-reverse    Reverse the order of the sort
-  -U, --unsorted        Leave files unsorted
-      --version         Sort files alphanumerically by version
+{
+	"user": "me",
+	"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf"
+}
 ```
 
-See the [global flags page](https://rclone.org/flags/) for global options not listed here.
+And as an example return this on STDOUT
 
-## SEE ALSO
+```
+{
+	"type": "sftp",
+	"_root": "",
+	"_obscure": "pass",
+	"user": "me",
+	"pass": "mypassword",
+	"host": "sftp.example.com"
+}
+```
 
-* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
+This would mean that an SFTP backend would be created on the fly for
+the `user` and `pass`/`public_key` returned in the output to the host given.  Note
+that since `_obscure` is set to `pass`, rclone will obscure the `pass`
+parameter before creating the backend (which is required for sftp
+backends).
 
+The program can manipulate the supplied `user` in any way, for example
+to make proxy to many different sftp backends, you could make the
+`user` be `user@example.com` and then set the `host` to `example.com`
+in the output and the user to `user`. For security you'd probably want
+to restrict the `host` to a limited list.
 
-Copying single files
---------------------
+Note that an internal cache is keyed on `user` so only use that for
+configuration, don't use `pass` or `public_key`.  This also means that if a user's
+password or public-key is changed the cache will need to expire (which takes 5 mins)
+before it takes effect.
 
-rclone normally syncs or copies directories.  However, if the source
-remote points to a file, rclone will just copy that file.  The
-destination remote must point to a directory - rclone will give the
-error `Failed to create file system for "remote:file": is a file not a
-directory` if it isn't.
+This can be used to build general purpose proxies to any kind of
+backend that rclone supports.  
 
-For example, suppose you have a remote with a file in called
-`test.jpg`, then you could copy just that file like this
 
-    rclone copy remote:test.jpg /tmp/download
+```
+rclone serve sftp remote:path [flags]
+```
 
-The file `test.jpg` will be placed inside `/tmp/download`.
+## Options
 
-This is equivalent to specifying
+```
+      --addr string                            IPaddress:Port or :Port to bind server to (default "localhost:2022")
+      --auth-proxy string                      A program to use to create the backend from the auth
+      --authorized-keys string                 Authorized keys file (default "~/.ssh/authorized_keys")
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --file-perms FileMode                    File permissions (default 0666)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for sftp
+      --key stringArray                        SSH private host key file (Can be multi-valued, leave blank to auto generate)
+      --no-auth                                Allow connections with no authentication if set
+      --no-checksum                            Don't compare checksums on up/download
+      --no-modtime                             Don't read/write the modification time (can speed things up)
+      --no-seek                                Don't allow seeking in files
+      --pass string                            Password for authentication
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --stdio                                  Run an sftp server on stdin/stdout
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --user string                            User name for authentication
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
+```
 
-    rclone copy --files-from /tmp/files remote: /tmp/download
 
-Where `/tmp/files` contains the single line
+## Filter Options
 
-    test.jpg
+Flags for filtering directory listings.
 
-It is recommended to use `copy` when copying individual files, not `sync`.
-They have pretty much the same effect but `copy` will use a lot less
-memory.
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
 
-Syntax of remote paths
-----------------------
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-The syntax of the paths passed to the rclone command are as follows.
+# SEE ALSO
 
-### /path/to/dir
+* [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
-This refers to the local file system.
+# rclone serve webdav
 
-On Windows `\` may be used instead of `/` in local paths **only**,
-non local paths must use `/`. See [local filesystem](https://rclone.org/local/#paths-on-windows)
-documentation for more about Windows-specific paths.
+Serve remote:path over WebDAV.
 
-These paths needn't start with a leading `/` - if they don't then they
-will be relative to the current directory.
+## Synopsis
 
-### remote:path/to/dir
+Run a basic WebDAV server to serve a remote over HTTP via the
+WebDAV protocol. This can be viewed with a WebDAV client, through a web
+browser, or you can make a remote of type WebDAV to read and write it.
 
-This refers to a directory `path/to/dir` on `remote:` as defined in
-the config file (configured with `rclone config`).
+## WebDAV options
 
-### remote:/path/to/dir
+### --etag-hash 
 
-On most backends this is refers to the same directory as
-`remote:path/to/dir` and that format should be preferred.  On a very
-small number of remotes (FTP, SFTP, Dropbox for business) this will
-refer to a different directory.  On these, paths without a leading `/`
-will refer to your "home" directory and paths with a leading `/` will
-refer to the root.
+This controls the ETag header.  Without this flag the ETag will be
+based on the ModTime and Size of the object.
 
-### :backend:path/to/dir
+If this flag is set to "auto" then rclone will choose the first
+supported hash on the backend or you can use a named hash such as
+"MD5" or "SHA-1". Use the [hashsum](https://rclone.org/commands/rclone_hashsum/) command
+to see the full list.
 
-This is an advanced form for creating remotes on the fly.  `backend`
-should be the name or prefix of a backend (the `type` in the config
-file) and all the configuration for the backend should be provided on
-the command line (or in environment variables).
+## Access WebDAV on Windows
+WebDAV shared folder can be mapped as a drive on Windows, however the default settings prevent it.
+Windows will fail to connect to the server using insecure Basic authentication.
+It will not even display any login dialog. Windows requires SSL / HTTPS connection to be used with Basic.
+If you try to connect via Add Network Location Wizard you will get the following error:
+"The folder you entered does not appear to be valid. Please choose another".
+However, you still can connect if you set the following registry key on a client machine:
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\BasicAuthLevel to 2.
+The BasicAuthLevel can be set to the following values:
+    0 - Basic authentication disabled
+    1 - Basic authentication enabled for SSL connections only
+    2 - Basic authentication enabled for SSL connections and for non-SSL connections
+If required, increase the FileSizeLimitInBytes to a higher value.
+Navigate to the Services interface, then restart the WebClient service.
 
-Here are some examples:
+## Access Office applications on WebDAV
+Navigate to following registry HKEY_CURRENT_USER\Software\Microsoft\Office\[14.0/15.0/16.0]\Common\Internet
+Create a new DWORD BasicAuthLevel with value 2.
+    0 - Basic authentication disabled
+    1 - Basic authentication enabled for SSL connections only
+    2 - Basic authentication enabled for SSL and for non-SSL connections
 
-    rclone lsd --http-url https://pub.rclone.org :http:
+https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint
 
-To list all the directories in the root of `https://pub.rclone.org/`.
 
-    rclone lsf --http-url https://example.com :http:path/to/dir
+## Server options
 
-To list files and directories in `https://example.com/path/to/dir/`
+Use `--addr` to specify which IP address and port the server should
+listen on, eg `--addr 1.2.3.4:8000` or `--addr :8080` to listen to all
+IPs.  By default it only listens on localhost.  You can use port
+:0 to let the OS choose an available port.
 
-    rclone copy --http-url https://example.com :http:path/to/dir /tmp/dir
+If you set `--addr` to listen on a public or LAN accessible IP address
+then using Authentication is advised - see the next section for info.
 
-To copy files and directories in `https://example.com/path/to/dir` to `/tmp/dir`.
+You can use a unix socket by setting the url to `unix:///path/to/socket`
+or just by using an absolute path name. Note that unix sockets bypass the
+authentication - this is expected to be done with file system permissions.
 
-    rclone copy --sftp-host example.com :sftp:path/to/dir /tmp/dir
+`--addr` may be repeated to listen on multiple IPs/ports/sockets.
 
-To copy files and directories from `example.com` in the relative
-directory `path/to/dir` to `/tmp/dir` using sftp.
+`--server-read-timeout` and `--server-write-timeout` can be used to
+control the timeouts on the server.  Note that this is the total time
+for a transfer.
 
-### Connection strings {#connection-strings}
+`--max-header-bytes` controls the maximum number of bytes the server will
+accept in the HTTP header.
 
-The above examples can also be written using a connection string
-syntax, so instead of providing the arguments as command line
-parameters `--http-url https://pub.rclone.org` they are provided as
-part of the remote specification as a kind of connection string.
+`--baseurl` controls the URL prefix that rclone serves from.  By default
+rclone will serve from the root.  If you used `--baseurl "/rclone"` then
+rclone would serve from a URL starting with "/rclone/".  This is
+useful if you wish to proxy rclone serve.  Rclone automatically
+inserts leading and trailing "/" on `--baseurl`, so `--baseurl "rclone"`,
+`--baseurl "/rclone"` and `--baseurl "/rclone/"` are all treated
+identically.
 
-    rclone lsd ":http,url='https://pub.rclone.org':"
-    rclone lsf ":http,url='https://example.com':path/to/dir"
-    rclone copy ":http,url='https://example.com':path/to/dir" /tmp/dir
-    rclone copy :sftp,host=example.com:path/to/dir /tmp/dir
+### TLS (SSL)
 
-These can apply to modify existing remotes as well as create new
-remotes with the on the fly syntax. This example is equivalent to
-adding the `--drive-shared-with-me` parameter to the remote `gdrive:`.
+By default this will serve over http.  If you want you can serve over
+https.  You will need to supply the `--cert` and `--key` flags.
+If you wish to do client side certificate validation then you will need to
+supply `--client-ca` also.
 
-    rclone lsf "gdrive,shared_with_me:path/to/dir"
+`--cert` should be a either a PEM encoded certificate or a concatenation
+of that with the CA certificate.  `--key` should be the PEM encoded
+private key and `--client-ca` should be the PEM encoded client
+certificate authority certificate.
 
-The major advantage to using the connection string style syntax is
-that it only applies to the remote, not to all the remotes of that
-type of the command line. A common confusion is this attempt to copy a
-file shared on google drive to the normal drive which **does not
-work** because the `--drive-shared-with-me` flag applies to both the
-source and the destination.
+--min-tls-version is minimum TLS version that is acceptable. Valid
+  values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
+  "tls1.0").
 
-    rclone copy --drive-shared-with-me gdrive:shared-file.txt gdrive:
+### Template
 
-However using the connection string syntax, this does work.
+`--template` allows a user to specify a custom markup template for HTTP
+and WebDAV serve functions.  The server exports the following markup
+to be used within the template to server pages:
 
-    rclone copy "gdrive,shared_with_me:shared-file.txt" gdrive:
+| Parameter   | Description |
+| :---------- | :---------- |
+| .Name       | The full path of a file/directory. |
+| .Title      | Directory listing of .Name |
+| .Sort       | The current sort used.  This is changeable via ?sort= parameter |
+|             | Sort Options: namedirfirst,name,size,time (default namedirfirst) |
+| .Order      | The current ordering used.  This is changeable via ?order= parameter |
+|             | Order Options: asc,desc (default asc) |
+| .Query      | Currently unused. |
+| .Breadcrumb | Allows for creating a relative navigation |
+|-- .Link     | The relative to the root link of the Text. |
+|-- .Text     | The Name of the directory. |
+| .Entries    | Information about a specific file/directory. |
+|-- .URL      | The 'url' of an entry.  |
+|-- .Leaf     | Currently same as 'URL' but intended to be 'just' the name. |
+|-- .IsDir    | Boolean for if an entry is a directory or not. |
+|-- .Size     | Size in Bytes of the entry. |
+|-- .ModTime  | The UTC timestamp of an entry. |
 
-Note that the connection string only affects the options of the immediate 
-backend. If for example gdriveCrypt is a crypt based on gdrive, then the 
-following command **will not work** as intended, because 
-`shared_with_me` is ignored by the crypt backend:
+The server also makes the following functions available so that they can be used within the
+template. These functions help extend the options for dynamic rendering of HTML. They can
+be used to render HTML based on specific conditions.
 
-    rclone copy "gdriveCrypt,shared_with_me:shared-file.txt" gdriveCrypt:
+| Function   | Description |
+| :---------- | :---------- |
+| afterEpoch  | Returns the time since the epoch for the given time. |
+| contains    | Checks whether a given substring is present or not in a given string. |
+| hasPrefix   | Checks whether the given string begins with the specified prefix. |
+| hasSuffix   | Checks whether the given string end with the specified suffix. |
 
-The connection strings have the following syntax
+### Authentication
 
-    remote,parameter=value,parameter2=value2:path/to/dir
-    :backend,parameter=value,parameter2=value2:path/to/dir
+By default this will serve files without needing a login.
 
-If the `parameter` has a `:` or `,` then it must be placed in quotes `"` or
-`'`, so
+You can either use an htpasswd file which can take lots of users, or
+set a single username and password with the `--user` and `--pass` flags.
 
-    remote,parameter="colon:value",parameter2="comma,value":path/to/dir
-    :backend,parameter='colon:value',parameter2='comma,value':path/to/dir
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
 
-If a quoted value needs to include that quote, then it should be
-doubled, so
+Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
+in standard apache format and supports MD5, SHA1 and BCrypt for basic
+authentication.  Bcrypt is recommended.
 
-    remote,parameter="with""quote",parameter2='with''quote':path/to/dir
+To create an htpasswd file:
 
-This will make `parameter` be `with"quote` and `parameter2` be
-`with'quote`.
+    touch htpasswd
+    htpasswd -B htpasswd user
+    htpasswd -B htpasswd anotherUser
 
-If you leave off the `=parameter` then rclone will substitute `=true`
-which works very well with flags. For example, to use s3 configured in
-the environment you could use:
+The password file can be updated while rclone is running.
 
-    rclone lsd :s3,env_auth:
+Use `--realm` to set the authentication realm.
 
-Which is equivalent to
+Use `--salt` to change the password hashing salt from the default.
+## VFS - Virtual File System
 
-    rclone lsd :s3,env_auth=true:
+This command uses the VFS layer. This adapts the cloud storage objects
+that rclone uses into something which looks much more like a disk
+filing system.
 
-Note that on the command line you might need to surround these
-connection strings with `"` or `'` to stop the shell interpreting any
-special characters within them.
+Cloud storage objects have lots of properties which aren't like disk
+files - you can't extend them or write to the middle of them, so the
+VFS layer has to deal with that. Because there is no one right way of
+doing this there are various options explained below.
 
-If you are a shell master then you'll know which strings are OK and
-which aren't, but if you aren't sure then enclose them in `"` and use
-`'` as the inside quote. This syntax works on all OSes.
+The VFS layer also implements a directory cache - this caches info
+about files and directories (but not the data) in memory.
 
-    rclone copy ":http,url='https://example.com':path/to/dir" /tmp/dir
+## VFS Directory Cache
 
-On Linux/macOS some characters are still interpreted inside `"`
-strings in the shell (notably `\` and `$` and `"`) so if your strings
-contain those you can swap the roles of `"` and `'` thus. (This syntax
-does not work on Windows.)
+Using the `--dir-cache-time` flag, you can control how long a
+directory should be considered up to date and not refreshed from the
+backend. Changes made through the VFS will appear immediately or
+invalidate the cache.
 
-    rclone copy ':http,url="https://example.com":path/to/dir' /tmp/dir
+    --dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+    --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
 
-#### Connection strings, config and logging
+However, changes made directly on the cloud storage by the web
+interface or a different copy of rclone will only be picked up once
+the directory cache expires if the backend configured does not support
+polling for changes. If the backend supports polling, changes will be
+picked up within the polling interval.
 
-If you supply extra configuration to a backend by command line flag,
-environment variable or connection string then rclone will add a
-suffix based on the hash of the config to the name of the remote, eg
+You can send a `SIGHUP` signal to rclone for it to flush all
+directory caches, regardless of how old they are.  Assuming only one
+rclone instance is running, you can reset the cache like this:
 
-    rclone -vv lsf --s3-chunk-size 20M s3:
+    kill -SIGHUP $(pidof rclone)
 
-Has the log message
+If you configure rclone with a [remote control](/rc) then you can use
+rclone rc to flush the whole directory cache:
 
-    DEBUG : s3: detected overridden config - adding "{Srj1p}" suffix to name
+    rclone rc vfs/forget
 
-This is so rclone can tell the modified remote apart from the
-unmodified remote when caching the backends.
+Or individual files or directories:
 
-This should only be noticeable in the logs.
+    rclone rc vfs/forget file=path/to/file dir=path/to/dir
 
-This means that on the fly backends such as
+## VFS File Buffering
 
-    rclone -vv lsf :s3,env_auth:
+The `--buffer-size` flag determines the amount of memory,
+that will be used to buffer data in advance.
 
-Will get their own names
+Each open file will try to keep the specified amount of data in memory
+at all times. The buffered data is bound to one open file and won't be
+shared.
 
-    DEBUG : :s3: detected overridden config - adding "{YTu53}" suffix to name
+This flag is a upper limit for the used memory per open file.  The
+buffer will only use memory for data that is downloaded but not not
+yet read. If the buffer is empty, only a small amount of memory will
+be used.
 
-### Valid remote names
+The maximum memory used by rclone for buffering can be up to
+`--buffer-size * open files`.
 
-Remote names are case sensitive, and must adhere to the following rules:
- - May contain number, letter, `_`, `-`, `.`, `+`, `@` and space.
- - May not start with `-` or space.
- - May not end with space.
+## VFS File Caching
 
-Starting with rclone version 1.61, any Unicode numbers and letters are allowed,
-while in older versions it was limited to plain ASCII (0-9, A-Z, a-z). If you use
-the same rclone configuration from different shells, which may be configured with
-different character encoding, you must be cautious to use characters that are
-possible to write in all of them. This is mostly a problem on Windows, where
-the console traditionally uses a non-Unicode character set - defined
-by the so-called "code page".
+These flags control the VFS file caching options. File caching is
+necessary to make the VFS layer appear compatible with a normal file
+system. It can be disabled at the cost of some compatibility.
 
-Quoting and the shell
----------------------
+For example you'll need to enable VFS caching if you want to read and
+write simultaneously to a file.  See below for more details.
 
-When you are typing commands to your computer you are using something
-called the command line shell.  This interprets various characters in
-an OS specific way.
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
 
-Here are some gotchas which may help users unfamiliar with the shell rules
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
-### Linux / OSX ###
+If run with `-vv` rclone will print the location of the file cache.  The
+files are stored in the user cache file area which is OS dependent but
+can be controlled with `--cache-dir` or setting the appropriate
+environment variable.
 
-If your names have spaces or shell metacharacters (e.g. `*`, `?`, `$`,
-`'`, `"`, etc.) then you must quote them.  Use single quotes `'` by default.
+The cache has 4 different modes selected by `--vfs-cache-mode`.
+The higher the cache mode the more compatible rclone becomes at the
+cost of using disk space.
 
-    rclone copy 'Important files?' remote:backup
+Note that files are written back to the remote only when they are
+closed and if they haven't been accessed for `--vfs-write-back`
+seconds. If rclone is quit or dies with files that haven't been
+uploaded, these will be uploaded next time rclone is run with the same
+flags.
 
-If you want to send a `'` you will need to use `"`, e.g.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
-    rclone copy "O'Reilly Reviews" remote:backup
+You **should not** run two copies of rclone using the same VFS cache
+with the same or overlapping remotes if using `--vfs-cache-mode > off`.
+This can potentially cause data corruption if you do. You can work
+around this by giving each rclone its own cache hierarchy with
+`--cache-dir`. You don't need to worry about this if the remotes in
+use don't overlap.
 
-The rules for quoting metacharacters are complicated and if you want
-the full details you'll have to consult the manual page for your
-shell.
+### --vfs-cache-mode off
 
-### Windows ###
+In this mode (the default) the cache will read directly from the remote and write
+directly to the remote without caching anything on disk.
 
-If your names have spaces in you need to put them in `"`, e.g.
+This will mean some operations are not possible
 
-    rclone copy "E:\folder name\folder name\folder name" remote:backup
+  * Files can't be opened for both read AND write
+  * Files opened for write can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files open for read with O_TRUNC will be opened write only
+  * Files open for write only will behave as if O_TRUNC was supplied
+  * Open modes O_APPEND, O_TRUNC are ignored
+  * If an upload fails it can't be retried
 
-If you are using the root directory on its own then don't quote it
-(see [#464](https://github.com/rclone/rclone/issues/464) for why), e.g.
+### --vfs-cache-mode minimal
 
-    rclone copy E:\ remote:backup
+This is very similar to "off" except that files opened for read AND
+write will be buffered to disk.  This means that files opened for
+write will be a lot more compatible, but uses the minimal disk space.
 
-Copying files or directories with `:` in the names
---------------------------------------------------
+These operations are not possible
 
-rclone uses `:` to mark a remote name.  This is, however, a valid
-filename component in non-Windows OSes.  The remote name parser will
-only search for a `:` up to the first `/` so if you need to act on a
-file or directory like this then use the full path starting with a
-`/`, or use `./` as a current directory prefix.
+  * Files opened for write only can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files opened for write only will ignore O_APPEND, O_TRUNC
+  * If an upload fails it can't be retried
 
-So to sync a directory called `sync:me` to a remote called `remote:` use
+### --vfs-cache-mode writes
 
-    rclone sync --interactive ./sync:me remote:path
+In this mode files opened for read only are still read directly from
+the remote, write only and read/write files are buffered to disk
+first.
 
-or
+This mode should support all normal file system operations.
 
-    rclone sync --interactive /full/path/to/sync:me remote:path
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
 
-Server Side Copy
-----------------
+### --vfs-cache-mode full
 
-Most remotes (but not all - see [the
-overview](https://rclone.org/overview/#optional-features)) support server-side copy.
+In this mode all reads and writes are buffered to and from disk. When
+data is read from the remote this is buffered to disk as well.
 
-This means if you want to copy one folder to another then rclone won't
-download all the files and re-upload them; it will instruct the server
-to copy them in place.
+In this mode the files in the cache will be sparse files and rclone
+will keep track of which bits of the files it has downloaded.
 
-Eg
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file. These files will appear to be
+their full size in the cache, but they will be sparse files with only
+the data that has been downloaded present in them.
 
-    rclone copy s3:oldbucket s3:newbucket
+This mode should support all normal file system operations and is
+otherwise identical to `--vfs-cache-mode` writes.
 
-Will copy the contents of `oldbucket` to `newbucket` without
-downloading and re-uploading.
+When reading a file rclone will read `--buffer-size` plus
+`--vfs-read-ahead` bytes ahead.  The `--buffer-size` is buffered in memory
+whereas the `--vfs-read-ahead` is buffered on disk.
 
-Remotes which don't support server-side copy **will** download and
-re-upload in this case.
+When using this mode it is recommended that `--buffer-size` is not set
+too large and `--vfs-read-ahead` is set large if required.
 
-Server side copies are used with `sync` and `copy` and will be
-identified in the log when using the `-v` flag.  The `move` command
-may also use them if remote doesn't support server-side move directly.
-This is done by issuing a server-side copy then a delete which is much
-quicker than a download and re-upload.
+**IMPORTANT** not all file systems support sparse files. In particular
+FAT/exFAT do not. Rclone will perform very badly if the cache
+directory is on a filesystem which doesn't support sparse files and it
+will log an ERROR message if one is detected.
 
-Server side copies will only be attempted if the remote names are the
-same.
+### Fingerprinting
 
-This can be used when scripting to make aged backups efficiently, e.g.
+Various parts of the VFS use fingerprinting to see if a local file
+copy has changed relative to a remote file. Fingerprints are made
+from:
 
-    rclone sync --interactive remote:current-backup remote:previous-backup
-    rclone sync --interactive /path/to/files remote:current-backup
+- size
+- modification time
+- hash
 
-## Metadata support {#metadata}
+where available on an object.
 
-Metadata is data about a file which isn't the contents of the file.
-Normally rclone only preserves the modification time and the content
-(MIME) type where possible.
+On some backends some of these attributes are slow to read (they take
+an extra API call per object, or extra work per object).
 
-Rclone supports preserving all the available metadata on files (not
-directories) when using the `--metadata` or `-M` flag.
+For example `hash` is slow with the `local` and `sftp` backends as
+they have to read the entire file and hash it, and `modtime` is slow
+with the `s3`, `swift`, `ftp` and `qinqstor` backends because they
+need to do an extra API call to fetch it.
 
-Exactly what metadata is supported and what that support means depends
-on the backend. Backends that support metadata have a metadata section
-in their docs and are listed in the [features table](https://rclone.org/overview/#features)
-(Eg [local](https://rclone.org/local/#metadata), [s3](/s3/#metadata))
+If you use the `--vfs-fast-fingerprint` flag then rclone will not
+include the slow operations in the fingerprint. This makes the
+fingerprinting less accurate but much faster and will improve the
+opening time of cached files.
 
-Rclone only supports a one-time sync of metadata. This means that
-metadata will be synced from the source object to the destination
-object only when the source object has changed and needs to be
-re-uploaded. If the metadata subsequently changes on the source object
-without changing the object itself then it won't be synced to the
-destination object. This is in line with the way rclone syncs
-`Content-Type` without the `--metadata` flag.
+If you are running a vfs cache over `local`, `s3` or `swift` backends
+then using this flag is recommended.
 
-Using `--metadata` when syncing from local to local will preserve file
-attributes such as file mode, owner, extended attributes (not
-Windows).
+Note that if you change the value of this flag, the fingerprints of
+the files in the cache may be invalidated and the files will need to
+be downloaded again.
 
-Note that arbitrary metadata may be added to objects using the
-`--metadata-set key=value` flag when the object is first uploaded.
-This flag can be repeated as many times as necessary.
+## VFS Chunked Reading
 
-### Types of metadata
+When rclone reads files from a remote it reads them in chunks. This
+means that rather than requesting the whole file rclone reads the
+chunk specified.  This can reduce the used download quota for some
+remotes by requesting only chunks from the remote that are actually
+read, at the cost of an increased number of requests.
 
-Metadata is divided into two type. System metadata and User metadata.
+These flags control the chunking:
 
-Metadata which the backend uses itself is called system metadata. For
-example on the local backend the system metadata `uid` will store the
-user ID of the file when used on a unix based platform.
+    --vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+    --vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
 
-Arbitrary metadata is called user metadata and this can be set however
-is desired.
+Rclone will start reading a chunk of size `--vfs-read-chunk-size`,
+and then double the size for each read. When `--vfs-read-chunk-size-limit` is
+specified, and greater than `--vfs-read-chunk-size`, the chunk size for each
+open file will get doubled only until the specified value is reached. If the
+value is "off", which is the default, the limit is disabled and the chunk size
+will grow indefinitely.
 
-When objects are copied from backend to backend, they will attempt to
-interpret system metadata if it is supplied. Metadata may change from
-being user metadata to system metadata as objects are copied between
-different backends. For example copying an object from s3 sets the
-`content-type` metadata. In a backend which understands this (like
-`azureblob`) this will become the Content-Type of the object. In a
-backend which doesn't understand this (like the `local` backend) this
-will become user metadata. However should the local object be copied
-back to s3, the Content-Type will be set correctly.
+With `--vfs-read-chunk-size 100M` and `--vfs-read-chunk-size-limit 0`
+the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on.
+When `--vfs-read-chunk-size-limit 500M` is specified, the result would be
+0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.
 
-### Metadata framework
+Setting `--vfs-read-chunk-size` to `0` or "off" disables chunked reading.
 
-Rclone implements a metadata framework which can read metadata from an
-object and write it to the object when (and only when) it is being
-uploaded.
+## VFS Performance
 
-This metadata is stored as a dictionary with string keys and string
-values.
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons. See also the [chunked reading](#vfs-chunked-reading)
+feature.
 
-There are some limits on the names of the keys (these may be clarified
-further in the future).
+In particular S3 and Swift benefit hugely from the `--no-modtime` flag
+(or use `--use-server-modtime` for a slightly different effect) as each
+read of the modification time takes a transaction.
 
-- must be lower case
-- may be `a-z` `0-9` containing `.` `-` or `_`
-- length is backend dependent
+    --no-checksum     Don't compare checksums on up/download.
+    --no-modtime      Don't read/write the modification time (can speed things up).
+    --no-seek         Don't allow seeking in files.
+    --read-only       Only allow read-only access.
 
-Each backend can provide system metadata that it understands. Some
-backends can also store arbitrary user metadata.
+Sometimes rclone is delivered reads or writes out of order. Rather
+than seeking rclone will wait a short time for the in sequence read or
+write to come in. These flags only come into effect when not using an
+on disk cache file.
 
-Where possible the key names are standardized, so, for example, it is
-possible to copy object metadata from s3 to azureblob for example and
-metadata will be translated appropriately.
+    --vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+    --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
 
-Some backends have limits on the size of the metadata and rclone will
-give errors on upload if they are exceeded.
+When using VFS write caching (`--vfs-cache-mode` with value writes or full),
+the global flag `--transfers` can be set to adjust the number of parallel uploads of
+modified files from the cache (the related global flag `--checkers` has no effect on the VFS).
 
-### Metadata preservation
+    --transfers int  Number of file transfers to run in parallel (default 4)
 
-The goal of the implementation is to
+## VFS Case Sensitivity
 
-1. Preserve metadata if at all possible
-2. Interpret metadata if at all possible
+Linux file systems are case-sensitive: two files can differ only
+by case, and the exact case must be used when opening a file.
 
-The consequences of 1 is that you can copy an S3 object to a local
-disk then back to S3 losslessly. Likewise you can copy a local file
-with file attributes and xattrs from local disk to s3 and back again
-losslessly.
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case used
+to create the file is preserved and available for programs to query.
+It is not allowed for two files in the same directory to differ only by case.
 
-The consequence of 2 is that you can copy an S3 object with metadata
-to Azureblob (say) and have the metadata appear on the Azureblob
-object also.
+Usually file systems on macOS are case-insensitive. It is possible to make macOS
+file systems case-sensitive but that is not the default.
 
-### Standard system metadata
+The `--vfs-case-insensitive` VFS flag controls how rclone handles these
+two cases. If its value is "false", rclone passes file names to the remote
+as-is. If the flag is "true" (or appears without a value on the
+command line), rclone may perform a "fixup" as explained below.
 
-Here is a table of standard system metadata which, if appropriate, a
-backend may implement.
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote. If an argument refers
+to an existing file with exactly the same name, then the case of the existing
+file on the disk will be used. However, if a file name with exactly the same
+name is not found but a name differing only by case exists, rclone will
+transparently fixup the name. This fixup happens only when an existing file
+is requested. Case sensitivity of file names created anew by rclone is
+controlled by the underlying remote.
 
-| key                 | description | example |
-|---------------------|-------------|---------|
-| mode                | File type and mode: octal, unix style | 0100664 |
-| uid                 | User ID of owner: decimal number | 500 |
-| gid                 | Group ID of owner: decimal number | 500 |
-| rdev                | Device ID (if special file)  => hexadecimal | 0 |
-| atime               | Time of last access:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
-| mtime               | Time of last modification:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
-| btime               | Time of file creation (birth):  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
-| cache-control       | Cache-Control header | no-cache |
-| content-disposition | Content-Disposition header | inline |
-| content-encoding    | Content-Encoding header | gzip |
-| content-language    | Content-Language header | en-US |
-| content-type        | Content-Type header | text/plain |
+Note that case sensitivity of the operating system running rclone (the target)
+may differ from case sensitivity of a file system presented by rclone (the source).
+The flag controls whether "fixup" is performed to satisfy the target.
 
-The metadata keys `mtime` and `content-type` will take precedence if
-supplied in the metadata over reading the `Content-Type` or
-modification time of the source object.
+If the flag is not provided on the command line, then its default value depends
+on the operating system where rclone runs: "true" on Windows and macOS, "false"
+otherwise. If the flag is provided without a value, then it is "true".
 
-Hashes are not included in system metadata as there is a well defined
-way of reading those already.
+## VFS Disk Options
 
-Options
--------
+This flag allows you to manually set the statistics about the filing system.
+It can be useful when those statistics cannot be read correctly automatically.
 
-Rclone has a number of options to control its behaviour.
+    --vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
 
-Options that take parameters can have the values passed in two ways,
-`--option=value` or `--option value`. However boolean (true/false)
-options behave slightly differently to the other options in that
-`--boolean` sets the option to `true` and the absence of the flag sets
-it to `false`.  It is also possible to specify `--boolean=false` or
-`--boolean=true`.  Note that `--boolean false` is not valid - this is
-parsed as `--boolean` and the `false` is parsed as an extra command
-line argument for rclone.
+## Alternate report of used bytes
 
-### Time or duration options {#time-option}
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running `df` on the
+filesystem, then pass the flag `--vfs-used-is-size` to rclone.
+With this flag set, instead of relying on the backend to report this
+information, rclone will scan the whole remote similar to `rclone size`
+and compute the total used space itself.
 
-TIME or DURATION options can be specified as a duration string or a
-time string.
+_WARNING._ Contrary to `rclone size`, this flag ignores filters so that the
+result is accurate. However, this is very inefficient and may cost lots of API
+calls resulting in extra charges. Use it as a last resort and only with caching.
 
-A duration string is a possibly signed sequence of decimal numbers,
-each with optional fraction and a unit suffix, such as "300ms",
-"-1.5h" or "2h45m". Default units are seconds or the following
-abbreviations are valid:
+## Auth Proxy
 
-  * `ms` - Milliseconds
-  * `s`  - Seconds
-  * `m`  - Minutes
-  * `h`  - Hours
-  * `d`  - Days
-  * `w`  - Weeks
-  * `M`  - Months
-  * `y`  - Years
+If you supply the parameter `--auth-proxy /path/to/program` then
+rclone will use that program to generate backends on the fly which
+then are used to authenticate incoming requests.  This uses a simple
+JSON based protocol with input on STDIN and output on STDOUT.
 
-These can also be specified as an absolute time in the following
-formats:
+**PLEASE NOTE:** `--auth-proxy` and `--authorized-keys` cannot be used
+together, if `--auth-proxy` is set the authorized keys option will be
+ignored.
 
-- RFC3339 - e.g. `2006-01-02T15:04:05Z` or `2006-01-02T15:04:05+07:00`
-- ISO8601 Date and time, local timezone - `2006-01-02T15:04:05`
-- ISO8601 Date and time, local timezone - `2006-01-02 15:04:05`
-- ISO8601 Date - `2006-01-02` (YYYY-MM-DD)
+There is an example program
+[bin/test_proxy.py](https://github.com/rclone/rclone/blob/master/test_proxy.py)
+in the rclone source code.
 
-### Size options {#size-option}
+The program's job is to take a `user` and `pass` on the input and turn
+those into the config for a backend on STDOUT in JSON format.  This
+config will have any default parameters for the backend added, but it
+won't use configuration from environment variables or command line
+options - it is the job of the proxy program to make a complete
+config.
 
-Options which use SIZE use KiB (multiples of 1024 bytes) by default.
-However, a suffix of `B` for Byte, `K` for KiB, `M` for MiB,
-`G` for GiB, `T` for TiB and `P` for PiB may be used. These are
-the binary units, e.g. 1, 2\*\*10, 2\*\*20, 2\*\*30 respectively.
+This config generated must have this extra parameter
+- `_root` - root to use for the backend
 
-### --backup-dir=DIR ###
+And it may have this parameter
+- `_obscure` - comma separated strings for parameters to obscure
 
-When using `sync`, `copy` or `move` any files which would have been
-overwritten or deleted are moved in their original hierarchy into this
-directory.
+If password authentication was used by the client, input to the proxy
+process (on STDIN) would look similar to this:
 
-If `--suffix` is set, then the moved files will have the suffix added
-to them.  If there is a file with the same path (after the suffix has
-been added) in DIR, then it will be overwritten.
+```
+{
+	"user": "me",
+	"pass": "mypassword"
+}
+```
 
-The remote in use must support server-side move or copy and you must
-use the same remote as the destination of the sync.  The backup
-directory must not overlap the destination directory without it being
-excluded by a filter rule.
+If public-key authentication was used by the client, input to the
+proxy process (on STDIN) would look similar to this:
 
-For example
+```
+{
+	"user": "me",
+	"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf"
+}
+```
 
-    rclone sync --interactive /path/to/local remote:current --backup-dir remote:old
+And as an example return this on STDOUT
 
-will sync `/path/to/local` to `remote:current`, but for any files
-which would have been updated or deleted will be stored in
-`remote:old`.
+```
+{
+	"type": "sftp",
+	"_root": "",
+	"_obscure": "pass",
+	"user": "me",
+	"pass": "mypassword",
+	"host": "sftp.example.com"
+}
+```
 
-If running rclone from a script you might want to use today's date as
-the directory name passed to `--backup-dir` to store the old files, or
-you might want to pass `--suffix` with today's date.
+This would mean that an SFTP backend would be created on the fly for
+the `user` and `pass`/`public_key` returned in the output to the host given.  Note
+that since `_obscure` is set to `pass`, rclone will obscure the `pass`
+parameter before creating the backend (which is required for sftp
+backends).
 
-See `--compare-dest` and `--copy-dest`.
+The program can manipulate the supplied `user` in any way, for example
+to make proxy to many different sftp backends, you could make the
+`user` be `user@example.com` and then set the `host` to `example.com`
+in the output and the user to `user`. For security you'd probably want
+to restrict the `host` to a limited list.
 
-### --bind string ###
+Note that an internal cache is keyed on `user` so only use that for
+configuration, don't use `pass` or `public_key`.  This also means that if a user's
+password or public-key is changed the cache will need to expire (which takes 5 mins)
+before it takes effect.
 
-Local address to bind to for outgoing connections.  This can be an
-IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or host name.  If
-the host name doesn't resolve or resolves to more than one IP address
-it will give an error.
+This can be used to build general purpose proxies to any kind of
+backend that rclone supports.  
 
-### --bwlimit=BANDWIDTH_SPEC ###
 
-This option controls the bandwidth limit. For example
+```
+rclone serve webdav remote:path [flags]
+```
 
-    --bwlimit 10M
+## Options
 
-would mean limit the upload and download bandwidth to 10 MiB/s.
-**NB** this is **bytes** per second not **bits** per second. To use a
-single limit, specify the desired bandwidth in KiB/s, or use a
-suffix B|K|M|G|T|P. The default is `0` which means to not limit bandwidth.
+```
+      --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
+      --auth-proxy string                      A program to use to create the backend from the auth
+      --baseurl string                         Prefix for URLs - leave blank for root
+      --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
+      --client-ca string                       Client certificate authority to verify clients with
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --disable-dir-list                       Disable HTML directory list on GET request for a directory
+      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off
+      --file-perms FileMode                    File permissions (default 0666)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for webdav
+      --htpasswd string                        A htpasswd file - if not provided no authentication is done
+      --key string                             TLS PEM Private key
+      --max-header-bytes int                   Maximum size of request header (default 4096)
+      --min-tls-version string                 Minimum TLS version that is acceptable (default "tls1.0")
+      --no-checksum                            Don't compare checksums on up/download
+      --no-modtime                             Don't read/write the modification time (can speed things up)
+      --no-seek                                Don't allow seeking in files
+      --pass string                            Password for authentication
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --realm string                           Realm for authentication
+      --salt string                            Password hashing salt (default "dlPL2MqE")
+      --server-read-timeout Duration           Timeout for server reading data (default 1h0m0s)
+      --server-write-timeout Duration          Timeout for server writing data (default 1h0m0s)
+      --template string                        User-specified template
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --user string                            User name for authentication
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
+```
 
-The upload and download bandwidth can be specified separately, as
-`--bwlimit UP:DOWN`, so
 
-    --bwlimit 10M:100k
+## Filter Options
 
-would mean limit the upload bandwidth to 10 MiB/s and the download
-bandwidth to 100 KiB/s. Either limit can be "off" meaning no limit, so
-to just limit the upload bandwidth you would use
+Flags for filtering directory listings.
 
-    --bwlimit 10M:off
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
 
-this would limit the upload bandwidth to 10 MiB/s but the download
-bandwidth would be unlimited.
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-When specified as above the bandwidth limits last for the duration of
-run of the rclone binary.
+# SEE ALSO
 
-It is also possible to specify a "timetable" of limits, which will
-cause certain limits to be applied at certain times. To specify a
-timetable, format your entries as `WEEKDAY-HH:MM,BANDWIDTH
-WEEKDAY-HH:MM,BANDWIDTH...` where: `WEEKDAY` is optional element.
+* [rclone serve](https://rclone.org/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
-- `BANDWIDTH` can be a single number, e.g.`100k` or a pair of numbers
-for upload:download, e.g.`10M:1M`.
-- `WEEKDAY` can be written as the whole word or only using the first 3
-  characters. It is optional.
-- `HH:MM` is an hour from 00:00 to 23:59.
+# rclone settier
 
-An example of a typical timetable to avoid link saturation during daytime
-working hours could be:
+Changes storage class/tier of objects in remote.
 
-`--bwlimit "08:00,512k 12:00,10M 13:00,512k 18:00,30M 23:00,off"`
+## Synopsis
 
-In this example, the transfer bandwidth will be set to 512 KiB/s
-at 8am every day. At noon, it will rise to 10 MiB/s, and drop back
-to 512 KiB/sec at 1pm. At 6pm, the bandwidth limit will be set to
-30 MiB/s, and at 11pm it will be completely disabled (full speed).
-Anything between 11pm and 8am will remain unlimited.
 
-An example of timetable with `WEEKDAY` could be:
+rclone settier changes storage tier or class at remote if supported.
+Few cloud storage services provides different storage classes on objects,
+for example AWS S3 and Glacier, Azure Blob storage - Hot, Cool and Archive,
+Google Cloud Storage, Regional Storage, Nearline, Coldline etc.
 
-`--bwlimit "Mon-00:00,512 Fri-23:59,10M Sat-10:00,1M Sun-20:00,off"`
+Note that, certain tier changes make objects not available to access immediately.
+For example tiering to archive in azure blob storage makes objects in frozen state,
+user can restore by setting tier to Hot/Cool, similarly S3 to Glacier makes object
+inaccessible.true
 
-It means that, the transfer bandwidth will be set to 512 KiB/s on
-Monday. It will rise to 10 MiB/s before the end of Friday. At 10:00
-on Saturday it will be set to 1 MiB/s. From 20:00 on Sunday it will
-be unlimited.
+You can use it to tier single object
 
-Timeslots without `WEEKDAY` are extended to the whole week. So this
-example:
+    rclone settier Cool remote:path/file
 
-`--bwlimit "Mon-00:00,512 12:00,1M Sun-20:00,off"`
+Or use rclone filters to set tier on only specific files
 
-Is equivalent to this:
+	rclone --include "*.txt" settier Hot remote:path/dir
 
-`--bwlimit "Mon-00:00,512Mon-12:00,1M Tue-12:00,1M Wed-12:00,1M Thu-12:00,1M Fri-12:00,1M Sat-12:00,1M Sun-12:00,1M Sun-20:00,off"`
+Or just provide remote directory and all files in directory will be tiered
 
-Bandwidth limit apply to the data transfer for all backends. For most
-backends the directory listing bandwidth is also included (exceptions
-being the non HTTP backends, `ftp`, `sftp` and `storj`).
+    rclone settier tier remote:path/dir
 
-Note that the units are **Byte/s**, not **bit/s**. Typically
-connections are measured in bit/s - to convert divide by 8. For
-example, let's say you have a 10 Mbit/s connection and you wish rclone
-to use half of it - 5 Mbit/s. This is 5/8 = 0.625 MiB/s so you would
-use a `--bwlimit 0.625M` parameter for rclone.
 
-On Unix systems (Linux, macOS, …) the bandwidth limiter can be toggled by
-sending a `SIGUSR2` signal to rclone. This allows to remove the limitations
-of a long running rclone transfer and to restore it back to the value specified
-with `--bwlimit` quickly when needed. Assuming there is only one rclone instance
-running, you can toggle the limiter like this:
+```
+rclone settier tier remote:path [flags]
+```
 
-    kill -SIGUSR2 $(pidof rclone)
+## Options
 
-If you configure rclone with a [remote control](/rc) then you can use
-change the bwlimit dynamically:
+```
+  -h, --help   help for settier
+```
 
-    rclone rc core/bwlimit rate=1M
 
-### --bwlimit-file=BANDWIDTH_SPEC ###
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-This option controls per file bandwidth limit. For the options see the
-`--bwlimit` flag.
+# SEE ALSO
 
-For example use this to allow no transfers to be faster than 1 MiB/s
+* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
-    --bwlimit-file 1M
+# rclone test
 
-This can be used in conjunction with `--bwlimit`.
+Run a test command
 
-Note that if a schedule is provided the file will use the schedule in
-effect at the start of the transfer.
+## Synopsis
 
-### --buffer-size=SIZE ###
+Rclone test is used to run test commands.
 
-Use this sized buffer to speed up file transfers.  Each `--transfer`
-will use this much memory for buffering.
+Select which test command you want with the subcommand, eg
 
-When using `mount` or `cmount` each open file descriptor will use this much
-memory for buffering.
-See the [mount](https://rclone.org/commands/rclone_mount/#file-buffering) documentation for more details.
+    rclone test memory remote:
 
-Set to `0` to disable the buffering for the minimum memory usage.
+Each subcommand has its own options which you can see in their help.
 
-Note that the memory allocation of the buffers is influenced by the
-[--use-mmap](#use-mmap) flag.
+**NB** Be careful running these commands, they may do strange things
+so reading their documentation first is recommended.
 
-### --cache-dir=DIR ###
 
-Specify the directory rclone will use for caching, to override
-the default.
+## Options
 
-Default value is depending on operating system:
-- Windows `%LocalAppData%\rclone`, if `LocalAppData` is defined.
-- macOS `$HOME/Library/Caches/rclone` if `HOME` is defined.
-- Unix `$XDG_CACHE_HOME/rclone` if `XDG_CACHE_HOME` is defined, else `$HOME/.cache/rclone` if `HOME` is defined.
-- Fallback (on all OS) to `$TMPDIR/rclone`, where `TMPDIR` is the value from [--temp-dir](#temp-dir-dir).
+```
+  -h, --help   help for test
+```
 
-You can use the [config paths](https://rclone.org/commands/rclone_config_paths/)
-command to see the current value.
 
-Cache directory is heavily used by the [VFS File Caching](https://rclone.org/commands/rclone_mount/#vfs-file-caching)
-mount feature, but also by [serve](https://rclone.org/commands/rclone_serve/), [GUI](/gui) and other parts of rclone.
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-### --check-first ###
+# SEE ALSO
 
-If this flag is set then in a `sync`, `copy` or `move`, rclone will do
-all the checks to see whether files need to be transferred before
-doing any of the transfers. Normally rclone would start running
-transfers as soon as possible.
+* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
+* [rclone test changenotify](https://rclone.org/commands/rclone_test_changenotify/)	 - Log any change notify requests for the remote passed in.
+* [rclone test histogram](https://rclone.org/commands/rclone_test_histogram/)	 - Makes a histogram of file name characters.
+* [rclone test info](https://rclone.org/commands/rclone_test_info/)	 - Discovers file name or other limitations for paths.
+* [rclone test makefile](https://rclone.org/commands/rclone_test_makefile/)	 - Make files with random contents of the size given
+* [rclone test makefiles](https://rclone.org/commands/rclone_test_makefiles/)	 - Make a random file hierarchy in a directory
+* [rclone test memory](https://rclone.org/commands/rclone_test_memory/)	 - Load all the objects at remote:path into memory and report memory stats.
 
-This flag can be useful on IO limited systems where transfers
-interfere with checking.
+# rclone test changenotify
 
-It can also be useful to ensure perfect ordering when using
-`--order-by`.
+Log any change notify requests for the remote passed in.
 
-If both `--check-first` and `--order-by` are set when doing `rclone move`
-then rclone will use the transfer thread to delete source files which
-don't need transferring. This will enable perfect ordering of the
-transfers and deletes but will cause the transfer stats to have more
-items in than expected.
+```
+rclone test changenotify remote: [flags]
+```
 
-Using this flag can use more memory as it effectively sets
-`--max-backlog` to infinite. This means that all the info on the
-objects to transfer is held in memory before the transfers start.
+## Options
 
-### --checkers=N ###
+```
+  -h, --help                     help for changenotify
+      --poll-interval Duration   Time to wait between polling for changes (default 10s)
+```
 
-Originally controlling just the number of file checkers to run in parallel, 
-e.g. by `rclone copy`. Now a fairly universal parallelism control 
-used by `rclone` in several places. 
 
-Note: checkers do the equality checking of files during a sync. 
-For some storage systems (e.g. S3, Swift, Dropbox) this can take 
-a significant amount of time so they are run in parallel.
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-The default is to run 8 checkers in parallel. However, in case 
-of slow-reacting backends you may need to lower (rather than increase)
-this default by setting `--checkers` to 4 or less threads. This is 
-especially advised if you are experiencing backend server crashes 
-during file checking phase (e.g. on subsequent or top-up backups 
-where little or no file copying is done and checking takes up 
-most of the time). Increase this setting only with utmost care, 
-while monitoring your server health and file checking throughput.
+# SEE ALSO
 
-### -c, --checksum ###
+* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
 
-Normally rclone will look at modification time and size of files to
-see if they are equal.  If you set this flag then rclone will check
-the file hash and size to determine if files are equal.
+# rclone test histogram
 
-This is useful when the remote doesn't support setting modified time
-and a more accurate sync is desired than just checking the file size.
+Makes a histogram of file name characters.
 
-This is very useful when transferring between remotes which store the
-same hash type on the object, e.g. Drive and Swift. For details of which
-remotes support which hash type see the table in the [overview
-section](https://rclone.org/overview/).
+## Synopsis
 
-Eg `rclone --checksum sync s3:/bucket swift:/bucket` would run much
-quicker than without the `--checksum` flag.
+This command outputs JSON which shows the histogram of characters used
+in filenames in the remote:path specified.
 
-When using this flag, rclone won't update mtimes of remote files if
-they are incorrect as it would normally.
+The data doesn't contain any identifying information but is useful for
+the rclone developers when developing filename compression.
 
-### --color WHEN ###
-
-Specifiy when colors (and other ANSI codes) should be added to the output.
-
-`AUTO` (default) only allows ANSI codes when the output is a terminal
-
-`NEVER` never allow ANSI codes
-
-`ALWAYS` always add ANSI codes, regardless of the output format (terminal or file)
-
-### --compare-dest=DIR ###
-
-When using `sync`, `copy` or `move` DIR is checked in addition to the
-destination for files. If a file identical to the source is found that
-file is NOT copied from source. This is useful to copy just files that
-have changed since the last backup.
-
-You must use the same remote as the destination of the sync.  The
-compare directory must not overlap the destination directory.
 
-See `--copy-dest` and `--backup-dir`.
+```
+rclone test histogram [remote:path] [flags]
+```
 
-### --config=CONFIG_FILE ###
+## Options
 
-Specify the location of the rclone configuration file, to override
-the default. E.g. `rclone config --config="rclone.conf"`.
+```
+  -h, --help   help for histogram
+```
 
-The exact default is a bit complex to describe, due to changes
-introduced through different versions of rclone while preserving
-backwards compatibility, but in most cases it is as simple as:
 
- - `%APPDATA%/rclone/rclone.conf` on Windows
- - `~/.config/rclone/rclone.conf` on other
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-The complete logic is as follows: Rclone will look for an existing
-configuration file in any of the following locations, in priority order:
+# SEE ALSO
 
-  1. `rclone.conf` (in program directory, where rclone executable is)
-  2. `%APPDATA%/rclone/rclone.conf` (only on Windows)
-  3. `$XDG_CONFIG_HOME/rclone/rclone.conf` (on all systems, including Windows)
-  4. `~/.config/rclone/rclone.conf` (see below for explanation of ~ symbol)
-  5. `~/.rclone.conf`
+* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
 
-If no existing configuration file is found, then a new one will be created
-in the following location:
+# rclone test info
 
-- On Windows: Location 2 listed above, except in the unlikely event
-  that `APPDATA` is not defined, then location 4 is used instead.
-- On Unix: Location 3 if `XDG_CONFIG_HOME` is defined, else location 4.
-- Fallback to location 5 (on all OS), when the rclone directory cannot be
-  created, but if also a home directory was not found then path
-  `.rclone.conf` relative to current working directory will be used as
-  a final resort.
+Discovers file name or other limitations for paths.
 
-The `~` symbol in paths above represent the home directory of the current user
-on any OS, and the value is defined as following:
+## Synopsis
 
-  - On Windows: `%HOME%` if defined, else `%USERPROFILE%`, or else `%HOMEDRIVE%\%HOMEPATH%`.
-  - On Unix: `$HOME` if defined, else by looking up current user in OS-specific user database
-    (e.g. passwd file), or else use the result from shell command `cd && pwd`.
+rclone info discovers what filenames and upload methods are possible
+to write to the paths passed in and how long they can be.  It can take some
+time.  It will write test files into the remote:path passed in.  It outputs
+a bit of go code for each one.
 
-If you run `rclone config file` you will see where the default
-location is for you.
+**NB** this can create undeletable files and other hazards - use with care
 
-The fact that an existing file `rclone.conf` in the same directory
-as the rclone executable is always preferred, means that it is easy
-to run in "portable" mode by downloading rclone executable to a
-writable directory and then create an empty file `rclone.conf` in the
-same directory.
 
-If the location is set to empty string `""` or path to a file
-with name `notfound`, or the os null device represented by value `NUL` on
-Windows and `/dev/null` on Unix systems, then rclone will keep the
-config file in memory only.
+```
+rclone test info [remote:path]+ [flags]
+```
 
-The file format is basic [INI](https://en.wikipedia.org/wiki/INI_file#Format):
-Sections of text, led by a `[section]` header and followed by
-`key=value` entries on separate lines. In rclone each remote is
-represented by its own section, where the section name defines the
-name of the remote. Options are specified as the `key=value` entries,
-where the key is the option name without the `--backend-` prefix,
-in lowercase and with `_` instead of `-`. E.g. option `--mega-hard-delete`
-corresponds to key `hard_delete`. Only backend options can be specified.
-A special, and required, key `type` identifies the [storage system](https://rclone.org/overview/),
-where the value is the internal lowercase name as returned by command
-`rclone help backends`. Comments are indicated by `;` or `#` at the
-beginning of a line.
+## Options
 
-Example:
+```
+      --all                    Run all tests
+      --check-base32768        Check can store all possible base32768 characters
+      --check-control          Check control characters
+      --check-length           Check max filename length
+      --check-normalization    Check UTF-8 Normalization
+      --check-streaming        Check uploads with indeterminate file size
+  -h, --help                   help for info
+      --upload-wait Duration   Wait after writing a file (default 0s)
+      --write-json string      Write results to file
+```
 
-    [megaremote]
-    type = mega
-    user = you@example.com
-    pass = PDPcQVVjVtzFY-GTdDFozqBhTdsPg3qH
 
-Note that passwords are in [obscured](https://rclone.org/commands/rclone_obscure/)
-form. Also, many storage systems uses token-based authentication instead
-of passwords, and this requires additional steps. It is easier, and safer,
-to use the interactive command `rclone config` instead of manually
-editing the configuration file.
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-The configuration file will typically contain login information, and
-should therefore have restricted permissions so that only the current user
-can read it. Rclone tries to ensure this when it writes the file.
-You may also choose to [encrypt](#configuration-encryption) the file.
+# SEE ALSO
 
-When token-based authentication are used, the configuration file
-must be writable, because rclone needs to update the tokens inside it.
+* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
 
-### --contimeout=TIME ###
+# rclone test makefile
 
-Set the connection timeout. This should be in go time format which
-looks like `5s` for 5 seconds, `10m` for 10 minutes, or `3h30m`.
+Make files with random contents of the size given
 
-The connection timeout is the amount of time rclone will wait for a
-connection to go through to a remote object storage system.  It is
-`1m` by default.
+```
+rclone test makefile <size> [<file>]+ [flags]
+```
 
-### --copy-dest=DIR ###
+## Options
 
-When using `sync`, `copy` or `move` DIR is checked in addition to the
-destination for files. If a file identical to the source is found that
-file is server-side copied from DIR to the destination. This is useful
-for incremental backup.
+```
+      --ascii      Fill files with random ASCII printable bytes only
+      --chargen    Fill files with a ASCII chargen pattern
+  -h, --help       help for makefile
+      --pattern    Fill files with a periodic pattern
+      --seed int   Seed for the random number generator (0 for random) (default 1)
+      --sparse     Make the files sparse (appear to be filled with ASCII 0x00)
+      --zero       Fill files with ASCII 0x00
+```
 
-The remote in use must support server-side copy and you must
-use the same remote as the destination of the sync.  The compare
-directory must not overlap the destination directory.
 
-See `--compare-dest` and `--backup-dir`.
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-### --dedupe-mode MODE ###
+# SEE ALSO
 
-Mode to run dedupe command in.  One of `interactive`, `skip`, `first`, 
-`newest`, `oldest`, `rename`.  The default is `interactive`.  
-See the dedupe command for more information as to what these options mean.
+* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
 
-### --disable FEATURE,FEATURE,... ###
+# rclone test makefiles
 
-This disables a comma separated list of optional features. For example
-to disable server-side move and server-side copy use:
+Make a random file hierarchy in a directory
 
-    --disable move,copy
+```
+rclone test makefiles <dir> [flags]
+```
 
-The features can be put in any case.
+## Options
 
-To see a list of which features can be disabled use:
+```
+      --ascii                      Fill files with random ASCII printable bytes only
+      --chargen                    Fill files with a ASCII chargen pattern
+      --files int                  Number of files to create (default 1000)
+      --files-per-directory int    Average number of files per directory (default 10)
+  -h, --help                       help for makefiles
+      --max-depth int              Maximum depth of directory hierarchy (default 10)
+      --max-file-size SizeSuffix   Maximum size of files to create (default 100)
+      --max-name-length int        Maximum size of file names (default 12)
+      --min-file-size SizeSuffix   Minimum size of file to create
+      --min-name-length int        Minimum size of file names (default 4)
+      --pattern                    Fill files with a periodic pattern
+      --seed int                   Seed for the random number generator (0 for random) (default 1)
+      --sparse                     Make the files sparse (appear to be filled with ASCII 0x00)
+      --zero                       Fill files with ASCII 0x00
+```
 
-    --disable help
 
-See the overview [features](https://rclone.org/overview/#features) and
-[optional features](https://rclone.org/overview/#optional-features) to get an idea of
-which feature does what.
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-This flag can be useful for debugging and in exceptional circumstances
-(e.g. Google Drive limiting the total volume of Server Side Copies to
-100 GiB/day).
+# SEE ALSO
 
-### --disable-http2
+* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
 
-This stops rclone from trying to use HTTP/2 if available. This can
-sometimes speed up transfers due to a
-[problem in the Go standard library](https://github.com/golang/go/issues/37373).
+# rclone test memory
 
-### --dscp VALUE ###
+Load all the objects at remote:path into memory and report memory stats.
 
-Specify a DSCP value or name to use in connections. This could help QoS
-system to identify traffic class. BE, EF, DF, LE, CSx and AFxx are allowed.
+```
+rclone test memory remote:path [flags]
+```
 
-See the description of [differentiated services](https://en.wikipedia.org/wiki/Differentiated_services) to get an idea of
-this field. Setting this to 1 (LE) to identify the flow to SCAVENGER class
-can avoid occupying too much bandwidth in a network with DiffServ support ([RFC 8622](https://tools.ietf.org/html/rfc8622)).
+## Options
 
-For example, if you configured QoS on router to handle LE properly. Running:
 ```
-rclone copy --dscp LE from:/from to:/to
+  -h, --help   help for memory
 ```
-would make the priority lower than usual internet flows.
 
-This option has no effect on Windows (see [golang/go#42728](https://github.com/golang/go/issues/42728)).
 
-### -n, --dry-run ###
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-Do a trial run with no permanent changes.  Use this to see what rclone
-would do without actually doing it.  Useful when setting up the `sync`
-command which deletes files in the destination.
+# SEE ALSO
 
-### --expect-continue-timeout=TIME ###
+* [rclone test](https://rclone.org/commands/rclone_test/)	 - Run a test command
 
-This specifies the amount of time to wait for a server's first
-response headers after fully writing the request headers if the
-request has an "Expect: 100-continue" header. Not all backends support
-using this.
+# rclone touch
 
-Zero means no timeout and causes the body to be sent immediately,
-without waiting for the server to approve.  This time does not include
-the time to send the request header.
+Create new file or change file modification time.
 
-The default is `1s`.  Set to `0` to disable.
+## Synopsis
 
-### --error-on-no-transfer ###
 
-By default, rclone will exit with return code 0 if there were no errors.
+Set the modification time on file(s) as specified by remote:path to
+have the current time.
 
-This option allows rclone to return exit code 9 if no files were transferred
-between the source and destination. This allows using rclone in scripts, and
-triggering follow-on actions if data was copied, or skipping if not.
+If remote:path does not exist then a zero sized file will be created,
+unless `--no-create` or `--recursive` is provided.
 
-NB: Enabling this option turns a usually non-fatal error into a potentially
-fatal one - please check and adjust your scripts accordingly!
+If `--recursive` is used then recursively sets the modification
+time on all existing files that is found under the path. Filters are supported,
+and you can test with the `--dry-run` or the `--interactive`/`-i` flag.
 
-### --fs-cache-expire-duration=TIME
+If `--timestamp` is used then sets the modification time to that
+time instead of the current time. Times may be specified as one of:
 
-When using rclone via the API rclone caches created remotes for 5
-minutes by default in the "fs cache". This means that if you do
-repeated actions on the same remote then rclone won't have to build it
-again from scratch, which makes it more efficient.
+- 'YYMMDD' - e.g. 17.10.30
+- 'YYYY-MM-DDTHH:MM:SS' - e.g. 2006-01-02T15:04:05
+- 'YYYY-MM-DDTHH:MM:SS.SSS' - e.g. 2006-01-02T15:04:05.123456789
 
-This flag sets the time that the remotes are cached for. If you set it
-to `0` (or negative) then rclone won't cache the remotes at all.
+Note that value of `--timestamp` is in UTC. If you want local time
+then add the `--localtime` flag.
 
-Note that if you use some flags, eg `--backup-dir` and if this is set
-to `0` rclone may build two remotes (one for the source or destination
-and one for the `--backup-dir` where it may have only built one
-before.
 
-### --fs-cache-expire-interval=TIME
+```
+rclone touch remote:path [flags]
+```
 
-This controls how often rclone checks for cached remotes to expire.
-See the `--fs-cache-expire-duration` documentation above for more
-info. The default is 60s, set to 0 to disable expiry.
+## Options
 
-### --header ###
+```
+  -h, --help               help for touch
+      --localtime          Use localtime for timestamp, not UTC
+  -C, --no-create          Do not create the file if it does not exist (implied with --recursive)
+  -R, --recursive          Recursively touch all files
+  -t, --timestamp string   Use specified time instead of the current time of day
+```
 
-Add an HTTP header for all transactions. The flag can be repeated to
-add multiple headers.
 
-If you want to add headers only for uploads use `--header-upload` and
-if you want to add headers only for downloads use `--header-download`.
+## Important Options
 
-This flag is supported for all HTTP based backends even those not
-supported by `--header-upload` and `--header-download` so may be used
-as a workaround for those with care.
+Important flags useful for most commands.
 
 ```
-rclone ls remote:test --header "X-Rclone: Foo" --header "X-LetMeIn: Yes"
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
 ```
 
-### --header-download ###
+## Filter Options
 
-Add an HTTP header for all download transactions. The flag can be repeated to
-add multiple headers.
+Flags for filtering directory listings.
 
 ```
-rclone sync --interactive s3:test/src ~/dst --header-download "X-Amz-Meta-Test: Foo" --header-download "X-Amz-Meta-Test2: Bar"
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 ```
 
-See the GitHub issue [here](https://github.com/rclone/rclone/issues/59) for
-currently supported backends.
-
-### --header-upload ###
+## Listing Options
 
-Add an HTTP header for all upload transactions. The flag can be repeated to add
-multiple headers.
+Flags for listing directories.
 
 ```
-rclone sync --interactive ~/src s3:test/dst --header-upload "Content-Disposition: attachment; filename='cool.html'" --header-upload "X-Amz-Meta-Test: FooBar"
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
 ```
 
-See the GitHub issue [here](https://github.com/rclone/rclone/issues/59) for
-currently supported backends.
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-### --human-readable ###
+# SEE ALSO
 
-Rclone commands output values for sizes (e.g. number of bytes) and
-counts (e.g. number of files) either as *raw* numbers, or
-in *human-readable* format.
+* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
-In human-readable format the values are scaled to larger units, indicated with
-a suffix shown after the value, and rounded to three decimals. Rclone consistently
-uses binary units (powers of 2) for sizes and decimal units (powers of 10) for counts.
-The unit prefix for size is according to IEC standard notation, e.g. `Ki` for kibi.
-Used with byte unit, `1 KiB` means 1024 Byte. In list type of output, only the
-unit prefix appended to the value (e.g. `9.762Ki`), while in more textual output
-the full unit is shown (e.g. `9.762 KiB`). For counts the SI standard notation is
-used, e.g. prefix `k` for kilo. Used with file counts, `1k` means 1000 files.
+# rclone tree
 
-The various [list](https://rclone.org/commands/rclone_ls/) commands output raw numbers by default.
-Option `--human-readable` will make them output values in human-readable format
-instead (with the short unit prefix).
+List the contents of the remote in a tree like fashion.
 
-The [about](https://rclone.org/commands/rclone_about/) command outputs human-readable by default,
-with a command-specific option `--full` to output the raw numbers instead.
+## Synopsis
 
-Command [size](https://rclone.org/commands/rclone_size/) outputs both human-readable and raw numbers
-in the same output.
 
-The [tree](https://rclone.org/commands/rclone_tree/) command also considers `--human-readable`, but
-it will not use the exact same notation as the other commands: It rounds to one
-decimal, and uses single letter suffix, e.g. `K` instead of `Ki`. The reason for
-this is that it relies on an external library.
+rclone tree lists the contents of a remote in a similar way to the
+unix tree command.
 
-The interactive command [ncdu](https://rclone.org/commands/rclone_ncdu/) shows human-readable by
-default, and responds to key `u` for toggling human-readable format.
+For example
 
-### --ignore-case-sync ###
+    $ rclone tree remote:path
+    /
+    ├── file1
+    ├── file2
+    ├── file3
+    └── subdir
+        ├── file4
+        └── file5
 
-Using this option will cause rclone to ignore the case of the files
-when synchronizing so files will not be copied/synced when the
-existing filenames are the same, even if the casing is different.
+    1 directories, 5 files
 
-### --ignore-checksum ###
+You can use any of the filtering options with the tree command (e.g.
+`--include` and `--exclude`.  You can also use `--fast-list`.
 
-Normally rclone will check that the checksums of transferred files
-match, and give an error "corrupted on transfer" if they don't.
+The tree command has many options for controlling the listing which
+are compatible with the tree command, for example you can include file
+sizes with `--size`.  Note that not all of them have
+short options as they conflict with rclone's short options.
 
-You can use this option to skip that check.  You should only use it if
-you have had the "corrupted on transfer" error message and you are
-sure you might want to transfer potentially corrupted data.
+For a more interactive navigation of the remote see the
+[ncdu](https://rclone.org/commands/rclone_ncdu/) command.
 
-### --ignore-existing ###
 
-Using this option will make rclone unconditionally skip all files
-that exist on the destination, no matter the content of these files.
+```
+rclone tree remote:path [flags]
+```
 
-While this isn't a generally recommended option, it can be useful
-in cases where your files change due to encryption. However, it cannot
-correct partial transfers in case a transfer was interrupted.
+## Options
 
-When performing a `move`/`moveto` command, this flag will leave skipped
-files in the source location unchanged when a file with the same name
-exists on the destination.
+```
+  -a, --all             All files are listed (list . files too)
+  -d, --dirs-only       List directories only
+      --dirsfirst       List directories before files (-U disables)
+      --full-path       Print the full path prefix for each file
+  -h, --help            help for tree
+      --level int       Descend only level directories deep
+  -D, --modtime         Print the date of last modification.
+      --noindent        Don't print indentation lines
+      --noreport        Turn off file/directory count at end of tree listing
+  -o, --output string   Output to file instead of stdout
+  -p, --protections     Print the protections for each file.
+  -Q, --quote           Quote filenames with double quotes.
+  -s, --size            Print the size in bytes of each file.
+      --sort string     Select sort: name,version,size,mtime,ctime
+      --sort-ctime      Sort files by last status change time
+  -t, --sort-modtime    Sort files by last modification time
+  -r, --sort-reverse    Reverse the order of the sort
+  -U, --unsorted        Leave files unsorted
+      --version         Sort files alphanumerically by version
+```
 
-### --ignore-size ###
 
-Normally rclone will look at modification time and size of files to
-see if they are equal.  If you set this flag then rclone will check
-only the modification time.  If `--checksum` is set then it only
-checks the checksum.
+## Filter Options
 
-It will also cause rclone to skip verifying the sizes are the same
-after transfer.
+Flags for filtering directory listings.
 
-This can be useful for transferring files to and from OneDrive which
-occasionally misreports the size of image files (see
-[#399](https://github.com/rclone/rclone/issues/399) for more info).
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
 
-### -I, --ignore-times ###
+## Listing Options
 
-Using this option will cause rclone to unconditionally upload all
-files regardless of the state of files on the destination.
+Flags for listing directories.
 
-Normally rclone would skip any files that have the same
-modification time and are the same size (or have the same checksum if
-using `--checksum`).
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
 
-### --immutable ###
+See the [global flags page](https://rclone.org/flags/) for global options not listed here.
 
-Treat source and destination files as immutable and disallow
-modification.
+# SEE ALSO
 
-With this option set, files will be created and deleted as requested,
-but existing files will never be updated.  If an existing file does
-not match between the source and destination, rclone will give the error
-`Source and destination exist but do not match: immutable file modified`.
+* [rclone](https://rclone.org/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
-Note that only commands which transfer files (e.g. `sync`, `copy`,
-`move`) are affected by this behavior, and only modification is
-disallowed.  Files may still be deleted explicitly (e.g. `delete`,
-`purge`) or implicitly (e.g. `sync`, `move`).  Use `copy --immutable`
-if it is desired to avoid deletion as well as modification.
 
-This can be useful as an additional layer of protection for immutable
-or append-only data sets (notably backup archives), where modification
-implies corruption and should not be propagated.
+Copying single files
+--------------------
 
-### -i, --interactive {#interactive}
+rclone normally syncs or copies directories.  However, if the source
+remote points to a file, rclone will just copy that file.  The
+destination remote must point to a directory - rclone will give the
+error `Failed to create file system for "remote:file": is a file not a
+directory` if it isn't.
 
-This flag can be used to tell rclone that you wish a manual
-confirmation before destructive operations.
+For example, suppose you have a remote with a file in called
+`test.jpg`, then you could copy just that file like this
 
-It is **recommended** that you use this flag while learning rclone
-especially with `rclone sync`.
+    rclone copy remote:test.jpg /tmp/download
 
-For example
+The file `test.jpg` will be placed inside `/tmp/download`.
 
-```
-$ rclone delete --interactive /tmp/dir
-rclone: delete "important-file.txt"?
-y) Yes, this is OK (default)
-n) No, skip this
-s) Skip all delete operations with no more questions
-!) Do all delete operations with no more questions
-q) Exit rclone now.
-y/n/s/!/q> n
-```
+This is equivalent to specifying
 
-The options mean
+    rclone copy --files-from /tmp/files remote: /tmp/download
 
-- `y`: **Yes**, this operation should go ahead. You can also press Return
-  for this to happen. You'll be asked every time unless you choose `s`
-  or `!`.
-- `n`: **No**, do not do this operation. You'll be asked every time unless
-  you choose `s` or `!`.
-- `s`: **Skip** all the following operations of this type with no more
-  questions. This takes effect until rclone exits. If there are any
-  different kind of operations you'll be prompted for them.
-- `!`: **Do all** the following operations with no more
-  questions. Useful if you've decided that you don't mind rclone doing
-  that kind of operation. This takes effect until rclone exits . If
-  there are any different kind of operations you'll be prompted for
-  them.
-- `q`: **Quit** rclone now, just in case!
+Where `/tmp/files` contains the single line
 
-### --leave-root ####
+    test.jpg
 
-During rmdirs it will not remove root directory, even if it's empty.
+It is recommended to use `copy` when copying individual files, not `sync`.
+They have pretty much the same effect but `copy` will use a lot less
+memory.
 
-### --log-file=FILE ###
+Syntax of remote paths
+----------------------
 
-Log all of rclone's output to FILE.  This is not active by default.
-This can be useful for tracking down problems with syncs in
-combination with the `-v` flag.  See the [Logging section](#logging)
-for more info.
+The syntax of the paths passed to the rclone command are as follows.
 
-If FILE exists then rclone will append to it.
+### /path/to/dir
 
-Note that if you are using the `logrotate` program to manage rclone's
-logs, then you should use the `copytruncate` option as rclone doesn't
-have a signal to rotate logs.
+This refers to the local file system.
 
-### --log-format LIST ###
+On Windows `\` may be used instead of `/` in local paths **only**,
+non local paths must use `/`. See [local filesystem](https://rclone.org/local/#paths-on-windows)
+documentation for more about Windows-specific paths.
 
-Comma separated list of log format options. Accepted options are `date`, 
-`time`, `microseconds`, `pid`, `longfile`, `shortfile`, `UTC`. Any other 
-keywords will be silently ignored. `pid` will tag log messages with process
-identifier which useful with `rclone mount --daemon`. Other accepted
-options are explained in the [go documentation](https://pkg.go.dev/log#pkg-constants).
-The default log format is "`date`,`time`".
+These paths needn't start with a leading `/` - if they don't then they
+will be relative to the current directory.
 
-### --log-level LEVEL ###
+### remote:path/to/dir
 
-This sets the log level for rclone.  The default log level is `NOTICE`.
+This refers to a directory `path/to/dir` on `remote:` as defined in
+the config file (configured with `rclone config`).
 
-`DEBUG` is equivalent to `-vv`. It outputs lots of debug info - useful
-for bug reports and really finding out what rclone is doing.
+### remote:/path/to/dir
 
-`INFO` is equivalent to `-v`. It outputs information about each transfer
-and prints stats once a minute by default.
+On most backends this is refers to the same directory as
+`remote:path/to/dir` and that format should be preferred.  On a very
+small number of remotes (FTP, SFTP, Dropbox for business) this will
+refer to a different directory.  On these, paths without a leading `/`
+will refer to your "home" directory and paths with a leading `/` will
+refer to the root.
 
-`NOTICE` is the default log level if no logging flags are supplied. It
-outputs very little when things are working normally. It outputs
-warnings and significant events.
+### :backend:path/to/dir
 
-`ERROR` is equivalent to `-q`. It only outputs error messages.
+This is an advanced form for creating remotes on the fly.  `backend`
+should be the name or prefix of a backend (the `type` in the config
+file) and all the configuration for the backend should be provided on
+the command line (or in environment variables).
 
-### --use-json-log ###
+Here are some examples:
 
-This switches the log format to JSON for rclone. The fields of json log
-are level, msg, source, time.
+    rclone lsd --http-url https://pub.rclone.org :http:
 
-### --low-level-retries NUMBER ###
+To list all the directories in the root of `https://pub.rclone.org/`.
 
-This controls the number of low level retries rclone does.
+    rclone lsf --http-url https://example.com :http:path/to/dir
 
-A low level retry is used to retry a failing operation - typically one
-HTTP request.  This might be uploading a chunk of a big file for
-example.  You will see low level retries in the log with the `-v`
-flag.
+To list files and directories in `https://example.com/path/to/dir/`
 
-This shouldn't need to be changed from the default in normal operations.
-However, if you get a lot of low level retries you may wish
-to reduce the value so rclone moves on to a high level retry (see the
-`--retries` flag) quicker.
+    rclone copy --http-url https://example.com :http:path/to/dir /tmp/dir
 
-Disable low level retries with `--low-level-retries 1`.
+To copy files and directories in `https://example.com/path/to/dir` to `/tmp/dir`.
 
-### --max-backlog=N ###
+    rclone copy --sftp-host example.com :sftp:path/to/dir /tmp/dir
 
-This is the maximum allowable backlog of files in a sync/copy/move
-queued for being checked or transferred.
+To copy files and directories from `example.com` in the relative
+directory `path/to/dir` to `/tmp/dir` using sftp.
 
-This can be set arbitrarily large.  It will only use memory when the
-queue is in use.  Note that it will use in the order of N KiB of memory
-when the backlog is in use.
+### Connection strings {#connection-strings}
 
-Setting this large allows rclone to calculate how many files are
-pending more accurately, give a more accurate estimated finish
-time and make `--order-by` work more accurately.
+The above examples can also be written using a connection string
+syntax, so instead of providing the arguments as command line
+parameters `--http-url https://pub.rclone.org` they are provided as
+part of the remote specification as a kind of connection string.
 
-Setting this small will make rclone more synchronous to the listings
-of the remote which may be desirable.
+    rclone lsd ":http,url='https://pub.rclone.org':"
+    rclone lsf ":http,url='https://example.com':path/to/dir"
+    rclone copy ":http,url='https://example.com':path/to/dir" /tmp/dir
+    rclone copy :sftp,host=example.com:path/to/dir /tmp/dir
 
-Setting this to a negative number will make the backlog as large as
-possible.
+These can apply to modify existing remotes as well as create new
+remotes with the on the fly syntax. This example is equivalent to
+adding the `--drive-shared-with-me` parameter to the remote `gdrive:`.
 
-### --max-delete=N ###
+    rclone lsf "gdrive,shared_with_me:path/to/dir"
 
-This tells rclone not to delete more than N files.  If that limit is
-exceeded then a fatal error will be generated and rclone will stop the
-operation in progress.
+The major advantage to using the connection string style syntax is
+that it only applies to the remote, not to all the remotes of that
+type of the command line. A common confusion is this attempt to copy a
+file shared on google drive to the normal drive which **does not
+work** because the `--drive-shared-with-me` flag applies to both the
+source and the destination.
 
-### --max-delete-size=SIZE ###
+    rclone copy --drive-shared-with-me gdrive:shared-file.txt gdrive:
 
-Rclone will stop deleting files when the total size of deletions has
-reached the size specified. It defaults to off.
+However using the connection string syntax, this does work.
 
-If that limit is exceeded then a fatal error will be generated and
-rclone will stop the operation in progress.
+    rclone copy "gdrive,shared_with_me:shared-file.txt" gdrive:
 
-### --max-depth=N ###
+Note that the connection string only affects the options of the immediate 
+backend. If for example gdriveCrypt is a crypt based on gdrive, then the 
+following command **will not work** as intended, because 
+`shared_with_me` is ignored by the crypt backend:
 
-This modifies the recursion depth for all the commands except purge.
+    rclone copy "gdriveCrypt,shared_with_me:shared-file.txt" gdriveCrypt:
 
-So if you do `rclone --max-depth 1 ls remote:path` you will see only
-the files in the top level directory.  Using `--max-depth 2` means you
-will see all the files in first two directory levels and so on.
+The connection strings have the following syntax
 
-For historical reasons the `lsd` command defaults to using a
-`--max-depth` of 1 - you can override this with the command line flag.
+    remote,parameter=value,parameter2=value2:path/to/dir
+    :backend,parameter=value,parameter2=value2:path/to/dir
 
-You can use this command to disable recursion (with `--max-depth 1`).
+If the `parameter` has a `:` or `,` then it must be placed in quotes `"` or
+`'`, so
 
-Note that if you use this with `sync` and `--delete-excluded` the
-files not recursed through are considered excluded and will be deleted
-on the destination.  Test first with `--dry-run` if you are not sure
-what will happen.
+    remote,parameter="colon:value",parameter2="comma,value":path/to/dir
+    :backend,parameter='colon:value',parameter2='comma,value':path/to/dir
 
-### --max-duration=TIME ###
+If a quoted value needs to include that quote, then it should be
+doubled, so
 
-Rclone will stop scheduling new transfers when it has run for the
-duration specified.
+    remote,parameter="with""quote",parameter2='with''quote':path/to/dir
 
-Defaults to off.
+This will make `parameter` be `with"quote` and `parameter2` be
+`with'quote`.
 
-When the limit is reached any existing transfers will complete.
+If you leave off the `=parameter` then rclone will substitute `=true`
+which works very well with flags. For example, to use s3 configured in
+the environment you could use:
 
-Rclone won't exit with an error if the transfer limit is reached.
+    rclone lsd :s3,env_auth:
 
-### --max-transfer=SIZE ###
+Which is equivalent to
 
-Rclone will stop transferring when it has reached the size specified.
-Defaults to off.
+    rclone lsd :s3,env_auth=true:
 
-When the limit is reached all transfers will stop immediately.
+Note that on the command line you might need to surround these
+connection strings with `"` or `'` to stop the shell interpreting any
+special characters within them.
 
-Rclone will exit with exit code 8 if the transfer limit is reached.
+If you are a shell master then you'll know which strings are OK and
+which aren't, but if you aren't sure then enclose them in `"` and use
+`'` as the inside quote. This syntax works on all OSes.
 
-## -M, --metadata
+    rclone copy ":http,url='https://example.com':path/to/dir" /tmp/dir
 
-Setting this flag enables rclone to copy the metadata from the source
-to the destination. For local backends this is ownership, permissions,
-xattr etc. See the [#metadata](metadata section) for more info.
+On Linux/macOS some characters are still interpreted inside `"`
+strings in the shell (notably `\` and `$` and `"`) so if your strings
+contain those you can swap the roles of `"` and `'` thus. (This syntax
+does not work on Windows.)
 
-### --metadata-set key=value
+    rclone copy ':http,url="https://example.com":path/to/dir' /tmp/dir
 
-Add metadata `key` = `value` when uploading. This can be repeated as
-many times as required. See the [#metadata](metadata section) for more
-info.
+#### Connection strings, config and logging
 
-### --cutoff-mode=hard|soft|cautious ###
+If you supply extra configuration to a backend by command line flag,
+environment variable or connection string then rclone will add a
+suffix based on the hash of the config to the name of the remote, eg
 
-This modifies the behavior of `--max-transfer`
-Defaults to `--cutoff-mode=hard`.
+    rclone -vv lsf --s3-chunk-size 20M s3:
 
-Specifying `--cutoff-mode=hard` will stop transferring immediately
-when Rclone reaches the limit.
+Has the log message
 
-Specifying `--cutoff-mode=soft` will stop starting new transfers
-when Rclone reaches the limit.
+    DEBUG : s3: detected overridden config - adding "{Srj1p}" suffix to name
 
-Specifying `--cutoff-mode=cautious` will try to prevent Rclone
-from reaching the limit.
+This is so rclone can tell the modified remote apart from the
+unmodified remote when caching the backends.
 
-### --modify-window=TIME ###
+This should only be noticeable in the logs.
 
-When checking whether a file has been modified, this is the maximum
-allowed time difference that a file can have and still be considered
-equivalent.
+This means that on the fly backends such as
 
-The default is `1ns` unless this is overridden by a remote.  For
-example OS X only stores modification times to the nearest second so
-if you are reading and writing to an OS X filing system this will be
-`1s` by default.
+    rclone -vv lsf :s3,env_auth:
 
-This command line flag allows you to override that computed default.
+Will get their own names
 
-### --multi-thread-cutoff=SIZE ###
+    DEBUG : :s3: detected overridden config - adding "{YTu53}" suffix to name
 
-When downloading files to the local backend above this size, rclone
-will use multiple threads to download the file (default 250M).
+### Valid remote names
 
-Rclone preallocates the file (using `fallocate(FALLOC_FL_KEEP_SIZE)`
-on unix or `NTSetInformationFile` on Windows both of which takes no
-time) then each thread writes directly into the file at the correct
-place.  This means that rclone won't create fragmented or sparse files
-and there won't be any assembly time at the end of the transfer.
+Remote names are case sensitive, and must adhere to the following rules:
+ - May contain number, letter, `_`, `-`, `.`, `+`, `@` and space.
+ - May not start with `-` or space.
+ - May not end with space.
 
-The number of threads used to download is controlled by
-`--multi-thread-streams`.
+Starting with rclone version 1.61, any Unicode numbers and letters are allowed,
+while in older versions it was limited to plain ASCII (0-9, A-Z, a-z). If you use
+the same rclone configuration from different shells, which may be configured with
+different character encoding, you must be cautious to use characters that are
+possible to write in all of them. This is mostly a problem on Windows, where
+the console traditionally uses a non-Unicode character set - defined
+by the so-called "code page".
 
-Use `-vv` if you wish to see info about the threads.
+Do not use single character names on Windows as it creates ambiguity with Windows
+drives' names, e.g.: remote called `C` is indistinguishable from `C` drive. Rclone
+will always assume that single letter name refers to a drive.
 
-This will work with the `sync`/`copy`/`move` commands and friends
-`copyto`/`moveto`.  Multi thread downloads will be used with `rclone
-mount` and `rclone serve` if `--vfs-cache-mode` is set to `writes` or
-above.
+Quoting and the shell
+---------------------
 
-**NB** that this **only** works for a local destination but will work
-with any source.
+When you are typing commands to your computer you are using something
+called the command line shell.  This interprets various characters in
+an OS specific way.
 
-**NB** that multi thread copies are disabled for local to local copies
-as they are faster without unless `--multi-thread-streams` is set
-explicitly.
+Here are some gotchas which may help users unfamiliar with the shell rules
 
-**NB** on Windows using multi-thread downloads will cause the
-resulting files to be [sparse](https://en.wikipedia.org/wiki/Sparse_file).
-Use `--local-no-sparse` to disable sparse files (which may cause long
-delays at the start of downloads) or disable multi-thread downloads
-with `--multi-thread-streams 0`
+### Linux / OSX ###
 
-### --multi-thread-streams=N ###
+If your names have spaces or shell metacharacters (e.g. `*`, `?`, `$`,
+`'`, `"`, etc.) then you must quote them.  Use single quotes `'` by default.
 
-When using multi thread downloads (see above `--multi-thread-cutoff`)
-this sets the maximum number of streams to use.  Set to `0` to disable
-multi thread downloads (Default 4).
+    rclone copy 'Important files?' remote:backup
 
-Exactly how many streams rclone uses for the download depends on the
-size of the file. To calculate the number of download streams Rclone
-divides the size of the file by the `--multi-thread-cutoff` and rounds
-up, up to the maximum set with `--multi-thread-streams`.
+If you want to send a `'` you will need to use `"`, e.g.
 
-So if `--multi-thread-cutoff 250M` and `--multi-thread-streams 4` are
-in effect (the defaults):
+    rclone copy "O'Reilly Reviews" remote:backup
 
-- 0..250 MiB files will be downloaded with 1 stream
-- 250..500 MiB files will be downloaded with 2 streams
-- 500..750 MiB files will be downloaded with 3 streams
-- 750+ MiB files will be downloaded with 4 streams
+The rules for quoting metacharacters are complicated and if you want
+the full details you'll have to consult the manual page for your
+shell.
 
-### --no-check-dest ###
+### Windows ###
 
-The `--no-check-dest` can be used with `move` or `copy` and it causes
-rclone not to check the destination at all when copying files.
+If your names have spaces in you need to put them in `"`, e.g.
 
-This means that:
+    rclone copy "E:\folder name\folder name\folder name" remote:backup
 
-- the destination is not listed minimising the API calls
-- files are always transferred
-- this can cause duplicates on remotes which allow it (e.g. Google Drive)
-- `--retries 1` is recommended otherwise you'll transfer everything again on a retry
+If you are using the root directory on its own then don't quote it
+(see [#464](https://github.com/rclone/rclone/issues/464) for why), e.g.
 
-This flag is useful to minimise the transactions if you know that none
-of the files are on the destination.
+    rclone copy E:\ remote:backup
 
-This is a specialized flag which should be ignored by most users!
+Copying files or directories with `:` in the names
+--------------------------------------------------
 
-### --no-gzip-encoding ###
+rclone uses `:` to mark a remote name.  This is, however, a valid
+filename component in non-Windows OSes.  The remote name parser will
+only search for a `:` up to the first `/` so if you need to act on a
+file or directory like this then use the full path starting with a
+`/`, or use `./` as a current directory prefix.
 
-Don't set `Accept-Encoding: gzip`.  This means that rclone won't ask
-the server for compressed files automatically. Useful if you've set
-the server to return files with `Content-Encoding: gzip` but you
-uploaded compressed files.
+So to sync a directory called `sync:me` to a remote called `remote:` use
 
-There is no need to set this in normal operation, and doing so will
-decrease the network transfer efficiency of rclone.
+    rclone sync --interactive ./sync:me remote:path
 
-### --no-traverse ###
+or
 
-The `--no-traverse` flag controls whether the destination file system
-is traversed when using the `copy` or `move` commands.
-`--no-traverse` is not compatible with `sync` and will be ignored if
-you supply it with `sync`.
+    rclone sync --interactive /full/path/to/sync:me remote:path
 
-If you are only copying a small number of files (or are filtering most
-of the files) and/or have a large number of files on the destination
-then `--no-traverse` will stop rclone listing the destination and save
-time.
+Server Side Copy
+----------------
 
-However, if you are copying a large number of files, especially if you
-are doing a copy where lots of the files under consideration haven't
-changed and won't need copying then you shouldn't use `--no-traverse`.
+Most remotes (but not all - see [the
+overview](https://rclone.org/overview/#optional-features)) support server-side copy.
 
-See [rclone copy](https://rclone.org/commands/rclone_copy/) for an example of how to use it.
+This means if you want to copy one folder to another then rclone won't
+download all the files and re-upload them; it will instruct the server
+to copy them in place.
 
-### --no-unicode-normalization ###
+Eg
 
-Don't normalize unicode characters in filenames during the sync routine.
+    rclone copy s3:oldbucket s3:newbucket
 
-Sometimes, an operating system will store filenames containing unicode
-parts in their decomposed form (particularly macOS). Some cloud storage
-systems will then recompose the unicode, resulting in duplicate files if
-the data is ever copied back to a local filesystem.
+Will copy the contents of `oldbucket` to `newbucket` without
+downloading and re-uploading.
 
-Using this flag will disable that functionality, treating each unicode
-character as unique. For example, by default é and é will be normalized
-into the same character. With `--no-unicode-normalization` they will be
-treated as unique characters.
+Remotes which don't support server-side copy **will** download and
+re-upload in this case.
 
-### --no-update-modtime ###
+Server side copies are used with `sync` and `copy` and will be
+identified in the log when using the `-v` flag.  The `move` command
+may also use them if remote doesn't support server-side move directly.
+This is done by issuing a server-side copy then a delete which is much
+quicker than a download and re-upload.
 
-When using this flag, rclone won't update modification times of remote
-files if they are incorrect as it would normally.
+Server side copies will only be attempted if the remote names are the
+same.
 
-This can be used if the remote is being synced with another tool also
-(e.g. the Google Drive client).
+This can be used when scripting to make aged backups efficiently, e.g.
 
-### --order-by string ###
+    rclone sync --interactive remote:current-backup remote:previous-backup
+    rclone sync --interactive /path/to/files remote:current-backup
 
-The `--order-by` flag controls the order in which files in the backlog
-are processed in `rclone sync`, `rclone copy` and `rclone move`.
+## Metadata support {#metadata}
 
-The order by string is constructed like this.  The first part
-describes what aspect is being measured:
+Metadata is data about a file which isn't the contents of the file.
+Normally rclone only preserves the modification time and the content
+(MIME) type where possible.
 
-- `size` - order by the size of the files
-- `name` - order by the full path of the files
-- `modtime` - order by the modification date of the files
+Rclone supports preserving all the available metadata on files (not
+directories) when using the `--metadata` or `-M` flag.
 
-This can have a modifier appended with a comma:
+Exactly what metadata is supported and what that support means depends
+on the backend. Backends that support metadata have a metadata section
+in their docs and are listed in the [features table](https://rclone.org/overview/#features)
+(Eg [local](https://rclone.org/local/#metadata), [s3](/s3/#metadata))
 
-- `ascending` or `asc` - order so that the smallest (or oldest) is processed first
-- `descending` or `desc` - order so that the largest (or newest) is processed first
-- `mixed` - order so that the smallest is processed first for some threads and the largest for others
+Rclone only supports a one-time sync of metadata. This means that
+metadata will be synced from the source object to the destination
+object only when the source object has changed and needs to be
+re-uploaded. If the metadata subsequently changes on the source object
+without changing the object itself then it won't be synced to the
+destination object. This is in line with the way rclone syncs
+`Content-Type` without the `--metadata` flag.
 
-If the modifier is `mixed` then it can have an optional percentage
-(which defaults to `50`), e.g. `size,mixed,25` which means that 25% of
-the threads should be taking the smallest items and 75% the
-largest. The threads which take the smallest first will always take
-the smallest first and likewise the largest first threads. The `mixed`
-mode can be useful to minimise the transfer time when you are
-transferring a mixture of large and small files - the large files are
-guaranteed upload threads and bandwidth and the small files will be
-processed continuously.
+Using `--metadata` when syncing from local to local will preserve file
+attributes such as file mode, owner, extended attributes (not
+Windows).
 
-If no modifier is supplied then the order is `ascending`.
+Note that arbitrary metadata may be added to objects using the
+`--metadata-set key=value` flag when the object is first uploaded.
+This flag can be repeated as many times as necessary.
 
-For example
+The [--metadata-mapper](#metadata-mapper) flag can be used to pass the
+name of a program in which can transform metadata when it is being
+copied from source to destination.
 
-- `--order-by size,desc` - send the largest files first
-- `--order-by modtime,ascending` - send the oldest files first
-- `--order-by name` - send the files with alphabetically by path first
+### Types of metadata
 
-If the `--order-by` flag is not supplied or it is supplied with an
-empty string then the default ordering will be used which is as
-scanned.  With `--checkers 1` this is mostly alphabetical, however
-with the default `--checkers 8` it is somewhat random.
+Metadata is divided into two type. System metadata and User metadata.
 
-#### Limitations
+Metadata which the backend uses itself is called system metadata. For
+example on the local backend the system metadata `uid` will store the
+user ID of the file when used on a unix based platform.
 
-The `--order-by` flag does not do a separate pass over the data.  This
-means that it may transfer some files out of the order specified if
+Arbitrary metadata is called user metadata and this can be set however
+is desired.
 
-- there are no files in the backlog or the source has not been fully scanned yet
-- there are more than [--max-backlog](#max-backlog-n) files in the backlog
+When objects are copied from backend to backend, they will attempt to
+interpret system metadata if it is supplied. Metadata may change from
+being user metadata to system metadata as objects are copied between
+different backends. For example copying an object from s3 sets the
+`content-type` metadata. In a backend which understands this (like
+`azureblob`) this will become the Content-Type of the object. In a
+backend which doesn't understand this (like the `local` backend) this
+will become user metadata. However should the local object be copied
+back to s3, the Content-Type will be set correctly.
 
-Rclone will do its best to transfer the best file it has so in
-practice this should not cause a problem.  Think of `--order-by` as
-being more of a best efforts flag rather than a perfect ordering.
+### Metadata framework
 
-If you want perfect ordering then you will need to specify
-[--check-first](#check-first) which will find all the files which need
-transferring first before transferring any.
+Rclone implements a metadata framework which can read metadata from an
+object and write it to the object when (and only when) it is being
+uploaded.
 
-### --password-command SpaceSepList ###
+This metadata is stored as a dictionary with string keys and string
+values.
 
-This flag supplies a program which should supply the config password
-when run. This is an alternative to rclone prompting for the password
-or setting the `RCLONE_CONFIG_PASS` variable.
+There are some limits on the names of the keys (these may be clarified
+further in the future).
 
-The argument to this should be a command with a space separated list
-of arguments. If one of the arguments has a space in then enclose it
-in `"`, if you want a literal `"` in an argument then enclose the
-argument in `"` and double the `"`. See [CSV encoding](https://godoc.org/encoding/csv)
-for more info.
+- must be lower case
+- may be `a-z` `0-9` containing `.` `-` or `_`
+- length is backend dependent
 
-Eg
+Each backend can provide system metadata that it understands. Some
+backends can also store arbitrary user metadata.
 
-    --password-command echo hello
-    --password-command echo "hello with space"
-    --password-command echo "hello with ""quotes"" and space"
+Where possible the key names are standardized, so, for example, it is
+possible to copy object metadata from s3 to azureblob for example and
+metadata will be translated appropriately.
 
-See the [Configuration Encryption](#configuration-encryption) for more info.
+Some backends have limits on the size of the metadata and rclone will
+give errors on upload if they are exceeded.
 
-See a [Windows PowerShell example on the Wiki](https://github.com/rclone/rclone/wiki/Windows-Powershell-use-rclone-password-command-for-Config-file-password).
+### Metadata preservation
 
-### -P, --progress ###
+The goal of the implementation is to
 
-This flag makes rclone update the stats in a static block in the
-terminal providing a realtime overview of the transfer.
+1. Preserve metadata if at all possible
+2. Interpret metadata if at all possible
 
-Any log messages will scroll above the static block.  Log messages
-will push the static block down to the bottom of the terminal where it
-will stay.
+The consequences of 1 is that you can copy an S3 object to a local
+disk then back to S3 losslessly. Likewise you can copy a local file
+with file attributes and xattrs from local disk to s3 and back again
+losslessly.
 
-Normally this is updated every 500mS but this period can be overridden
-with the `--stats` flag.
+The consequence of 2 is that you can copy an S3 object with metadata
+to Azureblob (say) and have the metadata appear on the Azureblob
+object also.
 
-This can be used with the `--stats-one-line` flag for a simpler
-display.
+### Standard system metadata
 
-Note: On Windows until [this bug](https://github.com/Azure/go-ansiterm/issues/26)
-is fixed all non-ASCII characters will be replaced with `.` when
-`--progress` is in use.
+Here is a table of standard system metadata which, if appropriate, a
+backend may implement.
 
-### --progress-terminal-title ###
+| key                 | description | example |
+|---------------------|-------------|---------|
+| mode                | File type and mode: octal, unix style | 0100664 |
+| uid                 | User ID of owner: decimal number | 500 |
+| gid                 | Group ID of owner: decimal number | 500 |
+| rdev                | Device ID (if special file)  => hexadecimal | 0 |
+| atime               | Time of last access:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
+| mtime               | Time of last modification:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
+| btime               | Time of file creation (birth):  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
+| utime               | Time of file upload:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
+| cache-control       | Cache-Control header | no-cache |
+| content-disposition | Content-Disposition header | inline |
+| content-encoding    | Content-Encoding header | gzip |
+| content-language    | Content-Language header | en-US |
+| content-type        | Content-Type header | text/plain |
 
-This flag, when used with `-P/--progress`, will print the string `ETA: %s`
-to the terminal title.
+The metadata keys `mtime` and `content-type` will take precedence if
+supplied in the metadata over reading the `Content-Type` or
+modification time of the source object.
 
-### -q, --quiet ###
+Hashes are not included in system metadata as there is a well defined
+way of reading those already.
 
-This flag will limit rclone's output to error messages only.
+Options
+-------
 
-### --refresh-times ###
+Rclone has a number of options to control its behaviour.
 
-The `--refresh-times` flag can be used to update modification times of
-existing files when they are out of sync on backends which don't
-support hashes.
+Options that take parameters can have the values passed in two ways,
+`--option=value` or `--option value`. However boolean (true/false)
+options behave slightly differently to the other options in that
+`--boolean` sets the option to `true` and the absence of the flag sets
+it to `false`.  It is also possible to specify `--boolean=false` or
+`--boolean=true`.  Note that `--boolean false` is not valid - this is
+parsed as `--boolean` and the `false` is parsed as an extra command
+line argument for rclone.
 
-This is useful if you uploaded files with the incorrect timestamps and
-you now wish to correct them.
+### Time or duration options {#time-option}
 
-This flag is **only** useful for destinations which don't support
-hashes (e.g. `crypt`).
+TIME or DURATION options can be specified as a duration string or a
+time string.
 
-This can be used any of the sync commands `sync`, `copy` or `move`.
+A duration string is a possibly signed sequence of decimal numbers,
+each with optional fraction and a unit suffix, such as "300ms",
+"-1.5h" or "2h45m". Default units are seconds or the following
+abbreviations are valid:
 
-To use this flag you will need to be doing a modification time sync
-(so not using `--size-only` or `--checksum`). The flag will have no
-effect when using `--size-only` or `--checksum`.
+  * `ms` - Milliseconds
+  * `s`  - Seconds
+  * `m`  - Minutes
+  * `h`  - Hours
+  * `d`  - Days
+  * `w`  - Weeks
+  * `M`  - Months
+  * `y`  - Years
 
-If this flag is used when rclone comes to upload a file it will check
-to see if there is an existing file on the destination. If this file
-matches the source with size (and checksum if available) but has a
-differing timestamp then instead of re-uploading it, rclone will
-update the timestamp on the destination file. If the checksum does not
-match rclone will upload the new file. If the checksum is absent (e.g.
-on a `crypt` backend) then rclone will update the timestamp.
-
-Note that some remotes can't set the modification time without
-re-uploading the file so this flag is less useful on them.
-
-Normally if you are doing a modification time sync rclone will update
-modification times without `--refresh-times` provided that the remote
-supports checksums **and** the checksums match on the file. However if the
-checksums are absent then rclone will upload the file rather than
-setting the timestamp as this is the safe behaviour.
+These can also be specified as an absolute time in the following
+formats:
 
-### --retries int ###
+- RFC3339 - e.g. `2006-01-02T15:04:05Z` or `2006-01-02T15:04:05+07:00`
+- ISO8601 Date and time, local timezone - `2006-01-02T15:04:05`
+- ISO8601 Date and time, local timezone - `2006-01-02 15:04:05`
+- ISO8601 Date - `2006-01-02` (YYYY-MM-DD)
 
-Retry the entire sync if it fails this many times it fails (default 3).
+### Size options {#size-option}
 
-Some remotes can be unreliable and a few retries help pick up the
-files which didn't get transferred because of errors.
+Options which use SIZE use KiB (multiples of 1024 bytes) by default.
+However, a suffix of `B` for Byte, `K` for KiB, `M` for MiB,
+`G` for GiB, `T` for TiB and `P` for PiB may be used. These are
+the binary units, e.g. 1, 2\*\*10, 2\*\*20, 2\*\*30 respectively.
 
-Disable retries with `--retries 1`.
+### --backup-dir=DIR ###
 
-### --retries-sleep=TIME ###
+When using `sync`, `copy` or `move` any files which would have been
+overwritten or deleted are moved in their original hierarchy into this
+directory.
 
-This sets the interval between each retry specified by `--retries`
+If `--suffix` is set, then the moved files will have the suffix added
+to them.  If there is a file with the same path (after the suffix has
+been added) in DIR, then it will be overwritten.
 
-The default is `0`. Use `0` to disable.
+The remote in use must support server-side move or copy and you must
+use the same remote as the destination of the sync.  The backup
+directory must not overlap the destination directory without it being
+excluded by a filter rule.
 
-### --server-side-across-configs ###
+For example
 
-Allow server-side operations (e.g. copy or move) to work across
-different configurations.
+    rclone sync --interactive /path/to/local remote:current --backup-dir remote:old
 
-This can be useful if you wish to do a server-side copy or move
-between two remotes which use the same backend but are configured
-differently.
+will sync `/path/to/local` to `remote:current`, but for any files
+which would have been updated or deleted will be stored in
+`remote:old`.
 
-Note that this isn't enabled by default because it isn't easy for
-rclone to tell if it will work between any two configurations.
+If running rclone from a script you might want to use today's date as
+the directory name passed to `--backup-dir` to store the old files, or
+you might want to pass `--suffix` with today's date.
 
-### --size-only ###
+See `--compare-dest` and `--copy-dest`.
 
-Normally rclone will look at modification time and size of files to
-see if they are equal.  If you set this flag then rclone will check
-only the size.
+### --bind string ###
 
-This can be useful transferring files from Dropbox which have been
-modified by the desktop sync client which doesn't set checksums of
-modification times in the same way as rclone.
+Local address to bind to for outgoing connections.  This can be an
+IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or host name.  If
+the host name doesn't resolve or resolves to more than one IP address
+it will give an error.
 
-### --stats=TIME ###
+You can use `--bind 0.0.0.0` to force rclone to use IPv4 addresses and
+`--bind ::0` to force rclone to use IPv6 addresses.
 
-Commands which transfer data (`sync`, `copy`, `copyto`, `move`,
-`moveto`) will print data transfer stats at regular intervals to show
-their progress.
+### --bwlimit=BANDWIDTH_SPEC ###
 
-This sets the interval.
+This option controls the bandwidth limit. For example
 
-The default is `1m`. Use `0` to disable.
+    --bwlimit 10M
 
-If you set the stats interval then all commands can show stats.  This
-can be useful when running other commands, `check` or `mount` for
-example.
+would mean limit the upload and download bandwidth to 10 MiB/s.
+**NB** this is **bytes** per second not **bits** per second. To use a
+single limit, specify the desired bandwidth in KiB/s, or use a
+suffix B|K|M|G|T|P. The default is `0` which means to not limit bandwidth.
 
-Stats are logged at `INFO` level by default which means they won't
-show at default log level `NOTICE`.  Use `--stats-log-level NOTICE` or
-`-v` to make them show.  See the [Logging section](#logging) for more
-info on log levels.
+The upload and download bandwidth can be specified separately, as
+`--bwlimit UP:DOWN`, so
 
-Note that on macOS you can send a SIGINFO (which is normally ctrl-T in
-the terminal) to make the stats print immediately.
+    --bwlimit 10M:100k
 
-### --stats-file-name-length integer ###
-By default, the `--stats` output will truncate file names and paths longer
-than 40 characters.  This is equivalent to providing
-`--stats-file-name-length 40`. Use `--stats-file-name-length 0` to disable
-any truncation of file names printed by stats.
+would mean limit the upload bandwidth to 10 MiB/s and the download
+bandwidth to 100 KiB/s. Either limit can be "off" meaning no limit, so
+to just limit the upload bandwidth you would use
 
-### --stats-log-level string ###
+    --bwlimit 10M:off
 
-Log level to show `--stats` output at.  This can be `DEBUG`, `INFO`,
-`NOTICE`, or `ERROR`.  The default is `INFO`.  This means at the
-default level of logging which is `NOTICE` the stats won't show - if
-you want them to then use `--stats-log-level NOTICE`.  See the [Logging
-section](#logging) for more info on log levels.
+this would limit the upload bandwidth to 10 MiB/s but the download
+bandwidth would be unlimited.
 
-### --stats-one-line ###
+When specified as above the bandwidth limits last for the duration of
+run of the rclone binary.
 
-When this is specified, rclone condenses the stats into a single line
-showing the most important stats only.
+It is also possible to specify a "timetable" of limits, which will
+cause certain limits to be applied at certain times. To specify a
+timetable, format your entries as `WEEKDAY-HH:MM,BANDWIDTH
+WEEKDAY-HH:MM,BANDWIDTH...` where: `WEEKDAY` is optional element.
 
-### --stats-one-line-date ###
+- `BANDWIDTH` can be a single number, e.g.`100k` or a pair of numbers
+for upload:download, e.g.`10M:1M`.
+- `WEEKDAY` can be written as the whole word or only using the first 3
+  characters. It is optional.
+- `HH:MM` is an hour from 00:00 to 23:59.
 
-When this is specified, rclone enables the single-line stats and prepends
-the display with a date string. The default is `2006/01/02 15:04:05 - `
+An example of a typical timetable to avoid link saturation during daytime
+working hours could be:
 
-### --stats-one-line-date-format ###
+`--bwlimit "08:00,512k 12:00,10M 13:00,512k 18:00,30M 23:00,off"`
 
-When this is specified, rclone enables the single-line stats and prepends
-the display with a user-supplied date string. The date string MUST be
-enclosed in quotes. Follow [golang specs](https://golang.org/pkg/time/#Time.Format) for
-date formatting syntax.
+In this example, the transfer bandwidth will be set to 512 KiB/s
+at 8am every day. At noon, it will rise to 10 MiB/s, and drop back
+to 512 KiB/sec at 1pm. At 6pm, the bandwidth limit will be set to
+30 MiB/s, and at 11pm it will be completely disabled (full speed).
+Anything between 11pm and 8am will remain unlimited.
 
-### --stats-unit=bits|bytes ###
+An example of timetable with `WEEKDAY` could be:
 
-By default, data transfer rates will be printed in bytes per second.
+`--bwlimit "Mon-00:00,512 Fri-23:59,10M Sat-10:00,1M Sun-20:00,off"`
 
-This option allows the data rate to be printed in bits per second.
+It means that, the transfer bandwidth will be set to 512 KiB/s on
+Monday. It will rise to 10 MiB/s before the end of Friday. At 10:00
+on Saturday it will be set to 1 MiB/s. From 20:00 on Sunday it will
+be unlimited.
 
-Data transfer volume will still be reported in bytes.
+Timeslots without `WEEKDAY` are extended to the whole week. So this
+example:
 
-The rate is reported as a binary unit, not SI unit. So 1 Mbit/s
-equals 1,048,576 bit/s and not 1,000,000 bit/s.
+`--bwlimit "Mon-00:00,512 12:00,1M Sun-20:00,off"`
 
-The default is `bytes`.
+Is equivalent to this:
 
-### --suffix=SUFFIX ###
+`--bwlimit "Mon-00:00,512Mon-12:00,1M Tue-12:00,1M Wed-12:00,1M Thu-12:00,1M Fri-12:00,1M Sat-12:00,1M Sun-12:00,1M Sun-20:00,off"`
 
-When using `sync`, `copy` or `move` any files which would have been
-overwritten or deleted will have the suffix added to them.  If there
-is a file with the same path (after the suffix has been added), then
-it will be overwritten.
+Bandwidth limit apply to the data transfer for all backends. For most
+backends the directory listing bandwidth is also included (exceptions
+being the non HTTP backends, `ftp`, `sftp` and `storj`).
 
-The remote in use must support server-side move or copy and you must
-use the same remote as the destination of the sync.
+Note that the units are **Byte/s**, not **bit/s**. Typically
+connections are measured in bit/s - to convert divide by 8. For
+example, let's say you have a 10 Mbit/s connection and you wish rclone
+to use half of it - 5 Mbit/s. This is 5/8 = 0.625 MiB/s so you would
+use a `--bwlimit 0.625M` parameter for rclone.
 
-This is for use with files to add the suffix in the current directory
-or with `--backup-dir`. See `--backup-dir` for more info.
+On Unix systems (Linux, macOS, …) the bandwidth limiter can be toggled by
+sending a `SIGUSR2` signal to rclone. This allows to remove the limitations
+of a long running rclone transfer and to restore it back to the value specified
+with `--bwlimit` quickly when needed. Assuming there is only one rclone instance
+running, you can toggle the limiter like this:
 
-For example
+    kill -SIGUSR2 $(pidof rclone)
 
-    rclone copy --interactive /path/to/local/file remote:current --suffix .bak
+If you configure rclone with a [remote control](/rc) then you can use
+change the bwlimit dynamically:
 
-will copy `/path/to/local` to `remote:current`, but for any files
-which would have been updated or deleted have .bak added.
+    rclone rc core/bwlimit rate=1M
 
-If using `rclone sync` with `--suffix` and without `--backup-dir` then
-it is recommended to put a filter rule in excluding the suffix
-otherwise the `sync` will delete the backup files.
+### --bwlimit-file=BANDWIDTH_SPEC ###
 
-    rclone sync --interactive /path/to/local/file remote:current --suffix .bak --exclude "*.bak"
+This option controls per file bandwidth limit. For the options see the
+`--bwlimit` flag.
 
-### --suffix-keep-extension ###
+For example use this to allow no transfers to be faster than 1 MiB/s
 
-When using `--suffix`, setting this causes rclone put the SUFFIX
-before the extension of the files that it backs up rather than after.
+    --bwlimit-file 1M
 
-So let's say we had `--suffix -2019-01-01`, without the flag `file.txt`
-would be backed up to `file.txt-2019-01-01` and with the flag it would
-be backed up to `file-2019-01-01.txt`.  This can be helpful to make
-sure the suffixed files can still be opened.
+This can be used in conjunction with `--bwlimit`.
 
-### --syslog ###
+Note that if a schedule is provided the file will use the schedule in
+effect at the start of the transfer.
 
-On capable OSes (not Windows or Plan9) send all log output to syslog.
+### --buffer-size=SIZE ###
 
-This can be useful for running rclone in a script or `rclone mount`.
+Use this sized buffer to speed up file transfers.  Each `--transfer`
+will use this much memory for buffering.
 
-### --syslog-facility string ###
+When using `mount` or `cmount` each open file descriptor will use this much
+memory for buffering.
+See the [mount](https://rclone.org/commands/rclone_mount/#file-buffering) documentation for more details.
 
-If using `--syslog` this sets the syslog facility (e.g. `KERN`, `USER`).
-See `man syslog` for a list of possible facilities.  The default
-facility is `DAEMON`.
+Set to `0` to disable the buffering for the minimum memory usage.
 
-### --temp-dir=DIR ###
+Note that the memory allocation of the buffers is influenced by the
+[--use-mmap](#use-mmap) flag.
 
-Specify the directory rclone will use for temporary files, to override
-the default. Make sure the directory exists and have accessible permissions.
+### --cache-dir=DIR ###
 
-By default the operating system's temp directory will be used:
-- On Unix systems, `$TMPDIR` if non-empty, else `/tmp`.
-- On Windows, the first non-empty value from `%TMP%`, `%TEMP%`, `%USERPROFILE%`, or the Windows directory.
+Specify the directory rclone will use for caching, to override
+the default.
 
-When overriding the default with this option, the specified path will be
-set as value of environment variable `TMPDIR` on Unix systems
-and `TMP` and `TEMP` on Windows.
+Default value is depending on operating system:
+- Windows `%LocalAppData%\rclone`, if `LocalAppData` is defined.
+- macOS `$HOME/Library/Caches/rclone` if `HOME` is defined.
+- Unix `$XDG_CACHE_HOME/rclone` if `XDG_CACHE_HOME` is defined, else `$HOME/.cache/rclone` if `HOME` is defined.
+- Fallback (on all OS) to `$TMPDIR/rclone`, where `TMPDIR` is the value from [--temp-dir](#temp-dir-dir).
 
 You can use the [config paths](https://rclone.org/commands/rclone_config_paths/)
 command to see the current value.
 
-### --tpslimit float ###
+Cache directory is heavily used by the [VFS File Caching](https://rclone.org/commands/rclone_mount/#vfs-file-caching)
+mount feature, but also by [serve](https://rclone.org/commands/rclone_serve/), [GUI](/gui) and other parts of rclone.
 
-Limit transactions per second to this number. Default is 0 which is
-used to mean unlimited transactions per second.
+### --check-first ###
 
-A transaction is roughly defined as an API call; its exact meaning
-will depend on the backend. For HTTP based backends it is an HTTP
-PUT/GET/POST/etc and its response. For FTP/SFTP it is a round trip
-transaction over TCP.
+If this flag is set then in a `sync`, `copy` or `move`, rclone will do
+all the checks to see whether files need to be transferred before
+doing any of the transfers. Normally rclone would start running
+transfers as soon as possible.
 
-For example, to limit rclone to 10 transactions per second use
-`--tpslimit 10`, or to 1 transaction every 2 seconds use `--tpslimit
-0.5`.
+This flag can be useful on IO limited systems where transfers
+interfere with checking.
 
-Use this when the number of transactions per second from rclone is
-causing a problem with the cloud storage provider (e.g. getting you
-banned or rate limited).
+It can also be useful to ensure perfect ordering when using
+`--order-by`.
 
-This can be very useful for `rclone mount` to control the behaviour of
-applications using it.
+If both `--check-first` and `--order-by` are set when doing `rclone move`
+then rclone will use the transfer thread to delete source files which
+don't need transferring. This will enable perfect ordering of the
+transfers and deletes but will cause the transfer stats to have more
+items in than expected.
 
-This limit applies to all HTTP based backends and to the FTP and SFTP
-backends. It does not apply to the local backend or the Storj backend.
+Using this flag can use more memory as it effectively sets
+`--max-backlog` to infinite. This means that all the info on the
+objects to transfer is held in memory before the transfers start.
 
-See also `--tpslimit-burst`.
+### --checkers=N ###
 
-### --tpslimit-burst int ###
+Originally controlling just the number of file checkers to run in parallel, 
+e.g. by `rclone copy`. Now a fairly universal parallelism control 
+used by `rclone` in several places. 
 
-Max burst of transactions for `--tpslimit` (default `1`).
+Note: checkers do the equality checking of files during a sync. 
+For some storage systems (e.g. S3, Swift, Dropbox) this can take 
+a significant amount of time so they are run in parallel.
 
-Normally `--tpslimit` will do exactly the number of transaction per
-second specified.  However if you supply `--tps-burst` then rclone can
-save up some transactions from when it was idle giving a burst of up
-to the parameter supplied.
+The default is to run 8 checkers in parallel. However, in case 
+of slow-reacting backends you may need to lower (rather than increase)
+this default by setting `--checkers` to 4 or less threads. This is 
+especially advised if you are experiencing backend server crashes 
+during file checking phase (e.g. on subsequent or top-up backups 
+where little or no file copying is done and checking takes up 
+most of the time). Increase this setting only with utmost care, 
+while monitoring your server health and file checking throughput.
 
-For example if you provide `--tpslimit-burst 10` then if rclone has
-been idle for more than 10*`--tpslimit` then it can do 10 transactions
-very quickly before they are limited again.
+### -c, --checksum ###
 
-This may be used to increase performance of `--tpslimit` without
-changing the long term average number of transactions per second.
+Normally rclone will look at modification time and size of files to
+see if they are equal.  If you set this flag then rclone will check
+the file hash and size to determine if files are equal.
 
-### --track-renames ###
+This is useful when the remote doesn't support setting modified time
+and a more accurate sync is desired than just checking the file size.
 
-By default, rclone doesn't keep track of renamed files, so if you
-rename a file locally then sync it to a remote, rclone will delete the
-old file on the remote and upload a new copy.
+This is very useful when transferring between remotes which store the
+same hash type on the object, e.g. Drive and Swift. For details of which
+remotes support which hash type see the table in the [overview
+section](https://rclone.org/overview/).
 
-An rclone sync with `--track-renames` runs like a normal sync, but keeps
-track of objects which exist in the destination but not in the source
-(which would normally be deleted), and which objects exist in the
-source but not the destination (which would normally be transferred).
-These objects are then candidates for renaming.
+Eg `rclone --checksum sync s3:/bucket swift:/bucket` would run much
+quicker than without the `--checksum` flag.
 
-After the sync, rclone matches up the source only and destination only
-objects using the `--track-renames-strategy` specified and either
-renames the destination object or transfers the source and deletes the
-destination object. `--track-renames` is stateless like all of
-rclone's syncs.
+When using this flag, rclone won't update mtimes of remote files if
+they are incorrect as it would normally.
 
-To use this flag the destination must support server-side copy or
-server-side move, and to use a hash based `--track-renames-strategy`
-(the default) the source and the destination must have a compatible
-hash.
+### --color WHEN ###
 
-If the destination does not support server-side copy or move, rclone
-will fall back to the default behaviour and log an error level message
-to the console.
+Specify when colors (and other ANSI codes) should be added to the output.
 
-Encrypted destinations are not currently supported by `--track-renames`
-if `--track-renames-strategy` includes `hash`.
+`AUTO` (default) only allows ANSI codes when the output is a terminal
 
-Note that `--track-renames` is incompatible with `--no-traverse` and
-that it uses extra memory to keep track of all the rename candidates.
+`NEVER` never allow ANSI codes
 
-Note also that `--track-renames` is incompatible with
-`--delete-before` and will select `--delete-after` instead of
-`--delete-during`.
+`ALWAYS` always add ANSI codes, regardless of the output format (terminal or file)
 
-### --track-renames-strategy (hash,modtime,leaf,size) ###
+### --compare-dest=DIR ###
 
-This option changes the file matching criteria for `--track-renames`.
+When using `sync`, `copy` or `move` DIR is checked in addition to the
+destination for files. If a file identical to the source is found that
+file is NOT copied from source. This is useful to copy just files that
+have changed since the last backup.
 
-The matching is controlled by a comma separated selection of these tokens:
+You must use the same remote as the destination of the sync.  The
+compare directory must not overlap the destination directory.
 
-- `modtime` - the modification time of the file - not supported on all backends
-- `hash` - the hash of the file contents - not supported on all backends
-- `leaf` - the name of the file not including its directory name
-- `size` - the size of the file (this is always enabled)
+See `--copy-dest` and `--backup-dir`.
 
-The default option is `hash`.
+### --config=CONFIG_FILE ###
 
-Using `--track-renames-strategy modtime,leaf` would match files
-based on modification time, the leaf of the file name and the size
-only.
+Specify the location of the rclone configuration file, to override
+the default. E.g. `rclone config --config="rclone.conf"`.
 
-Using `--track-renames-strategy modtime` or `leaf` can enable
-`--track-renames` support for encrypted destinations.
+The exact default is a bit complex to describe, due to changes
+introduced through different versions of rclone while preserving
+backwards compatibility, but in most cases it is as simple as:
 
-Note that the `hash` strategy is not supported with encrypted destinations.
+ - `%APPDATA%/rclone/rclone.conf` on Windows
+ - `~/.config/rclone/rclone.conf` on other
 
-### --delete-(before,during,after) ###
+The complete logic is as follows: Rclone will look for an existing
+configuration file in any of the following locations, in priority order:
 
-This option allows you to specify when files on your destination are
-deleted when you sync folders.
+  1. `rclone.conf` (in program directory, where rclone executable is)
+  2. `%APPDATA%/rclone/rclone.conf` (only on Windows)
+  3. `$XDG_CONFIG_HOME/rclone/rclone.conf` (on all systems, including Windows)
+  4. `~/.config/rclone/rclone.conf` (see below for explanation of ~ symbol)
+  5. `~/.rclone.conf`
 
-Specifying the value `--delete-before` will delete all files present
-on the destination, but not on the source *before* starting the
-transfer of any new or updated files. This uses two passes through the
-file systems, one for the deletions and one for the copies.
+If no existing configuration file is found, then a new one will be created
+in the following location:
 
-Specifying `--delete-during` will delete files while checking and
-uploading files. This is the fastest option and uses the least memory.
+- On Windows: Location 2 listed above, except in the unlikely event
+  that `APPDATA` is not defined, then location 4 is used instead.
+- On Unix: Location 3 if `XDG_CONFIG_HOME` is defined, else location 4.
+- Fallback to location 5 (on all OS), when the rclone directory cannot be
+  created, but if also a home directory was not found then path
+  `.rclone.conf` relative to current working directory will be used as
+  a final resort.
 
-Specifying `--delete-after` (the default value) will delay deletion of
-files until all new/updated files have been successfully transferred.
-The files to be deleted are collected in the copy pass then deleted
-after the copy pass has completed successfully.  The files to be
-deleted are held in memory so this mode may use more memory.  This is
-the safest mode as it will only delete files if there have been no
-errors subsequent to that.  If there have been errors before the
-deletions start then you will get the message `not deleting files as
-there were IO errors`.
+The `~` symbol in paths above represent the home directory of the current user
+on any OS, and the value is defined as following:
 
-### --fast-list ###
+  - On Windows: `%HOME%` if defined, else `%USERPROFILE%`, or else `%HOMEDRIVE%\%HOMEPATH%`.
+  - On Unix: `$HOME` if defined, else by looking up current user in OS-specific user database
+    (e.g. passwd file), or else use the result from shell command `cd && pwd`.
 
-When doing anything which involves a directory listing (e.g. `sync`,
-`copy`, `ls` - in fact nearly every command), rclone normally lists a
-directory and processes it before using more directory lists to
-process any subdirectories.  This can be parallelised and works very
-quickly using the least amount of memory.
-
-However, some remotes have a way of listing all files beneath a
-directory in one (or a small number) of transactions.  These tend to
-be the bucket-based remotes (e.g. S3, B2, GCS, Swift).
-
-If you use the `--fast-list` flag then rclone will use this method for
-listing directories.  This will have the following consequences for
-the listing:
-
-  * It **will** use fewer transactions (important if you pay for them)
-  * It **will** use more memory.  Rclone has to load the whole listing into memory.
-  * It *may* be faster because it uses fewer transactions
-  * It *may* be slower because it can't be parallelized
-
-rclone should always give identical results with and without
-`--fast-list`.
-
-If you pay for transactions and can fit your entire sync listing into
-memory then `--fast-list` is recommended.  If you have a very big sync
-to do then don't use `--fast-list` otherwise you will run out of
-memory.
+If you run `rclone config file` you will see where the default
+location is for you.
 
-If you use `--fast-list` on a remote which doesn't support it, then
-rclone will just ignore it.
+The fact that an existing file `rclone.conf` in the same directory
+as the rclone executable is always preferred, means that it is easy
+to run in "portable" mode by downloading rclone executable to a
+writable directory and then create an empty file `rclone.conf` in the
+same directory.
 
-### --timeout=TIME ###
+If the location is set to empty string `""` or path to a file
+with name `notfound`, or the os null device represented by value `NUL` on
+Windows and `/dev/null` on Unix systems, then rclone will keep the
+config file in memory only.
 
-This sets the IO idle timeout.  If a transfer has started but then
-becomes idle for this long it is considered broken and disconnected.
+The file format is basic [INI](https://en.wikipedia.org/wiki/INI_file#Format):
+Sections of text, led by a `[section]` header and followed by
+`key=value` entries on separate lines. In rclone each remote is
+represented by its own section, where the section name defines the
+name of the remote. Options are specified as the `key=value` entries,
+where the key is the option name without the `--backend-` prefix,
+in lowercase and with `_` instead of `-`. E.g. option `--mega-hard-delete`
+corresponds to key `hard_delete`. Only backend options can be specified.
+A special, and required, key `type` identifies the [storage system](https://rclone.org/overview/),
+where the value is the internal lowercase name as returned by command
+`rclone help backends`. Comments are indicated by `;` or `#` at the
+beginning of a line.
 
-The default is `5m`.  Set to `0` to disable.
+Example:
 
-### --transfers=N ###
+    [megaremote]
+    type = mega
+    user = you@example.com
+    pass = PDPcQVVjVtzFY-GTdDFozqBhTdsPg3qH
 
-The number of file transfers to run in parallel.  It can sometimes be
-useful to set this to a smaller number if the remote is giving a lot
-of timeouts or bigger if you have lots of bandwidth and a fast remote.
+Note that passwords are in [obscured](https://rclone.org/commands/rclone_obscure/)
+form. Also, many storage systems uses token-based authentication instead
+of passwords, and this requires additional steps. It is easier, and safer,
+to use the interactive command `rclone config` instead of manually
+editing the configuration file.
 
-The default is to run 4 file transfers in parallel.
+The configuration file will typically contain login information, and
+should therefore have restricted permissions so that only the current user
+can read it. Rclone tries to ensure this when it writes the file.
+You may also choose to [encrypt](#configuration-encryption) the file.
 
-Look at --multi-thread-streams if you would like to control single file transfers.
+When token-based authentication are used, the configuration file
+must be writable, because rclone needs to update the tokens inside it.
 
-### -u, --update ###
+To reduce risk of corrupting an existing configuration file, rclone
+will not write directly to it when saving changes. Instead it will
+first write to a new, temporary, file. If a configuration file already
+existed, it will (on Unix systems) try to mirror its permissions to
+the new file. Then it will rename the existing file to a temporary
+name as backup. Next, rclone will rename the new file to the correct name,
+before finally cleaning up by deleting the backup file.
+
+If the configuration file path used by rclone is a symbolic link, then
+this will be evaluated and rclone will write to the resolved path, instead
+of overwriting the symbolic link. Temporary files used in the process
+(described above) will be written to the same parent directory as that
+of the resolved configuration file, but if this directory is also a
+symbolic link it will not be resolved and the temporary files will be
+written to the location of the directory symbolic link.
 
-This forces rclone to skip any files which exist on the destination
-and have a modified time that is newer than the source file.
+### --contimeout=TIME ###
 
-This can be useful in avoiding needless transfers when transferring to
-a remote which doesn't support modification times directly (or when
-using `--use-server-modtime` to avoid extra API calls) as it is more
-accurate than a `--size-only` check and faster than using
-`--checksum`. On such remotes (or when using `--use-server-modtime`)
-the time checked will be the uploaded time.
+Set the connection timeout. This should be in go time format which
+looks like `5s` for 5 seconds, `10m` for 10 minutes, or `3h30m`.
 
-If an existing destination file has a modification time older than the
-source file's, it will be updated if the sizes are different. If the
-sizes are the same, it will be updated if the checksum is different or
-not available.
+The connection timeout is the amount of time rclone will wait for a
+connection to go through to a remote object storage system.  It is
+`1m` by default.
 
-If an existing destination file has a modification time equal (within
-the computed modify window) to the source file's, it will be updated
-if the sizes are different. The checksum will not be checked in this
-case unless the `--checksum` flag is provided.
+### --copy-dest=DIR ###
 
-In all other cases the file will not be updated.
+When using `sync`, `copy` or `move` DIR is checked in addition to the
+destination for files. If a file identical to the source is found that
+file is server-side copied from DIR to the destination. This is useful
+for incremental backup.
 
-Consider using the `--modify-window` flag to compensate for time skews
-between the source and the backend, for backends that do not support
-mod times, and instead use uploaded times. However, if the backend
-does not support checksums, note that syncing or copying within the
-time skew window may still result in additional transfers for safety.
+The remote in use must support server-side copy and you must
+use the same remote as the destination of the sync.  The compare
+directory must not overlap the destination directory.
 
-### --use-mmap ###
+See `--compare-dest` and `--backup-dir`.
 
-If this flag is set then rclone will use anonymous memory allocated by
-mmap on Unix based platforms and VirtualAlloc on Windows for its
-transfer buffers (size controlled by `--buffer-size`).  Memory
-allocated like this does not go on the Go heap and can be returned to
-the OS immediately when it is finished with.
+### --dedupe-mode MODE ###
 
-If this flag is not set then rclone will allocate and free the buffers
-using the Go memory allocator which may use more memory as memory
-pages are returned less aggressively to the OS.
+Mode to run dedupe command in.  One of `interactive`, `skip`, `first`, 
+`newest`, `oldest`, `rename`.  The default is `interactive`.  
+See the dedupe command for more information as to what these options mean.
 
-It is possible this does not work well on all platforms so it is
-disabled by default; in the future it may be enabled by default.
+### --default-time TIME ###
 
-### --use-server-modtime ###
+If a file or directory does have a modification time rclone can read
+then rclone will display this fixed time instead.
 
-Some object-store backends (e.g, Swift, S3) do not preserve file modification
-times (modtime). On these backends, rclone stores the original modtime as
-additional metadata on the object. By default it will make an API call to
-retrieve the metadata when the modtime is needed by an operation.
+The default is `2000-01-01 00:00:00 UTC`. This can be configured in
+any of the ways shown in [the time or duration options](#time-option).
 
-Use this flag to disable the extra API call and rely instead on the server's
-modified time. In cases such as a local to remote sync using `--update`,
-knowing the local file is newer than the time it was last uploaded to the
-remote is sufficient. In those cases, this flag can speed up the process and
-reduce the number of API calls necessary.
+For example `--default-time 2020-06-01` to set the default time to the
+1st of June 2020 or `--default-time 0s` to set the default time to the
+time rclone started up.
 
-Using this flag on a sync operation without also using `--update` would cause
-all files modified at any time other than the last upload time to be uploaded
-again, which is probably not what you want.
+### --disable FEATURE,FEATURE,... ###
 
-### -v, -vv, --verbose ###
+This disables a comma separated list of optional features. For example
+to disable server-side move and server-side copy use:
 
-With `-v` rclone will tell you about each file that is transferred and
-a small number of significant events.
+    --disable move,copy
 
-With `-vv` rclone will become very verbose telling you about every
-file it considers and transfers.  Please send bug reports with a log
-with this setting.
+The features can be put in any case.
 
-When setting verbosity as an environment variable, use
-`RCLONE_VERBOSE=1` or `RCLONE_VERBOSE=2` for `-v` and `-vv` respectively.
+To see a list of which features can be disabled use:
 
-### -V, --version ###
+    --disable help
 
-Prints the version number
+The features a remote has can be seen in JSON format with:
 
-SSL/TLS options
----------------
+    rclone backend features remote:
 
-The outgoing SSL/TLS connections rclone makes can be controlled with
-these options.  For example this can be very useful with the HTTP or
-WebDAV backends. Rclone HTTP servers have their own set of
-configuration for SSL/TLS which you can find in their documentation.
+See the overview [features](https://rclone.org/overview/#features) and
+[optional features](https://rclone.org/overview/#optional-features) to get an idea of
+which feature does what.
 
-### --ca-cert stringArray
+Note that some features can be set to `true` if they are `true`/`false`
+feature flag features by prefixing them with `!`. For example the
+`CaseInsensitive` feature can be forced to `false` with `--disable CaseInsensitive`
+and forced to `true` with `--disable '!CaseInsensitive'`. In general
+it isn't a good idea doing this but it may be useful in extremis.
 
-This loads the PEM encoded certificate authority certificates and uses
-it to verify the certificates of the servers rclone connects to.
+(Note that `!` is a shell command which you will
+need to escape with single quotes or a backslash on unix like
+platforms.)
 
-If you have generated certificates signed with a local CA then you
-will need this flag to connect to servers using those certificates.
+This flag can be useful for debugging and in exceptional circumstances
+(e.g. Google Drive limiting the total volume of Server Side Copies to
+100 GiB/day).
 
-### --client-cert string
+### --disable-http2
 
-This loads the PEM encoded client side certificate.
+This stops rclone from trying to use HTTP/2 if available. This can
+sometimes speed up transfers due to a
+[problem in the Go standard library](https://github.com/golang/go/issues/37373).
 
-This is used for [mutual TLS authentication](https://en.wikipedia.org/wiki/Mutual_authentication).
+### --dscp VALUE ###
 
-The `--client-key` flag is required too when using this.
+Specify a DSCP value or name to use in connections. This could help QoS
+system to identify traffic class. BE, EF, DF, LE, CSx and AFxx are allowed.
 
-### --client-key string
+See the description of [differentiated services](https://en.wikipedia.org/wiki/Differentiated_services) to get an idea of
+this field. Setting this to 1 (LE) to identify the flow to SCAVENGER class
+can avoid occupying too much bandwidth in a network with DiffServ support ([RFC 8622](https://tools.ietf.org/html/rfc8622)).
 
-This loads the PEM encoded client side private key used for mutual TLS
-authentication.  Used in conjunction with `--client-cert`.
+For example, if you configured QoS on router to handle LE properly. Running:
+```
+rclone copy --dscp LE from:/from to:/to
+```
+would make the priority lower than usual internet flows.
 
-### --no-check-certificate=true/false ###
+This option has no effect on Windows (see [golang/go#42728](https://github.com/golang/go/issues/42728)).
 
-`--no-check-certificate` controls whether a client verifies the
-server's certificate chain and host name.
-If `--no-check-certificate` is true, TLS accepts any certificate
-presented by the server and any host name in that certificate.
-In this mode, TLS is susceptible to man-in-the-middle attacks.
+### -n, --dry-run ###
 
-This option defaults to `false`.
+Do a trial run with no permanent changes.  Use this to see what rclone
+would do without actually doing it.  Useful when setting up the `sync`
+command which deletes files in the destination.
 
-**This should be used only for testing.**
+### --expect-continue-timeout=TIME ###
 
-Configuration Encryption
-------------------------
-Your configuration file contains information for logging in to
-your cloud services. This means that you should keep your
-`rclone.conf` file in a secure location.
+This specifies the amount of time to wait for a server's first
+response headers after fully writing the request headers if the
+request has an "Expect: 100-continue" header. Not all backends support
+using this.
 
-If you are in an environment where that isn't possible, you can
-add a password to your configuration. This means that you will
-have to supply the password every time you start rclone.
+Zero means no timeout and causes the body to be sent immediately,
+without waiting for the server to approve.  This time does not include
+the time to send the request header.
 
-To add a password to your rclone configuration, execute `rclone config`.
+The default is `1s`.  Set to `0` to disable.
 
-```
->rclone config
-Current remotes:
+### --error-on-no-transfer ###
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-s) Set configuration password
-q) Quit config
-e/n/d/s/q>
-```
+By default, rclone will exit with return code 0 if there were no errors.
 
-Go into `s`, Set configuration password:
-```
-e/n/d/s/q> s
-Your configuration is not encrypted.
-If you add a password, you will protect your login information to cloud services.
-a) Add Password
-q) Quit to main menu
-a/q> a
-Enter NEW configuration password:
-password:
-Confirm NEW password:
-password:
-Password set
-Your configuration is encrypted.
-c) Change Password
-u) Unencrypt configuration
-q) Quit to main menu
-c/u/q>
-```
+This option allows rclone to return exit code 9 if no files were transferred
+between the source and destination. This allows using rclone in scripts, and
+triggering follow-on actions if data was copied, or skipping if not.
 
-Your configuration is now encrypted, and every time you start rclone
-you will have to supply the password. See below for details.
-In the same menu, you can change the password or completely remove
-encryption from your configuration.
+NB: Enabling this option turns a usually non-fatal error into a potentially
+fatal one - please check and adjust your scripts accordingly!
 
-There is no way to recover the configuration if you lose your password.
+### --fs-cache-expire-duration=TIME
 
-rclone uses [nacl secretbox](https://godoc.org/golang.org/x/crypto/nacl/secretbox)
-which in turn uses XSalsa20 and Poly1305 to encrypt and authenticate
-your configuration with secret-key cryptography.
-The password is SHA-256 hashed, which produces the key for secretbox.
-The hashed password is not stored.
+When using rclone via the API rclone caches created remotes for 5
+minutes by default in the "fs cache". This means that if you do
+repeated actions on the same remote then rclone won't have to build it
+again from scratch, which makes it more efficient.
 
-While this provides very good security, we do not recommend storing
-your encrypted rclone configuration in public if it contains sensitive
-information, maybe except if you use a very strong password.
+This flag sets the time that the remotes are cached for. If you set it
+to `0` (or negative) then rclone won't cache the remotes at all.
 
-If it is safe in your environment, you can set the `RCLONE_CONFIG_PASS`
-environment variable to contain your password, in which case it will be
-used for decrypting the configuration.
+Note that if you use some flags, eg `--backup-dir` and if this is set
+to `0` rclone may build two remotes (one for the source or destination
+and one for the `--backup-dir` where it may have only built one
+before.
 
-You can set this for a session from a script.  For unix like systems
-save this to a file called `set-rclone-password`:
+### --fs-cache-expire-interval=TIME
 
-```
-#!/bin/echo Source this file don't run it
+This controls how often rclone checks for cached remotes to expire.
+See the `--fs-cache-expire-duration` documentation above for more
+info. The default is 60s, set to 0 to disable expiry.
 
-read -s RCLONE_CONFIG_PASS
-export RCLONE_CONFIG_PASS
-```
+### --header ###
 
-Then source the file when you want to use it.  From the shell you
-would do `source set-rclone-password`.  It will then ask you for the
-password and set it in the environment variable.
+Add an HTTP header for all transactions. The flag can be repeated to
+add multiple headers.
 
-An alternate means of supplying the password is to provide a script
-which will retrieve the password and print on standard output.  This
-script should have a fully specified path name and not rely on any
-environment variables.  The script is supplied either via
-`--password-command="..."` command line argument or via the
-`RCLONE_PASSWORD_COMMAND` environment variable.
+If you want to add headers only for uploads use `--header-upload` and
+if you want to add headers only for downloads use `--header-download`.
 
-One useful example of this is using the `passwordstore` application
-to retrieve the password:
+This flag is supported for all HTTP based backends even those not
+supported by `--header-upload` and `--header-download` so may be used
+as a workaround for those with care.
 
 ```
-export RCLONE_PASSWORD_COMMAND="pass rclone/config"
+rclone ls remote:test --header "X-Rclone: Foo" --header "X-LetMeIn: Yes"
 ```
 
-If the `passwordstore` password manager holds the password for the
-rclone configuration, using the script method means the password
-is primarily protected by the `passwordstore` system, and is never
-embedded in the clear in scripts, nor available for examination
-using the standard commands available.  It is quite possible with
-long running rclone sessions for copies of passwords to be innocently
-captured in log files or terminal scroll buffers, etc.  Using the
-script method of supplying the password enhances the security of
-the config password considerably.
+### --header-download ###
 
-If you are running rclone inside a script, unless you are using the
-`--password-command` method, you might want to disable
-password prompts. To do that, pass the parameter
-`--ask-password=false` to rclone. This will make rclone fail instead
-of asking for a password if `RCLONE_CONFIG_PASS` doesn't contain
-a valid password, and `--password-command` has not been supplied.
+Add an HTTP header for all download transactions. The flag can be repeated to
+add multiple headers.
 
-Whenever running commands that may be affected by options in a
-configuration file, rclone will look for an existing file according
-to the rules described [above](#config-config-file), and load any it
-finds. If an encrypted file is found, this includes decrypting it,
-with the possible consequence of a password prompt. When executing
-a command line that you know are not actually using anything from such
-a configuration file, you can avoid it being loaded by overriding the
-location, e.g. with one of the documented special values for
-memory-only configuration. Since only backend options can be stored
-in configuration files, this is normally unnecessary for commands
-that do not operate on backends, e.g. `genautocomplete`. However,
-it will be relevant for commands that do operate on backends in
-general, but are used without referencing a stored remote, e.g.
-listing local filesystem paths, or
-[connection strings](#connection-strings): `rclone --config="" ls .`
+```
+rclone sync --interactive s3:test/src ~/dst --header-download "X-Amz-Meta-Test: Foo" --header-download "X-Amz-Meta-Test2: Bar"
+```
 
-Developer options
------------------
+See the GitHub issue [here](https://github.com/rclone/rclone/issues/59) for
+currently supported backends.
 
-These options are useful when developing or debugging rclone.  There
-are also some more remote specific options which aren't documented
-here which are used for testing.  These start with remote name e.g.
-`--drive-test-option` - see the docs for the remote in question.
+### --header-upload ###
 
-### --cpuprofile=FILE ###
+Add an HTTP header for all upload transactions. The flag can be repeated to add
+multiple headers.
 
-Write CPU profile to file.  This can be analysed with `go tool pprof`.
+```
+rclone sync --interactive ~/src s3:test/dst --header-upload "Content-Disposition: attachment; filename='cool.html'" --header-upload "X-Amz-Meta-Test: FooBar"
+```
 
-#### --dump flag,flag,flag ####
+See the GitHub issue [here](https://github.com/rclone/rclone/issues/59) for
+currently supported backends.
 
-The `--dump` flag takes a comma separated list of flags to dump info
-about.
+### --human-readable ###
 
-Note that some headers including `Accept-Encoding` as shown may not
-be correct in the request and the response may not show `Content-Encoding`
-if the go standard libraries auto gzip encoding was in effect. In this case
-the body of the request will be gunzipped before showing it.
+Rclone commands output values for sizes (e.g. number of bytes) and
+counts (e.g. number of files) either as *raw* numbers, or
+in *human-readable* format.
 
-The available flags are:
+In human-readable format the values are scaled to larger units, indicated with
+a suffix shown after the value, and rounded to three decimals. Rclone consistently
+uses binary units (powers of 2) for sizes and decimal units (powers of 10) for counts.
+The unit prefix for size is according to IEC standard notation, e.g. `Ki` for kibi.
+Used with byte unit, `1 KiB` means 1024 Byte. In list type of output, only the
+unit prefix appended to the value (e.g. `9.762Ki`), while in more textual output
+the full unit is shown (e.g. `9.762 KiB`). For counts the SI standard notation is
+used, e.g. prefix `k` for kilo. Used with file counts, `1k` means 1000 files.
 
-#### --dump headers ####
+The various [list](https://rclone.org/commands/rclone_ls/) commands output raw numbers by default.
+Option `--human-readable` will make them output values in human-readable format
+instead (with the short unit prefix).
 
-Dump HTTP headers with `Authorization:` lines removed. May still
-contain sensitive info.  Can be very verbose.  Useful for debugging
-only.
+The [about](https://rclone.org/commands/rclone_about/) command outputs human-readable by default,
+with a command-specific option `--full` to output the raw numbers instead.
 
-Use `--dump auth` if you do want the `Authorization:` headers.
+Command [size](https://rclone.org/commands/rclone_size/) outputs both human-readable and raw numbers
+in the same output.
 
-#### --dump bodies ####
+The [tree](https://rclone.org/commands/rclone_tree/) command also considers `--human-readable`, but
+it will not use the exact same notation as the other commands: It rounds to one
+decimal, and uses single letter suffix, e.g. `K` instead of `Ki`. The reason for
+this is that it relies on an external library.
 
-Dump HTTP headers and bodies - may contain sensitive info.  Can be
-very verbose.  Useful for debugging only.
+The interactive command [ncdu](https://rclone.org/commands/rclone_ncdu/) shows human-readable by
+default, and responds to key `u` for toggling human-readable format.
 
-Note that the bodies are buffered in memory so don't use this for
-enormous files.
+### --ignore-case-sync ###
 
-#### --dump requests ####
+Using this option will cause rclone to ignore the case of the files
+when synchronizing so files will not be copied/synced when the
+existing filenames are the same, even if the casing is different.
 
-Like `--dump bodies` but dumps the request bodies and the response
-headers.  Useful for debugging download problems.
+### --ignore-checksum ###
 
-#### --dump responses ####
+Normally rclone will check that the checksums of transferred files
+match, and give an error "corrupted on transfer" if they don't.
 
-Like `--dump bodies` but dumps the response bodies and the request
-headers. Useful for debugging upload problems.
+You can use this option to skip that check.  You should only use it if
+you have had the "corrupted on transfer" error message and you are
+sure you might want to transfer potentially corrupted data.
 
-#### --dump auth ####
+### --ignore-existing ###
 
-Dump HTTP headers - will contain sensitive info such as
-`Authorization:` headers - use `--dump headers` to dump without
-`Authorization:` headers.  Can be very verbose.  Useful for debugging
-only.
+Using this option will make rclone unconditionally skip all files
+that exist on the destination, no matter the content of these files.
 
-#### --dump filters ####
+While this isn't a generally recommended option, it can be useful
+in cases where your files change due to encryption. However, it cannot
+correct partial transfers in case a transfer was interrupted.
 
-Dump the filters to the output.  Useful to see exactly what include
-and exclude options are filtering on.
+When performing a `move`/`moveto` command, this flag will leave skipped
+files in the source location unchanged when a file with the same name
+exists on the destination.
 
-#### --dump goroutines ####
+### --ignore-size ###
 
-This dumps a list of the running go-routines at the end of the command
-to standard output.
+Normally rclone will look at modification time and size of files to
+see if they are equal.  If you set this flag then rclone will check
+only the modification time.  If `--checksum` is set then it only
+checks the checksum.
 
-#### --dump openfiles ####
+It will also cause rclone to skip verifying the sizes are the same
+after transfer.
 
-This dumps a list of the open files at the end of the command.  It
-uses the `lsof` command to do that so you'll need that installed to
-use it.
+This can be useful for transferring files to and from OneDrive which
+occasionally misreports the size of image files (see
+[#399](https://github.com/rclone/rclone/issues/399) for more info).
 
-### --memprofile=FILE ###
+### -I, --ignore-times ###
 
-Write memory profile to file. This can be analysed with `go tool pprof`.
+Using this option will cause rclone to unconditionally upload all
+files regardless of the state of files on the destination.
 
-Filtering
----------
+Normally rclone would skip any files that have the same
+modification time and are the same size (or have the same checksum if
+using `--checksum`).
 
-For the filtering options
+### --immutable ###
 
-  * `--delete-excluded`
-  * `--filter`
-  * `--filter-from`
-  * `--exclude`
-  * `--exclude-from`
-  * `--exclude-if-present`
-  * `--include`
-  * `--include-from`
-  * `--files-from`
-  * `--files-from-raw`
-  * `--min-size`
-  * `--max-size`
-  * `--min-age`
-  * `--max-age`
-  * `--dump filters`
-  * `--metadata-include`
-  * `--metadata-include-from`
-  * `--metadata-exclude`
-  * `--metadata-exclude-from`
-  * `--metadata-filter`
-  * `--metadata-filter-from`
+Treat source and destination files as immutable and disallow
+modification.
 
-See the [filtering section](https://rclone.org/filtering/).
+With this option set, files will be created and deleted as requested,
+but existing files will never be updated.  If an existing file does
+not match between the source and destination, rclone will give the error
+`Source and destination exist but do not match: immutable file modified`.
 
-Remote control
---------------
+Note that only commands which transfer files (e.g. `sync`, `copy`,
+`move`) are affected by this behavior, and only modification is
+disallowed.  Files may still be deleted explicitly (e.g. `delete`,
+`purge`) or implicitly (e.g. `sync`, `move`).  Use `copy --immutable`
+if it is desired to avoid deletion as well as modification.
 
-For the remote control options and for instructions on how to remote control rclone
+This can be useful as an additional layer of protection for immutable
+or append-only data sets (notably backup archives), where modification
+implies corruption and should not be propagated.
 
-  * `--rc`
-  * and anything starting with `--rc-`
+### --inplace {#inplace}
 
-See [the remote control section](https://rclone.org/rc/).
+The `--inplace` flag changes the behaviour of rclone when uploading
+files to some backends (backends with the `PartialUploads` feature
+flag set) such as:
 
-Logging
--------
+- local
+- ftp
+- sftp
 
-rclone has 4 levels of logging, `ERROR`, `NOTICE`, `INFO` and `DEBUG`.
+Without `--inplace` (the default) rclone will first upload to a
+temporary file with an extension like this, where `XXXXXX` represents a
+random string and `.partial` is [--partial-suffix](#partial-suffix) value
+(`.partial` by default).
 
-By default, rclone logs to standard error.  This means you can redirect
-standard error and still see the normal output of rclone commands (e.g.
-`rclone ls`).
+    original-file-name.XXXXXX.partial
 
-By default, rclone will produce `Error` and `Notice` level messages.
+(rclone will make sure the final name is no longer than 100 characters
+by truncating the `original-file-name` part if necessary).
 
-If you use the `-q` flag, rclone will only produce `Error` messages.
+When the upload is complete, rclone will rename the `.partial` file to
+the correct name, overwriting any existing file at that point. If the
+upload fails then the `.partial` file will be deleted.
 
-If you use the `-v` flag, rclone will produce `Error`, `Notice` and
-`Info` messages.
+This prevents other users of the backend from seeing partially
+uploaded files in their new names and prevents overwriting the old
+file until the new one is completely uploaded.
 
-If you use the `-vv` flag, rclone will produce `Error`, `Notice`,
-`Info` and `Debug` messages.
+If the `--inplace` flag is supplied, rclone will upload directly to
+the final name without creating a `.partial` file.
 
-You can also control the log levels with the `--log-level` flag.
+This means that an incomplete file will be visible in the directory
+listings while the upload is in progress and any existing files will
+be overwritten as soon as the upload starts. If the transfer fails
+then the file will be deleted. This can cause data loss of the
+existing file if the transfer fails.
 
-If you use the `--log-file=FILE` option, rclone will redirect `Error`,
-`Info` and `Debug` messages along with standard error to FILE.
+Note that on the local file system if you don't use `--inplace` hard
+links (Unix only) will be broken. And if you do use `--inplace` you
+won't be able to update in use executables.
 
-If you use the `--syslog` flag then rclone will log to syslog and the
-`--syslog-facility` control which facility it uses.
+Note also that versions of rclone prior to v1.63.0 behave as if the
+`--inplace` flag is always supplied.
 
-Rclone prefixes all log messages with their level in capitals, e.g. INFO
-which makes it easy to grep the log file for different kinds of
-information.
+### -i, --interactive {#interactive}
 
-Exit Code
----------
+This flag can be used to tell rclone that you wish a manual
+confirmation before destructive operations.
 
-If any errors occur during the command execution, rclone will exit with a
-non-zero exit code.  This allows scripts to detect when rclone
-operations have failed.
+It is **recommended** that you use this flag while learning rclone
+especially with `rclone sync`.
 
-During the startup phase, rclone will exit immediately if an error is
-detected in the configuration.  There will always be a log message
-immediately before exiting.
+For example
 
-When rclone is running it will accumulate errors as it goes along, and
-only exit with a non-zero exit code if (after retries) there were
-still failed transfers.  For every error counted there will be a high
-priority log message (visible with `-q`) showing the message and
-which file caused the problem. A high priority message is also shown
-when starting a retry so the user can see that any previous error
-messages may not be valid after the retry. If rclone has done a retry
-it will log a high priority message if the retry was successful.
+```
+$ rclone delete --interactive /tmp/dir
+rclone: delete "important-file.txt"?
+y) Yes, this is OK (default)
+n) No, skip this
+s) Skip all delete operations with no more questions
+!) Do all delete operations with no more questions
+q) Exit rclone now.
+y/n/s/!/q> n
+```
 
-### List of exit codes ###
-  * `0` - success
-  * `1` - Syntax or usage error
-  * `2` - Error not otherwise categorised
-  * `3` - Directory not found
-  * `4` - File not found
-  * `5` - Temporary error (one that more retries might fix) (Retry errors)
-  * `6` - Less serious errors (like 461 errors from dropbox) (NoRetry errors)
-  * `7` - Fatal error (one that more retries won't fix, like account suspended) (Fatal errors)
-  * `8` - Transfer exceeded - limit set by --max-transfer reached
-  * `9` - Operation successful, but no files transferred
+The options mean
 
-Environment Variables
----------------------
+- `y`: **Yes**, this operation should go ahead. You can also press Return
+  for this to happen. You'll be asked every time unless you choose `s`
+  or `!`.
+- `n`: **No**, do not do this operation. You'll be asked every time unless
+  you choose `s` or `!`.
+- `s`: **Skip** all the following operations of this type with no more
+  questions. This takes effect until rclone exits. If there are any
+  different kind of operations you'll be prompted for them.
+- `!`: **Do all** the following operations with no more
+  questions. Useful if you've decided that you don't mind rclone doing
+  that kind of operation. This takes effect until rclone exits . If
+  there are any different kind of operations you'll be prompted for
+  them.
+- `q`: **Quit** rclone now, just in case!
 
-Rclone can be configured entirely using environment variables.  These
-can be used to set defaults for options or config file entries.
+### --leave-root ####
 
-### Options ###
+During rmdirs it will not remove root directory, even if it's empty.
 
-Every option in rclone can have its default set by environment
-variable.
+### --log-file=FILE ###
 
-To find the name of the environment variable, first, take the long
-option name, strip the leading `--`, change `-` to `_`, make
-upper case and prepend `RCLONE_`.
+Log all of rclone's output to FILE.  This is not active by default.
+This can be useful for tracking down problems with syncs in
+combination with the `-v` flag.  See the [Logging section](#logging)
+for more info.
 
-For example, to always set `--stats 5s`, set the environment variable
-`RCLONE_STATS=5s`.  If you set stats on the command line this will
-override the environment variable setting.
+If FILE exists then rclone will append to it.
 
-Or to always use the trash in drive `--drive-use-trash`, set
-`RCLONE_DRIVE_USE_TRASH=true`.
+Note that if you are using the `logrotate` program to manage rclone's
+logs, then you should use the `copytruncate` option as rclone doesn't
+have a signal to rotate logs.
 
-Verbosity is slightly different, the environment variable 
-equivalent of `--verbose` or `-v` is `RCLONE_VERBOSE=1`, 
-or for `-vv`, `RCLONE_VERBOSE=2`.
+### --log-format LIST ###
 
-The same parser is used for the options and the environment variables
-so they take exactly the same form.
+Comma separated list of log format options. Accepted options are `date`, 
+`time`, `microseconds`, `pid`, `longfile`, `shortfile`, `UTC`. Any other 
+keywords will be silently ignored. `pid` will tag log messages with process
+identifier which useful with `rclone mount --daemon`. Other accepted
+options are explained in the [go documentation](https://pkg.go.dev/log#pkg-constants).
+The default log format is "`date`,`time`".
 
-The options set by environment variables can be seen with the `-vv` flag, e.g. `rclone version -vv`.
+### --log-level LEVEL ###
 
-### Config file ###
+This sets the log level for rclone.  The default log level is `NOTICE`.
 
-You can set defaults for values in the config file on an individual
-remote basis. The names of the config items are documented in the page
-for each backend.
+`DEBUG` is equivalent to `-vv`. It outputs lots of debug info - useful
+for bug reports and really finding out what rclone is doing.
 
-To find the name of the environment variable, you need to set, take
-`RCLONE_CONFIG_` + name of remote + `_` + name of config file option
-and make it all uppercase.
+`INFO` is equivalent to `-v`. It outputs information about each transfer
+and prints stats once a minute by default.
 
-For example, to configure an S3 remote named `mys3:` without a config
-file (using unix ways of setting environment variables):
+`NOTICE` is the default log level if no logging flags are supplied. It
+outputs very little when things are working normally. It outputs
+warnings and significant events.
 
-```
-$ export RCLONE_CONFIG_MYS3_TYPE=s3
-$ export RCLONE_CONFIG_MYS3_ACCESS_KEY_ID=XXX
-$ export RCLONE_CONFIG_MYS3_SECRET_ACCESS_KEY=XXX
-$ rclone lsd mys3:
-          -1 2016-09-21 12:54:21        -1 my-bucket
-$ rclone listremotes | grep mys3
-mys3:
-```
+`ERROR` is equivalent to `-q`. It only outputs error messages.
 
-Note that if you want to create a remote using environment variables
-you must create the `..._TYPE` variable as above.
+### --use-json-log ###
 
-Note that the name of a remote created using environment variable is
-case insensitive, in contrast to regular remotes stored in config
-file as documented [above](#valid-remote-names).
-You must write the name in uppercase in the environment variable, but
-as seen from example above it will be listed and can be accessed in
-lowercase, while you can also refer to the same remote in uppercase:
-```
-$ rclone lsd mys3:
-          -1 2016-09-21 12:54:21        -1 my-bucket
-$ rclone lsd MYS3:
-          -1 2016-09-21 12:54:21        -1 my-bucket
-```
+This switches the log format to JSON for rclone. The fields of json log
+are level, msg, source, time.
 
+### --low-level-retries NUMBER ###
 
-Note that you can only set the options of the immediate backend, 
-so RCLONE_CONFIG_MYS3CRYPT_ACCESS_KEY_ID has no effect, if myS3Crypt is 
-a crypt remote based on an S3 remote. However RCLONE_S3_ACCESS_KEY_ID will 
-set the access key of all remotes using S3, including myS3Crypt.
+This controls the number of low level retries rclone does.
 
-Note also that now rclone has [connection strings](#connection-strings),
-it is probably easier to use those instead which makes the above example
+A low level retry is used to retry a failing operation - typically one
+HTTP request.  This might be uploading a chunk of a big file for
+example.  You will see low level retries in the log with the `-v`
+flag.
 
-    rclone lsd :s3,access_key_id=XXX,secret_access_key=XXX:
+This shouldn't need to be changed from the default in normal operations.
+However, if you get a lot of low level retries you may wish
+to reduce the value so rclone moves on to a high level retry (see the
+`--retries` flag) quicker.
 
-### Precedence
+Disable low level retries with `--low-level-retries 1`.
 
-The various different methods of backend configuration are read in
-this order and the first one with a value is used.
+### --max-backlog=N ###
 
-- Parameters in connection strings, e.g. `myRemote,skip_links:`
-- Flag values as supplied on the command line, e.g. `--skip-links`
-- Remote specific environment vars, e.g. `RCLONE_CONFIG_MYREMOTE_SKIP_LINKS` (see above).
-- Backend-specific environment vars, e.g. `RCLONE_LOCAL_SKIP_LINKS`.
-- Backend generic environment vars, e.g. `RCLONE_SKIP_LINKS`.
-- Config file, e.g. `skip_links = true`.
-- Default values, e.g. `false` - these can't be changed.
+This is the maximum allowable backlog of files in a sync/copy/move
+queued for being checked or transferred.
 
-So if both `--skip-links` is supplied on the command line and an
-environment variable `RCLONE_LOCAL_SKIP_LINKS` is set, the command line
-flag will take preference.
+This can be set arbitrarily large.  It will only use memory when the
+queue is in use.  Note that it will use in the order of N KiB of memory
+when the backlog is in use.
 
-The backend configurations set by environment variables can be seen with the `-vv` flag, e.g. `rclone about myRemote: -vv`.
+Setting this large allows rclone to calculate how many files are
+pending more accurately, give a more accurate estimated finish
+time and make `--order-by` work more accurately.
 
-For non backend configuration the order is as follows:
+Setting this small will make rclone more synchronous to the listings
+of the remote which may be desirable.
 
-- Flag values as supplied on the command line, e.g. `--stats 5s`.
-- Environment vars, e.g. `RCLONE_STATS=5s`.
-- Default values, e.g. `1m` - these can't be changed.
+Setting this to a negative number will make the backlog as large as
+possible.
 
-### Other environment variables ###
+### --max-delete=N ###
 
-- `RCLONE_CONFIG_PASS` set to contain your config file password (see [Configuration Encryption](#configuration-encryption) section)
-- `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` (or the lowercase versions thereof).
-    - `HTTPS_PROXY` takes precedence over `HTTP_PROXY` for https requests.
-    - The environment values may be either a complete URL or a "host[:port]" for, in which case the "http" scheme is assumed.
-- `USER` and `LOGNAME` values are used as fallbacks for current username. The primary method for looking up username is OS-specific: Windows API on Windows, real user ID in /etc/passwd on Unix systems. In the documentation the current username is simply referred to as `$USER`.
-- `RCLONE_CONFIG_DIR` - rclone **sets** this variable for use in config files and sub processes to point to the directory holding the config file.
+This tells rclone not to delete more than N files.  If that limit is
+exceeded then a fatal error will be generated and rclone will stop the
+operation in progress.
 
-The options set by environment variables can be seen with the `-vv` and `--log-level=DEBUG` flags, e.g. `rclone version -vv`.
+### --max-delete-size=SIZE ###
 
-# Configuring rclone on a remote / headless machine #
+Rclone will stop deleting files when the total size of deletions has
+reached the size specified. It defaults to off.
 
-Some of the configurations (those involving oauth2) require an
-Internet connected web browser.
+If that limit is exceeded then a fatal error will be generated and
+rclone will stop the operation in progress.
 
-If you are trying to set rclone up on a remote or headless box with no
-browser available on it (e.g. a NAS or a server in a datacenter) then
-you will need to use an alternative means of configuration.  There are
-two ways of doing it, described below.
+### --max-depth=N ###
 
-## Configuring using rclone authorize ##
+This modifies the recursion depth for all the commands except purge.
 
-On the headless box run `rclone` config but answer `N` to the `Use web browser 
-to automatically authenticate?` question.
+So if you do `rclone --max-depth 1 ls remote:path` you will see only
+the files in the top level directory.  Using `--max-depth 2` means you
+will see all the files in first two directory levels and so on.
 
-```
-...
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes (default)
-n) No
-y/n> n
-For this to work, you will need rclone available on a machine that has
-a web browser available.
+For historical reasons the `lsd` command defaults to using a
+`--max-depth` of 1 - you can override this with the command line flag.
 
-For more help and alternate methods see: https://rclone.org/remote_setup/
+You can use this command to disable recursion (with `--max-depth 1`).
 
-Execute the following on the machine with the web browser (same rclone
-version recommended):
+Note that if you use this with `sync` and `--delete-excluded` the
+files not recursed through are considered excluded and will be deleted
+on the destination.  Test first with `--dry-run` if you are not sure
+what will happen.
 
-	rclone authorize "amazon cloud drive"
+### --max-duration=TIME ###
 
-Then paste the result below:
-result>
-```
+Rclone will stop transferring when it has run for the
+duration specified.
+Defaults to off.
 
-Then on your main desktop machine
+When the limit is reached all transfers will stop immediately.
+Use `--cutoff-mode` to modify this behaviour.
 
-```
-rclone authorize "amazon cloud drive"
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-Paste the following into your remote machine --->
-SECRET_TOKEN
-<---End paste
-```
+Rclone will exit with exit code 10 if the duration limit is reached.
 
-Then back to the headless box, paste in the code
+### --max-transfer=SIZE ###
 
-```
-result> SECRET_TOKEN
---------------------
-[acd12]
-client_id = 
-client_secret = 
-token = SECRET_TOKEN
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d>
-```
+Rclone will stop transferring when it has reached the size specified.
+Defaults to off.
 
-## Configuring by copying the config file ##
+When the limit is reached all transfers will stop immediately.
+Use `--cutoff-mode` to modify this behaviour.
 
-Rclone stores all of its config in a single configuration file.  This
-can easily be copied to configure a remote rclone.
+Rclone will exit with exit code 8 if the transfer limit is reached.
 
-So first configure rclone on your desktop machine with
+### --cutoff-mode=hard|soft|cautious ###
 
-    rclone config
+This modifies the behavior of `--max-transfer` and `--max-duration`
+Defaults to `--cutoff-mode=hard`.
 
-to set up the config file.
+Specifying `--cutoff-mode=hard` will stop transferring immediately
+when Rclone reaches the limit.
 
-Find the config file by running `rclone config file`, for example
+Specifying `--cutoff-mode=soft` will stop starting new transfers
+when Rclone reaches the limit.
 
-```
-$ rclone config file
-Configuration file is stored at:
-/home/user/.rclone.conf
-```
+Specifying `--cutoff-mode=cautious` will try to prevent Rclone
+from reaching the limit. Only applicable for `--max-transfer`
 
-Now transfer it to the remote box (scp, cut paste, ftp, sftp, etc.) and
-place it in the correct place (use `rclone config file` on the remote
-box to find out where).
+## -M, --metadata
 
-## Configuring using SSH Tunnel ##
+Setting this flag enables rclone to copy the metadata from the source
+to the destination. For local backends this is ownership, permissions,
+xattr etc. See the [metadata section](#metadata) for more info.
 
-Linux and MacOS users can utilize SSH Tunnel to redirect the headless box port 53682 to local machine by using the following command:
-```
-ssh -L localhost:53682:localhost:53682 username@remote_server
-```
-Then on the headless box run `rclone` config and answer `Y` to the `Use web 
-browser to automatically authenticate?` question.
+### --metadata-mapper SpaceSepList {#metadata-mapper}
 
-```
-...
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes (default)
-n) No
-y/n> y
-```
-Then copy and paste the auth url `http://127.0.0.1:53682/auth?state=xxxxxxxxxxxx` to the browser on your local machine, complete the auth and it is done.
+If you supply the parameter `--metadata-mapper /path/to/program` then
+rclone will use that program to map metadata from source object to
+destination object.
 
-# Filtering, includes and excludes
+The argument to this flag should be a command with an optional space separated
+list of arguments. If one of the arguments has a space in then enclose
+it in `"`, if you want a literal `"` in an argument then enclose the
+argument in `"` and double the `"`. See [CSV encoding](https://godoc.org/encoding/csv)
+for more info.
 
-Filter flags determine which files rclone `sync`, `move`, `ls`, `lsl`,
-`md5sum`, `sha1sum`, `size`, `delete`, `check` and similar commands
-apply to.
+    --metadata-mapper "python bin/test_metadata_mapper.py"
+    --metadata-mapper 'python bin/test_metadata_mapper.py "argument with a space"'
+    --metadata-mapper 'python bin/test_metadata_mapper.py "argument with ""two"" quotes"'
 
-They are specified in terms of path/file name patterns; path/file
-lists; file age and size, or presence of a file in a directory. Bucket
-based remotes without the concept of directory apply filters to object
-key, age and size in an analogous way.
+This uses a simple JSON based protocol with input on STDIN and output
+on STDOUT. This will be called for every file and directory copied and
+may be called concurrently.
 
-Rclone `purge` does not obey filters.
+The program's job is to take a metadata blob on the input and turn it
+into a metadata blob on the output suitable for the destination
+backend.
 
-To test filters without risk of damage to data, apply them to `rclone
-ls`, or with the `--dry-run` and `-vv` flags.
+Input to the program (via STDIN) might look like this. This provides
+some context for the `Metadata` which may be important.
 
-Rclone filter patterns can only be used in filter command line options, not
-in the specification of a remote.
+- `SrcFs` is the config string for the remote that the object is currently on.
+- `SrcFsType` is the name of the source backend.
+- `DstFs` is the config string for the remote that the object is being copied to
+- `DstFsType` is the name of the destination backend.
+- `Remote` is the path of the file relative to the root.
+- `Size`, `MimeType`, `ModTime` are attributes of the file.
+- `IsDir` is `true` if this is a directory (not yet implemented).
+- `ID` is the source `ID` of the file if known.
+- `Metadata` is the backend specific metadata as described in the backend docs.
 
-E.g. `rclone copy "remote:dir*.jpg" /path/to/dir` does not have a filter effect.
-`rclone copy remote:dir /path/to/dir --include "*.jpg"` does.
+```json
+{
+    "SrcFs": "gdrive:",
+    "SrcFsType": "drive",
+    "DstFs": "newdrive:user",
+    "DstFsType": "onedrive",
+    "Remote": "test.txt",
+    "Size": 6,
+    "MimeType": "text/plain; charset=utf-8",
+    "ModTime": "2022-10-11T17:53:10.286745272+01:00",
+    "IsDir": false,
+    "ID": "xyz",
+    "Metadata": {
+        "btime": "2022-10-11T16:53:11Z",
+        "content-type": "text/plain; charset=utf-8",
+        "mtime": "2022-10-11T17:53:10.286745272+01:00",
+        "owner": "user1@domain1.com",
+        "permissions": "...",
+        "description": "my nice file",
+        "starred": "false"
+    }
+}
+```
 
-**Important** Avoid mixing any two of `--include...`, `--exclude...` or
-`--filter...` flags in an rclone command. The results may not be what
-you expect. Instead use a `--filter...` flag.
+The program should then modify the input as desired and send it to
+STDOUT. The returned `Metadata` field will be used in its entirety for
+the destination object. Any other fields will be ignored. Note in this
+example we translate user names and permissions and add something to
+the description:
 
-## Patterns for matching path/file names
+```json
+{
+    "Metadata": {
+        "btime": "2022-10-11T16:53:11Z",
+        "content-type": "text/plain; charset=utf-8",
+        "mtime": "2022-10-11T17:53:10.286745272+01:00",
+        "owner": "user1@domain2.com",
+        "permissions": "...",
+        "description": "my nice file [migrated from domain1]",
+        "starred": "false"
+    }
+}
+```
 
-### Pattern syntax {#patterns}
+Metadata can be removed here too.
 
-Here is a formal definition of the pattern syntax,
-[examples](#examples) are below.
+An example python program might look something like this to implement
+the above transformations.
 
-Rclone matching rules follow a glob style:
+```python
+import sys, json
 
-    *         matches any sequence of non-separator (/) characters
-    **        matches any sequence of characters including / separators
-    ?         matches any single non-separator (/) character
-    [ [ ! ] { character-range } ]
-              character class (must be non-empty)
-    { pattern-list }
-              pattern alternatives
-    {{ regexp }}
-              regular expression to match
-    c         matches character c (c != *, **, ?, \, [, {, })
-    \c        matches reserved character c (c = *, **, ?, \, [, {, }) or character class
+i = json.load(sys.stdin)
+metadata = i["Metadata"]
+# Add tag to description
+if "description" in metadata:
+    metadata["description"] += " [migrated from domain1]"
+else:
+    metadata["description"] = "[migrated from domain1]"
+# Modify owner
+if "owner" in metadata:
+    metadata["owner"] = metadata["owner"].replace("domain1.com", "domain2.com")
+o = { "Metadata": metadata }
+json.dump(o, sys.stdout, indent="\t")
+```
 
-character-range:
+You can find this example (slightly expanded) in the rclone source code at
+[bin/test_metadata_mapper.py](https://github.com/rclone/rclone/blob/master/test_metadata_mapper.py).
 
-    c         matches character c (c != \, -, ])
-    \c        matches reserved character c (c = \, -, ])
-    lo - hi   matches character c for lo <= c <= hi
+If you want to see the input to the metadata mapper and the output
+returned from it in the log you can use `-vv --dump mapper`.
 
-pattern-list:
+See the [metadata section](#metadata) for more info.
 
-    pattern { , pattern }
-              comma-separated (without spaces) patterns
+### --metadata-set key=value
 
-character classes (see [Go regular expression reference](https://golang.org/pkg/regexp/syntax/)) include:
+Add metadata `key` = `value` when uploading. This can be repeated as
+many times as required. See the [metadata section](#metadata) for more
+info.
 
-    Named character classes (e.g. [\d], [^\d], [\D], [^\D])
-    Perl character classes (e.g. \s, \S, \w, \W)
-    ASCII character classes (e.g. [[:alnum:]], [[:alpha:]], [[:punct:]], [[:xdigit:]])
+### --modify-window=TIME ###
 
-regexp for advanced users to insert a regular expression - see [below](#regexp) for more info:
+When checking whether a file has been modified, this is the maximum
+allowed time difference that a file can have and still be considered
+equivalent.
 
-    Any re2 regular expression not containing `}}`
+The default is `1ns` unless this is overridden by a remote.  For
+example OS X only stores modification times to the nearest second so
+if you are reading and writing to an OS X filing system this will be
+`1s` by default.
 
-If the filter pattern starts with a `/` then it only matches
-at the top level of the directory tree,
-**relative to the root of the remote** (not necessarily the root
-of the drive). If it does not start with `/` then it is matched
-starting at the **end of the path/file name** but it only matches
-a complete path element - it must match from a `/`
-separator or the beginning of the path/file.
+This command line flag allows you to override that computed default.
 
-    file.jpg   - matches "file.jpg"
-               - matches "directory/file.jpg"
-               - doesn't match "afile.jpg"
-               - doesn't match "directory/afile.jpg"
-    /file.jpg  - matches "file.jpg" in the root directory of the remote
-               - doesn't match "afile.jpg"
-               - doesn't match "directory/file.jpg"
+### --multi-thread-write-buffer-size=SIZE ###
 
-The top level of the remote may not be the top level of the drive.
+When transferring with multiple threads, rclone will buffer SIZE bytes
+in memory before writing to disk for each thread.
 
-E.g. for a Microsoft Windows local directory structure
+This can improve performance if the underlying filesystem does not deal
+well with a lot of small writes in different positions of the file, so
+if you see transfers being limited by disk write speed, you might want
+to experiment with different values. Specially for magnetic drives and
+remote file systems a higher value can be useful.
 
-    F:
-    ├── bkp
-    ├── data
-    │   ├── excl
-    │   │   ├── 123.jpg
-    │   │   └── 456.jpg
-    │   ├── incl
-    │   │   └── document.pdf
+Nevertheless, the default of `128k` should be fine for almost all use
+cases, so before changing it ensure that network is not really your
+bottleneck.
 
-To copy the contents of folder `data` into folder `bkp` excluding the contents of subfolder
-`excl`the following command treats `F:\data` and `F:\bkp` as top level for filtering.
+As a final hint, size is not the only factor: block size (or similar
+concept) can have an impact. In one case, we observed that exact
+multiples of 16k performed much better than other values.
 
-`rclone copy F:\data\ F:\bkp\ --exclude=/excl/**`
+### --multi-thread-chunk-size=SizeSuffix ###
 
-**Important** Use `/` in path/file name patterns and not `\` even if
-running on Microsoft Windows.
+Normally the chunk size for multi thread transfers is set by the backend.
+However some backends such as `local` and `smb` (which implement `OpenWriterAt`
+but not `OpenChunkWriter`) don't have a natural chunk size.
 
-Simple patterns are case sensitive unless the `--ignore-case` flag is used.
+In this case the value of this option is used (default 64Mi).
 
-Without `--ignore-case` (default)
+### --multi-thread-cutoff=SIZE {#multi-thread-cutoff}
 
-    potato - matches "potato"
-           - doesn't match "POTATO"
+When transferring files above SIZE to capable backends, rclone will
+use multiple threads to transfer the file (default 256M).
 
-With `--ignore-case`
+Capable backends are marked in the
+[overview](https://rclone.org/overview/#optional-features) as `MultithreadUpload`. (They
+need to implement either the `OpenWriterAt` or `OpenChunkedWriter`
+internal interfaces). These include include, `local`, `s3`,
+`azureblob`, `b2`, `oracleobjectstorage` and `smb` at the time of
+writing.
 
-    potato - matches "potato"
-           - matches "POTATO"
+On the local disk, rclone preallocates the file (using
+`fallocate(FALLOC_FL_KEEP_SIZE)` on unix or `NTSetInformationFile` on
+Windows both of which takes no time) then each thread writes directly
+into the file at the correct place. This means that rclone won't
+create fragmented or sparse files and there won't be any assembly time
+at the end of the transfer.
 
-## Using regular expressions in filter patterns {#regexp}
+The number of threads used to transfer is controlled by
+`--multi-thread-streams`.
 
-The syntax of filter patterns is glob style matching (like `bash`
-uses) to make things easy for users. However this does not provide
-absolute control over the matching, so for advanced users rclone also
-provides a regular expression syntax.
+Use `-vv` if you wish to see info about the threads.
 
-The regular expressions used are as defined in the [Go regular
-expression reference](https://golang.org/pkg/regexp/syntax/). Regular
-expressions should be enclosed in `{{` `}}`. They will match only the
-last path segment if the glob doesn't start with `/` or the whole path
-name if it does. Note that rclone does not attempt to parse the
-supplied regular expression, meaning that using any regular expression
-filter will prevent rclone from using [directory filter rules](#directory_filter),
-as it will instead check every path against
-the supplied regular expression(s).
+This will work with the `sync`/`copy`/`move` commands and friends
+`copyto`/`moveto`. Multi thread transfers will be used with `rclone
+mount` and `rclone serve` if `--vfs-cache-mode` is set to `writes` or
+above.
 
-Here is how the `{{regexp}}` is transformed into an full regular
-expression to match the entire path:
+**NB** that this **only** works with supported backends as the
+destination but will work with any backend as the source.
 
-    {{regexp}}  becomes (^|/)(regexp)$
-    /{{regexp}} becomes ^(regexp)$
+**NB** that multi-thread copies are disabled for local to local copies
+as they are faster without unless `--multi-thread-streams` is set
+explicitly.
 
-Regexp syntax can be mixed with glob syntax, for example
+**NB** on Windows using multi-thread transfers to the local disk will
+cause the resulting files to be [sparse](https://en.wikipedia.org/wiki/Sparse_file).
+Use `--local-no-sparse` to disable sparse files (which may cause long
+delays at the start of transfers) or disable multi-thread transfers
+with `--multi-thread-streams 0`
 
-    *.{{jpe?g}} to match file.jpg, file.jpeg but not file.png
+### --multi-thread-streams=N ###
 
-You can also use regexp flags - to set case insensitive, for example
+When using multi thread transfers (see above `--multi-thread-cutoff`)
+this sets the number of streams to use. Set to `0` to disable multi
+thread transfers (Default 4).
 
-    *.{{(?i)jpg}} to match file.jpg, file.JPG but not file.png
+If the backend has a `--backend-upload-concurrency` setting (eg
+`--s3-upload-concurrency`) then this setting will be used as the
+number of transfers instead if it is larger than the value of
+`--multi-thread-streams` or `--multi-thread-streams` isn't set.
 
-Be careful with wildcards in regular expressions - you don't want them
-to match path separators normally. To match any file name starting
-with `start` and ending with `end` write
+### --no-check-dest ###
 
-    {{start[^/]*end\.jpg}}
+The `--no-check-dest` can be used with `move` or `copy` and it causes
+rclone not to check the destination at all when copying files.
 
-Not
+This means that:
 
-    {{start.*end\.jpg}}
+- the destination is not listed minimising the API calls
+- files are always transferred
+- this can cause duplicates on remotes which allow it (e.g. Google Drive)
+- `--retries 1` is recommended otherwise you'll transfer everything again on a retry
 
-Which will match a directory called `start` with a file called
-`end.jpg` in it as the `.*` will match `/` characters.
+This flag is useful to minimise the transactions if you know that none
+of the files are on the destination.
 
-Note that you can use `-vv --dump filters` to show the filter patterns
-in regexp format - rclone implements the glob patters by transforming
-them into regular expressions.
+This is a specialized flag which should be ignored by most users!
 
-## Filter pattern examples {#examples}
+### --no-gzip-encoding ###
 
-| Description | Pattern | Matches | Does not match |
-| ----------- |-------- | ------- | -------------- |
-| Wildcard    | `*.jpg` | `/file.jpg`     | `/file.png`    |
-|             |         | `/dir/file.jpg` | `/dir/file.png` |
-| Rooted      | `/*.jpg` | `/file.jpg`    | `/file.png`    |
-|             |          | `/file2.jpg`    | `/dir/file.jpg` |
-| Alternates  | `*.{jpg,png}` | `/file.jpg`     | `/file.gif`    |
-|             |         | `/dir/file.png` | `/dir/file.gif` |
-| Path Wildcard | `dir/**` | `/dir/anyfile`     | `file.png`    |
-|             |          | `/subdir/dir/subsubdir/anyfile` | `/subdir/file.png` |
-| Any Char    | `*.t?t` | `/file.txt`     | `/file.qxt`    |
-|             |         | `/dir/file.tzt` | `/dir/file.png` |
-| Range       | `*.[a-z]` | `/file.a`     | `/file.0`    |
-|             |         | `/dir/file.b` | `/dir/file.1` |
-| Escape      | `*.\?\?\?` | `/file.???`     | `/file.abc`    |
-|             |         | `/dir/file.???` | `/dir/file.def` |
-| Class       | `*.\d\d\d` | `/file.012`     | `/file.abc`    |
-|             |         | `/dir/file.345` | `/dir/file.def` |
-| Regexp      | `*.{{jpe?g}}` | `/file.jpeg`     | `/file.png`    |
-|             |         | `/dir/file.jpg` | `/dir/file.jpeeg` |
-| Rooted Regexp | `/{{.*\.jpe?g}}` | `/file.jpeg`  | `/file.png`    |
-|             |                  | `/file.jpg`   | `/dir/file.jpg` |
+Don't set `Accept-Encoding: gzip`.  This means that rclone won't ask
+the server for compressed files automatically. Useful if you've set
+the server to return files with `Content-Encoding: gzip` but you
+uploaded compressed files.
 
-## How filter rules are applied to files {#how-filter-rules-work}
+There is no need to set this in normal operation, and doing so will
+decrease the network transfer efficiency of rclone.
 
-Rclone path/file name filters are made up of one or more of the following flags:
+### --no-traverse ###
 
-  * `--include`
-  * `--include-from`
-  * `--exclude`
-  * `--exclude-from`
-  * `--filter`
-  * `--filter-from`
+The `--no-traverse` flag controls whether the destination file system
+is traversed when using the `copy` or `move` commands.
+`--no-traverse` is not compatible with `sync` and will be ignored if
+you supply it with `sync`.
 
-There can be more than one instance of individual flags.
+If you are only copying a small number of files (or are filtering most
+of the files) and/or have a large number of files on the destination
+then `--no-traverse` will stop rclone listing the destination and save
+time.
 
-Rclone internally uses a combined list of all the include and exclude
-rules. The order in which rules are processed can influence the result
-of the filter.
+However, if you are copying a large number of files, especially if you
+are doing a copy where lots of the files under consideration haven't
+changed and won't need copying then you shouldn't use `--no-traverse`.
 
-All flags of the same type are processed together in the order
-above, regardless of what order the different types of flags are
-included on the command line.
+See [rclone copy](https://rclone.org/commands/rclone_copy/) for an example of how to use it.
 
-Multiple instances of the same flag are processed from left
-to right according to their position in the command line.
+### --no-unicode-normalization ###
 
-To mix up the order of processing includes and excludes use `--filter...`
-flags.
+Don't normalize unicode characters in filenames during the sync routine.
 
-Within `--include-from`, `--exclude-from` and `--filter-from` flags
-rules are processed from top to bottom of the referenced file.
+Sometimes, an operating system will store filenames containing unicode
+parts in their decomposed form (particularly macOS). Some cloud storage
+systems will then recompose the unicode, resulting in duplicate files if
+the data is ever copied back to a local filesystem.
 
-If there is an `--include` or `--include-from` flag specified, rclone
-implies a `- **` rule which it adds to the bottom of the internal rule
-list. Specifying a `+` rule with a `--filter...` flag does not imply
-that rule.
+Using this flag will disable that functionality, treating each unicode
+character as unique. For example, by default é and é will be normalized
+into the same character. With `--no-unicode-normalization` they will be
+treated as unique characters.
 
-Each path/file name passed through rclone is matched against the
-combined filter list. At first match to a rule the path/file name
-is included or excluded and no further filter rules are processed for
-that path/file.
+### --no-update-modtime ###
 
-If rclone does not find a match, after testing against all rules
-(including the implied rule if appropriate), the path/file name
-is included.
+When using this flag, rclone won't update modification times of remote
+files if they are incorrect as it would normally.
 
-Any path/file included at that stage is processed by the rclone
-command.
+This can be used if the remote is being synced with another tool also
+(e.g. the Google Drive client).
 
-`--files-from` and `--files-from-raw` flags over-ride and cannot be
-combined with other filter options.
+### --order-by string ###
 
-To see the internal combined rule list, in regular expression form,
-for a command add the `--dump filters` flag. Running an rclone command
-with `--dump filters` and `-vv` flags lists the internal filter elements
-and shows how they are applied to each source path/file. There is not
-currently a means provided to pass regular expression filter options into
-rclone directly though character class filter rules contain character
-classes. [Go regular expression reference](https://golang.org/pkg/regexp/syntax/)
+The `--order-by` flag controls the order in which files in the backlog
+are processed in `rclone sync`, `rclone copy` and `rclone move`.
 
-### How filter rules are applied to directories {#directory_filter}
+The order by string is constructed like this.  The first part
+describes what aspect is being measured:
 
-Rclone commands are applied to path/file names not
-directories. The entire contents of a directory can be matched
-to a filter by the pattern `directory/*` or recursively by
-`directory/**`.
+- `size` - order by the size of the files
+- `name` - order by the full path of the files
+- `modtime` - order by the modification date of the files
 
-Directory filter rules are defined with a closing `/` separator.
+This can have a modifier appended with a comma:
 
-E.g. `/directory/subdirectory/` is an rclone directory filter rule.
+- `ascending` or `asc` - order so that the smallest (or oldest) is processed first
+- `descending` or `desc` - order so that the largest (or newest) is processed first
+- `mixed` - order so that the smallest is processed first for some threads and the largest for others
 
-Rclone commands can use directory filter rules to determine whether they
-recurse into subdirectories. This potentially optimises access to a remote
-by avoiding listing unnecessary directories. Whether optimisation is
-desirable depends on the specific filter rules and source remote content.
+If the modifier is `mixed` then it can have an optional percentage
+(which defaults to `50`), e.g. `size,mixed,25` which means that 25% of
+the threads should be taking the smallest items and 75% the
+largest. The threads which take the smallest first will always take
+the smallest first and likewise the largest first threads. The `mixed`
+mode can be useful to minimise the transfer time when you are
+transferring a mixture of large and small files - the large files are
+guaranteed upload threads and bandwidth and the small files will be
+processed continuously.
 
-If any [regular expression filters](#regexp) are in use, then no
-directory recursion optimisation is possible, as rclone must check
-every path against the supplied regular expression(s).
+If no modifier is supplied then the order is `ascending`.
 
-Directory recursion optimisation occurs if either:
+For example
 
-* A source remote does not support the rclone `ListR` primitive. local,
-sftp, Microsoft OneDrive and WebDAV do not support `ListR`. Google
-Drive and most bucket type storage do. [Full list](https://rclone.org/overview/#optional-features)
+- `--order-by size,desc` - send the largest files first
+- `--order-by modtime,ascending` - send the oldest files first
+- `--order-by name` - send the files with alphabetically by path first
 
-* On other remotes (those that support `ListR`), if the rclone command is not naturally recursive, and
-provided it is not run with the `--fast-list` flag. `ls`, `lsf -R` and
-`size` are naturally recursive but `sync`, `copy` and `move` are not.
+If the `--order-by` flag is not supplied or it is supplied with an
+empty string then the default ordering will be used which is as
+scanned.  With `--checkers 1` this is mostly alphabetical, however
+with the default `--checkers 8` it is somewhat random.
 
-* Whenever the `--disable ListR` flag is applied to an rclone command.
+#### Limitations
 
-Rclone commands imply directory filter rules from path/file filter
-rules. To view the directory filter rules rclone has implied for a
-command specify the `--dump filters` flag.
+The `--order-by` flag does not do a separate pass over the data.  This
+means that it may transfer some files out of the order specified if
 
-E.g. for an include rule
+- there are no files in the backlog or the source has not been fully scanned yet
+- there are more than [--max-backlog](#max-backlog-n) files in the backlog
 
-    /a/*.jpg
+Rclone will do its best to transfer the best file it has so in
+practice this should not cause a problem.  Think of `--order-by` as
+being more of a best efforts flag rather than a perfect ordering.
 
-Rclone implies the directory include rule
+If you want perfect ordering then you will need to specify
+[--check-first](#check-first) which will find all the files which need
+transferring first before transferring any.
 
-    /a/
+### --partial-suffix {#partial-suffix}
 
-Directory filter rules specified in an rclone command can limit
-the scope of an rclone command but path/file filters still have
-to be specified.
+When [--inplace](#inplace) is not used, it causes rclone to use
+the `--partial-suffix` as suffix for temporary files.
 
-E.g. `rclone ls remote: --include /directory/` will not match any
-files. Because it is an `--include` option the `--exclude **` rule
-is implied, and the `/directory/` pattern serves only to optimise
-access to the remote by ignoring everything outside of that directory.
+Suffix length limit is 16 characters.
 
-E.g. `rclone ls remote: --filter-from filter-list.txt` with a file
-`filter-list.txt`:
+The default is `.partial`.
 
-    - /dir1/
-    - /dir2/
-    + *.pdf
-    - **
+### --password-command SpaceSepList ###
 
-All files in directories `dir1` or `dir2` or their subdirectories
-are completely excluded from the listing. Only files of suffix
-`pdf` in the root of `remote:` or its subdirectories are listed.
-The `- **` rule prevents listing of any path/files not previously
-matched by the rules above.
+This flag supplies a program which should supply the config password
+when run. This is an alternative to rclone prompting for the password
+or setting the `RCLONE_CONFIG_PASS` variable.
 
-Option `exclude-if-present` creates a directory exclude rule based
-on the presence of a file in a directory and takes precedence over
-other rclone directory filter rules.
+The argument to this should be a command with a space separated list
+of arguments. If one of the arguments has a space in then enclose it
+in `"`, if you want a literal `"` in an argument then enclose the
+argument in `"` and double the `"`. See [CSV encoding](https://godoc.org/encoding/csv)
+for more info.
 
-When using pattern list syntax, if a pattern item contains either
-`/` or `**`, then rclone will not able to imply a directory filter rule
-from this pattern list.
+Eg
 
-E.g. for an include rule
+    --password-command "echo hello"
+    --password-command 'echo "hello with space"'
+    --password-command 'echo "hello with ""quotes"" and space"'
 
-    {dir1/**,dir2/**}
+See the [Configuration Encryption](#configuration-encryption) for more info.
 
-Rclone will match files below directories `dir1` or `dir2` only,
-but will not be able to use this filter to exclude a directory `dir3`
-from being traversed.
+See a [Windows PowerShell example on the Wiki](https://github.com/rclone/rclone/wiki/Windows-Powershell-use-rclone-password-command-for-Config-file-password).
 
-Directory recursion optimisation may affect performance, but normally
-not the result. One exception to this is sync operations with option
-`--create-empty-src-dirs`, where any traversed empty directories will
-be created. With the pattern list example `{dir1/**,dir2/**}` above,
-this would create an empty directory `dir3` on destination (when it exists
-on source). Changing the filter to `{dir1,dir2}/**`, or splitting it into
-two include rules `--include dir1/** --include dir2/**`, will match the
-same files while also filtering directories, with the result that an empty
-directory `dir3` will no longer be created.
+### -P, --progress ###
 
-### `--exclude` - Exclude files matching pattern
+This flag makes rclone update the stats in a static block in the
+terminal providing a realtime overview of the transfer.
 
-Excludes path/file names from an rclone command based on a single exclude
-rule.
+Any log messages will scroll above the static block.  Log messages
+will push the static block down to the bottom of the terminal where it
+will stay.
 
-This flag can be repeated. See above for the order filter flags are
-processed in.
+Normally this is updated every 500mS but this period can be overridden
+with the `--stats` flag.
 
-`--exclude` should not be used with `--include`, `--include-from`,
-`--filter` or `--filter-from` flags.
+This can be used with the `--stats-one-line` flag for a simpler
+display.
 
-`--exclude` has no effect when combined with `--files-from` or
-`--files-from-raw` flags.
+Note: On Windows until [this bug](https://github.com/Azure/go-ansiterm/issues/26)
+is fixed all non-ASCII characters will be replaced with `.` when
+`--progress` is in use.
 
-E.g. `rclone ls remote: --exclude *.bak` excludes all .bak files
-from listing.
+### --progress-terminal-title ###
 
-E.g. `rclone size remote: "--exclude /dir/**"` returns the total size of
-all files on `remote:` excluding those in root directory `dir` and sub
-directories.
+This flag, when used with `-P/--progress`, will print the string `ETA: %s`
+to the terminal title.
 
-E.g. on Microsoft Windows `rclone ls remote: --exclude "*\[{JP,KR,HK}\]*"`
-lists the files in `remote:` with `[JP]` or `[KR]` or `[HK]` in
-their name. Quotes prevent the shell from interpreting the `\`
-characters.`\` characters escape the `[` and `]` so an rclone filter
-treats them literally rather than as a character-range. The `{` and `}`
-define an rclone pattern list. For other operating systems single quotes are
-required ie `rclone ls remote: --exclude '*\[{JP,KR,HK}\]*'`
+### -q, --quiet ###
 
-### `--exclude-from` - Read exclude patterns from file
+This flag will limit rclone's output to error messages only.
 
-Excludes path/file names from an rclone command based on rules in a
-named file. The file contains a list of remarks and pattern rules.
+### --refresh-times ###
 
-For an example `exclude-file.txt`:
+The `--refresh-times` flag can be used to update modification times of
+existing files when they are out of sync on backends which don't
+support hashes.
 
-    # a sample exclude rule file
-    *.bak
-    file2.jpg
+This is useful if you uploaded files with the incorrect timestamps and
+you now wish to correct them.
 
-`rclone ls remote: --exclude-from exclude-file.txt` lists the files on
-`remote:` except those named `file2.jpg` or with a suffix `.bak`. That is
-equivalent to `rclone ls remote: --exclude file2.jpg --exclude "*.bak"`.
+This flag is **only** useful for destinations which don't support
+hashes (e.g. `crypt`).
 
-This flag can be repeated. See above for the order filter flags are
-processed in.
+This can be used any of the sync commands `sync`, `copy` or `move`.
 
-The `--exclude-from` flag is useful where multiple exclude filter rules
-are applied to an rclone command.
+To use this flag you will need to be doing a modification time sync
+(so not using `--size-only` or `--checksum`). The flag will have no
+effect when using `--size-only` or `--checksum`.
 
-`--exclude-from` should not be used with `--include`, `--include-from`,
-`--filter` or `--filter-from` flags.
+If this flag is used when rclone comes to upload a file it will check
+to see if there is an existing file on the destination. If this file
+matches the source with size (and checksum if available) but has a
+differing timestamp then instead of re-uploading it, rclone will
+update the timestamp on the destination file. If the checksum does not
+match rclone will upload the new file. If the checksum is absent (e.g.
+on a `crypt` backend) then rclone will update the timestamp.
 
-`--exclude-from` has no effect when combined with `--files-from` or
-`--files-from-raw` flags.
+Note that some remotes can't set the modification time without
+re-uploading the file so this flag is less useful on them.
 
-`--exclude-from` followed by `-` reads filter rules from standard input.
+Normally if you are doing a modification time sync rclone will update
+modification times without `--refresh-times` provided that the remote
+supports checksums **and** the checksums match on the file. However if the
+checksums are absent then rclone will upload the file rather than
+setting the timestamp as this is the safe behaviour.
 
-### `--include` - Include files matching pattern
+### --retries int ###
 
-Adds a single include rule based on path/file names to an rclone
-command.
+Retry the entire sync if it fails this many times it fails (default 3).
 
-This flag can be repeated. See above for the order filter flags are
-processed in.
+Some remotes can be unreliable and a few retries help pick up the
+files which didn't get transferred because of errors.
 
-`--include` has no effect when combined with `--files-from` or
-`--files-from-raw` flags.
+Disable retries with `--retries 1`.
 
-`--include` implies `--exclude **` at the end of an rclone internal
-filter list. Therefore if you mix `--include` and `--include-from`
-flags with `--exclude`, `--exclude-from`, `--filter` or `--filter-from`,
-you must use include rules for all the files you want in the include
-statement. For more flexibility use the `--filter-from` flag.
+### --retries-sleep=TIME ###
 
-E.g. `rclone ls remote: --include "*.{png,jpg}"` lists the files on
-`remote:` with suffix `.png` and `.jpg`. All other files are excluded.
+This sets the interval between each retry specified by `--retries`
 
-E.g. multiple rclone copy commands can be combined with `--include` and a
-pattern-list.
+The default is `0`. Use `0` to disable.
 
-    rclone copy /vol1/A remote:A
-    rclone copy /vol1/B remote:B
+### --server-side-across-configs ###
 
-is equivalent to:
+Allow server-side operations (e.g. copy or move) to work across
+different configurations.
 
-    rclone copy /vol1 remote: --include "{A,B}/**"
+This can be useful if you wish to do a server-side copy or move
+between two remotes which use the same backend but are configured
+differently.
 
-E.g. `rclone ls remote:/wheat --include "??[^[:punct:]]*"` lists the
-files `remote:` directory `wheat` (and subdirectories) whose third
-character is not punctuation. This example uses
-an [ASCII character class](https://golang.org/pkg/regexp/syntax/).
+Note that this isn't enabled by default because it isn't easy for
+rclone to tell if it will work between any two configurations.
 
-### `--include-from` - Read include patterns from file
+### --size-only ###
 
-Adds path/file names to an rclone command based on rules in a
-named file. The file contains a list of remarks and pattern rules.
+Normally rclone will look at modification time and size of files to
+see if they are equal.  If you set this flag then rclone will check
+only the size.
 
-For an example `include-file.txt`:
+This can be useful transferring files from Dropbox which have been
+modified by the desktop sync client which doesn't set checksums of
+modification times in the same way as rclone.
 
-    # a sample include rule file
-    *.jpg
-    file2.avi
+### --stats=TIME ###
 
-`rclone ls remote: --include-from include-file.txt` lists the files on
-`remote:` with name `file2.avi` or suffix `.jpg`. That is equivalent to
-`rclone ls remote: --include file2.avi --include "*.jpg"`.
+Commands which transfer data (`sync`, `copy`, `copyto`, `move`,
+`moveto`) will print data transfer stats at regular intervals to show
+their progress.
 
-This flag can be repeated. See above for the order filter flags are
-processed in.
+This sets the interval.
 
-The `--include-from` flag is useful where multiple include filter rules
-are applied to an rclone command.
+The default is `1m`. Use `0` to disable.
 
-`--include-from` implies `--exclude **` at the end of an rclone internal
-filter list. Therefore if you mix `--include` and `--include-from`
-flags with `--exclude`, `--exclude-from`, `--filter` or `--filter-from`,
-you must use include rules for all the files you want in the include
-statement. For more flexibility use the `--filter-from` flag.
+If you set the stats interval then all commands can show stats.  This
+can be useful when running other commands, `check` or `mount` for
+example.
 
-`--exclude-from` has no effect when combined with `--files-from` or
-`--files-from-raw` flags.
+Stats are logged at `INFO` level by default which means they won't
+show at default log level `NOTICE`.  Use `--stats-log-level NOTICE` or
+`-v` to make them show.  See the [Logging section](#logging) for more
+info on log levels.
 
-`--exclude-from` followed by `-` reads filter rules from standard input.
+Note that on macOS you can send a SIGINFO (which is normally ctrl-T in
+the terminal) to make the stats print immediately.
 
-### `--filter` - Add a file-filtering rule
+### --stats-file-name-length integer ###
+By default, the `--stats` output will truncate file names and paths longer
+than 40 characters.  This is equivalent to providing
+`--stats-file-name-length 40`. Use `--stats-file-name-length 0` to disable
+any truncation of file names printed by stats.
 
-Specifies path/file names to an rclone command, based on a single
-include or exclude rule, in `+` or `-` format.
+### --stats-log-level string ###
 
-This flag can be repeated. See above for the order filter flags are
-processed in.
+Log level to show `--stats` output at.  This can be `DEBUG`, `INFO`,
+`NOTICE`, or `ERROR`.  The default is `INFO`.  This means at the
+default level of logging which is `NOTICE` the stats won't show - if
+you want them to then use `--stats-log-level NOTICE`.  See the [Logging
+section](#logging) for more info on log levels.
 
-`--filter +` differs from `--include`. In the case of `--include` rclone
-implies an `--exclude *` rule which it adds to the bottom of the internal rule
-list. `--filter...+` does not imply
-that rule.
+### --stats-one-line ###
 
-`--filter` has no effect when combined with `--files-from` or
-`--files-from-raw` flags.
+When this is specified, rclone condenses the stats into a single line
+showing the most important stats only.
 
-`--filter` should not be used with `--include`, `--include-from`,
-`--exclude` or `--exclude-from` flags.
+### --stats-one-line-date ###
 
-E.g. `rclone ls remote: --filter "- *.bak"` excludes all `.bak` files
-from a list of `remote:`.
+When this is specified, rclone enables the single-line stats and prepends
+the display with a date string. The default is `2006/01/02 15:04:05 - `
 
-### `--filter-from` - Read filtering patterns from a file
+### --stats-one-line-date-format ###
 
-Adds path/file names to an rclone command based on rules in a
-named file. The file contains a list of remarks and pattern rules. Include
-rules start with `+ ` and exclude rules with `- `. `!` clears existing
-rules. Rules are processed in the order they are defined.
+When this is specified, rclone enables the single-line stats and prepends
+the display with a user-supplied date string. The date string MUST be
+enclosed in quotes. Follow [golang specs](https://golang.org/pkg/time/#Time.Format) for
+date formatting syntax.
 
-This flag can be repeated. See above for the order filter flags are
-processed in.
+### --stats-unit=bits|bytes ###
 
-Arrange the order of filter rules with the most restrictive first and
-work down.
+By default, data transfer rates will be printed in bytes per second.
 
-E.g. for `filter-file.txt`:
+This option allows the data rate to be printed in bits per second.
 
-    # a sample filter rule file
-    - secret*.jpg
-    + *.jpg
-    + *.png
-    + file2.avi
-    - /dir/Trash/**
-    + /dir/**
-    # exclude everything else
-    - *
+Data transfer volume will still be reported in bytes.
 
-`rclone ls remote: --filter-from filter-file.txt` lists the path/files on
-`remote:` including all `jpg` and `png` files, excluding any
-matching `secret*.jpg` and including `file2.avi`.  It also includes
-everything in the directory `dir` at the root of `remote`, except
-`remote:dir/Trash` which it excludes.  Everything else is excluded.
+The rate is reported as a binary unit, not SI unit. So 1 Mbit/s
+equals 1,048,576 bit/s and not 1,000,000 bit/s.
 
+The default is `bytes`.
 
-E.g. for an alternative `filter-file.txt`:
+### --suffix=SUFFIX ###
 
-    - secret*.jpg
-    + *.jpg
-    + *.png
-    + file2.avi
-    - *
+When using `sync`, `copy` or `move` any files which would have been
+overwritten or deleted will have the suffix added to them.  If there
+is a file with the same path (after the suffix has been added), then
+it will be overwritten.
 
-Files `file1.jpg`, `file3.png` and `file2.avi` are listed whilst
-`secret17.jpg` and files without the suffix .jpg` or `.png` are excluded.
+The remote in use must support server-side move or copy and you must
+use the same remote as the destination of the sync.
 
-E.g. for an alternative `filter-file.txt`:
+This is for use with files to add the suffix in the current directory
+or with `--backup-dir`. See `--backup-dir` for more info.
 
-    + *.jpg
-    + *.gif
-    !
-    + 42.doc
-    - *
+For example
 
-Only file 42.doc is listed. Prior rules are cleared by the `!`.
+    rclone copy --interactive /path/to/local/file remote:current --suffix .bak
 
-### `--files-from` - Read list of source-file names
+will copy `/path/to/local` to `remote:current`, but for any files
+which would have been updated or deleted have .bak added.
 
-Adds path/files to an rclone command from a list in a named file.
-Rclone processes the path/file names in the order of the list, and
-no others.
+If using `rclone sync` with `--suffix` and without `--backup-dir` then
+it is recommended to put a filter rule in excluding the suffix
+otherwise the `sync` will delete the backup files.
 
-Other filter flags (`--include`, `--include-from`, `--exclude`,
-`--exclude-from`, `--filter` and `--filter-from`) are ignored when
-`--files-from` is used.
+    rclone sync --interactive /path/to/local/file remote:current --suffix .bak --exclude "*.bak"
 
-`--files-from` expects a list of files as its input. Leading or
-trailing whitespace is stripped from the input lines. Lines starting
-with `#` or `;` are ignored.
+### --suffix-keep-extension ###
 
-Rclone commands with a `--files-from` flag traverse the remote,
-treating the names in `--files-from` as a set of filters.
+When using `--suffix`, setting this causes rclone put the SUFFIX
+before the extension of the files that it backs up rather than after.
 
-If the `--no-traverse` and `--files-from` flags are used together
-an rclone command does not traverse the remote. Instead it addresses
-each path/file named in the file individually. For each path/file name, that
-requires typically 1 API call. This can be efficient for a short `--files-from`
-list and a remote containing many files.
+So let's say we had `--suffix -2019-01-01`, without the flag `file.txt`
+would be backed up to `file.txt-2019-01-01` and with the flag it would
+be backed up to `file-2019-01-01.txt`.  This can be helpful to make
+sure the suffixed files can still be opened.
 
-Rclone commands do not error if any names in the `--files-from` file are
-missing from the source remote.
+If a file has two (or more) extensions and the second (or subsequent)
+extension is recognised as a valid mime type, then the suffix will go
+before that extension. So `file.tar.gz` would be backed up to
+`file-2019-01-01.tar.gz` whereas `file.badextension.gz` would be
+backed up to `file.badextension-2019-01-01.gz`.
 
-The `--files-from` flag can be repeated in a single rclone command to
-read path/file names from more than one file. The files are read from left
-to right along the command line.
+### --syslog ###
 
-Paths within the `--files-from` file are interpreted as starting
-with the root specified in the rclone command.  Leading `/` separators are
-ignored. See [--files-from-raw](#files-from-raw-read-list-of-source-file-names-without-any-processing) if
-you need the input to be processed in a raw manner.
+On capable OSes (not Windows or Plan9) send all log output to syslog.
 
-E.g. for a file `files-from.txt`:
+This can be useful for running rclone in a script or `rclone mount`.
 
-    # comment
-    file1.jpg
-    subdir/file2.jpg
+### --syslog-facility string ###
 
-`rclone copy --files-from files-from.txt /home/me/pics remote:pics`
-copies the following, if they exist, and only those files.
+If using `--syslog` this sets the syslog facility (e.g. `KERN`, `USER`).
+See `man syslog` for a list of possible facilities.  The default
+facility is `DAEMON`.
 
-    /home/me/pics/file1.jpg        → remote:pics/file1.jpg
-    /home/me/pics/subdir/file2.jpg → remote:pics/subdir/file2.jpg
+### --temp-dir=DIR ###
 
-E.g. to copy the following files referenced by their absolute paths:
+Specify the directory rclone will use for temporary files, to override
+the default. Make sure the directory exists and have accessible permissions.
 
-    /home/user1/42
-    /home/user1/dir/ford
-    /home/user2/prefect
+By default the operating system's temp directory will be used:
+- On Unix systems, `$TMPDIR` if non-empty, else `/tmp`.
+- On Windows, the first non-empty value from `%TMP%`, `%TEMP%`, `%USERPROFILE%`, or the Windows directory.
 
-First find a common subdirectory - in this case `/home`
-and put the remaining files in `files-from.txt` with or without
-leading `/`, e.g.
+When overriding the default with this option, the specified path will be
+set as value of environment variable `TMPDIR` on Unix systems
+and `TMP` and `TEMP` on Windows.
 
-    user1/42
-    user1/dir/ford
-    user2/prefect
+You can use the [config paths](https://rclone.org/commands/rclone_config_paths/)
+command to see the current value.
 
-Then copy these to a remote:
+### --tpslimit float ###
 
-    rclone copy --files-from files-from.txt /home remote:backup
+Limit transactions per second to this number. Default is 0 which is
+used to mean unlimited transactions per second.
 
-The three files are transferred as follows:
+A transaction is roughly defined as an API call; its exact meaning
+will depend on the backend. For HTTP based backends it is an HTTP
+PUT/GET/POST/etc and its response. For FTP/SFTP it is a round trip
+transaction over TCP.
 
-    /home/user1/42       → remote:backup/user1/important
-    /home/user1/dir/ford → remote:backup/user1/dir/file
-    /home/user2/prefect  → remote:backup/user2/stuff
+For example, to limit rclone to 10 transactions per second use
+`--tpslimit 10`, or to 1 transaction every 2 seconds use `--tpslimit
+0.5`.
 
-Alternatively if `/` is chosen as root `files-from.txt` will be:
+Use this when the number of transactions per second from rclone is
+causing a problem with the cloud storage provider (e.g. getting you
+banned or rate limited).
 
-    /home/user1/42
-    /home/user1/dir/ford
-    /home/user2/prefect
+This can be very useful for `rclone mount` to control the behaviour of
+applications using it.
 
-The copy command will be:
+This limit applies to all HTTP based backends and to the FTP and SFTP
+backends. It does not apply to the local backend or the Storj backend.
 
-    rclone copy --files-from files-from.txt / remote:backup
+See also `--tpslimit-burst`.
 
-Then there will be an extra `home` directory on the remote:
+### --tpslimit-burst int ###
 
-    /home/user1/42       → remote:backup/home/user1/42
-    /home/user1/dir/ford → remote:backup/home/user1/dir/ford
-    /home/user2/prefect  → remote:backup/home/user2/prefect
+Max burst of transactions for `--tpslimit` (default `1`).
 
-### `--files-from-raw` - Read list of source-file names without any processing
+Normally `--tpslimit` will do exactly the number of transaction per
+second specified.  However if you supply `--tps-burst` then rclone can
+save up some transactions from when it was idle giving a burst of up
+to the parameter supplied.
 
-This flag is the same as `--files-from` except that input is read in a
-raw manner. Lines with leading / trailing whitespace, and lines starting
-with `;` or `#` are read without any processing. [rclone lsf](https://rclone.org/commands/rclone_lsf/) has
-a compatible format that can be used to export file lists from remotes for
-input to `--files-from-raw`.
+For example if you provide `--tpslimit-burst 10` then if rclone has
+been idle for more than 10*`--tpslimit` then it can do 10 transactions
+very quickly before they are limited again.
 
-### `--ignore-case` - make searches case insensitive
+This may be used to increase performance of `--tpslimit` without
+changing the long term average number of transactions per second.
 
-By default, rclone filter patterns are case sensitive. The `--ignore-case`
-flag makes all of the filters patterns on the command line case
-insensitive.
+### --track-renames ###
 
-E.g. `--include "zaphod.txt"` does not match a file `Zaphod.txt`. With
-`--ignore-case` a match is made.
+By default, rclone doesn't keep track of renamed files, so if you
+rename a file locally then sync it to a remote, rclone will delete the
+old file on the remote and upload a new copy.
 
-## Quoting shell metacharacters
-
-Rclone commands with filter patterns containing shell metacharacters may
-not as work as expected in your shell and may require quoting.
-
-E.g. linux, OSX (`*` metacharacter)
+An rclone sync with `--track-renames` runs like a normal sync, but keeps
+track of objects which exist in the destination but not in the source
+(which would normally be deleted), and which objects exist in the
+source but not the destination (which would normally be transferred).
+These objects are then candidates for renaming.
 
-  * `--include \*.jpg`
-  * `--include '*.jpg'`
-  * `--include='*.jpg'`
+After the sync, rclone matches up the source only and destination only
+objects using the `--track-renames-strategy` specified and either
+renames the destination object or transfers the source and deletes the
+destination object. `--track-renames` is stateless like all of
+rclone's syncs.
 
-Microsoft Windows expansion is done by the command, not shell, so
-`--include *.jpg` does not require quoting.
+To use this flag the destination must support server-side copy or
+server-side move, and to use a hash based `--track-renames-strategy`
+(the default) the source and the destination must have a compatible
+hash.
 
-If the rclone error
-`Command .... needs .... arguments maximum: you provided .... non flag arguments:`
-is encountered, the cause is commonly spaces within the name of a
-remote or flag value. The fix then is to quote values containing spaces.
+If the destination does not support server-side copy or move, rclone
+will fall back to the default behaviour and log an error level message
+to the console.
 
-## Other filters
+Encrypted destinations are not currently supported by `--track-renames`
+if `--track-renames-strategy` includes `hash`.
 
-### `--min-size` - Don't transfer any file smaller than this
+Note that `--track-renames` is incompatible with `--no-traverse` and
+that it uses extra memory to keep track of all the rename candidates.
 
-Controls the minimum size file within the scope of an rclone command.
-Default units are `KiB` but abbreviations `K`, `M`, `G`, `T` or `P` are valid.
+Note also that `--track-renames` is incompatible with
+`--delete-before` and will select `--delete-after` instead of
+`--delete-during`.
 
-E.g. `rclone ls remote: --min-size 50k` lists files on `remote:` of 50 KiB
-size or larger.
+### --track-renames-strategy (hash,modtime,leaf,size) ###
 
-See [the size option docs](https://rclone.org/docs/#size-option) for more info.
+This option changes the file matching criteria for `--track-renames`.
 
-### `--max-size` - Don't transfer any file larger than this
+The matching is controlled by a comma separated selection of these tokens:
 
-Controls the maximum size file within the scope of an rclone command.
-Default units are `KiB` but abbreviations `K`, `M`, `G`, `T` or `P` are valid.
+- `modtime` - the modification time of the file - not supported on all backends
+- `hash` - the hash of the file contents - not supported on all backends
+- `leaf` - the name of the file not including its directory name
+- `size` - the size of the file (this is always enabled)
 
-E.g. `rclone ls remote: --max-size 1G` lists files on `remote:` of 1 GiB
-size or smaller.
+The default option is `hash`.
 
-See [the size option docs](https://rclone.org/docs/#size-option) for more info.
+Using `--track-renames-strategy modtime,leaf` would match files
+based on modification time, the leaf of the file name and the size
+only.
 
-### `--max-age` - Don't transfer any file older than this
+Using `--track-renames-strategy modtime` or `leaf` can enable
+`--track-renames` support for encrypted destinations.
 
-Controls the maximum age of files within the scope of an rclone command.
+Note that the `hash` strategy is not supported with encrypted destinations.
 
-`--max-age` applies only to files and not to directories.
+### --delete-(before,during,after) ###
 
-E.g. `rclone ls remote: --max-age 2d` lists files on `remote:` of 2 days
-old or less.
+This option allows you to specify when files on your destination are
+deleted when you sync folders.
 
-See [the time option docs](https://rclone.org/docs/#time-option) for valid formats.
+Specifying the value `--delete-before` will delete all files present
+on the destination, but not on the source *before* starting the
+transfer of any new or updated files. This uses two passes through the
+file systems, one for the deletions and one for the copies.
 
-### `--min-age` - Don't transfer any file younger than this
+Specifying `--delete-during` will delete files while checking and
+uploading files. This is the fastest option and uses the least memory.
 
-Controls the minimum age of files within the scope of an rclone command.
-(see `--max-age` for valid formats)
+Specifying `--delete-after` (the default value) will delay deletion of
+files until all new/updated files have been successfully transferred.
+The files to be deleted are collected in the copy pass then deleted
+after the copy pass has completed successfully.  The files to be
+deleted are held in memory so this mode may use more memory.  This is
+the safest mode as it will only delete files if there have been no
+errors subsequent to that.  If there have been errors before the
+deletions start then you will get the message `not deleting files as
+there were IO errors`.
 
-`--min-age` applies only to files and not to directories.
+### --fast-list ###
 
-E.g. `rclone ls remote: --min-age 2d` lists files on `remote:` of 2 days
-old or more.
+When doing anything which involves a directory listing (e.g. `sync`,
+`copy`, `ls` - in fact nearly every command), rclone has different
+strategies to choose from.
+
+The basic strategy is to list one directory and processes it before using
+more directory lists to process any subdirectories. This is a mandatory
+backend feature, called `List`, which means it is supported by all backends.
+This strategy uses small amount of memory, and because it can be parallelised
+it is fast for operations involving processing of the list results.
+
+Some backends provide the support for an alternative strategy, where all
+files beneath a directory can be listed in one (or a small number) of
+transactions. Rclone supports this alternative strategy through an optional
+backend feature called [`ListR`](https://rclone.org/overview/#listr). You can see in the storage
+system overview documentation's [optional features](https://rclone.org/overview/#optional-features)
+section which backends it is enabled for (these tend to be the bucket-based
+ones, e.g. S3, B2, GCS, Swift). This strategy requires fewer transactions
+for highly recursive operations, which is important on backends where this
+is charged or heavily rate limited. It may be faster (due to fewer transactions)
+or slower (because it can't be parallelized) depending on different parameters,
+and may require more memory if rclone has to keep the whole listing in memory.
+
+Which listing strategy rclone picks for a given operation is complicated, but
+in general it tries to choose the best possible. It will prefer `ListR` in
+situations where it doesn't need to store the listed files in memory, e.g.
+for unlimited recursive `ls` command variants. In other situations it will
+prefer `List`, e.g. for `sync` and `copy`, where it needs to keep the listed
+files in memory, and is performing operations on them where parallelization
+may be a huge advantage.
+
+Rclone is not able to take all relevant parameters into account for deciding
+the best strategy, and therefore allows you to influence the choice in two ways:
+You can stop rclone from using `ListR` by disabling the feature, using the
+[--disable](#disable-feature-feature) option (`--disable ListR`), or you can
+allow rclone to use `ListR` where it would normally choose not to do so due to
+higher memory usage, using the `--fast-list` option. Rclone should always
+produce identical results either way. Using `--disable ListR` or `--fast-list`
+on a remote which doesn't support `ListR` does nothing, rclone will just ignore
+it.
 
-See [the time option docs](https://rclone.org/docs/#time-option) for valid formats.
+A rule of thumb is that if you pay for transactions and can fit your entire
+sync listing into memory, then `--fast-list` is recommended. If you have a
+very big sync to do, then don't use `--fast-list`, otherwise you will run out
+of memory. Run some tests and compare before you decide, and if in doubt then
+just leave the default, let rclone decide, i.e. not use `--fast-list`.
 
-## Other flags
+### --timeout=TIME ###
 
-### `--delete-excluded` - Delete files on dest excluded from sync
+This sets the IO idle timeout.  If a transfer has started but then
+becomes idle for this long it is considered broken and disconnected.
 
-**Important** this flag is dangerous to your data - use with `--dry-run`
-and `-v` first.
+The default is `5m`.  Set to `0` to disable.
 
-In conjunction with `rclone sync`, `--delete-excluded` deletes any files
-on the destination which are excluded from the command.
+### --transfers=N ###
 
-E.g. the scope of `rclone sync --interactive A: B:` can be restricted:
+The number of file transfers to run in parallel.  It can sometimes be
+useful to set this to a smaller number if the remote is giving a lot
+of timeouts or bigger if you have lots of bandwidth and a fast remote.
 
-    rclone --min-size 50k --delete-excluded sync A: B:
+The default is to run 4 file transfers in parallel.
 
-All files on `B:` which are less than 50 KiB are deleted
-because they are excluded from the rclone sync command.
+Look at --multi-thread-streams if you would like to control single file transfers.
 
-### `--dump filters` - dump the filters to the output
+### -u, --update ###
 
-Dumps the defined filters to standard output in regular expression
-format.
+This forces rclone to skip any files which exist on the destination
+and have a modified time that is newer than the source file.
 
-Useful for debugging.
+This can be useful in avoiding needless transfers when transferring to
+a remote which doesn't support modification times directly (or when
+using `--use-server-modtime` to avoid extra API calls) as it is more
+accurate than a `--size-only` check and faster than using
+`--checksum`. On such remotes (or when using `--use-server-modtime`)
+the time checked will be the uploaded time.
 
-## Exclude directory based on a file
+If an existing destination file has a modification time older than the
+source file's, it will be updated if the sizes are different. If the
+sizes are the same, it will be updated if the checksum is different or
+not available.
 
-The `--exclude-if-present` flag controls whether a directory is
-within the scope of an rclone command based on the presence of a
-named file within it. The flag can be repeated to check for
-multiple file names, presence of any of them will exclude the
-directory.
+If an existing destination file has a modification time equal (within
+the computed modify window) to the source file's, it will be updated
+if the sizes are different. The checksum will not be checked in this
+case unless the `--checksum` flag is provided.
 
-This flag has a priority over other filter flags.
+In all other cases the file will not be updated.
 
-E.g. for the following directory structure:
+Consider using the `--modify-window` flag to compensate for time skews
+between the source and the backend, for backends that do not support
+mod times, and instead use uploaded times. However, if the backend
+does not support checksums, note that syncing or copying within the
+time skew window may still result in additional transfers for safety.
 
-    dir1/file1
-    dir1/dir2/file2
-    dir1/dir2/dir3/file3
-    dir1/dir2/dir3/.ignore
+### --use-mmap ###
 
-The command `rclone ls --exclude-if-present .ignore dir1` does
-not list `dir3`, `file3` or `.ignore`.
+If this flag is set then rclone will use anonymous memory allocated by
+mmap on Unix based platforms and VirtualAlloc on Windows for its
+transfer buffers (size controlled by `--buffer-size`).  Memory
+allocated like this does not go on the Go heap and can be returned to
+the OS immediately when it is finished with.
 
-## Metadata filters {#metadata}
+If this flag is not set then rclone will allocate and free the buffers
+using the Go memory allocator which may use more memory as memory
+pages are returned less aggressively to the OS.
 
-The metadata filters work in a very similar way to the normal file
-name filters, except they match [metadata](https://rclone.org/docs/#metadata) on the
-object.
+It is possible this does not work well on all platforms so it is
+disabled by default; in the future it may be enabled by default.
 
-The metadata should be specified as `key=value` patterns. This may be
-wildcarded using the normal [filter patterns](#patterns) or [regular
-expressions](#regexp).
+### --use-server-modtime ###
 
-For example if you wished to list only local files with a mode of
-`100664` you could do that with:
+Some object-store backends (e.g, Swift, S3) do not preserve file modification
+times (modtime). On these backends, rclone stores the original modtime as
+additional metadata on the object. By default it will make an API call to
+retrieve the metadata when the modtime is needed by an operation.
 
-    rclone lsf -M --files-only --metadata-include "mode=100664" .
+Use this flag to disable the extra API call and rely instead on the server's
+modified time. In cases such as a local to remote sync using `--update`,
+knowing the local file is newer than the time it was last uploaded to the
+remote is sufficient. In those cases, this flag can speed up the process and
+reduce the number of API calls necessary.
 
-Or if you wished to show files with an `atime`, `mtime` or `btime` at a given date:
+Using this flag on a sync operation without also using `--update` would cause
+all files modified at any time other than the last upload time to be uploaded
+again, which is probably not what you want.
 
-    rclone lsf -M --files-only --metadata-include "[abm]time=2022-12-16*" .
+### -v, -vv, --verbose ###
 
-Like file filtering, metadata filtering only applies to files not to
-directories.
+With `-v` rclone will tell you about each file that is transferred and
+a small number of significant events.
 
-The filters can be applied using these flags.
+With `-vv` rclone will become very verbose telling you about every
+file it considers and transfers.  Please send bug reports with a log
+with this setting.
 
-- `--metadata-include`      - Include metadatas matching pattern
-- `--metadata-include-from` - Read metadata include patterns from file (use - to read from stdin)
-- `--metadata-exclude`      - Exclude metadatas matching pattern
-- `--metadata-exclude-from` - Read metadata exclude patterns from file (use - to read from stdin)
-- `--metadata-filter`       - Add a metadata filtering rule
-- `--metadata-filter-from`  - Read metadata filtering patterns from a file (use - to read from stdin)
+When setting verbosity as an environment variable, use
+`RCLONE_VERBOSE=1` or `RCLONE_VERBOSE=2` for `-v` and `-vv` respectively.
 
-Each flag can be repeated. See the section on [how filter rules are
-applied](#how-filter-rules-work) for more details - these flags work
-in an identical way to the file name filtering flags, but instead of
-file name patterns have metadata patterns.
+### -V, --version ###
 
+Prints the version number
 
-## Common pitfalls
+SSL/TLS options
+---------------
 
-The most frequent filter support issues on
-the [rclone forum](https://forum.rclone.org/) are:
+The outgoing SSL/TLS connections rclone makes can be controlled with
+these options.  For example this can be very useful with the HTTP or
+WebDAV backends. Rclone HTTP servers have their own set of
+configuration for SSL/TLS which you can find in their documentation.
 
-* Not using paths relative to the root of the remote
-* Not using `/` to match from the root of a remote
-* Not using `**` to match the contents of a directory
+### --ca-cert stringArray
 
-# GUI (Experimental)
+This loads the PEM encoded certificate authority certificates and uses
+it to verify the certificates of the servers rclone connects to.
 
-Rclone can serve a web based GUI (graphical user interface).  This is
-somewhat experimental at the moment so things may be subject to
-change.
+If you have generated certificates signed with a local CA then you
+will need this flag to connect to servers using those certificates.
 
-Run this command in a terminal and rclone will download and then
-display the GUI in a web browser.
+### --client-cert string
 
-```
-rclone rcd --rc-web-gui
-```
+This loads the PEM encoded client side certificate.
 
-This will produce logs like this and rclone needs to continue to run to serve the GUI:
+This is used for [mutual TLS authentication](https://en.wikipedia.org/wiki/Mutual_authentication).
 
-```
-2019/08/25 11:40:14 NOTICE: A new release for gui is present at https://github.com/rclone/rclone-webui-react/releases/download/v0.0.6/currentbuild.zip
-2019/08/25 11:40:14 NOTICE: Downloading webgui binary. Please wait. [Size: 3813937, Path :  /home/USER/.cache/rclone/webgui/v0.0.6.zip]
-2019/08/25 11:40:16 NOTICE: Unzipping
-2019/08/25 11:40:16 NOTICE: Serving remote control on http://127.0.0.1:5572/
-```
+The `--client-key` flag is required too when using this.
 
-This assumes you are running rclone locally on your machine.  It is
-possible to separate the rclone and the GUI - see below for details.
+### --client-key string
 
-If you wish to check for updates then you can add `--rc-web-gui-update`
-to the command line.
+This loads the PEM encoded client side private key used for mutual TLS
+authentication.  Used in conjunction with `--client-cert`.
 
-If you find your GUI broken, you may force it to update by add `--rc-web-gui-force-update`.
+### --no-check-certificate=true/false ###
 
-By default, rclone will open your browser. Add `--rc-web-gui-no-open-browser`
-to disable this feature.
+`--no-check-certificate` controls whether a client verifies the
+server's certificate chain and host name.
+If `--no-check-certificate` is true, TLS accepts any certificate
+presented by the server and any host name in that certificate.
+In this mode, TLS is susceptible to man-in-the-middle attacks.
 
-## Using the GUI
+This option defaults to `false`.
 
-Once the GUI opens, you will be looking at the dashboard which has an overall overview.
+**This should be used only for testing.**
 
-On the left hand side you will see a series of view buttons you can click on:
+Configuration Encryption
+------------------------
+Your configuration file contains information for logging in to
+your cloud services. This means that you should keep your
+`rclone.conf` file in a secure location.
 
-- Dashboard - main overview
-- Configs - examine and create new configurations
-- Explorer - view, download and upload files to the cloud storage systems
-- Backend - view or alter the backend config
-- Log out
+If you are in an environment where that isn't possible, you can
+add a password to your configuration. This means that you will
+have to supply the password every time you start rclone.
 
-(More docs and walkthrough video to come!)
+To add a password to your rclone configuration, execute `rclone config`.
 
-## How it works
+```
+>rclone config
+Current remotes:
 
-When you run the `rclone rcd --rc-web-gui` this is what happens
+e) Edit existing remote
+n) New remote
+d) Delete remote
+s) Set configuration password
+q) Quit config
+e/n/d/s/q>
+```
 
-- Rclone starts but only runs the remote control API ("rc").
-- The API is bound to localhost with an auto-generated username and password.
-- If the API bundle is missing then rclone will download it.
-- rclone will start serving the files from the API bundle over the same port as the API
-- rclone will open the browser with a `login_token` so it can log straight in.
+Go into `s`, Set configuration password:
+```
+e/n/d/s/q> s
+Your configuration is not encrypted.
+If you add a password, you will protect your login information to cloud services.
+a) Add Password
+q) Quit to main menu
+a/q> a
+Enter NEW configuration password:
+password:
+Confirm NEW password:
+password:
+Password set
+Your configuration is encrypted.
+c) Change Password
+u) Unencrypt configuration
+q) Quit to main menu
+c/u/q>
+```
 
-## Advanced use
+Your configuration is now encrypted, and every time you start rclone
+you will have to supply the password. See below for details.
+In the same menu, you can change the password or completely remove
+encryption from your configuration.
 
-The `rclone rcd` may use any of the [flags documented on the rc page](https://rclone.org/rc/#supported-parameters).
+There is no way to recover the configuration if you lose your password.
 
-The flag `--rc-web-gui` is shorthand for
+rclone uses [nacl secretbox](https://godoc.org/golang.org/x/crypto/nacl/secretbox)
+which in turn uses XSalsa20 and Poly1305 to encrypt and authenticate
+your configuration with secret-key cryptography.
+The password is SHA-256 hashed, which produces the key for secretbox.
+The hashed password is not stored.
 
-- Download the web GUI if necessary
-- Check we are using some authentication
-- `--rc-user gui`
-- `--rc-pass <random password>`
-- `--rc-serve`
+While this provides very good security, we do not recommend storing
+your encrypted rclone configuration in public if it contains sensitive
+information, maybe except if you use a very strong password.
 
-These flags can be overridden as desired.
+If it is safe in your environment, you can set the `RCLONE_CONFIG_PASS`
+environment variable to contain your password, in which case it will be
+used for decrypting the configuration.
 
-See also the [rclone rcd documentation](https://rclone.org/commands/rclone_rcd/).
+You can set this for a session from a script.  For unix like systems
+save this to a file called `set-rclone-password`:
 
-### Example: Running a public GUI
+```
+#!/bin/echo Source this file don't run it
 
-For example the GUI could be served on a public port over SSL using an htpasswd file using the following flags:
+read -s RCLONE_CONFIG_PASS
+export RCLONE_CONFIG_PASS
+```
 
-- `--rc-web-gui`
-- `--rc-addr :443`
-- `--rc-htpasswd /path/to/htpasswd`
-- `--rc-cert /path/to/ssl.crt`
-- `--rc-key /path/to/ssl.key`
+Then source the file when you want to use it.  From the shell you
+would do `source set-rclone-password`.  It will then ask you for the
+password and set it in the environment variable.
 
-### Example: Running a GUI behind a proxy
+An alternate means of supplying the password is to provide a script
+which will retrieve the password and print on standard output.  This
+script should have a fully specified path name and not rely on any
+environment variables.  The script is supplied either via
+`--password-command="..."` command line argument or via the
+`RCLONE_PASSWORD_COMMAND` environment variable.
 
-If you want to run the GUI behind a proxy at `/rclone` you could use these flags:
+One useful example of this is using the `passwordstore` application
+to retrieve the password:
 
-- `--rc-web-gui`
-- `--rc-baseurl rclone`
-- `--rc-htpasswd /path/to/htpasswd`
+```
+export RCLONE_PASSWORD_COMMAND="pass rclone/config"
+```
 
-Or instead of htpasswd if you just want a single user and password:
+If the `passwordstore` password manager holds the password for the
+rclone configuration, using the script method means the password
+is primarily protected by the `passwordstore` system, and is never
+embedded in the clear in scripts, nor available for examination
+using the standard commands available.  It is quite possible with
+long running rclone sessions for copies of passwords to be innocently
+captured in log files or terminal scroll buffers, etc.  Using the
+script method of supplying the password enhances the security of
+the config password considerably.
 
-- `--rc-user me`
-- `--rc-pass mypassword`
+If you are running rclone inside a script, unless you are using the
+`--password-command` method, you might want to disable
+password prompts. To do that, pass the parameter
+`--ask-password=false` to rclone. This will make rclone fail instead
+of asking for a password if `RCLONE_CONFIG_PASS` doesn't contain
+a valid password, and `--password-command` has not been supplied.
 
-## Project
+Whenever running commands that may be affected by options in a
+configuration file, rclone will look for an existing file according
+to the rules described [above](#config-config-file), and load any it
+finds. If an encrypted file is found, this includes decrypting it,
+with the possible consequence of a password prompt. When executing
+a command line that you know are not actually using anything from such
+a configuration file, you can avoid it being loaded by overriding the
+location, e.g. with one of the documented special values for
+memory-only configuration. Since only backend options can be stored
+in configuration files, this is normally unnecessary for commands
+that do not operate on backends, e.g. `genautocomplete`. However,
+it will be relevant for commands that do operate on backends in
+general, but are used without referencing a stored remote, e.g.
+listing local filesystem paths, or
+[connection strings](#connection-strings): `rclone --config="" ls .`
 
-The GUI is being developed in the: [rclone/rclone-webui-react repository](https://github.com/rclone/rclone-webui-react).
+Developer options
+-----------------
 
-Bug reports and contributions are very welcome :-)
+These options are useful when developing or debugging rclone.  There
+are also some more remote specific options which aren't documented
+here which are used for testing.  These start with remote name e.g.
+`--drive-test-option` - see the docs for the remote in question.
 
-If you have questions then please ask them on the [rclone forum](https://forum.rclone.org/).
+### --cpuprofile=FILE ###
 
-# Remote controlling rclone with its API
+Write CPU profile to file.  This can be analysed with `go tool pprof`.
 
-If rclone is run with the `--rc` flag then it starts an HTTP server
-which can be used to remote control rclone using its API.
+#### --dump flag,flag,flag ####
 
-You can either use the [rc](#api-rc) command to access the API
-or [use HTTP directly](#api-http).
+The `--dump` flag takes a comma separated list of flags to dump info
+about.
 
-If you just want to run a remote control then see the [rcd](https://rclone.org/commands/rclone_rcd/) command.
+Note that some headers including `Accept-Encoding` as shown may not
+be correct in the request and the response may not show `Content-Encoding`
+if the go standard libraries auto gzip encoding was in effect. In this case
+the body of the request will be gunzipped before showing it.
 
-## Supported parameters
+The available flags are:
 
-### --rc
+#### --dump headers ####
 
-Flag to start the http server listen on remote requests
-      
-### --rc-addr=IP
+Dump HTTP headers with `Authorization:` lines removed. May still
+contain sensitive info.  Can be very verbose.  Useful for debugging
+only.
 
-IPaddress:Port or :Port to bind server to. (default "localhost:5572")
+Use `--dump auth` if you do want the `Authorization:` headers.
 
-### --rc-cert=KEY
-SSL PEM key (concatenation of certificate and CA certificate)
+#### --dump bodies ####
 
-### --rc-client-ca=PATH
-Client certificate authority to verify clients with
+Dump HTTP headers and bodies - may contain sensitive info.  Can be
+very verbose.  Useful for debugging only.
 
-### --rc-htpasswd=PATH
+Note that the bodies are buffered in memory so don't use this for
+enormous files.
 
-htpasswd file - if not provided no authentication is done
+#### --dump requests ####
 
-### --rc-key=PATH
+Like `--dump bodies` but dumps the request bodies and the response
+headers.  Useful for debugging download problems.
 
-SSL PEM Private key
+#### --dump responses ####
 
-### --rc-max-header-bytes=VALUE
+Like `--dump bodies` but dumps the response bodies and the request
+headers. Useful for debugging upload problems.
 
-Maximum size of request header (default 4096)
+#### --dump auth ####
 
-### --rc-min-tls-version=VALUE
+Dump HTTP headers - will contain sensitive info such as
+`Authorization:` headers - use `--dump headers` to dump without
+`Authorization:` headers.  Can be very verbose.  Useful for debugging
+only.
 
-The minimum TLS version that is acceptable. Valid values are "tls1.0",
-"tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").
+#### --dump filters ####
 
-### --rc-user=VALUE
+Dump the filters to the output.  Useful to see exactly what include
+and exclude options are filtering on.
 
-User name for authentication.
+#### --dump goroutines ####
 
-### --rc-pass=VALUE
+This dumps a list of the running go-routines at the end of the command
+to standard output.
 
-Password for authentication.
+#### --dump openfiles ####
 
-### --rc-realm=VALUE
+This dumps a list of the open files at the end of the command.  It
+uses the `lsof` command to do that so you'll need that installed to
+use it.
 
-Realm for authentication (default "rclone")
+#### --dump mapper ####
 
-### --rc-server-read-timeout=DURATION
+This shows the JSON blobs being sent to the program supplied with
+`--metadata-mapper` and received from it. It can be useful for
+debugging the metadata mapper interface.
 
-Timeout for server reading data (default 1h0m0s)
+### --memprofile=FILE ###
 
-### --rc-server-write-timeout=DURATION
+Write memory profile to file. This can be analysed with `go tool pprof`.
 
-Timeout for server writing data (default 1h0m0s)
+Filtering
+---------
 
-### --rc-serve
+For the filtering options
 
-Enable the serving of remote objects via the HTTP interface.  This
-means objects will be accessible at http://127.0.0.1:5572/ by default,
-so you can browse to http://127.0.0.1:5572/ or http://127.0.0.1:5572/*
-to see a listing of the remotes.  Objects may be requested from
-remotes using this syntax http://127.0.0.1:5572/[remote:path]/path/to/object
+  * `--delete-excluded`
+  * `--filter`
+  * `--filter-from`
+  * `--exclude`
+  * `--exclude-from`
+  * `--exclude-if-present`
+  * `--include`
+  * `--include-from`
+  * `--files-from`
+  * `--files-from-raw`
+  * `--min-size`
+  * `--max-size`
+  * `--min-age`
+  * `--max-age`
+  * `--dump filters`
+  * `--metadata-include`
+  * `--metadata-include-from`
+  * `--metadata-exclude`
+  * `--metadata-exclude-from`
+  * `--metadata-filter`
+  * `--metadata-filter-from`
 
-Default Off.
+See the [filtering section](https://rclone.org/filtering/).
 
-### --rc-files /path/to/directory
+Remote control
+--------------
 
-Path to local files to serve on the HTTP server.
+For the remote control options and for instructions on how to remote control rclone
 
-If this is set then rclone will serve the files in that directory.  It
-will also open the root in the web browser if specified.  This is for
-implementing browser based GUIs for rclone functions.
+  * `--rc`
+  * and anything starting with `--rc-`
 
-If `--rc-user` or `--rc-pass` is set then the URL that is opened will
-have the authorization in the URL in the `http://user:pass@localhost/`
-style.
+See [the remote control section](https://rclone.org/rc/).
 
-Default Off.
+Logging
+-------
 
-### --rc-enable-metrics
+rclone has 4 levels of logging, `ERROR`, `NOTICE`, `INFO` and `DEBUG`.
 
-Enable OpenMetrics/Prometheus compatible endpoint at `/metrics`.
+By default, rclone logs to standard error.  This means you can redirect
+standard error and still see the normal output of rclone commands (e.g.
+`rclone ls`).
 
-Default Off.
+By default, rclone will produce `Error` and `Notice` level messages.
 
-### --rc-web-gui
+If you use the `-q` flag, rclone will only produce `Error` messages.
 
-Set this flag to serve the default web gui on the same port as rclone.
+If you use the `-v` flag, rclone will produce `Error`, `Notice` and
+`Info` messages.
 
-Default Off.
+If you use the `-vv` flag, rclone will produce `Error`, `Notice`,
+`Info` and `Debug` messages.
 
-### --rc-allow-origin
+You can also control the log levels with the `--log-level` flag.
 
-Set the allowed Access-Control-Allow-Origin for rc requests.
+If you use the `--log-file=FILE` option, rclone will redirect `Error`,
+`Info` and `Debug` messages along with standard error to FILE.
 
-Can be used with --rc-web-gui if the rclone is running on different IP than the web-gui.
+If you use the `--syslog` flag then rclone will log to syslog and the
+`--syslog-facility` control which facility it uses.
 
-Default is IP address on which rc is running.
+Rclone prefixes all log messages with their level in capitals, e.g. INFO
+which makes it easy to grep the log file for different kinds of
+information.
 
-### --rc-web-fetch-url
+Exit Code
+---------
 
-Set the URL to fetch the rclone-web-gui files from.
+If any errors occur during the command execution, rclone will exit with a
+non-zero exit code.  This allows scripts to detect when rclone
+operations have failed.
 
-Default https://api.github.com/repos/rclone/rclone-webui-react/releases/latest.
+During the startup phase, rclone will exit immediately if an error is
+detected in the configuration.  There will always be a log message
+immediately before exiting.
 
-### --rc-web-gui-update
+When rclone is running it will accumulate errors as it goes along, and
+only exit with a non-zero exit code if (after retries) there were
+still failed transfers.  For every error counted there will be a high
+priority log message (visible with `-q`) showing the message and
+which file caused the problem. A high priority message is also shown
+when starting a retry so the user can see that any previous error
+messages may not be valid after the retry. If rclone has done a retry
+it will log a high priority message if the retry was successful.
 
-Set this flag to check and update rclone-webui-react from the rc-web-fetch-url.
+### List of exit codes ###
+  * `0` - success
+  * `1` - Syntax or usage error
+  * `2` - Error not otherwise categorised
+  * `3` - Directory not found
+  * `4` - File not found
+  * `5` - Temporary error (one that more retries might fix) (Retry errors)
+  * `6` - Less serious errors (like 461 errors from dropbox) (NoRetry errors)
+  * `7` - Fatal error (one that more retries won't fix, like account suspended) (Fatal errors)
+  * `8` - Transfer exceeded - limit set by --max-transfer reached
+  * `9` - Operation successful, but no files transferred
+  * `10` - Duration exceeded - limit set by --max-duration reached
 
-Default Off.
+Environment Variables
+---------------------
 
-### --rc-web-gui-force-update
+Rclone can be configured entirely using environment variables.  These
+can be used to set defaults for options or config file entries.
 
-Set this flag to force update rclone-webui-react from the rc-web-fetch-url.
+### Options ###
 
-Default Off.
+Every option in rclone can have its default set by environment
+variable.
 
-### --rc-web-gui-no-open-browser
+To find the name of the environment variable, first, take the long
+option name, strip the leading `--`, change `-` to `_`, make
+upper case and prepend `RCLONE_`.
 
-Set this flag to disable opening browser automatically when using web-gui.
+For example, to always set `--stats 5s`, set the environment variable
+`RCLONE_STATS=5s`.  If you set stats on the command line this will
+override the environment variable setting.
 
-Default Off.
+Or to always use the trash in drive `--drive-use-trash`, set
+`RCLONE_DRIVE_USE_TRASH=true`.
 
-### --rc-job-expire-duration=DURATION
+Verbosity is slightly different, the environment variable 
+equivalent of `--verbose` or `-v` is `RCLONE_VERBOSE=1`, 
+or for `-vv`, `RCLONE_VERBOSE=2`.
 
-Expire finished async jobs older than DURATION (default 60s).
+The same parser is used for the options and the environment variables
+so they take exactly the same form.
 
-### --rc-job-expire-interval=DURATION
+The options set by environment variables can be seen with the `-vv` flag, e.g. `rclone version -vv`.
 
-Interval duration to check for expired async jobs (default 10s).
+### Config file ###
 
-### --rc-no-auth
+You can set defaults for values in the config file on an individual
+remote basis. The names of the config items are documented in the page
+for each backend.
 
-By default rclone will require authorisation to have been set up on
-the rc interface in order to use any methods which access any rclone
-remotes.  Eg `operations/list` is denied as it involved creating a
-remote as is `sync/copy`.
+To find the name of the environment variable, you need to set, take
+`RCLONE_CONFIG_` + name of remote + `_` + name of config file option
+and make it all uppercase.
+Note one implication here is the remote's name must be
+convertible into a valid environment variable name,
+so it can only contain letters, digits, or the `_` (underscore) character.
 
-If this is set then no authorisation will be required on the server to
-use these methods.  The alternative is to use `--rc-user` and
-`--rc-pass` and use these credentials in the request.
+For example, to configure an S3 remote named `mys3:` without a config
+file (using unix ways of setting environment variables):
 
-Default Off.
+```
+$ export RCLONE_CONFIG_MYS3_TYPE=s3
+$ export RCLONE_CONFIG_MYS3_ACCESS_KEY_ID=XXX
+$ export RCLONE_CONFIG_MYS3_SECRET_ACCESS_KEY=XXX
+$ rclone lsd mys3:
+          -1 2016-09-21 12:54:21        -1 my-bucket
+$ rclone listremotes | grep mys3
+mys3:
+```
 
-### --rc-baseurl
+Note that if you want to create a remote using environment variables
+you must create the `..._TYPE` variable as above.
 
-Prefix for URLs.
+Note that the name of a remote created using environment variable is
+case insensitive, in contrast to regular remotes stored in config
+file as documented [above](#valid-remote-names).
+You must write the name in uppercase in the environment variable, but
+as seen from example above it will be listed and can be accessed in
+lowercase, while you can also refer to the same remote in uppercase:
+```
+$ rclone lsd mys3:
+          -1 2016-09-21 12:54:21        -1 my-bucket
+$ rclone lsd MYS3:
+          -1 2016-09-21 12:54:21        -1 my-bucket
+```
 
-Default is root
 
-### --rc-template
+Note that you can only set the options of the immediate backend, 
+so RCLONE_CONFIG_MYS3CRYPT_ACCESS_KEY_ID has no effect, if myS3Crypt is 
+a crypt remote based on an S3 remote. However RCLONE_S3_ACCESS_KEY_ID will 
+set the access key of all remotes using S3, including myS3Crypt.
 
-User-specified template.
+Note also that now rclone has [connection strings](#connection-strings),
+it is probably easier to use those instead which makes the above example
 
-## Accessing the remote control via the rclone rc command {#api-rc}
+    rclone lsd :s3,access_key_id=XXX,secret_access_key=XXX:
 
-Rclone itself implements the remote control protocol in its `rclone
-rc` command.
+### Precedence
 
-You can use it like this
+The various different methods of backend configuration are read in
+this order and the first one with a value is used.
 
-```
-$ rclone rc rc/noop param1=one param2=two
-{
-	"param1": "one",
-	"param2": "two"
-}
-```
+- Parameters in connection strings, e.g. `myRemote,skip_links:`
+- Flag values as supplied on the command line, e.g. `--skip-links`
+- Remote specific environment vars, e.g. `RCLONE_CONFIG_MYREMOTE_SKIP_LINKS` (see above).
+- Backend-specific environment vars, e.g. `RCLONE_LOCAL_SKIP_LINKS`.
+- Backend generic environment vars, e.g. `RCLONE_SKIP_LINKS`.
+- Config file, e.g. `skip_links = true`.
+- Default values, e.g. `false` - these can't be changed.
 
-Run `rclone rc` on its own to see the help for the installed remote
-control commands.
+So if both `--skip-links` is supplied on the command line and an
+environment variable `RCLONE_LOCAL_SKIP_LINKS` is set, the command line
+flag will take preference.
 
-## JSON input
+The backend configurations set by environment variables can be seen with the `-vv` flag, e.g. `rclone about myRemote: -vv`.
 
-`rclone rc` also supports a `--json` flag which can be used to send
-more complicated input parameters.
+For non backend configuration the order is as follows:
+
+- Flag values as supplied on the command line, e.g. `--stats 5s`.
+- Environment vars, e.g. `RCLONE_STATS=5s`.
+- Default values, e.g. `1m` - these can't be changed.
+
+### Other environment variables ###
+
+- `RCLONE_CONFIG_PASS` set to contain your config file password (see [Configuration Encryption](#configuration-encryption) section)
+- `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` (or the lowercase versions thereof).
+    - `HTTPS_PROXY` takes precedence over `HTTP_PROXY` for https requests.
+    - The environment values may be either a complete URL or a "host[:port]" for, in which case the "http" scheme is assumed.
+- `USER` and `LOGNAME` values are used as fallbacks for current username. The primary method for looking up username is OS-specific: Windows API on Windows, real user ID in /etc/passwd on Unix systems. In the documentation the current username is simply referred to as `$USER`.
+- `RCLONE_CONFIG_DIR` - rclone **sets** this variable for use in config files and sub processes to point to the directory holding the config file.
+
+The options set by environment variables can be seen with the `-vv` and `--log-level=DEBUG` flags, e.g. `rclone version -vv`.
+
+# Configuring rclone on a remote / headless machine #
+
+Some of the configurations (those involving oauth2) require an
+Internet connected web browser.
+
+If you are trying to set rclone up on a remote or headless box with no
+browser available on it (e.g. a NAS or a server in a datacenter) then
+you will need to use an alternative means of configuration.  There are
+two ways of doing it, described below.
+
+## Configuring using rclone authorize ##
+
+On the headless box run `rclone` config but answer `N` to the `Use web browser 
+to automatically authenticate?` question.
 
 ```
-$ rclone rc --json '{ "p1": [1,"2",null,4], "p2": { "a":1, "b":2 } }' rc/noop
-{
-	"p1": [
-		1,
-		"2",
-		null,
-		4
-	],
-	"p2": {
-		"a": 1,
-		"b": 2
-	}
-}
+...
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes (default)
+n) No
+y/n> n
+For this to work, you will need rclone available on a machine that has
+a web browser available.
+
+For more help and alternate methods see: https://rclone.org/remote_setup/
+
+Execute the following on the machine with the web browser (same rclone
+version recommended):
+
+	rclone authorize "amazon cloud drive"
+
+Then paste the result below:
+result>
 ```
 
-If the parameter being passed is an object then it can be passed as a
-JSON string rather than using the `--json` flag which simplifies the
-command line.
+Then on your main desktop machine
 
 ```
-rclone rc operations/list fs=/tmp remote=test opt='{"showHash": true}'
+rclone authorize "amazon cloud drive"
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+Paste the following into your remote machine --->
+SECRET_TOKEN
+<---End paste
 ```
 
-Rather than
+Then back to the headless box, paste in the code
 
 ```
-rclone rc operations/list --json '{"fs": "/tmp", "remote": "test", "opt": {"showHash": true}}'
+result> SECRET_TOKEN
+--------------------
+[acd12]
+client_id = 
+client_secret = 
+token = SECRET_TOKEN
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d>
 ```
 
-## Special parameters
-
-The rc interface supports some special parameters which apply to
-**all** commands.  These start with `_` to show they are different.
+## Configuring by copying the config file ##
 
-### Running asynchronous jobs with _async = true
+Rclone stores all of its config in a single configuration file.  This
+can easily be copied to configure a remote rclone.
 
-Each rc call is classified as a job and it is assigned its own id. By default
-jobs are executed immediately as they are created or synchronously.
+So first configure rclone on your desktop machine with
 
-If `_async` has a true value when supplied to an rc call then it will
-return immediately with a job id and the task will be run in the
-background.  The `job/status` call can be used to get information of
-the background job.  The job can be queried for up to 1 minute after
-it has finished.
+    rclone config
 
-It is recommended that potentially long running jobs, e.g. `sync/sync`,
-`sync/copy`, `sync/move`, `operations/purge` are run with the `_async`
-flag to avoid any potential problems with the HTTP request and
-response timing out.
+to set up the config file.
 
-Starting a job with the `_async` flag:
+Find the config file by running `rclone config file`, for example
 
 ```
-$ rclone rc --json '{ "p1": [1,"2",null,4], "p2": { "a":1, "b":2 }, "_async": true }' rc/noop
-{
-	"jobid": 2
-}
+$ rclone config file
+Configuration file is stored at:
+/home/user/.rclone.conf
 ```
 
-Query the status to see if the job has finished.  For more information
-on the meaning of these return parameters see the `job/status` call.
+Now transfer it to the remote box (scp, cut paste, ftp, sftp, etc.) and
+place it in the correct place (use `rclone config file` on the remote
+box to find out where).
 
+## Configuring using SSH Tunnel ##
+
+Linux and MacOS users can utilize SSH Tunnel to redirect the headless box port 53682 to local machine by using the following command:
 ```
-$ rclone rc --json '{ "jobid":2 }' job/status
-{
-	"duration": 0.000124163,
-	"endTime": "2018-10-27T11:38:07.911245881+01:00",
-	"error": "",
-	"finished": true,
-	"id": 2,
-	"output": {
-		"_async": true,
-		"p1": [
-			1,
-			"2",
-			null,
-			4
-		],
-		"p2": {
-			"a": 1,
-			"b": 2
-		}
-	},
-	"startTime": "2018-10-27T11:38:07.911121728+01:00",
-	"success": true
-}
+ssh -L localhost:53682:localhost:53682 username@remote_server
 ```
-
-`job/list` can be used to show the running or recently completed jobs
+Then on the headless box run `rclone` config and answer `Y` to the `Use web 
+browser to automatically authenticate?` question.
 
 ```
-$ rclone rc job/list
-{
-	"jobids": [
-		2
-	]
-}
+...
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes (default)
+n) No
+y/n> y
 ```
+Then copy and paste the auth url `http://127.0.0.1:53682/auth?state=xxxxxxxxxxxx` to the browser on your local machine, complete the auth and it is done.
 
-### Setting config flags with _config
+# Filtering, includes and excludes
 
-If you wish to set config (the equivalent of the global flags) for the
-duration of an rc call only then pass in the `_config` parameter.
+Filter flags determine which files rclone `sync`, `move`, `ls`, `lsl`,
+`md5sum`, `sha1sum`, `size`, `delete`, `check` and similar commands
+apply to.
 
-This should be in the same format as the `config` key returned by
-[options/get](#options-get).
+They are specified in terms of path/file name patterns; path/file
+lists; file age and size, or presence of a file in a directory. Bucket
+based remotes without the concept of directory apply filters to object
+key, age and size in an analogous way.
 
-For example, if you wished to run a sync with the `--checksum`
-parameter, you would pass this parameter in your JSON blob.
+Rclone `purge` does not obey filters.
 
-    "_config":{"CheckSum": true}
+To test filters without risk of damage to data, apply them to `rclone
+ls`, or with the `--dry-run` and `-vv` flags.
 
-If using `rclone rc` this could be passed as
+Rclone filter patterns can only be used in filter command line options, not
+in the specification of a remote.
 
-    rclone rc operations/sync ... _config='{"CheckSum": true}'
+E.g. `rclone copy "remote:dir*.jpg" /path/to/dir` does not have a filter effect.
+`rclone copy remote:dir /path/to/dir --include "*.jpg"` does.
 
-Any config parameters you don't set will inherit the global defaults
-which were set with command line flags or environment variables.
+**Important** Avoid mixing any two of `--include...`, `--exclude...` or
+`--filter...` flags in an rclone command. The results might not be what
+you expect. Instead use a `--filter...` flag.
 
-Note that it is possible to set some values as strings or integers -
-see [data types](#data-types) for more info. Here is an example
-setting the equivalent of `--buffer-size` in string or integer format.
+## Patterns for matching path/file names
 
-    "_config":{"BufferSize": "42M"}
-    "_config":{"BufferSize": 44040192}
+### Pattern syntax {#patterns}
 
-If you wish to check the `_config` assignment has worked properly then
-calling `options/local` will show what the value got set to.
+Here is a formal definition of the pattern syntax,
+[examples](#examples) are below.
 
-### Setting filter flags with _filter
+Rclone matching rules follow a glob style:
 
-If you wish to set filters for the duration of an rc call only then
-pass in the `_filter` parameter.
+    *         matches any sequence of non-separator (/) characters
+    **        matches any sequence of characters including / separators
+    ?         matches any single non-separator (/) character
+    [ [ ! ] { character-range } ]
+              character class (must be non-empty)
+    { pattern-list }
+              pattern alternatives
+    {{ regexp }}
+              regular expression to match
+    c         matches character c (c != *, **, ?, \, [, {, })
+    \c        matches reserved character c (c = *, **, ?, \, [, {, }) or character class
 
-This should be in the same format as the `filter` key returned by
-[options/get](#options-get).
+character-range:
 
-For example, if you wished to run a sync with these flags
+    c         matches character c (c != \, -, ])
+    \c        matches reserved character c (c = \, -, ])
+    lo - hi   matches character c for lo <= c <= hi
 
-    --max-size 1M --max-age 42s --include "a" --include "b"
+pattern-list:
 
-you would pass this parameter in your JSON blob.
+    pattern { , pattern }
+              comma-separated (without spaces) patterns
 
-    "_filter":{"MaxSize":"1M", "IncludeRule":["a","b"], "MaxAge":"42s"}
+character classes (see [Go regular expression reference](https://golang.org/pkg/regexp/syntax/)) include:
 
-If using `rclone rc` this could be passed as
+    Named character classes (e.g. [\d], [^\d], [\D], [^\D])
+    Perl character classes (e.g. \s, \S, \w, \W)
+    ASCII character classes (e.g. [[:alnum:]], [[:alpha:]], [[:punct:]], [[:xdigit:]])
 
-    rclone rc ... _filter='{"MaxSize":"1M", "IncludeRule":["a","b"], "MaxAge":"42s"}'
+regexp for advanced users to insert a regular expression - see [below](#regexp) for more info:
 
-Any filter parameters you don't set will inherit the global defaults
-which were set with command line flags or environment variables.
+    Any re2 regular expression not containing `}}`
 
-Note that it is possible to set some values as strings or integers -
-see [data types](#data-types) for more info. Here is an example
-setting the equivalent of `--buffer-size` in string or integer format.
+If the filter pattern starts with a `/` then it only matches
+at the top level of the directory tree,
+**relative to the root of the remote** (not necessarily the root
+of the drive). If it does not start with `/` then it is matched
+starting at the **end of the path/file name** but it only matches
+a complete path element - it must match from a `/`
+separator or the beginning of the path/file.
 
-    "_filter":{"MinSize": "42M"}
-    "_filter":{"MinSize": 44040192}
+    file.jpg   - matches "file.jpg"
+               - matches "directory/file.jpg"
+               - doesn't match "afile.jpg"
+               - doesn't match "directory/afile.jpg"
+    /file.jpg  - matches "file.jpg" in the root directory of the remote
+               - doesn't match "afile.jpg"
+               - doesn't match "directory/file.jpg"
 
-If you wish to check the `_filter` assignment has worked properly then
-calling `options/local` will show what the value got set to.
+The top level of the remote might not be the top level of the drive.
 
-### Assigning operations to groups with _group = value
+E.g. for a Microsoft Windows local directory structure
 
-Each rc call has its own stats group for tracking its metrics. By default
-grouping is done by the composite group name from prefix `job/` and  id of the
-job like so `job/1`.
+    F:
+    ├── bkp
+    ├── data
+    │   ├── excl
+    │   │   ├── 123.jpg
+    │   │   └── 456.jpg
+    │   ├── incl
+    │   │   └── document.pdf
 
-If `_group` has a value then stats for that request will be grouped under that
-value. This allows caller to group stats under their own name.
+To copy the contents of folder `data` into folder `bkp` excluding the contents of subfolder
+`excl`the following command treats `F:\data` and `F:\bkp` as top level for filtering.
 
-Stats for specific group can be accessed by passing `group` to `core/stats`:
+`rclone copy F:\data\ F:\bkp\ --exclude=/excl/**`
 
-```
-$ rclone rc --json '{ "group": "job/1" }' core/stats
-{
-	"speed": 12345
-	...
-}
-```
+**Important** Use `/` in path/file name patterns and not `\` even if
+running on Microsoft Windows.
 
-## Data types {#data-types}
+Simple patterns are case sensitive unless the `--ignore-case` flag is used.
 
-When the API returns types, these will mostly be straight forward
-integer, string or boolean types.
+Without `--ignore-case` (default)
 
-However some of the types returned by the [options/get](#options-get)
-call and taken by the [options/set](#options-set) calls as well as the
-`vfsOpt`, `mountOpt` and the `_config` parameters.
+    potato - matches "potato"
+           - doesn't match "POTATO"
 
-- `Duration` - these are returned as an integer duration in
-  nanoseconds. They may be set as an integer, or they may be set with
-  time string, eg "5s". See the [options section](https://rclone.org/docs/#options) for
-  more info.
-- `Size` - these are returned as an integer number of bytes. They may
-  be set as an integer or they may be set with a size suffix string,
-  eg "10M". See the [options section](https://rclone.org/docs/#options) for more info.
-- Enumerated type (such as `CutoffMode`, `DumpFlags`, `LogLevel`,
-  `VfsCacheMode` - these will be returned as an integer and may be set
-  as an integer but more conveniently they can be set as a string, eg
-  "HARD" for `CutoffMode` or `DEBUG` for `LogLevel`.
-- `BandwidthSpec` - this will be set and returned as a string, eg
-  "1M".
+With `--ignore-case`
 
-## Specifying remotes to work on
+    potato - matches "potato"
+           - matches "POTATO"
 
-Remotes are specified with the `fs=`, `srcFs=`, `dstFs=`
-parameters depending on the command being used.
+## Using regular expressions in filter patterns {#regexp}
 
-The parameters can be a string as per the rest of rclone, eg
-`s3:bucket/path` or `:sftp:/my/dir`. They can also be specified as
-JSON blobs.
+The syntax of filter patterns is glob style matching (like `bash`
+uses) to make things easy for users. However this does not provide
+absolute control over the matching, so for advanced users rclone also
+provides a regular expression syntax.
 
-If specifying a JSON blob it should be a object mapping strings to
-strings. These values will be used to configure the remote. There are
-3 special values which may be set:
+The regular expressions used are as defined in the [Go regular
+expression reference](https://golang.org/pkg/regexp/syntax/). Regular
+expressions should be enclosed in `{{` `}}`. They will match only the
+last path segment if the glob doesn't start with `/` or the whole path
+name if it does. Note that rclone does not attempt to parse the
+supplied regular expression, meaning that using any regular expression
+filter will prevent rclone from using [directory filter rules](#directory_filter),
+as it will instead check every path against
+the supplied regular expression(s).
 
-- `type` -  set to `type` to specify a remote called `:type:`
-- `_name` - set to `name` to specify a remote called `name:`
-- `_root` - sets the root of the remote - may be empty
+Here is how the `{{regexp}}` is transformed into an full regular
+expression to match the entire path:
 
-One of `_name` or `type` should normally be set. If the `local`
-backend is desired then `type` should be set to `local`. If `_root`
-isn't specified then it defaults to the root of the remote.
+    {{regexp}}  becomes (^|/)(regexp)$
+    /{{regexp}} becomes ^(regexp)$
 
-For example this JSON is equivalent to `remote:/tmp`
+Regexp syntax can be mixed with glob syntax, for example
 
-```
-{
-    "_name": "remote",
-    "_path": "/tmp"
-}
-```
+    *.{{jpe?g}} to match file.jpg, file.jpeg but not file.png
 
-And this is equivalent to `:sftp,host='example.com':/tmp`
+You can also use regexp flags - to set case insensitive, for example
 
-```
-{
-    "type": "sftp",
-    "host": "example.com",
-    "_path": "/tmp"
-}
-```
+    *.{{(?i)jpg}} to match file.jpg, file.JPG but not file.png
 
-And this is equivalent to `/tmp/dir`
+Be careful with wildcards in regular expressions - you don't want them
+to match path separators normally. To match any file name starting
+with `start` and ending with `end` write
 
-```
-{
-    type = "local",
-    _ path = "/tmp/dir"
-}
-```
+    {{start[^/]*end\.jpg}}
 
-## Supported commands
+Not
 
-### backend/command: Runs a backend command. {#backend-command}
+    {{start.*end\.jpg}}
 
-This takes the following parameters:
+Which will match a directory called `start` with a file called
+`end.jpg` in it as the `.*` will match `/` characters.
 
-- command - a string with the command name
-- fs - a remote name string e.g. "drive:"
-- arg - a list of arguments for the backend command
-- opt - a map of string to string of options
+Note that you can use `-vv --dump filters` to show the filter patterns
+in regexp format - rclone implements the glob patterns by transforming
+them into regular expressions.
 
-Returns:
+## Filter pattern examples {#examples}
 
-- result - result from the backend command
+| Description | Pattern | Matches | Does not match |
+| ----------- |-------- | ------- | -------------- |
+| Wildcard    | `*.jpg` | `/file.jpg`     | `/file.png`    |
+|             |         | `/dir/file.jpg` | `/dir/file.png` |
+| Rooted      | `/*.jpg` | `/file.jpg`    | `/file.png`    |
+|             |          | `/file2.jpg`    | `/dir/file.jpg` |
+| Alternates  | `*.{jpg,png}` | `/file.jpg`     | `/file.gif`    |
+|             |         | `/dir/file.png` | `/dir/file.gif` |
+| Path Wildcard | `dir/**` | `/dir/anyfile`     | `file.png`    |
+|             |          | `/subdir/dir/subsubdir/anyfile` | `/subdir/file.png` |
+| Any Char    | `*.t?t` | `/file.txt`     | `/file.qxt`    |
+|             |         | `/dir/file.tzt` | `/dir/file.png` |
+| Range       | `*.[a-z]` | `/file.a`     | `/file.0`    |
+|             |         | `/dir/file.b` | `/dir/file.1` |
+| Escape      | `*.\?\?\?` | `/file.???`     | `/file.abc`    |
+|             |         | `/dir/file.???` | `/dir/file.def` |
+| Class       | `*.\d\d\d` | `/file.012`     | `/file.abc`    |
+|             |         | `/dir/file.345` | `/dir/file.def` |
+| Regexp      | `*.{{jpe?g}}` | `/file.jpeg`     | `/file.png`    |
+|             |         | `/dir/file.jpg` | `/dir/file.jpeeg` |
+| Rooted Regexp | `/{{.*\.jpe?g}}` | `/file.jpeg`  | `/file.png`    |
+|             |                  | `/file.jpg`   | `/dir/file.jpg` |
 
-Example:
+## How filter rules are applied to files {#how-filter-rules-work}
 
-    rclone rc backend/command command=noop fs=. -o echo=yes -o blue -a path1 -a path2
+Rclone path/file name filters are made up of one or more of the following flags:
 
-Returns
+  * `--include`
+  * `--include-from`
+  * `--exclude`
+  * `--exclude-from`
+  * `--filter`
+  * `--filter-from`
 
-```
-{
-	"result": {
-		"arg": [
-			"path1",
-			"path2"
-		],
-		"name": "noop",
-		"opt": {
-			"blue": "",
-			"echo": "yes"
-		}
-	}
-}
-```
+There can be more than one instance of individual flags.
 
-Note that this is the direct equivalent of using this "backend"
-command:
+Rclone internally uses a combined list of all the include and exclude
+rules. The order in which rules are processed can influence the result
+of the filter.
 
-    rclone backend noop . -o echo=yes -o blue path1 path2
+All flags of the same type are processed together in the order
+above, regardless of what order the different types of flags are
+included on the command line.
 
-Note that arguments must be preceded by the "-a" flag
+Multiple instances of the same flag are processed from left
+to right according to their position in the command line.
 
-See the [backend](https://rclone.org/commands/rclone_backend/) command for more information.
+To mix up the order of processing includes and excludes use `--filter...`
+flags.
 
-**Authentication is required for this call.**
+Within `--include-from`, `--exclude-from` and `--filter-from` flags
+rules are processed from top to bottom of the referenced file.
 
-### cache/expire: Purge a remote from cache {#cache-expire}
+If there is an `--include` or `--include-from` flag specified, rclone
+implies a `- **` rule which it adds to the bottom of the internal rule
+list. Specifying a `+` rule with a `--filter...` flag does not imply
+that rule.
 
-Purge a remote from the cache backend. Supports either a directory or a file.
-Params:
-  - remote = path to remote (required)
-  - withData = true/false to delete cached data (chunks) as well (optional)
+Each path/file name passed through rclone is matched against the
+combined filter list. At first match to a rule the path/file name
+is included or excluded and no further filter rules are processed for
+that path/file.
 
-Eg
+If rclone does not find a match, after testing against all rules
+(including the implied rule if appropriate), the path/file name
+is included.
 
-    rclone rc cache/expire remote=path/to/sub/folder/
-    rclone rc cache/expire remote=/ withData=true
+Any path/file included at that stage is processed by the rclone
+command.
 
-### cache/fetch: Fetch file chunks {#cache-fetch}
+`--files-from` and `--files-from-raw` flags over-ride and cannot be
+combined with other filter options.
 
-Ensure the specified file chunks are cached on disk.
+To see the internal combined rule list, in regular expression form,
+for a command add the `--dump filters` flag. Running an rclone command
+with `--dump filters` and `-vv` flags lists the internal filter elements
+and shows how they are applied to each source path/file. There is not
+currently a means provided to pass regular expression filter options into
+rclone directly though character class filter rules contain character
+classes. [Go regular expression reference](https://golang.org/pkg/regexp/syntax/)
 
-The chunks= parameter specifies the file chunks to check.
-It takes a comma separated list of array slice indices.
-The slice indices are similar to Python slices: start[:end]
+### How filter rules are applied to directories {#directory_filter}
 
-start is the 0 based chunk number from the beginning of the file
-to fetch inclusive. end is 0 based chunk number from the beginning
-of the file to fetch exclusive.
-Both values can be negative, in which case they count from the back
-of the file. The value "-5:" represents the last 5 chunks of a file.
+Rclone commands are applied to path/file names not
+directories. The entire contents of a directory can be matched
+to a filter by the pattern `directory/*` or recursively by
+`directory/**`.
 
-Some valid examples are:
-":5,-5:" -> the first and last five chunks
-"0,-2" -> the first and the second last chunk
-"0:10" -> the first ten chunks
+Directory filter rules are defined with a closing `/` separator.
 
-Any parameter with a key that starts with "file" can be used to
-specify files to fetch, e.g.
+E.g. `/directory/subdirectory/` is an rclone directory filter rule.
 
-    rclone rc cache/fetch chunks=0 file=hello file2=home/goodbye
+Rclone commands can use directory filter rules to determine whether they
+recurse into subdirectories. This potentially optimises access to a remote
+by avoiding listing unnecessary directories. Whether optimisation is
+desirable depends on the specific filter rules and source remote content.
 
-File names will automatically be encrypted when the a crypt remote
-is used on top of the cache.
+If any [regular expression filters](#regexp) are in use, then no
+directory recursion optimisation is possible, as rclone must check
+every path against the supplied regular expression(s).
 
-### cache/stats: Get cache stats {#cache-stats}
+Directory recursion optimisation occurs if either:
 
-Show statistics for the cache remote.
+* A source remote does not support the rclone `ListR` primitive. local,
+sftp, Microsoft OneDrive and WebDAV do not support `ListR`. Google
+Drive and most bucket type storage do. [Full list](https://rclone.org/overview/#optional-features)
 
-### config/create: create the config for a remote. {#config-create}
+* On other remotes (those that support `ListR`), if the rclone command is not naturally recursive, and
+provided it is not run with the `--fast-list` flag. `ls`, `lsf -R` and
+`size` are naturally recursive but `sync`, `copy` and `move` are not.
 
-This takes the following parameters:
+* Whenever the `--disable ListR` flag is applied to an rclone command.
 
-- name - name of remote
-- parameters - a map of \{ "key": "value" \} pairs
-- type - type of the new remote
-- opt - a dictionary of options to control the configuration
-    - obscure - declare passwords are plain and need obscuring
-    - noObscure - declare passwords are already obscured and don't need obscuring
-    - nonInteractive - don't interact with a user, return questions
-    - continue - continue the config process with an answer
-    - all - ask all the config questions not just the post config ones
-    - state - state to restart with - used with continue
-    - result - result to restart with - used with continue
+Rclone commands imply directory filter rules from path/file filter
+rules. To view the directory filter rules rclone has implied for a
+command specify the `--dump filters` flag.
 
+E.g. for an include rule
 
-See the [config create](https://rclone.org/commands/rclone_config_create/) command for more information on the above.
+    /a/*.jpg
 
-**Authentication is required for this call.**
+Rclone implies the directory include rule
 
-### config/delete: Delete a remote in the config file. {#config-delete}
+    /a/
 
-Parameters:
+Directory filter rules specified in an rclone command can limit
+the scope of an rclone command but path/file filters still have
+to be specified.
 
-- name - name of remote to delete
+E.g. `rclone ls remote: --include /directory/` will not match any
+files. Because it is an `--include` option the `--exclude **` rule
+is implied, and the `/directory/` pattern serves only to optimise
+access to the remote by ignoring everything outside of that directory.
 
-See the [config delete](https://rclone.org/commands/rclone_config_delete/) command for more information on the above.
+E.g. `rclone ls remote: --filter-from filter-list.txt` with a file
+`filter-list.txt`:
 
-**Authentication is required for this call.**
+    - /dir1/
+    - /dir2/
+    + *.pdf
+    - **
 
-### config/dump: Dumps the config file. {#config-dump}
+All files in directories `dir1` or `dir2` or their subdirectories
+are completely excluded from the listing. Only files of suffix
+`pdf` in the root of `remote:` or its subdirectories are listed.
+The `- **` rule prevents listing of any path/files not previously
+matched by the rules above.
 
-Returns a JSON object:
-- key: value
+Option `exclude-if-present` creates a directory exclude rule based
+on the presence of a file in a directory and takes precedence over
+other rclone directory filter rules.
 
-Where keys are remote names and values are the config parameters.
+When using pattern list syntax, if a pattern item contains either
+`/` or `**`, then rclone will not able to imply a directory filter rule
+from this pattern list.
 
-See the [config dump](https://rclone.org/commands/rclone_config_dump/) command for more information on the above.
+E.g. for an include rule
 
-**Authentication is required for this call.**
+    {dir1/**,dir2/**}
 
-### config/get: Get a remote in the config file. {#config-get}
+Rclone will match files below directories `dir1` or `dir2` only,
+but will not be able to use this filter to exclude a directory `dir3`
+from being traversed.
 
-Parameters:
+Directory recursion optimisation may affect performance, but normally
+not the result. One exception to this is sync operations with option
+`--create-empty-src-dirs`, where any traversed empty directories will
+be created. With the pattern list example `{dir1/**,dir2/**}` above,
+this would create an empty directory `dir3` on destination (when it exists
+on source). Changing the filter to `{dir1,dir2}/**`, or splitting it into
+two include rules `--include dir1/** --include dir2/**`, will match the
+same files while also filtering directories, with the result that an empty
+directory `dir3` will no longer be created.
 
-- name - name of remote to get
+### `--exclude` - Exclude files matching pattern
 
-See the [config dump](https://rclone.org/commands/rclone_config_dump/) command for more information on the above.
+Excludes path/file names from an rclone command based on a single exclude
+rule.
 
-**Authentication is required for this call.**
+This flag can be repeated. See above for the order filter flags are
+processed in.
 
-### config/listremotes: Lists the remotes in the config file. {#config-listremotes}
+`--exclude` should not be used with `--include`, `--include-from`,
+`--filter` or `--filter-from` flags.
 
-Returns
-- remotes - array of remote names
+`--exclude` has no effect when combined with `--files-from` or
+`--files-from-raw` flags.
 
-See the [listremotes](https://rclone.org/commands/rclone_listremotes/) command for more information on the above.
+E.g. `rclone ls remote: --exclude *.bak` excludes all .bak files
+from listing.
 
-**Authentication is required for this call.**
+E.g. `rclone size remote: "--exclude /dir/**"` returns the total size of
+all files on `remote:` excluding those in root directory `dir` and sub
+directories.
 
-### config/password: password the config for a remote. {#config-password}
+E.g. on Microsoft Windows `rclone ls remote: --exclude "*\[{JP,KR,HK}\]*"`
+lists the files in `remote:` without `[JP]` or `[KR]` or `[HK]` in
+their name. Quotes prevent the shell from interpreting the `\`
+characters.`\` characters escape the `[` and `]` so an rclone filter
+treats them literally rather than as a character-range. The `{` and `}`
+define an rclone pattern list. For other operating systems single quotes are
+required ie `rclone ls remote: --exclude '*\[{JP,KR,HK}\]*'`
 
-This takes the following parameters:
+### `--exclude-from` - Read exclude patterns from file
 
-- name - name of remote
-- parameters - a map of \{ "key": "value" \} pairs
+Excludes path/file names from an rclone command based on rules in a
+named file. The file contains a list of remarks and pattern rules.
 
+For an example `exclude-file.txt`:
 
-See the [config password](https://rclone.org/commands/rclone_config_password/) command for more information on the above.
+    # a sample exclude rule file
+    *.bak
+    file2.jpg
 
-**Authentication is required for this call.**
+`rclone ls remote: --exclude-from exclude-file.txt` lists the files on
+`remote:` except those named `file2.jpg` or with a suffix `.bak`. That is
+equivalent to `rclone ls remote: --exclude file2.jpg --exclude "*.bak"`.
 
-### config/providers: Shows how providers are configured in the config file. {#config-providers}
+This flag can be repeated. See above for the order filter flags are
+processed in.
 
-Returns a JSON object:
-- providers - array of objects
+The `--exclude-from` flag is useful where multiple exclude filter rules
+are applied to an rclone command.
 
-See the [config providers](https://rclone.org/commands/rclone_config_providers/) command for more information on the above.
+`--exclude-from` should not be used with `--include`, `--include-from`,
+`--filter` or `--filter-from` flags.
 
-**Authentication is required for this call.**
+`--exclude-from` has no effect when combined with `--files-from` or
+`--files-from-raw` flags.
 
-### config/setpath: Set the path of the config file {#config-setpath}
+`--exclude-from` followed by `-` reads filter rules from standard input.
 
-Parameters:
+### `--include` - Include files matching pattern
 
-- path - path to the config file to use
+Adds a single include rule based on path/file names to an rclone
+command.
 
-**Authentication is required for this call.**
+This flag can be repeated. See above for the order filter flags are
+processed in.
 
-### config/update: update the config for a remote. {#config-update}
+`--include` has no effect when combined with `--files-from` or
+`--files-from-raw` flags.
 
-This takes the following parameters:
+`--include` implies `--exclude **` at the end of an rclone internal
+filter list. Therefore if you mix `--include` and `--include-from`
+flags with `--exclude`, `--exclude-from`, `--filter` or `--filter-from`,
+you must use include rules for all the files you want in the include
+statement. For more flexibility use the `--filter-from` flag.
 
-- name - name of remote
-- parameters - a map of \{ "key": "value" \} pairs
-- opt - a dictionary of options to control the configuration
-    - obscure - declare passwords are plain and need obscuring
-    - noObscure - declare passwords are already obscured and don't need obscuring
-    - nonInteractive - don't interact with a user, return questions
-    - continue - continue the config process with an answer
-    - all - ask all the config questions not just the post config ones
-    - state - state to restart with - used with continue
-    - result - result to restart with - used with continue
+E.g. `rclone ls remote: --include "*.{png,jpg}"` lists the files on
+`remote:` with suffix `.png` and `.jpg`. All other files are excluded.
 
+E.g. multiple rclone copy commands can be combined with `--include` and a
+pattern-list.
 
-See the [config update](https://rclone.org/commands/rclone_config_update/) command for more information on the above.
+    rclone copy /vol1/A remote:A
+    rclone copy /vol1/B remote:B
 
-**Authentication is required for this call.**
+is equivalent to:
 
-### core/bwlimit: Set the bandwidth limit. {#core-bwlimit}
+    rclone copy /vol1 remote: --include "{A,B}/**"
 
-This sets the bandwidth limit to the string passed in. This should be
-a single bandwidth limit entry or a pair of upload:download bandwidth.
+E.g. `rclone ls remote:/wheat --include "??[^[:punct:]]*"` lists the
+files `remote:` directory `wheat` (and subdirectories) whose third
+character is not punctuation. This example uses
+an [ASCII character class](https://golang.org/pkg/regexp/syntax/).
 
-Eg
+### `--include-from` - Read include patterns from file
 
-    rclone rc core/bwlimit rate=off
-    {
-        "bytesPerSecond": -1,
-        "bytesPerSecondTx": -1,
-        "bytesPerSecondRx": -1,
-        "rate": "off"
-    }
-    rclone rc core/bwlimit rate=1M
-    {
-        "bytesPerSecond": 1048576,
-        "bytesPerSecondTx": 1048576,
-        "bytesPerSecondRx": 1048576,
-        "rate": "1M"
-    }
-    rclone rc core/bwlimit rate=1M:100k
-    {
-        "bytesPerSecond": 1048576,
-        "bytesPerSecondTx": 1048576,
-        "bytesPerSecondRx": 131072,
-        "rate": "1M"
-    }
+Adds path/file names to an rclone command based on rules in a
+named file. The file contains a list of remarks and pattern rules.
 
+For an example `include-file.txt`:
 
-If the rate parameter is not supplied then the bandwidth is queried
+    # a sample include rule file
+    *.jpg
+    file2.avi
 
-    rclone rc core/bwlimit
-    {
-        "bytesPerSecond": 1048576,
-        "bytesPerSecondTx": 1048576,
-        "bytesPerSecondRx": 1048576,
-        "rate": "1M"
-    }
+`rclone ls remote: --include-from include-file.txt` lists the files on
+`remote:` with name `file2.avi` or suffix `.jpg`. That is equivalent to
+`rclone ls remote: --include file2.avi --include "*.jpg"`.
 
-The format of the parameter is exactly the same as passed to --bwlimit
-except only one bandwidth may be specified.
+This flag can be repeated. See above for the order filter flags are
+processed in.
 
-In either case "rate" is returned as a human-readable string, and
-"bytesPerSecond" is returned as a number.
+The `--include-from` flag is useful where multiple include filter rules
+are applied to an rclone command.
 
-### core/command: Run a rclone terminal command over rc. {#core-command}
+`--include-from` implies `--exclude **` at the end of an rclone internal
+filter list. Therefore if you mix `--include` and `--include-from`
+flags with `--exclude`, `--exclude-from`, `--filter` or `--filter-from`,
+you must use include rules for all the files you want in the include
+statement. For more flexibility use the `--filter-from` flag.
 
-This takes the following parameters:
+`--exclude-from` has no effect when combined with `--files-from` or
+`--files-from-raw` flags.
 
-- command - a string with the command name.
-- arg - a list of arguments for the backend command.
-- opt - a map of string to string of options.
-- returnType - one of ("COMBINED_OUTPUT", "STREAM", "STREAM_ONLY_STDOUT", "STREAM_ONLY_STDERR").
-    - Defaults to "COMBINED_OUTPUT" if not set.
-    - The STREAM returnTypes will write the output to the body of the HTTP message.
-    - The COMBINED_OUTPUT will write the output to the "result" parameter.
+`--exclude-from` followed by `-` reads filter rules from standard input.
 
-Returns:
+### `--filter` - Add a file-filtering rule
 
-- result - result from the backend command.
-    - Only set when using returnType "COMBINED_OUTPUT".
-- error	 - set if rclone exits with an error code.
-- returnType - one of ("COMBINED_OUTPUT", "STREAM", "STREAM_ONLY_STDOUT", "STREAM_ONLY_STDERR").
+Specifies path/file names to an rclone command, based on a single
+include or exclude rule, in `+` or `-` format.
 
-Example:
+This flag can be repeated. See above for the order filter flags are
+processed in.
 
-    rclone rc core/command command=ls -a mydrive:/ -o max-depth=1
-    rclone rc core/command -a ls -a mydrive:/ -o max-depth=1
+`--filter +` differs from `--include`. In the case of `--include` rclone
+implies an `--exclude *` rule which it adds to the bottom of the internal rule
+list. `--filter...+` does not imply
+that rule.
 
-Returns:
+`--filter` has no effect when combined with `--files-from` or
+`--files-from-raw` flags.
 
-```
-{
-	"error": false,
-	"result": "<Raw command line output>"
-}
+`--filter` should not be used with `--include`, `--include-from`,
+`--exclude` or `--exclude-from` flags.
 
-OR
-{
-	"error": true,
-	"result": "<Raw command line output>"
-}
+E.g. `rclone ls remote: --filter "- *.bak"` excludes all `.bak` files
+from a list of `remote:`.
 
-```
+### `--filter-from` - Read filtering patterns from a file
 
-**Authentication is required for this call.**
+Adds path/file names to an rclone command based on rules in a
+named file. The file contains a list of remarks and pattern rules. Include
+rules start with `+ ` and exclude rules with `- `. `!` clears existing
+rules. Rules are processed in the order they are defined.
 
-### core/gc: Runs a garbage collection. {#core-gc}
+This flag can be repeated. See above for the order filter flags are
+processed in.
 
-This tells the go runtime to do a garbage collection run.  It isn't
-necessary to call this normally, but it can be useful for debugging
-memory problems.
+Arrange the order of filter rules with the most restrictive first and
+work down.
 
-### core/group-list: Returns list of stats. {#core-group-list}
+E.g. for `filter-file.txt`:
 
-This returns list of stats groups currently in memory. 
+    # a sample filter rule file
+    - secret*.jpg
+    + *.jpg
+    + *.png
+    + file2.avi
+    - /dir/Trash/**
+    + /dir/**
+    # exclude everything else
+    - *
 
-Returns the following values:
-```
-{
-	"groups":  an array of group names:
-		[
-			"group1",
-			"group2",
-			...
-		]
-}
-```
+`rclone ls remote: --filter-from filter-file.txt` lists the path/files on
+`remote:` including all `jpg` and `png` files, excluding any
+matching `secret*.jpg` and including `file2.avi`.  It also includes
+everything in the directory `dir` at the root of `remote`, except
+`remote:dir/Trash` which it excludes.  Everything else is excluded.
 
-### core/memstats: Returns the memory statistics {#core-memstats}
 
-This returns the memory statistics of the running program.  What the values mean
-are explained in the go docs: https://golang.org/pkg/runtime/#MemStats
+E.g. for an alternative `filter-file.txt`:
 
-The most interesting values for most people are:
+    - secret*.jpg
+    + *.jpg
+    + *.png
+    + file2.avi
+    - *
 
-- HeapAlloc - this is the amount of memory rclone is actually using
-- HeapSys - this is the amount of memory rclone has obtained from the OS
-- Sys - this is the total amount of memory requested from the OS
-   - It is virtual memory so may include unused memory
+Files `file1.jpg`, `file3.png` and `file2.avi` are listed whilst
+`secret17.jpg` and files without the suffix .jpg` or `.png` are excluded.
 
-### core/obscure: Obscures a string passed in. {#core-obscure}
+E.g. for an alternative `filter-file.txt`:
 
-Pass a clear string and rclone will obscure it for the config file:
-- clear - string
+    + *.jpg
+    + *.gif
+    !
+    + 42.doc
+    - *
 
-Returns:
-- obscured - string
+Only file 42.doc is listed. Prior rules are cleared by the `!`.
 
-### core/pid: Return PID of current process {#core-pid}
+### `--files-from` - Read list of source-file names
 
-This returns PID of current process.
-Useful for stopping rclone process.
+Adds path/files to an rclone command from a list in a named file.
+Rclone processes the path/file names in the order of the list, and
+no others.
 
-### core/quit: Terminates the app. {#core-quit}
+Other filter flags (`--include`, `--include-from`, `--exclude`,
+`--exclude-from`, `--filter` and `--filter-from`) are ignored when
+`--files-from` is used.
 
-(Optional) Pass an exit code to be used for terminating the app:
-- exitCode - int
+`--files-from` expects a list of files as its input. Leading or
+trailing whitespace is stripped from the input lines. Lines starting
+with `#` or `;` are ignored.
 
-### core/stats: Returns stats about current transfers. {#core-stats}
+Rclone commands with a `--files-from` flag traverse the remote,
+treating the names in `--files-from` as a set of filters.
 
-This returns all available stats:
+If the `--no-traverse` and `--files-from` flags are used together
+an rclone command does not traverse the remote. Instead it addresses
+each path/file named in the file individually. For each path/file name, that
+requires typically 1 API call. This can be efficient for a short `--files-from`
+list and a remote containing many files.
 
-	rclone rc core/stats
+Rclone commands do not error if any names in the `--files-from` file are
+missing from the source remote.
 
-If group is not provided then summed up stats for all groups will be
-returned.
+The `--files-from` flag can be repeated in a single rclone command to
+read path/file names from more than one file. The files are read from left
+to right along the command line.
 
-Parameters
+Paths within the `--files-from` file are interpreted as starting
+with the root specified in the rclone command.  Leading `/` separators are
+ignored. See [--files-from-raw](#files-from-raw-read-list-of-source-file-names-without-any-processing) if
+you need the input to be processed in a raw manner.
 
-- group - name of the stats group (string)
+E.g. for a file `files-from.txt`:
 
-Returns the following values:
+    # comment
+    file1.jpg
+    subdir/file2.jpg
 
-```
-{
-	"bytes": total transferred bytes since the start of the group,
-	"checks": number of files checked,
-	"deletes" : number of files deleted,
-	"elapsedTime": time in floating point seconds since rclone was started,
-	"errors": number of errors,
-	"eta": estimated time in seconds until the group completes,
-	"fatalError": boolean whether there has been at least one fatal error,
-	"lastError": last error string,
-	"renames" : number of files renamed,
-	"retryError": boolean showing whether there has been at least one non-NoRetryError,
-	"speed": average speed in bytes per second since start of the group,
-	"totalBytes": total number of bytes in the group,
-	"totalChecks": total number of checks in the group,
-	"totalTransfers": total number of transfers in the group,
-	"transferTime" : total time spent on running jobs,
-	"transfers": number of transferred files,
-	"transferring": an array of currently active file transfers:
-		[
-			{
-				"bytes": total transferred bytes for this file,
-				"eta": estimated time in seconds until file transfer completion
-				"name": name of the file,
-				"percentage": progress of the file transfer in percent,
-				"speed": average speed over the whole transfer in bytes per second,
-				"speedAvg": current speed in bytes per second as an exponentially weighted moving average,
-				"size": size of the file in bytes
-			}
-		],
-	"checking": an array of names of currently active file checks
-		[]
-}
-```
-Values for "transferring", "checking" and "lastError" are only assigned if data is available.
-The value for "eta" is null if an eta cannot be determined.
+`rclone copy --files-from files-from.txt /home/me/pics remote:pics`
+copies the following, if they exist, and only those files.
 
-### core/stats-delete: Delete stats group. {#core-stats-delete}
+    /home/me/pics/file1.jpg        → remote:pics/file1.jpg
+    /home/me/pics/subdir/file2.jpg → remote:pics/subdir/file2.jpg
 
-This deletes entire stats group.
+E.g. to copy the following files referenced by their absolute paths:
 
-Parameters
+    /home/user1/42
+    /home/user1/dir/ford
+    /home/user2/prefect
 
-- group - name of the stats group (string)
+First find a common subdirectory - in this case `/home`
+and put the remaining files in `files-from.txt` with or without
+leading `/`, e.g.
 
-### core/stats-reset: Reset stats. {#core-stats-reset}
+    user1/42
+    user1/dir/ford
+    user2/prefect
 
-This clears counters, errors and finished transfers for all stats or specific 
-stats group if group is provided.
+Then copy these to a remote:
 
-Parameters
+    rclone copy --files-from files-from.txt /home remote:backup
 
-- group - name of the stats group (string)
+The three files are transferred as follows:
 
-### core/transferred: Returns stats about completed transfers. {#core-transferred}
+    /home/user1/42       → remote:backup/user1/important
+    /home/user1/dir/ford → remote:backup/user1/dir/file
+    /home/user2/prefect  → remote:backup/user2/stuff
 
-This returns stats about completed transfers:
+Alternatively if `/` is chosen as root `files-from.txt` will be:
 
-	rclone rc core/transferred
+    /home/user1/42
+    /home/user1/dir/ford
+    /home/user2/prefect
 
-If group is not provided then completed transfers for all groups will be
-returned.
+The copy command will be:
 
-Note only the last 100 completed transfers are returned.
+    rclone copy --files-from files-from.txt / remote:backup
 
-Parameters
+Then there will be an extra `home` directory on the remote:
 
-- group - name of the stats group (string)
+    /home/user1/42       → remote:backup/home/user1/42
+    /home/user1/dir/ford → remote:backup/home/user1/dir/ford
+    /home/user2/prefect  → remote:backup/home/user2/prefect
 
-Returns the following values:
-```
-{
-	"transferred":  an array of completed transfers (including failed ones):
-		[
-			{
-				"name": name of the file,
-				"size": size of the file in bytes,
-				"bytes": total transferred bytes for this file,
-				"checked": if the transfer is only checked (skipped, deleted),
-				"timestamp": integer representing millisecond unix epoch,
-				"error": string description of the error (empty if successful),
-				"jobid": id of the job that this transfer belongs to
-			}
-		]
-}
-```
+### `--files-from-raw` - Read list of source-file names without any processing
 
-### core/version: Shows the current version of rclone and the go runtime. {#core-version}
+This flag is the same as `--files-from` except that input is read in a
+raw manner. Lines with leading / trailing whitespace, and lines starting
+with `;` or `#` are read without any processing. [rclone lsf](https://rclone.org/commands/rclone_lsf/) has
+a compatible format that can be used to export file lists from remotes for
+input to `--files-from-raw`.
 
-This shows the current version of go and the go runtime:
+### `--ignore-case` - make searches case insensitive
 
-- version - rclone version, e.g. "v1.53.0"
-- decomposed - version number as [major, minor, patch]
-- isGit - boolean - true if this was compiled from the git version
-- isBeta - boolean - true if this is a beta version
-- os - OS in use as according to Go
-- arch - cpu architecture in use according to Go
-- goVersion - version of Go runtime in use
-- linking - type of rclone executable (static or dynamic)
-- goTags - space separated build tags or "none"
+By default, rclone filter patterns are case sensitive. The `--ignore-case`
+flag makes all of the filters patterns on the command line case
+insensitive.
 
-### debug/set-block-profile-rate: Set runtime.SetBlockProfileRate for blocking profiling. {#debug-set-block-profile-rate}
+E.g. `--include "zaphod.txt"` does not match a file `Zaphod.txt`. With
+`--ignore-case` a match is made.
 
-SetBlockProfileRate controls the fraction of goroutine blocking events
-that are reported in the blocking profile. The profiler aims to sample
-an average of one blocking event per rate nanoseconds spent blocked.
+## Quoting shell metacharacters
 
-To include every blocking event in the profile, pass rate = 1. To turn
-off profiling entirely, pass rate <= 0.
+Rclone commands with filter patterns containing shell metacharacters may
+not as work as expected in your shell and may require quoting.
 
-After calling this you can use this to see the blocking profile:
+E.g. linux, OSX (`*` metacharacter)
 
-    go tool pprof http://localhost:5572/debug/pprof/block
+  * `--include \*.jpg`
+  * `--include '*.jpg'`
+  * `--include='*.jpg'`
 
-Parameters:
+Microsoft Windows expansion is done by the command, not shell, so
+`--include *.jpg` does not require quoting.
 
-- rate - int
+If the rclone error
+`Command .... needs .... arguments maximum: you provided .... non flag arguments:`
+is encountered, the cause is commonly spaces within the name of a
+remote or flag value. The fix then is to quote values containing spaces.
 
-### debug/set-gc-percent: Call runtime/debug.SetGCPercent for setting the garbage collection target percentage. {#debug-set-gc-percent}
+## Other filters
 
-SetGCPercent sets the garbage collection target percentage: a collection is triggered
-when the ratio of freshly allocated data to live data remaining after the previous collection
-reaches this percentage. SetGCPercent returns the previous setting. The initial setting is the
-value of the GOGC environment variable at startup, or 100 if the variable is not set.
+### `--min-size` - Don't transfer any file smaller than this
 
-This setting may be effectively reduced in order to maintain a memory limit.
-A negative percentage effectively disables garbage collection, unless the memory limit is reached.
+Controls the minimum size file within the scope of an rclone command.
+Default units are `KiB` but abbreviations `K`, `M`, `G`, `T` or `P` are valid.
 
-See https://pkg.go.dev/runtime/debug#SetMemoryLimit for more details.
+E.g. `rclone ls remote: --min-size 50k` lists files on `remote:` of 50 KiB
+size or larger.
 
-Parameters:
+See [the size option docs](https://rclone.org/docs/#size-option) for more info.
 
-- gc-percent - int
+### `--max-size` - Don't transfer any file larger than this
 
-### debug/set-mutex-profile-fraction: Set runtime.SetMutexProfileFraction for mutex profiling. {#debug-set-mutex-profile-fraction}
+Controls the maximum size file within the scope of an rclone command.
+Default units are `KiB` but abbreviations `K`, `M`, `G`, `T` or `P` are valid.
 
-SetMutexProfileFraction controls the fraction of mutex contention
-events that are reported in the mutex profile. On average 1/rate
-events are reported. The previous rate is returned.
+E.g. `rclone ls remote: --max-size 1G` lists files on `remote:` of 1 GiB
+size or smaller.
 
-To turn off profiling entirely, pass rate 0. To just read the current
-rate, pass rate < 0. (For n>1 the details of sampling may change.)
+See [the size option docs](https://rclone.org/docs/#size-option) for more info.
 
-Once this is set you can look use this to profile the mutex contention:
+### `--max-age` - Don't transfer any file older than this
 
-    go tool pprof http://localhost:5572/debug/pprof/mutex
+Controls the maximum age of files within the scope of an rclone command.
 
-Parameters:
+`--max-age` applies only to files and not to directories.
 
-- rate - int
+E.g. `rclone ls remote: --max-age 2d` lists files on `remote:` of 2 days
+old or less.
 
-Results:
+See [the time option docs](https://rclone.org/docs/#time-option) for valid formats.
 
-- previousRate - int
+### `--min-age` - Don't transfer any file younger than this
 
-### debug/set-soft-memory-limit: Call runtime/debug.SetMemoryLimit for setting a soft memory limit for the runtime. {#debug-set-soft-memory-limit}
+Controls the minimum age of files within the scope of an rclone command.
+(see `--max-age` for valid formats)
 
-SetMemoryLimit provides the runtime with a soft memory limit.
+`--min-age` applies only to files and not to directories.
 
-The runtime undertakes several processes to try to respect this memory limit, including
-adjustments to the frequency of garbage collections and returning memory to the underlying
-system more aggressively. This limit will be respected even if GOGC=off (or, if SetGCPercent(-1) is executed).
+E.g. `rclone ls remote: --min-age 2d` lists files on `remote:` of 2 days
+old or more.
 
-The input limit is provided as bytes, and includes all memory mapped, managed, and not
-released by the Go runtime. Notably, it does not account for space used by the Go binary
-and memory external to Go, such as memory managed by the underlying system on behalf of
-the process, or memory managed by non-Go code inside the same process.
-Examples of excluded memory sources include: OS kernel memory held on behalf of the process,
-memory allocated by C code, and memory mapped by syscall.Mmap (because it is not managed by the Go runtime).
+See [the time option docs](https://rclone.org/docs/#time-option) for valid formats.
 
-A zero limit or a limit that's lower than the amount of memory used by the Go runtime may cause
-the garbage collector to run nearly continuously. However, the application may still make progress.
+## Other flags
 
-The memory limit is always respected by the Go runtime, so to effectively disable this behavior,
-set the limit very high. math.MaxInt64 is the canonical value for disabling the limit, but values
-much greater than the available memory on the underlying system work just as well.
+### `--delete-excluded` - Delete files on dest excluded from sync
 
-See https://go.dev/doc/gc-guide for a detailed guide explaining the soft memory limit in more detail,
-as well as a variety of common use-cases and scenarios.
+**Important** this flag is dangerous to your data - use with `--dry-run`
+and `-v` first.
 
-SetMemoryLimit returns the previously set memory limit. A negative input does not adjust the limit,
-and allows for retrieval of the currently set memory limit.
+In conjunction with `rclone sync`, `--delete-excluded` deletes any files
+on the destination which are excluded from the command.
 
-Parameters:
+E.g. the scope of `rclone sync --interactive A: B:` can be restricted:
 
-- mem-limit - int
+    rclone --min-size 50k --delete-excluded sync A: B:
 
-### fscache/clear: Clear the Fs cache. {#fscache-clear}
+All files on `B:` which are less than 50 KiB are deleted
+because they are excluded from the rclone sync command.
 
-This clears the fs cache. This is where remotes created from backends
-are cached for a short while to make repeated rc calls more efficient.
+### `--dump filters` - dump the filters to the output
 
-If you change the parameters of a backend then you may want to call
-this to clear an existing remote out of the cache before re-creating
-it.
+Dumps the defined filters to standard output in regular expression
+format.
 
-**Authentication is required for this call.**
+Useful for debugging.
 
-### fscache/entries: Returns the number of entries in the fs cache. {#fscache-entries}
+## Exclude directory based on a file
 
-This returns the number of entries in the fs cache.
+The `--exclude-if-present` flag controls whether a directory is
+within the scope of an rclone command based on the presence of a
+named file within it. The flag can be repeated to check for
+multiple file names, presence of any of them will exclude the
+directory.
 
-Returns
-- entries - number of items in the cache
+This flag has a priority over other filter flags.
 
-**Authentication is required for this call.**
+E.g. for the following directory structure:
 
-### job/list: Lists the IDs of the running jobs {#job-list}
+    dir1/file1
+    dir1/dir2/file2
+    dir1/dir2/dir3/file3
+    dir1/dir2/dir3/.ignore
 
-Parameters: None.
+The command `rclone ls --exclude-if-present .ignore dir1` does
+not list `dir3`, `file3` or `.ignore`.
 
-Results:
+## Metadata filters {#metadata}
 
-- jobids - array of integer job ids.
+The metadata filters work in a very similar way to the normal file
+name filters, except they match [metadata](https://rclone.org/docs/#metadata) on the
+object.
 
-### job/status: Reads the status of the job ID {#job-status}
+The metadata should be specified as `key=value` patterns. This may be
+wildcarded using the normal [filter patterns](#patterns) or [regular
+expressions](#regexp).
 
-Parameters:
+For example if you wished to list only local files with a mode of
+`100664` you could do that with:
 
-- jobid - id of the job (integer).
+    rclone lsf -M --files-only --metadata-include "mode=100664" .
 
-Results:
+Or if you wished to show files with an `atime`, `mtime` or `btime` at a given date:
 
-- finished - boolean
-- duration - time in seconds that the job ran for
-- endTime - time the job finished (e.g. "2018-10-26T18:50:20.528746884+01:00")
-- error - error from the job or empty string for no error
-- finished - boolean whether the job has finished or not
-- id - as passed in above
-- startTime - time the job started (e.g. "2018-10-26T18:50:20.528336039+01:00")
-- success - boolean - true for success false otherwise
-- output - output of the job as would have been returned if called synchronously
-- progress - output of the progress related to the underlying job
+    rclone lsf -M --files-only --metadata-include "[abm]time=2022-12-16*" .
 
-### job/stop: Stop the running job {#job-stop}
+Like file filtering, metadata filtering only applies to files not to
+directories.
 
-Parameters:
+The filters can be applied using these flags.
 
-- jobid - id of the job (integer).
+- `--metadata-include`      - Include metadatas matching pattern
+- `--metadata-include-from` - Read metadata include patterns from file (use - to read from stdin)
+- `--metadata-exclude`      - Exclude metadatas matching pattern
+- `--metadata-exclude-from` - Read metadata exclude patterns from file (use - to read from stdin)
+- `--metadata-filter`       - Add a metadata filtering rule
+- `--metadata-filter-from`  - Read metadata filtering patterns from a file (use - to read from stdin)
 
-### job/stopgroup: Stop all running jobs in a group {#job-stopgroup}
+Each flag can be repeated. See the section on [how filter rules are
+applied](#how-filter-rules-work) for more details - these flags work
+in an identical way to the file name filtering flags, but instead of
+file name patterns have metadata patterns.
 
-Parameters:
 
-- group - name of the group (string).
+## Common pitfalls
 
-### mount/listmounts: Show current mount points {#mount-listmounts}
+The most frequent filter support issues on
+the [rclone forum](https://forum.rclone.org/) are:
 
-This shows currently mounted points, which can be used for performing an unmount.
+* Not using paths relative to the root of the remote
+* Not using `/` to match from the root of a remote
+* Not using `**` to match the contents of a directory
 
-This takes no parameters and returns
+# GUI (Experimental)
 
-- mountPoints: list of current mount points
+Rclone can serve a web based GUI (graphical user interface).  This is
+somewhat experimental at the moment so things may be subject to
+change.
 
-Eg
+Run this command in a terminal and rclone will download and then
+display the GUI in a web browser.
 
-    rclone rc mount/listmounts
+```
+rclone rcd --rc-web-gui
+```
 
-**Authentication is required for this call.**
+This will produce logs like this and rclone needs to continue to run to serve the GUI:
 
-### mount/mount: Create a new mount point {#mount-mount}
+```
+2019/08/25 11:40:14 NOTICE: A new release for gui is present at https://github.com/rclone/rclone-webui-react/releases/download/v0.0.6/currentbuild.zip
+2019/08/25 11:40:14 NOTICE: Downloading webgui binary. Please wait. [Size: 3813937, Path :  /home/USER/.cache/rclone/webgui/v0.0.6.zip]
+2019/08/25 11:40:16 NOTICE: Unzipping
+2019/08/25 11:40:16 NOTICE: Serving remote control on http://127.0.0.1:5572/
+```
 
-rclone allows Linux, FreeBSD, macOS and Windows to mount any of
-Rclone's cloud storage systems as a file system with FUSE.
+This assumes you are running rclone locally on your machine.  It is
+possible to separate the rclone and the GUI - see below for details.
 
-If no mountType is provided, the priority is given as follows: 1. mount 2.cmount 3.mount2
+If you wish to check for updates then you can add `--rc-web-gui-update`
+to the command line.
 
-This takes the following parameters:
+If you find your GUI broken, you may force it to update by add `--rc-web-gui-force-update`.
 
-- fs - a remote path to be mounted (required)
-- mountPoint: valid path on the local machine (required)
-- mountType: one of the values (mount, cmount, mount2) specifies the mount implementation to use
-- mountOpt: a JSON object with Mount options in.
-- vfsOpt: a JSON object with VFS options in.
+By default, rclone will open your browser. Add `--rc-web-gui-no-open-browser`
+to disable this feature.
 
-Example:
+## Using the GUI
 
-    rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint
-    rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint mountType=mount
-    rclone rc mount/mount fs=TestDrive: mountPoint=/mnt/tmp vfsOpt='{"CacheMode": 2}' mountOpt='{"AllowOther": true}'
+Once the GUI opens, you will be looking at the dashboard which has an overall overview.
 
-The vfsOpt are as described in options/get and can be seen in the the
-"vfs" section when running and the mountOpt can be seen in the "mount" section:
+On the left hand side you will see a series of view buttons you can click on:
 
-    rclone rc options/get
+- Dashboard - main overview
+- Configs - examine and create new configurations
+- Explorer - view, download and upload files to the cloud storage systems
+- Backend - view or alter the backend config
+- Log out
 
-**Authentication is required for this call.**
+(More docs and walkthrough video to come!)
 
-### mount/types: Show all possible mount types {#mount-types}
+## How it works
 
-This shows all possible mount types and returns them as a list.
+When you run the `rclone rcd --rc-web-gui` this is what happens
 
-This takes no parameters and returns
+- Rclone starts but only runs the remote control API ("rc").
+- The API is bound to localhost with an auto-generated username and password.
+- If the API bundle is missing then rclone will download it.
+- rclone will start serving the files from the API bundle over the same port as the API
+- rclone will open the browser with a `login_token` so it can log straight in.
 
-- mountTypes: list of mount types
+## Advanced use
 
-The mount types are strings like "mount", "mount2", "cmount" and can
-be passed to mount/mount as the mountType parameter.
+The `rclone rcd` may use any of the [flags documented on the rc page](https://rclone.org/rc/#supported-parameters).
 
-Eg
+The flag `--rc-web-gui` is shorthand for
 
-    rclone rc mount/types
+- Download the web GUI if necessary
+- Check we are using some authentication
+- `--rc-user gui`
+- `--rc-pass <random password>`
+- `--rc-serve`
 
-**Authentication is required for this call.**
+These flags can be overridden as desired.
 
-### mount/unmount: Unmount selected active mount {#mount-unmount}
+See also the [rclone rcd documentation](https://rclone.org/commands/rclone_rcd/).
 
-rclone allows Linux, FreeBSD, macOS and Windows to
-mount any of Rclone's cloud storage systems as a file system with
-FUSE.
+### Example: Running a public GUI
 
-This takes the following parameters:
+For example the GUI could be served on a public port over SSL using an htpasswd file using the following flags:
 
-- mountPoint: valid path on the local machine where the mount was created (required)
+- `--rc-web-gui`
+- `--rc-addr :443`
+- `--rc-htpasswd /path/to/htpasswd`
+- `--rc-cert /path/to/ssl.crt`
+- `--rc-key /path/to/ssl.key`
 
-Example:
+### Example: Running a GUI behind a proxy
 
-    rclone rc mount/unmount mountPoint=/home/<user>/mountPoint
+If you want to run the GUI behind a proxy at `/rclone` you could use these flags:
 
-**Authentication is required for this call.**
+- `--rc-web-gui`
+- `--rc-baseurl rclone`
+- `--rc-htpasswd /path/to/htpasswd`
 
-### mount/unmountall: Unmount all active mounts {#mount-unmountall}
+Or instead of htpasswd if you just want a single user and password:
 
-rclone allows Linux, FreeBSD, macOS and Windows to
-mount any of Rclone's cloud storage systems as a file system with
-FUSE.
+- `--rc-user me`
+- `--rc-pass mypassword`
 
-This takes no parameters and returns error if unmount does not succeed.
+## Project
 
-Eg
+The GUI is being developed in the: [rclone/rclone-webui-react repository](https://github.com/rclone/rclone-webui-react).
 
-    rclone rc mount/unmountall
+Bug reports and contributions are very welcome :-)
 
-**Authentication is required for this call.**
+If you have questions then please ask them on the [rclone forum](https://forum.rclone.org/).
 
-### operations/about: Return the space used on the remote {#operations-about}
+# Remote controlling rclone with its API
 
-This takes the following parameters:
+If rclone is run with the `--rc` flag then it starts an HTTP server
+which can be used to remote control rclone using its API.
 
-- fs - a remote name string e.g. "drive:"
+You can either use the [rc](#api-rc) command to access the API
+or [use HTTP directly](#api-http).
 
-The result is as returned from rclone about --json
+If you just want to run a remote control then see the [rcd](https://rclone.org/commands/rclone_rcd/) command.
 
-See the [about](https://rclone.org/commands/rclone_about/) command for more information on the above.
+## Supported parameters
 
-**Authentication is required for this call.**
+### --rc
 
-### operations/cleanup: Remove trashed files in the remote or path {#operations-cleanup}
+Flag to start the http server listen on remote requests
+      
+### --rc-addr=IP
 
-This takes the following parameters:
+IPaddress:Port or :Port to bind server to. (default "localhost:5572")
 
-- fs - a remote name string e.g. "drive:"
+### --rc-cert=KEY
+SSL PEM key (concatenation of certificate and CA certificate)
 
-See the [cleanup](https://rclone.org/commands/rclone_cleanup/) command for more information on the above.
+### --rc-client-ca=PATH
+Client certificate authority to verify clients with
 
-**Authentication is required for this call.**
+### --rc-htpasswd=PATH
 
-### operations/copyfile: Copy a file from source remote to destination remote {#operations-copyfile}
+htpasswd file - if not provided no authentication is done
 
-This takes the following parameters:
+### --rc-key=PATH
 
-- srcFs - a remote name string e.g. "drive:" for the source
-- srcRemote - a path within that remote e.g. "file.txt" for the source
-- dstFs - a remote name string e.g. "drive2:" for the destination
-- dstRemote - a path within that remote e.g. "file2.txt" for the destination
+SSL PEM Private key
 
-**Authentication is required for this call.**
+### --rc-max-header-bytes=VALUE
 
-### operations/copyurl: Copy the URL to the object {#operations-copyurl}
+Maximum size of request header (default 4096)
 
-This takes the following parameters:
+### --rc-min-tls-version=VALUE
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
-- url - string, URL to read from
- - autoFilename - boolean, set to true to retrieve destination file name from url
+The minimum TLS version that is acceptable. Valid values are "tls1.0",
+"tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").
 
-See the [copyurl](https://rclone.org/commands/rclone_copyurl/) command for more information on the above.
+### --rc-user=VALUE
 
-**Authentication is required for this call.**
+User name for authentication.
 
-### operations/delete: Remove files in the path {#operations-delete}
+### --rc-pass=VALUE
 
-This takes the following parameters:
+Password for authentication.
 
-- fs - a remote name string e.g. "drive:"
+### --rc-realm=VALUE
 
-See the [delete](https://rclone.org/commands/rclone_delete/) command for more information on the above.
+Realm for authentication (default "rclone")
 
-**Authentication is required for this call.**
+### --rc-server-read-timeout=DURATION
 
-### operations/deletefile: Remove the single file pointed to {#operations-deletefile}
+Timeout for server reading data (default 1h0m0s)
 
-This takes the following parameters:
+### --rc-server-write-timeout=DURATION
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
+Timeout for server writing data (default 1h0m0s)
 
-See the [deletefile](https://rclone.org/commands/rclone_deletefile/) command for more information on the above.
+### --rc-serve
 
-**Authentication is required for this call.**
+Enable the serving of remote objects via the HTTP interface.  This
+means objects will be accessible at http://127.0.0.1:5572/ by default,
+so you can browse to http://127.0.0.1:5572/ or http://127.0.0.1:5572/*
+to see a listing of the remotes.  Objects may be requested from
+remotes using this syntax http://127.0.0.1:5572/[remote:path]/path/to/object
 
-### operations/fsinfo: Return information about the remote {#operations-fsinfo}
+Default Off.
 
-This takes the following parameters:
+### --rc-files /path/to/directory
 
-- fs - a remote name string e.g. "drive:"
+Path to local files to serve on the HTTP server.
 
-This returns info about the remote passed in;
+If this is set then rclone will serve the files in that directory.  It
+will also open the root in the web browser if specified.  This is for
+implementing browser based GUIs for rclone functions.
 
-```
-{
-        // optional features and whether they are available or not
-        "Features": {
-                "About": true,
-                "BucketBased": false,
-                "BucketBasedRootOK": false,
-                "CanHaveEmptyDirectories": true,
-                "CaseInsensitive": false,
-                "ChangeNotify": false,
-                "CleanUp": false,
-                "Command": true,
-                "Copy": false,
-                "DirCacheFlush": false,
-                "DirMove": true,
-                "Disconnect": false,
-                "DuplicateFiles": false,
-                "GetTier": false,
-                "IsLocal": true,
-                "ListR": false,
-                "MergeDirs": false,
-                "MetadataInfo": true,
-                "Move": true,
-                "OpenWriterAt": true,
-                "PublicLink": false,
-                "Purge": true,
-                "PutStream": true,
-                "PutUnchecked": false,
-                "ReadMetadata": true,
-                "ReadMimeType": false,
-                "ServerSideAcrossConfigs": false,
-                "SetTier": false,
-                "SetWrapper": false,
-                "Shutdown": false,
-                "SlowHash": true,
-                "SlowModTime": false,
-                "UnWrap": false,
-                "UserInfo": false,
-                "UserMetadata": true,
-                "WrapFs": false,
-                "WriteMetadata": true,
-                "WriteMimeType": false
-        },
-        // Names of hashes available
-        "Hashes": [
-                "md5",
-                "sha1",
-                "whirlpool",
-                "crc32",
-                "sha256",
-                "dropbox",
-                "mailru",
-                "quickxor"
-        ],
-        "Name": "local",        // Name as created
-        "Precision": 1,         // Precision of timestamps in ns
-        "Root": "/",            // Path as created
-        "String": "Local file system at /", // how the remote will appear in logs
-        // Information about the system metadata for this backend
-        "MetadataInfo": {
-                "System": {
-                        "atime": {
-                                "Help": "Time of last access",
-                                "Type": "RFC 3339",
-                                "Example": "2006-01-02T15:04:05.999999999Z07:00"
-                        },
-                        "btime": {
-                                "Help": "Time of file birth (creation)",
-                                "Type": "RFC 3339",
-                                "Example": "2006-01-02T15:04:05.999999999Z07:00"
-                        },
-                        "gid": {
-                                "Help": "Group ID of owner",
-                                "Type": "decimal number",
-                                "Example": "500"
-                        },
-                        "mode": {
-                                "Help": "File type and mode",
-                                "Type": "octal, unix style",
-                                "Example": "0100664"
-                        },
-                        "mtime": {
-                                "Help": "Time of last modification",
-                                "Type": "RFC 3339",
-                                "Example": "2006-01-02T15:04:05.999999999Z07:00"
-                        },
-                        "rdev": {
-                                "Help": "Device ID (if special file)",
-                                "Type": "hexadecimal",
-                                "Example": "1abc"
-                        },
-                        "uid": {
-                                "Help": "User ID of owner",
-                                "Type": "decimal number",
-                                "Example": "500"
-                        }
-                },
-                "Help": "Textual help string\n"
-        }
-}
-```
+If `--rc-user` or `--rc-pass` is set then the URL that is opened will
+have the authorization in the URL in the `http://user:pass@localhost/`
+style.
 
-This command does not have a command line equivalent so use this instead:
+Default Off.
 
-    rclone rc --loopback operations/fsinfo fs=remote:
+### --rc-enable-metrics
 
-### operations/list: List the given remote and path in JSON format {#operations-list}
+Enable OpenMetrics/Prometheus compatible endpoint at `/metrics`.
 
-This takes the following parameters:
+Default Off.
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
-- opt - a dictionary of options to control the listing (optional)
-    - recurse - If set recurse directories
-    - noModTime - If set return modification time
-    - showEncrypted -  If set show decrypted names
-    - showOrigIDs - If set show the IDs for each item if known
-    - showHash - If set return a dictionary of hashes
-    - noMimeType - If set don't show mime types
-    - dirsOnly - If set only show directories
-    - filesOnly - If set only show files
-    - metadata - If set return metadata of objects also
-    - hashTypes - array of strings of hash types to show if showHash set
+### --rc-web-gui
 
-Returns:
+Set this flag to serve the default web gui on the same port as rclone.
 
-- list
-    - This is an array of objects as described in the lsjson command
+Default Off.
 
-See the [lsjson](https://rclone.org/commands/rclone_lsjson/) command for more information on the above and examples.
+### --rc-allow-origin
 
-**Authentication is required for this call.**
+Set the allowed Access-Control-Allow-Origin for rc requests.
 
-### operations/mkdir: Make a destination directory or container {#operations-mkdir}
+Can be used with --rc-web-gui if the rclone is running on different IP than the web-gui.
 
-This takes the following parameters:
+Default is IP address on which rc is running.
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
+### --rc-web-fetch-url
 
-See the [mkdir](https://rclone.org/commands/rclone_mkdir/) command for more information on the above.
+Set the URL to fetch the rclone-web-gui files from.
 
-**Authentication is required for this call.**
+Default https://api.github.com/repos/rclone/rclone-webui-react/releases/latest.
 
-### operations/movefile: Move a file from source remote to destination remote {#operations-movefile}
+### --rc-web-gui-update
 
-This takes the following parameters:
+Set this flag to check and update rclone-webui-react from the rc-web-fetch-url.
 
-- srcFs - a remote name string e.g. "drive:" for the source
-- srcRemote - a path within that remote e.g. "file.txt" for the source
-- dstFs - a remote name string e.g. "drive2:" for the destination
-- dstRemote - a path within that remote e.g. "file2.txt" for the destination
+Default Off.
 
-**Authentication is required for this call.**
+### --rc-web-gui-force-update
 
-### operations/publiclink: Create or retrieve a public link to the given file or folder. {#operations-publiclink}
+Set this flag to force update rclone-webui-react from the rc-web-fetch-url.
 
-This takes the following parameters:
+Default Off.
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
-- unlink - boolean - if set removes the link rather than adding it (optional)
-- expire - string - the expiry time of the link e.g. "1d" (optional)
+### --rc-web-gui-no-open-browser
 
-Returns:
+Set this flag to disable opening browser automatically when using web-gui.
 
-- url - URL of the resource
+Default Off.
 
-See the [link](https://rclone.org/commands/rclone_link/) command for more information on the above.
+### --rc-job-expire-duration=DURATION
 
-**Authentication is required for this call.**
+Expire finished async jobs older than DURATION (default 60s).
 
-### operations/purge: Remove a directory or container and all of its contents {#operations-purge}
+### --rc-job-expire-interval=DURATION
 
-This takes the following parameters:
+Interval duration to check for expired async jobs (default 10s).
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
+### --rc-no-auth
 
-See the [purge](https://rclone.org/commands/rclone_purge/) command for more information on the above.
+By default rclone will require authorisation to have been set up on
+the rc interface in order to use any methods which access any rclone
+remotes.  Eg `operations/list` is denied as it involved creating a
+remote as is `sync/copy`.
 
-**Authentication is required for this call.**
+If this is set then no authorisation will be required on the server to
+use these methods.  The alternative is to use `--rc-user` and
+`--rc-pass` and use these credentials in the request.
 
-### operations/rmdir: Remove an empty directory or container {#operations-rmdir}
+Default Off.
 
-This takes the following parameters:
+### --rc-baseurl
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
+Prefix for URLs.
 
-See the [rmdir](https://rclone.org/commands/rclone_rmdir/) command for more information on the above.
+Default is root
 
-**Authentication is required for this call.**
+### --rc-template
 
-### operations/rmdirs: Remove all the empty directories in the path {#operations-rmdirs}
+User-specified template.
 
-This takes the following parameters:
+## Accessing the remote control via the rclone rc command {#api-rc}
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
-- leaveRoot - boolean, set to true not to delete the root
+Rclone itself implements the remote control protocol in its `rclone
+rc` command.
 
-See the [rmdirs](https://rclone.org/commands/rclone_rmdirs/) command for more information on the above.
+You can use it like this
 
-**Authentication is required for this call.**
+```
+$ rclone rc rc/noop param1=one param2=two
+{
+	"param1": "one",
+	"param2": "two"
+}
+```
 
-### operations/size: Count the number of bytes and files in remote {#operations-size}
+Run `rclone rc` on its own to see the help for the installed remote
+control commands.
 
-This takes the following parameters:
+## JSON input
 
-- fs - a remote name string e.g. "drive:path/to/dir"
+`rclone rc` also supports a `--json` flag which can be used to send
+more complicated input parameters.
 
-Returns:
+```
+$ rclone rc --json '{ "p1": [1,"2",null,4], "p2": { "a":1, "b":2 } }' rc/noop
+{
+	"p1": [
+		1,
+		"2",
+		null,
+		4
+	],
+	"p2": {
+		"a": 1,
+		"b": 2
+	}
+}
+```
 
-- count - number of files
-- bytes - number of bytes in those files
+If the parameter being passed is an object then it can be passed as a
+JSON string rather than using the `--json` flag which simplifies the
+command line.
 
-See the [size](https://rclone.org/commands/rclone_size/) command for more information on the above.
+```
+rclone rc operations/list fs=/tmp remote=test opt='{"showHash": true}'
+```
 
-**Authentication is required for this call.**
+Rather than
 
-### operations/stat: Give information about the supplied file or directory {#operations-stat}
+```
+rclone rc operations/list --json '{"fs": "/tmp", "remote": "test", "opt": {"showHash": true}}'
+```
 
-This takes the following parameters
+## Special parameters
 
-- fs - a remote name string eg "drive:"
-- remote - a path within that remote eg "dir"
-- opt - a dictionary of options to control the listing (optional)
-    - see operations/list for the options
+The rc interface supports some special parameters which apply to
+**all** commands.  These start with `_` to show they are different.
 
-The result is
+### Running asynchronous jobs with _async = true
 
-- item - an object as described in the lsjson command. Will be null if not found.
+Each rc call is classified as a job and it is assigned its own id. By default
+jobs are executed immediately as they are created or synchronously.
 
-Note that if you are only interested in files then it is much more
-efficient to set the filesOnly flag in the options.
+If `_async` has a true value when supplied to an rc call then it will
+return immediately with a job id and the task will be run in the
+background.  The `job/status` call can be used to get information of
+the background job.  The job can be queried for up to 1 minute after
+it has finished.
 
-See the [lsjson](https://rclone.org/commands/rclone_lsjson/) command for more information on the above and examples.
+It is recommended that potentially long running jobs, e.g. `sync/sync`,
+`sync/copy`, `sync/move`, `operations/purge` are run with the `_async`
+flag to avoid any potential problems with the HTTP request and
+response timing out.
 
-**Authentication is required for this call.**
+Starting a job with the `_async` flag:
 
-### operations/uploadfile: Upload file using multiform/form-data {#operations-uploadfile}
+```
+$ rclone rc --json '{ "p1": [1,"2",null,4], "p2": { "a":1, "b":2 }, "_async": true }' rc/noop
+{
+	"jobid": 2
+}
+```
 
-This takes the following parameters:
+Query the status to see if the job has finished.  For more information
+on the meaning of these return parameters see the `job/status` call.
 
-- fs - a remote name string e.g. "drive:"
-- remote - a path within that remote e.g. "dir"
-- each part in body represents a file to be uploaded
+```
+$ rclone rc --json '{ "jobid":2 }' job/status
+{
+	"duration": 0.000124163,
+	"endTime": "2018-10-27T11:38:07.911245881+01:00",
+	"error": "",
+	"finished": true,
+	"id": 2,
+	"output": {
+		"_async": true,
+		"p1": [
+			1,
+			"2",
+			null,
+			4
+		],
+		"p2": {
+			"a": 1,
+			"b": 2
+		}
+	},
+	"startTime": "2018-10-27T11:38:07.911121728+01:00",
+	"success": true
+}
+```
 
-See the [uploadfile](https://rclone.org/commands/rclone_uploadfile/) command for more information on the above.
+`job/list` can be used to show the running or recently completed jobs
 
-**Authentication is required for this call.**
+```
+$ rclone rc job/list
+{
+	"jobids": [
+		2
+	]
+}
+```
 
-### options/blocks: List all the option blocks {#options-blocks}
+### Setting config flags with _config
 
-Returns:
-- options - a list of the options block names
+If you wish to set config (the equivalent of the global flags) for the
+duration of an rc call only then pass in the `_config` parameter.
 
-### options/get: Get all the global options {#options-get}
+This should be in the same format as the `config` key returned by
+[options/get](#options-get).
 
-Returns an object where keys are option block names and values are an
-object with the current option values in.
+For example, if you wished to run a sync with the `--checksum`
+parameter, you would pass this parameter in your JSON blob.
 
-Note that these are the global options which are unaffected by use of
-the _config and _filter parameters. If you wish to read the parameters
-set in _config then use options/config and for _filter use options/filter.
+    "_config":{"CheckSum": true}
 
-This shows the internal names of the option within rclone which should
-map to the external options very easily with a few exceptions.
+If using `rclone rc` this could be passed as
 
-### options/local: Get the currently active config for this call {#options-local}
+    rclone rc sync/sync ... _config='{"CheckSum": true}'
 
-Returns an object with the keys "config" and "filter".
-The "config" key contains the local config and the "filter" key contains
-the local filters.
+Any config parameters you don't set will inherit the global defaults
+which were set with command line flags or environment variables.
 
-Note that these are the local options specific to this rc call. If
-_config was not supplied then they will be the global options.
-Likewise with "_filter".
+Note that it is possible to set some values as strings or integers -
+see [data types](#data-types) for more info. Here is an example
+setting the equivalent of `--buffer-size` in string or integer format.
 
-This call is mostly useful for seeing if _config and _filter passing
-is working.
+    "_config":{"BufferSize": "42M"}
+    "_config":{"BufferSize": 44040192}
 
-This shows the internal names of the option within rclone which should
-map to the external options very easily with a few exceptions.
+If you wish to check the `_config` assignment has worked properly then
+calling `options/local` will show what the value got set to.
 
-### options/set: Set an option {#options-set}
+### Setting filter flags with _filter
 
-Parameters:
+If you wish to set filters for the duration of an rc call only then
+pass in the `_filter` parameter.
 
-- option block name containing an object with
-  - key: value
+This should be in the same format as the `filter` key returned by
+[options/get](#options-get).
 
-Repeated as often as required.
+For example, if you wished to run a sync with these flags
 
-Only supply the options you wish to change.  If an option is unknown
-it will be silently ignored.  Not all options will have an effect when
-changed like this.
+    --max-size 1M --max-age 42s --include "a" --include "b"
 
-For example:
+you would pass this parameter in your JSON blob.
 
-This sets DEBUG level logs (-vv) (these can be set by number or string)
+    "_filter":{"MaxSize":"1M", "IncludeRule":["a","b"], "MaxAge":"42s"}
 
-    rclone rc options/set --json '{"main": {"LogLevel": "DEBUG"}}'
-    rclone rc options/set --json '{"main": {"LogLevel": 8}}'
+If using `rclone rc` this could be passed as
 
-And this sets INFO level logs (-v)
+    rclone rc ... _filter='{"MaxSize":"1M", "IncludeRule":["a","b"], "MaxAge":"42s"}'
 
-    rclone rc options/set --json '{"main": {"LogLevel": "INFO"}}'
+Any filter parameters you don't set will inherit the global defaults
+which were set with command line flags or environment variables.
 
-And this sets NOTICE level logs (normal without -v)
+Note that it is possible to set some values as strings or integers -
+see [data types](#data-types) for more info. Here is an example
+setting the equivalent of `--buffer-size` in string or integer format.
 
-    rclone rc options/set --json '{"main": {"LogLevel": "NOTICE"}}'
+    "_filter":{"MinSize": "42M"}
+    "_filter":{"MinSize": 44040192}
 
-### pluginsctl/addPlugin: Add a plugin using url {#pluginsctl-addPlugin}
+If you wish to check the `_filter` assignment has worked properly then
+calling `options/local` will show what the value got set to.
 
-Used for adding a plugin to the webgui.
+### Assigning operations to groups with _group = value
 
-This takes the following parameters:
+Each rc call has its own stats group for tracking its metrics. By default
+grouping is done by the composite group name from prefix `job/` and  id of the
+job like so `job/1`.
 
-- url - http url of the github repo where the plugin is hosted (http://github.com/rclone/rclone-webui-react).
+If `_group` has a value then stats for that request will be grouped under that
+value. This allows caller to group stats under their own name.
 
-Example:
+Stats for specific group can be accessed by passing `group` to `core/stats`:
 
-   rclone rc pluginsctl/addPlugin
+```
+$ rclone rc --json '{ "group": "job/1" }' core/stats
+{
+	"speed": 12345
+	...
+}
+```
 
-**Authentication is required for this call.**
+## Data types {#data-types}
 
-### pluginsctl/getPluginsForType: Get plugins with type criteria {#pluginsctl-getPluginsForType}
+When the API returns types, these will mostly be straight forward
+integer, string or boolean types.
 
-This shows all possible plugins by a mime type.
+However some of the types returned by the [options/get](#options-get)
+call and taken by the [options/set](#options-set) calls as well as the
+`vfsOpt`, `mountOpt` and the `_config` parameters.
 
-This takes the following parameters:
+- `Duration` - these are returned as an integer duration in
+  nanoseconds. They may be set as an integer, or they may be set with
+  time string, eg "5s". See the [options section](https://rclone.org/docs/#options) for
+  more info.
+- `Size` - these are returned as an integer number of bytes. They may
+  be set as an integer or they may be set with a size suffix string,
+  eg "10M". See the [options section](https://rclone.org/docs/#options) for more info.
+- Enumerated type (such as `CutoffMode`, `DumpFlags`, `LogLevel`,
+  `VfsCacheMode` - these will be returned as an integer and may be set
+  as an integer but more conveniently they can be set as a string, eg
+  "HARD" for `CutoffMode` or `DEBUG` for `LogLevel`.
+- `BandwidthSpec` - this will be set and returned as a string, eg
+  "1M".
 
-- type - supported mime type by a loaded plugin e.g. (video/mp4, audio/mp3).
-- pluginType - filter plugins based on their type e.g. (DASHBOARD, FILE_HANDLER, TERMINAL).
+## Specifying remotes to work on
 
-Returns:
+Remotes are specified with the `fs=`, `srcFs=`, `dstFs=`
+parameters depending on the command being used.
 
-- loadedPlugins - list of current production plugins.
-- testPlugins - list of temporarily loaded development plugins, usually running on a different server.
+The parameters can be a string as per the rest of rclone, eg
+`s3:bucket/path` or `:sftp:/my/dir`. They can also be specified as
+JSON blobs.
 
-Example:
+If specifying a JSON blob it should be a object mapping strings to
+strings. These values will be used to configure the remote. There are
+3 special values which may be set:
 
-   rclone rc pluginsctl/getPluginsForType type=video/mp4
+- `type` -  set to `type` to specify a remote called `:type:`
+- `_name` - set to `name` to specify a remote called `name:`
+- `_root` - sets the root of the remote - may be empty
 
-**Authentication is required for this call.**
+One of `_name` or `type` should normally be set. If the `local`
+backend is desired then `type` should be set to `local`. If `_root`
+isn't specified then it defaults to the root of the remote.
 
-### pluginsctl/listPlugins: Get the list of currently loaded plugins {#pluginsctl-listPlugins}
+For example this JSON is equivalent to `remote:/tmp`
 
-This allows you to get the currently enabled plugins and their details.
+```
+{
+    "_name": "remote",
+    "_path": "/tmp"
+}
+```
 
-This takes no parameters and returns:
+And this is equivalent to `:sftp,host='example.com':/tmp`
 
-- loadedPlugins - list of current production plugins.
-- testPlugins - list of temporarily loaded development plugins, usually running on a different server.
+```
+{
+    "type": "sftp",
+    "host": "example.com",
+    "_path": "/tmp"
+}
+```
 
-E.g.
+And this is equivalent to `/tmp/dir`
 
-   rclone rc pluginsctl/listPlugins
+```
+{
+    type = "local",
+    _ path = "/tmp/dir"
+}
+```
 
-**Authentication is required for this call.**
+## Supported commands
 
-### pluginsctl/listTestPlugins: Show currently loaded test plugins {#pluginsctl-listTestPlugins}
+### backend/command: Runs a backend command. {#backend-command}
 
-Allows listing of test plugins with the rclone.test set to true in package.json of the plugin.
+This takes the following parameters:
 
-This takes no parameters and returns:
+- command - a string with the command name
+- fs - a remote name string e.g. "drive:"
+- arg - a list of arguments for the backend command
+- opt - a map of string to string of options
 
-- loadedTestPlugins - list of currently available test plugins.
+Returns:
 
-E.g.
+- result - result from the backend command
 
-    rclone rc pluginsctl/listTestPlugins
+Example:
 
-**Authentication is required for this call.**
+    rclone rc backend/command command=noop fs=. -o echo=yes -o blue -a path1 -a path2
 
-### pluginsctl/removePlugin: Remove a loaded plugin {#pluginsctl-removePlugin}
+Returns
 
-This allows you to remove a plugin using it's name.
+```
+{
+	"result": {
+		"arg": [
+			"path1",
+			"path2"
+		],
+		"name": "noop",
+		"opt": {
+			"blue": "",
+			"echo": "yes"
+		}
+	}
+}
+```
 
-This takes parameters:
+Note that this is the direct equivalent of using this "backend"
+command:
 
-- name - name of the plugin in the format `author`/`plugin_name`.
+    rclone backend noop . -o echo=yes -o blue path1 path2
 
-E.g.
+Note that arguments must be preceded by the "-a" flag
 
-   rclone rc pluginsctl/removePlugin name=rclone/video-plugin
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more information.
 
 **Authentication is required for this call.**
 
-### pluginsctl/removeTestPlugin: Remove  a test plugin {#pluginsctl-removeTestPlugin}
-
-This allows you to remove a plugin using it's name.
+### cache/expire: Purge a remote from cache {#cache-expire}
 
-This takes the following parameters:
+Purge a remote from the cache backend. Supports either a directory or a file.
+Params:
+  - remote = path to remote (required)
+  - withData = true/false to delete cached data (chunks) as well (optional)
 
-- name - name of the plugin in the format `author`/`plugin_name`.
+Eg
 
-Example:
+    rclone rc cache/expire remote=path/to/sub/folder/
+    rclone rc cache/expire remote=/ withData=true
 
-    rclone rc pluginsctl/removeTestPlugin name=rclone/rclone-webui-react
+### cache/fetch: Fetch file chunks {#cache-fetch}
 
-**Authentication is required for this call.**
+Ensure the specified file chunks are cached on disk.
 
-### rc/error: This returns an error {#rc-error}
+The chunks= parameter specifies the file chunks to check.
+It takes a comma separated list of array slice indices.
+The slice indices are similar to Python slices: start[:end]
 
-This returns an error with the input as part of its error string.
-Useful for testing error handling.
+start is the 0 based chunk number from the beginning of the file
+to fetch inclusive. end is 0 based chunk number from the beginning
+of the file to fetch exclusive.
+Both values can be negative, in which case they count from the back
+of the file. The value "-5:" represents the last 5 chunks of a file.
 
-### rc/list: List all the registered remote control commands {#rc-list}
+Some valid examples are:
+":5,-5:" -> the first and last five chunks
+"0,-2" -> the first and the second last chunk
+"0:10" -> the first ten chunks
 
-This lists all the registered remote control commands as a JSON map in
-the commands response.
+Any parameter with a key that starts with "file" can be used to
+specify files to fetch, e.g.
 
-### rc/noop: Echo the input to the output parameters {#rc-noop}
+    rclone rc cache/fetch chunks=0 file=hello file2=home/goodbye
 
-This echoes the input parameters to the output parameters for testing
-purposes.  It can be used to check that rclone is still alive and to
-check that parameter passing is working properly.
+File names will automatically be encrypted when the a crypt remote
+is used on top of the cache.
 
-### rc/noopauth: Echo the input to the output parameters requiring auth {#rc-noopauth}
+### cache/stats: Get cache stats {#cache-stats}
 
-This echoes the input parameters to the output parameters for testing
-purposes.  It can be used to check that rclone is still alive and to
-check that parameter passing is working properly.
+Show statistics for the cache remote.
 
-**Authentication is required for this call.**
+### config/create: create the config for a remote. {#config-create}
 
-### sync/bisync: Perform bidirectional synchronization between two paths. {#sync-bisync}
+This takes the following parameters:
 
-This takes the following parameters
+- name - name of remote
+- parameters - a map of \{ "key": "value" \} pairs
+- type - type of the new remote
+- opt - a dictionary of options to control the configuration
+    - obscure - declare passwords are plain and need obscuring
+    - noObscure - declare passwords are already obscured and don't need obscuring
+    - nonInteractive - don't interact with a user, return questions
+    - continue - continue the config process with an answer
+    - all - ask all the config questions not just the post config ones
+    - state - state to restart with - used with continue
+    - result - result to restart with - used with continue
 
-- path1 - a remote directory string e.g. `drive:path1`
-- path2 - a remote directory string e.g. `drive:path2`
-- dryRun - dry-run mode
-- resync - performs the resync run
-- checkAccess - abort if RCLONE_TEST files are not found on both filesystems
-- checkFilename - file name for checkAccess (default: RCLONE_TEST)
-- maxDelete - abort sync if percentage of deleted files is above
-  this threshold (default: 50)
-- force - maxDelete safety check and run the sync
-- checkSync - `true` by default, `false` disables comparison of final listings,
-              `only` will skip sync, only compare listings from the last run
-- removeEmptyDirs - remove empty directories at the final cleanup step
-- filtersFile - read filtering patterns from a file
-- workdir - server directory for history files (default: /home/ncw/.cache/rclone/bisync)
-- noCleanup - retain working files
 
-See [bisync command help](https://rclone.org/commands/rclone_bisync/)
-and [full bisync description](https://rclone.org/bisync/)
-for more information.
+See the [config create](https://rclone.org/commands/rclone_config_create/) command for more information on the above.
 
 **Authentication is required for this call.**
 
-### sync/copy: copy a directory from source remote to destination remote {#sync-copy}
-
-This takes the following parameters:
+### config/delete: Delete a remote in the config file. {#config-delete}
 
-- srcFs - a remote name string e.g. "drive:src" for the source
-- dstFs - a remote name string e.g. "drive:dst" for the destination
-- createEmptySrcDirs - create empty src directories on destination if set
+Parameters:
 
+- name - name of remote to delete
 
-See the [copy](https://rclone.org/commands/rclone_copy/) command for more information on the above.
+See the [config delete](https://rclone.org/commands/rclone_config_delete/) command for more information on the above.
 
 **Authentication is required for this call.**
 
-### sync/move: move a directory from source remote to destination remote {#sync-move}
-
-This takes the following parameters:
+### config/dump: Dumps the config file. {#config-dump}
 
-- srcFs - a remote name string e.g. "drive:src" for the source
-- dstFs - a remote name string e.g. "drive:dst" for the destination
-- createEmptySrcDirs - create empty src directories on destination if set
-- deleteEmptySrcDirs - delete empty src directories if set
+Returns a JSON object:
+- key: value
 
+Where keys are remote names and values are the config parameters.
 
-See the [move](https://rclone.org/commands/rclone_move/) command for more information on the above.
+See the [config dump](https://rclone.org/commands/rclone_config_dump/) command for more information on the above.
 
 **Authentication is required for this call.**
 
-### sync/sync: sync a directory from source remote to destination remote {#sync-sync}
-
-This takes the following parameters:
+### config/get: Get a remote in the config file. {#config-get}
 
-- srcFs - a remote name string e.g. "drive:src" for the source
-- dstFs - a remote name string e.g. "drive:dst" for the destination
-- createEmptySrcDirs - create empty src directories on destination if set
+Parameters:
 
+- name - name of remote to get
 
-See the [sync](https://rclone.org/commands/rclone_sync/) command for more information on the above.
+See the [config dump](https://rclone.org/commands/rclone_config_dump/) command for more information on the above.
 
 **Authentication is required for this call.**
 
-### vfs/forget: Forget files or directories in the directory cache. {#vfs-forget}
+### config/listremotes: Lists the remotes in the config file and defined in environment variables. {#config-listremotes}
 
-This forgets the paths in the directory cache causing them to be
-re-read from the remote when needed.
+Returns
+- remotes - array of remote names
 
-If no paths are passed in then it will forget all the paths in the
-directory cache.
+See the [listremotes](https://rclone.org/commands/rclone_listremotes/) command for more information on the above.
 
-    rclone rc vfs/forget
+**Authentication is required for this call.**
 
-Otherwise pass files or dirs in as file=path or dir=path.  Any
-parameter key starting with file will forget that file and any
-starting with dir will forget that dir, e.g.
+### config/password: password the config for a remote. {#config-password}
 
-    rclone rc vfs/forget file=hello file2=goodbye dir=home/junk
- 
-This command takes an "fs" parameter. If this parameter is not
-supplied and if there is only one VFS in use then that VFS will be
-used. If there is more than one VFS in use then the "fs" parameter
-must be supplied.
+This takes the following parameters:
 
-### vfs/list: List active VFSes. {#vfs-list}
+- name - name of remote
+- parameters - a map of \{ "key": "value" \} pairs
 
-This lists the active VFSes.
 
-It returns a list under the key "vfses" where the values are the VFS
-names that could be passed to the other VFS commands in the "fs"
-parameter.
+See the [config password](https://rclone.org/commands/rclone_config_password/) command for more information on the above.
 
-### vfs/poll-interval: Get the status or update the value of the poll-interval option. {#vfs-poll-interval}
+**Authentication is required for this call.**
 
-Without any parameter given this returns the current status of the
-poll-interval setting.
+### config/providers: Shows how providers are configured in the config file. {#config-providers}
 
-When the interval=duration parameter is set, the poll-interval value
-is updated and the polling function is notified.
-Setting interval=0 disables poll-interval.
+Returns a JSON object:
+- providers - array of objects
 
-    rclone rc vfs/poll-interval interval=5m
+See the [config providers](https://rclone.org/commands/rclone_config_providers/) command for more information on the above.
 
-The timeout=duration parameter can be used to specify a time to wait
-for the current poll function to apply the new value.
-If timeout is less or equal 0, which is the default, wait indefinitely.
+**Authentication is required for this call.**
 
-The new poll-interval value will only be active when the timeout is
-not reached.
+### config/setpath: Set the path of the config file {#config-setpath}
 
-If poll-interval is updated or disabled temporarily, some changes
-might not get picked up by the polling function, depending on the
-used remote.
- 
-This command takes an "fs" parameter. If this parameter is not
-supplied and if there is only one VFS in use then that VFS will be
-used. If there is more than one VFS in use then the "fs" parameter
-must be supplied.
+Parameters:
 
-### vfs/refresh: Refresh the directory cache. {#vfs-refresh}
+- path - path to the config file to use
 
-This reads the directories for the specified paths and freshens the
-directory cache.
+**Authentication is required for this call.**
 
-If no paths are passed in then it will refresh the root directory.
+### config/update: update the config for a remote. {#config-update}
 
-    rclone rc vfs/refresh
+This takes the following parameters:
 
-Otherwise pass directories in as dir=path. Any parameter key
-starting with dir will refresh that directory, e.g.
+- name - name of remote
+- parameters - a map of \{ "key": "value" \} pairs
+- opt - a dictionary of options to control the configuration
+    - obscure - declare passwords are plain and need obscuring
+    - noObscure - declare passwords are already obscured and don't need obscuring
+    - nonInteractive - don't interact with a user, return questions
+    - continue - continue the config process with an answer
+    - all - ask all the config questions not just the post config ones
+    - state - state to restart with - used with continue
+    - result - result to restart with - used with continue
 
-    rclone rc vfs/refresh dir=home/junk dir2=data/misc
 
-If the parameter recursive=true is given the whole directory tree
-will get refreshed. This refresh will use --fast-list if enabled.
- 
-This command takes an "fs" parameter. If this parameter is not
-supplied and if there is only one VFS in use then that VFS will be
-used. If there is more than one VFS in use then the "fs" parameter
-must be supplied.
+See the [config update](https://rclone.org/commands/rclone_config_update/) command for more information on the above.
 
-### vfs/stats: Stats for a VFS. {#vfs-stats}
+**Authentication is required for this call.**
 
-This returns stats for the selected VFS.
+### core/bwlimit: Set the bandwidth limit. {#core-bwlimit}
+
+This sets the bandwidth limit to the string passed in. This should be
+a single bandwidth limit entry or a pair of upload:download bandwidth.
+
+Eg
 
+    rclone rc core/bwlimit rate=off
     {
-        // Status of the disk cache - only present if --vfs-cache-mode > off
-        "diskCache": {
-            "bytesUsed": 0,
-            "erroredFiles": 0,
-            "files": 0,
-            "hashType": 1,
-            "outOfSpace": false,
-            "path": "/home/user/.cache/rclone/vfs/local/mnt/a",
-            "pathMeta": "/home/user/.cache/rclone/vfsMeta/local/mnt/a",
-            "uploadsInProgress": 0,
-            "uploadsQueued": 0
-        },
-        "fs": "/mnt/a",
-        "inUse": 1,
-        // Status of the in memory metadata cache
-        "metadataCache": {
-            "dirs": 1,
-            "files": 0
-        },
-        // Options as returned by options/get
-        "opt": {
-            "CacheMaxAge": 3600000000000,
-            // ...
-            "WriteWait": 1000000000
-        }
+        "bytesPerSecond": -1,
+        "bytesPerSecondTx": -1,
+        "bytesPerSecondRx": -1,
+        "rate": "off"
+    }
+    rclone rc core/bwlimit rate=1M
+    {
+        "bytesPerSecond": 1048576,
+        "bytesPerSecondTx": 1048576,
+        "bytesPerSecondRx": 1048576,
+        "rate": "1M"
+    }
+    rclone rc core/bwlimit rate=1M:100k
+    {
+        "bytesPerSecond": 1048576,
+        "bytesPerSecondTx": 1048576,
+        "bytesPerSecondRx": 131072,
+        "rate": "1M"
     }
 
- 
-This command takes an "fs" parameter. If this parameter is not
-supplied and if there is only one VFS in use then that VFS will be
-used. If there is more than one VFS in use then the "fs" parameter
-must be supplied.
 
+If the rate parameter is not supplied then the bandwidth is queried
 
+    rclone rc core/bwlimit
+    {
+        "bytesPerSecond": 1048576,
+        "bytesPerSecondTx": 1048576,
+        "bytesPerSecondRx": 1048576,
+        "rate": "1M"
+    }
 
-## Accessing the remote control via HTTP {#api-http}
+The format of the parameter is exactly the same as passed to --bwlimit
+except only one bandwidth may be specified.
 
-Rclone implements a simple HTTP based protocol.
+In either case "rate" is returned as a human-readable string, and
+"bytesPerSecond" is returned as a number.
 
-Each endpoint takes an JSON object and returns a JSON object or an
-error.  The JSON objects are essentially a map of string names to
-values.
+### core/command: Run a rclone terminal command over rc. {#core-command}
 
-All calls must made using POST.
+This takes the following parameters:
 
-The input objects can be supplied using URL parameters, POST
-parameters or by supplying "Content-Type: application/json" and a JSON
-blob in the body.  There are examples of these below using `curl`.
+- command - a string with the command name.
+- arg - a list of arguments for the backend command.
+- opt - a map of string to string of options.
+- returnType - one of ("COMBINED_OUTPUT", "STREAM", "STREAM_ONLY_STDOUT", "STREAM_ONLY_STDERR").
+    - Defaults to "COMBINED_OUTPUT" if not set.
+    - The STREAM returnTypes will write the output to the body of the HTTP message.
+    - The COMBINED_OUTPUT will write the output to the "result" parameter.
 
-The response will be a JSON blob in the body of the response.  This is
-formatted to be reasonably human-readable.
+Returns:
 
-### Error returns
+- result - result from the backend command.
+    - Only set when using returnType "COMBINED_OUTPUT".
+- error	 - set if rclone exits with an error code.
+- returnType - one of ("COMBINED_OUTPUT", "STREAM", "STREAM_ONLY_STDOUT", "STREAM_ONLY_STDERR").
 
-If an error occurs then there will be an HTTP error status (e.g. 500)
-and the body of the response will contain a JSON encoded error object,
-e.g.
+Example:
+
+    rclone rc core/command command=ls -a mydrive:/ -o max-depth=1
+    rclone rc core/command -a ls -a mydrive:/ -o max-depth=1
+
+Returns:
 
 ```
 {
-    "error": "Expecting string value for key \"remote\" (was float64)",
-    "input": {
-        "fs": "/tmp",
-        "remote": 3
-    },
-    "status": 400
-    "path": "operations/rmdir",
+	"error": false,
+	"result": "<Raw command line output>"
+}
+
+OR
+{
+	"error": true,
+	"result": "<Raw command line output>"
 }
+
 ```
 
-The keys in the error response are
-- error - error string
-- input - the input parameters to the call
-- status - the HTTP status code
-- path - the path of the call
+**Authentication is required for this call.**
 
-### CORS
+### core/du: Returns disk usage of a locally attached disk. {#core-du}
 
-The sever implements basic CORS support and allows all origins for that.
-The response to a preflight OPTIONS request will echo the requested "Access-Control-Request-Headers" back.
+This returns the disk usage for the local directory passed in as dir.
 
-### Using POST with URL parameters only
+If the directory is not passed in, it defaults to the directory
+pointed to by --cache-dir.
 
-```
-curl -X POST 'http://localhost:5572/rc/noop?potato=1&sausage=2'
-```
+- dir - string (optional)
 
-Response
+Returns:
 
 ```
 {
-	"potato": "1",
-	"sausage": "2"
+	"dir": "/",
+	"info": {
+		"Available": 361769115648,
+		"Free": 361785892864,
+		"Total": 982141468672
+	}
 }
 ```
 
-Here is what an error response looks like:
+### core/gc: Runs a garbage collection. {#core-gc}
 
-```
-curl -X POST 'http://localhost:5572/rc/error?potato=1&sausage=2'
-```
+This tells the go runtime to do a garbage collection run.  It isn't
+necessary to call this normally, but it can be useful for debugging
+memory problems.
+
+### core/group-list: Returns list of stats. {#core-group-list}
 
+This returns list of stats groups currently in memory. 
+
+Returns the following values:
 ```
 {
-	"error": "arbitrary error on input map[potato:1 sausage:2]",
-	"input": {
-		"potato": "1",
-		"sausage": "2"
-	}
+	"groups":  an array of group names:
+		[
+			"group1",
+			"group2",
+			...
+		]
 }
 ```
 
-Note that curl doesn't return errors to the shell unless you use the `-f` option
+### core/memstats: Returns the memory statistics {#core-memstats}
 
-```
-$ curl -f -X POST 'http://localhost:5572/rc/error?potato=1&sausage=2'
-curl: (22) The requested URL returned error: 400 Bad Request
-$ echo $?
-22
-```
+This returns the memory statistics of the running program.  What the values mean
+are explained in the go docs: https://golang.org/pkg/runtime/#MemStats
 
-### Using POST with a form
+The most interesting values for most people are:
 
-```
-curl --data "potato=1" --data "sausage=2" http://localhost:5572/rc/noop
-```
+- HeapAlloc - this is the amount of memory rclone is actually using
+- HeapSys - this is the amount of memory rclone has obtained from the OS
+- Sys - this is the total amount of memory requested from the OS
+   - It is virtual memory so may include unused memory
 
-Response
+### core/obscure: Obscures a string passed in. {#core-obscure}
 
-```
-{
-	"potato": "1",
-	"sausage": "2"
-}
-```
+Pass a clear string and rclone will obscure it for the config file:
+- clear - string
 
-Note that you can combine these with URL parameters too with the POST
-parameters taking precedence.
+Returns:
+- obscured - string
 
-```
-curl --data "potato=1" --data "sausage=2" "http://localhost:5572/rc/noop?rutabaga=3&sausage=4"
-```
+### core/pid: Return PID of current process {#core-pid}
 
-Response
+This returns PID of current process.
+Useful for stopping rclone process.
 
-```
-{
-	"potato": "1",
-	"rutabaga": "3",
-	"sausage": "4"
-}
+### core/quit: Terminates the app. {#core-quit}
 
-```
+(Optional) Pass an exit code to be used for terminating the app:
+- exitCode - int
 
-### Using POST with a JSON blob
+### core/stats: Returns stats about current transfers. {#core-stats}
 
-```
-curl -H "Content-Type: application/json" -X POST -d '{"potato":2,"sausage":1}' http://localhost:5572/rc/noop
-```
+This returns all available stats:
 
-response
+	rclone rc core/stats
+
+If group is not provided then summed up stats for all groups will be
+returned.
+
+Parameters
+
+- group - name of the stats group (string)
+
+Returns the following values:
 
 ```
 {
-	"password": "xyz",
-	"username": "xyz"
+	"bytes": total transferred bytes since the start of the group,
+	"checks": number of files checked,
+	"deletes" : number of files deleted,
+	"elapsedTime": time in floating point seconds since rclone was started,
+	"errors": number of errors,
+	"eta": estimated time in seconds until the group completes,
+	"fatalError": boolean whether there has been at least one fatal error,
+	"lastError": last error string,
+	"renames" : number of files renamed,
+	"retryError": boolean showing whether there has been at least one non-NoRetryError,
+        "serverSideCopies": number of server side copies done,
+        "serverSideCopyBytes": number bytes server side copied,
+        "serverSideMoves": number of server side moves done,
+        "serverSideMoveBytes": number bytes server side moved,
+	"speed": average speed in bytes per second since start of the group,
+	"totalBytes": total number of bytes in the group,
+	"totalChecks": total number of checks in the group,
+	"totalTransfers": total number of transfers in the group,
+	"transferTime" : total time spent on running jobs,
+	"transfers": number of transferred files,
+	"transferring": an array of currently active file transfers:
+		[
+			{
+				"bytes": total transferred bytes for this file,
+				"eta": estimated time in seconds until file transfer completion
+				"name": name of the file,
+				"percentage": progress of the file transfer in percent,
+				"speed": average speed over the whole transfer in bytes per second,
+				"speedAvg": current speed in bytes per second as an exponentially weighted moving average,
+				"size": size of the file in bytes
+			}
+		],
+	"checking": an array of names of currently active file checks
+		[]
 }
 ```
+Values for "transferring", "checking" and "lastError" are only assigned if data is available.
+The value for "eta" is null if an eta cannot be determined.
 
-This can be combined with URL parameters too if required.  The JSON
-blob takes precedence.
+### core/stats-delete: Delete stats group. {#core-stats-delete}
 
-```
-curl -H "Content-Type: application/json" -X POST -d '{"potato":2,"sausage":1}' 'http://localhost:5572/rc/noop?rutabaga=3&potato=4'
-```
+This deletes entire stats group.
+
+Parameters
+
+- group - name of the stats group (string)
+
+### core/stats-reset: Reset stats. {#core-stats-reset}
+
+This clears counters, errors and finished transfers for all stats or specific 
+stats group if group is provided.
+
+Parameters
+
+- group - name of the stats group (string)
+
+### core/transferred: Returns stats about completed transfers. {#core-transferred}
+
+This returns stats about completed transfers:
+
+	rclone rc core/transferred
+
+If group is not provided then completed transfers for all groups will be
+returned.
 
+Note only the last 100 completed transfers are returned.
+
+Parameters
+
+- group - name of the stats group (string)
+
+Returns the following values:
 ```
 {
-	"potato": 2,
-	"rutabaga": "3",
-	"sausage": 1
+	"transferred":  an array of completed transfers (including failed ones):
+		[
+			{
+				"name": name of the file,
+				"size": size of the file in bytes,
+				"bytes": total transferred bytes for this file,
+				"checked": if the transfer is only checked (skipped, deleted),
+				"timestamp": integer representing millisecond unix epoch,
+				"error": string description of the error (empty if successful),
+				"jobid": id of the job that this transfer belongs to
+			}
+		]
 }
 ```
 
-## Debugging rclone with pprof ##
+### core/version: Shows the current version of rclone and the go runtime. {#core-version}
 
-If you use the `--rc` flag this will also enable the use of the go
-profiling tools on the same port.
+This shows the current version of go and the go runtime:
 
-To use these, first [install go](https://golang.org/doc/install).
+- version - rclone version, e.g. "v1.53.0"
+- decomposed - version number as [major, minor, patch]
+- isGit - boolean - true if this was compiled from the git version
+- isBeta - boolean - true if this is a beta version
+- os - OS in use as according to Go
+- arch - cpu architecture in use according to Go
+- goVersion - version of Go runtime in use
+- linking - type of rclone executable (static or dynamic)
+- goTags - space separated build tags or "none"
 
-### Debugging memory use
+### debug/set-block-profile-rate: Set runtime.SetBlockProfileRate for blocking profiling. {#debug-set-block-profile-rate}
 
-To profile rclone's memory use you can run:
+SetBlockProfileRate controls the fraction of goroutine blocking events
+that are reported in the blocking profile. The profiler aims to sample
+an average of one blocking event per rate nanoseconds spent blocked.
 
-    go tool pprof -web http://localhost:5572/debug/pprof/heap
+To include every blocking event in the profile, pass rate = 1. To turn
+off profiling entirely, pass rate <= 0.
 
-This should open a page in your browser showing what is using what
-memory.
+After calling this you can use this to see the blocking profile:
 
-You can also use the `-text` flag to produce a textual summary
+    go tool pprof http://localhost:5572/debug/pprof/block
 
-```
-$ go tool pprof -text http://localhost:5572/debug/pprof/heap
-Showing nodes accounting for 1537.03kB, 100% of 1537.03kB total
-      flat  flat%   sum%        cum   cum%
- 1024.03kB 66.62% 66.62%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.addDecoderNode
-     513kB 33.38%   100%      513kB 33.38%  net/http.newBufioWriterSize
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/all.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve/restic.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init.0
-         0     0%   100%  1024.03kB 66.62%  main.init
-         0     0%   100%      513kB 33.38%  net/http.(*conn).readRequest
-         0     0%   100%      513kB 33.38%  net/http.(*conn).serve
-         0     0%   100%  1024.03kB 66.62%  runtime.main
-```
+Parameters:
 
-### Debugging go routine leaks
+- rate - int
 
-Memory leaks are most often caused by go routine leaks keeping memory
-alive which should have been garbage collected.
+### debug/set-gc-percent: Call runtime/debug.SetGCPercent for setting the garbage collection target percentage. {#debug-set-gc-percent}
 
-See all active go routines using
+SetGCPercent sets the garbage collection target percentage: a collection is triggered
+when the ratio of freshly allocated data to live data remaining after the previous collection
+reaches this percentage. SetGCPercent returns the previous setting. The initial setting is the
+value of the GOGC environment variable at startup, or 100 if the variable is not set.
 
-    curl http://localhost:5572/debug/pprof/goroutine?debug=1
+This setting may be effectively reduced in order to maintain a memory limit.
+A negative percentage effectively disables garbage collection, unless the memory limit is reached.
 
-Or go to http://localhost:5572/debug/pprof/goroutine?debug=1 in your browser.
+See https://pkg.go.dev/runtime/debug#SetMemoryLimit for more details.
 
-### Other profiles to look at
+Parameters:
 
-You can see a summary of profiles available at http://localhost:5572/debug/pprof/
+- gc-percent - int
 
-Here is how to use some of them:
+### debug/set-mutex-profile-fraction: Set runtime.SetMutexProfileFraction for mutex profiling. {#debug-set-mutex-profile-fraction}
 
-- Memory: `go tool pprof http://localhost:5572/debug/pprof/heap`
-- Go routines: `curl http://localhost:5572/debug/pprof/goroutine?debug=1`
-- 30-second CPU profile: `go tool pprof http://localhost:5572/debug/pprof/profile`
-- 5-second execution trace: `wget http://localhost:5572/debug/pprof/trace?seconds=5`
-- Goroutine blocking profile
-    - Enable first with: `rclone rc debug/set-block-profile-rate rate=1` ([docs](#debug-set-block-profile-rate))
-    - `go tool pprof http://localhost:5572/debug/pprof/block`
-- Contended mutexes:
-    - Enable first with: `rclone rc debug/set-mutex-profile-fraction rate=1` ([docs](#debug-set-mutex-profile-fraction))
-    - `go tool pprof http://localhost:5572/debug/pprof/mutex`
+SetMutexProfileFraction controls the fraction of mutex contention
+events that are reported in the mutex profile. On average 1/rate
+events are reported. The previous rate is returned.
 
-See the [net/http/pprof docs](https://golang.org/pkg/net/http/pprof/)
-for more info on how to use the profiling and for a general overview
-see [the Go team's blog post on profiling go programs](https://blog.golang.org/profiling-go-programs).
+To turn off profiling entirely, pass rate 0. To just read the current
+rate, pass rate < 0. (For n>1 the details of sampling may change.)
 
-The profiling hook is [zero overhead unless it is used](https://stackoverflow.com/q/26545159/164234).
+Once this is set you can look use this to profile the mutex contention:
 
-# Overview of cloud storage systems #
+    go tool pprof http://localhost:5572/debug/pprof/mutex
 
-Each cloud storage system is slightly different.  Rclone attempts to
-provide a unified interface to them, but some underlying differences
-show through.
+Parameters:
 
-## Features ##
+- rate - int
 
-Here is an overview of the major features of each cloud storage system.
+Results:
 
-| Name                         | Hash             | ModTime | Case Insensitive | Duplicate Files | MIME Type | Metadata |
-| ---------------------------- |:----------------:|:-------:|:----------------:|:---------------:|:---------:|:--------:|
-| 1Fichier                     | Whirlpool        | -       | No               | Yes             | R         | -        |
-| Akamai Netstorage            | MD5, SHA256      | R/W     | No               | No              | R         | -        |
-| Amazon Drive                 | MD5              | -       | Yes              | No              | R         | -        |
-| Amazon S3 (or S3 compatible) | MD5              | R/W     | No               | No              | R/W       | RWU      |
-| Backblaze B2                 | SHA1             | R/W     | No               | No              | R/W       | -        |
-| Box                          | SHA1             | R/W     | Yes              | No              | -         | -        |
-| Citrix ShareFile             | MD5              | R/W     | Yes              | No              | -         | -        |
-| Dropbox                      | DBHASH ¹         | R       | Yes              | No              | -         | -        |
-| Enterprise File Fabric       | -                | R/W     | Yes              | No              | R/W       | -        |
-| FTP                          | -                | R/W ¹⁰  | No               | No              | -         | -        |
-| Google Cloud Storage         | MD5              | R/W     | No               | No              | R/W       | -        |
-| Google Drive                 | MD5              | R/W     | No               | Yes             | R/W       | -        |
-| Google Photos                | -                | -       | No               | Yes             | R         | -        |
-| HDFS                         | -                | R/W     | No               | No              | -         | -        |
-| HiDrive                      | HiDrive ¹²       | R/W     | No               | No              | -         | -        |
-| HTTP                         | -                | R       | No               | No              | R         | -        |
-| Internet Archive             | MD5, SHA1, CRC32 | R/W ¹¹  | No               | No              | -         | RWU      |
-| Jottacloud                   | MD5              | R/W     | Yes              | No              | R         | -        |
-| Koofr                        | MD5              | -       | Yes              | No              | -         | -        |
-| Mail.ru Cloud                | Mailru ⁶         | R/W     | Yes              | No              | -         | -        |
-| Mega                         | -                | -       | No               | Yes             | -         | -        |
-| Memory                       | MD5              | R/W     | No               | No              | -         | -        |
-| Microsoft Azure Blob Storage | MD5              | R/W     | No               | No              | R/W       | -        |
-| Microsoft OneDrive           | QuickXorHash ⁵   | R/W     | Yes              | No              | R         | -        |
-| OpenDrive                    | MD5              | R/W     | Yes              | Partial ⁸       | -         | -        |
-| OpenStack Swift              | MD5              | R/W     | No               | No              | R/W       | -        |
-| Oracle Object Storage        | MD5              | R/W     | No               | No              | R/W       | -        |
-| pCloud                       | MD5, SHA1 ⁷      | R       | No               | No              | W         | -        |
-| premiumize.me                | -                | -       | Yes              | No              | R         | -        |
-| put.io                       | CRC-32           | R/W     | No               | Yes             | R         | -        |
-| QingStor                     | MD5              | - ⁹     | No               | No              | R/W       | -        |
-| Seafile                      | -                | -       | No               | No              | -         | -        |
-| SFTP                         | MD5, SHA1 ²      | R/W     | Depends          | No              | -         | -        |
-| Sia                          | -                | -       | No               | No              | -         | -        |
-| SMB                          | -                | -       | Yes              | No              | -         | -        |
-| SugarSync                    | -                | -       | No               | No              | -         | -        |
-| Storj                        | -                | R       | No               | No              | -         | -        |
-| Uptobox                      | -                | -       | No               | Yes             | -         | -        |
-| WebDAV                       | MD5, SHA1 ³      | R ⁴     | Depends          | No              | -         | -        |
-| Yandex Disk                  | MD5              | R/W     | No               | No              | R         | -        |
-| Zoho WorkDrive               | -                | -       | No               | No              | -         | -        |
-| The local filesystem         | All              | R/W     | Depends          | No              | -         | RWU      |
-
-### Notes
+- previousRate - int
 
-¹ Dropbox supports [its own custom
-hash](https://www.dropbox.com/developers/reference/content-hash).
-This is an SHA256 sum of all the 4 MiB block SHA256s.
+### debug/set-soft-memory-limit: Call runtime/debug.SetMemoryLimit for setting a soft memory limit for the runtime. {#debug-set-soft-memory-limit}
 
-² SFTP supports checksums if the same login has shell access and
-`md5sum` or `sha1sum` as well as `echo` are in the remote's PATH.
+SetMemoryLimit provides the runtime with a soft memory limit.
 
-³ WebDAV supports hashes when used with Owncloud and Nextcloud only.
+The runtime undertakes several processes to try to respect this memory limit, including
+adjustments to the frequency of garbage collections and returning memory to the underlying
+system more aggressively. This limit will be respected even if GOGC=off (or, if SetGCPercent(-1) is executed).
 
-⁴ WebDAV supports modtimes when used with Owncloud and Nextcloud only.
+The input limit is provided as bytes, and includes all memory mapped, managed, and not
+released by the Go runtime. Notably, it does not account for space used by the Go binary
+and memory external to Go, such as memory managed by the underlying system on behalf of
+the process, or memory managed by non-Go code inside the same process.
+Examples of excluded memory sources include: OS kernel memory held on behalf of the process,
+memory allocated by C code, and memory mapped by syscall.Mmap (because it is not managed by the Go runtime).
 
-⁵ [QuickXorHash](https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash) is Microsoft's own hash.
+A zero limit or a limit that's lower than the amount of memory used by the Go runtime may cause
+the garbage collector to run nearly continuously. However, the application may still make progress.
 
-⁶ Mail.ru uses its own modified SHA1 hash
+The memory limit is always respected by the Go runtime, so to effectively disable this behavior,
+set the limit very high. math.MaxInt64 is the canonical value for disabling the limit, but values
+much greater than the available memory on the underlying system work just as well.
 
-⁷ pCloud only supports SHA1 (not MD5) in its EU region
+See https://go.dev/doc/gc-guide for a detailed guide explaining the soft memory limit in more detail,
+as well as a variety of common use-cases and scenarios.
 
-⁸ Opendrive does not support creation of duplicate files using
-their web client interface or other stock clients, but the underlying
-storage platform has been determined to allow duplicate files, and it
-is possible to create them with `rclone`.  It may be that this is a
-mistake or an unsupported feature.
+SetMemoryLimit returns the previously set memory limit. A negative input does not adjust the limit,
+and allows for retrieval of the currently set memory limit.
 
-⁹ QingStor does not support SetModTime for objects bigger than 5 GiB.
+Parameters:
 
-¹⁰ FTP supports modtimes for the major FTP servers, and also others
-if they advertised required protocol extensions. See [this](https://rclone.org/ftp/#modified-time)
-for more details.
+- mem-limit - int
 
-¹¹ Internet Archive requires option `wait_archive` to be set to a non-zero value
-for full modtime support.
+### fscache/clear: Clear the Fs cache. {#fscache-clear}
 
-¹² HiDrive supports [its own custom
-hash](https://static.hidrive.com/dev/0001).
-It combines SHA1 sums for each 4 KiB block hierarchically to a single
-top-level sum.
+This clears the fs cache. This is where remotes created from backends
+are cached for a short while to make repeated rc calls more efficient.
 
-### Hash ###
+If you change the parameters of a backend then you may want to call
+this to clear an existing remote out of the cache before re-creating
+it.
 
-The cloud storage system supports various hash types of the objects.
-The hashes are used when transferring data as an integrity check and
-can be specifically used with the `--checksum` flag in syncs and in
-the `check` command.
+**Authentication is required for this call.**
 
-To use the verify checksums when transferring between cloud storage
-systems they must support a common hash type.
+### fscache/entries: Returns the number of entries in the fs cache. {#fscache-entries}
 
-### ModTime ###
+This returns the number of entries in the fs cache.
 
-Almost all cloud storage systems store some sort of timestamp
-on objects, but several of them not something that is appropriate
-to use for syncing. E.g. some backends will only write a timestamp
-that represent the time of the upload. To be relevant for syncing
-it should be able to store the modification time of the source
-object. If this is not the case, rclone will only check the file
-size by default, though can be configured to check the file hash
-(with the `--checksum` flag). Ideally it should also be possible to
-change the timestamp of an existing file without having to re-upload it.
+Returns
+- entries - number of items in the cache
 
-Storage systems with a `-` in the ModTime column, means the
-modification read on objects is not the modification time of the
-file when uploaded. It is most likely the time the file was uploaded,
-or possibly something else (like the time the picture was taken in
-Google Photos).
+**Authentication is required for this call.**
 
-Storage systems with a `R` (for read-only) in the ModTime column,
-means the it keeps modification times on objects, and updates them
-when uploading objects, but it does not support changing only the
-modification time (`SetModTime` operation) without re-uploading,
-possibly not even without deleting existing first. Some operations
-in rclone, such as `copy` and `sync` commands, will automatically
-check for `SetModTime` support and re-upload if necessary to keep
-the modification times in sync. Other commands will not work
-without `SetModTime` support, e.g. `touch` command on an existing
-file will fail, and changes to modification time only on a files
-in a `mount` will be silently ignored.
+### job/list: Lists the IDs of the running jobs {#job-list}
 
-Storage systems with `R/W` (for read/write) in the ModTime column,
-means they do also support modtime-only operations.
+Parameters: None.
 
-### Case Insensitive ###
+Results:
 
-If a cloud storage systems is case sensitive then it is possible to
-have two files which differ only in case, e.g. `file.txt` and
-`FILE.txt`.  If a cloud storage system is case insensitive then that
-isn't possible.
+- executeId - string id of rclone executing (change after restart)
+- jobids - array of integer job ids (starting at 1 on each restart)
 
-This can cause problems when syncing between a case insensitive
-system and a case sensitive system.  The symptom of this is that no
-matter how many times you run the sync it never completes fully.
+### job/status: Reads the status of the job ID {#job-status}
 
-The local filesystem and SFTP may or may not be case sensitive
-depending on OS.
+Parameters:
 
-  * Windows - usually case insensitive, though case is preserved
-  * OSX - usually case insensitive, though it is possible to format case sensitive
-  * Linux - usually case sensitive, but there are case insensitive file systems (e.g. FAT formatted USB keys)
+- jobid - id of the job (integer).
 
-Most of the time this doesn't cause any problems as people tend to
-avoid files whose name differs only by case even on case sensitive
-systems.
+Results:
 
-### Duplicate files ###
+- finished - boolean
+- duration - time in seconds that the job ran for
+- endTime - time the job finished (e.g. "2018-10-26T18:50:20.528746884+01:00")
+- error - error from the job or empty string for no error
+- finished - boolean whether the job has finished or not
+- id - as passed in above
+- startTime - time the job started (e.g. "2018-10-26T18:50:20.528336039+01:00")
+- success - boolean - true for success false otherwise
+- output - output of the job as would have been returned if called synchronously
+- progress - output of the progress related to the underlying job
 
-If a cloud storage system allows duplicate files then it can have two
-objects with the same name.
+### job/stop: Stop the running job {#job-stop}
 
-This confuses rclone greatly when syncing - use the `rclone dedupe`
-command to rename or remove duplicates.
+Parameters:
 
-### Restricted filenames ###
+- jobid - id of the job (integer).
 
-Some cloud storage systems might have restrictions on the characters
-that are usable in file or directory names.
-When `rclone` detects such a name during a file upload, it will
-transparently replace the restricted characters with similar looking
-Unicode characters. To handle the different sets of restricted characters
-for different backends, rclone uses something it calls [encoding](#encoding).
+### job/stopgroup: Stop all running jobs in a group {#job-stopgroup}
 
-This process is designed to avoid ambiguous file names as much as
-possible and allow to move files between many cloud storage systems
-transparently.
+Parameters:
 
-The name shown by `rclone` to the user or during log output will only
-contain a minimal set of [replaced characters](#restricted-characters)
-to ensure correct formatting and not necessarily the actual name used
-on the cloud storage.
+- group - name of the group (string).
 
-This transformation is reversed when downloading a file or parsing
-`rclone` arguments. For example, when uploading a file named `my file?.txt`
-to Onedrive, it will be displayed as `my file?.txt` on the console, but
-stored as `my file？.txt` to Onedrive (the `?` gets replaced by the similar
-looking `？` character, the so-called "fullwidth question mark").
-The reverse transformation allows to read a file `unusual/name.txt`
-from Google Drive, by passing the name `unusual／name.txt` on the command line
-(the `/` needs to be replaced by the similar looking `／` character).
+### mount/listmounts: Show current mount points {#mount-listmounts}
 
-#### Caveats {#restricted-filenames-caveats}
+This shows currently mounted points, which can be used for performing an unmount.
 
-The filename encoding system works well in most cases, at least
-where file names are written in English or similar languages.
-You might not even notice it: It just works. In some cases it may
-lead to issues, though. E.g. when file names are written in Chinese,
-or Japanese, where it is always the Unicode fullwidth variants of the
-punctuation marks that are used.
+This takes no parameters and returns
 
-On Windows, the characters `:`, `*` and `?` are examples of restricted
-characters. If these are used in filenames on a remote that supports it,
-Rclone will transparently convert them to their fullwidth Unicode
-variants `＊`, `？` and `：` when downloading to Windows, and back again
-when uploading. This way files with names that are not allowed on Windows
-can still be stored.
+- mountPoints: list of current mount points
 
-However, if you have files on your Windows system originally with these same
-Unicode characters in their names, they will be included in the same conversion
-process. E.g. if you create a file in your Windows filesystem with name
-`Test：1.jpg`, where `：` is the Unicode fullwidth colon symbol, and use
-rclone to upload it to Google Drive, which supports regular `:` (halfwidth
-question mark), rclone will replace the fullwidth `:` with the
-halfwidth `:` and store the file as `Test:1.jpg` in Google Drive. Since
-both Windows and Google Drive allows the name `Test：1.jpg`, it would
-probably be better if rclone just kept the name as is in this case.
+Eg
 
-With the opposite situation; if you have a file named `Test:1.jpg`,
-in your Google Drive, e.g. uploaded from a Linux system where `:` is valid
-in file names. Then later use rclone to copy this file to your Windows
-computer you will notice that on your local disk it gets renamed
-to `Test：1.jpg`. The original filename is not legal on Windows, due to
-the `:`, and rclone therefore renames it to make the copy possible.
-That is all good. However, this can also lead to an issue: If you already
-had a *different* file named `Test：1.jpg` on Windows, and then use rclone
-to copy either way. Rclone will then treat the file originally named
-`Test:1.jpg` on Google Drive and the file originally named `Test：1.jpg`
-on Windows as the same file, and replace the contents from one with the other.
+    rclone rc mount/listmounts
 
-Its virtually impossible to handle all cases like these correctly in all
-situations, but by customizing the [encoding option](#encoding), changing the
-set of characters that rclone should convert, you should be able to
-create a configuration that works well for your specific situation.
-See also the [example](https://rclone.org/overview/#encoding-example-windows) below.
+**Authentication is required for this call.**
 
-(Windows was used as an example of a file system with many restricted
-characters, and Google drive a storage system with few.)
+### mount/mount: Create a new mount point {#mount-mount}
 
-#### Default restricted characters {#restricted-characters}
+rclone allows Linux, FreeBSD, macOS and Windows to mount any of
+Rclone's cloud storage systems as a file system with FUSE.
 
-The table below shows the characters that are replaced by default.
+If no mountType is provided, the priority is given as follows: 1. mount 2.cmount 3.mount2
 
-When a replacement character is found in a filename, this character
-will be escaped with the `‛` character to avoid ambiguous file names.
-(e.g. a file named `␀.txt` would shown as `‛␀.txt`)
+This takes the following parameters:
 
-Each cloud storage backend can use a different set of characters,
-which will be specified in the documentation for each backend.
+- fs - a remote path to be mounted (required)
+- mountPoint: valid path on the local machine (required)
+- mountType: one of the values (mount, cmount, mount2) specifies the mount implementation to use
+- mountOpt: a JSON object with Mount options in.
+- vfsOpt: a JSON object with VFS options in.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| NUL       | 0x00  | ␀           |
-| SOH       | 0x01  | ␁           |
-| STX       | 0x02  | ␂           |
-| ETX       | 0x03  | ␃           |
-| EOT       | 0x04  | ␄           |
-| ENQ       | 0x05  | ␅           |
-| ACK       | 0x06  | ␆           |
-| BEL       | 0x07  | ␇           |
-| BS        | 0x08  | ␈           |
-| HT        | 0x09  | ␉           |
-| LF        | 0x0A  | ␊           |
-| VT        | 0x0B  | ␋           |
-| FF        | 0x0C  | ␌           |
-| CR        | 0x0D  | ␍           |
-| SO        | 0x0E  | ␎           |
-| SI        | 0x0F  | ␏           |
-| DLE       | 0x10  | ␐           |
-| DC1       | 0x11  | ␑           |
-| DC2       | 0x12  | ␒           |
-| DC3       | 0x13  | ␓           |
-| DC4       | 0x14  | ␔           |
-| NAK       | 0x15  | ␕           |
-| SYN       | 0x16  | ␖           |
-| ETB       | 0x17  | ␗           |
-| CAN       | 0x18  | ␘           |
-| EM        | 0x19  | ␙           |
-| SUB       | 0x1A  | ␚           |
-| ESC       | 0x1B  | ␛           |
-| FS        | 0x1C  | ␜           |
-| GS        | 0x1D  | ␝           |
-| RS        | 0x1E  | ␞           |
-| US        | 0x1F  | ␟           |
-| /         | 0x2F  | ／           |
-| DEL       | 0x7F  | ␡           |
+Example:
 
-The default encoding will also encode these file names as they are
-problematic with many cloud storage systems.
+    rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint
+    rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint mountType=mount
+    rclone rc mount/mount fs=TestDrive: mountPoint=/mnt/tmp vfsOpt='{"CacheMode": 2}' mountOpt='{"AllowOther": true}'
 
-| File name | Replacement |
-| --------- |:-----------:|
-| .         | ．          |
-| ..        | ．．         |
+The vfsOpt are as described in options/get and can be seen in the the
+"vfs" section when running and the mountOpt can be seen in the "mount" section:
 
-#### Invalid UTF-8 bytes {#invalid-utf8}
+    rclone rc options/get
 
-Some backends only support a sequence of well formed UTF-8 bytes
-as file or directory names.
+**Authentication is required for this call.**
 
-In this case all invalid UTF-8 bytes will be replaced with a quoted
-representation of the byte value to allow uploading a file to such a
-backend. For example, the invalid byte `0xFE` will be encoded as `‛FE`.
+### mount/types: Show all possible mount types {#mount-types}
 
-A common source of invalid UTF-8 bytes are local filesystems, that store
-names in a different encoding than UTF-8 or UTF-16, like latin1. See the
-[local filenames](https://rclone.org/local/#filenames) section for details.
+This shows all possible mount types and returns them as a list.
 
-#### Encoding option {#encoding}
+This takes no parameters and returns
 
-Most backends have an encoding option, specified as a flag
-`--backend-encoding` where `backend` is the name of the backend, or as
-a config parameter `encoding` (you'll need to select the Advanced
-config in `rclone config` to see it).
+- mountTypes: list of mount types
 
-This will have default value which encodes and decodes characters in
-such a way as to preserve the maximum number of characters (see
-above).
+The mount types are strings like "mount", "mount2", "cmount" and can
+be passed to mount/mount as the mountType parameter.
 
-However this can be incorrect in some scenarios, for example if you
-have a Windows file system with Unicode fullwidth characters
-`＊`, `？` or `：`, that you want to remain as those characters on the
-remote rather than being translated to regular (halfwidth) `*`, `?` and `:`.
+Eg
 
-The `--backend-encoding` flags allow you to change that. You can
-disable the encoding completely with `--backend-encoding None` or set
-`encoding = None` in the config file.
+    rclone rc mount/types
 
-Encoding takes a comma separated list of encodings. You can see the
-list of all possible values by passing an invalid value to this
-flag, e.g. `--local-encoding "help"`. The command `rclone help flags encoding`
-will show you the defaults for the backends.
+**Authentication is required for this call.**
 
-| Encoding  | Characters | Encoded as |
-| --------- | ---------- | ---------- |
-| Asterisk | `*` | `＊` |
-| BackQuote | `` ` `` | `｀` |
-| BackSlash | `\` | `＼` |
-| Colon | `:` | `：` |
-| CrLf | CR 0x0D, LF 0x0A | `␍`, `␊` |
-| Ctl | All control characters 0x00-0x1F | `␀␁␂␃␄␅␆␇␈␉␊␋␌␍␎␏␐␑␒␓␔␕␖␗␘␙␚␛␜␝␞␟` |
-| Del | DEL 0x7F | `␡` |
-| Dollar | `$` | `＄` |
-| Dot | `.` or `..` as entire string | `．`, `．．` |
-| DoubleQuote | `"` | `＂` |
-| Hash | `#` | `＃` |
-| InvalidUtf8 | An invalid UTF-8 character (e.g. latin1) | `�` |
-| LeftCrLfHtVt | CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the left of a string | `␍`, `␊`, `␉`, `␋` |
-| LeftPeriod | `.` on the left of a string | `.` |
-| LeftSpace | SPACE on the left of a string | `␠` |
-| LeftTilde | `~` on the left of a string | `～` |
-| LtGt | `<`, `>` | `＜`, `＞` |
-| None | No characters are encoded | |
-| Percent | `%` | `％` |
-| Pipe | \| | `｜` |
-| Question | `?` | `？` |
-| RightCrLfHtVt | CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the right of a string | `␍`, `␊`, `␉`, `␋` |
-| RightPeriod | `.` on the right of a string | `.` |
-| RightSpace | SPACE on the right of a string | `␠` |
-| Semicolon | `;` | `；` |
-| SingleQuote | `'` | `＇` |
-| Slash | `/` | `／` |
-| SquareBracket | `[`, `]` | `［`, `］` |
+### mount/unmount: Unmount selected active mount {#mount-unmount}
 
-##### Encoding example: FTP
+rclone allows Linux, FreeBSD, macOS and Windows to
+mount any of Rclone's cloud storage systems as a file system with
+FUSE.
 
-To take a specific example, the FTP backend's default encoding is
+This takes the following parameters:
 
-    --ftp-encoding "Slash,Del,Ctl,RightSpace,Dot"
+- mountPoint: valid path on the local machine where the mount was created (required)
 
-However, let's say the FTP server is running on Windows and can't have
-any of the invalid Windows characters in file names. You are backing
-up Linux servers to this FTP server which do have those characters in
-file names. So you would add the Windows set which are
+Example:
 
-    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
+    rclone rc mount/unmount mountPoint=/home/<user>/mountPoint
 
-to the existing ones, giving:
+**Authentication is required for this call.**
 
-    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot,Del,RightSpace
+### mount/unmountall: Unmount all active mounts {#mount-unmountall}
 
-This can be specified using the `--ftp-encoding` flag or using an `encoding` parameter in the config file.
+rclone allows Linux, FreeBSD, macOS and Windows to
+mount any of Rclone's cloud storage systems as a file system with
+FUSE.
 
-##### Encoding example: Windows
+This takes no parameters and returns error if unmount does not succeed.
 
-As a nother example, take a Windows system where there is a file with
-name `Test：1.jpg`, where `：` is the Unicode fullwidth colon symbol.
-When using rclone to copy this to a remote which supports `:`,
-the regular (halfwidth) colon (such as Google Drive), you will notice
-that the file gets renamed to `Test:1.jpg`.
+Eg
 
-To avoid this you can change the set of characters rclone should convert
-for the local filesystem, using command-line argument `--local-encoding`.
-Rclone's default behavior on Windows corresponds to
+    rclone rc mount/unmountall
 
-```
---local-encoding "Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot"
-```
+**Authentication is required for this call.**
 
-If you want to use fullwidth characters `：`, `＊` and `？` in your filenames
-without rclone changing them when uploading to a remote, then set the same as
-the default value but without `Colon,Question,Asterisk`:
+### operations/about: Return the space used on the remote {#operations-about}
 
-```
---local-encoding "Slash,LtGt,DoubleQuote,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot"
-```
+This takes the following parameters:
 
-Alternatively, you can disable the conversion of any characters with `--local-encoding None`.
+- fs - a remote name string e.g. "drive:"
 
-Instead of using command-line argument `--local-encoding`, you may also set it
-as [environment variable](https://rclone.org/docs/#environment-variables) `RCLONE_LOCAL_ENCODING`,
-or [configure](https://rclone.org/docs/#configure) a remote of type `local` in your config,
-and set the `encoding` option there.
+The result is as returned from rclone about --json
 
-The risk by doing this is that if you have a filename with the regular (halfwidth)
-`:`, `*` and `?` in your cloud storage, and you try to download
-it to your Windows filesystem, this will fail. These characters are not
-valid in filenames on Windows, and you have told rclone not to work around
-this by converting them to valid fullwidth variants.
+See the [about](https://rclone.org/commands/rclone_about/) command for more information on the above.
 
-### MIME Type ###
+**Authentication is required for this call.**
 
-MIME types (also known as media types) classify types of documents
-using a simple text classification, e.g. `text/html` or
-`application/pdf`.
+### operations/check: check the source and destination are the same {#operations-check}
 
-Some cloud storage systems support reading (`R`) the MIME type of
-objects and some support writing (`W`) the MIME type of objects.
+Checks the files in the source and destination match.  It compares
+sizes and hashes and logs a report of files that don't
+match.  It doesn't alter the source or destination.
 
-The MIME type can be important if you are serving files directly to
-HTTP from the storage system.
+This takes the following parameters:
 
-If you are copying from a remote which supports reading (`R`) to a
-remote which supports writing (`W`) then rclone will preserve the MIME
-types.  Otherwise they will be guessed from the extension, or the
-remote itself may assign the MIME type.
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
+- download - check by downloading rather than with hash
+- checkFileHash - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- checkFileFs - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- checkFileRemote - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- oneWay -  check one way only, source files must exist on remote
+- combined - make a combined report of changes (default false)
+- missingOnSrc - report all files missing from the source (default true)
+- missingOnDst - report all files missing from the destination (default true)
+- match - report all matching files (default false)
+- differ - report all non-matching files (default true)
+- error - report all files with errors (hashing or reading) (default true)
+
+If you supply the download flag, it will download the data from
+both remotes and check them against each other on the fly.  This can
+be useful for remotes that don't support hashes or if you really want
+to check all the data.
 
-### Metadata
+If you supply the size-only global flag, it will only compare the sizes not
+the hashes as well.  Use this for a quick check.
 
-Backends may or may support reading or writing metadata. They may
-support reading and writing system metadata (metadata intrinsic to
-that backend) and/or user metadata (general purpose metadata).
+If you supply the checkFileHash option with a valid hash name, the
+checkFileFs:checkFileRemote must point to a text file in the SUM
+format. This treats the checksum file as the source and dstFs as the
+destination. Note that srcFs is not used and should not be supplied in
+this case.
 
-The levels of metadata support are
+Returns:
 
-| Key | Explanation |
-|-----|-------------|
-| `R` | Read only System Metadata |
-| `RW` | Read and write System Metadata |
-| `RWU` | Read and write System Metadata and read and write User Metadata |
+- success - true if no error, false otherwise
+- status - textual summary of check, OK or text string
+- hashType - hash used in check, may be missing
+- combined - array of strings of combined report of changes
+- missingOnSrc - array of strings of all files missing from the source
+- missingOnDst - array of strings of all files missing from the destination
+- match - array of strings of all matching files
+- differ - array of strings of all non-matching files
+- error - array of strings of all files with errors (hashing or reading)
 
-See [the metadata docs](https://rclone.org/docs/#metadata) for more info.
+**Authentication is required for this call.**
 
-## Optional Features ##
+### operations/cleanup: Remove trashed files in the remote or path {#operations-cleanup}
 
-All rclone remotes support a base command set. Other features depend
-upon backend-specific capabilities.
+This takes the following parameters:
 
-| Name                         | Purge | Copy | Move | DirMove | CleanUp | ListR | StreamUpload | LinkSharing  | About | EmptyDir |
-| ---------------------------- |:-----:|:----:|:----:|:-------:|:-------:|:-----:|:------------:|:------------:|:-----:|:--------:|
-| 1Fichier                     | No    | Yes  | Yes  | No      | No      | No    | No           | Yes          | No    | Yes      |
-| Akamai Netstorage            | Yes   | No   | No   | No      | No      | Yes   | Yes          | No           | No    | Yes      |
-| Amazon Drive                 | Yes   | No   | Yes  | Yes     | No      | No    | No           | No           | No    | Yes      |
-| Amazon S3 (or S3 compatible) | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes          | No    | No       |
-| Backblaze B2                 | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes          | No    | No       |
-| Box                          | Yes   | Yes  | Yes  | Yes     | Yes ‡‡  | No    | Yes          | Yes          | Yes   | Yes      |
-| Citrix ShareFile             | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| Dropbox                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes          | Yes   | Yes      |
-| Enterprise File Fabric       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No           | No    | Yes      |
-| FTP                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| Google Cloud Storage         | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | No           | No    | No       |
-| Google Drive                 | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | Yes          | Yes   | Yes      |
-| Google Photos                | No    | No   | No   | No      | No      | No    | No           | No           | No    | No       |
-| HDFS                         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | No           | Yes   | Yes      |
-| HiDrive                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| HTTP                         | No    | No   | No   | No      | No      | No    | No           | No           | No    | Yes      |
-| Internet Archive             | No    | Yes  | No   | No      | Yes     | Yes   | No           | Yes          | Yes   | No       |
-| Jottacloud                   | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | No           | Yes          | Yes   | Yes      |
-| Koofr                        | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes          | Yes   | Yes      |
-| Mail.ru Cloud                | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| Mega                         | Yes   | No   | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| Memory                       | No    | Yes  | No   | No      | No      | Yes   | Yes          | No           | No    | No       |
-| Microsoft Azure Blob Storage | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | No           | No    | No       |
-| Microsoft OneDrive           | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| OpenDrive                    | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No           | No    | Yes      |
-| OpenStack Swift              | Yes † | Yes  | No   | No      | No      | Yes   | Yes          | No           | Yes   | No       |
-| Oracle Object Storage        | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | No           | No    | No       |
-| pCloud                       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| premiumize.me                | Yes   | No   | Yes  | Yes     | No      | No    | No           | Yes          | Yes   | Yes      |
-| put.io                       | Yes   | No   | Yes  | Yes     | Yes     | No    | Yes          | No           | Yes   | Yes      |
-| QingStor                     | No    | Yes  | No   | No      | Yes     | Yes   | No           | No           | No    | No       |
-| Seafile                      | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | Yes          | Yes   | Yes      |
-| SFTP                         | No    | No   | Yes  | Yes     | No      | No    | Yes          | No           | Yes   | Yes      |
-| Sia                          | No    | No   | No   | No      | No      | No    | Yes          | No           | No    | Yes      |
-| SMB                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| SugarSync                    | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes          | No    | Yes      |
-| Storj                        | Yes ☨ | Yes  | Yes  | No      | No      | Yes   | Yes          | Yes          | No    | No       |
-| Uptobox                      | No    | Yes  | Yes  | Yes     | No      | No    | No           | No           | No    | No       |
-| WebDAV                       | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes ‡        | No           | Yes   | Yes      |
-| Yandex Disk                  | Yes   | Yes  | Yes  | Yes     | Yes     | No    | Yes          | Yes          | Yes   | Yes      |
-| Zoho WorkDrive               | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No           | Yes   | Yes      |
-| The local filesystem         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | No           | Yes   | Yes      |
+- fs - a remote name string e.g. "drive:"
 
-### Purge ###
+See the [cleanup](https://rclone.org/commands/rclone_cleanup/) command for more information on the above.
 
-This deletes a directory quicker than just deleting all the files in
-the directory.
+**Authentication is required for this call.**
 
-† Note Swift implements this in order to delete directory markers but
-they don't actually have a quicker way of deleting files other than
-deleting them individually.
+### operations/copyfile: Copy a file from source remote to destination remote {#operations-copyfile}
 
-☨ Storj implements this efficiently only for entire buckets. If
-purging a directory inside a bucket, files are deleted individually.
+This takes the following parameters:
 
-‡ StreamUpload is not supported with Nextcloud
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
+- srcRemote - a path within that remote e.g. "file.txt" for the source
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
+- dstRemote - a path within that remote e.g. "file2.txt" for the destination
 
-### Copy ###
+**Authentication is required for this call.**
 
-Used when copying an object to and from the same remote.  This known
-as a server-side copy so you can copy a file without downloading it
-and uploading it again.  It is used if you use `rclone copy` or
-`rclone move` if the remote doesn't support `Move` directly.
+### operations/copyurl: Copy the URL to the object {#operations-copyurl}
 
-If the server doesn't support `Copy` directly then for copy operations
-the file is downloaded then re-uploaded.
+This takes the following parameters:
 
-### Move ###
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
+- url - string, URL to read from
+ - autoFilename - boolean, set to true to retrieve destination file name from url
 
-Used when moving/renaming an object on the same remote.  This is known
-as a server-side move of a file.  This is used in `rclone move` if the
-server doesn't support `DirMove`.
+See the [copyurl](https://rclone.org/commands/rclone_copyurl/) command for more information on the above.
 
-If the server isn't capable of `Move` then rclone simulates it with
-`Copy` then delete.  If the server doesn't support `Copy` then rclone
-will download the file and re-upload it.
+**Authentication is required for this call.**
 
-### DirMove ###
+### operations/delete: Remove files in the path {#operations-delete}
 
-This is used to implement `rclone move` to move a directory if
-possible.  If it isn't then it will use `Move` on each file (which
-falls back to `Copy` then download and upload - see `Move` section).
+This takes the following parameters:
 
-### CleanUp ###
+- fs - a remote name string e.g. "drive:"
 
-This is used for emptying the trash for a remote by `rclone cleanup`.
+See the [delete](https://rclone.org/commands/rclone_delete/) command for more information on the above.
 
-If the server can't do `CleanUp` then `rclone cleanup` will return an
-error.
+**Authentication is required for this call.**
 
-‡‡ Note that while Box implements this it has to delete every file
-individually so it will be slower than emptying the trash via the WebUI
+### operations/deletefile: Remove the single file pointed to {#operations-deletefile}
 
-### ListR ###
+This takes the following parameters:
 
-The remote supports a recursive list to list all the contents beneath
-a directory quickly.  This enables the `--fast-list` flag to work.
-See the [rclone docs](https://rclone.org/docs/#fast-list) for more details.
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
 
-### StreamUpload ###
+See the [deletefile](https://rclone.org/commands/rclone_deletefile/) command for more information on the above.
 
-Some remotes allow files to be uploaded without knowing the file size
-in advance. This allows certain operations to work without spooling the
-file to local disk first, e.g. `rclone rcat`.
+**Authentication is required for this call.**
 
-### LinkSharing ###
+### operations/fsinfo: Return information about the remote {#operations-fsinfo}
 
-Sets the necessary permissions on a file or folder and prints a link
-that allows others to access them, even if they don't have an account
-on the particular cloud provider.
+This takes the following parameters:
 
-### About ###
+- fs - a remote name string e.g. "drive:"
 
-Rclone `about` prints quota information for a remote. Typical output
-includes bytes used, free, quota and in trash.
+This returns info about the remote passed in;
 
-If a remote lacks about capability `rclone about remote:`returns
-an error.
+```
+{
+        // optional features and whether they are available or not
+        "Features": {
+                "About": true,
+                "BucketBased": false,
+                "BucketBasedRootOK": false,
+                "CanHaveEmptyDirectories": true,
+                "CaseInsensitive": false,
+                "ChangeNotify": false,
+                "CleanUp": false,
+                "Command": true,
+                "Copy": false,
+                "DirCacheFlush": false,
+                "DirMove": true,
+                "Disconnect": false,
+                "DuplicateFiles": false,
+                "GetTier": false,
+                "IsLocal": true,
+                "ListR": false,
+                "MergeDirs": false,
+                "MetadataInfo": true,
+                "Move": true,
+                "OpenWriterAt": true,
+                "PublicLink": false,
+                "Purge": true,
+                "PutStream": true,
+                "PutUnchecked": false,
+                "ReadMetadata": true,
+                "ReadMimeType": false,
+                "ServerSideAcrossConfigs": false,
+                "SetTier": false,
+                "SetWrapper": false,
+                "Shutdown": false,
+                "SlowHash": true,
+                "SlowModTime": false,
+                "UnWrap": false,
+                "UserInfo": false,
+                "UserMetadata": true,
+                "WrapFs": false,
+                "WriteMetadata": true,
+                "WriteMimeType": false
+        },
+        // Names of hashes available
+        "Hashes": [
+                "md5",
+                "sha1",
+                "whirlpool",
+                "crc32",
+                "sha256",
+                "dropbox",
+                "mailru",
+                "quickxor"
+        ],
+        "Name": "local",        // Name as created
+        "Precision": 1,         // Precision of timestamps in ns
+        "Root": "/",            // Path as created
+        "String": "Local file system at /", // how the remote will appear in logs
+        // Information about the system metadata for this backend
+        "MetadataInfo": {
+                "System": {
+                        "atime": {
+                                "Help": "Time of last access",
+                                "Type": "RFC 3339",
+                                "Example": "2006-01-02T15:04:05.999999999Z07:00"
+                        },
+                        "btime": {
+                                "Help": "Time of file birth (creation)",
+                                "Type": "RFC 3339",
+                                "Example": "2006-01-02T15:04:05.999999999Z07:00"
+                        },
+                        "gid": {
+                                "Help": "Group ID of owner",
+                                "Type": "decimal number",
+                                "Example": "500"
+                        },
+                        "mode": {
+                                "Help": "File type and mode",
+                                "Type": "octal, unix style",
+                                "Example": "0100664"
+                        },
+                        "mtime": {
+                                "Help": "Time of last modification",
+                                "Type": "RFC 3339",
+                                "Example": "2006-01-02T15:04:05.999999999Z07:00"
+                        },
+                        "rdev": {
+                                "Help": "Device ID (if special file)",
+                                "Type": "hexadecimal",
+                                "Example": "1abc"
+                        },
+                        "uid": {
+                                "Help": "User ID of owner",
+                                "Type": "decimal number",
+                                "Example": "500"
+                        }
+                },
+                "Help": "Textual help string\n"
+        }
+}
+```
 
-Backends without about capability cannot determine free space for an
-rclone mount, or use policy `mfs` (most free space) as a member of an
-rclone union remote.
+This command does not have a command line equivalent so use this instead:
 
-See [rclone about command](https://rclone.org/commands/rclone_about/)
+    rclone rc --loopback operations/fsinfo fs=remote:
 
-### EmptyDir ###
+### operations/list: List the given remote and path in JSON format {#operations-list}
 
-The remote supports empty directories. See [Limitations](https://rclone.org/bugs/#limitations)
- for details. Most Object/Bucket-based remotes do not support this.
+This takes the following parameters:
 
-# Global Flags
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
+- opt - a dictionary of options to control the listing (optional)
+    - recurse - If set recurse directories
+    - noModTime - If set return modification time
+    - showEncrypted -  If set show decrypted names
+    - showOrigIDs - If set show the IDs for each item if known
+    - showHash - If set return a dictionary of hashes
+    - noMimeType - If set don't show mime types
+    - dirsOnly - If set only show directories
+    - filesOnly - If set only show files
+    - metadata - If set return metadata of objects also
+    - hashTypes - array of strings of hash types to show if showHash set
 
-This describes the global flags available to every rclone command
-split into two groups, non backend and backend flags.
-
-## Non Backend Flags
-
-These flags are available for every command.
-
-```
-      --ask-password                         Allow prompt for password for encrypted configuration (default true)
-      --auto-confirm                         If enabled, do not request console confirmation
-      --backup-dir string                    Make backups into hierarchy based in DIR
-      --bind string                          Local address to bind to for outgoing connections, IPv4, IPv6 or name
-      --buffer-size SizeSuffix               In memory buffer size when reading files for each --transfer (default 16Mi)
-      --bwlimit BwTimetable                  Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --bwlimit-file BwTimetable             Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --ca-cert stringArray                  CA certificate used to verify servers
-      --cache-dir string                     Directory rclone will use for caching (default "$HOME/.cache/rclone")
-      --check-first                          Do all the checks before starting transfers
-      --checkers int                         Number of checkers to run in parallel (default 8)
-  -c, --checksum                             Skip based on checksum (if available) & size, not mod-time & size
-      --client-cert string                   Client SSL certificate (PEM) for mutual TLS auth
-      --client-key string                    Client SSL private key (PEM) for mutual TLS auth
-      --color string                         When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default "AUTO")
-      --compare-dest stringArray             Include additional comma separated server-side paths during comparison
-      --config string                        Config file (default "$HOME/.config/rclone/rclone.conf")
-      --contimeout Duration                  Connect timeout (default 1m0s)
-      --copy-dest stringArray                Implies --compare-dest but also copies files from paths into destination
-      --cpuprofile string                    Write cpu profile to file
-      --cutoff-mode string                   Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default "HARD")
-      --delete-after                         When synchronizing, delete files on destination after transferring (default)
-      --delete-before                        When synchronizing, delete files on destination before transferring
-      --delete-during                        When synchronizing, delete files during transfer
-      --delete-excluded                      Delete files on dest excluded from sync
-      --disable string                       Disable a comma separated list of features (use --disable help to see a list)
-      --disable-http-keep-alives             Disable HTTP keep-alives and use each connection once.
-      --disable-http2                        Disable HTTP/2 in the global transport
-  -n, --dry-run                              Do a trial run with no permanent changes
-      --dscp string                          Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
-      --dump DumpFlags                       List of items to dump from: headers,bodies,requests,responses,auth,filters,goroutines,openfiles
-      --dump-bodies                          Dump HTTP headers and bodies - may contain sensitive info
-      --dump-headers                         Dump HTTP headers - may contain sensitive info
-      --error-on-no-transfer                 Sets exit code 9 if no files are transferred, useful in scripts
-      --exclude stringArray                  Exclude files matching pattern
-      --exclude-from stringArray             Read file exclude patterns from file (use - to read from stdin)
-      --exclude-if-present stringArray       Exclude directories if filename is present
-      --expect-continue-timeout Duration     Timeout when using expect / 100-continue in HTTP (default 1s)
-      --fast-list                            Use recursive list if available; uses more memory but fewer transactions
-      --files-from stringArray               Read list of source-file names from file (use - to read from stdin)
-      --files-from-raw stringArray           Read list of source-file names from file without any processing of lines (use - to read from stdin)
-  -f, --filter stringArray                   Add a file filtering rule
-      --filter-from stringArray              Read file filtering patterns from a file (use - to read from stdin)
-      --fs-cache-expire-duration Duration    Cache remotes for this long (0 to disable caching) (default 5m0s)
-      --fs-cache-expire-interval Duration    Interval to check for expired remotes (default 1m0s)
-      --header stringArray                   Set HTTP header for all transactions
-      --header-download stringArray          Set HTTP header for download transactions
-      --header-upload stringArray            Set HTTP header for upload transactions
-      --human-readable                       Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
-      --ignore-case                          Ignore case in filters (case insensitive)
-      --ignore-case-sync                     Ignore case when synchronizing
-      --ignore-checksum                      Skip post copy check of checksums
-      --ignore-errors                        Delete even if there are I/O errors
-      --ignore-existing                      Skip all files that exist on destination
-      --ignore-size                          Ignore size when skipping use mod-time or checksum
-  -I, --ignore-times                         Don't skip files that match size and time - transfer all files
-      --immutable                            Do not modify files, fail if existing files have been modified
-      --include stringArray                  Include files matching pattern
-      --include-from stringArray             Read file include patterns from file (use - to read from stdin)
-  -i, --interactive                          Enable interactive mode
-      --kv-lock-time Duration                Maximum time to keep key-value database locked by process (default 1s)
-      --log-file string                      Log everything to this file
-      --log-format string                    Comma separated list of log format options (default "date,time")
-      --log-level string                     Log level DEBUG|INFO|NOTICE|ERROR (default "NOTICE")
-      --log-systemd                          Activate systemd integration for the logger
-      --low-level-retries int                Number of low level retries to do (default 10)
-      --max-age Duration                     Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --max-backlog int                      Maximum number of objects in sync or check backlog (default 10000)
-      --max-delete int                       When synchronizing, limit the number of deletes (default -1)
-      --max-delete-size SizeSuffix           When synchronizing, limit the total size of deletes (default off)
-      --max-depth int                        If set limits the recursion depth to this (default -1)
-      --max-duration Duration                Maximum duration rclone will transfer data for (default 0s)
-      --max-size SizeSuffix                  Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
-      --max-stats-groups int                 Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
-      --max-transfer SizeSuffix              Maximum size of data to transfer (default off)
-      --memprofile string                    Write memory profile to file
-  -M, --metadata                             If set, preserve metadata when copying objects
-      --metadata-exclude stringArray         Exclude metadatas matching pattern
-      --metadata-exclude-from stringArray    Read metadata exclude patterns from file (use - to read from stdin)
-      --metadata-filter stringArray          Add a metadata filtering rule
-      --metadata-filter-from stringArray     Read metadata filtering patterns from a file (use - to read from stdin)
-      --metadata-include stringArray         Include metadatas matching pattern
-      --metadata-include-from stringArray    Read metadata include patterns from file (use - to read from stdin)
-      --metadata-set stringArray             Add metadata key=value when uploading
-      --min-age Duration                     Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --min-size SizeSuffix                  Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
-      --modify-window Duration               Max time diff to be considered the same (default 1ns)
-      --multi-thread-cutoff SizeSuffix       Use multi-thread downloads for files above this size (default 250Mi)
-      --multi-thread-streams int             Max number of streams to use for multi-thread downloads (default 4)
-      --no-check-certificate                 Do not verify the server SSL certificate (insecure)
-      --no-check-dest                        Don't check the destination, copy regardless
-      --no-console                           Hide console window (supported on Windows only)
-      --no-gzip-encoding                     Don't set Accept-Encoding: gzip
-      --no-traverse                          Don't traverse destination file system on copy
-      --no-unicode-normalization             Don't normalize unicode characters in filenames
-      --no-update-modtime                    Don't update destination mod-time if files identical
-      --order-by string                      Instructions on how to order the transfers, e.g. 'size,descending'
-      --password-command SpaceSepList        Command for supplying password for encrypted configuration
-  -P, --progress                             Show progress during transfer
-      --progress-terminal-title              Show progress on the terminal title (requires -P/--progress)
-  -q, --quiet                                Print as little stuff as possible
-      --rc                                   Enable the remote control server
-      --rc-addr stringArray                  IPaddress:Port or :Port to bind server to (default [localhost:5572])
-      --rc-allow-origin string               Set the allowed origin for CORS
-      --rc-baseurl string                    Prefix for URLs - leave blank for root
-      --rc-cert string                       TLS PEM key (concatenation of certificate and CA certificate)
-      --rc-client-ca string                  Client certificate authority to verify clients with
-      --rc-enable-metrics                    Enable prometheus metrics on /metrics
-      --rc-files string                      Path to local files to serve on the HTTP server
-      --rc-htpasswd string                   A htpasswd file - if not provided no authentication is done
-      --rc-job-expire-duration Duration      Expire finished async jobs older than this value (default 1m0s)
-      --rc-job-expire-interval Duration      Interval to check for expired async jobs (default 10s)
-      --rc-key string                        TLS PEM Private key
-      --rc-max-header-bytes int              Maximum size of request header (default 4096)
-      --rc-min-tls-version string            Minimum TLS version that is acceptable (default "tls1.0")
-      --rc-no-auth                           Don't require auth for certain methods
-      --rc-pass string                       Password for authentication
-      --rc-realm string                      Realm for authentication
-      --rc-salt string                       Password hashing salt (default "dlPL2MqE")
-      --rc-serve                             Enable the serving of remote objects
-      --rc-server-read-timeout Duration      Timeout for server reading data (default 1h0m0s)
-      --rc-server-write-timeout Duration     Timeout for server writing data (default 1h0m0s)
-      --rc-template string                   User-specified template
-      --rc-user string                       User name for authentication
-      --rc-web-fetch-url string              URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
-      --rc-web-gui                           Launch WebGUI on localhost
-      --rc-web-gui-force-update              Force update to latest version of web gui
-      --rc-web-gui-no-open-browser           Don't open the browser automatically
-      --rc-web-gui-update                    Check and update to latest version of web gui
-      --refresh-times                        Refresh the modtime of remote files
-      --retries int                          Retry operations this many times if they fail (default 3)
-      --retries-sleep Duration               Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
-      --server-side-across-configs           Allow server-side operations (e.g. copy) to work across different configs
-      --size-only                            Skip based on size only, not mod-time or checksum
-      --stats Duration                       Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
-      --stats-file-name-length int           Max file name length in stats (0 for no limit) (default 45)
-      --stats-log-level string               Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default "INFO")
-      --stats-one-line                       Make the stats fit on one line
-      --stats-one-line-date                  Enable --stats-one-line and add current date/time prefix
-      --stats-one-line-date-format string    Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes ("), see https://golang.org/pkg/time/#Time.Format
-      --stats-unit string                    Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
-      --streaming-upload-cutoff SizeSuffix   Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
-      --suffix string                        Suffix to add to changed files
-      --suffix-keep-extension                Preserve the extension when using --suffix
-      --syslog                               Use Syslog for logging
-      --syslog-facility string               Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
-      --temp-dir string                      Directory rclone will use for temporary files (default "/tmp")
-      --timeout Duration                     IO idle timeout (default 5m0s)
-      --tpslimit float                       Limit HTTP transactions per second to this
-      --tpslimit-burst int                   Max burst of transactions for --tpslimit (default 1)
-      --track-renames                        When synchronizing, track file renames and do a server-side move if possible
-      --track-renames-strategy string        Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
-      --transfers int                        Number of file transfers to run in parallel (default 4)
-  -u, --update                               Skip files that are newer on the destination
-      --use-cookies                          Enable session cookiejar
-      --use-json-log                         Use json log format
-      --use-mmap                             Use mmap allocator (see docs)
-      --use-server-modtime                   Use server modified time instead of object metadata
-      --user-agent string                    Set the user-agent to a specified string (default "rclone/v1.62.0")
-  -v, --verbose count                        Print lots more stuff (repeat for more)
-```
-
-## Backend Flags
-
-These flags are available for every command. They control the backends
-and may be set in the config file.
-
-```
-      --acd-auth-url string                            Auth server URL
-      --acd-client-id string                           OAuth Client Id
-      --acd-client-secret string                       OAuth Client Secret
-      --acd-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --acd-templink-threshold SizeSuffix              Files >= this size will be downloaded via their tempLink (default 9Gi)
-      --acd-token string                               OAuth Access Token as a JSON blob
-      --acd-token-url string                           Token server url
-      --acd-upload-wait-per-gb Duration                Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
-      --alias-remote string                            Remote or path to alias
-      --azureblob-access-tier string                   Access tier of blob: hot, cool or archive
-      --azureblob-account string                       Azure Storage Account Name
-      --azureblob-archive-tier-delete                  Delete archive tier blobs before overwriting
-      --azureblob-chunk-size SizeSuffix                Upload chunk size (default 4Mi)
-      --azureblob-client-certificate-password string   Password for the certificate file (optional) (obscured)
-      --azureblob-client-certificate-path string       Path to a PEM or PKCS12 certificate file including the private key
-      --azureblob-client-id string                     The ID of the client in use
-      --azureblob-client-secret string                 One of the service principal's client secrets
-      --azureblob-client-send-certificate-chain        Send the certificate chain when using certificate auth
-      --azureblob-disable-checksum                     Don't store MD5 checksum with object metadata
-      --azureblob-encoding MultiEncoder                The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
-      --azureblob-endpoint string                      Endpoint for the service
-      --azureblob-env-auth                             Read credentials from runtime (environment variables, CLI or MSI)
-      --azureblob-key string                           Storage Account Shared Key
-      --azureblob-list-chunk int                       Size of blob list (default 5000)
-      --azureblob-memory-pool-flush-time Duration      How often internal memory buffer pools will be flushed (default 1m0s)
-      --azureblob-memory-pool-use-mmap                 Whether to use mmap buffers in internal memory pool
-      --azureblob-msi-client-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-msi-mi-res-id string                 Azure resource ID of the user-assigned MSI to use, if any
-      --azureblob-msi-object-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-no-check-container                   If set, don't attempt to check the container exists or create it
-      --azureblob-no-head-object                       If set, do not do HEAD before GET when getting objects
-      --azureblob-password string                      The user's password (obscured)
-      --azureblob-public-access string                 Public access level of a container: blob or container
-      --azureblob-sas-url string                       SAS URL for container level access only
-      --azureblob-service-principal-file string        Path to file containing credentials for use with a service principal
-      --azureblob-tenant string                        ID of the service principal's tenant. Also called its directory ID
-      --azureblob-upload-concurrency int               Concurrency for multipart uploads (default 16)
-      --azureblob-upload-cutoff string                 Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
-      --azureblob-use-emulator                         Uses local storage emulator if provided as 'true'
-      --azureblob-use-msi                              Use a managed service identity to authenticate (only works in Azure)
-      --azureblob-username string                      User name (usually an email address)
-      --b2-account string                              Account ID or Application Key ID
-      --b2-chunk-size SizeSuffix                       Upload chunk size (default 96Mi)
-      --b2-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4Gi)
-      --b2-disable-checksum                            Disable checksums for large (> upload cutoff) files
-      --b2-download-auth-duration Duration             Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
-      --b2-download-url string                         Custom endpoint for downloads
-      --b2-encoding MultiEncoder                       The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --b2-endpoint string                             Endpoint for the service
-      --b2-hard-delete                                 Permanently delete files on remote removal, otherwise hide files
-      --b2-key string                                  Application Key
-      --b2-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --b2-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --b2-test-mode string                            A flag string for X-Bz-Test-Mode header for debugging
-      --b2-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --b2-version-at Time                             Show file versions as they were at the specified time (default off)
-      --b2-versions                                    Include old versions in directory listings
-      --box-access-token string                        Box App Primary Access Token
-      --box-auth-url string                            Auth server URL
-      --box-box-config-file string                     Box App config.json location
-      --box-box-sub-type string                         (default "user")
-      --box-client-id string                           OAuth Client Id
-      --box-client-secret string                       OAuth Client Secret
-      --box-commit-retries int                         Max number of times to try committing a multipart file (default 100)
-      --box-encoding MultiEncoder                      The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
-      --box-list-chunk int                             Size of listing chunk 1-1000 (default 1000)
-      --box-owned-by string                            Only show items owned by the login (email address) passed in
-      --box-root-folder-id string                      Fill in for rclone to use a non root folder as its starting point
-      --box-token string                               OAuth Access Token as a JSON blob
-      --box-token-url string                           Token server url
-      --box-upload-cutoff SizeSuffix                   Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
-      --cache-chunk-clean-interval Duration            How often should the cache perform cleanups of the chunk storage (default 1m0s)
-      --cache-chunk-no-memory                          Disable the in-memory cache for storing chunks during streaming
-      --cache-chunk-path string                        Directory to cache chunk files (default "$HOME/.cache/rclone/cache-backend")
-      --cache-chunk-size SizeSuffix                    The size of a chunk (partial file data) (default 5Mi)
-      --cache-chunk-total-size SizeSuffix              The total size that the chunks can take up on the local disk (default 10Gi)
-      --cache-db-path string                           Directory to store file structure metadata DB (default "$HOME/.cache/rclone/cache-backend")
-      --cache-db-purge                                 Clear all the cached data for this remote on start
-      --cache-db-wait-time Duration                    How long to wait for the DB to be available - 0 is unlimited (default 1s)
-      --cache-info-age Duration                        How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
-      --cache-plex-insecure string                     Skip all certificate verification when connecting to the Plex server
-      --cache-plex-password string                     The password of the Plex user (obscured)
-      --cache-plex-url string                          The URL of the Plex server
-      --cache-plex-username string                     The username of the Plex user
-      --cache-read-retries int                         How many times to retry a read from a cache storage (default 10)
-      --cache-remote string                            Remote to cache
-      --cache-rps int                                  Limits the number of requests per second to the source FS (-1 to disable) (default -1)
-      --cache-tmp-upload-path string                   Directory to keep temporary files until they are uploaded
-      --cache-tmp-wait-time Duration                   How long should files be stored in local cache before being uploaded (default 15s)
-      --cache-workers int                              How many workers should run in parallel to download chunks (default 4)
-      --cache-writes                                   Cache file data on writes through the FS
-      --chunker-chunk-size SizeSuffix                  Files larger than chunk size will be split in chunks (default 2Gi)
-      --chunker-fail-hard                              Choose how chunker should handle files with missing or invalid chunks
-      --chunker-hash-type string                       Choose how chunker handles hash sums (default "md5")
-      --chunker-remote string                          Remote to chunk/unchunk
-      --combine-upstreams SpaceSepList                 Upstreams for combining
-      --compress-level int                             GZIP compression level (-2 to 9) (default -1)
-      --compress-mode string                           Compression mode (default "gzip")
-      --compress-ram-cache-limit SizeSuffix            Some remotes don't allow the upload of files with unknown size (default 20Mi)
-      --compress-remote string                         Remote to compress
-  -L, --copy-links                                     Follow symlinks and copy the pointed to item
-      --crypt-directory-name-encryption                Option to either encrypt directory names or leave them intact (default true)
-      --crypt-filename-encoding string                 How to encode the encrypted filename to text string (default "base32")
-      --crypt-filename-encryption string               How to encrypt the filenames (default "standard")
-      --crypt-no-data-encryption                       Option to either encrypt file data or leave it unencrypted
-      --crypt-password string                          Password or pass phrase for encryption (obscured)
-      --crypt-password2 string                         Password or pass phrase for salt (obscured)
-      --crypt-remote string                            Remote to encrypt/decrypt
-      --crypt-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different crypt configs
-      --crypt-show-mapping                             For all files listed show how the names encrypt
-      --drive-acknowledge-abuse                        Set to allow files which return cannotDownloadAbusiveFile to be downloaded
-      --drive-allow-import-name-change                 Allow the filetype to change when uploading Google docs
-      --drive-auth-owner-only                          Only consider files owned by the authenticated user
-      --drive-auth-url string                          Auth server URL
-      --drive-chunk-size SizeSuffix                    Upload chunk size (default 8Mi)
-      --drive-client-id string                         Google Application Client Id
-      --drive-client-secret string                     OAuth Client Secret
-      --drive-copy-shortcut-content                    Server side copy contents of shortcuts instead of the shortcut
-      --drive-disable-http2                            Disable drive using http2 (default true)
-      --drive-encoding MultiEncoder                    The encoding for the backend (default InvalidUtf8)
-      --drive-export-formats string                    Comma separated list of preferred formats for downloading Google docs (default "docx,xlsx,pptx,svg")
-      --drive-formats string                           Deprecated: See export_formats
-      --drive-impersonate string                       Impersonate this user when using a service account
-      --drive-import-formats string                    Comma separated list of preferred formats for uploading Google docs
-      --drive-keep-revision-forever                    Keep new head revision of each file forever
-      --drive-list-chunk int                           Size of listing chunk 100-1000, 0 to disable (default 1000)
-      --drive-pacer-burst int                          Number of API calls to allow without sleeping (default 100)
-      --drive-pacer-min-sleep Duration                 Minimum time to sleep between API calls (default 100ms)
-      --drive-resource-key string                      Resource key for accessing a link-shared file
-      --drive-root-folder-id string                    ID of the root folder
-      --drive-scope string                             Scope that rclone should use when requesting access from drive
-      --drive-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different drive configs
-      --drive-service-account-credentials string       Service Account Credentials JSON blob
-      --drive-service-account-file string              Service Account Credentials JSON file path
-      --drive-shared-with-me                           Only show files that are shared with me
-      --drive-size-as-quota                            Show sizes as storage quota usage, not actual size
-      --drive-skip-checksum-gphotos                    Skip MD5 checksum on Google photos and videos only
-      --drive-skip-dangling-shortcuts                  If set skip dangling shortcut files
-      --drive-skip-gdocs                               Skip google documents in all listings
-      --drive-skip-shortcuts                           If set skip shortcut files
-      --drive-starred-only                             Only show files that are starred
-      --drive-stop-on-download-limit                   Make download limit errors be fatal
-      --drive-stop-on-upload-limit                     Make upload limit errors be fatal
-      --drive-team-drive string                        ID of the Shared Drive (Team Drive)
-      --drive-token string                             OAuth Access Token as a JSON blob
-      --drive-token-url string                         Token server url
-      --drive-trashed-only                             Only show files that are in the trash
-      --drive-upload-cutoff SizeSuffix                 Cutoff for switching to chunked upload (default 8Mi)
-      --drive-use-created-date                         Use file created date instead of modified date
-      --drive-use-shared-date                          Use date file was shared instead of modified date
-      --drive-use-trash                                Send files to the trash instead of deleting permanently (default true)
-      --drive-v2-download-min-size SizeSuffix          If Object's are greater, use drive v2 API to download (default off)
-      --dropbox-auth-url string                        Auth server URL
-      --dropbox-batch-commit-timeout Duration          Max time to wait for a batch to finish committing (default 10m0s)
-      --dropbox-batch-mode string                      Upload file batching sync|async|off (default "sync")
-      --dropbox-batch-size int                         Max number of files in upload batch
-      --dropbox-batch-timeout Duration                 Max time to allow an idle upload batch before uploading (default 0s)
-      --dropbox-chunk-size SizeSuffix                  Upload chunk size (< 150Mi) (default 48Mi)
-      --dropbox-client-id string                       OAuth Client Id
-      --dropbox-client-secret string                   OAuth Client Secret
-      --dropbox-encoding MultiEncoder                  The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
-      --dropbox-impersonate string                     Impersonate this user when using a business account
-      --dropbox-shared-files                           Instructs rclone to work on individual shared files
-      --dropbox-shared-folders                         Instructs rclone to work on shared folders
-      --dropbox-token string                           OAuth Access Token as a JSON blob
-      --dropbox-token-url string                       Token server url
-      --fichier-api-key string                         Your API Key, get it from https://1fichier.com/console/params.pl
-      --fichier-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
-      --fichier-file-password string                   If you want to download a shared file that is password protected, add this parameter (obscured)
-      --fichier-folder-password string                 If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
-      --fichier-shared-folder string                   If you want to download a shared folder, add this parameter
-      --filefabric-encoding MultiEncoder               The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --filefabric-permanent-token string              Permanent Authentication Token
-      --filefabric-root-folder-id string               ID of the root folder
-      --filefabric-token string                        Session Token
-      --filefabric-token-expiry string                 Token expiry time
-      --filefabric-url string                          URL of the Enterprise File Fabric to connect to
-      --filefabric-version string                      Version read from the file fabric
-      --ftp-ask-password                               Allow asking for FTP password when needed
-      --ftp-close-timeout Duration                     Maximum time to wait for a response to close (default 1m0s)
-      --ftp-concurrency int                            Maximum number of FTP simultaneous connections, 0 for unlimited
-      --ftp-disable-epsv                               Disable using EPSV even if server advertises support
-      --ftp-disable-mlsd                               Disable using MLSD even if server advertises support
-      --ftp-disable-tls13                              Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
-      --ftp-disable-utf8                               Disable using UTF-8 even if server advertises support
-      --ftp-encoding MultiEncoder                      The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
-      --ftp-explicit-tls                               Use Explicit FTPS (FTP over TLS)
-      --ftp-force-list-hidden                          Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
-      --ftp-host string                                FTP host to connect to
-      --ftp-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --ftp-no-check-certificate                       Do not verify the TLS certificate of the server
-      --ftp-pass string                                FTP password (obscured)
-      --ftp-port int                                   FTP port number (default 21)
-      --ftp-shut-timeout Duration                      Maximum time to wait for data connection closing status (default 1m0s)
-      --ftp-tls                                        Use Implicit FTPS (FTP over TLS)
-      --ftp-tls-cache-size int                         Size of TLS session cache for all control and data connections (default 32)
-      --ftp-user string                                FTP username (default "$USER")
-      --ftp-writing-mdtm                               Use MDTM to set modification time (VsFtpd quirk)
-      --gcs-anonymous                                  Access public buckets and objects without credentials
-      --gcs-auth-url string                            Auth server URL
-      --gcs-bucket-acl string                          Access Control List for new buckets
-      --gcs-bucket-policy-only                         Access checks should use bucket-level IAM policies
-      --gcs-client-id string                           OAuth Client Id
-      --gcs-client-secret string                       OAuth Client Secret
-      --gcs-decompress                                 If set this will decompress gzip encoded objects
-      --gcs-encoding MultiEncoder                      The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gcs-endpoint string                            Endpoint for the service
-      --gcs-env-auth                                   Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
-      --gcs-location string                            Location for the newly created buckets
-      --gcs-no-check-bucket                            If set, don't attempt to check the bucket exists or create it
-      --gcs-object-acl string                          Access Control List for new objects
-      --gcs-project-number string                      Project number
-      --gcs-service-account-file string                Service Account Credentials JSON file path
-      --gcs-storage-class string                       The storage class to use when storing objects in Google Cloud Storage
-      --gcs-token string                               OAuth Access Token as a JSON blob
-      --gcs-token-url string                           Token server url
-      --gphotos-auth-url string                        Auth server URL
-      --gphotos-client-id string                       OAuth Client Id
-      --gphotos-client-secret string                   OAuth Client Secret
-      --gphotos-encoding MultiEncoder                  The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gphotos-include-archived                       Also view and download archived media
-      --gphotos-read-only                              Set to make the Google Photos backend read only
-      --gphotos-read-size                              Set to read the size of media items
-      --gphotos-start-year int                         Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
-      --gphotos-token string                           OAuth Access Token as a JSON blob
-      --gphotos-token-url string                       Token server url
-      --hasher-auto-size SizeSuffix                    Auto-update checksum for files smaller than this size (disabled by default)
-      --hasher-hashes CommaSepList                     Comma separated list of supported checksum types (default md5,sha1)
-      --hasher-max-age Duration                        Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
-      --hasher-remote string                           Remote to cache checksums for (e.g. myRemote:path)
-      --hdfs-data-transfer-protection string           Kerberos data transfer protection: authentication|integrity|privacy
-      --hdfs-encoding MultiEncoder                     The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
-      --hdfs-namenode string                           Hadoop name node and port
-      --hdfs-service-principal-name string             Kerberos service principal name for the namenode
-      --hdfs-username string                           Hadoop user name
-      --hidrive-auth-url string                        Auth server URL
-      --hidrive-chunk-size SizeSuffix                  Chunksize for chunked uploads (default 48Mi)
-      --hidrive-client-id string                       OAuth Client Id
-      --hidrive-client-secret string                   OAuth Client Secret
-      --hidrive-disable-fetching-member-count          Do not fetch number of objects in directories unless it is absolutely necessary
-      --hidrive-encoding MultiEncoder                  The encoding for the backend (default Slash,Dot)
-      --hidrive-endpoint string                        Endpoint for the service (default "https://api.hidrive.strato.com/2.1")
-      --hidrive-root-prefix string                     The root/parent folder for all paths (default "/")
-      --hidrive-scope-access string                    Access permissions that rclone should use when requesting access from HiDrive (default "rw")
-      --hidrive-scope-role string                      User-level that rclone should use when requesting access from HiDrive (default "user")
-      --hidrive-token string                           OAuth Access Token as a JSON blob
-      --hidrive-token-url string                       Token server url
-      --hidrive-upload-concurrency int                 Concurrency for chunked uploads (default 4)
-      --hidrive-upload-cutoff SizeSuffix               Cutoff/Threshold for chunked uploads (default 96Mi)
-      --http-headers CommaSepList                      Set HTTP headers for all transactions
-      --http-no-head                                   Don't use HEAD requests
-      --http-no-slash                                  Set this if the site doesn't end directories with /
-      --http-url string                                URL of HTTP host to connect to
-      --internetarchive-access-key-id string           IAS3 Access Key
-      --internetarchive-disable-checksum               Don't ask the server to test against MD5 checksum calculated by rclone (default true)
-      --internetarchive-encoding MultiEncoder          The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
-      --internetarchive-endpoint string                IAS3 Endpoint (default "https://s3.us.archive.org")
-      --internetarchive-front-endpoint string          Host of InternetArchive Frontend (default "https://archive.org")
-      --internetarchive-secret-access-key string       IAS3 Secret Key (password)
-      --internetarchive-wait-archive Duration          Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish (default 0s)
-      --jottacloud-encoding MultiEncoder               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
-      --jottacloud-hard-delete                         Delete files permanently rather than putting them into the trash
-      --jottacloud-md5-memory-limit SizeSuffix         Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
-      --jottacloud-no-versions                         Avoid server side versioning by deleting files and recreating files instead of overwriting them
-      --jottacloud-trashed-only                        Only show files that are in the trash
-      --jottacloud-upload-resume-limit SizeSuffix      Files bigger than this can be resumed if the upload fail's (default 10Mi)
-      --koofr-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --koofr-endpoint string                          The Koofr API endpoint to use
-      --koofr-mountid string                           Mount ID of the mount to use
-      --koofr-password string                          Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
-      --koofr-provider string                          Choose your storage provider
-      --koofr-setmtime                                 Does the backend support setting modification time (default true)
-      --koofr-user string                              Your user name
-  -l, --links                                          Translate symlinks to/from regular files with a '.rclonelink' extension
-      --local-case-insensitive                         Force the filesystem to report itself as case insensitive
-      --local-case-sensitive                           Force the filesystem to report itself as case sensitive
-      --local-encoding MultiEncoder                    The encoding for the backend (default Slash,Dot)
-      --local-no-check-updated                         Don't check to see if the files change during upload
-      --local-no-preallocate                           Disable preallocation of disk space for transferred files
-      --local-no-set-modtime                           Disable setting modtime
-      --local-no-sparse                                Disable sparse files for multi-thread downloads
-      --local-nounc                                    Disable UNC (long path names) conversion on Windows
-      --local-unicode-normalization                    Apply unicode NFC normalization to paths and filenames
-      --local-zero-size-links                          Assume the Stat size of links is zero (and read them instead) (deprecated)
-      --mailru-check-hash                              What should copy do if file checksum is mismatched or invalid (default true)
-      --mailru-encoding MultiEncoder                   The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --mailru-pass string                             Password (obscured)
-      --mailru-speedup-enable                          Skip full upload if there is another file with same data hash (default true)
-      --mailru-speedup-file-patterns string            Comma separated list of file name patterns eligible for speedup (put by hash) (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
-      --mailru-speedup-max-disk SizeSuffix             This option allows you to disable speedup (put by hash) for large files (default 3Gi)
-      --mailru-speedup-max-memory SizeSuffix           Files larger than the size given below will always be hashed on disk (default 32Mi)
-      --mailru-user string                             User name (usually email)
-      --mega-debug                                     Output more debug from Mega
-      --mega-encoding MultiEncoder                     The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --mega-hard-delete                               Delete files permanently rather than putting them into the trash
-      --mega-pass string                               Password (obscured)
-      --mega-use-https                                 Use HTTPS for transfers
-      --mega-user string                               User name
-      --netstorage-account string                      Set the NetStorage account name
-      --netstorage-host string                         Domain+path of NetStorage host to connect to
-      --netstorage-protocol string                     Select between HTTP or HTTPS protocol (default "https")
-      --netstorage-secret string                       Set the NetStorage account secret/G2O key for authentication (obscured)
-  -x, --one-file-system                                Don't cross filesystem boundaries (unix/macOS only)
-      --onedrive-access-scopes SpaceSepList            Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
-      --onedrive-auth-url string                       Auth server URL
-      --onedrive-chunk-size SizeSuffix                 Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
-      --onedrive-client-id string                      OAuth Client Id
-      --onedrive-client-secret string                  OAuth Client Secret
-      --onedrive-drive-id string                       The ID of the drive to use
-      --onedrive-drive-type string                     The type of the drive (personal | business | documentLibrary)
-      --onedrive-encoding MultiEncoder                 The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --onedrive-expose-onenote-files                  Set to make OneNote files show up in directory listings
-      --onedrive-hash-type string                      Specify the hash in use for the backend (default "auto")
-      --onedrive-link-password string                  Set the password for links created by the link command
-      --onedrive-link-scope string                     Set the scope of the links created by the link command (default "anonymous")
-      --onedrive-link-type string                      Set the type of the links created by the link command (default "view")
-      --onedrive-list-chunk int                        Size of listing chunk (default 1000)
-      --onedrive-no-versions                           Remove all versions on modifying operations
-      --onedrive-region string                         Choose national cloud region for OneDrive (default "global")
-      --onedrive-root-folder-id string                 ID of the root folder
-      --onedrive-server-side-across-configs            Allow server-side operations (e.g. copy) to work across different onedrive configs
-      --onedrive-token string                          OAuth Access Token as a JSON blob
-      --onedrive-token-url string                      Token server url
-      --oos-chunk-size SizeSuffix                      Chunk size to use for uploading (default 5Mi)
-      --oos-compartment string                         Object storage compartment OCID
-      --oos-config-file string                         Path to OCI config file (default "~/.oci/config")
-      --oos-config-profile string                      Profile name inside the oci config file (default "Default")
-      --oos-copy-cutoff SizeSuffix                     Cutoff for switching to multipart copy (default 4.656Gi)
-      --oos-copy-timeout Duration                      Timeout for copy (default 1m0s)
-      --oos-disable-checksum                           Don't store MD5 checksum with object metadata
-      --oos-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --oos-endpoint string                            Endpoint for Object storage API
-      --oos-leave-parts-on-error                       If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --oos-namespace string                           Object storage namespace
-      --oos-no-check-bucket                            If set, don't attempt to check the bucket exists or create it
-      --oos-provider string                            Choose your Auth Provider (default "env_auth")
-      --oos-region string                              Object storage Region
-      --oos-sse-customer-algorithm string              If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm
-      --oos-sse-customer-key string                    To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
-      --oos-sse-customer-key-file string               To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
-      --oos-sse-customer-key-sha256 string             If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
-      --oos-sse-kms-key-id string                      if using using your own master key in vault, this header specifies the
-      --oos-storage-tier string                        The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default "Standard")
-      --oos-upload-concurrency int                     Concurrency for multipart uploads (default 10)
-      --oos-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
-      --opendrive-chunk-size SizeSuffix                Files will be uploaded in chunks this size (default 10Mi)
-      --opendrive-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
-      --opendrive-password string                      Password (obscured)
-      --opendrive-username string                      Username
-      --pcloud-auth-url string                         Auth server URL
-      --pcloud-client-id string                        OAuth Client Id
-      --pcloud-client-secret string                    OAuth Client Secret
-      --pcloud-encoding MultiEncoder                   The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --pcloud-hostname string                         Hostname to connect to (default "api.pcloud.com")
-      --pcloud-password string                         Your pcloud password (obscured)
-      --pcloud-root-folder-id string                   Fill in for rclone to use a non root folder as its starting point (default "d0")
-      --pcloud-token string                            OAuth Access Token as a JSON blob
-      --pcloud-token-url string                        Token server url
-      --pcloud-username string                         Your pcloud username
-      --premiumizeme-encoding MultiEncoder             The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --putio-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --qingstor-access-key-id string                  QingStor Access Key ID
-      --qingstor-chunk-size SizeSuffix                 Chunk size to use for uploading (default 4Mi)
-      --qingstor-connection-retries int                Number of connection retries (default 3)
-      --qingstor-encoding MultiEncoder                 The encoding for the backend (default Slash,Ctl,InvalidUtf8)
-      --qingstor-endpoint string                       Enter an endpoint URL to connection QingStor API
-      --qingstor-env-auth                              Get QingStor credentials from runtime
-      --qingstor-secret-access-key string              QingStor Secret Access Key (password)
-      --qingstor-upload-concurrency int                Concurrency for multipart uploads (default 1)
-      --qingstor-upload-cutoff SizeSuffix              Cutoff for switching to chunked upload (default 200Mi)
-      --qingstor-zone string                           Zone to connect to
-      --s3-access-key-id string                        AWS Access Key ID
-      --s3-acl string                                  Canned ACL used when creating buckets and storing or copying objects
-      --s3-bucket-acl string                           Canned ACL used when creating buckets
-      --s3-chunk-size SizeSuffix                       Chunk size to use for uploading (default 5Mi)
-      --s3-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4.656Gi)
-      --s3-decompress                                  If set this will decompress gzip encoded objects
-      --s3-disable-checksum                            Don't store MD5 checksum with object metadata
-      --s3-disable-http2                               Disable usage of http2 for S3 backends
-      --s3-download-url string                         Custom endpoint for downloads
-      --s3-encoding MultiEncoder                       The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --s3-endpoint string                             Endpoint for S3 API
-      --s3-env-auth                                    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
-      --s3-force-path-style                            If true use path style access if false use virtual hosted style (default true)
-      --s3-leave-parts-on-error                        If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --s3-list-chunk int                              Size of listing chunk (response list for each ListObject S3 request) (default 1000)
-      --s3-list-url-encode Tristate                    Whether to url encode listings: true/false/unset (default unset)
-      --s3-list-version int                            Version of ListObjects to use: 1,2 or 0 for auto
-      --s3-location-constraint string                  Location constraint - must be set to match the Region
-      --s3-max-upload-parts int                        Maximum number of parts in a multipart upload (default 10000)
-      --s3-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --s3-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --s3-might-gzip Tristate                         Set this if the backend might gzip objects (default unset)
-      --s3-no-check-bucket                             If set, don't attempt to check the bucket exists or create it
-      --s3-no-head                                     If set, don't HEAD uploaded objects to check integrity
-      --s3-no-head-object                              If set, do not do HEAD before GET when getting objects
-      --s3-no-system-metadata                          Suppress setting and reading of system metadata
-      --s3-profile string                              Profile to use in the shared credentials file
-      --s3-provider string                             Choose your S3 provider
-      --s3-region string                               Region to connect to
-      --s3-requester-pays                              Enables requester pays option when interacting with S3 bucket
-      --s3-secret-access-key string                    AWS Secret Access Key (password)
-      --s3-server-side-encryption string               The server-side encryption algorithm used when storing this object in S3
-      --s3-session-token string                        An AWS session token
-      --s3-shared-credentials-file string              Path to the shared credentials file
-      --s3-sse-customer-algorithm string               If using SSE-C, the server-side encryption algorithm used when storing this object in S3
-      --s3-sse-customer-key string                     To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
-      --s3-sse-customer-key-base64 string              If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
-      --s3-sse-customer-key-md5 string                 If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
-      --s3-sse-kms-key-id string                       If using KMS ID you must provide the ARN of Key
-      --s3-storage-class string                        The storage class to use when storing new objects in S3
-      --s3-sts-endpoint string                         Endpoint for STS
-      --s3-upload-concurrency int                      Concurrency for multipart uploads (default 4)
-      --s3-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --s3-use-accelerate-endpoint                     If true use the AWS S3 accelerated endpoint
-      --s3-use-multipart-etag Tristate                 Whether to use ETag in multipart uploads for verification (default unset)
-      --s3-use-presigned-request                       Whether to use a presigned request or PutObject for single part uploads
-      --s3-v2-auth                                     If true use v2 authentication
-      --s3-version-at Time                             Show file versions as they were at the specified time (default off)
-      --s3-versions                                    Include old versions in directory listings
-      --seafile-2fa                                    Two-factor authentication ('true' if the account has 2FA enabled)
-      --seafile-create-library                         Should rclone create a library if it doesn't exist
-      --seafile-encoding MultiEncoder                  The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
-      --seafile-library string                         Name of the library
-      --seafile-library-key string                     Library password (for encrypted libraries only) (obscured)
-      --seafile-pass string                            Password (obscured)
-      --seafile-url string                             URL of seafile host to connect to
-      --seafile-user string                            User name (usually email address)
-      --sftp-ask-password                              Allow asking for SFTP password when needed
-      --sftp-chunk-size SizeSuffix                     Upload and download chunk size (default 32Ki)
-      --sftp-ciphers SpaceSepList                      Space separated list of ciphers to be used for session encryption, ordered by preference
-      --sftp-concurrency int                           The maximum number of outstanding requests for one file (default 64)
-      --sftp-disable-concurrent-reads                  If set don't use concurrent reads
-      --sftp-disable-concurrent-writes                 If set don't use concurrent writes
-      --sftp-disable-hashcheck                         Disable the execution of SSH commands to determine if remote file hashing is available
-      --sftp-host string                               SSH host to connect to
-      --sftp-idle-timeout Duration                     Max time before closing idle connections (default 1m0s)
-      --sftp-key-exchange SpaceSepList                 Space separated list of key exchange algorithms, ordered by preference
-      --sftp-key-file string                           Path to PEM-encoded private key file
-      --sftp-key-file-pass string                      The passphrase to decrypt the PEM-encoded private key file (obscured)
-      --sftp-key-pem string                            Raw PEM-encoded private key
-      --sftp-key-use-agent                             When set forces the usage of the ssh-agent
-      --sftp-known-hosts-file string                   Optional path to known_hosts file
-      --sftp-macs SpaceSepList                         Space separated list of MACs (message authentication code) algorithms, ordered by preference
-      --sftp-md5sum-command string                     The command used to read md5 hashes
-      --sftp-pass string                               SSH password, leave blank to use ssh-agent (obscured)
-      --sftp-path-override string                      Override path used by SSH shell commands
-      --sftp-port int                                  SSH port number (default 22)
-      --sftp-pubkey-file string                        Optional path to public key file
-      --sftp-server-command string                     Specifies the path or command to run a sftp server on the remote host
-      --sftp-set-env SpaceSepList                      Environment variables to pass to sftp and commands
-      --sftp-set-modtime                               Set the modified time on the remote if set (default true)
-      --sftp-sha1sum-command string                    The command used to read sha1 hashes
-      --sftp-shell-type string                         The type of SSH shell on remote server, if any
-      --sftp-skip-links                                Set to skip any symlinks and any other non regular files
-      --sftp-subsystem string                          Specifies the SSH2 subsystem on the remote host (default "sftp")
-      --sftp-use-fstat                                 If set use fstat instead of stat
-      --sftp-use-insecure-cipher                       Enable the use of insecure ciphers and key exchange methods
-      --sftp-user string                               SSH username (default "$USER")
-      --sharefile-chunk-size SizeSuffix                Upload chunk size (default 64Mi)
-      --sharefile-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --sharefile-endpoint string                      Endpoint for API calls
-      --sharefile-root-folder-id string                ID of the root folder
-      --sharefile-upload-cutoff SizeSuffix             Cutoff for switching to multipart upload (default 128Mi)
-      --sia-api-password string                        Sia Daemon API Password (obscured)
-      --sia-api-url string                             Sia daemon API URL, like http://sia.daemon.host:9980 (default "http://127.0.0.1:9980")
-      --sia-encoding MultiEncoder                      The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
-      --sia-user-agent string                          Siad User Agent (default "Sia-Agent")
-      --skip-links                                     Don't warn about skipped symlinks
-      --smb-case-insensitive                           Whether the server is configured to be case-insensitive (default true)
-      --smb-domain string                              Domain name for NTLM authentication (default "WORKGROUP")
-      --smb-encoding MultiEncoder                      The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --smb-hide-special-share                         Hide special shares (e.g. print$) which users aren't supposed to access (default true)
-      --smb-host string                                SMB server hostname to connect to
-      --smb-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --smb-pass string                                SMB password (obscured)
-      --smb-port int                                   SMB port number (default 445)
-      --smb-spn string                                 Service principal name
-      --smb-user string                                SMB username (default "$USER")
-      --storj-access-grant string                      Access grant
-      --storj-api-key string                           API key
-      --storj-passphrase string                        Encryption passphrase
-      --storj-provider string                          Choose an authentication method (default "existing")
-      --storj-satellite-address string                 Satellite address (default "us1.storj.io")
-      --sugarsync-access-key-id string                 Sugarsync Access Key ID
-      --sugarsync-app-id string                        Sugarsync App ID
-      --sugarsync-authorization string                 Sugarsync authorization
-      --sugarsync-authorization-expiry string          Sugarsync authorization expiry
-      --sugarsync-deleted-id string                    Sugarsync deleted folder id
-      --sugarsync-encoding MultiEncoder                The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
-      --sugarsync-hard-delete                          Permanently delete files if true
-      --sugarsync-private-access-key string            Sugarsync Private Access Key
-      --sugarsync-refresh-token string                 Sugarsync refresh token
-      --sugarsync-root-id string                       Sugarsync root id
-      --sugarsync-user string                          Sugarsync user
-      --swift-application-credential-id string         Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
-      --swift-application-credential-name string       Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
-      --swift-application-credential-secret string     Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
-      --swift-auth string                              Authentication URL for server (OS_AUTH_URL)
-      --swift-auth-token string                        Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-      --swift-auth-version int                         AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-      --swift-chunk-size SizeSuffix                    Above this size files will be chunked into a _segments container (default 5Gi)
-      --swift-domain string                            User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-      --swift-encoding MultiEncoder                    The encoding for the backend (default Slash,InvalidUtf8)
-      --swift-endpoint-type string                     Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
-      --swift-env-auth                                 Get swift credentials from environment variables in standard OpenStack form
-      --swift-key string                               API key or password (OS_PASSWORD)
-      --swift-leave-parts-on-error                     If true avoid calling abort upload on a failure
-      --swift-no-chunk                                 Don't chunk files during streaming upload
-      --swift-no-large-objects                         Disable support for static and dynamic large objects
-      --swift-region string                            Region name - optional (OS_REGION_NAME)
-      --swift-storage-policy string                    The storage policy to use when creating a new container
-      --swift-storage-url string                       Storage URL - optional (OS_STORAGE_URL)
-      --swift-tenant string                            Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-      --swift-tenant-domain string                     Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-      --swift-tenant-id string                         Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-      --swift-user string                              User name to log in (OS_USERNAME)
-      --swift-user-id string                           User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
-      --union-action-policy string                     Policy to choose upstream on ACTION category (default "epall")
-      --union-cache-time int                           Cache time of usage and free space (in seconds) (default 120)
-      --union-create-policy string                     Policy to choose upstream on CREATE category (default "epmfs")
-      --union-min-free-space SizeSuffix                Minimum viable free space for lfs/eplfs policies (default 1Gi)
-      --union-search-policy string                     Policy to choose upstream on SEARCH category (default "ff")
-      --union-upstreams string                         List of space separated upstreams
-      --uptobox-access-token string                    Your access token
-      --uptobox-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
-      --webdav-bearer-token string                     Bearer token instead of user/pass (e.g. a Macaroon)
-      --webdav-bearer-token-command string             Command to run to get a bearer token
-      --webdav-encoding string                         The encoding for the backend
-      --webdav-headers CommaSepList                    Set HTTP headers for all transactions
-      --webdav-pass string                             Password (obscured)
-      --webdav-url string                              URL of http host to connect to
-      --webdav-user string                             User name
-      --webdav-vendor string                           Name of the WebDAV site/service/software you are using
-      --yandex-auth-url string                         Auth server URL
-      --yandex-client-id string                        OAuth Client Id
-      --yandex-client-secret string                    OAuth Client Secret
-      --yandex-encoding MultiEncoder                   The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --yandex-hard-delete                             Delete files permanently rather than putting them into the trash
-      --yandex-token string                            OAuth Access Token as a JSON blob
-      --yandex-token-url string                        Token server url
-      --zoho-auth-url string                           Auth server URL
-      --zoho-client-id string                          OAuth Client Id
-      --zoho-client-secret string                      OAuth Client Secret
-      --zoho-encoding MultiEncoder                     The encoding for the backend (default Del,Ctl,InvalidUtf8)
-      --zoho-region string                             Zoho region to connect to
-      --zoho-token string                              OAuth Access Token as a JSON blob
-      --zoho-token-url string                          Token server url
-```
+Returns:
 
-# Docker Volume Plugin
+- list
+    - This is an array of objects as described in the lsjson command
 
-## Introduction
+See the [lsjson](https://rclone.org/commands/rclone_lsjson/) command for more information on the above and examples.
 
-Docker 1.9 has added support for creating
-[named volumes](https://docs.docker.com/storage/volumes/) via
-[command-line interface](https://docs.docker.com/engine/reference/commandline/volume_create/)
-and mounting them in containers as a way to share data between them.
-Since Docker 1.10 you can create named volumes with
-[Docker Compose](https://docs.docker.com/compose/) by descriptions in
-[docker-compose.yml](https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference)
-files for use by container groups on a single host.
-As of Docker 1.12 volumes are supported by
-[Docker Swarm](https://docs.docker.com/engine/swarm/key-concepts/)
-included with Docker Engine and created from descriptions in
-[swarm compose v3](https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference)
-files for use with _swarm stacks_ across multiple cluster nodes.
+**Authentication is required for this call.**
 
-[Docker Volume Plugins](https://docs.docker.com/engine/extend/plugins_volume/)
-augment the default `local` volume driver included in Docker with stateful
-volumes shared across containers and hosts. Unlike local volumes, your
-data will _not_ be deleted when such volume is removed. Plugins can run
-managed by the docker daemon, as a native system service
-(under systemd, _sysv_ or _upstart_) or as a standalone executable.
-Rclone can run as docker volume plugin in all these modes.
-It interacts with the local docker daemon
-via [plugin API](https://docs.docker.com/engine/extend/plugin_api/) and
-handles mounting of remote file systems into docker containers so it must
-run on the same host as the docker daemon or on every Swarm node.
+### operations/mkdir: Make a destination directory or container {#operations-mkdir}
 
-## Getting started
+This takes the following parameters:
 
-In the first example we will use the [SFTP](https://rclone.org/sftp/)
-rclone volume with Docker engine on a standalone Ubuntu machine.
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
 
-Start from [installing Docker](https://docs.docker.com/engine/install/)
-on the host.
+See the [mkdir](https://rclone.org/commands/rclone_mkdir/) command for more information on the above.
 
-The _FUSE_ driver is a prerequisite for rclone mounting and should be
-installed on host:
-```
-sudo apt-get -y install fuse
-```
+**Authentication is required for this call.**
 
-Create two directories required by rclone docker plugin:
-```
-sudo mkdir -p /var/lib/docker-plugins/rclone/config
-sudo mkdir -p /var/lib/docker-plugins/rclone/cache
-```
+### operations/movefile: Move a file from source remote to destination remote {#operations-movefile}
 
-Install the managed rclone docker plugin for your architecture (here `amd64`):
-```
-docker plugin install rclone/docker-volume-rclone:amd64 args="-v" --alias rclone --grant-all-permissions
-docker plugin list
-```
+This takes the following parameters:
 
-Create your [SFTP volume](https://rclone.org/sftp/#standard-options):
-```
-docker volume create firstvolume -d rclone -o type=sftp -o sftp-host=_hostname_ -o sftp-user=_username_ -o sftp-pass=_password_ -o allow-other=true
-```
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
+- srcRemote - a path within that remote e.g. "file.txt" for the source
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
+- dstRemote - a path within that remote e.g. "file2.txt" for the destination
 
-Note that since all options are static, you don't even have to run
-`rclone config` or create the `rclone.conf` file (but the `config` directory
-should still be present). In the simplest case you can use `localhost`
-as _hostname_ and your SSH credentials as _username_ and _password_.
-You can also change the remote path to your home directory on the host,
-for example `-o path=/home/username`.
+**Authentication is required for this call.**
 
+### operations/publiclink: Create or retrieve a public link to the given file or folder. {#operations-publiclink}
 
-Time to create a test container and mount the volume into it:
-```
-docker run --rm -it -v firstvolume:/mnt --workdir /mnt ubuntu:latest bash
-```
+This takes the following parameters:
 
-If all goes well, you will enter the new container and change right to
-the mounted SFTP remote. You can type `ls` to list the mounted directory
-or otherwise play with it. Type `exit` when you are done.
-The container will stop but the volume will stay, ready to be reused.
-When it's not needed anymore, remove it:
-```
-docker volume list
-docker volume remove firstvolume
-```
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
+- unlink - boolean - if set removes the link rather than adding it (optional)
+- expire - string - the expiry time of the link e.g. "1d" (optional)
 
-Now let us try **something more elaborate**:
-[Google Drive](https://rclone.org/drive/) volume on multi-node Docker Swarm.
+Returns:
 
-You should start from installing Docker and FUSE, creating plugin
-directories and installing rclone plugin on _every_ swarm node.
-Then [setup the Swarm](https://docs.docker.com/engine/swarm/swarm-mode/).
+- url - URL of the resource
 
-Google Drive volumes need an access token which can be setup via web
-browser and will be periodically renewed by rclone. The managed
-plugin cannot run a browser so we will use a technique similar to the
-[rclone setup on a headless box](https://rclone.org/remote_setup/).
+See the [link](https://rclone.org/commands/rclone_link/) command for more information on the above.
 
-Run [rclone config](https://rclone.org/commands/rclone_config_create/)
-on _another_ machine equipped with _web browser_ and graphical user interface.
-Create the [Google Drive remote](https://rclone.org/drive/#standard-options).
-When done, transfer the resulting `rclone.conf` to the Swarm cluster
-and save as `/var/lib/docker-plugins/rclone/config/rclone.conf`
-on _every_ node. By default this location is accessible only to the
-root user so you will need appropriate privileges. The resulting config
-will look like this:
-```
-[gdrive]
-type = drive
-scope = drive
-drive_id = 1234567...
-root_folder_id = 0Abcd...
-token = {"access_token":...}
-```
+**Authentication is required for this call.**
 
-Now create the file named `example.yml` with a swarm stack description
-like this:
-```
-version: '3'
-services:
-  heimdall:
-    image: linuxserver/heimdall:latest
-    ports: [8080:80]
-    volumes: [configdata:/config]
-volumes:
-  configdata:
-    driver: rclone
-    driver_opts:
-      remote: 'gdrive:heimdall'
-      allow_other: 'true'
-      vfs_cache_mode: full
-      poll_interval: 0
-```
+### operations/purge: Remove a directory or container and all of its contents {#operations-purge}
 
-and run the stack:
-```
-docker stack deploy example -c ./example.yml
-```
+This takes the following parameters:
 
-After a few seconds docker will spread the parsed stack description
-over cluster, create the `example_heimdall` service on port _8080_,
-run service containers on one or more cluster nodes and request
-the `example_configdata` volume from rclone plugins on the node hosts.
-You can use the following commands to confirm results:
-```
-docker service ls
-docker service ps example_heimdall
-docker volume ls
-```
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
 
-Point your browser to `http://cluster.host.address:8080` and play with
-the service. Stop it with `docker stack remove example` when you are done.
-Note that the `example_configdata` volume(s) created on demand at the
-cluster nodes will not be automatically removed together with the stack
-but stay for future reuse. You can remove them manually by invoking
-the `docker volume remove example_configdata` command on every node.
+See the [purge](https://rclone.org/commands/rclone_purge/) command for more information on the above.
 
-## Creating Volumes via CLI
+**Authentication is required for this call.**
 
-Volumes can be created with [docker volume create](https://docs.docker.com/engine/reference/commandline/volume_create/).
-Here are a few examples:
-```
-docker volume create vol1 -d rclone -o remote=storj: -o vfs-cache-mode=full
-docker volume create vol2 -d rclone -o remote=:storj,access_grant=xxx:heimdall
-docker volume create vol3 -d rclone -o type=storj -o path=heimdall -o storj-access-grant=xxx -o poll-interval=0
-```
+### operations/rmdir: Remove an empty directory or container {#operations-rmdir}
 
-Note the `-d rclone` flag that tells docker to request volume from the
-rclone driver. This works even if you installed managed driver by its full
-name `rclone/docker-volume-rclone` because you provided the `--alias rclone`
-option.
+This takes the following parameters:
 
-Volumes can be inspected as follows:
-```
-docker volume list
-docker volume inspect vol1
-```
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
 
-## Volume Configuration
+See the [rmdir](https://rclone.org/commands/rclone_rmdir/) command for more information on the above.
 
-Rclone flags and volume options are set via the `-o` flag to the
-`docker volume create` command. They include backend-specific parameters
-as well as mount and _VFS_ options. Also there are a few
-special `-o` options:
-`remote`, `fs`, `type`, `path`, `mount-type` and `persist`.
+**Authentication is required for this call.**
 
-`remote` determines an existing remote name from the config file, with
-trailing colon and optionally with a remote path. See the full syntax in
-the [rclone documentation](https://rclone.org/docs/#syntax-of-remote-paths).
-This option can be aliased as `fs` to prevent confusion with the
-_remote_ parameter of such backends as _crypt_ or _alias_.
+### operations/rmdirs: Remove all the empty directories in the path {#operations-rmdirs}
 
-The `remote=:backend:dir/subdir` syntax can be used to create
-[on-the-fly (config-less) remotes](https://rclone.org/docs/#backend-path-to-dir),
-while the `type` and `path` options provide a simpler alternative for this.
-Using two split options
-```
--o type=backend -o path=dir/subdir
-```
-is equivalent to the combined syntax
-```
--o remote=:backend:dir/subdir
-```
-but is arguably easier to parameterize in scripts.
-The `path` part is optional.
+This takes the following parameters:
 
-[Mount and VFS options](https://rclone.org/commands/rclone_serve_docker/#options)
-as well as [backend parameters](https://rclone.org/flags/#backend-flags) are named
-like their twin command-line flags without the `--` CLI prefix.
-Optionally you can use underscores instead of dashes in option names.
-For example, `--vfs-cache-mode full` becomes
-`-o vfs-cache-mode=full` or `-o vfs_cache_mode=full`.
-Boolean CLI flags without value will gain the `true` value, e.g.
-`--allow-other` becomes `-o allow-other=true` or `-o allow_other=true`.
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
+- leaveRoot - boolean, set to true not to delete the root
 
-Please note that you can provide parameters only for the backend immediately
-referenced by the backend type of mounted `remote`.
-If this is a wrapping backend like _alias, chunker or crypt_, you cannot
-provide options for the referred to remote or backend. This limitation is
-imposed by the rclone connection string parser. The only workaround is to
-feed plugin with `rclone.conf` or configure plugin arguments (see below).
+See the [rmdirs](https://rclone.org/commands/rclone_rmdirs/) command for more information on the above.
 
-## Special Volume Options
+**Authentication is required for this call.**
 
-`mount-type` determines the mount method and in general can be one of:
-`mount`, `cmount`, or `mount2`. This can be aliased as `mount_type`.
-It should be noted that the managed rclone docker plugin currently does
-not support the `cmount` method and `mount2` is rarely needed.
-This option defaults to the first found method, which is usually `mount`
-so you generally won't need it.
+### operations/settier: Changes storage tier or class on all files in the path {#operations-settier}
 
-`persist` is a reserved boolean (true/false) option.
-In future it will allow to persist on-the-fly remotes in the plugin
-`rclone.conf` file.
+This takes the following parameters:
 
-## Connection Strings
+- fs - a remote name string e.g. "drive:"
 
-The `remote` value can be extended
-with [connection strings](https://rclone.org/docs/#connection-strings)
-as an alternative way to supply backend parameters. This is equivalent
-to the `-o` backend options with one _syntactic difference_.
-Inside connection string the backend prefix must be dropped from parameter
-names but in the `-o param=value` array it must be present.
-For instance, compare the following option array
-```
--o remote=:sftp:/home -o sftp-host=localhost
-```
-with equivalent connection string:
-```
--o remote=:sftp,host=localhost:/home
-```
-This difference exists because flag options `-o key=val` include not only
-backend parameters but also mount/VFS flags and possibly other settings.
-Also it allows to discriminate the `remote` option from the `crypt-remote`
-(or similarly named backend parameters) and arguably simplifies scripting
-due to clearer value substitution.
+See the [settier](https://rclone.org/commands/rclone_settier/) command for more information on the above.
 
-## Using with Swarm or Compose
+**Authentication is required for this call.**
 
-Both _Docker Swarm_ and _Docker Compose_ use
-[YAML](http://yaml.org/spec/1.2/spec.html)-formatted text files to describe
-groups (stacks) of containers, their properties, networks and volumes.
-_Compose_ uses the [compose v2](https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference) format,
-_Swarm_ uses the [compose v3](https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference) format.
-They are mostly similar, differences are explained in the
-[docker documentation](https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading).
+### operations/settierfile: Changes storage tier or class on the single file pointed to {#operations-settierfile}
 
-Volumes are described by the children of the top-level `volumes:` node.
-Each of them should be named after its volume and have at least two
-elements, the self-explanatory `driver: rclone` value and the
-`driver_opts:` structure playing the same role as `-o key=val` CLI flags:
+This takes the following parameters:
 
-```
-volumes:
-  volume_name_1:
-    driver: rclone
-    driver_opts:
-      remote: 'gdrive:'
-      allow_other: 'true'
-      vfs_cache_mode: full
-      token: '{"type": "borrower", "expires": "2021-12-31"}'
-      poll_interval: 0
-```
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
 
-Notice a few important details:
-- YAML prefers `_` in option names instead of `-`.
-- YAML treats single and double quotes interchangeably.
-  Simple strings and integers can be left unquoted.
-- Boolean values must be quoted like `'true'` or `"false"` because
-  these two words are reserved by YAML.
-- The filesystem string is keyed with `remote` (or with `fs`).
-  Normally you can omit quotes here, but if the string ends with colon,
-  you **must** quote it like `remote: "storage_box:"`.
-- YAML is picky about surrounding braces in values as this is in fact
-  another [syntax for key/value mappings](http://yaml.org/spec/1.2/spec.html#id2790832).
-  For example, JSON access tokens usually contain double quotes and
-  surrounding braces, so you must put them in single quotes.
+See the [settierfile](https://rclone.org/commands/rclone_settierfile/) command for more information on the above.
 
-## Installing as Managed Plugin
+**Authentication is required for this call.**
 
-Docker daemon can install plugins from an image registry and run them managed.
-We maintain the
-[docker-volume-rclone](https://hub.docker.com/p/rclone/docker-volume-rclone/)
-plugin image on [Docker Hub](https://hub.docker.com).
+### operations/size: Count the number of bytes and files in remote {#operations-size}
 
-Rclone volume plugin requires **Docker Engine >= 19.03.15**
+This takes the following parameters:
 
-The plugin requires presence of two directories on the host before it can
-be installed. Note that plugin will **not** create them automatically.
-By default they must exist on host at the following locations
-(though you can tweak the paths):
-- `/var/lib/docker-plugins/rclone/config`
-  is reserved for the `rclone.conf` config file and **must** exist
-  even if it's empty and the config file is not present.
-- `/var/lib/docker-plugins/rclone/cache`
-  holds the plugin state file as well as optional VFS caches.
+- fs - a remote name string e.g. "drive:path/to/dir"
 
-You can [install managed plugin](https://docs.docker.com/engine/reference/commandline/plugin_install/)
-with default settings as follows:
-```
-docker plugin install rclone/docker-volume-rclone:amd64 --grant-all-permissions --alias rclone
-```
+Returns:
 
-The `:amd64` part of the image specification after colon is called a _tag_.
-Usually you will want to install the latest plugin for your architecture. In
-this case the tag will just name it, like `amd64` above. The following plugin
-architectures are currently available:
-- `amd64`
-- `arm64`
-- `arm-v7`
+- count - number of files
+- bytes - number of bytes in those files
 
-Sometimes you might want a concrete plugin version, not the latest one.
-Then you should use image tag in the form `:ARCHITECTURE-VERSION`.
-For example, to install plugin version `v1.56.2` on architecture `arm64`
-you will use tag `arm64-1.56.2` (note the removed `v`) so the full image
-specification becomes `rclone/docker-volume-rclone:arm64-1.56.2`.
+See the [size](https://rclone.org/commands/rclone_size/) command for more information on the above.
 
-We also provide the `latest` plugin tag, but since docker does not support
-multi-architecture plugins as of the time of this writing, this tag is
-currently an **alias for `amd64`**.
-By convention the `latest` tag is the default one and can be omitted, thus
-both `rclone/docker-volume-rclone:latest` and just `rclone/docker-volume-rclone`
-will refer to the latest plugin release for the `amd64` platform.
+**Authentication is required for this call.**
 
-Also the `amd64` part can be omitted from the versioned rclone plugin tags.
-For example, rclone image reference `rclone/docker-volume-rclone:amd64-1.56.2`
-can be abbreviated as `rclone/docker-volume-rclone:1.56.2` for convenience.
-However, for non-intel architectures you still have to use the full tag as
-`amd64` or `latest` will fail to start.
+### operations/stat: Give information about the supplied file or directory {#operations-stat}
 
-Managed plugin is in fact a special container running in a namespace separate
-from normal docker containers. Inside it runs the `rclone serve docker`
-command. The config and cache directories are bind-mounted into the
-container at start. The docker daemon connects to a unix socket created
-by the command inside the container. The command creates on-demand remote
-mounts right inside, then docker machinery propagates them through kernel
-mount namespaces and bind-mounts into requesting user containers.
+This takes the following parameters
 
-You can tweak a few plugin settings after installation when it's disabled
-(not in use), for instance:
-```
-docker plugin disable rclone
-docker plugin set rclone RCLONE_VERBOSE=2 config=/etc/rclone args="--vfs-cache-mode=writes --allow-other"
-docker plugin enable rclone
-docker plugin inspect rclone
-```
+- fs - a remote name string eg "drive:"
+- remote - a path within that remote eg "dir"
+- opt - a dictionary of options to control the listing (optional)
+    - see operations/list for the options
 
-Note that if docker refuses to disable the plugin, you should find and
-remove all active volumes connected with it as well as containers and
-swarm services that use them. This is rather tedious so please carefully
-plan in advance.
+The result is
 
-You can tweak the following settings:
-`args`, `config`, `cache`, `HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY`
-and `RCLONE_VERBOSE`.
-It's _your_ task to keep plugin settings in sync across swarm cluster nodes.
+- item - an object as described in the lsjson command. Will be null if not found.
 
-`args` sets command-line arguments for the `rclone serve docker` command
-(_none_ by default). Arguments should be separated by space so you will
-normally want to put them in quotes on the
-[docker plugin set](https://docs.docker.com/engine/reference/commandline/plugin_set/)
-command line. Both [serve docker flags](https://rclone.org/commands/rclone_serve_docker/#options)
-and [generic rclone flags](https://rclone.org/flags/) are supported, including backend
-parameters that will be used as defaults for volume creation.
-Note that plugin will fail (due to [this docker bug](https://github.com/moby/moby/blob/v20.10.7/plugin/v2/plugin.go#L195))
-if the `args` value is empty. Use e.g. `args="-v"` as a workaround.
+Note that if you are only interested in files then it is much more
+efficient to set the filesOnly flag in the options.
 
-`config=/host/dir` sets alternative host location for the config directory.
-Plugin will look for `rclone.conf` here. It's not an error if the config
-file is not present but the directory must exist. Please note that plugin
-can periodically rewrite the config file, for example when it renews
-storage access tokens. Keep this in mind and try to avoid races between
-the plugin and other instances of rclone on the host that might try to
-change the config simultaneously resulting in corrupted `rclone.conf`.
-You can also put stuff like private key files for SFTP remotes in this
-directory. Just note that it's bind-mounted inside the plugin container
-at the predefined path `/data/config`. For example, if your key file is
-named `sftp-box1.key` on the host, the corresponding volume config option
-should read `-o sftp-key-file=/data/config/sftp-box1.key`.
+See the [lsjson](https://rclone.org/commands/rclone_lsjson/) command for more information on the above and examples.
 
-`cache=/host/dir` sets alternative host location for the _cache_ directory.
-The plugin will keep VFS caches here. Also it will create and maintain
-the `docker-plugin.state` file in this directory. When the plugin is
-restarted or reinstalled, it will look in this file to recreate any volumes
-that existed previously. However, they will not be re-mounted into
-consuming containers after restart. Usually this is not a problem as
-the docker daemon normally will restart affected user containers after
-failures, daemon restarts or host reboots.
+**Authentication is required for this call.**
 
-`RCLONE_VERBOSE` sets plugin verbosity from `0` (errors only, by default)
-to `2` (debugging). Verbosity can be also tweaked via `args="-v [-v] ..."`.
-Since arguments are more generic, you will rarely need this setting.
-The plugin output by default feeds the docker daemon log on local host.
-Log entries are reflected as _errors_ in the docker log but retain their
-actual level assigned by rclone in the encapsulated message string.
+### operations/uploadfile: Upload file using multiform/form-data {#operations-uploadfile}
 
-`HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY` customize the plugin proxy settings.
+This takes the following parameters:
 
-You can set custom plugin options right when you install it, _in one go_:
-```
-docker plugin remove rclone
-docker plugin install rclone/docker-volume-rclone:amd64 \
-       --alias rclone --grant-all-permissions \
-       args="-v --allow-other" config=/etc/rclone
-docker plugin inspect rclone
-```
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
+- each part in body represents a file to be uploaded
 
-## Healthchecks
+See the [uploadfile](https://rclone.org/commands/rclone_uploadfile/) command for more information on the above.
 
-The docker plugin volume protocol doesn't provide a way for plugins
-to inform the docker daemon that a volume is (un-)available.
-As a workaround you can setup a healthcheck to verify that the mount
-is responding, for example:
-```
-services:
-  my_service:
-    image: my_image
-    healthcheck:
-      test: ls /path/to/rclone/mount || exit 1
-      interval: 1m
-      timeout: 15s
-      retries: 3
-      start_period: 15s
-```
+**Authentication is required for this call.**
 
-## Running Plugin under Systemd
+### options/blocks: List all the option blocks {#options-blocks}
 
-In most cases you should prefer managed mode. Moreover, MacOS and Windows
-do not support native Docker plugins. Please use managed mode on these
-systems. Proceed further only if you are on Linux.
+Returns:
+- options - a list of the options block names
 
-First, [install rclone](https://rclone.org/install/).
-You can just run it (type `rclone serve docker` and hit enter) for the test.
+### options/get: Get all the global options {#options-get}
 
-Install _FUSE_:
-```
-sudo apt-get -y install fuse
-```
+Returns an object where keys are option block names and values are an
+object with the current option values in.
 
-Download two systemd configuration files:
-[docker-volume-rclone.service](https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.service)
-and [docker-volume-rclone.socket](https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.socket).
+Note that these are the global options which are unaffected by use of
+the _config and _filter parameters. If you wish to read the parameters
+set in _config then use options/config and for _filter use options/filter.
 
-Put them to the `/etc/systemd/system/` directory:
-```
-cp docker-volume-plugin.service /etc/systemd/system/
-cp docker-volume-plugin.socket  /etc/systemd/system/
-```
+This shows the internal names of the option within rclone which should
+map to the external options very easily with a few exceptions.
 
-Please note that all commands in this section must be run as _root_ but
-we omit `sudo` prefix for brevity.
-Now create directories required by the service:
-```
-mkdir -p /var/lib/docker-volumes/rclone
-mkdir -p /var/lib/docker-plugins/rclone/config
-mkdir -p /var/lib/docker-plugins/rclone/cache
-```
+### options/local: Get the currently active config for this call {#options-local}
 
-Run the docker plugin service in the socket activated mode:
-```
-systemctl daemon-reload
-systemctl start docker-volume-rclone.service
-systemctl enable docker-volume-rclone.socket
-systemctl start docker-volume-rclone.socket
-systemctl restart docker
-```
+Returns an object with the keys "config" and "filter".
+The "config" key contains the local config and the "filter" key contains
+the local filters.
 
-Or run the service directly:
-- run `systemctl daemon-reload` to let systemd pick up new config
-- run `systemctl enable docker-volume-rclone.service` to make the new
-  service start automatically when you power on your machine.
-- run `systemctl start docker-volume-rclone.service`
-  to start the service now.
-- run `systemctl restart docker` to restart docker daemon and let it
-  detect the new plugin socket. Note that this step is not needed in
-  managed mode where docker knows about plugin state changes.
+Note that these are the local options specific to this rc call. If
+_config was not supplied then they will be the global options.
+Likewise with "_filter".
 
-The two methods are equivalent from the user perspective, but I personally
-prefer socket activation.
+This call is mostly useful for seeing if _config and _filter passing
+is working.
 
-## Troubleshooting
+This shows the internal names of the option within rclone which should
+map to the external options very easily with a few exceptions.
 
-You can [see managed plugin settings](https://docs.docker.com/engine/extend/#debugging-plugins)
-with
-```
-docker plugin list
-docker plugin inspect rclone
-```
-Note that docker (including latest 20.10.7) will not show actual values
-of `args`, just the defaults.
+### options/set: Set an option {#options-set}
 
-Use `journalctl --unit docker` to see managed plugin output as part of
-the docker daemon log. Note that docker reflects plugin lines as _errors_
-but their actual level can be seen from encapsulated message string.
+Parameters:
 
-You will usually install the latest version of managed plugin for your platform.
-Use the following commands to print the actual installed version:
-```
-PLUGID=$(docker plugin list --no-trunc | awk '/rclone/{print$1}')
-sudo runc --root /run/docker/runtime-runc/plugins.moby exec $PLUGID rclone version
-```
+- option block name containing an object with
+  - key: value
 
-You can even use `runc` to run shell inside the plugin container:
-```
-sudo runc --root /run/docker/runtime-runc/plugins.moby exec --tty $PLUGID bash
-```
+Repeated as often as required.
 
-Also you can use curl to check the plugin socket connectivity:
-```
-docker plugin list --no-trunc
-PLUGID=123abc...
-sudo curl -H Content-Type:application/json -XPOST -d {} --unix-socket /run/docker/plugins/$PLUGID/rclone.sock http://localhost/Plugin.Activate
-```
-though this is rarely needed.
+Only supply the options you wish to change.  If an option is unknown
+it will be silently ignored.  Not all options will have an effect when
+changed like this.
 
-## Caveats
+For example:
 
-Finally I'd like to mention a _caveat with updating volume settings_.
-Docker CLI does not have a dedicated command like `docker volume update`.
-It may be tempting to invoke `docker volume create` with updated options
-on existing volume, but there is a gotcha. The command will do nothing,
-it won't even return an error. I hope that docker maintainers will fix
-this some day. In the meantime be aware that you must remove your volume
-before recreating it with new settings:
-```
-docker volume remove my_vol
-docker volume create my_vol -d rclone -o opt1=new_val1 ...
-```
+This sets DEBUG level logs (-vv) (these can be set by number or string)
 
-and verify that settings did update:
-```
-docker volume list
-docker volume inspect my_vol
-```
+    rclone rc options/set --json '{"main": {"LogLevel": "DEBUG"}}'
+    rclone rc options/set --json '{"main": {"LogLevel": 8}}'
 
-If docker refuses to remove the volume, you should find containers
-or swarm services that use it and stop them first.
+And this sets INFO level logs (-v)
 
-## Getting started {#getting-started}
+    rclone rc options/set --json '{"main": {"LogLevel": "INFO"}}'
 
-- [Install rclone](https://rclone.org/install/) and setup your remotes.
-- Bisync will create its working directory
-  at `~/.cache/rclone/bisync` on Linux
-  or `C:\Users\MyLogin\AppData\Local\rclone\bisync` on Windows.
-  Make sure that this location is writable.
-- Run bisync with the `--resync` flag, specifying the paths
-  to the local and remote sync directory roots.
-- For successive sync runs, leave off the `--resync` flag.
-- Consider using a [filters file](#filtering) for excluding
-  unnecessary files and directories from the sync.
-- Consider setting up the [--check-access](#check-access) feature
-  for safety.
-- On Linux, consider setting up a [crontab entry](#cron). bisync can
-  safely run in concurrent cron jobs thanks to lock files it maintains.
+And this sets NOTICE level logs (normal without -v)
 
-Here is a typical run log (with timestamps removed for clarity):
+    rclone rc options/set --json '{"main": {"LogLevel": "NOTICE"}}'
 
-```
-rclone bisync /testdir/path1/ /testdir/path2/ --verbose
-INFO  : Synching Path1 "/testdir/path1/" with Path2 "/testdir/path2/"
-INFO  : Path1 checking for diffs
-INFO  : - Path1    File is new                         - file11.txt
-INFO  : - Path1    File is newer                       - file2.txt
-INFO  : - Path1    File is newer                       - file5.txt
-INFO  : - Path1    File is newer                       - file7.txt
-INFO  : - Path1    File was deleted                    - file4.txt
-INFO  : - Path1    File was deleted                    - file6.txt
-INFO  : - Path1    File was deleted                    - file8.txt
-INFO  : Path1:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
-INFO  : Path2 checking for diffs
-INFO  : - Path2    File is new                         - file10.txt
-INFO  : - Path2    File is newer                       - file1.txt
-INFO  : - Path2    File is newer                       - file5.txt
-INFO  : - Path2    File is newer                       - file6.txt
-INFO  : - Path2    File was deleted                    - file3.txt
-INFO  : - Path2    File was deleted                    - file7.txt
-INFO  : - Path2    File was deleted                    - file8.txt
-INFO  : Path2:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
-INFO  : Applying changes
-INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file11.txt
-INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file2.txt
-INFO  : - Path2    Queue delete                        - /testdir/path2/file4.txt
-NOTICE: - WARNING  New or changed in both paths        - file5.txt
-NOTICE: - Path1    Renaming Path1 copy                 - /testdir/path1/file5.txt..path1
-NOTICE: - Path1    Queue copy to Path2                 - /testdir/path2/file5.txt..path1
-NOTICE: - Path2    Renaming Path2 copy                 - /testdir/path2/file5.txt..path2
-NOTICE: - Path2    Queue copy to Path1                 - /testdir/path1/file5.txt..path2
-INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file6.txt
-INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file7.txt
-INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file1.txt
-INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file10.txt
-INFO  : - Path1    Queue delete                        - /testdir/path1/file3.txt
-INFO  : - Path2    Do queued copies to                 - Path1
-INFO  : - Path1    Do queued copies to                 - Path2
-INFO  : -          Do queued deletes on                - Path1
-INFO  : -          Do queued deletes on                - Path2
-INFO  : Updating listings
-INFO  : Validating listings for Path1 "/testdir/path1/" vs Path2 "/testdir/path2/"
-INFO  : Bisync successful
-```
+### pluginsctl/addPlugin: Add a plugin using url {#pluginsctl-addPlugin}
 
-## Command line syntax
+Used for adding a plugin to the webgui.
 
-```
-$ rclone bisync --help
-Usage:
-  rclone bisync remote1:path1 remote2:path2 [flags]
+This takes the following parameters:
 
-Positional arguments:
-  Path1, Path2  Local path, or remote storage with ':' plus optional path.
-                Type 'rclone listremotes' for list of configured remotes.
+- url - http url of the github repo where the plugin is hosted (http://github.com/rclone/rclone-webui-react).
 
-Optional Flags:
-      --check-access            Ensure expected `RCLONE_TEST` files are found on
-                                both Path1 and Path2 filesystems, else abort.
-      --check-filename FILENAME Filename for `--check-access` (default: `RCLONE_TEST`)
-      --check-sync CHOICE       Controls comparison of final listings:
-                                `true | false | only` (default: true)
-                                If set to `only`, bisync will only compare listings
-                                from the last run but skip actual sync.
-      --filters-file PATH       Read filtering patterns from a file
-      --max-delete PERCENT      Safety check on maximum percentage of deleted files allowed.
-                                If exceeded, the bisync run will abort. (default: 50%)
-      --force                   Bypass `--max-delete` safety check and run the sync.
-                                Consider using with `--verbose`
-      --remove-empty-dirs       Remove empty directories at the final cleanup step.
-  -1, --resync                  Performs the resync run.
-                                Warning: Path1 files may overwrite Path2 versions.
-                                Consider using `--verbose` or `--dry-run` first.
-      --localtime               Use local time in listings (default: UTC)
-      --no-cleanup              Retain working files (useful for troubleshooting and testing).
-      --workdir PATH            Use custom working directory (useful for testing).
-                                (default: `~/.cache/rclone/bisync`)
-  -n, --dry-run                 Go through the motions - No files are copied/deleted.
-  -v, --verbose                 Increases logging verbosity.
-                                May be specified more than once for more details.
-  -h, --help                    help for bisync
-```
+Example:
 
-Arbitrary rclone flags may be specified on the
-[bisync command line](https://rclone.org/commands/rclone_bisync/), for example
-`rclone bisync ./testdir/path1/ gdrive:testdir/path2/ --drive-skip-gdocs -v -v --timeout 10s`
-Note that interactions of various rclone flags with bisync process flow
-has not been fully tested yet.
+   rclone rc pluginsctl/addPlugin
 
-### Paths
+**Authentication is required for this call.**
 
-Path1 and Path2 arguments may be references to any mix of local directory
-paths (absolute or relative), UNC paths (`//server/share/path`),
-Windows drive paths (with a drive letter and `:`) or configured
-[remotes](https://rclone.org/docs/#syntax-of-remote-paths) with optional subdirectory paths.
-Cloud references are distinguished by having a `:` in the argument
-(see [Windows support](#windows) below).
+### pluginsctl/getPluginsForType: Get plugins with type criteria {#pluginsctl-getPluginsForType}
 
-Path1 and Path2 are treated equally, in that neither has priority for
-file changes, and access efficiency does not change whether a remote
-is on Path1 or Path2.
+This shows all possible plugins by a mime type.
 
-The listings in bisync working directory (default: `~/.cache/rclone/bisync`)
-are named based on the Path1 and Path2 arguments so that separate syncs
-to individual directories within the tree may be set up, e.g.:
-`path_to_local_tree..dropbox_subdir.lst`.
+This takes the following parameters:
 
-Any empty directories after the sync on both the Path1 and Path2
-filesystems are not deleted by default. If the `--remove-empty-dirs`
-flag is specified, then both paths will have any empty directories purged
-as the last step in the process.
+- type - supported mime type by a loaded plugin e.g. (video/mp4, audio/mp3).
+- pluginType - filter plugins based on their type e.g. (DASHBOARD, FILE_HANDLER, TERMINAL).
 
-## Command-line flags
+Returns:
 
-#### --resync
+- loadedPlugins - list of current production plugins.
+- testPlugins - list of temporarily loaded development plugins, usually running on a different server.
 
-This will effectively make both Path1 and Path2 filesystems contain a
-matching superset of all files. Path2 files that do not exist in Path1 will
-be copied to Path1, and the process will then sync the Path1 tree to Path2.
+Example:
 
-The base directories on the both Path1 and Path2 filesystems must exist
-or bisync will fail. This is required for safety - that bisync can verify
-that both paths are valid.
+   rclone rc pluginsctl/getPluginsForType type=video/mp4
 
-When using `--resync`, a newer version of a file either on Path1 or Path2
-filesystem, will overwrite the file on the other path (only the last version
-will be kept). Carefully evaluate deltas using [--dry-run](https://rclone.org/flags/#non-backend-flags).
+**Authentication is required for this call.**
 
-For a resync run, one of the paths may be empty (no files in the path tree).
-The resync run should result in files on both paths, else a normal non-resync
-run will fail.
+### pluginsctl/listPlugins: Get the list of currently loaded plugins {#pluginsctl-listPlugins}
 
-For a non-resync run, either path being empty (no files in the tree) fails with
-`Empty current PathN listing. Cannot sync to an empty directory: X.pathN.lst`
-This is a safety check that an unexpected empty path does not result in
-deleting **everything** in the other path.
+This allows you to get the currently enabled plugins and their details.
 
-#### --check-access
+This takes no parameters and returns:
 
-Access check files are an additional safety measure against data loss.
-bisync will ensure it can find matching `RCLONE_TEST` files in the same places
-in the Path1 and Path2 filesystems.
-`RCLONE_TEST` files are not generated automatically.
-For `--check-access`to succeed, you must first either:
-**A)** Place one or more `RCLONE_TEST` files in the Path1 or Path2 filesystem
-and then do either a run without `--check-access` or a [--resync](#resync) to
-set matching files on both filesystems, or
-**B)** Set `--check-filename` to a filename already in use in various locations
-throughout your sync'd fileset.
-Time stamps and file contents are not important, just the names and locations.
-If you have symbolic links in your sync tree it is recommended to place
-`RCLONE_TEST` files in the linked-to directory tree to protect against
-bisync assuming a bunch of deleted files if the linked-to tree should not be
-accessible.
-See also the [--check-filename](--check-filename) flag.
+- loadedPlugins - list of current production plugins.
+- testPlugins - list of temporarily loaded development plugins, usually running on a different server.
 
-#### --check-filename
+E.g.
 
-Name of the file(s) used in access health validation.
-The default `--check-filename` is `RCLONE_TEST`.
-One or more files having this filename must exist, synchronized between your
-source and destination filesets, in order for `--check-access` to succeed.
-See [--check-access](#check-access) for additional details.
+   rclone rc pluginsctl/listPlugins
 
-#### --max-delete
+**Authentication is required for this call.**
 
-As a safety check, if greater than the `--max-delete` percent of files were
-deleted on either the Path1 or Path2 filesystem, then bisync will abort with
-a warning message, without making any changes.
-The default `--max-delete` is `50%`.
-One way to trigger this limit is to rename a directory that contains more
-than half of your files. This will appear to bisync as a bunch of deleted
-files and a bunch of new files.
-This safety check is intended to block bisync from deleting all of the
-files on both filesystems due to a temporary network access issue, or if
-the user had inadvertently deleted the files on one side or the other.
-To force the sync either set a different delete percentage limit,
-e.g. `--max-delete 75` (allows up to 75% deletion), or use `--force`
-to bypass the check.
+### pluginsctl/listTestPlugins: Show currently loaded test plugins {#pluginsctl-listTestPlugins}
 
-Also see the [all files changed](#all-files-changed) check.
+Allows listing of test plugins with the rclone.test set to true in package.json of the plugin.
 
-#### --filters-file {#filters-file}
+This takes no parameters and returns:
 
-By using rclone filter features you can exclude file types or directory
-sub-trees from the sync.
-See the [bisync filters](#filtering) section and generic
-[--filter-from](https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
-documentation.
-An [example filters file](#example-filters-file) contains filters for
-non-allowed files for synching with Dropbox.
+- loadedTestPlugins - list of currently available test plugins.
 
-If you make changes to your filters file then bisync requires a run
-with `--resync`. This is a safety feature, which avoids existing files
-on the Path1 and/or Path2 side from seeming to disappear from view
-(since they are excluded in the new listings), which would fool bisync
-into seeing them as deleted (as compared to the prior run listings),
-and then bisync would proceed to delete them for real.
+E.g.
 
-To block this from happening bisync calculates an MD5 hash of the filters file
-and stores the hash in a `.md5` file in the same place as your filters file.
-On the next runs with `--filters-file` set, bisync re-calculates the MD5 hash
-of the current filters file and compares it to the hash stored in `.md5` file.
-If they don't match the run aborts with a critical error and thus forces you
-to do a `--resync`, likely avoiding a disaster.
+    rclone rc pluginsctl/listTestPlugins
 
-#### --check-sync
+**Authentication is required for this call.**
 
-Enabled by default, the check-sync function checks that all of the same
-files exist in both the Path1 and Path2 history listings. This _check-sync_
-integrity check is performed at the end of the sync run by default.
-Any untrapped failing copy/deletes between the two paths might result
-in differences between the two listings and in the untracked file content
-differences between the two paths. A resync run would correct the error.
+### pluginsctl/removePlugin: Remove a loaded plugin {#pluginsctl-removePlugin}
 
-Note that the default-enabled integrity check locally executes a load of both
-the final Path1 and Path2 listings, and thus adds to the run time of a sync.
-Using `--check-sync=false` will disable it and may significantly reduce the
-sync run times for very large numbers of files.
+This allows you to remove a plugin using it's name.
 
-The check may be run manually with `--check-sync=only`. It runs only the
-integrity check and terminates without actually synching.
+This takes parameters:
 
-## Operation
+- name - name of the plugin in the format `author`/`plugin_name`.
 
-### Runtime flow details
+E.g.
 
-bisync retains the listings of the `Path1` and `Path2` filesystems
-from the prior run.
-On each successive run it will:
+   rclone rc pluginsctl/removePlugin name=rclone/video-plugin
 
-- list files on `path1` and `path2`, and check for changes on each side.
-  Changes include `New`, `Newer`, `Older`, and `Deleted` files.
-- Propagate changes on `path1` to `path2`, and vice-versa.
+**Authentication is required for this call.**
 
-### Safety measures
+### pluginsctl/removeTestPlugin: Remove  a test plugin {#pluginsctl-removeTestPlugin}
 
-- Lock file prevents multiple simultaneous runs when taking a while.
-  This can be particularly useful if bisync is run by cron scheduler.
-- Handle change conflicts non-destructively by creating
-  `..path1` and `..path2` file versions.
-- File system access health check using `RCLONE_TEST` files
-  (see the `--check-access` flag).
-- Abort on excessive deletes - protects against a failed listing
-  being interpreted as all the files were deleted.
-  See the `--max-delete` and `--force` flags.
-- If something evil happens, bisync goes into a safe state to block
-  damage by later runs. (See [Error Handling](#error-handling))
+This allows you to remove a plugin using it's name.
 
-### Normal sync checks
+This takes the following parameters:
 
- Type         | Description                                   | Result                   | Implementation
---------------|-----------------------------------------------|--------------------------|-----------------------------
-Path2 new     | File is new on Path2, does not exist on Path1 | Path2 version survives   | `rclone copy` Path2 to Path1
-Path2 newer   | File is newer on Path2, unchanged on Path1    | Path2 version survives   | `rclone copy` Path2 to Path1
-Path2 deleted | File is deleted on Path2, unchanged on Path1  | File is deleted          | `rclone delete` Path1
-Path1 new     | File is new on Path1, does not exist on Path2 | Path1 version survives   | `rclone copy` Path1 to Path2
-Path1 newer   | File is newer on Path1, unchanged on Path2    | Path1 version survives   | `rclone copy` Path1 to Path2
-Path1 older   | File is older on Path1, unchanged on Path2    | _Path1 version survives_ | `rclone copy` Path1 to Path2
-Path2 older   | File is older on Path2, unchanged on Path1    | _Path2 version survives_ | `rclone copy` Path2 to Path1
-Path1 deleted | File no longer exists on Path1                | File is deleted          | `rclone delete` Path2
+- name - name of the plugin in the format `author`/`plugin_name`.
 
-### Unusual sync checks
+Example:
 
- Type                           | Description                           | Result                             | Implementation
---------------------------------|---------------------------------------|------------------------------------|-----------------------
-Path1 new AND Path2 new         | File is new on Path1 AND new on Path2 | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
-Path2 newer AND Path1 changed   | File is newer on Path2 AND also changed (newer/older/size) on Path1 | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
-Path2 newer AND Path1 deleted   | File is newer on Path2 AND also deleted on Path1 | Path2 version survives  | `rclone copy` Path2 to Path1
-Path2 deleted AND Path1 changed | File is deleted on Path2 AND changed (newer/older/size) on Path1 | Path1 version survives |`rclone copy` Path1 to Path2
-Path1 deleted AND Path2 changed | File is deleted on Path1 AND changed (newer/older/size) on Path2 | Path2 version survives  | `rclone copy` Path2 to Path1
+    rclone rc pluginsctl/removeTestPlugin name=rclone/rclone-webui-react
 
-### All files changed check {#all-files-changed}
+**Authentication is required for this call.**
 
-if _all_ prior existing files on either of the filesystems have changed
-(e.g. timestamps have changed due to changing the system's timezone)
-then bisync will abort without making any changes.
-Any new files are not considered for this check. You could use `--force`
-to force the sync (whichever side has the changed timestamp files wins).
-Alternately, a `--resync` may be used (Path1 versions will be pushed
-to Path2). Consider the situation carefully and perhaps use `--dry-run`
-before you commit to the changes.
+### rc/error: This returns an error {#rc-error}
 
-### Modification time
+This returns an error with the input as part of its error string.
+Useful for testing error handling.
 
-Bisync relies on file timestamps to identify changed files and will
-_refuse_ to operate if backend lacks the modification time support.
+### rc/list: List all the registered remote control commands {#rc-list}
 
-If you or your application should change the content of a file
-without changing the modification time then bisync will _not_
-notice the change, and thus will not copy it to the other side.
+This lists all the registered remote control commands as a JSON map in
+the commands response.
 
-Note that on some cloud storage systems it is not possible to have file
-timestamps that match _precisely_ between the local and other filesystems.
+### rc/noop: Echo the input to the output parameters {#rc-noop}
 
-Bisync's approach to this problem is by tracking the changes on each side
-_separately_ over time with a local database of files in that side then
-applying the resulting changes on the other side.
+This echoes the input parameters to the output parameters for testing
+purposes.  It can be used to check that rclone is still alive and to
+check that parameter passing is working properly.
 
-### Error handling {#error-handling}
+### rc/noopauth: Echo the input to the output parameters requiring auth {#rc-noopauth}
 
-Certain bisync critical errors, such as file copy/move failing, will result in
-a bisync lockout of following runs. The lockout is asserted because the sync
-status and history of the Path1 and Path2 filesystems cannot be trusted,
-so it is safer to block any further changes until someone checks things out.
-The recovery is to do a `--resync` again.
+This echoes the input parameters to the output parameters for testing
+purposes.  It can be used to check that rclone is still alive and to
+check that parameter passing is working properly.
 
-It is recommended to use `--resync --dry-run --verbose` initially and
-_carefully_ review what changes will be made before running the `--resync`
-without `--dry-run`.
+**Authentication is required for this call.**
 
-Most of these events come up due to a error status from an internal call.
-On such a critical error the `{...}.path1.lst` and `{...}.path2.lst`
-listing files are renamed to extension `.lst-err`, which blocks any future
-bisync runs (since the normal `.lst` files are not found).
-Bisync keeps them under `bisync` subdirectory of the rclone cache directory,
-typically at `${HOME}/.cache/rclone/bisync/` on Linux.
+### sync/bisync: Perform bidirectional synchronization between two paths. {#sync-bisync}
 
-Some errors are considered temporary and re-running the bisync is not blocked.
-The _critical return_ blocks further bisync runs.
+This takes the following parameters
 
-### Lock file
+- path1 - a remote directory string e.g. `drive:path1`
+- path2 - a remote directory string e.g. `drive:path2`
+- dryRun - dry-run mode
+- resync - performs the resync run
+- checkAccess - abort if RCLONE_TEST files are not found on both filesystems
+- checkFilename - file name for checkAccess (default: RCLONE_TEST)
+- maxDelete - abort sync if percentage of deleted files is above
+  this threshold (default: 50)
+- force - Bypass maxDelete safety check and run the sync
+- checkSync - `true` by default, `false` disables comparison of final listings,
+              `only` will skip sync, only compare listings from the last run
+- createEmptySrcDirs - Sync creation and deletion of empty directories. 
+			  (Not compatible with --remove-empty-dirs)
+- removeEmptyDirs - remove empty directories at the final cleanup step
+- filtersFile - read filtering patterns from a file
+- ignoreListingChecksum - Do not use checksums for listings
+- resilient - Allow future runs to retry after certain less-serious errors, instead of requiring resync. 
+            Use at your own risk!
+- workdir - server directory for history files (default: /home/ncw/.cache/rclone/bisync)
+- noCleanup - retain working files
 
-When bisync is running, a lock file is created in the bisync working directory,
-typically at `~/.cache/rclone/bisync/PATH1..PATH2.lck` on Linux.
-If bisync should crash or hang, the lock file will remain in place and block
-any further runs of bisync _for the same paths_.
-Delete the lock file as part of debugging the situation.
-The lock file effectively blocks follow-on (e.g., scheduled by _cron_) runs
-when the prior invocation is taking a long time.
-The lock file contains _PID_ of the blocking process, which may help in debug.
+See [bisync command help](https://rclone.org/commands/rclone_bisync/)
+and [full bisync description](https://rclone.org/bisync/)
+for more information.
 
-**Note**
-that while concurrent bisync runs are allowed, _be very cautious_
-that there is no overlap in the trees being synched between concurrent runs,
-lest there be replicated files, deleted files and general mayhem.
+**Authentication is required for this call.**
 
-### Return codes
+### sync/copy: copy a directory from source remote to destination remote {#sync-copy}
 
-`rclone bisync` returns the following codes to calling program:
-- `0` on a successful run,
-- `1` for a non-critical failing run (a rerun may be successful),
-- `2` for a critically aborted run (requires a `--resync` to recover).
+This takes the following parameters:
 
-## Limitations
+- srcFs - a remote name string e.g. "drive:src" for the source
+- dstFs - a remote name string e.g. "drive:dst" for the destination
+- createEmptySrcDirs - create empty src directories on destination if set
 
-### Supported backends
 
-Bisync is considered _BETA_ and has been tested with the following backends:
-- Local filesystem
-- Google Drive
-- Dropbox
-- OneDrive
-- S3
-- SFTP
-- Yandex Disk
+See the [copy](https://rclone.org/commands/rclone_copy/) command for more information on the above.
 
-It has not been fully tested with other services yet.
-If it works, or sorta works, please let us know and we'll update the list.
-Run the test suite to check for proper operation as described below.
+**Authentication is required for this call.**
 
-First release of `rclone bisync` requires that underlying backend supported
-the modification time feature and will refuse to run otherwise.
-This limitation will be lifted in a future `rclone bisync` release.
+### sync/move: move a directory from source remote to destination remote {#sync-move}
 
-### Concurrent modifications
+This takes the following parameters:
 
-When using **Local, FTP or SFTP** remotes rclone does not create _temporary_
-files at the destination when copying, and thus if the connection is lost
-the created file may be corrupt, which will likely propagate back to the
-original path on the next sync, resulting in data loss.
-This will be solved in a future release, there is no workaround at the moment.
+- srcFs - a remote name string e.g. "drive:src" for the source
+- dstFs - a remote name string e.g. "drive:dst" for the destination
+- createEmptySrcDirs - create empty src directories on destination if set
+- deleteEmptySrcDirs - delete empty src directories if set
 
-Files that **change during** a bisync run may result in data loss.
-This has been seen in a highly dynamic environment, where the filesystem
-is getting hammered by running processes during the sync.
-The solution is to sync at quiet times or [filter out](#filtering)
-unnecessary directories and files.
 
-### Empty directories
+See the [move](https://rclone.org/commands/rclone_move/) command for more information on the above.
 
-New empty directories on one path are _not_ propagated to the other side.
-This is because bisync (and rclone) natively works on files not directories.
-The following sequence is a workaround but will not propagate the delete
-of an empty directory to the other side:
+**Authentication is required for this call.**
 
-```
-rclone bisync PATH1 PATH2
-rclone copy PATH1 PATH2 --filter "+ */" --filter "- **" --create-empty-src-dirs
-rclone copy PATH2 PATH2 --filter "+ */" --filter "- **" --create-empty-src-dirs
-```
+### sync/sync: sync a directory from source remote to destination remote {#sync-sync}
 
-### Renamed directories
+This takes the following parameters:
 
-Renaming a folder on the Path1 side results is deleting all files on
-the Path2 side and then copying all files again from Path1 to Path2.
-Bisync sees this as all files in the old directory name as deleted and all
-files in the new directory name as new. Similarly, renaming a directory on
-both sides to the same name will result in creating `..path1` and `..path2`
-files on both sides.
-Currently the most effective and efficient method of renaming a directory
-is to rename it on both sides, then do a `--resync`.
+- srcFs - a remote name string e.g. "drive:src" for the source
+- dstFs - a remote name string e.g. "drive:dst" for the destination
+- createEmptySrcDirs - create empty src directories on destination if set
 
-### Case sensitivity
 
-Synching with **case-insensitive** filesystems, such as Windows or `Box`,
-can result in file name conflicts. This will be fixed in a future release.
-The near term workaround is to make sure that files on both sides
-don't have spelling case differences (`Smile.jpg` vs. `smile.jpg`).
+See the [sync](https://rclone.org/commands/rclone_sync/) command for more information on the above.
 
-## Windows support {#windows}
+**Authentication is required for this call.**
 
-Bisync has been tested on Windows 8.1, Windows 10 Pro 64-bit and on Windows
-GitHub runners.
+### vfs/forget: Forget files or directories in the directory cache. {#vfs-forget}
 
-Drive letters are allowed, including drive letters mapped to network drives
-(`rclone bisync J:\localsync GDrive:`).
-If a drive letter is omitted, the shell current drive is the default.
-Drive letters are a single character follows by `:`, so cloud names
-must be more than one character long.
+This forgets the paths in the directory cache causing them to be
+re-read from the remote when needed.
 
-Absolute paths (with or without a drive letter), and relative paths
-(with or without a drive letter) are supported.
+If no paths are passed in then it will forget all the paths in the
+directory cache.
 
-Working directory is created at `C:\Users\MyLogin\AppData\Local\rclone\bisync`.
+    rclone rc vfs/forget
 
-Note that bisync output may show a mix of forward `/` and back `\` slashes.
+Otherwise pass files or dirs in as file=path or dir=path.  Any
+parameter key starting with file will forget that file and any
+starting with dir will forget that dir, e.g.
 
-Be careful of case independent directory and file naming on Windows
-vs. case dependent Linux
+    rclone rc vfs/forget file=hello file2=goodbye dir=home/junk
+ 
+This command takes an "fs" parameter. If this parameter is not
+supplied and if there is only one VFS in use then that VFS will be
+used. If there is more than one VFS in use then the "fs" parameter
+must be supplied.
 
-## Filtering {#filtering}
+### vfs/list: List active VFSes. {#vfs-list}
 
-See [filtering documentation](https://rclone.org/filtering/)
-for how filter rules are written and interpreted.
+This lists the active VFSes.
 
-Bisync's [`--filters-file`](#filters-file) flag slightly extends the rclone's
-[--filter-from](https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
-filtering mechanism.
-For a given bisync run you may provide _only one_ `--filters-file`.
-The `--include*`, `--exclude*`, and `--filter` flags are also supported.
+It returns a list under the key "vfses" where the values are the VFS
+names that could be passed to the other VFS commands in the "fs"
+parameter.
 
-### How to filter directories
+### vfs/poll-interval: Get the status or update the value of the poll-interval option. {#vfs-poll-interval}
 
-Filtering portions of the directory tree is a critical feature for synching.
+Without any parameter given this returns the current status of the
+poll-interval setting.
 
-Examples of directory trees (always beneath the Path1/Path2 root level)
-you may want to exclude from your sync:
-- Directory trees containing only software build intermediate files.
-- Directory trees containing application temporary files and data
-  such as the Windows `C:\Users\MyLogin\AppData\` tree.
-- Directory trees containing files that are large, less important,
-  or are getting thrashed continuously by ongoing processes.
+When the interval=duration parameter is set, the poll-interval value
+is updated and the polling function is notified.
+Setting interval=0 disables poll-interval.
 
-On the other hand, there may be only select directories that you
-actually want to sync, and exclude all others. See the
-[Example include-style filters for Windows user directories](#include-filters)
-below.
+    rclone rc vfs/poll-interval interval=5m
 
-### Filters file writing guidelines
+The timeout=duration parameter can be used to specify a time to wait
+for the current poll function to apply the new value.
+If timeout is less or equal 0, which is the default, wait indefinitely.
 
-1. Begin with excluding directory trees:
-    - e.g. `- /AppData/`
-    - `**` on the end is not necessary. Once a given directory level
-      is excluded then everything beneath it won't be looked at by rclone.
-    - Exclude such directories that are unneeded, are big, dynamically thrashed,
-      or where there may be access permission issues.
-    - Excluding such dirs first will make rclone operations (much) faster.
-    - Specific files may also be excluded, as with the Dropbox exclusions
-      example below.
-2. Decide if its easier (or cleaner) to:
-    - Include select directories and therefore _exclude everything else_ -- or --
-    - Exclude select directories and therefore _include everything else_
-3. Include select directories:
-    - Add lines like: `+ /Documents/PersonalFiles/**` to select which
-      directories to include in the sync.
-    - `**` on the end specifies to include the full depth of the specified tree.
-    - With Include-style filters, files at the Path1/Path2 root are not included.
-      They may be included with `+ /*`.
-    - Place RCLONE_TEST files within these included directory trees.
-      They will only be looked for in these directory trees.
-    - Finish by excluding everything else by adding `- **` at the end
-      of the filters file.
-    - Disregard step 4.
-4. Exclude select directories:
-    - Add more lines like in step 1.
-      For example: `-/Desktop/tempfiles/`, or `- /testdir/`.
-      Again, a `**` on the end is not necessary.
-    - Do _not_ add a `- **` in the file. Without this line, everything
-      will be included that has not be explicitly excluded.
-    - Disregard step 3.
+The new poll-interval value will only be active when the timeout is
+not reached.
 
-A few rules for the syntax of a filter file expanding on
-[filtering documentation](https://rclone.org/filtering/):
+If poll-interval is updated or disabled temporarily, some changes
+might not get picked up by the polling function, depending on the
+used remote.
+ 
+This command takes an "fs" parameter. If this parameter is not
+supplied and if there is only one VFS in use then that VFS will be
+used. If there is more than one VFS in use then the "fs" parameter
+must be supplied.
 
-- Lines may start with spaces and tabs - rclone strips leading whitespace.
-- If the first non-whitespace character is a `#` then the line is a comment
-  and will be ignored.
-- Blank lines are ignored.
-- The first non-whitespace character on a filter line must be a `+` or `-`.
-- Exactly 1 space is allowed between the `+/-` and the path term.
-- Only forward slashes (`/`) are used in path terms, even on Windows.
-- The rest of the line is taken as the path term.
-  Trailing whitespace is taken literally, and probably is an error.
+### vfs/refresh: Refresh the directory cache. {#vfs-refresh}
 
-### Example include-style filters for Windows user directories {#include-filters}
+This reads the directories for the specified paths and freshens the
+directory cache.
 
-This Windows _include-style_ example is based on the sync root (Path1)
-set to `C:\Users\MyLogin`. The strategy is to select specific directories
-to be synched with a network drive (Path2).
+If no paths are passed in then it will refresh the root directory.
 
-- `- /AppData/` excludes an entire tree of Windows stored stuff
-  that need not be synched.
-  In my case, AppData has >11 GB of stuff I don't care about, and there are
-  some subdirectories beneath AppData that are not accessible to my
-  user login, resulting in bisync critical aborts.
-- Windows creates cache files starting with both upper and
-  lowercase `NTUSER` at `C:\Users\MyLogin`. These files may be dynamic,
-  locked, and are generally _don't care_.
-- There are just a few directories with _my_ data that I do want synched,
-  in the form of `+ /<path>`. By selecting only the directory trees I
-  want to avoid the dozen plus directories that various apps make
-  at `C:\Users\MyLogin\Documents`.
-- Include files in the root of the sync point, `C:\Users\MyLogin`,
-  by adding the `+ /*` line.
-- This is an Include-style filters file, therefore it ends with `- **`
-  which excludes everything not explicitly included.
+    rclone rc vfs/refresh
 
-```
-- /AppData/
-- NTUSER*
-- ntuser*
-+ /Documents/Family/**
-+ /Documents/Sketchup/**
-+ /Documents/Microcapture_Photo/**
-+ /Documents/Microcapture_Video/**
-+ /Desktop/**
-+ /Pictures/**
-+ /*
-- **
-```
+Otherwise pass directories in as dir=path. Any parameter key
+starting with dir will refresh that directory, e.g.
 
-Note also that Windows implements several "library" links such as
-`C:\Users\MyLogin\My Documents\My Music` pointing to `C:\Users\MyLogin\Music`.
-rclone sees these as links, so you must add `--links` to the
-bisync command line if you which to follow these links. I find that I get
-permission errors in trying to follow the links, so I don't include the
-rclone `--links` flag, but then you get lots of `Can't follow symlink…`
-noise from rclone about not following the links. This noise can be
-quashed by adding `--quiet` to the bisync command line.
+    rclone rc vfs/refresh dir=home/junk dir2=data/misc
 
-## Example exclude-style filters files for use with Dropbox {#exclude-filters}
+If the parameter recursive=true is given the whole directory tree
+will get refreshed. This refresh will use --fast-list if enabled.
+ 
+This command takes an "fs" parameter. If this parameter is not
+supplied and if there is only one VFS in use then that VFS will be
+used. If there is more than one VFS in use then the "fs" parameter
+must be supplied.
 
-- Dropbox disallows synching the listed temporary and configuration/data files.
-  The `- <filename>` filters exclude these files where ever they may occur
-  in the sync tree. Consider adding similar exclusions for file types
-  you don't need to sync, such as core dump and software build files.
-- bisync testing creates `/testdir/` at the top level of the sync tree,
-  and usually deletes the tree after the test. If a normal sync should run
-  while the `/testdir/` tree exists the `--check-access` phase may fail
-  due to unbalanced RCLONE_TEST files.
-  The `- /testdir/` filter blocks this tree from being synched.
-  You don't need this exclusion if you are not doing bisync development testing.
-- Everything else beneath the Path1/Path2 root will be synched.
-- RCLONE_TEST files may be placed anywhere within the tree, including the root.
+### vfs/stats: Stats for a VFS. {#vfs-stats}
 
-### Example filters file for Dropbox {#example-filters-file}
+This returns stats for the selected VFS.
 
-```
-# Filter file for use with bisync
-# See https://rclone.org/filtering/ for filtering rules
-# NOTICE: If you make changes to this file you MUST do a --resync run.
-#         Run with --dry-run to see what changes will be made.
+    {
+        // Status of the disk cache - only present if --vfs-cache-mode > off
+        "diskCache": {
+            "bytesUsed": 0,
+            "erroredFiles": 0,
+            "files": 0,
+            "hashType": 1,
+            "outOfSpace": false,
+            "path": "/home/user/.cache/rclone/vfs/local/mnt/a",
+            "pathMeta": "/home/user/.cache/rclone/vfsMeta/local/mnt/a",
+            "uploadsInProgress": 0,
+            "uploadsQueued": 0
+        },
+        "fs": "/mnt/a",
+        "inUse": 1,
+        // Status of the in memory metadata cache
+        "metadataCache": {
+            "dirs": 1,
+            "files": 0
+        },
+        // Options as returned by options/get
+        "opt": {
+            "CacheMaxAge": 3600000000000,
+            // ...
+            "WriteWait": 1000000000
+        }
+    }
 
-# Dropbox wont sync some files so filter them away here.
-# See https://help.dropbox.com/installs-integrations/sync-uploads/files-not-syncing
-- .dropbox.attr
-- ~*.tmp
-- ~$*
-- .~*
-- desktop.ini
-- .dropbox
+ 
+This command takes an "fs" parameter. If this parameter is not
+supplied and if there is only one VFS in use then that VFS will be
+used. If there is more than one VFS in use then the "fs" parameter
+must be supplied.
 
-# Used for bisync testing, so excluded from normal runs
-- /testdir/
 
-# Other example filters
-#- /TiBU/
-#- /Photos/
-```
 
-### How --check-access handles filters
+## Accessing the remote control via HTTP {#api-http}
 
-At the start of a bisync run, listings are gathered for Path1 and Path2
-while using the user's `--filters-file`. During the check access phase,
-bisync scans these listings for `RCLONE_TEST` files.
-Any `RCLONE_TEST` files hidden by the `--filters-file` are _not_ in the
-listings and thus not checked during the check access phase.
+Rclone implements a simple HTTP based protocol.
 
-## Troubleshooting {#troubleshooting}
+Each endpoint takes an JSON object and returns a JSON object or an
+error.  The JSON objects are essentially a map of string names to
+values.
 
-### Reading bisync logs
+All calls must made using POST.
 
-Here are two normal runs. The first one has a newer file on the remote.
-The second has no deltas between local and remote.
+The input objects can be supplied using URL parameters, POST
+parameters or by supplying "Content-Type: application/json" and a JSON
+blob in the body.  There are examples of these below using `curl`.
 
-```
-2021/05/16 00:24:38 INFO  : Synching Path1 "/path/to/local/tree/" with Path2 "dropbox:/"
-2021/05/16 00:24:38 INFO  : Path1 checking for diffs
-2021/05/16 00:24:38 INFO  : - Path1    File is new                         - file.txt
-2021/05/16 00:24:38 INFO  : Path1:    1 changes:    1 new,    0 newer,    0 older,    0 deleted
-2021/05/16 00:24:38 INFO  : Path2 checking for diffs
-2021/05/16 00:24:38 INFO  : Applying changes
-2021/05/16 00:24:38 INFO  : - Path1    Queue copy to Path2                 - dropbox:/file.txt
-2021/05/16 00:24:38 INFO  : - Path1    Do queued copies to                 - Path2
-2021/05/16 00:24:38 INFO  : Updating listings
-2021/05/16 00:24:38 INFO  : Validating listings for Path1 "/path/to/local/tree/" vs Path2 "dropbox:/"
-2021/05/16 00:24:38 INFO  : Bisync successful
+The response will be a JSON blob in the body of the response.  This is
+formatted to be reasonably human-readable.
+
+### Error returns
+
+If an error occurs then there will be an HTTP error status (e.g. 500)
+and the body of the response will contain a JSON encoded error object,
+e.g.
 
-2021/05/16 00:36:52 INFO  : Synching Path1 "/path/to/local/tree/" with Path2 "dropbox:/"
-2021/05/16 00:36:52 INFO  : Path1 checking for diffs
-2021/05/16 00:36:52 INFO  : Path2 checking for diffs
-2021/05/16 00:36:52 INFO  : No changes found
-2021/05/16 00:36:52 INFO  : Updating listings
-2021/05/16 00:36:52 INFO  : Validating listings for Path1 "/path/to/local/tree/" vs Path2 "dropbox:/"
-2021/05/16 00:36:52 INFO  : Bisync successful
+```
+{
+    "error": "Expecting string value for key \"remote\" (was float64)",
+    "input": {
+        "fs": "/tmp",
+        "remote": 3
+    },
+    "status": 400
+    "path": "operations/rmdir",
+}
 ```
 
-### Dry run oddity
+The keys in the error response are
+- error - error string
+- input - the input parameters to the call
+- status - the HTTP status code
+- path - the path of the call
 
-The `--dry-run` messages may indicate that it would try to delete some files.
-For example, if a file is new on Path2 and does not exist on Path1 then
-it would normally be copied to Path1, but with `--dry-run` enabled those
-copies don't happen, which leads to the attempted delete on the Path2,
-blocked again by --dry-run: `... Not deleting as --dry-run`.
+### CORS
 
-This whole confusing situation is an artifact of the `--dry-run` flag.
-Scrutinize the proposed deletes carefully, and if the files would have been
-copied to Path1 then the threatened deletes on Path2 may be disregarded.
+The sever implements basic CORS support and allows all origins for that.
+The response to a preflight OPTIONS request will echo the requested "Access-Control-Request-Headers" back.
 
-### Retries
+### Using POST with URL parameters only
 
-Rclone has built in retries. If you run with `--verbose` you'll see
-error and retry messages such as shown below. This is usually not a bug.
-If at the end of the run you see `Bisync successful` and not
-`Bisync critical error` or `Bisync aborted` then the run was successful,
-and you can ignore the error messages.
+```
+curl -X POST 'http://localhost:5572/rc/noop?potato=1&sausage=2'
+```
 
-The following run shows an intermittent fail. Lines _5_ and _6- are
-low level messages. Line _6_ is a bubbled-up _warning_ message, conveying
-the error. Rclone normally retries failing commands, so there may be
-numerous such messages in the log.
+Response
 
-Since there are no final error/warning messages on line _7_, rclone has
-recovered from failure after a retry, and the overall sync was successful.
+```
+{
+	"potato": "1",
+	"sausage": "2"
+}
+```
+
+Here is what an error response looks like:
 
 ```
-1: 2021/05/14 00:44:12 INFO  : Synching Path1 "/path/to/local/tree" with Path2 "dropbox:"
-2: 2021/05/14 00:44:12 INFO  : Path1 checking for diffs
-3: 2021/05/14 00:44:12 INFO  : Path2 checking for diffs
-4: 2021/05/14 00:44:12 INFO  : Path2:  113 changes:   22 new,    0 newer,    0 older,   91 deleted
-5: 2021/05/14 00:44:12 ERROR : /path/to/local/tree/objects/af: error listing: unexpected end of JSON input
-6: 2021/05/14 00:44:12 NOTICE: WARNING  listing try 1 failed.                 - dropbox:
-7: 2021/05/14 00:44:12 INFO  : Bisync successful
+curl -X POST 'http://localhost:5572/rc/error?potato=1&sausage=2'
 ```
 
-This log shows a _Critical failure_ which requires a `--resync` to recover from.
-See the [Runtime Error Handling](#error-handling) section.
+```
+{
+	"error": "arbitrary error on input map[potato:1 sausage:2]",
+	"input": {
+		"potato": "1",
+		"sausage": "2"
+	}
+}
+```
+
+Note that curl doesn't return errors to the shell unless you use the `-f` option
 
 ```
-2021/05/12 00:49:40 INFO  : Google drive root '': Waiting for checks to finish
-2021/05/12 00:49:40 INFO  : Google drive root '': Waiting for transfers to finish
-2021/05/12 00:49:40 INFO  : Google drive root '': not deleting files as there were IO errors
-2021/05/12 00:49:40 ERROR : Attempt 3/3 failed with 3 errors and: not deleting files as there were IO errors
-2021/05/12 00:49:40 ERROR : Failed to sync: not deleting files as there were IO errors
-2021/05/12 00:49:40 NOTICE: WARNING  rclone sync try 3 failed.           - /path/to/local/tree/
-2021/05/12 00:49:40 ERROR : Bisync aborted. Must run --resync to recover.
+$ curl -f -X POST 'http://localhost:5572/rc/error?potato=1&sausage=2'
+curl: (22) The requested URL returned error: 400 Bad Request
+$ echo $?
+22
 ```
 
-### Denied downloads of "infected" or "abusive" files
+### Using POST with a form
 
-Google Drive has a filter for certain file types (`.exe`, `.apk`, et cetera)
-that by default cannot be copied from Google Drive to the local filesystem.
-If you are having problems, run with `--verbose` to see specifically which
-files are generating complaints. If the error is
-`This file has been identified as malware or spam and cannot be downloaded`,
-consider using the flag
-[--drive-acknowledge-abuse](https://rclone.org/drive/#drive-acknowledge-abuse).
+```
+curl --data "potato=1" --data "sausage=2" http://localhost:5572/rc/noop
+```
 
-### Google Doc files
+Response
 
-Google docs exist as virtual files on Google Drive and cannot be transferred
-to other filesystems natively. While it is possible to export a Google doc to
-a normal file (with `.xlsx` extension, for example), it is not possible
-to import a normal file back into a Google document.
+```
+{
+	"potato": "1",
+	"sausage": "2"
+}
+```
 
-Bisync's handling of Google Doc files is to flag them in the run log output
-for user's attention and ignore them for any file transfers, deletes, or syncs.
-They will show up with a length of `-1` in the listings.
-This bisync run is otherwise successful:
+Note that you can combine these with URL parameters too with the POST
+parameters taking precedence.
 
 ```
-2021/05/11 08:23:15 INFO  : Synching Path1 "/path/to/local/tree/base/" with Path2 "GDrive:"
-2021/05/11 08:23:15 INFO  : ...path2.lst-new: Ignoring incorrect line: "- -1 - - 2018-07-29T08:49:30.136000000+0000 GoogleDoc.docx"
-2021/05/11 08:23:15 INFO  : Bisync successful
+curl --data "potato=1" --data "sausage=2" "http://localhost:5572/rc/noop?rutabaga=3&sausage=4"
 ```
 
-## Usage examples
+Response
 
-### Cron {#cron}
+```
+{
+	"potato": "1",
+	"rutabaga": "3",
+	"sausage": "4"
+}
 
-Rclone does not yet have a built-in capability to monitor the local file
-system for changes and must be blindly run periodically.
-On Windows this can be done using a _Task Scheduler_,
-on Linux you can use _Cron_ which is described below.
+```
 
-The 1st example runs a sync every 5 minutes between a local directory
-and an OwnCloud server, with output logged to a runlog file:
+### Using POST with a JSON blob
 
 ```
-# Minute (0-59)
-#      Hour (0-23)
-#           Day of Month (1-31)
-#                Month (1-12 or Jan-Dec)
-#                     Day of Week (0-6 or Sun-Sat)
-#                         Command
-  */5  *    *    *    *   /path/to/rclone bisync /local/files MyCloud: --check-access --filters-file /path/to/bysync-filters.txt --log-file /path/to//bisync.log
+curl -H "Content-Type: application/json" -X POST -d '{"potato":2,"sausage":1}' http://localhost:5572/rc/noop
 ```
 
-See [crontab syntax](https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES)).
-for the details of crontab time interval expressions.
+response
 
-If you run `rclone bisync` as a cron job, redirect stdout/stderr to a file.
-The 2nd example runs a sync to Dropbox every hour and logs all stdout (via the `>>`)
-and stderr (via `2>&1`) to a log file.
+```
+{
+	"password": "xyz",
+	"username": "xyz"
+}
+```
+
+This can be combined with URL parameters too if required.  The JSON
+blob takes precedence.
 
 ```
-0 * * * * /path/to/rclone bisync /path/to/local/dropbox Dropbox: --check-access --filters-file /home/user/filters.txt >> /path/to/logs/dropbox-run.log 2>&1
+curl -H "Content-Type: application/json" -X POST -d '{"potato":2,"sausage":1}' 'http://localhost:5572/rc/noop?rutabaga=3&potato=4'
 ```
 
-### Sharing an encrypted folder tree between hosts
+```
+{
+	"potato": 2,
+	"rutabaga": "3",
+	"sausage": 1
+}
+```
 
-bisync can keep a local folder in sync with a cloud service,
-but what if you have some highly sensitive files to be synched?
+## Debugging rclone with pprof ##
 
-Usage of a cloud service is for exchanging both routine and sensitive
-personal files between one's home network, one's personal notebook when on the
-road, and with one's work computer. The routine data is not sensitive.
-For the sensitive data, configure an rclone [crypt remote](https://rclone.org/crypt/) to point to
-a subdirectory within the local disk tree that is bisync'd to Dropbox,
-and then set up an bisync for this local crypt directory to a directory
-outside of the main sync tree.
+If you use the `--rc` flag this will also enable the use of the go
+profiling tools on the same port.
 
-### Linux server setup
+To use these, first [install go](https://golang.org/doc/install).
 
-- `/path/to/DBoxroot` is the root of my local sync tree.
-  There are numerous subdirectories.
-- `/path/to/DBoxroot/crypt` is the root subdirectory for files
-  that are encrypted. This local directory target is setup as an
-  rclone crypt remote named `Dropcrypt:`.
-  See [rclone.conf](#rclone-conf-snippet) snippet below.
-- `/path/to/my/unencrypted/files` is the root of my sensitive
-  files - not encrypted, not within the tree synched to Dropbox.
-- To sync my local unencrypted files with the encrypted Dropbox versions
-  I manually run `bisync /path/to/my/unencrypted/files DropCrypt:`.
-  This step could be bundled into a script to run before and after
-  the full Dropbox tree sync in the last step,
-  thus actively keeping the sensitive files in sync.
-- `bisync /path/to/DBoxroot Dropbox:` runs periodically via cron,
-  keeping my full local sync tree in sync with Dropbox.
+### Debugging memory use
 
-### Windows notebook setup
+To profile rclone's memory use you can run:
 
-- The Dropbox client runs keeping the local tree `C:\Users\MyLogin\Dropbox`
-  always in sync with Dropbox. I could have used `rclone bisync` instead.
-- A separate directory tree at `C:\Users\MyLogin\Documents\DropLocal`
-  hosts the tree of unencrypted files/folders.
-- To sync my local unencrypted files with the encrypted
-  Dropbox versions I manually run the following command:
-  `rclone bisync C:\Users\MyLogin\Documents\DropLocal Dropcrypt:`.
-- The Dropbox client then syncs the changes with Dropbox.
+    go tool pprof -web http://localhost:5572/debug/pprof/heap
 
-### rclone.conf snippet {#rclone-conf-snippet}
+This should open a page in your browser showing what is using what
+memory.
 
-```
-[Dropbox]
-type = dropbox
-...
+You can also use the `-text` flag to produce a textual summary
 
-[Dropcrypt]
-type = crypt
-remote = /path/to/DBoxroot/crypt          # on the Linux server
-remote = C:\Users\MyLogin\Dropbox\crypt   # on the Windows notebook
-filename_encryption = standard
-directory_name_encryption = true
-password = ...
-...
+```
+$ go tool pprof -text http://localhost:5572/debug/pprof/heap
+Showing nodes accounting for 1537.03kB, 100% of 1537.03kB total
+      flat  flat%   sum%        cum   cum%
+ 1024.03kB 66.62% 66.62%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.addDecoderNode
+     513kB 33.38%   100%      513kB 33.38%  net/http.newBufioWriterSize
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/all.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve/restic.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init.0
+         0     0%   100%  1024.03kB 66.62%  main.init
+         0     0%   100%      513kB 33.38%  net/http.(*conn).readRequest
+         0     0%   100%      513kB 33.38%  net/http.(*conn).serve
+         0     0%   100%  1024.03kB 66.62%  runtime.main
 ```
 
-## Testing {#testing}
+### Debugging go routine leaks
 
-You should read this section only if you are developing for rclone.
-You need to have rclone source code locally to work with bisync tests.
+Memory leaks are most often caused by go routine leaks keeping memory
+alive which should have been garbage collected.
 
-Bisync has a dedicated test framework implemented in the `bisync_test.go`
-file located in the rclone source tree. The test suite is based on the
-`go test` command. Series of tests are stored in subdirectories below the
-`cmd/bisync/testdata` directory. Individual tests can be invoked by their
-directory name, e.g.
-`go test . -case basic -remote local -remote2 gdrive: -v`
+See all active go routines using
 
-Tests will make a temporary folder on remote and purge it afterwards.
-If during test run there are intermittent errors and rclone retries,
-these errors will be captured and flagged as invalid MISCOMPAREs.
-Rerunning the test will let it pass. Consider such failures as noise.
+    curl http://localhost:5572/debug/pprof/goroutine?debug=1
 
-### Test command syntax
+Or go to http://localhost:5572/debug/pprof/goroutine?debug=1 in your browser.
 
-```
-usage: go test ./cmd/bisync [options...]
+### Other profiles to look at
 
-Options:
-  -case NAME        Name(s) of the test case(s) to run. Multiple names should
-                    be separated by commas. You can remove the `test_` prefix
-                    and replace `_` by `-` in test name for convenience.
-                    If not `all`, the name(s) should map to a directory under
-                    `./cmd/bisync/testdata`.
-                    Use `all` to run all tests (default: all)
-  -remote PATH1     `local` or name of cloud service with `:` (default: local)
-  -remote2 PATH2    `local` or name of cloud service with `:` (default: local)
-  -no-compare       Disable comparing test results with the golden directory
-                    (default: compare)
-  -no-cleanup       Disable cleanup of Path1 and Path2 testdirs.
-                    Useful for troubleshooting. (default: cleanup)
-  -golden           Store results in the golden directory (default: false)
-                    This flag can be used with multiple tests.
-  -debug            Print debug messages
-  -stop-at NUM      Stop test after given step number. (default: run to the end)
-                    Implies `-no-compare` and `-no-cleanup`, if the test really
-                    ends prematurely. Only meaningful for a single test case.
-  -refresh-times    Force refreshing the target modtime, useful for Dropbox
-                    (default: false)
-  -verbose          Run tests verbosely
-```
+You can see a summary of profiles available at http://localhost:5572/debug/pprof/
 
-Note: unlike rclone flags which must be prefixed by double dash (`--`), the
-test command flags can be equally prefixed by a single `-` or double dash.
+Here is how to use some of them:
 
-### Running tests
+- Memory: `go tool pprof http://localhost:5572/debug/pprof/heap`
+- Go routines: `curl http://localhost:5572/debug/pprof/goroutine?debug=1`
+- 30-second CPU profile: `go tool pprof http://localhost:5572/debug/pprof/profile`
+- 5-second execution trace: `wget http://localhost:5572/debug/pprof/trace?seconds=5`
+- Goroutine blocking profile
+    - Enable first with: `rclone rc debug/set-block-profile-rate rate=1` ([docs](#debug-set-block-profile-rate))
+    - `go tool pprof http://localhost:5572/debug/pprof/block`
+- Contended mutexes:
+    - Enable first with: `rclone rc debug/set-mutex-profile-fraction rate=1` ([docs](#debug-set-mutex-profile-fraction))
+    - `go tool pprof http://localhost:5572/debug/pprof/mutex`
 
-- `go test . -case basic -remote local -remote2 local`
-  runs the `test_basic` test case using only the local filesystem,
-  synching one local directory with another local directory.
-  Test script output is to the console, while commands within scenario.txt
-  have their output sent to the `.../workdir/test.log` file,
-  which is finally compared to the golden copy.
-- The first argument after `go test` should be a relative name of the
-  directory containing bisync source code. If you run tests right from there,
-  the argument will be `.` (current directory) as in most examples below.
-  If you run bisync tests from the rclone source directory, the command
-  should be `go test ./cmd/bisync ...`.
-- The test engine will mangle rclone output to ensure comparability
-  with golden listings and logs.
-- Test scenarios are located in `./cmd/bisync/testdata`. The test `-case`
-  argument should match the full name of a subdirectory under that
-  directory. Every test subdirectory name on disk must start with `test_`,
-  this prefix can be omitted on command line for brevity. Also, underscores
-  in the name can be replaced by dashes for convenience.
-- `go test . -remote local -remote2 local -case all` runs all tests.
-- Path1 and Path2 may either be the keyword `local`
-  or may be names of configured cloud services.
-  `go test . -remote gdrive: -remote2 dropbox: -case basic`
-  will run the test between these two services, without transferring
-  any files to the local filesystem.
-- Test run stdout and stderr console output may be directed to a file, e.g.
-  `go test . -remote gdrive: -remote2 local -case all > runlog.txt 2>&1`
+See the [net/http/pprof docs](https://golang.org/pkg/net/http/pprof/)
+for more info on how to use the profiling and for a general overview
+see [the Go team's blog post on profiling go programs](https://blog.golang.org/profiling-go-programs).
 
-### Test execution flow
+The profiling hook is [zero overhead unless it is used](https://stackoverflow.com/q/26545159/164234).
 
-1. The base setup in the `initial` directory of the testcase is applied
-   on the Path1 and Path2 filesystems (via rclone copy the initial directory
-   to Path1, then rclone sync Path1 to Path2).
-2. The commands in the scenario.txt file are applied, with output directed
-   to the `test.log` file in the test working directory.
-   Typically, the first actual command in the `scenario.txt` file is
-   to do a `--resync`, which establishes the baseline
-   `{...}.path1.lst` and `{...}.path2.lst` files in the test working
-   directory (`.../workdir/` relative to the temporary test directory).
-   Various commands and listing snapshots are done within the test.
-3. Finally, the contents of the test working directory are compared
-   to the contents of the testcase's golden directory.
+# Overview of cloud storage systems #
 
-### Notes about testing
+Each cloud storage system is slightly different.  Rclone attempts to
+provide a unified interface to them, but some underlying differences
+show through.
 
-- Test cases are in individual directories beneath `./cmd/bisync/testdata`.
-  A command line reference to a test is understood to reference a directory
-  beneath `testdata`. For example,
-  `go test ./cmd/bisync -case dry-run -remote gdrive: -remote2 local`
-  refers to the test case in `./cmd/bisync/testdata/test_dry_run`.
-- The test working directory is located at `.../workdir` relative to a
-  temporary test directory, usually under `/tmp` on Linux.
-- The local test sync tree is created at a temporary directory named
-  like `bisync.XXX` under system temporary directory.
-- The remote test sync tree is located at a temporary directory
-  under `<remote:>/bisync.XXX/`.
-- `path1` and/or `path2` subdirectories are created in a temporary
-  directory under the respective local or cloud test remote.
-- By default, the Path1 and Path2 test dirs and workdir will be deleted
-  after each test run. The `-no-cleanup` flag disables purging these
-  directories when validating and debugging a given test.
-  These directories will be flushed before running another test,
-  independent of the `-no-cleanup` usage.
-- You will likely want to add `- /testdir/` to your normal
-  bisync `--filters-file` so that normal syncs do not attempt to sync
-  the test temporary directories, which may have `RCLONE_TEST` miscompares
-  in some testcases which would otherwise trip the `--check-access` system.
-  The `--check-access` mechanism is hard-coded to ignore `RCLONE_TEST`
-  files beneath `bisync/testdata`, so the test cases may reside on the
-  synched tree even if there are check file mismatches in the test tree.
-- Some Dropbox tests can fail, notably printing the following message:
-  `src and dst identical but can't set mod time without deleting and re-uploading`
-  This is expected and happens due a way Dropbox handles modification times.
-  You should use the `-refresh-times` test flag to make up for this.
-- If Dropbox tests hit request limit for you and print error message
-  `too_many_requests/...: Too many requests or write operations.`
-  then follow the
-  [Dropbox App ID instructions](https://rclone.org/dropbox/#get-your-own-dropbox-app-id).
-
-### Updating golden results
-
-Sometimes even a slight change in the bisync source can cause little changes
-spread around many log files. Updating them manually would be a nightmare.
-
-The `-golden` flag will store the `test.log` and `*.lst` listings from each
-test case into respective golden directories. Golden results will
-automatically contain generic strings instead of local or cloud paths which
-means that they should match when run with a different cloud service.
+## Features ##
 
-Your normal workflow might be as follows:
-1. Git-clone the rclone sources locally
-2. Modify bisync source and check that it builds
-3. Run the whole test suite `go test ./cmd/bisync -remote local`
-4. If some tests show log difference, recheck them individually, e.g.:
-   `go test ./cmd/bisync -remote local -case basic`
-5. If you are convinced with the difference, goldenize all tests at once:
-   `go test ./cmd/bisync -remote local -golden`
-6. Use word diff: `git diff --word-diff ./cmd/bisync/testdata/`.
-   Please note that normal line-level diff is generally useless here.
-7. Check the difference _carefully_!
-8. Commit the change (`git commit`) _only_ if you are sure.
-   If unsure, save your code changes then wipe the log diffs from git:
-   `git reset [--hard]`.
+Here is an overview of the major features of each cloud storage system.
 
-### Structure of test scenarios
+| Name                         | Hash              | ModTime | Case Insensitive | Duplicate Files | MIME Type | Metadata |
+| ---------------------------- |:-----------------:|:-------:|:----------------:|:---------------:|:---------:|:--------:|
+| 1Fichier                     | Whirlpool         | -       | No               | Yes             | R         | -        |
+| Akamai Netstorage            | MD5, SHA256       | R/W     | No               | No              | R         | -        |
+| Amazon Drive                 | MD5               | -       | Yes              | No              | R         | -        |
+| Amazon S3 (or S3 compatible) | MD5               | R/W     | No               | No              | R/W       | RWU      |
+| Backblaze B2                 | SHA1              | R/W     | No               | No              | R/W       | -        |
+| Box                          | SHA1              | R/W     | Yes              | No              | -         | -        |
+| Citrix ShareFile             | MD5               | R/W     | Yes              | No              | -         | -        |
+| Dropbox                      | DBHASH ¹          | R       | Yes              | No              | -         | -        |
+| Enterprise File Fabric       | -                 | R/W     | Yes              | No              | R/W       | -        |
+| FTP                          | -                 | R/W ¹⁰  | No               | No              | -         | -        |
+| Google Cloud Storage         | MD5               | R/W     | No               | No              | R/W       | -        |
+| Google Drive                 | MD5, SHA1, SHA256 | R/W     | No               | Yes             | R/W       | -        |
+| Google Photos                | -                 | -       | No               | Yes             | R         | -        |
+| HDFS                         | -                 | R/W     | No               | No              | -         | -        |
+| HiDrive                      | HiDrive ¹²        | R/W     | No               | No              | -         | -        |
+| HTTP                         | -                 | R       | No               | No              | R         | -        |
+| Internet Archive             | MD5, SHA1, CRC32  | R/W ¹¹  | No               | No              | -         | RWU      |
+| Jottacloud                   | MD5               | R/W     | Yes              | No              | R         | RW       |
+| Koofr                        | MD5               | -       | Yes              | No              | -         | -        |
+| Linkbox                      | -                 | R       | No               | No              | -         | -        |
+| Mail.ru Cloud                | Mailru ⁶          | R/W     | Yes              | No              | -         | -        |
+| Mega                         | -                 | -       | No               | Yes             | -         | -        |
+| Memory                       | MD5               | R/W     | No               | No              | -         | -        |
+| Microsoft Azure Blob Storage | MD5               | R/W     | No               | No              | R/W       | -        |
+| Microsoft Azure Files Storage | MD5              | R/W     | Yes              | No              | R/W       | -        |
+| Microsoft OneDrive           | QuickXorHash ⁵    | R/W     | Yes              | No              | R         | -        |
+| OpenDrive                    | MD5               | R/W     | Yes              | Partial ⁸       | -         | -        |
+| OpenStack Swift              | MD5               | R/W     | No               | No              | R/W       | -        |
+| Oracle Object Storage        | MD5               | R/W     | No               | No              | R/W       | -        |
+| pCloud                       | MD5, SHA1 ⁷       | R       | No               | No              | W         | -        |
+| PikPak                       | MD5               | R       | No               | No              | R         | -        |
+| premiumize.me                | -                 | -       | Yes              | No              | R         | -        |
+| put.io                       | CRC-32            | R/W     | No               | Yes             | R         | -        |
+| Proton Drive                 | SHA1              | R/W     | No               | No              | R         | -        |
+| QingStor                     | MD5               | - ⁹     | No               | No              | R/W       | -        |
+| Quatrix by Maytech           | -                 | R/W     | No               | No              | -         | -        |
+| Seafile                      | -                 | -       | No               | No              | -         | -        |
+| SFTP                         | MD5, SHA1 ²       | R/W     | Depends          | No              | -         | -        |
+| Sia                          | -                 | -       | No               | No              | -         | -        |
+| SMB                          | -                 | R/W     | Yes              | No              | -         | -        |
+| SugarSync                    | -                 | -       | No               | No              | -         | -        |
+| Storj                        | -                 | R       | No               | No              | -         | -        |
+| Uptobox                      | -                 | -       | No               | Yes             | -         | -        |
+| WebDAV                       | MD5, SHA1 ³       | R ⁴     | Depends          | No              | -         | -        |
+| Yandex Disk                  | MD5               | R/W     | No               | No              | R         | -        |
+| Zoho WorkDrive               | -                 | -       | No               | No              | -         | -        |
+| The local filesystem         | All               | R/W     | Depends          | No              | -         | RWU      |
 
-- `<testname>/initial/` contains a tree of files that will be set
-  as the initial condition on both Path1 and Path2 testdirs.
-- `<testname>/modfiles/` contains files that will be used to
-  modify the Path1 and/or Path2 filesystems.
-- `<testname>/golden/` contains the expected content of the test
-  working directory (`workdir`) at the completion of the testcase.
-- `<testname>/scenario.txt` contains the body of the test, in the form of
-  various commands to modify files, run bisync, and snapshot listings.
-  Output from these commands is captured to `.../workdir/test.log`
-  for comparison to the golden files.
+¹ Dropbox supports [its own custom
+hash](https://www.dropbox.com/developers/reference/content-hash).
+This is an SHA256 sum of all the 4 MiB block SHA256s.
 
-### Supported test commands
+² SFTP supports checksums if the same login has shell access and
+`md5sum` or `sha1sum` as well as `echo` are in the remote's PATH.
 
-- `test <some message>`
-  Print the line to the console and to the `test.log`:
-  `test sync is working correctly with options x, y, z`
-- `copy-listings <prefix>`
-  Save a copy of all `.lst` listings in the test working directory
-  with the specified prefix:
-  `save-listings exclude-pass-run`
-- `move-listings <prefix>`
-  Similar to `copy-listings` but removes the source
-- `purge-children <dir>`
-  This will delete all child files and purge all child subdirs under given
-  directory but keep the parent intact. This behavior is important for tests
-  with Google Drive because removing and re-creating the parent would change
-  its ID.
-- `delete-file <file>`
-  Delete a single file.
-- `delete-glob <dir> <pattern>`
-  Delete a group of files located one level deep in the given directory
-  with names maching a given glob pattern.
-- `touch-glob YYYY-MM-DD <dir> <pattern>`
-  Change modification time on a group of files.
-- `touch-copy YYYY-MM-DD <source-file> <dest-dir>`
-  Change file modification time then copy it to destination.
-- `copy-file <source-file> <dest-dir>`
-  Copy a single file to given directory.
-- `copy-as <source-file> <dest-file>`
-  Similar to above but destination must include both directory
-  and the new file name at destination.
-- `copy-dir <src> <dst>` and `sync-dir <src> <dst>`
-  Copy/sync a directory. Equivalent of `rclone copy` and `rclone sync`.
-- `list-dirs <dir>`
-  Equivalent to `rclone lsf -R --dirs-only <dir>`
-- `bisync [options]`
-  Runs bisync against `-remote` and `-remote2`.
+³ WebDAV supports hashes when used with Fastmail Files, Owncloud and Nextcloud only.
 
-### Supported substitution terms
+⁴ WebDAV supports modtimes when used with Fastmail Files, Owncloud and Nextcloud only.
 
-- `{testdir/}` - the root dir of the testcase
-- `{datadir/}` - the `modfiles` dir under the testcase root
-- `{workdir/}` - the temporary test working directory
-- `{path1/}` - the root of the Path1 test directory tree
-- `{path2/}` - the root of the Path2 test directory tree
-- `{session}` - base name of the test listings
-- `{/}` - OS-specific path separator
-- `{spc}`, `{tab}`, `{eol}` - whitespace
-- `{chr:HH}` - raw byte with given hexadecimal code
+⁵ [QuickXorHash](https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash) is Microsoft's own hash.
 
-Substitution results of the terms named like `{dir/}` will end with
-`/` (or backslash on Windows), so it is not necessary to include
-slash in the usage, for example `delete-file {path1/}file1.txt`.
+⁶ Mail.ru uses its own modified SHA1 hash
 
-## Benchmarks
+⁷ pCloud only supports SHA1 (not MD5) in its EU region
 
-_This section is work in progress._
+⁸ Opendrive does not support creation of duplicate files using
+their web client interface or other stock clients, but the underlying
+storage platform has been determined to allow duplicate files, and it
+is possible to create them with `rclone`.  It may be that this is a
+mistake or an unsupported feature.
 
-Here are a few data points for scale, execution times, and memory usage.
+⁹ QingStor does not support SetModTime for objects bigger than 5 GiB.
 
-The first set of data was taken between a local disk to Dropbox.
-The [speedtest.net](https://speedtest.net) download speed was ~170 Mbps,
-and upload speed was ~10 Mbps. 500 files (~9.5 MB each) had been already
-synched. 50 files were added in a new directory, each ~9.5 MB, ~475 MB total.
+¹⁰ FTP supports modtimes for the major FTP servers, and also others
+if they advertised required protocol extensions. See [this](https://rclone.org/ftp/#modification-times)
+for more details.
 
-Change                                | Operations and times                                   | Overall run time
---------------------------------------|--------------------------------------------------------|------------------
-500 files synched (nothing to move)   | 1x listings for Path1 & Path2                          | 1.5 sec
-500 files synched with --check-access | 1x listings for Path1 & Path2                          | 1.5 sec
-50 new files on remote                | Queued 50 copies down: 27 sec                          |  29 sec
-Moved local dir                       | Queued 50 copies up: 410 sec, 50 deletes up: 9 sec     | 421 sec
-Moved remote dir                      | Queued 50 copies down: 31 sec, 50 deletes down: <1 sec |  33 sec
-Delete local dir                      | Queued 50 deletes up: 9 sec                            |  13 sec
+¹¹ Internet Archive requires option `wait_archive` to be set to a non-zero value
+for full modtime support.
 
-This next data is from a user's application. They had ~400GB of data
-over 1.96 million files being sync'ed between a Windows local disk and some
-remote cloud. The file full path length was on average 35 characters
-(which factors into load time and RAM required).
+¹² HiDrive supports [its own custom
+hash](https://static.hidrive.com/dev/0001).
+It combines SHA1 sums for each 4 KiB block hierarchically to a single
+top-level sum.
 
-- Loading the prior listing into memory (1.96 million files, listing file
-  size 140 MB) took ~30 sec and occupied about 1 GB of RAM.
-- Getting a fresh listing of the local file system (producing the
-  140 MB output file) took about XXX sec.
-- Getting a fresh listing of the remote file system (producing the 140 MB
-  output file) took about XXX sec. The network download speed was measured
-  at XXX Mb/s.
-- Once the prior and current Path1 and Path2 listings were loaded (a total
-  of four to be loaded, two at a time), determining the deltas was pretty
-  quick (a few seconds for this test case), and the transfer time for any
-  files to be copied was dominated by the network bandwidth.
+### Hash ###
 
-## References
+The cloud storage system supports various hash types of the objects.
+The hashes are used when transferring data as an integrity check and
+can be specifically used with the `--checksum` flag in syncs and in
+the `check` command.
 
-rclone's bisync implementation was derived from
-the [rclonesync-V2](https://github.com/cjnaz/rclonesync-V2) project,
-including documentation and test mechanisms,
-with [@cjnaz](https://github.com/cjnaz)'s full support and encouragement.
+To use the verify checksums when transferring between cloud storage
+systems they must support a common hash type.
 
-`rclone bisync` is similar in nature to a range of other projects:
+### ModTime ###
 
-- [unison](https://github.com/bcpierce00/unison)
-- [syncthing](https://github.com/syncthing/syncthing)
-- [cjnaz/rclonesync](https://github.com/cjnaz/rclonesync-V2)
-- [ConorWilliams/rsinc](https://github.com/ConorWilliams/rsinc)
-- [jwink3101/syncrclone](https://github.com/Jwink3101/syncrclone)
-- [DavideRossi/upback](https://github.com/DavideRossi/upback)
+Almost all cloud storage systems store some sort of timestamp
+on objects, but several of them not something that is appropriate
+to use for syncing. E.g. some backends will only write a timestamp
+that represent the time of the upload. To be relevant for syncing
+it should be able to store the modification time of the source
+object. If this is not the case, rclone will only check the file
+size by default, though can be configured to check the file hash
+(with the `--checksum` flag). Ideally it should also be possible to
+change the timestamp of an existing file without having to re-upload it.
 
-Bisync adopts the differential synchronization technique, which is
-based on keeping history of changes performed by both synchronizing sides.
-See the _Dual Shadow Method_ section in the
-[Neil Fraser's article](https://neil.fraser.name/writing/sync/).
+Storage systems with a `-` in the ModTime column, means the
+modification read on objects is not the modification time of the
+file when uploaded. It is most likely the time the file was uploaded,
+or possibly something else (like the time the picture was taken in
+Google Photos).
 
-Also note a number of academic publications by
-[Benjamin Pierce](http://www.cis.upenn.edu/%7Ebcpierce/papers/index.shtml#File%20Synchronization)
-about _Unison_ and synchronization in general.
+Storage systems with a `R` (for read-only) in the ModTime column,
+means the it keeps modification times on objects, and updates them
+when uploading objects, but it does not support changing only the
+modification time (`SetModTime` operation) without re-uploading,
+possibly not even without deleting existing first. Some operations
+in rclone, such as `copy` and `sync` commands, will automatically
+check for `SetModTime` support and re-upload if necessary to keep
+the modification times in sync. Other commands will not work
+without `SetModTime` support, e.g. `touch` command on an existing
+file will fail, and changes to modification time only on a files
+in a `mount` will be silently ignored.
 
-#  1Fichier
+Storage systems with `R/W` (for read/write) in the ModTime column,
+means they do also support modtime-only operations.
 
-This is a backend for the [1fichier](https://1fichier.com) cloud
-storage service. Note that a Premium subscription is required to use
-the API.
+### Case Insensitive ###
 
-Paths are specified as `remote:path`
+If a cloud storage systems is case sensitive then it is possible to
+have two files which differ only in case, e.g. `file.txt` and
+`FILE.txt`.  If a cloud storage system is case insensitive then that
+isn't possible.
 
-Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+This can cause problems when syncing between a case insensitive
+system and a case sensitive system.  The symptom of this is that no
+matter how many times you run the sync it never completes fully.
 
-## Configuration
+The local filesystem and SFTP may or may not be case sensitive
+depending on OS.
 
-The initial setup for 1Fichier involves getting the API key from the website which you
-need to do in your browser.
+  * Windows - usually case insensitive, though case is preserved
+  * OSX - usually case insensitive, though it is possible to format case sensitive
+  * Linux - usually case sensitive, but there are case insensitive file systems (e.g. FAT formatted USB keys)
 
-Here is an example of how to make a remote called `remote`.  First run:
+Most of the time this doesn't cause any problems as people tend to
+avoid files whose name differs only by case even on case sensitive
+systems.
 
-     rclone config
+### Duplicate files ###
 
-This will guide you through an interactive setup process:
+If a cloud storage system allows duplicate files then it can have two
+objects with the same name.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-[snip]
-XX / 1Fichier
-   \ "fichier"
-[snip]
-Storage> fichier
-** See help for fichier backend at: https://rclone.org/fichier/ **
+This confuses rclone greatly when syncing - use the `rclone dedupe`
+command to rename or remove duplicates.
 
-Your API Key, get it from https://1fichier.com/console/params.pl
-Enter a string value. Press Enter for the default ("").
-api_key> example_key
+### Restricted filenames ###
 
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> 
-Remote config
---------------------
-[remote]
-type = fichier
-api_key = example_key
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+Some cloud storage systems might have restrictions on the characters
+that are usable in file or directory names.
+When `rclone` detects such a name during a file upload, it will
+transparently replace the restricted characters with similar looking
+Unicode characters. To handle the different sets of restricted characters
+for different backends, rclone uses something it calls [encoding](#encoding).
 
-Once configured you can then use `rclone` like this,
+This process is designed to avoid ambiguous file names as much as
+possible and allow to move files between many cloud storage systems
+transparently.
 
-List directories in top level of your 1Fichier account
+The name shown by `rclone` to the user or during log output will only
+contain a minimal set of [replaced characters](#restricted-characters)
+to ensure correct formatting and not necessarily the actual name used
+on the cloud storage.
 
-    rclone lsd remote:
+This transformation is reversed when downloading a file or parsing
+`rclone` arguments. For example, when uploading a file named `my file?.txt`
+to Onedrive, it will be displayed as `my file?.txt` on the console, but
+stored as `my file？.txt` to Onedrive (the `?` gets replaced by the similar
+looking `？` character, the so-called "fullwidth question mark").
+The reverse transformation allows to read a file `unusual/name.txt`
+from Google Drive, by passing the name `unusual／name.txt` on the command line
+(the `/` needs to be replaced by the similar looking `／` character).
 
-List all the files in your 1Fichier account
+#### Caveats {#restricted-filenames-caveats}
 
-    rclone ls remote:
+The filename encoding system works well in most cases, at least
+where file names are written in English or similar languages.
+You might not even notice it: It just works. In some cases it may
+lead to issues, though. E.g. when file names are written in Chinese,
+or Japanese, where it is always the Unicode fullwidth variants of the
+punctuation marks that are used.
 
-To copy a local directory to a 1Fichier directory called backup
+On Windows, the characters `:`, `*` and `?` are examples of restricted
+characters. If these are used in filenames on a remote that supports it,
+Rclone will transparently convert them to their fullwidth Unicode
+variants `＊`, `？` and `：` when downloading to Windows, and back again
+when uploading. This way files with names that are not allowed on Windows
+can still be stored.
 
-    rclone copy /home/source remote:backup
+However, if you have files on your Windows system originally with these same
+Unicode characters in their names, they will be included in the same conversion
+process. E.g. if you create a file in your Windows filesystem with name
+`Test：1.jpg`, where `：` is the Unicode fullwidth colon symbol, and use
+rclone to upload it to Google Drive, which supports regular `:` (halfwidth
+question mark), rclone will replace the fullwidth `:` with the
+halfwidth `:` and store the file as `Test:1.jpg` in Google Drive. Since
+both Windows and Google Drive allows the name `Test：1.jpg`, it would
+probably be better if rclone just kept the name as is in this case.
 
-### Modified time and hashes ###
+With the opposite situation; if you have a file named `Test:1.jpg`,
+in your Google Drive, e.g. uploaded from a Linux system where `:` is valid
+in file names. Then later use rclone to copy this file to your Windows
+computer you will notice that on your local disk it gets renamed
+to `Test：1.jpg`. The original filename is not legal on Windows, due to
+the `:`, and rclone therefore renames it to make the copy possible.
+That is all good. However, this can also lead to an issue: If you already
+had a *different* file named `Test：1.jpg` on Windows, and then use rclone
+to copy either way. Rclone will then treat the file originally named
+`Test:1.jpg` on Google Drive and the file originally named `Test：1.jpg`
+on Windows as the same file, and replace the contents from one with the other.
 
-1Fichier does not support modification times. It supports the Whirlpool hash algorithm.
+Its virtually impossible to handle all cases like these correctly in all
+situations, but by customizing the [encoding option](#encoding), changing the
+set of characters that rclone should convert, you should be able to
+create a configuration that works well for your specific situation.
+See also the [example](https://rclone.org/overview/#encoding-example-windows) below.
 
-### Duplicated files ###
+(Windows was used as an example of a file system with many restricted
+characters, and Google drive a storage system with few.)
 
-1Fichier can have two files with exactly the same name and path (unlike a
-normal file system).
+#### Default restricted characters {#restricted-characters}
 
-Duplicated files cause problems with the syncing and you will see
-messages in the log about duplicates.
+The table below shows the characters that are replaced by default.
 
-### Restricted filename characters
+When a replacement character is found in a filename, this character
+will be escaped with the `‛` character to avoid ambiguous file names.
+(e.g. a file named `␀.txt` would shown as `‛␀.txt`)
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+Each cloud storage backend can use a different set of characters,
+which will be specified in the documentation for each backend.
 
 | Character | Value | Replacement |
 | --------- |:-----:|:-----------:|
-| \         | 0x5C  | ＼           |
-| <         | 0x3C  | ＜           |
-| >         | 0x3E  | ＞           |
-| "         | 0x22  | ＂           |
-| $         | 0x24  | ＄           |
-| `         | 0x60  | ｀           |
-| '         | 0x27  | ＇           |
+| NUL       | 0x00  | ␀           |
+| SOH       | 0x01  | ␁           |
+| STX       | 0x02  | ␂           |
+| ETX       | 0x03  | ␃           |
+| EOT       | 0x04  | ␄           |
+| ENQ       | 0x05  | ␅           |
+| ACK       | 0x06  | ␆           |
+| BEL       | 0x07  | ␇           |
+| BS        | 0x08  | ␈           |
+| HT        | 0x09  | ␉           |
+| LF        | 0x0A  | ␊           |
+| VT        | 0x0B  | ␋           |
+| FF        | 0x0C  | ␌           |
+| CR        | 0x0D  | ␍           |
+| SO        | 0x0E  | ␎           |
+| SI        | 0x0F  | ␏           |
+| DLE       | 0x10  | ␐           |
+| DC1       | 0x11  | ␑           |
+| DC2       | 0x12  | ␒           |
+| DC3       | 0x13  | ␓           |
+| DC4       | 0x14  | ␔           |
+| NAK       | 0x15  | ␕           |
+| SYN       | 0x16  | ␖           |
+| ETB       | 0x17  | ␗           |
+| CAN       | 0x18  | ␘           |
+| EM        | 0x19  | ␙           |
+| SUB       | 0x1A  | ␚           |
+| ESC       | 0x1B  | ␛           |
+| FS        | 0x1C  | ␜           |
+| GS        | 0x1D  | ␝           |
+| RS        | 0x1E  | ␞           |
+| US        | 0x1F  | ␟           |
+| /         | 0x2F  | ／           |
+| DEL       | 0x7F  | ␡           |
 
-File names can also not start or end with the following characters.
-These only get replaced if they are the first or last character in the
-name:
+The default encoding will also encode these file names as they are
+problematic with many cloud storage systems.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| SP        | 0x20  | ␠           |
+| File name | Replacement |
+| --------- |:-----------:|
+| .         | ．          |
+| ..        | ．．         |
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+#### Invalid UTF-8 bytes {#invalid-utf8}
 
+Some backends only support a sequence of well formed UTF-8 bytes
+as file or directory names.
 
-### Standard options
+In this case all invalid UTF-8 bytes will be replaced with a quoted
+representation of the byte value to allow uploading a file to such a
+backend. For example, the invalid byte `0xFE` will be encoded as `‛FE`.
 
-Here are the Standard options specific to fichier (1Fichier).
+A common source of invalid UTF-8 bytes are local filesystems, that store
+names in a different encoding than UTF-8 or UTF-16, like latin1. See the
+[local filenames](https://rclone.org/local/#filenames) section for details.
 
-#### --fichier-api-key
+#### Encoding option {#encoding}
 
-Your API Key, get it from https://1fichier.com/console/params.pl.
+Most backends have an encoding option, specified as a flag
+`--backend-encoding` where `backend` is the name of the backend, or as
+a config parameter `encoding` (you'll need to select the Advanced
+config in `rclone config` to see it).
 
-Properties:
+This will have default value which encodes and decodes characters in
+such a way as to preserve the maximum number of characters (see
+above).
 
-- Config:      api_key
-- Env Var:     RCLONE_FICHIER_API_KEY
-- Type:        string
-- Required:    false
+However this can be incorrect in some scenarios, for example if you
+have a Windows file system with Unicode fullwidth characters
+`＊`, `？` or `：`, that you want to remain as those characters on the
+remote rather than being translated to regular (halfwidth) `*`, `?` and `:`.
 
-### Advanced options
+The `--backend-encoding` flags allow you to change that. You can
+disable the encoding completely with `--backend-encoding None` or set
+`encoding = None` in the config file.
 
-Here are the Advanced options specific to fichier (1Fichier).
+Encoding takes a comma separated list of encodings. You can see the
+list of all possible values by passing an invalid value to this
+flag, e.g. `--local-encoding "help"`. The command `rclone help flags encoding`
+will show you the defaults for the backends.
 
-#### --fichier-shared-folder
+| Encoding  | Characters | Encoded as |
+| --------- | ---------- | ---------- |
+| Asterisk | `*` | `＊` |
+| BackQuote | `` ` `` | `｀` |
+| BackSlash | `\` | `＼` |
+| Colon | `:` | `：` |
+| CrLf | CR 0x0D, LF 0x0A | `␍`, `␊` |
+| Ctl | All control characters 0x00-0x1F | `␀␁␂␃␄␅␆␇␈␉␊␋␌␍␎␏␐␑␒␓␔␕␖␗␘␙␚␛␜␝␞␟` |
+| Del | DEL 0x7F | `␡` |
+| Dollar | `$` | `＄` |
+| Dot | `.` or `..` as entire string | `．`, `．．` |
+| DoubleQuote | `"` | `＂` |
+| Hash | `#` | `＃` |
+| InvalidUtf8 | An invalid UTF-8 character (e.g. latin1) | `�` |
+| LeftCrLfHtVt | CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the left of a string | `␍`, `␊`, `␉`, `␋` |
+| LeftPeriod | `.` on the left of a string | `.` |
+| LeftSpace | SPACE on the left of a string | `␠` |
+| LeftTilde | `~` on the left of a string | `～` |
+| LtGt | `<`, `>` | `＜`, `＞` |
+| None | No characters are encoded | |
+| Percent | `%` | `％` |
+| Pipe | \| | `｜` |
+| Question | `?` | `？` |
+| RightCrLfHtVt | CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the right of a string | `␍`, `␊`, `␉`, `␋` |
+| RightPeriod | `.` on the right of a string | `.` |
+| RightSpace | SPACE on the right of a string | `␠` |
+| Semicolon | `;` | `；` |
+| SingleQuote | `'` | `＇` |
+| Slash | `/` | `／` |
+| SquareBracket | `[`, `]` | `［`, `］` |
 
-If you want to download a shared folder, add this parameter.
+##### Encoding example: FTP
 
-Properties:
+To take a specific example, the FTP backend's default encoding is
 
-- Config:      shared_folder
-- Env Var:     RCLONE_FICHIER_SHARED_FOLDER
-- Type:        string
-- Required:    false
+    --ftp-encoding "Slash,Del,Ctl,RightSpace,Dot"
 
-#### --fichier-file-password
+However, let's say the FTP server is running on Windows and can't have
+any of the invalid Windows characters in file names. You are backing
+up Linux servers to this FTP server which do have those characters in
+file names. So you would add the Windows set which are
 
-If you want to download a shared file that is password protected, add this parameter.
+    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+to the existing ones, giving:
 
-Properties:
+    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot,Del,RightSpace
 
-- Config:      file_password
-- Env Var:     RCLONE_FICHIER_FILE_PASSWORD
-- Type:        string
-- Required:    false
+This can be specified using the `--ftp-encoding` flag or using an `encoding` parameter in the config file.
 
-#### --fichier-folder-password
+##### Encoding example: Windows
 
-If you want to list the files in a shared folder that is password protected, add this parameter.
+As a nother example, take a Windows system where there is a file with
+name `Test：1.jpg`, where `：` is the Unicode fullwidth colon symbol.
+When using rclone to copy this to a remote which supports `:`,
+the regular (halfwidth) colon (such as Google Drive), you will notice
+that the file gets renamed to `Test:1.jpg`.
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+To avoid this you can change the set of characters rclone should convert
+for the local filesystem, using command-line argument `--local-encoding`.
+Rclone's default behavior on Windows corresponds to
 
-Properties:
+```
+--local-encoding "Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot"
+```
 
-- Config:      folder_password
-- Env Var:     RCLONE_FICHIER_FOLDER_PASSWORD
-- Type:        string
-- Required:    false
+If you want to use fullwidth characters `：`, `＊` and `？` in your filenames
+without rclone changing them when uploading to a remote, then set the same as
+the default value but without `Colon,Question,Asterisk`:
 
-#### --fichier-encoding
+```
+--local-encoding "Slash,LtGt,DoubleQuote,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot"
+```
 
-The encoding for the backend.
+Alternatively, you can disable the conversion of any characters with `--local-encoding None`.
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Instead of using command-line argument `--local-encoding`, you may also set it
+as [environment variable](https://rclone.org/docs/#environment-variables) `RCLONE_LOCAL_ENCODING`,
+or [configure](https://rclone.org/docs/#configure) a remote of type `local` in your config,
+and set the `encoding` option there.
 
-Properties:
+The risk by doing this is that if you have a filename with the regular (halfwidth)
+`:`, `*` and `?` in your cloud storage, and you try to download
+it to your Windows filesystem, this will fail. These characters are not
+valid in filenames on Windows, and you have told rclone not to work around
+this by converting them to valid fullwidth variants.
 
-- Config:      encoding
-- Env Var:     RCLONE_FICHIER_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot
+### MIME Type ###
 
+MIME types (also known as media types) classify types of documents
+using a simple text classification, e.g. `text/html` or
+`application/pdf`.
 
+Some cloud storage systems support reading (`R`) the MIME type of
+objects and some support writing (`W`) the MIME type of objects.
 
-## Limitations
+The MIME type can be important if you are serving files directly to
+HTTP from the storage system.
 
-`rclone about` is not supported by the 1Fichier backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+If you are copying from a remote which supports reading (`R`) to a
+remote which supports writing (`W`) then rclone will preserve the MIME
+types.  Otherwise they will be guessed from the extension, or the
+remote itself may assign the MIME type.
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+### Metadata
 
-#  Alias
+Backends may or may support reading or writing metadata. They may
+support reading and writing system metadata (metadata intrinsic to
+that backend) and/or user metadata (general purpose metadata).
 
-The `alias` remote provides a new name for another remote.
+The levels of metadata support are
 
-Paths may be as deep as required or a local path, 
-e.g. `remote:directory/subdirectory` or `/directory/subdirectory`.
+| Key | Explanation |
+|-----|-------------|
+| `R` | Read only System Metadata |
+| `RW` | Read and write System Metadata |
+| `RWU` | Read and write System Metadata and read and write User Metadata |
 
-During the initial setup with `rclone config` you will specify the target
-remote. The target remote can either be a local path or another remote.
+See [the metadata docs](https://rclone.org/docs/#metadata) for more info.
 
-Subfolders can be used in target remote. Assume an alias remote named `backup`
-with the target `mydrive:private/backup`. Invoking `rclone mkdir backup:desktop`
-is exactly the same as invoking `rclone mkdir mydrive:private/backup/desktop`.
+## Optional Features ##
 
-There will be no special handling of paths containing `..` segments.
-Invoking `rclone mkdir backup:../desktop` is exactly the same as invoking
-`rclone mkdir mydrive:private/backup/../desktop`.
-The empty path is not allowed as a remote. To alias the current directory
-use `.` instead.
+All rclone remotes support a base command set. Other features depend
+upon backend-specific capabilities.
 
-The target remote can also be a [connection string](https://rclone.org/docs/#connection-strings). 
-This can be used to modify the config of a remote for different uses, e.g.
-the alias  `myDriveTrash` with the target remote `myDrive,trashed_only:` 
-can be used to only show the trashed files in `myDrive`.
+| Name                         | Purge | Copy | Move | DirMove | CleanUp | ListR | StreamUpload | MultithreadUpload | LinkSharing  | About | EmptyDir |
+| ---------------------------- |:-----:|:----:|:----:|:-------:|:-------:|:-----:|:------------:|:------------------|:------------:|:-----:|:--------:|
+| 1Fichier                     | No    | Yes  | Yes  | No      | No      | No    | No           | No                | Yes          | No    | Yes      |
+| Akamai Netstorage            | Yes   | No   | No   | No      | No      | Yes   | Yes          | No                | No           | No    | Yes      |
+| Amazon Drive                 | Yes   | No   | Yes  | Yes     | No      | No    | No           | No                | No           | No    | Yes      |
+| Amazon S3 (or S3 compatible) | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes               | Yes          | No    | No       |
+| Backblaze B2                 | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes               | Yes          | No    | No       |
+| Box                          | Yes   | Yes  | Yes  | Yes     | Yes     | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Citrix ShareFile             | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | No    | Yes      |
+| Dropbox                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Enterprise File Fabric       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | No           | No    | Yes      |
+| FTP                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | No                | No           | No    | Yes      |
+| Google Cloud Storage         | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | No                | No           | No    | No       |
+| Google Drive                 | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | No                | Yes          | Yes   | Yes      |
+| Google Photos                | No    | No   | No   | No      | No      | No    | No           | No                | No           | No    | No       |
+| HDFS                         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | No                | No           | Yes   | Yes      |
+| HiDrive                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | No           | No    | Yes      |
+| HTTP                         | No    | No   | No   | No      | No      | No    | No           | No                | No           | No    | Yes      |
+| Internet Archive             | No    | Yes  | No   | No      | Yes     | Yes   | No           | No                | Yes          | Yes   | No       |
+| Jottacloud                   | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | No           | No                | Yes          | Yes   | Yes      |
+| Koofr                        | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Mail.ru Cloud                | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| Mega                         | Yes   | No   | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| Memory                       | No    | Yes  | No   | No      | No      | Yes   | Yes          | No                | No           | No    | No       |
+| Microsoft Azure Blob Storage | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | Yes               | No           | No    | No       |
+| Microsoft Azure Files Storage | No   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes               | No           | Yes   | Yes      |
+| Microsoft OneDrive           | Yes   | Yes  | Yes  | Yes     | Yes     | Yes ⁵ | No           | No                | Yes          | Yes   | Yes      |
+| OpenDrive                    | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | No    | Yes      |
+| OpenStack Swift              | Yes ¹ | Yes  | No   | No      | No      | Yes   | Yes          | No                | No           | Yes   | No       |
+| Oracle Object Storage        | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes               | No           | No    | No       |
+| pCloud                       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| PikPak                       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| premiumize.me                | Yes   | No   | Yes  | Yes     | No      | No    | No           | No                | Yes          | Yes   | Yes      |
+| put.io                       | Yes   | No   | Yes  | Yes     | Yes     | No    | Yes          | No                | No           | Yes   | Yes      |
+| Proton Drive                 | Yes   | No   | Yes  | Yes     | Yes     | No    | No           | No                | No           | Yes   | Yes      |
+| QingStor                     | No    | Yes  | No   | No      | Yes     | Yes   | No           | No                | No           | No    | No       |
+| Quatrix by Maytech           | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | Yes   | Yes      |
+| Seafile                      | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | No                | Yes          | Yes   | Yes      |
+| SFTP                         | No    | Yes ⁴| Yes  | Yes     | No      | No    | Yes          | No                | No           | Yes   | Yes      |
+| Sia                          | No    | No   | No   | No      | No      | No    | Yes          | No                | No           | No    | Yes      |
+| SMB                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | Yes               | No           | No    | Yes      |
+| SugarSync                    | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | Yes          | No    | Yes      |
+| Storj                        | Yes ² | Yes  | Yes  | No      | No      | Yes   | Yes          | No                | Yes          | No    | No       |
+| Uptobox                      | No    | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | No    | No       |
+| WebDAV                       | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes ³        | No                | No           | Yes   | Yes      |
+| Yandex Disk                  | Yes   | Yes  | Yes  | Yes     | Yes     | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Zoho WorkDrive               | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | Yes   | Yes      |
+| The local filesystem         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | Yes               | No           | Yes   | Yes      |
+
+¹ Note Swift implements this in order to delete directory markers but
+it doesn't actually have a quicker way of deleting files other than
+deleting them individually.
 
-## Configuration
+² Storj implements this efficiently only for entire buckets. If
+purging a directory inside a bucket, files are deleted individually.
 
-Here is an example of how to make an alias called `remote` for local folder.
-First run:
+³ StreamUpload is not supported with Nextcloud
 
-     rclone config
+⁴ Use the `--sftp-copy-is-hardlink` flag to enable.
 
-This will guide you through an interactive setup process:
+⁵ Use the `--onedrive-delta` flag to enable.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Alias for an existing remote
-   \ "alias"
-[snip]
-Storage> alias
-Remote or path to alias.
-Can be "myremote:path/to/dir", "myremote:bucket", "myremote:" or "/local/path".
-remote> /mnt/storage/backup
-Remote config
---------------------
-[remote]
-remote = /mnt/storage/backup
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
+### Purge ###
 
-Name                 Type
-====                 ====
-remote               alias
+This deletes a directory quicker than just deleting all the files in
+the directory.
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
-```
+### Copy ###
 
-Once configured you can then use `rclone` like this,
+Used when copying an object to and from the same remote.  This known
+as a server-side copy so you can copy a file without downloading it
+and uploading it again.  It is used if you use `rclone copy` or
+`rclone move` if the remote doesn't support `Move` directly.
 
-List directories in top level in `/mnt/storage/backup`
+If the server doesn't support `Copy` directly then for copy operations
+the file is downloaded then re-uploaded.
 
-    rclone lsd remote:
+### Move ###
 
-List all the files in `/mnt/storage/backup`
+Used when moving/renaming an object on the same remote.  This is known
+as a server-side move of a file.  This is used in `rclone move` if the
+server doesn't support `DirMove`.
 
-    rclone ls remote:
+If the server isn't capable of `Move` then rclone simulates it with
+`Copy` then delete.  If the server doesn't support `Copy` then rclone
+will download the file and re-upload it.
 
-Copy another local directory to the alias directory called source
+### DirMove ###
 
-    rclone copy /home/source remote:source
+This is used to implement `rclone move` to move a directory if
+possible.  If it isn't then it will use `Move` on each file (which
+falls back to `Copy` then download and upload - see `Move` section).
 
+### CleanUp ###
 
-### Standard options
+This is used for emptying the trash for a remote by `rclone cleanup`.
 
-Here are the Standard options specific to alias (Alias for an existing remote).
+If the server can't do `CleanUp` then `rclone cleanup` will return an
+error.
 
-#### --alias-remote
+‡‡ Note that while Box implements this it has to delete every file
+individually so it will be slower than emptying the trash via the WebUI
 
-Remote or path to alias.
+### ListR ###
 
-Can be "myremote:path/to/dir", "myremote:bucket", "myremote:" or "/local/path".
+The remote supports a recursive list to list all the contents beneath
+a directory quickly.  This enables the `--fast-list` flag to work.
+See the [rclone docs](https://rclone.org/docs/#fast-list) for more details.
 
-Properties:
+### StreamUpload ###
 
-- Config:      remote
-- Env Var:     RCLONE_ALIAS_REMOTE
-- Type:        string
-- Required:    true
+Some remotes allow files to be uploaded without knowing the file size
+in advance. This allows certain operations to work without spooling the
+file to local disk first, e.g. `rclone rcat`.
 
+### MultithreadUpload ###
 
+Some remotes allow transfers to the remote to be sent as chunks in
+parallel. If this is supported then rclone will use multi-thread
+copying to transfer files much faster.
 
-#  Amazon Drive
+### LinkSharing ###
 
-Amazon Drive, formerly known as Amazon Cloud Drive, is a cloud storage
-service run by Amazon for consumers.
+Sets the necessary permissions on a file or folder and prints a link
+that allows others to access them, even if they don't have an account
+on the particular cloud provider.
 
-## Status
+### About ###
 
-**Important:** rclone supports Amazon Drive only if you have your own
-set of API keys. Unfortunately the [Amazon Drive developer
-program](https://developer.amazon.com/amazon-drive) is now closed to
-new entries so if you don't already have your own set of keys you will
-not be able to use rclone with Amazon Drive.
+Rclone `about` prints quota information for a remote. Typical output
+includes bytes used, free, quota and in trash.
 
-For the history on why rclone no longer has a set of Amazon Drive API
-keys see [the forum](https://forum.rclone.org/t/rclone-has-been-banned-from-amazon-drive/2314).
+If a remote lacks about capability `rclone about remote:`returns
+an error.
 
-If you happen to know anyone who works at Amazon then please ask them
-to re-instate rclone into the Amazon Drive developer program - thanks!
+Backends without about capability cannot determine free space for an
+rclone mount, or use policy `mfs` (most free space) as a member of an
+rclone union remote.
 
-## Configuration
+See [rclone about command](https://rclone.org/commands/rclone_about/)
 
-The initial setup for Amazon Drive involves getting a token from
-Amazon which you need to do in your browser.  `rclone config` walks
-you through it.
+### EmptyDir ###
 
-The configuration process for Amazon Drive may involve using an [oauth
-proxy](https://github.com/ncw/oauthproxy). This is used to keep the
-Amazon credentials out of the source code.  The proxy runs in Google's
-very secure App Engine environment and doesn't store any credentials
-which pass through it.
+The remote supports empty directories. See [Limitations](https://rclone.org/bugs/#limitations)
+ for details. Most Object/Bucket-based remotes do not support this.
 
-Since rclone doesn't currently have its own Amazon Drive credentials
-so you will either need to have your own `client_id` and
-`client_secret` with Amazon Drive, or use a third-party oauth proxy
-in which case you will need to enter `client_id`, `client_secret`,
-`auth_url` and `token_url`.
+# Global Flags
 
-Note also if you are not using Amazon's `auth_url` and `token_url`,
-(ie you filled in something for those) then if setting up on a remote
-machine you can only use the [copying the config method of
-configuration](https://rclone.org/remote_setup/#configuring-by-copying-the-config-file)
-- `rclone authorize` will not work.
+This describes the global flags available to every rclone command
+split into groups.
 
-Here is an example of how to make a remote called `remote`.  First run:
 
-     rclone config
+## Copy
 
-This will guide you through an interactive setup process:
+Flags for anything which can Copy a file.
 
 ```
-No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon Drive
-   \ "amazon cloud drive"
-[snip]
-Storage> amazon cloud drive
-Amazon Application Client Id - required.
-client_id> your client ID goes here
-Amazon Application Client Secret - required.
-client_secret> your client secret goes here
-Auth server URL - leave blank to use Amazon's.
-auth_url> Optional auth URL
-Token server url - leave blank to use Amazon's.
-token_url> Optional token URL
-Remote config
-Make sure your Redirect URL is set to "http://127.0.0.1:53682/" in your custom config.
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-client_id = your client ID goes here
-client_secret = your client secret goes here
-auth_url = Optional auth URL
-token_url = Optional token URL
-token = {"access_token":"xxxxxxxxxxxxxxxxxxxxxxx","token_type":"bearer","refresh_token":"xxxxxxxxxxxxxxxxxx","expiry":"2015-09-06T16:07:39.658438471+01:00"}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
 ```
 
-See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
-machine with no Internet browser available.
-
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Amazon. This only runs from the moment it
-opens your browser to the moment you get back the verification
-code.  This is on `http://127.0.0.1:53682/` and this it may require
-you to unblock it temporarily if you are running a host firewall.
 
-Once configured you can then use `rclone` like this,
+## Sync
 
-List directories in top level of your Amazon Drive
+Flags just used for `rclone sync`.
 
-    rclone lsd remote:
+```
+      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
+```
 
-List all the files in your Amazon Drive
 
-    rclone ls remote:
+## Important
 
-To copy a local directory to an Amazon Drive directory called backup
+Important flags useful for most commands.
 
-    rclone copy /home/source remote:backup
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
 
-### Modified time and MD5SUMs
 
-Amazon Drive doesn't allow modification times to be changed via
-the API so these won't be accurate or used for syncing.
+## Check
 
-It does store MD5SUMs so for a more accurate sync, you can use the
-`--checksum` flag.
+Flags used for `rclone check`.
 
-### Restricted filename characters
+```
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+```
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| NUL       | 0x00  | ␀           |
-| /         | 0x2F  | ／          |
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+## Networking
 
-### Deleting files
+General networking and HTTP stuff.
 
-Any files you delete with rclone will end up in the trash.  Amazon
-don't provide an API to permanently delete files, nor to empty the
-trash, so you will have to do that with one of Amazon's apps or via
-the Amazon Drive website. As of November 17, 2016, files are
-automatically deleted by Amazon from the trash after 30 days.
+```
+      --bind string                        Local address to bind to for outgoing connections, IPv4, IPv6 or name
+      --bwlimit BwTimetable                Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --bwlimit-file BwTimetable           Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --ca-cert stringArray                CA certificate used to verify servers
+      --client-cert string                 Client SSL certificate (PEM) for mutual TLS auth
+      --client-key string                  Client SSL private key (PEM) for mutual TLS auth
+      --contimeout Duration                Connect timeout (default 1m0s)
+      --disable-http-keep-alives           Disable HTTP keep-alives and use each connection once.
+      --disable-http2                      Disable HTTP/2 in the global transport
+      --dscp string                        Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
+      --expect-continue-timeout Duration   Timeout when using expect / 100-continue in HTTP (default 1s)
+      --header stringArray                 Set HTTP header for all transactions
+      --header-download stringArray        Set HTTP header for download transactions
+      --header-upload stringArray          Set HTTP header for upload transactions
+      --no-check-certificate               Do not verify the server SSL certificate (insecure)
+      --no-gzip-encoding                   Don't set Accept-Encoding: gzip
+      --timeout Duration                   IO idle timeout (default 5m0s)
+      --tpslimit float                     Limit HTTP transactions per second to this
+      --tpslimit-burst int                 Max burst of transactions for --tpslimit (default 1)
+      --use-cookies                        Enable session cookiejar
+      --user-agent string                  Set the user-agent to a specified string (default "rclone/v1.65.0")
+```
 
-### Using with non `.com` Amazon accounts
 
-Let's say you usually use `amazon.co.uk`. When you authenticate with
-rclone it will take you to an `amazon.com` page to log in.  Your
-`amazon.co.uk` email and password should work here just fine.
+## Performance
 
+Flags helpful for increasing performance.
 
-### Standard options
+```
+      --buffer-size SizeSuffix   In memory buffer size when reading files for each --transfer (default 16Mi)
+      --checkers int             Number of checkers to run in parallel (default 8)
+      --transfers int            Number of file transfers to run in parallel (default 4)
+```
 
-Here are the Standard options specific to amazon cloud drive (Amazon Drive).
 
-#### --acd-client-id
+## Config
 
-OAuth Client Id.
+General configuration of rclone.
 
-Leave blank normally.
+```
+      --ask-password                        Allow prompt for password for encrypted configuration (default true)
+      --auto-confirm                        If enabled, do not request console confirmation
+      --cache-dir string                    Directory rclone will use for caching (default "$HOME/.cache/rclone")
+      --color AUTO|NEVER|ALWAYS             When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default AUTO)
+      --config string                       Config file (default "$HOME/.config/rclone/rclone.conf")
+      --default-time Time                   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --disable string                      Disable a comma separated list of features (use --disable help to see a list)
+  -n, --dry-run                             Do a trial run with no permanent changes
+      --error-on-no-transfer                Sets exit code 9 if no files are transferred, useful in scripts
+      --fs-cache-expire-duration Duration   Cache remotes for this long (0 to disable caching) (default 5m0s)
+      --fs-cache-expire-interval Duration   Interval to check for expired remotes (default 1m0s)
+      --human-readable                      Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
+  -i, --interactive                         Enable interactive mode
+      --kv-lock-time Duration               Maximum time to keep key-value database locked by process (default 1s)
+      --low-level-retries int               Number of low level retries to do (default 10)
+      --no-console                          Hide console window (supported on Windows only)
+      --no-unicode-normalization            Don't normalize unicode characters in filenames
+      --password-command SpaceSepList       Command for supplying password for encrypted configuration
+      --retries int                         Retry operations this many times if they fail (default 3)
+      --retries-sleep Duration              Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
+      --temp-dir string                     Directory rclone will use for temporary files (default "/tmp")
+      --use-mmap                            Use mmap allocator (see docs)
+      --use-server-modtime                  Use server modified time instead of object metadata
+```
 
-Properties:
 
-- Config:      client_id
-- Env Var:     RCLONE_ACD_CLIENT_ID
-- Type:        string
-- Required:    false
+## Debugging
 
-#### --acd-client-secret
+Flags for developers.
 
-OAuth Client Secret.
+```
+      --cpuprofile string   Write cpu profile to file
+      --dump DumpFlags      List of items to dump from: headers, bodies, requests, responses, auth, filters, goroutines, openfiles, mapper
+      --dump-bodies         Dump HTTP headers and bodies - may contain sensitive info
+      --dump-headers        Dump HTTP headers - may contain sensitive info
+      --memprofile string   Write memory profile to file
+```
 
-Leave blank normally.
 
-Properties:
+## Filter
 
-- Config:      client_secret
-- Env Var:     RCLONE_ACD_CLIENT_SECRET
-- Type:        string
-- Required:    false
+Flags for filtering directory listings.
 
-### Advanced options
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
 
-Here are the Advanced options specific to amazon cloud drive (Amazon Drive).
 
-#### --acd-token
+## Listing
 
-OAuth Access Token as a JSON blob.
+Flags for listing directories.
 
-Properties:
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
 
-- Config:      token
-- Env Var:     RCLONE_ACD_TOKEN
-- Type:        string
-- Required:    false
 
-#### --acd-auth-url
+## Logging
 
-Auth server URL.
+Logging and statistics.
 
-Leave blank to use the provider defaults.
+```
+      --log-file string                     Log everything to this file
+      --log-format string                   Comma separated list of log format options (default "date,time")
+      --log-level LogLevel                  Log level DEBUG|INFO|NOTICE|ERROR (default NOTICE)
+      --log-systemd                         Activate systemd integration for the logger
+      --max-stats-groups int                Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
+  -P, --progress                            Show progress during transfer
+      --progress-terminal-title             Show progress on the terminal title (requires -P/--progress)
+  -q, --quiet                               Print as little stuff as possible
+      --stats Duration                      Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
+      --stats-file-name-length int          Max file name length in stats (0 for no limit) (default 45)
+      --stats-log-level LogLevel            Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default INFO)
+      --stats-one-line                      Make the stats fit on one line
+      --stats-one-line-date                 Enable --stats-one-line and add current date/time prefix
+      --stats-one-line-date-format string   Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes ("), see https://golang.org/pkg/time/#Time.Format
+      --stats-unit string                   Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
+      --syslog                              Use Syslog for logging
+      --syslog-facility string              Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
+      --use-json-log                        Use json log format
+  -v, --verbose count                       Print lots more stuff (repeat for more)
+```
+
+
+## Metadata
+
+Flags to control metadata.
+
+```
+  -M, --metadata                            If set, preserve metadata when copying objects
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --metadata-mapper SpaceSepList        Program to run to transforming metadata before upload
+      --metadata-set stringArray            Add metadata key=value when uploading
+```
+
+
+## RC
+
+Flags to control the Remote Control API.
+
+```
+      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
+      --rc-no-auth                         Don't require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default "dlPL2MqE")
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don't open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui
+```
+
+
+## Backend
+
+Backend only flags. These can be set in the config file also.
+
+```
+      --acd-auth-url string                                 Auth server URL
+      --acd-client-id string                                OAuth Client Id
+      --acd-client-secret string                            OAuth Client Secret
+      --acd-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --acd-templink-threshold SizeSuffix                   Files >= this size will be downloaded via their tempLink (default 9Gi)
+      --acd-token string                                    OAuth Access Token as a JSON blob
+      --acd-token-url string                                Token server url
+      --acd-upload-wait-per-gb Duration                     Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
+      --alias-remote string                                 Remote or path to alias
+      --azureblob-access-tier string                        Access tier of blob: hot, cool, cold or archive
+      --azureblob-account string                            Azure Storage Account Name
+      --azureblob-archive-tier-delete                       Delete archive tier blobs before overwriting
+      --azureblob-chunk-size SizeSuffix                     Upload chunk size (default 4Mi)
+      --azureblob-client-certificate-password string        Password for the certificate file (optional) (obscured)
+      --azureblob-client-certificate-path string            Path to a PEM or PKCS12 certificate file including the private key
+      --azureblob-client-id string                          The ID of the client in use
+      --azureblob-client-secret string                      One of the service principal's client secrets
+      --azureblob-client-send-certificate-chain             Send the certificate chain when using certificate auth
+      --azureblob-directory-markers                         Upload an empty object with a trailing slash when a new directory is created
+      --azureblob-disable-checksum                          Don't store MD5 checksum with object metadata
+      --azureblob-encoding Encoding                         The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
+      --azureblob-endpoint string                           Endpoint for the service
+      --azureblob-env-auth                                  Read credentials from runtime (environment variables, CLI or MSI)
+      --azureblob-key string                                Storage Account Shared Key
+      --azureblob-list-chunk int                            Size of blob list (default 5000)
+      --azureblob-msi-client-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-msi-mi-res-id string                      Azure resource ID of the user-assigned MSI to use, if any
+      --azureblob-msi-object-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-no-check-container                        If set, don't attempt to check the container exists or create it
+      --azureblob-no-head-object                            If set, do not do HEAD before GET when getting objects
+      --azureblob-password string                           The user's password (obscured)
+      --azureblob-public-access string                      Public access level of a container: blob or container
+      --azureblob-sas-url string                            SAS URL for container level access only
+      --azureblob-service-principal-file string             Path to file containing credentials for use with a service principal
+      --azureblob-tenant string                             ID of the service principal's tenant. Also called its directory ID
+      --azureblob-upload-concurrency int                    Concurrency for multipart uploads (default 16)
+      --azureblob-upload-cutoff string                      Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
+      --azureblob-use-emulator                              Uses local storage emulator if provided as 'true'
+      --azureblob-use-msi                                   Use a managed service identity to authenticate (only works in Azure)
+      --azureblob-username string                           User name (usually an email address)
+      --azurefiles-account string                           Azure Storage Account Name
+      --azurefiles-chunk-size SizeSuffix                    Upload chunk size (default 4Mi)
+      --azurefiles-client-certificate-password string       Password for the certificate file (optional) (obscured)
+      --azurefiles-client-certificate-path string           Path to a PEM or PKCS12 certificate file including the private key
+      --azurefiles-client-id string                         The ID of the client in use
+      --azurefiles-client-secret string                     One of the service principal's client secrets
+      --azurefiles-client-send-certificate-chain            Send the certificate chain when using certificate auth
+      --azurefiles-connection-string string                 Azure Files Connection String
+      --azurefiles-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot)
+      --azurefiles-endpoint string                          Endpoint for the service
+      --azurefiles-env-auth                                 Read credentials from runtime (environment variables, CLI or MSI)
+      --azurefiles-key string                               Storage Account Shared Key
+      --azurefiles-max-stream-size SizeSuffix               Max size for streamed files (default 10Gi)
+      --azurefiles-msi-client-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-mi-res-id string                     Azure resource ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-object-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-password string                          The user's password (obscured)
+      --azurefiles-sas-url string                           SAS URL
+      --azurefiles-service-principal-file string            Path to file containing credentials for use with a service principal
+      --azurefiles-share-name string                        Azure Files Share Name
+      --azurefiles-tenant string                            ID of the service principal's tenant. Also called its directory ID
+      --azurefiles-upload-concurrency int                   Concurrency for multipart uploads (default 16)
+      --azurefiles-use-msi                                  Use a managed service identity to authenticate (only works in Azure)
+      --azurefiles-username string                          User name (usually an email address)
+      --b2-account string                                   Account ID or Application Key ID
+      --b2-chunk-size SizeSuffix                            Upload chunk size (default 96Mi)
+      --b2-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4Gi)
+      --b2-disable-checksum                                 Disable checksums for large (> upload cutoff) files
+      --b2-download-auth-duration Duration                  Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
+      --b2-download-url string                              Custom endpoint for downloads
+      --b2-encoding Encoding                                The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --b2-endpoint string                                  Endpoint for the service
+      --b2-hard-delete                                      Permanently delete files on remote removal, otherwise hide files
+      --b2-key string                                       Application Key
+      --b2-lifecycle int                                    Set the number of days deleted files should be kept when creating a bucket
+      --b2-test-mode string                                 A flag string for X-Bz-Test-Mode header for debugging
+      --b2-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --b2-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --b2-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --b2-versions                                         Include old versions in directory listings
+      --box-access-token string                             Box App Primary Access Token
+      --box-auth-url string                                 Auth server URL
+      --box-box-config-file string                          Box App config.json location
+      --box-box-sub-type string                              (default "user")
+      --box-client-id string                                OAuth Client Id
+      --box-client-secret string                            OAuth Client Secret
+      --box-commit-retries int                              Max number of times to try committing a multipart file (default 100)
+      --box-encoding Encoding                               The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
+      --box-impersonate string                              Impersonate this user ID when using a service account
+      --box-list-chunk int                                  Size of listing chunk 1-1000 (default 1000)
+      --box-owned-by string                                 Only show items owned by the login (email address) passed in
+      --box-root-folder-id string                           Fill in for rclone to use a non root folder as its starting point
+      --box-token string                                    OAuth Access Token as a JSON blob
+      --box-token-url string                                Token server url
+      --box-upload-cutoff SizeSuffix                        Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
+      --cache-chunk-clean-interval Duration                 How often should the cache perform cleanups of the chunk storage (default 1m0s)
+      --cache-chunk-no-memory                               Disable the in-memory cache for storing chunks during streaming
+      --cache-chunk-path string                             Directory to cache chunk files (default "$HOME/.cache/rclone/cache-backend")
+      --cache-chunk-size SizeSuffix                         The size of a chunk (partial file data) (default 5Mi)
+      --cache-chunk-total-size SizeSuffix                   The total size that the chunks can take up on the local disk (default 10Gi)
+      --cache-db-path string                                Directory to store file structure metadata DB (default "$HOME/.cache/rclone/cache-backend")
+      --cache-db-purge                                      Clear all the cached data for this remote on start
+      --cache-db-wait-time Duration                         How long to wait for the DB to be available - 0 is unlimited (default 1s)
+      --cache-info-age Duration                             How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
+      --cache-plex-insecure string                          Skip all certificate verification when connecting to the Plex server
+      --cache-plex-password string                          The password of the Plex user (obscured)
+      --cache-plex-url string                               The URL of the Plex server
+      --cache-plex-username string                          The username of the Plex user
+      --cache-read-retries int                              How many times to retry a read from a cache storage (default 10)
+      --cache-remote string                                 Remote to cache
+      --cache-rps int                                       Limits the number of requests per second to the source FS (-1 to disable) (default -1)
+      --cache-tmp-upload-path string                        Directory to keep temporary files until they are uploaded
+      --cache-tmp-wait-time Duration                        How long should files be stored in local cache before being uploaded (default 15s)
+      --cache-workers int                                   How many workers should run in parallel to download chunks (default 4)
+      --cache-writes                                        Cache file data on writes through the FS
+      --chunker-chunk-size SizeSuffix                       Files larger than chunk size will be split in chunks (default 2Gi)
+      --chunker-fail-hard                                   Choose how chunker should handle files with missing or invalid chunks
+      --chunker-hash-type string                            Choose how chunker handles hash sums (default "md5")
+      --chunker-remote string                               Remote to chunk/unchunk
+      --combine-upstreams SpaceSepList                      Upstreams for combining
+      --compress-level int                                  GZIP compression level (-2 to 9) (default -1)
+      --compress-mode string                                Compression mode (default "gzip")
+      --compress-ram-cache-limit SizeSuffix                 Some remotes don't allow the upload of files with unknown size (default 20Mi)
+      --compress-remote string                              Remote to compress
+  -L, --copy-links                                          Follow symlinks and copy the pointed to item
+      --crypt-directory-name-encryption                     Option to either encrypt directory names or leave them intact (default true)
+      --crypt-filename-encoding string                      How to encode the encrypted filename to text string (default "base32")
+      --crypt-filename-encryption string                    How to encrypt the filenames (default "standard")
+      --crypt-no-data-encryption                            Option to either encrypt file data or leave it unencrypted
+      --crypt-pass-bad-blocks                               If set this will pass bad blocks through as all 0
+      --crypt-password string                               Password or pass phrase for encryption (obscured)
+      --crypt-password2 string                              Password or pass phrase for salt (obscured)
+      --crypt-remote string                                 Remote to encrypt/decrypt
+      --crypt-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --crypt-show-mapping                                  For all files listed show how the names encrypt
+      --crypt-suffix string                                 If this is set it will override the default suffix of ".bin" (default ".bin")
+      --drive-acknowledge-abuse                             Set to allow files which return cannotDownloadAbusiveFile to be downloaded
+      --drive-allow-import-name-change                      Allow the filetype to change when uploading Google docs
+      --drive-auth-owner-only                               Only consider files owned by the authenticated user
+      --drive-auth-url string                               Auth server URL
+      --drive-chunk-size SizeSuffix                         Upload chunk size (default 8Mi)
+      --drive-client-id string                              Google Application Client Id
+      --drive-client-secret string                          OAuth Client Secret
+      --drive-copy-shortcut-content                         Server side copy contents of shortcuts instead of the shortcut
+      --drive-disable-http2                                 Disable drive using http2 (default true)
+      --drive-encoding Encoding                             The encoding for the backend (default InvalidUtf8)
+      --drive-env-auth                                      Get IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --drive-export-formats string                         Comma separated list of preferred formats for downloading Google docs (default "docx,xlsx,pptx,svg")
+      --drive-fast-list-bug-fix                             Work around a bug in Google Drive listing (default true)
+      --drive-formats string                                Deprecated: See export_formats
+      --drive-impersonate string                            Impersonate this user when using a service account
+      --drive-import-formats string                         Comma separated list of preferred formats for uploading Google docs
+      --drive-keep-revision-forever                         Keep new head revision of each file forever
+      --drive-list-chunk int                                Size of listing chunk 100-1000, 0 to disable (default 1000)
+      --drive-metadata-labels Bits                          Control whether labels should be read or written in metadata (default off)
+      --drive-metadata-owner Bits                           Control whether owner should be read or written in metadata (default read)
+      --drive-metadata-permissions Bits                     Control whether permissions should be read or written in metadata (default off)
+      --drive-pacer-burst int                               Number of API calls to allow without sleeping (default 100)
+      --drive-pacer-min-sleep Duration                      Minimum time to sleep between API calls (default 100ms)
+      --drive-resource-key string                           Resource key for accessing a link-shared file
+      --drive-root-folder-id string                         ID of the root folder
+      --drive-scope string                                  Comma separated list of scopes that rclone should use when requesting access from drive
+      --drive-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --drive-service-account-credentials string            Service Account Credentials JSON blob
+      --drive-service-account-file string                   Service Account Credentials JSON file path
+      --drive-shared-with-me                                Only show files that are shared with me
+      --drive-show-all-gdocs                                Show all Google Docs including non-exportable ones in listings
+      --drive-size-as-quota                                 Show sizes as storage quota usage, not actual size
+      --drive-skip-checksum-gphotos                         Skip checksums on Google photos and videos only
+      --drive-skip-dangling-shortcuts                       If set skip dangling shortcut files
+      --drive-skip-gdocs                                    Skip google documents in all listings
+      --drive-skip-shortcuts                                If set skip shortcut files
+      --drive-starred-only                                  Only show files that are starred
+      --drive-stop-on-download-limit                        Make download limit errors be fatal
+      --drive-stop-on-upload-limit                          Make upload limit errors be fatal
+      --drive-team-drive string                             ID of the Shared Drive (Team Drive)
+      --drive-token string                                  OAuth Access Token as a JSON blob
+      --drive-token-url string                              Token server url
+      --drive-trashed-only                                  Only show files that are in the trash
+      --drive-upload-cutoff SizeSuffix                      Cutoff for switching to chunked upload (default 8Mi)
+      --drive-use-created-date                              Use file created date instead of modified date
+      --drive-use-shared-date                               Use date file was shared instead of modified date
+      --drive-use-trash                                     Send files to the trash instead of deleting permanently (default true)
+      --drive-v2-download-min-size SizeSuffix               If Object's are greater, use drive v2 API to download (default off)
+      --dropbox-auth-url string                             Auth server URL
+      --dropbox-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --dropbox-batch-mode string                           Upload file batching sync|async|off (default "sync")
+      --dropbox-batch-size int                              Max number of files in upload batch
+      --dropbox-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --dropbox-chunk-size SizeSuffix                       Upload chunk size (< 150Mi) (default 48Mi)
+      --dropbox-client-id string                            OAuth Client Id
+      --dropbox-client-secret string                        OAuth Client Secret
+      --dropbox-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
+      --dropbox-impersonate string                          Impersonate this user when using a business account
+      --dropbox-pacer-min-sleep Duration                    Minimum time to sleep between API calls (default 10ms)
+      --dropbox-shared-files                                Instructs rclone to work on individual shared files
+      --dropbox-shared-folders                              Instructs rclone to work on shared folders
+      --dropbox-token string                                OAuth Access Token as a JSON blob
+      --dropbox-token-url string                            Token server url
+      --fichier-api-key string                              Your API Key, get it from https://1fichier.com/console/params.pl
+      --fichier-cdn                                         Set if you wish to use CDN download links
+      --fichier-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --fichier-file-password string                        If you want to download a shared file that is password protected, add this parameter (obscured)
+      --fichier-folder-password string                      If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
+      --fichier-shared-folder string                        If you want to download a shared folder, add this parameter
+      --filefabric-encoding Encoding                        The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --filefabric-permanent-token string                   Permanent Authentication Token
+      --filefabric-root-folder-id string                    ID of the root folder
+      --filefabric-token string                             Session Token
+      --filefabric-token-expiry string                      Token expiry time
+      --filefabric-url string                               URL of the Enterprise File Fabric to connect to
+      --filefabric-version string                           Version read from the file fabric
+      --ftp-ask-password                                    Allow asking for FTP password when needed
+      --ftp-close-timeout Duration                          Maximum time to wait for a response to close (default 1m0s)
+      --ftp-concurrency int                                 Maximum number of FTP simultaneous connections, 0 for unlimited
+      --ftp-disable-epsv                                    Disable using EPSV even if server advertises support
+      --ftp-disable-mlsd                                    Disable using MLSD even if server advertises support
+      --ftp-disable-tls13                                   Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+      --ftp-disable-utf8                                    Disable using UTF-8 even if server advertises support
+      --ftp-encoding Encoding                               The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
+      --ftp-explicit-tls                                    Use Explicit FTPS (FTP over TLS)
+      --ftp-force-list-hidden                               Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
+      --ftp-host string                                     FTP host to connect to
+      --ftp-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --ftp-no-check-certificate                            Do not verify the TLS certificate of the server
+      --ftp-pass string                                     FTP password (obscured)
+      --ftp-port int                                        FTP port number (default 21)
+      --ftp-shut-timeout Duration                           Maximum time to wait for data connection closing status (default 1m0s)
+      --ftp-socks-proxy string                              Socks 5 proxy host
+      --ftp-tls                                             Use Implicit FTPS (FTP over TLS)
+      --ftp-tls-cache-size int                              Size of TLS session cache for all control and data connections (default 32)
+      --ftp-user string                                     FTP username (default "$USER")
+      --ftp-writing-mdtm                                    Use MDTM to set modification time (VsFtpd quirk)
+      --gcs-anonymous                                       Access public buckets and objects without credentials
+      --gcs-auth-url string                                 Auth server URL
+      --gcs-bucket-acl string                               Access Control List for new buckets
+      --gcs-bucket-policy-only                              Access checks should use bucket-level IAM policies
+      --gcs-client-id string                                OAuth Client Id
+      --gcs-client-secret string                            OAuth Client Secret
+      --gcs-decompress                                      If set this will decompress gzip encoded objects
+      --gcs-directory-markers                               Upload an empty object with a trailing slash when a new directory is created
+      --gcs-encoding Encoding                               The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gcs-endpoint string                                 Endpoint for the service
+      --gcs-env-auth                                        Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --gcs-location string                                 Location for the newly created buckets
+      --gcs-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+      --gcs-object-acl string                               Access Control List for new objects
+      --gcs-project-number string                           Project number
+      --gcs-service-account-file string                     Service Account Credentials JSON file path
+      --gcs-storage-class string                            The storage class to use when storing objects in Google Cloud Storage
+      --gcs-token string                                    OAuth Access Token as a JSON blob
+      --gcs-token-url string                                Token server url
+      --gcs-user-project string                             User project
+      --gphotos-auth-url string                             Auth server URL
+      --gphotos-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --gphotos-batch-mode string                           Upload file batching sync|async|off (default "sync")
+      --gphotos-batch-size int                              Max number of files in upload batch
+      --gphotos-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --gphotos-client-id string                            OAuth Client Id
+      --gphotos-client-secret string                        OAuth Client Secret
+      --gphotos-encoding Encoding                           The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gphotos-include-archived                            Also view and download archived media
+      --gphotos-read-only                                   Set to make the Google Photos backend read only
+      --gphotos-read-size                                   Set to read the size of media items
+      --gphotos-start-year int                              Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
+      --gphotos-token string                                OAuth Access Token as a JSON blob
+      --gphotos-token-url string                            Token server url
+      --hasher-auto-size SizeSuffix                         Auto-update checksum for files smaller than this size (disabled by default)
+      --hasher-hashes CommaSepList                          Comma separated list of supported checksum types (default md5,sha1)
+      --hasher-max-age Duration                             Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
+      --hasher-remote string                                Remote to cache checksums for (e.g. myRemote:path)
+      --hdfs-data-transfer-protection string                Kerberos data transfer protection: authentication|integrity|privacy
+      --hdfs-encoding Encoding                              The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
+      --hdfs-namenode CommaSepList                          Hadoop name nodes and ports
+      --hdfs-service-principal-name string                  Kerberos service principal name for the namenode
+      --hdfs-username string                                Hadoop user name
+      --hidrive-auth-url string                             Auth server URL
+      --hidrive-chunk-size SizeSuffix                       Chunksize for chunked uploads (default 48Mi)
+      --hidrive-client-id string                            OAuth Client Id
+      --hidrive-client-secret string                        OAuth Client Secret
+      --hidrive-disable-fetching-member-count               Do not fetch number of objects in directories unless it is absolutely necessary
+      --hidrive-encoding Encoding                           The encoding for the backend (default Slash,Dot)
+      --hidrive-endpoint string                             Endpoint for the service (default "https://api.hidrive.strato.com/2.1")
+      --hidrive-root-prefix string                          The root/parent folder for all paths (default "/")
+      --hidrive-scope-access string                         Access permissions that rclone should use when requesting access from HiDrive (default "rw")
+      --hidrive-scope-role string                           User-level that rclone should use when requesting access from HiDrive (default "user")
+      --hidrive-token string                                OAuth Access Token as a JSON blob
+      --hidrive-token-url string                            Token server url
+      --hidrive-upload-concurrency int                      Concurrency for chunked uploads (default 4)
+      --hidrive-upload-cutoff SizeSuffix                    Cutoff/Threshold for chunked uploads (default 96Mi)
+      --http-headers CommaSepList                           Set HTTP headers for all transactions
+      --http-no-head                                        Don't use HEAD requests
+      --http-no-slash                                       Set this if the site doesn't end directories with /
+      --http-url string                                     URL of HTTP host to connect to
+      --imagekit-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket)
+      --imagekit-endpoint string                            You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-only-signed Restrict unsigned image URLs   If you have configured Restrict unsigned image URLs in your dashboard settings, set this to true
+      --imagekit-private-key string                         You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-public-key string                          You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-upload-tags string                         Tags to add to the uploaded files, e.g. "tag1,tag2"
+      --imagekit-versions                                   Include old versions in directory listings
+      --internetarchive-access-key-id string                IAS3 Access Key
+      --internetarchive-disable-checksum                    Don't ask the server to test against MD5 checksum calculated by rclone (default true)
+      --internetarchive-encoding Encoding                   The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
+      --internetarchive-endpoint string                     IAS3 Endpoint (default "https://s3.us.archive.org")
+      --internetarchive-front-endpoint string               Host of InternetArchive Frontend (default "https://archive.org")
+      --internetarchive-secret-access-key string            IAS3 Secret Key (password)
+      --internetarchive-wait-archive Duration               Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish (default 0s)
+      --jottacloud-auth-url string                          Auth server URL
+      --jottacloud-client-id string                         OAuth Client Id
+      --jottacloud-client-secret string                     OAuth Client Secret
+      --jottacloud-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
+      --jottacloud-hard-delete                              Delete files permanently rather than putting them into the trash
+      --jottacloud-md5-memory-limit SizeSuffix              Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
+      --jottacloud-no-versions                              Avoid server side versioning by deleting files and recreating files instead of overwriting them
+      --jottacloud-token string                             OAuth Access Token as a JSON blob
+      --jottacloud-token-url string                         Token server url
+      --jottacloud-trashed-only                             Only show files that are in the trash
+      --jottacloud-upload-resume-limit SizeSuffix           Files bigger than this can be resumed if the upload fail's (default 10Mi)
+      --koofr-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --koofr-endpoint string                               The Koofr API endpoint to use
+      --koofr-mountid string                                Mount ID of the mount to use
+      --koofr-password string                               Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
+      --koofr-provider string                               Choose your storage provider
+      --koofr-setmtime                                      Does the backend support setting modification time (default true)
+      --koofr-user string                                   Your user name
+      --linkbox-token string                                Token from https://www.linkbox.to/admin/account
+  -l, --links                                               Translate symlinks to/from regular files with a '.rclonelink' extension
+      --local-case-insensitive                              Force the filesystem to report itself as case insensitive
+      --local-case-sensitive                                Force the filesystem to report itself as case sensitive
+      --local-encoding Encoding                             The encoding for the backend (default Slash,Dot)
+      --local-no-check-updated                              Don't check to see if the files change during upload
+      --local-no-preallocate                                Disable preallocation of disk space for transferred files
+      --local-no-set-modtime                                Disable setting modtime
+      --local-no-sparse                                     Disable sparse files for multi-thread downloads
+      --local-nounc                                         Disable UNC (long path names) conversion on Windows
+      --local-unicode-normalization                         Apply unicode NFC normalization to paths and filenames
+      --local-zero-size-links                               Assume the Stat size of links is zero (and read them instead) (deprecated)
+      --mailru-auth-url string                              Auth server URL
+      --mailru-check-hash                                   What should copy do if file checksum is mismatched or invalid (default true)
+      --mailru-client-id string                             OAuth Client Id
+      --mailru-client-secret string                         OAuth Client Secret
+      --mailru-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --mailru-pass string                                  Password (obscured)
+      --mailru-speedup-enable                               Skip full upload if there is another file with same data hash (default true)
+      --mailru-speedup-file-patterns string                 Comma separated list of file name patterns eligible for speedup (put by hash) (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
+      --mailru-speedup-max-disk SizeSuffix                  This option allows you to disable speedup (put by hash) for large files (default 3Gi)
+      --mailru-speedup-max-memory SizeSuffix                Files larger than the size given below will always be hashed on disk (default 32Mi)
+      --mailru-token string                                 OAuth Access Token as a JSON blob
+      --mailru-token-url string                             Token server url
+      --mailru-user string                                  User name (usually email)
+      --mega-debug                                          Output more debug from Mega
+      --mega-encoding Encoding                              The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --mega-hard-delete                                    Delete files permanently rather than putting them into the trash
+      --mega-pass string                                    Password (obscured)
+      --mega-use-https                                      Use HTTPS for transfers
+      --mega-user string                                    User name
+      --netstorage-account string                           Set the NetStorage account name
+      --netstorage-host string                              Domain+path of NetStorage host to connect to
+      --netstorage-protocol string                          Select between HTTP or HTTPS protocol (default "https")
+      --netstorage-secret string                            Set the NetStorage account secret/G2O key for authentication (obscured)
+  -x, --one-file-system                                     Don't cross filesystem boundaries (unix/macOS only)
+      --onedrive-access-scopes SpaceSepList                 Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
+      --onedrive-auth-url string                            Auth server URL
+      --onedrive-av-override                                Allows download of files the server thinks has a virus
+      --onedrive-chunk-size SizeSuffix                      Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
+      --onedrive-client-id string                           OAuth Client Id
+      --onedrive-client-secret string                       OAuth Client Secret
+      --onedrive-delta                                      If set rclone will use delta listing to implement recursive listings
+      --onedrive-drive-id string                            The ID of the drive to use
+      --onedrive-drive-type string                          The type of the drive (personal | business | documentLibrary)
+      --onedrive-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --onedrive-expose-onenote-files                       Set to make OneNote files show up in directory listings
+      --onedrive-hash-type string                           Specify the hash in use for the backend (default "auto")
+      --onedrive-link-password string                       Set the password for links created by the link command
+      --onedrive-link-scope string                          Set the scope of the links created by the link command (default "anonymous")
+      --onedrive-link-type string                           Set the type of the links created by the link command (default "view")
+      --onedrive-list-chunk int                             Size of listing chunk (default 1000)
+      --onedrive-no-versions                                Remove all versions on modifying operations
+      --onedrive-region string                              Choose national cloud region for OneDrive (default "global")
+      --onedrive-root-folder-id string                      ID of the root folder
+      --onedrive-server-side-across-configs                 Deprecated: use --server-side-across-configs instead
+      --onedrive-token string                               OAuth Access Token as a JSON blob
+      --onedrive-token-url string                           Token server url
+      --oos-attempt-resume-upload                           If true attempt to resume previously started multipart upload for the object
+      --oos-chunk-size SizeSuffix                           Chunk size to use for uploading (default 5Mi)
+      --oos-compartment string                              Object storage compartment OCID
+      --oos-config-file string                              Path to OCI config file (default "~/.oci/config")
+      --oos-config-profile string                           Profile name inside the oci config file (default "Default")
+      --oos-copy-cutoff SizeSuffix                          Cutoff for switching to multipart copy (default 4.656Gi)
+      --oos-copy-timeout Duration                           Timeout for copy (default 1m0s)
+      --oos-disable-checksum                                Don't store MD5 checksum with object metadata
+      --oos-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --oos-endpoint string                                 Endpoint for Object storage API
+      --oos-leave-parts-on-error                            If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery
+      --oos-max-upload-parts int                            Maximum number of parts in a multipart upload (default 10000)
+      --oos-namespace string                                Object storage namespace
+      --oos-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+      --oos-provider string                                 Choose your Auth Provider (default "env_auth")
+      --oos-region string                                   Object storage Region
+      --oos-sse-customer-algorithm string                   If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm
+      --oos-sse-customer-key string                         To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+      --oos-sse-customer-key-file string                    To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+      --oos-sse-customer-key-sha256 string                  If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+      --oos-sse-kms-key-id string                           if using your own master key in vault, this header specifies the
+      --oos-storage-tier string                             The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default "Standard")
+      --oos-upload-concurrency int                          Concurrency for multipart uploads (default 10)
+      --oos-upload-cutoff SizeSuffix                        Cutoff for switching to chunked upload (default 200Mi)
+      --opendrive-chunk-size SizeSuffix                     Files will be uploaded in chunks this size (default 10Mi)
+      --opendrive-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
+      --opendrive-password string                           Password (obscured)
+      --opendrive-username string                           Username
+      --pcloud-auth-url string                              Auth server URL
+      --pcloud-client-id string                             OAuth Client Id
+      --pcloud-client-secret string                         OAuth Client Secret
+      --pcloud-encoding Encoding                            The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --pcloud-hostname string                              Hostname to connect to (default "api.pcloud.com")
+      --pcloud-password string                              Your pcloud password (obscured)
+      --pcloud-root-folder-id string                        Fill in for rclone to use a non root folder as its starting point (default "d0")
+      --pcloud-token string                                 OAuth Access Token as a JSON blob
+      --pcloud-token-url string                             Token server url
+      --pcloud-username string                              Your pcloud username
+      --pikpak-auth-url string                              Auth server URL
+      --pikpak-client-id string                             OAuth Client Id
+      --pikpak-client-secret string                         OAuth Client Secret
+      --pikpak-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --pikpak-hash-memory-limit SizeSuffix                 Files bigger than this will be cached on disk to calculate hash if required (default 10Mi)
+      --pikpak-pass string                                  Pikpak password (obscured)
+      --pikpak-root-folder-id string                        ID of the root folder
+      --pikpak-token string                                 OAuth Access Token as a JSON blob
+      --pikpak-token-url string                             Token server url
+      --pikpak-trashed-only                                 Only show files that are in the trash
+      --pikpak-use-trash                                    Send files to the trash instead of deleting permanently (default true)
+      --pikpak-user string                                  Pikpak username
+      --premiumizeme-auth-url string                        Auth server URL
+      --premiumizeme-client-id string                       OAuth Client Id
+      --premiumizeme-client-secret string                   OAuth Client Secret
+      --premiumizeme-encoding Encoding                      The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --premiumizeme-token string                           OAuth Access Token as a JSON blob
+      --premiumizeme-token-url string                       Token server url
+      --protondrive-2fa string                              The 2FA code
+      --protondrive-app-version string                      The app version string (default "macos-drive@1.0.0-alpha.1+rclone")
+      --protondrive-enable-caching                          Caches the files and folders metadata to reduce API calls (default true)
+      --protondrive-encoding Encoding                       The encoding for the backend (default Slash,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --protondrive-mailbox-password string                 The mailbox password of your two-password proton account (obscured)
+      --protondrive-original-file-size                      Return the file size before encryption (default true)
+      --protondrive-password string                         The password of your proton account (obscured)
+      --protondrive-replace-existing-draft                  Create a new revision when filename conflict is detected
+      --protondrive-username string                         The username of your proton account
+      --putio-auth-url string                               Auth server URL
+      --putio-client-id string                              OAuth Client Id
+      --putio-client-secret string                          OAuth Client Secret
+      --putio-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --putio-token string                                  OAuth Access Token as a JSON blob
+      --putio-token-url string                              Token server url
+      --qingstor-access-key-id string                       QingStor Access Key ID
+      --qingstor-chunk-size SizeSuffix                      Chunk size to use for uploading (default 4Mi)
+      --qingstor-connection-retries int                     Number of connection retries (default 3)
+      --qingstor-encoding Encoding                          The encoding for the backend (default Slash,Ctl,InvalidUtf8)
+      --qingstor-endpoint string                            Enter an endpoint URL to connection QingStor API
+      --qingstor-env-auth                                   Get QingStor credentials from runtime
+      --qingstor-secret-access-key string                   QingStor Secret Access Key (password)
+      --qingstor-upload-concurrency int                     Concurrency for multipart uploads (default 1)
+      --qingstor-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
+      --qingstor-zone string                                Zone to connect to
+      --quatrix-api-key string                              API key for accessing Quatrix account
+      --quatrix-effective-upload-time string                Wanted upload time for one chunk (default "4s")
+      --quatrix-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --quatrix-hard-delete                                 Delete files permanently rather than putting them into the trash
+      --quatrix-host string                                 Host name of Quatrix account
+      --quatrix-maximal-summary-chunk-size SizeSuffix       The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size' (default 95.367Mi)
+      --quatrix-minimal-chunk-size SizeSuffix               The minimal size for one chunk (default 9.537Mi)
+      --s3-access-key-id string                             AWS Access Key ID
+      --s3-acl string                                       Canned ACL used when creating buckets and storing or copying objects
+      --s3-bucket-acl string                                Canned ACL used when creating buckets
+      --s3-chunk-size SizeSuffix                            Chunk size to use for uploading (default 5Mi)
+      --s3-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4.656Gi)
+      --s3-decompress                                       If set this will decompress gzip encoded objects
+      --s3-directory-markers                                Upload an empty object with a trailing slash when a new directory is created
+      --s3-disable-checksum                                 Don't store MD5 checksum with object metadata
+      --s3-disable-http2                                    Disable usage of http2 for S3 backends
+      --s3-download-url string                              Custom endpoint for downloads
+      --s3-encoding Encoding                                The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --s3-endpoint string                                  Endpoint for S3 API
+      --s3-env-auth                                         Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
+      --s3-force-path-style                                 If true use path style access if false use virtual hosted style (default true)
+      --s3-leave-parts-on-error                             If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
+      --s3-list-chunk int                                   Size of listing chunk (response list for each ListObject S3 request) (default 1000)
+      --s3-list-url-encode Tristate                         Whether to url encode listings: true/false/unset (default unset)
+      --s3-list-version int                                 Version of ListObjects to use: 1,2 or 0 for auto
+      --s3-location-constraint string                       Location constraint - must be set to match the Region
+      --s3-max-upload-parts int                             Maximum number of parts in a multipart upload (default 10000)
+      --s3-might-gzip Tristate                              Set this if the backend might gzip objects (default unset)
+      --s3-no-check-bucket                                  If set, don't attempt to check the bucket exists or create it
+      --s3-no-head                                          If set, don't HEAD uploaded objects to check integrity
+      --s3-no-head-object                                   If set, do not do HEAD before GET when getting objects
+      --s3-no-system-metadata                               Suppress setting and reading of system metadata
+      --s3-profile string                                   Profile to use in the shared credentials file
+      --s3-provider string                                  Choose your S3 provider
+      --s3-region string                                    Region to connect to
+      --s3-requester-pays                                   Enables requester pays option when interacting with S3 bucket
+      --s3-secret-access-key string                         AWS Secret Access Key (password)
+      --s3-server-side-encryption string                    The server-side encryption algorithm used when storing this object in S3
+      --s3-session-token string                             An AWS session token
+      --s3-shared-credentials-file string                   Path to the shared credentials file
+      --s3-sse-customer-algorithm string                    If using SSE-C, the server-side encryption algorithm used when storing this object in S3
+      --s3-sse-customer-key string                          To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
+      --s3-sse-customer-key-base64 string                   If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
+      --s3-sse-customer-key-md5 string                      If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
+      --s3-sse-kms-key-id string                            If using KMS ID you must provide the ARN of Key
+      --s3-storage-class string                             The storage class to use when storing new objects in S3
+      --s3-sts-endpoint string                              Endpoint for STS
+      --s3-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --s3-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --s3-use-accelerate-endpoint                          If true use the AWS S3 accelerated endpoint
+      --s3-use-accept-encoding-gzip Accept-Encoding: gzip   Whether to send Accept-Encoding: gzip header (default unset)
+      --s3-use-already-exists Tristate                      Set if rclone should report BucketAlreadyExists errors on bucket creation (default unset)
+      --s3-use-multipart-etag Tristate                      Whether to use ETag in multipart uploads for verification (default unset)
+      --s3-use-multipart-uploads Tristate                   Set if rclone should use multipart uploads (default unset)
+      --s3-use-presigned-request                            Whether to use a presigned request or PutObject for single part uploads
+      --s3-v2-auth                                          If true use v2 authentication
+      --s3-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --s3-versions                                         Include old versions in directory listings
+      --seafile-2fa                                         Two-factor authentication ('true' if the account has 2FA enabled)
+      --seafile-create-library                              Should rclone create a library if it doesn't exist
+      --seafile-encoding Encoding                           The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
+      --seafile-library string                              Name of the library
+      --seafile-library-key string                          Library password (for encrypted libraries only) (obscured)
+      --seafile-pass string                                 Password (obscured)
+      --seafile-url string                                  URL of seafile host to connect to
+      --seafile-user string                                 User name (usually email address)
+      --sftp-ask-password                                   Allow asking for SFTP password when needed
+      --sftp-chunk-size SizeSuffix                          Upload and download chunk size (default 32Ki)
+      --sftp-ciphers SpaceSepList                           Space separated list of ciphers to be used for session encryption, ordered by preference
+      --sftp-concurrency int                                The maximum number of outstanding requests for one file (default 64)
+      --sftp-copy-is-hardlink                               Set to enable server side copies using hardlinks
+      --sftp-disable-concurrent-reads                       If set don't use concurrent reads
+      --sftp-disable-concurrent-writes                      If set don't use concurrent writes
+      --sftp-disable-hashcheck                              Disable the execution of SSH commands to determine if remote file hashing is available
+      --sftp-host string                                    SSH host to connect to
+      --sftp-host-key-algorithms SpaceSepList               Space separated list of host key algorithms, ordered by preference
+      --sftp-idle-timeout Duration                          Max time before closing idle connections (default 1m0s)
+      --sftp-key-exchange SpaceSepList                      Space separated list of key exchange algorithms, ordered by preference
+      --sftp-key-file string                                Path to PEM-encoded private key file
+      --sftp-key-file-pass string                           The passphrase to decrypt the PEM-encoded private key file (obscured)
+      --sftp-key-pem string                                 Raw PEM-encoded private key
+      --sftp-key-use-agent                                  When set forces the usage of the ssh-agent
+      --sftp-known-hosts-file string                        Optional path to known_hosts file
+      --sftp-macs SpaceSepList                              Space separated list of MACs (message authentication code) algorithms, ordered by preference
+      --sftp-md5sum-command string                          The command used to read md5 hashes
+      --sftp-pass string                                    SSH password, leave blank to use ssh-agent (obscured)
+      --sftp-path-override string                           Override path used by SSH shell commands
+      --sftp-port int                                       SSH port number (default 22)
+      --sftp-pubkey-file string                             Optional path to public key file
+      --sftp-server-command string                          Specifies the path or command to run a sftp server on the remote host
+      --sftp-set-env SpaceSepList                           Environment variables to pass to sftp and commands
+      --sftp-set-modtime                                    Set the modified time on the remote if set (default true)
+      --sftp-sha1sum-command string                         The command used to read sha1 hashes
+      --sftp-shell-type string                              The type of SSH shell on remote server, if any
+      --sftp-skip-links                                     Set to skip any symlinks and any other non regular files
+      --sftp-socks-proxy string                             Socks 5 proxy host
+      --sftp-ssh SpaceSepList                               Path and arguments to external ssh binary
+      --sftp-subsystem string                               Specifies the SSH2 subsystem on the remote host (default "sftp")
+      --sftp-use-fstat                                      If set use fstat instead of stat
+      --sftp-use-insecure-cipher                            Enable the use of insecure ciphers and key exchange methods
+      --sftp-user string                                    SSH username (default "$USER")
+      --sharefile-auth-url string                           Auth server URL
+      --sharefile-chunk-size SizeSuffix                     Upload chunk size (default 64Mi)
+      --sharefile-client-id string                          OAuth Client Id
+      --sharefile-client-secret string                      OAuth Client Secret
+      --sharefile-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --sharefile-endpoint string                           Endpoint for API calls
+      --sharefile-root-folder-id string                     ID of the root folder
+      --sharefile-token string                              OAuth Access Token as a JSON blob
+      --sharefile-token-url string                          Token server url
+      --sharefile-upload-cutoff SizeSuffix                  Cutoff for switching to multipart upload (default 128Mi)
+      --sia-api-password string                             Sia Daemon API Password (obscured)
+      --sia-api-url string                                  Sia daemon API URL, like http://sia.daemon.host:9980 (default "http://127.0.0.1:9980")
+      --sia-encoding Encoding                               The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
+      --sia-user-agent string                               Siad User Agent (default "Sia-Agent")
+      --skip-links                                          Don't warn about skipped symlinks
+      --smb-case-insensitive                                Whether the server is configured to be case-insensitive (default true)
+      --smb-domain string                                   Domain name for NTLM authentication (default "WORKGROUP")
+      --smb-encoding Encoding                               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --smb-hide-special-share                              Hide special shares (e.g. print$) which users aren't supposed to access (default true)
+      --smb-host string                                     SMB server hostname to connect to
+      --smb-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --smb-pass string                                     SMB password (obscured)
+      --smb-port int                                        SMB port number (default 445)
+      --smb-spn string                                      Service principal name
+      --smb-user string                                     SMB username (default "$USER")
+      --storj-access-grant string                           Access grant
+      --storj-api-key string                                API key
+      --storj-passphrase string                             Encryption passphrase
+      --storj-provider string                               Choose an authentication method (default "existing")
+      --storj-satellite-address string                      Satellite address (default "us1.storj.io")
+      --sugarsync-access-key-id string                      Sugarsync Access Key ID
+      --sugarsync-app-id string                             Sugarsync App ID
+      --sugarsync-authorization string                      Sugarsync authorization
+      --sugarsync-authorization-expiry string               Sugarsync authorization expiry
+      --sugarsync-deleted-id string                         Sugarsync deleted folder id
+      --sugarsync-encoding Encoding                         The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
+      --sugarsync-hard-delete                               Permanently delete files if true
+      --sugarsync-private-access-key string                 Sugarsync Private Access Key
+      --sugarsync-refresh-token string                      Sugarsync refresh token
+      --sugarsync-root-id string                            Sugarsync root id
+      --sugarsync-user string                               Sugarsync user
+      --swift-application-credential-id string              Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
+      --swift-application-credential-name string            Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
+      --swift-application-credential-secret string          Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
+      --swift-auth string                                   Authentication URL for server (OS_AUTH_URL)
+      --swift-auth-token string                             Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
+      --swift-auth-version int                              AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
+      --swift-chunk-size SizeSuffix                         Above this size files will be chunked into a _segments container (default 5Gi)
+      --swift-domain string                                 User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+      --swift-encoding Encoding                             The encoding for the backend (default Slash,InvalidUtf8)
+      --swift-endpoint-type string                          Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
+      --swift-env-auth                                      Get swift credentials from environment variables in standard OpenStack form
+      --swift-key string                                    API key or password (OS_PASSWORD)
+      --swift-leave-parts-on-error                          If true avoid calling abort upload on a failure
+      --swift-no-chunk                                      Don't chunk files during streaming upload
+      --swift-no-large-objects                              Disable support for static and dynamic large objects
+      --swift-region string                                 Region name - optional (OS_REGION_NAME)
+      --swift-storage-policy string                         The storage policy to use when creating a new container
+      --swift-storage-url string                            Storage URL - optional (OS_STORAGE_URL)
+      --swift-tenant string                                 Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
+      --swift-tenant-domain string                          Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
+      --swift-tenant-id string                              Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
+      --swift-user string                                   User name to log in (OS_USERNAME)
+      --swift-user-id string                                User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
+      --union-action-policy string                          Policy to choose upstream on ACTION category (default "epall")
+      --union-cache-time int                                Cache time of usage and free space (in seconds) (default 120)
+      --union-create-policy string                          Policy to choose upstream on CREATE category (default "epmfs")
+      --union-min-free-space SizeSuffix                     Minimum viable free space for lfs/eplfs policies (default 1Gi)
+      --union-search-policy string                          Policy to choose upstream on SEARCH category (default "ff")
+      --union-upstreams string                              List of space separated upstreams
+      --uptobox-access-token string                         Your access token
+      --uptobox-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
+      --uptobox-private                                     Set to make uploaded files private
+      --webdav-bearer-token string                          Bearer token instead of user/pass (e.g. a Macaroon)
+      --webdav-bearer-token-command string                  Command to run to get a bearer token
+      --webdav-encoding string                              The encoding for the backend
+      --webdav-headers CommaSepList                         Set HTTP headers for all transactions
+      --webdav-nextcloud-chunk-size SizeSuffix              Nextcloud upload chunk size (default 10Mi)
+      --webdav-pacer-min-sleep Duration                     Minimum time to sleep between API calls (default 10ms)
+      --webdav-pass string                                  Password (obscured)
+      --webdav-url string                                   URL of http host to connect to
+      --webdav-user string                                  User name
+      --webdav-vendor string                                Name of the WebDAV site/service/software you are using
+      --yandex-auth-url string                              Auth server URL
+      --yandex-client-id string                             OAuth Client Id
+      --yandex-client-secret string                         OAuth Client Secret
+      --yandex-encoding Encoding                            The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --yandex-hard-delete                                  Delete files permanently rather than putting them into the trash
+      --yandex-token string                                 OAuth Access Token as a JSON blob
+      --yandex-token-url string                             Token server url
+      --zoho-auth-url string                                Auth server URL
+      --zoho-client-id string                               OAuth Client Id
+      --zoho-client-secret string                           OAuth Client Secret
+      --zoho-encoding Encoding                              The encoding for the backend (default Del,Ctl,InvalidUtf8)
+      --zoho-region string                                  Zoho region to connect to
+      --zoho-token string                                   OAuth Access Token as a JSON blob
+      --zoho-token-url string                               Token server url
+```
 
-Properties:
+# Docker Volume Plugin
 
-- Config:      auth_url
-- Env Var:     RCLONE_ACD_AUTH_URL
-- Type:        string
-- Required:    false
+## Introduction
 
-#### --acd-token-url
+Docker 1.9 has added support for creating
+[named volumes](https://docs.docker.com/storage/volumes/) via
+[command-line interface](https://docs.docker.com/engine/reference/commandline/volume_create/)
+and mounting them in containers as a way to share data between them.
+Since Docker 1.10 you can create named volumes with
+[Docker Compose](https://docs.docker.com/compose/) by descriptions in
+[docker-compose.yml](https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference)
+files for use by container groups on a single host.
+As of Docker 1.12 volumes are supported by
+[Docker Swarm](https://docs.docker.com/engine/swarm/key-concepts/)
+included with Docker Engine and created from descriptions in
+[swarm compose v3](https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference)
+files for use with _swarm stacks_ across multiple cluster nodes.
 
-Token server url.
+[Docker Volume Plugins](https://docs.docker.com/engine/extend/plugins_volume/)
+augment the default `local` volume driver included in Docker with stateful
+volumes shared across containers and hosts. Unlike local volumes, your
+data will _not_ be deleted when such volume is removed. Plugins can run
+managed by the docker daemon, as a native system service
+(under systemd, _sysv_ or _upstart_) or as a standalone executable.
+Rclone can run as docker volume plugin in all these modes.
+It interacts with the local docker daemon
+via [plugin API](https://docs.docker.com/engine/extend/plugin_api/) and
+handles mounting of remote file systems into docker containers so it must
+run on the same host as the docker daemon or on every Swarm node.
 
-Leave blank to use the provider defaults.
+## Getting started
 
-Properties:
+In the first example we will use the [SFTP](https://rclone.org/sftp/)
+rclone volume with Docker engine on a standalone Ubuntu machine.
 
-- Config:      token_url
-- Env Var:     RCLONE_ACD_TOKEN_URL
-- Type:        string
-- Required:    false
+Start from [installing Docker](https://docs.docker.com/engine/install/)
+on the host.
 
-#### --acd-checkpoint
+The _FUSE_ driver is a prerequisite for rclone mounting and should be
+installed on host:
+```
+sudo apt-get -y install fuse
+```
 
-Checkpoint for internal polling (debug).
+Create two directories required by rclone docker plugin:
+```
+sudo mkdir -p /var/lib/docker-plugins/rclone/config
+sudo mkdir -p /var/lib/docker-plugins/rclone/cache
+```
 
-Properties:
+Install the managed rclone docker plugin for your architecture (here `amd64`):
+```
+docker plugin install rclone/docker-volume-rclone:amd64 args="-v" --alias rclone --grant-all-permissions
+docker plugin list
+```
 
-- Config:      checkpoint
-- Env Var:     RCLONE_ACD_CHECKPOINT
-- Type:        string
-- Required:    false
+Create your [SFTP volume](https://rclone.org/sftp/#standard-options):
+```
+docker volume create firstvolume -d rclone -o type=sftp -o sftp-host=_hostname_ -o sftp-user=_username_ -o sftp-pass=_password_ -o allow-other=true
+```
 
-#### --acd-upload-wait-per-gb
+Note that since all options are static, you don't even have to run
+`rclone config` or create the `rclone.conf` file (but the `config` directory
+should still be present). In the simplest case you can use `localhost`
+as _hostname_ and your SSH credentials as _username_ and _password_.
+You can also change the remote path to your home directory on the host,
+for example `-o path=/home/username`.
 
-Additional time per GiB to wait after a failed complete upload to see if it appears.
 
-Sometimes Amazon Drive gives an error when a file has been fully
-uploaded but the file appears anyway after a little while.  This
-happens sometimes for files over 1 GiB in size and nearly every time for
-files bigger than 10 GiB. This parameter controls the time rclone waits
-for the file to appear.
+Time to create a test container and mount the volume into it:
+```
+docker run --rm -it -v firstvolume:/mnt --workdir /mnt ubuntu:latest bash
+```
 
-The default value for this parameter is 3 minutes per GiB, so by
-default it will wait 3 minutes for every GiB uploaded to see if the
-file appears.
+If all goes well, you will enter the new container and change right to
+the mounted SFTP remote. You can type `ls` to list the mounted directory
+or otherwise play with it. Type `exit` when you are done.
+The container will stop but the volume will stay, ready to be reused.
+When it's not needed anymore, remove it:
+```
+docker volume list
+docker volume remove firstvolume
+```
 
-You can disable this feature by setting it to 0. This may cause
-conflict errors as rclone retries the failed upload but the file will
-most likely appear correctly eventually.
+Now let us try **something more elaborate**:
+[Google Drive](https://rclone.org/drive/) volume on multi-node Docker Swarm.
 
-These values were determined empirically by observing lots of uploads
-of big files for a range of file sizes.
+You should start from installing Docker and FUSE, creating plugin
+directories and installing rclone plugin on _every_ swarm node.
+Then [setup the Swarm](https://docs.docker.com/engine/swarm/swarm-mode/).
 
-Upload with the "-v" flag to see more info about what rclone is doing
-in this situation.
+Google Drive volumes need an access token which can be setup via web
+browser and will be periodically renewed by rclone. The managed
+plugin cannot run a browser so we will use a technique similar to the
+[rclone setup on a headless box](https://rclone.org/remote_setup/).
 
-Properties:
+Run [rclone config](https://rclone.org/commands/rclone_config_create/)
+on _another_ machine equipped with _web browser_ and graphical user interface.
+Create the [Google Drive remote](https://rclone.org/drive/#standard-options).
+When done, transfer the resulting `rclone.conf` to the Swarm cluster
+and save as `/var/lib/docker-plugins/rclone/config/rclone.conf`
+on _every_ node. By default this location is accessible only to the
+root user so you will need appropriate privileges. The resulting config
+will look like this:
+```
+[gdrive]
+type = drive
+scope = drive
+drive_id = 1234567...
+root_folder_id = 0Abcd...
+token = {"access_token":...}
+```
 
-- Config:      upload_wait_per_gb
-- Env Var:     RCLONE_ACD_UPLOAD_WAIT_PER_GB
-- Type:        Duration
-- Default:     3m0s
+Now create the file named `example.yml` with a swarm stack description
+like this:
+```
+version: '3'
+services:
+  heimdall:
+    image: linuxserver/heimdall:latest
+    ports: [8080:80]
+    volumes: [configdata:/config]
+volumes:
+  configdata:
+    driver: rclone
+    driver_opts:
+      remote: 'gdrive:heimdall'
+      allow_other: 'true'
+      vfs_cache_mode: full
+      poll_interval: 0
+```
 
-#### --acd-templink-threshold
+and run the stack:
+```
+docker stack deploy example -c ./example.yml
+```
 
-Files >= this size will be downloaded via their tempLink.
+After a few seconds docker will spread the parsed stack description
+over cluster, create the `example_heimdall` service on port _8080_,
+run service containers on one or more cluster nodes and request
+the `example_configdata` volume from rclone plugins on the node hosts.
+You can use the following commands to confirm results:
+```
+docker service ls
+docker service ps example_heimdall
+docker volume ls
+```
 
-Files this size or more will be downloaded via their "tempLink". This
-is to work around a problem with Amazon Drive which blocks downloads
-of files bigger than about 10 GiB. The default for this is 9 GiB which
-shouldn't need to be changed.
+Point your browser to `http://cluster.host.address:8080` and play with
+the service. Stop it with `docker stack remove example` when you are done.
+Note that the `example_configdata` volume(s) created on demand at the
+cluster nodes will not be automatically removed together with the stack
+but stay for future reuse. You can remove them manually by invoking
+the `docker volume remove example_configdata` command on every node.
 
-To download files above this threshold, rclone requests a "tempLink"
-which downloads the file through a temporary URL directly from the
-underlying S3 storage.
+## Creating Volumes via CLI
 
-Properties:
+Volumes can be created with [docker volume create](https://docs.docker.com/engine/reference/commandline/volume_create/).
+Here are a few examples:
+```
+docker volume create vol1 -d rclone -o remote=storj: -o vfs-cache-mode=full
+docker volume create vol2 -d rclone -o remote=:storj,access_grant=xxx:heimdall
+docker volume create vol3 -d rclone -o type=storj -o path=heimdall -o storj-access-grant=xxx -o poll-interval=0
+```
 
-- Config:      templink_threshold
-- Env Var:     RCLONE_ACD_TEMPLINK_THRESHOLD
-- Type:        SizeSuffix
-- Default:     9Gi
+Note the `-d rclone` flag that tells docker to request volume from the
+rclone driver. This works even if you installed managed driver by its full
+name `rclone/docker-volume-rclone` because you provided the `--alias rclone`
+option.
 
-#### --acd-encoding
+Volumes can be inspected as follows:
+```
+docker volume list
+docker volume inspect vol1
+```
 
-The encoding for the backend.
+## Volume Configuration
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Rclone flags and volume options are set via the `-o` flag to the
+`docker volume create` command. They include backend-specific parameters
+as well as mount and _VFS_ options. Also there are a few
+special `-o` options:
+`remote`, `fs`, `type`, `path`, `mount-type` and `persist`.
 
-Properties:
+`remote` determines an existing remote name from the config file, with
+trailing colon and optionally with a remote path. See the full syntax in
+the [rclone documentation](https://rclone.org/docs/#syntax-of-remote-paths).
+This option can be aliased as `fs` to prevent confusion with the
+_remote_ parameter of such backends as _crypt_ or _alias_.
 
-- Config:      encoding
-- Env Var:     RCLONE_ACD_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,InvalidUtf8,Dot
+The `remote=:backend:dir/subdir` syntax can be used to create
+[on-the-fly (config-less) remotes](https://rclone.org/docs/#backend-path-to-dir),
+while the `type` and `path` options provide a simpler alternative for this.
+Using two split options
+```
+-o type=backend -o path=dir/subdir
+```
+is equivalent to the combined syntax
+```
+-o remote=:backend:dir/subdir
+```
+but is arguably easier to parameterize in scripts.
+The `path` part is optional.
 
+[Mount and VFS options](https://rclone.org/commands/rclone_serve_docker/#options)
+as well as [backend parameters](https://rclone.org/flags/#backend-flags) are named
+like their twin command-line flags without the `--` CLI prefix.
+Optionally you can use underscores instead of dashes in option names.
+For example, `--vfs-cache-mode full` becomes
+`-o vfs-cache-mode=full` or `-o vfs_cache_mode=full`.
+Boolean CLI flags without value will gain the `true` value, e.g.
+`--allow-other` becomes `-o allow-other=true` or `-o allow_other=true`.
 
+Please note that you can provide parameters only for the backend immediately
+referenced by the backend type of mounted `remote`.
+If this is a wrapping backend like _alias, chunker or crypt_, you cannot
+provide options for the referred to remote or backend. This limitation is
+imposed by the rclone connection string parser. The only workaround is to
+feed plugin with `rclone.conf` or configure plugin arguments (see below).
 
-## Limitations
+## Special Volume Options
 
-Note that Amazon Drive is case insensitive so you can't have a
-file called "Hello.doc" and one called "hello.doc".
+`mount-type` determines the mount method and in general can be one of:
+`mount`, `cmount`, or `mount2`. This can be aliased as `mount_type`.
+It should be noted that the managed rclone docker plugin currently does
+not support the `cmount` method and `mount2` is rarely needed.
+This option defaults to the first found method, which is usually `mount`
+so you generally won't need it.
 
-Amazon Drive has rate limiting so you may notice errors in the
-sync (429 errors).  rclone will automatically retry the sync up to 3
-times by default (see `--retries` flag) which should hopefully work
-around this problem.
+`persist` is a reserved boolean (true/false) option.
+In future it will allow to persist on-the-fly remotes in the plugin
+`rclone.conf` file.
 
-Amazon Drive has an internal limit of file sizes that can be uploaded
-to the service. This limit is not officially published, but all files
-larger than this will fail.
+## Connection Strings
 
-At the time of writing (Jan 2016) is in the area of 50 GiB per file.
-This means that larger files are likely to fail.
+The `remote` value can be extended
+with [connection strings](https://rclone.org/docs/#connection-strings)
+as an alternative way to supply backend parameters. This is equivalent
+to the `-o` backend options with one _syntactic difference_.
+Inside connection string the backend prefix must be dropped from parameter
+names but in the `-o param=value` array it must be present.
+For instance, compare the following option array
+```
+-o remote=:sftp:/home -o sftp-host=localhost
+```
+with equivalent connection string:
+```
+-o remote=:sftp,host=localhost:/home
+```
+This difference exists because flag options `-o key=val` include not only
+backend parameters but also mount/VFS flags and possibly other settings.
+Also it allows to discriminate the `remote` option from the `crypt-remote`
+(or similarly named backend parameters) and arguably simplifies scripting
+due to clearer value substitution.
 
-Unfortunately there is no way for rclone to see that this failure is
-because of file size, so it will retry the operation, as any other
-failure. To avoid this problem, use `--max-size 50000M` option to limit
-the maximum size of uploaded files. Note that `--max-size` does not split
-files into segments, it only ignores files over this size.
+## Using with Swarm or Compose
 
-`rclone about` is not supported by the Amazon Drive backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+Both _Docker Swarm_ and _Docker Compose_ use
+[YAML](http://yaml.org/spec/1.2/spec.html)-formatted text files to describe
+groups (stacks) of containers, their properties, networks and volumes.
+_Compose_ uses the [compose v2](https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference) format,
+_Swarm_ uses the [compose v3](https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference) format.
+They are mostly similar, differences are explained in the
+[docker documentation](https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading).
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+Volumes are described by the children of the top-level `volumes:` node.
+Each of them should be named after its volume and have at least two
+elements, the self-explanatory `driver: rclone` value and the
+`driver_opts:` structure playing the same role as `-o key=val` CLI flags:
 
-#  Amazon S3 Storage Providers
+```
+volumes:
+  volume_name_1:
+    driver: rclone
+    driver_opts:
+      remote: 'gdrive:'
+      allow_other: 'true'
+      vfs_cache_mode: full
+      token: '{"type": "borrower", "expires": "2021-12-31"}'
+      poll_interval: 0
+```
 
-The S3 backend can be used with a number of different providers:
+Notice a few important details:
+- YAML prefers `_` in option names instead of `-`.
+- YAML treats single and double quotes interchangeably.
+  Simple strings and integers can be left unquoted.
+- Boolean values must be quoted like `'true'` or `"false"` because
+  these two words are reserved by YAML.
+- The filesystem string is keyed with `remote` (or with `fs`).
+  Normally you can omit quotes here, but if the string ends with colon,
+  you **must** quote it like `remote: "storage_box:"`.
+- YAML is picky about surrounding braces in values as this is in fact
+  another [syntax for key/value mappings](http://yaml.org/spec/1.2/spec.html#id2790832).
+  For example, JSON access tokens usually contain double quotes and
+  surrounding braces, so you must put them in single quotes.
 
+## Installing as Managed Plugin
 
-- AWS S3
-- Alibaba Cloud (Aliyun) Object Storage System (OSS)
-- Ceph
-- China Mobile Ecloud Elastic Object Storage (EOS)
-- Cloudflare R2
-- Arvan Cloud Object Storage (AOS)
-- DigitalOcean Spaces
-- Dreamhost
-- Huawei OBS
-- IBM COS S3
-- IDrive e2
-- IONOS Cloud
-- Liara Object Storage
-- Minio
-- Qiniu Cloud Object Storage (Kodo)
-- RackCorp Object Storage
-- Scaleway
-- Seagate Lyve Cloud
-- SeaweedFS
-- StackPath
-- Storj
-- Tencent Cloud Object Storage (COS)
-- Wasabi
+Docker daemon can install plugins from an image registry and run them managed.
+We maintain the
+[docker-volume-rclone](https://hub.docker.com/p/rclone/docker-volume-rclone/)
+plugin image on [Docker Hub](https://hub.docker.com).
 
+Rclone volume plugin requires **Docker Engine >= 19.03.15**
 
-Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
-command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+The plugin requires presence of two directories on the host before it can
+be installed. Note that plugin will **not** create them automatically.
+By default they must exist on host at the following locations
+(though you can tweak the paths):
+- `/var/lib/docker-plugins/rclone/config`
+  is reserved for the `rclone.conf` config file and **must** exist
+  even if it's empty and the config file is not present.
+- `/var/lib/docker-plugins/rclone/cache`
+  holds the plugin state file as well as optional VFS caches.
 
-Once you have made a remote (see the provider specific section above)
-you can use it like this:
+You can [install managed plugin](https://docs.docker.com/engine/reference/commandline/plugin_install/)
+with default settings as follows:
+```
+docker plugin install rclone/docker-volume-rclone:amd64 --grant-all-permissions --alias rclone
+```
 
-See all buckets
+The `:amd64` part of the image specification after colon is called a _tag_.
+Usually you will want to install the latest plugin for your architecture. In
+this case the tag will just name it, like `amd64` above. The following plugin
+architectures are currently available:
+- `amd64`
+- `arm64`
+- `arm-v7`
 
-    rclone lsd remote:
+Sometimes you might want a concrete plugin version, not the latest one.
+Then you should use image tag in the form `:ARCHITECTURE-VERSION`.
+For example, to install plugin version `v1.56.2` on architecture `arm64`
+you will use tag `arm64-1.56.2` (note the removed `v`) so the full image
+specification becomes `rclone/docker-volume-rclone:arm64-1.56.2`.
 
-Make a new bucket
+We also provide the `latest` plugin tag, but since docker does not support
+multi-architecture plugins as of the time of this writing, this tag is
+currently an **alias for `amd64`**.
+By convention the `latest` tag is the default one and can be omitted, thus
+both `rclone/docker-volume-rclone:latest` and just `rclone/docker-volume-rclone`
+will refer to the latest plugin release for the `amd64` platform.
 
-    rclone mkdir remote:bucket
+Also the `amd64` part can be omitted from the versioned rclone plugin tags.
+For example, rclone image reference `rclone/docker-volume-rclone:amd64-1.56.2`
+can be abbreviated as `rclone/docker-volume-rclone:1.56.2` for convenience.
+However, for non-intel architectures you still have to use the full tag as
+`amd64` or `latest` will fail to start.
 
-List the contents of a bucket
+Managed plugin is in fact a special container running in a namespace separate
+from normal docker containers. Inside it runs the `rclone serve docker`
+command. The config and cache directories are bind-mounted into the
+container at start. The docker daemon connects to a unix socket created
+by the command inside the container. The command creates on-demand remote
+mounts right inside, then docker machinery propagates them through kernel
+mount namespaces and bind-mounts into requesting user containers.
 
-    rclone ls remote:bucket
+You can tweak a few plugin settings after installation when it's disabled
+(not in use), for instance:
+```
+docker plugin disable rclone
+docker plugin set rclone RCLONE_VERBOSE=2 config=/etc/rclone args="--vfs-cache-mode=writes --allow-other"
+docker plugin enable rclone
+docker plugin inspect rclone
+```
 
-Sync `/home/local/directory` to the remote bucket, deleting any excess
-files in the bucket.
+Note that if docker refuses to disable the plugin, you should find and
+remove all active volumes connected with it as well as containers and
+swarm services that use them. This is rather tedious so please carefully
+plan in advance.
 
-    rclone sync --interactive /home/local/directory remote:bucket
+You can tweak the following settings:
+`args`, `config`, `cache`, `HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY`
+and `RCLONE_VERBOSE`.
+It's _your_ task to keep plugin settings in sync across swarm cluster nodes.
 
-## Configuration
+`args` sets command-line arguments for the `rclone serve docker` command
+(_none_ by default). Arguments should be separated by space so you will
+normally want to put them in quotes on the
+[docker plugin set](https://docs.docker.com/engine/reference/commandline/plugin_set/)
+command line. Both [serve docker flags](https://rclone.org/commands/rclone_serve_docker/#options)
+and [generic rclone flags](https://rclone.org/flags/) are supported, including backend
+parameters that will be used as defaults for volume creation.
+Note that plugin will fail (due to [this docker bug](https://github.com/moby/moby/blob/v20.10.7/plugin/v2/plugin.go#L195))
+if the `args` value is empty. Use e.g. `args="-v"` as a workaround.
 
-Here is an example of making an s3 configuration for the AWS S3 provider.
-Most applies to the other providers as well, any differences are described [below](#providers).
+`config=/host/dir` sets alternative host location for the config directory.
+Plugin will look for `rclone.conf` here. It's not an error if the config
+file is not present but the directory must exist. Please note that plugin
+can periodically rewrite the config file, for example when it renews
+storage access tokens. Keep this in mind and try to avoid races between
+the plugin and other instances of rclone on the host that might try to
+change the config simultaneously resulting in corrupted `rclone.conf`.
+You can also put stuff like private key files for SFTP remotes in this
+directory. Just note that it's bind-mounted inside the plugin container
+at the predefined path `/data/config`. For example, if your key file is
+named `sftp-box1.key` on the host, the corresponding volume config option
+should read `-o sftp-key-file=/data/config/sftp-box1.key`.
 
-First run
+`cache=/host/dir` sets alternative host location for the _cache_ directory.
+The plugin will keep VFS caches here. Also it will create and maintain
+the `docker-plugin.state` file in this directory. When the plugin is
+restarted or reinstalled, it will look in this file to recreate any volumes
+that existed previously. However, they will not be re-mounted into
+consuming containers after restart. Usually this is not a problem as
+the docker daemon normally will restart affected user containers after
+failures, daemon restarts or host reboots.
 
-    rclone config
+`RCLONE_VERBOSE` sets plugin verbosity from `0` (errors only, by default)
+to `2` (debugging). Verbosity can be also tweaked via `args="-v [-v] ..."`.
+Since arguments are more generic, you will rarely need this setting.
+The plugin output by default feeds the docker daemon log on local host.
+Log entries are reflected as _errors_ in the docker log but retain their
+actual level assigned by rclone in the encapsulated message string.
 
-This will guide you through an interactive setup process.
+`HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY` customize the plugin proxy settings.
 
+You can set custom plugin options right when you install it, _in one go_:
 ```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Ceph, ChinaMobile, ArvanCloud, Dreamhost, IBM COS, Liara, Minio, and Tencent COS
-   \ "s3"
-[snip]
-Storage> s3
-Choose your S3 provider.
-Choose a number from below, or type in your own value
- 1 / Amazon Web Services (AWS) S3
-   \ "AWS"
- 2 / Ceph Object Storage
-   \ "Ceph"
- 3 / DigitalOcean Spaces
-   \ "DigitalOcean"
- 4 / Dreamhost DreamObjects
-   \ "Dreamhost"
- 5 / IBM COS S3
-   \ "IBMCOS"
- 6 / Minio Object Storage
-   \ "Minio"
- 7 / Wasabi Object Storage
-   \ "Wasabi"
- 8 / Any other S3 compatible provider
-   \ "Other"
-provider> 1
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ "false"
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ "true"
-env_auth> 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id> XXX
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key> YYY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint - a good choice if you are unsure.
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \ "us-east-1"
-   / US East (Ohio) Region
- 2 | Needs location constraint us-east-2.
-   \ "us-east-2"
-   / US West (Oregon) Region
- 3 | Needs location constraint us-west-2.
-   \ "us-west-2"
-   / US West (Northern California) Region
- 4 | Needs location constraint us-west-1.
-   \ "us-west-1"
-   / Canada (Central) Region
- 5 | Needs location constraint ca-central-1.
-   \ "ca-central-1"
-   / EU (Ireland) Region
- 6 | Needs location constraint EU or eu-west-1.
-   \ "eu-west-1"
-   / EU (London) Region
- 7 | Needs location constraint eu-west-2.
-   \ "eu-west-2"
-   / EU (Frankfurt) Region
- 8 | Needs location constraint eu-central-1.
-   \ "eu-central-1"
-   / Asia Pacific (Singapore) Region
- 9 | Needs location constraint ap-southeast-1.
-   \ "ap-southeast-1"
-   / Asia Pacific (Sydney) Region
-10 | Needs location constraint ap-southeast-2.
-   \ "ap-southeast-2"
-   / Asia Pacific (Tokyo) Region
-11 | Needs location constraint ap-northeast-1.
-   \ "ap-northeast-1"
-   / Asia Pacific (Seoul)
-12 | Needs location constraint ap-northeast-2.
-   \ "ap-northeast-2"
-   / Asia Pacific (Mumbai)
-13 | Needs location constraint ap-south-1.
-   \ "ap-south-1"
-   / Asia Pacific (Hong Kong) Region
-14 | Needs location constraint ap-east-1.
-   \ "ap-east-1"
-   / South America (Sao Paulo) Region
-15 | Needs location constraint sa-east-1.
-   \ "sa-east-1"
-region> 1
-Endpoint for S3 API.
-Leave blank if using AWS to use the default endpoint for the region.
-endpoint>
-Location constraint - must be set to match the Region. Used when creating buckets only.
-Choose a number from below, or type in your own value
- 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
-   \ ""
- 2 / US East (Ohio) Region.
-   \ "us-east-2"
- 3 / US West (Oregon) Region.
-   \ "us-west-2"
- 4 / US West (Northern California) Region.
-   \ "us-west-1"
- 5 / Canada (Central) Region.
-   \ "ca-central-1"
- 6 / EU (Ireland) Region.
-   \ "eu-west-1"
- 7 / EU (London) Region.
-   \ "eu-west-2"
- 8 / EU Region.
-   \ "EU"
- 9 / Asia Pacific (Singapore) Region.
-   \ "ap-southeast-1"
-10 / Asia Pacific (Sydney) Region.
-   \ "ap-southeast-2"
-11 / Asia Pacific (Tokyo) Region.
-   \ "ap-northeast-1"
-12 / Asia Pacific (Seoul)
-   \ "ap-northeast-2"
-13 / Asia Pacific (Mumbai)
-   \ "ap-south-1"
-14 / Asia Pacific (Hong Kong)
-   \ "ap-east-1"
-15 / South America (Sao Paulo) Region.
-   \ "sa-east-1"
-location_constraint> 1
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ "private"
- 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
-   \ "public-read"
-   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
- 3 | Granting this on a bucket is generally not recommended.
-   \ "public-read-write"
- 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
-   \ "authenticated-read"
-   / Object owner gets FULL_CONTROL. Bucket owner gets READ access.
- 5 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \ "bucket-owner-read"
-   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
- 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \ "bucket-owner-full-control"
-acl> 1
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value
- 1 / None
-   \ ""
- 2 / AES256
-   \ "AES256"
-server_side_encryption> 1
-The storage class to use when storing objects in S3.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ ""
- 2 / Standard storage class
-   \ "STANDARD"
- 3 / Reduced redundancy storage class
-   \ "REDUCED_REDUNDANCY"
- 4 / Standard Infrequent Access storage class
-   \ "STANDARD_IA"
- 5 / One Zone Infrequent Access storage class
-   \ "ONEZONE_IA"
- 6 / Glacier storage class
-   \ "GLACIER"
- 7 / Glacier Deep Archive storage class
-   \ "DEEP_ARCHIVE"
- 8 / Intelligent-Tiering storage class
-   \ "INTELLIGENT_TIERING"
- 9 / Glacier Instant Retrieval storage class
-   \ "GLACIER_IR"
-storage_class> 1
-Remote config
---------------------
-[remote]
-type = s3
-provider = AWS
-env_auth = false
-access_key_id = XXX
-secret_access_key = YYY
-region = us-east-1
-endpoint =
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d>
+docker plugin remove rclone
+docker plugin install rclone/docker-volume-rclone:amd64 \
+       --alias rclone --grant-all-permissions \
+       args="-v --allow-other" config=/etc/rclone
+docker plugin inspect rclone
 ```
 
-### Modified time
+## Healthchecks
 
-The modified time is stored as metadata on the object as
-`X-Amz-Meta-Mtime` as floating point since the epoch, accurate to 1 ns.
+The docker plugin volume protocol doesn't provide a way for plugins
+to inform the docker daemon that a volume is (un-)available.
+As a workaround you can setup a healthcheck to verify that the mount
+is responding, for example:
+```
+services:
+  my_service:
+    image: my_image
+    healthcheck:
+      test: ls /path/to/rclone/mount || exit 1
+      interval: 1m
+      timeout: 15s
+      retries: 3
+      start_period: 15s
+```
 
-If the modification time needs to be updated rclone will attempt to perform a server
-side copy to update the modification if the object can be copied in a single part.
-In the case the object is larger than 5Gb or is in Glacier or Glacier Deep Archive
-storage the object will be uploaded rather than copied.
+## Running Plugin under Systemd
 
-Note that reading this from the object takes an additional `HEAD`
-request as the metadata isn't returned in object listings.
+In most cases you should prefer managed mode. Moreover, MacOS and Windows
+do not support native Docker plugins. Please use managed mode on these
+systems. Proceed further only if you are on Linux.
 
-### Reducing costs
+First, [install rclone](https://rclone.org/install/).
+You can just run it (type `rclone serve docker` and hit enter) for the test.
 
-#### Avoiding HEAD requests to read the modification time
+Install _FUSE_:
+```
+sudo apt-get -y install fuse
+```
 
-By default, rclone will use the modification time of objects stored in
-S3 for syncing.  This is stored in object metadata which unfortunately
-takes an extra HEAD request to read which can be expensive (in time
-and money).
+Download two systemd configuration files:
+[docker-volume-rclone.service](https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.service)
+and [docker-volume-rclone.socket](https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.socket).
 
-The modification time is used by default for all operations that
-require checking the time a file was last updated. It allows rclone to
-treat the remote more like a true filesystem, but it is inefficient on
-S3 because it requires an extra API call to retrieve the metadata.
+Put them to the `/etc/systemd/system/` directory:
+```
+cp docker-volume-plugin.service /etc/systemd/system/
+cp docker-volume-plugin.socket  /etc/systemd/system/
+```
 
-The extra API calls can be avoided when syncing (using `rclone sync`
-or `rclone copy`) in a few different ways, each with its own
-tradeoffs.
+Please note that all commands in this section must be run as _root_ but
+we omit `sudo` prefix for brevity.
+Now create directories required by the service:
+```
+mkdir -p /var/lib/docker-volumes/rclone
+mkdir -p /var/lib/docker-plugins/rclone/config
+mkdir -p /var/lib/docker-plugins/rclone/cache
+```
 
-- `--size-only`
-    - Only checks the size of files.
-    - Uses no extra transactions.
-    - If the file doesn't change size then rclone won't detect it has
-      changed.
-    - `rclone sync --size-only /path/to/source s3:bucket`
-- `--checksum`
-    - Checks the size and MD5 checksum of files.
-    - Uses no extra transactions.
-    - The most accurate detection of changes possible.
-    - Will cause the source to read an MD5 checksum which, if it is a
-      local disk, will cause lots of disk activity.
-    - If the source and destination are both S3 this is the
-      **recommended** flag to use for maximum efficiency.
-    - `rclone sync --checksum /path/to/source s3:bucket`
-- `--update --use-server-modtime`
-    - Uses no extra transactions.
-    - Modification time becomes the time the object was uploaded.
-    - For many operations this is sufficient to determine if it needs
-      uploading.
-    - Using `--update` along with `--use-server-modtime`, avoids the
-      extra API call and uploads files whose local modification time
-      is newer than the time it was last uploaded.
-    - Files created with timestamps in the past will be missed by the sync.
-    - `rclone sync --update --use-server-modtime /path/to/source s3:bucket`
+Run the docker plugin service in the socket activated mode:
+```
+systemctl daemon-reload
+systemctl start docker-volume-rclone.service
+systemctl enable docker-volume-rclone.socket
+systemctl start docker-volume-rclone.socket
+systemctl restart docker
+```
 
-These flags can and should be used in combination with `--fast-list` -
-see below.
+Or run the service directly:
+- run `systemctl daemon-reload` to let systemd pick up new config
+- run `systemctl enable docker-volume-rclone.service` to make the new
+  service start automatically when you power on your machine.
+- run `systemctl start docker-volume-rclone.service`
+  to start the service now.
+- run `systemctl restart docker` to restart docker daemon and let it
+  detect the new plugin socket. Note that this step is not needed in
+  managed mode where docker knows about plugin state changes.
 
-If using `rclone mount` or any command using the VFS (eg `rclone
-serve`) commands then you might want to consider using the VFS flag
-`--no-modtime` which will stop rclone reading the modification time
-for every object. You could also use `--use-server-modtime` if you are
-happy with the modification times of the objects being the time of
-upload.
+The two methods are equivalent from the user perspective, but I personally
+prefer socket activation.
 
-#### Avoiding GET requests to read directory listings
+## Troubleshooting
 
-Rclone's default directory traversal is to process each directory
-individually.  This takes one API call per directory.  Using the
-`--fast-list` flag will read all info about the objects into
-memory first using a smaller number of API calls (one per 1000
-objects). See the [rclone docs](https://rclone.org/docs/#fast-list) for more details.
+You can [see managed plugin settings](https://docs.docker.com/engine/extend/#debugging-plugins)
+with
+```
+docker plugin list
+docker plugin inspect rclone
+```
+Note that docker (including latest 20.10.7) will not show actual values
+of `args`, just the defaults.
 
-    rclone sync --fast-list --checksum /path/to/source s3:bucket
+Use `journalctl --unit docker` to see managed plugin output as part of
+the docker daemon log. Note that docker reflects plugin lines as _errors_
+but their actual level can be seen from encapsulated message string.
 
-`--fast-list` trades off API transactions for memory use. As a rough
-guide rclone uses 1k of memory per object stored, so using
-`--fast-list` on a sync of a million objects will use roughly 1 GiB of
-RAM.
+You will usually install the latest version of managed plugin for your platform.
+Use the following commands to print the actual installed version:
+```
+PLUGID=$(docker plugin list --no-trunc | awk '/rclone/{print$1}')
+sudo runc --root /run/docker/runtime-runc/plugins.moby exec $PLUGID rclone version
+```
 
-If you are only copying a small number of files into a big repository
-then using `--no-traverse` is a good idea. This finds objects directly
-instead of through directory listings. You can do a "top-up" sync very
-cheaply by using `--max-age` and `--no-traverse` to copy only recent
-files, eg
+You can even use `runc` to run shell inside the plugin container:
+```
+sudo runc --root /run/docker/runtime-runc/plugins.moby exec --tty $PLUGID bash
+```
 
-    rclone copy --max-age 24h --no-traverse /path/to/source s3:bucket
+Also you can use curl to check the plugin socket connectivity:
+```
+docker plugin list --no-trunc
+PLUGID=123abc...
+sudo curl -H Content-Type:application/json -XPOST -d {} --unix-socket /run/docker/plugins/$PLUGID/rclone.sock http://localhost/Plugin.Activate
+```
+though this is rarely needed.
 
-You'd then do a full `rclone sync` less often.
+## Caveats
 
-Note that `--fast-list` isn't required in the top-up sync.
+Finally I'd like to mention a _caveat with updating volume settings_.
+Docker CLI does not have a dedicated command like `docker volume update`.
+It may be tempting to invoke `docker volume create` with updated options
+on existing volume, but there is a gotcha. The command will do nothing,
+it won't even return an error. I hope that docker maintainers will fix
+this some day. In the meantime be aware that you must remove your volume
+before recreating it with new settings:
+```
+docker volume remove my_vol
+docker volume create my_vol -d rclone -o opt1=new_val1 ...
+```
 
-#### Avoiding HEAD requests after PUT
+and verify that settings did update:
+```
+docker volume list
+docker volume inspect my_vol
+```
 
-By default, rclone will HEAD every object it uploads. It does this to
-check the object got uploaded correctly.
+If docker refuses to remove the volume, you should find containers
+or swarm services that use it and stop them first.
 
-You can disable this with the [--s3-no-head](#s3-no-head) option - see
-there for more details.
+## Getting started {#getting-started}
 
-Setting this flag increases the chance for undetected upload failures.
+- [Install rclone](https://rclone.org/install/) and setup your remotes.
+- Bisync will create its working directory
+  at `~/.cache/rclone/bisync` on Linux
+  or `C:\Users\MyLogin\AppData\Local\rclone\bisync` on Windows.
+  Make sure that this location is writable.
+- Run bisync with the `--resync` flag, specifying the paths
+  to the local and remote sync directory roots.
+- For successive sync runs, leave off the `--resync` flag.
+- Consider using a [filters file](#filtering) for excluding
+  unnecessary files and directories from the sync.
+- Consider setting up the [--check-access](#check-access) feature
+  for safety.
+- On Linux, consider setting up a [crontab entry](#cron). bisync can
+  safely run in concurrent cron jobs thanks to lock files it maintains.
 
-### Hashes
+Here is a typical run log (with timestamps removed for clarity):
 
-For small objects which weren't uploaded as multipart uploads (objects
-sized below `--s3-upload-cutoff` if uploaded with rclone) rclone uses
-the `ETag:` header as an MD5 checksum.
+```
+rclone bisync /testdir/path1/ /testdir/path2/ --verbose
+INFO  : Synching Path1 "/testdir/path1/" with Path2 "/testdir/path2/"
+INFO  : Path1 checking for diffs
+INFO  : - Path1    File is new                         - file11.txt
+INFO  : - Path1    File is newer                       - file2.txt
+INFO  : - Path1    File is newer                       - file5.txt
+INFO  : - Path1    File is newer                       - file7.txt
+INFO  : - Path1    File was deleted                    - file4.txt
+INFO  : - Path1    File was deleted                    - file6.txt
+INFO  : - Path1    File was deleted                    - file8.txt
+INFO  : Path1:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
+INFO  : Path2 checking for diffs
+INFO  : - Path2    File is new                         - file10.txt
+INFO  : - Path2    File is newer                       - file1.txt
+INFO  : - Path2    File is newer                       - file5.txt
+INFO  : - Path2    File is newer                       - file6.txt
+INFO  : - Path2    File was deleted                    - file3.txt
+INFO  : - Path2    File was deleted                    - file7.txt
+INFO  : - Path2    File was deleted                    - file8.txt
+INFO  : Path2:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
+INFO  : Applying changes
+INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file11.txt
+INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file2.txt
+INFO  : - Path2    Queue delete                        - /testdir/path2/file4.txt
+NOTICE: - WARNING  New or changed in both paths        - file5.txt
+NOTICE: - Path1    Renaming Path1 copy                 - /testdir/path1/file5.txt..path1
+NOTICE: - Path1    Queue copy to Path2                 - /testdir/path2/file5.txt..path1
+NOTICE: - Path2    Renaming Path2 copy                 - /testdir/path2/file5.txt..path2
+NOTICE: - Path2    Queue copy to Path1                 - /testdir/path1/file5.txt..path2
+INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file6.txt
+INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file7.txt
+INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file1.txt
+INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file10.txt
+INFO  : - Path1    Queue delete                        - /testdir/path1/file3.txt
+INFO  : - Path2    Do queued copies to                 - Path1
+INFO  : - Path1    Do queued copies to                 - Path2
+INFO  : -          Do queued deletes on                - Path1
+INFO  : -          Do queued deletes on                - Path2
+INFO  : Updating listings
+INFO  : Validating listings for Path1 "/testdir/path1/" vs Path2 "/testdir/path2/"
+INFO  : Bisync successful
+```
 
-However for objects which were uploaded as multipart uploads or with
-server side encryption (SSE-AWS or SSE-C) the `ETag` header is no
-longer the MD5 sum of the data, so rclone adds an additional piece of
-metadata `X-Amz-Meta-Md5chksum` which is a base64 encoded MD5 hash (in
-the same format as is required for `Content-MD5`).
+## Command line syntax
 
-For large objects, calculating this hash can take some time so the
-addition of this hash can be disabled with `--s3-disable-checksum`.
-This will mean that these objects do not have an MD5 checksum.
+```
+$ rclone bisync --help
+Usage:
+  rclone bisync remote1:path1 remote2:path2 [flags]
 
-Note that reading this from the object takes an additional `HEAD`
-request as the metadata isn't returned in object listings.
+Positional arguments:
+  Path1, Path2  Local path, or remote storage with ':' plus optional path.
+                Type 'rclone listremotes' for list of configured remotes.
 
-### Versions
+Optional Flags:
+      --check-access            Ensure expected `RCLONE_TEST` files are found on
+                                both Path1 and Path2 filesystems, else abort.
+      --check-filename FILENAME Filename for `--check-access` (default: `RCLONE_TEST`)
+      --check-sync CHOICE       Controls comparison of final listings:
+                                `true | false | only` (default: true)
+                                If set to `only`, bisync will only compare listings
+                                from the last run but skip actual sync.
+      --filters-file PATH       Read filtering patterns from a file
+      --max-delete PERCENT      Safety check on maximum percentage of deleted files allowed.
+                                If exceeded, the bisync run will abort. (default: 50%)
+      --force                   Bypass `--max-delete` safety check and run the sync.
+                                Consider using with `--verbose`
+      --create-empty-src-dirs   Sync creation and deletion of empty directories. 
+                                  (Not compatible with --remove-empty-dirs)
+      --remove-empty-dirs       Remove empty directories at the final cleanup step.
+  -1, --resync                  Performs the resync run.
+                                Warning: Path1 files may overwrite Path2 versions.
+                                Consider using `--verbose` or `--dry-run` first.
+      --ignore-listing-checksum Do not use checksums for listings 
+                                  (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --resilient               Allow future runs to retry after certain less-serious errors, 
+                                  instead of requiring --resync. Use at your own risk!
+      --localtime               Use local time in listings (default: UTC)
+      --no-cleanup              Retain working files (useful for troubleshooting and testing).
+      --workdir PATH            Use custom working directory (useful for testing).
+                                (default: `~/.cache/rclone/bisync`)
+  -n, --dry-run                 Go through the motions - No files are copied/deleted.
+  -v, --verbose                 Increases logging verbosity.
+                                May be specified more than once for more details.
+  -h, --help                    help for bisync
+```
 
-When bucket versioning is enabled (this can be done with rclone with
-the [`rclone backend versioning`](#versioning) command) when rclone
-uploads a new version of a file it creates a
-[new version of it](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html)
-Likewise when you delete a file, the old version will be marked hidden
-and still be available.
+Arbitrary rclone flags may be specified on the
+[bisync command line](https://rclone.org/commands/rclone_bisync/), for example
+`rclone bisync ./testdir/path1/ gdrive:testdir/path2/ --drive-skip-gdocs -v -v --timeout 10s`
+Note that interactions of various rclone flags with bisync process flow
+has not been fully tested yet.
 
-Old versions of files, where available, are visible using the
-[`--s3-versions`](#s3-versions) flag.
+### Paths
 
-It is also possible to view a bucket as it was at a certain point in
-time, using the [`--s3-version-at`](#s3-version-at) flag. This will
-show the file versions as they were at that time, showing files that
-have been deleted afterwards, and hiding files that were created
-since.
+Path1 and Path2 arguments may be references to any mix of local directory
+paths (absolute or relative), UNC paths (`//server/share/path`),
+Windows drive paths (with a drive letter and `:`) or configured
+[remotes](https://rclone.org/docs/#syntax-of-remote-paths) with optional subdirectory paths.
+Cloud references are distinguished by having a `:` in the argument
+(see [Windows support](#windows) below).
 
-If you wish to remove all the old versions then you can use the
-[`rclone backend cleanup-hidden remote:bucket`](#cleanup-hidden)
-command which will delete all the old hidden versions of files,
-leaving the current ones intact. You can also supply a path and only
-old versions under that path will be deleted, e.g.
-`rclone backend cleanup-hidden remote:bucket/path/to/stuff`.
+Path1 and Path2 are treated equally, in that neither has priority for
+file changes (except during [`--resync`](#resync)), and access efficiency does not change whether a remote
+is on Path1 or Path2.
 
-When you `purge` a bucket, the current and the old versions will be
-deleted then the bucket will be deleted.
+The listings in bisync working directory (default: `~/.cache/rclone/bisync`)
+are named based on the Path1 and Path2 arguments so that separate syncs
+to individual directories within the tree may be set up, e.g.:
+`path_to_local_tree..dropbox_subdir.lst`.
 
-However `delete` will cause the current versions of the files to
-become hidden old versions.
+Any empty directories after the sync on both the Path1 and Path2
+filesystems are not deleted by default, unless `--create-empty-src-dirs` is specified. 
+If the `--remove-empty-dirs` flag is specified, then both paths will have ALL empty directories purged
+as the last step in the process.
 
-Here is a session showing the listing and retrieval of an old
-version followed by a `cleanup` of the old versions.
+## Command-line flags
 
-Show current version and all the versions with `--s3-versions` flag.
+#### --resync
 
-```
-$ rclone -q ls s3:cleanup-test
-        9 one.txt
+This will effectively make both Path1 and Path2 filesystems contain a
+matching superset of all files. Path2 files that do not exist in Path1 will
+be copied to Path1, and the process will then copy the Path1 tree to Path2.
 
-$ rclone -q --s3-versions ls s3:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt
+The `--resync` sequence is roughly equivalent to:
 ```
-
-Retrieve an old version
-
+rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2
 ```
-$ rclone -q --s3-versions copy s3:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
-
-$ ls -l /tmp/one-v2016-07-04-141003-000.txt
--rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
+Or, if using `--create-empty-src-dirs`:
 ```
-
-Clean up all the old versions and show that they've gone.
-
+rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2 --create-empty-src-dirs
+rclone copy Path2 Path1 --create-empty-src-dirs
 ```
-$ rclone -q backend cleanup-hidden s3:cleanup-test
 
-$ rclone -q ls s3:cleanup-test
-        9 one.txt
+The base directories on both Path1 and Path2 filesystems must exist
+or bisync will fail. This is required for safety - that bisync can verify
+that both paths are valid.
 
-$ rclone -q --s3-versions ls s3:cleanup-test
-        9 one.txt
-```
+When using `--resync`, a newer version of a file on the Path2 filesystem
+will be overwritten by the Path1 filesystem version. 
+(Note that this is [NOT entirely symmetrical](https://github.com/rclone/rclone/issues/5681#issuecomment-938761815).)
+Carefully evaluate deltas using [--dry-run](https://rclone.org/flags/#non-backend-flags).
 
-### Cleanup
+[//]: # (I reverted a recent change in the above paragraph, as it was incorrect.
+https://github.com/rclone/rclone/commit/dd72aff98a46c6e20848ac7ae5f7b19d45802493 )
 
-If you run `rclone cleanup s3:bucket` then it will remove all pending
-multipart uploads older than 24 hours. You can use the `--interactive`/`i`
-or `--dry-run` flag to see exactly what it will do. If you want more control over the
-expiry date then run `rclone backend cleanup s3:bucket -o max-age=1h`
-to expire all uploads older than one hour. You can use `rclone backend
-list-multipart-uploads s3:bucket` to see the pending multipart
-uploads.
+For a resync run, one of the paths may be empty (no files in the path tree).
+The resync run should result in files on both paths, else a normal non-resync
+run will fail.
 
-### Restricted filename characters
+For a non-resync run, either path being empty (no files in the tree) fails with
+`Empty current PathN listing. Cannot sync to an empty directory: X.pathN.lst`
+This is a safety check that an unexpected empty path does not result in
+deleting **everything** in the other path.
 
-S3 allows any valid UTF-8 string as a key.
+#### --check-access
 
-Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), as
-they can't be used in XML.
+Access check files are an additional safety measure against data loss.
+bisync will ensure it can find matching `RCLONE_TEST` files in the same places
+in the Path1 and Path2 filesystems.
+`RCLONE_TEST` files are not generated automatically.
+For `--check-access` to succeed, you must first either:
+**A)** Place one or more `RCLONE_TEST` files in both systems, or
+**B)** Set `--check-filename` to a filename already in use in various locations
+throughout your sync'd fileset. Recommended methods for **A)** include:
+* `rclone touch Path1/RCLONE_TEST` (create a new file)
+* `rclone copyto Path1/RCLONE_TEST Path2/RCLONE_TEST` (copy an existing file)
+* `rclone copy Path1/RCLONE_TEST Path2/RCLONE_TEST  --include "RCLONE_TEST"` (copy multiple files at once, recursively)
+* create the files manually (outside of rclone)
+* run `bisync` once *without* `--check-access` to set matching files on both filesystems
+will also work, but is not preferred, due to potential for user error 
+(you are temporarily disabling the safety feature).
+
+Note that `--check-access` is still enforced on `--resync`, so `bisync --resync --check-access` 
+will not work as a method of initially setting the files (this is to ensure that bisync can't 
+[inadvertently circumvent its own safety switch](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should).)
+
+Time stamps and file contents for `RCLONE_TEST` files are not important, just the names and locations.
+If you have symbolic links in your sync tree it is recommended to place
+`RCLONE_TEST` files in the linked-to directory tree to protect against
+bisync assuming a bunch of deleted files if the linked-to tree should not be
+accessible.
+See also the [--check-filename](--check-filename) flag.
 
-The following characters are replaced since these are problematic when
-dealing with the REST API:
+#### --check-filename
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| NUL       | 0x00  | ␀           |
-| /         | 0x2F  | ／           |
+Name of the file(s) used in access health validation.
+The default `--check-filename` is `RCLONE_TEST`.
+One or more files having this filename must exist, synchronized between your
+source and destination filesets, in order for `--check-access` to succeed.
+See [--check-access](#check-access) for additional details.
 
-The encoding will also encode these file names as they don't seem to
-work with the SDK properly:
+#### --max-delete
 
-| File name | Replacement |
-| --------- |:-----------:|
-| .         | ．          |
-| ..        | ．．         |
+As a safety check, if greater than the `--max-delete` percent of files were
+deleted on either the Path1 or Path2 filesystem, then bisync will abort with
+a warning message, without making any changes.
+The default `--max-delete` is `50%`.
+One way to trigger this limit is to rename a directory that contains more
+than half of your files. This will appear to bisync as a bunch of deleted
+files and a bunch of new files.
+This safety check is intended to block bisync from deleting all of the
+files on both filesystems due to a temporary network access issue, or if
+the user had inadvertently deleted the files on one side or the other.
+To force the sync, either set a different delete percentage limit,
+e.g. `--max-delete 75` (allows up to 75% deletion), or use `--force`
+to bypass the check.
 
-### Multipart uploads
+Also see the [all files changed](#all-files-changed) check.
 
-rclone supports multipart uploads with S3 which means that it can
-upload files bigger than 5 GiB.
+#### --filters-file {#filters-file}
 
-Note that files uploaded *both* with multipart upload *and* through
-crypt remotes do not have MD5 sums.
+By using rclone filter features you can exclude file types or directory
+sub-trees from the sync.
+See the [bisync filters](#filtering) section and generic
+[--filter-from](https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
+documentation.
+An [example filters file](#example-filters-file) contains filters for
+non-allowed files for synching with Dropbox.
 
-rclone switches from single part uploads to multipart uploads at the
-point specified by `--s3-upload-cutoff`.  This can be a maximum of 5 GiB
-and a minimum of 0 (ie always upload multipart files).
+If you make changes to your filters file then bisync requires a run
+with `--resync`. This is a safety feature, which prevents existing files
+on the Path1 and/or Path2 side from seeming to disappear from view
+(since they are excluded in the new listings), which would fool bisync
+into seeing them as deleted (as compared to the prior run listings),
+and then bisync would proceed to delete them for real.
 
-The chunk sizes used in the multipart upload are specified by
-`--s3-chunk-size` and the number of chunks uploaded concurrently is
-specified by `--s3-upload-concurrency`.
+To block this from happening, bisync calculates an MD5 hash of the filters file
+and stores the hash in a `.md5` file in the same place as your filters file.
+On the next run with `--filters-file` set, bisync re-calculates the MD5 hash
+of the current filters file and compares it to the hash stored in the `.md5` file.
+If they don't match, the run aborts with a critical error and thus forces you
+to do a `--resync`, likely avoiding a disaster.
 
-Multipart uploads will use `--transfers` * `--s3-upload-concurrency` *
-`--s3-chunk-size` extra memory.  Single part uploads to not use extra
-memory.
+#### --check-sync
 
-Single part transfers can be faster than multipart transfers or slower
-depending on your latency from S3 - the more latency, the more likely
-single part transfers will be faster.
-
-Increasing `--s3-upload-concurrency` will increase throughput (8 would
-be a sensible value) and increasing `--s3-chunk-size` also increases
-throughput (16M would be sensible).  Increasing either of these will
-use more memory.  The default values are high enough to gain most of
-the possible performance without using too much memory.
+Enabled by default, the check-sync function checks that all of the same
+files exist in both the Path1 and Path2 history listings. This _check-sync_
+integrity check is performed at the end of the sync run by default.
+Any untrapped failing copy/deletes between the two paths might result
+in differences between the two listings and in the untracked file content
+differences between the two paths. A resync run would correct the error.
 
+Note that the default-enabled integrity check locally executes a load of both
+the final Path1 and Path2 listings, and thus adds to the run time of a sync.
+Using `--check-sync=false` will disable it and may significantly reduce the
+sync run times for very large numbers of files.
 
-### Buckets and Regions
+The check may be run manually with `--check-sync=only`. It runs only the
+integrity check and terminates without actually synching.
 
-With Amazon S3 you can list buckets (`rclone lsd`) using any region,
-but you can only access the content of a bucket from the region it was
-created in.  If you attempt to access a bucket from the wrong region,
-you will get an error, `incorrect region, the bucket is not in 'XXX'
-region`.
+See also: [Concurrent modifications](#concurrent-modifications)
+
+
+#### --ignore-listing-checksum
+
+By default, bisync will retrieve (or generate) checksums (for backends that support them) 
+when creating the listings for both paths, and store the checksums in the listing files. 
+`--ignore-listing-checksum` will disable this behavior, which may speed things up considerably, 
+especially on backends (such as [local](https://rclone.org/local/)) where hashes must be computed on the fly instead of retrieved. 
+Please note the following:
+
+* While checksums are (by default) generated and stored in the listing files, 
+they are NOT currently used for determining diffs (deltas). 
+It is anticipated that full checksum support will be added in a future version.
+* `--ignore-listing-checksum` is NOT the same as [`--ignore-checksum`](https://rclone.org/docs/#ignore-checksum), 
+and you may wish to use one or the other, or both. In a nutshell: 
+`--ignore-listing-checksum` controls whether checksums are considered when scanning for diffs, 
+while `--ignore-checksum` controls whether checksums are considered during the copy/sync operations that follow, 
+if there ARE diffs.
+* Unless `--ignore-listing-checksum` is passed, bisync currently computes hashes for one path 
+*even when there's no common hash with the other path* 
+(for example, a [crypt](https://rclone.org/crypt/#modification-times-and-hashes) remote.)
+* If both paths support checksums and have a common hash, 
+AND `--ignore-listing-checksum` was not specified when creating the listings, 
+`--check-sync=only` can be used to compare Path1 vs. Path2 checksums (as of the time the previous listings were created.) 
+However, `--check-sync=only` will NOT include checksums if the previous listings 
+were generated on a run using `--ignore-listing-checksum`. For a more robust integrity check of the current state, 
+consider using [`check`](commands/rclone_check/) 
+(or [`cryptcheck`](https://rclone.org/commands/rclone_cryptcheck/), if at least one path is a `crypt` remote.)
+
+#### --resilient
+
+***Caution: this is an experimental feature. Use at your own risk!***
+
+By default, most errors or interruptions will cause bisync to abort and 
+require [`--resync`](#resync) to recover. This is a safety feature, 
+to prevent bisync from running again until a user checks things out. 
+However, in some cases, bisync can go too far and enforce a lockout when one isn't actually necessary, 
+like for certain less-serious errors that might resolve themselves on the next run. 
+When `--resilient` is specified, bisync tries its best to recover and self-correct, 
+and only requires `--resync` as a last resort when a human's involvement is absolutely necessary. 
+The intended use case is for running bisync as a background process (such as via scheduled [cron](#cron)).
+
+When using `--resilient` mode, bisync will still report the error and abort, 
+however it will not lock out future runs -- allowing the possibility of retrying at the next normally scheduled time, 
+without requiring a `--resync` first. Examples of such retryable errors include 
+access test failures, missing listing files, and filter change detections. 
+These safety features will still prevent the *current* run from proceeding -- 
+the difference is that if conditions have improved by the time of the *next* run, 
+that next run will be allowed to proceed. 
+Certain more serious errors will still enforce a `--resync` lockout, even in `--resilient` mode, to prevent data loss.
+
+Behavior of `--resilient` may change in a future version.
 
-### Authentication
+## Operation
 
-There are a number of ways to supply `rclone` with a set of AWS
-credentials, with and without using the environment.
+### Runtime flow details
 
-The different authentication methods are tried in this order:
+bisync retains the listings of the `Path1` and `Path2` filesystems
+from the prior run.
+On each successive run it will:
 
- - Directly in the rclone configuration file (`env_auth = false` in the config file):
-   - `access_key_id` and `secret_access_key` are required.
-   - `session_token` can be optionally set when using AWS STS.
- - Runtime configuration (`env_auth = true` in the config file):
-   - Export the following environment variables before running `rclone`:
-     - Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`
-     - Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
-     - Session Token: `AWS_SESSION_TOKEN` (optional)
-   - Or, use a [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html):
-     - Profile files are standard files used by AWS CLI tools
-     - By default it will use the profile in your home directory (e.g. `~/.aws/credentials` on unix based systems) file and the "default" profile, to change set these environment variables:
-         - `AWS_SHARED_CREDENTIALS_FILE` to control which file.
-         - `AWS_PROFILE` to control which profile to use.
-   - Or, run `rclone` in an ECS task with an IAM role (AWS only).
-   - Or, run `rclone` on an EC2 instance with an IAM role (AWS only).
-   - Or, run `rclone` in an EKS pod with an IAM role that is associated with a service account (AWS only).
+- list files on `path1` and `path2`, and check for changes on each side.
+  Changes include `New`, `Newer`, `Older`, and `Deleted` files.
+- Propagate changes on `path1` to `path2`, and vice-versa.
 
-If none of these option actually end up providing `rclone` with AWS
-credentials then S3 interaction will be non-authenticated (see below).
+### Safety measures
 
-### S3 Permissions
+- Lock file prevents multiple simultaneous runs when taking a while.
+  This can be particularly useful if bisync is run by cron scheduler.
+- Handle change conflicts non-destructively by creating
+  `..path1` and `..path2` file versions.
+- File system access health check using `RCLONE_TEST` files
+  (see the `--check-access` flag).
+- Abort on excessive deletes - protects against a failed listing
+  being interpreted as all the files were deleted.
+  See the `--max-delete` and `--force` flags.
+- If something evil happens, bisync goes into a safe state to block
+  damage by later runs. (See [Error Handling](#error-handling))
 
-When using the `sync` subcommand of `rclone` the following minimum
-permissions are required to be available on the bucket being written to:
+### Normal sync checks
 
-* `ListBucket`
-* `DeleteObject`
-* `GetObject`
-* `PutObject`
-* `PutObjectACL`
+ Type         | Description                                   | Result                   | Implementation
+--------------|-----------------------------------------------|--------------------------|-----------------------------
+Path2 new     | File is new on Path2, does not exist on Path1 | Path2 version survives   | `rclone copy` Path2 to Path1
+Path2 newer   | File is newer on Path2, unchanged on Path1    | Path2 version survives   | `rclone copy` Path2 to Path1
+Path2 deleted | File is deleted on Path2, unchanged on Path1  | File is deleted          | `rclone delete` Path1
+Path1 new     | File is new on Path1, does not exist on Path2 | Path1 version survives   | `rclone copy` Path1 to Path2
+Path1 newer   | File is newer on Path1, unchanged on Path2    | Path1 version survives   | `rclone copy` Path1 to Path2
+Path1 older   | File is older on Path1, unchanged on Path2    | _Path1 version survives_ | `rclone copy` Path1 to Path2
+Path2 older   | File is older on Path2, unchanged on Path1    | _Path2 version survives_ | `rclone copy` Path2 to Path1
+Path1 deleted | File no longer exists on Path1                | File is deleted          | `rclone delete` Path2
 
-When using the `lsd` subcommand, the `ListAllMyBuckets` permission is required.
+### Unusual sync checks
 
-Example policy:
+ Type                           | Description                           | Result                             | Implementation
+--------------------------------|---------------------------------------|------------------------------------|-----------------------
+Path1 new/changed AND Path2 new/changed AND Path1 == Path2       | File is new/changed on Path1 AND new/changed on Path2 AND Path1 version is currently identical to Path2 | No change | None
+Path1 new AND Path2 new         | File is new on Path1 AND new on Path2 (and Path1 version is NOT identical to Path2) | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
+Path2 newer AND Path1 changed   | File is newer on Path2 AND also changed (newer/older/size) on Path1 (and Path1 version is NOT identical to Path2) | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
+Path2 newer AND Path1 deleted   | File is newer on Path2 AND also deleted on Path1 | Path2 version survives  | `rclone copy` Path2 to Path1
+Path2 deleted AND Path1 changed | File is deleted on Path2 AND changed (newer/older/size) on Path1 | Path1 version survives |`rclone copy` Path1 to Path2
+Path1 deleted AND Path2 changed | File is deleted on Path1 AND changed (newer/older/size) on Path2 | Path2 version survives  | `rclone copy` Path2 to Path1
 
-```
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Principal": {
-                "AWS": "arn:aws:iam::USER_SID:user/USER_NAME"
-            },
-            "Action": [
-                "s3:ListBucket",
-                "s3:DeleteObject",
-                "s3:GetObject",
-                "s3:PutObject",
-                "s3:PutObjectAcl"
-            ],
-            "Resource": [
-              "arn:aws:s3:::BUCKET_NAME/*",
-              "arn:aws:s3:::BUCKET_NAME"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Action": "s3:ListAllMyBuckets",
-            "Resource": "arn:aws:s3:::*"
-        }
-    ]
-}
-```
+As of `rclone v1.64`, bisync is now better at detecting *false positive* sync conflicts, 
+which would previously have resulted in unnecessary renames and duplicates. 
+Now, when bisync comes to a file that it wants to rename (because it is new/changed on both sides), 
+it first checks whether the Path1 and Path2 versions are currently *identical* 
+(using the same underlying function as [`check`](commands/rclone_check/).) 
+If bisync concludes that the files are identical, it will skip them and move on. 
+Otherwise, it will create renamed `..Path1` and `..Path2` duplicates, as before. 
+This behavior also [improves the experience of renaming directories](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=Renamed%20directories), 
+as a `--resync` is no longer required, so long as the same change has been made on both sides.
 
-Notes on above:
+### All files changed check {#all-files-changed}
 
-1. This is a policy that can be used when creating bucket. It assumes
-   that `USER_NAME` has been created.
-2. The Resource entry must include both resource ARNs, as one implies
-   the bucket and the other implies the bucket's objects.
+If _all_ prior existing files on either of the filesystems have changed
+(e.g. timestamps have changed due to changing the system's timezone)
+then bisync will abort without making any changes.
+Any new files are not considered for this check. You could use `--force`
+to force the sync (whichever side has the changed timestamp files wins).
+Alternately, a `--resync` may be used (Path1 versions will be pushed
+to Path2). Consider the situation carefully and perhaps use `--dry-run`
+before you commit to the changes.
 
-For reference, [here's an Ansible script](https://gist.github.com/ebridges/ebfc9042dd7c756cd101cfa807b7ae2b)
-that will generate one or more buckets that will work with `rclone sync`.
+### Modification times
 
-### Key Management System (KMS)
+Bisync relies on file timestamps to identify changed files and will
+_refuse_ to operate if backend lacks the modification time support.
 
-If you are using server-side encryption with KMS then you must make
-sure rclone is configured with `server_side_encryption = aws:kms`
-otherwise you will find you can't transfer small objects - these will
-create checksum errors.
+If you or your application should change the content of a file
+without changing the modification time then bisync will _not_
+notice the change, and thus will not copy it to the other side.
 
-### Glacier and Glacier Deep Archive
+Note that on some cloud storage systems it is not possible to have file
+timestamps that match _precisely_ between the local and other filesystems.
 
-You can upload objects using the glacier storage class or transition them to glacier using a [lifecycle policy](http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html).
-The bucket can still be synced or copied into normally, but if rclone
-tries to access data from the glacier storage class you will see an error like below.
+Bisync's approach to this problem is by tracking the changes on each side
+_separately_ over time with a local database of files in that side then
+applying the resulting changes on the other side.
 
-    2017/09/11 19:07:43 Failed to sync: failed to open source object: Object in GLACIER, restore first: path/to/file
+### Error handling {#error-handling}
 
-In this case you need to [restore](http://docs.aws.amazon.com/AmazonS3/latest/user-guide/restore-archived-objects.html)
-the object(s) in question before using rclone.
+Certain bisync critical errors, such as file copy/move failing, will result in
+a bisync lockout of following runs. The lockout is asserted because the sync
+status and history of the Path1 and Path2 filesystems cannot be trusted,
+so it is safer to block any further changes until someone checks things out.
+The recovery is to do a `--resync` again.
 
-Note that rclone only speaks the S3 API it does not speak the Glacier
-Vault API, so rclone cannot directly access Glacier Vaults.
+It is recommended to use `--resync --dry-run --verbose` initially and
+_carefully_ review what changes will be made before running the `--resync`
+without `--dry-run`.
 
-### Object-lock enabled S3 bucket
+Most of these events come up due to an error status from an internal call.
+On such a critical error the `{...}.path1.lst` and `{...}.path2.lst`
+listing files are renamed to extension `.lst-err`, which blocks any future
+bisync runs (since the normal `.lst` files are not found).
+Bisync keeps them under `bisync` subdirectory of the rclone cache directory,
+typically at `${HOME}/.cache/rclone/bisync/` on Linux.
 
-According to AWS's [documentation on S3 Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-permission):
+Some errors are considered temporary and re-running the bisync is not blocked.
+The _critical return_ blocks further bisync runs.
 
-> If you configure a default retention period on a bucket, requests to upload objects in such a bucket must include the Content-MD5 header.
+See also: [`--resilient`](#resilient)
 
-As mentioned in the [Hashes](#hashes) section, small files that are not uploaded as multipart, use a different tag, causing the upload to fail.
-A simple solution is to set the `--s3-upload-cutoff 0` and force all the files to be uploaded as multipart.
+### Lock file
 
+When bisync is running, a lock file is created in the bisync working directory,
+typically at `~/.cache/rclone/bisync/PATH1..PATH2.lck` on Linux.
+If bisync should crash or hang, the lock file will remain in place and block
+any further runs of bisync _for the same paths_.
+Delete the lock file as part of debugging the situation.
+The lock file effectively blocks follow-on (e.g., scheduled by _cron_) runs
+when the prior invocation is taking a long time.
+The lock file contains _PID_ of the blocking process, which may help in debug.
 
-### Standard options
+**Note**
+that while concurrent bisync runs are allowed, _be very cautious_
+that there is no overlap in the trees being synched between concurrent runs,
+lest there be replicated files, deleted files and general mayhem.
 
-Here are the Standard options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
+### Return codes
 
-#### --s3-provider
+`rclone bisync` returns the following codes to calling program:
+- `0` on a successful run,
+- `1` for a non-critical failing run (a rerun may be successful),
+- `2` for a critically aborted run (requires a `--resync` to recover).
 
-Choose your S3 provider.
+## Limitations
 
-Properties:
+### Supported backends
 
-- Config:      provider
-- Env Var:     RCLONE_S3_PROVIDER
-- Type:        string
-- Required:    false
-- Examples:
-    - "AWS"
-        - Amazon Web Services (AWS) S3
-    - "Alibaba"
-        - Alibaba Cloud Object Storage System (OSS) formerly Aliyun
-    - "Ceph"
-        - Ceph Object Storage
-    - "ChinaMobile"
-        - China Mobile Ecloud Elastic Object Storage (EOS)
-    - "Cloudflare"
-        - Cloudflare R2 Storage
-    - "ArvanCloud"
-        - Arvan Cloud Object Storage (AOS)
-    - "DigitalOcean"
-        - DigitalOcean Spaces
-    - "Dreamhost"
-        - Dreamhost DreamObjects
-    - "HuaweiOBS"
-        - Huawei Object Storage Service
-    - "IBMCOS"
-        - IBM COS S3
-    - "IDrive"
-        - IDrive e2
-    - "IONOS"
-        - IONOS Cloud
-    - "LyveCloud"
-        - Seagate Lyve Cloud
-    - "Liara"
-        - Liara Object Storage
-    - "Minio"
-        - Minio Object Storage
-    - "Netease"
-        - Netease Object Storage (NOS)
-    - "RackCorp"
-        - RackCorp Object Storage
-    - "Scaleway"
-        - Scaleway Object Storage
-    - "SeaweedFS"
-        - SeaweedFS S3
-    - "StackPath"
-        - StackPath Object Storage
-    - "Storj"
-        - Storj (S3 Compatible Gateway)
-    - "TencentCOS"
-        - Tencent Cloud Object Storage (COS)
-    - "Wasabi"
-        - Wasabi Object Storage
-    - "Qiniu"
-        - Qiniu Object Storage (Kodo)
-    - "Other"
-        - Any other S3 compatible provider
+Bisync is considered _BETA_ and has been tested with the following backends:
+- Local filesystem
+- Google Drive
+- Dropbox
+- OneDrive
+- S3
+- SFTP
+- Yandex Disk
 
-#### --s3-env-auth
+It has not been fully tested with other services yet.
+If it works, or sorta works, please let us know and we'll update the list.
+Run the test suite to check for proper operation as described below.
 
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+First release of `rclone bisync` requires that underlying backend supports
+the modification time feature and will refuse to run otherwise.
+This limitation will be lifted in a future `rclone bisync` release.
 
-Only applies if access_key_id and secret_access_key is blank.
+### Concurrent modifications
 
-Properties:
+When using **Local, FTP or SFTP** remotes rclone does not create _temporary_
+files at the destination when copying, and thus if the connection is lost
+the created file may be corrupt, which will likely propagate back to the
+original path on the next sync, resulting in data loss.
+This will be solved in a future release, there is no workaround at the moment.
 
-- Config:      env_auth
-- Env Var:     RCLONE_S3_ENV_AUTH
-- Type:        bool
-- Default:     false
-- Examples:
-    - "false"
-        - Enter AWS credentials in the next step.
-    - "true"
-        - Get AWS credentials from the environment (env vars or IAM).
+Files that **change during** a bisync run may result in data loss.
+This has been seen in a highly dynamic environment, where the filesystem
+is getting hammered by running processes during the sync.
+The currently recommended solution is to sync at quiet times or [filter out](#filtering)
+unnecessary directories and files.
 
-#### --s3-access-key-id
+As an [alternative approach](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=scans%2C%20to%20avoid-,errors%20if%20files%20changed%20during%20sync,-Given%20the%20number), 
+consider using `--check-sync=false` (and possibly `--resilient`) to make bisync more forgiving
+of filesystems that change during the sync. 
+Be advised that this may cause bisync to miss events that occur during a bisync run, 
+so it is a good idea to supplement this with a periodic independent integrity check, 
+and corrective sync if diffs are found. For example, a possible sequence could look like this:
 
-AWS Access Key ID.
+1. Normally scheduled bisync run:
 
-Leave blank for anonymous access or runtime credentials.
+```
+rclone bisync Path1 Path2 -MPc --check-access --max-delete 10 --filters-file /path/to/filters.txt -v --check-sync=false --no-cleanup --ignore-listing-checksum --disable ListR --checkers=16 --drive-pacer-min-sleep=10ms --create-empty-src-dirs --resilient
+```
 
-Properties:
+2. Periodic independent integrity check (perhaps scheduled nightly or weekly):
 
-- Config:      access_key_id
-- Env Var:     RCLONE_S3_ACCESS_KEY_ID
-- Type:        string
-- Required:    false
+```
+rclone check -MvPc Path1 Path2 --filter-from /path/to/filters.txt
+```
 
-#### --s3-secret-access-key
+3. If diffs are found, you have some choices to correct them. 
+If one side is more up-to-date and you want to make the other side match it, you could run:
 
-AWS Secret Access Key (password).
+```
+rclone sync Path1 Path2 --filter-from /path/to/filters.txt --create-empty-src-dirs -MPc -v  
+```
+(or switch Path1 and Path2 to make Path2 the source-of-truth)
 
-Leave blank for anonymous access or runtime credentials.
+Or, if neither side is totally up-to-date, you could run a `--resync` to bring them back into agreement 
+(but remember that this could cause deleted files to re-appear.)
 
-Properties:
+*Note also that `rclone check` does not currently include empty directories, 
+so if you want to know if any empty directories are out of sync, 
+consider alternatively running the above `rclone sync` command with `--dry-run` added.
 
-- Config:      secret_access_key
-- Env Var:     RCLONE_S3_SECRET_ACCESS_KEY
-- Type:        string
-- Required:    false
+### Empty directories
 
-#### --s3-region
+By default, new/deleted empty directories on one path are _not_ propagated to the other side.
+This is because bisync (and rclone) natively works on files, not directories.
+However, this can be changed with the `--create-empty-src-dirs` flag, which works in
+much the same way as in [`sync`](https://rclone.org/commands/rclone_sync/) and [`copy`](https://rclone.org/commands/rclone_copy/).
+When used, empty directories created or deleted on one side will also be created or deleted on the other side.
+The following should be noted:
+* `--create-empty-src-dirs` is not compatible with `--remove-empty-dirs`. Use only one or the other (or neither).
+* It is not recommended to switch back and forth between `--create-empty-src-dirs` 
+and the default (no `--create-empty-src-dirs`) without running `--resync`. 
+This is because it may appear as though all directories (not just the empty ones) were created/deleted,
+when actually you've just toggled between making them visible/invisible to bisync. 
+It looks scarier than it is, but it's still probably best to stick to one or the other, 
+and use `--resync` when you need to switch.
 
-Region to connect to.
+### Renamed directories
 
-Properties:
+Renaming a folder on the Path1 side results in deleting all files on
+the Path2 side and then copying all files again from Path1 to Path2.
+Bisync sees this as all files in the old directory name as deleted and all
+files in the new directory name as new. 
+Currently, the most effective and efficient method of renaming a directory
+is to rename it to the same name on both sides. (As of `rclone v1.64`, 
+a `--resync` is no longer required after doing so, as bisync will automatically
+detect that Path1 and Path2 are in agreement.)
+
+### `--fast-list` used by default
+
+Unlike most other rclone commands, bisync uses [`--fast-list`](https://rclone.org/docs/#fast-list) by default, 
+for backends that support it. In many cases this is desirable, however, 
+there are some scenarios in which bisync could be faster *without* `--fast-list`, 
+and there is also a [known issue concerning Google Drive users with many empty directories](https://github.com/rclone/rclone/commit/cbf3d4356135814921382dd3285d859d15d0aa77). 
+For now, the recommended way to avoid using `--fast-list` is to add `--disable ListR` 
+to all bisync commands. The default behavior may change in a future version.
+
+### Overridden Configs
+
+When rclone detects an overridden config, it adds a suffix like `{ABCDE}` on the fly 
+to the internal name of the remote. Bisync follows suit by including this suffix in its listing filenames. 
+However, this suffix does not necessarily persist from run to run, especially if different flags are provided. 
+So if next time the suffix assigned is `{FGHIJ}`, bisync will get confused, 
+because it's looking for a listing file with `{FGHIJ}`, when the file it wants has `{ABCDE}`. 
+As a result, it throws 
+`Bisync critical error: cannot find prior Path1 or Path2 listings, likely due to critical error on prior run` 
+and refuses to run again until the user runs a `--resync` (unless using `--resilient`). 
+The best workaround at the moment is to set any backend-specific flags in the [config file](https://rclone.org/commands/rclone_config/) 
+instead of specifying them with command flags. (You can still override them as needed for other rclone commands.)
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    AWS
-- Type:        string
-- Required:    false
-- Examples:
-    - "us-east-1"
-        - The default endpoint - a good choice if you are unsure.
-        - US Region, Northern Virginia, or Pacific Northwest.
-        - Leave location constraint empty.
-    - "us-east-2"
-        - US East (Ohio) Region.
-        - Needs location constraint us-east-2.
-    - "us-west-1"
-        - US West (Northern California) Region.
-        - Needs location constraint us-west-1.
-    - "us-west-2"
-        - US West (Oregon) Region.
-        - Needs location constraint us-west-2.
-    - "ca-central-1"
-        - Canada (Central) Region.
-        - Needs location constraint ca-central-1.
-    - "eu-west-1"
-        - EU (Ireland) Region.
-        - Needs location constraint EU or eu-west-1.
-    - "eu-west-2"
-        - EU (London) Region.
-        - Needs location constraint eu-west-2.
-    - "eu-west-3"
-        - EU (Paris) Region.
-        - Needs location constraint eu-west-3.
-    - "eu-north-1"
-        - EU (Stockholm) Region.
-        - Needs location constraint eu-north-1.
-    - "eu-south-1"
-        - EU (Milan) Region.
-        - Needs location constraint eu-south-1.
-    - "eu-central-1"
-        - EU (Frankfurt) Region.
-        - Needs location constraint eu-central-1.
-    - "ap-southeast-1"
-        - Asia Pacific (Singapore) Region.
-        - Needs location constraint ap-southeast-1.
-    - "ap-southeast-2"
-        - Asia Pacific (Sydney) Region.
-        - Needs location constraint ap-southeast-2.
-    - "ap-northeast-1"
-        - Asia Pacific (Tokyo) Region.
-        - Needs location constraint ap-northeast-1.
-    - "ap-northeast-2"
-        - Asia Pacific (Seoul).
-        - Needs location constraint ap-northeast-2.
-    - "ap-northeast-3"
-        - Asia Pacific (Osaka-Local).
-        - Needs location constraint ap-northeast-3.
-    - "ap-south-1"
-        - Asia Pacific (Mumbai).
-        - Needs location constraint ap-south-1.
-    - "ap-east-1"
-        - Asia Pacific (Hong Kong) Region.
-        - Needs location constraint ap-east-1.
-    - "sa-east-1"
-        - South America (Sao Paulo) Region.
-        - Needs location constraint sa-east-1.
-    - "me-south-1"
-        - Middle East (Bahrain) Region.
-        - Needs location constraint me-south-1.
-    - "af-south-1"
-        - Africa (Cape Town) Region.
-        - Needs location constraint af-south-1.
-    - "cn-north-1"
-        - China (Beijing) Region.
-        - Needs location constraint cn-north-1.
-    - "cn-northwest-1"
-        - China (Ningxia) Region.
-        - Needs location constraint cn-northwest-1.
-    - "us-gov-east-1"
-        - AWS GovCloud (US-East) Region.
-        - Needs location constraint us-gov-east-1.
-    - "us-gov-west-1"
-        - AWS GovCloud (US) Region.
-        - Needs location constraint us-gov-west-1.
+### Case sensitivity
 
-#### --s3-region
+Synching with **case-insensitive** filesystems, such as Windows or `Box`,
+can result in file name conflicts. This will be fixed in a future release.
+The near-term workaround is to make sure that files on both sides
+don't have spelling case differences (`Smile.jpg` vs. `smile.jpg`).
 
-region - the location where your bucket will be created and your data stored.
+## Windows support {#windows}
 
+Bisync has been tested on Windows 8.1, Windows 10 Pro 64-bit and on Windows
+GitHub runners.
 
-Properties:
+Drive letters are allowed, including drive letters mapped to network drives
+(`rclone bisync J:\localsync GDrive:`).
+If a drive letter is omitted, the shell current drive is the default.
+Drive letters are a single character follows by `:`, so cloud names
+must be more than one character long.
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    RackCorp
-- Type:        string
-- Required:    false
-- Examples:
-    - "global"
-        - Global CDN (All locations) Region
-    - "au"
-        - Australia (All states)
-    - "au-nsw"
-        - NSW (Australia) Region
-    - "au-qld"
-        - QLD (Australia) Region
-    - "au-vic"
-        - VIC (Australia) Region
-    - "au-wa"
-        - Perth (Australia) Region
-    - "ph"
-        - Manila (Philippines) Region
-    - "th"
-        - Bangkok (Thailand) Region
-    - "hk"
-        - HK (Hong Kong) Region
-    - "mn"
-        - Ulaanbaatar (Mongolia) Region
-    - "kg"
-        - Bishkek (Kyrgyzstan) Region
-    - "id"
-        - Jakarta (Indonesia) Region
-    - "jp"
-        - Tokyo (Japan) Region
-    - "sg"
-        - SG (Singapore) Region
-    - "de"
-        - Frankfurt (Germany) Region
-    - "us"
-        - USA (AnyCast) Region
-    - "us-east-1"
-        - New York (USA) Region
-    - "us-west-1"
-        - Freemont (USA) Region
-    - "nz"
-        - Auckland (New Zealand) Region
+Absolute paths (with or without a drive letter), and relative paths
+(with or without a drive letter) are supported.
 
-#### --s3-region
+Working directory is created at `C:\Users\MyLogin\AppData\Local\rclone\bisync`.
 
-Region to connect to.
+Note that bisync output may show a mix of forward `/` and back `\` slashes.
 
-Properties:
+Be careful of case independent directory and file naming on Windows
+vs. case dependent Linux
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    Scaleway
-- Type:        string
-- Required:    false
-- Examples:
-    - "nl-ams"
-        - Amsterdam, The Netherlands
-    - "fr-par"
-        - Paris, France
-    - "pl-waw"
-        - Warsaw, Poland
+## Filtering {#filtering}
 
-#### --s3-region
+See [filtering documentation](https://rclone.org/filtering/)
+for how filter rules are written and interpreted.
 
-Region to connect to. - the location where your bucket will be created and your data stored. Need bo be same with your endpoint.
+Bisync's [`--filters-file`](#filters-file) flag slightly extends the rclone's
+[--filter-from](https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
+filtering mechanism.
+For a given bisync run you may provide _only one_ `--filters-file`.
+The `--include*`, `--exclude*`, and `--filter` flags are also supported.
 
+### How to filter directories
 
-Properties:
+Filtering portions of the directory tree is a critical feature for synching.
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    HuaweiOBS
-- Type:        string
-- Required:    false
-- Examples:
-    - "af-south-1"
-        - AF-Johannesburg
-    - "ap-southeast-2"
-        - AP-Bangkok
-    - "ap-southeast-3"
-        - AP-Singapore
-    - "cn-east-3"
-        - CN East-Shanghai1
-    - "cn-east-2"
-        - CN East-Shanghai2
-    - "cn-north-1"
-        - CN North-Beijing1
-    - "cn-north-4"
-        - CN North-Beijing4
-    - "cn-south-1"
-        - CN South-Guangzhou
-    - "ap-southeast-1"
-        - CN-Hong Kong
-    - "sa-argentina-1"
-        - LA-Buenos Aires1
-    - "sa-peru-1"
-        - LA-Lima1
-    - "na-mexico-1"
-        - LA-Mexico City1
-    - "sa-chile-1"
-        - LA-Santiago2
-    - "sa-brazil-1"
-        - LA-Sao Paulo1
-    - "ru-northwest-2"
-        - RU-Moscow2
+Examples of directory trees (always beneath the Path1/Path2 root level)
+you may want to exclude from your sync:
+- Directory trees containing only software build intermediate files.
+- Directory trees containing application temporary files and data
+  such as the Windows `C:\Users\MyLogin\AppData\` tree.
+- Directory trees containing files that are large, less important,
+  or are getting thrashed continuously by ongoing processes.
 
-#### --s3-region
+On the other hand, there may be only select directories that you
+actually want to sync, and exclude all others. See the
+[Example include-style filters for Windows user directories](#include-filters)
+below.
 
-Region to connect to.
+### Filters file writing guidelines
 
-Properties:
+1. Begin with excluding directory trees:
+    - e.g. `- /AppData/`
+    - `**` on the end is not necessary. Once a given directory level
+      is excluded then everything beneath it won't be looked at by rclone.
+    - Exclude such directories that are unneeded, are big, dynamically thrashed,
+      or where there may be access permission issues.
+    - Excluding such dirs first will make rclone operations (much) faster.
+    - Specific files may also be excluded, as with the Dropbox exclusions
+      example below.
+2. Decide if it's easier (or cleaner) to:
+    - Include select directories and therefore _exclude everything else_ -- or --
+    - Exclude select directories and therefore _include everything else_
+3. Include select directories:
+    - Add lines like: `+ /Documents/PersonalFiles/**` to select which
+      directories to include in the sync.
+    - `**` on the end specifies to include the full depth of the specified tree.
+    - With Include-style filters, files at the Path1/Path2 root are not included.
+      They may be included with `+ /*`.
+    - Place RCLONE_TEST files within these included directory trees.
+      They will only be looked for in these directory trees.
+    - Finish by excluding everything else by adding `- **` at the end
+      of the filters file.
+    - Disregard step 4.
+4. Exclude select directories:
+    - Add more lines like in step 1.
+      For example: `-/Desktop/tempfiles/`, or `- /testdir/`.
+      Again, a `**` on the end is not necessary.
+    - Do _not_ add a `- **` in the file. Without this line, everything
+      will be included that has not been explicitly excluded.
+    - Disregard step 3.
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    Cloudflare
-- Type:        string
-- Required:    false
-- Examples:
-    - "auto"
-        - R2 buckets are automatically distributed across Cloudflare's data centers for low latency.
+A few rules for the syntax of a filter file expanding on
+[filtering documentation](https://rclone.org/filtering/):
 
-#### --s3-region
-
-Region to connect to.
-
-Properties:
-
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "cn-east-1"
-        - The default endpoint - a good choice if you are unsure.
-        - East China Region 1.
-        - Needs location constraint cn-east-1.
-    - "cn-east-2"
-        - East China Region 2.
-        - Needs location constraint cn-east-2.
-    - "cn-north-1"
-        - North China Region 1.
-        - Needs location constraint cn-north-1.
-    - "cn-south-1"
-        - South China Region 1.
-        - Needs location constraint cn-south-1.
-    - "us-north-1"
-        - North America Region.
-        - Needs location constraint us-north-1.
-    - "ap-southeast-1"
-        - Southeast Asia Region 1.
-        - Needs location constraint ap-southeast-1.
-    - "ap-northeast-1"
-        - Northeast Asia Region 1.
-        - Needs location constraint ap-northeast-1.
-
-#### --s3-region
+- Lines may start with spaces and tabs - rclone strips leading whitespace.
+- If the first non-whitespace character is a `#` then the line is a comment
+  and will be ignored.
+- Blank lines are ignored.
+- The first non-whitespace character on a filter line must be a `+` or `-`.
+- Exactly 1 space is allowed between the `+/-` and the path term.
+- Only forward slashes (`/`) are used in path terms, even on Windows.
+- The rest of the line is taken as the path term.
+  Trailing whitespace is taken literally, and probably is an error.
 
-Region where your bucket will be created and your data stored.
+### Example include-style filters for Windows user directories {#include-filters}
 
+This Windows _include-style_ example is based on the sync root (Path1)
+set to `C:\Users\MyLogin`. The strategy is to select specific directories
+to be synched with a network drive (Path2).
 
-Properties:
+- `- /AppData/` excludes an entire tree of Windows stored stuff
+  that need not be synched.
+  In my case, AppData has >11 GB of stuff I don't care about, and there are
+  some subdirectories beneath AppData that are not accessible to my
+  user login, resulting in bisync critical aborts.
+- Windows creates cache files starting with both upper and
+  lowercase `NTUSER` at `C:\Users\MyLogin`. These files may be dynamic,
+  locked, and are generally _don't care_.
+- There are just a few directories with _my_ data that I do want synched,
+  in the form of `+ /<path>`. By selecting only the directory trees I
+  want to avoid the dozen plus directories that various apps make
+  at `C:\Users\MyLogin\Documents`.
+- Include files in the root of the sync point, `C:\Users\MyLogin`,
+  by adding the `+ /*` line.
+- This is an Include-style filters file, therefore it ends with `- **`
+  which excludes everything not explicitly included.
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    IONOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "de"
-        - Frankfurt, Germany
-    - "eu-central-2"
-        - Berlin, Germany
-    - "eu-south-2"
-        - Logrono, Spain
+```
+- /AppData/
+- NTUSER*
+- ntuser*
++ /Documents/Family/**
++ /Documents/Sketchup/**
++ /Documents/Microcapture_Photo/**
++ /Documents/Microcapture_Video/**
++ /Desktop/**
++ /Pictures/**
++ /*
+- **
+```
 
-#### --s3-region
+Note also that Windows implements several "library" links such as
+`C:\Users\MyLogin\My Documents\My Music` pointing to `C:\Users\MyLogin\Music`.
+rclone sees these as links, so you must add `--links` to the
+bisync command line if you which to follow these links. I find that I get
+permission errors in trying to follow the links, so I don't include the
+rclone `--links` flag, but then you get lots of `Can't follow symlink…`
+noise from rclone about not following the links. This noise can be
+quashed by adding `--quiet` to the bisync command line.
 
-Region to connect to.
+## Example exclude-style filters files for use with Dropbox {#exclude-filters}
 
-Leave blank if you are using an S3 clone and you don't have a region.
+- Dropbox disallows synching the listed temporary and configuration/data files.
+  The `- <filename>` filters exclude these files where ever they may occur
+  in the sync tree. Consider adding similar exclusions for file types
+  you don't need to sync, such as core dump and software build files.
+- bisync testing creates `/testdir/` at the top level of the sync tree,
+  and usually deletes the tree after the test. If a normal sync should run
+  while the `/testdir/` tree exists the `--check-access` phase may fail
+  due to unbalanced RCLONE_TEST files.
+  The `- /testdir/` filter blocks this tree from being synched.
+  You don't need this exclusion if you are not doing bisync development testing.
+- Everything else beneath the Path1/Path2 root will be synched.
+- RCLONE_TEST files may be placed anywhere within the tree, including the root.
 
-Properties:
+### Example filters file for Dropbox {#example-filters-file}
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    !AWS,Alibaba,ChinaMobile,Cloudflare,IONOS,ArvanCloud,Liara,Qiniu,RackCorp,Scaleway,Storj,TencentCOS,HuaweiOBS,IDrive
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Use this if unsure.
-        - Will use v4 signatures and an empty region.
-    - "other-v2-signature"
-        - Use this only if v4 signatures don't work.
-        - E.g. pre Jewel/v10 CEPH.
+```
+# Filter file for use with bisync
+# See https://rclone.org/filtering/ for filtering rules
+# NOTICE: If you make changes to this file you MUST do a --resync run.
+#         Run with --dry-run to see what changes will be made.
 
-#### --s3-endpoint
+# Dropbox won't sync some files so filter them away here.
+# See https://help.dropbox.com/installs-integrations/sync-uploads/files-not-syncing
+- .dropbox.attr
+- ~*.tmp
+- ~$*
+- .~*
+- desktop.ini
+- .dropbox
 
-Endpoint for S3 API.
+# Used for bisync testing, so excluded from normal runs
+- /testdir/
 
-Leave blank if using AWS to use the default endpoint for the region.
+# Other example filters
+#- /TiBU/
+#- /Photos/
+```
 
-Properties:
+### How --check-access handles filters
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    AWS
-- Type:        string
-- Required:    false
+At the start of a bisync run, listings are gathered for Path1 and Path2
+while using the user's `--filters-file`. During the check access phase,
+bisync scans these listings for `RCLONE_TEST` files.
+Any `RCLONE_TEST` files hidden by the `--filters-file` are _not_ in the
+listings and thus not checked during the check access phase.
 
-#### --s3-endpoint
+## Troubleshooting {#troubleshooting}
 
-Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
+### Reading bisync logs
 
-Properties:
+Here are two normal runs. The first one has a newer file on the remote.
+The second has no deltas between local and remote.
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    ChinaMobile
-- Type:        string
-- Required:    false
-- Examples:
-    - "eos-wuxi-1.cmecloud.cn"
-        - The default endpoint - a good choice if you are unsure.
-        - East China (Suzhou)
-    - "eos-jinan-1.cmecloud.cn"
-        - East China (Jinan)
-    - "eos-ningbo-1.cmecloud.cn"
-        - East China (Hangzhou)
-    - "eos-shanghai-1.cmecloud.cn"
-        - East China (Shanghai-1)
-    - "eos-zhengzhou-1.cmecloud.cn"
-        - Central China (Zhengzhou)
-    - "eos-hunan-1.cmecloud.cn"
-        - Central China (Changsha-1)
-    - "eos-zhuzhou-1.cmecloud.cn"
-        - Central China (Changsha-2)
-    - "eos-guangzhou-1.cmecloud.cn"
-        - South China (Guangzhou-2)
-    - "eos-dongguan-1.cmecloud.cn"
-        - South China (Guangzhou-3)
-    - "eos-beijing-1.cmecloud.cn"
-        - North China (Beijing-1)
-    - "eos-beijing-2.cmecloud.cn"
-        - North China (Beijing-2)
-    - "eos-beijing-4.cmecloud.cn"
-        - North China (Beijing-3)
-    - "eos-huhehaote-1.cmecloud.cn"
-        - North China (Huhehaote)
-    - "eos-chengdu-1.cmecloud.cn"
-        - Southwest China (Chengdu)
-    - "eos-chongqing-1.cmecloud.cn"
-        - Southwest China (Chongqing)
-    - "eos-guiyang-1.cmecloud.cn"
-        - Southwest China (Guiyang)
-    - "eos-xian-1.cmecloud.cn"
-        - Nouthwest China (Xian)
-    - "eos-yunnan.cmecloud.cn"
-        - Yunnan China (Kunming)
-    - "eos-yunnan-2.cmecloud.cn"
-        - Yunnan China (Kunming-2)
-    - "eos-tianjin-1.cmecloud.cn"
-        - Tianjin China (Tianjin)
-    - "eos-jilin-1.cmecloud.cn"
-        - Jilin China (Changchun)
-    - "eos-hubei-1.cmecloud.cn"
-        - Hubei China (Xiangyan)
-    - "eos-jiangxi-1.cmecloud.cn"
-        - Jiangxi China (Nanchang)
-    - "eos-gansu-1.cmecloud.cn"
-        - Gansu China (Lanzhou)
-    - "eos-shanxi-1.cmecloud.cn"
-        - Shanxi China (Taiyuan)
-    - "eos-liaoning-1.cmecloud.cn"
-        - Liaoning China (Shenyang)
-    - "eos-hebei-1.cmecloud.cn"
-        - Hebei China (Shijiazhuang)
-    - "eos-fujian-1.cmecloud.cn"
-        - Fujian China (Xiamen)
-    - "eos-guangxi-1.cmecloud.cn"
-        - Guangxi China (Nanning)
-    - "eos-anhui-1.cmecloud.cn"
-        - Anhui China (Huainan)
+```
+2021/05/16 00:24:38 INFO  : Synching Path1 "/path/to/local/tree/" with Path2 "dropbox:/"
+2021/05/16 00:24:38 INFO  : Path1 checking for diffs
+2021/05/16 00:24:38 INFO  : - Path1    File is new                         - file.txt
+2021/05/16 00:24:38 INFO  : Path1:    1 changes:    1 new,    0 newer,    0 older,    0 deleted
+2021/05/16 00:24:38 INFO  : Path2 checking for diffs
+2021/05/16 00:24:38 INFO  : Applying changes
+2021/05/16 00:24:38 INFO  : - Path1    Queue copy to Path2                 - dropbox:/file.txt
+2021/05/16 00:24:38 INFO  : - Path1    Do queued copies to                 - Path2
+2021/05/16 00:24:38 INFO  : Updating listings
+2021/05/16 00:24:38 INFO  : Validating listings for Path1 "/path/to/local/tree/" vs Path2 "dropbox:/"
+2021/05/16 00:24:38 INFO  : Bisync successful
 
-#### --s3-endpoint
+2021/05/16 00:36:52 INFO  : Synching Path1 "/path/to/local/tree/" with Path2 "dropbox:/"
+2021/05/16 00:36:52 INFO  : Path1 checking for diffs
+2021/05/16 00:36:52 INFO  : Path2 checking for diffs
+2021/05/16 00:36:52 INFO  : No changes found
+2021/05/16 00:36:52 INFO  : Updating listings
+2021/05/16 00:36:52 INFO  : Validating listings for Path1 "/path/to/local/tree/" vs Path2 "dropbox:/"
+2021/05/16 00:36:52 INFO  : Bisync successful
+```
 
-Endpoint for Arvan Cloud Object Storage (AOS) API.
+### Dry run oddity
 
-Properties:
+The `--dry-run` messages may indicate that it would try to delete some files.
+For example, if a file is new on Path2 and does not exist on Path1 then
+it would normally be copied to Path1, but with `--dry-run` enabled those
+copies don't happen, which leads to the attempted delete on Path2,
+blocked again by --dry-run: `... Not deleting as --dry-run`.
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    ArvanCloud
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.ir-thr-at1.arvanstorage.com"
-        - The default endpoint - a good choice if you are unsure.
-        - Tehran Iran (Asiatech)
-    - "s3.ir-tbz-sh1.arvanstorage.com"
-        - Tabriz Iran (Shahriar)
+This whole confusing situation is an artifact of the `--dry-run` flag.
+Scrutinize the proposed deletes carefully, and if the files would have been
+copied to Path1 then the threatened deletes on Path2 may be disregarded.
 
-#### --s3-endpoint
+### Retries
 
-Endpoint for IBM COS S3 API.
+Rclone has built-in retries. If you run with `--verbose` you'll see
+error and retry messages such as shown below. This is usually not a bug.
+If at the end of the run, you see `Bisync successful` and not
+`Bisync critical error` or `Bisync aborted` then the run was successful,
+and you can ignore the error messages.
 
-Specify if using an IBM COS On Premise.
+The following run shows an intermittent fail. Lines _5_ and _6- are
+low-level messages. Line _6_ is a bubbled-up _warning_ message, conveying
+the error. Rclone normally retries failing commands, so there may be
+numerous such messages in the log.
 
-Properties:
+Since there are no final error/warning messages on line _7_, rclone has
+recovered from failure after a retry, and the overall sync was successful.
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    IBMCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Endpoint
-    - "s3.dal.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Dallas Endpoint
-    - "s3.wdc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Washington DC Endpoint
-    - "s3.sjc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region San Jose Endpoint
-    - "s3.private.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Private Endpoint
-    - "s3.private.dal.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Dallas Private Endpoint
-    - "s3.private.wdc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Washington DC Private Endpoint
-    - "s3.private.sjc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region San Jose Private Endpoint
-    - "s3.us-east.cloud-object-storage.appdomain.cloud"
-        - US Region East Endpoint
-    - "s3.private.us-east.cloud-object-storage.appdomain.cloud"
-        - US Region East Private Endpoint
-    - "s3.us-south.cloud-object-storage.appdomain.cloud"
-        - US Region South Endpoint
-    - "s3.private.us-south.cloud-object-storage.appdomain.cloud"
-        - US Region South Private Endpoint
-    - "s3.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Endpoint
-    - "s3.fra.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Frankfurt Endpoint
-    - "s3.mil.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Milan Endpoint
-    - "s3.ams.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Amsterdam Endpoint
-    - "s3.private.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Private Endpoint
-    - "s3.private.fra.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Frankfurt Private Endpoint
-    - "s3.private.mil.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Milan Private Endpoint
-    - "s3.private.ams.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Amsterdam Private Endpoint
-    - "s3.eu-gb.cloud-object-storage.appdomain.cloud"
-        - Great Britain Endpoint
-    - "s3.private.eu-gb.cloud-object-storage.appdomain.cloud"
-        - Great Britain Private Endpoint
-    - "s3.eu-de.cloud-object-storage.appdomain.cloud"
-        - EU Region DE Endpoint
-    - "s3.private.eu-de.cloud-object-storage.appdomain.cloud"
-        - EU Region DE Private Endpoint
-    - "s3.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Endpoint
-    - "s3.tok.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Tokyo Endpoint
-    - "s3.hkg.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional HongKong Endpoint
-    - "s3.seo.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Seoul Endpoint
-    - "s3.private.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Private Endpoint
-    - "s3.private.tok.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Tokyo Private Endpoint
-    - "s3.private.hkg.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional HongKong Private Endpoint
-    - "s3.private.seo.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Seoul Private Endpoint
-    - "s3.jp-tok.cloud-object-storage.appdomain.cloud"
-        - APAC Region Japan Endpoint
-    - "s3.private.jp-tok.cloud-object-storage.appdomain.cloud"
-        - APAC Region Japan Private Endpoint
-    - "s3.au-syd.cloud-object-storage.appdomain.cloud"
-        - APAC Region Australia Endpoint
-    - "s3.private.au-syd.cloud-object-storage.appdomain.cloud"
-        - APAC Region Australia Private Endpoint
-    - "s3.ams03.cloud-object-storage.appdomain.cloud"
-        - Amsterdam Single Site Endpoint
-    - "s3.private.ams03.cloud-object-storage.appdomain.cloud"
-        - Amsterdam Single Site Private Endpoint
-    - "s3.che01.cloud-object-storage.appdomain.cloud"
-        - Chennai Single Site Endpoint
-    - "s3.private.che01.cloud-object-storage.appdomain.cloud"
-        - Chennai Single Site Private Endpoint
-    - "s3.mel01.cloud-object-storage.appdomain.cloud"
-        - Melbourne Single Site Endpoint
-    - "s3.private.mel01.cloud-object-storage.appdomain.cloud"
-        - Melbourne Single Site Private Endpoint
-    - "s3.osl01.cloud-object-storage.appdomain.cloud"
-        - Oslo Single Site Endpoint
-    - "s3.private.osl01.cloud-object-storage.appdomain.cloud"
-        - Oslo Single Site Private Endpoint
-    - "s3.tor01.cloud-object-storage.appdomain.cloud"
-        - Toronto Single Site Endpoint
-    - "s3.private.tor01.cloud-object-storage.appdomain.cloud"
-        - Toronto Single Site Private Endpoint
-    - "s3.seo01.cloud-object-storage.appdomain.cloud"
-        - Seoul Single Site Endpoint
-    - "s3.private.seo01.cloud-object-storage.appdomain.cloud"
-        - Seoul Single Site Private Endpoint
-    - "s3.mon01.cloud-object-storage.appdomain.cloud"
-        - Montreal Single Site Endpoint
-    - "s3.private.mon01.cloud-object-storage.appdomain.cloud"
-        - Montreal Single Site Private Endpoint
-    - "s3.mex01.cloud-object-storage.appdomain.cloud"
-        - Mexico Single Site Endpoint
-    - "s3.private.mex01.cloud-object-storage.appdomain.cloud"
-        - Mexico Single Site Private Endpoint
-    - "s3.sjc04.cloud-object-storage.appdomain.cloud"
-        - San Jose Single Site Endpoint
-    - "s3.private.sjc04.cloud-object-storage.appdomain.cloud"
-        - San Jose Single Site Private Endpoint
-    - "s3.mil01.cloud-object-storage.appdomain.cloud"
-        - Milan Single Site Endpoint
-    - "s3.private.mil01.cloud-object-storage.appdomain.cloud"
-        - Milan Single Site Private Endpoint
-    - "s3.hkg02.cloud-object-storage.appdomain.cloud"
-        - Hong Kong Single Site Endpoint
-    - "s3.private.hkg02.cloud-object-storage.appdomain.cloud"
-        - Hong Kong Single Site Private Endpoint
-    - "s3.par01.cloud-object-storage.appdomain.cloud"
-        - Paris Single Site Endpoint
-    - "s3.private.par01.cloud-object-storage.appdomain.cloud"
-        - Paris Single Site Private Endpoint
-    - "s3.sng01.cloud-object-storage.appdomain.cloud"
-        - Singapore Single Site Endpoint
-    - "s3.private.sng01.cloud-object-storage.appdomain.cloud"
-        - Singapore Single Site Private Endpoint
+```
+1: 2021/05/14 00:44:12 INFO  : Synching Path1 "/path/to/local/tree" with Path2 "dropbox:"
+2: 2021/05/14 00:44:12 INFO  : Path1 checking for diffs
+3: 2021/05/14 00:44:12 INFO  : Path2 checking for diffs
+4: 2021/05/14 00:44:12 INFO  : Path2:  113 changes:   22 new,    0 newer,    0 older,   91 deleted
+5: 2021/05/14 00:44:12 ERROR : /path/to/local/tree/objects/af: error listing: unexpected end of JSON input
+6: 2021/05/14 00:44:12 NOTICE: WARNING  listing try 1 failed.                 - dropbox:
+7: 2021/05/14 00:44:12 INFO  : Bisync successful
+```
 
-#### --s3-endpoint
+This log shows a _Critical failure_ which requires a `--resync` to recover from.
+See the [Runtime Error Handling](#error-handling) section.
 
-Endpoint for IONOS S3 Object Storage.
+```
+2021/05/12 00:49:40 INFO  : Google drive root '': Waiting for checks to finish
+2021/05/12 00:49:40 INFO  : Google drive root '': Waiting for transfers to finish
+2021/05/12 00:49:40 INFO  : Google drive root '': not deleting files as there were IO errors
+2021/05/12 00:49:40 ERROR : Attempt 3/3 failed with 3 errors and: not deleting files as there were IO errors
+2021/05/12 00:49:40 ERROR : Failed to sync: not deleting files as there were IO errors
+2021/05/12 00:49:40 NOTICE: WARNING  rclone sync try 3 failed.           - /path/to/local/tree/
+2021/05/12 00:49:40 ERROR : Bisync aborted. Must run --resync to recover.
+```
 
-Specify the endpoint from the same region.
+### Denied downloads of "infected" or "abusive" files
 
-Properties:
+Google Drive has a filter for certain file types (`.exe`, `.apk`, et cetera)
+that by default cannot be copied from Google Drive to the local filesystem.
+If you are having problems, run with `--verbose` to see specifically which
+files are generating complaints. If the error is
+`This file has been identified as malware or spam and cannot be downloaded`,
+consider using the flag
+[--drive-acknowledge-abuse](https://rclone.org/drive/#drive-acknowledge-abuse).
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    IONOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3-eu-central-1.ionoscloud.com"
-        - Frankfurt, Germany
-    - "s3-eu-central-2.ionoscloud.com"
-        - Berlin, Germany
-    - "s3-eu-south-2.ionoscloud.com"
-        - Logrono, Spain
+### Google Doc files
 
-#### --s3-endpoint
+Google docs exist as virtual files on Google Drive and cannot be transferred
+to other filesystems natively. While it is possible to export a Google doc to
+a normal file (with `.xlsx` extension, for example), it is not possible
+to import a normal file back into a Google document.
 
-Endpoint for Liara Object Storage API.
+Bisync's handling of Google Doc files is to flag them in the run log output
+for user's attention and ignore them for any file transfers, deletes, or syncs.
+They will show up with a length of `-1` in the listings.
+This bisync run is otherwise successful:
 
-Properties:
+```
+2021/05/11 08:23:15 INFO  : Synching Path1 "/path/to/local/tree/base/" with Path2 "GDrive:"
+2021/05/11 08:23:15 INFO  : ...path2.lst-new: Ignoring incorrect line: "- -1 - - 2018-07-29T08:49:30.136000000+0000 GoogleDoc.docx"
+2021/05/11 08:23:15 INFO  : Bisync successful
+```
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Liara
-- Type:        string
-- Required:    false
-- Examples:
-    - "storage.iran.liara.space"
-        - The default endpoint
-        - Iran
+## Usage examples
 
-#### --s3-endpoint
+### Cron {#cron}
 
-Endpoint for OSS API.
+Rclone does not yet have a built-in capability to monitor the local file
+system for changes and must be blindly run periodically.
+On Windows this can be done using a _Task Scheduler_,
+on Linux you can use _Cron_ which is described below.
 
-Properties:
+The 1st example runs a sync every 5 minutes between a local directory
+and an OwnCloud server, with output logged to a runlog file:
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Alibaba
-- Type:        string
-- Required:    false
-- Examples:
-    - "oss-accelerate.aliyuncs.com"
-        - Global Accelerate
-    - "oss-accelerate-overseas.aliyuncs.com"
-        - Global Accelerate (outside mainland China)
-    - "oss-cn-hangzhou.aliyuncs.com"
-        - East China 1 (Hangzhou)
-    - "oss-cn-shanghai.aliyuncs.com"
-        - East China 2 (Shanghai)
-    - "oss-cn-qingdao.aliyuncs.com"
-        - North China 1 (Qingdao)
-    - "oss-cn-beijing.aliyuncs.com"
-        - North China 2 (Beijing)
-    - "oss-cn-zhangjiakou.aliyuncs.com"
-        - North China 3 (Zhangjiakou)
-    - "oss-cn-huhehaote.aliyuncs.com"
-        - North China 5 (Hohhot)
-    - "oss-cn-wulanchabu.aliyuncs.com"
-        - North China 6 (Ulanqab)
-    - "oss-cn-shenzhen.aliyuncs.com"
-        - South China 1 (Shenzhen)
-    - "oss-cn-heyuan.aliyuncs.com"
-        - South China 2 (Heyuan)
-    - "oss-cn-guangzhou.aliyuncs.com"
-        - South China 3 (Guangzhou)
-    - "oss-cn-chengdu.aliyuncs.com"
-        - West China 1 (Chengdu)
-    - "oss-cn-hongkong.aliyuncs.com"
-        - Hong Kong (Hong Kong)
-    - "oss-us-west-1.aliyuncs.com"
-        - US West 1 (Silicon Valley)
-    - "oss-us-east-1.aliyuncs.com"
-        - US East 1 (Virginia)
-    - "oss-ap-southeast-1.aliyuncs.com"
-        - Southeast Asia Southeast 1 (Singapore)
-    - "oss-ap-southeast-2.aliyuncs.com"
-        - Asia Pacific Southeast 2 (Sydney)
-    - "oss-ap-southeast-3.aliyuncs.com"
-        - Southeast Asia Southeast 3 (Kuala Lumpur)
-    - "oss-ap-southeast-5.aliyuncs.com"
-        - Asia Pacific Southeast 5 (Jakarta)
-    - "oss-ap-northeast-1.aliyuncs.com"
-        - Asia Pacific Northeast 1 (Japan)
-    - "oss-ap-south-1.aliyuncs.com"
-        - Asia Pacific South 1 (Mumbai)
-    - "oss-eu-central-1.aliyuncs.com"
-        - Central Europe 1 (Frankfurt)
-    - "oss-eu-west-1.aliyuncs.com"
-        - West Europe (London)
-    - "oss-me-east-1.aliyuncs.com"
-        - Middle East 1 (Dubai)
+```
+# Minute (0-59)
+#      Hour (0-23)
+#           Day of Month (1-31)
+#                Month (1-12 or Jan-Dec)
+#                     Day of Week (0-6 or Sun-Sat)
+#                         Command
+  */5  *    *    *    *   /path/to/rclone bisync /local/files MyCloud: --check-access --filters-file /path/to/bysync-filters.txt --log-file /path/to//bisync.log
+```
 
-#### --s3-endpoint
+See [crontab syntax](https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES)
+for the details of crontab time interval expressions.
 
-Endpoint for OBS API.
+If you run `rclone bisync` as a cron job, redirect stdout/stderr to a file.
+The 2nd example runs a sync to Dropbox every hour and logs all stdout (via the `>>`)
+and stderr (via `2>&1`) to a log file.
 
-Properties:
+```
+0 * * * * /path/to/rclone bisync /path/to/local/dropbox Dropbox: --check-access --filters-file /home/user/filters.txt >> /path/to/logs/dropbox-run.log 2>&1
+```
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    HuaweiOBS
-- Type:        string
-- Required:    false
-- Examples:
-    - "obs.af-south-1.myhuaweicloud.com"
-        - AF-Johannesburg
-    - "obs.ap-southeast-2.myhuaweicloud.com"
-        - AP-Bangkok
-    - "obs.ap-southeast-3.myhuaweicloud.com"
-        - AP-Singapore
-    - "obs.cn-east-3.myhuaweicloud.com"
-        - CN East-Shanghai1
-    - "obs.cn-east-2.myhuaweicloud.com"
-        - CN East-Shanghai2
-    - "obs.cn-north-1.myhuaweicloud.com"
-        - CN North-Beijing1
-    - "obs.cn-north-4.myhuaweicloud.com"
-        - CN North-Beijing4
-    - "obs.cn-south-1.myhuaweicloud.com"
-        - CN South-Guangzhou
-    - "obs.ap-southeast-1.myhuaweicloud.com"
-        - CN-Hong Kong
-    - "obs.sa-argentina-1.myhuaweicloud.com"
-        - LA-Buenos Aires1
-    - "obs.sa-peru-1.myhuaweicloud.com"
-        - LA-Lima1
-    - "obs.na-mexico-1.myhuaweicloud.com"
-        - LA-Mexico City1
-    - "obs.sa-chile-1.myhuaweicloud.com"
-        - LA-Santiago2
-    - "obs.sa-brazil-1.myhuaweicloud.com"
-        - LA-Sao Paulo1
-    - "obs.ru-northwest-2.myhuaweicloud.com"
-        - RU-Moscow2
+### Sharing an encrypted folder tree between hosts
 
-#### --s3-endpoint
+bisync can keep a local folder in sync with a cloud service,
+but what if you have some highly sensitive files to be synched?
 
-Endpoint for Scaleway Object Storage.
+Usage of a cloud service is for exchanging both routine and sensitive
+personal files between one's home network, one's personal notebook when on the
+road, and with one's work computer. The routine data is not sensitive.
+For the sensitive data, configure an rclone [crypt remote](https://rclone.org/crypt/) to point to
+a subdirectory within the local disk tree that is bisync'd to Dropbox,
+and then set up an bisync for this local crypt directory to a directory
+outside of the main sync tree.
 
-Properties:
+### Linux server setup
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Scaleway
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.nl-ams.scw.cloud"
-        - Amsterdam Endpoint
-    - "s3.fr-par.scw.cloud"
-        - Paris Endpoint
-    - "s3.pl-waw.scw.cloud"
-        - Warsaw Endpoint
+- `/path/to/DBoxroot` is the root of my local sync tree.
+  There are numerous subdirectories.
+- `/path/to/DBoxroot/crypt` is the root subdirectory for files
+  that are encrypted. This local directory target is setup as an
+  rclone crypt remote named `Dropcrypt:`.
+  See [rclone.conf](#rclone-conf-snippet) snippet below.
+- `/path/to/my/unencrypted/files` is the root of my sensitive
+  files - not encrypted, not within the tree synched to Dropbox.
+- To sync my local unencrypted files with the encrypted Dropbox versions
+  I manually run `bisync /path/to/my/unencrypted/files DropCrypt:`.
+  This step could be bundled into a script to run before and after
+  the full Dropbox tree sync in the last step,
+  thus actively keeping the sensitive files in sync.
+- `bisync /path/to/DBoxroot Dropbox:` runs periodically via cron,
+  keeping my full local sync tree in sync with Dropbox.
 
-#### --s3-endpoint
+### Windows notebook setup
 
-Endpoint for StackPath Object Storage.
+- The Dropbox client runs keeping the local tree `C:\Users\MyLogin\Dropbox`
+  always in sync with Dropbox. I could have used `rclone bisync` instead.
+- A separate directory tree at `C:\Users\MyLogin\Documents\DropLocal`
+  hosts the tree of unencrypted files/folders.
+- To sync my local unencrypted files with the encrypted
+  Dropbox versions I manually run the following command:
+  `rclone bisync C:\Users\MyLogin\Documents\DropLocal Dropcrypt:`.
+- The Dropbox client then syncs the changes with Dropbox.
 
-Properties:
+### rclone.conf snippet {#rclone-conf-snippet}
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    StackPath
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.us-east-2.stackpathstorage.com"
-        - US East Endpoint
-    - "s3.us-west-1.stackpathstorage.com"
-        - US West Endpoint
-    - "s3.eu-central-1.stackpathstorage.com"
-        - EU Endpoint
+```
+[Dropbox]
+type = dropbox
+...
 
-#### --s3-endpoint
+[Dropcrypt]
+type = crypt
+remote = /path/to/DBoxroot/crypt          # on the Linux server
+remote = C:\Users\MyLogin\Dropbox\crypt   # on the Windows notebook
+filename_encryption = standard
+directory_name_encryption = true
+password = ...
+...
+```
 
-Endpoint for Storj Gateway.
+## Testing {#testing}
 
-Properties:
+You should read this section only if you are developing for rclone.
+You need to have rclone source code locally to work with bisync tests.
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Storj
-- Type:        string
-- Required:    false
-- Examples:
-    - "gateway.storjshare.io"
-        - Global Hosted Gateway
+Bisync has a dedicated test framework implemented in the `bisync_test.go`
+file located in the rclone source tree. The test suite is based on the
+`go test` command. Series of tests are stored in subdirectories below the
+`cmd/bisync/testdata` directory. Individual tests can be invoked by their
+directory name, e.g.
+`go test . -case basic -remote local -remote2 gdrive: -v`
 
-#### --s3-endpoint
+Tests will make a temporary folder on remote and purge it afterwards.
+If during test run there are intermittent errors and rclone retries,
+these errors will be captured and flagged as invalid MISCOMPAREs.
+Rerunning the test will let it pass. Consider such failures as noise.
 
-Endpoint for Tencent COS API.
+### Test command syntax
 
-Properties:
+```
+usage: go test ./cmd/bisync [options...]
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    TencentCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "cos.ap-beijing.myqcloud.com"
-        - Beijing Region
-    - "cos.ap-nanjing.myqcloud.com"
-        - Nanjing Region
-    - "cos.ap-shanghai.myqcloud.com"
-        - Shanghai Region
-    - "cos.ap-guangzhou.myqcloud.com"
-        - Guangzhou Region
-    - "cos.ap-nanjing.myqcloud.com"
-        - Nanjing Region
-    - "cos.ap-chengdu.myqcloud.com"
-        - Chengdu Region
-    - "cos.ap-chongqing.myqcloud.com"
-        - Chongqing Region
-    - "cos.ap-hongkong.myqcloud.com"
-        - Hong Kong (China) Region
-    - "cos.ap-singapore.myqcloud.com"
-        - Singapore Region
-    - "cos.ap-mumbai.myqcloud.com"
-        - Mumbai Region
-    - "cos.ap-seoul.myqcloud.com"
-        - Seoul Region
-    - "cos.ap-bangkok.myqcloud.com"
-        - Bangkok Region
-    - "cos.ap-tokyo.myqcloud.com"
-        - Tokyo Region
-    - "cos.na-siliconvalley.myqcloud.com"
-        - Silicon Valley Region
-    - "cos.na-ashburn.myqcloud.com"
-        - Virginia Region
-    - "cos.na-toronto.myqcloud.com"
-        - Toronto Region
-    - "cos.eu-frankfurt.myqcloud.com"
-        - Frankfurt Region
-    - "cos.eu-moscow.myqcloud.com"
-        - Moscow Region
-    - "cos.accelerate.myqcloud.com"
-        - Use Tencent COS Accelerate Endpoint
+Options:
+  -case NAME        Name(s) of the test case(s) to run. Multiple names should
+                    be separated by commas. You can remove the `test_` prefix
+                    and replace `_` by `-` in test name for convenience.
+                    If not `all`, the name(s) should map to a directory under
+                    `./cmd/bisync/testdata`.
+                    Use `all` to run all tests (default: all)
+  -remote PATH1     `local` or name of cloud service with `:` (default: local)
+  -remote2 PATH2    `local` or name of cloud service with `:` (default: local)
+  -no-compare       Disable comparing test results with the golden directory
+                    (default: compare)
+  -no-cleanup       Disable cleanup of Path1 and Path2 testdirs.
+                    Useful for troubleshooting. (default: cleanup)
+  -golden           Store results in the golden directory (default: false)
+                    This flag can be used with multiple tests.
+  -debug            Print debug messages
+  -stop-at NUM      Stop test after given step number. (default: run to the end)
+                    Implies `-no-compare` and `-no-cleanup`, if the test really
+                    ends prematurely. Only meaningful for a single test case.
+  -refresh-times    Force refreshing the target modtime, useful for Dropbox
+                    (default: false)
+  -verbose          Run tests verbosely
+```
 
-#### --s3-endpoint
+Note: unlike rclone flags which must be prefixed by double dash (`--`), the
+test command flags can be equally prefixed by a single `-` or double dash.
 
-Endpoint for RackCorp Object Storage.
+### Running tests
 
-Properties:
+- `go test . -case basic -remote local -remote2 local`
+  runs the `test_basic` test case using only the local filesystem,
+  synching one local directory with another local directory.
+  Test script output is to the console, while commands within scenario.txt
+  have their output sent to the `.../workdir/test.log` file,
+  which is finally compared to the golden copy.
+- The first argument after `go test` should be a relative name of the
+  directory containing bisync source code. If you run tests right from there,
+  the argument will be `.` (current directory) as in most examples below.
+  If you run bisync tests from the rclone source directory, the command
+  should be `go test ./cmd/bisync ...`.
+- The test engine will mangle rclone output to ensure comparability
+  with golden listings and logs.
+- Test scenarios are located in `./cmd/bisync/testdata`. The test `-case`
+  argument should match the full name of a subdirectory under that
+  directory. Every test subdirectory name on disk must start with `test_`,
+  this prefix can be omitted on command line for brevity. Also, underscores
+  in the name can be replaced by dashes for convenience.
+- `go test . -remote local -remote2 local -case all` runs all tests.
+- Path1 and Path2 may either be the keyword `local`
+  or may be names of configured cloud services.
+  `go test . -remote gdrive: -remote2 dropbox: -case basic`
+  will run the test between these two services, without transferring
+  any files to the local filesystem.
+- Test run stdout and stderr console output may be directed to a file, e.g.
+  `go test . -remote gdrive: -remote2 local -case all > runlog.txt 2>&1`
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    RackCorp
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.rackcorp.com"
-        - Global (AnyCast) Endpoint
-    - "au.s3.rackcorp.com"
-        - Australia (Anycast) Endpoint
-    - "au-nsw.s3.rackcorp.com"
-        - Sydney (Australia) Endpoint
-    - "au-qld.s3.rackcorp.com"
-        - Brisbane (Australia) Endpoint
-    - "au-vic.s3.rackcorp.com"
-        - Melbourne (Australia) Endpoint
-    - "au-wa.s3.rackcorp.com"
-        - Perth (Australia) Endpoint
-    - "ph.s3.rackcorp.com"
-        - Manila (Philippines) Endpoint
-    - "th.s3.rackcorp.com"
-        - Bangkok (Thailand) Endpoint
-    - "hk.s3.rackcorp.com"
-        - HK (Hong Kong) Endpoint
-    - "mn.s3.rackcorp.com"
-        - Ulaanbaatar (Mongolia) Endpoint
-    - "kg.s3.rackcorp.com"
-        - Bishkek (Kyrgyzstan) Endpoint
-    - "id.s3.rackcorp.com"
-        - Jakarta (Indonesia) Endpoint
-    - "jp.s3.rackcorp.com"
-        - Tokyo (Japan) Endpoint
-    - "sg.s3.rackcorp.com"
-        - SG (Singapore) Endpoint
-    - "de.s3.rackcorp.com"
-        - Frankfurt (Germany) Endpoint
-    - "us.s3.rackcorp.com"
-        - USA (AnyCast) Endpoint
-    - "us-east-1.s3.rackcorp.com"
-        - New York (USA) Endpoint
-    - "us-west-1.s3.rackcorp.com"
-        - Freemont (USA) Endpoint
-    - "nz.s3.rackcorp.com"
-        - Auckland (New Zealand) Endpoint
+### Test execution flow
 
-#### --s3-endpoint
+1. The base setup in the `initial` directory of the testcase is applied
+   on the Path1 and Path2 filesystems (via rclone copy the initial directory
+   to Path1, then rclone sync Path1 to Path2).
+2. The commands in the scenario.txt file are applied, with output directed
+   to the `test.log` file in the test working directory.
+   Typically, the first actual command in the `scenario.txt` file is
+   to do a `--resync`, which establishes the baseline
+   `{...}.path1.lst` and `{...}.path2.lst` files in the test working
+   directory (`.../workdir/` relative to the temporary test directory).
+   Various commands and listing snapshots are done within the test.
+3. Finally, the contents of the test working directory are compared
+   to the contents of the testcase's golden directory.
 
-Endpoint for Qiniu Object Storage.
+### Notes about testing
 
-Properties:
+- Test cases are in individual directories beneath `./cmd/bisync/testdata`.
+  A command line reference to a test is understood to reference a directory
+  beneath `testdata`. For example,
+  `go test ./cmd/bisync -case dry-run -remote gdrive: -remote2 local`
+  refers to the test case in `./cmd/bisync/testdata/test_dry_run`.
+- The test working directory is located at `.../workdir` relative to a
+  temporary test directory, usually under `/tmp` on Linux.
+- The local test sync tree is created at a temporary directory named
+  like `bisync.XXX` under system temporary directory.
+- The remote test sync tree is located at a temporary directory
+  under `<remote:>/bisync.XXX/`.
+- `path1` and/or `path2` subdirectories are created in a temporary
+  directory under the respective local or cloud test remote.
+- By default, the Path1 and Path2 test dirs and workdir will be deleted
+  after each test run. The `-no-cleanup` flag disables purging these
+  directories when validating and debugging a given test.
+  These directories will be flushed before running another test,
+  independent of the `-no-cleanup` usage.
+- You will likely want to add `- /testdir/` to your normal
+  bisync `--filters-file` so that normal syncs do not attempt to sync
+  the test temporary directories, which may have `RCLONE_TEST` miscompares
+  in some testcases which would otherwise trip the `--check-access` system.
+  The `--check-access` mechanism is hard-coded to ignore `RCLONE_TEST`
+  files beneath `bisync/testdata`, so the test cases may reside on the
+  synched tree even if there are check file mismatches in the test tree.
+- Some Dropbox tests can fail, notably printing the following message:
+  `src and dst identical but can't set mod time without deleting and re-uploading`
+  This is expected and happens due to the way Dropbox handles modification times.
+  You should use the `-refresh-times` test flag to make up for this.
+- If Dropbox tests hit request limit for you and print error message
+  `too_many_requests/...: Too many requests or write operations.`
+  then follow the
+  [Dropbox App ID instructions](https://rclone.org/dropbox/#get-your-own-dropbox-app-id).
 
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3-cn-east-1.qiniucs.com"
-        - East China Endpoint 1
-    - "s3-cn-east-2.qiniucs.com"
-        - East China Endpoint 2
-    - "s3-cn-north-1.qiniucs.com"
-        - North China Endpoint 1
-    - "s3-cn-south-1.qiniucs.com"
-        - South China Endpoint 1
-    - "s3-us-north-1.qiniucs.com"
-        - North America Endpoint 1
-    - "s3-ap-southeast-1.qiniucs.com"
-        - Southeast Asia Endpoint 1
-    - "s3-ap-northeast-1.qiniucs.com"
-        - Northeast Asia Endpoint 1
+### Updating golden results
 
-#### --s3-endpoint
+Sometimes even a slight change in the bisync source can cause little changes
+spread around many log files. Updating them manually would be a nightmare.
 
-Endpoint for S3 API.
+The `-golden` flag will store the `test.log` and `*.lst` listings from each
+test case into respective golden directories. Golden results will
+automatically contain generic strings instead of local or cloud paths which
+means that they should match when run with a different cloud service.
 
-Required when using an S3 clone.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    !AWS,IBMCOS,IDrive,IONOS,TencentCOS,HuaweiOBS,Alibaba,ChinaMobile,Liara,ArvanCloud,Scaleway,StackPath,Storj,RackCorp,Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "objects-us-east-1.dream.io"
-        - Dream Objects endpoint
-    - "syd1.digitaloceanspaces.com"
-        - DigitalOcean Spaces Sydney 1
-    - "sfo3.digitaloceanspaces.com"
-        - DigitalOcean Spaces San Francisco 3
-    - "fra1.digitaloceanspaces.com"
-        - DigitalOcean Spaces Frankfurt 1
-    - "nyc3.digitaloceanspaces.com"
-        - DigitalOcean Spaces New York 3
-    - "ams3.digitaloceanspaces.com"
-        - DigitalOcean Spaces Amsterdam 3
-    - "sgp1.digitaloceanspaces.com"
-        - DigitalOcean Spaces Singapore 1
-    - "localhost:8333"
-        - SeaweedFS S3 localhost
-    - "s3.us-east-1.lyvecloud.seagate.com"
-        - Seagate Lyve Cloud US East 1 (Virginia)
-    - "s3.us-west-1.lyvecloud.seagate.com"
-        - Seagate Lyve Cloud US West 1 (California)
-    - "s3.ap-southeast-1.lyvecloud.seagate.com"
-        - Seagate Lyve Cloud AP Southeast 1 (Singapore)
-    - "s3.wasabisys.com"
-        - Wasabi US East 1 (N. Virginia)
-    - "s3.us-east-2.wasabisys.com"
-        - Wasabi US East 2 (N. Virginia)
-    - "s3.us-central-1.wasabisys.com"
-        - Wasabi US Central 1 (Texas)
-    - "s3.us-west-1.wasabisys.com"
-        - Wasabi US West 1 (Oregon)
-    - "s3.ca-central-1.wasabisys.com"
-        - Wasabi CA Central 1 (Toronto)
-    - "s3.eu-central-1.wasabisys.com"
-        - Wasabi EU Central 1 (Amsterdam)
-    - "s3.eu-central-2.wasabisys.com"
-        - Wasabi EU Central 2 (Frankfurt)
-    - "s3.eu-west-1.wasabisys.com"
-        - Wasabi EU West 1 (London)
-    - "s3.eu-west-2.wasabisys.com"
-        - Wasabi EU West 2 (Paris)
-    - "s3.ap-northeast-1.wasabisys.com"
-        - Wasabi AP Northeast 1 (Tokyo) endpoint
-    - "s3.ap-northeast-2.wasabisys.com"
-        - Wasabi AP Northeast 2 (Osaka) endpoint
-    - "s3.ap-southeast-1.wasabisys.com"
-        - Wasabi AP Southeast 1 (Singapore)
-    - "s3.ap-southeast-2.wasabisys.com"
-        - Wasabi AP Southeast 2 (Sydney)
-    - "storage.iran.liara.space"
-        - Liara Iran endpoint
-    - "s3.ir-thr-at1.arvanstorage.com"
-        - ArvanCloud Tehran Iran (Asiatech) endpoint
-
-#### --s3-location-constraint
+Your normal workflow might be as follows:
+1. Git-clone the rclone sources locally
+2. Modify bisync source and check that it builds
+3. Run the whole test suite `go test ./cmd/bisync -remote local`
+4. If some tests show log difference, recheck them individually, e.g.:
+   `go test ./cmd/bisync -remote local -case basic`
+5. If you are convinced with the difference, goldenize all tests at once:
+   `go test ./cmd/bisync -remote local -golden`
+6. Use word diff: `git diff --word-diff ./cmd/bisync/testdata/`.
+   Please note that normal line-level diff is generally useless here.
+7. Check the difference _carefully_!
+8. Commit the change (`git commit`) _only_ if you are sure.
+   If unsure, save your code changes then wipe the log diffs from git:
+   `git reset [--hard]`.
 
-Location constraint - must be set to match the Region.
+### Structure of test scenarios
 
-Used when creating buckets only.
+- `<testname>/initial/` contains a tree of files that will be set
+  as the initial condition on both Path1 and Path2 testdirs.
+- `<testname>/modfiles/` contains files that will be used to
+  modify the Path1 and/or Path2 filesystems.
+- `<testname>/golden/` contains the expected content of the test
+  working directory (`workdir`) at the completion of the testcase.
+- `<testname>/scenario.txt` contains the body of the test, in the form of
+  various commands to modify files, run bisync, and snapshot listings.
+  Output from these commands is captured to `.../workdir/test.log`
+  for comparison to the golden files.
 
-Properties:
+### Supported test commands
 
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    AWS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Empty for US Region, Northern Virginia, or Pacific Northwest
-    - "us-east-2"
-        - US East (Ohio) Region
-    - "us-west-1"
-        - US West (Northern California) Region
-    - "us-west-2"
-        - US West (Oregon) Region
-    - "ca-central-1"
-        - Canada (Central) Region
-    - "eu-west-1"
-        - EU (Ireland) Region
-    - "eu-west-2"
-        - EU (London) Region
-    - "eu-west-3"
-        - EU (Paris) Region
-    - "eu-north-1"
-        - EU (Stockholm) Region
-    - "eu-south-1"
-        - EU (Milan) Region
-    - "EU"
-        - EU Region
-    - "ap-southeast-1"
-        - Asia Pacific (Singapore) Region
-    - "ap-southeast-2"
-        - Asia Pacific (Sydney) Region
-    - "ap-northeast-1"
-        - Asia Pacific (Tokyo) Region
-    - "ap-northeast-2"
-        - Asia Pacific (Seoul) Region
-    - "ap-northeast-3"
-        - Asia Pacific (Osaka-Local) Region
-    - "ap-south-1"
-        - Asia Pacific (Mumbai) Region
-    - "ap-east-1"
-        - Asia Pacific (Hong Kong) Region
-    - "sa-east-1"
-        - South America (Sao Paulo) Region
-    - "me-south-1"
-        - Middle East (Bahrain) Region
-    - "af-south-1"
-        - Africa (Cape Town) Region
-    - "cn-north-1"
-        - China (Beijing) Region
-    - "cn-northwest-1"
-        - China (Ningxia) Region
-    - "us-gov-east-1"
-        - AWS GovCloud (US-East) Region
-    - "us-gov-west-1"
-        - AWS GovCloud (US) Region
+- `test <some message>`
+  Print the line to the console and to the `test.log`:
+  `test sync is working correctly with options x, y, z`
+- `copy-listings <prefix>`
+  Save a copy of all `.lst` listings in the test working directory
+  with the specified prefix:
+  `save-listings exclude-pass-run`
+- `move-listings <prefix>`
+  Similar to `copy-listings` but removes the source
+- `purge-children <dir>`
+  This will delete all child files and purge all child subdirs under given
+  directory but keep the parent intact. This behavior is important for tests
+  with Google Drive because removing and re-creating the parent would change
+  its ID.
+- `delete-file <file>`
+  Delete a single file.
+- `delete-glob <dir> <pattern>`
+  Delete a group of files located one level deep in the given directory
+  with names matching a given glob pattern.
+- `touch-glob YYYY-MM-DD <dir> <pattern>`
+  Change modification time on a group of files.
+- `touch-copy YYYY-MM-DD <source-file> <dest-dir>`
+  Change file modification time then copy it to destination.
+- `copy-file <source-file> <dest-dir>`
+  Copy a single file to given directory.
+- `copy-as <source-file> <dest-file>`
+  Similar to above but destination must include both directory
+  and the new file name at destination.
+- `copy-dir <src> <dst>` and `sync-dir <src> <dst>`
+  Copy/sync a directory. Equivalent of `rclone copy` and `rclone sync`.
+- `list-dirs <dir>`
+  Equivalent to `rclone lsf -R --dirs-only <dir>`
+- `bisync [options]`
+  Runs bisync against `-remote` and `-remote2`.
 
-#### --s3-location-constraint
+### Supported substitution terms
 
-Location constraint - must match endpoint.
+- `{testdir/}` - the root dir of the testcase
+- `{datadir/}` - the `modfiles` dir under the testcase root
+- `{workdir/}` - the temporary test working directory
+- `{path1/}` - the root of the Path1 test directory tree
+- `{path2/}` - the root of the Path2 test directory tree
+- `{session}` - base name of the test listings
+- `{/}` - OS-specific path separator
+- `{spc}`, `{tab}`, `{eol}` - whitespace
+- `{chr:HH}` - raw byte with given hexadecimal code
 
-Used when creating buckets only.
+Substitution results of the terms named like `{dir/}` will end with
+`/` (or backslash on Windows), so it is not necessary to include
+slash in the usage, for example `delete-file {path1/}file1.txt`.
 
-Properties:
+## Benchmarks
 
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    ChinaMobile
-- Type:        string
-- Required:    false
-- Examples:
-    - "wuxi1"
-        - East China (Suzhou)
-    - "jinan1"
-        - East China (Jinan)
-    - "ningbo1"
-        - East China (Hangzhou)
-    - "shanghai1"
-        - East China (Shanghai-1)
-    - "zhengzhou1"
-        - Central China (Zhengzhou)
-    - "hunan1"
-        - Central China (Changsha-1)
-    - "zhuzhou1"
-        - Central China (Changsha-2)
-    - "guangzhou1"
-        - South China (Guangzhou-2)
-    - "dongguan1"
-        - South China (Guangzhou-3)
-    - "beijing1"
-        - North China (Beijing-1)
-    - "beijing2"
-        - North China (Beijing-2)
-    - "beijing4"
-        - North China (Beijing-3)
-    - "huhehaote1"
-        - North China (Huhehaote)
-    - "chengdu1"
-        - Southwest China (Chengdu)
-    - "chongqing1"
-        - Southwest China (Chongqing)
-    - "guiyang1"
-        - Southwest China (Guiyang)
-    - "xian1"
-        - Nouthwest China (Xian)
-    - "yunnan"
-        - Yunnan China (Kunming)
-    - "yunnan2"
-        - Yunnan China (Kunming-2)
-    - "tianjin1"
-        - Tianjin China (Tianjin)
-    - "jilin1"
-        - Jilin China (Changchun)
-    - "hubei1"
-        - Hubei China (Xiangyan)
-    - "jiangxi1"
-        - Jiangxi China (Nanchang)
-    - "gansu1"
-        - Gansu China (Lanzhou)
-    - "shanxi1"
-        - Shanxi China (Taiyuan)
-    - "liaoning1"
-        - Liaoning China (Shenyang)
-    - "hebei1"
-        - Hebei China (Shijiazhuang)
-    - "fujian1"
-        - Fujian China (Xiamen)
-    - "guangxi1"
-        - Guangxi China (Nanning)
-    - "anhui1"
-        - Anhui China (Huainan)
+_This section is work in progress._
 
-#### --s3-location-constraint
+Here are a few data points for scale, execution times, and memory usage.
 
-Location constraint - must match endpoint.
+The first set of data was taken between a local disk to Dropbox.
+The [speedtest.net](https://speedtest.net) download speed was ~170 Mbps,
+and upload speed was ~10 Mbps. 500 files (~9.5 MB each) had been already
+synched. 50 files were added in a new directory, each ~9.5 MB, ~475 MB total.
 
-Used when creating buckets only.
+Change                                | Operations and times                                   | Overall run time
+--------------------------------------|--------------------------------------------------------|------------------
+500 files synched (nothing to move)   | 1x listings for Path1 & Path2                          | 1.5 sec
+500 files synched with --check-access | 1x listings for Path1 & Path2                          | 1.5 sec
+50 new files on remote                | Queued 50 copies down: 27 sec                          |  29 sec
+Moved local dir                       | Queued 50 copies up: 410 sec, 50 deletes up: 9 sec     | 421 sec
+Moved remote dir                      | Queued 50 copies down: 31 sec, 50 deletes down: <1 sec |  33 sec
+Delete local dir                      | Queued 50 deletes up: 9 sec                            |  13 sec
 
-Properties:
+This next data is from a user's application. They had ~400GB of data
+over 1.96 million files being sync'ed between a Windows local disk and some
+remote cloud. The file full path length was on average 35 characters
+(which factors into load time and RAM required).
 
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    ArvanCloud
-- Type:        string
-- Required:    false
-- Examples:
-    - "ir-thr-at1"
-        - Tehran Iran (Asiatech)
-    - "ir-tbz-sh1"
-        - Tabriz Iran (Shahriar)
+- Loading the prior listing into memory (1.96 million files, listing file
+  size 140 MB) took ~30 sec and occupied about 1 GB of RAM.
+- Getting a fresh listing of the local file system (producing the
+  140 MB output file) took about XXX sec.
+- Getting a fresh listing of the remote file system (producing the 140 MB
+  output file) took about XXX sec. The network download speed was measured
+  at XXX Mb/s.
+- Once the prior and current Path1 and Path2 listings were loaded (a total
+  of four to be loaded, two at a time), determining the deltas was pretty
+  quick (a few seconds for this test case), and the transfer time for any
+  files to be copied was dominated by the network bandwidth.
 
-#### --s3-location-constraint
+## References
 
-Location constraint - must match endpoint when using IBM Cloud Public.
+rclone's bisync implementation was derived from
+the [rclonesync-V2](https://github.com/cjnaz/rclonesync-V2) project,
+including documentation and test mechanisms,
+with [@cjnaz](https://github.com/cjnaz)'s full support and encouragement.
 
-For on-prem COS, do not make a selection from this list, hit enter.
+`rclone bisync` is similar in nature to a range of other projects:
 
-Properties:
+- [unison](https://github.com/bcpierce00/unison)
+- [syncthing](https://github.com/syncthing/syncthing)
+- [cjnaz/rclonesync](https://github.com/cjnaz/rclonesync-V2)
+- [ConorWilliams/rsinc](https://github.com/ConorWilliams/rsinc)
+- [jwink3101/syncrclone](https://github.com/Jwink3101/syncrclone)
+- [DavideRossi/upback](https://github.com/DavideRossi/upback)
 
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    IBMCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "us-standard"
-        - US Cross Region Standard
-    - "us-vault"
-        - US Cross Region Vault
-    - "us-cold"
-        - US Cross Region Cold
-    - "us-flex"
-        - US Cross Region Flex
-    - "us-east-standard"
-        - US East Region Standard
-    - "us-east-vault"
-        - US East Region Vault
-    - "us-east-cold"
-        - US East Region Cold
-    - "us-east-flex"
-        - US East Region Flex
-    - "us-south-standard"
-        - US South Region Standard
-    - "us-south-vault"
-        - US South Region Vault
-    - "us-south-cold"
-        - US South Region Cold
-    - "us-south-flex"
-        - US South Region Flex
-    - "eu-standard"
-        - EU Cross Region Standard
-    - "eu-vault"
-        - EU Cross Region Vault
-    - "eu-cold"
-        - EU Cross Region Cold
-    - "eu-flex"
-        - EU Cross Region Flex
-    - "eu-gb-standard"
-        - Great Britain Standard
-    - "eu-gb-vault"
-        - Great Britain Vault
-    - "eu-gb-cold"
-        - Great Britain Cold
-    - "eu-gb-flex"
-        - Great Britain Flex
-    - "ap-standard"
-        - APAC Standard
-    - "ap-vault"
-        - APAC Vault
-    - "ap-cold"
-        - APAC Cold
-    - "ap-flex"
-        - APAC Flex
-    - "mel01-standard"
-        - Melbourne Standard
-    - "mel01-vault"
-        - Melbourne Vault
-    - "mel01-cold"
-        - Melbourne Cold
-    - "mel01-flex"
-        - Melbourne Flex
-    - "tor01-standard"
-        - Toronto Standard
-    - "tor01-vault"
-        - Toronto Vault
-    - "tor01-cold"
-        - Toronto Cold
-    - "tor01-flex"
-        - Toronto Flex
+Bisync adopts the differential synchronization technique, which is
+based on keeping history of changes performed by both synchronizing sides.
+See the _Dual Shadow Method_ section in
+[Neil Fraser's article](https://neil.fraser.name/writing/sync/).
 
-#### --s3-location-constraint
+Also note a number of academic publications by
+[Benjamin Pierce](http://www.cis.upenn.edu/%7Ebcpierce/papers/index.shtml#File%20Synchronization)
+about _Unison_ and synchronization in general.
 
-Location constraint - the location where your bucket will be located and your data stored.
+## Changelog
+
+### `v1.64`
+* Fixed an [issue](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Dry%20runs%20are%20not%20completely%20dry) 
+causing dry runs to inadvertently commit filter changes
+* Fixed an [issue](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20%2D%2Dresync%20deletes%20data%2C%20contrary%20to%20docs) 
+causing `--resync` to erroneously delete empty folders and duplicate files unique to Path2
+* `--check-access` is now enforced during `--resync`, preventing data loss in [certain user error scenarios](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should)
+* Fixed an [issue](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=5.%20Bisync%20reads%20files%20in%20excluded%20directories%20during%20delete%20operations) 
+causing bisync to consider more files than necessary due to overbroad filters during delete operations
+* [Improved detection of false positive change conflicts](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Identical%20files%20should%20be%20left%20alone%2C%20even%20if%20new/newer/changed%20on%20both%20sides) 
+(identical files are now left alone instead of renamed)
+* Added [support for `--create-empty-src-dirs`](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20Bisync%20should%20create/delete%20empty%20directories%20as%20sync%20does%2C%20when%20%2D%2Dcreate%2Dempty%2Dsrc%2Ddirs%20is%20passed)
+* Added experimental `--resilient` mode to allow [recovery from self-correctable errors](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20Bisync%20should%20be%20more%20resilient%20to%20self%2Dcorrectable%20errors)
+* Added [new `--ignore-listing-checksum` flag](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20%2D%2Dignore%2Dchecksum%20should%20be%20split%20into%20two%20flags%20for%20separate%20purposes) 
+to distinguish from `--ignore-checksum`
+* [Performance improvements](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20Deletes%20take%20several%20times%20longer%20than%20copies) for large remotes
+* Documentation and testing improvements
+
+# Release signing
+
+The hashes of the binary artefacts of the rclone release are signed
+with a public PGP/GPG key. This can be verified manually as described
+below.
 
+The same mechanism is also used by [rclone selfupdate](https://rclone.org/commands/rclone_selfupdate/)
+to verify that the release has not been tampered with before the new
+update is installed. This checks the SHA256 hash and the signature
+with a public key compiled into the rclone binary.
 
-Properties:
+## Release signing key
 
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    RackCorp
-- Type:        string
-- Required:    false
-- Examples:
-    - "global"
-        - Global CDN Region
-    - "au"
-        - Australia (All locations)
-    - "au-nsw"
-        - NSW (Australia) Region
-    - "au-qld"
-        - QLD (Australia) Region
-    - "au-vic"
-        - VIC (Australia) Region
-    - "au-wa"
-        - Perth (Australia) Region
-    - "ph"
-        - Manila (Philippines) Region
-    - "th"
-        - Bangkok (Thailand) Region
-    - "hk"
-        - HK (Hong Kong) Region
-    - "mn"
-        - Ulaanbaatar (Mongolia) Region
-    - "kg"
-        - Bishkek (Kyrgyzstan) Region
-    - "id"
-        - Jakarta (Indonesia) Region
-    - "jp"
-        - Tokyo (Japan) Region
-    - "sg"
-        - SG (Singapore) Region
-    - "de"
-        - Frankfurt (Germany) Region
-    - "us"
-        - USA (AnyCast) Region
-    - "us-east-1"
-        - New York (USA) Region
-    - "us-west-1"
-        - Freemont (USA) Region
-    - "nz"
-        - Auckland (New Zealand) Region
+You may obtain the release signing key from:
 
-#### --s3-location-constraint
+- From [KEYS](/KEYS) on this website - this file contains all past signing keys also.
+- The git repository hosted on GitHub - https://github.com/rclone/rclone/blob/master/docs/content/KEYS
+- `gpg --keyserver hkps://keys.openpgp.org --search nick@craig-wood.com`
+- `gpg --keyserver hkps://keyserver.ubuntu.com --search nick@craig-wood.com`
+- https://www.craig-wood.com/nick/pub/pgp-key.txt
 
-Location constraint - must be set to match the Region.
+After importing the key, verify that the fingerprint of one of the
+keys matches: `FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA` as this key is used for signing.
 
-Used when creating buckets only.
+We recommend that you cross-check the fingerprint shown above through
+the domains listed below. By cross-checking the integrity of the
+fingerprint across multiple domains you can be confident that you
+obtained the correct key.
 
-Properties:
+- The [source for this page on GitHub](https://github.com/rclone/rclone/blob/master/docs/content/release_signing.md).
+- Through DNS `dig key.rclone.org txt`
 
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "cn-east-1"
-        - East China Region 1
-    - "cn-east-2"
-        - East China Region 2
-    - "cn-north-1"
-        - North China Region 1
-    - "cn-south-1"
-        - South China Region 1
-    - "us-north-1"
-        - North America Region 1
-    - "ap-southeast-1"
-        - Southeast Asia Region 1
-    - "ap-northeast-1"
-        - Northeast Asia Region 1
+If you find anything that doesn't not match, please contact the
+developers at once.
 
-#### --s3-location-constraint
+## How to verify the release
 
-Location constraint - must be set to match the Region.
+In the release directory you will see the release files and some files called `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS`.
 
-Leave blank if not sure. Used when creating buckets only.
+```
+$ rclone lsf --http-url https://downloads.rclone.org/v1.63.1 :http:
+MD5SUMS
+SHA1SUMS
+SHA256SUMS
+rclone-v1.63.1-freebsd-386.zip
+rclone-v1.63.1-freebsd-amd64.zip
+...
+rclone-v1.63.1-windows-arm64.zip
+rclone-v1.63.1.tar.gz
+version.txt
+```
 
-Properties:
+The `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS` contain hashes of the
+binary files in the release directory along with a signature.
 
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    !AWS,Alibaba,HuaweiOBS,ChinaMobile,Cloudflare,IBMCOS,IDrive,IONOS,Liara,ArvanCloud,Qiniu,RackCorp,Scaleway,StackPath,Storj,TencentCOS
-- Type:        string
-- Required:    false
+For example:
 
-#### --s3-acl
+```
+$ rclone cat --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
 
-Canned ACL used when creating buckets and storing or copying objects.
+f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113  rclone-v1.63.1-freebsd-386.zip
+7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e  rclone-v1.63.1-freebsd-amd64.zip
+...
+66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73  rclone-v1.63.1-windows-amd64.zip
+bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0  rclone-v1.63.1-windows-arm64.zip
+-----BEGIN PGP SIGNATURE-----
 
-This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZLVKJQAKCRCTk14C/ztU
++pZuAJ0XJ+QWLP/3jCtkmgcgc4KAwd/rrwCcCRZQ7E+oye1FPY46HOVzCFU3L7g=
+=8qrL
+-----END PGP SIGNATURE-----
+```
 
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+### Download the files
 
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
+The first step is to download the binary and SUMs file and verify that
+the SUMs you have downloaded match. Here we download
+`rclone-v1.63.1-windows-amd64.zip` - choose the binary (or binaries)
+appropriate to your architecture. We've also chosen the `SHA256SUMS`
+as these are the most secure. You could verify the other types of hash
+also for extra security. `rclone selfupdate` verifies just the
+`SHA256SUMS`.
 
-If the acl is an empty string then no X-Amz-Acl: header is added and
-the default (private) will be used.
+```
+$ mkdir /tmp/check
+$ cd /tmp/check
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS .
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:rclone-v1.63.1-windows-amd64.zip .
+```
 
+### Verify the signatures
 
-Properties:
+First verify the signatures on the SHA256 file.
 
-- Config:      acl
-- Env Var:     RCLONE_S3_ACL
-- Provider:    !Storj,Cloudflare
-- Type:        string
-- Required:    false
-- Examples:
-    - "default"
-        - Owner gets Full_CONTROL.
-        - No one else has access rights (default).
-    - "private"
-        - Owner gets FULL_CONTROL.
-        - No one else has access rights (default).
-    - "public-read"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ access.
-    - "public-read-write"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ and WRITE access.
-        - Granting this on a bucket is generally not recommended.
-    - "authenticated-read"
-        - Owner gets FULL_CONTROL.
-        - The AuthenticatedUsers group gets READ access.
-    - "bucket-owner-read"
-        - Object owner gets FULL_CONTROL.
-        - Bucket owner gets READ access.
-        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-    - "bucket-owner-full-control"
-        - Both the object owner and the bucket owner get FULL_CONTROL over the object.
-        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-    - "private"
-        - Owner gets FULL_CONTROL.
-        - No one else has access rights (default).
-        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS.
-    - "public-read"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ access.
-        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS.
-    - "public-read-write"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ and WRITE access.
-        - This acl is available on IBM Cloud (Infra), On-Premise IBM COS.
-    - "authenticated-read"
-        - Owner gets FULL_CONTROL.
-        - The AuthenticatedUsers group gets READ access.
-        - Not supported on Buckets.
-        - This acl is available on IBM Cloud (Infra) and On-Premise IBM COS.
+Import the key. See above for ways to verify this key is correct.
 
-#### --s3-server-side-encryption
+```
+$ gpg --keyserver keyserver.ubuntu.com --receive-keys FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: key 93935E02FF3B54FA: public key "Nick Craig-Wood <nick@craig-wood.com>" imported
+gpg: Total number processed: 1
+gpg:               imported: 1
+```
 
-The server-side encryption algorithm used when storing this object in S3.
+Then check the signature:
 
-Properties:
+```
+$ gpg --verify SHA256SUMS 
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
+```
 
-- Config:      server_side_encryption
-- Env Var:     RCLONE_S3_SERVER_SIDE_ENCRYPTION
-- Provider:    AWS,Ceph,ChinaMobile,Minio
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - None
-    - "AES256"
-        - AES256
-    - "aws:kms"
-        - aws:kms
+Verify the signature was good and is using the fingerprint shown above.
 
-#### --s3-sse-kms-key-id
+Repeat for `MD5SUMS` and `SHA1SUMS` if desired.
 
-If using KMS ID you must provide the ARN of Key.
+### Verify the hashes
 
-Properties:
+Now that we know the signatures on the hashes are OK we can verify the
+binaries match the hashes, completing the verification.
 
-- Config:      sse_kms_key_id
-- Env Var:     RCLONE_S3_SSE_KMS_KEY_ID
-- Provider:    AWS,Ceph,Minio
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - None
-    - "arn:aws:kms:us-east-1:*"
-        - arn:aws:kms:*
+```
+$ sha256sum -c SHA256SUMS 2>&1 | grep OK
+rclone-v1.63.1-windows-amd64.zip: OK
+```
 
-#### --s3-storage-class
+Or do the check with rclone
 
-The storage class to use when storing new objects in S3.
+```
+$ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip 
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 0
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 1
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 49
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: 4 warning(s) suppressed...
+= rclone-v1.63.1-windows-amd64.zip
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 0 differences found
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 1 matching files
+```
 
-Properties:
+### Verify signatures and hashes together
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    AWS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "REDUCED_REDUNDANCY"
-        - Reduced redundancy storage class
-    - "STANDARD_IA"
-        - Standard Infrequent Access storage class
-    - "ONEZONE_IA"
-        - One Zone Infrequent Access storage class
-    - "GLACIER"
-        - Glacier storage class
-    - "DEEP_ARCHIVE"
-        - Glacier Deep Archive storage class
-    - "INTELLIGENT_TIERING"
-        - Intelligent-Tiering storage class
-    - "GLACIER_IR"
-        - Glacier Instant Retrieval storage class
+You can verify the signatures and hashes in one command line like this:
 
-#### --s3-storage-class
+```
+$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
+gpg:                 aka "Nick Craig-Wood <nick@memset.com>" [unknown]
+rclone-v1.63.1-windows-amd64.zip: OK
+```
 
-The storage class to use when storing new objects in OSS.
+#  1Fichier
 
-Properties:
+This is a backend for the [1fichier](https://1fichier.com) cloud
+storage service. Note that a Premium subscription is required to use
+the API.
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Alibaba
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "GLACIER"
-        - Archive storage mode
-    - "STANDARD_IA"
-        - Infrequent access storage mode
+Paths are specified as `remote:path`
 
-#### --s3-storage-class
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-The storage class to use when storing new objects in ChinaMobile.
+## Configuration
 
-Properties:
+The initial setup for 1Fichier involves getting the API key from the website which you
+need to do in your browser.
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    ChinaMobile
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "GLACIER"
-        - Archive storage mode
-    - "STANDARD_IA"
-        - Infrequent access storage mode
+Here is an example of how to make a remote called `remote`.  First run:
 
-#### --s3-storage-class
+     rclone config
 
-The storage class to use when storing new objects in Liara
+This will guide you through an interactive setup process:
 
-Properties:
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+[snip]
+XX / 1Fichier
+   \ "fichier"
+[snip]
+Storage> fichier
+** See help for fichier backend at: https://rclone.org/fichier/ **
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Liara
-- Type:        string
-- Required:    false
-- Examples:
-    - "STANDARD"
-        - Standard storage class
+Your API Key, get it from https://1fichier.com/console/params.pl
+Enter a string value. Press Enter for the default ("").
+api_key> example_key
 
-#### --s3-storage-class
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> 
+Remote config
+--------------------
+[remote]
+type = fichier
+api_key = example_key
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-The storage class to use when storing new objects in ArvanCloud.
+Once configured you can then use `rclone` like this,
 
-Properties:
+List directories in top level of your 1Fichier account
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    ArvanCloud
-- Type:        string
-- Required:    false
-- Examples:
-    - "STANDARD"
-        - Standard storage class
+    rclone lsd remote:
 
-#### --s3-storage-class
+List all the files in your 1Fichier account
 
-The storage class to use when storing new objects in Tencent COS.
+    rclone ls remote:
 
-Properties:
+To copy a local directory to a 1Fichier directory called backup
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    TencentCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "ARCHIVE"
-        - Archive storage mode
-    - "STANDARD_IA"
-        - Infrequent access storage mode
+    rclone copy /home/source remote:backup
 
-#### --s3-storage-class
+### Modification times and hashes
 
-The storage class to use when storing new objects in S3.
+1Fichier does not support modification times. It supports the Whirlpool hash algorithm.
 
-Properties:
+### Duplicated files
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Scaleway
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default.
-    - "STANDARD"
-        - The Standard class for any upload.
-        - Suitable for on-demand content like streaming or CDN.
-    - "GLACIER"
-        - Archived storage.
-        - Prices are lower, but it needs to be restored first to be accessed.
+1Fichier can have two files with exactly the same name and path (unlike a
+normal file system).
 
-#### --s3-storage-class
+Duplicated files cause problems with the syncing and you will see
+messages in the log about duplicates.
 
-The storage class to use when storing new objects in Qiniu.
+### Restricted filename characters
 
-Properties:
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
 
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "STANDARD"
-        - Standard storage class
-    - "LINE"
-        - Infrequent access storage mode
-    - "GLACIER"
-        - Archive storage mode
-    - "DEEP_ARCHIVE"
-        - Deep archive storage mode
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+| <         | 0x3C  | ＜           |
+| >         | 0x3E  | ＞           |
+| "         | 0x22  | ＂           |
+| $         | 0x24  | ＄           |
+| `         | 0x60  | ｀           |
+| '         | 0x27  | ＇           |
 
-### Advanced options
+File names can also not start or end with the following characters.
+These only get replaced if they are the first or last character in the
+name:
 
-Here are the Advanced options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
 
-#### --s3-bucket-acl
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-Canned ACL used when creating buckets.
 
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+### Standard options
 
-Note that this ACL is applied when only when creating buckets.  If it
-isn't set then "acl" is used instead.
+Here are the Standard options specific to fichier (1Fichier).
 
-If the "acl" and "bucket_acl" are empty strings then no X-Amz-Acl:
-header is added and the default (private) will be used.
+#### --fichier-api-key
 
+Your API Key, get it from https://1fichier.com/console/params.pl.
 
 Properties:
 
-- Config:      bucket_acl
-- Env Var:     RCLONE_S3_BUCKET_ACL
+- Config:      api_key
+- Env Var:     RCLONE_FICHIER_API_KEY
 - Type:        string
 - Required:    false
-- Examples:
-    - "private"
-        - Owner gets FULL_CONTROL.
-        - No one else has access rights (default).
-    - "public-read"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ access.
-    - "public-read-write"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ and WRITE access.
-        - Granting this on a bucket is generally not recommended.
-    - "authenticated-read"
-        - Owner gets FULL_CONTROL.
-        - The AuthenticatedUsers group gets READ access.
 
-#### --s3-requester-pays
-
-Enables requester pays option when interacting with S3 bucket.
-
-Properties:
+### Advanced options
 
-- Config:      requester_pays
-- Env Var:     RCLONE_S3_REQUESTER_PAYS
-- Provider:    AWS
-- Type:        bool
-- Default:     false
+Here are the Advanced options specific to fichier (1Fichier).
 
-#### --s3-sse-customer-algorithm
+#### --fichier-shared-folder
 
-If using SSE-C, the server-side encryption algorithm used when storing this object in S3.
+If you want to download a shared folder, add this parameter.
 
 Properties:
 
-- Config:      sse_customer_algorithm
-- Env Var:     RCLONE_S3_SSE_CUSTOMER_ALGORITHM
-- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Config:      shared_folder
+- Env Var:     RCLONE_FICHIER_SHARED_FOLDER
 - Type:        string
 - Required:    false
-- Examples:
-    - ""
-        - None
-    - "AES256"
-        - AES256
 
-#### --s3-sse-customer-key
+#### --fichier-file-password
 
-To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data.
+If you want to download a shared file that is password protected, add this parameter.
 
-Alternatively you can provide --sse-customer-key-base64.
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
 Properties:
 
-- Config:      sse_customer_key
-- Env Var:     RCLONE_S3_SSE_CUSTOMER_KEY
-- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Config:      file_password
+- Env Var:     RCLONE_FICHIER_FILE_PASSWORD
 - Type:        string
 - Required:    false
-- Examples:
-    - ""
-        - None
 
-#### --s3-sse-customer-key-base64
+#### --fichier-folder-password
 
-If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data.
+If you want to list the files in a shared folder that is password protected, add this parameter.
 
-Alternatively you can provide --sse-customer-key.
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
 Properties:
 
-- Config:      sse_customer_key_base64
-- Env Var:     RCLONE_S3_SSE_CUSTOMER_KEY_BASE64
-- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Config:      folder_password
+- Env Var:     RCLONE_FICHIER_FOLDER_PASSWORD
 - Type:        string
 - Required:    false
-- Examples:
-    - ""
-        - None
-
-#### --s3-sse-customer-key-md5
 
-If using SSE-C you may provide the secret encryption key MD5 checksum (optional).
-
-If you leave it blank, this is calculated automatically from the sse_customer_key provided.
+#### --fichier-cdn
 
+Set if you wish to use CDN download links.
 
 Properties:
 
-- Config:      sse_customer_key_md5
-- Env Var:     RCLONE_S3_SSE_CUSTOMER_KEY_MD5
-- Provider:    AWS,Ceph,ChinaMobile,Minio
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - None
+- Config:      cdn
+- Env Var:     RCLONE_FICHIER_CDN
+- Type:        bool
+- Default:     false
 
-#### --s3-upload-cutoff
+#### --fichier-encoding
 
-Cutoff for switching to chunked upload.
+The encoding for the backend.
 
-Any files larger than this will be uploaded in chunks of chunk_size.
-The minimum is 0 and the maximum is 5 GiB.
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
 Properties:
 
-- Config:      upload_cutoff
-- Env Var:     RCLONE_S3_UPLOAD_CUTOFF
-- Type:        SizeSuffix
-- Default:     200Mi
-
-#### --s3-chunk-size
+- Config:      encoding
+- Env Var:     RCLONE_FICHIER_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot
 
-Chunk size to use for uploading.
 
-When uploading files larger than upload_cutoff or files with unknown
-size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google
-photos or google docs) they will be uploaded as multipart uploads
-using this chunk size.
 
-Note that "--s3-upload-concurrency" chunks of this size are buffered
-in memory per transfer.
+## Limitations
 
-If you are transferring large files over high-speed links and you have
-enough memory, then increasing this will speed up the transfers.
+`rclone about` is not supported by the 1Fichier backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
 
-Rclone will automatically increase the chunk size when uploading a
-large file of known size to stay below the 10,000 chunks limit.
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-Files of unknown size are uploaded with the configured
-chunk_size. Since the default chunk size is 5 MiB and there can be at
-most 10,000 chunks, this means that by default the maximum size of
-a file you can stream upload is 48 GiB.  If you wish to stream upload
-larger files then you will need to increase chunk_size.
+#  Alias
 
-Increasing the chunk size decreases the accuracy of the progress
-statistics displayed with "-P" flag. Rclone treats chunk as sent when
-it's buffered by the AWS SDK, when in fact it may still be uploading.
-A bigger chunk size means a bigger AWS SDK buffer and progress
-reporting more deviating from the truth.
+The `alias` remote provides a new name for another remote.
 
+Paths may be as deep as required or a local path, 
+e.g. `remote:directory/subdirectory` or `/directory/subdirectory`.
 
-Properties:
+During the initial setup with `rclone config` you will specify the target
+remote. The target remote can either be a local path or another remote.
 
-- Config:      chunk_size
-- Env Var:     RCLONE_S3_CHUNK_SIZE
-- Type:        SizeSuffix
-- Default:     5Mi
+Subfolders can be used in target remote. Assume an alias remote named `backup`
+with the target `mydrive:private/backup`. Invoking `rclone mkdir backup:desktop`
+is exactly the same as invoking `rclone mkdir mydrive:private/backup/desktop`.
 
-#### --s3-max-upload-parts
+There will be no special handling of paths containing `..` segments.
+Invoking `rclone mkdir backup:../desktop` is exactly the same as invoking
+`rclone mkdir mydrive:private/backup/../desktop`.
+The empty path is not allowed as a remote. To alias the current directory
+use `.` instead.
 
-Maximum number of parts in a multipart upload.
+The target remote can also be a [connection string](https://rclone.org/docs/#connection-strings). 
+This can be used to modify the config of a remote for different uses, e.g.
+the alias  `myDriveTrash` with the target remote `myDrive,trashed_only:` 
+can be used to only show the trashed files in `myDrive`.
 
-This option defines the maximum number of multipart chunks to use
-when doing a multipart upload.
+## Configuration
 
-This can be useful if a service does not support the AWS S3
-specification of 10,000 chunks.
+Here is an example of how to make an alias called `remote` for local folder.
+First run:
 
-Rclone will automatically increase the chunk size when uploading a
-large file of a known size to stay below this number of chunks limit.
+     rclone config
 
+This will guide you through an interactive setup process:
 
-Properties:
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Alias for an existing remote
+   \ "alias"
+[snip]
+Storage> alias
+Remote or path to alias.
+Can be "myremote:path/to/dir", "myremote:bucket", "myremote:" or "/local/path".
+remote> /mnt/storage/backup
+Remote config
+--------------------
+[remote]
+remote = /mnt/storage/backup
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
 
-- Config:      max_upload_parts
-- Env Var:     RCLONE_S3_MAX_UPLOAD_PARTS
-- Type:        int
-- Default:     10000
+Name                 Type
+====                 ====
+remote               alias
 
-#### --s3-copy-cutoff
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> q
+```
 
-Cutoff for switching to multipart copy.
+Once configured you can then use `rclone` like this,
 
-Any files larger than this that need to be server-side copied will be
-copied in chunks of this size.
+List directories in top level in `/mnt/storage/backup`
 
-The minimum is 0 and the maximum is 5 GiB.
+    rclone lsd remote:
 
-Properties:
+List all the files in `/mnt/storage/backup`
 
-- Config:      copy_cutoff
-- Env Var:     RCLONE_S3_COPY_CUTOFF
-- Type:        SizeSuffix
-- Default:     4.656Gi
+    rclone ls remote:
 
-#### --s3-disable-checksum
+Copy another local directory to the alias directory called source
 
-Don't store MD5 checksum with object metadata.
+    rclone copy /home/source remote:source
 
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can add it to metadata on the object. This is great
-for data integrity checking but can cause long delays for large files
-to start uploading.
 
-Properties:
+### Standard options
 
-- Config:      disable_checksum
-- Env Var:     RCLONE_S3_DISABLE_CHECKSUM
-- Type:        bool
-- Default:     false
+Here are the Standard options specific to alias (Alias for an existing remote).
 
-#### --s3-shared-credentials-file
+#### --alias-remote
 
-Path to the shared credentials file.
+Remote or path to alias.
 
-If env_auth = true then rclone can use a shared credentials file.
+Can be "myremote:path/to/dir", "myremote:bucket", "myremote:" or "/local/path".
 
-If this variable is empty rclone will look for the
-"AWS_SHARED_CREDENTIALS_FILE" env variable. If the env value is empty
-it will default to the current user's home directory.
+Properties:
 
-    Linux/OSX: "$HOME/.aws/credentials"
-    Windows:   "%USERPROFILE%\.aws\credentials"
+- Config:      remote
+- Env Var:     RCLONE_ALIAS_REMOTE
+- Type:        string
+- Required:    true
 
 
-Properties:
 
-- Config:      shared_credentials_file
-- Env Var:     RCLONE_S3_SHARED_CREDENTIALS_FILE
-- Type:        string
-- Required:    false
+#  Amazon Drive
 
-#### --s3-profile
+Amazon Drive, formerly known as Amazon Cloud Drive, is a cloud storage
+service run by Amazon for consumers.
 
-Profile to use in the shared credentials file.
+## Status
 
-If env_auth = true then rclone can use a shared credentials file. This
-variable controls which profile is used in that file.
+**Important:** rclone supports Amazon Drive only if you have your own
+set of API keys. Unfortunately the [Amazon Drive developer
+program](https://developer.amazon.com/amazon-drive) is now closed to
+new entries so if you don't already have your own set of keys you will
+not be able to use rclone with Amazon Drive.
 
-If empty it will default to the environment variable "AWS_PROFILE" or
-"default" if that environment variable is also not set.
+For the history on why rclone no longer has a set of Amazon Drive API
+keys see [the forum](https://forum.rclone.org/t/rclone-has-been-banned-from-amazon-drive/2314).
 
+If you happen to know anyone who works at Amazon then please ask them
+to re-instate rclone into the Amazon Drive developer program - thanks!
 
-Properties:
+## Configuration
 
-- Config:      profile
-- Env Var:     RCLONE_S3_PROFILE
-- Type:        string
-- Required:    false
+The initial setup for Amazon Drive involves getting a token from
+Amazon which you need to do in your browser.  `rclone config` walks
+you through it.
 
-#### --s3-session-token
+The configuration process for Amazon Drive may involve using an [oauth
+proxy](https://github.com/ncw/oauthproxy). This is used to keep the
+Amazon credentials out of the source code.  The proxy runs in Google's
+very secure App Engine environment and doesn't store any credentials
+which pass through it.
 
-An AWS session token.
+Since rclone doesn't currently have its own Amazon Drive credentials
+so you will either need to have your own `client_id` and
+`client_secret` with Amazon Drive, or use a third-party oauth proxy
+in which case you will need to enter `client_id`, `client_secret`,
+`auth_url` and `token_url`.
 
-Properties:
+Note also if you are not using Amazon's `auth_url` and `token_url`,
+(ie you filled in something for those) then if setting up on a remote
+machine you can only use the [copying the config method of
+configuration](https://rclone.org/remote_setup/#configuring-by-copying-the-config-file)
+- `rclone authorize` will not work.
 
-- Config:      session_token
-- Env Var:     RCLONE_S3_SESSION_TOKEN
-- Type:        string
-- Required:    false
+Here is an example of how to make a remote called `remote`.  First run:
 
-#### --s3-upload-concurrency
+     rclone config
 
-Concurrency for multipart uploads.
+This will guide you through an interactive setup process:
 
-This is the number of chunks of the same file that are uploaded
-concurrently.
+```
+No remotes found, make a new one?
+n) New remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+n/r/c/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon Drive
+   \ "amazon cloud drive"
+[snip]
+Storage> amazon cloud drive
+Amazon Application Client Id - required.
+client_id> your client ID goes here
+Amazon Application Client Secret - required.
+client_secret> your client secret goes here
+Auth server URL - leave blank to use Amazon's.
+auth_url> Optional auth URL
+Token server url - leave blank to use Amazon's.
+token_url> Optional token URL
+Remote config
+Make sure your Redirect URL is set to "http://127.0.0.1:53682/" in your custom config.
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes
+n) No
+y/n> y
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+--------------------
+[remote]
+client_id = your client ID goes here
+client_secret = your client secret goes here
+auth_url = Optional auth URL
+token_url = Optional token URL
+token = {"access_token":"xxxxxxxxxxxxxxxxxxxxxxx","token_type":"bearer","refresh_token":"xxxxxxxxxxxxxxxxxx","expiry":"2015-09-06T16:07:39.658438471+01:00"}
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-If you are uploading small numbers of large files over high-speed links
-and these uploads do not fully utilize your bandwidth, then increasing
-this may help to speed up the transfers.
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
 
-Properties:
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Amazon. This only runs from the moment it
+opens your browser to the moment you get back the verification
+code.  This is on `http://127.0.0.1:53682/` and this it may require
+you to unblock it temporarily if you are running a host firewall.
 
-- Config:      upload_concurrency
-- Env Var:     RCLONE_S3_UPLOAD_CONCURRENCY
-- Type:        int
-- Default:     4
+Once configured you can then use `rclone` like this,
 
-#### --s3-force-path-style
+List directories in top level of your Amazon Drive
 
-If true use path style access if false use virtual hosted style.
+    rclone lsd remote:
 
-If this is true (the default) then rclone will use path style access,
-if false then rclone will use virtual path style. See [the AWS S3
-docs](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro)
-for more info.
+List all the files in your Amazon Drive
 
-Some providers (e.g. AWS, Aliyun OSS, Netease COS, or Tencent COS) require this set to
-false - rclone will do this automatically based on the provider
-setting.
+    rclone ls remote:
 
-Properties:
+To copy a local directory to an Amazon Drive directory called backup
 
-- Config:      force_path_style
-- Env Var:     RCLONE_S3_FORCE_PATH_STYLE
-- Type:        bool
-- Default:     true
+    rclone copy /home/source remote:backup
 
-#### --s3-v2-auth
+### Modification times and hashes
 
-If true use v2 authentication.
+Amazon Drive doesn't allow modification times to be changed via
+the API so these won't be accurate or used for syncing.
 
-If this is false (the default) then rclone will use v4 authentication.
-If it is set then rclone will use v2 authentication.
+It does support the MD5 hash algorithm, so for a more accurate sync,
+you can use the `--checksum` flag.
 
-Use this only if v4 signatures don't work, e.g. pre Jewel/v10 CEPH.
+### Restricted filename characters
 
-Properties:
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／          |
 
-- Config:      v2_auth
-- Env Var:     RCLONE_S3_V2_AUTH
-- Type:        bool
-- Default:     false
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-#### --s3-use-accelerate-endpoint
+### Deleting files
 
-If true use the AWS S3 accelerated endpoint.
+Any files you delete with rclone will end up in the trash.  Amazon
+don't provide an API to permanently delete files, nor to empty the
+trash, so you will have to do that with one of Amazon's apps or via
+the Amazon Drive website. As of November 17, 2016, files are
+automatically deleted by Amazon from the trash after 30 days.
 
-See: [AWS S3 Transfer acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration-examples.html)
+### Using with non `.com` Amazon accounts
 
-Properties:
+Let's say you usually use `amazon.co.uk`. When you authenticate with
+rclone it will take you to an `amazon.com` page to log in.  Your
+`amazon.co.uk` email and password should work here just fine.
 
-- Config:      use_accelerate_endpoint
-- Env Var:     RCLONE_S3_USE_ACCELERATE_ENDPOINT
-- Provider:    AWS
-- Type:        bool
-- Default:     false
 
-#### --s3-leave-parts-on-error
+### Standard options
 
-If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.
+Here are the Standard options specific to amazon cloud drive (Amazon Drive).
 
-It should be set to true for resuming uploads across different sessions.
+#### --acd-client-id
 
-WARNING: Storing parts of an incomplete multipart upload counts towards space usage on S3 and will add additional costs if not cleaned up.
+OAuth Client Id.
 
+Leave blank normally.
 
 Properties:
 
-- Config:      leave_parts_on_error
-- Env Var:     RCLONE_S3_LEAVE_PARTS_ON_ERROR
-- Provider:    AWS
-- Type:        bool
-- Default:     false
-
-#### --s3-list-chunk
+- Config:      client_id
+- Env Var:     RCLONE_ACD_CLIENT_ID
+- Type:        string
+- Required:    false
 
-Size of listing chunk (response list for each ListObject S3 request).
+#### --acd-client-secret
 
-This option is also known as "MaxKeys", "max-items", or "page-size" from the AWS S3 specification.
-Most services truncate the response list to 1000 objects even if requested more than that.
-In AWS S3 this is a global maximum and cannot be changed, see [AWS S3](https://docs.aws.amazon.com/cli/latest/reference/s3/ls.html).
-In Ceph, this can be increased with the "rgw list buckets max chunk" option.
+OAuth Client Secret.
 
+Leave blank normally.
 
 Properties:
 
-- Config:      list_chunk
-- Env Var:     RCLONE_S3_LIST_CHUNK
-- Type:        int
-- Default:     1000
-
-#### --s3-list-version
-
-Version of ListObjects to use: 1,2 or 0 for auto.
+- Config:      client_secret
+- Env Var:     RCLONE_ACD_CLIENT_SECRET
+- Type:        string
+- Required:    false
 
-When S3 originally launched it only provided the ListObjects call to
-enumerate objects in a bucket.
+### Advanced options
 
-However in May 2016 the ListObjectsV2 call was introduced. This is
-much higher performance and should be used if at all possible.
+Here are the Advanced options specific to amazon cloud drive (Amazon Drive).
 
-If set to the default, 0, rclone will guess according to the provider
-set which list objects method to call. If it guesses wrong, then it
-may be set manually here.
+#### --acd-token
 
+OAuth Access Token as a JSON blob.
 
 Properties:
 
-- Config:      list_version
-- Env Var:     RCLONE_S3_LIST_VERSION
-- Type:        int
-- Default:     0
-
-#### --s3-list-url-encode
+- Config:      token
+- Env Var:     RCLONE_ACD_TOKEN
+- Type:        string
+- Required:    false
 
-Whether to url encode listings: true/false/unset
+#### --acd-auth-url
 
-Some providers support URL encoding listings and where this is
-available this is more reliable when using control characters in file
-names. If this is set to unset (the default) then rclone will choose
-according to the provider setting what to apply, but you can override
-rclone's choice here.
+Auth server URL.
 
+Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      list_url_encode
-- Env Var:     RCLONE_S3_LIST_URL_ENCODE
-- Type:        Tristate
-- Default:     unset
-
-#### --s3-no-check-bucket
-
-If set, don't attempt to check the bucket exists or create it.
+- Config:      auth_url
+- Env Var:     RCLONE_ACD_AUTH_URL
+- Type:        string
+- Required:    false
 
-This can be useful when trying to minimise the number of transactions
-rclone does if you know the bucket exists already.
+#### --acd-token-url
 
-It can also be needed if the user you are using does not have bucket
-creation permissions. Before v1.52.0 this would have passed silently
-due to a bug.
+Token server url.
 
+Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      no_check_bucket
-- Env Var:     RCLONE_S3_NO_CHECK_BUCKET
-- Type:        bool
-- Default:     false
-
-#### --s3-no-head
+- Config:      token_url
+- Env Var:     RCLONE_ACD_TOKEN_URL
+- Type:        string
+- Required:    false
 
-If set, don't HEAD uploaded objects to check integrity.
+#### --acd-checkpoint
 
-This can be useful when trying to minimise the number of transactions
-rclone does.
+Checkpoint for internal polling (debug).
 
-Setting it means that if rclone receives a 200 OK message after
-uploading an object with PUT then it will assume that it got uploaded
-properly.
+Properties:
 
-In particular it will assume:
+- Config:      checkpoint
+- Env Var:     RCLONE_ACD_CHECKPOINT
+- Type:        string
+- Required:    false
 
-- the metadata, including modtime, storage class and content type was as uploaded
-- the size was as uploaded
+#### --acd-upload-wait-per-gb
 
-It reads the following items from the response for a single part PUT:
+Additional time per GiB to wait after a failed complete upload to see if it appears.
 
-- the MD5SUM
-- The uploaded date
+Sometimes Amazon Drive gives an error when a file has been fully
+uploaded but the file appears anyway after a little while.  This
+happens sometimes for files over 1 GiB in size and nearly every time for
+files bigger than 10 GiB. This parameter controls the time rclone waits
+for the file to appear.
 
-For multipart uploads these items aren't read.
+The default value for this parameter is 3 minutes per GiB, so by
+default it will wait 3 minutes for every GiB uploaded to see if the
+file appears.
 
-If an source object of unknown length is uploaded then rclone **will** do a
-HEAD request.
+You can disable this feature by setting it to 0. This may cause
+conflict errors as rclone retries the failed upload but the file will
+most likely appear correctly eventually.
 
-Setting this flag increases the chance for undetected upload failures,
-in particular an incorrect size, so it isn't recommended for normal
-operation. In practice the chance of an undetected upload failure is
-very small even with this flag.
+These values were determined empirically by observing lots of uploads
+of big files for a range of file sizes.
 
+Upload with the "-v" flag to see more info about what rclone is doing
+in this situation.
 
 Properties:
 
-- Config:      no_head
-- Env Var:     RCLONE_S3_NO_HEAD
-- Type:        bool
-- Default:     false
+- Config:      upload_wait_per_gb
+- Env Var:     RCLONE_ACD_UPLOAD_WAIT_PER_GB
+- Type:        Duration
+- Default:     3m0s
 
-#### --s3-no-head-object
+#### --acd-templink-threshold
 
-If set, do not do HEAD before GET when getting objects.
+Files >= this size will be downloaded via their tempLink.
+
+Files this size or more will be downloaded via their "tempLink". This
+is to work around a problem with Amazon Drive which blocks downloads
+of files bigger than about 10 GiB. The default for this is 9 GiB which
+shouldn't need to be changed.
+
+To download files above this threshold, rclone requests a "tempLink"
+which downloads the file through a temporary URL directly from the
+underlying S3 storage.
 
 Properties:
 
-- Config:      no_head_object
-- Env Var:     RCLONE_S3_NO_HEAD_OBJECT
-- Type:        bool
-- Default:     false
+- Config:      templink_threshold
+- Env Var:     RCLONE_ACD_TEMPLINK_THRESHOLD
+- Type:        SizeSuffix
+- Default:     9Gi
 
-#### --s3-encoding
+#### --acd-encoding
 
 The encoding for the backend.
 
@@ -20562,2104 +21701,3920 @@ See the [encoding section in the overview](https://rclone.org/overview/#encoding
 Properties:
 
 - Config:      encoding
-- Env Var:     RCLONE_S3_ENCODING
-- Type:        MultiEncoder
+- Env Var:     RCLONE_ACD_ENCODING
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8,Dot
 
-#### --s3-memory-pool-flush-time
-
-How often internal memory buffer pools will be flushed.
 
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.
 
-Properties:
+## Limitations
 
-- Config:      memory_pool_flush_time
-- Env Var:     RCLONE_S3_MEMORY_POOL_FLUSH_TIME
-- Type:        Duration
-- Default:     1m0s
+Note that Amazon Drive is case insensitive so you can't have a
+file called "Hello.doc" and one called "hello.doc".
 
-#### --s3-memory-pool-use-mmap
+Amazon Drive has rate limiting so you may notice errors in the
+sync (429 errors).  rclone will automatically retry the sync up to 3
+times by default (see `--retries` flag) which should hopefully work
+around this problem.
 
-Whether to use mmap buffers in internal memory pool.
+Amazon Drive has an internal limit of file sizes that can be uploaded
+to the service. This limit is not officially published, but all files
+larger than this will fail.
 
-Properties:
+At the time of writing (Jan 2016) is in the area of 50 GiB per file.
+This means that larger files are likely to fail.
 
-- Config:      memory_pool_use_mmap
-- Env Var:     RCLONE_S3_MEMORY_POOL_USE_MMAP
-- Type:        bool
-- Default:     false
+Unfortunately there is no way for rclone to see that this failure is
+because of file size, so it will retry the operation, as any other
+failure. To avoid this problem, use `--max-size 50000M` option to limit
+the maximum size of uploaded files. Note that `--max-size` does not split
+files into segments, it only ignores files over this size.
 
-#### --s3-disable-http2
+`rclone about` is not supported by the Amazon Drive backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
 
-Disable usage of http2 for S3 backends.
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-There is currently an unsolved issue with the s3 (specifically minio) backend
-and HTTP/2.  HTTP/2 is enabled by default for the s3 backend but can be
-disabled here.  When the issue is solved this flag will be removed.
+#  Amazon S3 Storage Providers
 
-See: https://github.com/rclone/rclone/issues/4673, https://github.com/rclone/rclone/issues/3631
+The S3 backend can be used with a number of different providers:
 
 
+- AWS S3
+- Alibaba Cloud (Aliyun) Object Storage System (OSS)
+- Ceph
+- China Mobile Ecloud Elastic Object Storage (EOS)
+- Cloudflare R2
+- Arvan Cloud Object Storage (AOS)
+- DigitalOcean Spaces
+- Dreamhost
+- GCS
+- Huawei OBS
+- IBM COS S3
+- IDrive e2
+- IONOS Cloud
+- Leviia Object Storage
+- Liara Object Storage
+- Linode Object Storage
+- Minio
+- Petabox
+- Qiniu Cloud Object Storage (Kodo)
+- RackCorp Object Storage
+- Rclone Serve S3
+- Scaleway
+- Seagate Lyve Cloud
+- SeaweedFS
+- StackPath
+- Storj
+- Synology C2 Object Storage
+- Tencent Cloud Object Storage (COS)
+- Wasabi
 
-Properties:
 
-- Config:      disable_http2
-- Env Var:     RCLONE_S3_DISABLE_HTTP2
-- Type:        bool
-- Default:     false
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
 
-#### --s3-download-url
+Once you have made a remote (see the provider specific section above)
+you can use it like this:
 
-Custom endpoint for downloads.
-This is usually set to a CloudFront CDN URL as AWS S3 offers
-cheaper egress for data downloaded through the CloudFront network.
+See all buckets
 
-Properties:
+    rclone lsd remote:
 
-- Config:      download_url
-- Env Var:     RCLONE_S3_DOWNLOAD_URL
-- Type:        string
-- Required:    false
+Make a new bucket
 
-#### --s3-use-multipart-etag
+    rclone mkdir remote:bucket
 
-Whether to use ETag in multipart uploads for verification
+List the contents of a bucket
 
-This should be true, false or left unset to use the default for the provider.
+    rclone ls remote:bucket
 
+Sync `/home/local/directory` to the remote bucket, deleting any excess
+files in the bucket.
 
-Properties:
+    rclone sync --interactive /home/local/directory remote:bucket
 
-- Config:      use_multipart_etag
-- Env Var:     RCLONE_S3_USE_MULTIPART_ETAG
-- Type:        Tristate
-- Default:     unset
+## Configuration
 
-#### --s3-use-presigned-request
+Here is an example of making an s3 configuration for the AWS S3 provider.
+Most applies to the other providers as well, any differences are described [below](#providers).
 
-Whether to use a presigned request or PutObject for single part uploads
+First run
 
-If this is false rclone will use PutObject from the AWS SDK to upload
-an object.
+    rclone config
 
-Versions of rclone < 1.59 use presigned requests to upload a single
-part object and setting this flag to true will re-enable that
-functionality. This shouldn't be necessary except in exceptional
-circumstances or for testing.
+This will guide you through an interactive setup process.
 
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Ceph, ChinaMobile, ArvanCloud, Dreamhost, IBM COS, Liara, Minio, and Tencent COS
+   \ "s3"
+[snip]
+Storage> s3
+Choose your S3 provider.
+Choose a number from below, or type in your own value
+ 1 / Amazon Web Services (AWS) S3
+   \ "AWS"
+ 2 / Ceph Object Storage
+   \ "Ceph"
+ 3 / DigitalOcean Spaces
+   \ "DigitalOcean"
+ 4 / Dreamhost DreamObjects
+   \ "Dreamhost"
+ 5 / IBM COS S3
+   \ "IBMCOS"
+ 6 / Minio Object Storage
+   \ "Minio"
+ 7 / Wasabi Object Storage
+   \ "Wasabi"
+ 8 / Any other S3 compatible provider
+   \ "Other"
+provider> 1
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id> XXX
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key> YYY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint - a good choice if you are unsure.
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \ "us-east-1"
+   / US East (Ohio) Region
+ 2 | Needs location constraint us-east-2.
+   \ "us-east-2"
+   / US West (Oregon) Region
+ 3 | Needs location constraint us-west-2.
+   \ "us-west-2"
+   / US West (Northern California) Region
+ 4 | Needs location constraint us-west-1.
+   \ "us-west-1"
+   / Canada (Central) Region
+ 5 | Needs location constraint ca-central-1.
+   \ "ca-central-1"
+   / EU (Ireland) Region
+ 6 | Needs location constraint EU or eu-west-1.
+   \ "eu-west-1"
+   / EU (London) Region
+ 7 | Needs location constraint eu-west-2.
+   \ "eu-west-2"
+   / EU (Frankfurt) Region
+ 8 | Needs location constraint eu-central-1.
+   \ "eu-central-1"
+   / Asia Pacific (Singapore) Region
+ 9 | Needs location constraint ap-southeast-1.
+   \ "ap-southeast-1"
+   / Asia Pacific (Sydney) Region
+10 | Needs location constraint ap-southeast-2.
+   \ "ap-southeast-2"
+   / Asia Pacific (Tokyo) Region
+11 | Needs location constraint ap-northeast-1.
+   \ "ap-northeast-1"
+   / Asia Pacific (Seoul)
+12 | Needs location constraint ap-northeast-2.
+   \ "ap-northeast-2"
+   / Asia Pacific (Mumbai)
+13 | Needs location constraint ap-south-1.
+   \ "ap-south-1"
+   / Asia Pacific (Hong Kong) Region
+14 | Needs location constraint ap-east-1.
+   \ "ap-east-1"
+   / South America (Sao Paulo) Region
+15 | Needs location constraint sa-east-1.
+   \ "sa-east-1"
+region> 1
+Endpoint for S3 API.
+Leave blank if using AWS to use the default endpoint for the region.
+endpoint>
+Location constraint - must be set to match the Region. Used when creating buckets only.
+Choose a number from below, or type in your own value
+ 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
+   \ ""
+ 2 / US East (Ohio) Region.
+   \ "us-east-2"
+ 3 / US West (Oregon) Region.
+   \ "us-west-2"
+ 4 / US West (Northern California) Region.
+   \ "us-west-1"
+ 5 / Canada (Central) Region.
+   \ "ca-central-1"
+ 6 / EU (Ireland) Region.
+   \ "eu-west-1"
+ 7 / EU (London) Region.
+   \ "eu-west-2"
+ 8 / EU Region.
+   \ "EU"
+ 9 / Asia Pacific (Singapore) Region.
+   \ "ap-southeast-1"
+10 / Asia Pacific (Sydney) Region.
+   \ "ap-southeast-2"
+11 / Asia Pacific (Tokyo) Region.
+   \ "ap-northeast-1"
+12 / Asia Pacific (Seoul)
+   \ "ap-northeast-2"
+13 / Asia Pacific (Mumbai)
+   \ "ap-south-1"
+14 / Asia Pacific (Hong Kong)
+   \ "ap-east-1"
+15 / South America (Sao Paulo) Region.
+   \ "sa-east-1"
+location_constraint> 1
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ "private"
+ 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
+   \ "public-read"
+   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
+ 3 | Granting this on a bucket is generally not recommended.
+   \ "public-read-write"
+ 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
+   \ "authenticated-read"
+   / Object owner gets FULL_CONTROL. Bucket owner gets READ access.
+ 5 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ "bucket-owner-read"
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ "bucket-owner-full-control"
+acl> 1
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \ ""
+ 2 / AES256
+   \ "AES256"
+server_side_encryption> 1
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ ""
+ 2 / Standard storage class
+   \ "STANDARD"
+ 3 / Reduced redundancy storage class
+   \ "REDUCED_REDUNDANCY"
+ 4 / Standard Infrequent Access storage class
+   \ "STANDARD_IA"
+ 5 / One Zone Infrequent Access storage class
+   \ "ONEZONE_IA"
+ 6 / Glacier storage class
+   \ "GLACIER"
+ 7 / Glacier Deep Archive storage class
+   \ "DEEP_ARCHIVE"
+ 8 / Intelligent-Tiering storage class
+   \ "INTELLIGENT_TIERING"
+ 9 / Glacier Instant Retrieval storage class
+   \ "GLACIER_IR"
+storage_class> 1
+Remote config
+--------------------
+[remote]
+type = s3
+provider = AWS
+env_auth = false
+access_key_id = XXX
+secret_access_key = YYY
+region = us-east-1
+endpoint =
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d>
+```
 
-Properties:
+### Modification times and hashes
 
-- Config:      use_presigned_request
-- Env Var:     RCLONE_S3_USE_PRESIGNED_REQUEST
-- Type:        bool
-- Default:     false
+#### Modification times
 
-#### --s3-versions
+The modified time is stored as metadata on the object as
+`X-Amz-Meta-Mtime` as floating point since the epoch, accurate to 1 ns.
 
-Include old versions in directory listings.
+If the modification time needs to be updated rclone will attempt to perform a server
+side copy to update the modification if the object can be copied in a single part.
+In the case the object is larger than 5Gb or is in Glacier or Glacier Deep Archive
+storage the object will be uploaded rather than copied.
 
-Properties:
+Note that reading this from the object takes an additional `HEAD`
+request as the metadata isn't returned in object listings.
 
-- Config:      versions
-- Env Var:     RCLONE_S3_VERSIONS
-- Type:        bool
-- Default:     false
+#### Hashes
 
-#### --s3-version-at
+For small objects which weren't uploaded as multipart uploads (objects
+sized below `--s3-upload-cutoff` if uploaded with rclone) rclone uses
+the `ETag:` header as an MD5 checksum.
 
-Show file versions as they were at the specified time.
+However for objects which were uploaded as multipart uploads or with
+server side encryption (SSE-AWS or SSE-C) the `ETag` header is no
+longer the MD5 sum of the data, so rclone adds an additional piece of
+metadata `X-Amz-Meta-Md5chksum` which is a base64 encoded MD5 hash (in
+the same format as is required for `Content-MD5`).  You can use base64 -d and hexdump to check this value manually:
 
-The parameter should be a date, "2006-01-02", datetime "2006-01-02
-15:04:05" or a duration for that long ago, eg "100d" or "1h".
+    echo 'VWTGdNx3LyXQDfA0e2Edxw==' | base64 -d | hexdump
 
-Note that when using this no file write operations are permitted,
-so you can't upload files or delete them.
+or you can use `rclone check` to verify the hashes are OK.
 
-See [the time option docs](https://rclone.org/docs/#time-option) for valid formats.
+For large objects, calculating this hash can take some time so the
+addition of this hash can be disabled with `--s3-disable-checksum`.
+This will mean that these objects do not have an MD5 checksum.
 
+Note that reading this from the object takes an additional `HEAD`
+request as the metadata isn't returned in object listings.
 
-Properties:
+### Reducing costs
 
-- Config:      version_at
-- Env Var:     RCLONE_S3_VERSION_AT
-- Type:        Time
-- Default:     off
+#### Avoiding HEAD requests to read the modification time
 
-#### --s3-decompress
+By default, rclone will use the modification time of objects stored in
+S3 for syncing.  This is stored in object metadata which unfortunately
+takes an extra HEAD request to read which can be expensive (in time
+and money).
 
-If set this will decompress gzip encoded objects.
+The modification time is used by default for all operations that
+require checking the time a file was last updated. It allows rclone to
+treat the remote more like a true filesystem, but it is inefficient on
+S3 because it requires an extra API call to retrieve the metadata.
 
-It is possible to upload objects to S3 with "Content-Encoding: gzip"
-set. Normally rclone will download these files as compressed objects.
+The extra API calls can be avoided when syncing (using `rclone sync`
+or `rclone copy`) in a few different ways, each with its own
+tradeoffs.
 
-If this flag is set then rclone will decompress these files with
-"Content-Encoding: gzip" as they are received. This means that rclone
-can't check the size and hash but the file contents will be decompressed.
+- `--size-only`
+    - Only checks the size of files.
+    - Uses no extra transactions.
+    - If the file doesn't change size then rclone won't detect it has
+      changed.
+    - `rclone sync --size-only /path/to/source s3:bucket`
+- `--checksum`
+    - Checks the size and MD5 checksum of files.
+    - Uses no extra transactions.
+    - The most accurate detection of changes possible.
+    - Will cause the source to read an MD5 checksum which, if it is a
+      local disk, will cause lots of disk activity.
+    - If the source and destination are both S3 this is the
+      **recommended** flag to use for maximum efficiency.
+    - `rclone sync --checksum /path/to/source s3:bucket`
+- `--update --use-server-modtime`
+    - Uses no extra transactions.
+    - Modification time becomes the time the object was uploaded.
+    - For many operations this is sufficient to determine if it needs
+      uploading.
+    - Using `--update` along with `--use-server-modtime`, avoids the
+      extra API call and uploads files whose local modification time
+      is newer than the time it was last uploaded.
+    - Files created with timestamps in the past will be missed by the sync.
+    - `rclone sync --update --use-server-modtime /path/to/source s3:bucket`
 
+These flags can and should be used in combination with `--fast-list` -
+see below.
 
-Properties:
+If using `rclone mount` or any command using the VFS (eg `rclone
+serve`) commands then you might want to consider using the VFS flag
+`--no-modtime` which will stop rclone reading the modification time
+for every object. You could also use `--use-server-modtime` if you are
+happy with the modification times of the objects being the time of
+upload.
 
-- Config:      decompress
-- Env Var:     RCLONE_S3_DECOMPRESS
-- Type:        bool
-- Default:     false
+#### Avoiding GET requests to read directory listings
 
-#### --s3-might-gzip
+Rclone's default directory traversal is to process each directory
+individually.  This takes one API call per directory.  Using the
+`--fast-list` flag will read all info about the objects into
+memory first using a smaller number of API calls (one per 1000
+objects). See the [rclone docs](https://rclone.org/docs/#fast-list) for more details.
 
-Set this if the backend might gzip objects.
+    rclone sync --fast-list --checksum /path/to/source s3:bucket
 
-Normally providers will not alter objects when they are downloaded. If
-an object was not uploaded with `Content-Encoding: gzip` then it won't
-be set on download.
+`--fast-list` trades off API transactions for memory use. As a rough
+guide rclone uses 1k of memory per object stored, so using
+`--fast-list` on a sync of a million objects will use roughly 1 GiB of
+RAM.
 
-However some providers may gzip objects even if they weren't uploaded
-with `Content-Encoding: gzip` (eg Cloudflare).
+If you are only copying a small number of files into a big repository
+then using `--no-traverse` is a good idea. This finds objects directly
+instead of through directory listings. You can do a "top-up" sync very
+cheaply by using `--max-age` and `--no-traverse` to copy only recent
+files, eg
 
-A symptom of this would be receiving errors like
+    rclone copy --max-age 24h --no-traverse /path/to/source s3:bucket
 
-    ERROR corrupted on transfer: sizes differ NNN vs MMM
+You'd then do a full `rclone sync` less often.
 
-If you set this flag and rclone downloads an object with
-Content-Encoding: gzip set and chunked transfer encoding, then rclone
-will decompress the object on the fly.
+Note that `--fast-list` isn't required in the top-up sync.
 
-If this is set to unset (the default) then rclone will choose
-according to the provider setting what to apply, but you can override
-rclone's choice here.
+#### Avoiding HEAD requests after PUT
 
+By default, rclone will HEAD every object it uploads. It does this to
+check the object got uploaded correctly.
 
-Properties:
+You can disable this with the [--s3-no-head](#s3-no-head) option - see
+there for more details.
 
-- Config:      might_gzip
-- Env Var:     RCLONE_S3_MIGHT_GZIP
-- Type:        Tristate
-- Default:     unset
+Setting this flag increases the chance for undetected upload failures.
 
-#### --s3-no-system-metadata
+### Versions
 
-Suppress setting and reading of system metadata
+When bucket versioning is enabled (this can be done with rclone with
+the [`rclone backend versioning`](#versioning) command) when rclone
+uploads a new version of a file it creates a
+[new version of it](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html)
+Likewise when you delete a file, the old version will be marked hidden
+and still be available.
 
-Properties:
+Old versions of files, where available, are visible using the
+[`--s3-versions`](#s3-versions) flag.
 
-- Config:      no_system_metadata
-- Env Var:     RCLONE_S3_NO_SYSTEM_METADATA
-- Type:        bool
-- Default:     false
+It is also possible to view a bucket as it was at a certain point in
+time, using the [`--s3-version-at`](#s3-version-at) flag. This will
+show the file versions as they were at that time, showing files that
+have been deleted afterwards, and hiding files that were created
+since.
 
-#### --s3-sts-endpoint
+If you wish to remove all the old versions then you can use the
+[`rclone backend cleanup-hidden remote:bucket`](#cleanup-hidden)
+command which will delete all the old hidden versions of files,
+leaving the current ones intact. You can also supply a path and only
+old versions under that path will be deleted, e.g.
+`rclone backend cleanup-hidden remote:bucket/path/to/stuff`.
 
-Endpoint for STS.
+When you `purge` a bucket, the current and the old versions will be
+deleted then the bucket will be deleted.
 
-Leave blank if using AWS to use the default endpoint for the region.
+However `delete` will cause the current versions of the files to
+become hidden old versions.
 
-Properties:
+Here is a session showing the listing and retrieval of an old
+version followed by a `cleanup` of the old versions.
 
-- Config:      sts_endpoint
-- Env Var:     RCLONE_S3_STS_ENDPOINT
-- Provider:    AWS
-- Type:        string
-- Required:    false
+Show current version and all the versions with `--s3-versions` flag.
 
-### Metadata
+```
+$ rclone -q ls s3:cleanup-test
+        9 one.txt
 
-User metadata is stored as x-amz-meta- keys. S3 metadata keys are case insensitive and are always returned in lower case.
+$ rclone -q --s3-versions ls s3:cleanup-test
+        9 one.txt
+        8 one-v2016-07-04-141032-000.txt
+       16 one-v2016-07-04-141003-000.txt
+       15 one-v2016-07-02-155621-000.txt
+```
 
-Here are the possible system metadata items for the s3 backend.
+Retrieve an old version
 
-| Name | Help | Type | Example | Read Only |
-|------|------|------|---------|-----------|
-| btime | Time of file birth (creation) read from Last-Modified header | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
-| cache-control | Cache-Control header | string | no-cache | N |
-| content-disposition | Content-Disposition header | string | inline | N |
-| content-encoding | Content-Encoding header | string | gzip | N |
-| content-language | Content-Language header | string | en-US | N |
-| content-type | Content-Type header | string | text/plain | N |
-| mtime | Time of last modification, read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
-| tier | Tier of the object | string | GLACIER | **Y** |
+```
+$ rclone -q --s3-versions copy s3:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
 
-See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+$ ls -l /tmp/one-v2016-07-04-141003-000.txt
+-rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
+```
 
-## Backend commands
+Clean up all the old versions and show that they've gone.
 
-Here are the commands specific to the s3 backend.
+```
+$ rclone -q backend cleanup-hidden s3:cleanup-test
 
-Run them with
+$ rclone -q ls s3:cleanup-test
+        9 one.txt
 
-    rclone backend COMMAND remote:
+$ rclone -q --s3-versions ls s3:cleanup-test
+        9 one.txt
+```
 
-The help below will explain what arguments each command takes.
+#### Versions naming caveat
 
-See the [backend](https://rclone.org/commands/rclone_backend/) command for more
-info on how to pass options and arguments.
+When using `--s3-versions` flag rclone is relying on the file name
+to work out whether the objects are versions or not. Versions' names
+are created by inserting timestamp between file name and its extension.
+```
+        9 file.txt
+        8 file-v2023-07-17-161032-000.txt
+       16 file-v2023-06-15-141003-000.txt
+```
+If there are real files present with the same names as versions, then
+behaviour of `--s3-versions` can be unpredictable.
 
-These can be run on a running backend using the rc command
-[backend/command](https://rclone.org/rc/#backend-command).
+### Cleanup
 
-### restore
+If you run `rclone cleanup s3:bucket` then it will remove all pending
+multipart uploads older than 24 hours. You can use the `--interactive`/`i`
+or `--dry-run` flag to see exactly what it will do. If you want more control over the
+expiry date then run `rclone backend cleanup s3:bucket -o max-age=1h`
+to expire all uploads older than one hour. You can use `rclone backend
+list-multipart-uploads s3:bucket` to see the pending multipart
+uploads.
 
-Restore objects from GLACIER to normal storage
+### Restricted filename characters
 
-    rclone backend restore remote: [options] [<arguments>+]
+S3 allows any valid UTF-8 string as a key.
 
-This command can be used to restore one or more objects from GLACIER
-to normal storage.
+Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), as
+they can't be used in XML.
 
-Usage Examples:
+The following characters are replaced since these are problematic when
+dealing with the REST API:
 
-    rclone backend restore s3:bucket/path/to/object [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket/path/to/directory [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket [-o priority=PRIORITY] [-o lifetime=DAYS]
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／           |
 
-This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags
+The encoding will also encode these file names as they don't seem to
+work with the SDK properly:
 
-    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+| File name | Replacement |
+| --------- |:-----------:|
+| .         | ．          |
+| ..        | ．．         |
 
-All the objects shown will be marked for restore, then
+### Multipart uploads
 
-    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+rclone supports multipart uploads with S3 which means that it can
+upload files bigger than 5 GiB.
 
-It returns a list of status dictionaries with Remote and Status
-keys. The Status will be OK if it was successful or an error message
-if not.
+Note that files uploaded *both* with multipart upload *and* through
+crypt remotes do not have MD5 sums.
 
-    [
-        {
-            "Status": "OK",
-            "Path": "test.txt"
-        },
-        {
-            "Status": "OK",
-            "Path": "test/file4.txt"
-        }
-    ]
+rclone switches from single part uploads to multipart uploads at the
+point specified by `--s3-upload-cutoff`.  This can be a maximum of 5 GiB
+and a minimum of 0 (ie always upload multipart files).
 
+The chunk sizes used in the multipart upload are specified by
+`--s3-chunk-size` and the number of chunks uploaded concurrently is
+specified by `--s3-upload-concurrency`.
 
+Multipart uploads will use `--transfers` * `--s3-upload-concurrency` *
+`--s3-chunk-size` extra memory.  Single part uploads to not use extra
+memory.
 
-Options:
+Single part transfers can be faster than multipart transfers or slower
+depending on your latency from S3 - the more latency, the more likely
+single part transfers will be faster.
 
-- "description": The optional description for the job.
-- "lifetime": Lifetime of the active copy in days
-- "priority": Priority of restore: Standard|Expedited|Bulk
+Increasing `--s3-upload-concurrency` will increase throughput (8 would
+be a sensible value) and increasing `--s3-chunk-size` also increases
+throughput (16M would be sensible).  Increasing either of these will
+use more memory.  The default values are high enough to gain most of
+the possible performance without using too much memory.
 
-### list-multipart-uploads
 
-List the unfinished multipart uploads
+### Buckets and Regions
 
-    rclone backend list-multipart-uploads remote: [options] [<arguments>+]
+With Amazon S3 you can list buckets (`rclone lsd`) using any region,
+but you can only access the content of a bucket from the region it was
+created in.  If you attempt to access a bucket from the wrong region,
+you will get an error, `incorrect region, the bucket is not in 'XXX'
+region`.
 
-This command lists the unfinished multipart uploads in JSON format.
+### Authentication
 
-    rclone backend list-multipart s3:bucket/path/to/object
+There are a number of ways to supply `rclone` with a set of AWS
+credentials, with and without using the environment.
 
-It returns a dictionary of buckets with values as lists of unfinished
-multipart uploads.
+The different authentication methods are tried in this order:
 
-You can call it with no bucket in which case it lists all bucket, with
-a bucket or with a bucket and path.
+ - Directly in the rclone configuration file (`env_auth = false` in the config file):
+   - `access_key_id` and `secret_access_key` are required.
+   - `session_token` can be optionally set when using AWS STS.
+ - Runtime configuration (`env_auth = true` in the config file):
+   - Export the following environment variables before running `rclone`:
+     - Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`
+     - Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
+     - Session Token: `AWS_SESSION_TOKEN` (optional)
+   - Or, use a [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html):
+     - Profile files are standard files used by AWS CLI tools
+     - By default it will use the profile in your home directory (e.g. `~/.aws/credentials` on unix based systems) file and the "default" profile, to change set these environment variables:
+         - `AWS_SHARED_CREDENTIALS_FILE` to control which file.
+         - `AWS_PROFILE` to control which profile to use.
+   - Or, run `rclone` in an ECS task with an IAM role (AWS only).
+   - Or, run `rclone` on an EC2 instance with an IAM role (AWS only).
+   - Or, run `rclone` in an EKS pod with an IAM role that is associated with a service account (AWS only).
 
-    {
-      "rclone": [
-        {
-          "Initiated": "2020-06-26T14:20:36Z",
-          "Initiator": {
-            "DisplayName": "XXX",
-            "ID": "arn:aws:iam::XXX:user/XXX"
-          },
-          "Key": "KEY",
-          "Owner": {
-            "DisplayName": null,
-            "ID": "XXX"
-          },
-          "StorageClass": "STANDARD",
-          "UploadId": "XXX"
-        }
-      ],
-      "rclone-1000files": [],
-      "rclone-dst": []
-    }
+If none of these option actually end up providing `rclone` with AWS
+credentials then S3 interaction will be non-authenticated (see below).
 
+### S3 Permissions
 
+When using the `sync` subcommand of `rclone` the following minimum
+permissions are required to be available on the bucket being written to:
 
-### cleanup
+* `ListBucket`
+* `DeleteObject`
+* `GetObject`
+* `PutObject`
+* `PutObjectACL`
 
-Remove unfinished multipart uploads.
+When using the `lsd` subcommand, the `ListAllMyBuckets` permission is required.
 
-    rclone backend cleanup remote: [options] [<arguments>+]
+Example policy:
 
-This command removes unfinished multipart uploads of age greater than
-max-age which defaults to 24 hours.
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::USER_SID:user/USER_NAME"
+            },
+            "Action": [
+                "s3:ListBucket",
+                "s3:DeleteObject",
+                "s3:GetObject",
+                "s3:PutObject",
+                "s3:PutObjectAcl"
+            ],
+            "Resource": [
+              "arn:aws:s3:::BUCKET_NAME/*",
+              "arn:aws:s3:::BUCKET_NAME"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": "s3:ListAllMyBuckets",
+            "Resource": "arn:aws:s3:::*"
+        }
+    ]
+}
+```
 
-Note that you can use --interactive/-i or --dry-run with this command to see what
-it would do.
+Notes on above:
 
-    rclone backend cleanup s3:bucket/path/to/object
-    rclone backend cleanup -o max-age=7w s3:bucket/path/to/object
+1. This is a policy that can be used when creating bucket. It assumes
+   that `USER_NAME` has been created.
+2. The Resource entry must include both resource ARNs, as one implies
+   the bucket and the other implies the bucket's objects.
 
-Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
+For reference, [here's an Ansible script](https://gist.github.com/ebridges/ebfc9042dd7c756cd101cfa807b7ae2b)
+that will generate one or more buckets that will work with `rclone sync`.
 
+### Key Management System (KMS)
 
-Options:
+If you are using server-side encryption with KMS then you must make
+sure rclone is configured with `server_side_encryption = aws:kms`
+otherwise you will find you can't transfer small objects - these will
+create checksum errors.
 
-- "max-age": Max age of upload to delete
+### Glacier and Glacier Deep Archive
 
-### cleanup-hidden
+You can upload objects using the glacier storage class or transition them to glacier using a [lifecycle policy](http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html).
+The bucket can still be synced or copied into normally, but if rclone
+tries to access data from the glacier storage class you will see an error like below.
 
-Remove old versions of files.
+    2017/09/11 19:07:43 Failed to sync: failed to open source object: Object in GLACIER, restore first: path/to/file
 
-    rclone backend cleanup-hidden remote: [options] [<arguments>+]
+In this case you need to [restore](http://docs.aws.amazon.com/AmazonS3/latest/user-guide/restore-archived-objects.html)
+the object(s) in question before using rclone.
 
-This command removes any old hidden versions of files
-on a versions enabled bucket.
+Note that rclone only speaks the S3 API it does not speak the Glacier
+Vault API, so rclone cannot directly access Glacier Vaults.
 
-Note that you can use --interactive/-i or --dry-run with this command to see what
-it would do.
+### Object-lock enabled S3 bucket
 
-    rclone backend cleanup-hidden s3:bucket/path/to/dir
+According to AWS's [documentation on S3 Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-permission):
 
+> If you configure a default retention period on a bucket, requests to upload objects in such a bucket must include the Content-MD5 header.
 
-### versioning
+As mentioned in the [Modification times and hashes](#modification-times-and-hashes) section,
+small files that are not uploaded as multipart, use a different tag, causing the upload to fail.
+A simple solution is to set the `--s3-upload-cutoff 0` and force all the files to be uploaded as multipart.
 
-Set/get versioning support for a bucket.
 
-    rclone backend versioning remote: [options] [<arguments>+]
+### Standard options
 
-This command sets versioning support if a parameter is
-passed and then returns the current versioning status for the bucket
-supplied.
+Here are the Standard options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others).
 
-    rclone backend versioning s3:bucket # read status only
-    rclone backend versioning s3:bucket Enabled
-    rclone backend versioning s3:bucket Suspended
+#### --s3-provider
 
-It may return "Enabled", "Suspended" or "Unversioned". Note that once versioning
-has been enabled the status can't be set back to "Unversioned".
+Choose your S3 provider.
 
+Properties:
 
+- Config:      provider
+- Env Var:     RCLONE_S3_PROVIDER
+- Type:        string
+- Required:    false
+- Examples:
+    - "AWS"
+        - Amazon Web Services (AWS) S3
+    - "Alibaba"
+        - Alibaba Cloud Object Storage System (OSS) formerly Aliyun
+    - "ArvanCloud"
+        - Arvan Cloud Object Storage (AOS)
+    - "Ceph"
+        - Ceph Object Storage
+    - "ChinaMobile"
+        - China Mobile Ecloud Elastic Object Storage (EOS)
+    - "Cloudflare"
+        - Cloudflare R2 Storage
+    - "DigitalOcean"
+        - DigitalOcean Spaces
+    - "Dreamhost"
+        - Dreamhost DreamObjects
+    - "GCS"
+        - Google Cloud Storage
+    - "HuaweiOBS"
+        - Huawei Object Storage Service
+    - "IBMCOS"
+        - IBM COS S3
+    - "IDrive"
+        - IDrive e2
+    - "IONOS"
+        - IONOS Cloud
+    - "LyveCloud"
+        - Seagate Lyve Cloud
+    - "Leviia"
+        - Leviia Object Storage
+    - "Liara"
+        - Liara Object Storage
+    - "Linode"
+        - Linode Object Storage
+    - "Minio"
+        - Minio Object Storage
+    - "Netease"
+        - Netease Object Storage (NOS)
+    - "Petabox"
+        - Petabox Object Storage
+    - "RackCorp"
+        - RackCorp Object Storage
+    - "Rclone"
+        - Rclone S3 Server
+    - "Scaleway"
+        - Scaleway Object Storage
+    - "SeaweedFS"
+        - SeaweedFS S3
+    - "StackPath"
+        - StackPath Object Storage
+    - "Storj"
+        - Storj (S3 Compatible Gateway)
+    - "Synology"
+        - Synology C2 Object Storage
+    - "TencentCOS"
+        - Tencent Cloud Object Storage (COS)
+    - "Wasabi"
+        - Wasabi Object Storage
+    - "Qiniu"
+        - Qiniu Object Storage (Kodo)
+    - "Other"
+        - Any other S3 compatible provider
 
+#### --s3-env-auth
 
-### Anonymous access to public buckets
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
 
-If you want to use rclone to access a public bucket, configure with a
-blank `access_key_id` and `secret_access_key`.  Your config should end
-up looking like this:
+Only applies if access_key_id and secret_access_key is blank.
 
-```
-[anons3]
-type = s3
-provider = AWS
-env_auth = false
-access_key_id =
-secret_access_key =
-region = us-east-1
-endpoint =
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =
-```
+Properties:
 
-Then use it as normal with the name of the public bucket, e.g.
+- Config:      env_auth
+- Env Var:     RCLONE_S3_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - "false"
+        - Enter AWS credentials in the next step.
+    - "true"
+        - Get AWS credentials from the environment (env vars or IAM).
 
-    rclone lsd anons3:1000genomes
+#### --s3-access-key-id
 
-You will be able to list and copy data but not upload it.
+AWS Access Key ID.
 
-## Providers
+Leave blank for anonymous access or runtime credentials.
 
-### AWS S3
+Properties:
 
-This is the provider used as main example and described in the [configuration](#configuration) section above.
+- Config:      access_key_id
+- Env Var:     RCLONE_S3_ACCESS_KEY_ID
+- Type:        string
+- Required:    false
 
-### AWS Snowball Edge
+#### --s3-secret-access-key
 
-[AWS Snowball](https://aws.amazon.com/snowball/) is a hardware
-appliance used for transferring bulk data back to AWS. Its main
-software interface is S3 object storage.
+AWS Secret Access Key (password).
 
-To use rclone with AWS Snowball Edge devices, configure as standard
-for an 'S3 Compatible Service'.
+Leave blank for anonymous access or runtime credentials.
 
-If using rclone pre v1.59 be sure to set `upload_cutoff = 0` otherwise
-you will run into authentication header issues as the snowball device
-does not support query parameter based authentication.
+Properties:
 
-With rclone v1.59 or later setting `upload_cutoff` should not be necessary.
+- Config:      secret_access_key
+- Env Var:     RCLONE_S3_SECRET_ACCESS_KEY
+- Type:        string
+- Required:    false
 
-eg.
-```
-[snowball]
-type = s3
-provider = Other
-access_key_id = YOUR_ACCESS_KEY
-secret_access_key = YOUR_SECRET_KEY
-endpoint = http://[IP of Snowball]:8080
-upload_cutoff = 0
-```
+#### --s3-region
 
-### Ceph
+Region to connect to.
 
-[Ceph](https://ceph.com/) is an open-source, unified, distributed
-storage system designed for excellent performance, reliability and
-scalability.  It has an S3 compatible object storage interface.
+Properties:
 
-To use rclone with Ceph, configure as above but leave the region blank
-and set the endpoint.  You should end up with something like this in
-your config:
+- Config:      region
+- Env Var:     RCLONE_S3_REGION
+- Provider:    AWS
+- Type:        string
+- Required:    false
+- Examples:
+    - "us-east-1"
+        - The default endpoint - a good choice if you are unsure.
+        - US Region, Northern Virginia, or Pacific Northwest.
+        - Leave location constraint empty.
+    - "us-east-2"
+        - US East (Ohio) Region.
+        - Needs location constraint us-east-2.
+    - "us-west-1"
+        - US West (Northern California) Region.
+        - Needs location constraint us-west-1.
+    - "us-west-2"
+        - US West (Oregon) Region.
+        - Needs location constraint us-west-2.
+    - "ca-central-1"
+        - Canada (Central) Region.
+        - Needs location constraint ca-central-1.
+    - "eu-west-1"
+        - EU (Ireland) Region.
+        - Needs location constraint EU or eu-west-1.
+    - "eu-west-2"
+        - EU (London) Region.
+        - Needs location constraint eu-west-2.
+    - "eu-west-3"
+        - EU (Paris) Region.
+        - Needs location constraint eu-west-3.
+    - "eu-north-1"
+        - EU (Stockholm) Region.
+        - Needs location constraint eu-north-1.
+    - "eu-south-1"
+        - EU (Milan) Region.
+        - Needs location constraint eu-south-1.
+    - "eu-central-1"
+        - EU (Frankfurt) Region.
+        - Needs location constraint eu-central-1.
+    - "ap-southeast-1"
+        - Asia Pacific (Singapore) Region.
+        - Needs location constraint ap-southeast-1.
+    - "ap-southeast-2"
+        - Asia Pacific (Sydney) Region.
+        - Needs location constraint ap-southeast-2.
+    - "ap-northeast-1"
+        - Asia Pacific (Tokyo) Region.
+        - Needs location constraint ap-northeast-1.
+    - "ap-northeast-2"
+        - Asia Pacific (Seoul).
+        - Needs location constraint ap-northeast-2.
+    - "ap-northeast-3"
+        - Asia Pacific (Osaka-Local).
+        - Needs location constraint ap-northeast-3.
+    - "ap-south-1"
+        - Asia Pacific (Mumbai).
+        - Needs location constraint ap-south-1.
+    - "ap-east-1"
+        - Asia Pacific (Hong Kong) Region.
+        - Needs location constraint ap-east-1.
+    - "sa-east-1"
+        - South America (Sao Paulo) Region.
+        - Needs location constraint sa-east-1.
+    - "me-south-1"
+        - Middle East (Bahrain) Region.
+        - Needs location constraint me-south-1.
+    - "af-south-1"
+        - Africa (Cape Town) Region.
+        - Needs location constraint af-south-1.
+    - "cn-north-1"
+        - China (Beijing) Region.
+        - Needs location constraint cn-north-1.
+    - "cn-northwest-1"
+        - China (Ningxia) Region.
+        - Needs location constraint cn-northwest-1.
+    - "us-gov-east-1"
+        - AWS GovCloud (US-East) Region.
+        - Needs location constraint us-gov-east-1.
+    - "us-gov-west-1"
+        - AWS GovCloud (US) Region.
+        - Needs location constraint us-gov-west-1.
 
+#### --s3-endpoint
 
-```
-[ceph]
-type = s3
-provider = Ceph
-env_auth = false
-access_key_id = XXX
-secret_access_key = YYY
-region =
-endpoint = https://ceph.endpoint.example.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
-```
+Endpoint for S3 API.
 
-If you are using an older version of CEPH (e.g. 10.2.x Jewel) and a
-version of rclone before v1.59 then you may need to supply the
-parameter `--s3-upload-cutoff 0` or put this in the config file as
-`upload_cutoff 0` to work around a bug which causes uploading of small
-files to fail.
+Leave blank if using AWS to use the default endpoint for the region.
 
-Note also that Ceph sometimes puts `/` in the passwords it gives
-users.  If you read the secret access key using the command line tools
-you will get a JSON blob with the `/` escaped as `\/`.  Make sure you
-only write `/` in the secret access key.
+Properties:
 
-Eg the dump from Ceph looks something like this (irrelevant keys
-removed).
+- Config:      endpoint
+- Env Var:     RCLONE_S3_ENDPOINT
+- Provider:    AWS
+- Type:        string
+- Required:    false
 
-```
-{
-    "user_id": "xxx",
-    "display_name": "xxxx",
-    "keys": [
-        {
-            "user": "xxx",
-            "access_key": "xxxxxx",
-            "secret_key": "xxxxxx\/xxxx"
-        }
-    ],
-}
-```
+#### --s3-location-constraint
 
-Because this is a json dump, it is encoding the `/` as `\/`, so if you
-use the secret key as `xxxxxx/xxxx`  it will work fine.
+Location constraint - must be set to match the Region.
 
-### Cloudflare R2 {#cloudflare-r2}
+Used when creating buckets only.
 
-[Cloudflare R2](https://blog.cloudflare.com/r2-open-beta/) Storage
-allows developers to store large amounts of unstructured data without
-the costly egress bandwidth fees associated with typical cloud storage
-services.
+Properties:
 
-Here is an example of making a Cloudflare R2 configuration. First run:
+- Config:      location_constraint
+- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
+- Provider:    AWS
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - Empty for US Region, Northern Virginia, or Pacific Northwest
+    - "us-east-2"
+        - US East (Ohio) Region
+    - "us-west-1"
+        - US West (Northern California) Region
+    - "us-west-2"
+        - US West (Oregon) Region
+    - "ca-central-1"
+        - Canada (Central) Region
+    - "eu-west-1"
+        - EU (Ireland) Region
+    - "eu-west-2"
+        - EU (London) Region
+    - "eu-west-3"
+        - EU (Paris) Region
+    - "eu-north-1"
+        - EU (Stockholm) Region
+    - "eu-south-1"
+        - EU (Milan) Region
+    - "EU"
+        - EU Region
+    - "ap-southeast-1"
+        - Asia Pacific (Singapore) Region
+    - "ap-southeast-2"
+        - Asia Pacific (Sydney) Region
+    - "ap-northeast-1"
+        - Asia Pacific (Tokyo) Region
+    - "ap-northeast-2"
+        - Asia Pacific (Seoul) Region
+    - "ap-northeast-3"
+        - Asia Pacific (Osaka-Local) Region
+    - "ap-south-1"
+        - Asia Pacific (Mumbai) Region
+    - "ap-east-1"
+        - Asia Pacific (Hong Kong) Region
+    - "sa-east-1"
+        - South America (Sao Paulo) Region
+    - "me-south-1"
+        - Middle East (Bahrain) Region
+    - "af-south-1"
+        - Africa (Cape Town) Region
+    - "cn-north-1"
+        - China (Beijing) Region
+    - "cn-northwest-1"
+        - China (Ningxia) Region
+    - "us-gov-east-1"
+        - AWS GovCloud (US-East) Region
+    - "us-gov-west-1"
+        - AWS GovCloud (US) Region
 
-    rclone config
+#### --s3-acl
 
-This will guide you through an interactive setup process.
+Canned ACL used when creating buckets and storing or copying objects.
 
-Note that all buckets are private, and all are stored in the same
-"auto" region. It is necessary to use Cloudflare workers to share the
-content of a bucket publicly.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> r2
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-...
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-...
-Storage> s3
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-...
-XX / Cloudflare R2 Storage
-   \ (Cloudflare)
-...
-provider> Cloudflare
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth> 1
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id> ACCESS_KEY
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key> SECRET_ACCESS_KEY
-Option region.
-Region to connect to.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / R2 buckets are automatically distributed across Cloudflare's data centers for low latency.
-   \ (auto)
-region> 1
-Option endpoint.
-Endpoint for S3 API.
-Required when using an S3 clone.
-Enter a value. Press Enter to leave empty.
-endpoint> https://ACCOUNT_ID.r2.cloudflarestorage.com
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
 
-This will leave your config looking something like:
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
 
-```
-[r2]
-type = s3
-provider = Cloudflare
-access_key_id = ACCESS_KEY
-secret_access_key = SECRET_ACCESS_KEY
-region = auto
-endpoint = https://ACCOUNT_ID.r2.cloudflarestorage.com
-acl = private
-```
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
 
-Now run `rclone lsf r2:` to see your buckets and `rclone lsf
-r2:bucket` to look within a bucket.
 
-### Dreamhost
+Properties:
 
-Dreamhost [DreamObjects](https://www.dreamhost.com/cloud/storage/) is
-an object storage system based on CEPH.
+- Config:      acl
+- Env Var:     RCLONE_S3_ACL
+- Provider:    !Storj,Synology,Cloudflare
+- Type:        string
+- Required:    false
+- Examples:
+    - "default"
+        - Owner gets Full_CONTROL.
+        - No one else has access rights (default).
+    - "private"
+        - Owner gets FULL_CONTROL.
+        - No one else has access rights (default).
+    - "public-read"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ access.
+    - "public-read-write"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ and WRITE access.
+        - Granting this on a bucket is generally not recommended.
+    - "authenticated-read"
+        - Owner gets FULL_CONTROL.
+        - The AuthenticatedUsers group gets READ access.
+    - "bucket-owner-read"
+        - Object owner gets FULL_CONTROL.
+        - Bucket owner gets READ access.
+        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+    - "bucket-owner-full-control"
+        - Both the object owner and the bucket owner get FULL_CONTROL over the object.
+        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+    - "private"
+        - Owner gets FULL_CONTROL.
+        - No one else has access rights (default).
+        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS.
+    - "public-read"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ access.
+        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS.
+    - "public-read-write"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ and WRITE access.
+        - This acl is available on IBM Cloud (Infra), On-Premise IBM COS.
+    - "authenticated-read"
+        - Owner gets FULL_CONTROL.
+        - The AuthenticatedUsers group gets READ access.
+        - Not supported on Buckets.
+        - This acl is available on IBM Cloud (Infra) and On-Premise IBM COS.
 
-To use rclone with Dreamhost, configure as above but leave the region blank
-and set the endpoint.  You should end up with something like this in
-your config:
+#### --s3-server-side-encryption
 
-```
-[dreamobjects]
-type = s3
-provider = DreamHost
-env_auth = false
-access_key_id = your_access_key
-secret_access_key = your_secret_key
-region =
-endpoint = objects-us-west-1.dream.io
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =
-```
+The server-side encryption algorithm used when storing this object in S3.
 
-### DigitalOcean Spaces
+Properties:
 
-[Spaces](https://www.digitalocean.com/products/object-storage/) is an [S3-interoperable](https://developers.digitalocean.com/documentation/spaces/) object storage service from cloud provider DigitalOcean.
+- Config:      server_side_encryption
+- Env Var:     RCLONE_S3_SERVER_SIDE_ENCRYPTION
+- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - None
+    - "AES256"
+        - AES256
+    - "aws:kms"
+        - aws:kms
 
-To connect to DigitalOcean Spaces you will need an access key and secret key. These can be retrieved on the "[Applications & API](https://cloud.digitalocean.com/settings/api/tokens)" page of the DigitalOcean control panel. They will be needed when prompted by `rclone config` for your `access_key_id` and `secret_access_key`.
+#### --s3-sse-kms-key-id
 
-When prompted for a `region` or `location_constraint`, press enter to use the default value. The region must be included in the `endpoint` setting (e.g. `nyc3.digitaloceanspaces.com`). The default values can be used for other settings.
+If using KMS ID you must provide the ARN of Key.
 
-Going through the whole process of creating a new remote by running `rclone config`, each prompt should be answered as shown below:
+Properties:
 
-```
-Storage> s3
-env_auth> 1
-access_key_id> YOUR_ACCESS_KEY
-secret_access_key> YOUR_SECRET_KEY
-region>
-endpoint> nyc3.digitaloceanspaces.com
-location_constraint>
-acl>
-storage_class>
-```
+- Config:      sse_kms_key_id
+- Env Var:     RCLONE_S3_SSE_KMS_KEY_ID
+- Provider:    AWS,Ceph,Minio
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - None
+    - "arn:aws:kms:us-east-1:*"
+        - arn:aws:kms:*
 
-The resulting configuration file should look like:
+#### --s3-storage-class
 
-```
-[spaces]
-type = s3
-provider = DigitalOcean
-env_auth = false
-access_key_id = YOUR_ACCESS_KEY
-secret_access_key = YOUR_SECRET_KEY
-region =
-endpoint = nyc3.digitaloceanspaces.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
-```
+The storage class to use when storing new objects in S3.
 
-Once configured, you can create a new Space and begin copying files. For example:
+Properties:
 
-```
-rclone mkdir spaces:my-new-space
-rclone copy /path/to/files spaces:my-new-space
-```
-### Huawei OBS {#huawei-obs}
+- Config:      storage_class
+- Env Var:     RCLONE_S3_STORAGE_CLASS
+- Provider:    AWS
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - Default
+    - "STANDARD"
+        - Standard storage class
+    - "REDUCED_REDUNDANCY"
+        - Reduced redundancy storage class
+    - "STANDARD_IA"
+        - Standard Infrequent Access storage class
+    - "ONEZONE_IA"
+        - One Zone Infrequent Access storage class
+    - "GLACIER"
+        - Glacier storage class
+    - "DEEP_ARCHIVE"
+        - Glacier Deep Archive storage class
+    - "INTELLIGENT_TIERING"
+        - Intelligent-Tiering storage class
+    - "GLACIER_IR"
+        - Glacier Instant Retrieval storage class
 
-Object Storage Service (OBS) provides stable, secure, efficient, and easy-to-use cloud storage that lets you store virtually any volume of unstructured data in any format and access it from anywhere.
+### Advanced options
 
-OBS provides an S3 interface, you can copy and modify the following configuration and add it to your rclone configuration file.
-```
-[obs]
-type = s3
-provider = HuaweiOBS
-access_key_id = your-access-key-id
-secret_access_key = your-secret-access-key
-region = af-south-1
-endpoint = obs.af-south-1.myhuaweicloud.com
-acl = private
-```
+Here are the Advanced options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others).
 
-Or you can also configure via the interactive command line:
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> obs
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-[snip]
-Storage> 5
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
- 9 / Huawei Object Storage Service
-   \ (HuaweiOBS)
-[snip]
-provider> 9
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth> 1
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id> your-access-key-id
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key> your-secret-access-key
-Option region.
-Region to connect to.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / AF-Johannesburg
-   \ (af-south-1)
- 2 / AP-Bangkok
-   \ (ap-southeast-2)
-[snip]
-region> 1
-Option endpoint.
-Endpoint for OBS API.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / AF-Johannesburg
-   \ (obs.af-south-1.myhuaweicloud.com)
- 2 / AP-Bangkok
-   \ (obs.ap-southeast-2.myhuaweicloud.com)
-[snip]
-endpoint> 1
-Option acl.
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-[snip]
-acl> 1
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n>
---------------------
-[obs]
-type = s3
-provider = HuaweiOBS
-access_key_id = your-access-key-id
-secret_access_key = your-secret-access-key
-region = af-south-1
-endpoint = obs.af-south-1.myhuaweicloud.com
-acl = private
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
+#### --s3-bucket-acl
 
-Name                 Type
-====                 ====
-obs                  s3
+Canned ACL used when creating buckets.
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
-```
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
 
-### IBM COS (S3)
+Note that this ACL is applied when only when creating buckets.  If it
+isn't set then "acl" is used instead.
 
-Information stored with IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations, and accessed through an implementation of the S3 API. This service makes use of the distributed storage technologies provided by IBM’s Cloud Object Storage System (formerly Cleversafe). For more information visit: (http://www.ibm.com/cloud/object-storage)
+If the "acl" and "bucket_acl" are empty strings then no X-Amz-Acl:
+header is added and the default (private) will be used.
 
-To configure access to IBM COS S3, follow the steps below:
 
-1. Run rclone config and select n for a new remote.
-```
-	2018/02/14 14:13:11 NOTICE: Config file "C:\\Users\\a\\.config\\rclone\\rclone.conf" not found - using defaults
-	No remotes found, make a new one?
-	n) New remote
-	s) Set configuration password
-	q) Quit config
-	n/s/q> n
-```
+Properties:
 
-2. Enter the name for the configuration
-```
-	name> <YOUR NAME>
-```
+- Config:      bucket_acl
+- Env Var:     RCLONE_S3_BUCKET_ACL
+- Type:        string
+- Required:    false
+- Examples:
+    - "private"
+        - Owner gets FULL_CONTROL.
+        - No one else has access rights (default).
+    - "public-read"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ access.
+    - "public-read-write"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ and WRITE access.
+        - Granting this on a bucket is generally not recommended.
+    - "authenticated-read"
+        - Owner gets FULL_CONTROL.
+        - The AuthenticatedUsers group gets READ access.
 
-3. Select "s3" storage.
-```
-Choose a number from below, or type in your own value
- 	1 / Alias for an existing remote
-   	\ "alias"
- 	2 / Amazon Drive
-   	\ "amazon cloud drive"
- 	3 / Amazon S3 Complaint Storage Providers (Dreamhost, Ceph, ChinaMobile, Liara, ArvanCloud, Minio, IBM COS)
-   	\ "s3"
- 	4 / Backblaze B2
-   	\ "b2"
-[snip]
-	23 / HTTP
-    \ "http"
-Storage> 3
-```
+#### --s3-requester-pays
 
-4. Select IBM COS as the S3 Storage Provider.
-```
-Choose the S3 provider.
-Choose a number from below, or type in your own value
-	 1 / Choose this option to configure Storage to AWS S3
-	   \ "AWS"
- 	 2 / Choose this option to configure Storage to Ceph Systems
-  	 \ "Ceph"
-	 3 /  Choose this option to configure Storage to Dreamhost
-     \ "Dreamhost"
-   4 / Choose this option to the configure Storage to IBM COS S3
-   	 \ "IBMCOS"
- 	 5 / Choose this option to the configure Storage to Minio
-     \ "Minio"
-	 Provider>4
-```
+Enables requester pays option when interacting with S3 bucket.
 
-5. Enter the Access Key and Secret.
-```
-	AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-	access_key_id> <>
-	AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-	secret_access_key> <>
-```
+Properties:
 
-6. Specify the endpoint for IBM COS. For Public IBM COS, choose from the option below. For On Premise IBM COS, enter an endpoint address.
-```
-	Endpoint for IBM COS S3 API.
-	Specify if using an IBM COS On Premise.
-	Choose a number from below, or type in your own value
-	 1 / US Cross Region Endpoint
-   	   \ "s3-api.us-geo.objectstorage.softlayer.net"
-	 2 / US Cross Region Dallas Endpoint
-   	   \ "s3-api.dal.us-geo.objectstorage.softlayer.net"
- 	 3 / US Cross Region Washington DC Endpoint
-   	   \ "s3-api.wdc-us-geo.objectstorage.softlayer.net"
-	 4 / US Cross Region San Jose Endpoint
-	   \ "s3-api.sjc-us-geo.objectstorage.softlayer.net"
-	 5 / US Cross Region Private Endpoint
-	   \ "s3-api.us-geo.objectstorage.service.networklayer.com"
-	 6 / US Cross Region Dallas Private Endpoint
-	   \ "s3-api.dal-us-geo.objectstorage.service.networklayer.com"
-	 7 / US Cross Region Washington DC Private Endpoint
-	   \ "s3-api.wdc-us-geo.objectstorage.service.networklayer.com"
-	 8 / US Cross Region San Jose Private Endpoint
-	   \ "s3-api.sjc-us-geo.objectstorage.service.networklayer.com"
-	 9 / US Region East Endpoint
-	   \ "s3.us-east.objectstorage.softlayer.net"
-	10 / US Region East Private Endpoint
-	   \ "s3.us-east.objectstorage.service.networklayer.com"
-	11 / US Region South Endpoint
-[snip]
-	34 / Toronto Single Site Private Endpoint
-	   \ "s3.tor01.objectstorage.service.networklayer.com"
-	endpoint>1
-```
+- Config:      requester_pays
+- Env Var:     RCLONE_S3_REQUESTER_PAYS
+- Provider:    AWS
+- Type:        bool
+- Default:     false
 
+#### --s3-sse-customer-algorithm
 
-7. Specify a IBM COS Location Constraint. The location constraint must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter
-```
-	 1 / US Cross Region Standard
-	   \ "us-standard"
-	 2 / US Cross Region Vault
-	   \ "us-vault"
-	 3 / US Cross Region Cold
-	   \ "us-cold"
-	 4 / US Cross Region Flex
-	   \ "us-flex"
-	 5 / US East Region Standard
-	   \ "us-east-standard"
-	 6 / US East Region Vault
-	   \ "us-east-vault"
-	 7 / US East Region Cold
-	   \ "us-east-cold"
-	 8 / US East Region Flex
-	   \ "us-east-flex"
-	 9 / US South Region Standard
-	   \ "us-south-standard"
-	10 / US South Region Vault
-	   \ "us-south-vault"
-[snip]
-	32 / Toronto Flex
-	   \ "tor01-flex"
-location_constraint>1
-```
+If using SSE-C, the server-side encryption algorithm used when storing this object in S3.
 
-9. Specify a canned ACL. IBM Cloud (Storage) supports "public-read" and "private". IBM Cloud(Infra) supports all the canned ACLs. On-Premise COS supports all the canned ACLs.
-```
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
-      1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
-      \ "private"
-      2  / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
-      \ "public-read"
-      3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
-      \ "public-read-write"
-      4  / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
-      \ "authenticated-read"
-acl> 1
-```
+Properties:
 
+- Config:      sse_customer_algorithm
+- Env Var:     RCLONE_S3_SSE_CUSTOMER_ALGORITHM
+- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - None
+    - "AES256"
+        - AES256
 
-12. Review the displayed configuration and accept to save the "remote" then quit. The config file should look like this
-```
-	[xxx]
-	type = s3
-	Provider = IBMCOS
-	access_key_id = xxx
-	secret_access_key = yyy
-	endpoint = s3-api.us-geo.objectstorage.softlayer.net
-	location_constraint = us-standard
-	acl = private
-```
+#### --s3-sse-customer-key
 
-13. Execute rclone commands
-```
-	1)	Create a bucket.
-		rclone mkdir IBM-COS-XREGION:newbucket
-	2)	List available buckets.
-		rclone lsd IBM-COS-XREGION:
-		-1 2017-11-08 21:16:22        -1 test
-		-1 2018-02-14 20:16:39        -1 newbucket
-	3)	List contents of a bucket.
-		rclone ls IBM-COS-XREGION:newbucket
-		18685952 test.exe
-	4)	Copy a file from local to remote.
-		rclone copy /Users/file.txt IBM-COS-XREGION:newbucket
-	5)	Copy a file from remote to local.
-		rclone copy IBM-COS-XREGION:newbucket/file.txt .
-	6)	Delete a file on remote.
-		rclone delete IBM-COS-XREGION:newbucket/file.txt
-```
+To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data.
 
-### IDrive e2 {#idrive-e2}
+Alternatively you can provide --sse-customer-key-base64.
 
-Here is an example of making an [IDrive e2](https://www.idrive.com/e2/)
-configuration.  First run:
+Properties:
 
-    rclone config
+- Config:      sse_customer_key
+- Env Var:     RCLONE_S3_SSE_CUSTOMER_KEY
+- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - None
 
-This will guide you through an interactive setup process.
+#### --s3-sse-customer-key-base64
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
+If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data.
 
-Enter name for new remote.
-name> e2
+Alternatively you can provide --sse-customer-key.
 
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-[snip]
-Storage> s3
+Properties:
 
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
-XX / IDrive e2
-   \ (IDrive)
-[snip]
-provider> IDrive
+- Config:      sse_customer_key_base64
+- Env Var:     RCLONE_S3_SSE_CUSTOMER_KEY_BASE64
+- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - None
 
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth> 
+#### --s3-sse-customer-key-md5
 
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id> YOUR_ACCESS_KEY
+If using SSE-C you may provide the secret encryption key MD5 checksum (optional).
 
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key> YOUR_SECRET_KEY
+If you leave it blank, this is calculated automatically from the sse_customer_key provided.
 
-Option acl.
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-   / Owner gets FULL_CONTROL.
- 2 | The AllUsers group gets READ access.
-   \ (public-read)
-   / Owner gets FULL_CONTROL.
- 3 | The AllUsers group gets READ and WRITE access.
-   | Granting this on a bucket is generally not recommended.
-   \ (public-read-write)
-   / Owner gets FULL_CONTROL.
- 4 | The AuthenticatedUsers group gets READ access.
-   \ (authenticated-read)
-   / Object owner gets FULL_CONTROL.
- 5 | Bucket owner gets READ access.
-   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \ (bucket-owner-read)
-   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
- 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \ (bucket-owner-full-control)
-acl> 
 
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> 
+Properties:
 
-Configuration complete.
-Options:
-- type: s3
-- provider: IDrive
-- access_key_id: YOUR_ACCESS_KEY
-- secret_access_key: YOUR_SECRET_KEY
-- endpoint: q9d9.la12.idrivee2-5.com
-Keep this "e2" remote?
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+- Config:      sse_customer_key_md5
+- Env Var:     RCLONE_S3_SSE_CUSTOMER_KEY_MD5
+- Provider:    AWS,Ceph,ChinaMobile,Minio
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - None
 
-### IONOS Cloud {#ionos}
+#### --s3-upload-cutoff
 
-[IONOS S3 Object Storage](https://cloud.ionos.com/storage/object-storage) is a service offered by IONOS for storing and accessing unstructured data.
-To connect to the service, you will need an access key and a secret key. These can be found in the [Data Center Designer](https://dcd.ionos.com/), by selecting **Manager resources** > **Object Storage Key Manager**.
+Cutoff for switching to chunked upload.
 
+Any files larger than this will be uploaded in chunks of chunk_size.
+The minimum is 0 and the maximum is 5 GiB.
 
-Here is an example of a configuration. First, run `rclone config`. This will walk you through an interactive setup process. Type `n` to add the new remote, and then enter a name:
+Properties:
 
-```
-Enter name for new remote.
-name> ionos-fra
-```
+- Config:      upload_cutoff
+- Env Var:     RCLONE_S3_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
 
-Type `s3` to choose the connection type:
-```
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
-   \ (s3)
-[snip]
-Storage> s3
-```
+#### --s3-chunk-size
 
-Type `IONOS`:
-```
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
-XX / IONOS Cloud
-   \ (IONOS)
-[snip]
-provider> IONOS
-```
+Chunk size to use for uploading.
 
-Press Enter to choose the default option `Enter AWS credentials in the next step`:
-```
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth>
-```
+When uploading files larger than upload_cutoff or files with unknown
+size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google
+photos or google docs) they will be uploaded as multipart uploads
+using this chunk size.
 
-Enter your Access Key and Secret key. These can be retrieved in the [Data Center Designer](https://dcd.ionos.com/), click on the menu “Manager resources”  / "Object Storage Key Manager".
-```
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id> YOUR_ACCESS_KEY
+Note that "--s3-upload-concurrency" chunks of this size are buffered
+in memory per transfer.
 
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key> YOUR_SECRET_KEY
-```
+If you are transferring large files over high-speed links and you have
+enough memory, then increasing this will speed up the transfers.
 
-Choose the region where your bucket is located:
-```
-Option region.
-Region where your bucket will be created and your data stored.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Frankfurt, Germany
-   \ (de)
- 2 / Berlin, Germany
-   \ (eu-central-2)
- 3 / Logrono, Spain
-   \ (eu-south-2)
-region> 2
-```
+Rclone will automatically increase the chunk size when uploading a
+large file of known size to stay below the 10,000 chunks limit.
 
-Choose the endpoint from the same region:
-```
-Option endpoint.
-Endpoint for IONOS S3 Object Storage.
-Specify the endpoint from the same region.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Frankfurt, Germany
-   \ (s3-eu-central-1.ionoscloud.com)
- 2 / Berlin, Germany
-   \ (s3-eu-central-2.ionoscloud.com)
- 3 / Logrono, Spain
-   \ (s3-eu-south-2.ionoscloud.com)
-endpoint> 1
-```
+Files of unknown size are uploaded with the configured
+chunk_size. Since the default chunk size is 5 MiB and there can be at
+most 10,000 chunks, this means that by default the maximum size of
+a file you can stream upload is 48 GiB.  If you wish to stream upload
+larger files then you will need to increase chunk_size.
 
-Press Enter to choose the default option or choose the desired ACL setting:
-```
-Option acl.
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-   / Owner gets FULL_CONTROL.
-[snip]
-acl>
-```
+Increasing the chunk size decreases the accuracy of the progress
+statistics displayed with "-P" flag. Rclone treats chunk as sent when
+it's buffered by the AWS SDK, when in fact it may still be uploading.
+A bigger chunk size means a bigger AWS SDK buffer and progress
+reporting more deviating from the truth.
 
-Press Enter to skip the advanced config:
-```
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n>
-```
 
-Press Enter to save the configuration, and then `q` to quit the configuration process:
-```
-Configuration complete.
-Options:
-- type: s3
-- provider: IONOS
-- access_key_id: YOUR_ACCESS_KEY
-- secret_access_key: YOUR_SECRET_KEY
-- endpoint: s3-eu-central-1.ionoscloud.com
-Keep this "ionos-fra" remote?
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+Properties:
 
-Done! Now you can try some commands (for macOS, use `./rclone` instead of `rclone`).
+- Config:      chunk_size
+- Env Var:     RCLONE_S3_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Mi
 
-1)  Create a bucket (the name must be unique within the whole IONOS S3)
-```
-rclone mkdir ionos-fra:my-bucket
-```
-2)  List available buckets
-```
-rclone lsd ionos-fra:
-```
-4) Copy a file from local to remote
-```
-rclone copy /Users/file.txt ionos-fra:my-bucket
-```
-3)  List contents of a bucket
-```
-rclone ls ionos-fra:my-bucket
-```
-5)  Copy a file from remote to local
-```
-rclone copy ionos-fra:my-bucket/file.txt
-```
+#### --s3-max-upload-parts
 
-### Minio
+Maximum number of parts in a multipart upload.
 
-[Minio](https://minio.io/) is an object storage server built for cloud application developers and devops.
+This option defines the maximum number of multipart chunks to use
+when doing a multipart upload.
 
-It is very easy to install and provides an S3 compatible server which can be used by rclone.
+This can be useful if a service does not support the AWS S3
+specification of 10,000 chunks.
 
-To use it, install Minio following the instructions [here](https://docs.minio.io/docs/minio-quickstart-guide).
+Rclone will automatically increase the chunk size when uploading a
+large file of a known size to stay below this number of chunks limit.
 
-When it configures itself Minio will print something like this
 
-```
-Endpoint:  http://192.168.1.106:9000  http://172.23.0.1:9000
-AccessKey: USWUXHGYZQYFYFFIT3RE
-SecretKey: MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
-Region:    us-east-1
-SQS ARNs:  arn:minio:sqs:us-east-1:1:redis arn:minio:sqs:us-east-1:2:redis
+Properties:
 
-Browser Access:
-   http://192.168.1.106:9000  http://172.23.0.1:9000
+- Config:      max_upload_parts
+- Env Var:     RCLONE_S3_MAX_UPLOAD_PARTS
+- Type:        int
+- Default:     10000
 
-Command-line Access: https://docs.minio.io/docs/minio-client-quickstart-guide
-   $ mc config host add myminio http://192.168.1.106:9000 USWUXHGYZQYFYFFIT3RE MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+#### --s3-copy-cutoff
 
-Object API (Amazon S3 compatible):
-   Go:         https://docs.minio.io/docs/golang-client-quickstart-guide
-   Java:       https://docs.minio.io/docs/java-client-quickstart-guide
-   Python:     https://docs.minio.io/docs/python-client-quickstart-guide
-   JavaScript: https://docs.minio.io/docs/javascript-client-quickstart-guide
-   .NET:       https://docs.minio.io/docs/dotnet-client-quickstart-guide
+Cutoff for switching to multipart copy.
 
-Drive Capacity: 26 GiB Free, 165 GiB Total
-```
+Any files larger than this that need to be server-side copied will be
+copied in chunks of this size.
 
-These details need to go into `rclone config` like this.  Note that it
-is important to put the region in as stated above.
+The minimum is 0 and the maximum is 5 GiB.
 
-```
-env_auth> 1
-access_key_id> USWUXHGYZQYFYFFIT3RE
-secret_access_key> MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
-region> us-east-1
-endpoint> http://192.168.1.106:9000
-location_constraint>
-server_side_encryption>
-```
+Properties:
 
-Which makes the config file look like this
+- Config:      copy_cutoff
+- Env Var:     RCLONE_S3_COPY_CUTOFF
+- Type:        SizeSuffix
+- Default:     4.656Gi
 
-```
-[minio]
-type = s3
-provider = Minio
-env_auth = false
-access_key_id = USWUXHGYZQYFYFFIT3RE
-secret_access_key = MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
-region = us-east-1
-endpoint = http://192.168.1.106:9000
-location_constraint =
-server_side_encryption =
-```
+#### --s3-disable-checksum
 
-So once set up, for example, to copy files into a bucket
+Don't store MD5 checksum with object metadata.
 
-```
-rclone copy /path/to/files minio:bucket
-```
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
 
-### Qiniu Cloud Object Storage (Kodo) {#qiniu}
+Properties:
 
-[Qiniu Cloud Object Storage (Kodo)](https://www.qiniu.com/en/products/kodo), a completely independent-researched core technology which is proven by repeated customer experience has occupied absolute leading market leader position. Kodo can be widely applied to mass data management.
+- Config:      disable_checksum
+- Env Var:     RCLONE_S3_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
 
-To configure access to Qiniu Kodo, follow the steps below:
+#### --s3-shared-credentials-file
 
-1. Run `rclone config` and select `n` for a new remote.
+Path to the shared credentials file.
 
-```
-rclone config
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-```
+If env_auth = true then rclone can use a shared credentials file.
 
-2. Give the name of the configuration. For example, name it 'qiniu'.
+If this variable is empty rclone will look for the
+"AWS_SHARED_CREDENTIALS_FILE" env variable. If the env value is empty
+it will default to the current user's home directory.
 
-```
-name> qiniu
-```
+    Linux/OSX: "$HOME/.aws/credentials"
+    Windows:   "%USERPROFILE%\.aws\credentials"
 
-3. Select `s3` storage.
 
-```
-Choose a number from below, or type in your own value
- 1 / 1Fichier
-   \ (fichier)
- 2 / Akamai NetStorage
-   \ (netstorage)
- 3 / Alias for an existing remote
-   \ (alias)
- 4 / Amazon Drive
-   \ (amazon cloud drive)
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi
-   \ (s3)
-[snip]
-Storage> s3
-```
+Properties:
 
-4. Select `Qiniu` provider.
-```
-Choose a number from below, or type in your own value
-1 / Amazon Web Services (AWS) S3
-   \ "AWS"
-[snip]
-22 / Qiniu Object Storage (Kodo)
-   \ (Qiniu)
-[snip]
-provider> Qiniu
-```
+- Config:      shared_credentials_file
+- Env Var:     RCLONE_S3_SHARED_CREDENTIALS_FILE
+- Type:        string
+- Required:    false
 
-5. Enter your SecretId and SecretKey of Qiniu Kodo.
+#### --s3-profile
 
-```
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Enter a boolean value (true or false). Press Enter for the default ("false").
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ "false"
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ "true"
-env_auth> 1
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default ("").
-access_key_id> AKIDxxxxxxxxxx
-AWS Secret Access Key (password)
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default ("").
-secret_access_key> xxxxxxxxxxx
-```
+Profile to use in the shared credentials file.
 
-6. Select endpoint for Qiniu Kodo. This is the standard endpoint for different region.
+If env_auth = true then rclone can use a shared credentials file. This
+variable controls which profile is used in that file.
 
-```
-   / The default endpoint - a good choice if you are unsure.
- 1 | East China Region 1.
-   | Needs location constraint cn-east-1.
-   \ (cn-east-1)
-   / East China Region 2.
- 2 | Needs location constraint cn-east-2.
-   \ (cn-east-2)
-   / North China Region 1.
- 3 | Needs location constraint cn-north-1.
-   \ (cn-north-1)
-   / South China Region 1.
- 4 | Needs location constraint cn-south-1.
-   \ (cn-south-1)
-   / North America Region.
- 5 | Needs location constraint us-north-1.
-   \ (us-north-1)
-   / Southeast Asia Region 1.
- 6 | Needs location constraint ap-southeast-1.
-   \ (ap-southeast-1)
-   / Northeast Asia Region 1.
- 7 | Needs location constraint ap-northeast-1.
-   \ (ap-northeast-1)
-[snip]
-endpoint> 1
+If empty it will default to the environment variable "AWS_PROFILE" or
+"default" if that environment variable is also not set.
 
-Option endpoint.
-Endpoint for Qiniu Object Storage.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / East China Endpoint 1
-   \ (s3-cn-east-1.qiniucs.com)
- 2 / East China Endpoint 2
-   \ (s3-cn-east-2.qiniucs.com)
- 3 / North China Endpoint 1
-   \ (s3-cn-north-1.qiniucs.com)
- 4 / South China Endpoint 1
-   \ (s3-cn-south-1.qiniucs.com)
- 5 / North America Endpoint 1
-   \ (s3-us-north-1.qiniucs.com)
- 6 / Southeast Asia Endpoint 1
-   \ (s3-ap-southeast-1.qiniucs.com)
- 7 / Northeast Asia Endpoint 1
-   \ (s3-ap-northeast-1.qiniucs.com)
-endpoint> 1
 
-Option location_constraint.
-Location constraint - must be set to match the Region.
-Used when creating buckets only.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / East China Region 1
-   \ (cn-east-1)
- 2 / East China Region 2
-   \ (cn-east-2)
- 3 / North China Region 1
-   \ (cn-north-1)
- 4 / South China Region 1
-   \ (cn-south-1)
- 5 / North America Region 1
-   \ (us-north-1)
- 6 / Southeast Asia Region 1
-   \ (ap-southeast-1)
- 7 / Northeast Asia Region 1
-   \ (ap-northeast-1)
-location_constraint> 1
-```
+Properties:
 
-7. Choose acl and storage class.
+- Config:      profile
+- Env Var:     RCLONE_S3_PROFILE
+- Type:        string
+- Required:    false
 
-```
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-   / Owner gets FULL_CONTROL.
- 2 | The AllUsers group gets READ access.
-   \ (public-read)
-[snip]
-acl> 2
-The storage class to use when storing new objects in Tencent COS.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Standard storage class
-   \ (STANDARD)
- 2 / Infrequent access storage mode
-   \ (LINE)
- 3 / Archive storage mode
-   \ (GLACIER)
- 4 / Deep archive storage mode
-   \ (DEEP_ARCHIVE)
-[snip]
-storage_class> 1
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
---------------------
-[qiniu]
-- type: s3
-- provider: Qiniu
-- access_key_id: xxx
-- secret_access_key: xxx
-- region: cn-east-1
-- endpoint: s3-cn-east-1.qiniucs.com
-- location_constraint: cn-east-1
-- acl: public-read
-- storage_class: STANDARD
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
+#### --s3-session-token
 
-Name                 Type
-====                 ====
-qiniu                s3
-```
+An AWS session token.
 
-### RackCorp {#RackCorp}
+Properties:
 
-[RackCorp Object Storage](https://www.rackcorp.com/storage/s3storage) is an S3 compatible object storage platform from your friendly cloud provider RackCorp. 
-The service is fast, reliable, well priced and located in many strategic locations unserviced by others, to ensure you can maintain data sovereignty.
+- Config:      session_token
+- Env Var:     RCLONE_S3_SESSION_TOKEN
+- Type:        string
+- Required:    false
 
-Before you can use RackCorp Object Storage, you'll need to "[sign up](https://www.rackcorp.com/signup)" for an account on our "[portal](https://portal.rackcorp.com)".
-Next you can create an `access key`, a `secret key` and `buckets`, in your location of choice with ease. 
-These details are required for the next steps of configuration, when `rclone config` asks for your `access_key_id` and `secret_access_key`.
+#### --s3-upload-concurrency
 
-Your config should end up looking a bit like this:
+Concurrency for multipart uploads.
 
-```
-[RCS3-demo-config]
-type = s3
-provider = RackCorp
-env_auth = true
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region = au-nsw
-endpoint = s3.rackcorp.com
-location_constraint = au-nsw
-```
+This is the number of chunks of the same file that are uploaded
+concurrently.
 
+If you are uploading small numbers of large files over high-speed links
+and these uploads do not fully utilize your bandwidth, then increasing
+this may help to speed up the transfers.
 
-### Scaleway
+Properties:
 
-[Scaleway](https://www.scaleway.com/object-storage/) The Object Storage platform allows you to store anything from backups, logs and web assets to documents and photos.
-Files can be dropped from the Scaleway console or transferred through our API and CLI or using any S3-compatible tool.
+- Config:      upload_concurrency
+- Env Var:     RCLONE_S3_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
 
-Scaleway provides an S3 interface which can be configured for use with rclone like this:
+#### --s3-force-path-style
 
-```
-[scaleway]
-type = s3
-provider = Scaleway
-env_auth = false
-endpoint = s3.nl-ams.scw.cloud
-access_key_id = SCWXXXXXXXXXXXXXX
-secret_access_key = 1111111-2222-3333-44444-55555555555555
-region = nl-ams
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =
-```
+If true use path style access if false use virtual hosted style.
 
-[C14 Cold Storage](https://www.online.net/en/storage/c14-cold-storage) is the low-cost S3 Glacier alternative from Scaleway and it works the same way as on S3 by accepting the "GLACIER" `storage_class`.
-So you can configure your remote with the `storage_class = GLACIER` option to upload directly to C14. Don't forget that in this state you can't read files back after, you will need to restore them to "STANDARD" storage_class first before being able to read them (see "restore" section above)
+If this is true (the default) then rclone will use path style access,
+if false then rclone will use virtual path style. See [the AWS S3
+docs](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro)
+for more info.
 
-### Seagate Lyve Cloud {#lyve}
+Some providers (e.g. AWS, Aliyun OSS, Netease COS, or Tencent COS) require this set to
+false - rclone will do this automatically based on the provider
+setting.
 
-[Seagate Lyve Cloud](https://www.seagate.com/gb/en/services/cloud/storage/) is an S3
-compatible object storage platform from [Seagate](https://seagate.com/) intended for enterprise use.
+Properties:
 
-Here is a config run through for a remote called `remote` - you may
-choose a different name of course. Note that to create an access key
-and secret key you will need to create a service account first.
+- Config:      force_path_style
+- Env Var:     RCLONE_S3_FORCE_PATH_STYLE
+- Type:        bool
+- Default:     true
 
-```
-$ rclone config
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-```
+#### --s3-v2-auth
 
-Choose `s3` backend
+If true use v2 authentication.
 
-```
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
-   \ (s3)
-[snip]
-Storage> s3
-```
+If this is false (the default) then rclone will use v4 authentication.
+If it is set then rclone will use v2 authentication.
 
-Choose `LyveCloud` as S3 provider
+Use this only if v4 signatures don't work, e.g. pre Jewel/v10 CEPH.
 
-```
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-[snip]
-XX / Seagate Lyve Cloud
-   \ (LyveCloud)
-[snip]
-provider> LyveCloud
-```
+Properties:
 
-Take the default (just press enter) to enter access key and secret in the config file.
+- Config:      v2_auth
+- Env Var:     RCLONE_S3_V2_AUTH
+- Type:        bool
+- Default:     false
 
-```
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth>
-```
+#### --s3-use-accelerate-endpoint
 
-```
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id> XXX
-```
+If true use the AWS S3 accelerated endpoint.
 
-```
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key> YYY
-```
+See: [AWS S3 Transfer acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration-examples.html)
 
-Leave region blank
+Properties:
 
-```
-Region to connect to.
-Leave blank if you are using an S3 clone and you don't have a region.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Use this if unsure.
- 1 | Will use v4 signatures and an empty region.
-   \ ()
-   / Use this only if v4 signatures don't work.
- 2 | E.g. pre Jewel/v10 CEPH.
-   \ (other-v2-signature)
-region>
-```
+- Config:      use_accelerate_endpoint
+- Env Var:     RCLONE_S3_USE_ACCELERATE_ENDPOINT
+- Provider:    AWS
+- Type:        bool
+- Default:     false
 
-Choose an endpoint from the list
+#### --s3-leave-parts-on-error
 
-```
-Endpoint for S3 API.
-Required when using an S3 clone.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Seagate Lyve Cloud US East 1 (Virginia)
-   \ (s3.us-east-1.lyvecloud.seagate.com)
- 2 / Seagate Lyve Cloud US West 1 (California)
-   \ (s3.us-west-1.lyvecloud.seagate.com)
- 3 / Seagate Lyve Cloud AP Southeast 1 (Singapore)
-   \ (s3.ap-southeast-1.lyvecloud.seagate.com)
-endpoint> 1
-```
+If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.
 
-Leave location constraint blank
+It should be set to true for resuming uploads across different sessions.
 
-```
-Location constraint - must be set to match the Region.
-Leave blank if not sure. Used when creating buckets only.
-Enter a value. Press Enter to leave empty.
-location_constraint>
-```
+WARNING: Storing parts of an incomplete multipart upload counts towards space usage on S3 and will add additional costs if not cleaned up.
 
-Choose default ACL (`private`).
 
-```
-Canned ACL used when creating buckets and storing or copying objects.
-This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / Owner gets FULL_CONTROL.
- 1 | No one else has access rights (default).
-   \ (private)
-[snip]
-acl>
-```
+Properties:
 
-And the config file should end up looking like this:
+- Config:      leave_parts_on_error
+- Env Var:     RCLONE_S3_LEAVE_PARTS_ON_ERROR
+- Provider:    AWS
+- Type:        bool
+- Default:     false
 
-```
-[remote]
-type = s3
-provider = LyveCloud
-access_key_id = XXX
-secret_access_key = YYY
-endpoint = s3.us-east-1.lyvecloud.seagate.com
-```
+#### --s3-list-chunk
 
-### SeaweedFS
+Size of listing chunk (response list for each ListObject S3 request).
 
-[SeaweedFS](https://github.com/chrislusf/seaweedfs/) is a distributed storage system for 
-blobs, objects, files, and data lake, with O(1) disk seek and a scalable file metadata store.
-It has an S3 compatible object storage interface. SeaweedFS can also act as a 
-[gateway to remote S3 compatible object store](https://github.com/chrislusf/seaweedfs/wiki/Gateway-to-Remote-Object-Storage) 
-to cache data and metadata with asynchronous write back, for fast local speed and minimize access cost.
+This option is also known as "MaxKeys", "max-items", or "page-size" from the AWS S3 specification.
+Most services truncate the response list to 1000 objects even if requested more than that.
+In AWS S3 this is a global maximum and cannot be changed, see [AWS S3](https://docs.aws.amazon.com/cli/latest/reference/s3/ls.html).
+In Ceph, this can be increased with the "rgw list buckets max chunk" option.
 
-Assuming the SeaweedFS are configured with `weed shell` as such:
-```
-> s3.bucket.create -name foo
-> s3.configure -access_key=any -secret_key=any -buckets=foo -user=me -actions=Read,Write,List,Tagging,Admin -apply
-{
-  "identities": [
-    {
-      "name": "me",
-      "credentials": [
-        {
-          "accessKey": "any",
-          "secretKey": "any"
-        }
-      ],
-      "actions": [
-        "Read:foo",
-        "Write:foo",
-        "List:foo",
-        "Tagging:foo",
-        "Admin:foo"
-      ]
-    }
-  ]
-}
-```
 
-To use rclone with SeaweedFS, above configuration should end up with something like this in
-your config:
+Properties:
 
-```
-[seaweedfs_s3]
-type = s3
-provider = SeaweedFS
-access_key_id = any
-secret_access_key = any
-endpoint = localhost:8333
-```
+- Config:      list_chunk
+- Env Var:     RCLONE_S3_LIST_CHUNK
+- Type:        int
+- Default:     1000
 
-So once set up, for example to copy files into a bucket
+#### --s3-list-version
 
-```
-rclone copy /path/to/files seaweedfs_s3:foo
-```
+Version of ListObjects to use: 1,2 or 0 for auto.
 
-### Wasabi
+When S3 originally launched it only provided the ListObjects call to
+enumerate objects in a bucket.
 
-[Wasabi](https://wasabi.com) is a cloud-based object storage service for a
-broad range of applications and use cases. Wasabi is designed for
-individuals and organizations that require a high-performance,
-reliable, and secure data storage infrastructure at minimal cost.
+However in May 2016 the ListObjectsV2 call was introduced. This is
+much higher performance and should be used if at all possible.
 
-Wasabi provides an S3 interface which can be configured for use with
-rclone like this.
+If set to the default, 0, rclone will guess according to the provider
+set which list objects method to call. If it guesses wrong, then it
+may be set manually here.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-n/s> n
-name> wasabi
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Minio, Liara)
-   \ "s3"
-[snip]
-Storage> s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ "false"
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ "true"
-env_auth> 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id> YOURACCESSKEY
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key> YOURSECRETACCESSKEY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint - a good choice if you are unsure.
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \ "us-east-1"
-[snip]
-region> us-east-1
-Endpoint for S3 API.
-Leave blank if using AWS to use the default endpoint for the region.
-Specify if using an S3 clone such as Ceph.
-endpoint> s3.wasabisys.com
-Location constraint - must be set to match the Region. Used when creating buckets only.
-Choose a number from below, or type in your own value
- 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
-   \ ""
-[snip]
-location_constraint>
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ "private"
-[snip]
-acl>
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value
- 1 / None
-   \ ""
- 2 / AES256
-   \ "AES256"
-server_side_encryption>
-The storage class to use when storing objects in S3.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ ""
- 2 / Standard storage class
-   \ "STANDARD"
- 3 / Reduced redundancy storage class
-   \ "REDUCED_REDUNDANCY"
- 4 / Standard Infrequent Access storage class
-   \ "STANDARD_IA"
-storage_class>
-Remote config
---------------------
-[wasabi]
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region = us-east-1
-endpoint = s3.wasabisys.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
 
-This will leave the config file looking like this.
+Properties:
 
-```
-[wasabi]
-type = s3
-provider = Wasabi
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region =
-endpoint = s3.wasabisys.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
-```
+- Config:      list_version
+- Env Var:     RCLONE_S3_LIST_VERSION
+- Type:        int
+- Default:     0
 
-### Alibaba OSS {#alibaba-oss}
+#### --s3-list-url-encode
 
-Here is an example of making an [Alibaba Cloud (Aliyun) OSS](https://www.alibabacloud.com/product/oss/)
-configuration.  First run:
+Whether to url encode listings: true/false/unset
 
-    rclone config
+Some providers support URL encoding listings and where this is
+available this is more reliable when using control characters in file
+names. If this is set to unset (the default) then rclone will choose
+according to the provider setting what to apply, but you can override
+rclone's choice here.
 
-This will guide you through an interactive setup process.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> oss
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-[snip]
- 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
-   \ "s3"
-[snip]
-Storage> s3
-Choose your S3 provider.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Amazon Web Services (AWS) S3
-   \ "AWS"
- 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
-   \ "Alibaba"
- 3 / Ceph Object Storage
-   \ "Ceph"
-[snip]
-provider> Alibaba
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Enter a boolean value (true or false). Press Enter for the default ("false").
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ "false"
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ "true"
-env_auth> 1
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default ("").
-access_key_id> accesskeyid
-AWS Secret Access Key (password)
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default ("").
-secret_access_key> secretaccesskey
-Endpoint for OSS API.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / East China 1 (Hangzhou)
-   \ "oss-cn-hangzhou.aliyuncs.com"
- 2 / East China 2 (Shanghai)
-   \ "oss-cn-shanghai.aliyuncs.com"
- 3 / North China 1 (Qingdao)
-   \ "oss-cn-qingdao.aliyuncs.com"
-[snip]
-endpoint> 1
-Canned ACL used when creating buckets and storing or copying objects.
+Properties:
 
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ "private"
- 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
-   \ "public-read"
-   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
-[snip]
-acl> 1
-The storage class to use when storing new objects in OSS.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Default
-   \ ""
- 2 / Standard storage class
-   \ "STANDARD"
- 3 / Archive storage mode.
-   \ "GLACIER"
- 4 / Infrequent access storage mode.
-   \ "STANDARD_IA"
-storage_class> 1
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
---------------------
-[oss]
-type = s3
-provider = Alibaba
-env_auth = false
-access_key_id = accesskeyid
-secret_access_key = secretaccesskey
-endpoint = oss-cn-hangzhou.aliyuncs.com
-acl = private
-storage_class = Standard
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+- Config:      list_url_encode
+- Env Var:     RCLONE_S3_LIST_URL_ENCODE
+- Type:        Tristate
+- Default:     unset
 
-### China Mobile Ecloud Elastic Object Storage (EOS) {#china-mobile-ecloud-eos}
+#### --s3-no-check-bucket
 
-Here is an example of making an [China Mobile Ecloud Elastic Object Storage (EOS)](https:///ecloud.10086.cn/home/product-introduction/eos/)
-configuration.  First run:
+If set, don't attempt to check the bucket exists or create it.
 
-    rclone config
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
 
-This will guide you through an interactive setup process.
+It can also be needed if the user you are using does not have bucket
+creation permissions. Before v1.52.0 this would have passed silently
+due to a bug.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> ChinaMobile
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
- ...
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
-   \ (s3)
- ...
-Storage> s3
-Option provider.
-Choose your S3 provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- ...
- 4 / China Mobile Ecloud Elastic Object Storage (EOS)
-   \ (ChinaMobile)
- ...
-provider> ChinaMobile
-Option env_auth.
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth>
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id> accesskeyid
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key> secretaccesskey
-Option endpoint.
-Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
-   / The default endpoint - a good choice if you are unsure.
- 1 | East China (Suzhou)
-   \ (eos-wuxi-1.cmecloud.cn)
- 2 / East China (Jinan)
-   \ (eos-jinan-1.cmecloud.cn)
- 3 / East China (Hangzhou)
-   \ (eos-ningbo-1.cmecloud.cn)
- 4 / East China (Shanghai-1)
-   \ (eos-shanghai-1.cmecloud.cn)
- 5 / Central China (Zhengzhou)
-   \ (eos-zhengzhou-1.cmecloud.cn)
- 6 / Central China (Changsha-1)
-   \ (eos-hunan-1.cmecloud.cn)
- 7 / Central China (Changsha-2)
-   \ (eos-zhuzhou-1.cmecloud.cn)
- 8 / South China (Guangzhou-2)
-   \ (eos-guangzhou-1.cmecloud.cn)
- 9 / South China (Guangzhou-3)
-   \ (eos-dongguan-1.cmecloud.cn)
-10 / North China (Beijing-1)
-   \ (eos-beijing-1.cmecloud.cn)
-11 / North China (Beijing-2)
-   \ (eos-beijing-2.cmecloud.cn)
-12 / North China (Beijing-3)
-   \ (eos-beijing-4.cmecloud.cn)
-13 / North China (Huhehaote)
-   \ (eos-huhehaote-1.cmecloud.cn)
-14 / Southwest China (Chengdu)
-   \ (eos-chengdu-1.cmecloud.cn)
-15 / Southwest China (Chongqing)
-   \ (eos-chongqing-1.cmecloud.cn)
-16 / Southwest China (Guiyang)
-   \ (eos-guiyang-1.cmecloud.cn)
-17 / Nouthwest China (Xian)
-   \ (eos-xian-1.cmecloud.cn)
-18 / Yunnan China (Kunming)
-   \ (eos-yunnan.cmecloud.cn)
-19 / Yunnan China (Kunming-2)
-   \ (eos-yunnan-2.cmecloud.cn)
-20 / Tianjin China (Tianjin)
-   \ (eos-tianjin-1.cmecloud.cn)
-21 / Jilin China (Changchun)
-   \ (eos-jilin-1.cmecloud.cn)
-22 / Hubei China (Xiangyan)
-   \ (eos-hubei-1.cmecloud.cn)
-23 / Jiangxi China (Nanchang)
-   \ (eos-jiangxi-1.cmecloud.cn)
-24 / Gansu China (Lanzhou)
-   \ (eos-gansu-1.cmecloud.cn)
-25 / Shanxi China (Taiyuan)
-   \ (eos-shanxi-1.cmecloud.cn)
-26 / Liaoning China (Shenyang)
-   \ (eos-liaoning-1.cmecloud.cn)
-27 / Hebei China (Shijiazhuang)
-   \ (eos-hebei-1.cmecloud.cn)
-28 / Fujian China (Xiamen)
-   \ (eos-fujian-1.cmecloud.cn)
-29 / Guangxi China (Nanning)
-   \ (eos-guangxi-1.cmecloud.cn)
-30 / Anhui China (Huainan)
-   \ (eos-anhui-1.cmecloud.cn)
-endpoint> 1
-Option location_constraint.
-Location constraint - must match endpoint.
-Used when creating buckets only.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / East China (Suzhou)
-   \ (wuxi1)
- 2 / East China (Jinan)
-   \ (jinan1)
- 3 / East China (Hangzhou)
+
+Properties:
+
+- Config:      no_check_bucket
+- Env Var:     RCLONE_S3_NO_CHECK_BUCKET
+- Type:        bool
+- Default:     false
+
+#### --s3-no-head
+
+If set, don't HEAD uploaded objects to check integrity.
+
+This can be useful when trying to minimise the number of transactions
+rclone does.
+
+Setting it means that if rclone receives a 200 OK message after
+uploading an object with PUT then it will assume that it got uploaded
+properly.
+
+In particular it will assume:
+
+- the metadata, including modtime, storage class and content type was as uploaded
+- the size was as uploaded
+
+It reads the following items from the response for a single part PUT:
+
+- the MD5SUM
+- The uploaded date
+
+For multipart uploads these items aren't read.
+
+If an source object of unknown length is uploaded then rclone **will** do a
+HEAD request.
+
+Setting this flag increases the chance for undetected upload failures,
+in particular an incorrect size, so it isn't recommended for normal
+operation. In practice the chance of an undetected upload failure is
+very small even with this flag.
+
+
+Properties:
+
+- Config:      no_head
+- Env Var:     RCLONE_S3_NO_HEAD
+- Type:        bool
+- Default:     false
+
+#### --s3-no-head-object
+
+If set, do not do HEAD before GET when getting objects.
+
+Properties:
+
+- Config:      no_head_object
+- Env Var:     RCLONE_S3_NO_HEAD_OBJECT
+- Type:        bool
+- Default:     false
+
+#### --s3-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_S3_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8,Dot
+
+#### --s3-memory-pool-flush-time
+
+How often internal memory buffer pools will be flushed. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_flush_time
+- Env Var:     RCLONE_S3_MEMORY_POOL_FLUSH_TIME
+- Type:        Duration
+- Default:     1m0s
+
+#### --s3-memory-pool-use-mmap
+
+Whether to use mmap buffers in internal memory pool. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_use_mmap
+- Env Var:     RCLONE_S3_MEMORY_POOL_USE_MMAP
+- Type:        bool
+- Default:     false
+
+#### --s3-disable-http2
+
+Disable usage of http2 for S3 backends.
+
+There is currently an unsolved issue with the s3 (specifically minio) backend
+and HTTP/2.  HTTP/2 is enabled by default for the s3 backend but can be
+disabled here.  When the issue is solved this flag will be removed.
+
+See: https://github.com/rclone/rclone/issues/4673, https://github.com/rclone/rclone/issues/3631
+
+
+
+Properties:
+
+- Config:      disable_http2
+- Env Var:     RCLONE_S3_DISABLE_HTTP2
+- Type:        bool
+- Default:     false
+
+#### --s3-download-url
+
+Custom endpoint for downloads.
+This is usually set to a CloudFront CDN URL as AWS S3 offers
+cheaper egress for data downloaded through the CloudFront network.
+
+Properties:
+
+- Config:      download_url
+- Env Var:     RCLONE_S3_DOWNLOAD_URL
+- Type:        string
+- Required:    false
+
+#### --s3-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with "/", to persist the folder.
+
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_S3_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
+#### --s3-use-multipart-etag
+
+Whether to use ETag in multipart uploads for verification
+
+This should be true, false or left unset to use the default for the provider.
+
+
+Properties:
+
+- Config:      use_multipart_etag
+- Env Var:     RCLONE_S3_USE_MULTIPART_ETAG
+- Type:        Tristate
+- Default:     unset
+
+#### --s3-use-presigned-request
+
+Whether to use a presigned request or PutObject for single part uploads
+
+If this is false rclone will use PutObject from the AWS SDK to upload
+an object.
+
+Versions of rclone < 1.59 use presigned requests to upload a single
+part object and setting this flag to true will re-enable that
+functionality. This shouldn't be necessary except in exceptional
+circumstances or for testing.
+
+
+Properties:
+
+- Config:      use_presigned_request
+- Env Var:     RCLONE_S3_USE_PRESIGNED_REQUEST
+- Type:        bool
+- Default:     false
+
+#### --s3-versions
+
+Include old versions in directory listings.
+
+Properties:
+
+- Config:      versions
+- Env Var:     RCLONE_S3_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --s3-version-at
+
+Show file versions as they were at the specified time.
+
+The parameter should be a date, "2006-01-02", datetime "2006-01-02
+15:04:05" or a duration for that long ago, eg "100d" or "1h".
+
+Note that when using this no file write operations are permitted,
+so you can't upload files or delete them.
+
+See [the time option docs](https://rclone.org/docs/#time-option) for valid formats.
+
+
+Properties:
+
+- Config:      version_at
+- Env Var:     RCLONE_S3_VERSION_AT
+- Type:        Time
+- Default:     off
+
+#### --s3-decompress
+
+If set this will decompress gzip encoded objects.
+
+It is possible to upload objects to S3 with "Content-Encoding: gzip"
+set. Normally rclone will download these files as compressed objects.
+
+If this flag is set then rclone will decompress these files with
+"Content-Encoding: gzip" as they are received. This means that rclone
+can't check the size and hash but the file contents will be decompressed.
+
+
+Properties:
+
+- Config:      decompress
+- Env Var:     RCLONE_S3_DECOMPRESS
+- Type:        bool
+- Default:     false
+
+#### --s3-might-gzip
+
+Set this if the backend might gzip objects.
+
+Normally providers will not alter objects when they are downloaded. If
+an object was not uploaded with `Content-Encoding: gzip` then it won't
+be set on download.
+
+However some providers may gzip objects even if they weren't uploaded
+with `Content-Encoding: gzip` (eg Cloudflare).
+
+A symptom of this would be receiving errors like
+
+    ERROR corrupted on transfer: sizes differ NNN vs MMM
+
+If you set this flag and rclone downloads an object with
+Content-Encoding: gzip set and chunked transfer encoding, then rclone
+will decompress the object on the fly.
+
+If this is set to unset (the default) then rclone will choose
+according to the provider setting what to apply, but you can override
+rclone's choice here.
+
+
+Properties:
+
+- Config:      might_gzip
+- Env Var:     RCLONE_S3_MIGHT_GZIP
+- Type:        Tristate
+- Default:     unset
+
+#### --s3-use-accept-encoding-gzip
+
+Whether to send `Accept-Encoding: gzip` header.
+
+By default, rclone will append `Accept-Encoding: gzip` to the request to download
+compressed objects whenever possible.
+
+However some providers such as Google Cloud Storage may alter the HTTP headers, breaking
+the signature of the request.
+
+A symptom of this would be receiving errors like
+
+	SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.
+
+In this case, you might want to try disabling this option.
+
+
+Properties:
+
+- Config:      use_accept_encoding_gzip
+- Env Var:     RCLONE_S3_USE_ACCEPT_ENCODING_GZIP
+- Type:        Tristate
+- Default:     unset
+
+#### --s3-no-system-metadata
+
+Suppress setting and reading of system metadata
+
+Properties:
+
+- Config:      no_system_metadata
+- Env Var:     RCLONE_S3_NO_SYSTEM_METADATA
+- Type:        bool
+- Default:     false
+
+#### --s3-sts-endpoint
+
+Endpoint for STS.
+
+Leave blank if using AWS to use the default endpoint for the region.
+
+Properties:
+
+- Config:      sts_endpoint
+- Env Var:     RCLONE_S3_STS_ENDPOINT
+- Provider:    AWS
+- Type:        string
+- Required:    false
+
+#### --s3-use-already-exists
+
+Set if rclone should report BucketAlreadyExists errors on bucket creation.
+
+At some point during the evolution of the s3 protocol, AWS started
+returning an `AlreadyOwnedByYou` error when attempting to create a
+bucket that the user already owned, rather than a
+`BucketAlreadyExists` error.
+
+Unfortunately exactly what has been implemented by s3 clones is a
+little inconsistent, some return `AlreadyOwnedByYou`, some return
+`BucketAlreadyExists` and some return no error at all.
+
+This is important to rclone because it ensures the bucket exists by
+creating it on quite a lot of operations (unless
+`--s3-no-check-bucket` is used).
+
+If rclone knows the provider can return `AlreadyOwnedByYou` or returns
+no error then it can report `BucketAlreadyExists` errors when the user
+attempts to create a bucket not owned by them. Otherwise rclone
+ignores the `BucketAlreadyExists` error which can lead to confusion.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+
+
+Properties:
+
+- Config:      use_already_exists
+- Env Var:     RCLONE_S3_USE_ALREADY_EXISTS
+- Type:        Tristate
+- Default:     unset
+
+#### --s3-use-multipart-uploads
+
+Set if rclone should use multipart uploads.
+
+You can change this if you want to disable the use of multipart uploads.
+This shouldn't be necessary in normal operation.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+
+
+Properties:
+
+- Config:      use_multipart_uploads
+- Env Var:     RCLONE_S3_USE_MULTIPART_UPLOADS
+- Type:        Tristate
+- Default:     unset
+
+### Metadata
+
+User metadata is stored as x-amz-meta- keys. S3 metadata keys are case insensitive and are always returned in lower case.
+
+Here are the possible system metadata items for the s3 backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation) read from Last-Modified header | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+| cache-control | Cache-Control header | string | no-cache | N |
+| content-disposition | Content-Disposition header | string | inline | N |
+| content-encoding | Content-Encoding header | string | gzip | N |
+| content-language | Content-Language header | string | en-US | N |
+| content-type | Content-Type header | string | text/plain | N |
+| mtime | Time of last modification, read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| tier | Tier of the object | string | GLACIER | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+## Backend commands
+
+Here are the commands specific to the s3 backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### restore
+
+Restore objects from GLACIER to normal storage
+
+    rclone backend restore remote: [options] [<arguments>+]
+
+This command can be used to restore one or more objects from GLACIER
+to normal storage.
+
+Usage Examples:
+
+    rclone backend restore s3:bucket/path/to/object -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket/path/to/directory -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket -o priority=PRIORITY -o lifetime=DAYS
+
+This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags
+
+    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
+
+All the objects shown will be marked for restore, then
+
+    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
+
+It returns a list of status dictionaries with Remote and Status
+keys. The Status will be OK if it was successful or an error message
+if not.
+
+    [
+        {
+            "Status": "OK",
+            "Remote": "test.txt"
+        },
+        {
+            "Status": "OK",
+            "Remote": "test/file4.txt"
+        }
+    ]
+
+
+
+Options:
+
+- "description": The optional description for the job.
+- "lifetime": Lifetime of the active copy in days
+- "priority": Priority of restore: Standard|Expedited|Bulk
+
+### restore-status
+
+Show the restore status for objects being restored from GLACIER to normal storage
+
+    rclone backend restore-status remote: [options] [<arguments>+]
+
+This command can be used to show the status for objects being restored from GLACIER
+to normal storage.
+
+Usage Examples:
+
+    rclone backend restore-status s3:bucket/path/to/object
+    rclone backend restore-status s3:bucket/path/to/directory
+    rclone backend restore-status -o all s3:bucket/path/to/directory
+
+This command does not obey the filters.
+
+It returns a list of status dictionaries.
+
+    [
+        {
+            "Remote": "file.txt",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": true,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "GLACIER"
+        },
+        {
+            "Remote": "test.pdf",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": false,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "DEEP_ARCHIVE"
+        }
+    ]
+
+
+Options:
+
+- "all": if set then show all objects, not just ones with restore status
+
+### list-multipart-uploads
+
+List the unfinished multipart uploads
+
+    rclone backend list-multipart-uploads remote: [options] [<arguments>+]
+
+This command lists the unfinished multipart uploads in JSON format.
+
+    rclone backend list-multipart s3:bucket/path/to/object
+
+It returns a dictionary of buckets with values as lists of unfinished
+multipart uploads.
+
+You can call it with no bucket in which case it lists all bucket, with
+a bucket or with a bucket and path.
+
+    {
+      "rclone": [
+        {
+          "Initiated": "2020-06-26T14:20:36Z",
+          "Initiator": {
+            "DisplayName": "XXX",
+            "ID": "arn:aws:iam::XXX:user/XXX"
+          },
+          "Key": "KEY",
+          "Owner": {
+            "DisplayName": null,
+            "ID": "XXX"
+          },
+          "StorageClass": "STANDARD",
+          "UploadId": "XXX"
+        }
+      ],
+      "rclone-1000files": [],
+      "rclone-dst": []
+    }
+
+
+
+### cleanup
+
+Remove unfinished multipart uploads.
+
+    rclone backend cleanup remote: [options] [<arguments>+]
+
+This command removes unfinished multipart uploads of age greater than
+max-age which defaults to 24 hours.
+
+Note that you can use --interactive/-i or --dry-run with this command to see what
+it would do.
+
+    rclone backend cleanup s3:bucket/path/to/object
+    rclone backend cleanup -o max-age=7w s3:bucket/path/to/object
+
+Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
+
+
+Options:
+
+- "max-age": Max age of upload to delete
+
+### cleanup-hidden
+
+Remove old versions of files.
+
+    rclone backend cleanup-hidden remote: [options] [<arguments>+]
+
+This command removes any old hidden versions of files
+on a versions enabled bucket.
+
+Note that you can use --interactive/-i or --dry-run with this command to see what
+it would do.
+
+    rclone backend cleanup-hidden s3:bucket/path/to/dir
+
+
+### versioning
+
+Set/get versioning support for a bucket.
+
+    rclone backend versioning remote: [options] [<arguments>+]
+
+This command sets versioning support if a parameter is
+passed and then returns the current versioning status for the bucket
+supplied.
+
+    rclone backend versioning s3:bucket # read status only
+    rclone backend versioning s3:bucket Enabled
+    rclone backend versioning s3:bucket Suspended
+
+It may return "Enabled", "Suspended" or "Unversioned". Note that once versioning
+has been enabled the status can't be set back to "Unversioned".
+
+
+### set
+
+Set command for updating the config parameters.
+
+    rclone backend set remote: [options] [<arguments>+]
+
+This set command can be used to update the config parameters
+for a running s3 backend.
+
+Usage Examples:
+
+    rclone backend set s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: -o session_token=X -o access_key_id=X -o secret_access_key=X
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the s3 backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn't return anything.
+
+
+
+
+### Anonymous access to public buckets
+
+If you want to use rclone to access a public bucket, configure with a
+blank `access_key_id` and `secret_access_key`.  Your config should end
+up looking like this:
+
+```
+[anons3]
+type = s3
+provider = AWS
+env_auth = false
+access_key_id =
+secret_access_key =
+region = us-east-1
+endpoint =
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =
+```
+
+Then use it as normal with the name of the public bucket, e.g.
+
+    rclone lsd anons3:1000genomes
+
+You will be able to list and copy data but not upload it.
+
+## Providers
+
+### AWS S3
+
+This is the provider used as main example and described in the [configuration](#configuration) section above.
+
+### AWS Snowball Edge
+
+[AWS Snowball](https://aws.amazon.com/snowball/) is a hardware
+appliance used for transferring bulk data back to AWS. Its main
+software interface is S3 object storage.
+
+To use rclone with AWS Snowball Edge devices, configure as standard
+for an 'S3 Compatible Service'.
+
+If using rclone pre v1.59 be sure to set `upload_cutoff = 0` otherwise
+you will run into authentication header issues as the snowball device
+does not support query parameter based authentication.
+
+With rclone v1.59 or later setting `upload_cutoff` should not be necessary.
+
+eg.
+```
+[snowball]
+type = s3
+provider = Other
+access_key_id = YOUR_ACCESS_KEY
+secret_access_key = YOUR_SECRET_KEY
+endpoint = http://[IP of Snowball]:8080
+upload_cutoff = 0
+```
+
+### Ceph
+
+[Ceph](https://ceph.com/) is an open-source, unified, distributed
+storage system designed for excellent performance, reliability and
+scalability.  It has an S3 compatible object storage interface.
+
+To use rclone with Ceph, configure as above but leave the region blank
+and set the endpoint.  You should end up with something like this in
+your config:
+
+
+```
+[ceph]
+type = s3
+provider = Ceph
+env_auth = false
+access_key_id = XXX
+secret_access_key = YYY
+region =
+endpoint = https://ceph.endpoint.example.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+```
+
+If you are using an older version of CEPH (e.g. 10.2.x Jewel) and a
+version of rclone before v1.59 then you may need to supply the
+parameter `--s3-upload-cutoff 0` or put this in the config file as
+`upload_cutoff 0` to work around a bug which causes uploading of small
+files to fail.
+
+Note also that Ceph sometimes puts `/` in the passwords it gives
+users.  If you read the secret access key using the command line tools
+you will get a JSON blob with the `/` escaped as `\/`.  Make sure you
+only write `/` in the secret access key.
+
+Eg the dump from Ceph looks something like this (irrelevant keys
+removed).
+
+```
+{
+    "user_id": "xxx",
+    "display_name": "xxxx",
+    "keys": [
+        {
+            "user": "xxx",
+            "access_key": "xxxxxx",
+            "secret_key": "xxxxxx\/xxxx"
+        }
+    ],
+}
+```
+
+Because this is a json dump, it is encoding the `/` as `\/`, so if you
+use the secret key as `xxxxxx/xxxx`  it will work fine.
+
+### Cloudflare R2 {#cloudflare-r2}
+
+[Cloudflare R2](https://blog.cloudflare.com/r2-open-beta/) Storage
+allows developers to store large amounts of unstructured data without
+the costly egress bandwidth fees associated with typical cloud storage
+services.
+
+Here is an example of making a Cloudflare R2 configuration. First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+Note that all buckets are private, and all are stored in the same
+"auto" region. It is necessary to use Cloudflare workers to share the
+content of a bucket publicly.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> r2
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+...
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+...
+Storage> s3
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+...
+XX / Cloudflare R2 Storage
+   \ (Cloudflare)
+...
+provider> Cloudflare
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 1
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> ACCESS_KEY
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> SECRET_ACCESS_KEY
+Option region.
+Region to connect to.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / R2 buckets are automatically distributed across Cloudflare's data centers for low latency.
+   \ (auto)
+region> 1
+Option endpoint.
+Endpoint for S3 API.
+Required when using an S3 clone.
+Enter a value. Press Enter to leave empty.
+endpoint> https://ACCOUNT_ID.r2.cloudflarestorage.com
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave your config looking something like:
+
+```
+[r2]
+type = s3
+provider = Cloudflare
+access_key_id = ACCESS_KEY
+secret_access_key = SECRET_ACCESS_KEY
+region = auto
+endpoint = https://ACCOUNT_ID.r2.cloudflarestorage.com
+acl = private
+```
+
+Now run `rclone lsf r2:` to see your buckets and `rclone lsf
+r2:bucket` to look within a bucket.
+
+### Dreamhost
+
+Dreamhost [DreamObjects](https://www.dreamhost.com/cloud/storage/) is
+an object storage system based on CEPH.
+
+To use rclone with Dreamhost, configure as above but leave the region blank
+and set the endpoint.  You should end up with something like this in
+your config:
+
+```
+[dreamobjects]
+type = s3
+provider = DreamHost
+env_auth = false
+access_key_id = your_access_key
+secret_access_key = your_secret_key
+region =
+endpoint = objects-us-west-1.dream.io
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =
+```
+
+### Google Cloud Storage
+
+[GoogleCloudStorage](https://cloud.google.com/storage/docs) is an [S3-interoperable](https://cloud.google.com/storage/docs/interoperability) object storage service from Google Cloud Platform.
+
+To connect to Google Cloud Storage you will need an access key and secret key. These can be retrieved by creating an [HMAC key](https://cloud.google.com/storage/docs/authentication/managing-hmackeys).
+
+```
+[gs]
+type = s3
+provider = GCS
+access_key_id = your_access_key
+secret_access_key = your_secret_key
+endpoint = https://storage.googleapis.com
+```
+
+**Note** that `--s3-versions` does not work with GCS when it needs to do directory paging. Rclone will return the error:
+
+    s3 protocol error: received versions listing with IsTruncated set with no NextKeyMarker
+
+This is Google bug [#312292516](https://issuetracker.google.com/u/0/issues/312292516).
+
+### DigitalOcean Spaces
+
+[Spaces](https://www.digitalocean.com/products/object-storage/) is an [S3-interoperable](https://developers.digitalocean.com/documentation/spaces/) object storage service from cloud provider DigitalOcean.
+
+To connect to DigitalOcean Spaces you will need an access key and secret key. These can be retrieved on the "[Applications & API](https://cloud.digitalocean.com/settings/api/tokens)" page of the DigitalOcean control panel. They will be needed when prompted by `rclone config` for your `access_key_id` and `secret_access_key`.
+
+When prompted for a `region` or `location_constraint`, press enter to use the default value. The region must be included in the `endpoint` setting (e.g. `nyc3.digitaloceanspaces.com`). The default values can be used for other settings.
+
+Going through the whole process of creating a new remote by running `rclone config`, each prompt should be answered as shown below:
+
+```
+Storage> s3
+env_auth> 1
+access_key_id> YOUR_ACCESS_KEY
+secret_access_key> YOUR_SECRET_KEY
+region>
+endpoint> nyc3.digitaloceanspaces.com
+location_constraint>
+acl>
+storage_class>
+```
+
+The resulting configuration file should look like:
+
+```
+[spaces]
+type = s3
+provider = DigitalOcean
+env_auth = false
+access_key_id = YOUR_ACCESS_KEY
+secret_access_key = YOUR_SECRET_KEY
+region =
+endpoint = nyc3.digitaloceanspaces.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+```
+
+Once configured, you can create a new Space and begin copying files. For example:
+
+```
+rclone mkdir spaces:my-new-space
+rclone copy /path/to/files spaces:my-new-space
+```
+### Huawei OBS {#huawei-obs}
+
+Object Storage Service (OBS) provides stable, secure, efficient, and easy-to-use cloud storage that lets you store virtually any volume of unstructured data in any format and access it from anywhere.
+
+OBS provides an S3 interface, you can copy and modify the following configuration and add it to your rclone configuration file.
+```
+[obs]
+type = s3
+provider = HuaweiOBS
+access_key_id = your-access-key-id
+secret_access_key = your-secret-access-key
+region = af-south-1
+endpoint = obs.af-south-1.myhuaweicloud.com
+acl = private
+```
+
+Or you can also configure via the interactive command line:
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> obs
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+[snip]
+Storage> 5
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+ 9 / Huawei Object Storage Service
+   \ (HuaweiOBS)
+[snip]
+provider> 9
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 1
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> your-access-key-id
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> your-secret-access-key
+Option region.
+Region to connect to.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / AF-Johannesburg
+   \ (af-south-1)
+ 2 / AP-Bangkok
+   \ (ap-southeast-2)
+[snip]
+region> 1
+Option endpoint.
+Endpoint for OBS API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / AF-Johannesburg
+   \ (obs.af-south-1.myhuaweicloud.com)
+ 2 / AP-Bangkok
+   \ (obs.ap-southeast-2.myhuaweicloud.com)
+[snip]
+endpoint> 1
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+[snip]
+acl> 1
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n>
+--------------------
+[obs]
+type = s3
+provider = HuaweiOBS
+access_key_id = your-access-key-id
+secret_access_key = your-secret-access-key
+region = af-south-1
+endpoint = obs.af-south-1.myhuaweicloud.com
+acl = private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
+
+Name                 Type
+====                 ====
+obs                  s3
+
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> q
+```
+
+### IBM COS (S3)
+
+Information stored with IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations, and accessed through an implementation of the S3 API. This service makes use of the distributed storage technologies provided by IBM’s Cloud Object Storage System (formerly Cleversafe). For more information visit: (http://www.ibm.com/cloud/object-storage)
+
+To configure access to IBM COS S3, follow the steps below:
+
+1. Run rclone config and select n for a new remote.
+```
+	2018/02/14 14:13:11 NOTICE: Config file "C:\\Users\\a\\.config\\rclone\\rclone.conf" not found - using defaults
+	No remotes found, make a new one?
+	n) New remote
+	s) Set configuration password
+	q) Quit config
+	n/s/q> n
+```
+
+2. Enter the name for the configuration
+```
+	name> <YOUR NAME>
+```
+
+3. Select "s3" storage.
+```
+Choose a number from below, or type in your own value
+ 	1 / Alias for an existing remote
+   	\ "alias"
+ 	2 / Amazon Drive
+   	\ "amazon cloud drive"
+ 	3 / Amazon S3 Complaint Storage Providers (Dreamhost, Ceph, ChinaMobile, Liara, ArvanCloud, Minio, IBM COS)
+   	\ "s3"
+ 	4 / Backblaze B2
+   	\ "b2"
+[snip]
+	23 / HTTP
+    \ "http"
+Storage> 3
+```
+
+4. Select IBM COS as the S3 Storage Provider.
+```
+Choose the S3 provider.
+Choose a number from below, or type in your own value
+	 1 / Choose this option to configure Storage to AWS S3
+	   \ "AWS"
+ 	 2 / Choose this option to configure Storage to Ceph Systems
+  	 \ "Ceph"
+	 3 /  Choose this option to configure Storage to Dreamhost
+     \ "Dreamhost"
+   4 / Choose this option to the configure Storage to IBM COS S3
+   	 \ "IBMCOS"
+ 	 5 / Choose this option to the configure Storage to Minio
+     \ "Minio"
+	 Provider>4
+```
+
+5. Enter the Access Key and Secret.
+```
+	AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+	access_key_id> <>
+	AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+	secret_access_key> <>
+```
+
+6. Specify the endpoint for IBM COS. For Public IBM COS, choose from the option below. For On Premise IBM COS, enter an endpoint address.
+```
+	Endpoint for IBM COS S3 API.
+	Specify if using an IBM COS On Premise.
+	Choose a number from below, or type in your own value
+	 1 / US Cross Region Endpoint
+   	   \ "s3-api.us-geo.objectstorage.softlayer.net"
+	 2 / US Cross Region Dallas Endpoint
+   	   \ "s3-api.dal.us-geo.objectstorage.softlayer.net"
+ 	 3 / US Cross Region Washington DC Endpoint
+   	   \ "s3-api.wdc-us-geo.objectstorage.softlayer.net"
+	 4 / US Cross Region San Jose Endpoint
+	   \ "s3-api.sjc-us-geo.objectstorage.softlayer.net"
+	 5 / US Cross Region Private Endpoint
+	   \ "s3-api.us-geo.objectstorage.service.networklayer.com"
+	 6 / US Cross Region Dallas Private Endpoint
+	   \ "s3-api.dal-us-geo.objectstorage.service.networklayer.com"
+	 7 / US Cross Region Washington DC Private Endpoint
+	   \ "s3-api.wdc-us-geo.objectstorage.service.networklayer.com"
+	 8 / US Cross Region San Jose Private Endpoint
+	   \ "s3-api.sjc-us-geo.objectstorage.service.networklayer.com"
+	 9 / US Region East Endpoint
+	   \ "s3.us-east.objectstorage.softlayer.net"
+	10 / US Region East Private Endpoint
+	   \ "s3.us-east.objectstorage.service.networklayer.com"
+	11 / US Region South Endpoint
+[snip]
+	34 / Toronto Single Site Private Endpoint
+	   \ "s3.tor01.objectstorage.service.networklayer.com"
+	endpoint>1
+```
+
+
+7. Specify a IBM COS Location Constraint. The location constraint must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter
+```
+	 1 / US Cross Region Standard
+	   \ "us-standard"
+	 2 / US Cross Region Vault
+	   \ "us-vault"
+	 3 / US Cross Region Cold
+	   \ "us-cold"
+	 4 / US Cross Region Flex
+	   \ "us-flex"
+	 5 / US East Region Standard
+	   \ "us-east-standard"
+	 6 / US East Region Vault
+	   \ "us-east-vault"
+	 7 / US East Region Cold
+	   \ "us-east-cold"
+	 8 / US East Region Flex
+	   \ "us-east-flex"
+	 9 / US South Region Standard
+	   \ "us-south-standard"
+	10 / US South Region Vault
+	   \ "us-south-vault"
+[snip]
+	32 / Toronto Flex
+	   \ "tor01-flex"
+location_constraint>1
+```
+
+9. Specify a canned ACL. IBM Cloud (Storage) supports "public-read" and "private". IBM Cloud(Infra) supports all the canned ACLs. On-Premise COS supports all the canned ACLs.
+```
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+      1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
+      \ "private"
+      2  / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
+      \ "public-read"
+      3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
+      \ "public-read-write"
+      4  / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
+      \ "authenticated-read"
+acl> 1
+```
+
+
+12. Review the displayed configuration and accept to save the "remote" then quit. The config file should look like this
+```
+	[xxx]
+	type = s3
+	Provider = IBMCOS
+	access_key_id = xxx
+	secret_access_key = yyy
+	endpoint = s3-api.us-geo.objectstorage.softlayer.net
+	location_constraint = us-standard
+	acl = private
+```
+
+13. Execute rclone commands
+```
+	1)	Create a bucket.
+		rclone mkdir IBM-COS-XREGION:newbucket
+	2)	List available buckets.
+		rclone lsd IBM-COS-XREGION:
+		-1 2017-11-08 21:16:22        -1 test
+		-1 2018-02-14 20:16:39        -1 newbucket
+	3)	List contents of a bucket.
+		rclone ls IBM-COS-XREGION:newbucket
+		18685952 test.exe
+	4)	Copy a file from local to remote.
+		rclone copy /Users/file.txt IBM-COS-XREGION:newbucket
+	5)	Copy a file from remote to local.
+		rclone copy IBM-COS-XREGION:newbucket/file.txt .
+	6)	Delete a file on remote.
+		rclone delete IBM-COS-XREGION:newbucket/file.txt
+```
+
+### IDrive e2 {#idrive-e2}
+
+Here is an example of making an [IDrive e2](https://www.idrive.com/e2/)
+configuration.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter name for new remote.
+name> e2
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+[snip]
+Storage> s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / IDrive e2
+   \ (IDrive)
+[snip]
+provider> IDrive
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> YOUR_ACCESS_KEY
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> YOUR_SECRET_KEY
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+   / Owner gets FULL_CONTROL.
+ 3 | The AllUsers group gets READ and WRITE access.
+   | Granting this on a bucket is generally not recommended.
+   \ (public-read-write)
+   / Owner gets FULL_CONTROL.
+ 4 | The AuthenticatedUsers group gets READ access.
+   \ (authenticated-read)
+   / Object owner gets FULL_CONTROL.
+ 5 | Bucket owner gets READ access.
+   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-read)
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-full-control)
+acl> 
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> 
+
+Configuration complete.
+Options:
+- type: s3
+- provider: IDrive
+- access_key_id: YOUR_ACCESS_KEY
+- secret_access_key: YOUR_SECRET_KEY
+- endpoint: q9d9.la12.idrivee2-5.com
+Keep this "e2" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+### IONOS Cloud {#ionos}
+
+[IONOS S3 Object Storage](https://cloud.ionos.com/storage/object-storage) is a service offered by IONOS for storing and accessing unstructured data.
+To connect to the service, you will need an access key and a secret key. These can be found in the [Data Center Designer](https://dcd.ionos.com/), by selecting **Manager resources** > **Object Storage Key Manager**.
+
+
+Here is an example of a configuration. First, run `rclone config`. This will walk you through an interactive setup process. Type `n` to add the new remote, and then enter a name:
+
+```
+Enter name for new remote.
+name> ionos-fra
+```
+
+Type `s3` to choose the connection type:
+```
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
+   \ (s3)
+[snip]
+Storage> s3
+```
+
+Type `IONOS`:
+```
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / IONOS Cloud
+   \ (IONOS)
+[snip]
+provider> IONOS
+```
+
+Press Enter to choose the default option `Enter AWS credentials in the next step`:
+```
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth>
+```
+
+Enter your Access Key and Secret key. These can be retrieved in the [Data Center Designer](https://dcd.ionos.com/), click on the menu “Manager resources”  / "Object Storage Key Manager".
+```
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> YOUR_ACCESS_KEY
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> YOUR_SECRET_KEY
+```
+
+Choose the region where your bucket is located:
+```
+Option region.
+Region where your bucket will be created and your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Frankfurt, Germany
+   \ (de)
+ 2 / Berlin, Germany
+   \ (eu-central-2)
+ 3 / Logrono, Spain
+   \ (eu-south-2)
+region> 2
+```
+
+Choose the endpoint from the same region:
+```
+Option endpoint.
+Endpoint for IONOS S3 Object Storage.
+Specify the endpoint from the same region.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Frankfurt, Germany
+   \ (s3-eu-central-1.ionoscloud.com)
+ 2 / Berlin, Germany
+   \ (s3-eu-central-2.ionoscloud.com)
+ 3 / Logrono, Spain
+   \ (s3-eu-south-2.ionoscloud.com)
+endpoint> 1
+```
+
+Press Enter to choose the default option or choose the desired ACL setting:
+```
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+[snip]
+acl>
+```
+
+Press Enter to skip the advanced config:
+```
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n>
+```
+
+Press Enter to save the configuration, and then `q` to quit the configuration process:
+```
+Configuration complete.
+Options:
+- type: s3
+- provider: IONOS
+- access_key_id: YOUR_ACCESS_KEY
+- secret_access_key: YOUR_SECRET_KEY
+- endpoint: s3-eu-central-1.ionoscloud.com
+Keep this "ionos-fra" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+Done! Now you can try some commands (for macOS, use `./rclone` instead of `rclone`).
+
+1)  Create a bucket (the name must be unique within the whole IONOS S3)
+```
+rclone mkdir ionos-fra:my-bucket
+```
+2)  List available buckets
+```
+rclone lsd ionos-fra:
+```
+4) Copy a file from local to remote
+```
+rclone copy /Users/file.txt ionos-fra:my-bucket
+```
+3)  List contents of a bucket
+```
+rclone ls ionos-fra:my-bucket
+```
+5)  Copy a file from remote to local
+```
+rclone copy ionos-fra:my-bucket/file.txt
+```
+
+### Minio
+
+[Minio](https://minio.io/) is an object storage server built for cloud application developers and devops.
+
+It is very easy to install and provides an S3 compatible server which can be used by rclone.
+
+To use it, install Minio following the instructions [here](https://docs.minio.io/docs/minio-quickstart-guide).
+
+When it configures itself Minio will print something like this
+
+```
+Endpoint:  http://192.168.1.106:9000  http://172.23.0.1:9000
+AccessKey: USWUXHGYZQYFYFFIT3RE
+SecretKey: MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+Region:    us-east-1
+SQS ARNs:  arn:minio:sqs:us-east-1:1:redis arn:minio:sqs:us-east-1:2:redis
+
+Browser Access:
+   http://192.168.1.106:9000  http://172.23.0.1:9000
+
+Command-line Access: https://docs.minio.io/docs/minio-client-quickstart-guide
+   $ mc config host add myminio http://192.168.1.106:9000 USWUXHGYZQYFYFFIT3RE MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+
+Object API (Amazon S3 compatible):
+   Go:         https://docs.minio.io/docs/golang-client-quickstart-guide
+   Java:       https://docs.minio.io/docs/java-client-quickstart-guide
+   Python:     https://docs.minio.io/docs/python-client-quickstart-guide
+   JavaScript: https://docs.minio.io/docs/javascript-client-quickstart-guide
+   .NET:       https://docs.minio.io/docs/dotnet-client-quickstart-guide
+
+Drive Capacity: 26 GiB Free, 165 GiB Total
+```
+
+These details need to go into `rclone config` like this.  Note that it
+is important to put the region in as stated above.
+
+```
+env_auth> 1
+access_key_id> USWUXHGYZQYFYFFIT3RE
+secret_access_key> MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+region> us-east-1
+endpoint> http://192.168.1.106:9000
+location_constraint>
+server_side_encryption>
+```
+
+Which makes the config file look like this
+
+```
+[minio]
+type = s3
+provider = Minio
+env_auth = false
+access_key_id = USWUXHGYZQYFYFFIT3RE
+secret_access_key = MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
+region = us-east-1
+endpoint = http://192.168.1.106:9000
+location_constraint =
+server_side_encryption =
+```
+
+So once set up, for example, to copy files into a bucket
+
+```
+rclone copy /path/to/files minio:bucket
+```
+
+### Qiniu Cloud Object Storage (Kodo) {#qiniu}
+
+[Qiniu Cloud Object Storage (Kodo)](https://www.qiniu.com/en/products/kodo), a completely independent-researched core technology which is proven by repeated customer experience has occupied absolute leading market leader position. Kodo can be widely applied to mass data management.
+
+To configure access to Qiniu Kodo, follow the steps below:
+
+1. Run `rclone config` and select `n` for a new remote.
+
+```
+rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+```
+
+2. Give the name of the configuration. For example, name it 'qiniu'.
+
+```
+name> qiniu
+```
+
+3. Select `s3` storage.
+
+```
+Choose a number from below, or type in your own value
+ 1 / 1Fichier
+   \ (fichier)
+ 2 / Akamai NetStorage
+   \ (netstorage)
+ 3 / Alias for an existing remote
+   \ (alias)
+ 4 / Amazon Drive
+   \ (amazon cloud drive)
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ (s3)
+[snip]
+Storage> s3
+```
+
+4. Select `Qiniu` provider.
+```
+Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \ "AWS"
+[snip]
+22 / Qiniu Object Storage (Kodo)
+   \ (Qiniu)
+[snip]
+provider> Qiniu
+```
+
+5. Enter your SecretId and SecretKey of Qiniu Kodo.
+
+```
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+access_key_id> AKIDxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+secret_access_key> xxxxxxxxxxx
+```
+
+6. Select endpoint for Qiniu Kodo. This is the standard endpoint for different region.
+
+```
+   / The default endpoint - a good choice if you are unsure.
+ 1 | East China Region 1.
+   | Needs location constraint cn-east-1.
+   \ (cn-east-1)
+   / East China Region 2.
+ 2 | Needs location constraint cn-east-2.
+   \ (cn-east-2)
+   / North China Region 1.
+ 3 | Needs location constraint cn-north-1.
+   \ (cn-north-1)
+   / South China Region 1.
+ 4 | Needs location constraint cn-south-1.
+   \ (cn-south-1)
+   / North America Region.
+ 5 | Needs location constraint us-north-1.
+   \ (us-north-1)
+   / Southeast Asia Region 1.
+ 6 | Needs location constraint ap-southeast-1.
+   \ (ap-southeast-1)
+   / Northeast Asia Region 1.
+ 7 | Needs location constraint ap-northeast-1.
+   \ (ap-northeast-1)
+[snip]
+endpoint> 1
+
+Option endpoint.
+Endpoint for Qiniu Object Storage.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / East China Endpoint 1
+   \ (s3-cn-east-1.qiniucs.com)
+ 2 / East China Endpoint 2
+   \ (s3-cn-east-2.qiniucs.com)
+ 3 / North China Endpoint 1
+   \ (s3-cn-north-1.qiniucs.com)
+ 4 / South China Endpoint 1
+   \ (s3-cn-south-1.qiniucs.com)
+ 5 / North America Endpoint 1
+   \ (s3-us-north-1.qiniucs.com)
+ 6 / Southeast Asia Endpoint 1
+   \ (s3-ap-southeast-1.qiniucs.com)
+ 7 / Northeast Asia Endpoint 1
+   \ (s3-ap-northeast-1.qiniucs.com)
+endpoint> 1
+
+Option location_constraint.
+Location constraint - must be set to match the Region.
+Used when creating buckets only.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / East China Region 1
+   \ (cn-east-1)
+ 2 / East China Region 2
+   \ (cn-east-2)
+ 3 / North China Region 1
+   \ (cn-north-1)
+ 4 / South China Region 1
+   \ (cn-south-1)
+ 5 / North America Region 1
+   \ (us-north-1)
+ 6 / Southeast Asia Region 1
+   \ (ap-southeast-1)
+ 7 / Northeast Asia Region 1
+   \ (ap-northeast-1)
+location_constraint> 1
+```
+
+7. Choose acl and storage class.
+
+```
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+[snip]
+acl> 2
+The storage class to use when storing new objects in Tencent COS.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Standard storage class
+   \ (STANDARD)
+ 2 / Infrequent access storage mode
+   \ (LINE)
+ 3 / Archive storage mode
+   \ (GLACIER)
+ 4 / Deep archive storage mode
+   \ (DEEP_ARCHIVE)
+[snip]
+storage_class> 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[qiniu]
+- type: s3
+- provider: Qiniu
+- access_key_id: xxx
+- secret_access_key: xxx
+- region: cn-east-1
+- endpoint: s3-cn-east-1.qiniucs.com
+- location_constraint: cn-east-1
+- acl: public-read
+- storage_class: STANDARD
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
+
+Name                 Type
+====                 ====
+qiniu                s3
+```
+
+### RackCorp {#RackCorp}
+
+[RackCorp Object Storage](https://www.rackcorp.com/storage/s3storage) is an S3 compatible object storage platform from your friendly cloud provider RackCorp. 
+The service is fast, reliable, well priced and located in many strategic locations unserviced by others, to ensure you can maintain data sovereignty.
+
+Before you can use RackCorp Object Storage, you'll need to "[sign up](https://www.rackcorp.com/signup)" for an account on our "[portal](https://portal.rackcorp.com)".
+Next you can create an `access key`, a `secret key` and `buckets`, in your location of choice with ease. 
+These details are required for the next steps of configuration, when `rclone config` asks for your `access_key_id` and `secret_access_key`.
+
+Your config should end up looking a bit like this:
+
+```
+[RCS3-demo-config]
+type = s3
+provider = RackCorp
+env_auth = true
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region = au-nsw
+endpoint = s3.rackcorp.com
+location_constraint = au-nsw
+```
+
+### Rclone Serve S3 {#rclone}
+
+Rclone can serve any remote over the S3 protocol. For details see the
+[rclone serve s3](https://rclone.org/commands/rclone_serve_http/) documentation.
+
+For example, to serve `remote:path` over s3, run the server like this:
+
+```
+rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+```
+
+This will be compatible with an rclone remote which is defined like this:
+
+```
+[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false
+```
+
+Note that setting `disable_multipart_uploads = true` is to work around
+[a bug](https://rclone.org/commands/rclone_serve_http/#bugs) which will be fixed in due course.
+
+### Scaleway
+
+[Scaleway](https://www.scaleway.com/object-storage/) The Object Storage platform allows you to store anything from backups, logs and web assets to documents and photos.
+Files can be dropped from the Scaleway console or transferred through our API and CLI or using any S3-compatible tool.
+
+Scaleway provides an S3 interface which can be configured for use with rclone like this:
+
+```
+[scaleway]
+type = s3
+provider = Scaleway
+env_auth = false
+endpoint = s3.nl-ams.scw.cloud
+access_key_id = SCWXXXXXXXXXXXXXX
+secret_access_key = 1111111-2222-3333-44444-55555555555555
+region = nl-ams
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =
+```
+
+[C14 Cold Storage](https://www.online.net/en/storage/c14-cold-storage) is the low-cost S3 Glacier alternative from Scaleway and it works the same way as on S3 by accepting the "GLACIER" `storage_class`.
+So you can configure your remote with the `storage_class = GLACIER` option to upload directly to C14. Don't forget that in this state you can't read files back after, you will need to restore them to "STANDARD" storage_class first before being able to read them (see "restore" section above)
+
+### Seagate Lyve Cloud {#lyve}
+
+[Seagate Lyve Cloud](https://www.seagate.com/gb/en/services/cloud/storage/) is an S3
+compatible object storage platform from [Seagate](https://seagate.com/) intended for enterprise use.
+
+Here is a config run through for a remote called `remote` - you may
+choose a different name of course. Note that to create an access key
+and secret key you will need to create a service account first.
+
+```
+$ rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+```
+
+Choose `s3` backend
+
+```
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
+   \ (s3)
+[snip]
+Storage> s3
+```
+
+Choose `LyveCloud` as S3 provider
+
+```
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Seagate Lyve Cloud
+   \ (LyveCloud)
+[snip]
+provider> LyveCloud
+```
+
+Take the default (just press enter) to enter access key and secret in the config file.
+
+```
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth>
+```
+
+```
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> XXX
+```
+
+```
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> YYY
+```
+
+Leave region blank
+
+```
+Region to connect to.
+Leave blank if you are using an S3 clone and you don't have a region.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Use this if unsure.
+ 1 | Will use v4 signatures and an empty region.
+   \ ()
+   / Use this only if v4 signatures don't work.
+ 2 | E.g. pre Jewel/v10 CEPH.
+   \ (other-v2-signature)
+region>
+```
+
+Choose an endpoint from the list
+
+```
+Endpoint for S3 API.
+Required when using an S3 clone.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Seagate Lyve Cloud US East 1 (Virginia)
+   \ (s3.us-east-1.lyvecloud.seagate.com)
+ 2 / Seagate Lyve Cloud US West 1 (California)
+   \ (s3.us-west-1.lyvecloud.seagate.com)
+ 3 / Seagate Lyve Cloud AP Southeast 1 (Singapore)
+   \ (s3.ap-southeast-1.lyvecloud.seagate.com)
+endpoint> 1
+```
+
+Leave location constraint blank
+
+```
+Location constraint - must be set to match the Region.
+Leave blank if not sure. Used when creating buckets only.
+Enter a value. Press Enter to leave empty.
+location_constraint>
+```
+
+Choose default ACL (`private`).
+
+```
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+[snip]
+acl>
+```
+
+And the config file should end up looking like this:
+
+```
+[remote]
+type = s3
+provider = LyveCloud
+access_key_id = XXX
+secret_access_key = YYY
+endpoint = s3.us-east-1.lyvecloud.seagate.com
+```
+
+### SeaweedFS
+
+[SeaweedFS](https://github.com/chrislusf/seaweedfs/) is a distributed storage system for 
+blobs, objects, files, and data lake, with O(1) disk seek and a scalable file metadata store.
+It has an S3 compatible object storage interface. SeaweedFS can also act as a 
+[gateway to remote S3 compatible object store](https://github.com/chrislusf/seaweedfs/wiki/Gateway-to-Remote-Object-Storage) 
+to cache data and metadata with asynchronous write back, for fast local speed and minimize access cost.
+
+Assuming the SeaweedFS are configured with `weed shell` as such:
+```
+> s3.bucket.create -name foo
+> s3.configure -access_key=any -secret_key=any -buckets=foo -user=me -actions=Read,Write,List,Tagging,Admin -apply
+{
+  "identities": [
+    {
+      "name": "me",
+      "credentials": [
+        {
+          "accessKey": "any",
+          "secretKey": "any"
+        }
+      ],
+      "actions": [
+        "Read:foo",
+        "Write:foo",
+        "List:foo",
+        "Tagging:foo",
+        "Admin:foo"
+      ]
+    }
+  ]
+}
+```
+
+To use rclone with SeaweedFS, above configuration should end up with something like this in
+your config:
+
+```
+[seaweedfs_s3]
+type = s3
+provider = SeaweedFS
+access_key_id = any
+secret_access_key = any
+endpoint = localhost:8333
+```
+
+So once set up, for example to copy files into a bucket
+
+```
+rclone copy /path/to/files seaweedfs_s3:foo
+```
+
+### Wasabi
+
+[Wasabi](https://wasabi.com) is a cloud-based object storage service for a
+broad range of applications and use cases. Wasabi is designed for
+individuals and organizations that require a high-performance,
+reliable, and secure data storage infrastructure at minimal cost.
+
+Wasabi provides an S3 interface which can be configured for use with
+rclone like this.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s> n
+name> wasabi
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Minio, Liara)
+   \ "s3"
+[snip]
+Storage> s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id> YOURACCESSKEY
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key> YOURSECRETACCESSKEY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint - a good choice if you are unsure.
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \ "us-east-1"
+[snip]
+region> us-east-1
+Endpoint for S3 API.
+Leave blank if using AWS to use the default endpoint for the region.
+Specify if using an S3 clone such as Ceph.
+endpoint> s3.wasabisys.com
+Location constraint - must be set to match the Region. Used when creating buckets only.
+Choose a number from below, or type in your own value
+ 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
+   \ ""
+[snip]
+location_constraint>
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ "private"
+[snip]
+acl>
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \ ""
+ 2 / AES256
+   \ "AES256"
+server_side_encryption>
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ ""
+ 2 / Standard storage class
+   \ "STANDARD"
+ 3 / Reduced redundancy storage class
+   \ "REDUCED_REDUNDANCY"
+ 4 / Standard Infrequent Access storage class
+   \ "STANDARD_IA"
+storage_class>
+Remote config
+--------------------
+[wasabi]
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region = us-east-1
+endpoint = s3.wasabisys.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave the config file looking like this.
+
+```
+[wasabi]
+type = s3
+provider = Wasabi
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region =
+endpoint = s3.wasabisys.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+```
+
+### Alibaba OSS {#alibaba-oss}
+
+Here is an example of making an [Alibaba Cloud (Aliyun) OSS](https://www.alibabacloud.com/product/oss/)
+configuration.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> oss
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+[snip]
+ 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
+   \ "s3"
+[snip]
+Storage> s3
+Choose your S3 provider.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Amazon Web Services (AWS) S3
+   \ "AWS"
+ 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
+   \ "Alibaba"
+ 3 / Ceph Object Storage
+   \ "Ceph"
+[snip]
+provider> Alibaba
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+access_key_id> accesskeyid
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+secret_access_key> secretaccesskey
+Endpoint for OSS API.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / East China 1 (Hangzhou)
+   \ "oss-cn-hangzhou.aliyuncs.com"
+ 2 / East China 2 (Shanghai)
+   \ "oss-cn-shanghai.aliyuncs.com"
+ 3 / North China 1 (Qingdao)
+   \ "oss-cn-qingdao.aliyuncs.com"
+[snip]
+endpoint> 1
+Canned ACL used when creating buckets and storing or copying objects.
+
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ "private"
+ 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
+   \ "public-read"
+   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
+[snip]
+acl> 1
+The storage class to use when storing new objects in OSS.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ ""
+ 2 / Standard storage class
+   \ "STANDARD"
+ 3 / Archive storage mode.
+   \ "GLACIER"
+ 4 / Infrequent access storage mode.
+   \ "STANDARD_IA"
+storage_class> 1
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> n
+Remote config
+--------------------
+[oss]
+type = s3
+provider = Alibaba
+env_auth = false
+access_key_id = accesskeyid
+secret_access_key = secretaccesskey
+endpoint = oss-cn-hangzhou.aliyuncs.com
+acl = private
+storage_class = Standard
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+### China Mobile Ecloud Elastic Object Storage (EOS) {#china-mobile-ecloud-eos}
+
+Here is an example of making an [China Mobile Ecloud Elastic Object Storage (EOS)](https:///ecloud.10086.cn/home/product-introduction/eos/)
+configuration.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> ChinaMobile
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+ ...
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, RackCorp, SeaweedFS, and Tencent COS
+   \ (s3)
+ ...
+Storage> s3
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ ...
+ 4 / China Mobile Ecloud Elastic Object Storage (EOS)
+   \ (ChinaMobile)
+ ...
+provider> ChinaMobile
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth>
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> accesskeyid
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> secretaccesskey
+Option endpoint.
+Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / The default endpoint - a good choice if you are unsure.
+ 1 | East China (Suzhou)
+   \ (eos-wuxi-1.cmecloud.cn)
+ 2 / East China (Jinan)
+   \ (eos-jinan-1.cmecloud.cn)
+ 3 / East China (Hangzhou)
+   \ (eos-ningbo-1.cmecloud.cn)
+ 4 / East China (Shanghai-1)
+   \ (eos-shanghai-1.cmecloud.cn)
+ 5 / Central China (Zhengzhou)
+   \ (eos-zhengzhou-1.cmecloud.cn)
+ 6 / Central China (Changsha-1)
+   \ (eos-hunan-1.cmecloud.cn)
+ 7 / Central China (Changsha-2)
+   \ (eos-zhuzhou-1.cmecloud.cn)
+ 8 / South China (Guangzhou-2)
+   \ (eos-guangzhou-1.cmecloud.cn)
+ 9 / South China (Guangzhou-3)
+   \ (eos-dongguan-1.cmecloud.cn)
+10 / North China (Beijing-1)
+   \ (eos-beijing-1.cmecloud.cn)
+11 / North China (Beijing-2)
+   \ (eos-beijing-2.cmecloud.cn)
+12 / North China (Beijing-3)
+   \ (eos-beijing-4.cmecloud.cn)
+13 / North China (Huhehaote)
+   \ (eos-huhehaote-1.cmecloud.cn)
+14 / Southwest China (Chengdu)
+   \ (eos-chengdu-1.cmecloud.cn)
+15 / Southwest China (Chongqing)
+   \ (eos-chongqing-1.cmecloud.cn)
+16 / Southwest China (Guiyang)
+   \ (eos-guiyang-1.cmecloud.cn)
+17 / Nouthwest China (Xian)
+   \ (eos-xian-1.cmecloud.cn)
+18 / Yunnan China (Kunming)
+   \ (eos-yunnan.cmecloud.cn)
+19 / Yunnan China (Kunming-2)
+   \ (eos-yunnan-2.cmecloud.cn)
+20 / Tianjin China (Tianjin)
+   \ (eos-tianjin-1.cmecloud.cn)
+21 / Jilin China (Changchun)
+   \ (eos-jilin-1.cmecloud.cn)
+22 / Hubei China (Xiangyan)
+   \ (eos-hubei-1.cmecloud.cn)
+23 / Jiangxi China (Nanchang)
+   \ (eos-jiangxi-1.cmecloud.cn)
+24 / Gansu China (Lanzhou)
+   \ (eos-gansu-1.cmecloud.cn)
+25 / Shanxi China (Taiyuan)
+   \ (eos-shanxi-1.cmecloud.cn)
+26 / Liaoning China (Shenyang)
+   \ (eos-liaoning-1.cmecloud.cn)
+27 / Hebei China (Shijiazhuang)
+   \ (eos-hebei-1.cmecloud.cn)
+28 / Fujian China (Xiamen)
+   \ (eos-fujian-1.cmecloud.cn)
+29 / Guangxi China (Nanning)
+   \ (eos-guangxi-1.cmecloud.cn)
+30 / Anhui China (Huainan)
+   \ (eos-anhui-1.cmecloud.cn)
+endpoint> 1
+Option location_constraint.
+Location constraint - must match endpoint.
+Used when creating buckets only.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / East China (Suzhou)
+   \ (wuxi1)
+ 2 / East China (Jinan)
+   \ (jinan1)
+ 3 / East China (Hangzhou)
    \ (ningbo1)
  4 / East China (Shanghai-1)
    \ (shanghai1)
@@ -22738,1097 +25693,3445 @@ Press Enter to leave empty.
  4 | The AuthenticatedUsers group gets READ access.
    \ (authenticated-read)
    / Object owner gets FULL_CONTROL.
-acl> private
-Option server_side_encryption.
-The server-side encryption algorithm used when storing this object in S3.
+acl> private
+Option server_side_encryption.
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / None
+   \ ()
+ 2 / AES256
+   \ (AES256)
+server_side_encryption>
+Option storage_class.
+The storage class to use when storing new objects in ChinaMobile.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Default
+   \ ()
+ 2 / Standard storage class
+   \ (STANDARD)
+ 3 / Archive storage mode
+   \ (GLACIER)
+ 4 / Infrequent access storage mode
+   \ (STANDARD_IA)
+storage_class>
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+--------------------
+[ChinaMobile]
+type = s3
+provider = ChinaMobile
+access_key_id = accesskeyid
+secret_access_key = secretaccesskey
+endpoint = eos-wuxi-1.cmecloud.cn
+location_constraint = wuxi1
+acl = private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+### Leviia Cloud Object Storage {#leviia}
+
+[Leviia Object Storage](https://www.leviia.com/object-storage/), backup and secure your data in a 100% French cloud, independent of GAFAM..
+
+To configure access to Leviia, follow the steps below:
+
+1. Run `rclone config` and select `n` for a new remote.
+
+```
+rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+```
+
+2. Give the name of the configuration. For example, name it 'leviia'.
+
+```
+name> leviia
+```
+
+3. Select `s3` storage.
+
+```
+Choose a number from below, or type in your own value
+ 1 / 1Fichier
+   \ (fichier)
+ 2 / Akamai NetStorage
+   \ (netstorage)
+ 3 / Alias for an existing remote
+   \ (alias)
+ 4 / Amazon Drive
+   \ (amazon cloud drive)
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ (s3)
+[snip]
+Storage> s3
+```
+
+4. Select `Leviia` provider.
+```
+Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \ "AWS"
+[snip]
+15 / Leviia Object Storage
+   \ (Leviia)
+[snip]
+provider> Leviia
+```
+
+5. Enter your SecretId and SecretKey of Leviia.
+
+```
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+access_key_id> ZnIx.xxxxxxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+secret_access_key> xxxxxxxxxxx
+```
+
+6. Select endpoint for Leviia.
+
+```
+   / The default endpoint
+ 1 | Leviia.
+   \ (s3.leviia.com)
+[snip]
+endpoint> 1
+```
+7. Choose acl.
+
+```
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+[snip]
+acl> 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[leviia]
+- type: s3
+- provider: Leviia
+- access_key_id: ZnIx.xxxxxxx
+- secret_access_key: xxxxxxxx
+- endpoint: s3.leviia.com
+- acl: private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
+
+Name                 Type
+====                 ====
+leviia                s3
+```
+
+### Liara {#liara-cloud}
+
+Here is an example of making a [Liara Object Storage](https://liara.ir/landing/object-storage)
+configuration.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s> n
+name> Liara
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
+   \ "s3"
+[snip]
+Storage> s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id> YOURACCESSKEY
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key> YOURSECRETACCESSKEY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \ "us-east-1"
+[snip]
+region>
+Endpoint for S3 API.
+Leave blank if using Liara to use the default endpoint for the region.
+Specify if using an S3 clone such as Ceph.
+endpoint> storage.iran.liara.space
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ "private"
+[snip]
+acl>
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \ ""
+ 2 / AES256
+   \ "AES256"
+server_side_encryption>
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ ""
+ 2 / Standard storage class
+   \ "STANDARD"
+storage_class>
+Remote config
+--------------------
+[Liara]
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+endpoint = storage.iran.liara.space
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave the config file looking like this.
+
+```
+[Liara]
+type = s3
+provider = Liara
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region =
+endpoint = storage.iran.liara.space
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+```
+
+### Linode {#linode}
+
+Here is an example of making a [Linode Object Storage](https://www.linode.com/products/object-storage/)
+configuration.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter name for new remote.
+name> linode
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+ X / Amazon S3 Compliant Storage Providers including AWS, ...Linode, ...and others
+   \ (s3)
+[snip]
+Storage> s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Linode Object Storage
+   \ (Linode)
+[snip]
+provider> Linode
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> ACCESS_KEY
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> SECRET_ACCESS_KEY
+
+Option endpoint.
+Endpoint for Linode Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Atlanta, GA (USA), us-southeast-1
+   \ (us-southeast-1.linodeobjects.com)
+ 2 / Chicago, IL (USA), us-ord-1
+   \ (us-ord-1.linodeobjects.com)
+ 3 / Frankfurt (Germany), eu-central-1
+   \ (eu-central-1.linodeobjects.com)
+ 4 / Milan (Italy), it-mil-1
+   \ (it-mil-1.linodeobjects.com)
+ 5 / Newark, NJ (USA), us-east-1
+   \ (us-east-1.linodeobjects.com)
+ 6 / Paris (France), fr-par-1
+   \ (fr-par-1.linodeobjects.com)
+ 7 / Seattle, WA (USA), us-sea-1
+   \ (us-sea-1.linodeobjects.com)
+ 8 / Singapore ap-south-1
+   \ (ap-south-1.linodeobjects.com)
+ 9 / Stockholm (Sweden), se-sto-1
+   \ (se-sto-1.linodeobjects.com)
+10 / Washington, DC, (USA), us-iad-1
+   \ (us-iad-1.linodeobjects.com)
+endpoint> 3
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+[snip]
+acl> 
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Linode
+- access_key_id: ACCESS_KEY
+- secret_access_key: SECRET_ACCESS_KEY
+- endpoint: eu-central-1.linodeobjects.com
+Keep this "linode" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave the config file looking like this.
+
+```
+[linode]
+type = s3
+provider = Linode
+access_key_id = ACCESS_KEY
+secret_access_key = SECRET_ACCESS_KEY
+endpoint = eu-central-1.linodeobjects.com
+```
+
+### ArvanCloud {#arvan-cloud}
+
+[ArvanCloud](https://www.arvancloud.com/en/products/cloud-storage) ArvanCloud Object Storage goes beyond the limited traditional file storage. 
+It gives you access to backup and archived files and allows sharing. 
+Files like profile image in the app, images sent by users or scanned documents can be stored securely and easily in our Object Storage service.
+
+ArvanCloud provides an S3 interface which can be configured for use with
+rclone like this.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s> n
+name> ArvanCloud
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
+   \ "s3"
+[snip]
+Storage> s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id> YOURACCESSKEY
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key> YOURSECRETACCESSKEY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint - a good choice if you are unsure.
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \ "us-east-1"
+[snip]
+region> 
+Endpoint for S3 API.
+Leave blank if using ArvanCloud to use the default endpoint for the region.
+Specify if using an S3 clone such as Ceph.
+endpoint> s3.arvanstorage.com
+Location constraint - must be set to match the Region. Used when creating buckets only.
+Choose a number from below, or type in your own value
+ 1 / Empty for Iran-Tehran Region.
+   \ ""
+[snip]
+location_constraint>
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \ "private"
+[snip]
+acl>
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \ ""
+ 2 / AES256
+   \ "AES256"
+server_side_encryption>
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ ""
+ 2 / Standard storage class
+   \ "STANDARD"
+storage_class>
+Remote config
+--------------------
+[ArvanCloud]
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region = ir-thr-at1
+endpoint = s3.arvanstorage.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave the config file looking like this.
+
+```
+[ArvanCloud]
+type = s3
+provider = ArvanCloud
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region =
+endpoint = s3.arvanstorage.com
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+```
+
+### Tencent COS {#tencent-cos}
+
+[Tencent Cloud Object Storage (COS)](https://intl.cloud.tencent.com/product/cos) is a distributed storage service offered by Tencent Cloud for unstructured data. It is secure, stable, massive, convenient, low-delay and low-cost.
+
+To configure access to Tencent COS, follow the steps below:
+
+1. Run `rclone config` and select `n` for a new remote.
+
+```
+rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+```
+
+2. Give the name of the configuration. For example, name it 'cos'.
+
+```
+name> cos
+```
+
+3. Select `s3` storage.
+
+```
+Choose a number from below, or type in your own value
+1 / 1Fichier
+   \ "fichier"
+ 2 / Alias for an existing remote
+   \ "alias"
+ 3 / Amazon Drive
+   \ "amazon cloud drive"
+ 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
+   \ "s3"
+[snip]
+Storage> s3
+```
+
+4. Select `TencentCOS` provider.
+```
+Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \ "AWS"
+[snip]
+11 / Tencent Cloud Object Storage (COS)
+   \ "TencentCOS"
+[snip]
+provider> TencentCOS
+```
+
+5. Enter your SecretId and SecretKey of Tencent Cloud.
+
+```
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+access_key_id> AKIDxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+secret_access_key> xxxxxxxxxxx
+```
+
+6. Select endpoint for Tencent COS. This is the standard endpoint for different region.
+
+```
+ 1 / Beijing Region.
+   \ "cos.ap-beijing.myqcloud.com"
+ 2 / Nanjing Region.
+   \ "cos.ap-nanjing.myqcloud.com"
+ 3 / Shanghai Region.
+   \ "cos.ap-shanghai.myqcloud.com"
+ 4 / Guangzhou Region.
+   \ "cos.ap-guangzhou.myqcloud.com"
+[snip]
+endpoint> 4
+```
+
+7. Choose acl and storage class.
+
+```
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Owner gets Full_CONTROL. No one else has access rights (default).
+   \ "default"
+[snip]
+acl> 1
+The storage class to use when storing new objects in Tencent COS.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ ""
+[snip]
+storage_class> 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[cos]
+type = s3
+provider = TencentCOS
+env_auth = false
+access_key_id = xxx
+secret_access_key = xxx
+endpoint = cos.ap-guangzhou.myqcloud.com
+acl = default
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
+
+Name                 Type
+====                 ====
+cos                  s3
+```
+
+### Netease NOS
+
+For Netease NOS configure as per the configurator `rclone config`
+setting the provider `Netease`.  This will automatically set
+`force_path_style = false` which is necessary for it to run properly.
+
+### Petabox
+
+Here is an example of making a [Petabox](https://petabox.io/)
+configuration. First run:
+
+```bash
+rclone config
+```
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s> n
+
+Enter name for new remote.
+name> My Petabox Storage
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, ...
+   \ "s3"
+[snip]
+Storage> s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Petabox Object Storage
+   \ (Petabox)
+[snip]
+provider> Petabox
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 1
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> YOUR_ACCESS_KEY_ID
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> YOUR_SECRET_ACCESS_KEY
+
+Option region.
+Region where your bucket will be created and your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / US East (N. Virginia)
+   \ (us-east-1)
+ 2 / Europe (Frankfurt)
+   \ (eu-central-1)
+ 3 / Asia Pacific (Singapore)
+   \ (ap-southeast-1)
+ 4 / Middle East (Bahrain)
+   \ (me-south-1)
+ 5 / South America (São Paulo)
+   \ (sa-east-1)
+region> 1
+
+Option endpoint.
+Endpoint for Petabox S3 Object Storage.
+Specify the endpoint from the same region.
+Choose a number from below, or type in your own value.
+ 1 / US East (N. Virginia)
+   \ (s3.petabox.io)
+ 2 / US East (N. Virginia)
+   \ (s3.us-east-1.petabox.io)
+ 3 / Europe (Frankfurt)
+   \ (s3.eu-central-1.petabox.io)
+ 4 / Asia Pacific (Singapore)
+   \ (s3.ap-southeast-1.petabox.io)
+ 5 / Middle East (Bahrain)
+   \ (s3.me-south-1.petabox.io)
+ 6 / South America (São Paulo)
+   \ (s3.sa-east-1.petabox.io)
+endpoint> 1
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+   / Owner gets FULL_CONTROL.
+ 3 | The AllUsers group gets READ and WRITE access.
+   | Granting this on a bucket is generally not recommended.
+   \ (public-read-write)
+   / Owner gets FULL_CONTROL.
+ 4 | The AuthenticatedUsers group gets READ access.
+   \ (authenticated-read)
+   / Object owner gets FULL_CONTROL.
+ 5 | Bucket owner gets READ access.
+   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-read)
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-full-control)
+acl> 1
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> No
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Petabox
+- access_key_id: YOUR_ACCESS_KEY_ID
+- secret_access_key: YOUR_SECRET_ACCESS_KEY
+- region: us-east-1
+- endpoint: s3.petabox.io
+Keep this "My Petabox Storage" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave the config file looking like this.
+
+```
+[My Petabox Storage]
+type = s3
+provider = Petabox
+access_key_id = YOUR_ACCESS_KEY_ID
+secret_access_key = YOUR_SECRET_ACCESS_KEY
+region = us-east-1
+endpoint = s3.petabox.io
+```
+
+### Storj
+
+Storj is a decentralized cloud storage which can be used through its
+native protocol or an S3 compatible gateway.
+
+The S3 compatible gateway is configured using `rclone config` with a
+type of `s3` and with a provider name of `Storj`. Here is an example
+run of the configurator.
+
+```
+Type of storage to configure.
+Storage> s3
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 1
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> XXXX (as shown when creating the access grant)
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> XXXX (as shown when creating the access grant)
+Option endpoint.
+Endpoint of the Shared Gateway.
 Choose a number from below, or type in your own value.
 Press Enter to leave empty.
- 1 / None
-   \ ()
- 2 / AES256
-   \ (AES256)
-server_side_encryption>
-Option storage_class.
-The storage class to use when storing new objects in ChinaMobile.
+ 1 / EU1 Shared Gateway
+   \ (gateway.eu1.storjshare.io)
+ 2 / US1 Shared Gateway
+   \ (gateway.us1.storjshare.io)
+ 3 / Asia-Pacific Shared Gateway
+   \ (gateway.ap1.storjshare.io)
+endpoint> 1 (as shown when creating the access grant)
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+```
+
+Note that s3 credentials are generated when you [create an access
+grant](https://docs.storj.io/dcs/api-reference/s3-compatible-gateway#usage).
+
+#### Backend quirks
+
+- `--chunk-size` is forced to be 64 MiB or greater. This will use more
+  memory than the default of 5 MiB.
+- Server side copy is disabled as it isn't currently supported in the
+  gateway.
+- GetTier and SetTier are not supported.
+
+#### Backend bugs
+
+Due to [issue #39](https://github.com/storj/gateway-mt/issues/39)
+uploading multipart files via the S3 gateway causes them to lose their
+metadata. For rclone's purpose this means that the modification time
+is not stored, nor is any MD5SUM (if one is available from the
+source).
+
+This has the following consequences:
+
+- Using `rclone rcat` will fail as the medatada doesn't match after upload
+- Uploading files with `rclone mount` will fail for the same reason
+    - This can worked around by using `--vfs-cache-mode writes` or `--vfs-cache-mode full` or setting `--s3-upload-cutoff` large
+- Files uploaded via a multipart upload won't have their modtimes
+    - This will mean that `rclone sync` will likely keep trying to upload files bigger than `--s3-upload-cutoff`
+    - This can be worked around with `--checksum` or `--size-only` or setting `--s3-upload-cutoff` large
+    - The maximum value for `--s3-upload-cutoff` is 5GiB though
+
+One general purpose workaround is to set `--s3-upload-cutoff 5G`. This
+means that rclone will upload files smaller than 5GiB as single parts.
+Note that this can be set in the config file with `upload_cutoff = 5G`
+or configured in the advanced settings. If you regularly transfer
+files larger than 5G then using `--checksum` or `--size-only` in
+`rclone sync` is the recommended workaround.
+
+#### Comparison with the native protocol
+
+Use the [the native protocol](/storj) to take advantage of
+client-side encryption as well as to achieve the best possible
+download performance. Uploads will be erasure-coded locally, thus a
+1gb upload will result in 2.68gb of data being uploaded to storage
+nodes across the network.
+
+Use this backend and the S3 compatible Hosted Gateway to increase
+upload performance and reduce the load on your systems and network.
+Uploads will be encrypted and erasure-coded server-side, thus a 1GB
+upload will result in only in 1GB of data being uploaded to storage
+nodes across the network.
+
+For more detailed comparison please check the documentation of the
+[storj](/storj) backend.
+
+## Limitations
+
+`rclone about` is not supported by the S3 backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+
+
+### Synology C2 Object Storage {#synology-c2}
+
+[Synology C2 Object Storage](https://c2.synology.com/en-global/object-storage/overview) provides a secure, S3-compatible, and cost-effective cloud storage solution without API request, download fees, and deletion penalty.
+
+The S3 compatible gateway is configured using `rclone config` with a
+type of `s3` and with a provider name of `Synology`. Here is an example
+run of the configurator.
+
+First run:
+
+```
+rclone config
+```
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+
+n/s/q> n
+
+Enter name for new remote.1
+name> syno
+
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, GCS, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, Petabox, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ "s3"
+
+Storage> s3
+
+Choose your S3 provider.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 24 / Synology C2 Object Storage
+   \ (Synology)
+
+provider> Synology
+
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+
+env_auth> 1
+
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+
+access_key_id> accesskeyid
+
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+
+secret_access_key> secretaccesskey
+
+Region where your data stored.
 Choose a number from below, or type in your own value.
 Press Enter to leave empty.
- 1 / Default
-   \ ()
- 2 / Standard storage class
-   \ (STANDARD)
- 3 / Archive storage mode
-   \ (GLACIER)
- 4 / Infrequent access storage mode
-   \ (STANDARD_IA)
-storage_class>
-Edit advanced config?
+ 1 / Europe Region 1
+   \ (eu-001)
+ 2 / Europe Region 2
+   \ (eu-002)
+ 3 / US Region 1
+   \ (us-001)
+ 4 / US Region 2
+   \ (us-002)
+ 5 / Asia (Taiwan)
+   \ (tw-001)
+
+region > 1
+
+Option endpoint.
+Endpoint for Synology C2 Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / EU Endpoint 1
+   \ (eu-001.s3.synologyc2.net)
+ 2 / US Endpoint 1
+   \ (us-001.s3.synologyc2.net)
+ 3 / TW Endpoint 1
+   \ (tw-001.s3.synologyc2.net)
+
+endpoint> 1
+
+Option location_constraint.
+Location constraint - must be set to match the Region.
+Leave blank if not sure. Used when creating buckets only.
+Enter a value. Press Enter to leave empty.
+location_constraint>
+
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> y
+
+Option no_check_bucket.
+If set, don't attempt to check the bucket exists or create it.
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
+It can also be needed if the user you are using does not have bucket
+creation permissions. Before v1.52.0 this would have passed silently
+due to a bug.
+Enter a boolean value (true or false). Press Enter for the default (true).
+
+no_check_bucket> true
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Synology
+- region: eu-001
+- endpoint: eu-001.s3.synologyc2.net
+- no_check_bucket: true
+Keep this "syno" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+
+y/e/d> y
+
+#  Backblaze B2
+
+B2 is [Backblaze's cloud storage system](https://www.backblaze.com/b2/).
+
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+
+## Configuration
+
+Here is an example of making a b2 configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.  To authenticate
+you will either need your Account ID (a short hex number) and Master
+Application Key (a long hex number) OR an Application Key, which is the
+recommended method. See below for further details on generating and using
+an Application Key.
+
+```
+No remotes found, make a new one?
+n) New remote
+q) Quit config
+n/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Backblaze B2
+   \ "b2"
+[snip]
+Storage> b2
+Account ID or Application Key ID
+account> 123456789abc
+Application Key
+key> 0123456789abcdef0123456789abcdef0123456789
+Endpoint for the service - leave blank normally.
+endpoint>
+Remote config
+--------------------
+[remote]
+account = 123456789abc
+key = 0123456789abcdef0123456789abcdef0123456789
+endpoint =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This remote is called `remote` and can now be used like this
+
+See all buckets
+
+    rclone lsd remote:
+
+Create a new bucket
+
+    rclone mkdir remote:bucket
+
+List the contents of a bucket
+
+    rclone ls remote:bucket
+
+Sync `/home/local/directory` to the remote bucket, deleting any
+excess files in the bucket.
+
+    rclone sync --interactive /home/local/directory remote:bucket
+
+### Application Keys
+
+B2 supports multiple [Application Keys for different access permission
+to B2 Buckets](https://www.backblaze.com/b2/docs/application_keys.html).
+
+You can use these with rclone too; you will need to use rclone version 1.43
+or later.
+
+Follow Backblaze's docs to create an Application Key with the required
+permission and add the `applicationKeyId` as the `account` and the
+`Application Key` itself as the `key`.
+
+Note that you must put the _applicationKeyId_ as the `account` – you
+can't use the master Account ID.  If you try then B2 will return 401
+errors.
+
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Modification times
+
+The modification time is stored as metadata on the object as
+`X-Bz-Info-src_last_modified_millis` as milliseconds since 1970-01-01
+in the Backblaze standard.  Other tools should be able to use this as
+a modified time.
+
+Modified times are used in syncing and are fully supported. Note that
+if a modification time needs to be updated on an object then it will
+create a new version of the object.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
+
+Note that in 2020-05 Backblaze started allowing \ characters in file
+names. Rclone hasn't changed its encoding as this could cause syncs to
+re-transfer files. If you want rclone not to replace \ then see the
+`--b2-encoding` flag below and remove the `BackSlash` from the
+string. This can be set in the config.
+
+### SHA1 checksums
+
+The SHA1 checksums of the files are checked on upload and download and
+will be used in the syncing process.
+
+Large files (bigger than the limit in `--b2-upload-cutoff`) which are
+uploaded in chunks will store their SHA1 on the object as
+`X-Bz-Info-large_file_sha1` as recommended by Backblaze.
+
+For a large file to be uploaded with an SHA1 checksum, the source
+needs to support SHA1 checksums. The local disk supports SHA1
+checksums so large file transfers from local disk will have an SHA1.
+See [the overview](https://rclone.org/overview/#features) for exactly which remotes
+support SHA1.
+
+Sources which don't support SHA1, in particular `crypt` will upload
+large files without SHA1 checksums.  This may be fixed in the future
+(see [#1767](https://github.com/rclone/rclone/issues/1767)).
+
+Files sizes below `--b2-upload-cutoff` will always have an SHA1
+regardless of the source.
+
+### Transfers
+
+Backblaze recommends that you do lots of transfers simultaneously for
+maximum speed.  In tests from my SSD equipped laptop the optimum
+setting is about `--transfers 32` though higher numbers may be used
+for a slight speed improvement. The optimum number for you may vary
+depending on your hardware, how big the files are, how much you want
+to load your computer, etc.  The default of `--transfers 4` is
+definitely too low for Backblaze B2 though.
+
+Note that uploading big files (bigger than 200 MiB by default) will use
+a 96 MiB RAM buffer by default.  There can be at most `--transfers` of
+these in use at any moment, so this sets the upper limit on the memory
+used.
+
+### Versions
+
+When rclone uploads a new version of a file it creates a [new version
+of it](https://www.backblaze.com/b2/docs/file_versions.html).
+Likewise when you delete a file, the old version will be marked hidden
+and still be available.  Conversely, you may opt in to a "hard delete"
+of files with the `--b2-hard-delete` flag which would permanently remove
+the file instead of hiding it.
+
+Old versions of files, where available, are visible using the 
+`--b2-versions` flag.
+
+It is also possible to view a bucket as it was at a certain point in time,
+using the `--b2-version-at` flag. This will show the file versions as they
+were at that time, showing files that have been deleted afterwards, and
+hiding files that were created since.
+
+If you wish to remove all the old versions then you can use the
+`rclone cleanup remote:bucket` command which will delete all the old
+versions of files, leaving the current ones intact.  You can also
+supply a path and only old versions under that path will be deleted,
+e.g. `rclone cleanup remote:bucket/path/to/stuff`.
+
+Note that `cleanup` will remove partially uploaded files from the bucket
+if they are more than a day old.
+
+When you `purge` a bucket, the current and the old versions will be
+deleted then the bucket will be deleted.
+
+However `delete` will cause the current versions of the files to
+become hidden old versions.
+
+Here is a session showing the listing and retrieval of an old
+version followed by a `cleanup` of the old versions.
+
+Show current version and all the versions with `--b2-versions` flag.
+
+```
+$ rclone -q ls b2:cleanup-test
+        9 one.txt
+
+$ rclone -q --b2-versions ls b2:cleanup-test
+        9 one.txt
+        8 one-v2016-07-04-141032-000.txt
+       16 one-v2016-07-04-141003-000.txt
+       15 one-v2016-07-02-155621-000.txt
+```
+
+Retrieve an old version
+
+```
+$ rclone -q --b2-versions copy b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
+
+$ ls -l /tmp/one-v2016-07-04-141003-000.txt
+-rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
+```
+
+Clean up all the old versions and show that they've gone.
+
+```
+$ rclone -q cleanup b2:cleanup-test
+
+$ rclone -q ls b2:cleanup-test
+        9 one.txt
+
+$ rclone -q --b2-versions ls b2:cleanup-test
+        9 one.txt
+```
+
+#### Versions naming caveat
+
+When using `--b2-versions` flag rclone is relying on the file name
+to work out whether the objects are versions or not. Versions' names
+are created by inserting timestamp between file name and its extension.
+```
+        9 file.txt
+        8 file-v2023-07-17-161032-000.txt
+       16 file-v2023-06-15-141003-000.txt
+```
+If there are real files present with the same names as versions, then
+behaviour of `--b2-versions` can be unpredictable.
+
+### Data usage
+
+It is useful to know how many requests are sent to the server in different scenarios.
+
+All copy commands send the following 4 requests:
+
+```
+/b2api/v1/b2_authorize_account
+/b2api/v1/b2_create_bucket
+/b2api/v1/b2_list_buckets
+/b2api/v1/b2_list_file_names
+```
+
+The `b2_list_file_names` request will be sent once for every 1k files
+in the remote path, providing the checksum and modification time of
+the listed files. As of version 1.33 issue
+[#818](https://github.com/rclone/rclone/issues/818) causes extra requests
+to be sent when using B2 with Crypt. When a copy operation does not
+require any files to be uploaded, no more requests will be sent.
+
+Uploading files that do not require chunking, will send 2 requests per
+file upload:
+
+```
+/b2api/v1/b2_get_upload_url
+/b2api/v1/b2_upload_file/
+```
+
+Uploading files requiring chunking, will send 2 requests (one each to
+start and finish the upload) and another 2 requests for each chunk:
+
+```
+/b2api/v1/b2_start_large_file
+/b2api/v1/b2_get_upload_part_url
+/b2api/v1/b2_upload_part/
+/b2api/v1/b2_finish_large_file
+```
+
+#### Versions
+
+Versions can be viewed with the `--b2-versions` flag. When it is set
+rclone will show and act on older versions of files.  For example
+
+Listing without `--b2-versions`
+
+```
+$ rclone -q ls b2:cleanup-test
+        9 one.txt
+```
+
+And with
+
+```
+$ rclone -q --b2-versions ls b2:cleanup-test
+        9 one.txt
+        8 one-v2016-07-04-141032-000.txt
+       16 one-v2016-07-04-141003-000.txt
+       15 one-v2016-07-02-155621-000.txt
+```
+
+Showing that the current version is unchanged but older versions can
+be seen.  These have the UTC date that they were uploaded to the
+server to the nearest millisecond appended to them.
+
+Note that when using `--b2-versions` no file write operations are
+permitted, so you can't upload files or delete them.
+
+### B2 and rclone link
+
+Rclone supports generating file share links for private B2 buckets.
+They can either be for a file for example:
+
+```
+./rclone link B2:bucket/path/to/file.txt
+https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
+
+```
+
+or if run on a directory you will get:
+
+```
+./rclone link B2:bucket/path
+https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx
+```
+
+you can then use the authorization token (the part of the url from the
+ `?Authorization=` on) on any file path under that directory. For example:
+
+```
+https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx
+https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx
+https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx
+
+```
+
+
+### Standard options
+
+Here are the Standard options specific to b2 (Backblaze B2).
+
+#### --b2-account
+
+Account ID or Application Key ID.
+
+Properties:
+
+- Config:      account
+- Env Var:     RCLONE_B2_ACCOUNT
+- Type:        string
+- Required:    true
+
+#### --b2-key
+
+Application Key.
+
+Properties:
+
+- Config:      key
+- Env Var:     RCLONE_B2_KEY
+- Type:        string
+- Required:    true
+
+#### --b2-hard-delete
+
+Permanently delete files on remote removal, otherwise hide files.
+
+Properties:
+
+- Config:      hard_delete
+- Env Var:     RCLONE_B2_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+### Advanced options
+
+Here are the Advanced options specific to b2 (Backblaze B2).
+
+#### --b2-endpoint
+
+Endpoint for the service.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_B2_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --b2-test-mode
+
+A flag string for X-Bz-Test-Mode header for debugging.
+
+This is for debugging purposes only. Setting it to one of the strings
+below will cause b2 to return specific errors:
+
+  * "fail_some_uploads"
+  * "expire_some_account_authorization_tokens"
+  * "force_cap_exceeded"
+
+These will be set in the "X-Bz-Test-Mode" header which is documented
+in the [b2 integrations checklist](https://www.backblaze.com/b2/docs/integration_checklist.html).
+
+Properties:
+
+- Config:      test_mode
+- Env Var:     RCLONE_B2_TEST_MODE
+- Type:        string
+- Required:    false
+
+#### --b2-versions
+
+Include old versions in directory listings.
+
+Note that when using this no file write operations are permitted,
+so you can't upload files or delete them.
+
+Properties:
+
+- Config:      versions
+- Env Var:     RCLONE_B2_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --b2-version-at
+
+Show file versions as they were at the specified time.
+
+Note that when using this no file write operations are permitted,
+so you can't upload files or delete them.
+
+Properties:
+
+- Config:      version_at
+- Env Var:     RCLONE_B2_VERSION_AT
+- Type:        Time
+- Default:     off
+
+#### --b2-upload-cutoff
+
+Cutoff for switching to chunked upload.
+
+Files above this size will be uploaded in chunks of "--b2-chunk-size".
+
+This value should be set no larger than 4.657 GiB (== 5 GB).
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_B2_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
+
+#### --b2-copy-cutoff
+
+Cutoff for switching to multipart copy.
+
+Any files larger than this that need to be server-side copied will be
+copied in chunks of this size.
+
+The minimum is 0 and the maximum is 4.6 GiB.
+
+Properties:
+
+- Config:      copy_cutoff
+- Env Var:     RCLONE_B2_COPY_CUTOFF
+- Type:        SizeSuffix
+- Default:     4Gi
+
+#### --b2-chunk-size
+
+Upload chunk size.
+
+When uploading large files, chunk the file into this size.
+
+Must fit in memory. These chunks are buffered in memory and there
+might a maximum of "--transfers" chunks in progress at once.
+
+5,000,000 Bytes is the minimum size.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_B2_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     96Mi
+
+#### --b2-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+Note that chunks are stored in memory and there may be up to
+"--transfers" * "--b2-upload-concurrency" chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_B2_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
+
+#### --b2-disable-checksum
+
+Disable checksums for large (> upload cutoff) files.
+
+Normally rclone will calculate the SHA1 checksum of the input before
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
+
+Properties:
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_B2_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
+
+#### --b2-download-url
+
+Custom endpoint for downloads.
+
+This is usually set to a Cloudflare CDN URL as Backblaze offers
+free egress for data downloaded through the Cloudflare network.
+Rclone works with private buckets by sending an "Authorization" header.
+If the custom endpoint rewrites the requests for authentication,
+e.g., in Cloudflare Workers, this header needs to be handled properly.
+Leave blank if you want to use the endpoint provided by Backblaze.
+
+The URL provided here SHOULD have the protocol and SHOULD NOT have
+a trailing slash or specify the /file/bucket subpath as rclone will
+request files with "{download_url}/file/{bucket_name}/{path}".
+
+Example:
+> https://mysubdomain.mydomain.tld
+(No trailing "/", "file" or "bucket")
+
+Properties:
+
+- Config:      download_url
+- Env Var:     RCLONE_B2_DOWNLOAD_URL
+- Type:        string
+- Required:    false
+
+#### --b2-download-auth-duration
+
+Time before the authorization token will expire in s or suffix ms|s|m|h|d.
+
+The duration before the download authorization token will expire.
+The minimum value is 1 second. The maximum value is one week.
+
+Properties:
+
+- Config:      download_auth_duration
+- Env Var:     RCLONE_B2_DOWNLOAD_AUTH_DURATION
+- Type:        Duration
+- Default:     1w
+
+#### --b2-memory-pool-flush-time
+
+How often internal memory buffer pools will be flushed. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_flush_time
+- Env Var:     RCLONE_B2_MEMORY_POOL_FLUSH_TIME
+- Type:        Duration
+- Default:     1m0s
+
+#### --b2-memory-pool-use-mmap
+
+Whether to use mmap buffers in internal memory pool. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_use_mmap
+- Env Var:     RCLONE_B2_MEMORY_POOL_USE_MMAP
+- Type:        bool
+- Default:     false
+
+#### --b2-lifecycle
+
+Set the number of days deleted files should be kept when creating a bucket.
+
+On bucket creation, this parameter is used to create a lifecycle rule
+for the entire bucket.
+
+If lifecycle is 0 (the default) it does not create a lifecycle rule so
+the default B2 behaviour applies. This is to create versions of files
+on delete and overwrite and to keep them indefinitely.
+
+If lifecycle is >0 then it creates a single rule setting the number of
+days before a file that is deleted or overwritten is deleted
+permanently. This is known as daysFromHidingToDeleting in the b2 docs.
+
+The minimum value for this parameter is 1 day.
+
+You can also enable hard_delete in the config also which will mean
+deletions won't cause versions but overwrites will still cause
+versions to be made.
+
+See: [rclone backend lifecycle](#lifecycle) for setting lifecycles after bucket creation.
+
+
+Properties:
+
+- Config:      lifecycle
+- Env Var:     RCLONE_B2_LIFECYCLE
+- Type:        int
+- Default:     0
+
+#### --b2-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_B2_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+## Backend commands
+
+Here are the commands specific to the b2 backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### lifecycle
+
+Read or set the lifecycle for a bucket
+
+    rclone backend lifecycle remote: [options] [<arguments>+]
+
+This command can be used to read or set the lifecycle for a bucket.
+
+Usage Examples:
+
+To show the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket
+
+This will dump something like this showing the lifecycle rules.
+
+    [
+        {
+            "daysFromHidingToDeleting": 1,
+            "daysFromUploadingToHiding": null,
+            "fileNamePrefix": ""
+        }
+    ]
+
+If there are no lifecycle rules (the default) then it will just return [].
+
+To reset the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=30
+    rclone backend lifecycle b2:bucket -o daysFromUploadingToHiding=5 -o daysFromHidingToDeleting=1
+
+This will run and then print the new lifecycle rules as above.
+
+Rclone only lets you set lifecycles for the whole bucket with the
+fileNamePrefix = "".
+
+You can't disable versioning with B2. The best you can do is to set
+the daysFromHidingToDeleting to 1 day. You can enable hard_delete in
+the config also which will mean deletions won't cause versions but
+overwrites will still cause versions to be made.
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=1
+
+See: https://www.backblaze.com/docs/cloud-storage-lifecycle-rules
+
+
+Options:
+
+- "daysFromHidingToDeleting": After a file has been hidden for this many days it is deleted. 0 is off.
+- "daysFromUploadingToHiding": This many days after uploading a file is hidden
+
+
+
+## Limitations
+
+`rclone about` is not supported by the B2 backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Box
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+The initial setup for Box involves getting a token from Box which you
+can do either in your browser, or with a config.json downloaded from Box
+to use JWT authentication.  `rclone config` walks you through it.
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Box
+   \ "box"
+[snip]
+Storage> box
+Box App Client Id - leave blank normally.
+client_id> 
+Box App Client Secret - leave blank normally.
+client_secret>
+Box App config.json location
+Leave blank normally.
+Enter a string value. Press Enter for the default ("").
+box_config_file>
+Box App Primary Access Token
+Leave blank normally.
+Enter a string value. Press Enter for the default ("").
+access_token>
+
+Enter a string value. Press Enter for the default ("user").
+Choose a number from below, or type in your own value
+ 1 / Rclone should act on behalf of a user
+   \ "user"
+ 2 / Rclone should act on behalf of a service account
+   \ "enterprise"
+box_sub_type>
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
 y) Yes
-n) No (default)
+n) No
+y/n> y
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+--------------------
+[remote]
+client_id = 
+client_secret = 
+token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"XXX"}
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Box. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on `http://127.0.0.1:53682/` and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Box
+
+    rclone lsd remote:
+
+List all the files in your Box
+
+    rclone ls remote:
+
+To copy a local directory to an Box directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Using rclone with an Enterprise account with SSO
+
+If you have an "Enterprise" account type with Box with single sign on
+(SSO), you need to create a password to use Box with rclone. This can
+be done at your Enterprise Box account by going to Settings, "Account"
+Tab, and then set the password in the "Authentication" field.
+
+Once you have done this, you can setup your Enterprise Box account
+using the same procedure detailed above in the, using the password you
+have just set.
+
+### Invalid refresh token
+
+According to the [box docs](https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens):
+
+> Each refresh_token is valid for one use in 60 days.
+
+This means that if you
+
+  * Don't use the box remote for 60 days
+  * Copy the config file with a box refresh token in and use it in two places
+  * Get an error on a token refresh
+
+then rclone will return an error which includes the text `Invalid
+refresh token`.
+
+To fix this you will need to use oauth2 again to update the refresh
+token.  You can use the methods in [the remote setup
+docs](https://rclone.org/remote_setup/), bearing in mind that if you use the copy the
+config file method, you should not use that remote on the computer you
+did the authentication on.
+
+Here is how to do it.
+
+```
+$ rclone config
+Current remotes:
+
+Name                 Type
+====                 ====
+remote               box
+
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> e
+Choose a number from below, or type in an existing value
+ 1 > remote
+remote> remote
+--------------------
+[remote]
+type = box
+token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2017-07-08T23:40:08.059167677+01:00"}
+--------------------
+Edit remote
+Value "client_id" = ""
+Edit? (y/n)>
+y) Yes
+n) No
+y/n> n
+Value "client_secret" = ""
+Edit? (y/n)>
+y) Yes
+n) No
 y/n> n
+Remote config
+Already have a token - refresh?
+y) Yes
+n) No
+y/n> y
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes
+n) No
+y/n> y
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
 --------------------
-[ChinaMobile]
-type = s3
-provider = ChinaMobile
-access_key_id = accesskeyid
-secret_access_key = secretaccesskey
-endpoint = eos-wuxi-1.cmecloud.cn
-location_constraint = wuxi1
-acl = private
+[remote]
+type = box
+token = {"access_token":"YYY","token_type":"bearer","refresh_token":"YYY","expiry":"2017-07-23T12:22:29.259137901+01:00"}
 --------------------
-y) Yes this is OK (default)
+y) Yes this is OK
 e) Edit this remote
 d) Delete this remote
 y/e/d> y
 ```
 
-### Liara {#liara-cloud}
+### Modification times and hashes
+
+Box allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
+
+Box supports SHA1 type hashes, so you can use the `--checksum`
+flag.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
+
+### Transfers
+
+For files above 50 MiB rclone will use a chunked transfer.  Rclone will
+upload up to `--transfers` chunks at the same time (shared among all
+the multipart uploads).  Chunks are buffered in memory and are
+normally 8 MiB so increasing `--transfers` will increase memory use.
+
+### Deleting files
+
+Depending on the enterprise settings for your user, the item will
+either be actually deleted from Box or moved to the trash.
+
+Emptying the trash is supported via the rclone however cleanup command
+however this deletes every trashed file and folder individually so it
+may take a very long time. 
+Emptying the trash via the  WebUI does not have this limitation 
+so it is advised to empty the trash via the WebUI.
+
+### Root folder ID
+
+You can set the `root_folder_id` for rclone.  This is the directory
+(identified by its `Folder ID`) that rclone considers to be the root
+of your Box drive.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
+However you can set this to restrict rclone to a specific folder
+hierarchy.
+
+In order to do this you will have to find the `Folder ID` of the
+directory you wish rclone to display.  This will be the last segment
+of the URL when you open the relevant folder in the Box web
+interface.
+
+So if the folder you want rclone to use has a URL which looks like
+`https://app.box.com/folder/11xxxxxxxxx8`
+in the browser, then you use `11xxxxxxxxx8` as
+the `root_folder_id` in the config.
+
+
+### Standard options
+
+Here are the Standard options specific to box (Box).
+
+#### --box-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_BOX_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --box-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_BOX_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --box-box-config-file
+
+Box App config.json location
+
+Leave blank normally.
+
+Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
+
+Properties:
+
+- Config:      box_config_file
+- Env Var:     RCLONE_BOX_BOX_CONFIG_FILE
+- Type:        string
+- Required:    false
+
+#### --box-access-token
+
+Box App Primary Access Token
+
+Leave blank normally.
+
+Properties:
+
+- Config:      access_token
+- Env Var:     RCLONE_BOX_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --box-box-sub-type
+
+
+
+Properties:
+
+- Config:      box_sub_type
+- Env Var:     RCLONE_BOX_BOX_SUB_TYPE
+- Type:        string
+- Default:     "user"
+- Examples:
+    - "user"
+        - Rclone should act on behalf of a user.
+    - "enterprise"
+        - Rclone should act on behalf of a service account.
+
+### Advanced options
+
+Here are the Advanced options specific to box (Box).
+
+#### --box-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_BOX_TOKEN
+- Type:        string
+- Required:    false
+
+#### --box-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_BOX_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --box-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_BOX_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --box-root-folder-id
+
+Fill in for rclone to use a non root folder as its starting point.
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_BOX_ROOT_FOLDER_ID
+- Type:        string
+- Default:     "0"
+
+#### --box-upload-cutoff
+
+Cutoff for switching to multipart upload (>= 50 MiB).
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_BOX_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     50Mi
+
+#### --box-commit-retries
+
+Max number of times to try committing a multipart file.
+
+Properties:
+
+- Config:      commit_retries
+- Env Var:     RCLONE_BOX_COMMIT_RETRIES
+- Type:        int
+- Default:     100
+
+#### --box-list-chunk
+
+Size of listing chunk 1-1000.
+
+Properties:
+
+- Config:      list_chunk
+- Env Var:     RCLONE_BOX_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --box-owned-by
+
+Only show items owned by the login (email address) passed in.
+
+Properties:
+
+- Config:      owned_by
+- Env Var:     RCLONE_BOX_OWNED_BY
+- Type:        string
+- Required:    false
+
+#### --box-impersonate
+
+Impersonate this user ID when using a service account.
+
+Setting this flag allows rclone, when using a JWT service account, to
+act on behalf of another user by setting the as-user header.
+
+The user ID is the Box identifier for a user. User IDs can found for
+any user via the GET /users endpoint, which is only available to
+admins, or by calling the GET /users/me endpoint with an authenticated
+user session.
+
+See: https://developer.box.com/guides/authentication/jwt/as-user/
+
+
+Properties:
+
+- Config:      impersonate
+- Env Var:     RCLONE_BOX_IMPERSONATE
+- Type:        string
+- Required:    false
+
+#### --box-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_BOX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+Note that Box is case insensitive so you can't have a file called
+"Hello.doc" and one called "hello.doc".
+
+Box file names can't have the `\` character in.  rclone maps this to
+and from an identical looking unicode equivalent `＼` (U+FF3C Fullwidth
+Reverse Solidus).
+
+Box only supports filenames up to 255 characters in length.
+
+Box has [API rate limits](https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/) that sometimes reduce the speed of rclone.
+
+`rclone about` is not supported by the Box backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-Here is an example of making a [Liara Object Storage](https://liara.ir/landing/object-storage)
-configuration.  First run:
+## Get your own Box App ID
 
-    rclone config
+Here is how to create your own Box App ID for rclone:
 
-This will guide you through an interactive setup process.
+1. Go to the [Box Developer Console](https://app.box.com/developers/console)
+and login, then click `My Apps` on the sidebar. Click `Create New App`
+and select `Custom App`.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-n/s> n
-name> Liara
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
-   \ "s3"
-[snip]
-Storage> s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ "false"
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ "true"
-env_auth> 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id> YOURACCESSKEY
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key> YOURSECRETACCESSKEY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \ "us-east-1"
-[snip]
-region>
-Endpoint for S3 API.
-Leave blank if using Liara to use the default endpoint for the region.
-Specify if using an S3 clone such as Ceph.
-endpoint> storage.iran.liara.space
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ "private"
-[snip]
-acl>
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value
- 1 / None
-   \ ""
- 2 / AES256
-   \ "AES256"
-server_side_encryption>
-The storage class to use when storing objects in S3.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ ""
- 2 / Standard storage class
-   \ "STANDARD"
-storage_class>
-Remote config
---------------------
-[Liara]
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-endpoint = storage.iran.liara.space
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+2. In the first screen on the box that pops up, you can pretty much enter
+whatever you want. The `App Name` can be whatever. For `Purpose` choose
+automation to avoid having to fill out anything else. Click `Next`.
 
-This will leave the config file looking like this.
+3. In the second screen of the creation screen, select
+`User Authentication (OAuth 2.0)`. Then click `Create App`.
 
-```
-[Liara]
-type = s3
-provider = Liara
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region =
-endpoint = storage.iran.liara.space
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
-```
+4. You should now be on the `Configuration` tab of your new app. If not,
+click on it at the top of the webpage. Copy down `Client ID`
+and `Client Secret`, you'll need those for rclone.
 
-### ArvanCloud {#arvan-cloud}
+5. Under "OAuth 2.0 Redirect URI", add `http://127.0.0.1:53682/`
 
-[ArvanCloud](https://www.arvancloud.com/en/products/cloud-storage) ArvanCloud Object Storage goes beyond the limited traditional file storage. 
-It gives you access to backup and archived files and allows sharing. 
-Files like profile image in the app, images sent by users or scanned documents can be stored securely and easily in our Object Storage service.
+6. For `Application Scopes`, select `Read all files and folders stored in Box`
+and `Write all files and folders stored in box` (assuming you want to do both).
+Leave others unchecked. Click `Save Changes` at the top right.
 
-ArvanCloud provides an S3 interface which can be configured for use with
-rclone like this.
+#  Cache
+
+The `cache` remote wraps another existing remote and stores file structure
+and its data for long running tasks like `rclone mount`.
+
+## Status
+
+The cache backend code is working but it currently doesn't
+have a maintainer so there are [outstanding bugs](https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug+label%3A%22Remote%3A+Cache%22) which aren't getting fixed.
+
+The cache backend is due to be phased out in favour of the VFS caching
+layer eventually which is more tightly integrated into rclone.
+
+Until this happens we recommend only using the cache backend if you
+find you can't work without it. There are many docs online describing
+the use of the cache backend to minimize API hits and by-and-large
+these are out of date and the cache backend isn't needed in those
+scenarios any more.
+
+## Configuration
+
+To get started you just need to have an existing remote which can be configured
+with `cache`.
+
+Here is an example of how to make a remote called `test-cache`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 
 ```
 No remotes found, make a new one?
 n) New remote
+r) Rename remote
+c) Copy remote
 s) Set configuration password
-n/s> n
-name> ArvanCloud
+q) Quit config
+n/r/c/s/q> n
+name> test-cache
 Type of storage to configure.
 Choose a number from below, or type in your own value
 [snip]
-XX / Amazon S3 (also Dreamhost, Ceph, ChinaMobile, ArvanCloud, Liara, Minio)
-   \ "s3"
-[snip]
-Storage> s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ "false"
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ "true"
-env_auth> 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id> YOURACCESSKEY
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key> YOURSECRETACCESSKEY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint - a good choice if you are unsure.
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \ "us-east-1"
-[snip]
-region> 
-Endpoint for S3 API.
-Leave blank if using ArvanCloud to use the default endpoint for the region.
-Specify if using an S3 clone such as Ceph.
-endpoint> s3.arvanstorage.com
-Location constraint - must be set to match the Region. Used when creating buckets only.
-Choose a number from below, or type in your own value
- 1 / Empty for Iran-Tehran Region.
-   \ ""
+XX / Cache a remote
+   \ "cache"
 [snip]
-location_constraint>
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Storage> cache
+Remote to cache.
+Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+"myremote:bucket" or maybe "myremote:" (not recommended).
+remote> local:/test
+Optional: The URL of the Plex server
+plex_url> http://127.0.0.1:32400
+Optional: The username of the Plex user
+plex_username> dummyusername
+Optional: The password of the Plex user
+y) Yes type in my own password
+g) Generate random password
+n) No leave this optional password blank
+y/g/n> y
+Enter the password:
+password:
+Confirm the password:
+password:
+The size of a chunk. Lower value good for slow connections but can affect seamless reading.
+Default: 5M
 Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \ "private"
-[snip]
-acl>
-The server-side encryption algorithm used when storing this object in S3.
+ 1 / 1 MiB
+   \ "1M"
+ 2 / 5 MiB
+   \ "5M"
+ 3 / 10 MiB
+   \ "10M"
+chunk_size> 2
+How much time should object info (file size, file hashes, etc.) be stored in cache. Use a very high value if you don't plan on changing the source FS from outside the cache.
+Accepted units are: "s", "m", "h".
+Default: 5m
 Choose a number from below, or type in your own value
- 1 / None
-   \ ""
- 2 / AES256
-   \ "AES256"
-server_side_encryption>
-The storage class to use when storing objects in S3.
+ 1 / 1 hour
+   \ "1h"
+ 2 / 24 hours
+   \ "24h"
+ 3 / 24 hours
+   \ "48h"
+info_age> 2
+The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted.
+Default: 10G
 Choose a number from below, or type in your own value
- 1 / Default
-   \ ""
- 2 / Standard storage class
-   \ "STANDARD"
-storage_class>
+ 1 / 500 MiB
+   \ "500M"
+ 2 / 1 GiB
+   \ "1G"
+ 3 / 10 GiB
+   \ "10G"
+chunk_total_size> 3
 Remote config
 --------------------
-[ArvanCloud]
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region = ir-thr-at1
-endpoint = s3.arvanstorage.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+[test-cache]
+remote = local:/test
+plex_url = http://127.0.0.1:32400
+plex_username = dummyusername
+plex_password = *** ENCRYPTED ***
+chunk_size = 5M
+info_age = 48h
+chunk_total_size = 10G
 ```
 
-This will leave the config file looking like this.
+You can then use it like this,
 
-```
-[ArvanCloud]
-type = s3
-provider = ArvanCloud
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region =
-endpoint = s3.arvanstorage.com
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
-```
+List directories in top level of your drive
 
-### Tencent COS {#tencent-cos}
+    rclone lsd test-cache:
 
-[Tencent Cloud Object Storage (COS)](https://intl.cloud.tencent.com/product/cos) is a distributed storage service offered by Tencent Cloud for unstructured data. It is secure, stable, massive, convenient, low-delay and low-cost.
+List all the files in your drive
 
-To configure access to Tencent COS, follow the steps below:
+    rclone ls test-cache:
 
-1. Run `rclone config` and select `n` for a new remote.
+To start a cached mount
 
-```
-rclone config
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-```
+    rclone mount --allow-other test-cache: /var/tmp/test-cache
+
+### Write Features ###
+
+### Offline uploading ###
+
+In an effort to make writing through cache more reliable, the backend 
+now supports this feature which can be activated by specifying a
+`cache-tmp-upload-path`.
+
+A files goes through these states when using this feature:
+
+1. An upload is started (usually by copying a file on the cache remote)
+2. When the copy to the temporary location is complete the file is part 
+of the cached remote and looks and behaves like any other file (reading included)
+3. After `cache-tmp-wait-time` passes and the file is next in line, `rclone move` 
+is used to move the file to the cloud provider
+4. Reading the file still works during the upload but most modifications on it will be prohibited
+5. Once the move is complete the file is unlocked for modifications as it
+becomes as any other regular file
+6. If the file is being read through `cache` when it's actually
+deleted from the temporary path then `cache` will simply swap the source
+to the cloud provider without interrupting the reading (small blip can happen though)
+
+Files are uploaded in sequence and only one file is uploaded at a time.
+Uploads will be stored in a queue and be processed based on the order they were added.
+The queue and the temporary storage is persistent across restarts but
+can be cleared on startup with the `--cache-db-purge` flag.
+
+### Write Support ###
+
+Writes are supported through `cache`.
+One caveat is that a mounted cache remote does not add any retry or fallback
+mechanism to the upload operation. This will depend on the implementation
+of the wrapped remote. Consider using `Offline uploading` for reliable writes.
+
+One special case is covered with `cache-writes` which will cache the file
+data at the same time as the upload when it is enabled making it available
+from the cache store immediately once the upload is finished.
+
+### Read Features ###
+
+#### Multiple connections ####
+
+To counter the high latency between a local PC where rclone is running
+and cloud providers, the cache remote can split multiple requests to the
+cloud provider for smaller file chunks and combines them together locally
+where they can be available almost immediately before the reader usually
+needs them.
+
+This is similar to buffering when media files are played online. Rclone
+will stay around the current marker but always try its best to stay ahead
+and prepare the data before.
+
+#### Plex Integration ####
+
+There is a direct integration with Plex which allows cache to detect during reading
+if the file is in playback or not. This helps cache to adapt how it queries
+the cloud provider depending on what is needed for.
+
+Scans will have a minimum amount of workers (1) while in a confirmed playback cache
+will deploy the configured number of workers.
+
+This integration opens the doorway to additional performance improvements
+which will be explored in the near future.
+
+**Note:** If Plex options are not configured, `cache` will function with its
+configured options without adapting any of its settings.
+
+How to enable? Run `rclone config` and add all the Plex options (endpoint, username
+and password) in your remote and it will be automatically enabled.
+
+Affected settings:
+- `cache-workers`: _Configured value_ during confirmed playback or _1_ all the other times
+
+##### Certificate Validation #####
+
+When the Plex server is configured to only accept secure connections, it is
+possible to use `.plex.direct` URLs to ensure certificate validation succeeds.
+These URLs are used by Plex internally to connect to the Plex server securely.
+
+The format for these URLs is the following:
+
+`https://ip-with-dots-replaced.server-hash.plex.direct:32400/`
+
+The `ip-with-dots-replaced` part can be any IPv4 address, where the dots
+have been replaced with dashes, e.g. `127.0.0.1` becomes `127-0-0-1`.
+
+To get the `server-hash` part, the easiest way is to visit
+
+https://plex.tv/api/resources?includeHttps=1&X-Plex-Token=your-plex-token
+
+This page will list all the available Plex servers for your account
+with at least one `.plex.direct` link for each. Copy one URL and replace
+the IP address with the desired address. This can be used as the
+`plex_url` value.
+
+### Known issues ###
+
+#### Mount and --dir-cache-time ####
+
+--dir-cache-time controls the first layer of directory caching which works at the mount layer.
+Being an independent caching mechanism from the `cache` backend, it will manage its own entries
+based on the configured time.
+
+To avoid getting in a scenario where dir cache has obsolete data and cache would have the correct
+one, try to set `--dir-cache-time` to a lower time than `--cache-info-age`. Default values are
+already configured in this way. 
+
+#### Windows support - Experimental ####
+
+There are a couple of issues with Windows `mount` functionality that still require some investigations.
+It should be considered as experimental thus far as fixes come in for this OS.
+
+Most of the issues seem to be related to the difference between filesystems
+on Linux flavors and Windows as cache is heavily dependent on them.
+
+Any reports or feedback on how cache behaves on this OS is greatly appreciated.
+ 
+- https://github.com/rclone/rclone/issues/1935
+- https://github.com/rclone/rclone/issues/1907
+- https://github.com/rclone/rclone/issues/1834 
+
+#### Risk of throttling ####
+
+Future iterations of the cache backend will make use of the pooling functionality
+of the cloud provider to synchronize and at the same time make writing through it
+more tolerant to failures. 
+
+There are a couple of enhancements in track to add these but in the meantime
+there is a valid concern that the expiring cache listings can lead to cloud provider
+throttles or bans due to repeated queries on it for very large mounts.
+
+Some recommendations:
+- don't use a very small interval for entry information (`--cache-info-age`)
+- while writes aren't yet optimised, you can still write through `cache` which gives you the advantage
+of adding the file in the cache at the same time if configured to do so.
+
+Future enhancements:
+
+- https://github.com/rclone/rclone/issues/1937
+- https://github.com/rclone/rclone/issues/1936 
+
+#### cache and crypt ####
+
+One common scenario is to keep your data encrypted in the cloud provider
+using the `crypt` remote. `crypt` uses a similar technique to wrap around
+an existing remote and handles this translation in a seamless way.
+
+There is an issue with wrapping the remotes in this order:
+**cloud remote** -> **crypt** -> **cache**
+
+During testing, I experienced a lot of bans with the remotes in this order.
+I suspect it might be related to how crypt opens files on the cloud provider
+which makes it think we're downloading the full file instead of small chunks.
+Organizing the remotes in this order yields better results:
+**cloud remote** -> **cache** -> **crypt**
+
+#### absolute remote paths ####
+
+`cache` can not differentiate between relative and absolute paths for the wrapped remote.
+Any path given in the `remote` config setting and on the command line will be passed to
+the wrapped remote as is, but for storing the chunks on disk the path will be made
+relative by removing any leading `/` character.
+
+This behavior is irrelevant for most backend types, but there are backends where a leading `/`
+changes the effective directory, e.g. in the `sftp` backend paths starting with a `/` are
+relative to the root of the SSH server and paths without are relative to the user home directory.
+As a result `sftp:bin` and `sftp:/bin` will share the same cache folder, even if they represent
+a different directory on the SSH server.
+
+### Cache and Remote Control (--rc) ###
+Cache supports the new `--rc` mode in rclone and can be remote controlled through the following end points:
+By default, the listener is disabled if you do not add the flag.
+
+### rc cache/expire
+Purge a remote from the cache backend. Supports either a directory or a file.
+It supports both encrypted and unencrypted file names if cache is wrapped by crypt.
+
+Params:
+  - **remote** = path to remote **(required)**
+  - **withData** = true/false to delete cached data (chunks) as well _(optional, false by default)_
+
+
+### Standard options
+
+Here are the Standard options specific to cache (Cache a remote).
+
+#### --cache-remote
+
+Remote to cache.
+
+Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+"myremote:bucket" or maybe "myremote:" (not recommended).
+
+Properties:
+
+- Config:      remote
+- Env Var:     RCLONE_CACHE_REMOTE
+- Type:        string
+- Required:    true
+
+#### --cache-plex-url
+
+The URL of the Plex server.
+
+Properties:
+
+- Config:      plex_url
+- Env Var:     RCLONE_CACHE_PLEX_URL
+- Type:        string
+- Required:    false
+
+#### --cache-plex-username
+
+The username of the Plex user.
+
+Properties:
+
+- Config:      plex_username
+- Env Var:     RCLONE_CACHE_PLEX_USERNAME
+- Type:        string
+- Required:    false
 
-2. Give the name of the configuration. For example, name it 'cos'.
+#### --cache-plex-password
 
-```
-name> cos
-```
+The password of the Plex user.
 
-3. Select `s3` storage.
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-```
-Choose a number from below, or type in your own value
-1 / 1Fichier
-   \ "fichier"
- 2 / Alias for an existing remote
-   \ "alias"
- 3 / Amazon Drive
-   \ "amazon cloud drive"
- 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, ChinaMobile, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Liara, Minio, and Tencent COS
-   \ "s3"
-[snip]
-Storage> s3
-```
+Properties:
 
-4. Select `TencentCOS` provider.
-```
-Choose a number from below, or type in your own value
-1 / Amazon Web Services (AWS) S3
-   \ "AWS"
-[snip]
-11 / Tencent Cloud Object Storage (COS)
-   \ "TencentCOS"
-[snip]
-provider> TencentCOS
-```
+- Config:      plex_password
+- Env Var:     RCLONE_CACHE_PLEX_PASSWORD
+- Type:        string
+- Required:    false
 
-5. Enter your SecretId and SecretKey of Tencent Cloud.
+#### --cache-chunk-size
 
-```
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Enter a boolean value (true or false). Press Enter for the default ("false").
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \ "false"
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \ "true"
-env_auth> 1
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default ("").
-access_key_id> AKIDxxxxxxxxxx
-AWS Secret Access Key (password)
-Leave blank for anonymous access or runtime credentials.
-Enter a string value. Press Enter for the default ("").
-secret_access_key> xxxxxxxxxxx
-```
+The size of a chunk (partial file data).
 
-6. Select endpoint for Tencent COS. This is the standard endpoint for different region.
+Use lower numbers for slower connections. If the chunk size is
+changed, any downloaded chunks will be invalid and cache-chunk-path
+will need to be cleared or unexpected EOF errors will occur.
 
-```
- 1 / Beijing Region.
-   \ "cos.ap-beijing.myqcloud.com"
- 2 / Nanjing Region.
-   \ "cos.ap-nanjing.myqcloud.com"
- 3 / Shanghai Region.
-   \ "cos.ap-shanghai.myqcloud.com"
- 4 / Guangzhou Region.
-   \ "cos.ap-guangzhou.myqcloud.com"
-[snip]
-endpoint> 4
-```
+Properties:
 
-7. Choose acl and storage class.
+- Config:      chunk_size
+- Env Var:     RCLONE_CACHE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Mi
+- Examples:
+    - "1M"
+        - 1 MiB
+    - "5M"
+        - 5 MiB
+    - "10M"
+        - 10 MiB
 
-```
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Owner gets Full_CONTROL. No one else has access rights (default).
-   \ "default"
-[snip]
-acl> 1
-The storage class to use when storing new objects in Tencent COS.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Default
-   \ ""
-[snip]
-storage_class> 1
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
---------------------
-[cos]
-type = s3
-provider = TencentCOS
-env_auth = false
-access_key_id = xxx
-secret_access_key = xxx
-endpoint = cos.ap-guangzhou.myqcloud.com
-acl = default
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
+#### --cache-info-age
 
-Name                 Type
-====                 ====
-cos                  s3
-```
+How long to cache file structure information (directory listings, file size, times, etc.). 
+If all write operations are done through the cache then you can safely make
+this value very large as the cache store will also be updated in real time.
 
-### Netease NOS
+Properties:
 
-For Netease NOS configure as per the configurator `rclone config`
-setting the provider `Netease`.  This will automatically set
-`force_path_style = false` which is necessary for it to run properly.
+- Config:      info_age
+- Env Var:     RCLONE_CACHE_INFO_AGE
+- Type:        Duration
+- Default:     6h0m0s
+- Examples:
+    - "1h"
+        - 1 hour
+    - "24h"
+        - 24 hours
+    - "48h"
+        - 48 hours
 
-### Storj
+#### --cache-chunk-total-size
 
-Storj is a decentralized cloud storage which can be used through its
-native protocol or an S3 compatible gateway.
+The total size that the chunks can take up on the local disk.
 
-The S3 compatible gateway is configured using `rclone config` with a
-type of `s3` and with a provider name of `Storj`. Here is an example
-run of the configurator.
+If the cache exceeds this value then it will start to delete the
+oldest chunks until it goes under this value.
 
-```
-Type of storage to configure.
-Storage> s3
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
-Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own boolean value (true or false).
-Press Enter for the default (false).
- 1 / Enter AWS credentials in the next step.
-   \ (false)
- 2 / Get AWS credentials from the environment (env vars or IAM).
-   \ (true)
-env_auth> 1
-Option access_key_id.
-AWS Access Key ID.
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-access_key_id> XXXX (as shown when creating the access grant)
-Option secret_access_key.
-AWS Secret Access Key (password).
-Leave blank for anonymous access or runtime credentials.
-Enter a value. Press Enter to leave empty.
-secret_access_key> XXXX (as shown when creating the access grant)
-Option endpoint.
-Endpoint of the Shared Gateway.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / EU1 Shared Gateway
-   \ (gateway.eu1.storjshare.io)
- 2 / US1 Shared Gateway
-   \ (gateway.us1.storjshare.io)
- 3 / Asia-Pacific Shared Gateway
-   \ (gateway.ap1.storjshare.io)
-endpoint> 1 (as shown when creating the access grant)
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
-```
+Properties:
 
-Note that s3 credentials are generated when you [create an access
-grant](https://docs.storj.io/dcs/api-reference/s3-compatible-gateway#usage).
+- Config:      chunk_total_size
+- Env Var:     RCLONE_CACHE_CHUNK_TOTAL_SIZE
+- Type:        SizeSuffix
+- Default:     10Gi
+- Examples:
+    - "500M"
+        - 500 MiB
+    - "1G"
+        - 1 GiB
+    - "10G"
+        - 10 GiB
 
-#### Backend quirks
+### Advanced options
 
-- `--chunk-size` is forced to be 64 MiB or greater. This will use more
-  memory than the default of 5 MiB.
-- Server side copy is disabled as it isn't currently supported in the
-  gateway.
-- GetTier and SetTier are not supported.
+Here are the Advanced options specific to cache (Cache a remote).
 
-#### Backend bugs
+#### --cache-plex-token
 
-Due to [issue #39](https://github.com/storj/gateway-mt/issues/39)
-uploading multipart files via the S3 gateway causes them to lose their
-metadata. For rclone's purpose this means that the modification time
-is not stored, nor is any MD5SUM (if one is available from the
-source).
+The plex token for authentication - auto set normally.
 
-This has the following consequences:
+Properties:
 
-- Using `rclone rcat` will fail as the medatada doesn't match after upload
-- Uploading files with `rclone mount` will fail for the same reason
-    - This can worked around by using `--vfs-cache-mode writes` or `--vfs-cache-mode full` or setting `--s3-upload-cutoff` large
-- Files uploaded via a multipart upload won't have their modtimes
-    - This will mean that `rclone sync` will likely keep trying to upload files bigger than `--s3-upload-cutoff`
-    - This can be worked around with `--checksum` or `--size-only` or setting `--s3-upload-cutoff` large
-    - The maximum value for `--s3-upload-cutoff` is 5GiB though
+- Config:      plex_token
+- Env Var:     RCLONE_CACHE_PLEX_TOKEN
+- Type:        string
+- Required:    false
 
-One general purpose workaround is to set `--s3-upload-cutoff 5G`. This
-means that rclone will upload files smaller than 5GiB as single parts.
-Note that this can be set in the config file with `upload_cutoff = 5G`
-or configured in the advanced settings. If you regularly transfer
-files larger than 5G then using `--checksum` or `--size-only` in
-`rclone sync` is the recommended workaround.
+#### --cache-plex-insecure
 
-#### Comparison with the native protocol
+Skip all certificate verification when connecting to the Plex server.
 
-Use the [the native protocol](/storj) to take advantage of
-client-side encryption as well as to achieve the best possible
-download performance. Uploads will be erasure-coded locally, thus a
-1gb upload will result in 2.68gb of data being uploaded to storage
-nodes across the network.
+Properties:
 
-Use this backend and the S3 compatible Hosted Gateway to increase
-upload performance and reduce the load on your systems and network.
-Uploads will be encrypted and erasure-coded server-side, thus a 1GB
-upload will result in only in 1GB of data being uploaded to storage
-nodes across the network.
+- Config:      plex_insecure
+- Env Var:     RCLONE_CACHE_PLEX_INSECURE
+- Type:        string
+- Required:    false
 
-For more detailed comparison please check the documentation of the
-[storj](/storj) backend.
+#### --cache-db-path
 
-## Limitations
+Directory to store file structure metadata DB.
 
-`rclone about` is not supported by the S3 backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+The remote name is used as the DB file name.
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+Properties:
 
-#  Backblaze B2
+- Config:      db_path
+- Env Var:     RCLONE_CACHE_DB_PATH
+- Type:        string
+- Default:     "$HOME/.cache/rclone/cache-backend"
 
-B2 is [Backblaze's cloud storage system](https://www.backblaze.com/b2/).
+#### --cache-chunk-path
 
-Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
-command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+Directory to cache chunk files.
 
-## Configuration
+Path to where partial file data (chunks) are stored locally. The remote
+name is appended to the final path.
 
-Here is an example of making a b2 configuration.  First run
+This config follows the "--cache-db-path". If you specify a custom
+location for "--cache-db-path" and don't specify one for "--cache-chunk-path"
+then "--cache-chunk-path" will use the same path as "--cache-db-path".
 
-    rclone config
+Properties:
 
-This will guide you through an interactive setup process.  To authenticate
-you will either need your Account ID (a short hex number) and Master
-Application Key (a long hex number) OR an Application Key, which is the
-recommended method. See below for further details on generating and using
-an Application Key.
+- Config:      chunk_path
+- Env Var:     RCLONE_CACHE_CHUNK_PATH
+- Type:        string
+- Default:     "$HOME/.cache/rclone/cache-backend"
 
-```
-No remotes found, make a new one?
-n) New remote
-q) Quit config
-n/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Backblaze B2
-   \ "b2"
-[snip]
-Storage> b2
-Account ID or Application Key ID
-account> 123456789abc
-Application Key
-key> 0123456789abcdef0123456789abcdef0123456789
-Endpoint for the service - leave blank normally.
-endpoint>
-Remote config
---------------------
-[remote]
-account = 123456789abc
-key = 0123456789abcdef0123456789abcdef0123456789
-endpoint =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+#### --cache-db-purge
 
-This remote is called `remote` and can now be used like this
+Clear all the cached data for this remote on start.
 
-See all buckets
+Properties:
 
-    rclone lsd remote:
+- Config:      db_purge
+- Env Var:     RCLONE_CACHE_DB_PURGE
+- Type:        bool
+- Default:     false
 
-Create a new bucket
+#### --cache-chunk-clean-interval
 
-    rclone mkdir remote:bucket
+How often should the cache perform cleanups of the chunk storage.
 
-List the contents of a bucket
+The default value should be ok for most people. If you find that the
+cache goes over "cache-chunk-total-size" too often then try to lower
+this value to force it to perform cleanups more often.
 
-    rclone ls remote:bucket
+Properties:
 
-Sync `/home/local/directory` to the remote bucket, deleting any
-excess files in the bucket.
+- Config:      chunk_clean_interval
+- Env Var:     RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
+- Type:        Duration
+- Default:     1m0s
 
-    rclone sync --interactive /home/local/directory remote:bucket
+#### --cache-read-retries
 
-### Application Keys
+How many times to retry a read from a cache storage.
 
-B2 supports multiple [Application Keys for different access permission
-to B2 Buckets](https://www.backblaze.com/b2/docs/application_keys.html).
+Since reading from a cache stream is independent from downloading file
+data, readers can get to a point where there's no more data in the
+cache.  Most of the times this can indicate a connectivity issue if
+cache isn't able to provide file data anymore.
 
-You can use these with rclone too; you will need to use rclone version 1.43
-or later.
+For really slow connections, increase this to a point where the stream is
+able to provide data but your experience will be very stuttering.
 
-Follow Backblaze's docs to create an Application Key with the required
-permission and add the `applicationKeyId` as the `account` and the
-`Application Key` itself as the `key`.
+Properties:
 
-Note that you must put the _applicationKeyId_ as the `account` – you
-can't use the master Account ID.  If you try then B2 will return 401
-errors.
+- Config:      read_retries
+- Env Var:     RCLONE_CACHE_READ_RETRIES
+- Type:        int
+- Default:     10
 
-### --fast-list
+#### --cache-workers
 
-This remote supports `--fast-list` which allows you to use fewer
-transactions in exchange for more memory. See the [rclone
-docs](https://rclone.org/docs/#fast-list) for more details.
+How many workers should run in parallel to download chunks.
 
-### Modified time
+Higher values will mean more parallel processing (better CPU needed)
+and more concurrent requests on the cloud provider.  This impacts
+several aspects like the cloud provider API limits, more stress on the
+hardware that rclone runs on but it also means that streams will be
+more fluid and data will be available much more faster to readers.
 
-The modified time is stored as metadata on the object as
-`X-Bz-Info-src_last_modified_millis` as milliseconds since 1970-01-01
-in the Backblaze standard.  Other tools should be able to use this as
-a modified time.
+**Note**: If the optional Plex integration is enabled then this
+setting will adapt to the type of reading performed and the value
+specified here will be used as a maximum number of workers to use.
 
-Modified times are used in syncing and are fully supported. Note that
-if a modification time needs to be updated on an object then it will
-create a new version of the object.
+Properties:
 
-### Restricted filename characters
+- Config:      workers
+- Env Var:     RCLONE_CACHE_WORKERS
+- Type:        int
+- Default:     4
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+#### --cache-chunk-no-memory
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| \         | 0x5C  | ＼           |
+Disable the in-memory cache for storing chunks during streaming.
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+By default, cache will keep file data during streaming in RAM as well
+to provide it to readers as fast as possible.
 
-Note that in 2020-05 Backblaze started allowing \ characters in file
-names. Rclone hasn't changed its encoding as this could cause syncs to
-re-transfer files. If you want rclone not to replace \ then see the
-`--b2-encoding` flag below and remove the `BackSlash` from the
-string. This can be set in the config.
+This transient data is evicted as soon as it is read and the number of
+chunks stored doesn't exceed the number of workers. However, depending
+on other settings like "cache-chunk-size" and "cache-workers" this footprint
+can increase if there are parallel streams too (multiple files being read
+at the same time).
 
-### SHA1 checksums
+If the hardware permits it, use this feature to provide an overall better
+performance during streaming but it can also be disabled if RAM is not
+available on the local machine.
 
-The SHA1 checksums of the files are checked on upload and download and
-will be used in the syncing process.
+Properties:
 
-Large files (bigger than the limit in `--b2-upload-cutoff`) which are
-uploaded in chunks will store their SHA1 on the object as
-`X-Bz-Info-large_file_sha1` as recommended by Backblaze.
+- Config:      chunk_no_memory
+- Env Var:     RCLONE_CACHE_CHUNK_NO_MEMORY
+- Type:        bool
+- Default:     false
 
-For a large file to be uploaded with an SHA1 checksum, the source
-needs to support SHA1 checksums. The local disk supports SHA1
-checksums so large file transfers from local disk will have an SHA1.
-See [the overview](https://rclone.org/overview/#features) for exactly which remotes
-support SHA1.
+#### --cache-rps
 
-Sources which don't support SHA1, in particular `crypt` will upload
-large files without SHA1 checksums.  This may be fixed in the future
-(see [#1767](https://github.com/rclone/rclone/issues/1767)).
+Limits the number of requests per second to the source FS (-1 to disable).
 
-Files sizes below `--b2-upload-cutoff` will always have an SHA1
-regardless of the source.
+This setting places a hard limit on the number of requests per second
+that cache will be doing to the cloud provider remote and try to
+respect that value by setting waits between reads.
 
-### Transfers
+If you find that you're getting banned or limited on the cloud
+provider through cache and know that a smaller number of requests per
+second will allow you to work with it then you can use this setting
+for that.
 
-Backblaze recommends that you do lots of transfers simultaneously for
-maximum speed.  In tests from my SSD equipped laptop the optimum
-setting is about `--transfers 32` though higher numbers may be used
-for a slight speed improvement. The optimum number for you may vary
-depending on your hardware, how big the files are, how much you want
-to load your computer, etc.  The default of `--transfers 4` is
-definitely too low for Backblaze B2 though.
+A good balance of all the other settings should make this setting
+useless but it is available to set for more special cases.
 
-Note that uploading big files (bigger than 200 MiB by default) will use
-a 96 MiB RAM buffer by default.  There can be at most `--transfers` of
-these in use at any moment, so this sets the upper limit on the memory
-used.
+**NOTE**: This will limit the number of requests during streams but
+other API calls to the cloud provider like directory listings will
+still pass.
 
-### Versions
+Properties:
 
-When rclone uploads a new version of a file it creates a [new version
-of it](https://www.backblaze.com/b2/docs/file_versions.html).
-Likewise when you delete a file, the old version will be marked hidden
-and still be available.  Conversely, you may opt in to a "hard delete"
-of files with the `--b2-hard-delete` flag which would permanently remove
-the file instead of hiding it.
+- Config:      rps
+- Env Var:     RCLONE_CACHE_RPS
+- Type:        int
+- Default:     -1
 
-Old versions of files, where available, are visible using the 
-`--b2-versions` flag.
+#### --cache-writes
 
-It is also possible to view a bucket as it was at a certain point in time,
-using the `--b2-version-at` flag. This will show the file versions as they
-were at that time, showing files that have been deleted afterwards, and
-hiding files that were created since.
+Cache file data on writes through the FS.
+
+If you need to read files immediately after you upload them through
+cache you can enable this flag to have their data stored in the
+cache store at the same time during upload.
 
-If you wish to remove all the old versions then you can use the
-`rclone cleanup remote:bucket` command which will delete all the old
-versions of files, leaving the current ones intact.  You can also
-supply a path and only old versions under that path will be deleted,
-e.g. `rclone cleanup remote:bucket/path/to/stuff`.
+Properties:
 
-Note that `cleanup` will remove partially uploaded files from the bucket
-if they are more than a day old.
+- Config:      writes
+- Env Var:     RCLONE_CACHE_WRITES
+- Type:        bool
+- Default:     false
 
-When you `purge` a bucket, the current and the old versions will be
-deleted then the bucket will be deleted.
+#### --cache-tmp-upload-path
 
-However `delete` will cause the current versions of the files to
-become hidden old versions.
+Directory to keep temporary files until they are uploaded.
 
-Here is a session showing the listing and retrieval of an old
-version followed by a `cleanup` of the old versions.
+This is the path where cache will use as a temporary storage for new
+files that need to be uploaded to the cloud provider.
 
-Show current version and all the versions with `--b2-versions` flag.
+Specifying a value will enable this feature. Without it, it is
+completely disabled and files will be uploaded directly to the cloud
+provider
 
-```
-$ rclone -q ls b2:cleanup-test
-        9 one.txt
+Properties:
 
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt
-```
+- Config:      tmp_upload_path
+- Env Var:     RCLONE_CACHE_TMP_UPLOAD_PATH
+- Type:        string
+- Required:    false
 
-Retrieve an old version
+#### --cache-tmp-wait-time
 
-```
-$ rclone -q --b2-versions copy b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
+How long should files be stored in local cache before being uploaded.
 
-$ ls -l /tmp/one-v2016-07-04-141003-000.txt
--rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
-```
+This is the duration that a file must wait in the temporary location
+_cache-tmp-upload-path_ before it is selected for upload.
 
-Clean up all the old versions and show that they've gone.
+Note that only one file is uploaded at a time and it can take longer
+to start the upload if a queue formed for this purpose.
 
-```
-$ rclone -q cleanup b2:cleanup-test
+Properties:
 
-$ rclone -q ls b2:cleanup-test
-        9 one.txt
+- Config:      tmp_wait_time
+- Env Var:     RCLONE_CACHE_TMP_WAIT_TIME
+- Type:        Duration
+- Default:     15s
 
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
-```
+#### --cache-db-wait-time
 
-### Data usage
+How long to wait for the DB to be available - 0 is unlimited.
 
-It is useful to know how many requests are sent to the server in different scenarios.
+Only one process can have the DB open at any one time, so rclone waits
+for this duration for the DB to become available before it gives an
+error.
 
-All copy commands send the following 4 requests:
+If you set it to 0 then it will wait forever.
 
-```
-/b2api/v1/b2_authorize_account
-/b2api/v1/b2_create_bucket
-/b2api/v1/b2_list_buckets
-/b2api/v1/b2_list_file_names
-```
+Properties:
 
-The `b2_list_file_names` request will be sent once for every 1k files
-in the remote path, providing the checksum and modification time of
-the listed files. As of version 1.33 issue
-[#818](https://github.com/rclone/rclone/issues/818) causes extra requests
-to be sent when using B2 with Crypt. When a copy operation does not
-require any files to be uploaded, no more requests will be sent.
+- Config:      db_wait_time
+- Env Var:     RCLONE_CACHE_DB_WAIT_TIME
+- Type:        Duration
+- Default:     1s
 
-Uploading files that do not require chunking, will send 2 requests per
-file upload:
+## Backend commands
 
-```
-/b2api/v1/b2_get_upload_url
-/b2api/v1/b2_upload_file/
-```
+Here are the commands specific to the cache backend.
 
-Uploading files requiring chunking, will send 2 requests (one each to
-start and finish the upload) and another 2 requests for each chunk:
+Run them with
 
-```
-/b2api/v1/b2_start_large_file
-/b2api/v1/b2_get_upload_part_url
-/b2api/v1/b2_upload_part/
-/b2api/v1/b2_finish_large_file
-```
+    rclone backend COMMAND remote:
 
-#### Versions
+The help below will explain what arguments each command takes.
 
-Versions can be viewed with the `--b2-versions` flag. When it is set
-rclone will show and act on older versions of files.  For example
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
 
-Listing without `--b2-versions`
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
 
-```
-$ rclone -q ls b2:cleanup-test
-        9 one.txt
-```
+### stats
 
-And with
+Print stats on the cache backend in JSON format.
 
-```
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt
-```
+    rclone backend stats remote: [options] [<arguments>+]
 
-Showing that the current version is unchanged but older versions can
-be seen.  These have the UTC date that they were uploaded to the
-server to the nearest millisecond appended to them.
 
-Note that when using `--b2-versions` no file write operations are
-permitted, so you can't upload files or delete them.
 
-### B2 and rclone link
+#  Chunker
 
-Rclone supports generating file share links for private B2 buckets.
-They can either be for a file for example:
+The `chunker` overlay transparently splits large files into smaller chunks
+during upload to wrapped remote and transparently assembles them back
+when the file is downloaded. This allows to effectively overcome size limits
+imposed by storage providers.
 
-```
-./rclone link B2:bucket/path/to/file.txt
-https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
+## Configuration
 
-```
+To use it, first set up the underlying remote following the configuration
+instructions for that remote. You can also use a local pathname instead of
+a remote.
 
-or if run on a directory you will get:
+First check your chosen remote is working - we'll call it `remote:path` here.
+Note that anything inside `remote:path` will be chunked and anything outside
+won't. This means that if you are using a bucket-based remote (e.g. S3, B2, swift)
+then you should probably put the bucket in the remote `s3:bucket`.
+
+Now configure `chunker` using `rclone config`. We will call this one `overlay`
+to separate it from the `remote` itself.
 
 ```
-./rclone link B2:bucket/path
-https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> overlay
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Transparently chunk/split large files
+   \ "chunker"
+[snip]
+Storage> chunker
+Remote to chunk/unchunk.
+Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+"myremote:bucket" or maybe "myremote:" (not recommended).
+Enter a string value. Press Enter for the default ("").
+remote> remote:path
+Files larger than chunk size will be split in chunks.
+Enter a size with suffix K,M,G,T. Press Enter for the default ("2G").
+chunk_size> 100M
+Choose how chunker handles hash sums. All modes but "none" require metadata.
+Enter a string value. Press Enter for the default ("md5").
+Choose a number from below, or type in your own value
+ 1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise
+   \ "none"
+ 2 / MD5 for composite files
+   \ "md5"
+ 3 / SHA1 for composite files
+   \ "sha1"
+ 4 / MD5 for all files
+   \ "md5all"
+ 5 / SHA1 for all files
+   \ "sha1all"
+ 6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported
+   \ "md5quick"
+ 7 / Similar to "md5quick" but prefers SHA1 over MD5
+   \ "sha1quick"
+hash_type> md5
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> n
+Remote config
+--------------------
+[overlay]
+type = chunker
+remote = remote:bucket
+chunk_size = 100M
+hash_type = md5
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
 ```
 
-you can then use the authorization token (the part of the url from the
- `?Authorization=` on) on any file path under that directory. For example:
+### Specifying the remote
 
-```
-https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx
-https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx
-https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx
+In normal use, make sure the remote has a `:` in. If you specify the remote
+without a `:` then rclone will use a local directory of that name.
+So if you use a remote of `/path/to/secret/files` then rclone will
+chunk stuff in that directory. If you use a remote of `name` then rclone
+will put files in a directory called `name` in the current directory.
 
-```
 
+### Chunking
 
-### Standard options
+When rclone starts a file upload, chunker checks the file size. If it
+doesn't exceed the configured chunk size, chunker will just pass the file
+to the wrapped remote (however, see caveat below). If a file is large, chunker will transparently cut
+data in pieces with temporary names and stream them one by one, on the fly.
+Each data chunk will contain the specified number of bytes, except for the
+last one which may have less data. If file size is unknown in advance
+(this is called a streaming upload), chunker will internally create
+a temporary copy, record its size and repeat the above process.
 
-Here are the Standard options specific to b2 (Backblaze B2).
+When upload completes, temporary chunk files are finally renamed.
+This scheme guarantees that operations can be run in parallel and look
+from outside as atomic.
+A similar method with hidden temporary chunks is used for other operations
+(copy/move/rename, etc.). If an operation fails, hidden chunks are normally
+destroyed, and the target composite file stays intact.
 
-#### --b2-account
+When a composite file download is requested, chunker transparently
+assembles it by concatenating data chunks in order. As the split is trivial
+one could even manually concatenate data chunks together to obtain the
+original content.
 
-Account ID or Application Key ID.
+When the `list` rclone command scans a directory on wrapped remote,
+the potential chunk files are accounted for, grouped and assembled into
+composite directory entries. Any temporary chunks are hidden.
 
-Properties:
+List and other commands can sometimes come across composite files with
+missing or invalid chunks, e.g. shadowed by like-named directory or
+another file. This usually means that wrapped file system has been directly
+tampered with or damaged. If chunker detects a missing chunk it will
+by default print warning, skip the whole incomplete group of chunks but
+proceed with current command.
+You can set the `--chunker-fail-hard` flag to have commands abort with
+error message in such cases.
 
-- Config:      account
-- Env Var:     RCLONE_B2_ACCOUNT
-- Type:        string
-- Required:    true
+**Caveat**: As it is now, chunker will always create a temporary file in the 
+backend and then rename it, even if the file is below the chunk threshold.
+This will result in unnecessary API calls and can severely restrict throughput
+when handling transfers primarily composed of small files on some backends (e.g. Box).
+A workaround to this issue is to use chunker only for files above the chunk threshold
+via `--min-size` and then perform a separate call without chunker on the remaining
+files. 
 
-#### --b2-key
 
-Application Key.
+#### Chunk names
 
-Properties:
+The default chunk name format is `*.rclone_chunk.###`, hence by default
+chunk names are `BIG_FILE_NAME.rclone_chunk.001`,
+`BIG_FILE_NAME.rclone_chunk.002` etc. You can configure another name format
+using the `name_format` configuration file option. The format uses asterisk
+`*` as a placeholder for the base file name and one or more consecutive
+hash characters `#` as a placeholder for sequential chunk number.
+There must be one and only one asterisk. The number of consecutive hash
+characters defines the minimum length of a string representing a chunk number.
+If decimal chunk number has less digits than the number of hashes, it is
+left-padded by zeros. If the decimal string is longer, it is left intact.
+By default numbering starts from 1 but there is another option that allows
+user to start from 0, e.g. for compatibility with legacy software.
 
-- Config:      key
-- Env Var:     RCLONE_B2_KEY
-- Type:        string
-- Required:    true
+For example, if name format is `big_*-##.part` and original file name is
+`data.txt` and numbering starts from 0, then the first chunk will be named
+`big_data.txt-00.part`, the 99th chunk will be `big_data.txt-98.part`
+and the 302nd chunk will become `big_data.txt-301.part`.
 
-#### --b2-hard-delete
+Note that `list` assembles composite directory entries only when chunk names
+match the configured format and treats non-conforming file names as normal
+non-chunked files.
 
-Permanently delete files on remote removal, otherwise hide files.
+When using `norename` transactions, chunk names will additionally have a unique
+file version suffix. For example, `BIG_FILE_NAME.rclone_chunk.001_bp562k`.
 
-Properties:
 
-- Config:      hard_delete
-- Env Var:     RCLONE_B2_HARD_DELETE
-- Type:        bool
-- Default:     false
+### Metadata
 
-### Advanced options
+Besides data chunks chunker will by default create metadata object for
+a composite file. The object is named after the original file.
+Chunker allows user to disable metadata completely (the `none` format).
+Note that metadata is normally not created for files smaller than the
+configured chunk size. This may change in future rclone releases.
 
-Here are the Advanced options specific to b2 (Backblaze B2).
+#### Simple JSON metadata format
 
-#### --b2-endpoint
+This is the default format. It supports hash sums and chunk validation
+for composite files. Meta objects carry the following fields:
 
-Endpoint for the service.
+- `ver`     - version of format, currently `1`
+- `size`    - total size of composite file
+- `nchunks` - number of data chunks in file
+- `md5`     - MD5 hashsum of composite file (if present)
+- `sha1`    - SHA1 hashsum (if present)
+- `txn`     - identifies current version of the file
 
-Leave blank normally.
+There is no field for composite file name as it's simply equal to the name
+of meta object on the wrapped remote. Please refer to respective sections
+for details on hashsums and modified time handling.
 
-Properties:
+#### No metadata
 
-- Config:      endpoint
-- Env Var:     RCLONE_B2_ENDPOINT
-- Type:        string
-- Required:    false
+You can disable meta objects by setting the meta format option to `none`.
+In this mode chunker will scan directory for all files that follow
+configured chunk name format, group them by detecting chunks with the same
+base name and show group names as virtual composite files.
+This method is more prone to missing chunk errors (especially missing
+last chunk) than format with metadata enabled.
 
-#### --b2-test-mode
 
-A flag string for X-Bz-Test-Mode header for debugging.
+### Hashsums
 
-This is for debugging purposes only. Setting it to one of the strings
-below will cause b2 to return specific errors:
+Chunker supports hashsums only when a compatible metadata is present.
+Hence, if you choose metadata format of `none`, chunker will report hashsum
+as `UNSUPPORTED`.
 
-  * "fail_some_uploads"
-  * "expire_some_account_authorization_tokens"
-  * "force_cap_exceeded"
+Please note that by default metadata is stored only for composite files.
+If a file is smaller than configured chunk size, chunker will transparently
+redirect hash requests to wrapped remote, so support depends on that.
+You will see the empty string as a hashsum of requested type for small
+files if the wrapped remote doesn't support it.
 
-These will be set in the "X-Bz-Test-Mode" header which is documented
-in the [b2 integrations checklist](https://www.backblaze.com/b2/docs/integration_checklist.html).
+Many storage backends support MD5 and SHA1 hash types, so does chunker.
+With chunker you can choose one or another but not both.
+MD5 is set by default as the most supported type.
+Since chunker keeps hashes for composite files and falls back to the
+wrapped remote hash for non-chunked ones, we advise you to choose the same
+hash type as supported by wrapped remote so that your file listings
+look coherent.
 
-Properties:
+If your storage backend does not support MD5 or SHA1 but you need consistent
+file hashing, configure chunker with `md5all` or `sha1all`. These two modes
+guarantee given hash for all files. If wrapped remote doesn't support it,
+chunker will then add metadata to all files, even small. However, this can
+double the amount of small files in storage and incur additional service charges.
+You can even use chunker to force md5/sha1 support in any other remote
+at expense of sidecar meta objects by setting e.g. `hash_type=sha1all`
+to force hashsums and `chunk_size=1P` to effectively disable chunking.
 
-- Config:      test_mode
-- Env Var:     RCLONE_B2_TEST_MODE
-- Type:        string
-- Required:    false
+Normally, when a file is copied to chunker controlled remote, chunker
+will ask the file source for compatible file hash and revert to on-the-fly
+calculation if none is found. This involves some CPU overhead but provides
+a guarantee that given hashsum is available. Also, chunker will reject
+a server-side copy or move operation if source and destination hashsum
+types are different resulting in the extra network bandwidth, too.
+In some rare cases this may be undesired, so chunker provides two optional
+choices: `sha1quick` and `md5quick`. If the source does not support primary
+hash type and the quick mode is enabled, chunker will try to fall back to
+the secondary type. This will save CPU and bandwidth but can result in empty
+hashsums at destination. Beware of consequences: the `sync` command will
+revert (sometimes silently) to time/size comparison if compatible hashsums
+between source and target are not found.
 
-#### --b2-versions
 
-Include old versions in directory listings.
+### Modification times
 
-Note that when using this no file write operations are permitted,
-so you can't upload files or delete them.
+Chunker stores modification times using the wrapped remote so support
+depends on that. For a small non-chunked file the chunker overlay simply
+manipulates modification time of the wrapped remote file.
+For a composite file with metadata chunker will get and set
+modification time of the metadata object on the wrapped remote.
+If file is chunked but metadata format is `none` then chunker will
+use modification time of the first data chunk.
 
-Properties:
 
-- Config:      versions
-- Env Var:     RCLONE_B2_VERSIONS
-- Type:        bool
-- Default:     false
+### Migrations
 
-#### --b2-version-at
+The idiomatic way to migrate to a different chunk size, hash type, transaction
+style or chunk naming scheme is to:
 
-Show file versions as they were at the specified time.
+- Collect all your chunked files under a directory and have your
+  chunker remote point to it.
+- Create another directory (most probably on the same cloud storage)
+  and configure a new remote with desired metadata format,
+  hash type, chunk naming etc.
+- Now run `rclone sync --interactive oldchunks: newchunks:` and all your data
+  will be transparently converted in transfer.
+  This may take some time, yet chunker will try server-side
+  copy if possible.
+- After checking data integrity you may remove configuration section
+  of the old remote.
 
-Note that when using this no file write operations are permitted,
-so you can't upload files or delete them.
+If rclone gets killed during a long operation on a big composite file,
+hidden temporary chunks may stay in the directory. They will not be
+shown by the `list` command but will eat up your account quota.
+Please note that the `deletefile` command deletes only active
+chunks of a file. As a workaround, you can use remote of the wrapped
+file system to see them.
+An easy way to get rid of hidden garbage is to copy littered directory
+somewhere using the chunker remote and purge the original directory.
+The `copy` command will copy only active chunks while the `purge` will
+remove everything including garbage.
 
-Properties:
 
-- Config:      version_at
-- Env Var:     RCLONE_B2_VERSION_AT
-- Type:        Time
-- Default:     off
+### Caveats and Limitations
 
-#### --b2-upload-cutoff
+Chunker requires wrapped remote to support server-side `move` (or `copy` +
+`delete`) operations, otherwise it will explicitly refuse to start.
+This is because it internally renames temporary chunk files to their final
+names when an operation completes successfully.
 
-Cutoff for switching to chunked upload.
+Chunker encodes chunk number in file name, so with default `name_format`
+setting it adds 17 characters. Also chunker adds 7 characters of temporary
+suffix during operations. Many file systems limit base file name without path
+by 255 characters. Using rclone's crypt remote as a base file system limits
+file name by 143 characters. Thus, maximum name length is 231 for most files
+and 119 for chunker-over-crypt. A user in need can change name format to
+e.g. `*.rcc##` and save 10 characters (provided at most 99 chunks per file).
 
-Files above this size will be uploaded in chunks of "--b2-chunk-size".
+Note that a move implemented using the copy-and-delete method may incur
+double charging with some cloud storage providers.
 
-This value should be set no larger than 4.657 GiB (== 5 GB).
+Chunker will not automatically rename existing chunks when you run
+`rclone config` on a live remote and change the chunk name format.
+Beware that in result of this some files which have been treated as chunks
+before the change can pop up in directory listings as normal files
+and vice versa. The same warning holds for the chunk size.
+If you desperately need to change critical chunking settings, you should
+run data migration as described above.
 
-Properties:
+If wrapped remote is case insensitive, the chunker overlay will inherit
+that property (so you can't have a file called "Hello.doc" and "hello.doc"
+in the same directory).
 
-- Config:      upload_cutoff
-- Env Var:     RCLONE_B2_UPLOAD_CUTOFF
-- Type:        SizeSuffix
-- Default:     200Mi
+Chunker included in rclone releases up to `v1.54` can sometimes fail to
+detect metadata produced by recent versions of rclone. We recommend users
+to keep rclone up-to-date to avoid data corruption.
 
-#### --b2-copy-cutoff
+Changing `transactions` is dangerous and requires explicit migration.
 
-Cutoff for switching to multipart copy.
 
-Any files larger than this that need to be server-side copied will be
-copied in chunks of this size.
+### Standard options
 
-The minimum is 0 and the maximum is 4.6 GiB.
+Here are the Standard options specific to chunker (Transparently chunk/split large files).
 
-Properties:
+#### --chunker-remote
 
-- Config:      copy_cutoff
-- Env Var:     RCLONE_B2_COPY_CUTOFF
-- Type:        SizeSuffix
-- Default:     4Gi
+Remote to chunk/unchunk.
 
-#### --b2-chunk-size
+Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+"myremote:bucket" or maybe "myremote:" (not recommended).
 
-Upload chunk size.
+Properties:
 
-When uploading large files, chunk the file into this size.
+- Config:      remote
+- Env Var:     RCLONE_CHUNKER_REMOTE
+- Type:        string
+- Required:    true
 
-Must fit in memory. These chunks are buffered in memory and there
-might a maximum of "--transfers" chunks in progress at once.
+#### --chunker-chunk-size
 
-5,000,000 Bytes is the minimum size.
+Files larger than chunk size will be split in chunks.
 
 Properties:
 
 - Config:      chunk_size
-- Env Var:     RCLONE_B2_CHUNK_SIZE
+- Env Var:     RCLONE_CHUNKER_CHUNK_SIZE
 - Type:        SizeSuffix
-- Default:     96Mi
+- Default:     2Gi
 
-#### --b2-disable-checksum
+#### --chunker-hash-type
 
-Disable checksums for large (> upload cutoff) files.
+Choose how chunker handles hash sums.
 
-Normally rclone will calculate the SHA1 checksum of the input before
-uploading it so it can add it to metadata on the object. This is great
-for data integrity checking but can cause long delays for large files
-to start uploading.
+All modes but "none" require metadata.
 
 Properties:
 
-- Config:      disable_checksum
-- Env Var:     RCLONE_B2_DISABLE_CHECKSUM
-- Type:        bool
-- Default:     false
+- Config:      hash_type
+- Env Var:     RCLONE_CHUNKER_HASH_TYPE
+- Type:        string
+- Default:     "md5"
+- Examples:
+    - "none"
+        - Pass any hash supported by wrapped remote for non-chunked files.
+        - Return nothing otherwise.
+    - "md5"
+        - MD5 for composite files.
+    - "sha1"
+        - SHA1 for composite files.
+    - "md5all"
+        - MD5 for all files.
+    - "sha1all"
+        - SHA1 for all files.
+    - "md5quick"
+        - Copying a file to chunker will request MD5 from the source.
+        - Falling back to SHA1 if unsupported.
+    - "sha1quick"
+        - Similar to "md5quick" but prefers SHA1 over MD5.
 
-#### --b2-download-url
+### Advanced options
 
-Custom endpoint for downloads.
+Here are the Advanced options specific to chunker (Transparently chunk/split large files).
 
-This is usually set to a Cloudflare CDN URL as Backblaze offers
-free egress for data downloaded through the Cloudflare network.
-Rclone works with private buckets by sending an "Authorization" header.
-If the custom endpoint rewrites the requests for authentication,
-e.g., in Cloudflare Workers, this header needs to be handled properly.
-Leave blank if you want to use the endpoint provided by Backblaze.
+#### --chunker-name-format
 
-The URL provided here SHOULD have the protocol and SHOULD NOT have
-a trailing slash or specify the /file/bucket subpath as rclone will
-request files with "{download_url}/file/{bucket_name}/{path}".
+String format of chunk file names.
 
-Example:
-> https://mysubdomain.mydomain.tld
-(No trailing "/", "file" or "bucket")
+The two placeholders are: base file name (*) and chunk number (#...).
+There must be one and only one asterisk and one or more consecutive hash characters.
+If chunk number has less digits than the number of hashes, it is left-padded by zeros.
+If there are more digits in the number, they are left as is.
+Possible chunk files are ignored if their name does not match given format.
 
 Properties:
 
-- Config:      download_url
-- Env Var:     RCLONE_B2_DOWNLOAD_URL
+- Config:      name_format
+- Env Var:     RCLONE_CHUNKER_NAME_FORMAT
 - Type:        string
-- Required:    false
+- Default:     "*.rclone_chunk.###"
 
-#### --b2-download-auth-duration
+#### --chunker-start-from
 
-Time before the authorization token will expire in s or suffix ms|s|m|h|d.
+Minimum valid chunk number. Usually 0 or 1.
 
-The duration before the download authorization token will expire.
-The minimum value is 1 second. The maximum value is one week.
+By default chunk numbers start from 1.
 
 Properties:
 
-- Config:      download_auth_duration
-- Env Var:     RCLONE_B2_DOWNLOAD_AUTH_DURATION
-- Type:        Duration
-- Default:     1w
+- Config:      start_from
+- Env Var:     RCLONE_CHUNKER_START_FROM
+- Type:        int
+- Default:     1
 
-#### --b2-memory-pool-flush-time
+#### --chunker-meta-format
+
+Format of the metadata object or "none".
 
-How often internal memory buffer pools will be flushed.
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.
+By default "simplejson".
+Metadata is a small JSON file named after the composite file.
 
 Properties:
 
-- Config:      memory_pool_flush_time
-- Env Var:     RCLONE_B2_MEMORY_POOL_FLUSH_TIME
-- Type:        Duration
-- Default:     1m0s
+- Config:      meta_format
+- Env Var:     RCLONE_CHUNKER_META_FORMAT
+- Type:        string
+- Default:     "simplejson"
+- Examples:
+    - "none"
+        - Do not use metadata files at all.
+        - Requires hash type "none".
+    - "simplejson"
+        - Simple JSON supports hash sums and chunk validation.
+        - 
+        - It has the following fields: ver, size, nchunks, md5, sha1.
 
-#### --b2-memory-pool-use-mmap
+#### --chunker-fail-hard
 
-Whether to use mmap buffers in internal memory pool.
+Choose how chunker should handle files with missing or invalid chunks.
 
 Properties:
 
-- Config:      memory_pool_use_mmap
-- Env Var:     RCLONE_B2_MEMORY_POOL_USE_MMAP
+- Config:      fail_hard
+- Env Var:     RCLONE_CHUNKER_FAIL_HARD
 - Type:        bool
 - Default:     false
+- Examples:
+    - "true"
+        - Report errors and abort current command.
+    - "false"
+        - Warn user, skip incomplete file and proceed.
 
-#### --b2-encoding
-
-The encoding for the backend.
+#### --chunker-transactions
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Choose how chunker should handle temporary files during transactions.
 
 Properties:
 
-- Config:      encoding
-- Env Var:     RCLONE_B2_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
-
-
-
-## Limitations
-
-`rclone about` is not supported by the B2 backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
-
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+- Config:      transactions
+- Env Var:     RCLONE_CHUNKER_TRANSACTIONS
+- Type:        string
+- Default:     "rename"
+- Examples:
+    - "rename"
+        - Rename temporary files after a successful transaction.
+    - "norename"
+        - Leave temporary file names and write transaction ID to metadata file.
+        - Metadata is required for no rename transactions (meta format cannot be "none").
+        - If you are using norename transactions you should be careful not to downgrade Rclone
+        - as older versions of Rclone don't support this transaction style and will misinterpret
+        - files manipulated by norename transactions.
+        - This method is EXPERIMENTAL, don't use on production systems.
+    - "auto"
+        - Rename or norename will be used depending on capabilities of the backend.
+        - If meta format is set to "none", rename transactions will always be used.
+        - This method is EXPERIMENTAL, don't use on production systems.
 
-#  Box
 
-Paths are specified as `remote:path`
 
-Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+#  Citrix ShareFile
 
-The initial setup for Box involves getting a token from Box which you
-can do either in your browser, or with a config.json downloaded from Box
-to use JWT authentication.  `rclone config` walks you through it.
+[Citrix ShareFile](https://sharefile.com) is a secure file sharing and transfer service aimed as business.
 
 ## Configuration
 
+The initial setup for Citrix ShareFile involves getting a token from
+Citrix ShareFile which you can in your browser.  `rclone config` walks you
+through it.
+
 Here is an example of how to make a remote called `remote`.  First run:
 
      rclone config
@@ -23843,32 +29146,34 @@ q) Quit config
 n/s/q> n
 name> remote
 Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Box
-   \ "box"
-[snip]
-Storage> box
-Box App Client Id - leave blank normally.
-client_id> 
-Box App Client Secret - leave blank normally.
-client_secret>
-Box App config.json location
-Leave blank normally.
-Enter a string value. Press Enter for the default ("").
-box_config_file>
-Box App Primary Access Token
-Leave blank normally.
 Enter a string value. Press Enter for the default ("").
-access_token>
+Choose a number from below, or type in your own value
+XX / Citrix Sharefile
+   \ "sharefile"
+Storage> sharefile
+** See help for sharefile backend at: https://rclone.org/sharefile/ **
 
-Enter a string value. Press Enter for the default ("user").
+ID of the root folder
+
+Leave blank to access "Personal Folders".  You can use one of the
+standard values here or any folder ID (long hex number ID).
+Enter a string value. Press Enter for the default ("").
 Choose a number from below, or type in your own value
- 1 / Rclone should act on behalf of a user
-   \ "user"
- 2 / Rclone should act on behalf of a service account
-   \ "enterprise"
-box_sub_type>
+ 1 / Access the Personal Folders. (Default)
+   \ ""
+ 2 / Access the Favorites folder.
+   \ "favorites"
+ 3 / Access all the shared folders.
+   \ "allshared"
+ 4 / Access all the individual connectors.
+   \ "connectors"
+ 5 / Access the home, favorites, and shared folders as well as the connectors.
+   \ "top"
+root_folder_id> 
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> n
 Remote config
 Use web browser to automatically authenticate rclone with remote?
  * Say Y if the machine running rclone has a web browser you can use
@@ -23877,15 +29182,15 @@ If not sure try Y. If Y failed, try N.
 y) Yes
 n) No
 y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX
 Log in and authorize rclone for access
 Waiting for code...
 Got code
 --------------------
 [remote]
-client_id = 
-client_secret = 
-token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"XXX"}
+type = sharefile
+endpoint = https://XXX.sharefile.com
+token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2019-09-30T19:41:45.878561877+01:00"}
 --------------------
 y) Yes this is OK
 e) Edit this remote
@@ -23897,1876 +29202,1876 @@ See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it
 machine with no Internet browser available.
 
 Note that rclone runs a webserver on your local machine to collect the
-token as returned from Box. This only runs from the moment it opens
+token as returned from Citrix ShareFile. This only runs from the moment it opens
 your browser to the moment you get back the verification code.  This
 is on `http://127.0.0.1:53682/` and this it may require you to unblock
 it temporarily if you are running a host firewall.
 
 Once configured you can then use `rclone` like this,
 
-List directories in top level of your Box
+List directories in top level of your ShareFile
 
     rclone lsd remote:
 
-List all the files in your Box
+List all the files in your ShareFile
 
     rclone ls remote:
 
-To copy a local directory to an Box directory called backup
+To copy a local directory to an ShareFile directory called backup
 
     rclone copy /home/source remote:backup
 
-### Using rclone with an Enterprise account with SSO
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-If you have an "Enterprise" account type with Box with single sign on
-(SSO), you need to create a password to use Box with rclone. This can
-be done at your Enterprise Box account by going to Settings, "Account"
-Tab, and then set the password in the "Authentication" field.
+### Modification times and hashes
 
-Once you have done this, you can setup your Enterprise Box account
-using the same procedure detailed above in the, using the password you
-have just set.
+ShareFile allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
 
-### Invalid refresh token
+ShareFile supports MD5 type hashes, so you can use the `--checksum`
+flag.
 
-According to the [box docs](https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens):
+### Transfers
 
-> Each refresh_token is valid for one use in 60 days.
+For files above 128 MiB rclone will use a chunked transfer.  Rclone will
+upload up to `--transfers` chunks at the same time (shared among all
+the multipart uploads).  Chunks are buffered in memory and are
+normally 64 MiB so increasing `--transfers` will increase memory use.
 
-This means that if you
+### Restricted filename characters
 
-  * Don't use the box remote for 60 days
-  * Copy the config file with a box refresh token in and use it in two places
-  * Get an error on a token refresh
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
 
-then rclone will return an error which includes the text `Invalid
-refresh token`.
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \\        | 0x5C  | ＼           |
+| *         | 0x2A  | ＊           |
+| <         | 0x3C  | ＜           |
+| >         | 0x3E  | ＞           |
+| ?         | 0x3F  | ？           |
+| :         | 0x3A  | ：           |
+| \|        | 0x7C  | ｜           |
+| "         | 0x22  | ＂           |
 
-To fix this you will need to use oauth2 again to update the refresh
-token.  You can use the methods in [the remote setup
-docs](https://rclone.org/remote_setup/), bearing in mind that if you use the copy the
-config file method, you should not use that remote on the computer you
-did the authentication on.
+File names can also not start or end with the following characters.
+These only get replaced if they are the first or last character in the
+name:
 
-Here is how to do it.
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
+| .         | 0x2E  | ．           |
 
-```
-$ rclone config
-Current remotes:
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-Name                 Type
-====                 ====
-remote               box
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> e
-Choose a number from below, or type in an existing value
- 1 > remote
-remote> remote
---------------------
-[remote]
-type = box
-token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2017-07-08T23:40:08.059167677+01:00"}
---------------------
-Edit remote
-Value "client_id" = ""
-Edit? (y/n)>
-y) Yes
-n) No
-y/n> n
-Value "client_secret" = ""
-Edit? (y/n)>
-y) Yes
-n) No
-y/n> n
-Remote config
-Already have a token - refresh?
-y) Yes
-n) No
-y/n> y
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = box
-token = {"access_token":"YYY","token_type":"bearer","refresh_token":"YYY","expiry":"2017-07-23T12:22:29.259137901+01:00"}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+### Standard options
 
-### Modified time and hashes
+Here are the Standard options specific to sharefile (Citrix Sharefile).
 
-Box allows modification times to be set on objects accurate to 1
-second.  These will be used to detect whether objects need syncing or
-not.
+#### --sharefile-client-id
 
-Box supports SHA1 type hashes, so you can use the `--checksum`
-flag.
+OAuth Client Id.
 
-### Restricted filename characters
+Leave blank normally.
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+Properties:
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| \         | 0x5C  | ＼           |
+- Config:      client_id
+- Env Var:     RCLONE_SHAREFILE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --sharefile-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_SHAREFILE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --sharefile-root-folder-id
+
+ID of the root folder.
+
+Leave blank to access "Personal Folders".  You can use one of the
+standard values here or any folder ID (long hex number ID).
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_SHAREFILE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - Access the Personal Folders (default).
+    - "favorites"
+        - Access the Favorites folder.
+    - "allshared"
+        - Access all the shared folders.
+    - "connectors"
+        - Access all the individual connectors.
+    - "top"
+        - Access the home, favorites, and shared folders as well as the connectors.
+
+### Advanced options
+
+Here are the Advanced options specific to sharefile (Citrix Sharefile).
+
+#### --sharefile-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_SHAREFILE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --sharefile-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_SHAREFILE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --sharefile-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_SHAREFILE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --sharefile-upload-cutoff
+
+Cutoff for switching to multipart upload.
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_SHAREFILE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     128Mi
+
+#### --sharefile-chunk-size
+
+Upload chunk size.
+
+Must a power of 2 >= 256k.
+
+Making this larger will improve performance, but note that each chunk
+is buffered in memory one per transfer.
+
+Reducing this will reduce memory usage but decrease performance.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_SHAREFILE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     64Mi
+
+#### --sharefile-endpoint
+
+Endpoint for API calls.
+
+This is usually auto discovered as part of the oauth process, but can
+be set manually to something like: https://XXX.sharefile.com
+
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_SHAREFILE_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --sharefile-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_SHAREFILE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+
+## Limitations
+
+Note that ShareFile is case insensitive so you can't have a file called
+"Hello.doc" and one called "hello.doc".
+
+ShareFile only supports filenames up to 256 characters in length.
+
+`rclone about` is not supported by the Citrix ShareFile backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Crypt
+
+Rclone `crypt` remotes encrypt and decrypt other remotes.
+
+A remote of type `crypt` does not access a [storage system](https://rclone.org/overview/)
+directly, but instead wraps another remote, which in turn accesses
+the storage system. This is similar to how [alias](https://rclone.org/alias/),
+[union](https://rclone.org/union/), [chunker](https://rclone.org/chunker/)
+and a few others work. It makes the usage very flexible, as you can
+add a layer, in this case an encryption layer, on top of any other
+backend, even in multiple layers. Rclone's functionality
+can be used as with any other remote, for example you can
+[mount](https://rclone.org/commands/rclone_mount/) a crypt remote.
 
-File names can also not end with the following characters.
-These only get replaced if they are the last character in the name:
+Accessing a storage system through a crypt remote realizes client-side
+encryption, which makes it safe to keep your data in a location you do
+not trust will not get compromised.
+When working against the `crypt` remote, rclone will automatically
+encrypt (before uploading) and decrypt (after downloading) on your local
+system as needed on the fly, leaving the data encrypted at rest in the
+wrapped remote. If you access the storage system using an application
+other than rclone, or access the wrapped remote directly using rclone,
+there will not be any encryption/decryption: Downloading existing content
+will just give you the encrypted (scrambled) format, and anything you
+upload will *not* become encrypted.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| SP        | 0x20  | ␠           |
+The encryption is a secret-key encryption (also called symmetric key encryption)
+algorithm, where a password (or pass phrase) is used to generate real encryption key.
+The password can be supplied by user, or you may chose to let rclone
+generate one. It will be stored in the configuration file, in a lightly obscured form.
+If you are in an environment where you are not able to keep your configuration
+secured, you should add
+[configuration encryption](https://rclone.org/docs/#configuration-encryption)
+as protection. As long as you have this configuration file, you will be able to
+decrypt your data. Without the configuration file, as long as you remember
+the password (or keep it in a safe place), you can re-create the configuration
+and gain access to the existing data. You may also configure a corresponding
+remote in a different installation to access the same data.
+See below for guidance to [changing password](#changing-password).
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+Encryption uses [cryptographic salt](https://en.wikipedia.org/wiki/Salt_(cryptography)),
+to permute the encryption key so that the same string may be encrypted in
+different ways. When configuring the crypt remote it is optional to enter a salt,
+or to let rclone generate a unique salt. If omitted, rclone uses a built-in unique string.
+Normally in cryptography, the salt is stored together with the encrypted content,
+and do not have to be memorized by the user. This is not the case in rclone,
+because rclone does not store any additional information on the remotes. Use of
+custom salt is effectively a second password that must be memorized.
 
-### Transfers
+[File content](#file-encryption) encryption is performed using
+[NaCl SecretBox](https://godoc.org/golang.org/x/crypto/nacl/secretbox),
+based on XSalsa20 cipher and Poly1305 for integrity.
+[Names](#name-encryption) (file- and directory names) are also encrypted
+by default, but this has some implications and is therefore
+possible to be turned off.
 
-For files above 50 MiB rclone will use a chunked transfer.  Rclone will
-upload up to `--transfers` chunks at the same time (shared among all
-the multipart uploads).  Chunks are buffered in memory and are
-normally 8 MiB so increasing `--transfers` will increase memory use.
+## Configuration
 
-### Deleting files
+Here is an example of how to make a remote called `secret`.
 
-Depending on the enterprise settings for your user, the item will
-either be actually deleted from Box or moved to the trash.
+To use `crypt`, first set up the underlying remote. Follow the
+`rclone config` instructions for the specific backend.
 
-Emptying the trash is supported via the rclone however cleanup command
-however this deletes every trashed file and folder individually so it
-may take a very long time. 
-Emptying the trash via the  WebUI does not have this limitation 
-so it is advised to empty the trash via the WebUI.
+Before configuring the crypt remote, check the underlying remote is
+working. In this example the underlying remote is called `remote`.
+We will configure a path `path` within this remote to contain the
+encrypted content. Anything inside `remote:path` will be encrypted
+and anything outside will not.
 
-### Root folder ID
+Configure `crypt` using `rclone config`. In this example the `crypt`
+remote is called `secret`, to differentiate it from the underlying
+`remote`.
 
-You can set the `root_folder_id` for rclone.  This is the directory
-(identified by its `Folder ID`) that rclone considers to be the root
-of your Box drive.
+When you are done you can use the crypt remote named `secret` just
+as you would with any other remote, e.g. `rclone copy D:\docs secret:\docs`,
+and rclone will encrypt and decrypt as needed on the fly.
+If you access the wrapped remote `remote:path` directly you will bypass
+the encryption, and anything you read will be in encrypted form, and
+anything you write will be unencrypted. To avoid issues it is best to
+configure a dedicated path for encrypted content, and access it
+exclusively through a crypt remote.
 
-Normally you will leave this blank and rclone will determine the
-correct root to use itself.
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> secret
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+[snip]
+XX / Encrypt/Decrypt a remote
+   \ "crypt"
+[snip]
+Storage> crypt
+** See help for crypt backend at: https://rclone.org/crypt/ **
 
-However you can set this to restrict rclone to a specific folder
-hierarchy.
+Remote to encrypt/decrypt.
+Normally should contain a ':' and a path, eg "myremote:path/to/dir",
+"myremote:bucket" or maybe "myremote:" (not recommended).
+Enter a string value. Press Enter for the default ("").
+remote> remote:path
+How to encrypt the filenames.
+Enter a string value. Press Enter for the default ("standard").
+Choose a number from below, or type in your own value.
+   / Encrypt the filenames.
+ 1 | See the docs for the details.
+   \ "standard"
+ 2 / Very simple filename obfuscation.
+   \ "obfuscate"
+   / Don't encrypt the file names.
+ 3 | Adds a ".bin" extension only.
+   \ "off"
+filename_encryption>
+Option to either encrypt directory names or leave them intact.
 
-In order to do this you will have to find the `Folder ID` of the
-directory you wish rclone to display.  This will be the last segment
-of the URL when you open the relevant folder in the Box web
-interface.
+NB If filename_encryption is "off" then this option will do nothing.
+Enter a boolean value (true or false). Press Enter for the default ("true").
+Choose a number from below, or type in your own value
+ 1 / Encrypt directory names.
+   \ "true"
+ 2 / Don't encrypt directory names, leave them intact.
+   \ "false"
+directory_name_encryption>
+Password or pass phrase for encryption.
+y) Yes type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Password or pass phrase for salt. Optional but recommended.
+Should be different to the previous password.
+y) Yes type in my own password
+g) Generate random password
+n) No leave this optional password blank (default)
+y/g/n> g
+Password strength in bits.
+64 is just about memorable
+128 is secure
+1024 is the maximum
+Bits> 128
+Your password is: JAsJvRcgR-_veXNfy_sGmQ
+Use this password? Please note that an obscured version of this
+password (and not the password itself) will be stored under your
+configuration file, so keep this generated password in a safe place.
+y) Yes (default)
+n) No
+y/n>
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n>
+Remote config
+--------------------
+[secret]
+type = crypt
+remote = remote:path
+password = *** ENCRYPTED ***
+password2 = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d>
+```
 
-So if the folder you want rclone to use has a URL which looks like
-`https://app.box.com/folder/11xxxxxxxxx8`
-in the browser, then you use `11xxxxxxxxx8` as
-the `root_folder_id` in the config.
+**Important** The crypt password stored in `rclone.conf` is lightly
+obscured. That only protects it from cursory inspection. It is not
+secure unless [configuration encryption](https://rclone.org/docs/#configuration-encryption) of `rclone.conf` is specified.
 
+A long passphrase is recommended, or `rclone config` can generate a
+random one.
 
-### Standard options
+The obscured password is created using AES-CTR with a static key. The
+salt is stored verbatim at the beginning of the obscured password. This
+static key is shared between all versions of rclone.
 
-Here are the Standard options specific to box (Box).
+If you reconfigure rclone with the same passwords/passphrases
+elsewhere it will be compatible, but the obscured version will be different
+due to the different salt.
 
-#### --box-client-id
+Rclone does not encrypt
 
-OAuth Client Id.
+  * file length - this can be calculated within 16 bytes
+  * modification time - used for syncing
 
-Leave blank normally.
+### Specifying the remote
 
-Properties:
+When configuring the remote to encrypt/decrypt, you may specify any
+string that rclone accepts as a source/destination of other commands.
 
-- Config:      client_id
-- Env Var:     RCLONE_BOX_CLIENT_ID
-- Type:        string
-- Required:    false
+The primary use case is to specify the path into an already configured
+remote (e.g. `remote:path/to/dir` or `remote:bucket`), such that
+data in a remote untrusted location can be stored encrypted.
 
-#### --box-client-secret
+You may also specify a local filesystem path, such as
+`/path/to/dir` on Linux, `C:\path\to\dir` on Windows. By creating
+a crypt remote pointing to such a local filesystem path, you can
+use rclone as a utility for pure local file encryption, for example
+to keep encrypted files on a removable USB drive.
 
-OAuth Client Secret.
+**Note**: A string which do not contain a `:` will by rclone be treated
+as a relative path in the local filesystem. For example, if you enter
+the name `remote` without the trailing `:`, it will be treated as
+a subdirectory of the current directory with name "remote".
 
-Leave blank normally.
+If a path `remote:path/to/dir` is specified, rclone stores encrypted
+files in `path/to/dir` on the remote. With file name encryption, files
+saved to `secret:subdir/subfile` are stored in the unencrypted path
+`path/to/dir` but the `subdir/subpath` element is encrypted.
 
-Properties:
+The path you specify does not have to exist, rclone will create
+it when needed.
 
-- Config:      client_secret
-- Env Var:     RCLONE_BOX_CLIENT_SECRET
-- Type:        string
-- Required:    false
+If you intend to use the wrapped remote both directly for keeping
+unencrypted content, as well as through a crypt remote for encrypted
+content, it is recommended to point the crypt remote to a separate
+directory within the wrapped remote. If you use a bucket-based storage
+system (e.g. Swift, S3, Google Compute Storage, B2) it is generally
+advisable to wrap the crypt remote around a specific bucket (`s3:bucket`).
+If wrapping around the entire root of the storage (`s3:`), and use the
+optional file name encryption, rclone will encrypt the bucket name.
 
-#### --box-box-config-file
+### Changing password
 
-Box App config.json location
+Should the password, or the configuration file containing a lightly obscured
+form of the password, be compromised, you need to re-encrypt your data with
+a new password. Since rclone uses secret-key encryption, where the encryption
+key is generated directly from the password kept on the client, it is not
+possible to change the password/key of already encrypted content. Just changing
+the password configured for an existing crypt remote means you will no longer
+able to decrypt any of the previously encrypted content. The only possibility
+is to re-upload everything via a crypt remote configured with your new password.
 
-Leave blank normally.
+Depending on the size of your data, your bandwidth, storage quota etc, there are
+different approaches you can take:
+- If you have everything in a different location, for example on your local system,
+you could remove all of the prior encrypted files, change the password for your
+configured crypt remote (or delete and re-create the crypt configuration),
+and then re-upload everything from the alternative location.
+- If you have enough space on the storage system you can create a new crypt
+remote pointing to a separate directory on the same backend, and then use
+rclone to copy everything from the original crypt remote to the new,
+effectively decrypting everything on the fly using the old password and
+re-encrypting using the new password. When done, delete the original crypt
+remote directory and finally the rclone crypt configuration with the old password.
+All data will be streamed from the storage system and back, so you will
+get half the bandwidth and be charged twice if you have upload and download quota
+on the storage system.
 
-Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
+**Note**: A security problem related to the random password generator
+was fixed in rclone version 1.53.3 (released 2020-11-19). Passwords generated
+by rclone config in version 1.49.0 (released 2019-08-26) to 1.53.2
+(released 2020-10-26) are not considered secure and should be changed.
+If you made up your own password, or used rclone version older than 1.49.0 or
+newer than 1.53.2 to generate it, you are *not* affected by this issue.
+See [issue #4783](https://github.com/rclone/rclone/issues/4783) for more
+details, and a tool you can use to check if you are affected.
 
-Properties:
+### Example
 
-- Config:      box_config_file
-- Env Var:     RCLONE_BOX_BOX_CONFIG_FILE
-- Type:        string
-- Required:    false
+Create the following file structure using "standard" file name
+encryption.
 
-#### --box-access-token
+```
+plaintext/
+├── file0.txt
+├── file1.txt
+└── subdir
+    ├── file2.txt
+    ├── file3.txt
+    └── subsubdir
+        └── file4.txt
+```
 
-Box App Primary Access Token
+Copy these to the remote, and list them
 
-Leave blank normally.
+```
+$ rclone -q copy plaintext secret:
+$ rclone -q ls secret:
+        7 file1.txt
+        6 file0.txt
+        8 subdir/file2.txt
+       10 subdir/subsubdir/file4.txt
+        9 subdir/file3.txt
+```
 
-Properties:
+The crypt remote looks like
 
-- Config:      access_token
-- Env Var:     RCLONE_BOX_ACCESS_TOKEN
-- Type:        string
-- Required:    false
+```
+$ rclone -q ls remote:path
+       55 hagjclgavj2mbiqm6u6cnjjqcg
+       54 v05749mltvv1tf4onltun46gls
+       57 86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo
+       58 86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
+       56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps
+```
 
-#### --box-box-sub-type
+The directory structure is preserved
 
+```
+$ rclone -q ls secret:subdir
+        8 file2.txt
+        9 file3.txt
+       10 subsubdir/file4.txt
+```
 
+Without file name encryption `.bin` extensions are added to underlying
+names. This prevents the cloud provider attempting to interpret file
+content.
 
-Properties:
+```
+$ rclone -q ls remote:path
+       54 file0.txt.bin
+       57 subdir/file3.txt.bin
+       56 subdir/file2.txt.bin
+       58 subdir/subsubdir/file4.txt.bin
+       55 file1.txt.bin
+```
 
-- Config:      box_sub_type
-- Env Var:     RCLONE_BOX_BOX_SUB_TYPE
-- Type:        string
-- Default:     "user"
-- Examples:
-    - "user"
-        - Rclone should act on behalf of a user.
-    - "enterprise"
-        - Rclone should act on behalf of a service account.
+### File name encryption modes
 
-### Advanced options
+Off
 
-Here are the Advanced options specific to box (Box).
+  * doesn't hide file names or directory structure
+  * allows for longer file names (~246 characters)
+  * can use sub paths and copy single files
 
-#### --box-token
+Standard
 
-OAuth Access Token as a JSON blob.
+  * file names encrypted
+  * file names can't be as long (~143 characters)
+  * can use sub paths and copy single files
+  * directory structure visible
+  * identical files names will have identical uploaded names
+  * can use shortcuts to shorten the directory recursion
 
-Properties:
+Obfuscation
 
-- Config:      token
-- Env Var:     RCLONE_BOX_TOKEN
-- Type:        string
-- Required:    false
+This is a simple "rotate" of the filename, with each file having a rot
+distance based on the filename. Rclone stores the distance at the
+beginning of the filename. A file called "hello" may become "53.jgnnq".
 
-#### --box-auth-url
+Obfuscation is not a strong encryption of filenames, but hinders
+automated scanning tools picking up on filename patterns. It is an
+intermediate between "off" and "standard" which allows for longer path
+segment names.
 
-Auth server URL.
+There is a possibility with some unicode based filenames that the
+obfuscation is weak and may map lower case characters to upper case
+equivalents.
 
-Leave blank to use the provider defaults.
+Obfuscation cannot be relied upon for strong protection.
 
-Properties:
+  * file names very lightly obfuscated
+  * file names can be longer than standard encryption
+  * can use sub paths and copy single files
+  * directory structure visible
+  * identical files names will have identical uploaded names
 
-- Config:      auth_url
-- Env Var:     RCLONE_BOX_AUTH_URL
-- Type:        string
-- Required:    false
+Cloud storage systems have limits on file name length and
+total path length which rclone is more likely to breach using
+"Standard" file name encryption.  Where file names are less than 156
+characters in length issues should not be encountered, irrespective of
+cloud storage provider.
 
-#### --box-token-url
+An experimental advanced option `filename_encoding` is now provided to
+address this problem to a certain degree.
+For cloud storage systems with case sensitive file names (e.g. Google Drive),
+`base64` can be used to reduce file name length. 
+For cloud storage systems using UTF-16 to store file names internally
+(e.g. OneDrive, Dropbox, Box), `base32768` can be used to drastically reduce
+file name length. 
 
-Token server url.
+An alternative, future rclone file name encryption mode may tolerate
+backend provider path length limits.
 
-Leave blank to use the provider defaults.
+### Directory name encryption
 
-Properties:
+Crypt offers the option of encrypting dir names or leaving them intact.
+There are two options:
 
-- Config:      token_url
-- Env Var:     RCLONE_BOX_TOKEN_URL
-- Type:        string
-- Required:    false
+True
 
-#### --box-root-folder-id
+Encrypts the whole file path including directory names
+Example:
+`1/12/123.txt` is encrypted to
+`p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0`
 
-Fill in for rclone to use a non root folder as its starting point.
+False
 
-Properties:
+Only encrypts file names, skips directory names
+Example:
+`1/12/123.txt` is encrypted to
+`1/12/qgm4avr35m5loi1th53ato71v0`
 
-- Config:      root_folder_id
-- Env Var:     RCLONE_BOX_ROOT_FOLDER_ID
-- Type:        string
-- Default:     "0"
 
-#### --box-upload-cutoff
+### Modification times and hashes
 
-Cutoff for switching to multipart upload (>= 50 MiB).
+Crypt stores modification times using the underlying remote so support
+depends on that.
 
-Properties:
+Hashes are not stored for crypt. However the data integrity is
+protected by an extremely strong crypto authenticator.
 
-- Config:      upload_cutoff
-- Env Var:     RCLONE_BOX_UPLOAD_CUTOFF
-- Type:        SizeSuffix
-- Default:     50Mi
+Use the `rclone cryptcheck` command to check the
+integrity of an encrypted remote instead of `rclone check` which can't
+check the checksums properly.
 
-#### --box-commit-retries
 
-Max number of times to try committing a multipart file.
+### Standard options
 
-Properties:
+Here are the Standard options specific to crypt (Encrypt/Decrypt a remote).
 
-- Config:      commit_retries
-- Env Var:     RCLONE_BOX_COMMIT_RETRIES
-- Type:        int
-- Default:     100
+#### --crypt-remote
 
-#### --box-list-chunk
+Remote to encrypt/decrypt.
 
-Size of listing chunk 1-1000.
+Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+"myremote:bucket" or maybe "myremote:" (not recommended).
 
 Properties:
 
-- Config:      list_chunk
-- Env Var:     RCLONE_BOX_LIST_CHUNK
-- Type:        int
-- Default:     1000
+- Config:      remote
+- Env Var:     RCLONE_CRYPT_REMOTE
+- Type:        string
+- Required:    true
 
-#### --box-owned-by
+#### --crypt-filename-encryption
 
-Only show items owned by the login (email address) passed in.
+How to encrypt the filenames.
 
 Properties:
 
-- Config:      owned_by
-- Env Var:     RCLONE_BOX_OWNED_BY
+- Config:      filename_encryption
+- Env Var:     RCLONE_CRYPT_FILENAME_ENCRYPTION
 - Type:        string
-- Required:    false
+- Default:     "standard"
+- Examples:
+    - "standard"
+        - Encrypt the filenames.
+        - See the docs for the details.
+    - "obfuscate"
+        - Very simple filename obfuscation.
+    - "off"
+        - Don't encrypt the file names.
+        - Adds a ".bin", or "suffix" extension only.
 
-#### --box-encoding
+#### --crypt-directory-name-encryption
 
-The encoding for the backend.
+Option to either encrypt directory names or leave them intact.
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+NB If filename_encryption is "off" then this option will do nothing.
 
 Properties:
 
-- Config:      encoding
-- Env Var:     RCLONE_BOX_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
-
-
-
-## Limitations
+- Config:      directory_name_encryption
+- Env Var:     RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
+- Type:        bool
+- Default:     true
+- Examples:
+    - "true"
+        - Encrypt directory names.
+    - "false"
+        - Don't encrypt directory names, leave them intact.
 
-Note that Box is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+#### --crypt-password
 
-Box file names can't have the `\` character in.  rclone maps this to
-and from an identical looking unicode equivalent `＼` (U+FF3C Fullwidth
-Reverse Solidus).
+Password or pass phrase for encryption.
 
-Box only supports filenames up to 255 characters in length.
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-Box has [API rate limits](https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/) that sometimes reduce the speed of rclone.
+Properties:
 
-`rclone about` is not supported by the Box backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+- Config:      password
+- Env Var:     RCLONE_CRYPT_PASSWORD
+- Type:        string
+- Required:    true
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+#### --crypt-password2
 
-#  Cache
+Password or pass phrase for salt.
 
-The `cache` remote wraps another existing remote and stores file structure
-and its data for long running tasks like `rclone mount`.
+Optional but recommended.
+Should be different to the previous password.
 
-## Status
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-The cache backend code is working but it currently doesn't
-have a maintainer so there are [outstanding bugs](https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug+label%3A%22Remote%3A+Cache%22) which aren't getting fixed.
+Properties:
 
-The cache backend is due to be phased out in favour of the VFS caching
-layer eventually which is more tightly integrated into rclone.
+- Config:      password2
+- Env Var:     RCLONE_CRYPT_PASSWORD2
+- Type:        string
+- Required:    false
 
-Until this happens we recommend only using the cache backend if you
-find you can't work without it. There are many docs online describing
-the use of the cache backend to minimize API hits and by-and-large
-these are out of date and the cache backend isn't needed in those
-scenarios any more.
+### Advanced options
 
-## Configuration
+Here are the Advanced options specific to crypt (Encrypt/Decrypt a remote).
 
-To get started you just need to have an existing remote which can be configured
-with `cache`.
+#### --crypt-server-side-across-configs
 
-Here is an example of how to make a remote called `test-cache`.  First run:
+Deprecated: use --server-side-across-configs instead.
 
-     rclone config
+Allow server-side operations (e.g. copy) to work across different crypt configs.
 
-This will guide you through an interactive setup process:
+Normally this option is not what you want, but if you have two crypts
+pointing to the same backend you can use it.
 
-```
-No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> test-cache
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Cache a remote
-   \ "cache"
-[snip]
-Storage> cache
-Remote to cache.
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
-remote> local:/test
-Optional: The URL of the Plex server
-plex_url> http://127.0.0.1:32400
-Optional: The username of the Plex user
-plex_username> dummyusername
-Optional: The password of the Plex user
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n> y
-Enter the password:
-password:
-Confirm the password:
-password:
-The size of a chunk. Lower value good for slow connections but can affect seamless reading.
-Default: 5M
-Choose a number from below, or type in your own value
- 1 / 1 MiB
-   \ "1M"
- 2 / 5 MiB
-   \ "5M"
- 3 / 10 MiB
-   \ "10M"
-chunk_size> 2
-How much time should object info (file size, file hashes, etc.) be stored in cache. Use a very high value if you don't plan on changing the source FS from outside the cache.
-Accepted units are: "s", "m", "h".
-Default: 5m
-Choose a number from below, or type in your own value
- 1 / 1 hour
-   \ "1h"
- 2 / 24 hours
-   \ "24h"
- 3 / 24 hours
-   \ "48h"
-info_age> 2
-The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted.
-Default: 10G
-Choose a number from below, or type in your own value
- 1 / 500 MiB
-   \ "500M"
- 2 / 1 GiB
-   \ "1G"
- 3 / 10 GiB
-   \ "10G"
-chunk_total_size> 3
-Remote config
---------------------
-[test-cache]
-remote = local:/test
-plex_url = http://127.0.0.1:32400
-plex_username = dummyusername
-plex_password = *** ENCRYPTED ***
-chunk_size = 5M
-info_age = 48h
-chunk_total_size = 10G
-```
+This can be used, for example, to change file name encryption type
+without re-uploading all the data. Just make two crypt backends
+pointing to two different directories with the single changed
+parameter and use rclone move to move the files between the crypt
+remotes.
 
-You can then use it like this,
+Properties:
 
-List directories in top level of your drive
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
 
-    rclone lsd test-cache:
+#### --crypt-show-mapping
 
-List all the files in your drive
+For all files listed show how the names encrypt.
 
-    rclone ls test-cache:
+If this flag is set then for each file that the remote is asked to
+list, it will log (at level INFO) a line stating the decrypted file
+name and the encrypted file name.
 
-To start a cached mount
+This is so you can work out which encrypted names are which decrypted
+names just in case you need to do something with the encrypted file
+names, or for debugging purposes.
 
-    rclone mount --allow-other test-cache: /var/tmp/test-cache
+Properties:
 
-### Write Features ###
+- Config:      show_mapping
+- Env Var:     RCLONE_CRYPT_SHOW_MAPPING
+- Type:        bool
+- Default:     false
 
-### Offline uploading ###
+#### --crypt-no-data-encryption
 
-In an effort to make writing through cache more reliable, the backend 
-now supports this feature which can be activated by specifying a
-`cache-tmp-upload-path`.
+Option to either encrypt file data or leave it unencrypted.
 
-A files goes through these states when using this feature:
+Properties:
 
-1. An upload is started (usually by copying a file on the cache remote)
-2. When the copy to the temporary location is complete the file is part 
-of the cached remote and looks and behaves like any other file (reading included)
-3. After `cache-tmp-wait-time` passes and the file is next in line, `rclone move` 
-is used to move the file to the cloud provider
-4. Reading the file still works during the upload but most modifications on it will be prohibited
-5. Once the move is complete the file is unlocked for modifications as it
-becomes as any other regular file
-6. If the file is being read through `cache` when it's actually
-deleted from the temporary path then `cache` will simply swap the source
-to the cloud provider without interrupting the reading (small blip can happen though)
+- Config:      no_data_encryption
+- Env Var:     RCLONE_CRYPT_NO_DATA_ENCRYPTION
+- Type:        bool
+- Default:     false
+- Examples:
+    - "true"
+        - Don't encrypt file data, leave it unencrypted.
+    - "false"
+        - Encrypt file data.
 
-Files are uploaded in sequence and only one file is uploaded at a time.
-Uploads will be stored in a queue and be processed based on the order they were added.
-The queue and the temporary storage is persistent across restarts but
-can be cleared on startup with the `--cache-db-purge` flag.
+#### --crypt-pass-bad-blocks
 
-### Write Support ###
+If set this will pass bad blocks through as all 0.
 
-Writes are supported through `cache`.
-One caveat is that a mounted cache remote does not add any retry or fallback
-mechanism to the upload operation. This will depend on the implementation
-of the wrapped remote. Consider using `Offline uploading` for reliable writes.
+This should not be set in normal operation, it should only be set if
+trying to recover an encrypted file with errors and it is desired to
+recover as much of the file as possible.
 
-One special case is covered with `cache-writes` which will cache the file
-data at the same time as the upload when it is enabled making it available
-from the cache store immediately once the upload is finished.
+Properties:
 
-### Read Features ###
+- Config:      pass_bad_blocks
+- Env Var:     RCLONE_CRYPT_PASS_BAD_BLOCKS
+- Type:        bool
+- Default:     false
 
-#### Multiple connections ####
+#### --crypt-filename-encoding
 
-To counter the high latency between a local PC where rclone is running
-and cloud providers, the cache remote can split multiple requests to the
-cloud provider for smaller file chunks and combines them together locally
-where they can be available almost immediately before the reader usually
-needs them.
+How to encode the encrypted filename to text string.
 
-This is similar to buffering when media files are played online. Rclone
-will stay around the current marker but always try its best to stay ahead
-and prepare the data before.
+This option could help with shortening the encrypted filename. The 
+suitable option would depend on the way your remote count the filename
+length and if it's case sensitive.
 
-#### Plex Integration ####
+Properties:
 
-There is a direct integration with Plex which allows cache to detect during reading
-if the file is in playback or not. This helps cache to adapt how it queries
-the cloud provider depending on what is needed for.
+- Config:      filename_encoding
+- Env Var:     RCLONE_CRYPT_FILENAME_ENCODING
+- Type:        string
+- Default:     "base32"
+- Examples:
+    - "base32"
+        - Encode using base32. Suitable for all remote.
+    - "base64"
+        - Encode using base64. Suitable for case sensitive remote.
+    - "base32768"
+        - Encode using base32768. Suitable if your remote counts UTF-16 or
+        - Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive, Dropbox)
 
-Scans will have a minimum amount of workers (1) while in a confirmed playback cache
-will deploy the configured number of workers.
+#### --crypt-suffix
 
-This integration opens the doorway to additional performance improvements
-which will be explored in the near future.
+If this is set it will override the default suffix of ".bin".
 
-**Note:** If Plex options are not configured, `cache` will function with its
-configured options without adapting any of its settings.
+Setting suffix to "none" will result in an empty suffix. This may be useful 
+when the path length is critical.
 
-How to enable? Run `rclone config` and add all the Plex options (endpoint, username
-and password) in your remote and it will be automatically enabled.
+Properties:
 
-Affected settings:
-- `cache-workers`: _Configured value_ during confirmed playback or _1_ all the other times
+- Config:      suffix
+- Env Var:     RCLONE_CRYPT_SUFFIX
+- Type:        string
+- Default:     ".bin"
 
-##### Certificate Validation #####
+### Metadata
 
-When the Plex server is configured to only accept secure connections, it is
-possible to use `.plex.direct` URLs to ensure certificate validation succeeds.
-These URLs are used by Plex internally to connect to the Plex server securely.
+Any metadata supported by the underlying remote is read and written.
 
-The format for these URLs is the following:
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-`https://ip-with-dots-replaced.server-hash.plex.direct:32400/`
+## Backend commands
 
-The `ip-with-dots-replaced` part can be any IPv4 address, where the dots
-have been replaced with dashes, e.g. `127.0.0.1` becomes `127-0-0-1`.
+Here are the commands specific to the crypt backend.
 
-To get the `server-hash` part, the easiest way is to visit
+Run them with
 
-https://plex.tv/api/resources?includeHttps=1&X-Plex-Token=your-plex-token
+    rclone backend COMMAND remote:
 
-This page will list all the available Plex servers for your account
-with at least one `.plex.direct` link for each. Copy one URL and replace
-the IP address with the desired address. This can be used as the
-`plex_url` value.
+The help below will explain what arguments each command takes.
 
-### Known issues ###
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
 
-#### Mount and --dir-cache-time ####
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
 
---dir-cache-time controls the first layer of directory caching which works at the mount layer.
-Being an independent caching mechanism from the `cache` backend, it will manage its own entries
-based on the configured time.
+### encode
 
-To avoid getting in a scenario where dir cache has obsolete data and cache would have the correct
-one, try to set `--dir-cache-time` to a lower time than `--cache-info-age`. Default values are
-already configured in this way. 
+Encode the given filename(s)
 
-#### Windows support - Experimental ####
+    rclone backend encode remote: [options] [<arguments>+]
 
-There are a couple of issues with Windows `mount` functionality that still require some investigations.
-It should be considered as experimental thus far as fixes come in for this OS.
+This encodes the filenames given as arguments returning a list of
+strings of the encoded results.
 
-Most of the issues seem to be related to the difference between filesystems
-on Linux flavors and Windows as cache is heavily dependent on them.
+Usage Example:
 
-Any reports or feedback on how cache behaves on this OS is greatly appreciated.
- 
-- https://github.com/rclone/rclone/issues/1935
-- https://github.com/rclone/rclone/issues/1907
-- https://github.com/rclone/rclone/issues/1834 
+    rclone backend encode crypt: file1 [file2...]
+    rclone rc backend/command command=encode fs=crypt: file1 [file2...]
 
-#### Risk of throttling ####
 
-Future iterations of the cache backend will make use of the pooling functionality
-of the cloud provider to synchronize and at the same time make writing through it
-more tolerant to failures. 
+### decode
 
-There are a couple of enhancements in track to add these but in the meantime
-there is a valid concern that the expiring cache listings can lead to cloud provider
-throttles or bans due to repeated queries on it for very large mounts.
+Decode the given filename(s)
 
-Some recommendations:
-- don't use a very small interval for entry information (`--cache-info-age`)
-- while writes aren't yet optimised, you can still write through `cache` which gives you the advantage
-of adding the file in the cache at the same time if configured to do so.
+    rclone backend decode remote: [options] [<arguments>+]
 
-Future enhancements:
+This decodes the filenames given as arguments returning a list of
+strings of the decoded results. It will return an error if any of the
+inputs are invalid.
 
-- https://github.com/rclone/rclone/issues/1937
-- https://github.com/rclone/rclone/issues/1936 
+Usage Example:
 
-#### cache and crypt ####
+    rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
+    rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
 
-One common scenario is to keep your data encrypted in the cloud provider
-using the `crypt` remote. `crypt` uses a similar technique to wrap around
-an existing remote and handles this translation in a seamless way.
 
-There is an issue with wrapping the remotes in this order:
-**cloud remote** -> **crypt** -> **cache**
 
-During testing, I experienced a lot of bans with the remotes in this order.
-I suspect it might be related to how crypt opens files on the cloud provider
-which makes it think we're downloading the full file instead of small chunks.
-Organizing the remotes in this order yields better results:
-**cloud remote** -> **cache** -> **crypt**
 
-#### absolute remote paths ####
+## Backing up an encrypted remote
 
-`cache` can not differentiate between relative and absolute paths for the wrapped remote.
-Any path given in the `remote` config setting and on the command line will be passed to
-the wrapped remote as is, but for storing the chunks on disk the path will be made
-relative by removing any leading `/` character.
+If you wish to backup an encrypted remote, it is recommended that you use
+`rclone sync` on the encrypted files, and make sure the passwords are
+the same in the new encrypted remote.
 
-This behavior is irrelevant for most backend types, but there are backends where a leading `/`
-changes the effective directory, e.g. in the `sftp` backend paths starting with a `/` are
-relative to the root of the SSH server and paths without are relative to the user home directory.
-As a result `sftp:bin` and `sftp:/bin` will share the same cache folder, even if they represent
-a different directory on the SSH server.
+This will have the following advantages
 
-### Cache and Remote Control (--rc) ###
-Cache supports the new `--rc` mode in rclone and can be remote controlled through the following end points:
-By default, the listener is disabled if you do not add the flag.
+  * `rclone sync` will check the checksums while copying
+  * you can use `rclone check` between the encrypted remotes
+  * you don't decrypt and encrypt unnecessarily
 
-### rc cache/expire
-Purge a remote from the cache backend. Supports either a directory or a file.
-It supports both encrypted and unencrypted file names if cache is wrapped by crypt.
+For example, let's say you have your original remote at `remote:` with
+the encrypted version at `eremote:` with path `remote:crypt`.  You
+would then set up the new remote `remote2:` and then the encrypted
+version `eremote2:` with path `remote2:crypt` using the same passwords
+as `eremote:`.
 
-Params:
-  - **remote** = path to remote **(required)**
-  - **withData** = true/false to delete cached data (chunks) as well _(optional, false by default)_
+To sync the two remotes you would do
 
+    rclone sync --interactive remote:crypt remote2:crypt
 
-### Standard options
+And to check the integrity you would do
 
-Here are the Standard options specific to cache (Cache a remote).
+    rclone check remote:crypt remote2:crypt
 
-#### --cache-remote
+## File formats
 
-Remote to cache.
+### File encryption
 
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
+Files are encrypted 1:1 source file to destination object.  The file
+has a header and is divided into chunks.
 
-Properties:
+#### Header
 
-- Config:      remote
-- Env Var:     RCLONE_CACHE_REMOTE
-- Type:        string
-- Required:    true
+  * 8 bytes magic string `RCLONE\x00\x00`
+  * 24 bytes Nonce (IV)
 
-#### --cache-plex-url
+The initial nonce is generated from the operating systems crypto
+strong random number generator.  The nonce is incremented for each
+chunk read making sure each nonce is unique for each block written.
+The chance of a nonce being reused is minuscule.  If you wrote an
+exabyte of data (10¹⁸ bytes) you would have a probability of
+approximately 2×10⁻³² of re-using a nonce.
 
-The URL of the Plex server.
+#### Chunk
 
-Properties:
+Each chunk will contain 64 KiB of data, except for the last one which
+may have less data. The data chunk is in standard NaCl SecretBox
+format. SecretBox uses XSalsa20 and Poly1305 to encrypt and
+authenticate messages.
 
-- Config:      plex_url
-- Env Var:     RCLONE_CACHE_PLEX_URL
-- Type:        string
-- Required:    false
+Each chunk contains:
 
-#### --cache-plex-username
+  * 16 Bytes of Poly1305 authenticator
+  * 1 - 65536 bytes XSalsa20 encrypted data
 
-The username of the Plex user.
+64k chunk size was chosen as the best performing chunk size (the
+authenticator takes too much time below this and the performance drops
+off due to cache effects above this).  Note that these chunks are
+buffered in memory so they can't be too big.
 
-Properties:
+This uses a 32 byte (256 bit key) key derived from the user password.
 
-- Config:      plex_username
-- Env Var:     RCLONE_CACHE_PLEX_USERNAME
-- Type:        string
-- Required:    false
+#### Examples
 
-#### --cache-plex-password
+1 byte file will encrypt to
 
-The password of the Plex user.
+  * 32 bytes header
+  * 17 bytes data chunk
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+49 bytes total
 
-Properties:
+1 MiB (1048576 bytes) file will encrypt to
 
-- Config:      plex_password
-- Env Var:     RCLONE_CACHE_PLEX_PASSWORD
-- Type:        string
-- Required:    false
+  * 32 bytes header
+  * 16 chunks of 65568 bytes
 
-#### --cache-chunk-size
+1049120 bytes total (a 0.05% overhead). This is the overhead for big
+files.
 
-The size of a chunk (partial file data).
+### Name encryption
 
-Use lower numbers for slower connections. If the chunk size is
-changed, any downloaded chunks will be invalid and cache-chunk-path
-will need to be cleared or unexpected EOF errors will occur.
+File names are encrypted segment by segment - the path is broken up
+into `/` separated strings and these are encrypted individually.
 
-Properties:
+File segments are padded using PKCS#7 to a multiple of 16 bytes
+before encryption.
 
-- Config:      chunk_size
-- Env Var:     RCLONE_CACHE_CHUNK_SIZE
-- Type:        SizeSuffix
-- Default:     5Mi
-- Examples:
-    - "1M"
-        - 1 MiB
-    - "5M"
-        - 5 MiB
-    - "10M"
-        - 10 MiB
+They are then encrypted with EME using AES with 256 bit key. EME
+(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
+paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway.
 
-#### --cache-info-age
+This makes for deterministic encryption which is what we want - the
+same filename must encrypt to the same thing otherwise we can't find
+it on the cloud storage system.
 
-How long to cache file structure information (directory listings, file size, times, etc.). 
-If all write operations are done through the cache then you can safely make
-this value very large as the cache store will also be updated in real time.
+This means that
 
-Properties:
+  * filenames with the same name will encrypt the same
+  * filenames which start the same won't have a common prefix
 
-- Config:      info_age
-- Env Var:     RCLONE_CACHE_INFO_AGE
-- Type:        Duration
-- Default:     6h0m0s
-- Examples:
-    - "1h"
-        - 1 hour
-    - "24h"
-        - 24 hours
-    - "48h"
-        - 48 hours
+This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of
+which are derived from the user password.
 
-#### --cache-chunk-total-size
+After encryption they are written out using a modified version of
+standard `base32` encoding as described in RFC4648.  The standard
+encoding is modified in two ways:
 
-The total size that the chunks can take up on the local disk.
+  * it becomes lower case (no-one likes upper case filenames!)
+  * we strip the padding character `=`
 
-If the cache exceeds this value then it will start to delete the
-oldest chunks until it goes under this value.
+`base32` is used rather than the more efficient `base64` so rclone can be
+used on case insensitive remotes (e.g. Windows, Amazon Drive).
 
-Properties:
+### Key derivation
 
-- Config:      chunk_total_size
-- Env Var:     RCLONE_CACHE_CHUNK_TOTAL_SIZE
-- Type:        SizeSuffix
-- Default:     10Gi
-- Examples:
-    - "500M"
-        - 500 MiB
-    - "1G"
-        - 1 GiB
-    - "10G"
-        - 10 GiB
+Rclone uses `scrypt` with parameters `N=16384, r=8, p=1` with an
+optional user supplied salt (password2) to derive the 32+32+16 = 80
+bytes of key material required.  If the user doesn't supply a salt
+then rclone uses an internal one.
 
-### Advanced options
+`scrypt` makes it impractical to mount a dictionary attack on rclone
+encrypted data.  For full protection against this you should always use
+a salt.
 
-Here are the Advanced options specific to cache (Cache a remote).
+## SEE ALSO
 
-#### --cache-plex-token
+* [rclone cryptdecode](https://rclone.org/commands/rclone_cryptdecode/)    - Show forward/reverse mapping of encrypted filenames
 
-The plex token for authentication - auto set normally.
+#  Compress
 
-Properties:
+## Warning
 
-- Config:      plex_token
-- Env Var:     RCLONE_CACHE_PLEX_TOKEN
-- Type:        string
-- Required:    false
+This remote is currently **experimental**. Things may break and data may be lost. Anything you do with this remote is
+at your own risk. Please understand the risks associated with using experimental code and don't use this remote in
+critical applications.
 
-#### --cache-plex-insecure
+The `Compress` remote adds compression to another remote. It is best used with remotes containing
+many large compressible files.
 
-Skip all certificate verification when connecting to the Plex server.
+## Configuration
 
-Properties:
+To use this remote, all you need to do is specify another remote and a compression mode to use:
 
-- Config:      plex_insecure
-- Env Var:     RCLONE_CACHE_PLEX_INSECURE
-- Type:        string
-- Required:    false
+```
+Current remotes:
 
-#### --cache-db-path
+Name                 Type
+====                 ====
+remote_to_press      sometype
 
-Directory to store file structure metadata DB.
+e) Edit existing remote
+$ rclone config
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> n
+name> compress
+...
+ 8 / Compress a remote
+   \ "compress"
+...
+Storage> compress
+** See help for compress backend at: https://rclone.org/compress/ **
 
-The remote name is used as the DB file name.
+Remote to compress.
+Enter a string value. Press Enter for the default ("").
+remote> remote_to_press:subdir 
+Compression mode.
+Enter a string value. Press Enter for the default ("gzip").
+Choose a number from below, or type in your own value
+ 1 / Gzip compression balanced for speed and compression strength.
+   \ "gzip"
+compression_mode> gzip
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[compress]
+type = compress
+remote = remote_to_press:subdir
+compression_mode = gzip
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-Properties:
+### Compression Modes
 
-- Config:      db_path
-- Env Var:     RCLONE_CACHE_DB_PATH
-- Type:        string
-- Default:     "$HOME/.cache/rclone/cache-backend"
+Currently only gzip compression is supported. It provides a decent balance between speed and size and is well
+supported by other applications. Compression strength can further be configured via an advanced setting where 0 is no
+compression and 9 is strongest compression.
 
-#### --cache-chunk-path
+### File types
 
-Directory to cache chunk files.
+If you open a remote wrapped by compress, you will see that there are many files with an extension corresponding to
+the compression algorithm you chose. These files are standard files that can be opened by various archive programs, 
+but they have some hidden metadata that allows them to be used by rclone.
+While you may download and decompress these files at will, do **not** manually delete or rename files. Files without
+correct metadata files will not be recognized by rclone.
 
-Path to where partial file data (chunks) are stored locally. The remote
-name is appended to the final path.
+### File names
 
-This config follows the "--cache-db-path". If you specify a custom
-location for "--cache-db-path" and don't specify one for "--cache-chunk-path"
-then "--cache-chunk-path" will use the same path as "--cache-db-path".
+The compressed files will be named `*.###########.gz` where `*` is the base file and the `#` part is base64 encoded 
+size of the uncompressed file. The file names should not be changed by anything other than the rclone compression backend.
 
-Properties:
 
-- Config:      chunk_path
-- Env Var:     RCLONE_CACHE_CHUNK_PATH
-- Type:        string
-- Default:     "$HOME/.cache/rclone/cache-backend"
+### Standard options
 
-#### --cache-db-purge
+Here are the Standard options specific to compress (Compress a remote).
 
-Clear all the cached data for this remote on start.
+#### --compress-remote
 
-Properties:
+Remote to compress.
 
-- Config:      db_purge
-- Env Var:     RCLONE_CACHE_DB_PURGE
-- Type:        bool
-- Default:     false
+Properties:
 
-#### --cache-chunk-clean-interval
+- Config:      remote
+- Env Var:     RCLONE_COMPRESS_REMOTE
+- Type:        string
+- Required:    true
 
-How often should the cache perform cleanups of the chunk storage.
+#### --compress-mode
 
-The default value should be ok for most people. If you find that the
-cache goes over "cache-chunk-total-size" too often then try to lower
-this value to force it to perform cleanups more often.
+Compression mode.
 
 Properties:
 
-- Config:      chunk_clean_interval
-- Env Var:     RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
-- Type:        Duration
-- Default:     1m0s
+- Config:      mode
+- Env Var:     RCLONE_COMPRESS_MODE
+- Type:        string
+- Default:     "gzip"
+- Examples:
+    - "gzip"
+        - Standard gzip compression with fastest parameters.
 
-#### --cache-read-retries
+### Advanced options
 
-How many times to retry a read from a cache storage.
+Here are the Advanced options specific to compress (Compress a remote).
 
-Since reading from a cache stream is independent from downloading file
-data, readers can get to a point where there's no more data in the
-cache.  Most of the times this can indicate a connectivity issue if
-cache isn't able to provide file data anymore.
+#### --compress-level
 
-For really slow connections, increase this to a point where the stream is
-able to provide data but your experience will be very stuttering.
+GZIP compression level (-2 to 9).
+
+Generally -1 (default, equivalent to 5) is recommended.
+Levels 1 to 9 increase compression at the cost of speed. Going past 6 
+generally offers very little return.
+
+Level -2 uses Huffman encoding only. Only use if you know what you
+are doing.
+Level 0 turns off compression.
 
 Properties:
 
-- Config:      read_retries
-- Env Var:     RCLONE_CACHE_READ_RETRIES
+- Config:      level
+- Env Var:     RCLONE_COMPRESS_LEVEL
 - Type:        int
-- Default:     10
-
-#### --cache-workers
+- Default:     -1
 
-How many workers should run in parallel to download chunks.
+#### --compress-ram-cache-limit
 
-Higher values will mean more parallel processing (better CPU needed)
-and more concurrent requests on the cloud provider.  This impacts
-several aspects like the cloud provider API limits, more stress on the
-hardware that rclone runs on but it also means that streams will be
-more fluid and data will be available much more faster to readers.
+Some remotes don't allow the upload of files with unknown size.
+In this case the compressed file will need to be cached to determine
+it's size.
 
-**Note**: If the optional Plex integration is enabled then this
-setting will adapt to the type of reading performed and the value
-specified here will be used as a maximum number of workers to use.
+Files smaller than this limit will be cached in RAM, files larger than 
+this limit will be cached on disk.
 
 Properties:
 
-- Config:      workers
-- Env Var:     RCLONE_CACHE_WORKERS
-- Type:        int
-- Default:     4
+- Config:      ram_cache_limit
+- Env Var:     RCLONE_COMPRESS_RAM_CACHE_LIMIT
+- Type:        SizeSuffix
+- Default:     20Mi
 
-#### --cache-chunk-no-memory
+### Metadata
 
-Disable the in-memory cache for storing chunks during streaming.
+Any metadata supported by the underlying remote is read and written.
 
-By default, cache will keep file data during streaming in RAM as well
-to provide it to readers as fast as possible.
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-This transient data is evicted as soon as it is read and the number of
-chunks stored doesn't exceed the number of workers. However, depending
-on other settings like "cache-chunk-size" and "cache-workers" this footprint
-can increase if there are parallel streams too (multiple files being read
-at the same time).
 
-If the hardware permits it, use this feature to provide an overall better
-performance during streaming but it can also be disabled if RAM is not
-available on the local machine.
 
-Properties:
+#  Combine
 
-- Config:      chunk_no_memory
-- Env Var:     RCLONE_CACHE_CHUNK_NO_MEMORY
-- Type:        bool
-- Default:     false
+The `combine` backend joins remotes together into a single directory
+tree.
 
-#### --cache-rps
+For example you might have a remote for images on one provider:
 
-Limits the number of requests per second to the source FS (-1 to disable).
+```
+$ rclone tree s3:imagesbucket
+/
+├── image1.jpg
+└── image2.jpg
+```
 
-This setting places a hard limit on the number of requests per second
-that cache will be doing to the cloud provider remote and try to
-respect that value by setting waits between reads.
+And a remote for files on another:
 
-If you find that you're getting banned or limited on the cloud
-provider through cache and know that a smaller number of requests per
-second will allow you to work with it then you can use this setting
-for that.
+```
+$ rclone tree drive:important/files
+/
+├── file1.txt
+└── file2.txt
+```
 
-A good balance of all the other settings should make this setting
-useless but it is available to set for more special cases.
+The `combine` backend can join these together into a synthetic
+directory structure like this:
 
-**NOTE**: This will limit the number of requests during streams but
-other API calls to the cloud provider like directory listings will
-still pass.
+```
+$ rclone tree combined:
+/
+├── files
+│   ├── file1.txt
+│   └── file2.txt
+└── images
+    ├── image1.jpg
+    └── image2.jpg
+```
 
-Properties:
+You'd do this by specifying an `upstreams` parameter in the config
+like this
 
-- Config:      rps
-- Env Var:     RCLONE_CACHE_RPS
-- Type:        int
-- Default:     -1
+    upstreams = images=s3:imagesbucket files=drive:important/files
 
-#### --cache-writes
+During the initial setup with `rclone config` you will specify the
+upstreams remotes as a space separated list. The upstream remotes can
+either be a local paths or other remotes.
 
-Cache file data on writes through the FS.
+## Configuration
 
-If you need to read files immediately after you upload them through
-cache you can enable this flag to have their data stored in the
-cache store at the same time during upload.
+Here is an example of how to make a combine called `remote` for the
+example above. First run:
 
-Properties:
+     rclone config
 
-- Config:      writes
-- Env Var:     RCLONE_CACHE_WRITES
-- Type:        bool
-- Default:     false
+This will guide you through an interactive setup process:
 
-#### --cache-tmp-upload-path
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+...
+XX / Combine several remotes into one
+   \ (combine)
+...
+Storage> combine
+Option upstreams.
+Upstreams for combining
+These should be in the form
+    dir=remote:path dir2=remote2:path
+Where before the = is specified the root directory and after is the remote to
+put there.
+Embedded spaces can be added using quotes
+    "dir=remote:path with space" "dir2=remote2:path with space"
+Enter a fs.SpaceSepList value.
+upstreams> images=s3:imagesbucket files=drive:important/files
+--------------------
+[remote]
+type = combine
+upstreams = images=s3:imagesbucket files=drive:important/files
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-Directory to keep temporary files until they are uploaded.
+### Configuring for Google Drive Shared Drives
 
-This is the path where cache will use as a temporary storage for new
-files that need to be uploaded to the cloud provider.
+Rclone has a convenience feature for making a combine backend for all
+the shared drives you have access to.
 
-Specifying a value will enable this feature. Without it, it is
-completely disabled and files will be uploaded directly to the cloud
-provider
+Assuming your main (non shared drive) Google drive remote is called
+`drive:` you would run
 
-Properties:
+    rclone backend -o config drives drive:
 
-- Config:      tmp_upload_path
-- Env Var:     RCLONE_CACHE_TMP_UPLOAD_PATH
-- Type:        string
-- Required:    false
+This would produce something like this:
 
-#### --cache-tmp-wait-time
+    [My Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
 
-How long should files be stored in local cache before being uploaded.
+    [Test Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
 
-This is the duration that a file must wait in the temporary location
-_cache-tmp-upload-path_ before it is selected for upload.
+    [AllDrives]
+    type = combine
+    upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
 
-Note that only one file is uploaded at a time and it can take longer
-to start the upload if a queue formed for this purpose.
+If you then add that config to your config file (find it with `rclone
+config file`) then you can access all the shared drives in one place
+with the `AllDrives:` remote.
 
-Properties:
+See [the Google Drive docs](https://rclone.org/drive/#drives) for full info.
 
-- Config:      tmp_wait_time
-- Env Var:     RCLONE_CACHE_TMP_WAIT_TIME
-- Type:        Duration
-- Default:     15s
 
-#### --cache-db-wait-time
+### Standard options
 
-How long to wait for the DB to be available - 0 is unlimited.
+Here are the Standard options specific to combine (Combine several remotes into one).
 
-Only one process can have the DB open at any one time, so rclone waits
-for this duration for the DB to become available before it gives an
-error.
+#### --combine-upstreams
 
-If you set it to 0 then it will wait forever.
+Upstreams for combining
 
-Properties:
+These should be in the form
 
-- Config:      db_wait_time
-- Env Var:     RCLONE_CACHE_DB_WAIT_TIME
-- Type:        Duration
-- Default:     1s
+    dir=remote:path dir2=remote2:path
 
-## Backend commands
+Where before the = is specified the root directory and after is the remote to
+put there.
 
-Here are the commands specific to the cache backend.
+Embedded spaces can be added using quotes
 
-Run them with
+    "dir=remote:path with space" "dir2=remote2:path with space"
 
-    rclone backend COMMAND remote:
 
-The help below will explain what arguments each command takes.
 
-See the [backend](https://rclone.org/commands/rclone_backend/) command for more
-info on how to pass options and arguments.
+Properties:
 
-These can be run on a running backend using the rc command
-[backend/command](https://rclone.org/rc/#backend-command).
+- Config:      upstreams
+- Env Var:     RCLONE_COMBINE_UPSTREAMS
+- Type:        SpaceSepList
+- Default:     
 
-### stats
+### Metadata
 
-Print stats on the cache backend in JSON format.
+Any metadata supported by the underlying remote is read and written.
 
-    rclone backend stats remote: [options] [<arguments>+]
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
 
 
-#  Chunker
+#  Dropbox
 
-The `chunker` overlay transparently splits large files into smaller chunks
-during upload to wrapped remote and transparently assembles them back
-when the file is downloaded. This allows to effectively overcome size limits
-imposed by storage providers.
+Paths are specified as `remote:path`
+
+Dropbox paths may be as deep as required, e.g.
+`remote:directory/subdirectory`.
 
 ## Configuration
 
-To use it, first set up the underlying remote following the configuration
-instructions for that remote. You can also use a local pathname instead of
-a remote.
+The initial setup for dropbox involves getting a token from Dropbox
+which you need to do in your browser.  `rclone config` walks you
+through it.
 
-First check your chosen remote is working - we'll call it `remote:path` here.
-Note that anything inside `remote:path` will be chunked and anything outside
-won't. This means that if you are using a bucket-based remote (e.g. S3, B2, swift)
-then you should probably put the bucket in the remote `s3:bucket`.
+Here is an example of how to make a remote called `remote`.  First run:
 
-Now configure `chunker` using `rclone config`. We will call this one `overlay`
-to separate it from the `remote` itself.
+     rclone config
+
+This will guide you through an interactive setup process:
 
 ```
-No remotes found, make a new one?
 n) New remote
-s) Set configuration password
+d) Delete remote
 q) Quit config
-n/s/q> n
-name> overlay
+e/n/d/q> n
+name> remote
 Type of storage to configure.
 Choose a number from below, or type in your own value
 [snip]
-XX / Transparently chunk/split large files
-   \ "chunker"
+XX / Dropbox
+   \ "dropbox"
 [snip]
-Storage> chunker
-Remote to chunk/unchunk.
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
-Enter a string value. Press Enter for the default ("").
-remote> remote:path
-Files larger than chunk size will be split in chunks.
-Enter a size with suffix K,M,G,T. Press Enter for the default ("2G").
-chunk_size> 100M
-Choose how chunker handles hash sums. All modes but "none" require metadata.
-Enter a string value. Press Enter for the default ("md5").
-Choose a number from below, or type in your own value
- 1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise
-   \ "none"
- 2 / MD5 for composite files
-   \ "md5"
- 3 / SHA1 for composite files
-   \ "sha1"
- 4 / MD5 for all files
-   \ "md5all"
- 5 / SHA1 for all files
-   \ "sha1all"
- 6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported
-   \ "md5quick"
- 7 / Similar to "md5quick" but prefers SHA1 over MD5
-   \ "sha1quick"
-hash_type> md5
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
+Storage> dropbox
+Dropbox App Key - leave blank normally.
+app_key>
+Dropbox App Secret - leave blank normally.
+app_secret>
 Remote config
+Please visit:
+https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&response_type=code
+Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX
 --------------------
-[overlay]
-type = chunker
-remote = remote:bucket
-chunk_size = 100M
-hash_type = md5
+[remote]
+app_key =
+app_secret =
+token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 --------------------
 y) Yes this is OK
 e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
-
-### Specifying the remote
-
-In normal use, make sure the remote has a `:` in. If you specify the remote
-without a `:` then rclone will use a local directory of that name.
-So if you use a remote of `/path/to/secret/files` then rclone will
-chunk stuff in that directory. If you use a remote of `name` then rclone
-will put files in a directory called `name` in the current directory.
-
-
-### Chunking
-
-When rclone starts a file upload, chunker checks the file size. If it
-doesn't exceed the configured chunk size, chunker will just pass the file
-to the wrapped remote. If a file is large, chunker will transparently cut
-data in pieces with temporary names and stream them one by one, on the fly.
-Each data chunk will contain the specified number of bytes, except for the
-last one which may have less data. If file size is unknown in advance
-(this is called a streaming upload), chunker will internally create
-a temporary copy, record its size and repeat the above process.
+d) Delete this remote
+y/e/d> y
+```
 
-When upload completes, temporary chunk files are finally renamed.
-This scheme guarantees that operations can be run in parallel and look
-from outside as atomic.
-A similar method with hidden temporary chunks is used for other operations
-(copy/move/rename, etc.). If an operation fails, hidden chunks are normally
-destroyed, and the target composite file stays intact.
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
 
-When a composite file download is requested, chunker transparently
-assembles it by concatenating data chunks in order. As the split is trivial
-one could even manually concatenate data chunks together to obtain the
-original content.
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Dropbox. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and it
+may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
 
-When the `list` rclone command scans a directory on wrapped remote,
-the potential chunk files are accounted for, grouped and assembled into
-composite directory entries. Any temporary chunks are hidden.
+You can then use it like this,
 
-List and other commands can sometimes come across composite files with
-missing or invalid chunks, e.g. shadowed by like-named directory or
-another file. This usually means that wrapped file system has been directly
-tampered with or damaged. If chunker detects a missing chunk it will
-by default print warning, skip the whole incomplete group of chunks but
-proceed with current command.
-You can set the `--chunker-fail-hard` flag to have commands abort with
-error message in such cases.
+List directories in top level of your dropbox
 
+    rclone lsd remote:
 
-#### Chunk names
+List all the files in your dropbox
 
-The default chunk name format is `*.rclone_chunk.###`, hence by default
-chunk names are `BIG_FILE_NAME.rclone_chunk.001`,
-`BIG_FILE_NAME.rclone_chunk.002` etc. You can configure another name format
-using the `name_format` configuration file option. The format uses asterisk
-`*` as a placeholder for the base file name and one or more consecutive
-hash characters `#` as a placeholder for sequential chunk number.
-There must be one and only one asterisk. The number of consecutive hash
-characters defines the minimum length of a string representing a chunk number.
-If decimal chunk number has less digits than the number of hashes, it is
-left-padded by zeros. If the decimal string is longer, it is left intact.
-By default numbering starts from 1 but there is another option that allows
-user to start from 0, e.g. for compatibility with legacy software.
+    rclone ls remote:
 
-For example, if name format is `big_*-##.part` and original file name is
-`data.txt` and numbering starts from 0, then the first chunk will be named
-`big_data.txt-00.part`, the 99th chunk will be `big_data.txt-98.part`
-and the 302nd chunk will become `big_data.txt-301.part`.
+To copy a local directory to a dropbox directory called backup
 
-Note that `list` assembles composite directory entries only when chunk names
-match the configured format and treats non-conforming file names as normal
-non-chunked files.
+    rclone copy /home/source remote:backup
 
-When using `norename` transactions, chunk names will additionally have a unique
-file version suffix. For example, `BIG_FILE_NAME.rclone_chunk.001_bp562k`.
+### Dropbox for business
 
+Rclone supports Dropbox for business and Team Folders.
 
-### Metadata
+When using Dropbox for business `remote:` and `remote:path/to/file`
+will refer to your personal folder.
 
-Besides data chunks chunker will by default create metadata object for
-a composite file. The object is named after the original file.
-Chunker allows user to disable metadata completely (the `none` format).
-Note that metadata is normally not created for files smaller than the
-configured chunk size. This may change in future rclone releases.
+If you wish to see Team Folders you must use a leading `/` in the
+path, so `rclone lsd remote:/` will refer to the root and show you all
+Team Folders and your User Folder.
 
-#### Simple JSON metadata format
+You can then use team folders like this `remote:/TeamFolder` and
+`remote:/TeamFolder/path/to/file`.
 
-This is the default format. It supports hash sums and chunk validation
-for composite files. Meta objects carry the following fields:
+A leading `/` for a Dropbox personal account will do nothing, but it
+will take an extra HTTP transaction so it should be avoided.
 
-- `ver`     - version of format, currently `1`
-- `size`    - total size of composite file
-- `nchunks` - number of data chunks in file
-- `md5`     - MD5 hashsum of composite file (if present)
-- `sha1`    - SHA1 hashsum (if present)
-- `txn`     - identifies current version of the file
+### Modification times and hashes
 
-There is no field for composite file name as it's simply equal to the name
-of meta object on the wrapped remote. Please refer to respective sections
-for details on hashsums and modified time handling.
+Dropbox supports modified times, but the only way to set a
+modification time is to re-upload the file.
 
-#### No metadata
+This means that if you uploaded your data with an older version of
+rclone which didn't support the v2 API and modified times, rclone will
+decide to upload all your old data to fix the modification times.  If
+you don't want this to happen use `--size-only` or `--checksum` flag
+to stop it.
 
-You can disable meta objects by setting the meta format option to `none`.
-In this mode chunker will scan directory for all files that follow
-configured chunk name format, group them by detecting chunks with the same
-base name and show group names as virtual composite files.
-This method is more prone to missing chunk errors (especially missing
-last chunk) than format with metadata enabled.
+Dropbox supports [its own hash
+type](https://www.dropbox.com/developers/reference/content-hash) which
+is checked for all transfers.
 
+### Restricted filename characters
 
-### Hashsums
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／           |
+| DEL       | 0x7F  | ␡           |
+| \         | 0x5C  | ＼           |
 
-Chunker supports hashsums only when a compatible metadata is present.
-Hence, if you choose metadata format of `none`, chunker will report hashsum
-as `UNSUPPORTED`.
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
 
-Please note that by default metadata is stored only for composite files.
-If a file is smaller than configured chunk size, chunker will transparently
-redirect hash requests to wrapped remote, so support depends on that.
-You will see the empty string as a hashsum of requested type for small
-files if the wrapped remote doesn't support it.
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
 
-Many storage backends support MD5 and SHA1 hash types, so does chunker.
-With chunker you can choose one or another but not both.
-MD5 is set by default as the most supported type.
-Since chunker keeps hashes for composite files and falls back to the
-wrapped remote hash for non-chunked ones, we advise you to choose the same
-hash type as supported by wrapped remote so that your file listings
-look coherent.
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-If your storage backend does not support MD5 or SHA1 but you need consistent
-file hashing, configure chunker with `md5all` or `sha1all`. These two modes
-guarantee given hash for all files. If wrapped remote doesn't support it,
-chunker will then add metadata to all files, even small. However, this can
-double the amount of small files in storage and incur additional service charges.
-You can even use chunker to force md5/sha1 support in any other remote
-at expense of sidecar meta objects by setting e.g. `chunk_type=sha1all`
-to force hashsums and `chunk_size=1P` to effectively disable chunking.
+### Batch mode uploads {#batch-mode}
 
-Normally, when a file is copied to chunker controlled remote, chunker
-will ask the file source for compatible file hash and revert to on-the-fly
-calculation if none is found. This involves some CPU overhead but provides
-a guarantee that given hashsum is available. Also, chunker will reject
-a server-side copy or move operation if source and destination hashsum
-types are different resulting in the extra network bandwidth, too.
-In some rare cases this may be undesired, so chunker provides two optional
-choices: `sha1quick` and `md5quick`. If the source does not support primary
-hash type and the quick mode is enabled, chunker will try to fall back to
-the secondary type. This will save CPU and bandwidth but can result in empty
-hashsums at destination. Beware of consequences: the `sync` command will
-revert (sometimes silently) to time/size comparison if compatible hashsums
-between source and target are not found.
+Using batch mode uploads is very important for performance when using
+the Dropbox API. See [the dropbox performance guide](https://developers.dropbox.com/dbx-performance-guide)
+for more info.
 
+There are 3 modes rclone can use for uploads.
 
-### Modified time
+#### --dropbox-batch-mode off
 
-Chunker stores modification times using the wrapped remote so support
-depends on that. For a small non-chunked file the chunker overlay simply
-manipulates modification time of the wrapped remote file.
-For a composite file with metadata chunker will get and set
-modification time of the metadata object on the wrapped remote.
-If file is chunked but metadata format is `none` then chunker will
-use modification time of the first data chunk.
+In this mode rclone will not use upload batching. This was the default
+before rclone v1.55. It has the disadvantage that it is very likely to
+encounter `too_many_requests` errors like this
 
+    NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
 
-### Migrations
+When rclone receives these it has to wait for 15s or sometimes 300s
+before continuing which really slows down transfers.
 
-The idiomatic way to migrate to a different chunk size, hash type, transaction
-style or chunk naming scheme is to:
+This will happen especially if `--transfers` is large, so this mode
+isn't recommended except for compatibility or investigating problems.
 
-- Collect all your chunked files under a directory and have your
-  chunker remote point to it.
-- Create another directory (most probably on the same cloud storage)
-  and configure a new remote with desired metadata format,
-  hash type, chunk naming etc.
-- Now run `rclone sync --interactive oldchunks: newchunks:` and all your data
-  will be transparently converted in transfer.
-  This may take some time, yet chunker will try server-side
-  copy if possible.
-- After checking data integrity you may remove configuration section
-  of the old remote.
+#### --dropbox-batch-mode sync
 
-If rclone gets killed during a long operation on a big composite file,
-hidden temporary chunks may stay in the directory. They will not be
-shown by the `list` command but will eat up your account quota.
-Please note that the `deletefile` command deletes only active
-chunks of a file. As a workaround, you can use remote of the wrapped
-file system to see them.
-An easy way to get rid of hidden garbage is to copy littered directory
-somewhere using the chunker remote and purge the original directory.
-The `copy` command will copy only active chunks while the `purge` will
-remove everything including garbage.
+In this mode rclone will batch up uploads to the size specified by
+`--dropbox-batch-size` and commit them together.
 
+Using this mode means you can use a much higher `--transfers`
+parameter (32 or 64 works fine) without receiving `too_many_requests`
+errors.
 
-### Caveats and Limitations
+This mode ensures full data integrity.
 
-Chunker requires wrapped remote to support server-side `move` (or `copy` +
-`delete`) operations, otherwise it will explicitly refuse to start.
-This is because it internally renames temporary chunk files to their final
-names when an operation completes successfully.
+Note that there may be a pause when quitting rclone while rclone
+finishes up the last batch using this mode.
 
-Chunker encodes chunk number in file name, so with default `name_format`
-setting it adds 17 characters. Also chunker adds 7 characters of temporary
-suffix during operations. Many file systems limit base file name without path
-by 255 characters. Using rclone's crypt remote as a base file system limits
-file name by 143 characters. Thus, maximum name length is 231 for most files
-and 119 for chunker-over-crypt. A user in need can change name format to
-e.g. `*.rcc##` and save 10 characters (provided at most 99 chunks per file).
+#### --dropbox-batch-mode async
 
-Note that a move implemented using the copy-and-delete method may incur
-double charging with some cloud storage providers.
+In this mode rclone will batch up uploads to the size specified by
+`--dropbox-batch-size` and commit them together.
 
-Chunker will not automatically rename existing chunks when you run
-`rclone config` on a live remote and change the chunk name format.
-Beware that in result of this some files which have been treated as chunks
-before the change can pop up in directory listings as normal files
-and vice versa. The same warning holds for the chunk size.
-If you desperately need to change critical chunking settings, you should
-run data migration as described above.
+However it will not wait for the status of the batch to be returned to
+the caller. This means rclone can use a much bigger batch size (much
+bigger than `--transfers`), at the cost of not being able to check the
+status of the upload.
 
-If wrapped remote is case insensitive, the chunker overlay will inherit
-that property (so you can't have a file called "Hello.doc" and "hello.doc"
-in the same directory).
+This provides the maximum possible upload speed especially with lots
+of small files, however rclone can't check the file got uploaded
+properly using this mode.
 
-Chunker included in rclone releases up to `v1.54` can sometimes fail to
-detect metadata produced by recent versions of rclone. We recommend users
-to keep rclone up-to-date to avoid data corruption.
+If you are using this mode then using "rclone check" after the
+transfer completes is recommended. Or you could do an initial transfer
+with `--dropbox-batch-mode async` then do a final transfer with
+`--dropbox-batch-mode sync` (the default).
+
+Note that there may be a pause when quitting rclone while rclone
+finishes up the last batch using this mode.
 
-Changing `transactions` is dangerous and requires explicit migration.
 
 
 ### Standard options
 
-Here are the Standard options specific to chunker (Transparently chunk/split large files).
+Here are the Standard options specific to dropbox (Dropbox).
 
-#### --chunker-remote
+#### --dropbox-client-id
 
-Remote to chunk/unchunk.
+OAuth Client Id.
 
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
+Leave blank normally.
 
 Properties:
 
-- Config:      remote
-- Env Var:     RCLONE_CHUNKER_REMOTE
+- Config:      client_id
+- Env Var:     RCLONE_DROPBOX_CLIENT_ID
 - Type:        string
-- Required:    true
-
-#### --chunker-chunk-size
-
-Files larger than chunk size will be split in chunks.
-
-Properties:
-
-- Config:      chunk_size
-- Env Var:     RCLONE_CHUNKER_CHUNK_SIZE
-- Type:        SizeSuffix
-- Default:     2Gi
+- Required:    false
 
-#### --chunker-hash-type
+#### --dropbox-client-secret
 
-Choose how chunker handles hash sums.
+OAuth Client Secret.
 
-All modes but "none" require metadata.
+Leave blank normally.
 
 Properties:
 
-- Config:      hash_type
-- Env Var:     RCLONE_CHUNKER_HASH_TYPE
+- Config:      client_secret
+- Env Var:     RCLONE_DROPBOX_CLIENT_SECRET
 - Type:        string
-- Default:     "md5"
-- Examples:
-    - "none"
-        - Pass any hash supported by wrapped remote for non-chunked files.
-        - Return nothing otherwise.
-    - "md5"
-        - MD5 for composite files.
-    - "sha1"
-        - SHA1 for composite files.
-    - "md5all"
-        - MD5 for all files.
-    - "sha1all"
-        - SHA1 for all files.
-    - "md5quick"
-        - Copying a file to chunker will request MD5 from the source.
-        - Falling back to SHA1 if unsupported.
-    - "sha1quick"
-        - Similar to "md5quick" but prefers SHA1 over MD5.
+- Required:    false
 
 ### Advanced options
 
-Here are the Advanced options specific to chunker (Transparently chunk/split large files).
-
-#### --chunker-name-format
+Here are the Advanced options specific to dropbox (Dropbox).
 
-String format of chunk file names.
+#### --dropbox-token
 
-The two placeholders are: base file name (*) and chunk number (#...).
-There must be one and only one asterisk and one or more consecutive hash characters.
-If chunk number has less digits than the number of hashes, it is left-padded by zeros.
-If there are more digits in the number, they are left as is.
-Possible chunk files are ignored if their name does not match given format.
+OAuth Access Token as a JSON blob.
 
 Properties:
 
-- Config:      name_format
-- Env Var:     RCLONE_CHUNKER_NAME_FORMAT
+- Config:      token
+- Env Var:     RCLONE_DROPBOX_TOKEN
 - Type:        string
-- Default:     "*.rclone_chunk.###"
+- Required:    false
 
-#### --chunker-start-from
+#### --dropbox-auth-url
 
-Minimum valid chunk number. Usually 0 or 1.
+Auth server URL.
 
-By default chunk numbers start from 1.
+Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      start_from
-- Env Var:     RCLONE_CHUNKER_START_FROM
-- Type:        int
-- Default:     1
+- Config:      auth_url
+- Env Var:     RCLONE_DROPBOX_AUTH_URL
+- Type:        string
+- Required:    false
 
-#### --chunker-meta-format
+#### --dropbox-token-url
 
-Format of the metadata object or "none".
+Token server url.
 
-By default "simplejson".
-Metadata is a small JSON file named after the composite file.
+Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      meta_format
-- Env Var:     RCLONE_CHUNKER_META_FORMAT
+- Config:      token_url
+- Env Var:     RCLONE_DROPBOX_TOKEN_URL
 - Type:        string
-- Default:     "simplejson"
-- Examples:
-    - "none"
-        - Do not use metadata files at all.
-        - Requires hash type "none".
-    - "simplejson"
-        - Simple JSON supports hash sums and chunk validation.
-        - 
-        - It has the following fields: ver, size, nchunks, md5, sha1.
-
-#### --chunker-fail-hard
-
-Choose how chunker should handle files with missing or invalid chunks.
+- Required:    false
 
-Properties:
+#### --dropbox-chunk-size
 
-- Config:      fail_hard
-- Env Var:     RCLONE_CHUNKER_FAIL_HARD
-- Type:        bool
-- Default:     false
-- Examples:
-    - "true"
-        - Report errors and abort current command.
-    - "false"
-        - Warn user, skip incomplete file and proceed.
+Upload chunk size (< 150Mi).
 
-#### --chunker-transactions
+Any files larger than this will be uploaded in chunks of this size.
 
-Choose how chunker should handle temporary files during transactions.
+Note that chunks are buffered in memory (one at a time) so rclone can
+deal with retries.  Setting this larger will increase the speed
+slightly (at most 10% for 128 MiB in tests) at the cost of using more
+memory.  It can be set smaller if you are tight on memory.
 
 Properties:
 
-- Config:      transactions
-- Env Var:     RCLONE_CHUNKER_TRANSACTIONS
-- Type:        string
-- Default:     "rename"
-- Examples:
-    - "rename"
-        - Rename temporary files after a successful transaction.
-    - "norename"
-        - Leave temporary file names and write transaction ID to metadata file.
-        - Metadata is required for no rename transactions (meta format cannot be "none").
-        - If you are using norename transactions you should be careful not to downgrade Rclone
-        - as older versions of Rclone don't support this transaction style and will misinterpret
-        - files manipulated by norename transactions.
-        - This method is EXPERIMENTAL, don't use on production systems.
-    - "auto"
-        - Rename or norename will be used depending on capabilities of the backend.
-        - If meta format is set to "none", rename transactions will always be used.
-        - This method is EXPERIMENTAL, don't use on production systems.
-
-
-
-#  Citrix ShareFile
-
-[Citrix ShareFile](https://sharefile.com) is a secure file sharing and transfer service aimed as business.
+- Config:      chunk_size
+- Env Var:     RCLONE_DROPBOX_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     48Mi
 
-## Configuration
+#### --dropbox-impersonate
 
-The initial setup for Citrix ShareFile involves getting a token from
-Citrix ShareFile which you can in your browser.  `rclone config` walks you
-through it.
+Impersonate this user when using a business account.
 
-Here is an example of how to make a remote called `remote`.  First run:
+Note that if you want to use impersonate, you should make sure this
+flag is set when running "rclone config" as this will cause rclone to
+request the "members.read" scope which it won't normally. This is
+needed to lookup a members email address into the internal ID that
+dropbox uses in the API.
 
-     rclone config
+Using the "members.read" scope will require a Dropbox Team Admin
+to approve during the OAuth flow.
 
-This will guide you through an interactive setup process:
+You will have to use your own App (setting your own client_id and
+client_secret) to use this option as currently rclone's default set of
+permissions doesn't include "members.read". This can be added once
+v1.55 or later is in use everywhere.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-XX / Citrix Sharefile
-   \ "sharefile"
-Storage> sharefile
-** See help for sharefile backend at: https://rclone.org/sharefile/ **
 
-ID of the root folder
+Properties:
 
-Leave blank to access "Personal Folders".  You can use one of the
-standard values here or any folder ID (long hex number ID).
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Access the Personal Folders. (Default)
-   \ ""
- 2 / Access the Favorites folder.
-   \ "favorites"
- 3 / Access all the shared folders.
-   \ "allshared"
- 4 / Access all the individual connectors.
-   \ "connectors"
- 5 / Access the home, favorites, and shared folders as well as the connectors.
-   \ "top"
-root_folder_id> 
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = sharefile
-endpoint = https://XXX.sharefile.com
-token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2019-09-30T19:41:45.878561877+01:00"}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+- Config:      impersonate
+- Env Var:     RCLONE_DROPBOX_IMPERSONATE
+- Type:        string
+- Required:    false
 
-See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
-machine with no Internet browser available.
+#### --dropbox-shared-files
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Citrix ShareFile. This only runs from the moment it opens
-your browser to the moment you get back the verification code.  This
-is on `http://127.0.0.1:53682/` and this it may require you to unblock
-it temporarily if you are running a host firewall.
+Instructs rclone to work on individual shared files.
 
-Once configured you can then use `rclone` like this,
+In this mode rclone's features are extremely limited - only list (ls, lsl, etc.) 
+operations and read operations (e.g. downloading) are supported in this mode.
+All other operations will be disabled.
 
-List directories in top level of your ShareFile
+Properties:
 
-    rclone lsd remote:
+- Config:      shared_files
+- Env Var:     RCLONE_DROPBOX_SHARED_FILES
+- Type:        bool
+- Default:     false
 
-List all the files in your ShareFile
+#### --dropbox-shared-folders
 
-    rclone ls remote:
+Instructs rclone to work on shared folders.
+			
+When this flag is used with no path only the List operation is supported and 
+all available shared folders will be listed. If you specify a path the first part 
+will be interpreted as the name of shared folder. Rclone will then try to mount this 
+shared to the root namespace. On success shared folder rclone proceeds normally. 
+The shared folder is now pretty much a normal folder and all normal operations 
+are supported. 
 
-To copy a local directory to an ShareFile directory called backup
+Note that we don't unmount the shared folder afterwards so the 
+--dropbox-shared-folders can be omitted after the first use of a particular 
+shared folder.
 
-    rclone copy /home/source remote:backup
+Properties:
 
-Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+- Config:      shared_folders
+- Env Var:     RCLONE_DROPBOX_SHARED_FOLDERS
+- Type:        bool
+- Default:     false
 
-### Modified time and hashes
+#### --dropbox-pacer-min-sleep
 
-ShareFile allows modification times to be set on objects accurate to 1
-second.  These will be used to detect whether objects need syncing or
-not.
+Minimum time to sleep between API calls.
 
-ShareFile supports MD5 type hashes, so you can use the `--checksum`
-flag.
+Properties:
 
-### Transfers
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_DROPBOX_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     10ms
 
-For files above 128 MiB rclone will use a chunked transfer.  Rclone will
-upload up to `--transfers` chunks at the same time (shared among all
-the multipart uploads).  Chunks are buffered in memory and are
-normally 64 MiB so increasing `--transfers` will increase memory use.
+#### --dropbox-encoding
 
-### Restricted filename characters
+The encoding for the backend.
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| \\        | 0x5C  | ＼           |
-| *         | 0x2A  | ＊           |
-| <         | 0x3C  | ＜           |
-| >         | 0x3E  | ＞           |
-| ?         | 0x3F  | ？           |
-| :         | 0x3A  | ：           |
-| \|        | 0x7C  | ｜           |
-| "         | 0x22  | ＂           |
+Properties:
 
-File names can also not start or end with the following characters.
-These only get replaced if they are the first or last character in the
-name:
+- Config:      encoding
+- Env Var:     RCLONE_DROPBOX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| SP        | 0x20  | ␠           |
-| .         | 0x2E  | ．           |
+#### --dropbox-batch-mode
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+Upload file batching sync|async|off.
 
+This sets the batch mode used by rclone.
 
-### Standard options
+For full info see [the main docs](https://rclone.org/dropbox/#batch-mode)
 
-Here are the Standard options specific to sharefile (Citrix Sharefile).
+This has 3 possible values
 
-#### --sharefile-root-folder-id
+- off - no batching
+- sync - batch uploads and check completion (default)
+- async - batch upload and don't check completion
 
-ID of the root folder.
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
 
-Leave blank to access "Personal Folders".  You can use one of the
-standard values here or any folder ID (long hex number ID).
 
 Properties:
 
-- Config:      root_folder_id
-- Env Var:     RCLONE_SHAREFILE_ROOT_FOLDER_ID
+- Config:      batch_mode
+- Env Var:     RCLONE_DROPBOX_BATCH_MODE
 - Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Access the Personal Folders (default).
-    - "favorites"
-        - Access the Favorites folder.
-    - "allshared"
-        - Access all the shared folders.
-    - "connectors"
-        - Access all the individual connectors.
-    - "top"
-        - Access the home, favorites, and shared folders as well as the connectors.
-
-### Advanced options
+- Default:     "sync"
 
-Here are the Advanced options specific to sharefile (Citrix Sharefile).
+#### --dropbox-batch-size
 
-#### --sharefile-upload-cutoff
+Max number of files in upload batch.
 
-Cutoff for switching to multipart upload.
+This sets the batch size of files to upload. It has to be less than 1000.
 
-Properties:
+By default this is 0 which means rclone which calculate the batch size
+depending on the setting of batch_mode.
 
-- Config:      upload_cutoff
-- Env Var:     RCLONE_SHAREFILE_UPLOAD_CUTOFF
-- Type:        SizeSuffix
-- Default:     128Mi
+- batch_mode: async - default batch_size is 100
+- batch_mode: sync - default batch_size is the same as --transfers
+- batch_mode: off - not in use
 
-#### --sharefile-chunk-size
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
 
-Upload chunk size.
+Setting this is a great idea if you are uploading lots of small files
+as it will make them a lot quicker. You can use --transfers 32 to
+maximise throughput.
 
-Must a power of 2 >= 256k.
 
-Making this larger will improve performance, but note that each chunk
-is buffered in memory one per transfer.
+Properties:
 
-Reducing this will reduce memory usage but decrease performance.
+- Config:      batch_size
+- Env Var:     RCLONE_DROPBOX_BATCH_SIZE
+- Type:        int
+- Default:     0
 
-Properties:
+#### --dropbox-batch-timeout
 
-- Config:      chunk_size
-- Env Var:     RCLONE_SHAREFILE_CHUNK_SIZE
-- Type:        SizeSuffix
-- Default:     64Mi
+Max time to allow an idle upload batch before uploading.
 
-#### --sharefile-endpoint
+If an upload batch is idle for more than this long then it will be
+uploaded.
 
-Endpoint for API calls.
+The default for this is 0 which means rclone will choose a sensible
+default based on the batch_mode in use.
 
-This is usually auto discovered as part of the oauth process, but can
-be set manually to something like: https://XXX.sharefile.com
+- batch_mode: async - default batch_timeout is 10s
+- batch_mode: sync - default batch_timeout is 500ms
+- batch_mode: off - not in use
 
 
 Properties:
 
-- Config:      endpoint
-- Env Var:     RCLONE_SHAREFILE_ENDPOINT
-- Type:        string
-- Required:    false
-
-#### --sharefile-encoding
+- Config:      batch_timeout
+- Env Var:     RCLONE_DROPBOX_BATCH_TIMEOUT
+- Type:        Duration
+- Default:     0s
 
-The encoding for the backend.
+#### --dropbox-batch-commit-timeout
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Max time to wait for a batch to finish committing
 
 Properties:
 
-- Config:      encoding
-- Env Var:     RCLONE_SHAREFILE_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
+- Config:      batch_commit_timeout
+- Env Var:     RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT
+- Type:        Duration
+- Default:     10m0s
+
 
 
 ## Limitations
 
-Note that ShareFile is case insensitive so you can't have a file called
+Note that Dropbox is case insensitive so you can't have a file called
 "Hello.doc" and one called "hello.doc".
 
-ShareFile only supports filenames up to 256 characters in length.
+There are some file names such as `thumbs.db` which Dropbox can't
+store.  There is a full list of them in the ["Ignored Files" section
+of this document](https://www.dropbox.com/en/help/145).  Rclone will
+issue an error message `File name disallowed - not uploading` if it
+attempts to upload one of those file names, but the sync won't fail.
 
-`rclone about` is not supported by the Citrix ShareFile backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+Some errors may occur if you try to sync copyright-protected files
+because Dropbox has its own [copyright detector](https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/) that
+prevents this sort of file being downloaded. This will return the error `ERROR :
+/path/to/your/file: Failed to copy: failed to open source object:
+path/restricted_content/.`
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+If you have more than 10,000 files in a directory then `rclone purge
+dropbox:dir` will return the error `Failed to purge: There are too
+many files involved in this operation`.  As a work-around do an
+`rclone delete dropbox:dir` followed by an `rclone rmdir dropbox:dir`.
 
-#  Crypt
+When using `rclone link` you'll need to set `--expire` if using a
+non-personal account otherwise the visibility may not be correct.
+(Note that `--expire` isn't supported on personal accounts). See the
+[forum discussion](https://forum.rclone.org/t/rclone-link-dropbox-permissions/23211) and the 
+[dropbox SDK issue](https://github.com/dropbox/dropbox-sdk-go-unofficial/issues/75).
 
-Rclone `crypt` remotes encrypt and decrypt other remotes.
+## Get your own Dropbox App ID
 
-A remote of type `crypt` does not access a [storage system](https://rclone.org/overview/)
-directly, but instead wraps another remote, which in turn accesses
-the storage system. This is similar to how [alias](https://rclone.org/alias/),
-[union](https://rclone.org/union/), [chunker](https://rclone.org/chunker/)
-and a few others work. It makes the usage very flexible, as you can
-add a layer, in this case an encryption layer, on top of any other
-backend, even in multiple layers. Rclone's functionality
-can be used as with any other remote, for example you can
-[mount](https://rclone.org/commands/rclone_mount/) a crypt remote.
+When you use rclone with Dropbox in its default configuration you are using rclone's App ID. This is shared between all the rclone users.
 
-Accessing a storage system through a crypt remote realizes client-side
-encryption, which makes it safe to keep your data in a location you do
-not trust will not get compromised.
-When working against the `crypt` remote, rclone will automatically
-encrypt (before uploading) and decrypt (after downloading) on your local
-system as needed on the fly, leaving the data encrypted at rest in the
-wrapped remote. If you access the storage system using an application
-other than rclone, or access the wrapped remote directly using rclone,
-there will not be any encryption/decryption: Downloading existing content
-will just give you the encrypted (scrambled) format, and anything you
-upload will *not* become encrypted.
+Here is how to create your own Dropbox App ID for rclone:
 
-The encryption is a secret-key encryption (also called symmetric key encryption)
-algorithm, where a password (or pass phrase) is used to generate real encryption key.
-The password can be supplied by user, or you may chose to let rclone
-generate one. It will be stored in the configuration file, in a lightly obscured form.
-If you are in an environment where you are not able to keep your configuration
-secured, you should add
-[configuration encryption](https://rclone.org/docs/#configuration-encryption)
-as protection. As long as you have this configuration file, you will be able to
-decrypt your data. Without the configuration file, as long as you remember
-the password (or keep it in a safe place), you can re-create the configuration
-and gain access to the existing data. You may also configure a corresponding
-remote in a different installation to access the same data.
-See below for guidance to [changing password](#changing-password).
+1. Log into the [Dropbox App console](https://www.dropbox.com/developers/apps/create) with your Dropbox Account (It need not
+to be the same account as the Dropbox you want to access)
 
-Encryption uses [cryptographic salt](https://en.wikipedia.org/wiki/Salt_(cryptography)),
-to permute the encryption key so that the same string may be encrypted in
-different ways. When configuring the crypt remote it is optional to enter a salt,
-or to let rclone generate a unique salt. If omitted, rclone uses a built-in unique string.
-Normally in cryptography, the salt is stored together with the encrypted content,
-and do not have to be memorized by the user. This is not the case in rclone,
-because rclone does not store any additional information on the remotes. Use of
-custom salt is effectively a second password that must be memorized.
+2. Choose an API => Usually this should be `Dropbox API`
 
-[File content](#file-encryption) encryption is performed using
-[NaCl SecretBox](https://godoc.org/golang.org/x/crypto/nacl/secretbox),
-based on XSalsa20 cipher and Poly1305 for integrity.
-[Names](#name-encryption) (file- and directory names) are also encrypted
-by default, but this has some implications and is therefore
-possible to be turned off.
+3. Choose the type of access you want to use => `Full Dropbox` or `App Folder`. If you want to use Team Folders, `Full Dropbox` is required ([see here](https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-create-team-folder-inside-my-app-s-folder/m-p/601005/highlight/true#M27911)).
 
-## Configuration
+4. Name your App. The app name is global, so you can't use `rclone` for example
 
-Here is an example of how to make a remote called `secret`.
+5. Click the button `Create App`
 
-To use `crypt`, first set up the underlying remote. Follow the
-`rclone config` instructions for the specific backend.
+6. Switch to the `Permissions` tab. Enable at least the following permissions: `account_info.read`, `files.metadata.write`, `files.content.write`, `files.content.read`, `sharing.write`. The `files.metadata.read` and `sharing.read` checkboxes will be marked too. Click `Submit`
 
-Before configuring the crypt remote, check the underlying remote is
-working. In this example the underlying remote is called `remote`.
-We will configure a path `path` within this remote to contain the
-encrypted content. Anything inside `remote:path` will be encrypted
-and anything outside will not.
+7. Switch to the `Settings` tab. Fill `OAuth2 - Redirect URIs` as `http://localhost:53682/` and click on `Add`
 
-Configure `crypt` using `rclone config`. In this example the `crypt`
-remote is called `secret`, to differentiate it from the underlying
-`remote`.
+8. Find the `App key` and `App secret` values on the `Settings` tab. Use these values in rclone config to add a new remote or edit an existing remote. The `App key` setting corresponds to `client_id` in rclone config, the `App secret` corresponds to `client_secret`
 
-When you are done you can use the crypt remote named `secret` just
-as you would with any other remote, e.g. `rclone copy D:\docs secret:\docs`,
-and rclone will encrypt and decrypt as needed on the fly.
-If you access the wrapped remote `remote:path` directly you will bypass
-the encryption, and anything you read will be in encrypted form, and
-anything you write will be unencrypted. To avoid issues it is best to
-configure a dedicated path for encrypted content, and access it
-exclusively through a crypt remote.
+#  Enterprise File Fabric
+
+This backend supports [Storage Made Easy's Enterprise File
+Fabric™](https://storagemadeeasy.com/about/) which provides a software
+solution to integrate and unify File and Object Storage accessible
+through a global file system.
+
+## Configuration
+
+The initial setup for the Enterprise File Fabric backend involves
+getting a token from the Enterprise File Fabric which you need to
+do in your browser.  `rclone config` walks you through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 
 ```
 No remotes found, make a new one?
@@ -25774,1236 +31079,1350 @@ n) New remote
 s) Set configuration password
 q) Quit config
 n/s/q> n
-name> secret
+name> remote
 Type of storage to configure.
 Enter a string value. Press Enter for the default ("").
 Choose a number from below, or type in your own value
 [snip]
-XX / Encrypt/Decrypt a remote
-   \ "crypt"
+XX / Enterprise File Fabric
+   \ "filefabric"
 [snip]
-Storage> crypt
-** See help for crypt backend at: https://rclone.org/crypt/ **
+Storage> filefabric
+** See help for filefabric backend at: https://rclone.org/filefabric/ **
 
-Remote to encrypt/decrypt.
-Normally should contain a ':' and a path, eg "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
+URL of the Enterprise File Fabric to connect to
 Enter a string value. Press Enter for the default ("").
-remote> remote:path
-How to encrypt the filenames.
-Enter a string value. Press Enter for the default ("standard").
-Choose a number from below, or type in your own value.
-   / Encrypt the filenames.
- 1 | See the docs for the details.
-   \ "standard"
- 2 / Very simple filename obfuscation.
-   \ "obfuscate"
-   / Don't encrypt the file names.
- 3 | Adds a ".bin" extension only.
-   \ "off"
-filename_encryption>
-Option to either encrypt directory names or leave them intact.
-
-NB If filename_encryption is "off" then this option will do nothing.
-Enter a boolean value (true or false). Press Enter for the default ("true").
 Choose a number from below, or type in your own value
- 1 / Encrypt directory names.
-   \ "true"
- 2 / Don't encrypt directory names, leave them intact.
-   \ "false"
-directory_name_encryption>
-Password or pass phrase for encryption.
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Password or pass phrase for salt. Optional but recommended.
-Should be different to the previous password.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n> g
-Password strength in bits.
-64 is just about memorable
-128 is secure
-1024 is the maximum
-Bits> 128
-Your password is: JAsJvRcgR-_veXNfy_sGmQ
-Use this password? Please note that an obscured version of this
-password (and not the password itself) will be stored under your
-configuration file, so keep this generated password in a safe place.
-y) Yes (default)
-n) No
-y/n>
+ 1 / Storage Made Easy US
+   \ "https://storagemadeeasy.com"
+ 2 / Storage Made Easy EU
+   \ "https://eu.storagemadeeasy.com"
+ 3 / Connect to your Enterprise File Fabric
+   \ "https://yourfabric.smestorage.com"
+url> https://yourfabric.smestorage.com/
+ID of the root folder
+Leave blank normally.
+
+Fill in to make rclone start with directory of a given ID.
+
+Enter a string value. Press Enter for the default ("").
+root_folder_id> 
+Permanent Authentication Token
+
+A Permanent Authentication Token can be created in the Enterprise File
+Fabric, on the users Dashboard under Security, there is an entry
+you'll see called "My Authentication Tokens". Click the Manage button
+to create one.
+
+These tokens are normally valid for several years.
+
+For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+
+Enter a string value. Press Enter for the default ("").
+permanent_token> xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
 Edit advanced config? (y/n)
 y) Yes
 n) No (default)
-y/n>
+y/n> n
 Remote config
 --------------------
-[secret]
-type = crypt
-remote = remote:path
-password = *** ENCRYPTED ***
-password2 = *** ENCRYPTED ***
+[remote]
+type = filefabric
+url = https://yourfabric.smestorage.com/
+permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
 --------------------
 y) Yes this is OK (default)
 e) Edit this remote
 d) Delete this remote
-y/e/d>
+y/e/d> y
 ```
 
-**Important** The crypt password stored in `rclone.conf` is lightly
-obscured. That only protects it from cursory inspection. It is not
-secure unless [configuration encryption](https://rclone.org/docs/#configuration-encryption) of `rclone.conf` is specified.
-
-A long passphrase is recommended, or `rclone config` can generate a
-random one.
-
-The obscured password is created using AES-CTR with a static key. The
-salt is stored verbatim at the beginning of the obscured password. This
-static key is shared between all versions of rclone.
-
-If you reconfigure rclone with the same passwords/passphrases
-elsewhere it will be compatible, but the obscured version will be different
-due to the different salt.
-
-Rclone does not encrypt
-
-  * file length - this can be calculated within 16 bytes
-  * modification time - used for syncing
-
-### Specifying the remote
-
-When configuring the remote to encrypt/decrypt, you may specify any
-string that rclone accepts as a source/destination of other commands.
-
-The primary use case is to specify the path into an already configured
-remote (e.g. `remote:path/to/dir` or `remote:bucket`), such that
-data in a remote untrusted location can be stored encrypted.
-
-You may also specify a local filesystem path, such as
-`/path/to/dir` on Linux, `C:\path\to\dir` on Windows. By creating
-a crypt remote pointing to such a local filesystem path, you can
-use rclone as a utility for pure local file encryption, for example
-to keep encrypted files on a removable USB drive.
+Once configured you can then use `rclone` like this,
 
-**Note**: A string which do not contain a `:` will by rclone be treated
-as a relative path in the local filesystem. For example, if you enter
-the name `remote` without the trailing `:`, it will be treated as
-a subdirectory of the current directory with name "remote".
+List directories in top level of your Enterprise File Fabric
 
-If a path `remote:path/to/dir` is specified, rclone stores encrypted
-files in `path/to/dir` on the remote. With file name encryption, files
-saved to `secret:subdir/subfile` are stored in the unencrypted path
-`path/to/dir` but the `subdir/subpath` element is encrypted.
+    rclone lsd remote:
 
-The path you specify does not have to exist, rclone will create
-it when needed.
+List all the files in your Enterprise File Fabric
 
-If you intend to use the wrapped remote both directly for keeping
-unencrypted content, as well as through a crypt remote for encrypted
-content, it is recommended to point the crypt remote to a separate
-directory within the wrapped remote. If you use a bucket-based storage
-system (e.g. Swift, S3, Google Compute Storage, B2) it is generally
-advisable to wrap the crypt remote around a specific bucket (`s3:bucket`).
-If wrapping around the entire root of the storage (`s3:`), and use the
-optional file name encryption, rclone will encrypt the bucket name.
+    rclone ls remote:
 
-### Changing password
+To copy a local directory to an Enterprise File Fabric directory called backup
 
-Should the password, or the configuration file containing a lightly obscured
-form of the password, be compromised, you need to re-encrypt your data with
-a new password. Since rclone uses secret-key encryption, where the encryption
-key is generated directly from the password kept on the client, it is not
-possible to change the password/key of already encrypted content. Just changing
-the password configured for an existing crypt remote means you will no longer
-able to decrypt any of the previously encrypted content. The only possibility
-is to re-upload everything via a crypt remote configured with your new password.
+    rclone copy /home/source remote:backup
 
-Depending on the size of your data, your bandwidth, storage quota etc, there are
-different approaches you can take:
-- If you have everything in a different location, for example on your local system,
-you could remove all of the prior encrypted files, change the password for your
-configured crypt remote (or delete and re-create the crypt configuration),
-and then re-upload everything from the alternative location.
-- If you have enough space on the storage system you can create a new crypt
-remote pointing to a separate directory on the same backend, and then use
-rclone to copy everything from the original crypt remote to the new,
-effectively decrypting everything on the fly using the old password and
-re-encrypting using the new password. When done, delete the original crypt
-remote directory and finally the rclone crypt configuration with the old password.
-All data will be streamed from the storage system and back, so you will
-get half the bandwidth and be charged twice if you have upload and download quota
-on the storage system.
+### Modification times and hashes
 
-**Note**: A security problem related to the random password generator
-was fixed in rclone version 1.53.3 (released 2020-11-19). Passwords generated
-by rclone config in version 1.49.0 (released 2019-08-26) to 1.53.2
-(released 2020-10-26) are not considered secure and should be changed.
-If you made up your own password, or used rclone version older than 1.49.0 or
-newer than 1.53.2 to generate it, you are *not* affected by this issue.
-See [issue #4783](https://github.com/rclone/rclone/issues/4783) for more
-details, and a tool you can use to check if you are affected.
+The Enterprise File Fabric allows modification times to be set on
+files accurate to 1 second.  These will be used to detect whether
+objects need syncing or not.
 
-### Example
+The Enterprise File Fabric does not support any data hashes at this time.
 
-Create the following file structure using "standard" file name
-encryption.
+### Restricted filename characters
 
-```
-plaintext/
-├── file0.txt
-├── file1.txt
-└── subdir
-    ├── file2.txt
-    ├── file3.txt
-    └── subsubdir
-        └── file4.txt
-```
+The [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+will be replaced.
 
-Copy these to the remote, and list them
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-```
-$ rclone -q copy plaintext secret:
-$ rclone -q ls secret:
-        7 file1.txt
-        6 file0.txt
-        8 subdir/file2.txt
-       10 subdir/subsubdir/file4.txt
-        9 subdir/file3.txt
-```
+### Empty files
 
-The crypt remote looks like
+Empty files aren't supported by the Enterprise File Fabric. Rclone will therefore
+upload an empty file as a single space with a mime type of
+`application/vnd.rclone.empty.file` and files with that mime type are
+treated as empty.
 
-```
-$ rclone -q ls remote:path
-       55 hagjclgavj2mbiqm6u6cnjjqcg
-       54 v05749mltvv1tf4onltun46gls
-       57 86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo
-       58 86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
-       56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps
-```
+### Root folder ID ###
 
-The directory structure is preserved
+You can set the `root_folder_id` for rclone.  This is the directory
+(identified by its `Folder ID`) that rclone considers to be the root
+of your Enterprise File Fabric.
 
-```
-$ rclone -q ls secret:subdir
-        8 file2.txt
-        9 file3.txt
-       10 subsubdir/file4.txt
-```
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
 
-Without file name encryption `.bin` extensions are added to underlying
-names. This prevents the cloud provider attempting to interpret file
-content.
+However you can set this to restrict rclone to a specific folder
+hierarchy.
+
+In order to do this you will have to find the `Folder ID` of the
+directory you wish rclone to display.  These aren't displayed in the
+web interface, but you can use `rclone lsf` to find them, for example
 
 ```
-$ rclone -q ls remote:path
-       54 file0.txt.bin
-       57 subdir/file3.txt.bin
-       56 subdir/file2.txt.bin
-       58 subdir/subsubdir/file4.txt.bin
-       55 file1.txt.bin
+$ rclone lsf --dirs-only -Fip --csv filefabric:
+120673758,Burnt PDFs/
+120673759,My Quick Uploads/
+120673755,My Syncs/
+120673756,My backups/
+120673757,My contacts/
+120673761,S3 Storage/
 ```
 
-### File name encryption modes
-
-Off
+The ID for "S3 Storage" would be `120673761`.
 
-  * doesn't hide file names or directory structure
-  * allows for longer file names (~246 characters)
-  * can use sub paths and copy single files
 
-Standard
+### Standard options
 
-  * file names encrypted
-  * file names can't be as long (~143 characters)
-  * can use sub paths and copy single files
-  * directory structure visible
-  * identical files names will have identical uploaded names
-  * can use shortcuts to shorten the directory recursion
+Here are the Standard options specific to filefabric (Enterprise File Fabric).
 
-Obfuscation
+#### --filefabric-url
 
-This is a simple "rotate" of the filename, with each file having a rot
-distance based on the filename. Rclone stores the distance at the
-beginning of the filename. A file called "hello" may become "53.jgnnq".
+URL of the Enterprise File Fabric to connect to.
 
-Obfuscation is not a strong encryption of filenames, but hinders
-automated scanning tools picking up on filename patterns. It is an
-intermediate between "off" and "standard" which allows for longer path
-segment names.
+Properties:
 
-There is a possibility with some unicode based filenames that the
-obfuscation is weak and may map lower case characters to upper case
-equivalents.
+- Config:      url
+- Env Var:     RCLONE_FILEFABRIC_URL
+- Type:        string
+- Required:    true
+- Examples:
+    - "https://storagemadeeasy.com"
+        - Storage Made Easy US
+    - "https://eu.storagemadeeasy.com"
+        - Storage Made Easy EU
+    - "https://yourfabric.smestorage.com"
+        - Connect to your Enterprise File Fabric
 
-Obfuscation cannot be relied upon for strong protection.
+#### --filefabric-root-folder-id
 
-  * file names very lightly obfuscated
-  * file names can be longer than standard encryption
-  * can use sub paths and copy single files
-  * directory structure visible
-  * identical files names will have identical uploaded names
+ID of the root folder.
 
-Cloud storage systems have limits on file name length and
-total path length which rclone is more likely to breach using
-"Standard" file name encryption.  Where file names are less than 156
-characters in length issues should not be encountered, irrespective of
-cloud storage provider.
+Leave blank normally.
 
-An experimental advanced option `filename_encoding` is now provided to
-address this problem to a certain degree.
-For cloud storage systems with case sensitive file names (e.g. Google Drive),
-`base64` can be used to reduce file name length. 
-For cloud storage systems using UTF-16 to store file names internally
-(e.g. OneDrive), `base32768` can be used to drastically reduce
-file name length. 
+Fill in to make rclone start with directory of a given ID.
 
-An alternative, future rclone file name encryption mode may tolerate
-backend provider path length limits.
 
-### Directory name encryption
+Properties:
 
-Crypt offers the option of encrypting dir names or leaving them intact.
-There are two options:
+- Config:      root_folder_id
+- Env Var:     RCLONE_FILEFABRIC_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
 
-True
+#### --filefabric-permanent-token
 
-Encrypts the whole file path including directory names
-Example:
-`1/12/123.txt` is encrypted to
-`p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0`
+Permanent Authentication Token.
 
-False
+A Permanent Authentication Token can be created in the Enterprise File
+Fabric, on the users Dashboard under Security, there is an entry
+you'll see called "My Authentication Tokens". Click the Manage button
+to create one.
 
-Only encrypts file names, skips directory names
-Example:
-`1/12/123.txt` is encrypted to
-`1/12/qgm4avr35m5loi1th53ato71v0`
+These tokens are normally valid for several years.
 
+For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
 
-### Modified time and hashes
 
-Crypt stores modification times using the underlying remote so support
-depends on that.
+Properties:
 
-Hashes are not stored for crypt. However the data integrity is
-protected by an extremely strong crypto authenticator.
+- Config:      permanent_token
+- Env Var:     RCLONE_FILEFABRIC_PERMANENT_TOKEN
+- Type:        string
+- Required:    false
 
-Use the `rclone cryptcheck` command to check the
-integrity of a crypted remote instead of `rclone check` which can't
-check the checksums properly.
+### Advanced options
 
+Here are the Advanced options specific to filefabric (Enterprise File Fabric).
 
-### Standard options
+#### --filefabric-token
 
-Here are the Standard options specific to crypt (Encrypt/Decrypt a remote).
+Session Token.
 
-#### --crypt-remote
+This is a session token which rclone caches in the config file. It is
+usually valid for 1 hour.
 
-Remote to encrypt/decrypt.
+Don't set this value - rclone will set it automatically.
 
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
 
 Properties:
 
-- Config:      remote
-- Env Var:     RCLONE_CRYPT_REMOTE
+- Config:      token
+- Env Var:     RCLONE_FILEFABRIC_TOKEN
 - Type:        string
-- Required:    true
+- Required:    false
 
-#### --crypt-filename-encryption
+#### --filefabric-token-expiry
+
+Token expiry time.
+
+Don't set this value - rclone will set it automatically.
 
-How to encrypt the filenames.
 
 Properties:
 
-- Config:      filename_encryption
-- Env Var:     RCLONE_CRYPT_FILENAME_ENCRYPTION
+- Config:      token_expiry
+- Env Var:     RCLONE_FILEFABRIC_TOKEN_EXPIRY
 - Type:        string
-- Default:     "standard"
-- Examples:
-    - "standard"
-        - Encrypt the filenames.
-        - See the docs for the details.
-    - "obfuscate"
-        - Very simple filename obfuscation.
-    - "off"
-        - Don't encrypt the file names.
-        - Adds a ".bin" extension only.
+- Required:    false
 
-#### --crypt-directory-name-encryption
+#### --filefabric-version
 
-Option to either encrypt directory names or leave them intact.
+Version read from the file fabric.
+
+Don't set this value - rclone will set it automatically.
 
-NB If filename_encryption is "off" then this option will do nothing.
 
 Properties:
 
-- Config:      directory_name_encryption
-- Env Var:     RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
-- Type:        bool
-- Default:     true
-- Examples:
-    - "true"
-        - Encrypt directory names.
-    - "false"
-        - Don't encrypt directory names, leave them intact.
+- Config:      version
+- Env Var:     RCLONE_FILEFABRIC_VERSION
+- Type:        string
+- Required:    false
 
-#### --crypt-password
+#### --filefabric-encoding
 
-Password or pass phrase for encryption.
+The encoding for the backend.
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
 Properties:
 
-- Config:      password
-- Env Var:     RCLONE_CRYPT_PASSWORD
-- Type:        string
-- Required:    true
+- Config:      encoding
+- Env Var:     RCLONE_FILEFABRIC_ENCODING
+- Type:        Encoding
+- Default:     Slash,Del,Ctl,InvalidUtf8,Dot
 
-#### --crypt-password2
 
-Password or pass phrase for salt.
 
-Optional but recommended.
-Should be different to the previous password.
+#  FTP
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+FTP is the File Transfer Protocol. Rclone FTP support is provided using the
+[github.com/jlaffaye/ftp](https://godoc.org/github.com/jlaffaye/ftp)
+package.
 
-Properties:
+[Limitations of Rclone's FTP backend](#limitations)
 
-- Config:      password2
-- Env Var:     RCLONE_CRYPT_PASSWORD2
-- Type:        string
-- Required:    false
+Paths are specified as `remote:path`. If the path does not begin with
+a `/` it is relative to the home directory of the user.  An empty path
+`remote:` refers to the user's home directory.
 
-### Advanced options
+## Configuration
 
-Here are the Advanced options specific to crypt (Encrypt/Decrypt a remote).
+To create an FTP configuration named `remote`, run
 
-#### --crypt-server-side-across-configs
+    rclone config
 
-Allow server-side operations (e.g. copy) to work across different crypt configs.
+Rclone config guides you through an interactive setup process. A minimal
+rclone FTP remote definition only requires host, username and password.
+For an anonymous FTP server, see [below](#anonymous-ftp).
 
-Normally this option is not what you want, but if you have two crypts
-pointing to the same backend you can use it.
+```
+No remotes found, make a new one?
+n) New remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+n/r/c/s/q> n
+name> remote
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+[snip]
+XX / FTP
+   \ "ftp"
+[snip]
+Storage> ftp
+** See help for ftp backend at: https://rclone.org/ftp/ **
 
-This can be used, for example, to change file name encryption type
-without re-uploading all the data. Just make two crypt backends
-pointing to two different directories with the single changed
-parameter and use rclone move to move the files between the crypt
-remotes.
+FTP host to connect to
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Connect to ftp.example.com
+   \ "ftp.example.com"
+host> ftp.example.com
+FTP username
+Enter a string value. Press Enter for the default ("$USER").
+user> 
+FTP port number
+Enter a signed integer. Press Enter for the default (21).
+port> 
+FTP password
+y) Yes type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Use FTP over TLS (Implicit)
+Enter a boolean value (true or false). Press Enter for the default ("false").
+tls> 
+Use FTP over TLS (Explicit)
+Enter a boolean value (true or false). Press Enter for the default ("false").
+explicit_tls> 
+Remote config
+--------------------
+[remote]
+type = ftp
+host = ftp.example.com
+pass = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-Properties:
+To see all directories in the home directory of `remote`
 
-- Config:      server_side_across_configs
-- Env Var:     RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
-- Type:        bool
-- Default:     false
+    rclone lsd remote:
 
-#### --crypt-show-mapping
+Make a new directory
 
-For all files listed show how the names encrypt.
+    rclone mkdir remote:path/to/directory
 
-If this flag is set then for each file that the remote is asked to
-list, it will log (at level INFO) a line stating the decrypted file
-name and the encrypted file name.
+List the contents of a directory
 
-This is so you can work out which encrypted names are which decrypted
-names just in case you need to do something with the encrypted file
-names, or for debugging purposes.
+    rclone ls remote:path/to/directory
 
-Properties:
+Sync `/home/local/directory` to the remote directory, deleting any
+excess files in the directory.
 
-- Config:      show_mapping
-- Env Var:     RCLONE_CRYPT_SHOW_MAPPING
-- Type:        bool
-- Default:     false
+    rclone sync --interactive /home/local/directory remote:directory
 
-#### --crypt-no-data-encryption
+### Anonymous FTP
 
-Option to either encrypt file data or leave it unencrypted.
+When connecting to a FTP server that allows anonymous login, you can use the
+special "anonymous" username. Traditionally, this user account accepts any
+string as a password, although it is common to use either the password
+"anonymous" or "guest". Some servers require the use of a valid e-mail
+address as password.
 
-Properties:
+Using [on-the-fly](#backend-path-to-dir) or
+[connection string](https://rclone.org/docs/#connection-strings) remotes makes it easy to access
+such servers, without requiring any configuration in advance. The following
+are examples of that:
 
-- Config:      no_data_encryption
-- Env Var:     RCLONE_CRYPT_NO_DATA_ENCRYPTION
-- Type:        bool
-- Default:     false
-- Examples:
-    - "true"
-        - Don't encrypt file data, leave it unencrypted.
-    - "false"
-        - Encrypt file data.
+    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
+    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):
 
-#### --crypt-filename-encoding
+The above examples work in Linux shells and in PowerShell, but not Windows
+Command Prompt. They execute the [rclone obscure](https://rclone.org/commands/rclone_obscure/)
+command to create a password string in the format required by the
+[pass](#ftp-pass) option. The following examples are exactly the same, except use
+an already obscured string representation of the same password "dummy", and
+therefore works even in Windows Command Prompt:
 
-How to encode the encrypted filename to text string.
+    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
+    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:
 
-This option could help with shortening the encrypted filename. The 
-suitable option would depend on the way your remote count the filename
-length and if it's case sensitive.
+### Implicit TLS
 
-Properties:
+Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to
+be enabled in the FTP backend config for the remote, or with
+[`--ftp-tls`](#ftp-tls). The default FTPS port is `990`, not `21` and
+can be set with [`--ftp-port`](#ftp-port).
 
-- Config:      filename_encoding
-- Env Var:     RCLONE_CRYPT_FILENAME_ENCODING
-- Type:        string
-- Default:     "base32"
-- Examples:
-    - "base32"
-        - Encode using base32. Suitable for all remote.
-    - "base64"
-        - Encode using base64. Suitable for case sensitive remote.
-    - "base32768"
-        - Encode using base32768. Suitable if your remote counts UTF-16 or
-        - Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive)
+### Restricted filename characters
 
-### Metadata
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
 
-Any metadata supported by the underlying remote is read and written.
+File names cannot end with the following characters. Replacement is
+limited to the last character in a file name:
 
-See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | ␠           |
 
-## Backend commands
+Not all FTP servers can have all characters in file names, for example:
 
-Here are the commands specific to the crypt backend.
+| FTP Server| Forbidden characters |
+| --------- |:--------------------:|
+| proftpd   | `*`                  |
+| pureftpd  | `\ [ ]`              |
 
-Run them with
+This backend's interactive configuration wizard provides a selection of
+sensible encoding settings for major FTP servers: ProFTPd, PureFTPd, VsFTPd.
+Just hit a selection number when prompted.
 
-    rclone backend COMMAND remote:
 
-The help below will explain what arguments each command takes.
+### Standard options
 
-See the [backend](https://rclone.org/commands/rclone_backend/) command for more
-info on how to pass options and arguments.
+Here are the Standard options specific to ftp (FTP).
 
-These can be run on a running backend using the rc command
-[backend/command](https://rclone.org/rc/#backend-command).
+#### --ftp-host
 
-### encode
+FTP host to connect to.
 
-Encode the given filename(s)
+E.g. "ftp.example.com".
 
-    rclone backend encode remote: [options] [<arguments>+]
+Properties:
 
-This encodes the filenames given as arguments returning a list of
-strings of the encoded results.
+- Config:      host
+- Env Var:     RCLONE_FTP_HOST
+- Type:        string
+- Required:    true
 
-Usage Example:
+#### --ftp-user
 
-    rclone backend encode crypt: file1 [file2...]
-    rclone rc backend/command command=encode fs=crypt: file1 [file2...]
+FTP username.
 
+Properties:
 
-### decode
+- Config:      user
+- Env Var:     RCLONE_FTP_USER
+- Type:        string
+- Default:     "$USER"
 
-Decode the given filename(s)
+#### --ftp-port
 
-    rclone backend decode remote: [options] [<arguments>+]
+FTP port number.
 
-This decodes the filenames given as arguments returning a list of
-strings of the decoded results. It will return an error if any of the
-inputs are invalid.
+Properties:
 
-Usage Example:
+- Config:      port
+- Env Var:     RCLONE_FTP_PORT
+- Type:        int
+- Default:     21
 
-    rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
-    rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
+#### --ftp-pass
 
+FTP password.
 
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
+Properties:
 
-## Backing up a crypted remote
+- Config:      pass
+- Env Var:     RCLONE_FTP_PASS
+- Type:        string
+- Required:    false
 
-If you wish to backup a crypted remote, it is recommended that you use
-`rclone sync` on the encrypted files, and make sure the passwords are
-the same in the new encrypted remote.
+#### --ftp-tls
 
-This will have the following advantages
+Use Implicit FTPS (FTP over TLS).
 
-  * `rclone sync` will check the checksums while copying
-  * you can use `rclone check` between the encrypted remotes
-  * you don't decrypt and encrypt unnecessarily
+When using implicit FTP over TLS the client connects using TLS
+right from the start which breaks compatibility with
+non-TLS-aware servers. This is usually served over port 990 rather
+than port 21. Cannot be used in combination with explicit FTPS.
 
-For example, let's say you have your original remote at `remote:` with
-the encrypted version at `eremote:` with path `remote:crypt`.  You
-would then set up the new remote `remote2:` and then the encrypted
-version `eremote2:` with path `remote2:crypt` using the same passwords
-as `eremote:`.
+Properties:
 
-To sync the two remotes you would do
+- Config:      tls
+- Env Var:     RCLONE_FTP_TLS
+- Type:        bool
+- Default:     false
 
-    rclone sync --interactive remote:crypt remote2:crypt
+#### --ftp-explicit-tls
 
-And to check the integrity you would do
+Use Explicit FTPS (FTP over TLS).
 
-    rclone check remote:crypt remote2:crypt
+When using explicit FTP over TLS the client explicitly requests
+security from the server in order to upgrade a plain text connection
+to an encrypted one. Cannot be used in combination with implicit FTPS.
 
-## File formats
+Properties:
 
-### File encryption
+- Config:      explicit_tls
+- Env Var:     RCLONE_FTP_EXPLICIT_TLS
+- Type:        bool
+- Default:     false
 
-Files are encrypted 1:1 source file to destination object.  The file
-has a header and is divided into chunks.
+### Advanced options
 
-#### Header
+Here are the Advanced options specific to ftp (FTP).
 
-  * 8 bytes magic string `RCLONE\x00\x00`
-  * 24 bytes Nonce (IV)
+#### --ftp-concurrency
 
-The initial nonce is generated from the operating systems crypto
-strong random number generator.  The nonce is incremented for each
-chunk read making sure each nonce is unique for each block written.
-The chance of a nonce being re-used is minuscule.  If you wrote an
-exabyte of data (10¹⁸ bytes) you would have a probability of
-approximately 2×10⁻³² of re-using a nonce.
+Maximum number of FTP simultaneous connections, 0 for unlimited.
 
-#### Chunk
+Note that setting this is very likely to cause deadlocks so it should
+be used with care.
 
-Each chunk will contain 64 KiB of data, except for the last one which
-may have less data. The data chunk is in standard NaCl SecretBox
-format. SecretBox uses XSalsa20 and Poly1305 to encrypt and
-authenticate messages.
+If you are doing a sync or copy then make sure concurrency is one more
+than the sum of `--transfers` and `--checkers`.
 
-Each chunk contains:
+If you use `--check-first` then it just needs to be one more than the
+maximum of `--checkers` and `--transfers`.
 
-  * 16 Bytes of Poly1305 authenticator
-  * 1 - 65536 bytes XSalsa20 encrypted data
+So for `concurrency 3` you'd use `--checkers 2 --transfers 2
+--check-first` or `--checkers 1 --transfers 1`.
 
-64k chunk size was chosen as the best performing chunk size (the
-authenticator takes too much time below this and the performance drops
-off due to cache effects above this).  Note that these chunks are
-buffered in memory so they can't be too big.
 
-This uses a 32 byte (256 bit key) key derived from the user password.
 
-#### Examples
+Properties:
 
-1 byte file will encrypt to
+- Config:      concurrency
+- Env Var:     RCLONE_FTP_CONCURRENCY
+- Type:        int
+- Default:     0
 
-  * 32 bytes header
-  * 17 bytes data chunk
+#### --ftp-no-check-certificate
 
-49 bytes total
+Do not verify the TLS certificate of the server.
 
-1 MiB (1048576 bytes) file will encrypt to
+Properties:
 
-  * 32 bytes header
-  * 16 chunks of 65568 bytes
+- Config:      no_check_certificate
+- Env Var:     RCLONE_FTP_NO_CHECK_CERTIFICATE
+- Type:        bool
+- Default:     false
 
-1049120 bytes total (a 0.05% overhead). This is the overhead for big
-files.
+#### --ftp-disable-epsv
 
-### Name encryption
+Disable using EPSV even if server advertises support.
 
-File names are encrypted segment by segment - the path is broken up
-into `/` separated strings and these are encrypted individually.
+Properties:
 
-File segments are padded using PKCS#7 to a multiple of 16 bytes
-before encryption.
+- Config:      disable_epsv
+- Env Var:     RCLONE_FTP_DISABLE_EPSV
+- Type:        bool
+- Default:     false
 
-They are then encrypted with EME using AES with 256 bit key. EME
-(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
-paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway.
+#### --ftp-disable-mlsd
 
-This makes for deterministic encryption which is what we want - the
-same filename must encrypt to the same thing otherwise we can't find
-it on the cloud storage system.
+Disable using MLSD even if server advertises support.
 
-This means that
+Properties:
 
-  * filenames with the same name will encrypt the same
-  * filenames which start the same won't have a common prefix
+- Config:      disable_mlsd
+- Env Var:     RCLONE_FTP_DISABLE_MLSD
+- Type:        bool
+- Default:     false
 
-This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of
-which are derived from the user password.
+#### --ftp-disable-utf8
 
-After encryption they are written out using a modified version of
-standard `base32` encoding as described in RFC4648.  The standard
-encoding is modified in two ways:
+Disable using UTF-8 even if server advertises support.
 
-  * it becomes lower case (no-one likes upper case filenames!)
-  * we strip the padding character `=`
+Properties:
 
-`base32` is used rather than the more efficient `base64` so rclone can be
-used on case insensitive remotes (e.g. Windows, Amazon Drive).
+- Config:      disable_utf8
+- Env Var:     RCLONE_FTP_DISABLE_UTF8
+- Type:        bool
+- Default:     false
 
-### Key derivation
+#### --ftp-writing-mdtm
 
-Rclone uses `scrypt` with parameters `N=16384, r=8, p=1` with an
-optional user supplied salt (password2) to derive the 32+32+16 = 80
-bytes of key material required.  If the user doesn't supply a salt
-then rclone uses an internal one.
+Use MDTM to set modification time (VsFtpd quirk)
 
-`scrypt` makes it impractical to mount a dictionary attack on rclone
-encrypted data.  For full protection against this you should always use
-a salt.
+Properties:
 
-## SEE ALSO
+- Config:      writing_mdtm
+- Env Var:     RCLONE_FTP_WRITING_MDTM
+- Type:        bool
+- Default:     false
 
-* [rclone cryptdecode](https://rclone.org/commands/rclone_cryptdecode/)    - Show forward/reverse mapping of encrypted filenames
+#### --ftp-force-list-hidden
 
-#  Compress
+Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD.
 
-## Warning
+Properties:
 
-This remote is currently **experimental**. Things may break and data may be lost. Anything you do with this remote is
-at your own risk. Please understand the risks associated with using experimental code and don't use this remote in
-critical applications.
+- Config:      force_list_hidden
+- Env Var:     RCLONE_FTP_FORCE_LIST_HIDDEN
+- Type:        bool
+- Default:     false
 
-The `Compress` remote adds compression to another remote. It is best used with remotes containing
-many large compressible files.
+#### --ftp-idle-timeout
 
-## Configuration
+Max time before closing idle connections.
 
-To use this remote, all you need to do is specify another remote and a compression mode to use:
+If no connections have been returned to the connection pool in the time
+given, rclone will empty the connection pool.
 
-```
-Current remotes:
+Set to 0 to keep connections indefinitely.
 
-Name                 Type
-====                 ====
-remote_to_press      sometype
 
-e) Edit existing remote
-$ rclone config
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> n
-name> compress
-...
- 8 / Compress a remote
-   \ "compress"
-...
-Storage> compress
-** See help for compress backend at: https://rclone.org/compress/ **
+Properties:
 
-Remote to compress.
-Enter a string value. Press Enter for the default ("").
-remote> remote_to_press:subdir 
-Compression mode.
-Enter a string value. Press Enter for the default ("gzip").
-Choose a number from below, or type in your own value
- 1 / Gzip compression balanced for speed and compression strength.
-   \ "gzip"
-compression_mode> gzip
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
---------------------
-[compress]
-type = compress
-remote = remote_to_press:subdir
-compression_mode = gzip
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+- Config:      idle_timeout
+- Env Var:     RCLONE_FTP_IDLE_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
 
-### Compression Modes
+#### --ftp-close-timeout
 
-Currently only gzip compression is supported. It provides a decent balance between speed and size and is well
-supported by other applications. Compression strength can further be configured via an advanced setting where 0 is no
-compression and 9 is strongest compression.
+Maximum time to wait for a response to close.
 
-### File types
+Properties:
 
-If you open a remote wrapped by compress, you will see that there are many files with an extension corresponding to
-the compression algorithm you chose. These files are standard files that can be opened by various archive programs, 
-but they have some hidden metadata that allows them to be used by rclone.
-While you may download and decompress these files at will, do **not** manually delete or rename files. Files without
-correct metadata files will not be recognized by rclone.
+- Config:      close_timeout
+- Env Var:     RCLONE_FTP_CLOSE_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
 
-### File names
+#### --ftp-tls-cache-size
 
-The compressed files will be named `*.###########.gz` where `*` is the base file and the `#` part is base64 encoded 
-size of the uncompressed file. The file names should not be changed by anything other than the rclone compression backend.
+Size of TLS session cache for all control and data connections.
 
+TLS cache allows to resume TLS sessions and reuse PSK between connections.
+Increase if default size is not enough resulting in TLS resumption errors.
+Enabled by default. Use 0 to disable.
 
-### Standard options
+Properties:
 
-Here are the Standard options specific to compress (Compress a remote).
+- Config:      tls_cache_size
+- Env Var:     RCLONE_FTP_TLS_CACHE_SIZE
+- Type:        int
+- Default:     32
 
-#### --compress-remote
+#### --ftp-disable-tls13
 
-Remote to compress.
+Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
 
 Properties:
 
-- Config:      remote
-- Env Var:     RCLONE_COMPRESS_REMOTE
-- Type:        string
-- Required:    true
+- Config:      disable_tls13
+- Env Var:     RCLONE_FTP_DISABLE_TLS13
+- Type:        bool
+- Default:     false
 
-#### --compress-mode
+#### --ftp-shut-timeout
 
-Compression mode.
+Maximum time to wait for data connection closing status.
 
 Properties:
 
-- Config:      mode
-- Env Var:     RCLONE_COMPRESS_MODE
-- Type:        string
-- Default:     "gzip"
-- Examples:
-    - "gzip"
-        - Standard gzip compression with fastest parameters.
+- Config:      shut_timeout
+- Env Var:     RCLONE_FTP_SHUT_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
 
-### Advanced options
+#### --ftp-ask-password
 
-Here are the Advanced options specific to compress (Compress a remote).
+Allow asking for FTP password when needed.
 
-#### --compress-level
+If this is set and no password is supplied then rclone will ask for a password
 
-GZIP compression level (-2 to 9).
 
-Generally -1 (default, equivalent to 5) is recommended.
-Levels 1 to 9 increase compression at the cost of speed. Going past 6 
-generally offers very little return.
+Properties:
 
-Level -2 uses Huffman encoding only. Only use if you know what you
-are doing.
-Level 0 turns off compression.
+- Config:      ask_password
+- Env Var:     RCLONE_FTP_ASK_PASSWORD
+- Type:        bool
+- Default:     false
+
+#### --ftp-socks-proxy
+
+Socks 5 proxy host.
+		
+		Supports the format user:pass@host:port, user@host:port, host:port.
+		
+		Example:
+		
+			myUser:myPass@localhost:9005
+		
 
 Properties:
 
-- Config:      level
-- Env Var:     RCLONE_COMPRESS_LEVEL
-- Type:        int
-- Default:     -1
+- Config:      socks_proxy
+- Env Var:     RCLONE_FTP_SOCKS_PROXY
+- Type:        string
+- Required:    false
 
-#### --compress-ram-cache-limit
+#### --ftp-encoding
 
-Some remotes don't allow the upload of files with unknown size.
-In this case the compressed file will need to be cached to determine
-it's size.
+The encoding for the backend.
 
-Files smaller than this limit will be cached in RAM, files larger than 
-this limit will be cached on disk.
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
 Properties:
 
-- Config:      ram_cache_limit
-- Env Var:     RCLONE_COMPRESS_RAM_CACHE_LIMIT
-- Type:        SizeSuffix
-- Default:     20Mi
+- Config:      encoding
+- Env Var:     RCLONE_FTP_ENCODING
+- Type:        Encoding
+- Default:     Slash,Del,Ctl,RightSpace,Dot
+- Examples:
+    - "Asterisk,Ctl,Dot,Slash"
+        - ProFTPd can't handle '*' in file names
+    - "BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket"
+        - PureFTPd can't handle '[]' or '*' in file names
+    - "Ctl,LeftPeriod,Slash"
+        - VsFTPd can't handle file names starting with dot
 
-### Metadata
 
-Any metadata supported by the underlying remote is read and written.
 
-See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+## Limitations
+
+FTP servers acting as rclone remotes must support `passive` mode.
+The mode cannot be configured as `passive` is the only supported one.
+Rclone's FTP implementation is not compatible with `active` mode
+as [the library it uses doesn't support it](https://github.com/jlaffaye/ftp/issues/29).
+This will likely never be supported due to security concerns.
 
+Rclone's FTP backend does not support any checksums but can compare
+file sizes.
 
+`rclone about` is not supported by the FTP backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
 
-#  Combine
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-The `combine` backend joins remotes together into a single directory
-tree.
+The implementation of : `--dump headers`,
+`--dump bodies`, `--dump auth` for debugging isn't the same as
+for rclone HTTP based backends - it has less fine grained control.
 
-For example you might have a remote for images on one provider:
+`--timeout` isn't supported (but `--contimeout` is).
 
-```
-$ rclone tree s3:imagesbucket
-/
-├── image1.jpg
-└── image2.jpg
-```
+`--bind` isn't supported.
 
-And a remote for files on another:
+Rclone's FTP backend could support server-side move but does not
+at present.
 
-```
-$ rclone tree drive:important/files
-/
-├── file1.txt
-└── file2.txt
-```
+The `ftp_proxy` environment variable is not currently supported.
 
-The `combine` backend can join these together into a synthetic
-directory structure like this:
+### Modification times
 
-```
-$ rclone tree combined:
-/
-├── files
-│   ├── file1.txt
-│   └── file2.txt
-└── images
-    ├── image1.jpg
-    └── image2.jpg
-```
+File modification time (timestamps) is supported to 1 second resolution
+for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP server.
+The `VsFTPd` server has non-standard implementation of time related protocol
+commands and needs a special configuration setting: `writing_mdtm = true`.
 
-You'd do this by specifying an `upstreams` parameter in the config
-like this
+Support for precise file time with other FTP servers varies depending on what
+protocol extensions they advertise. If all the `MLSD`, `MDTM` and `MFTM`
+extensions are present, rclone will use them together to provide precise time.
+Otherwise the times you see on the FTP server through rclone are those of the
+last file upload.
 
-    upstreams = images=s3:imagesbucket files=drive:important/files
+You can use the following command to check whether rclone can use precise time
+with your FTP server: `rclone backend features your_ftp_remote:` (the trailing
+colon is important). Look for the number in the line tagged by `Precision`
+designating the remote time precision expressed as nanoseconds. A value of
+`1000000000` means that file time precision of 1 second is available.
+A value of `3153600000000000000` (or another large number) means "unsupported".
 
-During the initial setup with `rclone config` you will specify the
-upstreams remotes as a space separated list. The upstream remotes can
-either be a local paths or other remotes.
+#  Google Cloud Storage
+
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
 
 ## Configuration
 
-Here is an example of how to make a combine called `remote` for the
-example above. First run:
+The initial setup for google cloud storage involves getting a token from Google Cloud Storage
+which you need to do in your browser.  `rclone config` walks you
+through it.
+
+Here is an example of how to make a remote called `remote`.  First run:
 
      rclone config
 
 This will guide you through an interactive setup process:
 
 ```
-No remotes found, make a new one?
 n) New remote
-s) Set configuration password
+d) Delete remote
 q) Quit config
-n/s/q> n
+e/n/d/q> n
 name> remote
-Option Storage.
 Type of storage to configure.
-Choose a number from below, or type in your own value.
-...
-XX / Combine several remotes into one
-   \ (combine)
-...
-Storage> combine
-Option upstreams.
-Upstreams for combining
-These should be in the form
-    dir=remote:path dir2=remote2:path
-Where before the = is specified the root directory and after is the remote to
-put there.
-Embedded spaces can be added using quotes
-    "dir=remote:path with space" "dir2=remote2:path with space"
-Enter a fs.SpaceSepList value.
-upstreams> images=s3:imagesbucket files=drive:important/files
+Choose a number from below, or type in your own value
+[snip]
+XX / Google Cloud Storage (this is not Google Drive)
+   \ "google cloud storage"
+[snip]
+Storage> google cloud storage
+Google Application Client Id - leave blank normally.
+client_id>
+Google Application Client Secret - leave blank normally.
+client_secret>
+Project number optional - needed only for list/create/delete buckets - see your developer console.
+project_number> 12345678
+Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
+service_account_file>
+Access Control List for new objects.
+Choose a number from below, or type in your own value
+ 1 / Object owner gets OWNER access, and all Authenticated Users get READER access.
+   \ "authenticatedRead"
+ 2 / Object owner gets OWNER access, and project team owners get OWNER access.
+   \ "bucketOwnerFullControl"
+ 3 / Object owner gets OWNER access, and project team owners get READER access.
+   \ "bucketOwnerRead"
+ 4 / Object owner gets OWNER access [default if left blank].
+   \ "private"
+ 5 / Object owner gets OWNER access, and project team members get access according to their roles.
+   \ "projectPrivate"
+ 6 / Object owner gets OWNER access, and all Users get READER access.
+   \ "publicRead"
+object_acl> 4
+Access Control List for new buckets.
+Choose a number from below, or type in your own value
+ 1 / Project team owners get OWNER access, and all Authenticated Users get READER access.
+   \ "authenticatedRead"
+ 2 / Project team owners get OWNER access [default if left blank].
+   \ "private"
+ 3 / Project team members get access according to their roles.
+   \ "projectPrivate"
+ 4 / Project team owners get OWNER access, and all Users get READER access.
+   \ "publicRead"
+ 5 / Project team owners get OWNER access, and all Users get WRITER access.
+   \ "publicReadWrite"
+bucket_acl> 2
+Location for the newly created buckets.
+Choose a number from below, or type in your own value
+ 1 / Empty for default location (US).
+   \ ""
+ 2 / Multi-regional location for Asia.
+   \ "asia"
+ 3 / Multi-regional location for Europe.
+   \ "eu"
+ 4 / Multi-regional location for United States.
+   \ "us"
+ 5 / Taiwan.
+   \ "asia-east1"
+ 6 / Tokyo.
+   \ "asia-northeast1"
+ 7 / Singapore.
+   \ "asia-southeast1"
+ 8 / Sydney.
+   \ "australia-southeast1"
+ 9 / Belgium.
+   \ "europe-west1"
+10 / London.
+   \ "europe-west2"
+11 / Iowa.
+   \ "us-central1"
+12 / South Carolina.
+   \ "us-east1"
+13 / Northern Virginia.
+   \ "us-east4"
+14 / Oregon.
+   \ "us-west1"
+location> 12
+The storage class to use when storing objects in Google Cloud Storage.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \ ""
+ 2 / Multi-regional storage class
+   \ "MULTI_REGIONAL"
+ 3 / Regional storage class
+   \ "REGIONAL"
+ 4 / Nearline storage class
+   \ "NEARLINE"
+ 5 / Coldline storage class
+   \ "COLDLINE"
+ 6 / Durable reduced availability storage class
+   \ "DURABLE_REDUCED_AVAILABILITY"
+storage_class> 5
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes
+n) No
+y/n> y
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
 --------------------
 [remote]
-type = combine
-upstreams = images=s3:imagesbucket files=drive:important/files
+type = google cloud storage
+client_id =
+client_secret =
+token = {"AccessToken":"xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx","Expiry":"2014-07-17T20:49:14.929208288+01:00","Extra":null}
+project_number = 12345678
+object_acl = private
+bucket_acl = private
 --------------------
-y) Yes this is OK (default)
+y) Yes this is OK
 e) Edit this remote
 d) Delete this remote
 y/e/d> y
 ```
 
-### Configuring for Google Drive Shared Drives
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
 
-Rclone has a convenience feature for making a combine backend for all
-the shared drives you have access to.
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Google if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and this
+it may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
 
-Assuming your main (non shared drive) Google drive remote is called
-`drive:` you would run
+This remote is called `remote` and can now be used like this
 
-    rclone backend -o config drives drive:
+See all the buckets in your project
 
-This would produce something like this:
+    rclone lsd remote:
 
-    [My Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+Make a new bucket
 
-    [Test Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+    rclone mkdir remote:bucket
 
-    [AllDrives]
-    type = combine
-    upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
+List the contents of a bucket
 
-If you then add that config to your config file (find it with `rclone
-config file`) then you can access all the shared drives in one place
-with the `AllDrives:` remote.
+    rclone ls remote:bucket
 
-See [the Google Drive docs](https://rclone.org/drive/#drives) for full info.
+Sync `/home/local/directory` to the remote bucket, deleting any excess
+files in the bucket.
 
+    rclone sync --interactive /home/local/directory remote:bucket
 
-### Standard options
+### Service Account support
 
-Here are the Standard options specific to combine (Combine several remotes into one).
+You can set up rclone with Google Cloud Storage in an unattended mode,
+i.e. not tied to a specific end-user Google account. This is useful
+when you want to synchronise files onto machines that don't have
+actively logged-in users, for example build machines.
 
-#### --combine-upstreams
+To get credentials for Google Cloud Platform
+[IAM Service Accounts](https://cloud.google.com/iam/docs/service-accounts),
+please head to the
+[Service Account](https://console.cloud.google.com/permissions/serviceaccounts)
+section of the Google Developer Console. Service Accounts behave just
+like normal `User` permissions in
+[Google Cloud Storage ACLs](https://cloud.google.com/storage/docs/access-control),
+so you can limit their access (e.g. make them read only). After
+creating an account, a JSON file containing the Service Account's
+credentials will be downloaded onto your machines. These credentials
+are what rclone will use for authentication.
 
-Upstreams for combining
+To use a Service Account instead of OAuth2 token flow, enter the path
+to your Service Account credentials at the `service_account_file`
+prompt and rclone won't use the browser based authentication
+flow. If you'd rather stuff the contents of the credentials file into
+the rclone config file, you can set `service_account_credentials` with
+the actual contents of the file instead, or set the equivalent
+environment variable.
 
-These should be in the form
+### Anonymous Access
 
-    dir=remote:path dir2=remote2:path
+For downloads of objects that permit public access you can configure rclone
+to use anonymous access by setting `anonymous` to `true`.
+With unauthorized access you can't write or create files but only read or list
+those buckets and objects that have public read access.
 
-Where before the = is specified the root directory and after is the remote to
-put there.
+### Application Default Credentials
 
-Embedded spaces can be added using quotes
+If no other source of credentials is provided, rclone will fall back
+to
+[Application Default Credentials](https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials)
+this is useful both when you already have configured authentication
+for your developer account, or in production when running on a google
+compute host. Note that if running in docker, you may need to run
+additional commands on your google compute machine -
+[see this page](https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper).
 
-    "dir=remote:path with space" "dir2=remote2:path with space"
+Note that in the case application default credentials are used, there
+is no need to explicitly configure a project number.
 
+### --fast-list
 
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
 
-Properties:
+### Custom upload headers
 
-- Config:      upstreams
-- Env Var:     RCLONE_COMBINE_UPSTREAMS
-- Type:        SpaceSepList
-- Default:     
+You can set custom upload headers with the `--header-upload`
+flag. Google Cloud Storage supports the headers as described in the
+[working with metadata documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WorkingWithObjectMetadata)
 
-### Metadata
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+- X-Goog-Storage-Class
+- X-Goog-Meta-
 
-Any metadata supported by the underlying remote is read and written.
+Eg `--header-upload "Content-Type text/potato"`
 
-See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+Note that the last of these is for setting custom metadata in the form
+`--header-upload "x-goog-meta-key: value"`
 
+### Modification times
 
+Google Cloud Storage stores md5sum natively.
+Google's [gsutil](https://cloud.google.com/storage/docs/gsutil) tool stores modification time
+with one-second precision as `goog-reserved-file-mtime` in file metadata.
 
-#  Dropbox
+To ensure compatibility with gsutil, rclone stores modification time in 2 separate metadata entries.
+`mtime` uses RFC3339 format with one-nanosecond precision.
+`goog-reserved-file-mtime` uses Unix timestamp format with one-second precision.
+To get modification time from object metadata, rclone reads the metadata in the following order: `mtime`, `goog-reserved-file-mtime`, object updated time.
 
-Paths are specified as `remote:path`
+Note that rclone's default modify window is 1ns.
+Files uploaded by gsutil only contain timestamps with one-second precision.
+If you use rclone to sync files previously uploaded by gsutil,
+rclone will attempt to update modification time for all these files.
+To avoid these possibly unnecessary updates, use `--modify-window 1s`.
 
-Dropbox paths may be as deep as required, e.g.
-`remote:directory/subdirectory`.
+### Restricted filename characters
 
-## Configuration
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| LF        | 0x0A  | ␊           |
+| CR        | 0x0D  | ␍           |
+| /         | 0x2F  | ／          |
 
-The initial setup for dropbox involves getting a token from Dropbox
-which you need to do in your browser.  `rclone config` walks you
-through it.
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-Here is an example of how to make a remote called `remote`.  First run:
 
-     rclone config
+### Standard options
 
-This will guide you through an interactive setup process:
+Here are the Standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
 
-```
-n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Dropbox
-   \ "dropbox"
-[snip]
-Storage> dropbox
-Dropbox App Key - leave blank normally.
-app_key>
-Dropbox App Secret - leave blank normally.
-app_secret>
-Remote config
-Please visit:
-https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&response_type=code
-Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX
---------------------
-[remote]
-app_key =
-app_secret =
-token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+#### --gcs-client-id
 
-See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
-machine with no Internet browser available.
+OAuth Client Id.
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Dropbox. This only
-runs from the moment it opens your browser to the moment you get back
-the verification code.  This is on `http://127.0.0.1:53682/` and it
-may require you to unblock it temporarily if you are running a host
-firewall, or use manual mode.
+Leave blank normally.
 
-You can then use it like this,
+Properties:
 
-List directories in top level of your dropbox
+- Config:      client_id
+- Env Var:     RCLONE_GCS_CLIENT_ID
+- Type:        string
+- Required:    false
 
-    rclone lsd remote:
+#### --gcs-client-secret
 
-List all the files in your dropbox
+OAuth Client Secret.
 
-    rclone ls remote:
+Leave blank normally.
 
-To copy a local directory to a dropbox directory called backup
+Properties:
 
-    rclone copy /home/source remote:backup
+- Config:      client_secret
+- Env Var:     RCLONE_GCS_CLIENT_SECRET
+- Type:        string
+- Required:    false
 
-### Dropbox for business
+#### --gcs-project-number
 
-Rclone supports Dropbox for business and Team Folders.
+Project number.
 
-When using Dropbox for business `remote:` and `remote:path/to/file`
-will refer to your personal folder.
+Optional - needed only for list/create/delete buckets - see your developer console.
 
-If you wish to see Team Folders you must use a leading `/` in the
-path, so `rclone lsd remote:/` will refer to the root and show you all
-Team Folders and your User Folder.
+Properties:
 
-You can then use team folders like this `remote:/TeamFolder` and
-`remote:/TeamFolder/path/to/file`.
+- Config:      project_number
+- Env Var:     RCLONE_GCS_PROJECT_NUMBER
+- Type:        string
+- Required:    false
 
-A leading `/` for a Dropbox personal account will do nothing, but it
-will take an extra HTTP transaction so it should be avoided.
+#### --gcs-user-project
 
-### Modified time and Hashes
+User project.
 
-Dropbox supports modified times, but the only way to set a
-modification time is to re-upload the file.
+Optional - needed only for requester pays.
 
-This means that if you uploaded your data with an older version of
-rclone which didn't support the v2 API and modified times, rclone will
-decide to upload all your old data to fix the modification times.  If
-you don't want this to happen use `--size-only` or `--checksum` flag
-to stop it.
+Properties:
 
-Dropbox supports [its own hash
-type](https://www.dropbox.com/developers/reference/content-hash) which
-is checked for all transfers.
+- Config:      user_project
+- Env Var:     RCLONE_GCS_USER_PROJECT
+- Type:        string
+- Required:    false
 
-### Restricted filename characters
+#### --gcs-service-account-file
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| NUL       | 0x00  | ␀           |
-| /         | 0x2F  | ／           |
-| DEL       | 0x7F  | ␡           |
-| \         | 0x5C  | ＼           |
+Service Account Credentials JSON file path.
 
-File names can also not end with the following characters.
-These only get replaced if they are the last character in the name:
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| SP        | 0x20  | ␠           |
+Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+Properties:
 
-### Batch mode uploads {#batch-mode}
+- Config:      service_account_file
+- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_FILE
+- Type:        string
+- Required:    false
 
-Using batch mode uploads is very important for performance when using
-the Dropbox API. See [the dropbox performance guide](https://developers.dropbox.com/dbx-performance-guide)
-for more info.
+#### --gcs-service-account-credentials
 
-There are 3 modes rclone can use for uploads.
+Service Account Credentials JSON blob.
 
-#### --dropbox-batch-mode off
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
 
-In this mode rclone will not use upload batching. This was the default
-before rclone v1.55. It has the disadvantage that it is very likely to
-encounter `too_many_requests` errors like this
+Properties:
 
-    NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
+- Config:      service_account_credentials
+- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
+- Type:        string
+- Required:    false
 
-When rclone receives these it has to wait for 15s or sometimes 300s
-before continuing which really slows down transfers.
+#### --gcs-anonymous
 
-This will happen especially if `--transfers` is large, so this mode
-isn't recommended except for compatibility or investigating problems.
+Access public buckets and objects without credentials.
 
-#### --dropbox-batch-mode sync
+Set to 'true' if you just want to download files and don't configure credentials.
 
-In this mode rclone will batch up uploads to the size specified by
-`--dropbox-batch-size` and commit them together.
+Properties:
 
-Using this mode means you can use a much higher `--transfers`
-parameter (32 or 64 works fine) without receiving `too_many_requests`
-errors.
+- Config:      anonymous
+- Env Var:     RCLONE_GCS_ANONYMOUS
+- Type:        bool
+- Default:     false
 
-This mode ensures full data integrity.
+#### --gcs-object-acl
 
-Note that there may be a pause when quitting rclone while rclone
-finishes up the last batch using this mode.
+Access Control List for new objects.
 
-#### --dropbox-batch-mode async
+Properties:
 
-In this mode rclone will batch up uploads to the size specified by
-`--dropbox-batch-size` and commit them together.
+- Config:      object_acl
+- Env Var:     RCLONE_GCS_OBJECT_ACL
+- Type:        string
+- Required:    false
+- Examples:
+    - "authenticatedRead"
+        - Object owner gets OWNER access.
+        - All Authenticated Users get READER access.
+    - "bucketOwnerFullControl"
+        - Object owner gets OWNER access.
+        - Project team owners get OWNER access.
+    - "bucketOwnerRead"
+        - Object owner gets OWNER access.
+        - Project team owners get READER access.
+    - "private"
+        - Object owner gets OWNER access.
+        - Default if left blank.
+    - "projectPrivate"
+        - Object owner gets OWNER access.
+        - Project team members get access according to their roles.
+    - "publicRead"
+        - Object owner gets OWNER access.
+        - All Users get READER access.
 
-However it will not wait for the status of the batch to be returned to
-the caller. This means rclone can use a much bigger batch size (much
-bigger than `--transfers`), at the cost of not being able to check the
-status of the upload.
+#### --gcs-bucket-acl
 
-This provides the maximum possible upload speed especially with lots
-of small files, however rclone can't check the file got uploaded
-properly using this mode.
+Access Control List for new buckets.
 
-If you are using this mode then using "rclone check" after the
-transfer completes is recommended. Or you could do an initial transfer
-with `--dropbox-batch-mode async` then do a final transfer with
-`--dropbox-batch-mode sync` (the default).
+Properties:
 
-Note that there may be a pause when quitting rclone while rclone
-finishes up the last batch using this mode.
+- Config:      bucket_acl
+- Env Var:     RCLONE_GCS_BUCKET_ACL
+- Type:        string
+- Required:    false
+- Examples:
+    - "authenticatedRead"
+        - Project team owners get OWNER access.
+        - All Authenticated Users get READER access.
+    - "private"
+        - Project team owners get OWNER access.
+        - Default if left blank.
+    - "projectPrivate"
+        - Project team members get access according to their roles.
+    - "publicRead"
+        - Project team owners get OWNER access.
+        - All Users get READER access.
+    - "publicReadWrite"
+        - Project team owners get OWNER access.
+        - All Users get WRITER access.
 
+#### --gcs-bucket-policy-only
 
+Access checks should use bucket-level IAM policies.
 
-### Standard options
+If you want to upload objects to a bucket with Bucket Policy Only set
+then you will need to set this.
 
-Here are the Standard options specific to dropbox (Dropbox).
+When it is set, rclone:
 
-#### --dropbox-client-id
+- ignores ACLs set on buckets
+- ignores ACLs set on objects
+- creates buckets with Bucket Policy Only set
 
-OAuth Client Id.
+Docs: https://cloud.google.com/storage/docs/bucket-policy-only
 
-Leave blank normally.
 
 Properties:
 
-- Config:      client_id
-- Env Var:     RCLONE_DROPBOX_CLIENT_ID
+- Config:      bucket_policy_only
+- Env Var:     RCLONE_GCS_BUCKET_POLICY_ONLY
+- Type:        bool
+- Default:     false
+
+#### --gcs-location
+
+Location for the newly created buckets.
+
+Properties:
+
+- Config:      location
+- Env Var:     RCLONE_GCS_LOCATION
+- Type:        string
+- Required:    false
+- Examples:
+    - ""
+        - Empty for default location (US)
+    - "asia"
+        - Multi-regional location for Asia
+    - "eu"
+        - Multi-regional location for Europe
+    - "us"
+        - Multi-regional location for United States
+    - "asia-east1"
+        - Taiwan
+    - "asia-east2"
+        - Hong Kong
+    - "asia-northeast1"
+        - Tokyo
+    - "asia-northeast2"
+        - Osaka
+    - "asia-northeast3"
+        - Seoul
+    - "asia-south1"
+        - Mumbai
+    - "asia-south2"
+        - Delhi
+    - "asia-southeast1"
+        - Singapore
+    - "asia-southeast2"
+        - Jakarta
+    - "australia-southeast1"
+        - Sydney
+    - "australia-southeast2"
+        - Melbourne
+    - "europe-north1"
+        - Finland
+    - "europe-west1"
+        - Belgium
+    - "europe-west2"
+        - London
+    - "europe-west3"
+        - Frankfurt
+    - "europe-west4"
+        - Netherlands
+    - "europe-west6"
+        - Zürich
+    - "europe-central2"
+        - Warsaw
+    - "us-central1"
+        - Iowa
+    - "us-east1"
+        - South Carolina
+    - "us-east4"
+        - Northern Virginia
+    - "us-west1"
+        - Oregon
+    - "us-west2"
+        - California
+    - "us-west3"
+        - Salt Lake City
+    - "us-west4"
+        - Las Vegas
+    - "northamerica-northeast1"
+        - Montréal
+    - "northamerica-northeast2"
+        - Toronto
+    - "southamerica-east1"
+        - São Paulo
+    - "southamerica-west1"
+        - Santiago
+    - "asia1"
+        - Dual region: asia-northeast1 and asia-northeast2.
+    - "eur4"
+        - Dual region: europe-north1 and europe-west4.
+    - "nam4"
+        - Dual region: us-central1 and us-east1.
+
+#### --gcs-storage-class
+
+The storage class to use when storing objects in Google Cloud Storage.
+
+Properties:
+
+- Config:      storage_class
+- Env Var:     RCLONE_GCS_STORAGE_CLASS
 - Type:        string
 - Required:    false
+- Examples:
+    - ""
+        - Default
+    - "MULTI_REGIONAL"
+        - Multi-regional storage class
+    - "REGIONAL"
+        - Regional storage class
+    - "NEARLINE"
+        - Nearline storage class
+    - "COLDLINE"
+        - Coldline storage class
+    - "ARCHIVE"
+        - Archive storage class
+    - "DURABLE_REDUCED_AVAILABILITY"
+        - Durable reduced availability storage class
 
-#### --dropbox-client-secret
+#### --gcs-env-auth
 
-OAuth Client Secret.
+Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars).
 
-Leave blank normally.
+Only applies if service_account_file and service_account_credentials is blank.
 
 Properties:
 
-- Config:      client_secret
-- Env Var:     RCLONE_DROPBOX_CLIENT_SECRET
-- Type:        string
-- Required:    false
+- Config:      env_auth
+- Env Var:     RCLONE_GCS_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - "false"
+        - Enter credentials in the next step.
+    - "true"
+        - Get GCP IAM credentials from the environment (env vars or IAM).
 
 ### Advanced options
 
-Here are the Advanced options specific to dropbox (Dropbox).
+Here are the Advanced options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
 
-#### --dropbox-token
+#### --gcs-token
 
 OAuth Access Token as a JSON blob.
 
 Properties:
 
 - Config:      token
-- Env Var:     RCLONE_DROPBOX_TOKEN
+- Env Var:     RCLONE_GCS_TOKEN
 - Type:        string
 - Required:    false
 
-#### --dropbox-auth-url
+#### --gcs-auth-url
 
 Auth server URL.
 
@@ -27012,11 +32431,11 @@ Leave blank to use the provider defaults.
 Properties:
 
 - Config:      auth_url
-- Env Var:     RCLONE_DROPBOX_AUTH_URL
+- Env Var:     RCLONE_GCS_AUTH_URL
 - Type:        string
 - Required:    false
 
-#### --dropbox-token-url
+#### --gcs-token-url
 
 Token server url.
 
@@ -27025,1557 +32444,1470 @@ Leave blank to use the provider defaults.
 Properties:
 
 - Config:      token_url
-- Env Var:     RCLONE_DROPBOX_TOKEN_URL
+- Env Var:     RCLONE_GCS_TOKEN_URL
 - Type:        string
 - Required:    false
 
-#### --dropbox-chunk-size
+#### --gcs-directory-markers
 
-Upload chunk size (< 150Mi).
+Upload an empty object with a trailing slash when a new directory is created
 
-Any files larger than this will be uploaded in chunks of this size.
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with "/", to persist the folder.
 
-Note that chunks are buffered in memory (one at a time) so rclone can
-deal with retries.  Setting this larger will increase the speed
-slightly (at most 10% for 128 MiB in tests) at the cost of using more
-memory.  It can be set smaller if you are tight on memory.
 
 Properties:
 
-- Config:      chunk_size
-- Env Var:     RCLONE_DROPBOX_CHUNK_SIZE
-- Type:        SizeSuffix
-- Default:     48Mi
+- Config:      directory_markers
+- Env Var:     RCLONE_GCS_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
 
-#### --dropbox-impersonate
+#### --gcs-no-check-bucket
 
-Impersonate this user when using a business account.
+If set, don't attempt to check the bucket exists or create it.
 
-Note that if you want to use impersonate, you should make sure this
-flag is set when running "rclone config" as this will cause rclone to
-request the "members.read" scope which it won't normally. This is
-needed to lookup a members email address into the internal ID that
-dropbox uses in the API.
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
 
-Using the "members.read" scope will require a Dropbox Team Admin
-to approve during the OAuth flow.
 
-You will have to use your own App (setting your own client_id and
-client_secret) to use this option as currently rclone's default set of
-permissions doesn't include "members.read". This can be added once
-v1.55 or later is in use everywhere.
+Properties:
 
+- Config:      no_check_bucket
+- Env Var:     RCLONE_GCS_NO_CHECK_BUCKET
+- Type:        bool
+- Default:     false
 
-Properties:
+#### --gcs-decompress
 
-- Config:      impersonate
-- Env Var:     RCLONE_DROPBOX_IMPERSONATE
-- Type:        string
-- Required:    false
+If set this will decompress gzip encoded objects.
 
-#### --dropbox-shared-files
+It is possible to upload objects to GCS with "Content-Encoding: gzip"
+set. Normally rclone will download these files as compressed objects.
 
-Instructs rclone to work on individual shared files.
+If this flag is set then rclone will decompress these files with
+"Content-Encoding: gzip" as they are received. This means that rclone
+can't check the size and hash but the file contents will be decompressed.
 
-In this mode rclone's features are extremely limited - only list (ls, lsl, etc.) 
-operations and read operations (e.g. downloading) are supported in this mode.
-All other operations will be disabled.
 
 Properties:
 
-- Config:      shared_files
-- Env Var:     RCLONE_DROPBOX_SHARED_FILES
+- Config:      decompress
+- Env Var:     RCLONE_GCS_DECOMPRESS
 - Type:        bool
 - Default:     false
 
-#### --dropbox-shared-folders
+#### --gcs-endpoint
 
-Instructs rclone to work on shared folders.
-			
-When this flag is used with no path only the List operation is supported and 
-all available shared folders will be listed. If you specify a path the first part 
-will be interpreted as the name of shared folder. Rclone will then try to mount this 
-shared to the root namespace. On success shared folder rclone proceeds normally. 
-The shared folder is now pretty much a normal folder and all normal operations 
-are supported. 
+Endpoint for the service.
 
-Note that we don't unmount the shared folder afterwards so the 
---dropbox-shared-folders can be omitted after the first use of a particular 
-shared folder.
+Leave blank normally.
 
 Properties:
 
-- Config:      shared_folders
-- Env Var:     RCLONE_DROPBOX_SHARED_FOLDERS
-- Type:        bool
-- Default:     false
+- Config:      endpoint
+- Env Var:     RCLONE_GCS_ENDPOINT
+- Type:        string
+- Required:    false
 
-#### --dropbox-batch-mode
+#### --gcs-encoding
 
-Upload file batching sync|async|off.
+The encoding for the backend.
 
-This sets the batch mode used by rclone.
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-For full info see [the main docs](https://rclone.org/dropbox/#batch-mode)
+Properties:
 
-This has 3 possible values
+- Config:      encoding
+- Env Var:     RCLONE_GCS_ENCODING
+- Type:        Encoding
+- Default:     Slash,CrLf,InvalidUtf8,Dot
 
-- off - no batching
-- sync - batch uploads and check completion (default)
-- async - batch upload and don't check completion
 
-Rclone will close any outstanding batches when it exits which may make
-a delay on quit.
 
+## Limitations
 
-Properties:
+`rclone about` is not supported by the Google Cloud Storage backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
 
-- Config:      batch_mode
-- Env Var:     RCLONE_DROPBOX_BATCH_MODE
-- Type:        string
-- Default:     "sync"
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-#### --dropbox-batch-size
+#  Google Drive
 
-Max number of files in upload batch.
+Paths are specified as `drive:path`
 
-This sets the batch size of files to upload. It has to be less than 1000.
+Drive paths may be as deep as required, e.g. `drive:directory/subdirectory`.
 
-By default this is 0 which means rclone which calculate the batch size
-depending on the setting of batch_mode.
+## Configuration
 
-- batch_mode: async - default batch_size is 100
-- batch_mode: sync - default batch_size is the same as --transfers
-- batch_mode: off - not in use
+The initial setup for drive involves getting a token from Google drive
+which you need to do in your browser.  `rclone config` walks you
+through it.
 
-Rclone will close any outstanding batches when it exits which may make
-a delay on quit.
+Here is an example of how to make a remote called `remote`.  First run:
 
-Setting this is a great idea if you are uploading lots of small files
-as it will make them a lot quicker. You can use --transfers 32 to
-maximise throughput.
+     rclone config
 
+This will guide you through an interactive setup process:
 
-Properties:
+```
+No remotes found, make a new one?
+n) New remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+n/r/c/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Google Drive
+   \ "drive"
+[snip]
+Storage> drive
+Google Application Client Id - leave blank normally.
+client_id>
+Google Application Client Secret - leave blank normally.
+client_secret>
+Scope that rclone should use when requesting access from drive.
+Choose a number from below, or type in your own value
+ 1 / Full access all files, excluding Application Data Folder.
+   \ "drive"
+ 2 / Read-only access to file metadata and file contents.
+   \ "drive.readonly"
+   / Access to files created by rclone only.
+ 3 | These are visible in the drive website.
+   | File authorization is revoked when the user deauthorizes the app.
+   \ "drive.file"
+   / Allows read and write access to the Application Data folder.
+ 4 | This is not visible in the drive website.
+   \ "drive.appfolder"
+   / Allows read-only access to file metadata but
+ 5 | does not allow any access to read or download file content.
+   \ "drive.metadata.readonly"
+scope> 1
+Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
+service_account_file>
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes
+n) No
+y/n> y
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+Configure this as a Shared Drive (Team Drive)?
+y) Yes
+n) No
+y/n> n
+--------------------
+[remote]
+client_id = 
+client_secret = 
+scope = drive
+root_folder_id = 
+service_account_file =
+token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2014-03-16T13:57:58.955387075Z"}
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-- Config:      batch_size
-- Env Var:     RCLONE_DROPBOX_BATCH_SIZE
-- Type:        int
-- Default:     0
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
 
-#### --dropbox-batch-timeout
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Google if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and it
+may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
 
-Max time to allow an idle upload batch before uploading.
+You can then use it like this,
 
-If an upload batch is idle for more than this long then it will be
-uploaded.
+List directories in top level of your drive
 
-The default for this is 0 which means rclone will choose a sensible
-default based on the batch_mode in use.
+    rclone lsd remote:
 
-- batch_mode: async - default batch_timeout is 500ms
-- batch_mode: sync - default batch_timeout is 10s
-- batch_mode: off - not in use
+List all the files in your drive
 
+    rclone ls remote:
 
-Properties:
+To copy a local directory to a drive directory called backup
 
-- Config:      batch_timeout
-- Env Var:     RCLONE_DROPBOX_BATCH_TIMEOUT
-- Type:        Duration
-- Default:     0s
+    rclone copy /home/source remote:backup
 
-#### --dropbox-batch-commit-timeout
+### Scopes
 
-Max time to wait for a batch to finish committing
+Rclone allows you to select which scope you would like for rclone to
+use.  This changes what type of token is granted to rclone.  [The
+scopes are defined
+here](https://developers.google.com/drive/v3/web/about-auth).
 
-Properties:
+A comma-separated list is allowed e.g. `drive.readonly,drive.file`.
 
-- Config:      batch_commit_timeout
-- Env Var:     RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT
-- Type:        Duration
-- Default:     10m0s
+The scope are
 
-#### --dropbox-encoding
+#### drive
 
-The encoding for the backend.
+This is the default scope and allows full access to all files, except
+for the Application Data Folder (see below).
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Choose this one if you aren't sure.
 
-Properties:
+#### drive.readonly
 
-- Config:      encoding
-- Env Var:     RCLONE_DROPBOX_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
+This allows read only access to all files.  Files may be listed and
+downloaded but not uploaded, renamed or deleted.
 
+#### drive.file
 
+With this scope rclone can read/view/modify only those files and
+folders it creates.
 
-## Limitations
+So if you uploaded files to drive via the web interface (or any other
+means) they will not be visible to rclone.
 
-Note that Dropbox is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+This can be useful if you are using rclone to backup data and you want
+to be sure confidential data on your drive is not visible to rclone.
 
-There are some file names such as `thumbs.db` which Dropbox can't
-store.  There is a full list of them in the ["Ignored Files" section
-of this document](https://www.dropbox.com/en/help/145).  Rclone will
-issue an error message `File name disallowed - not uploading` if it
-attempts to upload one of those file names, but the sync won't fail.
+Files created with this scope are visible in the web interface.
 
-Some errors may occur if you try to sync copyright-protected files
-because Dropbox has its own [copyright detector](https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/) that
-prevents this sort of file being downloaded. This will return the error `ERROR :
-/path/to/your/file: Failed to copy: failed to open source object:
-path/restricted_content/.`
+#### drive.appfolder
 
-If you have more than 10,000 files in a directory then `rclone purge
-dropbox:dir` will return the error `Failed to purge: There are too
-many files involved in this operation`.  As a work-around do an
-`rclone delete dropbox:dir` followed by an `rclone rmdir dropbox:dir`.
+This gives rclone its own private area to store files.  Rclone will
+not be able to see any other files on your drive and you won't be able
+to see rclone's files from the web interface either.
 
-When using `rclone link` you'll need to set `--expire` if using a
-non-personal account otherwise the visibility may not be correct.
-(Note that `--expire` isn't supported on personal accounts). See the
-[forum discussion](https://forum.rclone.org/t/rclone-link-dropbox-permissions/23211) and the 
-[dropbox SDK issue](https://github.com/dropbox/dropbox-sdk-go-unofficial/issues/75).
+#### drive.metadata.readonly
 
-## Get your own Dropbox App ID
+This allows read only access to file names only.  It does not allow
+rclone to download or upload data, or rename or delete files or
+directories.
 
-When you use rclone with Dropbox in its default configuration you are using rclone's App ID. This is shared between all the rclone users.
+### Root folder ID
 
-Here is how to create your own Dropbox App ID for rclone:
+This option has been moved to the advanced section. You can set the `root_folder_id` for rclone.  This is the directory
+(identified by its `Folder ID`) that rclone considers to be the root
+of your drive.
 
-1. Log into the [Dropbox App console](https://www.dropbox.com/developers/apps/create) with your Dropbox Account (It need not
-to be the same account as the Dropbox you want to access)
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
 
-2. Choose an API => Usually this should be `Dropbox API`
+However you can set this to restrict rclone to a specific folder
+hierarchy or to access data within the "Computers" tab on the drive
+web interface (where files from Google's Backup and Sync desktop
+program go).
 
-3. Choose the type of access you want to use => `Full Dropbox` or `App Folder`
+In order to do this you will have to find the `Folder ID` of the
+directory you wish rclone to display.  This will be the last segment
+of the URL when you open the relevant folder in the drive web
+interface.
 
-4. Name your App. The app name is global, so you can't use `rclone` for example
+So if the folder you want rclone to use has a URL which looks like
+`https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh`
+in the browser, then you use `1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh` as
+the `root_folder_id` in the config.
 
-5. Click the button `Create App`
+**NB** folders under the "Computers" tab seem to be read only (drive
+gives a 500 error) when using rclone.
 
-6. Switch to the `Permissions` tab. Enable at least the following permissions: `account_info.read`, `files.metadata.write`, `files.content.write`, `files.content.read`, `sharing.write`. The `files.metadata.read` and `sharing.read` checkboxes will be marked too. Click `Submit`
+There doesn't appear to be an API to discover the folder IDs of the
+"Computers" tab - please contact us if you know otherwise!
 
-7. Switch to the `Settings` tab. Fill `OAuth2 - Redirect URIs` as `http://localhost:53682/`
+Note also that rclone can't access any data under the "Backups" tab on
+the google drive web interface yet.
 
-8. Find the `App key` and `App secret` values on the `Settings` tab. Use these values in rclone config to add a new remote or edit an existing remote. The `App key` setting corresponds to `client_id` in rclone config, the `App secret` corresponds to `client_secret`
+### Service Account support
 
-#  Enterprise File Fabric
+You can set up rclone with Google Drive in an unattended mode,
+i.e. not tied to a specific end-user Google account. This is useful
+when you want to synchronise files onto machines that don't have
+actively logged-in users, for example build machines.
 
-This backend supports [Storage Made Easy's Enterprise File
-Fabric™](https://storagemadeeasy.com/about/) which provides a software
-solution to integrate and unify File and Object Storage accessible
-through a global file system.
+To use a Service Account instead of OAuth2 token flow, enter the path
+to your Service Account credentials at the `service_account_file`
+prompt during `rclone config` and rclone won't use the browser based
+authentication flow. If you'd rather stuff the contents of the
+credentials file into the rclone config file, you can set
+`service_account_credentials` with the actual contents of the file
+instead, or set the equivalent environment variable.
 
-## Configuration
+#### Use case - Google Apps/G-suite account and individual Drive
 
-The initial setup for the Enterprise File Fabric backend involves
-getting a token from the Enterprise File Fabric which you need to
-do in your browser.  `rclone config` walks you through it.
+Let's say that you are the administrator of a Google Apps (old) or
+G-suite account.
+The goal is to store data on an individual's Drive account, who IS
+a member of the domain.
+We'll call the domain **example.com**, and the user
+**foo@example.com**.
 
-Here is an example of how to make a remote called `remote`.  First run:
+There's a few steps we need to go through to accomplish this:
 
-     rclone config
+##### 1. Create a service account for example.com
+  - To create a service account and obtain its credentials, go to the
+[Google Developer Console](https://console.developers.google.com).
+  - You must have a project - create one if you don't.
+  - Then go to "IAM & admin" -> "Service Accounts".
+  - Use the "Create Service Account" button. Fill in "Service account name"
+and "Service account ID" with something that identifies your client.
+  - Select "Create And Continue". Step 2 and 3 are optional.
+  - These credentials are what rclone will use for authentication.
+If you ever need to remove access, press the "Delete service
+account key" button.
 
-This will guide you through an interactive setup process:
+##### 2. Allowing API access to example.com Google Drive
+  - Go to example.com's admin console
+  - Go into "Security" (or use the search bar)
+  - Select "Show more" and then "Advanced settings"
+  - Select "Manage API client access" in the "Authentication" section
+  - In the "Client Name" field enter the service account's
+"Client ID" - this can be found in the Developer Console under
+"IAM & Admin" -> "Service Accounts", then "View Client ID" for
+the newly created service account.
+It is a ~21 character numerical string.
+  - In the next field, "One or More API Scopes", enter
+`https://www.googleapis.com/auth/drive`
+to grant access to Google Drive specifically.
+
+##### 3. Configure rclone, assuming a new install
 
 ```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-[snip]
-XX / Enterprise File Fabric
-   \ "filefabric"
-[snip]
-Storage> filefabric
-** See help for filefabric backend at: https://rclone.org/filefabric/ **
+rclone config
 
-URL of the Enterprise File Fabric to connect to
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Storage Made Easy US
-   \ "https://storagemadeeasy.com"
- 2 / Storage Made Easy EU
-   \ "https://eu.storagemadeeasy.com"
- 3 / Connect to your Enterprise File Fabric
-   \ "https://yourfabric.smestorage.com"
-url> https://yourfabric.smestorage.com/
-ID of the root folder
-Leave blank normally.
+n/s/q> n         # New
+name>gdrive      # Gdrive is an example name
+Storage>         # Select the number shown for Google Drive
+client_id>       # Can be left blank
+client_secret>   # Can be left blank
+scope>           # Select your scope, 1 for example
+root_folder_id>  # Can be left blank
+service_account_file> /home/foo/myJSONfile.json # This is where the JSON file goes!
+y/n>             # Auto config, n
 
-Fill in to make rclone start with directory of a given ID.
+```
 
-Enter a string value. Press Enter for the default ("").
-root_folder_id> 
-Permanent Authentication Token
+##### 4. Verify that it's working
+  - `rclone -v --drive-impersonate foo@example.com lsf gdrive:backup`
+  - The arguments do:
+    - `-v` - verbose logging
+    - `--drive-impersonate foo@example.com` - this is what does
+the magic, pretending to be user foo.
+    - `lsf` - list files in a parsing friendly way
+    - `gdrive:backup` - use the remote called gdrive, work in
+the folder named backup.
 
-A Permanent Authentication Token can be created in the Enterprise File
-Fabric, on the users Dashboard under Security, there is an entry
-you'll see called "My Authentication Tokens". Click the Manage button
-to create one.
+Note: in case you configured a specific root folder on gdrive and rclone is unable to access the contents of that folder when using `--drive-impersonate`, do this instead:
+  - in the gdrive web interface, share your root folder with the user/email of the new Service Account you created/selected at step #1
+  - use rclone without specifying the `--drive-impersonate` option, like this:
+        `rclone -v lsf gdrive:backup`
 
-These tokens are normally valid for several years.
 
-For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+### Shared drives (team drives)
 
-Enter a string value. Press Enter for the default ("").
-permanent_token> xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
-Edit advanced config? (y/n)
+If you want to configure the remote to point to a Google Shared Drive
+(previously known as Team Drives) then answer `y` to the question
+`Configure this as a Shared Drive (Team Drive)?`.
+
+This will fetch the list of Shared Drives from google and allow you to
+configure which one you want to use. You can also type in a Shared
+Drive ID if you prefer.
+
+For example:
+
+```
+Configure this as a Shared Drive (Team Drive)?
 y) Yes
-n) No (default)
-y/n> n
-Remote config
+n) No
+y/n> y
+Fetching Shared Drive list...
+Choose a number from below, or type in your own value
+ 1 / Rclone Test
+   \ "xxxxxxxxxxxxxxxxxxxx"
+ 2 / Rclone Test 2
+   \ "yyyyyyyyyyyyyyyyyyyy"
+ 3 / Rclone Test 3
+   \ "zzzzzzzzzzzzzzzzzzzz"
+Enter a Shared Drive ID> 1
 --------------------
 [remote]
-type = filefabric
-url = https://yourfabric.smestorage.com/
-permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
+client_id =
+client_secret =
+token = {"AccessToken":"xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx","Expiry":"2014-03-16T13:57:58.955387075Z","Extra":null}
+team_drive = xxxxxxxxxxxxxxxxxxxx
 --------------------
-y) Yes this is OK (default)
+y) Yes this is OK
 e) Edit this remote
 d) Delete this remote
 y/e/d> y
 ```
 
-Once configured you can then use `rclone` like this,
+### --fast-list
 
-List directories in top level of your Enterprise File Fabric
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
 
-    rclone lsd remote:
+It does this by combining multiple `list` calls into a single API request.
 
-List all the files in your Enterprise File Fabric
+This works by combining many `'%s' in parents` filters into one expression.
+To list the contents of directories a, b and c, the following requests will be send by the regular `List` function:
+```
+trashed=false and 'a' in parents
+trashed=false and 'b' in parents
+trashed=false and 'c' in parents
+```
+These can now be combined into a single request:
+```
+trashed=false and ('a' in parents or 'b' in parents or 'c' in parents)
+```
 
-    rclone ls remote:
+The implementation of `ListR` will put up to 50 `parents` filters into one request.
+It will  use the `--checkers` value to specify the number of requests to run in parallel.
 
-To copy a local directory to an Enterprise File Fabric directory called backup
+In tests, these batch requests were up to 20x faster than the regular method.
+Running the following command against different sized folders gives:
+```
+rclone lsjson -vv -R --checkers=6 gdrive:folder
+```
 
-    rclone copy /home/source remote:backup
+small folder (220 directories, 700 files):
 
-### Modified time and hashes
+- without `--fast-list`: 38s
+- with `--fast-list`: 10s
 
-The Enterprise File Fabric allows modification times to be set on
-files accurate to 1 second.  These will be used to detect whether
-objects need syncing or not.
+large folder (10600 directories, 39000 files):
 
-The Enterprise File Fabric does not support any data hashes at this time.
+- without `--fast-list`: 22:05 min
+- with `--fast-list`: 58s
 
-### Restricted filename characters
+### Modification times and hashes
 
-The [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-will be replaced.
+Google drive stores modification times accurate to 1 ms.
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+Hash algorithms MD5, SHA1 and SHA256 are supported. Note, however,
+that a small fraction of files uploaded may not have SHA1 or SHA256
+hashes especially if they were uploaded before 2018.
 
-### Empty files
+### Restricted filename characters
 
-Empty files aren't supported by the Enterprise File Fabric. Rclone will therefore
-upload an empty file as a single space with a mime type of
-`application/vnd.rclone.empty.file` and files with that mime type are
-treated as empty.
+Only Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-### Root folder ID ###
+In contrast to other backends, `/` can also be used in names and `.`
+or `..` are valid names.
 
-You can set the `root_folder_id` for rclone.  This is the directory
-(identified by its `Folder ID`) that rclone considers to be the root
-of your Enterprise File Fabric.
+### Revisions
 
-Normally you will leave this blank and rclone will determine the
-correct root to use itself.
+Google drive stores revisions of files.  When you upload a change to
+an existing file to google drive using rclone it will create a new
+revision of that file.
 
-However you can set this to restrict rclone to a specific folder
-hierarchy.
+Revisions follow the standard google policy which at time of writing
+was
 
-In order to do this you will have to find the `Folder ID` of the
-directory you wish rclone to display.  These aren't displayed in the
-web interface, but you can use `rclone lsf` to find them, for example
+  * They are deleted after 30 days or 100 revisions (whatever comes first).
+  * They do not count towards a user storage quota.
 
-```
-$ rclone lsf --dirs-only -Fip --csv filefabric:
-120673758,Burnt PDFs/
-120673759,My Quick Uploads/
-120673755,My Syncs/
-120673756,My backups/
-120673757,My contacts/
-120673761,S3 Storage/
-```
+### Deleting files
 
-The ID for "S3 Storage" would be `120673761`.
+By default rclone will send all files to the trash when deleting
+files.  If deleting them permanently is required then use the
+`--drive-use-trash=false` flag, or set the equivalent environment
+variable.
 
+### Shortcuts
 
-### Standard options
+In March 2020 Google introduced a new feature in Google Drive called
+[drive shortcuts](https://support.google.com/drive/answer/9700156)
+([API](https://developers.google.com/drive/api/v3/shortcuts)). These
+will (by September 2020) [replace the ability for files or folders to
+be in multiple folders at once](https://cloud.google.com/blog/products/g-suite/simplifying-google-drives-folder-structure-and-sharing-models).
 
-Here are the Standard options specific to filefabric (Enterprise File Fabric).
+Shortcuts are files that link to other files on Google Drive somewhat
+like a symlink in unix, except they point to the underlying file data
+(e.g. the inode in unix terms) so they don't break if the source is
+renamed or moved about.
 
-#### --filefabric-url
+By default rclone treats these as follows.
 
-URL of the Enterprise File Fabric to connect to.
+For shortcuts pointing to files:
 
-Properties:
+- When listing a file shortcut appears as the destination file.
+- When downloading the contents of the destination file is downloaded.
+- When updating shortcut file with a non shortcut file, the shortcut is removed then a new file is uploaded in place of the shortcut.
+- When server-side moving (renaming) the shortcut is renamed, not the destination file.
+- When server-side copying the shortcut is copied, not the contents of the shortcut. (unless `--drive-copy-shortcut-content` is in use in which case the contents of the shortcut gets copied).
+- When deleting the shortcut is deleted not the linked file.
+- When setting the modification time, the modification time of the linked file will be set.
 
-- Config:      url
-- Env Var:     RCLONE_FILEFABRIC_URL
-- Type:        string
-- Required:    true
-- Examples:
-    - "https://storagemadeeasy.com"
-        - Storage Made Easy US
-    - "https://eu.storagemadeeasy.com"
-        - Storage Made Easy EU
-    - "https://yourfabric.smestorage.com"
-        - Connect to your Enterprise File Fabric
+For shortcuts pointing to folders:
 
-#### --filefabric-root-folder-id
+- When listing the shortcut appears as a folder and that folder will contain the contents of the linked folder appear (including any sub folders)
+- When downloading the contents of the linked folder and sub contents are downloaded
+- When uploading to a shortcut folder the file will be placed in the linked folder
+- When server-side moving (renaming) the shortcut is renamed, not the destination folder
+- When server-side copying the contents of the linked folder is copied, not the shortcut.
+- When deleting with `rclone rmdir` or `rclone purge` the shortcut is deleted not the linked folder.
+- **NB** When deleting with `rclone remove` or `rclone mount` the contents of the linked folder will be deleted.
 
-ID of the root folder.
+The [rclone backend](https://rclone.org/commands/rclone_backend/) command can be used to create shortcuts.  
 
-Leave blank normally.
+Shortcuts can be completely ignored with the `--drive-skip-shortcuts` flag
+or the corresponding `skip_shortcuts` configuration setting.
 
-Fill in to make rclone start with directory of a given ID.
+### Emptying trash
 
+If you wish to empty your trash you can use the `rclone cleanup remote:`
+command which will permanently delete all your trashed files. This command
+does not take any path arguments.
 
-Properties:
+Note that Google Drive takes some time (minutes to days) to empty the
+trash even though the command returns within a few seconds.  No output
+is echoed, so there will be no confirmation even using -v or -vv.
 
-- Config:      root_folder_id
-- Env Var:     RCLONE_FILEFABRIC_ROOT_FOLDER_ID
-- Type:        string
-- Required:    false
+### Quota information
 
-#### --filefabric-permanent-token
+To view your current quota you can use the `rclone about remote:`
+command which will display your usage limit (quota), the usage in Google
+Drive, the size of all files in the Trash and the space used by other
+Google services such as Gmail. This command does not take any path
+arguments.
 
-Permanent Authentication Token.
+#### Import/Export of google documents
 
-A Permanent Authentication Token can be created in the Enterprise File
-Fabric, on the users Dashboard under Security, there is an entry
-you'll see called "My Authentication Tokens". Click the Manage button
-to create one.
+Google documents can be exported from and uploaded to Google Drive.
 
-These tokens are normally valid for several years.
+When rclone downloads a Google doc it chooses a format to download
+depending upon the `--drive-export-formats` setting.
+By default the export formats are `docx,xlsx,pptx,svg` which are a
+sensible default for an editable document.
 
-For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+When choosing a format, rclone runs down the list provided in order
+and chooses the first file format the doc can be exported as from the
+list. If the file can't be exported to a format on the formats list,
+then rclone will choose a format from the default list.
 
+If you prefer an archive copy then you might use `--drive-export-formats
+pdf`, or if you prefer openoffice/libreoffice formats you might use
+`--drive-export-formats ods,odt,odp`.
 
-Properties:
+Note that rclone adds the extension to the google doc, so if it is
+called `My Spreadsheet` on google docs, it will be exported as `My
+Spreadsheet.xlsx` or `My Spreadsheet.pdf` etc.
 
-- Config:      permanent_token
-- Env Var:     RCLONE_FILEFABRIC_PERMANENT_TOKEN
-- Type:        string
-- Required:    false
+When importing files into Google Drive, rclone will convert all
+files with an extension in `--drive-import-formats` to their
+associated document type.
+rclone will not convert any files by default, since the conversion
+is lossy process.
 
-### Advanced options
+The conversion must result in a file with the same extension when
+the `--drive-export-formats` rules are applied to the uploaded document.
 
-Here are the Advanced options specific to filefabric (Enterprise File Fabric).
+Here are some examples for allowed and prohibited conversions.
 
-#### --filefabric-token
+| export-formats | import-formats | Upload Ext | Document Ext | Allowed |
+| -------------- | -------------- | ---------- | ------------ | ------- |
+| odt | odt | odt | odt | Yes |
+| odt | docx,odt | odt | odt | Yes |
+|  | docx | docx | docx | Yes |
+|  | odt | odt | docx | No |
+| odt,docx | docx,odt | docx | odt | No |
+| docx,odt | docx,odt | docx | docx | Yes |
+| docx,odt | docx,odt | odt | docx | No |
 
-Session Token.
+This limitation can be disabled by specifying `--drive-allow-import-name-change`.
+When using this flag, rclone can convert multiple files types resulting
+in the same document type at once, e.g. with `--drive-import-formats docx,odt,txt`,
+all files having these extension would result in a document represented as a docx file.
+This brings the additional risk of overwriting a document, if multiple files
+have the same stem. Many rclone operations will not handle this name change
+in any way. They assume an equal name when copying files and might copy the
+file again or delete them when the name changes. 
 
-This is a session token which rclone caches in the config file. It is
-usually valid for 1 hour.
+Here are the possible export extensions with their corresponding mime types.
+Most of these can also be used for importing, but there more that are not
+listed here. Some of these additional ones might only be available when
+the operating system provides the correct MIME type entries.
 
-Don't set this value - rclone will set it automatically.
+This list can be changed by Google Drive at any time and might not
+represent the currently available conversions.
+
+| Extension | Mime Type | Description |
+| --------- |-----------| ------------|
+| bmp  | image/bmp | Windows Bitmap format |
+| csv  | text/csv | Standard CSV format for Spreadsheets |
+| doc  | application/msword | Classic Word file |
+| docx | application/vnd.openxmlformats-officedocument.wordprocessingml.document | Microsoft Office Document |
+| epub | application/epub+zip | E-book format |
+| html | text/html | An HTML Document |
+| jpg  | image/jpeg | A JPEG Image File |
+| json | application/vnd.google-apps.script+json | JSON Text Format for Google Apps scripts |
+| odp  | application/vnd.oasis.opendocument.presentation | Openoffice Presentation |
+| ods  | application/vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+| ods  | application/x-vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+| odt  | application/vnd.oasis.opendocument.text | Openoffice Document |
+| pdf  | application/pdf | Adobe PDF Format |
+| pjpeg | image/pjpeg | Progressive JPEG Image |
+| png  | image/png | PNG Image Format|
+| pptx | application/vnd.openxmlformats-officedocument.presentationml.presentation | Microsoft Office Powerpoint |
+| rtf  | application/rtf | Rich Text Format |
+| svg  | image/svg+xml | Scalable Vector Graphics Format |
+| tsv  | text/tab-separated-values | Standard TSV format for spreadsheets |
+| txt  | text/plain | Plain Text |
+| wmf  | application/x-msmetafile | Windows Meta File |
+| xls  | application/vnd.ms-excel | Classic Excel file |
+| xlsx | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | Microsoft Office Spreadsheet |
+| zip  | application/zip | A ZIP file of HTML, Images CSS |
 
+Google documents can also be exported as link files. These files will
+open a browser window for the Google Docs website of that document
+when opened. The link file extension has to be specified as a
+`--drive-export-formats` parameter. They will match all available
+Google Documents.
 
-Properties:
+| Extension | Description | OS Support |
+| --------- | ----------- | ---------- |
+| desktop | freedesktop.org specified desktop entry | Linux |
+| link.html | An HTML Document with a redirect | All |
+| url | INI style link file | macOS, Windows |
+| webloc | macOS specific XML format | macOS |
 
-- Config:      token
-- Env Var:     RCLONE_FILEFABRIC_TOKEN
-- Type:        string
-- Required:    false
 
-#### --filefabric-token-expiry
+### Standard options
 
-Token expiry time.
+Here are the Standard options specific to drive (Google Drive).
 
-Don't set this value - rclone will set it automatically.
+#### --drive-client-id
 
+Google Application Client Id
+Setting your own is recommended.
+See https://rclone.org/drive/#making-your-own-client-id for how to create your own.
+If you leave this blank, it will use an internal key which is low performance.
 
 Properties:
 
-- Config:      token_expiry
-- Env Var:     RCLONE_FILEFABRIC_TOKEN_EXPIRY
+- Config:      client_id
+- Env Var:     RCLONE_DRIVE_CLIENT_ID
 - Type:        string
 - Required:    false
 
-#### --filefabric-version
-
-Version read from the file fabric.
+#### --drive-client-secret
 
-Don't set this value - rclone will set it automatically.
+OAuth Client Secret.
 
+Leave blank normally.
 
 Properties:
 
-- Config:      version
-- Env Var:     RCLONE_FILEFABRIC_VERSION
+- Config:      client_secret
+- Env Var:     RCLONE_DRIVE_CLIENT_SECRET
 - Type:        string
 - Required:    false
 
-#### --filefabric-encoding
-
-The encoding for the backend.
+#### --drive-scope
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Comma separated list of scopes that rclone should use when requesting access from drive.
 
 Properties:
 
-- Config:      encoding
-- Env Var:     RCLONE_FILEFABRIC_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,Del,Ctl,InvalidUtf8,Dot
-
-
-
-#  FTP
-
-FTP is the File Transfer Protocol. Rclone FTP support is provided using the
-[github.com/jlaffaye/ftp](https://godoc.org/github.com/jlaffaye/ftp)
-package.
-
-[Limitations of Rclone's FTP backend](#limitations)
-
-Paths are specified as `remote:path`. If the path does not begin with
-a `/` it is relative to the home directory of the user.  An empty path
-`remote:` refers to the user's home directory.
+- Config:      scope
+- Env Var:     RCLONE_DRIVE_SCOPE
+- Type:        string
+- Required:    false
+- Examples:
+    - "drive"
+        - Full access all files, excluding Application Data Folder.
+    - "drive.readonly"
+        - Read-only access to file metadata and file contents.
+    - "drive.file"
+        - Access to files created by rclone only.
+        - These are visible in the drive website.
+        - File authorization is revoked when the user deauthorizes the app.
+    - "drive.appfolder"
+        - Allows read and write access to the Application Data folder.
+        - This is not visible in the drive website.
+    - "drive.metadata.readonly"
+        - Allows read-only access to file metadata but
+        - does not allow any access to read or download file content.
 
-## Configuration
+#### --drive-service-account-file
 
-To create an FTP configuration named `remote`, run
+Service Account Credentials JSON file path.
 
-    rclone config
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
 
-Rclone config guides you through an interactive setup process. A minimal
-rclone FTP remote definition only requires host, username and password.
-For an anonymous FTP server, see [below](#anonymous-ftp).
+Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
 
-```
-No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-[snip]
-XX / FTP
-   \ "ftp"
-[snip]
-Storage> ftp
-** See help for ftp backend at: https://rclone.org/ftp/ **
+Properties:
 
-FTP host to connect to
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Connect to ftp.example.com
-   \ "ftp.example.com"
-host> ftp.example.com
-FTP username
-Enter a string value. Press Enter for the default ("$USER").
-user> 
-FTP port number
-Enter a signed integer. Press Enter for the default (21).
-port> 
-FTP password
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Use FTP over TLS (Implicit)
-Enter a boolean value (true or false). Press Enter for the default ("false").
-tls> 
-Use FTP over TLS (Explicit)
-Enter a boolean value (true or false). Press Enter for the default ("false").
-explicit_tls> 
-Remote config
---------------------
-[remote]
-type = ftp
-host = ftp.example.com
-pass = *** ENCRYPTED ***
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+- Config:      service_account_file
+- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_FILE
+- Type:        string
+- Required:    false
 
-To see all directories in the home directory of `remote`
+#### --drive-alternate-export
 
-    rclone lsd remote:
+Deprecated: No longer needed.
 
-Make a new directory
+Properties:
 
-    rclone mkdir remote:path/to/directory
+- Config:      alternate_export
+- Env Var:     RCLONE_DRIVE_ALTERNATE_EXPORT
+- Type:        bool
+- Default:     false
 
-List the contents of a directory
+### Advanced options
 
-    rclone ls remote:path/to/directory
+Here are the Advanced options specific to drive (Google Drive).
 
-Sync `/home/local/directory` to the remote directory, deleting any
-excess files in the directory.
+#### --drive-token
 
-    rclone sync --interactive /home/local/directory remote:directory
+OAuth Access Token as a JSON blob.
 
-### Anonymous FTP
+Properties:
 
-When connecting to a FTP server that allows anonymous login, you can use the
-special "anonymous" username. Traditionally, this user account accepts any
-string as a password, although it is common to use either the password
-"anonymous" or "guest". Some servers require the use of a valid e-mail
-address as password.
+- Config:      token
+- Env Var:     RCLONE_DRIVE_TOKEN
+- Type:        string
+- Required:    false
 
-Using [on-the-fly](#backend-path-to-dir) or
-[connection string](https://rclone.org/docs/#connection-strings) remotes makes it easy to access
-such servers, without requiring any configuration in advance. The following
-are examples of that:
+#### --drive-auth-url
 
-    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
-    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):
+Auth server URL.
 
-The above examples work in Linux shells and in PowerShell, but not Windows
-Command Prompt. They execute the [rclone obscure](https://rclone.org/commands/rclone_obscure/)
-command to create a password string in the format required by the
-[pass](#ftp-pass) option. The following examples are exactly the same, except use
-an already obscured string representation of the same password "dummy", and
-therefore works even in Windows Command Prompt:
+Leave blank to use the provider defaults.
 
-    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
-    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:
+Properties:
 
-### Implicit TLS
+- Config:      auth_url
+- Env Var:     RCLONE_DRIVE_AUTH_URL
+- Type:        string
+- Required:    false
 
-Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to
-be enabled in the FTP backend config for the remote, or with
-[`--ftp-tls`](#ftp-tls). The default FTPS port is `990`, not `21` and
-can be set with [`--ftp-port`](#ftp-port).
+#### --drive-token-url
 
-### Restricted filename characters
+Token server url.
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+Leave blank to use the provider defaults.
 
-File names cannot end with the following characters. Replacement is
-limited to the last character in a file name:
+Properties:
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| SP        | 0x20  | ␠           |
+- Config:      token_url
+- Env Var:     RCLONE_DRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
 
-Not all FTP servers can have all characters in file names, for example:
+#### --drive-root-folder-id
 
-| FTP Server| Forbidden characters |
-| --------- |:--------------------:|
-| proftpd   | `*`                  |
-| pureftpd  | `\ [ ]`              |
+ID of the root folder.
+Leave blank normally.
 
-This backend's interactive configuration wizard provides a selection of
-sensible encoding settings for major FTP servers: ProFTPd, PureFTPd, VsFTPd.
-Just hit a selection number when prompted.
+Fill in to access "Computers" folders (see docs), or for rclone to use
+a non root folder as its starting point.
 
 
-### Standard options
+Properties:
 
-Here are the Standard options specific to ftp (FTP).
+- Config:      root_folder_id
+- Env Var:     RCLONE_DRIVE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
 
-#### --ftp-host
+#### --drive-service-account-credentials
 
-FTP host to connect to.
+Service Account Credentials JSON blob.
 
-E.g. "ftp.example.com".
+Leave blank normally.
+Needed only if you want use SA instead of interactive login.
 
 Properties:
 
-- Config:      host
-- Env Var:     RCLONE_FTP_HOST
+- Config:      service_account_credentials
+- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS
 - Type:        string
-- Required:    true
+- Required:    false
 
-#### --ftp-user
+#### --drive-team-drive
 
-FTP username.
+ID of the Shared Drive (Team Drive).
 
 Properties:
 
-- Config:      user
-- Env Var:     RCLONE_FTP_USER
+- Config:      team_drive
+- Env Var:     RCLONE_DRIVE_TEAM_DRIVE
 - Type:        string
-- Default:     "$USER"
+- Required:    false
 
-#### --ftp-port
+#### --drive-auth-owner-only
 
-FTP port number.
+Only consider files owned by the authenticated user.
 
 Properties:
 
-- Config:      port
-- Env Var:     RCLONE_FTP_PORT
-- Type:        int
-- Default:     21
+- Config:      auth_owner_only
+- Env Var:     RCLONE_DRIVE_AUTH_OWNER_ONLY
+- Type:        bool
+- Default:     false
 
-#### --ftp-pass
+#### --drive-use-trash
 
-FTP password.
+Send files to the trash instead of deleting permanently.
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+Defaults to true, namely sending files to the trash.
+Use `--drive-use-trash=false` to delete files permanently instead.
 
 Properties:
 
-- Config:      pass
-- Env Var:     RCLONE_FTP_PASS
-- Type:        string
-- Required:    false
+- Config:      use_trash
+- Env Var:     RCLONE_DRIVE_USE_TRASH
+- Type:        bool
+- Default:     true
 
-#### --ftp-tls
+#### --drive-copy-shortcut-content
 
-Use Implicit FTPS (FTP over TLS).
+Server side copy contents of shortcuts instead of the shortcut.
 
-When using implicit FTP over TLS the client connects using TLS
-right from the start which breaks compatibility with
-non-TLS-aware servers. This is usually served over port 990 rather
-than port 21. Cannot be used in combination with explicit FTPS.
+When doing server side copies, normally rclone will copy shortcuts as
+shortcuts.
+
+If this flag is used then rclone will copy the contents of shortcuts
+rather than shortcuts themselves when doing server side copies.
 
 Properties:
 
-- Config:      tls
-- Env Var:     RCLONE_FTP_TLS
+- Config:      copy_shortcut_content
+- Env Var:     RCLONE_DRIVE_COPY_SHORTCUT_CONTENT
 - Type:        bool
 - Default:     false
 
-#### --ftp-explicit-tls
+#### --drive-skip-gdocs
 
-Use Explicit FTPS (FTP over TLS).
+Skip google documents in all listings.
 
-When using explicit FTP over TLS the client explicitly requests
-security from the server in order to upgrade a plain text connection
-to an encrypted one. Cannot be used in combination with implicit FTPS.
+If given, gdocs practically become invisible to rclone.
 
 Properties:
 
-- Config:      explicit_tls
-- Env Var:     RCLONE_FTP_EXPLICIT_TLS
+- Config:      skip_gdocs
+- Env Var:     RCLONE_DRIVE_SKIP_GDOCS
 - Type:        bool
 - Default:     false
 
-### Advanced options
-
-Here are the Advanced options specific to ftp (FTP).
-
-#### --ftp-concurrency
-
-Maximum number of FTP simultaneous connections, 0 for unlimited.
-
-Note that setting this is very likely to cause deadlocks so it should
-be used with care.
-
-If you are doing a sync or copy then make sure concurrency is one more
-than the sum of `--transfers` and `--checkers`.
-
-If you use `--check-first` then it just needs to be one more than the
-maximum of `--checkers` and `--transfers`.
+#### --drive-show-all-gdocs
 
-So for `concurrency 3` you'd use `--checkers 2 --transfers 2
---check-first` or `--checkers 1 --transfers 1`.
+Show all Google Docs including non-exportable ones in listings.
 
+If you try a server side copy on a Google Form without this flag, you
+will get this error:
 
+    No export formats found for "application/vnd.google-apps.form"
 
-Properties:
+However adding this flag will allow the form to be server side copied.
 
-- Config:      concurrency
-- Env Var:     RCLONE_FTP_CONCURRENCY
-- Type:        int
-- Default:     0
+Note that rclone doesn't add extensions to the Google Docs file names
+in this mode.
 
-#### --ftp-no-check-certificate
+Do **not** use this flag when trying to download Google Docs - rclone
+will fail to download them.
 
-Do not verify the TLS certificate of the server.
 
 Properties:
 
-- Config:      no_check_certificate
-- Env Var:     RCLONE_FTP_NO_CHECK_CERTIFICATE
+- Config:      show_all_gdocs
+- Env Var:     RCLONE_DRIVE_SHOW_ALL_GDOCS
 - Type:        bool
 - Default:     false
 
-#### --ftp-disable-epsv
+#### --drive-skip-checksum-gphotos
 
-Disable using EPSV even if server advertises support.
+Skip checksums on Google photos and videos only.
 
-Properties:
+Use this if you get checksum errors when transferring Google photos or
+videos.
 
-- Config:      disable_epsv
-- Env Var:     RCLONE_FTP_DISABLE_EPSV
-- Type:        bool
-- Default:     false
+Setting this flag will cause Google photos and videos to return a
+blank checksums.
 
-#### --ftp-disable-mlsd
+Google photos are identified by being in the "photos" space.
 
-Disable using MLSD even if server advertises support.
+Corrupted checksums are caused by Google modifying the image/video but
+not updating the checksum.
 
 Properties:
 
-- Config:      disable_mlsd
-- Env Var:     RCLONE_FTP_DISABLE_MLSD
+- Config:      skip_checksum_gphotos
+- Env Var:     RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS
 - Type:        bool
 - Default:     false
 
-#### --ftp-disable-utf8
+#### --drive-shared-with-me
 
-Disable using UTF-8 even if server advertises support.
+Only show files that are shared with me.
+
+Instructs rclone to operate on your "Shared with me" folder (where
+Google Drive lets you access the files and folders others have shared
+with you).
+
+This works both with the "list" (lsd, lsl, etc.) and the "copy"
+commands (copy, sync, etc.), and with all other commands too.
 
 Properties:
 
-- Config:      disable_utf8
-- Env Var:     RCLONE_FTP_DISABLE_UTF8
+- Config:      shared_with_me
+- Env Var:     RCLONE_DRIVE_SHARED_WITH_ME
 - Type:        bool
 - Default:     false
 
-#### --ftp-writing-mdtm
+#### --drive-trashed-only
 
-Use MDTM to set modification time (VsFtpd quirk)
+Only show files that are in the trash.
+
+This will show trashed files in their original directory structure.
 
 Properties:
 
-- Config:      writing_mdtm
-- Env Var:     RCLONE_FTP_WRITING_MDTM
+- Config:      trashed_only
+- Env Var:     RCLONE_DRIVE_TRASHED_ONLY
 - Type:        bool
 - Default:     false
 
-#### --ftp-force-list-hidden
+#### --drive-starred-only
 
-Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD.
+Only show files that are starred.
 
 Properties:
 
-- Config:      force_list_hidden
-- Env Var:     RCLONE_FTP_FORCE_LIST_HIDDEN
+- Config:      starred_only
+- Env Var:     RCLONE_DRIVE_STARRED_ONLY
 - Type:        bool
 - Default:     false
 
-#### --ftp-idle-timeout
+#### --drive-formats
 
-Max time before closing idle connections.
+Deprecated: See export_formats.
 
-If no connections have been returned to the connection pool in the time
-given, rclone will empty the connection pool.
+Properties:
 
-Set to 0 to keep connections indefinitely.
+- Config:      formats
+- Env Var:     RCLONE_DRIVE_FORMATS
+- Type:        string
+- Required:    false
 
+#### --drive-export-formats
+
+Comma separated list of preferred formats for downloading Google docs.
 
 Properties:
 
-- Config:      idle_timeout
-- Env Var:     RCLONE_FTP_IDLE_TIMEOUT
-- Type:        Duration
-- Default:     1m0s
+- Config:      export_formats
+- Env Var:     RCLONE_DRIVE_EXPORT_FORMATS
+- Type:        string
+- Default:     "docx,xlsx,pptx,svg"
 
-#### --ftp-close-timeout
+#### --drive-import-formats
 
-Maximum time to wait for a response to close.
+Comma separated list of preferred formats for uploading Google docs.
 
 Properties:
 
-- Config:      close_timeout
-- Env Var:     RCLONE_FTP_CLOSE_TIMEOUT
-- Type:        Duration
-- Default:     1m0s
+- Config:      import_formats
+- Env Var:     RCLONE_DRIVE_IMPORT_FORMATS
+- Type:        string
+- Required:    false
 
-#### --ftp-tls-cache-size
+#### --drive-allow-import-name-change
 
-Size of TLS session cache for all control and data connections.
+Allow the filetype to change when uploading Google docs.
 
-TLS cache allows to resume TLS sessions and reuse PSK between connections.
-Increase if default size is not enough resulting in TLS resumption errors.
-Enabled by default. Use 0 to disable.
+E.g. file.doc to file.docx. This will confuse sync and reupload every time.
 
 Properties:
 
-- Config:      tls_cache_size
-- Env Var:     RCLONE_FTP_TLS_CACHE_SIZE
-- Type:        int
-- Default:     32
+- Config:      allow_import_name_change
+- Env Var:     RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE
+- Type:        bool
+- Default:     false
 
-#### --ftp-disable-tls13
+#### --drive-use-created-date
 
-Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+Use file created date instead of modified date.
 
-Properties:
+Useful when downloading data and you want the creation date used in
+place of the last modified date.
 
-- Config:      disable_tls13
-- Env Var:     RCLONE_FTP_DISABLE_TLS13
-- Type:        bool
-- Default:     false
+**WARNING**: This flag may have some unexpected consequences.
 
-#### --ftp-shut-timeout
+When uploading to your drive all files will be overwritten unless they
+haven't been modified since their creation. And the inverse will occur
+while downloading.  This side effect can be avoided by using the
+"--checksum" flag.
 
-Maximum time to wait for data connection closing status.
+This feature was implemented to retain photos capture date as recorded
+by google photos. You will first need to check the "Create a Google
+Photos folder" option in your google drive settings. You can then copy
+or move the photos locally and use the date the image was taken
+(created) set as the modification date.
 
 Properties:
 
-- Config:      shut_timeout
-- Env Var:     RCLONE_FTP_SHUT_TIMEOUT
-- Type:        Duration
-- Default:     1m0s
+- Config:      use_created_date
+- Env Var:     RCLONE_DRIVE_USE_CREATED_DATE
+- Type:        bool
+- Default:     false
 
-#### --ftp-ask-password
+#### --drive-use-shared-date
 
-Allow asking for FTP password when needed.
+Use date file was shared instead of modified date.
 
-If this is set and no password is supplied then rclone will ask for a password
+Note that, as with "--drive-use-created-date", this flag may have
+unexpected consequences when uploading/downloading files.
 
+If both this flag and "--drive-use-created-date" are set, the created
+date is used.
 
 Properties:
 
-- Config:      ask_password
-- Env Var:     RCLONE_FTP_ASK_PASSWORD
+- Config:      use_shared_date
+- Env Var:     RCLONE_DRIVE_USE_SHARED_DATE
 - Type:        bool
 - Default:     false
 
-#### --ftp-encoding
+#### --drive-list-chunk
 
-The encoding for the backend.
+Size of listing chunk 100-1000, 0 to disable.
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Properties:
+
+- Config:      list_chunk
+- Env Var:     RCLONE_DRIVE_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --drive-impersonate
+
+Impersonate this user when using a service account.
 
 Properties:
 
-- Config:      encoding
-- Env Var:     RCLONE_FTP_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,Del,Ctl,RightSpace,Dot
-- Examples:
-    - "Asterisk,Ctl,Dot,Slash"
-        - ProFTPd can't handle '*' in file names
-    - "BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket"
-        - PureFTPd can't handle '[]' or '*' in file names
-    - "Ctl,LeftPeriod,Slash"
-        - VsFTPd can't handle file names starting with dot
+- Config:      impersonate
+- Env Var:     RCLONE_DRIVE_IMPERSONATE
+- Type:        string
+- Required:    false
 
+#### --drive-upload-cutoff
 
+Cutoff for switching to chunked upload.
 
-## Limitations
+Properties:
 
-FTP servers acting as rclone remotes must support `passive` mode.
-The mode cannot be configured as `passive` is the only supported one.
-Rclone's FTP implementation is not compatible with `active` mode
-as [the library it uses doesn't support it](https://github.com/jlaffaye/ftp/issues/29).
-This will likely never be supported due to security concerns.
+- Config:      upload_cutoff
+- Env Var:     RCLONE_DRIVE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     8Mi
 
-Rclone's FTP backend does not support any checksums but can compare
-file sizes.
+#### --drive-chunk-size
 
-`rclone about` is not supported by the FTP backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+Upload chunk size.
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+Must a power of 2 >= 256k.
 
-The implementation of : `--dump headers`,
-`--dump bodies`, `--dump auth` for debugging isn't the same as
-for rclone HTTP based backends - it has less fine grained control.
+Making this larger will improve performance, but note that each chunk
+is buffered in memory one per transfer.
 
-`--timeout` isn't supported (but `--contimeout` is).
+Reducing this will reduce memory usage but decrease performance.
 
-`--bind` isn't supported.
+Properties:
 
-Rclone's FTP backend could support server-side move but does not
-at present.
+- Config:      chunk_size
+- Env Var:     RCLONE_DRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     8Mi
 
-The `ftp_proxy` environment variable is not currently supported.
+#### --drive-acknowledge-abuse
 
-#### Modified time
+Set to allow files which return cannotDownloadAbusiveFile to be downloaded.
 
-File modification time (timestamps) is supported to 1 second resolution
-for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP server.
-The `VsFTPd` server has non-standard implementation of time related protocol
-commands and needs a special configuration setting: `writing_mdtm = true`.
+If downloading a file returns the error "This file has been identified
+as malware or spam and cannot be downloaded" with the error code
+"cannotDownloadAbusiveFile" then supply this flag to rclone to
+indicate you acknowledge the risks of downloading the file and rclone
+will download it anyway.
 
-Support for precise file time with other FTP servers varies depending on what
-protocol extensions they advertise. If all the `MLSD`, `MDTM` and `MFTM`
-extensions are present, rclone will use them together to provide precise time.
-Otherwise the times you see on the FTP server through rclone are those of the
-last file upload.
+Note that if you are using service account it will need Manager
+permission (not Content Manager) to for this flag to work. If the SA
+does not have the right permission, Google will just ignore the flag.
 
-You can use the following command to check whether rclone can use precise time
-with your FTP server: `rclone backend features your_ftp_remote:` (the trailing
-colon is important). Look for the number in the line tagged by `Precision`
-designating the remote time precision expressed as nanoseconds. A value of
-`1000000000` means that file time precision of 1 second is available.
-A value of `3153600000000000000` (or another large number) means "unsupported".
+Properties:
 
-#  Google Cloud Storage
+- Config:      acknowledge_abuse
+- Env Var:     RCLONE_DRIVE_ACKNOWLEDGE_ABUSE
+- Type:        bool
+- Default:     false
 
-Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
-command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+#### --drive-keep-revision-forever
 
-## Configuration
+Keep new head revision of each file forever.
 
-The initial setup for google cloud storage involves getting a token from Google Cloud Storage
-which you need to do in your browser.  `rclone config` walks you
-through it.
+Properties:
 
-Here is an example of how to make a remote called `remote`.  First run:
+- Config:      keep_revision_forever
+- Env Var:     RCLONE_DRIVE_KEEP_REVISION_FOREVER
+- Type:        bool
+- Default:     false
 
-     rclone config
+#### --drive-size-as-quota
 
-This will guide you through an interactive setup process:
+Show sizes as storage quota usage, not actual size.
 
-```
-n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Cloud Storage (this is not Google Drive)
-   \ "google cloud storage"
-[snip]
-Storage> google cloud storage
-Google Application Client Id - leave blank normally.
-client_id>
-Google Application Client Secret - leave blank normally.
-client_secret>
-Project number optional - needed only for list/create/delete buckets - see your developer console.
-project_number> 12345678
-Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-service_account_file>
-Access Control List for new objects.
-Choose a number from below, or type in your own value
- 1 / Object owner gets OWNER access, and all Authenticated Users get READER access.
-   \ "authenticatedRead"
- 2 / Object owner gets OWNER access, and project team owners get OWNER access.
-   \ "bucketOwnerFullControl"
- 3 / Object owner gets OWNER access, and project team owners get READER access.
-   \ "bucketOwnerRead"
- 4 / Object owner gets OWNER access [default if left blank].
-   \ "private"
- 5 / Object owner gets OWNER access, and project team members get access according to their roles.
-   \ "projectPrivate"
- 6 / Object owner gets OWNER access, and all Users get READER access.
-   \ "publicRead"
-object_acl> 4
-Access Control List for new buckets.
-Choose a number from below, or type in your own value
- 1 / Project team owners get OWNER access, and all Authenticated Users get READER access.
-   \ "authenticatedRead"
- 2 / Project team owners get OWNER access [default if left blank].
-   \ "private"
- 3 / Project team members get access according to their roles.
-   \ "projectPrivate"
- 4 / Project team owners get OWNER access, and all Users get READER access.
-   \ "publicRead"
- 5 / Project team owners get OWNER access, and all Users get WRITER access.
-   \ "publicReadWrite"
-bucket_acl> 2
-Location for the newly created buckets.
-Choose a number from below, or type in your own value
- 1 / Empty for default location (US).
-   \ ""
- 2 / Multi-regional location for Asia.
-   \ "asia"
- 3 / Multi-regional location for Europe.
-   \ "eu"
- 4 / Multi-regional location for United States.
-   \ "us"
- 5 / Taiwan.
-   \ "asia-east1"
- 6 / Tokyo.
-   \ "asia-northeast1"
- 7 / Singapore.
-   \ "asia-southeast1"
- 8 / Sydney.
-   \ "australia-southeast1"
- 9 / Belgium.
-   \ "europe-west1"
-10 / London.
-   \ "europe-west2"
-11 / Iowa.
-   \ "us-central1"
-12 / South Carolina.
-   \ "us-east1"
-13 / Northern Virginia.
-   \ "us-east4"
-14 / Oregon.
-   \ "us-west1"
-location> 12
-The storage class to use when storing objects in Google Cloud Storage.
-Choose a number from below, or type in your own value
- 1 / Default
-   \ ""
- 2 / Multi-regional storage class
-   \ "MULTI_REGIONAL"
- 3 / Regional storage class
-   \ "REGIONAL"
- 4 / Nearline storage class
-   \ "NEARLINE"
- 5 / Coldline storage class
-   \ "COLDLINE"
- 6 / Durable reduced availability storage class
-   \ "DURABLE_REDUCED_AVAILABILITY"
-storage_class> 5
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = google cloud storage
-client_id =
-client_secret =
-token = {"AccessToken":"xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx","Expiry":"2014-07-17T20:49:14.929208288+01:00","Extra":null}
-project_number = 12345678
-object_acl = private
-bucket_acl = private
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+Show the size of a file as the storage quota used. This is the
+current version plus any older versions that have been set to keep
+forever.
 
-See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
-machine with no Internet browser available.
+**WARNING**: This flag may have some unexpected consequences.
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically 
-authenticate. This only
-runs from the moment it opens your browser to the moment you get back
-the verification code.  This is on `http://127.0.0.1:53682/` and this
-it may require you to unblock it temporarily if you are running a host
-firewall, or use manual mode.
+It is not recommended to set this flag in your config - the
+recommended usage is using the flag form --drive-size-as-quota when
+doing rclone ls/lsl/lsf/lsjson/etc only.
+
+If you do use this flag for syncing (not recommended) then you will
+need to use --ignore size also.
+
+Properties:
+
+- Config:      size_as_quota
+- Env Var:     RCLONE_DRIVE_SIZE_AS_QUOTA
+- Type:        bool
+- Default:     false
 
-This remote is called `remote` and can now be used like this
+#### --drive-v2-download-min-size
 
-See all the buckets in your project
+If Object's are greater, use drive v2 API to download.
 
-    rclone lsd remote:
+Properties:
 
-Make a new bucket
+- Config:      v2_download_min_size
+- Env Var:     RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE
+- Type:        SizeSuffix
+- Default:     off
 
-    rclone mkdir remote:bucket
+#### --drive-pacer-min-sleep
 
-List the contents of a bucket
+Minimum time to sleep between API calls.
 
-    rclone ls remote:bucket
+Properties:
 
-Sync `/home/local/directory` to the remote bucket, deleting any excess
-files in the bucket.
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_DRIVE_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     100ms
 
-    rclone sync --interactive /home/local/directory remote:bucket
+#### --drive-pacer-burst
 
-### Service Account support
+Number of API calls to allow without sleeping.
 
-You can set up rclone with Google Cloud Storage in an unattended mode,
-i.e. not tied to a specific end-user Google account. This is useful
-when you want to synchronise files onto machines that don't have
-actively logged-in users, for example build machines.
+Properties:
 
-To get credentials for Google Cloud Platform
-[IAM Service Accounts](https://cloud.google.com/iam/docs/service-accounts),
-please head to the
-[Service Account](https://console.cloud.google.com/permissions/serviceaccounts)
-section of the Google Developer Console. Service Accounts behave just
-like normal `User` permissions in
-[Google Cloud Storage ACLs](https://cloud.google.com/storage/docs/access-control),
-so you can limit their access (e.g. make them read only). After
-creating an account, a JSON file containing the Service Account's
-credentials will be downloaded onto your machines. These credentials
-are what rclone will use for authentication.
+- Config:      pacer_burst
+- Env Var:     RCLONE_DRIVE_PACER_BURST
+- Type:        int
+- Default:     100
 
-To use a Service Account instead of OAuth2 token flow, enter the path
-to your Service Account credentials at the `service_account_file`
-prompt and rclone won't use the browser based authentication
-flow. If you'd rather stuff the contents of the credentials file into
-the rclone config file, you can set `service_account_credentials` with
-the actual contents of the file instead, or set the equivalent
-environment variable.
+#### --drive-server-side-across-configs
 
-### Anonymous Access
+Deprecated: use --server-side-across-configs instead.
 
-For downloads of objects that permit public access you can configure rclone
-to use anonymous access by setting `anonymous` to `true`.
-With unauthorized access you can't write or create files but only read or list
-those buckets and objects that have public read access.
+Allow server-side operations (e.g. copy) to work across different drive configs.
 
-### Application Default Credentials
+This can be useful if you wish to do a server-side copy between two
+different Google drives.  Note that this isn't enabled by default
+because it isn't easy to tell if it will work between any two
+configurations.
 
-If no other source of credentials is provided, rclone will fall back
-to
-[Application Default Credentials](https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials)
-this is useful both when you already have configured authentication
-for your developer account, or in production when running on a google
-compute host. Note that if running in docker, you may need to run
-additional commands on your google compute machine -
-[see this page](https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper).
+Properties:
 
-Note that in the case application default credentials are used, there
-is no need to explicitly configure a project number.
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
 
-### --fast-list
+#### --drive-disable-http2
 
-This remote supports `--fast-list` which allows you to use fewer
-transactions in exchange for more memory. See the [rclone
-docs](https://rclone.org/docs/#fast-list) for more details.
+Disable drive using http2.
 
-### Custom upload headers
+There is currently an unsolved issue with the google drive backend and
+HTTP/2.  HTTP/2 is therefore disabled by default for the drive backend
+but can be re-enabled here.  When the issue is solved this flag will
+be removed.
 
-You can set custom upload headers with the `--header-upload`
-flag. Google Cloud Storage supports the headers as described in the
-[working with metadata documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WorkingWithObjectMetadata)
+See: https://github.com/rclone/rclone/issues/3631
 
-- Cache-Control
-- Content-Disposition
-- Content-Encoding
-- Content-Language
-- Content-Type
-- X-Goog-Storage-Class
-- X-Goog-Meta-
 
-Eg `--header-upload "Content-Type text/potato"`
 
-Note that the last of these is for setting custom metadata in the form
-`--header-upload "x-goog-meta-key: value"`
+Properties:
 
-### Modification time
+- Config:      disable_http2
+- Env Var:     RCLONE_DRIVE_DISABLE_HTTP2
+- Type:        bool
+- Default:     true
 
-Google Cloud Storage stores md5sum natively.
-Google's [gsutil](https://cloud.google.com/storage/docs/gsutil) tool stores modification time
-with one-second precision as `goog-reserved-file-mtime` in file metadata.
+#### --drive-stop-on-upload-limit
 
-To ensure compatibility with gsutil, rclone stores modification time in 2 separate metadata entries.
-`mtime` uses RFC3339 format with one-nanosecond precision.
-`goog-reserved-file-mtime` uses Unix timestamp format with one-second precision.
-To get modification time from object metadata, rclone reads the metadata in the following order: `mtime`, `goog-reserved-file-mtime`, object updated time.
+Make upload limit errors be fatal.
 
-Note that rclone's default modify window is 1ns.
-Files uploaded by gsutil only contain timestamps with one-second precision.
-If you use rclone to sync files previously uploaded by gsutil,
-rclone will attempt to update modification time for all these files.
-To avoid these possibly unnecessary updates, use `--modify-window 1s`.
+At the time of writing it is only possible to upload 750 GiB of data to
+Google Drive a day (this is an undocumented limit). When this limit is
+reached Google Drive produces a slightly different error message. When
+this flag is set it causes these errors to be fatal.  These will stop
+the in-progress sync.
 
-### Restricted filename characters
+Note that this detection is relying on error message strings which
+Google don't document so it may break in the future.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| NUL       | 0x00  | ␀           |
-| LF        | 0x0A  | ␊           |
-| CR        | 0x0D  | ␍           |
-| /         | 0x2F  | ／          |
+See: https://github.com/rclone/rclone/issues/3857
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
 
+Properties:
 
-### Standard options
+- Config:      stop_on_upload_limit
+- Env Var:     RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT
+- Type:        bool
+- Default:     false
 
-Here are the Standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
+#### --drive-stop-on-download-limit
 
-#### --gcs-client-id
+Make download limit errors be fatal.
 
-OAuth Client Id.
+At the time of writing it is only possible to download 10 TiB of data from
+Google Drive a day (this is an undocumented limit). When this limit is
+reached Google Drive produces a slightly different error message. When
+this flag is set it causes these errors to be fatal.  These will stop
+the in-progress sync.
+
+Note that this detection is relying on error message strings which
+Google don't document so it may break in the future.
 
-Leave blank normally.
 
 Properties:
 
-- Config:      client_id
-- Env Var:     RCLONE_GCS_CLIENT_ID
-- Type:        string
-- Required:    false
+- Config:      stop_on_download_limit
+- Env Var:     RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT
+- Type:        bool
+- Default:     false
 
-#### --gcs-client-secret
+#### --drive-skip-shortcuts
 
-OAuth Client Secret.
+If set skip shortcut files.
+
+Normally rclone dereferences shortcut files making them appear as if
+they are the original file (see [the shortcuts section](#shortcuts)).
+If this flag is set then rclone will ignore shortcut files completely.
 
-Leave blank normally.
 
 Properties:
 
-- Config:      client_secret
-- Env Var:     RCLONE_GCS_CLIENT_SECRET
-- Type:        string
-- Required:    false
+- Config:      skip_shortcuts
+- Env Var:     RCLONE_DRIVE_SKIP_SHORTCUTS
+- Type:        bool
+- Default:     false
 
-#### --gcs-project-number
+#### --drive-skip-dangling-shortcuts
 
-Project number.
+If set skip dangling shortcut files.
+
+If this is set then rclone will not show any dangling shortcuts in listings.
 
-Optional - needed only for list/create/delete buckets - see your developer console.
 
 Properties:
 
-- Config:      project_number
-- Env Var:     RCLONE_GCS_PROJECT_NUMBER
-- Type:        string
-- Required:    false
+- Config:      skip_dangling_shortcuts
+- Env Var:     RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS
+- Type:        bool
+- Default:     false
 
-#### --gcs-service-account-file
+#### --drive-resource-key
 
-Service Account Credentials JSON file path.
+Resource key for accessing a link-shared file.
 
-Leave blank normally.
-Needed only if you want use SA instead of interactive login.
+If you need to access files shared with a link like this
 
-Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
+    https://drive.google.com/drive/folders/XXX?resourcekey=YYY&usp=sharing
 
-Properties:
+Then you will need to use the first part "XXX" as the "root_folder_id"
+and the second part "YYY" as the "resource_key" otherwise you will get
+404 not found errors when trying to access the directory.
 
-- Config:      service_account_file
-- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_FILE
-- Type:        string
-- Required:    false
+See: https://developers.google.com/drive/api/guides/resource-keys
 
-#### --gcs-service-account-credentials
+This resource key requirement only applies to a subset of old files.
 
-Service Account Credentials JSON blob.
+Note also that opening the folder once in the web interface (with the
+user you've authenticated rclone with) seems to be enough so that the
+resource key is not needed.
 
-Leave blank normally.
-Needed only if you want use SA instead of interactive login.
 
 Properties:
 
-- Config:      service_account_credentials
-- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
+- Config:      resource_key
+- Env Var:     RCLONE_DRIVE_RESOURCE_KEY
 - Type:        string
 - Required:    false
 
-#### --gcs-anonymous
+#### --drive-fast-list-bug-fix
 
-Access public buckets and objects without credentials.
+Work around a bug in Google Drive listing.
 
-Set to 'true' if you just want to download files and don't configure credentials.
+Normally rclone will work around a bug in Google Drive when using
+--fast-list (ListR) where the search "(A in parents) or (B in
+parents)" returns nothing sometimes. See #3114, #4289 and
+https://issuetracker.google.com/issues/149522397
 
-Properties:
+Rclone detects this by finding no items in more than one directory
+when listing and retries them as lists of individual directories.
 
-- Config:      anonymous
-- Env Var:     RCLONE_GCS_ANONYMOUS
-- Type:        bool
-- Default:     false
+This means that if you have a lot of empty directories rclone will end
+up listing them all individually and this can take many more API
+calls.
 
-#### --gcs-object-acl
+This flag allows the work-around to be disabled. This is **not**
+recommended in normal use - only if you have a particular case you are
+having trouble with like many empty directories.
 
-Access Control List for new objects.
 
 Properties:
 
-- Config:      object_acl
-- Env Var:     RCLONE_GCS_OBJECT_ACL
-- Type:        string
-- Required:    false
-- Examples:
-    - "authenticatedRead"
-        - Object owner gets OWNER access.
-        - All Authenticated Users get READER access.
-    - "bucketOwnerFullControl"
-        - Object owner gets OWNER access.
-        - Project team owners get OWNER access.
-    - "bucketOwnerRead"
-        - Object owner gets OWNER access.
-        - Project team owners get READER access.
-    - "private"
-        - Object owner gets OWNER access.
-        - Default if left blank.
-    - "projectPrivate"
-        - Object owner gets OWNER access.
-        - Project team members get access according to their roles.
-    - "publicRead"
-        - Object owner gets OWNER access.
-        - All Users get READER access.
+- Config:      fast_list_bug_fix
+- Env Var:     RCLONE_DRIVE_FAST_LIST_BUG_FIX
+- Type:        bool
+- Default:     true
 
-#### --gcs-bucket-acl
+#### --drive-metadata-owner
+
+Control whether owner should be read or written in metadata.
+
+Owner is a standard part of the file metadata so is easy to read. But it
+isn't always desirable to set the owner from the metadata.
+
+Note that you can't set the owner on Shared Drives, and that setting
+ownership will generate an email to the new owner (this can't be
+disabled), and you can't transfer ownership to someone outside your
+organization.
 
-Access Control List for new buckets.
 
 Properties:
 
-- Config:      bucket_acl
-- Env Var:     RCLONE_GCS_BUCKET_ACL
-- Type:        string
-- Required:    false
+- Config:      metadata_owner
+- Env Var:     RCLONE_DRIVE_METADATA_OWNER
+- Type:        Bits
+- Default:     read
 - Examples:
-    - "authenticatedRead"
-        - Project team owners get OWNER access.
-        - All Authenticated Users get READER access.
-    - "private"
-        - Project team owners get OWNER access.
-        - Default if left blank.
-    - "projectPrivate"
-        - Project team members get access according to their roles.
-    - "publicRead"
-        - Project team owners get OWNER access.
-        - All Users get READER access.
-    - "publicReadWrite"
-        - Project team owners get OWNER access.
-        - All Users get WRITER access.
+    - "off"
+        - Do not read or write the value
+    - "read"
+        - Read the value only
+    - "write"
+        - Write the value only
+    - "read,write"
+        - Read and Write the value.
 
-#### --gcs-bucket-policy-only
+#### --drive-metadata-permissions
 
-Access checks should use bucket-level IAM policies.
+Control whether permissions should be read or written in metadata.
 
-If you want to upload objects to a bucket with Bucket Policy Only set
-then you will need to set this.
+Reading permissions metadata from files can be done quickly, but it
+isn't always desirable to set the permissions from the metadata.
 
-When it is set, rclone:
+Note that rclone drops any inherited permissions on Shared Drives and
+any owner permission on My Drives as these are duplicated in the owner
+metadata.
 
-- ignores ACLs set on buckets
-- ignores ACLs set on objects
-- creates buckets with Bucket Policy Only set
 
-Docs: https://cloud.google.com/storage/docs/bucket-policy-only
+Properties:
 
+- Config:      metadata_permissions
+- Env Var:     RCLONE_DRIVE_METADATA_PERMISSIONS
+- Type:        Bits
+- Default:     off
+- Examples:
+    - "off"
+        - Do not read or write the value
+    - "read"
+        - Read the value only
+    - "write"
+        - Write the value only
+    - "read,write"
+        - Read and Write the value.
 
-Properties:
+#### --drive-metadata-labels
 
-- Config:      bucket_policy_only
-- Env Var:     RCLONE_GCS_BUCKET_POLICY_ONLY
-- Type:        bool
-- Default:     false
+Control whether labels should be read or written in metadata.
 
-#### --gcs-location
+Reading labels metadata from files takes an extra API transaction and
+will slow down listings. It isn't always desirable to set the labels
+from the metadata.
+
+The format of labels is documented in the drive API documentation at
+https://developers.google.com/drive/api/reference/rest/v3/Label -
+rclone just provides a JSON dump of this format.
+
+When setting labels, the label and fields must already exist - rclone
+will not create them. This means that if you are transferring labels
+from two different accounts you will have to create the labels in
+advance and use the metadata mapper to translate the IDs between the
+two accounts.
 
-Location for the newly created buckets.
 
 Properties:
 
-- Config:      location
-- Env Var:     RCLONE_GCS_LOCATION
-- Type:        string
-- Required:    false
+- Config:      metadata_labels
+- Env Var:     RCLONE_DRIVE_METADATA_LABELS
+- Type:        Bits
+- Default:     off
 - Examples:
-    - ""
-        - Empty for default location (US)
-    - "asia"
-        - Multi-regional location for Asia
-    - "eu"
-        - Multi-regional location for Europe
-    - "us"
-        - Multi-regional location for United States
-    - "asia-east1"
-        - Taiwan
-    - "asia-east2"
-        - Hong Kong
-    - "asia-northeast1"
-        - Tokyo
-    - "asia-northeast2"
-        - Osaka
-    - "asia-northeast3"
-        - Seoul
-    - "asia-south1"
-        - Mumbai
-    - "asia-south2"
-        - Delhi
-    - "asia-southeast1"
-        - Singapore
-    - "asia-southeast2"
-        - Jakarta
-    - "australia-southeast1"
-        - Sydney
-    - "australia-southeast2"
-        - Melbourne
-    - "europe-north1"
-        - Finland
-    - "europe-west1"
-        - Belgium
-    - "europe-west2"
-        - London
-    - "europe-west3"
-        - Frankfurt
-    - "europe-west4"
-        - Netherlands
-    - "europe-west6"
-        - Zürich
-    - "europe-central2"
-        - Warsaw
-    - "us-central1"
-        - Iowa
-    - "us-east1"
-        - South Carolina
-    - "us-east4"
-        - Northern Virginia
-    - "us-west1"
-        - Oregon
-    - "us-west2"
-        - California
-    - "us-west3"
-        - Salt Lake City
-    - "us-west4"
-        - Las Vegas
-    - "northamerica-northeast1"
-        - Montréal
-    - "northamerica-northeast2"
-        - Toronto
-    - "southamerica-east1"
-        - São Paulo
-    - "southamerica-west1"
-        - Santiago
-    - "asia1"
-        - Dual region: asia-northeast1 and asia-northeast2.
-    - "eur4"
-        - Dual region: europe-north1 and europe-west4.
-    - "nam4"
-        - Dual region: us-central1 and us-east1.
+    - "off"
+        - Do not read or write the value
+    - "read"
+        - Read the value only
+    - "write"
+        - Write the value only
+    - "read,write"
+        - Read and Write the value.
 
-#### --gcs-storage-class
+#### --drive-encoding
 
-The storage class to use when storing objects in Google Cloud Storage.
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
 Properties:
 
-- Config:      storage_class
-- Env Var:     RCLONE_GCS_STORAGE_CLASS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "MULTI_REGIONAL"
-        - Multi-regional storage class
-    - "REGIONAL"
-        - Regional storage class
-    - "NEARLINE"
-        - Nearline storage class
-    - "COLDLINE"
-        - Coldline storage class
-    - "ARCHIVE"
-        - Archive storage class
-    - "DURABLE_REDUCED_AVAILABILITY"
-        - Durable reduced availability storage class
+- Config:      encoding
+- Env Var:     RCLONE_DRIVE_ENCODING
+- Type:        Encoding
+- Default:     InvalidUtf8
 
-#### --gcs-env-auth
+#### --drive-env-auth
 
-Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars).
+Get IAM credentials from runtime (environment variables or instance meta data if no env vars).
 
 Only applies if service_account_file and service_account_credentials is blank.
 
 Properties:
 
 - Config:      env_auth
-- Env Var:     RCLONE_GCS_ENV_AUTH
+- Env Var:     RCLONE_DRIVE_ENV_AUTH
 - Type:        bool
 - Default:     false
 - Examples:
@@ -28584,430 +33916,457 @@ Properties:
     - "true"
         - Get GCP IAM credentials from the environment (env vars or IAM).
 
-### Advanced options
+### Metadata
 
-Here are the Advanced options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
+User metadata is stored in the properties field of the drive object.
 
-#### --gcs-token
+Here are the possible system metadata items for the drive backend.
 
-OAuth Access Token as a JSON blob.
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation) with mS accuracy. Note that this is only writable on fresh uploads - it can't be written for updates. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| content-type | The MIME type of the file. | string | text/plain | N |
+| copy-requires-writer-permission | Whether the options to copy, print, or download this file, should be disabled for readers and commenters. | boolean | true | N |
+| description | A short description of the file. | string | Contract for signing | N |
+| folder-color-rgb | The color for a folder or a shortcut to a folder as an RGB hex string. | string | 881133 | N |
+| labels | Labels attached to this file in a JSON dump of Googled drive format. Enable with --drive-metadata-labels. | JSON | [] | N |
+| mtime | Time of last modification with mS accuracy. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| owner | The owner of the file. Usually an email address. Enable with --drive-metadata-owner. | string | user@example.com | N |
+| permissions | Permissions in a JSON dump of Google drive format. On shared drives these will only be present if they aren't inherited. Enable with --drive-metadata-permissions. | JSON | {} | N |
+| starred | Whether the user has starred the file. | boolean | false | N |
+| viewed-by-me | Whether the file has been viewed by this user. | boolean | true | **Y** |
+| writers-can-share | Whether users with only writer permission can modify the file's permissions. Not populated for items in shared drives. | boolean | false | N |
 
-Properties:
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-- Config:      token
-- Env Var:     RCLONE_GCS_TOKEN
-- Type:        string
-- Required:    false
+## Backend commands
 
-#### --gcs-auth-url
+Here are the commands specific to the drive backend.
 
-Auth server URL.
+Run them with
 
-Leave blank to use the provider defaults.
+    rclone backend COMMAND remote:
 
-Properties:
+The help below will explain what arguments each command takes.
 
-- Config:      auth_url
-- Env Var:     RCLONE_GCS_AUTH_URL
-- Type:        string
-- Required:    false
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
 
-#### --gcs-token-url
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### get
+
+Get command for fetching the drive config parameters
+
+    rclone backend get remote: [options] [<arguments>+]
+
+This is a get command which will be used to fetch the various drive config parameters
+
+Usage Examples:
+
+    rclone backend get drive: [-o service_account_file] [-o chunk_size]
+    rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
+
+
+Options:
+
+- "chunk_size": show the current upload chunk size
+- "service_account_file": show the current service account file
+
+### set
+
+Set command for updating the drive config parameters
+
+    rclone backend set remote: [options] [<arguments>+]
+
+This is a set command which will be used to update the various drive config parameters
+
+Usage Examples:
+
+    rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+    rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+
+
+Options:
+
+- "chunk_size": update the current upload chunk size
+- "service_account_file": update the current service account file
+
+### shortcut
+
+Create shortcuts from files or directories
+
+    rclone backend shortcut remote: [options] [<arguments>+]
+
+This command creates shortcuts from files or directories.
+
+Usage:
+
+    rclone backend shortcut drive: source_item destination_shortcut
+    rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
+
+In the first example this creates a shortcut from the "source_item"
+which can be a file or a directory to the "destination_shortcut". The
+"source_item" and the "destination_shortcut" should be relative paths
+from "drive:"
 
-Token server url.
+In the second example this creates a shortcut from the "source_item"
+relative to "drive:" to the "destination_shortcut" relative to
+"drive2:". This may fail with a permission error if the user
+authenticated with "drive2:" can't read files from "drive:".
 
-Leave blank to use the provider defaults.
 
-Properties:
+Options:
 
-- Config:      token_url
-- Env Var:     RCLONE_GCS_TOKEN_URL
-- Type:        string
-- Required:    false
+- "target": optional target remote for the shortcut destination
 
-#### --gcs-no-check-bucket
+### drives
 
-If set, don't attempt to check the bucket exists or create it.
+List the Shared Drives available to this account
 
-This can be useful when trying to minimise the number of transactions
-rclone does if you know the bucket exists already.
+    rclone backend drives remote: [options] [<arguments>+]
 
+This command lists the Shared Drives (Team Drives) available to this
+account.
 
-Properties:
+Usage:
 
-- Config:      no_check_bucket
-- Env Var:     RCLONE_GCS_NO_CHECK_BUCKET
-- Type:        bool
-- Default:     false
+    rclone backend [-o config] drives drive:
 
-#### --gcs-decompress
+This will return a JSON list of objects like this
 
-If set this will decompress gzip encoded objects.
+    [
+        {
+            "id": "0ABCDEF-01234567890",
+            "kind": "drive#teamDrive",
+            "name": "My Drive"
+        },
+        {
+            "id": "0ABCDEFabcdefghijkl",
+            "kind": "drive#teamDrive",
+            "name": "Test Drive"
+        }
+    ]
 
-It is possible to upload objects to GCS with "Content-Encoding: gzip"
-set. Normally rclone will download these files as compressed objects.
+With the -o config parameter it will output the list in a format
+suitable for adding to a config file to make aliases for all the
+drives found and a combined drive.
 
-If this flag is set then rclone will decompress these files with
-"Content-Encoding: gzip" as they are received. This means that rclone
-can't check the size and hash but the file contents will be decompressed.
+    [My Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
 
+    [Test Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
 
-Properties:
+    [AllDrives]
+    type = combine
+    upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
 
-- Config:      decompress
-- Env Var:     RCLONE_GCS_DECOMPRESS
-- Type:        bool
-- Default:     false
+Adding this to the rclone config file will cause those team drives to
+be accessible with the aliases shown. Any illegal characters will be
+substituted with "_" and duplicate names will have numbers suffixed.
+It will also add a remote called AllDrives which shows all the shared
+drives combined into one directory tree.
 
-#### --gcs-endpoint
 
-Endpoint for the service.
+### untrash
 
-Leave blank normally.
+Untrash files and directories
 
-Properties:
+    rclone backend untrash remote: [options] [<arguments>+]
 
-- Config:      endpoint
-- Env Var:     RCLONE_GCS_ENDPOINT
-- Type:        string
-- Required:    false
+This command untrashes all the files and directories in the directory
+passed in recursively.
 
-#### --gcs-encoding
+Usage:
 
-The encoding for the backend.
+This takes an optional directory to trash which make this easier to
+use via the API.
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+    rclone backend untrash drive:directory
+    rclone backend --interactive untrash drive:directory subdir
 
-Properties:
+Use the --interactive/-i or --dry-run flag to see what would be restored before restoring it.
 
-- Config:      encoding
-- Env Var:     RCLONE_GCS_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,CrLf,InvalidUtf8,Dot
+Result:
 
+    {
+        "Untrashed": 17,
+        "Errors": 0
+    }
 
 
-## Limitations
+### copyid
 
-`rclone about` is not supported by the Google Cloud Storage backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+Copy files by ID
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+    rclone backend copyid remote: [options] [<arguments>+]
 
-#  Google Drive
+This command copies files by ID
 
-Paths are specified as `drive:path`
+Usage:
 
-Drive paths may be as deep as required, e.g. `drive:directory/subdirectory`.
+    rclone backend copyid drive: ID path
+    rclone backend copyid drive: ID1 path1 ID2 path2
 
-## Configuration
+It copies the drive file with ID given to the path (an rclone path which
+will be passed internally to rclone copyto). The ID and path pairs can be
+repeated.
 
-The initial setup for drive involves getting a token from Google drive
-which you need to do in your browser.  `rclone config` walks you
-through it.
+The path should end with a / to indicate copy the file as named to
+this directory. If it doesn't end with a / then the last path
+component will be used as the file name.
 
-Here is an example of how to make a remote called `remote`.  First run:
+If the destination is a drive backend then server-side copying will be
+attempted if possible.
 
-     rclone config
+Use the --interactive/-i or --dry-run flag to see what would be copied before copying.
 
-This will guide you through an interactive setup process:
 
-```
-No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Drive
-   \ "drive"
-[snip]
-Storage> drive
-Google Application Client Id - leave blank normally.
-client_id>
-Google Application Client Secret - leave blank normally.
-client_secret>
-Scope that rclone should use when requesting access from drive.
-Choose a number from below, or type in your own value
- 1 / Full access all files, excluding Application Data Folder.
-   \ "drive"
- 2 / Read-only access to file metadata and file contents.
-   \ "drive.readonly"
-   / Access to files created by rclone only.
- 3 | These are visible in the drive website.
-   | File authorization is revoked when the user deauthorizes the app.
-   \ "drive.file"
-   / Allows read and write access to the Application Data folder.
- 4 | This is not visible in the drive website.
-   \ "drive.appfolder"
-   / Allows read-only access to file metadata but
- 5 | does not allow any access to read or download file content.
-   \ "drive.metadata.readonly"
-scope> 1
-Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-service_account_file>
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-Configure this as a Shared Drive (Team Drive)?
-y) Yes
-n) No
-y/n> n
---------------------
-[remote]
-client_id = 
-client_secret = 
-scope = drive
-root_folder_id = 
-service_account_file =
-token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2014-03-16T13:57:58.955387075Z"}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+### exportformats
 
-See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
-machine with no Internet browser available.
+Dump the export formats for debug purposes
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically 
-authenticate. This only
-runs from the moment it opens your browser to the moment you get back
-the verification code.  This is on `http://127.0.0.1:53682/` and it
-may require you to unblock it temporarily if you are running a host
-firewall, or use manual mode.
+    rclone backend exportformats remote: [options] [<arguments>+]
 
-You can then use it like this,
+### importformats
 
-List directories in top level of your drive
+Dump the import formats for debug purposes
 
-    rclone lsd remote:
+    rclone backend importformats remote: [options] [<arguments>+]
 
-List all the files in your drive
 
-    rclone ls remote:
 
-To copy a local directory to a drive directory called backup
+## Limitations
 
-    rclone copy /home/source remote:backup
+Drive has quite a lot of rate limiting.  This causes rclone to be
+limited to transferring about 2 files per second only.  Individual
+files may be transferred much faster at 100s of MiB/s but lots of
+small files can take a long time.
 
-### Scopes
+Server side copies are also subject to a separate rate limit. If you
+see User rate limit exceeded errors, wait at least 24 hours and retry.
+You can disable server-side copies with `--disable copy` to download
+and upload the files if you prefer.
 
-Rclone allows you to select which scope you would like for rclone to
-use.  This changes what type of token is granted to rclone.  [The
-scopes are defined
-here](https://developers.google.com/drive/v3/web/about-auth).
+### Limitations of Google Docs
 
-The scope are
+Google docs will appear as size -1 in `rclone ls`, `rclone ncdu` etc,
+and as size 0 in anything which uses the VFS layer, e.g. `rclone mount`
+and `rclone serve`. When calculating directory totals, e.g. in
+`rclone size` and `rclone ncdu`, they will be counted in as empty
+files.
 
-#### drive
+This is because rclone can't find out the size of the Google docs
+without downloading them.
 
-This is the default scope and allows full access to all files, except
-for the Application Data Folder (see below).
+Google docs will transfer correctly with `rclone sync`, `rclone copy`
+etc as rclone knows to ignore the size when doing the transfer.
 
-Choose this one if you aren't sure.
+However an unfortunate consequence of this is that you may not be able
+to download Google docs using `rclone mount`. If it doesn't work you
+will get a 0 sized file.  If you try again the doc may gain its
+correct size and be downloadable. Whether it will work on not depends
+on the application accessing the mount and the OS you are running -
+experiment to find out if it does work for you!
 
-#### drive.readonly
+### Duplicated files
 
-This allows read only access to all files.  Files may be listed and
-downloaded but not uploaded, renamed or deleted.
+Sometimes, for no reason I've been able to track down, drive will
+duplicate a file that rclone uploads.  Drive unlike all the other
+remotes can have duplicated files.
 
-#### drive.file
+Duplicated files cause problems with the syncing and you will see
+messages in the log about duplicates.
 
-With this scope rclone can read/view/modify only those files and
-folders it creates.
+Use `rclone dedupe` to fix duplicated files.
 
-So if you uploaded files to drive via the web interface (or any other
-means) they will not be visible to rclone.
+Note that this isn't just a problem with rclone, even Google Photos on
+Android duplicates files on drive sometimes.
 
-This can be useful if you are using rclone to backup data and you want
-to be sure confidential data on your drive is not visible to rclone.
+### Rclone appears to be re-copying files it shouldn't
 
-Files created with this scope are visible in the web interface.
+The most likely cause of this is the duplicated file issue above - run
+`rclone dedupe` and check your logs for duplicate object or directory
+messages.
 
-#### drive.appfolder
+This can also be caused by a delay/caching on google drive's end when
+comparing directory listings. Specifically with team drives used in
+combination with --fast-list. Files that were uploaded recently may
+not appear on the directory list sent to rclone when using --fast-list.
 
-This gives rclone its own private area to store files.  Rclone will
-not be able to see any other files on your drive and you won't be able
-to see rclone's files from the web interface either.
+Waiting a moderate period of time between attempts (estimated to be
+approximately 1 hour) and/or not using --fast-list both seem to be
+effective in preventing the problem.
 
-#### drive.metadata.readonly
+### SHA1 or SHA256 hashes may be missing
 
-This allows read only access to file names only.  It does not allow
-rclone to download or upload data, or rename or delete files or
-directories.
+All files have MD5 hashes, but a small fraction of files uploaded may
+not have SHA1 or SHA256 hashes especially if they were uploaded before 2018.
 
-### Root folder ID
+## Making your own client_id
 
-This option has been moved to the advanced section. You can set the `root_folder_id` for rclone.  This is the directory
-(identified by its `Folder ID`) that rclone considers to be the root
-of your drive.
+When you use rclone with Google drive in its default configuration you
+are using rclone's client_id.  This is shared between all the rclone
+users.  There is a global rate limit on the number of queries per
+second that each client_id can do set by Google.  rclone already has a
+high quota and I will continue to make sure it is high enough by
+contacting Google.
 
-Normally you will leave this blank and rclone will determine the
-correct root to use itself.
+It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.
 
-However you can set this to restrict rclone to a specific folder
-hierarchy or to access data within the "Computers" tab on the drive
-web interface (where files from Google's Backup and Sync desktop
-program go).
+Here is how to create your own Google Drive client ID for rclone:
 
-In order to do this you will have to find the `Folder ID` of the
-directory you wish rclone to display.  This will be the last segment
-of the URL when you open the relevant folder in the drive web
-interface.
+1. Log into the [Google API
+Console](https://console.developers.google.com/) with your Google
+account. It doesn't matter what Google account you use. (It need not
+be the same account as the Google Drive you want to access)
 
-So if the folder you want rclone to use has a URL which looks like
-`https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh`
-in the browser, then you use `1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh` as
-the `root_folder_id` in the config.
+2. Select a project or create a new project.
 
-**NB** folders under the "Computers" tab seem to be read only (drive
-gives a 500 error) when using rclone.
+3. Under "ENABLE APIS AND SERVICES" search for "Drive", and enable the
+"Google Drive API".
 
-There doesn't appear to be an API to discover the folder IDs of the
-"Computers" tab - please contact us if you know otherwise!
+4. Click "Credentials" in the left-side panel (not "Create
+credentials", which opens the wizard).
 
-Note also that rclone can't access any data under the "Backups" tab on
-the google drive web interface yet.
+5. If you already configured an "Oauth Consent Screen", then skip
+to the next step; if not, click on "CONFIGURE CONSENT SCREEN" button 
+(near the top right corner of the right panel), then select "External"
+and click on "CREATE"; on the next screen, enter an "Application name"
+("rclone" is OK); enter "User Support Email" (your own email is OK); 
+enter "Developer Contact Email" (your own email is OK); then click on
+"Save" (all other data is optional). You will also have to add some scopes,
+including `.../auth/docs` and `.../auth/drive` in order to be able to edit,
+create and delete files with RClone. You may also want to include the
+`../auth/drive.metadata.readonly` scope. After adding scopes, click
+"Save and continue" to add test users. Be sure to add your own account to
+the test users. Once you've added yourself as a test user and saved the
+changes, click again on "Credentials" on the left panel to go back to
+the "Credentials" screen.
 
-### Service Account support
+   (PS: if you are a GSuite user, you could also select "Internal" instead
+of "External" above, but this will restrict API use to Google Workspace 
+users in your organisation). 
 
-You can set up rclone with Google Drive in an unattended mode,
-i.e. not tied to a specific end-user Google account. This is useful
-when you want to synchronise files onto machines that don't have
-actively logged-in users, for example build machines.
+6.  Click on the "+ CREATE CREDENTIALS" button at the top of the screen,
+then select "OAuth client ID".
 
-To use a Service Account instead of OAuth2 token flow, enter the path
-to your Service Account credentials at the `service_account_file`
-prompt during `rclone config` and rclone won't use the browser based
-authentication flow. If you'd rather stuff the contents of the
-credentials file into the rclone config file, you can set
-`service_account_credentials` with the actual contents of the file
-instead, or set the equivalent environment variable.
+7. Choose an application type of "Desktop app" and click "Create". (the default name is fine)
 
-#### Use case - Google Apps/G-suite account and individual Drive
+8. It will show you a client ID and client secret. Make a note of these.
+   
+   (If you selected "External" at Step 5 continue to Step 9. 
+   If you chose "Internal" you don't need to publish and can skip straight to
+   Step 10 but your destination drive must be part of the same Google Workspace.)
 
-Let's say that you are the administrator of a Google Apps (old) or
-G-suite account.
-The goal is to store data on an individual's Drive account, who IS
-a member of the domain.
-We'll call the domain **example.com**, and the user
-**foo@example.com**.
+9. Go to "Oauth consent screen" and then click "PUBLISH APP" button and confirm.
+   You will also want to add yourself as a test user.
 
-There's a few steps we need to go through to accomplish this:
+10. Provide the noted client ID and client secret to rclone.
 
-##### 1. Create a service account for example.com
-  - To create a service account and obtain its credentials, go to the
-[Google Developer Console](https://console.developers.google.com).
-  - You must have a project - create one if you don't.
-  - Then go to "IAM & admin" -> "Service Accounts".
-  - Use the "Create Credentials" button. Fill in "Service account name"
-with something that identifies your client. "Role" can be empty.
-  - Tick "Furnish a new private key" - select "Key type JSON".
-  - Tick "Enable G Suite Domain-wide Delegation". This option makes
-"impersonation" possible, as documented here:
-[Delegating domain-wide authority to the service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority)
-  - These credentials are what rclone will use for authentication.
-If you ever need to remove access, press the "Delete service
-account key" button.
+Be aware that, due to the "enhanced security" recently introduced by
+Google, you are theoretically expected to "submit your app for verification"
+and then wait a few weeks(!) for their response; in practice, you can go right
+ahead and use the client ID and client secret with rclone, the only issue will
+be a very scary confirmation screen shown when you connect via your browser 
+for rclone to be able to get its token-id (but as this only happens during 
+the remote configuration, it's not such a big deal). Keeping the application in
+"Testing" will work as well, but the limitation is that any grants will expire
+after a week, which can be annoying to refresh constantly. If, for whatever
+reason, a short grant time is not a problem, then keeping the application in
+testing mode would also be sufficient.
 
-##### 2. Allowing API access to example.com Google Drive
-  - Go to example.com's admin console
-  - Go into "Security" (or use the search bar)
-  - Select "Show more" and then "Advanced settings"
-  - Select "Manage API client access" in the "Authentication" section
-  - In the "Client Name" field enter the service account's
-"Client ID" - this can be found in the Developer Console under
-"IAM & Admin" -> "Service Accounts", then "View Client ID" for
-the newly created service account.
-It is a ~21 character numerical string.
-  - In the next field, "One or More API Scopes", enter
-`https://www.googleapis.com/auth/drive`
-to grant access to Google Drive specifically.
+(Thanks to @balazer on github for these instructions.)
 
-##### 3. Configure rclone, assuming a new install
+Sometimes, creation of an OAuth consent in Google API Console fails due to an error message
+“The request failed because changes to one of the field of the resource is not supported”.
+As a convenient workaround, the necessary Google Drive API key can be created on the
+[Python Quickstart](https://developers.google.com/drive/api/v3/quickstart/python) page.
+Just push the Enable the Drive API button to receive the Client ID and Secret.
+Note that it will automatically create a new project in the API Console.
 
-```
-rclone config
+#  Google Photos
 
-n/s/q> n         # New
-name>gdrive      # Gdrive is an example name
-Storage>         # Select the number shown for Google Drive
-client_id>       # Can be left blank
-client_secret>   # Can be left blank
-scope>           # Select your scope, 1 for example
-root_folder_id>  # Can be left blank
-service_account_file> /home/foo/myJSONfile.json # This is where the JSON file goes!
-y/n>             # Auto config, n
+The rclone backend for [Google Photos](https://www.google.com/photos/about/) is
+a specialized backend for transferring photos and videos to and from
+Google Photos.
 
-```
+**NB** The Google Photos API which rclone uses has quite a few
+limitations, so please read the [limitations section](#limitations)
+carefully to make sure it is suitable for your use.
 
-##### 4. Verify that it's working
-  - `rclone -v --drive-impersonate foo@example.com lsf gdrive:backup`
-  - The arguments do:
-    - `-v` - verbose logging
-    - `--drive-impersonate foo@example.com` - this is what does
-the magic, pretending to be user foo.
-    - `lsf` - list files in a parsing friendly way
-    - `gdrive:backup` - use the remote called gdrive, work in
-the folder named backup.
+## Configuration
 
-Note: in case you configured a specific root folder on gdrive and rclone is unable to access the contents of that folder when using `--drive-impersonate`, do this instead:
-  - in the gdrive web interface, share your root folder with the user/email of the new Service Account you created/selected at step #1
-  - use rclone without specifying the `--drive-impersonate` option, like this:
-        `rclone -v lsf gdrive:backup`
+The initial setup for google cloud storage involves getting a token from Google Photos
+which you need to do in your browser.  `rclone config` walks you
+through it.
 
+Here is an example of how to make a remote called `remote`.  First run:
 
-### Shared drives (team drives)
+     rclone config
 
-If you want to configure the remote to point to a Google Shared Drive
-(previously known as Team Drives) then answer `y` to the question
-`Configure this as a Shared Drive (Team Drive)?`.
+This will guide you through an interactive setup process:
 
-This will fetch the list of Shared Drives from google and allow you to
-configure which one you want to use. You can also type in a Shared
-Drive ID if you prefer.
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+[snip]
+XX / Google Photos
+   \ "google photos"
+[snip]
+Storage> google photos
+** See help for google photos backend at: https://rclone.org/googlephotos/ **
 
-For example:
+Google Application Client Id
+Leave blank normally.
+Enter a string value. Press Enter for the default ("").
+client_id> 
+Google Application Client Secret
+Leave blank normally.
+Enter a string value. Press Enter for the default ("").
+client_secret> 
+Set to make the Google Photos backend read only.
 
-```
-Configure this as a Shared Drive (Team Drive)?
+If you choose read only then rclone will only request read only access
+to your photos, otherwise rclone will request full access.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+read_only> 
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> n
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
 y) Yes
 n) No
 y/n> y
-Fetching Shared Drive list...
-Choose a number from below, or type in your own value
- 1 / Rclone Test
-   \ "xxxxxxxxxxxxxxxxxxxx"
- 2 / Rclone Test 2
-   \ "yyyyyyyyyyyyyyyyyyyy"
- 3 / Rclone Test 3
-   \ "zzzzzzzzzzzzzzzzzzzz"
-Enter a Shared Drive ID> 1
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+
+*** IMPORTANT: All media items uploaded to Google Photos with rclone
+*** are stored in full resolution at original quality.  These uploads
+*** will count towards storage in your Google Account.
+
 --------------------
 [remote]
-client_id =
-client_secret =
-token = {"AccessToken":"xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx","Expiry":"2014-03-16T13:57:58.955387075Z","Extra":null}
-team_drive = xxxxxxxxxxxxxxxxxxxx
+type = google photos
+token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2019-06-28T17:38:04.644930156+01:00"}
 --------------------
 y) Yes this is OK
 e) Edit this remote
@@ -29015,889 +34374,1030 @@ d) Delete this remote
 y/e/d> y
 ```
 
-### --fast-list
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
 
-This remote supports `--fast-list` which allows you to use fewer
-transactions in exchange for more memory. See the [rclone
-docs](https://rclone.org/docs/#fast-list) for more details.
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Google if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on `http://127.0.0.1:53682/` and this
+may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
 
-It does this by combining multiple `list` calls into a single API request.
+This remote is called `remote` and can now be used like this
 
-This works by combining many `'%s' in parents` filters into one expression.
-To list the contents of directories a, b and c, the following requests will be send by the regular `List` function:
-```
-trashed=false and 'a' in parents
-trashed=false and 'b' in parents
-trashed=false and 'c' in parents
-```
-These can now be combined into a single request:
-```
-trashed=false and ('a' in parents or 'b' in parents or 'c' in parents)
-```
+See all the albums in your photos
 
-The implementation of `ListR` will put up to 50 `parents` filters into one request.
-It will  use the `--checkers` value to specify the number of requests to run in parallel.
+    rclone lsd remote:album
 
-In tests, these batch requests were up to 20x faster than the regular method.
-Running the following command against different sized folders gives:
-```
-rclone lsjson -vv -R --checkers=6 gdrive:folder
-```
+Make a new album
 
-small folder (220 directories, 700 files):
+    rclone mkdir remote:album/newAlbum
 
-- without `--fast-list`: 38s
-- with `--fast-list`: 10s
+List the contents of an album
 
-large folder (10600 directories, 39000 files):
+    rclone ls remote:album/newAlbum
 
-- without `--fast-list`: 22:05 min
-- with `--fast-list`: 58s
+Sync `/home/local/images` to the Google Photos, removing any excess
+files in the album.
 
-### Modified time
+    rclone sync --interactive /home/local/image remote:album/newAlbum
 
-Google drive stores modification times accurate to 1 ms.
+### Layout
 
-### Restricted filename characters
+As Google Photos is not a general purpose cloud storage system, the
+backend is laid out to help you navigate it.
 
-Only Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+The directories under `media` show different ways of categorizing the
+media.  Each file will appear multiple times.  So if you want to make
+a backup of your google photos you might choose to backup
+`remote:media/by-month`.  (**NB** `remote:media/by-day` is rather slow
+at the moment so avoid for syncing.)
 
-In contrast to other backends, `/` can also be used in names and `.`
-or `..` are valid names.
+Note that all your photos and videos will appear somewhere under
+`media`, but they may not appear under `album` unless you've put them
+into albums.
 
-### Revisions
+```
+/
+- upload
+    - file1.jpg
+    - file2.jpg
+    - ...
+- media
+    - all
+        - file1.jpg
+        - file2.jpg
+        - ...
+    - by-year
+        - 2000
+            - file1.jpg
+            - ...
+        - 2001
+            - file2.jpg
+            - ...
+        - ...
+    - by-month
+        - 2000
+            - 2000-01
+                - file1.jpg
+                - ...
+            - 2000-02
+                - file2.jpg
+                - ...
+        - ...
+    - by-day
+        - 2000
+            - 2000-01-01
+                - file1.jpg
+                - ...
+            - 2000-01-02
+                - file2.jpg
+                - ...
+        - ...
+- album
+    - album name
+    - album name/sub
+- shared-album
+    - album name
+    - album name/sub
+- feature
+    - favorites
+        - file1.jpg
+        - file2.jpg
+```
 
-Google drive stores revisions of files.  When you upload a change to
-an existing file to google drive using rclone it will create a new
-revision of that file.
+There are two writable parts of the tree, the `upload` directory and
+sub directories of the `album` directory.
 
-Revisions follow the standard google policy which at time of writing
-was
+The `upload` directory is for uploading files you don't want to put
+into albums. This will be empty to start with and will contain the
+files you've uploaded for one rclone session only, becoming empty
+again when you restart rclone. The use case for this would be if you
+have a load of files you just want to once off dump into Google
+Photos. For repeated syncing, uploading to `album` will work better.
 
-  * They are deleted after 30 days or 100 revisions (whatever comes first).
-  * They do not count towards a user storage quota.
+Directories within the `album` directory are also writeable and you
+may create new directories (albums) under `album`.  If you copy files
+with a directory hierarchy in there then rclone will create albums
+with the `/` character in them.  For example if you do
 
-### Deleting files
+    rclone copy /path/to/images remote:album/images
 
-By default rclone will send all files to the trash when deleting
-files.  If deleting them permanently is required then use the
-`--drive-use-trash=false` flag, or set the equivalent environment
-variable.
+and the images directory contains
 
-### Shortcuts
+```
+images
+    - file1.jpg
+    dir
+        file2.jpg
+    dir2
+        dir3
+            file3.jpg
+```
 
-In March 2020 Google introduced a new feature in Google Drive called
-[drive shortcuts](https://support.google.com/drive/answer/9700156)
-([API](https://developers.google.com/drive/api/v3/shortcuts)). These
-will (by September 2020) [replace the ability for files or folders to
-be in multiple folders at once](https://cloud.google.com/blog/products/g-suite/simplifying-google-drives-folder-structure-and-sharing-models).
+Then rclone will create the following albums with the following files in
 
-Shortcuts are files that link to other files on Google Drive somewhat
-like a symlink in unix, except they point to the underlying file data
-(e.g. the inode in unix terms) so they don't break if the source is
-renamed or moved about.
+- images
+    - file1.jpg
+- images/dir
+    - file2.jpg
+- images/dir2/dir3
+    - file3.jpg
 
-Be default rclone treats these as follows.
+This means that you can use the `album` path pretty much like a normal
+filesystem and it is a good target for repeated syncing.
 
-For shortcuts pointing to files:
+The `shared-album` directory shows albums shared with you or by you.
+This is similar to the Sharing tab in the Google Photos web interface.
 
-- When listing a file shortcut appears as the destination file.
-- When downloading the contents of the destination file is downloaded.
-- When updating shortcut file with a non shortcut file, the shortcut is removed then a new file is uploaded in place of the shortcut.
-- When server-side moving (renaming) the shortcut is renamed, not the destination file.
-- When server-side copying the shortcut is copied, not the contents of the shortcut. (unless `--drive-copy-shortcut-content` is in use in which case the contents of the shortcut gets copied).
-- When deleting the shortcut is deleted not the linked file.
-- When setting the modification time, the modification time of the linked file will be set.
 
-For shortcuts pointing to folders:
+### Standard options
 
-- When listing the shortcut appears as a folder and that folder will contain the contents of the linked folder appear (including any sub folders)
-- When downloading the contents of the linked folder and sub contents are downloaded
-- When uploading to a shortcut folder the file will be placed in the linked folder
-- When server-side moving (renaming) the shortcut is renamed, not the destination folder
-- When server-side copying the contents of the linked folder is copied, not the shortcut.
-- When deleting with `rclone rmdir` or `rclone purge` the shortcut is deleted not the linked folder.
-- **NB** When deleting with `rclone remove` or `rclone mount` the contents of the linked folder will be deleted.
+Here are the Standard options specific to google photos (Google Photos).
 
-The [rclone backend](https://rclone.org/commands/rclone_backend/) command can be used to create shortcuts.  
+#### --gphotos-client-id
 
-Shortcuts can be completely ignored with the `--drive-skip-shortcuts` flag
-or the corresponding `skip_shortcuts` configuration setting.
+OAuth Client Id.
 
-### Emptying trash
+Leave blank normally.
 
-If you wish to empty your trash you can use the `rclone cleanup remote:`
-command which will permanently delete all your trashed files. This command
-does not take any path arguments.
+Properties:
 
-Note that Google Drive takes some time (minutes to days) to empty the
-trash even though the command returns within a few seconds.  No output
-is echoed, so there will be no confirmation even using -v or -vv.
+- Config:      client_id
+- Env Var:     RCLONE_GPHOTOS_CLIENT_ID
+- Type:        string
+- Required:    false
 
-### Quota information
+#### --gphotos-client-secret
 
-To view your current quota you can use the `rclone about remote:`
-command which will display your usage limit (quota), the usage in Google
-Drive, the size of all files in the Trash and the space used by other
-Google services such as Gmail. This command does not take any path
-arguments.
+OAuth Client Secret.
 
-#### Import/Export of google documents
+Leave blank normally.
 
-Google documents can be exported from and uploaded to Google Drive.
+Properties:
 
-When rclone downloads a Google doc it chooses a format to download
-depending upon the `--drive-export-formats` setting.
-By default the export formats are `docx,xlsx,pptx,svg` which are a
-sensible default for an editable document.
+- Config:      client_secret
+- Env Var:     RCLONE_GPHOTOS_CLIENT_SECRET
+- Type:        string
+- Required:    false
 
-When choosing a format, rclone runs down the list provided in order
-and chooses the first file format the doc can be exported as from the
-list. If the file can't be exported to a format on the formats list,
-then rclone will choose a format from the default list.
+#### --gphotos-read-only
 
-If you prefer an archive copy then you might use `--drive-export-formats
-pdf`, or if you prefer openoffice/libreoffice formats you might use
-`--drive-export-formats ods,odt,odp`.
+Set to make the Google Photos backend read only.
 
-Note that rclone adds the extension to the google doc, so if it is
-called `My Spreadsheet` on google docs, it will be exported as `My
-Spreadsheet.xlsx` or `My Spreadsheet.pdf` etc.
+If you choose read only then rclone will only request read only access
+to your photos, otherwise rclone will request full access.
 
-When importing files into Google Drive, rclone will convert all
-files with an extension in `--drive-import-formats` to their
-associated document type.
-rclone will not convert any files by default, since the conversion
-is lossy process.
+Properties:
 
-The conversion must result in a file with the same extension when
-the `--drive-export-formats` rules are applied to the uploaded document.
+- Config:      read_only
+- Env Var:     RCLONE_GPHOTOS_READ_ONLY
+- Type:        bool
+- Default:     false
 
-Here are some examples for allowed and prohibited conversions.
+### Advanced options
 
-| export-formats | import-formats | Upload Ext | Document Ext | Allowed |
-| -------------- | -------------- | ---------- | ------------ | ------- |
-| odt | odt | odt | odt | Yes |
-| odt | docx,odt | odt | odt | Yes |
-|  | docx | docx | docx | Yes |
-|  | odt | odt | docx | No |
-| odt,docx | docx,odt | docx | odt | No |
-| docx,odt | docx,odt | docx | docx | Yes |
-| docx,odt | docx,odt | odt | docx | No |
+Here are the Advanced options specific to google photos (Google Photos).
 
-This limitation can be disabled by specifying `--drive-allow-import-name-change`.
-When using this flag, rclone can convert multiple files types resulting
-in the same document type at once, e.g. with `--drive-import-formats docx,odt,txt`,
-all files having these extension would result in a document represented as a docx file.
-This brings the additional risk of overwriting a document, if multiple files
-have the same stem. Many rclone operations will not handle this name change
-in any way. They assume an equal name when copying files and might copy the
-file again or delete them when the name changes. 
+#### --gphotos-token
 
-Here are the possible export extensions with their corresponding mime types.
-Most of these can also be used for importing, but there more that are not
-listed here. Some of these additional ones might only be available when
-the operating system provides the correct MIME type entries.
+OAuth Access Token as a JSON blob.
 
-This list can be changed by Google Drive at any time and might not
-represent the currently available conversions.
+Properties:
 
-| Extension | Mime Type | Description |
-| --------- |-----------| ------------|
-| bmp  | image/bmp | Windows Bitmap format |
-| csv  | text/csv | Standard CSV format for Spreadsheets |
-| doc  | application/msword | Classic Word file |
-| docx | application/vnd.openxmlformats-officedocument.wordprocessingml.document | Microsoft Office Document |
-| epub | application/epub+zip | E-book format |
-| html | text/html | An HTML Document |
-| jpg  | image/jpeg | A JPEG Image File |
-| json | application/vnd.google-apps.script+json | JSON Text Format for Google Apps scripts |
-| odp  | application/vnd.oasis.opendocument.presentation | Openoffice Presentation |
-| ods  | application/vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
-| ods  | application/x-vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
-| odt  | application/vnd.oasis.opendocument.text | Openoffice Document |
-| pdf  | application/pdf | Adobe PDF Format |
-| pjpeg | image/pjpeg | Progressive JPEG Image |
-| png  | image/png | PNG Image Format|
-| pptx | application/vnd.openxmlformats-officedocument.presentationml.presentation | Microsoft Office Powerpoint |
-| rtf  | application/rtf | Rich Text Format |
-| svg  | image/svg+xml | Scalable Vector Graphics Format |
-| tsv  | text/tab-separated-values | Standard TSV format for spreadsheets |
-| txt  | text/plain | Plain Text |
-| wmf  | application/x-msmetafile | Windows Meta File |
-| xls  | application/vnd.ms-excel | Classic Excel file |
-| xlsx | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | Microsoft Office Spreadsheet |
-| zip  | application/zip | A ZIP file of HTML, Images CSS |
+- Config:      token
+- Env Var:     RCLONE_GPHOTOS_TOKEN
+- Type:        string
+- Required:    false
 
-Google documents can also be exported as link files. These files will
-open a browser window for the Google Docs website of that document
-when opened. The link file extension has to be specified as a
-`--drive-export-formats` parameter. They will match all available
-Google Documents.
+#### --gphotos-auth-url
 
-| Extension | Description | OS Support |
-| --------- | ----------- | ---------- |
-| desktop | freedesktop.org specified desktop entry | Linux |
-| link.html | An HTML Document with a redirect | All |
-| url | INI style link file | macOS, Windows |
-| webloc | macOS specific XML format | macOS |
+Auth server URL.
 
+Leave blank to use the provider defaults.
 
-### Standard options
+Properties:
 
-Here are the Standard options specific to drive (Google Drive).
+- Config:      auth_url
+- Env Var:     RCLONE_GPHOTOS_AUTH_URL
+- Type:        string
+- Required:    false
 
-#### --drive-client-id
+#### --gphotos-token-url
 
-Google Application Client Id
-Setting your own is recommended.
-See https://rclone.org/drive/#making-your-own-client-id for how to create your own.
-If you leave this blank, it will use an internal key which is low performance.
+Token server url.
+
+Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      client_id
-- Env Var:     RCLONE_DRIVE_CLIENT_ID
+- Config:      token_url
+- Env Var:     RCLONE_GPHOTOS_TOKEN_URL
 - Type:        string
 - Required:    false
 
-#### --drive-client-secret
+#### --gphotos-read-size
 
-OAuth Client Secret.
+Set to read the size of media items.
 
-Leave blank normally.
+Normally rclone does not read the size of media items since this takes
+another transaction.  This isn't necessary for syncing.  However
+rclone mount needs to know the size of files in advance of reading
+them, so setting this flag when using rclone mount is recommended if
+you want to read the media.
 
 Properties:
 
-- Config:      client_secret
-- Env Var:     RCLONE_DRIVE_CLIENT_SECRET
-- Type:        string
-- Required:    false
+- Config:      read_size
+- Env Var:     RCLONE_GPHOTOS_READ_SIZE
+- Type:        bool
+- Default:     false
 
-#### --drive-scope
+#### --gphotos-start-year
 
-Scope that rclone should use when requesting access from drive.
+Year limits the photos to be downloaded to those which are uploaded after the given year.
 
 Properties:
 
-- Config:      scope
-- Env Var:     RCLONE_DRIVE_SCOPE
-- Type:        string
-- Required:    false
-- Examples:
-    - "drive"
-        - Full access all files, excluding Application Data Folder.
-    - "drive.readonly"
-        - Read-only access to file metadata and file contents.
-    - "drive.file"
-        - Access to files created by rclone only.
-        - These are visible in the drive website.
-        - File authorization is revoked when the user deauthorizes the app.
-    - "drive.appfolder"
-        - Allows read and write access to the Application Data folder.
-        - This is not visible in the drive website.
-    - "drive.metadata.readonly"
-        - Allows read-only access to file metadata but
-        - does not allow any access to read or download file content.
+- Config:      start_year
+- Env Var:     RCLONE_GPHOTOS_START_YEAR
+- Type:        int
+- Default:     2000
 
-#### --drive-service-account-file
+#### --gphotos-include-archived
 
-Service Account Credentials JSON file path.
+Also view and download archived media.
 
-Leave blank normally.
-Needed only if you want use SA instead of interactive login.
+By default, rclone does not request archived media. Thus, when syncing,
+archived media is not visible in directory listings or transferred.
 
-Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
+Note that media in albums is always visible and synced, no matter
+their archive status.
+
+With this flag, archived media are always visible in directory
+listings and transferred.
+
+Without this flag, archived media will not be visible in directory
+listings and won't be transferred.
 
 Properties:
 
-- Config:      service_account_file
-- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_FILE
-- Type:        string
-- Required:    false
+- Config:      include_archived
+- Env Var:     RCLONE_GPHOTOS_INCLUDE_ARCHIVED
+- Type:        bool
+- Default:     false
 
-#### --drive-alternate-export
+#### --gphotos-encoding
 
-Deprecated: No longer needed.
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
 Properties:
 
-- Config:      alternate_export
-- Env Var:     RCLONE_DRIVE_ALTERNATE_EXPORT
-- Type:        bool
-- Default:     false
+- Config:      encoding
+- Env Var:     RCLONE_GPHOTOS_ENCODING
+- Type:        Encoding
+- Default:     Slash,CrLf,InvalidUtf8,Dot
 
-### Advanced options
+#### --gphotos-batch-mode
 
-Here are the Advanced options specific to drive (Google Drive).
+Upload file batching sync|async|off.
 
-#### --drive-token
+This sets the batch mode used by rclone.
+
+This has 3 possible values
+
+- off - no batching
+- sync - batch uploads and check completion (default)
+- async - batch upload and don't check completion
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
 
-OAuth Access Token as a JSON blob.
 
 Properties:
 
-- Config:      token
-- Env Var:     RCLONE_DRIVE_TOKEN
+- Config:      batch_mode
+- Env Var:     RCLONE_GPHOTOS_BATCH_MODE
 - Type:        string
-- Required:    false
+- Default:     "sync"
 
-#### --drive-auth-url
+#### --gphotos-batch-size
 
-Auth server URL.
+Max number of files in upload batch.
+
+This sets the batch size of files to upload. It has to be less than 50.
+
+By default this is 0 which means rclone which calculate the batch size
+depending on the setting of batch_mode.
+
+- batch_mode: async - default batch_size is 50
+- batch_mode: sync - default batch_size is the same as --transfers
+- batch_mode: off - not in use
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+Setting this is a great idea if you are uploading lots of small files
+as it will make them a lot quicker. You can use --transfers 32 to
+maximise throughput.
 
-Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      auth_url
-- Env Var:     RCLONE_DRIVE_AUTH_URL
-- Type:        string
-- Required:    false
+- Config:      batch_size
+- Env Var:     RCLONE_GPHOTOS_BATCH_SIZE
+- Type:        int
+- Default:     0
+
+#### --gphotos-batch-timeout
+
+Max time to allow an idle upload batch before uploading.
+
+If an upload batch is idle for more than this long then it will be
+uploaded.
+
+The default for this is 0 which means rclone will choose a sensible
+default based on the batch_mode in use.
+
+- batch_mode: async - default batch_timeout is 10s
+- batch_mode: sync - default batch_timeout is 1s
+- batch_mode: off - not in use
 
-#### --drive-token-url
 
-Token server url.
+Properties:
 
-Leave blank to use the provider defaults.
+- Config:      batch_timeout
+- Env Var:     RCLONE_GPHOTOS_BATCH_TIMEOUT
+- Type:        Duration
+- Default:     0s
+
+#### --gphotos-batch-commit-timeout
+
+Max time to wait for a batch to finish committing
 
 Properties:
 
-- Config:      token_url
-- Env Var:     RCLONE_DRIVE_TOKEN_URL
-- Type:        string
-- Required:    false
+- Config:      batch_commit_timeout
+- Env Var:     RCLONE_GPHOTOS_BATCH_COMMIT_TIMEOUT
+- Type:        Duration
+- Default:     10m0s
 
-#### --drive-root-folder-id
 
-ID of the root folder.
-Leave blank normally.
 
-Fill in to access "Computers" folders (see docs), or for rclone to use
-a non root folder as its starting point.
+## Limitations
 
+Only images and videos can be uploaded.  If you attempt to upload non
+videos or images or formats that Google Photos doesn't understand,
+rclone will upload the file, then Google Photos will give an error
+when it is put turned into a media item.
 
-Properties:
+Note that all media items uploaded to Google Photos through the API
+are stored in full resolution at "original quality" and **will** count
+towards your storage quota in your Google Account.  The API does
+**not** offer a way to upload in "high quality" mode..
 
-- Config:      root_folder_id
-- Env Var:     RCLONE_DRIVE_ROOT_FOLDER_ID
-- Type:        string
-- Required:    false
+`rclone about` is not supported by the Google Photos backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
 
-#### --drive-service-account-credentials
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features)
+See [rclone about](https://rclone.org/commands/rclone_about/)
 
-Service Account Credentials JSON blob.
+### Downloading Images
 
-Leave blank normally.
-Needed only if you want use SA instead of interactive login.
+When Images are downloaded this strips EXIF location (according to the
+docs and my tests).  This is a limitation of the Google Photos API and
+is covered by [bug #112096115](https://issuetracker.google.com/issues/112096115).
 
-Properties:
+**The current google API does not allow photos to be downloaded at original resolution.  This is very important if you are, for example, relying on "Google Photos" as a backup of your photos.  You will not be able to use rclone to redownload original images.  You could use 'google takeout' to recover the original photos as a last resort**
 
-- Config:      service_account_credentials
-- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS
-- Type:        string
-- Required:    false
+### Downloading Videos
 
-#### --drive-team-drive
+When videos are downloaded they are downloaded in a really compressed
+version of the video compared to downloading it via the Google Photos
+web interface. This is covered by [bug #113672044](https://issuetracker.google.com/issues/113672044).
 
-ID of the Shared Drive (Team Drive).
+### Duplicates
 
-Properties:
+If a file name is duplicated in a directory then rclone will add the
+file ID into its name.  So two files called `file.jpg` would then
+appear as `file {123456}.jpg` and `file {ABCDEF}.jpg` (the actual IDs
+are a lot longer alas!).
 
-- Config:      team_drive
-- Env Var:     RCLONE_DRIVE_TEAM_DRIVE
-- Type:        string
-- Required:    false
+If you upload the same image (with the same binary data) twice then
+Google Photos will deduplicate it.  However it will retain the
+filename from the first upload which may confuse rclone.  For example
+if you uploaded an image to `upload` then uploaded the same image to
+`album/my_album` the filename of the image in `album/my_album` will be
+what it was uploaded with initially, not what you uploaded it with to
+`album`.  In practise this shouldn't cause too many problems.
 
-#### --drive-auth-owner-only
+### Modification times
 
-Only consider files owned by the authenticated user.
+The date shown of media in Google Photos is the creation date as
+determined by the EXIF information, or the upload date if that is not
+known.
 
-Properties:
+This is not changeable by rclone and is not the modification date of
+the media on local disk.  This means that rclone cannot use the dates
+from Google Photos for syncing purposes.
 
-- Config:      auth_owner_only
-- Env Var:     RCLONE_DRIVE_AUTH_OWNER_ONLY
-- Type:        bool
-- Default:     false
+### Size
 
-#### --drive-use-trash
+The Google Photos API does not return the size of media.  This means
+that when syncing to Google Photos, rclone can only do a file
+existence check.
 
-Send files to the trash instead of deleting permanently.
+It is possible to read the size of the media, but this needs an extra
+HTTP HEAD request per media item so is **very slow** and uses up a lot of
+transactions.  This can be enabled with the `--gphotos-read-size`
+option or the `read_size = true` config parameter.
 
-Defaults to true, namely sending files to the trash.
-Use `--drive-use-trash=false` to delete files permanently instead.
+If you want to use the backend with `rclone mount` you may need to
+enable this flag (depending on your OS and application using the
+photos) otherwise you may not be able to read media off the mount.
+You'll need to experiment to see if it works for you without the flag.
 
-Properties:
+### Albums
 
-- Config:      use_trash
-- Env Var:     RCLONE_DRIVE_USE_TRASH
-- Type:        bool
-- Default:     true
+Rclone can only upload files to albums it created. This is a
+[limitation of the Google Photos API](https://developers.google.com/photos/library/guides/manage-albums).
 
-#### --drive-copy-shortcut-content
+Rclone can remove files it uploaded from albums it created only.
 
-Server side copy contents of shortcuts instead of the shortcut.
+### Deleting files
 
-When doing server side copies, normally rclone will copy shortcuts as
-shortcuts.
+Rclone can remove files from albums it created, but note that the
+Google Photos API does not allow media to be deleted permanently so
+this media will still remain. See [bug #109759781](https://issuetracker.google.com/issues/109759781).
 
-If this flag is used then rclone will copy the contents of shortcuts
-rather than shortcuts themselves when doing server side copies.
+Rclone cannot delete files anywhere except under `album`.
 
-Properties:
+### Deleting albums
 
-- Config:      copy_shortcut_content
-- Env Var:     RCLONE_DRIVE_COPY_SHORTCUT_CONTENT
-- Type:        bool
-- Default:     false
+The Google Photos API does not support deleting albums - see [bug #135714733](https://issuetracker.google.com/issues/135714733).
 
-#### --drive-skip-gdocs
+#  Hasher
 
-Skip google documents in all listings.
+Hasher is a special overlay backend to create remotes which handle
+checksums for other remotes. It's main functions include:
+- Emulate hash types unimplemented by backends
+- Cache checksums to help with slow hashing of large local or (S)FTP files
+- Warm up checksum cache from external SUM files
 
-If given, gdocs practically become invisible to rclone.
+## Getting started
 
-Properties:
+To use Hasher, first set up the underlying remote following the configuration
+instructions for that remote. You can also use a local pathname instead of
+a remote. Check that your base remote is working.
 
-- Config:      skip_gdocs
-- Env Var:     RCLONE_DRIVE_SKIP_GDOCS
-- Type:        bool
-- Default:     false
+Let's call the base remote `myRemote:path` here. Note that anything inside
+`myRemote:path` will be handled by hasher and anything outside won't.
+This means that if you are using a bucket based remote (S3, B2, Swift)
+then you should put the bucket in the remote `s3:bucket`.
 
-#### --drive-skip-checksum-gphotos
+Now proceed to interactive or manual configuration.
 
-Skip MD5 checksum on Google photos and videos only.
+### Interactive configuration
 
-Use this if you get checksum errors when transferring Google photos or
-videos.
+Run `rclone config`:
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> Hasher1
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Handle checksums for other remotes
+   \ "hasher"
+[snip]
+Storage> hasher
+Remote to cache checksums for, like myremote:mypath.
+Enter a string value. Press Enter for the default ("").
+remote> myRemote:path
+Comma separated list of supported checksum types.
+Enter a string value. Press Enter for the default ("md5,sha1").
+hashsums> md5
+Maximum time to keep checksums in cache. 0 = no cache, off = cache forever.
+max_age> off
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> n
+Remote config
+--------------------
+[Hasher1]
+type = hasher
+remote = myRemote:path
+hashsums = md5
+max_age = off
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-Setting this flag will cause Google photos and videos to return a
-blank MD5 checksum.
+### Manual configuration
 
-Google photos are identified by being in the "photos" space.
+Run `rclone config path` to see the path of current active config file,
+usually `YOURHOME/.config/rclone/rclone.conf`.
+Open it in your favorite text editor, find section for the base remote
+and create new section for hasher like in the following examples:
 
-Corrupted checksums are caused by Google modifying the image/video but
-not updating the checksum.
+```
+[Hasher1]
+type = hasher
+remote = myRemote:path
+hashes = md5
+max_age = off
 
-Properties:
+[Hasher2]
+type = hasher
+remote = /local/path
+hashes = dropbox,sha1
+max_age = 24h
+```
 
-- Config:      skip_checksum_gphotos
-- Env Var:     RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS
-- Type:        bool
-- Default:     false
+Hasher takes basically the following parameters:
+- `remote` is required,
+- `hashes` is a comma separated list of supported checksums
+   (by default `md5,sha1`),
+- `max_age` - maximum time to keep a checksum value in the cache,
+   `0` will disable caching completely,
+   `off` will cache "forever" (that is until the files get changed).
 
-#### --drive-shared-with-me
+Make sure the `remote` has `:` (colon) in. If you specify the remote without
+a colon then rclone will use a local directory of that name. So if you use
+a remote of `/local/path` then rclone will handle hashes for that directory.
+If you use `remote = name` literally then rclone will put files
+**in a directory called `name` located under current directory**.
 
-Only show files that are shared with me.
+## Usage
 
-Instructs rclone to operate on your "Shared with me" folder (where
-Google Drive lets you access the files and folders others have shared
-with you).
+### Basic operations
 
-This works both with the "list" (lsd, lsl, etc.) and the "copy"
-commands (copy, sync, etc.), and with all other commands too.
+Now you can use it as `Hasher2:subdir/file` instead of base remote.
+Hasher will transparently update cache with new checksums when a file
+is fully read or overwritten, like:
+```
+rclone copy External:path/file Hasher:dest/path
 
-Properties:
+rclone cat Hasher:path/to/file > /dev/null
+```
 
-- Config:      shared_with_me
-- Env Var:     RCLONE_DRIVE_SHARED_WITH_ME
-- Type:        bool
-- Default:     false
+The way to refresh **all** cached checksums (even unsupported by the base backend)
+for a subtree is to **re-download** all files in the subtree. For example,
+use `hashsum --download` using **any** supported hashsum on the command line
+(we just care to re-read):
+```
+rclone hashsum MD5 --download Hasher:path/to/subtree > /dev/null
 
-#### --drive-trashed-only
+rclone backend dump Hasher:path/to/subtree
+```
 
-Only show files that are in the trash.
+You can print or drop hashsum cache using custom backend commands:
+```
+rclone backend dump Hasher:dir/subdir
 
-This will show trashed files in their original directory structure.
+rclone backend drop Hasher:
+```
 
-Properties:
+### Pre-Seed from a SUM File
 
-- Config:      trashed_only
-- Env Var:     RCLONE_DRIVE_TRASHED_ONLY
-- Type:        bool
-- Default:     false
+Hasher supports two backend commands: generic SUM file `import` and faster
+but less consistent `stickyimport`.
 
-#### --drive-starred-only
+```
+rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM [--checkers 4]
+```
 
-Only show files that are starred.
+Instead of SHA1 it can be any hash supported by the remote. The last argument
+can point to either a local or an `other-remote:path` text file in SUM format.
+The command will parse the SUM file, then walk down the path given by the
+first argument, snapshot current fingerprints and fill in the cache entries
+correspondingly.
+- Paths in the SUM file are treated as relative to `hasher:dir/subdir`.
+- The command will **not** check that supplied values are correct.
+  You **must know** what you are doing.
+- This is a one-time action. The SUM file will not get "attached" to the
+  remote. Cache entries can still be overwritten later, should the object's
+  fingerprint change.
+- The tree walk can take long depending on the tree size. You can increase
+  `--checkers` to make it faster. Or use `stickyimport` if you don't care
+  about fingerprints and consistency.
 
-Properties:
+```
+rclone backend stickyimport hasher:path/to/data sha1 remote:/path/to/sum.sha1
+```
 
-- Config:      starred_only
-- Env Var:     RCLONE_DRIVE_STARRED_ONLY
-- Type:        bool
-- Default:     false
+`stickyimport` is similar to `import` but works much faster because it
+does not need to stat existing files and skips initial tree walk.
+Instead of binding cache entries to file fingerprints it creates _sticky_
+entries bound to the file name alone ignoring size, modification time etc.
+Such hash entries can be replaced only by `purge`, `delete`, `backend drop`
+or by full re-read/re-write of the files.
 
-#### --drive-formats
+## Configuration reference
 
-Deprecated: See export_formats.
 
-Properties:
+### Standard options
 
-- Config:      formats
-- Env Var:     RCLONE_DRIVE_FORMATS
-- Type:        string
-- Required:    false
+Here are the Standard options specific to hasher (Better checksums for other remotes).
 
-#### --drive-export-formats
+#### --hasher-remote
 
-Comma separated list of preferred formats for downloading Google docs.
+Remote to cache checksums for (e.g. myRemote:path).
 
 Properties:
 
-- Config:      export_formats
-- Env Var:     RCLONE_DRIVE_EXPORT_FORMATS
+- Config:      remote
+- Env Var:     RCLONE_HASHER_REMOTE
 - Type:        string
-- Default:     "docx,xlsx,pptx,svg"
+- Required:    true
 
-#### --drive-import-formats
+#### --hasher-hashes
 
-Comma separated list of preferred formats for uploading Google docs.
+Comma separated list of supported checksum types.
 
 Properties:
 
-- Config:      import_formats
-- Env Var:     RCLONE_DRIVE_IMPORT_FORMATS
-- Type:        string
-- Required:    false
-
-#### --drive-allow-import-name-change
+- Config:      hashes
+- Env Var:     RCLONE_HASHER_HASHES
+- Type:        CommaSepList
+- Default:     md5,sha1
 
-Allow the filetype to change when uploading Google docs.
+#### --hasher-max-age
 
-E.g. file.doc to file.docx. This will confuse sync and reupload every time.
+Maximum time to keep checksums in cache (0 = no cache, off = cache forever).
 
 Properties:
 
-- Config:      allow_import_name_change
-- Env Var:     RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE
-- Type:        bool
-- Default:     false
+- Config:      max_age
+- Env Var:     RCLONE_HASHER_MAX_AGE
+- Type:        Duration
+- Default:     off
 
-#### --drive-use-created-date
+### Advanced options
 
-Use file created date instead of modified date.
+Here are the Advanced options specific to hasher (Better checksums for other remotes).
 
-Useful when downloading data and you want the creation date used in
-place of the last modified date.
+#### --hasher-auto-size
 
-**WARNING**: This flag may have some unexpected consequences.
+Auto-update checksum for files smaller than this size (disabled by default).
 
-When uploading to your drive all files will be overwritten unless they
-haven't been modified since their creation. And the inverse will occur
-while downloading.  This side effect can be avoided by using the
-"--checksum" flag.
+Properties:
 
-This feature was implemented to retain photos capture date as recorded
-by google photos. You will first need to check the "Create a Google
-Photos folder" option in your google drive settings. You can then copy
-or move the photos locally and use the date the image was taken
-(created) set as the modification date.
+- Config:      auto_size
+- Env Var:     RCLONE_HASHER_AUTO_SIZE
+- Type:        SizeSuffix
+- Default:     0
 
-Properties:
+### Metadata
 
-- Config:      use_created_date
-- Env Var:     RCLONE_DRIVE_USE_CREATED_DATE
-- Type:        bool
-- Default:     false
+Any metadata supported by the underlying remote is read and written.
 
-#### --drive-use-shared-date
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-Use date file was shared instead of modified date.
+## Backend commands
 
-Note that, as with "--drive-use-created-date", this flag may have
-unexpected consequences when uploading/downloading files.
+Here are the commands specific to the hasher backend.
 
-If both this flag and "--drive-use-created-date" are set, the created
-date is used.
+Run them with
 
-Properties:
+    rclone backend COMMAND remote:
 
-- Config:      use_shared_date
-- Env Var:     RCLONE_DRIVE_USE_SHARED_DATE
-- Type:        bool
-- Default:     false
+The help below will explain what arguments each command takes.
 
-#### --drive-list-chunk
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
 
-Size of listing chunk 100-1000, 0 to disable.
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
 
-Properties:
+### drop
 
-- Config:      list_chunk
-- Env Var:     RCLONE_DRIVE_LIST_CHUNK
-- Type:        int
-- Default:     1000
+Drop cache
 
-#### --drive-impersonate
+    rclone backend drop remote: [options] [<arguments>+]
 
-Impersonate this user when using a service account.
+Completely drop checksum cache.
+Usage Example:
+    rclone backend drop hasher:
 
-Properties:
 
-- Config:      impersonate
-- Env Var:     RCLONE_DRIVE_IMPERSONATE
-- Type:        string
-- Required:    false
+### dump
 
-#### --drive-upload-cutoff
+Dump the database
 
-Cutoff for switching to chunked upload.
+    rclone backend dump remote: [options] [<arguments>+]
 
-Properties:
+Dump cache records covered by the current remote
 
-- Config:      upload_cutoff
-- Env Var:     RCLONE_DRIVE_UPLOAD_CUTOFF
-- Type:        SizeSuffix
-- Default:     8Mi
+### fulldump
 
-#### --drive-chunk-size
+Full dump of the database
 
-Upload chunk size.
+    rclone backend fulldump remote: [options] [<arguments>+]
 
-Must a power of 2 >= 256k.
+Dump all cache records in the database
 
-Making this larger will improve performance, but note that each chunk
-is buffered in memory one per transfer.
+### import
 
-Reducing this will reduce memory usage but decrease performance.
+Import a SUM file
 
-Properties:
+    rclone backend import remote: [options] [<arguments>+]
 
-- Config:      chunk_size
-- Env Var:     RCLONE_DRIVE_CHUNK_SIZE
-- Type:        SizeSuffix
-- Default:     8Mi
+Amend hash cache from a SUM file and bind checksums to files by size/time.
+Usage Example:
+    rclone backend import hasher:subdir md5 /path/to/sum.md5
 
-#### --drive-acknowledge-abuse
 
-Set to allow files which return cannotDownloadAbusiveFile to be downloaded.
+### stickyimport
 
-If downloading a file returns the error "This file has been identified
-as malware or spam and cannot be downloaded" with the error code
-"cannotDownloadAbusiveFile" then supply this flag to rclone to
-indicate you acknowledge the risks of downloading the file and rclone
-will download it anyway.
+Perform fast import of a SUM file
 
-Note that if you are using service account it will need Manager
-permission (not Content Manager) to for this flag to work. If the SA
-does not have the right permission, Google will just ignore the flag.
+    rclone backend stickyimport remote: [options] [<arguments>+]
 
-Properties:
+Fill hash cache from a SUM file without verifying file fingerprints.
+Usage Example:
+    rclone backend stickyimport hasher:subdir md5 remote:path/to/sum.md5
 
-- Config:      acknowledge_abuse
-- Env Var:     RCLONE_DRIVE_ACKNOWLEDGE_ABUSE
-- Type:        bool
-- Default:     false
 
-#### --drive-keep-revision-forever
 
-Keep new head revision of each file forever.
 
-Properties:
+## Implementation details (advanced)
 
-- Config:      keep_revision_forever
-- Env Var:     RCLONE_DRIVE_KEEP_REVISION_FOREVER
-- Type:        bool
-- Default:     false
+This section explains how various rclone operations work on a hasher remote.
 
-#### --drive-size-as-quota
+**Disclaimer. This section describes current implementation which can
+change in future rclone versions!.**
 
-Show sizes as storage quota usage, not actual size.
+### Hashsum command
+
+The `rclone hashsum` (or `md5sum` or `sha1sum`) command will:
+
+1. if requested hash is supported by lower level, just pass it.
+2. if object size is below `auto_size` then download object and calculate
+   _requested_ hashes on the fly.
+3. if unsupported and the size is big enough, build object `fingerprint`
+   (including size, modtime if supported, first-found _other_ hash if any).
+4. if the strict match is found in cache for the requested remote, return
+   the stored hash.
+5. if remote found but fingerprint mismatched, then purge the entry and
+   proceed to step 6.
+6. if remote not found or had no requested hash type or after step 5:
+   download object, calculate all _supported_ hashes on the fly and store
+   in cache; return requested hash.
 
-Show the size of a file as the storage quota used. This is the
-current version plus any older versions that have been set to keep
-forever.
+### Other operations
 
-**WARNING**: This flag may have some unexpected consequences.
+- whenever a file is uploaded or downloaded **in full**, capture the stream
+  to calculate all supported hashes on the fly and update database
+- server-side `move`  will update keys of existing cache entries
+- `deletefile` will remove a single cache entry
+- `purge` will remove all cache entries under the purged path
 
-It is not recommended to set this flag in your config - the
-recommended usage is using the flag form --drive-size-as-quota when
-doing rclone ls/lsl/lsf/lsjson/etc only.
+Note that setting `max_age = 0` will disable checksum caching completely.
 
-If you do use this flag for syncing (not recommended) then you will
-need to use --ignore size also.
+If you set `max_age = off`, checksums in cache will never age, unless you
+fully rewrite or delete the file.
 
-Properties:
+### Cache storage
 
-- Config:      size_as_quota
-- Env Var:     RCLONE_DRIVE_SIZE_AS_QUOTA
-- Type:        bool
-- Default:     false
+Cached checksums are stored as `bolt` database files under rclone cache
+directory, usually `~/.cache/rclone/kv/`. Databases are maintained
+one per _base_ backend, named like `BaseRemote~hasher.bolt`.
+Checksums for multiple `alias`-es into a single base backend
+will be stored in the single database. All local paths are treated as
+aliases into the `local` backend (unless encrypted or chunked) and stored
+in `~/.cache/rclone/kv/local~hasher.bolt`.
+Databases can be shared between multiple rclone processes.
 
-#### --drive-v2-download-min-size
+#  HDFS
 
-If Object's are greater, use drive v2 API to download.
+[HDFS](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html) is a
+distributed file-system, part of the [Apache Hadoop](https://hadoop.apache.org/) framework.
 
-Properties:
+Paths are specified as `remote:` or `remote:path/to/dir`.
 
-- Config:      v2_download_min_size
-- Env Var:     RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE
-- Type:        SizeSuffix
-- Default:     off
+## Configuration
 
-#### --drive-pacer-min-sleep
+Here is an example of how to make a remote called `remote`. First run:
 
-Minimum time to sleep between API calls.
+     rclone config
 
-Properties:
+This will guide you through an interactive setup process:
 
-- Config:      pacer_min_sleep
-- Env Var:     RCLONE_DRIVE_PACER_MIN_SLEEP
-- Type:        Duration
-- Default:     100ms
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+[skip]
+XX / Hadoop distributed file system
+   \ "hdfs"
+[skip]
+Storage> hdfs
+** See help for hdfs backend at: https://rclone.org/hdfs/ **
 
-#### --drive-pacer-burst
+hadoop name node and port
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Connect to host namenode at port 8020
+   \ "namenode:8020"
+namenode> namenode.hadoop:8020
+hadoop user name
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / Connect to hdfs as root
+   \ "root"
+username> root
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[remote]
+type = hdfs
+namenode = namenode.hadoop:8020
+username = root
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
 
-Number of API calls to allow without sleeping.
+Name                 Type
+====                 ====
+hadoop               hdfs
 
-Properties:
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> q
+```
 
-- Config:      pacer_burst
-- Env Var:     RCLONE_DRIVE_PACER_BURST
-- Type:        int
-- Default:     100
+This remote is called `remote` and can now be used like this
 
-#### --drive-server-side-across-configs
+See all the top level directories
 
-Allow server-side operations (e.g. copy) to work across different drive configs.
+    rclone lsd remote:
 
-This can be useful if you wish to do a server-side copy between two
-different Google drives.  Note that this isn't enabled by default
-because it isn't easy to tell if it will work between any two
-configurations.
+List the contents of a directory
 
-Properties:
+    rclone ls remote:directory
 
-- Config:      server_side_across_configs
-- Env Var:     RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS
-- Type:        bool
-- Default:     false
+Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
 
-#### --drive-disable-http2
+    rclone sync --interactive remote:directory /home/local/directory
 
-Disable drive using http2.
+### Setting up your own HDFS instance for testing
 
-There is currently an unsolved issue with the google drive backend and
-HTTP/2.  HTTP/2 is therefore disabled by default for the drive backend
-but can be re-enabled here.  When the issue is solved this flag will
-be removed.
+You may start with a [manual setup](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html)
+or use the docker image from the tests:
 
-See: https://github.com/rclone/rclone/issues/3631
+If you want to build the docker image
 
+```
+git clone https://github.com/rclone/rclone.git
+cd rclone/fstest/testserver/images/test-hdfs
+docker build --rm -t rclone/test-hdfs .
+```
 
+Or you can just use the latest one pushed
 
-Properties:
+```
+docker run --rm --name "rclone-hdfs" -p 127.0.0.1:9866:9866 -p 127.0.0.1:8020:8020 --hostname "rclone-hdfs" rclone/test-hdfs
+```
 
-- Config:      disable_http2
-- Env Var:     RCLONE_DRIVE_DISABLE_HTTP2
-- Type:        bool
-- Default:     true
+**NB** it need few seconds to startup.
 
-#### --drive-stop-on-upload-limit
+For this docker image the remote needs to be configured like this:
 
-Make upload limit errors be fatal.
+```
+[remote]
+type = hdfs
+namenode = 127.0.0.1:8020
+username = root
+```
 
-At the time of writing it is only possible to upload 750 GiB of data to
-Google Drive a day (this is an undocumented limit). When this limit is
-reached Google Drive produces a slightly different error message. When
-this flag is set it causes these errors to be fatal.  These will stop
-the in-progress sync.
+You can stop this image with `docker kill rclone-hdfs` (**NB** it does not use volumes, so all data
+uploaded will be lost.)
 
-Note that this detection is relying on error message strings which
-Google don't document so it may break in the future.
+### Modification times
 
-See: https://github.com/rclone/rclone/issues/3857
+Time accurate to 1 second is stored.
 
+### Checksum
 
-Properties:
+No checksums are implemented.
 
-- Config:      stop_on_upload_limit
-- Env Var:     RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT
-- Type:        bool
-- Default:     false
+### Usage information
 
-#### --drive-stop-on-download-limit
+You can use the `rclone about remote:` command which will display filesystem size and current usage.
 
-Make download limit errors be fatal.
+### Restricted filename characters
 
-At the time of writing it is only possible to download 10 TiB of data from
-Google Drive a day (this is an undocumented limit). When this limit is
-reached Google Drive produces a slightly different error message. When
-this flag is set it causes these errors to be fatal.  These will stop
-the in-progress sync.
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
 
-Note that this detection is relying on error message strings which
-Google don't document so it may break in the future.
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| :         | 0x3A  | ：           |
 
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8).
 
-Properties:
 
-- Config:      stop_on_download_limit
-- Env Var:     RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT
-- Type:        bool
-- Default:     false
+### Standard options
 
-#### --drive-skip-shortcuts
+Here are the Standard options specific to hdfs (Hadoop distributed file system).
 
-If set skip shortcut files.
+#### --hdfs-namenode
 
-Normally rclone dereferences shortcut files making them appear as if
-they are the original file (see [the shortcuts section](#shortcuts)).
-If this flag is set then rclone will ignore shortcut files completely.
+Hadoop name nodes and ports.
 
+E.g. "namenode-1:8020,namenode-2:8020,..." to connect to host namenodes at port 8020.
 
 Properties:
 
-- Config:      skip_shortcuts
-- Env Var:     RCLONE_DRIVE_SKIP_SHORTCUTS
-- Type:        bool
-- Default:     false
-
-#### --drive-skip-dangling-shortcuts
-
-If set skip dangling shortcut files.
+- Config:      namenode
+- Env Var:     RCLONE_HDFS_NAMENODE
+- Type:        CommaSepList
+- Default:     
 
-If this is set then rclone will not show any dangling shortcuts in listings.
+#### --hdfs-username
 
+Hadoop user name.
 
 Properties:
 
-- Config:      skip_dangling_shortcuts
-- Env Var:     RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS
-- Type:        bool
-- Default:     false
+- Config:      username
+- Env Var:     RCLONE_HDFS_USERNAME
+- Type:        string
+- Required:    false
+- Examples:
+    - "root"
+        - Connect to hdfs as root.
 
-#### --drive-resource-key
+### Advanced options
 
-Resource key for accessing a link-shared file.
+Here are the Advanced options specific to hdfs (Hadoop distributed file system).
 
-If you need to access files shared with a link like this
+#### --hdfs-service-principal-name
 
-    https://drive.google.com/drive/folders/XXX?resourcekey=YYY&usp=sharing
+Kerberos service principal name for the namenode.
 
-Then you will need to use the first part "XXX" as the "root_folder_id"
-and the second part "YYY" as the "resource_key" otherwise you will get
-404 not found errors when trying to access the directory.
+Enables KERBEROS authentication. Specifies the Service Principal Name
+(SERVICE/FQDN) for the namenode. E.g. \"hdfs/namenode.hadoop.docker\"
+for namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.
 
-See: https://developers.google.com/drive/api/guides/resource-keys
+Properties:
 
-This resource key requirement only applies to a subset of old files.
+- Config:      service_principal_name
+- Env Var:     RCLONE_HDFS_SERVICE_PRINCIPAL_NAME
+- Type:        string
+- Required:    false
 
-Note also that opening the folder once in the web interface (with the
-user you've authenticated rclone with) seems to be enough so that the
-resource key is no needed.
+#### --hdfs-data-transfer-protection
+
+Kerberos data transfer protection: authentication|integrity|privacy.
 
+Specifies whether or not authentication, data signature integrity
+checks, and wire encryption are required when communicating with
+the datanodes. Possible values are 'authentication', 'integrity'
+and 'privacy'. Used only with KERBEROS enabled.
 
 Properties:
 
-- Config:      resource_key
-- Env Var:     RCLONE_DRIVE_RESOURCE_KEY
+- Config:      data_transfer_protection
+- Env Var:     RCLONE_HDFS_DATA_TRANSFER_PROTECTION
 - Type:        string
 - Required:    false
+- Examples:
+    - "privacy"
+        - Ensure authentication, integrity and encryption enabled.
 
-#### --drive-encoding
+#### --hdfs-encoding
 
 The encoding for the backend.
 
@@ -29906,1178 +35406,1016 @@ See the [encoding section in the overview](https://rclone.org/overview/#encoding
 Properties:
 
 - Config:      encoding
-- Env Var:     RCLONE_DRIVE_ENCODING
-- Type:        MultiEncoder
-- Default:     InvalidUtf8
-
-## Backend commands
-
-Here are the commands specific to the drive backend.
-
-Run them with
+- Env Var:     RCLONE_HDFS_ENCODING
+- Type:        Encoding
+- Default:     Slash,Colon,Del,Ctl,InvalidUtf8,Dot
 
-    rclone backend COMMAND remote:
 
-The help below will explain what arguments each command takes.
 
-See the [backend](https://rclone.org/commands/rclone_backend/) command for more
-info on how to pass options and arguments.
+## Limitations
 
-These can be run on a running backend using the rc command
-[backend/command](https://rclone.org/rc/#backend-command).
+- No server-side `Move` or `DirMove`.
+- Checksums not implemented.
 
-### get
+#  HiDrive
 
-Get command for fetching the drive config parameters
+Paths are specified as `remote:path`
 
-    rclone backend get remote: [options] [<arguments>+]
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-This is a get command which will be used to fetch the various drive config parameters
+The initial setup for hidrive involves getting a token from HiDrive
+which you need to do in your browser.
+`rclone config` walks you through it.
 
-Usage Examples:
+## Configuration
 
-    rclone backend get drive: [-o service_account_file] [-o chunk_size]
-    rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
+Here is an example of how to make a remote called `remote`.  First run:
 
+     rclone config
 
-Options:
+This will guide you through an interactive setup process:
 
-- "chunk_size": show the current upload chunk size
-- "service_account_file": show the current service account file
+```
+No remotes found - make a new one
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / HiDrive
+   \ "hidrive"
+[snip]
+Storage> hidrive
+OAuth Client Id - Leave blank normally.
+client_id>
+OAuth Client Secret - Leave blank normally.
+client_secret>
+Access permissions that rclone should use when requesting access from HiDrive.
+Leave blank normally.
+scope_access>
+Edit advanced config?
+y/n> n
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y/n> y
+If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+--------------------
+[remote]
+type = hidrive
+token = {"access_token":"xxxxxxxxxxxxxxxxxxxx","token_type":"Bearer","refresh_token":"xxxxxxxxxxxxxxxxxxxxxxx","expiry":"xxxxxxxxxxxxxxxxxxxxxxx"}
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-### set
+**You should be aware that OAuth-tokens can be used to access your account
+and hence should not be shared with other persons.**
+See the [below section](#keeping-your-tokens-safe) for more information.
 
-Set command for updating the drive config parameters
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
 
-    rclone backend set remote: [options] [<arguments>+]
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from HiDrive. This only runs from the moment it opens
+your browser to the moment you get back the verification code.
+The webserver runs on `http://127.0.0.1:53682/`.
+If local port `53682` is protected by a firewall you may need to temporarily
+unblock the firewall to complete authorization.
 
-This is a set command which will be used to update the various drive config parameters
+Once configured you can then use `rclone` like this,
 
-Usage Examples:
+List directories in top level of your HiDrive root folder
 
-    rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
-    rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+    rclone lsd remote:
 
+List all the files in your HiDrive filesystem
 
-Options:
+    rclone ls remote:
 
-- "chunk_size": update the current upload chunk size
-- "service_account_file": update the current service account file
+To copy a local directory to a HiDrive directory called backup
 
-### shortcut
+    rclone copy /home/source remote:backup
 
-Create shortcuts from files or directories
+### Keeping your tokens safe
 
-    rclone backend shortcut remote: [options] [<arguments>+]
+Any OAuth-tokens will be stored by rclone in the remote's configuration file as unencrypted text.
+Anyone can use a valid refresh-token to access your HiDrive filesystem without knowing your password.
+Therefore you should make sure no one else can access your configuration.
 
-This command creates shortcuts from files or directories.
+It is possible to encrypt rclone's configuration file.
+You can find information on securing your configuration file by viewing the [configuration encryption docs](https://rclone.org/docs/#configuration-encryption).
 
-Usage:
+### Invalid refresh token
 
-    rclone backend shortcut drive: source_item destination_shortcut
-    rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
+As can be verified [here](https://developer.hidrive.com/basics-flows/),
+each `refresh_token` (for Native Applications) is valid for 60 days.
+If used to access HiDrivei, its validity will be automatically extended.
 
-In the first example this creates a shortcut from the "source_item"
-which can be a file or a directory to the "destination_shortcut". The
-"source_item" and the "destination_shortcut" should be relative paths
-from "drive:"
+This means that if you
 
-In the second example this creates a shortcut from the "source_item"
-relative to "drive:" to the "destination_shortcut" relative to
-"drive2:". This may fail with a permission error if the user
-authenticated with "drive2:" can't read files from "drive:".
+  * Don't use the HiDrive remote for 60 days
 
+then rclone will return an error which includes a text
+that implies the refresh token is *invalid* or *expired*.
 
-Options:
+To fix this you will need to authorize rclone to access your HiDrive account again.
 
-- "target": optional target remote for the shortcut destination
+Using
 
-### drives
+    rclone config reconnect remote:
 
-List the Shared Drives available to this account
+the process is very similar to the process of initial setup exemplified before.
 
-    rclone backend drives remote: [options] [<arguments>+]
+### Modification times and hashes
 
-This command lists the Shared Drives (Team Drives) available to this
-account.
+HiDrive allows modification times to be set on objects accurate to 1 second.
 
-Usage:
+HiDrive supports [its own hash type](https://static.hidrive.com/dev/0001)
+which is used to verify the integrity of file contents after successful transfers.
 
-    rclone backend [-o config] drives drive:
+### Restricted filename characters
 
-This will return a JSON list of objects like this
+HiDrive cannot store files or folders that include
+`/` (0x2F) or null-bytes (0x00) in their name.
+Any other characters can be used in the names of files or folders.
+Additionally, files or folders cannot be named either of the following: `.` or `..`
 
-    [
-        {
-            "id": "0ABCDEF-01234567890",
-            "kind": "drive#teamDrive",
-            "name": "My Drive"
-        },
-        {
-            "id": "0ABCDEFabcdefghijkl",
-            "kind": "drive#teamDrive",
-            "name": "Test Drive"
-        }
-    ]
+Therefore rclone will automatically replace these characters,
+if files or folders are stored or accessed with such names.
 
-With the -o config parameter it will output the list in a format
-suitable for adding to a config file to make aliases for all the
-drives found and a combined drive.
+You can read about how this filename encoding works in general
+[here](overview/#restricted-filenames).
 
-    [My Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+Keep in mind that HiDrive only supports file or folder names
+with a length of 255 characters or less.
 
-    [Test Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+### Transfers
 
-    [AllDrives]
-    type = combine
-    upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
+HiDrive limits file sizes per single request to a maximum of 2 GiB.
+To allow storage of larger files and allow for better upload performance,
+the hidrive backend will use a chunked transfer for files larger than 96 MiB.
+Rclone will upload multiple parts/chunks of the file at the same time.
+Chunks in the process of being uploaded are buffered in memory,
+so you may want to restrict this behaviour on systems with limited resources.
 
-Adding this to the rclone config file will cause those team drives to
-be accessible with the aliases shown. Any illegal characters will be
-substituted with "_" and duplicate names will have numbers suffixed.
-It will also add a remote called AllDrives which shows all the shared
-drives combined into one directory tree.
+You can customize this behaviour using the following options:
 
+* `chunk_size`: size of file parts
+* `upload_cutoff`: files larger or equal to this in size will use a chunked transfer
+* `upload_concurrency`: number of file-parts to upload at the same time
 
-### untrash
+See the below section about configuration options for more details.
 
-Untrash files and directories
+### Root folder
 
-    rclone backend untrash remote: [options] [<arguments>+]
+You can set the root folder for rclone.
+This is the directory that rclone considers to be the root of your HiDrive.
 
-This command untrashes all the files and directories in the directory
-passed in recursively.
+Usually, you will leave this blank, and rclone will use the root of the account.
 
-Usage:
+However, you can set this to restrict rclone to a specific folder hierarchy.
 
-This takes an optional directory to trash which make this easier to
-use via the API.
+This works by prepending the contents of the `root_prefix` option
+to any paths accessed by rclone.
+For example, the following two ways to access the home directory are equivalent:
 
-    rclone backend untrash drive:directory
-    rclone backend --interactive untrash drive:directory subdir
+    rclone lsd --hidrive-root-prefix="/users/test/" remote:path
 
-Use the --interactive/-i or --dry-run flag to see what would be restored before restoring it.
+    rclone lsd remote:/users/test/path
 
-Result:
+See the below section about configuration options for more details.
 
-    {
-        "Untrashed": 17,
-        "Errors": 0
-    }
+### Directory member count
 
+By default, rclone will know the number of directory members contained in a directory.
+For example, `rclone lsd` uses this information.
 
-### copyid
+The acquisition of this information will result in additional time costs for HiDrive's API.
+When dealing with large directory structures, it may be desirable to circumvent this time cost,
+especially when this information is not explicitly needed.
+For this, the `disable_fetching_member_count` option can be used.
 
-Copy files by ID
+See the below section about configuration options for more details.
 
-    rclone backend copyid remote: [options] [<arguments>+]
 
-This command copies files by ID
+### Standard options
 
-Usage:
+Here are the Standard options specific to hidrive (HiDrive).
 
-    rclone backend copyid drive: ID path
-    rclone backend copyid drive: ID1 path1 ID2 path2
+#### --hidrive-client-id
 
-It copies the drive file with ID given to the path (an rclone path which
-will be passed internally to rclone copyto). The ID and path pairs can be
-repeated.
+OAuth Client Id.
 
-The path should end with a / to indicate copy the file as named to
-this directory. If it doesn't end with a / then the last path
-component will be used as the file name.
+Leave blank normally.
 
-If the destination is a drive backend then server-side copying will be
-attempted if possible.
+Properties:
 
-Use the --interactive/-i or --dry-run flag to see what would be copied before copying.
+- Config:      client_id
+- Env Var:     RCLONE_HIDRIVE_CLIENT_ID
+- Type:        string
+- Required:    false
 
+#### --hidrive-client-secret
 
-### exportformats
+OAuth Client Secret.
 
-Dump the export formats for debug purposes
+Leave blank normally.
 
-    rclone backend exportformats remote: [options] [<arguments>+]
+Properties:
 
-### importformats
+- Config:      client_secret
+- Env Var:     RCLONE_HIDRIVE_CLIENT_SECRET
+- Type:        string
+- Required:    false
 
-Dump the import formats for debug purposes
+#### --hidrive-scope-access
 
-    rclone backend importformats remote: [options] [<arguments>+]
+Access permissions that rclone should use when requesting access from HiDrive.
 
+Properties:
 
+- Config:      scope_access
+- Env Var:     RCLONE_HIDRIVE_SCOPE_ACCESS
+- Type:        string
+- Default:     "rw"
+- Examples:
+    - "rw"
+        - Read and write access to resources.
+    - "ro"
+        - Read-only access to resources.
 
-## Limitations
+### Advanced options
 
-Drive has quite a lot of rate limiting.  This causes rclone to be
-limited to transferring about 2 files per second only.  Individual
-files may be transferred much faster at 100s of MiB/s but lots of
-small files can take a long time.
+Here are the Advanced options specific to hidrive (HiDrive).
 
-Server side copies are also subject to a separate rate limit. If you
-see User rate limit exceeded errors, wait at least 24 hours and retry.
-You can disable server-side copies with `--disable copy` to download
-and upload the files if you prefer.
+#### --hidrive-token
 
-### Limitations of Google Docs
+OAuth Access Token as a JSON blob.
 
-Google docs will appear as size -1 in `rclone ls`, `rclone ncdu` etc,
-and as size 0 in anything which uses the VFS layer, e.g. `rclone mount`
-and `rclone serve`. When calculating directory totals, e.g. in
-`rclone size` and `rclone ncdu`, they will be counted in as empty
-files.
+Properties:
 
-This is because rclone can't find out the size of the Google docs
-without downloading them.
+- Config:      token
+- Env Var:     RCLONE_HIDRIVE_TOKEN
+- Type:        string
+- Required:    false
 
-Google docs will transfer correctly with `rclone sync`, `rclone copy`
-etc as rclone knows to ignore the size when doing the transfer.
+#### --hidrive-auth-url
 
-However an unfortunate consequence of this is that you may not be able
-to download Google docs using `rclone mount`. If it doesn't work you
-will get a 0 sized file.  If you try again the doc may gain its
-correct size and be downloadable. Whether it will work on not depends
-on the application accessing the mount and the OS you are running -
-experiment to find out if it does work for you!
+Auth server URL.
 
-### Duplicated files
+Leave blank to use the provider defaults.
 
-Sometimes, for no reason I've been able to track down, drive will
-duplicate a file that rclone uploads.  Drive unlike all the other
-remotes can have duplicated files.
+Properties:
 
-Duplicated files cause problems with the syncing and you will see
-messages in the log about duplicates.
+- Config:      auth_url
+- Env Var:     RCLONE_HIDRIVE_AUTH_URL
+- Type:        string
+- Required:    false
 
-Use `rclone dedupe` to fix duplicated files.
+#### --hidrive-token-url
 
-Note that this isn't just a problem with rclone, even Google Photos on
-Android duplicates files on drive sometimes.
+Token server url.
 
-### Rclone appears to be re-copying files it shouldn't
+Leave blank to use the provider defaults.
 
-The most likely cause of this is the duplicated file issue above - run
-`rclone dedupe` and check your logs for duplicate object or directory
-messages.
+Properties:
 
-This can also be caused by a delay/caching on google drive's end when
-comparing directory listings. Specifically with team drives used in
-combination with --fast-list. Files that were uploaded recently may
-not appear on the directory list sent to rclone when using --fast-list.
+- Config:      token_url
+- Env Var:     RCLONE_HIDRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
 
-Waiting a moderate period of time between attempts (estimated to be
-approximately 1 hour) and/or not using --fast-list both seem to be
-effective in preventing the problem.
+#### --hidrive-scope-role
 
-## Making your own client_id
+User-level that rclone should use when requesting access from HiDrive.
 
-When you use rclone with Google drive in its default configuration you
-are using rclone's client_id.  This is shared between all the rclone
-users.  There is a global rate limit on the number of queries per
-second that each client_id can do set by Google.  rclone already has a
-high quota and I will continue to make sure it is high enough by
-contacting Google.
+Properties:
 
-It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.
+- Config:      scope_role
+- Env Var:     RCLONE_HIDRIVE_SCOPE_ROLE
+- Type:        string
+- Default:     "user"
+- Examples:
+    - "user"
+        - User-level access to management permissions.
+        - This will be sufficient in most cases.
+    - "admin"
+        - Extensive access to management permissions.
+    - "owner"
+        - Full access to management permissions.
 
-Here is how to create your own Google Drive client ID for rclone:
+#### --hidrive-root-prefix
 
-1. Log into the [Google API
-Console](https://console.developers.google.com/) with your Google
-account. It doesn't matter what Google account you use. (It need not
-be the same account as the Google Drive you want to access)
+The root/parent folder for all paths.
 
-2. Select a project or create a new project.
+Fill in to use the specified folder as the parent for all paths given to the remote.
+This way rclone can use any folder as its starting point.
 
-3. Under "ENABLE APIS AND SERVICES" search for "Drive", and enable the
-"Google Drive API".
+Properties:
 
-4. Click "Credentials" in the left-side panel (not "Create
-credentials", which opens the wizard), then "Create credentials"
+- Config:      root_prefix
+- Env Var:     RCLONE_HIDRIVE_ROOT_PREFIX
+- Type:        string
+- Default:     "/"
+- Examples:
+    - "/"
+        - The topmost directory accessible by rclone.
+        - This will be equivalent with "root" if rclone uses a regular HiDrive user account.
+    - "root"
+        - The topmost directory of the HiDrive user account
+    - ""
+        - This specifies that there is no root-prefix for your paths.
+        - When using this you will always need to specify paths to this remote with a valid parent e.g. "remote:/path/to/dir" or "remote:root/path/to/dir".
 
-5. If you already configured an "Oauth Consent Screen", then skip
-to the next step; if not, click on "CONFIGURE CONSENT SCREEN" button 
-(near the top right corner of the right panel), then select "External"
-and click on "CREATE"; on the next screen, enter an "Application name"
-("rclone" is OK); enter "User Support Email" (your own email is OK); 
-enter "Developer Contact Email" (your own email is OK); then click on
-"Save" (all other data is optional). You will also have to add some scopes,
-including `.../auth/docs` and `.../auth/drive` in order to be able to edit,
-create and delete files with RClone. You may also want to include the
-`../auth/drive.metadata.readonly` scope. After adding scopes, click
-"Save and continue" to add test users. Be sure to add your own account to
-the test users. Once you've added yourself as a test user and saved the
-changes, click again on "Credentials" on the left panel to go back to
-the "Credentials" screen.
+#### --hidrive-endpoint
 
-   (PS: if you are a GSuite user, you could also select "Internal" instead
-of "External" above, but this will restrict API use to Google Workspace 
-users in your organisation). 
+Endpoint for the service.
 
-6.  Click on the "+ CREATE CREDENTIALS" button at the top of the screen,
-then select "OAuth client ID".
+This is the URL that API-calls will be made to.
 
-7. Choose an application type of "Desktop app" and click "Create". (the default name is fine)
+Properties:
 
-8. It will show you a client ID and client secret. Make a note of these.
-   
-   (If you selected "External" at Step 5 continue to Step 9. 
-   If you chose "Internal" you don't need to publish and can skip straight to
-   Step 10 but your destination drive must be part of the same Google Workspace.)
+- Config:      endpoint
+- Env Var:     RCLONE_HIDRIVE_ENDPOINT
+- Type:        string
+- Default:     "https://api.hidrive.strato.com/2.1"
 
-9. Go to "Oauth consent screen" and then click "PUBLISH APP" button and confirm.
-   You will also want to add yourself as a test user.
+#### --hidrive-disable-fetching-member-count
 
-10. Provide the noted client ID and client secret to rclone.
+Do not fetch number of objects in directories unless it is absolutely necessary.
 
-Be aware that, due to the "enhanced security" recently introduced by
-Google, you are theoretically expected to "submit your app for verification"
-and then wait a few weeks(!) for their response; in practice, you can go right
-ahead and use the client ID and client secret with rclone, the only issue will
-be a very scary confirmation screen shown when you connect via your browser 
-for rclone to be able to get its token-id (but as this only happens during 
-the remote configuration, it's not such a big deal). Keeping the application in
-"Testing" will work as well, but the limitation is that any grants will expire
-after a week, which can be annoying to refresh constantly. If, for whatever
-reason, a short grant time is not a problem, then keeping the application in
-testing mode would also be sufficient.
+Requests may be faster if the number of objects in subdirectories is not fetched.
 
-(Thanks to @balazer on github for these instructions.)
+Properties:
 
-Sometimes, creation of an OAuth consent in Google API Console fails due to an error message
-“The request failed because changes to one of the field of the resource is not supported”.
-As a convenient workaround, the necessary Google Drive API key can be created on the
-[Python Quickstart](https://developers.google.com/drive/api/v3/quickstart/python) page.
-Just push the Enable the Drive API button to receive the Client ID and Secret.
-Note that it will automatically create a new project in the API Console.
+- Config:      disable_fetching_member_count
+- Env Var:     RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT
+- Type:        bool
+- Default:     false
 
-#  Google Photos
+#### --hidrive-chunk-size
 
-The rclone backend for [Google Photos](https://www.google.com/photos/about/) is
-a specialized backend for transferring photos and videos to and from
-Google Photos.
+Chunksize for chunked uploads.
 
-**NB** The Google Photos API which rclone uses has quite a few
-limitations, so please read the [limitations section](#limitations)
-carefully to make sure it is suitable for your use.
+Any files larger than the configured cutoff (or files of unknown size) will be uploaded in chunks of this size.
 
-## Configuration
+The upper limit for this is 2147483647 bytes (about 2.000Gi).
+That is the maximum amount of bytes a single upload-operation will support.
+Setting this above the upper limit or to a negative value will cause uploads to fail.
 
-The initial setup for google cloud storage involves getting a token from Google Photos
-which you need to do in your browser.  `rclone config` walks you
-through it.
+Setting this to larger values may increase the upload speed at the cost of using more memory.
+It can be set to smaller values smaller to save on memory.
 
-Here is an example of how to make a remote called `remote`.  First run:
+Properties:
 
-     rclone config
+- Config:      chunk_size
+- Env Var:     RCLONE_HIDRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     48Mi
 
-This will guide you through an interactive setup process:
+#### --hidrive-upload-cutoff
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Photos
-   \ "google photos"
-[snip]
-Storage> google photos
-** See help for google photos backend at: https://rclone.org/googlephotos/ **
+Cutoff/Threshold for chunked uploads.
 
-Google Application Client Id
-Leave blank normally.
-Enter a string value. Press Enter for the default ("").
-client_id> 
-Google Application Client Secret
-Leave blank normally.
-Enter a string value. Press Enter for the default ("").
-client_secret> 
-Set to make the Google Photos backend read only.
+Any files larger than this will be uploaded in chunks of the configured chunksize.
 
-If you choose read only then rclone will only request read only access
-to your photos, otherwise rclone will request full access.
-Enter a boolean value (true or false). Press Enter for the default ("false").
-read_only> 
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
+The upper limit for this is 2147483647 bytes (about 2.000Gi).
+That is the maximum amount of bytes a single upload-operation will support.
+Setting this above the upper limit will cause uploads to fail.
 
-*** IMPORTANT: All media items uploaded to Google Photos with rclone
-*** are stored in full resolution at original quality.  These uploads
-*** will count towards storage in your Google Account.
+Properties:
 
---------------------
-[remote]
-type = google photos
-token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2019-06-28T17:38:04.644930156+01:00"}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+- Config:      upload_cutoff
+- Env Var:     RCLONE_HIDRIVE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     96Mi
 
-See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
-machine with no Internet browser available.
+#### --hidrive-upload-concurrency
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically 
-authenticate. This only
-runs from the moment it opens your browser to the moment you get back
-the verification code.  This is on `http://127.0.0.1:53682/` and this
-may require you to unblock it temporarily if you are running a host
-firewall, or use manual mode.
+Concurrency for chunked uploads.
 
-This remote is called `remote` and can now be used like this
+This is the upper limit for how many transfers for the same file are running concurrently.
+Setting this above to a value smaller than 1 will cause uploads to deadlock.
 
-See all the albums in your photos
+If you are uploading small numbers of large files over high-speed links
+and these uploads do not fully utilize your bandwidth, then increasing
+this may help to speed up the transfers.
 
-    rclone lsd remote:album
+Properties:
 
-Make a new album
+- Config:      upload_concurrency
+- Env Var:     RCLONE_HIDRIVE_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
 
-    rclone mkdir remote:album/newAlbum
+#### --hidrive-encoding
 
-List the contents of an album
+The encoding for the backend.
 
-    rclone ls remote:album/newAlbum
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Sync `/home/local/images` to the Google Photos, removing any excess
-files in the album.
+Properties:
 
-    rclone sync --interactive /home/local/image remote:album/newAlbum
+- Config:      encoding
+- Env Var:     RCLONE_HIDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,Dot
 
-### Layout
 
-As Google Photos is not a general purpose cloud storage system, the
-backend is laid out to help you navigate it.
 
-The directories under `media` show different ways of categorizing the
-media.  Each file will appear multiple times.  So if you want to make
-a backup of your google photos you might choose to backup
-`remote:media/by-month`.  (**NB** `remote:media/by-day` is rather slow
-at the moment so avoid for syncing.)
+## Limitations
 
-Note that all your photos and videos will appear somewhere under
-`media`, but they may not appear under `album` unless you've put them
-into albums.
+### Symbolic links
 
-```
-/
-- upload
-    - file1.jpg
-    - file2.jpg
-    - ...
-- media
-    - all
-        - file1.jpg
-        - file2.jpg
-        - ...
-    - by-year
-        - 2000
-            - file1.jpg
-            - ...
-        - 2001
-            - file2.jpg
-            - ...
-        - ...
-    - by-month
-        - 2000
-            - 2000-01
-                - file1.jpg
-                - ...
-            - 2000-02
-                - file2.jpg
-                - ...
-        - ...
-    - by-day
-        - 2000
-            - 2000-01-01
-                - file1.jpg
-                - ...
-            - 2000-01-02
-                - file2.jpg
-                - ...
-        - ...
-- album
-    - album name
-    - album name/sub
-- shared-album
-    - album name
-    - album name/sub
-- feature
-    - favorites
-        - file1.jpg
-        - file2.jpg
-```
+HiDrive is able to store symbolic links (*symlinks*) by design,
+for example, when unpacked from a zip archive.
 
-There are two writable parts of the tree, the `upload` directory and
-sub directories of the `album` directory.
+There exists no direct mechanism to manage native symlinks in remotes.
+As such this implementation has chosen to ignore any native symlinks present in the remote.
+rclone will not be able to access or show any symlinks stored in the hidrive-remote.
+This means symlinks cannot be individually removed, copied, or moved,
+except when removing, copying, or moving the parent folder.
 
-The `upload` directory is for uploading files you don't want to put
-into albums. This will be empty to start with and will contain the
-files you've uploaded for one rclone session only, becoming empty
-again when you restart rclone. The use case for this would be if you
-have a load of files you just want to once off dump into Google
-Photos. For repeated syncing, uploading to `album` will work better.
+*This does not affect the `.rclonelink`-files
+that rclone uses to encode and store symbolic links.*
 
-Directories within the `album` directory are also writeable and you
-may create new directories (albums) under `album`.  If you copy files
-with a directory hierarchy in there then rclone will create albums
-with the `/` character in them.  For example if you do
+### Sparse files
 
-    rclone copy /path/to/images remote:album/images
+It is possible to store sparse files in HiDrive.
 
-and the images directory contains
+Note that copying a sparse file will expand the holes
+into null-byte (0x00) regions that will then consume disk space.
+Likewise, when downloading a sparse file,
+the resulting file will have null-byte regions in the place of file holes.
 
-```
-images
-    - file1.jpg
-    dir
-        file2.jpg
-    dir2
-        dir3
-            file3.jpg
-```
+#  HTTP
 
-Then rclone will create the following albums with the following files in
+The HTTP remote is a read only remote for reading files of a
+webserver.  The webserver should provide file listings which rclone
+will read and turn into a remote.  This has been tested with common
+webservers such as Apache/Nginx/Caddy and will likely work with file
+listings from most web servers.  (If it doesn't then please file an
+issue, or send a pull request!)
 
-- images
-    - file1.jpg
-- images/dir
-    - file2.jpg
-- images/dir2/dir3
-    - file3.jpg
+Paths are specified as `remote:` or `remote:path`.
 
-This means that you can use the `album` path pretty much like a normal
-filesystem and it is a good target for repeated syncing.
+The `remote:` represents the configured [url](#http-url), and any path following
+it will be resolved relative to this url, according to the URL standard. This
+means with remote url `https://beta.rclone.org/branch` and path `fix`, the
+resolved URL will be `https://beta.rclone.org/branch/fix`, while with path
+`/fix` the resolved URL will be `https://beta.rclone.org/fix` as the absolute
+path is resolved from the root of the domain.
 
-The `shared-album` directory shows albums shared with you or by you.
-This is similar to the Sharing tab in the Google Photos web interface.
+If the path following the `remote:` ends with `/` it will be assumed to point
+to a directory. If the path does not end with `/`, then a HEAD request is sent
+and the response used to decide if it it is treated as a file or a directory
+(run with `-vv` to see details). When [--http-no-head](#http-no-head) is
+specified, a path without ending `/` is always assumed to be a file. If rclone
+incorrectly assumes the path is a file, the solution is to specify the path with
+ending `/`. When you know the path is a directory, ending it with `/` is always
+better as it avoids the initial HEAD request.
 
+To just download a single file it is easier to use
+[copyurl](https://rclone.org/commands/rclone_copyurl/).
 
-### Standard options
+## Configuration
 
-Here are the Standard options specific to google photos (Google Photos).
+Here is an example of how to make a remote called `remote`.  First
+run:
 
-#### --gphotos-client-id
+     rclone config
 
-OAuth Client Id.
+This will guide you through an interactive setup process:
 
-Leave blank normally.
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / HTTP
+   \ "http"
+[snip]
+Storage> http
+URL of http host to connect to
+Choose a number from below, or type in your own value
+ 1 / Connect to example.com
+   \ "https://example.com"
+url> https://beta.rclone.org
+Remote config
+--------------------
+[remote]
+url = https://beta.rclone.org
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
 
-Properties:
+Name                 Type
+====                 ====
+remote               http
 
-- Config:      client_id
-- Env Var:     RCLONE_GPHOTOS_CLIENT_ID
-- Type:        string
-- Required:    false
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> q
+```
 
-#### --gphotos-client-secret
+This remote is called `remote` and can now be used like this
 
-OAuth Client Secret.
+See all the top level directories
 
-Leave blank normally.
+    rclone lsd remote:
 
-Properties:
+List the contents of a directory
 
-- Config:      client_secret
-- Env Var:     RCLONE_GPHOTOS_CLIENT_SECRET
-- Type:        string
-- Required:    false
+    rclone ls remote:directory
 
-#### --gphotos-read-only
+Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
 
-Set to make the Google Photos backend read only.
+    rclone sync --interactive remote:directory /home/local/directory
 
-If you choose read only then rclone will only request read only access
-to your photos, otherwise rclone will request full access.
+### Read only
 
-Properties:
+This remote is read only - you can't upload files to an HTTP server.
 
-- Config:      read_only
-- Env Var:     RCLONE_GPHOTOS_READ_ONLY
-- Type:        bool
-- Default:     false
+### Modification times
 
-### Advanced options
+Most HTTP servers store time accurate to 1 second.
 
-Here are the Advanced options specific to google photos (Google Photos).
+### Checksum
 
-#### --gphotos-token
+No checksums are stored.
 
-OAuth Access Token as a JSON blob.
+### Usage without a config file
 
-Properties:
+Since the http remote only has one config parameter it is easy to use
+without a config file:
 
-- Config:      token
-- Env Var:     RCLONE_GPHOTOS_TOKEN
-- Type:        string
-- Required:    false
+    rclone lsd --http-url https://beta.rclone.org :http:
 
-#### --gphotos-auth-url
+or:
 
-Auth server URL.
+    rclone lsd :http,url='https://beta.rclone.org':
 
-Leave blank to use the provider defaults.
 
-Properties:
+### Standard options
 
-- Config:      auth_url
-- Env Var:     RCLONE_GPHOTOS_AUTH_URL
-- Type:        string
-- Required:    false
+Here are the Standard options specific to http (HTTP).
 
-#### --gphotos-token-url
+#### --http-url
 
-Token server url.
+URL of HTTP host to connect to.
 
-Leave blank to use the provider defaults.
+E.g. "https://example.com", or "https://user:pass@example.com" to use a username and password.
 
 Properties:
 
-- Config:      token_url
-- Env Var:     RCLONE_GPHOTOS_TOKEN_URL
+- Config:      url
+- Env Var:     RCLONE_HTTP_URL
 - Type:        string
-- Required:    false
+- Required:    true
 
-#### --gphotos-read-size
+### Advanced options
 
-Set to read the size of media items.
+Here are the Advanced options specific to http (HTTP).
 
-Normally rclone does not read the size of media items since this takes
-another transaction.  This isn't necessary for syncing.  However
-rclone mount needs to know the size of files in advance of reading
-them, so setting this flag when using rclone mount is recommended if
-you want to read the media.
+#### --http-headers
 
-Properties:
+Set HTTP headers for all transactions.
 
-- Config:      read_size
-- Env Var:     RCLONE_GPHOTOS_READ_SIZE
-- Type:        bool
-- Default:     false
+Use this to set additional HTTP headers for all transactions.
 
-#### --gphotos-start-year
+The input format is comma separated list of key,value pairs.  Standard
+[CSV encoding](https://godoc.org/encoding/csv) may be used.
 
-Year limits the photos to be downloaded to those which are uploaded after the given year.
+For example, to set a Cookie use 'Cookie,name=value', or '"Cookie","name=value"'.
 
-Properties:
+You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'.
 
-- Config:      start_year
-- Env Var:     RCLONE_GPHOTOS_START_YEAR
-- Type:        int
-- Default:     2000
+Properties:
 
-#### --gphotos-include-archived
+- Config:      headers
+- Env Var:     RCLONE_HTTP_HEADERS
+- Type:        CommaSepList
+- Default:     
 
-Also view and download archived media.
+#### --http-no-slash
 
-By default, rclone does not request archived media. Thus, when syncing,
-archived media is not visible in directory listings or transferred.
+Set this if the site doesn't end directories with /.
 
-Note that media in albums is always visible and synced, no matter
-their archive status.
+Use this if your target website does not use / on the end of
+directories.
 
-With this flag, archived media are always visible in directory
-listings and transferred.
+A / on the end of a path is how rclone normally tells the difference
+between files and directories.  If this flag is set, then rclone will
+treat all files with Content-Type: text/html as directories and read
+URLs from them rather than downloading them.
 
-Without this flag, archived media will not be visible in directory
-listings and won't be transferred.
+Note that this may cause rclone to confuse genuine HTML files with
+directories.
 
 Properties:
 
-- Config:      include_archived
-- Env Var:     RCLONE_GPHOTOS_INCLUDE_ARCHIVED
+- Config:      no_slash
+- Env Var:     RCLONE_HTTP_NO_SLASH
 - Type:        bool
 - Default:     false
 
-#### --gphotos-encoding
-
-The encoding for the backend.
-
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+#### --http-no-head
 
-Properties:
+Don't use HEAD requests.
 
-- Config:      encoding
-- Env Var:     RCLONE_GPHOTOS_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,CrLf,InvalidUtf8,Dot
+HEAD requests are mainly used to find file sizes in dir listing.
+If your site is being very slow to load then you can try this option.
+Normally rclone does a HEAD request for each potential file in a
+directory listing to:
 
+- find its size
+- check it really exists
+- check to see if it is a directory
 
+If you set this option, rclone will not do the HEAD request. This will mean
+that directory listings are much quicker, but rclone won't have the times or
+sizes of any files, and some files that don't exist may be in the listing.
 
-## Limitations
+Properties:
 
-Only images and videos can be uploaded.  If you attempt to upload non
-videos or images or formats that Google Photos doesn't understand,
-rclone will upload the file, then Google Photos will give an error
-when it is put turned into a media item.
+- Config:      no_head
+- Env Var:     RCLONE_HTTP_NO_HEAD
+- Type:        bool
+- Default:     false
 
-Note that all media items uploaded to Google Photos through the API
-are stored in full resolution at "original quality" and **will** count
-towards your storage quota in your Google Account.  The API does
-**not** offer a way to upload in "high quality" mode..
+## Backend commands
 
-`rclone about` is not supported by the Google Photos backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+Here are the commands specific to the http backend.
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features)
-See [rclone about](https://rclone.org/commands/rclone_about/)
+Run them with
 
-### Downloading Images
+    rclone backend COMMAND remote:
 
-When Images are downloaded this strips EXIF location (according to the
-docs and my tests).  This is a limitation of the Google Photos API and
-is covered by [bug #112096115](https://issuetracker.google.com/issues/112096115).
+The help below will explain what arguments each command takes.
 
-**The current google API does not allow photos to be downloaded at original resolution.  This is very important if you are, for example, relying on "Google Photos" as a backup of your photos.  You will not be able to use rclone to redownload original images.  You could use 'google takeout' to recover the original photos as a last resort**
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
 
-### Downloading Videos
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
 
-When videos are downloaded they are downloaded in a really compressed
-version of the video compared to downloading it via the Google Photos
-web interface. This is covered by [bug #113672044](https://issuetracker.google.com/issues/113672044).
+### set
 
-### Duplicates
+Set command for updating the config parameters.
 
-If a file name is duplicated in a directory then rclone will add the
-file ID into its name.  So two files called `file.jpg` would then
-appear as `file {123456}.jpg` and `file {ABCDEF}.jpg` (the actual IDs
-are a lot longer alas!).
+    rclone backend set remote: [options] [<arguments>+]
 
-If you upload the same image (with the same binary data) twice then
-Google Photos will deduplicate it.  However it will retain the
-filename from the first upload which may confuse rclone.  For example
-if you uploaded an image to `upload` then uploaded the same image to
-`album/my_album` the filename of the image in `album/my_album` will be
-what it was uploaded with initially, not what you uploaded it with to
-`album`.  In practise this shouldn't cause too many problems.
+This set command can be used to update the config parameters
+for a running http backend.
 
-### Modified time
+Usage Examples:
 
-The date shown of media in Google Photos is the creation date as
-determined by the EXIF information, or the upload date if that is not
-known.
+    rclone backend set remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: -o url=https://example.com
 
-This is not changeable by rclone and is not the modification date of
-the media on local disk.  This means that rclone cannot use the dates
-from Google Photos for syncing purposes.
+The option keys are named as they are in the config file.
 
-### Size
+This rebuilds the connection to the http backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
 
-The Google Photos API does not return the size of media.  This means
-that when syncing to Google Photos, rclone can only do a file
-existence check.
+It doesn't return anything.
 
-It is possible to read the size of the media, but this needs an extra
-HTTP HEAD request per media item so is **very slow** and uses up a lot of
-transactions.  This can be enabled with the `--gphotos-read-size`
-option or the `read_size = true` config parameter.
 
-If you want to use the backend with `rclone mount` you may need to
-enable this flag (depending on your OS and application using the
-photos) otherwise you may not be able to read media off the mount.
-You'll need to experiment to see if it works for you without the flag.
 
-### Albums
 
-Rclone can only upload files to albums it created. This is a
-[limitation of the Google Photos API](https://developers.google.com/photos/library/guides/manage-albums).
+## Limitations
 
-Rclone can remove files it uploaded from albums it created only.
+`rclone about` is not supported by the HTTP backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
 
-### Deleting files
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-Rclone can remove files from albums it created, but note that the
-Google Photos API does not allow media to be deleted permanently so
-this media will still remain. See [bug #109759781](https://issuetracker.google.com/issues/109759781).
+#  ImageKit
+This is a backend for the [ImageKit.io](https://imagekit.io/) storage service.
 
-Rclone cannot delete files anywhere except under `album`.
+#### About ImageKit
+[ImageKit.io](https://imagekit.io/)  provides real-time image and video optimizations, transformations, and CDN delivery. Over 1,000 businesses and 70,000 developers trust ImageKit with their images and videos on the web.
 
-### Deleting albums
 
-The Google Photos API does not support deleting albums - see [bug #135714733](https://issuetracker.google.com/issues/135714733).
+#### Accounts & Pricing
 
-#  Hasher
+To use this backend, you need to [create an account](https://imagekit.io/registration/) on ImageKit. Start with a free plan with generous usage limits. Then, as your requirements grow, upgrade to a plan that best fits your needs. See [the pricing details](https://imagekit.io/plans).
 
-Hasher is a special overlay backend to create remotes which handle
-checksums for other remotes. It's main functions include:
-- Emulate hash types unimplemented by backends
-- Cache checksums to help with slow hashing of large local or (S)FTP files
-- Warm up checksum cache from external SUM files
+## Configuration
 
-## Getting started
+Here is an example of making an imagekit configuration.
 
-To use Hasher, first set up the underlying remote following the configuration
-instructions for that remote. You can also use a local pathname instead of
-a remote. Check that your base remote is working.
+Firstly create a [ImageKit.io](https://imagekit.io/) account and choose a plan.
 
-Let's call the base remote `myRemote:path` here. Note that anything inside
-`myRemote:path` will be handled by hasher and anything outside won't.
-This means that if you are using a bucket based remote (S3, B2, Swift)
-then you should put the bucket in the remote `s3:bucket`.
+You will need to log in and get the `publicKey` and `privateKey` for your account from the developer section.
 
-Now proceed to interactive or manual configuration.
+Now run
+```
+rclone config
+```
 
-### Interactive configuration
+This will guide you through an interactive setup process:
 
-Run `rclone config`:
 ```
 No remotes found, make a new one?
 n) New remote
 s) Set configuration password
 q) Quit config
 n/s/q> n
-name> Hasher1
+
+Enter the name for the new remote.
+name> imagekit-media-library
+
+Option Storage.
 Type of storage to configure.
-Choose a number from below, or type in your own value
+Choose a number from below, or type in your own value.
 [snip]
-XX / Handle checksums for other remotes
-   \ "hasher"
+XX / ImageKit.io
+\ (imagekit)
 [snip]
-Storage> hasher
-Remote to cache checksums for, like myremote:mypath.
-Enter a string value. Press Enter for the default ("").
-remote> myRemote:path
-Comma separated list of supported checksum types.
-Enter a string value. Press Enter for the default ("md5,sha1").
-hashsums> md5
-Maximum time to keep checksums in cache. 0 = no cache, off = cache forever.
-max_age> off
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
---------------------
-[Hasher1]
-type = hasher
-remote = myRemote:path
-hashsums = md5
-max_age = off
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
-
-### Manual configuration
-
-Run `rclone config path` to see the path of current active config file,
-usually `YOURHOME/.config/rclone/rclone.conf`.
-Open it in your favorite text editor, find section for the base remote
-and create new section for hasher like in the following examples:
-
-```
-[Hasher1]
-type = hasher
-remote = myRemote:path
-hashes = md5
-max_age = off
-
-[Hasher2]
-type = hasher
-remote = /local/path
-hashes = dropbox,sha1
-max_age = 24h
-```
-
-Hasher takes basically the following parameters:
-- `remote` is required,
-- `hashes` is a comma separated list of supported checksums
-   (by default `md5,sha1`),
-- `max_age` - maximum time to keep a checksum value in the cache,
-   `0` will disable caching completely,
-   `off` will cache "forever" (that is until the files get changed).
+Storage> imagekit
+  
+Option endpoint.
+You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+Enter a value.
+endpoint> https://ik.imagekit.io/imagekit_id  
 
-Make sure the `remote` has `:` (colon) in. If you specify the remote without
-a colon then rclone will use a local directory of that name. So if you use
-a remote of `/local/path` then rclone will handle hashes for that directory.
-If you use `remote = name` literally then rclone will put files
-**in a directory called `name` located under current directory**.
+Option public_key.
+You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+Enter a value.
+public_key> public_****************************
 
-## Usage
+Option private_key.
+You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+Enter a value.
+private_key> private_****************************
 
-### Basic operations
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
 
-Now you can use it as `Hasher2:subdir/file` instead of base remote.
-Hasher will transparently update cache with new checksums when a file
-is fully read or overwritten, like:
-```
-rclone copy External:path/file Hasher:dest/path
+Configuration complete.
+Options:
+- type: imagekit
+- endpoint: https://ik.imagekit.io/imagekit_id
+- public_key: public_****************************
+- private_key: private_****************************
 
-rclone cat Hasher:path/to/file > /dev/null
+Keep this "imagekit-media-library" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
 ```
-
-The way to refresh **all** cached checksums (even unsupported by the base backend)
-for a subtree is to **re-download** all files in the subtree. For example,
-use `hashsum --download` using **any** supported hashsum on the command line
-(we just care to re-read):
+List directories in the top level of your Media Library
 ```
-rclone hashsum MD5 --download Hasher:path/to/subtree > /dev/null
-
-rclone backend dump Hasher:path/to/subtree
+rclone lsd imagekit-media-library:
 ```
-
-You can print or drop hashsum cache using custom backend commands:
+Make a new directory.
 ```
-rclone backend dump Hasher:dir/subdir
-
-rclone backend drop Hasher:
+rclone mkdir imagekit-media-library:directory
 ```
-
-### Pre-Seed from a SUM File
-
-Hasher supports two backend commands: generic SUM file `import` and faster
-but less consistent `stickyimport`.
-
+List the contents of a directory.
 ```
-rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM [--checkers 4]
+rclone ls imagekit-media-library:directory
 ```
 
-Instead of SHA1 it can be any hash supported by the remote. The last argument
-can point to either a local or an `other-remote:path` text file in SUM format.
-The command will parse the SUM file, then walk down the path given by the
-first argument, snapshot current fingerprints and fill in the cache entries
-correspondingly.
-- Paths in the SUM file are treated as relative to `hasher:dir/subdir`.
-- The command will **not** check that supplied values are correct.
-  You **must know** what you are doing.
-- This is a one-time action. The SUM file will not get "attached" to the
-  remote. Cache entries can still be overwritten later, should the object's
-  fingerprint change.
-- The tree walk can take long depending on the tree size. You can increase
-  `--checkers` to make it faster. Or use `stickyimport` if you don't care
-  about fingerprints and consistency.
+###   Modified time and hashes
 
-```
-rclone backend stickyimport hasher:path/to/data sha1 remote:/path/to/sum.sha1
-```
+ImageKit does not support modification times or hashes yet.
 
-`stickyimport` is similar to `import` but works much faster because it
-does not need to stat existing files and skips initial tree walk.
-Instead of binding cache entries to file fingerprints it creates _sticky_
-entries bound to the file name alone ignoring size, modification time etc.
-Such hash entries can be replaced only by `purge`, `delete`, `backend drop`
-or by full re-read/re-write of the files.
+### Checksums
 
-## Configuration reference
+No checksums are supported.
 
 
 ### Standard options
 
-Here are the Standard options specific to hasher (Better checksums for other remotes).
+Here are the Standard options specific to imagekit (ImageKit.io).
 
-#### --hasher-remote
+#### --imagekit-endpoint
 
-Remote to cache checksums for (e.g. myRemote:path).
+You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
 
 Properties:
 
-- Config:      remote
-- Env Var:     RCLONE_HASHER_REMOTE
+- Config:      endpoint
+- Env Var:     RCLONE_IMAGEKIT_ENDPOINT
 - Type:        string
 - Required:    true
 
-#### --hasher-hashes
+#### --imagekit-public-key
 
-Comma separated list of supported checksum types.
+You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
 
 Properties:
 
-- Config:      hashes
-- Env Var:     RCLONE_HASHER_HASHES
-- Type:        CommaSepList
-- Default:     md5,sha1
+- Config:      public_key
+- Env Var:     RCLONE_IMAGEKIT_PUBLIC_KEY
+- Type:        string
+- Required:    true
 
-#### --hasher-max-age
+#### --imagekit-private-key
 
-Maximum time to keep checksums in cache (0 = no cache, off = cache forever).
+You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
 
 Properties:
 
-- Config:      max_age
-- Env Var:     RCLONE_HASHER_MAX_AGE
-- Type:        Duration
-- Default:     off
+- Config:      private_key
+- Env Var:     RCLONE_IMAGEKIT_PRIVATE_KEY
+- Type:        string
+- Required:    true
 
 ### Advanced options
 
-Here are the Advanced options specific to hasher (Better checksums for other remotes).
+Here are the Advanced options specific to imagekit (ImageKit.io).
 
-#### --hasher-auto-size
+#### --imagekit-only-signed
 
-Auto-update checksum for files smaller than this size (disabled by default).
+If you have configured `Restrict unsigned image URLs` in your dashboard settings, set this to true.
 
 Properties:
 
-- Config:      auto_size
-- Env Var:     RCLONE_HASHER_AUTO_SIZE
-- Type:        SizeSuffix
-- Default:     0
-
-### Metadata
-
-Any metadata supported by the underlying remote is read and written.
-
-See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
-
-## Backend commands
-
-Here are the commands specific to the hasher backend.
+- Config:      only_signed
+- Env Var:     RCLONE_IMAGEKIT_ONLY_SIGNED
+- Type:        bool
+- Default:     false
 
-Run them with
+#### --imagekit-versions
 
-    rclone backend COMMAND remote:
+Include old versions in directory listings.
 
-The help below will explain what arguments each command takes.
+Properties:
 
-See the [backend](https://rclone.org/commands/rclone_backend/) command for more
-info on how to pass options and arguments.
+- Config:      versions
+- Env Var:     RCLONE_IMAGEKIT_VERSIONS
+- Type:        bool
+- Default:     false
 
-These can be run on a running backend using the rc command
-[backend/command](https://rclone.org/rc/#backend-command).
+#### --imagekit-upload-tags
 
-### drop
+Tags to add to the uploaded files, e.g. "tag1,tag2".
 
-Drop cache
+Properties:
 
-    rclone backend drop remote: [options] [<arguments>+]
+- Config:      upload_tags
+- Env Var:     RCLONE_IMAGEKIT_UPLOAD_TAGS
+- Type:        string
+- Required:    false
 
-Completely drop checksum cache.
-Usage Example:
-    rclone backend drop hasher:
+#### --imagekit-encoding
 
+The encoding for the backend.
 
-### dump
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Dump the database
+Properties:
 
-    rclone backend dump remote: [options] [<arguments>+]
+- Config:      encoding
+- Env Var:     RCLONE_IMAGEKIT_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket
 
-Dump cache records covered by the current remote
+### Metadata
 
-### fulldump
+Any metadata supported by the underlying remote is read and written.
 
-Full dump of the database
+Here are the possible system metadata items for the imagekit backend.
 
-    rclone backend fulldump remote: [options] [<arguments>+]
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| aws-tags | AI generated tags by AWS Rekognition associated with the image | string | tag1,tag2 | **Y** |
+| btime | Time of file birth (creation) read from Last-Modified header | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+| custom-coordinates | Custom coordinates of the file | string | 0,0,100,100 | **Y** |
+| file-type | Type of the file | string | image | **Y** |
+| google-tags | AI generated tags by Google Cloud Vision associated with the image | string | tag1,tag2 | **Y** |
+| has-alpha | Whether the image has alpha channel or not | bool |  | **Y** |
+| height | Height of the image or video in pixels | int |  | **Y** |
+| is-private-file | Whether the file is private or not | bool |  | **Y** |
+| size | Size of the object in bytes | int64 |  | **Y** |
+| tags | Tags associated with the file | string | tag1,tag2 | **Y** |
+| width | Width of the image or video in pixels | int |  | **Y** |
 
-Dump all cache records in the database
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-### import
 
-Import a SUM file
 
-    rclone backend import remote: [options] [<arguments>+]
+#  Internet Archive
 
-Amend hash cache from a SUM file and bind checksums to files by size/time.
-Usage Example:
-    rclone backend import hasher:subdir md5 /path/to/sum.md5
+The Internet Archive backend utilizes Items on [archive.org](https://archive.org/)
 
+Refer to [IAS3 API documentation](https://archive.org/services/docs/api/ias3.html) for the API this backend uses.
 
-### stickyimport
+Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g. `remote:item/path/to/dir`.
 
-Perform fast import of a SUM file
+Unlike S3, listing up all items uploaded by you isn't supported.
 
-    rclone backend stickyimport remote: [options] [<arguments>+]
+Once you have made a remote, you can use it like this:
 
-Fill hash cache from a SUM file without verifying file fingerprints.
-Usage Example:
-    rclone backend stickyimport hasher:subdir md5 remote:path/to/sum.md5
+Make a new item
 
+    rclone mkdir remote:item
 
+List the contents of a item
 
+    rclone ls remote:item
 
-## Implementation details (advanced)
+Sync `/home/local/directory` to the remote item, deleting any excess
+files in the item.
 
-This section explains how various rclone operations work on a hasher remote.
+    rclone sync --interactive /home/local/directory remote:item
 
-**Disclaimer. This section describes current implementation which can
-change in future rclone versions!.**
+## Notes
+Because of Internet Archive's architecture, it enqueues write operations (and extra post-processings) in a per-item queue. You can check item's queue at https://catalogd.archive.org/history/item-name-here . Because of that, all uploads/deletes will not show up immediately and takes some time to be available.
+The per-item queue is enqueued to an another queue, Item Deriver Queue. [You can check the status of Item Deriver Queue here.](https://catalogd.archive.org/catalog.php?whereami=1) This queue has a limit, and it may block you from uploading, or even deleting. You should avoid uploading a lot of small files for better behavior.
 
-### Hashsum command
+You can optionally wait for the server's processing to finish, by setting non-zero value to `wait_archive` key.
+By making it wait, rclone can do normal file comparison.
+Make sure to set a large enough value (e.g. `30m0s` for smaller files) as it can take a long time depending on server's queue.
 
-The `rclone hashsum` (or `md5sum` or `sha1sum`) command will:
+## About metadata
+This backend supports setting, updating and reading metadata of each file.
+The metadata will appear as file metadata on Internet Archive.
+However, some fields are reserved by both Internet Archive and rclone.
 
-1. if requested hash is supported by lower level, just pass it.
-2. if object size is below `auto_size` then download object and calculate
-   _requested_ hashes on the fly.
-3. if unsupported and the size is big enough, build object `fingerprint`
-   (including size, modtime if supported, first-found _other_ hash if any).
-4. if the strict match is found in cache for the requested remote, return
-   the stored hash.
-5. if remote found but fingerprint mismatched, then purge the entry and
-   proceed to step 6.
-6. if remote not found or had no requested hash type or after step 5:
-   download object, calculate all _supported_ hashes on the fly and store
-   in cache; return requested hash.
+The following are reserved by Internet Archive:
+- `name`
+- `source`
+- `size`
+- `md5`
+- `crc32`
+- `sha1`
+- `format`
+- `old_version`
+- `viruscheck`
+- `summation`
 
-### Other operations
+Trying to set values to these keys is ignored with a warning.
+Only setting `mtime` is an exception. Doing so make it the identical behavior as setting ModTime.
 
-- whenever a file is uploaded or downloaded **in full**, capture the stream
-  to calculate all supported hashes on the fly and update database
-- server-side `move`  will update keys of existing cache entries
-- `deletefile` will remove a single cache entry
-- `purge` will remove all cache entries under the purged path
+rclone reserves all the keys starting with `rclone-`. Setting value for these keys will give you warnings, but values are set according to request.
 
-Note that setting `max_age = 0` will disable checksum caching completely.
+If there are multiple values for a key, only the first one is returned.
+This is a limitation of rclone, that supports one value per one key.
+It can be triggered when you did a server-side copy.
 
-If you set `max_age = off`, checksums in cache will never age, unless you
-fully rewrite or delete the file.
+Reading metadata will also provide custom (non-standard nor reserved) ones.
 
-### Cache storage
+## Filtering auto generated files
 
-Cached checksums are stored as `bolt` database files under rclone cache
-directory, usually `~/.cache/rclone/kv/`. Databases are maintained
-one per _base_ backend, named like `BaseRemote~hasher.bolt`.
-Checksums for multiple `alias`-es into a single base backend
-will be stored in the single database. All local paths are treated as
-aliases into the `local` backend (unless crypted or chunked) and stored
-in `~/.cache/rclone/kv/local~hasher.bolt`.
-Databases can be shared between multiple rclone processes.
+The Internet Archive automatically creates metadata files after
+upload. These can cause problems when doing an `rclone sync` as rclone
+will try, and fail, to delete them. These metadata files are not
+changeable, as they are created by the Internet Archive automatically.
 
-#  HDFS
+These auto-created files can be excluded from the sync using [metadata
+filtering](https://rclone.org/filtering/#metadata).
 
-[HDFS](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html) is a
-distributed file-system, part of the [Apache Hadoop](https://hadoop.apache.org/) framework.
+    rclone sync ... --metadata-exclude "source=metadata" --metadata-exclude "format=Metadata"
 
-Paths are specified as `remote:` or `remote:path/to/dir`.
+Which excludes from the sync any files which have the
+`source=metadata` or `format=Metadata` flags which are added to
+Internet Archive auto-created files.
 
 ## Configuration
 
-Here is an example of how to make a remote called `remote`. First run:
+Here is an example of making an internetarchive configuration.
+Most applies to the other providers as well, any differences are described [below](#providers).
 
-     rclone config
+First run
 
-This will guide you through an interactive setup process:
+    rclone config
+
+This will guide you through an interactive setup process.
 
 ```
 No remotes found, make a new one?
@@ -31086,273 +36424,382 @@ s) Set configuration password
 q) Quit config
 n/s/q> n
 name> remote
+Option Storage.
 Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-[skip]
-XX / Hadoop distributed file system
-   \ "hdfs"
-[skip]
-Storage> hdfs
-** See help for hdfs backend at: https://rclone.org/hdfs/ **
-
-hadoop name node and port
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Connect to host namenode at port 8020
-   \ "namenode:8020"
-namenode> namenode.hadoop:8020
-hadoop user name
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / Connect to hdfs as root
-   \ "root"
-username> root
-Edit advanced config? (y/n)
+Choose a number from below, or type in your own value.
+XX / InternetArchive Items
+   \ (internetarchive)
+Storage> internetarchive
+Option access_key_id.
+IAS3 Access Key.
+Leave blank for anonymous access.
+You can find one here: https://archive.org/account/s3.php
+Enter a value. Press Enter to leave empty.
+access_key_id> XXXX
+Option secret_access_key.
+IAS3 Secret Key (password).
+Leave blank for anonymous access.
+Enter a value. Press Enter to leave empty.
+secret_access_key> XXXX
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> y
+Option endpoint.
+IAS3 Endpoint.
+Leave blank for default value.
+Enter a string value. Press Enter for the default (https://s3.us.archive.org).
+endpoint> 
+Option front_endpoint.
+Host of InternetArchive Frontend.
+Leave blank for default value.
+Enter a string value. Press Enter for the default (https://archive.org).
+front_endpoint> 
+Option disable_checksum.
+Don't store MD5 checksum with object metadata.
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can ask the server to check the object against checksum.
+This is great for data integrity checking but can cause long delays for
+large files to start uploading.
+Enter a boolean value (true or false). Press Enter for the default (true).
+disable_checksum> true
+Option encoding.
+The encoding for the backend.
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Enter a encoder.MultiEncoder value. Press Enter for the default (Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot).
+encoding> 
+Edit advanced config?
 y) Yes
 n) No (default)
 y/n> n
-Remote config
 --------------------
 [remote]
-type = hdfs
-namenode = namenode.hadoop:8020
-username = root
+type = internetarchive
+access_key_id = XXXX
+secret_access_key = XXXX
 --------------------
 y) Yes this is OK (default)
 e) Edit this remote
 d) Delete this remote
 y/e/d> y
-Current remotes:
+```
 
-Name                 Type
-====                 ====
-hadoop               hdfs
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
-```
+### Standard options
 
-This remote is called `remote` and can now be used like this
+Here are the Standard options specific to internetarchive (Internet Archive).
 
-See all the top level directories
+#### --internetarchive-access-key-id
 
-    rclone lsd remote:
+IAS3 Access Key.
 
-List the contents of a directory
+Leave blank for anonymous access.
+You can find one here: https://archive.org/account/s3.php
 
-    rclone ls remote:directory
+Properties:
 
-Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
+- Config:      access_key_id
+- Env Var:     RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID
+- Type:        string
+- Required:    false
 
-    rclone sync --interactive remote:directory /home/local/directory
+#### --internetarchive-secret-access-key
 
-### Setting up your own HDFS instance for testing
+IAS3 Secret Key (password).
 
-You may start with a [manual setup](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html)
-or use the docker image from the tests:
+Leave blank for anonymous access.
 
-If you want to build the docker image
+Properties:
 
-```
-git clone https://github.com/rclone/rclone.git
-cd rclone/fstest/testserver/images/test-hdfs
-docker build --rm -t rclone/test-hdfs .
-```
+- Config:      secret_access_key
+- Env Var:     RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY
+- Type:        string
+- Required:    false
 
-Or you can just use the latest one pushed
+### Advanced options
 
-```
-docker run --rm --name "rclone-hdfs" -p 127.0.0.1:9866:9866 -p 127.0.0.1:8020:8020 --hostname "rclone-hdfs" rclone/test-hdfs
-```
+Here are the Advanced options specific to internetarchive (Internet Archive).
 
-**NB** it need few seconds to startup.
+#### --internetarchive-endpoint
 
-For this docker image the remote needs to be configured like this:
+IAS3 Endpoint.
 
-```
-[remote]
-type = hdfs
-namenode = 127.0.0.1:8020
-username = root
-```
+Leave blank for default value.
 
-You can stop this image with `docker kill rclone-hdfs` (**NB** it does not use volumes, so all data
-uploaded will be lost.)
+Properties:
 
-### Modified time
+- Config:      endpoint
+- Env Var:     RCLONE_INTERNETARCHIVE_ENDPOINT
+- Type:        string
+- Default:     "https://s3.us.archive.org"
 
-Time accurate to 1 second is stored.
+#### --internetarchive-front-endpoint
 
-### Checksum
+Host of InternetArchive Frontend.
 
-No checksums are implemented.
+Leave blank for default value.
 
-### Usage information
+Properties:
 
-You can use the `rclone about remote:` command which will display filesystem size and current usage.
+- Config:      front_endpoint
+- Env Var:     RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT
+- Type:        string
+- Default:     "https://archive.org"
 
-### Restricted filename characters
+#### --internetarchive-disable-checksum
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+Don't ask the server to test against MD5 checksum calculated by rclone.
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can ask the server to check the object against checksum.
+This is great for data integrity checking but can cause long delays for
+large files to start uploading.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| :         | 0x3A  | ：           |
+Properties:
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8).
+- Config:      disable_checksum
+- Env Var:     RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     true
 
+#### --internetarchive-wait-archive
 
-### Standard options
+Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish.
+Only enable if you need to be guaranteed to be reflected after write operations.
+0 to disable waiting. No errors to be thrown in case of timeout.
 
-Here are the Standard options specific to hdfs (Hadoop distributed file system).
+Properties:
 
-#### --hdfs-namenode
+- Config:      wait_archive
+- Env Var:     RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE
+- Type:        Duration
+- Default:     0s
 
-Hadoop name node and port.
+#### --internetarchive-encoding
+
+The encoding for the backend.
 
-E.g. "namenode:8020" to connect to host namenode at port 8020.
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
 Properties:
 
-- Config:      namenode
-- Env Var:     RCLONE_HDFS_NAMENODE
-- Type:        string
-- Required:    true
+- Config:      encoding
+- Env Var:     RCLONE_INTERNETARCHIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
 
-#### --hdfs-username
+### Metadata
 
-Hadoop user name.
+Metadata fields provided by Internet Archive.
+If there are multiple values for a key, only the first one is returned.
+This is a limitation of Rclone, that supports one value per one key.
 
-Properties:
+Owner is able to add custom keys. Metadata feature grabs all the keys including them.
 
-- Config:      username
-- Env Var:     RCLONE_HDFS_USERNAME
-- Type:        string
-- Required:    false
-- Examples:
-    - "root"
-        - Connect to hdfs as root.
+Here are the possible system metadata items for the internetarchive backend.
 
-### Advanced options
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| crc32 | CRC32 calculated by Internet Archive | string | 01234567 | **Y** |
+| format | Name of format identified by Internet Archive | string | Comma-Separated Values | **Y** |
+| md5 | MD5 hash calculated by Internet Archive | string | 01234567012345670123456701234567 | **Y** |
+| mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | **Y** |
+| name | Full file path, without the bucket part | filename | backend/internetarchive/internetarchive.go | **Y** |
+| old_version | Whether the file was replaced and moved by keep-old-version flag | boolean | true | **Y** |
+| rclone-ia-mtime | Time of last modification, managed by Internet Archive | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+| rclone-mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+| rclone-update-track | Random value used by Rclone for tracking changes inside Internet Archive | string | aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | N |
+| sha1 | SHA1 hash calculated by Internet Archive | string | 0123456701234567012345670123456701234567 | **Y** |
+| size | File size in bytes | decimal number | 123456 | **Y** |
+| source | The source of the file | string | original | **Y** |
+| summation | Check https://forum.rclone.org/t/31922 for how it is used | string | md5 | **Y** |
+| viruscheck | The last time viruscheck process was run for the file (?) | unixtime | 1654191352 | **Y** |
 
-Here are the Advanced options specific to hdfs (Hadoop distributed file system).
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-#### --hdfs-service-principal-name
 
-Kerberos service principal name for the namenode.
 
-Enables KERBEROS authentication. Specifies the Service Principal Name
-(SERVICE/FQDN) for the namenode. E.g. \"hdfs/namenode.hadoop.docker\"
-for namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.
+#  Jottacloud
 
-Properties:
+Jottacloud is a cloud storage service provider from a Norwegian company, using its own datacenters
+in Norway. In addition to the official service at [jottacloud.com](https://www.jottacloud.com/),
+it also provides white-label solutions to different companies, such as:
+* Telia
+  * Telia Cloud (cloud.telia.se)
+  * Telia Sky (sky.telia.no)
+* Tele2
+  * Tele2 Cloud (mittcloud.tele2.se)
+* Onlime
+  * Onlime Cloud Storage (onlime.dk)
+* Elkjøp (with subsidiaries):
+  * Elkjøp Cloud (cloud.elkjop.no)
+  * Elgiganten Sweden (cloud.elgiganten.se)
+  * Elgiganten Denmark (cloud.elgiganten.dk)
+  * Giganti Cloud  (cloud.gigantti.fi)
+  * ELKO Cloud (cloud.elko.is)
 
-- Config:      service_principal_name
-- Env Var:     RCLONE_HDFS_SERVICE_PRINCIPAL_NAME
-- Type:        string
-- Required:    false
+Most of the white-label versions are supported by this backend, although may require different
+authentication setup - described below.
 
-#### --hdfs-data-transfer-protection
+Paths are specified as `remote:path`
 
-Kerberos data transfer protection: authentication|integrity|privacy.
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-Specifies whether or not authentication, data signature integrity
-checks, and wire encryption is required when communicating the the
-datanodes. Possible values are 'authentication', 'integrity' and
-'privacy'. Used only with KERBEROS enabled.
+## Authentication types
 
-Properties:
+Some of the whitelabel versions uses a different authentication method than the official service,
+and you have to choose the correct one when setting up the remote.
 
-- Config:      data_transfer_protection
-- Env Var:     RCLONE_HDFS_DATA_TRANSFER_PROTECTION
-- Type:        string
-- Required:    false
-- Examples:
-    - "privacy"
-        - Ensure authentication, integrity and encryption enabled.
+### Standard authentication
 
-#### --hdfs-encoding
+The standard authentication method used by the official service (jottacloud.com), as well as
+some of the whitelabel services, requires you to generate a single-use personal login token
+from the account security settings in the service's web interface. Log in to your account,
+go to "Settings" and then "Security", or use the direct link presented to you by rclone when
+configuring the remote: <https://www.jottacloud.com/web/secure>. Scroll down to the section
+"Personal login token", and click the "Generate" button. Note that if you are using a
+whitelabel service you probably can't use the direct link, you need to find the same page in
+their dedicated web interface, and also it may be in a different location than described above.
 
-The encoding for the backend.
+To access your account from multiple instances of rclone, you need to configure each of them
+with a separate personal login token. E.g. you create a Jottacloud remote with rclone in one
+location, and copy the configuration file to a second location where you also want to run
+rclone and access the same remote. Then you need to replace the token for one of them, using
+the [config reconnect](https://rclone.org/commands/rclone_config_reconnect/) command, which
+requires you to generate a new personal login token and supply as input. If you do not
+do this, the token may easily end up being invalidated, resulting in both instances failing
+with an error message something along the lines of:
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+    oauth2: cannot fetch token: 400 Bad Request
+    Response: {"error":"invalid_grant","error_description":"Stale token"}
 
-Properties:
+When this happens, you need to replace the token as described above to be able to use your
+remote again.
 
-- Config:      encoding
-- Env Var:     RCLONE_HDFS_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,Colon,Del,Ctl,InvalidUtf8,Dot
+All personal login tokens you have taken into use will be listed in the web interface under
+"My logged in devices", and from the right side of that list you can click the "X" button to
+revoke individual tokens.
+
+### Legacy authentication
+
+If you are using one of the whitelabel versions (e.g. from Elkjøp) you may not have the option
+to generate a CLI token. In this case you'll have to use the legacy authentication. To do this select
+yes when the setup asks for legacy authentication and enter your username and password.
+The rest of the setup is identical to the default setup.
 
+### Telia Cloud authentication
 
+Similar to other whitelabel versions Telia Cloud doesn't offer the option of creating a CLI token, and
+additionally uses a separate authentication flow where the username is generated internally. To setup
+rclone to use Telia Cloud, choose Telia Cloud authentication in the setup. The rest of the setup is
+identical to the default setup.
 
-## Limitations
+### Tele2 Cloud authentication
 
-- No server-side `Move` or `DirMove`.
-- Checksums not implemented.
+As Tele2-Com Hem merger was completed this authentication can be used for former Com Hem Cloud and
+Tele2 Cloud customers as no support for creating a CLI token exists, and additionally uses a separate
+authentication flow where the username is generated internally. To setup rclone to use Tele2 Cloud,
+choose Tele2 Cloud authentication in the setup. The rest of the setup is identical to the default setup.
 
-#  HiDrive
+### Onlime Cloud Storage authentication
 
-Paths are specified as `remote:path`
+Onlime has sold access to Jottacloud proper, while providing localized support to Danish Customers, but
+have recently set up their own hosting, transferring their customers from Jottacloud servers to their
+own ones.
 
-Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+This, of course, necessitates using their servers for authentication, but otherwise functionality and
+architecture seems equivalent to Jottacloud.
 
-The initial setup for hidrive involves getting a token from HiDrive
-which you need to do in your browser.
-`rclone config` walks you through it.
+To setup rclone to use Onlime Cloud Storage, choose Onlime Cloud authentication in the setup. The rest
+of the setup is identical to the default setup.
 
 ## Configuration
 
-Here is an example of how to make a remote called `remote`.  First run:
+Here is an example of how to make a remote called `remote` with the default setup.  First run:
 
-     rclone config
+    rclone config
 
 This will guide you through an interactive setup process:
 
 ```
-No remotes found - make a new one
+No remotes found, make a new one?
 n) New remote
 s) Set configuration password
 q) Quit config
 n/s/q> n
 name> remote
+Option Storage.
 Type of storage to configure.
-Choose a number from below, or type in your own value
+Choose a number from below, or type in your own value.
 [snip]
-XX / HiDrive
-   \ "hidrive"
+XX / Jottacloud
+   \ (jottacloud)
 [snip]
-Storage> hidrive
-OAuth Client Id - Leave blank normally.
-client_id>
-OAuth Client Secret - Leave blank normally.
-client_secret>
-Access permissions that rclone should use when requesting access from HiDrive.
-Leave blank normally.
-scope_access>
+Storage> jottacloud
 Edit advanced config?
+y) Yes
+n) No (default)
 y/n> n
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
+Option config_type.
+Select authentication type.
+Choose a number from below, or type in an existing string value.
+Press Enter for the default (standard).
+   / Standard authentication.
+ 1 | Use this if you're a normal Jottacloud user.
+   \ (standard)
+   / Legacy authentication.
+ 2 | This is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.
+   \ (legacy)
+   / Telia Cloud authentication.
+ 3 | Use this if you are using Telia Cloud.
+   \ (telia)
+   / Tele2 Cloud authentication.
+ 4 | Use this if you are using Tele2 Cloud.
+   \ (tele2)
+   / Onlime Cloud authentication.
+ 5 | Use this if you are using Onlime Cloud.
+   \ (onlime)
+config_type> 1
+Personal login token.
+Generate here: https://www.jottacloud.com/web/secure
+Login Token> <your token here>
+Use a non-standard device/mountpoint?
+Choosing no, the default, will let you access the storage used for the archive
+section of the official Jottacloud client. If you instead want to access the
+sync or the backup section, for example, you must choose yes.
+y) Yes
+n) No (default)
 y/n> y
-If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx
-Log in and authorize rclone for access
-Waiting for code...
-Got code
+Option config_device.
+The device to use. In standard setup the built-in Jotta device is used,
+which contains predefined mountpoints for archive, sync etc. All other devices
+are treated as backup devices by the official Jottacloud client. You may create
+a new by entering a unique name.
+Choose a number from below, or type in your own string value.
+Press Enter for the default (DESKTOP-3H31129).
+ 1 > DESKTOP-3H31129
+ 2 > Jotta
+config_device> 2
+Option config_mountpoint.
+The mountpoint to use for the built-in device Jotta.
+The standard setup is to use the Archive mountpoint. Most other mountpoints
+have very limited support in rclone and should generally be avoided.
+Choose a number from below, or type in an existing string value.
+Press Enter for the default (Archive).
+ 1 > Archive
+ 2 > Shared
+ 3 > Sync
+config_mountpoint> 1
 --------------------
 [remote]
-type = hidrive
-token = {"access_token":"xxxxxxxxxxxxxxxxxxxx","token_type":"Bearer","refresh_token":"xxxxxxxxxxxxxxxxxxxxxxx","expiry":"xxxxxxxxxxxxxxxxxxxxxxx"}
+type = jottacloud
+configVersion = 1
+client_id = jottacli
+client_secret =
+tokenURL = https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token
+token = {........}
+username = 2940e57271a93d987d6f8a21
+device = Jotta
+mountpoint = Archive
 --------------------
 y) Yes this is OK (default)
 e) Edit this remote
@@ -31360,141 +36807,124 @@ d) Delete this remote
 y/e/d> y
 ```
 
-**You should be aware that OAuth-tokens can be used to access your account
-and hence should not be shared with other persons.**
-See the [below section](#keeping-your-tokens-safe) for more information.
-
-See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
-machine with no Internet browser available.
-
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from HiDrive. This only runs from the moment it opens
-your browser to the moment you get back the verification code.
-The webserver runs on `http://127.0.0.1:53682/`.
-If local port `53682` is protected by a firewall you may need to temporarily
-unblock the firewall to complete authorization.
-
 Once configured you can then use `rclone` like this,
 
-List directories in top level of your HiDrive root folder
+List directories in top level of your Jottacloud
 
     rclone lsd remote:
 
-List all the files in your HiDrive filesystem
+List all the files in your Jottacloud
 
     rclone ls remote:
 
-To copy a local directory to a HiDrive directory called backup
+To copy a local directory to an Jottacloud directory called backup
 
     rclone copy /home/source remote:backup
 
-### Keeping your tokens safe
-
-Any OAuth-tokens will be stored by rclone in the remote's configuration file as unencrypted text.
-Anyone can use a valid refresh-token to access your HiDrive filesystem without knowing your password.
-Therefore you should make sure no one else can access your configuration.
-
-It is possible to encrypt rclone's configuration file.
-You can find information on securing your configuration file by viewing the [configuration encryption docs](https://rclone.org/docs/#configuration-encryption).
+### Devices and Mountpoints
 
-### Invalid refresh token
+The official Jottacloud client registers a device for each computer you install
+it on, and shows them in the backup section of the user interface. For each
+folder you select for backup it will create a mountpoint within this device.
+A built-in device called Jotta is special, and contains mountpoints Archive,
+Sync and some others, used for corresponding features in official clients.
 
-As can be verified [here](https://developer.hidrive.com/basics-flows/),
-each `refresh_token` (for Native Applications) is valid for 60 days.
-If used to access HiDrivei, its validity will be automatically extended.
+With rclone you'll want to use the standard Jotta/Archive device/mountpoint in
+most cases. However, you may for example want to access files from the sync or
+backup functionality provided by the official clients, and rclone therefore
+provides the option to select other devices and mountpoints during config.
 
-This means that if you
+You are allowed to create new devices and mountpoints. All devices except the
+built-in Jotta device are treated as backup devices by official Jottacloud
+clients, and the mountpoints on them are individual backup sets.
 
-  * Don't use the HiDrive remote for 60 days
+With the built-in Jotta device, only existing, built-in, mountpoints can be
+selected. In addition to the mentioned Archive and Sync, it may contain
+several other mountpoints such as: Latest, Links, Shared and Trash. All of
+these are special mountpoints with a different internal representation than
+the "regular" mountpoints. Rclone will only to a very limited degree support
+them. Generally you should avoid these, unless you know what you are doing.
 
-then rclone will return an error which includes a text
-that implies the refresh token is *invalid* or *expired*.
+### --fast-list
 
-To fix this you will need to authorize rclone to access your HiDrive account again.
+This backend supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
 
-Using
+Note that the implementation in Jottacloud always uses only a single
+API request to get the entire list, so for large folders this could
+lead to long wait time before the first results are shown.
 
-    rclone config reconnect remote:
+Note also that with rclone version 1.58 and newer, information about
+[MIME types](https://rclone.org/overview/#mime-type) and metadata item [utime](#metadata)
+are not available when using `--fast-list`.
 
-the process is very similar to the process of initial setup exemplified before.
+### Modification times and hashes
 
-### Modified time and hashes
+Jottacloud allows modification times to be set on objects accurate to 1
+second. These will be used to detect whether objects need syncing or
+not.
 
-HiDrive allows modification times to be set on objects accurate to 1 second.
+Jottacloud supports MD5 type hashes, so you can use the `--checksum`
+flag.
 
-HiDrive supports [its own hash type](https://static.hidrive.com/dev/0001)
-which is used to verify the integrity of file contents after successful transfers.
+Note that Jottacloud requires the MD5 hash before upload so if the
+source does not have an MD5 checksum then the file will be cached
+temporarily on disk (in location given by
+[--temp-dir](https://rclone.org/docs/#temp-dir-dir)) before it is uploaded.
+Small files will be cached in memory - see the
+[--jottacloud-md5-memory-limit](#jottacloud-md5-memory-limit) flag.
+When uploading from local disk the source checksum is always available,
+so this does not apply. Starting with rclone version 1.52 the same is
+true for encrypted remotes (in older versions the crypt backend would not
+calculate hashes for uploads from local disk, so the Jottacloud
+backend had to do it as described above).
 
 ### Restricted filename characters
 
-HiDrive cannot store files or folders that include
-`/` (0x2F) or null-bytes (0x00) in their name.
-Any other characters can be used in the names of files or folders.
-Additionally, files or folders cannot be named either of the following: `.` or `..`
-
-Therefore rclone will automatically replace these characters,
-if files or folders are stored or accessed with such names.
-
-You can read about how this filename encoding works in general
-[here](overview/#restricted-filenames).
-
-Keep in mind that HiDrive only supports file or folder names
-with a length of 255 characters or less.
-
-### Transfers
-
-HiDrive limits file sizes per single request to a maximum of 2 GiB.
-To allow storage of larger files and allow for better upload performance,
-the hidrive backend will use a chunked transfer for files larger than 96 MiB.
-Rclone will upload multiple parts/chunks of the file at the same time.
-Chunks in the process of being uploaded are buffered in memory,
-so you may want to restrict this behaviour on systems with limited resources.
-
-You can customize this behaviour using the following options:
-
-* `chunk_size`: size of file parts
-* `upload_cutoff`: files larger or equal to this in size will use a chunked transfer
-* `upload_concurrency`: number of file-parts to upload at the same time
-
-See the below section about configuration options for more details.
-
-### Root folder
-
-You can set the root folder for rclone.
-This is the directory that rclone considers to be the root of your HiDrive.
-
-Usually, you will leave this blank, and rclone will use the root of the account.
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
 
-However, you can set this to restrict rclone to a specific folder hierarchy.
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| "         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| <         | 0x3C  | ＜          |
+| >         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \|        | 0x7C  | ｜          |
 
-This works by prepending the contents of the `root_prefix` option
-to any paths accessed by rclone.
-For example, the following two ways to access the home directory are equivalent:
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in XML strings.
 
-    rclone lsd --hidrive-root-prefix="/users/test/" remote:path
+### Deleting files
 
-    rclone lsd remote:/users/test/path
+By default, rclone will send all files to the trash when deleting files. They will be permanently
+deleted automatically after 30 days. You may bypass the trash and permanently delete files immediately
+by using the [--jottacloud-hard-delete](#jottacloud-hard-delete) flag, or set the equivalent environment variable.
+Emptying the trash is supported by the [cleanup](https://rclone.org/commands/rclone_cleanup/) command.
 
-See the below section about configuration options for more details.
+### Versions
 
-### Directory member count
+Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it.
+Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.
 
-By default, rclone will know the number of directory members contained in a directory.
-For example, `rclone lsd` uses this information.
+Versioning can be disabled by `--jottacloud-no-versions` option. This is achieved by deleting the remote file prior to uploading
+a new version. If the upload the fails no version of the file will be available in the remote.
 
-The acquisition of this information will result in additional time costs for HiDrive's API.
-When dealing with large directory structures, it may be desirable to circumvent this time cost,
-especially when this information is not explicitly needed.
-For this, the `disable_fetching_member_count` option can be used.
+### Quota information
 
-See the below section about configuration options for more details.
+To view your current quota you can use the `rclone about remote:`
+command which will display your usage limit (unless it is unlimited)
+and the current usage.
 
 
 ### Standard options
 
-Here are the Standard options specific to hidrive (HiDrive).
+Here are the Standard options specific to jottacloud (Jottacloud).
 
-#### --hidrive-client-id
+#### --jottacloud-client-id
 
 OAuth Client Id.
 
@@ -31503,11 +36933,11 @@ Leave blank normally.
 Properties:
 
 - Config:      client_id
-- Env Var:     RCLONE_HIDRIVE_CLIENT_ID
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_ID
 - Type:        string
 - Required:    false
 
-#### --hidrive-client-secret
+#### --jottacloud-client-secret
 
 OAuth Client Secret.
 
@@ -31516,42 +36946,26 @@ Leave blank normally.
 Properties:
 
 - Config:      client_secret
-- Env Var:     RCLONE_HIDRIVE_CLIENT_SECRET
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_SECRET
 - Type:        string
 - Required:    false
 
-#### --hidrive-scope-access
-
-Access permissions that rclone should use when requesting access from HiDrive.
-
-Properties:
-
-- Config:      scope_access
-- Env Var:     RCLONE_HIDRIVE_SCOPE_ACCESS
-- Type:        string
-- Default:     "rw"
-- Examples:
-    - "rw"
-        - Read and write access to resources.
-    - "ro"
-        - Read-only access to resources.
-
 ### Advanced options
 
-Here are the Advanced options specific to hidrive (HiDrive).
+Here are the Advanced options specific to jottacloud (Jottacloud).
 
-#### --hidrive-token
+#### --jottacloud-token
 
 OAuth Access Token as a JSON blob.
 
 Properties:
 
 - Config:      token
-- Env Var:     RCLONE_HIDRIVE_TOKEN
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN
 - Type:        string
 - Required:    false
 
-#### --hidrive-auth-url
+#### --jottacloud-auth-url
 
 Auth server URL.
 
@@ -31560,11 +36974,11 @@ Leave blank to use the provider defaults.
 Properties:
 
 - Config:      auth_url
-- Env Var:     RCLONE_HIDRIVE_AUTH_URL
+- Env Var:     RCLONE_JOTTACLOUD_AUTH_URL
 - Type:        string
 - Required:    false
 
-#### --hidrive-token-url
+#### --jottacloud-token-url
 
 Token server url.
 
@@ -31573,134 +36987,310 @@ Leave blank to use the provider defaults.
 Properties:
 
 - Config:      token_url
-- Env Var:     RCLONE_HIDRIVE_TOKEN_URL
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN_URL
 - Type:        string
 - Required:    false
 
-#### --hidrive-scope-role
+#### --jottacloud-md5-memory-limit
 
-User-level that rclone should use when requesting access from HiDrive.
+Files bigger than this will be cached on disk to calculate the MD5 if required.
 
 Properties:
 
-- Config:      scope_role
-- Env Var:     RCLONE_HIDRIVE_SCOPE_ROLE
-- Type:        string
-- Default:     "user"
-- Examples:
-    - "user"
-        - User-level access to management permissions.
-        - This will be sufficient in most cases.
-    - "admin"
-        - Extensive access to management permissions.
-    - "owner"
-        - Full access to management permissions.
+- Config:      md5_memory_limit
+- Env Var:     RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
 
-#### --hidrive-root-prefix
+#### --jottacloud-trashed-only
 
-The root/parent folder for all paths.
+Only show files that are in the trash.
 
-Fill in to use the specified folder as the parent for all paths given to the remote.
-This way rclone can use any folder as its starting point.
+This will show trashed files in their original directory structure.
 
 Properties:
 
-- Config:      root_prefix
-- Env Var:     RCLONE_HIDRIVE_ROOT_PREFIX
-- Type:        string
-- Default:     "/"
-- Examples:
-    - "/"
-        - The topmost directory accessible by rclone.
-        - This will be equivalent with "root" if rclone uses a regular HiDrive user account.
-    - "root"
-        - The topmost directory of the HiDrive user account
-    - ""
-        - This specifies that there is no root-prefix for your paths.
-        - When using this you will always need to specify paths to this remote with a valid parent e.g. "remote:/path/to/dir" or "remote:root/path/to/dir".
-
-#### --hidrive-endpoint
+- Config:      trashed_only
+- Env Var:     RCLONE_JOTTACLOUD_TRASHED_ONLY
+- Type:        bool
+- Default:     false
 
-Endpoint for the service.
+#### --jottacloud-hard-delete
 
-This is the URL that API-calls will be made to.
+Delete files permanently rather than putting them into the trash.
 
 Properties:
 
-- Config:      endpoint
-- Env Var:     RCLONE_HIDRIVE_ENDPOINT
-- Type:        string
-- Default:     "https://api.hidrive.strato.com/2.1"
+- Config:      hard_delete
+- Env Var:     RCLONE_JOTTACLOUD_HARD_DELETE
+- Type:        bool
+- Default:     false
 
-#### --hidrive-disable-fetching-member-count
+#### --jottacloud-upload-resume-limit
 
-Do not fetch number of objects in directories unless it is absolutely necessary.
+Files bigger than this can be resumed if the upload fail's.
 
-Requests may be faster if the number of objects in subdirectories is not fetched.
+Properties:
+
+- Config:      upload_resume_limit
+- Env Var:     RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --jottacloud-no-versions
+
+Avoid server side versioning by deleting files and recreating files instead of overwriting them.
 
 Properties:
 
-- Config:      disable_fetching_member_count
-- Env Var:     RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT
+- Config:      no_versions
+- Env Var:     RCLONE_JOTTACLOUD_NO_VERSIONS
 - Type:        bool
 - Default:     false
 
-#### --hidrive-chunk-size
+#### --jottacloud-encoding
 
-Chunksize for chunked uploads.
+The encoding for the backend.
 
-Any files larger than the configured cutoff (or files of unknown size) will be uploaded in chunks of this size.
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-The upper limit for this is 2147483647 bytes (about 2.000Gi).
-That is the maximum amount of bytes a single upload-operation will support.
-Setting this above the upper limit or to a negative value will cause uploads to fail.
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_JOTTACLOUD_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
+
+### Metadata
+
+Jottacloud has limited support for metadata, currently an extended set of timestamps.
+
+Here are the possible system metadata items for the jottacloud backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation), read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| content-type | MIME type, also known as media type | string | text/plain | **Y** |
+| mtime | Time of last modification, read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| utime | Time of last upload, when current revision was created, generated by backend | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+## Limitations
+
+Note that Jottacloud is case insensitive so you can't have a file called
+"Hello.doc" and one called "hello.doc".
+
+There are quite a few characters that can't be in Jottacloud file names. Rclone will map these names to and from an identical
+looking unicode equivalent. For example if a file has a ? in it will be mapped to ？ instead.
+
+Jottacloud only supports filenames up to 255 characters in length.
+
+## Troubleshooting
+
+Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove
+operations to previously deleted paths to fail. Emptying the trash should help in such cases.
+
+#  Koofr
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+The initial setup for Koofr involves creating an application password for
+rclone. You can do that by opening the Koofr
+[web application](https://app.koofr.net/app/admin/preferences/password),
+giving the password a nice name like `rclone` and clicking on generate.
+
+Here is an example of how to make a remote called `koofr`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> koofr
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+22 / Koofr, Digi Storage and other Koofr-compatible storage providers
+   \ (koofr)
+[snip]
+Storage> koofr
+Option provider.
+Choose your storage provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Koofr, https://app.koofr.net/
+   \ (koofr)
+ 2 / Digi Storage, https://storage.rcs-rds.ro/
+   \ (digistorage)
+ 3 / Any other Koofr API compatible storage service
+   \ (other)
+provider> 1    
+Option user.
+Your user name.
+Enter a value.
+user> USERNAME
+Option password.
+Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
+Choose an alternative below.
+y) Yes, type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[koofr]
+type = koofr
+provider = koofr
+user = USERNAME
+password = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+You can choose to edit advanced config in order to enter your own service URL
+if you use an on-premise or white label Koofr instance, or choose an alternative
+mount instead of your primary storage.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Koofr
+
+    rclone lsd koofr:
+
+List all the files in your Koofr
+
+    rclone ls koofr:
+
+To copy a local directory to an Koofr directory called backup
+
+    rclone copy /home/source koofr:backup
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \         | 0x5C  | ＼           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in XML strings.
+
+
+### Standard options
+
+Here are the Standard options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+
+#### --koofr-provider
+
+Choose your storage provider.
+
+Properties:
+
+- Config:      provider
+- Env Var:     RCLONE_KOOFR_PROVIDER
+- Type:        string
+- Required:    false
+- Examples:
+    - "koofr"
+        - Koofr, https://app.koofr.net/
+    - "digistorage"
+        - Digi Storage, https://storage.rcs-rds.ro/
+    - "other"
+        - Any other Koofr API compatible storage service
+
+#### --koofr-endpoint
+
+The Koofr API endpoint to use.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_KOOFR_ENDPOINT
+- Provider:    other
+- Type:        string
+- Required:    true
+
+#### --koofr-user
+
+Your user name.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_KOOFR_USER
+- Type:        string
+- Required:    true
+
+#### --koofr-password
+
+Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
 
-Setting this to larger values may increase the upload speed at the cost of using more memory.
-It can be set to smaller values smaller to save on memory.
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
 Properties:
 
-- Config:      chunk_size
-- Env Var:     RCLONE_HIDRIVE_CHUNK_SIZE
-- Type:        SizeSuffix
-- Default:     48Mi
+- Config:      password
+- Env Var:     RCLONE_KOOFR_PASSWORD
+- Provider:    koofr
+- Type:        string
+- Required:    true
 
-#### --hidrive-upload-cutoff
+### Advanced options
 
-Cutoff/Threshold for chunked uploads.
+Here are the Advanced options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
 
-Any files larger than this will be uploaded in chunks of the configured chunksize.
+#### --koofr-mountid
 
-The upper limit for this is 2147483647 bytes (about 2.000Gi).
-That is the maximum amount of bytes a single upload-operation will support.
-Setting this above the upper limit will cause uploads to fail.
+Mount ID of the mount to use.
 
-Properties:
+If omitted, the primary mount is used.
 
-- Config:      upload_cutoff
-- Env Var:     RCLONE_HIDRIVE_UPLOAD_CUTOFF
-- Type:        SizeSuffix
-- Default:     96Mi
+Properties:
 
-#### --hidrive-upload-concurrency
+- Config:      mountid
+- Env Var:     RCLONE_KOOFR_MOUNTID
+- Type:        string
+- Required:    false
 
-Concurrency for chunked uploads.
+#### --koofr-setmtime
 
-This is the upper limit for how many transfers for the same file are running concurrently.
-Setting this above to a value smaller than 1 will cause uploads to deadlock.
+Does the backend support setting modification time.
 
-If you are uploading small numbers of large files over high-speed links
-and these uploads do not fully utilize your bandwidth, then increasing
-this may help to speed up the transfers.
+Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.
 
 Properties:
 
-- Config:      upload_concurrency
-- Env Var:     RCLONE_HIDRIVE_UPLOAD_CONCURRENCY
-- Type:        int
-- Default:     4
+- Config:      setmtime
+- Env Var:     RCLONE_KOOFR_SETMTIME
+- Type:        bool
+- Default:     true
 
-#### --hidrive-encoding
+#### --koofr-encoding
 
 The encoding for the backend.
 
@@ -31709,71 +37299,96 @@ See the [encoding section in the overview](https://rclone.org/overview/#encoding
 Properties:
 
 - Config:      encoding
-- Env Var:     RCLONE_HIDRIVE_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,Dot
+- Env Var:     RCLONE_KOOFR_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 
 
 ## Limitations
 
-### Symbolic links
-
-HiDrive is able to store symbolic links (*symlinks*) by design,
-for example, when unpacked from a zip archive.
-
-There exists no direct mechanism to manage native symlinks in remotes.
-As such this implementation has chosen to ignore any native symlinks present in the remote.
-rclone will not be able to access or show any symlinks stored in the hidrive-remote.
-This means symlinks cannot be individually removed, copied, or moved,
-except when removing, copying, or moving the parent folder.
+Note that Koofr is case insensitive so you can't have a file called
+"Hello.doc" and one called "hello.doc".
 
-*This does not affect the `.rclonelink`-files
-that rclone uses to encode and store symbolic links.*
+## Providers
 
-### Sparse files
+### Koofr
 
-It is possible to store sparse files in HiDrive.
+This is the original [Koofr](https://koofr.eu) storage provider used as main example and described in the [configuration](#configuration) section above.
 
-Note that copying a sparse file will expand the holes
-into null-byte (0x00) regions that will then consume disk space.
-Likewise, when downloading a sparse file,
-the resulting file will have null-byte regions in the place of file holes.
+### Digi Storage 
 
-#  HTTP
+[Digi Storage](https://www.digi.ro/servicii/online/digi-storage) is a cloud storage service run by [Digi.ro](https://www.digi.ro/) that
+provides a Koofr API.
 
-The HTTP remote is a read only remote for reading files of a
-webserver.  The webserver should provide file listings which rclone
-will read and turn into a remote.  This has been tested with common
-webservers such as Apache/Nginx/Caddy and will likely work with file
-listings from most web servers.  (If it doesn't then please file an
-issue, or send a pull request!)
+Here is an example of how to make a remote called `ds`.  First run:
 
-Paths are specified as `remote:` or `remote:path`.
+     rclone config
 
-The `remote:` represents the configured [url](#http-url), and any path following
-it will be resolved relative to this url, according to the URL standard. This
-means with remote url `https://beta.rclone.org/branch` and path `fix`, the
-resolved URL will be `https://beta.rclone.org/branch/fix`, while with path
-`/fix` the resolved URL will be `https://beta.rclone.org/fix` as the absolute
-path is resolved from the root of the domain.
+This will guide you through an interactive setup process:
 
-If the path following the `remote:` ends with `/` it will be assumed to point
-to a directory. If the path does not end with `/`, then a HEAD request is sent
-and the response used to decide if it it is treated as a file or a directory
-(run with `-vv` to see details). When [--http-no-head](#http-no-head) is
-specified, a path without ending `/` is always assumed to be a file. If rclone
-incorrectly assumes the path is a file, the solution is to specify the path with
-ending `/`. When you know the path is a directory, ending it with `/` is always
-better as it avoids the initial HEAD request.
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> ds
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+22 / Koofr, Digi Storage and other Koofr-compatible storage providers
+   \ (koofr)
+[snip]
+Storage> koofr
+Option provider.
+Choose your storage provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Koofr, https://app.koofr.net/
+   \ (koofr)
+ 2 / Digi Storage, https://storage.rcs-rds.ro/
+   \ (digistorage)
+ 3 / Any other Koofr API compatible storage service
+   \ (other)
+provider> 2
+Option user.
+Your user name.
+Enter a value.
+user> USERNAME
+Option password.
+Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).
+Choose an alternative below.
+y) Yes, type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+--------------------
+[ds]
+type = koofr
+provider = digistorage
+user = USERNAME
+password = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-To just download a single file it is easier to use
-[copyurl](https://rclone.org/commands/rclone_copyurl/).
+### Other
 
-## Configuration
+You may also want to use another, public or private storage provider that runs a Koofr API compatible service, by simply providing the base URL to connect to.
 
-Here is an example of how to make a remote called `remote`.  First
-run:
+Here is an example of how to make a remote called `other`.  First run:
 
      rclone config
 
@@ -31785,555 +37400,572 @@ n) New remote
 s) Set configuration password
 q) Quit config
 n/s/q> n
-name> remote
+name> other
+Option Storage.
 Type of storage to configure.
-Choose a number from below, or type in your own value
+Choose a number from below, or type in your own value.
 [snip]
-XX / HTTP
-   \ "http"
+22 / Koofr, Digi Storage and other Koofr-compatible storage providers
+   \ (koofr)
 [snip]
-Storage> http
-URL of http host to connect to
-Choose a number from below, or type in your own value
- 1 / Connect to example.com
-   \ "https://example.com"
-url> https://beta.rclone.org
-Remote config
+Storage> koofr
+Option provider.
+Choose your storage provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Koofr, https://app.koofr.net/
+   \ (koofr)
+ 2 / Digi Storage, https://storage.rcs-rds.ro/
+   \ (digistorage)
+ 3 / Any other Koofr API compatible storage service
+   \ (other)
+provider> 3
+Option endpoint.
+The Koofr API endpoint to use.
+Enter a value.
+endpoint> https://koofr.other.org
+Option user.
+Your user name.
+Enter a value.
+user> USERNAME
+Option password.
+Your password for rclone (generate one at your service's settings page).
+Choose an alternative below.
+y) Yes, type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
 --------------------
-[remote]
-url = https://beta.rclone.org
+[other]
+type = koofr
+provider = other
+endpoint = https://koofr.other.org
+user = USERNAME
+password = *** ENCRYPTED ***
 --------------------
-y) Yes this is OK
+y) Yes this is OK (default)
 e) Edit this remote
 d) Delete this remote
 y/e/d> y
-Current remotes:
-
-Name                 Type
-====                 ====
-remote               http
-
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
 ```
 
-This remote is called `remote` and can now be used like this
-
-See all the top level directories
-
-    rclone lsd remote:
-
-List the contents of a directory
-
-    rclone ls remote:directory
-
-Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
+#  Linkbox
 
-    rclone sync --interactive remote:directory /home/local/directory
+Linkbox is [a private cloud drive](https://linkbox.to/).
 
-### Read only
+## Configuration
 
-This remote is read only - you can't upload files to an HTTP server.
+Here is an example of making a remote for Linkbox.
 
-### Modified time
+First run:
 
-Most HTTP servers store time accurate to 1 second.
+     rclone config
 
-### Checksum
+This will guide you through an interactive setup process:
 
-No checksums are stored.
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
 
-### Usage without a config file
+Enter name for new remote.
+name> remote
 
-Since the http remote only has one config parameter it is easy to use
-without a config file:
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+XX / Linkbox
+   \ (linkbox)
+Storage> XX
 
-    rclone lsd --http-url https://beta.rclone.org :http:
+Option token.
+Token from https://www.linkbox.to/admin/account
+Enter a value.
+token> testFromCLToken
 
-or:
+Configuration complete.
+Options:
+- type: linkbox
+- token: XXXXXXXXXXX
+Keep this "linkbox" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
 
-    rclone lsd :http,url='https://beta.rclone.org':
+```
 
 
 ### Standard options
 
-Here are the Standard options specific to http (HTTP).
-
-#### --http-url
+Here are the Standard options specific to linkbox (Linkbox).
 
-URL of HTTP host to connect to.
+#### --linkbox-token
 
-E.g. "https://example.com", or "https://user:pass@example.com" to use a username and password.
+Token from https://www.linkbox.to/admin/account
 
 Properties:
 
-- Config:      url
-- Env Var:     RCLONE_HTTP_URL
+- Config:      token
+- Env Var:     RCLONE_LINKBOX_TOKEN
 - Type:        string
 - Required:    true
 
-### Advanced options
 
-Here are the Advanced options specific to http (HTTP).
 
-#### --http-headers
+## Limitations
 
-Set HTTP headers for all transactions.
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-Use this to set additional HTTP headers for all transactions.
+#  Mail.ru Cloud
 
-The input format is comma separated list of key,value pairs.  Standard
-[CSV encoding](https://godoc.org/encoding/csv) may be used.
+[Mail.ru Cloud](https://cloud.mail.ru/) is a cloud storage provided by a Russian internet company [Mail.Ru Group](https://mail.ru). The official desktop client is [Disk-O:](https://disk-o.cloud/en), available on Windows and Mac OS.
 
-For example, to set a Cookie use 'Cookie,name=value', or '"Cookie","name=value"'.
+## Features highlights
 
-You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'.
+- Paths may be as deep as required, e.g. `remote:directory/subdirectory`
+- Files have a `last modified time` property, directories don't
+- Deleted files are by default moved to the trash
+- Files and directories can be shared via public links
+- Partial uploads or streaming are not supported, file size must be known before upload
+- Maximum file size is limited to 2G for a free account, unlimited for paid accounts
+- Storage keeps hash for all files and performs transparent deduplication,
+  the hash algorithm is a modified SHA1
+- If a particular file is already present in storage, one can quickly submit file hash
+  instead of long file upload (this optimization is supported by rclone)
 
-Properties:
+## Configuration
 
-- Config:      headers
-- Env Var:     RCLONE_HTTP_HEADERS
-- Type:        CommaSepList
-- Default:     
+Here is an example of making a mailru configuration.
 
-#### --http-no-slash
+First create a Mail.ru Cloud account and choose a tariff.
 
-Set this if the site doesn't end directories with /.
+You will need to log in and create an app password for rclone. Rclone
+**will not work** with your normal username and password - it will
+give an error like `oauth2: server response missing access_token`.
 
-Use this if your target website does not use / on the end of
-directories.
+- Click on your user icon in the top right
+- Go to Security / "Пароль и безопасность"
+- Click password for apps / "Пароли для внешних приложений"
+- Add the password - give it a name - eg "rclone"
+- Copy the password and use this password below - your normal login password won't work.
 
-A / on the end of a path is how rclone normally tells the difference
-between files and directories.  If this flag is set, then rclone will
-treat all files with Content-Type: text/html as directories and read
-URLs from them rather than downloading them.
+Now run
 
-Note that this may cause rclone to confuse genuine HTML files with
-directories.
+    rclone config
 
-Properties:
+This will guide you through an interactive setup process:
 
-- Config:      no_slash
-- Env Var:     RCLONE_HTTP_NO_SLASH
-- Type:        bool
-- Default:     false
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+[snip]
+XX / Mail.ru Cloud
+   \ "mailru"
+[snip]
+Storage> mailru
+User name (usually email)
+Enter a string value. Press Enter for the default ("").
+user> username@mail.ru
+Password
 
-#### --http-no-head
+This must be an app password - rclone will not work with your normal
+password. See the Configuration section in the docs for how to make an
+app password.
+y) Yes type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Skip full upload if there is another file with same data hash.
+This feature is called "speedup" or "put by hash". It is especially efficient
+in case of generally available files like popular books, video or audio clips
+[snip]
+Enter a boolean value (true or false). Press Enter for the default ("true").
+Choose a number from below, or type in your own value
+ 1 / Enable
+   \ "true"
+ 2 / Disable
+   \ "false"
+speedup_enable> 1
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> n
+Remote config
+--------------------
+[remote]
+type = mailru
+user = username@mail.ru
+pass = *** ENCRYPTED ***
+speedup_enable = true
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
 
-Don't use HEAD requests.
+Configuration of this backend does not require a local web browser.
+You can use the configured backend as shown below:
 
-HEAD requests are mainly used to find file sizes in dir listing.
-If your site is being very slow to load then you can try this option.
-Normally rclone does a HEAD request for each potential file in a
-directory listing to:
+See top level directories
 
-- find its size
-- check it really exists
-- check to see if it is a directory
+    rclone lsd remote:
 
-If you set this option, rclone will not do the HEAD request. This will mean
-that directory listings are much quicker, but rclone won't have the times or
-sizes of any files, and some files that don't exist may be in the listing.
+Make a new directory
 
-Properties:
+    rclone mkdir remote:directory
 
-- Config:      no_head
-- Env Var:     RCLONE_HTTP_NO_HEAD
-- Type:        bool
-- Default:     false
+List the contents of a directory
 
+    rclone ls remote:directory
 
+Sync `/home/local/directory` to the remote path, deleting any
+excess files in the path.
 
-## Limitations
+    rclone sync --interactive /home/local/directory remote:directory
 
-`rclone about` is not supported by the HTTP backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
+### Modification times and hashes
 
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+Files support a modification time attribute with up to 1 second precision.
+Directories do not have a modification time, which is shown as "Jan 1 1970".
 
-#  Internet Archive
+File hashes are supported, with a custom Mail.ru algorithm based on SHA1.
+If file size is less than or equal to the SHA1 block size (20 bytes),
+its hash is simply its data right-padded with zero bytes.
+Hashes of a larger file is computed as a SHA1 of the file data
+bytes concatenated with a decimal representation of the data length.
 
-The Internet Archive backend utilizes Items on [archive.org](https://archive.org/)
+### Emptying Trash
 
-Refer to [IAS3 API documentation](https://archive.org/services/docs/api/ias3.html) for the API this backend uses.
+Removing a file or directory actually moves it to the trash, which is not
+visible to rclone but can be seen in a web browser. The trashed file
+still occupies part of total quota. If you wish to empty your trash
+and free some quota, you can use the `rclone cleanup remote:` command,
+which will permanently delete all your trashed files.
+This command does not take any path arguments.
 
-Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
-command.)  You may put subdirectories in too, e.g. `remote:item/path/to/dir`.
+### Quota information
 
-Unlike S3, listing up all items uploaded by you isn't supported.
+To view your current quota you can use the `rclone about remote:`
+command which will display your usage limit (quota) and the current usage.
 
-Once you have made a remote, you can use it like this:
+### Restricted filename characters
 
-Make a new item
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
 
-    rclone mkdir remote:item
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| "         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| <         | 0x3C  | ＜          |
+| >         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \         | 0x5C  | ＼          |
+| \|        | 0x7C  | ｜          |
 
-List the contents of a item
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-    rclone ls remote:item
 
-Sync `/home/local/directory` to the remote item, deleting any excess
-files in the item.
+### Standard options
 
-    rclone sync --interactive /home/local/directory remote:item
+Here are the Standard options specific to mailru (Mail.ru Cloud).
 
-## Notes
-Because of Internet Archive's architecture, it enqueues write operations (and extra post-processings) in a per-item queue. You can check item's queue at https://catalogd.archive.org/history/item-name-here . Because of that, all uploads/deletes will not show up immediately and takes some time to be available.
-The per-item queue is enqueued to an another queue, Item Deriver Queue. [You can check the status of Item Deriver Queue here.](https://catalogd.archive.org/catalog.php?whereami=1) This queue has a limit, and it may block you from uploading, or even deleting. You should avoid uploading a lot of small files for better behavior.
+#### --mailru-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_MAILRU_CLIENT_ID
+- Type:        string
+- Required:    false
 
-You can optionally wait for the server's processing to finish, by setting non-zero value to `wait_archive` key.
-By making it wait, rclone can do normal file comparison.
-Make sure to set a large enough value (e.g. `30m0s` for smaller files) as it can take a long time depending on server's queue.
+#### --mailru-client-secret
 
-## About metadata
-This backend supports setting, updating and reading metadata of each file.
-The metadata will appear as file metadata on Internet Archive.
-However, some fields are reserved by both Internet Archive and rclone.
+OAuth Client Secret.
 
-The following are reserved by Internet Archive:
-- `name`
-- `source`
-- `size`
-- `md5`
-- `crc32`
-- `sha1`
-- `format`
-- `old_version`
-- `viruscheck`
-- `summation`
+Leave blank normally.
 
-Trying to set values to these keys is ignored with a warning.
-Only setting `mtime` is an exception. Doing so make it the identical behavior as setting ModTime.
+Properties:
 
-rclone reserves all the keys starting with `rclone-`. Setting value for these keys will give you warnings, but values are set according to request.
+- Config:      client_secret
+- Env Var:     RCLONE_MAILRU_CLIENT_SECRET
+- Type:        string
+- Required:    false
 
-If there are multiple values for a key, only the first one is returned.
-This is a limitation of rclone, that supports one value per one key.
-It can be triggered when you did a server-side copy.
+#### --mailru-user
 
-Reading metadata will also provide custom (non-standard nor reserved) ones.
+User name (usually email).
 
-## Filtering auto generated files
+Properties:
 
-The Internet Archive automatically creates metadata files after
-upload. These can cause problems when doing an `rclone sync` as rclone
-will try, and fail, to delete them. These metadata files are not
-changeable, as they are created by the Internet Archive automatically.
+- Config:      user
+- Env Var:     RCLONE_MAILRU_USER
+- Type:        string
+- Required:    true
 
-These auto-created files can be excluded from the sync using [metadata
-filtering](https://rclone.org/filtering/#metadata).
+#### --mailru-pass
 
-    rclone sync ... --metadata-exclude "source=metadata" --metadata-exclude "format=Metadata"
+Password.
 
-Which excludes from the sync any files which have the
-`source=metadata` or `format=Metadata` flags which are added to
-Internet Archive auto-created files.
+This must be an app password - rclone will not work with your normal
+password. See the Configuration section in the docs for how to make an
+app password.
 
-## Configuration
 
-Here is an example of making an internetarchive configuration.
-Most applies to the other providers as well, any differences are described [below](#providers).
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-First run
+Properties:
 
-    rclone config
+- Config:      pass
+- Env Var:     RCLONE_MAILRU_PASS
+- Type:        string
+- Required:    true
 
-This will guide you through an interactive setup process.
+#### --mailru-speedup-enable
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-XX / InternetArchive Items
-   \ (internetarchive)
-Storage> internetarchive
-Option access_key_id.
-IAS3 Access Key.
-Leave blank for anonymous access.
-You can find one here: https://archive.org/account/s3.php
-Enter a value. Press Enter to leave empty.
-access_key_id> XXXX
-Option secret_access_key.
-IAS3 Secret Key (password).
-Leave blank for anonymous access.
-Enter a value. Press Enter to leave empty.
-secret_access_key> XXXX
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> y
-Option endpoint.
-IAS3 Endpoint.
-Leave blank for default value.
-Enter a string value. Press Enter for the default (https://s3.us.archive.org).
-endpoint> 
-Option front_endpoint.
-Host of InternetArchive Frontend.
-Leave blank for default value.
-Enter a string value. Press Enter for the default (https://archive.org).
-front_endpoint> 
-Option disable_checksum.
-Don't store MD5 checksum with object metadata.
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can ask the server to check the object against checksum.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
-Enter a boolean value (true or false). Press Enter for the default (true).
-disable_checksum> true
-Option encoding.
-The encoding for the backend.
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
-Enter a encoder.MultiEncoder value. Press Enter for the default (Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot).
-encoding> 
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-[remote]
-type = internetarchive
-access_key_id = XXXX
-secret_access_key = XXXX
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+Skip full upload if there is another file with same data hash.
 
+This feature is called "speedup" or "put by hash". It is especially efficient
+in case of generally available files like popular books, video or audio clips,
+because files are searched by hash in all accounts of all mailru users.
+It is meaningless and ineffective if source file is unique or encrypted.
+Please note that rclone may need local memory and disk space to calculate
+content hash in advance and decide whether full upload is required.
+Also, if rclone does not know file size in advance (e.g. in case of
+streaming or partial uploads), it will not even try this optimization.
 
-### Standard options
+Properties:
 
-Here are the Standard options specific to internetarchive (Internet Archive).
+- Config:      speedup_enable
+- Env Var:     RCLONE_MAILRU_SPEEDUP_ENABLE
+- Type:        bool
+- Default:     true
+- Examples:
+    - "true"
+        - Enable
+    - "false"
+        - Disable
 
-#### --internetarchive-access-key-id
+### Advanced options
 
-IAS3 Access Key.
+Here are the Advanced options specific to mailru (Mail.ru Cloud).
 
-Leave blank for anonymous access.
-You can find one here: https://archive.org/account/s3.php
+#### --mailru-token
+
+OAuth Access Token as a JSON blob.
 
 Properties:
 
-- Config:      access_key_id
-- Env Var:     RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID
+- Config:      token
+- Env Var:     RCLONE_MAILRU_TOKEN
 - Type:        string
 - Required:    false
 
-#### --internetarchive-secret-access-key
+#### --mailru-auth-url
 
-IAS3 Secret Key (password).
+Auth server URL.
 
-Leave blank for anonymous access.
+Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      secret_access_key
-- Env Var:     RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY
+- Config:      auth_url
+- Env Var:     RCLONE_MAILRU_AUTH_URL
 - Type:        string
 - Required:    false
 
-### Advanced options
-
-Here are the Advanced options specific to internetarchive (Internet Archive).
-
-#### --internetarchive-endpoint
+#### --mailru-token-url
 
-IAS3 Endpoint.
+Token server url.
 
-Leave blank for default value.
+Leave blank to use the provider defaults.
 
 Properties:
 
-- Config:      endpoint
-- Env Var:     RCLONE_INTERNETARCHIVE_ENDPOINT
+- Config:      token_url
+- Env Var:     RCLONE_MAILRU_TOKEN_URL
 - Type:        string
-- Default:     "https://s3.us.archive.org"
+- Required:    false
 
-#### --internetarchive-front-endpoint
+#### --mailru-speedup-file-patterns
 
-Host of InternetArchive Frontend.
+Comma separated list of file name patterns eligible for speedup (put by hash).
 
-Leave blank for default value.
+Patterns are case insensitive and can contain '*' or '?' meta characters.
 
 Properties:
 
-- Config:      front_endpoint
-- Env Var:     RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT
+- Config:      speedup_file_patterns
+- Env Var:     RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS
 - Type:        string
-- Default:     "https://archive.org"
+- Default:     "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf"
+- Examples:
+    - ""
+        - Empty list completely disables speedup (put by hash).
+    - "*"
+        - All files will be attempted for speedup.
+    - "*.mkv,*.avi,*.mp4,*.mp3"
+        - Only common audio/video files will be tried for put by hash.
+    - "*.zip,*.gz,*.rar,*.pdf"
+        - Only common archives or PDF books will be tried for speedup.
 
-#### --internetarchive-disable-checksum
+#### --mailru-speedup-max-disk
 
-Don't ask the server to test against MD5 checksum calculated by rclone.
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can ask the server to check the object against checksum.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
+This option allows you to disable speedup (put by hash) for large files.
+
+Reason is that preliminary hashing can exhaust your RAM or disk space.
 
 Properties:
 
-- Config:      disable_checksum
-- Env Var:     RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM
-- Type:        bool
-- Default:     true
+- Config:      speedup_max_disk
+- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_DISK
+- Type:        SizeSuffix
+- Default:     3Gi
+- Examples:
+    - "0"
+        - Completely disable speedup (put by hash).
+    - "1G"
+        - Files larger than 1Gb will be uploaded directly.
+    - "3G"
+        - Choose this option if you have less than 3Gb free on local disk.
 
-#### --internetarchive-wait-archive
+#### --mailru-speedup-max-memory
 
-Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish.
-Only enable if you need to be guaranteed to be reflected after write operations.
-0 to disable waiting. No errors to be thrown in case of timeout.
+Files larger than the size given below will always be hashed on disk.
 
 Properties:
 
-- Config:      wait_archive
-- Env Var:     RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE
-- Type:        Duration
-- Default:     0s
-
-#### --internetarchive-encoding
+- Config:      speedup_max_memory
+- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_MEMORY
+- Type:        SizeSuffix
+- Default:     32Mi
+- Examples:
+    - "0"
+        - Preliminary hashing will always be done in a temporary disk location.
+    - "32M"
+        - Do not dedicate more than 32Mb RAM for preliminary hashing.
+    - "256M"
+        - You have at most 256Mb RAM free for hash calculations.
 
-The encoding for the backend.
+#### --mailru-check-hash
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+What should copy do if file checksum is mismatched or invalid.
 
 Properties:
 
-- Config:      encoding
-- Env Var:     RCLONE_INTERNETARCHIVE_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
-
-### Metadata
-
-Metadata fields provided by Internet Archive.
-If there are multiple values for a key, only the first one is returned.
-This is a limitation of Rclone, that supports one value per one key.
+- Config:      check_hash
+- Env Var:     RCLONE_MAILRU_CHECK_HASH
+- Type:        bool
+- Default:     true
+- Examples:
+    - "true"
+        - Fail with error.
+    - "false"
+        - Ignore and continue.
 
-Owner is able to add custom keys. Metadata feature grabs all the keys including them.
+#### --mailru-user-agent
 
-Here are the possible system metadata items for the internetarchive backend.
+HTTP user agent used internally by client.
 
-| Name | Help | Type | Example | Read Only |
-|------|------|------|---------|-----------|
-| crc32 | CRC32 calculated by Internet Archive | string | 01234567 | **Y** |
-| format | Name of format identified by Internet Archive | string | Comma-Separated Values | **Y** |
-| md5 | MD5 hash calculated by Internet Archive | string | 01234567012345670123456701234567 | **Y** |
-| mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | **Y** |
-| name | Full file path, without the bucket part | filename | backend/internetarchive/internetarchive.go | **Y** |
-| old_version | Whether the file was replaced and moved by keep-old-version flag | boolean | true | **Y** |
-| rclone-ia-mtime | Time of last modification, managed by Internet Archive | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
-| rclone-mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
-| rclone-update-track | Random value used by Rclone for tracking changes inside Internet Archive | string | aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | N |
-| sha1 | SHA1 hash calculated by Internet Archive | string | 0123456701234567012345670123456701234567 | **Y** |
-| size | File size in bytes | decimal number | 123456 | **Y** |
-| source | The source of the file | string | original | **Y** |
-| summation | Check https://forum.rclone.org/t/31922 for how it is used | string | md5 | **Y** |
-| viruscheck | The last time viruscheck process was run for the file (?) | unixtime | 1654191352 | **Y** |
+Defaults to "rclone/VERSION" or "--user-agent" provided on command line.
 
-See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+Properties:
 
+- Config:      user_agent
+- Env Var:     RCLONE_MAILRU_USER_AGENT
+- Type:        string
+- Required:    false
 
+#### --mailru-quirks
 
-#  Jottacloud
+Comma separated list of internal maintenance flags.
 
-Jottacloud is a cloud storage service provider from a Norwegian company, using its own datacenters
-in Norway. In addition to the official service at [jottacloud.com](https://www.jottacloud.com/),
-it also provides white-label solutions to different companies, such as:
-* Telia
-  * Telia Cloud (cloud.telia.se)
-  * Telia Sky (sky.telia.no)
-* Tele2
-  * Tele2 Cloud (mittcloud.tele2.se)
-* Elkjøp (with subsidiaries):
-  * Elkjøp Cloud (cloud.elkjop.no)
-  * Elgiganten Sweden (cloud.elgiganten.se)
-  * Elgiganten Denmark (cloud.elgiganten.dk)
-  * Giganti Cloud  (cloud.gigantti.fi)
-  * ELKO Cloud (cloud.elko.is)
+This option must not be used by an ordinary user. It is intended only to
+facilitate remote troubleshooting of backend issues. Strict meaning of
+flags is not documented and not guaranteed to persist between releases.
+Quirks will be removed when the backend grows stable.
+Supported quirks: atomicmkdir binlist unknowndirs
 
-Most of the white-label versions are supported by this backend, although may require different
-authentication setup - described below.
+Properties:
 
-Paths are specified as `remote:path`
+- Config:      quirks
+- Env Var:     RCLONE_MAILRU_QUIRKS
+- Type:        string
+- Required:    false
 
-Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+#### --mailru-encoding
 
-## Authentication types
+The encoding for the backend.
 
-Some of the whitelabel versions uses a different authentication method than the official service,
-and you have to choose the correct one when setting up the remote.
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-### Standard authentication
+Properties:
 
-The standard authentication method used by the official service (jottacloud.com), as well as
-some of the whitelabel services, requires you to generate a single-use personal login token
-from the account security settings in the service's web interface. Log in to your account,
-go to "Settings" and then "Security", or use the direct link presented to you by rclone when
-configuring the remote: <https://www.jottacloud.com/web/secure>. Scroll down to the section
-"Personal login token", and click the "Generate" button. Note that if you are using a
-whitelabel service you probably can't use the direct link, you need to find the same page in
-their dedicated web interface, and also it may be in a different location than described above.
+- Config:      encoding
+- Env Var:     RCLONE_MAILRU_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
-To access your account from multiple instances of rclone, you need to configure each of them
-with a separate personal login token. E.g. you create a Jottacloud remote with rclone in one
-location, and copy the configuration file to a second location where you also want to run
-rclone and access the same remote. Then you need to replace the token for one of them, using
-the [config reconnect](https://rclone.org/commands/rclone_config_reconnect/) command, which
-requires you to generate a new personal login token and supply as input. If you do not
-do this, the token may easily end up being invalidated, resulting in both instances failing
-with an error message something along the lines of:
 
-    oauth2: cannot fetch token: 400 Bad Request
-    Response: {"error":"invalid_grant","error_description":"Stale token"}
 
-When this happens, you need to replace the token as described above to be able to use your
-remote again.
+## Limitations
 
-All personal login tokens you have taken into use will be listed in the web interface under
-"My logged in devices", and from the right side of that list you can click the "X" button to
-revoke individual tokens.
+File size limits depend on your account. A single file size is limited by 2G
+for a free account and unlimited for paid tariffs. Please refer to the Mail.ru
+site for the total uploaded size limits.
 
-### Legacy authentication
+Note that Mailru is case insensitive so you can't have a file called
+"Hello.doc" and one called "hello.doc".
 
-If you are using one of the whitelabel versions (e.g. from Elkjøp) you may not have the option
-to generate a CLI token. In this case you'll have to use the legacy authentication. To do this select
-yes when the setup asks for legacy authentication and enter your username and password.
-The rest of the setup is identical to the default setup.
+#  Mega
 
-### Telia Cloud authentication
+[Mega](https://mega.nz/) is a cloud storage and file hosting service
+known for its security feature where all files are encrypted locally
+before they are uploaded. This prevents anyone (including employees of
+Mega) from accessing the files without knowledge of the key used for
+encryption.
 
-Similar to other whitelabel versions Telia Cloud doesn't offer the option of creating a CLI token, and
-additionally uses a separate authentication flow where the username is generated internally. To setup
-rclone to use Telia Cloud, choose Telia Cloud authentication in the setup. The rest of the setup is
-identical to the default setup.
+This is an rclone backend for Mega which supports the file transfer
+features of Mega using the same client side encryption.
 
-### Tele2 Cloud authentication
+Paths are specified as `remote:path`
 
-As Tele2-Com Hem merger was completed this authentication can be used for former Com Hem Cloud and
-Tele2 Cloud customers as no support for creating a CLI token exists, and additionally uses a separate
-authentication flow where the username is generated internally. To setup rclone to use Tele2 Cloud,
-choose Tele2 Cloud authentication in the setup. The rest of the setup is identical to the default setup.
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
 ## Configuration
 
-Here is an example of how to make a remote called `remote` with the default setup.  First run:
+Here is an example of how to make a remote called `remote`.  First run:
 
-    rclone config
+     rclone config
 
 This will guide you through an interactive setup process:
 
@@ -32344,257 +37976,242 @@ s) Set configuration password
 q) Quit config
 n/s/q> n
 name> remote
-Option Storage.
 Type of storage to configure.
-Choose a number from below, or type in your own value.
+Choose a number from below, or type in your own value
 [snip]
-XX / Jottacloud
-   \ (jottacloud)
+XX / Mega
+   \ "mega"
 [snip]
-Storage> jottacloud
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
-Option config_type.
-Select authentication type.
-Choose a number from below, or type in an existing string value.
-Press Enter for the default (standard).
-   / Standard authentication.
- 1 | Use this if you're a normal Jottacloud user.
-   \ (standard)
-   / Legacy authentication.
- 2 | This is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.
-   \ (legacy)
-   / Telia Cloud authentication.
- 3 | Use this if you are using Telia Cloud.
-   \ (telia)
-   / Tele2 Cloud authentication.
- 4 | Use this if you are using Tele2 Cloud.
-   \ (tele2)
-config_type> 1
-Personal login token.
-Generate here: https://www.jottacloud.com/web/secure
-Login Token> <your token here>
-Use a non-standard device/mountpoint?
-Choosing no, the default, will let you access the storage used for the archive
-section of the official Jottacloud client. If you instead want to access the
-sync or the backup section, for example, you must choose yes.
-y) Yes
-n) No (default)
-y/n> y
-Option config_device.
-The device to use. In standard setup the built-in Jotta device is used,
-which contains predefined mountpoints for archive, sync etc. All other devices
-are treated as backup devices by the official Jottacloud client. You may create
-a new by entering a unique name.
-Choose a number from below, or type in your own string value.
-Press Enter for the default (DESKTOP-3H31129).
- 1 > DESKTOP-3H31129
- 2 > Jotta
-config_device> 2
-Option config_mountpoint.
-The mountpoint to use for the built-in device Jotta.
-The standard setup is to use the Archive mountpoint. Most other mountpoints
-have very limited support in rclone and should generally be avoided.
-Choose a number from below, or type in an existing string value.
-Press Enter for the default (Archive).
- 1 > Archive
- 2 > Shared
- 3 > Sync
-config_mountpoint> 1
+Storage> mega
+User name
+user> you@example.com
+Password.
+y) Yes type in my own password
+g) Generate random password
+n) No leave this optional password blank
+y/g/n> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Remote config
 --------------------
 [remote]
-type = jottacloud
-configVersion = 1
-client_id = jottacli
-client_secret =
-tokenURL = https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token
-token = {........}
-username = 2940e57271a93d987d6f8a21
-device = Jotta
-mountpoint = Archive
+type = mega
+user = you@example.com
+pass = *** ENCRYPTED ***
 --------------------
-y) Yes this is OK (default)
+y) Yes this is OK
 e) Edit this remote
 d) Delete this remote
 y/e/d> y
 ```
 
-Once configured you can then use `rclone` like this,
+**NOTE:** The encryption keys need to have been already generated after a regular login
+via the browser, otherwise attempting to use the credentials in `rclone` will fail.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Mega
+
+    rclone lsd remote:
+
+List all the files in your Mega
+
+    rclone ls remote:
+
+To copy a local directory to an Mega directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Mega does not support modification times or hashes yet.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | ␀           |
+| /         | 0x2F  | ／          |
 
-List directories in top level of your Jottacloud
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-    rclone lsd remote:
+### Duplicated files
 
-List all the files in your Jottacloud
+Mega can have two files with exactly the same name and path (unlike a
+normal file system).
 
-    rclone ls remote:
+Duplicated files cause problems with the syncing and you will see
+messages in the log about duplicates.
 
-To copy a local directory to an Jottacloud directory called backup
+Use `rclone dedupe` to fix duplicated files.
 
-    rclone copy /home/source remote:backup
+### Failure to log-in
 
-### Devices and Mountpoints
+#### Object not found
 
-The official Jottacloud client registers a device for each computer you install
-it on, and shows them in the backup section of the user interface. For each
-folder you select for backup it will create a mountpoint within this device.
-A built-in device called Jotta is special, and contains mountpoints Archive,
-Sync and some others, used for corresponding features in official clients.
+If you are connecting to your Mega remote for the first time, 
+to test access and synchronization, you may receive an error such as 
 
-With rclone you'll want to use the standard Jotta/Archive device/mountpoint in
-most cases. However, you may for example want to access files from the sync or
-backup functionality provided by the official clients, and rclone therefore
-provides the option to select other devices and mountpoints during config.
+```
+Failed to create file system for "my-mega-remote:": 
+couldn't login: Object (typically, node or user) not found
+```
 
-You are allowed to create new devices and mountpoints. All devices except the
-built-in Jotta device are treated as backup devices by official Jottacloud
-clients, and the mountpoints on them are individual backup sets.
+The diagnostic steps often recommended in the [rclone forum](https://forum.rclone.org/search?q=mega)
+start with the **MEGAcmd** utility. Note that this refers to 
+the official C++ command from https://github.com/meganz/MEGAcmd 
+and not the go language built command from t3rm1n4l/megacmd 
+that is no longer maintained. 
 
-With the built-in Jotta device, only existing, built-in, mountpoints can be
-selected. In addition to the mentioned Archive and Sync, it may contain
-several other mountpoints such as: Latest, Links, Shared and Trash. All of
-these are special mountpoints with a different internal representation than
-the "regular" mountpoints. Rclone will only to a very limited degree support
-them. Generally you should avoid these, unless you know what you are doing.
+Follow the instructions for installing MEGAcmd and try accessing 
+your remote as they recommend. You can establish whether or not 
+you can log in using MEGAcmd, and obtain diagnostic information 
+to help you, and search or work with others in the forum. 
 
-### --fast-list
+```
+MEGA CMD> login me@example.com
+Password:
+Fetching nodes ...
+Loading transfers from local cache
+Login complete as me@example.com
+me@example.com:/$ 
+```
 
-This remote supports `--fast-list` which allows you to use fewer
-transactions in exchange for more memory. See the [rclone
-docs](https://rclone.org/docs/#fast-list) for more details.
+Note that some have found issues with passwords containing special 
+characters. If you can not log on with rclone, but MEGAcmd logs on 
+just fine, then consider changing your password temporarily to 
+pure alphanumeric characters, in case that helps.
 
-Note that the implementation in Jottacloud always uses only a single
-API request to get the entire list, so for large folders this could
-lead to long wait time before the first results are shown.
 
-Note also that with rclone version 1.58 and newer information about
-[MIME types](https://rclone.org/overview/#mime-type) are not available when using `--fast-list`.
+#### Repeated commands blocks access
 
-### Modified time and hashes
+Mega remotes seem to get blocked (reject logins) under "heavy use".
+We haven't worked out the exact blocking rules but it seems to be
+related to fast paced, successive rclone commands.
 
-Jottacloud allows modification times to be set on objects accurate to 1
-second. These will be used to detect whether objects need syncing or
-not.
+For example, executing this command 90 times in a row `rclone link
+remote:file` will cause the remote to become "blocked". This is not an
+abnormal situation, for example if you wish to get the public links of
+a directory with hundred of files...  After more or less a week, the
+remote will remote accept rclone logins normally again.
 
-Jottacloud supports MD5 type hashes, so you can use the `--checksum`
-flag.
+You can mitigate this issue by mounting the remote it with `rclone
+mount`. This will log-in when mounting and a log-out when unmounting
+only. You can also run `rclone rcd` and then use `rclone rc` to run
+the commands over the API to avoid logging in each time.
 
-Note that Jottacloud requires the MD5 hash before upload so if the
-source does not have an MD5 checksum then the file will be cached
-temporarily on disk (in location given by
-[--temp-dir](https://rclone.org/docs/#temp-dir-dir)) before it is uploaded.
-Small files will be cached in memory - see the
-[--jottacloud-md5-memory-limit](#jottacloud-md5-memory-limit) flag.
-When uploading from local disk the source checksum is always available,
-so this does not apply. Starting with rclone version 1.52 the same is
-true for crypted remotes (in older versions the crypt backend would not
-calculate hashes for uploads from local disk, so the Jottacloud
-backend had to do it as described above).
+Rclone does not currently close mega sessions (you can see them in the
+web interface), however closing the sessions does not solve the issue.
 
-### Restricted filename characters
+If you space rclone commands by 3 seconds it will avoid blocking the
+remote. We haven't identified the exact blocking rules, so perhaps one
+could execute the command 80 times without waiting and avoid blocking
+by waiting 3 seconds, then continuing...
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+Note that this has been observed by trial and error and might not be
+set in stone.
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| "         | 0x22  | ＂          |
-| *         | 0x2A  | ＊          |
-| :         | 0x3A  | ：          |
-| <         | 0x3C  | ＜          |
-| >         | 0x3E  | ＞          |
-| ?         | 0x3F  | ？          |
-| \|        | 0x7C  | ｜          |
+Other tools seem not to produce this blocking effect, as they use a
+different working approach (state-based, using sessionIDs instead of
+log-in) which isn't compatible with the current stateless rclone
+approach.
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in XML strings.
+Note that once blocked, the use of other tools (such as megacmd) is
+not a sure workaround: following megacmd login times have been
+observed in succession for blocked remote: 7 minutes, 20 min, 30min, 30
+min, 30min. Web access looks unaffected though.
 
-### Deleting files
+Investigation is continuing in relation to workarounds based on
+timeouts, pacers, retrials and tpslimits - if you discover something
+relevant, please post on the forum.
 
-By default, rclone will send all files to the trash when deleting files. They will be permanently
-deleted automatically after 30 days. You may bypass the trash and permanently delete files immediately
-by using the [--jottacloud-hard-delete](#jottacloud-hard-delete) flag, or set the equivalent environment variable.
-Emptying the trash is supported by the [cleanup](https://rclone.org/commands/rclone_cleanup/) command.
+So, if rclone was working nicely and suddenly you are unable to log-in
+and you are sure the user and the password are correct, likely you
+have got the remote blocked for a while.
 
-### Versions
 
-Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it.
-Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.
+### Standard options
 
-Versioning can be disabled by `--jottacloud-no-versions` option. This is achieved by deleting the remote file prior to uploading
-a new version. If the upload the fails no version of the file will be available in the remote.
+Here are the Standard options specific to mega (Mega).
 
-### Quota information
+#### --mega-user
 
-To view your current quota you can use the `rclone about remote:`
-command which will display your usage limit (unless it is unlimited)
-and the current usage.
+User name.
 
+Properties:
 
-### Advanced options
+- Config:      user
+- Env Var:     RCLONE_MEGA_USER
+- Type:        string
+- Required:    true
 
-Here are the Advanced options specific to jottacloud (Jottacloud).
+#### --mega-pass
 
-#### --jottacloud-md5-memory-limit
+Password.
 
-Files bigger than this will be cached on disk to calculate the MD5 if required.
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
 Properties:
 
-- Config:      md5_memory_limit
-- Env Var:     RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT
-- Type:        SizeSuffix
-- Default:     10Mi
+- Config:      pass
+- Env Var:     RCLONE_MEGA_PASS
+- Type:        string
+- Required:    true
 
-#### --jottacloud-trashed-only
+### Advanced options
 
-Only show files that are in the trash.
+Here are the Advanced options specific to mega (Mega).
 
-This will show trashed files in their original directory structure.
+#### --mega-debug
+
+Output more debug from Mega.
+
+If this flag is set (along with -vv) it will print further debugging
+information from the mega backend.
 
 Properties:
 
-- Config:      trashed_only
-- Env Var:     RCLONE_JOTTACLOUD_TRASHED_ONLY
+- Config:      debug
+- Env Var:     RCLONE_MEGA_DEBUG
 - Type:        bool
 - Default:     false
 
-#### --jottacloud-hard-delete
+#### --mega-hard-delete
 
 Delete files permanently rather than putting them into the trash.
 
+Normally the mega backend will put all deletions into the trash rather
+than permanently deleting them.  If you specify this then rclone will
+permanently delete objects instead.
+
 Properties:
 
 - Config:      hard_delete
-- Env Var:     RCLONE_JOTTACLOUD_HARD_DELETE
+- Env Var:     RCLONE_MEGA_HARD_DELETE
 - Type:        bool
 - Default:     false
 
-#### --jottacloud-upload-resume-limit
-
-Files bigger than this can be resumed if the upload fail's.
-
-Properties:
-
-- Config:      upload_resume_limit
-- Env Var:     RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT
-- Type:        SizeSuffix
-- Default:     10Mi
+#### --mega-use-https
 
-#### --jottacloud-no-versions
+Use HTTPS for transfers.
 
-Avoid server side versioning by deleting files and recreating files instead of overwriting them.
+MEGA uses plain text HTTP connections by default.
+Some ISPs throttle HTTP connections, this causes transfers to become very slow.
+Enabling this will force MEGA to use HTTPS for all transfers.
+HTTPS is normally not necessary since all data is already encrypted anyway.
+Enabling it will increase CPU usage and add network overhead.
 
 Properties:
 
-- Config:      no_versions
-- Env Var:     RCLONE_JOTTACLOUD_NO_VERSIONS
+- Config:      use_https
+- Env Var:     RCLONE_MEGA_USE_HTTPS
 - Type:        bool
 - Default:     false
 
-#### --jottacloud-encoding
+#### --mega-encoding
 
 The encoding for the backend.
 
@@ -32603,45 +38220,38 @@ See the [encoding section in the overview](https://rclone.org/overview/#encoding
 Properties:
 
 - Config:      encoding
-- Env Var:     RCLONE_JOTTACLOUD_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
-
+- Env Var:     RCLONE_MEGA_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8,Dot
 
 
-## Limitations
 
-Note that Jottacloud is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+### Process `killed`
 
-There are quite a few characters that can't be in Jottacloud file names. Rclone will map these names to and from an identical
-looking unicode equivalent. For example if a file has a ? in it will be mapped to ？ instead.
+On accounts with large files or something else, memory usage can significantly increase when executing list/sync instructions. When running on cloud providers (like AWS with EC2), check if the instance type has sufficient memory/CPU to execute the commands. Use the resource monitoring tools to inspect after sending the commands. Look [at this issue](https://forum.rclone.org/t/rclone-with-mega-appears-to-work-only-in-some-accounts/40233/4).
 
-Jottacloud only supports filenames up to 255 characters in length.
+## Limitations
 
-## Troubleshooting
+This backend uses the [go-mega go library](https://github.com/t3rm1n4l/go-mega) which is an opensource
+go library implementing the Mega API. There doesn't appear to be any
+documentation for the mega protocol beyond the [mega C++ SDK](https://github.com/meganz/sdk) source code
+so there are likely quite a few errors still remaining in this library.
 
-Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove
-operations to previously deleted paths to fail. Emptying the trash should help in such cases.
+Mega allows duplicate files which may confuse rclone.
 
-#  Koofr
+#  Memory
 
-Paths are specified as `remote:path`
+The memory backend is an in RAM backend. It does not persist its
+data - use the local backend for that.
 
-Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+The memory backend behaves like a bucket-based remote (e.g. like
+s3). Because it has no parameters you can just use it with the
+`:memory:` remote name.
 
 ## Configuration
 
-The initial setup for Koofr involves creating an application password for
-rclone. You can do that by opening the Koofr
-[web application](https://app.koofr.net/app/admin/preferences/password),
-giving the password a nice name like `rclone` and clicking on generate.
-
-Here is an example of how to make a remote called `koofr`.  First run:
-
-     rclone config
-
-This will guide you through an interactive setup process:
+You can configure it as a remote like this with `rclone config` too if
+you want to:
 
 ```
 No remotes found, make a new one?
@@ -32649,51 +38259,22 @@ n) New remote
 s) Set configuration password
 q) Quit config
 n/s/q> n
-name> koofr
-Option Storage.
+name> remote
 Type of storage to configure.
-Choose a number from below, or type in your own value.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
 [snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \ (koofr)
+XX / Memory
+   \ "memory"
 [snip]
-Storage> koofr
-Option provider.
-Choose your storage provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \ (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \ (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \ (other)
-provider> 1    
-Option user.
-Your user name.
-Enter a value.
-user> USERNAME
-Option password.
-Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
-Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
+Storage> memory
+** See help for memory backend at: https://rclone.org/memory/ **
+
 Remote config
+
 --------------------
-[koofr]
-type = koofr
-provider = koofr
-user = USERNAME
-password = *** ENCRYPTED ***
+[remote]
+type = memory
 --------------------
 y) Yes this is OK (default)
 e) Edit this remote
@@ -32701,358 +38282,313 @@ d) Delete this remote
 y/e/d> y
 ```
 
-You can choose to edit advanced config in order to enter your own service URL
-if you use an on-premise or white label Koofr instance, or choose an alternative
-mount instead of your primary storage.
+Because the memory backend isn't persistent it is most useful for
+testing or with an rclone server or rclone mount, e.g.
 
-Once configured you can then use `rclone` like this,
+    rclone mount :memory: /mnt/tmp
+    rclone serve webdav :memory:
+    rclone serve sftp :memory:
 
-List directories in top level of your Koofr
+### Modification times and hashes
 
-    rclone lsd koofr:
+The memory backend supports MD5 hashes and modification times accurate to 1 nS.
 
-List all the files in your Koofr
+### Restricted filename characters
 
-    rclone ls koofr:
+The memory backend replaces the [default restricted characters
+set](https://rclone.org/overview/#restricted-characters).
 
-To copy a local directory to an Koofr directory called backup
 
-    rclone copy /home/source koofr:backup
 
-### Restricted filename characters
 
-In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
-the following characters are also replaced:
+#  Akamai NetStorage
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| \         | 0x5C  | ＼           |
+Paths are specified as `remote:`
+You may put subdirectories in too, e.g. `remote:/path/to/dir`.
+If you have a CP code you can use that as the folder after the domain such as \<domain>\/\<cpcode>\/\<internal directories within cpcode>.
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in XML strings.
+For example, this is commonly configured with or without a CP code:
+* **With a CP code**. `[your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/`
+* **Without a CP code**. `[your-domain-prefix]-nsu.akamaihd.net`
 
 
-### Standard options
+See all buckets
+   rclone lsd remote:
+The initial setup for Netstorage involves getting an account and secret. Use `rclone config` to walk you through the setup process.
 
-Here are the Standard options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+## Configuration
 
-#### --koofr-provider
+Here's an example of how to make a remote called `ns1`.
 
-Choose your storage provider.
+1. To begin the interactive configuration process, enter this command:
 
-Properties:
+```
+rclone config
+```
 
-- Config:      provider
-- Env Var:     RCLONE_KOOFR_PROVIDER
-- Type:        string
-- Required:    false
-- Examples:
-    - "koofr"
-        - Koofr, https://app.koofr.net/
-    - "digistorage"
-        - Digi Storage, https://storage.rcs-rds.ro/
-    - "other"
-        - Any other Koofr API compatible storage service
+2. Type `n` to create a new remote.
 
-#### --koofr-endpoint
+```
+n) New remote
+d) Delete remote
+q) Quit config
+e/n/d/q> n
+```
 
-The Koofr API endpoint to use.
+3. For this example, enter `ns1` when you reach the name> prompt.
 
-Properties:
+```
+name> ns1
+```
 
-- Config:      endpoint
-- Env Var:     RCLONE_KOOFR_ENDPOINT
-- Provider:    other
-- Type:        string
-- Required:    true
+4. Enter `netstorage` as the type of storage to configure.
 
-#### --koofr-user
+```
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+XX / NetStorage
+   \ "netstorage"
+Storage> netstorage
+```
 
-Your user name.
+5. Select between the HTTP or HTTPS protocol. Most users should choose HTTPS, which is the default. HTTP is provided primarily for debugging purposes.
 
-Properties:
 
-- Config:      user
-- Env Var:     RCLONE_KOOFR_USER
-- Type:        string
-- Required:    true
+```
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 1 / HTTP protocol
+   \ "http"
+ 2 / HTTPS protocol
+   \ "https"
+protocol> 1
+```
 
-#### --koofr-password
+6. Specify your NetStorage host, CP code, and any necessary content paths using this format: `<domain>/<cpcode>/<content>/`
 
-Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
+```
+Enter a string value. Press Enter for the default ("").
+host> baseball-nsu.akamaihd.net/123456/content/
+```
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+7. Set the netstorage account name
+```
+Enter a string value. Press Enter for the default ("").
+account> username
+```
 
-Properties:
+8. Set the Netstorage account secret/G2O key which will be used for authentication purposes. Select the `y` option to set your own password then enter your secret.
+Note: The secret is stored in the `rclone.conf` file with hex-encoded encryption.
 
-- Config:      password
-- Env Var:     RCLONE_KOOFR_PASSWORD
-- Provider:    koofr
-- Type:        string
-- Required:    true
+```
+y) Yes type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+```
+
+9. View the summary and confirm your remote configuration.
+
+```
+[ns1]
+type = netstorage
+protocol = http
+host = baseball-nsu.akamaihd.net/123456/content/
+account = username
+secret = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This remote is called `ns1` and can now be used.
+
+## Example operations
+
+Get started with rclone and NetStorage with these examples. For additional rclone commands, visit https://rclone.org/commands/.
+
+### See contents of a directory in your project
+
+    rclone lsd ns1:/974012/testing/
+
+### Sync the contents local with remote
+
+    rclone sync . ns1:/974012/testing/
+
+### Upload local content to remote
+    rclone copy notes.txt ns1:/974012/testing/
+
+### Delete content on remote
+    rclone delete ns1:/974012/testing/notes.txt
+
+### Move or copy content between CP codes.
+
+Your credentials must have access to two CP codes on the same remote. You can't perform operations between different remotes.
+
+    rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/
+
+## Features
+
+### Symlink Support
+
+The Netstorage backend changes the rclone `--links, -l` behavior. When uploading, instead of creating the .rclonelink file, use the "symlink" API in order to create the corresponding symlink on the remote. The .rclonelink file will not be created, the upload will be intercepted and only the symlink file that matches the source file name with no suffix will be created on the remote.
+
+This will effectively allow commands like copy/copyto, move/moveto and sync to upload from local to remote and download from remote to local directories with symlinks. Due to internal rclone limitations, it is not possible to upload an individual symlink file to any remote backend. You can always use the "backend symlink" command to create a symlink on the NetStorage server, refer to "symlink" section below.
+
+Individual symlink files on the remote can be used with the commands like "cat" to print the destination name, or "delete" to delete symlink, or copy, copy/to and move/moveto to download from the remote to local. Note: individual symlink files on the remote should be specified including the suffix .rclonelink.
+
+**Note**: No file with the suffix .rclonelink should ever exist on the server since it is not possible to actually upload/create a file with .rclonelink suffix with rclone, it can only exist if it is manually created through a non-rclone method on the remote.
+
+### Implicit vs. Explicit Directories
+
+With NetStorage, directories can exist in one of two forms:
+
+1. **Explicit Directory**. This is an actual, physical directory that you have created in a storage group.
+2. **Implicit Directory**. This refers to a directory within a path that has not been physically created. For example, during upload of a file, nonexistent subdirectories can be specified in the target path. NetStorage creates these as "implicit." While the directories aren't physically created, they exist implicitly and the noted path is connected with the uploaded file.
+
+Rclone will intercept all file uploads and mkdir commands for the NetStorage remote and will explicitly issue the mkdir command for each directory in the uploading path. This will help with the interoperability with the other Akamai services such as SFTP and the Content Management Shell (CMShell). Rclone will not guarantee correctness of operations with implicit directories which might have been created as a result of using an upload API directly.
 
-#### --koofr-password
+### `--fast-list` / ListR support
 
-Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).
+NetStorage remote supports the ListR feature by using the "list" NetStorage API action to return a lexicographical list of all objects within the specified CP code, recursing into subdirectories as they're encountered.
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+* **Rclone will use the ListR method for some commands by default**. Commands such as `lsf -R` will use ListR by default. To disable this, include the `--disable listR` option to use the non-recursive method of listing objects.
 
-Properties:
+* **Rclone will not use the ListR method for some commands**. Commands such as `sync` don't use ListR by default. To force using the ListR method, include the  `--fast-list` option.
 
-- Config:      password
-- Env Var:     RCLONE_KOOFR_PASSWORD
-- Provider:    digistorage
-- Type:        string
-- Required:    true
+There are pros and cons of using the ListR method, refer to [rclone documentation](https://rclone.org/docs/#fast-list). In general, the sync command over an existing deep tree on the remote will run faster with the "--fast-list" flag but with extra memory usage as a side effect. It might also result in higher CPU utilization but the whole task can be completed faster.
 
-#### --koofr-password
+**Note**: There is a known limitation that "lsf -R" will display number of files in the directory and directory size as -1 when ListR method is used. The workaround is to pass "--disable listR" flag if these numbers are important in the output.
 
-Your password for rclone (generate one at your service's settings page).
+### Purge
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+NetStorage remote supports the purge feature by using the "quick-delete" NetStorage API action. The quick-delete action is disabled by default for security reasons and can be enabled for the account through the Akamai portal. Rclone will first try to use quick-delete action for the purge command and if this functionality is disabled then will fall back to a standard delete method.
 
-Properties:
+**Note**: Read the [NetStorage Usage API](https://learn.akamai.com/en-us/webhelp/netstorage/netstorage-http-api-developer-guide/GUID-15836617-9F50-405A-833C-EA2556756A30.html) for considerations when using "quick-delete". In general, using quick-delete method will not delete the tree immediately and objects targeted for quick-delete may still be accessible.
 
-- Config:      password
-- Env Var:     RCLONE_KOOFR_PASSWORD
-- Provider:    other
-- Type:        string
-- Required:    true
 
-### Advanced options
+### Standard options
 
-Here are the Advanced options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+Here are the Standard options specific to netstorage (Akamai NetStorage).
 
-#### --koofr-mountid
+#### --netstorage-host
 
-Mount ID of the mount to use.
+Domain+path of NetStorage host to connect to.
 
-If omitted, the primary mount is used.
+Format should be `<domain>/<internal folders>`
 
 Properties:
 
-- Config:      mountid
-- Env Var:     RCLONE_KOOFR_MOUNTID
+- Config:      host
+- Env Var:     RCLONE_NETSTORAGE_HOST
 - Type:        string
-- Required:    false
-
-#### --koofr-setmtime
+- Required:    true
 
-Does the backend support setting modification time.
+#### --netstorage-account
 
-Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.
+Set the NetStorage account name
 
 Properties:
 
-- Config:      setmtime
-- Env Var:     RCLONE_KOOFR_SETMTIME
-- Type:        bool
-- Default:     true
-
-#### --koofr-encoding
+- Config:      account
+- Env Var:     RCLONE_NETSTORAGE_ACCOUNT
+- Type:        string
+- Required:    true
 
-The encoding for the backend.
+#### --netstorage-secret
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Set the NetStorage account secret/G2O key for authentication.
 
-Properties:
+Please choose the 'y' option to set your own password then enter your secret.
 
-- Config:      encoding
-- Env Var:     RCLONE_KOOFR_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
+Properties:
 
+- Config:      secret
+- Env Var:     RCLONE_NETSTORAGE_SECRET
+- Type:        string
+- Required:    true
 
-## Limitations
+### Advanced options
 
-Note that Koofr is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+Here are the Advanced options specific to netstorage (Akamai NetStorage).
 
-## Providers
+#### --netstorage-protocol
 
-### Koofr
+Select between HTTP or HTTPS protocol.
 
-This is the original [Koofr](https://koofr.eu) storage provider used as main example and described in the [configuration](#configuration) section above.
+Most users should choose HTTPS, which is the default.
+HTTP is provided primarily for debugging purposes.
 
-### Digi Storage 
+Properties:
 
-[Digi Storage](https://www.digi.ro/servicii/online/digi-storage) is a cloud storage service run by [Digi.ro](https://www.digi.ro/) that
-provides a Koofr API.
+- Config:      protocol
+- Env Var:     RCLONE_NETSTORAGE_PROTOCOL
+- Type:        string
+- Default:     "https"
+- Examples:
+    - "http"
+        - HTTP protocol
+    - "https"
+        - HTTPS protocol
 
-Here is an example of how to make a remote called `ds`.  First run:
+## Backend commands
 
-     rclone config
+Here are the commands specific to the netstorage backend.
 
-This will guide you through an interactive setup process:
+Run them with
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> ds
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \ (koofr)
-[snip]
-Storage> koofr
-Option provider.
-Choose your storage provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \ (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \ (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \ (other)
-provider> 2
-Option user.
-Your user name.
-Enter a value.
-user> USERNAME
-Option password.
-Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).
-Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-[ds]
-type = koofr
-provider = digistorage
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+    rclone backend COMMAND remote:
 
-### Other
+The help below will explain what arguments each command takes.
 
-You may also want to use another, public or private storage provider that runs a Koofr API compatible service, by simply providing the base URL to connect to.
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
 
-Here is an example of how to make a remote called `other`.  First run:
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
 
-     rclone config
+### du
 
-This will guide you through an interactive setup process:
+Return disk usage information for a specified directory
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> other
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \ (koofr)
-[snip]
-Storage> koofr
-Option provider.
-Choose your storage provider.
-Choose a number from below, or type in your own value.
-Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \ (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \ (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \ (other)
-provider> 3
-Option endpoint.
-The Koofr API endpoint to use.
-Enter a value.
-endpoint> https://koofr.other.org
-Option user.
-Your user name.
-Enter a value.
-user> USERNAME
-Option password.
-Your password for rclone (generate one at your service's settings page).
-Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-[other]
-type = koofr
-provider = other
-endpoint = https://koofr.other.org
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+    rclone backend du remote: [options] [<arguments>+]
 
-#  Mail.ru Cloud
+The usage information returned, includes the targeted directory as well as all
+files stored in any sub-directories that may exist.
 
-[Mail.ru Cloud](https://cloud.mail.ru/) is a cloud storage provided by a Russian internet company [Mail.Ru Group](https://mail.ru). The official desktop client is [Disk-O:](https://disk-o.cloud/en), available on Windows and Mac OS.
+### symlink
 
-Currently it is recommended to disable 2FA on Mail.ru accounts intended for rclone until it gets eventually implemented.
+You can create a symbolic link in ObjectStore with the symlink action.
 
-## Features highlights
+    rclone backend symlink remote: [options] [<arguments>+]
 
-- Paths may be as deep as required, e.g. `remote:directory/subdirectory`
-- Files have a `last modified time` property, directories don't
-- Deleted files are by default moved to the trash
-- Files and directories can be shared via public links
-- Partial uploads or streaming are not supported, file size must be known before upload
-- Maximum file size is limited to 2G for a free account, unlimited for paid accounts
-- Storage keeps hash for all files and performs transparent deduplication,
-  the hash algorithm is a modified SHA1
-- If a particular file is already present in storage, one can quickly submit file hash
-  instead of long file upload (this optimization is supported by rclone)
+The desired path location (including applicable sub-directories) ending in
+the object that will be the target of the symlink (for example, /links/mylink).
+Include the file extension for the object, if applicable.
+`rclone backend symlink <src> <path>`
 
-## Configuration
 
-Here is an example of making a mailru configuration.
 
-First create a Mail.ru Cloud account and choose a tariff.
+#  Microsoft Azure Blob Storage
 
-You will need to log in and create an app password for rclone. Rclone
-**will not work** with your normal username and password - it will
-give an error like `oauth2: server response missing access_token`.
+Paths are specified as `remote:container` (or `remote:` for the `lsd`
+command.)  You may put subdirectories in too, e.g.
+`remote:container/path/to/dir`.
 
-- Click on your user icon in the top right
-- Go to Security / "Пароль и безопасность"
-- Click password for apps / "Пароли для внешних приложений"
-- Add the password - give it a name - eg "rclone"
-- Copy the password and use this password below - your normal login password won't work.
+## Configuration
 
-Now run
+Here is an example of making a Microsoft Azure Blob Storage
+configuration.  For a remote called `remote`.  First run:
 
-    rclone config
+     rclone config
 
 This will guide you through an interactive setup process:
 
@@ -33064,51 +38600,24 @@ q) Quit config
 n/s/q> n
 name> remote
 Type of storage to configure.
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
 Choose a number from below, or type in your own value
 [snip]
-XX / Mail.ru Cloud
-   \ "mailru"
-[snip]
-Storage> mailru
-User name (usually email)
-Enter a string value. Press Enter for the default ("").
-user> username@mail.ru
-Password
-
-This must be an app password - rclone will not work with your normal
-password. See the Configuration section in the docs for how to make an
-app password.
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Skip full upload if there is another file with same data hash.
-This feature is called "speedup" or "put by hash". It is especially efficient
-in case of generally available files like popular books, video or audio clips
+XX / Microsoft Azure Blob Storage
+   \ "azureblob"
 [snip]
-Enter a boolean value (true or false). Press Enter for the default ("true").
-Choose a number from below, or type in your own value
- 1 / Enable
-   \ "true"
- 2 / Disable
-   \ "false"
-speedup_enable> 1
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
+Storage> azureblob
+Storage Account Name
+account> account_name
+Storage Account Key
+key> base64encodedkey==
+Endpoint for the service - leave blank normally.
+endpoint> 
 Remote config
 --------------------
 [remote]
-type = mailru
-user = username@mail.ru
-pass = *** ENCRYPTED ***
-speedup_enable = true
+account = account_name
+key = base64encodedkey==
+endpoint = 
 --------------------
 y) Yes this is OK
 e) Edit this remote
@@ -33116,52 +38625,53 @@ d) Delete this remote
 y/e/d> y
 ```
 
-Configuration of this backend does not require a local web browser.
-You can use the configured backend as shown below:
-
-See top level directories
+See all containers
 
     rclone lsd remote:
 
-Make a new directory
+Make a new container
 
-    rclone mkdir remote:directory
+    rclone mkdir remote:container
 
-List the contents of a directory
+List the contents of a container
 
-    rclone ls remote:directory
+    rclone ls remote:container
 
-Sync `/home/local/directory` to the remote path, deleting any
-excess files in the path.
+Sync `/home/local/directory` to the remote container, deleting any excess
+files in the container.
 
-    rclone sync --interactive /home/local/directory remote:directory
+    rclone sync --interactive /home/local/directory remote:container
 
-### Modified time
+### --fast-list
 
-Files support a modification time attribute with up to 1 second precision.
-Directories do not have a modification time, which is shown as "Jan 1 1970".
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
 
-### Hash checksums
+### Modification times and hashes
 
-Hash sums use a custom Mail.ru algorithm based on SHA1.
-If file size is less than or equal to the SHA1 block size (20 bytes),
-its hash is simply its data right-padded with zero bytes.
-Hash sum of a larger file is computed as a SHA1 sum of the file data
-bytes concatenated with a decimal representation of the data length.
+The modification time is stored as metadata on the object with the
+`mtime` key.  It is stored using RFC3339 Format time with nanosecond
+precision.  The metadata is supplied during directory listings so
+there is no performance overhead to using it.
 
-### Emptying Trash
+If you wish to use the Azure standard `LastModified` time stored on
+the object as the modified time, then use the `--use-server-modtime`
+flag. Note that rclone can't set `LastModified`, so using the
+`--update` flag when syncing is recommended if using
+`--use-server-modtime`.
 
-Removing a file or directory actually moves it to the trash, which is not
-visible to rclone but can be seen in a web browser. The trashed file
-still occupies part of total quota. If you wish to empty your trash
-and free some quota, you can use the `rclone cleanup remote:` command,
-which will permanently delete all your trashed files.
-This command does not take any path arguments.
+MD5 hashes are stored with blobs. However blobs that were uploaded in
+chunks only have an MD5 if the source remote was capable of MD5
+hashes, e.g. the local disk.
 
-### Quota information
+### Performance
 
-To view your current quota you can use the `rclone about remote:`
-command which will display your usage limit (quota) and the current usage.
+When uploading large files, increasing the value of
+`--azureblob-upload-concurrency` will increase performance at the cost
+of using more memory. The default of 16 is set quite conservatively to
+use less memory. It maybe be necessary raise it to 64 or higher to
+fully utilize a 1 GBit/s link with a single file transfer.
 
 ### Restricted filename characters
 
@@ -33170,847 +38680,781 @@ the following characters are also replaced:
 
 | Character | Value | Replacement |
 | --------- |:-----:|:-----------:|
-| "         | 0x22  | ＂          |
-| *         | 0x2A  | ＊          |
-| :         | 0x3A  | ：          |
-| <         | 0x3C  | ＜          |
-| >         | 0x3E  | ＞          |
-| ?         | 0x3F  | ？          |
-| \         | 0x5C  | ＼          |
-| \|        | 0x7C  | ｜          |
-
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
-
-
-### Standard options
-
-Here are the Standard options specific to mailru (Mail.ru Cloud).
-
-#### --mailru-user
-
-User name (usually email).
-
-Properties:
+| /         | 0x2F  | ／           |
+| \         | 0x5C  | ＼           |
 
-- Config:      user
-- Env Var:     RCLONE_MAILRU_USER
-- Type:        string
-- Required:    true
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
 
-#### --mailru-pass
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| .         | 0x2E  | ．          |
 
-Password.
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
 
-This must be an app password - rclone will not work with your normal
-password. See the Configuration section in the docs for how to make an
-app password.
+### Authentication {#authentication}
 
+There are a number of ways of supplying credentials for Azure Blob
+Storage. Rclone tries them in the order of the sections below.
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+#### Env Auth
 
-Properties:
+If the `env_auth` config parameter is `true` then rclone will pull
+credentials from the environment or runtime.
 
-- Config:      pass
-- Env Var:     RCLONE_MAILRU_PASS
-- Type:        string
-- Required:    true
+It tries these authentication methods in this order:
 
-#### --mailru-speedup-enable
+1. Environment Variables
+2. Managed Service Identity Credentials
+3. Azure CLI credentials (as used by the az tool)
 
-Skip full upload if there is another file with same data hash.
+These are described in the following sections
 
-This feature is called "speedup" or "put by hash". It is especially efficient
-in case of generally available files like popular books, video or audio clips,
-because files are searched by hash in all accounts of all mailru users.
-It is meaningless and ineffective if source file is unique or encrypted.
-Please note that rclone may need local memory and disk space to calculate
-content hash in advance and decide whether full upload is required.
-Also, if rclone does not know file size in advance (e.g. in case of
-streaming or partial uploads), it will not even try this optimization.
+##### Env Auth: 1. Environment Variables
 
-Properties:
+If `env_auth` is set and environment variables are present rclone
+authenticates a service principal with a secret or certificate, or a
+user with a password, depending on which environment variable are set.
+It reads configuration from these variables, in the following order:
 
-- Config:      speedup_enable
-- Env Var:     RCLONE_MAILRU_SPEEDUP_ENABLE
-- Type:        bool
-- Default:     true
-- Examples:
-    - "true"
-        - Enable
-    - "false"
-        - Disable
+1. Service principal with client secret
+    - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `AZURE_CLIENT_ID`: the service principal's client ID
+    - `AZURE_CLIENT_SECRET`: one of the service principal's client secrets
+2. Service principal with certificate
+    - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `AZURE_CLIENT_ID`: the service principal's client ID
+    - `AZURE_CLIENT_CERTIFICATE_PATH`: path to a PEM or PKCS12 certificate file including the private key.
+    - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+    - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
+3. User with username and password
+    - `AZURE_TENANT_ID`: (optional) tenant to authenticate in. Defaults to "organizations".
+    - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
+    - `AZURE_USERNAME`: a username (usually an email address)
+    - `AZURE_PASSWORD`: the user's password
+4. Workload Identity
+    - `AZURE_TENANT_ID`: Tenant to authenticate in.
+    - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+    - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+    - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
 
-### Advanced options
 
-Here are the Advanced options specific to mailru (Mail.ru Cloud).
+##### Env Auth: 2. Managed Service Identity Credentials
 
-#### --mailru-speedup-file-patterns
+When using Managed Service Identity if the VM(SS) on which this
+program is running has a system-assigned identity, it will be used by
+default. If the resource has no system-assigned but exactly one
+user-assigned identity, the user-assigned identity will be used by
+default.
 
-Comma separated list of file name patterns eligible for speedup (put by hash).
+If the resource has multiple user-assigned identities you will need to
+unset `env_auth` and set `use_msi` instead. See the [`use_msi`
+section](#use_msi).
 
-Patterns are case insensitive and can contain '*' or '?' meta characters.
+##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
 
-Properties:
+Credentials created with the `az` tool can be picked up using `env_auth`.
 
-- Config:      speedup_file_patterns
-- Env Var:     RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS
-- Type:        string
-- Default:     "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf"
-- Examples:
-    - ""
-        - Empty list completely disables speedup (put by hash).
-    - "*"
-        - All files will be attempted for speedup.
-    - "*.mkv,*.avi,*.mp4,*.mp3"
-        - Only common audio/video files will be tried for put by hash.
-    - "*.zip,*.gz,*.rar,*.pdf"
-        - Only common archives or PDF books will be tried for speedup.
+For example if you were to login with a service principal like this:
 
-#### --mailru-speedup-max-disk
+    az login --service-principal -u XXX -p XXX --tenant XXX
 
-This option allows you to disable speedup (put by hash) for large files.
+Then you could access rclone resources like this:
 
-Reason is that preliminary hashing can exhaust your RAM or disk space.
+    rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER
 
-Properties:
+Or
 
-- Config:      speedup_max_disk
-- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_DISK
-- Type:        SizeSuffix
-- Default:     3Gi
-- Examples:
-    - "0"
-        - Completely disable speedup (put by hash).
-    - "1G"
-        - Files larger than 1Gb will be uploaded directly.
-    - "3G"
-        - Choose this option if you have less than 3Gb free on local disk.
+    rclone lsf --azureblob-env-auth --azureblob-account=ACCOUNT :azureblob:CONTAINER
 
-#### --mailru-speedup-max-memory
+Which is analogous to using the `az` tool:
 
-Files larger than the size given below will always be hashed on disk.
+    az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login
 
-Properties:
+#### Account and Shared Key
 
-- Config:      speedup_max_memory
-- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_MEMORY
-- Type:        SizeSuffix
-- Default:     32Mi
-- Examples:
-    - "0"
-        - Preliminary hashing will always be done in a temporary disk location.
-    - "32M"
-        - Do not dedicate more than 32Mb RAM for preliminary hashing.
-    - "256M"
-        - You have at most 256Mb RAM free for hash calculations.
+This is the most straight forward and least flexible way.  Just fill
+in the `account` and `key` lines and leave the rest blank.
 
-#### --mailru-check-hash
+#### SAS URL
 
-What should copy do if file checksum is mismatched or invalid.
+This can be an account level SAS URL or container level SAS URL.
 
-Properties:
+To use it leave `account` and `key` blank and fill in `sas_url`.
 
-- Config:      check_hash
-- Env Var:     RCLONE_MAILRU_CHECK_HASH
-- Type:        bool
-- Default:     true
-- Examples:
-    - "true"
-        - Fail with error.
-    - "false"
-        - Ignore and continue.
+An account level SAS URL or container level SAS URL can be obtained
+from the Azure portal or the Azure Storage Explorer.  To get a
+container level SAS URL right click on a container in the Azure Blob
+explorer in the Azure portal.
 
-#### --mailru-user-agent
+If you use a container level SAS URL, rclone operations are permitted
+only on a particular container, e.g.
 
-HTTP user agent used internally by client.
+    rclone ls azureblob:container
 
-Defaults to "rclone/VERSION" or "--user-agent" provided on command line.
+You can also list the single container from the root. This will only
+show the container specified by the SAS URL.
 
-Properties:
+    $ rclone lsd azureblob:
+    container/
 
-- Config:      user_agent
-- Env Var:     RCLONE_MAILRU_USER_AGENT
-- Type:        string
-- Required:    false
+Note that you can't see or access any other containers - this will
+fail
 
-#### --mailru-quirks
+    rclone ls azureblob:othercontainer
 
-Comma separated list of internal maintenance flags.
+Container level SAS URLs are useful for temporarily allowing third
+parties access to a single container or putting credentials into an
+untrusted environment such as a CI build server.
 
-This option must not be used by an ordinary user. It is intended only to
-facilitate remote troubleshooting of backend issues. Strict meaning of
-flags is not documented and not guaranteed to persist between releases.
-Quirks will be removed when the backend grows stable.
-Supported quirks: atomicmkdir binlist unknowndirs
+#### Service principal with client secret
 
-Properties:
+If these variables are set, rclone will authenticate with a service principal with a client secret.
 
-- Config:      quirks
-- Env Var:     RCLONE_MAILRU_QUIRKS
-- Type:        string
-- Required:    false
+- `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+- `client_id`: the service principal's client ID
+- `client_secret`: one of the service principal's client secrets
 
-#### --mailru-encoding
+The credentials can also be placed in a file using the
+`service_principal_file` configuration option.
 
-The encoding for the backend.
+#### Service principal with certificate
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+If these variables are set, rclone will authenticate with a service principal with certificate.
 
-Properties:
+- `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+- `client_id`: the service principal's client ID
+- `client_certificate_path`: path to a PEM or PKCS12 certificate file including the private key.
+- `client_certificate_password`: (optional) password for the certificate file.
+- `client_send_certificate_chain`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
 
-- Config:      encoding
-- Env Var:     RCLONE_MAILRU_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
+**NB** `client_certificate_password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
+#### User with username and password
 
+If these variables are set, rclone will authenticate with username and password.
 
-## Limitations
+- `tenant`: (optional) tenant to authenticate in. Defaults to "organizations".
+- `client_id`: client ID of the application the user will authenticate to
+- `username`: a username (usually an email address)
+- `password`: the user's password
 
-File size limits depend on your account. A single file size is limited by 2G
-for a free account and unlimited for paid tariffs. Please refer to the Mail.ru
-site for the total uploaded size limits.
+Microsoft doesn't recommend this kind of authentication, because it's
+less secure than other authentication flows. This method is not
+interactive, so it isn't compatible with any form of multi-factor
+authentication, and the application must already have user or admin
+consent. This credential can only authenticate work and school
+accounts; it can't authenticate Microsoft accounts.
 
-Note that Mailru is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+**NB** `password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-#  Mega
+#### Managed Service Identity Credentials {#use_msi}
 
-[Mega](https://mega.nz/) is a cloud storage and file hosting service
-known for its security feature where all files are encrypted locally
-before they are uploaded. This prevents anyone (including employees of
-Mega) from accessing the files without knowledge of the key used for
-encryption.
+If `use_msi` is set then managed service identity credentials are
+used. This authentication only works when running in an Azure service.
+`env_auth` needs to be unset to use this.
 
-This is an rclone backend for Mega which supports the file transfer
-features of Mega using the same client side encryption.
+However if you have multiple user identities to choose from these must
+be explicitly specified using exactly one of the `msi_object_id`,
+`msi_client_id`, or `msi_mi_res_id` parameters.
 
-Paths are specified as `remote:path`
+If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
+set, this is is equivalent to using `env_auth`.
 
-Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-## Configuration
+### Standard options
 
-Here is an example of how to make a remote called `remote`.  First run:
+Here are the Standard options specific to azureblob (Microsoft Azure Blob Storage).
 
-     rclone config
+#### --azureblob-account
 
-This will guide you through an interactive setup process:
+Azure Storage Account Name.
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Mega
-   \ "mega"
-[snip]
-Storage> mega
-User name
-user> you@example.com
-Password.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Remote config
---------------------
-[remote]
-type = mega
-user = you@example.com
-pass = *** ENCRYPTED ***
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+Set this to the Azure Storage Account Name in use.
 
-**NOTE:** The encryption keys need to have been already generated after a regular login
-via the browser, otherwise attempting to use the credentials in `rclone` will fail.
+Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
 
-Once configured you can then use `rclone` like this,
+If this is blank and if env_auth is set it will be read from the
+environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
 
-List directories in top level of your Mega
 
-    rclone lsd remote:
+Properties:
 
-List all the files in your Mega
+- Config:      account
+- Env Var:     RCLONE_AZUREBLOB_ACCOUNT
+- Type:        string
+- Required:    false
 
-    rclone ls remote:
+#### --azureblob-env-auth
 
-To copy a local directory to an Mega directory called backup
+Read credentials from runtime (environment variables, CLI or MSI).
 
-    rclone copy /home/source remote:backup
+See the [authentication docs](/azureblob#authentication) for full info.
 
-### Modified time and hashes
+Properties:
 
-Mega does not support modification times or hashes yet.
+- Config:      env_auth
+- Env Var:     RCLONE_AZUREBLOB_ENV_AUTH
+- Type:        bool
+- Default:     false
 
-### Restricted filename characters
+#### --azureblob-key
 
-| Character | Value | Replacement |
-| --------- |:-----:|:-----------:|
-| NUL       | 0x00  | ␀           |
-| /         | 0x2F  | ／          |
+Storage Account Shared Key.
 
-Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
-as they can't be used in JSON strings.
+Leave blank to use SAS URL or Emulator.
 
-### Duplicated files
+Properties:
 
-Mega can have two files with exactly the same name and path (unlike a
-normal file system).
+- Config:      key
+- Env Var:     RCLONE_AZUREBLOB_KEY
+- Type:        string
+- Required:    false
 
-Duplicated files cause problems with the syncing and you will see
-messages in the log about duplicates.
+#### --azureblob-sas-url
 
-Use `rclone dedupe` to fix duplicated files.
+SAS URL for container level access only.
 
-### Failure to log-in
+Leave blank if using account/key or Emulator.
 
-#### Object not found
+Properties:
 
-If you are connecting to your Mega remote for the first time, 
-to test access and synchronization, you may receive an error such as 
+- Config:      sas_url
+- Env Var:     RCLONE_AZUREBLOB_SAS_URL
+- Type:        string
+- Required:    false
 
-```
-Failed to create file system for "my-mega-remote:": 
-couldn't login: Object (typically, node or user) not found
-```
+#### --azureblob-tenant
 
-The diagnostic steps often recommended in the [rclone forum](https://forum.rclone.org/search?q=mega)
-start with the **MEGAcmd** utility. Note that this refers to 
-the official C++ command from https://github.com/meganz/MEGAcmd 
-and not the go language built command from t3rm1n4l/megacmd 
-that is no longer maintained. 
+ID of the service principal's tenant. Also called its directory ID.
 
-Follow the instructions for installing MEGAcmd and try accessing 
-your remote as they recommend. You can establish whether or not 
-you can log in using MEGAcmd, and obtain diagnostic information 
-to help you, and search or work with others in the forum. 
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
 
-```
-MEGA CMD> login me@example.com
-Password:
-Fetching nodes ...
-Loading transfers from local cache
-Login complete as me@example.com
-me@example.com:/$ 
-```
 
-Note that some have found issues with passwords containing special 
-characters. If you can not log on with rclone, but MEGAcmd logs on 
-just fine, then consider changing your password temporarily to 
-pure alphanumeric characters, in case that helps.
+Properties:
 
+- Config:      tenant
+- Env Var:     RCLONE_AZUREBLOB_TENANT
+- Type:        string
+- Required:    false
 
-#### Repeated commands blocks access
+#### --azureblob-client-id
 
-Mega remotes seem to get blocked (reject logins) under "heavy use".
-We haven't worked out the exact blocking rules but it seems to be
-related to fast paced, successive rclone commands.
+The ID of the client in use.
 
-For example, executing this command 90 times in a row `rclone link
-remote:file` will cause the remote to become "blocked". This is not an
-abnormal situation, for example if you wish to get the public links of
-a directory with hundred of files...  After more or less a week, the
-remote will remote accept rclone logins normally again.
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
 
-You can mitigate this issue by mounting the remote it with `rclone
-mount`. This will log-in when mounting and a log-out when unmounting
-only. You can also run `rclone rcd` and then use `rclone rc` to run
-the commands over the API to avoid logging in each time.
 
-Rclone does not currently close mega sessions (you can see them in the
-web interface), however closing the sessions does not solve the issue.
+Properties:
 
-If you space rclone commands by 3 seconds it will avoid blocking the
-remote. We haven't identified the exact blocking rules, so perhaps one
-could execute the command 80 times without waiting and avoid blocking
-by waiting 3 seconds, then continuing...
+- Config:      client_id
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_ID
+- Type:        string
+- Required:    false
 
-Note that this has been observed by trial and error and might not be
-set in stone.
+#### --azureblob-client-secret
 
-Other tools seem not to produce this blocking effect, as they use a
-different working approach (state-based, using sessionIDs instead of
-log-in) which isn't compatible with the current stateless rclone
-approach.
+One of the service principal's client secrets
 
-Note that once blocked, the use of other tools (such as megacmd) is
-not a sure workaround: following megacmd login times have been
-observed in succession for blocked remote: 7 minutes, 20 min, 30min, 30
-min, 30min. Web access looks unaffected though.
+Set this if using
+- Service principal with client secret
 
-Investigation is continuing in relation to workarounds based on
-timeouts, pacers, retrials and tpslimits - if you discover something
-relevant, please post on the forum.
 
-So, if rclone was working nicely and suddenly you are unable to log-in
-and you are sure the user and the password are correct, likely you
-have got the remote blocked for a while.
+Properties:
 
+- Config:      client_secret
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_SECRET
+- Type:        string
+- Required:    false
 
-### Standard options
+#### --azureblob-client-certificate-path
 
-Here are the Standard options specific to mega (Mega).
+Path to a PEM or PKCS12 certificate file including the private key.
 
-#### --mega-user
+Set this if using
+- Service principal with certificate
 
-User name.
 
 Properties:
 
-- Config:      user
-- Env Var:     RCLONE_MEGA_USER
+- Config:      client_certificate_path
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH
 - Type:        string
-- Required:    true
+- Required:    false
 
-#### --mega-pass
+#### --azureblob-client-certificate-password
+
+Password for the certificate file (optional).
+
+Optionally set this if using
+- Service principal with certificate
+
+And the certificate has a password.
 
-Password.
 
 **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
 Properties:
 
-- Config:      pass
-- Env Var:     RCLONE_MEGA_PASS
+- Config:      client_certificate_password
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD
 - Type:        string
-- Required:    true
+- Required:    false
 
 ### Advanced options
 
-Here are the Advanced options specific to mega (Mega).
+Here are the Advanced options specific to azureblob (Microsoft Azure Blob Storage).
 
-#### --mega-debug
+#### --azureblob-client-send-certificate-chain
 
-Output more debug from Mega.
+Send the certificate chain when using certificate auth.
+
+Specifies whether an authentication request will include an x5c header
+to support subject name / issuer based authentication. When set to
+true, authentication requests include the x5c header.
+
+Optionally set this if using
+- Service principal with certificate
 
-If this flag is set (along with -vv) it will print further debugging
-information from the mega backend.
 
 Properties:
 
-- Config:      debug
-- Env Var:     RCLONE_MEGA_DEBUG
+- Config:      client_send_certificate_chain
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN
 - Type:        bool
 - Default:     false
 
-#### --mega-hard-delete
+#### --azureblob-username
 
-Delete files permanently rather than putting them into the trash.
+User name (usually an email address)
+
+Set this if using
+- User with username and password
 
-Normally the mega backend will put all deletions into the trash rather
-than permanently deleting them.  If you specify this then rclone will
-permanently delete objects instead.
 
 Properties:
 
-- Config:      hard_delete
-- Env Var:     RCLONE_MEGA_HARD_DELETE
-- Type:        bool
-- Default:     false
+- Config:      username
+- Env Var:     RCLONE_AZUREBLOB_USERNAME
+- Type:        string
+- Required:    false
 
-#### --mega-use-https
+#### --azureblob-password
 
-Use HTTPS for transfers.
+The user's password
+
+Set this if using
+- User with username and password
 
-MEGA uses plain text HTTP connections by default.
-Some ISPs throttle HTTP connections, this causes transfers to become very slow.
-Enabling this will force MEGA to use HTTPS for all transfers.
-HTTPS is normally not necesary since all data is already encrypted anyway.
-Enabling it will increase CPU usage and add network overhead.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
 Properties:
 
-- Config:      use_https
-- Env Var:     RCLONE_MEGA_USE_HTTPS
-- Type:        bool
-- Default:     false
+- Config:      password
+- Env Var:     RCLONE_AZUREBLOB_PASSWORD
+- Type:        string
+- Required:    false
 
-#### --mega-encoding
+#### --azureblob-service-principal-file
 
-The encoding for the backend.
+Path to file containing credentials for use with a service principal.
 
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
 
-Properties:
+    $ az ad sp create-for-rbac --name "<name>" \
+      --role "Storage Blob Data Owner" \
+      --scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
+      > azure-principal.json
 
-- Config:      encoding
-- Env Var:     RCLONE_MEGA_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,InvalidUtf8,Dot
+See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to blob data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
 
+It may be more convenient to put the credentials directly into the
+rclone config file under the `client_id`, `tenant` and `client_secret`
+keys instead of setting `service_principal_file`.
 
 
-## Limitations
+Properties:
 
-This backend uses the [go-mega go library](https://github.com/t3rm1n4l/go-mega) which is an opensource
-go library implementing the Mega API. There doesn't appear to be any
-documentation for the mega protocol beyond the [mega C++ SDK](https://github.com/meganz/sdk) source code
-so there are likely quite a few errors still remaining in this library.
+- Config:      service_principal_file
+- Env Var:     RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE
+- Type:        string
+- Required:    false
 
-Mega allows duplicate files which may confuse rclone.
+#### --azureblob-use-msi
 
-#  Memory
+Use a managed service identity to authenticate (only works in Azure).
 
-The memory backend is an in RAM backend. It does not persist its
-data - use the local backend for that.
+When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+to authenticate to Azure Storage instead of a SAS token or account key.
 
-The memory backend behaves like a bucket-based remote (e.g. like
-s3). Because it has no parameters you can just use it with the
-`:memory:` remote name.
+If the VM(SS) on which this program is running has a system-assigned identity, it will
+be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+the user-assigned identity will be used by default. If the resource has multiple user-assigned
+identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+msi_client_id, or msi_mi_res_id parameters.
 
-## Configuration
+Properties:
 
-You can configure it as a remote like this with `rclone config` too if
-you want to:
+- Config:      use_msi
+- Env Var:     RCLONE_AZUREBLOB_USE_MSI
+- Type:        bool
+- Default:     false
 
-```
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-[snip]
-XX / Memory
-   \ "memory"
-[snip]
-Storage> memory
-** See help for memory backend at: https://rclone.org/memory/ **
+#### --azureblob-msi-object-id
 
-Remote config
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_object_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_OBJECT_ID
+- Type:        string
+- Required:    false
 
---------------------
-[remote]
-type = memory
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+#### --azureblob-msi-client-id
 
-Because the memory backend isn't persistent it is most useful for
-testing or with an rclone server or rclone mount, e.g.
+Object ID of the user-assigned MSI to use, if any.
 
-    rclone mount :memory: /mnt/tmp
-    rclone serve webdav :memory:
-    rclone serve sftp :memory:
+Leave blank if msi_object_id or msi_mi_res_id specified.
 
-### Modified time and hashes
+Properties:
 
-The memory backend supports MD5 hashes and modification times accurate to 1 nS.
+- Config:      msi_client_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_CLIENT_ID
+- Type:        string
+- Required:    false
 
-### Restricted filename characters
+#### --azureblob-msi-mi-res-id
 
-The memory backend replaces the [default restricted characters
-set](https://rclone.org/overview/#restricted-characters).
+Azure resource ID of the user-assigned MSI to use, if any.
 
+Leave blank if msi_client_id or msi_object_id specified.
 
+Properties:
 
+- Config:      msi_mi_res_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_MI_RES_ID
+- Type:        string
+- Required:    false
 
-#  Akamai NetStorage
+#### --azureblob-use-emulator
 
-Paths are specified as `remote:`
-You may put subdirectories in too, e.g. `remote:/path/to/dir`.
-If you have a CP code you can use that as the folder after the domain such as \<domain>\/\<cpcode>\/\<internal directories within cpcode>.
+Uses local storage emulator if provided as 'true'.
 
-For example, this is commonly configured with or without a CP code:
-* **With a CP code**. `[your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/`
-* **Without a CP code**. `[your-domain-prefix]-nsu.akamaihd.net`
+Leave blank if using real azure storage endpoint.
 
+Properties:
 
-See all buckets
-   rclone lsd remote:
-The initial setup for Netstorage involves getting an account and secret. Use `rclone config` to walk you through the setup process.
+- Config:      use_emulator
+- Env Var:     RCLONE_AZUREBLOB_USE_EMULATOR
+- Type:        bool
+- Default:     false
 
-## Configuration
+#### --azureblob-endpoint
 
-Here's an example of how to make a remote called `ns1`.
+Endpoint for the service.
 
-1. To begin the interactive configuration process, enter this command:
+Leave blank normally.
 
-```
-rclone config
-```
+Properties:
 
-2. Type `n` to create a new remote.
+- Config:      endpoint
+- Env Var:     RCLONE_AZUREBLOB_ENDPOINT
+- Type:        string
+- Required:    false
 
-```
-n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q> n
-```
+#### --azureblob-upload-cutoff
 
-3. For this example, enter `ns1` when you reach the name> prompt.
+Cutoff for switching to chunked upload (<= 256 MiB) (deprecated).
 
-```
-name> ns1
-```
+Properties:
 
-4. Enter `netstorage` as the type of storage to configure.
+- Config:      upload_cutoff
+- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CUTOFF
+- Type:        string
+- Required:    false
 
-```
-Type of storage to configure.
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
-XX / NetStorage
-   \ "netstorage"
-Storage> netstorage
-```
+#### --azureblob-chunk-size
 
-5. Select between the HTTP or HTTPS protocol. Most users should choose HTTPS, which is the default. HTTP is provided primarily for debugging purposes.
+Upload chunk size.
 
+Note that this is stored in memory and there may be up to
+"--transfers" * "--azureblob-upload-concurrency" chunks stored at once
+in memory.
 
-```
-Enter a string value. Press Enter for the default ("").
-Choose a number from below, or type in your own value
- 1 / HTTP protocol
-   \ "http"
- 2 / HTTPS protocol
-   \ "https"
-protocol> 1
-```
+Properties:
 
-6. Specify your NetStorage host, CP code, and any necessary content paths using this format: `<domain>/<cpcode>/<content>/`
+- Config:      chunk_size
+- Env Var:     RCLONE_AZUREBLOB_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
 
-```
-Enter a string value. Press Enter for the default ("").
-host> baseball-nsu.akamaihd.net/123456/content/
-```
+#### --azureblob-upload-concurrency
 
-7. Set the netstorage account name
-```
-Enter a string value. Press Enter for the default ("").
-account> username
-```
+Concurrency for multipart uploads.
 
-8. Set the Netstorage account secret/G2O key which will be used for authentication purposes. Select the `y` option to set your own password then enter your secret.
-Note: The secret is stored in the `rclone.conf` file with hex-encoded encryption.
+This is the number of chunks of the same file that are uploaded
+concurrently.
 
-```
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-```
+If you are uploading small numbers of large files over high-speed
+links and these uploads do not fully utilize your bandwidth, then
+increasing this may help to speed up the transfers.
 
-9. View the summary and confirm your remote configuration.
+In tests, upload speed increases almost linearly with upload
+concurrency. For example to fill a gigabit pipe it may be necessary to
+raise this to 64. Note that this will use more memory.
 
-```
-[ns1]
-type = netstorage
-protocol = http
-host = baseball-nsu.akamaihd.net/123456/content/
-account = username
-secret = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-```
+Note that chunks are stored in memory and there may be up to
+"--transfers" * "--azureblob-upload-concurrency" chunks stored at once
+in memory.
 
-This remote is called `ns1` and can now be used.
+Properties:
 
-## Example operations
+- Config:      upload_concurrency
+- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     16
 
-Get started with rclone and NetStorage with these examples. For additional rclone commands, visit https://rclone.org/commands/.
+#### --azureblob-list-chunk
 
-### See contents of a directory in your project
+Size of blob list.
 
-    rclone lsd ns1:/974012/testing/
+This sets the number of blobs requested in each listing chunk. Default
+is the maximum, 5000. "List blobs" requests are permitted 2 minutes
+per megabyte to complete. If an operation is taking longer than 2
+minutes per megabyte on average, it will time out (
+[source](https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval)
+). This can be used to limit the number of blobs items to return, to
+avoid the time out.
 
-### Sync the contents local with remote
+Properties:
 
-    rclone sync . ns1:/974012/testing/
+- Config:      list_chunk
+- Env Var:     RCLONE_AZUREBLOB_LIST_CHUNK
+- Type:        int
+- Default:     5000
 
-### Upload local content to remote
-    rclone copy notes.txt ns1:/974012/testing/
+#### --azureblob-access-tier
 
-### Delete content on remote
-    rclone delete ns1:/974012/testing/notes.txt
+Access tier of blob: hot, cool, cold or archive.
 
-### Move or copy content between CP codes.
+Archived blobs can be restored by setting access tier to hot, cool or
+cold. Leave blank if you intend to use default access tier, which is
+set at account level
 
-Your credentials must have access to two CP codes on the same remote. You can't perform operations between different remotes.
+If there is no "access tier" specified, rclone doesn't apply any tier.
+rclone performs "Set Tier" operation on blobs while uploading, if objects
+are not modified, specifying "access tier" to new one will have no effect.
+If blobs are in "archive tier" at remote, trying to perform data transfer
+operations from remote will not be allowed. User should first restore by
+tiering blob to "Hot", "Cool" or "Cold".
 
-    rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/
+Properties:
 
-## Features
+- Config:      access_tier
+- Env Var:     RCLONE_AZUREBLOB_ACCESS_TIER
+- Type:        string
+- Required:    false
 
-### Symlink Support
+#### --azureblob-archive-tier-delete
 
-The Netstorage backend changes the rclone `--links, -l` behavior. When uploading, instead of creating the .rclonelink file, use the "symlink" API in order to create the corresponding symlink on the remote. The .rclonelink file will not be created, the upload will be intercepted and only the symlink file that matches the source file name with no suffix will be created on the remote.
+Delete archive tier blobs before overwriting.
 
-This will effectively allow commands like copy/copyto, move/moveto and sync to upload from local to remote and download from remote to local directories with symlinks. Due to internal rclone limitations, it is not possible to upload an individual symlink file to any remote backend. You can always use the "backend symlink" command to create a symlink on the NetStorage server, refer to "symlink" section below.
+Archive tier blobs cannot be updated. So without this flag, if you
+attempt to update an archive tier blob, then rclone will produce the
+error:
 
-Individual symlink files on the remote can be used with the commands like "cat" to print the destination name, or "delete" to delete symlink, or copy, copy/to and move/moveto to download from the remote to local. Note: individual symlink files on the remote should be specified including the suffix .rclonelink.
+    can't update archive tier blob without --azureblob-archive-tier-delete
 
-**Note**: No file with the suffix .rclonelink should ever exist on the server since it is not possible to actually upload/create a file with .rclonelink suffix with rclone, it can only exist if it is manually created through a non-rclone method on the remote.
+With this flag set then before rclone attempts to overwrite an archive
+tier blob, it will delete the existing blob before uploading its
+replacement.  This has the potential for data loss if the upload fails
+(unlike updating a normal blob) and also may cost more since deleting
+archive tier blobs early may be chargable.
 
-### Implicit vs. Explicit Directories
 
-With NetStorage, directories can exist in one of two forms:
+Properties:
 
-1. **Explicit Directory**. This is an actual, physical directory that you have created in a storage group.
-2. **Implicit Directory**. This refers to a directory within a path that has not been physically created. For example, during upload of a file, nonexistent subdirectories can be specified in the target path. NetStorage creates these as "implicit." While the directories aren't physically created, they exist implicitly and the noted path is connected with the uploaded file.
+- Config:      archive_tier_delete
+- Env Var:     RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE
+- Type:        bool
+- Default:     false
 
-Rclone will intercept all file uploads and mkdir commands for the NetStorage remote and will explicitly issue the mkdir command for each directory in the uploading path. This will help with the interoperability with the other Akamai services such as SFTP and the Content Management Shell (CMShell). Rclone will not guarantee correctness of operations with implicit directories which might have been created as a result of using an upload API directly.
+#### --azureblob-disable-checksum
 
-### `--fast-list` / ListR support
+Don't store MD5 checksum with object metadata.
 
-NetStorage remote supports the ListR feature by using the "list" NetStorage API action to return a lexicographical list of all objects within the specified CP code, recursing into subdirectories as they're encountered.
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
 
-* **Rclone will use the ListR method for some commands by default**. Commands such as `lsf -R` will use ListR by default. To disable this, include the `--disable listR` option to use the non-recursive method of listing objects.
+Properties:
 
-* **Rclone will not use the ListR method for some commands**. Commands such as `sync` don't use ListR by default. To force using the ListR method, include the  `--fast-list` option.
+- Config:      disable_checksum
+- Env Var:     RCLONE_AZUREBLOB_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
 
-There are pros and cons of using the ListR method, refer to [rclone documentation](https://rclone.org/docs/#fast-list). In general, the sync command over an existing deep tree on the remote will run faster with the "--fast-list" flag but with extra memory usage as a side effect. It might also result in higher CPU utilization but the whole task can be completed faster.
+#### --azureblob-memory-pool-flush-time
 
-**Note**: There is a known limitation that "lsf -R" will display number of files in the directory and directory size as -1 when ListR method is used. The workaround is to pass "--disable listR" flag if these numbers are important in the output.
+How often internal memory buffer pools will be flushed. (no longer used)
 
-### Purge
+Properties:
 
-NetStorage remote supports the purge feature by using the "quick-delete" NetStorage API action. The quick-delete action is disabled by default for security reasons and can be enabled for the account through the Akamai portal. Rclone will first try to use quick-delete action for the purge command and if this functionality is disabled then will fall back to a standard delete method.
+- Config:      memory_pool_flush_time
+- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME
+- Type:        Duration
+- Default:     1m0s
 
-**Note**: Read the [NetStorage Usage API](https://learn.akamai.com/en-us/webhelp/netstorage/netstorage-http-api-developer-guide/GUID-15836617-9F50-405A-833C-EA2556756A30.html) for considerations when using "quick-delete". In general, using quick-delete method will not delete the tree immediately and objects targeted for quick-delete may still be accessible.
+#### --azureblob-memory-pool-use-mmap
 
+Whether to use mmap buffers in internal memory pool. (no longer used)
 
-### Standard options
+Properties:
 
-Here are the Standard options specific to netstorage (Akamai NetStorage).
+- Config:      memory_pool_use_mmap
+- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP
+- Type:        bool
+- Default:     false
 
-#### --netstorage-host
+#### --azureblob-encoding
 
-Domain+path of NetStorage host to connect to.
+The encoding for the backend.
 
-Format should be `<domain>/<internal folders>`
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
 Properties:
 
-- Config:      host
-- Env Var:     RCLONE_NETSTORAGE_HOST
-- Type:        string
-- Required:    true
+- Config:      encoding
+- Env Var:     RCLONE_AZUREBLOB_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
 
-#### --netstorage-account
+#### --azureblob-public-access
 
-Set the NetStorage account name
+Public access level of a container: blob or container.
 
 Properties:
 
-- Config:      account
-- Env Var:     RCLONE_NETSTORAGE_ACCOUNT
+- Config:      public_access
+- Env Var:     RCLONE_AZUREBLOB_PUBLIC_ACCESS
 - Type:        string
-- Required:    true
+- Required:    false
+- Examples:
+    - ""
+        - The container and its blobs can be accessed only with an authorized request.
+        - It's a default value.
+    - "blob"
+        - Blob data within this container can be read via anonymous request.
+    - "container"
+        - Allow full public read access for container and blob data.
 
-#### --netstorage-secret
+#### --azureblob-directory-markers
 
-Set the NetStorage account secret/G2O key for authentication.
+Upload an empty object with a trailing slash when a new directory is created
 
-Please choose the 'y' option to set your own password then enter your secret.
+Empty folders are unsupported for bucket based remotes, this option
+creates an empty object ending with "/", to persist the folder.
 
-**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+This object also has the metadata "hdi_isfolder = true" to conform to
+the Microsoft standard.
+ 
 
 Properties:
 
-- Config:      secret
-- Env Var:     RCLONE_NETSTORAGE_SECRET
-- Type:        string
-- Required:    true
-
-### Advanced options
+- Config:      directory_markers
+- Env Var:     RCLONE_AZUREBLOB_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
 
-Here are the Advanced options specific to netstorage (Akamai NetStorage).
+#### --azureblob-no-check-container
 
-#### --netstorage-protocol
+If set, don't attempt to check the container exists or create it.
 
-Select between HTTP or HTTPS protocol.
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the container exists already.
 
-Most users should choose HTTPS, which is the default.
-HTTP is provided primarily for debugging purposes.
 
 Properties:
 
-- Config:      protocol
-- Env Var:     RCLONE_NETSTORAGE_PROTOCOL
-- Type:        string
-- Default:     "https"
-- Examples:
-    - "http"
-        - HTTP protocol
-    - "https"
-        - HTTPS protocol
+- Config:      no_check_container
+- Env Var:     RCLONE_AZUREBLOB_NO_CHECK_CONTAINER
+- Type:        bool
+- Default:     false
 
-## Backend commands
+#### --azureblob-no-head-object
 
-Here are the commands specific to the netstorage backend.
+If set, do not do HEAD before GET when getting objects.
 
-Run them with
+Properties:
 
-    rclone backend COMMAND remote:
+- Config:      no_head_object
+- Env Var:     RCLONE_AZUREBLOB_NO_HEAD_OBJECT
+- Type:        bool
+- Default:     false
 
-The help below will explain what arguments each command takes.
 
-See the [backend](https://rclone.org/commands/rclone_backend/) command for more
-info on how to pass options and arguments.
 
-These can be run on a running backend using the rc command
-[backend/command](https://rclone.org/rc/#backend-command).
+### Custom upload headers
 
-### du
+You can set custom upload headers with the `--header-upload` flag. 
 
-Return disk usage information for a specified directory
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
 
-    rclone backend du remote: [options] [<arguments>+]
+Eg `--header-upload "Content-Type: text/potato"`
 
-The usage information returned, includes the targeted directory as well as all
-files stored in any sub-directories that may exist.
+## Limitations
 
-### symlink
+MD5 sums are only uploaded with chunked files if the source has an MD5
+sum.  This will always be the case for a local to azure copy.
 
-You can create a symbolic link in ObjectStore with the symlink action.
+`rclone about` is not supported by the Microsoft Azure Blob storage backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy `mfs` (most free space) as a member of an rclone union
+remote.
 
-    rclone backend symlink remote: [options] [<arguments>+]
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-The desired path location (including applicable sub-directories) ending in
-the object that will be the target of the symlink (for example, /links/mylink).
-Include the file extension for the object, if applicable.
-`rclone backend symlink <src> <path>`
+## Azure Storage Emulator Support
 
+You can run rclone with the storage emulator (usually _azurite_).
+
+To do this, just set up a new remote with `rclone config` following
+the instructions in the introduction and set `use_emulator` in the
+advanced settings as `true`. You do not need to provide a default
+account name nor an account key. But you can override them in the
+`account` and `key` options. (Prior to v1.61 they were hard coded to
+_azurite_'s `devstoreaccount1`.)
 
+Also, if you want to access a storage emulator instance running on a
+different machine, you can override the `endpoint` parameter in the
+advanced settings, setting it to
+`http(s)://<host>:<port>/devstoreaccount1`
+(e.g. `http://10.254.2.5:10000/devstoreaccount1`).
 
-#  Microsoft Azure Blob Storage
+#  Microsoft Azure Files Storage
 
-Paths are specified as `remote:container` (or `remote:` for the `lsd`
-command.)  You may put subdirectories in too, e.g.
-`remote:container/path/to/dir`.
+Paths are specified as `remote:` You may put subdirectories in too,
+e.g. `remote:path/to/dir`.
 
 ## Configuration
 
-Here is an example of making a Microsoft Azure Blob Storage
+Here is an example of making a Microsoft Azure Files Storage
 configuration.  For a remote called `remote`.  First run:
 
      rclone config
@@ -34027,69 +39471,90 @@ name> remote
 Type of storage to configure.
 Choose a number from below, or type in your own value
 [snip]
-XX / Microsoft Azure Blob Storage
-   \ "azureblob"
+XX / Microsoft Azure Files Storage
+   \ "azurefiles"
 [snip]
-Storage> azureblob
-Storage Account Name
+
+Option account.
+Azure Storage Account Name.
+Set this to the Azure Storage Account Name in use.
+Leave blank to use SAS URL or connection string, otherwise it needs to be set.
+If this is blank and if env_auth is set it will be read from the
+environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
+Enter a value. Press Enter to leave empty.
 account> account_name
-Storage Account Key
+
+Option share_name.
+Azure Files Share Name.
+This is required and is the name of the share to access.
+Enter a value. Press Enter to leave empty.
+share_name> share_name
+
+Option env_auth.
+Read credentials from runtime (environment variables, CLI or MSI).
+See the [authentication docs](/azurefiles#authentication) for full info.
+Enter a boolean value (true or false). Press Enter for the default (false).
+env_auth> 
+
+Option key.
+Storage Account Shared Key.
+Leave blank to use SAS URL or connection string.
+Enter a value. Press Enter to leave empty.
 key> base64encodedkey==
-Endpoint for the service - leave blank normally.
-endpoint> 
-Remote config
---------------------
-[remote]
-account = account_name
-key = base64encodedkey==
-endpoint = 
---------------------
-y) Yes this is OK
+
+Option sas_url.
+SAS URL.
+Leave blank if using account/key or connection string.
+Enter a value. Press Enter to leave empty.
+sas_url> 
+
+Option connection_string.
+Azure Files Connection String.
+Enter a value. Press Enter to leave empty.
+connection_string> 
+[snip]
+
+Configuration complete.
+Options:
+- type: azurefiles
+- account: account_name
+- share_name: share_name
+- key: base64encodedkey==
+Keep this "remote" remote?
+y) Yes this is OK (default)
 e) Edit this remote
 d) Delete this remote
-y/e/d> y
+y/e/d> 
 ```
 
-See all containers
-
-    rclone lsd remote:
+Once configured you can use rclone.
 
-Make a new container
+See all files in the top level:
 
-    rclone mkdir remote:container
+    rclone lsf remote:
 
-List the contents of a container
+Make a new directory in the root:
 
-    rclone ls remote:container
+    rclone mkdir remote:dir
 
-Sync `/home/local/directory` to the remote container, deleting any excess
-files in the container.
+Recursively List the contents:
 
-    rclone sync --interactive /home/local/directory remote:container
+    rclone ls remote:
 
-### --fast-list
+Sync `/home/local/directory` to the remote directory, deleting any
+excess files in the directory.
 
-This remote supports `--fast-list` which allows you to use fewer
-transactions in exchange for more memory. See the [rclone
-docs](https://rclone.org/docs/#fast-list) for more details.
+    rclone sync --interactive /home/local/directory remote:dir
 
 ### Modified time
 
-The modified time is stored as metadata on the object with the `mtime`
-key.  It is stored using RFC3339 Format time with nanosecond
-precision.  The metadata is supplied during directory listings so
-there is no performance overhead to using it.
-
-If you wish to use the Azure standard `LastModified` time stored on
-the object as the modified time, then use the `--use-server-modtime`
-flag. Note that rclone can't set `LastModified`, so using the
-`--update` flag when syncing is recommended if using
-`--use-server-modtime`.
+The modified time is stored as Azure standard `LastModified` time on
+files
 
 ### Performance
 
 When uploading large files, increasing the value of
-`--azureblob-upload-concurrency` will increase performance at the cost
+`--azurefiles-upload-concurrency` will increase performance at the cost
 of using more memory. The default of 16 is set quite conservatively to
 use less memory. It maybe be necessary raise it to 64 or higher to
 fully utilize a 1 GBit/s link with a single file transfer.
@@ -34101,8 +39566,14 @@ the following characters are also replaced:
 
 | Character | Value | Replacement |
 | --------- |:-----:|:-----------:|
-| /         | 0x2F  | ／           |
-| \         | 0x5C  | ＼           |
+| "         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| <         | 0x3C  | ＜          |
+| >         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \         | 0x5C  | ＼          |
+| \|        | 0x7C  | ｜          |
 
 File names can also not end with the following characters.
 These only get replaced if they are the last character in the name:
@@ -34116,13 +39587,12 @@ as they can't be used in JSON strings.
 
 ### Hashes
 
-MD5 hashes are stored with blobs.  However blobs that were uploaded in
-chunks only have an MD5 if the source remote was capable of MD5
-hashes, e.g. the local disk.
+MD5 hashes are stored with files. Not all files will have MD5 hashes
+as these have to be uploaded with the file.
 
 ### Authentication {#authentication}
 
-There are a number of ways of supplying credentials for Azure Blob
+There are a number of ways of supplying credentials for Azure Files
 Storage. Rclone tries them in the order of the sections below.
 
 #### Env Auth
@@ -34160,6 +39630,12 @@ It reads configuration from these variables, in the following order:
     - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
     - `AZURE_USERNAME`: a username (usually an email address)
     - `AZURE_PASSWORD`: the user's password
+4. Workload Identity
+    - `AZURE_TENANT_ID`: Tenant to authenticate in.
+    - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+    - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+    - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
 
 ##### Env Auth: 2. Managed Service Identity Credentials
 
@@ -34183,15 +39659,11 @@ For example if you were to login with a service principal like this:
 
 Then you could access rclone resources like this:
 
-    rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER
+    rclone lsf :azurefiles,env_auth,account=ACCOUNT:
 
 Or
 
-    rclone lsf --azureblob-env-auth --azureblob-acccount=ACCOUNT :azureblob:CONTAINER
-
-Which is analogous to using the `az` tool:
-
-    az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login
+    rclone lsf --azurefiles-env-auth --azurefiles-account=ACCOUNT :azurefiles:
 
 #### Account and Shared Key
 
@@ -34200,34 +39672,11 @@ in the `account` and `key` lines and leave the rest blank.
 
 #### SAS URL
 
-This can be an account level SAS URL or container level SAS URL.
-
-To use it leave `account` and `key` blank and fill in `sas_url`.
-
-An account level SAS URL or container level SAS URL can be obtained
-from the Azure portal or the Azure Storage Explorer.  To get a
-container level SAS URL right click on a container in the Azure Blob
-explorer in the Azure portal.
-
-If you use a container level SAS URL, rclone operations are permitted
-only on a particular container, e.g.
-
-    rclone ls azureblob:container
-
-You can also list the single container from the root. This will only
-show the container specified by the SAS URL.
-
-    $ rclone lsd azureblob:
-    container/
-
-Note that you can't see or access any other containers - this will
-fail
+To use it leave `account`, `key` and `connection_string` blank and fill in `sas_url`.
 
-    rclone ls azureblob:othercontainer
+#### Connection String
 
-Container level SAS URLs are useful for temporarily allowing third
-parties access to a single container or putting credentials into an
-untrusted environment such as a CI build server.
+To use it leave `account`, `key` and "sas_url" blank and fill in `connection_string`.
 
 #### Service principal with client secret
 
@@ -34286,15 +39735,15 @@ set, this is is equivalent to using `env_auth`.
 
 ### Standard options
 
-Here are the Standard options specific to azureblob (Microsoft Azure Blob Storage).
+Here are the Standard options specific to azurefiles (Microsoft Azure Files).
 
-#### --azureblob-account
+#### --azurefiles-account
 
 Azure Storage Account Name.
 
 Set this to the Azure Storage Account Name in use.
 
-Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
+Leave blank to use SAS URL or connection string, otherwise it needs to be set.
 
 If this is blank and if env_auth is set it will be read from the
 environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
@@ -34303,50 +39752,75 @@ environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
 Properties:
 
 - Config:      account
-- Env Var:     RCLONE_AZUREBLOB_ACCOUNT
+- Env Var:     RCLONE_AZUREFILES_ACCOUNT
 - Type:        string
 - Required:    false
 
-#### --azureblob-env-auth
+#### --azurefiles-share-name
+
+Azure Files Share Name.
+
+This is required and is the name of the share to access.
+
+
+Properties:
+
+- Config:      share_name
+- Env Var:     RCLONE_AZUREFILES_SHARE_NAME
+- Type:        string
+- Required:    false
+
+#### --azurefiles-env-auth
 
 Read credentials from runtime (environment variables, CLI or MSI).
 
-See the [authentication docs](/azureblob#authentication) for full info.
+See the [authentication docs](/azurefiles#authentication) for full info.
 
 Properties:
 
 - Config:      env_auth
-- Env Var:     RCLONE_AZUREBLOB_ENV_AUTH
+- Env Var:     RCLONE_AZUREFILES_ENV_AUTH
 - Type:        bool
 - Default:     false
 
-#### --azureblob-key
+#### --azurefiles-key
 
 Storage Account Shared Key.
 
-Leave blank to use SAS URL or Emulator.
+Leave blank to use SAS URL or connection string.
 
 Properties:
 
 - Config:      key
-- Env Var:     RCLONE_AZUREBLOB_KEY
+- Env Var:     RCLONE_AZUREFILES_KEY
 - Type:        string
 - Required:    false
 
-#### --azureblob-sas-url
+#### --azurefiles-sas-url
 
-SAS URL for container level access only.
+SAS URL.
 
-Leave blank if using account/key or Emulator.
+Leave blank if using account/key or connection string.
 
 Properties:
 
 - Config:      sas_url
-- Env Var:     RCLONE_AZUREBLOB_SAS_URL
+- Env Var:     RCLONE_AZUREFILES_SAS_URL
 - Type:        string
 - Required:    false
 
-#### --azureblob-tenant
+#### --azurefiles-connection-string
+
+Azure Files Connection String.
+
+Properties:
+
+- Config:      connection_string
+- Env Var:     RCLONE_AZUREFILES_CONNECTION_STRING
+- Type:        string
+- Required:    false
+
+#### --azurefiles-tenant
 
 ID of the service principal's tenant. Also called its directory ID.
 
@@ -34359,11 +39833,11 @@ Set this if using
 Properties:
 
 - Config:      tenant
-- Env Var:     RCLONE_AZUREBLOB_TENANT
+- Env Var:     RCLONE_AZUREFILES_TENANT
 - Type:        string
 - Required:    false
 
-#### --azureblob-client-id
+#### --azurefiles-client-id
 
 The ID of the client in use.
 
@@ -34376,11 +39850,11 @@ Set this if using
 Properties:
 
 - Config:      client_id
-- Env Var:     RCLONE_AZUREBLOB_CLIENT_ID
+- Env Var:     RCLONE_AZUREFILES_CLIENT_ID
 - Type:        string
 - Required:    false
 
-#### --azureblob-client-secret
+#### --azurefiles-client-secret
 
 One of the service principal's client secrets
 
@@ -34391,11 +39865,11 @@ Set this if using
 Properties:
 
 - Config:      client_secret
-- Env Var:     RCLONE_AZUREBLOB_CLIENT_SECRET
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SECRET
 - Type:        string
 - Required:    false
 
-#### --azureblob-client-certificate-path
+#### --azurefiles-client-certificate-path
 
 Path to a PEM or PKCS12 certificate file including the private key.
 
@@ -34406,11 +39880,11 @@ Set this if using
 Properties:
 
 - Config:      client_certificate_path
-- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PATH
 - Type:        string
 - Required:    false
 
-#### --azureblob-client-certificate-password
+#### --azurefiles-client-certificate-password
 
 Password for the certificate file (optional).
 
@@ -34425,15 +39899,15 @@ And the certificate has a password.
 Properties:
 
 - Config:      client_certificate_password
-- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PASSWORD
 - Type:        string
 - Required:    false
 
 ### Advanced options
 
-Here are the Advanced options specific to azureblob (Microsoft Azure Blob Storage).
+Here are the Advanced options specific to azurefiles (Microsoft Azure Files).
 
-#### --azureblob-client-send-certificate-chain
+#### --azurefiles-client-send-certificate-chain
 
 Send the certificate chain when using certificate auth.
 
@@ -34448,11 +39922,11 @@ Optionally set this if using
 Properties:
 
 - Config:      client_send_certificate_chain
-- Env Var:     RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SEND_CERTIFICATE_CHAIN
 - Type:        bool
 - Default:     false
 
-#### --azureblob-username
+#### --azurefiles-username
 
 User name (usually an email address)
 
@@ -34463,11 +39937,11 @@ Set this if using
 Properties:
 
 - Config:      username
-- Env Var:     RCLONE_AZUREBLOB_USERNAME
+- Env Var:     RCLONE_AZUREFILES_USERNAME
 - Type:        string
 - Required:    false
 
-#### --azureblob-password
+#### --azurefiles-password
 
 The user's password
 
@@ -34480,22 +39954,24 @@ Set this if using
 Properties:
 
 - Config:      password
-- Env Var:     RCLONE_AZUREBLOB_PASSWORD
+- Env Var:     RCLONE_AZUREFILES_PASSWORD
 - Type:        string
 - Required:    false
 
-#### --azureblob-service-principal-file
+#### --azurefiles-service-principal-file
 
 Path to file containing credentials for use with a service principal.
 
 Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
 
     $ az ad sp create-for-rbac --name "<name>" \
-      --role "Storage Blob Data Owner" \
+      --role "Storage Files Data Owner" \
       --scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
       > azure-principal.json
 
-See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to blob data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to files data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+**NB** this section needs updating for Azure Files - pull requests appreciated!
 
 It may be more convenient to put the credentials directly into the
 rclone config file under the `client_id`, `tenant` and `client_secret`
@@ -34505,11 +39981,11 @@ keys instead of setting `service_principal_file`.
 Properties:
 
 - Config:      service_principal_file
-- Env Var:     RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE
+- Env Var:     RCLONE_AZUREFILES_SERVICE_PRINCIPAL_FILE
 - Type:        string
 - Required:    false
 
-#### --azureblob-use-msi
+#### --azurefiles-use-msi
 
 Use a managed service identity to authenticate (only works in Azure).
 
@@ -34525,11 +40001,11 @@ msi_client_id, or msi_mi_res_id parameters.
 Properties:
 
 - Config:      use_msi
-- Env Var:     RCLONE_AZUREBLOB_USE_MSI
+- Env Var:     RCLONE_AZUREFILES_USE_MSI
 - Type:        bool
 - Default:     false
 
-#### --azureblob-msi-object-id
+#### --azurefiles-msi-object-id
 
 Object ID of the user-assigned MSI to use, if any.
 
@@ -34538,11 +40014,11 @@ Leave blank if msi_client_id or msi_mi_res_id specified.
 Properties:
 
 - Config:      msi_object_id
-- Env Var:     RCLONE_AZUREBLOB_MSI_OBJECT_ID
+- Env Var:     RCLONE_AZUREFILES_MSI_OBJECT_ID
 - Type:        string
 - Required:    false
 
-#### --azureblob-msi-client-id
+#### --azurefiles-msi-client-id
 
 Object ID of the user-assigned MSI to use, if any.
 
@@ -34551,11 +40027,11 @@ Leave blank if msi_object_id or msi_mi_res_id specified.
 Properties:
 
 - Config:      msi_client_id
-- Env Var:     RCLONE_AZUREBLOB_MSI_CLIENT_ID
+- Env Var:     RCLONE_AZUREFILES_MSI_CLIENT_ID
 - Type:        string
 - Required:    false
 
-#### --azureblob-msi-mi-res-id
+#### --azurefiles-msi-mi-res-id
 
 Azure resource ID of the user-assigned MSI to use, if any.
 
@@ -34564,24 +40040,11 @@ Leave blank if msi_client_id or msi_object_id specified.
 Properties:
 
 - Config:      msi_mi_res_id
-- Env Var:     RCLONE_AZUREBLOB_MSI_MI_RES_ID
+- Env Var:     RCLONE_AZUREFILES_MSI_MI_RES_ID
 - Type:        string
 - Required:    false
 
-#### --azureblob-use-emulator
-
-Uses local storage emulator if provided as 'true'.
-
-Leave blank if using real azure storage endpoint.
-
-Properties:
-
-- Config:      use_emulator
-- Env Var:     RCLONE_AZUREBLOB_USE_EMULATOR
-- Type:        bool
-- Default:     false
-
-#### --azureblob-endpoint
+#### --azurefiles-endpoint
 
 Endpoint for the service.
 
@@ -34590,37 +40053,26 @@ Leave blank normally.
 Properties:
 
 - Config:      endpoint
-- Env Var:     RCLONE_AZUREBLOB_ENDPOINT
-- Type:        string
-- Required:    false
-
-#### --azureblob-upload-cutoff
-
-Cutoff for switching to chunked upload (<= 256 MiB) (deprecated).
-
-Properties:
-
-- Config:      upload_cutoff
-- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CUTOFF
+- Env Var:     RCLONE_AZUREFILES_ENDPOINT
 - Type:        string
 - Required:    false
 
-#### --azureblob-chunk-size
+#### --azurefiles-chunk-size
 
 Upload chunk size.
 
 Note that this is stored in memory and there may be up to
-"--transfers" * "--azureblob-upload-concurrency" chunks stored at once
+"--transfers" * "--azurefile-upload-concurrency" chunks stored at once
 in memory.
 
 Properties:
 
 - Config:      chunk_size
-- Env Var:     RCLONE_AZUREBLOB_CHUNK_SIZE
+- Env Var:     RCLONE_AZUREFILES_CHUNK_SIZE
 - Type:        SizeSuffix
 - Default:     4Mi
 
-#### --azureblob-upload-concurrency
+#### --azurefiles-upload-concurrency
 
 Concurrency for multipart uploads.
 
@@ -34631,128 +40083,41 @@ If you are uploading small numbers of large files over high-speed
 links and these uploads do not fully utilize your bandwidth, then
 increasing this may help to speed up the transfers.
 
-In tests, upload speed increases almost linearly with upload
-concurrency. For example to fill a gigabit pipe it may be necessary to
-raise this to 64. Note that this will use more memory.
-
 Note that chunks are stored in memory and there may be up to
-"--transfers" * "--azureblob-upload-concurrency" chunks stored at once
+"--transfers" * "--azurefile-upload-concurrency" chunks stored at once
 in memory.
 
 Properties:
 
 - Config:      upload_concurrency
-- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY
+- Env Var:     RCLONE_AZUREFILES_UPLOAD_CONCURRENCY
 - Type:        int
 - Default:     16
 
-#### --azureblob-list-chunk
-
-Size of blob list.
-
-This sets the number of blobs requested in each listing chunk. Default
-is the maximum, 5000. "List blobs" requests are permitted 2 minutes
-per megabyte to complete. If an operation is taking longer than 2
-minutes per megabyte on average, it will time out (
-[source](https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval)
-). This can be used to limit the number of blobs items to return, to
-avoid the time out.
-
-Properties:
-
-- Config:      list_chunk
-- Env Var:     RCLONE_AZUREBLOB_LIST_CHUNK
-- Type:        int
-- Default:     5000
-
-#### --azureblob-access-tier
-
-Access tier of blob: hot, cool or archive.
-
-Archived blobs can be restored by setting access tier to hot or
-cool. Leave blank if you intend to use default access tier, which is
-set at account level
-
-If there is no "access tier" specified, rclone doesn't apply any tier.
-rclone performs "Set Tier" operation on blobs while uploading, if objects
-are not modified, specifying "access tier" to new one will have no effect.
-If blobs are in "archive tier" at remote, trying to perform data transfer
-operations from remote will not be allowed. User should first restore by
-tiering blob to "Hot" or "Cool".
-
-Properties:
-
-- Config:      access_tier
-- Env Var:     RCLONE_AZUREBLOB_ACCESS_TIER
-- Type:        string
-- Required:    false
+#### --azurefiles-max-stream-size
 
-#### --azureblob-archive-tier-delete
+Max size for streamed files.
 
-Delete archive tier blobs before overwriting.
+Azure files needs to know in advance how big the file will be. When
+rclone doesn't know it uses this value instead.
 
-Archive tier blobs cannot be updated. So without this flag, if you
-attempt to update an archive tier blob, then rclone will produce the
-error:
+This will be used when rclone is streaming data, the most common uses are:
 
-    can't update archive tier blob without --azureblob-archive-tier-delete
+- Uploading files with `--vfs-cache-mode off` with `rclone mount`
+- Using `rclone rcat`
+- Copying files with unknown length
 
-With this flag set then before rclone attempts to overwrite an archive
-tier blob, it will delete the existing blob before uploading its
-replacement.  This has the potential for data loss if the upload fails
-(unlike updating a normal blob) and also may cost more since deleting
-archive tier blobs early may be chargable.
+You will need this much free space in the share as the file will be this size temporarily.
 
 
 Properties:
 
-- Config:      archive_tier_delete
-- Env Var:     RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE
-- Type:        bool
-- Default:     false
-
-#### --azureblob-disable-checksum
-
-Don't store MD5 checksum with object metadata.
-
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can add it to metadata on the object. This is great
-for data integrity checking but can cause long delays for large files
-to start uploading.
-
-Properties:
-
-- Config:      disable_checksum
-- Env Var:     RCLONE_AZUREBLOB_DISABLE_CHECKSUM
-- Type:        bool
-- Default:     false
-
-#### --azureblob-memory-pool-flush-time
-
-How often internal memory buffer pools will be flushed.
-
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.
-
-Properties:
-
-- Config:      memory_pool_flush_time
-- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME
-- Type:        Duration
-- Default:     1m0s
-
-#### --azureblob-memory-pool-use-mmap
-
-Whether to use mmap buffers in internal memory pool.
-
-Properties:
-
-- Config:      memory_pool_use_mmap
-- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP
-- Type:        bool
-- Default:     false
+- Config:      max_stream_size
+- Env Var:     RCLONE_AZUREFILES_MAX_STREAM_SIZE
+- Type:        SizeSuffix
+- Default:     10Gi
 
-#### --azureblob-encoding
+#### --azurefiles-encoding
 
 The encoding for the backend.
 
@@ -34761,54 +40126,9 @@ See the [encoding section in the overview](https://rclone.org/overview/#encoding
 Properties:
 
 - Config:      encoding
-- Env Var:     RCLONE_AZUREBLOB_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
-
-#### --azureblob-public-access
-
-Public access level of a container: blob or container.
-
-Properties:
-
-- Config:      public_access
-- Env Var:     RCLONE_AZUREBLOB_PUBLIC_ACCESS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - The container and its blobs can be accessed only with an authorized request.
-        - It's a default value.
-    - "blob"
-        - Blob data within this container can be read via anonymous request.
-    - "container"
-        - Allow full public read access for container and blob data.
-
-#### --azureblob-no-check-container
-
-If set, don't attempt to check the container exists or create it.
-
-This can be useful when trying to minimise the number of transactions
-rclone does if you know the container exists already.
-
-
-Properties:
-
-- Config:      no_check_container
-- Env Var:     RCLONE_AZUREBLOB_NO_CHECK_CONTAINER
-- Type:        bool
-- Default:     false
-
-#### --azureblob-no-head-object
-
-If set, do not do HEAD before GET when getting objects.
-
-Properties:
-
-- Config:      no_head_object
-- Env Var:     RCLONE_AZUREBLOB_NO_HEAD_OBJECT
-- Type:        bool
-- Default:     false
+- Env Var:     RCLONE_AZUREFILES_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot
 
 
 
@@ -34829,30 +40149,6 @@ Eg `--header-upload "Content-Type: text/potato"`
 MD5 sums are only uploaded with chunked files if the source has an MD5
 sum.  This will always be the case for a local to azure copy.
 
-`rclone about` is not supported by the Microsoft Azure Blob storage backend. Backends without
-this capability cannot determine free space for an rclone mount or
-use policy `mfs` (most free space) as a member of an rclone union
-remote.
-
-See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
-
-## Azure Storage Emulator Support
-
-You can run rclone with the storage emulator (usually _azurite_).
-
-To do this, just set up a new remote with `rclone config` following
-the instructions in the introduction and set `use_emulator` in the
-advanced settings as `true`. You do not need to provide a default
-account name nor an account key. But you can override them in the
-`account` and `key` options. (Prior to v1.61 they were hard coded to
-_azurite_'s `devstoreaccount1`.)
-
-Also, if you want to access a storage emulator instance running on a
-different machine, you can override the `endpoint` parameter in the
-advanced settings, setting it to
-`http(s)://<host>:<port>/devstoreaccount1`
-(e.g. `http://10.254.2.5:10000/devstoreaccount1`).
-
 #  Microsoft OneDrive
 
 Paths are specified as `remote:path`
@@ -35011,7 +40307,7 @@ You may try to [verify you account](https://docs.microsoft.com/en-us/azure/activ
 Note: If you have a special region, you may need a different host in step 4 and 5. Here are [some hints](https://github.com/rclone/rclone/blob/bc23bf11db1c78c6ebbf8ea538fbebf7058b4176/backend/onedrive/onedrive.go#L86).
 
 
-### Modification time and hashes
+### Modification times and hashes
 
 OneDrive allows modification times to be set on objects accurate to 1
 second.  These will be used to detect whether objects need syncing or
@@ -35032,6 +40328,32 @@ your workflow.
 
 For all types of OneDrive you can use the `--checksum` flag.
 
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+This must be enabled with the `--onedrive-delta` flag (or `delta =
+true` in the config file) as it can cause performance degradation.
+
+It does this by using the delta listing facilities of OneDrive which
+returns all the files in the remote very efficiently. This is much
+more efficient than listing directories recursively and is Microsoft's
+recommended way of reading all the file information from a drive.
+
+This can be useful with `rclone mount` and [rclone rc vfs/refresh
+recursive=true](https://rclone.org/rc/#vfs-refresh)) to very quickly fill the mount with
+information about all the files.
+
+The API used for the recursive listing (`ListR`) only supports listing
+from the root of the drive. This will become increasingly inefficient
+the further away you get from the root as rclone will have to discard
+files outside of the directory you are using.
+
+Some commands (like `rclone lsf -R`) will use `ListR` by default - you
+can turn this off with `--disable ListR` if you need to.
+
 ### Restricted filename characters
 
 In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
@@ -35277,6 +40599,8 @@ Properties:
 
 #### --onedrive-server-side-across-configs
 
+Deprecated: use --server-side-across-configs instead.
+
 Allow server-side operations (e.g. copy) to work across different onedrive configs.
 
 This will only work if you are copying between two OneDrive *Personal* drives AND
@@ -35380,7 +40704,7 @@ Properties:
 Specify the hash in use for the backend.
 
 This specifies the hash type in use. If set to "auto" it will use the
-default hash which is is QuickXorHash.
+default hash which is QuickXorHash.
 
 Before rclone 1.62 an SHA1 hash was used by default for Onedrive
 Personal. For 1.62 and later the default is to use a QuickXorHash for
@@ -35417,6 +40741,67 @@ Properties:
     - "none"
         - None - don't use any hashes
 
+#### --onedrive-av-override
+
+Allows download of files the server thinks has a virus.
+
+The onedrive/sharepoint server may check files uploaded with an Anti
+Virus checker. If it detects any potential viruses or malware it will
+block download of the file.
+
+In this case you will see a message like this
+
+    server reports this file is infected with a virus - use --onedrive-av-override to download anyway: Infected (name of virus): 403 Forbidden: 
+
+If you are 100% sure you want to download this file anyway then use
+the --onedrive-av-override flag, or av_override = true in the config
+file.
+
+
+Properties:
+
+- Config:      av_override
+- Env Var:     RCLONE_ONEDRIVE_AV_OVERRIDE
+- Type:        bool
+- Default:     false
+
+#### --onedrive-delta
+
+If set rclone will use delta listing to implement recursive listings.
+
+If this flag is set the the onedrive backend will advertise `ListR`
+support for recursive listings.
+
+Setting this flag speeds up these things greatly:
+
+    rclone lsf -R onedrive:
+    rclone size onedrive:
+    rclone rc vfs/refresh recursive=true
+
+**However** the delta listing API **only** works at the root of the
+drive. If you use it not at the root then it recurses from the root
+and discards all the data that is not under the directory you asked
+for. So it will be correct but may not be very efficient.
+
+This is why this flag is not set as the default.
+
+As a rule of thumb if nearly all of your data is under rclone's root
+directory (the `root/directory` in `onedrive:root/directory`) then
+using this flag will be be a big performance win. If your data is
+mostly not under the root then using this flag will be a big
+performance loss.
+
+It is recommended if you are mounting your onedrive at the root
+(or near the root when using crypt) and using rclone `rc vfs/refresh`.
+
+
+Properties:
+
+- Config:      delta
+- Env Var:     RCLONE_ONEDRIVE_DELTA
+- Type:        bool
+- Default:     false
+
 #### --onedrive-encoding
 
 The encoding for the backend.
@@ -35427,7 +40812,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_ONEDRIVE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot
 
 
@@ -35721,12 +41106,14 @@ To copy a local directory to an OpenDrive directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and MD5SUMs
+### Modification times and hashes
 
 OpenDrive allows modification times to be set on objects accurate to 1
 second. These will be used to detect whether objects need syncing or
 not.
 
+The MD5 hash algorithm is supported.
+
 ### Restricted filename characters
 
 | Character | Value | Replacement |
@@ -35800,7 +41187,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_OPENDRIVE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot
 
 #### --opendrive-chunk-size
@@ -35838,13 +41225,17 @@ remote.
 See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
 #  Oracle Object Storage
-[Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
-
-[Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
+- [Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
+- [Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
+- [Oracle Object Storage Limits](https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/oci-object-storage-best-practices.pdf)
 
 Paths are specified as `remote:bucket` (or `remote:` for the `lsd` command.)  You may put subdirectories in 
 too, e.g. `remote:bucket/path/to/dir`.
 
+Sample command to transfer local artifacts to remote:bucket in oracle object storage:
+
+`rclone -vvv  --progress --stats-one-line --max-stats-groups 10 --log-format date,time,UTC,longfile --fast-list --buffer-size 256Mi --oos-no-check-bucket --oos-upload-cutoff 10Mi --multi-thread-cutoff 16Mi --multi-thread-streams 3000 --transfers 3000 --checkers 64  --retries 2  --oos-chunk-size 10Mi --oos-upload-concurrency 10000  --oos-attempt-resume-upload --oos-leave-parts-on-error sync ./artifacts  remote:bucket -vv`
+
 ## Configuration
 
 Here is an example of making an oracle object storage configuration. `rclone config` walks you 
@@ -35968,7 +41359,7 @@ List the contents of a bucket
     rclone ls remote:bucket
     rclone ls remote:bucket --max-depth 1
 
-### OCI Authentication Provider 
+## Authentication Providers 
 
 OCI has various authentication methods. To learn more about authentication methods please refer [oci authentication 
 methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm) 
@@ -35981,7 +41372,8 @@ Rclone supports the following OCI authentication provider.
     Resource Principal
     No authentication
 
-#### Authentication provider choice: User Principal
+### User Principal
+
 Sample rclone config file for Authentication Provider User Principal:
 
     [oos]
@@ -36001,7 +41393,8 @@ Considerations:
 - Overhead of managing users and keys.
 - If the user is deleted, the config file will no longer work and may cause automation regressions that use the user's credentials.
 
-####  Authentication provider choice: Instance Principal
+###  Instance Principal
+
 An OCI compute instance can be authorized to use rclone by using it's identity and certificates as an instance principal. 
 With this approach no credentials have to be stored and managed.
 
@@ -36030,7 +41423,8 @@ Considerations:
 - Everyone who has access to this machine can execute the CLI commands.
 - It is applicable for oci compute instances only. It cannot be used on external instance or resources.
 
-#### Authentication provider choice: Resource Principal
+### Resource Principal
+
 Resource principal auth is very similar to instance principal auth but used for resources that are not 
 compute instances such as [serverless functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm). 
 To use resource principal ensure Rclone process is started with these environment variables set in its process.
@@ -36049,7 +41443,8 @@ Sample rclone configuration file for Authentication Provider Resource Principal:
     region = us-ashburn-1
     provider = resource_principal_auth
 
-#### Authentication provider choice: No authentication
+### No authentication
+
 Public buckets do not require any authentication mechanism to read objects.
 Sample rclone configuration file for No authentication:
     
@@ -36060,10 +41455,9 @@ Sample rclone configuration file for No authentication:
     region = us-ashburn-1
     provider = no_auth
 
-## Options
-### Modified time
+### Modification times and hashes
 
-The modified time is stored as metadata on the object as
+The modification time is stored as metadata on the object as
 `opc-meta-mtime` as floating point since the epoch, accurate to 1 ns.
 
 If the modification time needs to be updated rclone will attempt to perform a server
@@ -36073,6 +41467,8 @@ In the case the object is larger than 5Gb, the object will be uploaded rather th
 Note that reading this from the object takes an additional `HEAD` request as the metadata
 isn't returned in object listings.
 
+The MD5 hash algorithm is supported.
+
 ### Multipart uploads
 
 rclone supports multipart uploads with OOS which means that it can
@@ -36252,9 +41648,8 @@ Properties:
 Chunk size to use for uploading.
 
 When uploading files larger than upload_cutoff or files with unknown
-size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google
-photos or google docs) they will be uploaded as multipart uploads
-using this chunk size.
+size (e.g. from "rclone rcat" or uploaded with "rclone mount" they will be uploaded 
+as multipart uploads using this chunk size.
 
 Note that "upload_concurrency" chunks of this size are buffered
 in memory per transfer.
@@ -36282,6 +41677,26 @@ Properties:
 - Type:        SizeSuffix
 - Default:     5Mi
 
+#### --oos-max-upload-parts
+
+Maximum number of parts in a multipart upload.
+
+This option defines the maximum number of multipart chunks to use
+when doing a multipart upload.
+
+OCI has max parts limit of 10,000 chunks.
+
+Rclone will automatically increase the chunk size when uploading a
+large file of a known size to stay below this number of chunks limit.
+
+
+Properties:
+
+- Config:      max_upload_parts
+- Env Var:     RCLONE_OOS_MAX_UPLOAD_PARTS
+- Type:        int
+- Default:     10000
+
 #### --oos-upload-concurrency
 
 Concurrency for multipart uploads.
@@ -36356,12 +41771,12 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_OOS_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8,Dot
 
 #### --oos-leave-parts-on-error
 
-If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.
+If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
 
 It should be set to true for resuming uploads across different sessions.
 
@@ -36376,6 +41791,24 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --oos-attempt-resume-upload
+
+If true attempt to resume previously started multipart upload for the object.
+This will be helpful to speed up multipart transfers by resuming uploads from past session.
+
+WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is 
+aborted and a new multipart upload is started with the new chunk size.
+
+The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
+
+
+Properties:
+
+- Config:      attempt_resume_upload
+- Env Var:     RCLONE_OOS_ATTEMPT_RESUME_UPLOAD
+- Type:        bool
+- Default:     false
+
 #### --oos-no-check-bucket
 
 If set, don't attempt to check the bucket exists or create it.
@@ -36444,7 +41877,7 @@ Properties:
 
 #### --oos-sse-kms-key-id
 
-if using using your own master key in vault, this header specifies the 
+if using your own master key in vault, this header specifies the
 OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
 the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
 Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
@@ -36559,6 +41992,9 @@ Options:
 
 
 
+## Tutorials
+### [Mounting Buckets](https://rclone.org/oracleobjectstorage/tutorial_mount/)
+
 #  QingStor
 
 Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
@@ -36862,7 +42298,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_QINGSTOR_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Ctl,InvalidUtf8
 
 
@@ -36876,6 +42312,250 @@ remote.
 
 See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
+#  Quatrix
+
+Quatrix by Maytech is [Quatrix Secure Compliant File Sharing | Maytech](https://www.maytech.net/products/quatrix-business).
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g., `remote:directory/subdirectory`.
+
+The initial setup for Quatrix involves getting an API Key from Quatrix. You can get the API key in the user's profile at `https://<account>/profile/api-keys`
+or with the help of the API - https://docs.maytech.net/quatrix/quatrix-api/api-explorer#/API-Key/post_api_key_create.
+
+See complete Swagger documentation for Quatrix - https://docs.maytech.net/quatrix/quatrix-api/api-explorer
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Quatrix by Maytech
+   \ "quatrix"
+[snip]
+Storage> quatrix
+API key for accessing Quatrix account.
+api_key> your_api_key
+Host name of Quatrix account.
+host> example.quatrix.it
+
+--------------------
+[remote]
+api_key = your_api_key
+host = example.quatrix.it
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Quatrix
+
+    rclone lsd remote:
+
+List all the files in your Quatrix
+
+    rclone ls remote:
+
+To copy a local directory to an Quatrix directory called backup
+
+    rclone copy /home/source remote:backup
+
+### API key validity
+
+API Key is created with no expiration date. It will be valid until you delete or deactivate it in your account.
+After disabling, the API Key can be enabled back. If the API Key was deleted and a new key was created, you can
+update it in rclone config. The same happens if the hostname was changed.
+
+```
+$ rclone config
+Current remotes:
+
+Name                 Type
+====                 ====
+remote               quatrix
+
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> e
+Choose a number from below, or type in an existing value
+ 1 > remote
+remote> remote
+--------------------
+[remote]
+type = quatrix
+host = some_host.quatrix.it
+api_key = your_api_key
+--------------------
+Edit remote
+Option api_key.
+API key for accessing Quatrix account
+Enter a string value. Press Enter for the default (your_api_key)
+api_key>
+Option host.
+Host name of Quatrix account
+Enter a string value. Press Enter for the default (some_host.quatrix.it).
+
+--------------------
+[remote]
+type = quatrix
+host = some_host.quatrix.it
+api_key = your_api_key
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+### Modification times and hashes
+
+Quatrix allows modification times to be set on objects accurate to 1 microsecond.
+These will be used to detect whether objects need syncing or not.
+
+Quatrix does not support hashes, so you cannot use the `--checksum` flag.
+
+### Restricted filename characters
+
+File names in Quatrix are case sensitive and have limitations like the maximum length of a filename is 255, and the minimum length is 1. A file name cannot be equal to `.` or `..` nor contain `/` , `\` or non-printable ascii.
+
+### Transfers
+
+For files above 50 MiB rclone will use a chunked transfer. Rclone will upload up to `--transfers` chunks at the same time (shared among all multipart uploads).
+Chunks are buffered in memory, and the minimal chunk size is 10_000_000 bytes by default, and it can be changed in the advanced configuration, so increasing `--transfers` will increase the memory use.
+The chunk size has a maximum size limit, which is set to 100_000_000 bytes by default and can be changed in the advanced configuration.
+The size of the uploaded chunk will dynamically change depending on the upload speed.
+The total memory use equals the number of transfers multiplied by the minimal chunk size.
+In case there's free memory allocated for the upload (which equals the difference of `maximal_summary_chunk_size` and `minimal_chunk_size` * `transfers`),
+the chunk size may increase in case of high upload speed. As well as it can decrease in case of upload speed problems.
+If no free memory is available, all chunks will equal `minimal_chunk_size`.
+
+### Deleting files
+
+Files you delete with rclone will end up in Trash and be stored there for 30 days.
+Quatrix also provides an API to permanently delete files and an API to empty the Trash so that you can remove files permanently from your account.
+
+
+### Standard options
+
+Here are the Standard options specific to quatrix (Quatrix by Maytech).
+
+#### --quatrix-api-key
+
+API key for accessing Quatrix account
+
+Properties:
+
+- Config:      api_key
+- Env Var:     RCLONE_QUATRIX_API_KEY
+- Type:        string
+- Required:    true
+
+#### --quatrix-host
+
+Host name of Quatrix account
+
+Properties:
+
+- Config:      host
+- Env Var:     RCLONE_QUATRIX_HOST
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to quatrix (Quatrix by Maytech).
+
+#### --quatrix-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_QUATRIX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+#### --quatrix-effective-upload-time
+
+Wanted upload time for one chunk
+
+Properties:
+
+- Config:      effective_upload_time
+- Env Var:     RCLONE_QUATRIX_EFFECTIVE_UPLOAD_TIME
+- Type:        string
+- Default:     "4s"
+
+#### --quatrix-minimal-chunk-size
+
+The minimal size for one chunk
+
+Properties:
+
+- Config:      minimal_chunk_size
+- Env Var:     RCLONE_QUATRIX_MINIMAL_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     9.537Mi
+
+#### --quatrix-maximal-summary-chunk-size
+
+The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size'
+
+Properties:
+
+- Config:      maximal_summary_chunk_size
+- Env Var:     RCLONE_QUATRIX_MAXIMAL_SUMMARY_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     95.367Mi
+
+#### --quatrix-hard-delete
+
+Delete files permanently rather than putting them into the trash.
+
+Properties:
+
+- Config:      hard_delete
+- Env Var:     RCLONE_QUATRIX_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+
+
+## Storage usage
+
+The storage usage in Quatrix is restricted to the account during the purchase. You can restrict any user with a smaller storage limit.
+The account limit is applied if the user has no custom storage limit. Once you've reached the limit, the upload of files will fail.
+This can be fixed by freeing up the space or increasing the quota.
+
+## Server-side operations
+
+Quatrix supports server-side operations (copy and move). In case of conflict, files are overwritten during server-side operation.
+
 #  Sia
 
 Sia ([sia.tech](https://sia.tech/)) is a decentralized cloud storage platform
@@ -37062,7 +42742,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SIA_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot
 
 
@@ -37087,6 +42767,7 @@ Commercial implementations of that being:
   * [Memset Memstore](https://www.memset.com/cloud/storage/)
   * [OVH Object Storage](https://www.ovh.co.uk/public-cloud/storage/object-storage/)
   * [Oracle Cloud Storage](https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html)
+  * [Blomp Cloud Storage](https://www.blomp.com/cloud-storage/)
   * [IBM Bluemix Cloud ObjectStorage Swift](https://console.bluemix.net/docs/infrastructure/objectstorage-swift/index.html)
 
 Paths are specified as `remote:container` (or `remote:` for the `lsd`
@@ -37110,7 +42791,7 @@ name> remote
 Type of storage to configure.
 Choose a number from below, or type in your own value
 [snip]
-XX / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
+XX / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)
    \ "swift"
 [snip]
 Storage> swift
@@ -37139,6 +42820,8 @@ Choose a number from below, or type in your own value
    \ "https://auth.storage.memset.com/v2.0"
  6 / OVH
    \ "https://auth.cloud.ovh.net/v3"
+ 7  / Blomp Cloud Storage
+   \ "https://authenticate.ain.net"
 auth> 
 User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
 user_id> 
@@ -37298,7 +42981,7 @@ sufficient to determine if it is "dirty". By using `--update` along with
 `--use-server-modtime`, you can avoid the extra API call and simply upload
 files whose local modtime is newer than the time it was last uploaded.
 
-### Modified time
+### Modification times and hashes
 
 The modified time is stored as metadata on the object as
 `X-Object-Meta-Mtime` as floating point since the epoch accurate to 1
@@ -37307,6 +42990,8 @@ ns.
 This is a de facto standard (used in the official python-swiftclient
 amongst others) for storing the modification time for an object.
 
+The MD5 hash algorithm is supported.
+
 ### Restricted filename characters
 
 | Character | Value | Replacement |
@@ -37320,7 +43005,7 @@ as they can't be used in JSON strings.
 
 ### Standard options
 
-Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).
+Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
 
 #### --swift-env-auth
 
@@ -37384,6 +43069,8 @@ Properties:
         - Memset Memstore UK v2
     - "https://auth.cloud.ovh.net/v3"
         - OVH
+    - "https://authenticate.ain.net"
+        - Blomp Cloud Storage
 
 #### --swift-user-id
 
@@ -37560,7 +43247,7 @@ Properties:
 
 ### Advanced options
 
-Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).
+Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
 
 #### --swift-leave-parts-on-error
 
@@ -37651,7 +43338,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SWIFT_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8
 
 
@@ -37779,7 +43466,7 @@ To copy a local directory to a pCloud directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes ###
+### Modification times and hashes
 
 pCloud allows modification times to be set on objects accurate to 1
 second.  These will be used to detect whether objects need syncing or
@@ -37918,7 +43605,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_PCLOUD_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 #### --pcloud-root-folder-id
@@ -37983,6 +43670,314 @@ Properties:
 
 
 
+#  PikPak
+
+PikPak is [a private cloud drive](https://mypikpak.com/).
+
+Paths are specified as `remote:path`, and may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+Here is an example of making a remote for PikPak.
+
+First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter name for new remote.
+name> remote
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+XX / PikPak
+   \ (pikpak)
+Storage> XX
+
+Option user.
+Pikpak username.
+Enter a value.
+user> USERNAME
+
+Option pass.
+Pikpak password.
+Choose an alternative below.
+y) Yes, type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> 
+
+Configuration complete.
+Options:
+- type: pikpak
+- user: USERNAME
+- pass: *** ENCRYPTED ***
+- token: {"access_token":"eyJ...","token_type":"Bearer","refresh_token":"os...","expiry":"2023-01-26T18:54:32.170582647+09:00"}
+Keep this "remote" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+### Modification times and hashes
+
+PikPak keeps modification times on objects, and updates them when uploading objects,
+but it does not support changing only the modification time
+
+The MD5 hash algorithm is supported.
+
+
+### Standard options
+
+Here are the Standard options specific to pikpak (PikPak).
+
+#### --pikpak-user
+
+Pikpak username.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_PIKPAK_USER
+- Type:        string
+- Required:    true
+
+#### --pikpak-pass
+
+Pikpak password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_PIKPAK_PASS
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to pikpak (PikPak).
+
+#### --pikpak-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PIKPAK_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PIKPAK_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --pikpak-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PIKPAK_TOKEN
+- Type:        string
+- Required:    false
+
+#### --pikpak-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PIKPAK_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PIKPAK_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-root-folder-id
+
+ID of the root folder.
+Leave blank normally.
+
+Fill in for rclone to use a non root folder as its starting point.
+
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_PIKPAK_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-use-trash
+
+Send files to the trash instead of deleting permanently.
+
+Defaults to true, namely sending files to the trash.
+Use `--pikpak-use-trash=false` to delete files permanently instead.
+
+Properties:
+
+- Config:      use_trash
+- Env Var:     RCLONE_PIKPAK_USE_TRASH
+- Type:        bool
+- Default:     true
+
+#### --pikpak-trashed-only
+
+Only show files that are in the trash.
+
+This will show trashed files in their original directory structure.
+
+Properties:
+
+- Config:      trashed_only
+- Env Var:     RCLONE_PIKPAK_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --pikpak-hash-memory-limit
+
+Files bigger than this will be cached on disk to calculate hash if required.
+
+Properties:
+
+- Config:      hash_memory_limit
+- Env Var:     RCLONE_PIKPAK_HASH_MEMORY_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --pikpak-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PIKPAK_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+## Backend commands
+
+Here are the commands specific to the pikpak backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### addurl
+
+Add offline download task for url
+
+    rclone backend addurl remote: [options] [<arguments>+]
+
+This command adds offline download task for url.
+
+Usage:
+
+    rclone backend addurl pikpak:dirpath url
+
+Downloads will be stored in 'dirpath'. If 'dirpath' is invalid, 
+download will fallback to default 'My Pack' folder.
+
+
+### decompress
+
+Request decompress of a file/files in a folder
+
+    rclone backend decompress remote: [options] [<arguments>+]
+
+This command requests decompress of file/files in a folder.
+
+Usage:
+
+    rclone backend decompress pikpak:dirpath {filename} -o password=password
+    rclone backend decompress pikpak:dirpath {filename} -o delete-src-file
+
+An optional argument 'filename' can be specified for a file located in 
+'pikpak:dirpath'. You may want to pass '-o password=password' for a 
+password-protected files. Also, pass '-o delete-src-file' to delete 
+source files after decompression finished.
+
+Result:
+
+    {
+        "Decompressed": 17,
+        "SourceDeleted": 0,
+        "Errors": 0
+    }
+
+
+
+
+## Limitations
+
+### Hashes may be empty
+
+PikPak supports MD5 hash, but sometimes given empty especially for user-uploaded files.
+
+### Deleted files still visible with trashed-only
+
+Deleted files will still be visible with `--pikpak-trashed-only` even after the
+trash emptied. This goes away after few days.
+
 #  premiumize.me
 
 Paths are specified as `remote:path`
@@ -38063,7 +44058,7 @@ To copy a local directory to an premiumize.me directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes
+### Modification times and hashes
 
 premiumize.me does not support modification times or hashes, therefore
 syncing will default to `--size-only` checking.  Note that using
@@ -38087,6 +44082,32 @@ as they can't be used in JSON strings.
 
 Here are the Standard options specific to premiumizeme (premiumize.me).
 
+#### --premiumizeme-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
 #### --premiumizeme-api-key
 
 API Key.
@@ -38105,6 +44126,43 @@ Properties:
 
 Here are the Advanced options specific to premiumizeme (premiumize.me).
 
+#### --premiumizeme-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PREMIUMIZEME_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN_URL
+- Type:        string
+- Required:    false
+
 #### --premiumizeme-encoding
 
 The encoding for the backend.
@@ -38115,7 +44173,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_PREMIUMIZEME_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 
@@ -38131,6 +44189,359 @@ rclone maps these to and from an identical looking unicode equivalents
 
 premiumize.me only supports filenames up to 255 characters in length.
 
+#  Proton Drive
+
+[Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+ for your files that protects your data.
+
+This is an rclone backend for Proton Drive which supports the file transfer
+features of Proton Drive using the same client-side encryption.
+
+Due to the fact that Proton Drive doesn't publish its API documentation, this 
+backend is implemented with best efforts by reading the open-sourced client 
+source code and observing the Proton Drive traffic in the browser.
+
+**NB** This backend is currently in Beta. It is believed to be correct
+and all the integration tests pass. However the Proton Drive protocol
+has evolved over time there may be accounts it is not compatible
+with. Please [post on the rclone forum](https://forum.rclone.org/) if
+you find an incompatibility.
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configurations
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Proton Drive
+   \ "Proton Drive"
+[snip]
+Storage> protondrive
+User name
+user> you@protonmail.com
+Password.
+y) Yes type in my own password
+g) Generate random password
+n) No leave this optional password blank
+y/g/n> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Option 2fa.
+2FA code (if the account requires one)
+Enter a value. Press Enter to leave empty.
+2fa> 123456
+Remote config
+--------------------
+[remote]
+type = protondrive
+user = you@protonmail.com
+pass = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+**NOTE:** The Proton Drive encryption keys need to have been already generated 
+after a regular login via the browser, otherwise attempting to use the 
+credentials in `rclone` will fail.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Proton Drive
+
+    rclone lsd remote:
+
+List all the files in your Proton Drive
+
+    rclone ls remote:
+
+To copy a local directory to an Proton Drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Proton Drive Bridge does not support updating modification times yet.
+
+The SHA1 hash algorithm is supported.
+
+### Restricted filename characters
+
+Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
+
+### Duplicated files
+
+Proton Drive can not have two files with exactly the same name and path. If the 
+conflict occurs, depending on the advanced config, the file might or might not 
+be overwritten.
+
+### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
+
+Please set your mailbox password in the advanced config section.
+
+### Caching
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+
+### Standard options
+
+Here are the Standard options specific to protondrive (Proton Drive).
+
+#### --protondrive-username
+
+The username of your proton account
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PROTONDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --protondrive-password
+
+The password of your proton account.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --protondrive-2fa
+
+The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_PROTONDRIVE_2FA
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to protondrive (Proton Drive).
+
+#### --protondrive-mailbox-password
+
+The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      mailbox_password
+- Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-uid
+
+Client uid key (internal use only)
+
+Properties:
+
+- Config:      client_uid
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-access-token
+
+Client access token key (internal use only)
+
+Properties:
+
+- Config:      client_access_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-refresh-token
+
+Client refresh token key (internal use only)
+
+Properties:
+
+- Config:      client_refresh_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-salted-key-pass
+
+Client salted key pass key (internal use only)
+
+Properties:
+
+- Config:      client_salted_key_pass
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+- Type:        string
+- Required:    false
+
+#### --protondrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PROTONDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
+
+#### --protondrive-original-file-size
+
+Return the file size before encryption
+			
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly
+
+Properties:
+
+- Config:      original_file_size
+- Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+- Type:        bool
+- Default:     true
+
+#### --protondrive-app-version
+
+The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.
+
+Properties:
+
+- Config:      app_version
+- Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+- Type:        string
+- Default:     "macos-drive@1.0.0-alpha.1+rclone"
+
+#### --protondrive-replace-existing-draft
+
+Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error "a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt" 
+will be returned, and no upload will happen.
+
+Properties:
+
+- Config:      replace_existing_draft
+- Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+- Type:        bool
+- Default:     false
+
+#### --protondrive-enable-caching
+
+Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn't update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+Properties:
+
+- Config:      enable_caching
+- Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+- Type:        bool
+- Default:     true
+
+
+
+## Limitations
+
+This backend uses the 
+[Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
+
+There is no official API documentation available from Proton Drive. But, thanks 
+to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+and the web, iOS, and Android client codebases, we don't need to completely 
+reverse engineer the APIs by observing the web client traffic! 
+
+[proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+building blocks of API calls and error handling, such as 429 exponential 
+back-off, but it is pretty much just a barebone interface to the Proton API. 
+For example, the encryption and decryption of the Proton Drive file are not 
+provided in this library. 
+
+The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+top of this quickly. This codebase handles the intricate tasks before and after 
+calling Proton APIs, particularly the complex encryption scheme, allowing 
+developers to implement features for other software on top of this codebase. 
+There are likely quite a few errors in this library, as there isn't official 
+documentation available.
+
 #  put.io
 
 Paths are specified as `remote:path`
@@ -38242,10 +44653,77 @@ Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid
 as they can't be used in JSON strings.
 
 
+### Standard options
+
+Here are the Standard options specific to putio (Put.io).
+
+#### --putio-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PUTIO_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --putio-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PUTIO_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
 ### Advanced options
 
 Here are the Advanced options specific to putio (Put.io).
 
+#### --putio-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PUTIO_TOKEN
+- Type:        string
+- Required:    false
+
+#### --putio-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PUTIO_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --putio-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PUTIO_TOKEN_URL
+- Type:        string
+- Required:    false
+
 #### --putio-encoding
 
 The encoding for the backend.
@@ -38256,7 +44734,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_PUTIO_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 
@@ -38270,6 +44748,359 @@ If you want to avoid ever hitting these limits, you may use the
 `--tpslimit` flag with a low number. Note that the imposed limits
 may be different for different operations, and may change over time.
 
+#  Proton Drive
+
+[Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+ for your files that protects your data.
+
+This is an rclone backend for Proton Drive which supports the file transfer
+features of Proton Drive using the same client-side encryption.
+
+Due to the fact that Proton Drive doesn't publish its API documentation, this 
+backend is implemented with best efforts by reading the open-sourced client 
+source code and observing the Proton Drive traffic in the browser.
+
+**NB** This backend is currently in Beta. It is believed to be correct
+and all the integration tests pass. However the Proton Drive protocol
+has evolved over time there may be accounts it is not compatible
+with. Please [post on the rclone forum](https://forum.rclone.org/) if
+you find an incompatibility.
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configurations
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Proton Drive
+   \ "Proton Drive"
+[snip]
+Storage> protondrive
+User name
+user> you@protonmail.com
+Password.
+y) Yes type in my own password
+g) Generate random password
+n) No leave this optional password blank
+y/g/n> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Option 2fa.
+2FA code (if the account requires one)
+Enter a value. Press Enter to leave empty.
+2fa> 123456
+Remote config
+--------------------
+[remote]
+type = protondrive
+user = you@protonmail.com
+pass = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+**NOTE:** The Proton Drive encryption keys need to have been already generated 
+after a regular login via the browser, otherwise attempting to use the 
+credentials in `rclone` will fail.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Proton Drive
+
+    rclone lsd remote:
+
+List all the files in your Proton Drive
+
+    rclone ls remote:
+
+To copy a local directory to an Proton Drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Proton Drive Bridge does not support updating modification times yet.
+
+The SHA1 hash algorithm is supported.
+
+### Restricted filename characters
+
+Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
+
+### Duplicated files
+
+Proton Drive can not have two files with exactly the same name and path. If the 
+conflict occurs, depending on the advanced config, the file might or might not 
+be overwritten.
+
+### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
+
+Please set your mailbox password in the advanced config section.
+
+### Caching
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+
+### Standard options
+
+Here are the Standard options specific to protondrive (Proton Drive).
+
+#### --protondrive-username
+
+The username of your proton account
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PROTONDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --protondrive-password
+
+The password of your proton account.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --protondrive-2fa
+
+The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_PROTONDRIVE_2FA
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to protondrive (Proton Drive).
+
+#### --protondrive-mailbox-password
+
+The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      mailbox_password
+- Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-uid
+
+Client uid key (internal use only)
+
+Properties:
+
+- Config:      client_uid
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-access-token
+
+Client access token key (internal use only)
+
+Properties:
+
+- Config:      client_access_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-refresh-token
+
+Client refresh token key (internal use only)
+
+Properties:
+
+- Config:      client_refresh_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-salted-key-pass
+
+Client salted key pass key (internal use only)
+
+Properties:
+
+- Config:      client_salted_key_pass
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+- Type:        string
+- Required:    false
+
+#### --protondrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PROTONDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
+
+#### --protondrive-original-file-size
+
+Return the file size before encryption
+			
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly
+
+Properties:
+
+- Config:      original_file_size
+- Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+- Type:        bool
+- Default:     true
+
+#### --protondrive-app-version
+
+The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.
+
+Properties:
+
+- Config:      app_version
+- Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+- Type:        string
+- Default:     "macos-drive@1.0.0-alpha.1+rclone"
+
+#### --protondrive-replace-existing-draft
+
+Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error "a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt" 
+will be returned, and no upload will happen.
+
+Properties:
+
+- Config:      replace_existing_draft
+- Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+- Type:        bool
+- Default:     false
+
+#### --protondrive-enable-caching
+
+Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn't update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+Properties:
+
+- Config:      enable_caching
+- Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+- Type:        bool
+- Default:     true
+
+
+
+## Limitations
+
+This backend uses the 
+[Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
+
+There is no official API documentation available from Proton Drive. But, thanks 
+to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+and the web, iOS, and Android client codebases, we don't need to completely 
+reverse engineer the APIs by observing the web client traffic! 
+
+[proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+building blocks of API calls and error handling, such as 429 exponential 
+back-off, but it is pretty much just a barebone interface to the Proton API. 
+For example, the encryption and decryption of the Proton Drive file are not 
+provided in this library. 
+
+The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+top of this quickly. This codebase handles the intricate tasks before and after 
+calling Proton APIs, particularly the complex encryption scheme, allowing 
+developers to implement features for other software on top of this codebase. 
+There are likely quite a few errors in this library, as there isn't official 
+documentation available.
+
 #  Seafile
 
 This is a backend for the [Seafile](https://www.seafile.com/) storage service:
@@ -38652,7 +45483,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SEAFILE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8
 
 
@@ -39012,7 +45843,7 @@ commands is prohibited.  Set the configuration option `disable_hashcheck`
 to `true` to disable checksumming entirely, or set `shell_type` to `none`
 to disable all functionality based on remote shell command execution.
 
-### Modified time
+### Modification times and hashes
 
 Modified times are stored on the server to 1 second precision.
 
@@ -39209,6 +46040,42 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --sftp-ssh
+
+Path and arguments to external ssh binary.
+
+Normally rclone will use its internal ssh library to connect to the
+SFTP server. However it does not implement all possible ssh options so
+it may be desirable to use an external ssh binary.
+
+Rclone ignores all the internal config if you use this option and
+expects you to configure the ssh binary with the user/host/port and
+any other options you need.
+
+**Important** The ssh command must log in without asking for a
+password so needs to be configured with keys or certificates.
+
+Rclone will run the command supplied either with the additional
+arguments "-s sftp" to access the SFTP subsystem or with commands such
+as "md5sum /path/to/file" appended to read checksums.
+
+Any arguments with spaces in should be surrounded by "double quotes".
+
+An example setting might be:
+
+    ssh -o ServerAliveInterval=20 user@example.com
+
+Note that when using an external ssh binary rclone makes a new ssh
+connection for every hash it calculates.
+
+
+Properties:
+
+- Config:      ssh
+- Env Var:     RCLONE_SFTP_SSH
+- Type:        SpaceSepList
+- Default:     
+
 ### Advanced options
 
 Here are the Advanced options specific to sftp (SSH/SFTP).
@@ -39261,6 +46128,18 @@ E.g. if shared folders can be found in directories representing volumes:
 E.g. if home directory can be found in a shared folder called "home":
 
     rclone sync /home/local/directory remote:/home/directory --sftp-path-override /volume1/homes/USER/directory
+	
+To specify only the path to the SFTP remote's root, and allow rclone to add any relative subpaths automatically (including unwrapping/decrypting remotes as necessary), add the '@' character to the beginning of the path.
+
+E.g. the first example above could be rewritten as:
+
+	rclone sync /home/local/directory remote:/directory --sftp-path-override @/volume2
+	
+Note that when using this method with Synology "home" folders, the full "/homes/USER" path should be specified instead of "/home".
+
+E.g. the second example above should be rewritten as:
+
+	rclone sync /home/local/directory remote:/homes/USER/directory --sftp-path-override @/volume1
 
 Properties:
 
@@ -39356,6 +46235,15 @@ Specifies the path or command to run a sftp server on the remote host.
 
 The subsystem option is ignored when server_command is defined.
 
+If adding server_command to the configuration file please note that 
+it should not be enclosed in quotes, since that will make rclone fail.
+
+A working example is:
+
+    [remote_name]
+    type = sftp
+    server_command = sudo /usr/libexec/openssh/sftp-server
+
 Properties:
 
 - Config:      server_command
@@ -39503,7 +46391,7 @@ Pass multiple variables space separated, eg
 
     VAR1=value VAR2=value
 
-and pass variables with spaces in in quotes, eg
+and pass variables with spaces in quotes, eg
 
     "VAR3=value with space" "VAR4=value with space" VAR5=nospacehere
 
@@ -39574,6 +46462,70 @@ Properties:
 - Type:        SpaceSepList
 - Default:     
 
+#### --sftp-host-key-algorithms
+
+Space separated list of host key algorithms, ordered by preference.
+
+At least one must match with server configuration. This can be checked for example using ssh -Q HostKeyAlgorithms.
+
+Note: This can affect the outcome of key negotiation with the server even if server host key validation is not enabled.
+
+Example:
+
+    ssh-ed25519 ssh-rsa ssh-dss
+
+
+Properties:
+
+- Config:      host_key_algorithms
+- Env Var:     RCLONE_SFTP_HOST_KEY_ALGORITHMS
+- Type:        SpaceSepList
+- Default:     
+
+#### --sftp-socks-proxy
+
+Socks 5 proxy host.
+	
+Supports the format user:pass@host:port, user@host:port, host:port.
+
+Example:
+
+	myUser:myPass@localhost:9005
+	
+
+Properties:
+
+- Config:      socks_proxy
+- Env Var:     RCLONE_SFTP_SOCKS_PROXY
+- Type:        string
+- Required:    false
+
+#### --sftp-copy-is-hardlink
+
+Set to enable server side copies using hardlinks.
+
+The SFTP protocol does not define a copy command so normally server
+side copies are not allowed with the sftp backend.
+
+However the SFTP protocol does support hardlinking, and if you enable
+this flag then the sftp backend will support server side copies. These
+will be implemented by doing a hardlink from the source to the
+destination.
+
+Not all sftp servers support this.
+
+Note that hardlinking two files together will use no additional space
+as the source and the destination will be the same file.
+
+This feature may be useful backups made with --copy-dest.
+
+Properties:
+
+- Config:      copy_is_hardlink
+- Env Var:     RCLONE_SFTP_COPY_IS_HARDLINK
+- Type:        bool
+- Default:     false
+
 
 
 ## Limitations
@@ -39623,7 +46575,7 @@ command.)  You may put subdirectories in too, e.g. `remote:item/path/to/dir`.
 ## Notes
 
 The first path segment must be the name of the share, which you entered when you started to share on Windows. On smbd, it's the section title in `smb.conf` (usually in `/etc/samba/`) file.
-You can find shares by quering the root if you're unsure (e.g. `rclone lsd remote:`).
+You can find shares by querying the root if you're unsure (e.g. `rclone lsd remote:`).
 
 You can't access to the shared printers from rclone, obviously.
 
@@ -39852,7 +46804,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SMB_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
 
 
@@ -40371,7 +47323,7 @@ Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 create a folder, which rclone will create as a "Sync Folder" with
 SugarSync.
 
-### Modified time and hashes
+### Modification times and hashes
 
 SugarSync does not support modification times or hashes, therefore
 syncing will default to `--size-only` checking.  Note that using
@@ -40542,7 +47494,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SUGARSYNC_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Ctl,InvalidUtf8,Dot
 
 
@@ -40639,9 +47591,10 @@ To copy a local directory to an Uptobox directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes
+### Modification times and hashes
 
-Uptobox supports neither modified times nor checksums.
+Uptobox supports neither modified times nor checksums. All timestamps
+will read as that set by `--default-time`.
 
 ### Restricted filename characters
 
@@ -40678,6 +47631,17 @@ Properties:
 
 Here are the Advanced options specific to uptobox (Uptobox).
 
+#### --uptobox-private
+
+Set to make uploaded files private
+
+Properties:
+
+- Config:      private
+- Env Var:     RCLONE_UPTOBOX_PRIVATE
+- Type:        bool
+- Default:     false
+
 #### --uptobox-encoding
 
 The encoding for the backend.
@@ -40688,7 +47652,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_UPTOBOX_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot
 
 
@@ -40702,24 +47666,27 @@ been seen in the uptobox web interface.
 
 #  Union
 
-The `union` remote provides a unification similar to UnionFS using other remotes.
-
-Paths may be as deep as required or a local path, 
-e.g. `remote:directory/subdirectory` or `/directory/subdirectory`.
+The `union` backend joins several remotes together to make a single unified view of them.
 
 During the initial setup with `rclone config` you will specify the upstream
-remotes as a space separated list. The upstream remotes can either be a local paths or other remotes.
+remotes as a space separated list. The upstream remotes can either be a local
+paths or other remotes.
+
+The attributes `:ro`, `:nc` and `:writeback` can be attached to the end of the remote
+to tag the remote as **read only**, **no create** or **writeback**, e.g.
+`remote:directory/subdirectory:ro` or `remote:directory/subdirectory:nc`.
 
-Attribute `:ro` and `:nc` can be attach to the end of path to tag the remote as **read only** or **no create**,
-e.g. `remote:directory/subdirectory:ro` or `remote:directory/subdirectory:nc`.
+- `:ro` means files will only be read from here and never written
+- `:nc` means new files or directories won't be created here
+- `:writeback` means files found in different remotes will be written back here. See the [writeback section](#writeback) for more info.
 
 Subfolders can be used in upstream remotes. Assume a union remote named `backup`
 with the remotes `mydrive:private/backup`. Invoking `rclone mkdir backup:desktop`
 is exactly the same as invoking `rclone mkdir mydrive:private/backup/desktop`.
 
-There will be no special handling of paths containing `..` segments.
-Invoking `rclone mkdir backup:../desktop` is exactly the same as invoking
-`rclone mkdir mydrive:private/backup/../desktop`.
+There is no special handling of paths containing `..` segments. Invoking `rclone
+mkdir backup:../desktop` is exactly the same as invoking `rclone mkdir
+mydrive:private/backup/../desktop`.
 
 ## Configuration
 
@@ -40869,6 +47836,36 @@ The policies definition are inspired by [trapexit/mergerfs](https://github.com/t
 | rand (random) | Calls **all** and then randomizes. Returns only one upstream. |
 
 
+### Writeback {#writeback}
+
+The tag `:writeback` on an upstream remote can be used to make a simple cache
+system like this:
+
+```
+[union]
+type = union
+action_policy = all
+create_policy = all
+search_policy = ff
+upstreams = /local:writeback remote:dir
+```
+
+When files are opened for read, if the file is in `remote:dir` but not `/local`
+then rclone will copy the file entirely into `/local` before returning a
+reference to the file in `/local`. The copy will be done with the equivalent of
+`rclone copy` so will use `--multi-thread-streams` if configured. Any copies
+will be logged with an INFO log.
+
+When files are written, they will be written to both `remote:dir` and `/local`.
+
+As many remotes as desired can be added to `upstreams` but there should only be
+one `:writeback` tag.
+
+Rclone does not manage the `:writeback` remote in any way other than writing
+files back to it. So if you need to expire old files or manage the size then you
+will have to do this yourself.
+
+
 ### Standard options
 
 Here are the Standard options specific to union (Union merges the contents of several upstream fs).
@@ -40997,17 +47994,21 @@ Choose a number from below, or type in your own value
 url> https://example.com/remote.php/webdav/
 Name of the WebDAV site/service/software you are using
 Choose a number from below, or type in your own value
- 1 / Nextcloud
-   \ "nextcloud"
- 2 / Owncloud
-   \ "owncloud"
- 3 / Sharepoint Online, authenticated by Microsoft account.
-   \ "sharepoint"
- 4 / Sharepoint with NTLM authentication. Usually self-hosted or on-premises.
-   \ "sharepoint-ntlm"
- 5 / Other site/service or software
-   \ "other"
-vendor> 1
+ 1 / Fastmail Files
+   \ (fastmail)
+ 2 / Nextcloud
+   \ (nextcloud)
+ 3 / Owncloud
+   \ (owncloud)
+ 4 / Sharepoint Online, authenticated by Microsoft account
+   \ (sharepoint)
+ 5 / Sharepoint with NTLM authentication, usually self-hosted or on-premises
+   \ (sharepoint-ntlm)
+ 6 / rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
+   \ (rclone)
+ 7 / Other site/service or software
+   \ (other)
+vendor> 2
 User name
 user> user
 Password.
@@ -41051,13 +48052,13 @@ To copy a local directory to an WebDAV directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes ###
+### Modification times and hashes
 
 Plain WebDAV does not support modified times.  However when used with
-Owncloud or Nextcloud rclone will support modified times.
+Fastmail Files, Owncloud or Nextcloud rclone will support modified times.
 
 Likewise plain WebDAV does not support hashes, however when used with
-Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes.
+Fastmail Files, Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes.
 Depending on the exact version of Owncloud or Nextcloud hashes may
 appear on all objects, or only on objects which had a hash uploaded
 with them.
@@ -41091,6 +48092,8 @@ Properties:
 - Type:        string
 - Required:    false
 - Examples:
+    - "fastmail"
+        - Fastmail Files
     - "nextcloud"
         - Nextcloud
     - "owncloud"
@@ -41099,6 +48102,8 @@ Properties:
         - Sharepoint Online, authenticated by Microsoft account
     - "sharepoint-ntlm"
         - Sharepoint with NTLM authentication, usually self-hosted or on-premises
+    - "rclone"
+        - rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
     - "other"
         - Other site/service or software
 
@@ -41190,12 +48195,50 @@ Properties:
 - Type:        CommaSepList
 - Default:     
 
+#### --webdav-pacer-min-sleep
+
+Minimum time to sleep between API calls.
+
+Properties:
+
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_WEBDAV_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     10ms
+
+#### --webdav-nextcloud-chunk-size
+
+Nextcloud upload chunk size.
+
+We recommend configuring your NextCloud instance to increase the max chunk size to 1 GB for better upload performances.
+See https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#adjust-chunk-size-on-nextcloud-side
+
+Set to 0 to disable chunked uploading.
+
+
+Properties:
+
+- Config:      nextcloud_chunk_size
+- Env Var:     RCLONE_WEBDAV_NEXTCLOUD_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     10Mi
+
 
 
 ## Provider notes
 
 See below for notes on specific providers.
 
+## Fastmail Files
+
+Use `https://webdav.fastmail.com/` or a subdirectory as the URL,
+and your Fastmail email `username@domain.tld` as the username.
+Follow [this documentation](https://www.fastmail.help/hc/en-us/articles/360058752854-App-passwords)
+to create an app password with access to `Files (WebDAV)` and use
+this as the password.
+
+Fastmail supports modified times using the `X-OC-Mtime` header.
+
 ### Owncloud
 
 Click on the settings cog in the bottom right of the page and this
@@ -41291,6 +48334,14 @@ For Rclone calls copying files (especially Office files such as .docx, .xlsx, et
 --ignore-size --ignore-checksum --update
 ```
 
+## Rclone
+
+Use this option if you are hosting remotes over WebDAV provided by rclone.
+Read [rclone serve webdav](commands/rclone_serve_webdav/) for more details.
+
+rclone serve supports modified times using the `X-OC-Mtime` header.
+
+
 ### dCache
 
 dCache is a storage system that supports many protocols and
@@ -41451,14 +48502,12 @@ excess files in the path.
 
 Yandex paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-### Modified time
+### Modification times and hashes
 
 Modified times are supported and are stored accurate to 1 ns in custom
 metadata called `rclone_modified` in RFC3339 with nanoseconds format.
 
-### MD5 checksums
-
-MD5 checksums are natively supported by Yandex Disk.
+The MD5 hash algorithm is natively supported by Yandex Disk.
 
 ### Emptying Trash
 
@@ -41572,7 +48621,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_YANDEX_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Del,Ctl,InvalidUtf8,Dot
 
 
@@ -41699,13 +48748,11 @@ excess files in the path.
 
 Zoho paths may be as deep as required, eg `remote:directory/subdirectory`.
 
-### Modified time
+### Modification times and hashes
 
 Modified times are currently not supported for Zoho Workdrive
 
-### Checksums
-
-No checksums are supported.
+No hash algorithms are supported.
 
 ### Usage information
 
@@ -41828,7 +48875,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_ZOHO_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Del,Ctl,InvalidUtf8
 
 
@@ -41860,10 +48907,10 @@ For consistencies sake one can also configure a remote of type
 rclone remote paths, e.g. `remote:path/to/wherever`, but it is probably
 easier not to.
 
-### Modified time ###
+### Modification times
 
-Rclone reads and writes the modified time using an accuracy determined by
-the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second
+Rclone reads and writes the modification times using an accuracy determined
+by the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second
 on OS X.
 
 ### Filenames ###
@@ -42292,6 +49339,11 @@ time we:
 - Only checksum the size that stat gave
 - Don't update the stat info for the file
 
+**NB** do not use this flag on a Windows Volume Shadow (VSS). For some
+unknown reason, files in a VSS sometimes show different sizes from the
+directory listing (where the initial stat value comes from on Windows)
+and when stat is called on them directly. Other copy tools always use
+the direct stat value and setting this flag will disable that.
 
 
 Properties:
@@ -42402,7 +49454,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_LOCAL_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Dot
 
 ### Metadata
@@ -42464,6 +49516,498 @@ Options:
 
 # Changelog
 
+## v1.65.0 - 2023-11-26
+
+[See commits](https://github.com/rclone/rclone/compare/v1.64.0...v1.65.0)
+
+* New backends
+    * Azure Files (karan, moongdal, Nick Craig-Wood)
+    * ImageKit (Abhinav Dhiman)
+    * Linkbox (viktor, Nick Craig-Wood)
+* New commands
+    * `serve s3`: Let rclone act as an S3 compatible server (Mikubill, Artur Neumann, Saw-jan, Nick Craig-Wood)
+    * `nfsmount`: mount command to provide mount mechanism on macOS without FUSE (Saleh Dindar)
+    * `serve nfs`: to serve a remote for use by `nfsmount` (Saleh Dindar)
+* New Features
+    * install.sh: Clean up temp files in install script (Jacob Hands)
+    * build
+        * Update all dependencies (Nick Craig-Wood)
+        * Refactor version info and icon resource handling on windows (albertony)
+    * doc updates (albertony, alfish2000, asdffdsazqqq, Dimitri Papadopoulos, Herby Gillot, Joda Stößer, Manoj Ghosh, Nick Craig-Wood)
+    * Implement `--metadata-mapper` to transform metatadata with a user supplied program (Nick Craig-Wood)
+    * Add `ChunkWriterDoesntSeek` feature flag and set it for b2 (Nick Craig-Wood)
+    * lib/http: Export basic go string functions for use in `--template` (Gabriel Espinoza)
+    * makefile: Use POSIX compatible install arguments (Mina Galić)
+    * operations
+        * Use less memory when doing multithread uploads (Nick Craig-Wood)
+        * Implement `--partial-suffix` to control extension of temporary file names (Volodymyr)
+    * rc
+        * Add `operations/check` to the rc API (Nick Craig-Wood)
+        * Always report an error as JSON (Nick Craig-Wood)
+        * Set `Last-Modified` header for files served by `--rc-serve` (Nikita Shoshin)
+    * size: Dont show duplicate object count when less than 1k (albertony)
+* Bug Fixes
+    * fshttp: Fix `--contimeout` being ignored (你知道未来吗)
+    * march: Fix excessive parallelism when using `--no-traverse` (Nick Craig-Wood)
+    * ncdu: Fix crash when re-entering changed directory after rescan (Nick Craig-Wood)
+    * operations
+        * Fix overwrite of destination when multi-thread transfer fails (Nick Craig-Wood)
+        * Fix invalid UTF-8 when truncating file names when not using `--inplace` (Nick Craig-Wood)
+    * serve dnla: Fix crash on graceful exit (wuxingzhong)
+* Mount
+    * Disable mount for freebsd and alias cmount as mount on that platform (Nick Craig-Wood)
+* VFS
+    * Add `--vfs-refresh` flag to read all the directories on start (Beyond Meat)
+    * Implement Name() method in WriteFileHandle and ReadFileHandle (Saleh Dindar)
+    * Add go-billy dependency and make sure vfs.Handle implements billy.File (Saleh Dindar)
+    * Error out early if can't upload 0 length file (Nick Craig-Wood)
+* Local
+    * Fix copying from Windows Volume Shadows (Nick Craig-Wood)
+* Azure Blob
+    * Add support for cold tier (Ivan Yanitra)
+* B2
+    * Implement "rclone backend lifecycle" to read and set bucket lifecycles (Nick Craig-Wood)
+    * Implement `--b2-lifecycle` to control lifecycle when creating buckets (Nick Craig-Wood)
+    * Fix listing all buckets when not needed (Nick Craig-Wood)
+    * Fix multi-thread upload with copyto going to wrong name (Nick Craig-Wood)
+    * Fix server side chunked copy when file size was exactly `--b2-copy-cutoff` (Nick Craig-Wood)
+    * Fix streaming chunked files an exact multiple of chunk size (Nick Craig-Wood)
+* Box
+    * Filter more EventIDs when polling (David Sze)
+    * Add more logging for polling (David Sze)
+    * Fix performance problem reading metadata for single files (Nick Craig-Wood)
+* Drive
+    * Add read/write metadata support (Nick Craig-Wood)
+    * Add support for SHA-1 and SHA-256 checksums (rinsuki)
+    * Add `--drive-show-all-gdocs` to allow unexportable gdocs to be server side copied (Nick Craig-Wood)
+    * Add a note that `--drive-scope` accepts comma-separated list of scopes (Keigo Imai)
+    * Fix error updating created time metadata on existing object (Nick Craig-Wood)
+    * Fix integration tests by enabling metadata support from the context (Nick Craig-Wood)
+* Dropbox
+    * Factor batcher into lib/batcher (Nick Craig-Wood)
+    * Fix missing encoding for rclone purge (Nick Craig-Wood)
+* Google Cloud Storage
+    * Fix 400 Bad request errors when using multi-thread copy (Nick Craig-Wood)
+* Googlephotos
+    * Implement batcher for uploads (Nick Craig-Wood)
+* Hdfs
+    * Added support for list of namenodes in hdfs remote config (Tayo-pasedaRJ)
+* HTTP
+    * Implement set backend command to update running backend (Nick Craig-Wood)
+    * Enable methods used with WebDAV (Alen Šiljak)
+* Jottacloud
+    * Add support for reading and writing metadata (albertony)
+* Onedrive
+    * Implement ListR method which gives `--fast-list` support (Nick Craig-Wood)
+        * This must be enabled with the `--onedrive-delta` flag
+* Quatrix
+    * Add partial upload support (Oksana Zhykina)
+    * Overwrite files on conflict during server-side move (Oksana Zhykina)
+* S3
+    * Add Linode provider (Nick Craig-Wood)
+    * Add docs on how to add a new provider (Nick Craig-Wood)
+    * Fix no error being returned when creating a bucket we don't own (Nick Craig-Wood)
+    * Emit a debug message if anonymous credentials are in use (Nick Craig-Wood)
+    * Add `--s3-disable-multipart-uploads` flag (Nick Craig-Wood)
+    * Detect looping when using gcs and versions (Nick Craig-Wood)
+* SFTP
+    * Implement `--sftp-copy-is-hardlink` to server side copy as hardlink (Nick Craig-Wood)
+* Smb
+    * Fix incorrect `about` size by switching to `github.com/cloudsoda/go-smb2` fork (Nick Craig-Wood)
+    * Fix modtime of multithread uploads by setting PartialUploads (Nick Craig-Wood)
+* WebDAV
+    * Added an rclone vendor to work with `rclone serve webdav` (Adithya Kumar)
+
+## v1.64.2 - 2023-10-19
+
+[See commits](https://github.com/rclone/rclone/compare/v1.64.1...v1.64.2)
+
+* Bug Fixes
+    * selfupdate: Fix "invalid hashsum signature" error (Nick Craig-Wood)
+    * build: Fix docker build running out of space (Nick Craig-Wood)
+
+## v1.64.1 - 2023-10-17
+
+[See commits](https://github.com/rclone/rclone/compare/v1.64.0...v1.64.1)
+
+* Bug Fixes
+    * cmd: Make `--progress` output logs in the same format as without (Nick Craig-Wood)
+    * docs fixes (Dimitri Papadopoulos Orfanos, Herby Gillot, Manoj Ghosh, Nick Craig-Wood)
+    * lsjson: Make sure we set the global metadata flag too (Nick Craig-Wood)
+    * operations
+        * Ensure concurrency is no greater than the number of chunks (Pat Patterson)
+        * Fix OpenOptions ignored in copy if operation was a multiThreadCopy (Vitor Gomes)
+        * Fix error message on delete to have file name (Nick Craig-Wood)
+    * serve sftp: Return not supported error for not supported commands (Nick Craig-Wood)
+    * build: Upgrade golang.org/x/net to v0.17.0 to fix HTTP/2 rapid reset (Nick Craig-Wood)
+    * pacer: Fix b2 deadlock by defaulting max connections to unlimited (Nick Craig-Wood)
+* Mount
+    * Fix automount not detecting drive is ready (Nick Craig-Wood)
+* VFS
+    * Fix update dir modification time (Saleh Dindar)
+* Azure Blob
+    * Fix "fatal error: concurrent map writes" (Nick Craig-Wood)
+* B2
+    * Fix multipart upload: corrupted on transfer: sizes differ XXX vs 0 (Nick Craig-Wood)
+    * Fix locking window when getting mutipart upload URL (Nick Craig-Wood)
+    * Fix server side copies greater than 4GB (Nick Craig-Wood)
+    * Fix chunked streaming uploads (Nick Craig-Wood)
+    * Reduce default `--b2-upload-concurrency` to 4 to reduce memory usage (Nick Craig-Wood)
+* Onedrive
+    * Fix the configurator to allow `/teams/ID` in the config (Nick Craig-Wood)
+* Oracleobjectstorage
+    * Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Nick Craig-Wood)
+* S3
+    * Fix slice bounds out of range error when listing (Nick Craig-Wood)
+    * Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Vitor Gomes)
+* Storj
+    * Update storj.io/uplink to v1.12.0 (Kaloyan Raev)
+
+## v1.64.0 - 2023-09-11
+
+[See commits](https://github.com/rclone/rclone/compare/v1.63.0...v1.64.0)
+
+* New backends
+    * [Proton Drive](https://rclone.org/protondrive/) (Chun-Hung Tseng)
+    * [Quatrix](https://rclone.org/quatrix/) (Oksana, Volodymyr Kit)
+    * New S3 providers
+        * [Synology C2](https://rclone.org/s3/#synology-c2) (BakaWang)
+        * [Leviia](https://rclone.org/s3/#leviia) (Benjamin)
+    * New Jottacloud providers
+        * [Onlime](https://rclone.org/jottacloud/) (Fjodor42)
+        * [Telia Sky](https://rclone.org/jottacloud/) (NoLooseEnds)
+* Major changes
+    * Multi-thread transfers (Vitor Gomes, Nick Craig-Wood, Manoj Ghosh, Edwin Mackenzie-Owen)
+        * Multi-thread transfers are now available when transferring to:
+            * `local`, `s3`, `azureblob`, `b2`, `oracleobjectstorage` and `smb`
+        * This greatly improves transfer speed between two network sources.
+        * In memory buffering has been unified between all backends and should share memory better.
+        * See [--multi-thread docs](https://rclone.org/docs/#multi-thread-cutoff) for more info
+* New commands
+    * `rclone config redacted` support mechanism for showing redacted config (Nick Craig-Wood)
+* New Features
+    * accounting
+        * Show server side stats in own lines and not as bytes transferred (Nick Craig-Wood)
+    * bisync
+        * Add new `--ignore-listing-checksum` flag to distinguish from `--ignore-checksum` (nielash)
+        * Add experimental `--resilient` mode to allow recovery from self-correctable errors (nielash)
+        * Add support for `--create-empty-src-dirs` (nielash)
+        * Dry runs no longer commit filter changes (nielash)
+        * Enforce `--check-access` during `--resync` (nielash)
+        * Apply filters correctly during deletes (nielash)
+        * Equality check before renaming (leave identical files alone) (nielash)
+        * Fix `dryRun` rc parameter being ignored (nielash)
+    * build
+        * Update to `go1.21` and make `go1.19` the minimum required version (Anagh Kumar Baranwal, Nick Craig-Wood)
+        * Update dependencies (Nick Craig-Wood)
+        * Add snap installation (hideo aoyama)
+        * Change Winget Releaser job to `ubuntu-latest` (sitiom)
+    * cmd: Refactor and use sysdnotify in more commands (eNV25)
+    * config: Add `--multi-thread-chunk-size` flag (Vitor Gomes)
+    * doc updates (antoinetran, Benjamin, Bjørn Smith, Dean Attali, gabriel-suela, James Braza, Justin Hellings, kapitainsky, Mahad, Masamune3210, Nick Craig-Wood, Nihaal Sangha, Niklas Hambüchen, Raymond Berger, r-ricci, Sawada Tsunayoshi, Tiago Boeing, Vladislav Vorobev)
+    * fs
+        * Use atomic types everywhere (Roberto Ricci)
+        * When `--max-transfer` limit is reached exit with code (10) (kapitainsky)
+        * Add rclone completion powershell - basic implementation only (Nick Craig-Wood)
+    * http servers: Allow CORS to be set with `--allow-origin` flag (yuudi)
+    * lib/rest: Remove unnecessary `nil` check (Eng Zer Jun)
+    * ncdu: Add keybinding to rescan filesystem (eNV25)
+    * rc
+        * Add `executeId` to job listings (yuudi)
+        * Add `core/du` to measure local disk usage (Nick Craig-Wood)
+        * Add `operations/settier` to API (Drew Stinnett)
+    * rclone test info: Add `--check-base32768` flag to check can store all base32768 characters (Nick Craig-Wood)
+    * rmdirs: Remove directories concurrently controlled by `--checkers` (Nick Craig-Wood)
+* Bug Fixes
+    * accounting: Don't stop calculating average transfer speed until the operation is complete (Jacob Hands)
+    * fs: Fix `transferTime` not being set in JSON logs (Jacob Hands)
+    * fshttp: Fix `--bind 0.0.0.0` allowing IPv6 and `--bind ::0` allowing IPv4 (Nick Craig-Wood)
+    * operations: Fix overlapping check on case insensitive file systems (Nick Craig-Wood)
+    * serve dlna: Fix MIME type if backend can't identify it (Nick Craig-Wood)
+    * serve ftp: Fix race condition when using the auth proxy (Nick Craig-Wood)
+    * serve sftp: Fix hash calculations with `--vfs-cache-mode full` (Nick Craig-Wood)
+    * serve webdav: Fix error: Expecting fs.Object or fs.Directory, got `nil` (Nick Craig-Wood)
+    * sync: Fix lockup with `--cutoff-mode=soft` and `--max-duration` (Nick Craig-Wood)
+* Mount
+    * fix: Mount parsing for linux (Anagh Kumar Baranwal)
+* VFS
+    * Add `--vfs-cache-min-free-space` to control minimum free space on the disk containing the cache (Nick Craig-Wood)
+    * Added cache cleaner for directories to reduce memory usage (Anagh Kumar Baranwal)
+    * Update parent directory modtimes on vfs actions (David Pedersen)
+    * Keep virtual directory status accurate and reduce deadlock potential (Anagh Kumar Baranwal)
+    * Make sure struct field is aligned for atomic access (Roberto Ricci)
+* Local
+    * Rmdir return an error if the path is not a dir (zjx20)
+* Azure Blob
+    * Implement `OpenChunkWriter` and multi-thread uploads (Nick Craig-Wood)
+    * Fix creation of directory markers (Nick Craig-Wood)
+    * Fix purging with directory markers (Nick Craig-Wood)
+* B2
+    * Implement `OpenChunkWriter` and multi-thread uploads (Nick Craig-Wood)
+    * Fix rclone link when object path contains special characters (Alishan Ladhani)
+* Box
+    * Add polling support (David Sze)
+    * Add `--box-impersonate` to impersonate a user ID (Nick Craig-Wood)
+    * Fix unhelpful decoding of error messages into decimal numbers (Nick Craig-Wood)
+* Chunker
+    * Update documentation to mention issue with small files (Ricardo D'O. Albanus)
+* Compress
+    * Fix ChangeNotify (Nick Craig-Wood)
+* Drive
+    * Add `--drive-fast-list-bug-fix` to control ListR bug workaround (Nick Craig-Wood)
+* Fichier
+    * Implement `DirMove` (Nick Craig-Wood)
+    * Fix error code parsing (alexia)
+* FTP
+    * Add socks_proxy support for SOCKS5 proxies (Zach)
+    * Fix 425 "TLS session of data connection not resumed" errors (Nick Craig-Wood)
+* Hdfs
+    * Retry "replication in progress" errors when uploading (Nick Craig-Wood)
+    * Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)
+* HTTP
+    * CORS should not be sent if not set (yuudi)
+    * Fix webdav OPTIONS response (yuudi)
+* Opendrive
+    * Fix List on a just deleted and remade directory (Nick Craig-Wood)
+* Oracleobjectstorage
+    * Use rclone's rate limiter in multipart transfers (Manoj Ghosh)
+    * Implement `OpenChunkWriter` and multi-thread uploads (Manoj Ghosh)
+* S3
+    * Refactor multipart upload to use `OpenChunkWriter` and `ChunkWriter` (Vitor Gomes)
+    * Factor generic multipart upload into `lib/multipart` (Nick Craig-Wood)
+    * Fix purging of root directory with `--s3-directory-markers` (Nick Craig-Wood)
+    * Add `rclone backend set` command to update the running config (Nick Craig-Wood)
+    * Add `rclone backend restore-status` command (Nick Craig-Wood)
+* SFTP
+    * Stop uploads re-using the same ssh connection to improve performance (Nick Craig-Wood)
+    * Add `--sftp-ssh` to specify an external ssh binary to use (Nick Craig-Wood)
+    * Add socks_proxy support for SOCKS5 proxies (Zach)
+    * Support dynamic `--sftp-path-override` (nielash)
+    * Fix spurious warning when using `--sftp-ssh` (Nick Craig-Wood)
+* Smb
+    * Implement multi-threaded writes for copies to smb (Edwin Mackenzie-Owen)
+* Storj
+    * Performance improvement for large file uploads (Kaloyan Raev)
+* Swift
+    * Fix HEADing 0-length objects when `--swift-no-large-objects` set (Julian Lepinski)
+* Union
+    * Add `:writback` to act as a simple cache (Nick Craig-Wood)
+* WebDAV
+    * Nextcloud: fix segment violation in low-level retry (Paul)
+* Zoho
+    * Remove Range requests workarounds to fix integration tests (Nick Craig-Wood)
+
+## v1.63.1 - 2023-07-17
+
+[See commits](https://github.com/rclone/rclone/compare/v1.63.0...v1.63.1)
+
+* Bug Fixes
+    * build: Fix macos builds for versions < 12 (Anagh Kumar Baranwal)
+    * dirtree: Fix performance with large directories of directories and `--fast-list` (Nick Craig-Wood)
+    * operations
+        * Fix deadlock when using `lsd`/`ls` with `--progress` (Nick Craig-Wood)
+        * Fix `.rclonelink` files not being converted back to symlinks (Nick Craig-Wood)
+    * doc fixes (Dean Attali, Mahad, Nick Craig-Wood, Sawada Tsunayoshi, Vladislav Vorobev)
+* Local
+    * Fix partial directory read for corrupted filesystem (Nick Craig-Wood)
+* Box
+    * Fix reconnect failing with HTTP 400 Bad Request (albertony)
+* Smb
+    * Fix "Statfs failed: bucket or container name is needed" when mounting (Nick Craig-Wood)
+* WebDAV
+    * Nextcloud: fix must use /dav/files/USER endpoint not /webdav error (Paul)
+    * Nextcloud chunking: add more guidance for the user to check the config (darix)
+
+## v1.63.0 - 2023-06-30
+
+[See commits](https://github.com/rclone/rclone/compare/v1.62.0...v1.63.0)
+
+* New backends
+    * [Pikpak](https://rclone.org/pikpak/) (wiserain)
+    * New S3 providers
+        * [petabox.io](https://rclone.org/s3/#petabox) (Andrei Smirnov)
+        * [Google Cloud Storage](https://rclone.org/s3/#google-cloud-storage) (Anthony Pessy)
+    * New WebDAV providers
+        * [Fastmail](https://rclone.org/webdav/#fastmail-files) (Arnavion)
+* Major changes
+    * Files will be copied to a temporary name ending in `.partial` when copying to `local`,`ftp`,`sftp` then renamed at the end of the transfer. (Janne Hellsten, Nick Craig-Wood)
+        * This helps with data integrity as we don't delete the existing file until the new one is complete.
+        * It can be disabled with the [--inplace](https://rclone.org/docs/#inplace) flag.
+        * This behaviour will also happen if the backend is wrapped, for example `sftp` wrapped with `crypt`.
+    * The [s3](https://rclone.org/s3/#s3-directory-markers), [azureblob](/azureblob/#azureblob-directory-markers) and [gcs](/googlecloudstorage/#gcs-directory-markers) backends now support directory markers so empty directories are supported (Jānis Bebrītis, Nick Craig-Wood)
+    * The [--default-time](https://rclone.org/docs/#default-time-time) flag now controls the unknown modification time of files/dirs (Nick Craig-Wood)
+        * If a file or directory does not have a modification time rclone can read then rclone will display this fixed time instead.
+        * For the old behaviour use `--default-time 0s` which will set this time to the time rclone started up.
+* New Features
+    * build
+        * Modernise linters in use and fixup all affected code (albertony)
+        * Push docker beta to GHCR (GitHub container registry) (Richard Tweed)
+    * cat: Add `--separator` option to cat command (Loren Gordon)
+    * config
+        * Do not remove/overwrite other files during config file save (albertony)
+        * Do not overwrite config file symbolic link (albertony)
+        * Stop `config create` making invalid config files (Nick Craig-Wood)
+    * doc updates (Adam K, Aditya Basu, albertony, asdffdsazqqq, Damo, danielkrajnik, Dimitri Papadopoulos, dlitster, Drew Parsons, jumbi77, kapitainsky, mac-15, Mariusz Suchodolski, Nick Craig-Wood, NickIAm, Rintze Zelle, Stanislav Gromov, Tareq Sharafy, URenko, yuudi, Zach Kipp)
+    * fs
+        * Add `size` to JSON logs when moving or copying an object (Nick Craig-Wood)
+        * Allow boolean features to be enabled with `--disable !Feature` (Nick Craig-Wood)
+    * genautocomplete: Rename to `completion` with alias to the old name (Nick Craig-Wood)
+    * librclone: Added example on using `librclone` with Go (alankrit)
+    * lsjson: Make `--stat` more efficient (Nick Craig-Wood)
+    * operations
+        * Implement `--multi-thread-write-buffer-size` for speed improvements on downloads (Paulo Schreiner)
+        * Reopen downloads on error when using `check --download` and `cat` (Nick Craig-Wood)
+    * rc: `config/listremotes` includes remotes defined with environment variables (kapitainsky)
+    * selfupdate: Obey `--no-check-certificate` flag (Nick Craig-Wood)
+    * serve restic: Trigger systemd notify (Shyim)
+    * serve webdav: Implement owncloud checksum and modtime extensions (WeidiDeng)
+    * sync: `--suffix-keep-extension` preserve 2 part extensions like .tar.gz (Nick Craig-Wood)
+* Bug Fixes
+    * accounting
+        * Fix Prometheus metrics to be the same as `core/stats` (Nick Craig-Wood)
+        * Bwlimit signal handler should always start (Sam Lai)
+    * bisync: Fix `maxDelete` parameter being ignored via the rc (Nick Craig-Wood)
+    * cmd/ncdu: Fix screen corruption when logging (eNV25)
+    * filter: Fix deadlock with errors on `--files-from` (douchen)
+    * fs
+        * Fix interaction between `--progress` and `--interactive` (Nick Craig-Wood)
+        * Fix infinite recursive call in pacer ModifyCalculator (fixes issue reported by the staticcheck linter) (albertony)
+    * lib/atexit: Ensure OnError only calls cancel function once (Nick Craig-Wood)
+    * lib/rest: Fix problems re-using HTTP connections (Nick Craig-Wood)
+    * rc
+        * Fix `operations/stat` with trailing `/` (Nick Craig-Wood)
+        * Fix missing `--rc` flags (Nick Craig-Wood)
+        * Fix output of Time values in `options/get` (Nick Craig-Wood)
+    * serve dlna: Fix potential data race (Nick Craig-Wood)
+    * version: Fix reported os/kernel version for windows (albertony)
+* Mount
+    * Add `--mount-case-insensitive` to force the mount to be case insensitive (Nick Craig-Wood)
+    * Removed unnecessary byte slice allocation for reads (Anagh Kumar Baranwal)
+    * Clarify rclone mount error when installed via homebrew (Nick Craig-Wood)
+    * Added _netdev to the example mount so it gets treated as a remote-fs rather than local-fs (Anagh Kumar Baranwal)
+* Mount2
+    * Updated go-fuse version (Anagh Kumar Baranwal)
+    * Fixed statfs (Anagh Kumar Baranwal)
+    * Disable xattrs (Anagh Kumar Baranwal)
+* VFS
+    * Add MkdirAll function to make a directory and all beneath (Nick Craig-Wood)
+    * Fix reload: failed to add virtual dir entry: file does not exist (Nick Craig-Wood)
+    * Fix writing to a read only directory creating spurious directory entries (WeidiDeng)
+    * Fix potential data race (Nick Craig-Wood)
+    * Fix backends being Shutdown too early when startup takes a long time (Nick Craig-Wood)
+* Local
+    * Fix filtering of symlinks with `-l`/`--links` flag (Nick Craig-Wood)
+    * Fix /path/to/file.rclonelink when `-l`/`--links` is in use (Nick Craig-Wood)
+    * Fix crash with `--metadata` on Android (Nick Craig-Wood)
+* Cache
+    * Fix backends shutting down when in use when used via the rc (Nick Craig-Wood)
+* Crypt
+    * Add `--crypt-suffix` option to set a custom suffix for encrypted files (jladbrook)
+    * Add `--crypt-pass-bad-blocks` to allow corrupted file output (Nick Craig-Wood)
+    * Fix reading 0 length files (Nick Craig-Wood)
+    * Try not to return "unexpected EOF" error (Nick Craig-Wood)
+    * Reduce allocations (albertony)
+    * Recommend Dropbox for `base32768` encoding (Nick Craig-Wood)
+* Azure Blob
+    * Empty directory markers (Nick Craig-Wood)
+    * Support azure workload identities (Tareq Sharafy)
+    * Fix azure blob uploads with multiple bits of metadata (Nick Craig-Wood)
+    * Fix azurite compatibility by sending nil tier if set to empty string (Roel Arents)
+* Combine
+    * Implement missing methods (Nick Craig-Wood)
+    * Fix goroutine stack overflow on bad object (Nick Craig-Wood)
+* Drive
+    * Add `--drive-env-auth` to get IAM credentials from runtime (Peter Brunner)
+    * Update drive service account guide (Juang, Yi-Lin)
+    * Fix change notify picking up files outside the root (Nick Craig-Wood)
+    * Fix trailing slash mis-identificaton of folder as file (Nick Craig-Wood)
+    * Fix incorrect remote after Update on object (Nick Craig-Wood)
+* Dropbox
+    * Implement `--dropbox-pacer-min-sleep` flag (Nick Craig-Wood)
+    * Fix the dropbox batcher stalling (Misty)
+* Fichier
+    * Add `--ficicher-cdn` option to use the CDN for download (Nick Craig-Wood)
+* FTP
+    * Lower log message priority when `SetModTime` is not supported to debug (Tobias Gion)
+    * Fix "unsupported LIST line" errors on startup (Nick Craig-Wood)
+    * Fix "501 Not a valid pathname." errors when creating directories (Nick Craig-Wood)
+* Google Cloud Storage
+    * Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)
+    * Added `--gcs-user-project` needed for requester pays (Christopher Merry)
+* HTTP
+    * Add client certificate user auth middleware. This can auth `serve restic` from the username in the client cert. (Peter Fern)
+* Jottacloud
+    * Fix vfs writeback stuck in a failed upload loop with file versioning disabled (albertony)
+* Onedrive
+    * Add `--onedrive-av-override` flag to download files flagged as virus (Nick Craig-Wood)
+    * Fix quickxorhash on 32 bit architectures (Nick Craig-Wood)
+    * Report any list errors during `rclone cleanup` (albertony)
+* Putio
+    * Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)
+    * Fix modification times not being preserved for server side copy and move (Nick Craig-Wood)
+    * Fix server side copy failures (400 errors) (Nick Craig-Wood)
+* S3
+    * Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)
+    * Update Scaleway storage classes (Brian Starkey)
+    * Fix `--s3-versions` on individual objects (Nick Craig-Wood)
+    * Fix hang on aborting multipart upload with iDrive e2 (Nick Craig-Wood)
+    * Fix missing "tier" metadata (Nick Craig-Wood)
+    * Fix V3sign: add missing subresource delete (cc)
+    * Fix Arvancloud Domain and region changes and alphabetise the provider (Ehsan Tadayon)
+    * Fix Qiniu KODO quirks virtualHostStyle is false (zzq)
+* SFTP
+    * Add `--sftp-host-key-algorithms ` to allow specifying SSH host key algorithms (Joel)
+    * Fix using `--sftp-key-use-agent` and `--sftp-key-file` together needing private key file (Arnav Singh)
+    * Fix move to allow overwriting existing files (Nick Craig-Wood)
+    * Don't stat directories before listing them (Nick Craig-Wood)
+    * Don't check remote points to a file if it ends with / (Nick Craig-Wood)
+* Sharefile
+    * Disable streamed transfers as they no longer work (Nick Craig-Wood)
+* Smb
+    * Code cleanup to avoid overwriting ctx before first use (fixes issue reported by the staticcheck linter) (albertony)
+* Storj
+    * Fix "uplink: too many requests" errors when uploading to the same file (Nick Craig-Wood)
+    * Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)
+* Swift
+    * Ignore 404 error when deleting an object (Nick Craig-Wood)
+* Union
+    * Implement missing methods (Nick Craig-Wood)
+    * Allow errors to be unwrapped for inspection (Nick Craig-Wood)
+* Uptobox
+    * Add `--uptobox-private` flag to make all uploaded files private (Nick Craig-Wood)
+    * Fix improper regex (Aaron Gokaslan)
+    * Fix Update returning the wrong object (Nick Craig-Wood)
+    * Fix rmdir declaring that directories weren't empty (Nick Craig-Wood)
+* WebDAV
+    * nextcloud: Add support for chunked uploads (Paul)
+    * Set modtime using propset for owncloud and nextcloud (WeidiDeng)
+    * Make pacer minSleep configurable with `--webdav-pacer-min-sleep` (ed)
+    * Fix server side copy/move not overwriting (WeidiDeng)
+    * Fix modtime on server side copy for owncloud and nextcloud (Nick Craig-Wood)
+* Yandex
+    * Fix 400 Bad Request on transfer failure (Nick Craig-Wood)
+* Zoho
+    * Fix downloads with `Range:` header returning the wrong data (Nick Craig-Wood)
+
+## v1.62.2 - 2023-03-16
+
+[See commits](https://github.com/rclone/rclone/compare/v1.62.1...v1.62.2)
+
+* Bug Fixes
+    * docker volume plugin: Add missing fuse3 dependency (Nick Craig-Wood)
+    * docs: Fix size documentation (asdffdsazqqq)
+* FTP
+    * Fix 426 errors on downloads with vsftpd (Lesmiscore)
+
+## v1.62.1 - 2023-03-15
+
+[See commits](https://github.com/rclone/rclone/compare/v1.62.0...v1.62.1)
+
+* Bug Fixes
+    * docker: Add missing fuse3 dependency (cycneuramus)
+    * build: Update release docs to be more careful with the tag (Nick Craig-Wood)
+    * build: Set Github release to draft while uploading binaries (Nick Craig-Wood)
+
 ## v1.62.0 - 2023-03-14
 
 [See commits](https://github.com/rclone/rclone/compare/v1.61.0...v1.62.0)
@@ -44460,8 +52004,8 @@ all the docs and Edward Barker for helping re-write the front page.
     * Use proper import path go.etcd.io/bbolt (Robert-André Mauchin)
 * Crypt
     * Calculate hashes for uploads from local disk (Nick Craig-Wood)
-        * This allows crypted Jottacloud uploads without using local disk
-        * This means crypted s3/b2 uploads will now have hashes
+        * This allows encrypted Jottacloud uploads without using local disk
+        * This means encrypted s3/b2 uploads will now have hashes
     * Added `rclone backend decode`/`encode` commands to replicate functionality of `cryptdecode` (Anagh Kumar Baranwal)
     * Get rid of the unused Cipher interface as it obfuscated the code (Nick Craig-Wood)
 * Azure Blob
@@ -45671,7 +53215,7 @@ Point release to fix hubic and azureblob backends.
     * Fix panic when running without plex configs (Remus Bunduc)
     * Fix root folder caching (Remus Bunduc)
 * Crypt
-    * Check the crypted hash of files when uploading for extra data security
+    * Check the encrypted hash of files when uploading for extra data security
 * Dropbox
     * Make Dropbox for business folders accessible using an initial `/` in the path
 * Google Cloud Storage
@@ -46026,7 +53570,7 @@ Point release to fix hubic and azureblob backends.
 * New commands
     * `rcat` - read from standard input and stream upload
     * `tree` - shows a nicely formatted recursive listing
-    * `cryptdecode` - decode crypted file names (thanks ishuah)
+    * `cryptdecode` - decode encrypted file names (thanks ishuah)
     * `config show` - print the config file
     * `config file` - print the config file location
 * New Features
@@ -46052,7 +53596,7 @@ Point release to fix hubic and azureblob backends.
     * Revert to copy when moving file across file system boundaries
     * `--skip-links` to suppress symlink warnings (thanks Zhiming Wang)
 * Mount
-    * Re-use `rcat` internals to support uploads from all remotes
+    * Reuse `rcat` internals to support uploads from all remotes
 * Dropbox
     * Fix "entry doesn't belong in directory" error
     * Stop using deprecated API methods
@@ -46330,7 +53874,7 @@ Point release to fix hubic and azureblob backends.
     * Fix `rclone move` command
         * Delete src files which already existed in dst
         * Fix deletion of src file when dst file older
-    * Fix `rclone check` on crypted file systems
+    * Fix `rclone check` on encrypted file systems
     * Make failed uploads not count as "Transferred"
     * Make sure high level retries show with `-q`
     * Use a vendor directory with godep for repeatable builds
@@ -47109,9 +54653,29 @@ If you are using `systemd-resolved` (default on Arch Linux), ensure it
 is at version 233 or higher. Previous releases contain a bug which
 causes not all domains to be resolved properly.
 
-Additionally with the `GODEBUG=netdns=` environment variable the Go
-resolver decision can be influenced. This also allows to resolve certain
-issues with DNS resolution. See the [name resolution section in the go docs](https://golang.org/pkg/net/#hdr-Name_Resolution).
+
+The Go resolver decision can be influenced with the `GODEBUG=netdns=...`
+environment variable. This also allows to resolve certain issues with
+DNS resolution. On Windows or MacOS systems, try forcing use of the
+internal Go resolver by setting `GODEBUG=netdns=go` at runtime. On
+other systems (Linux, \*BSD, etc) try forcing use of the system
+name resolver by setting `GODEBUG=netdns=cgo` (and recompile rclone
+from source with CGO enabled if necessary). See the
+[name resolution section in the go docs](https://golang.org/pkg/net/#hdr-Name_Resolution).
+
+### Failed to start auth webserver on Windows ###
+```
+Error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+...
+yyyy/mm/dd hh:mm:ss Fatal error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+```
+
+This is sometimes caused by the Host Network Service causing issues with opening the port on the host.
+
+A simple solution may be restarting the Host Network Service with eg. Powershell
+```
+Restart-Service hns
+```
 
 ### The total size reported in the stats for a sync is wrong and keeps changing
 
@@ -47191,7 +54755,7 @@ Authors
 Contributors
 ------------
 
-{{< rem `email addresses removed from here need to be addeed to
+{{< rem `email addresses removed from here need to be added to
 bin/.ignore-emails to make sure update-authors.py doesn't immediately
 put them back in again.` >}}
 
@@ -47704,7 +55268,7 @@ put them back in again.` >}}
   * HNGamingUK <connor@earnshawhome.co.uk>
   * Jonta <359397+Jonta@users.noreply.github.com>
   * YenForYang <YenForYang@users.noreply.github.com>
-  * Joda Stößer <stoesser@yay-digital.de> <services+github@simjo.st>
+  * SimJoSt / Joda Stößer <git@simjo.st>
   * Logeshwaran <waranlogesh@gmail.com>
   * Rajat Goel <rajat@dropbox.com>
   * r0kk3rz <r0kk3rz@gmail.com>
@@ -47719,7 +55283,6 @@ put them back in again.` >}}
   * Chris Nelson <stuff@cjnaz.com>
   * Felix Bünemann <felix.buenemann@gmail.com>
   * Atílio Antônio <atiliodadalto@hotmail.com>
-  * Roberto Ricci <ricci@disroot.org>
   * Carlo Mion <mion00@gmail.com>
   * Chris Lu <chris.lu@gmail.com>
   * Vitor Arruda <vitor.pimenta.arruda@gmail.com>
@@ -47765,7 +55328,7 @@ put them back in again.` >}}
   * Leroy van Logchem <lr.vanlogchem@gmail.com>
   * Zsolt Ero <zsolt.ero@gmail.com>
   * Lesmiscore <nao20010128@gmail.com>
-  * ehsantdy <ehsan.tadayon@arvancloud.com>
+  * ehsantdy <ehsan.tadayon@arvancloud.com> <ehsantadayon85@gmail.com>
   * SwazRGB <65694696+swazrgb@users.noreply.github.com>
   * Mateusz Puczyński <mati6095@gmail.com>
   * Michael C Tiernan - MIT-Research Computing Project <mtiernan@mit.edu>
@@ -47775,6 +55338,7 @@ put them back in again.` >}}
   * Christian Galo <36752715+cgalo5758@users.noreply.github.com>
   * Erik van Velzen <erik@evanv.nl>
   * Derek Battams <derek@battams.ca>
+  * Paul <devnoname120@gmail.com>
   * SimonLiu <simonliu009@users.noreply.github.com>
   * Hugo Laloge <hla@lescompanions.com>
   * Mr-Kanister <68117355+Mr-Kanister@users.noreply.github.com>
@@ -47873,33 +55437,154 @@ put them back in again.` >}}
   * Peter Brunner <peter@psykhe.com>
   * Leandro Sacchet <leandro.sacchet@animati.com.br>
   * dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+  * cycneuramus <56681631+cycneuramus@users.noreply.github.com>
+  * Arnavion <me@arnavion.dev>
+  * Christopher Merry <christopher.merry@mlb.com>
+  * Thibault Coupin <thibault.coupin@gmail.com>
+  * Richard Tweed <RichardoC@users.noreply.github.com>
+  * Zach Kipp <Zacho2@users.noreply.github.com>
+  * yuudi <26199752+yuudi@users.noreply.github.com>
+  * NickIAm <NickIAm@users.noreply.github.com>
+  * Juang, Yi-Lin <frankyjuang@gmail.com>
+  * jumbi77 <jumbi77@users.noreply.github.com>
+  * Aditya Basu <ab.aditya.basu@gmail.com>
+  * ed <s@ocv.me>
+  * Drew Parsons <dparsons@emerall.com>
+  * Joel <joelnb@users.noreply.github.com>
+  * wiserain <mail275@gmail.com>
+  * Roel Arents <roel.arents@kadaster.nl>
+  * Shyim <github@shyim.de>
+  * Rintze Zelle <78232505+rzelle-lallemand@users.noreply.github.com>
+  * Damo <damoclark@users.noreply.github.com>
+  * WeidiDeng <weidi_deng@icloud.com>
+  * Brian Starkey <stark3y@gmail.com>
+  * jladbrook <jhladbrook@gmail.com>
+  * Loren Gordon <lorengordon@users.noreply.github.com>
+  * dlitster <davidlitster@gmail.com>
+  * Tobias Gion <tobias@gion.io>
+  * Jānis Bebrītis <janis.bebritis@wunder.io>
+  * Adam K <github.com@ak.tidy.email>
+  * Andrei Smirnov <smirnov.captain@gmail.com>
+  * Janne Hellsten <jjhellst@gmail.com>
+  * cc <12904584+shvc@users.noreply.github.com>
+  * Tareq Sharafy <tareq.sha@gmail.com>
+  * kapitainsky <dariuszb@me.com>
+  * douchen <playgoobug@gmail.com>
+  * Sam Lai <70988+slai@users.noreply.github.com>
+  * URenko <18209292+URenko@users.noreply.github.com>
+  * Stanislav Gromov <kullfar@gmail.com>
+  * Paulo Schreiner <paulo.schreiner@delivion.de>
+  * Mariusz Suchodolski <mariusz@suchodol.ski>
+  * danielkrajnik <dan94kra@gmail.com>
+  * Peter Fern <github@0xc0dedbad.com>
+  * zzq <i@zhangzqs.cn>
+  * mac-15 <usman.ilamdin@phpstudios.com>
+  * Sawada Tsunayoshi <34431649+TsunayoshiSawada@users.noreply.github.com>
+  * Dean Attali <daattali@gmail.com>
+  * Fjodor42 <molgaard@gmail.com>
+  * BakaWang <wa11579@hotmail.com>
+  * Mahad <56235065+Mahad-lab@users.noreply.github.com>
+  * Vladislav Vorobev <x.miere@gmail.com>
+  * darix <darix@users.noreply.github.com>
+  * Benjamin <36415086+bbenjamin-sys@users.noreply.github.com>
+  * Chun-Hung Tseng <henrybear327@users.noreply.github.com>
+  * Ricardo D'O. Albanus <rdalbanus@users.noreply.github.com>
+  * gabriel-suela <gscsuela@gmail.com>
+  * Tiago Boeing <contato@tiagoboeing.com>
+  * Edwin Mackenzie-Owen <edwin.mowen@gmail.com>
+  * Niklas Hambüchen <mail@nh2.me>
+  * yuudi <yuudi@users.noreply.github.com>
+  * Zach <github@prozach.org>
+  * nielash <31582349+nielash@users.noreply.github.com>
+  * Julian Lepinski <lepinsk@users.noreply.github.com>
+  * Raymond Berger <RayBB@users.noreply.github.com>
+  * Nihaal Sangha <nihaal.git@gmail.com>
+  * Masamune3210 <1053504+Masamune3210@users.noreply.github.com>
+  * James Braza <jamesbraza@gmail.com>
+  * antoinetran <antoinetran@users.noreply.github.com>
+  * alexia <me@alexia.lol>
+  * nielash <nielronash@gmail.com>
+  * Vitor Gomes <vitor.gomes@delivion.de> <mail@vitorgomes.com>
+  * Jacob Hands <jacob@gogit.io>
+  * hideo aoyama <100831251+boukendesho@users.noreply.github.com>
+  * Roberto Ricci <io@r-ricci.it>
+  * Bjørn Smith <bjornsmith@gmail.com>
+  * Alishan Ladhani <8869764+aladh@users.noreply.github.com>
+  * zjx20 <zhoujianxiong2@gmail.com>
+  * Oksana <142890647+oks-maytech@users.noreply.github.com>
+  * Volodymyr Kit <v.kit@maytech.net>
+  * David Pedersen <limero@me.com>
+  * Drew Stinnett <drew@drewlink.com>
+  * Pat Patterson <pat@backblaze.com>
+  * Herby Gillot <herby.gillot@gmail.com>
+  * Nikita Shoshin <shoshin_nikita@fastmail.com>
+  * rinsuki <428rinsuki+git@gmail.com>
+  * Beyond Meat <51850644+beyondmeat@users.noreply.github.com>
+  * Saleh Dindar <salh@fb.com>
+  * Volodymyr <142890760+vkit-maytech@users.noreply.github.com>
+  * Gabriel Espinoza <31670639+gspinoza@users.noreply.github.com>
+  * Keigo Imai <keigo.imai@gmail.com>
+  * Ivan Yanitra <iyanitra@tesla-consulting.com>
+  * alfish2000 <alfish2000@gmail.com>
+  * wuxingzhong <qq330332812@gmail.com>
+  * Adithya Kumar <akumar42@protonmail.com>
+  * Tayo-pasedaRJ <138471223+Tayo-pasedaRJ@users.noreply.github.com>
+  * Peter Kreuser <logo@kreuser.name>
+  * Piyush <piyushgarg80>
+  * fotile96 <fotile96@users.noreply.github.com>
+  * Luc Ritchie <luc.ritchie@gmail.com>
+  * cynful <cynful@users.noreply.github.com>
+  * wjielai <wjielai@tencent.com>
+  * Jack Deng <jackdeng@gmail.com>
+  * Mikubill <31246794+Mikubill@users.noreply.github.com>
+  * Artur Neumann <artur@jankaritech.com>
+  * Saw-jan <saw.jan.grg3e@gmail.com>
+  * Oksana Zhykina <o.zhykina@maytech.net>
+  * karan <karan.gupta92@gmail.com>
+  * viktor <viktor@yakovchuk.net>
+  * moongdal <moongdal@tutanota.com>
+  * Mina Galić <freebsd@igalic.co>
+  * Alen Šiljak <dev@alensiljak.eu.org>
+  * 你知道未来吗 <rkonfj@gmail.com>
+  * Abhinav Dhiman <8640877+ahnv@users.noreply.github.com>
+
+# Contact the rclone project
+
+## Forum
+
+Forum for questions and general discussion:
 
-# Contact the rclone project #
+- https://forum.rclone.org
 
-## Forum ##
+## Business support
 
-Forum for questions and general discussion:
+For business support or sponsorship enquiries please see:
 
-  * https://forum.rclone.org
+- https://rclone.com/
+- sponsorship@rclone.com
 
-## GitHub repository ##
+## GitHub repository
 
 The project's repository is located at:
 
-  * https://github.com/rclone/rclone
+- https://github.com/rclone/rclone
 
 There you can file bug reports or contribute with pull requests.
 
-## Twitter ##
+## Twitter
 
-You can also follow me on twitter for rclone announcements:
+You can also follow Nick on twitter for rclone announcements:
 
-  * [@njcw](https://twitter.com/njcw)
+- [@njcw](https://twitter.com/njcw)
 
-## Email ##
+## Email
 
 Or if all else fails or you want to ask something private or
-confidential email [Nick Craig-Wood](mailto:nick@craig-wood.com).
-Please don't email me requests for help - those are better directed to
-the forum. Thanks!
+confidential
+
+- info@rclone.com
+
+Please don't email requests for help to this address - those are
+better directed to the forum unless you'd like to sign up for business
+support.
 
diff --git a/MANUAL.txt b/MANUAL.txt
index 2a69150921fad..11a38590b18d9 100644
--- a/MANUAL.txt
+++ b/MANUAL.txt
@@ -1,6 +1,6 @@
 rclone(1) User Manual
 Nick Craig-Wood
-Mar 14, 2023
+Nov 26, 2023
 
 Rclone syncs your files to cloud storage
 
@@ -16,7 +16,7 @@ About rclone
 
 Rclone is a command-line program to manage files on cloud storage. It is
 a feature-rich alternative to cloud vendors' web storage interfaces.
-Over 40 cloud storage products support rclone including S3 object
+Over 70 cloud storage products support rclone including S3 object
 stores, business & consumer file storage services, as well as standard
 transfer protocols.
 
@@ -107,6 +107,7 @@ S3, that work out of the box.)
 -   Dreamhost
 -   Dropbox
 -   Enterprise File Fabric
+-   Fastmail Files
 -   FTP
 -   Google Cloud Storage
 -   Google Drive
@@ -121,26 +122,35 @@ S3, that work out of the box.)
 -   IDrive e2
 -   IONOS Cloud
 -   Koofr
+-   Leviia Object Storage
 -   Liara Object Storage
+-   Linkbox
+-   Linode Object Storage
 -   Mail.ru Cloud
 -   Memset Memstore
 -   Mega
 -   Memory
 -   Microsoft Azure Blob Storage
+-   Microsoft Azure Files Storage
 -   Microsoft OneDrive
 -   Minio
 -   Nextcloud
 -   OVH
+-   Blomp Cloud Storage
 -   OpenDrive
 -   OpenStack Swift
 -   Oracle Cloud Storage Swift
 -   Oracle Object Storage
 -   ownCloud
 -   pCloud
+-   Petabox
+-   PikPak
 -   premiumize.me
 -   put.io
+-   Proton Drive
 -   QingStor
 -   Qiniu Cloud Object Storage (Kodo)
+-   Quatrix by Maytech
 -   Rackspace Cloud Files
 -   rsync.net
 -   Scaleway
@@ -152,6 +162,7 @@ S3, that work out of the box.)
 -   SMB / CIFS
 -   StackPath
 -   Storj
+-   Synology
 -   SugarSync
 -   Tencent Cloud Object Storage (COS)
 -   Uptobox
@@ -200,6 +211,9 @@ See the usage docs for how to use rclone, or run rclone -h.
 Already installed rclone can be easily updated to the latest version
 using the rclone selfupdate command.
 
+See the release signing docs for how to verify signatures on the
+release.
+
 Script installation
 
 To install rclone on Linux/macOS/BSD systems, run:
@@ -254,6 +268,19 @@ developers so it may be out of date. Its current version is as below.
 
 [Homebrew package]
 
+Installation with MacPorts (#macos-macports)
+
+On macOS, rclone can also be installed via MacPorts:
+
+    sudo port install rclone
+
+Note that this is a third party installer not controlled by the rclone
+developers so it may be out of date. Its current version is as below.
+
+[MacPorts port]
+
+More information here.
+
 Precompiled binary, using curl
 
 To avoid problems with macOS gatekeeper enforcing the binary to be
@@ -325,8 +352,14 @@ Windows package manager (Winget)
 Winget comes pre-installed with the latest versions of Windows. If not,
 update the App Installer package from the Microsoft store.
 
+To install rclone
+
     winget install Rclone.Rclone
 
+To uninstall rclone
+
+    winget uninstall Rclone.Rclone --force
+
 Chocolatey package manager
 
 Make sure you have Choco installed
@@ -431,10 +464,16 @@ Here are some commands tested on an Ubuntu 18.04.3 host:
     # config on host at ~/.config/rclone/rclone.conf
     # data on host at ~/data
 
+    # add a remote interactively
+    docker run --rm -it \
+        --volume ~/.config/rclone:/config/rclone \
+        --user $(id -u):$(id -g) \
+        rclone/rclone \
+        config
+
     # make sure the config is ok by listing the remotes
     docker run --rm \
         --volume ~/.config/rclone:/config/rclone \
-        --volume ~/data:/data:shared \
         --user $(id -u):$(id -g) \
         rclone/rclone \
         listremotes
@@ -452,10 +491,35 @@ Here are some commands tested on an Ubuntu 18.04.3 host:
     ls ~/data/mount
     kill %1
 
+Snap installation
+
+[Get it from the Snap Store]
+
+Make sure you have Snapd installed
+
+    $ sudo snap install rclone
+
+Due to the strict confinement of Snap, rclone snap cannot access real
+/home/$USER/.config/rclone directory, default config path is as below.
+
+-   Default config directory:
+    -   /home/$USER/snap/rclone/current/.config/rclone
+
+Note: Due to the strict confinement of Snap, rclone mount feature is not
+supported.
+
+If mounting is wanted, either install a precompiled binary or enable the
+relevant option when installing from source.
+
+Note that this is controlled by community maintainer not the rclone
+developers so it may be out of date. Its current version is as below.
+
+[rclone]
+
 Source installation
 
-Make sure you have git and Go installed. Go version 1.17 or newer is
-required, latest release is recommended. You can get it from your
+Make sure you have git and Go installed. Go version 1.18 or newer is
+required, the latest release is recommended. You can get it from your
 package manager, or download it from golang.org/dl. Then you can run the
 following:
 
@@ -483,22 +547,51 @@ cgo on Windows as well, by using the MinGW port of GCC, e.g. by
 installing it in a MSYS2 distribution (make sure you install it in the
 classic mingw64 subsystem, the ucrt64 version is not compatible).
 
-Additionally, on Windows, you must install the third party utility
-WinFsp, with the "Developer" feature selected. If building with cgo, you
-must also set environment variable CPATH pointing to the fuse include
-directory within the WinFsp installation (normally
+Additionally, to build with mount on Windows, you must install the third
+party utility WinFsp, with the "Developer" feature selected. If building
+with cgo, you must also set environment variable CPATH pointing to the
+fuse include directory within the WinFsp installation (normally
 C:\Program Files (x86)\WinFsp\inc\fuse).
 
-You may also add arguments -ldflags -s (with or without -tags cmount),
-to omit symbol table and debug information, making the executable file
-smaller, and -trimpath to remove references to local file system paths.
-This is how the official rclone releases are built.
+You may add arguments -ldflags -s to omit symbol table and debug
+information, making the executable file smaller, and -trimpath to remove
+references to local file system paths. The official rclone releases are
+built with both of these.
 
     go build -trimpath -ldflags -s -tags cmount
 
+If you want to customize the version string, as reported by the
+rclone version command, you can set one of the variables fs.Version,
+fs.VersionTag (to keep default suffix but customize the number), or
+fs.VersionSuffix (to keep default number but customize the suffix). This
+can be done from the build command, by adding to the -ldflags argument
+value as shown below.
+
+    go build -trimpath -ldflags "-s -X github.com/rclone/rclone/fs.Version=v9.9.9-test" -tags cmount
+
+On Windows, the official executables also have the version information,
+as well as a file icon, embedded as binary resources. To get that with
+your own build you need to run the following command before the build
+command. It generates a Windows resource system object file, with
+extension .syso, e.g. resource_windows_amd64.syso, that will be
+automatically picked up by future build commands.
+
+    go run bin/resource_windows.go
+
+The above command will generate a resource file containing version
+information based on the fs.Version variable in source at the time you
+run the command, which means if the value of this variable changes you
+need to re-run the command for it to be reflected in the version
+information. Also, if you override this version variable in the build
+command as described above, you need to do that also when generating the
+resource file, or else it will still use the value from the source.
+
+    go run bin/resource_windows.go -version v9.9.9-test
+
 Instead of executing the go build command directly, you can run it via
-the Makefile. It changes the version number suffix from "-DEV" to
-"-beta" and appends commit details. It also copies the resulting rclone
+the Makefile. The default target changes the version suffix from "-DEV"
+to "-beta" followed by additional commit details, embeds version
+information binary resources on Windows, and copies the resulting rclone
 executable into your GOPATH bin folder ($(go env GOPATH)/bin, which
 corresponds to ~/go/bin/rclone by default).
 
@@ -509,27 +602,18 @@ To include mount command on macOS and Windows with Makefile build:
     make GOTAGS=cmount
 
 There are other make targets that can be used for more advanced builds,
-such as cross-compiling for all supported os/architectures, embedding
-icon and version info resources into windows executable, and packaging
-results into release artifacts. See Makefile and cross-compile.go for
-details.
+such as cross-compiling for all supported os/architectures, and
+packaging results into release artifacts. See Makefile and
+cross-compile.go for details.
 
-Another alternative is to download the source, build and install rclone
-in one operation, as a regular Go package. The source will be stored it
-in the Go module cache, and the resulting executable will be in your
-GOPATH bin folder ($(go env GOPATH)/bin, which corresponds to
-~/go/bin/rclone by default).
-
-With Go version 1.17 or newer:
+Another alternative method for source installation is to download the
+source, build and install rclone - all in one operation, as a regular Go
+package. The source will be stored it in the Go module cache, and the
+resulting executable will be in your GOPATH bin folder
+($(go env GOPATH)/bin, which corresponds to ~/go/bin/rclone by default).
 
     go install github.com/rclone/rclone@latest
 
-With Go versions older than 1.17 (do not use the -u flag, it causes Go
-to try to update the dependencies that rclone uses and sometimes these
-don't work with the current version):
-
-    go get github.com/rclone/rclone
-
 Ansible installation
 
 This can be done with Stefan Weichinger's ansible role.
@@ -691,7 +775,7 @@ also provides alternative standalone distributions which includes
 necessary runtime (.NET 5). WinSW is a command-line only utility, where
 you have to manually create an XML file with service configuration. This
 may be a drawback for some, but it can also be an advantage as it is
-easy to back up and re-use the configuration settings, without having go
+easy to back up and reuse the configuration settings, without having go
 through manual steps in a GUI. One thing to note is that by default it
 does not restart the service on error, one have to explicit enable this
 in the configuration file (via the "onfailure" parameter).
@@ -760,18 +844,24 @@ See the following for detailed instructions for
 -   Internet Archive
 -   Jottacloud
 -   Koofr
+-   Linkbox
 -   Mail.ru Cloud
 -   Mega
 -   Memory
 -   Microsoft Azure Blob Storage
+-   Microsoft Azure Files Storage
 -   Microsoft OneDrive
--   OpenStack Swift / Rackspace Cloudfiles / Memset Memstore
+-   OpenStack Swift / Rackspace Cloudfiles / Blomp Cloud Storage /
+    Memset Memstore
 -   OpenDrive
 -   Oracle Object Storage
 -   Pcloud
+-   PikPak
 -   premiumize.me
 -   put.io
+-   Proton Drive
 -   QingStor
+-   Quatrix by Maytech
 -   Seafile
 -   SFTP
 -   Sia
@@ -836,6 +926,7 @@ SEE ALSO
 -   rclone config delete - Delete an existing remote.
 -   rclone config disconnect - Disconnects user from remote
 -   rclone config dump - Dump the config file as JSON.
+-   rclone config edit - Enter an interactive configuration session.
 -   rclone config file - Show path of configuration file in use.
 -   rclone config password - Update password in an existing remote.
 -   rclone config paths - Show paths used for configuration, cache, temp
@@ -843,6 +934,8 @@ SEE ALSO
 -   rclone config providers - List in JSON format all the providers and
     options.
 -   rclone config reconnect - Re-authenticates user with remote.
+-   rclone config redacted - Print redacted (decrypted) config file, or
+    the redacted config for a single remote.
 -   rclone config show - Print (decrypted) config file, or the config
     for a single remote.
 -   rclone config touch - Ensure configuration file exists.
@@ -917,6 +1010,84 @@ Options
           --create-empty-src-dirs   Create empty source dirs on destination after copy
       -h, --help                    help for copy
 
+Copy Options
+
+Flags for anything which can Copy a file.
+
+          --check-first                                 Do all the checks before starting transfers
+      -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+          --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+          --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+          --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+          --ignore-case-sync                            Ignore case when synchronizing
+          --ignore-checksum                             Skip post copy check of checksums
+          --ignore-existing                             Skip all files that exist on destination
+          --ignore-size                                 Ignore size when skipping use modtime or checksum
+      -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+          --immutable                                   Do not modify files, fail if existing files have been modified
+          --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+          --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+          --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+          --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+      -M, --metadata                                    If set, preserve metadata when copying objects
+          --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+          --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+          --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+          --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+          --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+          --no-check-dest                               Don't check the destination, copy regardless
+          --no-traverse                                 Don't traverse destination file system on copy
+          --no-update-modtime                           Don't update destination modtime if files identical
+          --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+          --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+          --refresh-times                               Refresh the modtime of remote files
+          --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+          --size-only                                   Skip based on size only, not modtime or checksum
+          --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      -u, --update                                      Skip files that are newer on the destination
+
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -971,6 +1142,100 @@ Options
           --create-empty-src-dirs   Create empty source dirs on destination after sync
       -h, --help                    help for sync
 
+Copy Options
+
+Flags for anything which can Copy a file.
+
+          --check-first                                 Do all the checks before starting transfers
+      -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+          --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+          --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+          --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+          --ignore-case-sync                            Ignore case when synchronizing
+          --ignore-checksum                             Skip post copy check of checksums
+          --ignore-existing                             Skip all files that exist on destination
+          --ignore-size                                 Ignore size when skipping use modtime or checksum
+      -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+          --immutable                                   Do not modify files, fail if existing files have been modified
+          --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+          --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+          --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+          --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+      -M, --metadata                                    If set, preserve metadata when copying objects
+          --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+          --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+          --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+          --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+          --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+          --no-check-dest                               Don't check the destination, copy regardless
+          --no-traverse                                 Don't traverse destination file system on copy
+          --no-update-modtime                           Don't update destination modtime if files identical
+          --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+          --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+          --refresh-times                               Refresh the modtime of remote files
+          --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+          --size-only                                   Skip based on size only, not modtime or checksum
+          --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      -u, --update                                      Skip files that are newer on the destination
+
+Sync Options
+
+Flags just used for rclone sync.
+
+          --backup-dir string               Make backups into hierarchy based in DIR
+          --delete-after                    When synchronizing, delete files on destination after transferring (default)
+          --delete-before                   When synchronizing, delete files on destination before transferring
+          --delete-during                   When synchronizing, delete files during transfer
+          --ignore-errors                   Delete even if there are I/O errors
+          --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+          --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+          --suffix string                   Suffix to add to changed files
+          --suffix-keep-extension           Preserve the extension when using --suffix
+          --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+          --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
+
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1017,6 +1282,84 @@ Options
           --delete-empty-src-dirs   Delete empty source dirs after move
       -h, --help                    help for move
 
+Copy Options
+
+Flags for anything which can Copy a file.
+
+          --check-first                                 Do all the checks before starting transfers
+      -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+          --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+          --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+          --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+          --ignore-case-sync                            Ignore case when synchronizing
+          --ignore-checksum                             Skip post copy check of checksums
+          --ignore-existing                             Skip all files that exist on destination
+          --ignore-size                                 Ignore size when skipping use modtime or checksum
+      -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+          --immutable                                   Do not modify files, fail if existing files have been modified
+          --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+          --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+          --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+          --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+      -M, --metadata                                    If set, preserve metadata when copying objects
+          --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+          --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+          --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+          --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+          --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+          --no-check-dest                               Don't check the destination, copy regardless
+          --no-traverse                                 Don't traverse destination file system on copy
+          --no-update-modtime                           Don't update destination modtime if files identical
+          --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+          --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+          --refresh-times                               Refresh the modtime of remote files
+          --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+          --size-only                                   Skip based on size only, not modtime or checksum
+          --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      -u, --update                                      Skip files that are newer on the destination
+
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1063,6 +1406,48 @@ Options
       -h, --help     help for delete
           --rmdirs   rmdirs removes empty directories but leaves root intact
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1089,6 +1474,14 @@ Options
 
       -h, --help   help for purge
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1105,6 +1498,14 @@ Options
 
       -h, --help   help for mkdir
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1129,6 +1530,14 @@ Options
 
       -h, --help   help for rmdir
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1146,7 +1555,7 @@ and hashes (MD5 or SHA1) and logs a report of files that don't match. It
 doesn't alter the source or destination.
 
 For the crypt remote there is a dedicated command, cryptcheck, that are
-able to check the checksums of the crypted files.
+able to check the checksums of the encrypted files.
 
 If you supply the --size-only flag, it will only compare the sizes not
 the hashes as well. Use this for a quick check.
@@ -1185,6 +1594,9 @@ what happened to it. These are reminiscent of diff files.
 -   ! path means there was an error reading or hashing the source or
     dest.
 
+The default number of parallel checks is 8. See the --checkers=N option
+for more information.
+
     rclone check source:path dest:path [flags]
 
 Options
@@ -1200,6 +1612,46 @@ Options
           --missing-on-src string   Report all files missing from the source to this file
           --one-way                 Check one way only, source files must exist on remote
 
+Check Options
+
+Flags used for rclone check.
+
+          --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1252,6 +1704,40 @@ Options
 
       -h, --help   help for ls
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1315,6 +1801,40 @@ Options
       -h, --help        help for lsd
       -R, --recursive   Recurse into the listing
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1368,6 +1888,40 @@ Options
 
       -h, --help   help for lsl
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1407,6 +1961,40 @@ Options
       -h, --help                 help for md5sum
           --output-file string   Output hashsums to a file rather than the terminal
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1449,6 +2037,40 @@ Options
       -h, --help                 help for sha1sum
           --output-file string   Output hashsums to a file rather than the terminal
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1472,7 +2094,7 @@ as JSON instead.
 Recurses by default, use --max-depth 1 to stop the recursion.
 
 Some backends do not always provide file sizes, see for example Google
-Photos and Google Drive. Rclone will then show a notice in the log
+Photos and Google Docs. Rclone will then show a notice in the log
 indicating how many such files were encountered, and count them in as
 empty files in the output of the size command.
 
@@ -1483,6 +2105,40 @@ Options
       -h, --help   help for size
           --json   Format output as JSON
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1559,6 +2215,14 @@ Options
 
       -h, --help   help for cleanup
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1695,6 +2359,14 @@ Options
           --dedupe-mode string   Dedupe mode interactive|skip|first|newest|oldest|largest|smallest|rename (default "interactive")
       -h, --help                 help for dedupe
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1837,6 +2509,14 @@ Options
           --json                 Always output in JSON format
       -o, --option stringArray   Option in the form name=value or name
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1863,17 +2543,91 @@ See full bisync description for details.
 
 Options
 
-          --check-access            Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
-          --check-filename string   Filename for --check-access (default: RCLONE_TEST)
-          --check-sync string       Controls comparison of final listings: true|false|only (default: true) (default "true")
-          --filters-file string     Read filtering patterns from a file
-          --force                   Bypass --max-delete safety check and run the sync. Consider using with --verbose
-      -h, --help                    help for bisync
-          --localtime               Use local time in listings (default: UTC)
-          --no-cleanup              Retain working files (useful for troubleshooting and testing).
-          --remove-empty-dirs       Remove empty directories at the final cleanup step.
-      -1, --resync                  Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
-          --workdir string          Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+          --check-access              Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
+          --check-filename string     Filename for --check-access (default: RCLONE_TEST)
+          --check-sync string         Controls comparison of final listings: true|false|only (default: true) (default "true")
+          --create-empty-src-dirs     Sync creation and deletion of empty directories. (Not compatible with --remove-empty-dirs)
+          --filters-file string       Read filtering patterns from a file
+          --force                     Bypass --max-delete safety check and run the sync. Consider using with --verbose
+      -h, --help                      help for bisync
+          --ignore-listing-checksum   Do not use checksums for listings (add --ignore-checksum to additionally skip post-copy checksum checks)
+          --localtime                 Use local time in listings (default: UTC)
+          --no-cleanup                Retain working files (useful for troubleshooting and testing).
+          --remove-empty-dirs         Remove ALL empty directories at the final cleanup step.
+          --resilient                 Allow future runs to retry after certain less-serious errors, instead of requiring --resync. Use at your own risk!
+      -1, --resync                    Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
+          --workdir string            Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+
+Copy Options
+
+Flags for anything which can Copy a file.
+
+          --check-first                                 Do all the checks before starting transfers
+      -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+          --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+          --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+          --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+          --ignore-case-sync                            Ignore case when synchronizing
+          --ignore-checksum                             Skip post copy check of checksums
+          --ignore-existing                             Skip all files that exist on destination
+          --ignore-size                                 Ignore size when skipping use modtime or checksum
+      -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+          --immutable                                   Do not modify files, fail if existing files have been modified
+          --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+          --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+          --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+          --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+      -M, --metadata                                    If set, preserve metadata when copying objects
+          --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+          --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+          --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+          --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+          --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+          --no-check-dest                               Don't check the destination, copy regardless
+          --no-traverse                                 Don't traverse destination file system on copy
+          --no-update-modtime                           Don't update destination modtime if files identical
+          --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+          --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+          --refresh-times                               Refresh the modtime of remote files
+          --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+          --size-only                                   Skip based on size only, not modtime or checksum
+          --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      -u, --update                                      Skip files that are newer on the destination
+
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 
 See the global flags page for global options not listed here.
 
@@ -1906,16 +2660,63 @@ the end and --offset and --count to print a section in the middle. Note
 that if offset is negative it will count from the end, so
 --offset -1 --count 1 is equivalent to --tail 1.
 
+Use the --separator flag to print a separator value between files. Be
+sure to shell-escape special characters. For example, to print a newline
+between files, use:
+
+-   bash:
+
+        rclone --include "*.txt" --separator $'\n' cat remote:path/to/dir
+
+-   powershell:
+
+        rclone --include "*.txt" --separator "`n" cat remote:path/to/dir
+
     rclone cat remote:path [flags]
 
 Options
 
-          --count int    Only print N characters (default -1)
-          --discard      Discard the output instead of printing
-          --head int     Only print the first N characters
-      -h, --help         help for cat
-          --offset int   Start printing at offset N (or from end if -ve)
-          --tail int     Only print the last N characters
+          --count int          Only print N characters (default -1)
+          --discard            Discard the output instead of printing
+          --head int           Only print the first N characters
+      -h, --help               help for cat
+          --offset int         Start printing at offset N (or from end if -ve)
+          --separator string   Separator to use between objects when printing multiple files
+          --tail int           Only print the last N characters
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
 
 See the global flags page for global options not listed here.
 
@@ -1925,16 +2726,19 @@ SEE ALSO
 
 rclone checksum
 
-Checks the files in the source against a SUM file.
+Checks the files in the destination against a SUM file.
 
 Synopsis
 
-Checks that hashsums of source files match the SUM file. It compares
-hashes (MD5, SHA1, etc) and logs a report of files which don't match. It
-doesn't alter the file system.
+Checks that hashsums of destination files match the SUM file. It
+compares hashes (MD5, SHA1, etc) and logs a report of files which don't
+match. It doesn't alter the file system.
+
+The sumfile is treated as the source and the dst:path is treated as the
+destination for the purposes of the output.
 
-If you supply the --download flag, it will download the data from remote
-and calculate the contents hash on the fly. This can be useful for
+If you supply the --download flag, it will download the data from the
+remote and calculate the content hash on the fly. This can be useful for
 remotes that don't support hashes or if you really want to check all the
 data.
 
@@ -1966,7 +2770,10 @@ what happened to it. These are reminiscent of diff files.
 -   ! path means there was an error reading or hashing the source or
     dest.
 
-    rclone checksum <hash> sumfile src:path [flags]
+The default number of parallel checks is 8. See the --checkers=N option
+for more information.
+
+    rclone checksum <hash> sumfile dst:path [flags]
 
 Options
 
@@ -1980,6 +2787,40 @@ Options
           --missing-on-src string   Report all files missing from the source to this file
           --one-way                 Check one way only, source files must exist on remote
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -1988,13 +2829,12 @@ SEE ALSO
 
 rclone completion
 
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 
 Synopsis
 
-Generate the autocompletion script for rclone for the specified shell.
-See each sub-command's help for details on how to use the generated
-script.
+Generates a shell completion script for rclone. Run with --help to list
+the supported shells.
 
 Options
 
@@ -2005,88 +2845,83 @@ See the global flags page for global options not listed here.
 SEE ALSO
 
 -   rclone - Show help for rclone commands, flags and backends.
--   rclone completion bash - Generate the autocompletion script for bash
--   rclone completion fish - Generate the autocompletion script for fish
--   rclone completion powershell - Generate the autocompletion script
-    for powershell
--   rclone completion zsh - Generate the autocompletion script for zsh
+-   rclone completion bash - Output bash completion script for rclone.
+-   rclone completion fish - Output fish completion script for rclone.
+-   rclone completion powershell - Output powershell completion script
+    for rclone.
+-   rclone completion zsh - Output zsh completion script for rclone.
 
 rclone completion bash
 
-Generate the autocompletion script for bash
+Output bash completion script for rclone.
 
 Synopsis
 
-Generate the autocompletion script for the bash shell.
-
-This script depends on the 'bash-completion' package. If it is not
-installed already, you can install it via your OS's package manager.
-
-To load completions in your current shell session:
-
-    source <(rclone completion bash)
+Generates a bash shell autocompletion script for rclone.
 
-To load completions for every new session, execute once:
+This writes to /etc/bash_completion.d/rclone by default so will probably
+need to be run with sudo or as root, e.g.
 
-Linux:
+    sudo rclone genautocomplete bash
 
-    rclone completion bash > /etc/bash_completion.d/rclone
+Logout and login again to use the autocompletion scripts, or source them
+directly
 
-macOS:
+    . /etc/bash_completion
 
-    rclone completion bash > $(brew --prefix)/etc/bash_completion.d/rclone
+If you supply a command line argument the script will be written there.
 
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
-    rclone completion bash
+    rclone completion bash [output_file] [flags]
 
 Options
 
-      -h, --help              help for bash
-          --no-descriptions   disable completion descriptions
+      -h, --help   help for bash
 
 See the global flags page for global options not listed here.
 
 SEE ALSO
 
--   rclone completion - Generate the autocompletion script for the
-    specified shell
+-   rclone completion - Output completion script for a given shell.
 
 rclone completion fish
 
-Generate the autocompletion script for fish
+Output fish completion script for rclone.
 
 Synopsis
 
-Generate the autocompletion script for the fish shell.
+Generates a fish autocompletion script for rclone.
 
-To load completions in your current shell session:
+This writes to /etc/fish/completions/rclone.fish by default so will
+probably need to be run with sudo or as root, e.g.
+
+    sudo rclone genautocomplete fish
 
-    rclone completion fish | source
+Logout and login again to use the autocompletion scripts, or source them
+directly
 
-To load completions for every new session, execute once:
+    . /etc/fish/completions/rclone.fish
 
-    rclone completion fish > ~/.config/fish/completions/rclone.fish
+If you supply a command line argument the script will be written there.
 
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
-    rclone completion fish [flags]
+    rclone completion fish [output_file] [flags]
 
 Options
 
-      -h, --help              help for fish
-          --no-descriptions   disable completion descriptions
+      -h, --help   help for fish
 
 See the global flags page for global options not listed here.
 
 SEE ALSO
 
--   rclone completion - Generate the autocompletion script for the
-    specified shell
+-   rclone completion - Output completion script for a given shell.
 
 rclone completion powershell
 
-Generate the autocompletion script for powershell
+Output powershell completion script for rclone.
 
 Synopsis
 
@@ -2099,62 +2934,54 @@ To load completions in your current shell session:
 To load completions for every new session, add the output of the above
 command to your powershell profile.
 
-    rclone completion powershell [flags]
+If output_file is "-" or missing, then the output will be written to
+stdout.
+
+    rclone completion powershell [output_file] [flags]
 
 Options
 
-      -h, --help              help for powershell
-          --no-descriptions   disable completion descriptions
+      -h, --help   help for powershell
 
 See the global flags page for global options not listed here.
 
 SEE ALSO
 
--   rclone completion - Generate the autocompletion script for the
-    specified shell
+-   rclone completion - Output completion script for a given shell.
 
 rclone completion zsh
 
-Generate the autocompletion script for zsh
+Output zsh completion script for rclone.
 
 Synopsis
 
-Generate the autocompletion script for the zsh shell.
-
-If shell completion is not already enabled in your environment you will
-need to enable it. You can execute the following once:
-
-    echo "autoload -U compinit; compinit" >> ~/.zshrc
-
-To load completions in your current shell session:
-
-    source <(rclone completion zsh); compdef _rclone rclone
+Generates a zsh autocompletion script for rclone.
 
-To load completions for every new session, execute once:
+This writes to /usr/share/zsh/vendor-completions/_rclone by default so
+will probably need to be run with sudo or as root, e.g.
 
-Linux:
+    sudo rclone genautocomplete zsh
 
-    rclone completion zsh > "${fpath[1]}/_rclone"
+Logout and login again to use the autocompletion scripts, or source them
+directly
 
-macOS:
+    autoload -U compinit && compinit
 
-    rclone completion zsh > $(brew --prefix)/share/zsh/site-functions/_rclone
+If you supply a command line argument the script will be written there.
 
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
-    rclone completion zsh [flags]
+    rclone completion zsh [output_file] [flags]
 
 Options
 
-      -h, --help              help for zsh
-          --no-descriptions   disable completion descriptions
+      -h, --help   help for zsh
 
 See the global flags page for global options not listed here.
 
 SEE ALSO
 
--   rclone completion - Generate the autocompletion script for the
-    specified shell
+-   rclone completion - Output completion script for a given shell.
 
 rclone config create
 
@@ -2461,6 +3288,36 @@ SEE ALSO
 
 -   rclone config - Enter an interactive configuration session.
 
+rclone config redacted
+
+Print redacted (decrypted) config file, or the redacted config for a
+single remote.
+
+Synopsis
+
+This prints a redacted copy of the config file, either the whole config
+file or for a given remote.
+
+The config file will be redacted by replacing all passwords and other
+sensitive info with XXX.
+
+This makes the config file suitable for posting online for support.
+
+It should be double checked before posting as the redaction may not be
+perfect.
+
+    rclone config redacted [<remote>] [flags]
+
+Options
+
+      -h, --help   help for redacted
+
+See the global flags page for global options not listed here.
+
+SEE ALSO
+
+-   rclone config - Enter an interactive configuration session.
+
 rclone config show
 
 Print (decrypted) config file, or the config for a single remote.
@@ -2680,6 +3537,84 @@ Options
 
       -h, --help   help for copyto
 
+Copy Options
+
+Flags for anything which can Copy a file.
+
+          --check-first                                 Do all the checks before starting transfers
+      -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+          --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+          --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+          --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+          --ignore-case-sync                            Ignore case when synchronizing
+          --ignore-checksum                             Skip post copy check of checksums
+          --ignore-existing                             Skip all files that exist on destination
+          --ignore-size                                 Ignore size when skipping use modtime or checksum
+      -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+          --immutable                                   Do not modify files, fail if existing files have been modified
+          --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+          --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+          --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+          --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+      -M, --metadata                                    If set, preserve metadata when copying objects
+          --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+          --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+          --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+          --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+          --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+          --no-check-dest                               Don't check the destination, copy regardless
+          --no-traverse                                 Don't traverse destination file system on copy
+          --no-update-modtime                           Don't update destination modtime if files identical
+          --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+          --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+          --refresh-times                               Refresh the modtime of remote files
+          --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+          --size-only                                   Skip based on size only, not modtime or checksum
+          --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      -u, --update                                      Skip files that are newer on the destination
+
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -2719,6 +3654,14 @@ Options
       -p, --print-filename    Print the resulting name from --auto-filename
           --stdout            Write the output to stdout rather than a file
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -2727,13 +3670,13 @@ SEE ALSO
 
 rclone cryptcheck
 
-Cryptcheck checks the integrity of a crypted remote.
+Cryptcheck checks the integrity of an encrypted remote.
 
 Synopsis
 
 rclone cryptcheck checks a remote against a crypted remote. This is the
 equivalent of running rclone check, but able to check the checksums of
-the crypted remote.
+the encrypted remote.
 
 For it to work the underlying remote of the cryptedremote must support
 some kind of checksum.
@@ -2780,6 +3723,9 @@ what happened to it. These are reminiscent of diff files.
 -   ! path means there was an error reading or hashing the source or
     dest.
 
+The default number of parallel checks is 8. See the --checkers=N option
+for more information.
+
     rclone cryptcheck remote:path cryptedremote:path [flags]
 
 Options
@@ -2793,6 +3739,46 @@ Options
           --missing-on-src string   Report all files missing from the source to this file
           --one-way                 Check one way only, source files must exist on remote
 
+Check Options
+
+Flags used for rclone check.
+
+          --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -2849,6 +3835,14 @@ Options
 
       -h, --help   help for deletefile
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -3036,10 +4030,6 @@ Run without a hash to see the list of all supported hashes, e.g.
       * whirlpool
       * crc32
       * sha256
-      * dropbox
-      * hidrive
-      * mailru
-      * quickxor
 
 Then
 
@@ -3048,7 +4038,7 @@ Then
 Note that hash names are case insensitive and values are output in lower
 case.
 
-    rclone hashsum <hash> remote:path [flags]
+    rclone hashsum [<hash> remote:path] [flags]
 
 Options
 
@@ -3058,6 +4048,40 @@ Options
       -h, --help                 help for hashsum
           --output-file string   Output hashsums to a file rather than the terminal
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -3108,7 +4132,8 @@ SEE ALSO
 
 rclone listremotes
 
-List all the remotes in the config file.
+List all the remotes in the config file and defined in environment
+variables.
 
 Synopsis
 
@@ -3266,6 +4291,40 @@ Options
       -R, --recursive          Recurse into the listing
       -s, --separator string   Separator for the items in the format (default ";")
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -3391,6 +4450,40 @@ Options
       -R, --recursive               Recurse into the listing
           --stat                    Just return the info for the pointed to file
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -3661,10 +4754,28 @@ not suffer from the same limitations.
 
 Mounting on macOS
 
-Mounting on macOS can be done either via macFUSE (also known as osxfuse)
-or FUSE-T. macFUSE is a traditional FUSE driver utilizing a macOS kernel
-extension (kext). FUSE-T is an alternative FUSE system which "mounts"
-via an NFSv4 local server.
+Mounting on macOS can be done either via built-in NFS server, macFUSE
+(also known as osxfuse) or FUSE-T. macFUSE is a traditional FUSE driver
+utilizing a macOS kernel extension (kext). FUSE-T is an alternative FUSE
+system which "mounts" via an NFSv4 local server.
+
+NFS mount
+
+This method spins up an NFS server using serve nfs command and mounts it
+to the specified mountpoint. If you run this in background mode using
+|--daemon|, you will need to send SIGTERM signal to the rclone process
+using |kill| command to stop the mount.
+
+macFUSE Notes
+
+If installing macFUSE using dmg packages from the website, rclone will
+locate the macFUSE libraries without any further intervention. If
+however, macFUSE is installed using the macports package manager, the
+following addition steps are required.
+
+    sudo mkdir /usr/local/lib
+    cd /usr/local/lib
+    sudo ln -s /opt/local/lib/libfuse.2.dylib
 
 FUSE-T Limitations, Caveats, and Notes
 
@@ -3702,7 +4813,8 @@ Without the use of --vfs-cache-mode this can only write files
 sequentially, it can only seek when reading. This means that many
 applications won't work with their files on an rclone mount without
 --vfs-cache-mode writes or --vfs-cache-mode full. See the VFS File
-Caching section for more info.
+Caching section for more info. When using NFS mount on macOS, if you
+don't specify |--vfs-cache-mode| the mount point will be read-only.
 
 The bucket-based remotes (e.g. Swift, S3, Google Compute Storage, B2) do
 not support the concept of empty directories, so empty directories will
@@ -3797,19 +4909,18 @@ or create systemd mount units:
 
     # /etc/systemd/system/mnt-data.mount
     [Unit]
-    After=network-online.target
+    Description=Mount for /mnt/data
     [Mount]
     Type=rclone
     What=sftp1:subdir
     Where=/mnt/data
-    Options=rw,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
+    Options=rw,_netdev,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
 
 optionally accompanied by systemd automount unit
 
     # /etc/systemd/system/mnt-data.automount
     [Unit]
-    After=network-online.target
-    Before=remote-fs.target
+    Description=AutoMount for /mnt/data
     [Automount]
     Where=/mnt/data
     TimeoutIdleSec=600
@@ -3843,9 +4954,8 @@ Mount option syntax includes a few extra options treated specially:
     pgrep.
 -   vv... will be transformed into appropriate --verbose=N
 -   standard mount options like x-systemd.automount, _netdev, nosuid and
-    alike are intended only for Automountd and ignored by rclone.
-
-VFS - Virtual File System
+    alike are intended only for Automountd and ignored by rclone. ##
+    VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
 that rclone uses into something which looks much more like a disk filing
@@ -3918,12 +5028,13 @@ write simultaneously to a file. See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with -vv rclone will print the location of the file cache. The
 files are stored in the user cache file area which is OS dependent but
@@ -3939,10 +5050,21 @@ and if they haven't been accessed for --vfs-write-back seconds. If
 rclone is quit or dies with files that haven't been uploaded, these will
 be uploaded next time rclone is run with the same flags.
 
-If using --vfs-cache-max-size note that the cache may exceed this size
-for two reasons. Firstly because it is only checked every
---vfs-cache-poll-interval. Secondly because open files cannot be evicted
-from the cache.
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
 
 You should not run two copies of rclone using the same VFS cache with
 the same or overlapping remotes if using --vfs-cache-mode > off. This
@@ -4186,6 +5308,7 @@ Options
           --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
       -h, --help                                   help for mount
           --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+          --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
           --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
           --no-checksum                            Don't compare checksums on up/download
           --no-modtime                             Don't read/write the modification time (can speed things up)
@@ -4197,8 +5320,9 @@ Options
           --read-only                              Only allow read-only access
           --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
           --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-          --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
           --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
           --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
           --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
           --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -4208,12 +5332,40 @@ Options
           --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
           --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
           --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
           --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
           --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
           --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
           --volname string                         Set the volume name (supported on Windows and OSX only)
           --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -4263,6 +5415,84 @@ Options
 
       -h, --help   help for moveto
 
+Copy Options
+
+Flags for anything which can Copy a file.
+
+          --check-first                                 Do all the checks before starting transfers
+      -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+          --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+          --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+          --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+          --ignore-case-sync                            Ignore case when synchronizing
+          --ignore-checksum                             Skip post copy check of checksums
+          --ignore-existing                             Skip all files that exist on destination
+          --ignore-size                                 Ignore size when skipping use modtime or checksum
+      -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+          --immutable                                   Do not modify files, fail if existing files have been modified
+          --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+          --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+          --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+          --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+      -M, --metadata                                    If set, preserve metadata when copying objects
+          --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+          --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+          --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+          --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+          --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+          --no-check-dest                               Don't check the destination, copy regardless
+          --no-traverse                                 Don't traverse destination file system on copy
+          --no-update-modtime                           Don't update destination modtime if files identical
+          --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+          --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+          --refresh-times                               Refresh the modtime of remote files
+          --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+          --size-only                                   Skip based on size only, not modtime or checksum
+          --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      -u, --update                                      Skip files that are newer on the destination
+
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -4303,6 +5533,7 @@ toggle the help on and off. The supported keys are:
      y copy current path to clipboard
      Y display current path
      ^L refresh screen (fix screen corruption)
+     r recalculate file sizes
      ? to toggle help on and off
      q/ESC/^c to quit
 
@@ -4337,6 +5568,40 @@ Options
 
       -h, --help   help for ncdu
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -4488,10 +5753,11 @@ streaming.
 size of the stream is different in length to the --size passed in then
 the transfer will likely fail.
 
-Note that the upload can also not be retried because the data is not
-kept around until the upload succeeds. If you need to transfer a lot of
-data, you're better off caching locally and then rclone move it to the
-destination.
+Note that the upload cannot be retried because the data is not stored.
+If the backend supports multipart uploading then individual chunks can
+be retried. If you need to transfer a lot of data, you may be better off
+caching it locally and then rclone move it to the destination which can
+use retries.
 
     rclone rcat remote:path [flags]
 
@@ -4500,6 +5766,14 @@ Options
       -h, --help       help for rcat
           --size int   File size hint to preallocate (default -1)
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -4524,12 +5798,12 @@ See the rc documentation for more info on the rc flags.
 
 Server options
 
-Use --addr to specify which IP address and port the server should listen
-on, eg --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By
-default it only listens on localhost. You can use port :0 to let the OS
-choose an available port.
+Use --rc-addr to specify which IP address and port the server should
+listen on, eg --rc-addr 1.2.3.4:8000 or --rc-addr :8080 to listen to all
+IPs. By default it only listens on localhost. You can use port :0 to let
+the OS choose an available port.
 
-If you set --addr to listen on a public or LAN accessible IP address
+If you set --rc-addr to listen on a public or LAN accessible IP address
 then using Authentication is advised - see the next section for info.
 
 You can use a unix socket by setting the url to unix:///path/to/socket
@@ -4537,41 +5811,41 @@ or just by using an absolute path name. Note that unix sockets bypass
 the authentication - this is expected to be done with file system
 permissions.
 
---addr may be repeated to listen on multiple IPs/ports/sockets.
+--rc-addr may be repeated to listen on multiple IPs/ports/sockets.
 
---server-read-timeout and --server-write-timeout can be used to control
-the timeouts on the server. Note that this is the total time for a
-transfer.
+--rc-server-read-timeout and --rc-server-write-timeout can be used to
+control the timeouts on the server. Note that this is the total time for
+a transfer.
 
---max-header-bytes controls the maximum number of bytes the server will
-accept in the HTTP header.
+--rc-max-header-bytes controls the maximum number of bytes the server
+will accept in the HTTP header.
 
---baseurl controls the URL prefix that rclone serves from. By default
-rclone will serve from the root. If you used --baseurl "/rclone" then
+--rc-baseurl controls the URL prefix that rclone serves from. By default
+rclone will serve from the root. If you used --rc-baseurl "/rclone" then
 rclone would serve from a URL starting with "/rclone/". This is useful
 if you wish to proxy rclone serve. Rclone automatically inserts leading
-and trailing "/" on --baseurl, so --baseurl "rclone",
---baseurl "/rclone" and --baseurl "/rclone/" are all treated
+and trailing "/" on --rc-baseurl, so --rc-baseurl "rclone",
+--rc-baseurl "/rclone" and --rc-baseurl "/rclone/" are all treated
 identically.
 
 TLS (SSL)
 
 By default this will serve over http. If you want you can serve over
-https. You will need to supply the --cert and --key flags. If you wish
-to do client side certificate validation then you will need to supply
---client-ca also.
+https. You will need to supply the --rc-cert and --rc-key flags. If you
+wish to do client side certificate validation then you will need to
+supply --rc-client-ca also.
 
---cert should be a either a PEM encoded certificate or a concatenation
-of that with the CA certificate. --key should be the PEM encoded private
-key and --client-ca should be the PEM encoded client certificate
-authority certificate.
+--rc-cert should be a either a PEM encoded certificate or a
+concatenation of that with the CA certificate. --krc-ey should be the
+PEM encoded private key and --rc-client-ca should be the PEM encoded
+client certificate authority certificate.
 
---min-tls-version is minimum TLS version that is acceptable. Valid
+--rc-min-tls-version is minimum TLS version that is acceptable. Valid
 values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").
 
 Template
 
---template allows a user to specify a custom markup template for HTTP
+--rc-template allows a user to specify a custom markup template for HTTP
 and WebDAV serve functions. The server exports the following markup to
 be used within the template to server pages:
 
@@ -4621,15 +5895,41 @@ be used within the template to server pages:
   -- .ModTime                         The UTC timestamp of an entry.
   -----------------------------------------------------------------------
 
+The server also makes the following functions available so that they can
+be used within the template. These functions help extend the options for
+dynamic rendering of HTML. They can be used to render HTML based on
+specific conditions.
+
+  -----------------------------------------------------------------------
+  Function                            Description
+  ----------------------------------- -----------------------------------
+  afterEpoch                          Returns the time since the epoch
+                                      for the given time.
+
+  contains                            Checks whether a given substring is
+                                      present or not in a given string.
+
+  hasPrefix                           Checks whether the given string
+                                      begins with the specified prefix.
+
+  hasSuffix                           Checks whether the given string end
+                                      with the specified suffix.
+  -----------------------------------------------------------------------
+
 Authentication
 
 By default this will serve files without needing a login.
 
 You can either use an htpasswd file which can take lots of users, or set
-a single username and password with the --user and --pass flags.
+a single username and password with the --rc-user and --rc-pass flags.
 
-Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is in
-standard apache format and supports MD5, SHA1 and BCrypt for basic
+If no static users are configured by either of the above methods, and
+client certificates are required by the --client-ca flag passed to the
+server, the client certificate common name will be considered as the
+username.
+
+Use --rc-htpasswd /path/to/htpasswd to provide an htpasswd file. This is
+in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication. Bcrypt is recommended.
 
 To create an htpasswd file:
@@ -4640,9 +5940,9 @@ To create an htpasswd file:
 
 The password file can be updated while rclone is running.
 
-Use --realm to set the authentication realm.
+Use --rc-realm to set the authentication realm.
 
-Use --salt to change the password hashing salt from the default.
+Use --rc-salt to change the password hashing salt from the default.
 
     rclone rcd <path to files to serve>* [flags]
 
@@ -4650,6 +5950,39 @@ Options
 
       -h, --help   help for rcd
 
+RC Options
+
+Flags to control the Remote Control API.
+
+          --rc                                 Enable the remote control server
+          --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+          --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+          --rc-baseurl string                  Prefix for URLs - leave blank for root
+          --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+          --rc-client-ca string                Client certificate authority to verify clients with
+          --rc-enable-metrics                  Enable prometheus metrics on /metrics
+          --rc-files string                    Path to local files to serve on the HTTP server
+          --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+          --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+          --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+          --rc-key string                      TLS PEM Private key
+          --rc-max-header-bytes int            Maximum size of request header (default 4096)
+          --rc-min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
+          --rc-no-auth                         Don't require auth for certain methods
+          --rc-pass string                     Password for authentication
+          --rc-realm string                    Realm for authentication
+          --rc-salt string                     Password hashing salt (default "dlPL2MqE")
+          --rc-serve                           Enable the serving of remote objects
+          --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+          --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+          --rc-template string                 User-specified template
+          --rc-user string                     User name for authentication
+          --rc-web-fetch-url string            URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
+          --rc-web-gui                         Launch WebGUI on localhost
+          --rc-web-gui-force-update            Force update to latest version of web gui
+          --rc-web-gui-no-open-browser         Don't open the browser automatically
+          --rc-web-gui-update                  Check and update to latest version of web gui
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -4674,7 +6007,10 @@ This is useful for tidying up remotes that rclone has left a lot of
 empty directories in. For example the delete command will delete files
 but leave the directory structure (unless used with option --rmdirs).
 
-To delete a path and any objects in it, use purge command.
+This will delete --checkers directories concurrently so if you have
+thousands of empty directories consider increasing this number.
+
+To delete a path and any objects in it, use the purge command.
 
     rclone rmdirs remote:path [flags]
 
@@ -4683,6 +6019,14 @@ Options
       -h, --help         help for rmdirs
           --leave-root   Do not remove root directory if empty
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -4697,7 +6041,8 @@ Synopsis
 
 This command downloads the latest release of rclone and replaces the
 currently running binary. The download is verified with a hashsum and
-cryptographically signed signature.
+cryptographically signed signature; see the release signing docs for
+details.
 
 If used without flags (or with implied --stable flag), this command will
 install the latest stable release. However, some issues may be fixed (or
@@ -4731,9 +6076,9 @@ correct for your OS) to update these too. This command with the default
 --package zip will update only the rclone executable so the local manual
 may become inaccurate after it.
 
-The rclone mount command (https://rclone.org/commands/rclone_mount/) may
-or may not support extended FUSE options depending on the build and OS.
-selfupdate will refuse to update if the capability would be discarded.
+The rclone mount command may or may not support extended FUSE options
+depending on the build and OS. selfupdate will refuse to update if the
+capability would be discarded.
 
 Note: Windows forbids deletion of a currently running executable so this
 command will rename the old executable to 'rclone.old.exe' upon success.
@@ -4790,7 +6135,9 @@ SEE ALSO
     API.
 -   rclone serve ftp - Serve remote:path over FTP.
 -   rclone serve http - Serve the remote over HTTP.
+-   rclone serve nfs - Serve the remote as an NFS mount
 -   rclone serve restic - Serve the remote for restic's REST API.
+-   rclone serve s3 - Serve remote:path over s3.
 -   rclone serve sftp - Serve the remote over SFTP.
 -   rclone serve webdav - Serve remote:path over WebDAV.
 
@@ -4820,9 +6167,7 @@ Use --name to choose the friendly server name, which is by default
 "rclone (hostname)".
 
 Use --log-trace in conjunction with -vv to enable additional debug
-logging of all UPNP traffic.
-
-VFS - Virtual File System
+logging of all UPNP traffic. ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
 that rclone uses into something which looks much more like a disk filing
@@ -4895,12 +6240,13 @@ write simultaneously to a file. See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with -vv rclone will print the location of the file cache. The
 files are stored in the user cache file area which is OS dependent but
@@ -4916,10 +6262,21 @@ and if they haven't been accessed for --vfs-write-back seconds. If
 rclone is quit or dies with files that haven't been uploaded, these will
 be uploaded next time rclone is run with the same flags.
 
-If using --vfs-cache-max-size note that the cache may exceed this size
-for two reasons. Firstly because it is only checked every
---vfs-cache-poll-interval. Secondly because open files cannot be evicted
-from the cache.
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
 
 You should not run two copies of rclone using the same VFS cache with
 the same or overlapping remotes if using --vfs-cache-mode > off. This
@@ -5162,8 +6519,9 @@ Options
           --read-only                              Only allow read-only access
           --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
           --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-          --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
           --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
           --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
           --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
           --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -5173,10 +6531,38 @@ Options
           --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
           --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
           --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
           --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
           --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
           --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -5226,8 +6612,7 @@ directory with book-keeping records of created and mounted volumes.
 All mount and VFS options are submitted by the docker daemon via API,
 but you can also provide defaults on the command line as well as set
 path to the config file and cache directory or adjust logging verbosity.
-
-VFS - Virtual File System
+## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
 that rclone uses into something which looks much more like a disk filing
@@ -5300,12 +6685,13 @@ write simultaneously to a file. See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with -vv rclone will print the location of the file cache. The
 files are stored in the user cache file area which is OS dependent but
@@ -5321,10 +6707,21 @@ and if they haven't been accessed for --vfs-write-back seconds. If
 rclone is quit or dies with files that haven't been uploaded, these will
 be uploaded next time rclone is run with the same flags.
 
-If using --vfs-cache-max-size note that the cache may exceed this size
-for two reasons. Firstly because it is only checked every
---vfs-cache-poll-interval. Secondly because open files cannot be evicted
-from the cache.
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
 
 You should not run two copies of rclone using the same VFS cache with
 the same or overlapping remotes if using --vfs-cache-mode > off. This
@@ -5570,6 +6967,7 @@ Options
           --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
       -h, --help                                   help for docker
           --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+          --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
           --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
           --no-checksum                            Don't compare checksums on up/download
           --no-modtime                             Don't read/write the modification time (can speed things up)
@@ -5584,8 +6982,9 @@ Options
           --socket-gid int                         GID for unix socket (default: current process GID) (default 1000)
           --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
           --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-          --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
           --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
           --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
           --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
           --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -5595,12 +6994,40 @@ Options
           --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
           --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
           --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
           --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
           --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
           --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
           --volname string                         Set the volume name (supported on Windows and OSX only)
           --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -5632,9 +7059,7 @@ Authentication
 By default this will serve files without needing a login.
 
 You can set a single username and password with the --user and --pass
-flags.
-
-VFS - Virtual File System
+flags. ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
 that rclone uses into something which looks much more like a disk filing
@@ -5707,12 +7132,13 @@ write simultaneously to a file. See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with -vv rclone will print the location of the file cache. The
 files are stored in the user cache file area which is OS dependent but
@@ -5728,10 +7154,21 @@ and if they haven't been accessed for --vfs-write-back seconds. If
 rclone is quit or dies with files that haven't been uploaded, these will
 be uploaded next time rclone is run with the same flags.
 
-If using --vfs-cache-max-size note that the cache may exceed this size
-for two reasons. Firstly because it is only checked every
---vfs-cache-poll-interval. Secondly because open files cannot be evicted
-from the cache.
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
 
 You should not run two copies of rclone using the same VFS cache with
 the same or overlapping remotes if using --vfs-cache-mode > off. This
@@ -6048,8 +7485,9 @@ Options
           --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
           --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
           --user string                            User name for authentication (default "anonymous")
-          --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
           --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
           --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
           --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
           --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -6059,10 +7497,38 @@ Options
           --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
           --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
           --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
           --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
           --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
           --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -6185,6 +7651,27 @@ be used within the template to server pages:
   -- .ModTime                         The UTC timestamp of an entry.
   -----------------------------------------------------------------------
 
+The server also makes the following functions available so that they can
+be used within the template. These functions help extend the options for
+dynamic rendering of HTML. They can be used to render HTML based on
+specific conditions.
+
+  -----------------------------------------------------------------------
+  Function                            Description
+  ----------------------------------- -----------------------------------
+  afterEpoch                          Returns the time since the epoch
+                                      for the given time.
+
+  contains                            Checks whether a given substring is
+                                      present or not in a given string.
+
+  hasPrefix                           Checks whether the given string
+                                      begins with the specified prefix.
+
+  hasSuffix                           Checks whether the given string end
+                                      with the specified suffix.
+  -----------------------------------------------------------------------
+
 Authentication
 
 By default this will serve files without needing a login.
@@ -6192,6 +7679,11 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or set
 a single username and password with the --user and --pass flags.
 
+If no static users are configured by either of the above methods, and
+client certificates are required by the --client-ca flag passed to the
+server, the client certificate common name will be considered as the
+username.
+
 Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is in
 standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication. Bcrypt is recommended.
@@ -6206,9 +7698,8 @@ The password file can be updated while rclone is running.
 
 Use --realm to set the authentication realm.
 
-Use --salt to change the password hashing salt from the default.
-
-VFS - Virtual File System
+Use --salt to change the password hashing salt from the default. ## VFS
+- Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
 that rclone uses into something which looks much more like a disk filing
@@ -6281,12 +7772,13 @@ write simultaneously to a file. See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with -vv rclone will print the location of the file cache. The
 files are stored in the user cache file area which is OS dependent but
@@ -6302,10 +7794,21 @@ and if they haven't been accessed for --vfs-write-back seconds. If
 rclone is quit or dies with files that haven't been uploaded, these will
 be uploaded next time rclone is run with the same flags.
 
-If using --vfs-cache-max-size note that the cache may exceed this size
-for two reasons. Firstly because it is only checked every
---vfs-cache-poll-interval. Secondly because open files cannot be evicted
-from the cache.
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
 
 You should not run two copies of rclone using the same VFS cache with
 the same or overlapping remotes if using --vfs-cache-mode > off. This
@@ -6603,6 +8106,7 @@ that rclone supports.
 Options
 
           --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+          --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
           --auth-proxy string                      A program to use to create the backend from the auth
           --baseurl string                         Prefix for URLs - leave blank for root
           --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -6630,8 +8134,9 @@ Options
           --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
           --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
           --user string                            User name for authentication
-          --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
           --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
           --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
           --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
           --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -6641,10 +8146,475 @@ Options
           --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
           --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
           --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
           --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
           --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
           --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+See the global flags page for global options not listed here.
+
+SEE ALSO
+
+-   rclone serve - Serve a remote over a protocol.
+
+rclone serve nfs
+
+Serve the remote as an NFS mount
+
+Synopsis
+
+Create an NFS server that serves the given remote over the network.
+
+The primary purpose for this command is to enable mount command on
+recent macOS versions where installing FUSE is very cumbersome.
+
+Since this is running on NFSv3, no authentication method is available.
+Any client will be able to access the data. To limit access, you can use
+serve NFS on loopback address and rely on secure tunnels (such as SSH).
+For this reason, by default, a random TCP port is chosen and loopback
+interface is used for the listening address; meaning that it is only
+available to the local machine. If you want other machines to access the
+NFS mount over local network, you need to specify the listening address
+and port using --addr flag.
+
+Modifying files through NFS protocol requires VFS caching. Usually you
+will need to specify --vfs-cache-mode in order to be able to write to
+the mountpoint (full is recommended). If you don't specify VFS cache
+mode, the mount will be read-only.
+
+To serve NFS over the network use following command:
+
+    rclone serve nfs remote: --addr 0.0.0.0:$PORT --vfs-cache-mode=full
+
+We specify a specific port that we can use in the mount command:
+
+To mount the server under Linux/macOS, use the following command:
+
+    mount -oport=$PORT,mountport=$PORT $HOSTNAME: path/to/mountpoint
+
+Where $PORT is the same port number we used in the serve nfs command.
+
+This feature is only available on Unix platforms.
+
+VFS - Virtual File System
+
+This command uses the VFS layer. This adapts the cloud storage objects
+that rclone uses into something which looks much more like a disk filing
+system.
+
+Cloud storage objects have lots of properties which aren't like disk
+files - you can't extend them or write to the middle of them, so the VFS
+layer has to deal with that. Because there is no one right way of doing
+this there are various options explained below.
+
+The VFS layer also implements a directory cache - this caches info about
+files and directories (but not the data) in memory.
+
+VFS Directory Cache
+
+Using the --dir-cache-time flag, you can control how long a directory
+should be considered up to date and not refreshed from the backend.
+Changes made through the VFS will appear immediately or invalidate the
+cache.
+
+    --dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+    --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
+
+However, changes made directly on the cloud storage by the web interface
+or a different copy of rclone will only be picked up once the directory
+cache expires if the backend configured does not support polling for
+changes. If the backend supports polling, changes will be picked up
+within the polling interval.
+
+You can send a SIGHUP signal to rclone for it to flush all directory
+caches, regardless of how old they are. Assuming only one rclone
+instance is running, you can reset the cache like this:
+
+    kill -SIGHUP $(pidof rclone)
+
+If you configure rclone with a remote control then you can use rclone rc
+to flush the whole directory cache:
+
+    rclone rc vfs/forget
+
+Or individual files or directories:
+
+    rclone rc vfs/forget file=path/to/file dir=path/to/dir
+
+VFS File Buffering
+
+The --buffer-size flag determines the amount of memory, that will be
+used to buffer data in advance.
+
+Each open file will try to keep the specified amount of data in memory
+at all times. The buffered data is bound to one open file and won't be
+shared.
+
+This flag is a upper limit for the used memory per open file. The buffer
+will only use memory for data that is downloaded but not not yet read.
+If the buffer is empty, only a small amount of memory will be used.
+
+The maximum memory used by rclone for buffering can be up to
+--buffer-size * open files.
+
+VFS File Caching
+
+These flags control the VFS file caching options. File caching is
+necessary to make the VFS layer appear compatible with a normal file
+system. It can be disabled at the cost of some compatibility.
+
+For example you'll need to enable VFS caching if you want to read and
+write simultaneously to a file. See below for more details.
+
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
+
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
+
+If run with -vv rclone will print the location of the file cache. The
+files are stored in the user cache file area which is OS dependent but
+can be controlled with --cache-dir or setting the appropriate
+environment variable.
+
+The cache has 4 different modes selected by --vfs-cache-mode. The higher
+the cache mode the more compatible rclone becomes at the cost of using
+disk space.
+
+Note that files are written back to the remote only when they are closed
+and if they haven't been accessed for --vfs-write-back seconds. If
+rclone is quit or dies with files that haven't been uploaded, these will
+be uploaded next time rclone is run with the same flags.
+
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
+
+You should not run two copies of rclone using the same VFS cache with
+the same or overlapping remotes if using --vfs-cache-mode > off. This
+can potentially cause data corruption if you do. You can work around
+this by giving each rclone its own cache hierarchy with --cache-dir. You
+don't need to worry about this if the remotes in use don't overlap.
+
+--vfs-cache-mode off
+
+In this mode (the default) the cache will read directly from the remote
+and write directly to the remote without caching anything on disk.
+
+This will mean some operations are not possible
+
+-   Files can't be opened for both read AND write
+-   Files opened for write can't be seeked
+-   Existing files opened for write must have O_TRUNC set
+-   Files open for read with O_TRUNC will be opened write only
+-   Files open for write only will behave as if O_TRUNC was supplied
+-   Open modes O_APPEND, O_TRUNC are ignored
+-   If an upload fails it can't be retried
+
+--vfs-cache-mode minimal
+
+This is very similar to "off" except that files opened for read AND
+write will be buffered to disk. This means that files opened for write
+will be a lot more compatible, but uses the minimal disk space.
+
+These operations are not possible
+
+-   Files opened for write only can't be seeked
+-   Existing files opened for write must have O_TRUNC set
+-   Files opened for write only will ignore O_APPEND, O_TRUNC
+-   If an upload fails it can't be retried
+
+--vfs-cache-mode writes
+
+In this mode files opened for read only are still read directly from the
+remote, write only and read/write files are buffered to disk first.
+
+This mode should support all normal file system operations.
+
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
+
+--vfs-cache-mode full
+
+In this mode all reads and writes are buffered to and from disk. When
+data is read from the remote this is buffered to disk as well.
+
+In this mode the files in the cache will be sparse files and rclone will
+keep track of which bits of the files it has downloaded.
+
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file. These files will appear to be
+their full size in the cache, but they will be sparse files with only
+the data that has been downloaded present in them.
+
+This mode should support all normal file system operations and is
+otherwise identical to --vfs-cache-mode writes.
+
+When reading a file rclone will read --buffer-size plus --vfs-read-ahead
+bytes ahead. The --buffer-size is buffered in memory whereas the
+--vfs-read-ahead is buffered on disk.
+
+When using this mode it is recommended that --buffer-size is not set too
+large and --vfs-read-ahead is set large if required.
+
+IMPORTANT not all file systems support sparse files. In particular
+FAT/exFAT do not. Rclone will perform very badly if the cache directory
+is on a filesystem which doesn't support sparse files and it will log an
+ERROR message if one is detected.
+
+Fingerprinting
+
+Various parts of the VFS use fingerprinting to see if a local file copy
+has changed relative to a remote file. Fingerprints are made from:
+
+-   size
+-   modification time
+-   hash
+
+where available on an object.
+
+On some backends some of these attributes are slow to read (they take an
+extra API call per object, or extra work per object).
+
+For example hash is slow with the local and sftp backends as they have
+to read the entire file and hash it, and modtime is slow with the s3,
+swift, ftp and qinqstor backends because they need to do an extra API
+call to fetch it.
+
+If you use the --vfs-fast-fingerprint flag then rclone will not include
+the slow operations in the fingerprint. This makes the fingerprinting
+less accurate but much faster and will improve the opening time of
+cached files.
+
+If you are running a vfs cache over local, s3 or swift backends then
+using this flag is recommended.
+
+Note that if you change the value of this flag, the fingerprints of the
+files in the cache may be invalidated and the files will need to be
+downloaded again.
+
+VFS Chunked Reading
+
+When rclone reads files from a remote it reads them in chunks. This
+means that rather than requesting the whole file rclone reads the chunk
+specified. This can reduce the used download quota for some remotes by
+requesting only chunks from the remote that are actually read, at the
+cost of an increased number of requests.
+
+These flags control the chunking:
+
+    --vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+    --vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
+
+Rclone will start reading a chunk of size --vfs-read-chunk-size, and
+then double the size for each read. When --vfs-read-chunk-size-limit is
+specified, and greater than --vfs-read-chunk-size, the chunk size for
+each open file will get doubled only until the specified value is
+reached. If the value is "off", which is the default, the limit is
+disabled and the chunk size will grow indefinitely.
+
+With --vfs-read-chunk-size 100M and --vfs-read-chunk-size-limit 0 the
+following parts will be downloaded: 0-100M, 100M-200M, 200M-300M,
+300M-400M and so on. When --vfs-read-chunk-size-limit 500M is specified,
+the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M,
+1200M-1700M and so on.
+
+Setting --vfs-read-chunk-size to 0 or "off" disables chunked reading.
+
+VFS Performance
+
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons. See also the chunked reading feature.
+
+In particular S3 and Swift benefit hugely from the --no-modtime flag (or
+use --use-server-modtime for a slightly different effect) as each read
+of the modification time takes a transaction.
+
+    --no-checksum     Don't compare checksums on up/download.
+    --no-modtime      Don't read/write the modification time (can speed things up).
+    --no-seek         Don't allow seeking in files.
+    --read-only       Only allow read-only access.
+
+Sometimes rclone is delivered reads or writes out of order. Rather than
+seeking rclone will wait a short time for the in sequence read or write
+to come in. These flags only come into effect when not using an on disk
+cache file.
+
+    --vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+    --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
+
+When using VFS write caching (--vfs-cache-mode with value writes or
+full), the global flag --transfers can be set to adjust the number of
+parallel uploads of modified files from the cache (the related global
+flag --checkers has no effect on the VFS).
+
+    --transfers int  Number of file transfers to run in parallel (default 4)
+
+VFS Case Sensitivity
+
+Linux file systems are case-sensitive: two files can differ only by
+case, and the exact case must be used when opening a file.
+
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case
+used to create the file is preserved and available for programs to
+query. It is not allowed for two files in the same directory to differ
+only by case.
+
+Usually file systems on macOS are case-insensitive. It is possible to
+make macOS file systems case-sensitive but that is not the default.
+
+The --vfs-case-insensitive VFS flag controls how rclone handles these
+two cases. If its value is "false", rclone passes file names to the
+remote as-is. If the flag is "true" (or appears without a value on the
+command line), rclone may perform a "fixup" as explained below.
+
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote. If an argument refers to an
+existing file with exactly the same name, then the case of the existing
+file on the disk will be used. However, if a file name with exactly the
+same name is not found but a name differing only by case exists, rclone
+will transparently fixup the name. This fixup happens only when an
+existing file is requested. Case sensitivity of file names created anew
+by rclone is controlled by the underlying remote.
+
+Note that case sensitivity of the operating system running rclone (the
+target) may differ from case sensitivity of a file system presented by
+rclone (the source). The flag controls whether "fixup" is performed to
+satisfy the target.
+
+If the flag is not provided on the command line, then its default value
+depends on the operating system where rclone runs: "true" on Windows and
+macOS, "false" otherwise. If the flag is provided without a value, then
+it is "true".
+
+VFS Disk Options
+
+This flag allows you to manually set the statistics about the filing
+system. It can be useful when those statistics cannot be read correctly
+automatically.
+
+    --vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
+
+Alternate report of used bytes
+
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running df on the
+filesystem, then pass the flag --vfs-used-is-size to rclone. With this
+flag set, instead of relying on the backend to report this information,
+rclone will scan the whole remote similar to rclone size and compute the
+total used space itself.
+
+WARNING. Contrary to rclone size, this flag ignores filters so that the
+result is accurate. However, this is very inefficient and may cost lots
+of API calls resulting in extra charges. Use it as a last resort and
+only with caching.
+
+    rclone serve nfs remote:path [flags]
+
+Options
+
+          --addr string                            IPaddress:Port or :Port to bind server to
+          --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+          --dir-perms FileMode                     Directory permissions (default 0777)
+          --file-perms FileMode                    File permissions (default 0666)
+          --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+      -h, --help                                   help for nfs
+          --no-checksum                            Don't compare checksums on up/download
+          --no-modtime                             Don't read/write the modification time (can speed things up)
+          --no-seek                                Don't allow seeking in files
+          --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+          --read-only                              Only allow read-only access
+          --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+          --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+          --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+          --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+          --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+          --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+          --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+          --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+          --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+          --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
+          --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
+          --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+          --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+          --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -6790,6 +8760,11 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or set
 a single username and password with the --user and --pass flags.
 
+If no static users are configured by either of the above methods, and
+client certificates are required by the --client-ca flag passed to the
+server, the client certificate common name will be considered as the
+username.
+
 Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is in
 standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication. Bcrypt is recommended.
@@ -6811,6 +8786,7 @@ Use --salt to change the password hashing salt from the default.
 Options
 
           --addr stringArray                IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+          --allow-origin string             Origin which cross-domain request (CORS) can be executed from
           --append-only                     Disallow deletion of repository data
           --baseurl string                  Prefix for URLs - leave blank for root
           --cache-objects                   Cache listed objects (default true)
@@ -6836,65 +8812,165 @@ SEE ALSO
 
 -   rclone serve - Serve a remote over a protocol.
 
-rclone serve sftp
+rclone serve s3
 
-Serve the remote over SFTP.
+Serve remote:path over s3.
 
 Synopsis
 
-Run an SFTP server to serve a remote over SFTP. This can be used with an
-SFTP client or you can make a remote of type sftp to use with it.
+serve s3 implements a basic s3 server that serves a remote via s3. This
+can be viewed with an s3 client, or you can make an s3 type remote to
+read and write to it with rclone.
 
-You can use the filter flags (e.g. --include, --exclude) to control what
-is served.
+serve s3 is considered Experimental so use with care.
 
-The server will respond to a small number of shell commands, mainly
-md5sum, sha1sum and df, which enable it to provide support for checksums
-and the about feature when accessed from an sftp remote.
+S3 server supports Signature Version 4 authentication. Just use
+--auth-key accessKey,secretKey and set the Authorization header
+correctly in the request. (See the AWS docs).
 
-Note that this server uses standard 32 KiB packet payload size, which
-means you must not configure the client to expect anything else, e.g.
-with the chunk_size option on an sftp remote.
+--auth-key can be repeated for multiple auth pairs. If --auth-key is not
+provided then serve s3 will allow anonymous access.
 
-The server will log errors. Use -v to see access logs.
+Please note that some clients may require HTTPS endpoints. See the SSL
+docs for more information.
 
---bwlimit will be respected for file transfers. Use --stats to control
-the stats printing.
+This command uses the VFS directory cache. All the functionality will
+work with --vfs-cache-mode off. Using --vfs-cache-mode full (or writes)
+can be used to cache objects locally to improve performance.
 
-You must provide some means of authentication, either with
---user/--pass, an authorized keys file (specify location with
---authorized-keys - the default is the same as ssh), an --auth-proxy, or
-set the --no-auth flag for no authentication when logging in.
+Use --force-path-style=false if you want to use the bucket name as a
+part of the hostname (such as mybucket.local)
 
-If you don't supply a host --key then rclone will generate rsa, ecdsa
-and ed25519 variants, and cache them for later use in rclone's cache
-directory (see rclone help flags cache-dir) in the "serve-sftp"
-directory.
+Use --etag-hash if you want to change the hash uses for the ETag. Note
+that using anything other than MD5 (the default) is likely to cause
+problems for S3 clients which rely on the Etag being the MD5.
 
-By default the server binds to localhost:2022 - if you want it to be
-reachable externally then supply --addr :2022 for example.
+Quickstart
 
-Note that the default of --vfs-cache-mode off is fine for the rclone
-sftp backend, but it may not be with other SFTP clients.
+For a simple set up, to serve remote:path over s3, run the server like
+this:
 
-If --stdio is specified, rclone will serve SFTP over stdio, which can be
-used with sshd via ~/.ssh/authorized_keys, for example:
+    rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
 
-    restrict,command="rclone serve sftp --stdio ./photos" ssh-rsa ...
+This will be compatible with an rclone remote which is defined like
+this:
 
-On the client you need to set --transfers 1 when using --stdio.
-Otherwise multiple instances of the rclone server are started by OpenSSH
-which can lead to "corrupted on transfer" errors. This is the case
-because the client chooses indiscriminately which server to send
-commands to while the servers all have different views of the state of
-the filing system.
+    [serves3]
+    type = s3
+    provider = Rclone
+    endpoint = http://127.0.0.1:8080/
+    access_key_id = ACCESS_KEY_ID
+    secret_access_key = SECRET_ACCESS_KEY
+    use_multipart_uploads = false
 
-The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from
-beeing used. Omitting "restrict" and using --sftp-path-override to
-enable checksumming is possible but less secure and you could use the
-SFTP server provided by OpenSSH in this case.
+Note that setting disable_multipart_uploads = true is to work around a
+bug which will be fixed in due course.
 
-VFS - Virtual File System
+Bugs
+
+When uploading multipart files serve s3 holds all the parts in memory
+(see #7453). This is a limitaton of the library rclone uses for serving
+S3 and will hopefully be fixed at some point.
+
+Multipart server side copies do not work (see #7454). These take a very
+long time and eventually fail. The default threshold for multipart
+server side copies is 5G which is the maximum it can be, so files above
+this side will fail to be server side copied.
+
+For a current list of serve s3 bugs see the serve s3 bug category on
+GitHub.
+
+Limitations
+
+serve s3 will treat all directories in the root as buckets and ignore
+all files in the root. You can use CreateBucket to create folders under
+the root, but you can't create empty folders under other folders not in
+the root.
+
+When using PutObject or DeleteObject, rclone will automatically create
+or clean up empty folders. If you don't want to clean up empty folders
+automatically, use --no-cleanup.
+
+When using ListObjects, rclone will use / when the delimiter is empty.
+This reduces backend requests with no effect on most operations, but if
+the delimiter is something other than / and empty, rclone will do a full
+recursive search of the backend, which can take some time.
+
+Versioning is not currently supported.
+
+Metadata will only be saved in memory other than the rclone mtime
+metadata which will be set as the modification time of the file.
+
+Supported operations
+
+serve s3 currently supports the following operations.
+
+-   Bucket
+    -   ListBuckets
+    -   CreateBucket
+    -   DeleteBucket
+-   Object
+    -   HeadObject
+    -   ListObjects
+    -   GetObject
+    -   PutObject
+    -   DeleteObject
+    -   DeleteObjects
+    -   CreateMultipartUpload
+    -   CompleteMultipartUpload
+    -   AbortMultipartUpload
+    -   CopyObject
+    -   UploadPart
+
+Other operations will return error Unimplemented.
+
+Server options
+
+Use --addr to specify which IP address and port the server should listen
+on, eg --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By
+default it only listens on localhost. You can use port :0 to let the OS
+choose an available port.
+
+If you set --addr to listen on a public or LAN accessible IP address
+then using Authentication is advised - see the next section for info.
+
+You can use a unix socket by setting the url to unix:///path/to/socket
+or just by using an absolute path name. Note that unix sockets bypass
+the authentication - this is expected to be done with file system
+permissions.
+
+--addr may be repeated to listen on multiple IPs/ports/sockets.
+
+--server-read-timeout and --server-write-timeout can be used to control
+the timeouts on the server. Note that this is the total time for a
+transfer.
+
+--max-header-bytes controls the maximum number of bytes the server will
+accept in the HTTP header.
+
+--baseurl controls the URL prefix that rclone serves from. By default
+rclone will serve from the root. If you used --baseurl "/rclone" then
+rclone would serve from a URL starting with "/rclone/". This is useful
+if you wish to proxy rclone serve. Rclone automatically inserts leading
+and trailing "/" on --baseurl, so --baseurl "rclone",
+--baseurl "/rclone" and --baseurl "/rclone/" are all treated
+identically.
+
+TLS (SSL)
+
+By default this will serve over http. If you want you can serve over
+https. You will need to supply the --cert and --key flags. If you wish
+to do client side certificate validation then you will need to supply
+--client-ca also.
+
+--cert should be a either a PEM encoded certificate or a concatenation
+of that with the CA certificate. --key should be the PEM encoded private
+key and --client-ca should be the PEM encoded client certificate
+authority certificate.
+
+--min-tls-version is minimum TLS version that is acceptable. Valid
+values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").
+## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
 that rclone uses into something which looks much more like a disk filing
@@ -6967,12 +9043,13 @@ write simultaneously to a file. See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with -vv rclone will print the location of the file cache. The
 files are stored in the user cache file area which is OS dependent but
@@ -6988,10 +9065,21 @@ and if they haven't been accessed for --vfs-write-back seconds. If
 rclone is quit or dies with files that haven't been uploaded, these will
 be uploaded next time rclone is run with the same flags.
 
-If using --vfs-cache-max-size note that the cache may exceed this size
-for two reasons. Firstly because it is only checked every
---vfs-cache-poll-interval. Secondly because open files cannot be evicted
-from the cache.
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
 
 You should not run two copies of rclone using the same VFS cache with
 the same or overlapping remotes if using --vfs-cache-mode > off. This
@@ -7213,22 +9301,491 @@ result is accurate. However, this is very inefficient and may cost lots
 of API calls resulting in extra charges. Use it as a last resort and
 only with caching.
 
-Auth Proxy
+    rclone serve s3 remote:path [flags]
 
-If you supply the parameter --auth-proxy /path/to/program then rclone
-will use that program to generate backends on the fly which then are
-used to authenticate incoming requests. This uses a simple JSON based
-protocol with input on STDIN and output on STDOUT.
+Options
 
-PLEASE NOTE: --auth-proxy and --authorized-keys cannot be used together,
-if --auth-proxy is set the authorized keys option will be ignored.
+          --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+          --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
+          --auth-key stringArray                   Set key pair for v4 authorization: access_key_id,secret_access_key
+          --baseurl string                         Prefix for URLs - leave blank for root
+          --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
+          --client-ca string                       Client certificate authority to verify clients with
+          --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+          --dir-perms FileMode                     Directory permissions (default 0777)
+          --etag-hash string                       Which hash to use for the ETag, or auto or blank for off (default "MD5")
+          --file-perms FileMode                    File permissions (default 0666)
+          --force-path-style                       If true use path style access if false use virtual hosted style (default true) (default true)
+          --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+      -h, --help                                   help for s3
+          --key string                             TLS PEM Private key
+          --max-header-bytes int                   Maximum size of request header (default 4096)
+          --min-tls-version string                 Minimum TLS version that is acceptable (default "tls1.0")
+          --no-checksum                            Don't compare checksums on up/download
+          --no-cleanup                             Not to cleanup empty folder after object is deleted
+          --no-modtime                             Don't read/write the modification time (can speed things up)
+          --no-seek                                Don't allow seeking in files
+          --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+          --read-only                              Only allow read-only access
+          --server-read-timeout Duration           Timeout for server reading data (default 1h0m0s)
+          --server-write-timeout Duration          Timeout for server writing data (default 1h0m0s)
+          --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+          --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+          --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+          --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+          --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+          --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+          --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+          --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+          --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+          --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
+          --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
+          --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+          --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+          --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 
-There is an example program bin/test_proxy.py in the rclone source code.
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 
-The program's job is to take a user and pass on the input and turn those
-into the config for a backend on STDOUT in JSON format. This config will
-have any default parameters for the backend added, but it won't use
-configuration from environment variables or command line options - it is
+See the global flags page for global options not listed here.
+
+SEE ALSO
+
+-   rclone serve - Serve a remote over a protocol.
+
+rclone serve sftp
+
+Serve the remote over SFTP.
+
+Synopsis
+
+Run an SFTP server to serve a remote over SFTP. This can be used with an
+SFTP client or you can make a remote of type sftp to use with it.
+
+You can use the filter flags (e.g. --include, --exclude) to control what
+is served.
+
+The server will respond to a small number of shell commands, mainly
+md5sum, sha1sum and df, which enable it to provide support for checksums
+and the about feature when accessed from an sftp remote.
+
+Note that this server uses standard 32 KiB packet payload size, which
+means you must not configure the client to expect anything else, e.g.
+with the chunk_size option on an sftp remote.
+
+The server will log errors. Use -v to see access logs.
+
+--bwlimit will be respected for file transfers. Use --stats to control
+the stats printing.
+
+You must provide some means of authentication, either with
+--user/--pass, an authorized keys file (specify location with
+--authorized-keys - the default is the same as ssh), an --auth-proxy, or
+set the --no-auth flag for no authentication when logging in.
+
+If you don't supply a host --key then rclone will generate rsa, ecdsa
+and ed25519 variants, and cache them for later use in rclone's cache
+directory (see rclone help flags cache-dir) in the "serve-sftp"
+directory.
+
+By default the server binds to localhost:2022 - if you want it to be
+reachable externally then supply --addr :2022 for example.
+
+Note that the default of --vfs-cache-mode off is fine for the rclone
+sftp backend, but it may not be with other SFTP clients.
+
+If --stdio is specified, rclone will serve SFTP over stdio, which can be
+used with sshd via ~/.ssh/authorized_keys, for example:
+
+    restrict,command="rclone serve sftp --stdio ./photos" ssh-rsa ...
+
+On the client you need to set --transfers 1 when using --stdio.
+Otherwise multiple instances of the rclone server are started by OpenSSH
+which can lead to "corrupted on transfer" errors. This is the case
+because the client chooses indiscriminately which server to send
+commands to while the servers all have different views of the state of
+the filing system.
+
+The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from
+being used. Omitting "restrict" and using --sftp-path-override to enable
+checksumming is possible but less secure and you could use the SFTP
+server provided by OpenSSH in this case.
+
+VFS - Virtual File System
+
+This command uses the VFS layer. This adapts the cloud storage objects
+that rclone uses into something which looks much more like a disk filing
+system.
+
+Cloud storage objects have lots of properties which aren't like disk
+files - you can't extend them or write to the middle of them, so the VFS
+layer has to deal with that. Because there is no one right way of doing
+this there are various options explained below.
+
+The VFS layer also implements a directory cache - this caches info about
+files and directories (but not the data) in memory.
+
+VFS Directory Cache
+
+Using the --dir-cache-time flag, you can control how long a directory
+should be considered up to date and not refreshed from the backend.
+Changes made through the VFS will appear immediately or invalidate the
+cache.
+
+    --dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+    --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
+
+However, changes made directly on the cloud storage by the web interface
+or a different copy of rclone will only be picked up once the directory
+cache expires if the backend configured does not support polling for
+changes. If the backend supports polling, changes will be picked up
+within the polling interval.
+
+You can send a SIGHUP signal to rclone for it to flush all directory
+caches, regardless of how old they are. Assuming only one rclone
+instance is running, you can reset the cache like this:
+
+    kill -SIGHUP $(pidof rclone)
+
+If you configure rclone with a remote control then you can use rclone rc
+to flush the whole directory cache:
+
+    rclone rc vfs/forget
+
+Or individual files or directories:
+
+    rclone rc vfs/forget file=path/to/file dir=path/to/dir
+
+VFS File Buffering
+
+The --buffer-size flag determines the amount of memory, that will be
+used to buffer data in advance.
+
+Each open file will try to keep the specified amount of data in memory
+at all times. The buffered data is bound to one open file and won't be
+shared.
+
+This flag is a upper limit for the used memory per open file. The buffer
+will only use memory for data that is downloaded but not not yet read.
+If the buffer is empty, only a small amount of memory will be used.
+
+The maximum memory used by rclone for buffering can be up to
+--buffer-size * open files.
+
+VFS File Caching
+
+These flags control the VFS file caching options. File caching is
+necessary to make the VFS layer appear compatible with a normal file
+system. It can be disabled at the cost of some compatibility.
+
+For example you'll need to enable VFS caching if you want to read and
+write simultaneously to a file. See below for more details.
+
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
+
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
+
+If run with -vv rclone will print the location of the file cache. The
+files are stored in the user cache file area which is OS dependent but
+can be controlled with --cache-dir or setting the appropriate
+environment variable.
+
+The cache has 4 different modes selected by --vfs-cache-mode. The higher
+the cache mode the more compatible rclone becomes at the cost of using
+disk space.
+
+Note that files are written back to the remote only when they are closed
+and if they haven't been accessed for --vfs-write-back seconds. If
+rclone is quit or dies with files that haven't been uploaded, these will
+be uploaded next time rclone is run with the same flags.
+
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
+
+You should not run two copies of rclone using the same VFS cache with
+the same or overlapping remotes if using --vfs-cache-mode > off. This
+can potentially cause data corruption if you do. You can work around
+this by giving each rclone its own cache hierarchy with --cache-dir. You
+don't need to worry about this if the remotes in use don't overlap.
+
+--vfs-cache-mode off
+
+In this mode (the default) the cache will read directly from the remote
+and write directly to the remote without caching anything on disk.
+
+This will mean some operations are not possible
+
+-   Files can't be opened for both read AND write
+-   Files opened for write can't be seeked
+-   Existing files opened for write must have O_TRUNC set
+-   Files open for read with O_TRUNC will be opened write only
+-   Files open for write only will behave as if O_TRUNC was supplied
+-   Open modes O_APPEND, O_TRUNC are ignored
+-   If an upload fails it can't be retried
+
+--vfs-cache-mode minimal
+
+This is very similar to "off" except that files opened for read AND
+write will be buffered to disk. This means that files opened for write
+will be a lot more compatible, but uses the minimal disk space.
+
+These operations are not possible
+
+-   Files opened for write only can't be seeked
+-   Existing files opened for write must have O_TRUNC set
+-   Files opened for write only will ignore O_APPEND, O_TRUNC
+-   If an upload fails it can't be retried
+
+--vfs-cache-mode writes
+
+In this mode files opened for read only are still read directly from the
+remote, write only and read/write files are buffered to disk first.
+
+This mode should support all normal file system operations.
+
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
+
+--vfs-cache-mode full
+
+In this mode all reads and writes are buffered to and from disk. When
+data is read from the remote this is buffered to disk as well.
+
+In this mode the files in the cache will be sparse files and rclone will
+keep track of which bits of the files it has downloaded.
+
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file. These files will appear to be
+their full size in the cache, but they will be sparse files with only
+the data that has been downloaded present in them.
+
+This mode should support all normal file system operations and is
+otherwise identical to --vfs-cache-mode writes.
+
+When reading a file rclone will read --buffer-size plus --vfs-read-ahead
+bytes ahead. The --buffer-size is buffered in memory whereas the
+--vfs-read-ahead is buffered on disk.
+
+When using this mode it is recommended that --buffer-size is not set too
+large and --vfs-read-ahead is set large if required.
+
+IMPORTANT not all file systems support sparse files. In particular
+FAT/exFAT do not. Rclone will perform very badly if the cache directory
+is on a filesystem which doesn't support sparse files and it will log an
+ERROR message if one is detected.
+
+Fingerprinting
+
+Various parts of the VFS use fingerprinting to see if a local file copy
+has changed relative to a remote file. Fingerprints are made from:
+
+-   size
+-   modification time
+-   hash
+
+where available on an object.
+
+On some backends some of these attributes are slow to read (they take an
+extra API call per object, or extra work per object).
+
+For example hash is slow with the local and sftp backends as they have
+to read the entire file and hash it, and modtime is slow with the s3,
+swift, ftp and qinqstor backends because they need to do an extra API
+call to fetch it.
+
+If you use the --vfs-fast-fingerprint flag then rclone will not include
+the slow operations in the fingerprint. This makes the fingerprinting
+less accurate but much faster and will improve the opening time of
+cached files.
+
+If you are running a vfs cache over local, s3 or swift backends then
+using this flag is recommended.
+
+Note that if you change the value of this flag, the fingerprints of the
+files in the cache may be invalidated and the files will need to be
+downloaded again.
+
+VFS Chunked Reading
+
+When rclone reads files from a remote it reads them in chunks. This
+means that rather than requesting the whole file rclone reads the chunk
+specified. This can reduce the used download quota for some remotes by
+requesting only chunks from the remote that are actually read, at the
+cost of an increased number of requests.
+
+These flags control the chunking:
+
+    --vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+    --vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
+
+Rclone will start reading a chunk of size --vfs-read-chunk-size, and
+then double the size for each read. When --vfs-read-chunk-size-limit is
+specified, and greater than --vfs-read-chunk-size, the chunk size for
+each open file will get doubled only until the specified value is
+reached. If the value is "off", which is the default, the limit is
+disabled and the chunk size will grow indefinitely.
+
+With --vfs-read-chunk-size 100M and --vfs-read-chunk-size-limit 0 the
+following parts will be downloaded: 0-100M, 100M-200M, 200M-300M,
+300M-400M and so on. When --vfs-read-chunk-size-limit 500M is specified,
+the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M,
+1200M-1700M and so on.
+
+Setting --vfs-read-chunk-size to 0 or "off" disables chunked reading.
+
+VFS Performance
+
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons. See also the chunked reading feature.
+
+In particular S3 and Swift benefit hugely from the --no-modtime flag (or
+use --use-server-modtime for a slightly different effect) as each read
+of the modification time takes a transaction.
+
+    --no-checksum     Don't compare checksums on up/download.
+    --no-modtime      Don't read/write the modification time (can speed things up).
+    --no-seek         Don't allow seeking in files.
+    --read-only       Only allow read-only access.
+
+Sometimes rclone is delivered reads or writes out of order. Rather than
+seeking rclone will wait a short time for the in sequence read or write
+to come in. These flags only come into effect when not using an on disk
+cache file.
+
+    --vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+    --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
+
+When using VFS write caching (--vfs-cache-mode with value writes or
+full), the global flag --transfers can be set to adjust the number of
+parallel uploads of modified files from the cache (the related global
+flag --checkers has no effect on the VFS).
+
+    --transfers int  Number of file transfers to run in parallel (default 4)
+
+VFS Case Sensitivity
+
+Linux file systems are case-sensitive: two files can differ only by
+case, and the exact case must be used when opening a file.
+
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case
+used to create the file is preserved and available for programs to
+query. It is not allowed for two files in the same directory to differ
+only by case.
+
+Usually file systems on macOS are case-insensitive. It is possible to
+make macOS file systems case-sensitive but that is not the default.
+
+The --vfs-case-insensitive VFS flag controls how rclone handles these
+two cases. If its value is "false", rclone passes file names to the
+remote as-is. If the flag is "true" (or appears without a value on the
+command line), rclone may perform a "fixup" as explained below.
+
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote. If an argument refers to an
+existing file with exactly the same name, then the case of the existing
+file on the disk will be used. However, if a file name with exactly the
+same name is not found but a name differing only by case exists, rclone
+will transparently fixup the name. This fixup happens only when an
+existing file is requested. Case sensitivity of file names created anew
+by rclone is controlled by the underlying remote.
+
+Note that case sensitivity of the operating system running rclone (the
+target) may differ from case sensitivity of a file system presented by
+rclone (the source). The flag controls whether "fixup" is performed to
+satisfy the target.
+
+If the flag is not provided on the command line, then its default value
+depends on the operating system where rclone runs: "true" on Windows and
+macOS, "false" otherwise. If the flag is provided without a value, then
+it is "true".
+
+VFS Disk Options
+
+This flag allows you to manually set the statistics about the filing
+system. It can be useful when those statistics cannot be read correctly
+automatically.
+
+    --vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
+
+Alternate report of used bytes
+
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running df on the
+filesystem, then pass the flag --vfs-used-is-size to rclone. With this
+flag set, instead of relying on the backend to report this information,
+rclone will scan the whole remote similar to rclone size and compute the
+total used space itself.
+
+WARNING. Contrary to rclone size, this flag ignores filters so that the
+result is accurate. However, this is very inefficient and may cost lots
+of API calls resulting in extra charges. Use it as a last resort and
+only with caching.
+
+Auth Proxy
+
+If you supply the parameter --auth-proxy /path/to/program then rclone
+will use that program to generate backends on the fly which then are
+used to authenticate incoming requests. This uses a simple JSON based
+protocol with input on STDIN and output on STDOUT.
+
+PLEASE NOTE: --auth-proxy and --authorized-keys cannot be used together,
+if --auth-proxy is set the authorized keys option will be ignored.
+
+There is an example program bin/test_proxy.py in the rclone source code.
+
+The program's job is to take a user and pass on the input and turn those
+into the config for a backend on STDOUT in JSON format. This config will
+have any default parameters for the backend added, but it won't use
+configuration from environment variables or command line options - it is
 the job of the proxy program to make a complete config.
 
 This config generated must have this extra parameter - _root - root to
@@ -7308,8 +9865,9 @@ Options
           --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
           --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
           --user string                            User name for authentication
-          --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
           --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
           --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
           --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
           --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -7319,10 +9877,38 @@ Options
           --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
           --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
           --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
           --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
           --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
           --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -7475,6 +10061,27 @@ be used within the template to server pages:
   -- .ModTime                         The UTC timestamp of an entry.
   -----------------------------------------------------------------------
 
+The server also makes the following functions available so that they can
+be used within the template. These functions help extend the options for
+dynamic rendering of HTML. They can be used to render HTML based on
+specific conditions.
+
+  -----------------------------------------------------------------------
+  Function                            Description
+  ----------------------------------- -----------------------------------
+  afterEpoch                          Returns the time since the epoch
+                                      for the given time.
+
+  contains                            Checks whether a given substring is
+                                      present or not in a given string.
+
+  hasPrefix                           Checks whether the given string
+                                      begins with the specified prefix.
+
+  hasSuffix                           Checks whether the given string end
+                                      with the specified suffix.
+  -----------------------------------------------------------------------
+
 Authentication
 
 By default this will serve files without needing a login.
@@ -7482,6 +10089,11 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or set
 a single username and password with the --user and --pass flags.
 
+If no static users are configured by either of the above methods, and
+client certificates are required by the --client-ca flag passed to the
+server, the client certificate common name will be considered as the
+username.
+
 Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is in
 standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication. Bcrypt is recommended.
@@ -7496,9 +10108,8 @@ The password file can be updated while rclone is running.
 
 Use --realm to set the authentication realm.
 
-Use --salt to change the password hashing salt from the default.
-
-VFS - Virtual File System
+Use --salt to change the password hashing salt from the default. ## VFS
+- Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
 that rclone uses into something which looks much more like a disk filing
@@ -7571,12 +10182,13 @@ write simultaneously to a file. See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with -vv rclone will print the location of the file cache. The
 files are stored in the user cache file area which is OS dependent but
@@ -7592,10 +10204,21 @@ and if they haven't been accessed for --vfs-write-back seconds. If
 rclone is quit or dies with files that haven't been uploaded, these will
 be uploaded next time rclone is run with the same flags.
 
-If using --vfs-cache-max-size note that the cache may exceed this size
-for two reasons. Firstly because it is only checked every
---vfs-cache-poll-interval. Secondly because open files cannot be evicted
-from the cache.
+If using --vfs-cache-max-size or --vfs-cache-min-free-size note that the
+cache may exceed these quotas for two reasons. Firstly because it is
+only checked every --vfs-cache-poll-interval. Secondly because open
+files cannot be evicted from the cache. When --vfs-cache-max-size or
+--vfs-cache-min-free-size is exceeded, rclone will attempt to evict the
+least accessed files from the cache first. rclone will start with files
+that haven't been accessed for the longest. This cache flushing strategy
+is efficient and more relevant files are likely to remain cached.
+
+The --vfs-cache-max-age will evict files from the cache after the set
+time since last access has passed. The default value of 1 hour will
+start evicting files from cache that haven't been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting. Specify the time with standard
+notation, s, m, h, d, w .
 
 You should not run two copies of rclone using the same VFS cache with
 the same or overlapping remotes if using --vfs-cache-mode > off. This
@@ -7893,6 +10516,7 @@ that rclone supports.
 Options
 
           --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+          --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
           --auth-proxy string                      A program to use to create the backend from the auth
           --baseurl string                         Prefix for URLs - leave blank for root
           --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -7922,8 +10546,9 @@ Options
           --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
           --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
           --user string                            User name for authentication
-          --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+          --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
           --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+          --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
           --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
           --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
           --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -7933,10 +10558,38 @@ Options
           --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
           --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
           --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+          --vfs-refresh                            Refreshes the directory cache recursively on start
           --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
           --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
           --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -7992,7 +10645,7 @@ Synopsis
 
 Rclone test is used to run test commands.
 
-Select which test comand you want with the subcommand, eg
+Select which test command you want with the subcommand, eg
 
     rclone test memory remote:
 
@@ -8080,6 +10733,7 @@ NB this can create undeletable files and other hazards - use with care
 Options
 
           --all                    Run all tests
+          --check-base32768        Check can store all possible base32768 characters
           --check-control          Check control characters
           --check-length           Check max filename length
           --check-normalization    Check UTF-8 Normalization
@@ -8197,6 +10851,48 @@ Options
       -R, --recursive          Recursively touch all files
       -t, --timestamp string   Use specified time instead of the current time of day
 
+Important Options
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -8259,6 +10955,40 @@ Options
       -U, --unsorted        Leave files unsorted
           --version         Sort files alphanumerically by version
 
+Filter Options
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing Options
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
 See the global flags page for global options not listed here.
 
 SEE ALSO
@@ -8471,6 +11201,11 @@ them. This is mostly a problem on Windows, where the console
 traditionally uses a non-Unicode character set - defined by the
 so-called "code page".
 
+Do not use single character names on Windows as it creates ambiguity
+with Windows drives' names, e.g.: remote called C is indistinguishable
+from C drive. Rclone will always assume that single letter name refers
+to a drive.
+
 Quoting and the shell
 
 When you are typing commands to your computer you are using something
@@ -8581,6 +11316,10 @@ Note that arbitrary metadata may be added to objects using the
 --metadata-set key=value flag when the object is first uploaded. This
 flag can be repeated as many times as necessary.
 
+The --metadata-mapper flag can be used to pass the name of a program in
+which can transform metadata when it is being copied from source to
+destination.
+
 Types of metadata
 
 Metadata is divided into two type. System metadata and User metadata.
@@ -8673,6 +11412,9 @@ backend may implement.
   btime                              Time of file creation 2006-01-02T15:04:05.999999999Z07:00
                                      (birth): RFC 3339     
 
+  utime                              Time of file upload:  2006-01-02T15:04:05.999999999Z07:00
+                                     RFC 3339              
+
   cache-control                      Cache-Control header  no-cache
 
   content-disposition                Content-Disposition   inline
@@ -8775,6 +11517,9 @@ address (1.2.3.4), an IPv6 address (1234::789A) or host name. If the
 host name doesn't resolve or resolves to more than one IP address it
 will give an error.
 
+You can use --bind 0.0.0.0 to force rclone to use IPv4 addresses and
+--bind ::0 to force rclone to use IPv6 addresses.
+
 --bwlimit=BANDWIDTH_SPEC
 
 This option controls the bandwidth limit. For example
@@ -8974,7 +11719,7 @@ are incorrect as it would normally.
 
 --color WHEN
 
-Specifiy when colors (and other ANSI codes) should be added to the
+Specify when colors (and other ANSI codes) should be added to the
 output.
 
 AUTO (default) only allows ANSI codes when the output is a terminal
@@ -9084,6 +11829,22 @@ You may also choose to encrypt the file.
 When token-based authentication are used, the configuration file must be
 writable, because rclone needs to update the tokens inside it.
 
+To reduce risk of corrupting an existing configuration file, rclone will
+not write directly to it when saving changes. Instead it will first
+write to a new, temporary, file. If a configuration file already
+existed, it will (on Unix systems) try to mirror its permissions to the
+new file. Then it will rename the existing file to a temporary name as
+backup. Next, rclone will rename the new file to the correct name,
+before finally cleaning up by deleting the backup file.
+
+If the configuration file path used by rclone is a symbolic link, then
+this will be evaluated and rclone will write to the resolved path,
+instead of overwriting the symbolic link. Temporary files used in the
+process (described above) will be written to the same parent directory
+as that of the resolved configuration file, but if this directory is
+also a symbolic link it will not be resolved and the temporary files
+will be written to the location of the directory symbolic link.
+
 --contimeout=TIME
 
 Set the connection timeout. This should be in go time format which looks
@@ -9113,6 +11874,18 @@ oldest, rename. The default is interactive.
 See the dedupe command for more information as to what these options
 mean.
 
+--default-time TIME
+
+If a file or directory does have a modification time rclone can read
+then rclone will display this fixed time instead.
+
+The default is 2000-01-01 00:00:00 UTC. This can be configured in any of
+the ways shown in the time or duration options.
+
+For example --default-time 2020-06-01 to set the default time to the 1st
+of June 2020 or --default-time 0s to set the default time to the time
+rclone started up.
+
 --disable FEATURE,FEATURE,...
 
 This disables a comma separated list of optional features. For example
@@ -9126,9 +11899,23 @@ To see a list of which features can be disabled use:
 
     --disable help
 
+The features a remote has can be seen in JSON format with:
+
+    rclone backend features remote:
+
 See the overview features and optional features to get an idea of which
 feature does what.
 
+Note that some features can be set to true if they are true/false
+feature flag features by prefixing them with !. For example the
+CaseInsensitive feature can be forced to false with
+--disable CaseInsensitive and forced to true with
+--disable '!CaseInsensitive'. In general it isn't a good idea doing this
+but it may be useful in extremis.
+
+(Note that ! is a shell command which you will need to escape with
+single quotes or a backslash on unix like platforms.)
+
 This flag can be useful for debugging and in exceptional circumstances
 (e.g. Google Drive limiting the total volume of Server Side Copies to
 100 GiB/day).
@@ -9348,6 +12135,49 @@ This can be useful as an additional layer of protection for immutable or
 append-only data sets (notably backup archives), where modification
 implies corruption and should not be propagated.
 
+--inplace
+
+The --inplace flag changes the behaviour of rclone when uploading files
+to some backends (backends with the PartialUploads feature flag set)
+such as:
+
+-   local
+-   ftp
+-   sftp
+
+Without --inplace (the default) rclone will first upload to a temporary
+file with an extension like this, where XXXXXX represents a random
+string and .partial is --partial-suffix value (.partial by default).
+
+    original-file-name.XXXXXX.partial
+
+(rclone will make sure the final name is no longer than 100 characters
+by truncating the original-file-name part if necessary).
+
+When the upload is complete, rclone will rename the .partial file to the
+correct name, overwriting any existing file at that point. If the upload
+fails then the .partial file will be deleted.
+
+This prevents other users of the backend from seeing partially uploaded
+files in their new names and prevents overwriting the old file until the
+new one is completely uploaded.
+
+If the --inplace flag is supplied, rclone will upload directly to the
+final name without creating a .partial file.
+
+This means that an incomplete file will be visible in the directory
+listings while the upload is in progress and any existing files will be
+overwritten as soon as the upload starts. If the transfer fails then the
+file will be deleted. This can cause data loss of the existing file if
+the transfer fails.
+
+Note that on the local file system if you don't use --inplace hard links
+(Unix only) will be broken. And if you do use --inplace you won't be
+able to update in use executables.
+
+Note also that versions of rclone prior to v1.63.0 behave as if the
+--inplace flag is always supplied.
+
 -i, --interactive
 
 This flag can be used to tell rclone that you wish a manual confirmation
@@ -9497,48 +12327,154 @@ happen.
 
 --max-duration=TIME
 
-Rclone will stop scheduling new transfers when it has run for the
-duration specified.
-
-Defaults to off.
+Rclone will stop transferring when it has run for the duration
+specified. Defaults to off.
 
-When the limit is reached any existing transfers will complete.
+When the limit is reached all transfers will stop immediately. Use
+--cutoff-mode to modify this behaviour.
 
-Rclone won't exit with an error if the transfer limit is reached.
+Rclone will exit with exit code 10 if the duration limit is reached.
 
 --max-transfer=SIZE
 
 Rclone will stop transferring when it has reached the size specified.
 Defaults to off.
 
-When the limit is reached all transfers will stop immediately.
+When the limit is reached all transfers will stop immediately. Use
+--cutoff-mode to modify this behaviour.
 
 Rclone will exit with exit code 8 if the transfer limit is reached.
 
+--cutoff-mode=hard|soft|cautious
+
+This modifies the behavior of --max-transfer and --max-duration Defaults
+to --cutoff-mode=hard.
+
+Specifying --cutoff-mode=hard will stop transferring immediately when
+Rclone reaches the limit.
+
+Specifying --cutoff-mode=soft will stop starting new transfers when
+Rclone reaches the limit.
+
+Specifying --cutoff-mode=cautious will try to prevent Rclone from
+reaching the limit. Only applicable for --max-transfer
+
 -M, --metadata
 
 Setting this flag enables rclone to copy the metadata from the source to
 the destination. For local backends this is ownership, permissions,
-xattr etc. See the #metadata for more info.
+xattr etc. See the metadata section for more info.
+
+--metadata-mapper SpaceSepList
+
+If you supply the parameter --metadata-mapper /path/to/program then
+rclone will use that program to map metadata from source object to
+destination object.
+
+The argument to this flag should be a command with an optional space
+separated list of arguments. If one of the arguments has a space in then
+enclose it in ", if you want a literal " in an argument then enclose the
+argument in " and double the ". See CSV encoding for more info.
+
+    --metadata-mapper "python bin/test_metadata_mapper.py"
+    --metadata-mapper 'python bin/test_metadata_mapper.py "argument with a space"'
+    --metadata-mapper 'python bin/test_metadata_mapper.py "argument with ""two"" quotes"'
+
+This uses a simple JSON based protocol with input on STDIN and output on
+STDOUT. This will be called for every file and directory copied and may
+be called concurrently.
+
+The program's job is to take a metadata blob on the input and turn it
+into a metadata blob on the output suitable for the destination backend.
+
+Input to the program (via STDIN) might look like this. This provides
+some context for the Metadata which may be important.
+
+-   SrcFs is the config string for the remote that the object is
+    currently on.
+-   SrcFsType is the name of the source backend.
+-   DstFs is the config string for the remote that the object is being
+    copied to
+-   DstFsType is the name of the destination backend.
+-   Remote is the path of the file relative to the root.
+-   Size, MimeType, ModTime are attributes of the file.
+-   IsDir is true if this is a directory (not yet implemented).
+-   ID is the source ID of the file if known.
+-   Metadata is the backend specific metadata as described in the
+    backend docs.
 
---metadata-set key=value
+    {
+        "SrcFs": "gdrive:",
+        "SrcFsType": "drive",
+        "DstFs": "newdrive:user",
+        "DstFsType": "onedrive",
+        "Remote": "test.txt",
+        "Size": 6,
+        "MimeType": "text/plain; charset=utf-8",
+        "ModTime": "2022-10-11T17:53:10.286745272+01:00",
+        "IsDir": false,
+        "ID": "xyz",
+        "Metadata": {
+            "btime": "2022-10-11T16:53:11Z",
+            "content-type": "text/plain; charset=utf-8",
+            "mtime": "2022-10-11T17:53:10.286745272+01:00",
+            "owner": "user1@domain1.com",
+            "permissions": "...",
+            "description": "my nice file",
+            "starred": "false"
+        }
+    }
 
-Add metadata key = value when uploading. This can be repeated as many
-times as required. See the #metadata for more info.
+The program should then modify the input as desired and send it to
+STDOUT. The returned Metadata field will be used in its entirety for the
+destination object. Any other fields will be ignored. Note in this
+example we translate user names and permissions and add something to the
+description:
 
---cutoff-mode=hard|soft|cautious
+    {
+        "Metadata": {
+            "btime": "2022-10-11T16:53:11Z",
+            "content-type": "text/plain; charset=utf-8",
+            "mtime": "2022-10-11T17:53:10.286745272+01:00",
+            "owner": "user1@domain2.com",
+            "permissions": "...",
+            "description": "my nice file [migrated from domain1]",
+            "starred": "false"
+        }
+    }
 
-This modifies the behavior of --max-transfer Defaults to
---cutoff-mode=hard.
+Metadata can be removed here too.
 
-Specifying --cutoff-mode=hard will stop transferring immediately when
-Rclone reaches the limit.
+An example python program might look something like this to implement
+the above transformations.
 
-Specifying --cutoff-mode=soft will stop starting new transfers when
-Rclone reaches the limit.
+    import sys, json
 
-Specifying --cutoff-mode=cautious will try to prevent Rclone from
-reaching the limit.
+    i = json.load(sys.stdin)
+    metadata = i["Metadata"]
+    # Add tag to description
+    if "description" in metadata:
+        metadata["description"] += " [migrated from domain1]"
+    else:
+        metadata["description"] = "[migrated from domain1]"
+    # Modify owner
+    if "owner" in metadata:
+        metadata["owner"] = metadata["owner"].replace("domain1.com", "domain2.com")
+    o = { "Metadata": metadata }
+    json.dump(o, sys.stdout, indent="\t")
+
+You can find this example (slightly expanded) in the rclone source code
+at bin/test_metadata_mapper.py.
+
+If you want to see the input to the metadata mapper and the output
+returned from it in the log you can use -vv --dump mapper.
+
+See the metadata section for more info.
+
+--metadata-set key=value
+
+Add metadata key = value when uploading. This can be repeated as many
+times as required. See the metadata section for more info.
 
 --modify-window=TIME
 
@@ -9552,55 +12488,80 @@ reading and writing to an OS X filing system this will be 1s by default.
 
 This command line flag allows you to override that computed default.
 
+--multi-thread-write-buffer-size=SIZE
+
+When transferring with multiple threads, rclone will buffer SIZE bytes
+in memory before writing to disk for each thread.
+
+This can improve performance if the underlying filesystem does not deal
+well with a lot of small writes in different positions of the file, so
+if you see transfers being limited by disk write speed, you might want
+to experiment with different values. Specially for magnetic drives and
+remote file systems a higher value can be useful.
+
+Nevertheless, the default of 128k should be fine for almost all use
+cases, so before changing it ensure that network is not really your
+bottleneck.
+
+As a final hint, size is not the only factor: block size (or similar
+concept) can have an impact. In one case, we observed that exact
+multiples of 16k performed much better than other values.
+
+--multi-thread-chunk-size=SizeSuffix
+
+Normally the chunk size for multi thread transfers is set by the
+backend. However some backends such as local and smb (which implement
+OpenWriterAt but not OpenChunkWriter) don't have a natural chunk size.
+
+In this case the value of this option is used (default 64Mi).
+
 --multi-thread-cutoff=SIZE
 
-When downloading files to the local backend above this size, rclone will
-use multiple threads to download the file (default 250M).
+When transferring files above SIZE to capable backends, rclone will use
+multiple threads to transfer the file (default 256M).
 
-Rclone preallocates the file (using fallocate(FALLOC_FL_KEEP_SIZE) on
-unix or NTSetInformationFile on Windows both of which takes no time)
-then each thread writes directly into the file at the correct place.
-This means that rclone won't create fragmented or sparse files and there
-won't be any assembly time at the end of the transfer.
+Capable backends are marked in the overview as MultithreadUpload. (They
+need to implement either the OpenWriterAt or OpenChunkedWriter internal
+interfaces). These include include, local, s3, azureblob, b2,
+oracleobjectstorage and smb at the time of writing.
 
-The number of threads used to download is controlled by
+On the local disk, rclone preallocates the file (using
+fallocate(FALLOC_FL_KEEP_SIZE) on unix or NTSetInformationFile on
+Windows both of which takes no time) then each thread writes directly
+into the file at the correct place. This means that rclone won't create
+fragmented or sparse files and there won't be any assembly time at the
+end of the transfer.
+
+The number of threads used to transfer is controlled by
 --multi-thread-streams.
 
 Use -vv if you wish to see info about the threads.
 
 This will work with the sync/copy/move commands and friends
-copyto/moveto. Multi thread downloads will be used with rclone mount and
+copyto/moveto. Multi thread transfers will be used with rclone mount and
 rclone serve if --vfs-cache-mode is set to writes or above.
 
-NB that this only works for a local destination but will work with any
-source.
+NB that this only works with supported backends as the destination but
+will work with any backend as the source.
 
-NB that multi thread copies are disabled for local to local copies as
+NB that multi-thread copies are disabled for local to local copies as
 they are faster without unless --multi-thread-streams is set explicitly.
 
-NB on Windows using multi-thread downloads will cause the resulting
-files to be sparse. Use --local-no-sparse to disable sparse files (which
-may cause long delays at the start of downloads) or disable multi-thread
-downloads with --multi-thread-streams 0
+NB on Windows using multi-thread transfers to the local disk will cause
+the resulting files to be sparse. Use --local-no-sparse to disable
+sparse files (which may cause long delays at the start of transfers) or
+disable multi-thread transfers with --multi-thread-streams 0
 
 --multi-thread-streams=N
 
-When using multi thread downloads (see above --multi-thread-cutoff) this
-sets the maximum number of streams to use. Set to 0 to disable multi
-thread downloads (Default 4).
-
-Exactly how many streams rclone uses for the download depends on the
-size of the file. To calculate the number of download streams Rclone
-divides the size of the file by the --multi-thread-cutoff and rounds up,
-up to the maximum set with --multi-thread-streams.
+When using multi thread transfers (see above --multi-thread-cutoff) this
+sets the number of streams to use. Set to 0 to disable multi thread
+transfers (Default 4).
 
-So if --multi-thread-cutoff 250M and --multi-thread-streams 4 are in
-effect (the defaults):
-
--   0..250 MiB files will be downloaded with 1 stream
--   250..500 MiB files will be downloaded with 2 streams
--   500..750 MiB files will be downloaded with 3 streams
--   750+ MiB files will be downloaded with 4 streams
+If the backend has a --backend-upload-concurrency setting (eg
+--s3-upload-concurrency) then this setting will be used as the number of
+transfers instead if it is larger than the value of
+--multi-thread-streams or --multi-thread-streams isn't set.
 
 --no-check-dest
 
@@ -9730,6 +12691,15 @@ If you want perfect ordering then you will need to specify --check-first
 which will find all the files which need transferring first before
 transferring any.
 
+--partial-suffix
+
+When --inplace is not used, it causes rclone to use the --partial-suffix
+as suffix for temporary files.
+
+Suffix length limit is 16 characters.
+
+The default is .partial.
+
 --password-command SpaceSepList
 
 This flag supplies a program which should supply the config password
@@ -9743,9 +12713,9 @@ and double the ". See CSV encoding for more info.
 
 Eg
 
-    --password-command echo hello
-    --password-command echo "hello with space"
-    --password-command echo "hello with ""quotes"" and space"
+    --password-command "echo hello"
+    --password-command 'echo "hello with space"'
+    --password-command 'echo "hello with ""quotes"" and space"'
 
 See the Configuration Encryption for more info.
 
@@ -9949,6 +12919,12 @@ would be backed up to file.txt-2019-01-01 and with the flag it would be
 backed up to file-2019-01-01.txt. This can be helpful to make sure the
 suffixed files can still be opened.
 
+If a file has two (or more) extensions and the second (or subsequent)
+extension is recognised as a valid mime type, then the suffix will go
+before that extension. So file.tar.gz would be backed up to
+file-2019-01-01.tar.gz whereas file.badextension.gz would be backed up
+to file.badextension-2019-01-01.gz.
+
 --syslog
 
 On capable OSes (not Windows or Plan9) send all log output to syslog.
@@ -10104,35 +13080,55 @@ not deleting files as there were IO errors.
 --fast-list
 
 When doing anything which involves a directory listing (e.g. sync, copy,
-ls - in fact nearly every command), rclone normally lists a directory
-and processes it before using more directory lists to process any
-subdirectories. This can be parallelised and works very quickly using
-the least amount of memory.
-
-However, some remotes have a way of listing all files beneath a
-directory in one (or a small number) of transactions. These tend to be
-the bucket-based remotes (e.g. S3, B2, GCS, Swift).
-
-If you use the --fast-list flag then rclone will use this method for
-listing directories. This will have the following consequences for the
-listing:
-
--   It will use fewer transactions (important if you pay for them)
--   It will use more memory. Rclone has to load the whole listing into
-    memory.
--   It may be faster because it uses fewer transactions
--   It may be slower because it can't be parallelized
-
-rclone should always give identical results with and without
---fast-list.
-
-If you pay for transactions and can fit your entire sync listing into
-memory then --fast-list is recommended. If you have a very big sync to
-do then don't use --fast-list otherwise you will run out of memory.
-
-If you use --fast-list on a remote which doesn't support it, then rclone
+ls - in fact nearly every command), rclone has different strategies to
+choose from.
+
+The basic strategy is to list one directory and processes it before
+using more directory lists to process any subdirectories. This is a
+mandatory backend feature, called List, which means it is supported by
+all backends. This strategy uses small amount of memory, and because it
+can be parallelised it is fast for operations involving processing of
+the list results.
+
+Some backends provide the support for an alternative strategy, where all
+files beneath a directory can be listed in one (or a small number) of
+transactions. Rclone supports this alternative strategy through an
+optional backend feature called ListR. You can see in the storage system
+overview documentation's optional features section which backends it is
+enabled for (these tend to be the bucket-based ones, e.g. S3, B2, GCS,
+Swift). This strategy requires fewer transactions for highly recursive
+operations, which is important on backends where this is charged or
+heavily rate limited. It may be faster (due to fewer transactions) or
+slower (because it can't be parallelized) depending on different
+parameters, and may require more memory if rclone has to keep the whole
+listing in memory.
+
+Which listing strategy rclone picks for a given operation is
+complicated, but in general it tries to choose the best possible. It
+will prefer ListR in situations where it doesn't need to store the
+listed files in memory, e.g. for unlimited recursive ls command
+variants. In other situations it will prefer List, e.g. for sync and
+copy, where it needs to keep the listed files in memory, and is
+performing operations on them where parallelization may be a huge
+advantage.
+
+Rclone is not able to take all relevant parameters into account for
+deciding the best strategy, and therefore allows you to influence the
+choice in two ways: You can stop rclone from using ListR by disabling
+the feature, using the --disable option (--disable ListR), or you can
+allow rclone to use ListR where it would normally choose not to do so
+due to higher memory usage, using the --fast-list option. Rclone should
+always produce identical results either way. Using --disable ListR or
+--fast-list on a remote which doesn't support ListR does nothing, rclone
 will just ignore it.
 
+A rule of thumb is that if you pay for transactions and can fit your
+entire sync listing into memory, then --fast-list is recommended. If you
+have a very big sync to do, then don't use --fast-list, otherwise you
+will run out of memory. Run some tests and compare before you decide,
+and if in doubt then just leave the default, let rclone decide, i.e. not
+use --fast-list.
+
 --timeout=TIME
 
 This sets the IO idle timeout. If a transfer has started but then
@@ -10454,6 +13450,12 @@ to standard output.
 This dumps a list of the open files at the end of the command. It uses
 the lsof command to do that so you'll need that installed to use it.
 
+--dump mapper
+
+This shows the JSON blobs being sent to the program supplied with
+--metadata-mapper and received from it. It can be useful for debugging
+the metadata mapper interface.
+
 --memprofile=FILE
 
 Write memory profile to file. This can be analysed with go tool pprof.
@@ -10559,6 +13561,7 @@ List of exit codes
     suspended) (Fatal errors)
 -   8 - Transfer exceeded - limit set by --max-transfer reached
 -   9 - Operation successful, but no files transferred
+-   10 - Duration exceeded - limit set by --max-duration reached
 
 Environment Variables
 
@@ -10597,7 +13600,9 @@ for each backend.
 
 To find the name of the environment variable, you need to set, take
 RCLONE_CONFIG_ + name of remote + _ + name of config file option and
-make it all uppercase.
+make it all uppercase. Note one implication here is the remote's name
+must be convertible into a valid environment variable name, so it can
+only contain letters, digits, or the _ (underscore) character.
 
 For example, to configure an S3 remote named mys3: without a config file
 (using unix ways of setting environment variables):
@@ -10811,8 +13816,8 @@ E.g. rclone copy "remote:dir*.jpg" /path/to/dir does not have a filter
 effect. rclone copy remote:dir /path/to/dir --include "*.jpg" does.
 
 Important Avoid mixing any two of --include..., --exclude... or
---filter... flags in an rclone command. The results may not be what you
-expect. Instead use a --filter... flag.
+--filter... flags in an rclone command. The results might not be what
+you expect. Instead use a --filter... flag.
 
 Patterns for matching path/file names
 
@@ -10871,7 +13876,7 @@ beginning of the path/file.
                - doesn't match "afile.jpg"
                - doesn't match "directory/file.jpg"
 
-The top level of the remote may not be the top level of the drive.
+The top level of the remote might not be the top level of the drive.
 
 E.g. for a Microsoft Windows local directory structure
 
@@ -10950,7 +13955,7 @@ Which will match a directory called start with a file called end.jpg in
 it as the .* will match / characters.
 
 Note that you can use -vv --dump filters to show the filter patterns in
-regexp format - rclone implements the glob patters by transforming them
+regexp format - rclone implements the glob patterns by transforming them
 into regular expressions.
 
 Filter pattern examples
@@ -11151,7 +14156,7 @@ all files on remote: excluding those in root directory dir and sub
 directories.
 
 E.g. on Microsoft Windows rclone ls remote: --exclude "*\[{JP,KR,HK}\]*"
-lists the files in remote: with [JP] or [KR] or [HK] in their name.
+lists the files in remote: without [JP] or [KR] or [HK] in their name.
 Quotes prevent the shell from interpreting the \ characters.\ characters
 escape the [ and ] so an rclone filter treats them literally rather than
 as a character-range. The { and } define an rclone pattern list. For
@@ -11983,7 +14988,7 @@ you would pass this parameter in your JSON blob.
 
 If using rclone rc this could be passed as
 
-    rclone rc operations/sync ... _config='{"CheckSum": true}'
+    rclone rc sync/sync ... _config='{"CheckSum": true}'
 
 Any config parameters you don't set will inherit the global defaults
 which were set with command line flags or environment variables.
@@ -12249,7 +15254,7 @@ See the config dump command for more information on the above.
 
 Authentication is required for this call.
 
-config/listremotes: Lists the remotes in the config file.
+config/listremotes: Lists the remotes in the config file and defined in environment variables.
 
 Returns - remotes - array of remote names
 
@@ -12392,6 +15397,26 @@ Returns:
 
 Authentication is required for this call.
 
+core/du: Returns disk usage of a locally attached disk.
+
+This returns the disk usage for the local directory passed in as dir.
+
+If the directory is not passed in, it defaults to the directory pointed
+to by --cache-dir.
+
+-   dir - string (optional)
+
+Returns:
+
+    {
+        "dir": "/",
+        "info": {
+            "Available": 361769115648,
+            "Free": 361785892864,
+            "Total": 982141468672
+        }
+    }
+
 core/gc: Runs a garbage collection.
 
 This tells the go runtime to do a garbage collection run. It isn't
@@ -12469,6 +15494,10 @@ Returns the following values:
         "lastError": last error string,
         "renames" : number of files renamed,
         "retryError": boolean showing whether there has been at least one non-NoRetryError,
+            "serverSideCopies": number of server side copies done,
+            "serverSideCopyBytes": number bytes server side copied,
+            "serverSideMoves": number of server side moves done,
+            "serverSideMoveBytes": number bytes server side moved,
         "speed": average speed in bytes per second since start of the group,
         "totalBytes": total number of bytes in the group,
         "totalChecks": total number of checks in the group,
@@ -12680,7 +15709,8 @@ Parameters: None.
 
 Results:
 
--   jobids - array of integer job ids.
+-   executeId - string id of rclone executing (change after restart)
+-   jobids - array of integer job ids (starting at 1 on each restart)
 
 job/status: Reads the status of the job ID
 
@@ -12820,6 +15850,66 @@ See the about command for more information on the above.
 
 Authentication is required for this call.
 
+operations/check: check the source and destination are the same
+
+Checks the files in the source and destination match. It compares sizes
+and hashes and logs a report of files that don't match. It doesn't alter
+the source or destination.
+
+This takes the following parameters:
+
+-   srcFs - a remote name string e.g. "drive:" for the source, "/" for
+    local filesystem
+-   dstFs - a remote name string e.g. "drive2:" for the destination, "/"
+    for local filesystem
+-   download - check by downloading rather than with hash
+-   checkFileHash - treat checkFileFs:checkFileRemote as a SUM file with
+    hashes of given type
+-   checkFileFs - treat checkFileFs:checkFileRemote as a SUM file with
+    hashes of given type
+-   checkFileRemote - treat checkFileFs:checkFileRemote as a SUM file
+    with hashes of given type
+-   oneWay - check one way only, source files must exist on remote
+-   combined - make a combined report of changes (default false)
+-   missingOnSrc - report all files missing from the source (default
+    true)
+-   missingOnDst - report all files missing from the destination
+    (default true)
+-   match - report all matching files (default false)
+-   differ - report all non-matching files (default true)
+-   error - report all files with errors (hashing or reading) (default
+    true)
+
+If you supply the download flag, it will download the data from both
+remotes and check them against each other on the fly. This can be useful
+for remotes that don't support hashes or if you really want to check all
+the data.
+
+If you supply the size-only global flag, it will only compare the sizes
+not the hashes as well. Use this for a quick check.
+
+If you supply the checkFileHash option with a valid hash name, the
+checkFileFs:checkFileRemote must point to a text file in the SUM format.
+This treats the checksum file as the source and dstFs as the
+destination. Note that srcFs is not used and should not be supplied in
+this case.
+
+Returns:
+
+-   success - true if no error, false otherwise
+-   status - textual summary of check, OK or text string
+-   hashType - hash used in check, may be missing
+-   combined - array of strings of combined report of changes
+-   missingOnSrc - array of strings of all files missing from the source
+-   missingOnDst - array of strings of all files missing from the
+    destination
+-   match - array of strings of all matching files
+-   differ - array of strings of all non-matching files
+-   error - array of strings of all files with errors (hashing or
+    reading)
+
+Authentication is required for this call.
+
 operations/cleanup: Remove trashed files in the remote or path
 
 This takes the following parameters:
@@ -12834,9 +15924,11 @@ operations/copyfile: Copy a file from source remote to destination remote
 
 This takes the following parameters:
 
--   srcFs - a remote name string e.g. "drive:" for the source
+-   srcFs - a remote name string e.g. "drive:" for the source, "/" for
+    local filesystem
 -   srcRemote - a path within that remote e.g. "file.txt" for the source
--   dstFs - a remote name string e.g. "drive2:" for the destination
+-   dstFs - a remote name string e.g. "drive2:" for the destination, "/"
+    for local filesystem
 -   dstRemote - a path within that remote e.g. "file2.txt" for the
     destination
 
@@ -13033,9 +16125,11 @@ operations/movefile: Move a file from source remote to destination remote
 
 This takes the following parameters:
 
--   srcFs - a remote name string e.g. "drive:" for the source
+-   srcFs - a remote name string e.g. "drive:" for the source, "/" for
+    local filesystem
 -   srcRemote - a path within that remote e.g. "file.txt" for the source
--   dstFs - a remote name string e.g. "drive2:" for the destination
+-   dstFs - a remote name string e.g. "drive2:" for the destination, "/"
+    for local filesystem
 -   dstRemote - a path within that remote e.g. "file2.txt" for the
     destination
 
@@ -13093,6 +16187,27 @@ See the rmdirs command for more information on the above.
 
 Authentication is required for this call.
 
+operations/settier: Changes storage tier or class on all files in the path
+
+This takes the following parameters:
+
+-   fs - a remote name string e.g. "drive:"
+
+See the settier command for more information on the above.
+
+Authentication is required for this call.
+
+operations/settierfile: Changes storage tier or class on the single file pointed to
+
+This takes the following parameters:
+
+-   fs - a remote name string e.g. "drive:"
+-   remote - a path within that remote e.g. "dir"
+
+See the settierfile command for more information on the above.
+
+Authentication is required for this call.
+
 operations/size: Count the number of bytes and files in remote
 
 This takes the following parameters:
@@ -13336,12 +16451,17 @@ This takes the following parameters
 -   checkFilename - file name for checkAccess (default: RCLONE_TEST)
 -   maxDelete - abort sync if percentage of deleted files is above this
     threshold (default: 50)
--   force - maxDelete safety check and run the sync
+-   force - Bypass maxDelete safety check and run the sync
 -   checkSync - true by default, false disables comparison of final
     listings, only will skip sync, only compare listings from the last
     run
+-   createEmptySrcDirs - Sync creation and deletion of empty
+    directories. (Not compatible with --remove-empty-dirs)
 -   removeEmptyDirs - remove empty directories at the final cleanup step
 -   filtersFile - read filtering patterns from a file
+-   ignoreListingChecksum - Do not use checksums for listings
+-   resilient - Allow future runs to retry after certain less-serious
+    errors, instead of requiring resync. Use at your own risk!
 -   workdir - server directory for history files (default:
     /home/ncw/.cache/rclone/bisync)
 -   noCleanup - retain working files
@@ -13705,52 +16825,55 @@ Features
 
 Here is an overview of the major features of each cloud storage system.
 
-  Name                                  Hash         ModTime   Case Insensitive   Duplicate Files   MIME Type   Metadata
-  ------------------------------ ------------------ --------- ------------------ ----------------- ----------- ----------
-  1Fichier                           Whirlpool          -             No                Yes             R          -
-  Akamai Netstorage                 MD5, SHA256        R/W            No                No              R          -
-  Amazon Drive                          MD5             -            Yes                No              R          -
-  Amazon S3 (or S3 compatible)          MD5            R/W            No                No             R/W        RWU
-  Backblaze B2                          SHA1           R/W            No                No             R/W         -
-  Box                                   SHA1           R/W           Yes                No              -          -
-  Citrix ShareFile                      MD5            R/W           Yes                No              -          -
-  Dropbox                             DBHASH ¹          R            Yes                No              -          -
-  Enterprise File Fabric                 -             R/W           Yes                No             R/W         -
-  FTP                                    -           R/W ¹⁰           No                No              -          -
-  Google Cloud Storage                  MD5            R/W            No                No             R/W         -
-  Google Drive                          MD5            R/W            No                Yes            R/W         -
-  Google Photos                          -              -             No                Yes             R          -
-  HDFS                                   -             R/W            No                No              -          -
-  HiDrive                            HiDrive ¹²        R/W            No                No              -          -
-  HTTP                                   -              R             No                No              R          -
-  Internet Archive                MD5, SHA1, CRC32   R/W ¹¹           No                No              -         RWU
-  Jottacloud                            MD5            R/W           Yes                No              R          -
-  Koofr                                 MD5             -            Yes                No              -          -
-  Mail.ru Cloud                       Mailru ⁶         R/W           Yes                No              -          -
-  Mega                                   -              -             No                Yes             -          -
-  Memory                                MD5            R/W            No                No              -          -
-  Microsoft Azure Blob Storage          MD5            R/W            No                No             R/W         -
-  Microsoft OneDrive               QuickXorHash ⁵      R/W           Yes                No              R          -
-  OpenDrive                             MD5            R/W           Yes             Partial ⁸          -          -
-  OpenStack Swift                       MD5            R/W            No                No             R/W         -
-  Oracle Object Storage                 MD5            R/W            No                No             R/W         -
-  pCloud                            MD5, SHA1 ⁷         R             No                No              W          -
-  premiumize.me                          -              -            Yes                No              R          -
-  put.io                               CRC-32          R/W            No                Yes             R          -
-  QingStor                              MD5            - ⁹            No                No             R/W         -
-  Seafile                                -              -             No                No              -          -
-  SFTP                              MD5, SHA1 ²        R/W         Depends              No              -          -
-  Sia                                    -              -             No                No              -          -
-  SMB                                    -              -            Yes                No              -          -
-  SugarSync                              -              -             No                No              -          -
-  Storj                                  -              R             No                No              -          -
-  Uptobox                                -              -             No                Yes             -          -
-  WebDAV                            MD5, SHA1 ³        R ⁴         Depends              No              -          -
-  Yandex Disk                           MD5            R/W            No                No              R          -
-  Zoho WorkDrive                         -              -             No                No              -          -
-  The local filesystem                  All            R/W         Depends              No              -         RWU
-
-Notes
+  Name                                   Hash          ModTime   Case Insensitive   Duplicate Files   MIME Type   Metadata
+  ------------------------------- ------------------- --------- ------------------ ----------------- ----------- ----------
+  1Fichier                             Whirlpool          -             No                Yes             R          -
+  Akamai Netstorage                   MD5, SHA256        R/W            No                No              R          -
+  Amazon Drive                            MD5             -            Yes                No              R          -
+  Amazon S3 (or S3 compatible)            MD5            R/W            No                No             R/W        RWU
+  Backblaze B2                           SHA1            R/W            No                No             R/W         -
+  Box                                    SHA1            R/W           Yes                No              -          -
+  Citrix ShareFile                        MD5            R/W           Yes                No              -          -
+  Dropbox                              DBHASH ¹           R            Yes                No              -          -
+  Enterprise File Fabric                   -             R/W           Yes                No             R/W         -
+  FTP                                      -           R/W ¹⁰           No                No              -          -
+  Google Cloud Storage                    MD5            R/W            No                No             R/W         -
+  Google Drive                     MD5, SHA1, SHA256     R/W            No                Yes            R/W         -
+  Google Photos                            -              -             No                Yes             R          -
+  HDFS                                     -             R/W            No                No              -          -
+  HiDrive                             HiDrive ¹²         R/W            No                No              -          -
+  HTTP                                     -              R             No                No              R          -
+  Internet Archive                 MD5, SHA1, CRC32    R/W ¹¹           No                No              -         RWU
+  Jottacloud                              MD5            R/W           Yes                No              R          RW
+  Koofr                                   MD5             -            Yes                No              -          -
+  Linkbox                                  -              R             No                No              -          -
+  Mail.ru Cloud                        Mailru ⁶          R/W           Yes                No              -          -
+  Mega                                     -              -             No                Yes             -          -
+  Memory                                  MD5            R/W            No                No              -          -
+  Microsoft Azure Blob Storage            MD5            R/W            No                No             R/W         -
+  Microsoft Azure Files Storage           MD5            R/W           Yes                No             R/W         -
+  Microsoft OneDrive                QuickXorHash ⁵       R/W           Yes                No              R          -
+  OpenDrive                               MD5            R/W           Yes             Partial ⁸          -          -
+  OpenStack Swift                         MD5            R/W            No                No             R/W         -
+  Oracle Object Storage                   MD5            R/W            No                No             R/W         -
+  pCloud                              MD5, SHA1 ⁷         R             No                No              W          -
+  PikPak                                  MD5             R             No                No              R          -
+  premiumize.me                            -              -            Yes                No              R          -
+  put.io                                CRC-32           R/W            No                Yes             R          -
+  Proton Drive                           SHA1            R/W            No                No              R          -
+  QingStor                                MD5            - ⁹            No                No             R/W         -
+  Quatrix by Maytech                       -             R/W            No                No              -          -
+  Seafile                                  -              -             No                No              -          -
+  SFTP                                MD5, SHA1 ²        R/W         Depends              No              -          -
+  Sia                                      -              -             No                No              -          -
+  SMB                                      -             R/W           Yes                No              -          -
+  SugarSync                                -              -             No                No              -          -
+  Storj                                    -              R             No                No              -          -
+  Uptobox                                  -              -             No                Yes             -          -
+  WebDAV                              MD5, SHA1 ³        R ⁴         Depends              No              -          -
+  Yandex Disk                             MD5            R/W            No                No              R          -
+  Zoho WorkDrive                           -              -             No                No              -          -
+  The local filesystem                    All            R/W         Depends              No              -         RWU
 
 ¹ Dropbox supports its own custom hash. This is an SHA256 sum of all the
 4 MiB block SHA256s.
@@ -13758,9 +16881,11 @@ Notes
 ² SFTP supports checksums if the same login has shell access and md5sum
 or sha1sum as well as echo are in the remote's PATH.
 
-³ WebDAV supports hashes when used with Owncloud and Nextcloud only.
+³ WebDAV supports hashes when used with Fastmail Files, Owncloud and
+Nextcloud only.
 
-⁴ WebDAV supports modtimes when used with Owncloud and Nextcloud only.
+⁴ WebDAV supports modtimes when used with Fastmail Files, Owncloud and
+Nextcloud only.
 
 ⁵ QuickXorHash is Microsoft's own hash.
 
@@ -14186,64 +17311,131 @@ Optional Features
 All rclone remotes support a base command set. Other features depend
 upon backend-specific capabilities.
 
-  Name                            Purge   Copy   Move   DirMove   CleanUp   ListR   StreamUpload   LinkSharing   About   EmptyDir
-  ------------------------------ ------- ------ ------ --------- --------- ------- -------------- ------------- ------- ----------
-  1Fichier                         No     Yes    Yes      No        No       No          No            Yes        No       Yes
-  Akamai Netstorage                Yes     No     No      No        No       Yes        Yes            No         No       Yes
-  Amazon Drive                     Yes     No    Yes      Yes       No       No          No            No         No       Yes
-  Amazon S3 (or S3 compatible)     No     Yes     No      No        Yes      Yes        Yes            Yes        No        No
-  Backblaze B2                     No     Yes     No      No        Yes      Yes        Yes            Yes        No        No
-  Box                              Yes    Yes    Yes      Yes     Yes ‡‡     No         Yes            Yes        Yes      Yes
-  Citrix ShareFile                 Yes    Yes    Yes      Yes       No       No         Yes            No         No       Yes
-  Dropbox                          Yes    Yes    Yes      Yes       No       No         Yes            Yes        Yes      Yes
-  Enterprise File Fabric           Yes    Yes    Yes      Yes       Yes      No          No            No         No       Yes
-  FTP                              No      No    Yes      Yes       No       No         Yes            No         No       Yes
-  Google Cloud Storage             Yes    Yes     No      No        No       Yes        Yes            No         No        No
-  Google Drive                     Yes    Yes    Yes      Yes       Yes      Yes        Yes            Yes        Yes      Yes
-  Google Photos                    No      No     No      No        No       No          No            No         No        No
-  HDFS                             Yes     No    Yes      Yes       No       No         Yes            No         Yes      Yes
-  HiDrive                          Yes    Yes    Yes      Yes       No       No         Yes            No         No       Yes
-  HTTP                             No      No     No      No        No       No          No            No         No       Yes
-  Internet Archive                 No     Yes     No      No        Yes      Yes         No            Yes        Yes       No
-  Jottacloud                       Yes    Yes    Yes      Yes       Yes      Yes         No            Yes        Yes      Yes
-  Koofr                            Yes    Yes    Yes      Yes       No       No         Yes            Yes        Yes      Yes
-  Mail.ru Cloud                    Yes    Yes    Yes      Yes       Yes      No          No            Yes        Yes      Yes
-  Mega                             Yes     No    Yes      Yes       Yes      No          No            Yes        Yes      Yes
-  Memory                           No     Yes     No      No        No       Yes        Yes            No         No        No
-  Microsoft Azure Blob Storage     Yes    Yes     No      No        No       Yes        Yes            No         No        No
-  Microsoft OneDrive               Yes    Yes    Yes      Yes       Yes      No          No            Yes        Yes      Yes
-  OpenDrive                        Yes    Yes    Yes      Yes       No       No          No            No         No       Yes
-  OpenStack Swift                 Yes †   Yes     No      No        No       Yes        Yes            No         Yes       No
-  Oracle Object Storage            No     Yes     No      No        Yes      Yes        Yes            No         No        No
-  pCloud                           Yes    Yes    Yes      Yes       Yes      No          No            Yes        Yes      Yes
-  premiumize.me                    Yes     No    Yes      Yes       No       No          No            Yes        Yes      Yes
-  put.io                           Yes     No    Yes      Yes       Yes      No         Yes            No         Yes      Yes
-  QingStor                         No     Yes     No      No        Yes      Yes         No            No         No        No
-  Seafile                          Yes    Yes    Yes      Yes       Yes      Yes        Yes            Yes        Yes      Yes
-  SFTP                             No      No    Yes      Yes       No       No         Yes            No         Yes      Yes
-  Sia                              No      No     No      No        No       No         Yes            No         No       Yes
-  SMB                              No      No    Yes      Yes       No       No         Yes            No         No       Yes
-  SugarSync                        Yes    Yes    Yes      Yes       No       No         Yes            Yes        No       Yes
-  Storj                           Yes ☨   Yes    Yes      No        No       Yes        Yes            Yes        No        No
-  Uptobox                          No     Yes    Yes      Yes       No       No          No            No         No        No
-  WebDAV                           Yes    Yes    Yes      Yes       No       No        Yes ‡           No         Yes      Yes
-  Yandex Disk                      Yes    Yes    Yes      Yes       Yes      No         Yes            Yes        Yes      Yes
-  Zoho WorkDrive                   Yes    Yes    Yes      Yes       No       No          No            No         Yes      Yes
-  The local filesystem             Yes     No    Yes      Yes       No       No         Yes            No         Yes      Yes
+  -------------------------------------------------------------------------------------------------------------------------------------
+  Name             Purge   Copy   Move   DirMove   CleanUp   ListR   StreamUpload  MultithreadUpload    LinkSharing   About   EmptyDir
+  --------------- ------- ------ ------ --------- --------- ------- -------------- ------------------- ------------- ------- ----------
+  1Fichier          No     Yes    Yes      No        No       No          No       No                       Yes        No       Yes
 
-Purge
+  Akamai            Yes     No     No      No        No       Yes        Yes       No                       No         No       Yes
+  Netstorage                                                                                                                 
 
-This deletes a directory quicker than just deleting all the files in the
-directory.
+  Amazon Drive      Yes     No    Yes      Yes       No       No          No       No                       No         No       Yes
+
+  Amazon S3 (or     No     Yes     No      No        Yes      Yes        Yes       Yes                      Yes        No        No
+  S3 compatible)                                                                                                             
+
+  Backblaze B2      No     Yes     No      No        Yes      Yes        Yes       Yes                      Yes        No        No
+
+  Box               Yes    Yes    Yes      Yes       Yes      No         Yes       No                       Yes        Yes      Yes
+
+  Citrix            Yes    Yes    Yes      Yes       No       No          No       No                       No         No       Yes
+  ShareFile                                                                                                                  
+
+  Dropbox           Yes    Yes    Yes      Yes       No       No         Yes       No                       Yes        Yes      Yes
+
+  Enterprise File   Yes    Yes    Yes      Yes       Yes      No          No       No                       No         No       Yes
+  Fabric                                                                                                                     
+
+  FTP               No      No    Yes      Yes       No       No         Yes       No                       No         No       Yes
+
+  Google Cloud      Yes    Yes     No      No        No       Yes        Yes       No                       No         No        No
+  Storage                                                                                                                    
+
+  Google Drive      Yes    Yes    Yes      Yes       Yes      Yes        Yes       No                       Yes        Yes      Yes
+
+  Google Photos     No      No     No      No        No       No          No       No                       No         No        No
+
+  HDFS              Yes     No    Yes      Yes       No       No         Yes       No                       No         Yes      Yes
+
+  HiDrive           Yes    Yes    Yes      Yes       No       No         Yes       No                       No         No       Yes
+
+  HTTP              No      No     No      No        No       No          No       No                       No         No       Yes
+
+  Internet          No     Yes     No      No        Yes      Yes         No       No                       Yes        Yes       No
+  Archive                                                                                                                    
+
+  Jottacloud        Yes    Yes    Yes      Yes       Yes      Yes         No       No                       Yes        Yes      Yes
+
+  Koofr             Yes    Yes    Yes      Yes       No       No         Yes       No                       Yes        Yes      Yes
+
+  Mail.ru Cloud     Yes    Yes    Yes      Yes       Yes      No          No       No                       Yes        Yes      Yes
 
-† Note Swift implements this in order to delete directory markers but
-they don't actually have a quicker way of deleting files other than
+  Mega              Yes     No    Yes      Yes       Yes      No          No       No                       Yes        Yes      Yes
+
+  Memory            No     Yes     No      No        No       Yes        Yes       No                       No         No        No
+
+  Microsoft Azure   Yes    Yes     No      No        No       Yes        Yes       Yes                      No         No        No
+  Blob Storage                                                                                                               
+
+  Microsoft Azure   No     Yes    Yes      Yes       No       No         Yes       Yes                      No         Yes      Yes
+  Files Storage                                                                                                              
+
+  Microsoft         Yes    Yes    Yes      Yes       Yes     Yes ⁵        No       No                       Yes        Yes      Yes
+  OneDrive                                                                                                                   
+
+  OpenDrive         Yes    Yes    Yes      Yes       No       No          No       No                       No         No       Yes
+
+  OpenStack Swift  Yes ¹   Yes     No      No        No       Yes        Yes       No                       No         Yes       No
+
+  Oracle Object     No     Yes     No      No        Yes      Yes        Yes       Yes                      No         No        No
+  Storage                                                                                                                    
+
+  pCloud            Yes    Yes    Yes      Yes       Yes      No          No       No                       Yes        Yes      Yes
+
+  PikPak            Yes    Yes    Yes      Yes       Yes      No          No       No                       Yes        Yes      Yes
+
+  premiumize.me     Yes     No    Yes      Yes       No       No          No       No                       Yes        Yes      Yes
+
+  put.io            Yes     No    Yes      Yes       Yes      No         Yes       No                       No         Yes      Yes
+
+  Proton Drive      Yes     No    Yes      Yes       Yes      No          No       No                       No         Yes      Yes
+
+  QingStor          No     Yes     No      No        Yes      Yes         No       No                       No         No        No
+
+  Quatrix by        Yes    Yes    Yes      Yes       No       No          No       No                       No         Yes      Yes
+  Maytech                                                                                                                    
+
+  Seafile           Yes    Yes    Yes      Yes       Yes      Yes        Yes       No                       Yes        Yes      Yes
+
+  SFTP              No    Yes ⁴   Yes      Yes       No       No         Yes       No                       No         Yes      Yes
+
+  Sia               No      No     No      No        No       No         Yes       No                       No         No       Yes
+
+  SMB               No      No    Yes      Yes       No       No         Yes       Yes                      No         No       Yes
+
+  SugarSync         Yes    Yes    Yes      Yes       No       No         Yes       No                       Yes        No       Yes
+
+  Storj            Yes ²   Yes    Yes      No        No       Yes        Yes       No                       Yes        No        No
+
+  Uptobox           No     Yes    Yes      Yes       No       No          No       No                       No         No        No
+
+  WebDAV            Yes    Yes    Yes      Yes       No       No        Yes ³      No                       No         Yes      Yes
+
+  Yandex Disk       Yes    Yes    Yes      Yes       Yes      No         Yes       No                       Yes        Yes      Yes
+
+  Zoho WorkDrive    Yes    Yes    Yes      Yes       No       No          No       No                       No         Yes      Yes
+
+  The local         Yes     No    Yes      Yes       No       No         Yes       Yes                      No         Yes      Yes
+  filesystem                                                                                                                 
+  -------------------------------------------------------------------------------------------------------------------------------------
+
+¹ Note Swift implements this in order to delete directory markers but it
+doesn't actually have a quicker way of deleting files other than
 deleting them individually.
 
-☨ Storj implements this efficiently only for entire buckets. If purging
+² Storj implements this efficiently only for entire buckets. If purging
 a directory inside a bucket, files are deleted individually.
 
-‡ StreamUpload is not supported with Nextcloud
+³ StreamUpload is not supported with Nextcloud
+
+⁴ Use the --sftp-copy-is-hardlink flag to enable.
+
+⁵ Use the --onedrive-delta flag to enable.
+
+Purge
+
+This deletes a directory quicker than just deleting all the files in the
+directory.
 
 Copy
 
@@ -14292,6 +17484,12 @@ Some remotes allow files to be uploaded without knowing the file size in
 advance. This allows certain operations to work without spooling the
 file to local disk first, e.g. rclone rcat.
 
+MultithreadUpload
+
+Some remotes allow transfers to the remote to be sent as chunks in
+parallel. If this is supported then rclone will use multi-thread copying
+to transfer files much faster.
+
 LinkSharing
 
 Sets the necessary permissions on a file or folder and prints a link
@@ -14319,726 +17517,918 @@ Object/Bucket-based remotes do not support this.
 Global Flags
 
 This describes the global flags available to every rclone command split
-into two groups, non backend and backend flags.
-
-Non Backend Flags
-
-These flags are available for every command.
-
-          --ask-password                         Allow prompt for password for encrypted configuration (default true)
-          --auto-confirm                         If enabled, do not request console confirmation
-          --backup-dir string                    Make backups into hierarchy based in DIR
-          --bind string                          Local address to bind to for outgoing connections, IPv4, IPv6 or name
-          --buffer-size SizeSuffix               In memory buffer size when reading files for each --transfer (default 16Mi)
-          --bwlimit BwTimetable                  Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-          --bwlimit-file BwTimetable             Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-          --ca-cert stringArray                  CA certificate used to verify servers
-          --cache-dir string                     Directory rclone will use for caching (default "$HOME/.cache/rclone")
-          --check-first                          Do all the checks before starting transfers
-          --checkers int                         Number of checkers to run in parallel (default 8)
-      -c, --checksum                             Skip based on checksum (if available) & size, not mod-time & size
-          --client-cert string                   Client SSL certificate (PEM) for mutual TLS auth
-          --client-key string                    Client SSL private key (PEM) for mutual TLS auth
-          --color string                         When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default "AUTO")
-          --compare-dest stringArray             Include additional comma separated server-side paths during comparison
-          --config string                        Config file (default "$HOME/.config/rclone/rclone.conf")
-          --contimeout Duration                  Connect timeout (default 1m0s)
-          --copy-dest stringArray                Implies --compare-dest but also copies files from paths into destination
-          --cpuprofile string                    Write cpu profile to file
-          --cutoff-mode string                   Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default "HARD")
-          --delete-after                         When synchronizing, delete files on destination after transferring (default)
-          --delete-before                        When synchronizing, delete files on destination before transferring
-          --delete-during                        When synchronizing, delete files during transfer
-          --delete-excluded                      Delete files on dest excluded from sync
-          --disable string                       Disable a comma separated list of features (use --disable help to see a list)
-          --disable-http-keep-alives             Disable HTTP keep-alives and use each connection once.
-          --disable-http2                        Disable HTTP/2 in the global transport
-      -n, --dry-run                              Do a trial run with no permanent changes
-          --dscp string                          Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
-          --dump DumpFlags                       List of items to dump from: headers,bodies,requests,responses,auth,filters,goroutines,openfiles
-          --dump-bodies                          Dump HTTP headers and bodies - may contain sensitive info
-          --dump-headers                         Dump HTTP headers - may contain sensitive info
-          --error-on-no-transfer                 Sets exit code 9 if no files are transferred, useful in scripts
-          --exclude stringArray                  Exclude files matching pattern
-          --exclude-from stringArray             Read file exclude patterns from file (use - to read from stdin)
-          --exclude-if-present stringArray       Exclude directories if filename is present
-          --expect-continue-timeout Duration     Timeout when using expect / 100-continue in HTTP (default 1s)
-          --fast-list                            Use recursive list if available; uses more memory but fewer transactions
-          --files-from stringArray               Read list of source-file names from file (use - to read from stdin)
-          --files-from-raw stringArray           Read list of source-file names from file without any processing of lines (use - to read from stdin)
-      -f, --filter stringArray                   Add a file filtering rule
-          --filter-from stringArray              Read file filtering patterns from a file (use - to read from stdin)
-          --fs-cache-expire-duration Duration    Cache remotes for this long (0 to disable caching) (default 5m0s)
-          --fs-cache-expire-interval Duration    Interval to check for expired remotes (default 1m0s)
-          --header stringArray                   Set HTTP header for all transactions
-          --header-download stringArray          Set HTTP header for download transactions
-          --header-upload stringArray            Set HTTP header for upload transactions
-          --human-readable                       Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
-          --ignore-case                          Ignore case in filters (case insensitive)
-          --ignore-case-sync                     Ignore case when synchronizing
-          --ignore-checksum                      Skip post copy check of checksums
-          --ignore-errors                        Delete even if there are I/O errors
-          --ignore-existing                      Skip all files that exist on destination
-          --ignore-size                          Ignore size when skipping use mod-time or checksum
-      -I, --ignore-times                         Don't skip files that match size and time - transfer all files
-          --immutable                            Do not modify files, fail if existing files have been modified
-          --include stringArray                  Include files matching pattern
-          --include-from stringArray             Read file include patterns from file (use - to read from stdin)
-      -i, --interactive                          Enable interactive mode
-          --kv-lock-time Duration                Maximum time to keep key-value database locked by process (default 1s)
-          --log-file string                      Log everything to this file
-          --log-format string                    Comma separated list of log format options (default "date,time")
-          --log-level string                     Log level DEBUG|INFO|NOTICE|ERROR (default "NOTICE")
-          --log-systemd                          Activate systemd integration for the logger
-          --low-level-retries int                Number of low level retries to do (default 10)
-          --max-age Duration                     Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-          --max-backlog int                      Maximum number of objects in sync or check backlog (default 10000)
-          --max-delete int                       When synchronizing, limit the number of deletes (default -1)
-          --max-delete-size SizeSuffix           When synchronizing, limit the total size of deletes (default off)
-          --max-depth int                        If set limits the recursion depth to this (default -1)
-          --max-duration Duration                Maximum duration rclone will transfer data for (default 0s)
-          --max-size SizeSuffix                  Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
-          --max-stats-groups int                 Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
-          --max-transfer SizeSuffix              Maximum size of data to transfer (default off)
-          --memprofile string                    Write memory profile to file
-      -M, --metadata                             If set, preserve metadata when copying objects
-          --metadata-exclude stringArray         Exclude metadatas matching pattern
-          --metadata-exclude-from stringArray    Read metadata exclude patterns from file (use - to read from stdin)
-          --metadata-filter stringArray          Add a metadata filtering rule
-          --metadata-filter-from stringArray     Read metadata filtering patterns from a file (use - to read from stdin)
-          --metadata-include stringArray         Include metadatas matching pattern
-          --metadata-include-from stringArray    Read metadata include patterns from file (use - to read from stdin)
-          --metadata-set stringArray             Add metadata key=value when uploading
-          --min-age Duration                     Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-          --min-size SizeSuffix                  Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
-          --modify-window Duration               Max time diff to be considered the same (default 1ns)
-          --multi-thread-cutoff SizeSuffix       Use multi-thread downloads for files above this size (default 250Mi)
-          --multi-thread-streams int             Max number of streams to use for multi-thread downloads (default 4)
-          --no-check-certificate                 Do not verify the server SSL certificate (insecure)
-          --no-check-dest                        Don't check the destination, copy regardless
-          --no-console                           Hide console window (supported on Windows only)
-          --no-gzip-encoding                     Don't set Accept-Encoding: gzip
-          --no-traverse                          Don't traverse destination file system on copy
-          --no-unicode-normalization             Don't normalize unicode characters in filenames
-          --no-update-modtime                    Don't update destination mod-time if files identical
-          --order-by string                      Instructions on how to order the transfers, e.g. 'size,descending'
-          --password-command SpaceSepList        Command for supplying password for encrypted configuration
-      -P, --progress                             Show progress during transfer
-          --progress-terminal-title              Show progress on the terminal title (requires -P/--progress)
-      -q, --quiet                                Print as little stuff as possible
-          --rc                                   Enable the remote control server
-          --rc-addr stringArray                  IPaddress:Port or :Port to bind server to (default [localhost:5572])
-          --rc-allow-origin string               Set the allowed origin for CORS
-          --rc-baseurl string                    Prefix for URLs - leave blank for root
-          --rc-cert string                       TLS PEM key (concatenation of certificate and CA certificate)
-          --rc-client-ca string                  Client certificate authority to verify clients with
-          --rc-enable-metrics                    Enable prometheus metrics on /metrics
-          --rc-files string                      Path to local files to serve on the HTTP server
-          --rc-htpasswd string                   A htpasswd file - if not provided no authentication is done
-          --rc-job-expire-duration Duration      Expire finished async jobs older than this value (default 1m0s)
-          --rc-job-expire-interval Duration      Interval to check for expired async jobs (default 10s)
-          --rc-key string                        TLS PEM Private key
-          --rc-max-header-bytes int              Maximum size of request header (default 4096)
-          --rc-min-tls-version string            Minimum TLS version that is acceptable (default "tls1.0")
-          --rc-no-auth                           Don't require auth for certain methods
-          --rc-pass string                       Password for authentication
-          --rc-realm string                      Realm for authentication
-          --rc-salt string                       Password hashing salt (default "dlPL2MqE")
-          --rc-serve                             Enable the serving of remote objects
-          --rc-server-read-timeout Duration      Timeout for server reading data (default 1h0m0s)
-          --rc-server-write-timeout Duration     Timeout for server writing data (default 1h0m0s)
-          --rc-template string                   User-specified template
-          --rc-user string                       User name for authentication
-          --rc-web-fetch-url string              URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
-          --rc-web-gui                           Launch WebGUI on localhost
-          --rc-web-gui-force-update              Force update to latest version of web gui
-          --rc-web-gui-no-open-browser           Don't open the browser automatically
-          --rc-web-gui-update                    Check and update to latest version of web gui
-          --refresh-times                        Refresh the modtime of remote files
-          --retries int                          Retry operations this many times if they fail (default 3)
-          --retries-sleep Duration               Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
-          --server-side-across-configs           Allow server-side operations (e.g. copy) to work across different configs
-          --size-only                            Skip based on size only, not mod-time or checksum
-          --stats Duration                       Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
-          --stats-file-name-length int           Max file name length in stats (0 for no limit) (default 45)
-          --stats-log-level string               Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default "INFO")
-          --stats-one-line                       Make the stats fit on one line
-          --stats-one-line-date                  Enable --stats-one-line and add current date/time prefix
-          --stats-one-line-date-format string    Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes ("), see https://golang.org/pkg/time/#Time.Format
-          --stats-unit string                    Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
-          --streaming-upload-cutoff SizeSuffix   Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
-          --suffix string                        Suffix to add to changed files
-          --suffix-keep-extension                Preserve the extension when using --suffix
-          --syslog                               Use Syslog for logging
-          --syslog-facility string               Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
-          --temp-dir string                      Directory rclone will use for temporary files (default "/tmp")
-          --timeout Duration                     IO idle timeout (default 5m0s)
-          --tpslimit float                       Limit HTTP transactions per second to this
-          --tpslimit-burst int                   Max burst of transactions for --tpslimit (default 1)
-          --track-renames                        When synchronizing, track file renames and do a server-side move if possible
-          --track-renames-strategy string        Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
-          --transfers int                        Number of file transfers to run in parallel (default 4)
-      -u, --update                               Skip files that are newer on the destination
-          --use-cookies                          Enable session cookiejar
-          --use-json-log                         Use json log format
-          --use-mmap                             Use mmap allocator (see docs)
-          --use-server-modtime                   Use server modified time instead of object metadata
-          --user-agent string                    Set the user-agent to a specified string (default "rclone/v1.62.0")
-      -v, --verbose count                        Print lots more stuff (repeat for more)
-
-Backend Flags
-
-These flags are available for every command. They control the backends
-and may be set in the config file.
-
-          --acd-auth-url string                            Auth server URL
-          --acd-client-id string                           OAuth Client Id
-          --acd-client-secret string                       OAuth Client Secret
-          --acd-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-          --acd-templink-threshold SizeSuffix              Files >= this size will be downloaded via their tempLink (default 9Gi)
-          --acd-token string                               OAuth Access Token as a JSON blob
-          --acd-token-url string                           Token server url
-          --acd-upload-wait-per-gb Duration                Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
-          --alias-remote string                            Remote or path to alias
-          --azureblob-access-tier string                   Access tier of blob: hot, cool or archive
-          --azureblob-account string                       Azure Storage Account Name
-          --azureblob-archive-tier-delete                  Delete archive tier blobs before overwriting
-          --azureblob-chunk-size SizeSuffix                Upload chunk size (default 4Mi)
-          --azureblob-client-certificate-password string   Password for the certificate file (optional) (obscured)
-          --azureblob-client-certificate-path string       Path to a PEM or PKCS12 certificate file including the private key
-          --azureblob-client-id string                     The ID of the client in use
-          --azureblob-client-secret string                 One of the service principal's client secrets
-          --azureblob-client-send-certificate-chain        Send the certificate chain when using certificate auth
-          --azureblob-disable-checksum                     Don't store MD5 checksum with object metadata
-          --azureblob-encoding MultiEncoder                The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
-          --azureblob-endpoint string                      Endpoint for the service
-          --azureblob-env-auth                             Read credentials from runtime (environment variables, CLI or MSI)
-          --azureblob-key string                           Storage Account Shared Key
-          --azureblob-list-chunk int                       Size of blob list (default 5000)
-          --azureblob-memory-pool-flush-time Duration      How often internal memory buffer pools will be flushed (default 1m0s)
-          --azureblob-memory-pool-use-mmap                 Whether to use mmap buffers in internal memory pool
-          --azureblob-msi-client-id string                 Object ID of the user-assigned MSI to use, if any
-          --azureblob-msi-mi-res-id string                 Azure resource ID of the user-assigned MSI to use, if any
-          --azureblob-msi-object-id string                 Object ID of the user-assigned MSI to use, if any
-          --azureblob-no-check-container                   If set, don't attempt to check the container exists or create it
-          --azureblob-no-head-object                       If set, do not do HEAD before GET when getting objects
-          --azureblob-password string                      The user's password (obscured)
-          --azureblob-public-access string                 Public access level of a container: blob or container
-          --azureblob-sas-url string                       SAS URL for container level access only
-          --azureblob-service-principal-file string        Path to file containing credentials for use with a service principal
-          --azureblob-tenant string                        ID of the service principal's tenant. Also called its directory ID
-          --azureblob-upload-concurrency int               Concurrency for multipart uploads (default 16)
-          --azureblob-upload-cutoff string                 Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
-          --azureblob-use-emulator                         Uses local storage emulator if provided as 'true'
-          --azureblob-use-msi                              Use a managed service identity to authenticate (only works in Azure)
-          --azureblob-username string                      User name (usually an email address)
-          --b2-account string                              Account ID or Application Key ID
-          --b2-chunk-size SizeSuffix                       Upload chunk size (default 96Mi)
-          --b2-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4Gi)
-          --b2-disable-checksum                            Disable checksums for large (> upload cutoff) files
-          --b2-download-auth-duration Duration             Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
-          --b2-download-url string                         Custom endpoint for downloads
-          --b2-encoding MultiEncoder                       The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-          --b2-endpoint string                             Endpoint for the service
-          --b2-hard-delete                                 Permanently delete files on remote removal, otherwise hide files
-          --b2-key string                                  Application Key
-          --b2-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-          --b2-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-          --b2-test-mode string                            A flag string for X-Bz-Test-Mode header for debugging
-          --b2-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-          --b2-version-at Time                             Show file versions as they were at the specified time (default off)
-          --b2-versions                                    Include old versions in directory listings
-          --box-access-token string                        Box App Primary Access Token
-          --box-auth-url string                            Auth server URL
-          --box-box-config-file string                     Box App config.json location
-          --box-box-sub-type string                         (default "user")
-          --box-client-id string                           OAuth Client Id
-          --box-client-secret string                       OAuth Client Secret
-          --box-commit-retries int                         Max number of times to try committing a multipart file (default 100)
-          --box-encoding MultiEncoder                      The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
-          --box-list-chunk int                             Size of listing chunk 1-1000 (default 1000)
-          --box-owned-by string                            Only show items owned by the login (email address) passed in
-          --box-root-folder-id string                      Fill in for rclone to use a non root folder as its starting point
-          --box-token string                               OAuth Access Token as a JSON blob
-          --box-token-url string                           Token server url
-          --box-upload-cutoff SizeSuffix                   Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
-          --cache-chunk-clean-interval Duration            How often should the cache perform cleanups of the chunk storage (default 1m0s)
-          --cache-chunk-no-memory                          Disable the in-memory cache for storing chunks during streaming
-          --cache-chunk-path string                        Directory to cache chunk files (default "$HOME/.cache/rclone/cache-backend")
-          --cache-chunk-size SizeSuffix                    The size of a chunk (partial file data) (default 5Mi)
-          --cache-chunk-total-size SizeSuffix              The total size that the chunks can take up on the local disk (default 10Gi)
-          --cache-db-path string                           Directory to store file structure metadata DB (default "$HOME/.cache/rclone/cache-backend")
-          --cache-db-purge                                 Clear all the cached data for this remote on start
-          --cache-db-wait-time Duration                    How long to wait for the DB to be available - 0 is unlimited (default 1s)
-          --cache-info-age Duration                        How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
-          --cache-plex-insecure string                     Skip all certificate verification when connecting to the Plex server
-          --cache-plex-password string                     The password of the Plex user (obscured)
-          --cache-plex-url string                          The URL of the Plex server
-          --cache-plex-username string                     The username of the Plex user
-          --cache-read-retries int                         How many times to retry a read from a cache storage (default 10)
-          --cache-remote string                            Remote to cache
-          --cache-rps int                                  Limits the number of requests per second to the source FS (-1 to disable) (default -1)
-          --cache-tmp-upload-path string                   Directory to keep temporary files until they are uploaded
-          --cache-tmp-wait-time Duration                   How long should files be stored in local cache before being uploaded (default 15s)
-          --cache-workers int                              How many workers should run in parallel to download chunks (default 4)
-          --cache-writes                                   Cache file data on writes through the FS
-          --chunker-chunk-size SizeSuffix                  Files larger than chunk size will be split in chunks (default 2Gi)
-          --chunker-fail-hard                              Choose how chunker should handle files with missing or invalid chunks
-          --chunker-hash-type string                       Choose how chunker handles hash sums (default "md5")
-          --chunker-remote string                          Remote to chunk/unchunk
-          --combine-upstreams SpaceSepList                 Upstreams for combining
-          --compress-level int                             GZIP compression level (-2 to 9) (default -1)
-          --compress-mode string                           Compression mode (default "gzip")
-          --compress-ram-cache-limit SizeSuffix            Some remotes don't allow the upload of files with unknown size (default 20Mi)
-          --compress-remote string                         Remote to compress
-      -L, --copy-links                                     Follow symlinks and copy the pointed to item
-          --crypt-directory-name-encryption                Option to either encrypt directory names or leave them intact (default true)
-          --crypt-filename-encoding string                 How to encode the encrypted filename to text string (default "base32")
-          --crypt-filename-encryption string               How to encrypt the filenames (default "standard")
-          --crypt-no-data-encryption                       Option to either encrypt file data or leave it unencrypted
-          --crypt-password string                          Password or pass phrase for encryption (obscured)
-          --crypt-password2 string                         Password or pass phrase for salt (obscured)
-          --crypt-remote string                            Remote to encrypt/decrypt
-          --crypt-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different crypt configs
-          --crypt-show-mapping                             For all files listed show how the names encrypt
-          --drive-acknowledge-abuse                        Set to allow files which return cannotDownloadAbusiveFile to be downloaded
-          --drive-allow-import-name-change                 Allow the filetype to change when uploading Google docs
-          --drive-auth-owner-only                          Only consider files owned by the authenticated user
-          --drive-auth-url string                          Auth server URL
-          --drive-chunk-size SizeSuffix                    Upload chunk size (default 8Mi)
-          --drive-client-id string                         Google Application Client Id
-          --drive-client-secret string                     OAuth Client Secret
-          --drive-copy-shortcut-content                    Server side copy contents of shortcuts instead of the shortcut
-          --drive-disable-http2                            Disable drive using http2 (default true)
-          --drive-encoding MultiEncoder                    The encoding for the backend (default InvalidUtf8)
-          --drive-export-formats string                    Comma separated list of preferred formats for downloading Google docs (default "docx,xlsx,pptx,svg")
-          --drive-formats string                           Deprecated: See export_formats
-          --drive-impersonate string                       Impersonate this user when using a service account
-          --drive-import-formats string                    Comma separated list of preferred formats for uploading Google docs
-          --drive-keep-revision-forever                    Keep new head revision of each file forever
-          --drive-list-chunk int                           Size of listing chunk 100-1000, 0 to disable (default 1000)
-          --drive-pacer-burst int                          Number of API calls to allow without sleeping (default 100)
-          --drive-pacer-min-sleep Duration                 Minimum time to sleep between API calls (default 100ms)
-          --drive-resource-key string                      Resource key for accessing a link-shared file
-          --drive-root-folder-id string                    ID of the root folder
-          --drive-scope string                             Scope that rclone should use when requesting access from drive
-          --drive-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different drive configs
-          --drive-service-account-credentials string       Service Account Credentials JSON blob
-          --drive-service-account-file string              Service Account Credentials JSON file path
-          --drive-shared-with-me                           Only show files that are shared with me
-          --drive-size-as-quota                            Show sizes as storage quota usage, not actual size
-          --drive-skip-checksum-gphotos                    Skip MD5 checksum on Google photos and videos only
-          --drive-skip-dangling-shortcuts                  If set skip dangling shortcut files
-          --drive-skip-gdocs                               Skip google documents in all listings
-          --drive-skip-shortcuts                           If set skip shortcut files
-          --drive-starred-only                             Only show files that are starred
-          --drive-stop-on-download-limit                   Make download limit errors be fatal
-          --drive-stop-on-upload-limit                     Make upload limit errors be fatal
-          --drive-team-drive string                        ID of the Shared Drive (Team Drive)
-          --drive-token string                             OAuth Access Token as a JSON blob
-          --drive-token-url string                         Token server url
-          --drive-trashed-only                             Only show files that are in the trash
-          --drive-upload-cutoff SizeSuffix                 Cutoff for switching to chunked upload (default 8Mi)
-          --drive-use-created-date                         Use file created date instead of modified date
-          --drive-use-shared-date                          Use date file was shared instead of modified date
-          --drive-use-trash                                Send files to the trash instead of deleting permanently (default true)
-          --drive-v2-download-min-size SizeSuffix          If Object's are greater, use drive v2 API to download (default off)
-          --dropbox-auth-url string                        Auth server URL
-          --dropbox-batch-commit-timeout Duration          Max time to wait for a batch to finish committing (default 10m0s)
-          --dropbox-batch-mode string                      Upload file batching sync|async|off (default "sync")
-          --dropbox-batch-size int                         Max number of files in upload batch
-          --dropbox-batch-timeout Duration                 Max time to allow an idle upload batch before uploading (default 0s)
-          --dropbox-chunk-size SizeSuffix                  Upload chunk size (< 150Mi) (default 48Mi)
-          --dropbox-client-id string                       OAuth Client Id
-          --dropbox-client-secret string                   OAuth Client Secret
-          --dropbox-encoding MultiEncoder                  The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
-          --dropbox-impersonate string                     Impersonate this user when using a business account
-          --dropbox-shared-files                           Instructs rclone to work on individual shared files
-          --dropbox-shared-folders                         Instructs rclone to work on shared folders
-          --dropbox-token string                           OAuth Access Token as a JSON blob
-          --dropbox-token-url string                       Token server url
-          --fichier-api-key string                         Your API Key, get it from https://1fichier.com/console/params.pl
-          --fichier-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
-          --fichier-file-password string                   If you want to download a shared file that is password protected, add this parameter (obscured)
-          --fichier-folder-password string                 If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
-          --fichier-shared-folder string                   If you want to download a shared folder, add this parameter
-          --filefabric-encoding MultiEncoder               The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-          --filefabric-permanent-token string              Permanent Authentication Token
-          --filefabric-root-folder-id string               ID of the root folder
-          --filefabric-token string                        Session Token
-          --filefabric-token-expiry string                 Token expiry time
-          --filefabric-url string                          URL of the Enterprise File Fabric to connect to
-          --filefabric-version string                      Version read from the file fabric
-          --ftp-ask-password                               Allow asking for FTP password when needed
-          --ftp-close-timeout Duration                     Maximum time to wait for a response to close (default 1m0s)
-          --ftp-concurrency int                            Maximum number of FTP simultaneous connections, 0 for unlimited
-          --ftp-disable-epsv                               Disable using EPSV even if server advertises support
-          --ftp-disable-mlsd                               Disable using MLSD even if server advertises support
-          --ftp-disable-tls13                              Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
-          --ftp-disable-utf8                               Disable using UTF-8 even if server advertises support
-          --ftp-encoding MultiEncoder                      The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
-          --ftp-explicit-tls                               Use Explicit FTPS (FTP over TLS)
-          --ftp-force-list-hidden                          Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
-          --ftp-host string                                FTP host to connect to
-          --ftp-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-          --ftp-no-check-certificate                       Do not verify the TLS certificate of the server
-          --ftp-pass string                                FTP password (obscured)
-          --ftp-port int                                   FTP port number (default 21)
-          --ftp-shut-timeout Duration                      Maximum time to wait for data connection closing status (default 1m0s)
-          --ftp-tls                                        Use Implicit FTPS (FTP over TLS)
-          --ftp-tls-cache-size int                         Size of TLS session cache for all control and data connections (default 32)
-          --ftp-user string                                FTP username (default "$USER")
-          --ftp-writing-mdtm                               Use MDTM to set modification time (VsFtpd quirk)
-          --gcs-anonymous                                  Access public buckets and objects without credentials
-          --gcs-auth-url string                            Auth server URL
-          --gcs-bucket-acl string                          Access Control List for new buckets
-          --gcs-bucket-policy-only                         Access checks should use bucket-level IAM policies
-          --gcs-client-id string                           OAuth Client Id
-          --gcs-client-secret string                       OAuth Client Secret
-          --gcs-decompress                                 If set this will decompress gzip encoded objects
-          --gcs-encoding MultiEncoder                      The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-          --gcs-endpoint string                            Endpoint for the service
-          --gcs-env-auth                                   Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
-          --gcs-location string                            Location for the newly created buckets
-          --gcs-no-check-bucket                            If set, don't attempt to check the bucket exists or create it
-          --gcs-object-acl string                          Access Control List for new objects
-          --gcs-project-number string                      Project number
-          --gcs-service-account-file string                Service Account Credentials JSON file path
-          --gcs-storage-class string                       The storage class to use when storing objects in Google Cloud Storage
-          --gcs-token string                               OAuth Access Token as a JSON blob
-          --gcs-token-url string                           Token server url
-          --gphotos-auth-url string                        Auth server URL
-          --gphotos-client-id string                       OAuth Client Id
-          --gphotos-client-secret string                   OAuth Client Secret
-          --gphotos-encoding MultiEncoder                  The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-          --gphotos-include-archived                       Also view and download archived media
-          --gphotos-read-only                              Set to make the Google Photos backend read only
-          --gphotos-read-size                              Set to read the size of media items
-          --gphotos-start-year int                         Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
-          --gphotos-token string                           OAuth Access Token as a JSON blob
-          --gphotos-token-url string                       Token server url
-          --hasher-auto-size SizeSuffix                    Auto-update checksum for files smaller than this size (disabled by default)
-          --hasher-hashes CommaSepList                     Comma separated list of supported checksum types (default md5,sha1)
-          --hasher-max-age Duration                        Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
-          --hasher-remote string                           Remote to cache checksums for (e.g. myRemote:path)
-          --hdfs-data-transfer-protection string           Kerberos data transfer protection: authentication|integrity|privacy
-          --hdfs-encoding MultiEncoder                     The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
-          --hdfs-namenode string                           Hadoop name node and port
-          --hdfs-service-principal-name string             Kerberos service principal name for the namenode
-          --hdfs-username string                           Hadoop user name
-          --hidrive-auth-url string                        Auth server URL
-          --hidrive-chunk-size SizeSuffix                  Chunksize for chunked uploads (default 48Mi)
-          --hidrive-client-id string                       OAuth Client Id
-          --hidrive-client-secret string                   OAuth Client Secret
-          --hidrive-disable-fetching-member-count          Do not fetch number of objects in directories unless it is absolutely necessary
-          --hidrive-encoding MultiEncoder                  The encoding for the backend (default Slash,Dot)
-          --hidrive-endpoint string                        Endpoint for the service (default "https://api.hidrive.strato.com/2.1")
-          --hidrive-root-prefix string                     The root/parent folder for all paths (default "/")
-          --hidrive-scope-access string                    Access permissions that rclone should use when requesting access from HiDrive (default "rw")
-          --hidrive-scope-role string                      User-level that rclone should use when requesting access from HiDrive (default "user")
-          --hidrive-token string                           OAuth Access Token as a JSON blob
-          --hidrive-token-url string                       Token server url
-          --hidrive-upload-concurrency int                 Concurrency for chunked uploads (default 4)
-          --hidrive-upload-cutoff SizeSuffix               Cutoff/Threshold for chunked uploads (default 96Mi)
-          --http-headers CommaSepList                      Set HTTP headers for all transactions
-          --http-no-head                                   Don't use HEAD requests
-          --http-no-slash                                  Set this if the site doesn't end directories with /
-          --http-url string                                URL of HTTP host to connect to
-          --internetarchive-access-key-id string           IAS3 Access Key
-          --internetarchive-disable-checksum               Don't ask the server to test against MD5 checksum calculated by rclone (default true)
-          --internetarchive-encoding MultiEncoder          The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
-          --internetarchive-endpoint string                IAS3 Endpoint (default "https://s3.us.archive.org")
-          --internetarchive-front-endpoint string          Host of InternetArchive Frontend (default "https://archive.org")
-          --internetarchive-secret-access-key string       IAS3 Secret Key (password)
-          --internetarchive-wait-archive Duration          Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish (default 0s)
-          --jottacloud-encoding MultiEncoder               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
-          --jottacloud-hard-delete                         Delete files permanently rather than putting them into the trash
-          --jottacloud-md5-memory-limit SizeSuffix         Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
-          --jottacloud-no-versions                         Avoid server side versioning by deleting files and recreating files instead of overwriting them
-          --jottacloud-trashed-only                        Only show files that are in the trash
-          --jottacloud-upload-resume-limit SizeSuffix      Files bigger than this can be resumed if the upload fail's (default 10Mi)
-          --koofr-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-          --koofr-endpoint string                          The Koofr API endpoint to use
-          --koofr-mountid string                           Mount ID of the mount to use
-          --koofr-password string                          Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
-          --koofr-provider string                          Choose your storage provider
-          --koofr-setmtime                                 Does the backend support setting modification time (default true)
-          --koofr-user string                              Your user name
-      -l, --links                                          Translate symlinks to/from regular files with a '.rclonelink' extension
-          --local-case-insensitive                         Force the filesystem to report itself as case insensitive
-          --local-case-sensitive                           Force the filesystem to report itself as case sensitive
-          --local-encoding MultiEncoder                    The encoding for the backend (default Slash,Dot)
-          --local-no-check-updated                         Don't check to see if the files change during upload
-          --local-no-preallocate                           Disable preallocation of disk space for transferred files
-          --local-no-set-modtime                           Disable setting modtime
-          --local-no-sparse                                Disable sparse files for multi-thread downloads
-          --local-nounc                                    Disable UNC (long path names) conversion on Windows
-          --local-unicode-normalization                    Apply unicode NFC normalization to paths and filenames
-          --local-zero-size-links                          Assume the Stat size of links is zero (and read them instead) (deprecated)
-          --mailru-check-hash                              What should copy do if file checksum is mismatched or invalid (default true)
-          --mailru-encoding MultiEncoder                   The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-          --mailru-pass string                             Password (obscured)
-          --mailru-speedup-enable                          Skip full upload if there is another file with same data hash (default true)
-          --mailru-speedup-file-patterns string            Comma separated list of file name patterns eligible for speedup (put by hash) (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
-          --mailru-speedup-max-disk SizeSuffix             This option allows you to disable speedup (put by hash) for large files (default 3Gi)
-          --mailru-speedup-max-memory SizeSuffix           Files larger than the size given below will always be hashed on disk (default 32Mi)
-          --mailru-user string                             User name (usually email)
-          --mega-debug                                     Output more debug from Mega
-          --mega-encoding MultiEncoder                     The encoding for the backend (default Slash,InvalidUtf8,Dot)
-          --mega-hard-delete                               Delete files permanently rather than putting them into the trash
-          --mega-pass string                               Password (obscured)
-          --mega-use-https                                 Use HTTPS for transfers
-          --mega-user string                               User name
-          --netstorage-account string                      Set the NetStorage account name
-          --netstorage-host string                         Domain+path of NetStorage host to connect to
-          --netstorage-protocol string                     Select between HTTP or HTTPS protocol (default "https")
-          --netstorage-secret string                       Set the NetStorage account secret/G2O key for authentication (obscured)
-      -x, --one-file-system                                Don't cross filesystem boundaries (unix/macOS only)
-          --onedrive-access-scopes SpaceSepList            Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
-          --onedrive-auth-url string                       Auth server URL
-          --onedrive-chunk-size SizeSuffix                 Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
-          --onedrive-client-id string                      OAuth Client Id
-          --onedrive-client-secret string                  OAuth Client Secret
-          --onedrive-drive-id string                       The ID of the drive to use
-          --onedrive-drive-type string                     The type of the drive (personal | business | documentLibrary)
-          --onedrive-encoding MultiEncoder                 The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
-          --onedrive-expose-onenote-files                  Set to make OneNote files show up in directory listings
-          --onedrive-hash-type string                      Specify the hash in use for the backend (default "auto")
-          --onedrive-link-password string                  Set the password for links created by the link command
-          --onedrive-link-scope string                     Set the scope of the links created by the link command (default "anonymous")
-          --onedrive-link-type string                      Set the type of the links created by the link command (default "view")
-          --onedrive-list-chunk int                        Size of listing chunk (default 1000)
-          --onedrive-no-versions                           Remove all versions on modifying operations
-          --onedrive-region string                         Choose national cloud region for OneDrive (default "global")
-          --onedrive-root-folder-id string                 ID of the root folder
-          --onedrive-server-side-across-configs            Allow server-side operations (e.g. copy) to work across different onedrive configs
-          --onedrive-token string                          OAuth Access Token as a JSON blob
-          --onedrive-token-url string                      Token server url
-          --oos-chunk-size SizeSuffix                      Chunk size to use for uploading (default 5Mi)
-          --oos-compartment string                         Object storage compartment OCID
-          --oos-config-file string                         Path to OCI config file (default "~/.oci/config")
-          --oos-config-profile string                      Profile name inside the oci config file (default "Default")
-          --oos-copy-cutoff SizeSuffix                     Cutoff for switching to multipart copy (default 4.656Gi)
-          --oos-copy-timeout Duration                      Timeout for copy (default 1m0s)
-          --oos-disable-checksum                           Don't store MD5 checksum with object metadata
-          --oos-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-          --oos-endpoint string                            Endpoint for Object storage API
-          --oos-leave-parts-on-error                       If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-          --oos-namespace string                           Object storage namespace
-          --oos-no-check-bucket                            If set, don't attempt to check the bucket exists or create it
-          --oos-provider string                            Choose your Auth Provider (default "env_auth")
-          --oos-region string                              Object storage Region
-          --oos-sse-customer-algorithm string              If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm
-          --oos-sse-customer-key string                    To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
-          --oos-sse-customer-key-file string               To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
-          --oos-sse-customer-key-sha256 string             If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
-          --oos-sse-kms-key-id string                      if using using your own master key in vault, this header specifies the
-          --oos-storage-tier string                        The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default "Standard")
-          --oos-upload-concurrency int                     Concurrency for multipart uploads (default 10)
-          --oos-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
-          --opendrive-chunk-size SizeSuffix                Files will be uploaded in chunks this size (default 10Mi)
-          --opendrive-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
-          --opendrive-password string                      Password (obscured)
-          --opendrive-username string                      Username
-          --pcloud-auth-url string                         Auth server URL
-          --pcloud-client-id string                        OAuth Client Id
-          --pcloud-client-secret string                    OAuth Client Secret
-          --pcloud-encoding MultiEncoder                   The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-          --pcloud-hostname string                         Hostname to connect to (default "api.pcloud.com")
-          --pcloud-password string                         Your pcloud password (obscured)
-          --pcloud-root-folder-id string                   Fill in for rclone to use a non root folder as its starting point (default "d0")
-          --pcloud-token string                            OAuth Access Token as a JSON blob
-          --pcloud-token-url string                        Token server url
-          --pcloud-username string                         Your pcloud username
-          --premiumizeme-encoding MultiEncoder             The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-          --putio-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-          --qingstor-access-key-id string                  QingStor Access Key ID
-          --qingstor-chunk-size SizeSuffix                 Chunk size to use for uploading (default 4Mi)
-          --qingstor-connection-retries int                Number of connection retries (default 3)
-          --qingstor-encoding MultiEncoder                 The encoding for the backend (default Slash,Ctl,InvalidUtf8)
-          --qingstor-endpoint string                       Enter an endpoint URL to connection QingStor API
-          --qingstor-env-auth                              Get QingStor credentials from runtime
-          --qingstor-secret-access-key string              QingStor Secret Access Key (password)
-          --qingstor-upload-concurrency int                Concurrency for multipart uploads (default 1)
-          --qingstor-upload-cutoff SizeSuffix              Cutoff for switching to chunked upload (default 200Mi)
-          --qingstor-zone string                           Zone to connect to
-          --s3-access-key-id string                        AWS Access Key ID
-          --s3-acl string                                  Canned ACL used when creating buckets and storing or copying objects
-          --s3-bucket-acl string                           Canned ACL used when creating buckets
-          --s3-chunk-size SizeSuffix                       Chunk size to use for uploading (default 5Mi)
-          --s3-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4.656Gi)
-          --s3-decompress                                  If set this will decompress gzip encoded objects
-          --s3-disable-checksum                            Don't store MD5 checksum with object metadata
-          --s3-disable-http2                               Disable usage of http2 for S3 backends
-          --s3-download-url string                         Custom endpoint for downloads
-          --s3-encoding MultiEncoder                       The encoding for the backend (default Slash,InvalidUtf8,Dot)
-          --s3-endpoint string                             Endpoint for S3 API
-          --s3-env-auth                                    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
-          --s3-force-path-style                            If true use path style access if false use virtual hosted style (default true)
-          --s3-leave-parts-on-error                        If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-          --s3-list-chunk int                              Size of listing chunk (response list for each ListObject S3 request) (default 1000)
-          --s3-list-url-encode Tristate                    Whether to url encode listings: true/false/unset (default unset)
-          --s3-list-version int                            Version of ListObjects to use: 1,2 or 0 for auto
-          --s3-location-constraint string                  Location constraint - must be set to match the Region
-          --s3-max-upload-parts int                        Maximum number of parts in a multipart upload (default 10000)
-          --s3-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-          --s3-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-          --s3-might-gzip Tristate                         Set this if the backend might gzip objects (default unset)
-          --s3-no-check-bucket                             If set, don't attempt to check the bucket exists or create it
-          --s3-no-head                                     If set, don't HEAD uploaded objects to check integrity
-          --s3-no-head-object                              If set, do not do HEAD before GET when getting objects
-          --s3-no-system-metadata                          Suppress setting and reading of system metadata
-          --s3-profile string                              Profile to use in the shared credentials file
-          --s3-provider string                             Choose your S3 provider
-          --s3-region string                               Region to connect to
-          --s3-requester-pays                              Enables requester pays option when interacting with S3 bucket
-          --s3-secret-access-key string                    AWS Secret Access Key (password)
-          --s3-server-side-encryption string               The server-side encryption algorithm used when storing this object in S3
-          --s3-session-token string                        An AWS session token
-          --s3-shared-credentials-file string              Path to the shared credentials file
-          --s3-sse-customer-algorithm string               If using SSE-C, the server-side encryption algorithm used when storing this object in S3
-          --s3-sse-customer-key string                     To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
-          --s3-sse-customer-key-base64 string              If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
-          --s3-sse-customer-key-md5 string                 If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
-          --s3-sse-kms-key-id string                       If using KMS ID you must provide the ARN of Key
-          --s3-storage-class string                        The storage class to use when storing new objects in S3
-          --s3-sts-endpoint string                         Endpoint for STS
-          --s3-upload-concurrency int                      Concurrency for multipart uploads (default 4)
-          --s3-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-          --s3-use-accelerate-endpoint                     If true use the AWS S3 accelerated endpoint
-          --s3-use-multipart-etag Tristate                 Whether to use ETag in multipart uploads for verification (default unset)
-          --s3-use-presigned-request                       Whether to use a presigned request or PutObject for single part uploads
-          --s3-v2-auth                                     If true use v2 authentication
-          --s3-version-at Time                             Show file versions as they were at the specified time (default off)
-          --s3-versions                                    Include old versions in directory listings
-          --seafile-2fa                                    Two-factor authentication ('true' if the account has 2FA enabled)
-          --seafile-create-library                         Should rclone create a library if it doesn't exist
-          --seafile-encoding MultiEncoder                  The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
-          --seafile-library string                         Name of the library
-          --seafile-library-key string                     Library password (for encrypted libraries only) (obscured)
-          --seafile-pass string                            Password (obscured)
-          --seafile-url string                             URL of seafile host to connect to
-          --seafile-user string                            User name (usually email address)
-          --sftp-ask-password                              Allow asking for SFTP password when needed
-          --sftp-chunk-size SizeSuffix                     Upload and download chunk size (default 32Ki)
-          --sftp-ciphers SpaceSepList                      Space separated list of ciphers to be used for session encryption, ordered by preference
-          --sftp-concurrency int                           The maximum number of outstanding requests for one file (default 64)
-          --sftp-disable-concurrent-reads                  If set don't use concurrent reads
-          --sftp-disable-concurrent-writes                 If set don't use concurrent writes
-          --sftp-disable-hashcheck                         Disable the execution of SSH commands to determine if remote file hashing is available
-          --sftp-host string                               SSH host to connect to
-          --sftp-idle-timeout Duration                     Max time before closing idle connections (default 1m0s)
-          --sftp-key-exchange SpaceSepList                 Space separated list of key exchange algorithms, ordered by preference
-          --sftp-key-file string                           Path to PEM-encoded private key file
-          --sftp-key-file-pass string                      The passphrase to decrypt the PEM-encoded private key file (obscured)
-          --sftp-key-pem string                            Raw PEM-encoded private key
-          --sftp-key-use-agent                             When set forces the usage of the ssh-agent
-          --sftp-known-hosts-file string                   Optional path to known_hosts file
-          --sftp-macs SpaceSepList                         Space separated list of MACs (message authentication code) algorithms, ordered by preference
-          --sftp-md5sum-command string                     The command used to read md5 hashes
-          --sftp-pass string                               SSH password, leave blank to use ssh-agent (obscured)
-          --sftp-path-override string                      Override path used by SSH shell commands
-          --sftp-port int                                  SSH port number (default 22)
-          --sftp-pubkey-file string                        Optional path to public key file
-          --sftp-server-command string                     Specifies the path or command to run a sftp server on the remote host
-          --sftp-set-env SpaceSepList                      Environment variables to pass to sftp and commands
-          --sftp-set-modtime                               Set the modified time on the remote if set (default true)
-          --sftp-sha1sum-command string                    The command used to read sha1 hashes
-          --sftp-shell-type string                         The type of SSH shell on remote server, if any
-          --sftp-skip-links                                Set to skip any symlinks and any other non regular files
-          --sftp-subsystem string                          Specifies the SSH2 subsystem on the remote host (default "sftp")
-          --sftp-use-fstat                                 If set use fstat instead of stat
-          --sftp-use-insecure-cipher                       Enable the use of insecure ciphers and key exchange methods
-          --sftp-user string                               SSH username (default "$USER")
-          --sharefile-chunk-size SizeSuffix                Upload chunk size (default 64Mi)
-          --sharefile-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
-          --sharefile-endpoint string                      Endpoint for API calls
-          --sharefile-root-folder-id string                ID of the root folder
-          --sharefile-upload-cutoff SizeSuffix             Cutoff for switching to multipart upload (default 128Mi)
-          --sia-api-password string                        Sia Daemon API Password (obscured)
-          --sia-api-url string                             Sia daemon API URL, like http://sia.daemon.host:9980 (default "http://127.0.0.1:9980")
-          --sia-encoding MultiEncoder                      The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
-          --sia-user-agent string                          Siad User Agent (default "Sia-Agent")
-          --skip-links                                     Don't warn about skipped symlinks
-          --smb-case-insensitive                           Whether the server is configured to be case-insensitive (default true)
-          --smb-domain string                              Domain name for NTLM authentication (default "WORKGROUP")
-          --smb-encoding MultiEncoder                      The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
-          --smb-hide-special-share                         Hide special shares (e.g. print$) which users aren't supposed to access (default true)
-          --smb-host string                                SMB server hostname to connect to
-          --smb-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-          --smb-pass string                                SMB password (obscured)
-          --smb-port int                                   SMB port number (default 445)
-          --smb-spn string                                 Service principal name
-          --smb-user string                                SMB username (default "$USER")
-          --storj-access-grant string                      Access grant
-          --storj-api-key string                           API key
-          --storj-passphrase string                        Encryption passphrase
-          --storj-provider string                          Choose an authentication method (default "existing")
-          --storj-satellite-address string                 Satellite address (default "us1.storj.io")
-          --sugarsync-access-key-id string                 Sugarsync Access Key ID
-          --sugarsync-app-id string                        Sugarsync App ID
-          --sugarsync-authorization string                 Sugarsync authorization
-          --sugarsync-authorization-expiry string          Sugarsync authorization expiry
-          --sugarsync-deleted-id string                    Sugarsync deleted folder id
-          --sugarsync-encoding MultiEncoder                The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
-          --sugarsync-hard-delete                          Permanently delete files if true
-          --sugarsync-private-access-key string            Sugarsync Private Access Key
-          --sugarsync-refresh-token string                 Sugarsync refresh token
-          --sugarsync-root-id string                       Sugarsync root id
-          --sugarsync-user string                          Sugarsync user
-          --swift-application-credential-id string         Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
-          --swift-application-credential-name string       Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
-          --swift-application-credential-secret string     Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
-          --swift-auth string                              Authentication URL for server (OS_AUTH_URL)
-          --swift-auth-token string                        Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-          --swift-auth-version int                         AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-          --swift-chunk-size SizeSuffix                    Above this size files will be chunked into a _segments container (default 5Gi)
-          --swift-domain string                            User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-          --swift-encoding MultiEncoder                    The encoding for the backend (default Slash,InvalidUtf8)
-          --swift-endpoint-type string                     Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
-          --swift-env-auth                                 Get swift credentials from environment variables in standard OpenStack form
-          --swift-key string                               API key or password (OS_PASSWORD)
-          --swift-leave-parts-on-error                     If true avoid calling abort upload on a failure
-          --swift-no-chunk                                 Don't chunk files during streaming upload
-          --swift-no-large-objects                         Disable support for static and dynamic large objects
-          --swift-region string                            Region name - optional (OS_REGION_NAME)
-          --swift-storage-policy string                    The storage policy to use when creating a new container
-          --swift-storage-url string                       Storage URL - optional (OS_STORAGE_URL)
-          --swift-tenant string                            Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-          --swift-tenant-domain string                     Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-          --swift-tenant-id string                         Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-          --swift-user string                              User name to log in (OS_USERNAME)
-          --swift-user-id string                           User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
-          --union-action-policy string                     Policy to choose upstream on ACTION category (default "epall")
-          --union-cache-time int                           Cache time of usage and free space (in seconds) (default 120)
-          --union-create-policy string                     Policy to choose upstream on CREATE category (default "epmfs")
-          --union-min-free-space SizeSuffix                Minimum viable free space for lfs/eplfs policies (default 1Gi)
-          --union-search-policy string                     Policy to choose upstream on SEARCH category (default "ff")
-          --union-upstreams string                         List of space separated upstreams
-          --uptobox-access-token string                    Your access token
-          --uptobox-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
-          --webdav-bearer-token string                     Bearer token instead of user/pass (e.g. a Macaroon)
-          --webdav-bearer-token-command string             Command to run to get a bearer token
-          --webdav-encoding string                         The encoding for the backend
-          --webdav-headers CommaSepList                    Set HTTP headers for all transactions
-          --webdav-pass string                             Password (obscured)
-          --webdav-url string                              URL of http host to connect to
-          --webdav-user string                             User name
-          --webdav-vendor string                           Name of the WebDAV site/service/software you are using
-          --yandex-auth-url string                         Auth server URL
-          --yandex-client-id string                        OAuth Client Id
-          --yandex-client-secret string                    OAuth Client Secret
-          --yandex-encoding MultiEncoder                   The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-          --yandex-hard-delete                             Delete files permanently rather than putting them into the trash
-          --yandex-token string                            OAuth Access Token as a JSON blob
-          --yandex-token-url string                        Token server url
-          --zoho-auth-url string                           Auth server URL
-          --zoho-client-id string                          OAuth Client Id
-          --zoho-client-secret string                      OAuth Client Secret
-          --zoho-encoding MultiEncoder                     The encoding for the backend (default Del,Ctl,InvalidUtf8)
-          --zoho-region string                             Zoho region to connect to
-          --zoho-token string                              OAuth Access Token as a JSON blob
-          --zoho-token-url string                          Token server url
+into groups.
+
+Copy
+
+Flags for anything which can Copy a file.
+
+          --check-first                                 Do all the checks before starting transfers
+      -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+          --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+          --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+          --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+          --ignore-case-sync                            Ignore case when synchronizing
+          --ignore-checksum                             Skip post copy check of checksums
+          --ignore-existing                             Skip all files that exist on destination
+          --ignore-size                                 Ignore size when skipping use modtime or checksum
+      -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+          --immutable                                   Do not modify files, fail if existing files have been modified
+          --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+          --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+          --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+          --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+      -M, --metadata                                    If set, preserve metadata when copying objects
+          --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+          --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+          --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+          --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+          --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+          --no-check-dest                               Don't check the destination, copy regardless
+          --no-traverse                                 Don't traverse destination file system on copy
+          --no-update-modtime                           Don't update destination modtime if files identical
+          --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+          --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+          --refresh-times                               Refresh the modtime of remote files
+          --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+          --size-only                                   Skip based on size only, not modtime or checksum
+          --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      -u, --update                                      Skip files that are newer on the destination
+
+Sync
+
+Flags just used for rclone sync.
+
+          --backup-dir string               Make backups into hierarchy based in DIR
+          --delete-after                    When synchronizing, delete files on destination after transferring (default)
+          --delete-before                   When synchronizing, delete files on destination before transferring
+          --delete-during                   When synchronizing, delete files during transfer
+          --ignore-errors                   Delete even if there are I/O errors
+          --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+          --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+          --suffix string                   Suffix to add to changed files
+          --suffix-keep-extension           Preserve the extension when using --suffix
+          --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+          --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
+
+Important
+
+Important flags useful for most commands.
+
+      -n, --dry-run         Do a trial run with no permanent changes
+      -i, --interactive     Enable interactive mode
+      -v, --verbose count   Print lots more stuff (repeat for more)
+
+Check
+
+Flags used for rclone check.
+
+          --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+
+Networking
+
+General networking and HTTP stuff.
+
+          --bind string                        Local address to bind to for outgoing connections, IPv4, IPv6 or name
+          --bwlimit BwTimetable                Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+          --bwlimit-file BwTimetable           Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+          --ca-cert stringArray                CA certificate used to verify servers
+          --client-cert string                 Client SSL certificate (PEM) for mutual TLS auth
+          --client-key string                  Client SSL private key (PEM) for mutual TLS auth
+          --contimeout Duration                Connect timeout (default 1m0s)
+          --disable-http-keep-alives           Disable HTTP keep-alives and use each connection once.
+          --disable-http2                      Disable HTTP/2 in the global transport
+          --dscp string                        Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
+          --expect-continue-timeout Duration   Timeout when using expect / 100-continue in HTTP (default 1s)
+          --header stringArray                 Set HTTP header for all transactions
+          --header-download stringArray        Set HTTP header for download transactions
+          --header-upload stringArray          Set HTTP header for upload transactions
+          --no-check-certificate               Do not verify the server SSL certificate (insecure)
+          --no-gzip-encoding                   Don't set Accept-Encoding: gzip
+          --timeout Duration                   IO idle timeout (default 5m0s)
+          --tpslimit float                     Limit HTTP transactions per second to this
+          --tpslimit-burst int                 Max burst of transactions for --tpslimit (default 1)
+          --use-cookies                        Enable session cookiejar
+          --user-agent string                  Set the user-agent to a specified string (default "rclone/v1.65.0")
+
+Performance
+
+Flags helpful for increasing performance.
+
+          --buffer-size SizeSuffix   In memory buffer size when reading files for each --transfer (default 16Mi)
+          --checkers int             Number of checkers to run in parallel (default 8)
+          --transfers int            Number of file transfers to run in parallel (default 4)
+
+Config
+
+General configuration of rclone.
+
+          --ask-password                        Allow prompt for password for encrypted configuration (default true)
+          --auto-confirm                        If enabled, do not request console confirmation
+          --cache-dir string                    Directory rclone will use for caching (default "$HOME/.cache/rclone")
+          --color AUTO|NEVER|ALWAYS             When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default AUTO)
+          --config string                       Config file (default "$HOME/.config/rclone/rclone.conf")
+          --default-time Time                   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --disable string                      Disable a comma separated list of features (use --disable help to see a list)
+      -n, --dry-run                             Do a trial run with no permanent changes
+          --error-on-no-transfer                Sets exit code 9 if no files are transferred, useful in scripts
+          --fs-cache-expire-duration Duration   Cache remotes for this long (0 to disable caching) (default 5m0s)
+          --fs-cache-expire-interval Duration   Interval to check for expired remotes (default 1m0s)
+          --human-readable                      Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
+      -i, --interactive                         Enable interactive mode
+          --kv-lock-time Duration               Maximum time to keep key-value database locked by process (default 1s)
+          --low-level-retries int               Number of low level retries to do (default 10)
+          --no-console                          Hide console window (supported on Windows only)
+          --no-unicode-normalization            Don't normalize unicode characters in filenames
+          --password-command SpaceSepList       Command for supplying password for encrypted configuration
+          --retries int                         Retry operations this many times if they fail (default 3)
+          --retries-sleep Duration              Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
+          --temp-dir string                     Directory rclone will use for temporary files (default "/tmp")
+          --use-mmap                            Use mmap allocator (see docs)
+          --use-server-modtime                  Use server modified time instead of object metadata
+
+Debugging
+
+Flags for developers.
+
+          --cpuprofile string   Write cpu profile to file
+          --dump DumpFlags      List of items to dump from: headers, bodies, requests, responses, auth, filters, goroutines, openfiles, mapper
+          --dump-bodies         Dump HTTP headers and bodies - may contain sensitive info
+          --dump-headers        Dump HTTP headers - may contain sensitive info
+          --memprofile string   Write memory profile to file
+
+Filter
+
+Flags for filtering directory listings.
+
+          --delete-excluded                     Delete files on dest excluded from sync
+          --exclude stringArray                 Exclude files matching pattern
+          --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+          --exclude-if-present stringArray      Exclude directories if filename is present
+          --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+          --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+      -f, --filter stringArray                  Add a file filtering rule
+          --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+          --ignore-case                         Ignore case in filters (case insensitive)
+          --include stringArray                 Include files matching pattern
+          --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+          --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --max-depth int                       If set limits the recursion depth to this (default -1)
+          --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+          --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+
+Listing
+
+Flags for listing directories.
+
+          --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+          --fast-list           Use recursive list if available; uses more memory but fewer transactions
+
+Logging
+
+Logging and statistics.
+
+          --log-file string                     Log everything to this file
+          --log-format string                   Comma separated list of log format options (default "date,time")
+          --log-level LogLevel                  Log level DEBUG|INFO|NOTICE|ERROR (default NOTICE)
+          --log-systemd                         Activate systemd integration for the logger
+          --max-stats-groups int                Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
+      -P, --progress                            Show progress during transfer
+          --progress-terminal-title             Show progress on the terminal title (requires -P/--progress)
+      -q, --quiet                               Print as little stuff as possible
+          --stats Duration                      Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
+          --stats-file-name-length int          Max file name length in stats (0 for no limit) (default 45)
+          --stats-log-level LogLevel            Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default INFO)
+          --stats-one-line                      Make the stats fit on one line
+          --stats-one-line-date                 Enable --stats-one-line and add current date/time prefix
+          --stats-one-line-date-format string   Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes ("), see https://golang.org/pkg/time/#Time.Format
+          --stats-unit string                   Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
+          --syslog                              Use Syslog for logging
+          --syslog-facility string              Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
+          --use-json-log                        Use json log format
+      -v, --verbose count                       Print lots more stuff (repeat for more)
+
+Metadata
+
+Flags to control metadata.
+
+      -M, --metadata                            If set, preserve metadata when copying objects
+          --metadata-exclude stringArray        Exclude metadatas matching pattern
+          --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+          --metadata-filter stringArray         Add a metadata filtering rule
+          --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+          --metadata-include stringArray        Include metadatas matching pattern
+          --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+          --metadata-mapper SpaceSepList        Program to run to transforming metadata before upload
+          --metadata-set stringArray            Add metadata key=value when uploading
+
+RC
+
+Flags to control the Remote Control API.
+
+          --rc                                 Enable the remote control server
+          --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+          --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+          --rc-baseurl string                  Prefix for URLs - leave blank for root
+          --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+          --rc-client-ca string                Client certificate authority to verify clients with
+          --rc-enable-metrics                  Enable prometheus metrics on /metrics
+          --rc-files string                    Path to local files to serve on the HTTP server
+          --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+          --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+          --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+          --rc-key string                      TLS PEM Private key
+          --rc-max-header-bytes int            Maximum size of request header (default 4096)
+          --rc-min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
+          --rc-no-auth                         Don't require auth for certain methods
+          --rc-pass string                     Password for authentication
+          --rc-realm string                    Realm for authentication
+          --rc-salt string                     Password hashing salt (default "dlPL2MqE")
+          --rc-serve                           Enable the serving of remote objects
+          --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+          --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+          --rc-template string                 User-specified template
+          --rc-user string                     User name for authentication
+          --rc-web-fetch-url string            URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
+          --rc-web-gui                         Launch WebGUI on localhost
+          --rc-web-gui-force-update            Force update to latest version of web gui
+          --rc-web-gui-no-open-browser         Don't open the browser automatically
+          --rc-web-gui-update                  Check and update to latest version of web gui
+
+Backend
+
+Backend only flags. These can be set in the config file also.
+
+          --acd-auth-url string                                 Auth server URL
+          --acd-client-id string                                OAuth Client Id
+          --acd-client-secret string                            OAuth Client Secret
+          --acd-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+          --acd-templink-threshold SizeSuffix                   Files >= this size will be downloaded via their tempLink (default 9Gi)
+          --acd-token string                                    OAuth Access Token as a JSON blob
+          --acd-token-url string                                Token server url
+          --acd-upload-wait-per-gb Duration                     Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
+          --alias-remote string                                 Remote or path to alias
+          --azureblob-access-tier string                        Access tier of blob: hot, cool, cold or archive
+          --azureblob-account string                            Azure Storage Account Name
+          --azureblob-archive-tier-delete                       Delete archive tier blobs before overwriting
+          --azureblob-chunk-size SizeSuffix                     Upload chunk size (default 4Mi)
+          --azureblob-client-certificate-password string        Password for the certificate file (optional) (obscured)
+          --azureblob-client-certificate-path string            Path to a PEM or PKCS12 certificate file including the private key
+          --azureblob-client-id string                          The ID of the client in use
+          --azureblob-client-secret string                      One of the service principal's client secrets
+          --azureblob-client-send-certificate-chain             Send the certificate chain when using certificate auth
+          --azureblob-directory-markers                         Upload an empty object with a trailing slash when a new directory is created
+          --azureblob-disable-checksum                          Don't store MD5 checksum with object metadata
+          --azureblob-encoding Encoding                         The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
+          --azureblob-endpoint string                           Endpoint for the service
+          --azureblob-env-auth                                  Read credentials from runtime (environment variables, CLI or MSI)
+          --azureblob-key string                                Storage Account Shared Key
+          --azureblob-list-chunk int                            Size of blob list (default 5000)
+          --azureblob-msi-client-id string                      Object ID of the user-assigned MSI to use, if any
+          --azureblob-msi-mi-res-id string                      Azure resource ID of the user-assigned MSI to use, if any
+          --azureblob-msi-object-id string                      Object ID of the user-assigned MSI to use, if any
+          --azureblob-no-check-container                        If set, don't attempt to check the container exists or create it
+          --azureblob-no-head-object                            If set, do not do HEAD before GET when getting objects
+          --azureblob-password string                           The user's password (obscured)
+          --azureblob-public-access string                      Public access level of a container: blob or container
+          --azureblob-sas-url string                            SAS URL for container level access only
+          --azureblob-service-principal-file string             Path to file containing credentials for use with a service principal
+          --azureblob-tenant string                             ID of the service principal's tenant. Also called its directory ID
+          --azureblob-upload-concurrency int                    Concurrency for multipart uploads (default 16)
+          --azureblob-upload-cutoff string                      Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
+          --azureblob-use-emulator                              Uses local storage emulator if provided as 'true'
+          --azureblob-use-msi                                   Use a managed service identity to authenticate (only works in Azure)
+          --azureblob-username string                           User name (usually an email address)
+          --azurefiles-account string                           Azure Storage Account Name
+          --azurefiles-chunk-size SizeSuffix                    Upload chunk size (default 4Mi)
+          --azurefiles-client-certificate-password string       Password for the certificate file (optional) (obscured)
+          --azurefiles-client-certificate-path string           Path to a PEM or PKCS12 certificate file including the private key
+          --azurefiles-client-id string                         The ID of the client in use
+          --azurefiles-client-secret string                     One of the service principal's client secrets
+          --azurefiles-client-send-certificate-chain            Send the certificate chain when using certificate auth
+          --azurefiles-connection-string string                 Azure Files Connection String
+          --azurefiles-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot)
+          --azurefiles-endpoint string                          Endpoint for the service
+          --azurefiles-env-auth                                 Read credentials from runtime (environment variables, CLI or MSI)
+          --azurefiles-key string                               Storage Account Shared Key
+          --azurefiles-max-stream-size SizeSuffix               Max size for streamed files (default 10Gi)
+          --azurefiles-msi-client-id string                     Object ID of the user-assigned MSI to use, if any
+          --azurefiles-msi-mi-res-id string                     Azure resource ID of the user-assigned MSI to use, if any
+          --azurefiles-msi-object-id string                     Object ID of the user-assigned MSI to use, if any
+          --azurefiles-password string                          The user's password (obscured)
+          --azurefiles-sas-url string                           SAS URL
+          --azurefiles-service-principal-file string            Path to file containing credentials for use with a service principal
+          --azurefiles-share-name string                        Azure Files Share Name
+          --azurefiles-tenant string                            ID of the service principal's tenant. Also called its directory ID
+          --azurefiles-upload-concurrency int                   Concurrency for multipart uploads (default 16)
+          --azurefiles-use-msi                                  Use a managed service identity to authenticate (only works in Azure)
+          --azurefiles-username string                          User name (usually an email address)
+          --b2-account string                                   Account ID or Application Key ID
+          --b2-chunk-size SizeSuffix                            Upload chunk size (default 96Mi)
+          --b2-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4Gi)
+          --b2-disable-checksum                                 Disable checksums for large (> upload cutoff) files
+          --b2-download-auth-duration Duration                  Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
+          --b2-download-url string                              Custom endpoint for downloads
+          --b2-encoding Encoding                                The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+          --b2-endpoint string                                  Endpoint for the service
+          --b2-hard-delete                                      Permanently delete files on remote removal, otherwise hide files
+          --b2-key string                                       Application Key
+          --b2-lifecycle int                                    Set the number of days deleted files should be kept when creating a bucket
+          --b2-test-mode string                                 A flag string for X-Bz-Test-Mode header for debugging
+          --b2-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+          --b2-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+          --b2-version-at Time                                  Show file versions as they were at the specified time (default off)
+          --b2-versions                                         Include old versions in directory listings
+          --box-access-token string                             Box App Primary Access Token
+          --box-auth-url string                                 Auth server URL
+          --box-box-config-file string                          Box App config.json location
+          --box-box-sub-type string                              (default "user")
+          --box-client-id string                                OAuth Client Id
+          --box-client-secret string                            OAuth Client Secret
+          --box-commit-retries int                              Max number of times to try committing a multipart file (default 100)
+          --box-encoding Encoding                               The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
+          --box-impersonate string                              Impersonate this user ID when using a service account
+          --box-list-chunk int                                  Size of listing chunk 1-1000 (default 1000)
+          --box-owned-by string                                 Only show items owned by the login (email address) passed in
+          --box-root-folder-id string                           Fill in for rclone to use a non root folder as its starting point
+          --box-token string                                    OAuth Access Token as a JSON blob
+          --box-token-url string                                Token server url
+          --box-upload-cutoff SizeSuffix                        Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
+          --cache-chunk-clean-interval Duration                 How often should the cache perform cleanups of the chunk storage (default 1m0s)
+          --cache-chunk-no-memory                               Disable the in-memory cache for storing chunks during streaming
+          --cache-chunk-path string                             Directory to cache chunk files (default "$HOME/.cache/rclone/cache-backend")
+          --cache-chunk-size SizeSuffix                         The size of a chunk (partial file data) (default 5Mi)
+          --cache-chunk-total-size SizeSuffix                   The total size that the chunks can take up on the local disk (default 10Gi)
+          --cache-db-path string                                Directory to store file structure metadata DB (default "$HOME/.cache/rclone/cache-backend")
+          --cache-db-purge                                      Clear all the cached data for this remote on start
+          --cache-db-wait-time Duration                         How long to wait for the DB to be available - 0 is unlimited (default 1s)
+          --cache-info-age Duration                             How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
+          --cache-plex-insecure string                          Skip all certificate verification when connecting to the Plex server
+          --cache-plex-password string                          The password of the Plex user (obscured)
+          --cache-plex-url string                               The URL of the Plex server
+          --cache-plex-username string                          The username of the Plex user
+          --cache-read-retries int                              How many times to retry a read from a cache storage (default 10)
+          --cache-remote string                                 Remote to cache
+          --cache-rps int                                       Limits the number of requests per second to the source FS (-1 to disable) (default -1)
+          --cache-tmp-upload-path string                        Directory to keep temporary files until they are uploaded
+          --cache-tmp-wait-time Duration                        How long should files be stored in local cache before being uploaded (default 15s)
+          --cache-workers int                                   How many workers should run in parallel to download chunks (default 4)
+          --cache-writes                                        Cache file data on writes through the FS
+          --chunker-chunk-size SizeSuffix                       Files larger than chunk size will be split in chunks (default 2Gi)
+          --chunker-fail-hard                                   Choose how chunker should handle files with missing or invalid chunks
+          --chunker-hash-type string                            Choose how chunker handles hash sums (default "md5")
+          --chunker-remote string                               Remote to chunk/unchunk
+          --combine-upstreams SpaceSepList                      Upstreams for combining
+          --compress-level int                                  GZIP compression level (-2 to 9) (default -1)
+          --compress-mode string                                Compression mode (default "gzip")
+          --compress-ram-cache-limit SizeSuffix                 Some remotes don't allow the upload of files with unknown size (default 20Mi)
+          --compress-remote string                              Remote to compress
+      -L, --copy-links                                          Follow symlinks and copy the pointed to item
+          --crypt-directory-name-encryption                     Option to either encrypt directory names or leave them intact (default true)
+          --crypt-filename-encoding string                      How to encode the encrypted filename to text string (default "base32")
+          --crypt-filename-encryption string                    How to encrypt the filenames (default "standard")
+          --crypt-no-data-encryption                            Option to either encrypt file data or leave it unencrypted
+          --crypt-pass-bad-blocks                               If set this will pass bad blocks through as all 0
+          --crypt-password string                               Password or pass phrase for encryption (obscured)
+          --crypt-password2 string                              Password or pass phrase for salt (obscured)
+          --crypt-remote string                                 Remote to encrypt/decrypt
+          --crypt-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+          --crypt-show-mapping                                  For all files listed show how the names encrypt
+          --crypt-suffix string                                 If this is set it will override the default suffix of ".bin" (default ".bin")
+          --drive-acknowledge-abuse                             Set to allow files which return cannotDownloadAbusiveFile to be downloaded
+          --drive-allow-import-name-change                      Allow the filetype to change when uploading Google docs
+          --drive-auth-owner-only                               Only consider files owned by the authenticated user
+          --drive-auth-url string                               Auth server URL
+          --drive-chunk-size SizeSuffix                         Upload chunk size (default 8Mi)
+          --drive-client-id string                              Google Application Client Id
+          --drive-client-secret string                          OAuth Client Secret
+          --drive-copy-shortcut-content                         Server side copy contents of shortcuts instead of the shortcut
+          --drive-disable-http2                                 Disable drive using http2 (default true)
+          --drive-encoding Encoding                             The encoding for the backend (default InvalidUtf8)
+          --drive-env-auth                                      Get IAM credentials from runtime (environment variables or instance meta data if no env vars)
+          --drive-export-formats string                         Comma separated list of preferred formats for downloading Google docs (default "docx,xlsx,pptx,svg")
+          --drive-fast-list-bug-fix                             Work around a bug in Google Drive listing (default true)
+          --drive-formats string                                Deprecated: See export_formats
+          --drive-impersonate string                            Impersonate this user when using a service account
+          --drive-import-formats string                         Comma separated list of preferred formats for uploading Google docs
+          --drive-keep-revision-forever                         Keep new head revision of each file forever
+          --drive-list-chunk int                                Size of listing chunk 100-1000, 0 to disable (default 1000)
+          --drive-metadata-labels Bits                          Control whether labels should be read or written in metadata (default off)
+          --drive-metadata-owner Bits                           Control whether owner should be read or written in metadata (default read)
+          --drive-metadata-permissions Bits                     Control whether permissions should be read or written in metadata (default off)
+          --drive-pacer-burst int                               Number of API calls to allow without sleeping (default 100)
+          --drive-pacer-min-sleep Duration                      Minimum time to sleep between API calls (default 100ms)
+          --drive-resource-key string                           Resource key for accessing a link-shared file
+          --drive-root-folder-id string                         ID of the root folder
+          --drive-scope string                                  Comma separated list of scopes that rclone should use when requesting access from drive
+          --drive-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+          --drive-service-account-credentials string            Service Account Credentials JSON blob
+          --drive-service-account-file string                   Service Account Credentials JSON file path
+          --drive-shared-with-me                                Only show files that are shared with me
+          --drive-show-all-gdocs                                Show all Google Docs including non-exportable ones in listings
+          --drive-size-as-quota                                 Show sizes as storage quota usage, not actual size
+          --drive-skip-checksum-gphotos                         Skip checksums on Google photos and videos only
+          --drive-skip-dangling-shortcuts                       If set skip dangling shortcut files
+          --drive-skip-gdocs                                    Skip google documents in all listings
+          --drive-skip-shortcuts                                If set skip shortcut files
+          --drive-starred-only                                  Only show files that are starred
+          --drive-stop-on-download-limit                        Make download limit errors be fatal
+          --drive-stop-on-upload-limit                          Make upload limit errors be fatal
+          --drive-team-drive string                             ID of the Shared Drive (Team Drive)
+          --drive-token string                                  OAuth Access Token as a JSON blob
+          --drive-token-url string                              Token server url
+          --drive-trashed-only                                  Only show files that are in the trash
+          --drive-upload-cutoff SizeSuffix                      Cutoff for switching to chunked upload (default 8Mi)
+          --drive-use-created-date                              Use file created date instead of modified date
+          --drive-use-shared-date                               Use date file was shared instead of modified date
+          --drive-use-trash                                     Send files to the trash instead of deleting permanently (default true)
+          --drive-v2-download-min-size SizeSuffix               If Object's are greater, use drive v2 API to download (default off)
+          --dropbox-auth-url string                             Auth server URL
+          --dropbox-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+          --dropbox-batch-mode string                           Upload file batching sync|async|off (default "sync")
+          --dropbox-batch-size int                              Max number of files in upload batch
+          --dropbox-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+          --dropbox-chunk-size SizeSuffix                       Upload chunk size (< 150Mi) (default 48Mi)
+          --dropbox-client-id string                            OAuth Client Id
+          --dropbox-client-secret string                        OAuth Client Secret
+          --dropbox-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
+          --dropbox-impersonate string                          Impersonate this user when using a business account
+          --dropbox-pacer-min-sleep Duration                    Minimum time to sleep between API calls (default 10ms)
+          --dropbox-shared-files                                Instructs rclone to work on individual shared files
+          --dropbox-shared-folders                              Instructs rclone to work on shared folders
+          --dropbox-token string                                OAuth Access Token as a JSON blob
+          --dropbox-token-url string                            Token server url
+          --fichier-api-key string                              Your API Key, get it from https://1fichier.com/console/params.pl
+          --fichier-cdn                                         Set if you wish to use CDN download links
+          --fichier-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
+          --fichier-file-password string                        If you want to download a shared file that is password protected, add this parameter (obscured)
+          --fichier-folder-password string                      If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
+          --fichier-shared-folder string                        If you want to download a shared folder, add this parameter
+          --filefabric-encoding Encoding                        The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+          --filefabric-permanent-token string                   Permanent Authentication Token
+          --filefabric-root-folder-id string                    ID of the root folder
+          --filefabric-token string                             Session Token
+          --filefabric-token-expiry string                      Token expiry time
+          --filefabric-url string                               URL of the Enterprise File Fabric to connect to
+          --filefabric-version string                           Version read from the file fabric
+          --ftp-ask-password                                    Allow asking for FTP password when needed
+          --ftp-close-timeout Duration                          Maximum time to wait for a response to close (default 1m0s)
+          --ftp-concurrency int                                 Maximum number of FTP simultaneous connections, 0 for unlimited
+          --ftp-disable-epsv                                    Disable using EPSV even if server advertises support
+          --ftp-disable-mlsd                                    Disable using MLSD even if server advertises support
+          --ftp-disable-tls13                                   Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+          --ftp-disable-utf8                                    Disable using UTF-8 even if server advertises support
+          --ftp-encoding Encoding                               The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
+          --ftp-explicit-tls                                    Use Explicit FTPS (FTP over TLS)
+          --ftp-force-list-hidden                               Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
+          --ftp-host string                                     FTP host to connect to
+          --ftp-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+          --ftp-no-check-certificate                            Do not verify the TLS certificate of the server
+          --ftp-pass string                                     FTP password (obscured)
+          --ftp-port int                                        FTP port number (default 21)
+          --ftp-shut-timeout Duration                           Maximum time to wait for data connection closing status (default 1m0s)
+          --ftp-socks-proxy string                              Socks 5 proxy host
+          --ftp-tls                                             Use Implicit FTPS (FTP over TLS)
+          --ftp-tls-cache-size int                              Size of TLS session cache for all control and data connections (default 32)
+          --ftp-user string                                     FTP username (default "$USER")
+          --ftp-writing-mdtm                                    Use MDTM to set modification time (VsFtpd quirk)
+          --gcs-anonymous                                       Access public buckets and objects without credentials
+          --gcs-auth-url string                                 Auth server URL
+          --gcs-bucket-acl string                               Access Control List for new buckets
+          --gcs-bucket-policy-only                              Access checks should use bucket-level IAM policies
+          --gcs-client-id string                                OAuth Client Id
+          --gcs-client-secret string                            OAuth Client Secret
+          --gcs-decompress                                      If set this will decompress gzip encoded objects
+          --gcs-directory-markers                               Upload an empty object with a trailing slash when a new directory is created
+          --gcs-encoding Encoding                               The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+          --gcs-endpoint string                                 Endpoint for the service
+          --gcs-env-auth                                        Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
+          --gcs-location string                                 Location for the newly created buckets
+          --gcs-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+          --gcs-object-acl string                               Access Control List for new objects
+          --gcs-project-number string                           Project number
+          --gcs-service-account-file string                     Service Account Credentials JSON file path
+          --gcs-storage-class string                            The storage class to use when storing objects in Google Cloud Storage
+          --gcs-token string                                    OAuth Access Token as a JSON blob
+          --gcs-token-url string                                Token server url
+          --gcs-user-project string                             User project
+          --gphotos-auth-url string                             Auth server URL
+          --gphotos-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+          --gphotos-batch-mode string                           Upload file batching sync|async|off (default "sync")
+          --gphotos-batch-size int                              Max number of files in upload batch
+          --gphotos-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+          --gphotos-client-id string                            OAuth Client Id
+          --gphotos-client-secret string                        OAuth Client Secret
+          --gphotos-encoding Encoding                           The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+          --gphotos-include-archived                            Also view and download archived media
+          --gphotos-read-only                                   Set to make the Google Photos backend read only
+          --gphotos-read-size                                   Set to read the size of media items
+          --gphotos-start-year int                              Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
+          --gphotos-token string                                OAuth Access Token as a JSON blob
+          --gphotos-token-url string                            Token server url
+          --hasher-auto-size SizeSuffix                         Auto-update checksum for files smaller than this size (disabled by default)
+          --hasher-hashes CommaSepList                          Comma separated list of supported checksum types (default md5,sha1)
+          --hasher-max-age Duration                             Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
+          --hasher-remote string                                Remote to cache checksums for (e.g. myRemote:path)
+          --hdfs-data-transfer-protection string                Kerberos data transfer protection: authentication|integrity|privacy
+          --hdfs-encoding Encoding                              The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
+          --hdfs-namenode CommaSepList                          Hadoop name nodes and ports
+          --hdfs-service-principal-name string                  Kerberos service principal name for the namenode
+          --hdfs-username string                                Hadoop user name
+          --hidrive-auth-url string                             Auth server URL
+          --hidrive-chunk-size SizeSuffix                       Chunksize for chunked uploads (default 48Mi)
+          --hidrive-client-id string                            OAuth Client Id
+          --hidrive-client-secret string                        OAuth Client Secret
+          --hidrive-disable-fetching-member-count               Do not fetch number of objects in directories unless it is absolutely necessary
+          --hidrive-encoding Encoding                           The encoding for the backend (default Slash,Dot)
+          --hidrive-endpoint string                             Endpoint for the service (default "https://api.hidrive.strato.com/2.1")
+          --hidrive-root-prefix string                          The root/parent folder for all paths (default "/")
+          --hidrive-scope-access string                         Access permissions that rclone should use when requesting access from HiDrive (default "rw")
+          --hidrive-scope-role string                           User-level that rclone should use when requesting access from HiDrive (default "user")
+          --hidrive-token string                                OAuth Access Token as a JSON blob
+          --hidrive-token-url string                            Token server url
+          --hidrive-upload-concurrency int                      Concurrency for chunked uploads (default 4)
+          --hidrive-upload-cutoff SizeSuffix                    Cutoff/Threshold for chunked uploads (default 96Mi)
+          --http-headers CommaSepList                           Set HTTP headers for all transactions
+          --http-no-head                                        Don't use HEAD requests
+          --http-no-slash                                       Set this if the site doesn't end directories with /
+          --http-url string                                     URL of HTTP host to connect to
+          --imagekit-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket)
+          --imagekit-endpoint string                            You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+          --imagekit-only-signed Restrict unsigned image URLs   If you have configured Restrict unsigned image URLs in your dashboard settings, set this to true
+          --imagekit-private-key string                         You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+          --imagekit-public-key string                          You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+          --imagekit-upload-tags string                         Tags to add to the uploaded files, e.g. "tag1,tag2"
+          --imagekit-versions                                   Include old versions in directory listings
+          --internetarchive-access-key-id string                IAS3 Access Key
+          --internetarchive-disable-checksum                    Don't ask the server to test against MD5 checksum calculated by rclone (default true)
+          --internetarchive-encoding Encoding                   The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
+          --internetarchive-endpoint string                     IAS3 Endpoint (default "https://s3.us.archive.org")
+          --internetarchive-front-endpoint string               Host of InternetArchive Frontend (default "https://archive.org")
+          --internetarchive-secret-access-key string            IAS3 Secret Key (password)
+          --internetarchive-wait-archive Duration               Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish (default 0s)
+          --jottacloud-auth-url string                          Auth server URL
+          --jottacloud-client-id string                         OAuth Client Id
+          --jottacloud-client-secret string                     OAuth Client Secret
+          --jottacloud-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
+          --jottacloud-hard-delete                              Delete files permanently rather than putting them into the trash
+          --jottacloud-md5-memory-limit SizeSuffix              Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
+          --jottacloud-no-versions                              Avoid server side versioning by deleting files and recreating files instead of overwriting them
+          --jottacloud-token string                             OAuth Access Token as a JSON blob
+          --jottacloud-token-url string                         Token server url
+          --jottacloud-trashed-only                             Only show files that are in the trash
+          --jottacloud-upload-resume-limit SizeSuffix           Files bigger than this can be resumed if the upload fail's (default 10Mi)
+          --koofr-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+          --koofr-endpoint string                               The Koofr API endpoint to use
+          --koofr-mountid string                                Mount ID of the mount to use
+          --koofr-password string                               Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
+          --koofr-provider string                               Choose your storage provider
+          --koofr-setmtime                                      Does the backend support setting modification time (default true)
+          --koofr-user string                                   Your user name
+          --linkbox-token string                                Token from https://www.linkbox.to/admin/account
+      -l, --links                                               Translate symlinks to/from regular files with a '.rclonelink' extension
+          --local-case-insensitive                              Force the filesystem to report itself as case insensitive
+          --local-case-sensitive                                Force the filesystem to report itself as case sensitive
+          --local-encoding Encoding                             The encoding for the backend (default Slash,Dot)
+          --local-no-check-updated                              Don't check to see if the files change during upload
+          --local-no-preallocate                                Disable preallocation of disk space for transferred files
+          --local-no-set-modtime                                Disable setting modtime
+          --local-no-sparse                                     Disable sparse files for multi-thread downloads
+          --local-nounc                                         Disable UNC (long path names) conversion on Windows
+          --local-unicode-normalization                         Apply unicode NFC normalization to paths and filenames
+          --local-zero-size-links                               Assume the Stat size of links is zero (and read them instead) (deprecated)
+          --mailru-auth-url string                              Auth server URL
+          --mailru-check-hash                                   What should copy do if file checksum is mismatched or invalid (default true)
+          --mailru-client-id string                             OAuth Client Id
+          --mailru-client-secret string                         OAuth Client Secret
+          --mailru-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+          --mailru-pass string                                  Password (obscured)
+          --mailru-speedup-enable                               Skip full upload if there is another file with same data hash (default true)
+          --mailru-speedup-file-patterns string                 Comma separated list of file name patterns eligible for speedup (put by hash) (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
+          --mailru-speedup-max-disk SizeSuffix                  This option allows you to disable speedup (put by hash) for large files (default 3Gi)
+          --mailru-speedup-max-memory SizeSuffix                Files larger than the size given below will always be hashed on disk (default 32Mi)
+          --mailru-token string                                 OAuth Access Token as a JSON blob
+          --mailru-token-url string                             Token server url
+          --mailru-user string                                  User name (usually email)
+          --mega-debug                                          Output more debug from Mega
+          --mega-encoding Encoding                              The encoding for the backend (default Slash,InvalidUtf8,Dot)
+          --mega-hard-delete                                    Delete files permanently rather than putting them into the trash
+          --mega-pass string                                    Password (obscured)
+          --mega-use-https                                      Use HTTPS for transfers
+          --mega-user string                                    User name
+          --netstorage-account string                           Set the NetStorage account name
+          --netstorage-host string                              Domain+path of NetStorage host to connect to
+          --netstorage-protocol string                          Select between HTTP or HTTPS protocol (default "https")
+          --netstorage-secret string                            Set the NetStorage account secret/G2O key for authentication (obscured)
+      -x, --one-file-system                                     Don't cross filesystem boundaries (unix/macOS only)
+          --onedrive-access-scopes SpaceSepList                 Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
+          --onedrive-auth-url string                            Auth server URL
+          --onedrive-av-override                                Allows download of files the server thinks has a virus
+          --onedrive-chunk-size SizeSuffix                      Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
+          --onedrive-client-id string                           OAuth Client Id
+          --onedrive-client-secret string                       OAuth Client Secret
+          --onedrive-delta                                      If set rclone will use delta listing to implement recursive listings
+          --onedrive-drive-id string                            The ID of the drive to use
+          --onedrive-drive-type string                          The type of the drive (personal | business | documentLibrary)
+          --onedrive-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
+          --onedrive-expose-onenote-files                       Set to make OneNote files show up in directory listings
+          --onedrive-hash-type string                           Specify the hash in use for the backend (default "auto")
+          --onedrive-link-password string                       Set the password for links created by the link command
+          --onedrive-link-scope string                          Set the scope of the links created by the link command (default "anonymous")
+          --onedrive-link-type string                           Set the type of the links created by the link command (default "view")
+          --onedrive-list-chunk int                             Size of listing chunk (default 1000)
+          --onedrive-no-versions                                Remove all versions on modifying operations
+          --onedrive-region string                              Choose national cloud region for OneDrive (default "global")
+          --onedrive-root-folder-id string                      ID of the root folder
+          --onedrive-server-side-across-configs                 Deprecated: use --server-side-across-configs instead
+          --onedrive-token string                               OAuth Access Token as a JSON blob
+          --onedrive-token-url string                           Token server url
+          --oos-attempt-resume-upload                           If true attempt to resume previously started multipart upload for the object
+          --oos-chunk-size SizeSuffix                           Chunk size to use for uploading (default 5Mi)
+          --oos-compartment string                              Object storage compartment OCID
+          --oos-config-file string                              Path to OCI config file (default "~/.oci/config")
+          --oos-config-profile string                           Profile name inside the oci config file (default "Default")
+          --oos-copy-cutoff SizeSuffix                          Cutoff for switching to multipart copy (default 4.656Gi)
+          --oos-copy-timeout Duration                           Timeout for copy (default 1m0s)
+          --oos-disable-checksum                                Don't store MD5 checksum with object metadata
+          --oos-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+          --oos-endpoint string                                 Endpoint for Object storage API
+          --oos-leave-parts-on-error                            If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery
+          --oos-max-upload-parts int                            Maximum number of parts in a multipart upload (default 10000)
+          --oos-namespace string                                Object storage namespace
+          --oos-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+          --oos-provider string                                 Choose your Auth Provider (default "env_auth")
+          --oos-region string                                   Object storage Region
+          --oos-sse-customer-algorithm string                   If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm
+          --oos-sse-customer-key string                         To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+          --oos-sse-customer-key-file string                    To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+          --oos-sse-customer-key-sha256 string                  If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+          --oos-sse-kms-key-id string                           if using your own master key in vault, this header specifies the
+          --oos-storage-tier string                             The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default "Standard")
+          --oos-upload-concurrency int                          Concurrency for multipart uploads (default 10)
+          --oos-upload-cutoff SizeSuffix                        Cutoff for switching to chunked upload (default 200Mi)
+          --opendrive-chunk-size SizeSuffix                     Files will be uploaded in chunks this size (default 10Mi)
+          --opendrive-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
+          --opendrive-password string                           Password (obscured)
+          --opendrive-username string                           Username
+          --pcloud-auth-url string                              Auth server URL
+          --pcloud-client-id string                             OAuth Client Id
+          --pcloud-client-secret string                         OAuth Client Secret
+          --pcloud-encoding Encoding                            The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+          --pcloud-hostname string                              Hostname to connect to (default "api.pcloud.com")
+          --pcloud-password string                              Your pcloud password (obscured)
+          --pcloud-root-folder-id string                        Fill in for rclone to use a non root folder as its starting point (default "d0")
+          --pcloud-token string                                 OAuth Access Token as a JSON blob
+          --pcloud-token-url string                             Token server url
+          --pcloud-username string                              Your pcloud username
+          --pikpak-auth-url string                              Auth server URL
+          --pikpak-client-id string                             OAuth Client Id
+          --pikpak-client-secret string                         OAuth Client Secret
+          --pikpak-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot)
+          --pikpak-hash-memory-limit SizeSuffix                 Files bigger than this will be cached on disk to calculate hash if required (default 10Mi)
+          --pikpak-pass string                                  Pikpak password (obscured)
+          --pikpak-root-folder-id string                        ID of the root folder
+          --pikpak-token string                                 OAuth Access Token as a JSON blob
+          --pikpak-token-url string                             Token server url
+          --pikpak-trashed-only                                 Only show files that are in the trash
+          --pikpak-use-trash                                    Send files to the trash instead of deleting permanently (default true)
+          --pikpak-user string                                  Pikpak username
+          --premiumizeme-auth-url string                        Auth server URL
+          --premiumizeme-client-id string                       OAuth Client Id
+          --premiumizeme-client-secret string                   OAuth Client Secret
+          --premiumizeme-encoding Encoding                      The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+          --premiumizeme-token string                           OAuth Access Token as a JSON blob
+          --premiumizeme-token-url string                       Token server url
+          --protondrive-2fa string                              The 2FA code
+          --protondrive-app-version string                      The app version string (default "macos-drive@1.0.0-alpha.1+rclone")
+          --protondrive-enable-caching                          Caches the files and folders metadata to reduce API calls (default true)
+          --protondrive-encoding Encoding                       The encoding for the backend (default Slash,LeftSpace,RightSpace,InvalidUtf8,Dot)
+          --protondrive-mailbox-password string                 The mailbox password of your two-password proton account (obscured)
+          --protondrive-original-file-size                      Return the file size before encryption (default true)
+          --protondrive-password string                         The password of your proton account (obscured)
+          --protondrive-replace-existing-draft                  Create a new revision when filename conflict is detected
+          --protondrive-username string                         The username of your proton account
+          --putio-auth-url string                               Auth server URL
+          --putio-client-id string                              OAuth Client Id
+          --putio-client-secret string                          OAuth Client Secret
+          --putio-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+          --putio-token string                                  OAuth Access Token as a JSON blob
+          --putio-token-url string                              Token server url
+          --qingstor-access-key-id string                       QingStor Access Key ID
+          --qingstor-chunk-size SizeSuffix                      Chunk size to use for uploading (default 4Mi)
+          --qingstor-connection-retries int                     Number of connection retries (default 3)
+          --qingstor-encoding Encoding                          The encoding for the backend (default Slash,Ctl,InvalidUtf8)
+          --qingstor-endpoint string                            Enter an endpoint URL to connection QingStor API
+          --qingstor-env-auth                                   Get QingStor credentials from runtime
+          --qingstor-secret-access-key string                   QingStor Secret Access Key (password)
+          --qingstor-upload-concurrency int                     Concurrency for multipart uploads (default 1)
+          --qingstor-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
+          --qingstor-zone string                                Zone to connect to
+          --quatrix-api-key string                              API key for accessing Quatrix account
+          --quatrix-effective-upload-time string                Wanted upload time for one chunk (default "4s")
+          --quatrix-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+          --quatrix-hard-delete                                 Delete files permanently rather than putting them into the trash
+          --quatrix-host string                                 Host name of Quatrix account
+          --quatrix-maximal-summary-chunk-size SizeSuffix       The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size' (default 95.367Mi)
+          --quatrix-minimal-chunk-size SizeSuffix               The minimal size for one chunk (default 9.537Mi)
+          --s3-access-key-id string                             AWS Access Key ID
+          --s3-acl string                                       Canned ACL used when creating buckets and storing or copying objects
+          --s3-bucket-acl string                                Canned ACL used when creating buckets
+          --s3-chunk-size SizeSuffix                            Chunk size to use for uploading (default 5Mi)
+          --s3-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4.656Gi)
+          --s3-decompress                                       If set this will decompress gzip encoded objects
+          --s3-directory-markers                                Upload an empty object with a trailing slash when a new directory is created
+          --s3-disable-checksum                                 Don't store MD5 checksum with object metadata
+          --s3-disable-http2                                    Disable usage of http2 for S3 backends
+          --s3-download-url string                              Custom endpoint for downloads
+          --s3-encoding Encoding                                The encoding for the backend (default Slash,InvalidUtf8,Dot)
+          --s3-endpoint string                                  Endpoint for S3 API
+          --s3-env-auth                                         Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
+          --s3-force-path-style                                 If true use path style access if false use virtual hosted style (default true)
+          --s3-leave-parts-on-error                             If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
+          --s3-list-chunk int                                   Size of listing chunk (response list for each ListObject S3 request) (default 1000)
+          --s3-list-url-encode Tristate                         Whether to url encode listings: true/false/unset (default unset)
+          --s3-list-version int                                 Version of ListObjects to use: 1,2 or 0 for auto
+          --s3-location-constraint string                       Location constraint - must be set to match the Region
+          --s3-max-upload-parts int                             Maximum number of parts in a multipart upload (default 10000)
+          --s3-might-gzip Tristate                              Set this if the backend might gzip objects (default unset)
+          --s3-no-check-bucket                                  If set, don't attempt to check the bucket exists or create it
+          --s3-no-head                                          If set, don't HEAD uploaded objects to check integrity
+          --s3-no-head-object                                   If set, do not do HEAD before GET when getting objects
+          --s3-no-system-metadata                               Suppress setting and reading of system metadata
+          --s3-profile string                                   Profile to use in the shared credentials file
+          --s3-provider string                                  Choose your S3 provider
+          --s3-region string                                    Region to connect to
+          --s3-requester-pays                                   Enables requester pays option when interacting with S3 bucket
+          --s3-secret-access-key string                         AWS Secret Access Key (password)
+          --s3-server-side-encryption string                    The server-side encryption algorithm used when storing this object in S3
+          --s3-session-token string                             An AWS session token
+          --s3-shared-credentials-file string                   Path to the shared credentials file
+          --s3-sse-customer-algorithm string                    If using SSE-C, the server-side encryption algorithm used when storing this object in S3
+          --s3-sse-customer-key string                          To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
+          --s3-sse-customer-key-base64 string                   If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
+          --s3-sse-customer-key-md5 string                      If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
+          --s3-sse-kms-key-id string                            If using KMS ID you must provide the ARN of Key
+          --s3-storage-class string                             The storage class to use when storing new objects in S3
+          --s3-sts-endpoint string                              Endpoint for STS
+          --s3-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+          --s3-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+          --s3-use-accelerate-endpoint                          If true use the AWS S3 accelerated endpoint
+          --s3-use-accept-encoding-gzip Accept-Encoding: gzip   Whether to send Accept-Encoding: gzip header (default unset)
+          --s3-use-already-exists Tristate                      Set if rclone should report BucketAlreadyExists errors on bucket creation (default unset)
+          --s3-use-multipart-etag Tristate                      Whether to use ETag in multipart uploads for verification (default unset)
+          --s3-use-multipart-uploads Tristate                   Set if rclone should use multipart uploads (default unset)
+          --s3-use-presigned-request                            Whether to use a presigned request or PutObject for single part uploads
+          --s3-v2-auth                                          If true use v2 authentication
+          --s3-version-at Time                                  Show file versions as they were at the specified time (default off)
+          --s3-versions                                         Include old versions in directory listings
+          --seafile-2fa                                         Two-factor authentication ('true' if the account has 2FA enabled)
+          --seafile-create-library                              Should rclone create a library if it doesn't exist
+          --seafile-encoding Encoding                           The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
+          --seafile-library string                              Name of the library
+          --seafile-library-key string                          Library password (for encrypted libraries only) (obscured)
+          --seafile-pass string                                 Password (obscured)
+          --seafile-url string                                  URL of seafile host to connect to
+          --seafile-user string                                 User name (usually email address)
+          --sftp-ask-password                                   Allow asking for SFTP password when needed
+          --sftp-chunk-size SizeSuffix                          Upload and download chunk size (default 32Ki)
+          --sftp-ciphers SpaceSepList                           Space separated list of ciphers to be used for session encryption, ordered by preference
+          --sftp-concurrency int                                The maximum number of outstanding requests for one file (default 64)
+          --sftp-copy-is-hardlink                               Set to enable server side copies using hardlinks
+          --sftp-disable-concurrent-reads                       If set don't use concurrent reads
+          --sftp-disable-concurrent-writes                      If set don't use concurrent writes
+          --sftp-disable-hashcheck                              Disable the execution of SSH commands to determine if remote file hashing is available
+          --sftp-host string                                    SSH host to connect to
+          --sftp-host-key-algorithms SpaceSepList               Space separated list of host key algorithms, ordered by preference
+          --sftp-idle-timeout Duration                          Max time before closing idle connections (default 1m0s)
+          --sftp-key-exchange SpaceSepList                      Space separated list of key exchange algorithms, ordered by preference
+          --sftp-key-file string                                Path to PEM-encoded private key file
+          --sftp-key-file-pass string                           The passphrase to decrypt the PEM-encoded private key file (obscured)
+          --sftp-key-pem string                                 Raw PEM-encoded private key
+          --sftp-key-use-agent                                  When set forces the usage of the ssh-agent
+          --sftp-known-hosts-file string                        Optional path to known_hosts file
+          --sftp-macs SpaceSepList                              Space separated list of MACs (message authentication code) algorithms, ordered by preference
+          --sftp-md5sum-command string                          The command used to read md5 hashes
+          --sftp-pass string                                    SSH password, leave blank to use ssh-agent (obscured)
+          --sftp-path-override string                           Override path used by SSH shell commands
+          --sftp-port int                                       SSH port number (default 22)
+          --sftp-pubkey-file string                             Optional path to public key file
+          --sftp-server-command string                          Specifies the path or command to run a sftp server on the remote host
+          --sftp-set-env SpaceSepList                           Environment variables to pass to sftp and commands
+          --sftp-set-modtime                                    Set the modified time on the remote if set (default true)
+          --sftp-sha1sum-command string                         The command used to read sha1 hashes
+          --sftp-shell-type string                              The type of SSH shell on remote server, if any
+          --sftp-skip-links                                     Set to skip any symlinks and any other non regular files
+          --sftp-socks-proxy string                             Socks 5 proxy host
+          --sftp-ssh SpaceSepList                               Path and arguments to external ssh binary
+          --sftp-subsystem string                               Specifies the SSH2 subsystem on the remote host (default "sftp")
+          --sftp-use-fstat                                      If set use fstat instead of stat
+          --sftp-use-insecure-cipher                            Enable the use of insecure ciphers and key exchange methods
+          --sftp-user string                                    SSH username (default "$USER")
+          --sharefile-auth-url string                           Auth server URL
+          --sharefile-chunk-size SizeSuffix                     Upload chunk size (default 64Mi)
+          --sharefile-client-id string                          OAuth Client Id
+          --sharefile-client-secret string                      OAuth Client Secret
+          --sharefile-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
+          --sharefile-endpoint string                           Endpoint for API calls
+          --sharefile-root-folder-id string                     ID of the root folder
+          --sharefile-token string                              OAuth Access Token as a JSON blob
+          --sharefile-token-url string                          Token server url
+          --sharefile-upload-cutoff SizeSuffix                  Cutoff for switching to multipart upload (default 128Mi)
+          --sia-api-password string                             Sia Daemon API Password (obscured)
+          --sia-api-url string                                  Sia daemon API URL, like http://sia.daemon.host:9980 (default "http://127.0.0.1:9980")
+          --sia-encoding Encoding                               The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
+          --sia-user-agent string                               Siad User Agent (default "Sia-Agent")
+          --skip-links                                          Don't warn about skipped symlinks
+          --smb-case-insensitive                                Whether the server is configured to be case-insensitive (default true)
+          --smb-domain string                                   Domain name for NTLM authentication (default "WORKGROUP")
+          --smb-encoding Encoding                               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
+          --smb-hide-special-share                              Hide special shares (e.g. print$) which users aren't supposed to access (default true)
+          --smb-host string                                     SMB server hostname to connect to
+          --smb-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+          --smb-pass string                                     SMB password (obscured)
+          --smb-port int                                        SMB port number (default 445)
+          --smb-spn string                                      Service principal name
+          --smb-user string                                     SMB username (default "$USER")
+          --storj-access-grant string                           Access grant
+          --storj-api-key string                                API key
+          --storj-passphrase string                             Encryption passphrase
+          --storj-provider string                               Choose an authentication method (default "existing")
+          --storj-satellite-address string                      Satellite address (default "us1.storj.io")
+          --sugarsync-access-key-id string                      Sugarsync Access Key ID
+          --sugarsync-app-id string                             Sugarsync App ID
+          --sugarsync-authorization string                      Sugarsync authorization
+          --sugarsync-authorization-expiry string               Sugarsync authorization expiry
+          --sugarsync-deleted-id string                         Sugarsync deleted folder id
+          --sugarsync-encoding Encoding                         The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
+          --sugarsync-hard-delete                               Permanently delete files if true
+          --sugarsync-private-access-key string                 Sugarsync Private Access Key
+          --sugarsync-refresh-token string                      Sugarsync refresh token
+          --sugarsync-root-id string                            Sugarsync root id
+          --sugarsync-user string                               Sugarsync user
+          --swift-application-credential-id string              Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
+          --swift-application-credential-name string            Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
+          --swift-application-credential-secret string          Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
+          --swift-auth string                                   Authentication URL for server (OS_AUTH_URL)
+          --swift-auth-token string                             Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
+          --swift-auth-version int                              AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
+          --swift-chunk-size SizeSuffix                         Above this size files will be chunked into a _segments container (default 5Gi)
+          --swift-domain string                                 User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+          --swift-encoding Encoding                             The encoding for the backend (default Slash,InvalidUtf8)
+          --swift-endpoint-type string                          Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
+          --swift-env-auth                                      Get swift credentials from environment variables in standard OpenStack form
+          --swift-key string                                    API key or password (OS_PASSWORD)
+          --swift-leave-parts-on-error                          If true avoid calling abort upload on a failure
+          --swift-no-chunk                                      Don't chunk files during streaming upload
+          --swift-no-large-objects                              Disable support for static and dynamic large objects
+          --swift-region string                                 Region name - optional (OS_REGION_NAME)
+          --swift-storage-policy string                         The storage policy to use when creating a new container
+          --swift-storage-url string                            Storage URL - optional (OS_STORAGE_URL)
+          --swift-tenant string                                 Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
+          --swift-tenant-domain string                          Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
+          --swift-tenant-id string                              Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
+          --swift-user string                                   User name to log in (OS_USERNAME)
+          --swift-user-id string                                User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
+          --union-action-policy string                          Policy to choose upstream on ACTION category (default "epall")
+          --union-cache-time int                                Cache time of usage and free space (in seconds) (default 120)
+          --union-create-policy string                          Policy to choose upstream on CREATE category (default "epmfs")
+          --union-min-free-space SizeSuffix                     Minimum viable free space for lfs/eplfs policies (default 1Gi)
+          --union-search-policy string                          Policy to choose upstream on SEARCH category (default "ff")
+          --union-upstreams string                              List of space separated upstreams
+          --uptobox-access-token string                         Your access token
+          --uptobox-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
+          --uptobox-private                                     Set to make uploaded files private
+          --webdav-bearer-token string                          Bearer token instead of user/pass (e.g. a Macaroon)
+          --webdav-bearer-token-command string                  Command to run to get a bearer token
+          --webdav-encoding string                              The encoding for the backend
+          --webdav-headers CommaSepList                         Set HTTP headers for all transactions
+          --webdav-nextcloud-chunk-size SizeSuffix              Nextcloud upload chunk size (default 10Mi)
+          --webdav-pacer-min-sleep Duration                     Minimum time to sleep between API calls (default 10ms)
+          --webdav-pass string                                  Password (obscured)
+          --webdav-url string                                   URL of http host to connect to
+          --webdav-user string                                  User name
+          --webdav-vendor string                                Name of the WebDAV site/service/software you are using
+          --yandex-auth-url string                              Auth server URL
+          --yandex-client-id string                             OAuth Client Id
+          --yandex-client-secret string                         OAuth Client Secret
+          --yandex-encoding Encoding                            The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+          --yandex-hard-delete                                  Delete files permanently rather than putting them into the trash
+          --yandex-token string                                 OAuth Access Token as a JSON blob
+          --yandex-token-url string                             Token server url
+          --zoho-auth-url string                                Auth server URL
+          --zoho-client-id string                               OAuth Client Id
+          --zoho-client-secret string                           OAuth Client Secret
+          --zoho-encoding Encoding                              The encoding for the backend (default Del,Ctl,InvalidUtf8)
+          --zoho-region string                                  Zoho region to connect to
+          --zoho-token string                                   OAuth Access Token as a JSON blob
+          --zoho-token-url string                               Token server url
 
 Docker Volume Plugin
 
@@ -15626,10 +19016,16 @@ Command line syntax
                                     If exceeded, the bisync run will abort. (default: 50%)
           --force                   Bypass `--max-delete` safety check and run the sync.
                                     Consider using with `--verbose`
+          --create-empty-src-dirs   Sync creation and deletion of empty directories. 
+                                      (Not compatible with --remove-empty-dirs)
           --remove-empty-dirs       Remove empty directories at the final cleanup step.
       -1, --resync                  Performs the resync run.
                                     Warning: Path1 files may overwrite Path2 versions.
                                     Consider using `--verbose` or `--dry-run` first.
+          --ignore-listing-checksum Do not use checksums for listings 
+                                      (add --ignore-checksum to additionally skip post-copy checksum checks)
+          --resilient               Allow future runs to retry after certain less-serious errors, 
+                                      instead of requiring --resync. Use at your own risk!
           --localtime               Use local time in listings (default: UTC)
           --no-cleanup              Retain working files (useful for troubleshooting and testing).
           --workdir PATH            Use custom working directory (useful for testing).
@@ -15654,8 +19050,8 @@ with optional subdirectory paths. Cloud references are distinguished by
 having a : in the argument (see Windows support below).
 
 Path1 and Path2 are treated equally, in that neither has priority for
-file changes, and access efficiency does not change whether a remote is
-on Path1 or Path2.
+file changes (except during --resync), and access efficiency does not
+change whether a remote is on Path1 or Path2.
 
 The listings in bisync working directory (default:
 ~/.cache/rclone/bisync) are named based on the Path1 and Path2 arguments
@@ -15663,9 +19059,10 @@ so that separate syncs to individual directories within the tree may be
 set up, e.g.: path_to_local_tree..dropbox_subdir.lst.
 
 Any empty directories after the sync on both the Path1 and Path2
-filesystems are not deleted by default. If the --remove-empty-dirs flag
-is specified, then both paths will have any empty directories purged as
-the last step in the process.
+filesystems are not deleted by default, unless --create-empty-src-dirs
+is specified. If the --remove-empty-dirs flag is specified, then both
+paths will have ALL empty directories purged as the last step in the
+process.
 
 Command-line flags
 
@@ -15673,16 +19070,27 @@ Command-line flags
 
 This will effectively make both Path1 and Path2 filesystems contain a
 matching superset of all files. Path2 files that do not exist in Path1
-will be copied to Path1, and the process will then sync the Path1 tree
+will be copied to Path1, and the process will then copy the Path1 tree
 to Path2.
 
-The base directories on the both Path1 and Path2 filesystems must exist
-or bisync will fail. This is required for safety - that bisync can
-verify that both paths are valid.
+The --resync sequence is roughly equivalent to:
+
+    rclone copy Path2 Path1 --ignore-existing
+    rclone copy Path1 Path2
+
+Or, if using --create-empty-src-dirs:
+
+    rclone copy Path2 Path1 --ignore-existing
+    rclone copy Path1 Path2 --create-empty-src-dirs
+    rclone copy Path2 Path1 --create-empty-src-dirs
 
-When using --resync, a newer version of a file either on Path1 or Path2
-filesystem, will overwrite the file on the other path (only the last
-version will be kept). Carefully evaluate deltas using --dry-run.
+The base directories on both Path1 and Path2 filesystems must exist or
+bisync will fail. This is required for safety - that bisync can verify
+that both paths are valid.
+
+When using --resync, a newer version of a file on the Path2 filesystem
+will be overwritten by the Path1 filesystem version. (Note that this is
+NOT entirely symmetrical.) Carefully evaluate deltas using --dry-run.
 
 For a resync run, one of the paths may be empty (no files in the path
 tree). The resync run should result in files on both paths, else a
@@ -15699,17 +19107,31 @@ deleting everything in the other path.
 Access check files are an additional safety measure against data loss.
 bisync will ensure it can find matching RCLONE_TEST files in the same
 places in the Path1 and Path2 filesystems. RCLONE_TEST files are not
-generated automatically. For --check-accessto succeed, you must first
-either: A) Place one or more RCLONE_TEST files in the Path1 or Path2
-filesystem and then do either a run without --check-access or a --resync
-to set matching files on both filesystems, or B) Set --check-filename to
-a filename already in use in various locations throughout your sync'd
-fileset. Time stamps and file contents are not important, just the names
-and locations. If you have symbolic links in your sync tree it is
-recommended to place RCLONE_TEST files in the linked-to directory tree
-to protect against bisync assuming a bunch of deleted files if the
-linked-to tree should not be accessible. See also the --check-filename
-flag.
+generated automatically. For --check-access to succeed, you must first
+either: A) Place one or more RCLONE_TEST files in both systems, or B)
+Set --check-filename to a filename already in use in various locations
+throughout your sync'd fileset. Recommended methods for A) include: *
+rclone touch Path1/RCLONE_TEST (create a new file) *
+rclone copyto Path1/RCLONE_TEST Path2/RCLONE_TEST (copy an existing
+file) *
+rclone copy Path1/RCLONE_TEST Path2/RCLONE_TEST  --include "RCLONE_TEST"
+(copy multiple files at once, recursively) * create the files manually
+(outside of rclone) * run bisync once without --check-access to set
+matching files on both filesystems will also work, but is not preferred,
+due to potential for user error (you are temporarily disabling the
+safety feature).
+
+Note that --check-access is still enforced on --resync, so
+bisync --resync --check-access will not work as a method of initially
+setting the files (this is to ensure that bisync can't inadvertently
+circumvent its own safety switch.)
+
+Time stamps and file contents for RCLONE_TEST files are not important,
+just the names and locations. If you have symbolic links in your sync
+tree it is recommended to place RCLONE_TEST files in the linked-to
+directory tree to protect against bisync assuming a bunch of deleted
+files if the linked-to tree should not be accessible. See also the
+--check-filename flag.
 
 --check-filename
 
@@ -15730,7 +19152,7 @@ to bisync as a bunch of deleted files and a bunch of new files. This
 safety check is intended to block bisync from deleting all of the files
 on both filesystems due to a temporary network access issue, or if the
 user had inadvertently deleted the files on one side or the other. To
-force the sync either set a different delete percentage limit, e.g.
+force the sync, either set a different delete percentage limit, e.g.
 --max-delete 75 (allows up to 75% deletion), or use --force to bypass
 the check.
 
@@ -15744,19 +19166,19 @@ sub-trees from the sync. See the bisync filters section and generic
 for non-allowed files for synching with Dropbox.
 
 If you make changes to your filters file then bisync requires a run with
---resync. This is a safety feature, which avoids existing files on the
+--resync. This is a safety feature, which prevents existing files on the
 Path1 and/or Path2 side from seeming to disappear from view (since they
 are excluded in the new listings), which would fool bisync into seeing
 them as deleted (as compared to the prior run listings), and then bisync
 would proceed to delete them for real.
 
-To block this from happening bisync calculates an MD5 hash of the
+To block this from happening, bisync calculates an MD5 hash of the
 filters file and stores the hash in a .md5 file in the same place as
-your filters file. On the next runs with --filters-file set, bisync
+your filters file. On the next run with --filters-file set, bisync
 re-calculates the MD5 hash of the current filters file and compares it
-to the hash stored in .md5 file. If they don't match the run aborts with
-a critical error and thus forces you to do a --resync, likely avoiding a
-disaster.
+to the hash stored in the .md5 file. If they don't match, the run aborts
+with a critical error and thus forces you to do a --resync, likely
+avoiding a disaster.
 
 --check-sync
 
@@ -15776,6 +19198,68 @@ significantly reduce the sync run times for very large numbers of files.
 The check may be run manually with --check-sync=only. It runs only the
 integrity check and terminates without actually synching.
 
+See also: Concurrent modifications
+
+--ignore-listing-checksum
+
+By default, bisync will retrieve (or generate) checksums (for backends
+that support them) when creating the listings for both paths, and store
+the checksums in the listing files. --ignore-listing-checksum will
+disable this behavior, which may speed things up considerably,
+especially on backends (such as local) where hashes must be computed on
+the fly instead of retrieved. Please note the following:
+
+-   While checksums are (by default) generated and stored in the listing
+    files, they are NOT currently used for determining diffs (deltas).
+    It is anticipated that full checksum support will be added in a
+    future version.
+-   --ignore-listing-checksum is NOT the same as --ignore-checksum, and
+    you may wish to use one or the other, or both. In a nutshell:
+    --ignore-listing-checksum controls whether checksums are considered
+    when scanning for diffs, while --ignore-checksum controls whether
+    checksums are considered during the copy/sync operations that
+    follow, if there ARE diffs.
+-   Unless --ignore-listing-checksum is passed, bisync currently
+    computes hashes for one path even when there's no common hash with
+    the other path (for example, a crypt remote.)
+-   If both paths support checksums and have a common hash, AND
+    --ignore-listing-checksum was not specified when creating the
+    listings, --check-sync=only can be used to compare Path1 vs. Path2
+    checksums (as of the time the previous listings were created.)
+    However, --check-sync=only will NOT include checksums if the
+    previous listings were generated on a run using
+    --ignore-listing-checksum. For a more robust integrity check of the
+    current state, consider using check (or cryptcheck, if at least one
+    path is a crypt remote.)
+
+--resilient
+
+Caution: this is an experimental feature. Use at your own risk!
+
+By default, most errors or interruptions will cause bisync to abort and
+require --resync to recover. This is a safety feature, to prevent bisync
+from running again until a user checks things out. However, in some
+cases, bisync can go too far and enforce a lockout when one isn't
+actually necessary, like for certain less-serious errors that might
+resolve themselves on the next run. When --resilient is specified,
+bisync tries its best to recover and self-correct, and only requires
+--resync as a last resort when a human's involvement is absolutely
+necessary. The intended use case is for running bisync as a background
+process (such as via scheduled cron).
+
+When using --resilient mode, bisync will still report the error and
+abort, however it will not lock out future runs -- allowing the
+possibility of retrying at the next normally scheduled time, without
+requiring a --resync first. Examples of such retryable errors include
+access test failures, missing listing files, and filter change
+detections. These safety features will still prevent the current run
+from proceeding -- the difference is that if conditions have improved by
+the time of the next run, that next run will be allowed to proceed.
+Certain more serious errors will still enforce a --resync lockout, even
+in --resilient mode, to prevent data loss.
+
+Behavior of --resilient may change in a future version.
+
 Operation
 
 Runtime flow details
@@ -15836,10 +19320,17 @@ Unusual sync checks
   ----------------------------------------------------------------------------
   Type              Description           Result              Implementation
   ----------------- --------------------- ------------------- ----------------
+  Path1 new/changed File is new/changed   No change           None
+  AND Path2         on Path1 AND                              
+  new/changed AND   new/changed on Path2                      
+  Path1 == Path2    AND Path1 version is                      
+                    currently identical                       
+                    to Path2                                  
+
   Path1 new AND     File is new on Path1  Files renamed to    rclone copy
-  Path2 new         AND new on Path2      _Path1 and _Path2   _Path2 file to
-                                                              Path1,
-                                                              rclone copy
+  Path2 new         AND new on Path2 (and _Path1 and _Path2   _Path2 file to
+                    Path1 version is NOT                      Path1,
+                    identical to Path2)                       rclone copy
                                                               _Path1 file to
                                                               Path2
 
@@ -15847,8 +19338,9 @@ Unusual sync checks
   Path1 changed     Path2 AND also        _Path1 and _Path2   _Path2 file to
                     changed                                   Path1,
                     (newer/older/size) on                     rclone copy
-                    Path1                                     _Path1 file to
-                                                              Path2
+                    Path1 (and Path1                          _Path1 file to
+                    version is NOT                            Path2
+                    identical to Path2)                       
 
   Path2 newer AND   File is newer on      Path2 version       rclone copy
   Path1 deleted     Path2 AND also        survives            Path2 to Path1
@@ -15865,9 +19357,20 @@ Unusual sync checks
                     Path2                                     
   ----------------------------------------------------------------------------
 
+As of rclone v1.64, bisync is now better at detecting false positive
+sync conflicts, which would previously have resulted in unnecessary
+renames and duplicates. Now, when bisync comes to a file that it wants
+to rename (because it is new/changed on both sides), it first checks
+whether the Path1 and Path2 versions are currently identical (using the
+same underlying function as check.) If bisync concludes that the files
+are identical, it will skip them and move on. Otherwise, it will create
+renamed ..Path1 and ..Path2 duplicates, as before. This behavior also
+improves the experience of renaming directories, as a --resync is no
+longer required, so long as the same change has been made on both sides.
+
 All files changed check
 
-if all prior existing files on either of the filesystems have changed
+If all prior existing files on either of the filesystems have changed
 (e.g. timestamps have changed due to changing the system's timezone)
 then bisync will abort without making any changes. Any new files are not
 considered for this check. You could use --force to force the sync
@@ -15876,7 +19379,7 @@ considered for this check. You could use --force to force the sync
 the situation carefully and perhaps use --dry-run before you commit to
 the changes.
 
-Modification time
+Modification times
 
 Bisync relies on file timestamps to identify changed files and will
 refuse to operate if backend lacks the modification time support.
@@ -15904,7 +19407,7 @@ It is recommended to use --resync --dry-run --verbose initially and
 carefully review what changes will be made before running the --resync
 without --dry-run.
 
-Most of these events come up due to a error status from an internal
+Most of these events come up due to an error status from an internal
 call. On such a critical error the {...}.path1.lst and {...}.path2.lst
 listing files are renamed to extension .lst-err, which blocks any future
 bisync runs (since the normal .lst files are not found). Bisync keeps
@@ -15914,6 +19417,8 @@ at ${HOME}/.cache/rclone/bisync/ on Linux.
 Some errors are considered temporary and re-running the bisync is not
 blocked. The critical return blocks further bisync runs.
 
+See also: --resilient
+
 Lock file
 
 When bisync is running, a lock file is created in the bisync working
@@ -15948,10 +19453,9 @@ It has not been fully tested with other services yet. If it works, or
 sorta works, please let us know and we'll update the list. Run the test
 suite to check for proper operation as described below.
 
-First release of rclone bisync requires that underlying backend
-supported the modification time feature and will refuse to run
-otherwise. This limitation will be lifted in a future rclone bisync
-release.
+First release of rclone bisync requires that underlying backend supports
+the modification time feature and will refuse to run otherwise. This
+limitation will be lifted in a future rclone bisync release.
 
 Concurrent modifications
 
@@ -15963,36 +19467,104 @@ be solved in a future release, there is no workaround at the moment.
 
 Files that change during a bisync run may result in data loss. This has
 been seen in a highly dynamic environment, where the filesystem is
-getting hammered by running processes during the sync. The solution is
-to sync at quiet times or filter out unnecessary directories and files.
+getting hammered by running processes during the sync. The currently
+recommended solution is to sync at quiet times or filter out unnecessary
+directories and files.
 
-Empty directories
+As an alternative approach, consider using --check-sync=false (and
+possibly --resilient) to make bisync more forgiving of filesystems that
+change during the sync. Be advised that this may cause bisync to miss
+events that occur during a bisync run, so it is a good idea to
+supplement this with a periodic independent integrity check, and
+corrective sync if diffs are found. For example, a possible sequence
+could look like this:
+
+1.  Normally scheduled bisync run:
+
+    rclone bisync Path1 Path2 -MPc --check-access --max-delete 10 --filters-file /path/to/filters.txt -v --check-sync=false --no-cleanup --ignore-listing-checksum --disable ListR --checkers=16 --drive-pacer-min-sleep=10ms --create-empty-src-dirs --resilient
+
+2.  Periodic independent integrity check (perhaps scheduled nightly or
+    weekly):
+
+    rclone check -MvPc Path1 Path2 --filter-from /path/to/filters.txt
+
+3.  If diffs are found, you have some choices to correct them. If one
+    side is more up-to-date and you want to make the other side match
+    it, you could run:
+
+    rclone sync Path1 Path2 --filter-from /path/to/filters.txt --create-empty-src-dirs -MPc -v  
+
+(or switch Path1 and Path2 to make Path2 the source-of-truth)
 
-New empty directories on one path are not propagated to the other side.
-This is because bisync (and rclone) natively works on files not
-directories. The following sequence is a workaround but will not
-propagate the delete of an empty directory to the other side:
+Or, if neither side is totally up-to-date, you could run a --resync to
+bring them back into agreement (but remember that this could cause
+deleted files to re-appear.)
 
-    rclone bisync PATH1 PATH2
-    rclone copy PATH1 PATH2 --filter "+ */" --filter "- **" --create-empty-src-dirs
-    rclone copy PATH2 PATH2 --filter "+ */" --filter "- **" --create-empty-src-dirs
+*Note also that rclone check does not currently include empty
+directories, so if you want to know if any empty directories are out of
+sync, consider alternatively running the above rclone sync command with
+--dry-run added.
+
+Empty directories
+
+By default, new/deleted empty directories on one path are not propagated
+to the other side. This is because bisync (and rclone) natively works on
+files, not directories. However, this can be changed with the
+--create-empty-src-dirs flag, which works in much the same way as in
+sync and copy. When used, empty directories created or deleted on one
+side will also be created or deleted on the other side. The following
+should be noted: * --create-empty-src-dirs is not compatible with
+--remove-empty-dirs. Use only one or the other (or neither). * It is not
+recommended to switch back and forth between --create-empty-src-dirs and
+the default (no --create-empty-src-dirs) without running --resync. This
+is because it may appear as though all directories (not just the empty
+ones) were created/deleted, when actually you've just toggled between
+making them visible/invisible to bisync. It looks scarier than it is,
+but it's still probably best to stick to one or the other, and use
+--resync when you need to switch.
 
 Renamed directories
 
-Renaming a folder on the Path1 side results is deleting all files on the
+Renaming a folder on the Path1 side results in deleting all files on the
 Path2 side and then copying all files again from Path1 to Path2. Bisync
 sees this as all files in the old directory name as deleted and all
-files in the new directory name as new. Similarly, renaming a directory
-on both sides to the same name will result in creating ..path1 and
-..path2 files on both sides. Currently the most effective and efficient
-method of renaming a directory is to rename it on both sides, then do a
---resync.
+files in the new directory name as new. Currently, the most effective
+and efficient method of renaming a directory is to rename it to the same
+name on both sides. (As of rclone v1.64, a --resync is no longer
+required after doing so, as bisync will automatically detect that Path1
+and Path2 are in agreement.)
+
+--fast-list used by default
+
+Unlike most other rclone commands, bisync uses --fast-list by default,
+for backends that support it. In many cases this is desirable, however,
+there are some scenarios in which bisync could be faster without
+--fast-list, and there is also a known issue concerning Google Drive
+users with many empty directories. For now, the recommended way to avoid
+using --fast-list is to add --disable ListR to all bisync commands. The
+default behavior may change in a future version.
+
+Overridden Configs
+
+When rclone detects an overridden config, it adds a suffix like {ABCDE}
+on the fly to the internal name of the remote. Bisync follows suit by
+including this suffix in its listing filenames. However, this suffix
+does not necessarily persist from run to run, especially if different
+flags are provided. So if next time the suffix assigned is {FGHIJ},
+bisync will get confused, because it's looking for a listing file with
+{FGHIJ}, when the file it wants has {ABCDE}. As a result, it throws
+Bisync critical error: cannot find prior Path1 or Path2 listings, likely due to critical error on prior run
+and refuses to run again until the user runs a --resync (unless using
+--resilient). The best workaround at the moment is to set any
+backend-specific flags in the config file instead of specifying them
+with command flags. (You can still override them as needed for other
+rclone commands.)
 
 Case sensitivity
 
 Synching with case-insensitive filesystems, such as Windows or Box, can
 result in file name conflicts. This will be fixed in a future release.
-The near term workaround is to make sure that files on both sides don't
+The near-term workaround is to make sure that files on both sides don't
 have spelling case differences (Smile.jpg vs. smile.jpg).
 
 Windows support
@@ -16057,7 +19629,7 @@ Filters file writing guidelines
         faster.
     -   Specific files may also be excluded, as with the Dropbox
         exclusions example below.
-2.  Decide if its easier (or cleaner) to:
+2.  Decide if it's easier (or cleaner) to:
     -   Include select directories and therefore exclude everything else
         -- or --
     -   Exclude select directories and therefore include everything else
@@ -16078,7 +19650,7 @@ Filters file writing guidelines
         -/Desktop/tempfiles/, or `- /testdir/.    Again, a**` on the end
         is not necessary.
     -   Do not add a `- **` in the file. Without this line, everything
-        will be included that has not be explicitly excluded.
+        will be included that has not been explicitly excluded.
     -   Disregard step 3.
 
 A few rules for the syntax of a filter file expanding on filtering
@@ -16163,7 +19735,7 @@ Example filters file for Dropbox
     # NOTICE: If you make changes to this file you MUST do a --resync run.
     #         Run with --dry-run to see what changes will be made.
 
-    # Dropbox wont sync some files so filter them away here.
+    # Dropbox won't sync some files so filter them away here.
     # See https://help.dropbox.com/installs-integrations/sync-uploads/files-not-syncing
     - .dropbox.attr
     - ~*.tmp
@@ -16220,7 +19792,7 @@ The --dry-run messages may indicate that it would try to delete some
 files. For example, if a file is new on Path2 and does not exist on
 Path1 then it would normally be copied to Path1, but with --dry-run
 enabled those copies don't happen, which leads to the attempted delete
-on the Path2, blocked again by --dry-run: ... Not deleting as --dry-run.
+on Path2, blocked again by --dry-run: ... Not deleting as --dry-run.
 
 This whole confusing situation is an artifact of the --dry-run flag.
 Scrutinize the proposed deletes carefully, and if the files would have
@@ -16229,15 +19801,15 @@ disregarded.
 
 Retries
 
-Rclone has built in retries. If you run with --verbose you'll see error
+Rclone has built-in retries. If you run with --verbose you'll see error
 and retry messages such as shown below. This is usually not a bug. If at
-the end of the run you see Bisync successful and not
+the end of the run, you see Bisync successful and not
 Bisync critical error or Bisync aborted then the run was successful, and
 you can ignore the error messages.
 
-The following run shows an intermittent fail. Lines 5 and _6- are low
-level messages. Line 6 is a bubbled-up warning message, conveying the
-error. Rclone normally retries failing commands, so there may be
+The following run shows an intermittent fail. Lines 5 and _6- are
+low-level messages. Line 6 is a bubbled-up warning message, conveying
+the error. Rclone normally retries failing commands, so there may be
 numerous such messages in the log.
 
 Since there are no final error/warning messages on line 7, rclone has
@@ -16309,8 +19881,7 @@ and an OwnCloud server, with output logged to a runlog file:
     #                         Command
       */5  *    *    *    *   /path/to/rclone bisync /local/files MyCloud: --check-access --filters-file /path/to/bysync-filters.txt --log-file /path/to//bisync.log
 
-See crontab syntax). for the details of crontab time interval
-expressions.
+See crontab syntax for the details of crontab time interval expressions.
 
 If you run rclone bisync as a cron job, redirect stdout/stderr to a
 file. The 2nd example runs a sync to Dropbox every hour and logs all
@@ -16495,9 +20066,9 @@ Notes about testing
     check file mismatches in the test tree.
 -   Some Dropbox tests can fail, notably printing the following message:
     src and dst identical but can't set mod time without deleting and re-uploading
-    This is expected and happens due a way Dropbox handles modification
-    times. You should use the -refresh-times test flag to make up for
-    this.
+    This is expected and happens due to the way Dropbox handles
+    modification times. You should use the -refresh-times test flag to
+    make up for this.
 -   If Dropbox tests hit request limit for you and print error message
     too_many_requests/...: Too many requests or write operations. then
     follow the Dropbox App ID instructions.
@@ -16555,7 +20126,7 @@ Supported test commands
     and re-creating the parent would change its ID.
 -   delete-file <file> Delete a single file.
 -   delete-glob <dir> <pattern> Delete a group of files located one
-    level deep in the given directory with names maching a given glob
+    level deep in the given directory with names matching a given glob
     pattern.
 -   touch-glob YYYY-MM-DD <dir> <pattern> Change modification time on a
     group of files.
@@ -16653,11 +20224,173 @@ rclone bisync is similar in nature to a range of other projects:
 
 Bisync adopts the differential synchronization technique, which is based
 on keeping history of changes performed by both synchronizing sides. See
-the Dual Shadow Method section in the Neil Fraser's article.
+the Dual Shadow Method section in Neil Fraser's article.
 
 Also note a number of academic publications by Benjamin Pierce about
 Unison and synchronization in general.
 
+Changelog
+
+v1.64
+
+-   Fixed an issue causing dry runs to inadvertently commit filter
+    changes
+-   Fixed an issue causing --resync to erroneously delete empty folders
+    and duplicate files unique to Path2
+-   --check-access is now enforced during --resync, preventing data loss
+    in certain user error scenarios
+-   Fixed an issue causing bisync to consider more files than necessary
+    due to overbroad filters during delete operations
+-   Improved detection of false positive change conflicts (identical
+    files are now left alone instead of renamed)
+-   Added support for --create-empty-src-dirs
+-   Added experimental --resilient mode to allow recovery from
+    self-correctable errors
+-   Added new --ignore-listing-checksum flag to distinguish from
+    --ignore-checksum
+-   Performance improvements for large remotes
+-   Documentation and testing improvements
+
+Release signing
+
+The hashes of the binary artefacts of the rclone release are signed with
+a public PGP/GPG key. This can be verified manually as described below.
+
+The same mechanism is also used by rclone selfupdate to verify that the
+release has not been tampered with before the new update is installed.
+This checks the SHA256 hash and the signature with a public key compiled
+into the rclone binary.
+
+Release signing key
+
+You may obtain the release signing key from:
+
+-   From KEYS on this website - this file contains all past signing keys
+    also.
+-   The git repository hosted on GitHub -
+    https://github.com/rclone/rclone/blob/master/docs/content/KEYS
+-   gpg --keyserver hkps://keys.openpgp.org --search nick@craig-wood.com
+-   gpg --keyserver hkps://keyserver.ubuntu.com --search nick@craig-wood.com
+-   https://www.craig-wood.com/nick/pub/pgp-key.txt
+
+After importing the key, verify that the fingerprint of one of the keys
+matches: FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA as this key is used
+for signing.
+
+We recommend that you cross-check the fingerprint shown above through
+the domains listed below. By cross-checking the integrity of the
+fingerprint across multiple domains you can be confident that you
+obtained the correct key.
+
+-   The source for this page on GitHub.
+-   Through DNS dig key.rclone.org txt
+
+If you find anything that doesn't not match, please contact the
+developers at once.
+
+How to verify the release
+
+In the release directory you will see the release files and some files
+called MD5SUMS, SHA1SUMS and SHA256SUMS.
+
+    $ rclone lsf --http-url https://downloads.rclone.org/v1.63.1 :http:
+    MD5SUMS
+    SHA1SUMS
+    SHA256SUMS
+    rclone-v1.63.1-freebsd-386.zip
+    rclone-v1.63.1-freebsd-amd64.zip
+    ...
+    rclone-v1.63.1-windows-arm64.zip
+    rclone-v1.63.1.tar.gz
+    version.txt
+
+The MD5SUMS, SHA1SUMS and SHA256SUMS contain hashes of the binary files
+in the release directory along with a signature.
+
+For example:
+
+    $ rclone cat --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS
+    -----BEGIN PGP SIGNED MESSAGE-----
+    Hash: SHA1
+
+    f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113  rclone-v1.63.1-freebsd-386.zip
+    7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e  rclone-v1.63.1-freebsd-amd64.zip
+    ...
+    66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73  rclone-v1.63.1-windows-amd64.zip
+    bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0  rclone-v1.63.1-windows-arm64.zip
+    -----BEGIN PGP SIGNATURE-----
+
+    iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZLVKJQAKCRCTk14C/ztU
+    +pZuAJ0XJ+QWLP/3jCtkmgcgc4KAwd/rrwCcCRZQ7E+oye1FPY46HOVzCFU3L7g=
+    =8qrL
+    -----END PGP SIGNATURE-----
+
+Download the files
+
+The first step is to download the binary and SUMs file and verify that
+the SUMs you have downloaded match. Here we download
+rclone-v1.63.1-windows-amd64.zip - choose the binary (or binaries)
+appropriate to your architecture. We've also chosen the SHA256SUMS as
+these are the most secure. You could verify the other types of hash also
+for extra security. rclone selfupdate verifies just the SHA256SUMS.
+
+    $ mkdir /tmp/check
+    $ cd /tmp/check
+    $ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS .
+    $ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:rclone-v1.63.1-windows-amd64.zip .
+
+Verify the signatures
+
+First verify the signatures on the SHA256 file.
+
+Import the key. See above for ways to verify this key is correct.
+
+    $ gpg --keyserver keyserver.ubuntu.com --receive-keys FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+    gpg: key 93935E02FF3B54FA: public key "Nick Craig-Wood <nick@craig-wood.com>" imported
+    gpg: Total number processed: 1
+    gpg:               imported: 1
+
+Then check the signature:
+
+    $ gpg --verify SHA256SUMS 
+    gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+    gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+    gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
+
+Verify the signature was good and is using the fingerprint shown above.
+
+Repeat for MD5SUMS and SHA1SUMS if desired.
+
+Verify the hashes
+
+Now that we know the signatures on the hashes are OK we can verify the
+binaries match the hashes, completing the verification.
+
+    $ sha256sum -c SHA256SUMS 2>&1 | grep OK
+    rclone-v1.63.1-windows-amd64.zip: OK
+
+Or do the check with rclone
+
+    $ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip 
+    2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 0
+    2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 1
+    2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 49
+    2023/09/11 10:53:58 NOTICE: SHA256SUMS: 4 warning(s) suppressed...
+    = rclone-v1.63.1-windows-amd64.zip
+    2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 0 differences found
+    2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 1 matching files
+
+Verify signatures and hashes together
+
+You can verify the signatures and hashes in one command line like this:
+
+    $ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
+    gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+    gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+    gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
+    gpg:                 aka "Nick Craig-Wood <nick@memset.com>" [unknown]
+    rclone-v1.63.1-windows-amd64.zip: OK
+
 1Fichier
 
 This is a backend for the 1fichier cloud storage service. Note that a
@@ -16727,7 +20460,7 @@ To copy a local directory to a 1Fichier directory called backup
 
     rclone copy /home/source remote:backup
 
-Modified time and hashes
+Modification times and hashes
 
 1Fichier does not support modification times. It supports the Whirlpool
 hash algorithm.
@@ -16824,6 +20557,17 @@ Properties:
 -   Type: string
 -   Required: false
 
+--fichier-cdn
+
+Set if you wish to use CDN download links.
+
+Properties:
+
+-   Config: cdn
+-   Env Var: RCLONE_FICHIER_CDN
+-   Type: bool
+-   Default: false
+
 --fichier-encoding
 
 The encoding for the backend.
@@ -16834,7 +20578,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_FICHIER_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default:
     Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot
 
@@ -17070,13 +20814,13 @@ To copy a local directory to an Amazon Drive directory called backup
 
     rclone copy /home/source remote:backup
 
-Modified time and MD5SUMs
+Modification times and hashes
 
 Amazon Drive doesn't allow modification times to be changed via the API
 so these won't be accurate or used for syncing.
 
-It does store MD5SUMs so for a more accurate sync, you can use the
---checksum flag.
+It does support the MD5 hash algorithm, so for a more accurate sync, you
+can use the --checksum flag.
 
 Restricted filename characters
 
@@ -17248,7 +20992,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_ACD_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default: Slash,InvalidUtf8,Dot
 
 Limitations
@@ -17293,19 +21037,25 @@ The S3 backend can be used with a number of different providers:
 -   Arvan Cloud Object Storage (AOS)
 -   DigitalOcean Spaces
 -   Dreamhost
+-   GCS
 -   Huawei OBS
 -   IBM COS S3
 -   IDrive e2
 -   IONOS Cloud
+-   Leviia Object Storage
 -   Liara Object Storage
+-   Linode Object Storage
 -   Minio
+-   Petabox
 -   Qiniu Cloud Object Storage (Kodo)
 -   RackCorp Object Storage
+-   Rclone Serve S3
 -   Scaleway
 -   Seagate Lyve Cloud
 -   SeaweedFS
 -   StackPath
 -   Storj
+-   Synology C2 Object Storage
 -   Tencent Cloud Object Storage (COS)
 -   Wasabi
 
@@ -17539,7 +21289,9 @@ This will guide you through an interactive setup process.
     d) Delete this remote
     y/e/d>
 
-Modified time
+Modification times and hashes
+
+Modification times
 
 The modified time is stored as metadata on the object as
 X-Amz-Meta-Mtime as floating point since the epoch, accurate to 1 ns.
@@ -17553,6 +21305,30 @@ uploaded rather than copied.
 Note that reading this from the object takes an additional HEAD request
 as the metadata isn't returned in object listings.
 
+Hashes
+
+For small objects which weren't uploaded as multipart uploads (objects
+sized below --s3-upload-cutoff if uploaded with rclone) rclone uses the
+ETag: header as an MD5 checksum.
+
+However for objects which were uploaded as multipart uploads or with
+server side encryption (SSE-AWS or SSE-C) the ETag header is no longer
+the MD5 sum of the data, so rclone adds an additional piece of metadata
+X-Amz-Meta-Md5chksum which is a base64 encoded MD5 hash (in the same
+format as is required for Content-MD5). You can use base64 -d and
+hexdump to check this value manually:
+
+    echo 'VWTGdNx3LyXQDfA0e2Edxw==' | base64 -d | hexdump
+
+or you can use rclone check to verify the hashes are OK.
+
+For large objects, calculating this hash can take some time so the
+addition of this hash can be disabled with --s3-disable-checksum. This
+will mean that these objects do not have an MD5 checksum.
+
+Note that reading this from the object takes an additional HEAD request
+as the metadata isn't returned in object listings.
+
 Reducing costs
 
 Avoiding HEAD requests to read the modification time
@@ -17642,25 +21418,6 @@ details.
 
 Setting this flag increases the chance for undetected upload failures.
 
-Hashes
-
-For small objects which weren't uploaded as multipart uploads (objects
-sized below --s3-upload-cutoff if uploaded with rclone) rclone uses the
-ETag: header as an MD5 checksum.
-
-However for objects which were uploaded as multipart uploads or with
-server side encryption (SSE-AWS or SSE-C) the ETag header is no longer
-the MD5 sum of the data, so rclone adds an additional piece of metadata
-X-Amz-Meta-Md5chksum which is a base64 encoded MD5 hash (in the same
-format as is required for Content-MD5).
-
-For large objects, calculating this hash can take some time so the
-addition of this hash can be disabled with --s3-disable-checksum. This
-will mean that these objects do not have an MD5 checksum.
-
-Note that reading this from the object takes an additional HEAD request
-as the metadata isn't returned in object listings.
-
 Versions
 
 When bucket versioning is enabled (this can be done with rclone with the
@@ -17719,6 +21476,19 @@ Clean up all the old versions and show that they've gone.
     $ rclone -q --s3-versions ls s3:cleanup-test
             9 one.txt
 
+Versions naming caveat
+
+When using --s3-versions flag rclone is relying on the file name to work
+out whether the objects are versions or not. Versions' names are created
+by inserting timestamp between file name and its extension.
+
+            9 file.txt
+            8 file-v2023-07-17-161032-000.txt
+           16 file-v2023-06-15-141003-000.txt
+
+If there are real files present with the same names as versions, then
+behaviour of --s3-versions can be unpredictable.
+
 Cleanup
 
 If you run rclone cleanup s3:bucket then it will remove all pending
@@ -17905,18 +21675,19 @@ According to AWS's documentation on S3 Object Lock:
   If you configure a default retention period on a bucket, requests to
   upload objects in such a bucket must include the Content-MD5 header.
 
-As mentioned in the Hashes section, small files that are not uploaded as
-multipart, use a different tag, causing the upload to fail. A simple
-solution is to set the --s3-upload-cutoff 0 and force all the files to
-be uploaded as multipart.
+As mentioned in the Modification times and hashes section, small files
+that are not uploaded as multipart, use a different tag, causing the
+upload to fail. A simple solution is to set the --s3-upload-cutoff 0 and
+force all the files to be uploaded as multipart.
 
 Standard options
 
 Here are the Standard options specific to s3 (Amazon S3 Compliant
-Storage Providers including AWS, Alibaba, Ceph, China Mobile,
-Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS,
-IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp,
-Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
+Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile,
+Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive,
+IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox,
+RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology,
+TencentCOS, Wasabi, Qiniu and others).
 
 --s3-provider
 
@@ -17933,18 +21704,20 @@ Properties:
         -   Amazon Web Services (AWS) S3
     -   "Alibaba"
         -   Alibaba Cloud Object Storage System (OSS) formerly Aliyun
+    -   "ArvanCloud"
+        -   Arvan Cloud Object Storage (AOS)
     -   "Ceph"
         -   Ceph Object Storage
     -   "ChinaMobile"
         -   China Mobile Ecloud Elastic Object Storage (EOS)
     -   "Cloudflare"
         -   Cloudflare R2 Storage
-    -   "ArvanCloud"
-        -   Arvan Cloud Object Storage (AOS)
     -   "DigitalOcean"
         -   DigitalOcean Spaces
     -   "Dreamhost"
         -   Dreamhost DreamObjects
+    -   "GCS"
+        -   Google Cloud Storage
     -   "HuaweiOBS"
         -   Huawei Object Storage Service
     -   "IBMCOS"
@@ -17955,14 +21728,22 @@ Properties:
         -   IONOS Cloud
     -   "LyveCloud"
         -   Seagate Lyve Cloud
+    -   "Leviia"
+        -   Leviia Object Storage
     -   "Liara"
         -   Liara Object Storage
+    -   "Linode"
+        -   Linode Object Storage
     -   "Minio"
         -   Minio Object Storage
     -   "Netease"
         -   Netease Object Storage (NOS)
+    -   "Petabox"
+        -   Petabox Object Storage
     -   "RackCorp"
         -   RackCorp Object Storage
+    -   "Rclone"
+        -   Rclone S3 Server
     -   "Scaleway"
         -   Scaleway Object Storage
     -   "SeaweedFS"
@@ -17971,6 +21752,8 @@ Properties:
         -   StackPath Object Storage
     -   "Storj"
         -   Storj (S3 Compatible Gateway)
+    -   "Synology"
+        -   Synology C2 Object Storage
     -   "TencentCOS"
         -   Tencent Cloud Object Storage (COS)
     -   "Wasabi"
@@ -18114,213 +21897,6 @@ Properties:
         -   AWS GovCloud (US) Region.
         -   Needs location constraint us-gov-west-1.
 
---s3-region
-
-region - the location where your bucket will be created and your data
-stored.
-
-Properties:
-
--   Config: region
--   Env Var: RCLONE_S3_REGION
--   Provider: RackCorp
--   Type: string
--   Required: false
--   Examples:
-    -   "global"
-        -   Global CDN (All locations) Region
-    -   "au"
-        -   Australia (All states)
-    -   "au-nsw"
-        -   NSW (Australia) Region
-    -   "au-qld"
-        -   QLD (Australia) Region
-    -   "au-vic"
-        -   VIC (Australia) Region
-    -   "au-wa"
-        -   Perth (Australia) Region
-    -   "ph"
-        -   Manila (Philippines) Region
-    -   "th"
-        -   Bangkok (Thailand) Region
-    -   "hk"
-        -   HK (Hong Kong) Region
-    -   "mn"
-        -   Ulaanbaatar (Mongolia) Region
-    -   "kg"
-        -   Bishkek (Kyrgyzstan) Region
-    -   "id"
-        -   Jakarta (Indonesia) Region
-    -   "jp"
-        -   Tokyo (Japan) Region
-    -   "sg"
-        -   SG (Singapore) Region
-    -   "de"
-        -   Frankfurt (Germany) Region
-    -   "us"
-        -   USA (AnyCast) Region
-    -   "us-east-1"
-        -   New York (USA) Region
-    -   "us-west-1"
-        -   Freemont (USA) Region
-    -   "nz"
-        -   Auckland (New Zealand) Region
-
---s3-region
-
-Region to connect to.
-
-Properties:
-
--   Config: region
--   Env Var: RCLONE_S3_REGION
--   Provider: Scaleway
--   Type: string
--   Required: false
--   Examples:
-    -   "nl-ams"
-        -   Amsterdam, The Netherlands
-    -   "fr-par"
-        -   Paris, France
-    -   "pl-waw"
-        -   Warsaw, Poland
-
---s3-region
-
-Region to connect to. - the location where your bucket will be created
-and your data stored. Need bo be same with your endpoint.
-
-Properties:
-
--   Config: region
--   Env Var: RCLONE_S3_REGION
--   Provider: HuaweiOBS
--   Type: string
--   Required: false
--   Examples:
-    -   "af-south-1"
-        -   AF-Johannesburg
-    -   "ap-southeast-2"
-        -   AP-Bangkok
-    -   "ap-southeast-3"
-        -   AP-Singapore
-    -   "cn-east-3"
-        -   CN East-Shanghai1
-    -   "cn-east-2"
-        -   CN East-Shanghai2
-    -   "cn-north-1"
-        -   CN North-Beijing1
-    -   "cn-north-4"
-        -   CN North-Beijing4
-    -   "cn-south-1"
-        -   CN South-Guangzhou
-    -   "ap-southeast-1"
-        -   CN-Hong Kong
-    -   "sa-argentina-1"
-        -   LA-Buenos Aires1
-    -   "sa-peru-1"
-        -   LA-Lima1
-    -   "na-mexico-1"
-        -   LA-Mexico City1
-    -   "sa-chile-1"
-        -   LA-Santiago2
-    -   "sa-brazil-1"
-        -   LA-Sao Paulo1
-    -   "ru-northwest-2"
-        -   RU-Moscow2
-
---s3-region
-
-Region to connect to.
-
-Properties:
-
--   Config: region
--   Env Var: RCLONE_S3_REGION
--   Provider: Cloudflare
--   Type: string
--   Required: false
--   Examples:
-    -   "auto"
-        -   R2 buckets are automatically distributed across Cloudflare's
-            data centers for low latency.
-
---s3-region
-
-Region to connect to.
-
-Properties:
-
--   Config: region
--   Env Var: RCLONE_S3_REGION
--   Provider: Qiniu
--   Type: string
--   Required: false
--   Examples:
-    -   "cn-east-1"
-        -   The default endpoint - a good choice if you are unsure.
-        -   East China Region 1.
-        -   Needs location constraint cn-east-1.
-    -   "cn-east-2"
-        -   East China Region 2.
-        -   Needs location constraint cn-east-2.
-    -   "cn-north-1"
-        -   North China Region 1.
-        -   Needs location constraint cn-north-1.
-    -   "cn-south-1"
-        -   South China Region 1.
-        -   Needs location constraint cn-south-1.
-    -   "us-north-1"
-        -   North America Region.
-        -   Needs location constraint us-north-1.
-    -   "ap-southeast-1"
-        -   Southeast Asia Region 1.
-        -   Needs location constraint ap-southeast-1.
-    -   "ap-northeast-1"
-        -   Northeast Asia Region 1.
-        -   Needs location constraint ap-northeast-1.
-
---s3-region
-
-Region where your bucket will be created and your data stored.
-
-Properties:
-
--   Config: region
--   Env Var: RCLONE_S3_REGION
--   Provider: IONOS
--   Type: string
--   Required: false
--   Examples:
-    -   "de"
-        -   Frankfurt, Germany
-    -   "eu-central-2"
-        -   Berlin, Germany
-    -   "eu-south-2"
-        -   Logrono, Spain
-
---s3-region
-
-Region to connect to.
-
-Leave blank if you are using an S3 clone and you don't have a region.
-
-Properties:
-
--   Config: region
--   Env Var: RCLONE_S3_REGION
--   Provider:
-    !AWS,Alibaba,ChinaMobile,Cloudflare,IONOS,ArvanCloud,Liara,Qiniu,RackCorp,Scaleway,Storj,TencentCOS,HuaweiOBS,IDrive
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Use this if unsure.
-        -   Will use v4 signatures and an empty region.
-    -   "other-v2-signature"
-        -   Use this only if v4 signatures don't work.
-        -   E.g. pre Jewel/v10 CEPH.
-
 --s3-endpoint
 
 Endpoint for S3 API.
@@ -18335,630 +21911,6 @@ Properties:
 -   Type: string
 -   Required: false
 
---s3-endpoint
-
-Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: ChinaMobile
--   Type: string
--   Required: false
--   Examples:
-    -   "eos-wuxi-1.cmecloud.cn"
-        -   The default endpoint - a good choice if you are unsure.
-        -   East China (Suzhou)
-    -   "eos-jinan-1.cmecloud.cn"
-        -   East China (Jinan)
-    -   "eos-ningbo-1.cmecloud.cn"
-        -   East China (Hangzhou)
-    -   "eos-shanghai-1.cmecloud.cn"
-        -   East China (Shanghai-1)
-    -   "eos-zhengzhou-1.cmecloud.cn"
-        -   Central China (Zhengzhou)
-    -   "eos-hunan-1.cmecloud.cn"
-        -   Central China (Changsha-1)
-    -   "eos-zhuzhou-1.cmecloud.cn"
-        -   Central China (Changsha-2)
-    -   "eos-guangzhou-1.cmecloud.cn"
-        -   South China (Guangzhou-2)
-    -   "eos-dongguan-1.cmecloud.cn"
-        -   South China (Guangzhou-3)
-    -   "eos-beijing-1.cmecloud.cn"
-        -   North China (Beijing-1)
-    -   "eos-beijing-2.cmecloud.cn"
-        -   North China (Beijing-2)
-    -   "eos-beijing-4.cmecloud.cn"
-        -   North China (Beijing-3)
-    -   "eos-huhehaote-1.cmecloud.cn"
-        -   North China (Huhehaote)
-    -   "eos-chengdu-1.cmecloud.cn"
-        -   Southwest China (Chengdu)
-    -   "eos-chongqing-1.cmecloud.cn"
-        -   Southwest China (Chongqing)
-    -   "eos-guiyang-1.cmecloud.cn"
-        -   Southwest China (Guiyang)
-    -   "eos-xian-1.cmecloud.cn"
-        -   Nouthwest China (Xian)
-    -   "eos-yunnan.cmecloud.cn"
-        -   Yunnan China (Kunming)
-    -   "eos-yunnan-2.cmecloud.cn"
-        -   Yunnan China (Kunming-2)
-    -   "eos-tianjin-1.cmecloud.cn"
-        -   Tianjin China (Tianjin)
-    -   "eos-jilin-1.cmecloud.cn"
-        -   Jilin China (Changchun)
-    -   "eos-hubei-1.cmecloud.cn"
-        -   Hubei China (Xiangyan)
-    -   "eos-jiangxi-1.cmecloud.cn"
-        -   Jiangxi China (Nanchang)
-    -   "eos-gansu-1.cmecloud.cn"
-        -   Gansu China (Lanzhou)
-    -   "eos-shanxi-1.cmecloud.cn"
-        -   Shanxi China (Taiyuan)
-    -   "eos-liaoning-1.cmecloud.cn"
-        -   Liaoning China (Shenyang)
-    -   "eos-hebei-1.cmecloud.cn"
-        -   Hebei China (Shijiazhuang)
-    -   "eos-fujian-1.cmecloud.cn"
-        -   Fujian China (Xiamen)
-    -   "eos-guangxi-1.cmecloud.cn"
-        -   Guangxi China (Nanning)
-    -   "eos-anhui-1.cmecloud.cn"
-        -   Anhui China (Huainan)
-
---s3-endpoint
-
-Endpoint for Arvan Cloud Object Storage (AOS) API.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: ArvanCloud
--   Type: string
--   Required: false
--   Examples:
-    -   "s3.ir-thr-at1.arvanstorage.com"
-        -   The default endpoint - a good choice if you are unsure.
-        -   Tehran Iran (Asiatech)
-    -   "s3.ir-tbz-sh1.arvanstorage.com"
-        -   Tabriz Iran (Shahriar)
-
---s3-endpoint
-
-Endpoint for IBM COS S3 API.
-
-Specify if using an IBM COS On Premise.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: IBMCOS
--   Type: string
--   Required: false
--   Examples:
-    -   "s3.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region Endpoint
-    -   "s3.dal.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region Dallas Endpoint
-    -   "s3.wdc.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region Washington DC Endpoint
-    -   "s3.sjc.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region San Jose Endpoint
-    -   "s3.private.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region Private Endpoint
-    -   "s3.private.dal.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region Dallas Private Endpoint
-    -   "s3.private.wdc.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region Washington DC Private Endpoint
-    -   "s3.private.sjc.us.cloud-object-storage.appdomain.cloud"
-        -   US Cross Region San Jose Private Endpoint
-    -   "s3.us-east.cloud-object-storage.appdomain.cloud"
-        -   US Region East Endpoint
-    -   "s3.private.us-east.cloud-object-storage.appdomain.cloud"
-        -   US Region East Private Endpoint
-    -   "s3.us-south.cloud-object-storage.appdomain.cloud"
-        -   US Region South Endpoint
-    -   "s3.private.us-south.cloud-object-storage.appdomain.cloud"
-        -   US Region South Private Endpoint
-    -   "s3.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Endpoint
-    -   "s3.fra.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Frankfurt Endpoint
-    -   "s3.mil.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Milan Endpoint
-    -   "s3.ams.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Amsterdam Endpoint
-    -   "s3.private.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Private Endpoint
-    -   "s3.private.fra.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Frankfurt Private Endpoint
-    -   "s3.private.mil.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Milan Private Endpoint
-    -   "s3.private.ams.eu.cloud-object-storage.appdomain.cloud"
-        -   EU Cross Region Amsterdam Private Endpoint
-    -   "s3.eu-gb.cloud-object-storage.appdomain.cloud"
-        -   Great Britain Endpoint
-    -   "s3.private.eu-gb.cloud-object-storage.appdomain.cloud"
-        -   Great Britain Private Endpoint
-    -   "s3.eu-de.cloud-object-storage.appdomain.cloud"
-        -   EU Region DE Endpoint
-    -   "s3.private.eu-de.cloud-object-storage.appdomain.cloud"
-        -   EU Region DE Private Endpoint
-    -   "s3.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional Endpoint
-    -   "s3.tok.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional Tokyo Endpoint
-    -   "s3.hkg.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional HongKong Endpoint
-    -   "s3.seo.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional Seoul Endpoint
-    -   "s3.private.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional Private Endpoint
-    -   "s3.private.tok.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional Tokyo Private Endpoint
-    -   "s3.private.hkg.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional HongKong Private Endpoint
-    -   "s3.private.seo.ap.cloud-object-storage.appdomain.cloud"
-        -   APAC Cross Regional Seoul Private Endpoint
-    -   "s3.jp-tok.cloud-object-storage.appdomain.cloud"
-        -   APAC Region Japan Endpoint
-    -   "s3.private.jp-tok.cloud-object-storage.appdomain.cloud"
-        -   APAC Region Japan Private Endpoint
-    -   "s3.au-syd.cloud-object-storage.appdomain.cloud"
-        -   APAC Region Australia Endpoint
-    -   "s3.private.au-syd.cloud-object-storage.appdomain.cloud"
-        -   APAC Region Australia Private Endpoint
-    -   "s3.ams03.cloud-object-storage.appdomain.cloud"
-        -   Amsterdam Single Site Endpoint
-    -   "s3.private.ams03.cloud-object-storage.appdomain.cloud"
-        -   Amsterdam Single Site Private Endpoint
-    -   "s3.che01.cloud-object-storage.appdomain.cloud"
-        -   Chennai Single Site Endpoint
-    -   "s3.private.che01.cloud-object-storage.appdomain.cloud"
-        -   Chennai Single Site Private Endpoint
-    -   "s3.mel01.cloud-object-storage.appdomain.cloud"
-        -   Melbourne Single Site Endpoint
-    -   "s3.private.mel01.cloud-object-storage.appdomain.cloud"
-        -   Melbourne Single Site Private Endpoint
-    -   "s3.osl01.cloud-object-storage.appdomain.cloud"
-        -   Oslo Single Site Endpoint
-    -   "s3.private.osl01.cloud-object-storage.appdomain.cloud"
-        -   Oslo Single Site Private Endpoint
-    -   "s3.tor01.cloud-object-storage.appdomain.cloud"
-        -   Toronto Single Site Endpoint
-    -   "s3.private.tor01.cloud-object-storage.appdomain.cloud"
-        -   Toronto Single Site Private Endpoint
-    -   "s3.seo01.cloud-object-storage.appdomain.cloud"
-        -   Seoul Single Site Endpoint
-    -   "s3.private.seo01.cloud-object-storage.appdomain.cloud"
-        -   Seoul Single Site Private Endpoint
-    -   "s3.mon01.cloud-object-storage.appdomain.cloud"
-        -   Montreal Single Site Endpoint
-    -   "s3.private.mon01.cloud-object-storage.appdomain.cloud"
-        -   Montreal Single Site Private Endpoint
-    -   "s3.mex01.cloud-object-storage.appdomain.cloud"
-        -   Mexico Single Site Endpoint
-    -   "s3.private.mex01.cloud-object-storage.appdomain.cloud"
-        -   Mexico Single Site Private Endpoint
-    -   "s3.sjc04.cloud-object-storage.appdomain.cloud"
-        -   San Jose Single Site Endpoint
-    -   "s3.private.sjc04.cloud-object-storage.appdomain.cloud"
-        -   San Jose Single Site Private Endpoint
-    -   "s3.mil01.cloud-object-storage.appdomain.cloud"
-        -   Milan Single Site Endpoint
-    -   "s3.private.mil01.cloud-object-storage.appdomain.cloud"
-        -   Milan Single Site Private Endpoint
-    -   "s3.hkg02.cloud-object-storage.appdomain.cloud"
-        -   Hong Kong Single Site Endpoint
-    -   "s3.private.hkg02.cloud-object-storage.appdomain.cloud"
-        -   Hong Kong Single Site Private Endpoint
-    -   "s3.par01.cloud-object-storage.appdomain.cloud"
-        -   Paris Single Site Endpoint
-    -   "s3.private.par01.cloud-object-storage.appdomain.cloud"
-        -   Paris Single Site Private Endpoint
-    -   "s3.sng01.cloud-object-storage.appdomain.cloud"
-        -   Singapore Single Site Endpoint
-    -   "s3.private.sng01.cloud-object-storage.appdomain.cloud"
-        -   Singapore Single Site Private Endpoint
-
---s3-endpoint
-
-Endpoint for IONOS S3 Object Storage.
-
-Specify the endpoint from the same region.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: IONOS
--   Type: string
--   Required: false
--   Examples:
-    -   "s3-eu-central-1.ionoscloud.com"
-        -   Frankfurt, Germany
-    -   "s3-eu-central-2.ionoscloud.com"
-        -   Berlin, Germany
-    -   "s3-eu-south-2.ionoscloud.com"
-        -   Logrono, Spain
-
---s3-endpoint
-
-Endpoint for Liara Object Storage API.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: Liara
--   Type: string
--   Required: false
--   Examples:
-    -   "storage.iran.liara.space"
-        -   The default endpoint
-        -   Iran
-
---s3-endpoint
-
-Endpoint for OSS API.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: Alibaba
--   Type: string
--   Required: false
--   Examples:
-    -   "oss-accelerate.aliyuncs.com"
-        -   Global Accelerate
-    -   "oss-accelerate-overseas.aliyuncs.com"
-        -   Global Accelerate (outside mainland China)
-    -   "oss-cn-hangzhou.aliyuncs.com"
-        -   East China 1 (Hangzhou)
-    -   "oss-cn-shanghai.aliyuncs.com"
-        -   East China 2 (Shanghai)
-    -   "oss-cn-qingdao.aliyuncs.com"
-        -   North China 1 (Qingdao)
-    -   "oss-cn-beijing.aliyuncs.com"
-        -   North China 2 (Beijing)
-    -   "oss-cn-zhangjiakou.aliyuncs.com"
-        -   North China 3 (Zhangjiakou)
-    -   "oss-cn-huhehaote.aliyuncs.com"
-        -   North China 5 (Hohhot)
-    -   "oss-cn-wulanchabu.aliyuncs.com"
-        -   North China 6 (Ulanqab)
-    -   "oss-cn-shenzhen.aliyuncs.com"
-        -   South China 1 (Shenzhen)
-    -   "oss-cn-heyuan.aliyuncs.com"
-        -   South China 2 (Heyuan)
-    -   "oss-cn-guangzhou.aliyuncs.com"
-        -   South China 3 (Guangzhou)
-    -   "oss-cn-chengdu.aliyuncs.com"
-        -   West China 1 (Chengdu)
-    -   "oss-cn-hongkong.aliyuncs.com"
-        -   Hong Kong (Hong Kong)
-    -   "oss-us-west-1.aliyuncs.com"
-        -   US West 1 (Silicon Valley)
-    -   "oss-us-east-1.aliyuncs.com"
-        -   US East 1 (Virginia)
-    -   "oss-ap-southeast-1.aliyuncs.com"
-        -   Southeast Asia Southeast 1 (Singapore)
-    -   "oss-ap-southeast-2.aliyuncs.com"
-        -   Asia Pacific Southeast 2 (Sydney)
-    -   "oss-ap-southeast-3.aliyuncs.com"
-        -   Southeast Asia Southeast 3 (Kuala Lumpur)
-    -   "oss-ap-southeast-5.aliyuncs.com"
-        -   Asia Pacific Southeast 5 (Jakarta)
-    -   "oss-ap-northeast-1.aliyuncs.com"
-        -   Asia Pacific Northeast 1 (Japan)
-    -   "oss-ap-south-1.aliyuncs.com"
-        -   Asia Pacific South 1 (Mumbai)
-    -   "oss-eu-central-1.aliyuncs.com"
-        -   Central Europe 1 (Frankfurt)
-    -   "oss-eu-west-1.aliyuncs.com"
-        -   West Europe (London)
-    -   "oss-me-east-1.aliyuncs.com"
-        -   Middle East 1 (Dubai)
-
---s3-endpoint
-
-Endpoint for OBS API.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: HuaweiOBS
--   Type: string
--   Required: false
--   Examples:
-    -   "obs.af-south-1.myhuaweicloud.com"
-        -   AF-Johannesburg
-    -   "obs.ap-southeast-2.myhuaweicloud.com"
-        -   AP-Bangkok
-    -   "obs.ap-southeast-3.myhuaweicloud.com"
-        -   AP-Singapore
-    -   "obs.cn-east-3.myhuaweicloud.com"
-        -   CN East-Shanghai1
-    -   "obs.cn-east-2.myhuaweicloud.com"
-        -   CN East-Shanghai2
-    -   "obs.cn-north-1.myhuaweicloud.com"
-        -   CN North-Beijing1
-    -   "obs.cn-north-4.myhuaweicloud.com"
-        -   CN North-Beijing4
-    -   "obs.cn-south-1.myhuaweicloud.com"
-        -   CN South-Guangzhou
-    -   "obs.ap-southeast-1.myhuaweicloud.com"
-        -   CN-Hong Kong
-    -   "obs.sa-argentina-1.myhuaweicloud.com"
-        -   LA-Buenos Aires1
-    -   "obs.sa-peru-1.myhuaweicloud.com"
-        -   LA-Lima1
-    -   "obs.na-mexico-1.myhuaweicloud.com"
-        -   LA-Mexico City1
-    -   "obs.sa-chile-1.myhuaweicloud.com"
-        -   LA-Santiago2
-    -   "obs.sa-brazil-1.myhuaweicloud.com"
-        -   LA-Sao Paulo1
-    -   "obs.ru-northwest-2.myhuaweicloud.com"
-        -   RU-Moscow2
-
---s3-endpoint
-
-Endpoint for Scaleway Object Storage.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: Scaleway
--   Type: string
--   Required: false
--   Examples:
-    -   "s3.nl-ams.scw.cloud"
-        -   Amsterdam Endpoint
-    -   "s3.fr-par.scw.cloud"
-        -   Paris Endpoint
-    -   "s3.pl-waw.scw.cloud"
-        -   Warsaw Endpoint
-
---s3-endpoint
-
-Endpoint for StackPath Object Storage.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: StackPath
--   Type: string
--   Required: false
--   Examples:
-    -   "s3.us-east-2.stackpathstorage.com"
-        -   US East Endpoint
-    -   "s3.us-west-1.stackpathstorage.com"
-        -   US West Endpoint
-    -   "s3.eu-central-1.stackpathstorage.com"
-        -   EU Endpoint
-
---s3-endpoint
-
-Endpoint for Storj Gateway.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: Storj
--   Type: string
--   Required: false
--   Examples:
-    -   "gateway.storjshare.io"
-        -   Global Hosted Gateway
-
---s3-endpoint
-
-Endpoint for Tencent COS API.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: TencentCOS
--   Type: string
--   Required: false
--   Examples:
-    -   "cos.ap-beijing.myqcloud.com"
-        -   Beijing Region
-    -   "cos.ap-nanjing.myqcloud.com"
-        -   Nanjing Region
-    -   "cos.ap-shanghai.myqcloud.com"
-        -   Shanghai Region
-    -   "cos.ap-guangzhou.myqcloud.com"
-        -   Guangzhou Region
-    -   "cos.ap-nanjing.myqcloud.com"
-        -   Nanjing Region
-    -   "cos.ap-chengdu.myqcloud.com"
-        -   Chengdu Region
-    -   "cos.ap-chongqing.myqcloud.com"
-        -   Chongqing Region
-    -   "cos.ap-hongkong.myqcloud.com"
-        -   Hong Kong (China) Region
-    -   "cos.ap-singapore.myqcloud.com"
-        -   Singapore Region
-    -   "cos.ap-mumbai.myqcloud.com"
-        -   Mumbai Region
-    -   "cos.ap-seoul.myqcloud.com"
-        -   Seoul Region
-    -   "cos.ap-bangkok.myqcloud.com"
-        -   Bangkok Region
-    -   "cos.ap-tokyo.myqcloud.com"
-        -   Tokyo Region
-    -   "cos.na-siliconvalley.myqcloud.com"
-        -   Silicon Valley Region
-    -   "cos.na-ashburn.myqcloud.com"
-        -   Virginia Region
-    -   "cos.na-toronto.myqcloud.com"
-        -   Toronto Region
-    -   "cos.eu-frankfurt.myqcloud.com"
-        -   Frankfurt Region
-    -   "cos.eu-moscow.myqcloud.com"
-        -   Moscow Region
-    -   "cos.accelerate.myqcloud.com"
-        -   Use Tencent COS Accelerate Endpoint
-
---s3-endpoint
-
-Endpoint for RackCorp Object Storage.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: RackCorp
--   Type: string
--   Required: false
--   Examples:
-    -   "s3.rackcorp.com"
-        -   Global (AnyCast) Endpoint
-    -   "au.s3.rackcorp.com"
-        -   Australia (Anycast) Endpoint
-    -   "au-nsw.s3.rackcorp.com"
-        -   Sydney (Australia) Endpoint
-    -   "au-qld.s3.rackcorp.com"
-        -   Brisbane (Australia) Endpoint
-    -   "au-vic.s3.rackcorp.com"
-        -   Melbourne (Australia) Endpoint
-    -   "au-wa.s3.rackcorp.com"
-        -   Perth (Australia) Endpoint
-    -   "ph.s3.rackcorp.com"
-        -   Manila (Philippines) Endpoint
-    -   "th.s3.rackcorp.com"
-        -   Bangkok (Thailand) Endpoint
-    -   "hk.s3.rackcorp.com"
-        -   HK (Hong Kong) Endpoint
-    -   "mn.s3.rackcorp.com"
-        -   Ulaanbaatar (Mongolia) Endpoint
-    -   "kg.s3.rackcorp.com"
-        -   Bishkek (Kyrgyzstan) Endpoint
-    -   "id.s3.rackcorp.com"
-        -   Jakarta (Indonesia) Endpoint
-    -   "jp.s3.rackcorp.com"
-        -   Tokyo (Japan) Endpoint
-    -   "sg.s3.rackcorp.com"
-        -   SG (Singapore) Endpoint
-    -   "de.s3.rackcorp.com"
-        -   Frankfurt (Germany) Endpoint
-    -   "us.s3.rackcorp.com"
-        -   USA (AnyCast) Endpoint
-    -   "us-east-1.s3.rackcorp.com"
-        -   New York (USA) Endpoint
-    -   "us-west-1.s3.rackcorp.com"
-        -   Freemont (USA) Endpoint
-    -   "nz.s3.rackcorp.com"
-        -   Auckland (New Zealand) Endpoint
-
---s3-endpoint
-
-Endpoint for Qiniu Object Storage.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider: Qiniu
--   Type: string
--   Required: false
--   Examples:
-    -   "s3-cn-east-1.qiniucs.com"
-        -   East China Endpoint 1
-    -   "s3-cn-east-2.qiniucs.com"
-        -   East China Endpoint 2
-    -   "s3-cn-north-1.qiniucs.com"
-        -   North China Endpoint 1
-    -   "s3-cn-south-1.qiniucs.com"
-        -   South China Endpoint 1
-    -   "s3-us-north-1.qiniucs.com"
-        -   North America Endpoint 1
-    -   "s3-ap-southeast-1.qiniucs.com"
-        -   Southeast Asia Endpoint 1
-    -   "s3-ap-northeast-1.qiniucs.com"
-        -   Northeast Asia Endpoint 1
-
---s3-endpoint
-
-Endpoint for S3 API.
-
-Required when using an S3 clone.
-
-Properties:
-
--   Config: endpoint
--   Env Var: RCLONE_S3_ENDPOINT
--   Provider:
-    !AWS,IBMCOS,IDrive,IONOS,TencentCOS,HuaweiOBS,Alibaba,ChinaMobile,Liara,ArvanCloud,Scaleway,StackPath,Storj,RackCorp,Qiniu
--   Type: string
--   Required: false
--   Examples:
-    -   "objects-us-east-1.dream.io"
-        -   Dream Objects endpoint
-    -   "syd1.digitaloceanspaces.com"
-        -   DigitalOcean Spaces Sydney 1
-    -   "sfo3.digitaloceanspaces.com"
-        -   DigitalOcean Spaces San Francisco 3
-    -   "fra1.digitaloceanspaces.com"
-        -   DigitalOcean Spaces Frankfurt 1
-    -   "nyc3.digitaloceanspaces.com"
-        -   DigitalOcean Spaces New York 3
-    -   "ams3.digitaloceanspaces.com"
-        -   DigitalOcean Spaces Amsterdam 3
-    -   "sgp1.digitaloceanspaces.com"
-        -   DigitalOcean Spaces Singapore 1
-    -   "localhost:8333"
-        -   SeaweedFS S3 localhost
-    -   "s3.us-east-1.lyvecloud.seagate.com"
-        -   Seagate Lyve Cloud US East 1 (Virginia)
-    -   "s3.us-west-1.lyvecloud.seagate.com"
-        -   Seagate Lyve Cloud US West 1 (California)
-    -   "s3.ap-southeast-1.lyvecloud.seagate.com"
-        -   Seagate Lyve Cloud AP Southeast 1 (Singapore)
-    -   "s3.wasabisys.com"
-        -   Wasabi US East 1 (N. Virginia)
-    -   "s3.us-east-2.wasabisys.com"
-        -   Wasabi US East 2 (N. Virginia)
-    -   "s3.us-central-1.wasabisys.com"
-        -   Wasabi US Central 1 (Texas)
-    -   "s3.us-west-1.wasabisys.com"
-        -   Wasabi US West 1 (Oregon)
-    -   "s3.ca-central-1.wasabisys.com"
-        -   Wasabi CA Central 1 (Toronto)
-    -   "s3.eu-central-1.wasabisys.com"
-        -   Wasabi EU Central 1 (Amsterdam)
-    -   "s3.eu-central-2.wasabisys.com"
-        -   Wasabi EU Central 2 (Frankfurt)
-    -   "s3.eu-west-1.wasabisys.com"
-        -   Wasabi EU West 1 (London)
-    -   "s3.eu-west-2.wasabisys.com"
-        -   Wasabi EU West 2 (Paris)
-    -   "s3.ap-northeast-1.wasabisys.com"
-        -   Wasabi AP Northeast 1 (Tokyo) endpoint
-    -   "s3.ap-northeast-2.wasabisys.com"
-        -   Wasabi AP Northeast 2 (Osaka) endpoint
-    -   "s3.ap-southeast-1.wasabisys.com"
-        -   Wasabi AP Southeast 1 (Singapore)
-    -   "s3.ap-southeast-2.wasabisys.com"
-        -   Wasabi AP Southeast 2 (Sydney)
-    -   "storage.iran.liara.space"
-        -   Liara Iran endpoint
-    -   "s3.ir-thr-at1.arvanstorage.com"
-        -   ArvanCloud Tehran Iran (Asiatech) endpoint
-
 --s3-location-constraint
 
 Location constraint - must be set to match the Region.
@@ -19024,275 +21976,6 @@ Properties:
     -   "us-gov-west-1"
         -   AWS GovCloud (US) Region
 
---s3-location-constraint
-
-Location constraint - must match endpoint.
-
-Used when creating buckets only.
-
-Properties:
-
--   Config: location_constraint
--   Env Var: RCLONE_S3_LOCATION_CONSTRAINT
--   Provider: ChinaMobile
--   Type: string
--   Required: false
--   Examples:
-    -   "wuxi1"
-        -   East China (Suzhou)
-    -   "jinan1"
-        -   East China (Jinan)
-    -   "ningbo1"
-        -   East China (Hangzhou)
-    -   "shanghai1"
-        -   East China (Shanghai-1)
-    -   "zhengzhou1"
-        -   Central China (Zhengzhou)
-    -   "hunan1"
-        -   Central China (Changsha-1)
-    -   "zhuzhou1"
-        -   Central China (Changsha-2)
-    -   "guangzhou1"
-        -   South China (Guangzhou-2)
-    -   "dongguan1"
-        -   South China (Guangzhou-3)
-    -   "beijing1"
-        -   North China (Beijing-1)
-    -   "beijing2"
-        -   North China (Beijing-2)
-    -   "beijing4"
-        -   North China (Beijing-3)
-    -   "huhehaote1"
-        -   North China (Huhehaote)
-    -   "chengdu1"
-        -   Southwest China (Chengdu)
-    -   "chongqing1"
-        -   Southwest China (Chongqing)
-    -   "guiyang1"
-        -   Southwest China (Guiyang)
-    -   "xian1"
-        -   Nouthwest China (Xian)
-    -   "yunnan"
-        -   Yunnan China (Kunming)
-    -   "yunnan2"
-        -   Yunnan China (Kunming-2)
-    -   "tianjin1"
-        -   Tianjin China (Tianjin)
-    -   "jilin1"
-        -   Jilin China (Changchun)
-    -   "hubei1"
-        -   Hubei China (Xiangyan)
-    -   "jiangxi1"
-        -   Jiangxi China (Nanchang)
-    -   "gansu1"
-        -   Gansu China (Lanzhou)
-    -   "shanxi1"
-        -   Shanxi China (Taiyuan)
-    -   "liaoning1"
-        -   Liaoning China (Shenyang)
-    -   "hebei1"
-        -   Hebei China (Shijiazhuang)
-    -   "fujian1"
-        -   Fujian China (Xiamen)
-    -   "guangxi1"
-        -   Guangxi China (Nanning)
-    -   "anhui1"
-        -   Anhui China (Huainan)
-
---s3-location-constraint
-
-Location constraint - must match endpoint.
-
-Used when creating buckets only.
-
-Properties:
-
--   Config: location_constraint
--   Env Var: RCLONE_S3_LOCATION_CONSTRAINT
--   Provider: ArvanCloud
--   Type: string
--   Required: false
--   Examples:
-    -   "ir-thr-at1"
-        -   Tehran Iran (Asiatech)
-    -   "ir-tbz-sh1"
-        -   Tabriz Iran (Shahriar)
-
---s3-location-constraint
-
-Location constraint - must match endpoint when using IBM Cloud Public.
-
-For on-prem COS, do not make a selection from this list, hit enter.
-
-Properties:
-
--   Config: location_constraint
--   Env Var: RCLONE_S3_LOCATION_CONSTRAINT
--   Provider: IBMCOS
--   Type: string
--   Required: false
--   Examples:
-    -   "us-standard"
-        -   US Cross Region Standard
-    -   "us-vault"
-        -   US Cross Region Vault
-    -   "us-cold"
-        -   US Cross Region Cold
-    -   "us-flex"
-        -   US Cross Region Flex
-    -   "us-east-standard"
-        -   US East Region Standard
-    -   "us-east-vault"
-        -   US East Region Vault
-    -   "us-east-cold"
-        -   US East Region Cold
-    -   "us-east-flex"
-        -   US East Region Flex
-    -   "us-south-standard"
-        -   US South Region Standard
-    -   "us-south-vault"
-        -   US South Region Vault
-    -   "us-south-cold"
-        -   US South Region Cold
-    -   "us-south-flex"
-        -   US South Region Flex
-    -   "eu-standard"
-        -   EU Cross Region Standard
-    -   "eu-vault"
-        -   EU Cross Region Vault
-    -   "eu-cold"
-        -   EU Cross Region Cold
-    -   "eu-flex"
-        -   EU Cross Region Flex
-    -   "eu-gb-standard"
-        -   Great Britain Standard
-    -   "eu-gb-vault"
-        -   Great Britain Vault
-    -   "eu-gb-cold"
-        -   Great Britain Cold
-    -   "eu-gb-flex"
-        -   Great Britain Flex
-    -   "ap-standard"
-        -   APAC Standard
-    -   "ap-vault"
-        -   APAC Vault
-    -   "ap-cold"
-        -   APAC Cold
-    -   "ap-flex"
-        -   APAC Flex
-    -   "mel01-standard"
-        -   Melbourne Standard
-    -   "mel01-vault"
-        -   Melbourne Vault
-    -   "mel01-cold"
-        -   Melbourne Cold
-    -   "mel01-flex"
-        -   Melbourne Flex
-    -   "tor01-standard"
-        -   Toronto Standard
-    -   "tor01-vault"
-        -   Toronto Vault
-    -   "tor01-cold"
-        -   Toronto Cold
-    -   "tor01-flex"
-        -   Toronto Flex
-
---s3-location-constraint
-
-Location constraint - the location where your bucket will be located and
-your data stored.
-
-Properties:
-
--   Config: location_constraint
--   Env Var: RCLONE_S3_LOCATION_CONSTRAINT
--   Provider: RackCorp
--   Type: string
--   Required: false
--   Examples:
-    -   "global"
-        -   Global CDN Region
-    -   "au"
-        -   Australia (All locations)
-    -   "au-nsw"
-        -   NSW (Australia) Region
-    -   "au-qld"
-        -   QLD (Australia) Region
-    -   "au-vic"
-        -   VIC (Australia) Region
-    -   "au-wa"
-        -   Perth (Australia) Region
-    -   "ph"
-        -   Manila (Philippines) Region
-    -   "th"
-        -   Bangkok (Thailand) Region
-    -   "hk"
-        -   HK (Hong Kong) Region
-    -   "mn"
-        -   Ulaanbaatar (Mongolia) Region
-    -   "kg"
-        -   Bishkek (Kyrgyzstan) Region
-    -   "id"
-        -   Jakarta (Indonesia) Region
-    -   "jp"
-        -   Tokyo (Japan) Region
-    -   "sg"
-        -   SG (Singapore) Region
-    -   "de"
-        -   Frankfurt (Germany) Region
-    -   "us"
-        -   USA (AnyCast) Region
-    -   "us-east-1"
-        -   New York (USA) Region
-    -   "us-west-1"
-        -   Freemont (USA) Region
-    -   "nz"
-        -   Auckland (New Zealand) Region
-
---s3-location-constraint
-
-Location constraint - must be set to match the Region.
-
-Used when creating buckets only.
-
-Properties:
-
--   Config: location_constraint
--   Env Var: RCLONE_S3_LOCATION_CONSTRAINT
--   Provider: Qiniu
--   Type: string
--   Required: false
--   Examples:
-    -   "cn-east-1"
-        -   East China Region 1
-    -   "cn-east-2"
-        -   East China Region 2
-    -   "cn-north-1"
-        -   North China Region 1
-    -   "cn-south-1"
-        -   South China Region 1
-    -   "us-north-1"
-        -   North America Region 1
-    -   "ap-southeast-1"
-        -   Southeast Asia Region 1
-    -   "ap-northeast-1"
-        -   Northeast Asia Region 1
-
---s3-location-constraint
-
-Location constraint - must be set to match the Region.
-
-Leave blank if not sure. Used when creating buckets only.
-
-Properties:
-
--   Config: location_constraint
--   Env Var: RCLONE_S3_LOCATION_CONSTRAINT
--   Provider:
-    !AWS,Alibaba,HuaweiOBS,ChinaMobile,Cloudflare,IBMCOS,IDrive,IONOS,Liara,ArvanCloud,Qiniu,RackCorp,Scaleway,StackPath,Storj,TencentCOS
--   Type: string
--   Required: false
-
 --s3-acl
 
 Canned ACL used when creating buckets and storing or copying objects.
@@ -19313,7 +21996,7 @@ Properties:
 
 -   Config: acl
 -   Env Var: RCLONE_S3_ACL
--   Provider: !Storj,Cloudflare
+-   Provider: !Storj,Synology,Cloudflare
 -   Type: string
 -   Required: false
 -   Examples:
@@ -19433,149 +22116,14 @@ Properties:
     -   "GLACIER_IR"
         -   Glacier Instant Retrieval storage class
 
---s3-storage-class
-
-The storage class to use when storing new objects in OSS.
-
-Properties:
-
--   Config: storage_class
--   Env Var: RCLONE_S3_STORAGE_CLASS
--   Provider: Alibaba
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Default
-    -   "STANDARD"
-        -   Standard storage class
-    -   "GLACIER"
-        -   Archive storage mode
-    -   "STANDARD_IA"
-        -   Infrequent access storage mode
-
---s3-storage-class
-
-The storage class to use when storing new objects in ChinaMobile.
-
-Properties:
-
--   Config: storage_class
--   Env Var: RCLONE_S3_STORAGE_CLASS
--   Provider: ChinaMobile
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Default
-    -   "STANDARD"
-        -   Standard storage class
-    -   "GLACIER"
-        -   Archive storage mode
-    -   "STANDARD_IA"
-        -   Infrequent access storage mode
-
---s3-storage-class
-
-The storage class to use when storing new objects in Liara
-
-Properties:
-
--   Config: storage_class
--   Env Var: RCLONE_S3_STORAGE_CLASS
--   Provider: Liara
--   Type: string
--   Required: false
--   Examples:
-    -   "STANDARD"
-        -   Standard storage class
-
---s3-storage-class
-
-The storage class to use when storing new objects in ArvanCloud.
-
-Properties:
-
--   Config: storage_class
--   Env Var: RCLONE_S3_STORAGE_CLASS
--   Provider: ArvanCloud
--   Type: string
--   Required: false
--   Examples:
-    -   "STANDARD"
-        -   Standard storage class
-
---s3-storage-class
-
-The storage class to use when storing new objects in Tencent COS.
-
-Properties:
-
--   Config: storage_class
--   Env Var: RCLONE_S3_STORAGE_CLASS
--   Provider: TencentCOS
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Default
-    -   "STANDARD"
-        -   Standard storage class
-    -   "ARCHIVE"
-        -   Archive storage mode
-    -   "STANDARD_IA"
-        -   Infrequent access storage mode
-
---s3-storage-class
-
-The storage class to use when storing new objects in S3.
-
-Properties:
-
--   Config: storage_class
--   Env Var: RCLONE_S3_STORAGE_CLASS
--   Provider: Scaleway
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Default.
-    -   "STANDARD"
-        -   The Standard class for any upload.
-        -   Suitable for on-demand content like streaming or CDN.
-    -   "GLACIER"
-        -   Archived storage.
-        -   Prices are lower, but it needs to be restored first to be
-            accessed.
-
---s3-storage-class
-
-The storage class to use when storing new objects in Qiniu.
-
-Properties:
-
--   Config: storage_class
--   Env Var: RCLONE_S3_STORAGE_CLASS
--   Provider: Qiniu
--   Type: string
--   Required: false
--   Examples:
-    -   "STANDARD"
-        -   Standard storage class
-    -   "LINE"
-        -   Infrequent access storage mode
-    -   "GLACIER"
-        -   Archive storage mode
-    -   "DEEP_ARCHIVE"
-        -   Deep archive storage mode
-
 Advanced options
 
 Here are the Advanced options specific to s3 (Amazon S3 Compliant
-Storage Providers including AWS, Alibaba, Ceph, China Mobile,
-Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS,
-IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp,
-Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
+Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile,
+Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive,
+IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox,
+RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology,
+TencentCOS, Wasabi, Qiniu and others).
 
 --s3-bucket-acl
 
@@ -20065,16 +22613,12 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_S3_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default: Slash,InvalidUtf8,Dot
 
 --s3-memory-pool-flush-time
 
-How often internal memory buffer pools will be flushed.
-
-Uploads which requires additional buffers (f.e multipart) will use
-memory pool for allocations. This option controls how often unused
-buffers will be removed from the pool.
+How often internal memory buffer pools will be flushed. (no longer used)
 
 Properties:
 
@@ -20085,7 +22629,7 @@ Properties:
 
 --s3-memory-pool-use-mmap
 
-Whether to use mmap buffers in internal memory pool.
+Whether to use mmap buffers in internal memory pool. (no longer used)
 
 Properties:
 
@@ -20126,6 +22670,21 @@ Properties:
 -   Type: string
 -   Required: false
 
+--s3-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is
+created
+
+Empty folders are unsupported for bucket based remotes, this option
+creates an empty object ending with "/", to persist the folder.
+
+Properties:
+
+-   Config: directory_markers
+-   Env Var: RCLONE_S3_DIRECTORY_MARKERS
+-   Type: bool
+-   Default: false
+
 --s3-use-multipart-etag
 
 Whether to use ETag in multipart uploads for verification
@@ -20238,6 +22797,29 @@ Properties:
 -   Type: Tristate
 -   Default: unset
 
+--s3-use-accept-encoding-gzip
+
+Whether to send Accept-Encoding: gzip header.
+
+By default, rclone will append Accept-Encoding: gzip to the request to
+download compressed objects whenever possible.
+
+However some providers such as Google Cloud Storage may alter the HTTP
+headers, breaking the signature of the request.
+
+A symptom of this would be receiving errors like
+
+    SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.
+
+In this case, you might want to try disabling this option.
+
+Properties:
+
+-   Config: use_accept_encoding_gzip
+-   Env Var: RCLONE_S3_USE_ACCEPT_ENCODING_GZIP
+-   Type: Tristate
+-   Default: unset
+
 --s3-no-system-metadata
 
 Suppress setting and reading of system metadata
@@ -20263,6 +22845,55 @@ Properties:
 -   Type: string
 -   Required: false
 
+--s3-use-already-exists
+
+Set if rclone should report BucketAlreadyExists errors on bucket
+creation.
+
+At some point during the evolution of the s3 protocol, AWS started
+returning an AlreadyOwnedByYou error when attempting to create a bucket
+that the user already owned, rather than a BucketAlreadyExists error.
+
+Unfortunately exactly what has been implemented by s3 clones is a little
+inconsistent, some return AlreadyOwnedByYou, some return
+BucketAlreadyExists and some return no error at all.
+
+This is important to rclone because it ensures the bucket exists by
+creating it on quite a lot of operations (unless --s3-no-check-bucket is
+used).
+
+If rclone knows the provider can return AlreadyOwnedByYou or returns no
+error then it can report BucketAlreadyExists errors when the user
+attempts to create a bucket not owned by them. Otherwise rclone ignores
+the BucketAlreadyExists error which can lead to confusion.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+
+Properties:
+
+-   Config: use_already_exists
+-   Env Var: RCLONE_S3_USE_ALREADY_EXISTS
+-   Type: Tristate
+-   Default: unset
+
+--s3-use-multipart-uploads
+
+Set if rclone should use multipart uploads.
+
+You can change this if you want to disable the use of multipart uploads.
+This shouldn't be necessary in normal operation.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+
+Properties:
+
+-   Config: use_multipart_uploads
+-   Env Var: RCLONE_S3_USE_MULTIPART_UPLOADS
+-   Type: Tristate
+-   Default: unset
+
 Metadata
 
 User metadata is stored as x-amz-meta- keys. S3 metadata keys are case
@@ -20326,18 +22957,18 @@ normal storage.
 
 Usage Examples:
 
-    rclone backend restore s3:bucket/path/to/object [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket/path/to/directory [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket [-o priority=PRIORITY] [-o lifetime=DAYS]
+    rclone backend restore s3:bucket/path/to/object -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket/path/to/directory -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket -o priority=PRIORITY -o lifetime=DAYS
 
 This flag also obeys the filters. Test first with --interactive/-i or
 --dry-run flags
 
-    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
 
 All the objects shown will be marked for restore, then
 
-    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
 
 It returns a list of status dictionaries with Remote and Status keys.
 The Status will be OK if it was successful or an error message if not.
@@ -20345,11 +22976,11 @@ The Status will be OK if it was successful or an error message if not.
     [
         {
             "Status": "OK",
-            "Path": "test.txt"
+            "Remote": "test.txt"
         },
         {
             "Status": "OK",
-            "Path": "test/file4.txt"
+            "Remote": "test/file4.txt"
         }
     ]
 
@@ -20359,6 +22990,52 @@ Options:
 -   "lifetime": Lifetime of the active copy in days
 -   "priority": Priority of restore: Standard|Expedited|Bulk
 
+restore-status
+
+Show the restore status for objects being restored from GLACIER to
+normal storage
+
+    rclone backend restore-status remote: [options] [<arguments>+]
+
+This command can be used to show the status for objects being restored
+from GLACIER to normal storage.
+
+Usage Examples:
+
+    rclone backend restore-status s3:bucket/path/to/object
+    rclone backend restore-status s3:bucket/path/to/directory
+    rclone backend restore-status -o all s3:bucket/path/to/directory
+
+This command does not obey the filters.
+
+It returns a list of status dictionaries.
+
+    [
+        {
+            "Remote": "file.txt",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": true,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "GLACIER"
+        },
+        {
+            "Remote": "test.pdf",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": false,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "DEEP_ARCHIVE"
+        }
+    ]
+
+Options:
+
+-   "all": if set then show all objects, not just ones with restore
+    status
+
 list-multipart-uploads
 
 List the unfinished multipart uploads
@@ -20448,6 +23125,29 @@ It may return "Enabled", "Suspended" or "Unversioned". Note that once
 versioning has been enabled the status can't be set back to
 "Unversioned".
 
+set
+
+Set command for updating the config parameters.
+
+    rclone backend set remote: [options] [<arguments>+]
+
+This set command can be used to update the config parameters for a
+running s3 backend.
+
+Usage Examples:
+
+    rclone backend set s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: -o session_token=X -o access_key_id=X -o secret_access_key=X
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the s3 backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn't return anything.
+
 Anonymous access to public buckets
 
 If you want to use rclone to access a public bucket, configure with a
@@ -20582,7 +23282,7 @@ of a bucket publicly.
     Type of storage to configure.
     Choose a number from below, or type in your own value.
     ...
-    XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+    XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
        \ (s3)
     ...
     Storage> s3
@@ -20672,6 +23372,28 @@ in your config:
     server_side_encryption =
     storage_class =
 
+Google Cloud Storage
+
+GoogleCloudStorage is an S3-interoperable object storage service from
+Google Cloud Platform.
+
+To connect to Google Cloud Storage you will need an access key and
+secret key. These can be retrieved by creating an HMAC key.
+
+    [gs]
+    type = s3
+    provider = GCS
+    access_key_id = your_access_key
+    secret_access_key = your_secret_key
+    endpoint = https://storage.googleapis.com
+
+Note that --s3-versions does not work with GCS when it needs to do
+directory paging. Rclone will return the error:
+
+    s3 protocol error: received versions listing with IsTruncated set with no NextKeyMarker
+
+This is Google bug #312292516.
+
 DigitalOcean Spaces
 
 Spaces is an S3-interoperable object storage service from cloud provider
@@ -20751,7 +23473,7 @@ Or you can also configure via the interactive command line:
     Type of storage to configure.
     Choose a number from below, or type in your own value.
     [snip]
-     5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+     5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
        \ (s3)
     [snip]
     Storage> 5
@@ -21042,7 +23764,7 @@ This will guide you through an interactive setup process.
     Type of storage to configure.
     Choose a number from below, or type in your own value.
     [snip]
-    XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+    XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
        \ (s3)
     [snip]
     Storage> s3
@@ -21148,7 +23870,7 @@ Type s3 to choose the connection type:
     Type of storage to configure.
     Choose a number from below, or type in your own value.
     [snip]
-    XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+    XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
        \ (s3)
     [snip]
     Storage> s3
@@ -21382,7 +24104,7 @@ To configure access to Qiniu Kodo, follow the steps below:
        \ (alias)
      4 / Amazon Drive
        \ (amazon cloud drive)
-     5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi
+     5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
        \ (s3)
     [snip]
     Storage> s3
@@ -21566,6 +24288,29 @@ Your config should end up looking a bit like this:
     endpoint = s3.rackcorp.com
     location_constraint = au-nsw
 
+Rclone Serve S3
+
+Rclone can serve any remote over the S3 protocol. For details see the
+rclone serve s3 documentation.
+
+For example, to serve remote:path over s3, run the server like this:
+
+    rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+
+This will be compatible with an rclone remote which is defined like
+this:
+
+    [serves3]
+    type = s3
+    provider = Rclone
+    endpoint = http://127.0.0.1:8080/
+    access_key_id = ACCESS_KEY_ID
+    secret_access_key = SECRET_ACCESS_KEY
+    use_multipart_uploads = false
+
+Note that setting disable_multipart_uploads = true is to work around a
+bug which will be fixed in due course.
+
 Scaleway
 
 Scaleway The Object Storage platform allows you to store anything from
@@ -22230,6 +24975,119 @@ This will guide you through an interactive setup process.
     d) Delete this remote
     y/e/d> y
 
+Leviia Cloud Object Storage
+
+Leviia Object Storage, backup and secure your data in a 100% French
+cloud, independent of GAFAM..
+
+To configure access to Leviia, follow the steps below:
+
+1.  Run rclone config and select n for a new remote.
+
+    rclone config
+    No remotes found, make a new one?
+    n) New remote
+    s) Set configuration password
+    q) Quit config
+    n/s/q> n
+
+2.  Give the name of the configuration. For example, name it 'leviia'.
+
+    name> leviia
+
+3.  Select s3 storage.
+
+    Choose a number from below, or type in your own value
+     1 / 1Fichier
+       \ (fichier)
+     2 / Akamai NetStorage
+       \ (netstorage)
+     3 / Alias for an existing remote
+       \ (alias)
+     4 / Amazon Drive
+       \ (amazon cloud drive)
+     5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+       \ (s3)
+    [snip]
+    Storage> s3
+
+4.  Select Leviia provider.
+
+    Choose a number from below, or type in your own value
+    1 / Amazon Web Services (AWS) S3
+       \ "AWS"
+    [snip]
+    15 / Leviia Object Storage
+       \ (Leviia)
+    [snip]
+    provider> Leviia
+
+5.  Enter your SecretId and SecretKey of Leviia.
+
+    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+    Only applies if access_key_id and secret_access_key is blank.
+    Enter a boolean value (true or false). Press Enter for the default ("false").
+    Choose a number from below, or type in your own value
+     1 / Enter AWS credentials in the next step
+       \ "false"
+     2 / Get AWS credentials from the environment (env vars or IAM)
+       \ "true"
+    env_auth> 1
+    AWS Access Key ID.
+    Leave blank for anonymous access or runtime credentials.
+    Enter a string value. Press Enter for the default ("").
+    access_key_id> ZnIx.xxxxxxxxxxxxxxx
+    AWS Secret Access Key (password)
+    Leave blank for anonymous access or runtime credentials.
+    Enter a string value. Press Enter for the default ("").
+    secret_access_key> xxxxxxxxxxx
+
+6.  Select endpoint for Leviia.
+
+       / The default endpoint
+     1 | Leviia.
+       \ (s3.leviia.com)
+    [snip]
+    endpoint> 1
+
+7.  Choose acl.
+
+    Note that this ACL is applied when server-side copying objects as S3
+    doesn't copy the ACL from the source but rather writes a fresh one.
+    Enter a string value. Press Enter for the default ("").
+    Choose a number from below, or type in your own value
+       / Owner gets FULL_CONTROL.
+     1 | No one else has access rights (default).
+       \ (private)
+       / Owner gets FULL_CONTROL.
+     2 | The AllUsers group gets READ access.
+       \ (public-read)
+    [snip]
+    acl> 1
+    Edit advanced config? (y/n)
+    y) Yes
+    n) No (default)
+    y/n> n
+    Remote config
+    --------------------
+    [leviia]
+    - type: s3
+    - provider: Leviia
+    - access_key_id: ZnIx.xxxxxxx
+    - secret_access_key: xxxxxxxx
+    - endpoint: s3.leviia.com
+    - acl: private
+    --------------------
+    y) Yes this is OK (default)
+    e) Edit this remote
+    d) Delete this remote
+    y/e/d> y
+    Current remotes:
+
+    Name                 Type
+    ====                 ====
+    leviia                s3
+
 Liara
 
 Here is an example of making a Liara Object Storage configuration. First
@@ -22327,6 +25185,135 @@ This will leave the config file looking like this.
     server_side_encryption =
     storage_class =
 
+Linode
+
+Here is an example of making a Linode Object Storage configuration.
+First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+    No remotes found, make a new one?
+    n) New remote
+    s) Set configuration password
+    q) Quit config
+    n/s/q> n
+
+    Enter name for new remote.
+    name> linode
+
+    Option Storage.
+    Type of storage to configure.
+    Choose a number from below, or type in your own value.
+    [snip]
+     X / Amazon S3 Compliant Storage Providers including AWS, ...Linode, ...and others
+       \ (s3)
+    [snip]
+    Storage> s3
+
+    Option provider.
+    Choose your S3 provider.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+    [snip]
+    XX / Linode Object Storage
+       \ (Linode)
+    [snip]
+    provider> Linode
+
+    Option env_auth.
+    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+    Only applies if access_key_id and secret_access_key is blank.
+    Choose a number from below, or type in your own boolean value (true or false).
+    Press Enter for the default (false).
+     1 / Enter AWS credentials in the next step.
+       \ (false)
+     2 / Get AWS credentials from the environment (env vars or IAM).
+       \ (true)
+    env_auth> 
+
+    Option access_key_id.
+    AWS Access Key ID.
+    Leave blank for anonymous access or runtime credentials.
+    Enter a value. Press Enter to leave empty.
+    access_key_id> ACCESS_KEY
+
+    Option secret_access_key.
+    AWS Secret Access Key (password).
+    Leave blank for anonymous access or runtime credentials.
+    Enter a value. Press Enter to leave empty.
+    secret_access_key> SECRET_ACCESS_KEY
+
+    Option endpoint.
+    Endpoint for Linode Object Storage API.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+     1 / Atlanta, GA (USA), us-southeast-1
+       \ (us-southeast-1.linodeobjects.com)
+     2 / Chicago, IL (USA), us-ord-1
+       \ (us-ord-1.linodeobjects.com)
+     3 / Frankfurt (Germany), eu-central-1
+       \ (eu-central-1.linodeobjects.com)
+     4 / Milan (Italy), it-mil-1
+       \ (it-mil-1.linodeobjects.com)
+     5 / Newark, NJ (USA), us-east-1
+       \ (us-east-1.linodeobjects.com)
+     6 / Paris (France), fr-par-1
+       \ (fr-par-1.linodeobjects.com)
+     7 / Seattle, WA (USA), us-sea-1
+       \ (us-sea-1.linodeobjects.com)
+     8 / Singapore ap-south-1
+       \ (ap-south-1.linodeobjects.com)
+     9 / Stockholm (Sweden), se-sto-1
+       \ (se-sto-1.linodeobjects.com)
+    10 / Washington, DC, (USA), us-iad-1
+       \ (us-iad-1.linodeobjects.com)
+    endpoint> 3
+
+    Option acl.
+    Canned ACL used when creating buckets and storing or copying objects.
+    This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+    For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+    Note that this ACL is applied when server-side copying objects as S3
+    doesn't copy the ACL from the source but rather writes a fresh one.
+    If the acl is an empty string then no X-Amz-Acl: header is added and
+    the default (private) will be used.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+       / Owner gets FULL_CONTROL.
+     1 | No one else has access rights (default).
+       \ (private)
+    [snip]
+    acl> 
+
+    Edit advanced config?
+    y) Yes
+    n) No (default)
+    y/n> n
+
+    Configuration complete.
+    Options:
+    - type: s3
+    - provider: Linode
+    - access_key_id: ACCESS_KEY
+    - secret_access_key: SECRET_ACCESS_KEY
+    - endpoint: eu-central-1.linodeobjects.com
+    Keep this "linode" remote?
+    y) Yes this is OK (default)
+    e) Edit this remote
+    d) Delete this remote
+    y/e/d> y
+
+This will leave the config file looking like this.
+
+    [linode]
+    type = s3
+    provider = Linode
+    access_key_id = ACCESS_KEY
+    secret_access_key = SECRET_ACCESS_KEY
+    endpoint = eu-central-1.linodeobjects.com
+
 ArvanCloud
 
 ArvanCloud ArvanCloud Object Storage goes beyond the limited traditional
@@ -22561,6 +25548,159 @@ For Netease NOS configure as per the configurator rclone config setting
 the provider Netease. This will automatically set
 force_path_style = false which is necessary for it to run properly.
 
+Petabox
+
+Here is an example of making a Petabox configuration. First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+    No remotes found, make a new one?
+    n) New remote
+    s) Set configuration password
+    n/s> n
+
+    Enter name for new remote.
+    name> My Petabox Storage
+
+    Option Storage.
+    Type of storage to configure.
+    Choose a number from below, or type in your own value.
+    [snip]
+    XX / Amazon S3 Compliant Storage Providers including AWS, ...
+       \ "s3"
+    [snip]
+    Storage> s3
+
+    Option provider.
+    Choose your S3 provider.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+    [snip]
+    XX / Petabox Object Storage
+       \ (Petabox)
+    [snip]
+    provider> Petabox
+
+    Option env_auth.
+    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+    Only applies if access_key_id and secret_access_key is blank.
+    Choose a number from below, or type in your own boolean value (true or false).
+    Press Enter for the default (false).
+     1 / Enter AWS credentials in the next step.
+       \ (false)
+     2 / Get AWS credentials from the environment (env vars or IAM).
+       \ (true)
+    env_auth> 1
+
+    Option access_key_id.
+    AWS Access Key ID.
+    Leave blank for anonymous access or runtime credentials.
+    Enter a value. Press Enter to leave empty.
+    access_key_id> YOUR_ACCESS_KEY_ID
+
+    Option secret_access_key.
+    AWS Secret Access Key (password).
+    Leave blank for anonymous access or runtime credentials.
+    Enter a value. Press Enter to leave empty.
+    secret_access_key> YOUR_SECRET_ACCESS_KEY
+
+    Option region.
+    Region where your bucket will be created and your data stored.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+     1 / US East (N. Virginia)
+       \ (us-east-1)
+     2 / Europe (Frankfurt)
+       \ (eu-central-1)
+     3 / Asia Pacific (Singapore)
+       \ (ap-southeast-1)
+     4 / Middle East (Bahrain)
+       \ (me-south-1)
+     5 / South America (São Paulo)
+       \ (sa-east-1)
+    region> 1
+
+    Option endpoint.
+    Endpoint for Petabox S3 Object Storage.
+    Specify the endpoint from the same region.
+    Choose a number from below, or type in your own value.
+     1 / US East (N. Virginia)
+       \ (s3.petabox.io)
+     2 / US East (N. Virginia)
+       \ (s3.us-east-1.petabox.io)
+     3 / Europe (Frankfurt)
+       \ (s3.eu-central-1.petabox.io)
+     4 / Asia Pacific (Singapore)
+       \ (s3.ap-southeast-1.petabox.io)
+     5 / Middle East (Bahrain)
+       \ (s3.me-south-1.petabox.io)
+     6 / South America (São Paulo)
+       \ (s3.sa-east-1.petabox.io)
+    endpoint> 1
+
+    Option acl.
+    Canned ACL used when creating buckets and storing or copying objects.
+    This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+    For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+    Note that this ACL is applied when server-side copying objects as S3
+    doesn't copy the ACL from the source but rather writes a fresh one.
+    If the acl is an empty string then no X-Amz-Acl: header is added and
+    the default (private) will be used.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+       / Owner gets FULL_CONTROL.
+     1 | No one else has access rights (default).
+       \ (private)
+       / Owner gets FULL_CONTROL.
+     2 | The AllUsers group gets READ access.
+       \ (public-read)
+       / Owner gets FULL_CONTROL.
+     3 | The AllUsers group gets READ and WRITE access.
+       | Granting this on a bucket is generally not recommended.
+       \ (public-read-write)
+       / Owner gets FULL_CONTROL.
+     4 | The AuthenticatedUsers group gets READ access.
+       \ (authenticated-read)
+       / Object owner gets FULL_CONTROL.
+     5 | Bucket owner gets READ access.
+       | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+       \ (bucket-owner-read)
+       / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+     6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+       \ (bucket-owner-full-control)
+    acl> 1
+
+    Edit advanced config?
+    y) Yes
+    n) No (default)
+    y/n> No
+
+    Configuration complete.
+    Options:
+    - type: s3
+    - provider: Petabox
+    - access_key_id: YOUR_ACCESS_KEY_ID
+    - secret_access_key: YOUR_SECRET_ACCESS_KEY
+    - region: us-east-1
+    - endpoint: s3.petabox.io
+    Keep this "My Petabox Storage" remote?
+    y) Yes this is OK (default)
+    e) Edit this remote
+    d) Delete this remote
+    y/e/d> y
+
+This will leave the config file looking like this.
+
+    [My Petabox Storage]
+    type = s3
+    provider = Petabox
+    access_key_id = YOUR_ACCESS_KEY_ID
+    secret_access_key = YOUR_SECRET_ACCESS_KEY
+    region = us-east-1
+    endpoint = s3.petabox.io
+
 Storj
 
 Storj is a decentralized cloud storage which can be used through its
@@ -22669,15647 +25809,17359 @@ mfs (most free space) as a member of an rclone union remote.
 
 See List of backends that do not support rclone about and rclone about
 
-Backblaze B2
+Synology C2 Object Storage
 
-B2 is Backblaze's cloud storage system.
+Synology C2 Object Storage provides a secure, S3-compatible, and
+cost-effective cloud storage solution without API request, download
+fees, and deletion penalty.
 
-Paths are specified as remote:bucket (or remote: for the lsd command.)
-You may put subdirectories in too, e.g. remote:bucket/path/to/dir.
-
-Configuration
+The S3 compatible gateway is configured using rclone config with a type
+of s3 and with a provider name of Synology. Here is an example run of
+the configurator.
 
-Here is an example of making a b2 configuration. First run
+First run:
 
     rclone config
 
-This will guide you through an interactive setup process. To
-authenticate you will either need your Account ID (a short hex number)
-and Master Application Key (a long hex number) OR an Application Key,
-which is the recommended method. See below for further details on
-generating and using an Application Key.
+This will guide you through an interactive setup process.
 
     No remotes found, make a new one?
     n) New remote
+    s) Set configuration password
     q) Quit config
-    n/q> n
-    name> remote
+
+    n/s/q> n
+
+    Enter name for new remote.1
+    name> syno
+
     Type of storage to configure.
+    Enter a string value. Press Enter for the default ("").
     Choose a number from below, or type in your own value
-    [snip]
-    XX / Backblaze B2
-       \ "b2"
-    [snip]
-    Storage> b2
-    Account ID or Application Key ID
-    account> 123456789abc
-    Application Key
-    key> 0123456789abcdef0123456789abcdef0123456789
-    Endpoint for the service - leave blank normally.
-    endpoint>
-    Remote config
-    --------------------
-    [remote]
-    account = 123456789abc
-    key = 0123456789abcdef0123456789abcdef0123456789
-    endpoint =
-    --------------------
-    y) Yes this is OK
+
+     5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, GCS, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, Petabox, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+       \ "s3"
+
+    Storage> s3
+
+    Choose your S3 provider.
+    Enter a string value. Press Enter for the default ("").
+    Choose a number from below, or type in your own value
+     24 / Synology C2 Object Storage
+       \ (Synology)
+
+    provider> Synology
+
+    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+    Only applies if access_key_id and secret_access_key is blank.
+    Enter a boolean value (true or false). Press Enter for the default ("false").
+    Choose a number from below, or type in your own value
+     1 / Enter AWS credentials in the next step
+       \ "false"
+     2 / Get AWS credentials from the environment (env vars or IAM)
+       \ "true"
+
+    env_auth> 1
+
+    AWS Access Key ID.
+    Leave blank for anonymous access or runtime credentials.
+    Enter a string value. Press Enter for the default ("").
+
+    access_key_id> accesskeyid
+
+    AWS Secret Access Key (password)
+    Leave blank for anonymous access or runtime credentials.
+    Enter a string value. Press Enter for the default ("").
+
+    secret_access_key> secretaccesskey
+
+    Region where your data stored.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+     1 / Europe Region 1
+       \ (eu-001)
+     2 / Europe Region 2
+       \ (eu-002)
+     3 / US Region 1
+       \ (us-001)
+     4 / US Region 2
+       \ (us-002)
+     5 / Asia (Taiwan)
+       \ (tw-001)
+
+    region > 1
+
+    Option endpoint.
+    Endpoint for Synology C2 Object Storage API.
+    Choose a number from below, or type in your own value.
+    Press Enter to leave empty.
+     1 / EU Endpoint 1
+       \ (eu-001.s3.synologyc2.net)
+     2 / US Endpoint 1
+       \ (us-001.s3.synologyc2.net)
+     3 / TW Endpoint 1
+       \ (tw-001.s3.synologyc2.net)
+
+    endpoint> 1
+
+    Option location_constraint.
+    Location constraint - must be set to match the Region.
+    Leave blank if not sure. Used when creating buckets only.
+    Enter a value. Press Enter to leave empty.
+    location_constraint>
+
+    Edit advanced config? (y/n)
+    y) Yes
+    n) No
+    y/n> y
+
+    Option no_check_bucket.
+    If set, don't attempt to check the bucket exists or create it.
+    This can be useful when trying to minimise the number of transactions
+    rclone does if you know the bucket exists already.
+    It can also be needed if the user you are using does not have bucket
+    creation permissions. Before v1.52.0 this would have passed silently
+    due to a bug.
+    Enter a boolean value (true or false). Press Enter for the default (true).
+
+    no_check_bucket> true
+
+    Configuration complete.
+    Options:
+    - type: s3
+    - provider: Synology
+    - region: eu-001
+    - endpoint: eu-001.s3.synologyc2.net
+    - no_check_bucket: true
+    Keep this "syno" remote?
+    y) Yes this is OK (default)
     e) Edit this remote
     d) Delete this remote
+
     y/e/d> y
 
-This remote is called remote and can now be used like this
+    #  Backblaze B2
 
-See all buckets
+    B2 is [Backblaze's cloud storage system](https://www.backblaze.com/b2/).
 
-    rclone lsd remote:
+    Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+    command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
 
-Create a new bucket
+    ## Configuration
 
-    rclone mkdir remote:bucket
+    Here is an example of making a b2 configuration.  First run
 
-List the contents of a bucket
+        rclone config
 
-    rclone ls remote:bucket
+    This will guide you through an interactive setup process.  To authenticate
+    you will either need your Account ID (a short hex number) and Master
+    Application Key (a long hex number) OR an Application Key, which is the
+    recommended method. See below for further details on generating and using
+    an Application Key.
 
-Sync /home/local/directory to the remote bucket, deleting any excess
-files in the bucket.
+No remotes found, make a new one? n) New remote q) Quit config n/q> n
+name> remote Type of storage to configure. Choose a number from below,
+or type in your own value [snip] XX / Backblaze B2  "b2" [snip] Storage>
+b2 Account ID or Application Key ID account> 123456789abc Application
+Key key> 0123456789abcdef0123456789abcdef0123456789 Endpoint for the
+service - leave blank normally. endpoint> Remote config
+-------------------- [remote] account = 123456789abc key =
+0123456789abcdef0123456789abcdef0123456789 endpoint =
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
-    rclone sync --interactive /home/local/directory remote:bucket
 
-Application Keys
+    This remote is called `remote` and can now be used like this
 
-B2 supports multiple Application Keys for different access permission to
-B2 Buckets.
+    See all buckets
 
-You can use these with rclone too; you will need to use rclone version
-1.43 or later.
+        rclone lsd remote:
 
-Follow Backblaze's docs to create an Application Key with the required
-permission and add the applicationKeyId as the account and the
-Application Key itself as the key.
+    Create a new bucket
 
-Note that you must put the applicationKeyId as the account – you can't
-use the master Account ID. If you try then B2 will return 401 errors.
+        rclone mkdir remote:bucket
 
---fast-list
+    List the contents of a bucket
 
-This remote supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details.
+        rclone ls remote:bucket
 
-Modified time
+    Sync `/home/local/directory` to the remote bucket, deleting any
+    excess files in the bucket.
 
-The modified time is stored as metadata on the object as
-X-Bz-Info-src_last_modified_millis as milliseconds since 1970-01-01 in
-the Backblaze standard. Other tools should be able to use this as a
-modified time.
+        rclone sync --interactive /home/local/directory remote:bucket
 
-Modified times are used in syncing and are fully supported. Note that if
-a modification time needs to be updated on an object then it will create
-a new version of the object.
+    ### Application Keys
 
-Restricted filename characters
+    B2 supports multiple [Application Keys for different access permission
+    to B2 Buckets](https://www.backblaze.com/b2/docs/application_keys.html).
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    You can use these with rclone too; you will need to use rclone version 1.43
+    or later.
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  \            0x5C        ＼
+    Follow Backblaze's docs to create an Application Key with the required
+    permission and add the `applicationKeyId` as the `account` and the
+    `Application Key` itself as the `key`.
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Note that you must put the _applicationKeyId_ as the `account` – you
+    can't use the master Account ID.  If you try then B2 will return 401
+    errors.
 
-Note that in 2020-05 Backblaze started allowing  characters in file
-names. Rclone hasn't changed its encoding as this could cause syncs to
-re-transfer files. If you want rclone not to replace  then see the
---b2-encoding flag below and remove the BackSlash from the string. This
-can be set in the config.
+    ### --fast-list
 
-SHA1 checksums
+    This remote supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
 
-The SHA1 checksums of the files are checked on upload and download and
-will be used in the syncing process.
+    ### Modification times
 
-Large files (bigger than the limit in --b2-upload-cutoff) which are
-uploaded in chunks will store their SHA1 on the object as
-X-Bz-Info-large_file_sha1 as recommended by Backblaze.
+    The modification time is stored as metadata on the object as
+    `X-Bz-Info-src_last_modified_millis` as milliseconds since 1970-01-01
+    in the Backblaze standard.  Other tools should be able to use this as
+    a modified time.
 
-For a large file to be uploaded with an SHA1 checksum, the source needs
-to support SHA1 checksums. The local disk supports SHA1 checksums so
-large file transfers from local disk will have an SHA1. See the overview
-for exactly which remotes support SHA1.
+    Modified times are used in syncing and are fully supported. Note that
+    if a modification time needs to be updated on an object then it will
+    create a new version of the object.
 
-Sources which don't support SHA1, in particular crypt will upload large
-files without SHA1 checksums. This may be fixed in the future (see
-#1767).
+    ### Restricted filename characters
 
-Files sizes below --b2-upload-cutoff will always have an SHA1 regardless
-of the source.
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-Transfers
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | \         | 0x5C  | ＼           |
 
-Backblaze recommends that you do lots of transfers simultaneously for
-maximum speed. In tests from my SSD equipped laptop the optimum setting
-is about --transfers 32 though higher numbers may be used for a slight
-speed improvement. The optimum number for you may vary depending on your
-hardware, how big the files are, how much you want to load your
-computer, etc. The default of --transfers 4 is definitely too low for
-Backblaze B2 though.
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-Note that uploading big files (bigger than 200 MiB by default) will use
-a 96 MiB RAM buffer by default. There can be at most --transfers of
-these in use at any moment, so this sets the upper limit on the memory
-used.
+    Note that in 2020-05 Backblaze started allowing \ characters in file
+    names. Rclone hasn't changed its encoding as this could cause syncs to
+    re-transfer files. If you want rclone not to replace \ then see the
+    `--b2-encoding` flag below and remove the `BackSlash` from the
+    string. This can be set in the config.
 
-Versions
+    ### SHA1 checksums
 
-When rclone uploads a new version of a file it creates a new version of
-it. Likewise when you delete a file, the old version will be marked
-hidden and still be available. Conversely, you may opt in to a "hard
-delete" of files with the --b2-hard-delete flag which would permanently
-remove the file instead of hiding it.
+    The SHA1 checksums of the files are checked on upload and download and
+    will be used in the syncing process.
 
-Old versions of files, where available, are visible using the
---b2-versions flag.
+    Large files (bigger than the limit in `--b2-upload-cutoff`) which are
+    uploaded in chunks will store their SHA1 on the object as
+    `X-Bz-Info-large_file_sha1` as recommended by Backblaze.
 
-It is also possible to view a bucket as it was at a certain point in
-time, using the --b2-version-at flag. This will show the file versions
-as they were at that time, showing files that have been deleted
-afterwards, and hiding files that were created since.
+    For a large file to be uploaded with an SHA1 checksum, the source
+    needs to support SHA1 checksums. The local disk supports SHA1
+    checksums so large file transfers from local disk will have an SHA1.
+    See [the overview](https://rclone.org/overview/#features) for exactly which remotes
+    support SHA1.
 
-If you wish to remove all the old versions then you can use the
-rclone cleanup remote:bucket command which will delete all the old
-versions of files, leaving the current ones intact. You can also supply
-a path and only old versions under that path will be deleted, e.g.
-rclone cleanup remote:bucket/path/to/stuff.
+    Sources which don't support SHA1, in particular `crypt` will upload
+    large files without SHA1 checksums.  This may be fixed in the future
+    (see [#1767](https://github.com/rclone/rclone/issues/1767)).
 
-Note that cleanup will remove partially uploaded files from the bucket
-if they are more than a day old.
+    Files sizes below `--b2-upload-cutoff` will always have an SHA1
+    regardless of the source.
 
-When you purge a bucket, the current and the old versions will be
-deleted then the bucket will be deleted.
+    ### Transfers
 
-However delete will cause the current versions of the files to become
-hidden old versions.
+    Backblaze recommends that you do lots of transfers simultaneously for
+    maximum speed.  In tests from my SSD equipped laptop the optimum
+    setting is about `--transfers 32` though higher numbers may be used
+    for a slight speed improvement. The optimum number for you may vary
+    depending on your hardware, how big the files are, how much you want
+    to load your computer, etc.  The default of `--transfers 4` is
+    definitely too low for Backblaze B2 though.
 
-Here is a session showing the listing and retrieval of an old version
-followed by a cleanup of the old versions.
+    Note that uploading big files (bigger than 200 MiB by default) will use
+    a 96 MiB RAM buffer by default.  There can be at most `--transfers` of
+    these in use at any moment, so this sets the upper limit on the memory
+    used.
 
-Show current version and all the versions with --b2-versions flag.
+    ### Versions
 
-    $ rclone -q ls b2:cleanup-test
-            9 one.txt
+    When rclone uploads a new version of a file it creates a [new version
+    of it](https://www.backblaze.com/b2/docs/file_versions.html).
+    Likewise when you delete a file, the old version will be marked hidden
+    and still be available.  Conversely, you may opt in to a "hard delete"
+    of files with the `--b2-hard-delete` flag which would permanently remove
+    the file instead of hiding it.
 
-    $ rclone -q --b2-versions ls b2:cleanup-test
-            9 one.txt
-            8 one-v2016-07-04-141032-000.txt
-           16 one-v2016-07-04-141003-000.txt
-           15 one-v2016-07-02-155621-000.txt
+    Old versions of files, where available, are visible using the 
+    `--b2-versions` flag.
 
-Retrieve an old version
+    It is also possible to view a bucket as it was at a certain point in time,
+    using the `--b2-version-at` flag. This will show the file versions as they
+    were at that time, showing files that have been deleted afterwards, and
+    hiding files that were created since.
 
-    $ rclone -q --b2-versions copy b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
+    If you wish to remove all the old versions then you can use the
+    `rclone cleanup remote:bucket` command which will delete all the old
+    versions of files, leaving the current ones intact.  You can also
+    supply a path and only old versions under that path will be deleted,
+    e.g. `rclone cleanup remote:bucket/path/to/stuff`.
 
-    $ ls -l /tmp/one-v2016-07-04-141003-000.txt
-    -rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
+    Note that `cleanup` will remove partially uploaded files from the bucket
+    if they are more than a day old.
 
-Clean up all the old versions and show that they've gone.
+    When you `purge` a bucket, the current and the old versions will be
+    deleted then the bucket will be deleted.
 
-    $ rclone -q cleanup b2:cleanup-test
+    However `delete` will cause the current versions of the files to
+    become hidden old versions.
 
-    $ rclone -q ls b2:cleanup-test
-            9 one.txt
+    Here is a session showing the listing and retrieval of an old
+    version followed by a `cleanup` of the old versions.
 
-    $ rclone -q --b2-versions ls b2:cleanup-test
-            9 one.txt
+    Show current version and all the versions with `--b2-versions` flag.
 
-Data usage
+$ rclone -q ls b2:cleanup-test 9 one.txt
 
-It is useful to know how many requests are sent to the server in
-different scenarios.
+$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt 8
+one-v2016-07-04-141032-000.txt 16 one-v2016-07-04-141003-000.txt 15
+one-v2016-07-02-155621-000.txt
 
-All copy commands send the following 4 requests:
 
-    /b2api/v1/b2_authorize_account
-    /b2api/v1/b2_create_bucket
-    /b2api/v1/b2_list_buckets
-    /b2api/v1/b2_list_file_names
+    Retrieve an old version
 
-The b2_list_file_names request will be sent once for every 1k files in
-the remote path, providing the checksum and modification time of the
-listed files. As of version 1.33 issue #818 causes extra requests to be
-sent when using B2 with Crypt. When a copy operation does not require
-any files to be uploaded, no more requests will be sent.
+$ rclone -q --b2-versions copy
+b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
 
-Uploading files that do not require chunking, will send 2 requests per
-file upload:
+$ ls -l /tmp/one-v2016-07-04-141003-000.txt -rw-rw-r-- 1 ncw ncw 16 Jul
+2 17:46 /tmp/one-v2016-07-04-141003-000.txt
 
-    /b2api/v1/b2_get_upload_url
-    /b2api/v1/b2_upload_file/
 
-Uploading files requiring chunking, will send 2 requests (one each to
-start and finish the upload) and another 2 requests for each chunk:
+    Clean up all the old versions and show that they've gone.
 
-    /b2api/v1/b2_start_large_file
-    /b2api/v1/b2_get_upload_part_url
-    /b2api/v1/b2_upload_part/
-    /b2api/v1/b2_finish_large_file
+$ rclone -q cleanup b2:cleanup-test
 
-Versions
+$ rclone -q ls b2:cleanup-test 9 one.txt
 
-Versions can be viewed with the --b2-versions flag. When it is set
-rclone will show and act on older versions of files. For example
+$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt
 
-Listing without --b2-versions
 
-    $ rclone -q ls b2:cleanup-test
-            9 one.txt
+    #### Versions naming caveat
 
-And with
+    When using `--b2-versions` flag rclone is relying on the file name
+    to work out whether the objects are versions or not. Versions' names
+    are created by inserting timestamp between file name and its extension.
 
-    $ rclone -q --b2-versions ls b2:cleanup-test
-            9 one.txt
-            8 one-v2016-07-04-141032-000.txt
-           16 one-v2016-07-04-141003-000.txt
-           15 one-v2016-07-02-155621-000.txt
+        9 file.txt
+        8 file-v2023-07-17-161032-000.txt
+       16 file-v2023-06-15-141003-000.txt
 
-Showing that the current version is unchanged but older versions can be
-seen. These have the UTC date that they were uploaded to the server to
-the nearest millisecond appended to them.
+    If there are real files present with the same names as versions, then
+    behaviour of `--b2-versions` can be unpredictable.
 
-Note that when using --b2-versions no file write operations are
-permitted, so you can't upload files or delete them.
+    ### Data usage
 
-B2 and rclone link
+    It is useful to know how many requests are sent to the server in different scenarios.
 
-Rclone supports generating file share links for private B2 buckets. They
-can either be for a file for example:
+    All copy commands send the following 4 requests:
 
-    ./rclone link B2:bucket/path/to/file.txt
-    https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
+/b2api/v1/b2_authorize_account /b2api/v1/b2_create_bucket
+/b2api/v1/b2_list_buckets /b2api/v1/b2_list_file_names
 
-or if run on a directory you will get:
 
-    ./rclone link B2:bucket/path
-    https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx
+    The `b2_list_file_names` request will be sent once for every 1k files
+    in the remote path, providing the checksum and modification time of
+    the listed files. As of version 1.33 issue
+    [#818](https://github.com/rclone/rclone/issues/818) causes extra requests
+    to be sent when using B2 with Crypt. When a copy operation does not
+    require any files to be uploaded, no more requests will be sent.
 
-you can then use the authorization token (the part of the url from the
-?Authorization= on) on any file path under that directory. For example:
+    Uploading files that do not require chunking, will send 2 requests per
+    file upload:
 
-    https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx
-    https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx
-    https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx
+/b2api/v1/b2_get_upload_url /b2api/v1/b2_upload_file/
 
-Standard options
 
-Here are the Standard options specific to b2 (Backblaze B2).
+    Uploading files requiring chunking, will send 2 requests (one each to
+    start and finish the upload) and another 2 requests for each chunk:
 
---b2-account
+/b2api/v1/b2_start_large_file /b2api/v1/b2_get_upload_part_url
+/b2api/v1/b2_upload_part/ /b2api/v1/b2_finish_large_file
 
-Account ID or Application Key ID.
 
-Properties:
+    #### Versions
 
--   Config: account
--   Env Var: RCLONE_B2_ACCOUNT
--   Type: string
--   Required: true
+    Versions can be viewed with the `--b2-versions` flag. When it is set
+    rclone will show and act on older versions of files.  For example
 
---b2-key
+    Listing without `--b2-versions`
 
-Application Key.
+$ rclone -q ls b2:cleanup-test 9 one.txt
 
-Properties:
 
--   Config: key
--   Env Var: RCLONE_B2_KEY
--   Type: string
--   Required: true
+    And with
 
---b2-hard-delete
+$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt 8
+one-v2016-07-04-141032-000.txt 16 one-v2016-07-04-141003-000.txt 15
+one-v2016-07-02-155621-000.txt
 
-Permanently delete files on remote removal, otherwise hide files.
 
-Properties:
+    Showing that the current version is unchanged but older versions can
+    be seen.  These have the UTC date that they were uploaded to the
+    server to the nearest millisecond appended to them.
 
--   Config: hard_delete
--   Env Var: RCLONE_B2_HARD_DELETE
--   Type: bool
--   Default: false
+    Note that when using `--b2-versions` no file write operations are
+    permitted, so you can't upload files or delete them.
 
-Advanced options
+    ### B2 and rclone link
 
-Here are the Advanced options specific to b2 (Backblaze B2).
+    Rclone supports generating file share links for private B2 buckets.
+    They can either be for a file for example:
 
---b2-endpoint
+./rclone link B2:bucket/path/to/file.txt
+https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
 
-Endpoint for the service.
 
-Leave blank normally.
+    or if run on a directory you will get:
 
-Properties:
+./rclone link B2:bucket/path
+https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx
 
--   Config: endpoint
--   Env Var: RCLONE_B2_ENDPOINT
--   Type: string
--   Required: false
 
---b2-test-mode
+    you can then use the authorization token (the part of the url from the
+     `?Authorization=` on) on any file path under that directory. For example:
 
-A flag string for X-Bz-Test-Mode header for debugging.
+https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx
+https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx
+https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx
 
-This is for debugging purposes only. Setting it to one of the strings
-below will cause b2 to return specific errors:
 
--   "fail_some_uploads"
--   "expire_some_account_authorization_tokens"
--   "force_cap_exceeded"
 
-These will be set in the "X-Bz-Test-Mode" header which is documented in
-the b2 integrations checklist.
+    ### Standard options
 
-Properties:
+    Here are the Standard options specific to b2 (Backblaze B2).
 
--   Config: test_mode
--   Env Var: RCLONE_B2_TEST_MODE
--   Type: string
--   Required: false
+    #### --b2-account
 
---b2-versions
+    Account ID or Application Key ID.
 
-Include old versions in directory listings.
+    Properties:
 
-Note that when using this no file write operations are permitted, so you
-can't upload files or delete them.
+    - Config:      account
+    - Env Var:     RCLONE_B2_ACCOUNT
+    - Type:        string
+    - Required:    true
 
-Properties:
+    #### --b2-key
 
--   Config: versions
--   Env Var: RCLONE_B2_VERSIONS
--   Type: bool
--   Default: false
+    Application Key.
 
---b2-version-at
+    Properties:
 
-Show file versions as they were at the specified time.
+    - Config:      key
+    - Env Var:     RCLONE_B2_KEY
+    - Type:        string
+    - Required:    true
 
-Note that when using this no file write operations are permitted, so you
-can't upload files or delete them.
+    #### --b2-hard-delete
 
-Properties:
+    Permanently delete files on remote removal, otherwise hide files.
 
--   Config: version_at
--   Env Var: RCLONE_B2_VERSION_AT
--   Type: Time
--   Default: off
+    Properties:
 
---b2-upload-cutoff
+    - Config:      hard_delete
+    - Env Var:     RCLONE_B2_HARD_DELETE
+    - Type:        bool
+    - Default:     false
 
-Cutoff for switching to chunked upload.
+    ### Advanced options
 
-Files above this size will be uploaded in chunks of "--b2-chunk-size".
+    Here are the Advanced options specific to b2 (Backblaze B2).
 
-This value should be set no larger than 4.657 GiB (== 5 GB).
+    #### --b2-endpoint
 
-Properties:
+    Endpoint for the service.
 
--   Config: upload_cutoff
--   Env Var: RCLONE_B2_UPLOAD_CUTOFF
--   Type: SizeSuffix
--   Default: 200Mi
+    Leave blank normally.
 
---b2-copy-cutoff
+    Properties:
 
-Cutoff for switching to multipart copy.
+    - Config:      endpoint
+    - Env Var:     RCLONE_B2_ENDPOINT
+    - Type:        string
+    - Required:    false
 
-Any files larger than this that need to be server-side copied will be
-copied in chunks of this size.
+    #### --b2-test-mode
 
-The minimum is 0 and the maximum is 4.6 GiB.
+    A flag string for X-Bz-Test-Mode header for debugging.
 
-Properties:
+    This is for debugging purposes only. Setting it to one of the strings
+    below will cause b2 to return specific errors:
 
--   Config: copy_cutoff
--   Env Var: RCLONE_B2_COPY_CUTOFF
--   Type: SizeSuffix
--   Default: 4Gi
+      * "fail_some_uploads"
+      * "expire_some_account_authorization_tokens"
+      * "force_cap_exceeded"
 
---b2-chunk-size
+    These will be set in the "X-Bz-Test-Mode" header which is documented
+    in the [b2 integrations checklist](https://www.backblaze.com/b2/docs/integration_checklist.html).
 
-Upload chunk size.
+    Properties:
 
-When uploading large files, chunk the file into this size.
+    - Config:      test_mode
+    - Env Var:     RCLONE_B2_TEST_MODE
+    - Type:        string
+    - Required:    false
 
-Must fit in memory. These chunks are buffered in memory and there might
-a maximum of "--transfers" chunks in progress at once.
+    #### --b2-versions
 
-5,000,000 Bytes is the minimum size.
+    Include old versions in directory listings.
 
-Properties:
+    Note that when using this no file write operations are permitted,
+    so you can't upload files or delete them.
 
--   Config: chunk_size
--   Env Var: RCLONE_B2_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 96Mi
+    Properties:
 
---b2-disable-checksum
+    - Config:      versions
+    - Env Var:     RCLONE_B2_VERSIONS
+    - Type:        bool
+    - Default:     false
 
-Disable checksums for large (> upload cutoff) files.
+    #### --b2-version-at
 
-Normally rclone will calculate the SHA1 checksum of the input before
-uploading it so it can add it to metadata on the object. This is great
-for data integrity checking but can cause long delays for large files to
-start uploading.
+    Show file versions as they were at the specified time.
 
-Properties:
+    Note that when using this no file write operations are permitted,
+    so you can't upload files or delete them.
 
--   Config: disable_checksum
--   Env Var: RCLONE_B2_DISABLE_CHECKSUM
--   Type: bool
--   Default: false
+    Properties:
 
---b2-download-url
+    - Config:      version_at
+    - Env Var:     RCLONE_B2_VERSION_AT
+    - Type:        Time
+    - Default:     off
 
-Custom endpoint for downloads.
+    #### --b2-upload-cutoff
 
-This is usually set to a Cloudflare CDN URL as Backblaze offers free
-egress for data downloaded through the Cloudflare network. Rclone works
-with private buckets by sending an "Authorization" header. If the custom
-endpoint rewrites the requests for authentication, e.g., in Cloudflare
-Workers, this header needs to be handled properly. Leave blank if you
-want to use the endpoint provided by Backblaze.
+    Cutoff for switching to chunked upload.
 
-The URL provided here SHOULD have the protocol and SHOULD NOT have a
-trailing slash or specify the /file/bucket subpath as rclone will
-request files with "{download_url}/file/{bucket_name}/{path}".
+    Files above this size will be uploaded in chunks of "--b2-chunk-size".
 
-Example: > https://mysubdomain.mydomain.tld (No trailing "/", "file" or
-"bucket")
+    This value should be set no larger than 4.657 GiB (== 5 GB).
 
-Properties:
+    Properties:
 
--   Config: download_url
--   Env Var: RCLONE_B2_DOWNLOAD_URL
--   Type: string
--   Required: false
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_B2_UPLOAD_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     200Mi
 
---b2-download-auth-duration
+    #### --b2-copy-cutoff
 
-Time before the authorization token will expire in s or suffix
-ms|s|m|h|d.
+    Cutoff for switching to multipart copy.
 
-The duration before the download authorization token will expire. The
-minimum value is 1 second. The maximum value is one week.
+    Any files larger than this that need to be server-side copied will be
+    copied in chunks of this size.
 
-Properties:
+    The minimum is 0 and the maximum is 4.6 GiB.
 
--   Config: download_auth_duration
--   Env Var: RCLONE_B2_DOWNLOAD_AUTH_DURATION
--   Type: Duration
--   Default: 1w
+    Properties:
 
---b2-memory-pool-flush-time
+    - Config:      copy_cutoff
+    - Env Var:     RCLONE_B2_COPY_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     4Gi
 
-How often internal memory buffer pools will be flushed. Uploads which
-requires additional buffers (f.e multipart) will use memory pool for
-allocations. This option controls how often unused buffers will be
-removed from the pool.
+    #### --b2-chunk-size
 
-Properties:
+    Upload chunk size.
 
--   Config: memory_pool_flush_time
--   Env Var: RCLONE_B2_MEMORY_POOL_FLUSH_TIME
--   Type: Duration
--   Default: 1m0s
+    When uploading large files, chunk the file into this size.
 
---b2-memory-pool-use-mmap
+    Must fit in memory. These chunks are buffered in memory and there
+    might a maximum of "--transfers" chunks in progress at once.
 
-Whether to use mmap buffers in internal memory pool.
+    5,000,000 Bytes is the minimum size.
 
-Properties:
+    Properties:
 
--   Config: memory_pool_use_mmap
--   Env Var: RCLONE_B2_MEMORY_POOL_USE_MMAP
--   Type: bool
--   Default: false
+    - Config:      chunk_size
+    - Env Var:     RCLONE_B2_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     96Mi
 
---b2-encoding
+    #### --b2-upload-concurrency
 
-The encoding for the backend.
+    Concurrency for multipart uploads.
 
-See the encoding section in the overview for more info.
+    This is the number of chunks of the same file that are uploaded
+    concurrently.
 
-Properties:
+    Note that chunks are stored in memory and there may be up to
+    "--transfers" * "--b2-upload-concurrency" chunks stored at once
+    in memory.
 
--   Config: encoding
--   Env Var: RCLONE_B2_ENCODING
--   Type: MultiEncoder
--   Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+    Properties:
 
-Limitations
+    - Config:      upload_concurrency
+    - Env Var:     RCLONE_B2_UPLOAD_CONCURRENCY
+    - Type:        int
+    - Default:     4
 
-rclone about is not supported by the B2 backend. Backends without this
-capability cannot determine free space for an rclone mount or use policy
-mfs (most free space) as a member of an rclone union remote.
+    #### --b2-disable-checksum
 
-See List of backends that do not support rclone about and rclone about
+    Disable checksums for large (> upload cutoff) files.
 
-Box
+    Normally rclone will calculate the SHA1 checksum of the input before
+    uploading it so it can add it to metadata on the object. This is great
+    for data integrity checking but can cause long delays for large files
+    to start uploading.
 
-Paths are specified as remote:path
+    Properties:
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    - Config:      disable_checksum
+    - Env Var:     RCLONE_B2_DISABLE_CHECKSUM
+    - Type:        bool
+    - Default:     false
 
-The initial setup for Box involves getting a token from Box which you
-can do either in your browser, or with a config.json downloaded from Box
-to use JWT authentication. rclone config walks you through it.
+    #### --b2-download-url
 
-Configuration
+    Custom endpoint for downloads.
 
-Here is an example of how to make a remote called remote. First run:
+    This is usually set to a Cloudflare CDN URL as Backblaze offers
+    free egress for data downloaded through the Cloudflare network.
+    Rclone works with private buckets by sending an "Authorization" header.
+    If the custom endpoint rewrites the requests for authentication,
+    e.g., in Cloudflare Workers, this header needs to be handled properly.
+    Leave blank if you want to use the endpoint provided by Backblaze.
 
-     rclone config
+    The URL provided here SHOULD have the protocol and SHOULD NOT have
+    a trailing slash or specify the /file/bucket subpath as rclone will
+    request files with "{download_url}/file/{bucket_name}/{path}".
 
-This will guide you through an interactive setup process:
+    Example:
+    > https://mysubdomain.mydomain.tld
+    (No trailing "/", "file" or "bucket")
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Box
-       \ "box"
-    [snip]
-    Storage> box
-    Box App Client Id - leave blank normally.
-    client_id> 
-    Box App Client Secret - leave blank normally.
-    client_secret>
-    Box App config.json location
-    Leave blank normally.
-    Enter a string value. Press Enter for the default ("").
-    box_config_file>
-    Box App Primary Access Token
-    Leave blank normally.
-    Enter a string value. Press Enter for the default ("").
-    access_token>
+    Properties:
 
-    Enter a string value. Press Enter for the default ("user").
-    Choose a number from below, or type in your own value
-     1 / Rclone should act on behalf of a user
-       \ "user"
-     2 / Rclone should act on behalf of a service account
-       \ "enterprise"
-    box_sub_type>
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [remote]
-    client_id = 
-    client_secret = 
-    token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"XXX"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    - Config:      download_url
+    - Env Var:     RCLONE_B2_DOWNLOAD_URL
+    - Type:        string
+    - Required:    false
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+    #### --b2-download-auth-duration
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Box. This only runs from the moment it opens your
-browser to the moment you get back the verification code. This is on
-http://127.0.0.1:53682/ and this it may require you to unblock it
-temporarily if you are running a host firewall.
+    Time before the authorization token will expire in s or suffix ms|s|m|h|d.
 
-Once configured you can then use rclone like this,
+    The duration before the download authorization token will expire.
+    The minimum value is 1 second. The maximum value is one week.
 
-List directories in top level of your Box
+    Properties:
 
-    rclone lsd remote:
+    - Config:      download_auth_duration
+    - Env Var:     RCLONE_B2_DOWNLOAD_AUTH_DURATION
+    - Type:        Duration
+    - Default:     1w
 
-List all the files in your Box
+    #### --b2-memory-pool-flush-time
 
-    rclone ls remote:
+    How often internal memory buffer pools will be flushed. (no longer used)
 
-To copy a local directory to an Box directory called backup
+    Properties:
 
-    rclone copy /home/source remote:backup
+    - Config:      memory_pool_flush_time
+    - Env Var:     RCLONE_B2_MEMORY_POOL_FLUSH_TIME
+    - Type:        Duration
+    - Default:     1m0s
 
-Using rclone with an Enterprise account with SSO
+    #### --b2-memory-pool-use-mmap
 
-If you have an "Enterprise" account type with Box with single sign on
-(SSO), you need to create a password to use Box with rclone. This can be
-done at your Enterprise Box account by going to Settings, "Account" Tab,
-and then set the password in the "Authentication" field.
+    Whether to use mmap buffers in internal memory pool. (no longer used)
 
-Once you have done this, you can setup your Enterprise Box account using
-the same procedure detailed above in the, using the password you have
-just set.
+    Properties:
 
-Invalid refresh token
+    - Config:      memory_pool_use_mmap
+    - Env Var:     RCLONE_B2_MEMORY_POOL_USE_MMAP
+    - Type:        bool
+    - Default:     false
 
-According to the box docs:
+    #### --b2-lifecycle
 
-  Each refresh_token is valid for one use in 60 days.
+    Set the number of days deleted files should be kept when creating a bucket.
 
-This means that if you
+    On bucket creation, this parameter is used to create a lifecycle rule
+    for the entire bucket.
 
--   Don't use the box remote for 60 days
--   Copy the config file with a box refresh token in and use it in two
-    places
--   Get an error on a token refresh
+    If lifecycle is 0 (the default) it does not create a lifecycle rule so
+    the default B2 behaviour applies. This is to create versions of files
+    on delete and overwrite and to keep them indefinitely.
 
-then rclone will return an error which includes the text
-Invalid refresh token.
+    If lifecycle is >0 then it creates a single rule setting the number of
+    days before a file that is deleted or overwritten is deleted
+    permanently. This is known as daysFromHidingToDeleting in the b2 docs.
 
-To fix this you will need to use oauth2 again to update the refresh
-token. You can use the methods in the remote setup docs, bearing in mind
-that if you use the copy the config file method, you should not use that
-remote on the computer you did the authentication on.
+    The minimum value for this parameter is 1 day.
 
-Here is how to do it.
+    You can also enable hard_delete in the config also which will mean
+    deletions won't cause versions but overwrites will still cause
+    versions to be made.
 
-    $ rclone config
-    Current remotes:
+    See: [rclone backend lifecycle](#lifecycle) for setting lifecycles after bucket creation.
 
-    Name                 Type
-    ====                 ====
-    remote               box
 
-    e) Edit existing remote
-    n) New remote
-    d) Delete remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    e/n/d/r/c/s/q> e
-    Choose a number from below, or type in an existing value
-     1 > remote
-    remote> remote
-    --------------------
-    [remote]
-    type = box
-    token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2017-07-08T23:40:08.059167677+01:00"}
-    --------------------
-    Edit remote
-    Value "client_id" = ""
-    Edit? (y/n)>
-    y) Yes
-    n) No
-    y/n> n
-    Value "client_secret" = ""
-    Edit? (y/n)>
-    y) Yes
-    n) No
-    y/n> n
-    Remote config
-    Already have a token - refresh?
-    y) Yes
-    n) No
-    y/n> y
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [remote]
-    type = box
-    token = {"access_token":"YYY","token_type":"bearer","refresh_token":"YYY","expiry":"2017-07-23T12:22:29.259137901+01:00"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Properties:
 
-Modified time and hashes
+    - Config:      lifecycle
+    - Env Var:     RCLONE_B2_LIFECYCLE
+    - Type:        int
+    - Default:     0
 
-Box allows modification times to be set on objects accurate to 1 second.
-These will be used to detect whether objects need syncing or not.
+    #### --b2-encoding
 
-Box supports SHA1 type hashes, so you can use the --checksum flag.
+    The encoding for the backend.
 
-Restricted filename characters
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    Properties:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  \            0x5C        ＼
+    - Config:      encoding
+    - Env Var:     RCLONE_B2_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
-File names can also not end with the following characters. These only
-get replaced if they are the last character in the name:
+    ## Backend commands
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  SP           0x20         ␠
+    Here are the commands specific to the b2 backend.
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Run them with
 
-Transfers
+        rclone backend COMMAND remote:
 
-For files above 50 MiB rclone will use a chunked transfer. Rclone will
-upload up to --transfers chunks at the same time (shared among all the
-multipart uploads). Chunks are buffered in memory and are normally 8 MiB
-so increasing --transfers will increase memory use.
+    The help below will explain what arguments each command takes.
 
-Deleting files
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
 
-Depending on the enterprise settings for your user, the item will either
-be actually deleted from Box or moved to the trash.
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
 
-Emptying the trash is supported via the rclone however cleanup command
-however this deletes every trashed file and folder individually so it
-may take a very long time. Emptying the trash via the WebUI does not
-have this limitation so it is advised to empty the trash via the WebUI.
+    ### lifecycle
 
-Root folder ID
+    Read or set the lifecycle for a bucket
 
-You can set the root_folder_id for rclone. This is the directory
-(identified by its Folder ID) that rclone considers to be the root of
-your Box drive.
+        rclone backend lifecycle remote: [options] [<arguments>+]
 
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
+    This command can be used to read or set the lifecycle for a bucket.
 
-However you can set this to restrict rclone to a specific folder
-hierarchy.
+    Usage Examples:
 
-In order to do this you will have to find the Folder ID of the directory
-you wish rclone to display. This will be the last segment of the URL
-when you open the relevant folder in the Box web interface.
+    To show the current lifecycle rules:
 
-So if the folder you want rclone to use has a URL which looks like
-https://app.box.com/folder/11xxxxxxxxx8 in the browser, then you use
-11xxxxxxxxx8 as the root_folder_id in the config.
+        rclone backend lifecycle b2:bucket
 
-Standard options
+    This will dump something like this showing the lifecycle rules.
 
-Here are the Standard options specific to box (Box).
+        [
+            {
+                "daysFromHidingToDeleting": 1,
+                "daysFromUploadingToHiding": null,
+                "fileNamePrefix": ""
+            }
+        ]
 
---box-client-id
+    If there are no lifecycle rules (the default) then it will just return [].
 
-OAuth Client Id.
+    To reset the current lifecycle rules:
 
-Leave blank normally.
+        rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=30
+        rclone backend lifecycle b2:bucket -o daysFromUploadingToHiding=5 -o daysFromHidingToDeleting=1
 
-Properties:
+    This will run and then print the new lifecycle rules as above.
 
--   Config: client_id
--   Env Var: RCLONE_BOX_CLIENT_ID
--   Type: string
--   Required: false
+    Rclone only lets you set lifecycles for the whole bucket with the
+    fileNamePrefix = "".
 
---box-client-secret
+    You can't disable versioning with B2. The best you can do is to set
+    the daysFromHidingToDeleting to 1 day. You can enable hard_delete in
+    the config also which will mean deletions won't cause versions but
+    overwrites will still cause versions to be made.
 
-OAuth Client Secret.
+        rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=1
 
-Leave blank normally.
+    See: https://www.backblaze.com/docs/cloud-storage-lifecycle-rules
 
-Properties:
 
--   Config: client_secret
--   Env Var: RCLONE_BOX_CLIENT_SECRET
--   Type: string
--   Required: false
+    Options:
 
---box-box-config-file
+    - "daysFromHidingToDeleting": After a file has been hidden for this many days it is deleted. 0 is off.
+    - "daysFromUploadingToHiding": This many days after uploading a file is hidden
 
-Box App config.json location
 
-Leave blank normally.
 
-Leading ~ will be expanded in the file name as will environment
-variables such as ${RCLONE_CONFIG_DIR}.
+    ## Limitations
 
-Properties:
+    `rclone about` is not supported by the B2 backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
 
--   Config: box_config_file
--   Env Var: RCLONE_BOX_BOX_CONFIG_FILE
--   Type: string
--   Required: false
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
---box-access-token
+    #  Box
 
-Box App Primary Access Token
+    Paths are specified as `remote:path`
 
-Leave blank normally.
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-Properties:
+    The initial setup for Box involves getting a token from Box which you
+    can do either in your browser, or with a config.json downloaded from Box
+    to use JWT authentication.  `rclone config` walks you through it.
 
--   Config: access_token
--   Env Var: RCLONE_BOX_ACCESS_TOKEN
--   Type: string
--   Required: false
+    ## Configuration
 
---box-box-sub-type
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Properties:
+         rclone config
 
--   Config: box_sub_type
--   Env Var: RCLONE_BOX_BOX_SUB_TYPE
--   Type: string
--   Default: "user"
--   Examples:
-    -   "user"
-        -   Rclone should act on behalf of a user.
-    -   "enterprise"
-        -   Rclone should act on behalf of a service account.
+    This will guide you through an interactive setup process:
 
-Advanced options
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Box  "box" [snip] Storage> box Box App Client Id - leave blank
+normally. client_id> Box App Client Secret - leave blank normally.
+client_secret> Box App config.json location Leave blank normally. Enter
+a string value. Press Enter for the default (""). box_config_file> Box
+App Primary Access Token Leave blank normally. Enter a string value.
+Press Enter for the default (""). access_token>
 
-Here are the Advanced options specific to box (Box).
+Enter a string value. Press Enter for the default ("user"). Choose a
+number from below, or type in your own value 1 / Rclone should act on
+behalf of a user  "user" 2 / Rclone should act on behalf of a service
+account  "enterprise" box_sub_type> Remote config Use web browser to
+automatically authenticate rclone with remote? * Say Y if the machine
+running rclone has a web browser you can use * Say N if running rclone
+on a (remote) machine without web browser access If not sure try Y. If Y
+failed, try N. y) Yes n) No y/n> y If your browser doesn't open
+automatically go to the following link: http://127.0.0.1:53682/auth Log
+in and authorize rclone for access Waiting for code... Got code
+-------------------- [remote] client_id = client_secret = token =
+{"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"XXX"}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
---box-token
 
-OAuth Access Token as a JSON blob.
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
-Properties:
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from Box. This only runs from the moment it opens
+    your browser to the moment you get back the verification code.  This
+    is on `http://127.0.0.1:53682/` and this it may require you to unblock
+    it temporarily if you are running a host firewall.
 
--   Config: token
--   Env Var: RCLONE_BOX_TOKEN
--   Type: string
--   Required: false
+    Once configured you can then use `rclone` like this,
 
---box-auth-url
+    List directories in top level of your Box
 
-Auth server URL.
+        rclone lsd remote:
 
-Leave blank to use the provider defaults.
+    List all the files in your Box
 
-Properties:
+        rclone ls remote:
 
--   Config: auth_url
--   Env Var: RCLONE_BOX_AUTH_URL
--   Type: string
--   Required: false
+    To copy a local directory to an Box directory called backup
 
---box-token-url
+        rclone copy /home/source remote:backup
 
-Token server url.
+    ### Using rclone with an Enterprise account with SSO
 
-Leave blank to use the provider defaults.
+    If you have an "Enterprise" account type with Box with single sign on
+    (SSO), you need to create a password to use Box with rclone. This can
+    be done at your Enterprise Box account by going to Settings, "Account"
+    Tab, and then set the password in the "Authentication" field.
 
-Properties:
+    Once you have done this, you can setup your Enterprise Box account
+    using the same procedure detailed above in the, using the password you
+    have just set.
 
--   Config: token_url
--   Env Var: RCLONE_BOX_TOKEN_URL
--   Type: string
--   Required: false
+    ### Invalid refresh token
 
---box-root-folder-id
+    According to the [box docs](https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens):
 
-Fill in for rclone to use a non root folder as its starting point.
+    > Each refresh_token is valid for one use in 60 days.
 
-Properties:
+    This means that if you
 
--   Config: root_folder_id
--   Env Var: RCLONE_BOX_ROOT_FOLDER_ID
--   Type: string
--   Default: "0"
+      * Don't use the box remote for 60 days
+      * Copy the config file with a box refresh token in and use it in two places
+      * Get an error on a token refresh
 
---box-upload-cutoff
+    then rclone will return an error which includes the text `Invalid
+    refresh token`.
 
-Cutoff for switching to multipart upload (>= 50 MiB).
+    To fix this you will need to use oauth2 again to update the refresh
+    token.  You can use the methods in [the remote setup
+    docs](https://rclone.org/remote_setup/), bearing in mind that if you use the copy the
+    config file method, you should not use that remote on the computer you
+    did the authentication on.
 
-Properties:
+    Here is how to do it.
 
--   Config: upload_cutoff
--   Env Var: RCLONE_BOX_UPLOAD_CUTOFF
--   Type: SizeSuffix
--   Default: 50Mi
+$ rclone config Current remotes:
 
---box-commit-retries
+Name Type ==== ==== remote box
 
-Max number of times to try committing a multipart file.
+e)  Edit existing remote
+f)  New remote
+g)  Delete remote
+h)  Rename remote
+i)  Copy remote
+j)  Set configuration password
+k)  Quit config e/n/d/r/c/s/q> e Choose a number from below, or type in
+    an existing value 1 > remote remote> remote --------------------
+    [remote] type = box token =
+    {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2017-07-08T23:40:08.059167677+01:00"}
+    -------------------- Edit remote Value "client_id" = "" Edit? (y/n)>
+l)  Yes
+m)  No y/n> n Value "client_secret" = "" Edit? (y/n)>
+n)  Yes
+o)  No y/n> n Remote config Already have a token - refresh?
+p)  Yes
+q)  No y/n> y Use web browser to automatically authenticate rclone with
+    remote?
 
-Properties:
+-   Say Y if the machine running rclone has a web browser you can use
+-   Say N if running rclone on a (remote) machine without web browser
+    access If not sure try Y. If Y failed, try N.
 
--   Config: commit_retries
--   Env Var: RCLONE_BOX_COMMIT_RETRIES
--   Type: int
--   Default: 100
+y)  Yes
+z)  No y/n> y If your browser doesn't open automatically go to the
+    following link: http://127.0.0.1:53682/auth Log in and authorize
+    rclone for access Waiting for code... Got code --------------------
+    [remote] type = box token =
+    {"access_token":"YYY","token_type":"bearer","refresh_token":"YYY","expiry":"2017-07-23T12:22:29.259137901+01:00"}
+    --------------------
+a)  Yes this is OK
+b)  Edit this remote
+c)  Delete this remote y/e/d> y
 
---box-list-chunk
 
-Size of listing chunk 1-1000.
+    ### Modification times and hashes
 
-Properties:
+    Box allows modification times to be set on objects accurate to 1
+    second.  These will be used to detect whether objects need syncing or
+    not.
 
--   Config: list_chunk
--   Env Var: RCLONE_BOX_LIST_CHUNK
--   Type: int
--   Default: 1000
+    Box supports SHA1 type hashes, so you can use the `--checksum`
+    flag.
 
---box-owned-by
+    ### Restricted filename characters
 
-Only show items owned by the login (email address) passed in.
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-Properties:
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | \         | 0x5C  | ＼           |
 
--   Config: owned_by
--   Env Var: RCLONE_BOX_OWNED_BY
--   Type: string
--   Required: false
+    File names can also not end with the following characters.
+    These only get replaced if they are the last character in the name:
 
---box-encoding
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | SP        | 0x20  | ␠           |
 
-The encoding for the backend.
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-See the encoding section in the overview for more info.
+    ### Transfers
 
-Properties:
+    For files above 50 MiB rclone will use a chunked transfer.  Rclone will
+    upload up to `--transfers` chunks at the same time (shared among all
+    the multipart uploads).  Chunks are buffered in memory and are
+    normally 8 MiB so increasing `--transfers` will increase memory use.
 
--   Config: encoding
--   Env Var: RCLONE_BOX_ENCODING
--   Type: MultiEncoder
--   Default: Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
+    ### Deleting files
 
-Limitations
+    Depending on the enterprise settings for your user, the item will
+    either be actually deleted from Box or moved to the trash.
 
-Note that Box is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+    Emptying the trash is supported via the rclone however cleanup command
+    however this deletes every trashed file and folder individually so it
+    may take a very long time. 
+    Emptying the trash via the  WebUI does not have this limitation 
+    so it is advised to empty the trash via the WebUI.
 
-Box file names can't have the \ character in. rclone maps this to and
-from an identical looking unicode equivalent ＼ (U+FF3C Fullwidth
-Reverse Solidus).
+    ### Root folder ID
 
-Box only supports filenames up to 255 characters in length.
+    You can set the `root_folder_id` for rclone.  This is the directory
+    (identified by its `Folder ID`) that rclone considers to be the root
+    of your Box drive.
 
-Box has API rate limits that sometimes reduce the speed of rclone.
+    Normally you will leave this blank and rclone will determine the
+    correct root to use itself.
 
-rclone about is not supported by the Box backend. Backends without this
-capability cannot determine free space for an rclone mount or use policy
-mfs (most free space) as a member of an rclone union remote.
+    However you can set this to restrict rclone to a specific folder
+    hierarchy.
 
-See List of backends that do not support rclone about and rclone about
+    In order to do this you will have to find the `Folder ID` of the
+    directory you wish rclone to display.  This will be the last segment
+    of the URL when you open the relevant folder in the Box web
+    interface.
 
-Cache
+    So if the folder you want rclone to use has a URL which looks like
+    `https://app.box.com/folder/11xxxxxxxxx8`
+    in the browser, then you use `11xxxxxxxxx8` as
+    the `root_folder_id` in the config.
 
-The cache remote wraps another existing remote and stores file structure
-and its data for long running tasks like rclone mount.
 
-Status
+    ### Standard options
 
-The cache backend code is working but it currently doesn't have a
-maintainer so there are outstanding bugs which aren't getting fixed.
+    Here are the Standard options specific to box (Box).
 
-The cache backend is due to be phased out in favour of the VFS caching
-layer eventually which is more tightly integrated into rclone.
+    #### --box-client-id
 
-Until this happens we recommend only using the cache backend if you find
-you can't work without it. There are many docs online describing the use
-of the cache backend to minimize API hits and by-and-large these are out
-of date and the cache backend isn't needed in those scenarios any more.
+    OAuth Client Id.
 
-Configuration
+    Leave blank normally.
 
-To get started you just need to have an existing remote which can be
-configured with cache.
+    Properties:
 
-Here is an example of how to make a remote called test-cache. First run:
+    - Config:      client_id
+    - Env Var:     RCLONE_BOX_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-     rclone config
+    #### --box-client-secret
 
-This will guide you through an interactive setup process:
+    OAuth Client Secret.
 
-    No remotes found, make a new one?
-    n) New remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    n/r/c/s/q> n
-    name> test-cache
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Cache a remote
-       \ "cache"
-    [snip]
-    Storage> cache
-    Remote to cache.
-    Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-    "myremote:bucket" or maybe "myremote:" (not recommended).
-    remote> local:/test
-    Optional: The URL of the Plex server
-    plex_url> http://127.0.0.1:32400
-    Optional: The username of the Plex user
-    plex_username> dummyusername
-    Optional: The password of the Plex user
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank
-    y/g/n> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    The size of a chunk. Lower value good for slow connections but can affect seamless reading.
-    Default: 5M
-    Choose a number from below, or type in your own value
-     1 / 1 MiB
-       \ "1M"
-     2 / 5 MiB
-       \ "5M"
-     3 / 10 MiB
-       \ "10M"
-    chunk_size> 2
-    How much time should object info (file size, file hashes, etc.) be stored in cache. Use a very high value if you don't plan on changing the source FS from outside the cache.
-    Accepted units are: "s", "m", "h".
-    Default: 5m
-    Choose a number from below, or type in your own value
-     1 / 1 hour
-       \ "1h"
-     2 / 24 hours
-       \ "24h"
-     3 / 24 hours
-       \ "48h"
-    info_age> 2
-    The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted.
-    Default: 10G
-    Choose a number from below, or type in your own value
-     1 / 500 MiB
-       \ "500M"
-     2 / 1 GiB
-       \ "1G"
-     3 / 10 GiB
-       \ "10G"
-    chunk_total_size> 3
-    Remote config
-    --------------------
-    [test-cache]
-    remote = local:/test
-    plex_url = http://127.0.0.1:32400
-    plex_username = dummyusername
-    plex_password = *** ENCRYPTED ***
-    chunk_size = 5M
-    info_age = 48h
-    chunk_total_size = 10G
+    Leave blank normally.
 
-You can then use it like this,
+    Properties:
 
-List directories in top level of your drive
+    - Config:      client_secret
+    - Env Var:     RCLONE_BOX_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-    rclone lsd test-cache:
+    #### --box-box-config-file
 
-List all the files in your drive
+    Box App config.json location
 
-    rclone ls test-cache:
+    Leave blank normally.
 
-To start a cached mount
+    Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
 
-    rclone mount --allow-other test-cache: /var/tmp/test-cache
+    Properties:
 
-Write Features
+    - Config:      box_config_file
+    - Env Var:     RCLONE_BOX_BOX_CONFIG_FILE
+    - Type:        string
+    - Required:    false
 
-Offline uploading
+    #### --box-access-token
 
-In an effort to make writing through cache more reliable, the backend
-now supports this feature which can be activated by specifying a
-cache-tmp-upload-path.
+    Box App Primary Access Token
 
-A files goes through these states when using this feature:
+    Leave blank normally.
 
-1.  An upload is started (usually by copying a file on the cache remote)
-2.  When the copy to the temporary location is complete the file is part
-    of the cached remote and looks and behaves like any other file
-    (reading included)
-3.  After cache-tmp-wait-time passes and the file is next in line,
-    rclone move is used to move the file to the cloud provider
-4.  Reading the file still works during the upload but most
-    modifications on it will be prohibited
-5.  Once the move is complete the file is unlocked for modifications as
-    it becomes as any other regular file
-6.  If the file is being read through cache when it's actually deleted
-    from the temporary path then cache will simply swap the source to
-    the cloud provider without interrupting the reading (small blip can
-    happen though)
+    Properties:
 
-Files are uploaded in sequence and only one file is uploaded at a time.
-Uploads will be stored in a queue and be processed based on the order
-they were added. The queue and the temporary storage is persistent
-across restarts but can be cleared on startup with the --cache-db-purge
-flag.
+    - Config:      access_token
+    - Env Var:     RCLONE_BOX_ACCESS_TOKEN
+    - Type:        string
+    - Required:    false
 
-Write Support
+    #### --box-box-sub-type
 
-Writes are supported through cache. One caveat is that a mounted cache
-remote does not add any retry or fallback mechanism to the upload
-operation. This will depend on the implementation of the wrapped remote.
-Consider using Offline uploading for reliable writes.
 
-One special case is covered with cache-writes which will cache the file
-data at the same time as the upload when it is enabled making it
-available from the cache store immediately once the upload is finished.
 
-Read Features
+    Properties:
 
-Multiple connections
+    - Config:      box_sub_type
+    - Env Var:     RCLONE_BOX_BOX_SUB_TYPE
+    - Type:        string
+    - Default:     "user"
+    - Examples:
+        - "user"
+            - Rclone should act on behalf of a user.
+        - "enterprise"
+            - Rclone should act on behalf of a service account.
 
-To counter the high latency between a local PC where rclone is running
-and cloud providers, the cache remote can split multiple requests to the
-cloud provider for smaller file chunks and combines them together
-locally where they can be available almost immediately before the reader
-usually needs them.
+    ### Advanced options
 
-This is similar to buffering when media files are played online. Rclone
-will stay around the current marker but always try its best to stay
-ahead and prepare the data before.
+    Here are the Advanced options specific to box (Box).
 
-Plex Integration
+    #### --box-token
 
-There is a direct integration with Plex which allows cache to detect
-during reading if the file is in playback or not. This helps cache to
-adapt how it queries the cloud provider depending on what is needed for.
+    OAuth Access Token as a JSON blob.
 
-Scans will have a minimum amount of workers (1) while in a confirmed
-playback cache will deploy the configured number of workers.
+    Properties:
 
-This integration opens the doorway to additional performance
-improvements which will be explored in the near future.
+    - Config:      token
+    - Env Var:     RCLONE_BOX_TOKEN
+    - Type:        string
+    - Required:    false
 
-Note: If Plex options are not configured, cache will function with its
-configured options without adapting any of its settings.
+    #### --box-auth-url
 
-How to enable? Run rclone config and add all the Plex options (endpoint,
-username and password) in your remote and it will be automatically
-enabled.
+    Auth server URL.
 
-Affected settings: - cache-workers: Configured value during confirmed
-playback or 1 all the other times
+    Leave blank to use the provider defaults.
 
-Certificate Validation
+    Properties:
 
-When the Plex server is configured to only accept secure connections, it
-is possible to use .plex.direct URLs to ensure certificate validation
-succeeds. These URLs are used by Plex internally to connect to the Plex
-server securely.
+    - Config:      auth_url
+    - Env Var:     RCLONE_BOX_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-The format for these URLs is the following:
+    #### --box-token-url
 
-https://ip-with-dots-replaced.server-hash.plex.direct:32400/
+    Token server url.
 
-The ip-with-dots-replaced part can be any IPv4 address, where the dots
-have been replaced with dashes, e.g. 127.0.0.1 becomes 127-0-0-1.
+    Leave blank to use the provider defaults.
 
-To get the server-hash part, the easiest way is to visit
+    Properties:
 
-https://plex.tv/api/resources?includeHttps=1&X-Plex-Token=your-plex-token
+    - Config:      token_url
+    - Env Var:     RCLONE_BOX_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-This page will list all the available Plex servers for your account with
-at least one .plex.direct link for each. Copy one URL and replace the IP
-address with the desired address. This can be used as the plex_url
-value.
+    #### --box-root-folder-id
 
-Known issues
+    Fill in for rclone to use a non root folder as its starting point.
 
-Mount and --dir-cache-time
+    Properties:
 
---dir-cache-time controls the first layer of directory caching which
-works at the mount layer. Being an independent caching mechanism from
-the cache backend, it will manage its own entries based on the
-configured time.
+    - Config:      root_folder_id
+    - Env Var:     RCLONE_BOX_ROOT_FOLDER_ID
+    - Type:        string
+    - Default:     "0"
 
-To avoid getting in a scenario where dir cache has obsolete data and
-cache would have the correct one, try to set --dir-cache-time to a lower
-time than --cache-info-age. Default values are already configured in
-this way.
+    #### --box-upload-cutoff
 
-Windows support - Experimental
+    Cutoff for switching to multipart upload (>= 50 MiB).
 
-There are a couple of issues with Windows mount functionality that still
-require some investigations. It should be considered as experimental
-thus far as fixes come in for this OS.
+    Properties:
 
-Most of the issues seem to be related to the difference between
-filesystems on Linux flavors and Windows as cache is heavily dependent
-on them.
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_BOX_UPLOAD_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     50Mi
 
-Any reports or feedback on how cache behaves on this OS is greatly
-appreciated.
+    #### --box-commit-retries
 
--   https://github.com/rclone/rclone/issues/1935
--   https://github.com/rclone/rclone/issues/1907
--   https://github.com/rclone/rclone/issues/1834
+    Max number of times to try committing a multipart file.
 
-Risk of throttling
+    Properties:
 
-Future iterations of the cache backend will make use of the pooling
-functionality of the cloud provider to synchronize and at the same time
-make writing through it more tolerant to failures.
+    - Config:      commit_retries
+    - Env Var:     RCLONE_BOX_COMMIT_RETRIES
+    - Type:        int
+    - Default:     100
 
-There are a couple of enhancements in track to add these but in the
-meantime there is a valid concern that the expiring cache listings can
-lead to cloud provider throttles or bans due to repeated queries on it
-for very large mounts.
+    #### --box-list-chunk
 
-Some recommendations: - don't use a very small interval for entry
-information (--cache-info-age) - while writes aren't yet optimised, you
-can still write through cache which gives you the advantage of adding
-the file in the cache at the same time if configured to do so.
+    Size of listing chunk 1-1000.
 
-Future enhancements:
+    Properties:
 
--   https://github.com/rclone/rclone/issues/1937
--   https://github.com/rclone/rclone/issues/1936
+    - Config:      list_chunk
+    - Env Var:     RCLONE_BOX_LIST_CHUNK
+    - Type:        int
+    - Default:     1000
 
-cache and crypt
+    #### --box-owned-by
 
-One common scenario is to keep your data encrypted in the cloud provider
-using the crypt remote. crypt uses a similar technique to wrap around an
-existing remote and handles this translation in a seamless way.
+    Only show items owned by the login (email address) passed in.
 
-There is an issue with wrapping the remotes in this order: cloud remote
--> crypt -> cache
+    Properties:
 
-During testing, I experienced a lot of bans with the remotes in this
-order. I suspect it might be related to how crypt opens files on the
-cloud provider which makes it think we're downloading the full file
-instead of small chunks. Organizing the remotes in this order yields
-better results: cloud remote -> cache -> crypt
+    - Config:      owned_by
+    - Env Var:     RCLONE_BOX_OWNED_BY
+    - Type:        string
+    - Required:    false
 
-absolute remote paths
+    #### --box-impersonate
 
-cache can not differentiate between relative and absolute paths for the
-wrapped remote. Any path given in the remote config setting and on the
-command line will be passed to the wrapped remote as is, but for storing
-the chunks on disk the path will be made relative by removing any
-leading / character.
+    Impersonate this user ID when using a service account.
 
-This behavior is irrelevant for most backend types, but there are
-backends where a leading / changes the effective directory, e.g. in the
-sftp backend paths starting with a / are relative to the root of the SSH
-server and paths without are relative to the user home directory. As a
-result sftp:bin and sftp:/bin will share the same cache folder, even if
-they represent a different directory on the SSH server.
+    Setting this flag allows rclone, when using a JWT service account, to
+    act on behalf of another user by setting the as-user header.
 
-Cache and Remote Control (--rc)
+    The user ID is the Box identifier for a user. User IDs can found for
+    any user via the GET /users endpoint, which is only available to
+    admins, or by calling the GET /users/me endpoint with an authenticated
+    user session.
 
-Cache supports the new --rc mode in rclone and can be remote controlled
-through the following end points: By default, the listener is disabled
-if you do not add the flag.
+    See: https://developer.box.com/guides/authentication/jwt/as-user/
 
-rc cache/expire
 
-Purge a remote from the cache backend. Supports either a directory or a
-file. It supports both encrypted and unencrypted file names if cache is
-wrapped by crypt.
+    Properties:
 
-Params: - remote = path to remote (required) - withData = true/false to
-delete cached data (chunks) as well (optional, false by default)
+    - Config:      impersonate
+    - Env Var:     RCLONE_BOX_IMPERSONATE
+    - Type:        string
+    - Required:    false
 
-Standard options
+    #### --box-encoding
 
-Here are the Standard options specific to cache (Cache a remote).
+    The encoding for the backend.
 
---cache-remote
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Remote to cache.
+    Properties:
 
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
+    - Config:      encoding
+    - Env Var:     RCLONE_BOX_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
 
-Properties:
 
--   Config: remote
--   Env Var: RCLONE_CACHE_REMOTE
--   Type: string
--   Required: true
 
---cache-plex-url
+    ## Limitations
 
-The URL of the Plex server.
+    Note that Box is case insensitive so you can't have a file called
+    "Hello.doc" and one called "hello.doc".
 
-Properties:
+    Box file names can't have the `\` character in.  rclone maps this to
+    and from an identical looking unicode equivalent `＼` (U+FF3C Fullwidth
+    Reverse Solidus).
 
--   Config: plex_url
--   Env Var: RCLONE_CACHE_PLEX_URL
--   Type: string
--   Required: false
+    Box only supports filenames up to 255 characters in length.
 
---cache-plex-username
+    Box has [API rate limits](https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/) that sometimes reduce the speed of rclone.
 
-The username of the Plex user.
+    `rclone about` is not supported by the Box backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
 
-Properties:
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
--   Config: plex_username
--   Env Var: RCLONE_CACHE_PLEX_USERNAME
--   Type: string
--   Required: false
+    ## Get your own Box App ID
 
---cache-plex-password
+    Here is how to create your own Box App ID for rclone:
 
-The password of the Plex user.
+    1. Go to the [Box Developer Console](https://app.box.com/developers/console)
+    and login, then click `My Apps` on the sidebar. Click `Create New App`
+    and select `Custom App`.
 
-NB Input to this must be obscured - see rclone obscure.
+    2. In the first screen on the box that pops up, you can pretty much enter
+    whatever you want. The `App Name` can be whatever. For `Purpose` choose
+    automation to avoid having to fill out anything else. Click `Next`.
 
-Properties:
+    3. In the second screen of the creation screen, select
+    `User Authentication (OAuth 2.0)`. Then click `Create App`.
 
--   Config: plex_password
--   Env Var: RCLONE_CACHE_PLEX_PASSWORD
--   Type: string
--   Required: false
+    4. You should now be on the `Configuration` tab of your new app. If not,
+    click on it at the top of the webpage. Copy down `Client ID`
+    and `Client Secret`, you'll need those for rclone.
 
---cache-chunk-size
+    5. Under "OAuth 2.0 Redirect URI", add `http://127.0.0.1:53682/`
 
-The size of a chunk (partial file data).
+    6. For `Application Scopes`, select `Read all files and folders stored in Box`
+    and `Write all files and folders stored in box` (assuming you want to do both).
+    Leave others unchecked. Click `Save Changes` at the top right.
 
-Use lower numbers for slower connections. If the chunk size is changed,
-any downloaded chunks will be invalid and cache-chunk-path will need to
-be cleared or unexpected EOF errors will occur.
+    #  Cache
 
-Properties:
+    The `cache` remote wraps another existing remote and stores file structure
+    and its data for long running tasks like `rclone mount`.
 
--   Config: chunk_size
--   Env Var: RCLONE_CACHE_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 5Mi
--   Examples:
-    -   "1M"
-        -   1 MiB
-    -   "5M"
-        -   5 MiB
-    -   "10M"
-        -   10 MiB
+    ## Status
 
---cache-info-age
+    The cache backend code is working but it currently doesn't
+    have a maintainer so there are [outstanding bugs](https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug+label%3A%22Remote%3A+Cache%22) which aren't getting fixed.
 
-How long to cache file structure information (directory listings, file
-size, times, etc.). If all write operations are done through the cache
-then you can safely make this value very large as the cache store will
-also be updated in real time.
+    The cache backend is due to be phased out in favour of the VFS caching
+    layer eventually which is more tightly integrated into rclone.
 
-Properties:
+    Until this happens we recommend only using the cache backend if you
+    find you can't work without it. There are many docs online describing
+    the use of the cache backend to minimize API hits and by-and-large
+    these are out of date and the cache backend isn't needed in those
+    scenarios any more.
 
--   Config: info_age
--   Env Var: RCLONE_CACHE_INFO_AGE
--   Type: Duration
--   Default: 6h0m0s
--   Examples:
-    -   "1h"
-        -   1 hour
-    -   "24h"
-        -   24 hours
-    -   "48h"
-        -   48 hours
+    ## Configuration
 
---cache-chunk-total-size
+    To get started you just need to have an existing remote which can be configured
+    with `cache`.
 
-The total size that the chunks can take up on the local disk.
+    Here is an example of how to make a remote called `test-cache`.  First run:
 
-If the cache exceeds this value then it will start to delete the oldest
-chunks until it goes under this value.
+         rclone config
 
-Properties:
+    This will guide you through an interactive setup process:
 
--   Config: chunk_total_size
--   Env Var: RCLONE_CACHE_CHUNK_TOTAL_SIZE
--   Type: SizeSuffix
--   Default: 10Gi
--   Examples:
-    -   "500M"
-        -   500 MiB
-    -   "1G"
-        -   1 GiB
-    -   "10G"
-        -   10 GiB
+No remotes found, make a new one? n) New remote r) Rename remote c) Copy
+remote s) Set configuration password q) Quit config n/r/c/s/q> n name>
+test-cache Type of storage to configure. Choose a number from below, or
+type in your own value [snip] XX / Cache a remote  "cache" [snip]
+Storage> cache Remote to cache. Normally should contain a ':' and a
+path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe
+"myremote:" (not recommended). remote> local:/test Optional: The URL of
+the Plex server plex_url> http://127.0.0.1:32400 Optional: The username
+of the Plex user plex_username> dummyusername Optional: The password of
+the Plex user y) Yes type in my own password g) Generate random password
+n) No leave this optional password blank y/g/n> y Enter the password:
+password: Confirm the password: password: The size of a chunk. Lower
+value good for slow connections but can affect seamless reading.
+Default: 5M Choose a number from below, or type in your own value 1 / 1
+MiB  "1M" 2 / 5 MiB  "5M" 3 / 10 MiB  "10M" chunk_size> 2 How much time
+should object info (file size, file hashes, etc.) be stored in cache.
+Use a very high value if you don't plan on changing the source FS from
+outside the cache. Accepted units are: "s", "m", "h". Default: 5m Choose
+a number from below, or type in your own value 1 / 1 hour  "1h" 2 / 24
+hours  "24h" 3 / 24 hours  "48h" info_age> 2 The maximum size of stored
+chunks. When the storage grows beyond this size, the oldest chunks will
+be deleted. Default: 10G Choose a number from below, or type in your own
+value 1 / 500 MiB  "500M" 2 / 1 GiB  "1G" 3 / 10 GiB  "10G"
+chunk_total_size> 3 Remote config -------------------- [test-cache]
+remote = local:/test plex_url = http://127.0.0.1:32400 plex_username =
+dummyusername plex_password = *** ENCRYPTED *** chunk_size = 5M info_age
+= 48h chunk_total_size = 10G
 
-Advanced options
 
-Here are the Advanced options specific to cache (Cache a remote).
+    You can then use it like this,
 
---cache-plex-token
+    List directories in top level of your drive
 
-The plex token for authentication - auto set normally.
+        rclone lsd test-cache:
 
-Properties:
+    List all the files in your drive
 
--   Config: plex_token
--   Env Var: RCLONE_CACHE_PLEX_TOKEN
--   Type: string
--   Required: false
+        rclone ls test-cache:
 
---cache-plex-insecure
+    To start a cached mount
 
-Skip all certificate verification when connecting to the Plex server.
+        rclone mount --allow-other test-cache: /var/tmp/test-cache
 
-Properties:
+    ### Write Features ###
 
--   Config: plex_insecure
--   Env Var: RCLONE_CACHE_PLEX_INSECURE
--   Type: string
--   Required: false
+    ### Offline uploading ###
 
---cache-db-path
+    In an effort to make writing through cache more reliable, the backend 
+    now supports this feature which can be activated by specifying a
+    `cache-tmp-upload-path`.
 
-Directory to store file structure metadata DB.
+    A files goes through these states when using this feature:
 
-The remote name is used as the DB file name.
+    1. An upload is started (usually by copying a file on the cache remote)
+    2. When the copy to the temporary location is complete the file is part 
+    of the cached remote and looks and behaves like any other file (reading included)
+    3. After `cache-tmp-wait-time` passes and the file is next in line, `rclone move` 
+    is used to move the file to the cloud provider
+    4. Reading the file still works during the upload but most modifications on it will be prohibited
+    5. Once the move is complete the file is unlocked for modifications as it
+    becomes as any other regular file
+    6. If the file is being read through `cache` when it's actually
+    deleted from the temporary path then `cache` will simply swap the source
+    to the cloud provider without interrupting the reading (small blip can happen though)
 
-Properties:
+    Files are uploaded in sequence and only one file is uploaded at a time.
+    Uploads will be stored in a queue and be processed based on the order they were added.
+    The queue and the temporary storage is persistent across restarts but
+    can be cleared on startup with the `--cache-db-purge` flag.
 
--   Config: db_path
--   Env Var: RCLONE_CACHE_DB_PATH
--   Type: string
--   Default: "$HOME/.cache/rclone/cache-backend"
+    ### Write Support ###
 
---cache-chunk-path
+    Writes are supported through `cache`.
+    One caveat is that a mounted cache remote does not add any retry or fallback
+    mechanism to the upload operation. This will depend on the implementation
+    of the wrapped remote. Consider using `Offline uploading` for reliable writes.
 
-Directory to cache chunk files.
+    One special case is covered with `cache-writes` which will cache the file
+    data at the same time as the upload when it is enabled making it available
+    from the cache store immediately once the upload is finished.
 
-Path to where partial file data (chunks) are stored locally. The remote
-name is appended to the final path.
+    ### Read Features ###
 
-This config follows the "--cache-db-path". If you specify a custom
-location for "--cache-db-path" and don't specify one for
-"--cache-chunk-path" then "--cache-chunk-path" will use the same path as
-"--cache-db-path".
+    #### Multiple connections ####
 
-Properties:
+    To counter the high latency between a local PC where rclone is running
+    and cloud providers, the cache remote can split multiple requests to the
+    cloud provider for smaller file chunks and combines them together locally
+    where they can be available almost immediately before the reader usually
+    needs them.
 
--   Config: chunk_path
--   Env Var: RCLONE_CACHE_CHUNK_PATH
--   Type: string
--   Default: "$HOME/.cache/rclone/cache-backend"
+    This is similar to buffering when media files are played online. Rclone
+    will stay around the current marker but always try its best to stay ahead
+    and prepare the data before.
 
---cache-db-purge
+    #### Plex Integration ####
 
-Clear all the cached data for this remote on start.
+    There is a direct integration with Plex which allows cache to detect during reading
+    if the file is in playback or not. This helps cache to adapt how it queries
+    the cloud provider depending on what is needed for.
 
-Properties:
+    Scans will have a minimum amount of workers (1) while in a confirmed playback cache
+    will deploy the configured number of workers.
 
--   Config: db_purge
--   Env Var: RCLONE_CACHE_DB_PURGE
--   Type: bool
--   Default: false
+    This integration opens the doorway to additional performance improvements
+    which will be explored in the near future.
 
---cache-chunk-clean-interval
+    **Note:** If Plex options are not configured, `cache` will function with its
+    configured options without adapting any of its settings.
 
-How often should the cache perform cleanups of the chunk storage.
+    How to enable? Run `rclone config` and add all the Plex options (endpoint, username
+    and password) in your remote and it will be automatically enabled.
 
-The default value should be ok for most people. If you find that the
-cache goes over "cache-chunk-total-size" too often then try to lower
-this value to force it to perform cleanups more often.
+    Affected settings:
+    - `cache-workers`: _Configured value_ during confirmed playback or _1_ all the other times
 
-Properties:
+    ##### Certificate Validation #####
 
--   Config: chunk_clean_interval
--   Env Var: RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
--   Type: Duration
--   Default: 1m0s
+    When the Plex server is configured to only accept secure connections, it is
+    possible to use `.plex.direct` URLs to ensure certificate validation succeeds.
+    These URLs are used by Plex internally to connect to the Plex server securely.
 
---cache-read-retries
+    The format for these URLs is the following:
 
-How many times to retry a read from a cache storage.
+    `https://ip-with-dots-replaced.server-hash.plex.direct:32400/`
 
-Since reading from a cache stream is independent from downloading file
-data, readers can get to a point where there's no more data in the
-cache. Most of the times this can indicate a connectivity issue if cache
-isn't able to provide file data anymore.
+    The `ip-with-dots-replaced` part can be any IPv4 address, where the dots
+    have been replaced with dashes, e.g. `127.0.0.1` becomes `127-0-0-1`.
 
-For really slow connections, increase this to a point where the stream
-is able to provide data but your experience will be very stuttering.
+    To get the `server-hash` part, the easiest way is to visit
 
-Properties:
+    https://plex.tv/api/resources?includeHttps=1&X-Plex-Token=your-plex-token
 
--   Config: read_retries
--   Env Var: RCLONE_CACHE_READ_RETRIES
--   Type: int
--   Default: 10
+    This page will list all the available Plex servers for your account
+    with at least one `.plex.direct` link for each. Copy one URL and replace
+    the IP address with the desired address. This can be used as the
+    `plex_url` value.
 
---cache-workers
+    ### Known issues ###
 
-How many workers should run in parallel to download chunks.
+    #### Mount and --dir-cache-time ####
 
-Higher values will mean more parallel processing (better CPU needed) and
-more concurrent requests on the cloud provider. This impacts several
-aspects like the cloud provider API limits, more stress on the hardware
-that rclone runs on but it also means that streams will be more fluid
-and data will be available much more faster to readers.
+    --dir-cache-time controls the first layer of directory caching which works at the mount layer.
+    Being an independent caching mechanism from the `cache` backend, it will manage its own entries
+    based on the configured time.
 
-Note: If the optional Plex integration is enabled then this setting will
-adapt to the type of reading performed and the value specified here will
-be used as a maximum number of workers to use.
+    To avoid getting in a scenario where dir cache has obsolete data and cache would have the correct
+    one, try to set `--dir-cache-time` to a lower time than `--cache-info-age`. Default values are
+    already configured in this way. 
 
-Properties:
+    #### Windows support - Experimental ####
 
--   Config: workers
--   Env Var: RCLONE_CACHE_WORKERS
--   Type: int
--   Default: 4
+    There are a couple of issues with Windows `mount` functionality that still require some investigations.
+    It should be considered as experimental thus far as fixes come in for this OS.
 
---cache-chunk-no-memory
+    Most of the issues seem to be related to the difference between filesystems
+    on Linux flavors and Windows as cache is heavily dependent on them.
 
-Disable the in-memory cache for storing chunks during streaming.
+    Any reports or feedback on how cache behaves on this OS is greatly appreciated.
+     
+    - https://github.com/rclone/rclone/issues/1935
+    - https://github.com/rclone/rclone/issues/1907
+    - https://github.com/rclone/rclone/issues/1834 
 
-By default, cache will keep file data during streaming in RAM as well to
-provide it to readers as fast as possible.
+    #### Risk of throttling ####
 
-This transient data is evicted as soon as it is read and the number of
-chunks stored doesn't exceed the number of workers. However, depending
-on other settings like "cache-chunk-size" and "cache-workers" this
-footprint can increase if there are parallel streams too (multiple files
-being read at the same time).
+    Future iterations of the cache backend will make use of the pooling functionality
+    of the cloud provider to synchronize and at the same time make writing through it
+    more tolerant to failures. 
 
-If the hardware permits it, use this feature to provide an overall
-better performance during streaming but it can also be disabled if RAM
-is not available on the local machine.
+    There are a couple of enhancements in track to add these but in the meantime
+    there is a valid concern that the expiring cache listings can lead to cloud provider
+    throttles or bans due to repeated queries on it for very large mounts.
 
-Properties:
+    Some recommendations:
+    - don't use a very small interval for entry information (`--cache-info-age`)
+    - while writes aren't yet optimised, you can still write through `cache` which gives you the advantage
+    of adding the file in the cache at the same time if configured to do so.
 
--   Config: chunk_no_memory
--   Env Var: RCLONE_CACHE_CHUNK_NO_MEMORY
--   Type: bool
--   Default: false
+    Future enhancements:
 
---cache-rps
+    - https://github.com/rclone/rclone/issues/1937
+    - https://github.com/rclone/rclone/issues/1936 
 
-Limits the number of requests per second to the source FS (-1 to
-disable).
+    #### cache and crypt ####
 
-This setting places a hard limit on the number of requests per second
-that cache will be doing to the cloud provider remote and try to respect
-that value by setting waits between reads.
+    One common scenario is to keep your data encrypted in the cloud provider
+    using the `crypt` remote. `crypt` uses a similar technique to wrap around
+    an existing remote and handles this translation in a seamless way.
 
-If you find that you're getting banned or limited on the cloud provider
-through cache and know that a smaller number of requests per second will
-allow you to work with it then you can use this setting for that.
+    There is an issue with wrapping the remotes in this order:
+    **cloud remote** -> **crypt** -> **cache**
 
-A good balance of all the other settings should make this setting
-useless but it is available to set for more special cases.
+    During testing, I experienced a lot of bans with the remotes in this order.
+    I suspect it might be related to how crypt opens files on the cloud provider
+    which makes it think we're downloading the full file instead of small chunks.
+    Organizing the remotes in this order yields better results:
+    **cloud remote** -> **cache** -> **crypt**
 
-NOTE: This will limit the number of requests during streams but other
-API calls to the cloud provider like directory listings will still pass.
+    #### absolute remote paths ####
 
-Properties:
+    `cache` can not differentiate between relative and absolute paths for the wrapped remote.
+    Any path given in the `remote` config setting and on the command line will be passed to
+    the wrapped remote as is, but for storing the chunks on disk the path will be made
+    relative by removing any leading `/` character.
 
--   Config: rps
--   Env Var: RCLONE_CACHE_RPS
--   Type: int
--   Default: -1
+    This behavior is irrelevant for most backend types, but there are backends where a leading `/`
+    changes the effective directory, e.g. in the `sftp` backend paths starting with a `/` are
+    relative to the root of the SSH server and paths without are relative to the user home directory.
+    As a result `sftp:bin` and `sftp:/bin` will share the same cache folder, even if they represent
+    a different directory on the SSH server.
 
---cache-writes
+    ### Cache and Remote Control (--rc) ###
+    Cache supports the new `--rc` mode in rclone and can be remote controlled through the following end points:
+    By default, the listener is disabled if you do not add the flag.
 
-Cache file data on writes through the FS.
+    ### rc cache/expire
+    Purge a remote from the cache backend. Supports either a directory or a file.
+    It supports both encrypted and unencrypted file names if cache is wrapped by crypt.
 
-If you need to read files immediately after you upload them through
-cache you can enable this flag to have their data stored in the cache
-store at the same time during upload.
+    Params:
+      - **remote** = path to remote **(required)**
+      - **withData** = true/false to delete cached data (chunks) as well _(optional, false by default)_
 
-Properties:
 
--   Config: writes
--   Env Var: RCLONE_CACHE_WRITES
--   Type: bool
--   Default: false
+    ### Standard options
 
---cache-tmp-upload-path
+    Here are the Standard options specific to cache (Cache a remote).
 
-Directory to keep temporary files until they are uploaded.
+    #### --cache-remote
 
-This is the path where cache will use as a temporary storage for new
-files that need to be uploaded to the cloud provider.
+    Remote to cache.
 
-Specifying a value will enable this feature. Without it, it is
-completely disabled and files will be uploaded directly to the cloud
-provider
+    Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+    "myremote:bucket" or maybe "myremote:" (not recommended).
 
-Properties:
+    Properties:
 
--   Config: tmp_upload_path
--   Env Var: RCLONE_CACHE_TMP_UPLOAD_PATH
--   Type: string
--   Required: false
+    - Config:      remote
+    - Env Var:     RCLONE_CACHE_REMOTE
+    - Type:        string
+    - Required:    true
 
---cache-tmp-wait-time
+    #### --cache-plex-url
 
-How long should files be stored in local cache before being uploaded.
+    The URL of the Plex server.
 
-This is the duration that a file must wait in the temporary location
-cache-tmp-upload-path before it is selected for upload.
+    Properties:
 
-Note that only one file is uploaded at a time and it can take longer to
-start the upload if a queue formed for this purpose.
+    - Config:      plex_url
+    - Env Var:     RCLONE_CACHE_PLEX_URL
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --cache-plex-username
 
--   Config: tmp_wait_time
--   Env Var: RCLONE_CACHE_TMP_WAIT_TIME
--   Type: Duration
--   Default: 15s
+    The username of the Plex user.
 
---cache-db-wait-time
+    Properties:
 
-How long to wait for the DB to be available - 0 is unlimited.
+    - Config:      plex_username
+    - Env Var:     RCLONE_CACHE_PLEX_USERNAME
+    - Type:        string
+    - Required:    false
 
-Only one process can have the DB open at any one time, so rclone waits
-for this duration for the DB to become available before it gives an
-error.
+    #### --cache-plex-password
 
-If you set it to 0 then it will wait forever.
+    The password of the Plex user.
 
-Properties:
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
--   Config: db_wait_time
--   Env Var: RCLONE_CACHE_DB_WAIT_TIME
--   Type: Duration
--   Default: 1s
+    Properties:
 
-Backend commands
+    - Config:      plex_password
+    - Env Var:     RCLONE_CACHE_PLEX_PASSWORD
+    - Type:        string
+    - Required:    false
 
-Here are the commands specific to the cache backend.
+    #### --cache-chunk-size
 
-Run them with
+    The size of a chunk (partial file data).
 
-    rclone backend COMMAND remote:
+    Use lower numbers for slower connections. If the chunk size is
+    changed, any downloaded chunks will be invalid and cache-chunk-path
+    will need to be cleared or unexpected EOF errors will occur.
 
-The help below will explain what arguments each command takes.
+    Properties:
 
-See the backend command for more info on how to pass options and
-arguments.
+    - Config:      chunk_size
+    - Env Var:     RCLONE_CACHE_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     5Mi
+    - Examples:
+        - "1M"
+            - 1 MiB
+        - "5M"
+            - 5 MiB
+        - "10M"
+            - 10 MiB
 
-These can be run on a running backend using the rc command
-backend/command.
+    #### --cache-info-age
 
-stats
+    How long to cache file structure information (directory listings, file size, times, etc.). 
+    If all write operations are done through the cache then you can safely make
+    this value very large as the cache store will also be updated in real time.
 
-Print stats on the cache backend in JSON format.
+    Properties:
 
-    rclone backend stats remote: [options] [<arguments>+]
+    - Config:      info_age
+    - Env Var:     RCLONE_CACHE_INFO_AGE
+    - Type:        Duration
+    - Default:     6h0m0s
+    - Examples:
+        - "1h"
+            - 1 hour
+        - "24h"
+            - 24 hours
+        - "48h"
+            - 48 hours
 
-Chunker
+    #### --cache-chunk-total-size
 
-The chunker overlay transparently splits large files into smaller chunks
-during upload to wrapped remote and transparently assembles them back
-when the file is downloaded. This allows to effectively overcome size
-limits imposed by storage providers.
+    The total size that the chunks can take up on the local disk.
 
-Configuration
+    If the cache exceeds this value then it will start to delete the
+    oldest chunks until it goes under this value.
 
-To use it, first set up the underlying remote following the
-configuration instructions for that remote. You can also use a local
-pathname instead of a remote.
+    Properties:
 
-First check your chosen remote is working - we'll call it remote:path
-here. Note that anything inside remote:path will be chunked and anything
-outside won't. This means that if you are using a bucket-based remote
-(e.g. S3, B2, swift) then you should probably put the bucket in the
-remote s3:bucket.
+    - Config:      chunk_total_size
+    - Env Var:     RCLONE_CACHE_CHUNK_TOTAL_SIZE
+    - Type:        SizeSuffix
+    - Default:     10Gi
+    - Examples:
+        - "500M"
+            - 500 MiB
+        - "1G"
+            - 1 GiB
+        - "10G"
+            - 10 GiB
 
-Now configure chunker using rclone config. We will call this one overlay
-to separate it from the remote itself.
+    ### Advanced options
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> overlay
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Transparently chunk/split large files
-       \ "chunker"
-    [snip]
-    Storage> chunker
-    Remote to chunk/unchunk.
-    Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-    "myremote:bucket" or maybe "myremote:" (not recommended).
-    Enter a string value. Press Enter for the default ("").
-    remote> remote:path
-    Files larger than chunk size will be split in chunks.
-    Enter a size with suffix K,M,G,T. Press Enter for the default ("2G").
-    chunk_size> 100M
-    Choose how chunker handles hash sums. All modes but "none" require metadata.
-    Enter a string value. Press Enter for the default ("md5").
-    Choose a number from below, or type in your own value
-     1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise
-       \ "none"
-     2 / MD5 for composite files
-       \ "md5"
-     3 / SHA1 for composite files
-       \ "sha1"
-     4 / MD5 for all files
-       \ "md5all"
-     5 / SHA1 for all files
-       \ "sha1all"
-     6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported
-       \ "md5quick"
-     7 / Similar to "md5quick" but prefers SHA1 over MD5
-       \ "sha1quick"
-    hash_type> md5
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No
-    y/n> n
-    Remote config
-    --------------------
-    [overlay]
-    type = chunker
-    remote = remote:bucket
-    chunk_size = 100M
-    hash_type = md5
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Here are the Advanced options specific to cache (Cache a remote).
 
-Specifying the remote
-
-In normal use, make sure the remote has a : in. If you specify the
-remote without a : then rclone will use a local directory of that name.
-So if you use a remote of /path/to/secret/files then rclone will chunk
-stuff in that directory. If you use a remote of name then rclone will
-put files in a directory called name in the current directory.
-
-Chunking
-
-When rclone starts a file upload, chunker checks the file size. If it
-doesn't exceed the configured chunk size, chunker will just pass the
-file to the wrapped remote. If a file is large, chunker will
-transparently cut data in pieces with temporary names and stream them
-one by one, on the fly. Each data chunk will contain the specified
-number of bytes, except for the last one which may have less data. If
-file size is unknown in advance (this is called a streaming upload),
-chunker will internally create a temporary copy, record its size and
-repeat the above process.
-
-When upload completes, temporary chunk files are finally renamed. This
-scheme guarantees that operations can be run in parallel and look from
-outside as atomic. A similar method with hidden temporary chunks is used
-for other operations (copy/move/rename, etc.). If an operation fails,
-hidden chunks are normally destroyed, and the target composite file
-stays intact.
-
-When a composite file download is requested, chunker transparently
-assembles it by concatenating data chunks in order. As the split is
-trivial one could even manually concatenate data chunks together to
-obtain the original content.
-
-When the list rclone command scans a directory on wrapped remote, the
-potential chunk files are accounted for, grouped and assembled into
-composite directory entries. Any temporary chunks are hidden.
-
-List and other commands can sometimes come across composite files with
-missing or invalid chunks, e.g. shadowed by like-named directory or
-another file. This usually means that wrapped file system has been
-directly tampered with or damaged. If chunker detects a missing chunk it
-will by default print warning, skip the whole incomplete group of chunks
-but proceed with current command. You can set the --chunker-fail-hard
-flag to have commands abort with error message in such cases.
-
-Chunk names
-
-The default chunk name format is *.rclone_chunk.###, hence by default
-chunk names are BIG_FILE_NAME.rclone_chunk.001,
-BIG_FILE_NAME.rclone_chunk.002 etc. You can configure another name
-format using the name_format configuration file option. The format uses
-asterisk * as a placeholder for the base file name and one or more
-consecutive hash characters # as a placeholder for sequential chunk
-number. There must be one and only one asterisk. The number of
-consecutive hash characters defines the minimum length of a string
-representing a chunk number. If decimal chunk number has less digits
-than the number of hashes, it is left-padded by zeros. If the decimal
-string is longer, it is left intact. By default numbering starts from 1
-but there is another option that allows user to start from 0, e.g. for
-compatibility with legacy software.
-
-For example, if name format is big_*-##.part and original file name is
-data.txt and numbering starts from 0, then the first chunk will be named
-big_data.txt-00.part, the 99th chunk will be big_data.txt-98.part and
-the 302nd chunk will become big_data.txt-301.part.
-
-Note that list assembles composite directory entries only when chunk
-names match the configured format and treats non-conforming file names
-as normal non-chunked files.
-
-When using norename transactions, chunk names will additionally have a
-unique file version suffix. For example,
-BIG_FILE_NAME.rclone_chunk.001_bp562k.
+    #### --cache-plex-token
 
-Metadata
+    The plex token for authentication - auto set normally.
 
-Besides data chunks chunker will by default create metadata object for a
-composite file. The object is named after the original file. Chunker
-allows user to disable metadata completely (the none format). Note that
-metadata is normally not created for files smaller than the configured
-chunk size. This may change in future rclone releases.
-
-Simple JSON metadata format
-
-This is the default format. It supports hash sums and chunk validation
-for composite files. Meta objects carry the following fields:
-
--   ver - version of format, currently 1
--   size - total size of composite file
--   nchunks - number of data chunks in file
--   md5 - MD5 hashsum of composite file (if present)
--   sha1 - SHA1 hashsum (if present)
--   txn - identifies current version of the file
-
-There is no field for composite file name as it's simply equal to the
-name of meta object on the wrapped remote. Please refer to respective
-sections for details on hashsums and modified time handling.
-
-No metadata
-
-You can disable meta objects by setting the meta format option to none.
-In this mode chunker will scan directory for all files that follow
-configured chunk name format, group them by detecting chunks with the
-same base name and show group names as virtual composite files. This
-method is more prone to missing chunk errors (especially missing last
-chunk) than format with metadata enabled.
-
-Hashsums
-
-Chunker supports hashsums only when a compatible metadata is present.
-Hence, if you choose metadata format of none, chunker will report
-hashsum as UNSUPPORTED.
-
-Please note that by default metadata is stored only for composite files.
-If a file is smaller than configured chunk size, chunker will
-transparently redirect hash requests to wrapped remote, so support
-depends on that. You will see the empty string as a hashsum of requested
-type for small files if the wrapped remote doesn't support it.
-
-Many storage backends support MD5 and SHA1 hash types, so does chunker.
-With chunker you can choose one or another but not both. MD5 is set by
-default as the most supported type. Since chunker keeps hashes for
-composite files and falls back to the wrapped remote hash for
-non-chunked ones, we advise you to choose the same hash type as
-supported by wrapped remote so that your file listings look coherent.
-
-If your storage backend does not support MD5 or SHA1 but you need
-consistent file hashing, configure chunker with md5all or sha1all. These
-two modes guarantee given hash for all files. If wrapped remote doesn't
-support it, chunker will then add metadata to all files, even small.
-However, this can double the amount of small files in storage and incur
-additional service charges. You can even use chunker to force md5/sha1
-support in any other remote at expense of sidecar meta objects by
-setting e.g. chunk_type=sha1all to force hashsums and chunk_size=1P to
-effectively disable chunking.
-
-Normally, when a file is copied to chunker controlled remote, chunker
-will ask the file source for compatible file hash and revert to
-on-the-fly calculation if none is found. This involves some CPU overhead
-but provides a guarantee that given hashsum is available. Also, chunker
-will reject a server-side copy or move operation if source and
-destination hashsum types are different resulting in the extra network
-bandwidth, too. In some rare cases this may be undesired, so chunker
-provides two optional choices: sha1quick and md5quick. If the source
-does not support primary hash type and the quick mode is enabled,
-chunker will try to fall back to the secondary type. This will save CPU
-and bandwidth but can result in empty hashsums at destination. Beware of
-consequences: the sync command will revert (sometimes silently) to
-time/size comparison if compatible hashsums between source and target
-are not found.
-
-Modified time
-
-Chunker stores modification times using the wrapped remote so support
-depends on that. For a small non-chunked file the chunker overlay simply
-manipulates modification time of the wrapped remote file. For a
-composite file with metadata chunker will get and set modification time
-of the metadata object on the wrapped remote. If file is chunked but
-metadata format is none then chunker will use modification time of the
-first data chunk.
-
-Migrations
-
-The idiomatic way to migrate to a different chunk size, hash type,
-transaction style or chunk naming scheme is to:
-
--   Collect all your chunked files under a directory and have your
-    chunker remote point to it.
--   Create another directory (most probably on the same cloud storage)
-    and configure a new remote with desired metadata format, hash type,
-    chunk naming etc.
--   Now run rclone sync --interactive oldchunks: newchunks: and all your
-    data will be transparently converted in transfer. This may take some
-    time, yet chunker will try server-side copy if possible.
--   After checking data integrity you may remove configuration section
-    of the old remote.
-
-If rclone gets killed during a long operation on a big composite file,
-hidden temporary chunks may stay in the directory. They will not be
-shown by the list command but will eat up your account quota. Please
-note that the deletefile command deletes only active chunks of a file.
-As a workaround, you can use remote of the wrapped file system to see
-them. An easy way to get rid of hidden garbage is to copy littered
-directory somewhere using the chunker remote and purge the original
-directory. The copy command will copy only active chunks while the purge
-will remove everything including garbage.
-
-Caveats and Limitations
-
-Chunker requires wrapped remote to support server-side move (or copy +
-delete) operations, otherwise it will explicitly refuse to start. This
-is because it internally renames temporary chunk files to their final
-names when an operation completes successfully.
-
-Chunker encodes chunk number in file name, so with default name_format
-setting it adds 17 characters. Also chunker adds 7 characters of
-temporary suffix during operations. Many file systems limit base file
-name without path by 255 characters. Using rclone's crypt remote as a
-base file system limits file name by 143 characters. Thus, maximum name
-length is 231 for most files and 119 for chunker-over-crypt. A user in
-need can change name format to e.g. *.rcc## and save 10 characters
-(provided at most 99 chunks per file).
-
-Note that a move implemented using the copy-and-delete method may incur
-double charging with some cloud storage providers.
-
-Chunker will not automatically rename existing chunks when you run
-rclone config on a live remote and change the chunk name format. Beware
-that in result of this some files which have been treated as chunks
-before the change can pop up in directory listings as normal files and
-vice versa. The same warning holds for the chunk size. If you
-desperately need to change critical chunking settings, you should run
-data migration as described above.
-
-If wrapped remote is case insensitive, the chunker overlay will inherit
-that property (so you can't have a file called "Hello.doc" and
-"hello.doc" in the same directory).
-
-Chunker included in rclone releases up to v1.54 can sometimes fail to
-detect metadata produced by recent versions of rclone. We recommend
-users to keep rclone up-to-date to avoid data corruption.
-
-Changing transactions is dangerous and requires explicit migration.
+    Properties:
 
-Standard options
+    - Config:      plex_token
+    - Env Var:     RCLONE_CACHE_PLEX_TOKEN
+    - Type:        string
+    - Required:    false
 
-Here are the Standard options specific to chunker (Transparently
-chunk/split large files).
+    #### --cache-plex-insecure
 
---chunker-remote
+    Skip all certificate verification when connecting to the Plex server.
 
-Remote to chunk/unchunk.
+    Properties:
 
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
+    - Config:      plex_insecure
+    - Env Var:     RCLONE_CACHE_PLEX_INSECURE
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --cache-db-path
 
--   Config: remote
--   Env Var: RCLONE_CHUNKER_REMOTE
--   Type: string
--   Required: true
+    Directory to store file structure metadata DB.
 
---chunker-chunk-size
+    The remote name is used as the DB file name.
 
-Files larger than chunk size will be split in chunks.
+    Properties:
 
-Properties:
+    - Config:      db_path
+    - Env Var:     RCLONE_CACHE_DB_PATH
+    - Type:        string
+    - Default:     "$HOME/.cache/rclone/cache-backend"
 
--   Config: chunk_size
--   Env Var: RCLONE_CHUNKER_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 2Gi
+    #### --cache-chunk-path
 
---chunker-hash-type
+    Directory to cache chunk files.
 
-Choose how chunker handles hash sums.
+    Path to where partial file data (chunks) are stored locally. The remote
+    name is appended to the final path.
 
-All modes but "none" require metadata.
+    This config follows the "--cache-db-path". If you specify a custom
+    location for "--cache-db-path" and don't specify one for "--cache-chunk-path"
+    then "--cache-chunk-path" will use the same path as "--cache-db-path".
 
-Properties:
+    Properties:
 
--   Config: hash_type
--   Env Var: RCLONE_CHUNKER_HASH_TYPE
--   Type: string
--   Default: "md5"
--   Examples:
-    -   "none"
-        -   Pass any hash supported by wrapped remote for non-chunked
-            files.
-        -   Return nothing otherwise.
-    -   "md5"
-        -   MD5 for composite files.
-    -   "sha1"
-        -   SHA1 for composite files.
-    -   "md5all"
-        -   MD5 for all files.
-    -   "sha1all"
-        -   SHA1 for all files.
-    -   "md5quick"
-        -   Copying a file to chunker will request MD5 from the source.
-        -   Falling back to SHA1 if unsupported.
-    -   "sha1quick"
-        -   Similar to "md5quick" but prefers SHA1 over MD5.
+    - Config:      chunk_path
+    - Env Var:     RCLONE_CACHE_CHUNK_PATH
+    - Type:        string
+    - Default:     "$HOME/.cache/rclone/cache-backend"
 
-Advanced options
+    #### --cache-db-purge
 
-Here are the Advanced options specific to chunker (Transparently
-chunk/split large files).
+    Clear all the cached data for this remote on start.
 
---chunker-name-format
+    Properties:
 
-String format of chunk file names.
+    - Config:      db_purge
+    - Env Var:     RCLONE_CACHE_DB_PURGE
+    - Type:        bool
+    - Default:     false
 
-The two placeholders are: base file name (*) and chunk number (#...).
-There must be one and only one asterisk and one or more consecutive hash
-characters. If chunk number has less digits than the number of hashes,
-it is left-padded by zeros. If there are more digits in the number, they
-are left as is. Possible chunk files are ignored if their name does not
-match given format.
+    #### --cache-chunk-clean-interval
 
-Properties:
+    How often should the cache perform cleanups of the chunk storage.
 
--   Config: name_format
--   Env Var: RCLONE_CHUNKER_NAME_FORMAT
--   Type: string
--   Default: "*.rclone_chunk.###"
+    The default value should be ok for most people. If you find that the
+    cache goes over "cache-chunk-total-size" too often then try to lower
+    this value to force it to perform cleanups more often.
 
---chunker-start-from
+    Properties:
 
-Minimum valid chunk number. Usually 0 or 1.
+    - Config:      chunk_clean_interval
+    - Env Var:     RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
+    - Type:        Duration
+    - Default:     1m0s
 
-By default chunk numbers start from 1.
+    #### --cache-read-retries
 
-Properties:
+    How many times to retry a read from a cache storage.
 
--   Config: start_from
--   Env Var: RCLONE_CHUNKER_START_FROM
--   Type: int
--   Default: 1
+    Since reading from a cache stream is independent from downloading file
+    data, readers can get to a point where there's no more data in the
+    cache.  Most of the times this can indicate a connectivity issue if
+    cache isn't able to provide file data anymore.
 
---chunker-meta-format
+    For really slow connections, increase this to a point where the stream is
+    able to provide data but your experience will be very stuttering.
 
-Format of the metadata object or "none".
+    Properties:
 
-By default "simplejson". Metadata is a small JSON file named after the
-composite file.
+    - Config:      read_retries
+    - Env Var:     RCLONE_CACHE_READ_RETRIES
+    - Type:        int
+    - Default:     10
 
-Properties:
+    #### --cache-workers
 
--   Config: meta_format
--   Env Var: RCLONE_CHUNKER_META_FORMAT
--   Type: string
--   Default: "simplejson"
--   Examples:
-    -   "none"
-        -   Do not use metadata files at all.
-        -   Requires hash type "none".
-    -   "simplejson"
-        -   Simple JSON supports hash sums and chunk validation.
-        -   
-        -   It has the following fields: ver, size, nchunks, md5, sha1.
+    How many workers should run in parallel to download chunks.
 
---chunker-fail-hard
+    Higher values will mean more parallel processing (better CPU needed)
+    and more concurrent requests on the cloud provider.  This impacts
+    several aspects like the cloud provider API limits, more stress on the
+    hardware that rclone runs on but it also means that streams will be
+    more fluid and data will be available much more faster to readers.
 
-Choose how chunker should handle files with missing or invalid chunks.
+    **Note**: If the optional Plex integration is enabled then this
+    setting will adapt to the type of reading performed and the value
+    specified here will be used as a maximum number of workers to use.
 
-Properties:
+    Properties:
 
--   Config: fail_hard
--   Env Var: RCLONE_CHUNKER_FAIL_HARD
--   Type: bool
--   Default: false
--   Examples:
-    -   "true"
-        -   Report errors and abort current command.
-    -   "false"
-        -   Warn user, skip incomplete file and proceed.
+    - Config:      workers
+    - Env Var:     RCLONE_CACHE_WORKERS
+    - Type:        int
+    - Default:     4
 
---chunker-transactions
+    #### --cache-chunk-no-memory
 
-Choose how chunker should handle temporary files during transactions.
+    Disable the in-memory cache for storing chunks during streaming.
 
-Properties:
+    By default, cache will keep file data during streaming in RAM as well
+    to provide it to readers as fast as possible.
 
--   Config: transactions
--   Env Var: RCLONE_CHUNKER_TRANSACTIONS
--   Type: string
--   Default: "rename"
--   Examples:
-    -   "rename"
-        -   Rename temporary files after a successful transaction.
-    -   "norename"
-        -   Leave temporary file names and write transaction ID to
-            metadata file.
-        -   Metadata is required for no rename transactions (meta format
-            cannot be "none").
-        -   If you are using norename transactions you should be careful
-            not to downgrade Rclone
-        -   as older versions of Rclone don't support this transaction
-            style and will misinterpret
-        -   files manipulated by norename transactions.
-        -   This method is EXPERIMENTAL, don't use on production
-            systems.
-    -   "auto"
-        -   Rename or norename will be used depending on capabilities of
-            the backend.
-        -   If meta format is set to "none", rename transactions will
-            always be used.
-        -   This method is EXPERIMENTAL, don't use on production
-            systems.
-
-Citrix ShareFile
-
-Citrix ShareFile is a secure file sharing and transfer service aimed as
-business.
+    This transient data is evicted as soon as it is read and the number of
+    chunks stored doesn't exceed the number of workers. However, depending
+    on other settings like "cache-chunk-size" and "cache-workers" this footprint
+    can increase if there are parallel streams too (multiple files being read
+    at the same time).
 
-Configuration
+    If the hardware permits it, use this feature to provide an overall better
+    performance during streaming but it can also be disabled if RAM is not
+    available on the local machine.
 
-The initial setup for Citrix ShareFile involves getting a token from
-Citrix ShareFile which you can in your browser. rclone config walks you
-through it.
+    Properties:
 
-Here is an example of how to make a remote called remote. First run:
+    - Config:      chunk_no_memory
+    - Env Var:     RCLONE_CACHE_CHUNK_NO_MEMORY
+    - Type:        bool
+    - Default:     false
 
-     rclone config
+    #### --cache-rps
 
-This will guide you through an interactive setup process:
+    Limits the number of requests per second to the source FS (-1 to disable).
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    XX / Citrix Sharefile
-       \ "sharefile"
-    Storage> sharefile
-    ** See help for sharefile backend at: https://rclone.org/sharefile/ **
+    This setting places a hard limit on the number of requests per second
+    that cache will be doing to the cloud provider remote and try to
+    respect that value by setting waits between reads.
 
-    ID of the root folder
+    If you find that you're getting banned or limited on the cloud
+    provider through cache and know that a smaller number of requests per
+    second will allow you to work with it then you can use this setting
+    for that.
 
-    Leave blank to access "Personal Folders".  You can use one of the
-    standard values here or any folder ID (long hex number ID).
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / Access the Personal Folders. (Default)
-       \ ""
-     2 / Access the Favorites folder.
-       \ "favorites"
-     3 / Access all the shared folders.
-       \ "allshared"
-     4 / Access all the individual connectors.
-       \ "connectors"
-     5 / Access the home, favorites, and shared folders as well as the connectors.
-       \ "top"
-    root_folder_id> 
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No
-    y/n> n
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [remote]
-    type = sharefile
-    endpoint = https://XXX.sharefile.com
-    token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2019-09-30T19:41:45.878561877+01:00"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    A good balance of all the other settings should make this setting
+    useless but it is available to set for more special cases.
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+    **NOTE**: This will limit the number of requests during streams but
+    other API calls to the cloud provider like directory listings will
+    still pass.
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Citrix ShareFile. This only runs from the moment
-it opens your browser to the moment you get back the verification code.
-This is on http://127.0.0.1:53682/ and this it may require you to
-unblock it temporarily if you are running a host firewall.
+    Properties:
 
-Once configured you can then use rclone like this,
+    - Config:      rps
+    - Env Var:     RCLONE_CACHE_RPS
+    - Type:        int
+    - Default:     -1
 
-List directories in top level of your ShareFile
+    #### --cache-writes
 
-    rclone lsd remote:
+    Cache file data on writes through the FS.
 
-List all the files in your ShareFile
+    If you need to read files immediately after you upload them through
+    cache you can enable this flag to have their data stored in the
+    cache store at the same time during upload.
 
-    rclone ls remote:
+    Properties:
 
-To copy a local directory to an ShareFile directory called backup
+    - Config:      writes
+    - Env Var:     RCLONE_CACHE_WRITES
+    - Type:        bool
+    - Default:     false
 
-    rclone copy /home/source remote:backup
+    #### --cache-tmp-upload-path
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    Directory to keep temporary files until they are uploaded.
 
-Modified time and hashes
+    This is the path where cache will use as a temporary storage for new
+    files that need to be uploaded to the cloud provider.
 
-ShareFile allows modification times to be set on objects accurate to 1
-second. These will be used to detect whether objects need syncing or
-not.
+    Specifying a value will enable this feature. Without it, it is
+    completely disabled and files will be uploaded directly to the cloud
+    provider
 
-ShareFile supports MD5 type hashes, so you can use the --checksum flag.
+    Properties:
 
-Transfers
+    - Config:      tmp_upload_path
+    - Env Var:     RCLONE_CACHE_TMP_UPLOAD_PATH
+    - Type:        string
+    - Required:    false
 
-For files above 128 MiB rclone will use a chunked transfer. Rclone will
-upload up to --transfers chunks at the same time (shared among all the
-multipart uploads). Chunks are buffered in memory and are normally 64
-MiB so increasing --transfers will increase memory use.
+    #### --cache-tmp-wait-time
 
-Restricted filename characters
+    How long should files be stored in local cache before being uploaded.
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    This is the duration that a file must wait in the temporary location
+    _cache-tmp-upload-path_ before it is selected for upload.
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  \            0x5C        ＼
-  *            0x2A        ＊
-  <            0x3C        ＜
-  >            0x3E        ＞
-  ?            0x3F        ？
-  :            0x3A        ：
-  |            0x7C        ｜
-  "            0x22        ＂
+    Note that only one file is uploaded at a time and it can take longer
+    to start the upload if a queue formed for this purpose.
 
-File names can also not start or end with the following characters.
-These only get replaced if they are the first or last character in the
-name:
+    Properties:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  SP           0x20         ␠
-  .            0x2E        ．
+    - Config:      tmp_wait_time
+    - Env Var:     RCLONE_CACHE_TMP_WAIT_TIME
+    - Type:        Duration
+    - Default:     15s
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    #### --cache-db-wait-time
 
-Standard options
+    How long to wait for the DB to be available - 0 is unlimited.
 
-Here are the Standard options specific to sharefile (Citrix Sharefile).
+    Only one process can have the DB open at any one time, so rclone waits
+    for this duration for the DB to become available before it gives an
+    error.
 
---sharefile-root-folder-id
+    If you set it to 0 then it will wait forever.
 
-ID of the root folder.
+    Properties:
 
-Leave blank to access "Personal Folders". You can use one of the
-standard values here or any folder ID (long hex number ID).
+    - Config:      db_wait_time
+    - Env Var:     RCLONE_CACHE_DB_WAIT_TIME
+    - Type:        Duration
+    - Default:     1s
 
-Properties:
+    ## Backend commands
 
--   Config: root_folder_id
--   Env Var: RCLONE_SHAREFILE_ROOT_FOLDER_ID
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Access the Personal Folders (default).
-    -   "favorites"
-        -   Access the Favorites folder.
-    -   "allshared"
-        -   Access all the shared folders.
-    -   "connectors"
-        -   Access all the individual connectors.
-    -   "top"
-        -   Access the home, favorites, and shared folders as well as
-            the connectors.
+    Here are the commands specific to the cache backend.
 
-Advanced options
+    Run them with
 
-Here are the Advanced options specific to sharefile (Citrix Sharefile).
+        rclone backend COMMAND remote:
 
---sharefile-upload-cutoff
+    The help below will explain what arguments each command takes.
 
-Cutoff for switching to multipart upload.
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
 
-Properties:
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
 
--   Config: upload_cutoff
--   Env Var: RCLONE_SHAREFILE_UPLOAD_CUTOFF
--   Type: SizeSuffix
--   Default: 128Mi
+    ### stats
 
---sharefile-chunk-size
+    Print stats on the cache backend in JSON format.
 
-Upload chunk size.
+        rclone backend stats remote: [options] [<arguments>+]
 
-Must a power of 2 >= 256k.
 
-Making this larger will improve performance, but note that each chunk is
-buffered in memory one per transfer.
 
-Reducing this will reduce memory usage but decrease performance.
+    #  Chunker
 
-Properties:
+    The `chunker` overlay transparently splits large files into smaller chunks
+    during upload to wrapped remote and transparently assembles them back
+    when the file is downloaded. This allows to effectively overcome size limits
+    imposed by storage providers.
 
--   Config: chunk_size
--   Env Var: RCLONE_SHAREFILE_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 64Mi
+    ## Configuration
 
---sharefile-endpoint
+    To use it, first set up the underlying remote following the configuration
+    instructions for that remote. You can also use a local pathname instead of
+    a remote.
 
-Endpoint for API calls.
+    First check your chosen remote is working - we'll call it `remote:path` here.
+    Note that anything inside `remote:path` will be chunked and anything outside
+    won't. This means that if you are using a bucket-based remote (e.g. S3, B2, swift)
+    then you should probably put the bucket in the remote `s3:bucket`.
 
-This is usually auto discovered as part of the oauth process, but can be
-set manually to something like: https://XXX.sharefile.com
+    Now configure `chunker` using `rclone config`. We will call this one `overlay`
+    to separate it from the `remote` itself.
 
-Properties:
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> overlay Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Transparently chunk/split large files  "chunker" [snip] Storage>
+chunker Remote to chunk/unchunk. Normally should contain a ':' and a
+path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe
+"myremote:" (not recommended). Enter a string value. Press Enter for the
+default (""). remote> remote:path Files larger than chunk size will be
+split in chunks. Enter a size with suffix K,M,G,T. Press Enter for the
+default ("2G"). chunk_size> 100M Choose how chunker handles hash sums.
+All modes but "none" require metadata. Enter a string value. Press Enter
+for the default ("md5"). Choose a number from below, or type in your own
+value 1 / Pass any hash supported by wrapped remote for non-chunked
+files, return nothing otherwise  "none" 2 / MD5 for composite files
+ "md5" 3 / SHA1 for composite files  "sha1" 4 / MD5 for all files
+ "md5all" 5 / SHA1 for all files  "sha1all" 6 / Copying a file to
+chunker will request MD5 from the source falling back to SHA1 if
+unsupported  "md5quick" 7 / Similar to "md5quick" but prefers SHA1 over
+MD5  "sha1quick" hash_type> md5 Edit advanced config? (y/n) y) Yes n) No
+y/n> n Remote config -------------------- [overlay] type = chunker
+remote = remote:bucket chunk_size = 100M hash_type = md5
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
--   Config: endpoint
--   Env Var: RCLONE_SHAREFILE_ENDPOINT
--   Type: string
--   Required: false
 
---sharefile-encoding
+    ### Specifying the remote
 
-The encoding for the backend.
+    In normal use, make sure the remote has a `:` in. If you specify the remote
+    without a `:` then rclone will use a local directory of that name.
+    So if you use a remote of `/path/to/secret/files` then rclone will
+    chunk stuff in that directory. If you use a remote of `name` then rclone
+    will put files in a directory called `name` in the current directory.
 
-See the encoding section in the overview for more info.
 
-Properties:
+    ### Chunking
 
--   Config: encoding
--   Env Var: RCLONE_SHAREFILE_ENCODING
--   Type: MultiEncoder
--   Default:
-    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
+    When rclone starts a file upload, chunker checks the file size. If it
+    doesn't exceed the configured chunk size, chunker will just pass the file
+    to the wrapped remote (however, see caveat below). If a file is large, chunker will transparently cut
+    data in pieces with temporary names and stream them one by one, on the fly.
+    Each data chunk will contain the specified number of bytes, except for the
+    last one which may have less data. If file size is unknown in advance
+    (this is called a streaming upload), chunker will internally create
+    a temporary copy, record its size and repeat the above process.
 
-Limitations
+    When upload completes, temporary chunk files are finally renamed.
+    This scheme guarantees that operations can be run in parallel and look
+    from outside as atomic.
+    A similar method with hidden temporary chunks is used for other operations
+    (copy/move/rename, etc.). If an operation fails, hidden chunks are normally
+    destroyed, and the target composite file stays intact.
+
+    When a composite file download is requested, chunker transparently
+    assembles it by concatenating data chunks in order. As the split is trivial
+    one could even manually concatenate data chunks together to obtain the
+    original content.
+
+    When the `list` rclone command scans a directory on wrapped remote,
+    the potential chunk files are accounted for, grouped and assembled into
+    composite directory entries. Any temporary chunks are hidden.
+
+    List and other commands can sometimes come across composite files with
+    missing or invalid chunks, e.g. shadowed by like-named directory or
+    another file. This usually means that wrapped file system has been directly
+    tampered with or damaged. If chunker detects a missing chunk it will
+    by default print warning, skip the whole incomplete group of chunks but
+    proceed with current command.
+    You can set the `--chunker-fail-hard` flag to have commands abort with
+    error message in such cases.
+
+    **Caveat**: As it is now, chunker will always create a temporary file in the 
+    backend and then rename it, even if the file is below the chunk threshold.
+    This will result in unnecessary API calls and can severely restrict throughput
+    when handling transfers primarily composed of small files on some backends (e.g. Box).
+    A workaround to this issue is to use chunker only for files above the chunk threshold
+    via `--min-size` and then perform a separate call without chunker on the remaining
+    files. 
+
+
+    #### Chunk names
+
+    The default chunk name format is `*.rclone_chunk.###`, hence by default
+    chunk names are `BIG_FILE_NAME.rclone_chunk.001`,
+    `BIG_FILE_NAME.rclone_chunk.002` etc. You can configure another name format
+    using the `name_format` configuration file option. The format uses asterisk
+    `*` as a placeholder for the base file name and one or more consecutive
+    hash characters `#` as a placeholder for sequential chunk number.
+    There must be one and only one asterisk. The number of consecutive hash
+    characters defines the minimum length of a string representing a chunk number.
+    If decimal chunk number has less digits than the number of hashes, it is
+    left-padded by zeros. If the decimal string is longer, it is left intact.
+    By default numbering starts from 1 but there is another option that allows
+    user to start from 0, e.g. for compatibility with legacy software.
+
+    For example, if name format is `big_*-##.part` and original file name is
+    `data.txt` and numbering starts from 0, then the first chunk will be named
+    `big_data.txt-00.part`, the 99th chunk will be `big_data.txt-98.part`
+    and the 302nd chunk will become `big_data.txt-301.part`.
+
+    Note that `list` assembles composite directory entries only when chunk names
+    match the configured format and treats non-conforming file names as normal
+    non-chunked files.
+
+    When using `norename` transactions, chunk names will additionally have a unique
+    file version suffix. For example, `BIG_FILE_NAME.rclone_chunk.001_bp562k`.
+
+
+    ### Metadata
+
+    Besides data chunks chunker will by default create metadata object for
+    a composite file. The object is named after the original file.
+    Chunker allows user to disable metadata completely (the `none` format).
+    Note that metadata is normally not created for files smaller than the
+    configured chunk size. This may change in future rclone releases.
+
+    #### Simple JSON metadata format
+
+    This is the default format. It supports hash sums and chunk validation
+    for composite files. Meta objects carry the following fields:
+
+    - `ver`     - version of format, currently `1`
+    - `size`    - total size of composite file
+    - `nchunks` - number of data chunks in file
+    - `md5`     - MD5 hashsum of composite file (if present)
+    - `sha1`    - SHA1 hashsum (if present)
+    - `txn`     - identifies current version of the file
+
+    There is no field for composite file name as it's simply equal to the name
+    of meta object on the wrapped remote. Please refer to respective sections
+    for details on hashsums and modified time handling.
+
+    #### No metadata
+
+    You can disable meta objects by setting the meta format option to `none`.
+    In this mode chunker will scan directory for all files that follow
+    configured chunk name format, group them by detecting chunks with the same
+    base name and show group names as virtual composite files.
+    This method is more prone to missing chunk errors (especially missing
+    last chunk) than format with metadata enabled.
+
+
+    ### Hashsums
+
+    Chunker supports hashsums only when a compatible metadata is present.
+    Hence, if you choose metadata format of `none`, chunker will report hashsum
+    as `UNSUPPORTED`.
+
+    Please note that by default metadata is stored only for composite files.
+    If a file is smaller than configured chunk size, chunker will transparently
+    redirect hash requests to wrapped remote, so support depends on that.
+    You will see the empty string as a hashsum of requested type for small
+    files if the wrapped remote doesn't support it.
+
+    Many storage backends support MD5 and SHA1 hash types, so does chunker.
+    With chunker you can choose one or another but not both.
+    MD5 is set by default as the most supported type.
+    Since chunker keeps hashes for composite files and falls back to the
+    wrapped remote hash for non-chunked ones, we advise you to choose the same
+    hash type as supported by wrapped remote so that your file listings
+    look coherent.
+
+    If your storage backend does not support MD5 or SHA1 but you need consistent
+    file hashing, configure chunker with `md5all` or `sha1all`. These two modes
+    guarantee given hash for all files. If wrapped remote doesn't support it,
+    chunker will then add metadata to all files, even small. However, this can
+    double the amount of small files in storage and incur additional service charges.
+    You can even use chunker to force md5/sha1 support in any other remote
+    at expense of sidecar meta objects by setting e.g. `hash_type=sha1all`
+    to force hashsums and `chunk_size=1P` to effectively disable chunking.
+
+    Normally, when a file is copied to chunker controlled remote, chunker
+    will ask the file source for compatible file hash and revert to on-the-fly
+    calculation if none is found. This involves some CPU overhead but provides
+    a guarantee that given hashsum is available. Also, chunker will reject
+    a server-side copy or move operation if source and destination hashsum
+    types are different resulting in the extra network bandwidth, too.
+    In some rare cases this may be undesired, so chunker provides two optional
+    choices: `sha1quick` and `md5quick`. If the source does not support primary
+    hash type and the quick mode is enabled, chunker will try to fall back to
+    the secondary type. This will save CPU and bandwidth but can result in empty
+    hashsums at destination. Beware of consequences: the `sync` command will
+    revert (sometimes silently) to time/size comparison if compatible hashsums
+    between source and target are not found.
+
+
+    ### Modification times
+
+    Chunker stores modification times using the wrapped remote so support
+    depends on that. For a small non-chunked file the chunker overlay simply
+    manipulates modification time of the wrapped remote file.
+    For a composite file with metadata chunker will get and set
+    modification time of the metadata object on the wrapped remote.
+    If file is chunked but metadata format is `none` then chunker will
+    use modification time of the first data chunk.
+
+
+    ### Migrations
+
+    The idiomatic way to migrate to a different chunk size, hash type, transaction
+    style or chunk naming scheme is to:
+
+    - Collect all your chunked files under a directory and have your
+      chunker remote point to it.
+    - Create another directory (most probably on the same cloud storage)
+      and configure a new remote with desired metadata format,
+      hash type, chunk naming etc.
+    - Now run `rclone sync --interactive oldchunks: newchunks:` and all your data
+      will be transparently converted in transfer.
+      This may take some time, yet chunker will try server-side
+      copy if possible.
+    - After checking data integrity you may remove configuration section
+      of the old remote.
+
+    If rclone gets killed during a long operation on a big composite file,
+    hidden temporary chunks may stay in the directory. They will not be
+    shown by the `list` command but will eat up your account quota.
+    Please note that the `deletefile` command deletes only active
+    chunks of a file. As a workaround, you can use remote of the wrapped
+    file system to see them.
+    An easy way to get rid of hidden garbage is to copy littered directory
+    somewhere using the chunker remote and purge the original directory.
+    The `copy` command will copy only active chunks while the `purge` will
+    remove everything including garbage.
+
+
+    ### Caveats and Limitations
+
+    Chunker requires wrapped remote to support server-side `move` (or `copy` +
+    `delete`) operations, otherwise it will explicitly refuse to start.
+    This is because it internally renames temporary chunk files to their final
+    names when an operation completes successfully.
+
+    Chunker encodes chunk number in file name, so with default `name_format`
+    setting it adds 17 characters. Also chunker adds 7 characters of temporary
+    suffix during operations. Many file systems limit base file name without path
+    by 255 characters. Using rclone's crypt remote as a base file system limits
+    file name by 143 characters. Thus, maximum name length is 231 for most files
+    and 119 for chunker-over-crypt. A user in need can change name format to
+    e.g. `*.rcc##` and save 10 characters (provided at most 99 chunks per file).
+
+    Note that a move implemented using the copy-and-delete method may incur
+    double charging with some cloud storage providers.
+
+    Chunker will not automatically rename existing chunks when you run
+    `rclone config` on a live remote and change the chunk name format.
+    Beware that in result of this some files which have been treated as chunks
+    before the change can pop up in directory listings as normal files
+    and vice versa. The same warning holds for the chunk size.
+    If you desperately need to change critical chunking settings, you should
+    run data migration as described above.
+
+    If wrapped remote is case insensitive, the chunker overlay will inherit
+    that property (so you can't have a file called "Hello.doc" and "hello.doc"
+    in the same directory).
+
+    Chunker included in rclone releases up to `v1.54` can sometimes fail to
+    detect metadata produced by recent versions of rclone. We recommend users
+    to keep rclone up-to-date to avoid data corruption.
+
+    Changing `transactions` is dangerous and requires explicit migration.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to chunker (Transparently chunk/split large files).
+
+    #### --chunker-remote
 
-Note that ShareFile is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+    Remote to chunk/unchunk.
 
-ShareFile only supports filenames up to 256 characters in length.
+    Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+    "myremote:bucket" or maybe "myremote:" (not recommended).
 
-rclone about is not supported by the Citrix ShareFile backend. Backends
-without this capability cannot determine free space for an rclone mount
-or use policy mfs (most free space) as a member of an rclone union
-remote.
+    Properties:
 
-See List of backends that do not support rclone about and rclone about
+    - Config:      remote
+    - Env Var:     RCLONE_CHUNKER_REMOTE
+    - Type:        string
+    - Required:    true
 
-Crypt
-
-Rclone crypt remotes encrypt and decrypt other remotes.
-
-A remote of type crypt does not access a storage system directly, but
-instead wraps another remote, which in turn accesses the storage system.
-This is similar to how alias, union, chunker and a few others work. It
-makes the usage very flexible, as you can add a layer, in this case an
-encryption layer, on top of any other backend, even in multiple layers.
-Rclone's functionality can be used as with any other remote, for example
-you can mount a crypt remote.
-
-Accessing a storage system through a crypt remote realizes client-side
-encryption, which makes it safe to keep your data in a location you do
-not trust will not get compromised. When working against the crypt
-remote, rclone will automatically encrypt (before uploading) and decrypt
-(after downloading) on your local system as needed on the fly, leaving
-the data encrypted at rest in the wrapped remote. If you access the
-storage system using an application other than rclone, or access the
-wrapped remote directly using rclone, there will not be any
-encryption/decryption: Downloading existing content will just give you
-the encrypted (scrambled) format, and anything you upload will not
-become encrypted.
-
-The encryption is a secret-key encryption (also called symmetric key
-encryption) algorithm, where a password (or pass phrase) is used to
-generate real encryption key. The password can be supplied by user, or
-you may chose to let rclone generate one. It will be stored in the
-configuration file, in a lightly obscured form. If you are in an
-environment where you are not able to keep your configuration secured,
-you should add configuration encryption as protection. As long as you
-have this configuration file, you will be able to decrypt your data.
-Without the configuration file, as long as you remember the password (or
-keep it in a safe place), you can re-create the configuration and gain
-access to the existing data. You may also configure a corresponding
-remote in a different installation to access the same data. See below
-for guidance to changing password.
-
-Encryption uses cryptographic salt, to permute the encryption key so
-that the same string may be encrypted in different ways. When
-configuring the crypt remote it is optional to enter a salt, or to let
-rclone generate a unique salt. If omitted, rclone uses a built-in unique
-string. Normally in cryptography, the salt is stored together with the
-encrypted content, and do not have to be memorized by the user. This is
-not the case in rclone, because rclone does not store any additional
-information on the remotes. Use of custom salt is effectively a second
-password that must be memorized.
-
-File content encryption is performed using NaCl SecretBox, based on
-XSalsa20 cipher and Poly1305 for integrity. Names (file- and directory
-names) are also encrypted by default, but this has some implications and
-is therefore possible to be turned off.
+    #### --chunker-chunk-size
 
-Configuration
+    Files larger than chunk size will be split in chunks.
 
-Here is an example of how to make a remote called secret.
+    Properties:
 
-To use crypt, first set up the underlying remote. Follow the
-rclone config instructions for the specific backend.
+    - Config:      chunk_size
+    - Env Var:     RCLONE_CHUNKER_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     2Gi
 
-Before configuring the crypt remote, check the underlying remote is
-working. In this example the underlying remote is called remote. We will
-configure a path path within this remote to contain the encrypted
-content. Anything inside remote:path will be encrypted and anything
-outside will not.
+    #### --chunker-hash-type
 
-Configure crypt using rclone config. In this example the crypt remote is
-called secret, to differentiate it from the underlying remote.
+    Choose how chunker handles hash sums.
 
-When you are done you can use the crypt remote named secret just as you
-would with any other remote, e.g. rclone copy D:\docs secret:\docs, and
-rclone will encrypt and decrypt as needed on the fly. If you access the
-wrapped remote remote:path directly you will bypass the encryption, and
-anything you read will be in encrypted form, and anything you write will
-be unencrypted. To avoid issues it is best to configure a dedicated path
-for encrypted content, and access it exclusively through a crypt remote.
+    All modes but "none" require metadata.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> secret
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Encrypt/Decrypt a remote
-       \ "crypt"
-    [snip]
-    Storage> crypt
-    ** See help for crypt backend at: https://rclone.org/crypt/ **
+    Properties:
 
-    Remote to encrypt/decrypt.
-    Normally should contain a ':' and a path, eg "myremote:path/to/dir",
-    "myremote:bucket" or maybe "myremote:" (not recommended).
-    Enter a string value. Press Enter for the default ("").
-    remote> remote:path
-    How to encrypt the filenames.
-    Enter a string value. Press Enter for the default ("standard").
-    Choose a number from below, or type in your own value.
-       / Encrypt the filenames.
-     1 | See the docs for the details.
-       \ "standard"
-     2 / Very simple filename obfuscation.
-       \ "obfuscate"
-       / Don't encrypt the file names.
-     3 | Adds a ".bin" extension only.
-       \ "off"
-    filename_encryption>
-    Option to either encrypt directory names or leave them intact.
+    - Config:      hash_type
+    - Env Var:     RCLONE_CHUNKER_HASH_TYPE
+    - Type:        string
+    - Default:     "md5"
+    - Examples:
+        - "none"
+            - Pass any hash supported by wrapped remote for non-chunked files.
+            - Return nothing otherwise.
+        - "md5"
+            - MD5 for composite files.
+        - "sha1"
+            - SHA1 for composite files.
+        - "md5all"
+            - MD5 for all files.
+        - "sha1all"
+            - SHA1 for all files.
+        - "md5quick"
+            - Copying a file to chunker will request MD5 from the source.
+            - Falling back to SHA1 if unsupported.
+        - "sha1quick"
+            - Similar to "md5quick" but prefers SHA1 over MD5.
 
-    NB If filename_encryption is "off" then this option will do nothing.
-    Enter a boolean value (true or false). Press Enter for the default ("true").
-    Choose a number from below, or type in your own value
-     1 / Encrypt directory names.
-       \ "true"
-     2 / Don't encrypt directory names, leave them intact.
-       \ "false"
-    directory_name_encryption>
-    Password or pass phrase for encryption.
-    y) Yes type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Password or pass phrase for salt. Optional but recommended.
-    Should be different to the previous password.
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank (default)
-    y/g/n> g
-    Password strength in bits.
-    64 is just about memorable
-    128 is secure
-    1024 is the maximum
-    Bits> 128
-    Your password is: JAsJvRcgR-_veXNfy_sGmQ
-    Use this password? Please note that an obscured version of this
-    password (and not the password itself) will be stored under your
-    configuration file, so keep this generated password in a safe place.
-    y) Yes (default)
-    n) No
-    y/n>
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No (default)
-    y/n>
-    Remote config
-    --------------------
-    [secret]
-    type = crypt
-    remote = remote:path
-    password = *** ENCRYPTED ***
-    password2 = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d>
+    ### Advanced options
 
-Important The crypt password stored in rclone.conf is lightly obscured.
-That only protects it from cursory inspection. It is not secure unless
-configuration encryption of rclone.conf is specified.
+    Here are the Advanced options specific to chunker (Transparently chunk/split large files).
 
-A long passphrase is recommended, or rclone config can generate a random
-one.
+    #### --chunker-name-format
 
-The obscured password is created using AES-CTR with a static key. The
-salt is stored verbatim at the beginning of the obscured password. This
-static key is shared between all versions of rclone.
-
-If you reconfigure rclone with the same passwords/passphrases elsewhere
-it will be compatible, but the obscured version will be different due to
-the different salt.
-
-Rclone does not encrypt
-
--   file length - this can be calculated within 16 bytes
--   modification time - used for syncing
-
-Specifying the remote
-
-When configuring the remote to encrypt/decrypt, you may specify any
-string that rclone accepts as a source/destination of other commands.
-
-The primary use case is to specify the path into an already configured
-remote (e.g. remote:path/to/dir or remote:bucket), such that data in a
-remote untrusted location can be stored encrypted.
-
-You may also specify a local filesystem path, such as /path/to/dir on
-Linux, C:\path\to\dir on Windows. By creating a crypt remote pointing to
-such a local filesystem path, you can use rclone as a utility for pure
-local file encryption, for example to keep encrypted files on a
-removable USB drive.
-
-Note: A string which do not contain a : will by rclone be treated as a
-relative path in the local filesystem. For example, if you enter the
-name remote without the trailing :, it will be treated as a subdirectory
-of the current directory with name "remote".
-
-If a path remote:path/to/dir is specified, rclone stores encrypted files
-in path/to/dir on the remote. With file name encryption, files saved to
-secret:subdir/subfile are stored in the unencrypted path path/to/dir but
-the subdir/subpath element is encrypted.
-
-The path you specify does not have to exist, rclone will create it when
-needed.
-
-If you intend to use the wrapped remote both directly for keeping
-unencrypted content, as well as through a crypt remote for encrypted
-content, it is recommended to point the crypt remote to a separate
-directory within the wrapped remote. If you use a bucket-based storage
-system (e.g. Swift, S3, Google Compute Storage, B2) it is generally
-advisable to wrap the crypt remote around a specific bucket (s3:bucket).
-If wrapping around the entire root of the storage (s3:), and use the
-optional file name encryption, rclone will encrypt the bucket name.
-
-Changing password
-
-Should the password, or the configuration file containing a lightly
-obscured form of the password, be compromised, you need to re-encrypt
-your data with a new password. Since rclone uses secret-key encryption,
-where the encryption key is generated directly from the password kept on
-the client, it is not possible to change the password/key of already
-encrypted content. Just changing the password configured for an existing
-crypt remote means you will no longer able to decrypt any of the
-previously encrypted content. The only possibility is to re-upload
-everything via a crypt remote configured with your new password.
-
-Depending on the size of your data, your bandwidth, storage quota etc,
-there are different approaches you can take: - If you have everything in
-a different location, for example on your local system, you could remove
-all of the prior encrypted files, change the password for your
-configured crypt remote (or delete and re-create the crypt
-configuration), and then re-upload everything from the alternative
-location. - If you have enough space on the storage system you can
-create a new crypt remote pointing to a separate directory on the same
-backend, and then use rclone to copy everything from the original crypt
-remote to the new, effectively decrypting everything on the fly using
-the old password and re-encrypting using the new password. When done,
-delete the original crypt remote directory and finally the rclone crypt
-configuration with the old password. All data will be streamed from the
-storage system and back, so you will get half the bandwidth and be
-charged twice if you have upload and download quota on the storage
-system.
+    String format of chunk file names.
 
-Note: A security problem related to the random password generator was
-fixed in rclone version 1.53.3 (released 2020-11-19). Passwords
-generated by rclone config in version 1.49.0 (released 2019-08-26) to
-1.53.2 (released 2020-10-26) are not considered secure and should be
-changed. If you made up your own password, or used rclone version older
-than 1.49.0 or newer than 1.53.2 to generate it, you are not affected by
-this issue. See issue #4783 for more details, and a tool you can use to
-check if you are affected.
+    The two placeholders are: base file name (*) and chunk number (#...).
+    There must be one and only one asterisk and one or more consecutive hash characters.
+    If chunk number has less digits than the number of hashes, it is left-padded by zeros.
+    If there are more digits in the number, they are left as is.
+    Possible chunk files are ignored if their name does not match given format.
 
-Example
+    Properties:
 
-Create the following file structure using "standard" file name
-encryption.
+    - Config:      name_format
+    - Env Var:     RCLONE_CHUNKER_NAME_FORMAT
+    - Type:        string
+    - Default:     "*.rclone_chunk.###"
 
-    plaintext/
-    ├── file0.txt
-    ├── file1.txt
-    └── subdir
-        ├── file2.txt
-        ├── file3.txt
-        └── subsubdir
-            └── file4.txt
-
-Copy these to the remote, and list them
-
-    $ rclone -q copy plaintext secret:
-    $ rclone -q ls secret:
-            7 file1.txt
-            6 file0.txt
-            8 subdir/file2.txt
-           10 subdir/subsubdir/file4.txt
-            9 subdir/file3.txt
-
-The crypt remote looks like
-
-    $ rclone -q ls remote:path
-           55 hagjclgavj2mbiqm6u6cnjjqcg
-           54 v05749mltvv1tf4onltun46gls
-           57 86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo
-           58 86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
-           56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps
-
-The directory structure is preserved
-
-    $ rclone -q ls secret:subdir
-            8 file2.txt
-            9 file3.txt
-           10 subsubdir/file4.txt
-
-Without file name encryption .bin extensions are added to underlying
-names. This prevents the cloud provider attempting to interpret file
-content.
+    #### --chunker-start-from
 
-    $ rclone -q ls remote:path
-           54 file0.txt.bin
-           57 subdir/file3.txt.bin
-           56 subdir/file2.txt.bin
-           58 subdir/subsubdir/file4.txt.bin
-           55 file1.txt.bin
+    Minimum valid chunk number. Usually 0 or 1.
 
-File name encryption modes
+    By default chunk numbers start from 1.
 
-Off
+    Properties:
 
--   doesn't hide file names or directory structure
--   allows for longer file names (~246 characters)
--   can use sub paths and copy single files
+    - Config:      start_from
+    - Env Var:     RCLONE_CHUNKER_START_FROM
+    - Type:        int
+    - Default:     1
 
-Standard
+    #### --chunker-meta-format
 
--   file names encrypted
--   file names can't be as long (~143 characters)
--   can use sub paths and copy single files
--   directory structure visible
--   identical files names will have identical uploaded names
--   can use shortcuts to shorten the directory recursion
+    Format of the metadata object or "none".
 
-Obfuscation
+    By default "simplejson".
+    Metadata is a small JSON file named after the composite file.
 
-This is a simple "rotate" of the filename, with each file having a rot
-distance based on the filename. Rclone stores the distance at the
-beginning of the filename. A file called "hello" may become "53.jgnnq".
+    Properties:
 
-Obfuscation is not a strong encryption of filenames, but hinders
-automated scanning tools picking up on filename patterns. It is an
-intermediate between "off" and "standard" which allows for longer path
-segment names.
+    - Config:      meta_format
+    - Env Var:     RCLONE_CHUNKER_META_FORMAT
+    - Type:        string
+    - Default:     "simplejson"
+    - Examples:
+        - "none"
+            - Do not use metadata files at all.
+            - Requires hash type "none".
+        - "simplejson"
+            - Simple JSON supports hash sums and chunk validation.
+            - 
+            - It has the following fields: ver, size, nchunks, md5, sha1.
 
-There is a possibility with some unicode based filenames that the
-obfuscation is weak and may map lower case characters to upper case
-equivalents.
+    #### --chunker-fail-hard
 
-Obfuscation cannot be relied upon for strong protection.
+    Choose how chunker should handle files with missing or invalid chunks.
 
--   file names very lightly obfuscated
--   file names can be longer than standard encryption
--   can use sub paths and copy single files
--   directory structure visible
--   identical files names will have identical uploaded names
+    Properties:
 
-Cloud storage systems have limits on file name length and total path
-length which rclone is more likely to breach using "Standard" file name
-encryption. Where file names are less than 156 characters in length
-issues should not be encountered, irrespective of cloud storage
-provider.
+    - Config:      fail_hard
+    - Env Var:     RCLONE_CHUNKER_FAIL_HARD
+    - Type:        bool
+    - Default:     false
+    - Examples:
+        - "true"
+            - Report errors and abort current command.
+        - "false"
+            - Warn user, skip incomplete file and proceed.
 
-An experimental advanced option filename_encoding is now provided to
-address this problem to a certain degree. For cloud storage systems with
-case sensitive file names (e.g. Google Drive), base64 can be used to
-reduce file name length. For cloud storage systems using UTF-16 to store
-file names internally (e.g. OneDrive), base32768 can be used to
-drastically reduce file name length.
+    #### --chunker-transactions
 
-An alternative, future rclone file name encryption mode may tolerate
-backend provider path length limits.
+    Choose how chunker should handle temporary files during transactions.
 
-Directory name encryption
+    Properties:
 
-Crypt offers the option of encrypting dir names or leaving them intact.
-There are two options:
+    - Config:      transactions
+    - Env Var:     RCLONE_CHUNKER_TRANSACTIONS
+    - Type:        string
+    - Default:     "rename"
+    - Examples:
+        - "rename"
+            - Rename temporary files after a successful transaction.
+        - "norename"
+            - Leave temporary file names and write transaction ID to metadata file.
+            - Metadata is required for no rename transactions (meta format cannot be "none").
+            - If you are using norename transactions you should be careful not to downgrade Rclone
+            - as older versions of Rclone don't support this transaction style and will misinterpret
+            - files manipulated by norename transactions.
+            - This method is EXPERIMENTAL, don't use on production systems.
+        - "auto"
+            - Rename or norename will be used depending on capabilities of the backend.
+            - If meta format is set to "none", rename transactions will always be used.
+            - This method is EXPERIMENTAL, don't use on production systems.
 
-True
 
-Encrypts the whole file path including directory names Example:
-1/12/123.txt is encrypted to
-p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0
 
-False
+    #  Citrix ShareFile
 
-Only encrypts file names, skips directory names Example: 1/12/123.txt is
-encrypted to 1/12/qgm4avr35m5loi1th53ato71v0
+    [Citrix ShareFile](https://sharefile.com) is a secure file sharing and transfer service aimed as business.
 
-Modified time and hashes
+    ## Configuration
 
-Crypt stores modification times using the underlying remote so support
-depends on that.
+    The initial setup for Citrix ShareFile involves getting a token from
+    Citrix ShareFile which you can in your browser.  `rclone config` walks you
+    through it.
 
-Hashes are not stored for crypt. However the data integrity is protected
-by an extremely strong crypto authenticator.
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Use the rclone cryptcheck command to check the integrity of a crypted
-remote instead of rclone check which can't check the checksums properly.
+         rclone config
 
-Standard options
+    This will guide you through an interactive setup process:
 
-Here are the Standard options specific to crypt (Encrypt/Decrypt a
-remote).
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value XX / Citrix
+Sharefile  "sharefile" Storage> sharefile ** See help for sharefile
+backend at: https://rclone.org/sharefile/ **
 
---crypt-remote
+ID of the root folder
 
-Remote to encrypt/decrypt.
+Leave blank to access "Personal Folders". You can use one of the
+standard values here or any folder ID (long hex number ID). Enter a
+string value. Press Enter for the default (""). Choose a number from
+below, or type in your own value 1 / Access the Personal Folders.
+(Default)  "" 2 / Access the Favorites folder.  "favorites" 3 / Access
+all the shared folders.  "allshared" 4 / Access all the individual
+connectors.  "connectors" 5 / Access the home, favorites, and shared
+folders as well as the connectors.  "top" root_folder_id> Edit advanced
+config? (y/n) y) Yes n) No y/n> n Remote config Use web browser to
+automatically authenticate rclone with remote? * Say Y if the machine
+running rclone has a web browser you can use * Say N if running rclone
+on a (remote) machine without web browser access If not sure try Y. If Y
+failed, try N. y) Yes n) No y/n> y If your browser doesn't open
+automatically go to the following link:
+http://127.0.0.1:53682/auth?state=XXX Log in and authorize rclone for
+access Waiting for code... Got code -------------------- [remote] type =
+sharefile endpoint = https://XXX.sharefile.com token =
+{"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2019-09-30T19:41:45.878561877+01:00"}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
-Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
-"myremote:bucket" or maybe "myremote:" (not recommended).
 
-Properties:
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
--   Config: remote
--   Env Var: RCLONE_CRYPT_REMOTE
--   Type: string
--   Required: true
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from Citrix ShareFile. This only runs from the moment it opens
+    your browser to the moment you get back the verification code.  This
+    is on `http://127.0.0.1:53682/` and this it may require you to unblock
+    it temporarily if you are running a host firewall.
 
---crypt-filename-encryption
+    Once configured you can then use `rclone` like this,
 
-How to encrypt the filenames.
+    List directories in top level of your ShareFile
 
-Properties:
+        rclone lsd remote:
 
--   Config: filename_encryption
--   Env Var: RCLONE_CRYPT_FILENAME_ENCRYPTION
--   Type: string
--   Default: "standard"
--   Examples:
-    -   "standard"
-        -   Encrypt the filenames.
-        -   See the docs for the details.
-    -   "obfuscate"
-        -   Very simple filename obfuscation.
-    -   "off"
-        -   Don't encrypt the file names.
-        -   Adds a ".bin" extension only.
+    List all the files in your ShareFile
 
---crypt-directory-name-encryption
+        rclone ls remote:
 
-Option to either encrypt directory names or leave them intact.
+    To copy a local directory to an ShareFile directory called backup
 
-NB If filename_encryption is "off" then this option will do nothing.
+        rclone copy /home/source remote:backup
 
-Properties:
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
--   Config: directory_name_encryption
--   Env Var: RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
--   Type: bool
--   Default: true
--   Examples:
-    -   "true"
-        -   Encrypt directory names.
-    -   "false"
-        -   Don't encrypt directory names, leave them intact.
+    ### Modification times and hashes
 
---crypt-password
+    ShareFile allows modification times to be set on objects accurate to 1
+    second.  These will be used to detect whether objects need syncing or
+    not.
 
-Password or pass phrase for encryption.
+    ShareFile supports MD5 type hashes, so you can use the `--checksum`
+    flag.
 
-NB Input to this must be obscured - see rclone obscure.
+    ### Transfers
 
-Properties:
+    For files above 128 MiB rclone will use a chunked transfer.  Rclone will
+    upload up to `--transfers` chunks at the same time (shared among all
+    the multipart uploads).  Chunks are buffered in memory and are
+    normally 64 MiB so increasing `--transfers` will increase memory use.
 
--   Config: password
--   Env Var: RCLONE_CRYPT_PASSWORD
--   Type: string
--   Required: true
+    ### Restricted filename characters
 
---crypt-password2
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-Password or pass phrase for salt.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | \\        | 0x5C  | ＼           |
+    | *         | 0x2A  | ＊           |
+    | <         | 0x3C  | ＜           |
+    | >         | 0x3E  | ＞           |
+    | ?         | 0x3F  | ？           |
+    | :         | 0x3A  | ：           |
+    | \|        | 0x7C  | ｜           |
+    | "         | 0x22  | ＂           |
 
-Optional but recommended. Should be different to the previous password.
+    File names can also not start or end with the following characters.
+    These only get replaced if they are the first or last character in the
+    name:
 
-NB Input to this must be obscured - see rclone obscure.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | SP        | 0x20  | ␠           |
+    | .         | 0x2E  | ．           |
 
-Properties:
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
--   Config: password2
--   Env Var: RCLONE_CRYPT_PASSWORD2
--   Type: string
--   Required: false
 
-Advanced options
+    ### Standard options
 
-Here are the Advanced options specific to crypt (Encrypt/Decrypt a
-remote).
+    Here are the Standard options specific to sharefile (Citrix Sharefile).
 
---crypt-server-side-across-configs
+    #### --sharefile-client-id
 
-Allow server-side operations (e.g. copy) to work across different crypt
-configs.
+    OAuth Client Id.
 
-Normally this option is not what you want, but if you have two crypts
-pointing to the same backend you can use it.
+    Leave blank normally.
 
-This can be used, for example, to change file name encryption type
-without re-uploading all the data. Just make two crypt backends pointing
-to two different directories with the single changed parameter and use
-rclone move to move the files between the crypt remotes.
+    Properties:
 
-Properties:
+    - Config:      client_id
+    - Env Var:     RCLONE_SHAREFILE_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
--   Config: server_side_across_configs
--   Env Var: RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
--   Type: bool
--   Default: false
+    #### --sharefile-client-secret
 
---crypt-show-mapping
+    OAuth Client Secret.
 
-For all files listed show how the names encrypt.
+    Leave blank normally.
 
-If this flag is set then for each file that the remote is asked to list,
-it will log (at level INFO) a line stating the decrypted file name and
-the encrypted file name.
+    Properties:
 
-This is so you can work out which encrypted names are which decrypted
-names just in case you need to do something with the encrypted file
-names, or for debugging purposes.
+    - Config:      client_secret
+    - Env Var:     RCLONE_SHAREFILE_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --sharefile-root-folder-id
 
--   Config: show_mapping
--   Env Var: RCLONE_CRYPT_SHOW_MAPPING
--   Type: bool
--   Default: false
+    ID of the root folder.
 
---crypt-no-data-encryption
+    Leave blank to access "Personal Folders".  You can use one of the
+    standard values here or any folder ID (long hex number ID).
 
-Option to either encrypt file data or leave it unencrypted.
+    Properties:
 
-Properties:
+    - Config:      root_folder_id
+    - Env Var:     RCLONE_SHAREFILE_ROOT_FOLDER_ID
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - Access the Personal Folders (default).
+        - "favorites"
+            - Access the Favorites folder.
+        - "allshared"
+            - Access all the shared folders.
+        - "connectors"
+            - Access all the individual connectors.
+        - "top"
+            - Access the home, favorites, and shared folders as well as the connectors.
 
--   Config: no_data_encryption
--   Env Var: RCLONE_CRYPT_NO_DATA_ENCRYPTION
--   Type: bool
--   Default: false
--   Examples:
-    -   "true"
-        -   Don't encrypt file data, leave it unencrypted.
-    -   "false"
-        -   Encrypt file data.
+    ### Advanced options
 
---crypt-filename-encoding
+    Here are the Advanced options specific to sharefile (Citrix Sharefile).
 
-How to encode the encrypted filename to text string.
+    #### --sharefile-token
 
-This option could help with shortening the encrypted filename. The
-suitable option would depend on the way your remote count the filename
-length and if it's case sensitive.
+    OAuth Access Token as a JSON blob.
 
-Properties:
+    Properties:
 
--   Config: filename_encoding
--   Env Var: RCLONE_CRYPT_FILENAME_ENCODING
--   Type: string
--   Default: "base32"
--   Examples:
-    -   "base32"
-        -   Encode using base32. Suitable for all remote.
-    -   "base64"
-        -   Encode using base64. Suitable for case sensitive remote.
-    -   "base32768"
-        -   Encode using base32768. Suitable if your remote counts
-            UTF-16 or
-        -   Unicode codepoint instead of UTF-8 byte length. (Eg.
-            Onedrive)
+    - Config:      token
+    - Env Var:     RCLONE_SHAREFILE_TOKEN
+    - Type:        string
+    - Required:    false
 
-Metadata
+    #### --sharefile-auth-url
 
-Any metadata supported by the underlying remote is read and written.
+    Auth server URL.
 
-See the metadata docs for more info.
+    Leave blank to use the provider defaults.
 
-Backend commands
+    Properties:
 
-Here are the commands specific to the crypt backend.
+    - Config:      auth_url
+    - Env Var:     RCLONE_SHAREFILE_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-Run them with
+    #### --sharefile-token-url
 
-    rclone backend COMMAND remote:
+    Token server url.
 
-The help below will explain what arguments each command takes.
+    Leave blank to use the provider defaults.
 
-See the backend command for more info on how to pass options and
-arguments.
+    Properties:
 
-These can be run on a running backend using the rc command
-backend/command.
+    - Config:      token_url
+    - Env Var:     RCLONE_SHAREFILE_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-encode
+    #### --sharefile-upload-cutoff
 
-Encode the given filename(s)
+    Cutoff for switching to multipart upload.
 
-    rclone backend encode remote: [options] [<arguments>+]
+    Properties:
 
-This encodes the filenames given as arguments returning a list of
-strings of the encoded results.
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_SHAREFILE_UPLOAD_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     128Mi
 
-Usage Example:
+    #### --sharefile-chunk-size
 
-    rclone backend encode crypt: file1 [file2...]
-    rclone rc backend/command command=encode fs=crypt: file1 [file2...]
+    Upload chunk size.
 
-decode
+    Must a power of 2 >= 256k.
 
-Decode the given filename(s)
+    Making this larger will improve performance, but note that each chunk
+    is buffered in memory one per transfer.
 
-    rclone backend decode remote: [options] [<arguments>+]
+    Reducing this will reduce memory usage but decrease performance.
 
-This decodes the filenames given as arguments returning a list of
-strings of the decoded results. It will return an error if any of the
-inputs are invalid.
+    Properties:
 
-Usage Example:
+    - Config:      chunk_size
+    - Env Var:     RCLONE_SHAREFILE_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     64Mi
 
-    rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
-    rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
+    #### --sharefile-endpoint
 
-Backing up a crypted remote
+    Endpoint for API calls.
 
-If you wish to backup a crypted remote, it is recommended that you use
-rclone sync on the encrypted files, and make sure the passwords are the
-same in the new encrypted remote.
+    This is usually auto discovered as part of the oauth process, but can
+    be set manually to something like: https://XXX.sharefile.com
 
-This will have the following advantages
 
--   rclone sync will check the checksums while copying
--   you can use rclone check between the encrypted remotes
--   you don't decrypt and encrypt unnecessarily
+    Properties:
 
-For example, let's say you have your original remote at remote: with the
-encrypted version at eremote: with path remote:crypt. You would then set
-up the new remote remote2: and then the encrypted version eremote2: with
-path remote2:crypt using the same passwords as eremote:.
+    - Config:      endpoint
+    - Env Var:     RCLONE_SHAREFILE_ENDPOINT
+    - Type:        string
+    - Required:    false
 
-To sync the two remotes you would do
+    #### --sharefile-encoding
 
-    rclone sync --interactive remote:crypt remote2:crypt
+    The encoding for the backend.
 
-And to check the integrity you would do
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-    rclone check remote:crypt remote2:crypt
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_SHAREFILE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+
+    ## Limitations
+
+    Note that ShareFile is case insensitive so you can't have a file called
+    "Hello.doc" and one called "hello.doc".
+
+    ShareFile only supports filenames up to 256 characters in length.
+
+    `rclone about` is not supported by the Citrix ShareFile backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
+
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+    #  Crypt
+
+    Rclone `crypt` remotes encrypt and decrypt other remotes.
+
+    A remote of type `crypt` does not access a [storage system](https://rclone.org/overview/)
+    directly, but instead wraps another remote, which in turn accesses
+    the storage system. This is similar to how [alias](https://rclone.org/alias/),
+    [union](https://rclone.org/union/), [chunker](https://rclone.org/chunker/)
+    and a few others work. It makes the usage very flexible, as you can
+    add a layer, in this case an encryption layer, on top of any other
+    backend, even in multiple layers. Rclone's functionality
+    can be used as with any other remote, for example you can
+    [mount](https://rclone.org/commands/rclone_mount/) a crypt remote.
+
+    Accessing a storage system through a crypt remote realizes client-side
+    encryption, which makes it safe to keep your data in a location you do
+    not trust will not get compromised.
+    When working against the `crypt` remote, rclone will automatically
+    encrypt (before uploading) and decrypt (after downloading) on your local
+    system as needed on the fly, leaving the data encrypted at rest in the
+    wrapped remote. If you access the storage system using an application
+    other than rclone, or access the wrapped remote directly using rclone,
+    there will not be any encryption/decryption: Downloading existing content
+    will just give you the encrypted (scrambled) format, and anything you
+    upload will *not* become encrypted.
+
+    The encryption is a secret-key encryption (also called symmetric key encryption)
+    algorithm, where a password (or pass phrase) is used to generate real encryption key.
+    The password can be supplied by user, or you may chose to let rclone
+    generate one. It will be stored in the configuration file, in a lightly obscured form.
+    If you are in an environment where you are not able to keep your configuration
+    secured, you should add
+    [configuration encryption](https://rclone.org/docs/#configuration-encryption)
+    as protection. As long as you have this configuration file, you will be able to
+    decrypt your data. Without the configuration file, as long as you remember
+    the password (or keep it in a safe place), you can re-create the configuration
+    and gain access to the existing data. You may also configure a corresponding
+    remote in a different installation to access the same data.
+    See below for guidance to [changing password](#changing-password).
+
+    Encryption uses [cryptographic salt](https://en.wikipedia.org/wiki/Salt_(cryptography)),
+    to permute the encryption key so that the same string may be encrypted in
+    different ways. When configuring the crypt remote it is optional to enter a salt,
+    or to let rclone generate a unique salt. If omitted, rclone uses a built-in unique string.
+    Normally in cryptography, the salt is stored together with the encrypted content,
+    and do not have to be memorized by the user. This is not the case in rclone,
+    because rclone does not store any additional information on the remotes. Use of
+    custom salt is effectively a second password that must be memorized.
+
+    [File content](#file-encryption) encryption is performed using
+    [NaCl SecretBox](https://godoc.org/golang.org/x/crypto/nacl/secretbox),
+    based on XSalsa20 cipher and Poly1305 for integrity.
+    [Names](#name-encryption) (file- and directory names) are also encrypted
+    by default, but this has some implications and is therefore
+    possible to be turned off.
+
+    ## Configuration
+
+    Here is an example of how to make a remote called `secret`.
+
+    To use `crypt`, first set up the underlying remote. Follow the
+    `rclone config` instructions for the specific backend.
+
+    Before configuring the crypt remote, check the underlying remote is
+    working. In this example the underlying remote is called `remote`.
+    We will configure a path `path` within this remote to contain the
+    encrypted content. Anything inside `remote:path` will be encrypted
+    and anything outside will not.
+
+    Configure `crypt` using `rclone config`. In this example the `crypt`
+    remote is called `secret`, to differentiate it from the underlying
+    `remote`.
+
+    When you are done you can use the crypt remote named `secret` just
+    as you would with any other remote, e.g. `rclone copy D:\docs secret:\docs`,
+    and rclone will encrypt and decrypt as needed on the fly.
+    If you access the wrapped remote `remote:path` directly you will bypass
+    the encryption, and anything you read will be in encrypted form, and
+    anything you write will be unencrypted. To avoid issues it is best to
+    configure a dedicated path for encrypted content, and access it
+    exclusively through a crypt remote.
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> secret Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX /
+Encrypt/Decrypt a remote  "crypt" [snip] Storage> crypt ** See help for
+crypt backend at: https://rclone.org/crypt/ **
+
+Remote to encrypt/decrypt. Normally should contain a ':' and a path, eg
+"myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not
+recommended). Enter a string value. Press Enter for the default ("").
+remote> remote:path How to encrypt the filenames. Enter a string value.
+Press Enter for the default ("standard"). Choose a number from below, or
+type in your own value. / Encrypt the filenames. 1 | See the docs for
+the details.  "standard" 2 / Very simple filename obfuscation.
+ "obfuscate" / Don't encrypt the file names. 3 | Adds a ".bin" extension
+only.  "off" filename_encryption> Option to either encrypt directory
+names or leave them intact.
 
-File formats
+NB If filename_encryption is "off" then this option will do nothing.
+Enter a boolean value (true or false). Press Enter for the default
+("true"). Choose a number from below, or type in your own value 1 /
+Encrypt directory names.  "true" 2 / Don't encrypt directory names,
+leave them intact.  "false" directory_name_encryption> Password or pass
+phrase for encryption. y) Yes type in my own password g) Generate random
+password y/g> y Enter the password: password: Confirm the password:
+password: Password or pass phrase for salt. Optional but recommended.
+Should be different to the previous password. y) Yes type in my own
+password g) Generate random password n) No leave this optional password
+blank (default) y/g/n> g Password strength in bits. 64 is just about
+memorable 128 is secure 1024 is the maximum Bits> 128 Your password is:
+JAsJvRcgR-_veXNfy_sGmQ Use this password? Please note that an obscured
+version of this password (and not the password itself) will be stored
+under your configuration file, so keep this generated password in a safe
+place. y) Yes (default) n) No y/n> Edit advanced config? (y/n) y) Yes n)
+No (default) y/n> Remote config -------------------- [secret] type =
+crypt remote = remote:path password = *** ENCRYPTED password2 =
+ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit
+this remote d) Delete this remote y/e/d>
+
+
+    **Important** The crypt password stored in `rclone.conf` is lightly
+    obscured. That only protects it from cursory inspection. It is not
+    secure unless [configuration encryption](https://rclone.org/docs/#configuration-encryption) of `rclone.conf` is specified.
+
+    A long passphrase is recommended, or `rclone config` can generate a
+    random one.
+
+    The obscured password is created using AES-CTR with a static key. The
+    salt is stored verbatim at the beginning of the obscured password. This
+    static key is shared between all versions of rclone.
+
+    If you reconfigure rclone with the same passwords/passphrases
+    elsewhere it will be compatible, but the obscured version will be different
+    due to the different salt.
+
+    Rclone does not encrypt
+
+      * file length - this can be calculated within 16 bytes
+      * modification time - used for syncing
+
+    ### Specifying the remote
+
+    When configuring the remote to encrypt/decrypt, you may specify any
+    string that rclone accepts as a source/destination of other commands.
+
+    The primary use case is to specify the path into an already configured
+    remote (e.g. `remote:path/to/dir` or `remote:bucket`), such that
+    data in a remote untrusted location can be stored encrypted.
+
+    You may also specify a local filesystem path, such as
+    `/path/to/dir` on Linux, `C:\path\to\dir` on Windows. By creating
+    a crypt remote pointing to such a local filesystem path, you can
+    use rclone as a utility for pure local file encryption, for example
+    to keep encrypted files on a removable USB drive.
+
+    **Note**: A string which do not contain a `:` will by rclone be treated
+    as a relative path in the local filesystem. For example, if you enter
+    the name `remote` without the trailing `:`, it will be treated as
+    a subdirectory of the current directory with name "remote".
+
+    If a path `remote:path/to/dir` is specified, rclone stores encrypted
+    files in `path/to/dir` on the remote. With file name encryption, files
+    saved to `secret:subdir/subfile` are stored in the unencrypted path
+    `path/to/dir` but the `subdir/subpath` element is encrypted.
+
+    The path you specify does not have to exist, rclone will create
+    it when needed.
+
+    If you intend to use the wrapped remote both directly for keeping
+    unencrypted content, as well as through a crypt remote for encrypted
+    content, it is recommended to point the crypt remote to a separate
+    directory within the wrapped remote. If you use a bucket-based storage
+    system (e.g. Swift, S3, Google Compute Storage, B2) it is generally
+    advisable to wrap the crypt remote around a specific bucket (`s3:bucket`).
+    If wrapping around the entire root of the storage (`s3:`), and use the
+    optional file name encryption, rclone will encrypt the bucket name.
+
+    ### Changing password
+
+    Should the password, or the configuration file containing a lightly obscured
+    form of the password, be compromised, you need to re-encrypt your data with
+    a new password. Since rclone uses secret-key encryption, where the encryption
+    key is generated directly from the password kept on the client, it is not
+    possible to change the password/key of already encrypted content. Just changing
+    the password configured for an existing crypt remote means you will no longer
+    able to decrypt any of the previously encrypted content. The only possibility
+    is to re-upload everything via a crypt remote configured with your new password.
+
+    Depending on the size of your data, your bandwidth, storage quota etc, there are
+    different approaches you can take:
+    - If you have everything in a different location, for example on your local system,
+    you could remove all of the prior encrypted files, change the password for your
+    configured crypt remote (or delete and re-create the crypt configuration),
+    and then re-upload everything from the alternative location.
+    - If you have enough space on the storage system you can create a new crypt
+    remote pointing to a separate directory on the same backend, and then use
+    rclone to copy everything from the original crypt remote to the new,
+    effectively decrypting everything on the fly using the old password and
+    re-encrypting using the new password. When done, delete the original crypt
+    remote directory and finally the rclone crypt configuration with the old password.
+    All data will be streamed from the storage system and back, so you will
+    get half the bandwidth and be charged twice if you have upload and download quota
+    on the storage system.
+
+    **Note**: A security problem related to the random password generator
+    was fixed in rclone version 1.53.3 (released 2020-11-19). Passwords generated
+    by rclone config in version 1.49.0 (released 2019-08-26) to 1.53.2
+    (released 2020-10-26) are not considered secure and should be changed.
+    If you made up your own password, or used rclone version older than 1.49.0 or
+    newer than 1.53.2 to generate it, you are *not* affected by this issue.
+    See [issue #4783](https://github.com/rclone/rclone/issues/4783) for more
+    details, and a tool you can use to check if you are affected.
 
-File encryption
+    ### Example
 
-Files are encrypted 1:1 source file to destination object. The file has
-a header and is divided into chunks.
+    Create the following file structure using "standard" file name
+    encryption.
 
-Header
+plaintext/ ├── file0.txt ├── file1.txt └── subdir ├── file2.txt ├──
+file3.txt └── subsubdir └── file4.txt
 
--   8 bytes magic string RCLONE\x00\x00
--   24 bytes Nonce (IV)
 
-The initial nonce is generated from the operating systems crypto strong
-random number generator. The nonce is incremented for each chunk read
-making sure each nonce is unique for each block written. The chance of a
-nonce being re-used is minuscule. If you wrote an exabyte of data (10¹⁸
-bytes) you would have a probability of approximately 2×10⁻³² of re-using
-a nonce.
+    Copy these to the remote, and list them
 
-Chunk
+$ rclone -q copy plaintext secret: $ rclone -q ls secret: 7 file1.txt 6
+file0.txt 8 subdir/file2.txt 10 subdir/subsubdir/file4.txt 9
+subdir/file3.txt
 
-Each chunk will contain 64 KiB of data, except for the last one which
-may have less data. The data chunk is in standard NaCl SecretBox format.
-SecretBox uses XSalsa20 and Poly1305 to encrypt and authenticate
-messages.
 
-Each chunk contains:
+    The crypt remote looks like
 
--   16 Bytes of Poly1305 authenticator
--   1 - 65536 bytes XSalsa20 encrypted data
+$ rclone -q ls remote:path 55 hagjclgavj2mbiqm6u6cnjjqcg 54
+v05749mltvv1tf4onltun46gls 57
+86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo 58
+86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
+56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps
 
-64k chunk size was chosen as the best performing chunk size (the
-authenticator takes too much time below this and the performance drops
-off due to cache effects above this). Note that these chunks are
-buffered in memory so they can't be too big.
 
-This uses a 32 byte (256 bit key) key derived from the user password.
+    The directory structure is preserved
 
-Examples
+$ rclone -q ls secret:subdir 8 file2.txt 9 file3.txt 10
+subsubdir/file4.txt
 
-1 byte file will encrypt to
 
--   32 bytes header
--   17 bytes data chunk
+    Without file name encryption `.bin` extensions are added to underlying
+    names. This prevents the cloud provider attempting to interpret file
+    content.
 
-49 bytes total
+$ rclone -q ls remote:path 54 file0.txt.bin 57 subdir/file3.txt.bin 56
+subdir/file2.txt.bin 58 subdir/subsubdir/file4.txt.bin 55 file1.txt.bin
 
-1 MiB (1048576 bytes) file will encrypt to
 
--   32 bytes header
--   16 chunks of 65568 bytes
+    ### File name encryption modes
 
-1049120 bytes total (a 0.05% overhead). This is the overhead for big
-files.
+    Off
 
-Name encryption
+      * doesn't hide file names or directory structure
+      * allows for longer file names (~246 characters)
+      * can use sub paths and copy single files
 
-File names are encrypted segment by segment - the path is broken up into
-/ separated strings and these are encrypted individually.
+    Standard
 
-File segments are padded using PKCS#7 to a multiple of 16 bytes before
-encryption.
+      * file names encrypted
+      * file names can't be as long (~143 characters)
+      * can use sub paths and copy single files
+      * directory structure visible
+      * identical files names will have identical uploaded names
+      * can use shortcuts to shorten the directory recursion
 
-They are then encrypted with EME using AES with 256 bit key. EME
-(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
-paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway.
+    Obfuscation
 
-This makes for deterministic encryption which is what we want - the same
-filename must encrypt to the same thing otherwise we can't find it on
-the cloud storage system.
+    This is a simple "rotate" of the filename, with each file having a rot
+    distance based on the filename. Rclone stores the distance at the
+    beginning of the filename. A file called "hello" may become "53.jgnnq".
 
-This means that
+    Obfuscation is not a strong encryption of filenames, but hinders
+    automated scanning tools picking up on filename patterns. It is an
+    intermediate between "off" and "standard" which allows for longer path
+    segment names.
 
--   filenames with the same name will encrypt the same
--   filenames which start the same won't have a common prefix
+    There is a possibility with some unicode based filenames that the
+    obfuscation is weak and may map lower case characters to upper case
+    equivalents.
 
-This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of
-which are derived from the user password.
+    Obfuscation cannot be relied upon for strong protection.
 
-After encryption they are written out using a modified version of
-standard base32 encoding as described in RFC4648. The standard encoding
-is modified in two ways:
+      * file names very lightly obfuscated
+      * file names can be longer than standard encryption
+      * can use sub paths and copy single files
+      * directory structure visible
+      * identical files names will have identical uploaded names
 
--   it becomes lower case (no-one likes upper case filenames!)
--   we strip the padding character =
+    Cloud storage systems have limits on file name length and
+    total path length which rclone is more likely to breach using
+    "Standard" file name encryption.  Where file names are less than 156
+    characters in length issues should not be encountered, irrespective of
+    cloud storage provider.
 
-base32 is used rather than the more efficient base64 so rclone can be
-used on case insensitive remotes (e.g. Windows, Amazon Drive).
+    An experimental advanced option `filename_encoding` is now provided to
+    address this problem to a certain degree.
+    For cloud storage systems with case sensitive file names (e.g. Google Drive),
+    `base64` can be used to reduce file name length. 
+    For cloud storage systems using UTF-16 to store file names internally
+    (e.g. OneDrive, Dropbox, Box), `base32768` can be used to drastically reduce
+    file name length. 
 
-Key derivation
+    An alternative, future rclone file name encryption mode may tolerate
+    backend provider path length limits.
 
-Rclone uses scrypt with parameters N=16384, r=8, p=1 with an optional
-user supplied salt (password2) to derive the 32+32+16 = 80 bytes of key
-material required. If the user doesn't supply a salt then rclone uses an
-internal one.
+    ### Directory name encryption
 
-scrypt makes it impractical to mount a dictionary attack on rclone
-encrypted data. For full protection against this you should always use a
-salt.
+    Crypt offers the option of encrypting dir names or leaving them intact.
+    There are two options:
 
-SEE ALSO
+    True
 
--   rclone cryptdecode - Show forward/reverse mapping of encrypted
-    filenames
+    Encrypts the whole file path including directory names
+    Example:
+    `1/12/123.txt` is encrypted to
+    `p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0`
 
-Compress
+    False
 
-Warning
+    Only encrypts file names, skips directory names
+    Example:
+    `1/12/123.txt` is encrypted to
+    `1/12/qgm4avr35m5loi1th53ato71v0`
 
-This remote is currently experimental. Things may break and data may be
-lost. Anything you do with this remote is at your own risk. Please
-understand the risks associated with using experimental code and don't
-use this remote in critical applications.
 
-The Compress remote adds compression to another remote. It is best used
-with remotes containing many large compressible files.
+    ### Modification times and hashes
 
-Configuration
+    Crypt stores modification times using the underlying remote so support
+    depends on that.
 
-To use this remote, all you need to do is specify another remote and a
-compression mode to use:
+    Hashes are not stored for crypt. However the data integrity is
+    protected by an extremely strong crypto authenticator.
 
-    Current remotes:
+    Use the `rclone cryptcheck` command to check the
+    integrity of an encrypted remote instead of `rclone check` which can't
+    check the checksums properly.
 
-    Name                 Type
-    ====                 ====
-    remote_to_press      sometype
 
-    e) Edit existing remote
-    $ rclone config
-    n) New remote
-    d) Delete remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    e/n/d/r/c/s/q> n
-    name> compress
-    ...
-     8 / Compress a remote
-       \ "compress"
-    ...
-    Storage> compress
-    ** See help for compress backend at: https://rclone.org/compress/ **
+    ### Standard options
 
-    Remote to compress.
-    Enter a string value. Press Enter for the default ("").
-    remote> remote_to_press:subdir 
-    Compression mode.
-    Enter a string value. Press Enter for the default ("gzip").
-    Choose a number from below, or type in your own value
-     1 / Gzip compression balanced for speed and compression strength.
-       \ "gzip"
-    compression_mode> gzip
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No (default)
-    y/n> n
-    Remote config
-    --------------------
-    [compress]
-    type = compress
-    remote = remote_to_press:subdir
-    compression_mode = gzip
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Here are the Standard options specific to crypt (Encrypt/Decrypt a remote).
 
-Compression Modes
+    #### --crypt-remote
 
-Currently only gzip compression is supported. It provides a decent
-balance between speed and size and is well supported by other
-applications. Compression strength can further be configured via an
-advanced setting where 0 is no compression and 9 is strongest
-compression.
+    Remote to encrypt/decrypt.
 
-File types
+    Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
+    "myremote:bucket" or maybe "myremote:" (not recommended).
 
-If you open a remote wrapped by compress, you will see that there are
-many files with an extension corresponding to the compression algorithm
-you chose. These files are standard files that can be opened by various
-archive programs, but they have some hidden metadata that allows them to
-be used by rclone. While you may download and decompress these files at
-will, do not manually delete or rename files. Files without correct
-metadata files will not be recognized by rclone.
+    Properties:
 
-File names
+    - Config:      remote
+    - Env Var:     RCLONE_CRYPT_REMOTE
+    - Type:        string
+    - Required:    true
 
-The compressed files will be named *.###########.gz where * is the base
-file and the # part is base64 encoded size of the uncompressed file. The
-file names should not be changed by anything other than the rclone
-compression backend.
+    #### --crypt-filename-encryption
 
-Standard options
+    How to encrypt the filenames.
 
-Here are the Standard options specific to compress (Compress a remote).
+    Properties:
 
---compress-remote
+    - Config:      filename_encryption
+    - Env Var:     RCLONE_CRYPT_FILENAME_ENCRYPTION
+    - Type:        string
+    - Default:     "standard"
+    - Examples:
+        - "standard"
+            - Encrypt the filenames.
+            - See the docs for the details.
+        - "obfuscate"
+            - Very simple filename obfuscation.
+        - "off"
+            - Don't encrypt the file names.
+            - Adds a ".bin", or "suffix" extension only.
 
-Remote to compress.
+    #### --crypt-directory-name-encryption
 
-Properties:
+    Option to either encrypt directory names or leave them intact.
 
--   Config: remote
--   Env Var: RCLONE_COMPRESS_REMOTE
--   Type: string
--   Required: true
+    NB If filename_encryption is "off" then this option will do nothing.
 
---compress-mode
+    Properties:
 
-Compression mode.
+    - Config:      directory_name_encryption
+    - Env Var:     RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
+    - Type:        bool
+    - Default:     true
+    - Examples:
+        - "true"
+            - Encrypt directory names.
+        - "false"
+            - Don't encrypt directory names, leave them intact.
 
-Properties:
+    #### --crypt-password
 
--   Config: mode
--   Env Var: RCLONE_COMPRESS_MODE
--   Type: string
--   Default: "gzip"
--   Examples:
-    -   "gzip"
-        -   Standard gzip compression with fastest parameters.
+    Password or pass phrase for encryption.
 
-Advanced options
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-Here are the Advanced options specific to compress (Compress a remote).
+    Properties:
 
---compress-level
+    - Config:      password
+    - Env Var:     RCLONE_CRYPT_PASSWORD
+    - Type:        string
+    - Required:    true
 
-GZIP compression level (-2 to 9).
+    #### --crypt-password2
 
-Generally -1 (default, equivalent to 5) is recommended. Levels 1 to 9
-increase compression at the cost of speed. Going past 6 generally offers
-very little return.
+    Password or pass phrase for salt.
 
-Level -2 uses Huffman encoding only. Only use if you know what you are
-doing. Level 0 turns off compression.
+    Optional but recommended.
+    Should be different to the previous password.
 
-Properties:
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
--   Config: level
--   Env Var: RCLONE_COMPRESS_LEVEL
--   Type: int
--   Default: -1
+    Properties:
 
---compress-ram-cache-limit
+    - Config:      password2
+    - Env Var:     RCLONE_CRYPT_PASSWORD2
+    - Type:        string
+    - Required:    false
 
-Some remotes don't allow the upload of files with unknown size. In this
-case the compressed file will need to be cached to determine it's size.
+    ### Advanced options
 
-Files smaller than this limit will be cached in RAM, files larger than
-this limit will be cached on disk.
+    Here are the Advanced options specific to crypt (Encrypt/Decrypt a remote).
 
-Properties:
+    #### --crypt-server-side-across-configs
 
--   Config: ram_cache_limit
--   Env Var: RCLONE_COMPRESS_RAM_CACHE_LIMIT
--   Type: SizeSuffix
--   Default: 20Mi
+    Deprecated: use --server-side-across-configs instead.
 
-Metadata
+    Allow server-side operations (e.g. copy) to work across different crypt configs.
 
-Any metadata supported by the underlying remote is read and written.
+    Normally this option is not what you want, but if you have two crypts
+    pointing to the same backend you can use it.
 
-See the metadata docs for more info.
+    This can be used, for example, to change file name encryption type
+    without re-uploading all the data. Just make two crypt backends
+    pointing to two different directories with the single changed
+    parameter and use rclone move to move the files between the crypt
+    remotes.
 
-Combine
+    Properties:
 
-The combine backend joins remotes together into a single directory tree.
+    - Config:      server_side_across_configs
+    - Env Var:     RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
+    - Type:        bool
+    - Default:     false
 
-For example you might have a remote for images on one provider:
+    #### --crypt-show-mapping
 
-    $ rclone tree s3:imagesbucket
-    /
-    ├── image1.jpg
-    └── image2.jpg
+    For all files listed show how the names encrypt.
 
-And a remote for files on another:
+    If this flag is set then for each file that the remote is asked to
+    list, it will log (at level INFO) a line stating the decrypted file
+    name and the encrypted file name.
 
-    $ rclone tree drive:important/files
-    /
-    ├── file1.txt
-    └── file2.txt
+    This is so you can work out which encrypted names are which decrypted
+    names just in case you need to do something with the encrypted file
+    names, or for debugging purposes.
 
-The combine backend can join these together into a synthetic directory
-structure like this:
+    Properties:
 
-    $ rclone tree combined:
-    /
-    ├── files
-    │   ├── file1.txt
-    │   └── file2.txt
-    └── images
-        ├── image1.jpg
-        └── image2.jpg
+    - Config:      show_mapping
+    - Env Var:     RCLONE_CRYPT_SHOW_MAPPING
+    - Type:        bool
+    - Default:     false
 
-You'd do this by specifying an upstreams parameter in the config like
-this
+    #### --crypt-no-data-encryption
 
-    upstreams = images=s3:imagesbucket files=drive:important/files
+    Option to either encrypt file data or leave it unencrypted.
 
-During the initial setup with rclone config you will specify the
-upstreams remotes as a space separated list. The upstream remotes can
-either be a local paths or other remotes.
+    Properties:
 
-Configuration
+    - Config:      no_data_encryption
+    - Env Var:     RCLONE_CRYPT_NO_DATA_ENCRYPTION
+    - Type:        bool
+    - Default:     false
+    - Examples:
+        - "true"
+            - Don't encrypt file data, leave it unencrypted.
+        - "false"
+            - Encrypt file data.
 
-Here is an example of how to make a combine called remote for the
-example above. First run:
+    #### --crypt-pass-bad-blocks
 
-     rclone config
+    If set this will pass bad blocks through as all 0.
 
-This will guide you through an interactive setup process:
+    This should not be set in normal operation, it should only be set if
+    trying to recover an encrypted file with errors and it is desired to
+    recover as much of the file as possible.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Option Storage.
-    Type of storage to configure.
-    Choose a number from below, or type in your own value.
-    ...
-    XX / Combine several remotes into one
-       \ (combine)
-    ...
-    Storage> combine
-    Option upstreams.
-    Upstreams for combining
-    These should be in the form
-        dir=remote:path dir2=remote2:path
-    Where before the = is specified the root directory and after is the remote to
-    put there.
-    Embedded spaces can be added using quotes
-        "dir=remote:path with space" "dir2=remote2:path with space"
-    Enter a fs.SpaceSepList value.
-    upstreams> images=s3:imagesbucket files=drive:important/files
-    --------------------
-    [remote]
-    type = combine
-    upstreams = images=s3:imagesbucket files=drive:important/files
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Properties:
 
-Configuring for Google Drive Shared Drives
+    - Config:      pass_bad_blocks
+    - Env Var:     RCLONE_CRYPT_PASS_BAD_BLOCKS
+    - Type:        bool
+    - Default:     false
 
-Rclone has a convenience feature for making a combine backend for all
-the shared drives you have access to.
+    #### --crypt-filename-encoding
 
-Assuming your main (non shared drive) Google drive remote is called
-drive: you would run
+    How to encode the encrypted filename to text string.
 
-    rclone backend -o config drives drive:
+    This option could help with shortening the encrypted filename. The 
+    suitable option would depend on the way your remote count the filename
+    length and if it's case sensitive.
 
-This would produce something like this:
+    Properties:
 
-    [My Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+    - Config:      filename_encoding
+    - Env Var:     RCLONE_CRYPT_FILENAME_ENCODING
+    - Type:        string
+    - Default:     "base32"
+    - Examples:
+        - "base32"
+            - Encode using base32. Suitable for all remote.
+        - "base64"
+            - Encode using base64. Suitable for case sensitive remote.
+        - "base32768"
+            - Encode using base32768. Suitable if your remote counts UTF-16 or
+            - Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive, Dropbox)
 
-    [Test Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+    #### --crypt-suffix
 
-    [AllDrives]
-    type = combine
-    upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
+    If this is set it will override the default suffix of ".bin".
 
-If you then add that config to your config file (find it with
-rclone config file) then you can access all the shared drives in one
-place with the AllDrives: remote.
+    Setting suffix to "none" will result in an empty suffix. This may be useful 
+    when the path length is critical.
 
-See the Google Drive docs for full info.
+    Properties:
 
-Standard options
+    - Config:      suffix
+    - Env Var:     RCLONE_CRYPT_SUFFIX
+    - Type:        string
+    - Default:     ".bin"
 
-Here are the Standard options specific to combine (Combine several
-remotes into one).
+    ### Metadata
 
---combine-upstreams
+    Any metadata supported by the underlying remote is read and written.
 
-Upstreams for combining
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-These should be in the form
+    ## Backend commands
 
-    dir=remote:path dir2=remote2:path
+    Here are the commands specific to the crypt backend.
 
-Where before the = is specified the root directory and after is the
-remote to put there.
+    Run them with
 
-Embedded spaces can be added using quotes
+        rclone backend COMMAND remote:
 
-    "dir=remote:path with space" "dir2=remote2:path with space"
+    The help below will explain what arguments each command takes.
 
-Properties:
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
 
--   Config: upstreams
--   Env Var: RCLONE_COMBINE_UPSTREAMS
--   Type: SpaceSepList
--   Default:
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
 
-Metadata
+    ### encode
 
-Any metadata supported by the underlying remote is read and written.
+    Encode the given filename(s)
 
-See the metadata docs for more info.
+        rclone backend encode remote: [options] [<arguments>+]
 
-Dropbox
+    This encodes the filenames given as arguments returning a list of
+    strings of the encoded results.
 
-Paths are specified as remote:path
+    Usage Example:
 
-Dropbox paths may be as deep as required, e.g.
-remote:directory/subdirectory.
+        rclone backend encode crypt: file1 [file2...]
+        rclone rc backend/command command=encode fs=crypt: file1 [file2...]
 
-Configuration
 
-The initial setup for dropbox involves getting a token from Dropbox
-which you need to do in your browser. rclone config walks you through
-it.
+    ### decode
 
-Here is an example of how to make a remote called remote. First run:
+    Decode the given filename(s)
 
-     rclone config
+        rclone backend decode remote: [options] [<arguments>+]
 
-This will guide you through an interactive setup process:
+    This decodes the filenames given as arguments returning a list of
+    strings of the decoded results. It will return an error if any of the
+    inputs are invalid.
 
-    n) New remote
-    d) Delete remote
-    q) Quit config
-    e/n/d/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Dropbox
-       \ "dropbox"
-    [snip]
-    Storage> dropbox
-    Dropbox App Key - leave blank normally.
-    app_key>
-    Dropbox App Secret - leave blank normally.
-    app_secret>
-    Remote config
-    Please visit:
-    https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&response_type=code
-    Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX
-    --------------------
-    [remote]
-    app_key =
-    app_secret =
-    token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Usage Example:
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+        rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
+        rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Dropbox. This only runs from the moment it opens
-your browser to the moment you get back the verification code. This is
-on http://127.0.0.1:53682/ and it may require you to unblock it
-temporarily if you are running a host firewall, or use manual mode.
 
-You can then use it like this,
 
-List directories in top level of your dropbox
 
-    rclone lsd remote:
+    ## Backing up an encrypted remote
 
-List all the files in your dropbox
+    If you wish to backup an encrypted remote, it is recommended that you use
+    `rclone sync` on the encrypted files, and make sure the passwords are
+    the same in the new encrypted remote.
 
-    rclone ls remote:
+    This will have the following advantages
 
-To copy a local directory to a dropbox directory called backup
+      * `rclone sync` will check the checksums while copying
+      * you can use `rclone check` between the encrypted remotes
+      * you don't decrypt and encrypt unnecessarily
 
-    rclone copy /home/source remote:backup
+    For example, let's say you have your original remote at `remote:` with
+    the encrypted version at `eremote:` with path `remote:crypt`.  You
+    would then set up the new remote `remote2:` and then the encrypted
+    version `eremote2:` with path `remote2:crypt` using the same passwords
+    as `eremote:`.
 
-Dropbox for business
+    To sync the two remotes you would do
 
-Rclone supports Dropbox for business and Team Folders.
+        rclone sync --interactive remote:crypt remote2:crypt
 
-When using Dropbox for business remote: and remote:path/to/file will
-refer to your personal folder.
+    And to check the integrity you would do
 
-If you wish to see Team Folders you must use a leading / in the path, so
-rclone lsd remote:/ will refer to the root and show you all Team Folders
-and your User Folder.
+        rclone check remote:crypt remote2:crypt
 
-You can then use team folders like this remote:/TeamFolder and
-remote:/TeamFolder/path/to/file.
+    ## File formats
 
-A leading / for a Dropbox personal account will do nothing, but it will
-take an extra HTTP transaction so it should be avoided.
+    ### File encryption
 
-Modified time and Hashes
+    Files are encrypted 1:1 source file to destination object.  The file
+    has a header and is divided into chunks.
 
-Dropbox supports modified times, but the only way to set a modification
-time is to re-upload the file.
+    #### Header
 
-This means that if you uploaded your data with an older version of
-rclone which didn't support the v2 API and modified times, rclone will
-decide to upload all your old data to fix the modification times. If you
-don't want this to happen use --size-only or --checksum flag to stop it.
+      * 8 bytes magic string `RCLONE\x00\x00`
+      * 24 bytes Nonce (IV)
 
-Dropbox supports its own hash type which is checked for all transfers.
+    The initial nonce is generated from the operating systems crypto
+    strong random number generator.  The nonce is incremented for each
+    chunk read making sure each nonce is unique for each block written.
+    The chance of a nonce being reused is minuscule.  If you wrote an
+    exabyte of data (10¹⁸ bytes) you would have a probability of
+    approximately 2×10⁻³² of re-using a nonce.
 
-Restricted filename characters
+    #### Chunk
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  NUL          0x00         ␀
-  /            0x2F        ／
-  DEL          0x7F         ␡
-  \            0x5C        ＼
+    Each chunk will contain 64 KiB of data, except for the last one which
+    may have less data. The data chunk is in standard NaCl SecretBox
+    format. SecretBox uses XSalsa20 and Poly1305 to encrypt and
+    authenticate messages.
 
-File names can also not end with the following characters. These only
-get replaced if they are the last character in the name:
+    Each chunk contains:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  SP           0x20         ␠
+      * 16 Bytes of Poly1305 authenticator
+      * 1 - 65536 bytes XSalsa20 encrypted data
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    64k chunk size was chosen as the best performing chunk size (the
+    authenticator takes too much time below this and the performance drops
+    off due to cache effects above this).  Note that these chunks are
+    buffered in memory so they can't be too big.
 
-Batch mode uploads
+    This uses a 32 byte (256 bit key) key derived from the user password.
 
-Using batch mode uploads is very important for performance when using
-the Dropbox API. See the dropbox performance guide for more info.
+    #### Examples
 
-There are 3 modes rclone can use for uploads.
+    1 byte file will encrypt to
 
---dropbox-batch-mode off
+      * 32 bytes header
+      * 17 bytes data chunk
 
-In this mode rclone will not use upload batching. This was the default
-before rclone v1.55. It has the disadvantage that it is very likely to
-encounter too_many_requests errors like this
+    49 bytes total
 
-    NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
+    1 MiB (1048576 bytes) file will encrypt to
 
-When rclone receives these it has to wait for 15s or sometimes 300s
-before continuing which really slows down transfers.
+      * 32 bytes header
+      * 16 chunks of 65568 bytes
 
-This will happen especially if --transfers is large, so this mode isn't
-recommended except for compatibility or investigating problems.
+    1049120 bytes total (a 0.05% overhead). This is the overhead for big
+    files.
 
---dropbox-batch-mode sync
+    ### Name encryption
 
-In this mode rclone will batch up uploads to the size specified by
---dropbox-batch-size and commit them together.
+    File names are encrypted segment by segment - the path is broken up
+    into `/` separated strings and these are encrypted individually.
 
-Using this mode means you can use a much higher --transfers parameter
-(32 or 64 works fine) without receiving too_many_requests errors.
+    File segments are padded using PKCS#7 to a multiple of 16 bytes
+    before encryption.
 
-This mode ensures full data integrity.
+    They are then encrypted with EME using AES with 256 bit key. EME
+    (ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
+    paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway.
 
-Note that there may be a pause when quitting rclone while rclone
-finishes up the last batch using this mode.
+    This makes for deterministic encryption which is what we want - the
+    same filename must encrypt to the same thing otherwise we can't find
+    it on the cloud storage system.
 
---dropbox-batch-mode async
+    This means that
 
-In this mode rclone will batch up uploads to the size specified by
---dropbox-batch-size and commit them together.
+      * filenames with the same name will encrypt the same
+      * filenames which start the same won't have a common prefix
 
-However it will not wait for the status of the batch to be returned to
-the caller. This means rclone can use a much bigger batch size (much
-bigger than --transfers), at the cost of not being able to check the
-status of the upload.
+    This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of
+    which are derived from the user password.
 
-This provides the maximum possible upload speed especially with lots of
-small files, however rclone can't check the file got uploaded properly
-using this mode.
+    After encryption they are written out using a modified version of
+    standard `base32` encoding as described in RFC4648.  The standard
+    encoding is modified in two ways:
 
-If you are using this mode then using "rclone check" after the transfer
-completes is recommended. Or you could do an initial transfer with
---dropbox-batch-mode async then do a final transfer with
---dropbox-batch-mode sync (the default).
+      * it becomes lower case (no-one likes upper case filenames!)
+      * we strip the padding character `=`
 
-Note that there may be a pause when quitting rclone while rclone
-finishes up the last batch using this mode.
+    `base32` is used rather than the more efficient `base64` so rclone can be
+    used on case insensitive remotes (e.g. Windows, Amazon Drive).
 
-Standard options
+    ### Key derivation
 
-Here are the Standard options specific to dropbox (Dropbox).
+    Rclone uses `scrypt` with parameters `N=16384, r=8, p=1` with an
+    optional user supplied salt (password2) to derive the 32+32+16 = 80
+    bytes of key material required.  If the user doesn't supply a salt
+    then rclone uses an internal one.
 
---dropbox-client-id
+    `scrypt` makes it impractical to mount a dictionary attack on rclone
+    encrypted data.  For full protection against this you should always use
+    a salt.
 
-OAuth Client Id.
+    ## SEE ALSO
 
-Leave blank normally.
+    * [rclone cryptdecode](https://rclone.org/commands/rclone_cryptdecode/)    - Show forward/reverse mapping of encrypted filenames
 
-Properties:
+    #  Compress
 
--   Config: client_id
--   Env Var: RCLONE_DROPBOX_CLIENT_ID
--   Type: string
--   Required: false
+    ## Warning
 
---dropbox-client-secret
+    This remote is currently **experimental**. Things may break and data may be lost. Anything you do with this remote is
+    at your own risk. Please understand the risks associated with using experimental code and don't use this remote in
+    critical applications.
 
-OAuth Client Secret.
+    The `Compress` remote adds compression to another remote. It is best used with remotes containing
+    many large compressible files.
 
-Leave blank normally.
+    ## Configuration
 
-Properties:
+    To use this remote, all you need to do is specify another remote and a compression mode to use:
 
--   Config: client_secret
--   Env Var: RCLONE_DROPBOX_CLIENT_SECRET
--   Type: string
--   Required: false
+Current remotes:
 
-Advanced options
+Name Type ==== ==== remote_to_press sometype
 
-Here are the Advanced options specific to dropbox (Dropbox).
+e)  Edit existing remote $ rclone config
+f)  New remote
+g)  Delete remote
+h)  Rename remote
+i)  Copy remote
+j)  Set configuration password
+k)  Quit config e/n/d/r/c/s/q> n name> compress ... 8 / Compress a
+    remote  "compress" ... Storage> compress ** See help for compress
+    backend at: https://rclone.org/compress/ **
 
---dropbox-token
+Remote to compress. Enter a string value. Press Enter for the default
+(""). remote> remote_to_press:subdir Compression mode. Enter a string
+value. Press Enter for the default ("gzip"). Choose a number from below,
+or type in your own value 1 / Gzip compression balanced for speed and
+compression strength.  "gzip" compression_mode> gzip Edit advanced
+config? (y/n) y) Yes n) No (default) y/n> n Remote config
+-------------------- [compress] type = compress remote =
+remote_to_press:subdir compression_mode = gzip -------------------- y)
+Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d> y
 
-OAuth Access Token as a JSON blob.
 
-Properties:
+    ### Compression Modes
 
--   Config: token
--   Env Var: RCLONE_DROPBOX_TOKEN
--   Type: string
--   Required: false
+    Currently only gzip compression is supported. It provides a decent balance between speed and size and is well
+    supported by other applications. Compression strength can further be configured via an advanced setting where 0 is no
+    compression and 9 is strongest compression.
 
---dropbox-auth-url
+    ### File types
 
-Auth server URL.
+    If you open a remote wrapped by compress, you will see that there are many files with an extension corresponding to
+    the compression algorithm you chose. These files are standard files that can be opened by various archive programs, 
+    but they have some hidden metadata that allows them to be used by rclone.
+    While you may download and decompress these files at will, do **not** manually delete or rename files. Files without
+    correct metadata files will not be recognized by rclone.
 
-Leave blank to use the provider defaults.
+    ### File names
 
-Properties:
+    The compressed files will be named `*.###########.gz` where `*` is the base file and the `#` part is base64 encoded 
+    size of the uncompressed file. The file names should not be changed by anything other than the rclone compression backend.
 
--   Config: auth_url
--   Env Var: RCLONE_DROPBOX_AUTH_URL
--   Type: string
--   Required: false
 
---dropbox-token-url
+    ### Standard options
 
-Token server url.
+    Here are the Standard options specific to compress (Compress a remote).
 
-Leave blank to use the provider defaults.
+    #### --compress-remote
 
-Properties:
+    Remote to compress.
 
--   Config: token_url
--   Env Var: RCLONE_DROPBOX_TOKEN_URL
--   Type: string
--   Required: false
+    Properties:
 
---dropbox-chunk-size
+    - Config:      remote
+    - Env Var:     RCLONE_COMPRESS_REMOTE
+    - Type:        string
+    - Required:    true
 
-Upload chunk size (< 150Mi).
+    #### --compress-mode
 
-Any files larger than this will be uploaded in chunks of this size.
+    Compression mode.
 
-Note that chunks are buffered in memory (one at a time) so rclone can
-deal with retries. Setting this larger will increase the speed slightly
-(at most 10% for 128 MiB in tests) at the cost of using more memory. It
-can be set smaller if you are tight on memory.
+    Properties:
 
-Properties:
+    - Config:      mode
+    - Env Var:     RCLONE_COMPRESS_MODE
+    - Type:        string
+    - Default:     "gzip"
+    - Examples:
+        - "gzip"
+            - Standard gzip compression with fastest parameters.
 
--   Config: chunk_size
--   Env Var: RCLONE_DROPBOX_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 48Mi
+    ### Advanced options
 
---dropbox-impersonate
+    Here are the Advanced options specific to compress (Compress a remote).
 
-Impersonate this user when using a business account.
+    #### --compress-level
 
-Note that if you want to use impersonate, you should make sure this flag
-is set when running "rclone config" as this will cause rclone to request
-the "members.read" scope which it won't normally. This is needed to
-lookup a members email address into the internal ID that dropbox uses in
-the API.
+    GZIP compression level (-2 to 9).
 
-Using the "members.read" scope will require a Dropbox Team Admin to
-approve during the OAuth flow.
+    Generally -1 (default, equivalent to 5) is recommended.
+    Levels 1 to 9 increase compression at the cost of speed. Going past 6 
+    generally offers very little return.
 
-You will have to use your own App (setting your own client_id and
-client_secret) to use this option as currently rclone's default set of
-permissions doesn't include "members.read". This can be added once v1.55
-or later is in use everywhere.
+    Level -2 uses Huffman encoding only. Only use if you know what you
+    are doing.
+    Level 0 turns off compression.
 
-Properties:
+    Properties:
 
--   Config: impersonate
--   Env Var: RCLONE_DROPBOX_IMPERSONATE
--   Type: string
--   Required: false
+    - Config:      level
+    - Env Var:     RCLONE_COMPRESS_LEVEL
+    - Type:        int
+    - Default:     -1
 
---dropbox-shared-files
+    #### --compress-ram-cache-limit
 
-Instructs rclone to work on individual shared files.
+    Some remotes don't allow the upload of files with unknown size.
+    In this case the compressed file will need to be cached to determine
+    it's size.
 
-In this mode rclone's features are extremely limited - only list (ls,
-lsl, etc.) operations and read operations (e.g. downloading) are
-supported in this mode. All other operations will be disabled.
+    Files smaller than this limit will be cached in RAM, files larger than 
+    this limit will be cached on disk.
 
-Properties:
+    Properties:
 
--   Config: shared_files
--   Env Var: RCLONE_DROPBOX_SHARED_FILES
--   Type: bool
--   Default: false
+    - Config:      ram_cache_limit
+    - Env Var:     RCLONE_COMPRESS_RAM_CACHE_LIMIT
+    - Type:        SizeSuffix
+    - Default:     20Mi
 
---dropbox-shared-folders
+    ### Metadata
 
-Instructs rclone to work on shared folders.
+    Any metadata supported by the underlying remote is read and written.
 
-When this flag is used with no path only the List operation is supported
-and all available shared folders will be listed. If you specify a path
-the first part will be interpreted as the name of shared folder. Rclone
-will then try to mount this shared to the root namespace. On success
-shared folder rclone proceeds normally. The shared folder is now pretty
-much a normal folder and all normal operations are supported.
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-Note that we don't unmount the shared folder afterwards so the
---dropbox-shared-folders can be omitted after the first use of a
-particular shared folder.
 
-Properties:
 
--   Config: shared_folders
--   Env Var: RCLONE_DROPBOX_SHARED_FOLDERS
--   Type: bool
--   Default: false
+    #  Combine
 
---dropbox-batch-mode
+    The `combine` backend joins remotes together into a single directory
+    tree.
 
-Upload file batching sync|async|off.
+    For example you might have a remote for images on one provider:
 
-This sets the batch mode used by rclone.
+$ rclone tree s3:imagesbucket / ├── image1.jpg └── image2.jpg
 
-For full info see the main docs
 
-This has 3 possible values
+    And a remote for files on another:
 
--   off - no batching
--   sync - batch uploads and check completion (default)
--   async - batch upload and don't check completion
+$ rclone tree drive:important/files / ├── file1.txt └── file2.txt
 
-Rclone will close any outstanding batches when it exits which may make a
-delay on quit.
 
-Properties:
+    The `combine` backend can join these together into a synthetic
+    directory structure like this:
 
--   Config: batch_mode
--   Env Var: RCLONE_DROPBOX_BATCH_MODE
--   Type: string
--   Default: "sync"
+$ rclone tree combined: / ├── files │ ├── file1.txt │ └── file2.txt └──
+images ├── image1.jpg └── image2.jpg
 
---dropbox-batch-size
 
-Max number of files in upload batch.
+    You'd do this by specifying an `upstreams` parameter in the config
+    like this
 
-This sets the batch size of files to upload. It has to be less than
-1000.
+        upstreams = images=s3:imagesbucket files=drive:important/files
 
-By default this is 0 which means rclone which calculate the batch size
-depending on the setting of batch_mode.
+    During the initial setup with `rclone config` you will specify the
+    upstreams remotes as a space separated list. The upstream remotes can
+    either be a local paths or other remotes.
 
--   batch_mode: async - default batch_size is 100
--   batch_mode: sync - default batch_size is the same as --transfers
--   batch_mode: off - not in use
+    ## Configuration
 
-Rclone will close any outstanding batches when it exits which may make a
-delay on quit.
+    Here is an example of how to make a combine called `remote` for the
+    example above. First run:
 
-Setting this is a great idea if you are uploading lots of small files as
-it will make them a lot quicker. You can use --transfers 32 to maximise
-throughput.
+         rclone config
 
-Properties:
+    This will guide you through an interactive setup process:
 
--   Config: batch_size
--   Env Var: RCLONE_DROPBOX_BATCH_SIZE
--   Type: int
--   Default: 0
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Option Storage. Type of
+storage to configure. Choose a number from below, or type in your own
+value. ... XX / Combine several remotes into one  (combine) ... Storage>
+combine Option upstreams. Upstreams for combining These should be in the
+form dir=remote:path dir2=remote2:path Where before the = is specified
+the root directory and after is the remote to put there. Embedded spaces
+can be added using quotes "dir=remote:path with space"
+"dir2=remote2:path with space" Enter a fs.SpaceSepList value. upstreams>
+images=s3:imagesbucket files=drive:important/files --------------------
+[remote] type = combine upstreams = images=s3:imagesbucket
+files=drive:important/files -------------------- y) Yes this is OK
+(default) e) Edit this remote d) Delete this remote y/e/d> y
 
---dropbox-batch-timeout
 
-Max time to allow an idle upload batch before uploading.
+    ### Configuring for Google Drive Shared Drives
 
-If an upload batch is idle for more than this long then it will be
-uploaded.
+    Rclone has a convenience feature for making a combine backend for all
+    the shared drives you have access to.
 
-The default for this is 0 which means rclone will choose a sensible
-default based on the batch_mode in use.
+    Assuming your main (non shared drive) Google drive remote is called
+    `drive:` you would run
 
--   batch_mode: async - default batch_timeout is 500ms
--   batch_mode: sync - default batch_timeout is 10s
--   batch_mode: off - not in use
+        rclone backend -o config drives drive:
 
-Properties:
+    This would produce something like this:
 
--   Config: batch_timeout
--   Env Var: RCLONE_DROPBOX_BATCH_TIMEOUT
--   Type: Duration
--   Default: 0s
+        [My Drive]
+        type = alias
+        remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
 
---dropbox-batch-commit-timeout
+        [Test Drive]
+        type = alias
+        remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
 
-Max time to wait for a batch to finish committing
+        [AllDrives]
+        type = combine
+        upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
 
-Properties:
+    If you then add that config to your config file (find it with `rclone
+    config file`) then you can access all the shared drives in one place
+    with the `AllDrives:` remote.
 
--   Config: batch_commit_timeout
--   Env Var: RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT
--   Type: Duration
--   Default: 10m0s
+    See [the Google Drive docs](https://rclone.org/drive/#drives) for full info.
 
---dropbox-encoding
 
-The encoding for the backend.
+    ### Standard options
 
-See the encoding section in the overview for more info.
+    Here are the Standard options specific to combine (Combine several remotes into one).
 
-Properties:
+    #### --combine-upstreams
 
--   Config: encoding
--   Env Var: RCLONE_DROPBOX_ENCODING
--   Type: MultiEncoder
--   Default: Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
+    Upstreams for combining
 
-Limitations
+    These should be in the form
 
-Note that Dropbox is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+        dir=remote:path dir2=remote2:path
 
-There are some file names such as thumbs.db which Dropbox can't store.
-There is a full list of them in the "Ignored Files" section of this
-document. Rclone will issue an error message
-File name disallowed - not uploading if it attempts to upload one of
-those file names, but the sync won't fail.
+    Where before the = is specified the root directory and after is the remote to
+    put there.
 
-Some errors may occur if you try to sync copyright-protected files
-because Dropbox has its own copyright detector that prevents this sort
-of file being downloaded. This will return the error
-ERROR : /path/to/your/file: Failed to copy: failed to open source object: path/restricted_content/.
+    Embedded spaces can be added using quotes
 
-If you have more than 10,000 files in a directory then
-rclone purge dropbox:dir will return the error
-Failed to purge: There are too many files involved in this operation. As
-a work-around do an rclone delete dropbox:dir followed by an
-rclone rmdir dropbox:dir.
+        "dir=remote:path with space" "dir2=remote2:path with space"
 
-When using rclone link you'll need to set --expire if using a
-non-personal account otherwise the visibility may not be correct. (Note
-that --expire isn't supported on personal accounts). See the forum
-discussion and the dropbox SDK issue.
 
-Get your own Dropbox App ID
 
-When you use rclone with Dropbox in its default configuration you are
-using rclone's App ID. This is shared between all the rclone users.
+    Properties:
 
-Here is how to create your own Dropbox App ID for rclone:
+    - Config:      upstreams
+    - Env Var:     RCLONE_COMBINE_UPSTREAMS
+    - Type:        SpaceSepList
+    - Default:     
 
-1.  Log into the Dropbox App console with your Dropbox Account (It need
-    not to be the same account as the Dropbox you want to access)
+    ### Metadata
 
-2.  Choose an API => Usually this should be Dropbox API
+    Any metadata supported by the underlying remote is read and written.
 
-3.  Choose the type of access you want to use => Full Dropbox or
-    App Folder
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-4.  Name your App. The app name is global, so you can't use rclone for
-    example
 
-5.  Click the button Create App
 
-6.  Switch to the Permissions tab. Enable at least the following
-    permissions: account_info.read, files.metadata.write,
-    files.content.write, files.content.read, sharing.write. The
-    files.metadata.read and sharing.read checkboxes will be marked too.
-    Click Submit
+    #  Dropbox
 
-7.  Switch to the Settings tab. Fill OAuth2 - Redirect URIs as
-    http://localhost:53682/
+    Paths are specified as `remote:path`
 
-8.  Find the App key and App secret values on the Settings tab. Use
-    these values in rclone config to add a new remote or edit an
-    existing remote. The App key setting corresponds to client_id in
-    rclone config, the App secret corresponds to client_secret
+    Dropbox paths may be as deep as required, e.g.
+    `remote:directory/subdirectory`.
 
-Enterprise File Fabric
+    ## Configuration
 
-This backend supports Storage Made Easy's Enterprise File Fabric™ which
-provides a software solution to integrate and unify File and Object
-Storage accessible through a global file system.
+    The initial setup for dropbox involves getting a token from Dropbox
+    which you need to do in your browser.  `rclone config` walks you
+    through it.
 
-Configuration
+    Here is an example of how to make a remote called `remote`.  First run:
 
-The initial setup for the Enterprise File Fabric backend involves
-getting a token from the Enterprise File Fabric which you need to do in
-your browser. rclone config walks you through it.
+         rclone config
 
-Here is an example of how to make a remote called remote. First run:
+    This will guide you through an interactive setup process:
 
-     rclone config
+n)  New remote
+o)  Delete remote
+p)  Quit config e/n/d/q> n name> remote Type of storage to configure.
+    Choose a number from below, or type in your own value [snip] XX /
+    Dropbox  "dropbox" [snip] Storage> dropbox Dropbox App Key - leave
+    blank normally. app_key> Dropbox App Secret - leave blank normally.
+    app_secret> Remote config Please visit:
+    https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&response_type=code
+    Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX
+    -------------------- [remote] app_key = app_secret = token =
+    XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    --------------------
+q)  Yes this is OK
+r)  Edit this remote
+s)  Delete this remote y/e/d> y
 
-This will guide you through an interactive setup process:
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Enterprise File Fabric
-       \ "filefabric"
-    [snip]
-    Storage> filefabric
-    ** See help for filefabric backend at: https://rclone.org/filefabric/ **
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
-    URL of the Enterprise File Fabric to connect to
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / Storage Made Easy US
-       \ "https://storagemadeeasy.com"
-     2 / Storage Made Easy EU
-       \ "https://eu.storagemadeeasy.com"
-     3 / Connect to your Enterprise File Fabric
-       \ "https://yourfabric.smestorage.com"
-    url> https://yourfabric.smestorage.com/
-    ID of the root folder
-    Leave blank normally.
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from Dropbox. This only
+    runs from the moment it opens your browser to the moment you get back
+    the verification code.  This is on `http://127.0.0.1:53682/` and it
+    may require you to unblock it temporarily if you are running a host
+    firewall, or use manual mode.
 
-    Fill in to make rclone start with directory of a given ID.
+    You can then use it like this,
 
-    Enter a string value. Press Enter for the default ("").
-    root_folder_id> 
-    Permanent Authentication Token
+    List directories in top level of your dropbox
 
-    A Permanent Authentication Token can be created in the Enterprise File
-    Fabric, on the users Dashboard under Security, there is an entry
-    you'll see called "My Authentication Tokens". Click the Manage button
-    to create one.
+        rclone lsd remote:
 
-    These tokens are normally valid for several years.
+    List all the files in your dropbox
 
-    For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+        rclone ls remote:
 
-    Enter a string value. Press Enter for the default ("").
-    permanent_token> xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No (default)
-    y/n> n
-    Remote config
-    --------------------
-    [remote]
-    type = filefabric
-    url = https://yourfabric.smestorage.com/
-    permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    To copy a local directory to a dropbox directory called backup
 
-Once configured you can then use rclone like this,
+        rclone copy /home/source remote:backup
 
-List directories in top level of your Enterprise File Fabric
+    ### Dropbox for business
 
-    rclone lsd remote:
+    Rclone supports Dropbox for business and Team Folders.
 
-List all the files in your Enterprise File Fabric
+    When using Dropbox for business `remote:` and `remote:path/to/file`
+    will refer to your personal folder.
 
-    rclone ls remote:
+    If you wish to see Team Folders you must use a leading `/` in the
+    path, so `rclone lsd remote:/` will refer to the root and show you all
+    Team Folders and your User Folder.
 
-To copy a local directory to an Enterprise File Fabric directory called
-backup
+    You can then use team folders like this `remote:/TeamFolder` and
+    `remote:/TeamFolder/path/to/file`.
 
-    rclone copy /home/source remote:backup
+    A leading `/` for a Dropbox personal account will do nothing, but it
+    will take an extra HTTP transaction so it should be avoided.
 
-Modified time and hashes
+    ### Modification times and hashes
 
-The Enterprise File Fabric allows modification times to be set on files
-accurate to 1 second. These will be used to detect whether objects need
-syncing or not.
+    Dropbox supports modified times, but the only way to set a
+    modification time is to re-upload the file.
 
-The Enterprise File Fabric does not support any data hashes at this
-time.
+    This means that if you uploaded your data with an older version of
+    rclone which didn't support the v2 API and modified times, rclone will
+    decide to upload all your old data to fix the modification times.  If
+    you don't want this to happen use `--size-only` or `--checksum` flag
+    to stop it.
 
-Restricted filename characters
+    Dropbox supports [its own hash
+    type](https://www.dropbox.com/developers/reference/content-hash) which
+    is checked for all transfers.
 
-The default restricted characters set will be replaced.
+    ### Restricted filename characters
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | NUL       | 0x00  | ␀           |
+    | /         | 0x2F  | ／           |
+    | DEL       | 0x7F  | ␡           |
+    | \         | 0x5C  | ＼           |
 
-Empty files
+    File names can also not end with the following characters.
+    These only get replaced if they are the last character in the name:
 
-Empty files aren't supported by the Enterprise File Fabric. Rclone will
-therefore upload an empty file as a single space with a mime type of
-application/vnd.rclone.empty.file and files with that mime type are
-treated as empty.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | SP        | 0x20  | ␠           |
 
-Root folder ID
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-You can set the root_folder_id for rclone. This is the directory
-(identified by its Folder ID) that rclone considers to be the root of
-your Enterprise File Fabric.
+    ### Batch mode uploads {#batch-mode}
 
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
+    Using batch mode uploads is very important for performance when using
+    the Dropbox API. See [the dropbox performance guide](https://developers.dropbox.com/dbx-performance-guide)
+    for more info.
 
-However you can set this to restrict rclone to a specific folder
-hierarchy.
+    There are 3 modes rclone can use for uploads.
 
-In order to do this you will have to find the Folder ID of the directory
-you wish rclone to display. These aren't displayed in the web interface,
-but you can use rclone lsf to find them, for example
+    #### --dropbox-batch-mode off
 
-    $ rclone lsf --dirs-only -Fip --csv filefabric:
-    120673758,Burnt PDFs/
-    120673759,My Quick Uploads/
-    120673755,My Syncs/
-    120673756,My backups/
-    120673757,My contacts/
-    120673761,S3 Storage/
+    In this mode rclone will not use upload batching. This was the default
+    before rclone v1.55. It has the disadvantage that it is very likely to
+    encounter `too_many_requests` errors like this
 
-The ID for "S3 Storage" would be 120673761.
+        NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
 
-Standard options
+    When rclone receives these it has to wait for 15s or sometimes 300s
+    before continuing which really slows down transfers.
 
-Here are the Standard options specific to filefabric (Enterprise File
-Fabric).
+    This will happen especially if `--transfers` is large, so this mode
+    isn't recommended except for compatibility or investigating problems.
 
---filefabric-url
+    #### --dropbox-batch-mode sync
 
-URL of the Enterprise File Fabric to connect to.
+    In this mode rclone will batch up uploads to the size specified by
+    `--dropbox-batch-size` and commit them together.
 
-Properties:
+    Using this mode means you can use a much higher `--transfers`
+    parameter (32 or 64 works fine) without receiving `too_many_requests`
+    errors.
 
--   Config: url
--   Env Var: RCLONE_FILEFABRIC_URL
--   Type: string
--   Required: true
--   Examples:
-    -   "https://storagemadeeasy.com"
-        -   Storage Made Easy US
-    -   "https://eu.storagemadeeasy.com"
-        -   Storage Made Easy EU
-    -   "https://yourfabric.smestorage.com"
-        -   Connect to your Enterprise File Fabric
+    This mode ensures full data integrity.
 
---filefabric-root-folder-id
+    Note that there may be a pause when quitting rclone while rclone
+    finishes up the last batch using this mode.
 
-ID of the root folder.
+    #### --dropbox-batch-mode async
 
-Leave blank normally.
+    In this mode rclone will batch up uploads to the size specified by
+    `--dropbox-batch-size` and commit them together.
 
-Fill in to make rclone start with directory of a given ID.
+    However it will not wait for the status of the batch to be returned to
+    the caller. This means rclone can use a much bigger batch size (much
+    bigger than `--transfers`), at the cost of not being able to check the
+    status of the upload.
 
-Properties:
+    This provides the maximum possible upload speed especially with lots
+    of small files, however rclone can't check the file got uploaded
+    properly using this mode.
 
--   Config: root_folder_id
--   Env Var: RCLONE_FILEFABRIC_ROOT_FOLDER_ID
--   Type: string
--   Required: false
+    If you are using this mode then using "rclone check" after the
+    transfer completes is recommended. Or you could do an initial transfer
+    with `--dropbox-batch-mode async` then do a final transfer with
+    `--dropbox-batch-mode sync` (the default).
 
---filefabric-permanent-token
+    Note that there may be a pause when quitting rclone while rclone
+    finishes up the last batch using this mode.
 
-Permanent Authentication Token.
 
-A Permanent Authentication Token can be created in the Enterprise File
-Fabric, on the users Dashboard under Security, there is an entry you'll
-see called "My Authentication Tokens". Click the Manage button to create
-one.
 
-These tokens are normally valid for several years.
+    ### Standard options
 
-For more info see:
-https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+    Here are the Standard options specific to dropbox (Dropbox).
 
-Properties:
+    #### --dropbox-client-id
 
--   Config: permanent_token
--   Env Var: RCLONE_FILEFABRIC_PERMANENT_TOKEN
--   Type: string
--   Required: false
+    OAuth Client Id.
 
-Advanced options
+    Leave blank normally.
 
-Here are the Advanced options specific to filefabric (Enterprise File
-Fabric).
+    Properties:
 
---filefabric-token
+    - Config:      client_id
+    - Env Var:     RCLONE_DROPBOX_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-Session Token.
+    #### --dropbox-client-secret
 
-This is a session token which rclone caches in the config file. It is
-usually valid for 1 hour.
+    OAuth Client Secret.
 
-Don't set this value - rclone will set it automatically.
+    Leave blank normally.
 
-Properties:
+    Properties:
 
--   Config: token
--   Env Var: RCLONE_FILEFABRIC_TOKEN
--   Type: string
--   Required: false
+    - Config:      client_secret
+    - Env Var:     RCLONE_DROPBOX_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
---filefabric-token-expiry
+    ### Advanced options
 
-Token expiry time.
+    Here are the Advanced options specific to dropbox (Dropbox).
 
-Don't set this value - rclone will set it automatically.
+    #### --dropbox-token
 
-Properties:
+    OAuth Access Token as a JSON blob.
 
--   Config: token_expiry
--   Env Var: RCLONE_FILEFABRIC_TOKEN_EXPIRY
--   Type: string
--   Required: false
+    Properties:
 
---filefabric-version
+    - Config:      token
+    - Env Var:     RCLONE_DROPBOX_TOKEN
+    - Type:        string
+    - Required:    false
 
-Version read from the file fabric.
+    #### --dropbox-auth-url
 
-Don't set this value - rclone will set it automatically.
+    Auth server URL.
 
-Properties:
+    Leave blank to use the provider defaults.
 
--   Config: version
--   Env Var: RCLONE_FILEFABRIC_VERSION
--   Type: string
--   Required: false
+    Properties:
 
---filefabric-encoding
+    - Config:      auth_url
+    - Env Var:     RCLONE_DROPBOX_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-The encoding for the backend.
+    #### --dropbox-token-url
 
-See the encoding section in the overview for more info.
+    Token server url.
 
-Properties:
+    Leave blank to use the provider defaults.
 
--   Config: encoding
--   Env Var: RCLONE_FILEFABRIC_ENCODING
--   Type: MultiEncoder
--   Default: Slash,Del,Ctl,InvalidUtf8,Dot
+    Properties:
 
-FTP
+    - Config:      token_url
+    - Env Var:     RCLONE_DROPBOX_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-FTP is the File Transfer Protocol. Rclone FTP support is provided using
-the github.com/jlaffaye/ftp package.
+    #### --dropbox-chunk-size
 
-Limitations of Rclone's FTP backend
+    Upload chunk size (< 150Mi).
 
-Paths are specified as remote:path. If the path does not begin with a /
-it is relative to the home directory of the user. An empty path remote:
-refers to the user's home directory.
+    Any files larger than this will be uploaded in chunks of this size.
 
-Configuration
+    Note that chunks are buffered in memory (one at a time) so rclone can
+    deal with retries.  Setting this larger will increase the speed
+    slightly (at most 10% for 128 MiB in tests) at the cost of using more
+    memory.  It can be set smaller if you are tight on memory.
 
-To create an FTP configuration named remote, run
+    Properties:
 
-    rclone config
+    - Config:      chunk_size
+    - Env Var:     RCLONE_DROPBOX_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     48Mi
 
-Rclone config guides you through an interactive setup process. A minimal
-rclone FTP remote definition only requires host, username and password.
-For an anonymous FTP server, see below.
+    #### --dropbox-impersonate
 
-    No remotes found, make a new one?
-    n) New remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    n/r/c/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / FTP
-       \ "ftp"
-    [snip]
-    Storage> ftp
-    ** See help for ftp backend at: https://rclone.org/ftp/ **
+    Impersonate this user when using a business account.
 
-    FTP host to connect to
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / Connect to ftp.example.com
-       \ "ftp.example.com"
-    host> ftp.example.com
-    FTP username
-    Enter a string value. Press Enter for the default ("$USER").
-    user> 
-    FTP port number
-    Enter a signed integer. Press Enter for the default (21).
-    port> 
-    FTP password
-    y) Yes type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Use FTP over TLS (Implicit)
-    Enter a boolean value (true or false). Press Enter for the default ("false").
-    tls> 
-    Use FTP over TLS (Explicit)
-    Enter a boolean value (true or false). Press Enter for the default ("false").
-    explicit_tls> 
-    Remote config
-    --------------------
-    [remote]
-    type = ftp
-    host = ftp.example.com
-    pass = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Note that if you want to use impersonate, you should make sure this
+    flag is set when running "rclone config" as this will cause rclone to
+    request the "members.read" scope which it won't normally. This is
+    needed to lookup a members email address into the internal ID that
+    dropbox uses in the API.
 
-To see all directories in the home directory of remote
+    Using the "members.read" scope will require a Dropbox Team Admin
+    to approve during the OAuth flow.
 
-    rclone lsd remote:
+    You will have to use your own App (setting your own client_id and
+    client_secret) to use this option as currently rclone's default set of
+    permissions doesn't include "members.read". This can be added once
+    v1.55 or later is in use everywhere.
 
-Make a new directory
 
-    rclone mkdir remote:path/to/directory
+    Properties:
 
-List the contents of a directory
+    - Config:      impersonate
+    - Env Var:     RCLONE_DROPBOX_IMPERSONATE
+    - Type:        string
+    - Required:    false
 
-    rclone ls remote:path/to/directory
+    #### --dropbox-shared-files
 
-Sync /home/local/directory to the remote directory, deleting any excess
-files in the directory.
+    Instructs rclone to work on individual shared files.
 
-    rclone sync --interactive /home/local/directory remote:directory
+    In this mode rclone's features are extremely limited - only list (ls, lsl, etc.) 
+    operations and read operations (e.g. downloading) are supported in this mode.
+    All other operations will be disabled.
 
-Anonymous FTP
+    Properties:
 
-When connecting to a FTP server that allows anonymous login, you can use
-the special "anonymous" username. Traditionally, this user account
-accepts any string as a password, although it is common to use either
-the password "anonymous" or "guest". Some servers require the use of a
-valid e-mail address as password.
+    - Config:      shared_files
+    - Env Var:     RCLONE_DROPBOX_SHARED_FILES
+    - Type:        bool
+    - Default:     false
 
-Using on-the-fly or connection string remotes makes it easy to access
-such servers, without requiring any configuration in advance. The
-following are examples of that:
+    #### --dropbox-shared-folders
 
-    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
-    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):
+    Instructs rclone to work on shared folders.
+                
+    When this flag is used with no path only the List operation is supported and 
+    all available shared folders will be listed. If you specify a path the first part 
+    will be interpreted as the name of shared folder. Rclone will then try to mount this 
+    shared to the root namespace. On success shared folder rclone proceeds normally. 
+    The shared folder is now pretty much a normal folder and all normal operations 
+    are supported. 
 
-The above examples work in Linux shells and in PowerShell, but not
-Windows Command Prompt. They execute the rclone obscure command to
-create a password string in the format required by the pass option. The
-following examples are exactly the same, except use an already obscured
-string representation of the same password "dummy", and therefore works
-even in Windows Command Prompt:
+    Note that we don't unmount the shared folder afterwards so the 
+    --dropbox-shared-folders can be omitted after the first use of a particular 
+    shared folder.
 
-    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
-    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:
+    Properties:
 
-Implicit TLS
+    - Config:      shared_folders
+    - Env Var:     RCLONE_DROPBOX_SHARED_FOLDERS
+    - Type:        bool
+    - Default:     false
 
-Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to be
-enabled in the FTP backend config for the remote, or with --ftp-tls. The
-default FTPS port is 990, not 21 and can be set with --ftp-port.
+    #### --dropbox-pacer-min-sleep
 
-Restricted filename characters
+    Minimum time to sleep between API calls.
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    Properties:
 
-File names cannot end with the following characters. Replacement is
-limited to the last character in a file name:
+    - Config:      pacer_min_sleep
+    - Env Var:     RCLONE_DROPBOX_PACER_MIN_SLEEP
+    - Type:        Duration
+    - Default:     10ms
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  SP           0x20         ␠
+    #### --dropbox-encoding
 
-Not all FTP servers can have all characters in file names, for example:
+    The encoding for the backend.
 
-  FTP Server    Forbidden characters
-  ------------ ----------------------
-  proftpd                *
-  pureftpd             \ [ ]
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-This backend's interactive configuration wizard provides a selection of
-sensible encoding settings for major FTP servers: ProFTPd, PureFTPd,
-VsFTPd. Just hit a selection number when prompted.
+    Properties:
 
-Standard options
+    - Config:      encoding
+    - Env Var:     RCLONE_DROPBOX_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
 
-Here are the Standard options specific to ftp (FTP).
+    #### --dropbox-batch-mode
 
---ftp-host
+    Upload file batching sync|async|off.
 
-FTP host to connect to.
+    This sets the batch mode used by rclone.
 
-E.g. "ftp.example.com".
+    For full info see [the main docs](https://rclone.org/dropbox/#batch-mode)
 
-Properties:
+    This has 3 possible values
 
--   Config: host
--   Env Var: RCLONE_FTP_HOST
--   Type: string
--   Required: true
+    - off - no batching
+    - sync - batch uploads and check completion (default)
+    - async - batch upload and don't check completion
 
---ftp-user
+    Rclone will close any outstanding batches when it exits which may make
+    a delay on quit.
 
-FTP username.
 
-Properties:
+    Properties:
 
--   Config: user
--   Env Var: RCLONE_FTP_USER
--   Type: string
--   Default: "$USER"
+    - Config:      batch_mode
+    - Env Var:     RCLONE_DROPBOX_BATCH_MODE
+    - Type:        string
+    - Default:     "sync"
 
---ftp-port
+    #### --dropbox-batch-size
 
-FTP port number.
+    Max number of files in upload batch.
 
-Properties:
+    This sets the batch size of files to upload. It has to be less than 1000.
 
--   Config: port
--   Env Var: RCLONE_FTP_PORT
--   Type: int
--   Default: 21
+    By default this is 0 which means rclone which calculate the batch size
+    depending on the setting of batch_mode.
 
---ftp-pass
+    - batch_mode: async - default batch_size is 100
+    - batch_mode: sync - default batch_size is the same as --transfers
+    - batch_mode: off - not in use
 
-FTP password.
+    Rclone will close any outstanding batches when it exits which may make
+    a delay on quit.
 
-NB Input to this must be obscured - see rclone obscure.
+    Setting this is a great idea if you are uploading lots of small files
+    as it will make them a lot quicker. You can use --transfers 32 to
+    maximise throughput.
 
-Properties:
 
--   Config: pass
--   Env Var: RCLONE_FTP_PASS
--   Type: string
--   Required: false
+    Properties:
 
---ftp-tls
+    - Config:      batch_size
+    - Env Var:     RCLONE_DROPBOX_BATCH_SIZE
+    - Type:        int
+    - Default:     0
 
-Use Implicit FTPS (FTP over TLS).
+    #### --dropbox-batch-timeout
 
-When using implicit FTP over TLS the client connects using TLS right
-from the start which breaks compatibility with non-TLS-aware servers.
-This is usually served over port 990 rather than port 21. Cannot be used
-in combination with explicit FTPS.
+    Max time to allow an idle upload batch before uploading.
 
-Properties:
+    If an upload batch is idle for more than this long then it will be
+    uploaded.
 
--   Config: tls
--   Env Var: RCLONE_FTP_TLS
--   Type: bool
--   Default: false
+    The default for this is 0 which means rclone will choose a sensible
+    default based on the batch_mode in use.
 
---ftp-explicit-tls
+    - batch_mode: async - default batch_timeout is 10s
+    - batch_mode: sync - default batch_timeout is 500ms
+    - batch_mode: off - not in use
 
-Use Explicit FTPS (FTP over TLS).
 
-When using explicit FTP over TLS the client explicitly requests security
-from the server in order to upgrade a plain text connection to an
-encrypted one. Cannot be used in combination with implicit FTPS.
+    Properties:
 
-Properties:
+    - Config:      batch_timeout
+    - Env Var:     RCLONE_DROPBOX_BATCH_TIMEOUT
+    - Type:        Duration
+    - Default:     0s
 
--   Config: explicit_tls
--   Env Var: RCLONE_FTP_EXPLICIT_TLS
--   Type: bool
--   Default: false
+    #### --dropbox-batch-commit-timeout
 
-Advanced options
+    Max time to wait for a batch to finish committing
 
-Here are the Advanced options specific to ftp (FTP).
+    Properties:
 
---ftp-concurrency
+    - Config:      batch_commit_timeout
+    - Env Var:     RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT
+    - Type:        Duration
+    - Default:     10m0s
 
-Maximum number of FTP simultaneous connections, 0 for unlimited.
 
-Note that setting this is very likely to cause deadlocks so it should be
-used with care.
 
-If you are doing a sync or copy then make sure concurrency is one more
-than the sum of --transfers and --checkers.
+    ## Limitations
 
-If you use --check-first then it just needs to be one more than the
-maximum of --checkers and --transfers.
+    Note that Dropbox is case insensitive so you can't have a file called
+    "Hello.doc" and one called "hello.doc".
 
-So for concurrency 3 you'd use --checkers 2 --transfers 2 --check-first
-or --checkers 1 --transfers 1.
+    There are some file names such as `thumbs.db` which Dropbox can't
+    store.  There is a full list of them in the ["Ignored Files" section
+    of this document](https://www.dropbox.com/en/help/145).  Rclone will
+    issue an error message `File name disallowed - not uploading` if it
+    attempts to upload one of those file names, but the sync won't fail.
 
-Properties:
+    Some errors may occur if you try to sync copyright-protected files
+    because Dropbox has its own [copyright detector](https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/) that
+    prevents this sort of file being downloaded. This will return the error `ERROR :
+    /path/to/your/file: Failed to copy: failed to open source object:
+    path/restricted_content/.`
 
--   Config: concurrency
--   Env Var: RCLONE_FTP_CONCURRENCY
--   Type: int
--   Default: 0
+    If you have more than 10,000 files in a directory then `rclone purge
+    dropbox:dir` will return the error `Failed to purge: There are too
+    many files involved in this operation`.  As a work-around do an
+    `rclone delete dropbox:dir` followed by an `rclone rmdir dropbox:dir`.
 
---ftp-no-check-certificate
+    When using `rclone link` you'll need to set `--expire` if using a
+    non-personal account otherwise the visibility may not be correct.
+    (Note that `--expire` isn't supported on personal accounts). See the
+    [forum discussion](https://forum.rclone.org/t/rclone-link-dropbox-permissions/23211) and the 
+    [dropbox SDK issue](https://github.com/dropbox/dropbox-sdk-go-unofficial/issues/75).
 
-Do not verify the TLS certificate of the server.
+    ## Get your own Dropbox App ID
 
-Properties:
+    When you use rclone with Dropbox in its default configuration you are using rclone's App ID. This is shared between all the rclone users.
 
--   Config: no_check_certificate
--   Env Var: RCLONE_FTP_NO_CHECK_CERTIFICATE
--   Type: bool
--   Default: false
+    Here is how to create your own Dropbox App ID for rclone:
 
---ftp-disable-epsv
+    1. Log into the [Dropbox App console](https://www.dropbox.com/developers/apps/create) with your Dropbox Account (It need not
+    to be the same account as the Dropbox you want to access)
 
-Disable using EPSV even if server advertises support.
+    2. Choose an API => Usually this should be `Dropbox API`
 
-Properties:
+    3. Choose the type of access you want to use => `Full Dropbox` or `App Folder`. If you want to use Team Folders, `Full Dropbox` is required ([see here](https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-create-team-folder-inside-my-app-s-folder/m-p/601005/highlight/true#M27911)).
 
--   Config: disable_epsv
--   Env Var: RCLONE_FTP_DISABLE_EPSV
--   Type: bool
--   Default: false
+    4. Name your App. The app name is global, so you can't use `rclone` for example
 
---ftp-disable-mlsd
+    5. Click the button `Create App`
 
-Disable using MLSD even if server advertises support.
+    6. Switch to the `Permissions` tab. Enable at least the following permissions: `account_info.read`, `files.metadata.write`, `files.content.write`, `files.content.read`, `sharing.write`. The `files.metadata.read` and `sharing.read` checkboxes will be marked too. Click `Submit`
 
-Properties:
+    7. Switch to the `Settings` tab. Fill `OAuth2 - Redirect URIs` as `http://localhost:53682/` and click on `Add`
 
--   Config: disable_mlsd
--   Env Var: RCLONE_FTP_DISABLE_MLSD
--   Type: bool
--   Default: false
+    8. Find the `App key` and `App secret` values on the `Settings` tab. Use these values in rclone config to add a new remote or edit an existing remote. The `App key` setting corresponds to `client_id` in rclone config, the `App secret` corresponds to `client_secret`
 
---ftp-disable-utf8
+    #  Enterprise File Fabric
 
-Disable using UTF-8 even if server advertises support.
+    This backend supports [Storage Made Easy's Enterprise File
+    Fabric™](https://storagemadeeasy.com/about/) which provides a software
+    solution to integrate and unify File and Object Storage accessible
+    through a global file system.
 
-Properties:
+    ## Configuration
 
--   Config: disable_utf8
--   Env Var: RCLONE_FTP_DISABLE_UTF8
--   Type: bool
--   Default: false
+    The initial setup for the Enterprise File Fabric backend involves
+    getting a token from the Enterprise File Fabric which you need to
+    do in your browser.  `rclone config` walks you through it.
 
---ftp-writing-mdtm
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Use MDTM to set modification time (VsFtpd quirk)
+         rclone config
 
-Properties:
+    This will guide you through an interactive setup process:
 
--   Config: writing_mdtm
--   Env Var: RCLONE_FTP_WRITING_MDTM
--   Type: bool
--   Default: false
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX /
+Enterprise File Fabric  "filefabric" [snip] Storage> filefabric ** See
+help for filefabric backend at: https://rclone.org/filefabric/ **
 
---ftp-force-list-hidden
+URL of the Enterprise File Fabric to connect to Enter a string value.
+Press Enter for the default (""). Choose a number from below, or type in
+your own value 1 / Storage Made Easy US  "https://storagemadeeasy.com" 2
+/ Storage Made Easy EU  "https://eu.storagemadeeasy.com" 3 / Connect to
+your Enterprise File Fabric  "https://yourfabric.smestorage.com" url>
+https://yourfabric.smestorage.com/ ID of the root folder Leave blank
+normally.
 
-Use LIST -a to force listing of hidden files and folders. This will
-disable the use of MLSD.
+Fill in to make rclone start with directory of a given ID.
 
-Properties:
+Enter a string value. Press Enter for the default (""). root_folder_id>
+Permanent Authentication Token
 
--   Config: force_list_hidden
--   Env Var: RCLONE_FTP_FORCE_LIST_HIDDEN
--   Type: bool
--   Default: false
+A Permanent Authentication Token can be created in the Enterprise File
+Fabric, on the users Dashboard under Security, there is an entry you'll
+see called "My Authentication Tokens". Click the Manage button to create
+one.
 
---ftp-idle-timeout
+These tokens are normally valid for several years.
 
-Max time before closing idle connections.
+For more info see:
+https://docs.storagemadeeasy.com/organisationcloud/api-tokens
 
-If no connections have been returned to the connection pool in the time
-given, rclone will empty the connection pool.
+Enter a string value. Press Enter for the default (""). permanent_token>
+xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx Edit advanced config? (y/n) y) Yes n)
+No (default) y/n> n Remote config -------------------- [remote] type =
+filefabric url = https://yourfabric.smestorage.com/ permanent_token =
+xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx -------------------- y) Yes this is OK
+(default) e) Edit this remote d) Delete this remote y/e/d> y
 
-Set to 0 to keep connections indefinitely.
 
-Properties:
+    Once configured you can then use `rclone` like this,
 
--   Config: idle_timeout
--   Env Var: RCLONE_FTP_IDLE_TIMEOUT
--   Type: Duration
--   Default: 1m0s
+    List directories in top level of your Enterprise File Fabric
 
---ftp-close-timeout
+        rclone lsd remote:
 
-Maximum time to wait for a response to close.
+    List all the files in your Enterprise File Fabric
 
-Properties:
+        rclone ls remote:
 
--   Config: close_timeout
--   Env Var: RCLONE_FTP_CLOSE_TIMEOUT
--   Type: Duration
--   Default: 1m0s
+    To copy a local directory to an Enterprise File Fabric directory called backup
 
---ftp-tls-cache-size
+        rclone copy /home/source remote:backup
 
-Size of TLS session cache for all control and data connections.
+    ### Modification times and hashes
 
-TLS cache allows to resume TLS sessions and reuse PSK between
-connections. Increase if default size is not enough resulting in TLS
-resumption errors. Enabled by default. Use 0 to disable.
+    The Enterprise File Fabric allows modification times to be set on
+    files accurate to 1 second.  These will be used to detect whether
+    objects need syncing or not.
 
-Properties:
+    The Enterprise File Fabric does not support any data hashes at this time.
 
--   Config: tls_cache_size
--   Env Var: RCLONE_FTP_TLS_CACHE_SIZE
--   Type: int
--   Default: 32
+    ### Restricted filename characters
 
---ftp-disable-tls13
+    The [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    will be replaced.
 
-Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-Properties:
+    ### Empty files
 
--   Config: disable_tls13
--   Env Var: RCLONE_FTP_DISABLE_TLS13
--   Type: bool
--   Default: false
+    Empty files aren't supported by the Enterprise File Fabric. Rclone will therefore
+    upload an empty file as a single space with a mime type of
+    `application/vnd.rclone.empty.file` and files with that mime type are
+    treated as empty.
 
---ftp-shut-timeout
+    ### Root folder ID ###
 
-Maximum time to wait for data connection closing status.
+    You can set the `root_folder_id` for rclone.  This is the directory
+    (identified by its `Folder ID`) that rclone considers to be the root
+    of your Enterprise File Fabric.
 
-Properties:
+    Normally you will leave this blank and rclone will determine the
+    correct root to use itself.
 
--   Config: shut_timeout
--   Env Var: RCLONE_FTP_SHUT_TIMEOUT
--   Type: Duration
--   Default: 1m0s
+    However you can set this to restrict rclone to a specific folder
+    hierarchy.
 
---ftp-ask-password
+    In order to do this you will have to find the `Folder ID` of the
+    directory you wish rclone to display.  These aren't displayed in the
+    web interface, but you can use `rclone lsf` to find them, for example
 
-Allow asking for FTP password when needed.
+$ rclone lsf --dirs-only -Fip --csv filefabric: 120673758,Burnt PDFs/
+120673759,My Quick Uploads/ 120673755,My Syncs/ 120673756,My backups/
+120673757,My contacts/ 120673761,S3 Storage/
 
-If this is set and no password is supplied then rclone will ask for a
-password
 
-Properties:
+    The ID for "S3 Storage" would be `120673761`.
 
--   Config: ask_password
--   Env Var: RCLONE_FTP_ASK_PASSWORD
--   Type: bool
--   Default: false
 
---ftp-encoding
+    ### Standard options
 
-The encoding for the backend.
+    Here are the Standard options specific to filefabric (Enterprise File Fabric).
 
-See the encoding section in the overview for more info.
+    #### --filefabric-url
 
-Properties:
+    URL of the Enterprise File Fabric to connect to.
 
--   Config: encoding
--   Env Var: RCLONE_FTP_ENCODING
--   Type: MultiEncoder
--   Default: Slash,Del,Ctl,RightSpace,Dot
--   Examples:
-    -   "Asterisk,Ctl,Dot,Slash"
-        -   ProFTPd can't handle '*' in file names
-    -   "BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket"
-        -   PureFTPd can't handle '[]' or '*' in file names
-    -   "Ctl,LeftPeriod,Slash"
-        -   VsFTPd can't handle file names starting with dot
+    Properties:
 
-Limitations
+    - Config:      url
+    - Env Var:     RCLONE_FILEFABRIC_URL
+    - Type:        string
+    - Required:    true
+    - Examples:
+        - "https://storagemadeeasy.com"
+            - Storage Made Easy US
+        - "https://eu.storagemadeeasy.com"
+            - Storage Made Easy EU
+        - "https://yourfabric.smestorage.com"
+            - Connect to your Enterprise File Fabric
 
-FTP servers acting as rclone remotes must support passive mode. The mode
-cannot be configured as passive is the only supported one. Rclone's FTP
-implementation is not compatible with active mode as the library it uses
-doesn't support it. This will likely never be supported due to security
-concerns.
+    #### --filefabric-root-folder-id
 
-Rclone's FTP backend does not support any checksums but can compare file
-sizes.
+    ID of the root folder.
 
-rclone about is not supported by the FTP backend. Backends without this
-capability cannot determine free space for an rclone mount or use policy
-mfs (most free space) as a member of an rclone union remote.
+    Leave blank normally.
 
-See List of backends that do not support rclone about and rclone about
+    Fill in to make rclone start with directory of a given ID.
 
-The implementation of : --dump headers, --dump bodies, --dump auth for
-debugging isn't the same as for rclone HTTP based backends - it has less
-fine grained control.
 
---timeout isn't supported (but --contimeout is).
+    Properties:
 
---bind isn't supported.
+    - Config:      root_folder_id
+    - Env Var:     RCLONE_FILEFABRIC_ROOT_FOLDER_ID
+    - Type:        string
+    - Required:    false
 
-Rclone's FTP backend could support server-side move but does not at
-present.
+    #### --filefabric-permanent-token
 
-The ftp_proxy environment variable is not currently supported.
+    Permanent Authentication Token.
 
-Modified time
+    A Permanent Authentication Token can be created in the Enterprise File
+    Fabric, on the users Dashboard under Security, there is an entry
+    you'll see called "My Authentication Tokens". Click the Manage button
+    to create one.
 
-File modification time (timestamps) is supported to 1 second resolution
-for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP
-server. The VsFTPd server has non-standard implementation of time
-related protocol commands and needs a special configuration setting:
-writing_mdtm = true.
+    These tokens are normally valid for several years.
 
-Support for precise file time with other FTP servers varies depending on
-what protocol extensions they advertise. If all the MLSD, MDTM and MFTM
-extensions are present, rclone will use them together to provide precise
-time. Otherwise the times you see on the FTP server through rclone are
-those of the last file upload.
+    For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
 
-You can use the following command to check whether rclone can use
-precise time with your FTP server:
-rclone backend features your_ftp_remote: (the trailing colon is
-important). Look for the number in the line tagged by Precision
-designating the remote time precision expressed as nanoseconds. A value
-of 1000000000 means that file time precision of 1 second is available. A
-value of 3153600000000000000 (or another large number) means
-"unsupported".
 
-Google Cloud Storage
+    Properties:
 
-Paths are specified as remote:bucket (or remote: for the lsd command.)
-You may put subdirectories in too, e.g. remote:bucket/path/to/dir.
+    - Config:      permanent_token
+    - Env Var:     RCLONE_FILEFABRIC_PERMANENT_TOKEN
+    - Type:        string
+    - Required:    false
 
-Configuration
+    ### Advanced options
 
-The initial setup for google cloud storage involves getting a token from
-Google Cloud Storage which you need to do in your browser. rclone config
-walks you through it.
+    Here are the Advanced options specific to filefabric (Enterprise File Fabric).
 
-Here is an example of how to make a remote called remote. First run:
+    #### --filefabric-token
 
-     rclone config
+    Session Token.
 
-This will guide you through an interactive setup process:
+    This is a session token which rclone caches in the config file. It is
+    usually valid for 1 hour.
 
-    n) New remote
-    d) Delete remote
-    q) Quit config
-    e/n/d/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Google Cloud Storage (this is not Google Drive)
-       \ "google cloud storage"
-    [snip]
-    Storage> google cloud storage
-    Google Application Client Id - leave blank normally.
-    client_id>
-    Google Application Client Secret - leave blank normally.
-    client_secret>
-    Project number optional - needed only for list/create/delete buckets - see your developer console.
-    project_number> 12345678
-    Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-    service_account_file>
-    Access Control List for new objects.
-    Choose a number from below, or type in your own value
-     1 / Object owner gets OWNER access, and all Authenticated Users get READER access.
-       \ "authenticatedRead"
-     2 / Object owner gets OWNER access, and project team owners get OWNER access.
-       \ "bucketOwnerFullControl"
-     3 / Object owner gets OWNER access, and project team owners get READER access.
-       \ "bucketOwnerRead"
-     4 / Object owner gets OWNER access [default if left blank].
-       \ "private"
-     5 / Object owner gets OWNER access, and project team members get access according to their roles.
-       \ "projectPrivate"
-     6 / Object owner gets OWNER access, and all Users get READER access.
-       \ "publicRead"
-    object_acl> 4
-    Access Control List for new buckets.
-    Choose a number from below, or type in your own value
-     1 / Project team owners get OWNER access, and all Authenticated Users get READER access.
-       \ "authenticatedRead"
-     2 / Project team owners get OWNER access [default if left blank].
-       \ "private"
-     3 / Project team members get access according to their roles.
-       \ "projectPrivate"
-     4 / Project team owners get OWNER access, and all Users get READER access.
-       \ "publicRead"
-     5 / Project team owners get OWNER access, and all Users get WRITER access.
-       \ "publicReadWrite"
-    bucket_acl> 2
-    Location for the newly created buckets.
-    Choose a number from below, or type in your own value
-     1 / Empty for default location (US).
-       \ ""
-     2 / Multi-regional location for Asia.
-       \ "asia"
-     3 / Multi-regional location for Europe.
-       \ "eu"
-     4 / Multi-regional location for United States.
-       \ "us"
-     5 / Taiwan.
-       \ "asia-east1"
-     6 / Tokyo.
-       \ "asia-northeast1"
-     7 / Singapore.
-       \ "asia-southeast1"
-     8 / Sydney.
-       \ "australia-southeast1"
-     9 / Belgium.
-       \ "europe-west1"
-    10 / London.
-       \ "europe-west2"
-    11 / Iowa.
-       \ "us-central1"
-    12 / South Carolina.
-       \ "us-east1"
-    13 / Northern Virginia.
-       \ "us-east4"
-    14 / Oregon.
-       \ "us-west1"
-    location> 12
-    The storage class to use when storing objects in Google Cloud Storage.
-    Choose a number from below, or type in your own value
-     1 / Default
-       \ ""
-     2 / Multi-regional storage class
-       \ "MULTI_REGIONAL"
-     3 / Regional storage class
-       \ "REGIONAL"
-     4 / Nearline storage class
-       \ "NEARLINE"
-     5 / Coldline storage class
-       \ "COLDLINE"
-     6 / Durable reduced availability storage class
-       \ "DURABLE_REDUCED_AVAILABILITY"
-    storage_class> 5
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [remote]
-    type = google cloud storage
-    client_id =
-    client_secret =
-    token = {"AccessToken":"xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx","Expiry":"2014-07-17T20:49:14.929208288+01:00","Extra":null}
-    project_number = 12345678
-    object_acl = private
-    bucket_acl = private
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Don't set this value - rclone will set it automatically.
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically
-authenticate. This only runs from the moment it opens your browser to
-the moment you get back the verification code. This is on
-http://127.0.0.1:53682/ and this it may require you to unblock it
-temporarily if you are running a host firewall, or use manual mode.
+    Properties:
 
-This remote is called remote and can now be used like this
+    - Config:      token
+    - Env Var:     RCLONE_FILEFABRIC_TOKEN
+    - Type:        string
+    - Required:    false
 
-See all the buckets in your project
+    #### --filefabric-token-expiry
 
-    rclone lsd remote:
+    Token expiry time.
 
-Make a new bucket
+    Don't set this value - rclone will set it automatically.
 
-    rclone mkdir remote:bucket
 
-List the contents of a bucket
+    Properties:
 
-    rclone ls remote:bucket
+    - Config:      token_expiry
+    - Env Var:     RCLONE_FILEFABRIC_TOKEN_EXPIRY
+    - Type:        string
+    - Required:    false
 
-Sync /home/local/directory to the remote bucket, deleting any excess
-files in the bucket.
+    #### --filefabric-version
 
-    rclone sync --interactive /home/local/directory remote:bucket
+    Version read from the file fabric.
 
-Service Account support
+    Don't set this value - rclone will set it automatically.
 
-You can set up rclone with Google Cloud Storage in an unattended mode,
-i.e. not tied to a specific end-user Google account. This is useful when
-you want to synchronise files onto machines that don't have actively
-logged-in users, for example build machines.
 
-To get credentials for Google Cloud Platform IAM Service Accounts,
-please head to the Service Account section of the Google Developer
-Console. Service Accounts behave just like normal User permissions in
-Google Cloud Storage ACLs, so you can limit their access (e.g. make them
-read only). After creating an account, a JSON file containing the
-Service Account's credentials will be downloaded onto your machines.
-These credentials are what rclone will use for authentication.
+    Properties:
 
-To use a Service Account instead of OAuth2 token flow, enter the path to
-your Service Account credentials at the service_account_file prompt and
-rclone won't use the browser based authentication flow. If you'd rather
-stuff the contents of the credentials file into the rclone config file,
-you can set service_account_credentials with the actual contents of the
-file instead, or set the equivalent environment variable.
+    - Config:      version
+    - Env Var:     RCLONE_FILEFABRIC_VERSION
+    - Type:        string
+    - Required:    false
 
-Anonymous Access
+    #### --filefabric-encoding
 
-For downloads of objects that permit public access you can configure
-rclone to use anonymous access by setting anonymous to true. With
-unauthorized access you can't write or create files but only read or
-list those buckets and objects that have public read access.
+    The encoding for the backend.
 
-Application Default Credentials
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-If no other source of credentials is provided, rclone will fall back to
-Application Default Credentials this is useful both when you already
-have configured authentication for your developer account, or in
-production when running on a google compute host. Note that if running
-in docker, you may need to run additional commands on your google
-compute machine - see this page.
+    Properties:
 
-Note that in the case application default credentials are used, there is
-no need to explicitly configure a project number.
+    - Config:      encoding
+    - Env Var:     RCLONE_FILEFABRIC_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,Del,Ctl,InvalidUtf8,Dot
 
---fast-list
 
-This remote supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details.
 
-Custom upload headers
+    #  FTP
 
-You can set custom upload headers with the --header-upload flag. Google
-Cloud Storage supports the headers as described in the working with
-metadata documentation
+    FTP is the File Transfer Protocol. Rclone FTP support is provided using the
+    [github.com/jlaffaye/ftp](https://godoc.org/github.com/jlaffaye/ftp)
+    package.
 
--   Cache-Control
--   Content-Disposition
--   Content-Encoding
--   Content-Language
--   Content-Type
--   X-Goog-Storage-Class
--   X-Goog-Meta-
+    [Limitations of Rclone's FTP backend](#limitations)
 
-Eg --header-upload "Content-Type text/potato"
+    Paths are specified as `remote:path`. If the path does not begin with
+    a `/` it is relative to the home directory of the user.  An empty path
+    `remote:` refers to the user's home directory.
 
-Note that the last of these is for setting custom metadata in the form
---header-upload "x-goog-meta-key: value"
+    ## Configuration
 
-Modification time
+    To create an FTP configuration named `remote`, run
 
-Google Cloud Storage stores md5sum natively. Google's gsutil tool stores
-modification time with one-second precision as goog-reserved-file-mtime
-in file metadata.
+        rclone config
 
-To ensure compatibility with gsutil, rclone stores modification time in
-2 separate metadata entries. mtime uses RFC3339 format with
-one-nanosecond precision. goog-reserved-file-mtime uses Unix timestamp
-format with one-second precision. To get modification time from object
-metadata, rclone reads the metadata in the following order: mtime,
-goog-reserved-file-mtime, object updated time.
+    Rclone config guides you through an interactive setup process. A minimal
+    rclone FTP remote definition only requires host, username and password.
+    For an anonymous FTP server, see [below](#anonymous-ftp).
 
-Note that rclone's default modify window is 1ns. Files uploaded by
-gsutil only contain timestamps with one-second precision. If you use
-rclone to sync files previously uploaded by gsutil, rclone will attempt
-to update modification time for all these files. To avoid these possibly
-unnecessary updates, use --modify-window 1s.
+No remotes found, make a new one? n) New remote r) Rename remote c) Copy
+remote s) Set configuration password q) Quit config n/r/c/s/q> n name>
+remote Type of storage to configure. Enter a string value. Press Enter
+for the default (""). Choose a number from below, or type in your own
+value [snip] XX / FTP  "ftp" [snip] Storage> ftp ** See help for ftp
+backend at: https://rclone.org/ftp/ **
 
-Restricted filename characters
+FTP host to connect to Enter a string value. Press Enter for the default
+(""). Choose a number from below, or type in your own value 1 / Connect
+to ftp.example.com  "ftp.example.com" host> ftp.example.com FTP username
+Enter a string value. Press Enter for the default ("$USER"). user> FTP
+port number Enter a signed integer. Press Enter for the default (21).
+port> FTP password y) Yes type in my own password g) Generate random
+password y/g> y Enter the password: password: Confirm the password:
+password: Use FTP over TLS (Implicit) Enter a boolean value (true or
+false). Press Enter for the default ("false"). tls> Use FTP over TLS
+(Explicit) Enter a boolean value (true or false). Press Enter for the
+default ("false"). explicit_tls> Remote config --------------------
+[remote] type = ftp host = ftp.example.com pass = *** ENCRYPTED ***
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  NUL          0x00         ␀
-  LF           0x0A         ␊
-  CR           0x0D         ␍
-  /            0x2F        ／
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    To see all directories in the home directory of `remote`
 
-Standard options
+        rclone lsd remote:
 
-Here are the Standard options specific to google cloud storage (Google
-Cloud Storage (this is not Google Drive)).
+    Make a new directory
 
---gcs-client-id
+        rclone mkdir remote:path/to/directory
 
-OAuth Client Id.
+    List the contents of a directory
 
-Leave blank normally.
+        rclone ls remote:path/to/directory
 
-Properties:
+    Sync `/home/local/directory` to the remote directory, deleting any
+    excess files in the directory.
 
--   Config: client_id
--   Env Var: RCLONE_GCS_CLIENT_ID
--   Type: string
--   Required: false
+        rclone sync --interactive /home/local/directory remote:directory
 
---gcs-client-secret
+    ### Anonymous FTP
 
-OAuth Client Secret.
+    When connecting to a FTP server that allows anonymous login, you can use the
+    special "anonymous" username. Traditionally, this user account accepts any
+    string as a password, although it is common to use either the password
+    "anonymous" or "guest". Some servers require the use of a valid e-mail
+    address as password.
 
-Leave blank normally.
+    Using [on-the-fly](#backend-path-to-dir) or
+    [connection string](https://rclone.org/docs/#connection-strings) remotes makes it easy to access
+    such servers, without requiring any configuration in advance. The following
+    are examples of that:
 
-Properties:
+        rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
+        rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):
 
--   Config: client_secret
--   Env Var: RCLONE_GCS_CLIENT_SECRET
--   Type: string
--   Required: false
+    The above examples work in Linux shells and in PowerShell, but not Windows
+    Command Prompt. They execute the [rclone obscure](https://rclone.org/commands/rclone_obscure/)
+    command to create a password string in the format required by the
+    [pass](#ftp-pass) option. The following examples are exactly the same, except use
+    an already obscured string representation of the same password "dummy", and
+    therefore works even in Windows Command Prompt:
 
---gcs-project-number
+        rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
+        rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:
 
-Project number.
+    ### Implicit TLS
 
-Optional - needed only for list/create/delete buckets - see your
-developer console.
+    Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to
+    be enabled in the FTP backend config for the remote, or with
+    [`--ftp-tls`](#ftp-tls). The default FTPS port is `990`, not `21` and
+    can be set with [`--ftp-port`](#ftp-port).
 
-Properties:
+    ### Restricted filename characters
 
--   Config: project_number
--   Env Var: RCLONE_GCS_PROJECT_NUMBER
--   Type: string
--   Required: false
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
---gcs-service-account-file
+    File names cannot end with the following characters. Replacement is
+    limited to the last character in a file name:
 
-Service Account Credentials JSON file path.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | SP        | 0x20  | ␠           |
 
-Leave blank normally. Needed only if you want use SA instead of
-interactive login.
+    Not all FTP servers can have all characters in file names, for example:
 
-Leading ~ will be expanded in the file name as will environment
-variables such as ${RCLONE_CONFIG_DIR}.
+    | FTP Server| Forbidden characters |
+    | --------- |:--------------------:|
+    | proftpd   | `*`                  |
+    | pureftpd  | `\ [ ]`              |
 
-Properties:
+    This backend's interactive configuration wizard provides a selection of
+    sensible encoding settings for major FTP servers: ProFTPd, PureFTPd, VsFTPd.
+    Just hit a selection number when prompted.
 
--   Config: service_account_file
--   Env Var: RCLONE_GCS_SERVICE_ACCOUNT_FILE
--   Type: string
--   Required: false
 
---gcs-service-account-credentials
+    ### Standard options
 
-Service Account Credentials JSON blob.
+    Here are the Standard options specific to ftp (FTP).
 
-Leave blank normally. Needed only if you want use SA instead of
-interactive login.
+    #### --ftp-host
 
-Properties:
+    FTP host to connect to.
 
--   Config: service_account_credentials
--   Env Var: RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
--   Type: string
--   Required: false
+    E.g. "ftp.example.com".
 
---gcs-anonymous
+    Properties:
 
-Access public buckets and objects without credentials.
+    - Config:      host
+    - Env Var:     RCLONE_FTP_HOST
+    - Type:        string
+    - Required:    true
 
-Set to 'true' if you just want to download files and don't configure
-credentials.
+    #### --ftp-user
 
-Properties:
+    FTP username.
 
--   Config: anonymous
--   Env Var: RCLONE_GCS_ANONYMOUS
--   Type: bool
--   Default: false
+    Properties:
 
---gcs-object-acl
+    - Config:      user
+    - Env Var:     RCLONE_FTP_USER
+    - Type:        string
+    - Default:     "$USER"
 
-Access Control List for new objects.
+    #### --ftp-port
 
-Properties:
+    FTP port number.
 
--   Config: object_acl
--   Env Var: RCLONE_GCS_OBJECT_ACL
--   Type: string
--   Required: false
--   Examples:
-    -   "authenticatedRead"
-        -   Object owner gets OWNER access.
-        -   All Authenticated Users get READER access.
-    -   "bucketOwnerFullControl"
-        -   Object owner gets OWNER access.
-        -   Project team owners get OWNER access.
-    -   "bucketOwnerRead"
-        -   Object owner gets OWNER access.
-        -   Project team owners get READER access.
-    -   "private"
-        -   Object owner gets OWNER access.
-        -   Default if left blank.
-    -   "projectPrivate"
-        -   Object owner gets OWNER access.
-        -   Project team members get access according to their roles.
-    -   "publicRead"
-        -   Object owner gets OWNER access.
-        -   All Users get READER access.
+    Properties:
 
---gcs-bucket-acl
+    - Config:      port
+    - Env Var:     RCLONE_FTP_PORT
+    - Type:        int
+    - Default:     21
 
-Access Control List for new buckets.
+    #### --ftp-pass
 
-Properties:
+    FTP password.
 
--   Config: bucket_acl
--   Env Var: RCLONE_GCS_BUCKET_ACL
--   Type: string
--   Required: false
--   Examples:
-    -   "authenticatedRead"
-        -   Project team owners get OWNER access.
-        -   All Authenticated Users get READER access.
-    -   "private"
-        -   Project team owners get OWNER access.
-        -   Default if left blank.
-    -   "projectPrivate"
-        -   Project team members get access according to their roles.
-    -   "publicRead"
-        -   Project team owners get OWNER access.
-        -   All Users get READER access.
-    -   "publicReadWrite"
-        -   Project team owners get OWNER access.
-        -   All Users get WRITER access.
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
---gcs-bucket-policy-only
+    Properties:
 
-Access checks should use bucket-level IAM policies.
+    - Config:      pass
+    - Env Var:     RCLONE_FTP_PASS
+    - Type:        string
+    - Required:    false
 
-If you want to upload objects to a bucket with Bucket Policy Only set
-then you will need to set this.
+    #### --ftp-tls
 
-When it is set, rclone:
+    Use Implicit FTPS (FTP over TLS).
 
--   ignores ACLs set on buckets
--   ignores ACLs set on objects
--   creates buckets with Bucket Policy Only set
+    When using implicit FTP over TLS the client connects using TLS
+    right from the start which breaks compatibility with
+    non-TLS-aware servers. This is usually served over port 990 rather
+    than port 21. Cannot be used in combination with explicit FTPS.
 
-Docs: https://cloud.google.com/storage/docs/bucket-policy-only
+    Properties:
 
-Properties:
+    - Config:      tls
+    - Env Var:     RCLONE_FTP_TLS
+    - Type:        bool
+    - Default:     false
 
--   Config: bucket_policy_only
--   Env Var: RCLONE_GCS_BUCKET_POLICY_ONLY
--   Type: bool
--   Default: false
+    #### --ftp-explicit-tls
 
---gcs-location
+    Use Explicit FTPS (FTP over TLS).
 
-Location for the newly created buckets.
+    When using explicit FTP over TLS the client explicitly requests
+    security from the server in order to upgrade a plain text connection
+    to an encrypted one. Cannot be used in combination with implicit FTPS.
 
-Properties:
+    Properties:
 
--   Config: location
--   Env Var: RCLONE_GCS_LOCATION
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Empty for default location (US)
-    -   "asia"
-        -   Multi-regional location for Asia
-    -   "eu"
-        -   Multi-regional location for Europe
-    -   "us"
-        -   Multi-regional location for United States
-    -   "asia-east1"
-        -   Taiwan
-    -   "asia-east2"
-        -   Hong Kong
-    -   "asia-northeast1"
-        -   Tokyo
-    -   "asia-northeast2"
-        -   Osaka
-    -   "asia-northeast3"
-        -   Seoul
-    -   "asia-south1"
-        -   Mumbai
-    -   "asia-south2"
-        -   Delhi
-    -   "asia-southeast1"
-        -   Singapore
-    -   "asia-southeast2"
-        -   Jakarta
-    -   "australia-southeast1"
-        -   Sydney
-    -   "australia-southeast2"
-        -   Melbourne
-    -   "europe-north1"
-        -   Finland
-    -   "europe-west1"
-        -   Belgium
-    -   "europe-west2"
-        -   London
-    -   "europe-west3"
-        -   Frankfurt
-    -   "europe-west4"
-        -   Netherlands
-    -   "europe-west6"
-        -   Zürich
-    -   "europe-central2"
-        -   Warsaw
-    -   "us-central1"
-        -   Iowa
-    -   "us-east1"
-        -   South Carolina
-    -   "us-east4"
-        -   Northern Virginia
-    -   "us-west1"
-        -   Oregon
-    -   "us-west2"
-        -   California
-    -   "us-west3"
-        -   Salt Lake City
-    -   "us-west4"
-        -   Las Vegas
-    -   "northamerica-northeast1"
-        -   Montréal
-    -   "northamerica-northeast2"
-        -   Toronto
-    -   "southamerica-east1"
-        -   São Paulo
-    -   "southamerica-west1"
-        -   Santiago
-    -   "asia1"
-        -   Dual region: asia-northeast1 and asia-northeast2.
-    -   "eur4"
-        -   Dual region: europe-north1 and europe-west4.
-    -   "nam4"
-        -   Dual region: us-central1 and us-east1.
-
---gcs-storage-class
-
-The storage class to use when storing objects in Google Cloud Storage.
+    - Config:      explicit_tls
+    - Env Var:     RCLONE_FTP_EXPLICIT_TLS
+    - Type:        bool
+    - Default:     false
 
-Properties:
+    ### Advanced options
 
--   Config: storage_class
--   Env Var: RCLONE_GCS_STORAGE_CLASS
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Default
-    -   "MULTI_REGIONAL"
-        -   Multi-regional storage class
-    -   "REGIONAL"
-        -   Regional storage class
-    -   "NEARLINE"
-        -   Nearline storage class
-    -   "COLDLINE"
-        -   Coldline storage class
-    -   "ARCHIVE"
-        -   Archive storage class
-    -   "DURABLE_REDUCED_AVAILABILITY"
-        -   Durable reduced availability storage class
-
---gcs-env-auth
-
-Get GCP IAM credentials from runtime (environment variables or instance
-meta data if no env vars).
-
-Only applies if service_account_file and service_account_credentials is
-blank.
+    Here are the Advanced options specific to ftp (FTP).
 
-Properties:
+    #### --ftp-concurrency
 
--   Config: env_auth
--   Env Var: RCLONE_GCS_ENV_AUTH
--   Type: bool
--   Default: false
--   Examples:
-    -   "false"
-        -   Enter credentials in the next step.
-    -   "true"
-        -   Get GCP IAM credentials from the environment (env vars or
-            IAM).
+    Maximum number of FTP simultaneous connections, 0 for unlimited.
 
-Advanced options
+    Note that setting this is very likely to cause deadlocks so it should
+    be used with care.
 
-Here are the Advanced options specific to google cloud storage (Google
-Cloud Storage (this is not Google Drive)).
+    If you are doing a sync or copy then make sure concurrency is one more
+    than the sum of `--transfers` and `--checkers`.
 
---gcs-token
+    If you use `--check-first` then it just needs to be one more than the
+    maximum of `--checkers` and `--transfers`.
 
-OAuth Access Token as a JSON blob.
+    So for `concurrency 3` you'd use `--checkers 2 --transfers 2
+    --check-first` or `--checkers 1 --transfers 1`.
 
-Properties:
 
--   Config: token
--   Env Var: RCLONE_GCS_TOKEN
--   Type: string
--   Required: false
 
---gcs-auth-url
+    Properties:
 
-Auth server URL.
+    - Config:      concurrency
+    - Env Var:     RCLONE_FTP_CONCURRENCY
+    - Type:        int
+    - Default:     0
 
-Leave blank to use the provider defaults.
+    #### --ftp-no-check-certificate
 
-Properties:
+    Do not verify the TLS certificate of the server.
 
--   Config: auth_url
--   Env Var: RCLONE_GCS_AUTH_URL
--   Type: string
--   Required: false
+    Properties:
 
---gcs-token-url
+    - Config:      no_check_certificate
+    - Env Var:     RCLONE_FTP_NO_CHECK_CERTIFICATE
+    - Type:        bool
+    - Default:     false
 
-Token server url.
+    #### --ftp-disable-epsv
 
-Leave blank to use the provider defaults.
+    Disable using EPSV even if server advertises support.
 
-Properties:
+    Properties:
 
--   Config: token_url
--   Env Var: RCLONE_GCS_TOKEN_URL
--   Type: string
--   Required: false
+    - Config:      disable_epsv
+    - Env Var:     RCLONE_FTP_DISABLE_EPSV
+    - Type:        bool
+    - Default:     false
 
---gcs-no-check-bucket
+    #### --ftp-disable-mlsd
 
-If set, don't attempt to check the bucket exists or create it.
+    Disable using MLSD even if server advertises support.
 
-This can be useful when trying to minimise the number of transactions
-rclone does if you know the bucket exists already.
+    Properties:
 
-Properties:
+    - Config:      disable_mlsd
+    - Env Var:     RCLONE_FTP_DISABLE_MLSD
+    - Type:        bool
+    - Default:     false
 
--   Config: no_check_bucket
--   Env Var: RCLONE_GCS_NO_CHECK_BUCKET
--   Type: bool
--   Default: false
+    #### --ftp-disable-utf8
 
---gcs-decompress
+    Disable using UTF-8 even if server advertises support.
 
-If set this will decompress gzip encoded objects.
+    Properties:
 
-It is possible to upload objects to GCS with "Content-Encoding: gzip"
-set. Normally rclone will download these files as compressed objects.
+    - Config:      disable_utf8
+    - Env Var:     RCLONE_FTP_DISABLE_UTF8
+    - Type:        bool
+    - Default:     false
 
-If this flag is set then rclone will decompress these files with
-"Content-Encoding: gzip" as they are received. This means that rclone
-can't check the size and hash but the file contents will be
-decompressed.
+    #### --ftp-writing-mdtm
 
-Properties:
+    Use MDTM to set modification time (VsFtpd quirk)
 
--   Config: decompress
--   Env Var: RCLONE_GCS_DECOMPRESS
--   Type: bool
--   Default: false
+    Properties:
 
---gcs-endpoint
+    - Config:      writing_mdtm
+    - Env Var:     RCLONE_FTP_WRITING_MDTM
+    - Type:        bool
+    - Default:     false
 
-Endpoint for the service.
+    #### --ftp-force-list-hidden
 
-Leave blank normally.
+    Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD.
 
-Properties:
+    Properties:
 
--   Config: endpoint
--   Env Var: RCLONE_GCS_ENDPOINT
--   Type: string
--   Required: false
+    - Config:      force_list_hidden
+    - Env Var:     RCLONE_FTP_FORCE_LIST_HIDDEN
+    - Type:        bool
+    - Default:     false
 
---gcs-encoding
+    #### --ftp-idle-timeout
 
-The encoding for the backend.
+    Max time before closing idle connections.
 
-See the encoding section in the overview for more info.
+    If no connections have been returned to the connection pool in the time
+    given, rclone will empty the connection pool.
 
-Properties:
+    Set to 0 to keep connections indefinitely.
 
--   Config: encoding
--   Env Var: RCLONE_GCS_ENCODING
--   Type: MultiEncoder
--   Default: Slash,CrLf,InvalidUtf8,Dot
 
-Limitations
+    Properties:
 
-rclone about is not supported by the Google Cloud Storage backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy mfs (most free space) as a member of an
-rclone union remote.
+    - Config:      idle_timeout
+    - Env Var:     RCLONE_FTP_IDLE_TIMEOUT
+    - Type:        Duration
+    - Default:     1m0s
 
-See List of backends that do not support rclone about and rclone about
+    #### --ftp-close-timeout
 
-Google Drive
+    Maximum time to wait for a response to close.
 
-Paths are specified as drive:path
+    Properties:
 
-Drive paths may be as deep as required, e.g.
-drive:directory/subdirectory.
+    - Config:      close_timeout
+    - Env Var:     RCLONE_FTP_CLOSE_TIMEOUT
+    - Type:        Duration
+    - Default:     1m0s
 
-Configuration
+    #### --ftp-tls-cache-size
 
-The initial setup for drive involves getting a token from Google drive
-which you need to do in your browser. rclone config walks you through
-it.
+    Size of TLS session cache for all control and data connections.
 
-Here is an example of how to make a remote called remote. First run:
+    TLS cache allows to resume TLS sessions and reuse PSK between connections.
+    Increase if default size is not enough resulting in TLS resumption errors.
+    Enabled by default. Use 0 to disable.
 
-     rclone config
+    Properties:
 
-This will guide you through an interactive setup process:
+    - Config:      tls_cache_size
+    - Env Var:     RCLONE_FTP_TLS_CACHE_SIZE
+    - Type:        int
+    - Default:     32
 
-    No remotes found, make a new one?
-    n) New remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    n/r/c/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Google Drive
-       \ "drive"
-    [snip]
-    Storage> drive
-    Google Application Client Id - leave blank normally.
-    client_id>
-    Google Application Client Secret - leave blank normally.
-    client_secret>
-    Scope that rclone should use when requesting access from drive.
-    Choose a number from below, or type in your own value
-     1 / Full access all files, excluding Application Data Folder.
-       \ "drive"
-     2 / Read-only access to file metadata and file contents.
-       \ "drive.readonly"
-       / Access to files created by rclone only.
-     3 | These are visible in the drive website.
-       | File authorization is revoked when the user deauthorizes the app.
-       \ "drive.file"
-       / Allows read and write access to the Application Data folder.
-     4 | This is not visible in the drive website.
-       \ "drive.appfolder"
-       / Allows read-only access to file metadata but
-     5 | does not allow any access to read or download file content.
-       \ "drive.metadata.readonly"
-    scope> 1
-    Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-    service_account_file>
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    Configure this as a Shared Drive (Team Drive)?
-    y) Yes
-    n) No
-    y/n> n
-    --------------------
-    [remote]
-    client_id = 
-    client_secret = 
-    scope = drive
-    root_folder_id = 
-    service_account_file =
-    token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2014-03-16T13:57:58.955387075Z"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    #### --ftp-disable-tls13
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+    Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically
-authenticate. This only runs from the moment it opens your browser to
-the moment you get back the verification code. This is on
-http://127.0.0.1:53682/ and it may require you to unblock it temporarily
-if you are running a host firewall, or use manual mode.
+    Properties:
 
-You can then use it like this,
+    - Config:      disable_tls13
+    - Env Var:     RCLONE_FTP_DISABLE_TLS13
+    - Type:        bool
+    - Default:     false
 
-List directories in top level of your drive
+    #### --ftp-shut-timeout
 
-    rclone lsd remote:
+    Maximum time to wait for data connection closing status.
 
-List all the files in your drive
+    Properties:
 
-    rclone ls remote:
+    - Config:      shut_timeout
+    - Env Var:     RCLONE_FTP_SHUT_TIMEOUT
+    - Type:        Duration
+    - Default:     1m0s
 
-To copy a local directory to a drive directory called backup
+    #### --ftp-ask-password
 
-    rclone copy /home/source remote:backup
+    Allow asking for FTP password when needed.
 
-Scopes
+    If this is set and no password is supplied then rclone will ask for a password
 
-Rclone allows you to select which scope you would like for rclone to
-use. This changes what type of token is granted to rclone. The scopes
-are defined here.
 
-The scope are
+    Properties:
 
-drive
+    - Config:      ask_password
+    - Env Var:     RCLONE_FTP_ASK_PASSWORD
+    - Type:        bool
+    - Default:     false
 
-This is the default scope and allows full access to all files, except
-for the Application Data Folder (see below).
+    #### --ftp-socks-proxy
 
-Choose this one if you aren't sure.
+    Socks 5 proxy host.
+            
+            Supports the format user:pass@host:port, user@host:port, host:port.
+            
+            Example:
+            
+                myUser:myPass@localhost:9005
+            
 
-drive.readonly
+    Properties:
 
-This allows read only access to all files. Files may be listed and
-downloaded but not uploaded, renamed or deleted.
+    - Config:      socks_proxy
+    - Env Var:     RCLONE_FTP_SOCKS_PROXY
+    - Type:        string
+    - Required:    false
 
-drive.file
+    #### --ftp-encoding
 
-With this scope rclone can read/view/modify only those files and folders
-it creates.
+    The encoding for the backend.
 
-So if you uploaded files to drive via the web interface (or any other
-means) they will not be visible to rclone.
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-This can be useful if you are using rclone to backup data and you want
-to be sure confidential data on your drive is not visible to rclone.
+    Properties:
 
-Files created with this scope are visible in the web interface.
+    - Config:      encoding
+    - Env Var:     RCLONE_FTP_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,Del,Ctl,RightSpace,Dot
+    - Examples:
+        - "Asterisk,Ctl,Dot,Slash"
+            - ProFTPd can't handle '*' in file names
+        - "BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket"
+            - PureFTPd can't handle '[]' or '*' in file names
+        - "Ctl,LeftPeriod,Slash"
+            - VsFTPd can't handle file names starting with dot
+
+
+
+    ## Limitations
+
+    FTP servers acting as rclone remotes must support `passive` mode.
+    The mode cannot be configured as `passive` is the only supported one.
+    Rclone's FTP implementation is not compatible with `active` mode
+    as [the library it uses doesn't support it](https://github.com/jlaffaye/ftp/issues/29).
+    This will likely never be supported due to security concerns.
+
+    Rclone's FTP backend does not support any checksums but can compare
+    file sizes.
+
+    `rclone about` is not supported by the FTP backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
+
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+    The implementation of : `--dump headers`,
+    `--dump bodies`, `--dump auth` for debugging isn't the same as
+    for rclone HTTP based backends - it has less fine grained control.
+
+    `--timeout` isn't supported (but `--contimeout` is).
+
+    `--bind` isn't supported.
+
+    Rclone's FTP backend could support server-side move but does not
+    at present.
+
+    The `ftp_proxy` environment variable is not currently supported.
+
+    ### Modification times
+
+    File modification time (timestamps) is supported to 1 second resolution
+    for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP server.
+    The `VsFTPd` server has non-standard implementation of time related protocol
+    commands and needs a special configuration setting: `writing_mdtm = true`.
+
+    Support for precise file time with other FTP servers varies depending on what
+    protocol extensions they advertise. If all the `MLSD`, `MDTM` and `MFTM`
+    extensions are present, rclone will use them together to provide precise time.
+    Otherwise the times you see on the FTP server through rclone are those of the
+    last file upload.
+
+    You can use the following command to check whether rclone can use precise time
+    with your FTP server: `rclone backend features your_ftp_remote:` (the trailing
+    colon is important). Look for the number in the line tagged by `Precision`
+    designating the remote time precision expressed as nanoseconds. A value of
+    `1000000000` means that file time precision of 1 second is available.
+    A value of `3153600000000000000` (or another large number) means "unsupported".
+
+    #  Google Cloud Storage
+
+    Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+    command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
+
+    ## Configuration
+
+    The initial setup for google cloud storage involves getting a token from Google Cloud Storage
+    which you need to do in your browser.  `rclone config` walks you
+    through it.
+
+    Here is an example of how to make a remote called `remote`.  First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+n)  New remote
+o)  Delete remote
+p)  Quit config e/n/d/q> n name> remote Type of storage to configure.
+    Choose a number from below, or type in your own value [snip] XX /
+    Google Cloud Storage (this is not Google Drive)  "google cloud
+    storage" [snip] Storage> google cloud storage Google Application
+    Client Id - leave blank normally. client_id> Google Application
+    Client Secret - leave blank normally. client_secret> Project number
+    optional - needed only for list/create/delete buckets - see your
+    developer console. project_number> 12345678 Service Account
+    Credentials JSON file path - needed only if you want use SA instead
+    of interactive login. service_account_file> Access Control List for
+    new objects. Choose a number from below, or type in your own value 1
+    / Object owner gets OWNER access, and all Authenticated Users get
+    READER access.  "authenticatedRead" 2 / Object owner gets OWNER
+    access, and project team owners get OWNER access.
+     "bucketOwnerFullControl" 3 / Object owner gets OWNER access, and
+    project team owners get READER access.  "bucketOwnerRead" 4 / Object
+    owner gets OWNER access [default if left blank].  "private" 5 /
+    Object owner gets OWNER access, and project team members get access
+    according to their roles.  "projectPrivate" 6 / Object owner gets
+    OWNER access, and all Users get READER access.  "publicRead"
+    object_acl> 4 Access Control List for new buckets. Choose a number
+    from below, or type in your own value 1 / Project team owners get
+    OWNER access, and all Authenticated Users get READER access.
+     "authenticatedRead" 2 / Project team owners get OWNER access
+    [default if left blank].  "private" 3 / Project team members get
+    access according to their roles.  "projectPrivate" 4 / Project team
+    owners get OWNER access, and all Users get READER access.
+     "publicRead" 5 / Project team owners get OWNER access, and all
+    Users get WRITER access.  "publicReadWrite" bucket_acl> 2 Location
+    for the newly created buckets. Choose a number from below, or type
+    in your own value 1 / Empty for default location (US).  "" 2 /
+    Multi-regional location for Asia.  "asia" 3 / Multi-regional
+    location for Europe.  "eu" 4 / Multi-regional location for United
+    States.  "us" 5 / Taiwan.  "asia-east1" 6 / Tokyo.
+     "asia-northeast1" 7 / Singapore.  "asia-southeast1" 8 / Sydney.
+     "australia-southeast1" 9 / Belgium.  "europe-west1" 10 / London.
+     "europe-west2" 11 / Iowa.  "us-central1" 12 / South Carolina.
+     "us-east1" 13 / Northern Virginia.  "us-east4" 14 / Oregon.
+     "us-west1" location> 12 The storage class to use when storing
+    objects in Google Cloud Storage. Choose a number from below, or type
+    in your own value 1 / Default  "" 2 / Multi-regional storage class
+     "MULTI_REGIONAL" 3 / Regional storage class  "REGIONAL" 4 /
+    Nearline storage class  "NEARLINE" 5 / Coldline storage class
+     "COLDLINE" 6 / Durable reduced availability storage class
+     "DURABLE_REDUCED_AVAILABILITY" storage_class> 5 Remote config Use
+    web browser to automatically authenticate rclone with remote?
+
+-   Say Y if the machine running rclone has a web browser you can use
+-   Say N if running rclone on a (remote) machine without web browser
+    access If not sure try Y. If Y failed, try N.
+
+y)  Yes
+z)  No y/n> y If your browser doesn't open automatically go to the
+    following link: http://127.0.0.1:53682/auth Log in and authorize
+    rclone for access Waiting for code... Got code --------------------
+    [remote] type = google cloud storage client_id = client_secret =
+    token =
+    {"AccessToken":"xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx","Expiry":"2014-07-17T20:49:14.929208288+01:00","Extra":null}
+    project_number = 12345678 object_acl = private bucket_acl = private
+    --------------------
+a)  Yes this is OK
+b)  Edit this remote
+c)  Delete this remote y/e/d> y
 
-drive.appfolder
 
-This gives rclone its own private area to store files. Rclone will not
-be able to see any other files on your drive and you won't be able to
-see rclone's files from the web interface either.
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
-drive.metadata.readonly
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from Google if using web browser to automatically 
+    authenticate. This only
+    runs from the moment it opens your browser to the moment you get back
+    the verification code.  This is on `http://127.0.0.1:53682/` and this
+    it may require you to unblock it temporarily if you are running a host
+    firewall, or use manual mode.
 
-This allows read only access to file names only. It does not allow
-rclone to download or upload data, or rename or delete files or
-directories.
+    This remote is called `remote` and can now be used like this
 
-Root folder ID
-
-This option has been moved to the advanced section. You can set the
-root_folder_id for rclone. This is the directory (identified by its
-Folder ID) that rclone considers to be the root of your drive.
-
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
-
-However you can set this to restrict rclone to a specific folder
-hierarchy or to access data within the "Computers" tab on the drive web
-interface (where files from Google's Backup and Sync desktop program
-go).
-
-In order to do this you will have to find the Folder ID of the directory
-you wish rclone to display. This will be the last segment of the URL
-when you open the relevant folder in the drive web interface.
-
-So if the folder you want rclone to use has a URL which looks like
-https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh
-in the browser, then you use 1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh as the
-root_folder_id in the config.
-
-NB folders under the "Computers" tab seem to be read only (drive gives a
-500 error) when using rclone.
-
-There doesn't appear to be an API to discover the folder IDs of the
-"Computers" tab - please contact us if you know otherwise!
-
-Note also that rclone can't access any data under the "Backups" tab on
-the google drive web interface yet.
-
-Service Account support
-
-You can set up rclone with Google Drive in an unattended mode, i.e. not
-tied to a specific end-user Google account. This is useful when you want
-to synchronise files onto machines that don't have actively logged-in
-users, for example build machines.
-
-To use a Service Account instead of OAuth2 token flow, enter the path to
-your Service Account credentials at the service_account_file prompt
-during rclone config and rclone won't use the browser based
-authentication flow. If you'd rather stuff the contents of the
-credentials file into the rclone config file, you can set
-service_account_credentials with the actual contents of the file
-instead, or set the equivalent environment variable.
-
-Use case - Google Apps/G-suite account and individual Drive
-
-Let's say that you are the administrator of a Google Apps (old) or
-G-suite account. The goal is to store data on an individual's Drive
-account, who IS a member of the domain. We'll call the domain
-example.com, and the user foo@example.com.
-
-There's a few steps we need to go through to accomplish this:
-
-1. Create a service account for example.com
-
--   To create a service account and obtain its credentials, go to the
-    Google Developer Console.
--   You must have a project - create one if you don't.
--   Then go to "IAM & admin" -> "Service Accounts".
--   Use the "Create Credentials" button. Fill in "Service account name"
-    with something that identifies your client. "Role" can be empty.
--   Tick "Furnish a new private key" - select "Key type JSON".
--   Tick "Enable G Suite Domain-wide Delegation". This option makes
-    "impersonation" possible, as documented here: Delegating domain-wide
-    authority to the service account
--   These credentials are what rclone will use for authentication. If
-    you ever need to remove access, press the "Delete service account
-    key" button.
-
-2. Allowing API access to example.com Google Drive
-
--   Go to example.com's admin console
--   Go into "Security" (or use the search bar)
--   Select "Show more" and then "Advanced settings"
--   Select "Manage API client access" in the "Authentication" section
--   In the "Client Name" field enter the service account's "Client ID" -
-    this can be found in the Developer Console under "IAM & Admin" ->
-    "Service Accounts", then "View Client ID" for the newly created
-    service account. It is a ~21 character numerical string.
--   In the next field, "One or More API Scopes", enter
-    https://www.googleapis.com/auth/drive to grant access to Google
-    Drive specifically.
-
-3. Configure rclone, assuming a new install
+    See all the buckets in your project
 
-    rclone config
+        rclone lsd remote:
 
-    n/s/q> n         # New
-    name>gdrive      # Gdrive is an example name
-    Storage>         # Select the number shown for Google Drive
-    client_id>       # Can be left blank
-    client_secret>   # Can be left blank
-    scope>           # Select your scope, 1 for example
-    root_folder_id>  # Can be left blank
-    service_account_file> /home/foo/myJSONfile.json # This is where the JSON file goes!
-    y/n>             # Auto config, n
-
-4. Verify that it's working
-
--   rclone -v --drive-impersonate foo@example.com lsf gdrive:backup
--   The arguments do:
-    -   -v - verbose logging
-    -   --drive-impersonate foo@example.com - this is what does the
-        magic, pretending to be user foo.
-    -   lsf - list files in a parsing friendly way
-    -   gdrive:backup - use the remote called gdrive, work in the folder
-        named backup.
-
-Note: in case you configured a specific root folder on gdrive and rclone
-is unable to access the contents of that folder when using
---drive-impersonate, do this instead: - in the gdrive web interface,
-share your root folder with the user/email of the new Service Account
-you created/selected at step #1 - use rclone without specifying the
---drive-impersonate option, like this: rclone -v lsf gdrive:backup
-
-Shared drives (team drives)
-
-If you want to configure the remote to point to a Google Shared Drive
-(previously known as Team Drives) then answer y to the question
-Configure this as a Shared Drive (Team Drive)?.
-
-This will fetch the list of Shared Drives from google and allow you to
-configure which one you want to use. You can also type in a Shared Drive
-ID if you prefer.
+    Make a new bucket
 
-For example:
+        rclone mkdir remote:bucket
 
-    Configure this as a Shared Drive (Team Drive)?
-    y) Yes
-    n) No
-    y/n> y
-    Fetching Shared Drive list...
-    Choose a number from below, or type in your own value
-     1 / Rclone Test
-       \ "xxxxxxxxxxxxxxxxxxxx"
-     2 / Rclone Test 2
-       \ "yyyyyyyyyyyyyyyyyyyy"
-     3 / Rclone Test 3
-       \ "zzzzzzzzzzzzzzzzzzzz"
-    Enter a Shared Drive ID> 1
-    --------------------
-    [remote]
-    client_id =
-    client_secret =
-    token = {"AccessToken":"xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx","Expiry":"2014-03-16T13:57:58.955387075Z","Extra":null}
-    team_drive = xxxxxxxxxxxxxxxxxxxx
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    List the contents of a bucket
 
---fast-list
+        rclone ls remote:bucket
 
-This remote supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details.
+    Sync `/home/local/directory` to the remote bucket, deleting any excess
+    files in the bucket.
 
-It does this by combining multiple list calls into a single API request.
+        rclone sync --interactive /home/local/directory remote:bucket
 
-This works by combining many '%s' in parents filters into one
-expression. To list the contents of directories a, b and c, the
-following requests will be send by the regular List function:
+    ### Service Account support
 
-    trashed=false and 'a' in parents
-    trashed=false and 'b' in parents
-    trashed=false and 'c' in parents
+    You can set up rclone with Google Cloud Storage in an unattended mode,
+    i.e. not tied to a specific end-user Google account. This is useful
+    when you want to synchronise files onto machines that don't have
+    actively logged-in users, for example build machines.
 
-These can now be combined into a single request:
+    To get credentials for Google Cloud Platform
+    [IAM Service Accounts](https://cloud.google.com/iam/docs/service-accounts),
+    please head to the
+    [Service Account](https://console.cloud.google.com/permissions/serviceaccounts)
+    section of the Google Developer Console. Service Accounts behave just
+    like normal `User` permissions in
+    [Google Cloud Storage ACLs](https://cloud.google.com/storage/docs/access-control),
+    so you can limit their access (e.g. make them read only). After
+    creating an account, a JSON file containing the Service Account's
+    credentials will be downloaded onto your machines. These credentials
+    are what rclone will use for authentication.
 
-    trashed=false and ('a' in parents or 'b' in parents or 'c' in parents)
+    To use a Service Account instead of OAuth2 token flow, enter the path
+    to your Service Account credentials at the `service_account_file`
+    prompt and rclone won't use the browser based authentication
+    flow. If you'd rather stuff the contents of the credentials file into
+    the rclone config file, you can set `service_account_credentials` with
+    the actual contents of the file instead, or set the equivalent
+    environment variable.
 
-The implementation of ListR will put up to 50 parents filters into one
-request. It will use the --checkers value to specify the number of
-requests to run in parallel.
+    ### Anonymous Access
 
-In tests, these batch requests were up to 20x faster than the regular
-method. Running the following command against different sized folders
-gives:
+    For downloads of objects that permit public access you can configure rclone
+    to use anonymous access by setting `anonymous` to `true`.
+    With unauthorized access you can't write or create files but only read or list
+    those buckets and objects that have public read access.
 
-    rclone lsjson -vv -R --checkers=6 gdrive:folder
+    ### Application Default Credentials
 
-small folder (220 directories, 700 files):
+    If no other source of credentials is provided, rclone will fall back
+    to
+    [Application Default Credentials](https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials)
+    this is useful both when you already have configured authentication
+    for your developer account, or in production when running on a google
+    compute host. Note that if running in docker, you may need to run
+    additional commands on your google compute machine -
+    [see this page](https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper).
 
--   without --fast-list: 38s
--   with --fast-list: 10s
+    Note that in the case application default credentials are used, there
+    is no need to explicitly configure a project number.
 
-large folder (10600 directories, 39000 files):
+    ### --fast-list
 
--   without --fast-list: 22:05 min
--   with --fast-list: 58s
+    This remote supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
 
-Modified time
+    ### Custom upload headers
 
-Google drive stores modification times accurate to 1 ms.
+    You can set custom upload headers with the `--header-upload`
+    flag. Google Cloud Storage supports the headers as described in the
+    [working with metadata documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WorkingWithObjectMetadata)
 
-Restricted filename characters
+    - Cache-Control
+    - Content-Disposition
+    - Content-Encoding
+    - Content-Language
+    - Content-Type
+    - X-Goog-Storage-Class
+    - X-Goog-Meta-
 
-Only Invalid UTF-8 bytes will be replaced, as they can't be used in JSON
-strings.
+    Eg `--header-upload "Content-Type text/potato"`
 
-In contrast to other backends, / can also be used in names and . or ..
-are valid names.
+    Note that the last of these is for setting custom metadata in the form
+    `--header-upload "x-goog-meta-key: value"`
 
-Revisions
+    ### Modification times
 
-Google drive stores revisions of files. When you upload a change to an
-existing file to google drive using rclone it will create a new revision
-of that file.
+    Google Cloud Storage stores md5sum natively.
+    Google's [gsutil](https://cloud.google.com/storage/docs/gsutil) tool stores modification time
+    with one-second precision as `goog-reserved-file-mtime` in file metadata.
 
-Revisions follow the standard google policy which at time of writing was
+    To ensure compatibility with gsutil, rclone stores modification time in 2 separate metadata entries.
+    `mtime` uses RFC3339 format with one-nanosecond precision.
+    `goog-reserved-file-mtime` uses Unix timestamp format with one-second precision.
+    To get modification time from object metadata, rclone reads the metadata in the following order: `mtime`, `goog-reserved-file-mtime`, object updated time.
 
--   They are deleted after 30 days or 100 revisions (whatever comes
-    first).
--   They do not count towards a user storage quota.
+    Note that rclone's default modify window is 1ns.
+    Files uploaded by gsutil only contain timestamps with one-second precision.
+    If you use rclone to sync files previously uploaded by gsutil,
+    rclone will attempt to update modification time for all these files.
+    To avoid these possibly unnecessary updates, use `--modify-window 1s`.
 
-Deleting files
+    ### Restricted filename characters
 
-By default rclone will send all files to the trash when deleting files.
-If deleting them permanently is required then use the
---drive-use-trash=false flag, or set the equivalent environment
-variable.
-
-Shortcuts
-
-In March 2020 Google introduced a new feature in Google Drive called
-drive shortcuts (API). These will (by September 2020) replace the
-ability for files or folders to be in multiple folders at once.
-
-Shortcuts are files that link to other files on Google Drive somewhat
-like a symlink in unix, except they point to the underlying file data
-(e.g. the inode in unix terms) so they don't break if the source is
-renamed or moved about.
-
-Be default rclone treats these as follows.
-
-For shortcuts pointing to files:
-
--   When listing a file shortcut appears as the destination file.
--   When downloading the contents of the destination file is downloaded.
--   When updating shortcut file with a non shortcut file, the shortcut
-    is removed then a new file is uploaded in place of the shortcut.
--   When server-side moving (renaming) the shortcut is renamed, not the
-    destination file.
--   When server-side copying the shortcut is copied, not the contents of
-    the shortcut. (unless --drive-copy-shortcut-content is in use in
-    which case the contents of the shortcut gets copied).
--   When deleting the shortcut is deleted not the linked file.
--   When setting the modification time, the modification time of the
-    linked file will be set.
-
-For shortcuts pointing to folders:
-
--   When listing the shortcut appears as a folder and that folder will
-    contain the contents of the linked folder appear (including any sub
-    folders)
--   When downloading the contents of the linked folder and sub contents
-    are downloaded
--   When uploading to a shortcut folder the file will be placed in the
-    linked folder
--   When server-side moving (renaming) the shortcut is renamed, not the
-    destination folder
--   When server-side copying the contents of the linked folder is
-    copied, not the shortcut.
--   When deleting with rclone rmdir or rclone purge the shortcut is
-    deleted not the linked folder.
--   NB When deleting with rclone remove or rclone mount the contents of
-    the linked folder will be deleted.
-
-The rclone backend command can be used to create shortcuts.
-
-Shortcuts can be completely ignored with the --drive-skip-shortcuts flag
-or the corresponding skip_shortcuts configuration setting.
-
-Emptying trash
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | NUL       | 0x00  | ␀           |
+    | LF        | 0x0A  | ␊           |
+    | CR        | 0x0D  | ␍           |
+    | /         | 0x2F  | ／          |
 
-If you wish to empty your trash you can use the rclone cleanup remote:
-command which will permanently delete all your trashed files. This
-command does not take any path arguments.
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-Note that Google Drive takes some time (minutes to days) to empty the
-trash even though the command returns within a few seconds. No output is
-echoed, so there will be no confirmation even using -v or -vv.
 
-Quota information
+    ### Standard options
 
-To view your current quota you can use the rclone about remote: command
-which will display your usage limit (quota), the usage in Google Drive,
-the size of all files in the Trash and the space used by other Google
-services such as Gmail. This command does not take any path arguments.
+    Here are the Standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
 
-Import/Export of google documents
+    #### --gcs-client-id
 
-Google documents can be exported from and uploaded to Google Drive.
+    OAuth Client Id.
 
-When rclone downloads a Google doc it chooses a format to download
-depending upon the --drive-export-formats setting. By default the export
-formats are docx,xlsx,pptx,svg which are a sensible default for an
-editable document.
+    Leave blank normally.
 
-When choosing a format, rclone runs down the list provided in order and
-chooses the first file format the doc can be exported as from the list.
-If the file can't be exported to a format on the formats list, then
-rclone will choose a format from the default list.
+    Properties:
 
-If you prefer an archive copy then you might use
---drive-export-formats pdf, or if you prefer openoffice/libreoffice
-formats you might use --drive-export-formats ods,odt,odp.
+    - Config:      client_id
+    - Env Var:     RCLONE_GCS_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-Note that rclone adds the extension to the google doc, so if it is
-called My Spreadsheet on google docs, it will be exported as
-My Spreadsheet.xlsx or My Spreadsheet.pdf etc.
+    #### --gcs-client-secret
 
-When importing files into Google Drive, rclone will convert all files
-with an extension in --drive-import-formats to their associated document
-type. rclone will not convert any files by default, since the conversion
-is lossy process.
+    OAuth Client Secret.
 
-The conversion must result in a file with the same extension when the
---drive-export-formats rules are applied to the uploaded document.
+    Leave blank normally.
 
-Here are some examples for allowed and prohibited conversions.
+    Properties:
 
-  export-formats   import-formats   Upload Ext   Document Ext   Allowed
-  ---------------- ---------------- ------------ -------------- ---------
-  odt              odt              odt          odt            Yes
-  odt              docx,odt         odt          odt            Yes
-                   docx             docx         docx           Yes
-                   odt              odt          docx           No
-  odt,docx         docx,odt         docx         odt            No
-  docx,odt         docx,odt         docx         docx           Yes
-  docx,odt         docx,odt         odt          docx           No
+    - Config:      client_secret
+    - Env Var:     RCLONE_GCS_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-This limitation can be disabled by specifying
---drive-allow-import-name-change. When using this flag, rclone can
-convert multiple files types resulting in the same document type at
-once, e.g. with --drive-import-formats docx,odt,txt, all files having
-these extension would result in a document represented as a docx file.
-This brings the additional risk of overwriting a document, if multiple
-files have the same stem. Many rclone operations will not handle this
-name change in any way. They assume an equal name when copying files and
-might copy the file again or delete them when the name changes.
+    #### --gcs-project-number
 
-Here are the possible export extensions with their corresponding mime
-types. Most of these can also be used for importing, but there more that
-are not listed here. Some of these additional ones might only be
-available when the operating system provides the correct MIME type
-entries.
+    Project number.
 
-This list can be changed by Google Drive at any time and might not
-represent the currently available conversions.
+    Optional - needed only for list/create/delete buckets - see your developer console.
 
-  --------------------------------------------------------------------------------------------------------------------------
-  Extension           Mime Type                                                                   Description
-  ------------------- --------------------------------------------------------------------------- --------------------------
-  bmp                 image/bmp                                                                   Windows Bitmap format
+    Properties:
 
-  csv                 text/csv                                                                    Standard CSV format for
-                                                                                                  Spreadsheets
+    - Config:      project_number
+    - Env Var:     RCLONE_GCS_PROJECT_NUMBER
+    - Type:        string
+    - Required:    false
 
-  doc                 application/msword                                                          Classic Word file
+    #### --gcs-user-project
 
-  docx                application/vnd.openxmlformats-officedocument.wordprocessingml.document     Microsoft Office Document
+    User project.
 
-  epub                application/epub+zip                                                        E-book format
+    Optional - needed only for requester pays.
 
-  html                text/html                                                                   An HTML Document
+    Properties:
 
-  jpg                 image/jpeg                                                                  A JPEG Image File
+    - Config:      user_project
+    - Env Var:     RCLONE_GCS_USER_PROJECT
+    - Type:        string
+    - Required:    false
 
-  json                application/vnd.google-apps.script+json                                     JSON Text Format for
-                                                                                                  Google Apps scripts
+    #### --gcs-service-account-file
 
-  odp                 application/vnd.oasis.opendocument.presentation                             Openoffice Presentation
+    Service Account Credentials JSON file path.
 
-  ods                 application/vnd.oasis.opendocument.spreadsheet                              Openoffice Spreadsheet
+    Leave blank normally.
+    Needed only if you want use SA instead of interactive login.
 
-  ods                 application/x-vnd.oasis.opendocument.spreadsheet                            Openoffice Spreadsheet
+    Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
 
-  odt                 application/vnd.oasis.opendocument.text                                     Openoffice Document
+    Properties:
 
-  pdf                 application/pdf                                                             Adobe PDF Format
+    - Config:      service_account_file
+    - Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_FILE
+    - Type:        string
+    - Required:    false
 
-  pjpeg               image/pjpeg                                                                 Progressive JPEG Image
+    #### --gcs-service-account-credentials
 
-  png                 image/png                                                                   PNG Image Format
+    Service Account Credentials JSON blob.
 
-  pptx                application/vnd.openxmlformats-officedocument.presentationml.presentation   Microsoft Office
-                                                                                                  Powerpoint
+    Leave blank normally.
+    Needed only if you want use SA instead of interactive login.
 
-  rtf                 application/rtf                                                             Rich Text Format
+    Properties:
 
-  svg                 image/svg+xml                                                               Scalable Vector Graphics
-                                                                                                  Format
+    - Config:      service_account_credentials
+    - Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
+    - Type:        string
+    - Required:    false
 
-  tsv                 text/tab-separated-values                                                   Standard TSV format for
-                                                                                                  spreadsheets
+    #### --gcs-anonymous
 
-  txt                 text/plain                                                                  Plain Text
+    Access public buckets and objects without credentials.
 
-  wmf                 application/x-msmetafile                                                    Windows Meta File
+    Set to 'true' if you just want to download files and don't configure credentials.
 
-  xls                 application/vnd.ms-excel                                                    Classic Excel file
+    Properties:
 
-  xlsx                application/vnd.openxmlformats-officedocument.spreadsheetml.sheet           Microsoft Office
-                                                                                                  Spreadsheet
+    - Config:      anonymous
+    - Env Var:     RCLONE_GCS_ANONYMOUS
+    - Type:        bool
+    - Default:     false
 
-  zip                 application/zip                                                             A ZIP file of HTML, Images
-                                                                                                  CSS
-  --------------------------------------------------------------------------------------------------------------------------
+    #### --gcs-object-acl
 
-Google documents can also be exported as link files. These files will
-open a browser window for the Google Docs website of that document when
-opened. The link file extension has to be specified as a
---drive-export-formats parameter. They will match all available Google
-Documents.
+    Access Control List for new objects.
 
-  Extension   Description                               OS Support
-  ----------- ----------------------------------------- ----------------
-  desktop     freedesktop.org specified desktop entry   Linux
-  link.html   An HTML Document with a redirect          All
-  url         INI style link file                       macOS, Windows
-  webloc      macOS specific XML format                 macOS
+    Properties:
+
+    - Config:      object_acl
+    - Env Var:     RCLONE_GCS_OBJECT_ACL
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "authenticatedRead"
+            - Object owner gets OWNER access.
+            - All Authenticated Users get READER access.
+        - "bucketOwnerFullControl"
+            - Object owner gets OWNER access.
+            - Project team owners get OWNER access.
+        - "bucketOwnerRead"
+            - Object owner gets OWNER access.
+            - Project team owners get READER access.
+        - "private"
+            - Object owner gets OWNER access.
+            - Default if left blank.
+        - "projectPrivate"
+            - Object owner gets OWNER access.
+            - Project team members get access according to their roles.
+        - "publicRead"
+            - Object owner gets OWNER access.
+            - All Users get READER access.
+
+    #### --gcs-bucket-acl
 
-Standard options
+    Access Control List for new buckets.
 
-Here are the Standard options specific to drive (Google Drive).
+    Properties:
 
---drive-client-id
+    - Config:      bucket_acl
+    - Env Var:     RCLONE_GCS_BUCKET_ACL
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "authenticatedRead"
+            - Project team owners get OWNER access.
+            - All Authenticated Users get READER access.
+        - "private"
+            - Project team owners get OWNER access.
+            - Default if left blank.
+        - "projectPrivate"
+            - Project team members get access according to their roles.
+        - "publicRead"
+            - Project team owners get OWNER access.
+            - All Users get READER access.
+        - "publicReadWrite"
+            - Project team owners get OWNER access.
+            - All Users get WRITER access.
 
-Google Application Client Id Setting your own is recommended. See
-https://rclone.org/drive/#making-your-own-client-id for how to create
-your own. If you leave this blank, it will use an internal key which is
-low performance.
+    #### --gcs-bucket-policy-only
 
-Properties:
+    Access checks should use bucket-level IAM policies.
 
--   Config: client_id
--   Env Var: RCLONE_DRIVE_CLIENT_ID
--   Type: string
--   Required: false
+    If you want to upload objects to a bucket with Bucket Policy Only set
+    then you will need to set this.
 
---drive-client-secret
+    When it is set, rclone:
 
-OAuth Client Secret.
+    - ignores ACLs set on buckets
+    - ignores ACLs set on objects
+    - creates buckets with Bucket Policy Only set
 
-Leave blank normally.
+    Docs: https://cloud.google.com/storage/docs/bucket-policy-only
 
-Properties:
 
--   Config: client_secret
--   Env Var: RCLONE_DRIVE_CLIENT_SECRET
--   Type: string
--   Required: false
+    Properties:
 
---drive-scope
+    - Config:      bucket_policy_only
+    - Env Var:     RCLONE_GCS_BUCKET_POLICY_ONLY
+    - Type:        bool
+    - Default:     false
 
-Scope that rclone should use when requesting access from drive.
+    #### --gcs-location
 
-Properties:
+    Location for the newly created buckets.
 
--   Config: scope
--   Env Var: RCLONE_DRIVE_SCOPE
--   Type: string
--   Required: false
--   Examples:
-    -   "drive"
-        -   Full access all files, excluding Application Data Folder.
-    -   "drive.readonly"
-        -   Read-only access to file metadata and file contents.
-    -   "drive.file"
-        -   Access to files created by rclone only.
-        -   These are visible in the drive website.
-        -   File authorization is revoked when the user deauthorizes the
-            app.
-    -   "drive.appfolder"
-        -   Allows read and write access to the Application Data folder.
-        -   This is not visible in the drive website.
-    -   "drive.metadata.readonly"
-        -   Allows read-only access to file metadata but
-        -   does not allow any access to read or download file content.
-
---drive-service-account-file
-
-Service Account Credentials JSON file path.
-
-Leave blank normally. Needed only if you want use SA instead of
-interactive login.
+    Properties:
+
+    - Config:      location
+    - Env Var:     RCLONE_GCS_LOCATION
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - Empty for default location (US)
+        - "asia"
+            - Multi-regional location for Asia
+        - "eu"
+            - Multi-regional location for Europe
+        - "us"
+            - Multi-regional location for United States
+        - "asia-east1"
+            - Taiwan
+        - "asia-east2"
+            - Hong Kong
+        - "asia-northeast1"
+            - Tokyo
+        - "asia-northeast2"
+            - Osaka
+        - "asia-northeast3"
+            - Seoul
+        - "asia-south1"
+            - Mumbai
+        - "asia-south2"
+            - Delhi
+        - "asia-southeast1"
+            - Singapore
+        - "asia-southeast2"
+            - Jakarta
+        - "australia-southeast1"
+            - Sydney
+        - "australia-southeast2"
+            - Melbourne
+        - "europe-north1"
+            - Finland
+        - "europe-west1"
+            - Belgium
+        - "europe-west2"
+            - London
+        - "europe-west3"
+            - Frankfurt
+        - "europe-west4"
+            - Netherlands
+        - "europe-west6"
+            - Zürich
+        - "europe-central2"
+            - Warsaw
+        - "us-central1"
+            - Iowa
+        - "us-east1"
+            - South Carolina
+        - "us-east4"
+            - Northern Virginia
+        - "us-west1"
+            - Oregon
+        - "us-west2"
+            - California
+        - "us-west3"
+            - Salt Lake City
+        - "us-west4"
+            - Las Vegas
+        - "northamerica-northeast1"
+            - Montréal
+        - "northamerica-northeast2"
+            - Toronto
+        - "southamerica-east1"
+            - São Paulo
+        - "southamerica-west1"
+            - Santiago
+        - "asia1"
+            - Dual region: asia-northeast1 and asia-northeast2.
+        - "eur4"
+            - Dual region: europe-north1 and europe-west4.
+        - "nam4"
+            - Dual region: us-central1 and us-east1.
+
+    #### --gcs-storage-class
 
-Leading ~ will be expanded in the file name as will environment
-variables such as ${RCLONE_CONFIG_DIR}.
+    The storage class to use when storing objects in Google Cloud Storage.
 
-Properties:
+    Properties:
 
--   Config: service_account_file
--   Env Var: RCLONE_DRIVE_SERVICE_ACCOUNT_FILE
--   Type: string
--   Required: false
+    - Config:      storage_class
+    - Env Var:     RCLONE_GCS_STORAGE_CLASS
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - Default
+        - "MULTI_REGIONAL"
+            - Multi-regional storage class
+        - "REGIONAL"
+            - Regional storage class
+        - "NEARLINE"
+            - Nearline storage class
+        - "COLDLINE"
+            - Coldline storage class
+        - "ARCHIVE"
+            - Archive storage class
+        - "DURABLE_REDUCED_AVAILABILITY"
+            - Durable reduced availability storage class
 
---drive-alternate-export
+    #### --gcs-env-auth
 
-Deprecated: No longer needed.
+    Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars).
 
-Properties:
+    Only applies if service_account_file and service_account_credentials is blank.
 
--   Config: alternate_export
--   Env Var: RCLONE_DRIVE_ALTERNATE_EXPORT
--   Type: bool
--   Default: false
+    Properties:
 
-Advanced options
+    - Config:      env_auth
+    - Env Var:     RCLONE_GCS_ENV_AUTH
+    - Type:        bool
+    - Default:     false
+    - Examples:
+        - "false"
+            - Enter credentials in the next step.
+        - "true"
+            - Get GCP IAM credentials from the environment (env vars or IAM).
 
-Here are the Advanced options specific to drive (Google Drive).
+    ### Advanced options
 
---drive-token
+    Here are the Advanced options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
 
-OAuth Access Token as a JSON blob.
+    #### --gcs-token
 
-Properties:
+    OAuth Access Token as a JSON blob.
 
--   Config: token
--   Env Var: RCLONE_DRIVE_TOKEN
--   Type: string
--   Required: false
+    Properties:
 
---drive-auth-url
+    - Config:      token
+    - Env Var:     RCLONE_GCS_TOKEN
+    - Type:        string
+    - Required:    false
 
-Auth server URL.
+    #### --gcs-auth-url
 
-Leave blank to use the provider defaults.
+    Auth server URL.
 
-Properties:
+    Leave blank to use the provider defaults.
 
--   Config: auth_url
--   Env Var: RCLONE_DRIVE_AUTH_URL
--   Type: string
--   Required: false
+    Properties:
 
---drive-token-url
+    - Config:      auth_url
+    - Env Var:     RCLONE_GCS_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-Token server url.
+    #### --gcs-token-url
 
-Leave blank to use the provider defaults.
+    Token server url.
 
-Properties:
+    Leave blank to use the provider defaults.
 
--   Config: token_url
--   Env Var: RCLONE_DRIVE_TOKEN_URL
--   Type: string
--   Required: false
+    Properties:
 
---drive-root-folder-id
+    - Config:      token_url
+    - Env Var:     RCLONE_GCS_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-ID of the root folder. Leave blank normally.
+    #### --gcs-directory-markers
 
-Fill in to access "Computers" folders (see docs), or for rclone to use a
-non root folder as its starting point.
+    Upload an empty object with a trailing slash when a new directory is created
 
-Properties:
+    Empty folders are unsupported for bucket based remotes, this option creates an empty
+    object ending with "/", to persist the folder.
 
--   Config: root_folder_id
--   Env Var: RCLONE_DRIVE_ROOT_FOLDER_ID
--   Type: string
--   Required: false
 
---drive-service-account-credentials
+    Properties:
 
-Service Account Credentials JSON blob.
+    - Config:      directory_markers
+    - Env Var:     RCLONE_GCS_DIRECTORY_MARKERS
+    - Type:        bool
+    - Default:     false
 
-Leave blank normally. Needed only if you want use SA instead of
-interactive login.
+    #### --gcs-no-check-bucket
 
-Properties:
+    If set, don't attempt to check the bucket exists or create it.
 
--   Config: service_account_credentials
--   Env Var: RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS
--   Type: string
--   Required: false
+    This can be useful when trying to minimise the number of transactions
+    rclone does if you know the bucket exists already.
 
---drive-team-drive
 
-ID of the Shared Drive (Team Drive).
+    Properties:
 
-Properties:
+    - Config:      no_check_bucket
+    - Env Var:     RCLONE_GCS_NO_CHECK_BUCKET
+    - Type:        bool
+    - Default:     false
 
--   Config: team_drive
--   Env Var: RCLONE_DRIVE_TEAM_DRIVE
--   Type: string
--   Required: false
+    #### --gcs-decompress
 
---drive-auth-owner-only
+    If set this will decompress gzip encoded objects.
 
-Only consider files owned by the authenticated user.
+    It is possible to upload objects to GCS with "Content-Encoding: gzip"
+    set. Normally rclone will download these files as compressed objects.
 
-Properties:
+    If this flag is set then rclone will decompress these files with
+    "Content-Encoding: gzip" as they are received. This means that rclone
+    can't check the size and hash but the file contents will be decompressed.
 
--   Config: auth_owner_only
--   Env Var: RCLONE_DRIVE_AUTH_OWNER_ONLY
--   Type: bool
--   Default: false
 
---drive-use-trash
+    Properties:
 
-Send files to the trash instead of deleting permanently.
+    - Config:      decompress
+    - Env Var:     RCLONE_GCS_DECOMPRESS
+    - Type:        bool
+    - Default:     false
 
-Defaults to true, namely sending files to the trash. Use
---drive-use-trash=false to delete files permanently instead.
+    #### --gcs-endpoint
 
-Properties:
+    Endpoint for the service.
 
--   Config: use_trash
--   Env Var: RCLONE_DRIVE_USE_TRASH
--   Type: bool
--   Default: true
+    Leave blank normally.
 
---drive-copy-shortcut-content
+    Properties:
 
-Server side copy contents of shortcuts instead of the shortcut.
+    - Config:      endpoint
+    - Env Var:     RCLONE_GCS_ENDPOINT
+    - Type:        string
+    - Required:    false
 
-When doing server side copies, normally rclone will copy shortcuts as
-shortcuts.
+    #### --gcs-encoding
 
-If this flag is used then rclone will copy the contents of shortcuts
-rather than shortcuts themselves when doing server side copies.
+    The encoding for the backend.
 
-Properties:
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
--   Config: copy_shortcut_content
--   Env Var: RCLONE_DRIVE_COPY_SHORTCUT_CONTENT
--   Type: bool
--   Default: false
+    Properties:
 
---drive-skip-gdocs
+    - Config:      encoding
+    - Env Var:     RCLONE_GCS_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,CrLf,InvalidUtf8,Dot
 
-Skip google documents in all listings.
 
-If given, gdocs practically become invisible to rclone.
 
-Properties:
+    ## Limitations
 
--   Config: skip_gdocs
--   Env Var: RCLONE_DRIVE_SKIP_GDOCS
--   Type: bool
--   Default: false
+    `rclone about` is not supported by the Google Cloud Storage backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
 
---drive-skip-checksum-gphotos
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-Skip MD5 checksum on Google photos and videos only.
+    #  Google Drive
 
-Use this if you get checksum errors when transferring Google photos or
-videos.
+    Paths are specified as `drive:path`
 
-Setting this flag will cause Google photos and videos to return a blank
-MD5 checksum.
+    Drive paths may be as deep as required, e.g. `drive:directory/subdirectory`.
 
-Google photos are identified by being in the "photos" space.
+    ## Configuration
 
-Corrupted checksums are caused by Google modifying the image/video but
-not updating the checksum.
+    The initial setup for drive involves getting a token from Google drive
+    which you need to do in your browser.  `rclone config` walks you
+    through it.
 
-Properties:
+    Here is an example of how to make a remote called `remote`.  First run:
 
--   Config: skip_checksum_gphotos
--   Env Var: RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS
--   Type: bool
--   Default: false
+         rclone config
 
---drive-shared-with-me
+    This will guide you through an interactive setup process:
 
-Only show files that are shared with me.
+No remotes found, make a new one? n) New remote r) Rename remote c) Copy
+remote s) Set configuration password q) Quit config n/r/c/s/q> n name>
+remote Type of storage to configure. Choose a number from below, or type
+in your own value [snip] XX / Google Drive  "drive" [snip] Storage>
+drive Google Application Client Id - leave blank normally. client_id>
+Google Application Client Secret - leave blank normally. client_secret>
+Scope that rclone should use when requesting access from drive. Choose a
+number from below, or type in your own value 1 / Full access all files,
+excluding Application Data Folder.  "drive" 2 / Read-only access to file
+metadata and file contents.  "drive.readonly" / Access to files created
+by rclone only. 3 | These are visible in the drive website. | File
+authorization is revoked when the user deauthorizes the app.
+ "drive.file" / Allows read and write access to the Application Data
+folder. 4 | This is not visible in the drive website.  "drive.appfolder"
+/ Allows read-only access to file metadata but 5 | does not allow any
+access to read or download file content.  "drive.metadata.readonly"
+scope> 1 Service Account Credentials JSON file path - needed only if you
+want use SA instead of interactive login. service_account_file> Remote
+config Use web browser to automatically authenticate rclone with remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N. y) Yes n) No y/n> y If your
+browser doesn't open automatically go to the following link:
+http://127.0.0.1:53682/auth Log in and authorize rclone for access
+Waiting for code... Got code Configure this as a Shared Drive (Team
+Drive)? y) Yes n) No y/n> n -------------------- [remote] client_id =
+client_secret = scope = drive root_folder_id = service_account_file =
+token =
+{"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2014-03-16T13:57:58.955387075Z"}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
-Instructs rclone to operate on your "Shared with me" folder (where
-Google Drive lets you access the files and folders others have shared
-with you).
 
-This works both with the "list" (lsd, lsl, etc.) and the "copy" commands
-(copy, sync, etc.), and with all other commands too.
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
-Properties:
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from Google if using web browser to automatically 
+    authenticate. This only
+    runs from the moment it opens your browser to the moment you get back
+    the verification code.  This is on `http://127.0.0.1:53682/` and it
+    may require you to unblock it temporarily if you are running a host
+    firewall, or use manual mode.
 
--   Config: shared_with_me
--   Env Var: RCLONE_DRIVE_SHARED_WITH_ME
--   Type: bool
--   Default: false
+    You can then use it like this,
 
---drive-trashed-only
+    List directories in top level of your drive
 
-Only show files that are in the trash.
+        rclone lsd remote:
 
-This will show trashed files in their original directory structure.
+    List all the files in your drive
 
-Properties:
+        rclone ls remote:
 
--   Config: trashed_only
--   Env Var: RCLONE_DRIVE_TRASHED_ONLY
--   Type: bool
--   Default: false
+    To copy a local directory to a drive directory called backup
 
---drive-starred-only
+        rclone copy /home/source remote:backup
 
-Only show files that are starred.
+    ### Scopes
 
-Properties:
+    Rclone allows you to select which scope you would like for rclone to
+    use.  This changes what type of token is granted to rclone.  [The
+    scopes are defined
+    here](https://developers.google.com/drive/v3/web/about-auth).
 
--   Config: starred_only
--   Env Var: RCLONE_DRIVE_STARRED_ONLY
--   Type: bool
--   Default: false
+    A comma-separated list is allowed e.g. `drive.readonly,drive.file`.
 
---drive-formats
+    The scope are
 
-Deprecated: See export_formats.
+    #### drive
 
-Properties:
+    This is the default scope and allows full access to all files, except
+    for the Application Data Folder (see below).
 
--   Config: formats
--   Env Var: RCLONE_DRIVE_FORMATS
--   Type: string
--   Required: false
+    Choose this one if you aren't sure.
 
---drive-export-formats
+    #### drive.readonly
 
-Comma separated list of preferred formats for downloading Google docs.
+    This allows read only access to all files.  Files may be listed and
+    downloaded but not uploaded, renamed or deleted.
 
-Properties:
+    #### drive.file
 
--   Config: export_formats
--   Env Var: RCLONE_DRIVE_EXPORT_FORMATS
--   Type: string
--   Default: "docx,xlsx,pptx,svg"
+    With this scope rclone can read/view/modify only those files and
+    folders it creates.
 
---drive-import-formats
+    So if you uploaded files to drive via the web interface (or any other
+    means) they will not be visible to rclone.
 
-Comma separated list of preferred formats for uploading Google docs.
+    This can be useful if you are using rclone to backup data and you want
+    to be sure confidential data on your drive is not visible to rclone.
 
-Properties:
+    Files created with this scope are visible in the web interface.
 
--   Config: import_formats
--   Env Var: RCLONE_DRIVE_IMPORT_FORMATS
--   Type: string
--   Required: false
+    #### drive.appfolder
 
---drive-allow-import-name-change
+    This gives rclone its own private area to store files.  Rclone will
+    not be able to see any other files on your drive and you won't be able
+    to see rclone's files from the web interface either.
 
-Allow the filetype to change when uploading Google docs.
+    #### drive.metadata.readonly
+
+    This allows read only access to file names only.  It does not allow
+    rclone to download or upload data, or rename or delete files or
+    directories.
 
-E.g. file.doc to file.docx. This will confuse sync and reupload every
-time.
+    ### Root folder ID
 
-Properties:
+    This option has been moved to the advanced section. You can set the `root_folder_id` for rclone.  This is the directory
+    (identified by its `Folder ID`) that rclone considers to be the root
+    of your drive.
 
--   Config: allow_import_name_change
--   Env Var: RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE
--   Type: bool
--   Default: false
+    Normally you will leave this blank and rclone will determine the
+    correct root to use itself.
 
---drive-use-created-date
+    However you can set this to restrict rclone to a specific folder
+    hierarchy or to access data within the "Computers" tab on the drive
+    web interface (where files from Google's Backup and Sync desktop
+    program go).
 
-Use file created date instead of modified date.
+    In order to do this you will have to find the `Folder ID` of the
+    directory you wish rclone to display.  This will be the last segment
+    of the URL when you open the relevant folder in the drive web
+    interface.
 
-Useful when downloading data and you want the creation date used in
-place of the last modified date.
+    So if the folder you want rclone to use has a URL which looks like
+    `https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh`
+    in the browser, then you use `1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh` as
+    the `root_folder_id` in the config.
 
-WARNING: This flag may have some unexpected consequences.
+    **NB** folders under the "Computers" tab seem to be read only (drive
+    gives a 500 error) when using rclone.
 
-When uploading to your drive all files will be overwritten unless they
-haven't been modified since their creation. And the inverse will occur
-while downloading. This side effect can be avoided by using the
-"--checksum" flag.
+    There doesn't appear to be an API to discover the folder IDs of the
+    "Computers" tab - please contact us if you know otherwise!
 
-This feature was implemented to retain photos capture date as recorded
-by google photos. You will first need to check the "Create a Google
-Photos folder" option in your google drive settings. You can then copy
-or move the photos locally and use the date the image was taken
-(created) set as the modification date.
+    Note also that rclone can't access any data under the "Backups" tab on
+    the google drive web interface yet.
 
-Properties:
+    ### Service Account support
 
--   Config: use_created_date
--   Env Var: RCLONE_DRIVE_USE_CREATED_DATE
--   Type: bool
--   Default: false
+    You can set up rclone with Google Drive in an unattended mode,
+    i.e. not tied to a specific end-user Google account. This is useful
+    when you want to synchronise files onto machines that don't have
+    actively logged-in users, for example build machines.
 
---drive-use-shared-date
+    To use a Service Account instead of OAuth2 token flow, enter the path
+    to your Service Account credentials at the `service_account_file`
+    prompt during `rclone config` and rclone won't use the browser based
+    authentication flow. If you'd rather stuff the contents of the
+    credentials file into the rclone config file, you can set
+    `service_account_credentials` with the actual contents of the file
+    instead, or set the equivalent environment variable.
 
-Use date file was shared instead of modified date.
+    #### Use case - Google Apps/G-suite account and individual Drive
 
-Note that, as with "--drive-use-created-date", this flag may have
-unexpected consequences when uploading/downloading files.
+    Let's say that you are the administrator of a Google Apps (old) or
+    G-suite account.
+    The goal is to store data on an individual's Drive account, who IS
+    a member of the domain.
+    We'll call the domain **example.com**, and the user
+    **foo@example.com**.
 
-If both this flag and "--drive-use-created-date" are set, the created
-date is used.
+    There's a few steps we need to go through to accomplish this:
 
-Properties:
+    ##### 1. Create a service account for example.com
+      - To create a service account and obtain its credentials, go to the
+    [Google Developer Console](https://console.developers.google.com).
+      - You must have a project - create one if you don't.
+      - Then go to "IAM & admin" -> "Service Accounts".
+      - Use the "Create Service Account" button. Fill in "Service account name"
+    and "Service account ID" with something that identifies your client.
+      - Select "Create And Continue". Step 2 and 3 are optional.
+      - These credentials are what rclone will use for authentication.
+    If you ever need to remove access, press the "Delete service
+    account key" button.
 
--   Config: use_shared_date
--   Env Var: RCLONE_DRIVE_USE_SHARED_DATE
--   Type: bool
--   Default: false
+    ##### 2. Allowing API access to example.com Google Drive
+      - Go to example.com's admin console
+      - Go into "Security" (or use the search bar)
+      - Select "Show more" and then "Advanced settings"
+      - Select "Manage API client access" in the "Authentication" section
+      - In the "Client Name" field enter the service account's
+    "Client ID" - this can be found in the Developer Console under
+    "IAM & Admin" -> "Service Accounts", then "View Client ID" for
+    the newly created service account.
+    It is a ~21 character numerical string.
+      - In the next field, "One or More API Scopes", enter
+    `https://www.googleapis.com/auth/drive`
+    to grant access to Google Drive specifically.
+
+    ##### 3. Configure rclone, assuming a new install
 
---drive-list-chunk
+rclone config
 
-Size of listing chunk 100-1000, 0 to disable.
+n/s/q> n # New name>gdrive # Gdrive is an example name Storage> # Select
+the number shown for Google Drive client_id> # Can be left blank
+client_secret> # Can be left blank scope> # Select your scope, 1 for
+example root_folder_id> # Can be left blank service_account_file>
+/home/foo/myJSONfile.json # This is where the JSON file goes! y/n> #
+Auto config, n
 
-Properties:
 
--   Config: list_chunk
--   Env Var: RCLONE_DRIVE_LIST_CHUNK
--   Type: int
--   Default: 1000
+    ##### 4. Verify that it's working
+      - `rclone -v --drive-impersonate foo@example.com lsf gdrive:backup`
+      - The arguments do:
+        - `-v` - verbose logging
+        - `--drive-impersonate foo@example.com` - this is what does
+    the magic, pretending to be user foo.
+        - `lsf` - list files in a parsing friendly way
+        - `gdrive:backup` - use the remote called gdrive, work in
+    the folder named backup.
 
---drive-impersonate
+    Note: in case you configured a specific root folder on gdrive and rclone is unable to access the contents of that folder when using `--drive-impersonate`, do this instead:
+      - in the gdrive web interface, share your root folder with the user/email of the new Service Account you created/selected at step #1
+      - use rclone without specifying the `--drive-impersonate` option, like this:
+            `rclone -v lsf gdrive:backup`
 
-Impersonate this user when using a service account.
 
-Properties:
+    ### Shared drives (team drives)
 
--   Config: impersonate
--   Env Var: RCLONE_DRIVE_IMPERSONATE
--   Type: string
--   Required: false
+    If you want to configure the remote to point to a Google Shared Drive
+    (previously known as Team Drives) then answer `y` to the question
+    `Configure this as a Shared Drive (Team Drive)?`.
 
---drive-upload-cutoff
+    This will fetch the list of Shared Drives from google and allow you to
+    configure which one you want to use. You can also type in a Shared
+    Drive ID if you prefer.
 
-Cutoff for switching to chunked upload.
+    For example:
 
-Properties:
+Configure this as a Shared Drive (Team Drive)? y) Yes n) No y/n> y
+Fetching Shared Drive list... Choose a number from below, or type in
+your own value 1 / Rclone Test  "xxxxxxxxxxxxxxxxxxxx" 2 / Rclone Test 2
+ "yyyyyyyyyyyyyyyyyyyy" 3 / Rclone Test 3  "zzzzzzzzzzzzzzzzzzzz" Enter
+a Shared Drive ID> 1 -------------------- [remote] client_id =
+client_secret = token =
+{"AccessToken":"xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx","Expiry":"2014-03-16T13:57:58.955387075Z","Extra":null}
+team_drive = xxxxxxxxxxxxxxxxxxxx -------------------- y) Yes this is OK
+e) Edit this remote d) Delete this remote y/e/d> y
 
--   Config: upload_cutoff
--   Env Var: RCLONE_DRIVE_UPLOAD_CUTOFF
--   Type: SizeSuffix
--   Default: 8Mi
 
---drive-chunk-size
+    ### --fast-list
 
-Upload chunk size.
+    This remote supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
 
-Must a power of 2 >= 256k.
+    It does this by combining multiple `list` calls into a single API request.
 
-Making this larger will improve performance, but note that each chunk is
-buffered in memory one per transfer.
+    This works by combining many `'%s' in parents` filters into one expression.
+    To list the contents of directories a, b and c, the following requests will be send by the regular `List` function:
 
-Reducing this will reduce memory usage but decrease performance.
+trashed=false and 'a' in parents trashed=false and 'b' in parents
+trashed=false and 'c' in parents
 
-Properties:
+    These can now be combined into a single request:
 
--   Config: chunk_size
--   Env Var: RCLONE_DRIVE_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 8Mi
+trashed=false and ('a' in parents or 'b' in parents or 'c' in parents)
 
---drive-acknowledge-abuse
 
-Set to allow files which return cannotDownloadAbusiveFile to be
-downloaded.
+    The implementation of `ListR` will put up to 50 `parents` filters into one request.
+    It will  use the `--checkers` value to specify the number of requests to run in parallel.
 
-If downloading a file returns the error "This file has been identified
-as malware or spam and cannot be downloaded" with the error code
-"cannotDownloadAbusiveFile" then supply this flag to rclone to indicate
-you acknowledge the risks of downloading the file and rclone will
-download it anyway.
+    In tests, these batch requests were up to 20x faster than the regular method.
+    Running the following command against different sized folders gives:
 
-Note that if you are using service account it will need Manager
-permission (not Content Manager) to for this flag to work. If the SA
-does not have the right permission, Google will just ignore the flag.
+rclone lsjson -vv -R --checkers=6 gdrive:folder
 
-Properties:
 
--   Config: acknowledge_abuse
--   Env Var: RCLONE_DRIVE_ACKNOWLEDGE_ABUSE
--   Type: bool
--   Default: false
+    small folder (220 directories, 700 files):
 
---drive-keep-revision-forever
+    - without `--fast-list`: 38s
+    - with `--fast-list`: 10s
 
-Keep new head revision of each file forever.
+    large folder (10600 directories, 39000 files):
 
-Properties:
+    - without `--fast-list`: 22:05 min
+    - with `--fast-list`: 58s
 
--   Config: keep_revision_forever
--   Env Var: RCLONE_DRIVE_KEEP_REVISION_FOREVER
--   Type: bool
--   Default: false
+    ### Modification times and hashes
 
---drive-size-as-quota
+    Google drive stores modification times accurate to 1 ms.
 
-Show sizes as storage quota usage, not actual size.
+    Hash algorithms MD5, SHA1 and SHA256 are supported. Note, however,
+    that a small fraction of files uploaded may not have SHA1 or SHA256
+    hashes especially if they were uploaded before 2018.
 
-Show the size of a file as the storage quota used. This is the current
-version plus any older versions that have been set to keep forever.
+    ### Restricted filename characters
 
-WARNING: This flag may have some unexpected consequences.
+    Only Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-It is not recommended to set this flag in your config - the recommended
-usage is using the flag form --drive-size-as-quota when doing rclone
-ls/lsl/lsf/lsjson/etc only.
+    In contrast to other backends, `/` can also be used in names and `.`
+    or `..` are valid names.
 
-If you do use this flag for syncing (not recommended) then you will need
-to use --ignore size also.
+    ### Revisions
 
-Properties:
+    Google drive stores revisions of files.  When you upload a change to
+    an existing file to google drive using rclone it will create a new
+    revision of that file.
 
--   Config: size_as_quota
--   Env Var: RCLONE_DRIVE_SIZE_AS_QUOTA
--   Type: bool
--   Default: false
+    Revisions follow the standard google policy which at time of writing
+    was
 
---drive-v2-download-min-size
+      * They are deleted after 30 days or 100 revisions (whatever comes first).
+      * They do not count towards a user storage quota.
 
-If Object's are greater, use drive v2 API to download.
+    ### Deleting files
 
-Properties:
+    By default rclone will send all files to the trash when deleting
+    files.  If deleting them permanently is required then use the
+    `--drive-use-trash=false` flag, or set the equivalent environment
+    variable.
 
--   Config: v2_download_min_size
--   Env Var: RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE
--   Type: SizeSuffix
--   Default: off
+    ### Shortcuts
 
---drive-pacer-min-sleep
+    In March 2020 Google introduced a new feature in Google Drive called
+    [drive shortcuts](https://support.google.com/drive/answer/9700156)
+    ([API](https://developers.google.com/drive/api/v3/shortcuts)). These
+    will (by September 2020) [replace the ability for files or folders to
+    be in multiple folders at once](https://cloud.google.com/blog/products/g-suite/simplifying-google-drives-folder-structure-and-sharing-models).
 
-Minimum time to sleep between API calls.
+    Shortcuts are files that link to other files on Google Drive somewhat
+    like a symlink in unix, except they point to the underlying file data
+    (e.g. the inode in unix terms) so they don't break if the source is
+    renamed or moved about.
 
-Properties:
+    By default rclone treats these as follows.
 
--   Config: pacer_min_sleep
--   Env Var: RCLONE_DRIVE_PACER_MIN_SLEEP
--   Type: Duration
--   Default: 100ms
+    For shortcuts pointing to files:
 
---drive-pacer-burst
+    - When listing a file shortcut appears as the destination file.
+    - When downloading the contents of the destination file is downloaded.
+    - When updating shortcut file with a non shortcut file, the shortcut is removed then a new file is uploaded in place of the shortcut.
+    - When server-side moving (renaming) the shortcut is renamed, not the destination file.
+    - When server-side copying the shortcut is copied, not the contents of the shortcut. (unless `--drive-copy-shortcut-content` is in use in which case the contents of the shortcut gets copied).
+    - When deleting the shortcut is deleted not the linked file.
+    - When setting the modification time, the modification time of the linked file will be set.
 
-Number of API calls to allow without sleeping.
+    For shortcuts pointing to folders:
 
-Properties:
+    - When listing the shortcut appears as a folder and that folder will contain the contents of the linked folder appear (including any sub folders)
+    - When downloading the contents of the linked folder and sub contents are downloaded
+    - When uploading to a shortcut folder the file will be placed in the linked folder
+    - When server-side moving (renaming) the shortcut is renamed, not the destination folder
+    - When server-side copying the contents of the linked folder is copied, not the shortcut.
+    - When deleting with `rclone rmdir` or `rclone purge` the shortcut is deleted not the linked folder.
+    - **NB** When deleting with `rclone remove` or `rclone mount` the contents of the linked folder will be deleted.
 
--   Config: pacer_burst
--   Env Var: RCLONE_DRIVE_PACER_BURST
--   Type: int
--   Default: 100
+    The [rclone backend](https://rclone.org/commands/rclone_backend/) command can be used to create shortcuts.  
 
---drive-server-side-across-configs
+    Shortcuts can be completely ignored with the `--drive-skip-shortcuts` flag
+    or the corresponding `skip_shortcuts` configuration setting.
 
-Allow server-side operations (e.g. copy) to work across different drive
-configs.
+    ### Emptying trash
 
-This can be useful if you wish to do a server-side copy between two
-different Google drives. Note that this isn't enabled by default because
-it isn't easy to tell if it will work between any two configurations.
+    If you wish to empty your trash you can use the `rclone cleanup remote:`
+    command which will permanently delete all your trashed files. This command
+    does not take any path arguments.
 
-Properties:
+    Note that Google Drive takes some time (minutes to days) to empty the
+    trash even though the command returns within a few seconds.  No output
+    is echoed, so there will be no confirmation even using -v or -vv.
+
+    ### Quota information
+
+    To view your current quota you can use the `rclone about remote:`
+    command which will display your usage limit (quota), the usage in Google
+    Drive, the size of all files in the Trash and the space used by other
+    Google services such as Gmail. This command does not take any path
+    arguments.
+
+    #### Import/Export of google documents
+
+    Google documents can be exported from and uploaded to Google Drive.
+
+    When rclone downloads a Google doc it chooses a format to download
+    depending upon the `--drive-export-formats` setting.
+    By default the export formats are `docx,xlsx,pptx,svg` which are a
+    sensible default for an editable document.
+
+    When choosing a format, rclone runs down the list provided in order
+    and chooses the first file format the doc can be exported as from the
+    list. If the file can't be exported to a format on the formats list,
+    then rclone will choose a format from the default list.
+
+    If you prefer an archive copy then you might use `--drive-export-formats
+    pdf`, or if you prefer openoffice/libreoffice formats you might use
+    `--drive-export-formats ods,odt,odp`.
+
+    Note that rclone adds the extension to the google doc, so if it is
+    called `My Spreadsheet` on google docs, it will be exported as `My
+    Spreadsheet.xlsx` or `My Spreadsheet.pdf` etc.
+
+    When importing files into Google Drive, rclone will convert all
+    files with an extension in `--drive-import-formats` to their
+    associated document type.
+    rclone will not convert any files by default, since the conversion
+    is lossy process.
+
+    The conversion must result in a file with the same extension when
+    the `--drive-export-formats` rules are applied to the uploaded document.
+
+    Here are some examples for allowed and prohibited conversions.
+
+    | export-formats | import-formats | Upload Ext | Document Ext | Allowed |
+    | -------------- | -------------- | ---------- | ------------ | ------- |
+    | odt | odt | odt | odt | Yes |
+    | odt | docx,odt | odt | odt | Yes |
+    |  | docx | docx | docx | Yes |
+    |  | odt | odt | docx | No |
+    | odt,docx | docx,odt | docx | odt | No |
+    | docx,odt | docx,odt | docx | docx | Yes |
+    | docx,odt | docx,odt | odt | docx | No |
+
+    This limitation can be disabled by specifying `--drive-allow-import-name-change`.
+    When using this flag, rclone can convert multiple files types resulting
+    in the same document type at once, e.g. with `--drive-import-formats docx,odt,txt`,
+    all files having these extension would result in a document represented as a docx file.
+    This brings the additional risk of overwriting a document, if multiple files
+    have the same stem. Many rclone operations will not handle this name change
+    in any way. They assume an equal name when copying files and might copy the
+    file again or delete them when the name changes. 
+
+    Here are the possible export extensions with their corresponding mime types.
+    Most of these can also be used for importing, but there more that are not
+    listed here. Some of these additional ones might only be available when
+    the operating system provides the correct MIME type entries.
+
+    This list can be changed by Google Drive at any time and might not
+    represent the currently available conversions.
+
+    | Extension | Mime Type | Description |
+    | --------- |-----------| ------------|
+    | bmp  | image/bmp | Windows Bitmap format |
+    | csv  | text/csv | Standard CSV format for Spreadsheets |
+    | doc  | application/msword | Classic Word file |
+    | docx | application/vnd.openxmlformats-officedocument.wordprocessingml.document | Microsoft Office Document |
+    | epub | application/epub+zip | E-book format |
+    | html | text/html | An HTML Document |
+    | jpg  | image/jpeg | A JPEG Image File |
+    | json | application/vnd.google-apps.script+json | JSON Text Format for Google Apps scripts |
+    | odp  | application/vnd.oasis.opendocument.presentation | Openoffice Presentation |
+    | ods  | application/vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+    | ods  | application/x-vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+    | odt  | application/vnd.oasis.opendocument.text | Openoffice Document |
+    | pdf  | application/pdf | Adobe PDF Format |
+    | pjpeg | image/pjpeg | Progressive JPEG Image |
+    | png  | image/png | PNG Image Format|
+    | pptx | application/vnd.openxmlformats-officedocument.presentationml.presentation | Microsoft Office Powerpoint |
+    | rtf  | application/rtf | Rich Text Format |
+    | svg  | image/svg+xml | Scalable Vector Graphics Format |
+    | tsv  | text/tab-separated-values | Standard TSV format for spreadsheets |
+    | txt  | text/plain | Plain Text |
+    | wmf  | application/x-msmetafile | Windows Meta File |
+    | xls  | application/vnd.ms-excel | Classic Excel file |
+    | xlsx | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | Microsoft Office Spreadsheet |
+    | zip  | application/zip | A ZIP file of HTML, Images CSS |
+
+    Google documents can also be exported as link files. These files will
+    open a browser window for the Google Docs website of that document
+    when opened. The link file extension has to be specified as a
+    `--drive-export-formats` parameter. They will match all available
+    Google Documents.
+
+    | Extension | Description | OS Support |
+    | --------- | ----------- | ---------- |
+    | desktop | freedesktop.org specified desktop entry | Linux |
+    | link.html | An HTML Document with a redirect | All |
+    | url | INI style link file | macOS, Windows |
+    | webloc | macOS specific XML format | macOS |
+
+
+    ### Standard options
+
+    Here are the Standard options specific to drive (Google Drive).
+
+    #### --drive-client-id
 
--   Config: server_side_across_configs
--   Env Var: RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS
--   Type: bool
--   Default: false
+    Google Application Client Id
+    Setting your own is recommended.
+    See https://rclone.org/drive/#making-your-own-client-id for how to create your own.
+    If you leave this blank, it will use an internal key which is low performance.
 
---drive-disable-http2
+    Properties:
 
-Disable drive using http2.
+    - Config:      client_id
+    - Env Var:     RCLONE_DRIVE_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-There is currently an unsolved issue with the google drive backend and
-HTTP/2. HTTP/2 is therefore disabled by default for the drive backend
-but can be re-enabled here. When the issue is solved this flag will be
-removed.
+    #### --drive-client-secret
 
-See: https://github.com/rclone/rclone/issues/3631
+    OAuth Client Secret.
 
-Properties:
+    Leave blank normally.
 
--   Config: disable_http2
--   Env Var: RCLONE_DRIVE_DISABLE_HTTP2
--   Type: bool
--   Default: true
+    Properties:
 
---drive-stop-on-upload-limit
+    - Config:      client_secret
+    - Env Var:     RCLONE_DRIVE_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-Make upload limit errors be fatal.
+    #### --drive-scope
 
-At the time of writing it is only possible to upload 750 GiB of data to
-Google Drive a day (this is an undocumented limit). When this limit is
-reached Google Drive produces a slightly different error message. When
-this flag is set it causes these errors to be fatal. These will stop the
-in-progress sync.
+    Comma separated list of scopes that rclone should use when requesting access from drive.
 
-Note that this detection is relying on error message strings which
-Google don't document so it may break in the future.
+    Properties:
 
-See: https://github.com/rclone/rclone/issues/3857
+    - Config:      scope
+    - Env Var:     RCLONE_DRIVE_SCOPE
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "drive"
+            - Full access all files, excluding Application Data Folder.
+        - "drive.readonly"
+            - Read-only access to file metadata and file contents.
+        - "drive.file"
+            - Access to files created by rclone only.
+            - These are visible in the drive website.
+            - File authorization is revoked when the user deauthorizes the app.
+        - "drive.appfolder"
+            - Allows read and write access to the Application Data folder.
+            - This is not visible in the drive website.
+        - "drive.metadata.readonly"
+            - Allows read-only access to file metadata but
+            - does not allow any access to read or download file content.
 
-Properties:
+    #### --drive-service-account-file
 
--   Config: stop_on_upload_limit
--   Env Var: RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT
--   Type: bool
--   Default: false
+    Service Account Credentials JSON file path.
 
---drive-stop-on-download-limit
+    Leave blank normally.
+    Needed only if you want use SA instead of interactive login.
 
-Make download limit errors be fatal.
+    Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
 
-At the time of writing it is only possible to download 10 TiB of data
-from Google Drive a day (this is an undocumented limit). When this limit
-is reached Google Drive produces a slightly different error message.
-When this flag is set it causes these errors to be fatal. These will
-stop the in-progress sync.
+    Properties:
 
-Note that this detection is relying on error message strings which
-Google don't document so it may break in the future.
+    - Config:      service_account_file
+    - Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_FILE
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --drive-alternate-export
 
--   Config: stop_on_download_limit
--   Env Var: RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT
--   Type: bool
--   Default: false
+    Deprecated: No longer needed.
 
---drive-skip-shortcuts
+    Properties:
 
-If set skip shortcut files.
+    - Config:      alternate_export
+    - Env Var:     RCLONE_DRIVE_ALTERNATE_EXPORT
+    - Type:        bool
+    - Default:     false
 
-Normally rclone dereferences shortcut files making them appear as if
-they are the original file (see the shortcuts section). If this flag is
-set then rclone will ignore shortcut files completely.
+    ### Advanced options
 
-Properties:
+    Here are the Advanced options specific to drive (Google Drive).
 
--   Config: skip_shortcuts
--   Env Var: RCLONE_DRIVE_SKIP_SHORTCUTS
--   Type: bool
--   Default: false
+    #### --drive-token
 
---drive-skip-dangling-shortcuts
+    OAuth Access Token as a JSON blob.
 
-If set skip dangling shortcut files.
+    Properties:
 
-If this is set then rclone will not show any dangling shortcuts in
-listings.
+    - Config:      token
+    - Env Var:     RCLONE_DRIVE_TOKEN
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --drive-auth-url
 
--   Config: skip_dangling_shortcuts
--   Env Var: RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS
--   Type: bool
--   Default: false
+    Auth server URL.
 
---drive-resource-key
+    Leave blank to use the provider defaults.
 
-Resource key for accessing a link-shared file.
+    Properties:
 
-If you need to access files shared with a link like this
+    - Config:      auth_url
+    - Env Var:     RCLONE_DRIVE_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-    https://drive.google.com/drive/folders/XXX?resourcekey=YYY&usp=sharing
+    #### --drive-token-url
 
-Then you will need to use the first part "XXX" as the "root_folder_id"
-and the second part "YYY" as the "resource_key" otherwise you will get
-404 not found errors when trying to access the directory.
+    Token server url.
 
-See: https://developers.google.com/drive/api/guides/resource-keys
+    Leave blank to use the provider defaults.
 
-This resource key requirement only applies to a subset of old files.
+    Properties:
 
-Note also that opening the folder once in the web interface (with the
-user you've authenticated rclone with) seems to be enough so that the
-resource key is no needed.
+    - Config:      token_url
+    - Env Var:     RCLONE_DRIVE_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --drive-root-folder-id
 
--   Config: resource_key
--   Env Var: RCLONE_DRIVE_RESOURCE_KEY
--   Type: string
--   Required: false
+    ID of the root folder.
+    Leave blank normally.
 
---drive-encoding
+    Fill in to access "Computers" folders (see docs), or for rclone to use
+    a non root folder as its starting point.
 
-The encoding for the backend.
 
-See the encoding section in the overview for more info.
+    Properties:
 
-Properties:
+    - Config:      root_folder_id
+    - Env Var:     RCLONE_DRIVE_ROOT_FOLDER_ID
+    - Type:        string
+    - Required:    false
 
--   Config: encoding
--   Env Var: RCLONE_DRIVE_ENCODING
--   Type: MultiEncoder
--   Default: InvalidUtf8
+    #### --drive-service-account-credentials
 
-Backend commands
+    Service Account Credentials JSON blob.
 
-Here are the commands specific to the drive backend.
+    Leave blank normally.
+    Needed only if you want use SA instead of interactive login.
 
-Run them with
+    Properties:
 
-    rclone backend COMMAND remote:
+    - Config:      service_account_credentials
+    - Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS
+    - Type:        string
+    - Required:    false
 
-The help below will explain what arguments each command takes.
+    #### --drive-team-drive
 
-See the backend command for more info on how to pass options and
-arguments.
+    ID of the Shared Drive (Team Drive).
 
-These can be run on a running backend using the rc command
-backend/command.
+    Properties:
 
-get
+    - Config:      team_drive
+    - Env Var:     RCLONE_DRIVE_TEAM_DRIVE
+    - Type:        string
+    - Required:    false
 
-Get command for fetching the drive config parameters
+    #### --drive-auth-owner-only
 
-    rclone backend get remote: [options] [<arguments>+]
+    Only consider files owned by the authenticated user.
 
-This is a get command which will be used to fetch the various drive
-config parameters
+    Properties:
 
-Usage Examples:
+    - Config:      auth_owner_only
+    - Env Var:     RCLONE_DRIVE_AUTH_OWNER_ONLY
+    - Type:        bool
+    - Default:     false
 
-    rclone backend get drive: [-o service_account_file] [-o chunk_size]
-    rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
+    #### --drive-use-trash
 
-Options:
+    Send files to the trash instead of deleting permanently.
 
--   "chunk_size": show the current upload chunk size
--   "service_account_file": show the current service account file
+    Defaults to true, namely sending files to the trash.
+    Use `--drive-use-trash=false` to delete files permanently instead.
 
-set
+    Properties:
 
-Set command for updating the drive config parameters
+    - Config:      use_trash
+    - Env Var:     RCLONE_DRIVE_USE_TRASH
+    - Type:        bool
+    - Default:     true
 
-    rclone backend set remote: [options] [<arguments>+]
+    #### --drive-copy-shortcut-content
 
-This is a set command which will be used to update the various drive
-config parameters
+    Server side copy contents of shortcuts instead of the shortcut.
 
-Usage Examples:
+    When doing server side copies, normally rclone will copy shortcuts as
+    shortcuts.
 
-    rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
-    rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+    If this flag is used then rclone will copy the contents of shortcuts
+    rather than shortcuts themselves when doing server side copies.
 
-Options:
+    Properties:
 
--   "chunk_size": update the current upload chunk size
--   "service_account_file": update the current service account file
+    - Config:      copy_shortcut_content
+    - Env Var:     RCLONE_DRIVE_COPY_SHORTCUT_CONTENT
+    - Type:        bool
+    - Default:     false
 
-shortcut
+    #### --drive-skip-gdocs
 
-Create shortcuts from files or directories
+    Skip google documents in all listings.
 
-    rclone backend shortcut remote: [options] [<arguments>+]
+    If given, gdocs practically become invisible to rclone.
 
-This command creates shortcuts from files or directories.
+    Properties:
 
-Usage:
+    - Config:      skip_gdocs
+    - Env Var:     RCLONE_DRIVE_SKIP_GDOCS
+    - Type:        bool
+    - Default:     false
 
-    rclone backend shortcut drive: source_item destination_shortcut
-    rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
+    #### --drive-show-all-gdocs
 
-In the first example this creates a shortcut from the "source_item"
-which can be a file or a directory to the "destination_shortcut". The
-"source_item" and the "destination_shortcut" should be relative paths
-from "drive:"
+    Show all Google Docs including non-exportable ones in listings.
 
-In the second example this creates a shortcut from the "source_item"
-relative to "drive:" to the "destination_shortcut" relative to
-"drive2:". This may fail with a permission error if the user
-authenticated with "drive2:" can't read files from "drive:".
+    If you try a server side copy on a Google Form without this flag, you
+    will get this error:
 
-Options:
+        No export formats found for "application/vnd.google-apps.form"
 
--   "target": optional target remote for the shortcut destination
+    However adding this flag will allow the form to be server side copied.
 
-drives
+    Note that rclone doesn't add extensions to the Google Docs file names
+    in this mode.
 
-List the Shared Drives available to this account
+    Do **not** use this flag when trying to download Google Docs - rclone
+    will fail to download them.
 
-    rclone backend drives remote: [options] [<arguments>+]
 
-This command lists the Shared Drives (Team Drives) available to this
-account.
+    Properties:
 
-Usage:
+    - Config:      show_all_gdocs
+    - Env Var:     RCLONE_DRIVE_SHOW_ALL_GDOCS
+    - Type:        bool
+    - Default:     false
 
-    rclone backend [-o config] drives drive:
+    #### --drive-skip-checksum-gphotos
 
-This will return a JSON list of objects like this
+    Skip checksums on Google photos and videos only.
 
-    [
-        {
-            "id": "0ABCDEF-01234567890",
-            "kind": "drive#teamDrive",
-            "name": "My Drive"
-        },
-        {
-            "id": "0ABCDEFabcdefghijkl",
-            "kind": "drive#teamDrive",
-            "name": "Test Drive"
-        }
-    ]
+    Use this if you get checksum errors when transferring Google photos or
+    videos.
 
-With the -o config parameter it will output the list in a format
-suitable for adding to a config file to make aliases for all the drives
-found and a combined drive.
+    Setting this flag will cause Google photos and videos to return a
+    blank checksums.
 
-    [My Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+    Google photos are identified by being in the "photos" space.
 
-    [Test Drive]
-    type = alias
-    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+    Corrupted checksums are caused by Google modifying the image/video but
+    not updating the checksum.
 
-    [AllDrives]
-    type = combine
-    upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
+    Properties:
 
-Adding this to the rclone config file will cause those team drives to be
-accessible with the aliases shown. Any illegal characters will be
-substituted with "_" and duplicate names will have numbers suffixed. It
-will also add a remote called AllDrives which shows all the shared
-drives combined into one directory tree.
+    - Config:      skip_checksum_gphotos
+    - Env Var:     RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS
+    - Type:        bool
+    - Default:     false
 
-untrash
+    #### --drive-shared-with-me
 
-Untrash files and directories
+    Only show files that are shared with me.
 
-    rclone backend untrash remote: [options] [<arguments>+]
+    Instructs rclone to operate on your "Shared with me" folder (where
+    Google Drive lets you access the files and folders others have shared
+    with you).
 
-This command untrashes all the files and directories in the directory
-passed in recursively.
+    This works both with the "list" (lsd, lsl, etc.) and the "copy"
+    commands (copy, sync, etc.), and with all other commands too.
 
-Usage:
+    Properties:
 
-This takes an optional directory to trash which make this easier to use
-via the API.
+    - Config:      shared_with_me
+    - Env Var:     RCLONE_DRIVE_SHARED_WITH_ME
+    - Type:        bool
+    - Default:     false
 
-    rclone backend untrash drive:directory
-    rclone backend --interactive untrash drive:directory subdir
+    #### --drive-trashed-only
 
-Use the --interactive/-i or --dry-run flag to see what would be restored
-before restoring it.
+    Only show files that are in the trash.
 
-Result:
+    This will show trashed files in their original directory structure.
 
-    {
-        "Untrashed": 17,
-        "Errors": 0
-    }
+    Properties:
 
-copyid
+    - Config:      trashed_only
+    - Env Var:     RCLONE_DRIVE_TRASHED_ONLY
+    - Type:        bool
+    - Default:     false
 
-Copy files by ID
+    #### --drive-starred-only
 
-    rclone backend copyid remote: [options] [<arguments>+]
+    Only show files that are starred.
 
-This command copies files by ID
+    Properties:
 
-Usage:
+    - Config:      starred_only
+    - Env Var:     RCLONE_DRIVE_STARRED_ONLY
+    - Type:        bool
+    - Default:     false
 
-    rclone backend copyid drive: ID path
-    rclone backend copyid drive: ID1 path1 ID2 path2
+    #### --drive-formats
 
-It copies the drive file with ID given to the path (an rclone path which
-will be passed internally to rclone copyto). The ID and path pairs can
-be repeated.
+    Deprecated: See export_formats.
 
-The path should end with a / to indicate copy the file as named to this
-directory. If it doesn't end with a / then the last path component will
-be used as the file name.
+    Properties:
 
-If the destination is a drive backend then server-side copying will be
-attempted if possible.
+    - Config:      formats
+    - Env Var:     RCLONE_DRIVE_FORMATS
+    - Type:        string
+    - Required:    false
 
-Use the --interactive/-i or --dry-run flag to see what would be copied
-before copying.
+    #### --drive-export-formats
 
-exportformats
+    Comma separated list of preferred formats for downloading Google docs.
 
-Dump the export formats for debug purposes
+    Properties:
 
-    rclone backend exportformats remote: [options] [<arguments>+]
+    - Config:      export_formats
+    - Env Var:     RCLONE_DRIVE_EXPORT_FORMATS
+    - Type:        string
+    - Default:     "docx,xlsx,pptx,svg"
 
-importformats
+    #### --drive-import-formats
 
-Dump the import formats for debug purposes
+    Comma separated list of preferred formats for uploading Google docs.
 
-    rclone backend importformats remote: [options] [<arguments>+]
+    Properties:
 
-Limitations
+    - Config:      import_formats
+    - Env Var:     RCLONE_DRIVE_IMPORT_FORMATS
+    - Type:        string
+    - Required:    false
 
-Drive has quite a lot of rate limiting. This causes rclone to be limited
-to transferring about 2 files per second only. Individual files may be
-transferred much faster at 100s of MiB/s but lots of small files can
-take a long time.
+    #### --drive-allow-import-name-change
 
-Server side copies are also subject to a separate rate limit. If you see
-User rate limit exceeded errors, wait at least 24 hours and retry. You
-can disable server-side copies with --disable copy to download and
-upload the files if you prefer.
+    Allow the filetype to change when uploading Google docs.
 
-Limitations of Google Docs
+    E.g. file.doc to file.docx. This will confuse sync and reupload every time.
 
-Google docs will appear as size -1 in rclone ls, rclone ncdu etc, and as
-size 0 in anything which uses the VFS layer, e.g. rclone mount and
-rclone serve. When calculating directory totals, e.g. in rclone size and
-rclone ncdu, they will be counted in as empty files.
+    Properties:
 
-This is because rclone can't find out the size of the Google docs
-without downloading them.
+    - Config:      allow_import_name_change
+    - Env Var:     RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE
+    - Type:        bool
+    - Default:     false
 
-Google docs will transfer correctly with rclone sync, rclone copy etc as
-rclone knows to ignore the size when doing the transfer.
+    #### --drive-use-created-date
 
-However an unfortunate consequence of this is that you may not be able
-to download Google docs using rclone mount. If it doesn't work you will
-get a 0 sized file. If you try again the doc may gain its correct size
-and be downloadable. Whether it will work on not depends on the
-application accessing the mount and the OS you are running - experiment
-to find out if it does work for you!
+    Use file created date instead of modified date.
 
-Duplicated files
+    Useful when downloading data and you want the creation date used in
+    place of the last modified date.
 
-Sometimes, for no reason I've been able to track down, drive will
-duplicate a file that rclone uploads. Drive unlike all the other remotes
-can have duplicated files.
+    **WARNING**: This flag may have some unexpected consequences.
 
-Duplicated files cause problems with the syncing and you will see
-messages in the log about duplicates.
+    When uploading to your drive all files will be overwritten unless they
+    haven't been modified since their creation. And the inverse will occur
+    while downloading.  This side effect can be avoided by using the
+    "--checksum" flag.
 
-Use rclone dedupe to fix duplicated files.
+    This feature was implemented to retain photos capture date as recorded
+    by google photos. You will first need to check the "Create a Google
+    Photos folder" option in your google drive settings. You can then copy
+    or move the photos locally and use the date the image was taken
+    (created) set as the modification date.
 
-Note that this isn't just a problem with rclone, even Google Photos on
-Android duplicates files on drive sometimes.
+    Properties:
 
-Rclone appears to be re-copying files it shouldn't
+    - Config:      use_created_date
+    - Env Var:     RCLONE_DRIVE_USE_CREATED_DATE
+    - Type:        bool
+    - Default:     false
 
-The most likely cause of this is the duplicated file issue above - run
-rclone dedupe and check your logs for duplicate object or directory
-messages.
+    #### --drive-use-shared-date
 
-This can also be caused by a delay/caching on google drive's end when
-comparing directory listings. Specifically with team drives used in
-combination with --fast-list. Files that were uploaded recently may not
-appear on the directory list sent to rclone when using --fast-list.
+    Use date file was shared instead of modified date.
 
-Waiting a moderate period of time between attempts (estimated to be
-approximately 1 hour) and/or not using --fast-list both seem to be
-effective in preventing the problem.
+    Note that, as with "--drive-use-created-date", this flag may have
+    unexpected consequences when uploading/downloading files.
 
-Making your own client_id
+    If both this flag and "--drive-use-created-date" are set, the created
+    date is used.
 
-When you use rclone with Google drive in its default configuration you
-are using rclone's client_id. This is shared between all the rclone
-users. There is a global rate limit on the number of queries per second
-that each client_id can do set by Google. rclone already has a high
-quota and I will continue to make sure it is high enough by contacting
-Google.
+    Properties:
 
-It is strongly recommended to use your own client ID as the default
-rclone ID is heavily used. If you have multiple services running, it is
-recommended to use an API key for each service. The default Google quota
-is 10 transactions per second so it is recommended to stay under that
-number as if you use more than that, it will cause rclone to rate limit
-and make things slower.
+    - Config:      use_shared_date
+    - Env Var:     RCLONE_DRIVE_USE_SHARED_DATE
+    - Type:        bool
+    - Default:     false
 
-Here is how to create your own Google Drive client ID for rclone:
+    #### --drive-list-chunk
 
-1.  Log into the Google API Console with your Google account. It doesn't
-    matter what Google account you use. (It need not be the same account
-    as the Google Drive you want to access)
+    Size of listing chunk 100-1000, 0 to disable.
 
-2.  Select a project or create a new project.
+    Properties:
 
-3.  Under "ENABLE APIS AND SERVICES" search for "Drive", and enable the
-    "Google Drive API".
+    - Config:      list_chunk
+    - Env Var:     RCLONE_DRIVE_LIST_CHUNK
+    - Type:        int
+    - Default:     1000
 
-4.  Click "Credentials" in the left-side panel (not "Create
-    credentials", which opens the wizard), then "Create credentials"
-
-5.  If you already configured an "Oauth Consent Screen", then skip to
-    the next step; if not, click on "CONFIGURE CONSENT SCREEN" button
-    (near the top right corner of the right panel), then select
-    "External" and click on "CREATE"; on the next screen, enter an
-    "Application name" ("rclone" is OK); enter "User Support Email"
-    (your own email is OK); enter "Developer Contact Email" (your own
-    email is OK); then click on "Save" (all other data is optional). You
-    will also have to add some scopes, including .../auth/docs and
-    .../auth/drive in order to be able to edit, create and delete files
-    with RClone. You may also want to include the
-    ../auth/drive.metadata.readonly scope. After adding scopes, click
-    "Save and continue" to add test users. Be sure to add your own
-    account to the test users. Once you've added yourself as a test user
-    and saved the changes, click again on "Credentials" on the left
-    panel to go back to the "Credentials" screen.
-
-    (PS: if you are a GSuite user, you could also select "Internal"
-    instead of "External" above, but this will restrict API use to
-    Google Workspace users in your organisation).
-
-6.  Click on the "+ CREATE CREDENTIALS" button at the top of the screen,
-    then select "OAuth client ID".
+    #### --drive-impersonate
 
-7.  Choose an application type of "Desktop app" and click "Create". (the
-    default name is fine)
+    Impersonate this user when using a service account.
 
-8.  It will show you a client ID and client secret. Make a note of
-    these.
+    Properties:
 
-    (If you selected "External" at Step 5 continue to Step 9. If you
-    chose "Internal" you don't need to publish and can skip straight to
-    Step 10 but your destination drive must be part of the same Google
-    Workspace.)
+    - Config:      impersonate
+    - Env Var:     RCLONE_DRIVE_IMPERSONATE
+    - Type:        string
+    - Required:    false
 
-9.  Go to "Oauth consent screen" and then click "PUBLISH APP" button and
-    confirm. You will also want to add yourself as a test user.
+    #### --drive-upload-cutoff
 
-10. Provide the noted client ID and client secret to rclone.
+    Cutoff for switching to chunked upload.
 
-Be aware that, due to the "enhanced security" recently introduced by
-Google, you are theoretically expected to "submit your app for
-verification" and then wait a few weeks(!) for their response; in
-practice, you can go right ahead and use the client ID and client secret
-with rclone, the only issue will be a very scary confirmation screen
-shown when you connect via your browser for rclone to be able to get its
-token-id (but as this only happens during the remote configuration, it's
-not such a big deal). Keeping the application in "Testing" will work as
-well, but the limitation is that any grants will expire after a week,
-which can be annoying to refresh constantly. If, for whatever reason, a
-short grant time is not a problem, then keeping the application in
-testing mode would also be sufficient.
+    Properties:
 
-(Thanks to @balazer on github for these instructions.)
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_DRIVE_UPLOAD_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     8Mi
 
-Sometimes, creation of an OAuth consent in Google API Console fails due
-to an error message “The request failed because changes to one of the
-field of the resource is not supported”. As a convenient workaround, the
-necessary Google Drive API key can be created on the Python Quickstart
-page. Just push the Enable the Drive API button to receive the Client ID
-and Secret. Note that it will automatically create a new project in the
-API Console.
+    #### --drive-chunk-size
 
-Google Photos
+    Upload chunk size.
 
-The rclone backend for Google Photos is a specialized backend for
-transferring photos and videos to and from Google Photos.
+    Must a power of 2 >= 256k.
 
-NB The Google Photos API which rclone uses has quite a few limitations,
-so please read the limitations section carefully to make sure it is
-suitable for your use.
+    Making this larger will improve performance, but note that each chunk
+    is buffered in memory one per transfer.
 
-Configuration
+    Reducing this will reduce memory usage but decrease performance.
 
-The initial setup for google cloud storage involves getting a token from
-Google Photos which you need to do in your browser. rclone config walks
-you through it.
+    Properties:
 
-Here is an example of how to make a remote called remote. First run:
+    - Config:      chunk_size
+    - Env Var:     RCLONE_DRIVE_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     8Mi
 
-     rclone config
+    #### --drive-acknowledge-abuse
 
-This will guide you through an interactive setup process:
+    Set to allow files which return cannotDownloadAbusiveFile to be downloaded.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Google Photos
-       \ "google photos"
-    [snip]
-    Storage> google photos
-    ** See help for google photos backend at: https://rclone.org/googlephotos/ **
+    If downloading a file returns the error "This file has been identified
+    as malware or spam and cannot be downloaded" with the error code
+    "cannotDownloadAbusiveFile" then supply this flag to rclone to
+    indicate you acknowledge the risks of downloading the file and rclone
+    will download it anyway.
 
-    Google Application Client Id
-    Leave blank normally.
-    Enter a string value. Press Enter for the default ("").
-    client_id> 
-    Google Application Client Secret
-    Leave blank normally.
-    Enter a string value. Press Enter for the default ("").
-    client_secret> 
-    Set to make the Google Photos backend read only.
+    Note that if you are using service account it will need Manager
+    permission (not Content Manager) to for this flag to work. If the SA
+    does not have the right permission, Google will just ignore the flag.
 
-    If you choose read only then rclone will only request read only access
-    to your photos, otherwise rclone will request full access.
-    Enter a boolean value (true or false). Press Enter for the default ("false").
-    read_only> 
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No
-    y/n> n
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
+    Properties:
 
-    *** IMPORTANT: All media items uploaded to Google Photos with rclone
-    *** are stored in full resolution at original quality.  These uploads
-    *** will count towards storage in your Google Account.
+    - Config:      acknowledge_abuse
+    - Env Var:     RCLONE_DRIVE_ACKNOWLEDGE_ABUSE
+    - Type:        bool
+    - Default:     false
 
-    --------------------
-    [remote]
-    type = google photos
-    token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2019-06-28T17:38:04.644930156+01:00"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    #### --drive-keep-revision-forever
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+    Keep new head revision of each file forever.
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically
-authenticate. This only runs from the moment it opens your browser to
-the moment you get back the verification code. This is on
-http://127.0.0.1:53682/ and this may require you to unblock it
-temporarily if you are running a host firewall, or use manual mode.
+    Properties:
 
-This remote is called remote and can now be used like this
+    - Config:      keep_revision_forever
+    - Env Var:     RCLONE_DRIVE_KEEP_REVISION_FOREVER
+    - Type:        bool
+    - Default:     false
 
-See all the albums in your photos
+    #### --drive-size-as-quota
 
-    rclone lsd remote:album
+    Show sizes as storage quota usage, not actual size.
 
-Make a new album
+    Show the size of a file as the storage quota used. This is the
+    current version plus any older versions that have been set to keep
+    forever.
 
-    rclone mkdir remote:album/newAlbum
+    **WARNING**: This flag may have some unexpected consequences.
 
-List the contents of an album
+    It is not recommended to set this flag in your config - the
+    recommended usage is using the flag form --drive-size-as-quota when
+    doing rclone ls/lsl/lsf/lsjson/etc only.
 
-    rclone ls remote:album/newAlbum
+    If you do use this flag for syncing (not recommended) then you will
+    need to use --ignore size also.
 
-Sync /home/local/images to the Google Photos, removing any excess files
-in the album.
+    Properties:
 
-    rclone sync --interactive /home/local/image remote:album/newAlbum
+    - Config:      size_as_quota
+    - Env Var:     RCLONE_DRIVE_SIZE_AS_QUOTA
+    - Type:        bool
+    - Default:     false
 
-Layout
+    #### --drive-v2-download-min-size
 
-As Google Photos is not a general purpose cloud storage system, the
-backend is laid out to help you navigate it.
+    If Object's are greater, use drive v2 API to download.
 
-The directories under media show different ways of categorizing the
-media. Each file will appear multiple times. So if you want to make a
-backup of your google photos you might choose to backup
-remote:media/by-month. (NB remote:media/by-day is rather slow at the
-moment so avoid for syncing.)
+    Properties:
 
-Note that all your photos and videos will appear somewhere under media,
-but they may not appear under album unless you've put them into albums.
+    - Config:      v2_download_min_size
+    - Env Var:     RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE
+    - Type:        SizeSuffix
+    - Default:     off
 
-    /
-    - upload
-        - file1.jpg
-        - file2.jpg
-        - ...
-    - media
-        - all
-            - file1.jpg
-            - file2.jpg
-            - ...
-        - by-year
-            - 2000
-                - file1.jpg
-                - ...
-            - 2001
-                - file2.jpg
-                - ...
-            - ...
-        - by-month
-            - 2000
-                - 2000-01
-                    - file1.jpg
-                    - ...
-                - 2000-02
-                    - file2.jpg
-                    - ...
-            - ...
-        - by-day
-            - 2000
-                - 2000-01-01
-                    - file1.jpg
-                    - ...
-                - 2000-01-02
-                    - file2.jpg
-                    - ...
-            - ...
-    - album
-        - album name
-        - album name/sub
-    - shared-album
-        - album name
-        - album name/sub
-    - feature
-        - favorites
-            - file1.jpg
-            - file2.jpg
-
-There are two writable parts of the tree, the upload directory and sub
-directories of the album directory.
-
-The upload directory is for uploading files you don't want to put into
-albums. This will be empty to start with and will contain the files
-you've uploaded for one rclone session only, becoming empty again when
-you restart rclone. The use case for this would be if you have a load of
-files you just want to once off dump into Google Photos. For repeated
-syncing, uploading to album will work better.
-
-Directories within the album directory are also writeable and you may
-create new directories (albums) under album. If you copy files with a
-directory hierarchy in there then rclone will create albums with the /
-character in them. For example if you do
-
-    rclone copy /path/to/images remote:album/images
-
-and the images directory contains
-
-    images
-        - file1.jpg
-        dir
-            file2.jpg
-        dir2
-            dir3
-                file3.jpg
-
-Then rclone will create the following albums with the following files in
-
--   images
-    -   file1.jpg
--   images/dir
-    -   file2.jpg
--   images/dir2/dir3
-    -   file3.jpg
-
-This means that you can use the album path pretty much like a normal
-filesystem and it is a good target for repeated syncing.
-
-The shared-album directory shows albums shared with you or by you. This
-is similar to the Sharing tab in the Google Photos web interface.
+    #### --drive-pacer-min-sleep
 
-Standard options
+    Minimum time to sleep between API calls.
 
-Here are the Standard options specific to google photos (Google Photos).
+    Properties:
 
---gphotos-client-id
+    - Config:      pacer_min_sleep
+    - Env Var:     RCLONE_DRIVE_PACER_MIN_SLEEP
+    - Type:        Duration
+    - Default:     100ms
 
-OAuth Client Id.
+    #### --drive-pacer-burst
 
-Leave blank normally.
+    Number of API calls to allow without sleeping.
 
-Properties:
+    Properties:
 
--   Config: client_id
--   Env Var: RCLONE_GPHOTOS_CLIENT_ID
--   Type: string
--   Required: false
+    - Config:      pacer_burst
+    - Env Var:     RCLONE_DRIVE_PACER_BURST
+    - Type:        int
+    - Default:     100
 
---gphotos-client-secret
+    #### --drive-server-side-across-configs
 
-OAuth Client Secret.
+    Deprecated: use --server-side-across-configs instead.
 
-Leave blank normally.
+    Allow server-side operations (e.g. copy) to work across different drive configs.
 
-Properties:
+    This can be useful if you wish to do a server-side copy between two
+    different Google drives.  Note that this isn't enabled by default
+    because it isn't easy to tell if it will work between any two
+    configurations.
 
--   Config: client_secret
--   Env Var: RCLONE_GPHOTOS_CLIENT_SECRET
--   Type: string
--   Required: false
+    Properties:
 
---gphotos-read-only
+    - Config:      server_side_across_configs
+    - Env Var:     RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS
+    - Type:        bool
+    - Default:     false
 
-Set to make the Google Photos backend read only.
+    #### --drive-disable-http2
 
-If you choose read only then rclone will only request read only access
-to your photos, otherwise rclone will request full access.
+    Disable drive using http2.
 
-Properties:
+    There is currently an unsolved issue with the google drive backend and
+    HTTP/2.  HTTP/2 is therefore disabled by default for the drive backend
+    but can be re-enabled here.  When the issue is solved this flag will
+    be removed.
 
--   Config: read_only
--   Env Var: RCLONE_GPHOTOS_READ_ONLY
--   Type: bool
--   Default: false
+    See: https://github.com/rclone/rclone/issues/3631
 
-Advanced options
 
-Here are the Advanced options specific to google photos (Google Photos).
 
---gphotos-token
+    Properties:
 
-OAuth Access Token as a JSON blob.
+    - Config:      disable_http2
+    - Env Var:     RCLONE_DRIVE_DISABLE_HTTP2
+    - Type:        bool
+    - Default:     true
 
-Properties:
+    #### --drive-stop-on-upload-limit
 
--   Config: token
--   Env Var: RCLONE_GPHOTOS_TOKEN
--   Type: string
--   Required: false
+    Make upload limit errors be fatal.
 
---gphotos-auth-url
+    At the time of writing it is only possible to upload 750 GiB of data to
+    Google Drive a day (this is an undocumented limit). When this limit is
+    reached Google Drive produces a slightly different error message. When
+    this flag is set it causes these errors to be fatal.  These will stop
+    the in-progress sync.
 
-Auth server URL.
+    Note that this detection is relying on error message strings which
+    Google don't document so it may break in the future.
 
-Leave blank to use the provider defaults.
+    See: https://github.com/rclone/rclone/issues/3857
 
-Properties:
 
--   Config: auth_url
--   Env Var: RCLONE_GPHOTOS_AUTH_URL
--   Type: string
--   Required: false
+    Properties:
 
---gphotos-token-url
+    - Config:      stop_on_upload_limit
+    - Env Var:     RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT
+    - Type:        bool
+    - Default:     false
 
-Token server url.
+    #### --drive-stop-on-download-limit
 
-Leave blank to use the provider defaults.
+    Make download limit errors be fatal.
 
-Properties:
+    At the time of writing it is only possible to download 10 TiB of data from
+    Google Drive a day (this is an undocumented limit). When this limit is
+    reached Google Drive produces a slightly different error message. When
+    this flag is set it causes these errors to be fatal.  These will stop
+    the in-progress sync.
 
--   Config: token_url
--   Env Var: RCLONE_GPHOTOS_TOKEN_URL
--   Type: string
--   Required: false
+    Note that this detection is relying on error message strings which
+    Google don't document so it may break in the future.
 
---gphotos-read-size
 
-Set to read the size of media items.
+    Properties:
 
-Normally rclone does not read the size of media items since this takes
-another transaction. This isn't necessary for syncing. However rclone
-mount needs to know the size of files in advance of reading them, so
-setting this flag when using rclone mount is recommended if you want to
-read the media.
+    - Config:      stop_on_download_limit
+    - Env Var:     RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT
+    - Type:        bool
+    - Default:     false
 
-Properties:
+    #### --drive-skip-shortcuts
 
--   Config: read_size
--   Env Var: RCLONE_GPHOTOS_READ_SIZE
--   Type: bool
--   Default: false
+    If set skip shortcut files.
 
---gphotos-start-year
+    Normally rclone dereferences shortcut files making them appear as if
+    they are the original file (see [the shortcuts section](#shortcuts)).
+    If this flag is set then rclone will ignore shortcut files completely.
 
-Year limits the photos to be downloaded to those which are uploaded
-after the given year.
 
-Properties:
+    Properties:
 
--   Config: start_year
--   Env Var: RCLONE_GPHOTOS_START_YEAR
--   Type: int
--   Default: 2000
+    - Config:      skip_shortcuts
+    - Env Var:     RCLONE_DRIVE_SKIP_SHORTCUTS
+    - Type:        bool
+    - Default:     false
 
---gphotos-include-archived
+    #### --drive-skip-dangling-shortcuts
 
-Also view and download archived media.
+    If set skip dangling shortcut files.
 
-By default, rclone does not request archived media. Thus, when syncing,
-archived media is not visible in directory listings or transferred.
+    If this is set then rclone will not show any dangling shortcuts in listings.
 
-Note that media in albums is always visible and synced, no matter their
-archive status.
 
-With this flag, archived media are always visible in directory listings
-and transferred.
+    Properties:
 
-Without this flag, archived media will not be visible in directory
-listings and won't be transferred.
+    - Config:      skip_dangling_shortcuts
+    - Env Var:     RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS
+    - Type:        bool
+    - Default:     false
 
-Properties:
+    #### --drive-resource-key
 
--   Config: include_archived
--   Env Var: RCLONE_GPHOTOS_INCLUDE_ARCHIVED
--   Type: bool
--   Default: false
+    Resource key for accessing a link-shared file.
 
---gphotos-encoding
+    If you need to access files shared with a link like this
 
-The encoding for the backend.
+        https://drive.google.com/drive/folders/XXX?resourcekey=YYY&usp=sharing
 
-See the encoding section in the overview for more info.
+    Then you will need to use the first part "XXX" as the "root_folder_id"
+    and the second part "YYY" as the "resource_key" otherwise you will get
+    404 not found errors when trying to access the directory.
 
-Properties:
+    See: https://developers.google.com/drive/api/guides/resource-keys
 
--   Config: encoding
--   Env Var: RCLONE_GPHOTOS_ENCODING
--   Type: MultiEncoder
--   Default: Slash,CrLf,InvalidUtf8,Dot
+    This resource key requirement only applies to a subset of old files.
 
-Limitations
+    Note also that opening the folder once in the web interface (with the
+    user you've authenticated rclone with) seems to be enough so that the
+    resource key is not needed.
 
-Only images and videos can be uploaded. If you attempt to upload non
-videos or images or formats that Google Photos doesn't understand,
-rclone will upload the file, then Google Photos will give an error when
-it is put turned into a media item.
 
-Note that all media items uploaded to Google Photos through the API are
-stored in full resolution at "original quality" and will count towards
-your storage quota in your Google Account. The API does not offer a way
-to upload in "high quality" mode..
+    Properties:
 
-rclone about is not supported by the Google Photos backend. Backends
-without this capability cannot determine free space for an rclone mount
-or use policy mfs (most free space) as a member of an rclone union
-remote.
+    - Config:      resource_key
+    - Env Var:     RCLONE_DRIVE_RESOURCE_KEY
+    - Type:        string
+    - Required:    false
 
-See List of backends that do not support rclone about See rclone about
+    #### --drive-fast-list-bug-fix
 
-Downloading Images
+    Work around a bug in Google Drive listing.
 
-When Images are downloaded this strips EXIF location (according to the
-docs and my tests). This is a limitation of the Google Photos API and is
-covered by bug #112096115.
+    Normally rclone will work around a bug in Google Drive when using
+    --fast-list (ListR) where the search "(A in parents) or (B in
+    parents)" returns nothing sometimes. See #3114, #4289 and
+    https://issuetracker.google.com/issues/149522397
 
-The current google API does not allow photos to be downloaded at
-original resolution. This is very important if you are, for example,
-relying on "Google Photos" as a backup of your photos. You will not be
-able to use rclone to redownload original images. You could use 'google
-takeout' to recover the original photos as a last resort
+    Rclone detects this by finding no items in more than one directory
+    when listing and retries them as lists of individual directories.
 
-Downloading Videos
+    This means that if you have a lot of empty directories rclone will end
+    up listing them all individually and this can take many more API
+    calls.
 
-When videos are downloaded they are downloaded in a really compressed
-version of the video compared to downloading it via the Google Photos
-web interface. This is covered by bug #113672044.
+    This flag allows the work-around to be disabled. This is **not**
+    recommended in normal use - only if you have a particular case you are
+    having trouble with like many empty directories.
 
-Duplicates
 
-If a file name is duplicated in a directory then rclone will add the
-file ID into its name. So two files called file.jpg would then appear as
-file {123456}.jpg and file {ABCDEF}.jpg (the actual IDs are a lot longer
-alas!).
+    Properties:
 
-If you upload the same image (with the same binary data) twice then
-Google Photos will deduplicate it. However it will retain the filename
-from the first upload which may confuse rclone. For example if you
-uploaded an image to upload then uploaded the same image to
-album/my_album the filename of the image in album/my_album will be what
-it was uploaded with initially, not what you uploaded it with to album.
-In practise this shouldn't cause too many problems.
+    - Config:      fast_list_bug_fix
+    - Env Var:     RCLONE_DRIVE_FAST_LIST_BUG_FIX
+    - Type:        bool
+    - Default:     true
 
-Modified time
+    #### --drive-metadata-owner
 
-The date shown of media in Google Photos is the creation date as
-determined by the EXIF information, or the upload date if that is not
-known.
+    Control whether owner should be read or written in metadata.
 
-This is not changeable by rclone and is not the modification date of the
-media on local disk. This means that rclone cannot use the dates from
-Google Photos for syncing purposes.
+    Owner is a standard part of the file metadata so is easy to read. But it
+    isn't always desirable to set the owner from the metadata.
 
-Size
+    Note that you can't set the owner on Shared Drives, and that setting
+    ownership will generate an email to the new owner (this can't be
+    disabled), and you can't transfer ownership to someone outside your
+    organization.
 
-The Google Photos API does not return the size of media. This means that
-when syncing to Google Photos, rclone can only do a file existence
-check.
 
-It is possible to read the size of the media, but this needs an extra
-HTTP HEAD request per media item so is very slow and uses up a lot of
-transactions. This can be enabled with the --gphotos-read-size option or
-the read_size = true config parameter.
+    Properties:
 
-If you want to use the backend with rclone mount you may need to enable
-this flag (depending on your OS and application using the photos)
-otherwise you may not be able to read media off the mount. You'll need
-to experiment to see if it works for you without the flag.
+    - Config:      metadata_owner
+    - Env Var:     RCLONE_DRIVE_METADATA_OWNER
+    - Type:        Bits
+    - Default:     read
+    - Examples:
+        - "off"
+            - Do not read or write the value
+        - "read"
+            - Read the value only
+        - "write"
+            - Write the value only
+        - "read,write"
+            - Read and Write the value.
 
-Albums
+    #### --drive-metadata-permissions
 
-Rclone can only upload files to albums it created. This is a limitation
-of the Google Photos API.
+    Control whether permissions should be read or written in metadata.
 
-Rclone can remove files it uploaded from albums it created only.
+    Reading permissions metadata from files can be done quickly, but it
+    isn't always desirable to set the permissions from the metadata.
 
-Deleting files
+    Note that rclone drops any inherited permissions on Shared Drives and
+    any owner permission on My Drives as these are duplicated in the owner
+    metadata.
 
-Rclone can remove files from albums it created, but note that the Google
-Photos API does not allow media to be deleted permanently so this media
-will still remain. See bug #109759781.
 
-Rclone cannot delete files anywhere except under album.
+    Properties:
 
-Deleting albums
+    - Config:      metadata_permissions
+    - Env Var:     RCLONE_DRIVE_METADATA_PERMISSIONS
+    - Type:        Bits
+    - Default:     off
+    - Examples:
+        - "off"
+            - Do not read or write the value
+        - "read"
+            - Read the value only
+        - "write"
+            - Write the value only
+        - "read,write"
+            - Read and Write the value.
 
-The Google Photos API does not support deleting albums - see bug
-#135714733.
+    #### --drive-metadata-labels
 
-Hasher
+    Control whether labels should be read or written in metadata.
 
-Hasher is a special overlay backend to create remotes which handle
-checksums for other remotes. It's main functions include: - Emulate hash
-types unimplemented by backends - Cache checksums to help with slow
-hashing of large local or (S)FTP files - Warm up checksum cache from
-external SUM files
+    Reading labels metadata from files takes an extra API transaction and
+    will slow down listings. It isn't always desirable to set the labels
+    from the metadata.
 
-Getting started
+    The format of labels is documented in the drive API documentation at
+    https://developers.google.com/drive/api/reference/rest/v3/Label -
+    rclone just provides a JSON dump of this format.
 
-To use Hasher, first set up the underlying remote following the
-configuration instructions for that remote. You can also use a local
-pathname instead of a remote. Check that your base remote is working.
+    When setting labels, the label and fields must already exist - rclone
+    will not create them. This means that if you are transferring labels
+    from two different accounts you will have to create the labels in
+    advance and use the metadata mapper to translate the IDs between the
+    two accounts.
 
-Let's call the base remote myRemote:path here. Note that anything inside
-myRemote:path will be handled by hasher and anything outside won't. This
-means that if you are using a bucket based remote (S3, B2, Swift) then
-you should put the bucket in the remote s3:bucket.
 
-Now proceed to interactive or manual configuration.
+    Properties:
 
-Interactive configuration
+    - Config:      metadata_labels
+    - Env Var:     RCLONE_DRIVE_METADATA_LABELS
+    - Type:        Bits
+    - Default:     off
+    - Examples:
+        - "off"
+            - Do not read or write the value
+        - "read"
+            - Read the value only
+        - "write"
+            - Write the value only
+        - "read,write"
+            - Read and Write the value.
 
-Run rclone config:
+    #### --drive-encoding
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> Hasher1
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Handle checksums for other remotes
-       \ "hasher"
-    [snip]
-    Storage> hasher
-    Remote to cache checksums for, like myremote:mypath.
-    Enter a string value. Press Enter for the default ("").
-    remote> myRemote:path
-    Comma separated list of supported checksum types.
-    Enter a string value. Press Enter for the default ("md5,sha1").
-    hashsums> md5
-    Maximum time to keep checksums in cache. 0 = no cache, off = cache forever.
-    max_age> off
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No
-    y/n> n
-    Remote config
-    --------------------
-    [Hasher1]
-    type = hasher
-    remote = myRemote:path
-    hashsums = md5
-    max_age = off
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    The encoding for the backend.
 
-Manual configuration
-
-Run rclone config path to see the path of current active config file,
-usually YOURHOME/.config/rclone/rclone.conf. Open it in your favorite
-text editor, find section for the base remote and create new section for
-hasher like in the following examples:
-
-    [Hasher1]
-    type = hasher
-    remote = myRemote:path
-    hashes = md5
-    max_age = off
-
-    [Hasher2]
-    type = hasher
-    remote = /local/path
-    hashes = dropbox,sha1
-    max_age = 24h
-
-Hasher takes basically the following parameters: - remote is required, -
-hashes is a comma separated list of supported checksums (by default
-md5,sha1), - max_age - maximum time to keep a checksum value in the
-cache, 0 will disable caching completely, off will cache "forever" (that
-is until the files get changed).
-
-Make sure the remote has : (colon) in. If you specify the remote without
-a colon then rclone will use a local directory of that name. So if you
-use a remote of /local/path then rclone will handle hashes for that
-directory. If you use remote = name literally then rclone will put files
-in a directory called name located under current directory.
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Usage
+    Properties:
 
-Basic operations
+    - Config:      encoding
+    - Env Var:     RCLONE_DRIVE_ENCODING
+    - Type:        Encoding
+    - Default:     InvalidUtf8
 
-Now you can use it as Hasher2:subdir/file instead of base remote. Hasher
-will transparently update cache with new checksums when a file is fully
-read or overwritten, like:
+    #### --drive-env-auth
 
-    rclone copy External:path/file Hasher:dest/path
+    Get IAM credentials from runtime (environment variables or instance meta data if no env vars).
 
-    rclone cat Hasher:path/to/file > /dev/null
+    Only applies if service_account_file and service_account_credentials is blank.
 
-The way to refresh all cached checksums (even unsupported by the base
-backend) for a subtree is to re-download all files in the subtree. For
-example, use hashsum --download using any supported hashsum on the
-command line (we just care to re-read):
+    Properties:
 
-    rclone hashsum MD5 --download Hasher:path/to/subtree > /dev/null
+    - Config:      env_auth
+    - Env Var:     RCLONE_DRIVE_ENV_AUTH
+    - Type:        bool
+    - Default:     false
+    - Examples:
+        - "false"
+            - Enter credentials in the next step.
+        - "true"
+            - Get GCP IAM credentials from the environment (env vars or IAM).
 
-    rclone backend dump Hasher:path/to/subtree
+    ### Metadata
 
-You can print or drop hashsum cache using custom backend commands:
+    User metadata is stored in the properties field of the drive object.
 
-    rclone backend dump Hasher:dir/subdir
+    Here are the possible system metadata items for the drive backend.
 
-    rclone backend drop Hasher:
+    | Name | Help | Type | Example | Read Only |
+    |------|------|------|---------|-----------|
+    | btime | Time of file birth (creation) with mS accuracy. Note that this is only writable on fresh uploads - it can't be written for updates. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+    | content-type | The MIME type of the file. | string | text/plain | N |
+    | copy-requires-writer-permission | Whether the options to copy, print, or download this file, should be disabled for readers and commenters. | boolean | true | N |
+    | description | A short description of the file. | string | Contract for signing | N |
+    | folder-color-rgb | The color for a folder or a shortcut to a folder as an RGB hex string. | string | 881133 | N |
+    | labels | Labels attached to this file in a JSON dump of Googled drive format. Enable with --drive-metadata-labels. | JSON | [] | N |
+    | mtime | Time of last modification with mS accuracy. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+    | owner | The owner of the file. Usually an email address. Enable with --drive-metadata-owner. | string | user@example.com | N |
+    | permissions | Permissions in a JSON dump of Google drive format. On shared drives these will only be present if they aren't inherited. Enable with --drive-metadata-permissions. | JSON | {} | N |
+    | starred | Whether the user has starred the file. | boolean | false | N |
+    | viewed-by-me | Whether the file has been viewed by this user. | boolean | true | **Y** |
+    | writers-can-share | Whether users with only writer permission can modify the file's permissions. Not populated for items in shared drives. | boolean | false | N |
 
-Pre-Seed from a SUM File
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
 
-Hasher supports two backend commands: generic SUM file import and faster
-but less consistent stickyimport.
+    ## Backend commands
 
-    rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM [--checkers 4]
+    Here are the commands specific to the drive backend.
 
-Instead of SHA1 it can be any hash supported by the remote. The last
-argument can point to either a local or an other-remote:path text file
-in SUM format. The command will parse the SUM file, then walk down the
-path given by the first argument, snapshot current fingerprints and fill
-in the cache entries correspondingly. - Paths in the SUM file are
-treated as relative to hasher:dir/subdir. - The command will not check
-that supplied values are correct. You must know what you are doing. -
-This is a one-time action. The SUM file will not get "attached" to the
-remote. Cache entries can still be overwritten later, should the
-object's fingerprint change. - The tree walk can take long depending on
-the tree size. You can increase --checkers to make it faster. Or use
-stickyimport if you don't care about fingerprints and consistency.
+    Run them with
 
-    rclone backend stickyimport hasher:path/to/data sha1 remote:/path/to/sum.sha1
+        rclone backend COMMAND remote:
 
-stickyimport is similar to import but works much faster because it does
-not need to stat existing files and skips initial tree walk. Instead of
-binding cache entries to file fingerprints it creates sticky entries
-bound to the file name alone ignoring size, modification time etc. Such
-hash entries can be replaced only by purge, delete, backend drop or by
-full re-read/re-write of the files.
+    The help below will explain what arguments each command takes.
 
-Configuration reference
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
 
-Standard options
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
 
-Here are the Standard options specific to hasher (Better checksums for
-other remotes).
+    ### get
 
---hasher-remote
+    Get command for fetching the drive config parameters
 
-Remote to cache checksums for (e.g. myRemote:path).
+        rclone backend get remote: [options] [<arguments>+]
 
-Properties:
+    This is a get command which will be used to fetch the various drive config parameters
 
--   Config: remote
--   Env Var: RCLONE_HASHER_REMOTE
--   Type: string
--   Required: true
+    Usage Examples:
 
---hasher-hashes
+        rclone backend get drive: [-o service_account_file] [-o chunk_size]
+        rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
 
-Comma separated list of supported checksum types.
 
-Properties:
+    Options:
 
--   Config: hashes
--   Env Var: RCLONE_HASHER_HASHES
--   Type: CommaSepList
--   Default: md5,sha1
+    - "chunk_size": show the current upload chunk size
+    - "service_account_file": show the current service account file
 
---hasher-max-age
+    ### set
 
-Maximum time to keep checksums in cache (0 = no cache, off = cache
-forever).
+    Set command for updating the drive config parameters
 
-Properties:
+        rclone backend set remote: [options] [<arguments>+]
 
--   Config: max_age
--   Env Var: RCLONE_HASHER_MAX_AGE
--   Type: Duration
--   Default: off
+    This is a set command which will be used to update the various drive config parameters
 
-Advanced options
+    Usage Examples:
 
-Here are the Advanced options specific to hasher (Better checksums for
-other remotes).
+        rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+        rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
 
---hasher-auto-size
 
-Auto-update checksum for files smaller than this size (disabled by
-default).
+    Options:
 
-Properties:
+    - "chunk_size": update the current upload chunk size
+    - "service_account_file": update the current service account file
 
--   Config: auto_size
--   Env Var: RCLONE_HASHER_AUTO_SIZE
--   Type: SizeSuffix
--   Default: 0
+    ### shortcut
 
-Metadata
+    Create shortcuts from files or directories
 
-Any metadata supported by the underlying remote is read and written.
+        rclone backend shortcut remote: [options] [<arguments>+]
 
-See the metadata docs for more info.
+    This command creates shortcuts from files or directories.
 
-Backend commands
+    Usage:
 
-Here are the commands specific to the hasher backend.
+        rclone backend shortcut drive: source_item destination_shortcut
+        rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
 
-Run them with
+    In the first example this creates a shortcut from the "source_item"
+    which can be a file or a directory to the "destination_shortcut". The
+    "source_item" and the "destination_shortcut" should be relative paths
+    from "drive:"
 
-    rclone backend COMMAND remote:
+    In the second example this creates a shortcut from the "source_item"
+    relative to "drive:" to the "destination_shortcut" relative to
+    "drive2:". This may fail with a permission error if the user
+    authenticated with "drive2:" can't read files from "drive:".
 
-The help below will explain what arguments each command takes.
 
-See the backend command for more info on how to pass options and
-arguments.
+    Options:
 
-These can be run on a running backend using the rc command
-backend/command.
+    - "target": optional target remote for the shortcut destination
 
-drop
+    ### drives
 
-Drop cache
+    List the Shared Drives available to this account
 
-    rclone backend drop remote: [options] [<arguments>+]
+        rclone backend drives remote: [options] [<arguments>+]
 
-Completely drop checksum cache. Usage Example: rclone backend drop
-hasher:
+    This command lists the Shared Drives (Team Drives) available to this
+    account.
 
-dump
+    Usage:
 
-Dump the database
+        rclone backend [-o config] drives drive:
 
-    rclone backend dump remote: [options] [<arguments>+]
+    This will return a JSON list of objects like this
 
-Dump cache records covered by the current remote
+        [
+            {
+                "id": "0ABCDEF-01234567890",
+                "kind": "drive#teamDrive",
+                "name": "My Drive"
+            },
+            {
+                "id": "0ABCDEFabcdefghijkl",
+                "kind": "drive#teamDrive",
+                "name": "Test Drive"
+            }
+        ]
 
-fulldump
+    With the -o config parameter it will output the list in a format
+    suitable for adding to a config file to make aliases for all the
+    drives found and a combined drive.
 
-Full dump of the database
+        [My Drive]
+        type = alias
+        remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
 
-    rclone backend fulldump remote: [options] [<arguments>+]
+        [Test Drive]
+        type = alias
+        remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
 
-Dump all cache records in the database
+        [AllDrives]
+        type = combine
+        upstreams = "My Drive=My Drive:" "Test Drive=Test Drive:"
 
-import
+    Adding this to the rclone config file will cause those team drives to
+    be accessible with the aliases shown. Any illegal characters will be
+    substituted with "_" and duplicate names will have numbers suffixed.
+    It will also add a remote called AllDrives which shows all the shared
+    drives combined into one directory tree.
 
-Import a SUM file
 
-    rclone backend import remote: [options] [<arguments>+]
+    ### untrash
 
-Amend hash cache from a SUM file and bind checksums to files by
-size/time. Usage Example: rclone backend import hasher:subdir md5
-/path/to/sum.md5
+    Untrash files and directories
 
-stickyimport
+        rclone backend untrash remote: [options] [<arguments>+]
 
-Perform fast import of a SUM file
+    This command untrashes all the files and directories in the directory
+    passed in recursively.
 
-    rclone backend stickyimport remote: [options] [<arguments>+]
+    Usage:
 
-Fill hash cache from a SUM file without verifying file fingerprints.
-Usage Example: rclone backend stickyimport hasher:subdir md5
-remote:path/to/sum.md5
+    This takes an optional directory to trash which make this easier to
+    use via the API.
 
-Implementation details (advanced)
+        rclone backend untrash drive:directory
+        rclone backend --interactive untrash drive:directory subdir
 
-This section explains how various rclone operations work on a hasher
-remote.
+    Use the --interactive/-i or --dry-run flag to see what would be restored before restoring it.
 
-Disclaimer. This section describes current implementation which can
-change in future rclone versions!.
+    Result:
 
-Hashsum command
+        {
+            "Untrashed": 17,
+            "Errors": 0
+        }
 
-The rclone hashsum (or md5sum or sha1sum) command will:
 
-1.  if requested hash is supported by lower level, just pass it.
-2.  if object size is below auto_size then download object and calculate
-    requested hashes on the fly.
-3.  if unsupported and the size is big enough, build object fingerprint
-    (including size, modtime if supported, first-found other hash if
-    any).
-4.  if the strict match is found in cache for the requested remote,
-    return the stored hash.
-5.  if remote found but fingerprint mismatched, then purge the entry and
-    proceed to step 6.
-6.  if remote not found or had no requested hash type or after step 5:
-    download object, calculate all supported hashes on the fly and store
-    in cache; return requested hash.
+    ### copyid
 
-Other operations
+    Copy files by ID
 
--   whenever a file is uploaded or downloaded in full, capture the
-    stream to calculate all supported hashes on the fly and update
-    database
--   server-side move will update keys of existing cache entries
--   deletefile will remove a single cache entry
--   purge will remove all cache entries under the purged path
+        rclone backend copyid remote: [options] [<arguments>+]
 
-Note that setting max_age = 0 will disable checksum caching completely.
+    This command copies files by ID
 
-If you set max_age = off, checksums in cache will never age, unless you
-fully rewrite or delete the file.
+    Usage:
 
-Cache storage
+        rclone backend copyid drive: ID path
+        rclone backend copyid drive: ID1 path1 ID2 path2
 
-Cached checksums are stored as bolt database files under rclone cache
-directory, usually ~/.cache/rclone/kv/. Databases are maintained one per
-base backend, named like BaseRemote~hasher.bolt. Checksums for multiple
-alias-es into a single base backend will be stored in the single
-database. All local paths are treated as aliases into the local backend
-(unless crypted or chunked) and stored in
-~/.cache/rclone/kv/local~hasher.bolt. Databases can be shared between
-multiple rclone processes.
+    It copies the drive file with ID given to the path (an rclone path which
+    will be passed internally to rclone copyto). The ID and path pairs can be
+    repeated.
 
-HDFS
+    The path should end with a / to indicate copy the file as named to
+    this directory. If it doesn't end with a / then the last path
+    component will be used as the file name.
 
-HDFS is a distributed file-system, part of the Apache Hadoop framework.
+    If the destination is a drive backend then server-side copying will be
+    attempted if possible.
 
-Paths are specified as remote: or remote:path/to/dir.
+    Use the --interactive/-i or --dry-run flag to see what would be copied before copying.
 
-Configuration
 
-Here is an example of how to make a remote called remote. First run:
+    ### exportformats
 
-     rclone config
+    Dump the export formats for debug purposes
 
-This will guide you through an interactive setup process:
+        rclone backend exportformats remote: [options] [<arguments>+]
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [skip]
-    XX / Hadoop distributed file system
-       \ "hdfs"
-    [skip]
-    Storage> hdfs
-    ** See help for hdfs backend at: https://rclone.org/hdfs/ **
-
-    hadoop name node and port
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / Connect to host namenode at port 8020
-       \ "namenode:8020"
-    namenode> namenode.hadoop:8020
-    hadoop user name
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / Connect to hdfs as root
-       \ "root"
-    username> root
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No (default)
-    y/n> n
-    Remote config
-    --------------------
-    [remote]
-    type = hdfs
-    namenode = namenode.hadoop:8020
-    username = root
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
-    Current remotes:
+    ### importformats
 
-    Name                 Type
-    ====                 ====
-    hadoop               hdfs
+    Dump the import formats for debug purposes
 
-    e) Edit existing remote
-    n) New remote
-    d) Delete remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    e/n/d/r/c/s/q> q
+        rclone backend importformats remote: [options] [<arguments>+]
 
-This remote is called remote and can now be used like this
 
-See all the top level directories
 
-    rclone lsd remote:
+    ## Limitations
 
-List the contents of a directory
+    Drive has quite a lot of rate limiting.  This causes rclone to be
+    limited to transferring about 2 files per second only.  Individual
+    files may be transferred much faster at 100s of MiB/s but lots of
+    small files can take a long time.
 
-    rclone ls remote:directory
+    Server side copies are also subject to a separate rate limit. If you
+    see User rate limit exceeded errors, wait at least 24 hours and retry.
+    You can disable server-side copies with `--disable copy` to download
+    and upload the files if you prefer.
 
-Sync the remote directory to /home/local/directory, deleting any excess
-files.
+    ### Limitations of Google Docs
 
-    rclone sync --interactive remote:directory /home/local/directory
+    Google docs will appear as size -1 in `rclone ls`, `rclone ncdu` etc,
+    and as size 0 in anything which uses the VFS layer, e.g. `rclone mount`
+    and `rclone serve`. When calculating directory totals, e.g. in
+    `rclone size` and `rclone ncdu`, they will be counted in as empty
+    files.
 
-Setting up your own HDFS instance for testing
+    This is because rclone can't find out the size of the Google docs
+    without downloading them.
 
-You may start with a manual setup or use the docker image from the
-tests:
+    Google docs will transfer correctly with `rclone sync`, `rclone copy`
+    etc as rclone knows to ignore the size when doing the transfer.
 
-If you want to build the docker image
+    However an unfortunate consequence of this is that you may not be able
+    to download Google docs using `rclone mount`. If it doesn't work you
+    will get a 0 sized file.  If you try again the doc may gain its
+    correct size and be downloadable. Whether it will work on not depends
+    on the application accessing the mount and the OS you are running -
+    experiment to find out if it does work for you!
 
-    git clone https://github.com/rclone/rclone.git
-    cd rclone/fstest/testserver/images/test-hdfs
-    docker build --rm -t rclone/test-hdfs .
+    ### Duplicated files
 
-Or you can just use the latest one pushed
+    Sometimes, for no reason I've been able to track down, drive will
+    duplicate a file that rclone uploads.  Drive unlike all the other
+    remotes can have duplicated files.
 
-    docker run --rm --name "rclone-hdfs" -p 127.0.0.1:9866:9866 -p 127.0.0.1:8020:8020 --hostname "rclone-hdfs" rclone/test-hdfs
+    Duplicated files cause problems with the syncing and you will see
+    messages in the log about duplicates.
 
-NB it need few seconds to startup.
+    Use `rclone dedupe` to fix duplicated files.
 
-For this docker image the remote needs to be configured like this:
+    Note that this isn't just a problem with rclone, even Google Photos on
+    Android duplicates files on drive sometimes.
 
-    [remote]
-    type = hdfs
-    namenode = 127.0.0.1:8020
-    username = root
+    ### Rclone appears to be re-copying files it shouldn't
 
-You can stop this image with docker kill rclone-hdfs (NB it does not use
-volumes, so all data uploaded will be lost.)
+    The most likely cause of this is the duplicated file issue above - run
+    `rclone dedupe` and check your logs for duplicate object or directory
+    messages.
 
-Modified time
+    This can also be caused by a delay/caching on google drive's end when
+    comparing directory listings. Specifically with team drives used in
+    combination with --fast-list. Files that were uploaded recently may
+    not appear on the directory list sent to rclone when using --fast-list.
 
-Time accurate to 1 second is stored.
+    Waiting a moderate period of time between attempts (estimated to be
+    approximately 1 hour) and/or not using --fast-list both seem to be
+    effective in preventing the problem.
 
-Checksum
+    ### SHA1 or SHA256 hashes may be missing
 
-No checksums are implemented.
+    All files have MD5 hashes, but a small fraction of files uploaded may
+    not have SHA1 or SHA256 hashes especially if they were uploaded before 2018.
 
-Usage information
+    ## Making your own client_id
 
-You can use the rclone about remote: command which will display
-filesystem size and current usage.
+    When you use rclone with Google drive in its default configuration you
+    are using rclone's client_id.  This is shared between all the rclone
+    users.  There is a global rate limit on the number of queries per
+    second that each client_id can do set by Google.  rclone already has a
+    high quota and I will continue to make sure it is high enough by
+    contacting Google.
 
-Restricted filename characters
+    It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    Here is how to create your own Google Drive client ID for rclone:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  :            0x3A        ：
+    1. Log into the [Google API
+    Console](https://console.developers.google.com/) with your Google
+    account. It doesn't matter what Google account you use. (It need not
+    be the same account as the Google Drive you want to access)
 
-Invalid UTF-8 bytes will also be replaced.
+    2. Select a project or create a new project.
 
-Standard options
+    3. Under "ENABLE APIS AND SERVICES" search for "Drive", and enable the
+    "Google Drive API".
 
-Here are the Standard options specific to hdfs (Hadoop distributed file
-system).
+    4. Click "Credentials" in the left-side panel (not "Create
+    credentials", which opens the wizard).
+
+    5. If you already configured an "Oauth Consent Screen", then skip
+    to the next step; if not, click on "CONFIGURE CONSENT SCREEN" button 
+    (near the top right corner of the right panel), then select "External"
+    and click on "CREATE"; on the next screen, enter an "Application name"
+    ("rclone" is OK); enter "User Support Email" (your own email is OK); 
+    enter "Developer Contact Email" (your own email is OK); then click on
+    "Save" (all other data is optional). You will also have to add some scopes,
+    including `.../auth/docs` and `.../auth/drive` in order to be able to edit,
+    create and delete files with RClone. You may also want to include the
+    `../auth/drive.metadata.readonly` scope. After adding scopes, click
+    "Save and continue" to add test users. Be sure to add your own account to
+    the test users. Once you've added yourself as a test user and saved the
+    changes, click again on "Credentials" on the left panel to go back to
+    the "Credentials" screen.
+
+       (PS: if you are a GSuite user, you could also select "Internal" instead
+    of "External" above, but this will restrict API use to Google Workspace 
+    users in your organisation). 
+
+    6.  Click on the "+ CREATE CREDENTIALS" button at the top of the screen,
+    then select "OAuth client ID".
 
---hdfs-namenode
+    7. Choose an application type of "Desktop app" and click "Create". (the default name is fine)
 
-Hadoop name node and port.
+    8. It will show you a client ID and client secret. Make a note of these.
+       
+       (If you selected "External" at Step 5 continue to Step 9. 
+       If you chose "Internal" you don't need to publish and can skip straight to
+       Step 10 but your destination drive must be part of the same Google Workspace.)
 
-E.g. "namenode:8020" to connect to host namenode at port 8020.
+    9. Go to "Oauth consent screen" and then click "PUBLISH APP" button and confirm.
+       You will also want to add yourself as a test user.
 
-Properties:
+    10. Provide the noted client ID and client secret to rclone.
 
--   Config: namenode
--   Env Var: RCLONE_HDFS_NAMENODE
--   Type: string
--   Required: true
+    Be aware that, due to the "enhanced security" recently introduced by
+    Google, you are theoretically expected to "submit your app for verification"
+    and then wait a few weeks(!) for their response; in practice, you can go right
+    ahead and use the client ID and client secret with rclone, the only issue will
+    be a very scary confirmation screen shown when you connect via your browser 
+    for rclone to be able to get its token-id (but as this only happens during 
+    the remote configuration, it's not such a big deal). Keeping the application in
+    "Testing" will work as well, but the limitation is that any grants will expire
+    after a week, which can be annoying to refresh constantly. If, for whatever
+    reason, a short grant time is not a problem, then keeping the application in
+    testing mode would also be sufficient.
 
---hdfs-username
+    (Thanks to @balazer on github for these instructions.)
 
-Hadoop user name.
+    Sometimes, creation of an OAuth consent in Google API Console fails due to an error message
+    “The request failed because changes to one of the field of the resource is not supported”.
+    As a convenient workaround, the necessary Google Drive API key can be created on the
+    [Python Quickstart](https://developers.google.com/drive/api/v3/quickstart/python) page.
+    Just push the Enable the Drive API button to receive the Client ID and Secret.
+    Note that it will automatically create a new project in the API Console.
 
-Properties:
+    #  Google Photos
 
--   Config: username
--   Env Var: RCLONE_HDFS_USERNAME
--   Type: string
--   Required: false
--   Examples:
-    -   "root"
-        -   Connect to hdfs as root.
+    The rclone backend for [Google Photos](https://www.google.com/photos/about/) is
+    a specialized backend for transferring photos and videos to and from
+    Google Photos.
 
-Advanced options
+    **NB** The Google Photos API which rclone uses has quite a few
+    limitations, so please read the [limitations section](#limitations)
+    carefully to make sure it is suitable for your use.
 
-Here are the Advanced options specific to hdfs (Hadoop distributed file
-system).
+    ## Configuration
 
---hdfs-service-principal-name
+    The initial setup for google cloud storage involves getting a token from Google Photos
+    which you need to do in your browser.  `rclone config` walks you
+    through it.
 
-Kerberos service principal name for the namenode.
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Enables KERBEROS authentication. Specifies the Service Principal Name
-(SERVICE/FQDN) for the namenode. E.g. "hdfs/namenode.hadoop.docker" for
-namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.
+         rclone config
 
-Properties:
+    This will guide you through an interactive setup process:
 
--   Config: service_principal_name
--   Env Var: RCLONE_HDFS_SERVICE_PRINCIPAL_NAME
--   Type: string
--   Required: false
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX / Google
+Photos  "google photos" [snip] Storage> google photos ** See help for
+google photos backend at: https://rclone.org/googlephotos/ **
 
---hdfs-data-transfer-protection
+Google Application Client Id Leave blank normally. Enter a string value.
+Press Enter for the default (""). client_id> Google Application Client
+Secret Leave blank normally. Enter a string value. Press Enter for the
+default (""). client_secret> Set to make the Google Photos backend read
+only.
 
-Kerberos data transfer protection: authentication|integrity|privacy.
+If you choose read only then rclone will only request read only access
+to your photos, otherwise rclone will request full access. Enter a
+boolean value (true or false). Press Enter for the default ("false").
+read_only> Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config
+Use web browser to automatically authenticate rclone with remote? * Say
+Y if the machine running rclone has a web browser you can use * Say N if
+running rclone on a (remote) machine without web browser access If not
+sure try Y. If Y failed, try N. y) Yes n) No y/n> y If your browser
+doesn't open automatically go to the following link:
+http://127.0.0.1:53682/auth Log in and authorize rclone for access
+Waiting for code... Got code
 
-Specifies whether or not authentication, data signature integrity
-checks, and wire encryption is required when communicating the the
-datanodes. Possible values are 'authentication', 'integrity' and
-'privacy'. Used only with KERBEROS enabled.
+*** IMPORTANT: All media items uploaded to Google Photos with rclone ***
+are stored in full resolution at original quality. These uploads ***
+will count towards storage in your Google Account.
 
-Properties:
+  -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+  [remote] type = google photos token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2019-06-28T17:38:04.644930156+01:00"}
+  -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+  y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y ```
 
--   Config: data_transfer_protection
--   Env Var: RCLONE_HDFS_DATA_TRANSFER_PROTECTION
--   Type: string
--   Required: false
--   Examples:
-    -   "privacy"
-        -   Ensure authentication, integrity and encryption enabled.
+  See the remote setup docs for how to set it up on a machine with no Internet browser available.
 
---hdfs-encoding
+  Note that rclone runs a webserver on your local machine to collect the token as returned from Google if using web browser to automatically authenticate. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/ and this may require you to unblock it temporarily if you are running a host firewall, or use manual mode.
 
-The encoding for the backend.
+  This remote is called remote and can now be used like this
 
-See the encoding section in the overview for more info.
+  See all the albums in your photos
 
-Properties:
+  rclone lsd remote:album
 
--   Config: encoding
--   Env Var: RCLONE_HDFS_ENCODING
--   Type: MultiEncoder
--   Default: Slash,Colon,Del,Ctl,InvalidUtf8,Dot
+  Make a new album
 
-Limitations
+  rclone mkdir remote:album/newAlbum
 
--   No server-side Move or DirMove.
--   Checksums not implemented.
+  List the contents of an album
 
-HiDrive
+  rclone ls remote:album/newAlbum
 
-Paths are specified as remote:path
+  Sync /home/local/images to the Google Photos, removing any excess files in the album.
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+  rclone sync --interactive /home/local/image remote:album/newAlbum
 
-The initial setup for hidrive involves getting a token from HiDrive
-which you need to do in your browser. rclone config walks you through
-it.
+  ### Layout
 
-Configuration
+  As Google Photos is not a general purpose cloud storage system, the backend is laid out to help you navigate it.
 
-Here is an example of how to make a remote called remote. First run:
+  The directories under media show different ways of categorizing the media. Each file will appear multiple times. So if you want to make a backup of your google photos you might choose to backup remote:media/by-month. (NB remote:media/by-day is rather slow at the moment so avoid for syncing.)
 
-     rclone config
+  Note that all your photos and videos will appear somewhere under media, but they may not appear under album unless you've put them into albums.
 
-This will guide you through an interactive setup process:
+  / - upload - file1.jpg - file2.jpg - ... - media - all - file1.jpg - file2.jpg - ... - by-year - 2000 - file1.jpg - ... - 2001 - file2.jpg - ... - ... - by-month - 2000 - 2000-01 - file1.jpg - ... - 2000-02 - file2.jpg - ... - ... - by-day - 2000 - 2000-01-01 - file1.jpg - ... - 2000-01-02 - file2.jpg - ... - ... - album - album name - album name/sub - shared-album - album name - album name/sub - feature - favorites - file1.jpg - file2.jpg
 
-    No remotes found - make a new one
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / HiDrive
-       \ "hidrive"
-    [snip]
-    Storage> hidrive
-    OAuth Client Id - Leave blank normally.
-    client_id>
-    OAuth Client Secret - Leave blank normally.
-    client_secret>
-    Access permissions that rclone should use when requesting access from HiDrive.
-    Leave blank normally.
-    scope_access>
-    Edit advanced config?
-    y/n> n
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [remote]
-    type = hidrive
-    token = {"access_token":"xxxxxxxxxxxxxxxxxxxx","token_type":"Bearer","refresh_token":"xxxxxxxxxxxxxxxxxxxxxxx","expiry":"xxxxxxxxxxxxxxxxxxxxxxx"}
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+  There are two writable parts of the tree, the upload directory and sub directories of the album directory.
 
-You should be aware that OAuth-tokens can be used to access your account
-and hence should not be shared with other persons. See the below section
-for more information.
+  The upload directory is for uploading files you don't want to put into albums. This will be empty to start with and will contain the files you've uploaded for one rclone session only, becoming empty again when you restart rclone. The use case for this would be if you have a load of files you just want to once off dump into Google Photos. For repeated syncing, uploading to album will work better.
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+  Directories within the album directory are also writeable and you may create new directories (albums) under album. If you copy files with a directory hierarchy in there then rclone will create albums with the / character in them. For example if you do
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from HiDrive. This only runs from the moment it opens
-your browser to the moment you get back the verification code. The
-webserver runs on http://127.0.0.1:53682/. If local port 53682 is
-protected by a firewall you may need to temporarily unblock the firewall
-to complete authorization.
+  rclone copy /path/to/images remote:album/images
 
-Once configured you can then use rclone like this,
+  and the images directory contains
 
-List directories in top level of your HiDrive root folder
+  images - file1.jpg dir file2.jpg dir2 dir3 file3.jpg
 
-    rclone lsd remote:
+  Then rclone will create the following albums with the following files in
 
-List all the files in your HiDrive filesystem
+  - images - file1.jpg - images/dir - file2.jpg - images/dir2/dir3 - file3.jpg
 
-    rclone ls remote:
+  This means that you can use the album path pretty much like a normal filesystem and it is a good target for repeated syncing.
 
-To copy a local directory to a HiDrive directory called backup
+  The shared-album directory shows albums shared with you or by you. This is similar to the Sharing tab in the Google Photos web interface.
 
-    rclone copy /home/source remote:backup
+  ### Standard options
 
-Keeping your tokens safe
+  Here are the Standard options specific to google photos (Google Photos).
 
-Any OAuth-tokens will be stored by rclone in the remote's configuration
-file as unencrypted text. Anyone can use a valid refresh-token to access
-your HiDrive filesystem without knowing your password. Therefore you
-should make sure no one else can access your configuration.
+  #### --gphotos-client-id
 
-It is possible to encrypt rclone's configuration file. You can find
-information on securing your configuration file by viewing the
-configuration encryption docs.
+  OAuth Client Id.
 
-Invalid refresh token
+  Leave blank normally.
 
-As can be verified here, each refresh_token (for Native Applications) is
-valid for 60 days. If used to access HiDrivei, its validity will be
-automatically extended.
+  Properties:
 
-This means that if you
+  - Config: client_id - Env Var: RCLONE_GPHOTOS_CLIENT_ID - Type: string - Required: false
 
--   Don't use the HiDrive remote for 60 days
+  #### --gphotos-client-secret
 
-then rclone will return an error which includes a text that implies the
-refresh token is invalid or expired.
+  OAuth Client Secret.
 
-To fix this you will need to authorize rclone to access your HiDrive
-account again.
+  Leave blank normally.
 
-Using
+  Properties:
 
-    rclone config reconnect remote:
+  - Config: client_secret - Env Var: RCLONE_GPHOTOS_CLIENT_SECRET - Type: string - Required: false
 
-the process is very similar to the process of initial setup exemplified
-before.
+  #### --gphotos-read-only
 
-Modified time and hashes
+  Set to make the Google Photos backend read only.
 
-HiDrive allows modification times to be set on objects accurate to 1
-second.
+  If you choose read only then rclone will only request read only access to your photos, otherwise rclone will request full access.
 
-HiDrive supports its own hash type which is used to verify the integrity
-of file contents after successful transfers.
+  Properties:
 
-Restricted filename characters
+  - Config: read_only - Env Var: RCLONE_GPHOTOS_READ_ONLY - Type: bool - Default: false
 
-HiDrive cannot store files or folders that include / (0x2F) or
-null-bytes (0x00) in their name. Any other characters can be used in the
-names of files or folders. Additionally, files or folders cannot be
-named either of the following: . or ..
+  ### Advanced options
 
-Therefore rclone will automatically replace these characters, if files
-or folders are stored or accessed with such names.
+  Here are the Advanced options specific to google photos (Google Photos).
 
-You can read about how this filename encoding works in general here.
+  #### --gphotos-token
 
-Keep in mind that HiDrive only supports file or folder names with a
-length of 255 characters or less.
+  OAuth Access Token as a JSON blob.
 
-Transfers
+  Properties:
 
-HiDrive limits file sizes per single request to a maximum of 2 GiB. To
-allow storage of larger files and allow for better upload performance,
-the hidrive backend will use a chunked transfer for files larger than 96
-MiB. Rclone will upload multiple parts/chunks of the file at the same
-time. Chunks in the process of being uploaded are buffered in memory, so
-you may want to restrict this behaviour on systems with limited
-resources.
+  - Config: token - Env Var: RCLONE_GPHOTOS_TOKEN - Type: string - Required: false
 
-You can customize this behaviour using the following options:
+  #### --gphotos-auth-url
 
--   chunk_size: size of file parts
--   upload_cutoff: files larger or equal to this in size will use a
-    chunked transfer
--   upload_concurrency: number of file-parts to upload at the same time
+  Auth server URL.
 
-See the below section about configuration options for more details.
+  Leave blank to use the provider defaults.
 
-Root folder
+  Properties:
 
-You can set the root folder for rclone. This is the directory that
-rclone considers to be the root of your HiDrive.
+  - Config: auth_url - Env Var: RCLONE_GPHOTOS_AUTH_URL - Type: string - Required: false
 
-Usually, you will leave this blank, and rclone will use the root of the
-account.
+  #### --gphotos-token-url
 
-However, you can set this to restrict rclone to a specific folder
-hierarchy.
+  Token server url.
 
-This works by prepending the contents of the root_prefix option to any
-paths accessed by rclone. For example, the following two ways to access
-the home directory are equivalent:
+  Leave blank to use the provider defaults.
 
-    rclone lsd --hidrive-root-prefix="/users/test/" remote:path
+  Properties:
 
-    rclone lsd remote:/users/test/path
+  - Config: token_url - Env Var: RCLONE_GPHOTOS_TOKEN_URL - Type: string - Required: false
 
-See the below section about configuration options for more details.
+  #### --gphotos-read-size
 
-Directory member count
+  Set to read the size of media items.
 
-By default, rclone will know the number of directory members contained
-in a directory. For example, rclone lsd uses this information.
+  Normally rclone does not read the size of media items since this takes another transaction. This isn't necessary for syncing. However rclone mount needs to know the size of files in advance of reading them, so setting this flag when using rclone mount is recommended if you want to read the media.
 
-The acquisition of this information will result in additional time costs
-for HiDrive's API. When dealing with large directory structures, it may
-be desirable to circumvent this time cost, especially when this
-information is not explicitly needed. For this, the
-disable_fetching_member_count option can be used.
+  Properties:
 
-See the below section about configuration options for more details.
+  - Config: read_size - Env Var: RCLONE_GPHOTOS_READ_SIZE - Type: bool - Default: false
 
-Standard options
+  #### --gphotos-start-year
 
-Here are the Standard options specific to hidrive (HiDrive).
+  Year limits the photos to be downloaded to those which are uploaded after the given year.
 
---hidrive-client-id
+  Properties:
 
-OAuth Client Id.
+  - Config: start_year - Env Var: RCLONE_GPHOTOS_START_YEAR - Type: int - Default: 2000
 
-Leave blank normally.
+  #### --gphotos-include-archived
 
-Properties:
+  Also view and download archived media.
 
--   Config: client_id
--   Env Var: RCLONE_HIDRIVE_CLIENT_ID
--   Type: string
--   Required: false
+  By default, rclone does not request archived media. Thus, when syncing, archived media is not visible in directory listings or transferred.
 
---hidrive-client-secret
+  Note that media in albums is always visible and synced, no matter their archive status.
 
-OAuth Client Secret.
+  With this flag, archived media are always visible in directory listings and transferred.
 
-Leave blank normally.
+  Without this flag, archived media will not be visible in directory listings and won't be transferred.
 
-Properties:
+  Properties:
 
--   Config: client_secret
--   Env Var: RCLONE_HIDRIVE_CLIENT_SECRET
--   Type: string
--   Required: false
+  - Config: include_archived - Env Var: RCLONE_GPHOTOS_INCLUDE_ARCHIVED - Type: bool - Default: false
 
---hidrive-scope-access
+  #### --gphotos-encoding
 
-Access permissions that rclone should use when requesting access from
-HiDrive.
+  The encoding for the backend.
 
-Properties:
+  See the encoding section in the overview for more info.
 
--   Config: scope_access
--   Env Var: RCLONE_HIDRIVE_SCOPE_ACCESS
--   Type: string
--   Default: "rw"
--   Examples:
-    -   "rw"
-        -   Read and write access to resources.
-    -   "ro"
-        -   Read-only access to resources.
+  Properties:
 
-Advanced options
+  - Config: encoding - Env Var: RCLONE_GPHOTOS_ENCODING - Type: Encoding - Default: Slash,CrLf,InvalidUtf8,Dot
 
-Here are the Advanced options specific to hidrive (HiDrive).
+  #### --gphotos-batch-mode
 
---hidrive-token
+  Upload file batching sync|async|off.
 
-OAuth Access Token as a JSON blob.
+  This sets the batch mode used by rclone.
 
-Properties:
+  This has 3 possible values
 
--   Config: token
--   Env Var: RCLONE_HIDRIVE_TOKEN
--   Type: string
--   Required: false
+  - off - no batching - sync - batch uploads and check completion (default) - async - batch upload and don't check completion
 
---hidrive-auth-url
+  Rclone will close any outstanding batches when it exits which may make a delay on quit.
 
-Auth server URL.
+  Properties:
 
-Leave blank to use the provider defaults.
+  - Config: batch_mode - Env Var: RCLONE_GPHOTOS_BATCH_MODE - Type: string - Default: "sync"
 
-Properties:
+  #### --gphotos-batch-size
 
--   Config: auth_url
--   Env Var: RCLONE_HIDRIVE_AUTH_URL
--   Type: string
--   Required: false
+  Max number of files in upload batch.
 
---hidrive-token-url
+  This sets the batch size of files to upload. It has to be less than 50.
 
-Token server url.
+  By default this is 0 which means rclone which calculate the batch size depending on the setting of batch_mode.
 
-Leave blank to use the provider defaults.
+  - batch_mode: async - default batch_size is 50 - batch_mode: sync - default batch_size is the same as --transfers - batch_mode: off - not in use
 
-Properties:
+  Rclone will close any outstanding batches when it exits which may make a delay on quit.
 
--   Config: token_url
--   Env Var: RCLONE_HIDRIVE_TOKEN_URL
--   Type: string
--   Required: false
+  Setting this is a great idea if you are uploading lots of small files as it will make them a lot quicker. You can use --transfers 32 to maximise throughput.
 
---hidrive-scope-role
+  Properties:
 
-User-level that rclone should use when requesting access from HiDrive.
+  - Config: batch_size - Env Var: RCLONE_GPHOTOS_BATCH_SIZE - Type: int - Default: 0
 
-Properties:
+  #### --gphotos-batch-timeout
 
--   Config: scope_role
--   Env Var: RCLONE_HIDRIVE_SCOPE_ROLE
--   Type: string
--   Default: "user"
--   Examples:
-    -   "user"
-        -   User-level access to management permissions.
-        -   This will be sufficient in most cases.
-    -   "admin"
-        -   Extensive access to management permissions.
-    -   "owner"
-        -   Full access to management permissions.
+  Max time to allow an idle upload batch before uploading.
 
---hidrive-root-prefix
+  If an upload batch is idle for more than this long then it will be uploaded.
 
-The root/parent folder for all paths.
+  The default for this is 0 which means rclone will choose a sensible default based on the batch_mode in use.
 
-Fill in to use the specified folder as the parent for all paths given to
-the remote. This way rclone can use any folder as its starting point.
+  - batch_mode: async - default batch_timeout is 10s - batch_mode: sync - default batch_timeout is 1s - batch_mode: off - not in use
 
-Properties:
+  Properties:
 
--   Config: root_prefix
--   Env Var: RCLONE_HIDRIVE_ROOT_PREFIX
--   Type: string
--   Default: "/"
--   Examples:
-    -   "/"
-        -   The topmost directory accessible by rclone.
-        -   This will be equivalent with "root" if rclone uses a regular
-            HiDrive user account.
-    -   "root"
-        -   The topmost directory of the HiDrive user account
-    -   ""
-        -   This specifies that there is no root-prefix for your paths.
-        -   When using this you will always need to specify paths to
-            this remote with a valid parent e.g. "remote:/path/to/dir"
-            or "remote:root/path/to/dir".
+  - Config: batch_timeout - Env Var: RCLONE_GPHOTOS_BATCH_TIMEOUT - Type: Duration - Default: 0s
 
---hidrive-endpoint
+  #### --gphotos-batch-commit-timeout
 
-Endpoint for the service.
+  Max time to wait for a batch to finish committing
 
-This is the URL that API-calls will be made to.
+  Properties:
 
-Properties:
+  - Config: batch_commit_timeout - Env Var: RCLONE_GPHOTOS_BATCH_COMMIT_TIMEOUT - Type: Duration - Default: 10m0s
 
--   Config: endpoint
--   Env Var: RCLONE_HIDRIVE_ENDPOINT
--   Type: string
--   Default: "https://api.hidrive.strato.com/2.1"
+  ## Limitations
 
---hidrive-disable-fetching-member-count
+  Only images and videos can be uploaded. If you attempt to upload non videos or images or formats that Google Photos doesn't understand, rclone will upload the file, then Google Photos will give an error when it is put turned into a media item.
 
-Do not fetch number of objects in directories unless it is absolutely
-necessary.
+  Note that all media items uploaded to Google Photos through the API are stored in full resolution at "original quality" and will count towards your storage quota in your Google Account. The API does not offer a way to upload in "high quality" mode..
 
-Requests may be faster if the number of objects in subdirectories is not
-fetched.
+  rclone about is not supported by the Google Photos backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs (most free space) as a member of an rclone union remote.
 
-Properties:
+  See List of backends that do not support rclone about See rclone about
 
--   Config: disable_fetching_member_count
--   Env Var: RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT
--   Type: bool
--   Default: false
+  ### Downloading Images
 
---hidrive-chunk-size
+  When Images are downloaded this strips EXIF location (according to the docs and my tests). This is a limitation of the Google Photos API and is covered by bug #112096115.
 
-Chunksize for chunked uploads.
+  The current google API does not allow photos to be downloaded at original resolution. This is very important if you are, for example, relying on "Google Photos" as a backup of your photos. You will not be able to use rclone to redownload original images. You could use 'google takeout' to recover the original photos as a last resort
 
-Any files larger than the configured cutoff (or files of unknown size)
-will be uploaded in chunks of this size.
+  ### Downloading Videos
 
-The upper limit for this is 2147483647 bytes (about 2.000Gi). That is
-the maximum amount of bytes a single upload-operation will support.
-Setting this above the upper limit or to a negative value will cause
-uploads to fail.
+  When videos are downloaded they are downloaded in a really compressed version of the video compared to downloading it via the Google Photos web interface. This is covered by bug #113672044.
 
-Setting this to larger values may increase the upload speed at the cost
-of using more memory. It can be set to smaller values smaller to save on
-memory.
+  ### Duplicates
 
-Properties:
+  If a file name is duplicated in a directory then rclone will add the file ID into its name. So two files called file.jpg would then appear as file {123456}.jpg and file {ABCDEF}.jpg (the actual IDs are a lot longer alas!).
 
--   Config: chunk_size
--   Env Var: RCLONE_HIDRIVE_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 48Mi
+  If you upload the same image (with the same binary data) twice then Google Photos will deduplicate it. However it will retain the filename from the first upload which may confuse rclone. For example if you uploaded an image to upload then uploaded the same image to album/my_album the filename of the image in album/my_album will be what it was uploaded with initially, not what you uploaded it with to album. In practise this shouldn't cause
+  too many problems.
 
---hidrive-upload-cutoff
+  ### Modification times
 
-Cutoff/Threshold for chunked uploads.
+  The date shown of media in Google Photos is the creation date as determined by the EXIF information, or the upload date if that is not known.
 
-Any files larger than this will be uploaded in chunks of the configured
-chunksize.
+  This is not changeable by rclone and is not the modification date of the media on local disk. This means that rclone cannot use the dates from Google Photos for syncing purposes.
 
-The upper limit for this is 2147483647 bytes (about 2.000Gi). That is
-the maximum amount of bytes a single upload-operation will support.
-Setting this above the upper limit will cause uploads to fail.
+  ### Size
 
-Properties:
+  The Google Photos API does not return the size of media. This means that when syncing to Google Photos, rclone can only do a file existence check.
 
--   Config: upload_cutoff
--   Env Var: RCLONE_HIDRIVE_UPLOAD_CUTOFF
--   Type: SizeSuffix
--   Default: 96Mi
+  It is possible to read the size of the media, but this needs an extra HTTP HEAD request per media item so is very slow and uses up a lot of transactions. This can be enabled with the --gphotos-read-size option or the read_size = true config parameter.
 
---hidrive-upload-concurrency
+  If you want to use the backend with rclone mount you may need to enable this flag (depending on your OS and application using the photos) otherwise you may not be able to read media off the mount. You'll need to experiment to see if it works for you without the flag.
 
-Concurrency for chunked uploads.
+  ### Albums
 
-This is the upper limit for how many transfers for the same file are
-running concurrently. Setting this above to a value smaller than 1 will
-cause uploads to deadlock.
+  Rclone can only upload files to albums it created. This is a limitation of the Google Photos API.
 
-If you are uploading small numbers of large files over high-speed links
-and these uploads do not fully utilize your bandwidth, then increasing
-this may help to speed up the transfers.
+  Rclone can remove files it uploaded from albums it created only.
 
-Properties:
+  ### Deleting files
 
--   Config: upload_concurrency
--   Env Var: RCLONE_HIDRIVE_UPLOAD_CONCURRENCY
--   Type: int
--   Default: 4
+  Rclone can remove files from albums it created, but note that the Google Photos API does not allow media to be deleted permanently so this media will still remain. See bug #109759781.
 
---hidrive-encoding
+  Rclone cannot delete files anywhere except under album.
 
-The encoding for the backend.
+  ### Deleting albums
 
-See the encoding section in the overview for more info.
+  The Google Photos API does not support deleting albums - see bug #135714733.
 
-Properties:
+  # Hasher
+
+  Hasher is a special overlay backend to create remotes which handle checksums for other remotes. It's main functions include: - Emulate hash types unimplemented by backends - Cache checksums to help with slow hashing of large local or (S)FTP files - Warm up checksum cache from external SUM files
+
+  ## Getting started
+
+  To use Hasher, first set up the underlying remote following the configuration instructions for that remote. You can also use a local pathname instead of a remote. Check that your base remote is working.
+
+  Let's call the base remote myRemote:path here. Note that anything inside myRemote:path will be handled by hasher and anything outside won't. This means that if you are using a bucket based remote (S3, B2, Swift) then you should put the bucket in the remote s3:bucket.
+
+  Now proceed to interactive or manual configuration.
+
+  ### Interactive configuration
+
+  Run rclone config: ``` No remotes found, make a new one? n) New remote s) Set configuration password q) Quit config n/s/q> n name> Hasher1 Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Handle checksums for other remotes  "hasher" [snip] Storage> hasher Remote to cache checksums for, like myremote:mypath. Enter a string value. Press Enter for the default (""). remote> myRemote:path Comma
+  separated list of supported checksum types. Enter a string value. Press Enter for the default ("md5,sha1"). hashsums> md5 Maximum time to keep checksums in cache. 0 = no cache, off = cache forever. max_age> off Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config
+  -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+
+[Hasher1] type = hasher remote = myRemote:path hashsums = md5 max_age =
+off -------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
+
+
+    ### Manual configuration
+
+    Run `rclone config path` to see the path of current active config file,
+    usually `YOURHOME/.config/rclone/rclone.conf`.
+    Open it in your favorite text editor, find section for the base remote
+    and create new section for hasher like in the following examples:
+
+[Hasher1] type = hasher remote = myRemote:path hashes = md5 max_age =
+off
+
+[Hasher2] type = hasher remote = /local/path hashes = dropbox,sha1
+max_age = 24h
+
+
+    Hasher takes basically the following parameters:
+    - `remote` is required,
+    - `hashes` is a comma separated list of supported checksums
+       (by default `md5,sha1`),
+    - `max_age` - maximum time to keep a checksum value in the cache,
+       `0` will disable caching completely,
+       `off` will cache "forever" (that is until the files get changed).
+
+    Make sure the `remote` has `:` (colon) in. If you specify the remote without
+    a colon then rclone will use a local directory of that name. So if you use
+    a remote of `/local/path` then rclone will handle hashes for that directory.
+    If you use `remote = name` literally then rclone will put files
+    **in a directory called `name` located under current directory**.
+
+    ## Usage
+
+    ### Basic operations
+
+    Now you can use it as `Hasher2:subdir/file` instead of base remote.
+    Hasher will transparently update cache with new checksums when a file
+    is fully read or overwritten, like:
+
+rclone copy External:path/file Hasher:dest/path
+
+rclone cat Hasher:path/to/file > /dev/null
+
+
+    The way to refresh **all** cached checksums (even unsupported by the base backend)
+    for a subtree is to **re-download** all files in the subtree. For example,
+    use `hashsum --download` using **any** supported hashsum on the command line
+    (we just care to re-read):
+
+rclone hashsum MD5 --download Hasher:path/to/subtree > /dev/null
+
+rclone backend dump Hasher:path/to/subtree
+
+
+    You can print or drop hashsum cache using custom backend commands:
+
+rclone backend dump Hasher:dir/subdir
+
+rclone backend drop Hasher:
+
+
+    ### Pre-Seed from a SUM File
+
+    Hasher supports two backend commands: generic SUM file `import` and faster
+    but less consistent `stickyimport`.
+
+rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM
+[--checkers 4]
+
+
+    Instead of SHA1 it can be any hash supported by the remote. The last argument
+    can point to either a local or an `other-remote:path` text file in SUM format.
+    The command will parse the SUM file, then walk down the path given by the
+    first argument, snapshot current fingerprints and fill in the cache entries
+    correspondingly.
+    - Paths in the SUM file are treated as relative to `hasher:dir/subdir`.
+    - The command will **not** check that supplied values are correct.
+      You **must know** what you are doing.
+    - This is a one-time action. The SUM file will not get "attached" to the
+      remote. Cache entries can still be overwritten later, should the object's
+      fingerprint change.
+    - The tree walk can take long depending on the tree size. You can increase
+      `--checkers` to make it faster. Or use `stickyimport` if you don't care
+      about fingerprints and consistency.
+
+rclone backend stickyimport hasher:path/to/data sha1
+remote:/path/to/sum.sha1
+
+
+    `stickyimport` is similar to `import` but works much faster because it
+    does not need to stat existing files and skips initial tree walk.
+    Instead of binding cache entries to file fingerprints it creates _sticky_
+    entries bound to the file name alone ignoring size, modification time etc.
+    Such hash entries can be replaced only by `purge`, `delete`, `backend drop`
+    or by full re-read/re-write of the files.
+
+    ## Configuration reference
+
+
+    ### Standard options
+
+    Here are the Standard options specific to hasher (Better checksums for other remotes).
+
+    #### --hasher-remote
+
+    Remote to cache checksums for (e.g. myRemote:path).
+
+    Properties:
+
+    - Config:      remote
+    - Env Var:     RCLONE_HASHER_REMOTE
+    - Type:        string
+    - Required:    true
+
+    #### --hasher-hashes
+
+    Comma separated list of supported checksum types.
+
+    Properties:
+
+    - Config:      hashes
+    - Env Var:     RCLONE_HASHER_HASHES
+    - Type:        CommaSepList
+    - Default:     md5,sha1
+
+    #### --hasher-max-age
+
+    Maximum time to keep checksums in cache (0 = no cache, off = cache forever).
+
+    Properties:
+
+    - Config:      max_age
+    - Env Var:     RCLONE_HASHER_MAX_AGE
+    - Type:        Duration
+    - Default:     off
+
+    ### Advanced options
+
+    Here are the Advanced options specific to hasher (Better checksums for other remotes).
+
+    #### --hasher-auto-size
+
+    Auto-update checksum for files smaller than this size (disabled by default).
+
+    Properties:
+
+    - Config:      auto_size
+    - Env Var:     RCLONE_HASHER_AUTO_SIZE
+    - Type:        SizeSuffix
+    - Default:     0
+
+    ### Metadata
+
+    Any metadata supported by the underlying remote is read and written.
+
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+    ## Backend commands
+
+    Here are the commands specific to the hasher backend.
+
+    Run them with
+
+        rclone backend COMMAND remote:
+
+    The help below will explain what arguments each command takes.
+
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
+
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
+
+    ### drop
+
+    Drop cache
+
+        rclone backend drop remote: [options] [<arguments>+]
+
+    Completely drop checksum cache.
+    Usage Example:
+        rclone backend drop hasher:
+
+
+    ### dump
+
+    Dump the database
+
+        rclone backend dump remote: [options] [<arguments>+]
+
+    Dump cache records covered by the current remote
+
+    ### fulldump
+
+    Full dump of the database
+
+        rclone backend fulldump remote: [options] [<arguments>+]
+
+    Dump all cache records in the database
+
+    ### import
+
+    Import a SUM file
+
+        rclone backend import remote: [options] [<arguments>+]
+
+    Amend hash cache from a SUM file and bind checksums to files by size/time.
+    Usage Example:
+        rclone backend import hasher:subdir md5 /path/to/sum.md5
+
+
+    ### stickyimport
+
+    Perform fast import of a SUM file
+
+        rclone backend stickyimport remote: [options] [<arguments>+]
+
+    Fill hash cache from a SUM file without verifying file fingerprints.
+    Usage Example:
+        rclone backend stickyimport hasher:subdir md5 remote:path/to/sum.md5
+
+
+
+
+    ## Implementation details (advanced)
+
+    This section explains how various rclone operations work on a hasher remote.
+
+    **Disclaimer. This section describes current implementation which can
+    change in future rclone versions!.**
+
+    ### Hashsum command
+
+    The `rclone hashsum` (or `md5sum` or `sha1sum`) command will:
+
+    1. if requested hash is supported by lower level, just pass it.
+    2. if object size is below `auto_size` then download object and calculate
+       _requested_ hashes on the fly.
+    3. if unsupported and the size is big enough, build object `fingerprint`
+       (including size, modtime if supported, first-found _other_ hash if any).
+    4. if the strict match is found in cache for the requested remote, return
+       the stored hash.
+    5. if remote found but fingerprint mismatched, then purge the entry and
+       proceed to step 6.
+    6. if remote not found or had no requested hash type or after step 5:
+       download object, calculate all _supported_ hashes on the fly and store
+       in cache; return requested hash.
+
+    ### Other operations
+
+    - whenever a file is uploaded or downloaded **in full**, capture the stream
+      to calculate all supported hashes on the fly and update database
+    - server-side `move`  will update keys of existing cache entries
+    - `deletefile` will remove a single cache entry
+    - `purge` will remove all cache entries under the purged path
+
+    Note that setting `max_age = 0` will disable checksum caching completely.
+
+    If you set `max_age = off`, checksums in cache will never age, unless you
+    fully rewrite or delete the file.
+
+    ### Cache storage
+
+    Cached checksums are stored as `bolt` database files under rclone cache
+    directory, usually `~/.cache/rclone/kv/`. Databases are maintained
+    one per _base_ backend, named like `BaseRemote~hasher.bolt`.
+    Checksums for multiple `alias`-es into a single base backend
+    will be stored in the single database. All local paths are treated as
+    aliases into the `local` backend (unless encrypted or chunked) and stored
+    in `~/.cache/rclone/kv/local~hasher.bolt`.
+    Databases can be shared between multiple rclone processes.
+
+    #  HDFS
+
+    [HDFS](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html) is a
+    distributed file-system, part of the [Apache Hadoop](https://hadoop.apache.org/) framework.
+
+    Paths are specified as `remote:` or `remote:path/to/dir`.
+
+    ## Configuration
+
+    Here is an example of how to make a remote called `remote`. First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [skip] XX / Hadoop
+distributed file system  "hdfs" [skip] Storage> hdfs ** See help for
+hdfs backend at: https://rclone.org/hdfs/ **
+
+hadoop name node and port Enter a string value. Press Enter for the
+default (""). Choose a number from below, or type in your own value 1 /
+Connect to host namenode at port 8020  "namenode:8020" namenode>
+namenode.hadoop:8020 hadoop user name Enter a string value. Press Enter
+for the default (""). Choose a number from below, or type in your own
+value 1 / Connect to hdfs as root  "root" username> root Edit advanced
+config? (y/n) y) Yes n) No (default) y/n> n Remote config
+-------------------- [remote] type = hdfs namenode =
+namenode.hadoop:8020 username = root -------------------- y) Yes this is
+OK (default) e) Edit this remote d) Delete this remote y/e/d> y Current
+remotes:
+
+Name Type ==== ==== hadoop hdfs
+
+e)  Edit existing remote
+f)  New remote
+g)  Delete remote
+h)  Rename remote
+i)  Copy remote
+j)  Set configuration password
+k)  Quit config e/n/d/r/c/s/q> q
+
+
+    This remote is called `remote` and can now be used like this
+
+    See all the top level directories
+
+        rclone lsd remote:
+
+    List the contents of a directory
+
+        rclone ls remote:directory
+
+    Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
+
+        rclone sync --interactive remote:directory /home/local/directory
+
+    ### Setting up your own HDFS instance for testing
+
+    You may start with a [manual setup](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html)
+    or use the docker image from the tests:
+
+    If you want to build the docker image
+
+git clone https://github.com/rclone/rclone.git cd
+rclone/fstest/testserver/images/test-hdfs docker build --rm -t
+rclone/test-hdfs .
+
+
+    Or you can just use the latest one pushed
+
+docker run --rm --name "rclone-hdfs" -p 127.0.0.1:9866:9866 -p
+127.0.0.1:8020:8020 --hostname "rclone-hdfs" rclone/test-hdfs
+
+
+    **NB** it need few seconds to startup.
+
+    For this docker image the remote needs to be configured like this:
+
+[remote] type = hdfs namenode = 127.0.0.1:8020 username = root
+
+
+    You can stop this image with `docker kill rclone-hdfs` (**NB** it does not use volumes, so all data
+    uploaded will be lost.)
+
+    ### Modification times
+
+    Time accurate to 1 second is stored.
+
+    ### Checksum
+
+    No checksums are implemented.
+
+    ### Usage information
+
+    You can use the `rclone about remote:` command which will display filesystem size and current usage.
+
+    ### Restricted filename characters
+
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | :         | 0x3A  | ：           |
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8).
+
+
+    ### Standard options
+
+    Here are the Standard options specific to hdfs (Hadoop distributed file system).
+
+    #### --hdfs-namenode
+
+    Hadoop name nodes and ports.
+
+    E.g. "namenode-1:8020,namenode-2:8020,..." to connect to host namenodes at port 8020.
+
+    Properties:
+
+    - Config:      namenode
+    - Env Var:     RCLONE_HDFS_NAMENODE
+    - Type:        CommaSepList
+    - Default:     
+
+    #### --hdfs-username
+
+    Hadoop user name.
+
+    Properties:
+
+    - Config:      username
+    - Env Var:     RCLONE_HDFS_USERNAME
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "root"
+            - Connect to hdfs as root.
+
+    ### Advanced options
+
+    Here are the Advanced options specific to hdfs (Hadoop distributed file system).
+
+    #### --hdfs-service-principal-name
+
+    Kerberos service principal name for the namenode.
+
+    Enables KERBEROS authentication. Specifies the Service Principal Name
+    (SERVICE/FQDN) for the namenode. E.g. \"hdfs/namenode.hadoop.docker\"
+    for namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.
+
+    Properties:
+
+    - Config:      service_principal_name
+    - Env Var:     RCLONE_HDFS_SERVICE_PRINCIPAL_NAME
+    - Type:        string
+    - Required:    false
+
+    #### --hdfs-data-transfer-protection
+
+    Kerberos data transfer protection: authentication|integrity|privacy.
+
+    Specifies whether or not authentication, data signature integrity
+    checks, and wire encryption are required when communicating with
+    the datanodes. Possible values are 'authentication', 'integrity'
+    and 'privacy'. Used only with KERBEROS enabled.
+
+    Properties:
+
+    - Config:      data_transfer_protection
+    - Env Var:     RCLONE_HDFS_DATA_TRANSFER_PROTECTION
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "privacy"
+            - Ensure authentication, integrity and encryption enabled.
+
+    #### --hdfs-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_HDFS_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,Colon,Del,Ctl,InvalidUtf8,Dot
+
+
+
+    ## Limitations
+
+    - No server-side `Move` or `DirMove`.
+    - Checksums not implemented.
+
+    #  HiDrive
+
+    Paths are specified as `remote:path`
+
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+    The initial setup for hidrive involves getting a token from HiDrive
+    which you need to do in your browser.
+    `rclone config` walks you through it.
+
+    ## Configuration
+
+    Here is an example of how to make a remote called `remote`.  First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found - make a new one n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / HiDrive  "hidrive" [snip] Storage> hidrive OAuth Client Id - Leave
+blank normally. client_id> OAuth Client Secret - Leave blank normally.
+client_secret> Access permissions that rclone should use when requesting
+access from HiDrive. Leave blank normally. scope_access> Edit advanced
+config? y/n> n Use web browser to automatically authenticate rclone with
+remote? * Say Y if the machine running rclone has a web browser you can
+use * Say N if running rclone on a (remote) machine without web browser
+access If not sure try Y. If Y failed, try N. y/n> y If your browser
+doesn't open automatically go to the following link:
+http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx Log in and
+authorize rclone for access Waiting for code... Got code
+-------------------- [remote] type = hidrive token =
+{"access_token":"xxxxxxxxxxxxxxxxxxxx","token_type":"Bearer","refresh_token":"xxxxxxxxxxxxxxxxxxxxxxx","expiry":"xxxxxxxxxxxxxxxxxxxxxxx"}
+-------------------- y) Yes this is OK (default) e) Edit this remote d)
+Delete this remote y/e/d> y
+
+
+    **You should be aware that OAuth-tokens can be used to access your account
+    and hence should not be shared with other persons.**
+    See the [below section](#keeping-your-tokens-safe) for more information.
+
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
+
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from HiDrive. This only runs from the moment it opens
+    your browser to the moment you get back the verification code.
+    The webserver runs on `http://127.0.0.1:53682/`.
+    If local port `53682` is protected by a firewall you may need to temporarily
+    unblock the firewall to complete authorization.
+
+    Once configured you can then use `rclone` like this,
+
+    List directories in top level of your HiDrive root folder
+
+        rclone lsd remote:
+
+    List all the files in your HiDrive filesystem
+
+        rclone ls remote:
+
+    To copy a local directory to a HiDrive directory called backup
+
+        rclone copy /home/source remote:backup
+
+    ### Keeping your tokens safe
+
+    Any OAuth-tokens will be stored by rclone in the remote's configuration file as unencrypted text.
+    Anyone can use a valid refresh-token to access your HiDrive filesystem without knowing your password.
+    Therefore you should make sure no one else can access your configuration.
+
+    It is possible to encrypt rclone's configuration file.
+    You can find information on securing your configuration file by viewing the [configuration encryption docs](https://rclone.org/docs/#configuration-encryption).
+
+    ### Invalid refresh token
+
+    As can be verified [here](https://developer.hidrive.com/basics-flows/),
+    each `refresh_token` (for Native Applications) is valid for 60 days.
+    If used to access HiDrivei, its validity will be automatically extended.
+
+    This means that if you
+
+      * Don't use the HiDrive remote for 60 days
+
+    then rclone will return an error which includes a text
+    that implies the refresh token is *invalid* or *expired*.
+
+    To fix this you will need to authorize rclone to access your HiDrive account again.
+
+    Using
+
+        rclone config reconnect remote:
+
+    the process is very similar to the process of initial setup exemplified before.
+
+    ### Modification times and hashes
+
+    HiDrive allows modification times to be set on objects accurate to 1 second.
+
+    HiDrive supports [its own hash type](https://static.hidrive.com/dev/0001)
+    which is used to verify the integrity of file contents after successful transfers.
+
+    ### Restricted filename characters
+
+    HiDrive cannot store files or folders that include
+    `/` (0x2F) or null-bytes (0x00) in their name.
+    Any other characters can be used in the names of files or folders.
+    Additionally, files or folders cannot be named either of the following: `.` or `..`
+
+    Therefore rclone will automatically replace these characters,
+    if files or folders are stored or accessed with such names.
+
+    You can read about how this filename encoding works in general
+    [here](overview/#restricted-filenames).
+
+    Keep in mind that HiDrive only supports file or folder names
+    with a length of 255 characters or less.
+
+    ### Transfers
+
+    HiDrive limits file sizes per single request to a maximum of 2 GiB.
+    To allow storage of larger files and allow for better upload performance,
+    the hidrive backend will use a chunked transfer for files larger than 96 MiB.
+    Rclone will upload multiple parts/chunks of the file at the same time.
+    Chunks in the process of being uploaded are buffered in memory,
+    so you may want to restrict this behaviour on systems with limited resources.
+
+    You can customize this behaviour using the following options:
+
+    * `chunk_size`: size of file parts
+    * `upload_cutoff`: files larger or equal to this in size will use a chunked transfer
+    * `upload_concurrency`: number of file-parts to upload at the same time
+
+    See the below section about configuration options for more details.
+
+    ### Root folder
+
+    You can set the root folder for rclone.
+    This is the directory that rclone considers to be the root of your HiDrive.
+
+    Usually, you will leave this blank, and rclone will use the root of the account.
+
+    However, you can set this to restrict rclone to a specific folder hierarchy.
+
+    This works by prepending the contents of the `root_prefix` option
+    to any paths accessed by rclone.
+    For example, the following two ways to access the home directory are equivalent:
+
+        rclone lsd --hidrive-root-prefix="/users/test/" remote:path
+
+        rclone lsd remote:/users/test/path
+
+    See the below section about configuration options for more details.
+
+    ### Directory member count
+
+    By default, rclone will know the number of directory members contained in a directory.
+    For example, `rclone lsd` uses this information.
+
+    The acquisition of this information will result in additional time costs for HiDrive's API.
+    When dealing with large directory structures, it may be desirable to circumvent this time cost,
+    especially when this information is not explicitly needed.
+    For this, the `disable_fetching_member_count` option can be used.
+
+    See the below section about configuration options for more details.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to hidrive (HiDrive).
+
+    #### --hidrive-client-id
+
+    OAuth Client Id.
+
+    Leave blank normally.
+
+    Properties:
+
+    - Config:      client_id
+    - Env Var:     RCLONE_HIDRIVE_CLIENT_ID
+    - Type:        string
+    - Required:    false
+
+    #### --hidrive-client-secret
+
+    OAuth Client Secret.
+
+    Leave blank normally.
+
+    Properties:
+
+    - Config:      client_secret
+    - Env Var:     RCLONE_HIDRIVE_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
+
+    #### --hidrive-scope-access
+
+    Access permissions that rclone should use when requesting access from HiDrive.
+
+    Properties:
+
+    - Config:      scope_access
+    - Env Var:     RCLONE_HIDRIVE_SCOPE_ACCESS
+    - Type:        string
+    - Default:     "rw"
+    - Examples:
+        - "rw"
+            - Read and write access to resources.
+        - "ro"
+            - Read-only access to resources.
+
+    ### Advanced options
+
+    Here are the Advanced options specific to hidrive (HiDrive).
+
+    #### --hidrive-token
+
+    OAuth Access Token as a JSON blob.
+
+    Properties:
+
+    - Config:      token
+    - Env Var:     RCLONE_HIDRIVE_TOKEN
+    - Type:        string
+    - Required:    false
+
+    #### --hidrive-auth-url
+
+    Auth server URL.
+
+    Leave blank to use the provider defaults.
+
+    Properties:
+
+    - Config:      auth_url
+    - Env Var:     RCLONE_HIDRIVE_AUTH_URL
+    - Type:        string
+    - Required:    false
+
+    #### --hidrive-token-url
+
+    Token server url.
+
+    Leave blank to use the provider defaults.
+
+    Properties:
+
+    - Config:      token_url
+    - Env Var:     RCLONE_HIDRIVE_TOKEN_URL
+    - Type:        string
+    - Required:    false
+
+    #### --hidrive-scope-role
+
+    User-level that rclone should use when requesting access from HiDrive.
+
+    Properties:
+
+    - Config:      scope_role
+    - Env Var:     RCLONE_HIDRIVE_SCOPE_ROLE
+    - Type:        string
+    - Default:     "user"
+    - Examples:
+        - "user"
+            - User-level access to management permissions.
+            - This will be sufficient in most cases.
+        - "admin"
+            - Extensive access to management permissions.
+        - "owner"
+            - Full access to management permissions.
+
+    #### --hidrive-root-prefix
+
+    The root/parent folder for all paths.
+
+    Fill in to use the specified folder as the parent for all paths given to the remote.
+    This way rclone can use any folder as its starting point.
+
+    Properties:
+
+    - Config:      root_prefix
+    - Env Var:     RCLONE_HIDRIVE_ROOT_PREFIX
+    - Type:        string
+    - Default:     "/"
+    - Examples:
+        - "/"
+            - The topmost directory accessible by rclone.
+            - This will be equivalent with "root" if rclone uses a regular HiDrive user account.
+        - "root"
+            - The topmost directory of the HiDrive user account
+        - ""
+            - This specifies that there is no root-prefix for your paths.
+            - When using this you will always need to specify paths to this remote with a valid parent e.g. "remote:/path/to/dir" or "remote:root/path/to/dir".
+
+    #### --hidrive-endpoint
+
+    Endpoint for the service.
+
+    This is the URL that API-calls will be made to.
+
+    Properties:
+
+    - Config:      endpoint
+    - Env Var:     RCLONE_HIDRIVE_ENDPOINT
+    - Type:        string
+    - Default:     "https://api.hidrive.strato.com/2.1"
+
+    #### --hidrive-disable-fetching-member-count
+
+    Do not fetch number of objects in directories unless it is absolutely necessary.
+
+    Requests may be faster if the number of objects in subdirectories is not fetched.
+
+    Properties:
+
+    - Config:      disable_fetching_member_count
+    - Env Var:     RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT
+    - Type:        bool
+    - Default:     false
+
+    #### --hidrive-chunk-size
+
+    Chunksize for chunked uploads.
+
+    Any files larger than the configured cutoff (or files of unknown size) will be uploaded in chunks of this size.
+
+    The upper limit for this is 2147483647 bytes (about 2.000Gi).
+    That is the maximum amount of bytes a single upload-operation will support.
+    Setting this above the upper limit or to a negative value will cause uploads to fail.
+
+    Setting this to larger values may increase the upload speed at the cost of using more memory.
+    It can be set to smaller values smaller to save on memory.
+
+    Properties:
+
+    - Config:      chunk_size
+    - Env Var:     RCLONE_HIDRIVE_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     48Mi
+
+    #### --hidrive-upload-cutoff
+
+    Cutoff/Threshold for chunked uploads.
+
+    Any files larger than this will be uploaded in chunks of the configured chunksize.
+
+    The upper limit for this is 2147483647 bytes (about 2.000Gi).
+    That is the maximum amount of bytes a single upload-operation will support.
+    Setting this above the upper limit will cause uploads to fail.
+
+    Properties:
+
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_HIDRIVE_UPLOAD_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     96Mi
+
+    #### --hidrive-upload-concurrency
+
+    Concurrency for chunked uploads.
+
+    This is the upper limit for how many transfers for the same file are running concurrently.
+    Setting this above to a value smaller than 1 will cause uploads to deadlock.
+
+    If you are uploading small numbers of large files over high-speed links
+    and these uploads do not fully utilize your bandwidth, then increasing
+    this may help to speed up the transfers.
+
+    Properties:
+
+    - Config:      upload_concurrency
+    - Env Var:     RCLONE_HIDRIVE_UPLOAD_CONCURRENCY
+    - Type:        int
+    - Default:     4
+
+    #### --hidrive-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_HIDRIVE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,Dot
+
+
+
+    ## Limitations
+
+    ### Symbolic links
+
+    HiDrive is able to store symbolic links (*symlinks*) by design,
+    for example, when unpacked from a zip archive.
+
+    There exists no direct mechanism to manage native symlinks in remotes.
+    As such this implementation has chosen to ignore any native symlinks present in the remote.
+    rclone will not be able to access or show any symlinks stored in the hidrive-remote.
+    This means symlinks cannot be individually removed, copied, or moved,
+    except when removing, copying, or moving the parent folder.
+
+    *This does not affect the `.rclonelink`-files
+    that rclone uses to encode and store symbolic links.*
+
+    ### Sparse files
+
+    It is possible to store sparse files in HiDrive.
+
+    Note that copying a sparse file will expand the holes
+    into null-byte (0x00) regions that will then consume disk space.
+    Likewise, when downloading a sparse file,
+    the resulting file will have null-byte regions in the place of file holes.
+
+    #  HTTP
+
+    The HTTP remote is a read only remote for reading files of a
+    webserver.  The webserver should provide file listings which rclone
+    will read and turn into a remote.  This has been tested with common
+    webservers such as Apache/Nginx/Caddy and will likely work with file
+    listings from most web servers.  (If it doesn't then please file an
+    issue, or send a pull request!)
+
+    Paths are specified as `remote:` or `remote:path`.
+
+    The `remote:` represents the configured [url](#http-url), and any path following
+    it will be resolved relative to this url, according to the URL standard. This
+    means with remote url `https://beta.rclone.org/branch` and path `fix`, the
+    resolved URL will be `https://beta.rclone.org/branch/fix`, while with path
+    `/fix` the resolved URL will be `https://beta.rclone.org/fix` as the absolute
+    path is resolved from the root of the domain.
+
+    If the path following the `remote:` ends with `/` it will be assumed to point
+    to a directory. If the path does not end with `/`, then a HEAD request is sent
+    and the response used to decide if it it is treated as a file or a directory
+    (run with `-vv` to see details). When [--http-no-head](#http-no-head) is
+    specified, a path without ending `/` is always assumed to be a file. If rclone
+    incorrectly assumes the path is a file, the solution is to specify the path with
+    ending `/`. When you know the path is a directory, ending it with `/` is always
+    better as it avoids the initial HEAD request.
+
+    To just download a single file it is easier to use
+    [copyurl](https://rclone.org/commands/rclone_copyurl/).
+
+    ## Configuration
+
+    Here is an example of how to make a remote called `remote`.  First
+    run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / HTTP  "http" [snip] Storage> http URL of http host to connect to
+Choose a number from below, or type in your own value 1 / Connect to
+example.com  "https://example.com" url> https://beta.rclone.org Remote
+config -------------------- [remote] url = https://beta.rclone.org
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y Current remotes:
+
+Name Type ==== ==== remote http
+
+e)  Edit existing remote
+f)  New remote
+g)  Delete remote
+h)  Rename remote
+i)  Copy remote
+j)  Set configuration password
+k)  Quit config e/n/d/r/c/s/q> q
+
+
+    This remote is called `remote` and can now be used like this
+
+    See all the top level directories
+
+        rclone lsd remote:
+
+    List the contents of a directory
+
+        rclone ls remote:directory
+
+    Sync the remote `directory` to `/home/local/directory`, deleting any excess files.
+
+        rclone sync --interactive remote:directory /home/local/directory
+
+    ### Read only
+
+    This remote is read only - you can't upload files to an HTTP server.
+
+    ### Modification times
+
+    Most HTTP servers store time accurate to 1 second.
+
+    ### Checksum
+
+    No checksums are stored.
+
+    ### Usage without a config file
+
+    Since the http remote only has one config parameter it is easy to use
+    without a config file:
+
+        rclone lsd --http-url https://beta.rclone.org :http:
+
+    or:
+
+        rclone lsd :http,url='https://beta.rclone.org':
+
+
+    ### Standard options
+
+    Here are the Standard options specific to http (HTTP).
+
+    #### --http-url
+
+    URL of HTTP host to connect to.
+
+    E.g. "https://example.com", or "https://user:pass@example.com" to use a username and password.
+
+    Properties:
+
+    - Config:      url
+    - Env Var:     RCLONE_HTTP_URL
+    - Type:        string
+    - Required:    true
+
+    ### Advanced options
+
+    Here are the Advanced options specific to http (HTTP).
+
+    #### --http-headers
+
+    Set HTTP headers for all transactions.
+
+    Use this to set additional HTTP headers for all transactions.
+
+    The input format is comma separated list of key,value pairs.  Standard
+    [CSV encoding](https://godoc.org/encoding/csv) may be used.
+
+    For example, to set a Cookie use 'Cookie,name=value', or '"Cookie","name=value"'.
+
+    You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'.
+
+    Properties:
+
+    - Config:      headers
+    - Env Var:     RCLONE_HTTP_HEADERS
+    - Type:        CommaSepList
+    - Default:     
+
+    #### --http-no-slash
+
+    Set this if the site doesn't end directories with /.
+
+    Use this if your target website does not use / on the end of
+    directories.
+
+    A / on the end of a path is how rclone normally tells the difference
+    between files and directories.  If this flag is set, then rclone will
+    treat all files with Content-Type: text/html as directories and read
+    URLs from them rather than downloading them.
+
+    Note that this may cause rclone to confuse genuine HTML files with
+    directories.
+
+    Properties:
+
+    - Config:      no_slash
+    - Env Var:     RCLONE_HTTP_NO_SLASH
+    - Type:        bool
+    - Default:     false
+
+    #### --http-no-head
+
+    Don't use HEAD requests.
+
+    HEAD requests are mainly used to find file sizes in dir listing.
+    If your site is being very slow to load then you can try this option.
+    Normally rclone does a HEAD request for each potential file in a
+    directory listing to:
+
+    - find its size
+    - check it really exists
+    - check to see if it is a directory
+
+    If you set this option, rclone will not do the HEAD request. This will mean
+    that directory listings are much quicker, but rclone won't have the times or
+    sizes of any files, and some files that don't exist may be in the listing.
+
+    Properties:
+
+    - Config:      no_head
+    - Env Var:     RCLONE_HTTP_NO_HEAD
+    - Type:        bool
+    - Default:     false
+
+    ## Backend commands
+
+    Here are the commands specific to the http backend.
+
+    Run them with
+
+        rclone backend COMMAND remote:
+
+    The help below will explain what arguments each command takes.
+
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
+
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
+
+    ### set
+
+    Set command for updating the config parameters.
+
+        rclone backend set remote: [options] [<arguments>+]
+
+    This set command can be used to update the config parameters
+    for a running http backend.
+
+    Usage Examples:
+
+        rclone backend set remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+        rclone rc backend/command command=set fs=remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+        rclone rc backend/command command=set fs=remote: -o url=https://example.com
+
+    The option keys are named as they are in the config file.
+
+    This rebuilds the connection to the http backend when it is called with
+    the new parameters. Only new parameters need be passed as the values
+    will default to those currently in use.
+
+    It doesn't return anything.
+
+
+
+
+    ## Limitations
+
+    `rclone about` is not supported by the HTTP backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
+
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+    #  ImageKit
+    This is a backend for the [ImageKit.io](https://imagekit.io/) storage service.
+
+    #### About ImageKit
+    [ImageKit.io](https://imagekit.io/)  provides real-time image and video optimizations, transformations, and CDN delivery. Over 1,000 businesses and 70,000 developers trust ImageKit with their images and videos on the web.
+
+
+    #### Accounts & Pricing
+
+    To use this backend, you need to [create an account](https://imagekit.io/registration/) on ImageKit. Start with a free plan with generous usage limits. Then, as your requirements grow, upgrade to a plan that best fits your needs. See [the pricing details](https://imagekit.io/plans).
+
+    ## Configuration
+
+    Here is an example of making an imagekit configuration.
+
+    Firstly create a [ImageKit.io](https://imagekit.io/) account and choose a plan.
+
+    You will need to log in and get the `publicKey` and `privateKey` for your account from the developer section.
+
+    Now run
+
+rclone config
+
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n
+
+Enter the name for the new remote. name> imagekit-media-library
+
+Option Storage. Type of storage to configure. Choose a number from
+below, or type in your own value. [snip] XX / ImageKit.io  (imagekit)
+[snip] Storage> imagekit
+
+Option endpoint. You can find your ImageKit.io URL endpoint in your
+dashboard Enter a value. endpoint> https://ik.imagekit.io/imagekit_id
+
+Option public_key. You can find your ImageKit.io public key in your
+dashboard Enter a value. public_key> public_****************************
+
+Option private_key. You can find your ImageKit.io private key in your
+dashboard Enter a value. private_key>
+private_****************************
+
+Edit advanced config? y) Yes n) No (default) y/n> n
+
+Configuration complete. Options: - type: imagekit - endpoint:
+https://ik.imagekit.io/imagekit_id - public_key:
+public_**************************** - private_key:
+private_****************************
+
+Keep this "imagekit-media-library" remote? y) Yes this is OK (default)
+e) Edit this remote d) Delete this remote y/e/d> y
+
+    List directories in the top level of your Media Library
+
+rclone lsd imagekit-media-library:
+
+    Make a new directory.
+
+rclone mkdir imagekit-media-library:directory
+
+    List the contents of a directory.
+
+rclone ls imagekit-media-library:directory
+
+
+    ###   Modified time and hashes
+
+    ImageKit does not support modification times or hashes yet.
+
+    ### Checksums
+
+    No checksums are supported.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to imagekit (ImageKit.io).
+
+    #### --imagekit-endpoint
+
+    You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+    Properties:
+
+    - Config:      endpoint
+    - Env Var:     RCLONE_IMAGEKIT_ENDPOINT
+    - Type:        string
+    - Required:    true
+
+    #### --imagekit-public-key
+
+    You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+    Properties:
+
+    - Config:      public_key
+    - Env Var:     RCLONE_IMAGEKIT_PUBLIC_KEY
+    - Type:        string
+    - Required:    true
+
+    #### --imagekit-private-key
+
+    You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+    Properties:
+
+    - Config:      private_key
+    - Env Var:     RCLONE_IMAGEKIT_PRIVATE_KEY
+    - Type:        string
+    - Required:    true
+
+    ### Advanced options
+
+    Here are the Advanced options specific to imagekit (ImageKit.io).
+
+    #### --imagekit-only-signed
+
+    If you have configured `Restrict unsigned image URLs` in your dashboard settings, set this to true.
+
+    Properties:
+
+    - Config:      only_signed
+    - Env Var:     RCLONE_IMAGEKIT_ONLY_SIGNED
+    - Type:        bool
+    - Default:     false
+
+    #### --imagekit-versions
+
+    Include old versions in directory listings.
+
+    Properties:
+
+    - Config:      versions
+    - Env Var:     RCLONE_IMAGEKIT_VERSIONS
+    - Type:        bool
+    - Default:     false
+
+    #### --imagekit-upload-tags
+
+    Tags to add to the uploaded files, e.g. "tag1,tag2".
+
+    Properties:
+
+    - Config:      upload_tags
+    - Env Var:     RCLONE_IMAGEKIT_UPLOAD_TAGS
+    - Type:        string
+    - Required:    false
+
+    #### --imagekit-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_IMAGEKIT_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket
+
+    ### Metadata
+
+    Any metadata supported by the underlying remote is read and written.
+
+    Here are the possible system metadata items for the imagekit backend.
+
+    | Name | Help | Type | Example | Read Only |
+    |------|------|------|---------|-----------|
+    | aws-tags | AI generated tags by AWS Rekognition associated with the image | string | tag1,tag2 | **Y** |
+    | btime | Time of file birth (creation) read from Last-Modified header | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+    | custom-coordinates | Custom coordinates of the file | string | 0,0,100,100 | **Y** |
+    | file-type | Type of the file | string | image | **Y** |
+    | google-tags | AI generated tags by Google Cloud Vision associated with the image | string | tag1,tag2 | **Y** |
+    | has-alpha | Whether the image has alpha channel or not | bool |  | **Y** |
+    | height | Height of the image or video in pixels | int |  | **Y** |
+    | is-private-file | Whether the file is private or not | bool |  | **Y** |
+    | size | Size of the object in bytes | int64 |  | **Y** |
+    | tags | Tags associated with the file | string | tag1,tag2 | **Y** |
+    | width | Width of the image or video in pixels | int |  | **Y** |
+
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+    #  Internet Archive
+
+    The Internet Archive backend utilizes Items on [archive.org](https://archive.org/)
+
+    Refer to [IAS3 API documentation](https://archive.org/services/docs/api/ias3.html) for the API this backend uses.
+
+    Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+    command.)  You may put subdirectories in too, e.g. `remote:item/path/to/dir`.
+
+    Unlike S3, listing up all items uploaded by you isn't supported.
+
+    Once you have made a remote, you can use it like this:
+
+    Make a new item
+
+        rclone mkdir remote:item
+
+    List the contents of a item
+
+        rclone ls remote:item
+
+    Sync `/home/local/directory` to the remote item, deleting any excess
+    files in the item.
+
+        rclone sync --interactive /home/local/directory remote:item
+
+    ## Notes
+    Because of Internet Archive's architecture, it enqueues write operations (and extra post-processings) in a per-item queue. You can check item's queue at https://catalogd.archive.org/history/item-name-here . Because of that, all uploads/deletes will not show up immediately and takes some time to be available.
+    The per-item queue is enqueued to an another queue, Item Deriver Queue. [You can check the status of Item Deriver Queue here.](https://catalogd.archive.org/catalog.php?whereami=1) This queue has a limit, and it may block you from uploading, or even deleting. You should avoid uploading a lot of small files for better behavior.
+
+    You can optionally wait for the server's processing to finish, by setting non-zero value to `wait_archive` key.
+    By making it wait, rclone can do normal file comparison.
+    Make sure to set a large enough value (e.g. `30m0s` for smaller files) as it can take a long time depending on server's queue.
+
+    ## About metadata
+    This backend supports setting, updating and reading metadata of each file.
+    The metadata will appear as file metadata on Internet Archive.
+    However, some fields are reserved by both Internet Archive and rclone.
+
+    The following are reserved by Internet Archive:
+    - `name`
+    - `source`
+    - `size`
+    - `md5`
+    - `crc32`
+    - `sha1`
+    - `format`
+    - `old_version`
+    - `viruscheck`
+    - `summation`
+
+    Trying to set values to these keys is ignored with a warning.
+    Only setting `mtime` is an exception. Doing so make it the identical behavior as setting ModTime.
+
+    rclone reserves all the keys starting with `rclone-`. Setting value for these keys will give you warnings, but values are set according to request.
+
+    If there are multiple values for a key, only the first one is returned.
+    This is a limitation of rclone, that supports one value per one key.
+    It can be triggered when you did a server-side copy.
+
+    Reading metadata will also provide custom (non-standard nor reserved) ones.
+
+    ## Filtering auto generated files
+
+    The Internet Archive automatically creates metadata files after
+    upload. These can cause problems when doing an `rclone sync` as rclone
+    will try, and fail, to delete them. These metadata files are not
+    changeable, as they are created by the Internet Archive automatically.
+
+    These auto-created files can be excluded from the sync using [metadata
+    filtering](https://rclone.org/filtering/#metadata).
+
+        rclone sync ... --metadata-exclude "source=metadata" --metadata-exclude "format=Metadata"
+
+    Which excludes from the sync any files which have the
+    `source=metadata` or `format=Metadata` flags which are added to
+    Internet Archive auto-created files.
+
+    ## Configuration
+
+    Here is an example of making an internetarchive configuration.
+    Most applies to the other providers as well, any differences are described [below](#providers).
+
+    First run
+
+        rclone config
+
+    This will guide you through an interactive setup process.
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Option Storage. Type of
+storage to configure. Choose a number from below, or type in your own
+value. XX / InternetArchive Items  (internetarchive) Storage>
+internetarchive Option access_key_id. IAS3 Access Key. Leave blank for
+anonymous access. You can find one here:
+https://archive.org/account/s3.php Enter a value. Press Enter to leave
+empty. access_key_id> XXXX Option secret_access_key. IAS3 Secret Key
+(password). Leave blank for anonymous access. Enter a value. Press Enter
+to leave empty. secret_access_key> XXXX Edit advanced config? y) Yes n)
+No (default) y/n> y Option endpoint. IAS3 Endpoint. Leave blank for
+default value. Enter a string value. Press Enter for the default
+(https://s3.us.archive.org). endpoint> Option front_endpoint. Host of
+InternetArchive Frontend. Leave blank for default value. Enter a string
+value. Press Enter for the default (https://archive.org).
+front_endpoint> Option disable_checksum. Don't store MD5 checksum with
+object metadata. Normally rclone will calculate the MD5 checksum of the
+input before uploading it so it can ask the server to check the object
+against checksum. This is great for data integrity checking but can
+cause long delays for large files to start uploading. Enter a boolean
+value (true or false). Press Enter for the default (true).
+disable_checksum> true Option encoding. The encoding for the backend.
+See the encoding section in the overview for more info. Enter a
+encoder.MultiEncoder value. Press Enter for the default
+(Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot). encoding> Edit
+advanced config? y) Yes n) No (default) y/n> n --------------------
+[remote] type = internetarchive access_key_id = XXXX secret_access_key =
+XXXX -------------------- y) Yes this is OK (default) e) Edit this
+remote d) Delete this remote y/e/d> y
+
+
+
+    ### Standard options
+
+    Here are the Standard options specific to internetarchive (Internet Archive).
+
+    #### --internetarchive-access-key-id
+
+    IAS3 Access Key.
+
+    Leave blank for anonymous access.
+    You can find one here: https://archive.org/account/s3.php
+
+    Properties:
+
+    - Config:      access_key_id
+    - Env Var:     RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID
+    - Type:        string
+    - Required:    false
+
+    #### --internetarchive-secret-access-key
+
+    IAS3 Secret Key (password).
+
+    Leave blank for anonymous access.
+
+    Properties:
+
+    - Config:      secret_access_key
+    - Env Var:     RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY
+    - Type:        string
+    - Required:    false
+
+    ### Advanced options
+
+    Here are the Advanced options specific to internetarchive (Internet Archive).
+
+    #### --internetarchive-endpoint
+
+    IAS3 Endpoint.
+
+    Leave blank for default value.
+
+    Properties:
+
+    - Config:      endpoint
+    - Env Var:     RCLONE_INTERNETARCHIVE_ENDPOINT
+    - Type:        string
+    - Default:     "https://s3.us.archive.org"
+
+    #### --internetarchive-front-endpoint
+
+    Host of InternetArchive Frontend.
+
+    Leave blank for default value.
+
+    Properties:
+
+    - Config:      front_endpoint
+    - Env Var:     RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT
+    - Type:        string
+    - Default:     "https://archive.org"
+
+    #### --internetarchive-disable-checksum
+
+    Don't ask the server to test against MD5 checksum calculated by rclone.
+    Normally rclone will calculate the MD5 checksum of the input before
+    uploading it so it can ask the server to check the object against checksum.
+    This is great for data integrity checking but can cause long delays for
+    large files to start uploading.
+
+    Properties:
+
+    - Config:      disable_checksum
+    - Env Var:     RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM
+    - Type:        bool
+    - Default:     true
+
+    #### --internetarchive-wait-archive
+
+    Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish.
+    Only enable if you need to be guaranteed to be reflected after write operations.
+    0 to disable waiting. No errors to be thrown in case of timeout.
+
+    Properties:
+
+    - Config:      wait_archive
+    - Env Var:     RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE
+    - Type:        Duration
+    - Default:     0s
+
+    #### --internetarchive-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_INTERNETARCHIVE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
+
+    ### Metadata
+
+    Metadata fields provided by Internet Archive.
+    If there are multiple values for a key, only the first one is returned.
+    This is a limitation of Rclone, that supports one value per one key.
+
+    Owner is able to add custom keys. Metadata feature grabs all the keys including them.
+
+    Here are the possible system metadata items for the internetarchive backend.
+
+    | Name | Help | Type | Example | Read Only |
+    |------|------|------|---------|-----------|
+    | crc32 | CRC32 calculated by Internet Archive | string | 01234567 | **Y** |
+    | format | Name of format identified by Internet Archive | string | Comma-Separated Values | **Y** |
+    | md5 | MD5 hash calculated by Internet Archive | string | 01234567012345670123456701234567 | **Y** |
+    | mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | **Y** |
+    | name | Full file path, without the bucket part | filename | backend/internetarchive/internetarchive.go | **Y** |
+    | old_version | Whether the file was replaced and moved by keep-old-version flag | boolean | true | **Y** |
+    | rclone-ia-mtime | Time of last modification, managed by Internet Archive | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+    | rclone-mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+    | rclone-update-track | Random value used by Rclone for tracking changes inside Internet Archive | string | aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | N |
+    | sha1 | SHA1 hash calculated by Internet Archive | string | 0123456701234567012345670123456701234567 | **Y** |
+    | size | File size in bytes | decimal number | 123456 | **Y** |
+    | source | The source of the file | string | original | **Y** |
+    | summation | Check https://forum.rclone.org/t/31922 for how it is used | string | md5 | **Y** |
+    | viruscheck | The last time viruscheck process was run for the file (?) | unixtime | 1654191352 | **Y** |
+
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+    #  Jottacloud
+
+    Jottacloud is a cloud storage service provider from a Norwegian company, using its own datacenters
+    in Norway. In addition to the official service at [jottacloud.com](https://www.jottacloud.com/),
+    it also provides white-label solutions to different companies, such as:
+    * Telia
+      * Telia Cloud (cloud.telia.se)
+      * Telia Sky (sky.telia.no)
+    * Tele2
+      * Tele2 Cloud (mittcloud.tele2.se)
+    * Onlime
+      * Onlime Cloud Storage (onlime.dk)
+    * Elkjøp (with subsidiaries):
+      * Elkjøp Cloud (cloud.elkjop.no)
+      * Elgiganten Sweden (cloud.elgiganten.se)
+      * Elgiganten Denmark (cloud.elgiganten.dk)
+      * Giganti Cloud  (cloud.gigantti.fi)
+      * ELKO Cloud (cloud.elko.is)
+
+    Most of the white-label versions are supported by this backend, although may require different
+    authentication setup - described below.
+
+    Paths are specified as `remote:path`
+
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+    ## Authentication types
+
+    Some of the whitelabel versions uses a different authentication method than the official service,
+    and you have to choose the correct one when setting up the remote.
+
+    ### Standard authentication
+
+    The standard authentication method used by the official service (jottacloud.com), as well as
+    some of the whitelabel services, requires you to generate a single-use personal login token
+    from the account security settings in the service's web interface. Log in to your account,
+    go to "Settings" and then "Security", or use the direct link presented to you by rclone when
+    configuring the remote: <https://www.jottacloud.com/web/secure>. Scroll down to the section
+    "Personal login token", and click the "Generate" button. Note that if you are using a
+    whitelabel service you probably can't use the direct link, you need to find the same page in
+    their dedicated web interface, and also it may be in a different location than described above.
+
+    To access your account from multiple instances of rclone, you need to configure each of them
+    with a separate personal login token. E.g. you create a Jottacloud remote with rclone in one
+    location, and copy the configuration file to a second location where you also want to run
+    rclone and access the same remote. Then you need to replace the token for one of them, using
+    the [config reconnect](https://rclone.org/commands/rclone_config_reconnect/) command, which
+    requires you to generate a new personal login token and supply as input. If you do not
+    do this, the token may easily end up being invalidated, resulting in both instances failing
+    with an error message something along the lines of:
+
+        oauth2: cannot fetch token: 400 Bad Request
+        Response: {"error":"invalid_grant","error_description":"Stale token"}
+
+    When this happens, you need to replace the token as described above to be able to use your
+    remote again.
+
+    All personal login tokens you have taken into use will be listed in the web interface under
+    "My logged in devices", and from the right side of that list you can click the "X" button to
+    revoke individual tokens.
+
+    ### Legacy authentication
+
+    If you are using one of the whitelabel versions (e.g. from Elkjøp) you may not have the option
+    to generate a CLI token. In this case you'll have to use the legacy authentication. To do this select
+    yes when the setup asks for legacy authentication and enter your username and password.
+    The rest of the setup is identical to the default setup.
+
+    ### Telia Cloud authentication
+
+    Similar to other whitelabel versions Telia Cloud doesn't offer the option of creating a CLI token, and
+    additionally uses a separate authentication flow where the username is generated internally. To setup
+    rclone to use Telia Cloud, choose Telia Cloud authentication in the setup. The rest of the setup is
+    identical to the default setup.
+
+    ### Tele2 Cloud authentication
+
+    As Tele2-Com Hem merger was completed this authentication can be used for former Com Hem Cloud and
+    Tele2 Cloud customers as no support for creating a CLI token exists, and additionally uses a separate
+    authentication flow where the username is generated internally. To setup rclone to use Tele2 Cloud,
+    choose Tele2 Cloud authentication in the setup. The rest of the setup is identical to the default setup.
+
+    ### Onlime Cloud Storage authentication
+
+    Onlime has sold access to Jottacloud proper, while providing localized support to Danish Customers, but
+    have recently set up their own hosting, transferring their customers from Jottacloud servers to their
+    own ones.
+
+    This, of course, necessitates using their servers for authentication, but otherwise functionality and
+    architecture seems equivalent to Jottacloud.
+
+    To setup rclone to use Onlime Cloud Storage, choose Onlime Cloud authentication in the setup. The rest
+    of the setup is identical to the default setup.
+
+    ## Configuration
+
+    Here is an example of how to make a remote called `remote` with the default setup.  First run:
+
+        rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Option Storage. Type of
+storage to configure. Choose a number from below, or type in your own
+value. [snip] XX / Jottacloud  (jottacloud) [snip] Storage> jottacloud
+Edit advanced config? y) Yes n) No (default) y/n> n Option config_type.
+Select authentication type. Choose a number from below, or type in an
+existing string value. Press Enter for the default (standard). /
+Standard authentication. 1 | Use this if you're a normal Jottacloud
+user.  (standard) / Legacy authentication. 2 | This is only required for
+certain whitelabel versions of Jottacloud and not recommended for normal
+users.  (legacy) / Telia Cloud authentication. 3 | Use this if you are
+using Telia Cloud.  (telia) / Tele2 Cloud authentication. 4 | Use this
+if you are using Tele2 Cloud.  (tele2) / Onlime Cloud authentication. 5
+| Use this if you are using Onlime Cloud.  (onlime) config_type> 1
+Personal login token. Generate here:
+https://www.jottacloud.com/web/secure Login Token> Use a non-standard
+device/mountpoint? Choosing no, the default, will let you access the
+storage used for the archive section of the official Jottacloud client.
+If you instead want to access the sync or the backup section, for
+example, you must choose yes. y) Yes n) No (default) y/n> y Option
+config_device. The device to use. In standard setup the built-in Jotta
+device is used, which contains predefined mountpoints for archive, sync
+etc. All other devices are treated as backup devices by the official
+Jottacloud client. You may create a new by entering a unique name.
+Choose a number from below, or type in your own string value. Press
+Enter for the default (DESKTOP-3H31129). 1 > DESKTOP-3H31129 2 > Jotta
+config_device> 2 Option config_mountpoint. The mountpoint to use for the
+built-in device Jotta. The standard setup is to use the Archive
+mountpoint. Most other mountpoints have very limited support in rclone
+and should generally be avoided. Choose a number from below, or type in
+an existing string value. Press Enter for the default (Archive). 1 >
+Archive 2 > Shared 3 > Sync config_mountpoint> 1 --------------------
+[remote] type = jottacloud configVersion = 1 client_id = jottacli
+client_secret = tokenURL =
+https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token
+token = {........} username = 2940e57271a93d987d6f8a21 device = Jotta
+mountpoint = Archive -------------------- y) Yes this is OK (default) e)
+Edit this remote d) Delete this remote y/e/d> y
+
+
+    Once configured you can then use `rclone` like this,
+
+    List directories in top level of your Jottacloud
+
+        rclone lsd remote:
+
+    List all the files in your Jottacloud
+
+        rclone ls remote:
+
+    To copy a local directory to an Jottacloud directory called backup
+
+        rclone copy /home/source remote:backup
+
+    ### Devices and Mountpoints
+
+    The official Jottacloud client registers a device for each computer you install
+    it on, and shows them in the backup section of the user interface. For each
+    folder you select for backup it will create a mountpoint within this device.
+    A built-in device called Jotta is special, and contains mountpoints Archive,
+    Sync and some others, used for corresponding features in official clients.
+
+    With rclone you'll want to use the standard Jotta/Archive device/mountpoint in
+    most cases. However, you may for example want to access files from the sync or
+    backup functionality provided by the official clients, and rclone therefore
+    provides the option to select other devices and mountpoints during config.
+
+    You are allowed to create new devices and mountpoints. All devices except the
+    built-in Jotta device are treated as backup devices by official Jottacloud
+    clients, and the mountpoints on them are individual backup sets.
+
+    With the built-in Jotta device, only existing, built-in, mountpoints can be
+    selected. In addition to the mentioned Archive and Sync, it may contain
+    several other mountpoints such as: Latest, Links, Shared and Trash. All of
+    these are special mountpoints with a different internal representation than
+    the "regular" mountpoints. Rclone will only to a very limited degree support
+    them. Generally you should avoid these, unless you know what you are doing.
+
+    ### --fast-list
+
+    This backend supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
+
+    Note that the implementation in Jottacloud always uses only a single
+    API request to get the entire list, so for large folders this could
+    lead to long wait time before the first results are shown.
+
+    Note also that with rclone version 1.58 and newer, information about
+    [MIME types](https://rclone.org/overview/#mime-type) and metadata item [utime](#metadata)
+    are not available when using `--fast-list`.
+
+    ### Modification times and hashes
+
+    Jottacloud allows modification times to be set on objects accurate to 1
+    second. These will be used to detect whether objects need syncing or
+    not.
+
+    Jottacloud supports MD5 type hashes, so you can use the `--checksum`
+    flag.
+
+    Note that Jottacloud requires the MD5 hash before upload so if the
+    source does not have an MD5 checksum then the file will be cached
+    temporarily on disk (in location given by
+    [--temp-dir](https://rclone.org/docs/#temp-dir-dir)) before it is uploaded.
+    Small files will be cached in memory - see the
+    [--jottacloud-md5-memory-limit](#jottacloud-md5-memory-limit) flag.
+    When uploading from local disk the source checksum is always available,
+    so this does not apply. Starting with rclone version 1.52 the same is
+    true for encrypted remotes (in older versions the crypt backend would not
+    calculate hashes for uploads from local disk, so the Jottacloud
+    backend had to do it as described above).
+
+    ### Restricted filename characters
+
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | "         | 0x22  | ＂          |
+    | *         | 0x2A  | ＊          |
+    | :         | 0x3A  | ：          |
+    | <         | 0x3C  | ＜          |
+    | >         | 0x3E  | ＞          |
+    | ?         | 0x3F  | ？          |
+    | \|        | 0x7C  | ｜          |
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in XML strings.
+
+    ### Deleting files
+
+    By default, rclone will send all files to the trash when deleting files. They will be permanently
+    deleted automatically after 30 days. You may bypass the trash and permanently delete files immediately
+    by using the [--jottacloud-hard-delete](#jottacloud-hard-delete) flag, or set the equivalent environment variable.
+    Emptying the trash is supported by the [cleanup](https://rclone.org/commands/rclone_cleanup/) command.
+
+    ### Versions
+
+    Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it.
+    Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.
+
+    Versioning can be disabled by `--jottacloud-no-versions` option. This is achieved by deleting the remote file prior to uploading
+    a new version. If the upload the fails no version of the file will be available in the remote.
+
+    ### Quota information
+
+    To view your current quota you can use the `rclone about remote:`
+    command which will display your usage limit (unless it is unlimited)
+    and the current usage.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to jottacloud (Jottacloud).
+
+    #### --jottacloud-client-id
+
+    OAuth Client Id.
+
+    Leave blank normally.
+
+    Properties:
+
+    - Config:      client_id
+    - Env Var:     RCLONE_JOTTACLOUD_CLIENT_ID
+    - Type:        string
+    - Required:    false
+
+    #### --jottacloud-client-secret
+
+    OAuth Client Secret.
+
+    Leave blank normally.
+
+    Properties:
+
+    - Config:      client_secret
+    - Env Var:     RCLONE_JOTTACLOUD_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
+
+    ### Advanced options
+
+    Here are the Advanced options specific to jottacloud (Jottacloud).
+
+    #### --jottacloud-token
+
+    OAuth Access Token as a JSON blob.
+
+    Properties:
+
+    - Config:      token
+    - Env Var:     RCLONE_JOTTACLOUD_TOKEN
+    - Type:        string
+    - Required:    false
+
+    #### --jottacloud-auth-url
+
+    Auth server URL.
+
+    Leave blank to use the provider defaults.
+
+    Properties:
+
+    - Config:      auth_url
+    - Env Var:     RCLONE_JOTTACLOUD_AUTH_URL
+    - Type:        string
+    - Required:    false
+
+    #### --jottacloud-token-url
+
+    Token server url.
+
+    Leave blank to use the provider defaults.
+
+    Properties:
+
+    - Config:      token_url
+    - Env Var:     RCLONE_JOTTACLOUD_TOKEN_URL
+    - Type:        string
+    - Required:    false
+
+    #### --jottacloud-md5-memory-limit
+
+    Files bigger than this will be cached on disk to calculate the MD5 if required.
+
+    Properties:
+
+    - Config:      md5_memory_limit
+    - Env Var:     RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT
+    - Type:        SizeSuffix
+    - Default:     10Mi
+
+    #### --jottacloud-trashed-only
+
+    Only show files that are in the trash.
+
+    This will show trashed files in their original directory structure.
+
+    Properties:
+
+    - Config:      trashed_only
+    - Env Var:     RCLONE_JOTTACLOUD_TRASHED_ONLY
+    - Type:        bool
+    - Default:     false
+
+    #### --jottacloud-hard-delete
+
+    Delete files permanently rather than putting them into the trash.
+
+    Properties:
+
+    - Config:      hard_delete
+    - Env Var:     RCLONE_JOTTACLOUD_HARD_DELETE
+    - Type:        bool
+    - Default:     false
+
+    #### --jottacloud-upload-resume-limit
+
+    Files bigger than this can be resumed if the upload fail's.
+
+    Properties:
+
+    - Config:      upload_resume_limit
+    - Env Var:     RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT
+    - Type:        SizeSuffix
+    - Default:     10Mi
+
+    #### --jottacloud-no-versions
+
+    Avoid server side versioning by deleting files and recreating files instead of overwriting them.
+
+    Properties:
+
+    - Config:      no_versions
+    - Env Var:     RCLONE_JOTTACLOUD_NO_VERSIONS
+    - Type:        bool
+    - Default:     false
+
+    #### --jottacloud-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_JOTTACLOUD_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
+
+    ### Metadata
+
+    Jottacloud has limited support for metadata, currently an extended set of timestamps.
+
+    Here are the possible system metadata items for the jottacloud backend.
+
+    | Name | Help | Type | Example | Read Only |
+    |------|------|------|---------|-----------|
+    | btime | Time of file birth (creation), read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+    | content-type | MIME type, also known as media type | string | text/plain | **Y** |
+    | mtime | Time of last modification, read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+    | utime | Time of last upload, when current revision was created, generated by backend | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+
+    See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+    ## Limitations
+
+    Note that Jottacloud is case insensitive so you can't have a file called
+    "Hello.doc" and one called "hello.doc".
+
+    There are quite a few characters that can't be in Jottacloud file names. Rclone will map these names to and from an identical
+    looking unicode equivalent. For example if a file has a ? in it will be mapped to ？ instead.
+
+    Jottacloud only supports filenames up to 255 characters in length.
+
+    ## Troubleshooting
+
+    Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove
+    operations to previously deleted paths to fail. Emptying the trash should help in such cases.
+
+    #  Koofr
+
+    Paths are specified as `remote:path`
+
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+    ## Configuration
+
+    The initial setup for Koofr involves creating an application password for
+    rclone. You can do that by opening the Koofr
+    [web application](https://app.koofr.net/app/admin/preferences/password),
+    giving the password a nice name like `rclone` and clicking on generate.
+
+    Here is an example of how to make a remote called `koofr`.  First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> koofr Option Storage. Type of
+storage to configure. Choose a number from below, or type in your own
+value. [snip] 22 / Koofr, Digi Storage and other Koofr-compatible
+storage providers  (koofr) [snip] Storage> koofr Option provider. Choose
+your storage provider. Choose a number from below, or type in your own
+value. Press Enter to leave empty. 1 / Koofr, https://app.koofr.net/
+ (koofr) 2 / Digi Storage, https://storage.rcs-rds.ro/  (digistorage) 3
+/ Any other Koofr API compatible storage service  (other) provider> 1
+Option user. Your user name. Enter a value. user> USERNAME Option
+password. Your password for rclone (generate one at
+https://app.koofr.net/app/admin/preferences/password). Choose an
+alternative below. y) Yes, type in my own password g) Generate random
+password y/g> y Enter the password: password: Confirm the password:
+password: Edit advanced config? y) Yes n) No (default) y/n> n Remote
+config -------------------- [koofr] type = koofr provider = koofr user =
+USERNAME password = *** ENCRYPTED *** -------------------- y) Yes this
+is OK (default) e) Edit this remote d) Delete this remote y/e/d> y
+
+
+    You can choose to edit advanced config in order to enter your own service URL
+    if you use an on-premise or white label Koofr instance, or choose an alternative
+    mount instead of your primary storage.
+
+    Once configured you can then use `rclone` like this,
+
+    List directories in top level of your Koofr
+
+        rclone lsd koofr:
+
+    List all the files in your Koofr
+
+        rclone ls koofr:
+
+    To copy a local directory to an Koofr directory called backup
+
+        rclone copy /home/source koofr:backup
+
+    ### Restricted filename characters
+
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | \         | 0x5C  | ＼           |
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in XML strings.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+
+    #### --koofr-provider
+
+    Choose your storage provider.
+
+    Properties:
+
+    - Config:      provider
+    - Env Var:     RCLONE_KOOFR_PROVIDER
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "koofr"
+            - Koofr, https://app.koofr.net/
+        - "digistorage"
+            - Digi Storage, https://storage.rcs-rds.ro/
+        - "other"
+            - Any other Koofr API compatible storage service
+
+    #### --koofr-endpoint
+
+    The Koofr API endpoint to use.
+
+    Properties:
+
+    - Config:      endpoint
+    - Env Var:     RCLONE_KOOFR_ENDPOINT
+    - Provider:    other
+    - Type:        string
+    - Required:    true
+
+    #### --koofr-user
+
+    Your user name.
+
+    Properties:
+
+    - Config:      user
+    - Env Var:     RCLONE_KOOFR_USER
+    - Type:        string
+    - Required:    true
+
+    #### --koofr-password
+
+    Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
+
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    Properties:
+
+    - Config:      password
+    - Env Var:     RCLONE_KOOFR_PASSWORD
+    - Provider:    koofr
+    - Type:        string
+    - Required:    true
+
+    ### Advanced options
+
+    Here are the Advanced options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+
+    #### --koofr-mountid
+
+    Mount ID of the mount to use.
+
+    If omitted, the primary mount is used.
+
+    Properties:
+
+    - Config:      mountid
+    - Env Var:     RCLONE_KOOFR_MOUNTID
+    - Type:        string
+    - Required:    false
+
+    #### --koofr-setmtime
+
+    Does the backend support setting modification time.
+
+    Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.
+
+    Properties:
+
+    - Config:      setmtime
+    - Env Var:     RCLONE_KOOFR_SETMTIME
+    - Type:        bool
+    - Default:     true
+
+    #### --koofr-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_KOOFR_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+    ## Limitations
+
+    Note that Koofr is case insensitive so you can't have a file called
+    "Hello.doc" and one called "hello.doc".
+
+    ## Providers
+
+    ### Koofr
+
+    This is the original [Koofr](https://koofr.eu) storage provider used as main example and described in the [configuration](#configuration) section above.
+
+    ### Digi Storage 
+
+    [Digi Storage](https://www.digi.ro/servicii/online/digi-storage) is a cloud storage service run by [Digi.ro](https://www.digi.ro/) that
+    provides a Koofr API.
+
+    Here is an example of how to make a remote called `ds`.  First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> ds Option Storage. Type of
+storage to configure. Choose a number from below, or type in your own
+value. [snip] 22 / Koofr, Digi Storage and other Koofr-compatible
+storage providers  (koofr) [snip] Storage> koofr Option provider. Choose
+your storage provider. Choose a number from below, or type in your own
+value. Press Enter to leave empty. 1 / Koofr, https://app.koofr.net/
+ (koofr) 2 / Digi Storage, https://storage.rcs-rds.ro/  (digistorage) 3
+/ Any other Koofr API compatible storage service  (other) provider> 2
+Option user. Your user name. Enter a value. user> USERNAME Option
+password. Your password for rclone (generate one at
+https://storage.rcs-rds.ro/app/admin/preferences/password). Choose an
+alternative below. y) Yes, type in my own password g) Generate random
+password y/g> y Enter the password: password: Confirm the password:
+password: Edit advanced config? y) Yes n) No (default) y/n> n
+-------------------- [ds] type = koofr provider = digistorage user =
+USERNAME password = *** ENCRYPTED *** -------------------- y) Yes this
+is OK (default) e) Edit this remote d) Delete this remote y/e/d> y
+
+
+    ### Other
+
+    You may also want to use another, public or private storage provider that runs a Koofr API compatible service, by simply providing the base URL to connect to.
+
+    Here is an example of how to make a remote called `other`.  First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> other Option Storage. Type of
+storage to configure. Choose a number from below, or type in your own
+value. [snip] 22 / Koofr, Digi Storage and other Koofr-compatible
+storage providers  (koofr) [snip] Storage> koofr Option provider. Choose
+your storage provider. Choose a number from below, or type in your own
+value. Press Enter to leave empty. 1 / Koofr, https://app.koofr.net/
+ (koofr) 2 / Digi Storage, https://storage.rcs-rds.ro/  (digistorage) 3
+/ Any other Koofr API compatible storage service  (other) provider> 3
+Option endpoint. The Koofr API endpoint to use. Enter a value. endpoint>
+https://koofr.other.org Option user. Your user name. Enter a value.
+user> USERNAME Option password. Your password for rclone (generate one
+at your service's settings page). Choose an alternative below. y) Yes,
+type in my own password g) Generate random password y/g> y Enter the
+password: password: Confirm the password: password: Edit advanced
+config? y) Yes n) No (default) y/n> n -------------------- [other] type
+= koofr provider = other endpoint = https://koofr.other.org user =
+USERNAME password = *** ENCRYPTED *** -------------------- y) Yes this
+is OK (default) e) Edit this remote d) Delete this remote y/e/d> y
+
+
+    #  Linkbox
+
+    Linkbox is [a private cloud drive](https://linkbox.to/).
+
+    ## Configuration
+
+    Here is an example of making a remote for Linkbox.
+
+    First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n
+
+Enter name for new remote. name> remote
+
+Option Storage. Type of storage to configure. Choose a number from
+below, or type in your own value. XX / Linkbox  (linkbox) Storage> XX
+
+Option token. Token from https://www.linkbox.to/admin/account Enter a
+value. token> testFromCLToken
+
+Configuration complete. Options: - type: linkbox - token: XXXXXXXXXXX
+Keep this "linkbox" remote? y) Yes this is OK (default) e) Edit this
+remote d) Delete this remote y/e/d> y
+
+
+
+    ### Standard options
+
+    Here are the Standard options specific to linkbox (Linkbox).
+
+    #### --linkbox-token
+
+    Token from https://www.linkbox.to/admin/account
+
+    Properties:
+
+    - Config:      token
+    - Env Var:     RCLONE_LINKBOX_TOKEN
+    - Type:        string
+    - Required:    true
+
+
+
+    ## Limitations
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
+
+    #  Mail.ru Cloud
+
+    [Mail.ru Cloud](https://cloud.mail.ru/) is a cloud storage provided by a Russian internet company [Mail.Ru Group](https://mail.ru). The official desktop client is [Disk-O:](https://disk-o.cloud/en), available on Windows and Mac OS.
+
+    ## Features highlights
+
+    - Paths may be as deep as required, e.g. `remote:directory/subdirectory`
+    - Files have a `last modified time` property, directories don't
+    - Deleted files are by default moved to the trash
+    - Files and directories can be shared via public links
+    - Partial uploads or streaming are not supported, file size must be known before upload
+    - Maximum file size is limited to 2G for a free account, unlimited for paid accounts
+    - Storage keeps hash for all files and performs transparent deduplication,
+      the hash algorithm is a modified SHA1
+    - If a particular file is already present in storage, one can quickly submit file hash
+      instead of long file upload (this optimization is supported by rclone)
+
+    ## Configuration
+
+    Here is an example of making a mailru configuration.
+
+    First create a Mail.ru Cloud account and choose a tariff.
+
+    You will need to log in and create an app password for rclone. Rclone
+    **will not work** with your normal username and password - it will
+    give an error like `oauth2: server response missing access_token`.
+
+    - Click on your user icon in the top right
+    - Go to Security / "Пароль и безопасность"
+    - Click password for apps / "Пароли для внешних приложений"
+    - Add the password - give it a name - eg "rclone"
+    - Copy the password and use this password below - your normal login password won't work.
+
+    Now run
+
+        rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Type of storage to configure. Enter a string value. Press
+Enter for the default (""). Choose a number from below, or type in your
+own value [snip] XX / Mail.ru Cloud  "mailru" [snip] Storage> mailru
+User name (usually email) Enter a string value. Press Enter for the
+default (""). user> username@mail.ru Password
+
+This must be an app password - rclone will not work with your normal
+password. See the Configuration section in the docs for how to make an
+app password. y) Yes type in my own password g) Generate random password
+y/g> y Enter the password: password: Confirm the password: password:
+Skip full upload if there is another file with same data hash. This
+feature is called "speedup" or "put by hash". It is especially efficient
+in case of generally available files like popular books, video or audio
+clips [snip] Enter a boolean value (true or false). Press Enter for the
+default ("true"). Choose a number from below, or type in your own value
+1 / Enable  "true" 2 / Disable  "false" speedup_enable> 1 Edit advanced
+config? (y/n) y) Yes n) No y/n> n Remote config --------------------
+[remote] type = mailru user = username@mail.ru pass = *** ENCRYPTED ***
+speedup_enable = true -------------------- y) Yes this is OK e) Edit
+this remote d) Delete this remote y/e/d> y
+
+
+    Configuration of this backend does not require a local web browser.
+    You can use the configured backend as shown below:
+
+    See top level directories
+
+        rclone lsd remote:
+
+    Make a new directory
+
+        rclone mkdir remote:directory
+
+    List the contents of a directory
+
+        rclone ls remote:directory
+
+    Sync `/home/local/directory` to the remote path, deleting any
+    excess files in the path.
+
+        rclone sync --interactive /home/local/directory remote:directory
+
+    ### Modification times and hashes
+
+    Files support a modification time attribute with up to 1 second precision.
+    Directories do not have a modification time, which is shown as "Jan 1 1970".
+
+    File hashes are supported, with a custom Mail.ru algorithm based on SHA1.
+    If file size is less than or equal to the SHA1 block size (20 bytes),
+    its hash is simply its data right-padded with zero bytes.
+    Hashes of a larger file is computed as a SHA1 of the file data
+    bytes concatenated with a decimal representation of the data length.
+
+    ### Emptying Trash
+
+    Removing a file or directory actually moves it to the trash, which is not
+    visible to rclone but can be seen in a web browser. The trashed file
+    still occupies part of total quota. If you wish to empty your trash
+    and free some quota, you can use the `rclone cleanup remote:` command,
+    which will permanently delete all your trashed files.
+    This command does not take any path arguments.
+
+    ### Quota information
+
+    To view your current quota you can use the `rclone about remote:`
+    command which will display your usage limit (quota) and the current usage.
+
+    ### Restricted filename characters
+
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | "         | 0x22  | ＂          |
+    | *         | 0x2A  | ＊          |
+    | :         | 0x3A  | ：          |
+    | <         | 0x3C  | ＜          |
+    | >         | 0x3E  | ＞          |
+    | ?         | 0x3F  | ？          |
+    | \         | 0x5C  | ＼          |
+    | \|        | 0x7C  | ｜          |
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to mailru (Mail.ru Cloud).
+
+    #### --mailru-client-id
+
+    OAuth Client Id.
+
+    Leave blank normally.
+
+    Properties:
+
+    - Config:      client_id
+    - Env Var:     RCLONE_MAILRU_CLIENT_ID
+    - Type:        string
+    - Required:    false
+
+    #### --mailru-client-secret
+
+    OAuth Client Secret.
+
+    Leave blank normally.
+
+    Properties:
+
+    - Config:      client_secret
+    - Env Var:     RCLONE_MAILRU_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
+
+    #### --mailru-user
+
+    User name (usually email).
+
+    Properties:
+
+    - Config:      user
+    - Env Var:     RCLONE_MAILRU_USER
+    - Type:        string
+    - Required:    true
+
+    #### --mailru-pass
+
+    Password.
+
+    This must be an app password - rclone will not work with your normal
+    password. See the Configuration section in the docs for how to make an
+    app password.
+
+
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    Properties:
+
+    - Config:      pass
+    - Env Var:     RCLONE_MAILRU_PASS
+    - Type:        string
+    - Required:    true
+
+    #### --mailru-speedup-enable
+
+    Skip full upload if there is another file with same data hash.
+
+    This feature is called "speedup" or "put by hash". It is especially efficient
+    in case of generally available files like popular books, video or audio clips,
+    because files are searched by hash in all accounts of all mailru users.
+    It is meaningless and ineffective if source file is unique or encrypted.
+    Please note that rclone may need local memory and disk space to calculate
+    content hash in advance and decide whether full upload is required.
+    Also, if rclone does not know file size in advance (e.g. in case of
+    streaming or partial uploads), it will not even try this optimization.
+
+    Properties:
+
+    - Config:      speedup_enable
+    - Env Var:     RCLONE_MAILRU_SPEEDUP_ENABLE
+    - Type:        bool
+    - Default:     true
+    - Examples:
+        - "true"
+            - Enable
+        - "false"
+            - Disable
+
+    ### Advanced options
+
+    Here are the Advanced options specific to mailru (Mail.ru Cloud).
+
+    #### --mailru-token
+
+    OAuth Access Token as a JSON blob.
+
+    Properties:
+
+    - Config:      token
+    - Env Var:     RCLONE_MAILRU_TOKEN
+    - Type:        string
+    - Required:    false
+
+    #### --mailru-auth-url
+
+    Auth server URL.
+
+    Leave blank to use the provider defaults.
+
+    Properties:
+
+    - Config:      auth_url
+    - Env Var:     RCLONE_MAILRU_AUTH_URL
+    - Type:        string
+    - Required:    false
+
+    #### --mailru-token-url
+
+    Token server url.
+
+    Leave blank to use the provider defaults.
+
+    Properties:
+
+    - Config:      token_url
+    - Env Var:     RCLONE_MAILRU_TOKEN_URL
+    - Type:        string
+    - Required:    false
+
+    #### --mailru-speedup-file-patterns
+
+    Comma separated list of file name patterns eligible for speedup (put by hash).
+
+    Patterns are case insensitive and can contain '*' or '?' meta characters.
+
+    Properties:
+
+    - Config:      speedup_file_patterns
+    - Env Var:     RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS
+    - Type:        string
+    - Default:     "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf"
+    - Examples:
+        - ""
+            - Empty list completely disables speedup (put by hash).
+        - "*"
+            - All files will be attempted for speedup.
+        - "*.mkv,*.avi,*.mp4,*.mp3"
+            - Only common audio/video files will be tried for put by hash.
+        - "*.zip,*.gz,*.rar,*.pdf"
+            - Only common archives or PDF books will be tried for speedup.
+
+    #### --mailru-speedup-max-disk
+
+    This option allows you to disable speedup (put by hash) for large files.
+
+    Reason is that preliminary hashing can exhaust your RAM or disk space.
+
+    Properties:
+
+    - Config:      speedup_max_disk
+    - Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_DISK
+    - Type:        SizeSuffix
+    - Default:     3Gi
+    - Examples:
+        - "0"
+            - Completely disable speedup (put by hash).
+        - "1G"
+            - Files larger than 1Gb will be uploaded directly.
+        - "3G"
+            - Choose this option if you have less than 3Gb free on local disk.
+
+    #### --mailru-speedup-max-memory
+
+    Files larger than the size given below will always be hashed on disk.
+
+    Properties:
+
+    - Config:      speedup_max_memory
+    - Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_MEMORY
+    - Type:        SizeSuffix
+    - Default:     32Mi
+    - Examples:
+        - "0"
+            - Preliminary hashing will always be done in a temporary disk location.
+        - "32M"
+            - Do not dedicate more than 32Mb RAM for preliminary hashing.
+        - "256M"
+            - You have at most 256Mb RAM free for hash calculations.
+
+    #### --mailru-check-hash
+
+    What should copy do if file checksum is mismatched or invalid.
+
+    Properties:
+
+    - Config:      check_hash
+    - Env Var:     RCLONE_MAILRU_CHECK_HASH
+    - Type:        bool
+    - Default:     true
+    - Examples:
+        - "true"
+            - Fail with error.
+        - "false"
+            - Ignore and continue.
+
+    #### --mailru-user-agent
+
+    HTTP user agent used internally by client.
+
+    Defaults to "rclone/VERSION" or "--user-agent" provided on command line.
+
+    Properties:
+
+    - Config:      user_agent
+    - Env Var:     RCLONE_MAILRU_USER_AGENT
+    - Type:        string
+    - Required:    false
+
+    #### --mailru-quirks
+
+    Comma separated list of internal maintenance flags.
+
+    This option must not be used by an ordinary user. It is intended only to
+    facilitate remote troubleshooting of backend issues. Strict meaning of
+    flags is not documented and not guaranteed to persist between releases.
+    Quirks will be removed when the backend grows stable.
+    Supported quirks: atomicmkdir binlist unknowndirs
+
+    Properties:
+
+    - Config:      quirks
+    - Env Var:     RCLONE_MAILRU_QUIRKS
+    - Type:        string
+    - Required:    false
+
+    #### --mailru-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_MAILRU_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+    ## Limitations
+
+    File size limits depend on your account. A single file size is limited by 2G
+    for a free account and unlimited for paid tariffs. Please refer to the Mail.ru
+    site for the total uploaded size limits.
+
+    Note that Mailru is case insensitive so you can't have a file called
+    "Hello.doc" and one called "hello.doc".
+
+    #  Mega
+
+    [Mega](https://mega.nz/) is a cloud storage and file hosting service
+    known for its security feature where all files are encrypted locally
+    before they are uploaded. This prevents anyone (including employees of
+    Mega) from accessing the files without knowledge of the key used for
+    encryption.
+
+    This is an rclone backend for Mega which supports the file transfer
+    features of Mega using the same client side encryption.
+
+    Paths are specified as `remote:path`
+
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+    ## Configuration
+
+    Here is an example of how to make a remote called `remote`.  First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Mega  "mega" [snip] Storage> mega User name user> you@example.com
+Password. y) Yes type in my own password g) Generate random password n)
+No leave this optional password blank y/g/n> y Enter the password:
+password: Confirm the password: password: Remote config
+-------------------- [remote] type = mega user = you@example.com pass =
+*** ENCRYPTED *** -------------------- y) Yes this is OK e) Edit this
+remote d) Delete this remote y/e/d> y
+
+
+    **NOTE:** The encryption keys need to have been already generated after a regular login
+    via the browser, otherwise attempting to use the credentials in `rclone` will fail.
+
+    Once configured you can then use `rclone` like this,
+
+    List directories in top level of your Mega
+
+        rclone lsd remote:
+
+    List all the files in your Mega
+
+        rclone ls remote:
+
+    To copy a local directory to an Mega directory called backup
+
+        rclone copy /home/source remote:backup
+
+    ### Modification times and hashes
+
+    Mega does not support modification times or hashes yet.
+
+    ### Restricted filename characters
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | NUL       | 0x00  | ␀           |
+    | /         | 0x2F  | ／          |
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
+
+    ### Duplicated files
+
+    Mega can have two files with exactly the same name and path (unlike a
+    normal file system).
+
+    Duplicated files cause problems with the syncing and you will see
+    messages in the log about duplicates.
+
+    Use `rclone dedupe` to fix duplicated files.
+
+    ### Failure to log-in
+
+    #### Object not found
+
+    If you are connecting to your Mega remote for the first time, 
+    to test access and synchronization, you may receive an error such as 
+
+Failed to create file system for "my-mega-remote:": couldn't login:
+Object (typically, node or user) not found
+
+
+    The diagnostic steps often recommended in the [rclone forum](https://forum.rclone.org/search?q=mega)
+    start with the **MEGAcmd** utility. Note that this refers to 
+    the official C++ command from https://github.com/meganz/MEGAcmd 
+    and not the go language built command from t3rm1n4l/megacmd 
+    that is no longer maintained. 
+
+    Follow the instructions for installing MEGAcmd and try accessing 
+    your remote as they recommend. You can establish whether or not 
+    you can log in using MEGAcmd, and obtain diagnostic information 
+    to help you, and search or work with others in the forum. 
+
+MEGA CMD> login me@example.com Password: Fetching nodes ... Loading
+transfers from local cache Login complete as me@example.com
+me@example.com:/$
+
+
+    Note that some have found issues with passwords containing special 
+    characters. If you can not log on with rclone, but MEGAcmd logs on 
+    just fine, then consider changing your password temporarily to 
+    pure alphanumeric characters, in case that helps.
+
+
+    #### Repeated commands blocks access
+
+    Mega remotes seem to get blocked (reject logins) under "heavy use".
+    We haven't worked out the exact blocking rules but it seems to be
+    related to fast paced, successive rclone commands.
+
+    For example, executing this command 90 times in a row `rclone link
+    remote:file` will cause the remote to become "blocked". This is not an
+    abnormal situation, for example if you wish to get the public links of
+    a directory with hundred of files...  After more or less a week, the
+    remote will remote accept rclone logins normally again.
+
+    You can mitigate this issue by mounting the remote it with `rclone
+    mount`. This will log-in when mounting and a log-out when unmounting
+    only. You can also run `rclone rcd` and then use `rclone rc` to run
+    the commands over the API to avoid logging in each time.
+
+    Rclone does not currently close mega sessions (you can see them in the
+    web interface), however closing the sessions does not solve the issue.
+
+    If you space rclone commands by 3 seconds it will avoid blocking the
+    remote. We haven't identified the exact blocking rules, so perhaps one
+    could execute the command 80 times without waiting and avoid blocking
+    by waiting 3 seconds, then continuing...
+
+    Note that this has been observed by trial and error and might not be
+    set in stone.
+
+    Other tools seem not to produce this blocking effect, as they use a
+    different working approach (state-based, using sessionIDs instead of
+    log-in) which isn't compatible with the current stateless rclone
+    approach.
+
+    Note that once blocked, the use of other tools (such as megacmd) is
+    not a sure workaround: following megacmd login times have been
+    observed in succession for blocked remote: 7 minutes, 20 min, 30min, 30
+    min, 30min. Web access looks unaffected though.
+
+    Investigation is continuing in relation to workarounds based on
+    timeouts, pacers, retrials and tpslimits - if you discover something
+    relevant, please post on the forum.
+
+    So, if rclone was working nicely and suddenly you are unable to log-in
+    and you are sure the user and the password are correct, likely you
+    have got the remote blocked for a while.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to mega (Mega).
+
+    #### --mega-user
+
+    User name.
+
+    Properties:
+
+    - Config:      user
+    - Env Var:     RCLONE_MEGA_USER
+    - Type:        string
+    - Required:    true
+
+    #### --mega-pass
+
+    Password.
+
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    Properties:
+
+    - Config:      pass
+    - Env Var:     RCLONE_MEGA_PASS
+    - Type:        string
+    - Required:    true
+
+    ### Advanced options
+
+    Here are the Advanced options specific to mega (Mega).
+
+    #### --mega-debug
+
+    Output more debug from Mega.
+
+    If this flag is set (along with -vv) it will print further debugging
+    information from the mega backend.
+
+    Properties:
+
+    - Config:      debug
+    - Env Var:     RCLONE_MEGA_DEBUG
+    - Type:        bool
+    - Default:     false
+
+    #### --mega-hard-delete
+
+    Delete files permanently rather than putting them into the trash.
+
+    Normally the mega backend will put all deletions into the trash rather
+    than permanently deleting them.  If you specify this then rclone will
+    permanently delete objects instead.
+
+    Properties:
+
+    - Config:      hard_delete
+    - Env Var:     RCLONE_MEGA_HARD_DELETE
+    - Type:        bool
+    - Default:     false
+
+    #### --mega-use-https
+
+    Use HTTPS for transfers.
+
+    MEGA uses plain text HTTP connections by default.
+    Some ISPs throttle HTTP connections, this causes transfers to become very slow.
+    Enabling this will force MEGA to use HTTPS for all transfers.
+    HTTPS is normally not necessary since all data is already encrypted anyway.
+    Enabling it will increase CPU usage and add network overhead.
+
+    Properties:
+
+    - Config:      use_https
+    - Env Var:     RCLONE_MEGA_USE_HTTPS
+    - Type:        bool
+    - Default:     false
+
+    #### --mega-encoding
+
+    The encoding for the backend.
+
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_MEGA_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,InvalidUtf8,Dot
+
+
+
+    ### Process `killed`
+
+    On accounts with large files or something else, memory usage can significantly increase when executing list/sync instructions. When running on cloud providers (like AWS with EC2), check if the instance type has sufficient memory/CPU to execute the commands. Use the resource monitoring tools to inspect after sending the commands. Look [at this issue](https://forum.rclone.org/t/rclone-with-mega-appears-to-work-only-in-some-accounts/40233/4).
+
+    ## Limitations
+
+    This backend uses the [go-mega go library](https://github.com/t3rm1n4l/go-mega) which is an opensource
+    go library implementing the Mega API. There doesn't appear to be any
+    documentation for the mega protocol beyond the [mega C++ SDK](https://github.com/meganz/sdk) source code
+    so there are likely quite a few errors still remaining in this library.
+
+    Mega allows duplicate files which may confuse rclone.
+
+    #  Memory
+
+    The memory backend is an in RAM backend. It does not persist its
+    data - use the local backend for that.
+
+    The memory backend behaves like a bucket-based remote (e.g. like
+    s3). Because it has no parameters you can just use it with the
+    `:memory:` remote name.
+
+    ## Configuration
+
+    You can configure it as a remote like this with `rclone config` too if
+    you want to:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX / Memory
+ "memory" [snip] Storage> memory ** See help for memory backend at:
+https://rclone.org/memory/ **
+
+Remote config
+
+  ---------------
+  [remote]
+  type = memory
+  ---------------
+
+y)  Yes this is OK (default)
+z)  Edit this remote
+a)  Delete this remote y/e/d> y
 
--   Config: encoding
--   Env Var: RCLONE_HIDRIVE_ENCODING
--   Type: MultiEncoder
--   Default: Slash,Dot
 
-Limitations
+    Because the memory backend isn't persistent it is most useful for
+    testing or with an rclone server or rclone mount, e.g.
 
-Symbolic links
+        rclone mount :memory: /mnt/tmp
+        rclone serve webdav :memory:
+        rclone serve sftp :memory:
 
-HiDrive is able to store symbolic links (symlinks) by design, for
-example, when unpacked from a zip archive.
+    ### Modification times and hashes
 
-There exists no direct mechanism to manage native symlinks in remotes.
-As such this implementation has chosen to ignore any native symlinks
-present in the remote. rclone will not be able to access or show any
-symlinks stored in the hidrive-remote. This means symlinks cannot be
-individually removed, copied, or moved, except when removing, copying,
-or moving the parent folder.
+    The memory backend supports MD5 hashes and modification times accurate to 1 nS.
 
-This does not affect the .rclonelink-files that rclone uses to encode
-and store symbolic links.
+    ### Restricted filename characters
 
-Sparse files
+    The memory backend replaces the [default restricted characters
+    set](https://rclone.org/overview/#restricted-characters).
 
-It is possible to store sparse files in HiDrive.
 
-Note that copying a sparse file will expand the holes into null-byte
-(0x00) regions that will then consume disk space. Likewise, when
-downloading a sparse file, the resulting file will have null-byte
-regions in the place of file holes.
 
-HTTP
 
-The HTTP remote is a read only remote for reading files of a webserver.
-The webserver should provide file listings which rclone will read and
-turn into a remote. This has been tested with common webservers such as
-Apache/Nginx/Caddy and will likely work with file listings from most web
-servers. (If it doesn't then please file an issue, or send a pull
-request!)
+    #  Akamai NetStorage
 
-Paths are specified as remote: or remote:path.
+    Paths are specified as `remote:`
+    You may put subdirectories in too, e.g. `remote:/path/to/dir`.
+    If you have a CP code you can use that as the folder after the domain such as \<domain>\/\<cpcode>\/\<internal directories within cpcode>.
 
-The remote: represents the configured url, and any path following it
-will be resolved relative to this url, according to the URL standard.
-This means with remote url https://beta.rclone.org/branch and path fix,
-the resolved URL will be https://beta.rclone.org/branch/fix, while with
-path /fix the resolved URL will be https://beta.rclone.org/fix as the
-absolute path is resolved from the root of the domain.
+    For example, this is commonly configured with or without a CP code:
+    * **With a CP code**. `[your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/`
+    * **Without a CP code**. `[your-domain-prefix]-nsu.akamaihd.net`
 
-If the path following the remote: ends with / it will be assumed to
-point to a directory. If the path does not end with /, then a HEAD
-request is sent and the response used to decide if it it is treated as a
-file or a directory (run with -vv to see details). When --http-no-head
-is specified, a path without ending / is always assumed to be a file. If
-rclone incorrectly assumes the path is a file, the solution is to
-specify the path with ending /. When you know the path is a directory,
-ending it with / is always better as it avoids the initial HEAD request.
 
-To just download a single file it is easier to use copyurl.
+    See all buckets
+       rclone lsd remote:
+    The initial setup for Netstorage involves getting an account and secret. Use `rclone config` to walk you through the setup process.
 
-Configuration
+    ## Configuration
 
-Here is an example of how to make a remote called remote. First run:
+    Here's an example of how to make a remote called `ns1`.
 
-     rclone config
+    1. To begin the interactive configuration process, enter this command:
 
-This will guide you through an interactive setup process:
+rclone config
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / HTTP
-       \ "http"
-    [snip]
-    Storage> http
-    URL of http host to connect to
-    Choose a number from below, or type in your own value
-     1 / Connect to example.com
-       \ "https://example.com"
-    url> https://beta.rclone.org
-    Remote config
-    --------------------
-    [remote]
-    url = https://beta.rclone.org
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
-    Current remotes:
 
-    Name                 Type
-    ====                 ====
-    remote               http
+    2. Type `n` to create a new remote.
 
-    e) Edit existing remote
-    n) New remote
-    d) Delete remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    e/n/d/r/c/s/q> q
+n)  New remote
+o)  Delete remote
+p)  Quit config e/n/d/q> n
 
-This remote is called remote and can now be used like this
 
-See all the top level directories
+    3. For this example, enter `ns1` when you reach the name> prompt.
 
-    rclone lsd remote:
+name> ns1
 
-List the contents of a directory
 
-    rclone ls remote:directory
+    4. Enter `netstorage` as the type of storage to configure.
 
-Sync the remote directory to /home/local/directory, deleting any excess
-files.
+Type of storage to configure. Enter a string value. Press Enter for the
+default (""). Choose a number from below, or type in your own value XX /
+NetStorage  "netstorage" Storage> netstorage
 
-    rclone sync --interactive remote:directory /home/local/directory
 
-Read only
+    5. Select between the HTTP or HTTPS protocol. Most users should choose HTTPS, which is the default. HTTP is provided primarily for debugging purposes.
 
-This remote is read only - you can't upload files to an HTTP server.
+Enter a string value. Press Enter for the default (""). Choose a number
+from below, or type in your own value 1 / HTTP protocol  "http" 2 /
+HTTPS protocol  "https" protocol> 1
 
-Modified time
 
-Most HTTP servers store time accurate to 1 second.
+    6. Specify your NetStorage host, CP code, and any necessary content paths using this format: `<domain>/<cpcode>/<content>/`
 
-Checksum
+Enter a string value. Press Enter for the default (""). host>
+baseball-nsu.akamaihd.net/123456/content/
 
-No checksums are stored.
 
-Usage without a config file
+    7. Set the netstorage account name
 
-Since the http remote only has one config parameter it is easy to use
-without a config file:
+Enter a string value. Press Enter for the default (""). account>
+username
 
-    rclone lsd --http-url https://beta.rclone.org :http:
 
-or:
+    8. Set the Netstorage account secret/G2O key which will be used for authentication purposes. Select the `y` option to set your own password then enter your secret.
+    Note: The secret is stored in the `rclone.conf` file with hex-encoded encryption.
 
-    rclone lsd :http,url='https://beta.rclone.org':
+y)  Yes type in my own password
+z)  Generate random password y/g> y Enter the password: password:
+    Confirm the password: password:
 
-Standard options
 
-Here are the Standard options specific to http (HTTP).
+    9. View the summary and confirm your remote configuration.
 
---http-url
+[ns1] type = netstorage protocol = http host =
+baseball-nsu.akamaihd.net/123456/content/ account = username secret =
+*** ENCRYPTED *** -------------------- y) Yes this is OK (default) e)
+Edit this remote d) Delete this remote y/e/d> y
 
-URL of HTTP host to connect to.
 
-E.g. "https://example.com", or "https://user:pass@example.com" to use a
-username and password.
+    This remote is called `ns1` and can now be used.
 
-Properties:
+    ## Example operations
 
--   Config: url
--   Env Var: RCLONE_HTTP_URL
--   Type: string
--   Required: true
+    Get started with rclone and NetStorage with these examples. For additional rclone commands, visit https://rclone.org/commands/.
 
-Advanced options
+    ### See contents of a directory in your project
 
-Here are the Advanced options specific to http (HTTP).
+        rclone lsd ns1:/974012/testing/
 
---http-headers
+    ### Sync the contents local with remote
 
-Set HTTP headers for all transactions.
+        rclone sync . ns1:/974012/testing/
 
-Use this to set additional HTTP headers for all transactions.
+    ### Upload local content to remote
+        rclone copy notes.txt ns1:/974012/testing/
 
-The input format is comma separated list of key,value pairs. Standard
-CSV encoding may be used.
+    ### Delete content on remote
+        rclone delete ns1:/974012/testing/notes.txt
 
-For example, to set a Cookie use 'Cookie,name=value', or
-'"Cookie","name=value"'.
+    ### Move or copy content between CP codes.
 
-You can set multiple headers, e.g.
-'"Cookie","name=value","Authorization","xxx"'.
+    Your credentials must have access to two CP codes on the same remote. You can't perform operations between different remotes.
 
-Properties:
+        rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/
 
--   Config: headers
--   Env Var: RCLONE_HTTP_HEADERS
--   Type: CommaSepList
--   Default:
+    ## Features
 
---http-no-slash
+    ### Symlink Support
 
-Set this if the site doesn't end directories with /.
+    The Netstorage backend changes the rclone `--links, -l` behavior. When uploading, instead of creating the .rclonelink file, use the "symlink" API in order to create the corresponding symlink on the remote. The .rclonelink file will not be created, the upload will be intercepted and only the symlink file that matches the source file name with no suffix will be created on the remote.
 
-Use this if your target website does not use / on the end of
-directories.
+    This will effectively allow commands like copy/copyto, move/moveto and sync to upload from local to remote and download from remote to local directories with symlinks. Due to internal rclone limitations, it is not possible to upload an individual symlink file to any remote backend. You can always use the "backend symlink" command to create a symlink on the NetStorage server, refer to "symlink" section below.
 
-A / on the end of a path is how rclone normally tells the difference
-between files and directories. If this flag is set, then rclone will
-treat all files with Content-Type: text/html as directories and read
-URLs from them rather than downloading them.
+    Individual symlink files on the remote can be used with the commands like "cat" to print the destination name, or "delete" to delete symlink, or copy, copy/to and move/moveto to download from the remote to local. Note: individual symlink files on the remote should be specified including the suffix .rclonelink.
 
-Note that this may cause rclone to confuse genuine HTML files with
-directories.
+    **Note**: No file with the suffix .rclonelink should ever exist on the server since it is not possible to actually upload/create a file with .rclonelink suffix with rclone, it can only exist if it is manually created through a non-rclone method on the remote.
 
-Properties:
+    ### Implicit vs. Explicit Directories
 
--   Config: no_slash
--   Env Var: RCLONE_HTTP_NO_SLASH
--   Type: bool
--   Default: false
+    With NetStorage, directories can exist in one of two forms:
 
---http-no-head
+    1. **Explicit Directory**. This is an actual, physical directory that you have created in a storage group.
+    2. **Implicit Directory**. This refers to a directory within a path that has not been physically created. For example, during upload of a file, nonexistent subdirectories can be specified in the target path. NetStorage creates these as "implicit." While the directories aren't physically created, they exist implicitly and the noted path is connected with the uploaded file.
 
-Don't use HEAD requests.
+    Rclone will intercept all file uploads and mkdir commands for the NetStorage remote and will explicitly issue the mkdir command for each directory in the uploading path. This will help with the interoperability with the other Akamai services such as SFTP and the Content Management Shell (CMShell). Rclone will not guarantee correctness of operations with implicit directories which might have been created as a result of using an upload API directly.
 
-HEAD requests are mainly used to find file sizes in dir listing. If your
-site is being very slow to load then you can try this option. Normally
-rclone does a HEAD request for each potential file in a directory
-listing to:
+    ### `--fast-list` / ListR support
 
--   find its size
--   check it really exists
--   check to see if it is a directory
+    NetStorage remote supports the ListR feature by using the "list" NetStorage API action to return a lexicographical list of all objects within the specified CP code, recursing into subdirectories as they're encountered.
 
-If you set this option, rclone will not do the HEAD request. This will
-mean that directory listings are much quicker, but rclone won't have the
-times or sizes of any files, and some files that don't exist may be in
-the listing.
+    * **Rclone will use the ListR method for some commands by default**. Commands such as `lsf -R` will use ListR by default. To disable this, include the `--disable listR` option to use the non-recursive method of listing objects.
 
-Properties:
+    * **Rclone will not use the ListR method for some commands**. Commands such as `sync` don't use ListR by default. To force using the ListR method, include the  `--fast-list` option.
 
--   Config: no_head
--   Env Var: RCLONE_HTTP_NO_HEAD
--   Type: bool
--   Default: false
+    There are pros and cons of using the ListR method, refer to [rclone documentation](https://rclone.org/docs/#fast-list). In general, the sync command over an existing deep tree on the remote will run faster with the "--fast-list" flag but with extra memory usage as a side effect. It might also result in higher CPU utilization but the whole task can be completed faster.
 
-Limitations
+    **Note**: There is a known limitation that "lsf -R" will display number of files in the directory and directory size as -1 when ListR method is used. The workaround is to pass "--disable listR" flag if these numbers are important in the output.
 
-rclone about is not supported by the HTTP backend. Backends without this
-capability cannot determine free space for an rclone mount or use policy
-mfs (most free space) as a member of an rclone union remote.
+    ### Purge
 
-See List of backends that do not support rclone about and rclone about
+    NetStorage remote supports the purge feature by using the "quick-delete" NetStorage API action. The quick-delete action is disabled by default for security reasons and can be enabled for the account through the Akamai portal. Rclone will first try to use quick-delete action for the purge command and if this functionality is disabled then will fall back to a standard delete method.
 
-Internet Archive
+    **Note**: Read the [NetStorage Usage API](https://learn.akamai.com/en-us/webhelp/netstorage/netstorage-http-api-developer-guide/GUID-15836617-9F50-405A-833C-EA2556756A30.html) for considerations when using "quick-delete". In general, using quick-delete method will not delete the tree immediately and objects targeted for quick-delete may still be accessible.
 
-The Internet Archive backend utilizes Items on archive.org
 
-Refer to IAS3 API documentation for the API this backend uses.
+    ### Standard options
 
-Paths are specified as remote:bucket (or remote: for the lsd command.)
-You may put subdirectories in too, e.g. remote:item/path/to/dir.
+    Here are the Standard options specific to netstorage (Akamai NetStorage).
 
-Unlike S3, listing up all items uploaded by you isn't supported.
+    #### --netstorage-host
 
-Once you have made a remote, you can use it like this:
+    Domain+path of NetStorage host to connect to.
 
-Make a new item
+    Format should be `<domain>/<internal folders>`
 
-    rclone mkdir remote:item
+    Properties:
 
-List the contents of a item
+    - Config:      host
+    - Env Var:     RCLONE_NETSTORAGE_HOST
+    - Type:        string
+    - Required:    true
 
-    rclone ls remote:item
+    #### --netstorage-account
 
-Sync /home/local/directory to the remote item, deleting any excess files
-in the item.
+    Set the NetStorage account name
 
-    rclone sync --interactive /home/local/directory remote:item
+    Properties:
 
-Notes
+    - Config:      account
+    - Env Var:     RCLONE_NETSTORAGE_ACCOUNT
+    - Type:        string
+    - Required:    true
 
-Because of Internet Archive's architecture, it enqueues write operations
-(and extra post-processings) in a per-item queue. You can check item's
-queue at https://catalogd.archive.org/history/item-name-here . Because
-of that, all uploads/deletes will not show up immediately and takes some
-time to be available. The per-item queue is enqueued to an another
-queue, Item Deriver Queue. You can check the status of Item Deriver
-Queue here. This queue has a limit, and it may block you from uploading,
-or even deleting. You should avoid uploading a lot of small files for
-better behavior.
+    #### --netstorage-secret
 
-You can optionally wait for the server's processing to finish, by
-setting non-zero value to wait_archive key. By making it wait, rclone
-can do normal file comparison. Make sure to set a large enough value
-(e.g. 30m0s for smaller files) as it can take a long time depending on
-server's queue.
+    Set the NetStorage account secret/G2O key for authentication.
 
-About metadata
+    Please choose the 'y' option to set your own password then enter your secret.
 
-This backend supports setting, updating and reading metadata of each
-file. The metadata will appear as file metadata on Internet Archive.
-However, some fields are reserved by both Internet Archive and rclone.
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-The following are reserved by Internet Archive: - name - source - size -
-md5 - crc32 - sha1 - format - old_version - viruscheck - summation
+    Properties:
 
-Trying to set values to these keys is ignored with a warning. Only
-setting mtime is an exception. Doing so make it the identical behavior
-as setting ModTime.
+    - Config:      secret
+    - Env Var:     RCLONE_NETSTORAGE_SECRET
+    - Type:        string
+    - Required:    true
 
-rclone reserves all the keys starting with rclone-. Setting value for
-these keys will give you warnings, but values are set according to
-request.
+    ### Advanced options
 
-If there are multiple values for a key, only the first one is returned.
-This is a limitation of rclone, that supports one value per one key. It
-can be triggered when you did a server-side copy.
+    Here are the Advanced options specific to netstorage (Akamai NetStorage).
 
-Reading metadata will also provide custom (non-standard nor reserved)
-ones.
+    #### --netstorage-protocol
 
-Filtering auto generated files
+    Select between HTTP or HTTPS protocol.
 
-The Internet Archive automatically creates metadata files after upload.
-These can cause problems when doing an rclone sync as rclone will try,
-and fail, to delete them. These metadata files are not changeable, as
-they are created by the Internet Archive automatically.
+    Most users should choose HTTPS, which is the default.
+    HTTP is provided primarily for debugging purposes.
 
-These auto-created files can be excluded from the sync using metadata
-filtering.
+    Properties:
 
-    rclone sync ... --metadata-exclude "source=metadata" --metadata-exclude "format=Metadata"
+    - Config:      protocol
+    - Env Var:     RCLONE_NETSTORAGE_PROTOCOL
+    - Type:        string
+    - Default:     "https"
+    - Examples:
+        - "http"
+            - HTTP protocol
+        - "https"
+            - HTTPS protocol
 
-Which excludes from the sync any files which have the source=metadata or
-format=Metadata flags which are added to Internet Archive auto-created
-files.
+    ## Backend commands
 
-Configuration
+    Here are the commands specific to the netstorage backend.
 
-Here is an example of making an internetarchive configuration. Most
-applies to the other providers as well, any differences are described
-below.
+    Run them with
 
-First run
+        rclone backend COMMAND remote:
 
-    rclone config
+    The help below will explain what arguments each command takes.
 
-This will guide you through an interactive setup process.
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
+
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
+
+    ### du
+
+    Return disk usage information for a specified directory
+
+        rclone backend du remote: [options] [<arguments>+]
+
+    The usage information returned, includes the targeted directory as well as all
+    files stored in any sub-directories that may exist.
+
+    ### symlink
+
+    You can create a symbolic link in ObjectStore with the symlink action.
+
+        rclone backend symlink remote: [options] [<arguments>+]
+
+    The desired path location (including applicable sub-directories) ending in
+    the object that will be the target of the symlink (for example, /links/mylink).
+    Include the file extension for the object, if applicable.
+    `rclone backend symlink <src> <path>`
+
+
+
+    #  Microsoft Azure Blob Storage
+
+    Paths are specified as `remote:container` (or `remote:` for the `lsd`
+    command.)  You may put subdirectories in too, e.g.
+    `remote:container/path/to/dir`.
+
+    ## Configuration
+
+    Here is an example of making a Microsoft Azure Blob Storage
+    configuration.  For a remote called `remote`.  First run:
+
+         rclone config
+
+    This will guide you through an interactive setup process:
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Microsoft Azure Blob Storage  "azureblob" [snip] Storage> azureblob
+Storage Account Name account> account_name Storage Account Key key>
+base64encodedkey== Endpoint for the service - leave blank normally.
+endpoint> Remote config -------------------- [remote] account =
+account_name key = base64encodedkey== endpoint = -------------------- y)
+Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y
+
+
+    See all containers
+
+        rclone lsd remote:
+
+    Make a new container
+
+        rclone mkdir remote:container
+
+    List the contents of a container
+
+        rclone ls remote:container
+
+    Sync `/home/local/directory` to the remote container, deleting any excess
+    files in the container.
+
+        rclone sync --interactive /home/local/directory remote:container
+
+    ### --fast-list
+
+    This remote supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
+
+    ### Modification times and hashes
+
+    The modification time is stored as metadata on the object with the
+    `mtime` key.  It is stored using RFC3339 Format time with nanosecond
+    precision.  The metadata is supplied during directory listings so
+    there is no performance overhead to using it.
+
+    If you wish to use the Azure standard `LastModified` time stored on
+    the object as the modified time, then use the `--use-server-modtime`
+    flag. Note that rclone can't set `LastModified`, so using the
+    `--update` flag when syncing is recommended if using
+    `--use-server-modtime`.
+
+    MD5 hashes are stored with blobs. However blobs that were uploaded in
+    chunks only have an MD5 if the source remote was capable of MD5
+    hashes, e.g. the local disk.
+
+    ### Performance
+
+    When uploading large files, increasing the value of
+    `--azureblob-upload-concurrency` will increase performance at the cost
+    of using more memory. The default of 16 is set quite conservatively to
+    use less memory. It maybe be necessary raise it to 64 or higher to
+    fully utilize a 1 GBit/s link with a single file transfer.
+
+    ### Restricted filename characters
+
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | /         | 0x2F  | ／           |
+    | \         | 0x5C  | ＼           |
+
+    File names can also not end with the following characters.
+    These only get replaced if they are the last character in the name:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | .         | 0x2E  | ．          |
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
+
+    ### Authentication {#authentication}
+
+    There are a number of ways of supplying credentials for Azure Blob
+    Storage. Rclone tries them in the order of the sections below.
+
+    #### Env Auth
+
+    If the `env_auth` config parameter is `true` then rclone will pull
+    credentials from the environment or runtime.
+
+    It tries these authentication methods in this order:
+
+    1. Environment Variables
+    2. Managed Service Identity Credentials
+    3. Azure CLI credentials (as used by the az tool)
+
+    These are described in the following sections
+
+    ##### Env Auth: 1. Environment Variables
+
+    If `env_auth` is set and environment variables are present rclone
+    authenticates a service principal with a secret or certificate, or a
+    user with a password, depending on which environment variable are set.
+    It reads configuration from these variables, in the following order:
+
+    1. Service principal with client secret
+        - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+        - `AZURE_CLIENT_ID`: the service principal's client ID
+        - `AZURE_CLIENT_SECRET`: one of the service principal's client secrets
+    2. Service principal with certificate
+        - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+        - `AZURE_CLIENT_ID`: the service principal's client ID
+        - `AZURE_CLIENT_CERTIFICATE_PATH`: path to a PEM or PKCS12 certificate file including the private key.
+        - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+        - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
+    3. User with username and password
+        - `AZURE_TENANT_ID`: (optional) tenant to authenticate in. Defaults to "organizations".
+        - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
+        - `AZURE_USERNAME`: a username (usually an email address)
+        - `AZURE_PASSWORD`: the user's password
+    4. Workload Identity
+        - `AZURE_TENANT_ID`: Tenant to authenticate in.
+        - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+        - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+        - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
+
+    ##### Env Auth: 2. Managed Service Identity Credentials
+
+    When using Managed Service Identity if the VM(SS) on which this
+    program is running has a system-assigned identity, it will be used by
+    default. If the resource has no system-assigned but exactly one
+    user-assigned identity, the user-assigned identity will be used by
+    default.
+
+    If the resource has multiple user-assigned identities you will need to
+    unset `env_auth` and set `use_msi` instead. See the [`use_msi`
+    section](#use_msi).
+
+    ##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
+
+    Credentials created with the `az` tool can be picked up using `env_auth`.
+
+    For example if you were to login with a service principal like this:
+
+        az login --service-principal -u XXX -p XXX --tenant XXX
+
+    Then you could access rclone resources like this:
+
+        rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER
+
+    Or
+
+        rclone lsf --azureblob-env-auth --azureblob-account=ACCOUNT :azureblob:CONTAINER
+
+    Which is analogous to using the `az` tool:
+
+        az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login
+
+    #### Account and Shared Key
+
+    This is the most straight forward and least flexible way.  Just fill
+    in the `account` and `key` lines and leave the rest blank.
+
+    #### SAS URL
+
+    This can be an account level SAS URL or container level SAS URL.
+
+    To use it leave `account` and `key` blank and fill in `sas_url`.
+
+    An account level SAS URL or container level SAS URL can be obtained
+    from the Azure portal or the Azure Storage Explorer.  To get a
+    container level SAS URL right click on a container in the Azure Blob
+    explorer in the Azure portal.
+
+    If you use a container level SAS URL, rclone operations are permitted
+    only on a particular container, e.g.
+
+        rclone ls azureblob:container
+
+    You can also list the single container from the root. This will only
+    show the container specified by the SAS URL.
+
+        $ rclone lsd azureblob:
+        container/
+
+    Note that you can't see or access any other containers - this will
+    fail
+
+        rclone ls azureblob:othercontainer
+
+    Container level SAS URLs are useful for temporarily allowing third
+    parties access to a single container or putting credentials into an
+    untrusted environment such as a CI build server.
+
+    #### Service principal with client secret
+
+    If these variables are set, rclone will authenticate with a service principal with a client secret.
+
+    - `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `client_id`: the service principal's client ID
+    - `client_secret`: one of the service principal's client secrets
+
+    The credentials can also be placed in a file using the
+    `service_principal_file` configuration option.
+
+    #### Service principal with certificate
+
+    If these variables are set, rclone will authenticate with a service principal with certificate.
+
+    - `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `client_id`: the service principal's client ID
+    - `client_certificate_path`: path to a PEM or PKCS12 certificate file including the private key.
+    - `client_certificate_password`: (optional) password for the certificate file.
+    - `client_send_certificate_chain`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
+
+    **NB** `client_certificate_password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    #### User with username and password
+
+    If these variables are set, rclone will authenticate with username and password.
+
+    - `tenant`: (optional) tenant to authenticate in. Defaults to "organizations".
+    - `client_id`: client ID of the application the user will authenticate to
+    - `username`: a username (usually an email address)
+    - `password`: the user's password
+
+    Microsoft doesn't recommend this kind of authentication, because it's
+    less secure than other authentication flows. This method is not
+    interactive, so it isn't compatible with any form of multi-factor
+    authentication, and the application must already have user or admin
+    consent. This credential can only authenticate work and school
+    accounts; it can't authenticate Microsoft accounts.
+
+    **NB** `password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    #### Managed Service Identity Credentials {#use_msi}
+
+    If `use_msi` is set then managed service identity credentials are
+    used. This authentication only works when running in an Azure service.
+    `env_auth` needs to be unset to use this.
+
+    However if you have multiple user identities to choose from these must
+    be explicitly specified using exactly one of the `msi_object_id`,
+    `msi_client_id`, or `msi_mi_res_id` parameters.
+
+    If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
+    set, this is is equivalent to using `env_auth`.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to azureblob (Microsoft Azure Blob Storage).
+
+    #### --azureblob-account
+
+    Azure Storage Account Name.
+
+    Set this to the Azure Storage Account Name in use.
+
+    Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
+
+    If this is blank and if env_auth is set it will be read from the
+    environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
+
+
+    Properties:
+
+    - Config:      account
+    - Env Var:     RCLONE_AZUREBLOB_ACCOUNT
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-env-auth
+
+    Read credentials from runtime (environment variables, CLI or MSI).
+
+    See the [authentication docs](/azureblob#authentication) for full info.
+
+    Properties:
+
+    - Config:      env_auth
+    - Env Var:     RCLONE_AZUREBLOB_ENV_AUTH
+    - Type:        bool
+    - Default:     false
+
+    #### --azureblob-key
+
+    Storage Account Shared Key.
+
+    Leave blank to use SAS URL or Emulator.
+
+    Properties:
+
+    - Config:      key
+    - Env Var:     RCLONE_AZUREBLOB_KEY
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-sas-url
+
+    SAS URL for container level access only.
+
+    Leave blank if using account/key or Emulator.
+
+    Properties:
+
+    - Config:      sas_url
+    - Env Var:     RCLONE_AZUREBLOB_SAS_URL
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-tenant
+
+    ID of the service principal's tenant. Also called its directory ID.
+
+    Set this if using
+    - Service principal with client secret
+    - Service principal with certificate
+    - User with username and password
+
+
+    Properties:
+
+    - Config:      tenant
+    - Env Var:     RCLONE_AZUREBLOB_TENANT
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-client-id
+
+    The ID of the client in use.
+
+    Set this if using
+    - Service principal with client secret
+    - Service principal with certificate
+    - User with username and password
+
+
+    Properties:
+
+    - Config:      client_id
+    - Env Var:     RCLONE_AZUREBLOB_CLIENT_ID
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-client-secret
+
+    One of the service principal's client secrets
+
+    Set this if using
+    - Service principal with client secret
+
+
+    Properties:
+
+    - Config:      client_secret
+    - Env Var:     RCLONE_AZUREBLOB_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-client-certificate-path
+
+    Path to a PEM or PKCS12 certificate file including the private key.
+
+    Set this if using
+    - Service principal with certificate
+
+
+    Properties:
+
+    - Config:      client_certificate_path
+    - Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-client-certificate-password
+
+    Password for the certificate file (optional).
+
+    Optionally set this if using
+    - Service principal with certificate
+
+    And the certificate has a password.
+
+
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    Properties:
+
+    - Config:      client_certificate_password
+    - Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD
+    - Type:        string
+    - Required:    false
+
+    ### Advanced options
+
+    Here are the Advanced options specific to azureblob (Microsoft Azure Blob Storage).
+
+    #### --azureblob-client-send-certificate-chain
+
+    Send the certificate chain when using certificate auth.
+
+    Specifies whether an authentication request will include an x5c header
+    to support subject name / issuer based authentication. When set to
+    true, authentication requests include the x5c header.
+
+    Optionally set this if using
+    - Service principal with certificate
+
+
+    Properties:
+
+    - Config:      client_send_certificate_chain
+    - Env Var:     RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN
+    - Type:        bool
+    - Default:     false
+
+    #### --azureblob-username
+
+    User name (usually an email address)
+
+    Set this if using
+    - User with username and password
+
+
+    Properties:
+
+    - Config:      username
+    - Env Var:     RCLONE_AZUREBLOB_USERNAME
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-password
+
+    The user's password
+
+    Set this if using
+    - User with username and password
+
+
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    Properties:
+
+    - Config:      password
+    - Env Var:     RCLONE_AZUREBLOB_PASSWORD
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-service-principal-file
+
+    Path to file containing credentials for use with a service principal.
+
+    Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
+
+        $ az ad sp create-for-rbac --name "<name>" \
+          --role "Storage Blob Data Owner" \
+          --scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
+          > azure-principal.json
+
+    See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to blob data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+    It may be more convenient to put the credentials directly into the
+    rclone config file under the `client_id`, `tenant` and `client_secret`
+    keys instead of setting `service_principal_file`.
+
+
+    Properties:
+
+    - Config:      service_principal_file
+    - Env Var:     RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-use-msi
+
+    Use a managed service identity to authenticate (only works in Azure).
+
+    When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+    to authenticate to Azure Storage instead of a SAS token or account key.
+
+    If the VM(SS) on which this program is running has a system-assigned identity, it will
+    be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+    the user-assigned identity will be used by default. If the resource has multiple user-assigned
+    identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+    msi_client_id, or msi_mi_res_id parameters.
+
+    Properties:
+
+    - Config:      use_msi
+    - Env Var:     RCLONE_AZUREBLOB_USE_MSI
+    - Type:        bool
+    - Default:     false
+
+    #### --azureblob-msi-object-id
+
+    Object ID of the user-assigned MSI to use, if any.
+
+    Leave blank if msi_client_id or msi_mi_res_id specified.
+
+    Properties:
+
+    - Config:      msi_object_id
+    - Env Var:     RCLONE_AZUREBLOB_MSI_OBJECT_ID
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-msi-client-id
+
+    Object ID of the user-assigned MSI to use, if any.
+
+    Leave blank if msi_object_id or msi_mi_res_id specified.
+
+    Properties:
+
+    - Config:      msi_client_id
+    - Env Var:     RCLONE_AZUREBLOB_MSI_CLIENT_ID
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-msi-mi-res-id
+
+    Azure resource ID of the user-assigned MSI to use, if any.
+
+    Leave blank if msi_client_id or msi_object_id specified.
+
+    Properties:
+
+    - Config:      msi_mi_res_id
+    - Env Var:     RCLONE_AZUREBLOB_MSI_MI_RES_ID
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-use-emulator
+
+    Uses local storage emulator if provided as 'true'.
+
+    Leave blank if using real azure storage endpoint.
+
+    Properties:
+
+    - Config:      use_emulator
+    - Env Var:     RCLONE_AZUREBLOB_USE_EMULATOR
+    - Type:        bool
+    - Default:     false
+
+    #### --azureblob-endpoint
+
+    Endpoint for the service.
+
+    Leave blank normally.
+
+    Properties:
+
+    - Config:      endpoint
+    - Env Var:     RCLONE_AZUREBLOB_ENDPOINT
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-upload-cutoff
+
+    Cutoff for switching to chunked upload (<= 256 MiB) (deprecated).
+
+    Properties:
+
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_AZUREBLOB_UPLOAD_CUTOFF
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-chunk-size
+
+    Upload chunk size.
+
+    Note that this is stored in memory and there may be up to
+    "--transfers" * "--azureblob-upload-concurrency" chunks stored at once
+    in memory.
+
+    Properties:
+
+    - Config:      chunk_size
+    - Env Var:     RCLONE_AZUREBLOB_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     4Mi
+
+    #### --azureblob-upload-concurrency
+
+    Concurrency for multipart uploads.
+
+    This is the number of chunks of the same file that are uploaded
+    concurrently.
+
+    If you are uploading small numbers of large files over high-speed
+    links and these uploads do not fully utilize your bandwidth, then
+    increasing this may help to speed up the transfers.
+
+    In tests, upload speed increases almost linearly with upload
+    concurrency. For example to fill a gigabit pipe it may be necessary to
+    raise this to 64. Note that this will use more memory.
+
+    Note that chunks are stored in memory and there may be up to
+    "--transfers" * "--azureblob-upload-concurrency" chunks stored at once
+    in memory.
+
+    Properties:
+
+    - Config:      upload_concurrency
+    - Env Var:     RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY
+    - Type:        int
+    - Default:     16
+
+    #### --azureblob-list-chunk
+
+    Size of blob list.
+
+    This sets the number of blobs requested in each listing chunk. Default
+    is the maximum, 5000. "List blobs" requests are permitted 2 minutes
+    per megabyte to complete. If an operation is taking longer than 2
+    minutes per megabyte on average, it will time out (
+    [source](https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval)
+    ). This can be used to limit the number of blobs items to return, to
+    avoid the time out.
+
+    Properties:
+
+    - Config:      list_chunk
+    - Env Var:     RCLONE_AZUREBLOB_LIST_CHUNK
+    - Type:        int
+    - Default:     5000
+
+    #### --azureblob-access-tier
+
+    Access tier of blob: hot, cool, cold or archive.
+
+    Archived blobs can be restored by setting access tier to hot, cool or
+    cold. Leave blank if you intend to use default access tier, which is
+    set at account level
+
+    If there is no "access tier" specified, rclone doesn't apply any tier.
+    rclone performs "Set Tier" operation on blobs while uploading, if objects
+    are not modified, specifying "access tier" to new one will have no effect.
+    If blobs are in "archive tier" at remote, trying to perform data transfer
+    operations from remote will not be allowed. User should first restore by
+    tiering blob to "Hot", "Cool" or "Cold".
+
+    Properties:
+
+    - Config:      access_tier
+    - Env Var:     RCLONE_AZUREBLOB_ACCESS_TIER
+    - Type:        string
+    - Required:    false
+
+    #### --azureblob-archive-tier-delete
+
+    Delete archive tier blobs before overwriting.
+
+    Archive tier blobs cannot be updated. So without this flag, if you
+    attempt to update an archive tier blob, then rclone will produce the
+    error:
+
+        can't update archive tier blob without --azureblob-archive-tier-delete
+
+    With this flag set then before rclone attempts to overwrite an archive
+    tier blob, it will delete the existing blob before uploading its
+    replacement.  This has the potential for data loss if the upload fails
+    (unlike updating a normal blob) and also may cost more since deleting
+    archive tier blobs early may be chargable.
+
+
+    Properties:
+
+    - Config:      archive_tier_delete
+    - Env Var:     RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE
+    - Type:        bool
+    - Default:     false
+
+    #### --azureblob-disable-checksum
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Option Storage.
-    Type of storage to configure.
-    Choose a number from below, or type in your own value.
-    XX / InternetArchive Items
-       \ (internetarchive)
-    Storage> internetarchive
-    Option access_key_id.
-    IAS3 Access Key.
-    Leave blank for anonymous access.
-    You can find one here: https://archive.org/account/s3.php
-    Enter a value. Press Enter to leave empty.
-    access_key_id> XXXX
-    Option secret_access_key.
-    IAS3 Secret Key (password).
-    Leave blank for anonymous access.
-    Enter a value. Press Enter to leave empty.
-    secret_access_key> XXXX
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> y
-    Option endpoint.
-    IAS3 Endpoint.
-    Leave blank for default value.
-    Enter a string value. Press Enter for the default (https://s3.us.archive.org).
-    endpoint> 
-    Option front_endpoint.
-    Host of InternetArchive Frontend.
-    Leave blank for default value.
-    Enter a string value. Press Enter for the default (https://archive.org).
-    front_endpoint> 
-    Option disable_checksum.
     Don't store MD5 checksum with object metadata.
+
     Normally rclone will calculate the MD5 checksum of the input before
-    uploading it so it can ask the server to check the object against checksum.
-    This is great for data integrity checking but can cause long delays for
-    large files to start uploading.
-    Enter a boolean value (true or false). Press Enter for the default (true).
-    disable_checksum> true
-    Option encoding.
+    uploading it so it can add it to metadata on the object. This is great
+    for data integrity checking but can cause long delays for large files
+    to start uploading.
+
+    Properties:
+
+    - Config:      disable_checksum
+    - Env Var:     RCLONE_AZUREBLOB_DISABLE_CHECKSUM
+    - Type:        bool
+    - Default:     false
+
+    #### --azureblob-memory-pool-flush-time
+
+    How often internal memory buffer pools will be flushed. (no longer used)
+
+    Properties:
+
+    - Config:      memory_pool_flush_time
+    - Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME
+    - Type:        Duration
+    - Default:     1m0s
+
+    #### --azureblob-memory-pool-use-mmap
+
+    Whether to use mmap buffers in internal memory pool. (no longer used)
+
+    Properties:
+
+    - Config:      memory_pool_use_mmap
+    - Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP
+    - Type:        bool
+    - Default:     false
+
+    #### --azureblob-encoding
+
     The encoding for the backend.
+
     See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
-    Enter a encoder.MultiEncoder value. Press Enter for the default (Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot).
-    encoding> 
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> n
-    --------------------
-    [remote]
-    type = internetarchive
-    access_key_id = XXXX
-    secret_access_key = XXXX
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
 
-Standard options
+    Properties:
 
-Here are the Standard options specific to internetarchive (Internet
-Archive).
+    - Config:      encoding
+    - Env Var:     RCLONE_AZUREBLOB_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
 
---internetarchive-access-key-id
+    #### --azureblob-public-access
 
-IAS3 Access Key.
+    Public access level of a container: blob or container.
 
-Leave blank for anonymous access. You can find one here:
-https://archive.org/account/s3.php
+    Properties:
 
-Properties:
+    - Config:      public_access
+    - Env Var:     RCLONE_AZUREBLOB_PUBLIC_ACCESS
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - The container and its blobs can be accessed only with an authorized request.
+            - It's a default value.
+        - "blob"
+            - Blob data within this container can be read via anonymous request.
+        - "container"
+            - Allow full public read access for container and blob data.
 
--   Config: access_key_id
--   Env Var: RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID
--   Type: string
--   Required: false
+    #### --azureblob-directory-markers
 
---internetarchive-secret-access-key
+    Upload an empty object with a trailing slash when a new directory is created
 
-IAS3 Secret Key (password).
+    Empty folders are unsupported for bucket based remotes, this option
+    creates an empty object ending with "/", to persist the folder.
 
-Leave blank for anonymous access.
+    This object also has the metadata "hdi_isfolder = true" to conform to
+    the Microsoft standard.
+     
 
-Properties:
+    Properties:
 
--   Config: secret_access_key
--   Env Var: RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY
--   Type: string
--   Required: false
+    - Config:      directory_markers
+    - Env Var:     RCLONE_AZUREBLOB_DIRECTORY_MARKERS
+    - Type:        bool
+    - Default:     false
 
-Advanced options
+    #### --azureblob-no-check-container
 
-Here are the Advanced options specific to internetarchive (Internet
-Archive).
+    If set, don't attempt to check the container exists or create it.
 
---internetarchive-endpoint
+    This can be useful when trying to minimise the number of transactions
+    rclone does if you know the container exists already.
 
-IAS3 Endpoint.
 
-Leave blank for default value.
+    Properties:
 
-Properties:
+    - Config:      no_check_container
+    - Env Var:     RCLONE_AZUREBLOB_NO_CHECK_CONTAINER
+    - Type:        bool
+    - Default:     false
 
--   Config: endpoint
--   Env Var: RCLONE_INTERNETARCHIVE_ENDPOINT
--   Type: string
--   Default: "https://s3.us.archive.org"
+    #### --azureblob-no-head-object
 
---internetarchive-front-endpoint
+    If set, do not do HEAD before GET when getting objects.
 
-Host of InternetArchive Frontend.
+    Properties:
 
-Leave blank for default value.
+    - Config:      no_head_object
+    - Env Var:     RCLONE_AZUREBLOB_NO_HEAD_OBJECT
+    - Type:        bool
+    - Default:     false
 
-Properties:
 
--   Config: front_endpoint
--   Env Var: RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT
--   Type: string
--   Default: "https://archive.org"
 
---internetarchive-disable-checksum
+    ### Custom upload headers
 
-Don't ask the server to test against MD5 checksum calculated by rclone.
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can ask the server to check the object against
-checksum. This is great for data integrity checking but can cause long
-delays for large files to start uploading.
+    You can set custom upload headers with the `--header-upload` flag. 
 
-Properties:
+    - Cache-Control
+    - Content-Disposition
+    - Content-Encoding
+    - Content-Language
+    - Content-Type
 
--   Config: disable_checksum
--   Env Var: RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM
--   Type: bool
--   Default: true
+    Eg `--header-upload "Content-Type: text/potato"`
 
---internetarchive-wait-archive
+    ## Limitations
 
-Timeout for waiting the server's processing tasks (specifically archive
-and book_op) to finish. Only enable if you need to be guaranteed to be
-reflected after write operations. 0 to disable waiting. No errors to be
-thrown in case of timeout.
+    MD5 sums are only uploaded with chunked files if the source has an MD5
+    sum.  This will always be the case for a local to azure copy.
 
-Properties:
+    `rclone about` is not supported by the Microsoft Azure Blob storage backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
 
--   Config: wait_archive
--   Env Var: RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE
--   Type: Duration
--   Default: 0s
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
---internetarchive-encoding
+    ## Azure Storage Emulator Support
 
-The encoding for the backend.
+    You can run rclone with the storage emulator (usually _azurite_).
 
-See the encoding section in the overview for more info.
+    To do this, just set up a new remote with `rclone config` following
+    the instructions in the introduction and set `use_emulator` in the
+    advanced settings as `true`. You do not need to provide a default
+    account name nor an account key. But you can override them in the
+    `account` and `key` options. (Prior to v1.61 they were hard coded to
+    _azurite_'s `devstoreaccount1`.)
 
-Properties:
+    Also, if you want to access a storage emulator instance running on a
+    different machine, you can override the `endpoint` parameter in the
+    advanced settings, setting it to
+    `http(s)://<host>:<port>/devstoreaccount1`
+    (e.g. `http://10.254.2.5:10000/devstoreaccount1`).
 
--   Config: encoding
--   Env Var: RCLONE_INTERNETARCHIVE_ENCODING
--   Type: MultiEncoder
--   Default: Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
+    #  Microsoft Azure Files Storage
 
-Metadata
+    Paths are specified as `remote:` You may put subdirectories in too,
+    e.g. `remote:path/to/dir`.
 
-Metadata fields provided by Internet Archive. If there are multiple
-values for a key, only the first one is returned. This is a limitation
-of Rclone, that supports one value per one key.
+    ## Configuration
 
-Owner is able to add custom keys. Metadata feature grabs all the keys
-including them.
+    Here is an example of making a Microsoft Azure Files Storage
+    configuration.  For a remote called `remote`.  First run:
 
-Here are the possible system metadata items for the internetarchive
-backend.
+         rclone config
 
-  --------------------------------------------------------------------------------------------------------------------------------------
-  Name                  Help                               Type        Example                                      Read Only
-  --------------------- ---------------------------------- ----------- -------------------------------------------- --------------------
-  crc32                 CRC32 calculated by Internet       string      01234567                                     Y
-                        Archive                                                                                     
+    This will guide you through an interactive setup process:
 
-  format                Name of format identified by       string      Comma-Separated Values                       Y
-                        Internet Archive                                                                            
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Microsoft Azure Files Storage  "azurefiles" [snip]
 
-  md5                   MD5 hash calculated by Internet    string      01234567012345670123456701234567             Y
-                        Archive                                                                                     
+Option account. Azure Storage Account Name. Set this to the Azure
+Storage Account Name in use. Leave blank to use SAS URL or connection
+string, otherwise it needs to be set. If this is blank and if env_auth
+is set it will be read from the environment variable
+AZURE_STORAGE_ACCOUNT_NAME if possible. Enter a value. Press Enter to
+leave empty. account> account_name
 
-  mtime                 Time of last modification, managed RFC 3339    2006-01-02T15:04:05.999999999Z               Y
-                        by Rclone                                                                                   
+Option share_name. Azure Files Share Name. This is required and is the
+name of the share to access. Enter a value. Press Enter to leave empty.
+share_name> share_name
 
-  name                  Full file path, without the bucket filename    backend/internetarchive/internetarchive.go   Y
-                        part                                                                                        
+Option env_auth. Read credentials from runtime (environment variables,
+CLI or MSI). See the authentication docs for full info. Enter a boolean
+value (true or false). Press Enter for the default (false). env_auth>
 
-  old_version           Whether the file was replaced and  boolean     true                                         Y
-                        moved by keep-old-version flag                                                              
+Option key. Storage Account Shared Key. Leave blank to use SAS URL or
+connection string. Enter a value. Press Enter to leave empty. key>
+base64encodedkey==
 
-  rclone-ia-mtime       Time of last modification, managed RFC 3339    2006-01-02T15:04:05.999999999Z               N
-                        by Internet Archive                                                                         
+Option sas_url. SAS URL. Leave blank if using account/key or connection
+string. Enter a value. Press Enter to leave empty. sas_url>
 
-  rclone-mtime          Time of last modification, managed RFC 3339    2006-01-02T15:04:05.999999999Z               N
-                        by Rclone                                                                                   
+Option connection_string. Azure Files Connection String. Enter a value.
+Press Enter to leave empty. connection_string> [snip]
 
-  rclone-update-track   Random value used by Rclone for    string      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa             N
-                        tracking changes inside Internet                                                            
-                        Archive                                                                                     
+Configuration complete. Options: - type: azurefiles - account:
+account_name - share_name: share_name - key: base64encodedkey== Keep
+this "remote" remote? y) Yes this is OK (default) e) Edit this remote d)
+Delete this remote y/e/d>
 
-  sha1                  SHA1 hash calculated by Internet   string      0123456701234567012345670123456701234567     Y
-                        Archive                                                                                     
 
-  size                  File size in bytes                 decimal     123456                                       Y
-                                                           number                                                   
+    Once configured you can use rclone.
 
-  source                The source of the file             string      original                                     Y
+    See all files in the top level:
 
-  summation             Check                              string      md5                                          Y
-                        https://forum.rclone.org/t/31922                                                            
-                        for how it is used                                                                          
+        rclone lsf remote:
 
-  viruscheck            The last time viruscheck process   unixtime    1654191352                                   Y
-                        was run for the file (?)                                                                    
-  --------------------------------------------------------------------------------------------------------------------------------------
+    Make a new directory in the root:
 
-See the metadata docs for more info.
+        rclone mkdir remote:dir
 
-Jottacloud
+    Recursively List the contents:
 
-Jottacloud is a cloud storage service provider from a Norwegian company,
-using its own datacenters in Norway. In addition to the official service
-at jottacloud.com, it also provides white-label solutions to different
-companies, such as: * Telia * Telia Cloud (cloud.telia.se) * Telia Sky
-(sky.telia.no) * Tele2 * Tele2 Cloud (mittcloud.tele2.se) * Elkjøp (with
-subsidiaries): * Elkjøp Cloud (cloud.elkjop.no) * Elgiganten Sweden
-(cloud.elgiganten.se) * Elgiganten Denmark (cloud.elgiganten.dk) *
-Giganti Cloud (cloud.gigantti.fi) * ELKO Cloud (cloud.elko.is)
+        rclone ls remote:
 
-Most of the white-label versions are supported by this backend, although
-may require different authentication setup - described below.
+    Sync `/home/local/directory` to the remote directory, deleting any
+    excess files in the directory.
 
-Paths are specified as remote:path
+        rclone sync --interactive /home/local/directory remote:dir
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    ### Modified time
+
+    The modified time is stored as Azure standard `LastModified` time on
+    files
+
+    ### Performance
+
+    When uploading large files, increasing the value of
+    `--azurefiles-upload-concurrency` will increase performance at the cost
+    of using more memory. The default of 16 is set quite conservatively to
+    use less memory. It maybe be necessary raise it to 64 or higher to
+    fully utilize a 1 GBit/s link with a single file transfer.
+
+    ### Restricted filename characters
+
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | "         | 0x22  | ＂          |
+    | *         | 0x2A  | ＊          |
+    | :         | 0x3A  | ：          |
+    | <         | 0x3C  | ＜          |
+    | >         | 0x3E  | ＞          |
+    | ?         | 0x3F  | ？          |
+    | \         | 0x5C  | ＼          |
+    | \|        | 0x7C  | ｜          |
+
+    File names can also not end with the following characters.
+    These only get replaced if they are the last character in the name:
+
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | .         | 0x2E  | ．          |
+
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
+
+    ### Hashes
+
+    MD5 hashes are stored with files. Not all files will have MD5 hashes
+    as these have to be uploaded with the file.
+
+    ### Authentication {#authentication}
+
+    There are a number of ways of supplying credentials for Azure Files
+    Storage. Rclone tries them in the order of the sections below.
+
+    #### Env Auth
+
+    If the `env_auth` config parameter is `true` then rclone will pull
+    credentials from the environment or runtime.
+
+    It tries these authentication methods in this order:
+
+    1. Environment Variables
+    2. Managed Service Identity Credentials
+    3. Azure CLI credentials (as used by the az tool)
+
+    These are described in the following sections
+
+    ##### Env Auth: 1. Environment Variables
+
+    If `env_auth` is set and environment variables are present rclone
+    authenticates a service principal with a secret or certificate, or a
+    user with a password, depending on which environment variable are set.
+    It reads configuration from these variables, in the following order:
+
+    1. Service principal with client secret
+        - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+        - `AZURE_CLIENT_ID`: the service principal's client ID
+        - `AZURE_CLIENT_SECRET`: one of the service principal's client secrets
+    2. Service principal with certificate
+        - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+        - `AZURE_CLIENT_ID`: the service principal's client ID
+        - `AZURE_CLIENT_CERTIFICATE_PATH`: path to a PEM or PKCS12 certificate file including the private key.
+        - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+        - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
+    3. User with username and password
+        - `AZURE_TENANT_ID`: (optional) tenant to authenticate in. Defaults to "organizations".
+        - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
+        - `AZURE_USERNAME`: a username (usually an email address)
+        - `AZURE_PASSWORD`: the user's password
+    4. Workload Identity
+        - `AZURE_TENANT_ID`: Tenant to authenticate in.
+        - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+        - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+        - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
+
+    ##### Env Auth: 2. Managed Service Identity Credentials
+
+    When using Managed Service Identity if the VM(SS) on which this
+    program is running has a system-assigned identity, it will be used by
+    default. If the resource has no system-assigned but exactly one
+    user-assigned identity, the user-assigned identity will be used by
+    default.
+
+    If the resource has multiple user-assigned identities you will need to
+    unset `env_auth` and set `use_msi` instead. See the [`use_msi`
+    section](#use_msi).
+
+    ##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
+
+    Credentials created with the `az` tool can be picked up using `env_auth`.
+
+    For example if you were to login with a service principal like this:
+
+        az login --service-principal -u XXX -p XXX --tenant XXX
+
+    Then you could access rclone resources like this:
+
+        rclone lsf :azurefiles,env_auth,account=ACCOUNT:
+
+    Or
+
+        rclone lsf --azurefiles-env-auth --azurefiles-account=ACCOUNT :azurefiles:
+
+    #### Account and Shared Key
+
+    This is the most straight forward and least flexible way.  Just fill
+    in the `account` and `key` lines and leave the rest blank.
+
+    #### SAS URL
+
+    To use it leave `account`, `key` and `connection_string` blank and fill in `sas_url`.
+
+    #### Connection String
+
+    To use it leave `account`, `key` and "sas_url" blank and fill in `connection_string`.
+
+    #### Service principal with client secret
+
+    If these variables are set, rclone will authenticate with a service principal with a client secret.
+
+    - `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `client_id`: the service principal's client ID
+    - `client_secret`: one of the service principal's client secrets
+
+    The credentials can also be placed in a file using the
+    `service_principal_file` configuration option.
+
+    #### Service principal with certificate
+
+    If these variables are set, rclone will authenticate with a service principal with certificate.
+
+    - `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `client_id`: the service principal's client ID
+    - `client_certificate_path`: path to a PEM or PKCS12 certificate file including the private key.
+    - `client_certificate_password`: (optional) password for the certificate file.
+    - `client_send_certificate_chain`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
+
+    **NB** `client_certificate_password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    #### User with username and password
+
+    If these variables are set, rclone will authenticate with username and password.
+
+    - `tenant`: (optional) tenant to authenticate in. Defaults to "organizations".
+    - `client_id`: client ID of the application the user will authenticate to
+    - `username`: a username (usually an email address)
+    - `password`: the user's password
+
+    Microsoft doesn't recommend this kind of authentication, because it's
+    less secure than other authentication flows. This method is not
+    interactive, so it isn't compatible with any form of multi-factor
+    authentication, and the application must already have user or admin
+    consent. This credential can only authenticate work and school
+    accounts; it can't authenticate Microsoft accounts.
+
+    **NB** `password` must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+    #### Managed Service Identity Credentials {#use_msi}
+
+    If `use_msi` is set then managed service identity credentials are
+    used. This authentication only works when running in an Azure service.
+    `env_auth` needs to be unset to use this.
+
+    However if you have multiple user identities to choose from these must
+    be explicitly specified using exactly one of the `msi_object_id`,
+    `msi_client_id`, or `msi_mi_res_id` parameters.
+
+    If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
+    set, this is is equivalent to using `env_auth`.
+
+
+    ### Standard options
+
+    Here are the Standard options specific to azurefiles (Microsoft Azure Files).
+
+    #### --azurefiles-account
+
+    Azure Storage Account Name.
+
+    Set this to the Azure Storage Account Name in use.
+
+    Leave blank to use SAS URL or connection string, otherwise it needs to be set.
+
+    If this is blank and if env_auth is set it will be read from the
+    environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
+
+
+    Properties:
+
+    - Config:      account
+    - Env Var:     RCLONE_AZUREFILES_ACCOUNT
+    - Type:        string
+    - Required:    false
+
+    #### --azurefiles-share-name
+
+    Azure Files Share Name.
+
+    This is required and is the name of the share to access.
+
+
+    Properties:
+
+    - Config:      share_name
+    - Env Var:     RCLONE_AZUREFILES_SHARE_NAME
+    - Type:        string
+    - Required:    false
+
+    #### --azurefiles-env-auth
+
+    Read credentials from runtime (environment variables, CLI or MSI).
+
+    See the [authentication docs](/azurefiles#authentication) for full info.
+
+    Properties:
+
+    - Config:      env_auth
+    - Env Var:     RCLONE_AZUREFILES_ENV_AUTH
+    - Type:        bool
+    - Default:     false
+
+    #### --azurefiles-key
+
+    Storage Account Shared Key.
+
+    Leave blank to use SAS URL or connection string.
+
+    Properties:
+
+    - Config:      key
+    - Env Var:     RCLONE_AZUREFILES_KEY
+    - Type:        string
+    - Required:    false
+
+    #### --azurefiles-sas-url
+
+    SAS URL.
+
+    Leave blank if using account/key or connection string.
 
-Authentication types
-
-Some of the whitelabel versions uses a different authentication method
-than the official service, and you have to choose the correct one when
-setting up the remote.
-
-Standard authentication
-
-The standard authentication method used by the official service
-(jottacloud.com), as well as some of the whitelabel services, requires
-you to generate a single-use personal login token from the account
-security settings in the service's web interface. Log in to your
-account, go to "Settings" and then "Security", or use the direct link
-presented to you by rclone when configuring the remote:
-https://www.jottacloud.com/web/secure. Scroll down to the section
-"Personal login token", and click the "Generate" button. Note that if
-you are using a whitelabel service you probably can't use the direct
-link, you need to find the same page in their dedicated web interface,
-and also it may be in a different location than described above.
-
-To access your account from multiple instances of rclone, you need to
-configure each of them with a separate personal login token. E.g. you
-create a Jottacloud remote with rclone in one location, and copy the
-configuration file to a second location where you also want to run
-rclone and access the same remote. Then you need to replace the token
-for one of them, using the config reconnect command, which requires you
-to generate a new personal login token and supply as input. If you do
-not do this, the token may easily end up being invalidated, resulting in
-both instances failing with an error message something along the lines
-of:
-
-    oauth2: cannot fetch token: 400 Bad Request
-    Response: {"error":"invalid_grant","error_description":"Stale token"}
-
-When this happens, you need to replace the token as described above to
-be able to use your remote again.
-
-All personal login tokens you have taken into use will be listed in the
-web interface under "My logged in devices", and from the right side of
-that list you can click the "X" button to revoke individual tokens.
-
-Legacy authentication
-
-If you are using one of the whitelabel versions (e.g. from Elkjøp) you
-may not have the option to generate a CLI token. In this case you'll
-have to use the legacy authentication. To do this select yes when the
-setup asks for legacy authentication and enter your username and
-password. The rest of the setup is identical to the default setup.
-
-Telia Cloud authentication
-
-Similar to other whitelabel versions Telia Cloud doesn't offer the
-option of creating a CLI token, and additionally uses a separate
-authentication flow where the username is generated internally. To setup
-rclone to use Telia Cloud, choose Telia Cloud authentication in the
-setup. The rest of the setup is identical to the default setup.
-
-Tele2 Cloud authentication
-
-As Tele2-Com Hem merger was completed this authentication can be used
-for former Com Hem Cloud and Tele2 Cloud customers as no support for
-creating a CLI token exists, and additionally uses a separate
-authentication flow where the username is generated internally. To setup
-rclone to use Tele2 Cloud, choose Tele2 Cloud authentication in the
-setup. The rest of the setup is identical to the default setup.
+    Properties:
 
-Configuration
+    - Config:      sas_url
+    - Env Var:     RCLONE_AZUREFILES_SAS_URL
+    - Type:        string
+    - Required:    false
 
-Here is an example of how to make a remote called remote with the
-default setup. First run:
+    #### --azurefiles-connection-string
 
-    rclone config
+    Azure Files Connection String.
 
-This will guide you through an interactive setup process:
+    Properties:
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Option Storage.
-    Type of storage to configure.
-    Choose a number from below, or type in your own value.
-    [snip]
-    XX / Jottacloud
-       \ (jottacloud)
-    [snip]
-    Storage> jottacloud
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> n
-    Option config_type.
-    Select authentication type.
-    Choose a number from below, or type in an existing string value.
-    Press Enter for the default (standard).
-       / Standard authentication.
-     1 | Use this if you're a normal Jottacloud user.
-       \ (standard)
-       / Legacy authentication.
-     2 | This is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.
-       \ (legacy)
-       / Telia Cloud authentication.
-     3 | Use this if you are using Telia Cloud.
-       \ (telia)
-       / Tele2 Cloud authentication.
-     4 | Use this if you are using Tele2 Cloud.
-       \ (tele2)
-    config_type> 1
-    Personal login token.
-    Generate here: https://www.jottacloud.com/web/secure
-    Login Token> <your token here>
-    Use a non-standard device/mountpoint?
-    Choosing no, the default, will let you access the storage used for the archive
-    section of the official Jottacloud client. If you instead want to access the
-    sync or the backup section, for example, you must choose yes.
-    y) Yes
-    n) No (default)
-    y/n> y
-    Option config_device.
-    The device to use. In standard setup the built-in Jotta device is used,
-    which contains predefined mountpoints for archive, sync etc. All other devices
-    are treated as backup devices by the official Jottacloud client. You may create
-    a new by entering a unique name.
-    Choose a number from below, or type in your own string value.
-    Press Enter for the default (DESKTOP-3H31129).
-     1 > DESKTOP-3H31129
-     2 > Jotta
-    config_device> 2
-    Option config_mountpoint.
-    The mountpoint to use for the built-in device Jotta.
-    The standard setup is to use the Archive mountpoint. Most other mountpoints
-    have very limited support in rclone and should generally be avoided.
-    Choose a number from below, or type in an existing string value.
-    Press Enter for the default (Archive).
-     1 > Archive
-     2 > Shared
-     3 > Sync
-    config_mountpoint> 1
-    --------------------
-    [remote]
-    type = jottacloud
-    configVersion = 1
-    client_id = jottacli
-    client_secret =
-    tokenURL = https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token
-    token = {........}
-    username = 2940e57271a93d987d6f8a21
-    device = Jotta
-    mountpoint = Archive
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    - Config:      connection_string
+    - Env Var:     RCLONE_AZUREFILES_CONNECTION_STRING
+    - Type:        string
+    - Required:    false
 
-Once configured you can then use rclone like this,
+    #### --azurefiles-tenant
 
-List directories in top level of your Jottacloud
+    ID of the service principal's tenant. Also called its directory ID.
 
-    rclone lsd remote:
+    Set this if using
+    - Service principal with client secret
+    - Service principal with certificate
+    - User with username and password
 
-List all the files in your Jottacloud
 
-    rclone ls remote:
+    Properties:
 
-To copy a local directory to an Jottacloud directory called backup
+    - Config:      tenant
+    - Env Var:     RCLONE_AZUREFILES_TENANT
+    - Type:        string
+    - Required:    false
 
-    rclone copy /home/source remote:backup
+    #### --azurefiles-client-id
 
-Devices and Mountpoints
-
-The official Jottacloud client registers a device for each computer you
-install it on, and shows them in the backup section of the user
-interface. For each folder you select for backup it will create a
-mountpoint within this device. A built-in device called Jotta is
-special, and contains mountpoints Archive, Sync and some others, used
-for corresponding features in official clients.
-
-With rclone you'll want to use the standard Jotta/Archive
-device/mountpoint in most cases. However, you may for example want to
-access files from the sync or backup functionality provided by the
-official clients, and rclone therefore provides the option to select
-other devices and mountpoints during config.
-
-You are allowed to create new devices and mountpoints. All devices
-except the built-in Jotta device are treated as backup devices by
-official Jottacloud clients, and the mountpoints on them are individual
-backup sets.
-
-With the built-in Jotta device, only existing, built-in, mountpoints can
-be selected. In addition to the mentioned Archive and Sync, it may
-contain several other mountpoints such as: Latest, Links, Shared and
-Trash. All of these are special mountpoints with a different internal
-representation than the "regular" mountpoints. Rclone will only to a
-very limited degree support them. Generally you should avoid these,
-unless you know what you are doing.
+    The ID of the client in use.
 
---fast-list
+    Set this if using
+    - Service principal with client secret
+    - Service principal with certificate
+    - User with username and password
 
-This remote supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details.
 
-Note that the implementation in Jottacloud always uses only a single API
-request to get the entire list, so for large folders this could lead to
-long wait time before the first results are shown.
+    Properties:
 
-Note also that with rclone version 1.58 and newer information about MIME
-types are not available when using --fast-list.
+    - Config:      client_id
+    - Env Var:     RCLONE_AZUREFILES_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-Modified time and hashes
+    #### --azurefiles-client-secret
 
-Jottacloud allows modification times to be set on objects accurate to 1
-second. These will be used to detect whether objects need syncing or
-not.
+    One of the service principal's client secrets
 
-Jottacloud supports MD5 type hashes, so you can use the --checksum flag.
+    Set this if using
+    - Service principal with client secret
 
-Note that Jottacloud requires the MD5 hash before upload so if the
-source does not have an MD5 checksum then the file will be cached
-temporarily on disk (in location given by --temp-dir) before it is
-uploaded. Small files will be cached in memory - see the
---jottacloud-md5-memory-limit flag. When uploading from local disk the
-source checksum is always available, so this does not apply. Starting
-with rclone version 1.52 the same is true for crypted remotes (in older
-versions the crypt backend would not calculate hashes for uploads from
-local disk, so the Jottacloud backend had to do it as described above).
 
-Restricted filename characters
+    Properties:
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    - Config:      client_secret
+    - Env Var:     RCLONE_AZUREFILES_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  "            0x22        ＂
-  *            0x2A        ＊
-  :            0x3A        ：
-  <            0x3C        ＜
-  >            0x3E        ＞
-  ?            0x3F        ？
-  |            0x7C        ｜
+    #### --azurefiles-client-certificate-path
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in XML
-strings.
+    Path to a PEM or PKCS12 certificate file including the private key.
 
-Deleting files
+    Set this if using
+    - Service principal with certificate
 
-By default, rclone will send all files to the trash when deleting files.
-They will be permanently deleted automatically after 30 days. You may
-bypass the trash and permanently delete files immediately by using the
---jottacloud-hard-delete flag, or set the equivalent environment
-variable. Emptying the trash is supported by the cleanup command.
 
-Versions
+    Properties:
 
-Jottacloud supports file versioning. When rclone uploads a new version
-of a file it creates a new version of it. Currently rclone only supports
-retrieving the current version but older versions can be accessed via
-the Jottacloud Website.
+    - Config:      client_certificate_path
+    - Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PATH
+    - Type:        string
+    - Required:    false
 
-Versioning can be disabled by --jottacloud-no-versions option. This is
-achieved by deleting the remote file prior to uploading a new version.
-If the upload the fails no version of the file will be available in the
-remote.
+    #### --azurefiles-client-certificate-password
 
-Quota information
+    Password for the certificate file (optional).
 
-To view your current quota you can use the rclone about remote: command
-which will display your usage limit (unless it is unlimited) and the
-current usage.
+    Optionally set this if using
+    - Service principal with certificate
 
-Advanced options
+    And the certificate has a password.
 
-Here are the Advanced options specific to jottacloud (Jottacloud).
 
---jottacloud-md5-memory-limit
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-Files bigger than this will be cached on disk to calculate the MD5 if
-required.
+    Properties:
 
-Properties:
+    - Config:      client_certificate_password
+    - Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PASSWORD
+    - Type:        string
+    - Required:    false
 
--   Config: md5_memory_limit
--   Env Var: RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT
--   Type: SizeSuffix
--   Default: 10Mi
+    ### Advanced options
 
---jottacloud-trashed-only
+    Here are the Advanced options specific to azurefiles (Microsoft Azure Files).
 
-Only show files that are in the trash.
+    #### --azurefiles-client-send-certificate-chain
 
-This will show trashed files in their original directory structure.
+    Send the certificate chain when using certificate auth.
 
-Properties:
+    Specifies whether an authentication request will include an x5c header
+    to support subject name / issuer based authentication. When set to
+    true, authentication requests include the x5c header.
 
--   Config: trashed_only
--   Env Var: RCLONE_JOTTACLOUD_TRASHED_ONLY
--   Type: bool
--   Default: false
+    Optionally set this if using
+    - Service principal with certificate
 
---jottacloud-hard-delete
 
-Delete files permanently rather than putting them into the trash.
+    Properties:
 
-Properties:
+    - Config:      client_send_certificate_chain
+    - Env Var:     RCLONE_AZUREFILES_CLIENT_SEND_CERTIFICATE_CHAIN
+    - Type:        bool
+    - Default:     false
 
--   Config: hard_delete
--   Env Var: RCLONE_JOTTACLOUD_HARD_DELETE
--   Type: bool
--   Default: false
+    #### --azurefiles-username
 
---jottacloud-upload-resume-limit
+    User name (usually an email address)
 
-Files bigger than this can be resumed if the upload fail's.
+    Set this if using
+    - User with username and password
 
-Properties:
 
--   Config: upload_resume_limit
--   Env Var: RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT
--   Type: SizeSuffix
--   Default: 10Mi
+    Properties:
 
---jottacloud-no-versions
+    - Config:      username
+    - Env Var:     RCLONE_AZUREFILES_USERNAME
+    - Type:        string
+    - Required:    false
 
-Avoid server side versioning by deleting files and recreating files
-instead of overwriting them.
+    #### --azurefiles-password
 
-Properties:
+    The user's password
 
--   Config: no_versions
--   Env Var: RCLONE_JOTTACLOUD_NO_VERSIONS
--   Type: bool
--   Default: false
+    Set this if using
+    - User with username and password
 
---jottacloud-encoding
 
-The encoding for the backend.
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-See the encoding section in the overview for more info.
+    Properties:
 
-Properties:
+    - Config:      password
+    - Env Var:     RCLONE_AZUREFILES_PASSWORD
+    - Type:        string
+    - Required:    false
 
--   Config: encoding
--   Env Var: RCLONE_JOTTACLOUD_ENCODING
--   Type: MultiEncoder
--   Default:
-    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
+    #### --azurefiles-service-principal-file
 
-Limitations
+    Path to file containing credentials for use with a service principal.
 
-Note that Jottacloud is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+    Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
 
-There are quite a few characters that can't be in Jottacloud file names.
-Rclone will map these names to and from an identical looking unicode
-equivalent. For example if a file has a ? in it will be mapped to ？
-instead.
+        $ az ad sp create-for-rbac --name "<name>" \
+          --role "Storage Files Data Owner" \
+          --scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
+          > azure-principal.json
 
-Jottacloud only supports filenames up to 255 characters in length.
+    See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to files data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
 
-Troubleshooting
+    **NB** this section needs updating for Azure Files - pull requests appreciated!
 
-Jottacloud exhibits some inconsistent behaviours regarding deleted files
-and folders which may cause Copy, Move and DirMove operations to
-previously deleted paths to fail. Emptying the trash should help in such
-cases.
+    It may be more convenient to put the credentials directly into the
+    rclone config file under the `client_id`, `tenant` and `client_secret`
+    keys instead of setting `service_principal_file`.
 
-Koofr
 
-Paths are specified as remote:path
+    Properties:
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    - Config:      service_principal_file
+    - Env Var:     RCLONE_AZUREFILES_SERVICE_PRINCIPAL_FILE
+    - Type:        string
+    - Required:    false
 
-Configuration
+    #### --azurefiles-use-msi
 
-The initial setup for Koofr involves creating an application password
-for rclone. You can do that by opening the Koofr web application, giving
-the password a nice name like rclone and clicking on generate.
+    Use a managed service identity to authenticate (only works in Azure).
 
-Here is an example of how to make a remote called koofr. First run:
+    When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+    to authenticate to Azure Storage instead of a SAS token or account key.
 
-     rclone config
+    If the VM(SS) on which this program is running has a system-assigned identity, it will
+    be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+    the user-assigned identity will be used by default. If the resource has multiple user-assigned
+    identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+    msi_client_id, or msi_mi_res_id parameters.
 
-This will guide you through an interactive setup process:
+    Properties:
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> koofr
-    Option Storage.
-    Type of storage to configure.
-    Choose a number from below, or type in your own value.
-    [snip]
-    22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-       \ (koofr)
-    [snip]
-    Storage> koofr
-    Option provider.
-    Choose your storage provider.
-    Choose a number from below, or type in your own value.
-    Press Enter to leave empty.
-     1 / Koofr, https://app.koofr.net/
-       \ (koofr)
-     2 / Digi Storage, https://storage.rcs-rds.ro/
-       \ (digistorage)
-     3 / Any other Koofr API compatible storage service
-       \ (other)
-    provider> 1    
-    Option user.
-    Your user name.
-    Enter a value.
-    user> USERNAME
-    Option password.
-    Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
-    Choose an alternative below.
-    y) Yes, type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> n
-    Remote config
-    --------------------
-    [koofr]
-    type = koofr
-    provider = koofr
-    user = USERNAME
-    password = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    - Config:      use_msi
+    - Env Var:     RCLONE_AZUREFILES_USE_MSI
+    - Type:        bool
+    - Default:     false
 
-You can choose to edit advanced config in order to enter your own
-service URL if you use an on-premise or white label Koofr instance, or
-choose an alternative mount instead of your primary storage.
+    #### --azurefiles-msi-object-id
 
-Once configured you can then use rclone like this,
+    Object ID of the user-assigned MSI to use, if any.
 
-List directories in top level of your Koofr
+    Leave blank if msi_client_id or msi_mi_res_id specified.
 
-    rclone lsd koofr:
+    Properties:
 
-List all the files in your Koofr
+    - Config:      msi_object_id
+    - Env Var:     RCLONE_AZUREFILES_MSI_OBJECT_ID
+    - Type:        string
+    - Required:    false
 
-    rclone ls koofr:
+    #### --azurefiles-msi-client-id
 
-To copy a local directory to an Koofr directory called backup
+    Object ID of the user-assigned MSI to use, if any.
 
-    rclone copy /home/source koofr:backup
+    Leave blank if msi_object_id or msi_mi_res_id specified.
 
-Restricted filename characters
+    Properties:
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    - Config:      msi_client_id
+    - Env Var:     RCLONE_AZUREFILES_MSI_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  \            0x5C        ＼
+    #### --azurefiles-msi-mi-res-id
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in XML
-strings.
+    Azure resource ID of the user-assigned MSI to use, if any.
 
-Standard options
+    Leave blank if msi_client_id or msi_object_id specified.
 
-Here are the Standard options specific to koofr (Koofr, Digi Storage and
-other Koofr-compatible storage providers).
+    Properties:
 
---koofr-provider
+    - Config:      msi_mi_res_id
+    - Env Var:     RCLONE_AZUREFILES_MSI_MI_RES_ID
+    - Type:        string
+    - Required:    false
 
-Choose your storage provider.
+    #### --azurefiles-endpoint
 
-Properties:
+    Endpoint for the service.
 
--   Config: provider
--   Env Var: RCLONE_KOOFR_PROVIDER
--   Type: string
--   Required: false
--   Examples:
-    -   "koofr"
-        -   Koofr, https://app.koofr.net/
-    -   "digistorage"
-        -   Digi Storage, https://storage.rcs-rds.ro/
-    -   "other"
-        -   Any other Koofr API compatible storage service
+    Leave blank normally.
 
---koofr-endpoint
+    Properties:
 
-The Koofr API endpoint to use.
+    - Config:      endpoint
+    - Env Var:     RCLONE_AZUREFILES_ENDPOINT
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --azurefiles-chunk-size
 
--   Config: endpoint
--   Env Var: RCLONE_KOOFR_ENDPOINT
--   Provider: other
--   Type: string
--   Required: true
+    Upload chunk size.
 
---koofr-user
+    Note that this is stored in memory and there may be up to
+    "--transfers" * "--azurefile-upload-concurrency" chunks stored at once
+    in memory.
 
-Your user name.
+    Properties:
 
-Properties:
+    - Config:      chunk_size
+    - Env Var:     RCLONE_AZUREFILES_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     4Mi
 
--   Config: user
--   Env Var: RCLONE_KOOFR_USER
--   Type: string
--   Required: true
+    #### --azurefiles-upload-concurrency
 
---koofr-password
+    Concurrency for multipart uploads.
 
-Your password for rclone (generate one at
-https://app.koofr.net/app/admin/preferences/password).
+    This is the number of chunks of the same file that are uploaded
+    concurrently.
 
-NB Input to this must be obscured - see rclone obscure.
+    If you are uploading small numbers of large files over high-speed
+    links and these uploads do not fully utilize your bandwidth, then
+    increasing this may help to speed up the transfers.
 
-Properties:
+    Note that chunks are stored in memory and there may be up to
+    "--transfers" * "--azurefile-upload-concurrency" chunks stored at once
+    in memory.
 
--   Config: password
--   Env Var: RCLONE_KOOFR_PASSWORD
--   Provider: koofr
--   Type: string
--   Required: true
+    Properties:
 
---koofr-password
+    - Config:      upload_concurrency
+    - Env Var:     RCLONE_AZUREFILES_UPLOAD_CONCURRENCY
+    - Type:        int
+    - Default:     16
 
-Your password for rclone (generate one at
-https://storage.rcs-rds.ro/app/admin/preferences/password).
+    #### --azurefiles-max-stream-size
 
-NB Input to this must be obscured - see rclone obscure.
+    Max size for streamed files.
 
-Properties:
+    Azure files needs to know in advance how big the file will be. When
+    rclone doesn't know it uses this value instead.
 
--   Config: password
--   Env Var: RCLONE_KOOFR_PASSWORD
--   Provider: digistorage
--   Type: string
--   Required: true
+    This will be used when rclone is streaming data, the most common uses are:
 
---koofr-password
+    - Uploading files with `--vfs-cache-mode off` with `rclone mount`
+    - Using `rclone rcat`
+    - Copying files with unknown length
 
-Your password for rclone (generate one at your service's settings page).
+    You will need this much free space in the share as the file will be this size temporarily.
 
-NB Input to this must be obscured - see rclone obscure.
 
-Properties:
+    Properties:
 
--   Config: password
--   Env Var: RCLONE_KOOFR_PASSWORD
--   Provider: other
--   Type: string
--   Required: true
+    - Config:      max_stream_size
+    - Env Var:     RCLONE_AZUREFILES_MAX_STREAM_SIZE
+    - Type:        SizeSuffix
+    - Default:     10Gi
 
-Advanced options
+    #### --azurefiles-encoding
 
-Here are the Advanced options specific to koofr (Koofr, Digi Storage and
-other Koofr-compatible storage providers).
+    The encoding for the backend.
 
---koofr-mountid
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Mount ID of the mount to use.
+    Properties:
 
-If omitted, the primary mount is used.
+    - Config:      encoding
+    - Env Var:     RCLONE_AZUREFILES_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot
 
-Properties:
 
--   Config: mountid
--   Env Var: RCLONE_KOOFR_MOUNTID
--   Type: string
--   Required: false
 
---koofr-setmtime
+    ### Custom upload headers
 
-Does the backend support setting modification time.
+    You can set custom upload headers with the `--header-upload` flag. 
 
-Set this to false if you use a mount ID that points to a Dropbox or
-Amazon Drive backend.
+    - Cache-Control
+    - Content-Disposition
+    - Content-Encoding
+    - Content-Language
+    - Content-Type
 
-Properties:
+    Eg `--header-upload "Content-Type: text/potato"`
 
--   Config: setmtime
--   Env Var: RCLONE_KOOFR_SETMTIME
--   Type: bool
--   Default: true
+    ## Limitations
 
---koofr-encoding
+    MD5 sums are only uploaded with chunked files if the source has an MD5
+    sum.  This will always be the case for a local to azure copy.
 
-The encoding for the backend.
+    #  Microsoft OneDrive
 
-See the encoding section in the overview for more info.
+    Paths are specified as `remote:path`
 
-Properties:
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
--   Config: encoding
--   Env Var: RCLONE_KOOFR_ENCODING
--   Type: MultiEncoder
--   Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+    ## Configuration
 
-Limitations
+    The initial setup for OneDrive involves getting a token from
+    Microsoft which you need to do in your browser.  `rclone config` walks
+    you through it.
 
-Note that Koofr is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Providers
+         rclone config
 
-Koofr
+    This will guide you through an interactive setup process:
 
-This is the original Koofr storage provider used as main example and
-described in the configuration section above.
+e)  Edit existing remote
+f)  New remote
+g)  Delete remote
+h)  Rename remote
+i)  Copy remote
+j)  Set configuration password
+k)  Quit config e/n/d/r/c/s/q> n name> remote Type of storage to
+    configure. Enter a string value. Press Enter for the default ("").
+    Choose a number from below, or type in your own value [snip] XX /
+    Microsoft OneDrive  "onedrive" [snip] Storage> onedrive Microsoft
+    App Client Id Leave blank normally. Enter a string value. Press
+    Enter for the default (""). client_id> Microsoft App Client Secret
+    Leave blank normally. Enter a string value. Press Enter for the
+    default (""). client_secret> Edit advanced config? (y/n)
+l)  Yes
+m)  No y/n> n Remote config Use web browser to automatically
+    authenticate rclone with remote?
 
-Digi Storage
+-   Say Y if the machine running rclone has a web browser you can use
+-   Say N if running rclone on a (remote) machine without web browser
+    access If not sure try Y. If Y failed, try N.
 
-Digi Storage is a cloud storage service run by Digi.ro that provides a
-Koofr API.
+y)  Yes
+z)  No y/n> y If your browser doesn't open automatically go to the
+    following link: http://127.0.0.1:53682/auth Log in and authorize
+    rclone for access Waiting for code... Got code Choose a number from
+    below, or type in an existing value 1 / OneDrive Personal or
+    Business  "onedrive" 2 / Sharepoint site  "sharepoint" 3 / Type in
+    driveID  "driveid" 4 / Type in SiteID  "siteid" 5 / Search a
+    Sharepoint site  "search" Your choice> 1 Found 1 drives, please
+    select the one you want to use: 0: OneDrive (business)
+    id=b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk Chose
+    drive to use:> 0 Found drive 'root' of type 'business', URL:
+    https://org-my.sharepoint.com/personal/you/Documents Is that okay?
+a)  Yes
+b)  No y/n> y -------------------- [remote] type = onedrive token =
+    {"access_token":"youraccesstoken","token_type":"Bearer","refresh_token":"yourrefreshtoken","expiry":"2018-08-26T22:39:52.486512262+08:00"}
+    drive_id =
+    b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
+    drive_type = business --------------------
+c)  Yes this is OK
+d)  Edit this remote
+e)  Delete this remote y/e/d> y
 
-Here is an example of how to make a remote called ds. First run:
 
-     rclone config
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
-This will guide you through an interactive setup process:
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from Microsoft. This only runs from the moment it
+    opens your browser to the moment you get back the verification
+    code.  This is on `http://127.0.0.1:53682/` and this it may require
+    you to unblock it temporarily if you are running a host firewall.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> ds
-    Option Storage.
-    Type of storage to configure.
-    Choose a number from below, or type in your own value.
-    [snip]
-    22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-       \ (koofr)
-    [snip]
-    Storage> koofr
-    Option provider.
-    Choose your storage provider.
-    Choose a number from below, or type in your own value.
-    Press Enter to leave empty.
-     1 / Koofr, https://app.koofr.net/
-       \ (koofr)
-     2 / Digi Storage, https://storage.rcs-rds.ro/
-       \ (digistorage)
-     3 / Any other Koofr API compatible storage service
-       \ (other)
-    provider> 2
-    Option user.
-    Your user name.
-    Enter a value.
-    user> USERNAME
-    Option password.
-    Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).
-    Choose an alternative below.
-    y) Yes, type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> n
-    --------------------
-    [ds]
-    type = koofr
-    provider = digistorage
-    user = USERNAME
-    password = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Once configured you can then use `rclone` like this,
 
-Other
+    List directories in top level of your OneDrive
 
-You may also want to use another, public or private storage provider
-that runs a Koofr API compatible service, by simply providing the base
-URL to connect to.
+        rclone lsd remote:
 
-Here is an example of how to make a remote called other. First run:
+    List all the files in your OneDrive
 
-     rclone config
+        rclone ls remote:
 
-This will guide you through an interactive setup process:
+    To copy a local directory to an OneDrive directory called backup
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> other
-    Option Storage.
-    Type of storage to configure.
-    Choose a number from below, or type in your own value.
-    [snip]
-    22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-       \ (koofr)
-    [snip]
-    Storage> koofr
-    Option provider.
-    Choose your storage provider.
-    Choose a number from below, or type in your own value.
-    Press Enter to leave empty.
-     1 / Koofr, https://app.koofr.net/
-       \ (koofr)
-     2 / Digi Storage, https://storage.rcs-rds.ro/
-       \ (digistorage)
-     3 / Any other Koofr API compatible storage service
-       \ (other)
-    provider> 3
-    Option endpoint.
-    The Koofr API endpoint to use.
-    Enter a value.
-    endpoint> https://koofr.other.org
-    Option user.
-    Your user name.
-    Enter a value.
-    user> USERNAME
-    Option password.
-    Your password for rclone (generate one at your service's settings page).
-    Choose an alternative below.
-    y) Yes, type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> n
-    --------------------
-    [other]
-    type = koofr
-    provider = other
-    endpoint = https://koofr.other.org
-    user = USERNAME
-    password = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+        rclone copy /home/source remote:backup
 
-Mail.ru Cloud
+    ### Getting your own Client ID and Key
 
-Mail.ru Cloud is a cloud storage provided by a Russian internet company
-Mail.Ru Group. The official desktop client is Disk-O:, available on
-Windows and Mac OS.
+    rclone uses a default Client ID when talking to OneDrive, unless a custom `client_id` is specified in the config.
+    The default Client ID and Key are shared by all rclone users when performing requests.
 
-Currently it is recommended to disable 2FA on Mail.ru accounts intended
-for rclone until it gets eventually implemented.
+    You may choose to create and use your own Client ID, in case the default one does not work well for you. 
+    For example, you might see throttling.
 
-Features highlights
+    #### Creating Client ID for OneDrive Personal
 
--   Paths may be as deep as required, e.g. remote:directory/subdirectory
--   Files have a last modified time property, directories don't
--   Deleted files are by default moved to the trash
--   Files and directories can be shared via public links
--   Partial uploads or streaming are not supported, file size must be
-    known before upload
--   Maximum file size is limited to 2G for a free account, unlimited for
-    paid accounts
--   Storage keeps hash for all files and performs transparent
-    deduplication, the hash algorithm is a modified SHA1
--   If a particular file is already present in storage, one can quickly
-    submit file hash instead of long file upload (this optimization is
-    supported by rclone)
+    To create your own Client ID, please follow these steps:
 
-Configuration
+    1. Open https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and then click `New registration`.
+    2. Enter a name for your app, choose account type `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`, select `Web` in `Redirect URI`, then type (do not copy and paste) `http://localhost:53682/` and click Register. Copy and keep the `Application (client) ID` under the app name for later use.
+    3. Under `manage` select `Certificates & secrets`, click `New client secret`. Enter a description (can be anything) and set `Expires` to 24 months. Copy and keep that secret _Value_ for later use (you _won't_ be able to see this value afterwards).
+    4. Under `manage` select `API permissions`, click `Add a permission` and select `Microsoft Graph` then select `delegated permissions`.
+    5. Search and select the following permissions: `Files.Read`, `Files.ReadWrite`, `Files.Read.All`, `Files.ReadWrite.All`, `offline_access`, `User.Read` and `Sites.Read.All` (if custom access scopes are configured, select the permissions accordingly). Once selected click `Add permissions` at the bottom.
 
-Here is an example of making a mailru configuration.
+    Now the application is complete. Run `rclone config` to create or edit a OneDrive remote.
+    Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.
 
-First create a Mail.ru Cloud account and choose a tariff.
+    The access_scopes option allows you to configure the permissions requested by rclone.
+    See [Microsoft Docs](https://docs.microsoft.com/en-us/graph/permissions-reference#files-permissions) for more information about the different scopes.
 
-You will need to log in and create an app password for rclone. Rclone
-will not work with your normal username and password - it will give an
-error like oauth2: server response missing access_token.
+    The `Sites.Read.All` permission is required if you need to [search SharePoint sites when configuring the remote](https://github.com/rclone/rclone/pull/5883). However, if that permission is not assigned, you need to exclude `Sites.Read.All` from your access scopes or set `disable_site_permission` option to true in the advanced options.
 
--   Click on your user icon in the top right
--   Go to Security / "Пароль и безопасность"
--   Click password for apps / "Пароли для внешних приложений"
--   Add the password - give it a name - eg "rclone"
--   Copy the password and use this password below - your normal login
-    password won't work.
+    #### Creating Client ID for OneDrive Business
 
-Now run
+    The steps for OneDrive Personal may or may not work for OneDrive Business, depending on the security settings of the organization.
+    A common error is that the publisher of the App is not verified.
 
-    rclone config
+    You may try to [verify you account](https://docs.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview), or try to limit the App to your organization only, as shown below.
 
-This will guide you through an interactive setup process:
+    1. Make sure to create the App with your business account.
+    2. Follow the steps above to create an App. However, we need a different account type here: `Accounts in this organizational directory only (*** - Single tenant)`. Note that you can also change the account type after creating the App.
+    3. Find the [tenant ID](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) of your organization.
+    4. In the rclone config, set `auth_url` to `https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/authorize`.
+    5. In the rclone config, set `token_url` to `https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token`.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Mail.ru Cloud
-       \ "mailru"
-    [snip]
-    Storage> mailru
-    User name (usually email)
-    Enter a string value. Press Enter for the default ("").
-    user> username@mail.ru
-    Password
+    Note: If you have a special region, you may need a different host in step 4 and 5. Here are [some hints](https://github.com/rclone/rclone/blob/bc23bf11db1c78c6ebbf8ea538fbebf7058b4176/backend/onedrive/onedrive.go#L86).
 
-    This must be an app password - rclone will not work with your normal
-    password. See the Configuration section in the docs for how to make an
-    app password.
-    y) Yes type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Skip full upload if there is another file with same data hash.
-    This feature is called "speedup" or "put by hash". It is especially efficient
-    in case of generally available files like popular books, video or audio clips
-    [snip]
-    Enter a boolean value (true or false). Press Enter for the default ("true").
-    Choose a number from below, or type in your own value
-     1 / Enable
-       \ "true"
-     2 / Disable
-       \ "false"
-    speedup_enable> 1
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No
-    y/n> n
-    Remote config
-    --------------------
-    [remote]
-    type = mailru
-    user = username@mail.ru
-    pass = *** ENCRYPTED ***
-    speedup_enable = true
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
 
-Configuration of this backend does not require a local web browser. You
-can use the configured backend as shown below:
+    ### Modification times and hashes
 
-See top level directories
+    OneDrive allows modification times to be set on objects accurate to 1
+    second.  These will be used to detect whether objects need syncing or
+    not.
 
-    rclone lsd remote:
+    OneDrive Personal, OneDrive for Business and Sharepoint Server support
+    [QuickXorHash](https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash).
 
-Make a new directory
+    Before rclone 1.62 the default hash for Onedrive Personal was `SHA1`.
+    For rclone 1.62 and above the default for all Onedrive backends is
+    `QuickXorHash`.
 
-    rclone mkdir remote:directory
+    Starting from July 2023 `SHA1` support is being phased out in Onedrive
+    Personal in favour of `QuickXorHash`. If necessary the
+    `--onedrive-hash-type` flag (or `hash_type` config option) can be used
+    to select `SHA1` during the transition period if this is important
+    your workflow.
 
-List the contents of a directory
+    For all types of OneDrive you can use the `--checksum` flag.
 
-    rclone ls remote:directory
+    ### --fast-list
 
-Sync /home/local/directory to the remote path, deleting any excess files
-in the path.
+    This remote supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
 
-    rclone sync --interactive /home/local/directory remote:directory
+    This must be enabled with the `--onedrive-delta` flag (or `delta =
+    true` in the config file) as it can cause performance degradation.
 
-Modified time
+    It does this by using the delta listing facilities of OneDrive which
+    returns all the files in the remote very efficiently. This is much
+    more efficient than listing directories recursively and is Microsoft's
+    recommended way of reading all the file information from a drive.
 
-Files support a modification time attribute with up to 1 second
-precision. Directories do not have a modification time, which is shown
-as "Jan 1 1970".
+    This can be useful with `rclone mount` and [rclone rc vfs/refresh
+    recursive=true](https://rclone.org/rc/#vfs-refresh)) to very quickly fill the mount with
+    information about all the files.
 
-Hash checksums
+    The API used for the recursive listing (`ListR`) only supports listing
+    from the root of the drive. This will become increasingly inefficient
+    the further away you get from the root as rclone will have to discard
+    files outside of the directory you are using.
 
-Hash sums use a custom Mail.ru algorithm based on SHA1. If file size is
-less than or equal to the SHA1 block size (20 bytes), its hash is simply
-its data right-padded with zero bytes. Hash sum of a larger file is
-computed as a SHA1 sum of the file data bytes concatenated with a
-decimal representation of the data length.
+    Some commands (like `rclone lsf -R`) will use `ListR` by default - you
+    can turn this off with `--disable ListR` if you need to.
 
-Emptying Trash
+    ### Restricted filename characters
 
-Removing a file or directory actually moves it to the trash, which is
-not visible to rclone but can be seen in a web browser. The trashed file
-still occupies part of total quota. If you wish to empty your trash and
-free some quota, you can use the rclone cleanup remote: command, which
-will permanently delete all your trashed files. This command does not
-take any path arguments.
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-Quota information
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | "         | 0x22  | ＂          |
+    | *         | 0x2A  | ＊          |
+    | :         | 0x3A  | ：          |
+    | <         | 0x3C  | ＜          |
+    | >         | 0x3E  | ＞          |
+    | ?         | 0x3F  | ？          |
+    | \         | 0x5C  | ＼          |
+    | \|        | 0x7C  | ｜          |
 
-To view your current quota you can use the rclone about remote: command
-which will display your usage limit (quota) and the current usage.
+    File names can also not end with the following characters.
+    These only get replaced if they are the last character in the name:
 
-Restricted filename characters
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | SP        | 0x20  | ␠           |
+    | .         | 0x2E  | ．          |
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    File names can also not begin with the following characters.
+    These only get replaced if they are the first character in the name:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  "            0x22        ＂
-  *            0x2A        ＊
-  :            0x3A        ：
-  <            0x3C        ＜
-  >            0x3E        ＞
-  ?            0x3F        ？
-  \            0x5C        ＼
-  |            0x7C        ｜
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | SP        | 0x20  | ␠           |
+    | ~         | 0x7E  | ～          |
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-Standard options
+    ### Deleting files
 
-Here are the Standard options specific to mailru (Mail.ru Cloud).
+    Any files you delete with rclone will end up in the trash.  Microsoft
+    doesn't provide an API to permanently delete files, nor to empty the
+    trash, so you will have to do that with one of Microsoft's apps or via
+    the OneDrive website.
 
---mailru-user
 
-User name (usually email).
+    ### Standard options
 
-Properties:
+    Here are the Standard options specific to onedrive (Microsoft OneDrive).
 
--   Config: user
--   Env Var: RCLONE_MAILRU_USER
--   Type: string
--   Required: true
+    #### --onedrive-client-id
 
---mailru-pass
+    OAuth Client Id.
 
-Password.
+    Leave blank normally.
 
-This must be an app password - rclone will not work with your normal
-password. See the Configuration section in the docs for how to make an
-app password.
+    Properties:
 
-NB Input to this must be obscured - see rclone obscure.
+    - Config:      client_id
+    - Env Var:     RCLONE_ONEDRIVE_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --onedrive-client-secret
 
--   Config: pass
--   Env Var: RCLONE_MAILRU_PASS
--   Type: string
--   Required: true
+    OAuth Client Secret.
 
---mailru-speedup-enable
+    Leave blank normally.
 
-Skip full upload if there is another file with same data hash.
+    Properties:
 
-This feature is called "speedup" or "put by hash". It is especially
-efficient in case of generally available files like popular books, video
-or audio clips, because files are searched by hash in all accounts of
-all mailru users. It is meaningless and ineffective if source file is
-unique or encrypted. Please note that rclone may need local memory and
-disk space to calculate content hash in advance and decide whether full
-upload is required. Also, if rclone does not know file size in advance
-(e.g. in case of streaming or partial uploads), it will not even try
-this optimization.
+    - Config:      client_secret
+    - Env Var:     RCLONE_ONEDRIVE_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --onedrive-region
 
--   Config: speedup_enable
--   Env Var: RCLONE_MAILRU_SPEEDUP_ENABLE
--   Type: bool
--   Default: true
--   Examples:
-    -   "true"
-        -   Enable
-    -   "false"
-        -   Disable
+    Choose national cloud region for OneDrive.
 
-Advanced options
+    Properties:
 
-Here are the Advanced options specific to mailru (Mail.ru Cloud).
+    - Config:      region
+    - Env Var:     RCLONE_ONEDRIVE_REGION
+    - Type:        string
+    - Default:     "global"
+    - Examples:
+        - "global"
+            - Microsoft Cloud Global
+        - "us"
+            - Microsoft Cloud for US Government
+        - "de"
+            - Microsoft Cloud Germany
+        - "cn"
+            - Azure and Office 365 operated by Vnet Group in China
 
---mailru-speedup-file-patterns
+    ### Advanced options
 
-Comma separated list of file name patterns eligible for speedup (put by
-hash).
+    Here are the Advanced options specific to onedrive (Microsoft OneDrive).
 
-Patterns are case insensitive and can contain '*' or '?' meta
-characters.
+    #### --onedrive-token
 
-Properties:
+    OAuth Access Token as a JSON blob.
 
--   Config: speedup_file_patterns
--   Env Var: RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS
--   Type: string
--   Default: ".mkv,.avi,.mp4,.mp3,.zip,.gz,.rar,.pdf"
--   Examples:
-    -   ""
-        -   Empty list completely disables speedup (put by hash).
-    -   "*"
-        -   All files will be attempted for speedup.
-    -   ".mkv,.avi,.mp4,.mp3"
-        -   Only common audio/video files will be tried for put by hash.
-    -   ".zip,.gz,.rar,.pdf"
-        -   Only common archives or PDF books will be tried for speedup.
+    Properties:
 
---mailru-speedup-max-disk
+    - Config:      token
+    - Env Var:     RCLONE_ONEDRIVE_TOKEN
+    - Type:        string
+    - Required:    false
 
-This option allows you to disable speedup (put by hash) for large files.
+    #### --onedrive-auth-url
 
-Reason is that preliminary hashing can exhaust your RAM or disk space.
+    Auth server URL.
 
-Properties:
+    Leave blank to use the provider defaults.
 
--   Config: speedup_max_disk
--   Env Var: RCLONE_MAILRU_SPEEDUP_MAX_DISK
--   Type: SizeSuffix
--   Default: 3Gi
--   Examples:
-    -   "0"
-        -   Completely disable speedup (put by hash).
-    -   "1G"
-        -   Files larger than 1Gb will be uploaded directly.
-    -   "3G"
-        -   Choose this option if you have less than 3Gb free on local
-            disk.
+    Properties:
 
---mailru-speedup-max-memory
+    - Config:      auth_url
+    - Env Var:     RCLONE_ONEDRIVE_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-Files larger than the size given below will always be hashed on disk.
+    #### --onedrive-token-url
 
-Properties:
+    Token server url.
 
--   Config: speedup_max_memory
--   Env Var: RCLONE_MAILRU_SPEEDUP_MAX_MEMORY
--   Type: SizeSuffix
--   Default: 32Mi
--   Examples:
-    -   "0"
-        -   Preliminary hashing will always be done in a temporary disk
-            location.
-    -   "32M"
-        -   Do not dedicate more than 32Mb RAM for preliminary hashing.
-    -   "256M"
-        -   You have at most 256Mb RAM free for hash calculations.
+    Leave blank to use the provider defaults.
 
---mailru-check-hash
+    Properties:
 
-What should copy do if file checksum is mismatched or invalid.
+    - Config:      token_url
+    - Env Var:     RCLONE_ONEDRIVE_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --onedrive-chunk-size
 
--   Config: check_hash
--   Env Var: RCLONE_MAILRU_CHECK_HASH
--   Type: bool
--   Default: true
--   Examples:
-    -   "true"
-        -   Fail with error.
-    -   "false"
-        -   Ignore and continue.
+    Chunk size to upload files with - must be multiple of 320k (327,680 bytes).
 
---mailru-user-agent
+    Above this size files will be chunked - must be multiple of 320k (327,680 bytes) and
+    should not exceed 250M (262,144,000 bytes) else you may encounter \"Microsoft.SharePoint.Client.InvalidClientQueryException: The request message is too big.\"
+    Note that the chunks will be buffered into memory.
 
-HTTP user agent used internally by client.
+    Properties:
 
-Defaults to "rclone/VERSION" or "--user-agent" provided on command line.
+    - Config:      chunk_size
+    - Env Var:     RCLONE_ONEDRIVE_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     10Mi
 
-Properties:
+    #### --onedrive-drive-id
 
--   Config: user_agent
--   Env Var: RCLONE_MAILRU_USER_AGENT
--   Type: string
--   Required: false
+    The ID of the drive to use.
 
---mailru-quirks
+    Properties:
 
-Comma separated list of internal maintenance flags.
+    - Config:      drive_id
+    - Env Var:     RCLONE_ONEDRIVE_DRIVE_ID
+    - Type:        string
+    - Required:    false
 
-This option must not be used by an ordinary user. It is intended only to
-facilitate remote troubleshooting of backend issues. Strict meaning of
-flags is not documented and not guaranteed to persist between releases.
-Quirks will be removed when the backend grows stable. Supported quirks:
-atomicmkdir binlist unknowndirs
+    #### --onedrive-drive-type
 
-Properties:
+    The type of the drive (personal | business | documentLibrary).
 
--   Config: quirks
--   Env Var: RCLONE_MAILRU_QUIRKS
--   Type: string
--   Required: false
+    Properties:
 
---mailru-encoding
+    - Config:      drive_type
+    - Env Var:     RCLONE_ONEDRIVE_DRIVE_TYPE
+    - Type:        string
+    - Required:    false
 
-The encoding for the backend.
+    #### --onedrive-root-folder-id
 
-See the encoding section in the overview for more info.
+    ID of the root folder.
 
-Properties:
+    This isn't normally needed, but in special circumstances you might
+    know the folder ID that you wish to access but not be able to get
+    there through a path traversal.
 
--   Config: encoding
--   Env Var: RCLONE_MAILRU_ENCODING
--   Type: MultiEncoder
--   Default:
-    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
-Limitations
+    Properties:
 
-File size limits depend on your account. A single file size is limited
-by 2G for a free account and unlimited for paid tariffs. Please refer to
-the Mail.ru site for the total uploaded size limits.
+    - Config:      root_folder_id
+    - Env Var:     RCLONE_ONEDRIVE_ROOT_FOLDER_ID
+    - Type:        string
+    - Required:    false
 
-Note that Mailru is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+    #### --onedrive-access-scopes
 
-Mega
+    Set scopes to be requested by rclone.
 
-Mega is a cloud storage and file hosting service known for its security
-feature where all files are encrypted locally before they are uploaded.
-This prevents anyone (including employees of Mega) from accessing the
-files without knowledge of the key used for encryption.
+    Choose or manually enter a custom space separated list with all scopes, that rclone should request.
 
-This is an rclone backend for Mega which supports the file transfer
-features of Mega using the same client side encryption.
 
-Paths are specified as remote:path
+    Properties:
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    - Config:      access_scopes
+    - Env Var:     RCLONE_ONEDRIVE_ACCESS_SCOPES
+    - Type:        SpaceSepList
+    - Default:     Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access
+    - Examples:
+        - "Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access"
+            - Read and write access to all resources
+        - "Files.Read Files.Read.All Sites.Read.All offline_access"
+            - Read only access to all resources
+        - "Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All offline_access"
+            - Read and write access to all resources, without the ability to browse SharePoint sites. 
+            - Same as if disable_site_permission was set to true
 
-Configuration
+    #### --onedrive-disable-site-permission
 
-Here is an example of how to make a remote called remote. First run:
+    Disable the request for Sites.Read.All permission.
 
-     rclone config
+    If set to true, you will no longer be able to search for a SharePoint site when
+    configuring drive ID, because rclone will not request Sites.Read.All permission.
+    Set it to true if your organization didn't assign Sites.Read.All permission to the
+    application, and your organization disallows users to consent app permission
+    request on their own.
 
-This will guide you through an interactive setup process:
+    Properties:
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Mega
-       \ "mega"
-    [snip]
-    Storage> mega
-    User name
-    user> you@example.com
-    Password.
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank
-    y/g/n> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Remote config
-    --------------------
-    [remote]
-    type = mega
-    user = you@example.com
-    pass = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    - Config:      disable_site_permission
+    - Env Var:     RCLONE_ONEDRIVE_DISABLE_SITE_PERMISSION
+    - Type:        bool
+    - Default:     false
 
-NOTE: The encryption keys need to have been already generated after a
-regular login via the browser, otherwise attempting to use the
-credentials in rclone will fail.
+    #### --onedrive-expose-onenote-files
 
-Once configured you can then use rclone like this,
+    Set to make OneNote files show up in directory listings.
 
-List directories in top level of your Mega
+    By default, rclone will hide OneNote files in directory listings because
+    operations like "Open" and "Update" won't work on them.  But this
+    behaviour may also prevent you from deleting them.  If you want to
+    delete OneNote files or otherwise want them to show up in directory
+    listing, set this option.
 
-    rclone lsd remote:
+    Properties:
 
-List all the files in your Mega
+    - Config:      expose_onenote_files
+    - Env Var:     RCLONE_ONEDRIVE_EXPOSE_ONENOTE_FILES
+    - Type:        bool
+    - Default:     false
 
-    rclone ls remote:
+    #### --onedrive-server-side-across-configs
 
-To copy a local directory to an Mega directory called backup
+    Deprecated: use --server-side-across-configs instead.
 
-    rclone copy /home/source remote:backup
+    Allow server-side operations (e.g. copy) to work across different onedrive configs.
 
-Modified time and hashes
+    This will only work if you are copying between two OneDrive *Personal* drives AND
+    the files to copy are already shared between them.  In other cases, rclone will
+    fall back to normal copy (which will be slightly slower).
 
-Mega does not support modification times or hashes yet.
+    Properties:
 
-Restricted filename characters
+    - Config:      server_side_across_configs
+    - Env Var:     RCLONE_ONEDRIVE_SERVER_SIDE_ACROSS_CONFIGS
+    - Type:        bool
+    - Default:     false
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  NUL          0x00         ␀
-  /            0x2F        ／
+    #### --onedrive-list-chunk
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Size of listing chunk.
 
-Duplicated files
+    Properties:
 
-Mega can have two files with exactly the same name and path (unlike a
-normal file system).
+    - Config:      list_chunk
+    - Env Var:     RCLONE_ONEDRIVE_LIST_CHUNK
+    - Type:        int
+    - Default:     1000
 
-Duplicated files cause problems with the syncing and you will see
-messages in the log about duplicates.
+    #### --onedrive-no-versions
 
-Use rclone dedupe to fix duplicated files.
+    Remove all versions on modifying operations.
 
-Failure to log-in
+    Onedrive for business creates versions when rclone uploads new files
+    overwriting an existing one and when it sets the modification time.
 
-Object not found
+    These versions take up space out of the quota.
 
-If you are connecting to your Mega remote for the first time, to test
-access and synchronization, you may receive an error such as
+    This flag checks for versions after file upload and setting
+    modification time and removes all but the last version.
 
-    Failed to create file system for "my-mega-remote:": 
-    couldn't login: Object (typically, node or user) not found
+    **NB** Onedrive personal can't currently delete versions so don't use
+    this flag there.
 
-The diagnostic steps often recommended in the rclone forum start with
-the MEGAcmd utility. Note that this refers to the official C++ command
-from https://github.com/meganz/MEGAcmd and not the go language built
-command from t3rm1n4l/megacmd that is no longer maintained.
 
-Follow the instructions for installing MEGAcmd and try accessing your
-remote as they recommend. You can establish whether or not you can log
-in using MEGAcmd, and obtain diagnostic information to help you, and
-search or work with others in the forum.
+    Properties:
 
-    MEGA CMD> login me@example.com
-    Password:
-    Fetching nodes ...
-    Loading transfers from local cache
-    Login complete as me@example.com
-    me@example.com:/$ 
+    - Config:      no_versions
+    - Env Var:     RCLONE_ONEDRIVE_NO_VERSIONS
+    - Type:        bool
+    - Default:     false
 
-Note that some have found issues with passwords containing special
-characters. If you can not log on with rclone, but MEGAcmd logs on just
-fine, then consider changing your password temporarily to pure
-alphanumeric characters, in case that helps.
+    #### --onedrive-link-scope
 
-Repeated commands blocks access
+    Set the scope of the links created by the link command.
 
-Mega remotes seem to get blocked (reject logins) under "heavy use". We
-haven't worked out the exact blocking rules but it seems to be related
-to fast paced, successive rclone commands.
+    Properties:
 
-For example, executing this command 90 times in a row
-rclone link remote:file will cause the remote to become "blocked". This
-is not an abnormal situation, for example if you wish to get the public
-links of a directory with hundred of files... After more or less a week,
-the remote will remote accept rclone logins normally again.
+    - Config:      link_scope
+    - Env Var:     RCLONE_ONEDRIVE_LINK_SCOPE
+    - Type:        string
+    - Default:     "anonymous"
+    - Examples:
+        - "anonymous"
+            - Anyone with the link has access, without needing to sign in.
+            - This may include people outside of your organization.
+            - Anonymous link support may be disabled by an administrator.
+        - "organization"
+            - Anyone signed into your organization (tenant) can use the link to get access.
+            - Only available in OneDrive for Business and SharePoint.
 
-You can mitigate this issue by mounting the remote it with rclone mount.
-This will log-in when mounting and a log-out when unmounting only. You
-can also run rclone rcd and then use rclone rc to run the commands over
-the API to avoid logging in each time.
+    #### --onedrive-link-type
 
-Rclone does not currently close mega sessions (you can see them in the
-web interface), however closing the sessions does not solve the issue.
+    Set the type of the links created by the link command.
 
-If you space rclone commands by 3 seconds it will avoid blocking the
-remote. We haven't identified the exact blocking rules, so perhaps one
-could execute the command 80 times without waiting and avoid blocking by
-waiting 3 seconds, then continuing...
+    Properties:
 
-Note that this has been observed by trial and error and might not be set
-in stone.
+    - Config:      link_type
+    - Env Var:     RCLONE_ONEDRIVE_LINK_TYPE
+    - Type:        string
+    - Default:     "view"
+    - Examples:
+        - "view"
+            - Creates a read-only link to the item.
+        - "edit"
+            - Creates a read-write link to the item.
+        - "embed"
+            - Creates an embeddable link to the item.
 
-Other tools seem not to produce this blocking effect, as they use a
-different working approach (state-based, using sessionIDs instead of
-log-in) which isn't compatible with the current stateless rclone
-approach.
+    #### --onedrive-link-password
 
-Note that once blocked, the use of other tools (such as megacmd) is not
-a sure workaround: following megacmd login times have been observed in
-succession for blocked remote: 7 minutes, 20 min, 30min, 30 min, 30min.
-Web access looks unaffected though.
+    Set the password for links created by the link command.
 
-Investigation is continuing in relation to workarounds based on
-timeouts, pacers, retrials and tpslimits - if you discover something
-relevant, please post on the forum.
+    At the time of writing this only works with OneDrive personal paid accounts.
 
-So, if rclone was working nicely and suddenly you are unable to log-in
-and you are sure the user and the password are correct, likely you have
-got the remote blocked for a while.
 
-Standard options
+    Properties:
 
-Here are the Standard options specific to mega (Mega).
+    - Config:      link_password
+    - Env Var:     RCLONE_ONEDRIVE_LINK_PASSWORD
+    - Type:        string
+    - Required:    false
 
---mega-user
+    #### --onedrive-hash-type
 
-User name.
+    Specify the hash in use for the backend.
 
-Properties:
+    This specifies the hash type in use. If set to "auto" it will use the
+    default hash which is QuickXorHash.
 
--   Config: user
--   Env Var: RCLONE_MEGA_USER
--   Type: string
--   Required: true
+    Before rclone 1.62 an SHA1 hash was used by default for Onedrive
+    Personal. For 1.62 and later the default is to use a QuickXorHash for
+    all onedrive types. If an SHA1 hash is desired then set this option
+    accordingly.
 
---mega-pass
+    From July 2023 QuickXorHash will be the only available hash for
+    both OneDrive for Business and OneDriver Personal.
 
-Password.
+    This can be set to "none" to not use any hashes.
 
-NB Input to this must be obscured - see rclone obscure.
+    If the hash requested does not exist on the object, it will be
+    returned as an empty string which is treated as a missing hash by
+    rclone.
 
-Properties:
 
--   Config: pass
--   Env Var: RCLONE_MEGA_PASS
--   Type: string
--   Required: true
+    Properties:
 
-Advanced options
+    - Config:      hash_type
+    - Env Var:     RCLONE_ONEDRIVE_HASH_TYPE
+    - Type:        string
+    - Default:     "auto"
+    - Examples:
+        - "auto"
+            - Rclone chooses the best hash
+        - "quickxor"
+            - QuickXor
+        - "sha1"
+            - SHA1
+        - "sha256"
+            - SHA256
+        - "crc32"
+            - CRC32
+        - "none"
+            - None - don't use any hashes
 
-Here are the Advanced options specific to mega (Mega).
+    #### --onedrive-av-override
 
---mega-debug
+    Allows download of files the server thinks has a virus.
 
-Output more debug from Mega.
+    The onedrive/sharepoint server may check files uploaded with an Anti
+    Virus checker. If it detects any potential viruses or malware it will
+    block download of the file.
 
-If this flag is set (along with -vv) it will print further debugging
-information from the mega backend.
+    In this case you will see a message like this
 
-Properties:
+        server reports this file is infected with a virus - use --onedrive-av-override to download anyway: Infected (name of virus): 403 Forbidden: 
 
--   Config: debug
--   Env Var: RCLONE_MEGA_DEBUG
--   Type: bool
--   Default: false
+    If you are 100% sure you want to download this file anyway then use
+    the --onedrive-av-override flag, or av_override = true in the config
+    file.
 
---mega-hard-delete
 
-Delete files permanently rather than putting them into the trash.
+    Properties:
 
-Normally the mega backend will put all deletions into the trash rather
-than permanently deleting them. If you specify this then rclone will
-permanently delete objects instead.
+    - Config:      av_override
+    - Env Var:     RCLONE_ONEDRIVE_AV_OVERRIDE
+    - Type:        bool
+    - Default:     false
 
-Properties:
+    #### --onedrive-delta
 
--   Config: hard_delete
--   Env Var: RCLONE_MEGA_HARD_DELETE
--   Type: bool
--   Default: false
+    If set rclone will use delta listing to implement recursive listings.
 
---mega-use-https
+    If this flag is set the the onedrive backend will advertise `ListR`
+    support for recursive listings.
 
-Use HTTPS for transfers.
+    Setting this flag speeds up these things greatly:
 
-MEGA uses plain text HTTP connections by default. Some ISPs throttle
-HTTP connections, this causes transfers to become very slow. Enabling
-this will force MEGA to use HTTPS for all transfers. HTTPS is normally
-not necesary since all data is already encrypted anyway. Enabling it
-will increase CPU usage and add network overhead.
+        rclone lsf -R onedrive:
+        rclone size onedrive:
+        rclone rc vfs/refresh recursive=true
 
-Properties:
+    **However** the delta listing API **only** works at the root of the
+    drive. If you use it not at the root then it recurses from the root
+    and discards all the data that is not under the directory you asked
+    for. So it will be correct but may not be very efficient.
 
--   Config: use_https
--   Env Var: RCLONE_MEGA_USE_HTTPS
--   Type: bool
--   Default: false
+    This is why this flag is not set as the default.
 
---mega-encoding
+    As a rule of thumb if nearly all of your data is under rclone's root
+    directory (the `root/directory` in `onedrive:root/directory`) then
+    using this flag will be be a big performance win. If your data is
+    mostly not under the root then using this flag will be a big
+    performance loss.
 
-The encoding for the backend.
+    It is recommended if you are mounting your onedrive at the root
+    (or near the root when using crypt) and using rclone `rc vfs/refresh`.
 
-See the encoding section in the overview for more info.
 
-Properties:
+    Properties:
 
--   Config: encoding
--   Env Var: RCLONE_MEGA_ENCODING
--   Type: MultiEncoder
--   Default: Slash,InvalidUtf8,Dot
+    - Config:      delta
+    - Env Var:     RCLONE_ONEDRIVE_DELTA
+    - Type:        bool
+    - Default:     false
 
-Limitations
+    #### --onedrive-encoding
 
-This backend uses the go-mega go library which is an opensource go
-library implementing the Mega API. There doesn't appear to be any
-documentation for the mega protocol beyond the mega C++ SDK source code
-so there are likely quite a few errors still remaining in this library.
+    The encoding for the backend.
 
-Mega allows duplicate files which may confuse rclone.
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Memory
+    Properties:
 
-The memory backend is an in RAM backend. It does not persist its data -
-use the local backend for that.
+    - Config:      encoding
+    - Env Var:     RCLONE_ONEDRIVE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot
 
-The memory backend behaves like a bucket-based remote (e.g. like s3).
-Because it has no parameters you can just use it with the :memory:
-remote name.
 
-Configuration
 
-You can configure it as a remote like this with rclone config too if you
-want to:
+    ## Limitations
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Memory
-       \ "memory"
-    [snip]
-    Storage> memory
-    ** See help for memory backend at: https://rclone.org/memory/ **
+    If you don't use rclone for 90 days the refresh token will
+    expire. This will result in authorization problems. This is easy to
+    fix by running the `rclone config reconnect remote:` command to get a
+    new token and refresh token.
 
-    Remote config
+    ### Naming
 
-    --------------------
-    [remote]
-    type = memory
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Note that OneDrive is case insensitive so you can't have a
+    file called "Hello.doc" and one called "hello.doc".
 
-Because the memory backend isn't persistent it is most useful for
-testing or with an rclone server or rclone mount, e.g.
+    There are quite a few characters that can't be in OneDrive file
+    names.  These can't occur on Windows platforms, but on non-Windows
+    platforms they are common.  Rclone will map these names to and from an
+    identical looking unicode equivalent.  For example if a file has a `?`
+    in it will be mapped to `？` instead.
 
-    rclone mount :memory: /mnt/tmp
-    rclone serve webdav :memory:
-    rclone serve sftp :memory:
+    ### File sizes
 
-Modified time and hashes
+    The largest allowed file size is 250 GiB for both OneDrive Personal and OneDrive for Business [(Updated 13 Jan 2021)](https://support.microsoft.com/en-us/office/invalid-file-names-and-file-types-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa?ui=en-us&rs=en-us&ad=us#individualfilesize).
 
-The memory backend supports MD5 hashes and modification times accurate
-to 1 nS.
+    ### Path length
 
-Restricted filename characters
+    The entire path, including the file name, must contain fewer than 400 characters for OneDrive, OneDrive for Business and SharePoint Online. If you are encrypting file and folder names with rclone, you may want to pay attention to this limitation because the encrypted names are typically longer than the original ones.
 
-The memory backend replaces the default restricted characters set.
+    ### Number of files
 
-Akamai NetStorage
+    OneDrive seems to be OK with at least 50,000 files in a folder, but at
+    100,000 rclone will get errors listing the directory like `couldn’t
+    list files: UnknownError:`.  See
+    [#2707](https://github.com/rclone/rclone/issues/2707) for more info.
 
-Paths are specified as remote: You may put subdirectories in too, e.g.
-remote:/path/to/dir. If you have a CP code you can use that as the
-folder after the domain such as <domain>/<cpcode>/<internal directories
-within cpcode>.
+    An official document about the limitations for different types of OneDrive can be found [here](https://support.office.com/en-us/article/invalid-file-names-and-file-types-in-onedrive-onedrive-for-business-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa).
 
-For example, this is commonly configured with or without a CP code: *
-With a CP code.
-[your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/ * Without a
-CP code. [your-domain-prefix]-nsu.akamaihd.net
+    ## Versions
 
-See all buckets rclone lsd remote: The initial setup for Netstorage
-involves getting an account and secret. Use rclone config to walk you
-through the setup process.
+    Every change in a file OneDrive causes the service to create a new
+    version of the file.  This counts against a users quota.  For
+    example changing the modification time of a file creates a second
+    version, so the file apparently uses twice the space.
 
-Configuration
+    For example the `copy` command is affected by this as rclone copies
+    the file and then afterwards sets the modification time to match the
+    source file which uses another version.
 
-Here's an example of how to make a remote called ns1.
+    You can use the `rclone cleanup` command (see below) to remove all old
+    versions.
 
-1.  To begin the interactive configuration process, enter this command:
+    Or you can set the `no_versions` parameter to `true` and rclone will
+    remove versions after operations which create new versions. This takes
+    extra transactions so only enable it if you need it.
 
-    rclone config
+    **Note** At the time of writing Onedrive Personal creates versions
+    (but not for setting the modification time) but the API for removing
+    them returns "API not found" so cleanup and `no_versions` should not
+    be used on Onedrive Personal.
 
-2.  Type n to create a new remote.
+    ### Disabling versioning
 
-    n) New remote
-    d) Delete remote
-    q) Quit config
-    e/n/d/q> n
+    Starting October 2018, users will no longer be able to
+    disable versioning by default. This is because Microsoft has brought
+    an
+    [update](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/New-Updates-to-OneDrive-and-SharePoint-Team-Site-Versioning/ba-p/204390)
+    to the mechanism. To change this new default setting, a PowerShell
+    command is required to be run by a SharePoint admin. If you are an
+    admin, you can run these commands in PowerShell to change that
+    setting:
 
-3.  For this example, enter ns1 when you reach the name> prompt.
+    1. `Install-Module -Name Microsoft.Online.SharePoint.PowerShell` (in case you haven't installed this already)
+    2. `Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking`
+    3. `Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU@YOURSITE.COM` (replacing `YOURSITE`, `YOU`, `YOURSITE.COM` with the actual values; this will prompt for your credentials)
+    4. `Set-SPOTenant -EnableMinimumVersionRequirement $False`
+    5. `Disconnect-SPOService` (to disconnect from the server)
 
-    name> ns1
+    *Below are the steps for normal users to disable versioning. If you don't see the "No Versioning" option, make sure the above requirements are met.*
 
-4.  Enter netstorage as the type of storage to configure.
+    User [Weropol](https://github.com/Weropol) has found a method to disable
+    versioning on OneDrive
 
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    XX / NetStorage
-       \ "netstorage"
-    Storage> netstorage
+    1. Open the settings menu by clicking on the gear symbol at the top of the OneDrive Business page.
+    2. Click Site settings.
+    3. Once on the Site settings page, navigate to Site Administration > Site libraries and lists.
+    4. Click Customize "Documents".
+    5. Click General Settings > Versioning Settings.
+    6. Under Document Version History select the option No versioning.
+    Note: This will disable the creation of new file versions, but will not remove any previous versions. Your documents are safe.
+    7. Apply the changes by clicking OK.
+    8. Use rclone to upload or modify files. (I also use the --no-update-modtime flag)
+    9. Restore the versioning settings after using rclone. (Optional)
 
-5.  Select between the HTTP or HTTPS protocol. Most users should choose
-    HTTPS, which is the default. HTTP is provided primarily for
-    debugging purposes.
+    ## Cleanup
 
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / HTTP protocol
-       \ "http"
-     2 / HTTPS protocol
-       \ "https"
-    protocol> 1
+    OneDrive supports `rclone cleanup` which causes rclone to look through
+    every file under the path supplied and delete all version but the
+    current version. Because this involves traversing all the files, then
+    querying each file for versions it can be quite slow. Rclone does
+    `--checkers` tests in parallel. The command also supports `--interactive`/`i`
+    or `--dry-run` which is a great way to see what it would do.
 
-6.  Specify your NetStorage host, CP code, and any necessary content
-    paths using this format: <domain>/<cpcode>/<content>/
+        rclone cleanup --interactive remote:path/subdir # interactively remove all old version for path/subdir
+        rclone cleanup remote:path/subdir               # unconditionally remove all old version for path/subdir
 
-    Enter a string value. Press Enter for the default ("").
-    host> baseball-nsu.akamaihd.net/123456/content/
+    **NB** Onedrive personal can't currently delete versions
 
-7.  Set the netstorage account name
+    ## Troubleshooting ##
 
-    Enter a string value. Press Enter for the default ("").
-    account> username
+    ### Excessive throttling or blocked on SharePoint
 
-8.  Set the Netstorage account secret/G2O key which will be used for
-    authentication purposes. Select the y option to set your own
-    password then enter your secret. Note: The secret is stored in the
-    rclone.conf file with hex-encoded encryption.
+    If you experience excessive throttling or is being blocked on SharePoint then it may help to set the user agent explicitly with a flag like this: `--user-agent "ISV|rclone.org|rclone/v1.55.1"`
 
-    y) Yes type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
+    The specific details can be found in the Microsoft document: [Avoid getting throttled or blocked in SharePoint Online](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic-to-avoid-throttling)
 
-9.  View the summary and confirm your remote configuration.
+    ### Unexpected file size/hash differences on Sharepoint ####
 
-    [ns1]
-    type = netstorage
-    protocol = http
-    host = baseball-nsu.akamaihd.net/123456/content/
-    account = username
-    secret = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    It is a
+    [known](https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631)
+    issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies
+    uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and
+    hash checks to fail. There are also other situations that will cause OneDrive to
+    report inconsistent file sizes. To use rclone with such
+    affected files on Sharepoint, you
+    may disable these checks with the following command line arguments:
 
-This remote is called ns1 and can now be used.
+--ignore-checksum --ignore-size
 
-Example operations
 
-Get started with rclone and NetStorage with these examples. For
-additional rclone commands, visit https://rclone.org/commands/.
+    Alternatively, if you have write access to the OneDrive files, it may be possible
+    to fix this problem for certain files, by attempting the steps below.
+    Open the web interface for [OneDrive](https://onedrive.live.com) and find the
+    affected files (which will be in the error messages/log for rclone). Simply click on
+    each of these files, causing OneDrive to open them on the web. This will cause each
+    file to be converted in place to a format that is functionally equivalent
+    but which will no longer trigger the size discrepancy. Once all problematic files
+    are converted you will no longer need the ignore options above.
 
-See contents of a directory in your project
+    ### Replacing/deleting existing files on Sharepoint gets "item not found" ####
 
-    rclone lsd ns1:/974012/testing/
+    It is a [known](https://github.com/OneDrive/onedrive-api-docs/issues/1068) issue
+    that Sharepoint (not OneDrive or OneDrive for Business) may return "item not
+    found" errors when users try to replace or delete uploaded files; this seems to
+    mainly affect Office files (.docx, .xlsx, etc.) and web files (.html, .aspx, etc.). As a workaround, you may use
+    the `--backup-dir <BACKUP_DIR>` command line argument so rclone moves the
+    files to be replaced/deleted into a given backup directory (instead of directly
+    replacing/deleting them). For example, to instruct rclone to move the files into
+    the directory `rclone-backup-dir` on backend `mysharepoint`, you may use:
 
-Sync the contents local with remote
+--backup-dir mysharepoint:rclone-backup-dir
 
-    rclone sync . ns1:/974012/testing/
 
-Upload local content to remote
+    ### access\_denied (AADSTS65005) ####
 
-    rclone copy notes.txt ns1:/974012/testing/
+Error: access_denied Code: AADSTS65005 Description: Using application
+'rclone' is currently not supported for your organization
+[YOUR_ORGANIZATION] because it is in an unmanaged state. An
+administrator needs to claim ownership of the company by DNS validation
+of [YOUR_ORGANIZATION] before the application rclone can be provisioned.
 
-Delete content on remote
 
-    rclone delete ns1:/974012/testing/notes.txt
+    This means that rclone can't use the OneDrive for Business API with your account. You can't do much about it, maybe write an email to your admins.
 
-Move or copy content between CP codes.
+    However, there are other ways to interact with your OneDrive account. Have a look at the WebDAV backend: https://rclone.org/webdav/#sharepoint
 
-Your credentials must have access to two CP codes on the same remote.
-You can't perform operations between different remotes.
+    ### invalid\_grant (AADSTS50076) ####
 
-    rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/
+Error: invalid_grant Code: AADSTS50076 Description: Due to a
+configuration change made by your administrator, or because you moved to
+a new location, you must use multi-factor authentication to access
+'...'.
 
-Features
 
-Symlink Support
-
-The Netstorage backend changes the rclone --links, -l behavior. When
-uploading, instead of creating the .rclonelink file, use the "symlink"
-API in order to create the corresponding symlink on the remote. The
-.rclonelink file will not be created, the upload will be intercepted and
-only the symlink file that matches the source file name with no suffix
-will be created on the remote.
-
-This will effectively allow commands like copy/copyto, move/moveto and
-sync to upload from local to remote and download from remote to local
-directories with symlinks. Due to internal rclone limitations, it is not
-possible to upload an individual symlink file to any remote backend. You
-can always use the "backend symlink" command to create a symlink on the
-NetStorage server, refer to "symlink" section below.
-
-Individual symlink files on the remote can be used with the commands
-like "cat" to print the destination name, or "delete" to delete symlink,
-or copy, copy/to and move/moveto to download from the remote to local.
-Note: individual symlink files on the remote should be specified
-including the suffix .rclonelink.
-
-Note: No file with the suffix .rclonelink should ever exist on the
-server since it is not possible to actually upload/create a file with
-.rclonelink suffix with rclone, it can only exist if it is manually
-created through a non-rclone method on the remote.
-
-Implicit vs. Explicit Directories
-
-With NetStorage, directories can exist in one of two forms:
-
-1.  Explicit Directory. This is an actual, physical directory that you
-    have created in a storage group.
-2.  Implicit Directory. This refers to a directory within a path that
-    has not been physically created. For example, during upload of a
-    file, nonexistent subdirectories can be specified in the target
-    path. NetStorage creates these as "implicit." While the directories
-    aren't physically created, they exist implicitly and the noted path
-    is connected with the uploaded file.
-
-Rclone will intercept all file uploads and mkdir commands for the
-NetStorage remote and will explicitly issue the mkdir command for each
-directory in the uploading path. This will help with the
-interoperability with the other Akamai services such as SFTP and the
-Content Management Shell (CMShell). Rclone will not guarantee
-correctness of operations with implicit directories which might have
-been created as a result of using an upload API directly.
-
---fast-list / ListR support
-
-NetStorage remote supports the ListR feature by using the "list"
-NetStorage API action to return a lexicographical list of all objects
-within the specified CP code, recursing into subdirectories as they're
-encountered.
-
--   Rclone will use the ListR method for some commands by default.
-    Commands such as lsf -R will use ListR by default. To disable this,
-    include the --disable listR option to use the non-recursive method
-    of listing objects.
-
--   Rclone will not use the ListR method for some commands. Commands
-    such as sync don't use ListR by default. To force using the ListR
-    method, include the --fast-list option.
-
-There are pros and cons of using the ListR method, refer to rclone
-documentation. In general, the sync command over an existing deep tree
-on the remote will run faster with the "--fast-list" flag but with extra
-memory usage as a side effect. It might also result in higher CPU
-utilization but the whole task can be completed faster.
-
-Note: There is a known limitation that "lsf -R" will display number of
-files in the directory and directory size as -1 when ListR method is
-used. The workaround is to pass "--disable listR" flag if these numbers
-are important in the output.
+    If you see the error above after enabling multi-factor authentication for your account, you can fix it by refreshing your OAuth refresh token. To do that, run `rclone config`, and choose to edit your OneDrive backend. Then, you don't need to actually make any changes until you reach this question: `Already have a token - refresh?`. For this question, answer `y` and go through the process to refresh your token, just like the first time the backend is configured. After this, rclone should work again for this backend.
 
-Purge
+    ### Invalid request when making public links ####
 
-NetStorage remote supports the purge feature by using the "quick-delete"
-NetStorage API action. The quick-delete action is disabled by default
-for security reasons and can be enabled for the account through the
-Akamai portal. Rclone will first try to use quick-delete action for the
-purge command and if this functionality is disabled then will fall back
-to a standard delete method.
+    On Sharepoint and OneDrive for Business, `rclone link` may return an "Invalid
+    request" error. A possible cause is that the organisation admin didn't allow
+    public links to be made for the organisation/sharepoint library. To fix the
+    permissions as an admin, take a look at the docs:
+    [1](https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off),
+    [2](https://support.microsoft.com/en-us/office/set-up-and-manage-access-requests-94b26e0b-2822-49d4-929a-8455698654b3).
 
-Note: Read the NetStorage Usage API for considerations when using
-"quick-delete". In general, using quick-delete method will not delete
-the tree immediately and objects targeted for quick-delete may still be
-accessible.
+    ### Can not access `Shared` with me files
 
-Standard options
+    Shared with me files is not supported by rclone [currently](https://github.com/rclone/rclone/issues/4062), but there is a workaround:
 
-Here are the Standard options specific to netstorage (Akamai
-NetStorage).
+    1. Visit [https://onedrive.live.com](https://onedrive.live.com/)
+    2. Right click a item in `Shared`, then click `Add shortcut to My files` in the context
+        ![make_shortcut](https://user-images.githubusercontent.com/60313789/206118040-7e762b3b-aa61-41a1-8649-cc18889f3572.png "Screenshot (Shared with me)")
+    3. The shortcut will appear in `My files`, you can access it with rclone, it behaves like a normal folder/file.
+        ![in_my_files](https://i.imgur.com/0S8H3li.png "Screenshot (My Files)")
+        ![rclone_mount](https://i.imgur.com/2Iq66sW.png "Screenshot (rclone mount)")
 
---netstorage-host
+    ### Live Photos uploaded from iOS (small video clips in .heic files)
 
-Domain+path of NetStorage host to connect to.
+    The iOS OneDrive app introduced [upload and storage](https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/live-photos-come-to-onedrive/ba-p/1953452) 
+    of [Live Photos](https://support.apple.com/en-gb/HT207310) in 2020. 
+    The usage and download of these uploaded Live Photos is unfortunately still work-in-progress 
+    and this introduces several issues when copying, synchronising and mounting – both in rclone and in the native OneDrive client on Windows.
 
-Format should be <domain>/<internal folders>
+    The root cause can easily be seen if you locate one of your Live Photos in the OneDrive web interface. 
+    Then download the photo from the web interface. You will then see that the size of downloaded .heic file is smaller than the size displayed in the web interface. 
+    The downloaded file is smaller because it only contains a single frame (still photo) extracted from the Live Photo (movie) stored in OneDrive.
 
-Properties:
+    The different sizes will cause `rclone copy/sync` to repeatedly recopy unmodified photos something like this:
 
--   Config: host
--   Env Var: RCLONE_NETSTORAGE_HOST
--   Type: string
--   Required: true
+        DEBUG : 20230203_123826234_iOS.heic: Sizes differ (src 4470314 vs dst 1298667)
+        DEBUG : 20230203_123826234_iOS.heic: sha1 = fc2edde7863b7a7c93ca6771498ac797f8460750 OK
+        INFO  : 20230203_123826234_iOS.heic: Copied (replaced existing)
 
---netstorage-account
+    These recopies can be worked around by adding `--ignore-size`. Please note that this workaround only syncs the still-picture not the movie clip, 
+    and relies on modification dates being correctly updated on all files in all situations.
 
-Set the NetStorage account name
+    The different sizes will also cause `rclone check` to report size errors something like this:
 
-Properties:
+        ERROR : 20230203_123826234_iOS.heic: sizes differ
 
--   Config: account
--   Env Var: RCLONE_NETSTORAGE_ACCOUNT
--   Type: string
--   Required: true
+    These check errors can be suppressed by adding `--ignore-size`.
 
---netstorage-secret
+    The different sizes will also cause `rclone mount` to fail downloading with an error something like this:
 
-Set the NetStorage account secret/G2O key for authentication.
+        ERROR : 20230203_123826234_iOS.heic: ReadFileHandle.Read error: low level retry 1/10: unexpected EOF
 
-Please choose the 'y' option to set your own password then enter your
-secret.
+    or like this when using `--cache-mode=full`:
 
-NB Input to this must be obscured - see rclone obscure.
+        INFO  : 20230203_123826234_iOS.heic: vfs cache: downloader: error count now 1: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
+        ERROR : 20230203_123826234_iOS.heic: vfs cache: failed to download: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
 
-Properties:
+    #  OpenDrive
 
--   Config: secret
--   Env Var: RCLONE_NETSTORAGE_SECRET
--   Type: string
--   Required: true
+    Paths are specified as `remote:path`
 
-Advanced options
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-Here are the Advanced options specific to netstorage (Akamai
-NetStorage).
+    ## Configuration
 
---netstorage-protocol
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Select between HTTP or HTTPS protocol.
+         rclone config
 
-Most users should choose HTTPS, which is the default. HTTP is provided
-primarily for debugging purposes.
+    This will guide you through an interactive setup process:
 
-Properties:
+n)  New remote
+o)  Delete remote
+p)  Quit config e/n/d/q> n name> remote Type of storage to configure.
+    Choose a number from below, or type in your own value [snip] XX /
+    OpenDrive  "opendrive" [snip] Storage> opendrive Username username>
+    Password
+q)  Yes type in my own password
+r)  Generate random password y/g> y Enter the password: password:
+    Confirm the password: password: -------------------- [remote]
+    username = password = *** ENCRYPTED *** --------------------
+s)  Yes this is OK
+t)  Edit this remote
+u)  Delete this remote y/e/d> y
 
--   Config: protocol
--   Env Var: RCLONE_NETSTORAGE_PROTOCOL
--   Type: string
--   Default: "https"
--   Examples:
-    -   "http"
-        -   HTTP protocol
-    -   "https"
-        -   HTTPS protocol
 
-Backend commands
+    List directories in top level of your OpenDrive
 
-Here are the commands specific to the netstorage backend.
+        rclone lsd remote:
 
-Run them with
+    List all the files in your OpenDrive
 
-    rclone backend COMMAND remote:
+        rclone ls remote:
 
-The help below will explain what arguments each command takes.
+    To copy a local directory to an OpenDrive directory called backup
 
-See the backend command for more info on how to pass options and
-arguments.
+        rclone copy /home/source remote:backup
 
-These can be run on a running backend using the rc command
-backend/command.
+    ### Modification times and hashes
 
-du
+    OpenDrive allows modification times to be set on objects accurate to 1
+    second. These will be used to detect whether objects need syncing or
+    not.
 
-Return disk usage information for a specified directory
+    The MD5 hash algorithm is supported.
 
-    rclone backend du remote: [options] [<arguments>+]
+    ### Restricted filename characters
 
-The usage information returned, includes the targeted directory as well
-as all files stored in any sub-directories that may exist.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | NUL       | 0x00  | ␀           |
+    | /         | 0x2F  | ／          |
+    | "         | 0x22  | ＂          |
+    | *         | 0x2A  | ＊          |
+    | :         | 0x3A  | ：          |
+    | <         | 0x3C  | ＜          |
+    | >         | 0x3E  | ＞          |
+    | ?         | 0x3F  | ？          |
+    | \         | 0x5C  | ＼          |
+    | \|        | 0x7C  | ｜          |
 
-symlink
+    File names can also not begin or end with the following characters.
+    These only get replaced if they are the first or last character in the name:
 
-You can create a symbolic link in ObjectStore with the symlink action.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | SP        | 0x20  | ␠           |
+    | HT        | 0x09  | ␉           |
+    | LF        | 0x0A  | ␊           |
+    | VT        | 0x0B  | ␋           |
+    | CR        | 0x0D  | ␍           |
 
-    rclone backend symlink remote: [options] [<arguments>+]
 
-The desired path location (including applicable sub-directories) ending
-in the object that will be the target of the symlink (for example,
-/links/mylink). Include the file extension for the object, if
-applicable. rclone backend symlink <src> <path>
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-Microsoft Azure Blob Storage
 
-Paths are specified as remote:container (or remote: for the lsd
-command.) You may put subdirectories in too, e.g.
-remote:container/path/to/dir.
+    ### Standard options
 
-Configuration
+    Here are the Standard options specific to opendrive (OpenDrive).
 
-Here is an example of making a Microsoft Azure Blob Storage
-configuration. For a remote called remote. First run:
+    #### --opendrive-username
 
-     rclone config
+    Username.
 
-This will guide you through an interactive setup process:
+    Properties:
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Microsoft Azure Blob Storage
-       \ "azureblob"
-    [snip]
-    Storage> azureblob
-    Storage Account Name
-    account> account_name
-    Storage Account Key
-    key> base64encodedkey==
-    Endpoint for the service - leave blank normally.
-    endpoint> 
-    Remote config
-    --------------------
-    [remote]
-    account = account_name
-    key = base64encodedkey==
-    endpoint = 
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    - Config:      username
+    - Env Var:     RCLONE_OPENDRIVE_USERNAME
+    - Type:        string
+    - Required:    true
 
-See all containers
+    #### --opendrive-password
 
-    rclone lsd remote:
+    Password.
 
-Make a new container
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-    rclone mkdir remote:container
+    Properties:
 
-List the contents of a container
+    - Config:      password
+    - Env Var:     RCLONE_OPENDRIVE_PASSWORD
+    - Type:        string
+    - Required:    true
 
-    rclone ls remote:container
+    ### Advanced options
 
-Sync /home/local/directory to the remote container, deleting any excess
-files in the container.
+    Here are the Advanced options specific to opendrive (OpenDrive).
 
-    rclone sync --interactive /home/local/directory remote:container
+    #### --opendrive-encoding
 
---fast-list
+    The encoding for the backend.
 
-This remote supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details.
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Modified time
+    Properties:
 
-The modified time is stored as metadata on the object with the mtime
-key. It is stored using RFC3339 Format time with nanosecond precision.
-The metadata is supplied during directory listings so there is no
-performance overhead to using it.
+    - Config:      encoding
+    - Env Var:     RCLONE_OPENDRIVE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot
 
-If you wish to use the Azure standard LastModified time stored on the
-object as the modified time, then use the --use-server-modtime flag.
-Note that rclone can't set LastModified, so using the --update flag when
-syncing is recommended if using --use-server-modtime.
+    #### --opendrive-chunk-size
 
-Performance
+    Files will be uploaded in chunks this size.
 
-When uploading large files, increasing the value of
---azureblob-upload-concurrency will increase performance at the cost of
-using more memory. The default of 16 is set quite conservatively to use
-less memory. It maybe be necessary raise it to 64 or higher to fully
-utilize a 1 GBit/s link with a single file transfer.
+    Note that these chunks are buffered in memory so increasing them will
+    increase memory use.
 
-Restricted filename characters
+    Properties:
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    - Config:      chunk_size
+    - Env Var:     RCLONE_OPENDRIVE_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     10Mi
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  /            0x2F        ／
-  \            0x5C        ＼
 
-File names can also not end with the following characters. These only
-get replaced if they are the last character in the name:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  .            0x2E        ．
+    ## Limitations
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Note that OpenDrive is case insensitive so you can't have a
+    file called "Hello.doc" and one called "hello.doc".
 
-Hashes
+    There are quite a few characters that can't be in OpenDrive file
+    names.  These can't occur on Windows platforms, but on non-Windows
+    platforms they are common.  Rclone will map these names to and from an
+    identical looking unicode equivalent.  For example if a file has a `?`
+    in it will be mapped to `？` instead.
 
-MD5 hashes are stored with blobs. However blobs that were uploaded in
-chunks only have an MD5 if the source remote was capable of MD5 hashes,
-e.g. the local disk.
+    `rclone about` is not supported by the OpenDrive backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
 
-Authentication
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
-There are a number of ways of supplying credentials for Azure Blob
-Storage. Rclone tries them in the order of the sections below.
+    #  Oracle Object Storage
+    - [Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
+    - [Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
+    - [Oracle Object Storage Limits](https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/oci-object-storage-best-practices.pdf)
 
-Env Auth
+    Paths are specified as `remote:bucket` (or `remote:` for the `lsd` command.)  You may put subdirectories in 
+    too, e.g. `remote:bucket/path/to/dir`.
 
-If the env_auth config parameter is true then rclone will pull
-credentials from the environment or runtime.
+    Sample command to transfer local artifacts to remote:bucket in oracle object storage:
 
-It tries these authentication methods in this order:
+    `rclone -vvv  --progress --stats-one-line --max-stats-groups 10 --log-format date,time,UTC,longfile --fast-list --buffer-size 256Mi --oos-no-check-bucket --oos-upload-cutoff 10Mi --multi-thread-cutoff 16Mi --multi-thread-streams 3000 --transfers 3000 --checkers 64  --retries 2  --oos-chunk-size 10Mi --oos-upload-concurrency 10000  --oos-attempt-resume-upload --oos-leave-parts-on-error sync ./artifacts  remote:bucket -vv`
 
-1.  Environment Variables
-2.  Managed Service Identity Credentials
-3.  Azure CLI credentials (as used by the az tool)
+    ## Configuration
 
-These are described in the following sections
+    Here is an example of making an oracle object storage configuration. `rclone config` walks you 
+    through it.
 
-Env Auth: 1. Environment Variables
+    Here is an example of how to make a remote called `remote`.  First run:
 
-If env_auth is set and environment variables are present rclone
-authenticates a service principal with a secret or certificate, or a
-user with a password, depending on which environment variable are set.
-It reads configuration from these variables, in the following order:
+         rclone config
 
-1.  Service principal with client secret
-    -   AZURE_TENANT_ID: ID of the service principal's tenant. Also
-        called its "directory" ID.
-    -   AZURE_CLIENT_ID: the service principal's client ID
-    -   AZURE_CLIENT_SECRET: one of the service principal's client
-        secrets
-2.  Service principal with certificate
-    -   AZURE_TENANT_ID: ID of the service principal's tenant. Also
-        called its "directory" ID.
-    -   AZURE_CLIENT_ID: the service principal's client ID
-    -   AZURE_CLIENT_CERTIFICATE_PATH: path to a PEM or PKCS12
-        certificate file including the private key.
-    -   AZURE_CLIENT_CERTIFICATE_PASSWORD: (optional) password for the
-        certificate file.
-    -   AZURE_CLIENT_SEND_CERTIFICATE_CHAIN: (optional) Specifies
-        whether an authentication request will include an x5c header to
-        support subject name / issuer based authentication. When set to
-        "true" or "1", authentication requests include the x5c header.
-3.  User with username and password
-    -   AZURE_TENANT_ID: (optional) tenant to authenticate in. Defaults
-        to "organizations".
-    -   AZURE_CLIENT_ID: client ID of the application the user will
-        authenticate to
-    -   AZURE_USERNAME: a username (usually an email address)
-    -   AZURE_PASSWORD: the user's password
+    This will guide you through an interactive setup process:
 
-Env Auth: 2. Managed Service Identity Credentials
+n)  New remote
+o)  Delete remote
+p)  Rename remote
+q)  Copy remote
+r)  Set configuration password
+s)  Quit config e/n/d/r/c/s/q> n
 
-When using Managed Service Identity if the VM(SS) on which this program
-is running has a system-assigned identity, it will be used by default.
-If the resource has no system-assigned but exactly one user-assigned
-identity, the user-assigned identity will be used by default.
+Enter name for new remote. name> remote
 
-If the resource has multiple user-assigned identities you will need to
-unset env_auth and set use_msi instead. See the use_msi section.
+Option Storage. Type of storage to configure. Choose a number from
+below, or type in your own value. [snip] XX / Oracle Cloud
+Infrastructure Object Storage  (oracleobjectstorage) Storage>
+oracleobjectstorage
 
-Env Auth: 3. Azure CLI credentials (as used by the az tool)
+Option provider. Choose your Auth Provider Choose a number from below,
+or type in your own string value. Press Enter for the default
+(env_auth). 1 / automatically pickup the credentials from runtime(env),
+first one to provide auth wins  (env_auth) / use an OCI user and an API
+key for authentication. 2 | you’ll need to put in a config file your
+tenancy OCID, user OCID, region, the path, fingerprint to an API key. |
+https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
+ (user_principal_auth) / use instance principals to authorize an
+instance to make API calls. 3 | each instance has its own identity, and
+authenticates using the certificates that are read from instance
+metadata. |
+https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
+ (instance_principal_auth) 4 / use resource principals to make API calls
+ (resource_principal_auth) 5 / no credentials needed, this is typically
+for reading public buckets  (no_auth) provider> 2
 
-Credentials created with the az tool can be picked up using env_auth.
+Option namespace. Object storage namespace Enter a value. namespace>
+idbamagbg734
 
-For example if you were to login with a service principal like this:
+Option compartment. Object storage compartment OCID Enter a value.
+compartment>
+ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
 
-    az login --service-principal -u XXX -p XXX --tenant XXX
+Option region. Object storage Region Enter a value. region> us-ashburn-1
 
-Then you could access rclone resources like this:
+Option endpoint. Endpoint for Object storage API. Leave blank to use the
+default endpoint for the region. Enter a value. Press Enter to leave
+empty. endpoint>
 
-    rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER
+Option config_file. Full Path to OCI config file Choose a number from
+below, or type in your own string value. Press Enter for the default
+(~/.oci/config). 1 / oci configuration file location  (~/.oci/config)
+config_file> /etc/oci/dev.conf
 
-Or
+Option config_profile. Profile name inside OCI config file Choose a
+number from below, or type in your own string value. Press Enter for the
+default (Default). 1 / Use the default profile  (Default)
+config_profile> Test
 
-    rclone lsf --azureblob-env-auth --azureblob-acccount=ACCOUNT :azureblob:CONTAINER
+Edit advanced config? y) Yes n) No (default) y/n> n
 
-Which is analogous to using the az tool:
+Configuration complete. Options: - type: oracleobjectstorage -
+namespace: idbamagbg734 - compartment:
+ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
+- region: us-ashburn-1 - provider: user_principal_auth - config_file:
+/etc/oci/dev.conf - config_profile: Test Keep this "remote" remote? y)
+Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d> y
 
-    az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login
 
-Account and Shared Key
+    See all buckets
 
-This is the most straight forward and least flexible way. Just fill in
-the account and key lines and leave the rest blank.
+        rclone lsd remote:
 
-SAS URL
+    Create a new bucket
 
-This can be an account level SAS URL or container level SAS URL.
+        rclone mkdir remote:bucket
 
-To use it leave account and key blank and fill in sas_url.
+    List the contents of a bucket
 
-An account level SAS URL or container level SAS URL can be obtained from
-the Azure portal or the Azure Storage Explorer. To get a container level
-SAS URL right click on a container in the Azure Blob explorer in the
-Azure portal.
+        rclone ls remote:bucket
+        rclone ls remote:bucket --max-depth 1
 
-If you use a container level SAS URL, rclone operations are permitted
-only on a particular container, e.g.
+    ## Authentication Providers 
 
-    rclone ls azureblob:container
+    OCI has various authentication methods. To learn more about authentication methods please refer [oci authentication 
+    methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm) 
+    These choices can be specified in the rclone config file.
 
-You can also list the single container from the root. This will only
-show the container specified by the SAS URL.
+    Rclone supports the following OCI authentication provider.
 
-    $ rclone lsd azureblob:
-    container/
+        User Principal
+        Instance Principal
+        Resource Principal
+        No authentication
 
-Note that you can't see or access any other containers - this will fail
+    ### User Principal
 
-    rclone ls azureblob:othercontainer
+    Sample rclone config file for Authentication Provider User Principal:
 
-Container level SAS URLs are useful for temporarily allowing third
-parties access to a single container or putting credentials into an
-untrusted environment such as a CI build server.
+        [oos]
+        type = oracleobjectstorage
+        namespace = id<redacted>34
+        compartment = ocid1.compartment.oc1..aa<redacted>ba
+        region = us-ashburn-1
+        provider = user_principal_auth
+        config_file = /home/opc/.oci/config
+        config_profile = Default
 
-Service principal with client secret
+    Advantages:
+    - One can use this method from any server within OCI or on-premises or from other cloud provider.
 
-If these variables are set, rclone will authenticate with a service
-principal with a client secret.
+    Considerations:
+    - you need to configure user’s privileges / policy to allow access to object storage
+    - Overhead of managing users and keys.
+    - If the user is deleted, the config file will no longer work and may cause automation regressions that use the user's credentials.
 
--   tenant: ID of the service principal's tenant. Also called its
-    "directory" ID.
--   client_id: the service principal's client ID
--   client_secret: one of the service principal's client secrets
+    ###  Instance Principal
 
-The credentials can also be placed in a file using the
-service_principal_file configuration option.
+    An OCI compute instance can be authorized to use rclone by using it's identity and certificates as an instance principal. 
+    With this approach no credentials have to be stored and managed.
 
-Service principal with certificate
+    Sample rclone configuration file for Authentication Provider Instance Principal:
 
-If these variables are set, rclone will authenticate with a service
-principal with certificate.
+        [opc@rclone ~]$ cat ~/.config/rclone/rclone.conf
+        [oos]
+        type = oracleobjectstorage
+        namespace = id<redacted>fn
+        compartment = ocid1.compartment.oc1..aa<redacted>k7a
+        region = us-ashburn-1
+        provider = instance_principal_auth
 
--   tenant: ID of the service principal's tenant. Also called its
-    "directory" ID.
--   client_id: the service principal's client ID
--   client_certificate_path: path to a PEM or PKCS12 certificate file
-    including the private key.
--   client_certificate_password: (optional) password for the certificate
-    file.
--   client_send_certificate_chain: (optional) Specifies whether an
-    authentication request will include an x5c header to support subject
-    name / issuer based authentication. When set to "true" or "1",
-    authentication requests include the x5c header.
+    Advantages:
 
-NB client_certificate_password must be obscured - see rclone obscure.
+    - With instance principals, you don't need to configure user credentials and transfer/ save it to disk in your compute 
+      instances or rotate the credentials.
+    - You don’t need to deal with users and keys.
+    - Greatly helps in automation as you don't have to manage access keys, user private keys, storing them in vault, 
+      using kms etc.
 
-User with username and password
+    Considerations:
 
-If these variables are set, rclone will authenticate with username and
-password.
+    - You need to configure a dynamic group having this instance as member and add policy to read object storage to that 
+      dynamic group.
+    - Everyone who has access to this machine can execute the CLI commands.
+    - It is applicable for oci compute instances only. It cannot be used on external instance or resources.
 
--   tenant: (optional) tenant to authenticate in. Defaults to
-    "organizations".
--   client_id: client ID of the application the user will authenticate
-    to
--   username: a username (usually an email address)
--   password: the user's password
+    ### Resource Principal
 
-Microsoft doesn't recommend this kind of authentication, because it's
-less secure than other authentication flows. This method is not
-interactive, so it isn't compatible with any form of multi-factor
-authentication, and the application must already have user or admin
-consent. This credential can only authenticate work and school accounts;
-it can't authenticate Microsoft accounts.
+    Resource principal auth is very similar to instance principal auth but used for resources that are not 
+    compute instances such as [serverless functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm). 
+    To use resource principal ensure Rclone process is started with these environment variables set in its process.
 
-NB password must be obscured - see rclone obscure.
+        export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
+        export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
+        export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
+        export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token
 
-Managed Service Identity Credentials
+    Sample rclone configuration file for Authentication Provider Resource Principal:
 
-If use_msi is set then managed service identity credentials are used.
-This authentication only works when running in an Azure service.
-env_auth needs to be unset to use this.
+        [oos]
+        type = oracleobjectstorage
+        namespace = id<redacted>34
+        compartment = ocid1.compartment.oc1..aa<redacted>ba
+        region = us-ashburn-1
+        provider = resource_principal_auth
 
-However if you have multiple user identities to choose from these must
-be explicitly specified using exactly one of the msi_object_id,
-msi_client_id, or msi_mi_res_id parameters.
+    ### No authentication
 
-If none of msi_object_id, msi_client_id, or msi_mi_res_id is set, this
-is is equivalent to using env_auth.
+    Public buckets do not require any authentication mechanism to read objects.
+    Sample rclone configuration file for No authentication:
+        
+        [oos]
+        type = oracleobjectstorage
+        namespace = id<redacted>34
+        compartment = ocid1.compartment.oc1..aa<redacted>ba
+        region = us-ashburn-1
+        provider = no_auth
 
-Standard options
+    ### Modification times and hashes
 
-Here are the Standard options specific to azureblob (Microsoft Azure
-Blob Storage).
+    The modification time is stored as metadata on the object as
+    `opc-meta-mtime` as floating point since the epoch, accurate to 1 ns.
 
---azureblob-account
+    If the modification time needs to be updated rclone will attempt to perform a server
+    side copy to update the modification if the object can be copied in a single part.
+    In the case the object is larger than 5Gb, the object will be uploaded rather than copied.
 
-Azure Storage Account Name.
+    Note that reading this from the object takes an additional `HEAD` request as the metadata
+    isn't returned in object listings.
 
-Set this to the Azure Storage Account Name in use.
+    The MD5 hash algorithm is supported.
 
-Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
+    ### Multipart uploads
 
-If this is blank and if env_auth is set it will be read from the
-environment variable AZURE_STORAGE_ACCOUNT_NAME if possible.
+    rclone supports multipart uploads with OOS which means that it can
+    upload files bigger than 5 GiB.
 
-Properties:
+    Note that files uploaded *both* with multipart upload *and* through
+    crypt remotes do not have MD5 sums.
 
--   Config: account
--   Env Var: RCLONE_AZUREBLOB_ACCOUNT
--   Type: string
--   Required: false
+    rclone switches from single part uploads to multipart uploads at the
+    point specified by `--oos-upload-cutoff`.  This can be a maximum of 5 GiB
+    and a minimum of 0 (ie always upload multipart files).
 
---azureblob-env-auth
+    The chunk sizes used in the multipart upload are specified by
+    `--oos-chunk-size` and the number of chunks uploaded concurrently is
+    specified by `--oos-upload-concurrency`.
 
-Read credentials from runtime (environment variables, CLI or MSI).
+    Multipart uploads will use `--transfers` * `--oos-upload-concurrency` *
+    `--oos-chunk-size` extra memory.  Single part uploads to not use extra
+    memory.
 
-See the authentication docs for full info.
+    Single part transfers can be faster than multipart transfers or slower
+    depending on your latency from oos - the more latency, the more likely
+    single part transfers will be faster.
 
-Properties:
+    Increasing `--oos-upload-concurrency` will increase throughput (8 would
+    be a sensible value) and increasing `--oos-chunk-size` also increases
+    throughput (16M would be sensible).  Increasing either of these will
+    use more memory.  The default values are high enough to gain most of
+    the possible performance without using too much memory.
 
--   Config: env_auth
--   Env Var: RCLONE_AZUREBLOB_ENV_AUTH
--   Type: bool
--   Default: false
 
---azureblob-key
+    ### Standard options
 
-Storage Account Shared Key.
+    Here are the Standard options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
 
-Leave blank to use SAS URL or Emulator.
+    #### --oos-provider
 
-Properties:
+    Choose your Auth Provider
 
--   Config: key
--   Env Var: RCLONE_AZUREBLOB_KEY
--   Type: string
--   Required: false
+    Properties:
+
+    - Config:      provider
+    - Env Var:     RCLONE_OOS_PROVIDER
+    - Type:        string
+    - Default:     "env_auth"
+    - Examples:
+        - "env_auth"
+            - automatically pickup the credentials from runtime(env), first one to provide auth wins
+        - "user_principal_auth"
+            - use an OCI user and an API key for authentication.
+            - you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
+            - https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
+        - "instance_principal_auth"
+            - use instance principals to authorize an instance to make API calls. 
+            - each instance has its own identity, and authenticates using the certificates that are read from instance metadata. 
+            - https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
+        - "resource_principal_auth"
+            - use resource principals to make API calls
+        - "no_auth"
+            - no credentials needed, this is typically for reading public buckets
+
+    #### --oos-namespace
 
---azureblob-sas-url
+    Object storage namespace
 
-SAS URL for container level access only.
+    Properties:
 
-Leave blank if using account/key or Emulator.
+    - Config:      namespace
+    - Env Var:     RCLONE_OOS_NAMESPACE
+    - Type:        string
+    - Required:    true
 
-Properties:
+    #### --oos-compartment
 
--   Config: sas_url
--   Env Var: RCLONE_AZUREBLOB_SAS_URL
--   Type: string
--   Required: false
+    Object storage compartment OCID
 
---azureblob-tenant
+    Properties:
 
-ID of the service principal's tenant. Also called its directory ID.
+    - Config:      compartment
+    - Env Var:     RCLONE_OOS_COMPARTMENT
+    - Provider:    !no_auth
+    - Type:        string
+    - Required:    true
 
-Set this if using - Service principal with client secret - Service
-principal with certificate - User with username and password
+    #### --oos-region
 
-Properties:
+    Object storage Region
 
--   Config: tenant
--   Env Var: RCLONE_AZUREBLOB_TENANT
--   Type: string
--   Required: false
+    Properties:
 
---azureblob-client-id
+    - Config:      region
+    - Env Var:     RCLONE_OOS_REGION
+    - Type:        string
+    - Required:    true
 
-The ID of the client in use.
+    #### --oos-endpoint
 
-Set this if using - Service principal with client secret - Service
-principal with certificate - User with username and password
+    Endpoint for Object storage API.
 
-Properties:
+    Leave blank to use the default endpoint for the region.
 
--   Config: client_id
--   Env Var: RCLONE_AZUREBLOB_CLIENT_ID
--   Type: string
--   Required: false
+    Properties:
 
---azureblob-client-secret
+    - Config:      endpoint
+    - Env Var:     RCLONE_OOS_ENDPOINT
+    - Type:        string
+    - Required:    false
 
-One of the service principal's client secrets
+    #### --oos-config-file
 
-Set this if using - Service principal with client secret
+    Path to OCI config file
 
-Properties:
+    Properties:
 
--   Config: client_secret
--   Env Var: RCLONE_AZUREBLOB_CLIENT_SECRET
--   Type: string
--   Required: false
+    - Config:      config_file
+    - Env Var:     RCLONE_OOS_CONFIG_FILE
+    - Provider:    user_principal_auth
+    - Type:        string
+    - Default:     "~/.oci/config"
+    - Examples:
+        - "~/.oci/config"
+            - oci configuration file location
 
---azureblob-client-certificate-path
+    #### --oos-config-profile
 
-Path to a PEM or PKCS12 certificate file including the private key.
+    Profile name inside the oci config file
 
-Set this if using - Service principal with certificate
+    Properties:
 
-Properties:
+    - Config:      config_profile
+    - Env Var:     RCLONE_OOS_CONFIG_PROFILE
+    - Provider:    user_principal_auth
+    - Type:        string
+    - Default:     "Default"
+    - Examples:
+        - "Default"
+            - Use the default profile
 
--   Config: client_certificate_path
--   Env Var: RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH
--   Type: string
--   Required: false
+    ### Advanced options
 
---azureblob-client-certificate-password
+    Here are the Advanced options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
 
-Password for the certificate file (optional).
+    #### --oos-storage-tier
 
-Optionally set this if using - Service principal with certificate
+    The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm
 
-And the certificate has a password.
+    Properties:
 
-NB Input to this must be obscured - see rclone obscure.
+    - Config:      storage_tier
+    - Env Var:     RCLONE_OOS_STORAGE_TIER
+    - Type:        string
+    - Default:     "Standard"
+    - Examples:
+        - "Standard"
+            - Standard storage tier, this is the default tier
+        - "InfrequentAccess"
+            - InfrequentAccess storage tier
+        - "Archive"
+            - Archive storage tier
 
-Properties:
+    #### --oos-upload-cutoff
 
--   Config: client_certificate_password
--   Env Var: RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD
--   Type: string
--   Required: false
+    Cutoff for switching to chunked upload.
 
-Advanced options
+    Any files larger than this will be uploaded in chunks of chunk_size.
+    The minimum is 0 and the maximum is 5 GiB.
 
-Here are the Advanced options specific to azureblob (Microsoft Azure
-Blob Storage).
+    Properties:
 
---azureblob-client-send-certificate-chain
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_OOS_UPLOAD_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     200Mi
 
-Send the certificate chain when using certificate auth.
+    #### --oos-chunk-size
 
-Specifies whether an authentication request will include an x5c header
-to support subject name / issuer based authentication. When set to true,
-authentication requests include the x5c header.
+    Chunk size to use for uploading.
 
-Optionally set this if using - Service principal with certificate
+    When uploading files larger than upload_cutoff or files with unknown
+    size (e.g. from "rclone rcat" or uploaded with "rclone mount" they will be uploaded 
+    as multipart uploads using this chunk size.
 
-Properties:
+    Note that "upload_concurrency" chunks of this size are buffered
+    in memory per transfer.
 
--   Config: client_send_certificate_chain
--   Env Var: RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN
--   Type: bool
--   Default: false
+    If you are transferring large files over high-speed links and you have
+    enough memory, then increasing this will speed up the transfers.
 
---azureblob-username
+    Rclone will automatically increase the chunk size when uploading a
+    large file of known size to stay below the 10,000 chunks limit.
 
-User name (usually an email address)
+    Files of unknown size are uploaded with the configured
+    chunk_size. Since the default chunk size is 5 MiB and there can be at
+    most 10,000 chunks, this means that by default the maximum size of
+    a file you can stream upload is 48 GiB.  If you wish to stream upload
+    larger files then you will need to increase chunk_size.
 
-Set this if using - User with username and password
+    Increasing the chunk size decreases the accuracy of the progress
+    statistics displayed with "-P" flag.
 
-Properties:
 
--   Config: username
--   Env Var: RCLONE_AZUREBLOB_USERNAME
--   Type: string
--   Required: false
+    Properties:
 
---azureblob-password
+    - Config:      chunk_size
+    - Env Var:     RCLONE_OOS_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     5Mi
 
-The user's password
+    #### --oos-max-upload-parts
 
-Set this if using - User with username and password
+    Maximum number of parts in a multipart upload.
 
-NB Input to this must be obscured - see rclone obscure.
+    This option defines the maximum number of multipart chunks to use
+    when doing a multipart upload.
 
-Properties:
+    OCI has max parts limit of 10,000 chunks.
 
--   Config: password
--   Env Var: RCLONE_AZUREBLOB_PASSWORD
--   Type: string
--   Required: false
+    Rclone will automatically increase the chunk size when uploading a
+    large file of a known size to stay below this number of chunks limit.
 
---azureblob-service-principal-file
 
-Path to file containing credentials for use with a service principal.
+    Properties:
 
-Leave blank normally. Needed only if you want to use a service principal
-instead of interactive login.
+    - Config:      max_upload_parts
+    - Env Var:     RCLONE_OOS_MAX_UPLOAD_PARTS
+    - Type:        int
+    - Default:     10000
 
-    $ az ad sp create-for-rbac --name "<name>" \
-      --role "Storage Blob Data Owner" \
-      --scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
-      > azure-principal.json
+    #### --oos-upload-concurrency
 
-See "Create an Azure service principal" and "Assign an Azure role for
-access to blob data" pages for more details.
+    Concurrency for multipart uploads.
 
-It may be more convenient to put the credentials directly into the
-rclone config file under the client_id, tenant and client_secret keys
-instead of setting service_principal_file.
+    This is the number of chunks of the same file that are uploaded
+    concurrently.
 
-Properties:
+    If you are uploading small numbers of large files over high-speed links
+    and these uploads do not fully utilize your bandwidth, then increasing
+    this may help to speed up the transfers.
 
--   Config: service_principal_file
--   Env Var: RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE
--   Type: string
--   Required: false
+    Properties:
 
---azureblob-use-msi
+    - Config:      upload_concurrency
+    - Env Var:     RCLONE_OOS_UPLOAD_CONCURRENCY
+    - Type:        int
+    - Default:     10
 
-Use a managed service identity to authenticate (only works in Azure).
+    #### --oos-copy-cutoff
 
-When true, use a managed service identity to authenticate to Azure
-Storage instead of a SAS token or account key.
+    Cutoff for switching to multipart copy.
 
-If the VM(SS) on which this program is running has a system-assigned
-identity, it will be used by default. If the resource has no
-system-assigned but exactly one user-assigned identity, the
-user-assigned identity will be used by default. If the resource has
-multiple user-assigned identities, the identity to use must be
-explicitly specified using exactly one of the msi_object_id,
-msi_client_id, or msi_mi_res_id parameters.
+    Any files larger than this that need to be server-side copied will be
+    copied in chunks of this size.
 
-Properties:
+    The minimum is 0 and the maximum is 5 GiB.
 
--   Config: use_msi
--   Env Var: RCLONE_AZUREBLOB_USE_MSI
--   Type: bool
--   Default: false
+    Properties:
 
---azureblob-msi-object-id
+    - Config:      copy_cutoff
+    - Env Var:     RCLONE_OOS_COPY_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     4.656Gi
 
-Object ID of the user-assigned MSI to use, if any.
+    #### --oos-copy-timeout
 
-Leave blank if msi_client_id or msi_mi_res_id specified.
+    Timeout for copy.
 
-Properties:
+    Copy is an asynchronous operation, specify timeout to wait for copy to succeed
 
--   Config: msi_object_id
--   Env Var: RCLONE_AZUREBLOB_MSI_OBJECT_ID
--   Type: string
--   Required: false
 
---azureblob-msi-client-id
+    Properties:
 
-Object ID of the user-assigned MSI to use, if any.
+    - Config:      copy_timeout
+    - Env Var:     RCLONE_OOS_COPY_TIMEOUT
+    - Type:        Duration
+    - Default:     1m0s
 
-Leave blank if msi_object_id or msi_mi_res_id specified.
+    #### --oos-disable-checksum
 
-Properties:
+    Don't store MD5 checksum with object metadata.
 
--   Config: msi_client_id
--   Env Var: RCLONE_AZUREBLOB_MSI_CLIENT_ID
--   Type: string
--   Required: false
+    Normally rclone will calculate the MD5 checksum of the input before
+    uploading it so it can add it to metadata on the object. This is great
+    for data integrity checking but can cause long delays for large files
+    to start uploading.
 
---azureblob-msi-mi-res-id
+    Properties:
 
-Azure resource ID of the user-assigned MSI to use, if any.
+    - Config:      disable_checksum
+    - Env Var:     RCLONE_OOS_DISABLE_CHECKSUM
+    - Type:        bool
+    - Default:     false
 
-Leave blank if msi_client_id or msi_object_id specified.
+    #### --oos-encoding
 
-Properties:
+    The encoding for the backend.
 
--   Config: msi_mi_res_id
--   Env Var: RCLONE_AZUREBLOB_MSI_MI_RES_ID
--   Type: string
--   Required: false
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
---azureblob-use-emulator
+    Properties:
 
-Uses local storage emulator if provided as 'true'.
+    - Config:      encoding
+    - Env Var:     RCLONE_OOS_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,InvalidUtf8,Dot
 
-Leave blank if using real azure storage endpoint.
+    #### --oos-leave-parts-on-error
 
-Properties:
+    If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
 
--   Config: use_emulator
--   Env Var: RCLONE_AZUREBLOB_USE_EMULATOR
--   Type: bool
--   Default: false
+    It should be set to true for resuming uploads across different sessions.
 
---azureblob-endpoint
+    WARNING: Storing parts of an incomplete multipart upload counts towards space usage on object storage and will add
+    additional costs if not cleaned up.
 
-Endpoint for the service.
 
-Leave blank normally.
+    Properties:
 
-Properties:
+    - Config:      leave_parts_on_error
+    - Env Var:     RCLONE_OOS_LEAVE_PARTS_ON_ERROR
+    - Type:        bool
+    - Default:     false
 
--   Config: endpoint
--   Env Var: RCLONE_AZUREBLOB_ENDPOINT
--   Type: string
--   Required: false
+    #### --oos-attempt-resume-upload
 
---azureblob-upload-cutoff
+    If true attempt to resume previously started multipart upload for the object.
+    This will be helpful to speed up multipart transfers by resuming uploads from past session.
 
-Cutoff for switching to chunked upload (<= 256 MiB) (deprecated).
+    WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is 
+    aborted and a new multipart upload is started with the new chunk size.
 
-Properties:
+    The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
 
--   Config: upload_cutoff
--   Env Var: RCLONE_AZUREBLOB_UPLOAD_CUTOFF
--   Type: string
--   Required: false
 
---azureblob-chunk-size
+    Properties:
 
-Upload chunk size.
+    - Config:      attempt_resume_upload
+    - Env Var:     RCLONE_OOS_ATTEMPT_RESUME_UPLOAD
+    - Type:        bool
+    - Default:     false
 
-Note that this is stored in memory and there may be up to "--transfers"
-* "--azureblob-upload-concurrency" chunks stored at once in memory.
+    #### --oos-no-check-bucket
 
-Properties:
+    If set, don't attempt to check the bucket exists or create it.
 
--   Config: chunk_size
--   Env Var: RCLONE_AZUREBLOB_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 4Mi
+    This can be useful when trying to minimise the number of transactions
+    rclone does if you know the bucket exists already.
 
---azureblob-upload-concurrency
+    It can also be needed if the user you are using does not have bucket
+    creation permissions.
 
-Concurrency for multipart uploads.
 
-This is the number of chunks of the same file that are uploaded
-concurrently.
+    Properties:
 
-If you are uploading small numbers of large files over high-speed links
-and these uploads do not fully utilize your bandwidth, then increasing
-this may help to speed up the transfers.
+    - Config:      no_check_bucket
+    - Env Var:     RCLONE_OOS_NO_CHECK_BUCKET
+    - Type:        bool
+    - Default:     false
 
-In tests, upload speed increases almost linearly with upload
-concurrency. For example to fill a gigabit pipe it may be necessary to
-raise this to 64. Note that this will use more memory.
+    #### --oos-sse-customer-key-file
 
-Note that chunks are stored in memory and there may be up to
-"--transfers" * "--azureblob-upload-concurrency" chunks stored at once
-in memory.
+    To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+    with the object. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.'
 
-Properties:
+    Properties:
 
--   Config: upload_concurrency
--   Env Var: RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY
--   Type: int
--   Default: 16
+    - Config:      sse_customer_key_file
+    - Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY_FILE
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - None
 
---azureblob-list-chunk
+    #### --oos-sse-customer-key
 
-Size of blob list.
+    To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+    encrypt or  decrypt the data. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is
+    needed. For more information, see Using Your Own Keys for Server-Side Encryption 
+    (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm)
 
-This sets the number of blobs requested in each listing chunk. Default
-is the maximum, 5000. "List blobs" requests are permitted 2 minutes per
-megabyte to complete. If an operation is taking longer than 2 minutes
-per megabyte on average, it will time out ( source ). This can be used
-to limit the number of blobs items to return, to avoid the time out.
+    Properties:
 
-Properties:
+    - Config:      sse_customer_key
+    - Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - None
 
--   Config: list_chunk
--   Env Var: RCLONE_AZUREBLOB_LIST_CHUNK
--   Type: int
--   Default: 5000
+    #### --oos-sse-customer-key-sha256
 
---azureblob-access-tier
+    If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+    key. This value is used to check the integrity of the encryption key. see Using Your Own Keys for 
+    Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
 
-Access tier of blob: hot, cool or archive.
+    Properties:
 
-Archived blobs can be restored by setting access tier to hot or cool.
-Leave blank if you intend to use default access tier, which is set at
-account level
+    - Config:      sse_customer_key_sha256
+    - Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - None
 
-If there is no "access tier" specified, rclone doesn't apply any tier.
-rclone performs "Set Tier" operation on blobs while uploading, if
-objects are not modified, specifying "access tier" to new one will have
-no effect. If blobs are in "archive tier" at remote, trying to perform
-data transfer operations from remote will not be allowed. User should
-first restore by tiering blob to "Hot" or "Cool".
+    #### --oos-sse-kms-key-id
 
-Properties:
+    if using your own master key in vault, this header specifies the
+    OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
+    the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
+    Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
 
--   Config: access_tier
--   Env Var: RCLONE_AZUREBLOB_ACCESS_TIER
--   Type: string
--   Required: false
+    Properties:
 
---azureblob-archive-tier-delete
+    - Config:      sse_kms_key_id
+    - Env Var:     RCLONE_OOS_SSE_KMS_KEY_ID
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - None
 
-Delete archive tier blobs before overwriting.
+    #### --oos-sse-customer-algorithm
 
-Archive tier blobs cannot be updated. So without this flag, if you
-attempt to update an archive tier blob, then rclone will produce the
-error:
+    If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm.
+    Object Storage supports "AES256" as the encryption algorithm. For more information, see
+    Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
 
-    can't update archive tier blob without --azureblob-archive-tier-delete
+    Properties:
 
-With this flag set then before rclone attempts to overwrite an archive
-tier blob, it will delete the existing blob before uploading its
-replacement. This has the potential for data loss if the upload fails
-(unlike updating a normal blob) and also may cost more since deleting
-archive tier blobs early may be chargable.
+    - Config:      sse_customer_algorithm
+    - Env Var:     RCLONE_OOS_SSE_CUSTOMER_ALGORITHM
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - None
+        - "AES256"
+            - AES256
 
-Properties:
+    ## Backend commands
 
--   Config: archive_tier_delete
--   Env Var: RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE
--   Type: bool
--   Default: false
+    Here are the commands specific to the oracleobjectstorage backend.
 
---azureblob-disable-checksum
+    Run them with
 
-Don't store MD5 checksum with object metadata.
+        rclone backend COMMAND remote:
 
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can add it to metadata on the object. This is great
-for data integrity checking but can cause long delays for large files to
-start uploading.
+    The help below will explain what arguments each command takes.
 
-Properties:
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
 
--   Config: disable_checksum
--   Env Var: RCLONE_AZUREBLOB_DISABLE_CHECKSUM
--   Type: bool
--   Default: false
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
 
---azureblob-memory-pool-flush-time
+    ### rename
 
-How often internal memory buffer pools will be flushed.
+    change the name of an object
 
-Uploads which requires additional buffers (f.e multipart) will use
-memory pool for allocations. This option controls how often unused
-buffers will be removed from the pool.
+        rclone backend rename remote: [options] [<arguments>+]
 
-Properties:
+    This command can be used to rename a object.
 
--   Config: memory_pool_flush_time
--   Env Var: RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME
--   Type: Duration
--   Default: 1m0s
+    Usage Examples:
 
---azureblob-memory-pool-use-mmap
+        rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name
 
-Whether to use mmap buffers in internal memory pool.
 
-Properties:
+    ### list-multipart-uploads
 
--   Config: memory_pool_use_mmap
--   Env Var: RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP
--   Type: bool
--   Default: false
+    List the unfinished multipart uploads
 
---azureblob-encoding
+        rclone backend list-multipart-uploads remote: [options] [<arguments>+]
 
-The encoding for the backend.
+    This command lists the unfinished multipart uploads in JSON format.
 
-See the encoding section in the overview for more info.
+        rclone backend list-multipart-uploads oos:bucket/path/to/object
 
-Properties:
+    It returns a dictionary of buckets with values as lists of unfinished
+    multipart uploads.
 
--   Config: encoding
--   Env Var: RCLONE_AZUREBLOB_ENCODING
--   Type: MultiEncoder
--   Default: Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
+    You can call it with no bucket in which case it lists all bucket, with
+    a bucket or with a bucket and path.
 
---azureblob-public-access
+        {
+          "test-bucket": [
+                    {
+                            "namespace": "test-namespace",
+                            "bucket": "test-bucket",
+                            "object": "600m.bin",
+                            "uploadId": "51dd8114-52a4-b2f2-c42f-5291f05eb3c8",
+                            "timeCreated": "2022-07-29T06:21:16.595Z",
+                            "storageTier": "Standard"
+                    }
+            ]
 
-Public access level of a container: blob or container.
 
-Properties:
+    ### cleanup
 
--   Config: public_access
--   Env Var: RCLONE_AZUREBLOB_PUBLIC_ACCESS
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   The container and its blobs can be accessed only with an
-            authorized request.
-        -   It's a default value.
-    -   "blob"
-        -   Blob data within this container can be read via anonymous
-            request.
-    -   "container"
-        -   Allow full public read access for container and blob data.
+    Remove unfinished multipart uploads.
 
---azureblob-no-check-container
+        rclone backend cleanup remote: [options] [<arguments>+]
 
-If set, don't attempt to check the container exists or create it.
+    This command removes unfinished multipart uploads of age greater than
+    max-age which defaults to 24 hours.
 
-This can be useful when trying to minimise the number of transactions
-rclone does if you know the container exists already.
+    Note that you can use --interactive/-i or --dry-run with this command to see what
+    it would do.
 
-Properties:
+        rclone backend cleanup oos:bucket/path/to/object
+        rclone backend cleanup -o max-age=7w oos:bucket/path/to/object
 
--   Config: no_check_container
--   Env Var: RCLONE_AZUREBLOB_NO_CHECK_CONTAINER
--   Type: bool
--   Default: false
+    Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
 
---azureblob-no-head-object
 
-If set, do not do HEAD before GET when getting objects.
+    Options:
 
-Properties:
+    - "max-age": Max age of upload to delete
 
--   Config: no_head_object
--   Env Var: RCLONE_AZUREBLOB_NO_HEAD_OBJECT
--   Type: bool
--   Default: false
 
-Custom upload headers
 
-You can set custom upload headers with the --header-upload flag.
+    ## Tutorials
+    ### [Mounting Buckets](https://rclone.org/oracleobjectstorage/tutorial_mount/)
 
--   Cache-Control
--   Content-Disposition
--   Content-Encoding
--   Content-Language
--   Content-Type
+    #  QingStor
 
-Eg --header-upload "Content-Type: text/potato"
+    Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
+    command.)  You may put subdirectories in too, e.g. `remote:bucket/path/to/dir`.
 
-Limitations
+    ## Configuration
 
-MD5 sums are only uploaded with chunked files if the source has an MD5
-sum. This will always be the case for a local to azure copy.
+    Here is an example of making an QingStor configuration.  First run
 
-rclone about is not supported by the Microsoft Azure Blob storage
-backend. Backends without this capability cannot determine free space
-for an rclone mount or use policy mfs (most free space) as a member of
-an rclone union remote.
+        rclone config
 
-See List of backends that do not support rclone about and rclone about
+    This will guide you through an interactive setup process.
 
-Azure Storage Emulator Support
+No remotes found, make a new one? n) New remote r) Rename remote c) Copy
+remote s) Set configuration password q) Quit config n/r/c/s/q> n name>
+remote Type of storage to configure. Choose a number from below, or type
+in your own value [snip] XX / QingStor Object Storage  "qingstor" [snip]
+Storage> qingstor Get QingStor credentials from runtime. Only applies if
+access_key_id and secret_access_key is blank. Choose a number from
+below, or type in your own value 1 / Enter QingStor credentials in the
+next step  "false" 2 / Get QingStor credentials from the environment
+(env vars or IAM)  "true" env_auth> 1 QingStor Access Key ID - leave
+blank for anonymous access or runtime credentials. access_key_id>
+access_key QingStor Secret Access Key (password) - leave blank for
+anonymous access or runtime credentials. secret_access_key> secret_key
+Enter an endpoint URL to connection QingStor API. Leave blank will use
+the default value "https://qingstor.com:443" endpoint> Zone connect to.
+Default is "pek3a". Choose a number from below, or type in your own
+value / The Beijing (China) Three Zone 1 | Needs location constraint
+pek3a.  "pek3a" / The Shanghai (China) First Zone 2 | Needs location
+constraint sh1a.  "sh1a" zone> 1 Number of connection retry. Leave blank
+will use the default value "3". connection_retries> Remote config
+-------------------- [remote] env_auth = false access_key_id =
+access_key secret_access_key = secret_key endpoint = zone = pek3a
+connection_retries = -------------------- y) Yes this is OK e) Edit this
+remote d) Delete this remote y/e/d> y
 
-You can run rclone with the storage emulator (usually azurite).
 
-To do this, just set up a new remote with rclone config following the
-instructions in the introduction and set use_emulator in the advanced
-settings as true. You do not need to provide a default account name nor
-an account key. But you can override them in the account and key
-options. (Prior to v1.61 they were hard coded to azurite's
-devstoreaccount1.)
+    This remote is called `remote` and can now be used like this
 
-Also, if you want to access a storage emulator instance running on a
-different machine, you can override the endpoint parameter in the
-advanced settings, setting it to
-http(s)://<host>:<port>/devstoreaccount1 (e.g.
-http://10.254.2.5:10000/devstoreaccount1).
+    See all buckets
 
-Microsoft OneDrive
+        rclone lsd remote:
 
-Paths are specified as remote:path
+    Make a new bucket
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+        rclone mkdir remote:bucket
 
-Configuration
+    List the contents of a bucket
 
-The initial setup for OneDrive involves getting a token from Microsoft
-which you need to do in your browser. rclone config walks you through
-it.
+        rclone ls remote:bucket
 
-Here is an example of how to make a remote called remote. First run:
+    Sync `/home/local/directory` to the remote bucket, deleting any excess
+    files in the bucket.
 
-     rclone config
+        rclone sync --interactive /home/local/directory remote:bucket
 
-This will guide you through an interactive setup process:
+    ### --fast-list
 
-    e) Edit existing remote
-    n) New remote
-    d) Delete remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    e/n/d/r/c/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Microsoft OneDrive
-       \ "onedrive"
-    [snip]
-    Storage> onedrive
-    Microsoft App Client Id
-    Leave blank normally.
-    Enter a string value. Press Enter for the default ("").
-    client_id>
-    Microsoft App Client Secret
-    Leave blank normally.
-    Enter a string value. Press Enter for the default ("").
-    client_secret>
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No
-    y/n> n
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    Choose a number from below, or type in an existing value
-     1 / OneDrive Personal or Business
-       \ "onedrive"
-     2 / Sharepoint site
-       \ "sharepoint"
-     3 / Type in driveID
-       \ "driveid"
-     4 / Type in SiteID
-       \ "siteid"
-     5 / Search a Sharepoint site
-       \ "search"
-    Your choice> 1
-    Found 1 drives, please select the one you want to use:
-    0: OneDrive (business) id=b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
-    Chose drive to use:> 0
-    Found drive 'root' of type 'business', URL: https://org-my.sharepoint.com/personal/you/Documents
-    Is that okay?
-    y) Yes
-    n) No
-    y/n> y
-    --------------------
-    [remote]
-    type = onedrive
-    token = {"access_token":"youraccesstoken","token_type":"Bearer","refresh_token":"yourrefreshtoken","expiry":"2018-08-26T22:39:52.486512262+08:00"}
-    drive_id = b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
-    drive_type = business
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    This remote supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+    ### Multipart uploads
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Microsoft. This only runs from the moment it
-opens your browser to the moment you get back the verification code.
-This is on http://127.0.0.1:53682/ and this it may require you to
-unblock it temporarily if you are running a host firewall.
+    rclone supports multipart uploads with QingStor which means that it can
+    upload files bigger than 5 GiB. Note that files uploaded with multipart
+    upload don't have an MD5SUM.
 
-Once configured you can then use rclone like this,
+    Note that incomplete multipart uploads older than 24 hours can be
+    removed with `rclone cleanup remote:bucket` just for one bucket
+    `rclone cleanup remote:` for all buckets. QingStor does not ever
+    remove incomplete multipart uploads so it may be necessary to run this
+    from time to time.
 
-List directories in top level of your OneDrive
+    ### Buckets and Zone
 
-    rclone lsd remote:
+    With QingStor you can list buckets (`rclone lsd`) using any zone,
+    but you can only access the content of a bucket from the zone it was
+    created in.  If you attempt to access a bucket from the wrong zone,
+    you will get an error, `incorrect zone, the bucket is not in 'XXX'
+    zone`.
 
-List all the files in your OneDrive
+    ### Authentication
 
-    rclone ls remote:
+    There are two ways to supply `rclone` with a set of QingStor
+    credentials. In order of precedence:
 
-To copy a local directory to an OneDrive directory called backup
+     - Directly in the rclone configuration file (as configured by `rclone config`)
+       - set `access_key_id` and `secret_access_key`
+     - Runtime configuration:
+       - set `env_auth` to `true` in the config file
+       - Exporting the following environment variables before running `rclone`
+         - Access Key ID: `QS_ACCESS_KEY_ID` or `QS_ACCESS_KEY`
+         - Secret Access Key: `QS_SECRET_ACCESS_KEY` or `QS_SECRET_KEY`
 
-    rclone copy /home/source remote:backup
+    ### Restricted filename characters
 
-Getting your own Client ID and Key
-
-rclone uses a default Client ID when talking to OneDrive, unless a
-custom client_id is specified in the config. The default Client ID and
-Key are shared by all rclone users when performing requests.
-
-You may choose to create and use your own Client ID, in case the default
-one does not work well for you. For example, you might see throttling.
-
-Creating Client ID for OneDrive Personal
-
-To create your own Client ID, please follow these steps:
-
-1.  Open
-    https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
-    and then click New registration.
-2.  Enter a name for your app, choose account type
-    Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox),
-    select Web in Redirect URI, then type (do not copy and paste)
-    http://localhost:53682/ and click Register. Copy and keep the
-    Application (client) ID under the app name for later use.
-3.  Under manage select Certificates & secrets, click New client secret.
-    Enter a description (can be anything) and set Expires to 24 months.
-    Copy and keep that secret Value for later use (you won't be able to
-    see this value afterwards).
-4.  Under manage select API permissions, click Add a permission and
-    select Microsoft Graph then select delegated permissions.
-5.  Search and select the following permissions: Files.Read,
-    Files.ReadWrite, Files.Read.All, Files.ReadWrite.All,
-    offline_access, User.Read and Sites.Read.All (if custom access
-    scopes are configured, select the permissions accordingly). Once
-    selected click Add permissions at the bottom.
-
-Now the application is complete. Run rclone config to create or edit a
-OneDrive remote. Supply the app ID and password as Client ID and Secret,
-respectively. rclone will walk you through the remaining steps.
-
-The access_scopes option allows you to configure the permissions
-requested by rclone. See Microsoft Docs for more information about the
-different scopes.
-
-The Sites.Read.All permission is required if you need to search
-SharePoint sites when configuring the remote. However, if that
-permission is not assigned, you need to exclude Sites.Read.All from your
-access scopes or set disable_site_permission option to true in the
-advanced options.
-
-Creating Client ID for OneDrive Business
-
-The steps for OneDrive Personal may or may not work for OneDrive
-Business, depending on the security settings of the organization. A
-common error is that the publisher of the App is not verified.
-
-You may try to verify you account, or try to limit the App to your
-organization only, as shown below.
-
-1.  Make sure to create the App with your business account.
-2.  Follow the steps above to create an App. However, we need a
-    different account type here:
-    Accounts in this organizational directory only (*** - Single tenant).
-    Note that you can also change the account type after creating the
-    App.
-3.  Find the tenant ID of your organization.
-4.  In the rclone config, set auth_url to
-    https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/authorize.
-5.  In the rclone config, set token_url to
-    https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token.
-
-Note: If you have a special region, you may need a different host in
-step 4 and 5. Here are some hints.
-
-Modification time and hashes
-
-OneDrive allows modification times to be set on objects accurate to 1
-second. These will be used to detect whether objects need syncing or
-not.
-
-OneDrive Personal, OneDrive for Business and Sharepoint Server support
-QuickXorHash.
-
-Before rclone 1.62 the default hash for Onedrive Personal was SHA1. For
-rclone 1.62 and above the default for all Onedrive backends is
-QuickXorHash.
-
-Starting from July 2023 SHA1 support is being phased out in Onedrive
-Personal in favour of QuickXorHash. If necessary the
---onedrive-hash-type flag (or hash_type config option) can be used to
-select SHA1 during the transition period if this is important your
-workflow.
-
-For all types of OneDrive you can use the --checksum flag.
+    The control characters 0x00-0x1F and / are replaced as in the [default
+    restricted characters set](https://rclone.org/overview/#restricted-characters).  Note
+    that 0x7F is not replaced.
 
-Restricted filename characters
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-In addition to the default restricted characters set the following
-characters are also replaced:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  "            0x22        ＂
-  *            0x2A        ＊
-  :            0x3A        ：
-  <            0x3C        ＜
-  >            0x3E        ＞
-  ?            0x3F        ？
-  \            0x5C        ＼
-  |            0x7C        ｜
+    ### Standard options
 
-File names can also not end with the following characters. These only
-get replaced if they are the last character in the name:
+    Here are the Standard options specific to qingstor (QingCloud Object Storage).
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  SP           0x20         ␠
-  .            0x2E        ．
+    #### --qingstor-env-auth
 
-File names can also not begin with the following characters. These only
-get replaced if they are the first character in the name:
+    Get QingStor credentials from runtime.
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  SP           0x20         ␠
-  ~            0x7E        ～
+    Only applies if access_key_id and secret_access_key is blank.
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Properties:
 
-Deleting files
+    - Config:      env_auth
+    - Env Var:     RCLONE_QINGSTOR_ENV_AUTH
+    - Type:        bool
+    - Default:     false
+    - Examples:
+        - "false"
+            - Enter QingStor credentials in the next step.
+        - "true"
+            - Get QingStor credentials from the environment (env vars or IAM).
 
-Any files you delete with rclone will end up in the trash. Microsoft
-doesn't provide an API to permanently delete files, nor to empty the
-trash, so you will have to do that with one of Microsoft's apps or via
-the OneDrive website.
+    #### --qingstor-access-key-id
 
-Standard options
+    QingStor Access Key ID.
 
-Here are the Standard options specific to onedrive (Microsoft OneDrive).
+    Leave blank for anonymous access or runtime credentials.
 
---onedrive-client-id
+    Properties:
 
-OAuth Client Id.
+    - Config:      access_key_id
+    - Env Var:     RCLONE_QINGSTOR_ACCESS_KEY_ID
+    - Type:        string
+    - Required:    false
 
-Leave blank normally.
+    #### --qingstor-secret-access-key
 
-Properties:
+    QingStor Secret Access Key (password).
 
--   Config: client_id
--   Env Var: RCLONE_ONEDRIVE_CLIENT_ID
--   Type: string
--   Required: false
+    Leave blank for anonymous access or runtime credentials.
 
---onedrive-client-secret
+    Properties:
 
-OAuth Client Secret.
+    - Config:      secret_access_key
+    - Env Var:     RCLONE_QINGSTOR_SECRET_ACCESS_KEY
+    - Type:        string
+    - Required:    false
 
-Leave blank normally.
+    #### --qingstor-endpoint
 
-Properties:
+    Enter an endpoint URL to connection QingStor API.
 
--   Config: client_secret
--   Env Var: RCLONE_ONEDRIVE_CLIENT_SECRET
--   Type: string
--   Required: false
+    Leave blank will use the default value "https://qingstor.com:443".
 
---onedrive-region
+    Properties:
 
-Choose national cloud region for OneDrive.
+    - Config:      endpoint
+    - Env Var:     RCLONE_QINGSTOR_ENDPOINT
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --qingstor-zone
 
--   Config: region
--   Env Var: RCLONE_ONEDRIVE_REGION
--   Type: string
--   Default: "global"
--   Examples:
-    -   "global"
-        -   Microsoft Cloud Global
-    -   "us"
-        -   Microsoft Cloud for US Government
-    -   "de"
-        -   Microsoft Cloud Germany
-    -   "cn"
-        -   Azure and Office 365 operated by Vnet Group in China
+    Zone to connect to.
 
-Advanced options
+    Default is "pek3a".
 
-Here are the Advanced options specific to onedrive (Microsoft OneDrive).
+    Properties:
 
---onedrive-token
+    - Config:      zone
+    - Env Var:     RCLONE_QINGSTOR_ZONE
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "pek3a"
+            - The Beijing (China) Three Zone.
+            - Needs location constraint pek3a.
+        - "sh1a"
+            - The Shanghai (China) First Zone.
+            - Needs location constraint sh1a.
+        - "gd2a"
+            - The Guangdong (China) Second Zone.
+            - Needs location constraint gd2a.
 
-OAuth Access Token as a JSON blob.
+    ### Advanced options
 
-Properties:
+    Here are the Advanced options specific to qingstor (QingCloud Object Storage).
 
--   Config: token
--   Env Var: RCLONE_ONEDRIVE_TOKEN
--   Type: string
--   Required: false
+    #### --qingstor-connection-retries
 
---onedrive-auth-url
+    Number of connection retries.
 
-Auth server URL.
+    Properties:
 
-Leave blank to use the provider defaults.
+    - Config:      connection_retries
+    - Env Var:     RCLONE_QINGSTOR_CONNECTION_RETRIES
+    - Type:        int
+    - Default:     3
 
-Properties:
+    #### --qingstor-upload-cutoff
 
--   Config: auth_url
--   Env Var: RCLONE_ONEDRIVE_AUTH_URL
--   Type: string
--   Required: false
+    Cutoff for switching to chunked upload.
 
---onedrive-token-url
+    Any files larger than this will be uploaded in chunks of chunk_size.
+    The minimum is 0 and the maximum is 5 GiB.
 
-Token server url.
+    Properties:
 
-Leave blank to use the provider defaults.
+    - Config:      upload_cutoff
+    - Env Var:     RCLONE_QINGSTOR_UPLOAD_CUTOFF
+    - Type:        SizeSuffix
+    - Default:     200Mi
 
-Properties:
+    #### --qingstor-chunk-size
 
--   Config: token_url
--   Env Var: RCLONE_ONEDRIVE_TOKEN_URL
--   Type: string
--   Required: false
+    Chunk size to use for uploading.
 
---onedrive-chunk-size
+    When uploading files larger than upload_cutoff they will be uploaded
+    as multipart uploads using this chunk size.
 
-Chunk size to upload files with - must be multiple of 320k (327,680
-bytes).
+    Note that "--qingstor-upload-concurrency" chunks of this size are buffered
+    in memory per transfer.
 
-Above this size files will be chunked - must be multiple of 320k
-(327,680 bytes) and should not exceed 250M (262,144,000 bytes) else you
-may encounter "Microsoft.SharePoint.Client.InvalidClientQueryException:
-The request message is too big." Note that the chunks will be buffered
-into memory.
+    If you are transferring large files over high-speed links and you have
+    enough memory, then increasing this will speed up the transfers.
 
-Properties:
+    Properties:
 
--   Config: chunk_size
--   Env Var: RCLONE_ONEDRIVE_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 10Mi
+    - Config:      chunk_size
+    - Env Var:     RCLONE_QINGSTOR_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     4Mi
 
---onedrive-drive-id
+    #### --qingstor-upload-concurrency
 
-The ID of the drive to use.
+    Concurrency for multipart uploads.
 
-Properties:
+    This is the number of chunks of the same file that are uploaded
+    concurrently.
 
--   Config: drive_id
--   Env Var: RCLONE_ONEDRIVE_DRIVE_ID
--   Type: string
--   Required: false
+    NB if you set this to > 1 then the checksums of multipart uploads
+    become corrupted (the uploads themselves are not corrupted though).
 
---onedrive-drive-type
+    If you are uploading small numbers of large files over high-speed links
+    and these uploads do not fully utilize your bandwidth, then increasing
+    this may help to speed up the transfers.
 
-The type of the drive (personal | business | documentLibrary).
+    Properties:
 
-Properties:
+    - Config:      upload_concurrency
+    - Env Var:     RCLONE_QINGSTOR_UPLOAD_CONCURRENCY
+    - Type:        int
+    - Default:     1
 
--   Config: drive_type
--   Env Var: RCLONE_ONEDRIVE_DRIVE_TYPE
--   Type: string
--   Required: false
+    #### --qingstor-encoding
 
---onedrive-root-folder-id
+    The encoding for the backend.
 
-ID of the root folder.
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-This isn't normally needed, but in special circumstances you might know
-the folder ID that you wish to access but not be able to get there
-through a path traversal.
+    Properties:
 
-Properties:
+    - Config:      encoding
+    - Env Var:     RCLONE_QINGSTOR_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,Ctl,InvalidUtf8
 
--   Config: root_folder_id
--   Env Var: RCLONE_ONEDRIVE_ROOT_FOLDER_ID
--   Type: string
--   Required: false
 
---onedrive-access-scopes
 
-Set scopes to be requested by rclone.
+    ## Limitations
 
-Choose or manually enter a custom space separated list with all scopes,
-that rclone should request.
+    `rclone about` is not supported by the qingstor backend. Backends without
+    this capability cannot determine free space for an rclone mount or
+    use policy `mfs` (most free space) as a member of an rclone union
+    remote.
 
-Properties:
+    See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
--   Config: access_scopes
--   Env Var: RCLONE_ONEDRIVE_ACCESS_SCOPES
--   Type: SpaceSepList
--   Default: Files.Read Files.ReadWrite Files.Read.All
-    Files.ReadWrite.All Sites.Read.All offline_access
--   Examples:
-    -   "Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All
-        Sites.Read.All offline_access"
-        -   Read and write access to all resources
-    -   "Files.Read Files.Read.All Sites.Read.All offline_access"
-        -   Read only access to all resources
-    -   "Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All
-        offline_access"
-        -   Read and write access to all resources, without the ability
-            to browse SharePoint sites.
-        -   Same as if disable_site_permission was set to true
-
---onedrive-disable-site-permission
-
-Disable the request for Sites.Read.All permission.
-
-If set to true, you will no longer be able to search for a SharePoint
-site when configuring drive ID, because rclone will not request
-Sites.Read.All permission. Set it to true if your organization didn't
-assign Sites.Read.All permission to the application, and your
-organization disallows users to consent app permission request on their
-own.
+    #  Quatrix
 
-Properties:
+    Quatrix by Maytech is [Quatrix Secure Compliant File Sharing | Maytech](https://www.maytech.net/products/quatrix-business).
 
--   Config: disable_site_permission
--   Env Var: RCLONE_ONEDRIVE_DISABLE_SITE_PERMISSION
--   Type: bool
--   Default: false
+    Paths are specified as `remote:path`
 
---onedrive-expose-onenote-files
+    Paths may be as deep as required, e.g., `remote:directory/subdirectory`.
 
-Set to make OneNote files show up in directory listings.
+    The initial setup for Quatrix involves getting an API Key from Quatrix. You can get the API key in the user's profile at `https://<account>/profile/api-keys`
+    or with the help of the API - https://docs.maytech.net/quatrix/quatrix-api/api-explorer#/API-Key/post_api_key_create.
 
-By default, rclone will hide OneNote files in directory listings because
-operations like "Open" and "Update" won't work on them. But this
-behaviour may also prevent you from deleting them. If you want to delete
-OneNote files or otherwise want them to show up in directory listing,
-set this option.
+    See complete Swagger documentation for Quatrix - https://docs.maytech.net/quatrix/quatrix-api/api-explorer
 
-Properties:
+    ## Configuration
 
--   Config: expose_onenote_files
--   Env Var: RCLONE_ONEDRIVE_EXPOSE_ONENOTE_FILES
--   Type: bool
--   Default: false
+    Here is an example of how to make a remote called `remote`.  First run:
+
+         rclone config
 
---onedrive-server-side-across-configs
+    This will guide you through an interactive setup process:
 
-Allow server-side operations (e.g. copy) to work across different
-onedrive configs.
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Quatrix by Maytech  "quatrix" [snip] Storage> quatrix API key for
+accessing Quatrix account. api_key> your_api_key Host name of Quatrix
+account. host> example.quatrix.it
 
-This will only work if you are copying between two OneDrive Personal
-drives AND the files to copy are already shared between them. In other
-cases, rclone will fall back to normal copy (which will be slightly
-slower).
+  --------------------
+  [remote] api_key =
+  your_api_key host =
+  example.quatrix.it
+  --------------------
+  y) Yes this is OK e)
+  Edit this remote d)
+  Delete this remote
+  y/e/d> y ```
 
-Properties:
+  Once configured you
+  can then use rclone
+  like this,
 
--   Config: server_side_across_configs
--   Env Var: RCLONE_ONEDRIVE_SERVER_SIDE_ACROSS_CONFIGS
--   Type: bool
--   Default: false
+  List directories in
+  top level of your
+  Quatrix
+
+  rclone lsd remote:
+
+  List all the files
+  in your Quatrix
+
+  rclone ls remote:
+
+  To copy a local
+  directory to an
+  Quatrix directory
+  called backup
+
+  rclone copy
+  /home/source
+  remote:backup
+
+  ### API key validity
+
+  API Key is created
+  with no expiration
+  date. It will be
+  valid until you
+  delete or deactivate
+  it in your account.
+  After disabling, the
+  API Key can be
+  enabled back. If the
+  API Key was deleted
+  and a new key was
+  created, you can
+  update it in rclone
+  config. The same
+  happens if the
+  hostname was
+  changed.
+
+  ``` $ rclone config
+  Current remotes:
+
+  Name Type ==== ====
+  remote quatrix
+
+  e) Edit existing
+  remote n) New remote
+  d) Delete remote r)
+  Rename remote c)
+  Copy remote s) Set
+  configuration
+  password q) Quit
+  config
+  e/n/d/r/c/s/q> e
+  Choose a number from
+  below, or type in an
+  existing value 1 >
+  remote remote>
+  remote
+  --------------------
+
+[remote] type = quatrix host = some_host.quatrix.it api_key =
+your_api_key -------------------- Edit remote Option api_key. API key
+for accessing Quatrix account Enter a string value. Press Enter for the
+default (your_api_key) api_key> Option host. Host name of Quatrix
+account Enter a string value. Press Enter for the default
+(some_host.quatrix.it).
+
+  --------------------------------------------------
+  [remote] type = quatrix host =
+  some_host.quatrix.it api_key = your_api_key
+  --------------------------------------------------
+  y) Yes this is OK e) Edit this remote d) Delete
+  this remote y/e/d> y ```
+
+  ### Modification times and hashes
+
+  Quatrix allows modification times to be set on
+  objects accurate to 1 microsecond. These will be
+  used to detect whether objects need syncing or
+  not.
+
+  Quatrix does not support hashes, so you cannot use
+  the --checksum flag.
+
+  ### Restricted filename characters
+
+  File names in Quatrix are case sensitive and have
+  limitations like the maximum length of a filename
+  is 255, and the minimum length is 1. A file name
+  cannot be equal to . or .. nor contain / , \ or
+  non-printable ascii.
 
---onedrive-list-chunk
+  ### Transfers
 
-Size of listing chunk.
+  For files above 50 MiB rclone will use a chunked
+  transfer. Rclone will upload up to --transfers
+  chunks at the same time (shared among all
+  multipart uploads). Chunks are buffered in memory,
+  and the minimal chunk size is 10_000_000 bytes by
+  default, and it can be changed in the advanced
+  configuration, so increasing --transfers will
+  increase the memory use. The chunk size has a
+  maximum size limit, which is set to 100_000_000
+  bytes by default and can be changed in the
+  advanced configuration. The size of the uploaded
+  chunk will dynamically change depending on the
+  upload speed. The total memory use equals the
+  number of transfers multiplied by the minimal
+  chunk size. In case there's free memory allocated
+  for the upload (which equals the difference of
+  maximal_summary_chunk_size and minimal_chunk_size
+  * transfers), the chunk size may increase in case
+  of high upload speed. As well as it can decrease
+  in case of upload speed problems. If no free
+  memory is available, all chunks will equal
+  minimal_chunk_size.
 
-Properties:
+  ### Deleting files
 
--   Config: list_chunk
--   Env Var: RCLONE_ONEDRIVE_LIST_CHUNK
--   Type: int
--   Default: 1000
+  Files you delete with rclone will end up in Trash
+  and be stored there for 30 days. Quatrix also
+  provides an API to permanently delete files and an
+  API to empty the Trash so that you can remove
+  files permanently from your account.
 
---onedrive-no-versions
+  ### Standard options
 
-Remove all versions on modifying operations.
+  Here are the Standard options specific to quatrix
+  (Quatrix by Maytech).
 
-Onedrive for business creates versions when rclone uploads new files
-overwriting an existing one and when it sets the modification time.
+  #### --quatrix-api-key
 
-These versions take up space out of the quota.
+  API key for accessing Quatrix account
 
-This flag checks for versions after file upload and setting modification
-time and removes all but the last version.
+  Properties:
 
-NB Onedrive personal can't currently delete versions so don't use this
-flag there.
+  - Config: api_key - Env Var:
+  RCLONE_QUATRIX_API_KEY - Type: string - Required:
+  true
 
-Properties:
+  #### --quatrix-host
 
--   Config: no_versions
--   Env Var: RCLONE_ONEDRIVE_NO_VERSIONS
--   Type: bool
--   Default: false
+  Host name of Quatrix account
 
---onedrive-link-scope
+  Properties:
 
-Set the scope of the links created by the link command.
+  - Config: host - Env Var: RCLONE_QUATRIX_HOST -
+  Type: string - Required: true
 
-Properties:
+  ### Advanced options
 
--   Config: link_scope
--   Env Var: RCLONE_ONEDRIVE_LINK_SCOPE
--   Type: string
--   Default: "anonymous"
--   Examples:
-    -   "anonymous"
-        -   Anyone with the link has access, without needing to sign in.
-        -   This may include people outside of your organization.
-        -   Anonymous link support may be disabled by an administrator.
-    -   "organization"
-        -   Anyone signed into your organization (tenant) can use the
-            link to get access.
-        -   Only available in OneDrive for Business and SharePoint.
+  Here are the Advanced options specific to quatrix
+  (Quatrix by Maytech).
 
---onedrive-link-type
+  #### --quatrix-encoding
 
-Set the type of the links created by the link command.
+  The encoding for the backend.
 
-Properties:
+  See the encoding section in the overview for more
+  info.
 
--   Config: link_type
--   Env Var: RCLONE_ONEDRIVE_LINK_TYPE
--   Type: string
--   Default: "view"
--   Examples:
-    -   "view"
-        -   Creates a read-only link to the item.
-    -   "edit"
-        -   Creates a read-write link to the item.
-    -   "embed"
-        -   Creates an embeddable link to the item.
+  Properties:
 
---onedrive-link-password
+  - Config: encoding - Env Var:
+  RCLONE_QUATRIX_ENCODING - Type: Encoding -
+  Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
-Set the password for links created by the link command.
+  #### --quatrix-effective-upload-time
 
-At the time of writing this only works with OneDrive personal paid
-accounts.
+  Wanted upload time for one chunk
 
-Properties:
+  Properties:
 
--   Config: link_password
--   Env Var: RCLONE_ONEDRIVE_LINK_PASSWORD
--   Type: string
--   Required: false
+  - Config: effective_upload_time - Env Var:
+  RCLONE_QUATRIX_EFFECTIVE_UPLOAD_TIME - Type:
+  string - Default: "4s"
 
---onedrive-hash-type
+  #### --quatrix-minimal-chunk-size
 
-Specify the hash in use for the backend.
+  The minimal size for one chunk
 
-This specifies the hash type in use. If set to "auto" it will use the
-default hash which is is QuickXorHash.
+  Properties:
 
-Before rclone 1.62 an SHA1 hash was used by default for Onedrive
-Personal. For 1.62 and later the default is to use a QuickXorHash for
-all onedrive types. If an SHA1 hash is desired then set this option
-accordingly.
+  - Config: minimal_chunk_size - Env Var:
+  RCLONE_QUATRIX_MINIMAL_CHUNK_SIZE - Type:
+  SizeSuffix - Default: 9.537Mi
+
+  #### --quatrix-maximal-summary-chunk-size
+
+  The maximal summary for all chunks. It should not
+  be less than 'transfers'*'minimal_chunk_size'
 
-From July 2023 QuickXorHash will be the only available hash for both
-OneDrive for Business and OneDriver Personal.
+  Properties:
+
+  - Config: maximal_summary_chunk_size - Env Var:
+  RCLONE_QUATRIX_MAXIMAL_SUMMARY_CHUNK_SIZE - Type:
+  SizeSuffix - Default: 95.367Mi
 
-This can be set to "none" to not use any hashes.
+  #### --quatrix-hard-delete
 
-If the hash requested does not exist on the object, it will be returned
-as an empty string which is treated as a missing hash by rclone.
+  Delete files permanently rather than putting them
+  into the trash.
 
-Properties:
+  Properties:
 
--   Config: hash_type
--   Env Var: RCLONE_ONEDRIVE_HASH_TYPE
--   Type: string
--   Default: "auto"
--   Examples:
-    -   "auto"
-        -   Rclone chooses the best hash
-    -   "quickxor"
-        -   QuickXor
-    -   "sha1"
-        -   SHA1
-    -   "sha256"
-        -   SHA256
-    -   "crc32"
-        -   CRC32
-    -   "none"
-        -   None - don't use any hashes
+  - Config: hard_delete - Env Var:
+  RCLONE_QUATRIX_HARD_DELETE - Type: bool - Default:
+  false
 
---onedrive-encoding
+  ## Storage usage
 
-The encoding for the backend.
+  The storage usage in Quatrix is restricted to the
+  account during the purchase. You can restrict any
+  user with a smaller storage limit. The account
+  limit is applied if the user has no custom storage
+  limit. Once you've reached the limit, the upload
+  of files will fail. This can be fixed by freeing
+  up the space or increasing the quota.
 
-See the encoding section in the overview for more info.
+  ## Server-side operations
+
+  Quatrix supports server-side operations (copy and
+  move). In case of conflict, files are overwritten
+  during server-side operation.
 
-Properties:
+  # Sia
 
--   Config: encoding
--   Env Var: RCLONE_ONEDRIVE_ENCODING
--   Type: MultiEncoder
--   Default:
-    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot
+  Sia (sia.tech) is a decentralized cloud storage
+  platform based on the blockchain technology. With
+  rclone you can use it like any other remote
+  filesystem or mount Sia folders locally. The
+  technology behind it involves a number of new
+  concepts such as Siacoins and Wallet, Blockchain
+  and Consensus, Renting and Hosting, and so on. If
+  you are new to it, you'd better first familiarize
+  yourself using their excellent support
+  documentation.
 
-Limitations
+  ## Introduction
 
-If you don't use rclone for 90 days the refresh token will expire. This
-will result in authorization problems. This is easy to fix by running
-the rclone config reconnect remote: command to get a new token and
-refresh token.
+  Before you can use rclone with Sia, you will need
+  to have a running copy of Sia-UI or siad (the Sia
+  daemon) locally on your computer or on local
+  network (e.g. a NAS). Please follow the Get
+  started guide and install one.
 
-Naming
+  rclone interacts with Sia network by talking to
+  the Sia daemon via HTTP API which is usually
+  available on port 9980. By default you will run
+  the daemon locally on the same computer so it's
+  safe to leave the API password blank (the API URL
+  will be http://127.0.0.1:9980 making external
+  access impossible).
 
-Note that OneDrive is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+  However, if you want to access Sia daemon running
+  on another node, for example due to memory
+  constraints or because you want to share single
+  daemon between several rclone and Sia-UI
+  instances, you'll need to make a few more
+  provisions: - Ensure you have Sia daemon installed
+  directly or in a docker container because Sia-UI
+  does not support this mode natively. - Run it on
+  externally accessible port, for example provide
+  --api-addr :9980 and --disable-api-security
+  arguments on the daemon command line. - Enforce
+  API password for the siad daemon via environment
+  variable SIA_API_PASSWORD or text file named
+  apipassword in the daemon directory. - Set rclone
+  backend option api_password taking it from above
+  locations.
 
-There are quite a few characters that can't be in OneDrive file names.
-These can't occur on Windows platforms, but on non-Windows platforms
-they are common. Rclone will map these names to and from an identical
-looking unicode equivalent. For example if a file has a ? in it will be
-mapped to ？ instead.
+  Notes: 1. If your wallet is locked, rclone cannot
+  unlock it automatically. You should either unlock
+  it in advance by using Sia-UI or via command line
+  siac wallet unlock. Alternatively you can make
+  siad unlock your wallet automatically upon startup
+  by running it with environment variable
+  SIA_WALLET_PASSWORD. 2. If siad cannot find the
+  SIA_API_PASSWORD variable or the apipassword file
+  in the SIA_DIR directory, it will generate a
+  random password and store in the text file named
+  apipassword under YOUR_HOME/.sia/ directory on
+  Unix or
+  C:\Users\YOUR_HOME\AppData\Local\Sia\apipassword
+  on Windows. Remember this when you configure
+  password in rclone. 3. The only way to use siad
+  without API password is to run it on localhost
+  with command line argument --authorize-api=false,
+  but this is insecure and strongly discouraged.
+
+  ## Configuration
+
+  Here is an example of how to make a sia remote
+  called mySia. First, run:
+
+  rclone config
+
+  This will guide you through an interactive setup
+  process:
+
+  ``` No remotes found, make a new one? n) New
+  remote s) Set configuration password q) Quit
+  config n/s/q> n name> mySia Type of storage to
+  configure. Enter a string value. Press Enter for
+  the default (""). Choose a number from below, or
+  type in your own value ... 29 / Sia Decentralized
+  Cloud  "sia" ... Storage> sia Sia daemon API URL,
+  like http://sia.daemon.host:9980. Note that siad
+  must run with --disable-api-security to open API
+  port for other hosts (not recommended). Keep
+  default if Sia daemon runs on localhost. Enter a
+  string value. Press Enter for the default
+  ("http://127.0.0.1:9980"). api_url>
+  http://127.0.0.1:9980 Sia Daemon API Password. Can
+  be found in the apipassword file located in
+  HOME/.sia/ or in the daemon directory. y) Yes type
+  in my own password g) Generate random password n)
+  No leave this optional password blank (default)
+  y/g/n> y Enter the password: password: Confirm the
+  password: password: Edit advanced config? y) Yes
+  n) No (default) y/n> n
+  --------------------------------------------------
+
+[mySia] type = sia api_url = http://127.0.0.1:9980 api_password = ***
+ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit
+this remote d) Delete this remote y/e/d> y
+
+
+    Once configured, you can then use `rclone` like this:
+
+    - List directories in top level of your Sia storage
+
+rclone lsd mySia:
+
+
+    - List all the files in your Sia storage
+
+rclone ls mySia:
+
+
+    - Upload a local directory to the Sia directory called _backup_
+
+rclone copy /home/source mySia:backup
+
+
+
+    ### Standard options
+
+    Here are the Standard options specific to sia (Sia Decentralized Cloud).
+
+    #### --sia-api-url
 
-File sizes
+    Sia daemon API URL, like http://sia.daemon.host:9980.
 
-The largest allowed file size is 250 GiB for both OneDrive Personal and
-OneDrive for Business (Updated 13 Jan 2021).
+    Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
+    Keep default if Sia daemon runs on localhost.
 
-Path length
+    Properties:
 
-The entire path, including the file name, must contain fewer than 400
-characters for OneDrive, OneDrive for Business and SharePoint Online. If
-you are encrypting file and folder names with rclone, you may want to
-pay attention to this limitation because the encrypted names are
-typically longer than the original ones.
+    - Config:      api_url
+    - Env Var:     RCLONE_SIA_API_URL
+    - Type:        string
+    - Default:     "http://127.0.0.1:9980"
 
-Number of files
+    #### --sia-api-password
 
-OneDrive seems to be OK with at least 50,000 files in a folder, but at
-100,000 rclone will get errors listing the directory like
-couldn’t list files: UnknownError:. See #2707 for more info.
+    Sia Daemon API Password.
 
-An official document about the limitations for different types of
-OneDrive can be found here.
+    Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory.
 
-Versions
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-Every change in a file OneDrive causes the service to create a new
-version of the file. This counts against a users quota. For example
-changing the modification time of a file creates a second version, so
-the file apparently uses twice the space.
-
-For example the copy command is affected by this as rclone copies the
-file and then afterwards sets the modification time to match the source
-file which uses another version.
-
-You can use the rclone cleanup command (see below) to remove all old
-versions.
-
-Or you can set the no_versions parameter to true and rclone will remove
-versions after operations which create new versions. This takes extra
-transactions so only enable it if you need it.
-
-Note At the time of writing Onedrive Personal creates versions (but not
-for setting the modification time) but the API for removing them returns
-"API not found" so cleanup and no_versions should not be used on
-Onedrive Personal.
-
-Disabling versioning
-
-Starting October 2018, users will no longer be able to disable
-versioning by default. This is because Microsoft has brought an update
-to the mechanism. To change this new default setting, a PowerShell
-command is required to be run by a SharePoint admin. If you are an
-admin, you can run these commands in PowerShell to change that setting:
-
-1.  Install-Module -Name Microsoft.Online.SharePoint.PowerShell (in case
-    you haven't installed this already)
-2.  Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
-3.  Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU@YOURSITE.COM
-    (replacing YOURSITE, YOU, YOURSITE.COM with the actual values; this
-    will prompt for your credentials)
-4.  Set-SPOTenant -EnableMinimumVersionRequirement $False
-5.  Disconnect-SPOService (to disconnect from the server)
-
-Below are the steps for normal users to disable versioning. If you don't
-see the "No Versioning" option, make sure the above requirements are
-met.
-
-User Weropol has found a method to disable versioning on OneDrive
-
-1.  Open the settings menu by clicking on the gear symbol at the top of
-    the OneDrive Business page.
-2.  Click Site settings.
-3.  Once on the Site settings page, navigate to Site Administration >
-    Site libraries and lists.
-4.  Click Customize "Documents".
-5.  Click General Settings > Versioning Settings.
-6.  Under Document Version History select the option No versioning.
-    Note: This will disable the creation of new file versions, but will
-    not remove any previous versions. Your documents are safe.
-7.  Apply the changes by clicking OK.
-8.  Use rclone to upload or modify files. (I also use the
-    --no-update-modtime flag)
-9.  Restore the versioning settings after using rclone. (Optional)
+    Properties:
 
-Cleanup
+    - Config:      api_password
+    - Env Var:     RCLONE_SIA_API_PASSWORD
+    - Type:        string
+    - Required:    false
 
-OneDrive supports rclone cleanup which causes rclone to look through
-every file under the path supplied and delete all version but the
-current version. Because this involves traversing all the files, then
-querying each file for versions it can be quite slow. Rclone does
---checkers tests in parallel. The command also supports --interactive/i
-or --dry-run which is a great way to see what it would do.
+    ### Advanced options
 
-    rclone cleanup --interactive remote:path/subdir # interactively remove all old version for path/subdir
-    rclone cleanup remote:path/subdir               # unconditionally remove all old version for path/subdir
+    Here are the Advanced options specific to sia (Sia Decentralized Cloud).
 
-NB Onedrive personal can't currently delete versions
+    #### --sia-user-agent
 
-Troubleshooting
+    Siad User Agent
 
-Excessive throttling or blocked on SharePoint
+    Sia daemon requires the 'Sia-Agent' user agent by default for security
 
-If you experience excessive throttling or is being blocked on SharePoint
-then it may help to set the user agent explicitly with a flag like this:
---user-agent "ISV|rclone.org|rclone/v1.55.1"
+    Properties:
 
-The specific details can be found in the Microsoft document: Avoid
-getting throttled or blocked in SharePoint Online
+    - Config:      user_agent
+    - Env Var:     RCLONE_SIA_USER_AGENT
+    - Type:        string
+    - Default:     "Sia-Agent"
 
-Unexpected file size/hash differences on Sharepoint
-
-It is a known issue that Sharepoint (not OneDrive or OneDrive for
-Business) silently modifies uploaded files, mainly Office files (.docx,
-.xlsx, etc.), causing file size and hash checks to fail. There are also
-other situations that will cause OneDrive to report inconsistent file
-sizes. To use rclone with such affected files on Sharepoint, you may
-disable these checks with the following command line arguments:
+    #### --sia-encoding
 
-    --ignore-checksum --ignore-size
-
-Alternatively, if you have write access to the OneDrive files, it may be
-possible to fix this problem for certain files, by attempting the steps
-below. Open the web interface for OneDrive and find the affected files
-(which will be in the error messages/log for rclone). Simply click on
-each of these files, causing OneDrive to open them on the web. This will
-cause each file to be converted in place to a format that is
-functionally equivalent but which will no longer trigger the size
-discrepancy. Once all problematic files are converted you will no longer
-need the ignore options above.
+    The encoding for the backend.
 
-Replacing/deleting existing files on Sharepoint gets "item not found"
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-It is a known issue that Sharepoint (not OneDrive or OneDrive for
-Business) may return "item not found" errors when users try to replace
-or delete uploaded files; this seems to mainly affect Office files
-(.docx, .xlsx, etc.) and web files (.html, .aspx, etc.). As a
-workaround, you may use the --backup-dir <BACKUP_DIR> command line
-argument so rclone moves the files to be replaced/deleted into a given
-backup directory (instead of directly replacing/deleting them). For
-example, to instruct rclone to move the files into the directory
-rclone-backup-dir on backend mysharepoint, you may use:
+    Properties:
+
+    - Config:      encoding
+    - Env Var:     RCLONE_SIA_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot
+
+
+
+    ## Limitations
+
+    - Modification times not supported
+    - Checksums not supported
+    - `rclone about` not supported
+    - rclone can work only with _Siad_ or _Sia-UI_ at the moment,
+      the **SkyNet daemon is not supported yet.**
+    - Sia does not allow control characters or symbols like question and pound
+      signs in file names. rclone will transparently [encode](https://rclone.org/overview/#encoding)
+      them for you, but you'd better be aware
+
+    #  Swift
+
+    Swift refers to [OpenStack Object Storage](https://docs.openstack.org/swift/latest/).
+    Commercial implementations of that being:
+
+      * [Rackspace Cloud Files](https://www.rackspace.com/cloud/files/)
+      * [Memset Memstore](https://www.memset.com/cloud/storage/)
+      * [OVH Object Storage](https://www.ovh.co.uk/public-cloud/storage/object-storage/)
+      * [Oracle Cloud Storage](https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html)
+      * [Blomp Cloud Storage](https://www.blomp.com/cloud-storage/)
+      * [IBM Bluemix Cloud ObjectStorage Swift](https://console.bluemix.net/docs/infrastructure/objectstorage-swift/index.html)
+
+    Paths are specified as `remote:container` (or `remote:` for the `lsd`
+    command.)  You may put subdirectories in too, e.g. `remote:container/path/to/dir`.
+
+    ## Configuration
+
+    Here is an example of making a swift configuration.  First run
+
+        rclone config
+
+    This will guide you through an interactive setup process.
+
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset
+Memstore, OVH)  "swift" [snip] Storage> swift Get swift credentials from
+environment variables in standard OpenStack form. Choose a number from
+below, or type in your own value 1 / Enter swift credentials in the next
+step  "false" 2 / Get swift credentials from environment vars. Leave
+other fields blank if using this.  "true" env_auth> true User name to
+log in (OS_USERNAME). user> API key or password (OS_PASSWORD). key>
+Authentication URL for server (OS_AUTH_URL). Choose a number from below,
+or type in your own value 1 / Rackspace US
+ "https://auth.api.rackspacecloud.com/v1.0" 2 / Rackspace UK
+ "https://lon.auth.api.rackspacecloud.com/v1.0" 3 / Rackspace v2
+ "https://identity.api.rackspacecloud.com/v2.0" 4 / Memset Memstore UK
+ "https://auth.storage.memset.com/v1.0" 5 / Memset Memstore UK v2
+ "https://auth.storage.memset.com/v2.0" 6 / OVH
+ "https://auth.cloud.ovh.net/v3" 7 / Blomp Cloud Storage
+ "https://authenticate.ain.net" auth> User ID to log in - optional -
+most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
+user_id> User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME) domain>
+Tenant name - optional for v1 auth, this or tenant_id required otherwise
+(OS_TENANT_NAME or OS_PROJECT_NAME) tenant> Tenant ID - optional for v1
+auth, this or tenant required otherwise (OS_TENANT_ID) tenant_id> Tenant
+domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME) tenant_domain>
+Region name - optional (OS_REGION_NAME) region> Storage URL - optional
+(OS_STORAGE_URL) storage_url> Auth Token from alternate authentication -
+optional (OS_AUTH_TOKEN) auth_token> AuthVersion - optional - set to
+(1,2,3) if your auth URL has no version (ST_AUTH_VERSION) auth_version>
+Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE)
+Choose a number from below, or type in your own value 1 / Public
+(default, choose this if not sure)  "public" 2 / Internal (use internal
+service net)  "internal" 3 / Admin  "admin" endpoint_type> Remote config
+-------------------- [test] env_auth = true user = key = auth = user_id
+= domain = tenant = tenant_id = tenant_domain = region = storage_url =
+auth_token = auth_version = endpoint_type = -------------------- y) Yes
+this is OK e) Edit this remote d) Delete this remote y/e/d> y
 
-    --backup-dir mysharepoint:rclone-backup-dir
 
-access_denied (AADSTS65005)
+    This remote is called `remote` and can now be used like this
 
-    Error: access_denied
-    Code: AADSTS65005
-    Description: Using application 'rclone' is currently not supported for your organization [YOUR_ORGANIZATION] because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of [YOUR_ORGANIZATION] before the application rclone can be provisioned.
+    See all containers
 
-This means that rclone can't use the OneDrive for Business API with your
-account. You can't do much about it, maybe write an email to your
-admins.
+        rclone lsd remote:
 
-However, there are other ways to interact with your OneDrive account.
-Have a look at the WebDAV backend: https://rclone.org/webdav/#sharepoint
+    Make a new container
 
-invalid_grant (AADSTS50076)
+        rclone mkdir remote:container
 
-    Error: invalid_grant
-    Code: AADSTS50076
-    Description: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '...'.
+    List the contents of a container
 
-If you see the error above after enabling multi-factor authentication
-for your account, you can fix it by refreshing your OAuth refresh token.
-To do that, run rclone config, and choose to edit your OneDrive backend.
-Then, you don't need to actually make any changes until you reach this
-question: Already have a token - refresh?. For this question, answer y
-and go through the process to refresh your token, just like the first
-time the backend is configured. After this, rclone should work again for
-this backend.
+        rclone ls remote:container
 
-Invalid request when making public links
+    Sync `/home/local/directory` to the remote container, deleting any
+    excess files in the container.
 
-On Sharepoint and OneDrive for Business, rclone link may return an
-"Invalid request" error. A possible cause is that the organisation admin
-didn't allow public links to be made for the organisation/sharepoint
-library. To fix the permissions as an admin, take a look at the docs: 1,
-2.
+        rclone sync --interactive /home/local/directory remote:container
 
-Can not access Shared with me files
+    ### Configuration from an OpenStack credentials file
 
-Shared with me files is not supported by rclone currently, but there is
-a workaround:
+    An OpenStack credentials file typically looks something something
+    like this (without the comments)
 
-1.  Visit https://onedrive.live.com
-2.  Right click a item in Shared, then click Add shortcut to My files in
-    the context [make_shortcut]
-3.  The shortcut will appear in My files, you can access it with rclone,
-    it behaves like a normal folder/file. [in_my_files] [rclone_mount]
+export OS_AUTH_URL=https://a.provider.net/v2.0 export
+OS_TENANT_ID=ffffffffffffffffffffffffffffffff export
+OS_TENANT_NAME="1234567890123456" export OS_USERNAME="123abc567xy" echo
+"Please enter your OpenStack Password: " read -sr OS_PASSWORD_INPUT
+export
+OS_PASSWORD=$OS_PASSWORD_INPUT export OS_REGION_NAME="SBG1" if [ -z "$OS_REGION_NAME"
+]; then unset OS_REGION_NAME; fi
 
-Live Photos uploaded from iOS (small video clips in .heic files)
 
-The iOS OneDrive app introduced upload and storage of Live Photos in
-2020. The usage and download of these uploaded Live Photos is
-unfortunately still work-in-progress and this introduces several issues
-when copying, synchronising and mounting – both in rclone and in the
-native OneDrive client on Windows.
+    The config file needs to look something like this where `$OS_USERNAME`
+    represents the value of the `OS_USERNAME` variable - `123abc567xy` in
+    the example above.
 
-The root cause can easily be seen if you locate one of your Live Photos
-in the OneDrive web interface. Then download the photo from the web
-interface. You will then see that the size of downloaded .heic file is
-smaller than the size displayed in the web interface. The downloaded
-file is smaller because it only contains a single frame (still photo)
-extracted from the Live Photo (movie) stored in OneDrive.
+[remote] type = swift user = $OS_USERNAME key = $OS_PASSWORD auth =
+$OS_AUTH_URL tenant = $OS_TENANT_NAME
 
-The different sizes will cause rclone copy/sync to repeatedly recopy
-unmodified photos something like this:
 
-    DEBUG : 20230203_123826234_iOS.heic: Sizes differ (src 4470314 vs dst 1298667)
-    DEBUG : 20230203_123826234_iOS.heic: sha1 = fc2edde7863b7a7c93ca6771498ac797f8460750 OK
-    INFO  : 20230203_123826234_iOS.heic: Copied (replaced existing)
+    Note that you may (or may not) need to set `region` too - try without first.
 
-These recopies can be worked around by adding --ignore-size. Please note
-that this workaround only syncs the still-picture not the movie clip,
-and relies on modification dates being correctly updated on all files in
-all situations.
+    ### Configuration from the environment
 
-The different sizes will also cause rclone check to report size errors
-something like this:
+    If you prefer you can configure rclone to use swift using a standard
+    set of OpenStack environment variables.
 
-    ERROR : 20230203_123826234_iOS.heic: sizes differ
+    When you run through the config, make sure you choose `true` for
+    `env_auth` and leave everything else blank.
 
-These check errors can be suppressed by adding --ignore-size.
+    rclone will then set any empty config parameters from the environment
+    using standard OpenStack environment variables.  There is [a list of
+    the
+    variables](https://godoc.org/github.com/ncw/swift#Connection.ApplyEnvironment)
+    in the docs for the swift library.
 
-The different sizes will also cause rclone mount to fail downloading
-with an error something like this:
+    ### Using an alternate authentication method
 
-    ERROR : 20230203_123826234_iOS.heic: ReadFileHandle.Read error: low level retry 1/10: unexpected EOF
+    If your OpenStack installation uses a non-standard authentication method
+    that might not be yet supported by rclone or the underlying swift library, 
+    you can authenticate externally (e.g. calling manually the `openstack` 
+    commands to get a token). Then, you just need to pass the two 
+    configuration variables ``auth_token`` and ``storage_url``. 
+    If they are both provided, the other variables are ignored. rclone will 
+    not try to authenticate but instead assume it is already authenticated 
+    and use these two variables to access the OpenStack installation.
 
-or like this when using --cache-mode=full:
+    #### Using rclone without a config file
 
-    INFO  : 20230203_123826234_iOS.heic: vfs cache: downloader: error count now 1: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
-    ERROR : 20230203_123826234_iOS.heic: vfs cache: failed to download: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
+    You can use rclone with swift without a config file, if desired, like
+    this:
 
-OpenDrive
+source openstack-credentials-file export
+RCLONE_CONFIG_MYREMOTE_TYPE=swift export
+RCLONE_CONFIG_MYREMOTE_ENV_AUTH=true rclone lsd myremote:
 
-Paths are specified as remote:path
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    ### --fast-list
 
-Configuration
+    This remote supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
 
-Here is an example of how to make a remote called remote. First run:
+    ### --update and --use-server-modtime
 
-     rclone config
+    As noted below, the modified time is stored on metadata on the object. It is
+    used by default for all operations that require checking the time a file was
+    last updated. It allows rclone to treat the remote more like a true filesystem,
+    but it is inefficient because it requires an extra API call to retrieve the
+    metadata.
 
-This will guide you through an interactive setup process:
+    For many operations, the time the object was last uploaded to the remote is
+    sufficient to determine if it is "dirty". By using `--update` along with
+    `--use-server-modtime`, you can avoid the extra API call and simply upload
+    files whose local modtime is newer than the time it was last uploaded.
 
-    n) New remote
-    d) Delete remote
-    q) Quit config
-    e/n/d/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / OpenDrive
-       \ "opendrive"
-    [snip]
-    Storage> opendrive
-    Username
-    username>
-    Password
-    y) Yes type in my own password
-    g) Generate random password
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    --------------------
-    [remote]
-    username =
-    password = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    ### Modification times and hashes
 
-List directories in top level of your OpenDrive
+    The modified time is stored as metadata on the object as
+    `X-Object-Meta-Mtime` as floating point since the epoch accurate to 1
+    ns.
 
-    rclone lsd remote:
+    This is a de facto standard (used in the official python-swiftclient
+    amongst others) for storing the modification time for an object.
 
-List all the files in your OpenDrive
+    The MD5 hash algorithm is supported.
 
-    rclone ls remote:
+    ### Restricted filename characters
 
-To copy a local directory to an OpenDrive directory called backup
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | NUL       | 0x00  | ␀           |
+    | /         | 0x2F  | ／          |
 
-    rclone copy /home/source remote:backup
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-Modified time and MD5SUMs
 
-OpenDrive allows modification times to be set on objects accurate to 1
-second. These will be used to detect whether objects need syncing or
-not.
+    ### Standard options
 
-Restricted filename characters
+    Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  NUL          0x00         ␀
-  /            0x2F        ／
-  "            0x22        ＂
-  *            0x2A        ＊
-  :            0x3A        ：
-  <            0x3C        ＜
-  >            0x3E        ＞
-  ?            0x3F        ？
-  \            0x5C        ＼
-  |            0x7C        ｜
+    #### --swift-env-auth
 
-File names can also not begin or end with the following characters.
-These only get replaced if they are the first or last character in the
-name:
+    Get swift credentials from environment variables in standard OpenStack form.
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  SP           0x20         ␠
-  HT           0x09         ␉
-  LF           0x0A         ␊
-  VT           0x0B         ␋
-  CR           0x0D         ␍
+    Properties:
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    - Config:      env_auth
+    - Env Var:     RCLONE_SWIFT_ENV_AUTH
+    - Type:        bool
+    - Default:     false
+    - Examples:
+        - "false"
+            - Enter swift credentials in the next step.
+        - "true"
+            - Get swift credentials from environment vars.
+            - Leave other fields blank if using this.
 
-Standard options
+    #### --swift-user
 
-Here are the Standard options specific to opendrive (OpenDrive).
+    User name to log in (OS_USERNAME).
 
---opendrive-username
+    Properties:
 
-Username.
+    - Config:      user
+    - Env Var:     RCLONE_SWIFT_USER
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --swift-key
 
--   Config: username
--   Env Var: RCLONE_OPENDRIVE_USERNAME
--   Type: string
--   Required: true
+    API key or password (OS_PASSWORD).
 
---opendrive-password
+    Properties:
 
-Password.
+    - Config:      key
+    - Env Var:     RCLONE_SWIFT_KEY
+    - Type:        string
+    - Required:    false
 
-NB Input to this must be obscured - see rclone obscure.
+    #### --swift-auth
 
-Properties:
+    Authentication URL for server (OS_AUTH_URL).
 
--   Config: password
--   Env Var: RCLONE_OPENDRIVE_PASSWORD
--   Type: string
--   Required: true
+    Properties:
+
+    - Config:      auth
+    - Env Var:     RCLONE_SWIFT_AUTH
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - "https://auth.api.rackspacecloud.com/v1.0"
+            - Rackspace US
+        - "https://lon.auth.api.rackspacecloud.com/v1.0"
+            - Rackspace UK
+        - "https://identity.api.rackspacecloud.com/v2.0"
+            - Rackspace v2
+        - "https://auth.storage.memset.com/v1.0"
+            - Memset Memstore UK
+        - "https://auth.storage.memset.com/v2.0"
+            - Memset Memstore UK v2
+        - "https://auth.cloud.ovh.net/v3"
+            - OVH
+        - "https://authenticate.ain.net"
+            - Blomp Cloud Storage
+
+    #### --swift-user-id
 
-Advanced options
+    User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
 
-Here are the Advanced options specific to opendrive (OpenDrive).
+    Properties:
 
---opendrive-encoding
+    - Config:      user_id
+    - Env Var:     RCLONE_SWIFT_USER_ID
+    - Type:        string
+    - Required:    false
 
-The encoding for the backend.
+    #### --swift-domain
 
-See the encoding section in the overview for more info.
+    User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
 
-Properties:
+    Properties:
 
--   Config: encoding
--   Env Var: RCLONE_OPENDRIVE_ENCODING
--   Type: MultiEncoder
--   Default:
-    Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot
+    - Config:      domain
+    - Env Var:     RCLONE_SWIFT_DOMAIN
+    - Type:        string
+    - Required:    false
 
---opendrive-chunk-size
+    #### --swift-tenant
 
-Files will be uploaded in chunks this size.
+    Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).
 
-Note that these chunks are buffered in memory so increasing them will
-increase memory use.
+    Properties:
 
-Properties:
+    - Config:      tenant
+    - Env Var:     RCLONE_SWIFT_TENANT
+    - Type:        string
+    - Required:    false
 
--   Config: chunk_size
--   Env Var: RCLONE_OPENDRIVE_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 10Mi
+    #### --swift-tenant-id
 
-Limitations
+    Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).
 
-Note that OpenDrive is case insensitive so you can't have a file called
-"Hello.doc" and one called "hello.doc".
+    Properties:
 
-There are quite a few characters that can't be in OpenDrive file names.
-These can't occur on Windows platforms, but on non-Windows platforms
-they are common. Rclone will map these names to and from an identical
-looking unicode equivalent. For example if a file has a ? in it will be
-mapped to ？ instead.
+    - Config:      tenant_id
+    - Env Var:     RCLONE_SWIFT_TENANT_ID
+    - Type:        string
+    - Required:    false
 
-rclone about is not supported by the OpenDrive backend. Backends without
-this capability cannot determine free space for an rclone mount or use
-policy mfs (most free space) as a member of an rclone union remote.
+    #### --swift-tenant-domain
 
-See List of backends that do not support rclone about and rclone about
+    Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).
 
-Oracle Object Storage
+    Properties:
 
-Oracle Object Storage Overview
+    - Config:      tenant_domain
+    - Env Var:     RCLONE_SWIFT_TENANT_DOMAIN
+    - Type:        string
+    - Required:    false
 
-Oracle Object Storage FAQ
+    #### --swift-region
 
-Paths are specified as remote:bucket (or remote: for the lsd command.)
-You may put subdirectories in too, e.g. remote:bucket/path/to/dir.
+    Region name - optional (OS_REGION_NAME).
 
-Configuration
+    Properties:
 
-Here is an example of making an oracle object storage configuration.
-rclone config walks you through it.
+    - Config:      region
+    - Env Var:     RCLONE_SWIFT_REGION
+    - Type:        string
+    - Required:    false
 
-Here is an example of how to make a remote called remote. First run:
+    #### --swift-storage-url
 
-     rclone config
+    Storage URL - optional (OS_STORAGE_URL).
 
-This will guide you through an interactive setup process:
+    Properties:
 
-    n) New remote
-    d) Delete remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    e/n/d/r/c/s/q> n
+    - Config:      storage_url
+    - Env Var:     RCLONE_SWIFT_STORAGE_URL
+    - Type:        string
+    - Required:    false
 
-    Enter name for new remote.
-    name> remote
+    #### --swift-auth-token
 
-    Option Storage.
-    Type of storage to configure.
-    Choose a number from below, or type in your own value.
-    [snip]
-    XX / Oracle Cloud Infrastructure Object Storage
-       \ (oracleobjectstorage)
-    Storage> oracleobjectstorage
+    Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).
 
-    Option provider.
-    Choose your Auth Provider
-    Choose a number from below, or type in your own string value.
-    Press Enter for the default (env_auth).
-     1 / automatically pickup the credentials from runtime(env), first one to provide auth wins
-       \ (env_auth)
-       / use an OCI user and an API key for authentication.
-     2 | you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
-       | https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
-       \ (user_principal_auth)
-       / use instance principals to authorize an instance to make API calls. 
-     3 | each instance has its own identity, and authenticates using the certificates that are read from instance metadata. 
-       | https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
-       \ (instance_principal_auth)
-     4 / use resource principals to make API calls
-       \ (resource_principal_auth)
-     5 / no credentials needed, this is typically for reading public buckets
-       \ (no_auth)
-    provider> 2
-
-    Option namespace.
-    Object storage namespace
-    Enter a value.
-    namespace> idbamagbg734
+    Properties:
 
-    Option compartment.
-    Object storage compartment OCID
-    Enter a value.
-    compartment> ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
+    - Config:      auth_token
+    - Env Var:     RCLONE_SWIFT_AUTH_TOKEN
+    - Type:        string
+    - Required:    false
 
-    Option region.
-    Object storage Region
-    Enter a value.
-    region> us-ashburn-1
+    #### --swift-application-credential-id
 
-    Option endpoint.
-    Endpoint for Object storage API.
-    Leave blank to use the default endpoint for the region.
-    Enter a value. Press Enter to leave empty.
-    endpoint> 
-
-    Option config_file.
-    Full Path to OCI config file
-    Choose a number from below, or type in your own string value.
-    Press Enter for the default (~/.oci/config).
-     1 / oci configuration file location
-       \ (~/.oci/config)
-    config_file> /etc/oci/dev.conf
-
-    Option config_profile.
-    Profile name inside OCI config file
-    Choose a number from below, or type in your own string value.
-    Press Enter for the default (Default).
-     1 / Use the default profile
-       \ (Default)
-    config_profile> Test
+    Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).
+
+    Properties:
 
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> n
+    - Config:      application_credential_id
+    - Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_ID
+    - Type:        string
+    - Required:    false
 
-    Configuration complete.
-    Options:
-    - type: oracleobjectstorage
-    - namespace: idbamagbg734
-    - compartment: ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
-    - region: us-ashburn-1
-    - provider: user_principal_auth
-    - config_file: /etc/oci/dev.conf
-    - config_profile: Test
-    Keep this "remote" remote?
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    #### --swift-application-credential-name
 
-See all buckets
+    Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).
 
-    rclone lsd remote:
+    Properties:
 
-Create a new bucket
+    - Config:      application_credential_name
+    - Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_NAME
+    - Type:        string
+    - Required:    false
 
-    rclone mkdir remote:bucket
+    #### --swift-application-credential-secret
 
-List the contents of a bucket
+    Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).
 
-    rclone ls remote:bucket
-    rclone ls remote:bucket --max-depth 1
+    Properties:
 
-OCI Authentication Provider
-
-OCI has various authentication methods. To learn more about
-authentication methods please refer oci authentication methods These
-choices can be specified in the rclone config file.
+    - Config:      application_credential_secret
+    - Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_SECRET
+    - Type:        string
+    - Required:    false
 
-Rclone supports the following OCI authentication provider.
+    #### --swift-auth-version
 
-    User Principal
-    Instance Principal
-    Resource Principal
-    No authentication
+    AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION).
 
-Authentication provider choice: User Principal
+    Properties:
 
-Sample rclone config file for Authentication Provider User Principal:
+    - Config:      auth_version
+    - Env Var:     RCLONE_SWIFT_AUTH_VERSION
+    - Type:        int
+    - Default:     0
 
-    [oos]
-    type = oracleobjectstorage
-    namespace = id<redacted>34
-    compartment = ocid1.compartment.oc1..aa<redacted>ba
-    region = us-ashburn-1
-    provider = user_principal_auth
-    config_file = /home/opc/.oci/config
-    config_profile = Default
+    #### --swift-endpoint-type
 
-Advantages: - One can use this method from any server within OCI or
-on-premises or from other cloud provider.
+    Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE).
 
-Considerations: - you need to configure user’s privileges / policy to
-allow access to object storage - Overhead of managing users and keys. -
-If the user is deleted, the config file will no longer work and may
-cause automation regressions that use the user's credentials.
+    Properties:
 
-Authentication provider choice: Instance Principal
+    - Config:      endpoint_type
+    - Env Var:     RCLONE_SWIFT_ENDPOINT_TYPE
+    - Type:        string
+    - Default:     "public"
+    - Examples:
+        - "public"
+            - Public (default, choose this if not sure)
+        - "internal"
+            - Internal (use internal service net)
+        - "admin"
+            - Admin
 
-An OCI compute instance can be authorized to use rclone by using it's
-identity and certificates as an instance principal. With this approach
-no credentials have to be stored and managed.
+    #### --swift-storage-policy
 
-Sample rclone configuration file for Authentication Provider Instance
-Principal:
+    The storage policy to use when creating a new container.
 
-    [opc@rclone ~]$ cat ~/.config/rclone/rclone.conf
-    [oos]
-    type = oracleobjectstorage
-    namespace = id<redacted>fn
-    compartment = ocid1.compartment.oc1..aa<redacted>k7a
-    region = us-ashburn-1
-    provider = instance_principal_auth
+    This applies the specified storage policy when creating a new
+    container. The policy cannot be changed afterwards. The allowed
+    configuration values and their meaning depend on your Swift storage
+    provider.
 
-Advantages:
+    Properties:
 
--   With instance principals, you don't need to configure user
-    credentials and transfer/ save it to disk in your compute instances
-    or rotate the credentials.
--   You don’t need to deal with users and keys.
--   Greatly helps in automation as you don't have to manage access keys,
-    user private keys, storing them in vault, using kms etc.
+    - Config:      storage_policy
+    - Env Var:     RCLONE_SWIFT_STORAGE_POLICY
+    - Type:        string
+    - Required:    false
+    - Examples:
+        - ""
+            - Default
+        - "pcs"
+            - OVH Public Cloud Storage
+        - "pca"
+            - OVH Public Cloud Archive
 
-Considerations:
+    ### Advanced options
 
--   You need to configure a dynamic group having this instance as member
-    and add policy to read object storage to that dynamic group.
--   Everyone who has access to this machine can execute the CLI
-    commands.
--   It is applicable for oci compute instances only. It cannot be used
-    on external instance or resources.
+    Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
 
-Authentication provider choice: Resource Principal
+    #### --swift-leave-parts-on-error
 
-Resource principal auth is very similar to instance principal auth but
-used for resources that are not compute instances such as serverless
-functions. To use resource principal ensure Rclone process is started
-with these environment variables set in its process.
+    If true avoid calling abort upload on a failure.
 
-    export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
-    export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
-    export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
-    export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token
+    It should be set to true for resuming uploads across different sessions.
 
-Sample rclone configuration file for Authentication Provider Resource
-Principal:
+    Properties:
 
-    [oos]
-    type = oracleobjectstorage
-    namespace = id<redacted>34
-    compartment = ocid1.compartment.oc1..aa<redacted>ba
-    region = us-ashburn-1
-    provider = resource_principal_auth
+    - Config:      leave_parts_on_error
+    - Env Var:     RCLONE_SWIFT_LEAVE_PARTS_ON_ERROR
+    - Type:        bool
+    - Default:     false
 
-Authentication provider choice: No authentication
+    #### --swift-chunk-size
 
-Public buckets do not require any authentication mechanism to read
-objects. Sample rclone configuration file for No authentication:
+    Above this size files will be chunked into a _segments container.
 
-    [oos]
-    type = oracleobjectstorage
-    namespace = id<redacted>34
-    compartment = ocid1.compartment.oc1..aa<redacted>ba
-    region = us-ashburn-1
-    provider = no_auth
+    Above this size files will be chunked into a _segments container.  The
+    default for this is 5 GiB which is its maximum value.
 
-Options
+    Properties:
 
-Modified time
+    - Config:      chunk_size
+    - Env Var:     RCLONE_SWIFT_CHUNK_SIZE
+    - Type:        SizeSuffix
+    - Default:     5Gi
 
-The modified time is stored as metadata on the object as opc-meta-mtime
-as floating point since the epoch, accurate to 1 ns.
+    #### --swift-no-chunk
 
-If the modification time needs to be updated rclone will attempt to
-perform a server side copy to update the modification if the object can
-be copied in a single part. In the case the object is larger than 5Gb,
-the object will be uploaded rather than copied.
+    Don't chunk files during streaming upload.
 
-Note that reading this from the object takes an additional HEAD request
-as the metadata isn't returned in object listings.
+    When doing streaming uploads (e.g. using rcat or mount) setting this
+    flag will cause the swift backend to not upload chunked files.
 
-Multipart uploads
+    This will limit the maximum upload size to 5 GiB. However non chunked
+    files are easier to deal with and have an MD5SUM.
 
-rclone supports multipart uploads with OOS which means that it can
-upload files bigger than 5 GiB.
+    Rclone will still chunk files bigger than chunk_size when doing normal
+    copy operations.
 
-Note that files uploaded both with multipart upload and through crypt
-remotes do not have MD5 sums.
+    Properties:
 
-rclone switches from single part uploads to multipart uploads at the
-point specified by --oos-upload-cutoff. This can be a maximum of 5 GiB
-and a minimum of 0 (ie always upload multipart files).
+    - Config:      no_chunk
+    - Env Var:     RCLONE_SWIFT_NO_CHUNK
+    - Type:        bool
+    - Default:     false
 
-The chunk sizes used in the multipart upload are specified by
---oos-chunk-size and the number of chunks uploaded concurrently is
-specified by --oos-upload-concurrency.
+    #### --swift-no-large-objects
 
-Multipart uploads will use --transfers * --oos-upload-concurrency *
---oos-chunk-size extra memory. Single part uploads to not use extra
-memory.
+    Disable support for static and dynamic large objects
 
-Single part transfers can be faster than multipart transfers or slower
-depending on your latency from oos - the more latency, the more likely
-single part transfers will be faster.
+    Swift cannot transparently store files bigger than 5 GiB. There are
+    two schemes for doing that, static or dynamic large objects, and the
+    API does not allow rclone to determine whether a file is a static or
+    dynamic large object without doing a HEAD on the object. Since these
+    need to be treated differently, this means rclone has to issue HEAD
+    requests for objects for example when reading checksums.
 
-Increasing --oos-upload-concurrency will increase throughput (8 would be
-a sensible value) and increasing --oos-chunk-size also increases
-throughput (16M would be sensible). Increasing either of these will use
-more memory. The default values are high enough to gain most of the
-possible performance without using too much memory.
+    When `no_large_objects` is set, rclone will assume that there are no
+    static or dynamic large objects stored. This means it can stop doing
+    the extra HEAD calls which in turn increases performance greatly
+    especially when doing a swift to swift transfer with `--checksum` set.
 
-Standard options
+    Setting this option implies `no_chunk` and also that no files will be
+    uploaded in chunks, so files bigger than 5 GiB will just fail on
+    upload.
 
-Here are the Standard options specific to oracleobjectstorage (Oracle
-Cloud Infrastructure Object Storage).
+    If you set this option and there *are* static or dynamic large objects,
+    then this will give incorrect hashes for them. Downloads will succeed,
+    but other operations such as Remove and Copy will fail.
 
---oos-provider
 
-Choose your Auth Provider
+    Properties:
 
-Properties:
+    - Config:      no_large_objects
+    - Env Var:     RCLONE_SWIFT_NO_LARGE_OBJECTS
+    - Type:        bool
+    - Default:     false
 
--   Config: provider
--   Env Var: RCLONE_OOS_PROVIDER
--   Type: string
--   Default: "env_auth"
--   Examples:
-    -   "env_auth"
-        -   automatically pickup the credentials from runtime(env),
-            first one to provide auth wins
-    -   "user_principal_auth"
-        -   use an OCI user and an API key for authentication.
-        -   you’ll need to put in a config file your tenancy OCID, user
-            OCID, region, the path, fingerprint to an API key.
-        -   https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
-    -   "instance_principal_auth"
-        -   use instance principals to authorize an instance to make API
-            calls.
-        -   each instance has its own identity, and authenticates using
-            the certificates that are read from instance metadata.
-        -   https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
-    -   "resource_principal_auth"
-        -   use resource principals to make API calls
-    -   "no_auth"
-        -   no credentials needed, this is typically for reading public
-            buckets
-
---oos-namespace
-
-Object storage namespace
+    #### --swift-encoding
 
-Properties:
+    The encoding for the backend.
 
--   Config: namespace
--   Env Var: RCLONE_OOS_NAMESPACE
--   Type: string
--   Required: true
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
---oos-compartment
+    Properties:
 
-Object storage compartment OCID
+    - Config:      encoding
+    - Env Var:     RCLONE_SWIFT_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,InvalidUtf8
 
-Properties:
 
--   Config: compartment
--   Env Var: RCLONE_OOS_COMPARTMENT
--   Provider: !no_auth
--   Type: string
--   Required: true
 
---oos-region
+    ## Limitations
 
-Object storage Region
+    The Swift API doesn't return a correct MD5SUM for segmented files
+    (Dynamic or Static Large Objects) so rclone won't check or use the
+    MD5SUM for these.
 
-Properties:
+    ## Troubleshooting
 
--   Config: region
--   Env Var: RCLONE_OOS_REGION
--   Type: string
--   Required: true
+    ### Rclone gives Failed to create file system for "remote:": Bad Request
 
---oos-endpoint
+    Due to an oddity of the underlying swift library, it gives a "Bad
+    Request" error rather than a more sensible error when the
+    authentication fails for Swift.
 
-Endpoint for Object storage API.
+    So this most likely means your username / password is wrong.  You can
+    investigate further with the `--dump-bodies` flag.
 
-Leave blank to use the default endpoint for the region.
+    This may also be caused by specifying the region when you shouldn't
+    have (e.g. OVH).
 
-Properties:
+    ### Rclone gives Failed to create file system: Response didn't have storage url and auth token
 
--   Config: endpoint
--   Env Var: RCLONE_OOS_ENDPOINT
--   Type: string
--   Required: false
+    This is most likely caused by forgetting to specify your tenant when
+    setting up a swift remote.
 
---oos-config-file
+    ## OVH Cloud Archive
 
-Path to OCI config file
+    To use rclone with OVH cloud archive, first use `rclone config` to set up a `swift` backend with OVH, choosing `pca` as the `storage_policy`.
 
-Properties:
+    ### Uploading Objects
 
--   Config: config_file
--   Env Var: RCLONE_OOS_CONFIG_FILE
--   Provider: user_principal_auth
--   Type: string
--   Default: "~/.oci/config"
--   Examples:
-    -   "~/.oci/config"
-        -   oci configuration file location
+    Uploading objects to OVH cloud archive is no different to object storage, you just simply run the command you like (move, copy or sync) to upload the objects. Once uploaded the objects will show in a "Frozen" state within the OVH control panel.
 
---oos-config-profile
+    ### Retrieving Objects
 
-Profile name inside the oci config file
+    To retrieve objects use `rclone copy` as normal. If the objects are in a frozen state then rclone will ask for them all to be unfrozen and it will wait at the end of the output with a message like the following:
 
-Properties:
+    `2019/03/23 13:06:33 NOTICE: Received retry after error - sleeping until 2019-03-23T13:16:33.481657164+01:00 (9m59.99985121s)`
 
--   Config: config_profile
--   Env Var: RCLONE_OOS_CONFIG_PROFILE
--   Provider: user_principal_auth
--   Type: string
--   Default: "Default"
--   Examples:
-    -   "Default"
-        -   Use the default profile
+    Rclone will wait for the time specified then retry the copy.
 
-Advanced options
+    #  pCloud
 
-Here are the Advanced options specific to oracleobjectstorage (Oracle
-Cloud Infrastructure Object Storage).
+    Paths are specified as `remote:path`
 
---oos-storage-tier
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-The storage class to use when storing new objects in storage.
-https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm
+    ## Configuration
 
-Properties:
+    The initial setup for pCloud involves getting a token from pCloud which you
+    need to do in your browser.  `rclone config` walks you through it.
 
--   Config: storage_tier
--   Env Var: RCLONE_OOS_STORAGE_TIER
--   Type: string
--   Default: "Standard"
--   Examples:
-    -   "Standard"
-        -   Standard storage tier, this is the default tier
-    -   "InfrequentAccess"
-        -   InfrequentAccess storage tier
-    -   "Archive"
-        -   Archive storage tier
+    Here is an example of how to make a remote called `remote`.  First run:
 
---oos-upload-cutoff
+         rclone config
 
-Cutoff for switching to chunked upload.
+    This will guide you through an interactive setup process:
 
-Any files larger than this will be uploaded in chunks of chunk_size. The
-minimum is 0 and the maximum is 5 GiB.
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Pcloud  "pcloud" [snip] Storage> pcloud Pcloud App Client Id -
+leave blank normally. client_id> Pcloud App Client Secret - leave blank
+normally. client_secret> Remote config Use web browser to automatically
+authenticate rclone with remote? * Say Y if the machine running rclone
+has a web browser you can use * Say N if running rclone on a (remote)
+machine without web browser access If not sure try Y. If Y failed, try
+N. y) Yes n) No y/n> y If your browser doesn't open automatically go to
+the following link: http://127.0.0.1:53682/auth Log in and authorize
+rclone for access Waiting for code... Got code --------------------
+[remote] client_id = client_secret = token =
+{"access_token":"XXX","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
-Properties:
 
--   Config: upload_cutoff
--   Env Var: RCLONE_OOS_UPLOAD_CUTOFF
--   Type: SizeSuffix
--   Default: 200Mi
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
---oos-chunk-size
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from pCloud. This only runs from the moment it opens
+    your browser to the moment you get back the verification code.  This
+    is on `http://127.0.0.1:53682/` and this it may require you to unblock
+    it temporarily if you are running a host firewall.
 
-Chunk size to use for uploading.
+    Once configured you can then use `rclone` like this,
 
-When uploading files larger than upload_cutoff or files with unknown
-size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google
-photos or google docs) they will be uploaded as multipart uploads using
-this chunk size.
+    List directories in top level of your pCloud
 
-Note that "upload_concurrency" chunks of this size are buffered in
-memory per transfer.
+        rclone lsd remote:
 
-If you are transferring large files over high-speed links and you have
-enough memory, then increasing this will speed up the transfers.
+    List all the files in your pCloud
 
-Rclone will automatically increase the chunk size when uploading a large
-file of known size to stay below the 10,000 chunks limit.
+        rclone ls remote:
 
-Files of unknown size are uploaded with the configured chunk_size. Since
-the default chunk size is 5 MiB and there can be at most 10,000 chunks,
-this means that by default the maximum size of a file you can stream
-upload is 48 GiB. If you wish to stream upload larger files then you
-will need to increase chunk_size.
+    To copy a local directory to a pCloud directory called backup
 
-Increasing the chunk size decreases the accuracy of the progress
-statistics displayed with "-P" flag.
+        rclone copy /home/source remote:backup
 
-Properties:
+    ### Modification times and hashes
 
--   Config: chunk_size
--   Env Var: RCLONE_OOS_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 5Mi
+    pCloud allows modification times to be set on objects accurate to 1
+    second.  These will be used to detect whether objects need syncing or
+    not.  In order to set a Modification time pCloud requires the object
+    be re-uploaded.
 
---oos-upload-concurrency
+    pCloud supports MD5 and SHA1 hashes in the US region, and SHA1 and SHA256
+    hashes in the EU region, so you can use the `--checksum` flag.
 
-Concurrency for multipart uploads.
+    ### Restricted filename characters
 
-This is the number of chunks of the same file that are uploaded
-concurrently.
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-If you are uploading small numbers of large files over high-speed links
-and these uploads do not fully utilize your bandwidth, then increasing
-this may help to speed up the transfers.
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | \         | 0x5C  | ＼          |
 
-Properties:
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
--   Config: upload_concurrency
--   Env Var: RCLONE_OOS_UPLOAD_CONCURRENCY
--   Type: int
--   Default: 10
+    ### Deleting files
 
---oos-copy-cutoff
+    Deleted files will be moved to the trash.  Your subscription level
+    will determine how long items stay in the trash.  `rclone cleanup` can
+    be used to empty the trash.
 
-Cutoff for switching to multipart copy.
+    ### Emptying the trash
 
-Any files larger than this that need to be server-side copied will be
-copied in chunks of this size.
+    Due to an API limitation, the `rclone cleanup` command will only work if you 
+    set your username and password in the advanced options for this backend. 
+    Since we generally want to avoid storing user passwords in the rclone config
+    file, we advise you to only set this up if you need the `rclone cleanup` command to work.
 
-The minimum is 0 and the maximum is 5 GiB.
+    ### Root folder ID
 
-Properties:
+    You can set the `root_folder_id` for rclone.  This is the directory
+    (identified by its `Folder ID`) that rclone considers to be the root
+    of your pCloud drive.
 
--   Config: copy_cutoff
--   Env Var: RCLONE_OOS_COPY_CUTOFF
--   Type: SizeSuffix
--   Default: 4.656Gi
+    Normally you will leave this blank and rclone will determine the
+    correct root to use itself.
 
---oos-copy-timeout
+    However you can set this to restrict rclone to a specific folder
+    hierarchy.
 
-Timeout for copy.
+    In order to do this you will have to find the `Folder ID` of the
+    directory you wish rclone to display.  This will be the `folder` field
+    of the URL when you open the relevant folder in the pCloud web
+    interface.
 
-Copy is an asynchronous operation, specify timeout to wait for copy to
-succeed
+    So if the folder you want rclone to use has a URL which looks like
+    `https://my.pcloud.com/#page=filemanager&folder=5xxxxxxxx8&tpl=foldergrid`
+    in the browser, then you use `5xxxxxxxx8` as
+    the `root_folder_id` in the config.
 
-Properties:
 
--   Config: copy_timeout
--   Env Var: RCLONE_OOS_COPY_TIMEOUT
--   Type: Duration
--   Default: 1m0s
+    ### Standard options
 
---oos-disable-checksum
+    Here are the Standard options specific to pcloud (Pcloud).
 
-Don't store MD5 checksum with object metadata.
+    #### --pcloud-client-id
 
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can add it to metadata on the object. This is great
-for data integrity checking but can cause long delays for large files to
-start uploading.
+    OAuth Client Id.
 
-Properties:
+    Leave blank normally.
 
--   Config: disable_checksum
--   Env Var: RCLONE_OOS_DISABLE_CHECKSUM
--   Type: bool
--   Default: false
+    Properties:
 
---oos-encoding
+    - Config:      client_id
+    - Env Var:     RCLONE_PCLOUD_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-The encoding for the backend.
+    #### --pcloud-client-secret
 
-See the encoding section in the overview for more info.
+    OAuth Client Secret.
 
-Properties:
+    Leave blank normally.
 
--   Config: encoding
--   Env Var: RCLONE_OOS_ENCODING
--   Type: MultiEncoder
--   Default: Slash,InvalidUtf8,Dot
+    Properties:
 
---oos-leave-parts-on-error
+    - Config:      client_secret
+    - Env Var:     RCLONE_PCLOUD_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-If true avoid calling abort upload on a failure, leaving all
-successfully uploaded parts on S3 for manual recovery.
+    ### Advanced options
 
-It should be set to true for resuming uploads across different sessions.
+    Here are the Advanced options specific to pcloud (Pcloud).
 
-WARNING: Storing parts of an incomplete multipart upload counts towards
-space usage on object storage and will add additional costs if not
-cleaned up.
+    #### --pcloud-token
 
-Properties:
+    OAuth Access Token as a JSON blob.
 
--   Config: leave_parts_on_error
--   Env Var: RCLONE_OOS_LEAVE_PARTS_ON_ERROR
--   Type: bool
--   Default: false
+    Properties:
 
---oos-no-check-bucket
+    - Config:      token
+    - Env Var:     RCLONE_PCLOUD_TOKEN
+    - Type:        string
+    - Required:    false
 
-If set, don't attempt to check the bucket exists or create it.
+    #### --pcloud-auth-url
 
-This can be useful when trying to minimise the number of transactions
-rclone does if you know the bucket exists already.
+    Auth server URL.
 
-It can also be needed if the user you are using does not have bucket
-creation permissions.
+    Leave blank to use the provider defaults.
 
-Properties:
+    Properties:
 
--   Config: no_check_bucket
--   Env Var: RCLONE_OOS_NO_CHECK_BUCKET
--   Type: bool
--   Default: false
+    - Config:      auth_url
+    - Env Var:     RCLONE_PCLOUD_AUTH_URL
+    - Type:        string
+    - Required:    false
 
---oos-sse-customer-key-file
+    #### --pcloud-token-url
 
-To use SSE-C, a file containing the base64-encoded string of the AES-256
-encryption key associated with the object. Please note only one of
-sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.'
+    Token server url.
 
-Properties:
+    Leave blank to use the provider defaults.
 
--   Config: sse_customer_key_file
--   Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_FILE
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   None
+    Properties:
 
---oos-sse-customer-key
+    - Config:      token_url
+    - Env Var:     RCLONE_PCLOUD_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-To use SSE-C, the optional header that specifies the base64-encoded
-256-bit encryption key to use to encrypt or decrypt the data. Please
-note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id
-is needed. For more information, see Using Your Own Keys for Server-Side
-Encryption
-(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm)
+    #### --pcloud-encoding
 
-Properties:
+    The encoding for the backend.
 
--   Config: sse_customer_key
--   Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   None
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
---oos-sse-customer-key-sha256
+    Properties:
 
-If using SSE-C, The optional header that specifies the base64-encoded
-SHA256 hash of the encryption key. This value is used to check the
-integrity of the encryption key. see Using Your Own Keys for Server-Side
-Encryption
-(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
+    - Config:      encoding
+    - Env Var:     RCLONE_PCLOUD_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
-Properties:
+    #### --pcloud-root-folder-id
 
--   Config: sse_customer_key_sha256
--   Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   None
+    Fill in for rclone to use a non root folder as its starting point.
 
---oos-sse-kms-key-id
+    Properties:
 
-if using using your own master key in vault, this header specifies the
-OCID
-(https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm)
-of a master encryption key used to call the Key Management service to
-generate a data encryption key or to encrypt or decrypt a data
-encryption key. Please note only one of
-sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
+    - Config:      root_folder_id
+    - Env Var:     RCLONE_PCLOUD_ROOT_FOLDER_ID
+    - Type:        string
+    - Default:     "d0"
 
-Properties:
+    #### --pcloud-hostname
 
--   Config: sse_kms_key_id
--   Env Var: RCLONE_OOS_SSE_KMS_KEY_ID
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   None
+    Hostname to connect to.
 
---oos-sse-customer-algorithm
+    This is normally set when rclone initially does the oauth connection,
+    however you will need to set it by hand if you are using remote config
+    with rclone authorize.
 
-If using SSE-C, the optional header that specifies "AES256" as the
-encryption algorithm. Object Storage supports "AES256" as the encryption
-algorithm. For more information, see Using Your Own Keys for Server-Side
-Encryption
-(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
 
-Properties:
+    Properties:
 
--   Config: sse_customer_algorithm
--   Env Var: RCLONE_OOS_SSE_CUSTOMER_ALGORITHM
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   None
-    -   "AES256"
-        -   AES256
+    - Config:      hostname
+    - Env Var:     RCLONE_PCLOUD_HOSTNAME
+    - Type:        string
+    - Default:     "api.pcloud.com"
+    - Examples:
+        - "api.pcloud.com"
+            - Original/US region
+        - "eapi.pcloud.com"
+            - EU region
 
-Backend commands
+    #### --pcloud-username
 
-Here are the commands specific to the oracleobjectstorage backend.
+    Your pcloud username.
+                
+    This is only required when you want to use the cleanup command. Due to a bug
+    in the pcloud API the required API does not support OAuth authentication so
+    we have to rely on user password authentication for it.
 
-Run them with
+    Properties:
 
-    rclone backend COMMAND remote:
+    - Config:      username
+    - Env Var:     RCLONE_PCLOUD_USERNAME
+    - Type:        string
+    - Required:    false
 
-The help below will explain what arguments each command takes.
+    #### --pcloud-password
 
-See the backend command for more info on how to pass options and
-arguments.
+    Your pcloud password.
 
-These can be run on a running backend using the rc command
-backend/command.
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-rename
+    Properties:
 
-change the name of an object
+    - Config:      password
+    - Env Var:     RCLONE_PCLOUD_PASSWORD
+    - Type:        string
+    - Required:    false
 
-    rclone backend rename remote: [options] [<arguments>+]
 
-This command can be used to rename a object.
 
-Usage Examples:
+    #  PikPak
 
-    rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name
+    PikPak is [a private cloud drive](https://mypikpak.com/).
 
-list-multipart-uploads
+    Paths are specified as `remote:path`, and may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-List the unfinished multipart uploads
+    ## Configuration
 
-    rclone backend list-multipart-uploads remote: [options] [<arguments>+]
+    Here is an example of making a remote for PikPak.
 
-This command lists the unfinished multipart uploads in JSON format.
+    First run:
 
-    rclone backend list-multipart-uploads oos:bucket/path/to/object
+         rclone config
 
-It returns a dictionary of buckets with values as lists of unfinished
-multipart uploads.
+    This will guide you through an interactive setup process:
 
-You can call it with no bucket in which case it lists all bucket, with a
-bucket or with a bucket and path.
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n
 
-    {
-      "test-bucket": [
-                {
-                        "namespace": "test-namespace",
-                        "bucket": "test-bucket",
-                        "object": "600m.bin",
-                        "uploadId": "51dd8114-52a4-b2f2-c42f-5291f05eb3c8",
-                        "timeCreated": "2022-07-29T06:21:16.595Z",
-                        "storageTier": "Standard"
-                }
-        ]
+Enter name for new remote. name> remote
 
-cleanup
+Option Storage. Type of storage to configure. Choose a number from
+below, or type in your own value. XX / PikPak  (pikpak) Storage> XX
 
-Remove unfinished multipart uploads.
+Option user. Pikpak username. Enter a value. user> USERNAME
 
-    rclone backend cleanup remote: [options] [<arguments>+]
+Option pass. Pikpak password. Choose an alternative below. y) Yes, type
+in my own password g) Generate random password y/g> y Enter the
+password: password: Confirm the password: password:
 
-This command removes unfinished multipart uploads of age greater than
-max-age which defaults to 24 hours.
+Edit advanced config? y) Yes n) No (default) y/n>
 
-Note that you can use --interactive/-i or --dry-run with this command to
-see what it would do.
+Configuration complete. Options: - type: pikpak - user: USERNAME - pass:
+*** ENCRYPTED *** - token:
+{"access_token":"eyJ...","token_type":"Bearer","refresh_token":"os...","expiry":"2023-01-26T18:54:32.170582647+09:00"}
+Keep this "remote" remote? y) Yes this is OK (default) e) Edit this
+remote d) Delete this remote y/e/d> y
 
-    rclone backend cleanup oos:bucket/path/to/object
-    rclone backend cleanup -o max-age=7w oos:bucket/path/to/object
 
-Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
+    ### Modification times and hashes
 
-Options:
+    PikPak keeps modification times on objects, and updates them when uploading objects,
+    but it does not support changing only the modification time
 
--   "max-age": Max age of upload to delete
+    The MD5 hash algorithm is supported.
 
-QingStor
 
-Paths are specified as remote:bucket (or remote: for the lsd command.)
-You may put subdirectories in too, e.g. remote:bucket/path/to/dir.
+    ### Standard options
 
-Configuration
+    Here are the Standard options specific to pikpak (PikPak).
 
-Here is an example of making an QingStor configuration. First run
+    #### --pikpak-user
 
-    rclone config
+    Pikpak username.
 
-This will guide you through an interactive setup process.
+    Properties:
 
-    No remotes found, make a new one?
-    n) New remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    n/r/c/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / QingStor Object Storage
-       \ "qingstor"
-    [snip]
-    Storage> qingstor
-    Get QingStor credentials from runtime. Only applies if access_key_id and secret_access_key is blank.
-    Choose a number from below, or type in your own value
-     1 / Enter QingStor credentials in the next step
-       \ "false"
-     2 / Get QingStor credentials from the environment (env vars or IAM)
-       \ "true"
-    env_auth> 1
-    QingStor Access Key ID - leave blank for anonymous access or runtime credentials.
-    access_key_id> access_key
-    QingStor Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-    secret_access_key> secret_key
-    Enter an endpoint URL to connection QingStor API.
-    Leave blank will use the default value "https://qingstor.com:443"
-    endpoint>
-    Zone connect to. Default is "pek3a".
-    Choose a number from below, or type in your own value
-       / The Beijing (China) Three Zone
-     1 | Needs location constraint pek3a.
-       \ "pek3a"
-       / The Shanghai (China) First Zone
-     2 | Needs location constraint sh1a.
-       \ "sh1a"
-    zone> 1
-    Number of connection retry.
-    Leave blank will use the default value "3".
-    connection_retries>
-    Remote config
-    --------------------
-    [remote]
-    env_auth = false
-    access_key_id = access_key
-    secret_access_key = secret_key
-    endpoint =
-    zone = pek3a
-    connection_retries =
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    - Config:      user
+    - Env Var:     RCLONE_PIKPAK_USER
+    - Type:        string
+    - Required:    true
 
-This remote is called remote and can now be used like this
+    #### --pikpak-pass
 
-See all buckets
+    Pikpak password.
 
-    rclone lsd remote:
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-Make a new bucket
+    Properties:
 
-    rclone mkdir remote:bucket
+    - Config:      pass
+    - Env Var:     RCLONE_PIKPAK_PASS
+    - Type:        string
+    - Required:    true
 
-List the contents of a bucket
+    ### Advanced options
 
-    rclone ls remote:bucket
+    Here are the Advanced options specific to pikpak (PikPak).
 
-Sync /home/local/directory to the remote bucket, deleting any excess
-files in the bucket.
+    #### --pikpak-client-id
 
-    rclone sync --interactive /home/local/directory remote:bucket
+    OAuth Client Id.
 
---fast-list
+    Leave blank normally.
 
-This remote supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details.
+    Properties:
 
-Multipart uploads
+    - Config:      client_id
+    - Env Var:     RCLONE_PIKPAK_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-rclone supports multipart uploads with QingStor which means that it can
-upload files bigger than 5 GiB. Note that files uploaded with multipart
-upload don't have an MD5SUM.
+    #### --pikpak-client-secret
 
-Note that incomplete multipart uploads older than 24 hours can be
-removed with rclone cleanup remote:bucket just for one bucket
-rclone cleanup remote: for all buckets. QingStor does not ever remove
-incomplete multipart uploads so it may be necessary to run this from
-time to time.
+    OAuth Client Secret.
 
-Buckets and Zone
+    Leave blank normally.
 
-With QingStor you can list buckets (rclone lsd) using any zone, but you
-can only access the content of a bucket from the zone it was created in.
-If you attempt to access a bucket from the wrong zone, you will get an
-error, incorrect zone, the bucket is not in 'XXX' zone.
+    Properties:
 
-Authentication
+    - Config:      client_secret
+    - Env Var:     RCLONE_PIKPAK_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-There are two ways to supply rclone with a set of QingStor credentials.
-In order of precedence:
+    #### --pikpak-token
 
--   Directly in the rclone configuration file (as configured by
-    rclone config)
-    -   set access_key_id and secret_access_key
--   Runtime configuration:
-    -   set env_auth to true in the config file
-    -   Exporting the following environment variables before running
-        rclone
-        -   Access Key ID: QS_ACCESS_KEY_ID or QS_ACCESS_KEY
-        -   Secret Access Key: QS_SECRET_ACCESS_KEY or QS_SECRET_KEY
+    OAuth Access Token as a JSON blob.
 
-Restricted filename characters
+    Properties:
 
-The control characters 0x00-0x1F and / are replaced as in the default
-restricted characters set. Note that 0x7F is not replaced.
+    - Config:      token
+    - Env Var:     RCLONE_PIKPAK_TOKEN
+    - Type:        string
+    - Required:    false
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    #### --pikpak-auth-url
 
-Standard options
+    Auth server URL.
 
-Here are the Standard options specific to qingstor (QingCloud Object
-Storage).
+    Leave blank to use the provider defaults.
 
---qingstor-env-auth
+    Properties:
 
-Get QingStor credentials from runtime.
+    - Config:      auth_url
+    - Env Var:     RCLONE_PIKPAK_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-Only applies if access_key_id and secret_access_key is blank.
+    #### --pikpak-token-url
 
-Properties:
+    Token server url.
 
--   Config: env_auth
--   Env Var: RCLONE_QINGSTOR_ENV_AUTH
--   Type: bool
--   Default: false
--   Examples:
-    -   "false"
-        -   Enter QingStor credentials in the next step.
-    -   "true"
-        -   Get QingStor credentials from the environment (env vars or
-            IAM).
+    Leave blank to use the provider defaults.
 
---qingstor-access-key-id
+    Properties:
 
-QingStor Access Key ID.
+    - Config:      token_url
+    - Env Var:     RCLONE_PIKPAK_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-Leave blank for anonymous access or runtime credentials.
+    #### --pikpak-root-folder-id
 
-Properties:
+    ID of the root folder.
+    Leave blank normally.
 
--   Config: access_key_id
--   Env Var: RCLONE_QINGSTOR_ACCESS_KEY_ID
--   Type: string
--   Required: false
+    Fill in for rclone to use a non root folder as its starting point.
 
---qingstor-secret-access-key
 
-QingStor Secret Access Key (password).
+    Properties:
 
-Leave blank for anonymous access or runtime credentials.
+    - Config:      root_folder_id
+    - Env Var:     RCLONE_PIKPAK_ROOT_FOLDER_ID
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --pikpak-use-trash
 
--   Config: secret_access_key
--   Env Var: RCLONE_QINGSTOR_SECRET_ACCESS_KEY
--   Type: string
--   Required: false
+    Send files to the trash instead of deleting permanently.
 
---qingstor-endpoint
+    Defaults to true, namely sending files to the trash.
+    Use `--pikpak-use-trash=false` to delete files permanently instead.
 
-Enter an endpoint URL to connection QingStor API.
+    Properties:
 
-Leave blank will use the default value "https://qingstor.com:443".
+    - Config:      use_trash
+    - Env Var:     RCLONE_PIKPAK_USE_TRASH
+    - Type:        bool
+    - Default:     true
 
-Properties:
+    #### --pikpak-trashed-only
 
--   Config: endpoint
--   Env Var: RCLONE_QINGSTOR_ENDPOINT
--   Type: string
--   Required: false
+    Only show files that are in the trash.
 
---qingstor-zone
+    This will show trashed files in their original directory structure.
 
-Zone to connect to.
+    Properties:
 
-Default is "pek3a".
+    - Config:      trashed_only
+    - Env Var:     RCLONE_PIKPAK_TRASHED_ONLY
+    - Type:        bool
+    - Default:     false
 
-Properties:
+    #### --pikpak-hash-memory-limit
 
--   Config: zone
--   Env Var: RCLONE_QINGSTOR_ZONE
--   Type: string
--   Required: false
--   Examples:
-    -   "pek3a"
-        -   The Beijing (China) Three Zone.
-        -   Needs location constraint pek3a.
-    -   "sh1a"
-        -   The Shanghai (China) First Zone.
-        -   Needs location constraint sh1a.
-    -   "gd2a"
-        -   The Guangdong (China) Second Zone.
-        -   Needs location constraint gd2a.
+    Files bigger than this will be cached on disk to calculate hash if required.
 
-Advanced options
+    Properties:
 
-Here are the Advanced options specific to qingstor (QingCloud Object
-Storage).
+    - Config:      hash_memory_limit
+    - Env Var:     RCLONE_PIKPAK_HASH_MEMORY_LIMIT
+    - Type:        SizeSuffix
+    - Default:     10Mi
 
---qingstor-connection-retries
+    #### --pikpak-encoding
 
-Number of connection retries.
+    The encoding for the backend.
 
-Properties:
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
--   Config: connection_retries
--   Env Var: RCLONE_QINGSTOR_CONNECTION_RETRIES
--   Type: int
--   Default: 3
+    Properties:
 
---qingstor-upload-cutoff
+    - Config:      encoding
+    - Env Var:     RCLONE_PIKPAK_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot
 
-Cutoff for switching to chunked upload.
+    ## Backend commands
 
-Any files larger than this will be uploaded in chunks of chunk_size. The
-minimum is 0 and the maximum is 5 GiB.
+    Here are the commands specific to the pikpak backend.
 
-Properties:
+    Run them with
 
--   Config: upload_cutoff
--   Env Var: RCLONE_QINGSTOR_UPLOAD_CUTOFF
--   Type: SizeSuffix
--   Default: 200Mi
+        rclone backend COMMAND remote:
 
---qingstor-chunk-size
+    The help below will explain what arguments each command takes.
 
-Chunk size to use for uploading.
+    See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+    info on how to pass options and arguments.
 
-When uploading files larger than upload_cutoff they will be uploaded as
-multipart uploads using this chunk size.
+    These can be run on a running backend using the rc command
+    [backend/command](https://rclone.org/rc/#backend-command).
 
-Note that "--qingstor-upload-concurrency" chunks of this size are
-buffered in memory per transfer.
+    ### addurl
 
-If you are transferring large files over high-speed links and you have
-enough memory, then increasing this will speed up the transfers.
+    Add offline download task for url
 
-Properties:
+        rclone backend addurl remote: [options] [<arguments>+]
 
--   Config: chunk_size
--   Env Var: RCLONE_QINGSTOR_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 4Mi
+    This command adds offline download task for url.
 
---qingstor-upload-concurrency
+    Usage:
 
-Concurrency for multipart uploads.
+        rclone backend addurl pikpak:dirpath url
 
-This is the number of chunks of the same file that are uploaded
-concurrently.
+    Downloads will be stored in 'dirpath'. If 'dirpath' is invalid, 
+    download will fallback to default 'My Pack' folder.
 
-NB if you set this to > 1 then the checksums of multipart uploads become
-corrupted (the uploads themselves are not corrupted though).
 
-If you are uploading small numbers of large files over high-speed links
-and these uploads do not fully utilize your bandwidth, then increasing
-this may help to speed up the transfers.
+    ### decompress
 
-Properties:
+    Request decompress of a file/files in a folder
 
--   Config: upload_concurrency
--   Env Var: RCLONE_QINGSTOR_UPLOAD_CONCURRENCY
--   Type: int
--   Default: 1
+        rclone backend decompress remote: [options] [<arguments>+]
 
---qingstor-encoding
+    This command requests decompress of file/files in a folder.
 
-The encoding for the backend.
+    Usage:
 
-See the encoding section in the overview for more info.
+        rclone backend decompress pikpak:dirpath {filename} -o password=password
+        rclone backend decompress pikpak:dirpath {filename} -o delete-src-file
 
-Properties:
+    An optional argument 'filename' can be specified for a file located in 
+    'pikpak:dirpath'. You may want to pass '-o password=password' for a 
+    password-protected files. Also, pass '-o delete-src-file' to delete 
+    source files after decompression finished.
 
--   Config: encoding
--   Env Var: RCLONE_QINGSTOR_ENCODING
--   Type: MultiEncoder
--   Default: Slash,Ctl,InvalidUtf8
+    Result:
 
-Limitations
+        {
+            "Decompressed": 17,
+            "SourceDeleted": 0,
+            "Errors": 0
+        }
 
-rclone about is not supported by the qingstor backend. Backends without
-this capability cannot determine free space for an rclone mount or use
-policy mfs (most free space) as a member of an rclone union remote.
 
-See List of backends that do not support rclone about and rclone about
 
-Sia
 
-Sia (sia.tech) is a decentralized cloud storage platform based on the
-blockchain technology. With rclone you can use it like any other remote
-filesystem or mount Sia folders locally. The technology behind it
-involves a number of new concepts such as Siacoins and Wallet,
-Blockchain and Consensus, Renting and Hosting, and so on. If you are new
-to it, you'd better first familiarize yourself using their excellent
-support documentation.
+    ## Limitations
 
-Introduction
+    ### Hashes may be empty
 
-Before you can use rclone with Sia, you will need to have a running copy
-of Sia-UI or siad (the Sia daemon) locally on your computer or on local
-network (e.g. a NAS). Please follow the Get started guide and install
-one.
+    PikPak supports MD5 hash, but sometimes given empty especially for user-uploaded files.
 
-rclone interacts with Sia network by talking to the Sia daemon via HTTP
-API which is usually available on port 9980. By default you will run the
-daemon locally on the same computer so it's safe to leave the API
-password blank (the API URL will be http://127.0.0.1:9980 making
-external access impossible).
-
-However, if you want to access Sia daemon running on another node, for
-example due to memory constraints or because you want to share single
-daemon between several rclone and Sia-UI instances, you'll need to make
-a few more provisions: - Ensure you have Sia daemon installed directly
-or in a docker container because Sia-UI does not support this mode
-natively. - Run it on externally accessible port, for example provide
---api-addr :9980 and --disable-api-security arguments on the daemon
-command line. - Enforce API password for the siad daemon via environment
-variable SIA_API_PASSWORD or text file named apipassword in the daemon
-directory. - Set rclone backend option api_password taking it from above
-locations.
-
-Notes: 1. If your wallet is locked, rclone cannot unlock it
-automatically. You should either unlock it in advance by using Sia-UI or
-via command line siac wallet unlock. Alternatively you can make siad
-unlock your wallet automatically upon startup by running it with
-environment variable SIA_WALLET_PASSWORD. 2. If siad cannot find the
-SIA_API_PASSWORD variable or the apipassword file in the SIA_DIR
-directory, it will generate a random password and store in the text file
-named apipassword under YOUR_HOME/.sia/ directory on Unix or
-C:\Users\YOUR_HOME\AppData\Local\Sia\apipassword on Windows. Remember
-this when you configure password in rclone. 3. The only way to use siad
-without API password is to run it on localhost with command line
-argument --authorize-api=false, but this is insecure and strongly
-discouraged.
+    ### Deleted files still visible with trashed-only
 
-Configuration
+    Deleted files will still be visible with `--pikpak-trashed-only` even after the
+    trash emptied. This goes away after few days.
 
-Here is an example of how to make a sia remote called mySia. First, run:
+    #  premiumize.me
 
-     rclone config
+    Paths are specified as `remote:path`
 
-This will guide you through an interactive setup process:
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> mySia
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    ...
-    29 / Sia Decentralized Cloud
-       \ "sia"
-    ...
-    Storage> sia
-    Sia daemon API URL, like http://sia.daemon.host:9980.
-    Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
-    Keep default if Sia daemon runs on localhost.
-    Enter a string value. Press Enter for the default ("http://127.0.0.1:9980").
-    api_url> http://127.0.0.1:9980
-    Sia Daemon API Password.
-    Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory.
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank (default)
-    y/g/n> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Edit advanced config?
-    y) Yes
-    n) No (default)
-    y/n> n
-    --------------------
-    [mySia]
-    type = sia
-    api_url = http://127.0.0.1:9980
-    api_password = *** ENCRYPTED ***
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    ## Configuration
 
-Once configured, you can then use rclone like this:
+    The initial setup for [premiumize.me](https://premiumize.me/) involves getting a token from premiumize.me which you
+    need to do in your browser.  `rclone config` walks you through it.
 
--   List directories in top level of your Sia storage
+    Here is an example of how to make a remote called `remote`.  First run:
 
-    rclone lsd mySia:
+         rclone config
 
--   List all the files in your Sia storage
+    This will guide you through an interactive setup process:
 
-    rclone ls mySia:
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX /
+premiumize.me  "premiumizeme" [snip] Storage> premiumizeme ** See help
+for premiumizeme backend at: https://rclone.org/premiumizeme/ **
 
--   Upload a local directory to the Sia directory called backup
+Remote config Use web browser to automatically authenticate rclone with
+remote? * Say Y if the machine running rclone has a web browser you can
+use * Say N if running rclone on a (remote) machine without web browser
+access If not sure try Y. If Y failed, try N. y) Yes n) No y/n> y If
+your browser doesn't open automatically go to the following link:
+http://127.0.0.1:53682/auth Log in and authorize rclone for access
+Waiting for code... Got code -------------------- [remote] type =
+premiumizeme token =
+{"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2029-08-07T18:44:15.548915378+01:00"}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d>
 
-    rclone copy /home/source mySia:backup
 
-Standard options
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
-Here are the Standard options specific to sia (Sia Decentralized Cloud).
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from premiumize.me. This only runs from the moment it opens
+    your browser to the moment you get back the verification code.  This
+    is on `http://127.0.0.1:53682/` and this it may require you to unblock
+    it temporarily if you are running a host firewall.
 
---sia-api-url
+    Once configured you can then use `rclone` like this,
 
-Sia daemon API URL, like http://sia.daemon.host:9980.
+    List directories in top level of your premiumize.me
 
-Note that siad must run with --disable-api-security to open API port for
-other hosts (not recommended). Keep default if Sia daemon runs on
-localhost.
+        rclone lsd remote:
 
-Properties:
+    List all the files in your premiumize.me
 
--   Config: api_url
--   Env Var: RCLONE_SIA_API_URL
--   Type: string
--   Default: "http://127.0.0.1:9980"
+        rclone ls remote:
 
---sia-api-password
+    To copy a local directory to an premiumize.me directory called backup
 
-Sia Daemon API Password.
+        rclone copy /home/source remote:backup
 
-Can be found in the apipassword file located in HOME/.sia/ or in the
-daemon directory.
+    ### Modification times and hashes
 
-NB Input to this must be obscured - see rclone obscure.
+    premiumize.me does not support modification times or hashes, therefore
+    syncing will default to `--size-only` checking.  Note that using
+    `--update` will work.
 
-Properties:
+    ### Restricted filename characters
 
--   Config: api_password
--   Env Var: RCLONE_SIA_API_PASSWORD
--   Type: string
--   Required: false
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-Advanced options
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | \         | 0x5C  | ＼           |
+    | "         | 0x22  | ＂           |
 
-Here are the Advanced options specific to sia (Sia Decentralized Cloud).
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
---sia-user-agent
 
-Siad User Agent
+    ### Standard options
 
-Sia daemon requires the 'Sia-Agent' user agent by default for security
+    Here are the Standard options specific to premiumizeme (premiumize.me).
 
-Properties:
+    #### --premiumizeme-client-id
 
--   Config: user_agent
--   Env Var: RCLONE_SIA_USER_AGENT
--   Type: string
--   Default: "Sia-Agent"
+    OAuth Client Id.
 
---sia-encoding
+    Leave blank normally.
 
-The encoding for the backend.
+    Properties:
 
-See the encoding section in the overview for more info.
+    - Config:      client_id
+    - Env Var:     RCLONE_PREMIUMIZEME_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --premiumizeme-client-secret
 
--   Config: encoding
--   Env Var: RCLONE_SIA_ENCODING
--   Type: MultiEncoder
--   Default: Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot
+    OAuth Client Secret.
 
-Limitations
+    Leave blank normally.
 
--   Modification times not supported
--   Checksums not supported
--   rclone about not supported
--   rclone can work only with Siad or Sia-UI at the moment, the SkyNet
-    daemon is not supported yet.
--   Sia does not allow control characters or symbols like question and
-    pound signs in file names. rclone will transparently encode them for
-    you, but you'd better be aware
+    Properties:
 
-Swift
+    - Config:      client_secret
+    - Env Var:     RCLONE_PREMIUMIZEME_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-Swift refers to OpenStack Object Storage. Commercial implementations of
-that being:
+    #### --premiumizeme-api-key
 
--   Rackspace Cloud Files
--   Memset Memstore
--   OVH Object Storage
--   Oracle Cloud Storage
--   IBM Bluemix Cloud ObjectStorage Swift
+    API Key.
 
-Paths are specified as remote:container (or remote: for the lsd
-command.) You may put subdirectories in too, e.g.
-remote:container/path/to/dir.
+    This is not normally used - use oauth instead.
 
-Configuration
 
-Here is an example of making a swift configuration. First run
+    Properties:
 
-    rclone config
+    - Config:      api_key
+    - Env Var:     RCLONE_PREMIUMIZEME_API_KEY
+    - Type:        string
+    - Required:    false
 
-This will guide you through an interactive setup process.
+    ### Advanced options
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
-       \ "swift"
-    [snip]
-    Storage> swift
-    Get swift credentials from environment variables in standard OpenStack form.
-    Choose a number from below, or type in your own value
-     1 / Enter swift credentials in the next step
-       \ "false"
-     2 / Get swift credentials from environment vars. Leave other fields blank if using this.
-       \ "true"
-    env_auth> true
-    User name to log in (OS_USERNAME).
-    user> 
-    API key or password (OS_PASSWORD).
-    key> 
-    Authentication URL for server (OS_AUTH_URL).
-    Choose a number from below, or type in your own value
-     1 / Rackspace US
-       \ "https://auth.api.rackspacecloud.com/v1.0"
-     2 / Rackspace UK
-       \ "https://lon.auth.api.rackspacecloud.com/v1.0"
-     3 / Rackspace v2
-       \ "https://identity.api.rackspacecloud.com/v2.0"
-     4 / Memset Memstore UK
-       \ "https://auth.storage.memset.com/v1.0"
-     5 / Memset Memstore UK v2
-       \ "https://auth.storage.memset.com/v2.0"
-     6 / OVH
-       \ "https://auth.cloud.ovh.net/v3"
-    auth> 
-    User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
-    user_id> 
-    User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-    domain> 
-    Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-    tenant> 
-    Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-    tenant_id> 
-    Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-    tenant_domain> 
-    Region name - optional (OS_REGION_NAME)
-    region> 
-    Storage URL - optional (OS_STORAGE_URL)
-    storage_url> 
-    Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-    auth_token> 
-    AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-    auth_version> 
-    Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE)
-    Choose a number from below, or type in your own value
-     1 / Public (default, choose this if not sure)
-       \ "public"
-     2 / Internal (use internal service net)
-       \ "internal"
-     3 / Admin
-       \ "admin"
-    endpoint_type> 
-    Remote config
-    --------------------
-    [test]
-    env_auth = true
-    user = 
-    key = 
-    auth = 
-    user_id = 
-    domain = 
-    tenant = 
-    tenant_id = 
-    tenant_domain = 
-    region = 
-    storage_url = 
-    auth_token = 
-    auth_version = 
-    endpoint_type = 
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Here are the Advanced options specific to premiumizeme (premiumize.me).
 
-This remote is called remote and can now be used like this
+    #### --premiumizeme-token
 
-See all containers
+    OAuth Access Token as a JSON blob.
 
-    rclone lsd remote:
+    Properties:
 
-Make a new container
+    - Config:      token
+    - Env Var:     RCLONE_PREMIUMIZEME_TOKEN
+    - Type:        string
+    - Required:    false
 
-    rclone mkdir remote:container
+    #### --premiumizeme-auth-url
 
-List the contents of a container
+    Auth server URL.
 
-    rclone ls remote:container
+    Leave blank to use the provider defaults.
 
-Sync /home/local/directory to the remote container, deleting any excess
-files in the container.
+    Properties:
 
-    rclone sync --interactive /home/local/directory remote:container
+    - Config:      auth_url
+    - Env Var:     RCLONE_PREMIUMIZEME_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-Configuration from an OpenStack credentials file
+    #### --premiumizeme-token-url
 
-An OpenStack credentials file typically looks something something like
-this (without the comments)
+    Token server url.
 
-    export OS_AUTH_URL=https://a.provider.net/v2.0
-    export OS_TENANT_ID=ffffffffffffffffffffffffffffffff
-    export OS_TENANT_NAME="1234567890123456"
-    export OS_USERNAME="123abc567xy"
-    echo "Please enter your OpenStack Password: "
-    read -sr OS_PASSWORD_INPUT
-    export OS_PASSWORD=$OS_PASSWORD_INPUT
-    export OS_REGION_NAME="SBG1"
-    if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
+    Leave blank to use the provider defaults.
 
-The config file needs to look something like this where $OS_USERNAME
-represents the value of the OS_USERNAME variable - 123abc567xy in the
-example above.
+    Properties:
 
-    [remote]
-    type = swift
-    user = $OS_USERNAME
-    key = $OS_PASSWORD
-    auth = $OS_AUTH_URL
-    tenant = $OS_TENANT_NAME
+    - Config:      token_url
+    - Env Var:     RCLONE_PREMIUMIZEME_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-Note that you may (or may not) need to set region too - try without
-first.
+    #### --premiumizeme-encoding
 
-Configuration from the environment
+    The encoding for the backend.
 
-If you prefer you can configure rclone to use swift using a standard set
-of OpenStack environment variables.
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-When you run through the config, make sure you choose true for env_auth
-and leave everything else blank.
+    Properties:
 
-rclone will then set any empty config parameters from the environment
-using standard OpenStack environment variables. There is a list of the
-variables in the docs for the swift library.
+    - Config:      encoding
+    - Env Var:     RCLONE_PREMIUMIZEME_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
-Using an alternate authentication method
 
-If your OpenStack installation uses a non-standard authentication method
-that might not be yet supported by rclone or the underlying swift
-library, you can authenticate externally (e.g. calling manually the
-openstack commands to get a token). Then, you just need to pass the two
-configuration variables auth_token and storage_url. If they are both
-provided, the other variables are ignored. rclone will not try to
-authenticate but instead assume it is already authenticated and use
-these two variables to access the OpenStack installation.
 
-Using rclone without a config file
+    ## Limitations
 
-You can use rclone with swift without a config file, if desired, like
-this:
+    Note that premiumize.me is case insensitive so you can't have a file called
+    "Hello.doc" and one called "hello.doc".
 
-    source openstack-credentials-file
-    export RCLONE_CONFIG_MYREMOTE_TYPE=swift
-    export RCLONE_CONFIG_MYREMOTE_ENV_AUTH=true
-    rclone lsd myremote:
+    premiumize.me file names can't have the `\` or `"` characters in.
+    rclone maps these to and from an identical looking unicode equivalents
+    `＼` and `＂`
 
---fast-list
+    premiumize.me only supports filenames up to 255 characters in length.
 
-This remote supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details.
+    #  Proton Drive
 
---update and --use-server-modtime
+    [Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+     for your files that protects your data.
 
-As noted below, the modified time is stored on metadata on the object.
-It is used by default for all operations that require checking the time
-a file was last updated. It allows rclone to treat the remote more like
-a true filesystem, but it is inefficient because it requires an extra
-API call to retrieve the metadata.
+    This is an rclone backend for Proton Drive which supports the file transfer
+    features of Proton Drive using the same client-side encryption.
 
-For many operations, the time the object was last uploaded to the remote
-is sufficient to determine if it is "dirty". By using --update along
-with --use-server-modtime, you can avoid the extra API call and simply
-upload files whose local modtime is newer than the time it was last
-uploaded.
+    Due to the fact that Proton Drive doesn't publish its API documentation, this 
+    backend is implemented with best efforts by reading the open-sourced client 
+    source code and observing the Proton Drive traffic in the browser.
 
-Modified time
+    **NB** This backend is currently in Beta. It is believed to be correct
+    and all the integration tests pass. However the Proton Drive protocol
+    has evolved over time there may be accounts it is not compatible
+    with. Please [post on the rclone forum](https://forum.rclone.org/) if
+    you find an incompatibility.
 
-The modified time is stored as metadata on the object as
-X-Object-Meta-Mtime as floating point since the epoch accurate to 1 ns.
+    Paths are specified as `remote:path`
 
-This is a de facto standard (used in the official python-swiftclient
-amongst others) for storing the modification time for an object.
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-Restricted filename characters
+    ## Configurations
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  NUL          0x00         ␀
-  /            0x2F        ／
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+         rclone config
 
-Standard options
+    This will guide you through an interactive setup process:
 
-Here are the Standard options specific to swift (OpenStack Swift
-(Rackspace Cloud Files, Memset Memstore, OVH)).
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Proton Drive  "Proton Drive" [snip] Storage> protondrive User name
+user> you@protonmail.com Password. y) Yes type in my own password g)
+Generate random password n) No leave this optional password blank y/g/n>
+y Enter the password: password: Confirm the password: password: Option
+2fa. 2FA code (if the account requires one) Enter a value. Press Enter
+to leave empty. 2fa> 123456 Remote config -------------------- [remote]
+type = protondrive user = you@protonmail.com pass = *** ENCRYPTED ***
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
---swift-env-auth
 
-Get swift credentials from environment variables in standard OpenStack
-form.
+    **NOTE:** The Proton Drive encryption keys need to have been already generated 
+    after a regular login via the browser, otherwise attempting to use the 
+    credentials in `rclone` will fail.
 
-Properties:
+    Once configured you can then use `rclone` like this,
 
--   Config: env_auth
--   Env Var: RCLONE_SWIFT_ENV_AUTH
--   Type: bool
--   Default: false
--   Examples:
-    -   "false"
-        -   Enter swift credentials in the next step.
-    -   "true"
-        -   Get swift credentials from environment vars.
-        -   Leave other fields blank if using this.
+    List directories in top level of your Proton Drive
 
---swift-user
+        rclone lsd remote:
 
-User name to log in (OS_USERNAME).
+    List all the files in your Proton Drive
 
-Properties:
+        rclone ls remote:
 
--   Config: user
--   Env Var: RCLONE_SWIFT_USER
--   Type: string
--   Required: false
+    To copy a local directory to an Proton Drive directory called backup
 
---swift-key
+        rclone copy /home/source remote:backup
 
-API key or password (OS_PASSWORD).
+    ### Modification times and hashes
 
-Properties:
+    Proton Drive Bridge does not support updating modification times yet.
 
--   Config: key
--   Env Var: RCLONE_SWIFT_KEY
--   Type: string
--   Required: false
+    The SHA1 hash algorithm is supported.
 
---swift-auth
+    ### Restricted filename characters
 
-Authentication URL for server (OS_AUTH_URL).
+    Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+    right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
 
-Properties:
+    ### Duplicated files
 
--   Config: auth
--   Env Var: RCLONE_SWIFT_AUTH
--   Type: string
--   Required: false
--   Examples:
-    -   "https://auth.api.rackspacecloud.com/v1.0"
-        -   Rackspace US
-    -   "https://lon.auth.api.rackspacecloud.com/v1.0"
-        -   Rackspace UK
-    -   "https://identity.api.rackspacecloud.com/v2.0"
-        -   Rackspace v2
-    -   "https://auth.storage.memset.com/v1.0"
-        -   Memset Memstore UK
-    -   "https://auth.storage.memset.com/v2.0"
-        -   Memset Memstore UK v2
-    -   "https://auth.cloud.ovh.net/v3"
-        -   OVH
-
---swift-user-id
-
-User ID to log in - optional - most swift systems use user and leave
-this blank (v3 auth) (OS_USER_ID).
+    Proton Drive can not have two files with exactly the same name and path. If the 
+    conflict occurs, depending on the advanced config, the file might or might not 
+    be overwritten.
 
-Properties:
+    ### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
 
--   Config: user_id
--   Env Var: RCLONE_SWIFT_USER_ID
--   Type: string
--   Required: false
+    Please set your mailbox password in the advanced config section.
 
---swift-domain
+    ### Caching
 
-User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+    The cache is currently built for the case when the rclone is the only instance 
+    performing operations to the mount point. The event system, which is the proton
+    API system that provides visibility of what has changed on the drive, is yet 
+    to be implemented, so updates from other clients won’t be reflected in the 
+    cache. Thus, if there are concurrent clients accessing the same mount point, 
+    then we might have a problem with caching the stale data.
 
-Properties:
 
--   Config: domain
--   Env Var: RCLONE_SWIFT_DOMAIN
--   Type: string
--   Required: false
+    ### Standard options
 
---swift-tenant
+    Here are the Standard options specific to protondrive (Proton Drive).
 
-Tenant name - optional for v1 auth, this or tenant_id required otherwise
-(OS_TENANT_NAME or OS_PROJECT_NAME).
+    #### --protondrive-username
 
-Properties:
+    The username of your proton account
 
--   Config: tenant
--   Env Var: RCLONE_SWIFT_TENANT
--   Type: string
--   Required: false
+    Properties:
 
---swift-tenant-id
+    - Config:      username
+    - Env Var:     RCLONE_PROTONDRIVE_USERNAME
+    - Type:        string
+    - Required:    true
 
-Tenant ID - optional for v1 auth, this or tenant required otherwise
-(OS_TENANT_ID).
+    #### --protondrive-password
 
-Properties:
+    The password of your proton account.
 
--   Config: tenant_id
--   Env Var: RCLONE_SWIFT_TENANT_ID
--   Type: string
--   Required: false
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
---swift-tenant-domain
+    Properties:
 
-Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).
+    - Config:      password
+    - Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+    - Type:        string
+    - Required:    true
 
-Properties:
+    #### --protondrive-2fa
 
--   Config: tenant_domain
--   Env Var: RCLONE_SWIFT_TENANT_DOMAIN
--   Type: string
--   Required: false
+    The 2FA code
 
---swift-region
+    The value can also be provided with --protondrive-2fa=000000
 
-Region name - optional (OS_REGION_NAME).
+    The 2FA code of your proton drive account if the account is set up with 
+    two-factor authentication
 
-Properties:
+    Properties:
 
--   Config: region
--   Env Var: RCLONE_SWIFT_REGION
--   Type: string
--   Required: false
+    - Config:      2fa
+    - Env Var:     RCLONE_PROTONDRIVE_2FA
+    - Type:        string
+    - Required:    false
 
---swift-storage-url
+    ### Advanced options
 
-Storage URL - optional (OS_STORAGE_URL).
+    Here are the Advanced options specific to protondrive (Proton Drive).
 
-Properties:
+    #### --protondrive-mailbox-password
 
--   Config: storage_url
--   Env Var: RCLONE_SWIFT_STORAGE_URL
--   Type: string
--   Required: false
+    The mailbox password of your two-password proton account.
 
---swift-auth-token
+    For more information regarding the mailbox password, please check the 
+    following official knowledge base article: 
+    https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
 
-Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).
 
-Properties:
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
--   Config: auth_token
--   Env Var: RCLONE_SWIFT_AUTH_TOKEN
--   Type: string
--   Required: false
+    Properties:
 
---swift-application-credential-id
+    - Config:      mailbox_password
+    - Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+    - Type:        string
+    - Required:    false
 
-Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).
+    #### --protondrive-client-uid
 
-Properties:
+    Client uid key (internal use only)
 
--   Config: application_credential_id
--   Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_ID
--   Type: string
--   Required: false
+    Properties:
 
---swift-application-credential-name
+    - Config:      client_uid
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+    - Type:        string
+    - Required:    false
 
-Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).
+    #### --protondrive-client-access-token
 
-Properties:
+    Client access token key (internal use only)
 
--   Config: application_credential_name
--   Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_NAME
--   Type: string
--   Required: false
+    Properties:
 
---swift-application-credential-secret
+    - Config:      client_access_token
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+    - Type:        string
+    - Required:    false
 
-Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).
+    #### --protondrive-client-refresh-token
 
-Properties:
+    Client refresh token key (internal use only)
 
--   Config: application_credential_secret
--   Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_SECRET
--   Type: string
--   Required: false
+    Properties:
 
---swift-auth-version
+    - Config:      client_refresh_token
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+    - Type:        string
+    - Required:    false
 
-AuthVersion - optional - set to (1,2,3) if your auth URL has no version
-(ST_AUTH_VERSION).
+    #### --protondrive-client-salted-key-pass
 
-Properties:
+    Client salted key pass key (internal use only)
 
--   Config: auth_version
--   Env Var: RCLONE_SWIFT_AUTH_VERSION
--   Type: int
--   Default: 0
+    Properties:
 
---swift-endpoint-type
+    - Config:      client_salted_key_pass
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+    - Type:        string
+    - Required:    false
 
-Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE).
+    #### --protondrive-encoding
 
-Properties:
+    The encoding for the backend.
 
--   Config: endpoint_type
--   Env Var: RCLONE_SWIFT_ENDPOINT_TYPE
--   Type: string
--   Default: "public"
--   Examples:
-    -   "public"
-        -   Public (default, choose this if not sure)
-    -   "internal"
-        -   Internal (use internal service net)
-    -   "admin"
-        -   Admin
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
---swift-storage-policy
+    Properties:
 
-The storage policy to use when creating a new container.
+    - Config:      encoding
+    - Env Var:     RCLONE_PROTONDRIVE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
 
-This applies the specified storage policy when creating a new container.
-The policy cannot be changed afterwards. The allowed configuration
-values and their meaning depend on your Swift storage provider.
+    #### --protondrive-original-file-size
 
-Properties:
+    Return the file size before encryption
+                
+    The size of the encrypted file will be different from (bigger than) the 
+    original file size. Unless there is a reason to return the file size 
+    after encryption is performed, otherwise, set this option to true, as 
+    features like Open() which will need to be supplied with original content 
+    size, will fail to operate properly
 
--   Config: storage_policy
--   Env Var: RCLONE_SWIFT_STORAGE_POLICY
--   Type: string
--   Required: false
--   Examples:
-    -   ""
-        -   Default
-    -   "pcs"
-        -   OVH Public Cloud Storage
-    -   "pca"
-        -   OVH Public Cloud Archive
+    Properties:
 
-Advanced options
+    - Config:      original_file_size
+    - Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+    - Type:        bool
+    - Default:     true
 
-Here are the Advanced options specific to swift (OpenStack Swift
-(Rackspace Cloud Files, Memset Memstore, OVH)).
+    #### --protondrive-app-version
 
---swift-leave-parts-on-error
+    The app version string 
 
-If true avoid calling abort upload on a failure.
+    The app version string indicates the client that is currently performing 
+    the API request. This information is required and will be sent with every 
+    API request.
 
-It should be set to true for resuming uploads across different sessions.
+    Properties:
 
-Properties:
+    - Config:      app_version
+    - Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+    - Type:        string
+    - Default:     "macos-drive@1.0.0-alpha.1+rclone"
+
+    #### --protondrive-replace-existing-draft
 
--   Config: leave_parts_on_error
--   Env Var: RCLONE_SWIFT_LEAVE_PARTS_ON_ERROR
--   Type: bool
--   Default: false
+    Create a new revision when filename conflict is detected
 
---swift-chunk-size
+    When a file upload is cancelled or failed before completion, a draft will be 
+    created and the subsequent upload of the same file to the same location will be 
+    reported as a conflict.
 
-Above this size files will be chunked into a _segments container.
+    The value can also be set by --protondrive-replace-existing-draft=true
 
-Above this size files will be chunked into a _segments container. The
-default for this is 5 GiB which is its maximum value.
+    If the option is set to true, the draft will be replaced and then the upload 
+    operation will restart. If there are other clients also uploading at the same 
+    file location at the same time, the behavior is currently unknown. Need to set 
+    to true for integration tests.
+    If the option is set to false, an error "a draft exist - usually this means a 
+    file is being uploaded at another client, or, there was a failed upload attempt" 
+    will be returned, and no upload will happen.
 
-Properties:
+    Properties:
 
--   Config: chunk_size
--   Env Var: RCLONE_SWIFT_CHUNK_SIZE
--   Type: SizeSuffix
--   Default: 5Gi
+    - Config:      replace_existing_draft
+    - Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+    - Type:        bool
+    - Default:     false
 
---swift-no-chunk
+    #### --protondrive-enable-caching
 
-Don't chunk files during streaming upload.
+    Caches the files and folders metadata to reduce API calls
 
-When doing streaming uploads (e.g. using rcat or mount) setting this
-flag will cause the swift backend to not upload chunked files.
+    Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+    as the current implementation doesn't update or clear the cache when there are 
+    external changes. 
 
-This will limit the maximum upload size to 5 GiB. However non chunked
-files are easier to deal with and have an MD5SUM.
+    The files and folders on ProtonDrive are represented as links with keyrings, 
+    which can be cached to improve performance and be friendly to the API server.
 
-Rclone will still chunk files bigger than chunk_size when doing normal
-copy operations.
+    The cache is currently built for the case when the rclone is the only instance 
+    performing operations to the mount point. The event system, which is the proton
+    API system that provides visibility of what has changed on the drive, is yet 
+    to be implemented, so updates from other clients won’t be reflected in the 
+    cache. Thus, if there are concurrent clients accessing the same mount point, 
+    then we might have a problem with caching the stale data.
 
-Properties:
+    Properties:
 
--   Config: no_chunk
--   Env Var: RCLONE_SWIFT_NO_CHUNK
--   Type: bool
--   Default: false
+    - Config:      enable_caching
+    - Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+    - Type:        bool
+    - Default:     true
 
---swift-no-large-objects
 
-Disable support for static and dynamic large objects
 
-Swift cannot transparently store files bigger than 5 GiB. There are two
-schemes for doing that, static or dynamic large objects, and the API
-does not allow rclone to determine whether a file is a static or dynamic
-large object without doing a HEAD on the object. Since these need to be
-treated differently, this means rclone has to issue HEAD requests for
-objects for example when reading checksums.
+    ## Limitations
 
-When no_large_objects is set, rclone will assume that there are no
-static or dynamic large objects stored. This means it can stop doing the
-extra HEAD calls which in turn increases performance greatly especially
-when doing a swift to swift transfer with --checksum set.
+    This backend uses the 
+    [Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+    is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+    fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
 
-Setting this option implies no_chunk and also that no files will be
-uploaded in chunks, so files bigger than 5 GiB will just fail on upload.
+    There is no official API documentation available from Proton Drive. But, thanks 
+    to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+    and the web, iOS, and Android client codebases, we don't need to completely 
+    reverse engineer the APIs by observing the web client traffic! 
 
-If you set this option and there are static or dynamic large objects,
-then this will give incorrect hashes for them. Downloads will succeed,
-but other operations such as Remove and Copy will fail.
+    [proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+    building blocks of API calls and error handling, such as 429 exponential 
+    back-off, but it is pretty much just a barebone interface to the Proton API. 
+    For example, the encryption and decryption of the Proton Drive file are not 
+    provided in this library. 
 
-Properties:
+    The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+    top of this quickly. This codebase handles the intricate tasks before and after 
+    calling Proton APIs, particularly the complex encryption scheme, allowing 
+    developers to implement features for other software on top of this codebase. 
+    There are likely quite a few errors in this library, as there isn't official 
+    documentation available.
 
--   Config: no_large_objects
--   Env Var: RCLONE_SWIFT_NO_LARGE_OBJECTS
--   Type: bool
--   Default: false
+    #  put.io
 
---swift-encoding
+    Paths are specified as `remote:path`
 
-The encoding for the backend.
+    put.io paths may be as deep as required, e.g.
+    `remote:directory/subdirectory`.
 
-See the encoding section in the overview for more info.
+    ## Configuration
 
-Properties:
+    The initial setup for put.io involves getting a token from put.io
+    which you need to do in your browser.  `rclone config` walks you
+    through it.
 
--   Config: encoding
--   Env Var: RCLONE_SWIFT_ENCODING
--   Type: MultiEncoder
--   Default: Slash,InvalidUtf8
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Limitations
+         rclone config
 
-The Swift API doesn't return a correct MD5SUM for segmented files
-(Dynamic or Static Large Objects) so rclone won't check or use the
-MD5SUM for these.
+    This will guide you through an interactive setup process:
 
-Troubleshooting
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> putio Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX / Put.io
+ "putio" [snip] Storage> putio ** See help for putio backend at:
+https://rclone.org/putio/ **
 
-Rclone gives Failed to create file system for "remote:": Bad Request
+Remote config Use web browser to automatically authenticate rclone with
+remote? * Say Y if the machine running rclone has a web browser you can
+use * Say N if running rclone on a (remote) machine without web browser
+access If not sure try Y. If Y failed, try N. y) Yes n) No y/n> y If
+your browser doesn't open automatically go to the following link:
+http://127.0.0.1:53682/auth Log in and authorize rclone for access
+Waiting for code... Got code -------------------- [putio] type = putio
+token = {"access_token":"XXXXXXXX","expiry":"0001-01-01T00:00:00Z"}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y Current remotes:
 
-Due to an oddity of the underlying swift library, it gives a "Bad
-Request" error rather than a more sensible error when the authentication
-fails for Swift.
+Name Type ==== ==== putio putio
 
-So this most likely means your username / password is wrong. You can
-investigate further with the --dump-bodies flag.
+e)  Edit existing remote
+f)  New remote
+g)  Delete remote
+h)  Rename remote
+i)  Copy remote
+j)  Set configuration password
+k)  Quit config e/n/d/r/c/s/q> q
 
-This may also be caused by specifying the region when you shouldn't have
-(e.g. OVH).
 
-Rclone gives Failed to create file system: Response didn't have storage url and auth token
+    See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+    machine with no Internet browser available.
 
-This is most likely caused by forgetting to specify your tenant when
-setting up a swift remote.
+    Note that rclone runs a webserver on your local machine to collect the
+    token as returned from put.io  if using web browser to automatically 
+    authenticate. This only
+    runs from the moment it opens your browser to the moment you get back
+    the verification code.  This is on `http://127.0.0.1:53682/` and this
+    it may require you to unblock it temporarily if you are running a host
+    firewall, or use manual mode.
 
-OVH Cloud Archive
+    You can then use it like this,
 
-To use rclone with OVH cloud archive, first use rclone config to set up
-a swift backend with OVH, choosing pca as the storage_policy.
+    List directories in top level of your put.io
 
-Uploading Objects
+        rclone lsd remote:
 
-Uploading objects to OVH cloud archive is no different to object
-storage, you just simply run the command you like (move, copy or sync)
-to upload the objects. Once uploaded the objects will show in a "Frozen"
-state within the OVH control panel.
+    List all the files in your put.io
 
-Retrieving Objects
+        rclone ls remote:
 
-To retrieve objects use rclone copy as normal. If the objects are in a
-frozen state then rclone will ask for them all to be unfrozen and it
-will wait at the end of the output with a message like the following:
+    To copy a local directory to a put.io directory called backup
 
-2019/03/23 13:06:33 NOTICE: Received retry after error - sleeping until 2019-03-23T13:16:33.481657164+01:00 (9m59.99985121s)
+        rclone copy /home/source remote:backup
 
-Rclone will wait for the time specified then retry the copy.
+    ### Restricted filename characters
 
-pCloud
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-Paths are specified as remote:path
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | \         | 0x5C  | ＼           |
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-Configuration
 
-The initial setup for pCloud involves getting a token from pCloud which
-you need to do in your browser. rclone config walks you through it.
+    ### Standard options
 
-Here is an example of how to make a remote called remote. First run:
+    Here are the Standard options specific to putio (Put.io).
 
-     rclone config
+    #### --putio-client-id
 
-This will guide you through an interactive setup process:
+    OAuth Client Id.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Pcloud
-       \ "pcloud"
-    [snip]
-    Storage> pcloud
-    Pcloud App Client Id - leave blank normally.
-    client_id> 
-    Pcloud App Client Secret - leave blank normally.
-    client_secret> 
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [remote]
-    client_id = 
-    client_secret = 
-    token = {"access_token":"XXX","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    Leave blank normally.
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+    Properties:
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from pCloud. This only runs from the moment it opens
-your browser to the moment you get back the verification code. This is
-on http://127.0.0.1:53682/ and this it may require you to unblock it
-temporarily if you are running a host firewall.
+    - Config:      client_id
+    - Env Var:     RCLONE_PUTIO_CLIENT_ID
+    - Type:        string
+    - Required:    false
 
-Once configured you can then use rclone like this,
+    #### --putio-client-secret
 
-List directories in top level of your pCloud
+    OAuth Client Secret.
 
-    rclone lsd remote:
+    Leave blank normally.
 
-List all the files in your pCloud
+    Properties:
 
-    rclone ls remote:
+    - Config:      client_secret
+    - Env Var:     RCLONE_PUTIO_CLIENT_SECRET
+    - Type:        string
+    - Required:    false
 
-To copy a local directory to a pCloud directory called backup
+    ### Advanced options
 
-    rclone copy /home/source remote:backup
+    Here are the Advanced options specific to putio (Put.io).
 
-Modified time and hashes
+    #### --putio-token
 
-pCloud allows modification times to be set on objects accurate to 1
-second. These will be used to detect whether objects need syncing or
-not. In order to set a Modification time pCloud requires the object be
-re-uploaded.
+    OAuth Access Token as a JSON blob.
 
-pCloud supports MD5 and SHA1 hashes in the US region, and SHA1 and
-SHA256 hashes in the EU region, so you can use the --checksum flag.
+    Properties:
 
-Restricted filename characters
+    - Config:      token
+    - Env Var:     RCLONE_PUTIO_TOKEN
+    - Type:        string
+    - Required:    false
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    #### --putio-auth-url
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  \            0x5C        ＼
+    Auth server URL.
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Leave blank to use the provider defaults.
 
-Deleting files
+    Properties:
 
-Deleted files will be moved to the trash. Your subscription level will
-determine how long items stay in the trash. rclone cleanup can be used
-to empty the trash.
+    - Config:      auth_url
+    - Env Var:     RCLONE_PUTIO_AUTH_URL
+    - Type:        string
+    - Required:    false
 
-Emptying the trash
+    #### --putio-token-url
 
-Due to an API limitation, the rclone cleanup command will only work if
-you set your username and password in the advanced options for this
-backend. Since we generally want to avoid storing user passwords in the
-rclone config file, we advise you to only set this up if you need the
-rclone cleanup command to work.
+    Token server url.
 
-Root folder ID
+    Leave blank to use the provider defaults.
 
-You can set the root_folder_id for rclone. This is the directory
-(identified by its Folder ID) that rclone considers to be the root of
-your pCloud drive.
+    Properties:
 
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
+    - Config:      token_url
+    - Env Var:     RCLONE_PUTIO_TOKEN_URL
+    - Type:        string
+    - Required:    false
 
-However you can set this to restrict rclone to a specific folder
-hierarchy.
+    #### --putio-encoding
 
-In order to do this you will have to find the Folder ID of the directory
-you wish rclone to display. This will be the folder field of the URL
-when you open the relevant folder in the pCloud web interface.
+    The encoding for the backend.
 
-So if the folder you want rclone to use has a URL which looks like
-https://my.pcloud.com/#page=filemanager&folder=5xxxxxxxx8&tpl=foldergrid
-in the browser, then you use 5xxxxxxxx8 as the root_folder_id in the
-config.
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Standard options
+    Properties:
 
-Here are the Standard options specific to pcloud (Pcloud).
+    - Config:      encoding
+    - Env Var:     RCLONE_PUTIO_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
---pcloud-client-id
 
-OAuth Client Id.
 
-Leave blank normally.
+    ## Limitations
 
-Properties:
+    put.io has rate limiting. When you hit a limit, rclone automatically
+    retries after waiting the amount of time requested by the server.
 
--   Config: client_id
--   Env Var: RCLONE_PCLOUD_CLIENT_ID
--   Type: string
--   Required: false
+    If you want to avoid ever hitting these limits, you may use the
+    `--tpslimit` flag with a low number. Note that the imposed limits
+    may be different for different operations, and may change over time.
 
---pcloud-client-secret
+    #  Proton Drive
 
-OAuth Client Secret.
+    [Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+     for your files that protects your data.
 
-Leave blank normally.
+    This is an rclone backend for Proton Drive which supports the file transfer
+    features of Proton Drive using the same client-side encryption.
 
-Properties:
+    Due to the fact that Proton Drive doesn't publish its API documentation, this 
+    backend is implemented with best efforts by reading the open-sourced client 
+    source code and observing the Proton Drive traffic in the browser.
 
--   Config: client_secret
--   Env Var: RCLONE_PCLOUD_CLIENT_SECRET
--   Type: string
--   Required: false
+    **NB** This backend is currently in Beta. It is believed to be correct
+    and all the integration tests pass. However the Proton Drive protocol
+    has evolved over time there may be accounts it is not compatible
+    with. Please [post on the rclone forum](https://forum.rclone.org/) if
+    you find an incompatibility.
 
-Advanced options
+    Paths are specified as `remote:path`
 
-Here are the Advanced options specific to pcloud (Pcloud).
+    Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
---pcloud-token
+    ## Configurations
 
-OAuth Access Token as a JSON blob.
+    Here is an example of how to make a remote called `remote`.  First run:
 
-Properties:
+         rclone config
 
--   Config: token
--   Env Var: RCLONE_PCLOUD_TOKEN
--   Type: string
--   Required: false
+    This will guide you through an interactive setup process:
 
---pcloud-auth-url
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / Proton Drive  "Proton Drive" [snip] Storage> protondrive User name
+user> you@protonmail.com Password. y) Yes type in my own password g)
+Generate random password n) No leave this optional password blank y/g/n>
+y Enter the password: password: Confirm the password: password: Option
+2fa. 2FA code (if the account requires one) Enter a value. Press Enter
+to leave empty. 2fa> 123456 Remote config -------------------- [remote]
+type = protondrive user = you@protonmail.com pass = *** ENCRYPTED ***
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
-Auth server URL.
 
-Leave blank to use the provider defaults.
+    **NOTE:** The Proton Drive encryption keys need to have been already generated 
+    after a regular login via the browser, otherwise attempting to use the 
+    credentials in `rclone` will fail.
 
-Properties:
+    Once configured you can then use `rclone` like this,
 
--   Config: auth_url
--   Env Var: RCLONE_PCLOUD_AUTH_URL
--   Type: string
--   Required: false
+    List directories in top level of your Proton Drive
 
---pcloud-token-url
+        rclone lsd remote:
 
-Token server url.
+    List all the files in your Proton Drive
 
-Leave blank to use the provider defaults.
+        rclone ls remote:
 
-Properties:
+    To copy a local directory to an Proton Drive directory called backup
 
--   Config: token_url
--   Env Var: RCLONE_PCLOUD_TOKEN_URL
--   Type: string
--   Required: false
+        rclone copy /home/source remote:backup
 
---pcloud-encoding
+    ### Modification times and hashes
 
-The encoding for the backend.
+    Proton Drive Bridge does not support updating modification times yet.
 
-See the encoding section in the overview for more info.
+    The SHA1 hash algorithm is supported.
 
-Properties:
+    ### Restricted filename characters
 
--   Config: encoding
--   Env Var: RCLONE_PCLOUD_ENCODING
--   Type: MultiEncoder
--   Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+    Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+    right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
 
---pcloud-root-folder-id
+    ### Duplicated files
 
-Fill in for rclone to use a non root folder as its starting point.
+    Proton Drive can not have two files with exactly the same name and path. If the 
+    conflict occurs, depending on the advanced config, the file might or might not 
+    be overwritten.
 
-Properties:
+    ### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
 
--   Config: root_folder_id
--   Env Var: RCLONE_PCLOUD_ROOT_FOLDER_ID
--   Type: string
--   Default: "d0"
+    Please set your mailbox password in the advanced config section.
 
---pcloud-hostname
+    ### Caching
 
-Hostname to connect to.
+    The cache is currently built for the case when the rclone is the only instance 
+    performing operations to the mount point. The event system, which is the proton
+    API system that provides visibility of what has changed on the drive, is yet 
+    to be implemented, so updates from other clients won’t be reflected in the 
+    cache. Thus, if there are concurrent clients accessing the same mount point, 
+    then we might have a problem with caching the stale data.
 
-This is normally set when rclone initially does the oauth connection,
-however you will need to set it by hand if you are using remote config
-with rclone authorize.
 
-Properties:
+    ### Standard options
 
--   Config: hostname
--   Env Var: RCLONE_PCLOUD_HOSTNAME
--   Type: string
--   Default: "api.pcloud.com"
--   Examples:
-    -   "api.pcloud.com"
-        -   Original/US region
-    -   "eapi.pcloud.com"
-        -   EU region
+    Here are the Standard options specific to protondrive (Proton Drive).
 
---pcloud-username
+    #### --protondrive-username
 
-Your pcloud username.
+    The username of your proton account
 
-This is only required when you want to use the cleanup command. Due to a
-bug in the pcloud API the required API does not support OAuth
-authentication so we have to rely on user password authentication for
-it.
+    Properties:
 
-Properties:
+    - Config:      username
+    - Env Var:     RCLONE_PROTONDRIVE_USERNAME
+    - Type:        string
+    - Required:    true
 
--   Config: username
--   Env Var: RCLONE_PCLOUD_USERNAME
--   Type: string
--   Required: false
+    #### --protondrive-password
 
---pcloud-password
+    The password of your proton account.
 
-Your pcloud password.
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-NB Input to this must be obscured - see rclone obscure.
+    Properties:
 
-Properties:
+    - Config:      password
+    - Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+    - Type:        string
+    - Required:    true
 
--   Config: password
--   Env Var: RCLONE_PCLOUD_PASSWORD
--   Type: string
--   Required: false
+    #### --protondrive-2fa
 
-premiumize.me
+    The 2FA code
 
-Paths are specified as remote:path
+    The value can also be provided with --protondrive-2fa=000000
 
-Paths may be as deep as required, e.g. remote:directory/subdirectory.
+    The 2FA code of your proton drive account if the account is set up with 
+    two-factor authentication
 
-Configuration
+    Properties:
 
-The initial setup for premiumize.me involves getting a token from
-premiumize.me which you need to do in your browser. rclone config walks
-you through it.
+    - Config:      2fa
+    - Env Var:     RCLONE_PROTONDRIVE_2FA
+    - Type:        string
+    - Required:    false
 
-Here is an example of how to make a remote called remote. First run:
+    ### Advanced options
 
-     rclone config
+    Here are the Advanced options specific to protondrive (Proton Drive).
 
-This will guide you through an interactive setup process:
+    #### --protondrive-mailbox-password
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / premiumize.me
-       \ "premiumizeme"
-    [snip]
-    Storage> premiumizeme
-    ** See help for premiumizeme backend at: https://rclone.org/premiumizeme/ **
+    The mailbox password of your two-password proton account.
 
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [remote]
-    type = premiumizeme
-    token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2029-08-07T18:44:15.548915378+01:00"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> 
+    For more information regarding the mailbox password, please check the 
+    following official knowledge base article: 
+    https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from premiumize.me. This only runs from the moment it
-opens your browser to the moment you get back the verification code.
-This is on http://127.0.0.1:53682/ and this it may require you to
-unblock it temporarily if you are running a host firewall.
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-Once configured you can then use rclone like this,
+    Properties:
 
-List directories in top level of your premiumize.me
+    - Config:      mailbox_password
+    - Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+    - Type:        string
+    - Required:    false
 
-    rclone lsd remote:
+    #### --protondrive-client-uid
 
-List all the files in your premiumize.me
+    Client uid key (internal use only)
 
-    rclone ls remote:
+    Properties:
 
-To copy a local directory to an premiumize.me directory called backup
+    - Config:      client_uid
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+    - Type:        string
+    - Required:    false
 
-    rclone copy /home/source remote:backup
+    #### --protondrive-client-access-token
 
-Modified time and hashes
+    Client access token key (internal use only)
 
-premiumize.me does not support modification times or hashes, therefore
-syncing will default to --size-only checking. Note that using --update
-will work.
+    Properties:
 
-Restricted filename characters
+    - Config:      client_access_token
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+    - Type:        string
+    - Required:    false
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    #### --protondrive-client-refresh-token
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  \            0x5C        ＼
-  "            0x22        ＂
+    Client refresh token key (internal use only)
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    Properties:
 
-Standard options
+    - Config:      client_refresh_token
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+    - Type:        string
+    - Required:    false
 
-Here are the Standard options specific to premiumizeme (premiumize.me).
+    #### --protondrive-client-salted-key-pass
 
---premiumizeme-api-key
+    Client salted key pass key (internal use only)
 
-API Key.
+    Properties:
 
-This is not normally used - use oauth instead.
+    - Config:      client_salted_key_pass
+    - Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+    - Type:        string
+    - Required:    false
 
-Properties:
+    #### --protondrive-encoding
 
--   Config: api_key
--   Env Var: RCLONE_PREMIUMIZEME_API_KEY
--   Type: string
--   Required: false
+    The encoding for the backend.
 
-Advanced options
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Here are the Advanced options specific to premiumizeme (premiumize.me).
+    Properties:
 
---premiumizeme-encoding
+    - Config:      encoding
+    - Env Var:     RCLONE_PROTONDRIVE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
 
-The encoding for the backend.
+    #### --protondrive-original-file-size
 
-See the encoding section in the overview for more info.
+    Return the file size before encryption
+                
+    The size of the encrypted file will be different from (bigger than) the 
+    original file size. Unless there is a reason to return the file size 
+    after encryption is performed, otherwise, set this option to true, as 
+    features like Open() which will need to be supplied with original content 
+    size, will fail to operate properly
 
-Properties:
+    Properties:
 
--   Config: encoding
--   Env Var: RCLONE_PREMIUMIZEME_ENCODING
--   Type: MultiEncoder
--   Default: Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot
+    - Config:      original_file_size
+    - Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+    - Type:        bool
+    - Default:     true
 
-Limitations
+    #### --protondrive-app-version
 
-Note that premiumize.me is case insensitive so you can't have a file
-called "Hello.doc" and one called "hello.doc".
+    The app version string 
 
-premiumize.me file names can't have the \ or " characters in. rclone
-maps these to and from an identical looking unicode equivalents ＼ and
-＂
+    The app version string indicates the client that is currently performing 
+    the API request. This information is required and will be sent with every 
+    API request.
 
-premiumize.me only supports filenames up to 255 characters in length.
+    Properties:
 
-put.io
+    - Config:      app_version
+    - Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+    - Type:        string
+    - Default:     "macos-drive@1.0.0-alpha.1+rclone"
 
-Paths are specified as remote:path
+    #### --protondrive-replace-existing-draft
 
-put.io paths may be as deep as required, e.g.
-remote:directory/subdirectory.
+    Create a new revision when filename conflict is detected
 
-Configuration
+    When a file upload is cancelled or failed before completion, a draft will be 
+    created and the subsequent upload of the same file to the same location will be 
+    reported as a conflict.
 
-The initial setup for put.io involves getting a token from put.io which
-you need to do in your browser. rclone config walks you through it.
+    The value can also be set by --protondrive-replace-existing-draft=true
 
-Here is an example of how to make a remote called remote. First run:
+    If the option is set to true, the draft will be replaced and then the upload 
+    operation will restart. If there are other clients also uploading at the same 
+    file location at the same time, the behavior is currently unknown. Need to set 
+    to true for integration tests.
+    If the option is set to false, an error "a draft exist - usually this means a 
+    file is being uploaded at another client, or, there was a failed upload attempt" 
+    will be returned, and no upload will happen.
 
-     rclone config
+    Properties:
 
-This will guide you through an interactive setup process:
+    - Config:      replace_existing_draft
+    - Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+    - Type:        bool
+    - Default:     false
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> putio
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Put.io
-       \ "putio"
-    [snip]
-    Storage> putio
-    ** See help for putio backend at: https://rclone.org/putio/ **
+    #### --protondrive-enable-caching
 
-    Remote config
-    Use web browser to automatically authenticate rclone with remote?
-     * Say Y if the machine running rclone has a web browser you can use
-     * Say N if running rclone on a (remote) machine without web browser access
-    If not sure try Y. If Y failed, try N.
-    y) Yes
-    n) No
-    y/n> y
-    If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
-    Log in and authorize rclone for access
-    Waiting for code...
-    Got code
-    --------------------
-    [putio]
-    type = putio
-    token = {"access_token":"XXXXXXXX","expiry":"0001-01-01T00:00:00Z"}
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
-    Current remotes:
+    Caches the files and folders metadata to reduce API calls
 
-    Name                 Type
-    ====                 ====
-    putio                putio
+    Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+    as the current implementation doesn't update or clear the cache when there are 
+    external changes. 
 
-    e) Edit existing remote
-    n) New remote
-    d) Delete remote
-    r) Rename remote
-    c) Copy remote
-    s) Set configuration password
-    q) Quit config
-    e/n/d/r/c/s/q> q
+    The files and folders on ProtonDrive are represented as links with keyrings, 
+    which can be cached to improve performance and be friendly to the API server.
 
-See the remote setup docs for how to set it up on a machine with no
-Internet browser available.
+    The cache is currently built for the case when the rclone is the only instance 
+    performing operations to the mount point. The event system, which is the proton
+    API system that provides visibility of what has changed on the drive, is yet 
+    to be implemented, so updates from other clients won’t be reflected in the 
+    cache. Thus, if there are concurrent clients accessing the same mount point, 
+    then we might have a problem with caching the stale data.
 
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from put.io if using web browser to automatically
-authenticate. This only runs from the moment it opens your browser to
-the moment you get back the verification code. This is on
-http://127.0.0.1:53682/ and this it may require you to unblock it
-temporarily if you are running a host firewall, or use manual mode.
+    Properties:
 
-You can then use it like this,
+    - Config:      enable_caching
+    - Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+    - Type:        bool
+    - Default:     true
 
-List directories in top level of your put.io
 
-    rclone lsd remote:
 
-List all the files in your put.io
+    ## Limitations
 
-    rclone ls remote:
+    This backend uses the 
+    [Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+    is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+    fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
 
-To copy a local directory to a put.io directory called backup
+    There is no official API documentation available from Proton Drive. But, thanks 
+    to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+    and the web, iOS, and Android client codebases, we don't need to completely 
+    reverse engineer the APIs by observing the web client traffic! 
 
-    rclone copy /home/source remote:backup
+    [proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+    building blocks of API calls and error handling, such as 429 exponential 
+    back-off, but it is pretty much just a barebone interface to the Proton API. 
+    For example, the encryption and decryption of the Proton Drive file are not 
+    provided in this library. 
 
-Restricted filename characters
+    The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+    top of this quickly. This codebase handles the intricate tasks before and after 
+    calling Proton APIs, particularly the complex encryption scheme, allowing 
+    developers to implement features for other software on top of this codebase. 
+    There are likely quite a few errors in this library, as there isn't official 
+    documentation available.
 
-In addition to the default restricted characters set the following
-characters are also replaced:
+    #  Seafile
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  \            0x5C        ＼
+    This is a backend for the [Seafile](https://www.seafile.com/) storage service:
+    - It works with both the free community edition or the professional edition.
+    - Seafile versions 6.x, 7.x, 8.x and 9.x are all supported.
+    - Encrypted libraries are also supported.
+    - It supports 2FA enabled users
+    - Using a Library API Token is **not** supported
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    ## Configuration
 
-Advanced options
+    There are two distinct modes you can setup your remote:
+    - you point your remote to the **root of the server**, meaning you don't specify a library during the configuration:
+    Paths are specified as `remote:library`. You may put subdirectories in too, e.g. `remote:library/path/to/dir`.
+    - you point your remote to a specific library during the configuration:
+    Paths are specified as `remote:path/to/dir`. **This is the recommended mode when using encrypted libraries**. (_This mode is possibly slightly faster than the root mode_)
 
-Here are the Advanced options specific to putio (Put.io).
+    ### Configuration in root mode
 
---putio-encoding
+    Here is an example of making a seafile configuration for a user with **no** two-factor authentication.  First run
 
-The encoding for the backend.
+        rclone config
 
-See the encoding section in the overview for more info.
+    This will guide you through an interactive setup process. To authenticate
+    you will need the URL of your server, your email (or username) and your password.
 
-Properties:
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> seafile Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX /
+Seafile  "seafile" [snip] Storage> seafile ** See help for seafile
+backend at: https://rclone.org/seafile/ **
 
--   Config: encoding
--   Env Var: RCLONE_PUTIO_ENCODING
--   Type: MultiEncoder
--   Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+URL of seafile host to connect to Enter a string value. Press Enter for
+the default (""). Choose a number from below, or type in your own value
+1 / Connect to cloud.seafile.com  "https://cloud.seafile.com/" url>
+http://my.seafile.server/ User name (usually email address) Enter a
+string value. Press Enter for the default (""). user> me@example.com
+Password y) Yes type in my own password g) Generate random password n)
+No leave this optional password blank (default) y/g> y Enter the
+password: password: Confirm the password: password: Two-factor
+authentication ('true' if the account has 2FA enabled) Enter a boolean
+value (true or false). Press Enter for the default ("false"). 2fa> false
+Name of the library. Leave blank to access all non-encrypted libraries.
+Enter a string value. Press Enter for the default (""). library> Library
+password (for encrypted libraries only). Leave blank if you pass it
+through the command line. y) Yes type in my own password g) Generate
+random password n) No leave this optional password blank (default)
+y/g/n> n Edit advanced config? (y/n) y) Yes n) No (default) y/n> n
+Remote config Two-factor authentication is not enabled on this account.
+-------------------- [seafile] type = seafile url =
+http://my.seafile.server/ user = me@example.com pass = *** ENCRYPTED ***
+2fa = false -------------------- y) Yes this is OK (default) e) Edit
+this remote d) Delete this remote y/e/d> y
 
-Limitations
 
-put.io has rate limiting. When you hit a limit, rclone automatically
-retries after waiting the amount of time requested by the server.
+    This remote is called `seafile`. It's pointing to the root of your seafile server and can now be used like this:
 
-If you want to avoid ever hitting these limits, you may use the
---tpslimit flag with a low number. Note that the imposed limits may be
-different for different operations, and may change over time.
+    See all libraries
 
-Seafile
+        rclone lsd seafile:
 
-This is a backend for the Seafile storage service: - It works with both
-the free community edition or the professional edition. - Seafile
-versions 6.x, 7.x, 8.x and 9.x are all supported. - Encrypted libraries
-are also supported. - It supports 2FA enabled users - Using a Library
-API Token is not supported
+    Create a new library
 
-Configuration
+        rclone mkdir seafile:library
 
-There are two distinct modes you can setup your remote: - you point your
-remote to the root of the server, meaning you don't specify a library
-during the configuration: Paths are specified as remote:library. You may
-put subdirectories in too, e.g. remote:library/path/to/dir. - you point
-your remote to a specific library during the configuration: Paths are
-specified as remote:path/to/dir. This is the recommended mode when using
-encrypted libraries. (This mode is possibly slightly faster than the
-root mode)
+    List the contents of a library
 
-Configuration in root mode
+        rclone ls seafile:library
 
-Here is an example of making a seafile configuration for a user with no
-two-factor authentication. First run
+    Sync `/home/local/directory` to the remote library, deleting any
+    excess files in the library.
 
-    rclone config
+        rclone sync --interactive /home/local/directory seafile:library
 
-This will guide you through an interactive setup process. To
-authenticate you will need the URL of your server, your email (or
-username) and your password.
+    ### Configuration in library mode
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> seafile
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Seafile
-       \ "seafile"
-    [snip]
-    Storage> seafile
-    ** See help for seafile backend at: https://rclone.org/seafile/ **
+    Here's an example of a configuration in library mode with a user that has the two-factor authentication enabled. Your 2FA code will be asked at the end of the configuration, and will attempt to authenticate you:
 
-    URL of seafile host to connect to
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / Connect to cloud.seafile.com
-       \ "https://cloud.seafile.com/"
-    url> http://my.seafile.server/
-    User name (usually email address)
-    Enter a string value. Press Enter for the default ("").
-    user> me@example.com
-    Password
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank (default)
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Two-factor authentication ('true' if the account has 2FA enabled)
-    Enter a boolean value (true or false). Press Enter for the default ("false").
-    2fa> false
-    Name of the library. Leave blank to access all non-encrypted libraries.
-    Enter a string value. Press Enter for the default ("").
-    library>
-    Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank (default)
-    y/g/n> n
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No (default)
-    y/n> n
-    Remote config
-    Two-factor authentication is not enabled on this account.
-    --------------------
-    [seafile]
-    type = seafile
-    url = http://my.seafile.server/
-    user = me@example.com
-    pass = *** ENCRYPTED ***
-    2fa = false
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> seafile Type of storage to
+configure. Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value [snip] XX /
+Seafile  "seafile" [snip] Storage> seafile ** See help for seafile
+backend at: https://rclone.org/seafile/ **
 
-This remote is called seafile. It's pointing to the root of your seafile
-server and can now be used like this:
+URL of seafile host to connect to Enter a string value. Press Enter for
+the default (""). Choose a number from below, or type in your own value
+1 / Connect to cloud.seafile.com  "https://cloud.seafile.com/" url>
+http://my.seafile.server/ User name (usually email address) Enter a
+string value. Press Enter for the default (""). user> me@example.com
+Password y) Yes type in my own password g) Generate random password n)
+No leave this optional password blank (default) y/g> y Enter the
+password: password: Confirm the password: password: Two-factor
+authentication ('true' if the account has 2FA enabled) Enter a boolean
+value (true or false). Press Enter for the default ("false"). 2fa> true
+Name of the library. Leave blank to access all non-encrypted libraries.
+Enter a string value. Press Enter for the default (""). library> My
+Library Library password (for encrypted libraries only). Leave blank if
+you pass it through the command line. y) Yes type in my own password g)
+Generate random password n) No leave this optional password blank
+(default) y/g/n> n Edit advanced config? (y/n) y) Yes n) No (default)
+y/n> n Remote config Two-factor authentication: please enter your 2FA
+code 2fa code> 123456 Authenticating... Success! --------------------
+[seafile] type = seafile url = http://my.seafile.server/ user =
+me@example.com pass = 2fa = true library = My Library
+-------------------- y) Yes this is OK (default) e) Edit this remote d)
+Delete this remote y/e/d> y
 
-See all libraries
 
-    rclone lsd seafile:
+    You'll notice your password is blank in the configuration. It's because we only need the password to authenticate you once.
 
-Create a new library
+    You specified `My Library` during the configuration. The root of the remote is pointing at the
+    root of the library `My Library`:
 
-    rclone mkdir seafile:library
+    See all files in the library:
 
-List the contents of a library
+        rclone lsd seafile:
 
-    rclone ls seafile:library
+    Create a new directory inside the library
 
-Sync /home/local/directory to the remote library, deleting any excess
-files in the library.
+        rclone mkdir seafile:directory
 
-    rclone sync --interactive /home/local/directory seafile:library
+    List the contents of a directory
 
-Configuration in library mode
+        rclone ls seafile:directory
 
-Here's an example of a configuration in library mode with a user that
-has the two-factor authentication enabled. Your 2FA code will be asked
-at the end of the configuration, and will attempt to authenticate you:
+    Sync `/home/local/directory` to the remote library, deleting any
+    excess files in the library.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> seafile
-    Type of storage to configure.
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / Seafile
-       \ "seafile"
-    [snip]
-    Storage> seafile
-    ** See help for seafile backend at: https://rclone.org/seafile/ **
+        rclone sync --interactive /home/local/directory seafile:
 
-    URL of seafile host to connect to
-    Enter a string value. Press Enter for the default ("").
-    Choose a number from below, or type in your own value
-     1 / Connect to cloud.seafile.com
-       \ "https://cloud.seafile.com/"
-    url> http://my.seafile.server/
-    User name (usually email address)
-    Enter a string value. Press Enter for the default ("").
-    user> me@example.com
-    Password
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank (default)
-    y/g> y
-    Enter the password:
-    password:
-    Confirm the password:
-    password:
-    Two-factor authentication ('true' if the account has 2FA enabled)
-    Enter a boolean value (true or false). Press Enter for the default ("false").
-    2fa> true
-    Name of the library. Leave blank to access all non-encrypted libraries.
-    Enter a string value. Press Enter for the default ("").
-    library> My Library
-    Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank (default)
-    y/g/n> n
-    Edit advanced config? (y/n)
-    y) Yes
-    n) No (default)
-    y/n> n
-    Remote config
-    Two-factor authentication: please enter your 2FA code
-    2fa code> 123456
-    Authenticating...
-    Success!
-    --------------------
-    [seafile]
-    type = seafile
-    url = http://my.seafile.server/
-    user = me@example.com
-    pass = 
-    2fa = true
-    library = My Library
-    --------------------
-    y) Yes this is OK (default)
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
 
-You'll notice your password is blank in the configuration. It's because
-we only need the password to authenticate you once.
+    ### --fast-list
 
-You specified My Library during the configuration. The root of the
-remote is pointing at the root of the library My Library:
+    Seafile version 7+ supports `--fast-list` which allows you to use fewer
+    transactions in exchange for more memory. See the [rclone
+    docs](https://rclone.org/docs/#fast-list) for more details.
+    Please note this is not supported on seafile server version 6.x
 
-See all files in the library:
 
-    rclone lsd seafile:
+    ### Restricted filename characters
 
-Create a new directory inside the library
+    In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+    the following characters are also replaced:
 
-    rclone mkdir seafile:directory
+    | Character | Value | Replacement |
+    | --------- |:-----:|:-----------:|
+    | /         | 0x2F  | ／          |
+    | "         | 0x22  | ＂          |
+    | \         | 0x5C  | ＼           |
 
-List the contents of a directory
+    Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+    as they can't be used in JSON strings.
 
-    rclone ls seafile:directory
+    ### Seafile and rclone link
 
-Sync /home/local/directory to the remote library, deleting any excess
-files in the library.
+    Rclone supports generating share links for non-encrypted libraries only.
+    They can either be for a file or a directory:
 
-    rclone sync --interactive /home/local/directory seafile:
+rclone link seafile:seafile-tutorial.doc
+http://my.seafile.server/f/fdcd8a2f93f84b8b90f4/
 
---fast-list
 
-Seafile version 7+ supports --fast-list which allows you to use fewer
-transactions in exchange for more memory. See the rclone docs for more
-details. Please note this is not supported on seafile server version 6.x
+    or if run on a directory you will get:
 
-Restricted filename characters
+rclone link seafile:dir http://my.seafile.server/d/9ea2455f6f55478bbb0d/
 
-In addition to the default restricted characters set the following
-characters are also replaced:
 
-  Character    Value   Replacement
-  ----------- ------- -------------
-  /            0x2F        ／
-  "            0x22        ＂
-  \            0x5C        ＼
+    Please note a share link is unique for each file or directory. If you run a link command on a file/dir
+    that has already been shared, you will get the exact same link.
 
-Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON
-strings.
+    ### Compatibility
 
-Seafile and rclone link
+    It has been actively developed using the [seafile docker image](https://github.com/haiwen/seafile-docker) of these versions:
+    - 6.3.4 community edition
+    - 7.0.5 community edition
+    - 7.1.3 community edition
+    - 9.0.10 community edition
 
-Rclone supports generating share links for non-encrypted libraries only.
-They can either be for a file or a directory:
+    Versions below 6.0 are not supported.
+    Versions between 6.0 and 6.3 haven't been tested and might not work properly.
 
-    rclone link seafile:seafile-tutorial.doc
-    http://my.seafile.server/f/fdcd8a2f93f84b8b90f4/
+    Each new version of `rclone` is automatically tested against the [latest docker image](https://hub.docker.com/r/seafileltd/seafile-mc/) of the seafile community server.
 
-or if run on a directory you will get:
 
-    rclone link seafile:dir
-    http://my.seafile.server/d/9ea2455f6f55478bbb0d/
+    ### Standard options
 
-Please note a share link is unique for each file or directory. If you
-run a link command on a file/dir that has already been shared, you will
-get the exact same link.
+    Here are the Standard options specific to seafile (seafile).
 
-Compatibility
+    #### --seafile-url
 
-It has been actively developed using the seafile docker image of these
-versions: - 6.3.4 community edition - 7.0.5 community edition - 7.1.3
-community edition - 9.0.10 community edition
+    URL of seafile host to connect to.
 
-Versions below 6.0 are not supported. Versions between 6.0 and 6.3
-haven't been tested and might not work properly.
+    Properties:
 
-Each new version of rclone is automatically tested against the latest
-docker image of the seafile community server.
+    - Config:      url
+    - Env Var:     RCLONE_SEAFILE_URL
+    - Type:        string
+    - Required:    true
+    - Examples:
+        - "https://cloud.seafile.com/"
+            - Connect to cloud.seafile.com.
 
-Standard options
+    #### --seafile-user
 
-Here are the Standard options specific to seafile (seafile).
+    User name (usually email address).
 
---seafile-url
+    Properties:
 
-URL of seafile host to connect to.
+    - Config:      user
+    - Env Var:     RCLONE_SEAFILE_USER
+    - Type:        string
+    - Required:    true
 
-Properties:
+    #### --seafile-pass
 
--   Config: url
--   Env Var: RCLONE_SEAFILE_URL
--   Type: string
--   Required: true
--   Examples:
-    -   "https://cloud.seafile.com/"
-        -   Connect to cloud.seafile.com.
+    Password.
 
---seafile-user
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-User name (usually email address).
+    Properties:
 
-Properties:
+    - Config:      pass
+    - Env Var:     RCLONE_SEAFILE_PASS
+    - Type:        string
+    - Required:    false
 
--   Config: user
--   Env Var: RCLONE_SEAFILE_USER
--   Type: string
--   Required: true
+    #### --seafile-2fa
 
---seafile-pass
+    Two-factor authentication ('true' if the account has 2FA enabled).
 
-Password.
+    Properties:
 
-NB Input to this must be obscured - see rclone obscure.
+    - Config:      2fa
+    - Env Var:     RCLONE_SEAFILE_2FA
+    - Type:        bool
+    - Default:     false
 
-Properties:
+    #### --seafile-library
 
--   Config: pass
--   Env Var: RCLONE_SEAFILE_PASS
--   Type: string
--   Required: false
+    Name of the library.
 
---seafile-2fa
+    Leave blank to access all non-encrypted libraries.
 
-Two-factor authentication ('true' if the account has 2FA enabled).
+    Properties:
 
-Properties:
+    - Config:      library
+    - Env Var:     RCLONE_SEAFILE_LIBRARY
+    - Type:        string
+    - Required:    false
 
--   Config: 2fa
--   Env Var: RCLONE_SEAFILE_2FA
--   Type: bool
--   Default: false
+    #### --seafile-library-key
 
---seafile-library
+    Library password (for encrypted libraries only).
 
-Name of the library.
+    Leave blank if you pass it through the command line.
 
-Leave blank to access all non-encrypted libraries.
+    **NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
 
-Properties:
+    Properties:
 
--   Config: library
--   Env Var: RCLONE_SEAFILE_LIBRARY
--   Type: string
--   Required: false
+    - Config:      library_key
+    - Env Var:     RCLONE_SEAFILE_LIBRARY_KEY
+    - Type:        string
+    - Required:    false
 
---seafile-library-key
+    #### --seafile-auth-token
 
-Library password (for encrypted libraries only).
+    Authentication token.
 
-Leave blank if you pass it through the command line.
+    Properties:
 
-NB Input to this must be obscured - see rclone obscure.
+    - Config:      auth_token
+    - Env Var:     RCLONE_SEAFILE_AUTH_TOKEN
+    - Type:        string
+    - Required:    false
 
-Properties:
+    ### Advanced options
 
--   Config: library_key
--   Env Var: RCLONE_SEAFILE_LIBRARY_KEY
--   Type: string
--   Required: false
+    Here are the Advanced options specific to seafile (seafile).
 
---seafile-auth-token
+    #### --seafile-create-library
 
-Authentication token.
+    Should rclone create a library if it doesn't exist.
 
-Properties:
+    Properties:
 
--   Config: auth_token
--   Env Var: RCLONE_SEAFILE_AUTH_TOKEN
--   Type: string
--   Required: false
+    - Config:      create_library
+    - Env Var:     RCLONE_SEAFILE_CREATE_LIBRARY
+    - Type:        bool
+    - Default:     false
 
-Advanced options
+    #### --seafile-encoding
 
-Here are the Advanced options specific to seafile (seafile).
+    The encoding for the backend.
 
---seafile-create-library
+    See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
 
-Should rclone create a library if it doesn't exist.
+    Properties:
 
-Properties:
+    - Config:      encoding
+    - Env Var:     RCLONE_SEAFILE_ENCODING
+    - Type:        Encoding
+    - Default:     Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8
 
--   Config: create_library
--   Env Var: RCLONE_SEAFILE_CREATE_LIBRARY
--   Type: bool
--   Default: false
 
---seafile-encoding
 
-The encoding for the backend.
+    #  SFTP
 
-See the encoding section in the overview for more info.
+    SFTP is the [Secure (or SSH) File Transfer
+    Protocol](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol).
 
-Properties:
+    The SFTP backend can be used with a number of different providers:
 
--   Config: encoding
--   Env Var: RCLONE_SEAFILE_ENCODING
--   Type: MultiEncoder
--   Default: Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8
 
-SFTP
+    - Hetzner Storage Box
+    - rsync.net
 
-SFTP is the Secure (or SSH) File Transfer Protocol.
 
-The SFTP backend can be used with a number of different providers:
+    SFTP runs over SSH v2 and is installed as standard with most modern
+    SSH installations.
 
--   Hetzner Storage Box
--   rsync.net
+    Paths are specified as `remote:path`. If the path does not begin with
+    a `/` it is relative to the home directory of the user.  An empty path
+    `remote:` refers to the user's home directory. For example, `rclone lsd remote:` 
+    would list the home directory of the user configured in the rclone remote config 
+    (`i.e /home/sftpuser`). However, `rclone lsd remote:/` would list the root 
+    directory for remote machine (i.e. `/`)
 
-SFTP runs over SSH v2 and is installed as standard with most modern SSH
-installations.
+    Note that some SFTP servers will need the leading / - Synology is a
+    good example of this. rsync.net and Hetzner, on the other hand, requires users to
+    OMIT the leading /.
 
-Paths are specified as remote:path. If the path does not begin with a /
-it is relative to the home directory of the user. An empty path remote:
-refers to the user's home directory. For example, rclone lsd remote:
-would list the home directory of the user configured in the rclone
-remote config (i.e /home/sftpuser). However, rclone lsd remote:/ would
-list the root directory for remote machine (i.e. /)
+    Note that by default rclone will try to execute shell commands on
+    the server, see [shell access considerations](#shell-access-considerations).
 
-Note that some SFTP servers will need the leading / - Synology is a good
-example of this. rsync.net and Hetzner, on the other hand, requires
-users to OMIT the leading /.
+    ## Configuration
 
-Note that by default rclone will try to execute shell commands on the
-server, see shell access considerations.
+    Here is an example of making an SFTP configuration.  First run
 
-Configuration
+        rclone config
 
-Here is an example of making an SFTP configuration. First run
+    This will guide you through an interactive setup process.
 
-    rclone config
+No remotes found, make a new one? n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure. Choose a number from below, or type in your own value [snip]
+XX / SSH/SFTP  "sftp" [snip] Storage> sftp SSH host to connect to Choose
+a number from below, or type in your own value 1 / Connect to
+example.com  "example.com" host> example.com SSH username Enter a string
+value. Press Enter for the default ("$USER"). user> sftpuser SSH port
+number Enter a signed integer. Press Enter for the default (22). port>
+SSH password, leave blank to use ssh-agent. y) Yes type in my own
+password g) Generate random password n) No leave this optional password
+blank y/g/n> n Path to unencrypted PEM-encoded private key file, leave
+blank to use ssh-agent. key_file> Remote config --------------------
+[remote] host = example.com user = sftpuser port = pass = key_file =
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 
-This will guide you through an interactive setup process.
 
-    No remotes found, make a new one?
-    n) New remote
-    s) Set configuration password
-    q) Quit config
-    n/s/q> n
-    name> remote
-    Type of storage to configure.
-    Choose a number from below, or type in your own value
-    [snip]
-    XX / SSH/SFTP
-       \ "sftp"
-    [snip]
-    Storage> sftp
-    SSH host to connect to
-    Choose a number from below, or type in your own value
-     1 / Connect to example.com
-       \ "example.com"
-    host> example.com
-    SSH username
-    Enter a string value. Press Enter for the default ("$USER").
-    user> sftpuser
-    SSH port number
-    Enter a signed integer. Press Enter for the default (22).
-    port>
-    SSH password, leave blank to use ssh-agent.
-    y) Yes type in my own password
-    g) Generate random password
-    n) No leave this optional password blank
-    y/g/n> n
-    Path to unencrypted PEM-encoded private key file, leave blank to use ssh-agent.
-    key_file>
-    Remote config
-    --------------------
-    [remote]
-    host = example.com
-    user = sftpuser
-    port =
-    pass =
-    key_file =
-    --------------------
-    y) Yes this is OK
-    e) Edit this remote
-    d) Delete this remote
-    y/e/d> y
+    This remote is called `remote` and can now be used like this:
 
-This remote is called remote and can now be used like this:
+    See all directories in the home directory
 
-See all directories in the home directory
+        rclone lsd remote:
 
-    rclone lsd remote:
+    See all directories in the root directory
 
-See all directories in the root directory
+        rclone lsd remote:/
 
-    rclone lsd remote:/
+    Make a new directory
 
-Make a new directory
+        rclone mkdir remote:path/to/directory
 
-    rclone mkdir remote:path/to/directory
+    List the contents of a directory
 
-List the contents of a directory
+        rclone ls remote:path/to/directory
 
-    rclone ls remote:path/to/directory
+    Sync `/home/local/directory` to the remote directory, deleting any
+    excess files in the directory.
 
-Sync /home/local/directory to the remote directory, deleting any excess
-files in the directory.
+        rclone sync --interactive /home/local/directory remote:directory
 
-    rclone sync --interactive /home/local/directory remote:directory
+    Mount the remote path `/srv/www-data/` to the local path
+    `/mnt/www-data`
 
-Mount the remote path /srv/www-data/ to the local path /mnt/www-data
+        rclone mount remote:/srv/www-data/ /mnt/www-data
 
-    rclone mount remote:/srv/www-data/ /mnt/www-data
+    ### SSH Authentication
 
-SSH Authentication
+    The SFTP remote supports three authentication methods:
 
-The SFTP remote supports three authentication methods:
+      * Password
+      * Key file, including certificate signed keys
+      * ssh-agent
 
--   Password
--   Key file, including certificate signed keys
--   ssh-agent
+    Key files should be PEM-encoded private key files. For instance `/home/$USER/.ssh/id_rsa`.
+    Only unencrypted OpenSSH or PEM encrypted files are supported.
 
-Key files should be PEM-encoded private key files. For instance
-/home/$USER/.ssh/id_rsa. Only unencrypted OpenSSH or PEM encrypted files
-are supported.
+    The key file can be specified in either an external file (key_file) or contained within the 
+    rclone config file (key_pem).  If using key_pem in the config file, the entry should be on a
+    single line with new line ('\n' or '\r\n') separating lines.  i.e.
 
-The key file can be specified in either an external file (key_file) or
-contained within the rclone config file (key_pem). If using key_pem in
-the config file, the entry should be on a single line with new line (''
-or '') separating lines. i.e.
+        key_pem = -----BEGIN RSA PRIVATE KEY-----\nMaMbaIXtE\n0gAMbMbaSsd\nMbaass\n-----END RSA PRIVATE KEY-----
 
-    key_pem = -----BEGIN RSA PRIVATE KEY-----\nMaMbaIXtE\n0gAMbMbaSsd\nMbaass\n-----END RSA PRIVATE KEY-----
+    This will generate it correctly for key_pem for use in the config:
 
-This will generate it correctly for key_pem for use in the config:
+        awk '{printf "%s\\n", $0}' < ~/.ssh/id_rsa
 
-    awk '{printf "%s\\n", $0}' < ~/.ssh/id_rsa
+    If you don't specify `pass`, `key_file`, or `key_pem` or `ask_password` then
+    rclone will attempt to contact an ssh-agent. You can also specify `key_use_agent`
+    to force the usage of an ssh-agent. In this case `key_file` or `key_pem` can
+    also be specified to force the usage of a specific key in the ssh-agent.
 
-If you don't specify pass, key_file, or key_pem or ask_password then
-rclone will attempt to contact an ssh-agent. You can also specify
-key_use_agent to force the usage of an ssh-agent. In this case key_file
-or key_pem can also be specified to force the usage of a specific key in
-the ssh-agent.
+    Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.
 
-Using an ssh-agent is the only way to load encrypted OpenSSH keys at the
-moment.
+    If you set the `ask_password` option, rclone will prompt for a password when
+    needed and no password has been configured.
 
-If you set the ask_password option, rclone will prompt for a password
-when needed and no password has been configured.
+    #### Certificate-signed keys
 
-Certificate-signed keys
+    With traditional key-based authentication, you configure your private key only,
+    and the public key built into it will be used during the authentication process.
 
-With traditional key-based authentication, you configure your private
-key only, and the public key built into it will be used during the
-authentication process.
+    If you have a certificate you may use it to sign your public key, creating a
+    separate SSH user certificate that should be used instead of the plain public key
+    extracted from the private key. Then you must provide the path to the
+    user certificate public key file in `pubkey_file`.
 
-If you have a certificate you may use it to sign your public key,
-creating a separate SSH user certificate that should be used instead of
-the plain public key extracted from the private key. Then you must
-provide the path to the user certificate public key file in pubkey_file.
+    Note: This is not the traditional public key paired with your private key,
+    typically saved as `/home/$USER/.ssh/id_rsa.pub`. Setting this path in
+    `pubkey_file` will not work.
 
-Note: This is not the traditional public key paired with your private
-key, typically saved as /home/$USER/.ssh/id_rsa.pub. Setting this path
-in pubkey_file will not work.
+    Example:
 
-Example:
+[remote] type = sftp host = example.com user = sftpuser key_file =
+~/id_rsa pubkey_file = ~/id_rsa-cert.pub
 
-    [remote]
-    type = sftp
-    host = example.com
-    user = sftpuser
-    key_file = ~/id_rsa
-    pubkey_file = ~/id_rsa-cert.pub
 
-If you concatenate a cert with a private key then you can specify the
-merged file in both places.
+    If you concatenate a cert with a private key then you can specify the
+    merged file in both places.
 
-Note: the cert must come first in the file. e.g.
+    Note: the cert must come first in the file.  e.g.
 
+    ```
     cat id_rsa-cert.pub id_rsa > merged_key
+    ```
 
-Host key validation
+    ### Host key validation
 
-By default rclone will not check the server's host key for validation.
-This can allow an attacker to replace a server with their own and if you
-use password authentication then this can lead to that password being
-exposed.
+    By default rclone will not check the server's host key for validation.  This
+    can allow an attacker to replace a server with their own and if you use
+    password authentication then this can lead to that password being exposed.
 
-Host key matching, using standard known_hosts files can be turned on by
-enabling the known_hosts_file option. This can point to the file
-maintained by OpenSSH or can point to a unique file.
+    Host key matching, using standard `known_hosts` files can be turned on by
+    enabling the `known_hosts_file` option.  This can point to the file maintained
+    by `OpenSSH` or can point to a unique file.
 
-e.g. using the OpenSSH known_hosts file:
+    e.g. using the OpenSSH `known_hosts` file:
 
+    ```
     [remote]
     type = sftp
     host = example.com
@@ -38470,7 +43322,7 @@ disable_hashcheck to true to disable checksumming entirely, or set
 shell_type to none to disable all functionality based on remote shell
 command execution.
 
-Modified time
+Modification times and hashes
 
 Modified times are stored on the server to 1 second precision.
 
@@ -38676,6 +43528,41 @@ Properties:
 -   Type: bool
 -   Default: false
 
+--sftp-ssh
+
+Path and arguments to external ssh binary.
+
+Normally rclone will use its internal ssh library to connect to the SFTP
+server. However it does not implement all possible ssh options so it may
+be desirable to use an external ssh binary.
+
+Rclone ignores all the internal config if you use this option and
+expects you to configure the ssh binary with the user/host/port and any
+other options you need.
+
+Important The ssh command must log in without asking for a password so
+needs to be configured with keys or certificates.
+
+Rclone will run the command supplied either with the additional
+arguments "-s sftp" to access the SFTP subsystem or with commands such
+as "md5sum /path/to/file" appended to read checksums.
+
+Any arguments with spaces in should be surrounded by "double quotes".
+
+An example setting might be:
+
+    ssh -o ServerAliveInterval=20 user@example.com
+
+Note that when using an external ssh binary rclone makes a new ssh
+connection for every hash it calculates.
+
+Properties:
+
+-   Config: ssh
+-   Env Var: RCLONE_SFTP_SSH
+-   Type: SpaceSepList
+-   Default:
+
 Advanced options
 
 Here are the Advanced options specific to sftp (SSH/SFTP).
@@ -38728,6 +43615,22 @@ E.g. if home directory can be found in a shared folder called "home":
 
     rclone sync /home/local/directory remote:/home/directory --sftp-path-override /volume1/homes/USER/directory
 
+To specify only the path to the SFTP remote's root, and allow rclone to
+add any relative subpaths automatically (including unwrapping/decrypting
+remotes as necessary), add the '@' character to the beginning of the
+path.
+
+E.g. the first example above could be rewritten as:
+
+    rclone sync /home/local/directory remote:/directory --sftp-path-override @/volume2
+
+Note that when using this method with Synology "home" folders, the full
+"/homes/USER" path should be specified instead of "/home".
+
+E.g. the second example above should be rewritten as:
+
+    rclone sync /home/local/directory remote:/homes/USER/directory --sftp-path-override @/volume1
+
 Properties:
 
 -   Config: path_override
@@ -38822,6 +43725,15 @@ Specifies the path or command to run a sftp server on the remote host.
 
 The subsystem option is ignored when server_command is defined.
 
+If adding server_command to the configuration file please note that it
+should not be enclosed in quotes, since that will make rclone fail.
+
+A working example is:
+
+    [remote_name]
+    type = sftp
+    server_command = sudo /usr/libexec/openssh/sftp-server
+
 Properties:
 
 -   Config: server_command
@@ -38963,7 +43875,7 @@ Pass multiple variables space separated, eg
 
     VAR1=value VAR2=value
 
-and pass variables with spaces in in quotes, eg
+and pass variables with spaces in quotes, eg
 
     "VAR3=value with space" "VAR4=value with space" VAR5=nospacehere
 
@@ -39034,6 +43946,70 @@ Properties:
 -   Type: SpaceSepList
 -   Default:
 
+--sftp-host-key-algorithms
+
+Space separated list of host key algorithms, ordered by preference.
+
+At least one must match with server configuration. This can be checked
+for example using ssh -Q HostKeyAlgorithms.
+
+Note: This can affect the outcome of key negotiation with the server
+even if server host key validation is not enabled.
+
+Example:
+
+    ssh-ed25519 ssh-rsa ssh-dss
+
+Properties:
+
+-   Config: host_key_algorithms
+-   Env Var: RCLONE_SFTP_HOST_KEY_ALGORITHMS
+-   Type: SpaceSepList
+-   Default:
+
+--sftp-socks-proxy
+
+Socks 5 proxy host.
+
+Supports the format user:pass@host:port, user@host:port, host:port.
+
+Example:
+
+    myUser:myPass@localhost:9005
+
+Properties:
+
+-   Config: socks_proxy
+-   Env Var: RCLONE_SFTP_SOCKS_PROXY
+-   Type: string
+-   Required: false
+
+--sftp-copy-is-hardlink
+
+Set to enable server side copies using hardlinks.
+
+The SFTP protocol does not define a copy command so normally server side
+copies are not allowed with the sftp backend.
+
+However the SFTP protocol does support hardlinking, and if you enable
+this flag then the sftp backend will support server side copies. These
+will be implemented by doing a hardlink from the source to the
+destination.
+
+Not all sftp servers support this.
+
+Note that hardlinking two files together will use no additional space as
+the source and the destination will be the same file.
+
+This feature may be useful backups made with --copy-dest.
+
+Properties:
+
+-   Config: copy_is_hardlink
+-   Env Var: RCLONE_SFTP_COPY_IS_HARDLINK
+-   Type: bool
+-   Default: false
+
 Limitations
 
 On some SFTP servers (e.g. Synology) the paths are different for SSH and
@@ -39081,7 +44057,7 @@ Notes
 
 The first path segment must be the name of the share, which you entered
 when you started to share on Windows. On smbd, it's the section title in
-smb.conf (usually in /etc/samba/) file. You can find shares by quering
+smb.conf (usually in /etc/samba/) file. You can find shares by querying
 the root if you're unsure (e.g. rclone lsd remote:).
 
 You can't access to the shared printers from rclone, obviously.
@@ -39310,7 +44286,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_SMB_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default:
     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
 
@@ -39835,7 +44811,7 @@ Paths may be as deep as required, e.g. remote:directory/subdirectory.
 NB you can't create files in the top level folder you have to create a
 folder, which rclone will create as a "Sync Folder" with SugarSync.
 
-Modified time and hashes
+Modification times and hashes
 
 SugarSync does not support modification times or hashes, therefore
 syncing will default to --size-only checking. Note that using --update
@@ -40003,7 +44979,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_SUGARSYNC_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default: Slash,Ctl,InvalidUtf8,Dot
 
 Limitations
@@ -40098,9 +45074,10 @@ To copy a local directory to an Uptobox directory called backup
 
     rclone copy /home/source remote:backup
 
-Modified time and hashes
+Modification times and hashes
 
-Uptobox supports neither modified times nor checksums.
+Uptobox supports neither modified times nor checksums. All timestamps
+will read as that set by --default-time.
 
 Restricted filename characters
 
@@ -40136,6 +45113,17 @@ Advanced options
 
 Here are the Advanced options specific to uptobox (Uptobox).
 
+--uptobox-private
+
+Set to make uploaded files private
+
+Properties:
+
+-   Config: private
+-   Env Var: RCLONE_UPTOBOX_PRIVATE
+-   Type: bool
+-   Default: false
+
 --uptobox-encoding
 
 The encoding for the backend.
@@ -40146,7 +45134,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_UPTOBOX_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default:
     Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot
 
@@ -40160,27 +45148,29 @@ can however been seen in the uptobox web interface.
 
 Union
 
-The union remote provides a unification similar to UnionFS using other
-remotes.
-
-Paths may be as deep as required or a local path, e.g.
-remote:directory/subdirectory or /directory/subdirectory.
+The union backend joins several remotes together to make a single
+unified view of them.
 
 During the initial setup with rclone config you will specify the
 upstream remotes as a space separated list. The upstream remotes can
 either be a local paths or other remotes.
 
-Attribute :ro and :nc can be attach to the end of path to tag the remote
-as read only or no create, e.g. remote:directory/subdirectory:ro or
-remote:directory/subdirectory:nc.
+The attributes :ro, :nc and :writeback can be attached to the end of the
+remote to tag the remote as read only, no create or writeback, e.g.
+remote:directory/subdirectory:ro or remote:directory/subdirectory:nc.
+
+-   :ro means files will only be read from here and never written
+-   :nc means new files or directories won't be created here
+-   :writeback means files found in different remotes will be written
+    back here. See the writeback section for more info.
 
 Subfolders can be used in upstream remotes. Assume a union remote named
 backup with the remotes mydrive:private/backup. Invoking
 rclone mkdir backup:desktop is exactly the same as invoking
 rclone mkdir mydrive:private/backup/desktop.
 
-There will be no special handling of paths containing .. segments.
-Invoking rclone mkdir backup:../desktop is exactly the same as invoking
+There is no special handling of paths containing .. segments. Invoking
+rclone mkdir backup:../desktop is exactly the same as invoking
 rclone mkdir mydrive:private/backup/../desktop.
 
 Configuration
@@ -40402,6 +45392,34 @@ much larger latency of remote file systems.
                    upstream.
   -----------------------------------------------------------------------
 
+Writeback
+
+The tag :writeback on an upstream remote can be used to make a simple
+cache system like this:
+
+    [union]
+    type = union
+    action_policy = all
+    create_policy = all
+    search_policy = ff
+    upstreams = /local:writeback remote:dir
+
+When files are opened for read, if the file is in remote:dir but not
+/local then rclone will copy the file entirely into /local before
+returning a reference to the file in /local. The copy will be done with
+the equivalent of rclone copy so will use --multi-thread-streams if
+configured. Any copies will be logged with an INFO log.
+
+When files are written, they will be written to both remote:dir and
+/local.
+
+As many remotes as desired can be added to upstreams but there should
+only be one :writeback tag.
+
+Rclone does not manage the :writeback remote in any way other than
+writing files back to it. So if you need to expire old files or manage
+the size then you will have to do this yourself.
+
 Standard options
 
 Here are the Standard options specific to union (Union merges the
@@ -40530,17 +45548,21 @@ This will guide you through an interactive setup process:
     url> https://example.com/remote.php/webdav/
     Name of the WebDAV site/service/software you are using
     Choose a number from below, or type in your own value
-     1 / Nextcloud
-       \ "nextcloud"
-     2 / Owncloud
-       \ "owncloud"
-     3 / Sharepoint Online, authenticated by Microsoft account.
-       \ "sharepoint"
-     4 / Sharepoint with NTLM authentication. Usually self-hosted or on-premises.
-       \ "sharepoint-ntlm"
-     5 / Other site/service or software
-       \ "other"
-    vendor> 1
+     1 / Fastmail Files
+       \ (fastmail)
+     2 / Nextcloud
+       \ (nextcloud)
+     3 / Owncloud
+       \ (owncloud)
+     4 / Sharepoint Online, authenticated by Microsoft account
+       \ (sharepoint)
+     5 / Sharepoint with NTLM authentication, usually self-hosted or on-premises
+       \ (sharepoint-ntlm)
+     6 / rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
+       \ (rclone)
+     7 / Other site/service or software
+       \ (other)
+    vendor> 2
     User name
     user> user
     Password.
@@ -40583,15 +45605,17 @@ To copy a local directory to an WebDAV directory called backup
 
     rclone copy /home/source remote:backup
 
-Modified time and hashes
+Modification times and hashes
 
 Plain WebDAV does not support modified times. However when used with
-Owncloud or Nextcloud rclone will support modified times.
+Fastmail Files, Owncloud or Nextcloud rclone will support modified
+times.
 
 Likewise plain WebDAV does not support hashes, however when used with
-Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes. Depending
-on the exact version of Owncloud or Nextcloud hashes may appear on all
-objects, or only on objects which had a hash uploaded with them.
+Fastmail Files, Owncloud or Nextcloud rclone will support SHA1 and MD5
+hashes. Depending on the exact version of Owncloud or Nextcloud hashes
+may appear on all objects, or only on objects which had a hash uploaded
+with them.
 
 Standard options
 
@@ -40621,6 +45645,8 @@ Properties:
 -   Type: string
 -   Required: false
 -   Examples:
+    -   "fastmail"
+        -   Fastmail Files
     -   "nextcloud"
         -   Nextcloud
     -   "owncloud"
@@ -40630,6 +45656,9 @@ Properties:
     -   "sharepoint-ntlm"
         -   Sharepoint with NTLM authentication, usually self-hosted or
             on-premises
+    -   "rclone"
+        -   rclone WebDAV server to serve a remote over HTTP via the
+            WebDAV protocol
     -   "other"
         -   Other site/service or software
 
@@ -40725,10 +45754,47 @@ Properties:
 -   Type: CommaSepList
 -   Default:
 
+--webdav-pacer-min-sleep
+
+Minimum time to sleep between API calls.
+
+Properties:
+
+-   Config: pacer_min_sleep
+-   Env Var: RCLONE_WEBDAV_PACER_MIN_SLEEP
+-   Type: Duration
+-   Default: 10ms
+
+--webdav-nextcloud-chunk-size
+
+Nextcloud upload chunk size.
+
+We recommend configuring your NextCloud instance to increase the max
+chunk size to 1 GB for better upload performances. See
+https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#adjust-chunk-size-on-nextcloud-side
+
+Set to 0 to disable chunked uploading.
+
+Properties:
+
+-   Config: nextcloud_chunk_size
+-   Env Var: RCLONE_WEBDAV_NEXTCLOUD_CHUNK_SIZE
+-   Type: SizeSuffix
+-   Default: 10Mi
+
 Provider notes
 
 See below for notes on specific providers.
 
+Fastmail Files
+
+Use https://webdav.fastmail.com/ or a subdirectory as the URL, and your
+Fastmail email username@domain.tld as the username. Follow this
+documentation to create an app password with access to Files (WebDAV)
+and use this as the password.
+
+Fastmail supports modified times using the X-OC-Mtime header.
+
 Owncloud
 
 Click on the settings cog in the bottom right of the page and this will
@@ -40823,6 +45889,13 @@ property to compare your documents:
 
     --ignore-size --ignore-checksum --update
 
+Rclone
+
+Use this option if you are hosting remotes over WebDAV provided by
+rclone. Read rclone serve webdav for more details.
+
+rclone serve supports modified times using the X-OC-Mtime header.
+
 dCache
 
 dCache is a storage system that supports many protocols and
@@ -40972,14 +46045,12 @@ in the path.
 Yandex paths may be as deep as required, e.g.
 remote:directory/subdirectory.
 
-Modified time
+Modification times and hashes
 
 Modified times are supported and are stored accurate to 1 ns in custom
 metadata called rclone_modified in RFC3339 with nanoseconds format.
 
-MD5 checksums
-
-MD5 checksums are natively supported by Yandex Disk.
+The MD5 hash algorithm is natively supported by Yandex Disk.
 
 Emptying Trash
 
@@ -41091,7 +46162,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_YANDEX_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default: Slash,Del,Ctl,InvalidUtf8,Dot
 
 Limitations
@@ -41213,13 +46284,11 @@ in the path.
 
 Zoho paths may be as deep as required, eg remote:directory/subdirectory.
 
-Modified time
+Modification times and hashes
 
 Modified times are currently not supported for Zoho Workdrive
 
-Checksums
-
-No checksums are supported.
+No hash algorithms are supported.
 
 Usage information
 
@@ -41340,7 +46409,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_ZOHO_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default: Del,Ctl,InvalidUtf8
 
 Setting up your own client_id
@@ -41374,11 +46443,11 @@ For consistencies sake one can also configure a remote of type local in
 the config file, and access the local filesystem using rclone remote
 paths, e.g. remote:path/to/wherever, but it is probably easier not to.
 
-Modified time
+Modification times
 
-Rclone reads and writes the modified time using an accuracy determined
-by the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second
-on OS X.
+Rclone reads and writes the modification times using an accuracy
+determined by the OS. Typically this is 1ns on Linux, 10 ns on Windows
+and 1 Second on OS X.
 
 Filenames
 
@@ -41780,6 +46849,12 @@ we:
 -   Only checksum the size that stat gave
 -   Don't update the stat info for the file
 
+NB do not use this flag on a Windows Volume Shadow (VSS). For some
+unknown reason, files in a VSS sometimes show different sizes from the
+directory listing (where the initial stat value comes from on Windows)
+and when stat is called on them directly. Other copy tools always use
+the direct stat value and setting this flag will disable that.
+
 Properties:
 
 -   Config: no_check_updated
@@ -41888,7 +46963,7 @@ Properties:
 
 -   Config: encoding
 -   Env Var: RCLONE_LOCAL_ENCODING
--   Type: MultiEncoder
+-   Type: Encoding
 -   Default: Slash,Dot
 
 Metadata
@@ -41964,6 +47039,689 @@ Options:
 
 Changelog
 
+v1.65.0 - 2023-11-26
+
+See commits
+
+-   New backends
+    -   Azure Files (karan, moongdal, Nick Craig-Wood)
+    -   ImageKit (Abhinav Dhiman)
+    -   Linkbox (viktor, Nick Craig-Wood)
+-   New commands
+    -   serve s3: Let rclone act as an S3 compatible server (Mikubill,
+        Artur Neumann, Saw-jan, Nick Craig-Wood)
+    -   nfsmount: mount command to provide mount mechanism on macOS
+        without FUSE (Saleh Dindar)
+    -   serve nfs: to serve a remote for use by nfsmount (Saleh Dindar)
+-   New Features
+    -   install.sh: Clean up temp files in install script (Jacob Hands)
+    -   build
+        -   Update all dependencies (Nick Craig-Wood)
+        -   Refactor version info and icon resource handling on windows
+            (albertony)
+    -   doc updates (albertony, alfish2000, asdffdsazqqq, Dimitri
+        Papadopoulos, Herby Gillot, Joda Stößer, Manoj Ghosh, Nick
+        Craig-Wood)
+    -   Implement --metadata-mapper to transform metatadata with a user
+        supplied program (Nick Craig-Wood)
+    -   Add ChunkWriterDoesntSeek feature flag and set it for b2 (Nick
+        Craig-Wood)
+    -   lib/http: Export basic go string functions for use in --template
+        (Gabriel Espinoza)
+    -   makefile: Use POSIX compatible install arguments (Mina Galić)
+    -   operations
+        -   Use less memory when doing multithread uploads (Nick
+            Craig-Wood)
+        -   Implement --partial-suffix to control extension of temporary
+            file names (Volodymyr)
+    -   rc
+        -   Add operations/check to the rc API (Nick Craig-Wood)
+        -   Always report an error as JSON (Nick Craig-Wood)
+        -   Set Last-Modified header for files served by --rc-serve
+            (Nikita Shoshin)
+    -   size: Dont show duplicate object count when less than 1k
+        (albertony)
+-   Bug Fixes
+    -   fshttp: Fix --contimeout being ignored (你知道未来吗)
+    -   march: Fix excessive parallelism when using --no-traverse (Nick
+        Craig-Wood)
+    -   ncdu: Fix crash when re-entering changed directory after rescan
+        (Nick Craig-Wood)
+    -   operations
+        -   Fix overwrite of destination when multi-thread transfer
+            fails (Nick Craig-Wood)
+        -   Fix invalid UTF-8 when truncating file names when not using
+            --inplace (Nick Craig-Wood)
+    -   serve dnla: Fix crash on graceful exit (wuxingzhong)
+-   Mount
+    -   Disable mount for freebsd and alias cmount as mount on that
+        platform (Nick Craig-Wood)
+-   VFS
+    -   Add --vfs-refresh flag to read all the directories on start
+        (Beyond Meat)
+    -   Implement Name() method in WriteFileHandle and ReadFileHandle
+        (Saleh Dindar)
+    -   Add go-billy dependency and make sure vfs.Handle implements
+        billy.File (Saleh Dindar)
+    -   Error out early if can't upload 0 length file (Nick Craig-Wood)
+-   Local
+    -   Fix copying from Windows Volume Shadows (Nick Craig-Wood)
+-   Azure Blob
+    -   Add support for cold tier (Ivan Yanitra)
+-   B2
+    -   Implement "rclone backend lifecycle" to read and set bucket
+        lifecycles (Nick Craig-Wood)
+    -   Implement --b2-lifecycle to control lifecycle when creating
+        buckets (Nick Craig-Wood)
+    -   Fix listing all buckets when not needed (Nick Craig-Wood)
+    -   Fix multi-thread upload with copyto going to wrong name (Nick
+        Craig-Wood)
+    -   Fix server side chunked copy when file size was exactly
+        --b2-copy-cutoff (Nick Craig-Wood)
+    -   Fix streaming chunked files an exact multiple of chunk size
+        (Nick Craig-Wood)
+-   Box
+    -   Filter more EventIDs when polling (David Sze)
+    -   Add more logging for polling (David Sze)
+    -   Fix performance problem reading metadata for single files (Nick
+        Craig-Wood)
+-   Drive
+    -   Add read/write metadata support (Nick Craig-Wood)
+    -   Add support for SHA-1 and SHA-256 checksums (rinsuki)
+    -   Add --drive-show-all-gdocs to allow unexportable gdocs to be
+        server side copied (Nick Craig-Wood)
+    -   Add a note that --drive-scope accepts comma-separated list of
+        scopes (Keigo Imai)
+    -   Fix error updating created time metadata on existing object
+        (Nick Craig-Wood)
+    -   Fix integration tests by enabling metadata support from the
+        context (Nick Craig-Wood)
+-   Dropbox
+    -   Factor batcher into lib/batcher (Nick Craig-Wood)
+    -   Fix missing encoding for rclone purge (Nick Craig-Wood)
+-   Google Cloud Storage
+    -   Fix 400 Bad request errors when using multi-thread copy (Nick
+        Craig-Wood)
+-   Googlephotos
+    -   Implement batcher for uploads (Nick Craig-Wood)
+-   Hdfs
+    -   Added support for list of namenodes in hdfs remote config
+        (Tayo-pasedaRJ)
+-   HTTP
+    -   Implement set backend command to update running backend (Nick
+        Craig-Wood)
+    -   Enable methods used with WebDAV (Alen Šiljak)
+-   Jottacloud
+    -   Add support for reading and writing metadata (albertony)
+-   Onedrive
+    -   Implement ListR method which gives --fast-list support (Nick
+        Craig-Wood)
+        -   This must be enabled with the --onedrive-delta flag
+-   Quatrix
+    -   Add partial upload support (Oksana Zhykina)
+    -   Overwrite files on conflict during server-side move (Oksana
+        Zhykina)
+-   S3
+    -   Add Linode provider (Nick Craig-Wood)
+    -   Add docs on how to add a new provider (Nick Craig-Wood)
+    -   Fix no error being returned when creating a bucket we don't own
+        (Nick Craig-Wood)
+    -   Emit a debug message if anonymous credentials are in use (Nick
+        Craig-Wood)
+    -   Add --s3-disable-multipart-uploads flag (Nick Craig-Wood)
+    -   Detect looping when using gcs and versions (Nick Craig-Wood)
+-   SFTP
+    -   Implement --sftp-copy-is-hardlink to server side copy as
+        hardlink (Nick Craig-Wood)
+-   Smb
+    -   Fix incorrect about size by switching to
+        github.com/cloudsoda/go-smb2 fork (Nick Craig-Wood)
+    -   Fix modtime of multithread uploads by setting PartialUploads
+        (Nick Craig-Wood)
+-   WebDAV
+    -   Added an rclone vendor to work with rclone serve webdav (Adithya
+        Kumar)
+
+v1.64.2 - 2023-10-19
+
+See commits
+
+-   Bug Fixes
+    -   selfupdate: Fix "invalid hashsum signature" error (Nick
+        Craig-Wood)
+    -   build: Fix docker build running out of space (Nick Craig-Wood)
+
+v1.64.1 - 2023-10-17
+
+See commits
+
+-   Bug Fixes
+    -   cmd: Make --progress output logs in the same format as without
+        (Nick Craig-Wood)
+    -   docs fixes (Dimitri Papadopoulos Orfanos, Herby Gillot, Manoj
+        Ghosh, Nick Craig-Wood)
+    -   lsjson: Make sure we set the global metadata flag too (Nick
+        Craig-Wood)
+    -   operations
+        -   Ensure concurrency is no greater than the number of chunks
+            (Pat Patterson)
+        -   Fix OpenOptions ignored in copy if operation was a
+            multiThreadCopy (Vitor Gomes)
+        -   Fix error message on delete to have file name (Nick
+            Craig-Wood)
+    -   serve sftp: Return not supported error for not supported
+        commands (Nick Craig-Wood)
+    -   build: Upgrade golang.org/x/net to v0.17.0 to fix HTTP/2 rapid
+        reset (Nick Craig-Wood)
+    -   pacer: Fix b2 deadlock by defaulting max connections to
+        unlimited (Nick Craig-Wood)
+-   Mount
+    -   Fix automount not detecting drive is ready (Nick Craig-Wood)
+-   VFS
+    -   Fix update dir modification time (Saleh Dindar)
+-   Azure Blob
+    -   Fix "fatal error: concurrent map writes" (Nick Craig-Wood)
+-   B2
+    -   Fix multipart upload: corrupted on transfer: sizes differ XXX vs
+        0 (Nick Craig-Wood)
+    -   Fix locking window when getting mutipart upload URL (Nick
+        Craig-Wood)
+    -   Fix server side copies greater than 4GB (Nick Craig-Wood)
+    -   Fix chunked streaming uploads (Nick Craig-Wood)
+    -   Reduce default --b2-upload-concurrency to 4 to reduce memory
+        usage (Nick Craig-Wood)
+-   Onedrive
+    -   Fix the configurator to allow /teams/ID in the config (Nick
+        Craig-Wood)
+-   Oracleobjectstorage
+    -   Fix OpenOptions being ignored in uploadMultipart with
+        chunkWriter (Nick Craig-Wood)
+-   S3
+    -   Fix slice bounds out of range error when listing (Nick
+        Craig-Wood)
+    -   Fix OpenOptions being ignored in uploadMultipart with
+        chunkWriter (Vitor Gomes)
+-   Storj
+    -   Update storj.io/uplink to v1.12.0 (Kaloyan Raev)
+
+v1.64.0 - 2023-09-11
+
+See commits
+
+-   New backends
+    -   Proton Drive (Chun-Hung Tseng)
+    -   Quatrix (Oksana, Volodymyr Kit)
+    -   New S3 providers
+        -   Synology C2 (BakaWang)
+        -   Leviia (Benjamin)
+    -   New Jottacloud providers
+        -   Onlime (Fjodor42)
+        -   Telia Sky (NoLooseEnds)
+-   Major changes
+    -   Multi-thread transfers (Vitor Gomes, Nick Craig-Wood, Manoj
+        Ghosh, Edwin Mackenzie-Owen)
+        -   Multi-thread transfers are now available when transferring
+            to:
+            -   local, s3, azureblob, b2, oracleobjectstorage and smb
+        -   This greatly improves transfer speed between two network
+            sources.
+        -   In memory buffering has been unified between all backends
+            and should share memory better.
+        -   See --multi-thread docs for more info
+-   New commands
+    -   rclone config redacted support mechanism for showing redacted
+        config (Nick Craig-Wood)
+-   New Features
+    -   accounting
+        -   Show server side stats in own lines and not as bytes
+            transferred (Nick Craig-Wood)
+    -   bisync
+        -   Add new --ignore-listing-checksum flag to distinguish from
+            --ignore-checksum (nielash)
+        -   Add experimental --resilient mode to allow recovery from
+            self-correctable errors (nielash)
+        -   Add support for --create-empty-src-dirs (nielash)
+        -   Dry runs no longer commit filter changes (nielash)
+        -   Enforce --check-access during --resync (nielash)
+        -   Apply filters correctly during deletes (nielash)
+        -   Equality check before renaming (leave identical files alone)
+            (nielash)
+        -   Fix dryRun rc parameter being ignored (nielash)
+    -   build
+        -   Update to go1.21 and make go1.19 the minimum required
+            version (Anagh Kumar Baranwal, Nick Craig-Wood)
+        -   Update dependencies (Nick Craig-Wood)
+        -   Add snap installation (hideo aoyama)
+        -   Change Winget Releaser job to ubuntu-latest (sitiom)
+    -   cmd: Refactor and use sysdnotify in more commands (eNV25)
+    -   config: Add --multi-thread-chunk-size flag (Vitor Gomes)
+    -   doc updates (antoinetran, Benjamin, Bjørn Smith, Dean Attali,
+        gabriel-suela, James Braza, Justin Hellings, kapitainsky, Mahad,
+        Masamune3210, Nick Craig-Wood, Nihaal Sangha, Niklas Hambüchen,
+        Raymond Berger, r-ricci, Sawada Tsunayoshi, Tiago Boeing,
+        Vladislav Vorobev)
+    -   fs
+        -   Use atomic types everywhere (Roberto Ricci)
+        -   When --max-transfer limit is reached exit with code (10)
+            (kapitainsky)
+        -   Add rclone completion powershell - basic implementation only
+            (Nick Craig-Wood)
+    -   http servers: Allow CORS to be set with --allow-origin flag
+        (yuudi)
+    -   lib/rest: Remove unnecessary nil check (Eng Zer Jun)
+    -   ncdu: Add keybinding to rescan filesystem (eNV25)
+    -   rc
+        -   Add executeId to job listings (yuudi)
+        -   Add core/du to measure local disk usage (Nick Craig-Wood)
+        -   Add operations/settier to API (Drew Stinnett)
+    -   rclone test info: Add --check-base32768 flag to check can store
+        all base32768 characters (Nick Craig-Wood)
+    -   rmdirs: Remove directories concurrently controlled by --checkers
+        (Nick Craig-Wood)
+-   Bug Fixes
+    -   accounting: Don't stop calculating average transfer speed until
+        the operation is complete (Jacob Hands)
+    -   fs: Fix transferTime not being set in JSON logs (Jacob Hands)
+    -   fshttp: Fix --bind 0.0.0.0 allowing IPv6 and --bind ::0 allowing
+        IPv4 (Nick Craig-Wood)
+    -   operations: Fix overlapping check on case insensitive file
+        systems (Nick Craig-Wood)
+    -   serve dlna: Fix MIME type if backend can't identify it (Nick
+        Craig-Wood)
+    -   serve ftp: Fix race condition when using the auth proxy (Nick
+        Craig-Wood)
+    -   serve sftp: Fix hash calculations with --vfs-cache-mode full
+        (Nick Craig-Wood)
+    -   serve webdav: Fix error: Expecting fs.Object or fs.Directory,
+        got nil (Nick Craig-Wood)
+    -   sync: Fix lockup with --cutoff-mode=soft and --max-duration
+        (Nick Craig-Wood)
+-   Mount
+    -   fix: Mount parsing for linux (Anagh Kumar Baranwal)
+-   VFS
+    -   Add --vfs-cache-min-free-space to control minimum free space on
+        the disk containing the cache (Nick Craig-Wood)
+    -   Added cache cleaner for directories to reduce memory usage
+        (Anagh Kumar Baranwal)
+    -   Update parent directory modtimes on vfs actions (David Pedersen)
+    -   Keep virtual directory status accurate and reduce deadlock
+        potential (Anagh Kumar Baranwal)
+    -   Make sure struct field is aligned for atomic access (Roberto
+        Ricci)
+-   Local
+    -   Rmdir return an error if the path is not a dir (zjx20)
+-   Azure Blob
+    -   Implement OpenChunkWriter and multi-thread uploads (Nick
+        Craig-Wood)
+    -   Fix creation of directory markers (Nick Craig-Wood)
+    -   Fix purging with directory markers (Nick Craig-Wood)
+-   B2
+    -   Implement OpenChunkWriter and multi-thread uploads (Nick
+        Craig-Wood)
+    -   Fix rclone link when object path contains special characters
+        (Alishan Ladhani)
+-   Box
+    -   Add polling support (David Sze)
+    -   Add --box-impersonate to impersonate a user ID (Nick Craig-Wood)
+    -   Fix unhelpful decoding of error messages into decimal numbers
+        (Nick Craig-Wood)
+-   Chunker
+    -   Update documentation to mention issue with small files (Ricardo
+        D'O. Albanus)
+-   Compress
+    -   Fix ChangeNotify (Nick Craig-Wood)
+-   Drive
+    -   Add --drive-fast-list-bug-fix to control ListR bug workaround
+        (Nick Craig-Wood)
+-   Fichier
+    -   Implement DirMove (Nick Craig-Wood)
+    -   Fix error code parsing (alexia)
+-   FTP
+    -   Add socks_proxy support for SOCKS5 proxies (Zach)
+    -   Fix 425 "TLS session of data connection not resumed" errors
+        (Nick Craig-Wood)
+-   Hdfs
+    -   Retry "replication in progress" errors when uploading (Nick
+        Craig-Wood)
+    -   Fix uploading to the wrong object on Update with overridden
+        remote name (Nick Craig-Wood)
+-   HTTP
+    -   CORS should not be sent if not set (yuudi)
+    -   Fix webdav OPTIONS response (yuudi)
+-   Opendrive
+    -   Fix List on a just deleted and remade directory (Nick
+        Craig-Wood)
+-   Oracleobjectstorage
+    -   Use rclone's rate limiter in multipart transfers (Manoj Ghosh)
+    -   Implement OpenChunkWriter and multi-thread uploads (Manoj Ghosh)
+-   S3
+    -   Refactor multipart upload to use OpenChunkWriter and ChunkWriter
+        (Vitor Gomes)
+    -   Factor generic multipart upload into lib/multipart (Nick
+        Craig-Wood)
+    -   Fix purging of root directory with --s3-directory-markers (Nick
+        Craig-Wood)
+    -   Add rclone backend set command to update the running config
+        (Nick Craig-Wood)
+    -   Add rclone backend restore-status command (Nick Craig-Wood)
+-   SFTP
+    -   Stop uploads re-using the same ssh connection to improve
+        performance (Nick Craig-Wood)
+    -   Add --sftp-ssh to specify an external ssh binary to use (Nick
+        Craig-Wood)
+    -   Add socks_proxy support for SOCKS5 proxies (Zach)
+    -   Support dynamic --sftp-path-override (nielash)
+    -   Fix spurious warning when using --sftp-ssh (Nick Craig-Wood)
+-   Smb
+    -   Implement multi-threaded writes for copies to smb (Edwin
+        Mackenzie-Owen)
+-   Storj
+    -   Performance improvement for large file uploads (Kaloyan Raev)
+-   Swift
+    -   Fix HEADing 0-length objects when --swift-no-large-objects set
+        (Julian Lepinski)
+-   Union
+    -   Add :writback to act as a simple cache (Nick Craig-Wood)
+-   WebDAV
+    -   Nextcloud: fix segment violation in low-level retry (Paul)
+-   Zoho
+    -   Remove Range requests workarounds to fix integration tests (Nick
+        Craig-Wood)
+
+v1.63.1 - 2023-07-17
+
+See commits
+
+-   Bug Fixes
+    -   build: Fix macos builds for versions < 12 (Anagh Kumar Baranwal)
+    -   dirtree: Fix performance with large directories of directories
+        and --fast-list (Nick Craig-Wood)
+    -   operations
+        -   Fix deadlock when using lsd/ls with --progress (Nick
+            Craig-Wood)
+        -   Fix .rclonelink files not being converted back to symlinks
+            (Nick Craig-Wood)
+    -   doc fixes (Dean Attali, Mahad, Nick Craig-Wood, Sawada
+        Tsunayoshi, Vladislav Vorobev)
+-   Local
+    -   Fix partial directory read for corrupted filesystem (Nick
+        Craig-Wood)
+-   Box
+    -   Fix reconnect failing with HTTP 400 Bad Request (albertony)
+-   Smb
+    -   Fix "Statfs failed: bucket or container name is needed" when
+        mounting (Nick Craig-Wood)
+-   WebDAV
+    -   Nextcloud: fix must use /dav/files/USER endpoint not /webdav
+        error (Paul)
+    -   Nextcloud chunking: add more guidance for the user to check the
+        config (darix)
+
+v1.63.0 - 2023-06-30
+
+See commits
+
+-   New backends
+    -   Pikpak (wiserain)
+    -   New S3 providers
+        -   petabox.io (Andrei Smirnov)
+        -   Google Cloud Storage (Anthony Pessy)
+    -   New WebDAV providers
+        -   Fastmail (Arnavion)
+-   Major changes
+    -   Files will be copied to a temporary name ending in .partial when
+        copying to local,ftp,sftp then renamed at the end of the
+        transfer. (Janne Hellsten, Nick Craig-Wood)
+        -   This helps with data integrity as we don't delete the
+            existing file until the new one is complete.
+        -   It can be disabled with the --inplace flag.
+        -   This behaviour will also happen if the backend is wrapped,
+            for example sftp wrapped with crypt.
+    -   The s3, azureblob and gcs backends now support directory markers
+        so empty directories are supported (Jānis Bebrītis, Nick
+        Craig-Wood)
+    -   The --default-time flag now controls the unknown modification
+        time of files/dirs (Nick Craig-Wood)
+        -   If a file or directory does not have a modification time
+            rclone can read then rclone will display this fixed time
+            instead.
+        -   For the old behaviour use --default-time 0s which will set
+            this time to the time rclone started up.
+-   New Features
+    -   build
+        -   Modernise linters in use and fixup all affected code
+            (albertony)
+        -   Push docker beta to GHCR (GitHub container registry)
+            (Richard Tweed)
+    -   cat: Add --separator option to cat command (Loren Gordon)
+    -   config
+        -   Do not remove/overwrite other files during config file save
+            (albertony)
+        -   Do not overwrite config file symbolic link (albertony)
+        -   Stop config create making invalid config files (Nick
+            Craig-Wood)
+    -   doc updates (Adam K, Aditya Basu, albertony, asdffdsazqqq, Damo,
+        danielkrajnik, Dimitri Papadopoulos, dlitster, Drew Parsons,
+        jumbi77, kapitainsky, mac-15, Mariusz Suchodolski, Nick
+        Craig-Wood, NickIAm, Rintze Zelle, Stanislav Gromov, Tareq
+        Sharafy, URenko, yuudi, Zach Kipp)
+    -   fs
+        -   Add size to JSON logs when moving or copying an object (Nick
+            Craig-Wood)
+        -   Allow boolean features to be enabled with --disable !Feature
+            (Nick Craig-Wood)
+    -   genautocomplete: Rename to completion with alias to the old name
+        (Nick Craig-Wood)
+    -   librclone: Added example on using librclone with Go (alankrit)
+    -   lsjson: Make --stat more efficient (Nick Craig-Wood)
+    -   operations
+        -   Implement --multi-thread-write-buffer-size for speed
+            improvements on downloads (Paulo Schreiner)
+        -   Reopen downloads on error when using check --download and
+            cat (Nick Craig-Wood)
+    -   rc: config/listremotes includes remotes defined with environment
+        variables (kapitainsky)
+    -   selfupdate: Obey --no-check-certificate flag (Nick Craig-Wood)
+    -   serve restic: Trigger systemd notify (Shyim)
+    -   serve webdav: Implement owncloud checksum and modtime extensions
+        (WeidiDeng)
+    -   sync: --suffix-keep-extension preserve 2 part extensions like
+        .tar.gz (Nick Craig-Wood)
+-   Bug Fixes
+    -   accounting
+        -   Fix Prometheus metrics to be the same as core/stats (Nick
+            Craig-Wood)
+        -   Bwlimit signal handler should always start (Sam Lai)
+    -   bisync: Fix maxDelete parameter being ignored via the rc (Nick
+        Craig-Wood)
+    -   cmd/ncdu: Fix screen corruption when logging (eNV25)
+    -   filter: Fix deadlock with errors on --files-from (douchen)
+    -   fs
+        -   Fix interaction between --progress and --interactive (Nick
+            Craig-Wood)
+        -   Fix infinite recursive call in pacer ModifyCalculator (fixes
+            issue reported by the staticcheck linter) (albertony)
+    -   lib/atexit: Ensure OnError only calls cancel function once (Nick
+        Craig-Wood)
+    -   lib/rest: Fix problems re-using HTTP connections (Nick
+        Craig-Wood)
+    -   rc
+        -   Fix operations/stat with trailing / (Nick Craig-Wood)
+        -   Fix missing --rc flags (Nick Craig-Wood)
+        -   Fix output of Time values in options/get (Nick Craig-Wood)
+    -   serve dlna: Fix potential data race (Nick Craig-Wood)
+    -   version: Fix reported os/kernel version for windows (albertony)
+-   Mount
+    -   Add --mount-case-insensitive to force the mount to be case
+        insensitive (Nick Craig-Wood)
+    -   Removed unnecessary byte slice allocation for reads (Anagh Kumar
+        Baranwal)
+    -   Clarify rclone mount error when installed via homebrew (Nick
+        Craig-Wood)
+    -   Added _netdev to the example mount so it gets treated as a
+        remote-fs rather than local-fs (Anagh Kumar Baranwal)
+-   Mount2
+    -   Updated go-fuse version (Anagh Kumar Baranwal)
+    -   Fixed statfs (Anagh Kumar Baranwal)
+    -   Disable xattrs (Anagh Kumar Baranwal)
+-   VFS
+    -   Add MkdirAll function to make a directory and all beneath (Nick
+        Craig-Wood)
+    -   Fix reload: failed to add virtual dir entry: file does not exist
+        (Nick Craig-Wood)
+    -   Fix writing to a read only directory creating spurious directory
+        entries (WeidiDeng)
+    -   Fix potential data race (Nick Craig-Wood)
+    -   Fix backends being Shutdown too early when startup takes a long
+        time (Nick Craig-Wood)
+-   Local
+    -   Fix filtering of symlinks with -l/--links flag (Nick Craig-Wood)
+    -   Fix /path/to/file.rclonelink when -l/--links is in use (Nick
+        Craig-Wood)
+    -   Fix crash with --metadata on Android (Nick Craig-Wood)
+-   Cache
+    -   Fix backends shutting down when in use when used via the rc
+        (Nick Craig-Wood)
+-   Crypt
+    -   Add --crypt-suffix option to set a custom suffix for encrypted
+        files (jladbrook)
+    -   Add --crypt-pass-bad-blocks to allow corrupted file output (Nick
+        Craig-Wood)
+    -   Fix reading 0 length files (Nick Craig-Wood)
+    -   Try not to return "unexpected EOF" error (Nick Craig-Wood)
+    -   Reduce allocations (albertony)
+    -   Recommend Dropbox for base32768 encoding (Nick Craig-Wood)
+-   Azure Blob
+    -   Empty directory markers (Nick Craig-Wood)
+    -   Support azure workload identities (Tareq Sharafy)
+    -   Fix azure blob uploads with multiple bits of metadata (Nick
+        Craig-Wood)
+    -   Fix azurite compatibility by sending nil tier if set to empty
+        string (Roel Arents)
+-   Combine
+    -   Implement missing methods (Nick Craig-Wood)
+    -   Fix goroutine stack overflow on bad object (Nick Craig-Wood)
+-   Drive
+    -   Add --drive-env-auth to get IAM credentials from runtime (Peter
+        Brunner)
+    -   Update drive service account guide (Juang, Yi-Lin)
+    -   Fix change notify picking up files outside the root (Nick
+        Craig-Wood)
+    -   Fix trailing slash mis-identificaton of folder as file (Nick
+        Craig-Wood)
+    -   Fix incorrect remote after Update on object (Nick Craig-Wood)
+-   Dropbox
+    -   Implement --dropbox-pacer-min-sleep flag (Nick Craig-Wood)
+    -   Fix the dropbox batcher stalling (Misty)
+-   Fichier
+    -   Add --ficicher-cdn option to use the CDN for download (Nick
+        Craig-Wood)
+-   FTP
+    -   Lower log message priority when SetModTime is not supported to
+        debug (Tobias Gion)
+    -   Fix "unsupported LIST line" errors on startup (Nick Craig-Wood)
+    -   Fix "501 Not a valid pathname." errors when creating directories
+        (Nick Craig-Wood)
+-   Google Cloud Storage
+    -   Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)
+    -   Added --gcs-user-project needed for requester pays (Christopher
+        Merry)
+-   HTTP
+    -   Add client certificate user auth middleware. This can auth
+        serve restic from the username in the client cert. (Peter Fern)
+-   Jottacloud
+    -   Fix vfs writeback stuck in a failed upload loop with file
+        versioning disabled (albertony)
+-   Onedrive
+    -   Add --onedrive-av-override flag to download files flagged as
+        virus (Nick Craig-Wood)
+    -   Fix quickxorhash on 32 bit architectures (Nick Craig-Wood)
+    -   Report any list errors during rclone cleanup (albertony)
+-   Putio
+    -   Fix uploading to the wrong object on Update with overridden
+        remote name (Nick Craig-Wood)
+    -   Fix modification times not being preserved for server side copy
+        and move (Nick Craig-Wood)
+    -   Fix server side copy failures (400 errors) (Nick Craig-Wood)
+-   S3
+    -   Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)
+    -   Update Scaleway storage classes (Brian Starkey)
+    -   Fix --s3-versions on individual objects (Nick Craig-Wood)
+    -   Fix hang on aborting multipart upload with iDrive e2 (Nick
+        Craig-Wood)
+    -   Fix missing "tier" metadata (Nick Craig-Wood)
+    -   Fix V3sign: add missing subresource delete (cc)
+    -   Fix Arvancloud Domain and region changes and alphabetise the
+        provider (Ehsan Tadayon)
+    -   Fix Qiniu KODO quirks virtualHostStyle is false (zzq)
+-   SFTP
+    -   Add --sftp-host-key-algorithms to allow specifying SSH host key
+        algorithms (Joel)
+    -   Fix using --sftp-key-use-agent and --sftp-key-file together
+        needing private key file (Arnav Singh)
+    -   Fix move to allow overwriting existing files (Nick Craig-Wood)
+    -   Don't stat directories before listing them (Nick Craig-Wood)
+    -   Don't check remote points to a file if it ends with / (Nick
+        Craig-Wood)
+-   Sharefile
+    -   Disable streamed transfers as they no longer work (Nick
+        Craig-Wood)
+-   Smb
+    -   Code cleanup to avoid overwriting ctx before first use (fixes
+        issue reported by the staticcheck linter) (albertony)
+-   Storj
+    -   Fix "uplink: too many requests" errors when uploading to the
+        same file (Nick Craig-Wood)
+    -   Fix uploading to the wrong object on Update with overridden
+        remote name (Nick Craig-Wood)
+-   Swift
+    -   Ignore 404 error when deleting an object (Nick Craig-Wood)
+-   Union
+    -   Implement missing methods (Nick Craig-Wood)
+    -   Allow errors to be unwrapped for inspection (Nick Craig-Wood)
+-   Uptobox
+    -   Add --uptobox-private flag to make all uploaded files private
+        (Nick Craig-Wood)
+    -   Fix improper regex (Aaron Gokaslan)
+    -   Fix Update returning the wrong object (Nick Craig-Wood)
+    -   Fix rmdir declaring that directories weren't empty (Nick
+        Craig-Wood)
+-   WebDAV
+    -   nextcloud: Add support for chunked uploads (Paul)
+    -   Set modtime using propset for owncloud and nextcloud (WeidiDeng)
+    -   Make pacer minSleep configurable with --webdav-pacer-min-sleep
+        (ed)
+    -   Fix server side copy/move not overwriting (WeidiDeng)
+    -   Fix modtime on server side copy for owncloud and nextcloud (Nick
+        Craig-Wood)
+-   Yandex
+    -   Fix 400 Bad Request on transfer failure (Nick Craig-Wood)
+-   Zoho
+    -   Fix downloads with Range: header returning the wrong data (Nick
+        Craig-Wood)
+
+v1.62.2 - 2023-03-16
+
+See commits
+
+-   Bug Fixes
+    -   docker volume plugin: Add missing fuse3 dependency (Nick
+        Craig-Wood)
+    -   docs: Fix size documentation (asdffdsazqqq)
+-   FTP
+    -   Fix 426 errors on downloads with vsftpd (Lesmiscore)
+
+v1.62.1 - 2023-03-15
+
+See commits
+
+-   Bug Fixes
+    -   docker: Add missing fuse3 dependency (cycneuramus)
+    -   build: Update release docs to be more careful with the tag (Nick
+        Craig-Wood)
+    -   build: Set Github release to draft while uploading binaries
+        (Nick Craig-Wood)
+
 v1.62.0 - 2023-03-14
 
 See commits
@@ -44707,9 +50465,9 @@ See commits
     -   Use proper import path go.etcd.io/bbolt (Robert-André Mauchin)
 -   Crypt
     -   Calculate hashes for uploads from local disk (Nick Craig-Wood)
-        -   This allows crypted Jottacloud uploads without using local
+        -   This allows encrypted Jottacloud uploads without using local
             disk
-        -   This means crypted s3/b2 uploads will now have hashes
+        -   This means encrypted s3/b2 uploads will now have hashes
     -   Added rclone backend decode/encode commands to replicate
         functionality of cryptdecode (Anagh Kumar Baranwal)
     -   Get rid of the unused Cipher interface as it obfuscated the code
@@ -46345,7 +52103,7 @@ v1.42 - 2018-06-16
     -   Fix panic when running without plex configs (Remus Bunduc)
     -   Fix root folder caching (Remus Bunduc)
 -   Crypt
-    -   Check the crypted hash of files when uploading for extra data
+    -   Check the encrypted hash of files when uploading for extra data
         security
 -   Dropbox
     -   Make Dropbox for business folders accessible using an initial /
@@ -46767,7 +52525,7 @@ v1.38 - 2017-09-30
 -   New commands
     -   rcat - read from standard input and stream upload
     -   tree - shows a nicely formatted recursive listing
-    -   cryptdecode - decode crypted file names (thanks ishuah)
+    -   cryptdecode - decode encrypted file names (thanks ishuah)
     -   config show - print the config file
     -   config file - print the config file location
 -   New Features
@@ -46796,7 +52554,7 @@ v1.38 - 2017-09-30
     -   Revert to copy when moving file across file system boundaries
     -   --skip-links to suppress symlink warnings (thanks Zhiming Wang)
 -   Mount
-    -   Re-use rcat internals to support uploads from all remotes
+    -   Reuse rcat internals to support uploads from all remotes
 -   Dropbox
     -   Fix "entry doesn't belong in directory" error
     -   Stop using deprecated API methods
@@ -47117,7 +52875,7 @@ v1.34 - 2016-11-06
     -   Fix rclone move command
         -   Delete src files which already existed in dst
         -   Fix deletion of src file when dst file older
-    -   Fix rclone check on crypted file systems
+    -   Fix rclone check on encrypted file systems
     -   Make failed uploads not count as "Transferred"
     -   Make sure high level retries show with -q
     -   Use a vendor directory with godep for repeatable builds
@@ -47953,10 +53711,27 @@ If you are using systemd-resolved (default on Arch Linux), ensure it is
 at version 233 or higher. Previous releases contain a bug which causes
 not all domains to be resolved properly.
 
-Additionally with the GODEBUG=netdns= environment variable the Go
-resolver decision can be influenced. This also allows to resolve certain
-issues with DNS resolution. See the name resolution section in the go
-docs.
+The Go resolver decision can be influenced with the GODEBUG=netdns=...
+environment variable. This also allows to resolve certain issues with
+DNS resolution. On Windows or MacOS systems, try forcing use of the
+internal Go resolver by setting GODEBUG=netdns=go at runtime. On other
+systems (Linux, *BSD, etc) try forcing use of the system name resolver
+by setting GODEBUG=netdns=cgo (and recompile rclone from source with CGO
+enabled if necessary). See the name resolution section in the go docs.
+
+Failed to start auth webserver on Windows
+
+    Error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+    ...
+    yyyy/mm/dd hh:mm:ss Fatal error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+
+This is sometimes caused by the Host Network Service causing issues with
+opening the port on the host.
+
+A simple solution may be restarting the Host Network Service with eg.
+Powershell
+
+    Restart-Service hns
 
 The total size reported in the stats for a sync is wrong and keeps changing
 
@@ -48032,7 +53807,7 @@ Authors
 Contributors
 
 {{< rem
-email addresses removed from here need to be addeed to bin/.ignore-emails to make sure update-authors.py doesn't immediately put them back in again.
+email addresses removed from here need to be added to bin/.ignore-emails to make sure update-authors.py doesn't immediately put them back in again.
 >}}
 
 -   Alex Couper amcouper@gmail.com
@@ -48551,7 +54326,7 @@ email addresses removed from here need to be addeed to bin/.ignore-emails to mak
 -   HNGamingUK connor@earnshawhome.co.uk
 -   Jonta 359397+Jonta@users.noreply.github.com
 -   YenForYang YenForYang@users.noreply.github.com
--   Joda Stößer stoesser@yay-digital.de services+github@simjo.st
+-   SimJoSt / Joda Stößer git@simjo.st
 -   Logeshwaran waranlogesh@gmail.com
 -   Rajat Goel rajat@dropbox.com
 -   r0kk3rz r0kk3rz@gmail.com
@@ -48566,7 +54341,6 @@ email addresses removed from here need to be addeed to bin/.ignore-emails to mak
 -   Chris Nelson stuff@cjnaz.com
 -   Felix Bünemann felix.buenemann@gmail.com
 -   Atílio Antônio atiliodadalto@hotmail.com
--   Roberto Ricci ricci@disroot.org
 -   Carlo Mion mion00@gmail.com
 -   Chris Lu chris.lu@gmail.com
 -   Vitor Arruda vitor.pimenta.arruda@gmail.com
@@ -48612,7 +54386,7 @@ email addresses removed from here need to be addeed to bin/.ignore-emails to mak
 -   Leroy van Logchem lr.vanlogchem@gmail.com
 -   Zsolt Ero zsolt.ero@gmail.com
 -   Lesmiscore nao20010128@gmail.com
--   ehsantdy ehsan.tadayon@arvancloud.com
+-   ehsantdy ehsan.tadayon@arvancloud.com ehsantadayon85@gmail.com
 -   SwazRGB 65694696+swazrgb@users.noreply.github.com
 -   Mateusz Puczyński mati6095@gmail.com
 -   Michael C Tiernan - MIT-Research Computing Project mtiernan@mit.edu
@@ -48622,6 +54396,7 @@ email addresses removed from here need to be addeed to bin/.ignore-emails to mak
 -   Christian Galo 36752715+cgalo5758@users.noreply.github.com
 -   Erik van Velzen erik@evanv.nl
 -   Derek Battams derek@battams.ca
+-   Paul devnoname120@gmail.com
 -   SimonLiu simonliu009@users.noreply.github.com
 -   Hugo Laloge hla@lescompanions.com
 -   Mr-Kanister 68117355+Mr-Kanister@users.noreply.github.com
@@ -48722,6 +54497,116 @@ email addresses removed from here need to be addeed to bin/.ignore-emails to mak
 -   Peter Brunner peter@psykhe.com
 -   Leandro Sacchet leandro.sacchet@animati.com.br
 -   dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+-   cycneuramus 56681631+cycneuramus@users.noreply.github.com
+-   Arnavion me@arnavion.dev
+-   Christopher Merry christopher.merry@mlb.com
+-   Thibault Coupin thibault.coupin@gmail.com
+-   Richard Tweed RichardoC@users.noreply.github.com
+-   Zach Kipp Zacho2@users.noreply.github.com
+-   yuudi 26199752+yuudi@users.noreply.github.com
+-   NickIAm NickIAm@users.noreply.github.com
+-   Juang, Yi-Lin frankyjuang@gmail.com
+-   jumbi77 jumbi77@users.noreply.github.com
+-   Aditya Basu ab.aditya.basu@gmail.com
+-   ed s@ocv.me
+-   Drew Parsons dparsons@emerall.com
+-   Joel joelnb@users.noreply.github.com
+-   wiserain mail275@gmail.com
+-   Roel Arents roel.arents@kadaster.nl
+-   Shyim github@shyim.de
+-   Rintze Zelle 78232505+rzelle-lallemand@users.noreply.github.com
+-   Damo damoclark@users.noreply.github.com
+-   WeidiDeng weidi_deng@icloud.com
+-   Brian Starkey stark3y@gmail.com
+-   jladbrook jhladbrook@gmail.com
+-   Loren Gordon lorengordon@users.noreply.github.com
+-   dlitster davidlitster@gmail.com
+-   Tobias Gion tobias@gion.io
+-   Jānis Bebrītis janis.bebritis@wunder.io
+-   Adam K github.com@ak.tidy.email
+-   Andrei Smirnov smirnov.captain@gmail.com
+-   Janne Hellsten jjhellst@gmail.com
+-   cc 12904584+shvc@users.noreply.github.com
+-   Tareq Sharafy tareq.sha@gmail.com
+-   kapitainsky dariuszb@me.com
+-   douchen playgoobug@gmail.com
+-   Sam Lai 70988+slai@users.noreply.github.com
+-   URenko 18209292+URenko@users.noreply.github.com
+-   Stanislav Gromov kullfar@gmail.com
+-   Paulo Schreiner paulo.schreiner@delivion.de
+-   Mariusz Suchodolski mariusz@suchodol.ski
+-   danielkrajnik dan94kra@gmail.com
+-   Peter Fern github@0xc0dedbad.com
+-   zzq i@zhangzqs.cn
+-   mac-15 usman.ilamdin@phpstudios.com
+-   Sawada Tsunayoshi 34431649+TsunayoshiSawada@users.noreply.github.com
+-   Dean Attali daattali@gmail.com
+-   Fjodor42 molgaard@gmail.com
+-   BakaWang wa11579@hotmail.com
+-   Mahad 56235065+Mahad-lab@users.noreply.github.com
+-   Vladislav Vorobev x.miere@gmail.com
+-   darix darix@users.noreply.github.com
+-   Benjamin 36415086+bbenjamin-sys@users.noreply.github.com
+-   Chun-Hung Tseng henrybear327@users.noreply.github.com
+-   Ricardo D'O. Albanus rdalbanus@users.noreply.github.com
+-   gabriel-suela gscsuela@gmail.com
+-   Tiago Boeing contato@tiagoboeing.com
+-   Edwin Mackenzie-Owen edwin.mowen@gmail.com
+-   Niklas Hambüchen mail@nh2.me
+-   yuudi yuudi@users.noreply.github.com
+-   Zach github@prozach.org
+-   nielash 31582349+nielash@users.noreply.github.com
+-   Julian Lepinski lepinsk@users.noreply.github.com
+-   Raymond Berger RayBB@users.noreply.github.com
+-   Nihaal Sangha nihaal.git@gmail.com
+-   Masamune3210 1053504+Masamune3210@users.noreply.github.com
+-   James Braza jamesbraza@gmail.com
+-   antoinetran antoinetran@users.noreply.github.com
+-   alexia me@alexia.lol
+-   nielash nielronash@gmail.com
+-   Vitor Gomes vitor.gomes@delivion.de mail@vitorgomes.com
+-   Jacob Hands jacob@gogit.io
+-   hideo aoyama 100831251+boukendesho@users.noreply.github.com
+-   Roberto Ricci io@r-ricci.it
+-   Bjørn Smith bjornsmith@gmail.com
+-   Alishan Ladhani 8869764+aladh@users.noreply.github.com
+-   zjx20 zhoujianxiong2@gmail.com
+-   Oksana 142890647+oks-maytech@users.noreply.github.com
+-   Volodymyr Kit v.kit@maytech.net
+-   David Pedersen limero@me.com
+-   Drew Stinnett drew@drewlink.com
+-   Pat Patterson pat@backblaze.com
+-   Herby Gillot herby.gillot@gmail.com
+-   Nikita Shoshin shoshin_nikita@fastmail.com
+-   rinsuki 428rinsuki+git@gmail.com
+-   Beyond Meat 51850644+beyondmeat@users.noreply.github.com
+-   Saleh Dindar salh@fb.com
+-   Volodymyr 142890760+vkit-maytech@users.noreply.github.com
+-   Gabriel Espinoza 31670639+gspinoza@users.noreply.github.com
+-   Keigo Imai keigo.imai@gmail.com
+-   Ivan Yanitra iyanitra@tesla-consulting.com
+-   alfish2000 alfish2000@gmail.com
+-   wuxingzhong qq330332812@gmail.com
+-   Adithya Kumar akumar42@protonmail.com
+-   Tayo-pasedaRJ 138471223+Tayo-pasedaRJ@users.noreply.github.com
+-   Peter Kreuser logo@kreuser.name
+-   Piyush
+-   fotile96 fotile96@users.noreply.github.com
+-   Luc Ritchie luc.ritchie@gmail.com
+-   cynful cynful@users.noreply.github.com
+-   wjielai wjielai@tencent.com
+-   Jack Deng jackdeng@gmail.com
+-   Mikubill 31246794+Mikubill@users.noreply.github.com
+-   Artur Neumann artur@jankaritech.com
+-   Saw-jan saw.jan.grg3e@gmail.com
+-   Oksana Zhykina o.zhykina@maytech.net
+-   karan karan.gupta92@gmail.com
+-   viktor viktor@yakovchuk.net
+-   moongdal moongdal@tutanota.com
+-   Mina Galić freebsd@igalic.co
+-   Alen Šiljak dev@alensiljak.eu.org
+-   你知道未来吗 rkonfj@gmail.com
+-   Abhinav Dhiman 8640877+ahnv@users.noreply.github.com
 
 Contact the rclone project
 
@@ -48731,6 +54616,13 @@ Forum for questions and general discussion:
 
 -   https://forum.rclone.org
 
+Business support
+
+For business support or sponsorship enquiries please see:
+
+-   https://rclone.com/
+-   sponsorship@rclone.com
+
 GitHub repository
 
 The project's repository is located at:
@@ -48741,12 +54633,16 @@ There you can file bug reports or contribute with pull requests.
 
 Twitter
 
-You can also follow me on twitter for rclone announcements:
+You can also follow Nick on twitter for rclone announcements:
 
 -   [@njcw](https://twitter.com/njcw)
 
 Email
 
 Or if all else fails or you want to ask something private or
-confidential email Nick Craig-Wood. Please don't email me requests for
-help - those are better directed to the forum. Thanks!
+confidential
+
+-   info@rclone.com
+
+Please don't email requests for help to this address - those are better
+directed to the forum unless you'd like to sign up for business support.
diff --git a/Makefile b/Makefile
index 7a9f4a660914a..13b92fb9082e4 100644
--- a/Makefile
+++ b/Makefile
@@ -30,6 +30,7 @@ ifdef RELEASE_TAG
 	TAG := $(RELEASE_TAG)
 endif
 GO_VERSION := $(shell go version)
+GO_OS := $(shell go env GOOS)
 ifdef BETA_SUBDIR
 	BETA_SUBDIR := /$(BETA_SUBDIR)
 endif
@@ -46,7 +47,13 @@ endif
 .PHONY: rclone test_all vars version
 
 rclone:
+ifeq ($(GO_OS),windows)
+	go run bin/resource_windows.go -version $(TAG) -syso resource_windows_`go env GOARCH`.syso
+endif
 	go build -v --ldflags "-s -X github.com/rclone/rclone/fs.Version=$(TAG)" $(BUILDTAGS) $(BUILD_ARGS)
+ifeq ($(GO_OS),windows)
+	rm resource_windows_`go env GOARCH`.syso
+endif
 	mkdir -p `go env GOPATH`/bin/
 	cp -av rclone`go env GOEXE` `go env GOPATH`/bin/rclone`go env GOEXE`.new
 	mv -v `go env GOPATH`/bin/rclone`go env GOEXE`.new `go env GOPATH`/bin/rclone`go env GOEXE`
@@ -66,6 +73,10 @@ btest:
 	@echo "[$(TAG)]($(BETA_URL)) on branch [$(BRANCH)](https://github.com/rclone/rclone/tree/$(BRANCH)) (uploaded in 15-30 mins)" | xclip -r -sel clip
 	@echo "Copied markdown of beta release to clip board"
 
+btesth:
+	@echo "<a href="$(BETA_URL)">$(TAG)</a> on branch <a href="https://github.com/rclone/rclone/tree/$(BRANCH)">$(BRANCH)</a> (uploaded in 15-30 mins)" | xclip -r -sel clip -t text/html
+	@echo "Copied beta release in HTML to clip board"
+
 version:
 	@echo '$(TAG)'
 
@@ -96,11 +107,7 @@ build_dep:
 
 # Get the release dependencies we only install on linux
 release_dep_linux:
-	go run bin/get-github-release.go -extract nfpm goreleaser/nfpm 'nfpm_.*_Linux_x86_64\.tar\.gz'
-
-# Get the release dependencies we only install on Windows
-release_dep_windows:
-	GOOS="" GOARCH="" go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@latest
+	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
 
 # Update dependencies
 showupdates:
@@ -146,7 +153,7 @@ rcdocs: rclone
 
 install: rclone
 	install -d ${DESTDIR}/usr/bin
-	install -t ${DESTDIR}/usr/bin ${GOPATH}/bin/rclone
+	install ${GOPATH}/bin/rclone ${DESTDIR}/usr/bin
 
 clean:
 	go clean ./...
diff --git a/README.md b/README.md
index 9c47e6b770b76..fc8c8fe57bf12 100644
--- a/README.md
+++ b/README.md
@@ -25,18 +25,19 @@ Rclone *("rsync for cloud storage")* is a command-line program to sync files and
   * Alibaba Cloud (Aliyun) Object Storage System (OSS) [:page_facing_up:](https://rclone.org/s3/#alibaba-oss)
   * Amazon Drive [:page_facing_up:](https://rclone.org/amazonclouddrive/) ([See note](https://rclone.org/amazonclouddrive/#status))
   * Amazon S3 [:page_facing_up:](https://rclone.org/s3/)
+  * ArvanCloud Object Storage (AOS) [:page_facing_up:](https://rclone.org/s3/#arvan-cloud-object-storage-aos)
   * Backblaze B2 [:page_facing_up:](https://rclone.org/b2/)
   * Box [:page_facing_up:](https://rclone.org/box/)
   * Ceph [:page_facing_up:](https://rclone.org/s3/#ceph)
   * China Mobile Ecloud Elastic Object Storage (EOS) [:page_facing_up:](https://rclone.org/s3/#china-mobile-ecloud-eos)
   * Cloudflare R2 [:page_facing_up:](https://rclone.org/s3/#cloudflare-r2)
-  * Arvan Cloud Object Storage (AOS) [:page_facing_up:](https://rclone.org/s3/#arvan-cloud-object-storage-aos)
   * Citrix ShareFile [:page_facing_up:](https://rclone.org/sharefile/)
   * DigitalOcean Spaces [:page_facing_up:](https://rclone.org/s3/#digitalocean-spaces)
   * Digi Storage [:page_facing_up:](https://rclone.org/koofr/#digi-storage)
   * Dreamhost [:page_facing_up:](https://rclone.org/s3/#dreamhost)
   * Dropbox [:page_facing_up:](https://rclone.org/dropbox/)
   * Enterprise File Fabric [:page_facing_up:](https://rclone.org/filefabric/)
+  * Fastmail Files [:page_facing_up:](https://rclone.org/webdav/#fastmail-files)
   * FTP [:page_facing_up:](https://rclone.org/ftp/)
   * Google Cloud Storage [:page_facing_up:](https://rclone.org/googlecloudstorage/)
   * Google Drive [:page_facing_up:](https://rclone.org/drive/)
@@ -50,26 +51,35 @@ Rclone *("rsync for cloud storage")* is a command-line program to sync files and
   * IBM COS S3 [:page_facing_up:](https://rclone.org/s3/#ibm-cos-s3)
   * IONOS Cloud [:page_facing_up:](https://rclone.org/s3/#ionos)
   * Koofr [:page_facing_up:](https://rclone.org/koofr/)
+  * Leviia Object Storage [:page_facing_up:](https://rclone.org/s3/#leviia)
   * Liara Object Storage [:page_facing_up:](https://rclone.org/s3/#liara-object-storage)
+  * Linkbox [:page_facing_up:](https://rclone.org/linkbox)
+  * Linode Object Storage [:page_facing_up:](https://rclone.org/s3/#linode)
   * Mail.ru Cloud [:page_facing_up:](https://rclone.org/mailru/)
   * Memset Memstore [:page_facing_up:](https://rclone.org/swift/)
   * Mega [:page_facing_up:](https://rclone.org/mega/)
   * Memory [:page_facing_up:](https://rclone.org/memory/)
   * Microsoft Azure Blob Storage [:page_facing_up:](https://rclone.org/azureblob/)
+  * Microsoft Azure Files Storage [:page_facing_up:](https://rclone.org/azurefiles/)
   * Microsoft OneDrive [:page_facing_up:](https://rclone.org/onedrive/)
   * Minio [:page_facing_up:](https://rclone.org/s3/#minio)
   * Nextcloud [:page_facing_up:](https://rclone.org/webdav/#nextcloud)
   * OVH [:page_facing_up:](https://rclone.org/swift/)
+  * Blomp Cloud Storage [:page_facing_up:](https://rclone.org/swift/)
   * OpenDrive [:page_facing_up:](https://rclone.org/opendrive/)
   * OpenStack Swift [:page_facing_up:](https://rclone.org/swift/)
   * Oracle Cloud Storage [:page_facing_up:](https://rclone.org/swift/)
   * Oracle Object Storage [:page_facing_up:](https://rclone.org/oracleobjectstorage/)
   * ownCloud [:page_facing_up:](https://rclone.org/webdav/#owncloud)
   * pCloud [:page_facing_up:](https://rclone.org/pcloud/)
+  * Petabox [:page_facing_up:](https://rclone.org/s3/#petabox)
+  * PikPak [:page_facing_up:](https://rclone.org/pikpak/)
   * premiumize.me [:page_facing_up:](https://rclone.org/premiumizeme/)
   * put.io [:page_facing_up:](https://rclone.org/putio/)
+  * Proton Drive [:page_facing_up:](https://rclone.org/protondrive/)
   * QingStor [:page_facing_up:](https://rclone.org/qingstor/)
   * Qiniu Cloud Object Storage (Kodo) [:page_facing_up:](https://rclone.org/s3/#qiniu)
+  * Quatrix [:page_facing_up:](https://rclone.org/quatrix/)
   * Rackspace Cloud Files [:page_facing_up:](https://rclone.org/swift/)
   * RackCorp Object Storage [:page_facing_up:](https://rclone.org/s3/#RackCorp)
   * Scaleway [:page_facing_up:](https://rclone.org/s3/#scaleway)
@@ -80,6 +90,7 @@ Rclone *("rsync for cloud storage")* is a command-line program to sync files and
   * StackPath [:page_facing_up:](https://rclone.org/s3/#stackpath)
   * Storj [:page_facing_up:](https://rclone.org/storj/)
   * SugarSync [:page_facing_up:](https://rclone.org/sugarsync/)
+  * Synology C2 Object Storage [:page_facing_up:](https://rclone.org/s3/#synology-c2)
   * Tencent Cloud Object Storage (COS) [:page_facing_up:](https://rclone.org/s3/#tencent-cos)
   * Wasabi [:page_facing_up:](https://rclone.org/s3/#wasabi)
   * WebDAV [:page_facing_up:](https://rclone.org/webdav/)
diff --git a/RELEASE.md b/RELEASE.md
index 7883ec696b6a5..09bc34a4dfcf6 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -41,12 +41,15 @@ Early in the next release cycle update the dependencies
 
   * Review any pinned packages in go.mod and remove if possible
   * make updatedirect
-  * make
+  * make GOTAGS=cmount
+  * make compiletest
   * git commit -a -v
   * make update
-  * make
+  * make GOTAGS=cmount
+  * make compiletest
   * roll back any updates which didn't compile
   * git commit -a -v --amend
+  * **NB** watch out for this changing the default go version in `go.mod`
 
 Note that `make update` updates all direct and indirect dependencies
 and there can occasionally be forwards compatibility problems with
@@ -90,6 +93,35 @@ Now
   * git commit -a -v -m "Changelog updates from Version ${NEW_TAG}"
   * git push
 
+## Sponsor logos
+
+If updating the website note that the sponsor logos have been moved out of the main repository.
+
+You will need to checkout `/docs/static/img/logos` from https://github.com/rclone/third-party-logos
+which is a private repo containing artwork from sponsors.
+
+## Update the website between releases
+
+Create an update website branch based off the last release
+
+    git co -b update-website
+
+If the branch already exists, double check there are no commits that need saving.
+
+Now reset the branch to the last release
+
+    git reset --hard v1.64.0
+
+Create the changes, check them in, test with `make serve` then
+
+    make upload_test_website
+
+Check out https://test.rclone.org and when happy
+
+    make upload_website
+
+Cherry pick any changes back to master and the stable branch if it is active.
+
 ## Making a manual build of docker
 
 The rclone docker image should autobuild on via GitHub actions.  If it doesn't
diff --git a/VERSION b/VERSION
index 1a3653420d91e..483a6500f21c2 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v1.63.0
+v1.65.0
diff --git a/backend/all/all.go b/backend/all/all.go
index 1b6e965d9c395..27bb4be447dc0 100644
--- a/backend/all/all.go
+++ b/backend/all/all.go
@@ -7,6 +7,7 @@ import (
 	_ "github.com/rclone/rclone/backend/alias"
 	_ "github.com/rclone/rclone/backend/amazonclouddrive"
 	_ "github.com/rclone/rclone/backend/azureblob"
+	_ "github.com/rclone/rclone/backend/azurefiles"
 	_ "github.com/rclone/rclone/backend/b2"
 	_ "github.com/rclone/rclone/backend/box"
 	_ "github.com/rclone/rclone/backend/cache"
@@ -25,9 +26,11 @@ import (
 	_ "github.com/rclone/rclone/backend/hdfs"
 	_ "github.com/rclone/rclone/backend/hidrive"
 	_ "github.com/rclone/rclone/backend/http"
+	_ "github.com/rclone/rclone/backend/imagekit"
 	_ "github.com/rclone/rclone/backend/internetarchive"
 	_ "github.com/rclone/rclone/backend/jottacloud"
 	_ "github.com/rclone/rclone/backend/koofr"
+	_ "github.com/rclone/rclone/backend/linkbox"
 	_ "github.com/rclone/rclone/backend/local"
 	_ "github.com/rclone/rclone/backend/mailru"
 	_ "github.com/rclone/rclone/backend/mega"
@@ -37,9 +40,12 @@ import (
 	_ "github.com/rclone/rclone/backend/opendrive"
 	_ "github.com/rclone/rclone/backend/oracleobjectstorage"
 	_ "github.com/rclone/rclone/backend/pcloud"
+	_ "github.com/rclone/rclone/backend/pikpak"
 	_ "github.com/rclone/rclone/backend/premiumizeme"
+	_ "github.com/rclone/rclone/backend/protondrive"
 	_ "github.com/rclone/rclone/backend/putio"
 	_ "github.com/rclone/rclone/backend/qingstor"
+	_ "github.com/rclone/rclone/backend/quatrix"
 	_ "github.com/rclone/rclone/backend/s3"
 	_ "github.com/rclone/rclone/backend/seafile"
 	_ "github.com/rclone/rclone/backend/sftp"
diff --git a/backend/azureblob/azureblob.go b/backend/azureblob/azureblob.go
index 85bc208a6e4fd..89e308aed04be 100644
--- a/backend/azureblob/azureblob.go
+++ b/backend/azureblob/azureblob.go
@@ -1,11 +1,10 @@
-//go:build !plan9 && !solaris && !js && go1.18
-// +build !plan9,!solaris,!js,go1.18
+//go:build !plan9 && !solaris && !js
+// +build !plan9,!solaris,!js
 
 // Package azureblob provides an interface to the Microsoft Azure blob object storage system
 package azureblob
 
 import (
-	"bytes"
 	"context"
 	"crypto/md5"
 	"encoding/base64"
@@ -18,6 +17,7 @@ import (
 	"net/url"
 	"os"
 	"path"
+	"sort"
 	"strconv"
 	"strings"
 	"sync"
@@ -33,7 +33,6 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/sas"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/service"
 	"github.com/rclone/rclone/fs"
-	"github.com/rclone/rclone/fs/accounting"
 	"github.com/rclone/rclone/fs/chunksize"
 	"github.com/rclone/rclone/fs/config"
 	"github.com/rclone/rclone/fs/config/configmap"
@@ -46,10 +45,8 @@ import (
 	"github.com/rclone/rclone/lib/bucket"
 	"github.com/rclone/rclone/lib/encoder"
 	"github.com/rclone/rclone/lib/env"
+	"github.com/rclone/rclone/lib/multipart"
 	"github.com/rclone/rclone/lib/pacer"
-	"github.com/rclone/rclone/lib/pool"
-	"github.com/rclone/rclone/lib/readers"
-	"golang.org/x/sync/errgroup"
 )
 
 const (
@@ -58,6 +55,8 @@ const (
 	decayConstant         = 1    // bigger for slower decay, exponential
 	maxListChunkSize      = 5000 // number of items to read at once
 	modTimeKey            = "mtime"
+	dirMetaKey            = "hdi_isfolder"
+	dirMetaValue          = "true"
 	timeFormatIn          = time.RFC3339
 	timeFormatOut         = "2006-01-02T15:04:05.000000000Z07:00"
 	storageDefaultBaseURL = "blob.core.windows.net"
@@ -68,12 +67,16 @@ const (
 	emulatorAccount      = "devstoreaccount1"
 	emulatorAccountKey   = "Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="
 	emulatorBlobEndpoint = "http://127.0.0.1:10000/devstoreaccount1"
-	memoryPoolFlushTime  = fs.Duration(time.Minute) // flush the cached buffers after this long
-	memoryPoolUseMmap    = false
 )
 
 var (
 	errCantUpdateArchiveTierBlobs = fserrors.NoRetryError(errors.New("can't update archive tier blob without --azureblob-archive-tier-delete"))
+
+	// Take this when changing or reading metadata.
+	//
+	// It acts as global metadata lock so we don't bloat Object
+	// with an extra lock that will only very rarely be contended.
+	metadataMu sync.Mutex
 )
 
 // Register with Fs
@@ -93,6 +96,7 @@ Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
 If this is blank and if env_auth is set it will be read from the
 environment variable ` + "`AZURE_STORAGE_ACCOUNT_NAME`" + ` if possible.
 `,
+			Sensitive: true,
 		}, {
 			Name: "env_auth",
 			Help: `Read credentials from runtime (environment variables, CLI or MSI).
@@ -104,11 +108,13 @@ See the [authentication docs](/azureblob#authentication) for full info.`,
 			Help: `Storage Account Shared Key.
 
 Leave blank to use SAS URL or Emulator.`,
+			Sensitive: true,
 		}, {
 			Name: "sas_url",
 			Help: `SAS URL for container level access only.
 
 Leave blank if using account/key or Emulator.`,
+			Sensitive: true,
 		}, {
 			Name: "tenant",
 			Help: `ID of the service principal's tenant. Also called its directory ID.
@@ -118,6 +124,7 @@ Set this if using
 - Service principal with certificate
 - User with username and password
 `,
+			Sensitive: true,
 		}, {
 			Name: "client_id",
 			Help: `The ID of the client in use.
@@ -127,6 +134,7 @@ Set this if using
 - Service principal with certificate
 - User with username and password
 `,
+			Sensitive: true,
 		}, {
 			Name: "client_secret",
 			Help: `One of the service principal's client secrets
@@ -134,6 +142,7 @@ Set this if using
 Set this if using
 - Service principal with client secret
 `,
+			Sensitive: true,
 		}, {
 			Name: "client_certificate_path",
 			Help: `Path to a PEM or PKCS12 certificate file including the private key.
@@ -171,7 +180,8 @@ Optionally set this if using
 Set this if using
 - User with username and password
 `,
-			Advanced: true,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "password",
 			Help: `The user's password
@@ -214,17 +224,20 @@ msi_client_id, or msi_mi_res_id parameters.`,
 			Default:  false,
 			Advanced: true,
 		}, {
-			Name:     "msi_object_id",
-			Help:     "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_mi_res_id specified.",
-			Advanced: true,
+			Name:      "msi_object_id",
+			Help:      "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_mi_res_id specified.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
-			Name:     "msi_client_id",
-			Help:     "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_object_id or msi_mi_res_id specified.",
-			Advanced: true,
+			Name:      "msi_client_id",
+			Help:      "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_object_id or msi_mi_res_id specified.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
-			Name:     "msi_mi_res_id",
-			Help:     "Azure resource ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_object_id specified.",
-			Advanced: true,
+			Name:      "msi_mi_res_id",
+			Help:      "Azure resource ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_object_id specified.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:     "use_emulator",
 			Help:     "Uses local storage emulator if provided as 'true'.\n\nLeave blank if using real azure storage endpoint.",
@@ -282,10 +295,10 @@ avoid the time out.`,
 			Advanced: true,
 		}, {
 			Name: "access_tier",
-			Help: `Access tier of blob: hot, cool or archive.
+			Help: `Access tier of blob: hot, cool, cold or archive.
 
-Archived blobs can be restored by setting access tier to hot or
-cool. Leave blank if you intend to use default access tier, which is
+Archived blobs can be restored by setting access tier to hot, cool or
+cold. Leave blank if you intend to use default access tier, which is
 set at account level
 
 If there is no "access tier" specified, rclone doesn't apply any tier.
@@ -293,7 +306,7 @@ rclone performs "Set Tier" operation on blobs while uploading, if objects
 are not modified, specifying "access tier" to new one will have no effect.
 If blobs are in "archive tier" at remote, trying to perform data transfer
 operations from remote will not be allowed. User should first restore by
-tiering blob to "Hot" or "Cool".`,
+tiering blob to "Hot", "Cool" or "Cold".`,
 			Advanced: true,
 		}, {
 			Name:    "archive_tier_delete",
@@ -325,17 +338,16 @@ to start uploading.`,
 			Advanced: true,
 		}, {
 			Name:     "memory_pool_flush_time",
-			Default:  memoryPoolFlushTime,
+			Default:  fs.Duration(time.Minute),
 			Advanced: true,
-			Help: `How often internal memory buffer pools will be flushed.
-
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.`,
+			Hide:     fs.OptionHideBoth,
+			Help:     `How often internal memory buffer pools will be flushed. (no longer used)`,
 		}, {
 			Name:     "memory_pool_use_mmap",
-			Default:  memoryPoolUseMmap,
+			Default:  false,
 			Advanced: true,
-			Help:     `Whether to use mmap buffers in internal memory pool.`,
+			Hide:     fs.OptionHideBoth,
+			Help:     `Whether to use mmap buffers in internal memory pool. (no longer used)`,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -363,6 +375,18 @@ This option controls how often unused buffers will be removed from the pool.`,
 				},
 			},
 			Advanced: true,
+		}, {
+			Name:     "directory_markers",
+			Default:  false,
+			Advanced: true,
+			Help: `Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option
+creates an empty object ending with "/", to persist the folder.
+
+This object also has the metadata "` + dirMetaKey + ` = ` + dirMetaValue + `" to conform to
+the Microsoft standard.
+ `,
 		}, {
 			Name: "no_check_container",
 			Help: `If set, don't attempt to check the container exists or create it.
@@ -408,10 +432,9 @@ type Options struct {
 	ArchiveTierDelete          bool                 `config:"archive_tier_delete"`
 	UseEmulator                bool                 `config:"use_emulator"`
 	DisableCheckSum            bool                 `config:"disable_checksum"`
-	MemoryPoolFlushTime        fs.Duration          `config:"memory_pool_flush_time"`
-	MemoryPoolUseMmap          bool                 `config:"memory_pool_use_mmap"`
 	Enc                        encoder.MultiEncoder `config:"encoding"`
 	PublicAccess               string               `config:"public_access"`
+	DirectoryMarkers           bool                 `config:"directory_markers"`
 	NoCheckContainer           bool                 `config:"no_check_container"`
 	NoHeadObject               bool                 `config:"no_head_object"`
 }
@@ -432,8 +455,6 @@ type Fs struct {
 	cache         *bucket.Cache                // cache for container creation status
 	pacer         *fs.Pacer                    // To pace and retry the API calls
 	uploadToken   *pacer.TokenDispenser        // control concurrency
-	pool          *pool.Pool                   // memory pool
-	poolSize      int64                        // size of pages in memory pool
 	publicAccess  container.PublicAccessType   // Container Public Access Level
 }
 
@@ -446,7 +467,7 @@ type Object struct {
 	size       int64             // Size of the object
 	mimeType   string            // Content-Type of the object
 	accessTier blob.AccessTier   // Blob Access Tier
-	meta       map[string]string // blob metadata
+	meta       map[string]string // blob metadata - take metadataMu when accessing
 }
 
 // ------------------------------------------------------------
@@ -486,7 +507,7 @@ func parsePath(path string) (root string) {
 // split returns container and containerPath from the rootRelativePath
 // relative to f.root
 func (f *Fs) split(rootRelativePath string) (containerName, containerPath string) {
-	containerName, containerPath = bucket.Split(path.Join(f.root, rootRelativePath))
+	containerName, containerPath = bucket.Split(bucket.Join(f.root, rootRelativePath))
 	return f.opt.Enc.FromStandardName(containerName), f.opt.Enc.FromStandardPath(containerPath)
 }
 
@@ -499,6 +520,7 @@ func (o *Object) split() (container, containerPath string) {
 func validateAccessTier(tier string) bool {
 	return strings.EqualFold(tier, string(blob.AccessTierHot)) ||
 		strings.EqualFold(tier, string(blob.AccessTierCool)) ||
+		strings.EqualFold(tier, string(blob.AccessTierCold)) ||
 		strings.EqualFold(tier, string(blob.AccessTierArchive))
 }
 
@@ -628,8 +650,8 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	if opt.AccessTier == "" {
 		opt.AccessTier = string(defaultAccessTier)
 	} else if !validateAccessTier(opt.AccessTier) {
-		return nil, fmt.Errorf("supported access tiers are %s, %s and %s",
-			string(blob.AccessTierHot), string(blob.AccessTierCool), string(blob.AccessTierArchive))
+		return nil, fmt.Errorf("supported access tiers are %s, %s, %s and %s",
+			string(blob.AccessTierHot), string(blob.AccessTierCool), string(blob.AccessTierCold), string(blob.AccessTierArchive))
 	}
 
 	if !validatePublicAccess((opt.PublicAccess)) {
@@ -646,13 +668,6 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		uploadToken: pacer.NewTokenDispenser(ci.Transfers),
 		cache:       bucket.NewCache(),
 		cntSVCcache: make(map[string]*container.Client, 1),
-		pool: pool.New(
-			time.Duration(opt.MemoryPoolFlushTime),
-			int(opt.ChunkSize),
-			ci.Transfers,
-			opt.MemoryPoolUseMmap,
-		),
-		poolSize: int64(opt.ChunkSize),
 	}
 	f.publicAccess = container.PublicAccessType(opt.PublicAccess)
 	f.setRoot(root)
@@ -664,6 +679,10 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		SetTier:           true,
 		GetTier:           true,
 	}).Fill(ctx, f)
+	if opt.DirectoryMarkers {
+		f.features.CanHaveEmptyDirectories = true
+		fs.Debugf(f, "Using directory markers")
+	}
 
 	// Client options specifying our own transport
 	policyClientOptions := policy.ClientOptions{
@@ -690,7 +709,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		}
 		cred, err = azidentity.NewDefaultAzureCredential(&options)
 		if err != nil {
-			return nil, fmt.Errorf("create azure enviroment credential failed: %w", err)
+			return nil, fmt.Errorf("create azure environment credential failed: %w", err)
 		}
 	case opt.UseEmulator:
 		if opt.Account == "" {
@@ -906,7 +925,7 @@ func (f *Fs) cntSVC(containerName string) (containerClient *container.Client) {
 // Return an Object from a path
 //
 // If it can't be found it returns the error fs.ErrorObjectNotFound.
-func (f *Fs) newObjectWithInfo(remote string, info *container.BlobItem) (fs.Object, error) {
+func (f *Fs) newObjectWithInfo(ctx context.Context, remote string, info *container.BlobItem) (fs.Object, error) {
 	o := &Object{
 		fs:     f,
 		remote: remote,
@@ -917,7 +936,7 @@ func (f *Fs) newObjectWithInfo(remote string, info *container.BlobItem) (fs.Obje
 			return nil, err
 		}
 	} else if !o.fs.opt.NoHeadObject {
-		err := o.readMetaData() // reads info and headers, returning an error
+		err := o.readMetaData(ctx) // reads info and headers, returning an error
 		if err != nil {
 			return nil, err
 		}
@@ -928,7 +947,7 @@ func (f *Fs) newObjectWithInfo(remote string, info *container.BlobItem) (fs.Obje
 // NewObject finds the Object at remote.  If it can't be found
 // it returns the error fs.ErrorObjectNotFound.
 func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
-	return f.newObjectWithInfo(remote, nil)
+	return f.newObjectWithInfo(ctx, remote, nil)
 }
 
 // getBlobSVC creates a blob client
@@ -943,6 +962,9 @@ func (f *Fs) getBlockBlobSVC(container, containerPath string) *blockblob.Client
 
 // updateMetadataWithModTime adds the modTime passed in to o.meta.
 func (o *Object) updateMetadataWithModTime(modTime time.Time) {
+	metadataMu.Lock()
+	defer metadataMu.Unlock()
+
 	// Make sure o.meta is not nil
 	if o.meta == nil {
 		o.meta = make(map[string]string, 1)
@@ -964,31 +986,7 @@ func isDirectoryMarker(size int64, metadata map[string]*string, remote string) b
 		// defacto standard for marking blobs as directories.
 		// Note also that the metadata hasn't been normalised to lower case yet
 		for k, v := range metadata {
-			if v != nil && strings.EqualFold(k, "hdi_isfolder") && *v == "true" {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-// Returns whether file is a directory marker or not using metadata
-// with pointers to strings as the SDK seems to use both forms rather
-// annoyingly.
-//
-// NB This is a duplicate of isDirectoryMarker
-func isDirectoryMarkerP(size int64, metadata map[string]*string, remote string) bool {
-	// Directory markers are 0 length
-	if size == 0 {
-		endsWithSlash := strings.HasSuffix(remote, "/")
-		if endsWithSlash || remote == "" {
-			return true
-		}
-		// Note that metadata with hdi_isfolder = true seems to be a
-		// defacto standard for marking blobs as directories.
-		// Note also that the metadata hasn't been normalised to lower case yet
-		for k, pv := range metadata {
-			if strings.EqualFold(k, "hdi_isfolder") && pv != nil && *pv == "true" {
+			if v != nil && strings.EqualFold(k, dirMetaKey) && *v == dirMetaValue {
 				return true
 			}
 		}
@@ -1033,6 +1031,7 @@ func (f *Fs) list(ctx context.Context, containerName, directory, prefix string,
 		Prefix:     &directory,
 		MaxResults: &maxResults,
 	})
+	foundItems := 0
 	for pager.More() {
 		var response container.ListBlobsHierarchyResponse
 		err := f.pacer.Call(func() (bool, error) {
@@ -1051,6 +1050,7 @@ func (f *Fs) list(ctx context.Context, containerName, directory, prefix string,
 		}
 		// Advance marker to next
 		// marker = response.NextMarker
+		foundItems += len(response.Segment.BlobItems)
 		for i := range response.Segment.BlobItems {
 			file := response.Segment.BlobItems[i]
 			// Finish if file name no longer has prefix
@@ -1066,20 +1066,27 @@ func (f *Fs) list(ctx context.Context, containerName, directory, prefix string,
 				fs.Debugf(f, "Odd name received %q", remote)
 				continue
 			}
-			remote = remote[len(prefix):]
-			if isDirectoryMarkerP(*file.Properties.ContentLength, file.Metadata, remote) {
-				continue // skip directory marker
+			isDirectory := isDirectoryMarker(*file.Properties.ContentLength, file.Metadata, remote)
+			if isDirectory {
+				// Don't insert the root directory
+				if remote == directory {
+					continue
+				}
+				// process directory markers as directories
+				remote = strings.TrimRight(remote, "/")
 			}
+			remote = remote[len(prefix):]
 			if addContainer {
 				remote = path.Join(containerName, remote)
 			}
 			// Send object
-			err = fn(remote, file, false)
+			err = fn(remote, file, isDirectory)
 			if err != nil {
 				return err
 			}
 		}
 		// Send the subdirectories
+		foundItems += len(response.Segment.BlobPrefixes)
 		for _, remote := range response.Segment.BlobPrefixes {
 			if remote.Name == nil {
 				fs.Debugf(f, "Nil prefix received")
@@ -1102,16 +1109,26 @@ func (f *Fs) list(ctx context.Context, containerName, directory, prefix string,
 			}
 		}
 	}
+	if f.opt.DirectoryMarkers && foundItems == 0 && directory != "" {
+		// Determine whether the directory exists or not by whether it has a marker
+		_, err := f.readMetaData(ctx, containerName, directory)
+		if err != nil {
+			if err == fs.ErrorObjectNotFound {
+				return fs.ErrorDirNotFound
+			}
+			return err
+		}
+	}
 	return nil
 }
 
 // Convert a list item into a DirEntry
-func (f *Fs) itemToDirEntry(remote string, object *container.BlobItem, isDirectory bool) (fs.DirEntry, error) {
+func (f *Fs) itemToDirEntry(ctx context.Context, remote string, object *container.BlobItem, isDirectory bool) (fs.DirEntry, error) {
 	if isDirectory {
 		d := fs.NewDir(remote, time.Time{})
 		return d, nil
 	}
-	o, err := f.newObjectWithInfo(remote, object)
+	o, err := f.newObjectWithInfo(ctx, remote, object)
 	if err != nil {
 		return nil, err
 	}
@@ -1139,7 +1156,7 @@ func (f *Fs) listDir(ctx context.Context, containerName, directory, prefix strin
 		return nil, fs.ErrorDirNotFound
 	}
 	err = f.list(ctx, containerName, directory, prefix, addContainer, false, int32(f.opt.ListChunkSize), func(remote string, object *container.BlobItem, isDirectory bool) error {
-		entry, err := f.itemToDirEntry(remote, object, isDirectory)
+		entry, err := f.itemToDirEntry(ctx, remote, object, isDirectory)
 		if err != nil {
 			return err
 		}
@@ -1220,7 +1237,7 @@ func (f *Fs) ListR(ctx context.Context, dir string, callback fs.ListRCallback) (
 	list := walk.NewListRHelper(callback)
 	listR := func(containerName, directory, prefix string, addContainer bool) error {
 		return f.list(ctx, containerName, directory, prefix, addContainer, true, int32(f.opt.ListChunkSize), func(remote string, object *container.BlobItem, isDirectory bool) error {
-			entry, err := f.itemToDirEntry(remote, object, isDirectory)
+			entry, err := f.itemToDirEntry(ctx, remote, object, isDirectory)
 			if err != nil {
 				return err
 			}
@@ -1314,10 +1331,71 @@ func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, opt
 	return f.Put(ctx, in, src, options...)
 }
 
+// Create directory marker file and parents
+func (f *Fs) createDirectoryMarker(ctx context.Context, container, dir string) error {
+	if !f.opt.DirectoryMarkers || container == "" {
+		return nil
+	}
+
+	// Object to be uploaded
+	o := &Object{
+		fs:      f,
+		modTime: time.Now(),
+		meta: map[string]string{
+			dirMetaKey: dirMetaValue,
+		},
+	}
+
+	for {
+		_, containerPath := f.split(dir)
+		// Don't create the directory marker if it is the bucket or at the very root
+		if containerPath == "" {
+			break
+		}
+		o.remote = dir + "/"
+
+		// Check to see if object already exists
+		_, err := f.readMetaData(ctx, container, containerPath+"/")
+		if err == nil {
+			return nil
+		}
+
+		// Upload it if not
+		fs.Debugf(o, "Creating directory marker")
+		content := io.Reader(strings.NewReader(""))
+		err = o.Update(ctx, content, o)
+		if err != nil {
+			return fmt.Errorf("creating directory marker failed: %w", err)
+		}
+
+		// Now check parent directory exists
+		dir = path.Dir(dir)
+		if dir == "/" || dir == "." {
+			break
+		}
+	}
+
+	return nil
+}
+
 // Mkdir creates the container if it doesn't exist
 func (f *Fs) Mkdir(ctx context.Context, dir string) error {
 	container, _ := f.split(dir)
-	return f.makeContainer(ctx, container)
+	e := f.makeContainer(ctx, container)
+	if e != nil {
+		return e
+	}
+	return f.createDirectoryMarker(ctx, container, dir)
+}
+
+// mkdirParent creates the parent bucket/directory if it doesn't exist
+func (f *Fs) mkdirParent(ctx context.Context, remote string) error {
+	remote = strings.TrimRight(remote, "/")
+	dir := path.Dir(remote)
+	if dir == "/" || dir == "." {
+		dir = ""
+	}
+	return f.Mkdir(ctx, dir)
 }
 
 // makeContainer creates the container if it doesn't exist
@@ -1417,6 +1495,18 @@ func (f *Fs) deleteContainer(ctx context.Context, containerName string) error {
 // Returns an error if it isn't empty
 func (f *Fs) Rmdir(ctx context.Context, dir string) error {
 	container, directory := f.split(dir)
+	// Remove directory marker file
+	if f.opt.DirectoryMarkers && container != "" && directory != "" {
+		o := &Object{
+			fs:     f,
+			remote: dir + "/",
+		}
+		fs.Debugf(o, "Removing directory marker")
+		err := o.Remove(ctx)
+		if err != nil {
+			return fmt.Errorf("removing directory marker failed: %w", err)
+		}
+	}
 	if container == "" || directory != "" {
 		return nil
 	}
@@ -1440,7 +1530,10 @@ func (f *Fs) Hashes() hash.Set {
 // Purge deletes all the files and directories including the old versions.
 func (f *Fs) Purge(ctx context.Context, dir string) error {
 	container, directory := f.split(dir)
-	if container == "" || directory != "" {
+	if container == "" {
+		return errors.New("can't purge from root")
+	}
+	if directory != "" {
 		// Delegate to caller if not root of a container
 		return fs.ErrorCantPurge
 	}
@@ -1458,7 +1551,7 @@ func (f *Fs) Purge(ctx context.Context, dir string) error {
 // If it isn't possible then return fs.ErrorCantCopy
 func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
 	dstContainer, dstPath := f.split(remote)
-	err := f.makeContainer(ctx, dstContainer)
+	err := f.mkdirParent(ctx, remote)
 	if err != nil {
 		return nil, err
 	}
@@ -1471,9 +1564,8 @@ func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	srcBlobSVC := srcObj.getBlobSVC()
 	srcURL := srcBlobSVC.URL()
 
-	tier := blob.AccessTier(f.opt.AccessTier)
 	options := blob.StartCopyFromURLOptions{
-		Tier: &tier,
+		Tier: parseTier(f.opt.AccessTier),
 	}
 	var startCopy blob.StartCopyFromURLResponse
 	err = f.pacer.Call(func() (bool, error) {
@@ -1498,19 +1590,6 @@ func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	return f.NewObject(ctx, remote)
 }
 
-func (f *Fs) getMemoryPool(size int64) *pool.Pool {
-	if size == int64(f.opt.ChunkSize) {
-		return f.pool
-	}
-
-	return pool.New(
-		time.Duration(f.opt.MemoryPoolFlushTime),
-		int(size),
-		f.ci.Transfers,
-		f.opt.MemoryPoolUseMmap,
-	)
-}
-
 // ------------------------------------------------------------
 
 // Fs returns the parent Fs
@@ -1554,6 +1633,9 @@ func (o *Object) Size() int64 {
 
 // Set o.metadata from metadata
 func (o *Object) setMetadata(metadata map[string]*string) {
+	metadataMu.Lock()
+	defer metadataMu.Unlock()
+
 	if len(metadata) > 0 {
 		// Lower case the metadata
 		o.meta = make(map[string]string, len(metadata))
@@ -1578,11 +1660,15 @@ func (o *Object) setMetadata(metadata map[string]*string) {
 
 // Get metadata from o.meta
 func (o *Object) getMetadata() (metadata map[string]*string) {
+	metadataMu.Lock()
+	defer metadataMu.Unlock()
+
 	if len(o.meta) == 0 {
 		return nil
 	}
 	metadata = make(map[string]*string, len(o.meta))
 	for k, v := range o.meta {
+		v := v
 		metadata[k] = &v
 	}
 	return metadata
@@ -1695,7 +1781,7 @@ func (o *Object) decodeMetaDataFromBlob(info *container.BlobItem) (err error) {
 	} else {
 		size = *info.Properties.ContentLength
 	}
-	if isDirectoryMarkerP(size, metadata, o.remote) {
+	if isDirectoryMarker(size, metadata, o.remote) {
 		return fs.ErrorNotAFile
 	}
 	// NOTE - Client library always returns MD5 as base64 decoded string, Object needs to maintain
@@ -1728,17 +1814,34 @@ func (o *Object) getBlobSVC() *blob.Client {
 	return o.fs.getBlobSVC(container, directory)
 }
 
-// getBlockBlobSVC creates a block blob client
-func (o *Object) getBlockBlobSVC() *blockblob.Client {
-	container, directory := o.split()
-	return o.fs.getBlockBlobSVC(container, directory)
-}
-
 // clearMetaData clears enough metadata so readMetaData will re-read it
 func (o *Object) clearMetaData() {
 	o.modTime = time.Time{}
 }
 
+// readMetaData gets the metadata if it hasn't already been fetched
+func (f *Fs) readMetaData(ctx context.Context, container, containerPath string) (blobProperties blob.GetPropertiesResponse, err error) {
+	if !f.containerOK(container) {
+		return blobProperties, fs.ErrorObjectNotFound
+	}
+	blb := f.getBlobSVC(container, containerPath)
+
+	// Read metadata (this includes metadata)
+	options := blob.GetPropertiesOptions{}
+	err = f.pacer.Call(func() (bool, error) {
+		blobProperties, err = blb.GetProperties(ctx, &options)
+		return f.shouldRetry(ctx, err)
+	})
+	if err != nil {
+		// On directories - GetProperties does not work and current SDK does not populate service code correctly hence check regular http response as well
+		if storageErr, ok := err.(*azcore.ResponseError); ok && (storageErr.ErrorCode == string(bloberror.BlobNotFound) || storageErr.StatusCode == http.StatusNotFound) {
+			return blobProperties, fs.ErrorObjectNotFound
+		}
+		return blobProperties, err
+	}
+	return blobProperties, nil
+}
+
 // readMetaData gets the metadata if it hasn't already been fetched
 //
 // Sets
@@ -1747,33 +1850,15 @@ func (o *Object) clearMetaData() {
 //	o.modTime
 //	o.size
 //	o.md5
-func (o *Object) readMetaData() (err error) {
-	container, _ := o.split()
-	if !o.fs.containerOK(container) {
-		return fs.ErrorObjectNotFound
-	}
+func (o *Object) readMetaData(ctx context.Context) (err error) {
 	if !o.modTime.IsZero() {
 		return nil
 	}
-	blb := o.getBlobSVC()
-	// fs.Debugf(o, "Blob URL = %q", blb.URL())
-
-	// Read metadata (this includes metadata)
-	options := blob.GetPropertiesOptions{}
-	ctx := context.Background()
-	var blobProperties blob.GetPropertiesResponse
-	err = o.fs.pacer.Call(func() (bool, error) {
-		blobProperties, err = blb.GetProperties(ctx, &options)
-		return o.fs.shouldRetry(ctx, err)
-	})
+	container, containerPath := o.split()
+	blobProperties, err := o.fs.readMetaData(ctx, container, containerPath)
 	if err != nil {
-		// On directories - GetProperties does not work and current SDK does not populate service code correctly hence check regular http response as well
-		if storageErr, ok := err.(*azcore.ResponseError); ok && (storageErr.ErrorCode == string(bloberror.BlobNotFound) || storageErr.StatusCode == http.StatusNotFound) {
-			return fs.ErrorObjectNotFound
-		}
 		return err
 	}
-
 	return o.decodeMetaDataFromPropertiesResponse(&blobProperties)
 }
 
@@ -1783,18 +1868,13 @@ func (o *Object) readMetaData() (err error) {
 // LastModified returned in the http headers
 func (o *Object) ModTime(ctx context.Context) (result time.Time) {
 	// The error is logged in readMetaData
-	_ = o.readMetaData()
+	_ = o.readMetaData(ctx)
 	return o.modTime
 }
 
 // SetModTime sets the modification time of the local fs object
 func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error {
-	// Make sure o.meta is not nil
-	if o.meta == nil {
-		o.meta = make(map[string]string, 1)
-	}
-	// Set modTimeKey in it
-	o.meta[modTimeKey] = modTime.Format(timeFormatOut)
+	o.updateMetadataWithModTime(modTime)
 
 	blb := o.getBlobSVC()
 	opt := blob.SetMetadataOptions{}
@@ -1820,7 +1900,7 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 	var offset int64
 	var count int64
 	if o.AccessTier() == blob.AccessTierArchive {
-		return nil, fmt.Errorf("blob in archive tier, you need to set tier to hot or cool first")
+		return nil, fmt.Errorf("blob in archive tier, you need to set tier to hot, cool, cold first")
 	}
 	fs.FixRangeOption(options, o.size)
 	for _, option := range options {
@@ -1870,48 +1950,6 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 	return downloadResponse.Body, nil
 }
 
-// poolWrapper wraps a pool.Pool as an azblob.TransferManager
-type poolWrapper struct {
-	pool     *pool.Pool
-	bufToken chan struct{}
-	runToken chan struct{}
-}
-
-// newPoolWrapper creates an azblob.TransferManager that will use a
-// pool.Pool with maximum concurrency as specified.
-func (f *Fs) newPoolWrapper(concurrency int) *poolWrapper {
-	return &poolWrapper{
-		pool:     f.pool,
-		bufToken: make(chan struct{}, concurrency),
-		runToken: make(chan struct{}, concurrency),
-	}
-}
-
-// Get implements TransferManager.Get().
-func (pw *poolWrapper) Get() []byte {
-	pw.bufToken <- struct{}{}
-	return pw.pool.Get()
-}
-
-// Put implements TransferManager.Put().
-func (pw *poolWrapper) Put(b []byte) {
-	pw.pool.Put(b)
-	<-pw.bufToken
-}
-
-// Run implements TransferManager.Run().
-func (pw *poolWrapper) Run(f func()) {
-	pw.runToken <- struct{}{}
-	go func() {
-		f()
-		<-pw.runToken
-	}()
-}
-
-// Close implements TransferManager.Close().
-func (pw *poolWrapper) Close() {
-}
-
 // Converts a string into a pointer to a string
 func pString(s string) *string {
 	return &s
@@ -1928,8 +1966,8 @@ func (rs *readSeekCloser) Close() error {
 	return nil
 }
 
-// increment the slice passed in as LSB binary
-func increment(xs []byte) {
+// increment the array as LSB binary
+func increment(xs *[8]byte) {
 	for i, digit := range xs {
 		newDigit := digit + 1
 		xs[i] = newDigit
@@ -1940,22 +1978,43 @@ func increment(xs []byte) {
 	}
 }
 
-var warnStreamUpload sync.Once
+// record chunk number and id for Close
+type azBlock struct {
+	chunkNumber int
+	id          string
+}
 
-// uploadMultipart uploads a file using multipart upload
+// Implements the fs.ChunkWriter interface
+type azChunkWriter struct {
+	chunkSize     int64
+	size          int64
+	f             *Fs
+	ui            uploadInfo
+	blocksMu      sync.Mutex // protects the below
+	blocks        []azBlock  // list of blocks for finalize
+	binaryBlockID [8]byte    // block counter as LSB first 8 bytes
+	o             *Object
+}
+
+// OpenChunkWriter returns the chunk size and a ChunkWriter
 //
-// Write a larger blob, using CreateBlockBlob, PutBlock, and PutBlockList.
-func (o *Object) uploadMultipart(ctx context.Context, in io.Reader, size int64, blb *blockblob.Client, httpHeaders *blob.HTTPHeaders) (err error) {
+// Pass in the remote and the src object
+// You can also use options to hint at the desired chunk size
+func (f *Fs) OpenChunkWriter(ctx context.Context, remote string, src fs.ObjectInfo, options ...fs.OpenOption) (info fs.ChunkWriterInfo, writer fs.ChunkWriter, err error) {
+	// Temporary Object under construction
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+	ui, err := o.prepareUpload(ctx, src, options)
+	if err != nil {
+		return info, nil, fmt.Errorf("failed to prepare upload: %w", err)
+	}
+
 	// Calculate correct partSize
-	partSize := o.fs.opt.ChunkSize
+	partSize := f.opt.ChunkSize
 	totalParts := -1
-
-	// make concurrency machinery
-	concurrency := o.fs.opt.UploadConcurrency
-	if concurrency < 1 {
-		concurrency = 1
-	}
-	tokens := pacer.NewTokenDispenser(concurrency)
+	size := src.Size()
 
 	// Note that the max size of file is 4.75 TB (100 MB X 50,000
 	// blocks) and this is bigger than the max uncommitted block
@@ -1969,13 +2028,13 @@ func (o *Object) uploadMultipart(ctx context.Context, in io.Reader, size int64,
 	// 195GB which seems like a not too unreasonable limit.
 	if size == -1 {
 		warnStreamUpload.Do(func() {
-			fs.Logf(o, "Streaming uploads using chunk size %v will have maximum file size of %v",
-				o.fs.opt.ChunkSize, partSize*fs.SizeSuffix(blockblob.MaxBlocks))
+			fs.Logf(f, "Streaming uploads using chunk size %v will have maximum file size of %v",
+				f.opt.ChunkSize, partSize*fs.SizeSuffix(blockblob.MaxBlocks))
 		})
 	} else {
-		partSize = chunksize.Calculator(o, size, blockblob.MaxBlocks, o.fs.opt.ChunkSize)
+		partSize = chunksize.Calculator(remote, size, blockblob.MaxBlocks, f.opt.ChunkSize)
 		if partSize > fs.SizeSuffix(blockblob.MaxStageBlockBytes) {
-			return fmt.Errorf("can't upload as it is too big %v - takes more than %d chunks of %v", fs.SizeSuffix(size), fs.SizeSuffix(blockblob.MaxBlocks), fs.SizeSuffix(blockblob.MaxStageBlockBytes))
+			return info, nil, fmt.Errorf("can't upload as it is too big %v - takes more than %d chunks of %v", fs.SizeSuffix(size), fs.SizeSuffix(blockblob.MaxBlocks), fs.SizeSuffix(blockblob.MaxStageBlockBytes))
 		}
 		totalParts = int(fs.SizeSuffix(size) / partSize)
 		if fs.SizeSuffix(size)%partSize != 0 {
@@ -1985,207 +2044,224 @@ func (o *Object) uploadMultipart(ctx context.Context, in io.Reader, size int64,
 
 	fs.Debugf(o, "Multipart upload session started for %d parts of size %v", totalParts, partSize)
 
-	// unwrap the accounting from the input, we use wrap to put it
-	// back on after the buffering
-	in, wrap := accounting.UnWrap(in)
+	chunkWriter := &azChunkWriter{
+		chunkSize: int64(partSize),
+		size:      size,
+		f:         f,
+		ui:        ui,
+		o:         o,
+	}
+	info = fs.ChunkWriterInfo{
+		ChunkSize:   int64(partSize),
+		Concurrency: o.fs.opt.UploadConcurrency,
+		//LeavePartsOnError: o.fs.opt.LeavePartsOnError,
+	}
+	fs.Debugf(o, "open chunk writer: started multipart upload")
+	return info, chunkWriter, nil
+}
 
-	// FIXME it would be nice to delete uncommitted blocks
-	// See: https://github.com/rclone/rclone/issues/5583
-	//
-	// However there doesn't seem to be an easy way of doing this other than
-	// by deleting the target.
-	//
-	// This means that a failed upload deletes the target which isn't ideal.
-	//
-	// Uploading a zero length blob and deleting it will remove the
-	// uncommitted blocks I think.
-	//
-	// Could check to see if a file exists already and if it
-	// doesn't then create a 0 length file and delete it to flush
-	// the uncommitted blocks.
-	//
-	// This is what azcopy does
-	// https://github.com/MicrosoftDocs/azure-docs/issues/36347#issuecomment-541457962
-	// defer atexit.OnError(&err, func() {
-	// 	fs.Debugf(o, "Cancelling multipart upload")
-	//      // Code goes here!
-	// })()
-
-	// Upload the chunks
-	var (
-		g, gCtx       = errgroup.WithContext(ctx)
-		remaining     = fs.SizeSuffix(size)                 // remaining size in file for logging only, -1 if size < 0
-		position      = fs.SizeSuffix(0)                    // position in file
-		memPool       = o.fs.getMemoryPool(int64(partSize)) // pool to get memory from
-		finished      = false                               // set when we have read EOF
-		blocks        []string                              // list of blocks for finalize
-		binaryBlockID = make([]byte, 8)                     // block counter as LSB first 8 bytes
-	)
-	for part := 0; !finished; part++ {
-		// Get a block of memory from the pool and a token which limits concurrency
-		tokens.Get()
-		buf := memPool.Get()
+// WriteChunk will write chunk number with reader bytes, where chunk number >= 0
+func (w *azChunkWriter) WriteChunk(ctx context.Context, chunkNumber int, reader io.ReadSeeker) (int64, error) {
+	if chunkNumber < 0 {
+		err := fmt.Errorf("invalid chunk number provided: %v", chunkNumber)
+		return -1, err
+	}
 
-		free := func() {
-			memPool.Put(buf) // return the buf
-			tokens.Put()     // return the token
-		}
+	// Upload the block, with MD5 for check
+	m := md5.New()
+	currentChunkSize, err := io.Copy(m, reader)
+	if err != nil {
+		return -1, err
+	}
+	// If no data read, don't write the chunk
+	if currentChunkSize == 0 {
+		return 0, nil
+	}
+	md5sum := m.Sum(nil)
+	transactionalMD5 := md5sum[:]
 
-		// Fail fast, in case an errgroup managed function returns an error
-		// gCtx is cancelled. There is no point in uploading all the other parts.
-		if gCtx.Err() != nil {
-			free()
-			break
-		}
+	// increment the blockID and save the blocks for finalize
+	increment(&w.binaryBlockID)
+	blockID := base64.StdEncoding.EncodeToString(w.binaryBlockID[:])
 
-		// Read the chunk
-		n, err := readers.ReadFill(in, buf) // this can never return 0, nil
-		if err == io.EOF {
-			if n == 0 { // end if no data
-				free()
-				break
-			}
-			finished = true
-		} else if err != nil {
-			free()
-			return fmt.Errorf("multipart upload failed to read source: %w", err)
-		}
-		buf = buf[:n]
-
-		// increment the blockID and save the blocks for finalize
-		increment(binaryBlockID)
-		blockID := base64.StdEncoding.EncodeToString(binaryBlockID)
-		blocks = append(blocks, blockID)
-
-		// Transfer the chunk
-		fs.Debugf(o, "Uploading part %d/%d offset %v/%v part size %d", part+1, totalParts, position, fs.SizeSuffix(size), len(buf))
-		g.Go(func() (err error) {
-			defer free()
-
-			// Upload the block, with MD5 for check
-			md5sum := md5.Sum(buf)
-			transactionalMD5 := md5sum[:]
-			err = o.fs.pacer.Call(func() (bool, error) {
-				bufferReader := bytes.NewReader(buf)
-				wrappedReader := wrap(bufferReader)
-				rs := readSeekCloser{wrappedReader, bufferReader}
-				options := blockblob.StageBlockOptions{
-					// Specify the transactional md5 for the body, to be validated by the service.
-					TransactionalValidation: blob.TransferValidationTypeMD5(transactionalMD5),
-				}
-				_, err = blb.StageBlock(ctx, blockID, &rs, &options)
-				return o.fs.shouldRetry(ctx, err)
-			})
-			if err != nil {
-				return fmt.Errorf("multipart upload failed to upload part: %w", err)
-			}
-			return nil
-		})
+	// Save the blockID for the commit
+	w.blocksMu.Lock()
+	w.blocks = append(w.blocks, azBlock{
+		chunkNumber: chunkNumber,
+		id:          blockID,
+	})
+	w.blocksMu.Unlock()
 
-		// ready for next block
-		if size >= 0 {
-			remaining -= partSize
+	err = w.f.pacer.Call(func() (bool, error) {
+		// rewind the reader on retry and after reading md5
+		_, err = reader.Seek(0, io.SeekStart)
+		if err != nil {
+			return false, err
 		}
-		position += partSize
-	}
-	err = g.Wait()
+		options := blockblob.StageBlockOptions{
+			// Specify the transactional md5 for the body, to be validated by the service.
+			TransactionalValidation: blob.TransferValidationTypeMD5(transactionalMD5),
+		}
+		_, err = w.ui.blb.StageBlock(ctx, blockID, &readSeekCloser{Reader: reader, Seeker: reader}, &options)
+		if err != nil {
+			if chunkNumber <= 8 {
+				return w.f.shouldRetry(ctx, err)
+			}
+			// retry all chunks once have done the first few
+			return true, err
+		}
+		return false, nil
+	})
 	if err != nil {
-		return err
+		return -1, fmt.Errorf("failed to upload chunk %d with %v bytes: %w", chunkNumber+1, currentChunkSize, err)
+	}
+
+	fs.Debugf(w.o, "multipart upload wrote chunk %d with %v bytes", chunkNumber+1, currentChunkSize)
+	return currentChunkSize, err
+}
+
+// Abort the multipart upload.
+//
+// FIXME it would be nice to delete uncommitted blocks.
+//
+// See: https://github.com/rclone/rclone/issues/5583
+//
+// However there doesn't seem to be an easy way of doing this other than
+// by deleting the target.
+//
+// This means that a failed upload deletes the target which isn't ideal.
+//
+// Uploading a zero length blob and deleting it will remove the
+// uncommitted blocks I think.
+//
+// Could check to see if a file exists already and if it doesn't then
+// create a 0 length file and delete it to flush the uncommitted
+// blocks.
+//
+// This is what azcopy does
+// https://github.com/MicrosoftDocs/azure-docs/issues/36347#issuecomment-541457962
+func (w *azChunkWriter) Abort(ctx context.Context) error {
+	fs.Debugf(w.o, "multipart upload aborted (did nothing - see issue #5583)")
+	return nil
+}
+
+// Close and finalise the multipart upload
+func (w *azChunkWriter) Close(ctx context.Context) (err error) {
+	// sort the completed parts by part number
+	sort.Slice(w.blocks, func(i, j int) bool {
+		return w.blocks[i].chunkNumber < w.blocks[j].chunkNumber
+	})
+
+	// Create a list of block IDs
+	blockIDs := make([]string, len(w.blocks))
+	for i := range w.blocks {
+		blockIDs[i] = w.blocks[i].id
 	}
 
-	tier := blob.AccessTier(o.fs.opt.AccessTier)
 	options := blockblob.CommitBlockListOptions{
-		Metadata:    o.getMetadata(),
-		Tier:        &tier,
-		HTTPHeaders: httpHeaders,
+		Metadata:    w.o.getMetadata(),
+		Tier:        parseTier(w.f.opt.AccessTier),
+		HTTPHeaders: &w.ui.httpHeaders,
 	}
 
 	// Finalise the upload session
-	err = o.fs.pacer.Call(func() (bool, error) {
-		_, err := blb.CommitBlockList(ctx, blocks, &options)
-		return o.fs.shouldRetry(ctx, err)
+	err = w.f.pacer.Call(func() (bool, error) {
+		_, err := w.ui.blb.CommitBlockList(ctx, blockIDs, &options)
+		return w.f.shouldRetry(ctx, err)
 	})
 	if err != nil {
-		return fmt.Errorf("multipart upload failed to finalize: %w", err)
+		return fmt.Errorf("failed to complete multipart upload: %w", err)
 	}
-	return nil
+	fs.Debugf(w.o, "multipart upload finished")
+	return err
+}
+
+var warnStreamUpload sync.Once
+
+// uploadMultipart uploads a file using multipart upload
+//
+// Write a larger blob, using CreateBlockBlob, PutBlock, and PutBlockList.
+func (o *Object) uploadMultipart(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (ui uploadInfo, err error) {
+	chunkWriter, err := multipart.UploadMultipart(ctx, src, in, multipart.UploadMultipartOptions{
+		Open:        o.fs,
+		OpenOptions: options,
+	})
+	if err != nil {
+		return ui, err
+	}
+	return chunkWriter.(*azChunkWriter).ui, nil
 }
 
 // uploadSinglepart uploads a short blob using a single part upload
-func (o *Object) uploadSinglepart(ctx context.Context, in io.Reader, size int64, blb *blockblob.Client, httpHeaders *blob.HTTPHeaders) (err error) {
+func (o *Object) uploadSinglepart(ctx context.Context, in io.Reader, size int64, ui uploadInfo) (err error) {
+	chunkSize := int64(o.fs.opt.ChunkSize)
 	// fs.Debugf(o, "Single part upload starting of object %d bytes", size)
-	if size > o.fs.poolSize || size < 0 {
-		return fmt.Errorf("internal error: single part upload size too big %d > %d", size, o.fs.opt.ChunkSize)
+	if size > chunkSize || size < 0 {
+		return fmt.Errorf("internal error: single part upload size too big %d > %d", size, chunkSize)
 	}
 
-	buf := o.fs.pool.Get()
-	defer o.fs.pool.Put(buf)
+	rw := multipart.NewRW()
+	defer fs.CheckClose(rw, &err)
 
-	n, err := readers.ReadFill(in, buf)
-	if err == nil {
-		// Check to see whether in is exactly len(buf) or bigger
-		var buf2 = []byte{0}
-		n2, err2 := readers.ReadFill(in, buf2)
-		if n2 != 0 || err2 != io.EOF {
-			return fmt.Errorf("single part upload read failed: object longer than expected (expecting %d but got > %d)", size, len(buf))
-		}
-	}
+	n, err := io.CopyN(rw, in, size+1)
 	if err != nil && err != io.EOF {
 		return fmt.Errorf("single part upload read failed: %w", err)
 	}
-	if int64(n) != size {
+	if n != size {
 		return fmt.Errorf("single part upload: expecting to read %d bytes but read %d", size, n)
 	}
 
-	b := bytes.NewReader(buf[:n])
-	rs := &readSeekCloser{Reader: b, Seeker: b}
+	rs := &readSeekCloser{Reader: rw, Seeker: rw}
 
-	tier := blob.AccessTier(o.fs.opt.AccessTier)
 	options := blockblob.UploadOptions{
 		Metadata:    o.getMetadata(),
-		Tier:        &tier,
-		HTTPHeaders: httpHeaders,
+		Tier:        parseTier(o.fs.opt.AccessTier),
+		HTTPHeaders: &ui.httpHeaders,
 	}
 
-	// Don't retry, return a retry error instead
-	return o.fs.pacer.CallNoRetry(func() (bool, error) {
-		_, err = blb.Upload(ctx, rs, &options)
+	return o.fs.pacer.Call(func() (bool, error) {
+		// rewind the reader on retry
+		_, err = rs.Seek(0, io.SeekStart)
+		if err != nil {
+			return false, err
+		}
+		_, err = ui.blb.Upload(ctx, rs, &options)
 		return o.fs.shouldRetry(ctx, err)
 	})
 }
 
-// Update the object with the contents of the io.Reader, modTime and size
-//
-// The new object may have been created if an error is returned
-func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
-	if o.accessTier == blob.AccessTierArchive {
-		if o.fs.opt.ArchiveTierDelete {
-			fs.Debugf(o, "deleting archive tier blob before updating")
-			err = o.Remove(ctx)
-			if err != nil {
-				return fmt.Errorf("failed to delete archive blob before updating: %w", err)
-			}
-		} else {
-			return errCantUpdateArchiveTierBlobs
-		}
-	}
+// Info needed for an upload
+type uploadInfo struct {
+	blb         *blockblob.Client
+	httpHeaders blob.HTTPHeaders
+	isDirMarker bool
+}
+
+// Prepare the object for upload
+func (o *Object) prepareUpload(ctx context.Context, src fs.ObjectInfo, options []fs.OpenOption) (ui uploadInfo, err error) {
 	container, containerPath := o.split()
 	if container == "" || containerPath == "" {
-		return fmt.Errorf("can't upload to root - need a container")
-	}
-	err = o.fs.makeContainer(ctx, container)
-	if err != nil {
-		return err
+		return ui, fmt.Errorf("can't upload to root - need a container")
+	}
+	// Create parent dir/bucket if not saving directory marker
+	metadataMu.Lock()
+	_, ui.isDirMarker = o.meta[dirMetaKey]
+	metadataMu.Unlock()
+	if !ui.isDirMarker {
+		err = o.fs.mkdirParent(ctx, o.remote)
+		if err != nil {
+			return ui, err
+		}
 	}
 
 	// Update Mod time
 	o.updateMetadataWithModTime(src.ModTime(ctx))
 	if err != nil {
-		return err
+		return ui, err
 	}
 
 	// Create the HTTP headers for the upload
-	httpHeaders := blob.HTTPHeaders{
+	ui.httpHeaders = blob.HTTPHeaders{
 		BlobContentType: pString(fs.MimeType(ctx, src)),
 	}
 
@@ -2195,7 +2271,7 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		if sourceMD5, _ := src.Hash(ctx, hash.MD5); sourceMD5 != "" {
 			sourceMD5bytes, err := hex.DecodeString(sourceMD5)
 			if err == nil {
-				httpHeaders.BlobContentMD5 = sourceMD5bytes
+				ui.httpHeaders.BlobContentMD5 = sourceMD5bytes
 			} else {
 				fs.Debugf(o, "Failed to decode %q as MD5: %v", sourceMD5, err)
 			}
@@ -2210,36 +2286,62 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		case "":
 			// ignore
 		case "cache-control":
-			httpHeaders.BlobCacheControl = pString(value)
+			ui.httpHeaders.BlobCacheControl = pString(value)
 		case "content-disposition":
-			httpHeaders.BlobContentDisposition = pString(value)
+			ui.httpHeaders.BlobContentDisposition = pString(value)
 		case "content-encoding":
-			httpHeaders.BlobContentEncoding = pString(value)
+			ui.httpHeaders.BlobContentEncoding = pString(value)
 		case "content-language":
-			httpHeaders.BlobContentLanguage = pString(value)
+			ui.httpHeaders.BlobContentLanguage = pString(value)
 		case "content-type":
-			httpHeaders.BlobContentType = pString(value)
+			ui.httpHeaders.BlobContentType = pString(value)
+		}
+	}
+
+	ui.blb = o.fs.getBlockBlobSVC(container, containerPath)
+	return ui, nil
+}
+
+// Update the object with the contents of the io.Reader, modTime and size
+//
+// The new object may have been created if an error is returned
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
+	if o.accessTier == blob.AccessTierArchive {
+		if o.fs.opt.ArchiveTierDelete {
+			fs.Debugf(o, "deleting archive tier blob before updating")
+			err = o.Remove(ctx)
+			if err != nil {
+				return fmt.Errorf("failed to delete archive blob before updating: %w", err)
+			}
+		} else {
+			return errCantUpdateArchiveTierBlobs
 		}
 	}
 
-	blb := o.fs.getBlockBlobSVC(container, containerPath)
 	size := src.Size()
-	multipartUpload := size < 0 || size > o.fs.poolSize
+	multipartUpload := size < 0 || size > int64(o.fs.opt.ChunkSize)
+	var ui uploadInfo
 
 	if multipartUpload {
-		err = o.uploadMultipart(ctx, in, size, blb, &httpHeaders)
+		ui, err = o.uploadMultipart(ctx, in, src, options...)
 	} else {
-		err = o.uploadSinglepart(ctx, in, size, blb, &httpHeaders)
+		ui, err = o.prepareUpload(ctx, src, options)
+		if err != nil {
+			return fmt.Errorf("failed to prepare upload: %w", err)
+		}
+		err = o.uploadSinglepart(ctx, in, size, ui)
 	}
 	if err != nil {
 		return err
 	}
 
 	// Refresh metadata on object
-	o.clearMetaData()
-	err = o.readMetaData()
-	if err != nil {
-		return err
+	if !ui.isDirMarker {
+		o.clearMetaData()
+		err = o.readMetaData(ctx)
+		if err != nil {
+			return err
+		}
 	}
 
 	// If tier is not changed or not specified, do not attempt to invoke `SetBlobTier` operation
@@ -2313,15 +2415,24 @@ func (o *Object) GetTier() string {
 	return string(o.accessTier)
 }
 
+func parseTier(tier string) *blob.AccessTier {
+	if tier == "" {
+		return nil
+	}
+	msTier := blob.AccessTier(tier)
+	return &msTier
+}
+
 // Check the interfaces are satisfied
 var (
-	_ fs.Fs          = &Fs{}
-	_ fs.Copier      = &Fs{}
-	_ fs.PutStreamer = &Fs{}
-	_ fs.Purger      = &Fs{}
-	_ fs.ListRer     = &Fs{}
-	_ fs.Object      = &Object{}
-	_ fs.MimeTyper   = &Object{}
-	_ fs.GetTierer   = &Object{}
-	_ fs.SetTierer   = &Object{}
+	_ fs.Fs              = &Fs{}
+	_ fs.Copier          = &Fs{}
+	_ fs.PutStreamer     = &Fs{}
+	_ fs.Purger          = &Fs{}
+	_ fs.ListRer         = &Fs{}
+	_ fs.OpenChunkWriter = &Fs{}
+	_ fs.Object          = &Object{}
+	_ fs.MimeTyper       = &Object{}
+	_ fs.GetTierer       = &Object{}
+	_ fs.SetTierer       = &Object{}
 )
diff --git a/backend/azureblob/azureblob_internal_test.go b/backend/azureblob/azureblob_internal_test.go
index daa3b811482c3..1871fa26522dc 100644
--- a/backend/azureblob/azureblob_internal_test.go
+++ b/backend/azureblob/azureblob_internal_test.go
@@ -1,5 +1,5 @@
-//go:build !plan9 && !solaris && !js && go1.18
-// +build !plan9,!solaris,!js,go1.18
+//go:build !plan9 && !solaris && !js
+// +build !plan9,!solaris,!js
 
 package azureblob
 
@@ -20,17 +20,18 @@ func (f *Fs) InternalTest(t *testing.T) {
 
 func TestIncrement(t *testing.T) {
 	for _, test := range []struct {
-		in   []byte
-		want []byte
+		in   [8]byte
+		want [8]byte
 	}{
-		{[]byte{0, 0, 0, 0}, []byte{1, 0, 0, 0}},
-		{[]byte{0xFE, 0, 0, 0}, []byte{0xFF, 0, 0, 0}},
-		{[]byte{0xFF, 0, 0, 0}, []byte{0, 1, 0, 0}},
-		{[]byte{0, 1, 0, 0}, []byte{1, 1, 0, 0}},
-		{[]byte{0xFF, 0xFF, 0xFF, 0xFE}, []byte{0, 0, 0, 0xFF}},
-		{[]byte{0xFF, 0xFF, 0xFF, 0xFF}, []byte{0, 0, 0, 0}},
+		{[8]byte{0, 0, 0, 0}, [8]byte{1, 0, 0, 0}},
+		{[8]byte{0xFE, 0, 0, 0}, [8]byte{0xFF, 0, 0, 0}},
+		{[8]byte{0xFF, 0, 0, 0}, [8]byte{0, 1, 0, 0}},
+		{[8]byte{0, 1, 0, 0}, [8]byte{1, 1, 0, 0}},
+		{[8]byte{0xFF, 0xFF, 0xFF, 0xFE}, [8]byte{0, 0, 0, 0xFF}},
+		{[8]byte{0xFF, 0xFF, 0xFF, 0xFF}, [8]byte{0, 0, 0, 0, 1}},
+		{[8]byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, [8]byte{0, 0, 0, 0, 0, 0, 0}},
 	} {
-		increment(test.in)
+		increment(&test.in)
 		assert.Equal(t, test.want, test.in)
 	}
 }
diff --git a/backend/azureblob/azureblob_test.go b/backend/azureblob/azureblob_test.go
index fba31da8452a5..7caf512338c39 100644
--- a/backend/azureblob/azureblob_test.go
+++ b/backend/azureblob/azureblob_test.go
@@ -1,7 +1,7 @@
 // Test AzureBlob filesystem interface
 
-//go:build !plan9 && !solaris && !js && go1.18
-// +build !plan9,!solaris,!js,go1.18
+//go:build !plan9 && !solaris && !js
+// +build !plan9,!solaris,!js
 
 package azureblob
 
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fstest"
 	"github.com/rclone/rclone/fstest/fstests"
 	"github.com/stretchr/testify/assert"
 )
@@ -18,13 +19,32 @@ func TestIntegration(t *testing.T) {
 	fstests.Run(t, &fstests.Opt{
 		RemoteName:  "TestAzureBlob:",
 		NilObject:   (*Object)(nil),
-		TiersToTest: []string{"Hot", "Cool"},
+		TiersToTest: []string{"Hot", "Cool", "Cold"},
 		ChunkedUpload: fstests.ChunkedUploadConfig{
 			MinChunkSize: defaultChunkSize,
 		},
 	})
 }
 
+// TestIntegration2 runs integration tests against the remote
+func TestIntegration2(t *testing.T) {
+	if *fstest.RemoteName != "" {
+		t.Skip("Skipping as -remote set")
+	}
+	name := "TestAzureBlob"
+	fstests.Run(t, &fstests.Opt{
+		RemoteName:  name + ":",
+		NilObject:   (*Object)(nil),
+		TiersToTest: []string{"Hot", "Cool", "Cold"},
+		ChunkedUpload: fstests.ChunkedUploadConfig{
+			MinChunkSize: defaultChunkSize,
+		},
+		ExtraConfig: []fstests.ExtraConfigItem{
+			{Name: name, Key: "directory_markers", Value: "true"},
+		},
+	})
+}
+
 func (f *Fs) SetUploadChunkSize(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
 	return f.setUploadChunkSize(cs)
 }
@@ -42,6 +62,7 @@ func TestValidateAccessTier(t *testing.T) {
 		"HOT":     {"HOT", true},
 		"Hot":     {"Hot", true},
 		"cool":    {"cool", true},
+		"cold":    {"cold", true},
 		"archive": {"archive", true},
 		"empty":   {"", false},
 		"unknown": {"unknown", false},
diff --git a/backend/azureblob/azureblob_unsupported.go b/backend/azureblob/azureblob_unsupported.go
index 08d5c40630aaa..369d6e367bace 100644
--- a/backend/azureblob/azureblob_unsupported.go
+++ b/backend/azureblob/azureblob_unsupported.go
@@ -1,7 +1,7 @@
 // Build for azureblob for unsupported platforms to stop go complaining
 // about "no buildable Go source files "
 
-//go:build plan9 || solaris || js || !go1.18
-// +build plan9 solaris js !go1.18
+//go:build plan9 || solaris || js
+// +build plan9 solaris js
 
 package azureblob
diff --git a/backend/azurefiles/azurefiles.go b/backend/azurefiles/azurefiles.go
new file mode 100644
index 0000000000000..fd8b4a06e9147
--- /dev/null
+++ b/backend/azurefiles/azurefiles.go
@@ -0,0 +1,1367 @@
+//go:build !plan9 && !js
+// +build !plan9,!js
+
+// Package azurefiles provides an interface to Microsoft Azure Files
+package azurefiles
+
+/*
+   TODO
+
+   This uses LastWriteTime which seems to work. The API return also
+   has LastModified - needs investigation
+
+   Needs pacer to have retries
+
+   HTTP headers need to be passed
+
+   Could support Metadata
+
+   FIXME write mime type
+
+   See FIXME markers
+
+   Optional interfaces for Object
+   - ID
+
+*/
+
+import (
+	"bytes"
+	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azfile/directory"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azfile/file"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azfile/fileerror"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azfile/service"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azfile/share"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config"
+	"github.com/rclone/rclone/fs/config/configmap"
+	"github.com/rclone/rclone/fs/config/configstruct"
+	"github.com/rclone/rclone/fs/config/obscure"
+	"github.com/rclone/rclone/fs/fshttp"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/encoder"
+	"github.com/rclone/rclone/lib/env"
+	"github.com/rclone/rclone/lib/readers"
+)
+
+const (
+	maxFileSize           = 4 * fs.Tebi
+	defaultChunkSize      = 4 * fs.Mebi
+	storageDefaultBaseURL = "core.windows.net" // FIXME not sure this is correct
+)
+
+func init() {
+	fs.Register(&fs.RegInfo{
+		Name:        "azurefiles",
+		Description: "Microsoft Azure Files",
+		NewFs:       NewFs,
+		Options: []fs.Option{{
+			Name: "account",
+			Help: `Azure Storage Account Name.
+
+Set this to the Azure Storage Account Name in use.
+
+Leave blank to use SAS URL or connection string, otherwise it needs to be set.
+
+If this is blank and if env_auth is set it will be read from the
+environment variable ` + "`AZURE_STORAGE_ACCOUNT_NAME`" + ` if possible.
+`,
+			Sensitive: true,
+		}, {
+			Name: "share_name",
+			Help: `Azure Files Share Name.
+
+This is required and is the name of the share to access.
+`,
+		}, {
+			Name: "env_auth",
+			Help: `Read credentials from runtime (environment variables, CLI or MSI).
+
+See the [authentication docs](/azurefiles#authentication) for full info.`,
+			Default: false,
+		}, {
+			Name: "key",
+			Help: `Storage Account Shared Key.
+
+Leave blank to use SAS URL or connection string.`,
+			Sensitive: true,
+		}, {
+			Name: "sas_url",
+			Help: `SAS URL.
+
+Leave blank if using account/key or connection string.`,
+			Sensitive: true,
+		}, {
+			Name:      "connection_string",
+			Help:      `Azure Files Connection String.`,
+			Sensitive: true,
+		}, {
+			Name: "tenant",
+			Help: `ID of the service principal's tenant. Also called its directory ID.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+`,
+			Sensitive: true,
+		}, {
+			Name: "client_id",
+			Help: `The ID of the client in use.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+`,
+			Sensitive: true,
+		}, {
+			Name: "client_secret",
+			Help: `One of the service principal's client secrets
+
+Set this if using
+- Service principal with client secret
+`,
+			Sensitive: true,
+		}, {
+			Name: "client_certificate_path",
+			Help: `Path to a PEM or PKCS12 certificate file including the private key.
+
+Set this if using
+- Service principal with certificate
+`,
+		}, {
+			Name: "client_certificate_password",
+			Help: `Password for the certificate file (optional).
+
+Optionally set this if using
+- Service principal with certificate
+
+And the certificate has a password.
+`,
+			IsPassword: true,
+		}, {
+			Name: "client_send_certificate_chain",
+			Help: `Send the certificate chain when using certificate auth.
+
+Specifies whether an authentication request will include an x5c header
+to support subject name / issuer based authentication. When set to
+true, authentication requests include the x5c header.
+
+Optionally set this if using
+- Service principal with certificate
+`,
+			Default:  false,
+			Advanced: true,
+		}, {
+			Name: "username",
+			Help: `User name (usually an email address)
+
+Set this if using
+- User with username and password
+`,
+			Advanced:  true,
+			Sensitive: true,
+		}, {
+			Name: "password",
+			Help: `The user's password
+
+Set this if using
+- User with username and password
+`,
+			IsPassword: true,
+			Advanced:   true,
+		}, {
+			Name: "service_principal_file",
+			Help: `Path to file containing credentials for use with a service principal.
+
+Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
+
+    $ az ad sp create-for-rbac --name "<name>" \
+      --role "Storage Files Data Owner" \
+      --scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
+      > azure-principal.json
+
+See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to files data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+**NB** this section needs updating for Azure Files - pull requests appreciated!
+
+It may be more convenient to put the credentials directly into the
+rclone config file under the ` + "`client_id`, `tenant` and `client_secret`" + `
+keys instead of setting ` + "`service_principal_file`" + `.
+`,
+			Advanced: true,
+		}, {
+			Name: "use_msi",
+			Help: `Use a managed service identity to authenticate (only works in Azure).
+
+When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+to authenticate to Azure Storage instead of a SAS token or account key.
+
+If the VM(SS) on which this program is running has a system-assigned identity, it will
+be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+the user-assigned identity will be used by default. If the resource has multiple user-assigned
+identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+msi_client_id, or msi_mi_res_id parameters.`,
+			Default:  false,
+			Advanced: true,
+		}, {
+			Name:      "msi_object_id",
+			Help:      "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_mi_res_id specified.",
+			Advanced:  true,
+			Sensitive: true,
+		}, {
+			Name:      "msi_client_id",
+			Help:      "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_object_id or msi_mi_res_id specified.",
+			Advanced:  true,
+			Sensitive: true,
+		}, {
+			Name:      "msi_mi_res_id",
+			Help:      "Azure resource ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_object_id specified.",
+			Advanced:  true,
+			Sensitive: true,
+		}, {
+			Name:     "endpoint",
+			Help:     "Endpoint for the service.\n\nLeave blank normally.",
+			Advanced: true,
+		}, {
+			Name: "chunk_size",
+			Help: `Upload chunk size.
+
+Note that this is stored in memory and there may be up to
+"--transfers" * "--azurefile-upload-concurrency" chunks stored at once
+in memory.`,
+			Default:  defaultChunkSize,
+			Advanced: true,
+		}, {
+			Name: "upload_concurrency",
+			Help: `Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+If you are uploading small numbers of large files over high-speed
+links and these uploads do not fully utilize your bandwidth, then
+increasing this may help to speed up the transfers.
+
+Note that chunks are stored in memory and there may be up to
+"--transfers" * "--azurefile-upload-concurrency" chunks stored at once
+in memory.`,
+			Default:  16,
+			Advanced: true,
+		}, {
+			Name: "max_stream_size",
+			Help: strings.ReplaceAll(`Max size for streamed files.
+
+Azure files needs to know in advance how big the file will be. When
+rclone doesn't know it uses this value instead.
+
+This will be used when rclone is streaming data, the most common uses are:
+
+- Uploading files with |--vfs-cache-mode off| with |rclone mount|
+- Using |rclone rcat|
+- Copying files with unknown length
+
+You will need this much free space in the share as the file will be this size temporarily.
+`, "|", "`"),
+			Default:  10 * fs.Gibi,
+			Advanced: true,
+		}, {
+			Name:     config.ConfigEncoding,
+			Help:     config.ConfigEncodingHelp,
+			Advanced: true,
+			Default: (encoder.EncodeDoubleQuote |
+				encoder.EncodeBackSlash |
+				encoder.EncodeSlash |
+				encoder.EncodeColon |
+				encoder.EncodePipe |
+				encoder.EncodeLtGt |
+				encoder.EncodeAsterisk |
+				encoder.EncodeQuestion |
+				encoder.EncodeInvalidUtf8 |
+				encoder.EncodeCtl | encoder.EncodeDel |
+				encoder.EncodeDot | encoder.EncodeRightPeriod),
+		}},
+	})
+}
+
+// Options defines the configuration for this backend
+type Options struct {
+	Account                    string               `config:"account"`
+	ShareName                  string               `config:"share_name"`
+	EnvAuth                    bool                 `config:"env_auth"`
+	Key                        string               `config:"key"`
+	SASURL                     string               `config:"sas_url"`
+	ConnectionString           string               `config:"connection_string"`
+	Tenant                     string               `config:"tenant"`
+	ClientID                   string               `config:"client_id"`
+	ClientSecret               string               `config:"client_secret"`
+	ClientCertificatePath      string               `config:"client_certificate_path"`
+	ClientCertificatePassword  string               `config:"client_certificate_password"`
+	ClientSendCertificateChain bool                 `config:"client_send_certificate_chain"`
+	Username                   string               `config:"username"`
+	Password                   string               `config:"password"`
+	ServicePrincipalFile       string               `config:"service_principal_file"`
+	UseMSI                     bool                 `config:"use_msi"`
+	MSIObjectID                string               `config:"msi_object_id"`
+	MSIClientID                string               `config:"msi_client_id"`
+	MSIResourceID              string               `config:"msi_mi_res_id"`
+	Endpoint                   string               `config:"endpoint"`
+	ChunkSize                  fs.SizeSuffix        `config:"chunk_size"`
+	MaxStreamSize              fs.SizeSuffix        `config:"max_stream_size"`
+	UploadConcurrency          int                  `config:"upload_concurrency"`
+	Enc                        encoder.MultiEncoder `config:"encoding"`
+}
+
+// Fs represents a root directory inside a share. The root directory can be ""
+type Fs struct {
+	name        string            // name of this remote
+	root        string            // the path we are working on if any
+	opt         Options           // parsed config options
+	features    *fs.Features      // optional features
+	shareClient *share.Client     // a client for the share itself
+	svc         *directory.Client // the root service
+}
+
+// Object describes a Azure File Share File
+type Object struct {
+	fs          *Fs       // what this object is part of
+	remote      string    // The remote path
+	size        int64     // Size of the object
+	md5         []byte    // MD5 hash if known
+	modTime     time.Time // The modified time of the object if known
+	contentType string    // content type if known
+}
+
+// Wrap the http.Transport to satisfy the Transporter interface
+type transporter struct {
+	http.RoundTripper
+}
+
+// Make a new transporter
+func newTransporter(ctx context.Context) transporter {
+	return transporter{
+		RoundTripper: fshttp.NewTransport(ctx),
+	}
+}
+
+// Do sends the HTTP request and returns the HTTP response or error.
+func (tr transporter) Do(req *http.Request) (*http.Response, error) {
+	return tr.RoundTripper.RoundTrip(req)
+}
+
+type servicePrincipalCredentials struct {
+	AppID    string `json:"appId"`
+	Password string `json:"password"`
+	Tenant   string `json:"tenant"`
+}
+
+// parseServicePrincipalCredentials unmarshals a service principal credentials JSON file as generated by az cli.
+func parseServicePrincipalCredentials(ctx context.Context, credentialsData []byte) (*servicePrincipalCredentials, error) {
+	var spCredentials servicePrincipalCredentials
+	if err := json.Unmarshal(credentialsData, &spCredentials); err != nil {
+		return nil, fmt.Errorf("error parsing credentials from JSON file: %w", err)
+	}
+	// TODO: support certificate credentials
+	// Validate all fields present
+	if spCredentials.AppID == "" || spCredentials.Password == "" || spCredentials.Tenant == "" {
+		return nil, fmt.Errorf("missing fields in credentials file")
+	}
+	return &spCredentials, nil
+}
+
+// Factored out from NewFs so that it can be tested with opt *Options and without m configmap.Mapper
+func newFsFromOptions(ctx context.Context, name, root string, opt *Options) (fs.Fs, error) {
+	// Client options specifying our own transport
+	policyClientOptions := policy.ClientOptions{
+		Transport: newTransporter(ctx),
+	}
+	clientOpt := service.ClientOptions{
+		ClientOptions: policyClientOptions,
+	}
+
+	// Here we auth by setting one of cred, sharedKeyCred or f.client
+	var (
+		cred          azcore.TokenCredential
+		sharedKeyCred *service.SharedKeyCredential
+		client        *service.Client
+		err           error
+	)
+	switch {
+	case opt.EnvAuth:
+		// Read account from environment if needed
+		if opt.Account == "" {
+			opt.Account, _ = os.LookupEnv("AZURE_STORAGE_ACCOUNT_NAME")
+		}
+		// Read credentials from the environment
+		options := azidentity.DefaultAzureCredentialOptions{
+			ClientOptions: policyClientOptions,
+		}
+		cred, err = azidentity.NewDefaultAzureCredential(&options)
+		if err != nil {
+			return nil, fmt.Errorf("create azure environment credential failed: %w", err)
+		}
+	case opt.Account != "" && opt.Key != "":
+		sharedKeyCred, err = service.NewSharedKeyCredential(opt.Account, opt.Key)
+		if err != nil {
+			return nil, fmt.Errorf("create new shared key credential failed: %w", err)
+		}
+	case opt.SASURL != "":
+		client, err = service.NewClientWithNoCredential(opt.SASURL, &clientOpt)
+		if err != nil {
+			return nil, fmt.Errorf("unable to create SAS URL client: %w", err)
+		}
+	case opt.ConnectionString != "":
+		client, err = service.NewClientFromConnectionString(opt.ConnectionString, &clientOpt)
+		if err != nil {
+			return nil, fmt.Errorf("unable to create connection string client: %w", err)
+		}
+	case opt.ClientID != "" && opt.Tenant != "" && opt.ClientSecret != "":
+		// Service principal with client secret
+		options := azidentity.ClientSecretCredentialOptions{
+			ClientOptions: policyClientOptions,
+		}
+		cred, err = azidentity.NewClientSecretCredential(opt.Tenant, opt.ClientID, opt.ClientSecret, &options)
+		if err != nil {
+			return nil, fmt.Errorf("error creating a client secret credential: %w", err)
+		}
+	case opt.ClientID != "" && opt.Tenant != "" && opt.ClientCertificatePath != "":
+		// Service principal with certificate
+		//
+		// Read the certificate
+		data, err := os.ReadFile(env.ShellExpand(opt.ClientCertificatePath))
+		if err != nil {
+			return nil, fmt.Errorf("error reading client certificate file: %w", err)
+		}
+		// NewClientCertificateCredential requires at least one *x509.Certificate, and a
+		// crypto.PrivateKey.
+		//
+		// ParseCertificates returns these given certificate data in PEM or PKCS12 format.
+		// It handles common scenarios but has limitations, for example it doesn't load PEM
+		// encrypted private keys.
+		var password []byte
+		if opt.ClientCertificatePassword != "" {
+			pw, err := obscure.Reveal(opt.Password)
+			if err != nil {
+				return nil, fmt.Errorf("certificate password decode failed - did you obscure it?: %w", err)
+			}
+			password = []byte(pw)
+		}
+		certs, key, err := azidentity.ParseCertificates(data, password)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse client certificate file: %w", err)
+		}
+		options := azidentity.ClientCertificateCredentialOptions{
+			ClientOptions:        policyClientOptions,
+			SendCertificateChain: opt.ClientSendCertificateChain,
+		}
+		cred, err = azidentity.NewClientCertificateCredential(
+			opt.Tenant, opt.ClientID, certs, key, &options,
+		)
+		if err != nil {
+			return nil, fmt.Errorf("create azure service principal with client certificate credential failed: %w", err)
+		}
+	case opt.ClientID != "" && opt.Tenant != "" && opt.Username != "" && opt.Password != "":
+		// User with username and password
+		options := azidentity.UsernamePasswordCredentialOptions{
+			ClientOptions: policyClientOptions,
+		}
+		password, err := obscure.Reveal(opt.Password)
+		if err != nil {
+			return nil, fmt.Errorf("user password decode failed - did you obscure it?: %w", err)
+		}
+		cred, err = azidentity.NewUsernamePasswordCredential(
+			opt.Tenant, opt.ClientID, opt.Username, password, &options,
+		)
+		if err != nil {
+			return nil, fmt.Errorf("authenticate user with password failed: %w", err)
+		}
+	case opt.ServicePrincipalFile != "":
+		// Loading service principal credentials from file.
+		loadedCreds, err := os.ReadFile(env.ShellExpand(opt.ServicePrincipalFile))
+		if err != nil {
+			return nil, fmt.Errorf("error opening service principal credentials file: %w", err)
+		}
+		parsedCreds, err := parseServicePrincipalCredentials(ctx, loadedCreds)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing service principal credentials file: %w", err)
+		}
+		options := azidentity.ClientSecretCredentialOptions{
+			ClientOptions: policyClientOptions,
+		}
+		cred, err = azidentity.NewClientSecretCredential(parsedCreds.Tenant, parsedCreds.AppID, parsedCreds.Password, &options)
+		if err != nil {
+			return nil, fmt.Errorf("error creating a client secret credential: %w", err)
+		}
+	case opt.UseMSI:
+		// Specifying a user-assigned identity. Exactly one of the above IDs must be specified.
+		// Validate and ensure exactly one is set. (To do: better validation.)
+		var b2i = map[bool]int{false: 0, true: 1}
+		set := b2i[opt.MSIClientID != ""] + b2i[opt.MSIObjectID != ""] + b2i[opt.MSIResourceID != ""]
+		if set > 1 {
+			return nil, errors.New("more than one user-assigned identity ID is set")
+		}
+		var options azidentity.ManagedIdentityCredentialOptions
+		switch {
+		case opt.MSIClientID != "":
+			options.ID = azidentity.ClientID(opt.MSIClientID)
+		case opt.MSIObjectID != "":
+			// FIXME this doesn't appear to be in the new SDK?
+			return nil, fmt.Errorf("MSI object ID is currently unsupported")
+		case opt.MSIResourceID != "":
+			options.ID = azidentity.ResourceID(opt.MSIResourceID)
+		}
+		cred, err = azidentity.NewManagedIdentityCredential(&options)
+		if err != nil {
+			return nil, fmt.Errorf("failed to acquire MSI token: %w", err)
+		}
+	default:
+		return nil, errors.New("no authentication method configured")
+	}
+
+	// Make the client if not already created
+	if client == nil {
+		// Work out what the endpoint is if it is still unset
+		if opt.Endpoint == "" {
+			if opt.Account == "" {
+				return nil, fmt.Errorf("account must be set: can't make service URL")
+			}
+			u, err := url.Parse(fmt.Sprintf("https://%s.%s", opt.Account, storageDefaultBaseURL))
+			if err != nil {
+				return nil, fmt.Errorf("failed to make azure storage URL from account: %w", err)
+			}
+			opt.Endpoint = u.String()
+		}
+		if sharedKeyCred != nil {
+			// Shared key cred
+			client, err = service.NewClientWithSharedKeyCredential(opt.Endpoint, sharedKeyCred, &clientOpt)
+			if err != nil {
+				return nil, fmt.Errorf("create client with shared key failed: %w", err)
+			}
+		} else if cred != nil {
+			// Azidentity cred
+			client, err = service.NewClient(opt.Endpoint, cred, &clientOpt)
+			if err != nil {
+				return nil, fmt.Errorf("create client failed: %w", err)
+			}
+		}
+	}
+	if client == nil {
+		return nil, fmt.Errorf("internal error: auth failed to make credentials or client")
+	}
+
+	shareClient := client.NewShareClient(opt.ShareName)
+	svc := shareClient.NewRootDirectoryClient()
+	f := &Fs{
+		shareClient: shareClient,
+		svc:         svc,
+		name:        name,
+		root:        root,
+		opt:         *opt,
+	}
+	f.features = (&fs.Features{
+		CanHaveEmptyDirectories: true,
+		PartialUploads:          true, // files are visible as they are being uploaded
+		CaseInsensitive:         true,
+		SlowHash:                true, // calling Hash() generally takes an extra transaction
+		ReadMimeType:            true,
+		WriteMimeType:           true,
+	}).Fill(ctx, f)
+
+	// Check whether a file exists at this location
+	_, propsErr := f.fileClient("").GetProperties(ctx, nil)
+	if propsErr == nil {
+		f.root = path.Dir(root)
+		return f, fs.ErrorIsFile
+	}
+
+	return f, nil
+}
+
+// NewFs constructs an Fs from the root
+func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error) {
+	opt := new(Options)
+	err := configstruct.Set(m, opt)
+	if err != nil {
+		return nil, err
+	}
+	return newFsFromOptions(ctx, name, root, opt)
+}
+
+// ------------------------------------------------------------
+
+// Name of the remote (as passed into NewFs)
+func (f *Fs) Name() string {
+	return f.name
+}
+
+// Root of the remote (as passed into NewFs)
+func (f *Fs) Root() string {
+	return f.root
+}
+
+// String converts this Fs to a string
+func (f *Fs) String() string {
+	return fmt.Sprintf("azurefiles root '%s'", f.root)
+}
+
+// Features returns the optional features of this Fs
+func (f *Fs) Features() *fs.Features {
+	return f.features
+}
+
+// Precision return the precision of this Fs
+//
+// One second. FileREST API times are in RFC1123 which in the example shows a precision of seconds
+// Source: https://learn.microsoft.com/en-us/rest/api/storageservices/representation-of-date-time-values-in-headers
+func (f *Fs) Precision() time.Duration {
+	return time.Second
+}
+
+// Hashes returns the supported hash sets.
+//
+// MD5: since it is listed as header in the response for file properties
+// Source: https://learn.microsoft.com/en-us/rest/api/storageservices/get-file-properties
+func (f *Fs) Hashes() hash.Set {
+	return hash.NewHashSet(hash.MD5)
+}
+
+// Encode remote and turn it into an absolute path in the share
+func (f *Fs) absPath(remote string) string {
+	return f.opt.Enc.FromStandardPath(path.Join(f.root, remote))
+}
+
+// Make a directory client from the dir
+func (f *Fs) dirClient(dir string) *directory.Client {
+	return f.svc.NewSubdirectoryClient(f.absPath(dir))
+}
+
+// Make a file client from the remote
+func (f *Fs) fileClient(remote string) *file.Client {
+	return f.svc.NewFileClient(f.absPath(remote))
+}
+
+// NewObject finds the Object at remote.  If it can't be found
+// it returns the error fs.ErrorObjectNotFound.
+//
+// Does not return ErrorIsDir when a directory exists instead of file. since the documentation
+// for [rclone.fs.Fs.NewObject] rqeuires no extra work to determine whether it is directory
+//
+// This initiates a network request and returns an error if object is not found.
+func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
+	resp, err := f.fileClient(remote).GetProperties(ctx, nil)
+	if fileerror.HasCode(err, fileerror.ParentNotFound, fileerror.ResourceNotFound) {
+		return nil, fs.ErrorObjectNotFound
+	} else if err != nil {
+		return nil, fmt.Errorf("unable to find object remote %q: %w", remote, err)
+	}
+
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+	o.setMetadata(&resp)
+	return o, nil
+}
+
+// Make a directory using the absolute path from the root of the share
+//
+// This recursiely creating parent directories all the way to the root
+// of the share.
+func (f *Fs) absMkdir(ctx context.Context, absPath string) error {
+	if absPath == "" {
+		return nil
+	}
+	dirClient := f.svc.NewSubdirectoryClient(absPath)
+
+	// now := time.Now()
+	// smbProps := &file.SMBProperties{
+	// 	LastWriteTime: &now,
+	// }
+	// dirCreateOptions := &directory.CreateOptions{
+	// 	FileSMBProperties: smbProps,
+	// }
+
+	_, createDirErr := dirClient.Create(ctx, nil)
+	if fileerror.HasCode(createDirErr, fileerror.ParentNotFound) {
+		parentDir := path.Dir(absPath)
+		if parentDir == absPath {
+			return fmt.Errorf("internal error: infinite recursion since parent and remote are equal")
+		}
+		makeParentErr := f.absMkdir(ctx, parentDir)
+		if makeParentErr != nil {
+			return fmt.Errorf("could not make parent of %q: %w", absPath, makeParentErr)
+		}
+		return f.absMkdir(ctx, absPath)
+	} else if fileerror.HasCode(createDirErr, fileerror.ResourceAlreadyExists) {
+		return nil
+	} else if createDirErr != nil {
+		return fmt.Errorf("unable to MkDir: %w", createDirErr)
+	}
+	return nil
+}
+
+// Mkdir creates nested directories
+func (f *Fs) Mkdir(ctx context.Context, remote string) error {
+	return f.absMkdir(ctx, f.absPath(remote))
+}
+
+// Make the parent directory of remote
+func (f *Fs) mkParentDir(ctx context.Context, remote string) error {
+	// Can't make the parent of root
+	if remote == "" {
+		return nil
+	}
+	return f.Mkdir(ctx, path.Dir(remote))
+}
+
+// Rmdir deletes the root folder
+//
+// Returns an error if it isn't empty
+func (f *Fs) Rmdir(ctx context.Context, dir string) error {
+	dirClient := f.dirClient(dir)
+	_, err := dirClient.Delete(ctx, nil)
+	if err != nil {
+		if fileerror.HasCode(err, fileerror.DirectoryNotEmpty) {
+			return fs.ErrorDirectoryNotEmpty
+		} else if fileerror.HasCode(err, fileerror.ResourceNotFound) {
+			return fs.ErrorDirNotFound
+		}
+		return fmt.Errorf("could not rmdir dir %q: %w", dir, err)
+	}
+	return nil
+}
+
+// Put the object
+//
+// Copies the reader in to the new object. This new object is returned.
+//
+// The new object may have been created if an error is returned
+func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	// Temporary Object under construction
+	fs := &Object{
+		fs:     f,
+		remote: src.Remote(),
+	}
+	return fs, fs.Update(ctx, in, src, options...)
+}
+
+// PutStream uploads to the remote path with the modTime given of indeterminate size
+func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	return f.Put(ctx, in, src, options...)
+}
+
+// List the objects and directories in dir into entries. The entries can be
+// returned in any order but should be for a complete directory.
+//
+// dir should be "" to list the root, and should not have trailing slashes.
+//
+// This should return ErrDirNotFound if the directory isn't found.
+func (f *Fs) List(ctx context.Context, dir string) (fs.DirEntries, error) {
+	var entries fs.DirEntries
+	subDirClient := f.dirClient(dir)
+
+	// Checking whether directory exists
+	_, err := subDirClient.GetProperties(ctx, nil)
+	if fileerror.HasCode(err, fileerror.ParentNotFound, fileerror.ResourceNotFound) {
+		return entries, fs.ErrorDirNotFound
+	} else if err != nil {
+		return entries, err
+	}
+
+	var opt = &directory.ListFilesAndDirectoriesOptions{
+		Include: directory.ListFilesInclude{
+			Timestamps: true,
+		},
+	}
+	pager := subDirClient.NewListFilesAndDirectoriesPager(opt)
+	for pager.More() {
+		resp, err := pager.NextPage(ctx)
+		if err != nil {
+			return entries, err
+		}
+		for _, directory := range resp.Segment.Directories {
+			// Name          *string `xml:"Name"`
+			// Attributes    *string `xml:"Attributes"`
+			// ID            *string `xml:"FileId"`
+			// PermissionKey *string `xml:"PermissionKey"`
+			// Properties.ContentLength  *int64       `xml:"Content-Length"`
+			// Properties.ChangeTime     *time.Time   `xml:"ChangeTime"`
+			// Properties.CreationTime   *time.Time   `xml:"CreationTime"`
+			// Properties.ETag           *azcore.ETag `xml:"Etag"`
+			// Properties.LastAccessTime *time.Time   `xml:"LastAccessTime"`
+			// Properties.LastModified   *time.Time   `xml:"Last-Modified"`
+			// Properties.LastWriteTime  *time.Time   `xml:"LastWriteTime"`
+			var modTime time.Time
+			if directory.Properties.LastWriteTime != nil {
+				modTime = *directory.Properties.LastWriteTime
+			}
+			leaf := f.opt.Enc.ToStandardPath(*directory.Name)
+			entry := fs.NewDir(path.Join(dir, leaf), modTime)
+			if directory.ID != nil {
+				entry.SetID(*directory.ID)
+			}
+			if directory.Properties.ContentLength != nil {
+				entry.SetSize(*directory.Properties.ContentLength)
+			}
+			entries = append(entries, entry)
+		}
+		for _, file := range resp.Segment.Files {
+			leaf := f.opt.Enc.ToStandardPath(*file.Name)
+			entry := &Object{
+				fs:     f,
+				remote: path.Join(dir, leaf),
+			}
+			if file.Properties.ContentLength != nil {
+				entry.size = *file.Properties.ContentLength
+			}
+			if file.Properties.LastWriteTime != nil {
+				entry.modTime = *file.Properties.LastWriteTime
+			}
+			entries = append(entries, entry)
+		}
+	}
+	return entries, nil
+}
+
+// ------------------------------------------------------------
+
+// Fs returns the parent Fs
+func (o *Object) Fs() fs.Info {
+	return o.fs
+}
+
+// Size of object in bytes
+func (o *Object) Size() int64 {
+	return o.size
+}
+
+// Return a string version
+func (o *Object) String() string {
+	if o == nil {
+		return "<nil>"
+	}
+	return o.remote
+}
+
+// Remote returns the remote path
+func (o *Object) Remote() string {
+	return o.remote
+}
+
+// fileClient makes a specialized client for this object
+func (o *Object) fileClient() *file.Client {
+	return o.fs.fileClient(o.remote)
+}
+
+// set the metadata from file.GetPropertiesResponse
+func (o *Object) setMetadata(resp *file.GetPropertiesResponse) {
+	if resp.ContentLength != nil {
+		o.size = *resp.ContentLength
+	}
+	o.md5 = resp.ContentMD5
+	if resp.FileLastWriteTime != nil {
+		o.modTime = *resp.FileLastWriteTime
+	}
+	if resp.ContentType != nil {
+		o.contentType = *resp.ContentType
+	}
+}
+
+// readMetaData gets the metadata if it hasn't already been fetched
+func (o *Object) getMetadata(ctx context.Context) error {
+	resp, err := o.fileClient().GetProperties(ctx, nil)
+	if err != nil {
+		return fmt.Errorf("failed to fetch properties: %w", err)
+	}
+	o.setMetadata(&resp)
+	return nil
+}
+
+// Hash returns the MD5 of an object returning a lowercase hex string
+//
+// May make a network request becaue the [fs.List] method does not
+// return MD5 hashes for DirEntry
+func (o *Object) Hash(ctx context.Context, ty hash.Type) (string, error) {
+	if ty != hash.MD5 {
+		return "", hash.ErrUnsupported
+	}
+	if len(o.md5) == 0 {
+		err := o.getMetadata(ctx)
+		if err != nil {
+			return "", err
+		}
+	}
+	return hex.EncodeToString(o.md5), nil
+}
+
+// MimeType returns the content type of the Object if
+// known, or "" if not
+func (o *Object) MimeType(ctx context.Context) string {
+	if o.contentType == "" {
+		err := o.getMetadata(ctx)
+		if err != nil {
+			fs.Errorf(o, "Failed to fetch Content-Type")
+		}
+	}
+	return o.contentType
+}
+
+// Storable returns a boolean showing whether this object storable
+func (o *Object) Storable() bool {
+	return true
+}
+
+// ModTime returns the modification time of the object
+//
+// Returns time.Now() if not present
+func (o *Object) ModTime(ctx context.Context) time.Time {
+	if o.modTime.IsZero() {
+		return time.Now()
+	}
+	return o.modTime
+}
+
+// SetModTime sets the modification time
+func (o *Object) SetModTime(ctx context.Context, t time.Time) error {
+	opt := file.SetHTTPHeadersOptions{
+		SMBProperties: &file.SMBProperties{
+			LastWriteTime: &t,
+		},
+	}
+	_, err := o.fileClient().SetHTTPHeaders(ctx, &opt)
+	if err != nil {
+		return fmt.Errorf("unable to set modTime: %w", err)
+	}
+	o.modTime = t
+	return nil
+}
+
+// Remove an object
+func (o *Object) Remove(ctx context.Context) error {
+	if _, err := o.fileClient().Delete(ctx, nil); err != nil {
+		return fmt.Errorf("unable to delete remote %q: %w", o.remote, err)
+	}
+	return nil
+}
+
+// Open an object for read
+func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadCloser, error) {
+	// Offset and Count for range download
+	var offset int64
+	var count int64
+	fs.FixRangeOption(options, o.size)
+	for _, option := range options {
+		switch x := option.(type) {
+		case *fs.RangeOption:
+			offset, count = x.Decode(o.size)
+			if count < 0 {
+				count = o.size - offset
+			}
+		case *fs.SeekOption:
+			offset = x.Offset
+		default:
+			if option.Mandatory() {
+				fs.Logf(o, "Unsupported mandatory option: %v", option)
+			}
+		}
+	}
+	opt := file.DownloadStreamOptions{
+		Range: file.HTTPRange{
+			Offset: offset,
+			Count:  count,
+		},
+	}
+	resp, err := o.fileClient().DownloadStream(ctx, &opt)
+	if err != nil {
+		return nil, fmt.Errorf("could not open remote %q: %w", o.remote, err)
+	}
+	return resp.Body, nil
+}
+
+// Returns a pointer to t - useful for returning pointers to constants
+func ptr[T any](t T) *T {
+	return &t
+}
+
+var warnStreamUpload sync.Once
+
+// Update the object with the contents of the io.Reader, modTime, size and MD5 hash
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
+	var (
+		size           = src.Size()
+		sizeUnknown    = false
+		hashUnknown    = true
+		fc             = o.fileClient()
+		isNewlyCreated = o.modTime.IsZero()
+		counter        *readers.CountingReader
+		md5Hash        []byte
+		hasher         = md5.New()
+	)
+
+	if size > int64(maxFileSize) {
+		return fmt.Errorf("update: max supported file size is %vB. provided size is %vB", maxFileSize, fs.SizeSuffix(size))
+	} else if size < 0 {
+		size = int64(o.fs.opt.MaxStreamSize)
+		sizeUnknown = true
+		warnStreamUpload.Do(func() {
+			fs.Logf(o.fs, "Streaming uploads will have maximum file size of %v - adjust with --azurefiles-max-stream-size", o.fs.opt.MaxStreamSize)
+		})
+	}
+
+	if isNewlyCreated {
+		// Make parent directory
+		if mkDirErr := o.fs.mkParentDir(ctx, src.Remote()); mkDirErr != nil {
+			return fmt.Errorf("update: unable to make parent directories: %w", mkDirErr)
+		}
+		// Create the file at the size given
+		if _, createErr := fc.Create(ctx, size, nil); createErr != nil {
+			return fmt.Errorf("update: unable to create file: %w", createErr)
+		}
+	} else {
+		// Resize the file if needed
+		if size != o.Size() {
+			if _, resizeErr := fc.Resize(ctx, size, nil); resizeErr != nil {
+				return fmt.Errorf("update: unable to resize while trying to update: %w ", resizeErr)
+			}
+		}
+	}
+
+	// Measure the size if it is unknown
+	if sizeUnknown {
+		counter = readers.NewCountingReader(in)
+		in = counter
+	}
+
+	// Check we have a source MD5 hash...
+	if hashStr, err := src.Hash(ctx, hash.MD5); err == nil && hashStr != "" {
+		md5Hash, err = hex.DecodeString(hashStr)
+		if err == nil {
+			hashUnknown = false
+		} else {
+			fs.Errorf(o, "internal error: decoding hex encoded md5 %q: %v", hashStr, err)
+		}
+	}
+
+	// ...if not calculate one
+	if hashUnknown {
+		in = io.TeeReader(in, hasher)
+	}
+
+	// Upload the file
+	opt := file.UploadStreamOptions{
+		ChunkSize:   int64(o.fs.opt.ChunkSize),
+		Concurrency: o.fs.opt.UploadConcurrency,
+	}
+	if err := fc.UploadStream(ctx, in, &opt); err != nil {
+		// Remove partially uploaded file on error
+		if isNewlyCreated {
+			if _, delErr := fc.Delete(ctx, nil); delErr != nil {
+				fs.Errorf(o, "failed to delete partially uploaded file: %v", delErr)
+			}
+		}
+		return fmt.Errorf("update: failed to upload stream: %w", err)
+	}
+
+	if sizeUnknown {
+		// Read the uploaded size - the file will be truncated to that size by updateSizeHashModTime
+		size = int64(counter.BytesRead())
+	}
+	if hashUnknown {
+		md5Hash = hasher.Sum(nil)
+	}
+
+	// Update the properties
+	modTime := src.ModTime(ctx)
+	contentType := fs.MimeType(ctx, src)
+	httpHeaders := file.HTTPHeaders{
+		ContentMD5:  md5Hash,
+		ContentType: &contentType,
+	}
+	// Apply upload options (also allows one to overwrite content-type)
+	for _, option := range options {
+		key, value := option.Header()
+		lowerKey := strings.ToLower(key)
+		switch lowerKey {
+		case "cache-control":
+			httpHeaders.CacheControl = &value
+		case "content-disposition":
+			httpHeaders.ContentDisposition = &value
+		case "content-encoding":
+			httpHeaders.ContentEncoding = &value
+		case "content-language":
+			httpHeaders.ContentLanguage = &value
+		case "content-type":
+			httpHeaders.ContentType = &value
+		}
+	}
+	_, err = fc.SetHTTPHeaders(ctx, &file.SetHTTPHeadersOptions{
+		FileContentLength: &size,
+		SMBProperties: &file.SMBProperties{
+			LastWriteTime: &modTime,
+		},
+		HTTPHeaders: &httpHeaders,
+	})
+	if err != nil {
+		return fmt.Errorf("update: failed to set properties: %w", err)
+	}
+
+	// Make sure Object is in sync
+	o.size = size
+	o.md5 = md5Hash
+	o.modTime = modTime
+	o.contentType = contentType
+	return nil
+}
+
+// Move src to this remote using server-side move operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantMove
+func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't move - not same remote type")
+		return nil, fs.ErrorCantMove
+	}
+	err := f.mkParentDir(ctx, remote)
+	if err != nil {
+		return nil, fmt.Errorf("Move: mkParentDir failed: %w", err)
+	}
+	opt := file.RenameOptions{
+		IgnoreReadOnly:  ptr(true),
+		ReplaceIfExists: ptr(true),
+	}
+	dstAbsPath := f.absPath(remote)
+	fc := srcObj.fileClient()
+	_, err = fc.Rename(ctx, dstAbsPath, &opt)
+	if err != nil {
+		return nil, fmt.Errorf("Move: Rename failed: %w", err)
+	}
+	dstObj, err := f.NewObject(ctx, remote)
+	if err != nil {
+		return nil, fmt.Errorf("Move: NewObject failed: %w", err)
+	}
+	return dstObj, nil
+}
+
+// DirMove moves src, srcRemote to this remote at dstRemote
+// using server-side move operations.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantDirMove
+//
+// If destination exists then return fs.ErrorDirExists
+func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string) error {
+	dstFs := f
+	srcFs, ok := src.(*Fs)
+	if !ok {
+		fs.Debugf(srcFs, "Can't move directory - not same remote type")
+		return fs.ErrorCantDirMove
+	}
+
+	_, err := dstFs.dirClient(dstRemote).GetProperties(ctx, nil)
+	if err == nil {
+		return fs.ErrorDirExists
+	}
+	if !fileerror.HasCode(err, fileerror.ParentNotFound, fileerror.ResourceNotFound) {
+		return fmt.Errorf("DirMove: failed to get status of destination directory: %w", err)
+	}
+
+	err = dstFs.mkParentDir(ctx, dstRemote)
+	if err != nil {
+		return fmt.Errorf("DirMove: mkParentDir failed: %w", err)
+	}
+
+	opt := directory.RenameOptions{
+		IgnoreReadOnly:  ptr(false),
+		ReplaceIfExists: ptr(false),
+	}
+	dstAbsPath := dstFs.absPath(dstRemote)
+	dirClient := srcFs.dirClient(srcRemote)
+	_, err = dirClient.Rename(ctx, dstAbsPath, &opt)
+	if err != nil {
+		if fileerror.HasCode(err, fileerror.ResourceAlreadyExists) {
+			return fs.ErrorDirExists
+		}
+		return fmt.Errorf("DirMove: Rename failed: %w", err)
+	}
+	return nil
+}
+
+// Copy src to this remote using server-side copy operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantCopy
+func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't copy - not same remote type")
+		return nil, fs.ErrorCantCopy
+	}
+	err := f.mkParentDir(ctx, remote)
+	if err != nil {
+		return nil, fmt.Errorf("Copy: mkParentDir failed: %w", err)
+	}
+	opt := file.StartCopyFromURLOptions{
+		CopyFileSMBInfo: &file.CopyFileSMBInfo{
+			Attributes:         file.SourceCopyFileAttributes{},
+			ChangeTime:         file.SourceCopyFileChangeTime{},
+			CreationTime:       file.SourceCopyFileCreationTime{},
+			LastWriteTime:      file.SourceCopyFileLastWriteTime{},
+			PermissionCopyMode: ptr(file.PermissionCopyModeTypeSource),
+			IgnoreReadOnly:     ptr(true),
+		},
+	}
+	srcURL := srcObj.fileClient().URL()
+	fc := f.fileClient(remote)
+	_, err = fc.StartCopyFromURL(ctx, srcURL, &opt)
+	if err != nil {
+		return nil, fmt.Errorf("Copy failed: %w", err)
+	}
+	dstObj, err := f.NewObject(ctx, remote)
+	if err != nil {
+		return nil, fmt.Errorf("Copy: NewObject failed: %w", err)
+	}
+	return dstObj, nil
+}
+
+// Implementation of WriterAt
+type writerAt struct {
+	ctx  context.Context
+	f    *Fs
+	fc   *file.Client
+	mu   sync.Mutex // protects variables below
+	size int64
+}
+
+// Adaptor to add a Close method to bytes.Reader
+type bytesReaderCloser struct {
+	*bytes.Reader
+}
+
+// Close the bytesReaderCloser
+func (bytesReaderCloser) Close() error {
+	return nil
+}
+
+// WriteAt writes len(p) bytes from p to the underlying data stream
+// at offset off. It returns the number of bytes written from p (0 <= n <= len(p))
+// and any error encountered that caused the write to stop early.
+// WriteAt must return a non-nil error if it returns n < len(p).
+//
+// If WriteAt is writing to a destination with a seek offset,
+// WriteAt should not affect nor be affected by the underlying
+// seek offset.
+//
+// Clients of WriteAt can execute parallel WriteAt calls on the same
+// destination if the ranges do not overlap.
+//
+// Implementations must not retain p.
+func (w *writerAt) WriteAt(p []byte, off int64) (n int, err error) {
+	endOffset := off + int64(len(p))
+	w.mu.Lock()
+	if w.size < endOffset {
+		_, err = w.fc.Resize(w.ctx, endOffset, nil)
+		if err != nil {
+			w.mu.Unlock()
+			return 0, fmt.Errorf("WriteAt: failed to resize file: %w ", err)
+		}
+		w.size = endOffset
+	}
+	w.mu.Unlock()
+
+	in := bytesReaderCloser{bytes.NewReader(p)}
+	_, err = w.fc.UploadRange(w.ctx, off, in, nil)
+	if err != nil {
+		return 0, err
+	}
+	return len(p), nil
+}
+
+// Close the writer
+func (w *writerAt) Close() error {
+	// FIXME should we be doing something here?
+	return nil
+}
+
+// OpenWriterAt opens with a handle for random access writes
+//
+// Pass in the remote desired and the size if known.
+//
+// It truncates any existing object
+func (f *Fs) OpenWriterAt(ctx context.Context, remote string, size int64) (fs.WriterAtCloser, error) {
+	err := f.mkParentDir(ctx, remote)
+	if err != nil {
+		return nil, fmt.Errorf("OpenWriterAt: failed to create parent directory: %w", err)
+	}
+	fc := f.fileClient(remote)
+	if size < 0 {
+		size = 0
+	}
+	_, err = fc.Create(ctx, size, nil)
+	if err != nil {
+		return nil, fmt.Errorf("OpenWriterAt: unable to create file: %w", err)
+	}
+	w := &writerAt{
+		ctx:  ctx,
+		f:    f,
+		fc:   fc,
+		size: size,
+	}
+	return w, nil
+}
+
+// About gets quota information
+func (f *Fs) About(ctx context.Context) (*fs.Usage, error) {
+	stats, err := f.shareClient.GetStatistics(ctx, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read share statistics: %w", err)
+	}
+	usage := &fs.Usage{
+		Used: stats.ShareUsageBytes, // bytes in use
+	}
+	return usage, nil
+}
+
+// Check the interfaces are satisfied
+var (
+	_ fs.Fs             = &Fs{}
+	_ fs.PutStreamer    = &Fs{}
+	_ fs.Abouter        = &Fs{}
+	_ fs.Mover          = &Fs{}
+	_ fs.DirMover       = &Fs{}
+	_ fs.Copier         = &Fs{}
+	_ fs.OpenWriterAter = &Fs{}
+	_ fs.Object         = &Object{}
+	_ fs.MimeTyper      = &Object{}
+)
diff --git a/backend/azurefiles/azurefiles_internal_test.go b/backend/azurefiles/azurefiles_internal_test.go
new file mode 100644
index 0000000000000..b123ad73002c4
--- /dev/null
+++ b/backend/azurefiles/azurefiles_internal_test.go
@@ -0,0 +1,70 @@
+//go:build !plan9 && !js
+// +build !plan9,!js
+
+package azurefiles
+
+import (
+	"context"
+	"math/rand"
+	"strings"
+	"testing"
+
+	"github.com/rclone/rclone/fstest/fstests"
+	"github.com/stretchr/testify/assert"
+)
+
+func (f *Fs) InternalTest(t *testing.T) {
+	t.Run("Authentication", f.InternalTestAuth)
+}
+
+var _ fstests.InternalTester = (*Fs)(nil)
+
+func (f *Fs) InternalTestAuth(t *testing.T) {
+	t.Skip("skipping since this requires authentication credentials which are not part of repo")
+	shareName := "test-rclone-oct-2023"
+	testCases := []struct {
+		name    string
+		options *Options
+	}{
+		{
+			name: "ConnectionString",
+			options: &Options{
+				ShareName:        shareName,
+				ConnectionString: "",
+			},
+		},
+		{
+			name: "AccountAndKey",
+			options: &Options{
+				ShareName: shareName,
+				Account:   "",
+				Key:       "",
+			}},
+		{
+			name: "SASUrl",
+			options: &Options{
+				ShareName: shareName,
+				SASURL:    "",
+			}},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			fs, err := newFsFromOptions(context.TODO(), "TestAzureFiles", "", tc.options)
+			assert.NoError(t, err)
+			dirName := randomString(10)
+			assert.NoError(t, fs.Mkdir(context.TODO(), dirName))
+		})
+	}
+}
+
+const chars = "abcdefghijklmnopqrstuvwzyxABCDEFGHIJKLMNOPQRSTUVWZYX"
+
+func randomString(charCount int) string {
+	strBldr := strings.Builder{}
+	for i := 0; i < charCount; i++ {
+		randPos := rand.Int63n(52)
+		strBldr.WriteByte(chars[randPos])
+	}
+	return strBldr.String()
+}
diff --git a/backend/azurefiles/azurefiles_test.go b/backend/azurefiles/azurefiles_test.go
new file mode 100644
index 0000000000000..d8091fa499701
--- /dev/null
+++ b/backend/azurefiles/azurefiles_test.go
@@ -0,0 +1,18 @@
+//go:build !plan9 && !js
+// +build !plan9,!js
+
+package azurefiles
+
+import (
+	"testing"
+
+	"github.com/rclone/rclone/fstest/fstests"
+)
+
+func TestIntegration(t *testing.T) {
+	var objPtr *Object
+	fstests.Run(t, &fstests.Opt{
+		RemoteName: "TestAzureFiles:",
+		NilObject:  objPtr,
+	})
+}
diff --git a/backend/azurefiles/azurefiles_unsupported.go b/backend/azurefiles/azurefiles_unsupported.go
new file mode 100644
index 0000000000000..1674e8f201068
--- /dev/null
+++ b/backend/azurefiles/azurefiles_unsupported.go
@@ -0,0 +1,7 @@
+// Build for azurefiles for unsupported platforms to stop go complaining
+// about "no buildable Go source files "
+
+//go:build plan9 || js
+// +build plan9 js
+
+package azurefiles
diff --git a/backend/b2/api/types.go b/backend/b2/api/types.go
index 4d981d950daec..b2aa1a7fb6f90 100644
--- a/backend/b2/api/types.go
+++ b/backend/b2/api/types.go
@@ -33,10 +33,18 @@ var _ fserrors.Fataler = (*Error)(nil)
 
 // Bucket describes a B2 bucket
 type Bucket struct {
-	ID        string `json:"bucketId"`
-	AccountID string `json:"accountId"`
-	Name      string `json:"bucketName"`
-	Type      string `json:"bucketType"`
+	ID             string          `json:"bucketId"`
+	AccountID      string          `json:"accountId"`
+	Name           string          `json:"bucketName"`
+	Type           string          `json:"bucketType"`
+	LifecycleRules []LifecycleRule `json:"lifecycleRules,omitempty"`
+}
+
+// LifecycleRule is a single lifecycle rule
+type LifecycleRule struct {
+	DaysFromHidingToDeleting  *int   `json:"daysFromHidingToDeleting"`
+	DaysFromUploadingToHiding *int   `json:"daysFromUploadingToHiding"`
+	FileNamePrefix            string `json:"fileNamePrefix"`
 }
 
 // Timestamp is a UTC time when this file was uploaded. It is a base
@@ -206,9 +214,10 @@ type FileInfo struct {
 
 // CreateBucketRequest is used to create a bucket
 type CreateBucketRequest struct {
-	AccountID string `json:"accountId"`
-	Name      string `json:"bucketName"`
-	Type      string `json:"bucketType"`
+	AccountID      string          `json:"accountId"`
+	Name           string          `json:"bucketName"`
+	Type           string          `json:"bucketType"`
+	LifecycleRules []LifecycleRule `json:"lifecycleRules,omitempty"`
 }
 
 // DeleteBucketRequest is used to create a bucket
@@ -331,3 +340,11 @@ type CopyPartRequest struct {
 	PartNumber  int64  `json:"partNumber"`      // Which part this is (starting from 1)
 	Range       string `json:"range,omitempty"` // The range of bytes to copy. If not provided, the whole source file will be copied.
 }
+
+// UpdateBucketRequest describes a request to modify a B2 bucket
+type UpdateBucketRequest struct {
+	ID             string          `json:"bucketId"`
+	AccountID      string          `json:"accountId"`
+	Type           string          `json:"bucketType,omitempty"`
+	LifecycleRules []LifecycleRule `json:"lifecycleRules,omitempty"`
+}
diff --git a/backend/b2/b2.go b/backend/b2/b2.go
index aa0a80e7b66e5..778d856f187df 100644
--- a/backend/b2/b2.go
+++ b/backend/b2/b2.go
@@ -9,6 +9,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/sha1"
+	"encoding/json"
 	"errors"
 	"fmt"
 	gohash "hash"
@@ -32,6 +33,7 @@ import (
 	"github.com/rclone/rclone/fs/walk"
 	"github.com/rclone/rclone/lib/bucket"
 	"github.com/rclone/rclone/lib/encoder"
+	"github.com/rclone/rclone/lib/multipart"
 	"github.com/rclone/rclone/lib/pacer"
 	"github.com/rclone/rclone/lib/pool"
 	"github.com/rclone/rclone/lib/rest"
@@ -57,9 +59,7 @@ const (
 	minChunkSize        = 5 * fs.Mebi
 	defaultChunkSize    = 96 * fs.Mebi
 	defaultUploadCutoff = 200 * fs.Mebi
-	largeFileCopyCutoff = 4 * fs.Gibi              // 5E9 is the max
-	memoryPoolFlushTime = fs.Duration(time.Minute) // flush the cached buffers after this long
-	memoryPoolUseMmap   = false
+	largeFileCopyCutoff = 4 * fs.Gibi // 5E9 is the max
 )
 
 // Globals
@@ -74,14 +74,17 @@ func init() {
 		Name:        "b2",
 		Description: "Backblaze B2",
 		NewFs:       NewFs,
+		CommandHelp: commandHelp,
 		Options: []fs.Option{{
-			Name:     "account",
-			Help:     "Account ID or Application Key ID.",
-			Required: true,
+			Name:      "account",
+			Help:      "Account ID or Application Key ID.",
+			Required:  true,
+			Sensitive: true,
 		}, {
-			Name:     "key",
-			Help:     "Application Key.",
-			Required: true,
+			Name:      "key",
+			Help:      "Application Key.",
+			Required:  true,
+			Sensitive: true,
 		}, {
 			Name:     "endpoint",
 			Help:     "Endpoint for the service.\n\nLeave blank normally.",
@@ -147,6 +150,18 @@ might a maximum of "--transfers" chunks in progress at once.
 5,000,000 Bytes is the minimum size.`,
 			Default:  defaultChunkSize,
 			Advanced: true,
+		}, {
+			Name: "upload_concurrency",
+			Help: `Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+Note that chunks are stored in memory and there may be up to
+"--transfers" * "--b2-upload-concurrency" chunks stored at once
+in memory.`,
+			Default:  4,
+			Advanced: true,
 		}, {
 			Name: "disable_checksum",
 			Help: `Disable checksums for large (> upload cutoff) files.
@@ -186,16 +201,41 @@ The minimum value is 1 second. The maximum value is one week.`,
 			Advanced: true,
 		}, {
 			Name:     "memory_pool_flush_time",
-			Default:  memoryPoolFlushTime,
+			Default:  fs.Duration(time.Minute),
 			Advanced: true,
-			Help: `How often internal memory buffer pools will be flushed.
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.`,
+			Hide:     fs.OptionHideBoth,
+			Help:     `How often internal memory buffer pools will be flushed. (no longer used)`,
 		}, {
 			Name:     "memory_pool_use_mmap",
-			Default:  memoryPoolUseMmap,
+			Default:  false,
+			Advanced: true,
+			Hide:     fs.OptionHideBoth,
+			Help:     `Whether to use mmap buffers in internal memory pool. (no longer used)`,
+		}, {
+			Name: "lifecycle",
+			Help: `Set the number of days deleted files should be kept when creating a bucket.
+
+On bucket creation, this parameter is used to create a lifecycle rule
+for the entire bucket.
+
+If lifecycle is 0 (the default) it does not create a lifecycle rule so
+the default B2 behaviour applies. This is to create versions of files
+on delete and overwrite and to keep them indefinitely.
+
+If lifecycle is >0 then it creates a single rule setting the number of
+days before a file that is deleted or overwritten is deleted
+permanently. This is known as daysFromHidingToDeleting in the b2 docs.
+
+The minimum value for this parameter is 1 day.
+
+You can also enable hard_delete in the config also which will mean
+deletions won't cause versions but overwrites will still cause
+versions to be made.
+
+See: [rclone backend lifecycle](#lifecycle) for setting lifecycles after bucket creation.
+`,
+			Default:  0,
 			Advanced: true,
-			Help:     `Whether to use mmap buffers in internal memory pool.`,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -222,11 +262,11 @@ type Options struct {
 	UploadCutoff                  fs.SizeSuffix        `config:"upload_cutoff"`
 	CopyCutoff                    fs.SizeSuffix        `config:"copy_cutoff"`
 	ChunkSize                     fs.SizeSuffix        `config:"chunk_size"`
+	UploadConcurrency             int                  `config:"upload_concurrency"`
 	DisableCheckSum               bool                 `config:"disable_checksum"`
 	DownloadURL                   string               `config:"download_url"`
 	DownloadAuthorizationDuration fs.Duration          `config:"download_auth_duration"`
-	MemoryPoolFlushTime           fs.Duration          `config:"memory_pool_flush_time"`
-	MemoryPoolUseMmap             bool                 `config:"memory_pool_use_mmap"`
+	Lifecycle                     int                  `config:"lifecycle"`
 	Enc                           encoder.MultiEncoder `config:"encoding"`
 }
 
@@ -251,7 +291,6 @@ type Fs struct {
 	authMu          sync.Mutex                             // lock for authorizing the account
 	pacer           *fs.Pacer                              // To pace and retry the API calls
 	uploadToken     *pacer.TokenDispenser                  // control concurrency
-	pool            *pool.Pool                             // memory pool
 }
 
 // Object describes a b2 object
@@ -361,11 +400,18 @@ func (f *Fs) shouldRetry(ctx context.Context, resp *http.Response, err error) (b
 
 // errorHandler parses a non 2xx error response into an error
 func errorHandler(resp *http.Response) error {
-	// Decode error response
-	errResponse := new(api.Error)
-	err := rest.DecodeJSON(resp, &errResponse)
+	body, err := rest.ReadBody(resp)
 	if err != nil {
-		fs.Debugf(nil, "Couldn't decode error response: %v", err)
+		fs.Errorf(nil, "Couldn't read error out of body: %v", err)
+		body = nil
+	}
+	// Decode error response if there was one - they can be blank
+	errResponse := new(api.Error)
+	if len(body) > 0 {
+		err = json.Unmarshal(body, errResponse)
+		if err != nil {
+			fs.Errorf(nil, "Couldn't decode error response: %v", err)
+		}
 	}
 	if errResponse.Code == "" {
 		errResponse.Code = "unknown"
@@ -409,6 +455,14 @@ func (f *Fs) setUploadCutoff(cs fs.SizeSuffix) (old fs.SizeSuffix, err error) {
 	return
 }
 
+func (f *Fs) setCopyCutoff(cs fs.SizeSuffix) (old fs.SizeSuffix, err error) {
+	err = checkUploadChunkSize(cs)
+	if err == nil {
+		old, f.opt.CopyCutoff = f.opt.CopyCutoff, cs
+	}
+	return
+}
+
 // setRoot changes the root of the Fs
 func (f *Fs) setRoot(root string) {
 	f.root = parsePath(root)
@@ -456,19 +510,14 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		uploads:     make(map[string][]*api.GetUploadURLResponse),
 		pacer:       fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
 		uploadToken: pacer.NewTokenDispenser(ci.Transfers),
-		pool: pool.New(
-			time.Duration(opt.MemoryPoolFlushTime),
-			int(opt.ChunkSize),
-			ci.Transfers,
-			opt.MemoryPoolUseMmap,
-		),
 	}
 	f.setRoot(root)
 	f.features = (&fs.Features{
-		ReadMimeType:      true,
-		WriteMimeType:     true,
-		BucketBased:       true,
-		BucketBasedRootOK: true,
+		ReadMimeType:          true,
+		WriteMimeType:         true,
+		BucketBased:           true,
+		BucketBasedRootOK:     true,
+		ChunkWriterDoesntSeek: true,
 	}).Fill(ctx, f)
 	// Set the test flag if required
 	if opt.TestMode != "" {
@@ -595,23 +644,24 @@ func (f *Fs) clearUploadURL(bucketID string) {
 	f.uploadMu.Unlock()
 }
 
-// getBuf gets a buffer of f.opt.ChunkSize and an upload token
+// getRW gets a RW buffer and an upload token
 //
 // If noBuf is set then it just gets an upload token
-func (f *Fs) getBuf(noBuf bool) (buf []byte) {
+func (f *Fs) getRW(noBuf bool) (rw *pool.RW) {
 	f.uploadToken.Get()
 	if !noBuf {
-		buf = f.pool.Get()
+		rw = multipart.NewRW()
 	}
-	return buf
+	return rw
 }
 
-// putBuf returns a buffer to the memory pool and an upload token
+// putRW returns a RW buffer to the memory pool and returns an upload
+// token
 //
-// If noBuf is set then it just returns the upload token
-func (f *Fs) putBuf(buf []byte, noBuf bool) {
-	if !noBuf {
-		f.pool.Put(buf)
+// If buf is nil then it just returns the upload token
+func (f *Fs) putRW(rw *pool.RW) {
+	if rw != nil {
+		_ = rw.Close()
 	}
 	f.uploadToken.Put()
 }
@@ -818,7 +868,7 @@ func (f *Fs) listDir(ctx context.Context, bucket, directory, prefix string, addB
 
 // listBuckets returns all the buckets to out
 func (f *Fs) listBuckets(ctx context.Context) (entries fs.DirEntries, err error) {
-	err = f.listBucketsToFn(ctx, func(bucket *api.Bucket) error {
+	err = f.listBucketsToFn(ctx, "", func(bucket *api.Bucket) error {
 		d := fs.NewDir(bucket.Name, time.Time{})
 		entries = append(entries, d)
 		return nil
@@ -911,11 +961,14 @@ func (f *Fs) ListR(ctx context.Context, dir string, callback fs.ListRCallback) (
 type listBucketFn func(*api.Bucket) error
 
 // listBucketsToFn lists the buckets to the function supplied
-func (f *Fs) listBucketsToFn(ctx context.Context, fn listBucketFn) error {
+func (f *Fs) listBucketsToFn(ctx context.Context, bucketName string, fn listBucketFn) error {
 	var account = api.ListBucketsRequest{
 		AccountID: f.info.AccountID,
 		BucketID:  f.info.Allowed.BucketID,
 	}
+	if bucketName != "" && account.BucketID == "" {
+		account.BucketName = f.opt.Enc.FromStandardName(bucketName)
+	}
 
 	var response api.ListBucketsResponse
 	opts := rest.Opts{
@@ -961,7 +1014,7 @@ func (f *Fs) getbucketType(ctx context.Context, bucket string) (bucketType strin
 	if bucketType != "" {
 		return bucketType, nil
 	}
-	err = f.listBucketsToFn(ctx, func(bucket *api.Bucket) error {
+	err = f.listBucketsToFn(ctx, bucket, func(bucket *api.Bucket) error {
 		// listBucketsToFn reads bucket Types
 		return nil
 	})
@@ -996,7 +1049,7 @@ func (f *Fs) getBucketID(ctx context.Context, bucket string) (bucketID string, e
 	if bucketID != "" {
 		return bucketID, nil
 	}
-	err = f.listBucketsToFn(ctx, func(bucket *api.Bucket) error {
+	err = f.listBucketsToFn(ctx, bucket, func(bucket *api.Bucket) error {
 		// listBucketsToFn sets IDs
 		return nil
 	})
@@ -1060,6 +1113,11 @@ func (f *Fs) makeBucket(ctx context.Context, bucket string) error {
 			Name:      f.opt.Enc.FromStandardName(bucket),
 			Type:      "allPrivate",
 		}
+		if f.opt.Lifecycle > 0 {
+			request.LifecycleRules = []api.LifecycleRule{{
+				DaysFromHidingToDeleting: &f.opt.Lifecycle,
+			}}
+		}
 		var response api.Bucket
 		err := f.pacer.Call(func() (bool, error) {
 			resp, err := f.srv.CallJSON(ctx, &opts, &request, &response)
@@ -1280,7 +1338,7 @@ func (f *Fs) CleanUp(ctx context.Context) error {
 // If newInfo is nil then the metadata will be copied otherwise it
 // will be replaced with newInfo
 func (f *Fs) copy(ctx context.Context, dstObj *Object, srcObj *Object, newInfo *api.File) (err error) {
-	if srcObj.size >= int64(f.opt.CopyCutoff) {
+	if srcObj.size > int64(f.opt.CopyCutoff) {
 		if newInfo == nil {
 			newInfo, err = srcObj.getMetaData(ctx)
 			if err != nil {
@@ -1291,7 +1349,11 @@ func (f *Fs) copy(ctx context.Context, dstObj *Object, srcObj *Object, newInfo *
 		if err != nil {
 			return err
 		}
-		return up.Upload(ctx)
+		err = up.Copy(ctx)
+		if err != nil {
+			return err
+		}
+		return dstObj.decodeMetaDataFileInfo(up.info)
 	}
 
 	dstBucket, dstPath := dstObj.split()
@@ -1420,7 +1482,7 @@ func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration,
 	if err != nil {
 		return "", err
 	}
-	absPath := "/" + bucketPath
+	absPath := "/" + urlEncode(bucketPath)
 	link = RootURL + "/file/" + urlEncode(bucket) + absPath
 	bucketType, err := f.getbucketType(ctx, bucket)
 	if err != nil {
@@ -1859,11 +1921,11 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	if err != nil {
 		return err
 	}
-	if size == -1 {
+	if size < 0 {
 		// Check if the file is large enough for a chunked upload (needs to be at least two chunks)
-		buf := o.fs.getBuf(false)
+		rw := o.fs.getRW(false)
 
-		n, err := io.ReadFull(in, buf)
+		n, err := io.CopyN(rw, in, int64(o.fs.opt.ChunkSize))
 		if err == nil {
 			bufReader := bufio.NewReader(in)
 			in = bufReader
@@ -1874,26 +1936,34 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 			fs.Debugf(o, "File is big enough for chunked streaming")
 			up, err := o.fs.newLargeUpload(ctx, o, in, src, o.fs.opt.ChunkSize, false, nil)
 			if err != nil {
-				o.fs.putBuf(buf, false)
+				o.fs.putRW(rw)
 				return err
 			}
 			// NB Stream returns the buffer and token
-			return up.Stream(ctx, buf)
-		} else if err == io.EOF || err == io.ErrUnexpectedEOF {
+			err = up.Stream(ctx, rw)
+			if err != nil {
+				return err
+			}
+			return o.decodeMetaDataFileInfo(up.info)
+		} else if err == io.EOF {
 			fs.Debugf(o, "File has %d bytes, which makes only one chunk. Using direct upload.", n)
-			defer o.fs.putBuf(buf, false)
-			size = int64(n)
-			in = bytes.NewReader(buf[:n])
+			defer o.fs.putRW(rw)
+			size = n
+			in = rw
 		} else {
-			o.fs.putBuf(buf, false)
+			o.fs.putRW(rw)
 			return err
 		}
 	} else if size > int64(o.fs.opt.UploadCutoff) {
-		up, err := o.fs.newLargeUpload(ctx, o, in, src, o.fs.opt.ChunkSize, false, nil)
+		chunkWriter, err := multipart.UploadMultipart(ctx, src, in, multipart.UploadMultipartOptions{
+			Open:        o.fs,
+			OpenOptions: options,
+		})
 		if err != nil {
 			return err
 		}
-		return up.Upload(ctx)
+		up := chunkWriter.(*largeUpload)
+		return o.decodeMetaDataFileInfo(up.info)
 	}
 
 	modTime := src.ModTime(ctx)
@@ -2001,6 +2071,41 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	return o.decodeMetaDataFileInfo(&response)
 }
 
+// OpenChunkWriter returns the chunk size and a ChunkWriter
+//
+// Pass in the remote and the src object
+// You can also use options to hint at the desired chunk size
+func (f *Fs) OpenChunkWriter(ctx context.Context, remote string, src fs.ObjectInfo, options ...fs.OpenOption) (info fs.ChunkWriterInfo, writer fs.ChunkWriter, err error) {
+	// FIXME what if file is smaller than 1 chunk?
+	if f.opt.Versions {
+		return info, nil, errNotWithVersions
+	}
+	if f.opt.VersionAt.IsSet() {
+		return info, nil, errNotWithVersionAt
+	}
+	//size := src.Size()
+
+	// Temporary Object under construction
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+
+	bucket, _ := o.split()
+	err = f.makeBucket(ctx, bucket)
+	if err != nil {
+		return info, nil, err
+	}
+
+	info = fs.ChunkWriterInfo{
+		ChunkSize:   int64(f.opt.ChunkSize),
+		Concurrency: o.fs.opt.UploadConcurrency,
+		//LeavePartsOnError: o.fs.opt.LeavePartsOnError,
+	}
+	up, err := f.newLargeUpload(ctx, o, nil, src, f.opt.ChunkSize, false, nil)
+	return info, up, err
+}
+
 // Remove an object
 func (o *Object) Remove(ctx context.Context) error {
 	bucket, bucketPath := o.split()
@@ -2026,16 +2131,149 @@ func (o *Object) ID() string {
 	return o.id
 }
 
+var lifecycleHelp = fs.CommandHelp{
+	Name:  "lifecycle",
+	Short: "Read or set the lifecycle for a bucket",
+	Long: `This command can be used to read or set the lifecycle for a bucket.
+
+Usage Examples:
+
+To show the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket
+
+This will dump something like this showing the lifecycle rules.
+
+    [
+        {
+            "daysFromHidingToDeleting": 1,
+            "daysFromUploadingToHiding": null,
+            "fileNamePrefix": ""
+        }
+    ]
+
+If there are no lifecycle rules (the default) then it will just return [].
+
+To reset the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=30
+    rclone backend lifecycle b2:bucket -o daysFromUploadingToHiding=5 -o daysFromHidingToDeleting=1
+
+This will run and then print the new lifecycle rules as above.
+
+Rclone only lets you set lifecycles for the whole bucket with the
+fileNamePrefix = "".
+
+You can't disable versioning with B2. The best you can do is to set
+the daysFromHidingToDeleting to 1 day. You can enable hard_delete in
+the config also which will mean deletions won't cause versions but
+overwrites will still cause versions to be made.
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=1
+
+See: https://www.backblaze.com/docs/cloud-storage-lifecycle-rules
+`,
+	Opts: map[string]string{
+		"daysFromHidingToDeleting":  "After a file has been hidden for this many days it is deleted. 0 is off.",
+		"daysFromUploadingToHiding": "This many days after uploading a file is hidden",
+	},
+}
+
+func (f *Fs) lifecycleCommand(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error) {
+	var newRule api.LifecycleRule
+	if daysStr := opt["daysFromHidingToDeleting"]; daysStr != "" {
+		days, err := strconv.Atoi(daysStr)
+		if err != nil {
+			return nil, fmt.Errorf("bad daysFromHidingToDeleting: %w", err)
+		}
+		newRule.DaysFromHidingToDeleting = &days
+	}
+	if daysStr := opt["daysFromUploadingToHiding"]; daysStr != "" {
+		days, err := strconv.Atoi(daysStr)
+		if err != nil {
+			return nil, fmt.Errorf("bad daysFromUploadingToHiding: %w", err)
+		}
+		newRule.DaysFromUploadingToHiding = &days
+	}
+	bucketName, _ := f.split("")
+	if bucketName == "" {
+		return nil, errors.New("bucket required")
+
+	}
+
+	var bucket *api.Bucket
+	if newRule.DaysFromHidingToDeleting != nil || newRule.DaysFromUploadingToHiding != nil {
+		bucketID, err := f.getBucketID(ctx, bucketName)
+		if err != nil {
+			return nil, err
+		}
+		opts := rest.Opts{
+			Method: "POST",
+			Path:   "/b2_update_bucket",
+		}
+		var request = api.UpdateBucketRequest{
+			ID:             bucketID,
+			AccountID:      f.info.AccountID,
+			LifecycleRules: []api.LifecycleRule{newRule},
+		}
+		var response api.Bucket
+		err = f.pacer.Call(func() (bool, error) {
+			resp, err := f.srv.CallJSON(ctx, &opts, &request, &response)
+			return f.shouldRetry(ctx, resp, err)
+		})
+		if err != nil {
+			return nil, err
+		}
+		bucket = &response
+	} else {
+		err = f.listBucketsToFn(ctx, bucketName, func(b *api.Bucket) error {
+			bucket = b
+			return nil
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
+	if bucket == nil {
+		return nil, fs.ErrorDirNotFound
+	}
+	return bucket.LifecycleRules, nil
+}
+
+var commandHelp = []fs.CommandHelp{
+	lifecycleHelp,
+}
+
+// Command the backend to run a named command
+//
+// The command run is name
+// args may be used to read arguments from
+// opts may be used to read optional arguments from
+//
+// The result should be capable of being JSON encoded
+// If it is a string or a []string it will be shown to the user
+// otherwise it will be JSON encoded and shown to the user like that
+func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error) {
+	switch name {
+	case "lifecycle":
+		return f.lifecycleCommand(ctx, name, arg, opt)
+	default:
+		return nil, fs.ErrorCommandNotFound
+	}
+}
+
 // Check the interfaces are satisfied
 var (
-	_ fs.Fs           = &Fs{}
-	_ fs.Purger       = &Fs{}
-	_ fs.Copier       = &Fs{}
-	_ fs.PutStreamer  = &Fs{}
-	_ fs.CleanUpper   = &Fs{}
-	_ fs.ListRer      = &Fs{}
-	_ fs.PublicLinker = &Fs{}
-	_ fs.Object       = &Object{}
-	_ fs.MimeTyper    = &Object{}
-	_ fs.IDer         = &Object{}
+	_ fs.Fs              = &Fs{}
+	_ fs.Purger          = &Fs{}
+	_ fs.Copier          = &Fs{}
+	_ fs.PutStreamer     = &Fs{}
+	_ fs.CleanUpper      = &Fs{}
+	_ fs.ListRer         = &Fs{}
+	_ fs.PublicLinker    = &Fs{}
+	_ fs.OpenChunkWriter = &Fs{}
+	_ fs.Commander       = &Fs{}
+	_ fs.Object          = &Object{}
+	_ fs.MimeTyper       = &Object{}
+	_ fs.IDer            = &Object{}
 )
diff --git a/backend/b2/b2_internal_test.go b/backend/b2/b2_internal_test.go
index 74072d552d0f2..8253ca167754c 100644
--- a/backend/b2/b2_internal_test.go
+++ b/backend/b2/b2_internal_test.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/rclone/rclone/fstest"
+	"github.com/rclone/rclone/fstest/fstests"
 )
 
 // Test b2 string encoding
@@ -168,3 +169,10 @@ func TestParseTimeString(t *testing.T) {
 	}
 
 }
+
+// -run TestIntegration/FsMkdir/FsPutFiles/Internal
+func (f *Fs) InternalTest(t *testing.T) {
+	// Internal tests go here
+}
+
+var _ fstests.InternalTester = (*Fs)(nil)
diff --git a/backend/b2/b2_test.go b/backend/b2/b2_test.go
index 6437d2adc3799..43e28e5b1ab9c 100644
--- a/backend/b2/b2_test.go
+++ b/backend/b2/b2_test.go
@@ -28,7 +28,12 @@ func (f *Fs) SetUploadCutoff(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
 	return f.setUploadCutoff(cs)
 }
 
+func (f *Fs) SetCopyCutoff(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
+	return f.setCopyCutoff(cs)
+}
+
 var (
 	_ fstests.SetUploadChunkSizer = (*Fs)(nil)
 	_ fstests.SetUploadCutoffer   = (*Fs)(nil)
+	_ fstests.SetCopyCutoffer     = (*Fs)(nil)
 )
diff --git a/backend/b2/upload.go b/backend/b2/upload.go
index cdf8dbef041e5..777852b1a502f 100644
--- a/backend/b2/upload.go
+++ b/backend/b2/upload.go
@@ -5,7 +5,6 @@
 package b2
 
 import (
-	"bytes"
 	"context"
 	"crypto/sha1"
 	"encoding/hex"
@@ -14,7 +13,6 @@ import (
 	"io"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/rclone/rclone/backend/b2/api"
 	"github.com/rclone/rclone/fs"
@@ -80,12 +78,14 @@ type largeUpload struct {
 	wrap      accounting.WrapFn               // account parts being transferred
 	id        string                          // ID of the file being uploaded
 	size      int64                           // total size
-	parts     int64                           // calculated number of parts, if known
+	parts     int                             // calculated number of parts, if known
+	sha1smu   sync.Mutex                      // mutex to protect sha1s
 	sha1s     []string                        // slice of SHA1s for each part
 	uploadMu  sync.Mutex                      // lock for upload variable
 	uploads   []*api.GetUploadPartURLResponse // result of get upload URL calls
 	chunkSize int64                           // chunk size to use
 	src       *Object                         // if copying, object we are reading from
+	info      *api.FileInfo                   // final response with info about the object
 }
 
 // newLargeUpload starts an upload of object o from in with metadata in src
@@ -93,18 +93,16 @@ type largeUpload struct {
 // If newInfo is set then metadata from that will be used instead of reading it from src
 func (f *Fs) newLargeUpload(ctx context.Context, o *Object, in io.Reader, src fs.ObjectInfo, defaultChunkSize fs.SizeSuffix, doCopy bool, newInfo *api.File) (up *largeUpload, err error) {
 	size := src.Size()
-	parts := int64(0)
-	sha1SliceSize := int64(maxParts)
+	parts := 0
 	chunkSize := defaultChunkSize
 	if size == -1 {
 		fs.Debugf(o, "Streaming upload with --b2-chunk-size %s allows uploads of up to %s and will fail only when that limit is reached.", f.opt.ChunkSize, maxParts*f.opt.ChunkSize)
 	} else {
 		chunkSize = chunksize.Calculator(o, size, maxParts, defaultChunkSize)
-		parts = size / int64(chunkSize)
+		parts = int(size / int64(chunkSize))
 		if size%int64(chunkSize) != 0 {
 			parts++
 		}
-		sha1SliceSize = parts
 	}
 
 	opts := rest.Opts{
@@ -152,7 +150,7 @@ func (f *Fs) newLargeUpload(ctx context.Context, o *Object, in io.Reader, src fs
 		id:        response.ID,
 		size:      size,
 		parts:     parts,
-		sha1s:     make([]string, sha1SliceSize),
+		sha1s:     make([]string, 0, 16),
 		chunkSize: int64(chunkSize),
 	}
 	// unwrap the accounting from the input, we use wrap to put it
@@ -171,24 +169,26 @@ func (f *Fs) newLargeUpload(ctx context.Context, o *Object, in io.Reader, src fs
 // This should be returned with returnUploadURL when finished
 func (up *largeUpload) getUploadURL(ctx context.Context) (upload *api.GetUploadPartURLResponse, err error) {
 	up.uploadMu.Lock()
-	defer up.uploadMu.Unlock()
-	if len(up.uploads) == 0 {
-		opts := rest.Opts{
-			Method: "POST",
-			Path:   "/b2_get_upload_part_url",
-		}
-		var request = api.GetUploadPartURLRequest{
-			ID: up.id,
-		}
-		err := up.f.pacer.Call(func() (bool, error) {
-			resp, err := up.f.srv.CallJSON(ctx, &opts, &request, &upload)
-			return up.f.shouldRetry(ctx, resp, err)
-		})
-		if err != nil {
-			return nil, fmt.Errorf("failed to get upload URL: %w", err)
-		}
-	} else {
+	if len(up.uploads) > 0 {
 		upload, up.uploads = up.uploads[0], up.uploads[1:]
+		up.uploadMu.Unlock()
+		return upload, nil
+	}
+	up.uploadMu.Unlock()
+
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "/b2_get_upload_part_url",
+	}
+	var request = api.GetUploadPartURLRequest{
+		ID: up.id,
+	}
+	err = up.f.pacer.Call(func() (bool, error) {
+		resp, err := up.f.srv.CallJSON(ctx, &opts, &request, &upload)
+		return up.f.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get upload URL: %w", err)
 	}
 	return upload, nil
 }
@@ -203,10 +203,39 @@ func (up *largeUpload) returnUploadURL(upload *api.GetUploadPartURLResponse) {
 	up.uploadMu.Unlock()
 }
 
-// Transfer a chunk
-func (up *largeUpload) transferChunk(ctx context.Context, part int64, body []byte) error {
-	err := up.f.pacer.Call(func() (bool, error) {
-		fs.Debugf(up.o, "Sending chunk %d length %d", part, len(body))
+// Add an sha1 to the being built up sha1s
+func (up *largeUpload) addSha1(chunkNumber int, sha1 string) {
+	up.sha1smu.Lock()
+	defer up.sha1smu.Unlock()
+	if len(up.sha1s) < chunkNumber+1 {
+		up.sha1s = append(up.sha1s, make([]string, chunkNumber+1-len(up.sha1s))...)
+	}
+	up.sha1s[chunkNumber] = sha1
+}
+
+// WriteChunk will write chunk number with reader bytes, where chunk number >= 0
+func (up *largeUpload) WriteChunk(ctx context.Context, chunkNumber int, reader io.ReadSeeker) (size int64, err error) {
+	// Only account after the checksum reads have been done
+	if do, ok := reader.(pool.DelayAccountinger); ok {
+		// To figure out this number, do a transfer and if the accounted size is 0 or a
+		// multiple of what it should be, increase or decrease this number.
+		do.DelayAccounting(1)
+	}
+
+	err = up.f.pacer.Call(func() (bool, error) {
+		// Discover the size by seeking to the end
+		size, err = reader.Seek(0, io.SeekEnd)
+		if err != nil {
+			return false, err
+		}
+
+		// rewind the reader on retry and after reading size
+		_, err = reader.Seek(0, io.SeekStart)
+		if err != nil {
+			return false, err
+		}
+
+		fs.Debugf(up.o, "Sending chunk %d length %d", chunkNumber, size)
 
 		// Get upload URL
 		upload, err := up.getUploadURL(ctx)
@@ -214,8 +243,8 @@ func (up *largeUpload) transferChunk(ctx context.Context, part int64, body []byt
 			return false, err
 		}
 
-		in := newHashAppendingReader(bytes.NewReader(body), sha1.New())
-		size := int64(len(body)) + int64(in.AdditionalLength())
+		in := newHashAppendingReader(reader, sha1.New())
+		sizeWithHash := size + int64(in.AdditionalLength())
 
 		// Authorization
 		//
@@ -245,10 +274,10 @@ func (up *largeUpload) transferChunk(ctx context.Context, part int64, body []byt
 			Body:    up.wrap(in),
 			ExtraHeaders: map[string]string{
 				"Authorization":    upload.AuthorizationToken,
-				"X-Bz-Part-Number": fmt.Sprintf("%d", part),
+				"X-Bz-Part-Number": fmt.Sprintf("%d", chunkNumber+1),
 				sha1Header:         "hex_digits_at_end",
 			},
-			ContentLength: &size,
+			ContentLength: &sizeWithHash,
 		}
 
 		var response api.UploadPartResponse
@@ -256,7 +285,7 @@ func (up *largeUpload) transferChunk(ctx context.Context, part int64, body []byt
 		resp, err := up.f.srv.CallJSON(ctx, &opts, nil, &response)
 		retry, err := up.f.shouldRetry(ctx, resp, err)
 		if err != nil {
-			fs.Debugf(up.o, "Error sending chunk %d (retry=%v): %v: %#v", part, retry, err, err)
+			fs.Debugf(up.o, "Error sending chunk %d (retry=%v): %v: %#v", chunkNumber, retry, err, err)
 		}
 		// On retryable error clear PartUploadURL
 		if retry {
@@ -264,30 +293,30 @@ func (up *largeUpload) transferChunk(ctx context.Context, part int64, body []byt
 			upload = nil
 		}
 		up.returnUploadURL(upload)
-		up.sha1s[part-1] = in.HexSum()
+		up.addSha1(chunkNumber, in.HexSum())
 		return retry, err
 	})
 	if err != nil {
-		fs.Debugf(up.o, "Error sending chunk %d: %v", part, err)
+		fs.Debugf(up.o, "Error sending chunk %d: %v", chunkNumber, err)
 	} else {
-		fs.Debugf(up.o, "Done sending chunk %d", part)
+		fs.Debugf(up.o, "Done sending chunk %d", chunkNumber)
 	}
-	return err
+	return size, err
 }
 
 // Copy a chunk
-func (up *largeUpload) copyChunk(ctx context.Context, part int64, partSize int64) error {
+func (up *largeUpload) copyChunk(ctx context.Context, part int, partSize int64) error {
 	err := up.f.pacer.Call(func() (bool, error) {
 		fs.Debugf(up.o, "Copying chunk %d length %d", part, partSize)
 		opts := rest.Opts{
 			Method: "POST",
 			Path:   "/b2_copy_part",
 		}
-		offset := (part - 1) * up.chunkSize // where we are in the source file
+		offset := int64(part) * up.chunkSize // where we are in the source file
 		var request = api.CopyPartRequest{
 			SourceID:    up.src.id,
 			LargeFileID: up.id,
-			PartNumber:  part,
+			PartNumber:  int64(part + 1),
 			Range:       fmt.Sprintf("bytes=%d-%d", offset, offset+partSize-1),
 		}
 		var response api.UploadPartResponse
@@ -296,7 +325,7 @@ func (up *largeUpload) copyChunk(ctx context.Context, part int64, partSize int64
 		if err != nil {
 			fs.Debugf(up.o, "Error copying chunk %d (retry=%v): %v: %#v", part, retry, err, err)
 		}
-		up.sha1s[part-1] = response.SHA1
+		up.addSha1(part, response.SHA1)
 		return retry, err
 	})
 	if err != nil {
@@ -307,8 +336,8 @@ func (up *largeUpload) copyChunk(ctx context.Context, part int64, partSize int64
 	return err
 }
 
-// finish closes off the large upload
-func (up *largeUpload) finish(ctx context.Context) error {
+// Close closes off the large upload
+func (up *largeUpload) Close(ctx context.Context) error {
 	fs.Debugf(up.o, "Finishing large file %s with %d parts", up.what, up.parts)
 	opts := rest.Opts{
 		Method: "POST",
@@ -326,11 +355,12 @@ func (up *largeUpload) finish(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
-	return up.o.decodeMetaDataFileInfo(&response)
+	up.info = &response
+	return nil
 }
 
-// cancel aborts the large upload
-func (up *largeUpload) cancel(ctx context.Context) error {
+// Abort aborts the large upload
+func (up *largeUpload) Abort(ctx context.Context) error {
 	fs.Debugf(up.o, "Cancelling large file %s", up.what)
 	opts := rest.Opts{
 		Method: "POST",
@@ -355,157 +385,105 @@ func (up *largeUpload) cancel(ctx context.Context) error {
 // reaches EOF.
 //
 // Note that initialUploadBlock must be returned to f.putBuf()
-func (up *largeUpload) Stream(ctx context.Context, initialUploadBlock []byte) (err error) {
-	defer atexit.OnError(&err, func() { _ = up.cancel(ctx) })()
+func (up *largeUpload) Stream(ctx context.Context, initialUploadBlock *pool.RW) (err error) {
+	defer atexit.OnError(&err, func() { _ = up.Abort(ctx) })()
 	fs.Debugf(up.o, "Starting streaming of large file (id %q)", up.id)
 	var (
 		g, gCtx      = errgroup.WithContext(ctx)
 		hasMoreParts = true
 	)
-	up.size = int64(len(initialUploadBlock))
-	g.Go(func() error {
-		for part := int64(1); hasMoreParts; part++ {
-			// Get a block of memory from the pool and token which limits concurrency.
-			var buf []byte
-			if part == 1 {
-				buf = initialUploadBlock
-			} else {
-				buf = up.f.getBuf(false)
-			}
+	up.size = initialUploadBlock.Size()
+	up.parts = 0
+	for part := 0; hasMoreParts; part++ {
+		// Get a block of memory from the pool and token which limits concurrency.
+		var rw *pool.RW
+		if part == 0 {
+			rw = initialUploadBlock
+		} else {
+			rw = up.f.getRW(false)
+		}
 
-			// Fail fast, in case an errgroup managed function returns an error
-			// gCtx is cancelled. There is no point in uploading all the other parts.
-			if gCtx.Err() != nil {
-				up.f.putBuf(buf, false)
-				return nil
-			}
+		// Fail fast, in case an errgroup managed function returns an error
+		// gCtx is cancelled. There is no point in uploading all the other parts.
+		if gCtx.Err() != nil {
+			up.f.putRW(rw)
+			break
+		}
 
-			// Read the chunk
-			var n int
-			if part == 1 {
-				n = len(buf)
-			} else {
-				n, err = io.ReadFull(up.in, buf)
-				if err == io.ErrUnexpectedEOF {
-					fs.Debugf(up.o, "Read less than a full chunk, making this the last one.")
-					buf = buf[:n]
-					hasMoreParts = false
-				} else if err == io.EOF {
-					fs.Debugf(up.o, "Could not read any more bytes, previous chunk was the last.")
-					up.f.putBuf(buf, false)
-					return nil
-				} else if err != nil {
-					// other kinds of errors indicate failure
-					up.f.putBuf(buf, false)
-					return err
+		// Read the chunk
+		var n int64
+		if part == 0 {
+			n = rw.Size()
+		} else {
+			n, err = io.CopyN(rw, up.in, up.chunkSize)
+			if err == io.EOF {
+				if n == 0 {
+					fs.Debugf(up.o, "Not sending empty chunk after EOF - ending.")
+					up.f.putRW(rw)
+					break
+				} else {
+					fs.Debugf(up.o, "Read less than a full chunk %d, making this the last one.", n)
 				}
+				hasMoreParts = false
+			} else if err != nil {
+				// other kinds of errors indicate failure
+				up.f.putRW(rw)
+				return err
 			}
+		}
 
-			// Keep stats up to date
-			up.parts = part
-			up.size += int64(n)
-			if part > maxParts {
-				up.f.putBuf(buf, false)
-				return fmt.Errorf("%q too big (%d bytes so far) makes too many parts %d > %d - increase --b2-chunk-size", up.o, up.size, up.parts, maxParts)
-			}
-
-			part := part // for the closure
-			g.Go(func() (err error) {
-				defer up.f.putBuf(buf, false)
-				return up.transferChunk(gCtx, part, buf)
-			})
+		// Keep stats up to date
+		up.parts += 1
+		up.size += n
+		if part > maxParts {
+			up.f.putRW(rw)
+			return fmt.Errorf("%q too big (%d bytes so far) makes too many parts %d > %d - increase --b2-chunk-size", up.o, up.size, up.parts, maxParts)
 		}
-		return nil
-	})
+
+		part := part // for the closure
+		g.Go(func() (err error) {
+			defer up.f.putRW(rw)
+			_, err = up.WriteChunk(gCtx, part, rw)
+			return err
+		})
+	}
 	err = g.Wait()
 	if err != nil {
 		return err
 	}
-	up.sha1s = up.sha1s[:up.parts]
-	return up.finish(ctx)
+	return up.Close(ctx)
 }
 
-// Upload uploads the chunks from the input
-func (up *largeUpload) Upload(ctx context.Context) (err error) {
-	defer atexit.OnError(&err, func() { _ = up.cancel(ctx) })()
+// Copy the chunks from the source to the destination
+func (up *largeUpload) Copy(ctx context.Context) (err error) {
+	defer atexit.OnError(&err, func() { _ = up.Abort(ctx) })()
 	fs.Debugf(up.o, "Starting %s of large file in %d chunks (id %q)", up.what, up.parts, up.id)
 	var (
-		g, gCtx    = errgroup.WithContext(ctx)
-		remaining  = up.size
-		uploadPool *pool.Pool
-		ci         = fs.GetConfig(ctx)
+		g, gCtx   = errgroup.WithContext(ctx)
+		remaining = up.size
 	)
-	// If using large chunk size then make a temporary pool
-	if up.chunkSize <= int64(up.f.opt.ChunkSize) {
-		uploadPool = up.f.pool
-	} else {
-		uploadPool = pool.New(
-			time.Duration(up.f.opt.MemoryPoolFlushTime),
-			int(up.chunkSize),
-			ci.Transfers,
-			up.f.opt.MemoryPoolUseMmap,
-		)
-		defer uploadPool.Flush()
-	}
-	// Get an upload token and a buffer
-	getBuf := func() (buf []byte) {
-		up.f.getBuf(true)
-		if !up.doCopy {
-			buf = uploadPool.Get()
+	g.SetLimit(up.f.opt.UploadConcurrency)
+	for part := 0; part < up.parts; part++ {
+		// Fail fast, in case an errgroup managed function returns an error
+		// gCtx is cancelled. There is no point in copying all the other parts.
+		if gCtx.Err() != nil {
+			break
 		}
-		return buf
-	}
-	// Put an upload token and a buffer
-	putBuf := func(buf []byte) {
-		if !up.doCopy {
-			uploadPool.Put(buf)
-		}
-		up.f.putBuf(nil, true)
-	}
-	g.Go(func() error {
-		for part := int64(1); part <= up.parts; part++ {
-			// Get a block of memory from the pool and token which limits concurrency.
-			buf := getBuf()
-
-			// Fail fast, in case an errgroup managed function returns an error
-			// gCtx is cancelled. There is no point in uploading all the other parts.
-			if gCtx.Err() != nil {
-				putBuf(buf)
-				return nil
-			}
-
-			reqSize := remaining
-			if reqSize >= up.chunkSize {
-				reqSize = up.chunkSize
-			}
-
-			if !up.doCopy {
-				// Read the chunk
-				buf = buf[:reqSize]
-				_, err = io.ReadFull(up.in, buf)
-				if err != nil {
-					putBuf(buf)
-					return err
-				}
-			}
 
-			part := part // for the closure
-			g.Go(func() (err error) {
-				defer putBuf(buf)
-				if !up.doCopy {
-					err = up.transferChunk(gCtx, part, buf)
-				} else {
-					err = up.copyChunk(gCtx, part, reqSize)
-				}
-				return err
-			})
-			remaining -= reqSize
+		reqSize := remaining
+		if reqSize >= up.chunkSize {
+			reqSize = up.chunkSize
 		}
-		return nil
-	})
+
+		part := part // for the closure
+		g.Go(func() (err error) {
+			return up.copyChunk(gCtx, part, reqSize)
+		})
+		remaining -= reqSize
+	}
 	err = g.Wait()
 	if err != nil {
 		return err
 	}
-	return up.finish(ctx)
+	return up.Close(ctx)
 }
diff --git a/backend/box/api/types.go b/backend/box/api/types.go
index 6ff87761c25bc..275dea9502ad7 100644
--- a/backend/box/api/types.go
+++ b/backend/box/api/types.go
@@ -52,7 +52,7 @@ func (e *Error) Error() string {
 		out += ": " + e.Message
 	}
 	if e.ContextInfo != nil {
-		out += fmt.Sprintf(" (%+v)", e.ContextInfo)
+		out += fmt.Sprintf(" (%s)", string(e.ContextInfo))
 	}
 	return out
 }
@@ -63,7 +63,7 @@ var _ error = (*Error)(nil)
 // ItemFields are the fields needed for FileInfo
 var ItemFields = "type,id,sequence_id,etag,sha1,name,size,created_at,modified_at,content_created_at,content_modified_at,item_status,shared_link,owned_by"
 
-// Types of things in Item
+// Types of things in Item/ItemMini
 const (
 	ItemTypeFolder    = "folder"
 	ItemTypeFile      = "file"
@@ -72,20 +72,31 @@ const (
 	ItemStatusDeleted = "deleted"
 )
 
+// ItemMini is a subset of the elements in a full Item returned by some API calls
+type ItemMini struct {
+	Type       string `json:"type"`
+	ID         string `json:"id"`
+	SequenceID int64  `json:"sequence_id,string"`
+	Etag       string `json:"etag"`
+	SHA1       string `json:"sha1"`
+	Name       string `json:"name"`
+}
+
 // Item describes a folder or a file as returned by Get Folder Items and others
 type Item struct {
-	Type              string  `json:"type"`
-	ID                string  `json:"id"`
-	SequenceID        string  `json:"sequence_id"`
-	Etag              string  `json:"etag"`
-	SHA1              string  `json:"sha1"`
-	Name              string  `json:"name"`
-	Size              float64 `json:"size"` // box returns this in xEyy format for very large numbers - see #2261
-	CreatedAt         Time    `json:"created_at"`
-	ModifiedAt        Time    `json:"modified_at"`
-	ContentCreatedAt  Time    `json:"content_created_at"`
-	ContentModifiedAt Time    `json:"content_modified_at"`
-	ItemStatus        string  `json:"item_status"` // active, trashed if the file has been moved to the trash, and deleted if the file has been permanently deleted
+	Type              string   `json:"type"`
+	ID                string   `json:"id"`
+	SequenceID        int64    `json:"sequence_id,string"`
+	Etag              string   `json:"etag"`
+	SHA1              string   `json:"sha1"`
+	Name              string   `json:"name"`
+	Size              float64  `json:"size"` // box returns this in xEyy format for very large numbers - see #2261
+	CreatedAt         Time     `json:"created_at"`
+	ModifiedAt        Time     `json:"modified_at"`
+	ContentCreatedAt  Time     `json:"content_created_at"`
+	ContentModifiedAt Time     `json:"content_modified_at"`
+	ItemStatus        string   `json:"item_status"` // active, trashed if the file has been moved to the trash, and deleted if the file has been permanently deleted
+	Parent            ItemMini `json:"parent"`
 	SharedLink        struct {
 		URL    string `json:"url,omitempty"`
 		Access string `json:"access,omitempty"`
@@ -156,19 +167,7 @@ type PreUploadCheckResponse struct {
 // PreUploadCheckConflict is returned in the ContextInfo error field
 // from PreUploadCheck when the error code is "item_name_in_use"
 type PreUploadCheckConflict struct {
-	Conflicts struct {
-		Type        string `json:"type"`
-		ID          string `json:"id"`
-		FileVersion struct {
-			Type string `json:"type"`
-			ID   string `json:"id"`
-			Sha1 string `json:"sha1"`
-		} `json:"file_version"`
-		SequenceID string `json:"sequence_id"`
-		Etag       string `json:"etag"`
-		Sha1       string `json:"sha1"`
-		Name       string `json:"name"`
-	} `json:"conflicts"`
+	Conflicts ItemMini `json:"conflicts"`
 }
 
 // UpdateFileModTime is used in Update File Info
@@ -281,3 +280,30 @@ type User struct {
 	Address       string    `json:"address"`
 	AvatarURL     string    `json:"avatar_url"`
 }
+
+// FileTreeChangeEventTypes are the events that can require cache invalidation
+var FileTreeChangeEventTypes = map[string]struct{}{
+	"ITEM_COPY":                 {},
+	"ITEM_CREATE":               {},
+	"ITEM_MAKE_CURRENT_VERSION": {},
+	"ITEM_MODIFY":               {},
+	"ITEM_MOVE":                 {},
+	"ITEM_RENAME":               {},
+	"ITEM_TRASH":                {},
+	"ITEM_UNDELETE_VIA_TRASH":   {},
+	"ITEM_UPLOAD":               {},
+}
+
+// Event is an array element in the response returned from /events
+type Event struct {
+	EventType string `json:"event_type"`
+	EventID   string `json:"event_id"`
+	Source    Item   `json:"source"`
+}
+
+// Events is returned from /events
+type Events struct {
+	ChunkSize          int64   `json:"chunk_size"`
+	Entries            []Event `json:"entries"`
+	NextStreamPosition int64   `json:"next_stream_position"`
+}
diff --git a/backend/box/box.go b/backend/box/box.go
index e0cfbed07d6bf..26e2cb35642de 100644
--- a/backend/box/box.go
+++ b/backend/box/box.go
@@ -27,6 +27,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/rclone/rclone/backend/box/api"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/config"
@@ -45,7 +46,6 @@ import (
 	"github.com/rclone/rclone/lib/rest"
 	"github.com/youmark/pkcs8"
 	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/jws"
 )
 
 const (
@@ -76,6 +76,11 @@ var (
 	}
 )
 
+type boxCustomClaims struct {
+	jwt.StandardClaims
+	BoxSubType string `json:"box_sub_type,omitempty"`
+}
+
 // Register with Fs
 func init() {
 	fs.Register(&fs.RegInfo{
@@ -102,16 +107,18 @@ func init() {
 			return nil, nil
 		},
 		Options: append(oauthutil.SharedOptions, []fs.Option{{
-			Name:     "root_folder_id",
-			Help:     "Fill in for rclone to use a non root folder as its starting point.",
-			Default:  "0",
-			Advanced: true,
+			Name:      "root_folder_id",
+			Help:      "Fill in for rclone to use a non root folder as its starting point.",
+			Default:   "0",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "box_config_file",
 			Help: "Box App config.json location\n\nLeave blank normally." + env.ShellExpandHelp,
 		}, {
-			Name: "access_token",
-			Help: "Box App Primary Access Token\n\nLeave blank normally.",
+			Name:      "access_token",
+			Help:      "Box App Primary Access Token\n\nLeave blank normally.",
+			Sensitive: true,
 		}, {
 			Name:    "box_sub_type",
 			Default: "user",
@@ -142,6 +149,23 @@ func init() {
 			Default:  "",
 			Help:     "Only show items owned by the login (email address) passed in.",
 			Advanced: true,
+		}, {
+			Name:    "impersonate",
+			Default: "",
+			Help: `Impersonate this user ID when using a service account.
+
+Setting this flag allows rclone, when using a JWT service account, to
+act on behalf of another user by setting the as-user header.
+
+The user ID is the Box identifier for a user. User IDs can found for
+any user via the GET /users endpoint, which is only available to
+admins, or by calling the GET /users/me endpoint with an authenticated
+user session.
+
+See: https://developer.box.com/guides/authentication/jwt/as-user/
+`,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -178,7 +202,7 @@ func refreshJWTToken(ctx context.Context, jsonFile string, boxSubType string, na
 	signingHeaders := getSigningHeaders(boxConfig)
 	queryParams := getQueryParams(boxConfig)
 	client := fshttp.NewClient(ctx)
-	err = jwtutil.Config("box", name, claims, signingHeaders, queryParams, privateKey, m, client)
+	err = jwtutil.Config("box", name, tokenURL, *claims, signingHeaders, queryParams, privateKey, m, client)
 	return err
 }
 
@@ -194,34 +218,31 @@ func getBoxConfig(configFile string) (boxConfig *api.ConfigJSON, err error) {
 	return boxConfig, nil
 }
 
-func getClaims(boxConfig *api.ConfigJSON, boxSubType string) (claims *jws.ClaimSet, err error) {
+func getClaims(boxConfig *api.ConfigJSON, boxSubType string) (claims *boxCustomClaims, err error) {
 	val, err := jwtutil.RandomHex(20)
 	if err != nil {
 		return nil, fmt.Errorf("box: failed to generate random string for jti: %w", err)
 	}
 
-	claims = &jws.ClaimSet{
-		Iss: boxConfig.BoxAppSettings.ClientID,
-		Sub: boxConfig.EnterpriseID,
-		Aud: tokenURL,
-		Exp: time.Now().Add(time.Second * 45).Unix(),
-		PrivateClaims: map[string]interface{}{
-			"box_sub_type": boxSubType,
-			"aud":          tokenURL,
-			"jti":          val,
+	claims = &boxCustomClaims{
+		//lint:ignore SA1019 since we need to use jwt.StandardClaims even if deprecated in jwt-go v4 until a more permanent solution is ready in time before jwt-go v5 where it is removed entirely
+		//nolint:staticcheck // Don't include staticcheck when running golangci-lint to avoid SA1019
+		StandardClaims: jwt.StandardClaims{
+			Id:        val,
+			Issuer:    boxConfig.BoxAppSettings.ClientID,
+			Subject:   boxConfig.EnterpriseID,
+			Audience:  tokenURL,
+			ExpiresAt: time.Now().Add(time.Second * 45).Unix(),
 		},
+		BoxSubType: boxSubType,
 	}
-
 	return claims, nil
 }
 
-func getSigningHeaders(boxConfig *api.ConfigJSON) *jws.Header {
-	signingHeaders := &jws.Header{
-		Algorithm: "RS256",
-		Typ:       "JWT",
-		KeyID:     boxConfig.BoxAppSettings.AppAuth.PublicKeyID,
+func getSigningHeaders(boxConfig *api.ConfigJSON) map[string]interface{} {
+	signingHeaders := map[string]interface{}{
+		"kid": boxConfig.BoxAppSettings.AppAuth.PublicKeyID,
 	}
-
 	return signingHeaders
 }
 
@@ -258,19 +279,29 @@ type Options struct {
 	AccessToken   string               `config:"access_token"`
 	ListChunk     int                  `config:"list_chunk"`
 	OwnedBy       string               `config:"owned_by"`
+	Impersonate   string               `config:"impersonate"`
+}
+
+// ItemMeta defines metadata we cache for each Item ID
+type ItemMeta struct {
+	SequenceID int64  // the most recent event processed for this item
+	ParentID   string // ID of the parent directory of this item
+	Name       string // leaf name of this item
 }
 
 // Fs represents a remote box
 type Fs struct {
-	name         string                // name of this remote
-	root         string                // the path we are working on
-	opt          Options               // parsed options
-	features     *fs.Features          // optional features
-	srv          *rest.Client          // the connection to the server
-	dirCache     *dircache.DirCache    // Map of directory path to directory id
-	pacer        *fs.Pacer             // pacer for API calls
-	tokenRenewer *oauthutil.Renew      // renew the token on expiry
-	uploadToken  *pacer.TokenDispenser // control concurrency
+	name            string                // name of this remote
+	root            string                // the path we are working on
+	opt             Options               // parsed options
+	features        *fs.Features          // optional features
+	srv             *rest.Client          // the connection to the server
+	dirCache        *dircache.DirCache    // Map of directory path to directory id
+	pacer           *fs.Pacer             // pacer for API calls
+	tokenRenewer    *oauthutil.Renew      // renew the token on expiry
+	uploadToken     *pacer.TokenDispenser // control concurrency
+	itemMetaCacheMu *sync.Mutex           // protects itemMetaCache
+	itemMetaCache   map[string]ItemMeta   // map of Item ID to selected metadata
 }
 
 // Object describes a box object
@@ -349,7 +380,7 @@ func shouldRetry(ctx context.Context, resp *http.Response, err error) (bool, err
 
 // readMetaDataForPath reads the metadata from the path
 func (f *Fs) readMetaDataForPath(ctx context.Context, path string) (info *api.Item, err error) {
-	// defer fs.Trace(f, "path=%q", path)("info=%+v, err=%v", &info, &err)
+	// defer log.Trace(f, "path=%q", path)("info=%+v, err=%v", &info, &err)
 	leaf, directoryID, err := f.dirCache.FindPath(ctx, path, false)
 	if err != nil {
 		if err == fs.ErrorDirNotFound {
@@ -358,20 +389,30 @@ func (f *Fs) readMetaDataForPath(ctx context.Context, path string) (info *api.It
 		return nil, err
 	}
 
-	found, err := f.listAll(ctx, directoryID, false, true, true, func(item *api.Item) bool {
-		if strings.EqualFold(item.Name, leaf) {
-			info = item
-			return true
-		}
-		return false
-	})
+	// Use preupload to find the ID
+	itemMini, err := f.preUploadCheck(ctx, leaf, directoryID, -1)
 	if err != nil {
 		return nil, err
 	}
-	if !found {
+	if itemMini == nil {
 		return nil, fs.ErrorObjectNotFound
 	}
-	return info, nil
+
+	// Now we have the ID we can look up the object proper
+	opts := rest.Opts{
+		Method:     "GET",
+		Path:       "/files/" + itemMini.ID,
+		Parameters: fieldsValue(),
+	}
+	var item api.Item
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err := f.srv.CallJSON(ctx, &opts, nil, &item)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &item, nil
 }
 
 // errorHandler parses a non 2xx error response into an error
@@ -418,12 +459,14 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 
 	ci := fs.GetConfig(ctx)
 	f := &Fs{
-		name:        name,
-		root:        root,
-		opt:         *opt,
-		srv:         rest.NewClient(client).SetRoot(rootURL),
-		pacer:       fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
-		uploadToken: pacer.NewTokenDispenser(ci.Transfers),
+		name:            name,
+		root:            root,
+		opt:             *opt,
+		srv:             rest.NewClient(client).SetRoot(rootURL),
+		pacer:           fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
+		uploadToken:     pacer.NewTokenDispenser(ci.Transfers),
+		itemMetaCacheMu: new(sync.Mutex),
+		itemMetaCache:   make(map[string]ItemMeta),
 	}
 	f.features = (&fs.Features{
 		CaseInsensitive:         true,
@@ -436,6 +479,11 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		f.srv.SetHeader("Authorization", "Bearer "+f.opt.AccessToken)
 	}
 
+	// If using impersonate set an as-user header
+	if f.opt.Impersonate != "" {
+		f.srv.SetHeader("as-user", f.opt.Impersonate)
+	}
+
 	jsonFile, ok := m.Get("box_config_file")
 	boxSubType, boxSubTypeOk := m.Get("box_sub_type")
 
@@ -678,6 +726,17 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 			}
 			entries = append(entries, o)
 		}
+
+		// Cache some metadata for this Item to help us process events later
+		// on. In particular, the box event API does not provide the old path
+		// of the Item when it is renamed/deleted/moved/etc.
+		f.itemMetaCacheMu.Lock()
+		cachedItemMeta, found := f.itemMetaCache[info.ID]
+		if !found || cachedItemMeta.SequenceID < info.SequenceID {
+			f.itemMetaCache[info.ID] = ItemMeta{SequenceID: info.SequenceID, ParentID: directoryID, Name: info.Name}
+		}
+		f.itemMetaCacheMu.Unlock()
+
 		return false
 	})
 	if err != nil {
@@ -713,7 +772,7 @@ func (f *Fs) createObject(ctx context.Context, remote string, modTime time.Time,
 //
 // It returns "", nil if the file is good to go
 // It returns "ID", nil if the file must be updated
-func (f *Fs) preUploadCheck(ctx context.Context, leaf, directoryID string, size int64) (ID string, err error) {
+func (f *Fs) preUploadCheck(ctx context.Context, leaf, directoryID string, size int64) (item *api.ItemMini, err error) {
 	check := api.PreUploadCheck{
 		Name: f.opt.Enc.FromStandardName(leaf),
 		Parent: api.Parent{
@@ -738,16 +797,16 @@ func (f *Fs) preUploadCheck(ctx context.Context, leaf, directoryID string, size
 			var conflict api.PreUploadCheckConflict
 			err = json.Unmarshal(apiErr.ContextInfo, &conflict)
 			if err != nil {
-				return "", fmt.Errorf("pre-upload check: JSON decode failed: %w", err)
+				return nil, fmt.Errorf("pre-upload check: JSON decode failed: %w", err)
 			}
 			if conflict.Conflicts.Type != api.ItemTypeFile {
-				return "", fmt.Errorf("pre-upload check: can't overwrite non file with file: %w", err)
+				return nil, fs.ErrorIsDir
 			}
-			return conflict.Conflicts.ID, nil
+			return &conflict.Conflicts, nil
 		}
-		return "", fmt.Errorf("pre-upload check: %w", err)
+		return nil, fmt.Errorf("pre-upload check: %w", err)
 	}
-	return "", nil
+	return nil, nil
 }
 
 // Put the object
@@ -768,11 +827,11 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 
 	// Preflight check the upload, which returns the ID if the
 	// object already exists
-	ID, err := f.preUploadCheck(ctx, leaf, directoryID, src.Size())
+	item, err := f.preUploadCheck(ctx, leaf, directoryID, src.Size())
 	if err != nil {
 		return nil, err
 	}
-	if ID == "" {
+	if item == nil {
 		return f.PutUnchecked(ctx, in, src, options...)
 	}
 
@@ -780,7 +839,7 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 	o := &Object{
 		fs:     f,
 		remote: remote,
-		id:     ID,
+		id:     item.ID,
 	}
 	return o, o.Update(ctx, in, src, options...)
 }
@@ -1117,7 +1176,7 @@ func (f *Fs) deletePermanently(ctx context.Context, itemType, id string) error {
 // CleanUp empties the trash
 func (f *Fs) CleanUp(ctx context.Context) (err error) {
 	var (
-		deleteErrors       = int64(0)
+		deleteErrors       atomic.Uint64
 		concurrencyControl = make(chan struct{}, fs.GetConfig(ctx).Checkers)
 		wg                 sync.WaitGroup
 	)
@@ -1133,7 +1192,7 @@ func (f *Fs) CleanUp(ctx context.Context) (err error) {
 				err := f.deletePermanently(ctx, item.Type, item.ID)
 				if err != nil {
 					fs.Errorf(f, "failed to delete trash item %q (%q): %v", item.Name, item.ID, err)
-					atomic.AddInt64(&deleteErrors, 1)
+					deleteErrors.Add(1)
 				}
 			}()
 		} else {
@@ -1142,12 +1201,277 @@ func (f *Fs) CleanUp(ctx context.Context) (err error) {
 		return false
 	})
 	wg.Wait()
-	if deleteErrors != 0 {
-		return fmt.Errorf("failed to delete %d trash items", deleteErrors)
+	if deleteErrors.Load() != 0 {
+		return fmt.Errorf("failed to delete %d trash items", deleteErrors.Load())
 	}
 	return err
 }
 
+// ChangeNotify calls the passed function with a path that has had changes.
+// If the implementation uses polling, it should adhere to the given interval.
+//
+// Automatically restarts itself in case of unexpected behavior of the remote.
+//
+// Close the returned channel to stop being notified.
+func (f *Fs) ChangeNotify(ctx context.Context, notifyFunc func(string, fs.EntryType), pollIntervalChan <-chan time.Duration) {
+	go func() {
+		// get the `stream_position` early so all changes from now on get processed
+		streamPosition, err := f.changeNotifyStreamPosition(ctx)
+		if err != nil {
+			fs.Infof(f, "Failed to get StreamPosition: %s", err)
+		}
+
+		// box can send duplicate Event IDs. Use this map to track and filter
+		// the ones we've already processed.
+		processedEventIDs := make(map[string]time.Time)
+
+		var ticker *time.Ticker
+		var tickerC <-chan time.Time
+		for {
+			select {
+			case pollInterval, ok := <-pollIntervalChan:
+				if !ok {
+					if ticker != nil {
+						ticker.Stop()
+					}
+					return
+				}
+				if ticker != nil {
+					ticker.Stop()
+					ticker, tickerC = nil, nil
+				}
+				if pollInterval != 0 {
+					ticker = time.NewTicker(pollInterval)
+					tickerC = ticker.C
+				}
+			case <-tickerC:
+				if streamPosition == "" {
+					streamPosition, err = f.changeNotifyStreamPosition(ctx)
+					if err != nil {
+						fs.Infof(f, "Failed to get StreamPosition: %s", err)
+						continue
+					}
+				}
+
+				// Garbage collect EventIDs older than 1 minute
+				for eventID, timestamp := range processedEventIDs {
+					if time.Since(timestamp) > time.Minute {
+						delete(processedEventIDs, eventID)
+					}
+				}
+
+				streamPosition, err = f.changeNotifyRunner(ctx, notifyFunc, streamPosition, processedEventIDs)
+				if err != nil {
+					fs.Infof(f, "Change notify listener failure: %s", err)
+				}
+			}
+		}
+	}()
+}
+
+func (f *Fs) changeNotifyStreamPosition(ctx context.Context) (streamPosition string, err error) {
+	opts := rest.Opts{
+		Method:     "GET",
+		Path:       "/events",
+		Parameters: fieldsValue(),
+	}
+	opts.Parameters.Set("stream_position", "now")
+	opts.Parameters.Set("stream_type", "changes")
+
+	var result api.Events
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, nil, &result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return "", err
+	}
+
+	return strconv.FormatInt(result.NextStreamPosition, 10), nil
+}
+
+// Attempts to construct the full path for an object, given the ID of its
+// parent directory and the name of the object.
+//
+// Can return "" if the parentID is not currently in the directory cache.
+func (f *Fs) getFullPath(parentID string, childName string) (fullPath string) {
+	fullPath = ""
+	name := f.opt.Enc.ToStandardName(childName)
+	if parentID != "" {
+		if parentDir, ok := f.dirCache.GetInv(parentID); ok {
+			if len(parentDir) > 0 {
+				fullPath = parentDir + "/" + name
+			} else {
+				fullPath = name
+			}
+		}
+	} else {
+		// No parent, this object is at the root
+		fullPath = name
+	}
+	return fullPath
+}
+
+func (f *Fs) changeNotifyRunner(ctx context.Context, notifyFunc func(string, fs.EntryType), streamPosition string, processedEventIDs map[string]time.Time) (nextStreamPosition string, err error) {
+	nextStreamPosition = streamPosition
+
+	for {
+		limit := f.opt.ListChunk
+
+		// box only allows a max of 500 events
+		if limit > 500 {
+			limit = 500
+		}
+
+		opts := rest.Opts{
+			Method:     "GET",
+			Path:       "/events",
+			Parameters: fieldsValue(),
+		}
+		opts.Parameters.Set("stream_position", nextStreamPosition)
+		opts.Parameters.Set("stream_type", "changes")
+		opts.Parameters.Set("limit", strconv.Itoa(limit))
+
+		var result api.Events
+		var resp *http.Response
+		fs.Debugf(f, "Checking for changes on remote (next_stream_position: %q)", nextStreamPosition)
+		err = f.pacer.Call(func() (bool, error) {
+			resp, err = f.srv.CallJSON(ctx, &opts, nil, &result)
+			return shouldRetry(ctx, resp, err)
+		})
+		if err != nil {
+			return "", err
+		}
+
+		if result.ChunkSize != int64(len(result.Entries)) {
+			return "", fmt.Errorf("invalid response to event request, chunk_size (%v) not equal to number of entries (%v)", result.ChunkSize, len(result.Entries))
+		}
+
+		nextStreamPosition = strconv.FormatInt(result.NextStreamPosition, 10)
+		if result.ChunkSize == 0 {
+			return nextStreamPosition, nil
+		}
+
+		type pathToClear struct {
+			path      string
+			entryType fs.EntryType
+		}
+		var pathsToClear []pathToClear
+		newEventIDs := 0
+		for _, entry := range result.Entries {
+			eventDetails := fmt.Sprintf("[%q(%d)|%s|%s|%s|%s]", entry.Source.Name, entry.Source.SequenceID,
+				entry.Source.Type, entry.EventType, entry.Source.ID, entry.EventID)
+
+			if entry.EventID == "" {
+				fs.Debugf(f, "%s ignored due to missing EventID", eventDetails)
+				continue
+			}
+			if _, ok := processedEventIDs[entry.EventID]; ok {
+				fs.Debugf(f, "%s ignored due to duplicate EventID", eventDetails)
+				continue
+			}
+			processedEventIDs[entry.EventID] = time.Now()
+			newEventIDs++
+
+			if entry.Source.ID == "" { // missing File or Folder ID
+				fs.Debugf(f, "%s ignored due to missing SourceID", eventDetails)
+				continue
+			}
+			if entry.Source.Type != api.ItemTypeFile && entry.Source.Type != api.ItemTypeFolder { // event is not for a file or folder
+				fs.Debugf(f, "%s ignored due to unsupported SourceType", eventDetails)
+				continue
+			}
+
+			// Only interested in event types that result in a file tree change
+			if _, found := api.FileTreeChangeEventTypes[entry.EventType]; !found {
+				fs.Debugf(f, "%s ignored due to unsupported EventType", eventDetails)
+				continue
+			}
+
+			f.itemMetaCacheMu.Lock()
+			itemMeta, cachedItemMetaFound := f.itemMetaCache[entry.Source.ID]
+			if cachedItemMetaFound {
+				if itemMeta.SequenceID >= entry.Source.SequenceID {
+					// Item in the cache has the same or newer SequenceID than
+					// this event. Ignore this event, it must be old.
+					f.itemMetaCacheMu.Unlock()
+					fs.Debugf(f, "%s ignored due to old SequenceID (%q)", eventDetails, itemMeta.SequenceID)
+					continue
+				}
+
+				// This event is newer. Delete its entry from the cache,
+				// we'll notify about its change below, then it's up to a
+				// future list operation to repopulate the cache.
+				delete(f.itemMetaCache, entry.Source.ID)
+			}
+			f.itemMetaCacheMu.Unlock()
+
+			entryType := fs.EntryDirectory
+			if entry.Source.Type == api.ItemTypeFile {
+				entryType = fs.EntryObject
+			}
+
+			// The box event only includes the new path for the object (e.g.
+			// the path after the object was moved). If there was an old path
+			// saved in our cache, it must be cleared.
+			if cachedItemMetaFound {
+				path := f.getFullPath(itemMeta.ParentID, itemMeta.Name)
+				if path != "" {
+					fs.Debugf(f, "%s added old path (%q) for notify", eventDetails, path)
+					pathsToClear = append(pathsToClear, pathToClear{path: path, entryType: entryType})
+				} else {
+					fs.Debugf(f, "%s old parent not cached", eventDetails)
+				}
+
+				// If this is a directory, also delete it from the dir cache.
+				// This will effectively invalidate the item metadata cache
+				// entries for all descendents of this directory, since we
+				// will no longer be able to construct a full path for them.
+				// This is exactly what we want, since we don't want to notify
+				// on the paths of these descendents if one of their ancestors
+				// has been renamed/deleted.
+				if entry.Source.Type == api.ItemTypeFolder {
+					f.dirCache.FlushDir(path)
+				}
+			}
+
+			// If the item is "active", then it is not trashed or deleted, so
+			// it potentially has a valid parent.
+			//
+			// Construct the new path of the object, based on the Parent ID
+			// and its name. If we get an empty result, it means we don't
+			// currently know about this object so notification is unnecessary.
+			if entry.Source.ItemStatus == api.ItemStatusActive {
+				path := f.getFullPath(entry.Source.Parent.ID, entry.Source.Name)
+				if path != "" {
+					fs.Debugf(f, "%s added new path (%q) for notify", eventDetails, path)
+					pathsToClear = append(pathsToClear, pathToClear{path: path, entryType: entryType})
+				} else {
+					fs.Debugf(f, "%s new parent not found", eventDetails)
+				}
+			}
+		}
+
+		// box can sometimes repeatedly return the same Event IDs within a
+		// short period of time. If it stops giving us new ones, treat it
+		// the same as if it returned us none at all.
+		if newEventIDs == 0 {
+			return nextStreamPosition, nil
+		}
+
+		notifiedPaths := make(map[string]bool)
+		for _, p := range pathsToClear {
+			if _, ok := notifiedPaths[p.path]; ok {
+				continue
+			}
+			notifiedPaths[p.path] = true
+			notifyFunc(p.path, p.entryType)
+		}
+		fs.Debugf(f, "Received %v events, resulting in %v paths and %v notifications", len(result.Entries), len(pathsToClear), len(notifiedPaths))
+	}
+}
+
 // DirCacheFlush resets the directory cache - used in testing as an
 // optional interface
 func (f *Fs) DirCacheFlush() {
diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index dd16642c9a3db..828744c47340a 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -76,17 +76,19 @@ func init() {
 			Name: "plex_url",
 			Help: "The URL of the Plex server.",
 		}, {
-			Name: "plex_username",
-			Help: "The username of the Plex user.",
+			Name:      "plex_username",
+			Help:      "The username of the Plex user.",
+			Sensitive: true,
 		}, {
 			Name:       "plex_password",
 			Help:       "The password of the Plex user.",
 			IsPassword: true,
 		}, {
-			Name:     "plex_token",
-			Help:     "The plex token for authentication - auto set normally.",
-			Hide:     fs.OptionHideBoth,
-			Advanced: true,
+			Name:      "plex_token",
+			Help:      "The plex token for authentication - auto set normally.",
+			Hide:      fs.OptionHideBoth,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:     "plex_insecure",
 			Help:     "Skip all certificate verification when connecting to the Plex server.",
@@ -1787,7 +1789,7 @@ func (f *Fs) CleanUpCache(ignoreLastTs bool) {
 	}
 }
 
-// StopBackgroundRunners will signall all the runners to stop their work
+// StopBackgroundRunners will signal all the runners to stop their work
 // can be triggered from a terminate signal or from testing between runs
 func (f *Fs) StopBackgroundRunners() {
 	f.cleanupChan <- false
diff --git a/backend/cache/cache_internal_test.go b/backend/cache/cache_internal_test.go
index 82ae0bf012f12..d7ee0fba253d4 100644
--- a/backend/cache/cache_internal_test.go
+++ b/backend/cache/cache_internal_test.go
@@ -1098,27 +1098,6 @@ func (r *run) list(t *testing.T, f fs.Fs, remote string) ([]interface{}, error)
 	return l, err
 }
 
-func (r *run) copyFile(t *testing.T, f fs.Fs, src, dst string) error {
-	in, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer func() {
-		_ = in.Close()
-	}()
-
-	out, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer func() {
-		_ = out.Close()
-	}()
-
-	_, err = io.Copy(out, in)
-	return err
-}
-
 func (r *run) dirMove(t *testing.T, rootFs fs.Fs, src, dst string) error {
 	var err error
 
diff --git a/backend/cache/cache_test.go b/backend/cache/cache_test.go
index 9ad4e31e5afe8..594149596334d 100644
--- a/backend/cache/cache_test.go
+++ b/backend/cache/cache_test.go
@@ -18,7 +18,7 @@ func TestIntegration(t *testing.T) {
 	fstests.Run(t, &fstests.Opt{
 		RemoteName:                   "TestCache:",
 		NilObject:                    (*cache.Object)(nil),
-		UnimplementableFsMethods:     []string{"PublicLink", "OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"PublicLink", "OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType", "ID", "GetTier", "SetTier", "Metadata"},
 		SkipInvalidUTF8:              true, // invalid UTF-8 confuses the cache
 	})
diff --git a/backend/cache/cache_upload_test.go b/backend/cache/cache_upload_test.go
index b6a2c584274bd..d0246740a0c7d 100644
--- a/backend/cache/cache_upload_test.go
+++ b/backend/cache/cache_upload_test.go
@@ -160,11 +160,11 @@ func TestInternalUploadQueueMoreFiles(t *testing.T) {
 	minSize := 5242880
 	maxSize := 10485760
 	totalFiles := 10
-	rand.Seed(time.Now().Unix())
+	randInstance := rand.New(rand.NewSource(time.Now().Unix()))
 
 	lastFile := ""
 	for i := 0; i < totalFiles; i++ {
-		size := int64(rand.Intn(maxSize-minSize) + minSize)
+		size := int64(randInstance.Intn(maxSize-minSize) + minSize)
 		testReader := runInstance.randomReader(t, size)
 		remote := "test/" + strconv.Itoa(i) + ".bin"
 		runInstance.writeRemoteReader(t, rootFs, remote, testReader)
diff --git a/backend/chunker/chunker_test.go b/backend/chunker/chunker_test.go
index 7f0c0310d0856..d5ce656dda7e6 100644
--- a/backend/chunker/chunker_test.go
+++ b/backend/chunker/chunker_test.go
@@ -40,6 +40,7 @@ func TestIntegration(t *testing.T) {
 		UnimplementableFsMethods: []string{
 			"PublicLink",
 			"OpenWriterAt",
+			"OpenChunkWriter",
 			"MergeDirs",
 			"DirCacheFlush",
 			"UserInfo",
diff --git a/backend/combine/combine.go b/backend/combine/combine.go
index 63fb4635ecee5..74384fb48f706 100644
--- a/backend/combine/combine.go
+++ b/backend/combine/combine.go
@@ -1,4 +1,4 @@
-// Package combine implents a backend to combine multiple remotes in a directory tree
+// Package combine implements a backend to combine multiple remotes in a directory tree
 package combine
 
 /*
@@ -233,6 +233,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (outFs fs
 		ReadMetadata:            true,
 		WriteMetadata:           true,
 		UserMetadata:            true,
+		PartialUploads:          true,
 	}).Fill(ctx, f)
 	canMove := true
 	for _, u := range f.upstreams {
@@ -289,6 +290,16 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (outFs fs
 		}
 	}
 
+	// Enable CleanUp when any upstreams support it
+	if features.CleanUp == nil {
+		for _, u := range f.upstreams {
+			if u.f.Features().CleanUp != nil {
+				features.CleanUp = f.CleanUp
+				break
+			}
+		}
+	}
+
 	// Enable ChangeNotify when any upstreams support it
 	if features.ChangeNotify == nil {
 		for _, u := range f.upstreams {
@@ -299,6 +310,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (outFs fs
 		}
 	}
 
+	// show that we wrap other backends
+	features.Overlay = true
+
 	f.features = features
 
 	// Get common intersection of hashes
@@ -351,7 +365,7 @@ func (f *Fs) multithread(ctx context.Context, fn func(context.Context, *upstream
 	return g.Wait()
 }
 
-// join the elements together but unline path.Join return empty string
+// join the elements together but unlike path.Join return empty string
 func join(elem ...string) string {
 	result := path.Join(elem...)
 	if result == "." {
@@ -887,6 +901,100 @@ func (f *Fs) Shutdown(ctx context.Context) error {
 	})
 }
 
+// PublicLink generates a public link to the remote path (usually readable by anyone)
+func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration, unlink bool) (string, error) {
+	u, uRemote, err := f.findUpstream(remote)
+	if err != nil {
+		return "", err
+	}
+	do := u.f.Features().PublicLink
+	if do == nil {
+		return "", fs.ErrorNotImplemented
+	}
+	return do(ctx, uRemote, expire, unlink)
+}
+
+// PutUnchecked in to the remote path with the modTime given of the given size
+//
+// May create the object even if it returns an error - if so
+// will return the object and the error, otherwise will return
+// nil and the error
+//
+// May create duplicates or return errors if src already
+// exists.
+func (f *Fs) PutUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	srcPath := src.Remote()
+	u, uRemote, err := f.findUpstream(srcPath)
+	if err != nil {
+		return nil, err
+	}
+	do := u.f.Features().PutUnchecked
+	if do == nil {
+		return nil, fs.ErrorNotImplemented
+	}
+	uSrc := fs.NewOverrideRemote(src, uRemote)
+	return do(ctx, in, uSrc, options...)
+}
+
+// MergeDirs merges the contents of all the directories passed
+// in into the first one and rmdirs the other directories.
+func (f *Fs) MergeDirs(ctx context.Context, dirs []fs.Directory) error {
+	if len(dirs) == 0 {
+		return nil
+	}
+	var (
+		u     *upstream
+		uDirs []fs.Directory
+	)
+	for _, dir := range dirs {
+		uNew, uDir, err := f.findUpstream(dir.Remote())
+		if err != nil {
+			return err
+		}
+		if u == nil {
+			u = uNew
+		} else if u != uNew {
+			return fmt.Errorf("can't merge directories from different upstreams")
+		}
+		uDirs = append(uDirs, fs.NewOverrideDirectory(dir, uDir))
+	}
+	do := u.f.Features().MergeDirs
+	if do == nil {
+		return fs.ErrorNotImplemented
+	}
+	return do(ctx, uDirs)
+}
+
+// CleanUp the trash in the Fs
+//
+// Implement this if you have a way of emptying the trash or
+// otherwise cleaning up old versions of files.
+func (f *Fs) CleanUp(ctx context.Context) error {
+	return f.multithread(ctx, func(ctx context.Context, u *upstream) error {
+		if do := u.f.Features().CleanUp; do != nil {
+			return do(ctx)
+		}
+		return nil
+	})
+}
+
+// OpenWriterAt opens with a handle for random access writes
+//
+// Pass in the remote desired and the size if known.
+//
+// It truncates any existing object
+func (f *Fs) OpenWriterAt(ctx context.Context, remote string, size int64) (fs.WriterAtCloser, error) {
+	u, uRemote, err := f.findUpstream(remote)
+	if err != nil {
+		return nil, err
+	}
+	do := u.f.Features().OpenWriterAt
+	if do == nil {
+		return nil, fs.ErrorNotImplemented
+	}
+	return do(ctx, uRemote, size)
+}
+
 // Object describes a wrapped Object
 //
 // This is a wrapped Object which knows its path prefix
@@ -916,7 +1024,7 @@ func (o *Object) String() string {
 func (o *Object) Remote() string {
 	newPath, err := o.u.pathAdjustment.do(o.Object.String())
 	if err != nil {
-		fs.Errorf(o, "Bad object: %v", err)
+		fs.Errorf(o.Object, "Bad object: %v", err)
 		return err.Error()
 	}
 	return newPath
@@ -988,5 +1096,10 @@ var (
 	_ fs.Abouter         = (*Fs)(nil)
 	_ fs.ListRer         = (*Fs)(nil)
 	_ fs.Shutdowner      = (*Fs)(nil)
+	_ fs.PublicLinker    = (*Fs)(nil)
+	_ fs.PutUncheckeder  = (*Fs)(nil)
+	_ fs.MergeDirser     = (*Fs)(nil)
+	_ fs.CleanUpper      = (*Fs)(nil)
+	_ fs.OpenWriterAter  = (*Fs)(nil)
 	_ fs.FullObject      = (*Object)(nil)
 )
diff --git a/backend/combine/combine_test.go b/backend/combine/combine_test.go
index 46b49bcf0305f..c132377b1452f 100644
--- a/backend/combine/combine_test.go
+++ b/backend/combine/combine_test.go
@@ -10,6 +10,11 @@ import (
 	"github.com/rclone/rclone/fstest/fstests"
 )
 
+var (
+	unimplementableFsMethods     = []string{"UnWrap", "WrapFs", "SetWrapper", "UserInfo", "Disconnect", "OpenChunkWriter"}
+	unimplementableObjectMethods = []string{}
+)
+
 // TestIntegration runs integration tests against the remote
 func TestIntegration(t *testing.T) {
 	if *fstest.RemoteName == "" {
@@ -17,8 +22,8 @@ func TestIntegration(t *testing.T) {
 	}
 	fstests.Run(t, &fstests.Opt{
 		RemoteName:                   *fstest.RemoteName,
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 	})
 }
 
@@ -35,7 +40,9 @@ func TestLocal(t *testing.T) {
 			{Name: name, Key: "type", Value: "combine"},
 			{Name: name, Key: "upstreams", Value: upstreams},
 		},
-		QuickTestOK: true,
+		QuickTestOK:                  true,
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 	})
 }
 
@@ -51,7 +58,9 @@ func TestMemory(t *testing.T) {
 			{Name: name, Key: "type", Value: "combine"},
 			{Name: name, Key: "upstreams", Value: upstreams},
 		},
-		QuickTestOK: true,
+		QuickTestOK:                  true,
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 	})
 }
 
@@ -68,6 +77,8 @@ func TestMixed(t *testing.T) {
 			{Name: name, Key: "type", Value: "combine"},
 			{Name: name, Key: "upstreams", Value: upstreams},
 		},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 	})
 }
 
diff --git a/backend/compress/compress.go b/backend/compress/compress.go
index 21ab99c03f50a..f635c5e595621 100644
--- a/backend/compress/compress.go
+++ b/backend/compress/compress.go
@@ -186,6 +186,7 @@ func NewFs(ctx context.Context, name, rpath string, m configmap.Mapper) (fs.Fs,
 		ReadMetadata:            true,
 		WriteMetadata:           true,
 		UserMetadata:            true,
+		PartialUploads:          true,
 	}).Fill(ctx, f).Mask(ctx, wrappedFs).WrapsFs(f, wrappedFs)
 	// We support reading MIME types no matter the wrapped fs
 	f.features.ReadMimeType = true
@@ -256,6 +257,16 @@ func isMetadataFile(filename string) bool {
 	return strings.HasSuffix(filename, metaFileExt)
 }
 
+// Checks whether a file is a metadata file and returns the original
+// file name and a flag indicating whether it was a metadata file or
+// not.
+func unwrapMetadataFile(filename string) (string, bool) {
+	if !isMetadataFile(filename) {
+		return "", false
+	}
+	return filename[:len(filename)-len(metaFileExt)], true
+}
+
 // makeDataName generates the file name for a data file with specified compression mode
 func makeDataName(remote string, size int64, mode int) (newRemote string) {
 	if mode != Uncompressed {
@@ -978,7 +989,8 @@ func (f *Fs) ChangeNotify(ctx context.Context, notifyFunc func(string, fs.EntryT
 	wrappedNotifyFunc := func(path string, entryType fs.EntryType) {
 		fs.Logf(f, "path %q entryType %d", path, entryType)
 		var (
-			wrappedPath string
+			wrappedPath    string
+			isMetadataFile bool
 		)
 		switch entryType {
 		case fs.EntryDirectory:
@@ -986,7 +998,10 @@ func (f *Fs) ChangeNotify(ctx context.Context, notifyFunc func(string, fs.EntryT
 		case fs.EntryObject:
 			// Note: All we really need to do to monitor the object is to check whether the metadata changed,
 			// as the metadata contains the hash. This will work unless there's a hash collision and the sizes stay the same.
-			wrappedPath = makeMetadataName(path)
+			wrappedPath, isMetadataFile = unwrapMetadataFile(path)
+			if !isMetadataFile {
+				return
+			}
 		default:
 			fs.Errorf(path, "press ChangeNotify: ignoring unknown EntryType %d", entryType)
 			return
diff --git a/backend/compress/compress_test.go b/backend/compress/compress_test.go
index 356e9dd438295..8fc954dfa56ba 100644
--- a/backend/compress/compress_test.go
+++ b/backend/compress/compress_test.go
@@ -14,23 +14,26 @@ import (
 	"github.com/rclone/rclone/fstest/fstests"
 )
 
+var defaultOpt = fstests.Opt{
+	RemoteName: "TestCompress:",
+	NilObject:  (*Object)(nil),
+	UnimplementableFsMethods: []string{
+		"OpenWriterAt",
+		"OpenChunkWriter",
+		"MergeDirs",
+		"DirCacheFlush",
+		"PutUnchecked",
+		"PutStream",
+		"UserInfo",
+		"Disconnect",
+	},
+	TiersToTest:                  []string{"STANDARD", "STANDARD_IA"},
+	UnimplementableObjectMethods: []string{},
+}
+
 // TestIntegration runs integration tests against the remote
 func TestIntegration(t *testing.T) {
-	opt := fstests.Opt{
-		RemoteName: *fstest.RemoteName,
-		NilObject:  (*Object)(nil),
-		UnimplementableFsMethods: []string{
-			"OpenWriterAt",
-			"MergeDirs",
-			"DirCacheFlush",
-			"PutUnchecked",
-			"PutStream",
-			"UserInfo",
-			"Disconnect",
-		},
-		TiersToTest:                  []string{"STANDARD", "STANDARD_IA"},
-		UnimplementableObjectMethods: []string{}}
-	fstests.Run(t, &opt)
+	fstests.Run(t, &defaultOpt)
 }
 
 // TestRemoteGzip tests GZIP compression
@@ -40,27 +43,13 @@ func TestRemoteGzip(t *testing.T) {
 	}
 	tempdir := filepath.Join(os.TempDir(), "rclone-compress-test-gzip")
 	name := "TestCompressGzip"
-	fstests.Run(t, &fstests.Opt{
-		RemoteName: name + ":",
-		NilObject:  (*Object)(nil),
-		UnimplementableFsMethods: []string{
-			"OpenWriterAt",
-			"MergeDirs",
-			"DirCacheFlush",
-			"PutUnchecked",
-			"PutStream",
-			"UserInfo",
-			"Disconnect",
-		},
-		UnimplementableObjectMethods: []string{
-			"GetTier",
-			"SetTier",
-		},
-		ExtraConfig: []fstests.ExtraConfigItem{
-			{Name: name, Key: "type", Value: "compress"},
-			{Name: name, Key: "remote", Value: tempdir},
-			{Name: name, Key: "compression_mode", Value: "gzip"},
-		},
-		QuickTestOK: true,
-	})
+	opt := defaultOpt
+	opt.RemoteName = name + ":"
+	opt.ExtraConfig = []fstests.ExtraConfigItem{
+		{Name: name, Key: "type", Value: "compress"},
+		{Name: name, Key: "remote", Value: tempdir},
+		{Name: name, Key: "compression_mode", Value: "gzip"},
+	}
+	opt.QuickTestOK = true
+	fstests.Run(t, &opt)
 }
diff --git a/backend/crypt/cipher.go b/backend/crypt/cipher.go
index ae1e623936dec..d0f8a658e8cde 100644
--- a/backend/crypt/cipher.go
+++ b/backend/crypt/cipher.go
@@ -21,6 +21,7 @@ import (
 	"github.com/rclone/rclone/backend/crypt/pkcs7"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/lib/readers"
 	"github.com/rclone/rclone/lib/version"
 	"github.com/rfjakob/eme"
 	"golang.org/x/crypto/nacl/secretbox"
@@ -37,7 +38,6 @@ const (
 	blockHeaderSize     = secretbox.Overhead
 	blockDataSize       = 64 * 1024
 	blockSize           = blockHeaderSize + blockDataSize
-	encryptedSuffix     = ".bin" // when file name encryption is off we add this suffix to make sure the cloud provider doesn't process the file
 )
 
 // Errors returned by cipher
@@ -53,8 +53,9 @@ var (
 	ErrorEncryptedBadBlock       = errors.New("failed to authenticate decrypted block - bad password?")
 	ErrorBadBase32Encoding       = errors.New("bad base32 filename encoding")
 	ErrorFileClosed              = errors.New("file already closed")
-	ErrorNotAnEncryptedFile      = errors.New("not an encrypted file - no \"" + encryptedSuffix + "\" suffix")
+	ErrorNotAnEncryptedFile      = errors.New("not an encrypted file - does not match suffix")
 	ErrorBadSeek                 = errors.New("Seek beyond end of file")
+	ErrorSuffixMissingDot        = errors.New("suffix config setting should include a '.'")
 	defaultSalt                  = []byte{0xA8, 0x0D, 0xF4, 0x3A, 0x8F, 0xBD, 0x03, 0x08, 0xA7, 0xCA, 0xB8, 0x3E, 0x58, 0x1F, 0x86, 0xB1}
 	obfuscQuoteRune              = '!'
 )
@@ -169,27 +170,30 @@ func NewNameEncoding(s string) (enc fileNameEncoding, err error) {
 
 // Cipher defines an encoding and decoding cipher for the crypt backend
 type Cipher struct {
-	dataKey        [32]byte                  // Key for secretbox
-	nameKey        [32]byte                  // 16,24 or 32 bytes
-	nameTweak      [nameCipherBlockSize]byte // used to tweak the name crypto
-	block          gocipher.Block
-	mode           NameEncryptionMode
-	fileNameEnc    fileNameEncoding
-	buffers        sync.Pool // encrypt/decrypt buffers
-	cryptoRand     io.Reader // read crypto random numbers from here
-	dirNameEncrypt bool
+	dataKey         [32]byte                  // Key for secretbox
+	nameKey         [32]byte                  // 16,24 or 32 bytes
+	nameTweak       [nameCipherBlockSize]byte // used to tweak the name crypto
+	block           gocipher.Block
+	mode            NameEncryptionMode
+	fileNameEnc     fileNameEncoding
+	buffers         sync.Pool // encrypt/decrypt buffers
+	cryptoRand      io.Reader // read crypto random numbers from here
+	dirNameEncrypt  bool
+	passBadBlocks   bool // if set passed bad blocks as zeroed blocks
+	encryptedSuffix string
 }
 
 // newCipher initialises the cipher.  If salt is "" then it uses a built in salt val
 func newCipher(mode NameEncryptionMode, password, salt string, dirNameEncrypt bool, enc fileNameEncoding) (*Cipher, error) {
 	c := &Cipher{
-		mode:           mode,
-		fileNameEnc:    enc,
-		cryptoRand:     rand.Reader,
-		dirNameEncrypt: dirNameEncrypt,
+		mode:            mode,
+		fileNameEnc:     enc,
+		cryptoRand:      rand.Reader,
+		dirNameEncrypt:  dirNameEncrypt,
+		encryptedSuffix: ".bin",
 	}
 	c.buffers.New = func() interface{} {
-		return make([]byte, blockSize)
+		return new([blockSize]byte)
 	}
 	err := c.Key(password, salt)
 	if err != nil {
@@ -198,11 +202,29 @@ func newCipher(mode NameEncryptionMode, password, salt string, dirNameEncrypt bo
 	return c, nil
 }
 
+// setEncryptedSuffix set suffix, or an empty string
+func (c *Cipher) setEncryptedSuffix(suffix string) {
+	if strings.EqualFold(suffix, "none") {
+		c.encryptedSuffix = ""
+		return
+	}
+	if !strings.HasPrefix(suffix, ".") {
+		fs.Errorf(nil, "crypt: bad suffix: %v", ErrorSuffixMissingDot)
+		suffix = "." + suffix
+	}
+	c.encryptedSuffix = suffix
+}
+
+// Call to set bad block pass through
+func (c *Cipher) setPassBadBlocks(passBadBlocks bool) {
+	c.passBadBlocks = passBadBlocks
+}
+
 // Key creates all the internal keys from the password passed in using
 // scrypt.
 //
 // If salt is "" we use a fixed salt just to make attackers lives
-// slighty harder than using no salt.
+// slightly harder than using no salt.
 //
 // Note that empty password makes all 0x00 keys which is used in the
 // tests.
@@ -230,15 +252,12 @@ func (c *Cipher) Key(password, salt string) (err error) {
 }
 
 // getBlock gets a block from the pool of size blockSize
-func (c *Cipher) getBlock() []byte {
-	return c.buffers.Get().([]byte)
+func (c *Cipher) getBlock() *[blockSize]byte {
+	return c.buffers.Get().(*[blockSize]byte)
 }
 
 // putBlock returns a block to the pool of size blockSize
-func (c *Cipher) putBlock(buf []byte) {
-	if len(buf) != blockSize {
-		panic("bad blocksize returned to pool")
-	}
+func (c *Cipher) putBlock(buf *[blockSize]byte) {
 	c.buffers.Put(buf)
 }
 
@@ -508,7 +527,7 @@ func (c *Cipher) encryptFileName(in string) string {
 // EncryptFileName encrypts a file path
 func (c *Cipher) EncryptFileName(in string) string {
 	if c.mode == NameEncryptionOff {
-		return in + encryptedSuffix
+		return in + c.encryptedSuffix
 	}
 	return c.encryptFileName(in)
 }
@@ -568,8 +587,8 @@ func (c *Cipher) decryptFileName(in string) (string, error) {
 // DecryptFileName decrypts a file path
 func (c *Cipher) DecryptFileName(in string) (string, error) {
 	if c.mode == NameEncryptionOff {
-		remainingLength := len(in) - len(encryptedSuffix)
-		if remainingLength == 0 || !strings.HasSuffix(in, encryptedSuffix) {
+		remainingLength := len(in) - len(c.encryptedSuffix)
+		if remainingLength == 0 || !strings.HasSuffix(in, c.encryptedSuffix) {
 			return "", ErrorNotAnEncryptedFile
 		}
 		decrypted := in[:remainingLength]
@@ -609,7 +628,7 @@ func (n *nonce) pointer() *[fileNonceSize]byte {
 // fromReader fills the nonce from an io.Reader - normally the OSes
 // crypto random number generator
 func (n *nonce) fromReader(in io.Reader) error {
-	read, err := io.ReadFull(in, (*n)[:])
+	read, err := readers.ReadFill(in, (*n)[:])
 	if read != fileNonceSize {
 		return fmt.Errorf("short read of nonce: %w", err)
 	}
@@ -664,8 +683,8 @@ type encrypter struct {
 	in       io.Reader
 	c        *Cipher
 	nonce    nonce
-	buf      []byte
-	readBuf  []byte
+	buf      *[blockSize]byte
+	readBuf  *[blockSize]byte
 	bufIndex int
 	bufSize  int
 	err      error
@@ -690,9 +709,9 @@ func (c *Cipher) newEncrypter(in io.Reader, nonce *nonce) (*encrypter, error) {
 		}
 	}
 	// Copy magic into buffer
-	copy(fh.buf, fileMagicBytes)
+	copy((*fh.buf)[:], fileMagicBytes)
 	// Copy nonce into buffer
-	copy(fh.buf[fileMagicSize:], fh.nonce[:])
+	copy((*fh.buf)[fileMagicSize:], fh.nonce[:])
 	return fh, nil
 }
 
@@ -707,22 +726,20 @@ func (fh *encrypter) Read(p []byte) (n int, err error) {
 	if fh.bufIndex >= fh.bufSize {
 		// Read data
 		// FIXME should overlap the reads with a go-routine and 2 buffers?
-		readBuf := fh.readBuf[:blockDataSize]
-		n, err = io.ReadFull(fh.in, readBuf)
+		readBuf := (*fh.readBuf)[:blockDataSize]
+		n, err = readers.ReadFill(fh.in, readBuf)
 		if n == 0 {
-			// err can't be nil since:
-			// n == len(buf) if and only if err == nil.
 			return fh.finish(err)
 		}
 		// possibly err != nil here, but we will process the
-		// data and the next call to ReadFull will return 0, err
+		// data and the next call to ReadFill will return 0, err
 		// Encrypt the block using the nonce
-		secretbox.Seal(fh.buf[:0], readBuf[:n], fh.nonce.pointer(), &fh.c.dataKey)
+		secretbox.Seal((*fh.buf)[:0], readBuf[:n], fh.nonce.pointer(), &fh.c.dataKey)
 		fh.bufIndex = 0
 		fh.bufSize = blockHeaderSize + n
 		fh.nonce.increment()
 	}
-	n = copy(p, fh.buf[fh.bufIndex:fh.bufSize])
+	n = copy(p, (*fh.buf)[fh.bufIndex:fh.bufSize])
 	fh.bufIndex += n
 	return n, nil
 }
@@ -763,8 +780,8 @@ type decrypter struct {
 	nonce        nonce
 	initialNonce nonce
 	c            *Cipher
-	buf          []byte
-	readBuf      []byte
+	buf          *[blockSize]byte
+	readBuf      *[blockSize]byte
 	bufIndex     int
 	bufSize      int
 	err          error
@@ -782,12 +799,12 @@ func (c *Cipher) newDecrypter(rc io.ReadCloser) (*decrypter, error) {
 		limit:   -1,
 	}
 	// Read file header (magic + nonce)
-	readBuf := fh.readBuf[:fileHeaderSize]
-	_, err := io.ReadFull(fh.rc, readBuf)
-	if err == io.EOF || err == io.ErrUnexpectedEOF {
+	readBuf := (*fh.readBuf)[:fileHeaderSize]
+	n, err := readers.ReadFill(fh.rc, readBuf)
+	if n < fileHeaderSize && err == io.EOF {
 		// This read from 0..fileHeaderSize-1 bytes
 		return nil, fh.finishAndClose(ErrorEncryptedFileTooShort)
-	} else if err != nil {
+	} else if err != io.EOF && err != nil {
 		return nil, fh.finishAndClose(err)
 	}
 	// check the magic
@@ -845,10 +862,8 @@ func (c *Cipher) newDecrypterSeek(ctx context.Context, open OpenRangeSeek, offse
 func (fh *decrypter) fillBuffer() (err error) {
 	// FIXME should overlap the reads with a go-routine and 2 buffers?
 	readBuf := fh.readBuf
-	n, err := io.ReadFull(fh.rc, readBuf)
+	n, err := readers.ReadFill(fh.rc, (*readBuf)[:])
 	if n == 0 {
-		// err can't be nil since:
-		// n == len(buf) if and only if err == nil.
 		return err
 	}
 	// possibly err != nil here, but we will process the data and
@@ -856,18 +871,25 @@ func (fh *decrypter) fillBuffer() (err error) {
 
 	// Check header + 1 byte exists
 	if n <= blockHeaderSize {
-		if err != nil {
+		if err != nil && err != io.EOF {
 			return err // return pending error as it is likely more accurate
 		}
 		return ErrorEncryptedFileBadHeader
 	}
 	// Decrypt the block using the nonce
-	_, ok := secretbox.Open(fh.buf[:0], readBuf[:n], fh.nonce.pointer(), &fh.c.dataKey)
+	_, ok := secretbox.Open((*fh.buf)[:0], (*readBuf)[:n], fh.nonce.pointer(), &fh.c.dataKey)
 	if !ok {
-		if err != nil {
+		if err != nil && err != io.EOF {
 			return err // return pending error as it is likely more accurate
 		}
-		return ErrorEncryptedBadBlock
+		if !fh.c.passBadBlocks {
+			return ErrorEncryptedBadBlock
+		}
+		fs.Errorf(nil, "crypt: ignoring: %v", ErrorEncryptedBadBlock)
+		// Zero out the bad block and continue
+		for i := range (*fh.buf)[:n] {
+			(*fh.buf)[i] = 0
+		}
 	}
 	fh.bufIndex = 0
 	fh.bufSize = n - blockHeaderSize
@@ -893,7 +915,7 @@ func (fh *decrypter) Read(p []byte) (n int, err error) {
 	if fh.limit >= 0 && fh.limit < int64(toCopy) {
 		toCopy = int(fh.limit)
 	}
-	n = copy(p, fh.buf[fh.bufIndex:fh.bufIndex+toCopy])
+	n = copy(p, (*fh.buf)[fh.bufIndex:fh.bufIndex+toCopy])
 	fh.bufIndex += n
 	if fh.limit >= 0 {
 		fh.limit -= int64(n)
@@ -904,9 +926,8 @@ func (fh *decrypter) Read(p []byte) (n int, err error) {
 	return n, nil
 }
 
-// calculateUnderlying converts an (offset, limit) in a crypted file
-// into an (underlyingOffset, underlyingLimit) for the underlying
-// file.
+// calculateUnderlying converts an (offset, limit) in an encrypted file
+// into an (underlyingOffset, underlyingLimit) for the underlying file.
 //
 // It also returns number of bytes to discard after reading the first
 // block and number of blocks this is from the start so the nonce can
diff --git a/backend/crypt/cipher_test.go b/backend/crypt/cipher_test.go
index d0ba808be4678..559a6f5492708 100644
--- a/backend/crypt/cipher_test.go
+++ b/backend/crypt/cipher_test.go
@@ -27,14 +27,14 @@ func TestNewNameEncryptionMode(t *testing.T) {
 		{"off", NameEncryptionOff, ""},
 		{"standard", NameEncryptionStandard, ""},
 		{"obfuscate", NameEncryptionObfuscated, ""},
-		{"potato", NameEncryptionOff, "Unknown file name encryption mode \"potato\""},
+		{"potato", NameEncryptionOff, "unknown file name encryption mode \"potato\""},
 	} {
 		actual, actualErr := NewNameEncryptionMode(test.in)
 		assert.Equal(t, actual, test.expected)
 		if test.expectedErr == "" {
 			assert.NoError(t, actualErr)
 		} else {
-			assert.Error(t, actualErr, test.expectedErr)
+			assert.EqualError(t, actualErr, test.expectedErr)
 		}
 	}
 }
@@ -405,6 +405,13 @@ func TestNonStandardEncryptFileName(t *testing.T) {
 	// Off mode
 	c, _ := newCipher(NameEncryptionOff, "", "", true, nil)
 	assert.Equal(t, "1/12/123.bin", c.EncryptFileName("1/12/123"))
+	// Off mode with custom suffix
+	c, _ = newCipher(NameEncryptionOff, "", "", true, nil)
+	c.setEncryptedSuffix(".jpg")
+	assert.Equal(t, "1/12/123.jpg", c.EncryptFileName("1/12/123"))
+	// Off mode with empty suffix
+	c.setEncryptedSuffix("none")
+	assert.Equal(t, "1/12/123", c.EncryptFileName("1/12/123"))
 	// Obfuscation mode
 	c, _ = newCipher(NameEncryptionObfuscated, "", "", true, nil)
 	assert.Equal(t, "49.6/99.23/150.890/53.!!lipps", c.EncryptFileName("1/12/123/!hello"))
@@ -483,21 +490,27 @@ func TestNonStandardDecryptFileName(t *testing.T) {
 			in             string
 			expected       string
 			expectedErr    error
+			customSuffix   string
 		}{
-			{NameEncryptionOff, true, "1/12/123.bin", "1/12/123", nil},
-			{NameEncryptionOff, true, "1/12/123.bix", "", ErrorNotAnEncryptedFile},
-			{NameEncryptionOff, true, ".bin", "", ErrorNotAnEncryptedFile},
-			{NameEncryptionOff, true, "1/12/123-v2001-02-03-040506-123.bin", "1/12/123-v2001-02-03-040506-123", nil},
-			{NameEncryptionOff, true, "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.bin", "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123", nil},
-			{NameEncryptionOff, true, "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.txt.bin", "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.txt", nil},
-			{NameEncryptionObfuscated, true, "!.hello", "hello", nil},
-			{NameEncryptionObfuscated, true, "hello", "", ErrorNotAnEncryptedFile},
-			{NameEncryptionObfuscated, true, "161.\u00e4", "\u00a1", nil},
-			{NameEncryptionObfuscated, true, "160.\u03c2", "\u03a0", nil},
-			{NameEncryptionObfuscated, false, "1/12/123/53.!!lipps", "1/12/123/!hello", nil},
-			{NameEncryptionObfuscated, false, "1/12/123/53-v2001-02-03-040506-123.!!lipps", "1/12/123/!hello-v2001-02-03-040506-123", nil},
+			{NameEncryptionOff, true, "1/12/123.bin", "1/12/123", nil, ""},
+			{NameEncryptionOff, true, "1/12/123.bix", "", ErrorNotAnEncryptedFile, ""},
+			{NameEncryptionOff, true, ".bin", "", ErrorNotAnEncryptedFile, ""},
+			{NameEncryptionOff, true, "1/12/123-v2001-02-03-040506-123.bin", "1/12/123-v2001-02-03-040506-123", nil, ""},
+			{NameEncryptionOff, true, "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.bin", "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123", nil, ""},
+			{NameEncryptionOff, true, "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.txt.bin", "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.txt", nil, ""},
+			{NameEncryptionOff, true, "1/12/123.jpg", "1/12/123", nil, ".jpg"},
+			{NameEncryptionOff, true, "1/12/123", "1/12/123", nil, "none"},
+			{NameEncryptionObfuscated, true, "!.hello", "hello", nil, ""},
+			{NameEncryptionObfuscated, true, "hello", "", ErrorNotAnEncryptedFile, ""},
+			{NameEncryptionObfuscated, true, "161.\u00e4", "\u00a1", nil, ""},
+			{NameEncryptionObfuscated, true, "160.\u03c2", "\u03a0", nil, ""},
+			{NameEncryptionObfuscated, false, "1/12/123/53.!!lipps", "1/12/123/!hello", nil, ""},
+			{NameEncryptionObfuscated, false, "1/12/123/53-v2001-02-03-040506-123.!!lipps", "1/12/123/!hello-v2001-02-03-040506-123", nil, ""},
 		} {
 			c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt, enc)
+			if test.customSuffix != "" {
+				c.setEncryptedSuffix(test.customSuffix)
+			}
 			actual, actualErr := c.DecryptFileName(test.in)
 			what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode)
 			assert.Equal(t, test.expected, actual, what)
@@ -726,7 +739,7 @@ func TestNonceFromReader(t *testing.T) {
 	assert.Equal(t, nonce{'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'}, x)
 	buf = bytes.NewBufferString("123456789abcdefghijklmn")
 	err = x.fromReader(buf)
-	assert.Error(t, err, "short read of nonce")
+	assert.EqualError(t, err, "short read of nonce: EOF")
 }
 
 func TestNonceFromBuf(t *testing.T) {
@@ -1050,7 +1063,7 @@ func TestRandomSource(t *testing.T) {
 	_, _ = source.Read(buf)
 	sink = newRandomSource(1e8)
 	_, err = io.Copy(sink, source)
-	assert.Error(t, err, "Error in stream")
+	assert.EqualError(t, err, "Error in stream at 1")
 }
 
 type zeroes struct{}
@@ -1167,13 +1180,13 @@ func TestNewEncrypter(t *testing.T) {
 	fh, err := c.newEncrypter(z, nil)
 	assert.NoError(t, err)
 	assert.Equal(t, nonce{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, fh.nonce)
-	assert.Equal(t, []byte{'R', 'C', 'L', 'O', 'N', 'E', 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, fh.buf[:32])
+	assert.Equal(t, []byte{'R', 'C', 'L', 'O', 'N', 'E', 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, (*fh.buf)[:32])
 
 	// Test error path
 	c.cryptoRand = bytes.NewBufferString("123456789abcdefghijklmn")
 	fh, err = c.newEncrypter(z, nil)
 	assert.Nil(t, fh)
-	assert.Error(t, err, "short read of nonce")
+	assert.EqualError(t, err, "short read of nonce: EOF")
 }
 
 // Test the stream returning 0, io.ErrUnexpectedEOF - this used to
@@ -1224,7 +1237,7 @@ func TestNewDecrypter(t *testing.T) {
 		cd := newCloseDetector(bytes.NewBuffer(file0[:i]))
 		fh, err = c.newDecrypter(cd)
 		assert.Nil(t, fh)
-		assert.Error(t, err, ErrorEncryptedFileTooShort.Error())
+		assert.EqualError(t, err, ErrorEncryptedFileTooShort.Error())
 		assert.Equal(t, 1, cd.closed)
 	}
 
@@ -1232,7 +1245,7 @@ func TestNewDecrypter(t *testing.T) {
 	cd = newCloseDetector(er)
 	fh, err = c.newDecrypter(cd)
 	assert.Nil(t, fh)
-	assert.Error(t, err, "potato")
+	assert.EqualError(t, err, "potato")
 	assert.Equal(t, 1, cd.closed)
 
 	// bad magic
@@ -1243,7 +1256,7 @@ func TestNewDecrypter(t *testing.T) {
 		cd := newCloseDetector(bytes.NewBuffer(file0copy))
 		fh, err := c.newDecrypter(cd)
 		assert.Nil(t, fh)
-		assert.Error(t, err, ErrorEncryptedBadMagic.Error())
+		assert.EqualError(t, err, ErrorEncryptedBadMagic.Error())
 		file0copy[i] ^= 0x1
 		assert.Equal(t, 1, cd.closed)
 	}
@@ -1495,8 +1508,10 @@ func TestDecrypterRead(t *testing.T) {
 		case i == fileHeaderSize:
 			// This would normally produce an error *except* on the first block
 			expectedErr = nil
+		case i <= fileHeaderSize+blockHeaderSize:
+			expectedErr = ErrorEncryptedFileBadHeader
 		default:
-			expectedErr = io.ErrUnexpectedEOF
+			expectedErr = ErrorEncryptedBadBlock
 		}
 		if expectedErr != nil {
 			assert.EqualError(t, err, expectedErr.Error(), what)
@@ -1514,7 +1529,7 @@ func TestDecrypterRead(t *testing.T) {
 	fh, err := c.newDecrypter(cd)
 	assert.NoError(t, err)
 	_, err = io.ReadAll(fh)
-	assert.Error(t, err, "potato")
+	assert.EqualError(t, err, "potato")
 	assert.Equal(t, 0, cd.closed)
 
 	// Test corrupting the input
@@ -1525,15 +1540,26 @@ func TestDecrypterRead(t *testing.T) {
 		file16copy[i] ^= 0xFF
 		fh, err := c.newDecrypter(io.NopCloser(bytes.NewBuffer(file16copy)))
 		if i < fileMagicSize {
-			assert.Error(t, err, ErrorEncryptedBadMagic.Error())
+			assert.EqualError(t, err, ErrorEncryptedBadMagic.Error())
 			assert.Nil(t, fh)
 		} else {
 			assert.NoError(t, err)
 			_, err = io.ReadAll(fh)
-			assert.Error(t, err, ErrorEncryptedFileBadHeader.Error())
+			assert.EqualError(t, err, ErrorEncryptedBadBlock.Error())
 		}
 		file16copy[i] ^= 0xFF
 	}
+
+	// Test that we can corrupt a byte and read zeroes if
+	// passBadBlocks is set
+	copy(file16copy, file16)
+	file16copy[len(file16copy)-1] ^= 0xFF
+	c.passBadBlocks = true
+	fh, err = c.newDecrypter(io.NopCloser(bytes.NewBuffer(file16copy)))
+	assert.NoError(t, err)
+	buf, err := io.ReadAll(fh)
+	assert.NoError(t, err)
+	assert.Equal(t, make([]byte, 16), buf)
 }
 
 func TestDecrypterClose(t *testing.T) {
@@ -1554,7 +1580,7 @@ func TestDecrypterClose(t *testing.T) {
 
 	// double close
 	err = fh.Close()
-	assert.Error(t, err, ErrorFileClosed.Error())
+	assert.EqualError(t, err, ErrorFileClosed.Error())
 	assert.Equal(t, 1, cd.closed)
 
 	// try again reading the file this time
@@ -1581,8 +1607,6 @@ func TestPutGetBlock(t *testing.T) {
 	block := c.getBlock()
 	c.putBlock(block)
 	c.putBlock(block)
-
-	assert.Panics(t, func() { c.putBlock(block[:len(block)-1]) })
 }
 
 func TestKey(t *testing.T) {
diff --git a/backend/crypt/crypt.go b/backend/crypt/crypt.go
index f3eb8317da9d4..281805fd5bef2 100644
--- a/backend/crypt/crypt.go
+++ b/backend/crypt/crypt.go
@@ -48,7 +48,7 @@ func init() {
 					Help:  "Very simple filename obfuscation.",
 				}, {
 					Value: "off",
-					Help:  "Don't encrypt the file names.\nAdds a \".bin\" extension only.",
+					Help:  "Don't encrypt the file names.\nAdds a \".bin\", or \"suffix\" extension only.",
 				},
 			},
 		}, {
@@ -79,7 +79,9 @@ NB If filename_encryption is "off" then this option will do nothing.`,
 		}, {
 			Name:    "server_side_across_configs",
 			Default: false,
-			Help: `Allow server-side operations (e.g. copy) to work across different crypt configs.
+			Help: `Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different crypt configs.
 
 Normally this option is not what you want, but if you have two crypts
 pointing to the same backend you can use it.
@@ -119,6 +121,15 @@ names, or for debugging purposes.`,
 					Help:  "Encrypt file data.",
 				},
 			},
+		}, {
+			Name: "pass_bad_blocks",
+			Help: `If set this will pass bad blocks through as all 0.
+
+This should not be set in normal operation, it should only be set if
+trying to recover an encrypted file with errors and it is desired to
+recover as much of the file as possible.`,
+			Default:  false,
+			Advanced: true,
 		}, {
 			Name: "filename_encoding",
 			Help: `How to encode the encrypted filename to text string.
@@ -138,10 +149,18 @@ length and if it's case sensitive.`,
 				},
 				{
 					Value: "base32768",
-					Help:  "Encode using base32768. Suitable if your remote counts UTF-16 or\nUnicode codepoint instead of UTF-8 byte length. (Eg. Onedrive)",
+					Help:  "Encode using base32768. Suitable if your remote counts UTF-16 or\nUnicode codepoint instead of UTF-8 byte length. (Eg. Onedrive, Dropbox)",
 				},
 			},
 			Advanced: true,
+		}, {
+			Name: "suffix",
+			Help: `If this is set it will override the default suffix of ".bin".
+
+Setting suffix to "none" will result in an empty suffix. This may be useful 
+when the path length is critical.`,
+			Default:  ".bin",
+			Advanced: true,
 		}},
 	})
 }
@@ -174,6 +193,8 @@ func newCipherForConfig(opt *Options) (*Cipher, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to make cipher: %w", err)
 	}
+	cipher.setEncryptedSuffix(opt.Suffix)
+	cipher.setPassBadBlocks(opt.PassBadBlocks)
 	return cipher, nil
 }
 
@@ -247,6 +268,7 @@ func NewFs(ctx context.Context, name, rpath string, m configmap.Mapper) (fs.Fs,
 		ReadMetadata:            true,
 		WriteMetadata:           true,
 		UserMetadata:            true,
+		PartialUploads:          true,
 	}).Fill(ctx, f).Mask(ctx, wrappedFs).WrapsFs(f, wrappedFs)
 
 	return f, err
@@ -262,7 +284,9 @@ type Options struct {
 	Password2               string `config:"password2"`
 	ServerSideAcrossConfigs bool   `config:"server_side_across_configs"`
 	ShowMapping             bool   `config:"show_mapping"`
+	PassBadBlocks           bool   `config:"pass_bad_blocks"`
 	FilenameEncoding        string `config:"filename_encoding"`
+	Suffix                  string `config:"suffix"`
 }
 
 // Fs represents a wrapped fs.Fs
@@ -454,7 +478,7 @@ func (f *Fs) put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options [
 				if err != nil {
 					fs.Errorf(o, "Failed to remove corrupted object: %v", err)
 				}
-				return nil, fmt.Errorf("corrupted on transfer: %v crypted hash differ src %q vs dst %q", ht, srcHash, dstHash)
+				return nil, fmt.Errorf("corrupted on transfer: %v encrypted hash differ src %q vs dst %q", ht, srcHash, dstHash)
 			}
 			fs.Debugf(src, "%v = %s OK", ht, srcHash)
 		}
diff --git a/backend/crypt/crypt_test.go b/backend/crypt/crypt_test.go
index d4b9dc1e43283..49db07dc73292 100644
--- a/backend/crypt/crypt_test.go
+++ b/backend/crypt/crypt_test.go
@@ -24,7 +24,7 @@ func TestIntegration(t *testing.T) {
 	fstests.Run(t, &fstests.Opt{
 		RemoteName:                   *fstest.RemoteName,
 		NilObject:                    (*crypt.Object)(nil),
-		UnimplementableFsMethods:     []string{"OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType"},
 	})
 }
@@ -45,7 +45,7 @@ func TestStandardBase32(t *testing.T) {
 			{Name: name, Key: "password", Value: obscure.MustObscure("potato")},
 			{Name: name, Key: "filename_encryption", Value: "standard"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType"},
 		QuickTestOK:                  true,
 	})
@@ -67,7 +67,7 @@ func TestStandardBase64(t *testing.T) {
 			{Name: name, Key: "filename_encryption", Value: "standard"},
 			{Name: name, Key: "filename_encoding", Value: "base64"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType"},
 		QuickTestOK:                  true,
 	})
@@ -89,7 +89,7 @@ func TestStandardBase32768(t *testing.T) {
 			{Name: name, Key: "filename_encryption", Value: "standard"},
 			{Name: name, Key: "filename_encoding", Value: "base32768"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType"},
 		QuickTestOK:                  true,
 	})
@@ -111,7 +111,7 @@ func TestOff(t *testing.T) {
 			{Name: name, Key: "password", Value: obscure.MustObscure("potato2")},
 			{Name: name, Key: "filename_encryption", Value: "off"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType"},
 		QuickTestOK:                  true,
 	})
@@ -137,7 +137,7 @@ func TestObfuscate(t *testing.T) {
 			{Name: name, Key: "filename_encryption", Value: "obfuscate"},
 		},
 		SkipBadWindowsCharacters:     true,
-		UnimplementableFsMethods:     []string{"OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType"},
 		QuickTestOK:                  true,
 	})
@@ -164,7 +164,7 @@ func TestNoDataObfuscate(t *testing.T) {
 			{Name: name, Key: "no_data_encryption", Value: "true"},
 		},
 		SkipBadWindowsCharacters:     true,
-		UnimplementableFsMethods:     []string{"OpenWriterAt"},
+		UnimplementableFsMethods:     []string{"OpenWriterAt", "OpenChunkWriter"},
 		UnimplementableObjectMethods: []string{"MimeType"},
 		QuickTestOK:                  true,
 	})
diff --git a/backend/drive/drive.go b/backend/drive/drive.go
index 96214d503da08..88e2b7253728b 100644
--- a/backend/drive/drive.go
+++ b/backend/drive/drive.go
@@ -71,7 +71,7 @@ const (
 	// 1<<18 is the minimum size supported by the Google uploader, and there is no maximum.
 	minChunkSize     = fs.SizeSuffix(googleapi.MinUploadChunkSize)
 	defaultChunkSize = 8 * fs.Mebi
-	partialFields    = "id,name,size,md5Checksum,trashed,explicitlyTrashed,modifiedTime,createdTime,mimeType,parents,webViewLink,shortcutDetails,exportLinks,resourceKey"
+	partialFields    = "id,name,size,md5Checksum,sha1Checksum,sha256Checksum,trashed,explicitlyTrashed,modifiedTime,createdTime,mimeType,parents,webViewLink,shortcutDetails,exportLinks,resourceKey"
 	listRGrouping    = 50   // number of IDs to search at once when using ListR
 	listRInputBuffer = 1000 // size of input buffer when using ListR
 	defaultXDGIcon   = "text-html"
@@ -143,6 +143,41 @@ var (
 	_linkTemplates   map[string]*template.Template // available link types
 )
 
+// rwChoices type for fs.Bits
+type rwChoices struct{}
+
+func (rwChoices) Choices() []fs.BitsChoicesInfo {
+	return []fs.BitsChoicesInfo{
+		{Bit: uint64(rwOff), Name: "off"},
+		{Bit: uint64(rwRead), Name: "read"},
+		{Bit: uint64(rwWrite), Name: "write"},
+	}
+}
+
+// rwChoice type alias
+type rwChoice = fs.Bits[rwChoices]
+
+const (
+	rwRead rwChoice = 1 << iota
+	rwWrite
+	rwOff rwChoice = 0
+)
+
+// Examples for the options
+var rwExamples = fs.OptionExamples{{
+	Value: rwOff.String(),
+	Help:  "Do not read or write the value",
+}, {
+	Value: rwRead.String(),
+	Help:  "Read the value only",
+}, {
+	Value: rwWrite.String(),
+	Help:  "Write the value only",
+}, {
+	Value: (rwRead | rwWrite).String(),
+	Help:  "Read and Write the value.",
+}}
+
 // Parse the scopes option returning a slice of scopes
 func driveScopes(scopesString string) (scopes []string) {
 	if scopesString == "" {
@@ -202,7 +237,7 @@ func init() {
 					m.Set("root_folder_id", "appDataFolder")
 				}
 
-				if opt.ServiceAccountFile == "" && opt.ServiceAccountCredentials == "" {
+				if opt.ServiceAccountFile == "" && opt.ServiceAccountCredentials == "" && !opt.EnvAuth {
 					return oauthutil.ConfigOut("teamdrive", &oauthutil.Options{
 						OAuth2Config: driveConfig,
 					})
@@ -250,9 +285,13 @@ func init() {
 			}
 			return nil, fmt.Errorf("unknown state %q", config.State)
 		},
+		MetadataInfo: &fs.MetadataInfo{
+			System: systemMetadataInfo,
+			Help:   `User metadata is stored in the properties field of the drive object.`,
+		},
 		Options: append(driveOAuthOptions(), []fs.Option{{
 			Name: "scope",
-			Help: "Scope that rclone should use when requesting access from drive.",
+			Help: "Comma separated list of scopes that rclone should use when requesting access from drive.",
 			Examples: []fs.OptionExample{{
 				Value: "drive",
 				Help:  "Full access all files, excluding Application Data Folder.",
@@ -277,20 +316,23 @@ Leave blank normally.
 Fill in to access "Computers" folders (see docs), or for rclone to use
 a non root folder as its starting point.
 `,
-			Advanced: true,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "service_account_file",
 			Help: "Service Account Credentials JSON file path.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login." + env.ShellExpandHelp,
 		}, {
-			Name:     "service_account_credentials",
-			Help:     "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
-			Hide:     fs.OptionHideConfigurator,
-			Advanced: true,
+			Name:      "service_account_credentials",
+			Help:      "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
+			Hide:      fs.OptionHideConfigurator,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
-			Name:     "team_drive",
-			Help:     "ID of the Shared Drive (Team Drive).",
-			Hide:     fs.OptionHideConfigurator,
-			Advanced: true,
+			Name:      "team_drive",
+			Help:      "ID of the Shared Drive (Team Drive).",
+			Hide:      fs.OptionHideConfigurator,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:     "auth_owner_only",
 			Default:  false,
@@ -317,16 +359,35 @@ rather than shortcuts themselves when doing server side copies.`,
 			Default:  false,
 			Help:     "Skip google documents in all listings.\n\nIf given, gdocs practically become invisible to rclone.",
 			Advanced: true,
+		}, {
+			Name:    "show_all_gdocs",
+			Default: false,
+			Help: `Show all Google Docs including non-exportable ones in listings.
+
+If you try a server side copy on a Google Form without this flag, you
+will get this error:
+
+    No export formats found for "application/vnd.google-apps.form"
+
+However adding this flag will allow the form to be server side copied.
+
+Note that rclone doesn't add extensions to the Google Docs file names
+in this mode.
+
+Do **not** use this flag when trying to download Google Docs - rclone
+will fail to download them.
+`,
+			Advanced: true,
 		}, {
 			Name:    "skip_checksum_gphotos",
 			Default: false,
-			Help: `Skip MD5 checksum on Google photos and videos only.
+			Help: `Skip checksums on Google photos and videos only.
 
 Use this if you get checksum errors when transferring Google photos or
 videos.
 
 Setting this flag will cause Google photos and videos to return a
-blank MD5 checksum.
+blank checksums.
 
 Google photos are identified by being in the "photos" space.
 
@@ -416,10 +477,11 @@ date is used.`,
 			Help:     "Size of listing chunk 100-1000, 0 to disable.",
 			Advanced: true,
 		}, {
-			Name:     "impersonate",
-			Default:  "",
-			Help:     `Impersonate this user when using a service account.`,
-			Advanced: true,
+			Name:      "impersonate",
+			Default:   "",
+			Help:      `Impersonate this user when using a service account.`,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:    "alternate_export",
 			Default: false,
@@ -499,7 +561,9 @@ need to use --ignore size also.`,
 		}, {
 			Name:    "server_side_across_configs",
 			Default: false,
-			Help: `Allow server-side operations (e.g. copy) to work across different drive configs.
+			Help: `Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different drive configs.
 
 This can be useful if you wish to do a server-side copy between two
 different Google drives.  Note that this isn't enabled by default
@@ -588,9 +652,82 @@ This resource key requirement only applies to a subset of old files.
 
 Note also that opening the folder once in the web interface (with the
 user you've authenticated rclone with) seems to be enough so that the
-resource key is no needed.
+resource key is not needed.
+`,
+			Advanced:  true,
+			Sensitive: true,
+		}, {
+			Name: "fast_list_bug_fix",
+			Help: `Work around a bug in Google Drive listing.
+
+Normally rclone will work around a bug in Google Drive when using
+--fast-list (ListR) where the search "(A in parents) or (B in
+parents)" returns nothing sometimes. See #3114, #4289 and
+https://issuetracker.google.com/issues/149522397
+
+Rclone detects this by finding no items in more than one directory
+when listing and retries them as lists of individual directories.
+
+This means that if you have a lot of empty directories rclone will end
+up listing them all individually and this can take many more API
+calls.
+
+This flag allows the work-around to be disabled. This is **not**
+recommended in normal use - only if you have a particular case you are
+having trouble with like many empty directories.
 `,
 			Advanced: true,
+			Default:  true,
+		}, {
+			Name: "metadata_owner",
+			Help: `Control whether owner should be read or written in metadata.
+
+Owner is a standard part of the file metadata so is easy to read. But it
+isn't always desirable to set the owner from the metadata.
+
+Note that you can't set the owner on Shared Drives, and that setting
+ownership will generate an email to the new owner (this can't be
+disabled), and you can't transfer ownership to someone outside your
+organization.
+`,
+			Advanced: true,
+			Default:  rwRead,
+			Examples: rwExamples,
+		}, {
+			Name: "metadata_permissions",
+			Help: `Control whether permissions should be read or written in metadata.
+
+Reading permissions metadata from files can be done quickly, but it
+isn't always desirable to set the permissions from the metadata.
+
+Note that rclone drops any inherited permissions on Shared Drives and
+any owner permission on My Drives as these are duplicated in the owner
+metadata.
+`,
+			Advanced: true,
+			Default:  rwOff,
+			Examples: rwExamples,
+		}, {
+			Name: "metadata_labels",
+			Help: `Control whether labels should be read or written in metadata.
+
+Reading labels metadata from files takes an extra API transaction and
+will slow down listings. It isn't always desirable to set the labels
+from the metadata.
+
+The format of labels is documented in the drive API documentation at
+https://developers.google.com/drive/api/reference/rest/v3/Label -
+rclone just provides a JSON dump of this format.
+
+When setting labels, the label and fields must already exist - rclone
+will not create them. This means that if you are transferring labels
+from two different accounts you will have to create the labels in
+advance and use the metadata mapper to translate the IDs between the
+two accounts.
+`,
+			Advanced: true,
+			Default:  rwOff,
+			Examples: rwExamples,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -598,6 +735,18 @@ resource key is no needed.
 			// Encode invalid UTF-8 bytes as json doesn't handle them properly.
 			// Don't encode / as it's a valid name character in drive.
 			Default: encoder.EncodeInvalidUtf8,
+		}, {
+			Name:     "env_auth",
+			Help:     "Get IAM credentials from runtime (environment variables or instance meta data if no env vars).\n\nOnly applies if service_account_file and service_account_credentials is blank.",
+			Default:  false,
+			Advanced: true,
+			Examples: []fs.OptionExample{{
+				Value: "false",
+				Help:  "Enter credentials in the next step.",
+			}, {
+				Value: "true",
+				Help:  "Get GCP IAM credentials from the environment (env vars or IAM).",
+			}},
 		}}...),
 	})
 
@@ -626,6 +775,7 @@ type Options struct {
 	UseTrash                  bool                 `config:"use_trash"`
 	CopyShortcutContent       bool                 `config:"copy_shortcut_content"`
 	SkipGdocs                 bool                 `config:"skip_gdocs"`
+	ShowAllGdocs              bool                 `config:"show_all_gdocs"`
 	SkipChecksumGphotos       bool                 `config:"skip_checksum_gphotos"`
 	SharedWithMe              bool                 `config:"shared_with_me"`
 	TrashedOnly               bool                 `config:"trashed_only"`
@@ -653,7 +803,12 @@ type Options struct {
 	SkipShortcuts             bool                 `config:"skip_shortcuts"`
 	SkipDanglingShortcuts     bool                 `config:"skip_dangling_shortcuts"`
 	ResourceKey               string               `config:"resource_key"`
+	FastListBugFix            bool                 `config:"fast_list_bug_fix"`
+	MetadataOwner             rwChoice             `config:"metadata_owner"`
+	MetadataPermissions       rwChoice             `config:"metadata_permissions"`
+	MetadataLabels            rwChoice             `config:"metadata_labels"`
 	Enc                       encoder.MultiEncoder `config:"encoding"`
+	EnvAuth                   bool                 `config:"env_auth"`
 }
 
 // Fs represents a remote drive server
@@ -673,23 +828,25 @@ type Fs struct {
 	exportExtensions []string           // preferred extensions to download docs
 	importMimeTypes  []string           // MIME types to convert to docs
 	isTeamDrive      bool               // true if this is a team drive
-	fileFields       googleapi.Field    // fields to fetch file info with
 	m                configmap.Mapper
-	grouping         int32               // number of IDs to search at once in ListR - read with atomic
-	listRmu          *sync.Mutex         // protects listRempties
-	listRempties     map[string]struct{} // IDs of supposedly empty directories which triggered grouping disable
-	dirResourceKeys  *sync.Map           // map directory ID to resource key
+	grouping         int32                        // number of IDs to search at once in ListR - read with atomic
+	listRmu          *sync.Mutex                  // protects listRempties
+	listRempties     map[string]struct{}          // IDs of supposedly empty directories which triggered grouping disable
+	dirResourceKeys  *sync.Map                    // map directory ID to resource key
+	permissionsMu    *sync.Mutex                  // protect the below
+	permissions      map[string]*drive.Permission // map permission IDs to Permissions
 }
 
 type baseObject struct {
-	fs           *Fs      // what this object is part of
-	remote       string   // The remote path
-	id           string   // Drive Id of this object
-	modifiedDate string   // RFC3339 time it was last modified
-	mimeType     string   // The object MIME type
-	bytes        int64    // size of the object
-	parents      []string // IDs of the parent directories
-	resourceKey  *string  // resourceKey is needed for link shared objects
+	fs           *Fs          // what this object is part of
+	remote       string       // The remote path
+	id           string       // Drive Id of this object
+	modifiedDate string       // RFC3339 time it was last modified
+	mimeType     string       // The object MIME type
+	bytes        int64        // size of the object
+	parents      []string     // IDs of the parent directories
+	resourceKey  *string      // resourceKey is needed for link shared objects
+	metadata     *fs.Metadata // metadata if known
 }
 type documentObject struct {
 	baseObject
@@ -708,6 +865,8 @@ type Object struct {
 	baseObject
 	url        string // Download URL of this object
 	md5sum     string // md5sum of the object
+	sha1sum    string // sha1sum of the object
+	sha256sum  string // sha256sum of the object
 	v2Download bool   // generate v2 download link ondemand
 }
 
@@ -936,7 +1095,7 @@ func (f *Fs) list(ctx context.Context, dirIDs []string, title string, directorie
 		list.Header().Add("X-Goog-Drive-Resource-Keys", resourceKeysHeader)
 	}
 
-	fields := fmt.Sprintf("files(%s),nextPageToken,incompleteSearch", f.fileFields)
+	fields := fmt.Sprintf("files(%s),nextPageToken,incompleteSearch", f.getFileFields(ctx))
 
 OUTER:
 	for {
@@ -1122,6 +1281,12 @@ func createOAuthClient(ctx context.Context, opt *Options, name string, m configm
 		if err != nil {
 			return nil, fmt.Errorf("failed to create oauth client from service account: %w", err)
 		}
+	} else if opt.EnvAuth {
+		scopes := driveScopes(opt.Scope)
+		oAuthClient, err = google.DefaultClient(ctx, scopes...)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create client from environment: %w", err)
+		}
 	} else {
 		oAuthClient, _, err = oauthutil.NewClientWithBaseClient(ctx, name, m, driveConfig, getClient(ctx, opt))
 		if err != nil {
@@ -1204,9 +1369,10 @@ func newFs(ctx context.Context, name, path string, m configmap.Mapper) (*Fs, err
 		listRmu:         new(sync.Mutex),
 		listRempties:    make(map[string]struct{}),
 		dirResourceKeys: new(sync.Map),
+		permissionsMu:   new(sync.Mutex),
+		permissions:     make(map[string]*drive.Permission),
 	}
 	f.isTeamDrive = opt.TeamDriveID != ""
-	f.fileFields = f.getFileFields()
 	f.features = (&fs.Features{
 		DuplicateFiles:          true,
 		ReadMimeType:            true,
@@ -1214,6 +1380,9 @@ func newFs(ctx context.Context, name, path string, m configmap.Mapper) (*Fs, err
 		CanHaveEmptyDirectories: true,
 		ServerSideAcrossConfigs: opt.ServerSideAcrossConfigs,
 		FilterAware:             true,
+		ReadMetadata:            true,
+		WriteMetadata:           true,
+		UserMetadata:            true,
 	}).Fill(ctx, f)
 
 	// Create a new authorized Drive client.
@@ -1318,7 +1487,7 @@ func NewFs(ctx context.Context, name, path string, m configmap.Mapper) (fs.Fs, e
 	return f, nil
 }
 
-func (f *Fs) newBaseObject(remote string, info *drive.File) baseObject {
+func (f *Fs) newBaseObject(ctx context.Context, remote string, info *drive.File) (o baseObject, err error) {
 	modifiedDate := info.ModifiedTime
 	if f.opt.UseCreatedDate {
 		modifiedDate = info.CreatedTime
@@ -1329,7 +1498,7 @@ func (f *Fs) newBaseObject(remote string, info *drive.File) baseObject {
 	if f.opt.SizeAsQuota {
 		size = info.QuotaBytesUsed
 	}
-	return baseObject{
+	o = baseObject{
 		fs:           f,
 		remote:       remote,
 		id:           info.Id,
@@ -1338,10 +1507,15 @@ func (f *Fs) newBaseObject(remote string, info *drive.File) baseObject {
 		bytes:        size,
 		parents:      info.Parents,
 	}
+	err = nil
+	if fs.GetConfig(ctx).Metadata {
+		err = o.parseMetadata(ctx, info)
+	}
+	return o, err
 }
 
 // getFileFields gets the fields for a normal file Get or List
-func (f *Fs) getFileFields() (fields googleapi.Field) {
+func (f *Fs) getFileFields(ctx context.Context) (fields googleapi.Field) {
 	fields = partialFields
 	if f.opt.AuthOwnerOnly {
 		fields += ",owners"
@@ -1355,40 +1529,53 @@ func (f *Fs) getFileFields() (fields googleapi.Field) {
 	if f.opt.SizeAsQuota {
 		fields += ",quotaBytesUsed"
 	}
+	if fs.GetConfig(ctx).Metadata {
+		fields += "," + metadataFields
+	}
 	return fields
 }
 
 // newRegularObject creates an fs.Object for a normal drive.File
-func (f *Fs) newRegularObject(remote string, info *drive.File) fs.Object {
+func (f *Fs) newRegularObject(ctx context.Context, remote string, info *drive.File) (obj fs.Object, err error) {
 	// wipe checksum if SkipChecksumGphotos and file is type Photo or Video
 	if f.opt.SkipChecksumGphotos {
 		for _, space := range info.Spaces {
 			if space == "photos" {
 				info.Md5Checksum = ""
+				info.Sha1Checksum = ""
+				info.Sha256Checksum = ""
 				break
 			}
 		}
 	}
 	o := &Object{
-		baseObject: f.newBaseObject(remote, info),
 		url:        fmt.Sprintf("%sfiles/%s?alt=media", f.svc.BasePath, actualID(info.Id)),
 		md5sum:     strings.ToLower(info.Md5Checksum),
+		sha1sum:    strings.ToLower(info.Sha1Checksum),
+		sha256sum:  strings.ToLower(info.Sha256Checksum),
 		v2Download: f.opt.V2DownloadMinSize != -1 && info.Size >= int64(f.opt.V2DownloadMinSize),
 	}
+	o.baseObject, err = f.newBaseObject(ctx, remote, info)
+	if err != nil {
+		return nil, err
+	}
 	if info.ResourceKey != "" {
 		o.resourceKey = &info.ResourceKey
 	}
-	return o
+	return o, nil
 }
 
 // newDocumentObject creates an fs.Object for a google docs drive.File
-func (f *Fs) newDocumentObject(remote string, info *drive.File, extension, exportMimeType string) (fs.Object, error) {
+func (f *Fs) newDocumentObject(ctx context.Context, remote string, info *drive.File, extension, exportMimeType string) (fs.Object, error) {
 	mediaType, _, err := mime.ParseMediaType(exportMimeType)
 	if err != nil {
 		return nil, err
 	}
 	url := info.ExportLinks[mediaType]
-	baseObject := f.newBaseObject(remote+extension, info)
+	baseObject, err := f.newBaseObject(ctx, remote+extension, info)
+	if err != nil {
+		return nil, err
+	}
 	baseObject.bytes = -1
 	baseObject.mimeType = exportMimeType
 	return &documentObject{
@@ -1400,7 +1587,7 @@ func (f *Fs) newDocumentObject(remote string, info *drive.File, extension, expor
 }
 
 // newLinkObject creates an fs.Object that represents a link a google docs drive.File
-func (f *Fs) newLinkObject(remote string, info *drive.File, extension, exportMimeType string) (fs.Object, error) {
+func (f *Fs) newLinkObject(ctx context.Context, remote string, info *drive.File, extension, exportMimeType string) (fs.Object, error) {
 	t := linkTemplate(exportMimeType)
 	if t == nil {
 		return nil, fmt.Errorf("unsupported link type %s", exportMimeType)
@@ -1419,7 +1606,10 @@ func (f *Fs) newLinkObject(remote string, info *drive.File, extension, exportMim
 		return nil, fmt.Errorf("executing template failed: %w", err)
 	}
 
-	baseObject := f.newBaseObject(remote+extension, info)
+	baseObject, err := f.newBaseObject(ctx, remote+extension, info)
+	if err != nil {
+		return nil, err
+	}
 	baseObject.bytes = int64(buf.Len())
 	baseObject.mimeType = exportMimeType
 	return &linkObject{
@@ -1435,7 +1625,7 @@ func (f *Fs) newLinkObject(remote string, info *drive.File, extension, exportMim
 func (f *Fs) newObjectWithInfo(ctx context.Context, remote string, info *drive.File) (fs.Object, error) {
 	// If item has MD5 sum it is a file stored on drive
 	if info.Md5Checksum != "" {
-		return f.newRegularObject(remote, info), nil
+		return f.newRegularObject(ctx, remote, info)
 	}
 
 	extension, exportName, exportMimeType, isDocument := f.findExportFormat(ctx, info)
@@ -1466,13 +1656,15 @@ func (f *Fs) newObjectWithExportInfo(
 	case info.MimeType == shortcutMimeTypeDangling:
 		// Pretend a dangling shortcut is a regular object
 		// It will error if used, but appear in listings so it can be deleted
-		return f.newRegularObject(remote, info), nil
+		return f.newRegularObject(ctx, remote, info)
 	case info.Md5Checksum != "":
 		// If item has MD5 sum it is a file stored on drive
-		return f.newRegularObject(remote, info), nil
+		return f.newRegularObject(ctx, remote, info)
 	case f.opt.SkipGdocs:
 		fs.Debugf(remote, "Skipping google document type %q", info.MimeType)
 		return nil, fs.ErrorObjectNotFound
+	case f.opt.ShowAllGdocs:
+		return f.newDocumentObject(ctx, remote, info, "", info.MimeType)
 	default:
 		// If item MimeType is in the ExportFormats then it is a google doc
 		if !isDocument {
@@ -1484,15 +1676,18 @@ func (f *Fs) newObjectWithExportInfo(
 			return nil, fs.ErrorObjectNotFound
 		}
 		if isLinkMimeType(exportMimeType) {
-			return f.newLinkObject(remote, info, extension, exportMimeType)
+			return f.newLinkObject(ctx, remote, info, extension, exportMimeType)
 		}
-		return f.newDocumentObject(remote, info, extension, exportMimeType)
+		return f.newDocumentObject(ctx, remote, info, extension, exportMimeType)
 	}
 }
 
 // NewObject finds the Object at remote.  If it can't be found
 // it returns the error fs.ErrorObjectNotFound.
 func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
+	if strings.HasSuffix(remote, "/") {
+		return nil, fs.ErrorIsDir
+	}
 	info, extension, exportName, exportMimeType, isDocument, err := f.getRemoteInfoWithExport(ctx, remote)
 	if err != nil {
 		return nil, err
@@ -1862,7 +2057,7 @@ func (f *Fs) listRRunner(ctx context.Context, wg *sync.WaitGroup, in chan listRE
 		// drive where (A in parents) or (B in parents) returns nothing
 		// sometimes. See #3114, #4289 and
 		// https://issuetracker.google.com/issues/149522397
-		if len(dirs) > 1 && !foundItems {
+		if f.opt.FastListBugFix && len(dirs) > 1 && !foundItems {
 			if atomic.SwapInt32(&f.grouping, 1) != 1 {
 				fs.Debugf(f, "Disabling ListR to work around bug in drive as multi listing (%d) returned no entries", len(dirs))
 			}
@@ -2111,7 +2306,7 @@ func (f *Fs) resolveShortcut(ctx context.Context, item *drive.File) (newItem *dr
 		fs.Errorf(nil, "Expecting shortcutDetails in %v", item)
 		return item, nil
 	}
-	newItem, err = f.getFile(ctx, item.ShortcutDetails.TargetId, f.fileFields)
+	newItem, err = f.getFile(ctx, item.ShortcutDetails.TargetId, f.getFileFields(ctx))
 	if err != nil {
 		var gerr *googleapi.Error
 		if errors.As(err, &gerr) && gerr.Code == 404 {
@@ -2243,6 +2438,10 @@ func (f *Fs) PutUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo,
 	} else {
 		createInfo.MimeType = fs.MimeTypeFromName(remote)
 	}
+	updateMetadata, err := f.fetchAndUpdateMetadata(ctx, src, options, createInfo, false)
+	if err != nil {
+		return nil, err
+	}
 
 	var info *drive.File
 	if size >= 0 && size < int64(f.opt.UploadCutoff) {
@@ -2267,6 +2466,10 @@ func (f *Fs) PutUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo,
 			return nil, err
 		}
 	}
+	err = updateMetadata(ctx, info)
+	if err != nil {
+		return nil, err
+	}
 	return f.newObjectWithInfo(ctx, remote, info)
 }
 
@@ -2880,6 +3083,7 @@ func (f *Fs) changeNotifyRunner(ctx context.Context, notifyFunc func(string, fs.
 			if f.rootFolderID == "appDataFolder" {
 				changesCall.Spaces("appDataFolder")
 			}
+			changesCall.RestrictToMyDrive(!f.opt.SharedWithMe)
 			changeList, err = changesCall.Context(ctx).Do()
 			return f.shouldRetry(ctx, err)
 		})
@@ -2954,7 +3158,7 @@ func (f *Fs) DirCacheFlush() {
 
 // Hashes returns the supported hash sets.
 func (f *Fs) Hashes() hash.Set {
-	return hash.Set(hash.MD5)
+	return hash.NewHashSet(hash.MD5, hash.SHA1, hash.SHA256)
 }
 
 func (f *Fs) changeChunkSize(chunkSizeString string) (err error) {
@@ -3183,7 +3387,7 @@ func (f *Fs) unTrashDir(ctx context.Context, dir string, recurse bool) (r unTras
 
 // copy file with id to dest
 func (f *Fs) copyID(ctx context.Context, id, dest string) (err error) {
-	info, err := f.getFile(ctx, id, f.fileFields)
+	info, err := f.getFile(ctx, id, f.getFileFields(ctx))
 	if err != nil {
 		return fmt.Errorf("couldn't find id: %w", err)
 	}
@@ -3515,10 +3719,16 @@ func (o *baseObject) Remote() string {
 
 // Hash returns the Md5sum of an object returning a lowercase hex string
 func (o *Object) Hash(ctx context.Context, t hash.Type) (string, error) {
-	if t != hash.MD5 {
-		return "", hash.ErrUnsupported
+	if t == hash.MD5 {
+		return o.md5sum, nil
+	}
+	if t == hash.SHA1 {
+		return o.sha1sum, nil
 	}
-	return o.md5sum, nil
+	if t == hash.SHA256 {
+		return o.sha256sum, nil
+	}
+	return "", hash.ErrUnsupported
 }
 func (o *baseObject) Hash(ctx context.Context, t hash.Type) (string, error) {
 	if t != hash.MD5 {
@@ -3857,11 +4067,21 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		MimeType:     srcMimeType,
 		ModifiedTime: src.ModTime(ctx).Format(timeFormatOut),
 	}
+
+	updateMetadata, err := o.fs.fetchAndUpdateMetadata(ctx, src, options, updateInfo, true)
+	if err != nil {
+		return err
+	}
+
 	info, err := o.baseObject.update(ctx, updateInfo, srcMimeType, in, src)
 	if err != nil {
 		return err
 	}
-	newO, err := o.fs.newObjectWithInfo(ctx, src.Remote(), info)
+	err = updateMetadata(ctx, info)
+	if err != nil {
+		return err
+	}
+	newO, err := o.fs.newObjectWithInfo(ctx, o.remote, info)
 	if err != nil {
 		return err
 	}
@@ -3946,6 +4166,26 @@ func (o *baseObject) ParentID() string {
 	return ""
 }
 
+// Metadata returns metadata for an object
+//
+// It should return nil if there is no Metadata
+func (o *baseObject) Metadata(ctx context.Context) (metadata fs.Metadata, err error) {
+	if o.metadata != nil {
+		return *o.metadata, nil
+	}
+	fs.Debugf(o, "Fetching metadata")
+	id := actualID(o.id)
+	info, err := o.fs.getFile(ctx, id, o.fs.getFileFields(ctx))
+	if err != nil {
+		return nil, err
+	}
+	err = o.parseMetadata(ctx, info)
+	if err != nil {
+		return nil, err
+	}
+	return *o.metadata, nil
+}
+
 func (o *documentObject) ext() string {
 	return o.baseObject.remote[len(o.baseObject.remote)-o.extLen:]
 }
@@ -4007,6 +4247,7 @@ var (
 	_ fs.MimeTyper       = (*Object)(nil)
 	_ fs.IDer            = (*Object)(nil)
 	_ fs.ParentIDer      = (*Object)(nil)
+	_ fs.Metadataer      = (*Object)(nil)
 	_ fs.Object          = (*documentObject)(nil)
 	_ fs.MimeTyper       = (*documentObject)(nil)
 	_ fs.IDer            = (*documentObject)(nil)
diff --git a/backend/drive/metadata.go b/backend/drive/metadata.go
new file mode 100644
index 0000000000000..ab2ae94d048bf
--- /dev/null
+++ b/backend/drive/metadata.go
@@ -0,0 +1,608 @@
+package drive
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/rclone/rclone/fs"
+	"golang.org/x/sync/errgroup"
+	drive "google.golang.org/api/drive/v3"
+	"google.golang.org/api/googleapi"
+)
+
+// system metadata keys which this backend owns
+var systemMetadataInfo = map[string]fs.MetadataHelp{
+	"content-type": {
+		Help:    "The MIME type of the file.",
+		Type:    "string",
+		Example: "text/plain",
+	},
+	"mtime": {
+		Help:    "Time of last modification with mS accuracy.",
+		Type:    "RFC 3339",
+		Example: "2006-01-02T15:04:05.999Z07:00",
+	},
+	"btime": {
+		Help:    "Time of file birth (creation) with mS accuracy. Note that this is only writable on fresh uploads - it can't be written for updates.",
+		Type:    "RFC 3339",
+		Example: "2006-01-02T15:04:05.999Z07:00",
+	},
+	"copy-requires-writer-permission": {
+		Help:    "Whether the options to copy, print, or download this file, should be disabled for readers and commenters.",
+		Type:    "boolean",
+		Example: "true",
+	},
+	"writers-can-share": {
+		Help:    "Whether users with only writer permission can modify the file's permissions. Not populated for items in shared drives.",
+		Type:    "boolean",
+		Example: "false",
+	},
+	"viewed-by-me": {
+		Help:     "Whether the file has been viewed by this user.",
+		Type:     "boolean",
+		Example:  "true",
+		ReadOnly: true,
+	},
+	"owner": {
+		Help:    "The owner of the file. Usually an email address. Enable with --drive-metadata-owner.",
+		Type:    "string",
+		Example: "user@example.com",
+	},
+	"permissions": {
+		Help:    "Permissions in a JSON dump of Google drive format. On shared drives these will only be present if they aren't inherited. Enable with --drive-metadata-permissions.",
+		Type:    "JSON",
+		Example: "{}",
+	},
+	"folder-color-rgb": {
+		Help:    "The color for a folder or a shortcut to a folder as an RGB hex string.",
+		Type:    "string",
+		Example: "881133",
+	},
+	"description": {
+		Help:    "A short description of the file.",
+		Type:    "string",
+		Example: "Contract for signing",
+	},
+	"starred": {
+		Help:    "Whether the user has starred the file.",
+		Type:    "boolean",
+		Example: "false",
+	},
+	"labels": {
+		Help:    "Labels attached to this file in a JSON dump of Googled drive format. Enable with --drive-metadata-labels.",
+		Type:    "JSON",
+		Example: "[]",
+	},
+}
+
+// Extra fields we need to fetch to implement the system metadata above
+var metadataFields = googleapi.Field(strings.Join([]string{
+	"copyRequiresWriterPermission",
+	"description",
+	"folderColorRgb",
+	"hasAugmentedPermissions",
+	"owners",
+	"permissionIds",
+	"permissions",
+	"properties",
+	"starred",
+	"viewedByMe",
+	"viewedByMeTime",
+	"writersCanShare",
+}, ","))
+
+// Fields we need to read from permissions
+var permissionsFields = googleapi.Field(strings.Join([]string{
+	"*",
+	"permissionDetails/*",
+}, ","))
+
+// getPermission returns permissions for the fileID and permissionID passed in
+func (f *Fs) getPermission(ctx context.Context, fileID, permissionID string, useCache bool) (perm *drive.Permission, inherited bool, err error) {
+	f.permissionsMu.Lock()
+	defer f.permissionsMu.Unlock()
+	if useCache {
+		perm = f.permissions[permissionID]
+		if perm != nil {
+			return perm, false, nil
+		}
+	}
+	fs.Debugf(f, "Fetching permission %q", permissionID)
+	err = f.pacer.Call(func() (bool, error) {
+		perm, err = f.svc.Permissions.Get(fileID, permissionID).
+			Fields(permissionsFields).
+			SupportsAllDrives(true).
+			Context(ctx).Do()
+		return f.shouldRetry(ctx, err)
+	})
+	if err != nil {
+		return nil, false, err
+	}
+
+	inherited = len(perm.PermissionDetails) > 0 && perm.PermissionDetails[0].Inherited
+
+	cleanPermission(perm)
+
+	// cache the permission
+	f.permissions[permissionID] = perm
+
+	return perm, inherited, err
+}
+
+// Set the permissions on the info
+func (f *Fs) setPermissions(ctx context.Context, info *drive.File, permissions []*drive.Permission) (err error) {
+	for _, perm := range permissions {
+		if perm.Role == "owner" {
+			// ignore owner permissions - these are set with owner
+			continue
+		}
+		cleanPermissionForWrite(perm)
+		err = f.pacer.Call(func() (bool, error) {
+			_, err = f.svc.Permissions.Create(info.Id, perm).
+				SupportsAllDrives(true).
+				Context(ctx).Do()
+			return f.shouldRetry(ctx, err)
+		})
+		if err != nil {
+			return fmt.Errorf("failed to set permission: %w", err)
+		}
+	}
+	return nil
+}
+
+// Clean attributes from permissions which we can't write
+func cleanPermissionForWrite(perm *drive.Permission) {
+	perm.Deleted = false
+	perm.DisplayName = ""
+	perm.Id = ""
+	perm.Kind = ""
+	perm.PermissionDetails = nil
+	perm.TeamDrivePermissionDetails = nil
+}
+
+// Clean and cache the permission if not already cached
+func (f *Fs) cleanAndCachePermission(perm *drive.Permission) {
+	f.permissionsMu.Lock()
+	defer f.permissionsMu.Unlock()
+	cleanPermission(perm)
+	if _, found := f.permissions[perm.Id]; !found {
+		f.permissions[perm.Id] = perm
+	}
+}
+
+// Clean fields we don't need to keep from the permission
+func cleanPermission(perm *drive.Permission) {
+	// DisplayName: Output only. The "pretty" name of the value of the
+	// permission. The following is a list of examples for each type of
+	// permission: * `user` - User's full name, as defined for their Google
+	// account, such as "Joe Smith." * `group` - Name of the Google Group,
+	// such as "The Company Administrators." * `domain` - String domain
+	// name, such as "thecompany.com." * `anyone` - No `displayName` is
+	// present.
+	perm.DisplayName = ""
+
+	// Kind: Output only. Identifies what kind of resource this is. Value:
+	// the fixed string "drive#permission".
+	perm.Kind = ""
+
+	// PermissionDetails: Output only. Details of whether the permissions on
+	// this shared drive item are inherited or directly on this item. This
+	// is an output-only field which is present only for shared drive items.
+	perm.PermissionDetails = nil
+
+	// PhotoLink: Output only. A link to the user's profile photo, if
+	// available.
+	perm.PhotoLink = ""
+
+	// TeamDrivePermissionDetails: Output only. Deprecated: Output only. Use
+	// `permissionDetails` instead.
+	perm.TeamDrivePermissionDetails = nil
+}
+
+// Fields we need to read from labels
+var labelsFields = googleapi.Field(strings.Join([]string{
+	"*",
+}, ","))
+
+// getLabels returns labels for the fileID passed in
+func (f *Fs) getLabels(ctx context.Context, fileID string) (labels []*drive.Label, err error) {
+	fs.Debugf(f, "Fetching labels for %q", fileID)
+	listLabels := f.svc.Files.ListLabels(fileID).
+		Fields(labelsFields).
+		Context(ctx)
+	for {
+		var info *drive.LabelList
+		err = f.pacer.Call(func() (bool, error) {
+			info, err = listLabels.Do()
+			return f.shouldRetry(ctx, err)
+		})
+		if err != nil {
+			return nil, err
+		}
+		labels = append(labels, info.Labels...)
+		if info.NextPageToken == "" {
+			break
+		}
+		listLabels.PageToken(info.NextPageToken)
+	}
+	for _, label := range labels {
+		cleanLabel(label)
+	}
+	return labels, nil
+}
+
+// Set the labels on the info
+func (f *Fs) setLabels(ctx context.Context, info *drive.File, labels []*drive.Label) (err error) {
+	if len(labels) == 0 {
+		return nil
+	}
+	req := drive.ModifyLabelsRequest{}
+	for _, label := range labels {
+		req.LabelModifications = append(req.LabelModifications, &drive.LabelModification{
+			FieldModifications: labelFieldsToFieldModifications(label.Fields),
+			LabelId:            label.Id,
+		})
+	}
+	err = f.pacer.Call(func() (bool, error) {
+		_, err = f.svc.Files.ModifyLabels(info.Id, &req).
+			Context(ctx).Do()
+		return f.shouldRetry(ctx, err)
+	})
+	if err != nil {
+		return fmt.Errorf("failed to set owner: %w", err)
+	}
+	return nil
+}
+
+// Convert label fields into something which can set the fields
+func labelFieldsToFieldModifications(fields map[string]drive.LabelField) (out []*drive.LabelFieldModification) {
+	for id, field := range fields {
+		var emails []string
+		for _, user := range field.User {
+			emails = append(emails, user.EmailAddress)
+		}
+		out = append(out, &drive.LabelFieldModification{
+			// FieldId: The ID of the field to be modified.
+			FieldId: id,
+
+			// SetDateValues: Replaces the value of a dateString Field with these
+			// new values. The string must be in the RFC 3339 full-date format:
+			// YYYY-MM-DD.
+			SetDateValues: field.DateString,
+
+			// SetIntegerValues: Replaces the value of an `integer` field with these
+			// new values.
+			SetIntegerValues: field.Integer,
+
+			// SetSelectionValues: Replaces a `selection` field with these new
+			// values.
+			SetSelectionValues: field.Selection,
+
+			// SetTextValues: Sets the value of a `text` field.
+			SetTextValues: field.Text,
+
+			// SetUserValues: Replaces a `user` field with these new values. The
+			// values must be valid email addresses.
+			SetUserValues: emails,
+		})
+	}
+	return out
+}
+
+// Clean fields we don't need to keep from the label
+func cleanLabel(label *drive.Label) {
+	// Kind: This is always drive#label
+	label.Kind = ""
+
+	for name, field := range label.Fields {
+		// Kind: This is always drive#labelField.
+		field.Kind = ""
+
+		// Note the fields are copies so we need to write them
+		// back to the map
+		label.Fields[name] = field
+	}
+}
+
+// Parse the metadata from drive item
+//
+// It should return nil if there is no Metadata
+func (o *baseObject) parseMetadata(ctx context.Context, info *drive.File) (err error) {
+	metadata := make(fs.Metadata, 16)
+
+	// Dump user metadata first as it overrides system metadata
+	for k, v := range info.Properties {
+		metadata[k] = v
+	}
+
+	// System metadata
+	metadata["copy-requires-writer-permission"] = fmt.Sprint(info.CopyRequiresWriterPermission)
+	metadata["writers-can-share"] = fmt.Sprint(info.WritersCanShare)
+	metadata["viewed-by-me"] = fmt.Sprint(info.ViewedByMe)
+	metadata["content-type"] = info.MimeType
+
+	// Owners: Output only. The owner of this file. Only certain legacy
+	// files may have more than one owner. This field isn't populated for
+	// items in shared drives.
+	if o.fs.opt.MetadataOwner.IsSet(rwRead) && len(info.Owners) > 0 {
+		user := info.Owners[0]
+		if len(info.Owners) > 1 {
+			fs.Logf(o, "Ignoring more than 1 owner")
+		}
+		if user != nil {
+			id := user.EmailAddress
+			if id == "" {
+				id = user.DisplayName
+			}
+			metadata["owner"] = id
+		}
+	}
+
+	if o.fs.opt.MetadataPermissions.IsSet(rwRead) {
+		// We only write permissions out if they are not inherited.
+		//
+		// On My Drives permissions seem to be attached to every item
+		// so they will always be written out.
+		//
+		// On Shared Drives only non-inherited permissions will be
+		// written out.
+
+		// To read the inherited permissions flag will mean we need to
+		// read the permissions for each object and the cache will be
+		// useless. However shared drives don't return permissions
+		// only permissionIds so will need to fetch them for each
+		// object. We use HasAugmentedPermissions to see if there are
+		// special permissions before fetching them to save transactions.
+
+		// HasAugmentedPermissions: Output only. Whether there are permissions
+		// directly on this file. This field is only populated for items in
+		// shared drives.
+		if o.fs.isTeamDrive && !info.HasAugmentedPermissions {
+			// Don't process permissions if there aren't any specifically set
+			info.Permissions = nil
+			info.PermissionIds = nil
+		}
+
+		// PermissionIds: Output only. List of permission IDs for users with
+		// access to this file.
+		//
+		// Only process these if we have no Permissions
+		if len(info.PermissionIds) > 0 && len(info.Permissions) == 0 {
+			info.Permissions = make([]*drive.Permission, 0, len(info.PermissionIds))
+			g, gCtx := errgroup.WithContext(ctx)
+			g.SetLimit(o.fs.ci.Checkers)
+			var mu sync.Mutex // protect the info.Permissions from concurrent writes
+			for _, permissionID := range info.PermissionIds {
+				permissionID := permissionID
+				g.Go(func() error {
+					// must fetch the team drive ones individually to check the inherited flag
+					perm, inherited, err := o.fs.getPermission(gCtx, actualID(info.Id), permissionID, !o.fs.isTeamDrive)
+					if err != nil {
+						return fmt.Errorf("failed to read permission: %w", err)
+					}
+					// Don't write inherited permissions out
+					if inherited {
+						return nil
+					}
+					// Don't write owner role out - these are covered by the owner metadata
+					if perm.Role == "owner" {
+						return nil
+					}
+					mu.Lock()
+					info.Permissions = append(info.Permissions, perm)
+					mu.Unlock()
+					return nil
+				})
+			}
+			err = g.Wait()
+			if err != nil {
+				return err
+			}
+		} else {
+			// Clean the fetched permissions
+			for _, perm := range info.Permissions {
+				o.fs.cleanAndCachePermission(perm)
+			}
+		}
+
+		// Permissions: Output only. The full list of permissions for the file.
+		// This is only available if the requesting user can share the file. Not
+		// populated for items in shared drives.
+		if len(info.Permissions) > 0 {
+			buf, err := json.Marshal(info.Permissions)
+			if err != nil {
+				return fmt.Errorf("failed to marshal permissions: %w", err)
+			}
+			metadata["permissions"] = string(buf)
+		}
+
+		// Permission propagation
+		// https://developers.google.com/drive/api/guides/manage-sharing#permission-propagation
+		// Leads me to believe that in non shared drives, permissions
+		// are added to each item when you set permissions for a
+		// folder whereas in shared drives they are inherited and
+		// placed on the item directly.
+	}
+
+	if info.FolderColorRgb != "" {
+		metadata["folder-color-rgb"] = info.FolderColorRgb
+	}
+	if info.Description != "" {
+		metadata["description"] = info.Description
+	}
+	metadata["starred"] = fmt.Sprint(info.Starred)
+	metadata["btime"] = info.CreatedTime
+	metadata["mtime"] = info.ModifiedTime
+
+	if o.fs.opt.MetadataLabels.IsSet(rwRead) {
+		// FIXME would be really nice if we knew if files had labels
+		// before listing but we need to know all possible label IDs
+		// to get it in the listing.
+
+		labels, err := o.fs.getLabels(ctx, actualID(info.Id))
+		if err != nil {
+			return fmt.Errorf("failed to fetch labels: %w", err)
+		}
+		buf, err := json.Marshal(labels)
+		if err != nil {
+			return fmt.Errorf("failed to marshal labels: %w", err)
+		}
+		metadata["labels"] = string(buf)
+	}
+
+	o.metadata = &metadata
+	return nil
+}
+
+// Set the owner on the info
+func (f *Fs) setOwner(ctx context.Context, info *drive.File, owner string) (err error) {
+	perm := drive.Permission{
+		Role:         "owner",
+		EmailAddress: owner,
+		// Type: The type of the grantee. Valid values are: * `user` * `group` *
+		// `domain` * `anyone` When creating a permission, if `type` is `user`
+		// or `group`, you must provide an `emailAddress` for the user or group.
+		// When `type` is `domain`, you must provide a `domain`. There isn't
+		// extra information required for an `anyone` type.
+		Type: "user",
+	}
+	err = f.pacer.Call(func() (bool, error) {
+		_, err = f.svc.Permissions.Create(info.Id, &perm).
+			SupportsAllDrives(true).
+			TransferOwnership(true).
+			// SendNotificationEmail(false). - required apparently!
+			Context(ctx).Do()
+		return f.shouldRetry(ctx, err)
+	})
+	if err != nil {
+		return fmt.Errorf("failed to set owner: %w", err)
+	}
+	return nil
+}
+
+// Call back to set metadata that can't be set on the upload/update
+//
+// The *drive.File passed in holds the current state of the drive.File
+// and this should update it with any modifications.
+type updateMetadataFn func(context.Context, *drive.File) error
+
+// read the metadata from meta and write it into updateInfo
+//
+// update should be true if this is being used to create metadata for
+// an update/PATCH call as the rules on what can be updated are
+// slightly different there.
+//
+// It returns a callback which should be called to finish the updates
+// after the data is uploaded.
+func (f *Fs) updateMetadata(ctx context.Context, updateInfo *drive.File, meta fs.Metadata, update bool) (callback updateMetadataFn, err error) {
+	callbackFns := []updateMetadataFn{}
+	callback = func(ctx context.Context, info *drive.File) error {
+		for _, fn := range callbackFns {
+			err := fn(ctx, info)
+			if err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	// merge metadata into request and user metadata
+	for k, v := range meta {
+		k, v := k, v
+		// parse a boolean from v and write into out
+		parseBool := func(out *bool) error {
+			b, err := strconv.ParseBool(v)
+			if err != nil {
+				return fmt.Errorf("can't parse metadata %q = %q: %w", k, v, err)
+			}
+			*out = b
+			return nil
+		}
+		switch k {
+		case "copy-requires-writer-permission":
+			if err := parseBool(&updateInfo.CopyRequiresWriterPermission); err != nil {
+				return nil, err
+			}
+		case "writers-can-share":
+			if err := parseBool(&updateInfo.WritersCanShare); err != nil {
+				return nil, err
+			}
+		case "viewed-by-me":
+			// Can't write this
+		case "content-type":
+			updateInfo.MimeType = v
+		case "owner":
+			if !f.opt.MetadataOwner.IsSet(rwWrite) {
+				continue
+			}
+			// Can't set Owner on upload so need to set afterwards
+			callbackFns = append(callbackFns, func(ctx context.Context, info *drive.File) error {
+				return f.setOwner(ctx, info, v)
+			})
+		case "permissions":
+			if !f.opt.MetadataPermissions.IsSet(rwWrite) {
+				continue
+			}
+			var perms []*drive.Permission
+			err := json.Unmarshal([]byte(v), &perms)
+			if err != nil {
+				return nil, fmt.Errorf("failed to unmarshal permissions: %w", err)
+			}
+			// Can't set Permissions on upload so need to set afterwards
+			callbackFns = append(callbackFns, func(ctx context.Context, info *drive.File) error {
+				return f.setPermissions(ctx, info, perms)
+			})
+		case "labels":
+			if !f.opt.MetadataLabels.IsSet(rwWrite) {
+				continue
+			}
+			var labels []*drive.Label
+			err := json.Unmarshal([]byte(v), &labels)
+			if err != nil {
+				return nil, fmt.Errorf("failed to unmarshal labels: %w", err)
+			}
+			// Can't set Labels on upload so need to set afterwards
+			callbackFns = append(callbackFns, func(ctx context.Context, info *drive.File) error {
+				return f.setLabels(ctx, info, labels)
+			})
+		case "folder-color-rgb":
+			updateInfo.FolderColorRgb = v
+		case "description":
+			updateInfo.Description = v
+		case "starred":
+			if err := parseBool(&updateInfo.Starred); err != nil {
+				return nil, err
+			}
+		case "btime":
+			if update {
+				fs.Debugf(f, "Skipping btime metadata as can't update it on an existing file: %v", v)
+			} else {
+				updateInfo.CreatedTime = v
+			}
+		case "mtime":
+			updateInfo.ModifiedTime = v
+		default:
+			if updateInfo.Properties == nil {
+				updateInfo.Properties = make(map[string]string, 1)
+			}
+			updateInfo.Properties[k] = v
+		}
+	}
+	return callback, nil
+}
+
+// Fetch metadata and update updateInfo if --metadata is in use
+func (f *Fs) fetchAndUpdateMetadata(ctx context.Context, src fs.ObjectInfo, options []fs.OpenOption, updateInfo *drive.File, update bool) (callback updateMetadataFn, err error) {
+	meta, err := fs.GetMetadataOptions(ctx, f, src, options)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read metadata from source object: %w", err)
+	}
+	callback, err = f.updateMetadata(ctx, updateInfo, meta, update)
+	if err != nil {
+		return nil, fmt.Errorf("failed to update metadata from source object: %w", err)
+	}
+	return callback, nil
+}
diff --git a/backend/dropbox/batcher.go b/backend/dropbox/batcher.go
index 82a4b5524d76e..f55223d1fd2a4 100644
--- a/backend/dropbox/batcher.go
+++ b/backend/dropbox/batcher.go
@@ -8,122 +8,19 @@ package dropbox
 
 import (
 	"context"
-	"errors"
 	"fmt"
-	"sync"
-	"time"
 
-	"github.com/dropbox/dropbox-sdk-go-unofficial/v6/dropbox/async"
 	"github.com/dropbox/dropbox-sdk-go-unofficial/v6/dropbox/files"
-	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/fserrors"
-	"github.com/rclone/rclone/lib/atexit"
 )
 
-const (
-	maxBatchSize          = 1000                   // max size the batch can be
-	defaultTimeoutSync    = 500 * time.Millisecond // kick off the batch if nothing added for this long (sync)
-	defaultTimeoutAsync   = 10 * time.Second       // kick off the batch if nothing added for this long (ssync)
-	defaultBatchSizeAsync = 100                    // default batch size if async
-)
-
-// batcher holds info about the current items waiting for upload
-type batcher struct {
-	f        *Fs                 // Fs this batch is part of
-	mode     string              // configured batch mode
-	size     int                 // maximum size for batch
-	timeout  time.Duration       // idle timeout for batch
-	async    bool                // whether we are using async batching
-	in       chan batcherRequest // incoming items to batch
-	closed   chan struct{}       // close to indicate batcher shut down
-	atexit   atexit.FnHandle     // atexit handle
-	shutOnce sync.Once           // make sure we shutdown once only
-	wg       sync.WaitGroup      // wait for shutdown
-}
-
-// batcherRequest holds an incoming request with a place for a reply
-type batcherRequest struct {
-	commitInfo *files.UploadSessionFinishArg
-	result     chan<- batcherResponse
-}
-
-// Return true if batcherRequest is the quit request
-func (br *batcherRequest) isQuit() bool {
-	return br.commitInfo == nil
-}
-
-// Send this to get the engine to quit
-var quitRequest = batcherRequest{}
-
-// batcherResponse holds a response to be delivered to clients waiting
-// for a batch to complete.
-type batcherResponse struct {
-	err   error
-	entry *files.FileMetadata
-}
-
-// newBatcher creates a new batcher structure
-func newBatcher(ctx context.Context, f *Fs, mode string, size int, timeout time.Duration) (*batcher, error) {
-	// fs.Debugf(f, "Creating batcher with mode %q, size %d, timeout %v", mode, size, timeout)
-	if size > maxBatchSize || size < 0 {
-		return nil, fmt.Errorf("dropbox: batch size must be < %d and >= 0 - it is currently %d", maxBatchSize, size)
-	}
-
-	async := false
-
-	switch mode {
-	case "sync":
-		if size <= 0 {
-			ci := fs.GetConfig(ctx)
-			size = ci.Transfers
-		}
-		if timeout <= 0 {
-			timeout = defaultTimeoutSync
-		}
-	case "async":
-		if size <= 0 {
-			size = defaultBatchSizeAsync
-		}
-		if timeout <= 0 {
-			timeout = defaultTimeoutAsync
-		}
-		async = true
-	case "off":
-		size = 0
-	default:
-		return nil, fmt.Errorf("dropbox: batch mode must be sync|async|off not %q", mode)
-	}
-
-	b := &batcher{
-		f:       f,
-		mode:    mode,
-		size:    size,
-		timeout: timeout,
-		async:   async,
-		in:      make(chan batcherRequest, size),
-		closed:  make(chan struct{}),
-	}
-	if b.Batching() {
-		b.atexit = atexit.Register(b.Shutdown)
-		b.wg.Add(1)
-		go b.commitLoop(context.Background())
-	}
-	return b, nil
-
-}
-
-// Batching returns true if batching is active
-func (b *batcher) Batching() bool {
-	return b.size > 0
-}
-
 // finishBatch commits the batch, returning a batch status to poll or maybe complete
-func (b *batcher) finishBatch(ctx context.Context, items []*files.UploadSessionFinishArg) (complete *files.UploadSessionFinishBatchResult, err error) {
+func (f *Fs) finishBatch(ctx context.Context, items []*files.UploadSessionFinishArg) (complete *files.UploadSessionFinishBatchResult, err error) {
 	var arg = &files.UploadSessionFinishBatchArg{
 		Entries: items,
 	}
-	err = b.f.pacer.Call(func() (bool, error) {
-		complete, err = b.f.srv.UploadSessionFinishBatchV2(arg)
+	err = f.pacer.Call(func() (bool, error) {
+		complete, err = f.srv.UploadSessionFinishBatchV2(arg)
 		// If error is insufficient space then don't retry
 		if e, ok := err.(files.UploadSessionFinishAPIError); ok {
 			if e.EndpointError != nil && e.EndpointError.Path != nil && e.EndpointError.Path.Tag == files.WriteErrorInsufficientSpace {
@@ -140,66 +37,10 @@ func (b *batcher) finishBatch(ctx context.Context, items []*files.UploadSessionF
 	return complete, nil
 }
 
-// finishBatchJobStatus waits for the batch to complete returning completed entries
-func (b *batcher) finishBatchJobStatus(ctx context.Context, launchBatchStatus *files.UploadSessionFinishBatchLaunch) (complete *files.UploadSessionFinishBatchResult, err error) {
-	if launchBatchStatus.AsyncJobId == "" {
-		return nil, errors.New("wait for batch completion: empty job ID")
-	}
-	var batchStatus *files.UploadSessionFinishBatchJobStatus
-	sleepTime := 100 * time.Millisecond
-	const maxSleepTime = 1 * time.Second
-	startTime := time.Now()
-	try := 1
-	for {
-		remaining := time.Duration(b.f.opt.BatchCommitTimeout) - time.Since(startTime)
-		if remaining < 0 {
-			break
-		}
-		err = b.f.pacer.Call(func() (bool, error) {
-			batchStatus, err = b.f.srv.UploadSessionFinishBatchCheck(&async.PollArg{
-				AsyncJobId: launchBatchStatus.AsyncJobId,
-			})
-			return shouldRetry(ctx, err)
-		})
-		if err != nil {
-			fs.Debugf(b.f, "Wait for batch: sleeping for %v after error: %v: try %d remaining %v", sleepTime, err, try, remaining)
-		} else {
-			if batchStatus.Tag == "complete" {
-				fs.Debugf(b.f, "Upload batch completed in %v", time.Since(startTime))
-				return batchStatus.Complete, nil
-			}
-			fs.Debugf(b.f, "Wait for batch: sleeping for %v after status: %q: try %d remaining %v", sleepTime, batchStatus.Tag, try, remaining)
-		}
-		time.Sleep(sleepTime)
-		sleepTime *= 2
-		if sleepTime > maxSleepTime {
-			sleepTime = maxSleepTime
-		}
-		try++
-	}
-	if err == nil {
-		err = errors.New("batch didn't complete")
-	}
-	return nil, fmt.Errorf("wait for batch failed after %d tries in %v: %w", try, time.Since(startTime), err)
-}
-
-// commit a batch
-func (b *batcher) commitBatch(ctx context.Context, items []*files.UploadSessionFinishArg, results []chan<- batcherResponse) (err error) {
-	// If commit fails then signal clients if sync
-	var signalled = b.async
-	defer func() {
-		if err != nil && signalled {
-			// Signal to clients that there was an error
-			for _, result := range results {
-				result <- batcherResponse{err: err}
-			}
-		}
-	}()
-	desc := fmt.Sprintf("%s batch length %d starting with: %s", b.mode, len(items), items[0].Commit.Path)
-	fs.Debugf(b.f, "Committing %s", desc)
-
+// Called by the batcher to commit a batch
+func (f *Fs) commitBatch(ctx context.Context, items []*files.UploadSessionFinishArg, results []*files.FileMetadata, errors []error) (err error) {
 	// finalise the batch getting either a result or a job id to poll
-	complete, err := b.finishBatch(ctx, items)
+	complete, err := f.finishBatch(ctx, items)
 	if err != nil {
 		return err
 	}
@@ -210,19 +51,13 @@ func (b *batcher) commitBatch(ctx context.Context, items []*files.UploadSessionF
 		return fmt.Errorf("expecting %d items in batch but got %d", len(results), len(entries))
 	}
 
-	// Report results to clients
-	var (
-		errorTag   = ""
-		errorCount = 0
-	)
+	// Format results for return
 	for i := range results {
 		item := entries[i]
-		resp := batcherResponse{}
 		if item.Tag == "success" {
-			resp.entry = item.Success
+			results[i] = item.Success
 		} else {
-			errorCount++
-			errorTag = item.Tag
+			errorTag := item.Tag
 			if item.Failure != nil {
 				errorTag = item.Failure.Tag
 				if item.Failure.LookupFailed != nil {
@@ -235,112 +70,9 @@ func (b *batcher) commitBatch(ctx context.Context, items []*files.UploadSessionF
 					errorTag += "/" + item.Failure.PropertiesError.Tag
 				}
 			}
-			resp.err = fmt.Errorf("batch upload failed: %s", errorTag)
-		}
-		if !b.async {
-			results[i] <- resp
+			errors[i] = fmt.Errorf("upload failed: %s", errorTag)
 		}
 	}
-	// Show signalled so no need to report error to clients from now on
-	signalled = true
 
-	// Report an error if any failed in the batch
-	if errorTag != "" {
-		return fmt.Errorf("batch had %d errors: last error: %s", errorCount, errorTag)
-	}
-
-	fs.Debugf(b.f, "Committed %s", desc)
 	return nil
 }
-
-// commitLoop runs the commit engine in the background
-func (b *batcher) commitLoop(ctx context.Context) {
-	var (
-		items     []*files.UploadSessionFinishArg // current batch of uncommitted files
-		results   []chan<- batcherResponse        // current batch of clients awaiting results
-		idleTimer = time.NewTimer(b.timeout)
-		commit    = func() {
-			err := b.commitBatch(ctx, items, results)
-			if err != nil {
-				fs.Errorf(b.f, "%s batch commit: failed to commit batch length %d: %v", b.mode, len(items), err)
-			}
-			items, results = nil, nil
-		}
-	)
-	defer b.wg.Done()
-	defer idleTimer.Stop()
-	idleTimer.Stop()
-
-outer:
-	for {
-		select {
-		case req := <-b.in:
-			if req.isQuit() {
-				break outer
-			}
-			items = append(items, req.commitInfo)
-			results = append(results, req.result)
-			idleTimer.Stop()
-			if len(items) >= b.size {
-				commit()
-			} else {
-				idleTimer.Reset(b.timeout)
-			}
-		case <-idleTimer.C:
-			if len(items) > 0 {
-				fs.Debugf(b.f, "Batch idle for %v so committing", b.timeout)
-				commit()
-			}
-		}
-
-	}
-	// commit any remaining items
-	if len(items) > 0 {
-		commit()
-	}
-}
-
-// Shutdown finishes any pending batches then shuts everything down
-//
-// Can be called from atexit handler
-func (b *batcher) Shutdown() {
-	if !b.Batching() {
-		return
-	}
-	b.shutOnce.Do(func() {
-		atexit.Unregister(b.atexit)
-		fs.Infof(b.f, "Committing uploads - please wait...")
-		// show that batcher is shutting down
-		close(b.closed)
-		// quit the commitLoop by sending a quitRequest message
-		//
-		// Note that we don't close b.in because that will
-		// cause write to closed channel in Commit when we are
-		// exiting due to a signal.
-		b.in <- quitRequest
-		b.wg.Wait()
-	})
-}
-
-// Commit commits the file using a batch call, first adding it to the
-// batch and then waiting for the batch to complete in a synchronous
-// way if async is not set.
-func (b *batcher) Commit(ctx context.Context, commitInfo *files.UploadSessionFinishArg) (entry *files.FileMetadata, err error) {
-	select {
-	case <-b.closed:
-		return nil, fserrors.FatalError(errors.New("batcher is shutting down"))
-	default:
-	}
-	fs.Debugf(b.f, "Adding %q to batch", commitInfo.Commit.Path)
-	resp := make(chan batcherResponse, 1)
-	b.in <- batcherRequest{
-		commitInfo: commitInfo,
-		result:     resp,
-	}
-	// If running async then don't wait for the result
-	if b.async {
-		return nil, nil
-	}
-	result := <-resp
-	return result.entry, result.err
-}
diff --git a/backend/dropbox/dropbox.go b/backend/dropbox/dropbox.go
index 740bd76e34f1c..1b647af0819e2 100644
--- a/backend/dropbox/dropbox.go
+++ b/backend/dropbox/dropbox.go
@@ -47,6 +47,7 @@ import (
 	"github.com/rclone/rclone/fs/config/obscure"
 	"github.com/rclone/rclone/fs/fserrors"
 	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/batcher"
 	"github.com/rclone/rclone/lib/encoder"
 	"github.com/rclone/rclone/lib/oauthutil"
 	"github.com/rclone/rclone/lib/pacer"
@@ -58,7 +59,7 @@ import (
 const (
 	rcloneClientID              = "5jcck7diasz0rqy"
 	rcloneEncryptedClientSecret = "fRS5vVLr2v6FbyXYnIgjwBuUAt0osq_QZTXAEcmZ7g"
-	minSleep                    = 10 * time.Millisecond
+	defaultMinSleep             = fs.Duration(10 * time.Millisecond)
 	maxSleep                    = 2 * time.Second
 	decayConstant               = 2 // bigger for slower decay, exponential
 	// Upload chunk size - setting too small makes uploads slow.
@@ -121,6 +122,14 @@ var (
 
 	// Errors
 	errNotSupportedInSharedMode = fserrors.NoRetryError(errors.New("not supported in shared files mode"))
+
+	// Configure the batcher
+	defaultBatcherOptions = batcher.Options{
+		MaxBatchSize:          1000,
+		DefaultTimeoutSync:    500 * time.Millisecond,
+		DefaultTimeoutAsync:   10 * time.Second,
+		DefaultBatchSizeAsync: 100,
+	}
 )
 
 // Gets an oauth config with the right scopes
@@ -152,7 +161,7 @@ func init() {
 				},
 			})
 		},
-		Options: append(oauthutil.SharedOptions, []fs.Option{{
+		Options: append(append(oauthutil.SharedOptions, []fs.Option{{
 			Name: "chunk_size",
 			Help: fmt.Sprintf(`Upload chunk size (< %v).
 
@@ -182,8 +191,9 @@ client_secret) to use this option as currently rclone's default set of
 permissions doesn't include "members.read". This can be added once
 v1.55 or later is in use everywhere.
 `,
-			Default:  "",
-			Advanced: true,
+			Default:   "",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "shared_files",
 			Help: `Instructs rclone to work on individual shared files.
@@ -210,66 +220,9 @@ shared folder.`,
 			Default:  false,
 			Advanced: true,
 		}, {
-			Name: "batch_mode",
-			Help: `Upload file batching sync|async|off.
-
-This sets the batch mode used by rclone.
-
-For full info see [the main docs](https://rclone.org/dropbox/#batch-mode)
-
-This has 3 possible values
-
-- off - no batching
-- sync - batch uploads and check completion (default)
-- async - batch upload and don't check completion
-
-Rclone will close any outstanding batches when it exits which may make
-a delay on quit.
-`,
-			Default:  "sync",
-			Advanced: true,
-		}, {
-			Name: "batch_size",
-			Help: `Max number of files in upload batch.
-
-This sets the batch size of files to upload. It has to be less than 1000.
-
-By default this is 0 which means rclone which calculate the batch size
-depending on the setting of batch_mode.
-
-- batch_mode: async - default batch_size is 100
-- batch_mode: sync - default batch_size is the same as --transfers
-- batch_mode: off - not in use
-
-Rclone will close any outstanding batches when it exits which may make
-a delay on quit.
-
-Setting this is a great idea if you are uploading lots of small files
-as it will make them a lot quicker. You can use --transfers 32 to
-maximise throughput.
-`,
-			Default:  0,
-			Advanced: true,
-		}, {
-			Name: "batch_timeout",
-			Help: `Max time to allow an idle upload batch before uploading.
-
-If an upload batch is idle for more than this long then it will be
-uploaded.
-
-The default for this is 0 which means rclone will choose a sensible
-default based on the batch_mode in use.
-
-- batch_mode: async - default batch_timeout is 500ms
-- batch_mode: sync - default batch_timeout is 10s
-- batch_mode: off - not in use
-`,
-			Default:  fs.Duration(0),
-			Advanced: true,
-		}, {
-			Name:     "batch_commit_timeout",
-			Help:     `Max time to wait for a batch to finish committing`,
-			Default:  fs.Duration(10 * time.Minute),
+			Name:     "pacer_min_sleep",
+			Default:  defaultMinSleep,
+			Help:     "Minimum time to sleep between API calls.",
 			Advanced: true,
 		}, {
 			Name:     config.ConfigEncoding,
@@ -284,22 +237,22 @@ default based on the batch_mode in use.
 				encoder.EncodeDel |
 				encoder.EncodeRightSpace |
 				encoder.EncodeInvalidUtf8,
-		}}...),
+		}}...), defaultBatcherOptions.FsOptions("For full info see [the main docs](https://rclone.org/dropbox/#batch-mode)\n\n")...),
 	})
 }
 
 // Options defines the configuration for this backend
 type Options struct {
-	ChunkSize          fs.SizeSuffix        `config:"chunk_size"`
-	Impersonate        string               `config:"impersonate"`
-	SharedFiles        bool                 `config:"shared_files"`
-	SharedFolders      bool                 `config:"shared_folders"`
-	BatchMode          string               `config:"batch_mode"`
-	BatchSize          int                  `config:"batch_size"`
-	BatchTimeout       fs.Duration          `config:"batch_timeout"`
-	BatchCommitTimeout fs.Duration          `config:"batch_commit_timeout"`
-	AsyncBatch         bool                 `config:"async_batch"`
-	Enc                encoder.MultiEncoder `config:"encoding"`
+	ChunkSize     fs.SizeSuffix        `config:"chunk_size"`
+	Impersonate   string               `config:"impersonate"`
+	SharedFiles   bool                 `config:"shared_files"`
+	SharedFolders bool                 `config:"shared_folders"`
+	BatchMode     string               `config:"batch_mode"`
+	BatchSize     int                  `config:"batch_size"`
+	BatchTimeout  fs.Duration          `config:"batch_timeout"`
+	AsyncBatch    bool                 `config:"async_batch"`
+	PacerMinSleep fs.Duration          `config:"pacer_min_sleep"`
+	Enc           encoder.MultiEncoder `config:"encoding"`
 }
 
 // Fs represents a remote dropbox server
@@ -318,7 +271,7 @@ type Fs struct {
 	slashRootSlash string         // root with "/" prefix and postfix, lowercase
 	pacer          *fs.Pacer      // To pace the API calls
 	ns             string         // The namespace we are using or "" for none
-	batcher        *batcher       // batch builder
+	batcher        *batcher.Batcher[*files.UploadSessionFinishArg, *files.FileMetadata]
 }
 
 // Object describes a dropbox object
@@ -442,9 +395,13 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		name:  name,
 		opt:   *opt,
 		ci:    ci,
-		pacer: fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
+		pacer: fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(opt.PacerMinSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
 	}
-	f.batcher, err = newBatcher(ctx, f, f.opt.BatchMode, f.opt.BatchSize, time.Duration(f.opt.BatchTimeout))
+	batcherOptions := defaultBatcherOptions
+	batcherOptions.Mode = f.opt.BatchMode
+	batcherOptions.Size = f.opt.BatchSize
+	batcherOptions.Timeout = time.Duration(f.opt.BatchTimeout)
+	f.batcher, err = batcher.New(ctx, f, f.commitBatch, batcherOptions)
 	if err != nil {
 		return nil, err
 	}
@@ -536,7 +493,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 			default:
 				return nil, err
 			}
-			// if the moint failed we have to abort here
+			// if the mount failed we have to abort here
 		}
 		// if the mount succeeded it's now a normal folder in the users root namespace
 		// we disable shared folder mode and proceed normally
@@ -719,7 +676,7 @@ func (f *Fs) listSharedFolders(ctx context.Context) (entries fs.DirEntries, err
 		}
 		for _, entry := range res.Entries {
 			leaf := f.opt.Enc.ToStandardName(entry.Name)
-			d := fs.NewDir(leaf, time.Now()).SetID(entry.SharedFolderId)
+			d := fs.NewDir(leaf, time.Time{}).SetID(entry.SharedFolderId)
 			entries = append(entries, d)
 			if err != nil {
 				return nil, err
@@ -906,7 +863,7 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 			leaf := f.opt.Enc.ToStandardName(path.Base(entryPath))
 			remote := path.Join(dir, leaf)
 			if folderInfo != nil {
-				d := fs.NewDir(remote, time.Now()).SetID(folderInfo.Id)
+				d := fs.NewDir(remote, time.Time{}).SetID(folderInfo.Id)
 				entries = append(entries, d)
 			} else if fileInfo != nil {
 				o, err := f.newObjectWithInfo(ctx, remote, fileInfo)
@@ -989,6 +946,7 @@ func (f *Fs) purgeCheck(ctx context.Context, dir string, check bool) (err error)
 	if root == "/" {
 		return errors.New("can't remove root directory")
 	}
+	encRoot := f.opt.Enc.FromStandardPath(root)
 
 	if check {
 		// check directory exists
@@ -997,10 +955,9 @@ func (f *Fs) purgeCheck(ctx context.Context, dir string, check bool) (err error)
 			return fmt.Errorf("Rmdir: %w", err)
 		}
 
-		root = f.opt.Enc.FromStandardPath(root)
 		// check directory empty
 		arg := files.ListFolderArg{
-			Path:      root,
+			Path:      encRoot,
 			Recursive: false,
 		}
 		if root == "/" {
@@ -1021,7 +978,7 @@ func (f *Fs) purgeCheck(ctx context.Context, dir string, check bool) (err error)
 
 	// remove it
 	err = f.pacer.Call(func() (bool, error) {
-		_, err = f.srv.DeleteV2(&files.DeleteArg{Path: root})
+		_, err = f.srv.DeleteV2(&files.DeleteArg{Path: encRoot})
 		return shouldRetry(ctx, err)
 	})
 	return err
@@ -1715,7 +1672,7 @@ func (o *Object) uploadChunked(ctx context.Context, in0 io.Reader, commitInfo *f
 	// If we are batching then we should have written all the data now
 	// store the commit info now for a batch commit
 	if o.fs.batcher.Batching() {
-		return o.fs.batcher.Commit(ctx, args)
+		return o.fs.batcher.Commit(ctx, o.remote, args)
 	}
 
 	err = o.fs.pacer.Call(func() (bool, error) {
diff --git a/backend/fichier/api.go b/backend/fichier/api.go
index 1ee812c47de5d..8e1bdbb61a764 100644
--- a/backend/fichier/api.go
+++ b/backend/fichier/api.go
@@ -28,14 +28,14 @@ var retryErrorCodes = []int{
 	509, // Bandwidth Limit Exceeded
 }
 
-var errorRegex = regexp.MustCompile(`#\d{1,3}`)
+var errorRegex = regexp.MustCompile(`#(\d{1,3})`)
 
 func parseFichierError(err error) int {
 	matches := errorRegex.FindStringSubmatch(err.Error())
 	if len(matches) == 0 {
 		return 0
 	}
-	code, err := strconv.Atoi(matches[0])
+	code, err := strconv.Atoi(matches[1])
 	if err != nil {
 		fs.Debugf(nil, "failed parsing fichier error: %v", err)
 		return 0
@@ -118,6 +118,9 @@ func (f *Fs) getDownloadToken(ctx context.Context, url string) (*GetTokenRespons
 		Single: 1,
 		Pass:   f.opt.FilePassword,
 	}
+	if f.opt.CDN {
+		request.CDN = 1
+	}
 	opts := rest.Opts{
 		Method: "POST",
 		Path:   "/download/get_token.cgi",
@@ -405,6 +408,32 @@ func (f *Fs) moveFile(ctx context.Context, url string, folderID int, rename stri
 	return response, nil
 }
 
+func (f *Fs) moveDir(ctx context.Context, folderID int, newLeaf string, destinationFolderID int) (response *MoveDirResponse, err error) {
+	request := &MoveDirRequest{
+		FolderID:            folderID,
+		DestinationFolderID: destinationFolderID,
+		Rename:              newLeaf,
+		// DestinationUser:     destinationUser,
+	}
+
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "/folder/mv.cgi",
+	}
+
+	response = &MoveDirResponse{}
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err := f.rest.CallJSON(ctx, &opts, request, response)
+		return shouldRetry(ctx, resp, err)
+	})
+
+	if err != nil {
+		return nil, fmt.Errorf("couldn't move dir: %w", err)
+	}
+
+	return response, nil
+}
+
 func (f *Fs) copyFile(ctx context.Context, url string, folderID int, rename string) (response *CopyFileResponse, err error) {
 	request := &CopyFileRequest{
 		URLs:     []string{url},
@@ -473,7 +502,7 @@ func (f *Fs) getUploadNode(ctx context.Context) (response *GetUploadNodeResponse
 		return shouldRetry(ctx, resp, err)
 	})
 	if err != nil {
-		return nil, fmt.Errorf("didnt got an upload node: %w", err)
+		return nil, fmt.Errorf("didn't get an upload node: %w", err)
 	}
 
 	// fs.Debugf(f, "Got Upload node")
diff --git a/backend/fichier/fichier.go b/backend/fichier/fichier.go
index e6c05305154ef..4a2caf5bf5376 100644
--- a/backend/fichier/fichier.go
+++ b/backend/fichier/fichier.go
@@ -38,8 +38,9 @@ func init() {
 		Description: "1Fichier",
 		NewFs:       NewFs,
 		Options: []fs.Option{{
-			Help: "Your API Key, get it from https://1fichier.com/console/params.pl.",
-			Name: "api_key",
+			Help:      "Your API Key, get it from https://1fichier.com/console/params.pl.",
+			Name:      "api_key",
+			Sensitive: true,
 		}, {
 			Help:     "If you want to download a shared folder, add this parameter.",
 			Name:     "shared_folder",
@@ -54,6 +55,11 @@ func init() {
 			Name:       "folder_password",
 			Advanced:   true,
 			IsPassword: true,
+		}, {
+			Help:     "Set if you wish to use CDN download links.",
+			Name:     "cdn",
+			Default:  false,
+			Advanced: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -89,6 +95,7 @@ type Options struct {
 	SharedFolder   string               `config:"shared_folder"`
 	FilePassword   string               `config:"file_password"`
 	FolderPassword string               `config:"folder_password"`
+	CDN            bool                 `config:"cdn"`
 	Enc            encoder.MultiEncoder `config:"encoding"`
 }
 
@@ -333,7 +340,7 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 // checking to see if there is one already - use Put() for that.
 func (f *Fs) putUnchecked(ctx context.Context, in io.Reader, remote string, size int64, options ...fs.OpenOption) (fs.Object, error) {
 	if size > int64(300e9) {
-		return nil, errors.New("File too big, cant upload")
+		return nil, errors.New("File too big, can't upload")
 	} else if size == 0 {
 		return nil, fs.ErrorCantUploadEmptyFiles
 	}
@@ -481,6 +488,51 @@ func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	return dstObj, nil
 }
 
+// DirMove moves src, srcRemote to this remote at dstRemote
+// using server-side move operations.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantDirMove.
+//
+// If destination exists then return fs.ErrorDirExists.
+//
+// This is complicated by the fact that we can't use moveDir to move
+// to a different directory AND rename at the same time as it can
+// overwrite files in the source directory.
+func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string) error {
+	srcFs, ok := src.(*Fs)
+	if !ok {
+		fs.Debugf(srcFs, "Can't move directory - not same remote type")
+		return fs.ErrorCantDirMove
+	}
+
+	srcID, _, _, dstDirectoryID, dstLeaf, err := f.dirCache.DirMove(ctx, srcFs.dirCache, srcFs.root, srcRemote, f.root, dstRemote)
+	if err != nil {
+		return err
+	}
+	srcIDnumeric, err := strconv.Atoi(srcID)
+	if err != nil {
+		return err
+	}
+	dstDirectoryIDnumeric, err := strconv.Atoi(dstDirectoryID)
+	if err != nil {
+		return err
+	}
+
+	var resp *MoveDirResponse
+	resp, err = f.moveDir(ctx, srcIDnumeric, dstLeaf, dstDirectoryIDnumeric)
+	if err != nil {
+		return fmt.Errorf("couldn't rename leaf: %w", err)
+	}
+	if resp.Status != "OK" {
+		return fmt.Errorf("couldn't rename leaf: %s", resp.Message)
+	}
+
+	srcFs.dirCache.FlushDir(srcRemote)
+	return nil
+}
+
 // Copy src to this remote using server side move operations.
 func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
 	srcObj, ok := src.(*Object)
@@ -554,6 +606,7 @@ func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration,
 var (
 	_ fs.Fs              = (*Fs)(nil)
 	_ fs.Mover           = (*Fs)(nil)
+	_ fs.DirMover        = (*Fs)(nil)
 	_ fs.Copier          = (*Fs)(nil)
 	_ fs.PublicLinker    = (*Fs)(nil)
 	_ fs.PutUncheckeder  = (*Fs)(nil)
diff --git a/backend/fichier/structs.go b/backend/fichier/structs.go
index 02e50a632715e..289aa64b7812f 100644
--- a/backend/fichier/structs.go
+++ b/backend/fichier/structs.go
@@ -20,6 +20,7 @@ type DownloadRequest struct {
 	URL    string `json:"url"`
 	Single int    `json:"single"`
 	Pass   string `json:"pass,omitempty"`
+	CDN    int    `json:"cdn,omitempty"`
 }
 
 // RemoveFolderRequest is the request structure of the corresponding request
@@ -69,6 +70,22 @@ type MoveFileResponse struct {
 	URLs    []string `json:"urls"`
 }
 
+// MoveDirRequest is the request structure of the corresponding request
+type MoveDirRequest struct {
+	FolderID            int    `json:"folder_id"`
+	DestinationFolderID int    `json:"destination_folder_id,omitempty"`
+	DestinationUser     string `json:"destination_user"`
+	Rename              string `json:"rename,omitempty"`
+}
+
+// MoveDirResponse is the response structure of the corresponding request
+type MoveDirResponse struct {
+	Status  string `json:"status"`
+	Message string `json:"message"`
+	OldName string `json:"old_name"`
+	NewName string `json:"new_name"`
+}
+
 // CopyFileRequest is the request structure of the corresponding request
 type CopyFileRequest struct {
 	URLs     []string `json:"urls"`
diff --git a/backend/filefabric/filefabric.go b/backend/filefabric/filefabric.go
index 3d157f8fbbea0..454dc3c950418 100644
--- a/backend/filefabric/filefabric.go
+++ b/backend/filefabric/filefabric.go
@@ -84,6 +84,7 @@ Leave blank normally.
 
 Fill in to make rclone start with directory of a given ID.
 `,
+			Sensitive: true,
 		}, {
 			Name: "permanent_token",
 			Help: `Permanent Authentication Token.
@@ -97,6 +98,7 @@ These tokens are normally valid for several years.
 
 For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
 `,
+			Sensitive: true,
 		}, {
 			Name: "token",
 			Help: `Session Token.
@@ -106,7 +108,8 @@ usually valid for 1 hour.
 
 Don't set this value - rclone will set it automatically.
 `,
-			Advanced: true,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "token_expiry",
 			Help: `Token expiry time.
@@ -155,9 +158,9 @@ type Fs struct {
 	tokenMu         sync.Mutex         // hold when reading the token
 	token           string             // current access token
 	tokenExpiry     time.Time          // time the current token expires
-	tokenExpired    int32              // read and written with atomic
-	canCopyWithName bool               // set if detected that can use fi_name in copy
-	precision       time.Duration      // precision reported
+	tokenExpired    atomic.Int32
+	canCopyWithName bool          // set if detected that can use fi_name in copy
+	precision       time.Duration // precision reported
 }
 
 // Object describes a filefabric object
@@ -240,7 +243,7 @@ func (f *Fs) shouldRetry(ctx context.Context, resp *http.Response, err error, st
 		err = status // return the error from the RPC
 		code := status.GetCode()
 		if code == "login_token_expired" {
-			atomic.AddInt32(&f.tokenExpired, 1)
+			f.tokenExpired.Add(1)
 		} else {
 			for _, retryCode := range retryStatusCodes {
 				if code == retryCode.code {
@@ -320,12 +323,12 @@ func (f *Fs) getToken(ctx context.Context) (token string, err error) {
 	var refreshed = false
 	defer func() {
 		if refreshed {
-			atomic.StoreInt32(&f.tokenExpired, 0)
+			f.tokenExpired.Store(0)
 		}
 		f.tokenMu.Unlock()
 	}()
 
-	expired := atomic.LoadInt32(&f.tokenExpired) != 0
+	expired := f.tokenExpired.Load() != 0
 	if expired {
 		fs.Debugf(f, "Token invalid - refreshing")
 	}
diff --git a/backend/ftp/ftp.go b/backend/ftp/ftp.go
index 8dd520efb15da..aab419779235f 100644
--- a/backend/ftp/ftp.go
+++ b/backend/ftp/ftp.go
@@ -28,6 +28,7 @@ import (
 	"github.com/rclone/rclone/lib/encoder"
 	"github.com/rclone/rclone/lib/env"
 	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/proxy"
 	"github.com/rclone/rclone/lib/readers"
 )
 
@@ -48,13 +49,15 @@ func init() {
 		Description: "FTP",
 		NewFs:       NewFs,
 		Options: []fs.Option{{
-			Name:     "host",
-			Help:     "FTP host to connect to.\n\nE.g. \"ftp.example.com\".",
-			Required: true,
+			Name:      "host",
+			Help:      "FTP host to connect to.\n\nE.g. \"ftp.example.com\".",
+			Required:  true,
+			Sensitive: true,
 		}, {
-			Name:    "user",
-			Help:    "FTP username.",
-			Default: currentUser,
+			Name:      "user",
+			Help:      "FTP username.",
+			Default:   currentUser,
+			Sensitive: true,
 		}, {
 			Name:    "port",
 			Help:    "FTP port number.",
@@ -172,6 +175,18 @@ Enabled by default. Use 0 to disable.`,
 If this is set and no password is supplied then rclone will ask for a password
 `,
 			Advanced: true,
+		}, {
+			Name:    "socks_proxy",
+			Default: "",
+			Help: `Socks 5 proxy host.
+		
+		Supports the format user:pass@host:port, user@host:port, host:port.
+		
+		Example:
+		
+			myUser:myPass@localhost:9005
+		`,
+			Advanced: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -216,6 +231,7 @@ type Options struct {
 	ShutTimeout       fs.Duration          `config:"shut_timeout"`
 	AskPassword       bool                 `config:"ask_password"`
 	Enc               encoder.MultiEncoder `config:"encoding"`
+	SocksProxy        string               `config:"socks_proxy"`
 }
 
 // Fs represents a remote FTP server
@@ -233,7 +249,6 @@ type Fs struct {
 	pool     []*ftp.ServerConn
 	drain    *time.Timer // used to drain the pool when we stop using the connections
 	tokens   *pacer.TokenDispenser
-	tlsConf  *tls.Config
 	pacer    *fs.Pacer // pacer for FTP connections
 	fGetTime bool      // true if the ftp library accepts GetTime
 	fSetTime bool      // true if the ftp library accepts SetTime
@@ -315,10 +330,17 @@ func (dl *debugLog) Write(p []byte) (n int, err error) {
 	return len(p), nil
 }
 
+// Return a *textproto.Error if err contains one or nil otherwise
+func textprotoError(err error) (errX *textproto.Error) {
+	if errors.As(err, &errX) {
+		return errX
+	}
+	return nil
+}
+
 // returns true if this FTP error should be retried
 func isRetriableFtpError(err error) bool {
-	switch errX := err.(type) {
-	case *textproto.Error:
+	if errX := textprotoError(err); errX != nil {
 		switch errX.Code {
 		case ftp.StatusNotAvailable, ftp.StatusTransfertAborted:
 			return true
@@ -339,10 +361,36 @@ func shouldRetry(ctx context.Context, err error) (bool, error) {
 	return fserrors.ShouldRetry(err), err
 }
 
+// Get a TLS config with a unique session cache.
+//
+// We can't share session caches between connections.
+//
+// See: https://github.com/rclone/rclone/issues/7234
+func (f *Fs) tlsConfig() *tls.Config {
+	var tlsConfig *tls.Config
+	if f.opt.TLS || f.opt.ExplicitTLS {
+		tlsConfig = &tls.Config{
+			ServerName:         f.opt.Host,
+			InsecureSkipVerify: f.opt.SkipVerifyTLSCert,
+		}
+		if f.opt.TLSCacheSize > 0 {
+			tlsConfig.ClientSessionCache = tls.NewLRUClientSessionCache(f.opt.TLSCacheSize)
+		}
+		if f.opt.DisableTLS13 {
+			tlsConfig.MaxVersion = tls.VersionTLS12
+		}
+	}
+	return tlsConfig
+}
+
 // Open a new connection to the FTP server.
 func (f *Fs) ftpConnection(ctx context.Context) (c *ftp.ServerConn, err error) {
 	fs.Debugf(f, "Connecting to FTP server")
 
+	// tls.Config for this connection only. Will be used for data
+	// and control connections.
+	tlsConfig := f.tlsConfig()
+
 	// Make ftp library dial with fshttp dialer optionally using TLS
 	initialConnection := true
 	dial := func(network, address string) (conn net.Conn, err error) {
@@ -350,12 +398,17 @@ func (f *Fs) ftpConnection(ctx context.Context) (c *ftp.ServerConn, err error) {
 		defer func() {
 			fs.Debugf(f, "> dial: conn=%T, err=%v", conn, err)
 		}()
-		conn, err = fshttp.NewDialer(ctx).Dial(network, address)
+		baseDialer := fshttp.NewDialer(ctx)
+		if f.opt.SocksProxy != "" {
+			conn, err = proxy.SOCKS5Dial(network, address, f.opt.SocksProxy, baseDialer)
+		} else {
+			conn, err = baseDialer.Dial(network, address)
+		}
 		if err != nil {
 			return nil, err
 		}
 		// Connect using cleartext only for non TLS
-		if f.tlsConf == nil {
+		if tlsConfig == nil {
 			return conn, nil
 		}
 		// Initial connection only needs to be cleartext for explicit TLS
@@ -364,7 +417,7 @@ func (f *Fs) ftpConnection(ctx context.Context) (c *ftp.ServerConn, err error) {
 			return conn, nil
 		}
 		// Upgrade connection to TLS
-		tlsConn := tls.Client(conn, f.tlsConf)
+		tlsConn := tls.Client(conn, tlsConfig)
 		// Do the initial handshake - tls.Client doesn't do it for us
 		// If we do this then connections to proftpd/pureftpd lock up
 		// See: https://github.com/rclone/rclone/issues/6426
@@ -386,9 +439,9 @@ func (f *Fs) ftpConnection(ctx context.Context) (c *ftp.ServerConn, err error) {
 	if f.opt.TLS {
 		// Our dialer takes care of TLS but ftp library also needs tlsConf
 		// as a trigger for sending PSBZ and PROT options to server.
-		ftpConfig = append(ftpConfig, ftp.DialWithTLS(f.tlsConf))
+		ftpConfig = append(ftpConfig, ftp.DialWithTLS(tlsConfig))
 	} else if f.opt.ExplicitTLS {
-		ftpConfig = append(ftpConfig, ftp.DialWithExplicitTLS(f.tlsConf))
+		ftpConfig = append(ftpConfig, ftp.DialWithExplicitTLS(tlsConfig))
 	}
 	if f.opt.DisableEPSV {
 		ftpConfig = append(ftpConfig, ftp.DialWithDisabledEPSV(true))
@@ -471,8 +524,7 @@ func (f *Fs) putFtpConnection(pc **ftp.ServerConn, err error) {
 	*pc = nil
 	if err != nil {
 		// If not a regular FTP error code then check the connection
-		var tpErr *textproto.Error
-		if !errors.As(err, &tpErr) {
+		if tpErr := textprotoError(err); tpErr != nil {
 			nopErr := c.NoOp()
 			if nopErr != nil {
 				fs.Debugf(f, "Connection failed, closing: %v", nopErr)
@@ -544,19 +596,6 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (ff fs.Fs
 	if opt.TLS && opt.ExplicitTLS {
 		return nil, errors.New("implicit TLS and explicit TLS are mutually incompatible, please revise your config")
 	}
-	var tlsConfig *tls.Config
-	if opt.TLS || opt.ExplicitTLS {
-		tlsConfig = &tls.Config{
-			ServerName:         opt.Host,
-			InsecureSkipVerify: opt.SkipVerifyTLSCert,
-		}
-		if opt.TLSCacheSize > 0 {
-			tlsConfig.ClientSessionCache = tls.NewLRUClientSessionCache(opt.TLSCacheSize)
-		}
-		if opt.DisableTLS13 {
-			tlsConfig.MaxVersion = tls.VersionTLS12
-		}
-	}
 	u := protocol + path.Join(dialAddr+"/", root)
 	ci := fs.GetConfig(ctx)
 	f := &Fs{
@@ -569,11 +608,11 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (ff fs.Fs
 		pass:     pass,
 		dialAddr: dialAddr,
 		tokens:   pacer.NewTokenDispenser(opt.Concurrency),
-		tlsConf:  tlsConfig,
 		pacer:    fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
 	}
 	f.features = (&fs.Features{
 		CanHaveEmptyDirectories: true,
+		PartialUploads:          true,
 	}).Fill(ctx, f)
 	// set the pool drainer timer going
 	if f.opt.IdleTimeout > 0 {
@@ -621,8 +660,7 @@ func (f *Fs) Shutdown(ctx context.Context) error {
 
 // translateErrorFile turns FTP errors into rclone errors if possible for a file
 func translateErrorFile(err error) error {
-	switch errX := err.(type) {
-	case *textproto.Error:
+	if errX := textprotoError(err); errX != nil {
 		switch errX.Code {
 		case ftp.StatusFileUnavailable, ftp.StatusFileActionIgnored:
 			err = fs.ErrorObjectNotFound
@@ -633,8 +671,7 @@ func translateErrorFile(err error) error {
 
 // translateErrorDir turns FTP errors into rclone errors if possible for a directory
 func translateErrorDir(err error) error {
-	switch errX := err.(type) {
-	case *textproto.Error:
+	if errX := textprotoError(err); errX != nil {
 		switch errX.Code {
 		case ftp.StatusFileUnavailable, ftp.StatusFileActionIgnored:
 			err = fs.ErrorDirNotFound
@@ -688,6 +725,12 @@ func (f *Fs) findItem(ctx context.Context, remote string) (entry *ftp.Entry, err
 			if err == fs.ErrorObjectNotFound {
 				return nil, nil
 			}
+			if errX := textprotoError(err); errX != nil {
+				switch errX.Code {
+				case ftp.StatusBadArguments:
+					err = nil
+				}
+			}
 			return nil, err
 		}
 		if entry != nil {
@@ -925,8 +968,7 @@ func (f *Fs) mkdir(ctx context.Context, abspath string) error {
 	}
 	err = c.MakeDir(f.dirFromStandardPath(abspath))
 	f.putFtpConnection(&c, err)
-	switch errX := err.(type) {
-	case *textproto.Error:
+	if errX := textprotoError(err); errX != nil {
 		switch errX.Code {
 		case ftp.StatusFileUnavailable: // dir already exists: see issue #2181
 			err = nil
@@ -1095,7 +1137,7 @@ func (o *Object) ModTime(ctx context.Context) time.Time {
 // SetModTime sets the modification time of the object
 func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error {
 	if !o.fs.fSetTime {
-		fs.Errorf(o.fs, "SetModTime is not supported")
+		fs.Debugf(o.fs, "SetModTime is not supported")
 		return nil
 	}
 	c, err := o.fs.getFtpConnection(ctx)
@@ -1167,8 +1209,7 @@ func (f *ftpReadCloser) Close() error {
 	// mask the error if it was caused by a premature close
 	// NB StatusAboutToSend is to work around a bug in pureftpd
 	// See: https://github.com/rclone/rclone/issues/3445#issuecomment-521654257
-	switch errX := err.(type) {
-	case *textproto.Error:
+	if errX := textprotoError(err); errX != nil {
 		switch errX.Code {
 		case ftp.StatusTransfertAborted, ftp.StatusFileUnavailable, ftp.StatusAboutToSend:
 			err = nil
@@ -1246,13 +1287,10 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	}
 	err = c.Stor(o.fs.opt.Enc.FromStandardPath(path), in)
 	// Ignore error 250 here - send by some servers
-	if err != nil {
-		switch errX := err.(type) {
-		case *textproto.Error:
-			switch errX.Code {
-			case ftp.StatusRequestedFileActionOK:
-				err = nil
-			}
+	if errX := textprotoError(err); errX != nil {
+		switch errX.Code {
+		case ftp.StatusRequestedFileActionOK:
+			err = nil
 		}
 	}
 	if err != nil {
diff --git a/backend/googlecloudstorage/googlecloudstorage.go b/backend/googlecloudstorage/googlecloudstorage.go
index 4017c206b677b..1d1bffaee53ce 100644
--- a/backend/googlecloudstorage/googlecloudstorage.go
+++ b/backend/googlecloudstorage/googlecloudstorage.go
@@ -91,15 +91,21 @@ func init() {
 			})
 		},
 		Options: append(oauthutil.SharedOptions, []fs.Option{{
-			Name: "project_number",
-			Help: "Project number.\n\nOptional - needed only for list/create/delete buckets - see your developer console.",
+			Name:      "project_number",
+			Help:      "Project number.\n\nOptional - needed only for list/create/delete buckets - see your developer console.",
+			Sensitive: true,
+		}, {
+			Name:      "user_project",
+			Help:      "User project.\n\nOptional - needed only for requester pays.",
+			Sensitive: true,
 		}, {
 			Name: "service_account_file",
 			Help: "Service Account Credentials JSON file path.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login." + env.ShellExpandHelp,
 		}, {
-			Name: "service_account_credentials",
-			Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
-			Hide: fs.OptionHideBoth,
+			Name:      "service_account_credentials",
+			Help:      "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
+			Hide:      fs.OptionHideBoth,
+			Sensitive: true,
 		}, {
 			Name:    "anonymous",
 			Help:    "Access public buckets and objects without credentials.\n\nSet to 'true' if you just want to download files and don't configure credentials.",
@@ -298,6 +304,15 @@ Docs: https://cloud.google.com/storage/docs/bucket-policy-only
 				Value: "DURABLE_REDUCED_AVAILABILITY",
 				Help:  "Durable reduced availability storage class",
 			}},
+		}, {
+			Name:     "directory_markers",
+			Default:  false,
+			Advanced: true,
+			Help: `Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with "/", to persist the folder.
+`,
 		}, {
 			Name: "no_check_bucket",
 			Help: `If set, don't attempt to check the bucket exists or create it.
@@ -349,6 +364,7 @@ can't check the size and hash but the file contents will be decompressed.
 // Options defines the configuration for this backend
 type Options struct {
 	ProjectNumber             string               `config:"project_number"`
+	UserProject               string               `config:"user_project"`
 	ServiceAccountFile        string               `config:"service_account_file"`
 	ServiceAccountCredentials string               `config:"service_account_credentials"`
 	Anonymous                 bool                 `config:"anonymous"`
@@ -362,6 +378,7 @@ type Options struct {
 	Endpoint                  string               `config:"endpoint"`
 	Enc                       encoder.MultiEncoder `config:"encoding"`
 	EnvAuth                   bool                 `config:"env_auth"`
+	DirectoryMarkers          bool                 `config:"directory_markers"`
 }
 
 // Fs represents a remote storage server
@@ -457,7 +474,7 @@ func parsePath(path string) (root string) {
 // split returns bucket and bucketPath from the rootRelativePath
 // relative to f.root
 func (f *Fs) split(rootRelativePath string) (bucketName, bucketPath string) {
-	bucketName, bucketPath = bucket.Split(path.Join(f.root, rootRelativePath))
+	bucketName, bucketPath = bucket.Split(bucket.Join(f.root, rootRelativePath))
 	return f.opt.Enc.FromStandardName(bucketName), f.opt.Enc.FromStandardPath(bucketPath)
 }
 
@@ -543,6 +560,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		BucketBased:       true,
 		BucketBasedRootOK: true,
 	}).Fill(ctx, f)
+	if opt.DirectoryMarkers {
+		f.features.CanHaveEmptyDirectories = true
+	}
 
 	// Create a new authorized Drive client.
 	f.client = oAuthClient
@@ -559,7 +579,11 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		// Check to see if the object exists
 		encodedDirectory := f.opt.Enc.FromStandardPath(f.rootDirectory)
 		err = f.pacer.Call(func() (bool, error) {
-			_, err = f.svc.Objects.Get(f.rootBucket, encodedDirectory).Context(ctx).Do()
+			get := f.svc.Objects.Get(f.rootBucket, encodedDirectory).Context(ctx)
+			if f.opt.UserProject != "" {
+				get = get.UserProject(f.opt.UserProject)
+			}
+			_, err = get.Do()
 			return shouldRetry(ctx, err)
 		})
 		if err == nil {
@@ -619,9 +643,13 @@ func (f *Fs) list(ctx context.Context, bucket, directory, prefix string, addBuck
 		directory += "/"
 	}
 	list := f.svc.Objects.List(bucket).Prefix(directory).MaxResults(listChunks)
+	if f.opt.UserProject != "" {
+		list = list.UserProject(f.opt.UserProject)
+	}
 	if !recurse {
 		list = list.Delimiter("/")
 	}
+	foundItems := 0
 	for {
 		var objects *storage.Objects
 		err = f.pacer.Call(func() (bool, error) {
@@ -637,6 +665,7 @@ func (f *Fs) list(ctx context.Context, bucket, directory, prefix string, addBuck
 			return err
 		}
 		if !recurse {
+			foundItems += len(objects.Prefixes)
 			var object storage.Object
 			for _, remote := range objects.Prefixes {
 				if !strings.HasSuffix(remote, "/") {
@@ -657,22 +686,29 @@ func (f *Fs) list(ctx context.Context, bucket, directory, prefix string, addBuck
 				}
 			}
 		}
+		foundItems += len(objects.Items)
 		for _, object := range objects.Items {
 			remote := f.opt.Enc.ToStandardPath(object.Name)
 			if !strings.HasPrefix(remote, prefix) {
 				fs.Logf(f, "Odd name received %q", object.Name)
 				continue
 			}
-			remote = remote[len(prefix):]
 			isDirectory := remote == "" || strings.HasSuffix(remote, "/")
-			if addBucket {
-				remote = path.Join(bucket, remote)
-			}
 			// is this a directory marker?
 			if isDirectory {
-				continue // skip directory marker
+				// Don't insert the root directory
+				if remote == directory {
+					continue
+				}
+				// process directory markers as directories
+				remote = strings.TrimRight(remote, "/")
 			}
-			err = fn(remote, object, false)
+			remote = remote[len(prefix):]
+			if addBucket {
+				remote = path.Join(bucket, remote)
+			}
+
+			err = fn(remote, object, isDirectory)
 			if err != nil {
 				return err
 			}
@@ -682,6 +718,17 @@ func (f *Fs) list(ctx context.Context, bucket, directory, prefix string, addBuck
 		}
 		list.PageToken(objects.NextPageToken)
 	}
+	if f.opt.DirectoryMarkers && foundItems == 0 && directory != "" {
+		// Determine whether the directory exists or not by whether it has a marker
+		_, err := f.readObjectInfo(ctx, bucket, directory)
+		if err != nil {
+			if err == fs.ErrorObjectNotFound {
+				return fs.ErrorDirNotFound
+			}
+			return err
+		}
+	}
+
 	return nil
 }
 
@@ -725,6 +772,9 @@ func (f *Fs) listBuckets(ctx context.Context) (entries fs.DirEntries, err error)
 		return nil, errors.New("can't list buckets without project number")
 	}
 	listBuckets := f.svc.Buckets.List(f.opt.ProjectNumber).MaxResults(listChunks)
+	if f.opt.UserProject != "" {
+		listBuckets = listBuckets.UserProject(f.opt.UserProject)
+	}
 	for {
 		var buckets *storage.Buckets
 		err = f.pacer.Call(func() (bool, error) {
@@ -842,10 +892,69 @@ func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, opt
 	return f.Put(ctx, in, src, options...)
 }
 
+// Create directory marker file and parents
+func (f *Fs) createDirectoryMarker(ctx context.Context, bucket, dir string) error {
+	if !f.opt.DirectoryMarkers || bucket == "" {
+		return nil
+	}
+
+	// Object to be uploaded
+	o := &Object{
+		fs:      f,
+		modTime: time.Now(),
+	}
+
+	for {
+		_, bucketPath := f.split(dir)
+		// Don't create the directory marker if it is the bucket or at the very root
+		if bucketPath == "" {
+			break
+		}
+		o.remote = dir + "/"
+
+		// Check to see if object already exists
+		_, err := o.readObjectInfo(ctx)
+		if err == nil {
+			return nil
+		}
+
+		// Upload it if not
+		fs.Debugf(o, "Creating directory marker")
+		content := io.Reader(strings.NewReader(""))
+		err = o.Update(ctx, content, o)
+		if err != nil {
+			return fmt.Errorf("creating directory marker failed: %w", err)
+		}
+
+		// Now check parent directory exists
+		dir = path.Dir(dir)
+		if dir == "/" || dir == "." {
+			break
+		}
+	}
+
+	return nil
+}
+
 // Mkdir creates the bucket if it doesn't exist
 func (f *Fs) Mkdir(ctx context.Context, dir string) (err error) {
 	bucket, _ := f.split(dir)
-	return f.makeBucket(ctx, bucket)
+	e := f.checkBucket(ctx, bucket)
+	if e != nil {
+		return e
+	}
+	return f.createDirectoryMarker(ctx, bucket, dir)
+
+}
+
+// mkdirParent creates the parent bucket/directory if it doesn't exist
+func (f *Fs) mkdirParent(ctx context.Context, remote string) error {
+	remote = strings.TrimRight(remote, "/")
+	dir := path.Dir(remote)
+	if dir == "/" || dir == "." {
+		dir = ""
+	}
+	return f.Mkdir(ctx, dir)
 }
 
 // makeBucket creates the bucket if it doesn't exist
@@ -854,7 +963,11 @@ func (f *Fs) makeBucket(ctx context.Context, bucket string) (err error) {
 		// List something from the bucket to see if it exists.  Doing it like this enables the use of a
 		// service account that only has the "Storage Object Admin" role.  See #2193 for details.
 		err = f.pacer.Call(func() (bool, error) {
-			_, err = f.svc.Objects.List(bucket).MaxResults(1).Context(ctx).Do()
+			list := f.svc.Objects.List(bucket).MaxResults(1).Context(ctx)
+			if f.opt.UserProject != "" {
+				list = list.UserProject(f.opt.UserProject)
+			}
+			_, err = list.Do()
 			return shouldRetry(ctx, err)
 		})
 		if err == nil {
@@ -889,7 +1002,11 @@ func (f *Fs) makeBucket(ctx context.Context, bucket string) (err error) {
 			if !f.opt.BucketPolicyOnly {
 				insertBucket.PredefinedAcl(f.opt.BucketACL)
 			}
-			_, err = insertBucket.Context(ctx).Do()
+			insertBucket = insertBucket.Context(ctx)
+			if f.opt.UserProject != "" {
+				insertBucket = insertBucket.UserProject(f.opt.UserProject)
+			}
+			_, err = insertBucket.Do()
 			return shouldRetry(ctx, err)
 		})
 	}, nil)
@@ -909,12 +1026,28 @@ func (f *Fs) checkBucket(ctx context.Context, bucket string) error {
 // to delete was not empty.
 func (f *Fs) Rmdir(ctx context.Context, dir string) (err error) {
 	bucket, directory := f.split(dir)
+	// Remove directory marker file
+	if f.opt.DirectoryMarkers && bucket != "" && dir != "" {
+		o := &Object{
+			fs:     f,
+			remote: dir + "/",
+		}
+		fs.Debugf(o, "Removing directory marker")
+		err := o.Remove(ctx)
+		if err != nil {
+			return fmt.Errorf("removing directory marker failed: %w", err)
+		}
+	}
 	if bucket == "" || directory != "" {
 		return nil
 	}
 	return f.cache.Remove(bucket, func() error {
 		return f.pacer.Call(func() (bool, error) {
-			err = f.svc.Buckets.Delete(bucket).Context(ctx).Do()
+			deleteBucket := f.svc.Buckets.Delete(bucket).Context(ctx)
+			if f.opt.UserProject != "" {
+				deleteBucket = deleteBucket.UserProject(f.opt.UserProject)
+			}
+			err = deleteBucket.Do()
 			return shouldRetry(ctx, err)
 		})
 	})
@@ -936,7 +1069,7 @@ func (f *Fs) Precision() time.Duration {
 // If it isn't possible then return fs.ErrorCantCopy
 func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
 	dstBucket, dstPath := f.split(remote)
-	err := f.checkBucket(ctx, dstBucket)
+	err := f.mkdirParent(ctx, remote)
 	if err != nil {
 		return nil, err
 	}
@@ -960,7 +1093,11 @@ func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	var rewriteResponse *storage.RewriteResponse
 	for {
 		err = f.pacer.Call(func() (bool, error) {
-			rewriteResponse, err = rewriteRequest.Context(ctx).Do()
+			rewriteRequest = rewriteRequest.Context(ctx)
+			if f.opt.UserProject != "" {
+				rewriteRequest.UserProject(f.opt.UserProject)
+			}
+			rewriteResponse, err = rewriteRequest.Do()
 			return shouldRetry(ctx, err)
 		})
 		if err != nil {
@@ -1070,8 +1207,17 @@ func (o *Object) setMetaData(info *storage.Object) {
 // readObjectInfo reads the definition for an object
 func (o *Object) readObjectInfo(ctx context.Context) (object *storage.Object, err error) {
 	bucket, bucketPath := o.split()
-	err = o.fs.pacer.Call(func() (bool, error) {
-		object, err = o.fs.svc.Objects.Get(bucket, bucketPath).Context(ctx).Do()
+	return o.fs.readObjectInfo(ctx, bucket, bucketPath)
+}
+
+// readObjectInfo reads the definition for an object
+func (f *Fs) readObjectInfo(ctx context.Context, bucket, bucketPath string) (object *storage.Object, err error) {
+	err = f.pacer.Call(func() (bool, error) {
+		get := f.svc.Objects.Get(bucket, bucketPath).Context(ctx)
+		if f.opt.UserProject != "" {
+			get = get.UserProject(f.opt.UserProject)
+		}
+		object, err = get.Do()
 		return shouldRetry(ctx, err)
 	})
 	if err != nil {
@@ -1143,7 +1289,11 @@ func (o *Object) SetModTime(ctx context.Context, modTime time.Time) (err error)
 		if !o.fs.opt.BucketPolicyOnly {
 			copyObject.DestinationPredefinedAcl(o.fs.opt.ObjectACL)
 		}
-		newObject, err = copyObject.Context(ctx).Do()
+		copyObject = copyObject.Context(ctx)
+		if o.fs.opt.UserProject != "" {
+			copyObject = copyObject.UserProject(o.fs.opt.UserProject)
+		}
+		newObject, err = copyObject.Do()
 		return shouldRetry(ctx, err)
 	})
 	if err != nil {
@@ -1160,7 +1310,11 @@ func (o *Object) Storable() bool {
 
 // Open an object for read
 func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.ReadCloser, err error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", o.url, nil)
+	url := o.url
+	if o.fs.opt.UserProject != "" {
+		url += "&userProject=" + o.fs.opt.UserProject
+	}
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -1203,11 +1357,14 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 // Update the object with the contents of the io.Reader, modTime and size
 //
 // The new object may have been created if an error is returned
-func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error {
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
 	bucket, bucketPath := o.split()
-	err := o.fs.checkBucket(ctx, bucket)
-	if err != nil {
-		return err
+	// Create parent dir/bucket if not saving directory marker
+	if !strings.HasSuffix(o.remote, "/") {
+		err = o.fs.mkdirParent(ctx, o.remote)
+		if err != nil {
+			return err
+		}
 	}
 	modTime := src.ModTime(ctx)
 
@@ -1252,7 +1409,11 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		if !o.fs.opt.BucketPolicyOnly {
 			insertObject.PredefinedAcl(o.fs.opt.ObjectACL)
 		}
-		newObject, err = insertObject.Context(ctx).Do()
+		insertObject = insertObject.Context(ctx)
+		if o.fs.opt.UserProject != "" {
+			insertObject = insertObject.UserProject(o.fs.opt.UserProject)
+		}
+		newObject, err = insertObject.Do()
 		return shouldRetry(ctx, err)
 	})
 	if err != nil {
@@ -1267,7 +1428,11 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 func (o *Object) Remove(ctx context.Context) (err error) {
 	bucket, bucketPath := o.split()
 	err = o.fs.pacer.Call(func() (bool, error) {
-		err = o.fs.svc.Objects.Delete(bucket, bucketPath).Context(ctx).Do()
+		deleteBucket := o.fs.svc.Objects.Delete(bucket, bucketPath).Context(ctx)
+		if o.fs.opt.UserProject != "" {
+			deleteBucket = deleteBucket.UserProject(o.fs.opt.UserProject)
+		}
+		err = deleteBucket.Do()
 		return shouldRetry(ctx, err)
 	})
 	return err
diff --git a/backend/googlecloudstorage/googlecloudstorage_test.go b/backend/googlecloudstorage/googlecloudstorage_test.go
index d54f2b061a5a7..f1aa02647d485 100644
--- a/backend/googlecloudstorage/googlecloudstorage_test.go
+++ b/backend/googlecloudstorage/googlecloudstorage_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/rclone/rclone/backend/googlecloudstorage"
+	"github.com/rclone/rclone/fstest"
 	"github.com/rclone/rclone/fstest/fstests"
 )
 
@@ -16,3 +17,17 @@ func TestIntegration(t *testing.T) {
 		NilObject:  (*googlecloudstorage.Object)(nil),
 	})
 }
+
+func TestIntegration2(t *testing.T) {
+	if *fstest.RemoteName != "" {
+		t.Skip("Skipping as -remote set")
+	}
+	name := "TestGoogleCloudStorage"
+	fstests.Run(t, &fstests.Opt{
+		RemoteName: name + ":",
+		NilObject:  (*googlecloudstorage.Object)(nil),
+		ExtraConfig: []fstests.ExtraConfigItem{
+			{Name: name, Key: "directory_markers", Value: "true"},
+		},
+	})
+}
diff --git a/backend/googlephotos/googlephotos.go b/backend/googlephotos/googlephotos.go
index c743ddec4a806..df031b606d8df 100644
--- a/backend/googlephotos/googlephotos.go
+++ b/backend/googlephotos/googlephotos.go
@@ -29,6 +29,7 @@ import (
 	"github.com/rclone/rclone/fs/fshttp"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/fs/log"
+	"github.com/rclone/rclone/lib/batcher"
 	"github.com/rclone/rclone/lib/encoder"
 	"github.com/rclone/rclone/lib/oauthutil"
 	"github.com/rclone/rclone/lib/pacer"
@@ -71,6 +72,14 @@ var (
 		ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
 		RedirectURL:  oauthutil.RedirectURL,
 	}
+
+	// Configure the batcher
+	defaultBatcherOptions = batcher.Options{
+		MaxBatchSize:          50,
+		DefaultTimeoutSync:    1000 * time.Millisecond,
+		DefaultTimeoutAsync:   10 * time.Second,
+		DefaultBatchSizeAsync: 50,
+	}
 )
 
 // Register with Fs
@@ -111,7 +120,7 @@ will count towards storage in your Google Account.`)
 			}
 			return nil, fmt.Errorf("unknown state %q", config.State)
 		},
-		Options: append(oauthutil.SharedOptions, []fs.Option{{
+		Options: append(append(oauthutil.SharedOptions, []fs.Option{{
 			Name:    "read_only",
 			Default: false,
 			Help: `Set to make the Google Photos backend read only.
@@ -158,7 +167,7 @@ listings and won't be transferred.`,
 			Default: (encoder.Base |
 				encoder.EncodeCrLf |
 				encoder.EncodeInvalidUtf8),
-		}}...),
+		}}...), defaultBatcherOptions.FsOptions("")...),
 	})
 }
 
@@ -169,6 +178,9 @@ type Options struct {
 	StartYear       int                  `config:"start_year"`
 	IncludeArchived bool                 `config:"include_archived"`
 	Enc             encoder.MultiEncoder `config:"encoding"`
+	BatchMode       string               `config:"batch_mode"`
+	BatchSize       int                  `config:"batch_size"`
+	BatchTimeout    fs.Duration          `config:"batch_timeout"`
 }
 
 // Fs represents a remote storage server
@@ -187,6 +199,7 @@ type Fs struct {
 	uploadedMu sync.Mutex             // to protect the below
 	uploaded   dirtree.DirTree        // record of uploaded items
 	createMu   sync.Mutex             // held when creating albums to prevent dupes
+	batcher    *batcher.Batcher[uploadedItem, *api.MediaItem]
 }
 
 // Object describes a storage object
@@ -312,6 +325,14 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		albums:    map[bool]*albums{},
 		uploaded:  dirtree.New(),
 	}
+	batcherOptions := defaultBatcherOptions
+	batcherOptions.Mode = f.opt.BatchMode
+	batcherOptions.Size = f.opt.BatchSize
+	batcherOptions.Timeout = time.Duration(f.opt.BatchTimeout)
+	f.batcher, err = batcher.New(ctx, f, f.commitBatch, batcherOptions)
+	if err != nil {
+		return nil, err
+	}
 	f.features = (&fs.Features{
 		ReadMimeType: true,
 	}).Fill(ctx, f)
@@ -781,6 +802,13 @@ func (f *Fs) Hashes() hash.Set {
 	return hash.Set(hash.None)
 }
 
+// Shutdown the backend, closing any background tasks and any
+// cached connections.
+func (f *Fs) Shutdown(ctx context.Context) error {
+	f.batcher.Shutdown()
+	return nil
+}
+
 // ------------------------------------------------------------
 
 // Fs returns the parent Fs
@@ -961,6 +989,82 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 	return resp.Body, err
 }
 
+// input to the batcher
+type uploadedItem struct {
+	AlbumID     string // desired album
+	UploadToken string // upload ID
+}
+
+// Commit a batch of items to albumID returning the errors in errors
+func (f *Fs) commitBatchAlbumID(ctx context.Context, items []uploadedItem, results []*api.MediaItem, errors []error, albumID string) {
+	// Create the media item from an UploadToken, optionally adding to an album
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "/mediaItems:batchCreate",
+	}
+	var request = api.BatchCreateRequest{
+		AlbumID: albumID,
+	}
+	itemsInBatch := 0
+	for i := range items {
+		if items[i].AlbumID == albumID {
+			request.NewMediaItems = append(request.NewMediaItems, api.NewMediaItem{
+				SimpleMediaItem: api.SimpleMediaItem{
+					UploadToken: items[i].UploadToken,
+				},
+			})
+			itemsInBatch++
+		}
+	}
+	var result api.BatchCreateResponse
+	var resp *http.Response
+	var err error
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, request, &result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		err = fmt.Errorf("failed to create media item: %w", err)
+	}
+	if err == nil && len(result.NewMediaItemResults) != itemsInBatch {
+		err = fmt.Errorf("bad response to BatchCreate expecting %d items but got %d", itemsInBatch, len(result.NewMediaItemResults))
+	}
+	j := 0
+	for i := range items {
+		if items[i].AlbumID == albumID {
+			if err == nil {
+				media := &result.NewMediaItemResults[j]
+				if media.Status.Code != 0 {
+					errors[i] = fmt.Errorf("upload failed: %s (%d)", media.Status.Message, media.Status.Code)
+				} else {
+					results[i] = &media.MediaItem
+				}
+			} else {
+				errors[i] = err
+			}
+			j++
+		}
+	}
+}
+
+// Called by the batcher to commit a batch
+func (f *Fs) commitBatch(ctx context.Context, items []uploadedItem, results []*api.MediaItem, errors []error) (err error) {
+	// Discover all the AlbumIDs as we have to upload these separately
+	//
+	// Should maybe have one batcher per AlbumID
+	albumIDs := map[string]struct{}{}
+	for i := range items {
+		albumIDs[items[i].AlbumID] = struct{}{}
+	}
+
+	// batch the albums
+	for albumID := range albumIDs {
+		// errors returned in errors
+		f.commitBatchAlbumID(ctx, items, results, errors, albumID)
+	}
+	return nil
+}
+
 // Update the object with the contents of the io.Reader, modTime and size
 //
 // The new object may have been created if an error is returned
@@ -1021,37 +1125,26 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		return errors.New("empty upload token")
 	}
 
-	// Create the media item from an UploadToken, optionally adding to an album
-	opts = rest.Opts{
-		Method: "POST",
-		Path:   "/mediaItems:batchCreate",
+	uploaded := uploadedItem{
+		AlbumID:     albumID,
+		UploadToken: uploadToken,
 	}
-	var request = api.BatchCreateRequest{
-		AlbumID: albumID,
-		NewMediaItems: []api.NewMediaItem{
-			{
-				SimpleMediaItem: api.SimpleMediaItem{
-					UploadToken: uploadToken,
-				},
-			},
-		},
-	}
-	var result api.BatchCreateResponse
-	err = o.fs.pacer.Call(func() (bool, error) {
-		resp, err = o.fs.srv.CallJSON(ctx, &opts, request, &result)
-		return shouldRetry(ctx, resp, err)
-	})
-	if err != nil {
-		return fmt.Errorf("failed to create media item: %w", err)
-	}
-	if len(result.NewMediaItemResults) != 1 {
-		return errors.New("bad response to BatchCreate wrong number of items")
-	}
-	mediaItemResult := result.NewMediaItemResults[0]
-	if mediaItemResult.Status.Code != 0 {
-		return fmt.Errorf("upload failed: %s (%d)", mediaItemResult.Status.Message, mediaItemResult.Status.Code)
+
+	// Save the upload into an album
+	var info *api.MediaItem
+	if o.fs.batcher.Batching() {
+		info, err = o.fs.batcher.Commit(ctx, o.remote, uploaded)
+	} else {
+		errors := make([]error, 1)
+		results := make([]*api.MediaItem, 1)
+		err = o.fs.commitBatch(ctx, []uploadedItem{uploaded}, results, errors)
+		if err != nil {
+			err = errors[0]
+			info = results[0]
+		}
 	}
-	o.setMetaData(&mediaItemResult.MediaItem)
+
+	o.setMetaData(info)
 
 	// Add upload to internal storage
 	if pattern.isUpload {
diff --git a/backend/hasher/hasher.go b/backend/hasher/hasher.go
index e80daedee6a35..3428b4dc2c0d1 100644
--- a/backend/hasher/hasher.go
+++ b/backend/hasher/hasher.go
@@ -166,6 +166,7 @@ func NewFs(ctx context.Context, fsname, rpath string, cmap configmap.Mapper) (fs
 		ReadMetadata:            true,
 		WriteMetadata:           true,
 		UserMetadata:            true,
+		PartialUploads:          true,
 	}
 	f.features = stubFeatures.Fill(ctx, f).Mask(ctx, f.Fs).WrapsFs(f, f.Fs)
 
diff --git a/backend/hasher/hasher_test.go b/backend/hasher/hasher_test.go
index 23feb9b96ca7f..f17303ecc16a2 100644
--- a/backend/hasher/hasher_test.go
+++ b/backend/hasher/hasher_test.go
@@ -23,6 +23,7 @@ func TestIntegration(t *testing.T) {
 		NilObject:  (*hasher.Object)(nil),
 		UnimplementableFsMethods: []string{
 			"OpenWriterAt",
+			"OpenChunkWriter",
 		},
 		UnimplementableObjectMethods: []string{},
 	}
diff --git a/backend/hdfs/fs.go b/backend/hdfs/fs.go
index 7d48ffed60ea5..dfe98bbd47bab 100644
--- a/backend/hdfs/fs.go
+++ b/backend/hdfs/fs.go
@@ -21,6 +21,7 @@ import (
 	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/fs/config/configstruct"
 	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/pacer"
 )
 
 // Fs represents a HDFS server
@@ -31,8 +32,15 @@ type Fs struct {
 	opt      Options        // options for this backend
 	ci       *fs.ConfigInfo // global config
 	client   *hdfs.Client
+	pacer    *fs.Pacer // pacer for API calls
 }
 
+const (
+	minSleep      = 20 * time.Millisecond
+	maxSleep      = 10 * time.Second
+	decayConstant = 2 // bigger for slower decay, exponential
+)
+
 // copy-paste from https://github.com/colinmarc/hdfs/blob/master/cmd/hdfs/kerberos.go
 func getKerberosClient() (*krb.Client, error) {
 	configPath := os.Getenv("KRB5_CONFIG")
@@ -85,7 +93,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	}
 
 	options := hdfs.ClientOptions{
-		Addresses:           []string{opt.Namenode},
+		Addresses:           opt.Namenode,
 		UseDatanodeHostname: false,
 	}
 
@@ -114,6 +122,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		opt:    *opt,
 		ci:     fs.GetConfig(ctx),
 		client: client,
+		pacer:  fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
 	}
 
 	f.features = (&fs.Features{
diff --git a/backend/hdfs/hdfs.go b/backend/hdfs/hdfs.go
index c07c0d7e2bc89..312aa1e5cc255 100644
--- a/backend/hdfs/hdfs.go
+++ b/backend/hdfs/hdfs.go
@@ -19,9 +19,11 @@ func init() {
 		Description: "Hadoop distributed file system",
 		NewFs:       NewFs,
 		Options: []fs.Option{{
-			Name:     "namenode",
-			Help:     "Hadoop name node and port.\n\nE.g. \"namenode:8020\" to connect to host namenode at port 8020.",
-			Required: true,
+			Name:      "namenode",
+			Help:      "Hadoop name nodes and ports.\n\nE.g. \"namenode-1:8020,namenode-2:8020,...\" to connect to host namenodes at port 8020.",
+			Required:  true,
+			Sensitive: true,
+			Default:   fs.CommaSepList{},
 		}, {
 			Name: "username",
 			Help: "Hadoop user name.",
@@ -29,6 +31,7 @@ func init() {
 				Value: "root",
 				Help:  "Connect to hdfs as root.",
 			}},
+			Sensitive: true,
 		}, {
 			Name: "service_principal_name",
 			Help: `Kerberos service principal name for the namenode.
@@ -36,15 +39,16 @@ func init() {
 Enables KERBEROS authentication. Specifies the Service Principal Name
 (SERVICE/FQDN) for the namenode. E.g. \"hdfs/namenode.hadoop.docker\"
 for namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.`,
-			Advanced: true,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "data_transfer_protection",
 			Help: `Kerberos data transfer protection: authentication|integrity|privacy.
 
 Specifies whether or not authentication, data signature integrity
-checks, and wire encryption is required when communicating the the
-datanodes. Possible values are 'authentication', 'integrity' and
-'privacy'. Used only with KERBEROS enabled.`,
+checks, and wire encryption are required when communicating with
+the datanodes. Possible values are 'authentication', 'integrity'
+and 'privacy'. Used only with KERBEROS enabled.`,
 			Examples: []fs.OptionExample{{
 				Value: "privacy",
 				Help:  "Ensure authentication, integrity and encryption enabled.",
@@ -62,7 +66,7 @@ datanodes. Possible values are 'authentication', 'integrity' and
 
 // Options for this backend
 type Options struct {
-	Namenode               string               `config:"namenode"`
+	Namenode               fs.CommaSepList      `config:"namenode"`
 	Username               string               `config:"username"`
 	ServicePrincipalName   string               `config:"service_principal_name"`
 	DataTransferProtection string               `config:"data_transfer_protection"`
diff --git a/backend/hdfs/object.go b/backend/hdfs/object.go
index 976bc7f02ea9c..a2c2c10878c2a 100644
--- a/backend/hdfs/object.go
+++ b/backend/hdfs/object.go
@@ -5,10 +5,12 @@ package hdfs
 
 import (
 	"context"
+	"errors"
 	"io"
 	"path"
 	"time"
 
+	"github.com/colinmarc/hdfs/v2"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/lib/readers"
@@ -106,7 +108,7 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 
 // Update object
 func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error {
-	realpath := o.fs.realpath(src.Remote())
+	realpath := o.fs.realpath(o.remote)
 	dirname := path.Dir(realpath)
 	fs.Debugf(o.fs, "update [%s]", realpath)
 
@@ -141,7 +143,23 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		return err
 	}
 
-	err = out.Close()
+	// If the datanodes have acknowledged all writes but not yet
+	// to the namenode, FileWriter.Close can return ErrReplicating
+	// (wrapped in an os.PathError). This indicates that all data
+	// has been written, but the lease is still open for the file.
+	//
+	// It is safe in this case to either ignore the error (and let
+	// the lease expire on its own) or to call Close multiple
+	// times until it completes without an error. The Java client,
+	// for context, always chooses to retry, with exponential
+	// backoff.
+	err = o.fs.pacer.Call(func() (bool, error) {
+		err := out.Close()
+		if err == nil {
+			return false, nil
+		}
+		return errors.Is(err, hdfs.ErrReplicating), err
+	})
 	if err != nil {
 		cleanup()
 		return err
diff --git a/backend/hidrive/helpers.go b/backend/hidrive/helpers.go
index 7b925e1b34722..b7a52225793b4 100644
--- a/backend/hidrive/helpers.go
+++ b/backend/hidrive/helpers.go
@@ -294,15 +294,6 @@ func (f *Fs) copyOrMove(ctx context.Context, isDirectory bool, operationType Cop
 	return &result, nil
 }
 
-// copyDirectory moves the directory at the source-path to the destination-path and
-// returns the resulting api-object if successful.
-//
-// The operation will only be successful
-// if the parent-directory of the destination-path exists.
-func (f *Fs) copyDirectory(ctx context.Context, source string, destination string, onExist OnExistAction) (*api.HiDriveObject, error) {
-	return f.copyOrMove(ctx, true, CopyOriginalPreserveModTime, source, destination, onExist)
-}
-
 // moveDirectory moves the directory at the source-path to the destination-path and
 // returns the resulting api-object if successful.
 //
diff --git a/backend/hidrive/hidrive.go b/backend/hidrive/hidrive.go
index 5004b81910a9e..500e6f7cfc96c 100644
--- a/backend/hidrive/hidrive.go
+++ b/backend/hidrive/hidrive.go
@@ -2,7 +2,7 @@
 package hidrive
 
 // FIXME HiDrive only supports file or folder names of 255 characters or less.
-// Operations that create files oder folder with longer names will throw a HTTP error:
+// Operations that create files or folders with longer names will throw an HTTP error:
 // - 422 Unprocessable Entity
 // A more graceful way for rclone to handle this may be desirable.
 
@@ -338,7 +338,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 			return nil, fmt.Errorf("could not access root-prefix: %w", err)
 		}
 		if item.Type != api.HiDriveObjectTypeDirectory {
-			return nil, errors.New("The root-prefix needs to point to a valid directory or be empty")
+			return nil, errors.New("the root-prefix needs to point to a valid directory or be empty")
 		}
 	}
 
diff --git a/backend/http/http.go b/backend/http/http.go
index 518ea411cd8d7..862376d4f284e 100644
--- a/backend/http/http.go
+++ b/backend/http/http.go
@@ -36,6 +36,7 @@ func init() {
 		Name:        "http",
 		Description: "HTTP",
 		NewFs:       NewFs,
+		CommandHelp: commandHelp,
 		Options: []fs.Option{{
 			Name:     "url",
 			Help:     "URL of HTTP host to connect to.\n\nE.g. \"https://example.com\", or \"https://user:pass@example.com\" to use a username and password.",
@@ -210,18 +211,10 @@ func getFsEndpoint(ctx context.Context, client *http.Client, url string, opt *Op
 	return createFileResult()
 }
 
-// NewFs creates a new Fs object from the name and root. It connects to
-// the host specified in the config file.
-func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error) {
-	// Parse config into Options struct
-	opt := new(Options)
-	err := configstruct.Set(m, opt)
-	if err != nil {
-		return nil, err
-	}
-
+// Make the http connection with opt
+func (f *Fs) httpConnection(ctx context.Context, opt *Options) (isFile bool, err error) {
 	if len(opt.Headers)%2 != 0 {
-		return nil, errors.New("odd number of headers supplied")
+		return false, errors.New("odd number of headers supplied")
 	}
 
 	if !strings.HasSuffix(opt.Endpoint, "/") {
@@ -231,11 +224,11 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	// Parse the endpoint and stick the root onto it
 	base, err := url.Parse(opt.Endpoint)
 	if err != nil {
-		return nil, err
+		return false, err
 	}
-	u, err := rest.URLJoin(base, rest.URLPathEscape(root))
+	u, err := rest.URLJoin(base, rest.URLPathEscape(f.root))
 	if err != nil {
-		return nil, err
+		return false, err
 	}
 
 	client := fshttp.NewClient(ctx)
@@ -243,24 +236,44 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	endpoint, isFile := getFsEndpoint(ctx, client, u.String(), opt)
 	fs.Debugf(nil, "Root: %s", endpoint)
 	u, err = url.Parse(endpoint)
+	if err != nil {
+		return false, err
+	}
+
+	// Update f with the new parameters
+	f.httpClient = client
+	f.endpoint = u
+	f.endpointURL = u.String()
+	return isFile, nil
+}
+
+// NewFs creates a new Fs object from the name and root. It connects to
+// the host specified in the config file.
+func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error) {
+	// Parse config into Options struct
+	opt := new(Options)
+	err := configstruct.Set(m, opt)
 	if err != nil {
 		return nil, err
 	}
 
 	ci := fs.GetConfig(ctx)
 	f := &Fs{
-		name:        name,
-		root:        root,
-		opt:         *opt,
-		ci:          ci,
-		httpClient:  client,
-		endpoint:    u,
-		endpointURL: u.String(),
+		name: name,
+		root: root,
+		opt:  *opt,
+		ci:   ci,
 	}
 	f.features = (&fs.Features{
 		CanHaveEmptyDirectories: true,
 	}).Fill(ctx, f)
 
+	// Make the http connection
+	isFile, err := f.httpConnection(ctx, opt)
+	if err != nil {
+		return nil, err
+	}
+
 	if isFile {
 		// return an error with an fs which points to the parent
 		return f, fs.ErrorIsFile
@@ -495,7 +508,7 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 					add(file)
 				case fs.ErrorNotAFile:
 					// ...found a directory not a file
-					add(fs.NewDir(remote, timeUnset))
+					add(fs.NewDir(remote, time.Time{}))
 				default:
 					fs.Debugf(remote, "skipping because of error: %v", err)
 				}
@@ -507,7 +520,7 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 		name = strings.TrimRight(name, "/")
 		remote := path.Join(dir, name)
 		if isDir {
-			add(fs.NewDir(remote, timeUnset))
+			add(fs.NewDir(remote, time.Time{}))
 		} else {
 			in <- remote
 		}
@@ -685,10 +698,66 @@ func (o *Object) MimeType(ctx context.Context) string {
 	return o.contentType
 }
 
+var commandHelp = []fs.CommandHelp{{
+	Name:  "set",
+	Short: "Set command for updating the config parameters.",
+	Long: `This set command can be used to update the config parameters
+for a running http backend.
+
+Usage Examples:
+
+    rclone backend set remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: -o url=https://example.com
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the http backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn't return anything.
+`,
+}}
+
+// Command the backend to run a named command
+//
+// The command run is name
+// args may be used to read arguments from
+// opts may be used to read optional arguments from
+//
+// The result should be capable of being JSON encoded
+// If it is a string or a []string it will be shown to the user
+// otherwise it will be JSON encoded and shown to the user like that
+func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error) {
+	switch name {
+	case "set":
+		newOpt := f.opt
+		err := configstruct.Set(configmap.Simple(opt), &newOpt)
+		if err != nil {
+			return nil, fmt.Errorf("reading config: %w", err)
+		}
+		_, err = f.httpConnection(ctx, &newOpt)
+		if err != nil {
+			return nil, fmt.Errorf("updating session: %w", err)
+		}
+		f.opt = newOpt
+		keys := []string{}
+		for k := range opt {
+			keys = append(keys, k)
+		}
+		fs.Logf(f, "Updated config values: %s", strings.Join(keys, ", "))
+		return nil, nil
+	default:
+		return nil, fs.ErrorCommandNotFound
+	}
+}
+
 // Check the interfaces are satisfied
 var (
 	_ fs.Fs          = &Fs{}
 	_ fs.PutStreamer = &Fs{}
 	_ fs.Object      = &Object{}
 	_ fs.MimeTyper   = &Object{}
+	_ fs.Commander   = &Fs{}
 )
diff --git a/backend/imagekit/client/client.go b/backend/imagekit/client/client.go
new file mode 100644
index 0000000000000..2b10c669d047d
--- /dev/null
+++ b/backend/imagekit/client/client.go
@@ -0,0 +1,66 @@
+// Package client provides a client for interacting with the ImageKit API.
+package client
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/fshttp"
+	"github.com/rclone/rclone/lib/rest"
+)
+
+// ImageKit main struct
+type ImageKit struct {
+	Prefix        string
+	UploadPrefix  string
+	Timeout       int64
+	UploadTimeout int64
+	PrivateKey    string
+	PublicKey     string
+	URLEndpoint   string
+	HTTPClient    *rest.Client
+}
+
+// NewParams is a struct to define parameters to imagekit
+type NewParams struct {
+	PrivateKey  string
+	PublicKey   string
+	URLEndpoint string
+}
+
+// New returns ImageKit object from environment variables
+func New(ctx context.Context, params NewParams) (*ImageKit, error) {
+
+	privateKey := params.PrivateKey
+	publicKey := params.PublicKey
+	endpointURL := params.URLEndpoint
+
+	switch {
+	case privateKey == "":
+		return nil, fmt.Errorf("ImageKit.io URL endpoint is required")
+	case publicKey == "":
+		return nil, fmt.Errorf("ImageKit.io public key is required")
+	case endpointURL == "":
+		return nil, fmt.Errorf("ImageKit.io private key is required")
+	}
+
+	cliCtx, cliCfg := fs.AddConfig(ctx)
+
+	cliCfg.UserAgent = "rclone/imagekit"
+	client := rest.NewClient(fshttp.NewClient(cliCtx))
+
+	client.SetUserPass(privateKey, "")
+	client.SetHeader("Accept", "application/json")
+
+	return &ImageKit{
+		Prefix:        "https://api.imagekit.io/v2",
+		UploadPrefix:  "https://upload.imagekit.io/api/v2",
+		Timeout:       60,
+		UploadTimeout: 3600,
+		PrivateKey:    params.PrivateKey,
+		PublicKey:     params.PublicKey,
+		URLEndpoint:   params.URLEndpoint,
+		HTTPClient:    client,
+	}, nil
+}
diff --git a/backend/imagekit/client/media.go b/backend/imagekit/client/media.go
new file mode 100644
index 0000000000000..d495b713b152e
--- /dev/null
+++ b/backend/imagekit/client/media.go
@@ -0,0 +1,252 @@
+package client
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/rclone/rclone/lib/rest"
+	"gopkg.in/validator.v2"
+)
+
+// FilesOrFolderParam struct is a parameter type to ListFiles() function to search / list media library files.
+type FilesOrFolderParam struct {
+	Path        string `json:"path,omitempty"`
+	Limit       int    `json:"limit,omitempty"`
+	Skip        int    `json:"skip,omitempty"`
+	SearchQuery string `json:"searchQuery,omitempty"`
+}
+
+// AITag represents an AI tag for a media library file.
+type AITag struct {
+	Name       string  `json:"name"`
+	Confidence float32 `json:"confidence"`
+	Source     string  `json:"source"`
+}
+
+// File represents media library File details.
+type File struct {
+	FileID            string            `json:"fileId"`
+	Name              string            `json:"name"`
+	FilePath          string            `json:"filePath"`
+	Type              string            `json:"type"`
+	VersionInfo       map[string]string `json:"versionInfo"`
+	IsPrivateFile     *bool             `json:"isPrivateFile"`
+	CustomCoordinates *string           `json:"customCoordinates"`
+	URL               string            `json:"url"`
+	Thumbnail         string            `json:"thumbnail"`
+	FileType          string            `json:"fileType"`
+	Mime              string            `json:"mime"`
+	Height            int               `json:"height"`
+	Width             int               `json:"Width"`
+	Size              uint64            `json:"size"`
+	HasAlpha          bool              `json:"hasAlpha"`
+	CustomMetadata    map[string]any    `json:"customMetadata,omitempty"`
+	EmbeddedMetadata  map[string]any    `json:"embeddedMetadata"`
+	CreatedAt         time.Time         `json:"createdAt"`
+	UpdatedAt         time.Time         `json:"updatedAt"`
+	Tags              []string          `json:"tags"`
+	AITags            []AITag           `json:"AITags"`
+}
+
+// Folder represents media library Folder details.
+type Folder struct {
+	*File
+	FolderPath string `json:"folderPath"`
+}
+
+// CreateFolderParam represents parameter to create folder api
+type CreateFolderParam struct {
+	FolderName       string `validate:"nonzero" json:"folderName"`
+	ParentFolderPath string `validate:"nonzero" json:"parentFolderPath"`
+}
+
+// DeleteFolderParam represents parameter to delete folder api
+type DeleteFolderParam struct {
+	FolderPath string `validate:"nonzero" json:"folderPath"`
+}
+
+// MoveFolderParam represents parameter to move folder api
+type MoveFolderParam struct {
+	SourceFolderPath string `validate:"nonzero" json:"sourceFolderPath"`
+	DestinationPath  string `validate:"nonzero" json:"destinationPath"`
+}
+
+// JobIDResponse respresents response struct with JobID for folder operations
+type JobIDResponse struct {
+	JobID string `json:"jobId"`
+}
+
+// JobStatus represents response Data to job status api
+type JobStatus struct {
+	JobID  string `json:"jobId"`
+	Type   string `json:"type"`
+	Status string `json:"status"`
+}
+
+// File represents media library File details.
+func (ik *ImageKit) File(ctx context.Context, fileID string) (*http.Response, *File, error) {
+	data := &File{}
+	response, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:       "GET",
+		Path:         fmt.Sprintf("/files/%s/details", fileID),
+		RootURL:      ik.Prefix,
+		IgnoreStatus: true,
+	}, nil, data)
+
+	return response, data, err
+}
+
+// Files retrieves media library files. Filter options can be supplied as FilesOrFolderParam.
+func (ik *ImageKit) Files(ctx context.Context, params FilesOrFolderParam, includeVersion bool) (*http.Response, *[]File, error) {
+	var SearchQuery = `type = "file"`
+
+	if includeVersion {
+		SearchQuery = `type IN ["file", "file-version"]`
+	}
+	if params.SearchQuery != "" {
+		SearchQuery = params.SearchQuery
+	}
+
+	parameters := url.Values{}
+
+	parameters.Set("skip", fmt.Sprintf("%d", params.Skip))
+	parameters.Set("limit", fmt.Sprintf("%d", params.Limit))
+	parameters.Set("path", params.Path)
+	parameters.Set("searchQuery", SearchQuery)
+
+	data := &[]File{}
+
+	response, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:     "GET",
+		Path:       "/files",
+		RootURL:    ik.Prefix,
+		Parameters: parameters,
+	}, nil, data)
+
+	return response, data, err
+}
+
+// DeleteFile removes file by FileID from media library
+func (ik *ImageKit) DeleteFile(ctx context.Context, fileID string) (*http.Response, error) {
+	var err error
+
+	if fileID == "" {
+		return nil, errors.New("fileID can not be empty")
+	}
+
+	response, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:     "DELETE",
+		Path:       fmt.Sprintf("/files/%s", fileID),
+		RootURL:    ik.Prefix,
+		NoResponse: true,
+	}, nil, nil)
+
+	return response, err
+}
+
+// Folders retrieves media library files. Filter options can be supplied as FilesOrFolderParam.
+func (ik *ImageKit) Folders(ctx context.Context, params FilesOrFolderParam) (*http.Response, *[]Folder, error) {
+	var SearchQuery = `type = "folder"`
+
+	if params.SearchQuery != "" {
+		SearchQuery = params.SearchQuery
+	}
+
+	parameters := url.Values{}
+
+	parameters.Set("skip", fmt.Sprintf("%d", params.Skip))
+	parameters.Set("limit", fmt.Sprintf("%d", params.Limit))
+	parameters.Set("path", params.Path)
+	parameters.Set("searchQuery", SearchQuery)
+
+	data := &[]Folder{}
+
+	resp, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:     "GET",
+		Path:       "/files",
+		RootURL:    ik.Prefix,
+		Parameters: parameters,
+	}, nil, data)
+
+	if err != nil {
+		return resp, data, err
+	}
+
+	return resp, data, err
+}
+
+// CreateFolder creates a new folder in media library
+func (ik *ImageKit) CreateFolder(ctx context.Context, param CreateFolderParam) (*http.Response, error) {
+	var err error
+
+	if err = validator.Validate(&param); err != nil {
+		return nil, err
+	}
+
+	response, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:     "POST",
+		Path:       "/folder",
+		RootURL:    ik.Prefix,
+		NoResponse: true,
+	}, param, nil)
+
+	return response, err
+}
+
+// DeleteFolder removes the folder from media library
+func (ik *ImageKit) DeleteFolder(ctx context.Context, param DeleteFolderParam) (*http.Response, error) {
+	var err error
+
+	if err = validator.Validate(&param); err != nil {
+		return nil, err
+	}
+
+	response, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:     "DELETE",
+		Path:       "/folder",
+		RootURL:    ik.Prefix,
+		NoResponse: true,
+	}, param, nil)
+
+	return response, err
+}
+
+// MoveFolder moves given folder to new path in media library
+func (ik *ImageKit) MoveFolder(ctx context.Context, param MoveFolderParam) (*http.Response, *JobIDResponse, error) {
+	var err error
+	var response = &JobIDResponse{}
+
+	if err = validator.Validate(&param); err != nil {
+		return nil, nil, err
+	}
+
+	resp, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:  "PUT",
+		Path:    "bulkJobs/moveFolder",
+		RootURL: ik.Prefix,
+	}, param, response)
+
+	return resp, response, err
+}
+
+// BulkJobStatus retrieves the status of a bulk job by job ID.
+func (ik *ImageKit) BulkJobStatus(ctx context.Context, jobID string) (*http.Response, *JobStatus, error) {
+	var err error
+	var response = &JobStatus{}
+
+	if jobID == "" {
+		return nil, nil, errors.New("jobId can not be blank")
+	}
+
+	resp, err := ik.HTTPClient.CallJSON(ctx, &rest.Opts{
+		Method:  "GET",
+		Path:    "bulkJobs/" + jobID,
+		RootURL: ik.Prefix,
+	}, nil, response)
+
+	return resp, response, err
+}
diff --git a/backend/imagekit/client/upload.go b/backend/imagekit/client/upload.go
new file mode 100644
index 0000000000000..7964f8c460349
--- /dev/null
+++ b/backend/imagekit/client/upload.go
@@ -0,0 +1,96 @@
+package client
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+
+	"github.com/rclone/rclone/lib/rest"
+)
+
+// UploadParam defines upload parameters
+type UploadParam struct {
+	FileName      string `json:"fileName"`
+	Folder        string `json:"folder,omitempty"` // default value:  /
+	Tags          string `json:"tags,omitempty"`
+	IsPrivateFile *bool  `json:"isPrivateFile,omitempty"` // default: false
+}
+
+// UploadResult defines the response structure for the upload API
+type UploadResult struct {
+	FileID       string            `json:"fileId"`
+	Name         string            `json:"name"`
+	URL          string            `json:"url"`
+	ThumbnailURL string            `json:"thumbnailUrl"`
+	Height       int               `json:"height"`
+	Width        int               `json:"Width"`
+	Size         uint64            `json:"size"`
+	FilePath     string            `json:"filePath"`
+	AITags       []map[string]any  `json:"AITags"`
+	VersionInfo  map[string]string `json:"versionInfo"`
+}
+
+// Upload uploads an asset to a imagekit account.
+//
+// The asset can be:
+//   - the actual data (io.Reader)
+//   - the Data URI (Base64 encoded), max ~60 MB (62,910,000 chars)
+//   - the remote FTP, HTTP or HTTPS URL address of an existing file
+//
+// https://docs.imagekit.io/api-reference/upload-file-api/server-side-file-upload
+func (ik *ImageKit) Upload(ctx context.Context, file io.Reader, param UploadParam) (*http.Response, *UploadResult, error) {
+	var err error
+
+	if param.FileName == "" {
+		return nil, nil, errors.New("Upload: Filename is required")
+	}
+
+	// Initialize URL values
+	formParams := url.Values{}
+
+	formParams.Add("useUniqueFileName", fmt.Sprint(false))
+
+	// Add individual fields to URL values
+	if param.FileName != "" {
+		formParams.Add("fileName", param.FileName)
+	}
+
+	if param.Tags != "" {
+		formParams.Add("tags", param.Tags)
+	}
+
+	if param.Folder != "" {
+		formParams.Add("folder", param.Folder)
+	}
+
+	if param.IsPrivateFile != nil {
+		formParams.Add("isPrivateFile", fmt.Sprintf("%v", *param.IsPrivateFile))
+	}
+
+	response := &UploadResult{}
+
+	formReader, contentType, _, err := rest.MultipartUpload(ctx, file, formParams, "file", param.FileName)
+
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to make multipart upload: %w", err)
+	}
+
+	opts := rest.Opts{
+		Method:      "POST",
+		Path:        "/files/upload",
+		RootURL:     ik.UploadPrefix,
+		Body:        formReader,
+		ContentType: contentType,
+	}
+
+	resp, err := ik.HTTPClient.CallJSON(ctx, &opts, nil, response)
+
+	if err != nil {
+		return resp, response, err
+	}
+
+	return resp, response, err
+}
diff --git a/backend/imagekit/client/url.go b/backend/imagekit/client/url.go
new file mode 100644
index 0000000000000..4589c525ddc67
--- /dev/null
+++ b/backend/imagekit/client/url.go
@@ -0,0 +1,72 @@
+package client
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/hex"
+	"fmt"
+	neturl "net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// URLParam represents parameters for generating url
+type URLParam struct {
+	Path            string
+	Src             string
+	URLEndpoint     string
+	Signed          bool
+	ExpireSeconds   int64
+	QueryParameters map[string]string
+}
+
+// URL generates url from URLParam
+func (ik *ImageKit) URL(params URLParam) (string, error) {
+	var resultURL string
+	var url *neturl.URL
+	var err error
+	var endpoint = params.URLEndpoint
+
+	if endpoint == "" {
+		endpoint = ik.URLEndpoint
+	}
+
+	endpoint = strings.TrimRight(endpoint, "/") + "/"
+
+	if params.QueryParameters == nil {
+		params.QueryParameters = make(map[string]string)
+	}
+
+	if url, err = neturl.Parse(params.Src); err != nil {
+		return "", err
+	}
+
+	query := url.Query()
+
+	for k, v := range params.QueryParameters {
+		query.Set(k, v)
+	}
+	url.RawQuery = query.Encode()
+	resultURL = url.String()
+
+	if params.Signed {
+		now := time.Now().Unix()
+
+		var expires = strconv.FormatInt(now+params.ExpireSeconds, 10)
+		var path = strings.Replace(resultURL, endpoint, "", 1)
+
+		path = path + expires
+		mac := hmac.New(sha1.New, []byte(ik.PrivateKey))
+		mac.Write([]byte(path))
+		signature := hex.EncodeToString(mac.Sum(nil))
+
+		if strings.Contains(resultURL, "?") {
+			resultURL = resultURL + "&" + fmt.Sprintf("ik-t=%s&ik-s=%s", expires, signature)
+		} else {
+			resultURL = resultURL + "?" + fmt.Sprintf("ik-t=%s&ik-s=%s", expires, signature)
+		}
+	}
+
+	return resultURL, nil
+}
diff --git a/backend/imagekit/imagekit.go b/backend/imagekit/imagekit.go
new file mode 100644
index 0000000000000..02b35bb941f4b
--- /dev/null
+++ b/backend/imagekit/imagekit.go
@@ -0,0 +1,828 @@
+// Package imagekit provides an interface to the ImageKit.io media library.
+package imagekit
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"path"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/rclone/rclone/backend/imagekit/client"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config"
+	"github.com/rclone/rclone/fs/config/configmap"
+	"github.com/rclone/rclone/fs/config/configstruct"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/encoder"
+	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/readers"
+	"github.com/rclone/rclone/lib/version"
+)
+
+const (
+	minSleep      = 1 * time.Millisecond
+	maxSleep      = 100 * time.Millisecond
+	decayConstant = 2
+)
+
+var systemMetadataInfo = map[string]fs.MetadataHelp{
+	"btime": {
+		Help:     "Time of file birth (creation) read from Last-Modified header",
+		Type:     "RFC 3339",
+		Example:  "2006-01-02T15:04:05.999999999Z07:00",
+		ReadOnly: true,
+	},
+	"size": {
+		Help:     "Size of the object in bytes",
+		Type:     "int64",
+		ReadOnly: true,
+	},
+	"file-type": {
+		Help:     "Type of the file",
+		Type:     "string",
+		Example:  "image",
+		ReadOnly: true,
+	},
+	"height": {
+		Help:     "Height of the image or video in pixels",
+		Type:     "int",
+		ReadOnly: true,
+	},
+	"width": {
+		Help:     "Width of the image or video in pixels",
+		Type:     "int",
+		ReadOnly: true,
+	},
+	"has-alpha": {
+		Help:     "Whether the image has alpha channel or not",
+		Type:     "bool",
+		ReadOnly: true,
+	},
+	"tags": {
+		Help:     "Tags associated with the file",
+		Type:     "string",
+		Example:  "tag1,tag2",
+		ReadOnly: true,
+	},
+	"google-tags": {
+		Help:     "AI generated tags by Google Cloud Vision associated with the image",
+		Type:     "string",
+		Example:  "tag1,tag2",
+		ReadOnly: true,
+	},
+	"aws-tags": {
+		Help:     "AI generated tags by AWS Rekognition associated with the image",
+		Type:     "string",
+		Example:  "tag1,tag2",
+		ReadOnly: true,
+	},
+	"is-private-file": {
+		Help:     "Whether the file is private or not",
+		Type:     "bool",
+		ReadOnly: true,
+	},
+	"custom-coordinates": {
+		Help:     "Custom coordinates of the file",
+		Type:     "string",
+		Example:  "0,0,100,100",
+		ReadOnly: true,
+	},
+}
+
+// Register with Fs
+func init() {
+	fs.Register(&fs.RegInfo{
+		Name:        "imagekit",
+		Description: "ImageKit.io",
+		NewFs:       NewFs,
+		MetadataInfo: &fs.MetadataInfo{
+			System: systemMetadataInfo,
+			Help:   `Any metadata supported by the underlying remote is read and written.`,
+		},
+		Options: []fs.Option{
+			{
+				Name:     "endpoint",
+				Help:     "You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)",
+				Required: true,
+			},
+			{
+				Name:      "public_key",
+				Help:      "You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)",
+				Required:  true,
+				Sensitive: true,
+			},
+			{
+				Name:      "private_key",
+				Help:      "You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)",
+				Required:  true,
+				Sensitive: true,
+			},
+			{
+				Name:     "only_signed",
+				Help:     "If you have configured `Restrict unsigned image URLs` in your dashboard settings, set this to true.",
+				Default:  false,
+				Advanced: true,
+			},
+			{
+				Name:     "versions",
+				Help:     "Include old versions in directory listings.",
+				Default:  false,
+				Advanced: true,
+			},
+			{
+				Name:     "upload_tags",
+				Help:     "Tags to add to the uploaded files, e.g. \"tag1,tag2\".",
+				Default:  "",
+				Advanced: true,
+			},
+			{
+				Name:     config.ConfigEncoding,
+				Help:     config.ConfigEncodingHelp,
+				Advanced: true,
+				Default: (encoder.EncodeZero |
+					encoder.EncodeSlash |
+					encoder.EncodeQuestion |
+					encoder.EncodeHashPercent |
+					encoder.EncodeCtl |
+					encoder.EncodeDel |
+					encoder.EncodeDot |
+					encoder.EncodeDoubleQuote |
+					encoder.EncodePercent |
+					encoder.EncodeBackSlash |
+					encoder.EncodeDollar |
+					encoder.EncodeLtGt |
+					encoder.EncodeSquareBracket |
+					encoder.EncodeInvalidUtf8),
+			},
+		},
+	})
+}
+
+// Options defines the configuration for this backend
+type Options struct {
+	Endpoint   string               `config:"endpoint"`
+	PublicKey  string               `config:"public_key"`
+	PrivateKey string               `config:"private_key"`
+	OnlySigned bool                 `config:"only_signed"`
+	Versions   bool                 `config:"versions"`
+	Enc        encoder.MultiEncoder `config:"encoding"`
+}
+
+// Fs represents a remote to ImageKit
+type Fs struct {
+	name     string           // name of remote
+	root     string           // root path
+	opt      Options          // parsed options
+	features *fs.Features     // optional features
+	ik       *client.ImageKit // ImageKit client
+	pacer    *fs.Pacer        // pacer for API calls
+}
+
+// Object describes a ImageKit file
+type Object struct {
+	fs          *Fs         // The Fs this object is part of
+	remote      string      // The remote path
+	filePath    string      // The path to the file
+	contentType string      // The content type of the object if known - may be ""
+	timestamp   time.Time   // The timestamp of the object if known - may be zero
+	file        client.File // The media file if known - may be nil
+	versionID   string      // If present this points to an object version
+}
+
+// NewFs constructs an Fs from the path, container:path
+func NewFs(ctx context.Context, name string, root string, m configmap.Mapper) (fs.Fs, error) {
+	opt := new(Options)
+	err := configstruct.Set(m, opt)
+
+	if err != nil {
+		return nil, err
+	}
+
+	ik, err := client.New(ctx, client.NewParams{
+		URLEndpoint: opt.Endpoint,
+		PublicKey:   opt.PublicKey,
+		PrivateKey:  opt.PrivateKey,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	f := &Fs{
+		name:  name,
+		opt:   *opt,
+		ik:    ik,
+		pacer: fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
+	}
+
+	f.root = path.Join("/", root)
+
+	f.features = (&fs.Features{
+		CaseInsensitive:         false,
+		DuplicateFiles:          false,
+		ReadMimeType:            true,
+		WriteMimeType:           false,
+		CanHaveEmptyDirectories: true,
+		BucketBased:             false,
+		ServerSideAcrossConfigs: false,
+		IsLocal:                 false,
+		SlowHash:                true,
+		ReadMetadata:            true,
+		WriteMetadata:           false,
+		UserMetadata:            false,
+		FilterAware:             true,
+		PartialUploads:          false,
+		NoMultiThreading:        false,
+	}).Fill(ctx, f)
+
+	if f.root != "/" {
+
+		r := f.root
+
+		folderPath := f.EncodePath(r[:strings.LastIndex(r, "/")+1])
+		fileName := f.EncodeFileName(r[strings.LastIndex(r, "/")+1:])
+
+		file := f.getFileByName(ctx, folderPath, fileName)
+
+		if file != nil {
+			newRoot := path.Dir(f.root)
+			f.root = newRoot
+			return f, fs.ErrorIsFile
+		}
+
+	}
+	return f, nil
+}
+
+// Name of the remote (as passed into NewFs)
+func (f *Fs) Name() string {
+	return f.name
+}
+
+// Root of the remote (as passed into NewFs)
+func (f *Fs) Root() string {
+	return strings.TrimLeft(f.root, "/")
+}
+
+// String returns a description of the FS
+func (f *Fs) String() string {
+	return fmt.Sprintf("FS imagekit: %s", f.root)
+}
+
+// Precision of the ModTimes in this Fs
+func (f *Fs) Precision() time.Duration {
+	return fs.ModTimeNotSupported
+}
+
+// Hashes returns the supported hash types of the filesystem.
+func (f *Fs) Hashes() hash.Set {
+	return hash.NewHashSet()
+}
+
+// Features returns the optional features of this Fs.
+func (f *Fs) Features() *fs.Features {
+	return f.features
+}
+
+// List the objects and directories in dir into entries.  The
+// entries can be returned in any order but should be for a
+// complete directory.
+//
+// dir should be "" to list the root, and should not have
+// trailing slashes.
+//
+// This should return ErrDirNotFound if the directory isn't
+// found.
+func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error) {
+
+	remote := path.Join(f.root, dir)
+
+	remote = f.EncodePath(remote)
+
+	if remote != "/" {
+		parentFolderPath, folderName := path.Split(remote)
+		folderExists, err := f.getFolderByName(ctx, parentFolderPath, folderName)
+
+		if err != nil {
+			return make(fs.DirEntries, 0), err
+		}
+
+		if folderExists == nil {
+			return make(fs.DirEntries, 0), fs.ErrorDirNotFound
+		}
+	}
+
+	folders, folderError := f.getFolders(ctx, remote)
+
+	if folderError != nil {
+		return make(fs.DirEntries, 0), folderError
+	}
+
+	files, fileError := f.getFiles(ctx, remote, f.opt.Versions)
+
+	if fileError != nil {
+		return make(fs.DirEntries, 0), fileError
+	}
+
+	res := make([]fs.DirEntry, 0, len(folders)+len(files))
+
+	for _, folder := range folders {
+		folderPath := f.DecodePath(strings.TrimLeft(strings.Replace(folder.FolderPath, f.EncodePath(f.root), "", 1), "/"))
+		res = append(res, fs.NewDir(folderPath, folder.UpdatedAt))
+	}
+
+	for _, file := range files {
+		res = append(res, f.newObject(ctx, remote, file))
+	}
+
+	return res, nil
+}
+
+func (f *Fs) newObject(ctx context.Context, remote string, file client.File) *Object {
+	remoteFile := strings.TrimLeft(strings.Replace(file.FilePath, f.EncodePath(f.root), "", 1), "/")
+
+	folderPath, fileName := path.Split(remoteFile)
+
+	folderPath = f.DecodePath(folderPath)
+	fileName = f.DecodeFileName(fileName)
+
+	remoteFile = path.Join(folderPath, fileName)
+
+	if file.Type == "file-version" {
+		remoteFile = version.Add(remoteFile, file.UpdatedAt)
+
+		return &Object{
+			fs:          f,
+			remote:      remoteFile,
+			filePath:    file.FilePath,
+			contentType: file.Mime,
+			timestamp:   file.UpdatedAt,
+			file:        file,
+			versionID:   file.VersionInfo["id"],
+		}
+	}
+
+	return &Object{
+		fs:          f,
+		remote:      remoteFile,
+		filePath:    file.FilePath,
+		contentType: file.Mime,
+		timestamp:   file.UpdatedAt,
+		file:        file,
+	}
+}
+
+// NewObject finds the Object at remote.  If it can't be found
+// it returns the error ErrorObjectNotFound.
+//
+// If remote points to a directory then it should return
+// ErrorIsDir if possible without doing any extra work,
+// otherwise ErrorObjectNotFound.
+func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
+	r := path.Join(f.root, remote)
+
+	folderPath, fileName := path.Split(r)
+
+	folderPath = f.EncodePath(folderPath)
+	fileName = f.EncodeFileName(fileName)
+
+	isFolder, err := f.getFolderByName(ctx, folderPath, fileName)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if isFolder != nil {
+		return nil, fs.ErrorIsDir
+	}
+
+	file := f.getFileByName(ctx, folderPath, fileName)
+
+	if file == nil {
+		return nil, fs.ErrorObjectNotFound
+	}
+
+	return f.newObject(ctx, r, *file), nil
+}
+
+// Put in to the remote path with the modTime given of the given size
+//
+// When called from outside an Fs by rclone, src.Size() will always be >= 0.
+// But for unknown-sized objects (indicated by src.Size() == -1), Put should either
+// return an error or upload it properly (rather than e.g. calling panic).
+//
+// May create the object even if it returns an error - if so
+// will return the object and the error, otherwise will return
+// nil and the error
+func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	return uploadFile(ctx, f, in, src.Remote(), options...)
+}
+
+// Mkdir makes the directory (container, bucket)
+//
+// Shouldn't return an error if it already exists
+func (f *Fs) Mkdir(ctx context.Context, dir string) (err error) {
+	remote := path.Join(f.root, dir)
+	parentFolderPath, folderName := path.Split(remote)
+
+	parentFolderPath = f.EncodePath(parentFolderPath)
+	folderName = f.EncodeFileName(folderName)
+
+	err = f.pacer.Call(func() (bool, error) {
+		var res *http.Response
+		res, err = f.ik.CreateFolder(ctx, client.CreateFolderParam{
+			ParentFolderPath: parentFolderPath,
+			FolderName:       folderName,
+		})
+
+		return f.shouldRetry(ctx, res, err)
+	})
+
+	return err
+}
+
+// Rmdir removes the directory (container, bucket) if empty
+//
+// Return an error if it doesn't exist or isn't empty
+func (f *Fs) Rmdir(ctx context.Context, dir string) (err error) {
+
+	entries, err := f.List(ctx, dir)
+
+	if err != nil {
+		return err
+	}
+
+	if len(entries) > 0 {
+		return errors.New("directory is not empty")
+	}
+
+	err = f.pacer.Call(func() (bool, error) {
+		var res *http.Response
+		res, err = f.ik.DeleteFolder(ctx, client.DeleteFolderParam{
+			FolderPath: f.EncodePath(path.Join(f.root, dir)),
+		})
+
+		if res.StatusCode == http.StatusNotFound {
+			return false, fs.ErrorDirNotFound
+		}
+
+		return f.shouldRetry(ctx, res, err)
+	})
+
+	return err
+}
+
+// Purge deletes all the files and the container
+//
+// Optional interface: Only implement this if you have a way of
+// deleting all the files quicker than just running Remove() on the
+// result of List()
+func (f *Fs) Purge(ctx context.Context, dir string) (err error) {
+
+	remote := path.Join(f.root, dir)
+
+	err = f.pacer.Call(func() (bool, error) {
+		var res *http.Response
+		res, err = f.ik.DeleteFolder(ctx, client.DeleteFolderParam{
+			FolderPath: f.EncodePath(remote),
+		})
+
+		if res.StatusCode == http.StatusNotFound {
+			return false, fs.ErrorDirNotFound
+		}
+
+		return f.shouldRetry(ctx, res, err)
+	})
+
+	return err
+}
+
+// PublicLink generates a public link to the remote path (usually readable by anyone)
+func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration, unlink bool) (string, error) {
+
+	duration := time.Duration(math.Abs(float64(expire)))
+
+	expireSeconds := duration.Seconds()
+
+	fileRemote := path.Join(f.root, remote)
+
+	folderPath, fileName := path.Split(fileRemote)
+	folderPath = f.EncodePath(folderPath)
+	fileName = f.EncodeFileName(fileName)
+
+	file := f.getFileByName(ctx, folderPath, fileName)
+
+	if file == nil {
+		return "", fs.ErrorObjectNotFound
+	}
+
+	// Pacer not needed as this doesn't use the API
+	url, err := f.ik.URL(client.URLParam{
+		Src:           file.URL,
+		Signed:        *file.IsPrivateFile || f.opt.OnlySigned,
+		ExpireSeconds: int64(expireSeconds),
+		QueryParameters: map[string]string{
+			"updatedAt": file.UpdatedAt.String(),
+		},
+	})
+
+	if err != nil {
+		return "", err
+	}
+
+	return url, nil
+}
+
+// Fs returns read only access to the Fs that this object is part of
+func (o *Object) Fs() fs.Info {
+	return o.fs
+}
+
+// Hash returns the selected checksum of the file
+// If no checksum is available it returns ""
+func (o *Object) Hash(ctx context.Context, ty hash.Type) (string, error) {
+	return "", hash.ErrUnsupported
+}
+
+// Storable says whether this object can be stored
+func (o *Object) Storable() bool {
+	return true
+}
+
+// String returns a description of the Object
+func (o *Object) String() string {
+	if o == nil {
+		return "<nil>"
+	}
+	return o.file.Name
+}
+
+// Remote returns the remote path
+func (o *Object) Remote() string {
+	return o.remote
+}
+
+// ModTime returns the modification date of the file
+// It should return a best guess if one isn't available
+func (o *Object) ModTime(context.Context) time.Time {
+	return o.file.UpdatedAt
+}
+
+// Size returns the size of the file
+func (o *Object) Size() int64 {
+	return int64(o.file.Size)
+}
+
+// MimeType returns the MIME type of the file
+func (o *Object) MimeType(context.Context) string {
+	return o.contentType
+}
+
+// Open opens the file for read.  Call Close() on the returned io.ReadCloser
+func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadCloser, error) {
+	// Offset and Count for range download
+	var offset int64
+	var count int64
+
+	fs.FixRangeOption(options, -1)
+	partialContent := false
+	for _, option := range options {
+		switch x := option.(type) {
+		case *fs.RangeOption:
+			offset, count = x.Decode(-1)
+			partialContent = true
+		case *fs.SeekOption:
+			offset = x.Offset
+			partialContent = true
+		default:
+			if option.Mandatory() {
+				fs.Logf(o, "Unsupported mandatory option: %v", option)
+			}
+		}
+	}
+
+	// Pacer not needed as this doesn't use the API
+	url, err := o.fs.ik.URL(client.URLParam{
+		Src:    o.file.URL,
+		Signed: *o.file.IsPrivateFile || o.fs.opt.OnlySigned,
+		QueryParameters: map[string]string{
+			"tr":        "orig-true",
+			"updatedAt": o.file.UpdatedAt.String(),
+		},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	client := &http.Client{}
+	req, _ := http.NewRequest("GET", url, nil)
+	req.Header.Set("Range", fmt.Sprintf("bytes=%d-%d", offset, offset+count-1))
+	resp, err := client.Do(req)
+
+	if err != nil {
+		return nil, err
+	}
+
+	end := resp.ContentLength
+
+	if partialContent && resp.StatusCode == http.StatusOK {
+		skip := offset
+
+		if offset < 0 {
+			skip = end + offset + 1
+		}
+
+		_, err = io.CopyN(io.Discard, resp.Body, skip)
+		if err != nil {
+			if resp != nil {
+				_ = resp.Body.Close()
+			}
+			return nil, err
+		}
+
+		return readers.NewLimitedReadCloser(resp.Body, end-skip), nil
+	}
+
+	return resp.Body, nil
+}
+
+// Update in to the object with the modTime given of the given size
+//
+// When called from outside an Fs by rclone, src.Size() will always be >= 0.
+// But for unknown-sized objects (indicated by src.Size() == -1), Upload should either
+// return an error or update the object properly (rather than e.g. calling panic).
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
+
+	srcRemote := o.Remote()
+
+	remote := path.Join(o.fs.root, srcRemote)
+	folderPath, fileName := path.Split(remote)
+
+	UseUniqueFileName := new(bool)
+	*UseUniqueFileName = false
+
+	var resp *client.UploadResult
+
+	err = o.fs.pacer.Call(func() (bool, error) {
+		var res *http.Response
+		res, resp, err = o.fs.ik.Upload(ctx, in, client.UploadParam{
+			FileName:      fileName,
+			Folder:        folderPath,
+			IsPrivateFile: o.file.IsPrivateFile,
+		})
+
+		return o.fs.shouldRetry(ctx, res, err)
+	})
+
+	if err != nil {
+		return err
+	}
+
+	fileID := resp.FileID
+
+	_, file, err := o.fs.ik.File(ctx, fileID)
+
+	if err != nil {
+		return err
+	}
+
+	o.file = *file
+
+	return nil
+}
+
+// Remove this object
+func (o *Object) Remove(ctx context.Context) (err error) {
+	err = o.fs.pacer.Call(func() (bool, error) {
+		var res *http.Response
+		res, err = o.fs.ik.DeleteFile(ctx, o.file.FileID)
+
+		return o.fs.shouldRetry(ctx, res, err)
+	})
+
+	return err
+}
+
+// SetModTime sets the metadata on the object to set the modification date
+func (o *Object) SetModTime(ctx context.Context, t time.Time) error {
+	return fs.ErrorCantSetModTime
+}
+
+func uploadFile(ctx context.Context, f *Fs, in io.Reader, srcRemote string, options ...fs.OpenOption) (fs.Object, error) {
+	remote := path.Join(f.root, srcRemote)
+	folderPath, fileName := path.Split(remote)
+
+	folderPath = f.EncodePath(folderPath)
+	fileName = f.EncodeFileName(fileName)
+
+	UseUniqueFileName := new(bool)
+	*UseUniqueFileName = false
+
+	err := f.pacer.Call(func() (bool, error) {
+		var res *http.Response
+		var err error
+		res, _, err = f.ik.Upload(ctx, in, client.UploadParam{
+			FileName:      fileName,
+			Folder:        folderPath,
+			IsPrivateFile: &f.opt.OnlySigned,
+		})
+
+		return f.shouldRetry(ctx, res, err)
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return f.NewObject(ctx, srcRemote)
+}
+
+// Metadata returns the metadata for the object
+func (o *Object) Metadata(ctx context.Context) (metadata fs.Metadata, err error) {
+
+	metadata.Set("btime", o.file.CreatedAt.Format(time.RFC3339))
+	metadata.Set("size", strconv.FormatUint(o.file.Size, 10))
+	metadata.Set("file-type", o.file.FileType)
+	metadata.Set("height", strconv.Itoa(o.file.Height))
+	metadata.Set("width", strconv.Itoa(o.file.Width))
+	metadata.Set("has-alpha", strconv.FormatBool(o.file.HasAlpha))
+
+	for k, v := range o.file.EmbeddedMetadata {
+		metadata.Set(k, fmt.Sprint(v))
+	}
+
+	if o.file.Tags != nil {
+		metadata.Set("tags", strings.Join(o.file.Tags, ","))
+	}
+
+	if o.file.CustomCoordinates != nil {
+		metadata.Set("custom-coordinates", *o.file.CustomCoordinates)
+	}
+
+	if o.file.IsPrivateFile != nil {
+		metadata.Set("is-private-file", strconv.FormatBool(*o.file.IsPrivateFile))
+	}
+
+	if o.file.AITags != nil {
+		googleTags := []string{}
+		awsTags := []string{}
+
+		for _, tag := range o.file.AITags {
+			if tag.Source == "google-auto-tagging" {
+				googleTags = append(googleTags, tag.Name)
+			} else if tag.Source == "aws-auto-tagging" {
+				awsTags = append(awsTags, tag.Name)
+			}
+		}
+
+		if len(googleTags) > 0 {
+			metadata.Set("google-tags", strings.Join(googleTags, ","))
+		}
+
+		if len(awsTags) > 0 {
+			metadata.Set("aws-tags", strings.Join(awsTags, ","))
+		}
+	}
+
+	return metadata, nil
+}
+
+// Copy src to this remote using server-side move operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantMove
+func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		return nil, fs.ErrorCantMove
+	}
+
+	file, err := srcObj.Open(ctx)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return uploadFile(ctx, f, file, remote)
+}
+
+// Check the interfaces are satisfied.
+var (
+	_ fs.Fs           = &Fs{}
+	_ fs.Purger       = &Fs{}
+	_ fs.PublicLinker = &Fs{}
+	_ fs.Object       = &Object{}
+	_ fs.Copier       = &Fs{}
+)
diff --git a/backend/imagekit/imagekit_test.go b/backend/imagekit/imagekit_test.go
new file mode 100644
index 0000000000000..686976322e116
--- /dev/null
+++ b/backend/imagekit/imagekit_test.go
@@ -0,0 +1,18 @@
+package imagekit
+
+import (
+	"testing"
+
+	"github.com/rclone/rclone/fstest"
+	"github.com/rclone/rclone/fstest/fstests"
+)
+
+func TestIntegration(t *testing.T) {
+	debug := true
+	fstest.Verbose = &debug
+	fstests.Run(t, &fstests.Opt{
+		RemoteName:      "TestImageKit:",
+		NilObject:       (*Object)(nil),
+		SkipFsCheckWrap: true,
+	})
+}
diff --git a/backend/imagekit/util.go b/backend/imagekit/util.go
new file mode 100644
index 0000000000000..fea67f3ac1c14
--- /dev/null
+++ b/backend/imagekit/util.go
@@ -0,0 +1,193 @@
+package imagekit
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/rclone/rclone/backend/imagekit/client"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/fserrors"
+	"github.com/rclone/rclone/lib/pacer"
+)
+
+func (f *Fs) getFiles(ctx context.Context, path string, includeVersions bool) (files []client.File, err error) {
+
+	files = make([]client.File, 0)
+
+	var hasMore = true
+
+	for hasMore {
+		err = f.pacer.Call(func() (bool, error) {
+			var data *[]client.File
+			var res *http.Response
+			res, data, err = f.ik.Files(ctx, client.FilesOrFolderParam{
+				Skip:  len(files),
+				Limit: 100,
+				Path:  path,
+			}, includeVersions)
+
+			hasMore = !(len(*data) == 0 || len(*data) < 100)
+
+			if len(*data) > 0 {
+				files = append(files, *data...)
+			}
+
+			return f.shouldRetry(ctx, res, err)
+		})
+	}
+
+	if err != nil {
+		return make([]client.File, 0), err
+	}
+
+	return files, nil
+}
+
+func (f *Fs) getFolders(ctx context.Context, path string) (folders []client.Folder, err error) {
+
+	folders = make([]client.Folder, 0)
+
+	var hasMore = true
+
+	for hasMore {
+		err = f.pacer.Call(func() (bool, error) {
+			var data *[]client.Folder
+			var res *http.Response
+			res, data, err = f.ik.Folders(ctx, client.FilesOrFolderParam{
+				Skip:  len(folders),
+				Limit: 100,
+				Path:  path,
+			})
+
+			hasMore = !(len(*data) == 0 || len(*data) < 100)
+
+			if len(*data) > 0 {
+				folders = append(folders, *data...)
+			}
+
+			return f.shouldRetry(ctx, res, err)
+		})
+	}
+
+	if err != nil {
+		return make([]client.Folder, 0), err
+	}
+
+	return folders, nil
+}
+
+func (f *Fs) getFileByName(ctx context.Context, path string, name string) (file *client.File) {
+
+	err := f.pacer.Call(func() (bool, error) {
+		res, data, err := f.ik.Files(ctx, client.FilesOrFolderParam{
+			Limit:       1,
+			Path:        path,
+			SearchQuery: fmt.Sprintf(`type = "file" AND name = %s`, strconv.Quote(name)),
+		}, false)
+
+		if len(*data) == 0 {
+			file = nil
+		} else {
+			file = &(*data)[0]
+		}
+
+		return f.shouldRetry(ctx, res, err)
+	})
+
+	if err != nil {
+		return nil
+	}
+
+	return file
+}
+
+func (f *Fs) getFolderByName(ctx context.Context, path string, name string) (folder *client.Folder, err error) {
+	err = f.pacer.Call(func() (bool, error) {
+		res, data, err := f.ik.Folders(ctx, client.FilesOrFolderParam{
+			Limit:       1,
+			Path:        path,
+			SearchQuery: fmt.Sprintf(`type = "folder" AND name = %s`, strconv.Quote(name)),
+		})
+
+		if len(*data) == 0 {
+			folder = nil
+		} else {
+			folder = &(*data)[0]
+		}
+
+		return f.shouldRetry(ctx, res, err)
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return folder, nil
+}
+
+// retryErrorCodes is a slice of error codes that we will retry
+var retryErrorCodes = []int{
+	401, // Unauthorized (e.g. "Token has expired")
+	408, // Request Timeout
+	429, // Rate exceeded.
+	500, // Get occasional 500 Internal Server Error
+	503, // Service Unavailable
+	504, // Gateway Time-out
+}
+
+func shouldRetryHTTP(resp *http.Response, retryErrorCodes []int) bool {
+	if resp == nil {
+		return false
+	}
+	for _, e := range retryErrorCodes {
+		if resp.StatusCode == e {
+			return true
+		}
+	}
+	return false
+}
+
+func (f *Fs) shouldRetry(ctx context.Context, resp *http.Response, err error) (bool, error) {
+	if fserrors.ContextError(ctx, &err) {
+		return false, err
+	}
+
+	if resp != nil && (resp.StatusCode == 429 || resp.StatusCode == 503) {
+		var retryAfter = 1
+		retryAfterString := resp.Header.Get("X-RateLimit-Reset")
+		if retryAfterString != "" {
+			var err error
+			retryAfter, err = strconv.Atoi(retryAfterString)
+			if err != nil {
+				fs.Errorf(f, "Malformed %s header %q: %v", "X-RateLimit-Reset", retryAfterString, err)
+			}
+		}
+
+		return true, pacer.RetryAfterError(err, time.Duration(retryAfter)*time.Millisecond)
+	}
+
+	return fserrors.ShouldRetry(err) || shouldRetryHTTP(resp, retryErrorCodes), err
+}
+
+// EncodePath encapsulates the logic for encoding a path
+func (f *Fs) EncodePath(str string) string {
+	return f.opt.Enc.FromStandardPath(str)
+}
+
+// DecodePath encapsulates the logic for decoding a path
+func (f *Fs) DecodePath(str string) string {
+	return f.opt.Enc.ToStandardPath(str)
+}
+
+// EncodeFileName encapsulates the logic for encoding a file name
+func (f *Fs) EncodeFileName(str string) string {
+	return f.opt.Enc.FromStandardName(str)
+}
+
+// DecodeFileName encapsulates the logic for decoding a file name
+func (f *Fs) DecodeFileName(str string) string {
+	return f.opt.Enc.ToStandardName(str)
+}
diff --git a/backend/internetarchive/internetarchive.go b/backend/internetarchive/internetarchive.go
index 4c1dc7f829a43..8718401ec8b47 100644
--- a/backend/internetarchive/internetarchive.go
+++ b/backend/internetarchive/internetarchive.go
@@ -133,11 +133,13 @@ Owner is able to add custom keys. Metadata feature grabs all the keys including
 		},
 
 		Options: []fs.Option{{
-			Name: "access_key_id",
-			Help: "IAS3 Access Key.\n\nLeave blank for anonymous access.\nYou can find one here: https://archive.org/account/s3.php",
+			Name:      "access_key_id",
+			Help:      "IAS3 Access Key.\n\nLeave blank for anonymous access.\nYou can find one here: https://archive.org/account/s3.php",
+			Sensitive: true,
 		}, {
-			Name: "secret_access_key",
-			Help: "IAS3 Secret Key (password).\n\nLeave blank for anonymous access.",
+			Name:      "secret_access_key",
+			Help:      "IAS3 Secret Key (password).\n\nLeave blank for anonymous access.",
+			Sensitive: true,
 		}, {
 			// their official client (https://github.com/jjjake/internetarchive) hardcodes following the two
 			Name:     "endpoint",
@@ -800,7 +802,7 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		headers["x-archive-size-hint"] = fmt.Sprintf("%d", size)
 	}
 	var mdata fs.Metadata
-	mdata, err = fs.GetMetadataOptions(ctx, src, options)
+	mdata, err = fs.GetMetadataOptions(ctx, o.fs, src, options)
 	if err == nil && mdata != nil {
 		for mk, mv := range mdata {
 			mk = strings.ToLower(mk)
diff --git a/backend/jottacloud/api/types.go b/backend/jottacloud/api/types.go
index 8daf0f7ad35b4..6d192bd4ecd66 100644
--- a/backend/jottacloud/api/types.go
+++ b/backend/jottacloud/api/types.go
@@ -395,7 +395,7 @@ type JottaFile struct {
 	State           string    `xml:"currentRevision>state"`
 	CreatedAt       JottaTime `xml:"currentRevision>created"`
 	ModifiedAt      JottaTime `xml:"currentRevision>modified"`
-	Updated         JottaTime `xml:"currentRevision>updated"`
+	UpdatedAt       JottaTime `xml:"currentRevision>updated"`
 	Size            int64     `xml:"currentRevision>size"`
 	MimeType        string    `xml:"currentRevision>mime"`
 	MD5             string    `xml:"currentRevision>md5"`
diff --git a/backend/jottacloud/jottacloud.go b/backend/jottacloud/jottacloud.go
index 6eb76d1ef00f5..e9176f5b05b55 100644
--- a/backend/jottacloud/jottacloud.go
+++ b/backend/jottacloud/jottacloud.go
@@ -67,13 +67,21 @@ const (
 	legacyEncryptedClientSecret = "Vp8eAv7eVElMnQwN-kgU9cbhgApNDaMqWdlDi5qFydlQoji4JBxrGMF2"
 	legacyConfigVersion         = 0
 
-	teliaCloudTokenURL = "https://cloud-auth.telia.se/auth/realms/telia_se/protocol/openid-connect/token"
-	teliaCloudAuthURL  = "https://cloud-auth.telia.se/auth/realms/telia_se/protocol/openid-connect/auth"
-	teliaCloudClientID = "desktop"
+	teliaseCloudTokenURL = "https://cloud-auth.telia.se/auth/realms/telia_se/protocol/openid-connect/token"
+	teliaseCloudAuthURL  = "https://cloud-auth.telia.se/auth/realms/telia_se/protocol/openid-connect/auth"
+	teliaseCloudClientID = "desktop"
+
+	telianoCloudTokenURL = "https://sky-auth.telia.no/auth/realms/get/protocol/openid-connect/token"
+	telianoCloudAuthURL  = "https://sky-auth.telia.no/auth/realms/get/protocol/openid-connect/auth"
+	telianoCloudClientID = "desktop"
 
 	tele2CloudTokenURL = "https://mittcloud-auth.tele2.se/auth/realms/comhem/protocol/openid-connect/token"
 	tele2CloudAuthURL  = "https://mittcloud-auth.tele2.se/auth/realms/comhem/protocol/openid-connect/auth"
 	tele2CloudClientID = "desktop"
+
+	onlimeCloudTokenURL = "https://cloud-auth.onlime.dk/auth/realms/onlime_wl/protocol/openid-connect/token"
+	onlimeCloudAuthURL  = "https://cloud-auth.onlime.dk/auth/realms/onlime_wl/protocol/openid-connect/auth"
+	onlimeCloudClientID = "desktop"
 )
 
 // Register with Fs
@@ -84,7 +92,34 @@ func init() {
 		Description: "Jottacloud",
 		NewFs:       NewFs,
 		Config:      Config,
-		Options: []fs.Option{{
+		MetadataInfo: &fs.MetadataInfo{
+			Help: `Jottacloud has limited support for metadata, currently an extended set of timestamps.`,
+			System: map[string]fs.MetadataHelp{
+				"btime": {
+					Help:    "Time of file birth (creation), read from rclone metadata",
+					Type:    "RFC 3339",
+					Example: "2006-01-02T15:04:05.999999999Z07:00",
+				},
+				"mtime": {
+					Help:    "Time of last modification, read from rclone metadata",
+					Type:    "RFC 3339",
+					Example: "2006-01-02T15:04:05.999999999Z07:00",
+				},
+				"utime": {
+					Help:     "Time of last upload, when current revision was created, generated by backend",
+					Type:     "RFC 3339",
+					Example:  "2006-01-02T15:04:05.999999999Z07:00",
+					ReadOnly: true,
+				},
+				"content-type": {
+					Help:     "MIME type, also known as media type",
+					Type:     "string",
+					Example:  "text/plain",
+					ReadOnly: true,
+				},
+			},
+		},
+		Options: append(oauthutil.SharedOptions, []fs.Option{{
 			Name:     "md5_memory_limit",
 			Help:     "Files bigger than this will be cached on disk to calculate the MD5 if required.",
 			Default:  fs.SizeSuffix(10 * 1024 * 1024),
@@ -119,7 +154,7 @@ func init() {
 			Default: (encoder.Display |
 				encoder.EncodeWin | // :?"*<>|
 				encoder.EncodeInvalidUtf8),
-		}},
+		}}...),
 	})
 }
 
@@ -134,11 +169,17 @@ func Config(ctx context.Context, name string, m configmap.Mapper, config fs.Conf
 			Value: "legacy",
 			Help:  "Legacy authentication.\nThis is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.",
 		}, {
-			Value: "telia",
-			Help:  "Telia Cloud authentication.\nUse this if you are using Telia Cloud.",
+			Value: "telia_se",
+			Help:  "Telia Cloud authentication.\nUse this if you are using Telia Cloud (Sweden).",
+		}, {
+			Value: "telia_no",
+			Help:  "Telia Sky authentication.\nUse this if you are using Telia Sky (Norway).",
 		}, {
 			Value: "tele2",
 			Help:  "Tele2 Cloud authentication.\nUse this if you are using Tele2 Cloud.",
+		}, {
+			Value: "onlime",
+			Help:  "Onlime Cloud authentication.\nUse this if you are using Onlime Cloud.",
 		}})
 	case "auth_type_done":
 		// Jump to next state according to config chosen
@@ -231,17 +272,32 @@ machines.`)
 			return nil, fmt.Errorf("error while saving token: %w", err)
 		}
 		return fs.ConfigGoto("choose_device")
-	case "telia": // telia cloud config
+	case "telia_se": // telia_se cloud config
 		m.Set("configVersion", fmt.Sprint(configVersion))
-		m.Set(configClientID, teliaCloudClientID)
-		m.Set(configTokenURL, teliaCloudTokenURL)
+		m.Set(configClientID, teliaseCloudClientID)
+		m.Set(configTokenURL, teliaseCloudTokenURL)
 		return oauthutil.ConfigOut("choose_device", &oauthutil.Options{
 			OAuth2Config: &oauth2.Config{
 				Endpoint: oauth2.Endpoint{
-					AuthURL:  teliaCloudAuthURL,
-					TokenURL: teliaCloudTokenURL,
+					AuthURL:  teliaseCloudAuthURL,
+					TokenURL: teliaseCloudTokenURL,
 				},
-				ClientID:    teliaCloudClientID,
+				ClientID:    teliaseCloudClientID,
+				Scopes:      []string{"openid", "jotta-default", "offline_access"},
+				RedirectURL: oauthutil.RedirectLocalhostURL,
+			},
+		})
+	case "telia_no": // telia_no cloud config
+		m.Set("configVersion", fmt.Sprint(configVersion))
+		m.Set(configClientID, telianoCloudClientID)
+		m.Set(configTokenURL, telianoCloudTokenURL)
+		return oauthutil.ConfigOut("choose_device", &oauthutil.Options{
+			OAuth2Config: &oauth2.Config{
+				Endpoint: oauth2.Endpoint{
+					AuthURL:  telianoCloudAuthURL,
+					TokenURL: telianoCloudTokenURL,
+				},
+				ClientID:    telianoCloudClientID,
 				Scopes:      []string{"openid", "jotta-default", "offline_access"},
 				RedirectURL: oauthutil.RedirectLocalhostURL,
 			},
@@ -261,6 +317,21 @@ machines.`)
 				RedirectURL: oauthutil.RedirectLocalhostURL,
 			},
 		})
+	case "onlime": // onlime cloud config
+		m.Set("configVersion", fmt.Sprint(configVersion))
+		m.Set(configClientID, onlimeCloudClientID)
+		m.Set(configTokenURL, onlimeCloudTokenURL)
+		return oauthutil.ConfigOut("choose_device", &oauthutil.Options{
+			OAuth2Config: &oauth2.Config{
+				Endpoint: oauth2.Endpoint{
+					AuthURL:  onlimeCloudAuthURL,
+					TokenURL: onlimeCloudTokenURL,
+				},
+				ClientID:    onlimeCloudClientID,
+				Scopes:      []string{"openid", "jotta-default", "offline_access"},
+				RedirectURL: oauthutil.RedirectLocalhostURL,
+			},
+		})
 	case "choose_device":
 		return fs.ConfigConfirm("choose_device_query", false, "config_non_standard", `Use a non-standard device/mountpoint?
 Choosing no, the default, will let you access the storage used for the archive
@@ -453,7 +524,9 @@ type Object struct {
 	remote      string
 	hasMetaData bool
 	size        int64
+	createTime  time.Time
 	modTime     time.Time
+	updateTime  time.Time
 	md5         string
 	mimeType    string
 }
@@ -928,6 +1001,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		CanHaveEmptyDirectories: true,
 		ReadMimeType:            true,
 		WriteMimeType:           false,
+		ReadMetadata:            true,
+		WriteMetadata:           true,
+		UserMetadata:            false,
 	}).Fill(ctx, f)
 	f.jfsSrv.SetErrorHandler(errorHandler)
 	if opt.TrashedOnly { // we cannot support showing Trashed Files when using ListR right now
@@ -1114,6 +1190,7 @@ func parseListRStream(ctx context.Context, r io.Reader, filesystem *Fs, callback
 			remote:      filesystem.opt.Enc.ToStandardPath(path.Join(f.Path, f.Name)),
 			size:        f.Size,
 			md5:         f.Checksum,
+			createTime:  time.Time(f.Created),
 			modTime:     time.Time(f.Modified),
 		})
 	}
@@ -1343,7 +1420,7 @@ func (f *Fs) Purge(ctx context.Context, dir string) error {
 // is currently in trash, but can be made to match, it will be
 // restored. Returns ErrorObjectNotFound if upload will be necessary
 // to get a matching remote file.
-func (f *Fs) createOrUpdate(ctx context.Context, file string, modTime time.Time, size int64, md5 string) (info *api.JottaFile, err error) {
+func (f *Fs) createOrUpdate(ctx context.Context, file string, createTime time.Time, modTime time.Time, size int64, md5 string) (info *api.JottaFile, err error) {
 	opts := rest.Opts{
 		Method:       "POST",
 		Path:         f.filePath(file),
@@ -1353,11 +1430,10 @@ func (f *Fs) createOrUpdate(ctx context.Context, file string, modTime time.Time,
 
 	opts.Parameters.Set("cphash", "true")
 
-	fileDate := api.JottaTime(modTime).String()
 	opts.ExtraHeaders["JSize"] = strconv.FormatInt(size, 10)
 	opts.ExtraHeaders["JMd5"] = md5
-	opts.ExtraHeaders["JCreated"] = fileDate
-	opts.ExtraHeaders["JModified"] = fileDate
+	opts.ExtraHeaders["JCreated"] = api.JottaTime(createTime).String()
+	opts.ExtraHeaders["JModified"] = api.JottaTime(modTime).String()
 
 	var resp *http.Response
 	err = f.pacer.Call(func() (bool, error) {
@@ -1420,7 +1496,7 @@ func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	// if destination was a trashed file then after a successful copy the copied file is still in trash (bug in api?)
 	if err == nil && bool(info.Deleted) && !f.opt.TrashedOnly && info.State == "COMPLETED" {
 		fs.Debugf(src, "Server-side copied to trashed destination, restoring")
-		info, err = f.createOrUpdate(ctx, remote, srcObj.modTime, srcObj.size, srcObj.md5)
+		info, err = f.createOrUpdate(ctx, remote, srcObj.createTime, srcObj.modTime, srcObj.size, srcObj.md5)
 	}
 
 	if err != nil {
@@ -1683,7 +1759,9 @@ func (o *Object) setMetaData(info *api.JottaFile) (err error) {
 	o.size = info.Size
 	o.md5 = info.MD5
 	o.mimeType = info.MimeType
+	o.createTime = time.Time(info.CreatedAt)
 	o.modTime = time.Time(info.ModifiedAt)
+	o.updateTime = time.Time(info.UpdatedAt)
 	return nil
 }
 
@@ -1728,7 +1806,7 @@ func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error {
 	// (note that if size/md5 does not match, the file content will
 	// also be modified if deduplication is possible, i.e. it is
 	// important to use correct/latest values)
-	_, err = o.fs.createOrUpdate(ctx, o.remote, modTime, o.size, o.md5)
+	_, err = o.fs.createOrUpdate(ctx, o.remote, o.createTime, modTime, o.size, o.md5)
 	if err != nil {
 		if err == fs.ErrorObjectNotFound {
 			// file was modified (size/md5 changed) between readMetaData and createOrUpdate?
@@ -1838,12 +1916,12 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		if err == nil {
 			// if the object exists delete it
 			err = o.remove(ctx, true)
-			if err != nil {
+			if err != nil && err != fs.ErrorObjectNotFound {
+				// if delete failed then report that, unless it was because the file did not exist after all
 				return fmt.Errorf("failed to remove old object: %w", err)
 			}
-		}
-		// if the object does not exist we can just continue but if the error is something different we should report that
-		if err != fs.ErrorObjectNotFound {
+		} else if err != fs.ErrorObjectNotFound {
+			// if the object does not exist we can just continue but if the error is something different we should report that
 			return err
 		}
 	}
@@ -1865,6 +1943,37 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		// Wrap the accounting back onto the stream
 		in = wrap(in)
 	}
+	// Fetch metadata if --metadata is in use
+	meta, err := fs.GetMetadataOptions(ctx, o.fs, src, options)
+	if err != nil {
+		return fmt.Errorf("failed to read metadata from source object: %w", err)
+	}
+	var createdTime string
+	var modTime string
+	if meta != nil {
+		if v, ok := meta["btime"]; ok {
+			t, err := time.Parse(time.RFC3339Nano, v) // metadata stores RFC3339Nano timestamps
+			if err != nil {
+				fs.Debugf(o, "failed to parse metadata btime: %q: %v", v, err)
+			} else {
+				createdTime = api.Rfc3339Time(t).String() // jottacloud api wants RFC3339 timestamps
+			}
+		}
+		if v, ok := meta["mtime"]; ok {
+			t, err := time.Parse(time.RFC3339Nano, v)
+			if err != nil {
+				fs.Debugf(o, "failed to parse metadata mtime: %q: %v", v, err)
+			} else {
+				modTime = api.Rfc3339Time(t).String()
+			}
+		}
+	}
+	if modTime == "" { // prefer mtime in meta as Modified time, fallback to source ModTime
+		modTime = api.Rfc3339Time(src.ModTime(ctx)).String()
+	}
+	if createdTime == "" { // if no Created time set same as Modified
+		createdTime = modTime
+	}
 
 	// use the api to allocate the file first and get resume / deduplication info
 	var resp *http.Response
@@ -1874,13 +1983,12 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		Options:      options,
 		ExtraHeaders: make(map[string]string),
 	}
-	fileDate := api.Rfc3339Time(src.ModTime(ctx)).String()
 
 	// the allocate request
 	var request = api.AllocateFileRequest{
 		Bytes:    size,
-		Created:  fileDate,
-		Modified: fileDate,
+		Created:  createdTime,
+		Modified: modTime,
 		Md5:      md5String,
 		Path:     o.fs.allocatePathRaw(o.remote, true),
 	}
@@ -1895,7 +2003,10 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		return err
 	}
 
-	// If the file state is INCOMPLETE and CORRUPT, try to upload a then
+	// If the file state is INCOMPLETE and CORRUPT, we must upload it.
+	// Else, if the file state is COMPLETE, we don't need to upload it because
+	// the content is already there, possibly it was created with deduplication,
+	// and also any metadata changes are already performed by the allocate request.
 	if response.State != "COMPLETED" {
 		// how much do we still have to upload?
 		remainingBytes := size - response.ResumePos
@@ -1919,22 +2030,18 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		}
 
 		// send the remaining bytes
-		resp, err = o.fs.apiSrv.CallJSON(ctx, &opts, nil, &result)
+		_, err = o.fs.apiSrv.CallJSON(ctx, &opts, nil, &result)
 		if err != nil {
 			return err
 		}
 
-		// finally update the meta data
-		o.hasMetaData = true
-		o.size = result.Bytes
-		o.md5 = result.Md5
-		o.modTime = time.Unix(result.Modified/1000, 0)
-	} else {
-		// If the file state is COMPLETE we don't need to upload it because the file was already found but we still ned to update our metadata
-		return o.readMetaData(ctx, true)
+		// Upload response contains main metadata properties (size, md5 and modTime)
+		// which could be set back to the object, but it does not contain the
+		// necessary information to set the createTime and updateTime properties,
+		// so must therefore perform a read instead.
 	}
-
-	return nil
+	// in any case we must update the object meta data
+	return o.readMetaData(ctx, true)
 }
 
 func (o *Object) remove(ctx context.Context, hard bool) error {
@@ -1951,10 +2058,17 @@ func (o *Object) remove(ctx context.Context, hard bool) error {
 		opts.Parameters.Set("dl", "true")
 	}
 
-	return o.fs.pacer.Call(func() (bool, error) {
+	err := o.fs.pacer.Call(func() (bool, error) {
 		resp, err := o.fs.jfsSrv.CallXML(ctx, &opts, nil, nil)
 		return shouldRetry(ctx, resp, err)
 	})
+	if apiErr, ok := err.(*api.Error); ok {
+		// attempting to hard delete will fail if path does not exist, but standard delete will succeed
+		if apiErr.StatusCode == http.StatusNotFound {
+			return fs.ErrorObjectNotFound
+		}
+	}
+	return err
 }
 
 // Remove an object
@@ -1962,6 +2076,22 @@ func (o *Object) Remove(ctx context.Context) error {
 	return o.remove(ctx, o.fs.opt.HardDelete)
 }
 
+// Metadata returns metadata for an object
+//
+// It should return nil if there is no Metadata
+func (o *Object) Metadata(ctx context.Context) (metadata fs.Metadata, err error) {
+	err = o.readMetaData(ctx, false)
+	if err != nil {
+		fs.Logf(o, "Failed to read metadata: %v", err)
+		return nil, err
+	}
+	metadata.Set("btime", o.createTime.Format(time.RFC3339Nano)) // metadata timestamps should be RFC3339Nano
+	metadata.Set("mtime", o.modTime.Format(time.RFC3339Nano))
+	metadata.Set("utime", o.updateTime.Format(time.RFC3339Nano))
+	metadata.Set("content-type", o.mimeType)
+	return metadata, nil
+}
+
 // Check the interfaces are satisfied
 var (
 	_ fs.Fs           = (*Fs)(nil)
@@ -1976,4 +2106,5 @@ var (
 	_ fs.CleanUpper   = (*Fs)(nil)
 	_ fs.Object       = (*Object)(nil)
 	_ fs.MimeTyper    = (*Object)(nil)
+	_ fs.Metadataer   = (*Object)(nil)
 )
diff --git a/backend/jottacloud/jottacloud_internal_test.go b/backend/jottacloud/jottacloud_internal_test.go
index b2b11758af585..f77a3f291cbdf 100644
--- a/backend/jottacloud/jottacloud_internal_test.go
+++ b/backend/jottacloud/jottacloud_internal_test.go
@@ -1,11 +1,17 @@
 package jottacloud
 
 import (
+	"context"
 	"crypto/md5"
 	"fmt"
 	"io"
 	"testing"
+	"time"
 
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fstest"
+	"github.com/rclone/rclone/fstest/fstests"
+	"github.com/rclone/rclone/lib/random"
 	"github.com/rclone/rclone/lib/readers"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -40,3 +46,48 @@ func TestReadMD5(t *testing.T) {
 		})
 	}
 }
+
+func (f *Fs) InternalTestMetadata(t *testing.T) {
+	ctx := context.Background()
+	contents := random.String(1000)
+
+	item := fstest.NewItem("test-metadata", contents, fstest.Time("2001-05-06T04:05:06.499999999Z"))
+	utime := time.Now()
+	metadata := fs.Metadata{
+		"btime": "2009-05-06T04:05:06.499999999Z",
+		"mtime": "2010-06-07T08:09:07.599999999Z",
+		//"utime" - read-only
+		//"content-type" - read-only
+	}
+	obj := fstests.PutTestContentsMetadata(ctx, t, f, &item, contents, true, "text/html", metadata)
+	defer func() {
+		assert.NoError(t, obj.Remove(ctx))
+	}()
+	o := obj.(*Object)
+	gotMetadata, err := o.Metadata(ctx)
+	require.NoError(t, err)
+	for k, v := range metadata {
+		got := gotMetadata[k]
+		switch k {
+		case "btime":
+			assert.True(t, fstest.Time(v).Truncate(f.Precision()).Equal(fstest.Time(got)), fmt.Sprintf("btime not equal want %v got %v", v, got))
+		case "mtime":
+			assert.True(t, fstest.Time(v).Truncate(f.Precision()).Equal(fstest.Time(got)), fmt.Sprintf("btime not equal want %v got %v", v, got))
+		case "utime":
+			gotUtime := fstest.Time(got)
+			dt := gotUtime.Sub(utime)
+			assert.True(t, dt < time.Minute && dt > -time.Minute, fmt.Sprintf("utime more than 1 minute out want %v got %v delta %v", utime, gotUtime, dt))
+			assert.True(t, fstest.Time(v).Equal(fstest.Time(got)))
+		case "content-type":
+			assert.True(t, o.MimeType(ctx) == got)
+		default:
+			assert.Equal(t, v, got, k)
+		}
+	}
+}
+
+func (f *Fs) InternalTest(t *testing.T) {
+	t.Run("Metadata", f.InternalTestMetadata)
+}
+
+var _ fstests.InternalTester = (*Fs)(nil)
diff --git a/backend/koofr/koofr.go b/backend/koofr/koofr.go
index 54513f0c1da48..e71fb41685dca 100644
--- a/backend/koofr/koofr.go
+++ b/backend/koofr/koofr.go
@@ -61,9 +61,10 @@ func init() {
 			Default:  true,
 			Advanced: true,
 		}, {
-			Name:     "user",
-			Help:     "Your user name.",
-			Required: true,
+			Name:      "user",
+			Help:      "Your user name.",
+			Required:  true,
+			Sensitive: true,
 		}, {
 			Name:       "password",
 			Help:       "Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).",
@@ -376,7 +377,7 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 	for i, file := range files {
 		remote := path.Join(dir, f.opt.Enc.ToStandardName(file.Name))
 		if file.Type == "dir" {
-			entries[i] = fs.NewDir(remote, time.Unix(0, 0))
+			entries[i] = fs.NewDir(remote, time.Time{})
 		} else {
 			entries[i] = &Object{
 				fs:     f,
diff --git a/backend/linkbox/linkbox.go b/backend/linkbox/linkbox.go
new file mode 100644
index 0000000000000..75445ea72820d
--- /dev/null
+++ b/backend/linkbox/linkbox.go
@@ -0,0 +1,897 @@
+// Package linkbox provides an interface to the linkbox.to Cloud storage system.
+//
+// API docs: https://www.linkbox.to/api-docs
+package linkbox
+
+/*
+   Extras
+   - PublicLink - NO - sharing doesn't share the actual file, only a page with it on
+   - Move - YES - have Move and Rename file APIs so is possible
+   - MoveDir - NO - probably not possible - have Move but no Rename
+*/
+
+import (
+	"bytes"
+	"context"
+	"crypto/md5"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config/configmap"
+	"github.com/rclone/rclone/fs/config/configstruct"
+	"github.com/rclone/rclone/fs/fserrors"
+	"github.com/rclone/rclone/fs/fshttp"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/dircache"
+	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/rest"
+)
+
+const (
+	maxEntitiesPerPage = 1024
+	minSleep           = 200 * time.Millisecond
+	maxSleep           = 2 * time.Second
+	pacerBurst         = 1
+	linkboxAPIURL      = "https://www.linkbox.to/api/open/"
+	rootID             = "0" // ID of root directory
+)
+
+func init() {
+	fsi := &fs.RegInfo{
+		Name:        "linkbox",
+		Description: "Linkbox",
+		NewFs:       NewFs,
+		Options: []fs.Option{{
+			Name:      "token",
+			Help:      "Token from https://www.linkbox.to/admin/account",
+			Sensitive: true,
+			Required:  true,
+		}},
+	}
+	fs.Register(fsi)
+}
+
+// Options defines the configuration for this backend
+type Options struct {
+	Token string `config:"token"`
+}
+
+// Fs stores the interface to the remote Linkbox files
+type Fs struct {
+	name     string
+	root     string
+	opt      Options            // options for this backend
+	features *fs.Features       // optional features
+	ci       *fs.ConfigInfo     // global config
+	srv      *rest.Client       // the connection to the server
+	dirCache *dircache.DirCache // Map of directory path to directory id
+	pacer    *fs.Pacer
+}
+
+// Object is a remote object that has been stat'd (so it exists, but is not necessarily open for reading)
+type Object struct {
+	fs          *Fs
+	remote      string
+	size        int64
+	modTime     time.Time
+	contentType string
+	fullURL     string
+	dirID       int64
+	itemID      string // and these IDs are for files
+	id          int64  // these IDs appear to apply to directories
+	isDir       bool
+}
+
+// NewFs creates a new Fs object from the name and root. It connects to
+// the host specified in the config file.
+func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error) {
+	root = strings.Trim(root, "/")
+	// Parse config into Options struct
+
+	opt := new(Options)
+	err := configstruct.Set(m, opt)
+	if err != nil {
+		return nil, err
+	}
+
+	ci := fs.GetConfig(ctx)
+
+	f := &Fs{
+		name: name,
+		opt:  *opt,
+		root: root,
+		ci:   ci,
+		srv:  rest.NewClient(fshttp.NewClient(ctx)),
+
+		pacer: fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep))),
+	}
+	f.dirCache = dircache.New(root, rootID, f)
+
+	f.features = (&fs.Features{
+		CanHaveEmptyDirectories: true,
+		CaseInsensitive:         true,
+	}).Fill(ctx, f)
+
+	// Find the current root
+	err = f.dirCache.FindRoot(ctx, false)
+	if err != nil {
+		// Assume it is a file
+		newRoot, remote := dircache.SplitPath(root)
+		tempF := *f
+		tempF.dirCache = dircache.New(newRoot, rootID, &tempF)
+		tempF.root = newRoot
+		// Make new Fs which is the parent
+		err = tempF.dirCache.FindRoot(ctx, false)
+		if err != nil {
+			// No root so return old f
+			return f, nil
+		}
+		_, err := tempF.NewObject(ctx, remote)
+		if err != nil {
+			if err == fs.ErrorObjectNotFound {
+				// File doesn't exist so return old f
+				return f, nil
+			}
+			return nil, err
+		}
+		f.features.Fill(ctx, &tempF)
+		// XXX: update the old f here instead of returning tempF, since
+		// `features` were already filled with functions having *f as a receiver.
+		// See https://github.com/rclone/rclone/issues/2182
+		f.dirCache = tempF.dirCache
+		f.root = tempF.root
+		// return an error with an fs which points to the parent
+		return f, fs.ErrorIsFile
+	}
+	return f, nil
+}
+
+type entity struct {
+	Type   string `json:"type"`
+	Name   string `json:"name"`
+	URL    string `json:"url"`
+	Ctime  int64  `json:"ctime"`
+	Size   int64  `json:"size"`
+	ID     int64  `json:"id"`
+	Pid    int64  `json:"pid"`
+	ItemID string `json:"item_id"`
+}
+
+// Return true if the entity is a directory
+func (e *entity) isDir() bool {
+	return e.Type == "dir" || e.Type == "sdir"
+}
+
+type data struct {
+	Entities []entity `json:"list"`
+}
+type fileSearchRes struct {
+	response
+	SearchData data `json:"data"`
+}
+
+// Set an object info from an entity
+func (o *Object) set(e *entity) {
+	o.modTime = time.Unix(e.Ctime, 0)
+	o.contentType = e.Type
+	o.size = e.Size
+	o.fullURL = e.URL
+	o.isDir = e.isDir()
+	o.id = e.ID
+	o.itemID = e.ItemID
+	o.dirID = e.Pid
+}
+
+// Call linkbox with the query in opts and return result
+//
+// This will be checked for error and an error will be returned if Status != 1
+func getUnmarshaledResponse(ctx context.Context, f *Fs, opts *rest.Opts, result interface{}) error {
+	err := f.pacer.Call(func() (bool, error) {
+		resp, err := f.srv.CallJSON(ctx, opts, nil, &result)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return err
+	}
+	responser := result.(responser)
+	if responser.IsError() {
+		return responser
+	}
+	return nil
+}
+
+// list the objects into the function supplied
+//
+// If directories is set it only sends directories
+// User function to process a File item from listAll
+//
+// Should return true to finish processing
+type listAllFn func(*entity) bool
+
+// Search is a bit fussy about which characters match
+//
+// If the name doesn't match this then do an dir list instead
+var searchOK = regexp.MustCompile(`^[a-zA-Z0-9_ .]+$`)
+
+// Lists the directory required calling the user function on each item found
+//
+// If the user fn ever returns true then it early exits with found = true
+//
+// If you set name then search ignores dirID. name is a substring
+// search also so name="dir" matches "sub dir" also. This filters it
+// down so it only returns items in dirID
+func (f *Fs) listAll(ctx context.Context, dirID string, name string, fn listAllFn) (found bool, err error) {
+	var (
+		pageNumber       = 0
+		numberOfEntities = maxEntitiesPerPage
+	)
+	name = strings.TrimSpace(name) // search doesn't like spaces
+	if !searchOK.MatchString(name) {
+		// If name isn't good then do an unbounded search
+		name = ""
+	}
+OUTER:
+	for numberOfEntities == maxEntitiesPerPage {
+		pageNumber++
+		opts := &rest.Opts{
+			Method:  "GET",
+			RootURL: linkboxAPIURL,
+			Path:    "file_search",
+			Parameters: url.Values{
+				"token":    {f.opt.Token},
+				"name":     {name},
+				"pid":      {dirID},
+				"pageNo":   {itoa(pageNumber)},
+				"pageSize": {itoa64(maxEntitiesPerPage)},
+			},
+		}
+
+		var responseResult fileSearchRes
+		err = getUnmarshaledResponse(ctx, f, opts, &responseResult)
+		if err != nil {
+			return false, fmt.Errorf("getting files failed: %w", err)
+
+		}
+
+		numberOfEntities = len(responseResult.SearchData.Entities)
+
+		for _, entity := range responseResult.SearchData.Entities {
+			if itoa64(entity.Pid) != dirID {
+				// when name != "" this returns from all directories, so ignore not this one
+				continue
+			}
+			if fn(&entity) {
+				found = true
+				break OUTER
+			}
+		}
+		if pageNumber > 100000 {
+			return false, fmt.Errorf("too many results")
+		}
+	}
+	return found, nil
+}
+
+// Turn 64 bit int to string
+func itoa64(i int64) string {
+	return strconv.FormatInt(i, 10)
+}
+
+// Turn int to string
+func itoa(i int) string {
+	return itoa64(int64(i))
+}
+
+func splitDirAndName(remote string) (dir string, name string) {
+	lastSlashPosition := strings.LastIndex(remote, "/")
+	if lastSlashPosition == -1 {
+		dir = ""
+		name = remote
+	} else {
+		dir = remote[:lastSlashPosition]
+		name = remote[lastSlashPosition+1:]
+	}
+
+	// fs.Debugf(nil, "splitDirAndName remote = {%s}, dir = {%s}, name = {%s}", remote, dir, name)
+
+	return dir, name
+}
+
+// FindLeaf finds a directory of name leaf in the folder with ID directoryID
+func (f *Fs) FindLeaf(ctx context.Context, directoryID, leaf string) (directoryIDOut string, found bool, err error) {
+	// Find the leaf in directoryID
+	found, err = f.listAll(ctx, directoryID, leaf, func(entity *entity) bool {
+		if entity.isDir() && strings.EqualFold(entity.Name, leaf) {
+			directoryIDOut = itoa64(entity.ID)
+			return true
+		}
+		return false
+	})
+	return directoryIDOut, found, err
+}
+
+// Returned from "folder_create"
+type folderCreateRes struct {
+	response
+	Data struct {
+		DirID int64 `json:"dirId"`
+	} `json:"data"`
+}
+
+// CreateDir makes a directory with dirID as parent and name leaf
+func (f *Fs) CreateDir(ctx context.Context, dirID, leaf string) (newID string, err error) {
+	// fs.Debugf(f, "CreateDir(%q, %q)\n", dirID, leaf)
+	opts := &rest.Opts{
+		Method:  "GET",
+		RootURL: linkboxAPIURL,
+		Path:    "folder_create",
+		Parameters: url.Values{
+			"token":       {f.opt.Token},
+			"name":        {leaf},
+			"pid":         {dirID},
+			"isShare":     {"0"},
+			"canInvite":   {"1"},
+			"canShare":    {"1"},
+			"withBodyImg": {"1"},
+			"desc":        {""},
+		},
+	}
+
+	response := folderCreateRes{}
+	err = getUnmarshaledResponse(ctx, f, opts, &response)
+	if err != nil {
+		// response status 1501 means that directory already exists
+		if response.Status == 1501 {
+			return newID, fmt.Errorf("couldn't find already created directory: %w", fs.ErrorDirNotFound)
+		}
+		return newID, fmt.Errorf("CreateDir failed: %w", err)
+
+	}
+	if response.Data.DirID == 0 {
+		return newID, fmt.Errorf("API returned 0 for ID of newly created directory")
+	}
+	return itoa64(response.Data.DirID), nil
+}
+
+// List the objects and directories in dir into entries.  The
+// entries can be returned in any order but should be for a
+// complete directory.
+//
+// dir should be "" to list the root, and should not have
+// trailing slashes.
+//
+// This should return ErrDirNotFound if the directory isn't
+// found.
+func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error) {
+	// fs.Debugf(f, "List method dir = {%s}", dir)
+	directoryID, err := f.dirCache.FindDir(ctx, dir, false)
+	if err != nil {
+		return nil, err
+	}
+	_, err = f.listAll(ctx, directoryID, "", func(entity *entity) bool {
+		remote := path.Join(dir, entity.Name)
+		if entity.isDir() {
+			id := itoa64(entity.ID)
+			modTime := time.Unix(entity.Ctime, 0)
+			d := fs.NewDir(remote, modTime).SetID(id).SetParentID(itoa64(entity.Pid))
+			entries = append(entries, d)
+			// cache the directory ID for later lookups
+			f.dirCache.Put(remote, id)
+		} else {
+			o := &Object{
+				fs:     f,
+				remote: remote,
+			}
+			o.set(entity)
+			entries = append(entries, o)
+		}
+		return false
+	})
+	if err != nil {
+		return nil, err
+	}
+	return entries, nil
+}
+
+// get an entity with leaf from dirID
+func getEntity(ctx context.Context, f *Fs, leaf string, directoryID string, token string) (*entity, error) {
+	var result *entity
+	var resultErr = fs.ErrorObjectNotFound
+	_, err := f.listAll(ctx, directoryID, leaf, func(entity *entity) bool {
+		if strings.EqualFold(entity.Name, leaf) {
+			// fs.Debugf(f, "getObject found entity.Name {%s} name {%s}", entity.Name, name)
+			if entity.isDir() {
+				result = nil
+				resultErr = fs.ErrorIsDir
+			} else {
+				result = entity
+				resultErr = nil
+			}
+			return true
+		}
+		return false
+	})
+	if err != nil {
+		return nil, err
+	}
+	return result, resultErr
+}
+
+// NewObject finds the Object at remote.  If it can't be found
+// it returns the error ErrorObjectNotFound.
+//
+// If remote points to a directory then it should return
+// ErrorIsDir if possible without doing any extra work,
+// otherwise ErrorObjectNotFound.
+func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
+	leaf, dirID, err := f.dirCache.FindPath(ctx, remote, false)
+	if err != nil {
+		if err == fs.ErrorDirNotFound {
+			return nil, fs.ErrorObjectNotFound
+		}
+		return nil, err
+	}
+
+	entity, err := getEntity(ctx, f, leaf, dirID, f.opt.Token)
+	if err != nil {
+		return nil, err
+	}
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+	o.set(entity)
+	return o, nil
+}
+
+// Mkdir makes the directory (container, bucket)
+//
+// Shouldn't return an error if it already exists
+func (f *Fs) Mkdir(ctx context.Context, dir string) error {
+	_, err := f.dirCache.FindDir(ctx, dir, true)
+	return err
+}
+
+func (f *Fs) purgeCheck(ctx context.Context, dir string, check bool) error {
+	if check {
+		entries, err := f.List(ctx, dir)
+		if err != nil {
+			return err
+		}
+		if len(entries) != 0 {
+			return fs.ErrorDirectoryNotEmpty
+		}
+	}
+
+	directoryID, err := f.dirCache.FindDir(ctx, dir, false)
+	if err != nil {
+		return err
+	}
+	opts := &rest.Opts{
+		Method:  "GET",
+		RootURL: linkboxAPIURL,
+		Path:    "folder_del",
+		Parameters: url.Values{
+			"token":  {f.opt.Token},
+			"dirIds": {directoryID},
+		},
+	}
+
+	response := response{}
+	err = getUnmarshaledResponse(ctx, f, opts, &response)
+	if err != nil {
+		// Linkbox has some odd error returns here
+		if response.Status == 403 || response.Status == 500 {
+			return fs.ErrorDirNotFound
+		}
+		return fmt.Errorf("purge error: %w", err)
+	}
+
+	f.dirCache.FlushDir(dir)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Rmdir removes the directory (container, bucket) if empty
+//
+// Return an error if it doesn't exist or isn't empty
+func (f *Fs) Rmdir(ctx context.Context, dir string) error {
+	return f.purgeCheck(ctx, dir, true)
+}
+
+// SetModTime sets modTime on a particular file
+func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error {
+	return fs.ErrorCantSetModTime
+}
+
+// Open opens the file for read.  Call Close() on the returned io.ReadCloser
+func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadCloser, error) {
+	var res *http.Response
+	downloadURL := o.fullURL
+	if downloadURL == "" {
+		_, name := splitDirAndName(o.Remote())
+		newObject, err := getEntity(ctx, o.fs, name, itoa64(o.dirID), o.fs.opt.Token)
+		if err != nil {
+			return nil, err
+		}
+		if newObject == nil {
+			// fs.Debugf(o.fs, "Open entity is empty: name = {%s}", name)
+			return nil, fs.ErrorObjectNotFound
+		}
+
+		downloadURL = newObject.URL
+	}
+
+	opts := &rest.Opts{
+		Method:  "GET",
+		RootURL: downloadURL,
+		Options: options,
+	}
+
+	err := o.fs.pacer.Call(func() (bool, error) {
+		var err error
+		res, err = o.fs.srv.Call(ctx, opts)
+		return o.fs.shouldRetry(ctx, res, err)
+	})
+
+	if err != nil {
+		return nil, fmt.Errorf("Open failed: %w", err)
+	}
+
+	return res.Body, nil
+}
+
+// Update in to the object with the modTime given of the given size
+//
+// When called from outside an Fs by rclone, src.Size() will always be >= 0.
+// But for unknown-sized objects (indicated by src.Size() == -1), Upload should either
+// return an error or update the object properly (rather than e.g. calling panic).
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
+	size := src.Size()
+	if size == 0 {
+		return fs.ErrorCantUploadEmptyFiles
+	} else if size < 0 {
+		return fmt.Errorf("can't upload files of unknown length")
+	}
+
+	remote := o.Remote()
+
+	// remove the file if it exists
+	if o.itemID != "" {
+		fs.Debugf(o, "Update: removing old file")
+		err = o.Remove(ctx)
+		if err != nil {
+			fs.Errorf(o, "Update: failed to remove existing file: %v", err)
+		}
+		o.itemID = ""
+	} else {
+		tmpObject, err := o.fs.NewObject(ctx, remote)
+		if err == nil {
+			fs.Debugf(o, "Update: removing old file")
+			err = tmpObject.Remove(ctx)
+			if err != nil {
+				fs.Errorf(o, "Update: failed to remove existing file: %v", err)
+			}
+		}
+	}
+
+	first10m := io.LimitReader(in, 10_485_760)
+	first10mBytes, err := io.ReadAll(first10m)
+	if err != nil {
+		return fmt.Errorf("Update err in reading file: %w", err)
+	}
+
+	// get upload authorization (step 1)
+	opts := &rest.Opts{
+		Method:  "GET",
+		RootURL: linkboxAPIURL,
+		Path:    "get_upload_url",
+		Options: options,
+		Parameters: url.Values{
+			"token":           {o.fs.opt.Token},
+			"fileMd5ofPre10m": {fmt.Sprintf("%x", md5.Sum(first10mBytes))},
+			"fileSize":        {itoa64(size)},
+		},
+	}
+
+	getFirstStepResult := getUploadURLResponse{}
+	err = getUnmarshaledResponse(ctx, o.fs, opts, &getFirstStepResult)
+	if err != nil {
+		if getFirstStepResult.Status != 600 {
+			return fmt.Errorf("Update err in unmarshaling response: %w", err)
+		}
+	}
+
+	switch getFirstStepResult.Status {
+	case 1:
+		// upload file using link from first step
+		var res *http.Response
+
+		file := io.MultiReader(bytes.NewReader(first10mBytes), in)
+
+		opts := &rest.Opts{
+			Method:        "PUT",
+			RootURL:       getFirstStepResult.Data.SignURL,
+			Options:       options,
+			Body:          file,
+			ContentLength: &size,
+		}
+
+		err = o.fs.pacer.CallNoRetry(func() (bool, error) {
+			res, err = o.fs.srv.Call(ctx, opts)
+			return o.fs.shouldRetry(ctx, res, err)
+		})
+
+		if err != nil {
+			return fmt.Errorf("update err in uploading file: %w", err)
+		}
+
+		_, err = io.ReadAll(res.Body)
+		if err != nil {
+			return fmt.Errorf("update err in reading response: %w", err)
+		}
+
+	case 600:
+		// Status means that we don't need to upload file
+		// We need only to make second step
+	default:
+		return fmt.Errorf("got unexpected message from Linkbox: %s", getFirstStepResult.Message)
+	}
+
+	leaf, dirID, err := o.fs.dirCache.FindPath(ctx, remote, false)
+	if err != nil {
+		return err
+	}
+
+	// create file item at Linkbox (second step)
+	opts = &rest.Opts{
+		Method:  "GET",
+		RootURL: linkboxAPIURL,
+		Path:    "folder_upload_file",
+		Options: options,
+		Parameters: url.Values{
+			"token":           {o.fs.opt.Token},
+			"fileMd5ofPre10m": {fmt.Sprintf("%x", md5.Sum(first10mBytes))},
+			"fileSize":        {itoa64(size)},
+			"pid":             {dirID},
+			"diyName":         {leaf},
+		},
+	}
+
+	getSecondStepResult := getUploadURLResponse{}
+	err = getUnmarshaledResponse(ctx, o.fs, opts, &getSecondStepResult)
+	if err != nil {
+		return fmt.Errorf("Update second step failed: %w", err)
+	}
+
+	// Try a few times to read the object after upload for eventual consistency
+	const maxTries = 10
+	var sleepTime = 100 * time.Millisecond
+	var entity *entity
+	for try := 1; try <= maxTries; try++ {
+		entity, err = getEntity(ctx, o.fs, leaf, dirID, o.fs.opt.Token)
+		if err == nil {
+			break
+		}
+		if err != fs.ErrorObjectNotFound {
+			return fmt.Errorf("Update failed to read object: %w", err)
+		}
+		fs.Debugf(o, "Trying to read object after upload: try again in %v (%d/%d)", sleepTime, try, maxTries)
+		time.Sleep(sleepTime)
+		sleepTime *= 2
+	}
+	if err != nil {
+		return err
+	}
+	o.set(entity)
+	return nil
+}
+
+// Remove this object
+func (o *Object) Remove(ctx context.Context) error {
+	opts := &rest.Opts{
+		Method:  "GET",
+		RootURL: linkboxAPIURL,
+		Path:    "file_del",
+		Parameters: url.Values{
+			"token":   {o.fs.opt.Token},
+			"itemIds": {o.itemID},
+		},
+	}
+	requestResult := getUploadURLResponse{}
+	err := getUnmarshaledResponse(ctx, o.fs, opts, &requestResult)
+	if err != nil {
+		return fmt.Errorf("could not Remove: %w", err)
+
+	}
+	return nil
+}
+
+// ModTime returns the modification time of the remote http file
+func (o *Object) ModTime(ctx context.Context) time.Time {
+	return o.modTime
+}
+
+// Remote the name of the remote HTTP file, relative to the fs root
+func (o *Object) Remote() string {
+	return o.remote
+}
+
+// Size returns the size in bytes of the remote http file
+func (o *Object) Size() int64 {
+	return o.size
+}
+
+// String returns the URL to the remote HTTP file
+func (o *Object) String() string {
+	if o == nil {
+		return "<nil>"
+	}
+	return o.remote
+}
+
+// Fs is the filesystem this remote http file object is located within
+func (o *Object) Fs() fs.Info {
+	return o.fs
+}
+
+// Hash returns "" since HTTP (in Go or OpenSSH) doesn't support remote calculation of hashes
+func (o *Object) Hash(ctx context.Context, r hash.Type) (string, error) {
+	return "", hash.ErrUnsupported
+}
+
+// Storable returns whether the remote http file is a regular file
+// (not a directory, symbolic link, block device, character device, named pipe, etc.)
+func (o *Object) Storable() bool {
+	return true
+}
+
+// Features returns the optional features of this Fs
+// Info provides a read only interface to information about a filesystem.
+func (f *Fs) Features() *fs.Features {
+	return f.features
+}
+
+// Name of the remote (as passed into NewFs)
+// Name returns the configured name of the file system
+func (f *Fs) Name() string {
+	return f.name
+}
+
+// Root of the remote (as passed into NewFs)
+func (f *Fs) Root() string {
+	return f.root
+}
+
+// String returns a description of the FS
+func (f *Fs) String() string {
+	return fmt.Sprintf("Linkbox root '%s'", f.root)
+}
+
+// Precision of the ModTimes in this Fs
+func (f *Fs) Precision() time.Duration {
+	return fs.ModTimeNotSupported
+}
+
+// Hashes returns hash.HashNone to indicate remote hashing is unavailable
+// Returns the supported hash types of the filesystem
+func (f *Fs) Hashes() hash.Set {
+	return hash.Set(hash.None)
+}
+
+/*
+	{
+	  "data": {
+	    "signUrl": "http://xx -- Then CURL PUT your file with sign url "
+	  },
+	  "msg": "please use this url to upload (PUT method)",
+	  "status": 1
+	}
+*/
+
+// All messages have these items
+type response struct {
+	Message string `json:"msg"`
+	Status  int    `json:"status"`
+}
+
+// IsError returns whether response represents an error
+func (r *response) IsError() bool {
+	return r.Status != 1
+}
+
+// Error returns the error state of this response
+func (r *response) Error() string {
+	return fmt.Sprintf("Linkbox error %d: %s", r.Status, r.Message)
+}
+
+// responser is interface covering the response so we can use it when it is embedded.
+type responser interface {
+	IsError() bool
+	Error() string
+}
+
+type getUploadURLData struct {
+	SignURL string `json:"signUrl"`
+}
+
+type getUploadURLResponse struct {
+	response
+	Data getUploadURLData `json:"data"`
+}
+
+// Put in to the remote path with the modTime given of the given size
+//
+// When called from outside an Fs by rclone, src.Size() will always be >= 0.
+// But for unknown-sized objects (indicated by src.Size() == -1), Put should either
+// return an error or upload it properly (rather than e.g. calling panic).
+//
+// May create the object even if it returns an error - if so
+// will return the object and the error, otherwise will return
+// nil and the error
+func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	o := &Object{
+		fs:     f,
+		remote: src.Remote(),
+		size:   src.Size(),
+	}
+	dir, _ := splitDirAndName(src.Remote())
+	err := f.Mkdir(ctx, dir)
+	if err != nil {
+		return nil, err
+	}
+	err = o.Update(ctx, in, src, options...)
+	return o, err
+}
+
+// Purge all files in the directory specified
+//
+// Implement this if you have a way of deleting all the files
+// quicker than just running Remove() on the result of List()
+//
+// Return an error if it doesn't exist
+func (f *Fs) Purge(ctx context.Context, dir string) error {
+	return f.purgeCheck(ctx, dir, false)
+}
+
+// retryErrorCodes is a slice of error codes that we will retry
+var retryErrorCodes = []int{
+	429, // Too Many Requests.
+	500, // Internal Server Error
+	502, // Bad Gateway
+	503, // Service Unavailable
+	504, // Gateway Timeout
+	509, // Bandwidth Limit Exceeded
+}
+
+// shouldRetry determines whether a given err rates being retried
+func (f *Fs) shouldRetry(ctx context.Context, resp *http.Response, err error) (bool, error) {
+	if fserrors.ContextError(ctx, &err) {
+		return false, err
+	}
+	return fserrors.ShouldRetry(err) || fserrors.ShouldRetryHTTP(resp, retryErrorCodes), err
+}
+
+// DirCacheFlush resets the directory cache - used in testing as an
+// optional interface
+func (f *Fs) DirCacheFlush() {
+	f.dirCache.ResetRoot()
+}
+
+// Check the interfaces are satisfied
+var (
+	_ fs.Fs              = &Fs{}
+	_ fs.Purger          = &Fs{}
+	_ fs.DirCacheFlusher = &Fs{}
+	_ fs.Object          = &Object{}
+)
diff --git a/backend/linkbox/linkbox_test.go b/backend/linkbox/linkbox_test.go
new file mode 100644
index 0000000000000..aa03c79ca763b
--- /dev/null
+++ b/backend/linkbox/linkbox_test.go
@@ -0,0 +1,17 @@
+// Test Linkbox filesystem interface
+package linkbox_test
+
+import (
+	"testing"
+
+	"github.com/rclone/rclone/backend/linkbox"
+	"github.com/rclone/rclone/fstest/fstests"
+)
+
+// TestIntegration runs integration tests against the remote
+func TestIntegration(t *testing.T) {
+	fstests.Run(t, &fstests.Opt{
+		RemoteName: "TestLinkbox:",
+		NilObject:  (*linkbox.Object)(nil),
+	})
+}
diff --git a/backend/local/local.go b/backend/local/local.go
index 48f646bced808..c444267f150a9 100644
--- a/backend/local/local.go
+++ b/backend/local/local.go
@@ -13,6 +13,7 @@ import (
 	"runtime"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 	"unicode/utf8"
 
@@ -145,6 +146,11 @@ time we:
 - Only checksum the size that stat gave
 - Don't update the stat info for the file
 
+**NB** do not use this flag on a Windows Volume Shadow (VSS). For some
+unknown reason, files in a VSS sometimes show different sizes from the
+directory listing (where the initial stat value comes from on Windows)
+and when stat is called on them directly. Other copy tools always use
+the direct stat value and setting this flag will disable that.
 `,
 			Default:  false,
 			Advanced: true,
@@ -243,7 +249,7 @@ type Fs struct {
 	precision      time.Duration       // precision of local filesystem
 	warnedMu       sync.Mutex          // used for locking access to 'warned'.
 	warned         map[string]struct{} // whether we have warned about this string
-	xattrSupported int32               // whether xattrs are supported (atomic access)
+	xattrSupported atomic.Int32        // whether xattrs are supported
 
 	// do os.Lstat or os.Stat
 	lstat        func(name string) (os.FileInfo, error)
@@ -266,7 +272,10 @@ type Object struct {
 
 // ------------------------------------------------------------
 
-var errLinksAndCopyLinks = errors.New("can't use -l/--links with -L/--copy-links")
+var (
+	errLinksAndCopyLinks = errors.New("can't use -l/--links with -L/--copy-links")
+	errLinksNeedsSuffix  = errors.New("need \"" + linkSuffix + "\" suffix to refer to symlink when using -l/--links")
+)
 
 // NewFs constructs an Fs from the path
 func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error) {
@@ -288,7 +297,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		lstat:  os.Lstat,
 	}
 	if xattrSupported {
-		f.xattrSupported = 1
+		f.xattrSupported.Store(1)
 	}
 	f.root = cleanRootPath(root, f.opt.NoUNC, f.opt.Enc)
 	f.features = (&fs.Features{
@@ -300,6 +309,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		WriteMetadata:           true,
 		UserMetadata:            xattrSupported, // can only R/W general purpose metadata if xattrs are supported
 		FilterAware:             true,
+		PartialUploads:          true,
 	}).Fill(ctx, f)
 	if opt.FollowSymlinks {
 		f.lstat = os.Stat
@@ -310,7 +320,16 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	if err == nil {
 		f.dev = readDevice(fi, f.opt.OneFileSystem)
 	}
+	// Check to see if this is a .rclonelink if not found
+	hasLinkSuffix := strings.HasSuffix(f.root, linkSuffix)
+	if hasLinkSuffix && opt.TranslateSymlinks && os.IsNotExist(err) {
+		fi, err = f.lstat(strings.TrimSuffix(f.root, linkSuffix))
+	}
 	if err == nil && f.isRegular(fi.Mode()) {
+		// Handle the odd case, that a symlink was specified by name without the link suffix
+		if !hasLinkSuffix && opt.TranslateSymlinks && fi.Mode()&os.ModeSymlink != 0 {
+			return nil, errLinksNeedsSuffix
+		}
 		// It is a file, so use the parent as the root
 		f.root = filepath.Dir(f.root)
 		// return an error with an fs which points to the parent
@@ -503,7 +522,7 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 								continue
 							}
 						}
-						err = fmt.Errorf("failed to read directory %q: %w", namepath, fierr)
+						fierr = fmt.Errorf("failed to get info about directory entry %q: %w", namepath, fierr)
 						fs.Errorf(dir, "%v", fierr)
 						_ = accounting.Stats(ctx).Error(fserrors.NoRetryError(fierr)) // fail the sync
 						continue
@@ -540,11 +559,6 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 				}
 				mode = fi.Mode()
 			}
-			// Don't include non directory if not included
-			// we leave directory filtering to the layer above
-			if useFilter && !fi.IsDir() && !filter.IncludeRemote(newRemote) {
-				continue
-			}
 			if fi.IsDir() {
 				// Ignore directories which are symlinks.  These are junction points under windows which
 				// are kind of a souped up symlink. Unix doesn't have directories which are symlinks.
@@ -557,6 +571,11 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 				if f.opt.TranslateSymlinks && fi.Mode()&os.ModeSymlink != 0 {
 					newRemote += linkSuffix
 				}
+				// Don't include non directory if not included
+				// we leave directory filtering to the layer above
+				if useFilter && !filter.IncludeRemote(newRemote) {
+					continue
+				}
 				fso, err := f.newObjectWithInfo(newRemote, fi)
 				if err != nil {
 					return nil, err
@@ -628,7 +647,13 @@ func (f *Fs) Mkdir(ctx context.Context, dir string) error {
 //
 // If it isn't empty it will return an error
 func (f *Fs) Rmdir(ctx context.Context, dir string) error {
-	return os.Remove(f.localPath(dir))
+	localPath := f.localPath(dir)
+	if fi, err := os.Stat(localPath); err != nil {
+		return err
+	} else if !fi.IsDir() {
+		return fs.ErrorIsFile
+	}
+	return os.Remove(localPath)
 }
 
 // Precision of the file system
@@ -1103,6 +1128,12 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 		}
 	}
 
+	// Update the file info before we start reading
+	err = o.lstat()
+	if err != nil {
+		return nil, err
+	}
+
 	// If not checking updated then limit to current size.  This means if
 	// file is being extended, readers will read a o.Size() bytes rather
 	// than the new size making for a consistent upload.
@@ -1267,7 +1298,7 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	}
 
 	// Fetch and set metadata if --metadata is in use
-	meta, err := fs.GetMetadataOptions(ctx, src, options)
+	meta, err := fs.GetMetadataOptions(ctx, o.fs, src, options)
 	if err != nil {
 		return fmt.Errorf("failed to read metadata from source object: %w", err)
 	}
diff --git a/backend/local/local_internal_test.go b/backend/local/local_internal_test.go
index 0fa78cd9f0d3b..06e47bed227b6 100644
--- a/backend/local/local_internal_test.go
+++ b/backend/local/local_internal_test.go
@@ -19,6 +19,7 @@ import (
 	"github.com/rclone/rclone/fs/filter"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/fs/object"
+	"github.com/rclone/rclone/fs/operations"
 	"github.com/rclone/rclone/fstest"
 	"github.com/rclone/rclone/lib/file"
 	"github.com/rclone/rclone/lib/readers"
@@ -146,6 +147,20 @@ func TestSymlink(t *testing.T) {
 	_, err = r.Flocal.NewObject(ctx, "symlink2.txt")
 	require.Equal(t, fs.ErrorObjectNotFound, err)
 
+	// Check that NewFs works with the suffixed version and --links
+	f2, err := NewFs(ctx, "local", filepath.Join(dir, "symlink2.txt"+linkSuffix), configmap.Simple{
+		"links": "true",
+	})
+	require.Equal(t, fs.ErrorIsFile, err)
+	require.Equal(t, dir, f2.(*Fs).root)
+
+	// Check that NewFs doesn't see the non suffixed version with --links
+	f2, err = NewFs(ctx, "local", filepath.Join(dir, "symlink2.txt"), configmap.Simple{
+		"links": "true",
+	})
+	require.Equal(t, errLinksNeedsSuffix, err)
+	require.Nil(t, f2)
+
 	// Check reading the object
 	in, err := o.Open(ctx)
 	require.NoError(t, err)
@@ -397,7 +412,7 @@ func TestFilter(t *testing.T) {
 	require.Equal(t, "[included]", fmt.Sprint(entries))
 }
 
-func TestFilterSymlink(t *testing.T) {
+func testFilterSymlink(t *testing.T, copyLinks bool) {
 	ctx := context.Background()
 	r := fstest.NewRun(t)
 	defer r.Finalise()
@@ -411,15 +426,23 @@ func TestFilterSymlink(t *testing.T) {
 	require.NoError(t, os.Symlink("included.dir", filepath.Join(r.LocalName, "included.dir.link")))
 	require.NoError(t, os.Symlink("dangling", filepath.Join(r.LocalName, "dangling.link")))
 
-	// Set fs into "-L" mode
-	f.opt.FollowSymlinks = true
-	f.opt.TranslateSymlinks = false
-	f.lstat = os.Stat
-
-	// Set fs into "-l" mode
-	// f.opt.FollowSymlinks = false
-	// f.opt.TranslateSymlinks = true
-	// f.lstat = os.Lstat
+	defer func() {
+		// Reset -L/-l mode
+		f.opt.FollowSymlinks = false
+		f.opt.TranslateSymlinks = false
+		f.lstat = os.Lstat
+	}()
+	if copyLinks {
+		// Set fs into "-L" mode
+		f.opt.FollowSymlinks = true
+		f.opt.TranslateSymlinks = false
+		f.lstat = os.Stat
+	} else {
+		// Set fs into "-l" mode
+		f.opt.FollowSymlinks = false
+		f.opt.TranslateSymlinks = true
+		f.lstat = os.Lstat
+	}
 
 	// Check set up for filtering
 	assert.True(t, f.Features().FilterAware)
@@ -431,21 +454,35 @@ func TestFilterSymlink(t *testing.T) {
 	// Add a filter
 	ctx, fi := filter.AddConfig(ctx)
 	require.NoError(t, fi.AddRule("+ included.file"))
-	require.NoError(t, fi.AddRule("+ included.file.link"))
 	require.NoError(t, fi.AddRule("+ included.dir/**"))
-	require.NoError(t, fi.AddRule("+ included.dir.link/**"))
+	if copyLinks {
+		require.NoError(t, fi.AddRule("+ included.file.link"))
+		require.NoError(t, fi.AddRule("+ included.dir.link/**"))
+	} else {
+		require.NoError(t, fi.AddRule("+ included.file.link.rclonelink"))
+		require.NoError(t, fi.AddRule("+ included.dir.link.rclonelink"))
+	}
 	require.NoError(t, fi.AddRule("- *"))
 
 	// Check listing without use filter flag
 	entries, err := f.List(ctx, "")
 	require.NoError(t, err)
 
-	// Check 1 global errors one for each dangling symlink
-	assert.Equal(t, int64(1), accounting.Stats(ctx).GetErrors(), "global errors found")
+	if copyLinks {
+		// Check 1 global errors one for each dangling symlink
+		assert.Equal(t, int64(1), accounting.Stats(ctx).GetErrors(), "global errors found")
+	} else {
+		// Check 0 global errors as dangling symlink copied properly
+		assert.Equal(t, int64(0), accounting.Stats(ctx).GetErrors(), "global errors found")
+	}
 	accounting.Stats(ctx).ResetErrors()
 
 	sort.Sort(entries)
-	require.Equal(t, "[included.dir included.dir.link included.file included.file.link]", fmt.Sprint(entries))
+	if copyLinks {
+		require.Equal(t, "[included.dir included.dir.link included.file included.file.link]", fmt.Sprint(entries))
+	} else {
+		require.Equal(t, "[dangling.link.rclonelink included.dir included.dir.link.rclonelink included.file included.file.link.rclonelink]", fmt.Sprint(entries))
+	}
 
 	// Add user filter flag
 	ctx = filter.SetUseFilter(ctx, true)
@@ -456,7 +493,11 @@ func TestFilterSymlink(t *testing.T) {
 	assert.Equal(t, int64(0), accounting.Stats(ctx).GetErrors(), "global errors found")
 
 	sort.Sort(entries)
-	require.Equal(t, "[included.dir included.dir.link included.file included.file.link]", fmt.Sprint(entries))
+	if copyLinks {
+		require.Equal(t, "[included.dir included.dir.link included.file included.file.link]", fmt.Sprint(entries))
+	} else {
+		require.Equal(t, "[included.dir included.dir.link.rclonelink included.file included.file.link.rclonelink]", fmt.Sprint(entries))
+	}
 
 	// Check listing through a symlink still works
 	entries, err = f.List(ctx, "included.dir")
@@ -466,3 +507,51 @@ func TestFilterSymlink(t *testing.T) {
 	sort.Sort(entries)
 	require.Equal(t, "[included.dir/included.sub.file]", fmt.Sprint(entries))
 }
+
+func TestFilterSymlinkCopyLinks(t *testing.T) {
+	testFilterSymlink(t, true)
+}
+
+func TestFilterSymlinkLinks(t *testing.T) {
+	testFilterSymlink(t, false)
+}
+
+func TestCopySymlink(t *testing.T) {
+	ctx := context.Background()
+	r := fstest.NewRun(t)
+	defer r.Finalise()
+	when := time.Now()
+	f := r.Flocal.(*Fs)
+
+	// Create a file and a symlink to it
+	r.WriteFile("src/file.txt", "hello world", when)
+	require.NoError(t, os.Symlink("file.txt", filepath.Join(r.LocalName, "src", "link.txt")))
+	defer func() {
+		// Reset -L/-l mode
+		f.opt.FollowSymlinks = false
+		f.opt.TranslateSymlinks = false
+		f.lstat = os.Lstat
+	}()
+
+	// Set fs into "-l/--links" mode
+	f.opt.FollowSymlinks = false
+	f.opt.TranslateSymlinks = true
+	f.lstat = os.Lstat
+
+	// Create dst
+	require.NoError(t, f.Mkdir(ctx, "dst"))
+
+	// Do copy from src into dst
+	src, err := f.NewObject(ctx, "src/link.txt.rclonelink")
+	require.NoError(t, err)
+	require.NotNil(t, src)
+	dst, err := operations.Copy(ctx, f, nil, "dst/link.txt.rclonelink", src)
+	require.NoError(t, err)
+	require.NotNil(t, dst)
+
+	// Test that we made a symlink and it has the right contents
+	dstPath := filepath.Join(r.LocalName, "dst", "link.txt")
+	linkContents, err := os.Readlink(dstPath)
+	require.NoError(t, err)
+	assert.Equal(t, "file.txt", linkContents)
+}
diff --git a/backend/local/metadata_linux.go b/backend/local/metadata_linux.go
index b274148e713c5..47294adbaecfa 100644
--- a/backend/local/metadata_linux.go
+++ b/backend/local/metadata_linux.go
@@ -5,6 +5,7 @@ package local
 
 import (
 	"fmt"
+	"runtime"
 	"sync"
 	"time"
 
@@ -23,7 +24,7 @@ func (o *Object) readMetadataFromFile(m *fs.Metadata) (err error) {
 		// Check statx() is available as it was only introduced in kernel 4.11
 		// If not, fall back to fstatat() which was introduced in 2.6.16 which is guaranteed for all Go versions
 		var stat unix.Statx_t
-		if unix.Statx(unix.AT_FDCWD, ".", 0, unix.STATX_ALL, &stat) != unix.ENOSYS {
+		if runtime.GOOS != "android" && unix.Statx(unix.AT_FDCWD, ".", 0, unix.STATX_ALL, &stat) != unix.ENOSYS {
 			readMetadataFromFileFn = readMetadataFromFileStatx
 		} else {
 			readMetadataFromFileFn = readMetadataFromFileFstatat
@@ -91,7 +92,7 @@ func readMetadataFromFileFstatat(o *Object, m *fs.Metadata) (err error) {
 		// The types of t.Sec and t.Nsec vary from int32 to int64 on
 		// different Linux architectures so we need to cast them to
 		// int64 here and hence need to quiet the linter about
-		// unecessary casts.
+		// unnecessary casts.
 		//
 		// nolint: unconvert
 		m.Set(key, time.Unix(int64(t.Sec), int64(t.Nsec)).Format(metadataTimeFormat))
diff --git a/backend/local/xattr.go b/backend/local/xattr.go
index 81e86d8a569f0..fec0e4e7beb84 100644
--- a/backend/local/xattr.go
+++ b/backend/local/xattr.go
@@ -6,7 +6,6 @@ package local
 import (
 	"fmt"
 	"strings"
-	"sync/atomic"
 	"syscall"
 
 	"github.com/pkg/xattr"
@@ -28,7 +27,7 @@ func (f *Fs) xattrIsNotSupported(err error) bool {
 	// Xattrs not supported can be ENOTSUP or ENOATTR or EINVAL (on Solaris)
 	if xattrErr.Err == syscall.EINVAL || xattrErr.Err == syscall.ENOTSUP || xattrErr.Err == xattr.ENOATTR {
 		// Show xattrs not supported
-		if atomic.CompareAndSwapInt32(&f.xattrSupported, 1, 0) {
+		if f.xattrSupported.CompareAndSwap(1, 0) {
 			fs.Errorf(f, "xattrs not supported - disabling: %v", err)
 		}
 		return true
@@ -41,7 +40,7 @@ func (f *Fs) xattrIsNotSupported(err error) bool {
 // It doesn't return any attributes owned by this backend in
 // metadataKeys
 func (o *Object) getXattr() (metadata fs.Metadata, err error) {
-	if !xattrSupported || atomic.LoadInt32(&o.fs.xattrSupported) == 0 {
+	if !xattrSupported || o.fs.xattrSupported.Load() == 0 {
 		return nil, nil
 	}
 	var list []string
@@ -90,7 +89,7 @@ func (o *Object) getXattr() (metadata fs.Metadata, err error) {
 //
 // It doesn't set any attributes owned by this backend in metadataKeys
 func (o *Object) setXattr(metadata fs.Metadata) (err error) {
-	if !xattrSupported || atomic.LoadInt32(&o.fs.xattrSupported) == 0 {
+	if !xattrSupported || o.fs.xattrSupported.Load() == 0 {
 		return nil
 	}
 	for k, value := range metadata {
diff --git a/backend/mailru/mailru.go b/backend/mailru/mailru.go
index 28fafe7021da9..b1cb6e775dfcc 100644
--- a/backend/mailru/mailru.go
+++ b/backend/mailru/mailru.go
@@ -85,10 +85,11 @@ func init() {
 		Name:        "mailru",
 		Description: "Mail.ru Cloud",
 		NewFs:       NewFs,
-		Options: []fs.Option{{
-			Name:     "user",
-			Help:     "User name (usually email).",
-			Required: true,
+		Options: append(oauthutil.SharedOptions, []fs.Option{{
+			Name:      "user",
+			Help:      "User name (usually email).",
+			Required:  true,
+			Sensitive: true,
 		}, {
 			Name: "pass",
 			Help: `Password.
@@ -213,7 +214,7 @@ Supported quirks: atomicmkdir binlist unknowndirs`,
 				encoder.EncodeWin | // :?"*<>|
 				encoder.EncodeBackSlash |
 				encoder.EncodeInvalidUtf8),
-		}},
+		}}...),
 	})
 }
 
diff --git a/backend/mega/mega.go b/backend/mega/mega.go
index d9a218eee302c..6f974b779da76 100644
--- a/backend/mega/mega.go
+++ b/backend/mega/mega.go
@@ -58,9 +58,10 @@ func init() {
 		Description: "Mega",
 		NewFs:       NewFs,
 		Options: []fs.Option{{
-			Name:     "user",
-			Help:     "User name.",
-			Required: true,
+			Name:      "user",
+			Help:      "User name.",
+			Required:  true,
+			Sensitive: true,
 		}, {
 			Name:       "pass",
 			Help:       "Password.",
@@ -90,7 +91,7 @@ permanently delete objects instead.`,
 MEGA uses plain text HTTP connections by default.
 Some ISPs throttle HTTP connections, this causes transfers to become very slow.
 Enabling this will force MEGA to use HTTPS for all transfers.
-HTTPS is normally not necesary since all data is already encrypted anyway.
+HTTPS is normally not necessary since all data is already encrypted anyway.
 Enabling it will increase CPU usage and add network overhead.`,
 			Default:  false,
 			Advanced: true,
@@ -205,7 +206,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	}
 	ci := fs.GetConfig(ctx)
 
-	// cache *mega.Mega on username so we can re-use and share
+	// cache *mega.Mega on username so we can reuse and share
 	// them between remotes.  They are expensive to make as they
 	// contain all the objects and sharing the objects makes the
 	// move code easier as we don't have to worry about mixing
diff --git a/backend/netstorage/netstorage.go b/backend/netstorage/netstorage.go
index 20a6401ab7d2a..d5a0e9c6bc0f5 100755
--- a/backend/netstorage/netstorage.go
+++ b/backend/netstorage/netstorage.go
@@ -65,11 +65,13 @@ HTTP is provided primarily for debugging purposes.`,
 			Help: `Domain+path of NetStorage host to connect to.
 
 Format should be ` + "`<domain>/<internal folders>`",
-			Required: true,
+			Required:  true,
+			Sensitive: true,
 		}, {
-			Name:     "account",
-			Help:     "Set the NetStorage account name",
-			Required: true,
+			Name:      "account",
+			Help:      "Set the NetStorage account name",
+			Required:  true,
+			Sensitive: true,
 		}, {
 			Name: "secret",
 			Help: `Set the NetStorage account secret/G2O key for authentication.
@@ -819,6 +821,8 @@ func (f *Fs) getAuth(req *http.Request) error {
 	// Set Authorization header
 	dataHeader := generateDataHeader(f)
 	path := req.URL.RequestURI()
+	//lint:ignore SA1008 false positive when running staticcheck, the header name is according to docs even if not canonical
+	//nolint:staticcheck // Don't include staticcheck when running golangci-lint to avoid SA1008
 	actionHeader := req.Header["X-Akamai-ACS-Action"][0]
 	fs.Debugf(nil, "NetStorage API %s call %s for path %q", req.Method, actionHeader, path)
 	req.Header.Set("X-Akamai-ACS-Auth-Data", dataHeader)
diff --git a/backend/onedrive/api/types.go b/backend/onedrive/api/types.go
index 469fd75021faf..c8e7a5fd110a6 100644
--- a/backend/onedrive/api/types.go
+++ b/backend/onedrive/api/types.go
@@ -99,6 +99,16 @@ type ItemReference struct {
 	DriveType string `json:"driveType"` // Type of the drive,	Read-Only
 }
 
+// GetID returns a normalized ID of the item
+// If DriveID is known it will be prefixed to the ID with # separator
+// Can be parsed using onedrive.parseNormalizedID(normalizedID)
+func (i *ItemReference) GetID() string {
+	if !strings.Contains(i.ID, "#") {
+		return i.DriveID + "#" + i.ID
+	}
+	return i.ID
+}
+
 // RemoteItemFacet groups data needed to reference a OneDrive remote item
 type RemoteItemFacet struct {
 	ID                   string               `json:"id"`                   // The unique identifier of the item within the remote Drive. Read-only.
@@ -185,8 +195,8 @@ type Item struct {
 	Deleted *DeletedFacet `json:"deleted"` // Information about the deleted state of the item. Read-only.
 }
 
-// ViewDeltaResponse is the response to the view delta method
-type ViewDeltaResponse struct {
+// DeltaResponse is the response to the view delta method
+type DeltaResponse struct {
 	Value      []Item `json:"value"`            // An array of Item objects which have been created, modified, or deleted.
 	NextLink   string `json:"@odata.nextLink"`  // A URL to retrieve the next available page of changes.
 	DeltaLink  string `json:"@odata.deltaLink"` // A URL returned instead of @odata.nextLink after all current changes have been returned. Used to read the next set of changes in the future.
@@ -438,3 +448,27 @@ type Version struct {
 type VersionsResponse struct {
 	Versions []Version `json:"value"`
 }
+
+// DriveResource is returned from /me/drive
+type DriveResource struct {
+	DriveID   string `json:"id"`
+	DriveName string `json:"name"`
+	DriveType string `json:"driveType"`
+}
+
+// DrivesResponse is returned from /sites/{siteID}/drives",
+type DrivesResponse struct {
+	Drives []DriveResource `json:"value"`
+}
+
+// SiteResource is part of the response from from "/sites/root:"
+type SiteResource struct {
+	SiteID   string `json:"id"`
+	SiteName string `json:"displayName"`
+	SiteURL  string `json:"webUrl"`
+}
+
+// SiteResponse is returned from "/sites/root:"
+type SiteResponse struct {
+	Sites []SiteResource `json:"value"`
+}
diff --git a/backend/onedrive/onedrive.go b/backend/onedrive/onedrive.go
index f0fe628f64c85..fbbdcac474cdd 100644
--- a/backend/onedrive/onedrive.go
+++ b/backend/onedrive/onedrive.go
@@ -131,10 +131,11 @@ Note that the chunks will be buffered into memory.`,
 			Default:  defaultChunkSize,
 			Advanced: true,
 		}, {
-			Name:     "drive_id",
-			Help:     "The ID of the drive to use.",
-			Default:  "",
-			Advanced: true,
+			Name:      "drive_id",
+			Help:      "The ID of the drive to use.",
+			Default:   "",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:     "drive_type",
 			Help:     "The type of the drive (" + driveTypePersonal + " | " + driveTypeBusiness + " | " + driveTypeSharepoint + ").",
@@ -148,7 +149,8 @@ This isn't normally needed, but in special circumstances you might
 know the folder ID that you wish to access but not be able to get
 there through a path traversal.
 `,
-			Advanced: true,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "access_scopes",
 			Help: `Set scopes to be requested by rclone.
@@ -196,7 +198,9 @@ listing, set this option.`,
 		}, {
 			Name:    "server_side_across_configs",
 			Default: false,
-			Help: `Allow server-side operations (e.g. copy) to work across different onedrive configs.
+			Help: `Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different onedrive configs.
 
 This will only work if you are copying between two OneDrive *Personal* drives AND
 the files to copy are already shared between them.  In other cases, rclone will
@@ -258,14 +262,15 @@ this flag there.
 
 At the time of writing this only works with OneDrive personal paid accounts.
 `,
-			Advanced: true,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:    "hash_type",
 			Default: "auto",
 			Help: `Specify the hash in use for the backend.
 
 This specifies the hash type in use. If set to "auto" it will use the
-default hash which is is QuickXorHash.
+default hash which is QuickXorHash.
 
 Before rclone 1.62 an SHA1 hash was used by default for Onedrive
 Personal. For 1.62 and later the default is to use a QuickXorHash for
@@ -301,6 +306,55 @@ rclone.
 				Help:  "None - don't use any hashes",
 			}},
 			Advanced: true,
+		}, {
+			Name:    "av_override",
+			Default: false,
+			Help: `Allows download of files the server thinks has a virus.
+
+The onedrive/sharepoint server may check files uploaded with an Anti
+Virus checker. If it detects any potential viruses or malware it will
+block download of the file.
+
+In this case you will see a message like this
+
+    server reports this file is infected with a virus - use --onedrive-av-override to download anyway: Infected (name of virus): 403 Forbidden: 
+
+If you are 100% sure you want to download this file anyway then use
+the --onedrive-av-override flag, or av_override = true in the config
+file.
+`,
+			Advanced: true,
+		}, {
+			Name:    "delta",
+			Default: false,
+			Help: strings.ReplaceAll(`If set rclone will use delta listing to implement recursive listings.
+
+If this flag is set the the onedrive backend will advertise |ListR|
+support for recursive listings.
+
+Setting this flag speeds up these things greatly:
+
+    rclone lsf -R onedrive:
+    rclone size onedrive:
+    rclone rc vfs/refresh recursive=true
+
+**However** the delta listing API **only** works at the root of the
+drive. If you use it not at the root then it recurses from the root
+and discards all the data that is not under the directory you asked
+for. So it will be correct but may not be very efficient.
+
+This is why this flag is not set as the default.
+
+As a rule of thumb if nearly all of your data is under rclone's root
+directory (the |root/directory| in |onedrive:root/directory|) then
+using this flag will be be a big performance win. If your data is
+mostly not under the root then using this flag will be a big
+performance loss.
+
+It is recommended if you are mounting your onedrive at the root
+(or near the root when using crypt) and using rclone |rc vfs/refresh|.
+`, "|", "`"),
+			Advanced: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -348,28 +402,6 @@ rclone.
 	})
 }
 
-type driveResource struct {
-	DriveID   string `json:"id"`
-	DriveName string `json:"name"`
-	DriveType string `json:"driveType"`
-}
-type drivesResponse struct {
-	Drives []driveResource `json:"value"`
-}
-
-type siteResource struct {
-	SiteID   string `json:"id"`
-	SiteName string `json:"displayName"`
-	SiteURL  string `json:"webUrl"`
-}
-type siteResponse struct {
-	Sites []siteResource `json:"value"`
-}
-type deltaResponse struct {
-	DeltaLink string     `json:"@odata.deltaLink"`
-	Value     []api.Item `json:"value"`
-}
-
 // Get the region and graphURL from the config
 func getRegionURL(m configmap.Mapper) (region, graphURL string) {
 	region, _ = m.Get("region")
@@ -396,7 +428,7 @@ func chooseDrive(ctx context.Context, name string, m configmap.Mapper, srv *rest
 			RootURL: graphURL,
 			Path:    "/sites/root:" + opt.relativePath,
 		}
-		site := siteResource{}
+		site := api.SiteResource{}
 		_, err := srv.CallJSON(ctx, &opt.opts, nil, &site)
 		if err != nil {
 			return fs.ConfigError("choose_type", fmt.Sprintf("Failed to query available site by relative path: %v", err))
@@ -413,7 +445,7 @@ func chooseDrive(ctx context.Context, name string, m configmap.Mapper, srv *rest
 		}
 	}
 
-	drives := drivesResponse{}
+	drives := api.DrivesResponse{}
 
 	// We don't have the final ID yet?
 	// query Microsoft Graph
@@ -426,7 +458,7 @@ func chooseDrive(ctx context.Context, name string, m configmap.Mapper, srv *rest
 		// Also call /me/drive as sometimes /me/drives doesn't return it #4068
 		if opt.opts.Path == "/me/drives" {
 			opt.opts.Path = "/me/drive"
-			meDrive := driveResource{}
+			meDrive := api.DriveResource{}
 			_, err := srv.CallJSON(ctx, &opt.opts, nil, &meDrive)
 			if err != nil {
 				return fs.ConfigError("choose_type", fmt.Sprintf("Failed to query available drives: %v", err))
@@ -445,7 +477,7 @@ func chooseDrive(ctx context.Context, name string, m configmap.Mapper, srv *rest
 			}
 		}
 	} else {
-		drives.Drives = append(drives.Drives, driveResource{
+		drives.Drives = append(drives.Drives, api.DriveResource{
 			DriveID:   opt.finalDriveID,
 			DriveName: "Chosen Drive ID",
 			DriveType: "drive",
@@ -549,15 +581,18 @@ func Config(ctx context.Context, name string, m configmap.Mapper, config fs.Conf
 	case "url":
 		return fs.ConfigInput("url_end", "config_site_url", `Site URL
 
-Example: "https://contoso.sharepoint.com/sites/mysite" or "mysite"
+Examples:
+- "mysite"
+- "https://XXX.sharepoint.com/sites/mysite"
+- "https://XXX.sharepoint.com/teams/ID"
 `)
 	case "url_end":
 		siteURL := config.Result
-		re := regexp.MustCompile(`https://.*\.sharepoint\.com/sites/(.*)`)
+		re := regexp.MustCompile(`https://.*\.sharepoint\.com(/.*)`)
 		match := re.FindStringSubmatch(siteURL)
 		if len(match) == 2 {
 			return chooseDrive(ctx, name, m, srv, chooseDriveOpt{
-				relativePath: "/sites/" + match[1],
+				relativePath: match[1],
 			})
 		}
 		return chooseDrive(ctx, name, m, srv, chooseDriveOpt{
@@ -579,7 +614,7 @@ Example: "https://contoso.sharepoint.com/sites/mysite" or "mysite"
 			Path:    "/sites?search=" + searchTerm,
 		}
 
-		sites := siteResponse{}
+		sites := api.SiteResponse{}
 		_, err := srv.CallJSON(ctx, &opts, nil, &sites)
 		if err != nil {
 			return fs.ConfigError("choose_type", fmt.Sprintf("Failed to query available sites: %v", err))
@@ -640,6 +675,8 @@ type Options struct {
 	LinkType                string               `config:"link_type"`
 	LinkPassword            string               `config:"link_password"`
 	HashType                string               `config:"hash_type"`
+	AVOverride              bool                 `config:"av_override"`
+	Delta                   bool                 `config:"delta"`
 	Enc                     encoder.MultiEncoder `config:"encoding"`
 }
 
@@ -971,6 +1008,11 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 
 	f.dirCache = dircache.New(root, rootID, f)
 
+	// ListR only supported if delta set
+	if !f.opt.Delta {
+		f.features.ListR = nil
+	}
+
 	// Find the current root
 	err = f.dirCache.FindRoot(ctx, false)
 	if err != nil {
@@ -1090,32 +1132,29 @@ func (f *Fs) CreateDir(ctx context.Context, dirID, leaf string) (newID string, e
 // If directories is set it only sends directories
 // User function to process a File item from listAll
 //
-// Should return true to finish processing
-type listAllFn func(*api.Item) bool
+// If an error is returned then processing stops
+type listAllFn func(*api.Item) error
 
 // Lists the directory required calling the user function on each item found
 //
 // If the user fn ever returns true then it early exits with found = true
-func (f *Fs) listAll(ctx context.Context, dirID string, directoriesOnly bool, filesOnly bool, fn listAllFn) (found bool, err error) {
-	// Top parameter asks for bigger pages of data
-	// https://dev.onedrive.com/odata/optional-query-parameters.htm
-	opts := f.newOptsCall(dirID, "GET", fmt.Sprintf("/children?$top=%d", f.opt.ListChunk))
-OUTER:
+//
+// This listing function works on both normal listings and delta listings
+func (f *Fs) _listAll(ctx context.Context, dirID string, directoriesOnly bool, filesOnly bool, fn listAllFn, opts *rest.Opts, result any, pValue *[]api.Item, pNextLink *string) (err error) {
 	for {
-		var result api.ListChildrenResponse
 		var resp *http.Response
 		err = f.pacer.Call(func() (bool, error) {
-			resp, err = f.srv.CallJSON(ctx, &opts, nil, &result)
+			resp, err = f.srv.CallJSON(ctx, opts, nil, result)
 			return shouldRetry(ctx, resp, err)
 		})
 		if err != nil {
-			return found, fmt.Errorf("couldn't list files: %w", err)
+			return fmt.Errorf("couldn't list files: %w", err)
 		}
-		if len(result.Value) == 0 {
+		if len(*pValue) == 0 {
 			break
 		}
-		for i := range result.Value {
-			item := &result.Value[i]
+		for i := range *pValue {
+			item := &(*pValue)[i]
 			isFolder := item.GetFolder() != nil
 			if isFolder {
 				if filesOnly {
@@ -1130,18 +1169,60 @@ OUTER:
 				continue
 			}
 			item.Name = f.opt.Enc.ToStandardName(item.GetName())
-			if fn(item) {
-				found = true
-				break OUTER
+			err = fn(item)
+			if err != nil {
+				return err
 			}
 		}
-		if result.NextLink == "" {
+		if *pNextLink == "" {
 			break
 		}
 		opts.Path = ""
-		opts.RootURL = result.NextLink
+		opts.Parameters = nil
+		opts.RootURL = *pNextLink
+		// reset results
+		*pNextLink = ""
+		*pValue = nil
 	}
-	return
+	return nil
+}
+
+// Lists the directory required calling the user function on each item found
+//
+// If the user fn ever returns true then it early exits with found = true
+func (f *Fs) listAll(ctx context.Context, dirID string, directoriesOnly bool, filesOnly bool, fn listAllFn) (err error) {
+	// Top parameter asks for bigger pages of data
+	// https://dev.onedrive.com/odata/optional-query-parameters.htm
+	opts := f.newOptsCall(dirID, "GET", fmt.Sprintf("/children?$top=%d", f.opt.ListChunk))
+	var result api.ListChildrenResponse
+	return f._listAll(ctx, dirID, directoriesOnly, filesOnly, fn, &opts, &result, &result.Value, &result.NextLink)
+}
+
+// Convert a list item into a DirEntry
+//
+// Can return nil for an item which should be skipped
+func (f *Fs) itemToDirEntry(ctx context.Context, dir string, info *api.Item) (entry fs.DirEntry, err error) {
+	if !f.opt.ExposeOneNoteFiles && info.GetPackageType() == api.PackageTypeOneNote {
+		fs.Debugf(info.Name, "OneNote file not shown in directory listing")
+		return nil, nil
+	}
+	remote := path.Join(dir, info.GetName())
+	folder := info.GetFolder()
+	if folder != nil {
+		// cache the directory ID for later lookups
+		id := info.GetID()
+		f.dirCache.Put(remote, id)
+		d := fs.NewDir(remote, time.Time(info.GetLastModifiedDateTime())).SetID(id)
+		d.SetItems(folder.ChildCount)
+		entry = d
+	} else {
+		o, err := f.newObjectWithInfo(ctx, remote, info)
+		if err != nil {
+			return nil, err
+		}
+		entry = o
+	}
+	return entry, nil
 }
 
 // List the objects and directories in dir into entries.  The
@@ -1158,41 +1239,137 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 	if err != nil {
 		return nil, err
 	}
-	var iErr error
-	_, err = f.listAll(ctx, directoryID, false, false, func(info *api.Item) bool {
-		if !f.opt.ExposeOneNoteFiles && info.GetPackageType() == api.PackageTypeOneNote {
-			fs.Debugf(info.Name, "OneNote file not shown in directory listing")
-			return false
-		}
-
-		remote := path.Join(dir, info.GetName())
-		folder := info.GetFolder()
-		if folder != nil {
-			// cache the directory ID for later lookups
-			id := info.GetID()
-			f.dirCache.Put(remote, id)
-			d := fs.NewDir(remote, time.Time(info.GetLastModifiedDateTime())).SetID(id)
-			d.SetItems(folder.ChildCount)
-			entries = append(entries, d)
-		} else {
-			o, err := f.newObjectWithInfo(ctx, remote, info)
-			if err != nil {
-				iErr = err
-				return true
-			}
-			entries = append(entries, o)
+	err = f.listAll(ctx, directoryID, false, false, func(info *api.Item) error {
+		entry, err := f.itemToDirEntry(ctx, dir, info)
+		if err == nil {
+			entries = append(entries, entry)
 		}
-		return false
+		return err
 	})
 	if err != nil {
 		return nil, err
 	}
-	if iErr != nil {
-		return nil, iErr
-	}
 	return entries, nil
 }
 
+// ListR lists the objects and directories of the Fs starting
+// from dir recursively into out.
+//
+// dir should be "" to start from the root, and should not
+// have trailing slashes.
+//
+// This should return ErrDirNotFound if the directory isn't
+// found.
+//
+// It should call callback for each tranche of entries read.
+// These need not be returned in any particular order.  If
+// callback returns an error then the listing will stop
+// immediately.
+//
+// Don't implement this unless you have a more efficient way
+// of listing recursively than doing a directory traversal.
+func (f *Fs) ListR(ctx context.Context, dir string, callback fs.ListRCallback) (err error) {
+	// Make sure this ID is in the directory cache
+	directoryID, err := f.dirCache.FindDir(ctx, dir, false)
+	if err != nil {
+		return err
+	}
+
+	// ListR only works at the root of a onedrive, not on a folder
+	// So we have to filter things outside of the root which is
+	// inefficient.
+
+	list := walk.NewListRHelper(callback)
+
+	// list a folder conventionally - used for shared folders
+	var listFolder func(dir string) error
+	listFolder = func(dir string) error {
+		entries, err := f.List(ctx, dir)
+		if err != nil {
+			return err
+		}
+		for _, entry := range entries {
+			err = list.Add(entry)
+			if err != nil {
+				return err
+			}
+			if _, isDir := entry.(fs.Directory); isDir {
+				err = listFolder(entry.Remote())
+				if err != nil {
+					return err
+				}
+			}
+		}
+		return nil
+	}
+
+	// This code relies on the fact that directories are sent before their children. This isn't
+	// mentioned in the docs though, so maybe it shouldn't be relied on.
+	seen := map[string]struct{}{}
+	fn := func(info *api.Item) error {
+		var parentPath string
+		var ok bool
+		id := info.GetID()
+		// The API can produce duplicates, so skip them
+		if _, found := seen[id]; found {
+			return nil
+		}
+		seen[id] = struct{}{}
+		// Skip the root directory
+		if id == directoryID {
+			return nil
+		}
+		// Skip deleted items
+		if info.Deleted != nil {
+			return nil
+		}
+		dirID := info.GetParentReference().GetID()
+		// Skip files that don't have their parent directory
+		// cached as they are outside the root.
+		parentPath, ok = f.dirCache.GetInv(dirID)
+		if !ok {
+			return nil
+		}
+		// Skip files not under the root directory
+		remote := path.Join(parentPath, info.GetName())
+		if dir != "" && !strings.HasPrefix(remote, dir+"/") {
+			return nil
+		}
+		entry, err := f.itemToDirEntry(ctx, parentPath, info)
+		if err != nil {
+			return err
+		}
+		err = list.Add(entry)
+		if err != nil {
+			return err
+		}
+		// If this is a shared folder, we'll need list it too
+		if info.RemoteItem != nil && info.RemoteItem.Folder != nil {
+			fs.Debugf(remote, "Listing shared directory")
+			return listFolder(remote)
+		}
+		return nil
+	}
+
+	opts := rest.Opts{
+		Method: "GET",
+		Path:   "/root/delta",
+		Parameters: map[string][]string{
+			// "token": {token},
+			"$top": {fmt.Sprintf("%d", f.opt.ListChunk)},
+		},
+	}
+
+	var result api.DeltaResponse
+	err = f._listAll(ctx, "", false, false, fn, &opts, &result, &result.Value, &result.NextLink)
+	if err != nil {
+		return err
+	}
+
+	return list.Flush()
+
+}
+
 // Creates from the parameters passed in a half finished Object which
 // must have setMetaData called on it
 //
@@ -1261,15 +1438,12 @@ func (f *Fs) purgeCheck(ctx context.Context, dir string, check bool) error {
 	}
 	if check {
 		// check to see if there are any items
-		found, err := f.listAll(ctx, rootID, false, false, func(item *api.Item) bool {
-			return true
+		err := f.listAll(ctx, rootID, false, false, func(item *api.Item) error {
+			return fs.ErrorDirectoryNotEmpty
 		})
 		if err != nil {
 			return err
 		}
-		if found {
-			return fs.ErrorDirectoryNotEmpty
-		}
 	}
 	err = f.deleteObject(ctx, rootID)
 	if err != nil {
@@ -1724,6 +1898,10 @@ func (f *Fs) CleanUp(ctx context.Context) error {
 	token := make(chan struct{}, f.ci.Checkers)
 	var wg sync.WaitGroup
 	err := walk.Walk(ctx, f, "", true, -1, func(path string, entries fs.DirEntries, err error) error {
+		if err != nil {
+			fs.Errorf(f, "Failed to list %q: %v", path, err)
+			return nil
+		}
 		err = entries.ForObjectError(func(obj fs.Object) error {
 			o, ok := obj.(*Object)
 			if !ok {
@@ -1962,12 +2140,20 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 	var resp *http.Response
 	opts := o.fs.newOptsCall(o.id, "GET", "/content")
 	opts.Options = options
+	if o.fs.opt.AVOverride {
+		opts.Parameters = url.Values{"AVOverride": {"1"}}
+	}
 
 	err = o.fs.pacer.Call(func() (bool, error) {
 		resp, err = o.fs.srv.Call(ctx, &opts)
 		return shouldRetry(ctx, resp, err)
 	})
 	if err != nil {
+		if resp != nil {
+			if virus := resp.Header.Get("X-Virus-Infected"); virus != "" {
+				err = fmt.Errorf("server reports this file is infected with a virus - use --onedrive-av-override to download anyway: %s: %w", virus, err)
+			}
+		}
 		return nil, err
 	}
 
@@ -2442,7 +2628,7 @@ func (f *Fs) changeNotifyStartPageToken(ctx context.Context) (nextDeltaToken str
 	return
 }
 
-func (f *Fs) changeNotifyNextChange(ctx context.Context, token string) (delta deltaResponse, err error) {
+func (f *Fs) changeNotifyNextChange(ctx context.Context, token string) (delta api.DeltaResponse, err error) {
 	opts := f.buildDriveDeltaOpts(token)
 
 	_, err = f.srv.CallJSON(ctx, &opts, nil, &delta)
@@ -2561,6 +2747,7 @@ var (
 	_ fs.Abouter         = (*Fs)(nil)
 	_ fs.PublicLinker    = (*Fs)(nil)
 	_ fs.CleanUpper      = (*Fs)(nil)
+	_ fs.ListRer         = (*Fs)(nil)
 	_ fs.Object          = (*Object)(nil)
 	_ fs.MimeTyper       = &Object{}
 	_ fs.IDer            = &Object{}
diff --git a/backend/onedrive/quickxorhash/quickxorhash.go b/backend/onedrive/quickxorhash/quickxorhash.go
index 242d704f1635d..a8fa3d7f047b8 100644
--- a/backend/onedrive/quickxorhash/quickxorhash.go
+++ b/backend/onedrive/quickxorhash/quickxorhash.go
@@ -61,7 +61,7 @@ func New() hash.Hash {
 func (q *quickXorHash) Write(p []byte) (n int, err error) {
 	var i int
 	// fill last remain
-	lastRemain := int(q.size) % dataSize
+	lastRemain := q.size % dataSize
 	if lastRemain != 0 {
 		i += xorBytes(q.data[lastRemain:], p)
 	}
diff --git a/backend/opendrive/opendrive.go b/backend/opendrive/opendrive.go
index 037372e1357ed..0b0ee2e9d85d0 100644
--- a/backend/opendrive/opendrive.go
+++ b/backend/opendrive/opendrive.go
@@ -42,9 +42,10 @@ func init() {
 		Description: "OpenDrive",
 		NewFs:       NewFs,
 		Options: []fs.Option{{
-			Name:     "username",
-			Help:     "Username.",
-			Required: true,
+			Name:      "username",
+			Help:      "Username.",
+			Required:  true,
+			Sensitive: true,
 		}, {
 			Name:       "password",
 			Help:       "Password.",
@@ -766,6 +767,17 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 		return f.shouldRetry(ctx, resp, err)
 	})
 	if err != nil {
+		if apiError, ok := err.(*Error); ok {
+			// Work around a bug maybe in opendrive or maybe in rclone.
+			//
+			// We should know whether the folder exists or not by the call to
+			// FindDir above so exactly why it is not found here is a mystery.
+			//
+			// This manifests as a failure in fs/sync TestSyncOverlapWithFilter
+			if apiError.Info.Message == "Folder is already deleted" {
+				return fs.DirEntries{}, nil
+			}
+		}
 		return nil, fmt.Errorf("failed to get folder list: %w", err)
 	}
 
diff --git a/backend/oracleobjectstorage/byok.go b/backend/oracleobjectstorage/byok.go
index 099476a7d4561..450705d1d8097 100644
--- a/backend/oracleobjectstorage/byok.go
+++ b/backend/oracleobjectstorage/byok.go
@@ -13,7 +13,6 @@ import (
 
 	"github.com/oracle/oci-go-sdk/v65/common"
 	"github.com/oracle/oci-go-sdk/v65/objectstorage"
-	"github.com/oracle/oci-go-sdk/v65/objectstorage/transfer"
 )
 
 const (
@@ -128,18 +127,3 @@ func useBYOKCopyObject(fs *Fs, request *objectstorage.CopyObjectRequest) {
 		request.OpcSseCustomerKeySha256 = common.String(fs.opt.SSECustomerKeySha256)
 	}
 }
-
-func useBYOKUpload(fs *Fs, request *transfer.UploadRequest) {
-	if fs.opt.SSEKMSKeyID != "" {
-		request.OpcSseKmsKeyId = common.String(fs.opt.SSEKMSKeyID)
-	}
-	if fs.opt.SSECustomerAlgorithm != "" {
-		request.OpcSseCustomerAlgorithm = common.String(fs.opt.SSECustomerAlgorithm)
-	}
-	if fs.opt.SSECustomerKey != "" {
-		request.OpcSseCustomerKey = common.String(fs.opt.SSECustomerKey)
-	}
-	if fs.opt.SSECustomerKeySha256 != "" {
-		request.OpcSseCustomerKeySha256 = common.String(fs.opt.SSECustomerKeySha256)
-	}
-}
diff --git a/backend/oracleobjectstorage/command.go b/backend/oracleobjectstorage/command.go
index 5297309715a88..4be61e3e5f9a6 100644
--- a/backend/oracleobjectstorage/command.go
+++ b/backend/oracleobjectstorage/command.go
@@ -6,6 +6,7 @@ package oracleobjectstorage
 import (
 	"context"
 	"fmt"
+	"sort"
 	"strings"
 	"time"
 
@@ -196,6 +197,32 @@ func (f *Fs) listMultipartUploadsAll(ctx context.Context) (uploadsMap map[string
 // for "dir" and it returns "dirKey"
 func (f *Fs) listMultipartUploads(ctx context.Context, bucketName, directory string) (
 	uploads []*objectstorage.MultipartUpload, err error) {
+	return f.listMultipartUploadsObject(ctx, bucketName, directory, false)
+}
+
+// listMultipartUploads finds first outstanding multipart uploads for (bucket, key)
+//
+// Note that rather lazily we treat key as a prefix, so it matches
+// directories and objects. This could surprise the user if they ask
+// for "dir" and it returns "dirKey"
+func (f *Fs) findLatestMultipartUpload(ctx context.Context, bucketName, directory string) (
+	uploads []*objectstorage.MultipartUpload, err error) {
+	pastUploads, err := f.listMultipartUploadsObject(ctx, bucketName, directory, true)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(pastUploads) > 0 {
+		sort.Slice(pastUploads, func(i, j int) bool {
+			return pastUploads[i].TimeCreated.After(pastUploads[j].TimeCreated.Time)
+		})
+		return pastUploads[:1], nil
+	}
+	return nil, err
+}
+
+func (f *Fs) listMultipartUploadsObject(ctx context.Context, bucketName, directory string, exact bool) (
+	uploads []*objectstorage.MultipartUpload, err error) {
 
 	uploads = []*objectstorage.MultipartUpload{}
 	req := objectstorage.ListMultipartUploadsRequest{
@@ -217,7 +244,13 @@ func (f *Fs) listMultipartUploads(ctx context.Context, bucketName, directory str
 			if directory != "" && item.Object != nil && !strings.HasPrefix(*item.Object, directory) {
 				continue
 			}
-			uploads = append(uploads, &response.Items[index])
+			if exact {
+				if *item.Object == directory {
+					uploads = append(uploads, &response.Items[index])
+				}
+			} else {
+				uploads = append(uploads, &response.Items[index])
+			}
 		}
 		if response.OpcNextPage == nil {
 			break
@@ -226,3 +259,34 @@ func (f *Fs) listMultipartUploads(ctx context.Context, bucketName, directory str
 	}
 	return uploads, nil
 }
+
+func (f *Fs) listMultipartUploadParts(ctx context.Context, bucketName, bucketPath string, uploadID string) (
+	uploadedParts map[int]objectstorage.MultipartUploadPartSummary, err error) {
+	uploadedParts = make(map[int]objectstorage.MultipartUploadPartSummary)
+	req := objectstorage.ListMultipartUploadPartsRequest{
+		NamespaceName: common.String(f.opt.Namespace),
+		BucketName:    common.String(bucketName),
+		ObjectName:    common.String(bucketPath),
+		UploadId:      common.String(uploadID),
+		Limit:         common.Int(1000),
+	}
+
+	var response objectstorage.ListMultipartUploadPartsResponse
+	for {
+		err = f.pacer.Call(func() (bool, error) {
+			response, err = f.srv.ListMultipartUploadParts(ctx, req)
+			return shouldRetry(ctx, response.HTTPResponse(), err)
+		})
+		if err != nil {
+			return uploadedParts, err
+		}
+		for _, item := range response.Items {
+			uploadedParts[*item.PartNumber] = item
+		}
+		if response.OpcNextPage == nil {
+			break
+		}
+		req.Page = response.OpcNextPage
+	}
+	return uploadedParts, nil
+}
diff --git a/backend/oracleobjectstorage/multipart.go b/backend/oracleobjectstorage/multipart.go
new file mode 100644
index 0000000000000..d57a9092a68bc
--- /dev/null
+++ b/backend/oracleobjectstorage/multipart.go
@@ -0,0 +1,441 @@
+//go:build !plan9 && !solaris && !js
+// +build !plan9,!solaris,!js
+
+package oracleobjectstorage
+
+import (
+	"context"
+	"crypto/md5"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/ncw/swift/v2"
+	"github.com/rclone/rclone/lib/multipart"
+	"github.com/rclone/rclone/lib/pool"
+	"golang.org/x/net/http/httpguts"
+
+	"github.com/oracle/oci-go-sdk/v65/common"
+	"github.com/oracle/oci-go-sdk/v65/objectstorage"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/chunksize"
+	"github.com/rclone/rclone/fs/hash"
+)
+
+var warnStreamUpload sync.Once
+
+// Info needed for an upload
+type uploadInfo struct {
+	req       *objectstorage.PutObjectRequest
+	md5sumHex string
+}
+
+type objectChunkWriter struct {
+	chunkSize       int64
+	size            int64
+	f               *Fs
+	bucket          *string
+	key             *string
+	uploadID        *string
+	partsToCommit   []objectstorage.CommitMultipartUploadPartDetails
+	partsToCommitMu sync.Mutex
+	existingParts   map[int]objectstorage.MultipartUploadPartSummary
+	eTag            string
+	md5sMu          sync.Mutex
+	md5s            []byte
+	ui              uploadInfo
+	o               *Object
+}
+
+func (o *Object) uploadMultipart(ctx context.Context, src fs.ObjectInfo, in io.Reader, options ...fs.OpenOption) error {
+	_, err := multipart.UploadMultipart(ctx, src, in, multipart.UploadMultipartOptions{
+		Open:        o.fs,
+		OpenOptions: options,
+	})
+	return err
+}
+
+// OpenChunkWriter returns the chunk size and a ChunkWriter
+//
+// Pass in the remote and the src object
+// You can also use options to hint at the desired chunk size
+func (f *Fs) OpenChunkWriter(
+	ctx context.Context,
+	remote string,
+	src fs.ObjectInfo,
+	options ...fs.OpenOption) (info fs.ChunkWriterInfo, writer fs.ChunkWriter, err error) {
+	// Temporary Object under construction
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+	ui, err := o.prepareUpload(ctx, src, options)
+	if err != nil {
+		return info, nil, fmt.Errorf("failed to prepare upload: %w", err)
+	}
+
+	uploadParts := f.opt.MaxUploadParts
+	if uploadParts < 1 {
+		uploadParts = 1
+	} else if uploadParts > maxUploadParts {
+		uploadParts = maxUploadParts
+	}
+	size := src.Size()
+
+	// calculate size of parts
+	chunkSize := f.opt.ChunkSize
+
+	// size can be -1 here meaning we don't know the size of the incoming file. We use ChunkSize
+	// buffers here (default 5 MiB). With a maximum number of parts (10,000) this will be a file of
+	// 48 GiB which seems like a not too unreasonable limit.
+	if size == -1 {
+		warnStreamUpload.Do(func() {
+			fs.Logf(f, "Streaming uploads using chunk size %v will have maximum file size of %v",
+				f.opt.ChunkSize, fs.SizeSuffix(int64(chunkSize)*int64(uploadParts)))
+		})
+	} else {
+		chunkSize = chunksize.Calculator(src, size, uploadParts, chunkSize)
+	}
+
+	uploadID, existingParts, err := o.createMultipartUpload(ctx, ui.req)
+	if err != nil {
+		return info, nil, fmt.Errorf("create multipart upload request failed: %w", err)
+	}
+	bucketName, bucketPath := o.split()
+	chunkWriter := &objectChunkWriter{
+		chunkSize:     int64(chunkSize),
+		size:          size,
+		f:             f,
+		bucket:        &bucketName,
+		key:           &bucketPath,
+		uploadID:      &uploadID,
+		existingParts: existingParts,
+		ui:            ui,
+		o:             o,
+	}
+	info = fs.ChunkWriterInfo{
+		ChunkSize:         int64(chunkSize),
+		Concurrency:       o.fs.opt.UploadConcurrency,
+		LeavePartsOnError: o.fs.opt.LeavePartsOnError,
+	}
+	fs.Debugf(o, "open chunk writer: started multipart upload: %v", uploadID)
+	return info, chunkWriter, err
+}
+
+// WriteChunk will write chunk number with reader bytes, where chunk number >= 0
+func (w *objectChunkWriter) WriteChunk(ctx context.Context, chunkNumber int, reader io.ReadSeeker) (bytesWritten int64, err error) {
+	if chunkNumber < 0 {
+		err := fmt.Errorf("invalid chunk number provided: %v", chunkNumber)
+		return -1, err
+	}
+	// Only account after the checksum reads have been done
+	if do, ok := reader.(pool.DelayAccountinger); ok {
+		// To figure out this number, do a transfer and if the accounted size is 0 or a
+		// multiple of what it should be, increase or decrease this number.
+		do.DelayAccounting(2)
+	}
+	m := md5.New()
+	currentChunkSize, err := io.Copy(m, reader)
+	if err != nil {
+		return -1, err
+	}
+	// If no data read, don't write the chunk
+	if currentChunkSize == 0 {
+		return 0, nil
+	}
+	md5sumBinary := m.Sum([]byte{})
+	w.addMd5(&md5sumBinary, int64(chunkNumber))
+	md5sum := base64.StdEncoding.EncodeToString(md5sumBinary[:])
+
+	// Object storage requires 1 <= PartNumber <= 10000
+	ossPartNumber := chunkNumber + 1
+	if existing, ok := w.existingParts[ossPartNumber]; ok {
+		if md5sum == *existing.Md5 {
+			fs.Debugf(w.o, "matched uploaded part found, part num %d, skipping part, md5=%v", *existing.PartNumber, md5sum)
+			w.addCompletedPart(existing.PartNumber, existing.Etag)
+			return currentChunkSize, nil
+		}
+	}
+	req := objectstorage.UploadPartRequest{
+		NamespaceName: common.String(w.f.opt.Namespace),
+		BucketName:    w.bucket,
+		ObjectName:    w.key,
+		UploadId:      w.uploadID,
+		UploadPartNum: common.Int(ossPartNumber),
+		ContentLength: common.Int64(currentChunkSize),
+		ContentMD5:    common.String(md5sum),
+	}
+	w.o.applyPartUploadOptions(w.ui.req, &req)
+	var resp objectstorage.UploadPartResponse
+	err = w.f.pacer.Call(func() (bool, error) {
+		// req.UploadPartBody = io.NopCloser(bytes.NewReader(buf))
+		// rewind the reader on retry and after reading md5
+		_, err = reader.Seek(0, io.SeekStart)
+		if err != nil {
+			return false, err
+		}
+		req.UploadPartBody = io.NopCloser(reader)
+		resp, err = w.f.srv.UploadPart(ctx, req)
+		if err != nil {
+			if ossPartNumber <= 8 {
+				return shouldRetry(ctx, resp.HTTPResponse(), err)
+			}
+			// retry all chunks once have done the first few
+			return true, err
+		}
+		return false, err
+	})
+	if err != nil {
+		fs.Errorf(w.o, "multipart upload failed to upload part:%d err: %v", ossPartNumber, err)
+		return -1, fmt.Errorf("multipart upload failed to upload part: %w", err)
+	}
+	w.addCompletedPart(&ossPartNumber, resp.ETag)
+	return currentChunkSize, err
+
+}
+
+// add a part number and etag to the completed parts
+func (w *objectChunkWriter) addCompletedPart(partNum *int, eTag *string) {
+	w.partsToCommitMu.Lock()
+	defer w.partsToCommitMu.Unlock()
+	w.partsToCommit = append(w.partsToCommit, objectstorage.CommitMultipartUploadPartDetails{
+		PartNum: partNum,
+		Etag:    eTag,
+	})
+}
+
+func (w *objectChunkWriter) Close(ctx context.Context) (err error) {
+	req := objectstorage.CommitMultipartUploadRequest{
+		NamespaceName: common.String(w.f.opt.Namespace),
+		BucketName:    w.bucket,
+		ObjectName:    w.key,
+		UploadId:      w.uploadID,
+	}
+	req.PartsToCommit = w.partsToCommit
+	var resp objectstorage.CommitMultipartUploadResponse
+	err = w.f.pacer.Call(func() (bool, error) {
+		resp, err = w.f.srv.CommitMultipartUpload(ctx, req)
+		// if multipart is corrupted, we will abort the uploadId
+		if isMultiPartUploadCorrupted(err) {
+			fs.Debugf(w.o, "multipart uploadId %v is corrupted, aborting...", *w.uploadID)
+			_ = w.Abort(ctx)
+			return false, err
+		}
+		return shouldRetry(ctx, resp.HTTPResponse(), err)
+	})
+	if err != nil {
+		return err
+	}
+	w.eTag = *resp.ETag
+	hashOfHashes := md5.Sum(w.md5s)
+	wantMultipartMd5 := fmt.Sprintf("%s-%d", base64.StdEncoding.EncodeToString(hashOfHashes[:]), len(w.partsToCommit))
+	gotMultipartMd5 := *resp.OpcMultipartMd5
+	if wantMultipartMd5 != gotMultipartMd5 {
+		fs.Errorf(w.o, "multipart upload corrupted: multipart md5 differ: expecting %s but got %s", wantMultipartMd5, gotMultipartMd5)
+		return fmt.Errorf("multipart upload corrupted: md5 differ: expecting %s but got %s", wantMultipartMd5, gotMultipartMd5)
+	}
+	fs.Debugf(w.o, "multipart upload %v md5 matched: expecting %s and got %s", *w.uploadID, wantMultipartMd5, gotMultipartMd5)
+	return nil
+}
+
+func isMultiPartUploadCorrupted(err error) bool {
+	if err == nil {
+		return false
+	}
+	// Check if this oci-err object, and if it is multipart commit error
+	if ociError, ok := err.(common.ServiceError); ok {
+		// If it is a timeout then we want to retry that
+		if ociError.GetCode() == "InvalidUploadPart" {
+			return true
+		}
+	}
+	return false
+}
+
+func (w *objectChunkWriter) Abort(ctx context.Context) error {
+	fs.Debugf(w.o, "Cancelling multipart upload")
+	err := w.o.fs.abortMultiPartUpload(
+		ctx,
+		w.bucket,
+		w.key,
+		w.uploadID)
+	if err != nil {
+		fs.Debugf(w.o, "Failed to cancel multipart upload: %v", err)
+	} else {
+		fs.Debugf(w.o, "canceled and aborted multipart upload: %v", *w.uploadID)
+	}
+	return err
+}
+
+// addMd5 adds a binary md5 to the md5 calculated so far
+func (w *objectChunkWriter) addMd5(md5binary *[]byte, chunkNumber int64) {
+	w.md5sMu.Lock()
+	defer w.md5sMu.Unlock()
+	start := chunkNumber * md5.Size
+	end := start + md5.Size
+	if extend := end - int64(len(w.md5s)); extend > 0 {
+		w.md5s = append(w.md5s, make([]byte, extend)...)
+	}
+	copy(w.md5s[start:end], (*md5binary)[:])
+}
+
+func (o *Object) prepareUpload(ctx context.Context, src fs.ObjectInfo, options []fs.OpenOption) (ui uploadInfo, err error) {
+	bucket, bucketPath := o.split()
+
+	ui.req = &objectstorage.PutObjectRequest{
+		NamespaceName: common.String(o.fs.opt.Namespace),
+		BucketName:    common.String(bucket),
+		ObjectName:    common.String(bucketPath),
+	}
+
+	// Set the mtime in the metadata
+	modTime := src.ModTime(ctx)
+	// Fetch metadata if --metadata is in use
+	meta, err := fs.GetMetadataOptions(ctx, o.fs, src, options)
+	if err != nil {
+		return ui, fmt.Errorf("failed to read metadata from source object: %w", err)
+	}
+	ui.req.OpcMeta = make(map[string]string, len(meta)+2)
+	// merge metadata into request and user metadata
+	for k, v := range meta {
+		pv := common.String(v)
+		k = strings.ToLower(k)
+		switch k {
+		case "cache-control":
+			ui.req.CacheControl = pv
+		case "content-disposition":
+			ui.req.ContentDisposition = pv
+		case "content-encoding":
+			ui.req.ContentEncoding = pv
+		case "content-language":
+			ui.req.ContentLanguage = pv
+		case "content-type":
+			ui.req.ContentType = pv
+		case "tier":
+			// ignore
+		case "mtime":
+			// mtime in meta overrides source ModTime
+			metaModTime, err := time.Parse(time.RFC3339Nano, v)
+			if err != nil {
+				fs.Debugf(o, "failed to parse metadata %s: %q: %v", k, v, err)
+			} else {
+				modTime = metaModTime
+			}
+		case "btime":
+			// write as metadata since we can't set it
+			ui.req.OpcMeta[k] = v
+		default:
+			ui.req.OpcMeta[k] = v
+		}
+	}
+
+	// Set the mtime in the metadata
+	ui.req.OpcMeta[metaMtime] = swift.TimeToFloatString(modTime)
+
+	// read the md5sum if available
+	// - for non-multipart
+	//    - so we can add a ContentMD5
+	//    - so we can add the md5sum in the metadata as metaMD5Hash if using SSE/SSE-C
+	// - for multipart provided checksums aren't disabled
+	//    - so we can add the md5sum in the metadata as metaMD5Hash
+	size := src.Size()
+	isMultipart := size < 0 || size >= int64(o.fs.opt.UploadCutoff)
+	var md5sumBase64 string
+	if !isMultipart || !o.fs.opt.DisableChecksum {
+		ui.md5sumHex, err = src.Hash(ctx, hash.MD5)
+		if err == nil && matchMd5.MatchString(ui.md5sumHex) {
+			hashBytes, err := hex.DecodeString(ui.md5sumHex)
+			if err == nil {
+				md5sumBase64 = base64.StdEncoding.EncodeToString(hashBytes)
+				if isMultipart && !o.fs.opt.DisableChecksum {
+					// Set the md5sum as metadata on the object if
+					// - a multipart upload
+					// - the ETag is not an MD5, e.g. when using SSE/SSE-C
+					// provided checksums aren't disabled
+					ui.req.OpcMeta[metaMD5Hash] = md5sumBase64
+				}
+			}
+		}
+	}
+	// Set the content type if it isn't set already
+	if ui.req.ContentType == nil {
+		ui.req.ContentType = common.String(fs.MimeType(ctx, src))
+	}
+	if size >= 0 {
+		ui.req.ContentLength = common.Int64(size)
+	}
+	if md5sumBase64 != "" {
+		ui.req.ContentMD5 = &md5sumBase64
+	}
+	o.applyPutOptions(ui.req, options...)
+	useBYOKPutObject(o.fs, ui.req)
+	if o.fs.opt.StorageTier != "" {
+		storageTier, ok := objectstorage.GetMappingPutObjectStorageTierEnum(o.fs.opt.StorageTier)
+		if !ok {
+			return ui, fmt.Errorf("not a valid storage tier: %v", o.fs.opt.StorageTier)
+		}
+		ui.req.StorageTier = storageTier
+	}
+	// Check metadata keys and values are valid
+	for key, value := range ui.req.OpcMeta {
+		if !httpguts.ValidHeaderFieldName(key) {
+			fs.Errorf(o, "Dropping invalid metadata key %q", key)
+			delete(ui.req.OpcMeta, key)
+		} else if value == "" {
+			fs.Errorf(o, "Dropping nil metadata value for key %q", key)
+			delete(ui.req.OpcMeta, key)
+		} else if !httpguts.ValidHeaderFieldValue(value) {
+			fs.Errorf(o, "Dropping invalid metadata value %q for key %q", value, key)
+			delete(ui.req.OpcMeta, key)
+		}
+	}
+	return ui, nil
+}
+
+func (o *Object) createMultipartUpload(ctx context.Context, putReq *objectstorage.PutObjectRequest) (
+	uploadID string, existingParts map[int]objectstorage.MultipartUploadPartSummary, err error) {
+	bucketName, bucketPath := o.split()
+	f := o.fs
+	if f.opt.AttemptResumeUpload {
+		fs.Debugf(o, "attempting to resume upload for %v (if any)", o.remote)
+		resumeUploads, err := o.fs.findLatestMultipartUpload(ctx, bucketName, bucketPath)
+		if err == nil && len(resumeUploads) > 0 {
+			uploadID = *resumeUploads[0].UploadId
+			existingParts, err = f.listMultipartUploadParts(ctx, bucketName, bucketPath, uploadID)
+			if err == nil {
+				fs.Debugf(o, "resuming with existing upload id: %v", uploadID)
+				return uploadID, existingParts, err
+			}
+		}
+	}
+	req := objectstorage.CreateMultipartUploadRequest{
+		NamespaceName: common.String(o.fs.opt.Namespace),
+		BucketName:    common.String(bucketName),
+	}
+	req.Object = common.String(bucketPath)
+	if o.fs.opt.StorageTier != "" {
+		storageTier, ok := objectstorage.GetMappingStorageTierEnum(o.fs.opt.StorageTier)
+		if !ok {
+			return "", nil, fmt.Errorf("not a valid storage tier: %v", o.fs.opt.StorageTier)
+		}
+		req.StorageTier = storageTier
+	}
+	o.applyMultipartUploadOptions(putReq, &req)
+
+	var resp objectstorage.CreateMultipartUploadResponse
+	err = o.fs.pacer.Call(func() (bool, error) {
+		resp, err = o.fs.srv.CreateMultipartUpload(ctx, req)
+		return shouldRetry(ctx, resp.HTTPResponse(), err)
+	})
+	if err != nil {
+		return "", existingParts, err
+	}
+	existingParts = make(map[int]objectstorage.MultipartUploadPartSummary)
+	uploadID = *resp.UploadId
+	fs.Debugf(o, "created new upload id: %v", uploadID)
+	return uploadID, existingParts, err
+}
diff --git a/backend/oracleobjectstorage/object.go b/backend/oracleobjectstorage/object.go
index e82ac295e97d6..ad390eaa0f429 100644
--- a/backend/oracleobjectstorage/object.go
+++ b/backend/oracleobjectstorage/object.go
@@ -4,12 +4,14 @@
 package oracleobjectstorage
 
 import (
+	"bytes"
 	"context"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
 	"io"
 	"net/http"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@@ -18,10 +20,8 @@ import (
 	"github.com/ncw/swift/v2"
 	"github.com/oracle/oci-go-sdk/v65/common"
 	"github.com/oracle/oci-go-sdk/v65/objectstorage"
-	"github.com/oracle/oci-go-sdk/v65/objectstorage/transfer"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/hash"
-	"github.com/rclone/rclone/lib/atexit"
 )
 
 // ------------------------------------------------------------
@@ -367,9 +367,28 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadClo
 	return resp.HTTPResponse().Body, nil
 }
 
+func isZeroLength(streamReader io.Reader) bool {
+	switch v := streamReader.(type) {
+	case *bytes.Buffer:
+		return v.Len() == 0
+	case *bytes.Reader:
+		return v.Len() == 0
+	case *strings.Reader:
+		return v.Len() == 0
+	case *os.File:
+		fi, err := v.Stat()
+		if err != nil {
+			return false
+		}
+		return fi.Size() == 0
+	default:
+		return false
+	}
+}
+
 // Update an object if it has changed
 func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
-	bucketName, bucketPath := o.split()
+	bucketName, _ := o.split()
 	err = o.fs.makeBucket(ctx, bucketName)
 	if err != nil {
 		return err
@@ -377,142 +396,24 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 
 	// determine if we like upload single or multipart.
 	size := src.Size()
-	multipart := size >= int64(o.fs.opt.UploadCutoff)
-
-	// Set the mtime in the metadata
-	modTime := src.ModTime(ctx)
-	metadata := map[string]string{
-		metaMtime: swift.TimeToFloatString(modTime),
-	}
-
-	// read the md5sum if available
-	// - for non-multipart
-	//    - so we can add a ContentMD5
-	//    - so we can add the md5sum in the metadata as metaMD5Hash if using SSE/SSE-C
-	// - for multipart provided checksums aren't disabled
-	//    - so we can add the md5sum in the metadata as metaMD5Hash
-	var md5sumBase64 string
-	var md5sumHex string
-	if !multipart || !o.fs.opt.DisableChecksum {
-		md5sumHex, err = src.Hash(ctx, hash.MD5)
-		if err == nil && matchMd5.MatchString(md5sumHex) {
-			hashBytes, err := hex.DecodeString(md5sumHex)
-			if err == nil {
-				md5sumBase64 = base64.StdEncoding.EncodeToString(hashBytes)
-				if multipart && !o.fs.opt.DisableChecksum {
-					// Set the md5sum as metadata on the object if
-					// - a multipart upload
-					// - the ETag is not an MD5, e.g. when using SSE/SSE-C
-					// provided checksums aren't disabled
-					metadata[metaMD5Hash] = md5sumBase64
-				}
-			}
-		}
+	multipart := size < 0 || size >= int64(o.fs.opt.UploadCutoff)
+	if isZeroLength(in) {
+		multipart = false
 	}
-	// Guess the content type
-	mimeType := fs.MimeType(ctx, src)
-
 	if multipart {
-		chunkSize := int64(o.fs.opt.ChunkSize)
-		uploadRequest := transfer.UploadRequest{
-			NamespaceName:                       common.String(o.fs.opt.Namespace),
-			BucketName:                          common.String(bucketName),
-			ObjectName:                          common.String(bucketPath),
-			ContentType:                         common.String(mimeType),
-			PartSize:                            common.Int64(chunkSize),
-			AllowMultipartUploads:               common.Bool(true),
-			AllowParrallelUploads:               common.Bool(true),
-			ObjectStorageClient:                 o.fs.srv,
-			EnableMultipartChecksumVerification: common.Bool(!o.fs.opt.DisableChecksum),
-			NumberOfGoroutines:                  common.Int(o.fs.opt.UploadConcurrency),
-			Metadata:                            metadataWithOpcPrefix(metadata),
-		}
-		if o.fs.opt.StorageTier != "" {
-			storageTier, ok := objectstorage.GetMappingPutObjectStorageTierEnum(o.fs.opt.StorageTier)
-			if !ok {
-				return fmt.Errorf("not a valid storage tier: %v", o.fs.opt.StorageTier)
-			}
-			uploadRequest.StorageTier = storageTier
-		}
-		o.applyMultiPutOptions(&uploadRequest, options...)
-		useBYOKUpload(o.fs, &uploadRequest)
-		uploadStreamRequest := transfer.UploadStreamRequest{
-			UploadRequest: uploadRequest,
-			StreamReader:  in,
-		}
-		uploadMgr := transfer.NewUploadManager()
-		var uploadID = ""
-
-		defer atexit.OnError(&err, func() {
-			if uploadID == "" {
-				return
-			}
-			if o.fs.opt.LeavePartsOnError {
-				return
-			}
-			fs.Debugf(o, "Cancelling multipart upload")
-			errCancel := o.fs.abortMultiPartUpload(
-				context.Background(),
-				bucketName,
-				bucketPath,
-				uploadID)
-			if errCancel != nil {
-				fs.Debugf(o, "Failed to cancel multipart upload: %v", errCancel)
-			}
-		})()
-
-		err = o.fs.pacer.Call(func() (bool, error) {
-			uploadResponse, err := uploadMgr.UploadStream(ctx, uploadStreamRequest)
-			var httpResponse *http.Response
-			if err == nil {
-				if uploadResponse.Type == transfer.MultipartUpload {
-					if uploadResponse.MultipartUploadResponse != nil {
-						httpResponse = uploadResponse.MultipartUploadResponse.HTTPResponse()
-					}
-				} else {
-					if uploadResponse.SinglepartUploadResponse != nil {
-						httpResponse = uploadResponse.SinglepartUploadResponse.HTTPResponse()
-					}
-				}
-			}
-			if err != nil {
-				uploadID := ""
-				if uploadResponse.MultipartUploadResponse != nil && uploadResponse.MultipartUploadResponse.UploadID != nil {
-					uploadID = *uploadResponse.MultipartUploadResponse.UploadID
-					fs.Debugf(o, "multipart streaming upload failed, aborting uploadID: %v, may retry", uploadID)
-					_ = o.fs.abortMultiPartUpload(ctx, bucketName, bucketPath, uploadID)
-				}
-			}
-			return shouldRetry(ctx, httpResponse, err)
-		})
+		err = o.uploadMultipart(ctx, src, in, options...)
 		if err != nil {
-			fs.Errorf(o, "multipart streaming upload failed %v", err)
 			return err
 		}
 	} else {
-		req := objectstorage.PutObjectRequest{
-			NamespaceName: common.String(o.fs.opt.Namespace),
-			BucketName:    common.String(bucketName),
-			ObjectName:    common.String(bucketPath),
-			ContentType:   common.String(mimeType),
-			PutObjectBody: io.NopCloser(in),
-			OpcMeta:       metadata,
-		}
-		if size >= 0 {
-			req.ContentLength = common.Int64(size)
-		}
-		if o.fs.opt.StorageTier != "" {
-			storageTier, ok := objectstorage.GetMappingPutObjectStorageTierEnum(o.fs.opt.StorageTier)
-			if !ok {
-				return fmt.Errorf("not a valid storage tier: %v", o.fs.opt.StorageTier)
-			}
-			req.StorageTier = storageTier
+		ui, err := o.prepareUpload(ctx, src, options)
+		if err != nil {
+			return fmt.Errorf("failed to prepare upload: %w", err)
 		}
-		o.applyPutOptions(&req, options...)
-		useBYOKPutObject(o.fs, &req)
 		var resp objectstorage.PutObjectResponse
-		err = o.fs.pacer.Call(func() (bool, error) {
-			resp, err = o.fs.srv.PutObject(ctx, req)
+		err = o.fs.pacer.CallNoRetry(func() (bool, error) {
+			ui.req.PutObjectBody = io.NopCloser(in)
+			resp, err = o.fs.srv.PutObject(ctx, *ui.req)
 			return shouldRetry(ctx, resp.HTTPResponse(), err)
 		})
 		if err != nil {
@@ -591,28 +492,24 @@ func (o *Object) applyGetObjectOptions(req *objectstorage.GetObjectRequest, opti
 	}
 }
 
-func (o *Object) applyMultiPutOptions(req *transfer.UploadRequest, options ...fs.OpenOption) {
-	// Apply upload options
-	for _, option := range options {
-		key, value := option.Header()
-		lowerKey := strings.ToLower(key)
-		switch lowerKey {
-		case "":
-			// ignore
-		case "content-encoding":
-			req.ContentEncoding = common.String(value)
-		case "content-language":
-			req.ContentLanguage = common.String(value)
-		case "content-type":
-			req.ContentType = common.String(value)
-		default:
-			if strings.HasPrefix(lowerKey, ociMetaPrefix) {
-				req.Metadata[lowerKey] = value
-			} else {
-				fs.Errorf(o, "Don't know how to set key %q on upload", key)
-			}
-		}
-	}
+func (o *Object) applyMultipartUploadOptions(putReq *objectstorage.PutObjectRequest, req *objectstorage.CreateMultipartUploadRequest) {
+	req.ContentType = putReq.ContentType
+	req.ContentLanguage = putReq.ContentLanguage
+	req.ContentEncoding = putReq.ContentEncoding
+	req.ContentDisposition = putReq.ContentDisposition
+	req.CacheControl = putReq.CacheControl
+	req.Metadata = metadataWithOpcPrefix(putReq.OpcMeta)
+	req.OpcSseCustomerAlgorithm = putReq.OpcSseCustomerAlgorithm
+	req.OpcSseCustomerKey = putReq.OpcSseCustomerKey
+	req.OpcSseCustomerKeySha256 = putReq.OpcSseCustomerKeySha256
+	req.OpcSseKmsKeyId = putReq.OpcSseKmsKeyId
+}
+
+func (o *Object) applyPartUploadOptions(putReq *objectstorage.PutObjectRequest, req *objectstorage.UploadPartRequest) {
+	req.OpcSseCustomerAlgorithm = putReq.OpcSseCustomerAlgorithm
+	req.OpcSseCustomerKey = putReq.OpcSseCustomerKey
+	req.OpcSseCustomerKeySha256 = putReq.OpcSseCustomerKeySha256
+	req.OpcSseKmsKeyId = putReq.OpcSseKmsKeyId
 }
 
 func metadataWithOpcPrefix(src map[string]string) map[string]string {
diff --git a/backend/oracleobjectstorage/options.go b/backend/oracleobjectstorage/options.go
index 9baf06e356ced..3eeb6899e68c2 100644
--- a/backend/oracleobjectstorage/options.go
+++ b/backend/oracleobjectstorage/options.go
@@ -13,9 +13,10 @@ import (
 
 const (
 	maxSizeForCopy             = 4768 * 1024 * 1024
-	minChunkSize               = fs.SizeSuffix(1024 * 1024 * 5)
-	defaultUploadCutoff        = fs.SizeSuffix(200 * 1024 * 1024)
+	maxUploadParts             = 10000
 	defaultUploadConcurrency   = 10
+	minChunkSize               = fs.SizeSuffix(5 * 1024 * 1024)
+	defaultUploadCutoff        = fs.SizeSuffix(200 * 1024 * 1024)
 	maxUploadCutoff            = fs.SizeSuffix(5 * 1024 * 1024 * 1024)
 	minSleep                   = 10 * time.Millisecond
 	defaultCopyTimeoutDuration = fs.Duration(time.Minute)
@@ -55,12 +56,14 @@ type Options struct {
 	ConfigProfile        string               `config:"config_profile"`
 	UploadCutoff         fs.SizeSuffix        `config:"upload_cutoff"`
 	ChunkSize            fs.SizeSuffix        `config:"chunk_size"`
+	MaxUploadParts       int                  `config:"max_upload_parts"`
 	UploadConcurrency    int                  `config:"upload_concurrency"`
 	DisableChecksum      bool                 `config:"disable_checksum"`
 	CopyCutoff           fs.SizeSuffix        `config:"copy_cutoff"`
 	CopyTimeout          fs.Duration          `config:"copy_timeout"`
 	StorageTier          string               `config:"storage_tier"`
 	LeavePartsOnError    bool                 `config:"leave_parts_on_error"`
+	AttemptResumeUpload  bool                 `config:"attempt_resume_upload"`
 	NoCheckBucket        bool                 `config:"no_check_bucket"`
 	SSEKMSKeyID          string               `config:"sse_kms_key_id"`
 	SSECustomerAlgorithm string               `config:"sse_customer_algorithm"`
@@ -92,14 +95,16 @@ func newOptions() []fs.Option {
 			Help:  noAuthHelpText,
 		}},
 	}, {
-		Name:     "namespace",
-		Help:     "Object storage namespace",
-		Required: true,
+		Name:      "namespace",
+		Help:      "Object storage namespace",
+		Required:  true,
+		Sensitive: true,
 	}, {
-		Name:     "compartment",
-		Help:     "Object storage compartment OCID",
-		Provider: "!no_auth",
-		Required: true,
+		Name:      "compartment",
+		Help:      "Object storage compartment OCID",
+		Provider:  "!no_auth",
+		Required:  true,
+		Sensitive: true,
 	}, {
 		Name:     "region",
 		Help:     "Object storage Region",
@@ -155,9 +160,8 @@ The minimum is 0 and the maximum is 5 GiB.`,
 		Help: `Chunk size to use for uploading.
 
 When uploading files larger than upload_cutoff or files with unknown
-size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google
-photos or google docs) they will be uploaded as multipart uploads
-using this chunk size.
+size (e.g. from "rclone rcat" or uploaded with "rclone mount" they will be uploaded 
+as multipart uploads using this chunk size.
 
 Note that "upload_concurrency" chunks of this size are buffered
 in memory per transfer.
@@ -179,6 +183,20 @@ statistics displayed with "-P" flag.
 `,
 		Default:  minChunkSize,
 		Advanced: true,
+	}, {
+		Name: "max_upload_parts",
+		Help: `Maximum number of parts in a multipart upload.
+
+This option defines the maximum number of multipart chunks to use
+when doing a multipart upload.
+
+OCI has max parts limit of 10,000 chunks.
+
+Rclone will automatically increase the chunk size when uploading a
+large file of a known size to stay below this number of chunks limit.
+`,
+		Default:  maxUploadParts,
+		Advanced: true,
 	}, {
 		Name: "upload_concurrency",
 		Help: `Concurrency for multipart uploads.
@@ -236,12 +254,24 @@ to start uploading.`,
 			encoder.EncodeDot,
 	}, {
 		Name: "leave_parts_on_error",
-		Help: `If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.
+		Help: `If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
 
 It should be set to true for resuming uploads across different sessions.
 
 WARNING: Storing parts of an incomplete multipart upload counts towards space usage on object storage and will add
 additional costs if not cleaned up.
+`,
+		Default:  false,
+		Advanced: true,
+	}, {
+		Name: "attempt_resume_upload",
+		Help: `If true attempt to resume previously started multipart upload for the object.
+This will be helpful to speed up multipart transfers by resuming uploads from past session.
+
+WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is 
+aborted and a new multipart upload is started with the new chunk size.
+
+The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
 `,
 		Default:  false,
 		Advanced: true,
@@ -289,7 +319,7 @@ Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/using
 		}},
 	}, {
 		Name: "sse_kms_key_id",
-		Help: `if using using your own master key in vault, this header specifies the 
+		Help: `if using your own master key in vault, this header specifies the
 OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
 the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
 Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.`,
diff --git a/backend/oracleobjectstorage/oracleobjectstorage.go b/backend/oracleobjectstorage/oracleobjectstorage.go
index a0de006b86213..2133ebc09dec4 100644
--- a/backend/oracleobjectstorage/oracleobjectstorage.go
+++ b/backend/oracleobjectstorage/oracleobjectstorage.go
@@ -138,6 +138,14 @@ func (f *Fs) setUploadCutoff(cs fs.SizeSuffix) (old fs.SizeSuffix, err error) {
 	return
 }
 
+func (f *Fs) setCopyCutoff(cs fs.SizeSuffix) (old fs.SizeSuffix, err error) {
+	err = checkUploadChunkSize(cs)
+	if err == nil {
+		old, f.opt.CopyCutoff = f.opt.CopyCutoff, cs
+	}
+	return
+}
+
 // ------------------------------------------------------------
 // Implement backed that represents a remote object storage server
 // Fs is the interface a cloud storage system must provide
@@ -318,7 +326,6 @@ func (f *Fs) list(ctx context.Context, bucket, directory, prefix string, addBuck
 			remote := *object.Name
 			remote = f.opt.Enc.ToStandardPath(remote)
 			if !strings.HasPrefix(remote, prefix) {
-				// fs.Debugf(f, "Odd name received %v", object.Name)
 				continue
 			}
 			remote = remote[len(prefix):]
@@ -558,15 +565,15 @@ func (f *Fs) Rmdir(ctx context.Context, dir string) error {
 	})
 }
 
-func (f *Fs) abortMultiPartUpload(ctx context.Context, bucketName, bucketPath, uploadID string) (err error) {
-	if uploadID == "" {
+func (f *Fs) abortMultiPartUpload(ctx context.Context, bucketName, bucketPath, uploadID *string) (err error) {
+	if uploadID == nil || *uploadID == "" {
 		return nil
 	}
 	request := objectstorage.AbortMultipartUploadRequest{
 		NamespaceName: common.String(f.opt.Namespace),
-		BucketName:    common.String(bucketName),
-		ObjectName:    common.String(bucketPath),
-		UploadId:      common.String(uploadID),
+		BucketName:    bucketName,
+		ObjectName:    bucketPath,
+		UploadId:      uploadID,
 	}
 	err = f.pacer.Call(func() (bool, error) {
 		resp, err := f.srv.AbortMultipartUpload(ctx, request)
@@ -589,12 +596,7 @@ func (f *Fs) cleanUpBucket(ctx context.Context, bucket string, maxAge time.Durat
 				if operations.SkipDestructive(ctx, what, "remove pending upload") {
 					continue
 				}
-				ignoreErr := f.abortMultiPartUpload(ctx, *upload.Bucket, *upload.Object, *upload.UploadId)
-				if ignoreErr != nil {
-					// fs.Debugf(f, "ignoring error %s", ignoreErr)
-				}
-			} else {
-				// fs.Debugf(f, "ignoring %s", what)
+				_ = f.abortMultiPartUpload(ctx, upload.Bucket, upload.Object, upload.UploadId)
 			}
 		} else {
 			fs.Infof(f, "MultipartUpload doesn't have sufficient details to abort.")
@@ -689,12 +691,13 @@ func (f *Fs) ListR(ctx context.Context, dir string, callback fs.ListRCallback) (
 
 // Check the interfaces are satisfied
 var (
-	_ fs.Fs          = &Fs{}
-	_ fs.Copier      = &Fs{}
-	_ fs.PutStreamer = &Fs{}
-	_ fs.ListRer     = &Fs{}
-	_ fs.Commander   = &Fs{}
-	_ fs.CleanUpper  = &Fs{}
+	_ fs.Fs              = &Fs{}
+	_ fs.Copier          = &Fs{}
+	_ fs.PutStreamer     = &Fs{}
+	_ fs.ListRer         = &Fs{}
+	_ fs.Commander       = &Fs{}
+	_ fs.CleanUpper      = &Fs{}
+	_ fs.OpenChunkWriter = &Fs{}
 
 	_ fs.Object    = &Object{}
 	_ fs.MimeTyper = &Object{}
diff --git a/backend/oracleobjectstorage/oracleobjectstorage_test.go b/backend/oracleobjectstorage/oracleobjectstorage_test.go
index 479da7b5ba9f7..daccfaeed1cf5 100644
--- a/backend/oracleobjectstorage/oracleobjectstorage_test.go
+++ b/backend/oracleobjectstorage/oracleobjectstorage_test.go
@@ -30,4 +30,12 @@ func (f *Fs) SetUploadCutoff(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
 	return f.setUploadCutoff(cs)
 }
 
-var _ fstests.SetUploadChunkSizer = (*Fs)(nil)
+func (f *Fs) SetCopyCutoff(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
+	return f.setCopyCutoff(cs)
+}
+
+var (
+	_ fstests.SetUploadChunkSizer = (*Fs)(nil)
+	_ fstests.SetUploadCutoffer   = (*Fs)(nil)
+	_ fstests.SetCopyCutoffer     = (*Fs)(nil)
+)
diff --git a/backend/pcloud/pcloud.go b/backend/pcloud/pcloud.go
index 726d9ee8bd3fc..9d6256b1ac7d9 100644
--- a/backend/pcloud/pcloud.go
+++ b/backend/pcloud/pcloud.go
@@ -110,10 +110,11 @@ func init() {
 				encoder.EncodeBackSlash |
 				encoder.EncodeInvalidUtf8),
 		}, {
-			Name:     "root_folder_id",
-			Help:     "Fill in for rclone to use a non root folder as its starting point.",
-			Default:  "d0",
-			Advanced: true,
+			Name:      "root_folder_id",
+			Help:      "Fill in for rclone to use a non root folder as its starting point.",
+			Default:   "d0",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "hostname",
 			Help: `Hostname to connect to.
@@ -138,7 +139,8 @@ with rclone authorize.
 This is only required when you want to use the cleanup command. Due to a bug
 in the pcloud API the required API does not support OAuth authentication so
 we have to rely on user password authentication for it.`,
-			Advanced: true,
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:       "password",
 			Help:       "Your pcloud password.",
diff --git a/backend/pikpak/api/types.go b/backend/pikpak/api/types.go
new file mode 100644
index 0000000000000..fab6951eb1b2c
--- /dev/null
+++ b/backend/pikpak/api/types.go
@@ -0,0 +1,536 @@
+// Package api has type definitions for pikpak
+//
+// Manually obtained from the API responses using Browse Dev. Tool and https://mholt.github.io/json-to-go/
+package api
+
+import (
+	"fmt"
+	"reflect"
+	"strconv"
+	"time"
+)
+
+const (
+	// "2022-09-17T14:31:06.056+08:00"
+	timeFormat = `"` + time.RFC3339 + `"`
+)
+
+// Time represents date and time information for the pikpak API, by using RFC3339
+type Time time.Time
+
+// MarshalJSON turns a Time into JSON (in UTC)
+func (t *Time) MarshalJSON() (out []byte, err error) {
+	timeString := (*time.Time)(t).Format(timeFormat)
+	return []byte(timeString), nil
+}
+
+// UnmarshalJSON turns JSON into a Time
+func (t *Time) UnmarshalJSON(data []byte) error {
+	if string(data) == "null" || string(data) == `""` {
+		return nil
+	}
+	newT, err := time.Parse(timeFormat, string(data))
+	if err != nil {
+		return err
+	}
+	*t = Time(newT)
+	return nil
+}
+
+// Types of things in Item
+const (
+	KindOfFolder        = "drive#folder"
+	KindOfFile          = "drive#file"
+	KindOfFileList      = "drive#fileList"
+	KindOfResumable     = "drive#resumable"
+	KindOfForm          = "drive#form"
+	ThumbnailSizeS      = "SIZE_SMALL"
+	ThumbnailSizeM      = "SIZE_MEDIUM"
+	ThumbnailSizeL      = "SIZE_LARGE"
+	PhaseTypeComplete   = "PHASE_TYPE_COMPLETE"
+	PhaseTypeRunning    = "PHASE_TYPE_RUNNING"
+	PhaseTypeError      = "PHASE_TYPE_ERROR"
+	PhaseTypePending    = "PHASE_TYPE_PENDING"
+	UploadTypeForm      = "UPLOAD_TYPE_FORM"
+	UploadTypeResumable = "UPLOAD_TYPE_RESUMABLE"
+	ListLimit           = 100
+)
+
+// ------------------------------------------------------------
+
+// Error details api error from pikpak
+type Error struct {
+	Reason  string `json:"error"` // short description of the reason, e.g. "file_name_empty" "invalid_request"
+	Code    int    `json:"error_code"`
+	URL     string `json:"error_url,omitempty"`
+	Message string `json:"error_description,omitempty"`
+	// can have either of `error_details` or `details``
+	ErrorDetails []*ErrorDetails `json:"error_details,omitempty"`
+	Details      []*ErrorDetails `json:"details,omitempty"`
+}
+
+// ErrorDetails contains further details of api error
+type ErrorDetails struct {
+	Type     string `json:"@type,omitempty"`
+	Reason   string `json:"reason,omitempty"`
+	Domain   string `json:"domain,omitempty"`
+	Metadata struct {
+	} `json:"metadata,omitempty"` // TODO: undiscovered yet
+	Locale       string        `json:"locale,omitempty"` // e.g. "en"
+	Message      string        `json:"message,omitempty"`
+	StackEntries []interface{} `json:"stack_entries,omitempty"` // TODO: undiscovered yet
+	Detail       string        `json:"detail,omitempty"`
+}
+
+// Error returns a string for the error and satisfies the error interface
+func (e *Error) Error() string {
+	out := fmt.Sprintf("Error %q (%d)", e.Reason, e.Code)
+	if e.Message != "" {
+		out += ": " + e.Message
+	}
+	return out
+}
+
+// Check Error satisfies the error interface
+var _ error = (*Error)(nil)
+
+// ------------------------------------------------------------
+
+// Filters contains parameters for filters when listing.
+//
+// possible operators
+// * in: a list of comma-separated string
+// * eq: "true" or "false"
+// * gt or lt: time format string, e.g. "2023-01-28T10:56:49.757+08:00"
+type Filters struct {
+	Phase        map[string]string `json:"phase,omitempty"`         // "in" or "eq"
+	Trashed      map[string]bool   `json:"trashed,omitempty"`       // "eq"
+	Kind         map[string]string `json:"kind,omitempty"`          // "eq"
+	Starred      map[string]bool   `json:"starred,omitempty"`       // "eq"
+	ModifiedTime map[string]string `json:"modified_time,omitempty"` // "gt" or "lt"
+}
+
+// Set sets filter values using field name, operator and corresponding value
+func (f *Filters) Set(field, operator, value string) {
+	if value == "" {
+		// UNSET for empty values
+		return
+	}
+	r := reflect.ValueOf(f)
+	fd := reflect.Indirect(r).FieldByName(field)
+	if v, err := strconv.ParseBool(value); err == nil {
+		fd.Set(reflect.ValueOf(map[string]bool{operator: v}))
+	} else {
+		fd.Set(reflect.ValueOf(map[string]string{operator: value}))
+	}
+}
+
+// ------------------------------------------------------------
+// Common Elements
+
+// Link contains a download URL for opening files
+type Link struct {
+	URL    string `json:"url"`
+	Token  string `json:"token"`
+	Expire Time   `json:"expire"`
+	Type   string `json:"type,omitempty"`
+}
+
+// Valid reports whether l is non-nil, has an URL, and is not expired.
+func (l *Link) Valid() bool {
+	return l != nil && l.URL != "" && time.Now().Add(10*time.Second).Before(time.Time(l.Expire))
+}
+
+// URL is a basic form of URL
+type URL struct {
+	Kind string `json:"kind,omitempty"` // e.g. "upload#url"
+	URL  string `json:"url,omitempty"`
+}
+
+// ------------------------------------------------------------
+// Base Elements
+
+// FileList contains a list of File elements
+type FileList struct {
+	Kind            string  `json:"kind,omitempty"` // drive#fileList
+	Files           []*File `json:"files,omitempty"`
+	NextPageToken   string  `json:"next_page_token"`
+	Version         string  `json:"version,omitempty"`
+	VersionOutdated bool    `json:"version_outdated,omitempty"`
+}
+
+// File is a basic element representing a single file object
+//
+// There are two types of download links,
+// 1) one from File.WebContentLink or File.Links.ApplicationOctetStream.URL and
+// 2) the other from File.Medias[].Link.URL.
+// Empirically, 2) is less restrictive to multiple concurrent range-requests
+// for a single file, i.e. supports for higher `--multi-thread-streams=N`.
+// However, it is not generally applicable as it is only for meadia.
+type File struct {
+	Apps              []*FileApp    `json:"apps,omitempty"`
+	Audit             *FileAudit    `json:"audit,omitempty"`
+	Collection        string        `json:"collection,omitempty"` // TODO
+	CreatedTime       Time          `json:"created_time,omitempty"`
+	DeleteTime        Time          `json:"delete_time,omitempty"`
+	FileCategory      string        `json:"file_category,omitempty"`
+	FileExtension     string        `json:"file_extension,omitempty"`
+	FolderType        string        `json:"folder_type,omitempty"`
+	Hash              string        `json:"hash,omitempty"` // sha1 but NOT a valid file hash. looks like a torrent hash
+	IconLink          string        `json:"icon_link,omitempty"`
+	ID                string        `json:"id,omitempty"`
+	Kind              string        `json:"kind,omitempty"` // "drive#file"
+	Links             *FileLinks    `json:"links,omitempty"`
+	Md5Checksum       string        `json:"md5_checksum,omitempty"`
+	Medias            []*Media      `json:"medias,omitempty"`
+	MimeType          string        `json:"mime_type,omitempty"`
+	ModifiedTime      Time          `json:"modified_time,omitempty"` // updated when renamed or moved
+	Name              string        `json:"name,omitempty"`
+	OriginalFileIndex int           `json:"original_file_index,omitempty"` // TODO
+	OriginalURL       string        `json:"original_url,omitempty"`
+	Params            *FileParams   `json:"params,omitempty"`
+	ParentID          string        `json:"parent_id,omitempty"`
+	Phase             string        `json:"phase,omitempty"`
+	Revision          int           `json:"revision,omitempty,string"`
+	Size              int64         `json:"size,omitempty,string"`
+	SortName          string        `json:"sort_name,omitempty"`
+	Space             string        `json:"space,omitempty"`
+	SpellName         []interface{} `json:"spell_name,omitempty"` // TODO maybe list of something?
+	Starred           bool          `json:"starred,omitempty"`
+	ThumbnailLink     string        `json:"thumbnail_link,omitempty"`
+	Trashed           bool          `json:"trashed,omitempty"`
+	UserID            string        `json:"user_id,omitempty"`
+	UserModifiedTime  Time          `json:"user_modified_time,omitempty"`
+	WebContentLink    string        `json:"web_content_link,omitempty"`
+	Writable          bool          `json:"writable,omitempty"`
+}
+
+// FileLinks includes links to file at backend
+type FileLinks struct {
+	ApplicationOctetStream *Link `json:"application/octet-stream,omitempty"`
+}
+
+// FileAudit contains audit information for the file
+type FileAudit struct {
+	Status  string `json:"status,omitempty"` // "STATUS_OK"
+	Message string `json:"message,omitempty"`
+	Title   string `json:"title,omitempty"`
+}
+
+// Media contains info about supported version of media, e.g. original, transcoded, etc
+type Media struct {
+	MediaID   string `json:"media_id,omitempty"`
+	MediaName string `json:"media_name,omitempty"`
+	Video     struct {
+		Height     int    `json:"height,omitempty"`
+		Width      int    `json:"width,omitempty"`
+		Duration   int64  `json:"duration,omitempty"`
+		BitRate    int    `json:"bit_rate,omitempty"`
+		FrameRate  int    `json:"frame_rate,omitempty"`
+		VideoCodec string `json:"video_codec,omitempty"` // "h264", "hevc"
+		AudioCodec string `json:"audio_codec,omitempty"` // "pcm_bluray", "aac"
+		VideoType  string `json:"video_type,omitempty"`  // "mpegts"
+		HdrType    string `json:"hdr_type,omitempty"`
+	} `json:"video,omitempty"`
+	Link           *Link         `json:"link,omitempty"`
+	NeedMoreQuota  bool          `json:"need_more_quota,omitempty"`
+	VipTypes       []interface{} `json:"vip_types,omitempty"` // TODO maybe list of something?
+	RedirectLink   string        `json:"redirect_link,omitempty"`
+	IconLink       string        `json:"icon_link,omitempty"`
+	IsDefault      bool          `json:"is_default,omitempty"`
+	Priority       int           `json:"priority,omitempty"`
+	IsOrigin       bool          `json:"is_origin,omitempty"`
+	ResolutionName string        `json:"resolution_name,omitempty"`
+	IsVisible      bool          `json:"is_visible,omitempty"`
+	Category       string        `json:"category,omitempty"`
+}
+
+// FileParams includes parameters for instant open
+type FileParams struct {
+	Duration     int64  `json:"duration,omitempty,string"` // in seconds
+	Height       int    `json:"height,omitempty,string"`
+	Platform     string `json:"platform,omitempty"` // "Upload"
+	PlatformIcon string `json:"platform_icon,omitempty"`
+	URL          string `json:"url,omitempty"`
+	Width        int    `json:"width,omitempty,string"`
+}
+
+// FileApp includes parameters for instant open
+type FileApp struct {
+	ID            string        `json:"id,omitempty"`   // "decompress" for rar files
+	Name          string        `json:"name,omitempty"` // decompress" for rar files
+	Access        []interface{} `json:"access,omitempty"`
+	Link          string        `json:"link,omitempty"` // "https://mypikpak.com/drive/decompression/{File.Id}?gcid={File.Hash}\u0026wv-style=topbar%3Ahide"
+	RedirectLink  string        `json:"redirect_link,omitempty"`
+	VipTypes      []interface{} `json:"vip_types,omitempty"`
+	NeedMoreQuota bool          `json:"need_more_quota,omitempty"`
+	IconLink      string        `json:"icon_link,omitempty"`
+	IsDefault     bool          `json:"is_default,omitempty"`
+	Params        struct {
+	} `json:"params,omitempty"` // TODO
+	CategoryIds []interface{} `json:"category_ids,omitempty"`
+	AdSceneType int           `json:"ad_scene_type,omitempty"`
+	Space       string        `json:"space,omitempty"`
+	Links       struct {
+	} `json:"links,omitempty"` // TODO
+}
+
+// ------------------------------------------------------------
+
+// TaskList contains a list of Task elements
+type TaskList struct {
+	Tasks         []*Task `json:"tasks,omitempty"` // "drive#task"
+	NextPageToken string  `json:"next_page_token"`
+	ExpiresIn     int     `json:"expires_in,omitempty"`
+}
+
+// Task is a basic element representing a single task such as offline download and upload
+type Task struct {
+	Kind              string        `json:"kind,omitempty"` // "drive#task"
+	ID                string        `json:"id,omitempty"`   // task id?
+	Name              string        `json:"name,omitempty"` // torrent name?
+	Type              string        `json:"type,omitempty"` // "offline"
+	UserID            string        `json:"user_id,omitempty"`
+	Statuses          []interface{} `json:"statuses,omitempty"`    // TODO
+	StatusSize        int           `json:"status_size,omitempty"` // TODO
+	Params            *TaskParams   `json:"params,omitempty"`      // TODO
+	FileID            string        `json:"file_id,omitempty"`
+	FileName          string        `json:"file_name,omitempty"`
+	FileSize          string        `json:"file_size,omitempty"`
+	Message           string        `json:"message,omitempty"` // e.g. "Saving"
+	CreatedTime       Time          `json:"created_time,omitempty"`
+	UpdatedTime       Time          `json:"updated_time,omitempty"`
+	ThirdTaskID       string        `json:"third_task_id,omitempty"` // TODO
+	Phase             string        `json:"phase,omitempty"`         // e.g. "PHASE_TYPE_RUNNING"
+	Progress          int           `json:"progress,omitempty"`
+	IconLink          string        `json:"icon_link,omitempty"`
+	Callback          string        `json:"callback,omitempty"`
+	ReferenceResource interface{}   `json:"reference_resource,omitempty"` // TODO
+	Space             string        `json:"space,omitempty"`
+}
+
+// TaskParams includes parameters informing status of Task
+type TaskParams struct {
+	Age          string `json:"age,omitempty"`
+	PredictSpeed string `json:"predict_speed,omitempty"`
+	PredictType  string `json:"predict_type,omitempty"`
+	URL          string `json:"url,omitempty"`
+}
+
+// Form contains parameters for upload by multipart/form-data
+type Form struct {
+	Headers    struct{} `json:"headers"`
+	Kind       string   `json:"kind"`   // "drive#form"
+	Method     string   `json:"method"` // "POST"
+	MultiParts struct {
+		OSSAccessKeyID string `json:"OSSAccessKeyId"`
+		Signature      string `json:"Signature"`
+		Callback       string `json:"callback"`
+		Key            string `json:"key"`
+		Policy         string `json:"policy"`
+		XUserData      string `json:"x:user_data"`
+	} `json:"multi_parts"`
+	URL string `json:"url"`
+}
+
+// Resumable contains parameters for upload by resumable
+type Resumable struct {
+	Kind     string           `json:"kind,omitempty"`     // "drive#resumable"
+	Provider string           `json:"provider,omitempty"` // e.g. "PROVIDER_ALIYUN"
+	Params   *ResumableParams `json:"params,omitempty"`
+}
+
+// ResumableParams specifies resumable paramegers
+type ResumableParams struct {
+	AccessKeyID     string `json:"access_key_id,omitempty"`
+	AccessKeySecret string `json:"access_key_secret,omitempty"`
+	Bucket          string `json:"bucket,omitempty"`
+	Endpoint        string `json:"endpoint,omitempty"`
+	Expiration      Time   `json:"expiration,omitempty"`
+	Key             string `json:"key,omitempty"`
+	SecurityToken   string `json:"security_token,omitempty"`
+}
+
+// FileInArchive is a basic element in archive
+type FileInArchive struct {
+	Index    int    `json:"index,omitempty"`
+	Filename string `json:"filename,omitempty"`
+	Filesize string `json:"filesize,omitempty"`
+	MimeType string `json:"mime_type,omitempty"`
+	Gcid     string `json:"gcid,omitempty"`
+	Kind     string `json:"kind,omitempty"`
+	IconLink string `json:"icon_link,omitempty"`
+	Path     string `json:"path,omitempty"`
+}
+
+// ------------------------------------------------------------
+
+// NewFile is a response to RequestNewFile
+type NewFile struct {
+	File       *File      `json:"file,omitempty"`
+	Form       *Form      `json:"form,omitempty"`
+	Resumable  *Resumable `json:"resumable,omitempty"`
+	Task       *Task      `json:"task,omitempty"`        // null in this case
+	UploadType string     `json:"upload_type,omitempty"` // "UPLOAD_TYPE_FORM" or "UPLOAD_TYPE_RESUMABLE"
+}
+
+// NewTask is a response to RequestNewTask
+type NewTask struct {
+	UploadType string `json:"upload_type,omitempty"` // "UPLOAD_TYPE_URL"
+	File       *File  `json:"file,omitempty"`        // null in this case
+	Task       *Task  `json:"task,omitempty"`
+	URL        *URL   `json:"url,omitempty"` // {"kind": "upload#url"}
+}
+
+// About informs drive status
+type About struct {
+	Kind      string `json:"kind,omitempty"` // "drive#about"
+	Quota     *Quota `json:"quota,omitempty"`
+	ExpiresAt string `json:"expires_at,omitempty"`
+	Quotas    struct {
+	} `json:"quotas,omitempty"` // maybe []*Quota?
+}
+
+// Quota informs drive quota
+type Quota struct {
+	Kind           string `json:"kind,omitempty"`                  // "drive#quota"
+	Limit          int64  `json:"limit,omitempty,string"`          // limit in bytes
+	Usage          int64  `json:"usage,omitempty,string"`          // bytes in use
+	UsageInTrash   int64  `json:"usage_in_trash,omitempty,string"` // bytes in trash but this seems not working
+	PlayTimesLimit string `json:"play_times_limit,omitempty"`      // maybe in seconds
+	PlayTimesUsage string `json:"play_times_usage,omitempty"`      // maybe in seconds
+}
+
+// Share is a response to RequestShare
+//
+// used in PublicLink()
+type Share struct {
+	ShareID   string `json:"share_id,omitempty"`
+	ShareURL  string `json:"share_url,omitempty"`
+	PassCode  string `json:"pass_code,omitempty"`
+	ShareText string `json:"share_text,omitempty"`
+}
+
+// User contains user account information
+//
+// GET https://user.mypikpak.com/v1/user/me
+type User struct {
+	Sub               string          `json:"sub,omitempty"`       // userid for internal use
+	Name              string          `json:"name,omitempty"`      // Username
+	Picture           string          `json:"picture,omitempty"`   // URL to Avatar image
+	Email             string          `json:"email,omitempty"`     // redacted email address
+	Providers         *[]UserProvider `json:"providers,omitempty"` // OAuth provider
+	PhoneNumber       string          `json:"phone_number,omitempty"`
+	Password          string          `json:"password,omitempty"` // "SET" if configured
+	Status            string          `json:"status,omitempty"`   // "ACTIVE"
+	CreatedAt         Time            `json:"created_at,omitempty"`
+	PasswordUpdatedAt Time            `json:"password_updated_at,omitempty"`
+}
+
+// UserProvider details third-party authentication
+type UserProvider struct {
+	ID             string `json:"id,omitempty"` // e.g. "google.com"
+	ProviderUserID string `json:"provider_user_id,omitempty"`
+	Name           string `json:"name,omitempty"` // username
+}
+
+// VIP includes subscription details about premium account
+//
+// GET https://api-drive.mypikpak.com/drive/v1/privilege/vip
+type VIP struct {
+	Result      string `json:"result,omitempty"` // "ACCEPTED"
+	Message     string `json:"message,omitempty"`
+	RedirectURI string `json:"redirect_uri,omitempty"`
+	Data        struct {
+		Expire Time   `json:"expire,omitempty"`
+		Status string `json:"status,omitempty"`  // "invalid" or "ok"
+		Type   string `json:"type,omitempty"`    // "novip" or "platinum"
+		UserID string `json:"user_id,omitempty"` // same as User.Sub
+	} `json:"data,omitempty"`
+}
+
+// DecompressResult is a response to RequestDecompress
+type DecompressResult struct {
+	Status       string `json:"status,omitempty"` // "OK"
+	StatusText   string `json:"status_text,omitempty"`
+	TaskID       string `json:"task_id,omitempty"`   // same as File.Id
+	FilesNum     int    `json:"files_num,omitempty"` // number of files in archive
+	RedirectLink string `json:"redirect_link,omitempty"`
+}
+
+// ------------------------------------------------------------
+
+// RequestShare is to request for file share
+type RequestShare struct {
+	FileIds        []string `json:"file_ids,omitempty"`
+	ShareTo        string   `json:"share_to,omitempty"`         // "publiclink",
+	ExpirationDays int      `json:"expiration_days,omitempty"`  // -1 = 'forever'
+	PassCodeOption string   `json:"pass_code_option,omitempty"` // "NOT_REQUIRED"
+}
+
+// RequestBatch is to request for batch actions
+type RequestBatch struct {
+	Ids []string          `json:"ids,omitempty"`
+	To  map[string]string `json:"to,omitempty"`
+}
+
+// RequestNewFile is to request for creating a new `drive#folder` or `drive#file`
+type RequestNewFile struct {
+	// always required
+	Kind       string `json:"kind"` // "drive#folder" or "drive#file"
+	Name       string `json:"name"`
+	ParentID   string `json:"parent_id"`
+	FolderType string `json:"folder_type"`
+	// only when uploading a new file
+	Hash       string            `json:"hash,omitempty"`      // sha1sum
+	Resumable  map[string]string `json:"resumable,omitempty"` // {"provider": "PROVIDER_ALIYUN"}
+	Size       int64             `json:"size,omitempty"`
+	UploadType string            `json:"upload_type,omitempty"` // "UPLOAD_TYPE_FORM" or "UPLOAD_TYPE_RESUMABLE"
+}
+
+// RequestNewTask is to request for creating a new task like offline downloads
+//
+// Name and ParentID can be left empty.
+type RequestNewTask struct {
+	Kind       string `json:"kind,omitempty"` // "drive#file"
+	Name       string `json:"name,omitempty"`
+	ParentID   string `json:"parent_id,omitempty"`
+	UploadType string `json:"upload_type,omitempty"` // "UPLOAD_TYPE_URL"
+	URL        *URL   `json:"url,omitempty"`         // {"url": downloadUrl}
+	FolderType string `json:"folder_type,omitempty"` // "" if parent_id else "DOWNLOAD"
+}
+
+// RequestDecompress is to request for decompress of archive files
+type RequestDecompress struct {
+	Gcid          string           `json:"gcid,omitempty"`     // same as File.Hash
+	Password      string           `json:"password,omitempty"` // ""
+	FileID        string           `json:"file_id,omitempty"`
+	Files         []*FileInArchive `json:"files,omitempty"` // can request selected files to be decompressed
+	DefaultParent bool             `json:"default_parent,omitempty"`
+}
+
+// ------------------------------------------------------------
+
+// NOT implemented YET
+
+// RequestArchiveFileList is to request for a list of files in archive
+//
+// POST https://api-drive.mypikpak.com/decompress/v1/list
+type RequestArchiveFileList struct {
+	Gcid     string `json:"gcid,omitempty"`     // same as api.File.Hash
+	Path     string `json:"path,omitempty"`     // "" by default
+	Password string `json:"password,omitempty"` // "" by default
+	FileID   string `json:"file_id,omitempty"`
+}
+
+// ArchiveFileList is a response to RequestArchiveFileList
+type ArchiveFileList struct {
+	Status      string           `json:"status,omitempty"`       // "OK"
+	StatusText  string           `json:"status_text,omitempty"`  // ""
+	TaskID      string           `json:"task_id,omitempty"`      // ""
+	CurrentPath string           `json:"current_path,omitempty"` // ""
+	Title       string           `json:"title,omitempty"`
+	FileSize    int64            `json:"file_size,omitempty"`
+	Gcid        string           `json:"gcid,omitempty"` // same as File.Hash
+	Files       []*FileInArchive `json:"files,omitempty"`
+}
diff --git a/backend/pikpak/helper.go b/backend/pikpak/helper.go
new file mode 100644
index 0000000000000..fed140b9807e3
--- /dev/null
+++ b/backend/pikpak/helper.go
@@ -0,0 +1,253 @@
+package pikpak
+
+import (
+	"bytes"
+	"context"
+	"crypto/sha1"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+
+	"github.com/rclone/rclone/backend/pikpak/api"
+	"github.com/rclone/rclone/lib/rest"
+)
+
+// Globals
+const (
+	cachePrefix = "rclone-pikpak-sha1sum-"
+)
+
+// requestDecompress requests decompress of compressed files
+func (f *Fs) requestDecompress(ctx context.Context, file *api.File, password string) (info *api.DecompressResult, err error) {
+	req := &api.RequestDecompress{
+		Gcid:          file.Hash,
+		Password:      password,
+		FileID:        file.ID,
+		Files:         []*api.FileInArchive{},
+		DefaultParent: true,
+	}
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "/decompress/v1/decompress",
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, &req, &info)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	return
+}
+
+// getUserInfo gets UserInfo from API
+func (f *Fs) getUserInfo(ctx context.Context) (info *api.User, err error) {
+	opts := rest.Opts{
+		Method:  "GET",
+		RootURL: "https://user.mypikpak.com/v1/user/me",
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, nil, &info)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get userinfo: %w", err)
+	}
+	return
+}
+
+// getVIPInfo gets VIPInfo from API
+func (f *Fs) getVIPInfo(ctx context.Context) (info *api.VIP, err error) {
+	opts := rest.Opts{
+		Method:  "GET",
+		RootURL: "https://api-drive.mypikpak.com/drive/v1/privilege/vip",
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, nil, &info)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get vip info: %w", err)
+	}
+	return
+}
+
+// requestBatchAction requests batch actions to API
+//
+// action can be one of batch{Copy,Delete,Trash,Untrash}
+func (f *Fs) requestBatchAction(ctx context.Context, action string, req *api.RequestBatch) (err error) {
+	opts := rest.Opts{
+		Method:     "POST",
+		Path:       "/drive/v1/files:" + action,
+		NoResponse: true, // Only returns `{"task_id":""}
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, &req, nil)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return fmt.Errorf("batch action %q failed: %w", action, err)
+	}
+	return nil
+}
+
+// requestNewTask requests a new api.NewTask and returns api.Task
+func (f *Fs) requestNewTask(ctx context.Context, req *api.RequestNewTask) (info *api.Task, err error) {
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "/drive/v1/files",
+	}
+	var newTask api.NewTask
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, &req, &newTask)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, err
+	}
+	return newTask.Task, nil
+}
+
+// requestNewFile requests a new api.NewFile and returns api.File
+func (f *Fs) requestNewFile(ctx context.Context, req *api.RequestNewFile) (info *api.NewFile, err error) {
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "/drive/v1/files",
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, &req, &info)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	return
+}
+
+// getFile gets api.File from API for the ID passed
+// and returns rich information containing additional fields below
+// * web_content_link
+// * thumbnail_link
+// * links
+// * medias
+func (f *Fs) getFile(ctx context.Context, ID string) (info *api.File, err error) {
+	opts := rest.Opts{
+		Method: "GET",
+		Path:   "/drive/v1/files/" + ID,
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, nil, &info)
+		if err == nil && info.Phase != api.PhaseTypeComplete {
+			// could be pending right after file is created/uploaded.
+			return true, errors.New("not PHASE_TYPE_COMPLETE")
+		}
+		return f.shouldRetry(ctx, resp, err)
+	})
+	return
+}
+
+// patchFile updates attributes of the file by ID
+//
+// currently known patchable fields are
+// * name
+func (f *Fs) patchFile(ctx context.Context, ID string, req *api.File) (info *api.File, err error) {
+	opts := rest.Opts{
+		Method: "PATCH",
+		Path:   "/drive/v1/files/" + ID,
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, &req, &info)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	return
+}
+
+// getAbout gets drive#quota information from server
+func (f *Fs) getAbout(ctx context.Context) (info *api.About, err error) {
+	opts := rest.Opts{
+		Method: "GET",
+		Path:   "/drive/v1/about",
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, nil, &info)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	return
+}
+
+// requestShare returns information about ssharable links
+func (f *Fs) requestShare(ctx context.Context, req *api.RequestShare) (info *api.Share, err error) {
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "/drive/v1/share",
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.CallJSON(ctx, &opts, &req, &info)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	return
+}
+
+// Read the sha1 of in returning a reader which will read the same contents
+//
+// The cleanup function should be called when out is finished with
+// regardless of whether this function returned an error or not.
+func readSHA1(in io.Reader, size, threshold int64) (sha1sum string, out io.Reader, cleanup func(), err error) {
+	// we need an SHA1
+	hash := sha1.New()
+	// use the teeReader to write to the local file AND calculate the SHA1 while doing so
+	teeReader := io.TeeReader(in, hash)
+
+	// nothing to clean up by default
+	cleanup = func() {}
+
+	// don't cache small files on disk to reduce wear of the disk
+	if size > threshold {
+		var tempFile *os.File
+
+		// create the cache file
+		tempFile, err = os.CreateTemp("", cachePrefix)
+		if err != nil {
+			return
+		}
+
+		_ = os.Remove(tempFile.Name()) // Delete the file - may not work on Windows
+
+		// clean up the file after we are done downloading
+		cleanup = func() {
+			// the file should normally already be close, but just to make sure
+			_ = tempFile.Close()
+			_ = os.Remove(tempFile.Name()) // delete the cache file after we are done - may be deleted already
+		}
+
+		// copy the ENTIRE file to disc and calculate the SHA1 in the process
+		if _, err = io.Copy(tempFile, teeReader); err != nil {
+			return
+		}
+		// jump to the start of the local file so we can pass it along
+		if _, err = tempFile.Seek(0, 0); err != nil {
+			return
+		}
+
+		// replace the already read source with a reader of our cached file
+		out = tempFile
+	} else {
+		// that's a small file, just read it into memory
+		var inData []byte
+		inData, err = io.ReadAll(teeReader)
+		if err != nil {
+			return
+		}
+
+		// set the reader to our read memory block
+		out = bytes.NewReader(inData)
+	}
+	return hex.EncodeToString(hash.Sum(nil)), out, cleanup, nil
+}
diff --git a/backend/pikpak/pikpak.go b/backend/pikpak/pikpak.go
new file mode 100644
index 0000000000000..7cd5c11178e51
--- /dev/null
+++ b/backend/pikpak/pikpak.go
@@ -0,0 +1,1718 @@
+// Package pikpak provides an interface to the PikPak
+package pikpak
+
+// ------------------------------------------------------------
+// NOTE
+// ------------------------------------------------------------
+
+// md5sum is not always available, sometimes given empty.
+
+// sha1sum used for upload differs from the one with official apps.
+
+// Trashed files are not restored to the original location when using `batchUntrash`
+
+// Can't stream without `--vfs-cache-mode=full`
+
+// ------------------------------------------------------------
+// TODO
+// ------------------------------------------------------------
+
+// * List() with options starred-only
+// * uploadByResumable() with configurable chunk-size
+// * user-configurable list chunk
+// * backend command: untrash, iscached
+// * api(event,task)
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"net/url"
+	"path"
+	"reflect"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3/s3manager"
+	"github.com/rclone/rclone/backend/pikpak/api"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/fs/config"
+	"github.com/rclone/rclone/fs/config/configmap"
+	"github.com/rclone/rclone/fs/config/configstruct"
+	"github.com/rclone/rclone/fs/config/obscure"
+	"github.com/rclone/rclone/fs/fserrors"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/dircache"
+	"github.com/rclone/rclone/lib/encoder"
+	"github.com/rclone/rclone/lib/oauthutil"
+	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/random"
+	"github.com/rclone/rclone/lib/rest"
+	"golang.org/x/oauth2"
+)
+
+// Constants
+const (
+	rcloneClientID              = "YNxT9w7GMdWvEOKa"
+	rcloneEncryptedClientSecret = "aqrmB6M1YJ1DWCBxVxFSjFo7wzWEky494YMmkqgAl1do1WKOe2E"
+	minSleep                    = 10 * time.Millisecond
+	maxSleep                    = 2 * time.Second
+	decayConstant               = 2 // bigger for slower decay, exponential
+	rootURL                     = "https://api-drive.mypikpak.com"
+)
+
+// Globals
+var (
+	// Description of how to auth for this app
+	oauthConfig = &oauth2.Config{
+		Scopes: nil,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:   "https://user.mypikpak.com/v1/auth/signin",
+			TokenURL:  "https://user.mypikpak.com/v1/auth/token",
+			AuthStyle: oauth2.AuthStyleInParams,
+		},
+		ClientID:     rcloneClientID,
+		ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
+		RedirectURL:  oauthutil.RedirectURL,
+	}
+)
+
+// Returns OAuthOptions modified for pikpak
+func pikpakOAuthOptions() []fs.Option {
+	opts := []fs.Option{}
+	for _, opt := range oauthutil.SharedOptions {
+		if opt.Name == config.ConfigClientID {
+			opt.Advanced = true
+		} else if opt.Name == config.ConfigClientSecret {
+			opt.Advanced = true
+		}
+		opts = append(opts, opt)
+	}
+	return opts
+}
+
+// pikpakAutorize retrieves OAuth token using user/pass and save it to rclone.conf
+func pikpakAuthorize(ctx context.Context, opt *Options, name string, m configmap.Mapper) error {
+	// override default client id/secret
+	if id, ok := m.Get("client_id"); ok && id != "" {
+		oauthConfig.ClientID = id
+	}
+	if secret, ok := m.Get("client_secret"); ok && secret != "" {
+		oauthConfig.ClientSecret = secret
+	}
+	pass, err := obscure.Reveal(opt.Password)
+	if err != nil {
+		return fmt.Errorf("failed to decode password - did you obscure it?: %w", err)
+	}
+	t, err := oauthConfig.PasswordCredentialsToken(ctx, opt.Username, pass)
+	if err != nil {
+		return fmt.Errorf("failed to retrieve token using username/password: %w", err)
+	}
+	return oauthutil.PutToken(name, m, t, false)
+}
+
+// Register with Fs
+func init() {
+	fs.Register(&fs.RegInfo{
+		Name:        "pikpak",
+		Description: "PikPak",
+		NewFs:       NewFs,
+		CommandHelp: commandHelp,
+		Config: func(ctx context.Context, name string, m configmap.Mapper, config fs.ConfigIn) (*fs.ConfigOut, error) {
+			// Parse config into Options struct
+			opt := new(Options)
+			err := configstruct.Set(m, opt)
+			if err != nil {
+				return nil, fmt.Errorf("couldn't parse config into struct: %w", err)
+			}
+
+			switch config.State {
+			case "":
+				// Check token exists
+				if _, err := oauthutil.GetToken(name, m); err != nil {
+					return fs.ConfigGoto("authorize")
+				}
+				return fs.ConfigConfirm("authorize_ok", false, "consent_to_authorize", "Re-authorize for new token?")
+			case "authorize_ok":
+				if config.Result == "false" {
+					return nil, nil
+				}
+				return fs.ConfigGoto("authorize")
+			case "authorize":
+				if err := pikpakAuthorize(ctx, opt, name, m); err != nil {
+					return nil, err
+				}
+				return nil, nil
+			}
+			return nil, fmt.Errorf("unknown state %q", config.State)
+		},
+		Options: append(pikpakOAuthOptions(), []fs.Option{{
+			Name:      "user",
+			Help:      "Pikpak username.",
+			Required:  true,
+			Sensitive: true,
+		}, {
+			Name:       "pass",
+			Help:       "Pikpak password.",
+			Required:   true,
+			IsPassword: true,
+		}, {
+			Name: "root_folder_id",
+			Help: `ID of the root folder.
+Leave blank normally.
+
+Fill in for rclone to use a non root folder as its starting point.
+`,
+			Advanced:  true,
+			Sensitive: true,
+		}, {
+			Name:     "use_trash",
+			Default:  true,
+			Help:     "Send files to the trash instead of deleting permanently.\n\nDefaults to true, namely sending files to the trash.\nUse `--pikpak-use-trash=false` to delete files permanently instead.",
+			Advanced: true,
+		}, {
+			Name:     "trashed_only",
+			Default:  false,
+			Help:     "Only show files that are in the trash.\n\nThis will show trashed files in their original directory structure.",
+			Advanced: true,
+		}, {
+			Name:     "hash_memory_limit",
+			Help:     "Files bigger than this will be cached on disk to calculate hash if required.",
+			Default:  fs.SizeSuffix(10 * 1024 * 1024),
+			Advanced: true,
+		}, {
+			Name:     config.ConfigEncoding,
+			Help:     config.ConfigEncodingHelp,
+			Advanced: true,
+			Default: (encoder.EncodeCtl |
+				encoder.EncodeDot |
+				encoder.EncodeBackSlash |
+				encoder.EncodeSlash |
+				encoder.EncodeDoubleQuote |
+				encoder.EncodeAsterisk |
+				encoder.EncodeColon |
+				encoder.EncodeLtGt |
+				encoder.EncodeQuestion |
+				encoder.EncodePipe |
+				encoder.EncodeLeftSpace |
+				encoder.EncodeRightSpace |
+				encoder.EncodeRightPeriod |
+				encoder.EncodeInvalidUtf8),
+		}}...),
+	})
+}
+
+// Options defines the configuration for this backend
+type Options struct {
+	Username            string               `config:"user"`
+	Password            string               `config:"pass"`
+	RootFolderID        string               `config:"root_folder_id"`
+	UseTrash            bool                 `config:"use_trash"`
+	TrashedOnly         bool                 `config:"trashed_only"`
+	HashMemoryThreshold fs.SizeSuffix        `config:"hash_memory_limit"`
+	Enc                 encoder.MultiEncoder `config:"encoding"`
+}
+
+// Fs represents a remote pikpak
+type Fs struct {
+	name         string             // name of this remote
+	root         string             // the path we are working on
+	opt          Options            // parsed options
+	features     *fs.Features       // optional features
+	rst          *rest.Client       // the connection to the server
+	dirCache     *dircache.DirCache // Map of directory path to directory id
+	pacer        *fs.Pacer          // pacer for API calls
+	rootFolderID string             // the id of the root folder
+	client       *http.Client       // authorized client
+	m            configmap.Mapper
+	tokenMu      *sync.Mutex // when renewing tokens
+}
+
+// Object describes a pikpak object
+type Object struct {
+	fs          *Fs       // what this object is part of
+	remote      string    // The remote path
+	hasMetaData bool      // whether info below has been set
+	id          string    // ID of the object
+	size        int64     // size of the object
+	modTime     time.Time // modification time of the object
+	mimeType    string    // The object MIME type
+	parent      string    // ID of the parent directories
+	md5sum      string    // md5sum of the object
+	link        *api.Link // link to download the object
+	linkMu      *sync.Mutex
+}
+
+// ------------------------------------------------------------
+
+// Name of the remote (as passed into NewFs)
+func (f *Fs) Name() string {
+	return f.name
+}
+
+// Root of the remote (as passed into NewFs)
+func (f *Fs) Root() string {
+	return f.root
+}
+
+// String converts this Fs to a string
+func (f *Fs) String() string {
+	return fmt.Sprintf("PikPak root '%s'", f.root)
+}
+
+// Features returns the optional features of this Fs
+func (f *Fs) Features() *fs.Features {
+	return f.features
+}
+
+// Precision return the precision of this Fs
+func (f *Fs) Precision() time.Duration {
+	return fs.ModTimeNotSupported
+	// meaning that the modification times from the backend shouldn't be used for syncing
+	// as they can't be set.
+}
+
+// DirCacheFlush resets the directory cache - used in testing as an
+// optional interface
+func (f *Fs) DirCacheFlush() {
+	f.dirCache.ResetRoot()
+}
+
+// Hashes returns the supported hash sets.
+func (f *Fs) Hashes() hash.Set {
+	return hash.Set(hash.MD5)
+}
+
+// parsePath parses a remote path
+func parsePath(path string) (root string) {
+	root = strings.Trim(path, "/")
+	return
+}
+
+// parentIDForRequest returns ParentId for api requests
+func parentIDForRequest(dirID string) string {
+	if dirID == "root" {
+		return ""
+	}
+	return dirID
+}
+
+// retryErrorCodes is a slice of error codes that we will retry
+var retryErrorCodes = []int{
+	429, // Too Many Requests.
+	500, // Internal Server Error
+	502, // Bad Gateway
+	503, // Service Unavailable
+	504, // Gateway Timeout
+	509, // Bandwidth Limit Exceeded
+}
+
+// reAuthorize re-authorize oAuth token during runtime
+func (f *Fs) reAuthorize(ctx context.Context) (err error) {
+	f.tokenMu.Lock()
+	defer f.tokenMu.Unlock()
+
+	if err := pikpakAuthorize(ctx, &f.opt, f.name, f.m); err != nil {
+		return err
+	}
+	return f.newClientWithPacer(ctx)
+}
+
+// shouldRetry returns a boolean as to whether this resp and err
+// deserve to be retried.  It returns the err as a convenience
+func (f *Fs) shouldRetry(ctx context.Context, resp *http.Response, err error) (bool, error) {
+	if fserrors.ContextError(ctx, &err) {
+		return false, err
+	}
+	if err == nil {
+		return false, nil
+	}
+	if fserrors.ShouldRetry(err) {
+		return true, err
+	}
+	authRetry := false
+
+	// traceback to possible api.Error wrapped in err, and re-authorize if necessary
+	// "unauthenticated" (16): when access_token is invalid, but should be handled by oauthutil
+	var terr *oauth2.RetrieveError
+	if errors.As(err, &terr) {
+		apiErr := new(api.Error)
+		if err := json.Unmarshal(terr.Body, apiErr); err == nil {
+			if apiErr.Reason == "invalid_grant" {
+				// "invalid_grant" (4126): The refresh token is incorrect or expired				//
+				// Invalid refresh token. It may have been refreshed by another process.
+				authRetry = true
+			}
+		}
+	}
+	// Once err was processed by maybeWrapOAuthError() in lib/oauthutil,
+	// the above code is no longer sufficient to handle the 'invalid_grant' error.
+	if strings.Contains(err.Error(), "invalid_grant") {
+		authRetry = true
+	}
+
+	if authRetry {
+		if authErr := f.reAuthorize(ctx); authErr != nil {
+			return false, fserrors.FatalError(authErr)
+		}
+	}
+
+	switch apiErr := err.(type) {
+	case *api.Error:
+		if apiErr.Reason == "file_rename_uncompleted" {
+			// "file_rename_uncompleted" (9): Renaming uncompleted file or folder is not supported
+			// This error occurs when you attempt to rename objects
+			// right after some server-side changes, e.g. DirMove, Move, Copy
+			return true, err
+		} else if apiErr.Reason == "file_duplicated_name" {
+			// "file_duplicated_name" (3): File name cannot be repeated
+			// This error may occur when attempting to rename temp object (newly uploaded)
+			// right after the old one is removed.
+			return true, err
+		} else if apiErr.Reason == "task_daily_create_limit_vip" {
+			// "task_daily_create_limit_vip" (11): Sorry, you have submitted too many tasks and have exceeded the current processing capacity, please try again tomorrow
+			return false, fserrors.FatalError(err)
+		} else if apiErr.Reason == "file_space_not_enough" {
+			// "file_space_not_enough" (8): Storage space is not enough
+			return false, fserrors.FatalError(err)
+		}
+	}
+
+	return authRetry || fserrors.ShouldRetryHTTP(resp, retryErrorCodes), err
+}
+
+// errorHandler parses a non 2xx error response into an error
+func errorHandler(resp *http.Response) error {
+	// Decode error response
+	errResponse := new(api.Error)
+	err := rest.DecodeJSON(resp, &errResponse)
+	if err != nil {
+		fs.Debugf(nil, "Couldn't decode error response: %v", err)
+	}
+	if errResponse.Reason == "" {
+		errResponse.Reason = resp.Status
+	}
+	if errResponse.Code == 0 {
+		errResponse.Code = resp.StatusCode
+	}
+	return errResponse
+}
+
+// newClientWithPacer sets a new http/rest client with a pacer to Fs
+func (f *Fs) newClientWithPacer(ctx context.Context) (err error) {
+	f.client, _, err = oauthutil.NewClient(ctx, f.name, f.m, oauthConfig)
+	if err != nil {
+		return fmt.Errorf("failed to create oauth client: %w", err)
+	}
+	f.rst = rest.NewClient(f.client).SetRoot(rootURL).SetErrorHandler(errorHandler)
+	f.pacer = fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant)))
+	return nil
+}
+
+// newFs partially constructs Fs from the path
+//
+// It constructs a valid Fs but doesn't attempt to figure out whether
+// it is a file or a directory.
+func newFs(ctx context.Context, name, path string, m configmap.Mapper) (*Fs, error) {
+	// Parse config into Options struct
+	opt := new(Options)
+	if err := configstruct.Set(m, opt); err != nil {
+		return nil, err
+	}
+
+	root := parsePath(path)
+
+	f := &Fs{
+		name:    name,
+		root:    root,
+		opt:     *opt,
+		m:       m,
+		tokenMu: new(sync.Mutex),
+	}
+	f.features = (&fs.Features{
+		ReadMimeType:            true, // can read the mime type of objects
+		CanHaveEmptyDirectories: true, // can have empty directories
+		NoMultiThreading:        true, // can't have multiple threads downloading
+	}).Fill(ctx, f)
+
+	if err := f.newClientWithPacer(ctx); err != nil {
+		return nil, err
+	}
+
+	return f, nil
+}
+
+// NewFs constructs an Fs from the path, container:path
+func NewFs(ctx context.Context, name, path string, m configmap.Mapper) (fs.Fs, error) {
+	f, err := newFs(ctx, name, path, m)
+	if err != nil {
+		return nil, err
+	}
+
+	// Set the root folder ID
+	if f.opt.RootFolderID != "" {
+		// use root_folder ID if set
+		f.rootFolderID = f.opt.RootFolderID
+	} else {
+		// pseudo-root
+		f.rootFolderID = "root"
+	}
+
+	f.dirCache = dircache.New(f.root, f.rootFolderID, f)
+
+	// Find the current root
+	err = f.dirCache.FindRoot(ctx, false)
+	if err != nil {
+		// Assume it is a file
+		newRoot, remote := dircache.SplitPath(f.root)
+		tempF := *f
+		tempF.dirCache = dircache.New(newRoot, f.rootFolderID, &tempF)
+		tempF.root = newRoot
+		// Make new Fs which is the parent
+		err = tempF.dirCache.FindRoot(ctx, false)
+		if err != nil {
+			// No root so return old f
+			return f, nil
+		}
+		_, err := tempF.NewObject(ctx, remote)
+		if err != nil {
+			if err == fs.ErrorObjectNotFound {
+				// File doesn't exist so return old f
+				return f, nil
+			}
+			return nil, err
+		}
+		f.features.Fill(ctx, &tempF)
+		// XXX: update the old f here instead of returning tempF, since
+		// `features` were already filled with functions having *f as a receiver.
+		// See https://github.com/rclone/rclone/issues/2182
+		f.dirCache = tempF.dirCache
+		f.root = tempF.root
+		// return an error with an fs which points to the parent
+		return f, fs.ErrorIsFile
+	}
+	return f, nil
+}
+
+// readMetaDataForPath reads the metadata from the path
+func (f *Fs) readMetaDataForPath(ctx context.Context, path string) (info *api.File, err error) {
+	leaf, dirID, err := f.dirCache.FindPath(ctx, path, false)
+	if err != nil {
+		if err == fs.ErrorDirNotFound {
+			return nil, fs.ErrorObjectNotFound
+		}
+		return nil, err
+	}
+
+	// checking whether fileObj with name of leaf exists in dirID
+	trashed := "false"
+	if f.opt.TrashedOnly {
+		trashed = "true"
+	}
+	found, err := f.listAll(ctx, dirID, api.KindOfFile, trashed, func(item *api.File) bool {
+		if item.Name == leaf {
+			info = item
+			return true
+		}
+		return false
+	})
+	if err != nil {
+		return nil, err
+	}
+	if !found {
+		return nil, fs.ErrorObjectNotFound
+	}
+	return info, nil
+}
+
+// Return an Object from a path
+//
+// If it can't be found it returns the error fs.ErrorObjectNotFound.
+func (f *Fs) newObjectWithInfo(ctx context.Context, remote string, info *api.File) (fs.Object, error) {
+	o := &Object{
+		fs:     f,
+		remote: remote,
+		linkMu: new(sync.Mutex),
+	}
+	var err error
+	if info != nil {
+		err = o.setMetaData(info)
+	} else {
+		err = o.readMetaData(ctx) // reads info and meta, returning an error
+	}
+	if err != nil {
+		return nil, err
+	}
+	return o, nil
+}
+
+// NewObject finds the Object at remote.  If it can't be found
+// it returns the error fs.ErrorObjectNotFound.
+func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
+	return f.newObjectWithInfo(ctx, remote, nil)
+}
+
+// FindLeaf finds a directory of name leaf in the folder with ID pathID
+func (f *Fs) FindLeaf(ctx context.Context, pathID, leaf string) (pathIDOut string, found bool, err error) {
+	// Find the leaf in pathID
+	trashed := "false"
+	if f.opt.TrashedOnly {
+		// still need to list folders
+		trashed = ""
+	}
+	found, err = f.listAll(ctx, pathID, api.KindOfFolder, trashed, func(item *api.File) bool {
+		if item.Name == leaf {
+			pathIDOut = item.ID
+			return true
+		}
+		return false
+	})
+	return pathIDOut, found, err
+}
+
+// list the objects into the function supplied
+//
+// If directories is set it only sends directories
+// User function to process a File item from listAll
+//
+// Should return true to finish processing
+type listAllFn func(*api.File) bool
+
+// Lists the directory required calling the user function on each item found
+//
+// If the user fn ever returns true then it early exits with found = true
+func (f *Fs) listAll(ctx context.Context, dirID, kind, trashed string, fn listAllFn) (found bool, err error) {
+	// Url Parameters
+	params := url.Values{}
+	params.Set("thumbnail_size", api.ThumbnailSizeM)
+	params.Set("limit", strconv.Itoa(api.ListLimit))
+	params.Set("with_audit", strconv.FormatBool(true))
+	if parentID := parentIDForRequest(dirID); parentID != "" {
+		params.Set("parent_id", parentID)
+	}
+
+	// Construct filter string
+	filters := &api.Filters{}
+	filters.Set("Phase", "eq", api.PhaseTypeComplete)
+	filters.Set("Trashed", "eq", trashed)
+	filters.Set("Kind", "eq", kind)
+	if filterStr, err := json.Marshal(filters); err == nil {
+		params.Set("filters", string(filterStr))
+	}
+	// fs.Debugf(f, "list params: %v", params)
+
+	opts := rest.Opts{
+		Method:     "GET",
+		Path:       "/drive/v1/files",
+		Parameters: params,
+	}
+
+	pageToken := ""
+OUTER:
+	for {
+		opts.Parameters.Set("page_token", pageToken)
+
+		var info api.FileList
+		var resp *http.Response
+		err = f.pacer.Call(func() (bool, error) {
+			resp, err = f.rst.CallJSON(ctx, &opts, nil, &info)
+			return f.shouldRetry(ctx, resp, err)
+		})
+		if err != nil {
+			return found, fmt.Errorf("couldn't list files: %w", err)
+		}
+		if len(info.Files) == 0 {
+			break
+		}
+		for _, item := range info.Files {
+			item.Name = f.opt.Enc.ToStandardName(item.Name)
+			if fn(item) {
+				found = true
+				break OUTER
+			}
+		}
+		if info.NextPageToken == "" {
+			break
+		}
+		pageToken = info.NextPageToken
+	}
+	return
+}
+
+// itemToDirEntry converts a api.File to an fs.DirEntry.
+// When the api.File cannot be represented as an fs.DirEntry
+// (nil, nil) is returned.
+func (f *Fs) itemToDirEntry(ctx context.Context, remote string, item *api.File) (entry fs.DirEntry, err error) {
+	switch {
+	case item.Kind == api.KindOfFolder:
+		// cache the directory ID for later lookups
+		f.dirCache.Put(remote, item.ID)
+		d := fs.NewDir(remote, time.Time(item.ModifiedTime)).SetID(item.ID)
+		if item.ParentID == "" {
+			d.SetParentID("root")
+		} else {
+			d.SetParentID(item.ParentID)
+		}
+		return d, nil
+	case f.opt.TrashedOnly && !item.Trashed:
+		// ignore object
+	default:
+		entry, err = f.newObjectWithInfo(ctx, remote, item)
+		if err == fs.ErrorObjectNotFound {
+			return nil, nil
+		}
+		return entry, err
+	}
+	return nil, nil
+}
+
+// List the objects and directories in dir into entries. The
+// entries can be returned in any order but should be for a
+// complete directory.
+//
+// dir should be "" to list the root, and should not have
+// trailing slashes.
+//
+// This should return ErrDirNotFound if the directory isn't
+// found.
+func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error) {
+	// fs.Debugf(f, "List(%q)\n", dir)
+	dirID, err := f.dirCache.FindDir(ctx, dir, false)
+	if err != nil {
+		return nil, err
+	}
+	var iErr error
+	trashed := "false"
+	if f.opt.TrashedOnly {
+		// still need to list folders
+		trashed = ""
+	}
+	_, err = f.listAll(ctx, dirID, "", trashed, func(item *api.File) bool {
+		entry, err := f.itemToDirEntry(ctx, path.Join(dir, item.Name), item)
+		if err != nil {
+			iErr = err
+			return true
+		}
+		if entry != nil {
+			entries = append(entries, entry)
+		}
+		return false
+	})
+	if err != nil {
+		return nil, err
+	}
+	if iErr != nil {
+		return nil, iErr
+	}
+	return entries, nil
+}
+
+// CreateDir makes a directory with pathID as parent and name leaf
+func (f *Fs) CreateDir(ctx context.Context, pathID, leaf string) (newID string, err error) {
+	// fs.Debugf(f, "CreateDir(%q, %q)\n", pathID, leaf)
+	req := api.RequestNewFile{
+		Name:     f.opt.Enc.FromStandardName(leaf),
+		Kind:     api.KindOfFolder,
+		ParentID: parentIDForRequest(pathID),
+	}
+	info, err := f.requestNewFile(ctx, &req)
+	if err != nil {
+		return "", err
+	}
+	return info.File.ID, nil
+}
+
+// Mkdir creates the container if it doesn't exist
+func (f *Fs) Mkdir(ctx context.Context, dir string) error {
+	_, err := f.dirCache.FindDir(ctx, dir, true)
+	return err
+}
+
+// About gets quota information
+func (f *Fs) About(ctx context.Context) (usage *fs.Usage, err error) {
+	info, err := f.getAbout(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get drive quota: %w", err)
+	}
+	q := info.Quota
+	usage = &fs.Usage{
+		Used: fs.NewUsageValue(q.Usage), // bytes in use
+		// Trashed: fs.NewUsageValue(q.UsageInTrash), // bytes in trash but this seems not working
+	}
+	if q.Limit > 0 {
+		usage.Total = fs.NewUsageValue(q.Limit)          // quota of bytes that can be used
+		usage.Free = fs.NewUsageValue(q.Limit - q.Usage) // bytes which can be uploaded before reaching the quota
+	}
+	return usage, nil
+}
+
+// PublicLink adds a "readable by anyone with link" permission on the given file or folder.
+func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration, unlink bool) (string, error) {
+	id, err := f.dirCache.FindDir(ctx, remote, false)
+	if err == nil {
+		fs.Debugf(f, "attempting to share directory '%s'", remote)
+	} else {
+		fs.Debugf(f, "attempting to share single file '%s'", remote)
+		o, err := f.NewObject(ctx, remote)
+		if err != nil {
+			return "", err
+		}
+		id = o.(*Object).id
+	}
+	expiry := -1
+	if expire < fs.DurationOff {
+		expiry = int(math.Ceil(time.Duration(expire).Hours() / 24))
+	}
+	req := api.RequestShare{
+		FileIds:        []string{id},
+		ShareTo:        "publiclink",
+		ExpirationDays: expiry,
+		PassCodeOption: "NOT_REQUIRED",
+	}
+	info, err := f.requestShare(ctx, &req)
+	if err != nil {
+		return "", err
+	}
+	return info.ShareURL, err
+}
+
+// delete a file or directory by ID w/o using trash
+func (f *Fs) deleteObjects(ctx context.Context, IDs []string, useTrash bool) (err error) {
+	if len(IDs) == 0 {
+		return nil
+	}
+	action := "batchDelete"
+	if useTrash {
+		action = "batchTrash"
+	}
+	req := api.RequestBatch{
+		Ids: IDs,
+	}
+	if err := f.requestBatchAction(ctx, action, &req); err != nil {
+		return fmt.Errorf("delete object failed: %w", err)
+	}
+	return nil
+}
+
+// purgeCheck removes the root directory, if check is set then it
+// refuses to do so if it has anything in
+func (f *Fs) purgeCheck(ctx context.Context, dir string, check bool) error {
+	root := path.Join(f.root, dir)
+	if root == "" {
+		return errors.New("can't purge root directory")
+	}
+	rootID, err := f.dirCache.FindDir(ctx, dir, false)
+	if err != nil {
+		return err
+	}
+
+	var trashedFiles = false
+	if check {
+		found, err := f.listAll(ctx, rootID, "", "", func(item *api.File) bool {
+			if !item.Trashed {
+				fs.Debugf(dir, "Rmdir: contains file: %q", item.Name)
+				return true
+			}
+			fs.Debugf(dir, "Rmdir: contains trashed file: %q", item.Name)
+			trashedFiles = true
+			return false
+		})
+		if err != nil {
+			return err
+		}
+		if found {
+			return fs.ErrorDirectoryNotEmpty
+		}
+	}
+	if root != "" {
+		// trash the directory if it had trashed files
+		// in or the user wants to trash, otherwise
+		// delete it.
+		err = f.deleteObjects(ctx, []string{rootID}, trashedFiles || f.opt.UseTrash)
+		if err != nil {
+			return err
+		}
+	} else if check {
+		return errors.New("can't purge root directory")
+	}
+	f.dirCache.FlushDir(dir)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Rmdir deletes the root folder
+//
+// Returns an error if it isn't empty
+func (f *Fs) Rmdir(ctx context.Context, dir string) error {
+	return f.purgeCheck(ctx, dir, true)
+}
+
+// Purge deletes all the files and the container
+//
+// Optional interface: Only implement this if you have a way of
+// deleting all the files quicker than just running Remove() on the
+// result of List()
+func (f *Fs) Purge(ctx context.Context, dir string) error {
+	return f.purgeCheck(ctx, dir, false)
+}
+
+// CleanUp empties the trash
+func (f *Fs) CleanUp(ctx context.Context) (err error) {
+	opts := rest.Opts{
+		Method:     "PATCH",
+		Path:       "/drive/v1/files/trash:empty",
+		NoResponse: true, // Only returns `{"task_id":""}
+	}
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.rst.Call(ctx, &opts)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return fmt.Errorf("couldn't empty trash: %w", err)
+	}
+	return nil
+}
+
+// Move the object
+func (f *Fs) moveObjects(ctx context.Context, IDs []string, dirID string) (err error) {
+	if len(IDs) == 0 {
+		return nil
+	}
+	req := api.RequestBatch{
+		Ids: IDs,
+		To:  map[string]string{"parent_id": parentIDForRequest(dirID)},
+	}
+	if err := f.requestBatchAction(ctx, "batchMove", &req); err != nil {
+		return fmt.Errorf("move object failed: %w", err)
+	}
+	return nil
+}
+
+// renames the object
+func (f *Fs) renameObject(ctx context.Context, ID, newName string) (info *api.File, err error) {
+	req := api.File{
+		Name: f.opt.Enc.FromStandardName(newName),
+	}
+	info, err = f.patchFile(ctx, ID, &req)
+	if err != nil {
+		return nil, fmt.Errorf("rename object failed: %w", err)
+	}
+	return
+}
+
+// DirMove moves src, srcRemote to this remote at dstRemote
+// using server-side move operations.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantDirMove
+//
+// If destination exists then return fs.ErrorDirExists
+func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string) error {
+	srcFs, ok := src.(*Fs)
+	if !ok {
+		fs.Debugf(srcFs, "Can't move directory - not same remote type")
+		return fs.ErrorCantDirMove
+	}
+
+	srcID, srcParentID, srcLeaf, dstParentID, dstLeaf, err := f.dirCache.DirMove(ctx, srcFs.dirCache, srcFs.root, srcRemote, f.root, dstRemote)
+	if err != nil {
+		return err
+	}
+
+	if srcParentID != dstParentID {
+		// Do the move
+		err = f.moveObjects(ctx, []string{srcID}, dstParentID)
+		if err != nil {
+			return fmt.Errorf("couldn't dir move: %w", err)
+		}
+	}
+
+	// Can't copy and change name in one step so we have to check if we have
+	// the correct name after copy
+	if srcLeaf != dstLeaf {
+		_, err = f.renameObject(ctx, srcID, dstLeaf)
+		if err != nil {
+			return fmt.Errorf("dirmove: couldn't rename moved dir: %w", err)
+		}
+	}
+	srcFs.dirCache.FlushDir(srcRemote)
+	return nil
+}
+
+// Creates from the parameters passed in a half finished Object which
+// must have setMetaData called on it
+//
+// Returns the object, leaf, dirID and error.
+//
+// Used to create new objects
+func (f *Fs) createObject(ctx context.Context, remote string, modTime time.Time, size int64) (o *Object, leaf string, dirID string, err error) {
+	// Create the directory for the object if it doesn't exist
+	leaf, dirID, err = f.dirCache.FindPath(ctx, remote, true)
+	if err != nil {
+		return
+	}
+	// Temporary Object under construction
+	o = &Object{
+		fs:      f,
+		remote:  remote,
+		size:    size,
+		modTime: modTime,
+		linkMu:  new(sync.Mutex),
+	}
+	return o, leaf, dirID, nil
+}
+
+// Move src to this remote using server-side move operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantMove
+func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't move - not same remote type")
+		return nil, fs.ErrorCantMove
+	}
+	err := srcObj.readMetaData(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	srcLeaf, srcParentID, err := srcObj.fs.dirCache.FindPath(ctx, srcObj.remote, false)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create temporary object
+	dstObj, dstLeaf, dstParentID, err := f.createObject(ctx, remote, srcObj.modTime, srcObj.size)
+	if err != nil {
+		return nil, err
+	}
+
+	if srcParentID != dstParentID {
+		// Do the move
+		if err = f.moveObjects(ctx, []string{srcObj.id}, dstParentID); err != nil {
+			return nil, err
+		}
+	}
+	dstObj.id = srcObj.id
+
+	var info *api.File
+	if srcLeaf != dstLeaf {
+		// Rename
+		info, err = f.renameObject(ctx, srcObj.id, dstLeaf)
+		if err != nil {
+			return nil, fmt.Errorf("move: couldn't rename moved file: %w", err)
+		}
+	} else {
+		// Update info
+		info, err = f.getFile(ctx, dstObj.id)
+		if err != nil {
+			return nil, fmt.Errorf("move: couldn't update moved file: %w", err)
+		}
+	}
+	return dstObj, dstObj.setMetaData(info)
+}
+
+// copy objects
+func (f *Fs) copyObjects(ctx context.Context, IDs []string, dirID string) (err error) {
+	if len(IDs) == 0 {
+		return nil
+	}
+	req := api.RequestBatch{
+		Ids: IDs,
+		To:  map[string]string{"parent_id": parentIDForRequest(dirID)},
+	}
+	if err := f.requestBatchAction(ctx, "batchCopy", &req); err != nil {
+		return fmt.Errorf("copy object failed: %w", err)
+	}
+	return nil
+}
+
+// Copy src to this remote using server side copy operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantCopy
+func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't copy - not same remote type")
+		return nil, fs.ErrorCantCopy
+	}
+	err := srcObj.readMetaData(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create temporary object
+	dstObj, dstLeaf, dstParentID, err := f.createObject(ctx, remote, srcObj.modTime, srcObj.size)
+	if err != nil {
+		return nil, err
+	}
+	if srcObj.parent == dstParentID {
+		// api restriction
+		fs.Debugf(src, "Can't copy - same parent")
+		return nil, fs.ErrorCantCopy
+	}
+	// Copy the object
+	if err := f.copyObjects(ctx, []string{srcObj.id}, dstParentID); err != nil {
+		return nil, fmt.Errorf("couldn't copy file: %w", err)
+	}
+
+	// Can't copy and change name in one step so we have to check if we have
+	// the correct name after copy
+	srcLeaf, _, err := srcObj.fs.dirCache.FindPath(ctx, srcObj.remote, false)
+	if err != nil {
+		return nil, err
+	}
+
+	if srcLeaf != dstLeaf {
+		// Rename
+		info, err := f.renameObject(ctx, dstObj.id, dstLeaf)
+		if err != nil {
+			return nil, fmt.Errorf("copy: couldn't rename copied file: %w", err)
+		}
+		err = dstObj.setMetaData(info)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		// Update info
+		err = dstObj.readMetaData(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("copy: couldn't locate copied file: %w", err)
+		}
+	}
+	return dstObj, nil
+}
+
+func (f *Fs) uploadByForm(ctx context.Context, in io.Reader, name string, size int64, form *api.Form, options ...fs.OpenOption) (err error) {
+	// struct to map. transferring values from MultParts to url parameter
+	params := url.Values{}
+	iVal := reflect.ValueOf(&form.MultiParts).Elem()
+	iTyp := iVal.Type()
+	for i := 0; i < iVal.NumField(); i++ {
+		params.Set(iTyp.Field(i).Tag.Get("json"), iVal.Field(i).String())
+	}
+	formReader, contentType, overhead, err := rest.MultipartUpload(ctx, in, params, "file", name)
+	if err != nil {
+		return fmt.Errorf("failed to make multipart upload: %w", err)
+	}
+
+	contentLength := overhead + size
+	opts := rest.Opts{
+		Method:           form.Method,
+		RootURL:          form.URL,
+		Body:             formReader,
+		ContentType:      contentType,
+		ContentLength:    &contentLength,
+		Options:          options,
+		TransferEncoding: []string{"identity"},
+		NoResponse:       true,
+	}
+
+	var resp *http.Response
+	err = f.pacer.CallNoRetry(func() (bool, error) {
+		resp, err = f.rst.Call(ctx, &opts)
+		return f.shouldRetry(ctx, resp, err)
+	})
+	return
+}
+
+func (f *Fs) uploadByResumable(ctx context.Context, in io.Reader, resumable *api.Resumable, options ...fs.OpenOption) (err error) {
+	p := resumable.Params
+	endpoint := strings.Join(strings.Split(p.Endpoint, ".")[1:], ".") // "mypikpak.com"
+
+	cfg := &aws.Config{
+		Credentials: credentials.NewStaticCredentials(p.AccessKeyID, p.AccessKeySecret, p.SecurityToken),
+		Region:      aws.String("pikpak"),
+		Endpoint:    &endpoint,
+	}
+	sess, err := session.NewSession(cfg)
+	if err != nil {
+		return
+	}
+
+	uploader := s3manager.NewUploader(sess)
+	// Upload input parameters
+	uParams := &s3manager.UploadInput{
+		Bucket: &p.Bucket,
+		Key:    &p.Key,
+		Body:   in,
+	}
+	// Perform upload with options different than the those in the Uploader.
+	_, err = uploader.UploadWithContext(ctx, uParams, func(u *s3manager.Uploader) {
+		// TODO can be user-configurable
+		u.PartSize = 10 * 1024 * 1024 // 10MB part size
+	})
+	return
+}
+
+func (f *Fs) upload(ctx context.Context, in io.Reader, leaf, dirID, sha1Str string, size int64, options ...fs.OpenOption) (*api.File, error) {
+	// determine upload type
+	uploadType := api.UploadTypeResumable
+	if size >= 0 && size < int64(5*fs.Mebi) {
+		uploadType = api.UploadTypeForm
+	}
+
+	// request upload ticket to API
+	req := api.RequestNewFile{
+		Kind:       api.KindOfFile,
+		Name:       f.opt.Enc.FromStandardName(leaf),
+		ParentID:   parentIDForRequest(dirID),
+		FolderType: "NORMAL",
+		Size:       size,
+		Hash:       strings.ToUpper(sha1Str),
+		UploadType: uploadType,
+	}
+	if uploadType == api.UploadTypeResumable {
+		req.Resumable = map[string]string{"provider": "PROVIDER_ALIYUN"}
+	}
+	newfile, err := f.requestNewFile(ctx, &req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create a new file: %w", err)
+	}
+	if newfile.File == nil {
+		return nil, fmt.Errorf("invalid response: %+v", newfile)
+	} else if newfile.File.Phase == api.PhaseTypeComplete {
+		// early return; in case of zero-byte objects
+		return newfile.File, nil
+	}
+
+	if uploadType == api.UploadTypeForm && newfile.Form != nil {
+		err = f.uploadByForm(ctx, in, req.Name, size, newfile.Form, options...)
+	} else if uploadType == api.UploadTypeResumable && newfile.Resumable != nil {
+		err = f.uploadByResumable(ctx, in, newfile.Resumable, options...)
+	} else {
+		return nil, fmt.Errorf("unable to proceed upload: %+v", newfile)
+	}
+
+	if err != nil {
+		return nil, fmt.Errorf("failed to upload: %w", err)
+	}
+	// refresh uploaded file info
+	// Compared to `newfile.File` this upgrades several fields...
+	// audit, links, modified_time, phase, revision, and web_content_link
+	return f.getFile(ctx, newfile.File.ID)
+}
+
+// Put the object
+//
+// Copy the reader in to the new object which is returned.
+//
+// The new object may have been created if an error is returned
+func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	existingObj, err := f.NewObject(ctx, src.Remote())
+	switch err {
+	case nil:
+		return existingObj, existingObj.Update(ctx, in, src, options...)
+	case fs.ErrorObjectNotFound:
+		// Not found so create it
+		newObj := &Object{
+			fs:     f,
+			remote: src.Remote(),
+			linkMu: new(sync.Mutex),
+		}
+		return newObj, newObj.upload(ctx, in, src, false, options...)
+	default:
+		return nil, err
+	}
+}
+
+// UserInfo fetches info about the current user
+func (f *Fs) UserInfo(ctx context.Context) (userInfo map[string]string, err error) {
+	user, err := f.getUserInfo(ctx)
+	if err != nil {
+		return nil, err
+	}
+	userInfo = map[string]string{
+		"Id":                user.Sub,
+		"Username":          user.Name,
+		"Email":             user.Email,
+		"PhoneNumber":       user.PhoneNumber,
+		"Password":          user.Password,
+		"Status":            user.Status,
+		"CreatedAt":         time.Time(user.CreatedAt).String(),
+		"PasswordUpdatedAt": time.Time(user.PasswordUpdatedAt).String(),
+	}
+	if vip, err := f.getVIPInfo(ctx); err == nil && vip.Result == "ACCEPTED" {
+		userInfo["VIPExpiresAt"] = time.Time(vip.Data.Expire).String()
+		userInfo["VIPStatus"] = vip.Data.Status
+		userInfo["VIPType"] = vip.Data.Type
+	}
+	return userInfo, nil
+}
+
+// ------------------------------------------------------------
+
+// add offline download task for url
+func (f *Fs) addURL(ctx context.Context, url, path string) (*api.Task, error) {
+	req := api.RequestNewTask{
+		Kind:       api.KindOfFile,
+		UploadType: "UPLOAD_TYPE_URL",
+		URL: &api.URL{
+			URL: url,
+		},
+		FolderType: "DOWNLOAD",
+	}
+	if parentID, err := f.dirCache.FindDir(ctx, path, false); err == nil {
+		req.ParentID = parentIDForRequest(parentID)
+		req.FolderType = ""
+	}
+	return f.requestNewTask(ctx, &req)
+}
+
+type decompressDirResult struct {
+	Decompressed  int
+	SourceDeleted int
+	Errors        int
+}
+
+func (r decompressDirResult) Error() string {
+	return fmt.Sprintf("%d error(s) while decompressing - see log", r.Errors)
+}
+
+// decompress file/files in a directory of an ID
+func (f *Fs) decompressDir(ctx context.Context, filename, id, password string, srcDelete bool) (r decompressDirResult, err error) {
+	_, err = f.listAll(ctx, id, api.KindOfFile, "false", func(item *api.File) bool {
+		if item.MimeType == "application/zip" || item.MimeType == "application/x-7z-compressed" || item.MimeType == "application/x-rar-compressed" {
+			if filename == "" || filename == item.Name {
+				res, err := f.requestDecompress(ctx, item, password)
+				if err != nil {
+					err = fmt.Errorf("unexpected error while requesting decompress of %q: %w", item.Name, err)
+					r.Errors++
+					fs.Errorf(f, "%v", err)
+				} else if res.Status != "OK" {
+					r.Errors++
+					fs.Errorf(f, "%q: %d files: %s", item.Name, res.FilesNum, res.Status)
+				} else {
+					r.Decompressed++
+					fs.Infof(f, "%q: %d files: %s", item.Name, res.FilesNum, res.Status)
+					if srcDelete {
+						derr := f.deleteObjects(ctx, []string{item.ID}, f.opt.UseTrash)
+						if derr != nil {
+							derr = fmt.Errorf("failed to delete %q: %w", item.Name, derr)
+							r.Errors++
+							fs.Errorf(f, "%v", derr)
+						} else {
+							r.SourceDeleted++
+						}
+					}
+				}
+			}
+		}
+		return false
+	})
+	if err != nil {
+		err = fmt.Errorf("couldn't list files to decompress: %w", err)
+		r.Errors++
+		fs.Errorf(f, "%v", err)
+	}
+	if r.Errors != 0 {
+		return r, r
+	}
+	return r, nil
+}
+
+var commandHelp = []fs.CommandHelp{{
+	Name:  "addurl",
+	Short: "Add offline download task for url",
+	Long: `This command adds offline download task for url.
+
+Usage:
+
+    rclone backend addurl pikpak:dirpath url
+
+Downloads will be stored in 'dirpath'. If 'dirpath' is invalid, 
+download will fallback to default 'My Pack' folder.
+`,
+}, {
+	Name:  "decompress",
+	Short: "Request decompress of a file/files in a folder",
+	Long: `This command requests decompress of file/files in a folder.
+
+Usage:
+
+    rclone backend decompress pikpak:dirpath {filename} -o password=password
+    rclone backend decompress pikpak:dirpath {filename} -o delete-src-file
+
+An optional argument 'filename' can be specified for a file located in 
+'pikpak:dirpath'. You may want to pass '-o password=password' for a 
+password-protected files. Also, pass '-o delete-src-file' to delete 
+source files after decompression finished.
+
+Result:
+
+    {
+        "Decompressed": 17,
+        "SourceDeleted": 0,
+        "Errors": 0
+    }
+`,
+}}
+
+// Command the backend to run a named command
+//
+// The command run is name
+// args may be used to read arguments from
+// opts may be used to read optional arguments from
+//
+// The result should be capable of being JSON encoded
+// If it is a string or a []string it will be shown to the user
+// otherwise it will be JSON encoded and shown to the user like that
+func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error) {
+	switch name {
+	case "addurl":
+		if len(arg) != 1 {
+			return nil, errors.New("need exactly 1 argument")
+		}
+		return f.addURL(ctx, arg[0], "")
+	case "decompress":
+		filename := ""
+		if len(arg) > 0 {
+			filename = arg[0]
+		}
+		id, err := f.dirCache.FindDir(ctx, "", false)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get an ID of dirpath: %w", err)
+		}
+		password := ""
+		if pass, ok := opt["password"]; ok {
+			password = pass
+		}
+		_, srcDelete := opt["delete-src-file"]
+		return f.decompressDir(ctx, filename, id, password, srcDelete)
+	default:
+		return nil, fs.ErrorCommandNotFound
+	}
+}
+
+// ------------------------------------------------------------
+
+// parseFileID gets fid parameter from url query
+func parseFileID(s string) string {
+	if u, err := url.Parse(s); err == nil {
+		if q, err := url.ParseQuery(u.RawQuery); err == nil {
+			return q.Get("fid")
+		}
+	}
+	return ""
+}
+
+// setMetaData sets the metadata from info
+func (o *Object) setMetaData(info *api.File) (err error) {
+	if info.Kind == api.KindOfFolder {
+		return fs.ErrorIsDir
+	}
+	if info.Kind != api.KindOfFile {
+		return fmt.Errorf("%q is %q: %w", o.remote, info.Kind, fs.ErrorNotAFile)
+	}
+	o.hasMetaData = true
+	o.id = info.ID
+	o.size = info.Size
+	o.modTime = time.Time(info.ModifiedTime)
+	o.mimeType = info.MimeType
+	if info.ParentID == "" {
+		o.parent = "root"
+	} else {
+		o.parent = info.ParentID
+	}
+	o.md5sum = info.Md5Checksum
+	if info.Links.ApplicationOctetStream != nil {
+		o.link = info.Links.ApplicationOctetStream
+		if fid := parseFileID(o.link.URL); fid != "" {
+			for mid, media := range info.Medias {
+				if media.Link == nil {
+					continue
+				}
+				if mfid := parseFileID(media.Link.URL); fid == mfid {
+					fs.Debugf(o, "Using a media link from Medias[%d]", mid)
+					o.link = media.Link
+					break
+				}
+			}
+		}
+	}
+	return nil
+}
+
+// setMetaDataWithLink ensures a link for opening an object
+func (o *Object) setMetaDataWithLink(ctx context.Context) error {
+	o.linkMu.Lock()
+	defer o.linkMu.Unlock()
+
+	// check if the current link is valid
+	if o.link.Valid() {
+		return nil
+	}
+
+	// fetch download link with retry scheme
+	// 1 initial attempt and 2 retries are reasonable based on empirical analysis
+	retries := 2
+	for i := 1; i <= retries+1; i++ {
+		info, err := o.fs.getFile(ctx, o.id)
+		if err != nil {
+			return fmt.Errorf("can't fetch download link: %w", err)
+		}
+		if err = o.setMetaData(info); err == nil && o.link.Valid() {
+			return nil
+		}
+		if i <= retries {
+			time.Sleep(time.Duration(200*i) * time.Millisecond)
+		}
+	}
+	return errors.New("can't download - no link to download")
+}
+
+// readMetaData gets the metadata if it hasn't already been fetched
+//
+// it also sets the info
+func (o *Object) readMetaData(ctx context.Context) (err error) {
+	if o.hasMetaData {
+		return nil
+	}
+	info, err := o.fs.readMetaDataForPath(ctx, o.remote)
+	if err != nil {
+		return err
+	}
+	return o.setMetaData(info)
+}
+
+// Fs returns the parent Fs
+func (o *Object) Fs() fs.Info {
+	return o.fs
+}
+
+// Return a string version
+func (o *Object) String() string {
+	if o == nil {
+		return "<nil>"
+	}
+	return o.remote
+}
+
+// Remote returns the remote path
+func (o *Object) Remote() string {
+	return o.remote
+}
+
+// Hash returns the Md5sum of an object returning a lowercase hex string
+func (o *Object) Hash(ctx context.Context, t hash.Type) (string, error) {
+	if t != hash.MD5 {
+		return "", hash.ErrUnsupported
+	}
+	if o.md5sum == "" {
+		return "", nil
+	}
+	return strings.ToLower(o.md5sum), nil
+}
+
+// Size returns the size of an object in bytes
+func (o *Object) Size() int64 {
+	err := o.readMetaData(context.TODO())
+	if err != nil {
+		fs.Logf(o, "Failed to read metadata: %v", err)
+		return 0
+	}
+	return o.size
+}
+
+// MimeType of an Object if known, "" otherwise
+func (o *Object) MimeType(ctx context.Context) string {
+	return o.mimeType
+}
+
+// ID returns the ID of the Object if known, or "" if not
+func (o *Object) ID() string {
+	return o.id
+}
+
+// ParentID returns the ID of the Object parent if known, or "" if not
+func (o *Object) ParentID() string {
+	return o.parent
+}
+
+// ModTime returns the modification time of the object
+func (o *Object) ModTime(ctx context.Context) time.Time {
+	err := o.readMetaData(ctx)
+	if err != nil {
+		fs.Logf(o, "Failed to read metadata: %v", err)
+		return time.Now()
+	}
+	return o.modTime
+}
+
+// SetModTime sets the modification time of the local fs object
+func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error {
+	return fs.ErrorCantSetModTime
+}
+
+// Storable returns a boolean showing whether this object storable
+func (o *Object) Storable() bool {
+	return true
+}
+
+// Remove an object
+func (o *Object) Remove(ctx context.Context) error {
+	return o.fs.deleteObjects(ctx, []string{o.id}, o.fs.opt.UseTrash)
+}
+
+// httpResponse gets an http.Response object for the object
+// using the url and method passed in
+func (o *Object) httpResponse(ctx context.Context, url, method string, options []fs.OpenOption) (res *http.Response, err error) {
+	if url == "" {
+		return nil, errors.New("forbidden to download - check sharing permission")
+	}
+	req, err := http.NewRequestWithContext(ctx, method, url, nil)
+	if err != nil {
+		return nil, err
+	}
+	fs.FixRangeOption(options, o.size)
+	fs.OpenOptionAddHTTPHeaders(req.Header, options)
+	if o.size == 0 {
+		// Don't supply range requests for 0 length objects as they always fail
+		delete(req.Header, "Range")
+	}
+	err = o.fs.pacer.Call(func() (bool, error) {
+		res, err = o.fs.client.Do(req)
+		return o.fs.shouldRetry(ctx, res, err)
+	})
+	if err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+// open a url for reading
+func (o *Object) open(ctx context.Context, url string, options ...fs.OpenOption) (in io.ReadCloser, err error) {
+	res, err := o.httpResponse(ctx, url, "GET", options)
+	if err != nil {
+		return nil, fmt.Errorf("open file failed: %w", err)
+	}
+	return res.Body, nil
+}
+
+// Open an object for read
+func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.ReadCloser, err error) {
+	if o.id == "" {
+		return nil, errors.New("can't download - no id")
+	}
+	if o.size == 0 {
+		// zero-byte objects may have no download link
+		return io.NopCloser(bytes.NewBuffer([]byte(nil))), nil
+	}
+	if err = o.setMetaDataWithLink(ctx); err != nil {
+		return nil, err
+	}
+	return o.open(ctx, o.link.URL, options...)
+}
+
+// Update the object with the contents of the io.Reader, modTime and size
+//
+// If existing is set then it updates the object rather than creating a new one.
+//
+// The new object may have been created if an error is returned
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
+	return o.upload(ctx, in, src, true, options...)
+}
+
+// upload uploads the object with or without using a temporary file name
+func (o *Object) upload(ctx context.Context, in io.Reader, src fs.ObjectInfo, withTemp bool, options ...fs.OpenOption) (err error) {
+	size := src.Size()
+	remote := o.Remote()
+
+	// Create the directory for the object if it doesn't exist
+	leaf, dirID, err := o.fs.dirCache.FindPath(ctx, remote, true)
+	if err != nil {
+		return err
+	}
+
+	// Calculate sha1sum; grabbed from package jottacloud
+	hashStr, err := src.Hash(ctx, hash.SHA1)
+	if err != nil || hashStr == "" {
+		// unwrap the accounting from the input, we use wrap to put it
+		// back on after the buffering
+		var wrap accounting.WrapFn
+		in, wrap = accounting.UnWrap(in)
+		var cleanup func()
+		hashStr, in, cleanup, err = readSHA1(in, size, int64(o.fs.opt.HashMemoryThreshold))
+		defer cleanup()
+		if err != nil {
+			return fmt.Errorf("failed to calculate SHA1: %w", err)
+		}
+		// Wrap the accounting back onto the stream
+		in = wrap(in)
+	}
+
+	if !withTemp {
+		info, err := o.fs.upload(ctx, in, leaf, dirID, hashStr, size, options...)
+		if err != nil {
+			return err
+		}
+		return o.setMetaData(info)
+	}
+
+	// We have to fall back to upload + rename
+	tempName := "rcloneTemp" + random.String(8)
+	info, err := o.fs.upload(ctx, in, tempName, dirID, hashStr, size, options...)
+	if err != nil {
+		return err
+	}
+
+	// upload was successful, need to delete old object before rename
+	if err = o.Remove(ctx); err != nil {
+		return fmt.Errorf("failed to remove old object: %w", err)
+	}
+
+	// rename also updates metadata
+	if info, err = o.fs.renameObject(ctx, info.ID, leaf); err != nil {
+		return fmt.Errorf("failed to rename temp object: %w", err)
+	}
+	return o.setMetaData(info)
+}
+
+// Check the interfaces are satisfied
+var (
+	// _ fs.ListRer         = (*Fs)(nil)
+	// _ fs.ChangeNotifier  = (*Fs)(nil)
+	// _ fs.PutStreamer     = (*Fs)(nil)
+	_ fs.Fs              = (*Fs)(nil)
+	_ fs.Purger          = (*Fs)(nil)
+	_ fs.CleanUpper      = (*Fs)(nil)
+	_ fs.Copier          = (*Fs)(nil)
+	_ fs.Mover           = (*Fs)(nil)
+	_ fs.DirMover        = (*Fs)(nil)
+	_ fs.Commander       = (*Fs)(nil)
+	_ fs.DirCacheFlusher = (*Fs)(nil)
+	_ fs.PublicLinker    = (*Fs)(nil)
+	_ fs.Abouter         = (*Fs)(nil)
+	_ fs.UserInfoer      = (*Fs)(nil)
+	_ fs.Object          = (*Object)(nil)
+	_ fs.MimeTyper       = (*Object)(nil)
+	_ fs.IDer            = (*Object)(nil)
+	_ fs.ParentIDer      = (*Object)(nil)
+)
diff --git a/backend/pikpak/pikpak_test.go b/backend/pikpak/pikpak_test.go
new file mode 100644
index 0000000000000..cbc97589e6515
--- /dev/null
+++ b/backend/pikpak/pikpak_test.go
@@ -0,0 +1,17 @@
+// Test PikPak filesystem interface
+package pikpak_test
+
+import (
+	"testing"
+
+	"github.com/rclone/rclone/backend/pikpak"
+	"github.com/rclone/rclone/fstest/fstests"
+)
+
+// TestIntegration runs integration tests against the remote
+func TestIntegration(t *testing.T) {
+	fstests.Run(t, &fstests.Opt{
+		RemoteName: "TestPikPak:",
+		NilObject:  (*pikpak.Object)(nil),
+	})
+}
diff --git a/backend/premiumizeme/premiumizeme.go b/backend/premiumizeme/premiumizeme.go
index 8f3aa1ce8c377..4adaa5af285cf 100644
--- a/backend/premiumizeme/premiumizeme.go
+++ b/backend/premiumizeme/premiumizeme.go
@@ -82,14 +82,15 @@ func init() {
 				OAuth2Config: oauthConfig,
 			})
 		},
-		Options: []fs.Option{{
+		Options: append(oauthutil.SharedOptions, []fs.Option{{
 			Name: "api_key",
 			Help: `API Key.
 
 This is not normally used - use oauth instead.
 `,
-			Hide:    fs.OptionHideBoth,
-			Default: "",
+			Hide:      fs.OptionHideBoth,
+			Default:   "",
+			Sensitive: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -99,7 +100,7 @@ This is not normally used - use oauth instead.
 				encoder.EncodeBackSlash |
 				encoder.EncodeDoubleQuote |
 				encoder.EncodeInvalidUtf8),
-		}},
+		}}...),
 	})
 }
 
diff --git a/backend/protondrive/protondrive.go b/backend/protondrive/protondrive.go
new file mode 100644
index 0000000000000..d82575aa6b7e7
--- /dev/null
+++ b/backend/protondrive/protondrive.go
@@ -0,0 +1,1114 @@
+// Package protondrive implements the Proton Drive backend
+package protondrive
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"path"
+	"strings"
+	"time"
+
+	protonDriveAPI "github.com/henrybear327/Proton-API-Bridge"
+	"github.com/henrybear327/go-proton-api"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config"
+	"github.com/rclone/rclone/fs/config/configmap"
+	"github.com/rclone/rclone/fs/config/configstruct"
+	"github.com/rclone/rclone/fs/config/obscure"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/dircache"
+	"github.com/rclone/rclone/lib/encoder"
+	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/readers"
+)
+
+/*
+- dirCache operates on relative path to root
+- path sanitization
+	- rule of thumb: sanitize before use, but store things as-is
+	- the paths cached in dirCache are after sanitizing
+	- the remote/dir passed in aren't, and are stored as-is
+*/
+
+const (
+	minSleep      = 10 * time.Millisecond
+	maxSleep      = 2 * time.Second
+	decayConstant = 2 // bigger for slower decay, exponential
+
+	clientUIDKey           = "client_uid"
+	clientAccessTokenKey   = "client_access_token"
+	clientRefreshTokenKey  = "client_refresh_token"
+	clientSaltedKeyPassKey = "client_salted_key_pass"
+)
+
+var (
+	errCanNotUploadFileWithUnknownSize = errors.New("proton Drive can't upload files with unknown size")
+	errCanNotPurgeRootDirectory        = errors.New("can't purge root directory")
+
+	// for the auth/deauth handler
+	_mapper        configmap.Mapper
+	_saltedKeyPass string
+)
+
+// Register with Fs
+func init() {
+	fs.Register(&fs.RegInfo{
+		Name:        "protondrive",
+		Description: "Proton Drive",
+		NewFs:       NewFs,
+		Options: []fs.Option{{
+			Name:     "username",
+			Help:     `The username of your proton account`,
+			Required: true,
+		}, {
+			Name:       "password",
+			Help:       "The password of your proton account.",
+			Required:   true,
+			IsPassword: true,
+		}, {
+			Name: "mailbox_password",
+			Help: `The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+`,
+			IsPassword: true,
+			Advanced:   true,
+		}, {
+			Name: "2fa",
+			Help: `The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication`,
+			Required: false,
+		}, {
+			Name:      clientUIDKey,
+			Help:      "Client uid key (internal use only)",
+			Required:  false,
+			Advanced:  true,
+			Sensitive: true,
+			Hide:      fs.OptionHideBoth,
+		}, {
+			Name:      clientAccessTokenKey,
+			Help:      "Client access token key (internal use only)",
+			Required:  false,
+			Advanced:  true,
+			Sensitive: true,
+			Hide:      fs.OptionHideBoth,
+		}, {
+			Name:      clientRefreshTokenKey,
+			Help:      "Client refresh token key (internal use only)",
+			Required:  false,
+			Advanced:  true,
+			Sensitive: true,
+			Hide:      fs.OptionHideBoth,
+		}, {
+			Name:      clientSaltedKeyPassKey,
+			Help:      "Client salted key pass key (internal use only)",
+			Required:  false,
+			Advanced:  true,
+			Sensitive: true,
+			Hide:      fs.OptionHideBoth,
+		}, {
+			Name:     config.ConfigEncoding,
+			Help:     config.ConfigEncodingHelp,
+			Advanced: true,
+			Default: (encoder.Base |
+				encoder.EncodeInvalidUtf8 |
+				encoder.EncodeLeftSpace |
+				encoder.EncodeRightSpace),
+		}, {
+			Name: "original_file_size",
+			Help: `Return the file size before encryption
+			
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly`,
+			Advanced: true,
+			Default:  true,
+		}, {
+			Name: "app_version",
+			Help: `The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.`,
+			Advanced: true,
+			Default:  "macos-drive@1.0.0-alpha.1+rclone",
+		}, {
+			Name: "replace_existing_draft",
+			Help: `Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error "a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt" 
+will be returned, and no upload will happen.`,
+			Advanced: true,
+			Default:  false,
+		}, {
+			Name: "enable_caching",
+			Help: `Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn't update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.`,
+			Advanced: true,
+			Default:  true,
+		}},
+	})
+}
+
+// Options defines the configuration for this backend
+type Options struct {
+	Username        string `config:"username"`
+	Password        string `config:"password"`
+	MailboxPassword string `config:"mailbox_password"`
+	TwoFA           string `config:"2fa"`
+
+	// advanced
+	Enc                  encoder.MultiEncoder `config:"encoding"`
+	ReportOriginalSize   bool                 `config:"original_file_size"`
+	AppVersion           string               `config:"app_version"`
+	ReplaceExistingDraft bool                 `config:"replace_existing_draft"`
+	EnableCaching        bool                 `config:"enable_caching"`
+}
+
+// Fs represents a remote proton drive
+type Fs struct {
+	name string // name of this remote
+	// Notice that for ProtonDrive, it's attached under rootLink (usually /root)
+	root        string                      // the path we are working on.
+	opt         Options                     // parsed config options
+	ci          *fs.ConfigInfo              // global config
+	features    *fs.Features                // optional features
+	pacer       *fs.Pacer                   // pacer for API calls
+	dirCache    *dircache.DirCache          // Map of directory path to directory id
+	protonDrive *protonDriveAPI.ProtonDrive // the Proton API bridging library
+}
+
+// Object describes an object
+type Object struct {
+	fs           *Fs       // what this object is part of
+	remote       string    // The remote path (relative to the fs.root)
+	size         int64     // size of the object (on server, after encryption)
+	originalSize *int64    // size of the object (after decryption)
+	digests      *string   // object original content
+	blockSizes   []int64   // the block sizes of the encrypted file
+	modTime      time.Time // modification time of the object
+	createdTime  time.Time // creation time of the object
+	id           string    // ID of the object
+	mimetype     string    // mimetype of the file
+
+	link *proton.Link // link data on proton server
+}
+
+// shouldRetry returns a boolean as to whether this err deserves to be
+// retried.  It returns the err as a convenience
+func shouldRetry(ctx context.Context, err error) (bool, error) {
+	return false, err
+}
+
+//------------------------------------------------------------------------------
+
+// Name of the remote (as passed into NewFs)
+func (f *Fs) Name() string {
+	return f.name
+}
+
+// Root of the remote (as passed into NewFs)
+func (f *Fs) Root() string {
+	return f.root
+}
+
+// String converts this Fs to a string
+func (f *Fs) String() string {
+	return fmt.Sprintf("proton drive root link ID '%s'", f.root)
+}
+
+// Features returns the optional features of this Fs
+func (f *Fs) Features() *fs.Features {
+	return f.features
+}
+
+// run all the dir/remote through this
+func (f *Fs) sanitizePath(_path string) string {
+	_path = path.Clean(_path)
+	if _path == "." || _path == "/" {
+		return ""
+	}
+
+	return f.opt.Enc.FromStandardPath(_path)
+}
+
+func getConfigMap(m configmap.Mapper) (uid, accessToken, refreshToken, saltedKeyPass string, ok bool) {
+	if accessToken, ok = m.Get(clientAccessTokenKey); !ok {
+		return
+	}
+
+	if uid, ok = m.Get(clientUIDKey); !ok {
+		return
+	}
+
+	if refreshToken, ok = m.Get(clientRefreshTokenKey); !ok {
+		return
+	}
+
+	if saltedKeyPass, ok = m.Get(clientSaltedKeyPassKey); !ok {
+		return
+	}
+	_saltedKeyPass = saltedKeyPass
+
+	return
+}
+
+func setConfigMap(m configmap.Mapper, uid, accessToken, refreshToken, saltedKeyPass string) {
+	m.Set(clientUIDKey, uid)
+	m.Set(clientAccessTokenKey, accessToken)
+	m.Set(clientRefreshTokenKey, refreshToken)
+	m.Set(clientSaltedKeyPassKey, saltedKeyPass)
+	_saltedKeyPass = saltedKeyPass
+}
+
+func clearConfigMap(m configmap.Mapper) {
+	setConfigMap(m, "", "", "", "")
+	_saltedKeyPass = ""
+}
+
+func authHandler(auth proton.Auth) {
+	// fs.Debugf("authHandler called")
+	setConfigMap(_mapper, auth.UID, auth.AccessToken, auth.RefreshToken, _saltedKeyPass)
+}
+
+func deAuthHandler() {
+	// fs.Debugf("deAuthHandler called")
+	clearConfigMap(_mapper)
+}
+
+func newProtonDrive(ctx context.Context, f *Fs, opt *Options, m configmap.Mapper) (*protonDriveAPI.ProtonDrive, error) {
+	config := protonDriveAPI.NewDefaultConfig()
+	config.AppVersion = opt.AppVersion
+	config.UserAgent = f.ci.UserAgent // opt.UserAgent
+
+	config.ReplaceExistingDraft = opt.ReplaceExistingDraft
+	config.EnableCaching = opt.EnableCaching
+
+	// let's see if we have the cached access credential
+	uid, accessToken, refreshToken, saltedKeyPass, hasUseReusableLoginCredentials := getConfigMap(m)
+	_saltedKeyPass = saltedKeyPass
+
+	if hasUseReusableLoginCredentials {
+		fs.Debugf(f, "Has cached credentials")
+		config.UseReusableLogin = true
+
+		config.ReusableCredential.UID = uid
+		config.ReusableCredential.AccessToken = accessToken
+		config.ReusableCredential.RefreshToken = refreshToken
+		config.ReusableCredential.SaltedKeyPass = saltedKeyPass
+
+		protonDrive /* credential will be nil since access credentials are passed in */, _, err := protonDriveAPI.NewProtonDrive(ctx, config, authHandler, deAuthHandler)
+		if err != nil {
+			fs.Debugf(f, "Cached credential doesn't work, clearing and using the fallback login method")
+			// clear the access token on failure
+			clearConfigMap(m)
+
+			fs.Debugf(f, "couldn't initialize a new proton drive instance using cached credentials: %v", err)
+			// we fallback to username+password login -> don't throw an error here
+			// return nil, fmt.Errorf("couldn't initialize a new proton drive instance: %w", err)
+		} else {
+			fs.Debugf(f, "Used cached credential to initialize the ProtonDrive API")
+			return protonDrive, nil
+		}
+	}
+
+	// if not, let's try to log the user in using username and password (and 2FA if required)
+	fs.Debugf(f, "Using username and password to log in")
+	config.UseReusableLogin = false
+	config.FirstLoginCredential.Username = opt.Username
+	config.FirstLoginCredential.Password = opt.Password
+	config.FirstLoginCredential.MailboxPassword = opt.MailboxPassword
+	config.FirstLoginCredential.TwoFA = opt.TwoFA
+	protonDrive, auth, err := protonDriveAPI.NewProtonDrive(ctx, config, authHandler, deAuthHandler)
+	if err != nil {
+		return nil, fmt.Errorf("couldn't initialize a new proton drive instance: %w", err)
+	}
+
+	fs.Debugf(f, "Used username and password to initialize the ProtonDrive API")
+	setConfigMap(m, auth.UID, auth.AccessToken, auth.RefreshToken, auth.SaltedKeyPass)
+
+	return protonDrive, nil
+}
+
+// NewFs constructs an Fs from the path, container:path
+func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error) {
+	// pacer is not used in NewFs()
+	_mapper = m
+
+	// Parse config into Options struct
+	opt := new(Options)
+	err := configstruct.Set(m, opt)
+	if err != nil {
+		return nil, err
+	}
+	if opt.Password != "" {
+		var err error
+		opt.Password, err = obscure.Reveal(opt.Password)
+		if err != nil {
+			return nil, fmt.Errorf("couldn't decrypt password: %w", err)
+		}
+	}
+
+	if opt.MailboxPassword != "" {
+		var err error
+		opt.MailboxPassword, err = obscure.Reveal(opt.MailboxPassword)
+		if err != nil {
+			return nil, fmt.Errorf("couldn't decrypt mailbox password: %w", err)
+		}
+	}
+
+	ci := fs.GetConfig(ctx)
+
+	root = strings.Trim(root, "/")
+
+	f := &Fs{
+		name:  name,
+		root:  root,
+		opt:   *opt,
+		ci:    ci,
+		pacer: fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
+	}
+
+	f.features = (&fs.Features{
+		ReadMimeType:            true,
+		CanHaveEmptyDirectories: true,
+		/* can't have multiple threads downloading
+		The raw file is split into equally-sized (currently 4MB, but it might change in the future, say to 8MB, 16MB, etc.) blocks, except the last one which might be smaller than 4MB.
+		Each block is encrypted separately, where the size and sha1 after the encryption is performed on the block is added to the metadata of the block, but the original block size and sha1 is not in the metadata.
+		We can make assumption and implement the chunker, but for now, we would rather be safe about it, and let the block being concurrently downloaded and decrypted in the background, to speed up the download operation!
+		*/
+		NoMultiThreading: true,
+	}).Fill(ctx, f)
+
+	protonDrive, err := newProtonDrive(ctx, f, opt, m)
+	if err != nil {
+		return nil, err
+	}
+	f.protonDrive = protonDrive
+
+	root = f.sanitizePath(root)
+	f.dirCache = dircache.New(
+		root,                         /* root folder path */
+		protonDrive.MainShare.LinkID, /* real root ID is the root folder, since we can't go past this folder */
+		f,
+	)
+	err = f.dirCache.FindRoot(ctx, false)
+	if err != nil {
+		// if the root directory is not found, the initialization will still work
+		// but if it's other kinds of error, then we raise it
+		if err != fs.ErrorDirNotFound {
+			return nil, fmt.Errorf("couldn't initialize a new root remote: %w", err)
+		}
+
+		// Assume it is a file (taken and modified from box.go)
+		newRoot, remote := dircache.SplitPath(root)
+		tempF := *f
+		tempF.dirCache = dircache.New(newRoot, protonDrive.MainShare.LinkID, &tempF)
+		tempF.root = newRoot
+		// Make new Fs which is the parent
+		err = tempF.dirCache.FindRoot(ctx, false)
+		if err != nil {
+			// No root so return old f
+			return f, nil
+		}
+		_, err := tempF.newObjectWithLink(ctx, remote, nil)
+		if err != nil {
+			if err == fs.ErrorObjectNotFound {
+				// File doesn't exist so return old f
+				return f, nil
+			}
+			return nil, err
+		}
+		f.features.Fill(ctx, &tempF)
+		// XXX: update the old f here instead of returning tempF, since
+		// `features` were already filled with functions having *f as a receiver.
+		// See https://github.com/rclone/rclone/issues/2182
+		f.dirCache = tempF.dirCache
+		f.root = tempF.root
+		// return an error with an fs which points to the parent
+		return f, fs.ErrorIsFile
+	}
+
+	return f, nil
+}
+
+//------------------------------------------------------------------------------
+
+// CleanUp deletes all files currently in trash
+func (f *Fs) CleanUp(ctx context.Context) error {
+	return f.pacer.Call(func() (bool, error) {
+		err := f.protonDrive.EmptyTrash(ctx)
+		return shouldRetry(ctx, err)
+	})
+}
+
+// NewObject finds the Object at remote.  If it can't be found
+// it returns the error ErrorObjectNotFound.
+//
+// If remote points to a directory then it should return
+// ErrorIsDir if possible without doing any extra work,
+// otherwise ErrorObjectNotFound.
+func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
+	return f.newObjectWithLink(ctx, remote, nil)
+}
+
+func (f *Fs) getObjectLink(ctx context.Context, remote string) (*proton.Link, error) {
+	// attempt to locate the file
+	leaf, folderLinkID, err := f.dirCache.FindPath(ctx, f.sanitizePath(remote), false)
+	if err != nil {
+		if err == fs.ErrorDirNotFound {
+			// parent folder of the file not found, we for sure can't find the file
+			return nil, fs.ErrorObjectNotFound
+		}
+		// other error has occurred
+		return nil, err
+	}
+
+	var link *proton.Link
+	if err = f.pacer.Call(func() (bool, error) {
+		link, err = f.protonDrive.SearchByNameInActiveFolderByID(ctx, folderLinkID, leaf, true, false, proton.LinkStateActive)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return nil, err
+	}
+	if link == nil { // both link and err are nil, file not found
+		return nil, fs.ErrorObjectNotFound
+	}
+
+	return link, nil
+}
+
+// readMetaDataForRemote reads the metadata from the remote
+func (f *Fs) readMetaDataForRemote(ctx context.Context, remote string, _link *proton.Link) (*proton.Link, *protonDriveAPI.FileSystemAttrs, error) {
+	link, err := f.getObjectLink(ctx, remote)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var fileSystemAttrs *protonDriveAPI.FileSystemAttrs
+	if err = f.pacer.Call(func() (bool, error) {
+		fileSystemAttrs, err = f.protonDrive.GetActiveRevisionAttrs(ctx, link)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return nil, nil, err
+	}
+
+	return link, fileSystemAttrs, nil
+}
+
+// readMetaData gets the metadata if it hasn't already been fetched
+//
+// it also sets the info
+func (o *Object) readMetaData(ctx context.Context, link *proton.Link) (err error) {
+	if o.link != nil {
+		return nil
+	}
+
+	link, fileSystemAttrs, err := o.fs.readMetaDataForRemote(ctx, o.remote, link)
+	if err != nil {
+		return err
+	}
+
+	o.id = link.LinkID
+	o.size = link.Size
+	o.modTime = time.Unix(link.ModifyTime, 0)
+	o.createdTime = time.Unix(link.CreateTime, 0)
+	o.mimetype = link.MIMEType
+	o.link = link
+
+	if fileSystemAttrs != nil {
+		o.modTime = fileSystemAttrs.ModificationTime
+		o.originalSize = &fileSystemAttrs.Size
+		o.blockSizes = fileSystemAttrs.BlockSizes
+		o.digests = &fileSystemAttrs.Digests
+	}
+
+	return nil
+}
+
+// Return an Object from a path
+//
+// If it can't be found it returns the error fs.ErrorObjectNotFound.
+func (f *Fs) newObjectWithLink(ctx context.Context, remote string, link *proton.Link) (fs.Object, error) {
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+
+	err := o.readMetaData(ctx, link)
+	if err != nil {
+		return nil, err
+	}
+	return o, nil
+}
+
+// List the objects and directories in dir into entries.  The
+// entries can be returned in any order but should be for a
+// complete directory.
+//
+// dir should be "" to list the root, and should not have
+// trailing slashes.
+//
+// This should return ErrDirNotFound if the directory isn't
+// found.
+// Notice that this function is expensive since everything on proton is encrypted
+// So having a remote with 10k files, during operations like sync, might take a while and lots of bandwidth!
+func (f *Fs) List(ctx context.Context, dir string) (fs.DirEntries, error) {
+	folderLinkID, err := f.dirCache.FindDir(ctx, f.sanitizePath(dir), false) // will handle ErrDirNotFound here
+	if err != nil {
+		return nil, err
+	}
+
+	var foldersAndFiles []*protonDriveAPI.ProtonDirectoryData
+	if err = f.pacer.Call(func() (bool, error) {
+		foldersAndFiles, err = f.protonDrive.ListDirectory(ctx, folderLinkID)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return nil, err
+	}
+
+	entries := make(fs.DirEntries, 0)
+	for i := range foldersAndFiles {
+		remote := path.Join(dir, f.opt.Enc.ToStandardName(foldersAndFiles[i].Name))
+
+		if foldersAndFiles[i].IsFolder {
+			f.dirCache.Put(remote, foldersAndFiles[i].Link.LinkID)
+			d := fs.NewDir(remote, time.Unix(foldersAndFiles[i].Link.ModifyTime, 0)).SetID(foldersAndFiles[i].Link.LinkID)
+			entries = append(entries, d)
+		} else {
+			obj, err := f.newObjectWithLink(ctx, remote, foldersAndFiles[i].Link)
+			if err != nil {
+				return nil, err
+			}
+			entries = append(entries, obj)
+		}
+	}
+
+	return entries, nil
+}
+
+// FindLeaf finds a directory of name leaf in the folder with ID pathID
+//
+// This should be implemented by the backend and will be called by the
+// dircache package when appropriate.
+func (f *Fs) FindLeaf(ctx context.Context, pathID, leaf string) (string, bool, error) {
+	/* f.opt.Enc.FromStandardName(leaf) not required since the DirCache only process sanitized path */
+
+	var link *proton.Link
+	var err error
+	if err = f.pacer.Call(func() (bool, error) {
+		link, err = f.protonDrive.SearchByNameInActiveFolderByID(ctx, pathID, leaf, false, true, proton.LinkStateActive)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return "", false, err
+	}
+	if link == nil {
+		return "", false, nil
+	}
+
+	return link.LinkID, true, nil
+}
+
+// CreateDir makes a directory with pathID as parent and name leaf
+//
+// This should be implemented by the backend and will be called by the
+// dircache package when appropriate.
+func (f *Fs) CreateDir(ctx context.Context, pathID, leaf string) (string, error) {
+	/* f.opt.Enc.FromStandardName(leaf) not required since the DirCache only process sanitized path */
+
+	var newID string
+	var err error
+	if err = f.pacer.Call(func() (bool, error) {
+		newID, err = f.protonDrive.CreateNewFolderByID(ctx, pathID, leaf)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return "", err
+	}
+
+	return newID, err
+}
+
+// Put in to the remote path with the modTime given of the given size
+//
+// When called from outside an Fs by rclone, src.Size() will always be >= 0.
+// But for unknown-sized objects (indicated by src.Size() == -1), Put should either
+// return an error or upload it properly (rather than e.g. calling panic).
+//
+// May create the object even if it returns an error - if so
+// will return the object and the error, otherwise will return
+// nil and the error
+func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	size := src.Size()
+	if size < 0 {
+		return nil, errCanNotUploadFileWithUnknownSize
+	}
+
+	existingObj, err := f.NewObject(ctx, src.Remote())
+	switch err {
+	case nil:
+		// object is found, we add an revision to it
+		return existingObj, existingObj.Update(ctx, in, src, options...)
+	case fs.ErrorObjectNotFound:
+		// object not found, so we need to create it
+		remote := src.Remote()
+		size := src.Size()
+		modTime := src.ModTime(ctx)
+
+		obj, err := f.createObject(ctx, remote, modTime, size)
+		if err != nil {
+			return nil, err
+		}
+		return obj, obj.Update(ctx, in, src, options...)
+	default:
+		// real error caught
+		return nil, err
+	}
+}
+
+// Creates from the parameters passed in a half finished Object which
+// must have setMetaData called on it
+//
+// Returns the object, leaf, directoryID and error.
+//
+// Used to create new objects
+func (f *Fs) createObject(ctx context.Context, remote string, modTime time.Time, size int64) (*Object, error) {
+	//                 ˇ-------ˇ filename
+	// e.g. /root/a/b/c/test.txt
+	//      ^~~~~~~~~~~^ dirPath
+
+	// Create the directory for the object if it doesn't exist
+	_, _, err := f.dirCache.FindPath(ctx, f.sanitizePath(remote), true)
+	if err != nil {
+		return nil, err
+	}
+
+	// Temporary Object under construction
+	obj := &Object{
+		fs:           f,
+		remote:       remote,
+		size:         size,
+		originalSize: nil,
+		id:           "",
+		modTime:      modTime,
+		mimetype:     "",
+		link:         nil,
+	}
+	return obj, nil
+}
+
+// Mkdir makes the directory (container, bucket)
+//
+// Shouldn't return an error if it already exists
+func (f *Fs) Mkdir(ctx context.Context, dir string) error {
+	_, err := f.dirCache.FindDir(ctx, f.sanitizePath(dir), true)
+	return err
+}
+
+// Rmdir removes the directory (container, bucket) if empty
+//
+// Return an error if it doesn't exist or isn't empty
+func (f *Fs) Rmdir(ctx context.Context, dir string) error {
+	folderLinkID, err := f.dirCache.FindDir(ctx, f.sanitizePath(dir), false)
+	if err == fs.ErrorDirNotFound {
+		return fmt.Errorf("[Rmdir] cannot find LinkID for dir %s (%s)", dir, f.sanitizePath(dir))
+	} else if err != nil {
+		return err
+	}
+
+	if err = f.pacer.Call(func() (bool, error) {
+		err = f.protonDrive.MoveFolderToTrashByID(ctx, folderLinkID, true)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return err
+	}
+
+	f.dirCache.FlushDir(f.sanitizePath(dir))
+	return nil
+}
+
+// Precision of the ModTimes in this Fs
+func (f *Fs) Precision() time.Duration {
+	return time.Second
+}
+
+// DirCacheFlush an optional interface to flush internal directory cache
+// DirCacheFlush resets the directory cache - used in testing
+// as an optional interface
+func (f *Fs) DirCacheFlush() {
+	f.dirCache.ResetRoot()
+	f.protonDrive.ClearCache()
+}
+
+// Hashes returns the supported hash types of the filesystem
+func (f *Fs) Hashes() hash.Set {
+	return hash.Set(hash.SHA1)
+}
+
+// About gets quota information
+func (f *Fs) About(ctx context.Context) (*fs.Usage, error) {
+	var user *proton.User
+	var err error
+	if err = f.pacer.Call(func() (bool, error) {
+		user, err = f.protonDrive.About(ctx)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return nil, err
+	}
+
+	total := user.MaxSpace
+	used := user.UsedSpace
+	free := total - used
+
+	usage := &fs.Usage{
+		Total: &total,
+		Used:  &used,
+		Free:  &free,
+	}
+
+	return usage, nil
+}
+
+// ------------------------------------------------------------
+
+// Fs returns the parent Fs
+func (o *Object) Fs() fs.Info {
+	return o.fs
+}
+
+// Return a string version
+func (o *Object) String() string {
+	if o == nil {
+		return "<nil>"
+	}
+	return o.remote
+}
+
+// Remote returns the remote path
+func (o *Object) Remote() string {
+	return o.remote
+}
+
+// Hash returns the hashes of an object
+func (o *Object) Hash(ctx context.Context, t hash.Type) (string, error) {
+	if t != hash.SHA1 {
+		return "", hash.ErrUnsupported
+	}
+
+	if o.digests != nil {
+		return *o.digests, nil
+	}
+
+	// sha1 not cached: we fetch and try to obtain the sha1 of the link
+	fileSystemAttrs, err := o.fs.protonDrive.GetActiveRevisionAttrsByID(ctx, o.ID())
+	if err != nil {
+		return "", err
+	}
+
+	if fileSystemAttrs == nil || fileSystemAttrs.Digests == "" {
+		fs.Debugf(o, "file sha1 digest missing")
+		return "", nil
+	}
+	return fileSystemAttrs.Digests, nil
+}
+
+// Size returns the size of an object in bytes
+func (o *Object) Size() int64 {
+	if o.fs.opt.ReportOriginalSize {
+		// if ReportOriginalSize is set, we will generate an error when the original size failed to be parsed
+		// this is crucial as features like Open() will need to use the proper size to operate the seek/range operator
+		if o.originalSize != nil {
+			return *o.originalSize
+		}
+
+		fs.Debugf(o, "Original file size missing")
+	}
+	return o.size
+}
+
+// ModTime returns the modification time of the object
+//
+// It attempts to read the objects mtime and if that isn't present the
+// LastModified returned in the http headers
+func (o *Object) ModTime(ctx context.Context) time.Time {
+	return o.modTime
+}
+
+// SetModTime sets the modification time of the local fs object
+func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error {
+	return fs.ErrorCantSetModTime
+}
+
+// Storable returns a boolean showing whether this object storable
+func (o *Object) Storable() bool {
+	return true
+}
+
+// Open opens the file for read.  Call Close() on the returned io.ReadCloser
+func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadCloser, error) {
+	fs.FixRangeOption(options, *o.originalSize)
+	var offset, limit int64 = 0, -1
+	for _, option := range options { // if the caller passes in nil for options, it will become array of nil
+		switch x := option.(type) {
+		case *fs.SeekOption:
+			offset = x.Offset
+		case *fs.RangeOption:
+			offset, limit = x.Decode(o.Size())
+		default:
+			if option.Mandatory() {
+				fs.Logf(o, "Unsupported mandatory option: %v", option)
+			}
+		}
+	}
+
+	// download and decrypt the file
+	var reader io.ReadCloser
+	var fileSystemAttrs *protonDriveAPI.FileSystemAttrs
+	var sizeOnServer int64
+	var err error
+	if err = o.fs.pacer.Call(func() (bool, error) {
+		reader, sizeOnServer, fileSystemAttrs, err = o.fs.protonDrive.DownloadFileByID(ctx, o.id, offset)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return nil, err
+	}
+
+	if fileSystemAttrs != nil {
+		o.originalSize = &fileSystemAttrs.Size
+		o.modTime = fileSystemAttrs.ModificationTime
+		o.digests = &fileSystemAttrs.Digests
+		o.blockSizes = fileSystemAttrs.BlockSizes
+	} else {
+		fs.Debugf(o, "fileSystemAttrs is nil: using fallback size, and now digests and blocksizes available")
+		o.originalSize = &sizeOnServer
+		o.size = sizeOnServer
+		o.digests = nil
+		o.blockSizes = nil
+	}
+
+	retReader := io.NopCloser(reader) // the NewLimitedReadCloser will deal with the limit
+
+	// deal with limit
+	return readers.NewLimitedReadCloser(retReader, limit), nil
+}
+
+// Update in to the object with the modTime given of the given size
+//
+// When called from outside an Fs by rclone, src.Size() will always be >= 0.
+// But for unknown-sized objects (indicated by src.Size() == -1), Upload should either
+// return an error or update the object properly (rather than e.g. calling panic).
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error {
+	size := src.Size()
+	if size < 0 {
+		return errCanNotUploadFileWithUnknownSize
+	}
+
+	remote := o.Remote()
+	leaf, folderLinkID, err := o.fs.dirCache.FindPath(ctx, o.fs.sanitizePath(remote), true)
+	if err != nil {
+		return err
+	}
+
+	modTime := src.ModTime(ctx)
+	var linkID string
+	var fileSystemAttrs *proton.RevisionXAttrCommon
+	if err = o.fs.pacer.Call(func() (bool, error) {
+		linkID, fileSystemAttrs, err = o.fs.protonDrive.UploadFileByReader(ctx, folderLinkID, leaf, modTime, in, 0)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return err
+	}
+
+	var sha1Hash string
+	if val, ok := fileSystemAttrs.Digests["SHA1"]; ok {
+		sha1Hash = val
+	} else {
+		sha1Hash = ""
+	}
+
+	o.id = linkID
+	o.originalSize = &fileSystemAttrs.Size
+	o.modTime = modTime
+	o.blockSizes = fileSystemAttrs.BlockSizes
+	o.digests = &sha1Hash
+
+	return nil
+}
+
+// Remove an object
+func (o *Object) Remove(ctx context.Context) error {
+	return o.fs.pacer.Call(func() (bool, error) {
+		err := o.fs.protonDrive.MoveFileToTrashByID(ctx, o.id)
+		return shouldRetry(ctx, err)
+	})
+}
+
+// ID returns the ID of the Object if known, or "" if not
+func (o *Object) ID() string {
+	return o.id
+}
+
+// Purge all files in the directory specified
+//
+// Implement this if you have a way of deleting all the files
+// quicker than just running Remove() on the result of List()
+//
+// Return an error if it doesn't exist
+func (f *Fs) Purge(ctx context.Context, dir string) error {
+	root := path.Join(f.root, dir)
+	if root == "" {
+		// we can't remove the root directory, but we can list the directory and delete every folder and file in here
+		return errCanNotPurgeRootDirectory
+	}
+
+	folderLinkID, err := f.dirCache.FindDir(ctx, f.sanitizePath(dir), false)
+	if err != nil {
+		return err
+	}
+
+	if err = f.pacer.Call(func() (bool, error) {
+		err = f.protonDrive.MoveFolderToTrashByID(ctx, folderLinkID, false)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return err
+	}
+
+	f.dirCache.FlushDir(dir)
+	return nil
+}
+
+// MimeType of an Object if known, "" otherwise
+func (o *Object) MimeType(ctx context.Context) string {
+	return o.mimetype
+}
+
+// Disconnect the current user
+func (f *Fs) Disconnect(ctx context.Context) error {
+	return f.pacer.Call(func() (bool, error) {
+		err := f.protonDrive.Logout(ctx)
+		return shouldRetry(ctx, err)
+	})
+}
+
+// Move src to this remote using server-side move operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantMove
+func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't move - not same remote type")
+		return nil, fs.ErrorCantMove
+	}
+
+	// check if the remote (dst) exists
+	_, err := f.NewObject(ctx, remote)
+	if err != nil {
+		if err != fs.ErrorObjectNotFound {
+			return nil, err
+		}
+		// object is indeed not found
+	} else {
+		// object at the dst exists
+		return nil, fs.ErrorCantMove
+	}
+
+	// attempt the move
+	dstLeaf, dstDirectoryID, err := f.dirCache.FindPath(ctx, f.sanitizePath(remote), true)
+	if err != nil {
+		return nil, err
+	}
+	if err = f.pacer.Call(func() (bool, error) {
+		err = f.protonDrive.MoveFileByID(ctx, srcObj.id, dstDirectoryID, dstLeaf)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return nil, err
+	}
+
+	f.dirCache.FlushDir(f.sanitizePath(src.Remote()))
+
+	return f.NewObject(ctx, remote)
+}
+
+// DirMove moves src, srcRemote to this remote at dstRemote
+// using server-side move operations.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantDirMove
+//
+// If destination exists then return fs.ErrorDirExists
+func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string) error {
+	srcFs, ok := src.(*Fs)
+	if !ok {
+		fs.Debugf(srcFs, "Can't move directory - not same remote type")
+		return fs.ErrorCantDirMove
+	}
+
+	srcID, _, _, dstDirectoryID, dstLeaf, err := f.dirCache.DirMove(ctx, srcFs.dirCache, f.sanitizePath(srcFs.root), f.sanitizePath(srcRemote), f.sanitizePath(f.root), f.sanitizePath(dstRemote))
+	if err != nil {
+		return err
+	}
+
+	if err = f.pacer.Call(func() (bool, error) {
+		err = f.protonDrive.MoveFolderByID(ctx, srcID, dstDirectoryID, dstLeaf)
+		return shouldRetry(ctx, err)
+	}); err != nil {
+		return err
+	}
+
+	srcFs.dirCache.FlushDir(f.sanitizePath(srcRemote))
+
+	return nil
+}
+
+// Check the interfaces are satisfied
+var (
+	_ fs.Fs              = (*Fs)(nil)
+	_ fs.Mover           = (*Fs)(nil)
+	_ fs.DirMover        = (*Fs)(nil)
+	_ fs.DirCacheFlusher = (*Fs)(nil)
+	_ fs.Abouter         = (*Fs)(nil)
+	_ fs.Object          = (*Object)(nil)
+	_ fs.MimeTyper       = (*Object)(nil)
+	_ fs.IDer            = (*Object)(nil)
+)
diff --git a/backend/protondrive/protondrive_test.go b/backend/protondrive/protondrive_test.go
new file mode 100644
index 0000000000000..86aa0c0750115
--- /dev/null
+++ b/backend/protondrive/protondrive_test.go
@@ -0,0 +1,16 @@
+package protondrive_test
+
+import (
+	"testing"
+
+	"github.com/rclone/rclone/backend/protondrive"
+	"github.com/rclone/rclone/fstest/fstests"
+)
+
+// TestIntegration runs integration tests against the remote
+func TestIntegration(t *testing.T) {
+	fstests.Run(t, &fstests.Opt{
+		RemoteName: "TestProtonDrive:",
+		NilObject:  (*protondrive.Object)(nil),
+	})
+}
diff --git a/backend/putio/fs.go b/backend/putio/fs.go
index cbcda547f7475..cc21cac00b912 100644
--- a/backend/putio/fs.go
+++ b/backend/putio/fs.go
@@ -23,6 +23,7 @@ import (
 	"github.com/rclone/rclone/lib/dircache"
 	"github.com/rclone/rclone/lib/oauthutil"
 	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/random"
 	"github.com/rclone/rclone/lib/readers"
 )
 
@@ -252,9 +253,12 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 // This will create a duplicate if we upload a new file without
 // checking to see if there is one already - use Put() for that.
 func (f *Fs) PutUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (o fs.Object, err error) {
+	return f.putUnchecked(ctx, in, src, src.Remote(), options...)
+}
+
+func (f *Fs) putUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo, remote string, options ...fs.OpenOption) (o fs.Object, err error) {
 	// defer log.Trace(f, "src=%+v", src)("o=%+v, err=%v", &o, &err)
 	size := src.Size()
-	remote := src.Remote()
 	leaf, directoryID, err := f.dirCache.FindPath(ctx, remote, true)
 	if err != nil {
 		return nil, err
@@ -540,24 +544,59 @@ func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (o fs.Objec
 	if err != nil {
 		return nil, err
 	}
+	modTime := src.ModTime(ctx)
+	var resp struct {
+		File putio.File `json:"file"`
+	}
+	// For some unknown reason the API sometimes returns the name
+	// already exists unless we upload to a temporary name and
+	// rename
+	//
+	// {"error_id":null,"error_message":"Name already exist","error_type":"NAME_ALREADY_EXIST","error_uri":"http://api.put.io/v2/docs","extra":{},"status":"ERROR","status_code":400}
+	suffix := "." + random.String(8)
 	err = f.pacer.Call(func() (bool, error) {
 		params := url.Values{}
 		params.Set("file_id", strconv.FormatInt(srcObj.file.ID, 10))
 		params.Set("parent_id", directoryID)
-		params.Set("name", f.opt.Enc.FromStandardName(leaf))
+		params.Set("name", f.opt.Enc.FromStandardName(leaf+suffix))
+
 		req, err := f.client.NewRequest(ctx, "POST", "/v2/files/copy", strings.NewReader(params.Encode()))
 		if err != nil {
 			return false, err
 		}
 		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		// fs.Debugf(f, "copying file (%d) to parent_id: %s", srcObj.file.ID, directoryID)
-		_, err = f.client.Do(req, nil)
+		_, err = f.client.Do(req, &resp)
 		return shouldRetry(ctx, err)
 	})
 	if err != nil {
 		return nil, err
 	}
-	return f.NewObject(ctx, remote)
+	err = f.pacer.Call(func() (bool, error) {
+		params := url.Values{}
+		params.Set("file_id", strconv.FormatInt(resp.File.ID, 10))
+		params.Set("name", f.opt.Enc.FromStandardName(leaf))
+
+		req, err := f.client.NewRequest(ctx, "POST", "/v2/files/rename", strings.NewReader(params.Encode()))
+		if err != nil {
+			return false, err
+		}
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		_, err = f.client.Do(req, &resp)
+		return shouldRetry(ctx, err)
+	})
+	if err != nil {
+		return nil, err
+	}
+	o, err = f.newObjectWithInfo(ctx, remote, resp.File)
+	if err != nil {
+		return nil, err
+	}
+	err = o.SetModTime(ctx, modTime)
+	if err != nil {
+		return nil, err
+	}
+	return o, nil
 }
 
 // Move src to this remote using server-side move operations.
@@ -579,6 +618,7 @@ func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (o fs.Objec
 	if err != nil {
 		return nil, err
 	}
+	modTime := src.ModTime(ctx)
 	err = f.pacer.Call(func() (bool, error) {
 		params := url.Values{}
 		params.Set("file_id", strconv.FormatInt(srcObj.file.ID, 10))
@@ -596,7 +636,15 @@ func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (o fs.Objec
 	if err != nil {
 		return nil, err
 	}
-	return f.NewObject(ctx, remote)
+	o, err = f.NewObject(ctx, remote)
+	if err != nil {
+		return nil, err
+	}
+	err = o.SetModTime(ctx, modTime)
+	if err != nil {
+		return nil, err
+	}
+	return o, nil
 }
 
 // DirMove moves src, srcRemote to this remote at dstRemote
diff --git a/backend/putio/object.go b/backend/putio/object.go
index bd03982caf7c8..86edb008febc2 100644
--- a/backend/putio/object.go
+++ b/backend/putio/object.go
@@ -275,7 +275,7 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	if err != nil {
 		return err
 	}
-	newObj, err := o.fs.PutUnchecked(ctx, in, src, options...)
+	newObj, err := o.fs.putUnchecked(ctx, in, src, o.remote, options...)
 	if err != nil {
 		return err
 	}
diff --git a/backend/putio/putio.go b/backend/putio/putio.go
index 6923641666d46..a12be5f9b6906 100644
--- a/backend/putio/putio.go
+++ b/backend/putio/putio.go
@@ -67,7 +67,7 @@ func init() {
 				NoOffline:    true,
 			})
 		},
-		Options: []fs.Option{{
+		Options: append(oauthutil.SharedOptions, []fs.Option{{
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
 			Advanced: true,
@@ -77,7 +77,7 @@ func init() {
 			Default: (encoder.Display |
 				encoder.EncodeBackSlash |
 				encoder.EncodeInvalidUtf8),
-		}},
+		}}...),
 	})
 }
 
diff --git a/backend/qingstor/qingstor.go b/backend/qingstor/qingstor.go
index a3d0bd639341d..9f3a2a0164fbb 100644
--- a/backend/qingstor/qingstor.go
+++ b/backend/qingstor/qingstor.go
@@ -49,11 +49,13 @@ func init() {
 				Help:  "Get QingStor credentials from the environment (env vars or IAM).",
 			}},
 		}, {
-			Name: "access_key_id",
-			Help: "QingStor Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.",
+			Name:      "access_key_id",
+			Help:      "QingStor Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.",
+			Sensitive: true,
 		}, {
-			Name: "secret_access_key",
-			Help: "QingStor Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.",
+			Name:      "secret_access_key",
+			Help:      "QingStor Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.",
+			Sensitive: true,
 		}, {
 			Name: "endpoint",
 			Help: "Enter an endpoint URL to connection QingStor API.\n\nLeave blank will use the default value \"https://qingstor.com:443\".",
diff --git a/backend/quatrix/api/types.go b/backend/quatrix/api/types.go
new file mode 100644
index 0000000000000..0a55f5e60883a
--- /dev/null
+++ b/backend/quatrix/api/types.go
@@ -0,0 +1,182 @@
+// Package api provides types used by the Quatrix API.
+package api
+
+import (
+	"strconv"
+	"time"
+)
+
+// OverwriteMode is a conflict resolve mode during copy or move. Files with conflicting names will be overwritten
+const OverwriteMode = "overwrite"
+
+// ProfileInfo is a profile info about quota
+type ProfileInfo struct {
+	UserUsed  int64 `json:"user_used"`
+	UserLimit int64 `json:"user_limit"`
+	AccUsed   int64 `json:"acc_used"`
+	AccLimit  int64 `json:"acc_limit"`
+}
+
+// IDList is a general object that contains list of ids
+type IDList struct {
+	IDs []string `json:"ids"`
+}
+
+// DeleteParams is the request to delete object
+type DeleteParams struct {
+	IDs               []string `json:"ids"`
+	DeletePermanently bool     `json:"delete_permanently"`
+}
+
+// FileInfoParams is the request to get object's (file or directory) info
+type FileInfoParams struct {
+	ParentID string `json:"parent_id,omitempty"`
+	Path     string `json:"path"`
+}
+
+// FileInfo is the response to get object's (file or directory) info
+type FileInfo struct {
+	FileID   string `json:"file_id"`
+	ParentID string `json:"parent_id"`
+	Src      string `json:"src"`
+	Type     string `json:"type"`
+}
+
+// IsFile returns true if object is a file
+// false otherwise
+func (fi *FileInfo) IsFile() bool {
+	if fi == nil {
+		return false
+	}
+
+	return fi.Type == "F"
+}
+
+// IsDir returns true if object is a directory
+// false otherwise
+func (fi *FileInfo) IsDir() bool {
+	if fi == nil {
+		return false
+	}
+
+	return fi.Type == "D" || fi.Type == "S" || fi.Type == "T"
+}
+
+// CreateDirParams is the request to create a directory
+type CreateDirParams struct {
+	Target  string `json:"target,omitempty"`
+	Name    string `json:"name"`
+	Resolve bool   `json:"resolve"`
+}
+
+// File represent metadata about object in Quatrix (file or directory)
+type File struct {
+	ID         string   `json:"id"`
+	Created    JSONTime `json:"created"`
+	Modified   JSONTime `json:"modified"`
+	Name       string   `json:"name"`
+	ParentID   string   `json:"parent_id"`
+	Size       int64    `json:"size"`
+	ModifiedMS JSONTime `json:"modified_ms"`
+	Type       string   `json:"type"`
+	Operations int      `json:"operations"`
+	SubType    string   `json:"sub_type"`
+	Content    []File   `json:"content"`
+}
+
+// IsFile returns true if object is a file
+// false otherwise
+func (f *File) IsFile() bool {
+	if f == nil {
+		return false
+	}
+
+	return f.Type == "F"
+}
+
+// IsDir returns true if object is a directory
+// false otherwise
+func (f *File) IsDir() bool {
+	if f == nil {
+		return false
+	}
+
+	return f.Type == "D" || f.Type == "S" || f.Type == "T"
+}
+
+// SetMTimeParams is the request to set modification time for object
+type SetMTimeParams struct {
+	ID    string   `json:"id,omitempty"`
+	MTime JSONTime `json:"mtime"`
+}
+
+// JSONTime provides methods to marshal/unmarshal time.Time as Unix time
+type JSONTime time.Time
+
+// MarshalJSON returns time representation in Unix time
+func (u JSONTime) MarshalJSON() ([]byte, error) {
+	return []byte(strconv.FormatFloat(float64(time.Time(u).UTC().UnixNano())/1e9, 'f', 6, 64)), nil
+}
+
+// UnmarshalJSON sets time from Unix time representation
+func (u *JSONTime) UnmarshalJSON(data []byte) error {
+	f, err := strconv.ParseFloat(string(data), 64)
+	if err != nil {
+		return err
+	}
+
+	t := JSONTime(time.Unix(0, int64(f*1e9)))
+	*u = t
+
+	return nil
+}
+
+// String returns Unix time representation of time as string
+func (u JSONTime) String() string {
+	return strconv.FormatInt(time.Time(u).UTC().Unix(), 10)
+}
+
+// DownloadLinkResponse is the response to download-link request
+type DownloadLinkResponse struct {
+	ID string `json:"id"`
+}
+
+// UploadLinkParams is the request to get upload-link
+type UploadLinkParams struct {
+	Name     string `json:"name"`
+	ParentID string `json:"parent_id"`
+	Resolve  bool   `json:"resolve"`
+}
+
+// UploadLinkResponse is the response to upload-link request
+type UploadLinkResponse struct {
+	Name      string `json:"name"`
+	FileID    string `json:"file_id"`
+	ParentID  string `json:"parent_id"`
+	UploadKey string `json:"upload_key"`
+}
+
+// UploadFinalizeResponse is the response to finalize file method
+type UploadFinalizeResponse struct {
+	FileID   string `json:"id"`
+	ParentID string `json:"parent_id"`
+	Modified int64  `json:"modified"`
+	FileSize int64  `json:"size"`
+}
+
+// FileModifyParams is the request to get modify file link
+type FileModifyParams struct {
+	ID       string `json:"id"`
+	Truncate int64  `json:"truncate"`
+}
+
+// FileCopyMoveOneParams is the request to do server-side copy and move
+// can be used for file or directory
+type FileCopyMoveOneParams struct {
+	ID          string   `json:"file_id"`
+	Target      string   `json:"target_id"`
+	Name        string   `json:"name"`
+	MTime       JSONTime `json:"mtime"`
+	Resolve     bool     `json:"resolve"`
+	ResolveMode string   `json:"resolve_mode"`
+}
diff --git a/backend/quatrix/quatrix.go b/backend/quatrix/quatrix.go
new file mode 100644
index 0000000000000..dab1f5f7763a3
--- /dev/null
+++ b/backend/quatrix/quatrix.go
@@ -0,0 +1,1256 @@
+// Package quatrix provides an interface to the Quatrix by Maytech
+// object storage system.
+package quatrix
+
+// FIXME Quatrix only supports file names of 255 characters or less. Names
+// that will not be supported are those that contain non-printable
+// ascii, / or \, names with trailing spaces, and the special names
+// “.” and “..”.
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/rclone/rclone/backend/quatrix/api"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config"
+	"github.com/rclone/rclone/fs/config/configmap"
+	"github.com/rclone/rclone/fs/config/configstruct"
+	"github.com/rclone/rclone/fs/fserrors"
+	"github.com/rclone/rclone/fs/fshttp"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/dircache"
+	"github.com/rclone/rclone/lib/encoder"
+	"github.com/rclone/rclone/lib/multipart"
+	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/rest"
+)
+
+const (
+	minSleep      = 10 * time.Millisecond
+	maxSleep      = 2 * time.Second
+	decayConstant = 2 // bigger for slower decay, exponential
+	rootURL       = "https://%s/api/1.0/"
+	uploadURL     = "https://%s/upload/chunked/"
+
+	unlimitedUserQuota = -1
+)
+
+func init() {
+	fs.Register(&fs.RegInfo{
+		Name:        "quatrix",
+		Description: "Quatrix by Maytech",
+		NewFs:       NewFs,
+		Options: fs.Options{
+			{
+				Name:      "api_key",
+				Help:      "API key for accessing Quatrix account",
+				Required:  true,
+				Sensitive: true,
+			},
+			{
+				Name:     "host",
+				Help:     "Host name of Quatrix account",
+				Required: true,
+			},
+			{
+				Name:     config.ConfigEncoding,
+				Help:     config.ConfigEncodingHelp,
+				Advanced: true,
+				Default: encoder.Standard |
+					encoder.EncodeBackSlash |
+					encoder.EncodeInvalidUtf8,
+			},
+			{
+				Name:     "effective_upload_time",
+				Help:     "Wanted upload time for one chunk",
+				Advanced: true,
+				Default:  "4s",
+			},
+			{
+				Name:     "minimal_chunk_size",
+				Help:     "The minimal size for one chunk",
+				Advanced: true,
+				Default:  fs.SizeSuffix(10_000_000),
+			},
+			{
+				Name:     "maximal_summary_chunk_size",
+				Help:     "The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size'",
+				Advanced: true,
+				Default:  fs.SizeSuffix(100_000_000),
+			},
+			{
+				Name:     "hard_delete",
+				Help:     "Delete files permanently rather than putting them into the trash.",
+				Advanced: true,
+				Default:  false,
+			},
+		},
+	})
+}
+
+// Options defines the configuration for Quatrix backend
+type Options struct {
+	APIKey                  string               `config:"api_key"`
+	Host                    string               `config:"host"`
+	Enc                     encoder.MultiEncoder `config:"encoding"`
+	EffectiveUploadTime     fs.Duration          `config:"effective_upload_time"`
+	MinimalChunkSize        fs.SizeSuffix        `config:"minimal_chunk_size"`
+	MaximalSummaryChunkSize fs.SizeSuffix        `config:"maximal_summary_chunk_size"`
+	HardDelete              bool                 `config:"hard_delete"`
+}
+
+// Fs represents remote Quatrix fs
+type Fs struct {
+	name                string
+	root                string
+	description         string
+	features            *fs.Features
+	opt                 Options
+	ci                  *fs.ConfigInfo
+	srv                 *rest.Client // the connection to the quatrix server
+	pacer               *fs.Pacer    // pacer for API calls
+	dirCache            *dircache.DirCache
+	uploadMemoryManager *UploadMemoryManager
+}
+
+// Object describes a quatrix object
+type Object struct {
+	fs          *Fs
+	remote      string
+	size        int64
+	modTime     time.Time
+	id          string
+	hasMetaData bool
+	obType      string
+}
+
+// trimPath trims redundant slashes from quatrix 'url'
+func trimPath(path string) (root string) {
+	root = strings.Trim(path, "/")
+	return
+}
+
+// retryErrorCodes is a slice of error codes that we will retry
+var retryErrorCodes = []int{
+	429, // Too Many Requests.
+	500, // Internal Server Error
+	502, // Bad Gateway
+	503, // Service Unavailable
+	504, // Gateway Timeout
+	509, // Bandwidth Limit Exceeded
+}
+
+// shouldRetry returns a boolean as to whether this resp and err
+// deserve to be retried.  It returns the err as a convenience
+func shouldRetry(ctx context.Context, resp *http.Response, err error) (bool, error) {
+	if fserrors.ContextError(ctx, &err) {
+		return false, err
+	}
+
+	return fserrors.ShouldRetry(err) || fserrors.ShouldRetryHTTP(resp, retryErrorCodes), err
+}
+
+// NewFs constructs an Fs from the path, container:path
+func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error) {
+	// Parse config into Options struct
+	opt := new(Options)
+
+	err := configstruct.Set(m, opt)
+	if err != nil {
+		return nil, err
+	}
+
+	// http client
+	client := fshttp.NewClient(ctx)
+
+	// since transport is a global variable that is initialized only once (due to sync.Once)
+	// we need to reset it to have correct transport per each client (with proper values extracted from rclone config)
+	client.Transport = fshttp.NewTransportCustom(ctx, nil)
+
+	root = trimPath(root)
+
+	ci := fs.GetConfig(ctx)
+
+	f := &Fs{
+		name:        name,
+		description: "Quatrix FS for account " + opt.Host,
+		root:        root,
+		opt:         *opt,
+		ci:          ci,
+		srv:         rest.NewClient(client).SetRoot(fmt.Sprintf(rootURL, opt.Host)),
+		pacer:       fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
+	}
+
+	f.features = (&fs.Features{
+		CaseInsensitive:         false,
+		CanHaveEmptyDirectories: true,
+		PartialUploads:          true,
+	}).Fill(ctx, f)
+
+	if f.opt.APIKey != "" {
+		f.srv.SetHeader("Authorization", "Bearer "+f.opt.APIKey)
+	}
+
+	f.uploadMemoryManager = NewUploadMemoryManager(f.ci, &f.opt)
+
+	// get quatrix root(home) id
+	rootID, found, err := f.fileID(ctx, "", "")
+	if err != nil {
+		return nil, err
+	}
+
+	if !found {
+		return nil, errors.New("root not found")
+	}
+
+	f.dirCache = dircache.New(root, rootID.FileID, f)
+
+	err = f.dirCache.FindRoot(ctx, false)
+	if err != nil {
+		fileID, found, err := f.fileID(ctx, "", root)
+		if err != nil {
+			return nil, fmt.Errorf("find root %s: %w", root, err)
+		}
+
+		if !found {
+			return f, nil
+		}
+
+		if fileID.IsFile() {
+			root, _ = dircache.SplitPath(root)
+			f.dirCache = dircache.New(root, rootID.FileID, f)
+
+			return f, fs.ErrorIsFile
+		}
+	}
+
+	return f, nil
+}
+
+// fileID gets id, parent and type of path in given parentID
+func (f *Fs) fileID(ctx context.Context, parentID, path string) (result *api.FileInfo, found bool, err error) {
+	opts := rest.Opts{
+		Method:       "POST",
+		Path:         "file/id",
+		IgnoreStatus: true,
+	}
+
+	payload := api.FileInfoParams{
+		Path:     f.opt.Enc.FromStandardPath(path),
+		ParentID: parentID,
+	}
+
+	result = &api.FileInfo{}
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err := f.srv.CallJSON(ctx, &opts, payload, result)
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			return false, nil
+		}
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, false, fmt.Errorf("failed to get file id: %w", err)
+	}
+
+	if result.FileID == "" {
+		return nil, false, nil
+	}
+
+	return result, true, nil
+}
+
+// FindLeaf finds a directory of name leaf in the folder with ID pathID
+func (f *Fs) FindLeaf(ctx context.Context, pathID, leaf string) (folderID string, found bool, err error) {
+	result, found, err := f.fileID(ctx, pathID, leaf)
+	if err != nil {
+		return "", false, fmt.Errorf("find leaf: %w", err)
+	}
+
+	if !found {
+		return "", false, nil
+	}
+
+	if result.IsFile() {
+		return "", false, nil
+	}
+
+	return result.FileID, true, nil
+}
+
+// createDir creates directory in pathID with name leaf
+//
+// resolve - if true will resolve name conflict on server side, if false - will return error if object with this name exists
+func (f *Fs) createDir(ctx context.Context, pathID, leaf string, resolve bool) (newDir *api.File, err error) {
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/makedir",
+	}
+
+	payload := api.CreateDirParams{
+		Name:    f.opt.Enc.FromStandardName(leaf),
+		Target:  pathID,
+		Resolve: resolve,
+	}
+
+	newDir = &api.File{}
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err := f.srv.CallJSON(ctx, &opts, payload, newDir)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to create directory: %w", err)
+	}
+
+	return
+}
+
+// CreateDir makes a directory with pathID as parent and name leaf
+func (f *Fs) CreateDir(ctx context.Context, pathID, leaf string) (dirID string, err error) {
+	dir, err := f.createDir(ctx, pathID, leaf, false)
+	if err != nil {
+		return "", err
+	}
+
+	return dir.ID, nil
+}
+
+// Name of the remote (as passed into NewFs)
+func (f *Fs) Name() string {
+	return f.name
+}
+
+// Root of the remote (as passed into NewFs)
+func (f *Fs) Root() string {
+	return f.root
+}
+
+// String converts this Fs to a string
+func (f *Fs) String() string {
+	return f.description
+}
+
+// Precision return the precision of this Fs
+func (f *Fs) Precision() time.Duration {
+	return time.Microsecond
+}
+
+// Hashes returns the supported hash sets.
+func (f *Fs) Hashes() hash.Set {
+	return 0
+}
+
+// Features returns the optional features of this Fs
+func (f *Fs) Features() *fs.Features {
+	return f.features
+}
+
+// List the objects and directories in dir into entries.  The
+// entries can be returned in any order but should be for a
+// complete directory.
+//
+// dir should be "" to list the root, and should not have
+// trailing slashes.
+//
+// This should return ErrDirNotFound if the directory isn't
+// found.
+func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error) {
+	directoryID, err := f.dirCache.FindDir(ctx, dir, false)
+	if err != nil {
+		return nil, err
+	}
+
+	folder, err := f.metadata(ctx, directoryID, true)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, file := range folder.Content {
+		remote := path.Join(dir, f.opt.Enc.ToStandardName(file.Name))
+		if file.IsDir() {
+			f.dirCache.Put(remote, file.ID)
+
+			d := fs.NewDir(remote, time.Time(file.Modified)).SetID(file.ID).SetItems(file.Size)
+			// FIXME more info from dir?
+			entries = append(entries, d)
+		} else {
+			o := &Object{
+				fs:     f,
+				remote: remote,
+			}
+
+			err = o.setMetaData(&file)
+			if err != nil {
+				fs.Debugf(file, "failed to set object metadata: %s", err)
+			}
+
+			entries = append(entries, o)
+		}
+	}
+
+	return entries, nil
+}
+
+// NewObject finds the Object at remote.  If it can't be found
+// it returns the error fs.ErrorObjectNotFound.
+func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error) {
+	return f.newObjectWithInfo(ctx, remote, nil)
+}
+
+// Creates from the parameters passed in a half finished Object which
+// must have setMetaData called on it
+//
+// Returns the object, leaf, directoryID and error.
+//
+// Used to create new objects
+func (f *Fs) createObject(ctx context.Context, remote string) (o *Object, leaf string, directoryID string, err error) {
+	// Create the directory for the object if it doesn't exist
+	leaf, directoryID, err = f.dirCache.FindPath(ctx, remote, true)
+	if err != nil {
+		return
+	}
+	// Temporary Object under construction
+	o = &Object{
+		fs:     f,
+		remote: remote,
+	}
+	return o, leaf, directoryID, nil
+}
+
+// Put the object into the container
+//
+// Copy the reader in to the new object which is returned.
+//
+// The new object may have been created if an error is returned
+func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+	remote := src.Remote()
+	size := src.Size()
+	mtime := src.ModTime(ctx)
+
+	o := &Object{
+		fs:      f,
+		remote:  remote,
+		size:    size,
+		modTime: mtime,
+	}
+
+	return o, o.Update(ctx, in, src, options...)
+}
+
+func (f *Fs) rootSlash() string {
+	if f.root == "" {
+		return f.root
+	}
+	return f.root + "/"
+}
+
+func (f *Fs) newObjectWithInfo(ctx context.Context, remote string, info *api.File) (fs.Object, error) {
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+	var err error
+	if info != nil {
+		// Set info
+		err = o.setMetaData(info)
+	} else {
+		err = o.readMetaData(ctx) // reads info and meta, returning an error
+	}
+	if err != nil {
+		return nil, err
+	}
+	return o, nil
+}
+
+// setMetaData sets the metadata from info
+func (o *Object) setMetaData(info *api.File) (err error) {
+	if info.IsDir() {
+		fs.Debugf(o, "%q is %q", o.remote, info.Type)
+		return fs.ErrorIsDir
+	}
+
+	if !info.IsFile() {
+		fs.Debugf(o, "%q is %q", o.remote, info.Type)
+		return fmt.Errorf("%q is %q: %w", o.remote, info.Type, fs.ErrorNotAFile)
+	}
+
+	o.size = info.Size
+	o.modTime = time.Time(info.ModifiedMS)
+	o.id = info.ID
+	o.hasMetaData = true
+	o.obType = info.Type
+
+	return nil
+}
+
+func (o *Object) readMetaData(ctx context.Context) (err error) {
+	if o.hasMetaData {
+		return nil
+	}
+
+	leaf, directoryID, err := o.fs.dirCache.FindPath(ctx, o.remote, false)
+	if err != nil {
+		if err == fs.ErrorDirNotFound {
+			return fs.ErrorObjectNotFound
+		}
+		return err
+	}
+
+	file, found, err := o.fs.fileID(ctx, directoryID, leaf)
+	if err != nil {
+		return fmt.Errorf("read metadata: fileID: %w", err)
+	}
+
+	if !found {
+		fs.Debugf(nil, "object not found: remote %s: directory %s: leaf %s", o.remote, directoryID, leaf)
+		return fs.ErrorObjectNotFound
+	}
+
+	result, err := o.fs.metadata(ctx, file.FileID, false)
+	if err != nil {
+		return fmt.Errorf("get file metadata: %w", err)
+	}
+
+	return o.setMetaData(result)
+}
+
+// Mkdir creates the container if it doesn't exist
+func (f *Fs) Mkdir(ctx context.Context, dir string) error {
+	_, err := f.dirCache.FindDir(ctx, dir, true)
+	return err
+}
+
+// Rmdir deletes the root folder
+//
+// Returns an error if it isn't empty
+func (f *Fs) Rmdir(ctx context.Context, dir string) error {
+	return f.purgeCheck(ctx, dir, true)
+}
+
+// DirCacheFlush resets the directory cache - used in testing as an
+// optional interface
+func (f *Fs) DirCacheFlush() {
+	f.dirCache.ResetRoot()
+}
+
+func (f *Fs) metadata(ctx context.Context, id string, withContent bool) (result *api.File, err error) {
+	parameters := url.Values{}
+	if !withContent {
+		parameters.Add("content", "0")
+	}
+
+	opts := rest.Opts{
+		Method:     "GET",
+		Path:       path.Join("file/metadata", id),
+		Parameters: parameters,
+	}
+
+	result = &api.File{}
+
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, nil, result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			return nil, fs.ErrorObjectNotFound
+		}
+
+		return nil, fmt.Errorf("failed to get file metadata: %w", err)
+	}
+
+	return result, nil
+}
+
+func (f *Fs) setMTime(ctx context.Context, id string, t time.Time) (result *api.File, err error) {
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/metadata",
+	}
+
+	params := &api.SetMTimeParams{
+		ID:    id,
+		MTime: api.JSONTime(t),
+	}
+
+	result = &api.File{}
+
+	var resp *http.Response
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, params, result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			return nil, fs.ErrorObjectNotFound
+		}
+
+		return nil, fmt.Errorf("failed to set file metadata: %w", err)
+	}
+
+	return result, nil
+}
+
+func (f *Fs) deleteObject(ctx context.Context, id string) error {
+	payload := &api.DeleteParams{
+		IDs:               []string{id},
+		DeletePermanently: f.opt.HardDelete,
+	}
+
+	result := &api.IDList{}
+
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/delete",
+	}
+
+	err := f.pacer.Call(func() (bool, error) {
+		resp, err := f.srv.CallJSON(ctx, &opts, payload, result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return err
+	}
+
+	for _, removedID := range result.IDs {
+		if removedID == id {
+			return nil
+		}
+	}
+
+	return fmt.Errorf("file %s was not deleted successfully", id)
+}
+
+func (f *Fs) purgeCheck(ctx context.Context, dir string, check bool) error {
+	root := path.Join(f.root, dir)
+	if root == "" {
+		return errors.New("can't purge root directory")
+	}
+
+	rootID, err := f.dirCache.FindDir(ctx, dir, false)
+	if err != nil {
+		return err
+	}
+
+	if check {
+		file, err := f.metadata(ctx, rootID, false)
+		if err != nil {
+			return err
+		}
+
+		if file.IsFile() {
+			return fs.ErrorIsFile
+		}
+
+		if file.Size != 0 {
+			return fs.ErrorDirectoryNotEmpty
+		}
+	}
+
+	err = f.deleteObject(ctx, rootID)
+	if err != nil {
+		return err
+	}
+
+	f.dirCache.FlushDir(dir)
+
+	return nil
+}
+
+// Purge deletes all the files in the directory
+//
+// Optional interface: Only implement this if you have a way of
+// deleting all the files quicker than just running Remove() on the
+// result of List()
+func (f *Fs) Purge(ctx context.Context, dir string) error {
+	return f.purgeCheck(ctx, dir, false)
+}
+
+// Copy src to this remote using server-side copy operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantCopy
+func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't copy - not same remote type")
+		return nil, fs.ErrorCantCopy
+	}
+
+	if srcObj.fs == f {
+		srcPath := srcObj.rootPath()
+		dstPath := f.rootPath(remote)
+		if srcPath == dstPath {
+			return nil, fmt.Errorf("can't copy %q -> %q as they are same", srcPath, dstPath)
+		}
+	}
+
+	err := srcObj.readMetaData(ctx)
+	if err != nil {
+		fs.Debugf(srcObj, "read metadata for %s: %s", srcObj.rootPath(), err)
+		return nil, err
+	}
+
+	_, _, err = srcObj.fs.dirCache.FindPath(ctx, srcObj.remote, false)
+	if err != nil {
+		return nil, err
+	}
+
+	dstObj, dstLeaf, directoryID, err := f.createObject(ctx, remote)
+	if err != nil {
+		fs.Debugf(srcObj, "create empty object for %s: %s", dstObj.rootPath(), err)
+		return nil, err
+	}
+
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/copyone",
+	}
+
+	params := &api.FileCopyMoveOneParams{
+		ID:          srcObj.id,
+		Target:      directoryID,
+		Resolve:     true,
+		MTime:       api.JSONTime(srcObj.ModTime(ctx)),
+		Name:        dstLeaf,
+		ResolveMode: api.OverwriteMode,
+	}
+
+	result := &api.File{}
+
+	var resp *http.Response
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, params, result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			return nil, fs.ErrorObjectNotFound
+		}
+
+		return nil, fmt.Errorf("failed to copy: %w", err)
+	}
+
+	err = dstObj.setMetaData(result)
+	if err != nil {
+		return nil, err
+	}
+
+	return dstObj, nil
+}
+
+// Move src to this remote using server-side move operations.
+//
+// This is stored with the remote path given.
+//
+// It returns the destination Object and a possible error.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantMove
+func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't move - not same remote type")
+		return nil, fs.ErrorCantMove
+	}
+
+	_, _, err := srcObj.fs.dirCache.FindPath(ctx, srcObj.remote, false)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create temporary object
+	dstObj, dstLeaf, directoryID, err := f.createObject(ctx, remote)
+	if err != nil {
+		return nil, err
+	}
+
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/moveone",
+	}
+
+	params := &api.FileCopyMoveOneParams{
+		ID:          srcObj.id,
+		Target:      directoryID,
+		Resolve:     true,
+		MTime:       api.JSONTime(srcObj.ModTime(ctx)),
+		Name:        dstLeaf,
+		ResolveMode: api.OverwriteMode,
+	}
+
+	var resp *http.Response
+	result := &api.File{}
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, params, result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			return nil, fs.ErrorObjectNotFound
+		}
+
+		return nil, fmt.Errorf("failed to move: %w", err)
+	}
+
+	err = dstObj.setMetaData(result)
+	if err != nil {
+		return nil, err
+	}
+
+	return dstObj, nil
+}
+
+// DirMove moves src, srcRemote to this remote at dstRemote
+// using server-side move operations.
+//
+// Will only be called if src.Fs().Name() == f.Name()
+//
+// If it isn't possible then return fs.ErrorCantDirMove
+//
+// If destination exists then return fs.ErrorDirExists
+func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string) error {
+	srcFs, ok := src.(*Fs)
+	if !ok {
+		fs.Debugf(srcFs, "Can't move directory - not same remote type")
+		return fs.ErrorCantDirMove
+	}
+
+	srcID, _, _, dstDirectoryID, dstLeaf, err := f.dirCache.DirMove(ctx, srcFs.dirCache, srcFs.root, srcRemote, f.root, dstRemote)
+	if err != nil {
+		return err
+	}
+
+	srcInfo, err := f.metadata(ctx, srcID, false)
+	if err != nil {
+		return err
+	}
+
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/moveone",
+	}
+
+	params := &api.FileCopyMoveOneParams{
+		ID:      srcID,
+		Target:  dstDirectoryID,
+		Resolve: false,
+		MTime:   srcInfo.ModifiedMS,
+		Name:    dstLeaf,
+	}
+
+	var resp *http.Response
+	result := &api.File{}
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, params, result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			return fs.ErrorObjectNotFound
+		}
+
+		return fmt.Errorf("failed to move dir: %w", err)
+	}
+
+	srcFs.dirCache.FlushDir(srcRemote)
+
+	return nil
+}
+
+// About gets quota information
+func (f *Fs) About(ctx context.Context) (usage *fs.Usage, err error) {
+	opts := rest.Opts{
+		Method: "GET",
+		Path:   "profile/info",
+	}
+	var (
+		user api.ProfileInfo
+		resp *http.Response
+	)
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, nil, &user)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to read profile info: %w", err)
+	}
+
+	free := user.AccLimit - user.UserUsed
+
+	if user.UserLimit > unlimitedUserQuota {
+		free = user.UserLimit - user.UserUsed
+	}
+
+	usage = &fs.Usage{
+		Used:  fs.NewUsageValue(user.UserUsed), // bytes in use
+		Total: fs.NewUsageValue(user.AccLimit), // bytes total
+		Free:  fs.NewUsageValue(free),          // bytes free
+	}
+
+	return usage, nil
+}
+
+// Fs return the parent Fs
+func (o *Object) Fs() fs.Info {
+	return o.fs
+}
+
+// String returns object remote path
+func (o *Object) String() string {
+	if o == nil {
+		return "<nil>"
+	}
+	return o.remote
+}
+
+// Remote returns the remote path
+func (o *Object) Remote() string {
+	return o.remote
+}
+
+// rootPath returns a path for use in server given a remote
+func (f *Fs) rootPath(remote string) string {
+	return f.rootSlash() + remote
+}
+
+// rootPath returns a path for use in local functions
+func (o *Object) rootPath() string {
+	return o.fs.rootPath(o.remote)
+}
+
+// Size returns the size of an object in bytes
+func (o *Object) Size() int64 {
+	err := o.readMetaData(context.TODO())
+	if err != nil {
+		fs.Logf(o, "Failed to read metadata: %v", err)
+		return 0
+	}
+
+	return o.size
+}
+
+// ModTime returns the modification time of the object
+func (o *Object) ModTime(ctx context.Context) time.Time {
+	err := o.readMetaData(ctx)
+	if err != nil {
+		fs.Logf(o, "Failed to read metadata: %v", err)
+		return time.Now()
+	}
+
+	return o.modTime
+}
+
+// Storable returns a boolean showing whether this object storable
+func (o *Object) Storable() bool {
+	return true
+}
+
+// ID returns the ID of the Object if known, or "" if not
+func (o *Object) ID() string {
+	return o.id
+}
+
+// Hash returns the SHA-1 of an object. Not supported yet.
+func (o *Object) Hash(ctx context.Context, ty hash.Type) (string, error) {
+	return "", nil
+}
+
+// Remove an object
+func (o *Object) Remove(ctx context.Context) error {
+	err := o.fs.deleteObject(ctx, o.id)
+	if err != nil {
+		return err
+	}
+
+	if o.obType != "F" {
+		o.fs.dirCache.FlushDir(o.remote)
+	}
+
+	return nil
+}
+
+// Open an object for read
+func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.ReadCloser, err error) {
+	if o.id == "" {
+		return nil, errors.New("can't download - no id")
+	}
+
+	linkID, err := o.fs.downloadLink(ctx, o.id)
+	if err != nil {
+		return nil, err
+	}
+
+	fs.FixRangeOption(options, o.size)
+
+	opts := rest.Opts{
+		Method:  "GET",
+		Path:    "/file/download/" + linkID,
+		Options: options,
+	}
+
+	var resp *http.Response
+
+	err = o.fs.pacer.Call(func() (bool, error) {
+		resp, err = o.fs.srv.Call(ctx, &opts)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, err
+	}
+	return resp.Body, err
+}
+
+func (f *Fs) downloadLink(ctx context.Context, id string) (linkID string, err error) {
+	linkParams := &api.IDList{
+		IDs: []string{id},
+	}
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/download-link",
+	}
+
+	var resp *http.Response
+	link := &api.DownloadLinkResponse{}
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err = f.srv.CallJSON(ctx, &opts, linkParams, &link)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return "", err
+	}
+	return link.ID, nil
+}
+
+// SetModTime sets the modification time of the local fs object
+func (o *Object) SetModTime(ctx context.Context, t time.Time) error {
+	file, err := o.fs.setMTime(ctx, o.id, t)
+	if err != nil {
+		return fmt.Errorf("set mtime: %w", err)
+	}
+
+	return o.setMetaData(file)
+}
+
+// Update the object with the contents of the io.Reader, modTime and size
+//
+// The new object may have been created if an error is returned
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
+	size := src.Size()
+	modTime := src.ModTime(ctx)
+	remote := o.Remote()
+
+	// Create the directory for the object if it doesn't exist
+	leaf, directoryID, err := o.fs.dirCache.FindPath(ctx, remote, true)
+	if err != nil {
+		return err
+	}
+
+	uploadSession, err := o.uploadSession(ctx, directoryID, leaf)
+	if err != nil {
+		return fmt.Errorf("object update: %w", err)
+	}
+
+	o.id = uploadSession.FileID
+
+	defer func() {
+		if err == nil {
+			return
+		}
+
+		deleteErr := o.fs.deleteObject(ctx, o.id)
+		if deleteErr != nil {
+			fs.Logf(o.remote, "remove: %s", deleteErr)
+		}
+	}()
+
+	return o.dynamicUpload(ctx, size, modTime, in, uploadSession, options...)
+}
+
+// dynamicUpload uploads object in chunks, which are being dynamically recalculated on each iteration
+// depending on upload speed in order to make upload faster
+func (o *Object) dynamicUpload(ctx context.Context, size int64, modTime time.Time, in io.Reader,
+	uploadSession *api.UploadLinkResponse, options ...fs.OpenOption) error {
+	var (
+		speed      float64
+		localChunk int64
+	)
+
+	defer o.fs.uploadMemoryManager.Return(o.id)
+
+	for offset := int64(0); offset < size; offset += localChunk {
+		localChunk = o.fs.uploadMemoryManager.Consume(o.id, size-offset, speed)
+
+		rw := multipart.NewRW()
+
+		_, err := io.CopyN(rw, in, localChunk)
+		if err != nil {
+			return fmt.Errorf("read chunk with offset %d size %d: %w", offset, localChunk, err)
+		}
+
+		start := time.Now()
+
+		err = o.upload(ctx, uploadSession.UploadKey, rw, size, offset, localChunk, options...)
+		if err != nil {
+			return fmt.Errorf("upload chunk with offset %d size %d: %w", offset, localChunk, err)
+		}
+
+		speed = float64(localChunk) / (float64(time.Since(start)) / 1e9)
+	}
+
+	o.fs.uploadMemoryManager.Return(o.id)
+
+	finalizeResult, err := o.finalize(ctx, uploadSession.UploadKey, modTime)
+	if err != nil {
+		return fmt.Errorf("upload %s finalize: %w", uploadSession.UploadKey, err)
+	}
+
+	if size >= 0 && finalizeResult.FileSize != size {
+		return fmt.Errorf("expected size %d, got %d", size, finalizeResult.FileSize)
+	}
+
+	o.size = size
+	o.modTime = modTime
+
+	return nil
+}
+
+func (f *Fs) uploadLink(ctx context.Context, parentID, name string) (upload *api.UploadLinkResponse, err error) {
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "upload/link",
+	}
+
+	payload := api.UploadLinkParams{
+		Name:     name,
+		ParentID: parentID,
+		Resolve:  false,
+	}
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err := f.srv.CallJSON(ctx, &opts, &payload, &upload)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get upload link: %w", err)
+	}
+
+	return upload, nil
+}
+
+func (f *Fs) modifyLink(ctx context.Context, fileID string) (upload *api.UploadLinkResponse, err error) {
+	opts := rest.Opts{
+		Method: "POST",
+		Path:   "file/modify",
+	}
+
+	payload := api.FileModifyParams{
+		ID:       fileID,
+		Truncate: 0,
+	}
+
+	err = f.pacer.Call(func() (bool, error) {
+		resp, err := f.srv.CallJSON(ctx, &opts, &payload, &upload)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get modify link: %w", err)
+	}
+
+	return upload, nil
+}
+
+func (o *Object) uploadSession(ctx context.Context, parentID, name string) (upload *api.UploadLinkResponse, err error) {
+	encName := o.fs.opt.Enc.FromStandardName(name)
+	fileID, found, err := o.fs.fileID(ctx, parentID, encName)
+	if err != nil {
+		return nil, fmt.Errorf("get file_id: %w", err)
+	}
+
+	if found {
+		return o.fs.modifyLink(ctx, fileID.FileID)
+	}
+
+	return o.fs.uploadLink(ctx, parentID, encName)
+}
+
+func (o *Object) upload(ctx context.Context, uploadKey string, chunk io.Reader, fullSize int64, offset int64, chunkSize int64, options ...fs.OpenOption) (err error) {
+	opts := rest.Opts{
+		Method:       "POST",
+		RootURL:      fmt.Sprintf(uploadURL, o.fs.opt.Host) + uploadKey,
+		Body:         chunk,
+		ContentRange: fmt.Sprintf("bytes %d-%d/%d", offset, offset+chunkSize, fullSize),
+		Options:      options,
+	}
+
+	var fileID string
+
+	err = o.fs.pacer.Call(func() (bool, error) {
+		resp, err := o.fs.srv.CallJSON(ctx, &opts, nil, &fileID)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return fmt.Errorf("failed to get upload chunk: %w", err)
+	}
+
+	return nil
+}
+
+func (o *Object) finalize(ctx context.Context, uploadKey string, mtime time.Time) (result *api.UploadFinalizeResponse, err error) {
+	queryParams := url.Values{}
+	queryParams.Add("mtime", strconv.FormatFloat(float64(mtime.UTC().UnixNano())/1e9, 'f', 6, 64))
+
+	opts := rest.Opts{
+		Method:     "GET",
+		Path:       path.Join("upload/finalize", uploadKey),
+		Parameters: queryParams,
+	}
+
+	result = &api.UploadFinalizeResponse{}
+
+	err = o.fs.pacer.Call(func() (bool, error) {
+		resp, err := o.fs.srv.CallJSON(ctx, &opts, nil, result)
+		return shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to finalize: %w", err)
+	}
+
+	return result, nil
+}
+
+// Check the interfaces are satisfied
+var (
+	_ fs.Fs              = (*Fs)(nil)
+	_ fs.Purger          = (*Fs)(nil)
+	_ fs.Copier          = (*Fs)(nil)
+	_ fs.Abouter         = (*Fs)(nil)
+	_ fs.Mover           = (*Fs)(nil)
+	_ fs.DirMover        = (*Fs)(nil)
+	_ dircache.DirCacher = (*Fs)(nil)
+	_ fs.DirCacheFlusher = (*Fs)(nil)
+	_ fs.Object          = (*Object)(nil)
+	_ fs.IDer            = (*Object)(nil)
+)
diff --git a/backend/quatrix/quatrix_test.go b/backend/quatrix/quatrix_test.go
new file mode 100644
index 0000000000000..c9759f1880487
--- /dev/null
+++ b/backend/quatrix/quatrix_test.go
@@ -0,0 +1,17 @@
+// Test Quatrix filesystem interface
+package quatrix_test
+
+import (
+	"testing"
+
+	"github.com/rclone/rclone/backend/quatrix"
+	"github.com/rclone/rclone/fstest/fstests"
+)
+
+// TestIntegration runs integration tests against the remote
+func TestIntegration(t *testing.T) {
+	fstests.Run(t, &fstests.Opt{
+		RemoteName: "TestQuatrix:",
+		NilObject:  (*quatrix.Object)(nil),
+	})
+}
diff --git a/backend/quatrix/upload_memory.go b/backend/quatrix/upload_memory.go
new file mode 100644
index 0000000000000..615b785409019
--- /dev/null
+++ b/backend/quatrix/upload_memory.go
@@ -0,0 +1,108 @@
+package quatrix
+
+import (
+	"sync"
+	"time"
+
+	"github.com/rclone/rclone/fs"
+)
+
+// UploadMemoryManager dynamically calculates every chunk size for the transfer and increases or decreases it
+// depending on the upload speed. This makes general upload time smaller, because transfers that are faster
+// does not have to wait for the slower ones until they finish upload.
+type UploadMemoryManager struct {
+	m              sync.Mutex
+	useDynamicSize bool
+	shared         int64
+	reserved       int64
+	effectiveTime  time.Duration
+	fileUsage      map[string]int64
+}
+
+// NewUploadMemoryManager is a constructor for UploadMemoryManager
+func NewUploadMemoryManager(ci *fs.ConfigInfo, opt *Options) *UploadMemoryManager {
+	useDynamicSize := true
+
+	sharedMemory := int64(opt.MaximalSummaryChunkSize) - int64(opt.MinimalChunkSize)*int64(ci.Transfers)
+	if sharedMemory <= 0 {
+		sharedMemory = 0
+		useDynamicSize = false
+	}
+
+	return &UploadMemoryManager{
+		useDynamicSize: useDynamicSize,
+		shared:         sharedMemory,
+		reserved:       int64(opt.MinimalChunkSize),
+		effectiveTime:  time.Duration(opt.EffectiveUploadTime),
+		fileUsage:      map[string]int64{},
+	}
+}
+
+// Consume -- decide amount of memory to consume
+func (u *UploadMemoryManager) Consume(fileID string, neededMemory int64, speed float64) int64 {
+	if !u.useDynamicSize {
+		if neededMemory < u.reserved {
+			return neededMemory
+		}
+
+		return u.reserved
+	}
+
+	u.m.Lock()
+	defer u.m.Unlock()
+
+	borrowed, found := u.fileUsage[fileID]
+	if found {
+		u.shared += borrowed
+		borrowed = 0
+	}
+
+	defer func() { u.fileUsage[fileID] = borrowed }()
+
+	effectiveChunkSize := int64(speed * u.effectiveTime.Seconds())
+
+	if effectiveChunkSize < u.reserved {
+		effectiveChunkSize = u.reserved
+	}
+
+	if neededMemory < effectiveChunkSize {
+		effectiveChunkSize = neededMemory
+	}
+
+	if effectiveChunkSize <= u.reserved {
+		return effectiveChunkSize
+	}
+
+	toBorrow := effectiveChunkSize - u.reserved
+
+	if toBorrow <= u.shared {
+		u.shared -= toBorrow
+		borrowed = toBorrow
+
+		return effectiveChunkSize
+	}
+
+	borrowed = u.shared
+	u.shared = 0
+
+	return borrowed + u.reserved
+}
+
+// Return returns consumed memory for the previous chunk upload to the memory pool
+func (u *UploadMemoryManager) Return(fileID string) {
+	if !u.useDynamicSize {
+		return
+	}
+
+	u.m.Lock()
+	defer u.m.Unlock()
+
+	borrowed, found := u.fileUsage[fileID]
+	if !found {
+		return
+	}
+
+	u.shared += borrowed
+
+	delete(u.fileUsage, fileID)
+}
diff --git a/backend/s3/s3.go b/backend/s3/s3.go
index d269b017c3cc3..8f690b38dc1f8 100644
--- a/backend/s3/s3.go
+++ b/backend/s3/s3.go
@@ -1,4 +1,4 @@
-// Package s3 provides an interface to Amazon S3 oject storage
+// Package s3 provides an interface to Amazon S3 object storage
 package s3
 
 //go:generate go run gen_setfrom.go -o setfrom.go
@@ -15,6 +15,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math"
 	"net/http"
 	"net/url"
 	"path"
@@ -53,20 +54,144 @@ import (
 	"github.com/rclone/rclone/lib/atexit"
 	"github.com/rclone/rclone/lib/bucket"
 	"github.com/rclone/rclone/lib/encoder"
+	"github.com/rclone/rclone/lib/multipart"
 	"github.com/rclone/rclone/lib/pacer"
 	"github.com/rclone/rclone/lib/pool"
 	"github.com/rclone/rclone/lib/readers"
 	"github.com/rclone/rclone/lib/rest"
 	"github.com/rclone/rclone/lib/version"
 	"golang.org/x/net/http/httpguts"
-	"golang.org/x/sync/errgroup"
 )
 
+// The S3 providers
+//
+// Please keep these in alphabetical order, but with AWS first and
+// Other last.
+//
+// NB if you add a new provider here, then add it in the setQuirks
+// function and set the correct quirks. Test the quirks are correct by
+// running the integration tests "go test -v -remote NewS3Provider:".
+//
+// See https://github.com/rclone/rclone/blob/master/CONTRIBUTING.md#adding-a-new-s3-provider
+// for full information about how to add a new s3 provider.
+var providerOption = fs.Option{
+	Name: fs.ConfigProvider,
+	Help: "Choose your S3 provider.",
+	Examples: []fs.OptionExample{{
+		Value: "AWS",
+		Help:  "Amazon Web Services (AWS) S3",
+	}, {
+		Value: "Alibaba",
+		Help:  "Alibaba Cloud Object Storage System (OSS) formerly Aliyun",
+	}, {
+		Value: "ArvanCloud",
+		Help:  "Arvan Cloud Object Storage (AOS)",
+	}, {
+		Value: "Ceph",
+		Help:  "Ceph Object Storage",
+	}, {
+		Value: "ChinaMobile",
+		Help:  "China Mobile Ecloud Elastic Object Storage (EOS)",
+	}, {
+		Value: "Cloudflare",
+		Help:  "Cloudflare R2 Storage",
+	}, {
+		Value: "DigitalOcean",
+		Help:  "DigitalOcean Spaces",
+	}, {
+		Value: "Dreamhost",
+		Help:  "Dreamhost DreamObjects",
+	}, {
+		Value: "GCS",
+		Help:  "Google Cloud Storage",
+	}, {
+		Value: "HuaweiOBS",
+		Help:  "Huawei Object Storage Service",
+	}, {
+		Value: "IBMCOS",
+		Help:  "IBM COS S3",
+	}, {
+		Value: "IDrive",
+		Help:  "IDrive e2",
+	}, {
+		Value: "IONOS",
+		Help:  "IONOS Cloud",
+	}, {
+		Value: "LyveCloud",
+		Help:  "Seagate Lyve Cloud",
+	}, {
+		Value: "Leviia",
+		Help:  "Leviia Object Storage",
+	}, {
+		Value: "Liara",
+		Help:  "Liara Object Storage",
+	}, {
+		Value: "Linode",
+		Help:  "Linode Object Storage",
+	}, {
+		Value: "Minio",
+		Help:  "Minio Object Storage",
+	}, {
+		Value: "Netease",
+		Help:  "Netease Object Storage (NOS)",
+	}, {
+		Value: "Petabox",
+		Help:  "Petabox Object Storage",
+	}, {
+		Value: "RackCorp",
+		Help:  "RackCorp Object Storage",
+	}, {
+		Value: "Rclone",
+		Help:  "Rclone S3 Server",
+	}, {
+		Value: "Scaleway",
+		Help:  "Scaleway Object Storage",
+	}, {
+		Value: "SeaweedFS",
+		Help:  "SeaweedFS S3",
+	}, {
+		Value: "StackPath",
+		Help:  "StackPath Object Storage",
+	}, {
+		Value: "Storj",
+		Help:  "Storj (S3 Compatible Gateway)",
+	}, {
+		Value: "Synology",
+		Help:  "Synology C2 Object Storage",
+	}, {
+		Value: "TencentCOS",
+		Help:  "Tencent Cloud Object Storage (COS)",
+	}, {
+		Value: "Wasabi",
+		Help:  "Wasabi Object Storage",
+	}, {
+		Value: "Qiniu",
+		Help:  "Qiniu Object Storage (Kodo)",
+	}, {
+		Value: "Other",
+		Help:  "Any other S3 compatible provider",
+	}},
+}
+
+var providersList string
+
 // Register with Fs
 func init() {
+	var s strings.Builder
+	for i, provider := range providerOption.Examples {
+		if provider.Value == "Other" {
+			_, _ = s.WriteString(" and others")
+		} else {
+			if i != 0 {
+				_, _ = s.WriteString(", ")
+			}
+			_, _ = s.WriteString(provider.Value)
+		}
+	}
+	providersList = s.String()
 	fs.Register(&fs.RegInfo{
 		Name:        "s3",
-		Description: "Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi",
+		Description: "Amazon S3 Compliant Storage Providers including " + providersList,
 		NewFs:       NewFs,
 		CommandHelp: commandHelp,
 		Config: func(ctx context.Context, name string, m configmap.Mapper, config fs.ConfigIn) (*fs.ConfigOut, error) {
@@ -80,88 +205,7 @@ func init() {
 			System: systemMetadataInfo,
 			Help:   `User metadata is stored as x-amz-meta- keys. S3 metadata keys are case insensitive and are always returned in lower case.`,
 		},
-		Options: []fs.Option{{
-			Name: fs.ConfigProvider,
-			Help: "Choose your S3 provider.",
-			// NB if you add a new provider here, then add it in the
-			// setQuirks function and set the correct quirks
-			Examples: []fs.OptionExample{{
-				Value: "AWS",
-				Help:  "Amazon Web Services (AWS) S3",
-			}, {
-				Value: "Alibaba",
-				Help:  "Alibaba Cloud Object Storage System (OSS) formerly Aliyun",
-			}, {
-				Value: "Ceph",
-				Help:  "Ceph Object Storage",
-			}, {
-				Value: "ChinaMobile",
-				Help:  "China Mobile Ecloud Elastic Object Storage (EOS)",
-			}, {
-				Value: "Cloudflare",
-				Help:  "Cloudflare R2 Storage",
-			}, {
-				Value: "ArvanCloud",
-				Help:  "Arvan Cloud Object Storage (AOS)",
-			}, {
-				Value: "DigitalOcean",
-				Help:  "DigitalOcean Spaces",
-			}, {
-				Value: "Dreamhost",
-				Help:  "Dreamhost DreamObjects",
-			}, {
-				Value: "HuaweiOBS",
-				Help:  "Huawei Object Storage Service",
-			}, {
-				Value: "IBMCOS",
-				Help:  "IBM COS S3",
-			}, {
-				Value: "IDrive",
-				Help:  "IDrive e2",
-			}, {
-				Value: "IONOS",
-				Help:  "IONOS Cloud",
-			}, {
-				Value: "LyveCloud",
-				Help:  "Seagate Lyve Cloud",
-			}, {
-				Value: "Liara",
-				Help:  "Liara Object Storage",
-			}, {
-				Value: "Minio",
-				Help:  "Minio Object Storage",
-			}, {
-				Value: "Netease",
-				Help:  "Netease Object Storage (NOS)",
-			}, {
-				Value: "RackCorp",
-				Help:  "RackCorp Object Storage",
-			}, {
-				Value: "Scaleway",
-				Help:  "Scaleway Object Storage",
-			}, {
-				Value: "SeaweedFS",
-				Help:  "SeaweedFS S3",
-			}, {
-				Value: "StackPath",
-				Help:  "StackPath Object Storage",
-			}, {
-				Value: "Storj",
-				Help:  "Storj (S3 Compatible Gateway)",
-			}, {
-				Value: "TencentCOS",
-				Help:  "Tencent Cloud Object Storage (COS)",
-			}, {
-				Value: "Wasabi",
-				Help:  "Wasabi Object Storage",
-			}, {
-				Value: "Qiniu",
-				Help:  "Qiniu Object Storage (Kodo)",
-			}, {
-				Value: "Other",
-				Help:  "Any other S3 compatible provider",
-			}},
-		}, {
+		Options: []fs.Option{providerOption, {
 			Name:    "env_auth",
 			Help:    "Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).\n\nOnly applies if access_key_id and secret_access_key is blank.",
 			Default: false,
@@ -173,11 +217,13 @@ func init() {
 				Help:  "Get AWS credentials from the environment (env vars or IAM).",
 			}},
 		}, {
-			Name: "access_key_id",
-			Help: "AWS Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.",
+			Name:      "access_key_id",
+			Help:      "AWS Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.",
+			Sensitive: true,
 		}, {
-			Name: "secret_access_key",
-			Help: "AWS Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.",
+			Name:      "secret_access_key",
+			Help:      "AWS Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.",
+			Sensitive: true,
 		}, {
 			// References:
 			// 1. https://docs.aws.amazon.com/general/latest/gr/rande.html
@@ -437,10 +483,50 @@ func init() {
 				Value: "eu-south-2",
 				Help:  "Logrono, Spain",
 			}},
+		}, {
+			Name:     "region",
+			Help:     "Region where your bucket will be created and your data stored.\n",
+			Provider: "Petabox",
+			Examples: []fs.OptionExample{{
+				Value: "us-east-1",
+				Help:  "US East (N. Virginia)",
+			}, {
+				Value: "eu-central-1",
+				Help:  "Europe (Frankfurt)",
+			}, {
+				Value: "ap-southeast-1",
+				Help:  "Asia Pacific (Singapore)",
+			}, {
+				Value: "me-south-1",
+				Help:  "Middle East (Bahrain)",
+			}, {
+				Value: "sa-east-1",
+				Help:  "South America (São Paulo)",
+			}},
+		}, {
+			Name:     "region",
+			Help:     "Region where your data stored.\n",
+			Provider: "Synology",
+			Examples: []fs.OptionExample{{
+				Value: "eu-001",
+				Help:  "Europe Region 1",
+			}, {
+				Value: "eu-002",
+				Help:  "Europe Region 2",
+			}, {
+				Value: "us-001",
+				Help:  "US Region 1",
+			}, {
+				Value: "us-002",
+				Help:  "US Region 2",
+			}, {
+				Value: "tw-001",
+				Help:  "Asia (Taiwan)",
+			}},
 		}, {
 			Name:     "region",
 			Help:     "Region to connect to.\n\nLeave blank if you are using an S3 clone and you don't have a region.",
-			Provider: "!AWS,Alibaba,ChinaMobile,Cloudflare,IONOS,ArvanCloud,Liara,Qiniu,RackCorp,Scaleway,Storj,TencentCOS,HuaweiOBS,IDrive",
+			Provider: "!AWS,Alibaba,ArvanCloud,ChinaMobile,Cloudflare,IONOS,Petabox,Liara,Linode,Qiniu,RackCorp,Scaleway,Storj,Synology,TencentCOS,HuaweiOBS,IDrive",
 			Examples: []fs.OptionExample{{
 				Value: "",
 				Help:  "Use this if unsure.\nWill use v4 signatures and an empty region.",
@@ -549,15 +635,15 @@ func init() {
 				Help:  "Anhui China (Huainan)",
 			}},
 		}, {
-			// ArvanCloud endpoints: https://www.arvancloud.com/en/products/cloud-storage
+			// ArvanCloud endpoints: https://www.arvancloud.ir/en/products/cloud-storage
 			Name:     "endpoint",
 			Help:     "Endpoint for Arvan Cloud Object Storage (AOS) API.",
 			Provider: "ArvanCloud",
 			Examples: []fs.OptionExample{{
-				Value: "s3.ir-thr-at1.arvanstorage.com",
-				Help:  "The default endpoint - a good choice if you are unsure.\nTehran Iran (Asiatech)",
+				Value: "s3.ir-thr-at1.arvanstorage.ir",
+				Help:  "The default endpoint - a good choice if you are unsure.\nTehran Iran (Simin)",
 			}, {
-				Value: "s3.ir-tbz-sh1.arvanstorage.com",
+				Value: "s3.ir-tbz-sh1.arvanstorage.ir",
 				Help:  "Tabriz Iran (Shahriar)",
 			}},
 		}, {
@@ -765,6 +851,39 @@ func init() {
 				Value: "s3-eu-south-2.ionoscloud.com",
 				Help:  "Logrono, Spain",
 			}},
+		}, {
+			Name:     "endpoint",
+			Help:     "Endpoint for Petabox S3 Object Storage.\n\nSpecify the endpoint from the same region.",
+			Provider: "Petabox",
+			Required: true,
+			Examples: []fs.OptionExample{{
+				Value: "s3.petabox.io",
+				Help:  "US East (N. Virginia)",
+			}, {
+				Value: "s3.us-east-1.petabox.io",
+				Help:  "US East (N. Virginia)",
+			}, {
+				Value: "s3.eu-central-1.petabox.io",
+				Help:  "Europe (Frankfurt)",
+			}, {
+				Value: "s3.ap-southeast-1.petabox.io",
+				Help:  "Asia Pacific (Singapore)",
+			}, {
+				Value: "s3.me-south-1.petabox.io",
+				Help:  "Middle East (Bahrain)",
+			}, {
+				Value: "s3.sa-east-1.petabox.io",
+				Help:  "South America (São Paulo)",
+			}},
+		}, {
+			// Leviia endpoints: https://www.leviia.com/object-storage/
+			Name:     "endpoint",
+			Help:     "Endpoint for Leviia Object Storage API.",
+			Provider: "Leviia",
+			Examples: []fs.OptionExample{{
+				Value: "s3.leviia.com",
+				Help:  "The default endpoint\nLeviia",
+			}},
 		}, {
 			// Liara endpoints: https://liara.ir/landing/object-storage
 			Name:     "endpoint",
@@ -774,6 +893,42 @@ func init() {
 				Value: "storage.iran.liara.space",
 				Help:  "The default endpoint\nIran",
 			}},
+		}, {
+			// Linode endpoints: https://www.linode.com/docs/products/storage/object-storage/guides/urls/#cluster-url-s3-endpoint
+			Name:     "endpoint",
+			Help:     "Endpoint for Linode Object Storage API.",
+			Provider: "Linode",
+			Examples: []fs.OptionExample{{
+				Value: "us-southeast-1.linodeobjects.com",
+				Help:  "Atlanta, GA (USA), us-southeast-1",
+			}, {
+				Value: "us-ord-1.linodeobjects.com",
+				Help:  "Chicago, IL (USA), us-ord-1",
+			}, {
+				Value: "eu-central-1.linodeobjects.com",
+				Help:  "Frankfurt (Germany), eu-central-1",
+			}, {
+				Value: "it-mil-1.linodeobjects.com",
+				Help:  "Milan (Italy), it-mil-1",
+			}, {
+				Value: "us-east-1.linodeobjects.com",
+				Help:  "Newark, NJ (USA), us-east-1",
+			}, {
+				Value: "fr-par-1.linodeobjects.com",
+				Help:  "Paris (France), fr-par-1",
+			}, {
+				Value: "us-sea-1.linodeobjects.com",
+				Help:  "Seattle, WA (USA), us-sea-1",
+			}, {
+				Value: "ap-south-1.linodeobjects.com",
+				Help:  "Singapore ap-south-1",
+			}, {
+				Value: "se-sto-1.linodeobjects.com",
+				Help:  "Stockholm (Sweden), se-sto-1",
+			}, {
+				Value: "us-iad-1.linodeobjects.com",
+				Help:  "Washington, DC, (USA), us-iad-1",
+			}},
 		}, {
 			// oss endpoints: https://help.aliyun.com/document_detail/31837.html
 			Name:     "endpoint",
@@ -934,6 +1089,14 @@ func init() {
 				Value: "s3.eu-central-1.stackpathstorage.com",
 				Help:  "EU Endpoint",
 			}},
+		}, {
+			Name:     "endpoint",
+			Help:     "Endpoint for Google Cloud Storage.",
+			Provider: "GCS",
+			Examples: []fs.OptionExample{{
+				Value: "https://storage.googleapis.com",
+				Help:  "Google Cloud Storage endpoint",
+			}},
 		}, {
 			Name:     "endpoint",
 			Help:     "Endpoint for Storj Gateway.",
@@ -942,6 +1105,26 @@ func init() {
 				Value: "gateway.storjshare.io",
 				Help:  "Global Hosted Gateway",
 			}},
+		}, {
+			Name:     "endpoint",
+			Help:     "Endpoint for Synology C2 Object Storage API.",
+			Provider: "Synology",
+			Examples: []fs.OptionExample{{
+				Value: "eu-001.s3.synologyc2.net",
+				Help:  "EU Endpoint 1",
+			}, {
+				Value: "eu-002.s3.synologyc2.net",
+				Help:  "EU Endpoint 2",
+			}, {
+				Value: "us-001.s3.synologyc2.net",
+				Help:  "US Endpoint 1",
+			}, {
+				Value: "us-002.s3.synologyc2.net",
+				Help:  "US Endpoint 2",
+			}, {
+				Value: "tw-001.s3.synologyc2.net",
+				Help:  "TW Endpoint 1",
+			}},
 		}, {
 			// cos endpoints: https://intl.cloud.tencent.com/document/product/436/6224
 			Name:     "endpoint",
@@ -1098,7 +1281,7 @@ func init() {
 		}, {
 			Name:     "endpoint",
 			Help:     "Endpoint for S3 API.\n\nRequired when using an S3 clone.",
-			Provider: "!AWS,IBMCOS,IDrive,IONOS,TencentCOS,HuaweiOBS,Alibaba,ChinaMobile,Liara,ArvanCloud,Scaleway,StackPath,Storj,RackCorp,Qiniu",
+			Provider: "!AWS,ArvanCloud,IBMCOS,IDrive,IONOS,TencentCOS,HuaweiOBS,Alibaba,ChinaMobile,GCS,Liara,Linode,Scaleway,StackPath,Storj,Synology,RackCorp,Qiniu,Petabox",
 			Examples: []fs.OptionExample{{
 				Value:    "objects-us-east-1.dream.io",
 				Help:     "Dream Objects endpoint",
@@ -1200,8 +1383,12 @@ func init() {
 				Help:     "Liara Iran endpoint",
 				Provider: "Liara",
 			}, {
-				Value:    "s3.ir-thr-at1.arvanstorage.com",
-				Help:     "ArvanCloud Tehran Iran (Asiatech) endpoint",
+				Value:    "s3.ir-thr-at1.arvanstorage.ir",
+				Help:     "ArvanCloud Tehran Iran (Simin) endpoint",
+				Provider: "ArvanCloud",
+			}, {
+				Value:    "s3.ir-tbz-sh1.arvanstorage.ir",
+				Help:     "ArvanCloud Tabriz Iran (Shahriar) endpoint",
 				Provider: "ArvanCloud",
 			}},
 		}, {
@@ -1385,7 +1572,7 @@ func init() {
 			Provider: "ArvanCloud",
 			Examples: []fs.OptionExample{{
 				Value: "ir-thr-at1",
-				Help:  "Tehran Iran (Asiatech)",
+				Help:  "Tehran Iran (Simin)",
 			}, {
 				Value: "ir-tbz-sh1",
 				Help:  "Tabriz Iran (Shahriar)",
@@ -1582,7 +1769,7 @@ func init() {
 		}, {
 			Name:     "location_constraint",
 			Help:     "Location constraint - must be set to match the Region.\n\nLeave blank if not sure. Used when creating buckets only.",
-			Provider: "!AWS,Alibaba,HuaweiOBS,ChinaMobile,Cloudflare,IBMCOS,IDrive,IONOS,Liara,ArvanCloud,Qiniu,RackCorp,Scaleway,StackPath,Storj,TencentCOS",
+			Provider: "!AWS,Alibaba,ArvanCloud,HuaweiOBS,ChinaMobile,Cloudflare,IBMCOS,IDrive,IONOS,Leviia,Liara,Linode,Qiniu,RackCorp,Scaleway,StackPath,Storj,TencentCOS,Petabox",
 		}, {
 			Name: "acl",
 			Help: `Canned ACL used when creating buckets and storing or copying objects.
@@ -1597,7 +1784,7 @@ doesn't copy the ACL from the source but rather writes a fresh one.
 If the acl is an empty string then no X-Amz-Acl: header is added and
 the default (private) will be used.
 `,
-			Provider: "!Storj,Cloudflare",
+			Provider: "!Storj,Synology,Cloudflare",
 			Examples: []fs.OptionExample{{
 				Value:    "default",
 				Help:     "Owner gets Full_CONTROL.\nNo one else has access rights (default).",
@@ -1713,6 +1900,7 @@ header is added and the default (private) will be used.
 				Value: "arn:aws:kms:us-east-1:*",
 				Help:  "arn:aws:kms:*",
 			}},
+			Sensitive: true,
 		}, {
 			Name: "sse_customer_key",
 			Help: `To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data.
@@ -1724,6 +1912,7 @@ Alternatively you can provide --sse-customer-key-base64.`,
 				Value: "",
 				Help:  "None",
 			}},
+			Sensitive: true,
 		}, {
 			Name: "sse_customer_key_base64",
 			Help: `If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data.
@@ -1735,6 +1924,7 @@ Alternatively you can provide --sse-customer-key.`,
 				Value: "",
 				Help:  "None",
 			}},
+			Sensitive: true,
 		}, {
 			Name: "sse_customer_key_md5",
 			Help: `If using SSE-C you may provide the secret encryption key MD5 checksum (optional).
@@ -1747,6 +1937,7 @@ If you leave it blank, this is calculated automatically from the sse_customer_ke
 				Value: "",
 				Help:  "None",
 			}},
+			Sensitive: true,
 		}, {
 			Name:     "storage_class",
 			Help:     "The storage class to use when storing new objects in S3.",
@@ -1825,7 +2016,7 @@ If you leave it blank, this is calculated automatically from the sse_customer_ke
 				Help:  "Standard storage class",
 			}},
 		}, {
-			// Mapping from here: https://www.arvancloud.com/en/products/cloud-storage
+			// Mapping from here: https://www.arvancloud.ir/en/products/cloud-storage
 			Name:     "storage_class",
 			Help:     "The storage class to use when storing new objects in ArvanCloud.",
 			Provider: "ArvanCloud",
@@ -1852,7 +2043,7 @@ If you leave it blank, this is calculated automatically from the sse_customer_ke
 				Help:  "Infrequent access storage mode",
 			}},
 		}, {
-			// Mapping from here: https://www.scaleway.com/en/docs/object-storage-glacier/#-Scaleway-Storage-Classes
+			// Mapping from here: https://www.scaleway.com/en/docs/storage/object/quickstart/
 			Name:     "storage_class",
 			Help:     "The storage class to use when storing new objects in S3.",
 			Provider: "Scaleway",
@@ -1861,10 +2052,13 @@ If you leave it blank, this is calculated automatically from the sse_customer_ke
 				Help:  "Default.",
 			}, {
 				Value: "STANDARD",
-				Help:  "The Standard class for any upload.\nSuitable for on-demand content like streaming or CDN.",
+				Help:  "The Standard class for any upload.\nSuitable for on-demand content like streaming or CDN.\nAvailable in all regions.",
 			}, {
 				Value: "GLACIER",
-				Help:  "Archived storage.\nPrices are lower, but it needs to be restored first to be accessed.",
+				Help:  "Archived storage.\nPrices are lower, but it needs to be restored first to be accessed.\nAvailable in FR-PAR and NL-AMS regions.",
+			}, {
+				Value: "ONEZONE_IA",
+				Help:  "One Zone - Infrequent Access.\nA good choice for storing secondary backup copies or easily re-creatable data.\nAvailable in the FR-PAR region only.",
 			}},
 		}, {
 			// Mapping from here: https://developer.qiniu.com/kodo/5906/storage-type
@@ -1985,9 +2179,10 @@ If empty it will default to the environment variable "AWS_PROFILE" or
 `,
 			Advanced: true,
 		}, {
-			Name:     "session_token",
-			Help:     "An AWS session token.",
-			Advanced: true,
+			Name:      "session_token",
+			Help:      "An AWS session token.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name: "upload_concurrency",
 			Help: `Concurrency for multipart uploads.
@@ -2152,17 +2347,16 @@ very small even with this flag.
 				encoder.EncodeDot,
 		}, {
 			Name:     "memory_pool_flush_time",
-			Default:  memoryPoolFlushTime,
+			Default:  fs.Duration(time.Minute),
 			Advanced: true,
-			Help: `How often internal memory buffer pools will be flushed.
-
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.`,
+			Hide:     fs.OptionHideBoth,
+			Help:     `How often internal memory buffer pools will be flushed. (no longer used)`,
 		}, {
 			Name:     "memory_pool_use_mmap",
-			Default:  memoryPoolUseMmap,
+			Default:  false,
 			Advanced: true,
-			Help:     `Whether to use mmap buffers in internal memory pool.`,
+			Hide:     fs.OptionHideBoth,
+			Help:     `Whether to use mmap buffers in internal memory pool. (no longer used)`,
 		}, {
 			Name:     "disable_http2",
 			Default:  false,
@@ -2182,6 +2376,15 @@ See: https://github.com/rclone/rclone/issues/4673, https://github.com/rclone/rcl
 This is usually set to a CloudFront CDN URL as AWS S3 offers
 cheaper egress for data downloaded through the CloudFront network.`,
 			Advanced: true,
+		}, {
+			Name:     "directory_markers",
+			Default:  false,
+			Advanced: true,
+			Help: `Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with "/", to persist the folder.
+`,
 		}, {
 			Name: "use_multipart_etag",
 			Help: `Whether to use ETag in multipart uploads for verification
@@ -2258,6 +2461,24 @@ will decompress the object on the fly.
 If this is set to unset (the default) then rclone will choose
 according to the provider setting what to apply, but you can override
 rclone's choice here.
+`, "|", "`"),
+			Default:  fs.Tristate{},
+			Advanced: true,
+		}, {
+			Name: "use_accept_encoding_gzip",
+			Help: strings.ReplaceAll(`Whether to send |Accept-Encoding: gzip| header.
+
+By default, rclone will append |Accept-Encoding: gzip| to the request to download
+compressed objects whenever possible.
+
+However some providers such as Google Cloud Storage may alter the HTTP headers, breaking
+the signature of the request.
+
+A symptom of this would be receiving errors like
+
+	SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.
+
+In this case, you might want to try disabling this option.
 `, "|", "`"),
 			Default:  fs.Tristate{},
 			Advanced: true,
@@ -2271,6 +2492,45 @@ rclone's choice here.
 			Help:     "Endpoint for STS.\n\nLeave blank if using AWS to use the default endpoint for the region.",
 			Provider: "AWS",
 			Advanced: true,
+		}, {
+			Name: "use_already_exists",
+			Help: strings.ReplaceAll(`Set if rclone should report BucketAlreadyExists errors on bucket creation.
+
+At some point during the evolution of the s3 protocol, AWS started
+returning an |AlreadyOwnedByYou| error when attempting to create a
+bucket that the user already owned, rather than a
+|BucketAlreadyExists| error.
+
+Unfortunately exactly what has been implemented by s3 clones is a
+little inconsistent, some return |AlreadyOwnedByYou|, some return
+|BucketAlreadyExists| and some return no error at all.
+
+This is important to rclone because it ensures the bucket exists by
+creating it on quite a lot of operations (unless
+|--s3-no-check-bucket| is used).
+
+If rclone knows the provider can return |AlreadyOwnedByYou| or returns
+no error then it can report |BucketAlreadyExists| errors when the user
+attempts to create a bucket not owned by them. Otherwise rclone
+ignores the |BucketAlreadyExists| error which can lead to confusion.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+`, "|", "`"),
+			Default:  fs.Tristate{},
+			Advanced: true,
+		}, {
+			Name: "use_multipart_uploads",
+			Help: `Set if rclone should use multipart uploads.
+
+You can change this if you want to disable the use of multipart uploads.
+This shouldn't be necessary in normal operation.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+`,
+			Default:  fs.Tristate{},
+			Advanced: true,
 		},
 		}})
 }
@@ -2286,10 +2546,7 @@ const (
 	minChunkSize        = fs.SizeSuffix(1024 * 1024 * 5)
 	defaultUploadCutoff = fs.SizeSuffix(200 * 1024 * 1024)
 	maxUploadCutoff     = fs.SizeSuffix(5 * 1024 * 1024 * 1024)
-	minSleep            = 10 * time.Millisecond // In case of error, start at 10ms sleep.
-
-	memoryPoolFlushTime = fs.Duration(time.Minute) // flush the cached buffers after this long
-	memoryPoolUseMmap   = false
+	minSleep            = 10 * time.Millisecond           // In case of error, start at 10ms sleep.
 	maxExpireDuration   = fs.Duration(7 * 24 * time.Hour) // max expiry is 1 week
 )
 
@@ -2389,17 +2646,19 @@ type Options struct {
 	NoHead                bool                 `config:"no_head"`
 	NoHeadObject          bool                 `config:"no_head_object"`
 	Enc                   encoder.MultiEncoder `config:"encoding"`
-	MemoryPoolFlushTime   fs.Duration          `config:"memory_pool_flush_time"`
-	MemoryPoolUseMmap     bool                 `config:"memory_pool_use_mmap"`
 	DisableHTTP2          bool                 `config:"disable_http2"`
 	DownloadURL           string               `config:"download_url"`
+	DirectoryMarkers      bool                 `config:"directory_markers"`
 	UseMultipartEtag      fs.Tristate          `config:"use_multipart_etag"`
 	UsePresignedRequest   bool                 `config:"use_presigned_request"`
 	Versions              bool                 `config:"versions"`
 	VersionAt             fs.Time              `config:"version_at"`
 	Decompress            bool                 `config:"decompress"`
 	MightGzip             fs.Tristate          `config:"might_gzip"`
+	UseAcceptEncodingGzip fs.Tristate          `config:"use_accept_encoding_gzip"`
 	NoSystemMetadata      bool                 `config:"no_system_metadata"`
+	UseAlreadyExists      fs.Tristate          `config:"use_already_exists"`
+	UseMultipartUploads   fs.Tristate          `config:"use_multipart_uploads"`
 }
 
 // Fs represents a remote s3 server
@@ -2418,7 +2677,6 @@ type Fs struct {
 	pacer          *fs.Pacer        // To pace the API calls
 	srv            *http.Client     // a plain http client
 	srvRest        *rest.Client     // the rest connection to the server
-	pool           *pool.Pool       // memory pool
 	etagIsNotMD5   bool             // if set ETags are not MD5s
 	versioningMu   sync.Mutex
 	versioning     fs.Tristate // if set bucket is using versions
@@ -2655,6 +2913,7 @@ func s3Connection(ctx context.Context, opt *Options, client *http.Client) (*s3.S
 	case v.AccessKeyID == "" && v.SecretAccessKey == "":
 		// if no access key/secret and iam is explicitly disabled then fall back to anon interaction
 		cred = credentials.AnonymousCredentials
+		fs.Debugf(nil, "Using anonymous credentials - did you mean to set env_auth=true?")
 	case v.AccessKeyID == "":
 		return nil, nil, errors.New("access_key_id not found")
 	case v.SecretAccessKey == "":
@@ -2745,13 +3004,23 @@ func checkUploadCutoff(cs fs.SizeSuffix) error {
 }
 
 func (f *Fs) setUploadCutoff(cs fs.SizeSuffix) (old fs.SizeSuffix, err error) {
-	err = checkUploadCutoff(cs)
+	if f.opt.Provider != "Rclone" {
+		err = checkUploadCutoff(cs)
+	}
 	if err == nil {
 		old, f.opt.UploadCutoff = f.opt.UploadCutoff, cs
 	}
 	return
 }
 
+func (f *Fs) setCopyCutoff(cs fs.SizeSuffix) (old fs.SizeSuffix, err error) {
+	err = checkUploadChunkSize(cs)
+	if err == nil {
+		old, f.opt.CopyCutoff = f.opt.CopyCutoff, cs
+	}
+	return
+}
+
 // setEndpointValueForIDriveE2 gets user region endpoint against the Access Key details by calling the API
 func setEndpointValueForIDriveE2(m configmap.Mapper) (err error) {
 	value, ok := m.Get(fs.ConfigProvider)
@@ -2788,14 +3057,19 @@ func setEndpointValueForIDriveE2(m configmap.Mapper) (err error) {
 // There should be no testing against opt.Provider anywhere in the
 // code except in here to localise the setting of the quirks.
 //
-// These should be differences from AWS S3
+// Run the integration tests to check you have the quirks correct.
+//
+//	go test -v -remote NewS3Provider:
 func setQuirks(opt *Options) {
 	var (
-		listObjectsV2     = true
-		virtualHostStyle  = true
-		urlEncodeListings = true
-		useMultipartEtag  = true
-		mightGzip         = true // assume all providers might gzip until proven otherwise
+		listObjectsV2         = true // Always use ListObjectsV2 instead of ListObjects
+		virtualHostStyle      = true // Use bucket.provider.com instead of putting the bucket in the URL
+		urlEncodeListings     = true // URL encode the listings to help with control characters
+		useMultipartEtag      = true // Set if Etags for multpart uploads are compatible with AWS
+		useAcceptEncodingGzip = true // Set Accept-Encoding: gzip
+		mightGzip             = true // assume all providers might use content encoding gzip until proven otherwise
+		useAlreadyExists      = true // Set if provider returns AlreadyOwnedByYou or no error if you try to remake your own bucket
+		useMultipartUploads   = true // Set if provider supports multipart uploads
 	)
 	switch opt.Provider {
 	case "AWS":
@@ -2803,18 +3077,22 @@ func setQuirks(opt *Options) {
 		mightGzip = false // Never auto gzips objects
 	case "Alibaba":
 		useMultipartEtag = false // Alibaba seems to calculate multipart Etags differently from AWS
+		useAlreadyExists = true  // returns 200 OK
 	case "HuaweiOBS":
 		// Huawei OBS PFS is not support listObjectV2, and if turn on the urlEncodeListing, marker will not work and keep list same page forever.
 		urlEncodeListings = false
 		listObjectsV2 = false
+		useAlreadyExists = false // untested
 	case "Ceph":
 		listObjectsV2 = false
 		virtualHostStyle = false
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
 	case "ChinaMobile":
 		listObjectsV2 = false
 		virtualHostStyle = false
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
 	case "Cloudflare":
 		virtualHostStyle = false
 		useMultipartEtag = false // currently multipart Etags are random
@@ -2822,75 +3100,111 @@ func setQuirks(opt *Options) {
 		listObjectsV2 = false
 		virtualHostStyle = false
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
 	case "DigitalOcean":
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
 	case "Dreamhost":
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
 	case "IBMCOS":
 		listObjectsV2 = false // untested
 		virtualHostStyle = false
 		urlEncodeListings = false
 		useMultipartEtag = false // untested
+		useAlreadyExists = false // returns BucketAlreadyExists
 	case "IDrive":
 		virtualHostStyle = false
+		useAlreadyExists = false // untested
 	case "IONOS":
 		// listObjectsV2 supported - https://api.ionos.com/docs/s3/#Basic-Operations-get-Bucket-list-type-2
 		virtualHostStyle = false
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
+	case "Petabox":
+		useAlreadyExists = false // untested
 	case "Liara":
 		virtualHostStyle = false
 		urlEncodeListings = false
 		useMultipartEtag = false
+		useAlreadyExists = false // untested
+	case "Linode":
+		useAlreadyExists = true // returns 200 OK
 	case "LyveCloud":
 		useMultipartEtag = false // LyveCloud seems to calculate multipart Etags differently from AWS
+		useAlreadyExists = false // untested
 	case "Minio":
 		virtualHostStyle = false
 	case "Netease":
 		listObjectsV2 = false // untested
 		urlEncodeListings = false
 		useMultipartEtag = false // untested
+		useAlreadyExists = false // untested
 	case "RackCorp":
 		// No quirks
 		useMultipartEtag = false // untested
+		useAlreadyExists = false // untested
+	case "Rclone":
+		listObjectsV2 = true
+		urlEncodeListings = true
+		virtualHostStyle = false
+		useMultipartEtag = false
+		useAlreadyExists = false
+		// useMultipartUploads = false - set this manually
 	case "Scaleway":
 		// Scaleway can only have 1000 parts in an upload
 		if opt.MaxUploadParts > 1000 {
 			opt.MaxUploadParts = 1000
 		}
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
 	case "SeaweedFS":
 		listObjectsV2 = false // untested
 		virtualHostStyle = false
 		urlEncodeListings = false
 		useMultipartEtag = false // untested
+		useAlreadyExists = false // untested
 	case "StackPath":
 		listObjectsV2 = false // untested
 		virtualHostStyle = false
 		urlEncodeListings = false
+		useAlreadyExists = false // untested
 	case "Storj":
 		// Force chunk size to >= 64 MiB
 		if opt.ChunkSize < 64*fs.Mebi {
 			opt.ChunkSize = 64 * fs.Mebi
 		}
+		useAlreadyExists = false // returns BucketAlreadyExists
+	case "Synology":
+		useMultipartEtag = false
+		useAlreadyExists = false // untested
 	case "TencentCOS":
 		listObjectsV2 = false    // untested
 		useMultipartEtag = false // untested
+		useAlreadyExists = false // untested
 	case "Wasabi":
-		// No quirks
+		useAlreadyExists = true // returns 200 OK
+	case "Leviia":
+		useAlreadyExists = false // untested
 	case "Qiniu":
 		useMultipartEtag = false
 		urlEncodeListings = false
-	case "Other":
-		listObjectsV2 = false
 		virtualHostStyle = false
-		urlEncodeListings = false
-		useMultipartEtag = false
+		useAlreadyExists = false // untested
+	case "GCS":
+		// Google break request Signature by mutating accept-encoding HTTP header
+		// https://github.com/rclone/rclone/issues/6670
+		useAcceptEncodingGzip = false
+		useAlreadyExists = true // returns BucketNameUnavailable instead of BucketAlreadyExists but good enough!
 	default:
 		fs.Logf("s3", "s3 provider %q not known - please set correctly", opt.Provider)
+		fallthrough
+	case "Other":
 		listObjectsV2 = false
 		virtualHostStyle = false
 		urlEncodeListings = false
 		useMultipartEtag = false
+		useAlreadyExists = false
 	}
 
 	// Path Style vs Virtual Host style
@@ -2924,6 +3238,28 @@ func setQuirks(opt *Options) {
 		opt.MightGzip.Valid = true
 		opt.MightGzip.Value = mightGzip
 	}
+
+	// set UseAcceptEncodingGzip if not manually set
+	if !opt.UseAcceptEncodingGzip.Valid {
+		opt.UseAcceptEncodingGzip.Valid = true
+		opt.UseAcceptEncodingGzip.Value = useAcceptEncodingGzip
+	}
+
+	// Has the provider got AlreadyOwnedByYou error?
+	if !opt.UseAlreadyExists.Valid {
+		opt.UseAlreadyExists.Valid = true
+		opt.UseAlreadyExists.Value = useAlreadyExists
+	}
+
+	// Set the correct use multipart uploads if not manually set
+	if !opt.UseMultipartUploads.Valid {
+		opt.UseMultipartUploads.Valid = true
+		opt.UseMultipartUploads.Value = useMultipartUploads
+	}
+	if !opt.UseMultipartUploads.Value {
+		opt.UploadCutoff = math.MaxInt64
+	}
+
 }
 
 // setRoot changes the root of the Fs
@@ -2957,7 +3293,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		return nil, fmt.Errorf("s3: upload cutoff: %w", err)
 	}
 	if opt.Versions && opt.VersionAt.IsSet() {
-		return nil, errors.New("s3: cant use --s3-versions and --s3-version-at at the same time")
+		return nil, errors.New("s3: can't use --s3-versions and --s3-version-at at the same time")
 	}
 	if opt.BucketACL == "" {
 		opt.BucketACL = opt.ACL
@@ -3001,12 +3337,6 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		cache:   bucket.NewCache(),
 		srv:     srv,
 		srvRest: rest.NewClient(fshttp.NewClient(ctx)),
-		pool: pool.New(
-			time.Duration(opt.MemoryPoolFlushTime),
-			int(opt.ChunkSize),
-			opt.UploadConcurrency*ci.Transfers,
-			opt.MemoryPoolUseMmap,
-		),
 	}
 	if opt.ServerSideEncryption == "aws:kms" || opt.SSECustomerAlgorithm != "" {
 		// From: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
@@ -3038,7 +3368,14 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	if opt.Provider == "IDrive" {
 		f.features.SetTier = false
 	}
+	if opt.DirectoryMarkers {
+		f.features.CanHaveEmptyDirectories = true
+	}
 	// f.listMultipartUploads()
+	if !opt.UseMultipartUploads.Value {
+		fs.Debugf(f, "Disabling multipart uploads")
+		f.features.OpenChunkWriter = nil
+	}
 
 	if f.rootBucket != "" && f.rootDirectory != "" && !opt.NoHeadObject && !strings.HasSuffix(root, "/") {
 		// Check to see if the (bucket,directory) is actually an existing file
@@ -3078,6 +3415,7 @@ func (f *Fs) getMetaDataListing(ctx context.Context, wantRemote string) (info *s
 	err = f.list(ctx, listOpt{
 		bucket:       bucket,
 		directory:    bucketPath,
+		prefix:       f.rootDirectory,
 		recurse:      true,
 		withVersions: f.opt.Versions,
 		findFile:     true,
@@ -3393,6 +3731,9 @@ func (ls *versionsList) List(ctx context.Context) (resp *s3.ListObjectsV2Output,
 	// Set up the request for next time
 	ls.req.KeyMarker = respVersions.NextKeyMarker
 	ls.req.VersionIdMarker = respVersions.NextVersionIdMarker
+	if aws.BoolValue(respVersions.IsTruncated) && ls.req.KeyMarker == nil {
+		return nil, nil, errors.New("s3 protocol error: received versions listing with IsTruncated set with no NextKeyMarker")
+	}
 
 	// If we are URL encoding then must decode the marker
 	if ls.req.KeyMarker != nil && ls.req.EncodingType != nil {
@@ -3478,15 +3819,16 @@ type listOpt struct {
 	findFile      bool    // if set, it will look for files called (bucket, directory)
 	versionAt     fs.Time // if set only show versions <= this time
 	noSkipMarkers bool    // if set return dir marker objects
+	restoreStatus bool    // if set return restore status in listing too
 }
 
 // list lists the objects into the function supplied with the opt
 // supplied.
 func (f *Fs) list(ctx context.Context, opt listOpt, fn listFn) error {
+	if opt.prefix != "" {
+		opt.prefix += "/"
+	}
 	if !opt.findFile {
-		if opt.prefix != "" {
-			opt.prefix += "/"
-		}
 		if opt.directory != "" {
 			opt.directory += "/"
 		}
@@ -3517,6 +3859,10 @@ func (f *Fs) list(ctx context.Context, opt listOpt, fn listFn) error {
 		Prefix:    &opt.directory,
 		MaxKeys:   &f.opt.ListChunk,
 	}
+	if opt.restoreStatus {
+		restoreStatus := "RestoreStatus"
+		req.OptionalObjectAttributes = []*string{&restoreStatus}
+	}
 	if f.opt.RequesterPays {
 		req.RequestPayer = aws.String(s3.RequestPayerRequester)
 	}
@@ -3529,6 +3875,7 @@ func (f *Fs) list(ctx context.Context, opt listOpt, fn listFn) error {
 	default:
 		listBucket = f.newV2List(&req)
 	}
+	foundItems := 0
 	for {
 		var resp *s3.ListObjectsV2Output
 		var err error
@@ -3570,6 +3917,7 @@ func (f *Fs) list(ctx context.Context, opt listOpt, fn listFn) error {
 			return err
 		}
 		if !opt.recurse {
+			foundItems += len(resp.CommonPrefixes)
 			for _, commonPrefix := range resp.CommonPrefixes {
 				if commonPrefix.Prefix == nil {
 					fs.Logf(f, "Nil common prefix received")
@@ -3602,6 +3950,7 @@ func (f *Fs) list(ctx context.Context, opt listOpt, fn listFn) error {
 				}
 			}
 		}
+		foundItems += len(resp.Contents)
 		for i, object := range resp.Contents {
 			remote := aws.StringValue(object.Key)
 			if urlEncodeListings {
@@ -3616,19 +3965,31 @@ func (f *Fs) list(ctx context.Context, opt listOpt, fn listFn) error {
 				fs.Logf(f, "Odd name received %q", remote)
 				continue
 			}
+			isDirectory := (remote == "" || strings.HasSuffix(remote, "/")) && object.Size != nil && *object.Size == 0
+			// is this a directory marker?
+			if isDirectory {
+				if opt.noSkipMarkers {
+					// process directory markers as files
+					isDirectory = false
+				} else {
+					// Don't insert the root directory
+					if remote == opt.directory {
+						continue
+					}
+				}
+			}
 			remote = remote[len(opt.prefix):]
-			isDirectory := remote == "" || strings.HasSuffix(remote, "/")
+			if isDirectory {
+				// process directory markers as directories
+				remote = strings.TrimRight(remote, "/")
+			}
 			if opt.addBucket {
 				remote = bucket.Join(opt.bucket, remote)
 			}
-			// is this a directory marker?
-			if isDirectory && object.Size != nil && *object.Size == 0 && !opt.noSkipMarkers {
-				continue // skip directory marker
-			}
 			if versionIDs != nil {
-				err = fn(remote, object, versionIDs[i], false)
+				err = fn(remote, object, versionIDs[i], isDirectory)
 			} else {
-				err = fn(remote, object, nil, false)
+				err = fn(remote, object, nil, isDirectory)
 			}
 			if err != nil {
 				if err == errEndList {
@@ -3641,6 +4002,20 @@ func (f *Fs) list(ctx context.Context, opt listOpt, fn listFn) error {
 			break
 		}
 	}
+	if f.opt.DirectoryMarkers && foundItems == 0 && opt.directory != "" {
+		// Determine whether the directory exists or not by whether it has a marker
+		req := s3.HeadObjectInput{
+			Bucket: &opt.bucket,
+			Key:    &opt.directory,
+		}
+		_, err := f.headObject(ctx, &req)
+		if err != nil {
+			if err == fs.ErrorObjectNotFound {
+				return fs.ErrorDirNotFound
+			}
+			return err
+		}
+	}
 	return nil
 }
 
@@ -3831,10 +4206,70 @@ func (f *Fs) bucketExists(ctx context.Context, bucket string) (bool, error) {
 	return false, err
 }
 
+// Create directory marker file and parents
+func (f *Fs) createDirectoryMarker(ctx context.Context, bucket, dir string) error {
+	if !f.opt.DirectoryMarkers || bucket == "" {
+		return nil
+	}
+
+	// Object to be uploaded
+	o := &Object{
+		fs: f,
+		meta: map[string]string{
+			metaMtime: swift.TimeToFloatString(time.Now()),
+		},
+	}
+
+	for {
+		_, bucketPath := f.split(dir)
+		// Don't create the directory marker if it is the bucket or at the very root
+		if bucketPath == "" {
+			break
+		}
+		o.remote = dir + "/"
+
+		// Check to see if object already exists
+		_, err := o.headObject(ctx)
+		if err == nil {
+			return nil
+		}
+
+		// Upload it if not
+		fs.Debugf(o, "Creating directory marker")
+		content := io.Reader(strings.NewReader(""))
+		err = o.Update(ctx, content, o)
+		if err != nil {
+			return fmt.Errorf("creating directory marker failed: %w", err)
+		}
+
+		// Now check parent directory exists
+		dir = path.Dir(dir)
+		if dir == "/" || dir == "." {
+			break
+		}
+	}
+
+	return nil
+}
+
 // Mkdir creates the bucket if it doesn't exist
 func (f *Fs) Mkdir(ctx context.Context, dir string) error {
 	bucket, _ := f.split(dir)
-	return f.makeBucket(ctx, bucket)
+	e := f.makeBucket(ctx, bucket)
+	if e != nil {
+		return e
+	}
+	return f.createDirectoryMarker(ctx, bucket, dir)
+}
+
+// mkdirParent creates the parent bucket/directory if it doesn't exist
+func (f *Fs) mkdirParent(ctx context.Context, remote string) error {
+	remote = strings.TrimRight(remote, "/")
+	dir := path.Dir(remote)
+	if dir == "/" || dir == "." {
+		dir = ""
+	}
+	return f.Mkdir(ctx, dir)
 }
 
 // makeBucket creates the bucket if it doesn't exist
@@ -3860,8 +4295,17 @@ func (f *Fs) makeBucket(ctx context.Context, bucket string) error {
 			fs.Infof(f, "Bucket %q created with ACL %q", bucket, f.opt.BucketACL)
 		}
 		if awsErr, ok := err.(awserr.Error); ok {
-			if code := awsErr.Code(); code == "BucketAlreadyOwnedByYou" || code == "BucketAlreadyExists" {
+			switch awsErr.Code() {
+			case "BucketAlreadyOwnedByYou":
 				err = nil
+			case "BucketAlreadyExists", "BucketNameUnavailable":
+				if f.opt.UseAlreadyExists.Value {
+					// We can trust BucketAlreadyExists to mean not owned by us, so make it non retriable
+					err = fserrors.NoRetryError(err)
+				} else {
+					// We can't trust BucketAlreadyExists to mean not owned by us, so ignore it
+					err = nil
+				}
 			}
 		}
 		return err
@@ -3875,6 +4319,18 @@ func (f *Fs) makeBucket(ctx context.Context, bucket string) error {
 // Returns an error if it isn't empty
 func (f *Fs) Rmdir(ctx context.Context, dir string) error {
 	bucket, directory := f.split(dir)
+	// Remove directory marker file
+	if f.opt.DirectoryMarkers && bucket != "" && dir != "" {
+		o := &Object{
+			fs:     f,
+			remote: dir + "/",
+		}
+		fs.Debugf(o, "Removing directory marker")
+		err := o.Remove(ctx)
+		if err != nil {
+			return fmt.Errorf("removing directory marker failed: %w", err)
+		}
+	}
 	if bucket == "" || directory != "" {
 		return nil
 	}
@@ -4073,7 +4529,7 @@ func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object,
 		return nil, errNotWithVersionAt
 	}
 	dstBucket, dstPath := f.split(remote)
-	err := f.makeBucket(ctx, dstBucket)
+	err := f.mkdirParent(ctx, remote)
 	if err != nil {
 		return nil, err
 	}
@@ -4098,19 +4554,6 @@ func (f *Fs) Hashes() hash.Set {
 	return hash.Set(hash.MD5)
 }
 
-func (f *Fs) getMemoryPool(size int64) *pool.Pool {
-	if size == int64(f.opt.ChunkSize) {
-		return f.pool
-	}
-
-	return pool.New(
-		time.Duration(f.opt.MemoryPoolFlushTime),
-		int(size),
-		f.opt.UploadConcurrency*f.ci.Transfers,
-		f.opt.MemoryPoolUseMmap,
-	)
-}
-
 // PublicLink generates a public link to the remote path (usually readable by anyone)
 func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration, unlink bool) (link string, err error) {
 	if strings.HasSuffix(remote, "/") {
@@ -4143,17 +4586,17 @@ to normal storage.
 
 Usage Examples:
 
-    rclone backend restore s3:bucket/path/to/object [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket/path/to/directory [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket [-o priority=PRIORITY] [-o lifetime=DAYS]
+    rclone backend restore s3:bucket/path/to/object -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket/path/to/directory -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket -o priority=PRIORITY -o lifetime=DAYS
 
 This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags
 
-    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
 
 All the objects shown will be marked for restore, then
 
-    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
 
 It returns a list of status dictionaries with Remote and Status
 keys. The Status will be OK if it was successful or an error message
@@ -4162,11 +4605,11 @@ if not.
     [
         {
             "Status": "OK",
-            "Path": "test.txt"
+            "Remote": "test.txt"
         },
         {
             "Status": "OK",
-            "Path": "test/file4.txt"
+            "Remote": "test/file4.txt"
         }
     ]
 
@@ -4176,6 +4619,46 @@ if not.
 		"lifetime":    "Lifetime of the active copy in days",
 		"description": "The optional description for the job.",
 	},
+}, {
+	Name:  "restore-status",
+	Short: "Show the restore status for objects being restored from GLACIER to normal storage",
+	Long: `This command can be used to show the status for objects being restored from GLACIER
+to normal storage.
+
+Usage Examples:
+
+    rclone backend restore-status s3:bucket/path/to/object
+    rclone backend restore-status s3:bucket/path/to/directory
+    rclone backend restore-status -o all s3:bucket/path/to/directory
+
+This command does not obey the filters.
+
+It returns a list of status dictionaries.
+
+    [
+        {
+            "Remote": "file.txt",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": true,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "GLACIER"
+        },
+        {
+            "Remote": "test.pdf",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": false,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "DEEP_ARCHIVE"
+        }
+    ]
+`,
+	Opts: map[string]string{
+		"all": "if set then show all objects, not just ones with restore status",
+	},
 }, {
 	Name:  "list-multipart-uploads",
 	Short: "List the unfinished multipart uploads",
@@ -4253,6 +4736,26 @@ supplied.
 It may return "Enabled", "Suspended" or "Unversioned". Note that once versioning
 has been enabled the status can't be set back to "Unversioned".
 `,
+}, {
+	Name:  "set",
+	Short: "Set command for updating the config parameters.",
+	Long: `This set command can be used to update the config parameters
+for a running s3 backend.
+
+Usage Examples:
+
+    rclone backend set s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: -o session_token=X -o access_key_id=X -o secret_access_key=X
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the s3 backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn't return anything.
+`,
 }}
 
 // Command the backend to run a named command
@@ -4332,6 +4835,9 @@ func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[str
 			return out, err
 		}
 		return out, nil
+	case "restore-status":
+		_, all := opt["all"]
+		return f.restoreStatus(ctx, all)
 	case "list-multipart-uploads":
 		return f.listMultipartUploadsAll(ctx)
 	case "cleanup":
@@ -4347,11 +4853,77 @@ func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[str
 		return nil, f.CleanUpHidden(ctx)
 	case "versioning":
 		return f.setGetVersioning(ctx, arg...)
+	case "set":
+		newOpt := f.opt
+		err := configstruct.Set(configmap.Simple(opt), &newOpt)
+		if err != nil {
+			return nil, fmt.Errorf("reading config: %w", err)
+		}
+		c, ses, err := s3Connection(f.ctx, &newOpt, f.srv)
+		if err != nil {
+			return nil, fmt.Errorf("updating session: %w", err)
+		}
+		f.c = c
+		f.ses = ses
+		f.opt = newOpt
+		keys := []string{}
+		for k := range opt {
+			keys = append(keys, k)
+		}
+		fs.Logf(f, "Updated config values: %s", strings.Join(keys, ", "))
+		return nil, nil
 	default:
 		return nil, fs.ErrorCommandNotFound
 	}
 }
 
+// Returned from "restore-status"
+type restoreStatusOut struct {
+	Remote        string
+	VersionID     *string
+	RestoreStatus *s3.RestoreStatus
+	StorageClass  *string
+}
+
+// Recursively enumerate the current fs to find objects with a restore status
+func (f *Fs) restoreStatus(ctx context.Context, all bool) (out []restoreStatusOut, err error) {
+	fs.Debugf(f, "all = %v", all)
+	bucket, directory := f.split("")
+	out = []restoreStatusOut{}
+	err = f.list(ctx, listOpt{
+		bucket:        bucket,
+		directory:     directory,
+		prefix:        f.rootDirectory,
+		addBucket:     f.rootBucket == "",
+		recurse:       true,
+		withVersions:  f.opt.Versions,
+		versionAt:     f.opt.VersionAt,
+		restoreStatus: true,
+	}, func(remote string, object *s3.Object, versionID *string, isDirectory bool) error {
+		entry, err := f.itemToDirEntry(ctx, remote, object, versionID, isDirectory)
+		if err != nil {
+			return err
+		}
+		if entry != nil {
+			if o, ok := entry.(*Object); ok && (all || object.RestoreStatus != nil) {
+				out = append(out, restoreStatusOut{
+					Remote:        o.remote,
+					VersionID:     o.versionID,
+					RestoreStatus: object.RestoreStatus,
+					StorageClass:  object.StorageClass,
+				})
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	// bucket must be present if listing succeeded
+	f.cache.MarkOK(bucket)
+	return out, nil
+}
+
 // listMultipartUploads lists all outstanding multipart uploads for (bucket, key)
 //
 // Note that rather lazily we treat key as a prefix so it matches
@@ -4581,6 +5153,10 @@ func (f *Fs) purge(ctx context.Context, dir string, oldOnly bool) error {
 		if isDirectory {
 			return nil
 		}
+		// If the root is a dirmarker it will have lost its trailing /
+		if remote == "" {
+			remote = "/"
+		}
 		oi, err := f.newObjectWithInfo(ctx, remote, object, versionID)
 		if err != nil {
 			fs.Errorf(object, "Can't create object %+v", err)
@@ -4700,22 +5276,26 @@ func (o *Object) headObject(ctx context.Context) (resp *s3.HeadObjectOutput, err
 		Key:       &bucketPath,
 		VersionId: o.versionID,
 	}
-	if o.fs.opt.RequesterPays {
+	return o.fs.headObject(ctx, &req)
+}
+
+func (f *Fs) headObject(ctx context.Context, req *s3.HeadObjectInput) (resp *s3.HeadObjectOutput, err error) {
+	if f.opt.RequesterPays {
 		req.RequestPayer = aws.String(s3.RequestPayerRequester)
 	}
-	if o.fs.opt.SSECustomerAlgorithm != "" {
-		req.SSECustomerAlgorithm = &o.fs.opt.SSECustomerAlgorithm
+	if f.opt.SSECustomerAlgorithm != "" {
+		req.SSECustomerAlgorithm = &f.opt.SSECustomerAlgorithm
 	}
-	if o.fs.opt.SSECustomerKey != "" {
-		req.SSECustomerKey = &o.fs.opt.SSECustomerKey
+	if f.opt.SSECustomerKey != "" {
+		req.SSECustomerKey = &f.opt.SSECustomerKey
 	}
-	if o.fs.opt.SSECustomerKeyMD5 != "" {
-		req.SSECustomerKeyMD5 = &o.fs.opt.SSECustomerKeyMD5
+	if f.opt.SSECustomerKeyMD5 != "" {
+		req.SSECustomerKeyMD5 = &f.opt.SSECustomerKeyMD5
 	}
-	err = o.fs.pacer.Call(func() (bool, error) {
+	err = f.pacer.Call(func() (bool, error) {
 		var err error
-		resp, err = o.fs.c.HeadObjectWithContext(ctx, &req)
-		return o.fs.shouldRetry(ctx, err)
+		resp, err = f.c.HeadObjectWithContext(ctx, req)
+		return f.shouldRetry(ctx, err)
 	})
 	if err != nil {
 		if awsErr, ok := err.(awserr.RequestFailure); ok {
@@ -4725,7 +5305,9 @@ func (o *Object) headObject(ctx context.Context) (resp *s3.HeadObjectOutput, err
 		}
 		return nil, err
 	}
-	o.fs.cache.MarkOK(bucket)
+	if req.Bucket != nil {
+		f.cache.MarkOK(*req.Bucket)
+	}
 	return resp, nil
 }
 
@@ -4962,7 +5544,9 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 
 	// Override the automatic decompression in the transport to
 	// download compressed files as-is
-	httpReq.HTTPRequest.Header.Set("Accept-Encoding", "gzip")
+	if o.fs.opt.UseAcceptEncodingGzip.Value {
+		httpReq.HTTPRequest.Header.Set("Accept-Encoding", "gzip")
+	}
 
 	for _, option := range options {
 		switch option.(type) {
@@ -5030,15 +5614,43 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 
 var warnStreamUpload sync.Once
 
-func (o *Object) uploadMultipart(ctx context.Context, req *s3.PutObjectInput, size int64, in io.Reader) (wantETag, gotETag string, versionID *string, err error) {
-	f := o.fs
+// state of ChunkWriter
+type s3ChunkWriter struct {
+	chunkSize            int64
+	size                 int64
+	f                    *Fs
+	bucket               *string
+	key                  *string
+	uploadID             *string
+	multiPartUploadInput *s3.CreateMultipartUploadInput
+	completedPartsMu     sync.Mutex
+	completedParts       []*s3.CompletedPart
+	eTag                 string
+	versionID            string
+	md5sMu               sync.Mutex
+	md5s                 []byte
+	ui                   uploadInfo
+	o                    *Object
+}
 
-	// make concurrency machinery
-	concurrency := f.opt.UploadConcurrency
-	if concurrency < 1 {
-		concurrency = 1
+// OpenChunkWriter returns the chunk size and a ChunkWriter
+//
+// Pass in the remote and the src object
+// You can also use options to hint at the desired chunk size
+func (f *Fs) OpenChunkWriter(ctx context.Context, remote string, src fs.ObjectInfo, options ...fs.OpenOption) (info fs.ChunkWriterInfo, writer fs.ChunkWriter, err error) {
+	// Temporary Object under construction
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+	ui, err := o.prepareUpload(ctx, src, options)
+	if err != nil {
+		return info, nil, fmt.Errorf("failed to prepare upload: %w", err)
 	}
-	tokens := pacer.NewTokenDispenser(concurrency)
+
+	//structs.SetFrom(&mReq, req)
+	var mReq s3.CreateMultipartUploadInput
+	setFrom_s3CreateMultipartUploadInput_s3PutObjectInput(&mReq, ui.req)
 
 	uploadParts := f.opt.MaxUploadParts
 	if uploadParts < 1 {
@@ -5046,9 +5658,10 @@ func (o *Object) uploadMultipart(ctx context.Context, req *s3.PutObjectInput, si
 	} else if uploadParts > maxUploadParts {
 		uploadParts = maxUploadParts
 	}
+	size := src.Size()
 
 	// calculate size of parts
-	partSize := f.opt.ChunkSize
+	chunkSize := f.opt.ChunkSize
 
 	// size can be -1 here meaning we don't know the size of the incoming file. We use ChunkSize
 	// buffers here (default 5 MiB). With a maximum number of parts (10,000) this will be a file of
@@ -5056,185 +5669,204 @@ func (o *Object) uploadMultipart(ctx context.Context, req *s3.PutObjectInput, si
 	if size == -1 {
 		warnStreamUpload.Do(func() {
 			fs.Logf(f, "Streaming uploads using chunk size %v will have maximum file size of %v",
-				f.opt.ChunkSize, fs.SizeSuffix(int64(partSize)*int64(uploadParts)))
+				f.opt.ChunkSize, fs.SizeSuffix(int64(chunkSize)*int64(uploadParts)))
 		})
 	} else {
-		partSize = chunksize.Calculator(o, size, uploadParts, f.opt.ChunkSize)
+		chunkSize = chunksize.Calculator(src, size, uploadParts, chunkSize)
 	}
 
-	memPool := f.getMemoryPool(int64(partSize))
-
-	var mReq s3.CreateMultipartUploadInput
-	//structs.SetFrom(&mReq, req)
-	setFrom_s3CreateMultipartUploadInput_s3PutObjectInput(&mReq, req)
-	var cout *s3.CreateMultipartUploadOutput
+	var mOut *s3.CreateMultipartUploadOutput
 	err = f.pacer.Call(func() (bool, error) {
-		var err error
-		cout, err = f.c.CreateMultipartUploadWithContext(ctx, &mReq)
+		mOut, err = f.c.CreateMultipartUploadWithContext(ctx, &mReq)
 		return f.shouldRetry(ctx, err)
 	})
 	if err != nil {
-		return wantETag, gotETag, nil, fmt.Errorf("multipart upload failed to initialise: %w", err)
-	}
-	uid := cout.UploadId
-
-	defer atexit.OnError(&err, func() {
-		if o.fs.opt.LeavePartsOnError {
-			return
-		}
-		fs.Debugf(o, "Cancelling multipart upload")
-		errCancel := f.pacer.Call(func() (bool, error) {
-			_, err := f.c.AbortMultipartUploadWithContext(context.Background(), &s3.AbortMultipartUploadInput{
-				Bucket:       req.Bucket,
-				Key:          req.Key,
-				UploadId:     uid,
-				RequestPayer: req.RequestPayer,
-			})
-			return f.shouldRetry(ctx, err)
-		})
-		if errCancel != nil {
-			fs.Debugf(o, "Failed to cancel multipart upload: %v", errCancel)
-		}
-	})()
+		return info, nil, fmt.Errorf("create multipart upload failed: %w", err)
+	}
+
+	chunkWriter := &s3ChunkWriter{
+		chunkSize:            int64(chunkSize),
+		size:                 size,
+		f:                    f,
+		bucket:               mOut.Bucket,
+		key:                  mOut.Key,
+		uploadID:             mOut.UploadId,
+		multiPartUploadInput: &mReq,
+		completedParts:       make([]*s3.CompletedPart, 0),
+		ui:                   ui,
+		o:                    o,
+	}
+	info = fs.ChunkWriterInfo{
+		ChunkSize:         int64(chunkSize),
+		Concurrency:       o.fs.opt.UploadConcurrency,
+		LeavePartsOnError: o.fs.opt.LeavePartsOnError,
+	}
+	fs.Debugf(o, "open chunk writer: started multipart upload: %v", *mOut.UploadId)
+	return info, chunkWriter, err
+}
 
-	var (
-		g, gCtx  = errgroup.WithContext(ctx)
-		finished = false
-		partsMu  sync.Mutex // to protect parts
-		parts    []*s3.CompletedPart
-		off      int64
-		md5sMu   sync.Mutex
-		md5s     []byte
-	)
+// add a part number and etag to the completed parts
+func (w *s3ChunkWriter) addCompletedPart(partNum *int64, eTag *string) {
+	w.completedPartsMu.Lock()
+	defer w.completedPartsMu.Unlock()
+	w.completedParts = append(w.completedParts, &s3.CompletedPart{
+		PartNumber: partNum,
+		ETag:       eTag,
+	})
+}
 
-	addMd5 := func(md5binary *[md5.Size]byte, partNum int64) {
-		md5sMu.Lock()
-		defer md5sMu.Unlock()
-		start := partNum * md5.Size
-		end := start + md5.Size
-		if extend := end - int64(len(md5s)); extend > 0 {
-			md5s = append(md5s, make([]byte, extend)...)
-		}
-		copy(md5s[start:end], (*md5binary)[:])
+// addMd5 adds a binary md5 to the md5 calculated so far
+func (w *s3ChunkWriter) addMd5(md5binary *[]byte, chunkNumber int64) {
+	w.md5sMu.Lock()
+	defer w.md5sMu.Unlock()
+	start := chunkNumber * md5.Size
+	end := start + md5.Size
+	if extend := end - int64(len(w.md5s)); extend > 0 {
+		w.md5s = append(w.md5s, make([]byte, extend)...)
 	}
+	copy(w.md5s[start:end], (*md5binary)[:])
+}
 
-	for partNum := int64(1); !finished; partNum++ {
-		// Get a block of memory from the pool and token which limits concurrency.
-		tokens.Get()
-		buf := memPool.Get()
-
-		free := func() {
-			// return the memory and token
-			memPool.Put(buf)
-			tokens.Put()
-		}
+// WriteChunk will write chunk number with reader bytes, where chunk number >= 0
+func (w *s3ChunkWriter) WriteChunk(ctx context.Context, chunkNumber int, reader io.ReadSeeker) (int64, error) {
+	if chunkNumber < 0 {
+		err := fmt.Errorf("invalid chunk number provided: %v", chunkNumber)
+		return -1, err
+	}
+	// Only account after the checksum reads have been done
+	if do, ok := reader.(pool.DelayAccountinger); ok {
+		// To figure out this number, do a transfer and if the accounted size is 0 or a
+		// multiple of what it should be, increase or decrease this number.
+		do.DelayAccounting(3)
+	}
 
-		// Fail fast, in case an errgroup managed function returns an error
-		// gCtx is cancelled. There is no point in uploading all the other parts.
-		if gCtx.Err() != nil {
-			free()
-			break
+	// create checksum of buffer for integrity checking
+	// currently there is no way to calculate the md5 without reading the chunk a 2nd time (1st read is in uploadMultipart)
+	// possible in AWS SDK v2 with trailers?
+	m := md5.New()
+	currentChunkSize, err := io.Copy(m, reader)
+	if err != nil {
+		return -1, err
+	}
+	// If no data read and not the first chunk, don't write the chunk
+	if currentChunkSize == 0 && chunkNumber != 0 {
+		return 0, nil
+	}
+	md5sumBinary := m.Sum([]byte{})
+	w.addMd5(&md5sumBinary, int64(chunkNumber))
+	md5sum := base64.StdEncoding.EncodeToString(md5sumBinary[:])
+
+	// S3 requires 1 <= PartNumber <= 10000
+	s3PartNumber := aws.Int64(int64(chunkNumber + 1))
+	uploadPartReq := &s3.UploadPartInput{
+		Body:                 reader,
+		Bucket:               w.bucket,
+		Key:                  w.key,
+		PartNumber:           s3PartNumber,
+		UploadId:             w.uploadID,
+		ContentMD5:           &md5sum,
+		ContentLength:        aws.Int64(currentChunkSize),
+		RequestPayer:         w.multiPartUploadInput.RequestPayer,
+		SSECustomerAlgorithm: w.multiPartUploadInput.SSECustomerAlgorithm,
+		SSECustomerKey:       w.multiPartUploadInput.SSECustomerKey,
+		SSECustomerKeyMD5:    w.multiPartUploadInput.SSECustomerKeyMD5,
+	}
+	var uout *s3.UploadPartOutput
+	err = w.f.pacer.Call(func() (bool, error) {
+		// rewind the reader on retry and after reading md5
+		_, err = reader.Seek(0, io.SeekStart)
+		if err != nil {
+			return false, err
 		}
-
-		// Read the chunk
-		var n int
-		n, err = readers.ReadFill(in, buf) // this can never return 0, nil
-		if err == io.EOF {
-			if n == 0 && partNum != 1 { // end if no data and if not first chunk
-				free()
-				break
+		uout, err = w.f.c.UploadPartWithContext(ctx, uploadPartReq)
+		if err != nil {
+			if chunkNumber <= 8 {
+				return w.f.shouldRetry(ctx, err)
 			}
-			finished = true
-		} else if err != nil {
-			free()
-			return wantETag, gotETag, nil, fmt.Errorf("multipart upload failed to read source: %w", err)
+			// retry all chunks once have done the first few
+			return true, err
 		}
-		buf = buf[:n]
-
-		partNum := partNum
-		fs.Debugf(o, "multipart upload starting chunk %d size %v offset %v/%v", partNum, fs.SizeSuffix(n), fs.SizeSuffix(off), fs.SizeSuffix(size))
-		off += int64(n)
-		g.Go(func() (err error) {
-			defer free()
-			partLength := int64(len(buf))
+		return false, nil
+	})
+	if err != nil {
+		return -1, fmt.Errorf("failed to upload chunk %d with %v bytes: %w", chunkNumber+1, currentChunkSize, err)
+	}
 
-			// create checksum of buffer for integrity checking
-			md5sumBinary := md5.Sum(buf)
-			addMd5(&md5sumBinary, partNum-1)
-			md5sum := base64.StdEncoding.EncodeToString(md5sumBinary[:])
+	w.addCompletedPart(s3PartNumber, uout.ETag)
 
-			err = f.pacer.Call(func() (bool, error) {
-				uploadPartReq := &s3.UploadPartInput{
-					Body:                 bytes.NewReader(buf),
-					Bucket:               req.Bucket,
-					Key:                  req.Key,
-					PartNumber:           &partNum,
-					UploadId:             uid,
-					ContentMD5:           &md5sum,
-					ContentLength:        &partLength,
-					RequestPayer:         req.RequestPayer,
-					SSECustomerAlgorithm: req.SSECustomerAlgorithm,
-					SSECustomerKey:       req.SSECustomerKey,
-					SSECustomerKeyMD5:    req.SSECustomerKeyMD5,
-				}
-				uout, err := f.c.UploadPartWithContext(gCtx, uploadPartReq)
-				if err != nil {
-					if partNum <= int64(concurrency) {
-						return f.shouldRetry(ctx, err)
-					}
-					// retry all chunks once have done the first batch
-					return true, err
-				}
-				partsMu.Lock()
-				parts = append(parts, &s3.CompletedPart{
-					PartNumber: &partNum,
-					ETag:       uout.ETag,
-				})
-				partsMu.Unlock()
+	fs.Debugf(w.o, "multipart upload wrote chunk %d with %v bytes and etag %v", chunkNumber+1, currentChunkSize, *uout.ETag)
+	return currentChunkSize, err
+}
 
-				return false, nil
-			})
-			if err != nil {
-				return fmt.Errorf("multipart upload failed to upload part: %w", err)
-			}
-			return nil
+// Abort the multipart upload
+func (w *s3ChunkWriter) Abort(ctx context.Context) error {
+	err := w.f.pacer.Call(func() (bool, error) {
+		_, err := w.f.c.AbortMultipartUploadWithContext(context.Background(), &s3.AbortMultipartUploadInput{
+			Bucket:       w.bucket,
+			Key:          w.key,
+			UploadId:     w.uploadID,
+			RequestPayer: w.multiPartUploadInput.RequestPayer,
 		})
-	}
-	err = g.Wait()
+		return w.f.shouldRetry(ctx, err)
+	})
 	if err != nil {
-		return wantETag, gotETag, nil, err
+		return fmt.Errorf("failed to abort multipart upload %q: %w", *w.uploadID, err)
 	}
+	fs.Debugf(w.o, "multipart upload %q aborted", *w.uploadID)
+	return err
+}
 
+// Close and finalise the multipart upload
+func (w *s3ChunkWriter) Close(ctx context.Context) (err error) {
 	// sort the completed parts by part number
-	sort.Slice(parts, func(i, j int) bool {
-		return *parts[i].PartNumber < *parts[j].PartNumber
+	sort.Slice(w.completedParts, func(i, j int) bool {
+		return *w.completedParts[i].PartNumber < *w.completedParts[j].PartNumber
 	})
-
 	var resp *s3.CompleteMultipartUploadOutput
-	err = f.pacer.Call(func() (bool, error) {
-		resp, err = f.c.CompleteMultipartUploadWithContext(ctx, &s3.CompleteMultipartUploadInput{
-			Bucket: req.Bucket,
-			Key:    req.Key,
+	err = w.f.pacer.Call(func() (bool, error) {
+		resp, err = w.f.c.CompleteMultipartUploadWithContext(ctx, &s3.CompleteMultipartUploadInput{
+			Bucket: w.bucket,
+			Key:    w.key,
 			MultipartUpload: &s3.CompletedMultipartUpload{
-				Parts: parts,
+				Parts: w.completedParts,
 			},
-			RequestPayer: req.RequestPayer,
-			UploadId:     uid,
+			RequestPayer: w.multiPartUploadInput.RequestPayer,
+			UploadId:     w.uploadID,
 		})
-		return f.shouldRetry(ctx, err)
+		return w.f.shouldRetry(ctx, err)
 	})
 	if err != nil {
-		return wantETag, gotETag, nil, fmt.Errorf("multipart upload failed to finalise: %w", err)
+		return fmt.Errorf("failed to complete multipart upload %q: %w", *w.uploadID, err)
 	}
-	hashOfHashes := md5.Sum(md5s)
-	wantETag = fmt.Sprintf("%s-%d", hex.EncodeToString(hashOfHashes[:]), len(parts))
 	if resp != nil {
 		if resp.ETag != nil {
-			gotETag = *resp.ETag
+			w.eTag = *resp.ETag
 		}
-		versionID = resp.VersionId
+		if resp.VersionId != nil {
+			w.versionID = *resp.VersionId
+		}
+	}
+	fs.Debugf(w.o, "multipart upload %q finished", *w.uploadID)
+	return err
+}
+
+func (o *Object) uploadMultipart(ctx context.Context, src fs.ObjectInfo, in io.Reader, options ...fs.OpenOption) (wantETag, gotETag string, versionID *string, ui uploadInfo, err error) {
+	chunkWriter, err := multipart.UploadMultipart(ctx, src, in, multipart.UploadMultipartOptions{
+		Open:        o.fs,
+		OpenOptions: options,
+	})
+	if err != nil {
+		return wantETag, gotETag, versionID, ui, err
 	}
-	return wantETag, gotETag, versionID, nil
+
+	var s3cw *s3ChunkWriter = chunkWriter.(*s3ChunkWriter)
+	gotETag = s3cw.eTag
+	versionID = aws.String(s3cw.versionID)
+
+	hashOfHashes := md5.Sum(s3cw.md5s)
+	wantETag = fmt.Sprintf("%s-%d", hex.EncodeToString(hashOfHashes[:]), len(s3cw.completedParts))
+
+	return wantETag, gotETag, versionID, s3cw.ui, nil
 }
 
 // unWrapAwsError unwraps AWS errors, looking for a non AWS error
@@ -5364,54 +5996,57 @@ func (o *Object) uploadSinglepartPresignedRequest(ctx context.Context, req *s3.P
 	return etag, lastModified, versionID, nil
 }
 
-// Update the Object from in with modTime and size
-func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error {
-	if o.fs.opt.VersionAt.IsSet() {
-		return errNotWithVersionAt
-	}
+// Info needed for an upload
+type uploadInfo struct {
+	req       *s3.PutObjectInput
+	md5sumHex string
+}
+
+// Prepare object for being uploaded
+func (o *Object) prepareUpload(ctx context.Context, src fs.ObjectInfo, options []fs.OpenOption) (ui uploadInfo, err error) {
 	bucket, bucketPath := o.split()
-	err := o.fs.makeBucket(ctx, bucket)
-	if err != nil {
-		return err
+	// Create parent dir/bucket if not saving directory marker
+	if !strings.HasSuffix(o.remote, "/") {
+		err := o.fs.mkdirParent(ctx, o.remote)
+		if err != nil {
+			return ui, err
+		}
 	}
 	modTime := src.ModTime(ctx)
-	size := src.Size()
-
-	multipart := size < 0 || size >= int64(o.fs.opt.UploadCutoff)
 
-	req := s3.PutObjectInput{
+	ui.req = &s3.PutObjectInput{
 		Bucket: &bucket,
 		ACL:    stringPointerOrNil(o.fs.opt.ACL),
 		Key:    &bucketPath,
 	}
 
 	// Fetch metadata if --metadata is in use
-	meta, err := fs.GetMetadataOptions(ctx, src, options)
+	meta, err := fs.GetMetadataOptions(ctx, o.fs, src, options)
 	if err != nil {
-		return fmt.Errorf("failed to read metadata from source object: %w", err)
+		return ui, fmt.Errorf("failed to read metadata from source object: %w", err)
 	}
-	req.Metadata = make(map[string]*string, len(meta)+2)
+	ui.req.Metadata = make(map[string]*string, len(meta)+2)
 	// merge metadata into request and user metadata
 	for k, v := range meta {
 		pv := aws.String(v)
 		k = strings.ToLower(k)
 		if o.fs.opt.NoSystemMetadata {
-			req.Metadata[k] = pv
+			ui.req.Metadata[k] = pv
 			continue
 		}
 		switch k {
 		case "cache-control":
-			req.CacheControl = pv
+			ui.req.CacheControl = pv
 		case "content-disposition":
-			req.ContentDisposition = pv
+			ui.req.ContentDisposition = pv
 		case "content-encoding":
-			req.ContentEncoding = pv
+			ui.req.ContentEncoding = pv
 		case "content-language":
-			req.ContentLanguage = pv
+			ui.req.ContentLanguage = pv
 		case "content-type":
-			req.ContentType = pv
+			ui.req.ContentType = pv
 		case "x-amz-tagging":
-			req.Tagging = pv
+			ui.req.Tagging = pv
 		case "tier":
 			// ignore
 		case "mtime":
@@ -5424,14 +6059,14 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 			}
 		case "btime":
 			// write as metadata since we can't set it
-			req.Metadata[k] = pv
+			ui.req.Metadata[k] = pv
 		default:
-			req.Metadata[k] = pv
+			ui.req.Metadata[k] = pv
 		}
 	}
 
 	// Set the mtime in the meta data
-	req.Metadata[metaMtime] = aws.String(swift.TimeToFloatString(modTime))
+	ui.req.Metadata[metaMtime] = aws.String(swift.TimeToFloatString(modTime))
 
 	// read the md5sum if available
 	// - for non multipart
@@ -5440,11 +6075,12 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	// - for multipart provided checksums aren't disabled
 	//    - so we can add the md5sum in the metadata as metaMD5Hash
 	var md5sumBase64 string
-	var md5sumHex string
+	size := src.Size()
+	multipart := size < 0 || size >= int64(o.fs.opt.UploadCutoff)
 	if !multipart || !o.fs.opt.DisableChecksum {
-		md5sumHex, err = src.Hash(ctx, hash.MD5)
-		if err == nil && matchMd5.MatchString(md5sumHex) {
-			hashBytes, err := hex.DecodeString(md5sumHex)
+		ui.md5sumHex, err = src.Hash(ctx, hash.MD5)
+		if err == nil && matchMd5.MatchString(ui.md5sumHex) {
+			hashBytes, err := hex.DecodeString(ui.md5sumHex)
 			if err == nil {
 				md5sumBase64 = base64.StdEncoding.EncodeToString(hashBytes)
 				if (multipart || o.fs.etagIsNotMD5) && !o.fs.opt.DisableChecksum {
@@ -5452,42 +6088,42 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 					// - a multipart upload
 					// - the Etag is not an MD5, eg when using SSE/SSE-C
 					// provided checksums aren't disabled
-					req.Metadata[metaMD5Hash] = &md5sumBase64
+					ui.req.Metadata[metaMD5Hash] = &md5sumBase64
 				}
 			}
 		}
 	}
 
-	// Set the content type it it isn't set already
-	if req.ContentType == nil {
-		req.ContentType = aws.String(fs.MimeType(ctx, src))
+	// Set the content type if it isn't set already
+	if ui.req.ContentType == nil {
+		ui.req.ContentType = aws.String(fs.MimeType(ctx, src))
 	}
 	if size >= 0 {
-		req.ContentLength = &size
+		ui.req.ContentLength = &size
 	}
 	if md5sumBase64 != "" {
-		req.ContentMD5 = &md5sumBase64
+		ui.req.ContentMD5 = &md5sumBase64
 	}
 	if o.fs.opt.RequesterPays {
-		req.RequestPayer = aws.String(s3.RequestPayerRequester)
+		ui.req.RequestPayer = aws.String(s3.RequestPayerRequester)
 	}
 	if o.fs.opt.ServerSideEncryption != "" {
-		req.ServerSideEncryption = &o.fs.opt.ServerSideEncryption
+		ui.req.ServerSideEncryption = &o.fs.opt.ServerSideEncryption
 	}
 	if o.fs.opt.SSECustomerAlgorithm != "" {
-		req.SSECustomerAlgorithm = &o.fs.opt.SSECustomerAlgorithm
+		ui.req.SSECustomerAlgorithm = &o.fs.opt.SSECustomerAlgorithm
 	}
 	if o.fs.opt.SSECustomerKey != "" {
-		req.SSECustomerKey = &o.fs.opt.SSECustomerKey
+		ui.req.SSECustomerKey = &o.fs.opt.SSECustomerKey
 	}
 	if o.fs.opt.SSECustomerKeyMD5 != "" {
-		req.SSECustomerKeyMD5 = &o.fs.opt.SSECustomerKeyMD5
+		ui.req.SSECustomerKeyMD5 = &o.fs.opt.SSECustomerKeyMD5
 	}
 	if o.fs.opt.SSEKMSKeyID != "" {
-		req.SSEKMSKeyId = &o.fs.opt.SSEKMSKeyID
+		ui.req.SSEKMSKeyId = &o.fs.opt.SSEKMSKeyID
 	}
 	if o.fs.opt.StorageClass != "" {
-		req.StorageClass = &o.fs.opt.StorageClass
+		ui.req.StorageClass = &o.fs.opt.StorageClass
 	}
 	// Apply upload options
 	for _, option := range options {
@@ -5497,22 +6133,22 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		case "":
 			// ignore
 		case "cache-control":
-			req.CacheControl = aws.String(value)
+			ui.req.CacheControl = aws.String(value)
 		case "content-disposition":
-			req.ContentDisposition = aws.String(value)
+			ui.req.ContentDisposition = aws.String(value)
 		case "content-encoding":
-			req.ContentEncoding = aws.String(value)
+			ui.req.ContentEncoding = aws.String(value)
 		case "content-language":
-			req.ContentLanguage = aws.String(value)
+			ui.req.ContentLanguage = aws.String(value)
 		case "content-type":
-			req.ContentType = aws.String(value)
+			ui.req.ContentType = aws.String(value)
 		case "x-amz-tagging":
-			req.Tagging = aws.String(value)
+			ui.req.Tagging = aws.String(value)
 		default:
 			const amzMetaPrefix = "x-amz-meta-"
 			if strings.HasPrefix(lowerKey, amzMetaPrefix) {
 				metaKey := lowerKey[len(amzMetaPrefix):]
-				req.Metadata[metaKey] = aws.String(value)
+				ui.req.Metadata[metaKey] = aws.String(value)
 			} else {
 				fs.Errorf(o, "Don't know how to set key %q on upload", key)
 			}
@@ -5520,30 +6156,48 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	}
 
 	// Check metadata keys and values are valid
-	for key, value := range req.Metadata {
+	for key, value := range ui.req.Metadata {
 		if !httpguts.ValidHeaderFieldName(key) {
 			fs.Errorf(o, "Dropping invalid metadata key %q", key)
-			delete(req.Metadata, key)
+			delete(ui.req.Metadata, key)
 		} else if value == nil {
 			fs.Errorf(o, "Dropping nil metadata value for key %q", key)
-			delete(req.Metadata, key)
+			delete(ui.req.Metadata, key)
 		} else if !httpguts.ValidHeaderFieldValue(*value) {
 			fs.Errorf(o, "Dropping invalid metadata value %q for key %q", *value, key)
-			delete(req.Metadata, key)
+			delete(ui.req.Metadata, key)
 		}
 	}
 
+	return ui, nil
+}
+
+// Update the Object from in with modTime and size
+func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error {
+	if o.fs.opt.VersionAt.IsSet() {
+		return errNotWithVersionAt
+	}
+	size := src.Size()
+	multipart := size < 0 || size >= int64(o.fs.opt.UploadCutoff)
+
 	var wantETag string        // Multipart upload Etag to check
 	var gotETag string         // Etag we got from the upload
 	var lastModified time.Time // Time we got from the upload
 	var versionID *string      // versionID we got from the upload
+	var err error
+	var ui uploadInfo
 	if multipart {
-		wantETag, gotETag, versionID, err = o.uploadMultipart(ctx, &req, size, in)
+		wantETag, gotETag, versionID, ui, err = o.uploadMultipart(ctx, src, in, options...)
 	} else {
+		ui, err = o.prepareUpload(ctx, src, options)
+		if err != nil {
+			return fmt.Errorf("failed to prepare upload: %w", err)
+		}
+
 		if o.fs.opt.UsePresignedRequest {
-			gotETag, lastModified, versionID, err = o.uploadSinglepartPresignedRequest(ctx, &req, size, in)
+			gotETag, lastModified, versionID, err = o.uploadSinglepartPresignedRequest(ctx, ui.req, size, in)
 		} else {
-			gotETag, lastModified, versionID, err = o.uploadSinglepartPutObject(ctx, &req, size, in)
+			gotETag, lastModified, versionID, err = o.uploadSinglepartPutObject(ctx, ui.req, size, in)
 		}
 	}
 	if err != nil {
@@ -5563,8 +6217,8 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	if o.fs.opt.NoHead && size >= 0 {
 		head = new(s3.HeadObjectOutput)
 		//structs.SetFrom(head, &req)
-		setFrom_s3HeadObjectOutput_s3PutObjectInput(head, &req)
-		head.ETag = &md5sumHex // doesn't matter quotes are missing
+		setFrom_s3HeadObjectOutput_s3PutObjectInput(head, ui.req)
+		head.ETag = &ui.md5sumHex // doesn't matter quotes are missing
 		head.ContentLength = &size
 		// We get etag back from single and multipart upload so fill it in here
 		if gotETag != "" {
@@ -5695,23 +6349,24 @@ func (o *Object) Metadata(ctx context.Context) (metadata fs.Metadata, err error)
 	setMetadata("content-disposition", o.contentDisposition)
 	setMetadata("content-encoding", o.contentEncoding)
 	setMetadata("content-language", o.contentLanguage)
-	setMetadata("tier", o.storageClass)
+	metadata["tier"] = o.GetTier()
 
 	return metadata, nil
 }
 
 // Check the interfaces are satisfied
 var (
-	_ fs.Fs          = &Fs{}
-	_ fs.Purger      = &Fs{}
-	_ fs.Copier      = &Fs{}
-	_ fs.PutStreamer = &Fs{}
-	_ fs.ListRer     = &Fs{}
-	_ fs.Commander   = &Fs{}
-	_ fs.CleanUpper  = &Fs{}
-	_ fs.Object      = &Object{}
-	_ fs.MimeTyper   = &Object{}
-	_ fs.GetTierer   = &Object{}
-	_ fs.SetTierer   = &Object{}
-	_ fs.Metadataer  = &Object{}
+	_ fs.Fs              = &Fs{}
+	_ fs.Purger          = &Fs{}
+	_ fs.Copier          = &Fs{}
+	_ fs.PutStreamer     = &Fs{}
+	_ fs.ListRer         = &Fs{}
+	_ fs.Commander       = &Fs{}
+	_ fs.CleanUpper      = &Fs{}
+	_ fs.OpenChunkWriter = &Fs{}
+	_ fs.Object          = &Object{}
+	_ fs.MimeTyper       = &Object{}
+	_ fs.GetTierer       = &Object{}
+	_ fs.SetTierer       = &Object{}
+	_ fs.Metadataer      = &Object{}
 )
diff --git a/backend/s3/s3_internal_test.go b/backend/s3/s3_internal_test.go
index 9d22ca69bef42..4e34b1c27db7f 100644
--- a/backend/s3/s3_internal_test.go
+++ b/backend/s3/s3_internal_test.go
@@ -6,15 +6,20 @@ import (
 	"context"
 	"crypto/md5"
 	"fmt"
+	"path"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/cache"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/fstest"
 	"github.com/rclone/rclone/fstest/fstests"
+	"github.com/rclone/rclone/lib/bucket"
 	"github.com/rclone/rclone/lib/random"
 	"github.com/rclone/rclone/lib/version"
 	"github.com/stretchr/testify/assert"
@@ -250,7 +255,8 @@ func (f *Fs) InternalTestVersions(t *testing.T) {
 	time.Sleep(2 * time.Second)
 
 	// Create an object
-	const fileName = "test-versions.txt"
+	const dirName = "versions"
+	const fileName = dirName + "/" + "test-versions.txt"
 	contents := random.String(100)
 	item := fstest.NewItem(fileName, contents, fstest.Time("2001-05-06T04:05:06.499999999Z"))
 	obj := fstests.PutTestContents(ctx, t, f, &item, contents, true)
@@ -280,11 +286,12 @@ func (f *Fs) InternalTestVersions(t *testing.T) {
 		}()
 
 		// Read the contents
-		entries, err := f.List(ctx, "")
+		entries, err := f.List(ctx, dirName)
 		require.NoError(t, err)
 		tests := 0
 		var fileNameVersion string
 		for _, entry := range entries {
+			t.Log(entry)
 			remote := entry.Remote()
 			if remote == fileName {
 				t.Run("ReadCurrent", func(t *testing.T) {
@@ -309,6 +316,23 @@ func (f *Fs) InternalTestVersions(t *testing.T) {
 			require.NotNil(t, o)
 			assert.Equal(t, int64(100), o.Size(), o.Remote())
 		})
+
+		// Check we can make a NewFs from that object with a version suffix
+		t.Run("NewFs", func(t *testing.T) {
+			newPath := bucket.Join(fs.ConfigStringFull(f), fileNameVersion)
+			// Make sure --s3-versions is set in the config of the new remote
+			fs.Debugf(nil, "oldPath = %q", newPath)
+			lastColon := strings.LastIndex(newPath, ":")
+			require.True(t, lastColon >= 0)
+			newPath = newPath[:lastColon] + ",versions" + newPath[lastColon:]
+			fs.Debugf(nil, "newPath = %q", newPath)
+			fNew, err := cache.Get(ctx, newPath)
+			// This should return pointing to a file
+			require.Equal(t, fs.ErrorIsFile, err)
+			require.NotNil(t, fNew)
+			// With the directory the directory above
+			assert.Equal(t, dirName, path.Base(fs.ConfigStringFull(fNew)))
+		})
 	})
 
 	t.Run("VersionAt", func(t *testing.T) {
@@ -370,6 +394,41 @@ func (f *Fs) InternalTestVersions(t *testing.T) {
 		}
 	})
 
+	t.Run("Mkdir", func(t *testing.T) {
+		// Test what happens when we create a bucket we already own and see whether the
+		// quirk is set correctly
+		req := s3.CreateBucketInput{
+			Bucket: &f.rootBucket,
+			ACL:    stringPointerOrNil(f.opt.BucketACL),
+		}
+		if f.opt.LocationConstraint != "" {
+			req.CreateBucketConfiguration = &s3.CreateBucketConfiguration{
+				LocationConstraint: &f.opt.LocationConstraint,
+			}
+		}
+		err := f.pacer.Call(func() (bool, error) {
+			_, err := f.c.CreateBucketWithContext(ctx, &req)
+			return f.shouldRetry(ctx, err)
+		})
+		var errString string
+		if err == nil {
+			errString = "No Error"
+		} else if awsErr, ok := err.(awserr.Error); ok {
+			errString = awsErr.Code()
+		} else {
+			assert.Fail(t, "Unknown error %T %v", err, err)
+		}
+		t.Logf("Creating a bucket we already have created returned code: %s", errString)
+		switch errString {
+		case "BucketAlreadyExists":
+			assert.False(t, f.opt.UseAlreadyExists.Value, "Need to clear UseAlreadyExists quirk")
+		case "No Error", "BucketAlreadyOwnedByYou":
+			assert.True(t, f.opt.UseAlreadyExists.Value, "Need to set UseAlreadyExists quirk")
+		default:
+			assert.Fail(t, "Unknown error string %q", errString)
+		}
+	})
+
 	t.Run("Cleanup", func(t *testing.T) {
 		require.NoError(t, f.CleanUpHidden(ctx))
 		items := append([]fstest.Item{newItem}, fstests.InternalTestFiles...)
diff --git a/backend/s3/s3_test.go b/backend/s3/s3_test.go
index e226878a505c8..3415bebf2eef9 100644
--- a/backend/s3/s3_test.go
+++ b/backend/s3/s3_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fstest"
 	"github.com/rclone/rclone/fstest/fstests"
 )
 
@@ -20,6 +21,24 @@ func TestIntegration(t *testing.T) {
 	})
 }
 
+func TestIntegration2(t *testing.T) {
+	if *fstest.RemoteName != "" {
+		t.Skip("skipping as -remote is set")
+	}
+	name := "TestS3"
+	fstests.Run(t, &fstests.Opt{
+		RemoteName:  name + ":",
+		NilObject:   (*Object)(nil),
+		TiersToTest: []string{"STANDARD", "STANDARD_IA"},
+		ChunkedUpload: fstests.ChunkedUploadConfig{
+			MinChunkSize: minChunkSize,
+		},
+		ExtraConfig: []fstests.ExtraConfigItem{
+			{Name: name, Key: "directory_markers", Value: "true"},
+		},
+	})
+}
+
 func (f *Fs) SetUploadChunkSize(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
 	return f.setUploadChunkSize(cs)
 }
@@ -28,4 +47,12 @@ func (f *Fs) SetUploadCutoff(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
 	return f.setUploadCutoff(cs)
 }
 
-var _ fstests.SetUploadChunkSizer = (*Fs)(nil)
+func (f *Fs) SetCopyCutoff(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
+	return f.setCopyCutoff(cs)
+}
+
+var (
+	_ fstests.SetUploadChunkSizer = (*Fs)(nil)
+	_ fstests.SetUploadCutoffer   = (*Fs)(nil)
+	_ fstests.SetCopyCutoffer     = (*Fs)(nil)
+)
diff --git a/backend/s3/v2sign.go b/backend/s3/v2sign.go
index d31cbeb714340..12e41f0b6226c 100644
--- a/backend/s3/v2sign.go
+++ b/backend/s3/v2sign.go
@@ -14,6 +14,7 @@ import (
 
 // URL parameters that need to be added to the signature
 var s3ParamsToSign = map[string]struct{}{
+	"delete":                       {},
 	"acl":                          {},
 	"location":                     {},
 	"logging":                      {},
diff --git a/backend/seafile/renew_test.go b/backend/seafile/renew_test.go
index 610f553fdd872..845693e44cc4e 100644
--- a/backend/seafile/renew_test.go
+++ b/backend/seafile/renew_test.go
@@ -17,17 +17,17 @@ func TestShouldAllowShutdownTwice(t *testing.T) {
 }
 
 func TestRenewalInTimeLimit(t *testing.T) {
-	var count int64
+	var count atomic.Int64
 
 	renew := NewRenew(100*time.Millisecond, func() error {
-		atomic.AddInt64(&count, 1)
+		count.Add(1)
 		return nil
 	})
 	time.Sleep(time.Second)
 	renew.Shutdown()
 
 	// there's no guarantee the CI agent can handle a simple goroutine
-	renewCount := atomic.LoadInt64(&count)
+	renewCount := count.Load()
 	t.Logf("renew count = %d", renewCount)
 	assert.Greater(t, renewCount, int64(0))
 	assert.Less(t, renewCount, int64(11))
diff --git a/backend/seafile/seafile.go b/backend/seafile/seafile.go
index 58dfd79c21fad..3fa3e317a5a79 100644
--- a/backend/seafile/seafile.go
+++ b/backend/seafile/seafile.go
@@ -67,15 +67,18 @@ func init() {
 				Value: "https://cloud.seafile.com/",
 				Help:  "Connect to cloud.seafile.com.",
 			}},
+			Sensitive: true,
 		}, {
-			Name:     configUser,
-			Help:     "User name (usually email address).",
-			Required: true,
+			Name:      configUser,
+			Help:      "User name (usually email address).",
+			Required:  true,
+			Sensitive: true,
 		}, {
 			// Password is not required, it will be left blank for 2FA
 			Name:       configPassword,
 			Help:       "Password.",
 			IsPassword: true,
+			Sensitive:  true,
 		}, {
 			Name:    config2FA,
 			Help:    "Two-factor authentication ('true' if the account has 2FA enabled).",
@@ -87,6 +90,7 @@ func init() {
 			Name:       configLibraryKey,
 			Help:       "Library password (for encrypted libraries only).\n\nLeave blank if you pass it through the command line.",
 			IsPassword: true,
+			Sensitive:  true,
 		}, {
 			Name:     configCreateLibrary,
 			Help:     "Should rclone create a library if it doesn't exist.",
@@ -94,9 +98,10 @@ func init() {
 			Default:  false,
 		}, {
 			// Keep the authentication token after entering the 2FA code
-			Name: configAuthToken,
-			Help: "Authentication token.",
-			Hide: fs.OptionHideBoth,
+			Name:      configAuthToken,
+			Help:      "Authentication token.",
+			Hide:      fs.OptionHideBoth,
+			Sensitive: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
diff --git a/backend/seafile/webapi.go b/backend/seafile/webapi.go
index cf3e77bda55e7..d3ebe3fde0dad 100644
--- a/backend/seafile/webapi.go
+++ b/backend/seafile/webapi.go
@@ -953,11 +953,9 @@ func (f *Fs) emptyLibraryTrash(ctx context.Context, libraryID string) error {
 	return nil
 }
 
-// === API v2 from the official documentation, but that have been replaced by the much better v2.1 (undocumented as of Apr 2020)
-// === getDirectoryEntriesAPIv2 is needed to keep compatibility with seafile v6,
-// === the others can probably be removed after the API v2.1 is documented
-
 func (f *Fs) getDirectoryEntriesAPIv2(ctx context.Context, libraryID, dirPath string) ([]api.DirEntry, error) {
+	// API v2 from the official documentation, but that have been replaced by the much better v2.1 (undocumented as of Apr 2020)
+	// getDirectoryEntriesAPIv2 is needed to keep compatibility with seafile v6.
 	// API Documentation
 	// https://download.seafile.com/published/web-api/v2.1/directories.md#user-content-List%20Items%20in%20Directory
 	if libraryID == "" {
@@ -1001,95 +999,3 @@ func (f *Fs) getDirectoryEntriesAPIv2(ctx context.Context, libraryID, dirPath st
 	}
 	return result, nil
 }
-
-func (f *Fs) copyFileAPIv2(ctx context.Context, srcLibraryID, srcPath, dstLibraryID, dstPath string) (*api.FileInfo, error) {
-	// API Documentation
-	// https://download.seafile.com/published/web-api/v2.1/file.md#user-content-Copy%20File
-	if srcLibraryID == "" || dstLibraryID == "" {
-		return nil, errors.New("libraryID and/or file path argument(s) missing")
-	}
-	srcPath = path.Join("/", srcPath)
-	dstPath = path.Join("/", dstPath)
-
-	// Older API does not seem to accept JSON input here either
-	postParameters := url.Values{
-		"operation": {"copy"},
-		"dst_repo":  {dstLibraryID},
-		"dst_dir":   {f.opt.Enc.FromStandardPath(dstPath)},
-	}
-	opts := rest.Opts{
-		Method:      "POST",
-		Path:        APIv20 + srcLibraryID + "/file/",
-		Parameters:  url.Values{"p": {f.opt.Enc.FromStandardPath(srcPath)}},
-		ContentType: "application/x-www-form-urlencoded",
-		Body:        bytes.NewBuffer([]byte(postParameters.Encode())),
-	}
-	result := &api.FileInfo{}
-	var resp *http.Response
-	var err error
-	err = f.pacer.Call(func() (bool, error) {
-		resp, err = f.srv.Call(ctx, &opts)
-		return f.shouldRetry(ctx, resp, err)
-	})
-	if err != nil {
-		if resp != nil {
-			if resp.StatusCode == 401 || resp.StatusCode == 403 {
-				return nil, fs.ErrorPermissionDenied
-			}
-		}
-		return nil, fmt.Errorf("failed to copy file %s:'%s' to %s:'%s': %w", srcLibraryID, srcPath, dstLibraryID, dstPath, err)
-	}
-	err = rest.DecodeJSON(resp, &result)
-	if err != nil {
-		return nil, err
-	}
-	return f.decodeFileInfo(result), nil
-}
-
-func (f *Fs) renameFileAPIv2(ctx context.Context, libraryID, filePath, newname string) error {
-	// API Documentation
-	// https://download.seafile.com/published/web-api/v2.1/file.md#user-content-Rename%20File
-	if libraryID == "" || newname == "" {
-		return errors.New("libraryID and/or file path argument(s) missing")
-	}
-	filePath = path.Join("/", filePath)
-
-	// No luck with JSON input with the older api2
-	postParameters := url.Values{
-		"operation": {"rename"},
-		"reloaddir": {"true"}, // This is an undocumented trick to avoid an http code 301 response (found in https://github.com/haiwen/seahub/blob/master/seahub/api2/views.py)
-		"newname":   {f.opt.Enc.FromStandardName(newname)},
-	}
-
-	opts := rest.Opts{
-		Method:      "POST",
-		Path:        APIv20 + libraryID + "/file/",
-		Parameters:  url.Values{"p": {f.opt.Enc.FromStandardPath(filePath)}},
-		ContentType: "application/x-www-form-urlencoded",
-		Body:        bytes.NewBuffer([]byte(postParameters.Encode())),
-		NoRedirect:  true,
-		NoResponse:  true,
-	}
-	var resp *http.Response
-	var err error
-	err = f.pacer.Call(func() (bool, error) {
-		resp, err = f.srv.Call(ctx, &opts)
-		return f.shouldRetry(ctx, resp, err)
-	})
-	if err != nil {
-		if resp != nil {
-			if resp.StatusCode == 301 {
-				// This is the normal response from the server
-				return nil
-			}
-			if resp.StatusCode == 401 || resp.StatusCode == 403 {
-				return fs.ErrorPermissionDenied
-			}
-			if resp.StatusCode == 404 {
-				return fs.ErrorObjectNotFound
-			}
-		}
-		return fmt.Errorf("failed to rename file: %w", err)
-	}
-	return nil
-}
diff --git a/backend/sftp/sftp.go b/backend/sftp/sftp.go
index c998180c7c6e0..4508d780be3c2 100644
--- a/backend/sftp/sftp.go
+++ b/backend/sftp/sftp.go
@@ -10,6 +10,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	iofs "io/fs"
 	"os"
 	"path"
 	"regexp"
@@ -26,7 +27,6 @@ import (
 	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/fs/config/configstruct"
 	"github.com/rclone/rclone/fs/config/obscure"
-	"github.com/rclone/rclone/fs/fshttp"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/lib/env"
 	"github.com/rclone/rclone/lib/pacer"
@@ -58,13 +58,15 @@ func init() {
 		Description: "SSH/SFTP",
 		NewFs:       NewFs,
 		Options: []fs.Option{{
-			Name:     "host",
-			Help:     "SSH host to connect to.\n\nE.g. \"example.com\".",
-			Required: true,
+			Name:      "host",
+			Help:      "SSH host to connect to.\n\nE.g. \"example.com\".",
+			Required:  true,
+			Sensitive: true,
 		}, {
-			Name:    "user",
-			Help:    "SSH username.",
-			Default: currentUser,
+			Name:      "user",
+			Help:      "SSH username.",
+			Default:   currentUser,
+			Sensitive: true,
 		}, {
 			Name:    "port",
 			Help:    "SSH port number.",
@@ -74,8 +76,9 @@ func init() {
 			Help:       "SSH password, leave blank to use ssh-agent.",
 			IsPassword: true,
 		}, {
-			Name: "key_pem",
-			Help: "Raw PEM-encoded private key.\n\nIf specified, will override key_file parameter.",
+			Name:      "key_pem",
+			Help:      "Raw PEM-encoded private key.\n\nIf specified, will override key_file parameter.",
+			Sensitive: true,
 		}, {
 			Name: "key_file",
 			Help: "Path to PEM-encoded private key file.\n\nLeave blank or set key-use-agent to use ssh-agent." + env.ShellExpandHelp,
@@ -86,6 +89,7 @@ func init() {
 Only PEM encrypted key files (old OpenSSH format) are supported. Encrypted keys
 in the new OpenSSH format can't be used.`,
 			IsPassword: true,
+			Sensitive:  true,
 		}, {
 			Name: "pubkey_file",
 			Help: `Optional path to public key file.
@@ -164,7 +168,19 @@ E.g. if shared folders can be found in directories representing volumes:
 
 E.g. if home directory can be found in a shared folder called "home":
 
-    rclone sync /home/local/directory remote:/home/directory --sftp-path-override /volume1/homes/USER/directory`,
+    rclone sync /home/local/directory remote:/home/directory --sftp-path-override /volume1/homes/USER/directory
+	
+To specify only the path to the SFTP remote's root, and allow rclone to add any relative subpaths automatically (including unwrapping/decrypting remotes as necessary), add the '@' character to the beginning of the path.
+
+E.g. the first example above could be rewritten as:
+
+	rclone sync /home/local/directory remote:/directory --sftp-path-override @/volume2
+	
+Note that when using this method with Synology "home" folders, the full "/homes/USER" path should be specified instead of "/home".
+
+E.g. the second example above should be rewritten as:
+
+	rclone sync /home/local/directory remote:/homes/USER/directory --sftp-path-override @/volume1`,
 			Advanced: true,
 		}, {
 			Name:     "set_modtime",
@@ -216,7 +232,16 @@ E.g. if home directory can be found in a shared folder called "home":
 			Default: "",
 			Help: `Specifies the path or command to run a sftp server on the remote host.
 
-The subsystem option is ignored when server_command is defined.`,
+The subsystem option is ignored when server_command is defined.
+
+If adding server_command to the configuration file please note that 
+it should not be enclosed in quotes, since that will make rclone fail.
+
+A working example is:
+
+    [remote_name]
+    type = sftp
+    server_command = sudo /usr/libexec/openssh/sftp-server`,
 			Advanced: true,
 		}, {
 			Name:    "use_fstat",
@@ -323,7 +348,7 @@ Pass multiple variables space separated, eg
 
     VAR1=value VAR2=value
 
-and pass variables with spaces in in quotes, eg
+and pass variables with spaces in quotes, eg
 
     "VAR3=value with space" "VAR4=value with space" VAR5=nospacehere
 
@@ -369,6 +394,81 @@ Example:
     umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-256-etm@openssh.com
 `,
 			Advanced: true,
+		}, {
+			Name:    "host_key_algorithms",
+			Default: fs.SpaceSepList{},
+			Help: `Space separated list of host key algorithms, ordered by preference.
+
+At least one must match with server configuration. This can be checked for example using ssh -Q HostKeyAlgorithms.
+
+Note: This can affect the outcome of key negotiation with the server even if server host key validation is not enabled.
+
+Example:
+
+    ssh-ed25519 ssh-rsa ssh-dss
+`,
+			Advanced: true,
+		}, {
+			Name:    "ssh",
+			Default: fs.SpaceSepList{},
+			Help: `Path and arguments to external ssh binary.
+
+Normally rclone will use its internal ssh library to connect to the
+SFTP server. However it does not implement all possible ssh options so
+it may be desirable to use an external ssh binary.
+
+Rclone ignores all the internal config if you use this option and
+expects you to configure the ssh binary with the user/host/port and
+any other options you need.
+
+**Important** The ssh command must log in without asking for a
+password so needs to be configured with keys or certificates.
+
+Rclone will run the command supplied either with the additional
+arguments "-s sftp" to access the SFTP subsystem or with commands such
+as "md5sum /path/to/file" appended to read checksums.
+
+Any arguments with spaces in should be surrounded by "double quotes".
+
+An example setting might be:
+
+    ssh -o ServerAliveInterval=20 user@example.com
+
+Note that when using an external ssh binary rclone makes a new ssh
+connection for every hash it calculates.
+`,
+		}, {
+			Name:    "socks_proxy",
+			Default: "",
+			Help: `Socks 5 proxy host.
+	
+Supports the format user:pass@host:port, user@host:port, host:port.
+
+Example:
+
+	myUser:myPass@localhost:9005
+	`,
+			Advanced: true,
+		}, {
+			Name:    "copy_is_hardlink",
+			Default: false,
+			Help: `Set to enable server side copies using hardlinks.
+
+The SFTP protocol does not define a copy command so normally server
+side copies are not allowed with the sftp backend.
+
+However the SFTP protocol does support hardlinking, and if you enable
+this flag then the sftp backend will support server side copies. These
+will be implemented by doing a hardlink from the source to the
+destination.
+
+Not all sftp servers support this.
+
+Note that hardlinking two files together will use no additional space
+as the source and the destination will be the same file.
+
+This feature may be useful backups made with --copy-dest.`,
+			Advanced: true,
 		}},
 	}
 	fs.Register(fsi)
@@ -407,6 +507,10 @@ type Options struct {
 	Ciphers                 fs.SpaceSepList `config:"ciphers"`
 	KeyExchange             fs.SpaceSepList `config:"key_exchange"`
 	MACs                    fs.SpaceSepList `config:"macs"`
+	HostKeyAlgorithms       fs.SpaceSepList `config:"host_key_algorithms"`
+	SSH                     fs.SpaceSepList `config:"ssh"`
+	SocksProxy              string          `config:"socks_proxy"`
+	CopyIsHardlink          bool            `config:"copy_is_hardlink"`
 }
 
 // Fs stores the interface to the remote SFTP files
@@ -429,7 +533,7 @@ type Fs struct {
 	drain        *time.Timer // used to drain the pool when we stop using the connections
 	pacer        *fs.Pacer   // pacer for operations
 	savedpswd    string
-	sessions     int32 // count in use sessions
+	sessions     atomic.Int32 // count in use sessions
 }
 
 // Object is a remote SFTP file that has been stat'd (so it exists, but is not necessarily open for reading)
@@ -443,41 +547,16 @@ type Object struct {
 	sha1sum *string     // Cached SHA1 checksum
 }
 
-// dial starts a client connection to the given SSH server. It is a
-// convenience function that connects to the given network address,
-// initiates the SSH handshake, and then sets up a Client.
-func (f *Fs) dial(ctx context.Context, network, addr string, sshConfig *ssh.ClientConfig) (*ssh.Client, error) {
-	dialer := fshttp.NewDialer(ctx)
-	conn, err := dialer.Dial(network, addr)
-	if err != nil {
-		return nil, err
-	}
-	c, chans, reqs, err := ssh.NewClientConn(conn, addr, sshConfig)
-	if err != nil {
-		return nil, err
-	}
-	fs.Debugf(f, "New connection %s->%s to %q", c.LocalAddr(), c.RemoteAddr(), c.ServerVersion())
-	return ssh.NewClient(c, chans, reqs), nil
-}
-
 // conn encapsulates an ssh client and corresponding sftp client
 type conn struct {
-	sshClient  *ssh.Client
+	sshClient  sshClient
 	sftpClient *sftp.Client
 	err        chan error
 }
 
 // Wait for connection to close
 func (c *conn) wait() {
-	c.err <- c.sshClient.Conn.Wait()
-}
-
-// Send a keepalive over the ssh connection
-func (c *conn) sendKeepAlive() {
-	_, _, err := c.sshClient.SendRequest("keepalive@openssh.com", true, nil)
-	if err != nil {
-		fs.Debugf(nil, "Failed to send keep alive: %v", err)
-	}
+	c.err <- c.sshClient.Wait()
 }
 
 // Send keepalives every interval over the ssh connection until done is closed
@@ -489,7 +568,7 @@ func (c *conn) sendKeepAlives(interval time.Duration) (done chan struct{}) {
 		for {
 			select {
 			case <-t.C:
-				c.sendKeepAlive()
+				c.sshClient.SendKeepAlive()
 			case <-done:
 				return
 			}
@@ -522,17 +601,17 @@ func (c *conn) closed() error {
 //
 // Call removeSession() when done
 func (f *Fs) addSession() {
-	atomic.AddInt32(&f.sessions, 1)
+	f.sessions.Add(1)
 }
 
 // Show the ssh session is no longer in use
 func (f *Fs) removeSession() {
-	atomic.AddInt32(&f.sessions, -1)
+	f.sessions.Add(-1)
 }
 
 // getSessions shows whether there are any sessions in use
 func (f *Fs) getSessions() int32 {
-	return atomic.LoadInt32(&f.sessions)
+	return f.sessions.Load()
 }
 
 // Open a new connection to the SFTP server.
@@ -541,7 +620,11 @@ func (f *Fs) sftpConnection(ctx context.Context) (c *conn, err error) {
 	c = &conn{
 		err: make(chan error, 1),
 	}
-	c.sshClient, err = f.dial(ctx, "tcp", f.opt.Host+":"+f.opt.Port, f.config)
+	if len(f.opt.SSH) == 0 {
+		c.sshClient, err = f.newSSHClientInternal(ctx, "tcp", f.opt.Host+":"+f.opt.Port, f.config)
+	} else {
+		c.sshClient, err = f.newSSHClientExternal()
+	}
 	if err != nil {
 		return nil, fmt.Errorf("couldn't connect SSH: %w", err)
 	}
@@ -555,7 +638,7 @@ func (f *Fs) sftpConnection(ctx context.Context) (c *conn, err error) {
 }
 
 // Set any environment variables on the ssh.Session
-func (f *Fs) setEnv(s *ssh.Session) error {
+func (f *Fs) setEnv(s sshSession) error {
 	for _, env := range f.opt.SetEnv {
 		equal := strings.IndexRune(env, '=')
 		if equal < 0 {
@@ -572,8 +655,8 @@ func (f *Fs) setEnv(s *ssh.Session) error {
 
 // Creates a new SFTP client on conn, using the specified subsystem
 // or sftp server, and zero or more option functions
-func (f *Fs) newSftpClient(conn *ssh.Client, opts ...sftp.ClientOption) (*sftp.Client, error) {
-	s, err := conn.NewSession()
+func (f *Fs) newSftpClient(client sshClient, opts ...sftp.ClientOption) (*sftp.Client, error) {
+	s, err := client.NewSession()
 	if err != nil {
 		return nil, err
 	}
@@ -646,6 +729,9 @@ func (f *Fs) getSftpConnection(ctx context.Context) (c *conn, err error) {
 // Getwd request
 func (f *Fs) putSftpConnection(pc **conn, err error) {
 	c := *pc
+	if !c.sshClient.CanReuse() {
+		return
+	}
 	*pc = nil
 	if err != nil {
 		// work out if this is an expected error
@@ -724,6 +810,10 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	if err != nil {
 		return nil, err
 	}
+	if len(opt.SSH) != 0 && ((opt.User != currentUser && opt.User != "") || opt.Host != "" || (opt.Port != "22" && opt.Port != "")) {
+		fs.Logf(name, "--sftp-ssh is in use - ignoring user/host/port from config - set in the parameters to --sftp-ssh (remove them from the config to silence this warning)")
+	}
+
 	if opt.User == "" {
 		opt.User = currentUser
 	}
@@ -739,6 +829,10 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		ClientVersion:   "SSH-2.0-" + f.ci.UserAgent,
 	}
 
+	if len(opt.HostKeyAlgorithms) != 0 {
+		sshConfig.HostKeyAlgorithms = []string(opt.HostKeyAlgorithms)
+	}
+
 	if opt.KnownHostsFile != "" {
 		hostcallback, err := knownhosts.New(env.ShellExpand(opt.KnownHostsFile))
 		if err != nil {
@@ -772,7 +866,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	pubkeyFile := env.ShellExpand(opt.PubKeyFile)
 	//keyPem := env.ShellExpand(opt.KeyPem)
 	// Add ssh agent-auth if no password or file or key PEM specified
-	if (opt.Pass == "" && keyFile == "" && !opt.AskPassword && opt.KeyPem == "") || opt.KeyUseAgent {
+	if (len(opt.SSH) == 0 && opt.Pass == "" && keyFile == "" && !opt.AskPassword && opt.KeyPem == "") || opt.KeyUseAgent {
 		sshAgentClient, _, err := sshagent.New()
 		if err != nil {
 			return nil, fmt.Errorf("couldn't connect to ssh-agent: %w", err)
@@ -782,10 +876,32 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 			return nil, fmt.Errorf("couldn't read ssh agent signers: %w", err)
 		}
 		if keyFile != "" {
+			// If `opt.KeyUseAgent` is false, then it's expected that `opt.KeyFile` contains the private key
+			// and `${opt.KeyFile}.pub` contains the public key.
+			//
+			// If `opt.KeyUseAgent` is true, then it's expected that `opt.KeyFile` contains the public key.
+			// This is how it works with openssh; the `IdentityFile` in openssh config points to the public key.
+			// It's not necessary to specify the public key explicitly when using ssh-agent, since openssh and rclone
+			// will try all the keys they find in the ssh-agent until they find one that works. But just like
+			// `IdentityFile` is used in openssh config to limit the search to one specific key, so does
+			// `opt.KeyFile` in rclone config limit the search to that specific key.
+			//
+			// However, previous versions of rclone would always expect to find the public key in
+			// `${opt.KeyFile}.pub` even if `opt.KeyUseAgent` was true. So for the sake of backward compatibility
+			// we still first attempt to read the public key from `${opt.KeyFile}.pub`. But if it fails with
+			// an `fs.ErrNotExist` then we also try to read the public key from `opt.KeyFile`.
 			pubBytes, err := os.ReadFile(keyFile + ".pub")
 			if err != nil {
-				return nil, fmt.Errorf("failed to read public key file: %w", err)
+				if errors.Is(err, iofs.ErrNotExist) && opt.KeyUseAgent {
+					pubBytes, err = os.ReadFile(keyFile)
+					if err != nil {
+						return nil, fmt.Errorf("failed to read public key file: %w", err)
+					}
+				} else {
+					return nil, fmt.Errorf("failed to read public key file: %w", err)
+				}
 			}
+
 			pub, _, _, _, err := ssh.ParseAuthorizedKey(pubBytes)
 			if err != nil {
 				return nil, fmt.Errorf("failed to parse public key file: %w", err)
@@ -807,8 +923,8 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		}
 	}
 
-	// Load key file if specified
-	if keyFile != "" || opt.KeyPem != "" {
+	// Load key file as a private key, if specified. This is only needed when not using an ssh agent.
+	if (keyFile != "" && !opt.KeyUseAgent) || opt.KeyPem != "" {
 		var key []byte
 		if opt.KeyPem == "" {
 			key, err = os.ReadFile(keyFile)
@@ -919,7 +1035,7 @@ func (f *Fs) keyboardInteractiveReponse(user, instruction string, questions []st
 // save it so on reconnection we give back the previous string.
 // This removes the ability to let the user correct a mistaken entry,
 // but means that reconnects are transparent.
-// We'll re-use config.Pass for this, 'cos we know it's not been
+// We'll reuse config.Pass for this, 'cos we know it's not been
 // specified.
 func (f *Fs) getPass() (string, error) {
 	for f.savedpswd == "" {
@@ -952,7 +1068,12 @@ func NewFsWithConnection(ctx context.Context, f *Fs, name string, root string, m
 	f.features = (&fs.Features{
 		CanHaveEmptyDirectories: true,
 		SlowHash:                true,
+		PartialUploads:          true,
 	}).Fill(ctx, f)
+	if !opt.CopyIsHardlink {
+		// Disable server side copy unless --sftp-copy-is-hardlink is set
+		f.features.Copy = nil
+	}
 	// Make a connection and pool it to return errors early
 	c, err := f.getSftpConnection(ctx)
 	if err != nil {
@@ -969,8 +1090,8 @@ func NewFsWithConnection(ctx context.Context, f *Fs, name string, root string, m
 			fs.Debugf(f, "Failed to get shell session for shell type detection command: %v", err)
 		} else {
 			var stdout, stderr bytes.Buffer
-			session.Stdout = &stdout
-			session.Stderr = &stderr
+			session.SetStdout(&stdout)
+			session.SetStderr(&stderr)
 			shellCmd := "echo ${ShellId}%ComSpec%"
 			fs.Debugf(f, "Running shell type detection remote command: %s", shellCmd)
 			err = session.Run(shellCmd)
@@ -1023,7 +1144,7 @@ func NewFsWithConnection(ctx context.Context, f *Fs, name string, root string, m
 		}
 	}
 	f.putSftpConnection(&c, err)
-	if root != "" {
+	if root != "" && !strings.HasSuffix(root, "/") {
 		// Check to see if the root is actually an existing file,
 		// and if so change the filesystem root to its parent directory.
 		oldAbsRoot := f.absRoot
@@ -1126,13 +1247,6 @@ func (f *Fs) dirExists(ctx context.Context, dir string) (bool, error) {
 // found.
 func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error) {
 	root := path.Join(f.absRoot, dir)
-	ok, err := f.dirExists(ctx, root)
-	if err != nil {
-		return nil, fmt.Errorf("List failed: %w", err)
-	}
-	if !ok {
-		return nil, fs.ErrorDirNotFound
-	}
 	sftpDir := root
 	if sftpDir == "" {
 		sftpDir = "."
@@ -1144,6 +1258,9 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 	infos, err := c.sftpClient.ReadDir(sftpDir)
 	f.putSftpConnection(&c, err)
 	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return nil, fs.ErrorDirNotFound
+		}
 		return nil, fmt.Errorf("error listing %q: %w", dir, err)
 	}
 	for _, info := range infos {
@@ -1287,10 +1404,17 @@ func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	if err != nil {
 		return nil, fmt.Errorf("Move: %w", err)
 	}
-	err = c.sftpClient.Rename(
-		srcObj.path(),
-		path.Join(f.absRoot, remote),
-	)
+	srcPath, dstPath := srcObj.path(), path.Join(f.absRoot, remote)
+	if _, ok := c.sftpClient.HasExtension("posix-rename@openssh.com"); ok {
+		err = c.sftpClient.PosixRename(srcPath, dstPath)
+	} else {
+		// If haven't got PosixRename then remove source first before renaming
+		err = c.sftpClient.Remove(dstPath)
+		if err != nil && !errors.Is(err, iofs.ErrNotExist) {
+			fs.Errorf(f, "Move: Failed to remove existing file %q: %v", dstPath, err)
+		}
+		err = c.sftpClient.Rename(srcPath, dstPath)
+	}
 	f.putSftpConnection(&c, err)
 	if err != nil {
 		return nil, fmt.Errorf("Move Rename failed: %w", err)
@@ -1302,6 +1426,43 @@ func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	return dstObj, nil
 }
 
+// Copy server side copies a remote sftp file object using hardlinks
+func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error) {
+	if !f.opt.CopyIsHardlink {
+		return nil, fs.ErrorCantCopy
+	}
+	srcObj, ok := src.(*Object)
+	if !ok {
+		fs.Debugf(src, "Can't copy - not same remote type")
+		return nil, fs.ErrorCantCopy
+	}
+	err := f.mkParentDir(ctx, remote)
+	if err != nil {
+		return nil, fmt.Errorf("Copy mkParentDir failed: %w", err)
+	}
+	c, err := f.getSftpConnection(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("Copy: %w", err)
+	}
+	srcPath, dstPath := srcObj.path(), path.Join(f.absRoot, remote)
+	err = c.sftpClient.Link(srcPath, dstPath)
+	f.putSftpConnection(&c, err)
+	if err != nil {
+		if sftpErr, ok := err.(*sftp.StatusError); ok {
+			if sftpErr.FxCode() == sftp.ErrSSHFxOpUnsupported {
+				// Remote doesn't support Link
+				return nil, fs.ErrorCantCopy
+			}
+		}
+		return nil, fmt.Errorf("Copy failed: %w", err)
+	}
+	dstObj, err := f.NewObject(ctx, remote)
+	if err != nil {
+		return nil, fmt.Errorf("Copy NewObject failed: %w", err)
+	}
+	return dstObj, nil
+}
+
 // DirMove moves src, srcRemote to this remote at dstRemote
 // using server-side move operations.
 //
@@ -1377,8 +1538,8 @@ func (f *Fs) run(ctx context.Context, cmd string) ([]byte, error) {
 	}()
 
 	var stdout, stderr bytes.Buffer
-	session.Stdout = &stdout
-	session.Stderr = &stderr
+	session.SetStdout(&stdout)
+	session.SetStderr(&stderr)
 
 	fs.Debugf(f, "Running remote command: %s", cmd)
 	err = session.Run(cmd)
@@ -1503,7 +1664,7 @@ func (f *Fs) About(ctx context.Context) (*fs.Usage, error) {
 		fs.Debugf(f, "About path %q", aboutPath)
 		vfsStats, err = c.sftpClient.StatVFS(aboutPath)
 	}
-	f.putSftpConnection(&c, err) // Return to pool asap, if running shell command below it will be re-used
+	f.putSftpConnection(&c, err) // Return to pool asap, if running shell command below it will be reused
 	if vfsStats != nil {
 		total := vfsStats.TotalSpace()
 		free := vfsStats.FreeSpace()
@@ -1685,6 +1846,9 @@ func (f *Fs) remotePath(remote string) string {
 func (f *Fs) remoteShellPath(remote string) string {
 	if f.opt.PathOverride != "" {
 		shellPath := path.Join(f.opt.PathOverride, remote)
+		if f.opt.PathOverride[0] == '@' {
+			shellPath = path.Join(strings.TrimPrefix(f.opt.PathOverride, "@"), f.absRoot, remote)
+		}
 		fs.Debugf(f, "Shell path redirected to %q with option path_override", shellPath)
 		return shellPath
 	}
@@ -1942,9 +2106,10 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	if err != nil {
 		return fmt.Errorf("Update: %w", err)
 	}
+	// Hang on to the connection for the whole upload so it doesn't get reused while we are uploading
 	file, err := c.sftpClient.OpenFile(o.path(), os.O_WRONLY|os.O_CREATE|os.O_TRUNC)
-	o.fs.putSftpConnection(&c, err)
 	if err != nil {
+		o.fs.putSftpConnection(&c, err)
 		return fmt.Errorf("Update Create failed: %w", err)
 	}
 	// remove the file if upload failed
@@ -1964,14 +2129,18 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	}
 	_, err = file.ReadFrom(&sizeReader{Reader: in, size: src.Size()})
 	if err != nil {
+		o.fs.putSftpConnection(&c, err)
 		remove()
 		return fmt.Errorf("Update ReadFrom failed: %w", err)
 	}
 	err = file.Close()
 	if err != nil {
+		o.fs.putSftpConnection(&c, err)
 		remove()
 		return fmt.Errorf("Update Close failed: %w", err)
 	}
+	// Release connection only when upload has finished so we don't upload multiple files on the same connection
+	o.fs.putSftpConnection(&c, err)
 
 	// Set the mod time - this stats the object if o.fs.opt.SetModTime == true
 	err = o.SetModTime(ctx, src.ModTime(ctx))
@@ -2013,6 +2182,7 @@ var (
 	_ fs.Fs          = &Fs{}
 	_ fs.PutStreamer = &Fs{}
 	_ fs.Mover       = &Fs{}
+	_ fs.Copier      = &Fs{}
 	_ fs.DirMover    = &Fs{}
 	_ fs.Abouter     = &Fs{}
 	_ fs.Shutdowner  = &Fs{}
diff --git a/backend/sftp/sftp_test.go b/backend/sftp/sftp_test.go
index 89a2679221328..c5ee136a5ba6a 100644
--- a/backend/sftp/sftp_test.go
+++ b/backend/sftp/sftp_test.go
@@ -30,3 +30,13 @@ func TestIntegration2(t *testing.T) {
 		NilObject:  (*sftp.Object)(nil),
 	})
 }
+
+func TestIntegration3(t *testing.T) {
+	if *fstest.RemoteName != "" {
+		t.Skip("skipping as -remote is set")
+	}
+	fstests.Run(t, &fstests.Opt{
+		RemoteName: "TestSFTPRcloneSSH:",
+		NilObject:  (*sftp.Object)(nil),
+	})
+}
diff --git a/backend/sftp/ssh.go b/backend/sftp/ssh.go
new file mode 100644
index 0000000000000..4c6e65aca0e19
--- /dev/null
+++ b/backend/sftp/ssh.go
@@ -0,0 +1,73 @@
+//go:build !plan9
+// +build !plan9
+
+package sftp
+
+import "io"
+
+// Interfaces for ssh client and session implemented in ssh_internal.go and ssh_external.go
+
+// An interface for an ssh client to abstract over internal ssh library and external binary
+type sshClient interface {
+	// Wait blocks until the connection has shut down, and returns the
+	// error causing the shutdown.
+	Wait() error
+
+	// SendKeepAlive sends a keepalive message to keep the connection open
+	SendKeepAlive()
+
+	// Close the connection
+	Close() error
+
+	// NewSession opens a new sshSession for this sshClient. (A
+	// session is a remote execution of a program.)
+	NewSession() (sshSession, error)
+
+	// CanReuse indicates if this client can be reused
+	CanReuse() bool
+}
+
+// An interface for an ssh session to abstract over internal ssh library and external binary
+type sshSession interface {
+	// Setenv sets an environment variable that will be applied to any
+	// command executed by Shell or Run.
+	Setenv(name, value string) error
+
+	// Start runs cmd on the remote host. Typically, the remote
+	// server passes cmd to the shell for interpretation.
+	// A Session only accepts one call to Run, Start or Shell.
+	Start(cmd string) error
+
+	// StdinPipe returns a pipe that will be connected to the
+	// remote command's standard input when the command starts.
+	StdinPipe() (io.WriteCloser, error)
+
+	// StdoutPipe returns a pipe that will be connected to the
+	// remote command's standard output when the command starts.
+	// There is a fixed amount of buffering that is shared between
+	// stdout and stderr streams. If the StdoutPipe reader is
+	// not serviced fast enough it may eventually cause the
+	// remote command to block.
+	StdoutPipe() (io.Reader, error)
+
+	// RequestSubsystem requests the association of a subsystem
+	// with the session on the remote host. A subsystem is a
+	// predefined command that runs in the background when the ssh
+	// session is initiated
+	RequestSubsystem(subsystem string) error
+
+	// Run runs cmd on the remote host. Typically, the remote
+	// server passes cmd to the shell for interpretation.
+	// A Session only accepts one call to Run, Start, Shell, Output,
+	// or CombinedOutput.
+	Run(cmd string) error
+
+	// Close the session
+	Close() error
+
+	// Set the stdout
+	SetStdout(io.Writer)
+
+	// Set the stderr
+	SetStderr(io.Writer)
+}
diff --git a/backend/sftp/ssh_external.go b/backend/sftp/ssh_external.go
new file mode 100644
index 0000000000000..0ac5e6539f794
--- /dev/null
+++ b/backend/sftp/ssh_external.go
@@ -0,0 +1,223 @@
+//go:build !plan9
+// +build !plan9
+
+package sftp
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+
+	"github.com/rclone/rclone/fs"
+)
+
+// Implement the sshClient interface for external ssh programs
+type sshClientExternal struct {
+	f       *Fs
+	session *sshSessionExternal
+}
+
+func (f *Fs) newSSHClientExternal() (sshClient, error) {
+	return &sshClientExternal{f: f}, nil
+}
+
+// Wait for connection to close
+func (s *sshClientExternal) Wait() error {
+	if s.session == nil {
+		return nil
+	}
+	return s.session.Wait()
+}
+
+// Send a keepalive over the ssh connection
+func (s *sshClientExternal) SendKeepAlive() {
+	// Up to the user to configure -o ServerAliveInterval=20 on their ssh connections
+}
+
+// Close the connection
+func (s *sshClientExternal) Close() error {
+	if s.session == nil {
+		return nil
+	}
+	return s.session.Close()
+}
+
+// NewSession makes a new external SSH connection
+func (s *sshClientExternal) NewSession() (sshSession, error) {
+	session := s.f.newSSHSessionExternal()
+	if s.session == nil {
+		fs.Debugf(s.f, "ssh external: creating additional session")
+	}
+	return session, nil
+}
+
+// CanReuse indicates if this client can be reused
+func (s *sshClientExternal) CanReuse() bool {
+	if s.session == nil {
+		return true
+	}
+	exited := s.session.exited()
+	canReuse := !exited && s.session.runningSFTP
+	// fs.Debugf(s.f, "ssh external: CanReuse %v, exited=%v runningSFTP=%v", canReuse, exited, s.session.runningSFTP)
+	return canReuse
+}
+
+// Check interfaces
+var _ sshClient = &sshClientExternal{}
+
+// implement the sshSession interface for external ssh binary
+type sshSessionExternal struct {
+	f           *Fs
+	cmd         *exec.Cmd
+	cancel      func()
+	startCalled bool
+	runningSFTP bool
+}
+
+func (f *Fs) newSSHSessionExternal() *sshSessionExternal {
+	s := &sshSessionExternal{
+		f: f,
+	}
+
+	// Make a cancellation function for this to call in Close()
+	ctx, cancel := context.WithCancel(context.Background())
+	s.cancel = cancel
+
+	// Connect to a remote host and request the sftp subsystem via
+	// the 'ssh' command. This assumes that passwordless login is
+	// correctly configured.
+	ssh := append([]string(nil), s.f.opt.SSH...)
+	s.cmd = exec.CommandContext(ctx, ssh[0], ssh[1:]...)
+
+	// Allow the command a short time only to shut down
+	// FIXME enable when we get rid of go1.19
+	// s.cmd.WaitDelay = time.Second
+
+	return s
+}
+
+// Setenv sets an environment variable that will be applied to any
+// command executed by Shell or Run.
+func (s *sshSessionExternal) Setenv(name, value string) error {
+	return errors.New("ssh external: can't set environment variables")
+}
+
+const requestSubsystem = "***Subsystem***:"
+
+// Start runs cmd on the remote host. Typically, the remote
+// server passes cmd to the shell for interpretation.
+// A Session only accepts one call to Run, Start or Shell.
+func (s *sshSessionExternal) Start(cmd string) error {
+	if s.startCalled {
+		return errors.New("internal error: ssh external: command already running")
+	}
+	s.startCalled = true
+
+	// Adjust the args
+	if strings.HasPrefix(cmd, requestSubsystem) {
+		s.cmd.Args = append(s.cmd.Args, "-s", cmd[len(requestSubsystem):])
+		s.runningSFTP = true
+	} else {
+		s.cmd.Args = append(s.cmd.Args, cmd)
+		s.runningSFTP = false
+	}
+
+	fs.Debugf(s.f, "ssh external: running: %v", fs.SpaceSepList(s.cmd.Args))
+
+	// start the process
+	err := s.cmd.Start()
+	if err != nil {
+		return fmt.Errorf("ssh external: start process: %w", err)
+	}
+
+	return nil
+}
+
+// RequestSubsystem requests the association of a subsystem
+// with the session on the remote host. A subsystem is a
+// predefined command that runs in the background when the ssh
+// session is initiated
+func (s *sshSessionExternal) RequestSubsystem(subsystem string) error {
+	return s.Start(requestSubsystem + subsystem)
+}
+
+// StdinPipe returns a pipe that will be connected to the
+// remote command's standard input when the command starts.
+func (s *sshSessionExternal) StdinPipe() (io.WriteCloser, error) {
+	rd, err := s.cmd.StdinPipe()
+	if err != nil {
+		return nil, fmt.Errorf("ssh external: stdin pipe: %w", err)
+	}
+	return rd, nil
+}
+
+// StdoutPipe returns a pipe that will be connected to the
+// remote command's standard output when the command starts.
+// There is a fixed amount of buffering that is shared between
+// stdout and stderr streams. If the StdoutPipe reader is
+// not serviced fast enough it may eventually cause the
+// remote command to block.
+func (s *sshSessionExternal) StdoutPipe() (io.Reader, error) {
+	wr, err := s.cmd.StdoutPipe()
+	if err != nil {
+		return nil, fmt.Errorf("ssh external: stdout pipe: %w", err)
+	}
+	return wr, nil
+}
+
+// Return whether the command has finished or not
+func (s *sshSessionExternal) exited() bool {
+	return s.cmd.ProcessState != nil
+}
+
+// Wait for the command to exit
+func (s *sshSessionExternal) Wait() error {
+	if s.exited() {
+		return nil
+	}
+	err := s.cmd.Wait()
+	if err == nil {
+		fs.Debugf(s.f, "ssh external: command exited OK")
+	} else {
+		fs.Debugf(s.f, "ssh external: command exited with error: %v", err)
+	}
+	return err
+}
+
+// Run runs cmd on the remote host. Typically, the remote
+// server passes cmd to the shell for interpretation.
+// A Session only accepts one call to Run, Start, Shell, Output,
+// or CombinedOutput.
+func (s *sshSessionExternal) Run(cmd string) error {
+	err := s.Start(cmd)
+	if err != nil {
+		return err
+	}
+	return s.Wait()
+}
+
+// Close the external ssh
+func (s *sshSessionExternal) Close() error {
+	fs.Debugf(s.f, "ssh external: close")
+	// Cancel the context which kills the process
+	s.cancel()
+	// Wait for it to finish
+	_ = s.Wait()
+	return nil
+}
+
+// Set the stdout
+func (s *sshSessionExternal) SetStdout(wr io.Writer) {
+	s.cmd.Stdout = wr
+}
+
+// Set the stderr
+func (s *sshSessionExternal) SetStderr(wr io.Writer) {
+	s.cmd.Stderr = wr
+}
+
+// Check interfaces
+var _ sshSession = &sshSessionExternal{}
diff --git a/backend/sftp/ssh_internal.go b/backend/sftp/ssh_internal.go
new file mode 100644
index 0000000000000..2352601e3d2ef
--- /dev/null
+++ b/backend/sftp/ssh_internal.go
@@ -0,0 +1,101 @@
+//go:build !plan9
+// +build !plan9
+
+package sftp
+
+import (
+	"context"
+	"io"
+	"net"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/fshttp"
+	"github.com/rclone/rclone/lib/proxy"
+	"golang.org/x/crypto/ssh"
+)
+
+// Internal ssh connections with "golang.org/x/crypto/ssh"
+
+type sshClientInternal struct {
+	srv *ssh.Client
+}
+
+// newSSHClientInternal starts a client connection to the given SSH server. It is a
+// convenience function that connects to the given network address,
+// initiates the SSH handshake, and then sets up a Client.
+func (f *Fs) newSSHClientInternal(ctx context.Context, network, addr string, sshConfig *ssh.ClientConfig) (sshClient, error) {
+
+	baseDialer := fshttp.NewDialer(ctx)
+	var (
+		conn net.Conn
+		err  error
+	)
+	if f.opt.SocksProxy != "" {
+		conn, err = proxy.SOCKS5Dial(network, addr, f.opt.SocksProxy, baseDialer)
+	} else {
+		conn, err = baseDialer.Dial(network, addr)
+	}
+	if err != nil {
+		return nil, err
+	}
+	c, chans, reqs, err := ssh.NewClientConn(conn, addr, sshConfig)
+	if err != nil {
+		return nil, err
+	}
+	fs.Debugf(f, "New connection %s->%s to %q", c.LocalAddr(), c.RemoteAddr(), c.ServerVersion())
+	srv := ssh.NewClient(c, chans, reqs)
+	return sshClientInternal{srv}, nil
+}
+
+// Wait for connection to close
+func (s sshClientInternal) Wait() error {
+	return s.srv.Conn.Wait()
+}
+
+// Send a keepalive over the ssh connection
+func (s sshClientInternal) SendKeepAlive() {
+	_, _, err := s.srv.SendRequest("keepalive@openssh.com", true, nil)
+	if err != nil {
+		fs.Debugf(nil, "Failed to send keep alive: %v", err)
+	}
+}
+
+// Close the connection
+func (s sshClientInternal) Close() error {
+	return s.srv.Close()
+}
+
+// CanReuse indicates if this client can be reused
+func (s sshClientInternal) CanReuse() bool {
+	return true
+}
+
+// Check interfaces
+var _ sshClient = sshClientInternal{}
+
+// Thin wrapper for *ssh.Session to implement sshSession interface
+type sshSessionInternal struct {
+	*ssh.Session
+}
+
+// Set the stdout
+func (s sshSessionInternal) SetStdout(wr io.Writer) {
+	s.Session.Stdout = wr
+}
+
+// Set the stderr
+func (s sshSessionInternal) SetStderr(wr io.Writer) {
+	s.Session.Stderr = wr
+}
+
+// NewSession makes an sshSession from an sshClient
+func (s sshClientInternal) NewSession() (sshSession, error) {
+	session, err := s.srv.NewSession()
+	if err != nil {
+		return nil, err
+	}
+	return sshSessionInternal{Session: session}, nil
+}
+
+// Check interfaces
+var _ sshSession = sshSessionInternal{}
diff --git a/backend/sharefile/sharefile.go b/backend/sharefile/sharefile.go
index 11bbefa6a85c5..92e6180104918 100644
--- a/backend/sharefile/sharefile.go
+++ b/backend/sharefile/sharefile.go
@@ -155,7 +155,7 @@ func init() {
 				CheckAuth:    checkAuth,
 			})
 		},
-		Options: []fs.Option{{
+		Options: append(oauthutil.SharedOptions, []fs.Option{{
 			Name:     "upload_cutoff",
 			Help:     "Cutoff for switching to multipart upload.",
 			Default:  defaultUploadCutoff,
@@ -182,6 +182,7 @@ standard values here or any folder ID (long hex number ID).`,
 				Value: "top",
 				Help:  "Access the home, favorites, and shared folders as well as the connectors.",
 			}},
+			Sensitive: true,
 		}, {
 			Name:    "chunk_size",
 			Default: defaultChunkSize,
@@ -216,7 +217,7 @@ be set manually to something like: https://XXX.sharefile.com
 				encoder.EncodeLeftSpace |
 				encoder.EncodeLeftPeriod |
 				encoder.EncodeInvalidUtf8),
-		}},
+		}}...),
 	})
 }
 
@@ -775,8 +776,13 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 	}
 }
 
-// PutStream uploads to the remote path with the modTime given of indeterminate size
-func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
+// FIXMEPutStream uploads to the remote path with the modTime given of indeterminate size
+//
+// PutStream no longer appears to work - the streamed uploads need the
+// size specified at the start otherwise we get this error:
+//
+//	upload failed: file size does not match (-2)
+func (f *Fs) FIXMEPutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
 	return f.Put(ctx, in, src, options...)
 }
 
@@ -1453,12 +1459,12 @@ func (o *Object) ID() string {
 
 // Check the interfaces are satisfied
 var (
-	_ fs.Fs              = (*Fs)(nil)
-	_ fs.Purger          = (*Fs)(nil)
-	_ fs.Mover           = (*Fs)(nil)
-	_ fs.DirMover        = (*Fs)(nil)
-	_ fs.Copier          = (*Fs)(nil)
-	_ fs.PutStreamer     = (*Fs)(nil)
+	_ fs.Fs       = (*Fs)(nil)
+	_ fs.Purger   = (*Fs)(nil)
+	_ fs.Mover    = (*Fs)(nil)
+	_ fs.DirMover = (*Fs)(nil)
+	_ fs.Copier   = (*Fs)(nil)
+	// _ fs.PutStreamer     = (*Fs)(nil)
 	_ fs.DirCacheFlusher = (*Fs)(nil)
 	_ fs.Object          = (*Object)(nil)
 	_ fs.IDer            = (*Object)(nil)
diff --git a/backend/sia/sia.go b/backend/sia/sia.go
index b86faae61d59a..5d6c92f2d61f9 100644
--- a/backend/sia/sia.go
+++ b/backend/sia/sia.go
@@ -45,7 +45,8 @@ func init() {
 
 Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
 Keep default if Sia daemon runs on localhost.`,
-			Default: "http://127.0.0.1:9980",
+			Default:   "http://127.0.0.1:9980",
+			Sensitive: true,
 		}, {
 			Name: "api_password",
 			Help: `Sia Daemon API Password.
diff --git a/backend/smb/connpool.go b/backend/smb/connpool.go
index 7ac5803905947..a34e84f291d73 100644
--- a/backend/smb/connpool.go
+++ b/backend/smb/connpool.go
@@ -4,10 +4,9 @@ import (
 	"context"
 	"fmt"
 	"net"
-	"sync/atomic"
 	"time"
 
-	smb2 "github.com/hirochachacha/go-smb2"
+	smb2 "github.com/cloudsoda/go-smb2"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/accounting"
 	"github.com/rclone/rclone/fs/config/obscure"
@@ -89,26 +88,26 @@ func (c *conn) closed() bool {
 //
 // Call removeSession() when done
 func (f *Fs) addSession() {
-	atomic.AddInt32(&f.sessions, 1)
+	f.sessions.Add(1)
 }
 
 // Show the SMB session is no longer in use
 func (f *Fs) removeSession() {
-	atomic.AddInt32(&f.sessions, -1)
+	f.sessions.Add(-1)
 }
 
 // getSessions shows whether there are any sessions in use
 func (f *Fs) getSessions() int32 {
-	return atomic.LoadInt32(&f.sessions)
+	return f.sessions.Load()
 }
 
 // Open a new connection to the SMB server.
 func (f *Fs) newConnection(ctx context.Context, share string) (c *conn, err error) {
 	// As we are pooling these connections we need to decouple
 	// them from the current context
-	ctx = context.Background()
+	bgCtx := context.Background()
 
-	c, err = f.dial(ctx, "tcp", f.opt.Host+":"+f.opt.Port)
+	c, err = f.dial(bgCtx, "tcp", f.opt.Host+":"+f.opt.Port)
 	if err != nil {
 		return nil, fmt.Errorf("couldn't connect SMB: %w", err)
 	}
@@ -119,7 +118,7 @@ func (f *Fs) newConnection(ctx context.Context, share string) (c *conn, err erro
 			_ = c.smbSession.Logoff()
 			return nil, fmt.Errorf("couldn't initialize SMB: %w", err)
 		}
-		c.smbShare = c.smbShare.WithContext(ctx)
+		c.smbShare = c.smbShare.WithContext(bgCtx)
 	}
 	return c, nil
 }
diff --git a/backend/smb/smb.go b/backend/smb/smb.go
index e3fa0e6661a06..37ac065545a64 100644
--- a/backend/smb/smb.go
+++ b/backend/smb/smb.go
@@ -9,6 +9,7 @@ import (
 	"path"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/rclone/rclone/fs"
@@ -41,13 +42,15 @@ func init() {
 		NewFs:       NewFs,
 
 		Options: []fs.Option{{
-			Name:     "host",
-			Help:     "SMB server hostname to connect to.\n\nE.g. \"example.com\".",
-			Required: true,
+			Name:      "host",
+			Help:      "SMB server hostname to connect to.\n\nE.g. \"example.com\".",
+			Required:  true,
+			Sensitive: true,
 		}, {
-			Name:    "user",
-			Help:    "SMB username.",
-			Default: currentUser,
+			Name:      "user",
+			Help:      "SMB username.",
+			Default:   currentUser,
+			Sensitive: true,
 		}, {
 			Name:    "port",
 			Help:    "SMB port number.",
@@ -57,9 +60,10 @@ func init() {
 			Help:       "SMB password.",
 			IsPassword: true,
 		}, {
-			Name:    "domain",
-			Help:    "Domain name for NTLM authentication.",
-			Default: "WORKGROUP",
+			Name:      "domain",
+			Help:      "Domain name for NTLM authentication.",
+			Default:   "WORKGROUP",
+			Sensitive: true,
 		}, {
 			Name: "spn",
 			Help: `Service principal name.
@@ -71,6 +75,7 @@ authentication, and it often needs to be set for clusters. For example:
 
 Leave blank if not sure.
 `,
+			Sensitive: true,
 		}, {
 			Name:    "idle_timeout",
 			Default: fs.Duration(60 * time.Second),
@@ -136,7 +141,7 @@ type Fs struct {
 	features *fs.Features // optional features
 	pacer    *fs.Pacer    // pacer for operations
 
-	sessions int32
+	sessions atomic.Int32
 	poolMu   sync.Mutex
 	pool     []*conn
 	drain    *time.Timer // used to drain the pool when we stop using the connections
@@ -172,6 +177,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		CaseInsensitive:         opt.CaseInsensitive,
 		CanHaveEmptyDirectories: true,
 		BucketBased:             true,
+		PartialUploads:          true,
 	}).Fill(ctx, f)
 
 	f.pacer = fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant)))
@@ -447,7 +453,8 @@ func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err e
 func (f *Fs) About(ctx context.Context) (_ *fs.Usage, err error) {
 	share, dir := f.split("/")
 	if share == "" {
-		return nil, fs.ErrorListBucketRequired
+		// Just return empty info rather than an error if called on the root
+		return &fs.Usage{}, nil
 	}
 	dir = f.toSambaPath(dir)
 
@@ -470,6 +477,45 @@ func (f *Fs) About(ctx context.Context) (_ *fs.Usage, err error) {
 	return usage, nil
 }
 
+// OpenWriterAt opens with a handle for random access writes
+//
+// Pass in the remote desired and the size if known.
+//
+// It truncates any existing object
+func (f *Fs) OpenWriterAt(ctx context.Context, remote string, size int64) (fs.WriterAtCloser, error) {
+	var err error
+	o := &Object{
+		fs:     f,
+		remote: remote,
+	}
+	share, filename := o.split()
+	if share == "" || filename == "" {
+		return nil, fs.ErrorIsDir
+	}
+
+	err = o.fs.ensureDirectory(ctx, share, filename)
+	if err != nil {
+		return nil, fmt.Errorf("failed to make parent directories: %w", err)
+	}
+
+	filename = o.fs.toSambaPath(filename)
+
+	o.fs.addSession() // Show session in use
+	defer o.fs.removeSession()
+
+	cn, err := o.fs.getConnection(ctx, share)
+	if err != nil {
+		return nil, err
+	}
+
+	fl, err := cn.smbShare.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o644)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open: %w", err)
+	}
+
+	return fl, nil
+}
+
 // Shutdown the backend, closing any background tasks and any
 // cached connections.
 func (f *Fs) Shutdown(ctx context.Context) error {
diff --git a/backend/storj/fs.go b/backend/storj/fs.go
index cd36db6f221ff..1200c40d6466f 100644
--- a/backend/storj/fs.go
+++ b/backend/storj/fs.go
@@ -98,9 +98,10 @@ func init() {
 				},
 				}},
 			{
-				Name:     "access_grant",
-				Help:     "Access grant.",
-				Provider: "existing",
+				Name:      "access_grant",
+				Help:      "Access grant.",
+				Provider:  "existing",
+				Sensitive: true,
 			},
 			{
 				Name:     "satellite_address",
@@ -120,14 +121,16 @@ func init() {
 				},
 			},
 			{
-				Name:     "api_key",
-				Help:     "API key.",
-				Provider: newProvider,
+				Name:      "api_key",
+				Help:      "API key.",
+				Provider:  newProvider,
+				Sensitive: true,
 			},
 			{
-				Name:     "passphrase",
-				Help:     "Encryption passphrase.\n\nTo access existing objects enter passphrase used for uploading.",
-				Provider: newProvider,
+				Name:      "passphrase",
+				Help:      "Encryption passphrase.\n\nTo access existing objects enter passphrase used for uploading.",
+				Provider:  newProvider,
+				Sensitive: true,
 			},
 		},
 	})
@@ -528,7 +531,11 @@ func (f *Fs) NewObject(ctx context.Context, relative string) (_ fs.Object, err e
 // May create the object even if it returns an error - if so will return the
 // object and the error, otherwise will return nil and the error
 func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (_ fs.Object, err error) {
-	fs.Debugf(f, "cp input ./%s # %+v %d", src.Remote(), options, src.Size())
+	return f.put(ctx, in, src, src.Remote(), options...)
+}
+
+func (f *Fs) put(ctx context.Context, in io.Reader, src fs.ObjectInfo, remote string, options ...fs.OpenOption) (_ fs.Object, err error) {
+	fs.Debugf(f, "cp input ./%s # %+v %d", remote, options, src.Size())
 
 	// Reject options we don't support.
 	for _, option := range options {
@@ -539,7 +546,7 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 		}
 	}
 
-	bucketName, bucketPath := f.absolute(src.Remote())
+	bucketName, bucketPath := f.absolute(remote)
 
 	upload, err := f.project.UploadObject(ctx, bucketName, bucketPath, nil)
 	if err != nil {
@@ -549,7 +556,7 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 		if err != nil {
 			aerr := upload.Abort()
 			if aerr != nil && !errors.Is(aerr, uplink.ErrUploadDone) {
-				fs.Errorf(f, "cp input ./%s %+v: %+v", src.Remote(), options, aerr)
+				fs.Errorf(f, "cp input ./%s %+v: %+v", remote, options, aerr)
 			}
 		}
 	}()
@@ -574,7 +581,7 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 		}
 
 		err = fserrors.RetryError(err)
-		fs.Errorf(f, "cp input ./%s %+v: %+v\n", src.Remote(), options, err)
+		fs.Errorf(f, "cp input ./%s %+v: %+v\n", remote, options, err)
 
 		return nil, err
 	}
@@ -589,11 +596,19 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 				return nil, err
 			}
 			err = fserrors.RetryError(errors.New("bucket was not available, now created, the upload must be retried"))
+		} else if errors.Is(err, uplink.ErrTooManyRequests) {
+			// Storj has a rate limit of 1 per second of uploading to the same file.
+			// This produces ErrTooManyRequests here, so we wait 1 second and retry.
+			//
+			// See: https://github.com/storj/uplink/issues/149
+			fs.Debugf(f, "uploading too fast - sleeping for 1 second: %v", err)
+			time.Sleep(time.Second)
+			err = fserrors.RetryError(err)
 		}
 		return nil, err
 	}
 
-	return newObjectFromUplink(f, src.Remote(), upload.Info()), nil
+	return newObjectFromUplink(f, remote, upload.Info()), nil
 }
 
 // PutStream uploads to the remote path with the modTime given of indeterminate
diff --git a/backend/storj/object.go b/backend/storj/object.go
index 9bb6e67cc4a3a..ea85026afd5ea 100644
--- a/backend/storj/object.go
+++ b/backend/storj/object.go
@@ -176,9 +176,9 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (_ io.ReadC
 // But for unknown-sized objects (indicated by src.Size() == -1), Upload should either
 // return an error or update the object properly (rather than e.g. calling panic).
 func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
-	fs.Debugf(o, "cp input ./%s %+v", src.Remote(), options)
+	fs.Debugf(o, "cp input ./%s %+v", o.Remote(), options)
 
-	oNew, err := o.fs.Put(ctx, in, src, options...)
+	oNew, err := o.fs.put(ctx, in, src, o.Remote(), options...)
 
 	if err == nil {
 		*o = *(oNew.(*Object))
diff --git a/backend/sugarsync/sugarsync.go b/backend/sugarsync/sugarsync.go
index 1676c09492ea6..da51436433a82 100644
--- a/backend/sugarsync/sugarsync.go
+++ b/backend/sugarsync/sugarsync.go
@@ -132,42 +132,50 @@ func init() {
 			}
 			return nil, fmt.Errorf("unknown state %q", config.State)
 		}, Options: []fs.Option{{
-			Name: "app_id",
-			Help: "Sugarsync App ID.\n\nLeave blank to use rclone's.",
+			Name:      "app_id",
+			Help:      "Sugarsync App ID.\n\nLeave blank to use rclone's.",
+			Sensitive: true,
 		}, {
-			Name: "access_key_id",
-			Help: "Sugarsync Access Key ID.\n\nLeave blank to use rclone's.",
+			Name:      "access_key_id",
+			Help:      "Sugarsync Access Key ID.\n\nLeave blank to use rclone's.",
+			Sensitive: true,
 		}, {
-			Name: "private_access_key",
-			Help: "Sugarsync Private Access Key.\n\nLeave blank to use rclone's.",
+			Name:      "private_access_key",
+			Help:      "Sugarsync Private Access Key.\n\nLeave blank to use rclone's.",
+			Sensitive: true,
 		}, {
 			Name:    "hard_delete",
 			Help:    "Permanently delete files if true\notherwise put them in the deleted files.",
 			Default: false,
 		}, {
-			Name:     "refresh_token",
-			Help:     "Sugarsync refresh token.\n\nLeave blank normally, will be auto configured by rclone.",
-			Advanced: true,
+			Name:      "refresh_token",
+			Help:      "Sugarsync refresh token.\n\nLeave blank normally, will be auto configured by rclone.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
-			Name:     "authorization",
-			Help:     "Sugarsync authorization.\n\nLeave blank normally, will be auto configured by rclone.",
-			Advanced: true,
+			Name:      "authorization",
+			Help:      "Sugarsync authorization.\n\nLeave blank normally, will be auto configured by rclone.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:     "authorization_expiry",
 			Help:     "Sugarsync authorization expiry.\n\nLeave blank normally, will be auto configured by rclone.",
 			Advanced: true,
 		}, {
-			Name:     "user",
-			Help:     "Sugarsync user.\n\nLeave blank normally, will be auto configured by rclone.",
-			Advanced: true,
+			Name:      "user",
+			Help:      "Sugarsync user.\n\nLeave blank normally, will be auto configured by rclone.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
-			Name:     "root_id",
-			Help:     "Sugarsync root id.\n\nLeave blank normally, will be auto configured by rclone.",
-			Advanced: true,
+			Name:      "root_id",
+			Help:      "Sugarsync root id.\n\nLeave blank normally, will be auto configured by rclone.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
-			Name:     "deleted_id",
-			Help:     "Sugarsync deleted folder id.\n\nLeave blank normally, will be auto configured by rclone.",
-			Advanced: true,
+			Name:      "deleted_id",
+			Help:      "Sugarsync deleted folder id.\n\nLeave blank normally, will be auto configured by rclone.",
+			Advanced:  true,
+			Sensitive: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
diff --git a/backend/swift/swift.go b/backend/swift/swift.go
index 9ee5c76128d82..6fbd740ec0c3a 100644
--- a/backend/swift/swift.go
+++ b/backend/swift/swift.go
@@ -8,7 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net/url"
 	"path"
 	"strconv"
 	"strings"
@@ -101,7 +100,7 @@ but other operations such as Remove and Copy will fail.
 func init() {
 	fs.Register(&fs.RegInfo{
 		Name:        "swift",
-		Description: "OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)",
+		Description: "OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)",
 		NewFs:       NewFs,
 		Options: append([]fs.Option{{
 			Name:    "env_auth",
@@ -117,11 +116,13 @@ func init() {
 				},
 			},
 		}, {
-			Name: "user",
-			Help: "User name to log in (OS_USERNAME).",
+			Name:      "user",
+			Help:      "User name to log in (OS_USERNAME).",
+			Sensitive: true,
 		}, {
-			Name: "key",
-			Help: "API key or password (OS_PASSWORD).",
+			Name:      "key",
+			Help:      "API key or password (OS_PASSWORD).",
+			Sensitive: true,
 		}, {
 			Name: "auth",
 			Help: "Authentication URL for server (OS_AUTH_URL).",
@@ -143,22 +144,30 @@ func init() {
 			}, {
 				Value: "https://auth.cloud.ovh.net/v3",
 				Help:  "OVH",
+			}, {
+				Value: "https://authenticate.ain.net",
+				Help:  "Blomp Cloud Storage",
 			}},
 		}, {
-			Name: "user_id",
-			Help: "User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).",
+			Name:      "user_id",
+			Help:      "User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).",
+			Sensitive: true,
 		}, {
-			Name: "domain",
-			Help: "User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)",
+			Name:      "domain",
+			Help:      "User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)",
+			Sensitive: true,
 		}, {
-			Name: "tenant",
-			Help: "Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).",
+			Name:      "tenant",
+			Help:      "Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).",
+			Sensitive: true,
 		}, {
-			Name: "tenant_id",
-			Help: "Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).",
+			Name:      "tenant_id",
+			Help:      "Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).",
+			Sensitive: true,
 		}, {
-			Name: "tenant_domain",
-			Help: "Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).",
+			Name:      "tenant_domain",
+			Help:      "Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).",
+			Sensitive: true,
 		}, {
 			Name: "region",
 			Help: "Region name - optional (OS_REGION_NAME).",
@@ -166,17 +175,21 @@ func init() {
 			Name: "storage_url",
 			Help: "Storage URL - optional (OS_STORAGE_URL).",
 		}, {
-			Name: "auth_token",
-			Help: "Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).",
+			Name:      "auth_token",
+			Help:      "Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).",
+			Sensitive: true,
 		}, {
-			Name: "application_credential_id",
-			Help: "Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).",
+			Name:      "application_credential_id",
+			Help:      "Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).",
+			Sensitive: true,
 		}, {
-			Name: "application_credential_name",
-			Help: "Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).",
+			Name:      "application_credential_name",
+			Help:      "Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).",
+			Sensitive: true,
 		}, {
-			Name: "application_credential_secret",
-			Help: "Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).",
+			Name:      "application_credential_secret",
+			Help:      "Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).",
+			Sensitive: true,
 		}, {
 			Name:    "auth_version",
 			Help:    "AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION).",
@@ -548,7 +561,7 @@ func (f *Fs) newObjectWithInfo(ctx context.Context, remote string, info *swift.O
 	// returned as 0 bytes in the listing.  Correct this here by
 	// making sure we read the full metadata for all 0 byte files.
 	// We don't read the metadata for directory marker objects.
-	if info != nil && info.Bytes == 0 && info.ContentType != "application/directory" {
+	if info != nil && info.Bytes == 0 && info.ContentType != "application/directory" && !o.fs.opt.NoLargeObjects {
 		err := o.readMetaData(ctx) // reads info and headers, returning an error
 		if err == fs.ErrorObjectNotFound {
 			// We have a dangling large object here so just return the original metadata
@@ -1328,23 +1341,6 @@ func (o *Object) removeSegmentsLargeObject(ctx context.Context, containerSegment
 	return nil
 }
 
-func (o *Object) getSegmentsDlo(ctx context.Context) (segmentsContainer string, prefix string, err error) {
-	if err = o.readMetaData(ctx); err != nil {
-		return
-	}
-	dirManifest := o.headers["X-Object-Manifest"]
-	dirManifest, err = url.PathUnescape(dirManifest)
-	if err != nil {
-		return
-	}
-	delimiter := strings.Index(dirManifest, "/")
-	if len(dirManifest) == 0 || delimiter < 0 {
-		err = errors.New("missing or wrong structure of manifest of Dynamic large object")
-		return
-	}
-	return dirManifest[:delimiter], dirManifest[delimiter+1:], nil
-}
-
 // urlEncode encodes a string so that it is a valid URL
 //
 // We don't use any of Go's standard methods as we need `/` not
@@ -1576,6 +1572,10 @@ func (o *Object) Remove(ctx context.Context) (err error) {
 	// Remove file/manifest first
 	err = o.fs.pacer.Call(func() (bool, error) {
 		err = o.fs.c.ObjectDelete(ctx, container, containerPath)
+		if err == swift.ObjectNotFound {
+			fs.Errorf(o, "Dangling object - ignoring: %v", err)
+			err = nil
+		}
 		return shouldRetry(ctx, err)
 	})
 	if err != nil {
diff --git a/backend/union/entry.go b/backend/union/entry.go
index d794d62262ea7..24ec2f5184f6f 100644
--- a/backend/union/entry.go
+++ b/backend/union/entry.go
@@ -17,8 +17,9 @@ import (
 // This is a wrapped object which returns the Union Fs as its parent
 type Object struct {
 	*upstream.Object
-	fs *Fs // what this object is part of
-	co []upstream.Entry
+	fs          *Fs // what this object is part of
+	co          []upstream.Entry
+	writebackMu sync.Mutex
 }
 
 // Directory describes a union Directory
@@ -34,6 +35,13 @@ type entry interface {
 	candidates() []upstream.Entry
 }
 
+// Update o with the contents of newO excluding the lock
+func (o *Object) update(newO *Object) {
+	o.Object = newO.Object
+	o.fs = newO.fs
+	o.co = newO.co
+}
+
 // UnWrapUpstream returns the upstream Object that this Object is wrapping
 func (o *Object) UnWrapUpstream() *upstream.Object {
 	return o.Object
@@ -67,7 +75,7 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 			return err
 		}
 		// Update current object
-		*o = *newO.(*Object)
+		o.update(newO.(*Object))
 		return nil
 	} else if err != nil {
 		return err
@@ -175,6 +183,25 @@ func (o *Object) SetTier(tier string) error {
 	return do.SetTier(tier)
 }
 
+// Open opens the file for read.  Call Close() on the returned io.ReadCloser
+func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadCloser, error) {
+	// Need some sort of locking to prevent multiple downloads
+	o.writebackMu.Lock()
+	defer o.writebackMu.Unlock()
+
+	// FIXME what if correct object is already in o.co
+
+	newObj, err := o.Object.Writeback(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if newObj != nil {
+		o.Object = newObj
+		o.co = append(o.co, newObj) // FIXME should this append or overwrite or update?
+	}
+	return o.Object.Object.Open(ctx, options...)
+}
+
 // ModTime returns the modification date of the directory
 // It returns the latest ModTime of all candidates
 func (d *Directory) ModTime(ctx context.Context) (t time.Time) {
diff --git a/backend/union/errors.go b/backend/union/errors.go
index 46259b5956d00..ddfd2866d876d 100644
--- a/backend/union/errors.go
+++ b/backend/union/errors.go
@@ -49,8 +49,7 @@ func (e Errors) Error() string {
 
 	if len(e) == 0 {
 		buf.WriteString("no error")
-	}
-	if len(e) == 1 {
+	} else if len(e) == 1 {
 		buf.WriteString("1 error: ")
 	} else {
 		fmt.Fprintf(&buf, "%d errors: ", len(e))
@@ -61,8 +60,17 @@ func (e Errors) Error() string {
 			buf.WriteString("; ")
 		}
 
-		buf.WriteString(err.Error())
+		if err != nil {
+			buf.WriteString(err.Error())
+		} else {
+			buf.WriteString("nil error")
+		}
 	}
 
 	return buf.String()
 }
+
+// Unwrap returns the wrapped errors
+func (e Errors) Unwrap() []error {
+	return e
+}
diff --git a/backend/union/errors_test.go b/backend/union/errors_test.go
new file mode 100644
index 0000000000000..3d79a69b061d7
--- /dev/null
+++ b/backend/union/errors_test.go
@@ -0,0 +1,94 @@
+//go:build go1.20
+// +build go1.20
+
+package union
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	err1 = errors.New("Error 1")
+	err2 = errors.New("Error 2")
+	err3 = errors.New("Error 3")
+)
+
+func TestErrorsMap(t *testing.T) {
+	es := Errors{
+		nil,
+		err1,
+		err2,
+	}
+	want := Errors{
+		err2,
+	}
+	got := es.Map(func(e error) error {
+		if e == err1 {
+			return nil
+		}
+		return e
+	})
+	assert.Equal(t, want, got)
+}
+
+func TestErrorsFilterNil(t *testing.T) {
+	es := Errors{
+		nil,
+		err1,
+		nil,
+		err2,
+		nil,
+	}
+	want := Errors{
+		err1,
+		err2,
+	}
+	got := es.FilterNil()
+	assert.Equal(t, want, got)
+}
+
+func TestErrorsErr(t *testing.T) {
+	// Check not all nil case
+	es := Errors{
+		nil,
+		err1,
+		nil,
+		err2,
+		nil,
+	}
+	want := Errors{
+		err1,
+		err2,
+	}
+	got := es.Err()
+
+	// Check all nil case
+	assert.Equal(t, want, got)
+	es = Errors{
+		nil,
+		nil,
+		nil,
+	}
+	assert.Nil(t, es.Err())
+}
+
+func TestErrorsError(t *testing.T) {
+	assert.Equal(t, "no error", Errors{}.Error())
+	assert.Equal(t, "1 error: Error 1", Errors{err1}.Error())
+	assert.Equal(t, "1 error: nil error", Errors{nil}.Error())
+	assert.Equal(t, "2 errors: Error 1; Error 2", Errors{err1, err2}.Error())
+}
+
+func TestErrorsUnwrap(t *testing.T) {
+	es := Errors{
+		err1,
+		err2,
+	}
+	assert.Equal(t, []error{err1, err2}, es.Unwrap())
+	assert.True(t, errors.Is(es, err1))
+	assert.True(t, errors.Is(es, err2))
+	assert.False(t, errors.Is(es, err3))
+}
diff --git a/backend/union/policy/policy.go b/backend/union/policy/policy.go
index d784c8e29c9cb..cc7623a4d7d51 100644
--- a/backend/union/policy/policy.go
+++ b/backend/union/policy/policy.go
@@ -3,7 +3,6 @@ package policy
 import (
 	"context"
 	"fmt"
-	"math/rand"
 	"path"
 	"strings"
 	"time"
@@ -109,9 +108,7 @@ func findEntry(ctx context.Context, f fs.Fs, remote string) fs.DirEntry {
 		if err != nil {
 			return nil
 		}
-		// random modtime for root
-		randomNow := time.Unix(time.Now().Unix()-rand.Int63n(10000), 0)
-		return fs.NewDir("", randomNow)
+		return fs.NewDir("", time.Time{})
 	}
 	found := false
 	for _, e := range entries {
diff --git a/backend/union/union.go b/backend/union/union.go
index aeb0aeca63df1..eeaed8f31b727 100644
--- a/backend/union/union.go
+++ b/backend/union/union.go
@@ -756,14 +756,6 @@ func (f *Fs) create(ctx context.Context, path string) ([]*upstream.Fs, error) {
 	return f.createPolicy.Create(ctx, f.upstreams, path)
 }
 
-func (f *Fs) createEntries(entries ...upstream.Entry) ([]upstream.Entry, error) {
-	return f.createPolicy.CreateEntries(entries...)
-}
-
-func (f *Fs) search(ctx context.Context, path string) (*upstream.Fs, error) {
-	return f.searchPolicy.Search(ctx, f.upstreams, path)
-}
-
 func (f *Fs) searchEntries(entries ...upstream.Entry) (upstream.Entry, error) {
 	return f.searchPolicy.SearchEntries(entries...)
 }
@@ -809,6 +801,24 @@ func (f *Fs) Shutdown(ctx context.Context) error {
 	return errs.Err()
 }
 
+// CleanUp the trash in the Fs
+//
+// Implement this if you have a way of emptying the trash or
+// otherwise cleaning up old versions of files.
+func (f *Fs) CleanUp(ctx context.Context) error {
+	errs := Errors(make([]error, len(f.upstreams)))
+	multithread(len(f.upstreams), func(i int) {
+		u := f.upstreams[i]
+		if do := u.Features().CleanUp; do != nil {
+			err := do(ctx)
+			if err != nil {
+				errs[i] = fmt.Errorf("%s: %w", u.Name(), err)
+			}
+		}
+	})
+	return errs.Err()
+}
+
 // NewFs constructs an Fs from the path.
 //
 // The returned Fs is the actual Fs, referenced by remote in the config
@@ -867,6 +877,10 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		opt:       *opt,
 		upstreams: usedUpstreams,
 	}
+	err = upstream.Prepare(f.upstreams)
+	if err != nil {
+		return nil, err
+	}
 	f.actionPolicy, err = policy.Get(opt.ActionPolicy)
 	if err != nil {
 		return nil, err
@@ -892,6 +906,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		ReadMetadata:            true,
 		WriteMetadata:           true,
 		UserMetadata:            true,
+		PartialUploads:          true,
 	}).Fill(ctx, f)
 	canMove, slowHash := true, false
 	for _, f := range upstreams {
@@ -922,6 +937,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		}
 	}
 
+	// show that we wrap other backends
+	features.Overlay = true
+
 	f.features = features
 
 	// Get common intersection of hashes
@@ -968,4 +986,5 @@ var (
 	_ fs.Abouter         = (*Fs)(nil)
 	_ fs.ListRer         = (*Fs)(nil)
 	_ fs.Shutdowner      = (*Fs)(nil)
+	_ fs.CleanUpper      = (*Fs)(nil)
 )
diff --git a/backend/union/union_test.go b/backend/union/union_test.go
index f5a9948f61d4f..b9f4e24e2d393 100644
--- a/backend/union/union_test.go
+++ b/backend/union/union_test.go
@@ -11,6 +11,11 @@ import (
 	"github.com/rclone/rclone/fstest/fstests"
 )
 
+var (
+	unimplementableFsMethods     = []string{"UnWrap", "WrapFs", "SetWrapper", "UserInfo", "Disconnect", "PublicLink", "PutUnchecked", "MergeDirs", "OpenWriterAt", "OpenChunkWriter"}
+	unimplementableObjectMethods = []string{}
+)
+
 // TestIntegration runs integration tests against the remote
 func TestIntegration(t *testing.T) {
 	if *fstest.RemoteName == "" {
@@ -18,8 +23,8 @@ func TestIntegration(t *testing.T) {
 	}
 	fstests.Run(t, &fstests.Opt{
 		RemoteName:                   *fstest.RemoteName,
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 	})
 }
 
@@ -39,8 +44,8 @@ func TestStandard(t *testing.T) {
 			{Name: name, Key: "create_policy", Value: "epmfs"},
 			{Name: name, Key: "search_policy", Value: "ff"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 		QuickTestOK:                  true,
 	})
 }
@@ -61,8 +66,8 @@ func TestRO(t *testing.T) {
 			{Name: name, Key: "create_policy", Value: "epmfs"},
 			{Name: name, Key: "search_policy", Value: "ff"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 		QuickTestOK:                  true,
 	})
 }
@@ -83,8 +88,8 @@ func TestNC(t *testing.T) {
 			{Name: name, Key: "create_policy", Value: "epmfs"},
 			{Name: name, Key: "search_policy", Value: "ff"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 		QuickTestOK:                  true,
 	})
 }
@@ -105,8 +110,8 @@ func TestPolicy1(t *testing.T) {
 			{Name: name, Key: "create_policy", Value: "lus"},
 			{Name: name, Key: "search_policy", Value: "all"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 		QuickTestOK:                  true,
 	})
 }
@@ -127,8 +132,8 @@ func TestPolicy2(t *testing.T) {
 			{Name: name, Key: "create_policy", Value: "rand"},
 			{Name: name, Key: "search_policy", Value: "ff"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 		QuickTestOK:                  true,
 	})
 }
@@ -149,8 +154,8 @@ func TestPolicy3(t *testing.T) {
 			{Name: name, Key: "create_policy", Value: "all"},
 			{Name: name, Key: "search_policy", Value: "all"},
 		},
-		UnimplementableFsMethods:     []string{"OpenWriterAt", "DuplicateFiles"},
-		UnimplementableObjectMethods: []string{"MimeType"},
+		UnimplementableFsMethods:     unimplementableFsMethods,
+		UnimplementableObjectMethods: unimplementableObjectMethods,
 		QuickTestOK:                  true,
 	})
 }
diff --git a/backend/union/upstream/upstream.go b/backend/union/upstream/upstream.go
index 119eb7bb04b31..07bd732d9e2fe 100644
--- a/backend/union/upstream/upstream.go
+++ b/backend/union/upstream/upstream.go
@@ -16,6 +16,7 @@ import (
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/cache"
 	"github.com/rclone/rclone/fs/fspath"
+	"github.com/rclone/rclone/fs/operations"
 )
 
 var (
@@ -25,10 +26,6 @@ var (
 
 // Fs is a wrap of any fs and its configs
 type Fs struct {
-	// In order to ensure memory alignment on 32-bit architectures
-	// when this field is accessed through sync/atomic functions,
-	// it must be the first entry in the struct
-	cacheExpiry int64 // usage cache expiry time
 	fs.Fs
 	RootFs      fs.Fs
 	RootPath    string
@@ -37,9 +34,12 @@ type Fs struct {
 	creatable   bool
 	usage       *fs.Usage     // Cache the usage
 	cacheTime   time.Duration // cache duration
+	cacheExpiry atomic.Int64  // usage cache expiry time
 	cacheMutex  sync.RWMutex
 	cacheOnce   sync.Once
 	cacheUpdate bool // if the cache is updating
+	writeback   bool // writeback to this upstream
+	writebackFs *Fs  // if non zero, writeback to this upstream
 }
 
 // Directory describes a wrapped Directory
@@ -73,14 +73,14 @@ func New(ctx context.Context, remote, root string, opt *common.Options) (*Fs, er
 		return nil, err
 	}
 	f := &Fs{
-		RootPath:    strings.TrimRight(root, "/"),
-		Opt:         opt,
-		writable:    true,
-		creatable:   true,
-		cacheExpiry: time.Now().Unix(),
-		cacheTime:   time.Duration(opt.CacheTime) * time.Second,
-		usage:       &fs.Usage{},
-	}
+		RootPath:  strings.TrimRight(root, "/"),
+		Opt:       opt,
+		writable:  true,
+		creatable: true,
+		cacheTime: time.Duration(opt.CacheTime) * time.Second,
+		usage:     &fs.Usage{},
+	}
+	f.cacheExpiry.Store(time.Now().Unix())
 	if strings.HasSuffix(fsPath, ":ro") {
 		f.writable = false
 		f.creatable = false
@@ -89,6 +89,9 @@ func New(ctx context.Context, remote, root string, opt *common.Options) (*Fs, er
 		f.writable = true
 		f.creatable = false
 		fsPath = fsPath[0 : len(fsPath)-3]
+	} else if strings.HasSuffix(fsPath, ":writeback") {
+		f.writeback = true
+		fsPath = fsPath[0 : len(fsPath)-len(":writeback")]
 	}
 	remote = configName + fsPath
 	rFs, err := cache.Get(ctx, remote)
@@ -106,6 +109,29 @@ func New(ctx context.Context, remote, root string, opt *common.Options) (*Fs, er
 	return f, err
 }
 
+// Prepare the configured upstreams as a group
+func Prepare(fses []*Fs) error {
+	writebacks := 0
+	var writebackFs *Fs
+	for _, f := range fses {
+		if f.writeback {
+			writebackFs = f
+			writebacks++
+		}
+	}
+	if writebacks == 0 {
+		return nil
+	} else if writebacks > 1 {
+		return fmt.Errorf("can only have 1 :writeback not %d", writebacks)
+	}
+	for _, f := range fses {
+		if !f.writeback {
+			f.writebackFs = writebackFs
+		}
+	}
+	return nil
+}
+
 // WrapDirectory wraps an fs.Directory to include the info
 // of the upstream Fs
 func (f *Fs) WrapDirectory(e fs.Directory) *Directory {
@@ -296,9 +322,31 @@ func (o *Object) Metadata(ctx context.Context) (fs.Metadata, error) {
 	return do.Metadata(ctx)
 }
 
+// Writeback writes the object back and returns a new object
+//
+// If it returns nil, nil then the original object is OK
+func (o *Object) Writeback(ctx context.Context) (*Object, error) {
+	if o.f.writebackFs == nil {
+		return nil, nil
+	}
+	newObj, err := operations.Copy(ctx, o.f.writebackFs.Fs, nil, o.Object.Remote(), o.Object)
+	if err != nil {
+		return nil, err
+	}
+	// newObj could be nil here
+	if newObj == nil {
+		fs.Errorf(o, "nil Object returned from operations.Copy")
+		return nil, nil
+	}
+	return &Object{
+		Object: newObj,
+		f:      o.f,
+	}, err
+}
+
 // About gets quota information from the Fs
 func (f *Fs) About(ctx context.Context) (*fs.Usage, error) {
-	if atomic.LoadInt64(&f.cacheExpiry) <= time.Now().Unix() {
+	if f.cacheExpiry.Load() <= time.Now().Unix() {
 		err := f.updateUsage()
 		if err != nil {
 			return nil, ErrUsageFieldNotSupported
@@ -313,7 +361,7 @@ func (f *Fs) About(ctx context.Context) (*fs.Usage, error) {
 //
 // This is returned as 0..math.MaxInt64-1 leaving math.MaxInt64 as a sentinel
 func (f *Fs) GetFreeSpace() (int64, error) {
-	if atomic.LoadInt64(&f.cacheExpiry) <= time.Now().Unix() {
+	if f.cacheExpiry.Load() <= time.Now().Unix() {
 		err := f.updateUsage()
 		if err != nil {
 			return math.MaxInt64 - 1, ErrUsageFieldNotSupported
@@ -331,7 +379,7 @@ func (f *Fs) GetFreeSpace() (int64, error) {
 //
 // This is returned as 0..math.MaxInt64-1 leaving math.MaxInt64 as a sentinel
 func (f *Fs) GetUsedSpace() (int64, error) {
-	if atomic.LoadInt64(&f.cacheExpiry) <= time.Now().Unix() {
+	if f.cacheExpiry.Load() <= time.Now().Unix() {
 		err := f.updateUsage()
 		if err != nil {
 			return 0, ErrUsageFieldNotSupported
@@ -347,7 +395,7 @@ func (f *Fs) GetUsedSpace() (int64, error) {
 
 // GetNumObjects get the number of objects of the fs
 func (f *Fs) GetNumObjects() (int64, error) {
-	if atomic.LoadInt64(&f.cacheExpiry) <= time.Now().Unix() {
+	if f.cacheExpiry.Load() <= time.Now().Unix() {
 		err := f.updateUsage()
 		if err != nil {
 			return 0, ErrUsageFieldNotSupported
@@ -402,7 +450,7 @@ func (f *Fs) updateUsageCore(lock bool) error {
 		defer f.cacheMutex.Unlock()
 	}
 	// Store usage
-	atomic.StoreInt64(&f.cacheExpiry, time.Now().Add(f.cacheTime).Unix())
+	f.cacheExpiry.Store(time.Now().Add(f.cacheTime).Unix())
 	f.usage = usage
 	return nil
 }
diff --git a/backend/uptobox/uptobox.go b/backend/uptobox/uptobox.go
index c13d0ac9ed52f..1db823ef45877 100644
--- a/backend/uptobox/uptobox.go
+++ b/backend/uptobox/uptobox.go
@@ -43,8 +43,14 @@ func init() {
 		Description: "Uptobox",
 		NewFs:       NewFs,
 		Options: []fs.Option{{
-			Help: "Your access token.\n\nGet it from https://uptobox.com/my_account.",
-			Name: "access_token",
+			Help:      "Your access token.\n\nGet it from https://uptobox.com/my_account.",
+			Name:      "access_token",
+			Sensitive: true,
+		}, {
+			Help:     "Set to make uploaded files private",
+			Name:     "private",
+			Advanced: true,
+			Default:  false,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -63,6 +69,7 @@ func init() {
 // Options defines the configuration for this backend
 type Options struct {
 	AccessToken string               `config:"access_token"`
+	Private     bool                 `config:"private"`
 	Enc         encoder.MultiEncoder `config:"encoding"`
 }
 
@@ -75,6 +82,7 @@ type Fs struct {
 	srv      *rest.Client
 	pacer    *fs.Pacer
 	IDRegexp *regexp.Regexp
+	public   string // "0" to make objects private
 }
 
 // Object represents an Uptobox object
@@ -211,10 +219,13 @@ func NewFs(ctx context.Context, name string, root string, config configmap.Mappe
 		CanHaveEmptyDirectories: true,
 		ReadMimeType:            false,
 	}).Fill(ctx, f)
+	if f.opt.Private {
+		f.public = "0"
+	}
 
 	client := fshttp.NewClient(ctx)
 	f.srv = rest.NewClient(client).SetRoot(apiBaseURL)
-	f.IDRegexp = regexp.MustCompile(`https://uptobox\.com/([a-zA-Z0-9]+)`)
+	f.IDRegexp = regexp.MustCompile(`^https://uptobox\.com/([a-zA-Z0-9]+)`)
 
 	_, err = f.readMetaDataForPath(ctx, f.dirPath(""), &api.MetadataRequestOptions{Limit: 10})
 	if err != nil {
@@ -472,11 +483,11 @@ func (f *Fs) updateFileInformation(ctx context.Context, update *api.UpdateFileIn
 	return err
 }
 
-func (f *Fs) putUnchecked(ctx context.Context, in io.Reader, remote string, size int64, options ...fs.OpenOption) (fs.Object, error) {
+func (f *Fs) putUnchecked(ctx context.Context, in io.Reader, remote string, size int64, options ...fs.OpenOption) error {
 	if size > int64(200e9) { // max size 200GB
-		return nil, errors.New("file too big, can't upload")
+		return errors.New("file too big, can't upload")
 	} else if size == 0 {
-		return nil, fs.ErrorCantUploadEmptyFiles
+		return fs.ErrorCantUploadEmptyFiles
 	}
 	// yes it does take 4 requests if we're uploading to root and 6+ if we're uploading to any subdir :(
 
@@ -494,19 +505,19 @@ func (f *Fs) putUnchecked(ctx context.Context, in io.Reader, remote string, size
 		return shouldRetry(ctx, resp, err)
 	})
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if info.StatusCode != 0 {
-		return nil, fmt.Errorf("putUnchecked api error: %d - %s", info.StatusCode, info.Message)
+		return fmt.Errorf("putUnchecked api error: %d - %s", info.StatusCode, info.Message)
 	}
 	// we need to have a safe name for the upload to work
 	tmpName := "rcloneTemp" + random.String(8)
 	upload, err := f.uploadFile(ctx, in, size, tmpName, info.Data.UploadLink, options...)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if len(upload.Files) != 1 {
-		return nil, errors.New("upload unexpected response")
+		return errors.New("upload unexpected response")
 	}
 	match := f.IDRegexp.FindStringSubmatch(upload.Files[0].URL)
 
@@ -521,23 +532,27 @@ func (f *Fs) putUnchecked(ctx context.Context, in io.Reader, remote string, size
 			// this might need some more error handling. if any of the following requests fail
 			// we'll leave an orphaned temporary file floating around somewhere
 			// they rarely fail though
-			return nil, err
+			return err
 		}
 
 		err = f.move(ctx, fullBase, match[1])
 		if err != nil {
-			return nil, err
+			return err
 		}
 	}
 
 	// rename file to final name
-	err = f.updateFileInformation(ctx, &api.UpdateFileInformation{Token: f.opt.AccessToken, FileCode: match[1], NewName: f.opt.Enc.FromStandardName(leaf)})
+	err = f.updateFileInformation(ctx, &api.UpdateFileInformation{
+		Token:    f.opt.AccessToken,
+		FileCode: match[1],
+		NewName:  f.opt.Enc.FromStandardName(leaf),
+		Public:   f.public,
+	})
 	if err != nil {
-		return nil, err
+		return err
 	}
 
-	// finally fetch the file object.
-	return f.NewObject(ctx, remote)
+	return nil
 }
 
 // Put in to the remote path with the modTime given of the given size
@@ -567,7 +582,11 @@ func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options .
 // This will create a duplicate if we upload a new file without
 // checking to see if there is one already - use Put() for that.
 func (f *Fs) PutUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error) {
-	return f.putUnchecked(ctx, in, src.Remote(), src.Size(), options...)
+	err := f.putUnchecked(ctx, in, src.Remote(), src.Size(), options...)
+	if err != nil {
+		return nil, err
+	}
+	return f.NewObject(ctx, src.Remote())
 }
 
 // CreateDir dir creates a directory with the given parent path
@@ -660,7 +679,7 @@ func (f *Fs) Rmdir(ctx context.Context, dir string) error {
 	if err != nil {
 		return err
 	}
-	if info.Data.CurrentFolder.FileCount > 0 {
+	if len(info.Data.Folders) > 0 || len(info.Data.Files) > 0 {
 		return fs.ErrorDirectoryNotEmpty
 	}
 
@@ -696,7 +715,12 @@ func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object,
 
 	// rename to final name if we need to
 	if needRename {
-		err := f.updateFileInformation(ctx, &api.UpdateFileInformation{Token: f.opt.AccessToken, FileCode: srcObj.code, NewName: f.opt.Enc.FromStandardName(dstLeaf)})
+		err := f.updateFileInformation(ctx, &api.UpdateFileInformation{
+			Token:    f.opt.AccessToken,
+			FileCode: srcObj.code,
+			NewName:  f.opt.Enc.FromStandardName(dstLeaf),
+			Public:   f.public,
+		})
 		if err != nil {
 			return nil, fmt.Errorf("move: failed final rename: %w", err)
 		}
@@ -888,7 +912,12 @@ func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object,
 	}
 
 	if needRename {
-		err := f.updateFileInformation(ctx, &api.UpdateFileInformation{Token: f.opt.AccessToken, FileCode: newObj.(*Object).code, NewName: f.opt.Enc.FromStandardName(dstLeaf)})
+		err := f.updateFileInformation(ctx, &api.UpdateFileInformation{
+			Token:    f.opt.AccessToken,
+			FileCode: newObj.(*Object).code,
+			NewName:  f.opt.Enc.FromStandardName(dstLeaf),
+			Public:   f.public,
+		})
 		if err != nil {
 			return nil, fmt.Errorf("copy: failed final rename: %w", err)
 		}
@@ -923,7 +952,8 @@ func (o *Object) Remote() string {
 // It attempts to read the objects mtime and if that isn't present the
 // LastModified returned in the http headers
 func (o *Object) ModTime(ctx context.Context) time.Time {
-	return time.Now()
+	ci := fs.GetConfig(ctx)
+	return time.Time(ci.DefaultTime)
 }
 
 // Size returns the size of an object in bytes
@@ -1000,7 +1030,7 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 	}
 
 	// upload with new size but old name
-	info, err := o.fs.putUnchecked(ctx, in, o.Remote(), src.Size(), options...)
+	err := o.fs.putUnchecked(ctx, in, o.Remote(), src.Size(), options...)
 	if err != nil {
 		return err
 	}
@@ -1011,6 +1041,12 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		return fmt.Errorf("failed to remove old version: %w", err)
 	}
 
+	// Fetch new object after deleting the duplicate
+	info, err := o.fs.NewObject(ctx, o.Remote())
+	if err != nil {
+		return err
+	}
+
 	// Replace guts of old object with new one
 	*o = *info.(*Object)
 
diff --git a/backend/webdav/api/types.go b/backend/webdav/api/types.go
index 7d36f058ab5ed..50feae10647df 100644
--- a/backend/webdav/api/types.go
+++ b/backend/webdav/api/types.go
@@ -75,6 +75,7 @@ type Prop struct {
 	Size         int64     `xml:"DAV: prop>getcontentlength,omitempty"`
 	Modified     Time      `xml:"DAV: prop>getlastmodified,omitempty"`
 	Checksums    []string  `xml:"prop>checksums>checksum,omitempty"`
+	MESha1Hex    *string   `xml:"ME: prop>sha1hex,omitempty"` // Fastmail-specific sha1 checksum
 }
 
 // Parse a status of the form "HTTP/1.1 200 OK" or "HTTP/1.1 200"
@@ -102,22 +103,26 @@ func (p *Prop) StatusOK() bool {
 
 // Hashes returns a map of all checksums - may be nil
 func (p *Prop) Hashes() (hashes map[hash.Type]string) {
-	if len(p.Checksums) == 0 {
-		return nil
-	}
-	hashes = make(map[hash.Type]string)
-	for _, checksums := range p.Checksums {
-		checksums = strings.ToLower(checksums)
-		for _, checksum := range strings.Split(checksums, " ") {
-			switch {
-			case strings.HasPrefix(checksum, "sha1:"):
-				hashes[hash.SHA1] = checksum[5:]
-			case strings.HasPrefix(checksum, "md5:"):
-				hashes[hash.MD5] = checksum[4:]
+	if len(p.Checksums) > 0 {
+		hashes = make(map[hash.Type]string)
+		for _, checksums := range p.Checksums {
+			checksums = strings.ToLower(checksums)
+			for _, checksum := range strings.Split(checksums, " ") {
+				switch {
+				case strings.HasPrefix(checksum, "sha1:"):
+					hashes[hash.SHA1] = checksum[5:]
+				case strings.HasPrefix(checksum, "md5:"):
+					hashes[hash.MD5] = checksum[4:]
+				}
 			}
 		}
+		return hashes
+	} else if p.MESha1Hex != nil {
+		hashes = make(map[hash.Type]string)
+		hashes[hash.SHA1] = *p.MESha1Hex
+		return hashes
 	}
-	return hashes
+	return nil
 }
 
 // PropValue is a tagged name and value
diff --git a/backend/webdav/chunking.go b/backend/webdav/chunking.go
new file mode 100644
index 0000000000000..4cea798389f73
--- /dev/null
+++ b/backend/webdav/chunking.go
@@ -0,0 +1,214 @@
+package webdav
+
+/*
+	chunked update for Nextcloud
+	see https://docs.nextcloud.com/server/20/developer_manual/client_apis/WebDAV/chunking.html
+*/
+
+import (
+	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"path"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/lib/readers"
+	"github.com/rclone/rclone/lib/rest"
+)
+
+func (f *Fs) shouldRetryChunkMerge(ctx context.Context, resp *http.Response, err error) (bool, error) {
+	// Not found. Can be returned by NextCloud when merging chunks of an upload.
+	if resp != nil && resp.StatusCode == 404 {
+		return true, err
+	}
+
+	// 423 LOCKED
+	if resp != nil && resp.StatusCode == 423 {
+		return false, fmt.Errorf("merging the uploaded chunks failed with 423 LOCKED. This usually happens when the chunks merging is still in progress on NextCloud, but it may also indicate a failed transfer: %w", err)
+	}
+
+	return f.shouldRetry(ctx, resp, err)
+}
+
+// set the chunk size for testing
+func (f *Fs) setUploadChunkSize(cs fs.SizeSuffix) (old fs.SizeSuffix, err error) {
+	old, f.opt.ChunkSize = f.opt.ChunkSize, cs
+	return
+}
+
+func (o *Object) getChunksUploadDir() (string, error) {
+	hasher := md5.New()
+	_, err := hasher.Write([]byte(o.filePath()))
+	if err != nil {
+		return "", fmt.Errorf("chunked upload couldn't hash URL: %w", err)
+	}
+	uploadDir := "rclone-chunked-upload-" + hex.EncodeToString(hasher.Sum(nil))
+	return uploadDir, nil
+}
+
+func (f *Fs) getChunksUploadURL() (string, error) {
+	submatch := nextCloudURLRegex.FindStringSubmatch(f.endpointURL)
+	if submatch == nil {
+		return "", errors.New("the remote url looks incorrect. Note that nextcloud chunked uploads require you to use the /dav/files/USER endpoint instead of /webdav. Please check 'rclone config show remotename' to verify that the url field ends in /dav/files/USERNAME")
+	}
+
+	baseURL, user := submatch[1], submatch[2]
+	chunksUploadURL := fmt.Sprintf("%s/dav/uploads/%s/", baseURL, user)
+
+	return chunksUploadURL, nil
+}
+
+func (o *Object) shouldUseChunkedUpload(src fs.ObjectInfo) bool {
+	return o.fs.canChunk && o.fs.opt.ChunkSize > 0 && src.Size() > int64(o.fs.opt.ChunkSize)
+}
+
+func (o *Object) updateChunked(ctx context.Context, in0 io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (err error) {
+	var uploadDir string
+
+	// see https://docs.nextcloud.com/server/24/developer_manual/client_apis/WebDAV/chunking.html#starting-a-chunked-upload
+	uploadDir, err = o.createChunksUploadDirectory(ctx)
+	if err != nil {
+		return err
+	}
+
+	partObj := &Object{
+		fs: o.fs,
+	}
+
+	// see https://docs.nextcloud.com/server/24/developer_manual/client_apis/WebDAV/chunking.html#uploading-chunks
+	err = o.uploadChunks(ctx, in0, src.Size(), partObj, uploadDir, options)
+	if err != nil {
+		return err
+	}
+
+	// see https://docs.nextcloud.com/server/24/developer_manual/client_apis/WebDAV/chunking.html#assembling-the-chunks
+	err = o.mergeChunks(ctx, uploadDir, options, src)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (o *Object) uploadChunks(ctx context.Context, in0 io.Reader, size int64, partObj *Object, uploadDir string, options []fs.OpenOption) error {
+	chunkSize := int64(partObj.fs.opt.ChunkSize)
+
+	// TODO: upload chunks in parallel for faster transfer speeds
+	for offset := int64(0); offset < size; offset += chunkSize {
+		if err := ctx.Err(); err != nil {
+			return err
+		}
+
+		contentLength := chunkSize
+
+		// Last chunk may be smaller
+		if size-offset < contentLength {
+			contentLength = size - offset
+		}
+
+		endOffset := offset + contentLength - 1
+
+		partObj.remote = fmt.Sprintf("%s/%015d-%015d", uploadDir, offset, endOffset)
+		// Enable low-level HTTP 2 retries.
+		// 2022-04-28 15:59:06 ERROR : stuff/video.avi: Failed to copy: uploading chunk failed: Put "https://censored.com/remote.php/dav/uploads/Admin/rclone-chunked-upload-censored/000006113198080-000006123683840": http2: Transport: cannot retry err [http2: Transport received Server's graceful shutdown GOAWAY] after Request.Body was written; define Request.GetBody to avoid this error
+
+		buf := make([]byte, chunkSize)
+		in := readers.NewRepeatableLimitReaderBuffer(in0, buf, chunkSize)
+
+		getBody := func() (io.ReadCloser, error) {
+			// RepeatableReader{} plays well with accounting so rewinding doesn't make the progress buggy
+			if _, err := in.Seek(0, io.SeekStart); err != nil {
+				return nil, err
+			}
+
+			return io.NopCloser(in), nil
+		}
+
+		err := partObj.updateSimple(ctx, in, getBody, partObj.remote, contentLength, "application/x-www-form-urlencoded", nil, o.fs.chunksUploadURL, options...)
+		if err != nil {
+			return fmt.Errorf("uploading chunk failed: %w", err)
+		}
+	}
+	return nil
+}
+
+func (o *Object) createChunksUploadDirectory(ctx context.Context) (string, error) {
+	uploadDir, err := o.getChunksUploadDir()
+	if err != nil {
+		return uploadDir, err
+	}
+
+	err = o.purgeUploadedChunks(ctx, uploadDir)
+	if err != nil {
+		return "", fmt.Errorf("chunked upload couldn't purge upload directory: %w", err)
+	}
+
+	opts := rest.Opts{
+		Method:     "MKCOL",
+		Path:       uploadDir + "/",
+		NoResponse: true,
+		RootURL:    o.fs.chunksUploadURL,
+	}
+	err = o.fs.pacer.CallNoRetry(func() (bool, error) {
+		resp, err := o.fs.srv.Call(ctx, &opts)
+		return o.fs.shouldRetry(ctx, resp, err)
+	})
+	if err != nil {
+		return "", fmt.Errorf("making upload directory failed: %w", err)
+	}
+	return uploadDir, err
+}
+
+func (o *Object) mergeChunks(ctx context.Context, uploadDir string, options []fs.OpenOption, src fs.ObjectInfo) error {
+	var resp *http.Response
+
+	// see https://docs.nextcloud.com/server/24/developer_manual/client_apis/WebDAV/chunking.html?highlight=chunk#assembling-the-chunks
+	opts := rest.Opts{
+		Method:     "MOVE",
+		Path:       path.Join(uploadDir, ".file"),
+		NoResponse: true,
+		Options:    options,
+		RootURL:    o.fs.chunksUploadURL,
+	}
+	destinationURL, err := rest.URLJoin(o.fs.endpoint, o.filePath())
+	if err != nil {
+		return fmt.Errorf("finalize chunked upload couldn't join URL: %w", err)
+	}
+	opts.ExtraHeaders = o.extraHeaders(ctx, src)
+	opts.ExtraHeaders["Destination"] = destinationURL.String()
+	err = o.fs.pacer.Call(func() (bool, error) {
+		resp, err = o.fs.srv.Call(ctx, &opts)
+		return o.fs.shouldRetryChunkMerge(ctx, resp, err)
+	})
+	if err != nil {
+		return fmt.Errorf("finalize chunked upload failed, destinationURL: \"%s\": %w", destinationURL, err)
+	}
+	return err
+}
+
+func (o *Object) purgeUploadedChunks(ctx context.Context, uploadDir string) error {
+	// clean the upload directory if it exists (this means that a previous try didn't clean up properly).
+	opts := rest.Opts{
+		Method:     "DELETE",
+		Path:       uploadDir + "/",
+		NoResponse: true,
+		RootURL:    o.fs.chunksUploadURL,
+	}
+
+	err := o.fs.pacer.Call(func() (bool, error) {
+		resp, err := o.fs.srv.CallXML(ctx, &opts, nil, nil)
+
+		// directory doesn't exist, no need to purge
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			return false, nil
+		}
+
+		return o.fs.shouldRetry(ctx, resp, err)
+	})
+
+	return err
+}
diff --git a/backend/webdav/webdav.go b/backend/webdav/webdav.go
index 371d5f71dfac4..e8f83f66a4a67 100644
--- a/backend/webdav/webdav.go
+++ b/backend/webdav/webdav.go
@@ -19,6 +19,7 @@ import (
 	"net/url"
 	"os/exec"
 	"path"
+	"regexp"
 	"strconv"
 	"strings"
 	"sync"
@@ -42,7 +43,7 @@ import (
 )
 
 const (
-	minSleep      = 10 * time.Millisecond
+	minSleep      = fs.Duration(10 * time.Millisecond)
 	maxSleep      = 2 * time.Second
 	decayConstant = 2   // bigger for slower decay, exponential
 	defaultDepth  = "1" // depth for PROPFIND
@@ -76,6 +77,9 @@ func init() {
 			Name: "vendor",
 			Help: "Name of the WebDAV site/service/software you are using.",
 			Examples: []fs.OptionExample{{
+				Value: "fastmail",
+				Help:  "Fastmail Files",
+			}, {
 				Value: "nextcloud",
 				Help:  "Nextcloud",
 			}, {
@@ -87,20 +91,25 @@ func init() {
 			}, {
 				Value: "sharepoint-ntlm",
 				Help:  "Sharepoint with NTLM authentication, usually self-hosted or on-premises",
+			}, {
+				Value: "rclone",
+				Help:  "rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol",
 			}, {
 				Value: "other",
 				Help:  "Other site/service or software",
 			}},
 		}, {
-			Name: "user",
-			Help: "User name.\n\nIn case NTLM authentication is used, the username should be in the format 'Domain\\User'.",
+			Name:      "user",
+			Help:      "User name.\n\nIn case NTLM authentication is used, the username should be in the format 'Domain\\User'.",
+			Sensitive: true,
 		}, {
 			Name:       "pass",
 			Help:       "Password.",
 			IsPassword: true,
 		}, {
-			Name: "bearer_token",
-			Help: "Bearer token instead of user/pass (e.g. a Macaroon).",
+			Name:      "bearer_token",
+			Help:      "Bearer token instead of user/pass (e.g. a Macaroon).",
+			Sensitive: true,
 		}, {
 			Name:     "bearer_token_command",
 			Help:     "Command to run to get a bearer token.",
@@ -124,6 +133,22 @@ You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'
 `,
 			Default:  fs.CommaSepList{},
 			Advanced: true,
+		}, {
+			Name:     "pacer_min_sleep",
+			Help:     "Minimum time to sleep between API calls.",
+			Default:  minSleep,
+			Advanced: true,
+		}, {
+			Name: "nextcloud_chunk_size",
+			Help: `Nextcloud upload chunk size.
+
+We recommend configuring your NextCloud instance to increase the max chunk size to 1 GB for better upload performances.
+See https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#adjust-chunk-size-on-nextcloud-side
+
+Set to 0 to disable chunked uploading.
+`,
+			Advanced: true,
+			Default:  10 * fs.Mebi, // Default NextCloud `max_chunk_size` is `10 MiB`. See https://github.com/nextcloud/server/blob/0447b53bda9fe95ea0cbed765aa332584605d652/apps/files/lib/App.php#L57
 		}},
 	})
 }
@@ -138,6 +163,8 @@ type Options struct {
 	BearerTokenCommand string               `config:"bearer_token_command"`
 	Enc                encoder.MultiEncoder `config:"encoding"`
 	Headers            fs.CommaSepList      `config:"headers"`
+	PacerMinSleep      fs.Duration          `config:"pacer_min_sleep"`
+	ChunkSize          fs.SizeSuffix        `config:"nextcloud_chunk_size"`
 }
 
 // Fs represents a remote webdav
@@ -153,11 +180,15 @@ type Fs struct {
 	precision          time.Duration // mod time precision
 	canStream          bool          // set if can stream
 	useOCMtime         bool          // set if can use X-OC-Mtime
+	propsetMtime       bool          // set if can use propset
 	retryWithZeroDepth bool          // some vendors (sharepoint) won't list files when Depth is 1 (our default)
 	checkBeforePurge   bool          // enables extra check that directory to purge really exists
-	hasMD5             bool          // set if can use owncloud style checksums for MD5
-	hasSHA1            bool          // set if can use owncloud style checksums for SHA1
+	hasOCMD5           bool          // set if can use owncloud style checksums for MD5
+	hasOCSHA1          bool          // set if can use owncloud style checksums for SHA1
+	hasMESHA1          bool          // set if can use fastmail style checksums for SHA1
 	ntlmAuthMu         sync.Mutex    // mutex to serialize NTLM auth roundtrips
+	chunksUploadURL    string        // upload URL for nextcloud chunked
+	canChunk           bool          // set if nextcloud and nextcloud_chunk_size is set
 }
 
 // Object describes a webdav object
@@ -278,7 +309,7 @@ func (f *Fs) readMetaDataForPath(ctx context.Context, path string, depth string)
 		},
 		NoRedirect: true,
 	}
-	if f.hasMD5 || f.hasSHA1 {
+	if f.hasOCMD5 || f.hasOCSHA1 {
 		opts.Body = bytes.NewBuffer(owncloudProps)
 	}
 	var result api.Multistatus
@@ -411,7 +442,7 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		opt:         *opt,
 		endpoint:    u,
 		endpointURL: u.String(),
-		pacer:       fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(minSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
+		pacer:       fs.NewPacer(ctx, pacer.NewDefault(pacer.MinSleep(opt.PacerMinSleep), pacer.MaxSleep(maxSleep), pacer.DecayConstant(decayConstant))),
 		precision:   fs.ModTimeNotSupported,
 	}
 
@@ -543,19 +574,42 @@ func (f *Fs) fetchAndSetBearerToken() error {
 	return nil
 }
 
+// The WebDAV url can optionally be suffixed with a path. This suffix needs to be ignored for determining the temporary upload directory of chunks.
+var nextCloudURLRegex = regexp.MustCompile(`^(.*)/dav/files/([^/]+)`)
+
 // setQuirks adjusts the Fs for the vendor passed in
 func (f *Fs) setQuirks(ctx context.Context, vendor string) error {
 	switch vendor {
+	case "fastmail":
+		f.canStream = true
+		f.precision = time.Second
+		f.useOCMtime = true
+		f.hasMESHA1 = true
 	case "owncloud":
 		f.canStream = true
 		f.precision = time.Second
 		f.useOCMtime = true
-		f.hasMD5 = true
-		f.hasSHA1 = true
+		f.propsetMtime = true
+		f.hasOCMD5 = true
+		f.hasOCSHA1 = true
 	case "nextcloud":
 		f.precision = time.Second
 		f.useOCMtime = true
-		f.hasSHA1 = true
+		f.propsetMtime = true
+		f.hasOCSHA1 = true
+		f.canChunk = true
+
+		if f.opt.ChunkSize == 0 {
+			fs.Logf(nil, "Chunked uploads are disabled because nextcloud_chunk_size is set to 0")
+		} else {
+			chunksUploadURL, err := f.getChunksUploadURL()
+			if err != nil {
+				return err
+			}
+
+			f.chunksUploadURL = chunksUploadURL
+			fs.Logf(nil, "Chunks temporary upload directory: %s", f.chunksUploadURL)
+		}
 	case "sharepoint":
 		// To mount sharepoint, two Cookies are required
 		// They have to be set instead of BasicAuth
@@ -593,6 +647,10 @@ func (f *Fs) setQuirks(ctx context.Context, vendor string) error {
 		// so we must perform an extra check to detect this
 		// condition and return a proper error code.
 		f.checkBeforePurge = true
+	case "rclone":
+		f.canStream = true
+		f.precision = time.Second
+		f.useOCMtime = true
 	case "other":
 	default:
 		fs.Debugf(f, "Unknown vendor %q", vendor)
@@ -667,7 +725,7 @@ func (f *Fs) listAll(ctx context.Context, dir string, directoriesOnly bool, file
 			"Depth": depth,
 		},
 	}
-	if f.hasMD5 || f.hasSHA1 {
+	if f.hasOCMD5 || f.hasOCSHA1 {
 		opts.Body = bytes.NewBuffer(owncloudProps)
 	}
 	var result api.Multistatus
@@ -996,7 +1054,7 @@ func (f *Fs) copyOrMove(ctx context.Context, src fs.Object, remote string, metho
 	dstPath := f.filePath(remote)
 	err := f.mkParentDir(ctx, dstPath)
 	if err != nil {
-		return nil, fmt.Errorf("Copy mkParentDir failed: %w", err)
+		return nil, fmt.Errorf("copy mkParentDir failed: %w", err)
 	}
 	destinationURL, err := rest.URLJoin(f.endpoint, dstPath)
 	if err != nil {
@@ -1009,7 +1067,7 @@ func (f *Fs) copyOrMove(ctx context.Context, src fs.Object, remote string, metho
 		NoResponse: true,
 		ExtraHeaders: map[string]string{
 			"Destination": destinationURL.String(),
-			"Overwrite":   "F",
+			"Overwrite":   "T",
 		},
 	}
 	if f.useOCMtime {
@@ -1021,11 +1079,18 @@ func (f *Fs) copyOrMove(ctx context.Context, src fs.Object, remote string, metho
 		return srcFs.shouldRetry(ctx, resp, err)
 	})
 	if err != nil {
-		return nil, fmt.Errorf("Copy call failed: %w", err)
+		return nil, fmt.Errorf("copy call failed: %w", err)
 	}
 	dstObj, err := f.NewObject(ctx, remote)
 	if err != nil {
-		return nil, fmt.Errorf("Copy NewObject failed: %w", err)
+		return nil, fmt.Errorf("copy NewObject failed: %w", err)
+	}
+	if f.useOCMtime && resp.Header.Get("X-OC-Mtime") != "accepted" && f.propsetMtime {
+		fs.Debugf(dstObj, "Setting modtime after copy to %v", src.ModTime(ctx))
+		err = dstObj.SetModTime(ctx, src.ModTime(ctx))
+		if err != nil {
+			return nil, fmt.Errorf("failed to set modtime: %w", err)
+		}
 	}
 	return dstObj, nil
 }
@@ -1109,7 +1174,7 @@ func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string
 		NoResponse: true,
 		ExtraHeaders: map[string]string{
 			"Destination": addSlash(destinationURL.String()),
-			"Overwrite":   "F",
+			"Overwrite":   "T",
 		},
 	}
 	// Direct the MOVE/COPY to the source server
@@ -1126,10 +1191,10 @@ func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string
 // Hashes returns the supported hash sets.
 func (f *Fs) Hashes() hash.Set {
 	hashes := hash.Set(hash.None)
-	if f.hasMD5 {
+	if f.hasOCMD5 {
 		hashes.Add(hash.MD5)
 	}
-	if f.hasSHA1 {
+	if f.hasOCSHA1 || f.hasMESHA1 {
 		hashes.Add(hash.SHA1)
 	}
 	return hashes
@@ -1197,10 +1262,10 @@ func (o *Object) Remote() string {
 
 // Hash returns the SHA1 or MD5 of an object returning a lowercase hex string
 func (o *Object) Hash(ctx context.Context, t hash.Type) (string, error) {
-	if t == hash.MD5 && o.fs.hasMD5 {
+	if t == hash.MD5 && o.fs.hasOCMD5 {
 		return o.md5, nil
 	}
-	if t == hash.SHA1 && o.fs.hasSHA1 {
+	if t == hash.SHA1 && (o.fs.hasOCSHA1 || o.fs.hasMESHA1) {
 		return o.sha1, nil
 	}
 	return "", hash.ErrUnsupported
@@ -1222,12 +1287,12 @@ func (o *Object) setMetaData(info *api.Prop) (err error) {
 	o.hasMetaData = true
 	o.size = info.Size
 	o.modTime = time.Time(info.Modified)
-	if o.fs.hasMD5 || o.fs.hasSHA1 {
+	if o.fs.hasOCMD5 || o.fs.hasOCSHA1 || o.fs.hasMESHA1 {
 		hashes := info.Hashes()
-		if o.fs.hasSHA1 {
+		if o.fs.hasOCSHA1 || o.fs.hasMESHA1 {
 			o.sha1 = hashes[hash.SHA1]
 		}
-		if o.fs.hasMD5 {
+		if o.fs.hasOCMD5 {
 			o.md5 = hashes[hash.MD5]
 		}
 	}
@@ -1261,8 +1326,53 @@ func (o *Object) ModTime(ctx context.Context) time.Time {
 	return o.modTime
 }
 
+// Set modified time using propset
+//
+// <d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns"><d:response><d:href>/ocm/remote.php/webdav/office/wir.jpg</d:href><d:propstat><d:prop><d:lastmodified/></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>
+var owncloudPropset = `<?xml version="1.0" encoding="utf-8" ?>
+<D:propertyupdate xmlns:D="DAV:">
+ <D:set>
+  <D:prop>
+   <lastmodified xmlns="DAV:">%d</lastmodified>
+  </D:prop>
+ </D:set>
+</D:propertyupdate>
+`
+
 // SetModTime sets the modification time of the local fs object
 func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error {
+	if o.fs.propsetMtime {
+		opts := rest.Opts{
+			Method:     "PROPPATCH",
+			Path:       o.filePath(),
+			NoRedirect: true,
+			Body:       strings.NewReader(fmt.Sprintf(owncloudPropset, modTime.Unix())),
+		}
+		var result api.Multistatus
+		var resp *http.Response
+		var err error
+		err = o.fs.pacer.Call(func() (bool, error) {
+			resp, err = o.fs.srv.CallXML(ctx, &opts, nil, &result)
+			return o.fs.shouldRetry(ctx, resp, err)
+		})
+		if err != nil {
+			if apiErr, ok := err.(*api.Error); ok {
+				// does not exist
+				if apiErr.StatusCode == http.StatusNotFound {
+					return fs.ErrorObjectNotFound
+				}
+			}
+			return fmt.Errorf("couldn't set modified time: %w", err)
+		}
+		// FIXME check if response is valid
+		if len(result.Responses) == 1 && result.Responses[0].Props.StatusOK() {
+			// update cached modtime
+			o.modTime = modTime
+			return nil
+		}
+		// fallback
+		return fs.ErrorCantSetModTime
+	}
 	return fs.ErrorCantSetModTime
 }
 
@@ -1304,36 +1414,72 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		return fmt.Errorf("Update mkParentDir failed: %w", err)
 	}
 
-	size := src.Size()
-	var resp *http.Response
-	opts := rest.Opts{
-		Method:        "PUT",
-		Path:          o.filePath(),
-		Body:          in,
-		NoResponse:    true,
-		ContentLength: &size, // FIXME this isn't necessary with owncloud - See https://github.com/nextcloud/nextcloud-snap/issues/365
-		ContentType:   fs.MimeType(ctx, src),
-		Options:       options,
+	if o.shouldUseChunkedUpload(src) {
+		fs.Debugf(src, "Update will use the chunked upload strategy")
+		err = o.updateChunked(ctx, in, src, options...)
+		if err != nil {
+			return err
+		}
+	} else {
+		fs.Debugf(src, "Update will use the normal upload strategy (no chunks)")
+		contentType := fs.MimeType(ctx, src)
+		filePath := o.filePath()
+		extraHeaders := o.extraHeaders(ctx, src)
+		// TODO: define getBody() to enable low-level HTTP/2 retries
+		err = o.updateSimple(ctx, in, nil, filePath, src.Size(), contentType, extraHeaders, o.fs.endpointURL, options...)
+		if err != nil {
+			return err
+		}
 	}
-	if o.fs.useOCMtime || o.fs.hasMD5 || o.fs.hasSHA1 {
-		opts.ExtraHeaders = map[string]string{}
+
+	// read metadata from remote
+	o.hasMetaData = false
+	return o.readMetaData(ctx)
+}
+
+func (o *Object) extraHeaders(ctx context.Context, src fs.ObjectInfo) map[string]string {
+	extraHeaders := map[string]string{}
+	if o.fs.useOCMtime || o.fs.hasOCMD5 || o.fs.hasOCSHA1 {
 		if o.fs.useOCMtime {
-			opts.ExtraHeaders["X-OC-Mtime"] = fmt.Sprintf("%d", src.ModTime(ctx).Unix())
+			extraHeaders["X-OC-Mtime"] = fmt.Sprintf("%d", src.ModTime(ctx).Unix())
 		}
 		// Set one upload checksum
 		// Owncloud uses one checksum only to check the upload and stores its own SHA1 and MD5
 		// Nextcloud stores the checksum you supply (SHA1 or MD5) but only stores one
-		if o.fs.hasSHA1 {
+		if o.fs.hasOCSHA1 {
 			if sha1, _ := src.Hash(ctx, hash.SHA1); sha1 != "" {
-				opts.ExtraHeaders["OC-Checksum"] = "SHA1:" + sha1
+				extraHeaders["OC-Checksum"] = "SHA1:" + sha1
 			}
 		}
-		if o.fs.hasMD5 && opts.ExtraHeaders["OC-Checksum"] == "" {
+		if o.fs.hasOCMD5 && extraHeaders["OC-Checksum"] == "" {
 			if md5, _ := src.Hash(ctx, hash.MD5); md5 != "" {
-				opts.ExtraHeaders["OC-Checksum"] = "MD5:" + md5
+				extraHeaders["OC-Checksum"] = "MD5:" + md5
 			}
 		}
 	}
+	return extraHeaders
+}
+
+// Standard update in one request (no chunks)
+func (o *Object) updateSimple(ctx context.Context, body io.Reader, getBody func() (io.ReadCloser, error), filePath string, size int64, contentType string, extraHeaders map[string]string, rootURL string, options ...fs.OpenOption) (err error) {
+	var resp *http.Response
+
+	if extraHeaders == nil {
+		extraHeaders = map[string]string{}
+	}
+
+	opts := rest.Opts{
+		Method:        "PUT",
+		Path:          filePath,
+		GetBody:       getBody,
+		Body:          body,
+		NoResponse:    true,
+		ContentLength: &size, // FIXME this isn't necessary with owncloud - See https://github.com/nextcloud/nextcloud-snap/issues/365
+		ContentType:   contentType,
+		Options:       options,
+		ExtraHeaders:  extraHeaders,
+		RootURL:       rootURL,
+	}
 	err = o.fs.pacer.CallNoRetry(func() (bool, error) {
 		resp, err = o.fs.srv.Call(ctx, &opts)
 		return o.fs.shouldRetry(ctx, resp, err)
@@ -1349,9 +1495,8 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
 		_ = o.Remove(ctx)
 		return err
 	}
-	// read metadata from remote
-	o.hasMetaData = false
-	return o.readMetaData(ctx)
+	return nil
+
 }
 
 // Remove an object
diff --git a/backend/webdav/webdav_test.go b/backend/webdav/webdav_test.go
index e23176afe3f6e..1949a41c60fc7 100644
--- a/backend/webdav/webdav_test.go
+++ b/backend/webdav/webdav_test.go
@@ -1,10 +1,10 @@
 // Test Webdav filesystem interface
-package webdav_test
+package webdav
 
 import (
 	"testing"
 
-	"github.com/rclone/rclone/backend/webdav"
+	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fstest"
 	"github.com/rclone/rclone/fstest/fstests"
 )
@@ -13,7 +13,10 @@ import (
 func TestIntegration(t *testing.T) {
 	fstests.Run(t, &fstests.Opt{
 		RemoteName: "TestWebdavNextcloud:",
-		NilObject:  (*webdav.Object)(nil),
+		NilObject:  (*Object)(nil),
+		ChunkedUpload: fstests.ChunkedUploadConfig{
+			MinChunkSize: 1 * fs.Mebi,
+		},
 	})
 }
 
@@ -24,7 +27,10 @@ func TestIntegration2(t *testing.T) {
 	}
 	fstests.Run(t, &fstests.Opt{
 		RemoteName: "TestWebdavOwncloud:",
-		NilObject:  (*webdav.Object)(nil),
+		NilObject:  (*Object)(nil),
+		ChunkedUpload: fstests.ChunkedUploadConfig{
+			Skip: true,
+		},
 	})
 }
 
@@ -35,7 +41,10 @@ func TestIntegration3(t *testing.T) {
 	}
 	fstests.Run(t, &fstests.Opt{
 		RemoteName: "TestWebdavRclone:",
-		NilObject:  (*webdav.Object)(nil),
+		NilObject:  (*Object)(nil),
+		ChunkedUpload: fstests.ChunkedUploadConfig{
+			Skip: true,
+		},
 	})
 }
 
@@ -46,6 +55,10 @@ func TestIntegration4(t *testing.T) {
 	}
 	fstests.Run(t, &fstests.Opt{
 		RemoteName: "TestWebdavNTLM:",
-		NilObject:  (*webdav.Object)(nil),
+		NilObject:  (*Object)(nil),
 	})
 }
+
+func (f *Fs) SetUploadChunkSize(cs fs.SizeSuffix) (fs.SizeSuffix, error) {
+	return f.setUploadChunkSize(cs)
+}
diff --git a/backend/yandex/yandex.go b/backend/yandex/yandex.go
index a643a7771265d..806c5f91595eb 100644
--- a/backend/yandex/yandex.go
+++ b/backend/yandex/yandex.go
@@ -1100,7 +1100,7 @@ func (o *Object) upload(ctx context.Context, in io.Reader, overwrite bool, mimeT
 		NoResponse:  true,
 	}
 
-	err = o.fs.pacer.Call(func() (bool, error) {
+	err = o.fs.pacer.CallNoRetry(func() (bool, error) {
 		resp, err = o.fs.srv.Call(ctx, &opts)
 		return shouldRetry(ctx, resp, err)
 	})
diff --git a/backend/zoho/zoho.go b/backend/zoho/zoho.go
index f9fc6eb6b8629..f8ea5755c8dfc 100644
--- a/backend/zoho/zoho.go
+++ b/backend/zoho/zoho.go
@@ -17,7 +17,6 @@ import (
 	"github.com/rclone/rclone/lib/encoder"
 	"github.com/rclone/rclone/lib/pacer"
 	"github.com/rclone/rclone/lib/random"
-	"github.com/rclone/rclone/lib/readers"
 
 	"github.com/rclone/rclone/backend/zoho/api"
 	"github.com/rclone/rclone/fs"
@@ -331,15 +330,6 @@ func parsePath(path string) (root string) {
 	return
 }
 
-func (f *Fs) splitPath(remote string) (directory, leaf string) {
-	directory, leaf = dircache.SplitPath(remote)
-	if f.root != "" {
-		// Adds the root folder to the path to get a full path
-		directory = path.Join(f.root, directory)
-	}
-	return
-}
-
 // readMetaDataForPath reads the metadata from the path
 func (f *Fs) readMetaDataForPath(ctx context.Context, path string) (info *api.Item, err error) {
 	// defer fs.Trace(f, "path=%q", path)("info=%+v, err=%v", &info, &err)
@@ -1178,31 +1168,8 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 	if o.id == "" {
 		return nil, errors.New("can't download - no id")
 	}
-	var start, end int64 = 0, o.size
-	partialContent := false
-	for _, option := range options {
-		switch x := option.(type) {
-		case *fs.SeekOption:
-			start = x.Offset
-			partialContent = true
-		case *fs.RangeOption:
-			if x.Start >= 0 {
-				start = x.Start
-				if x.End > 0 && x.End < o.size {
-					end = x.End + 1
-				}
-			} else {
-				// {-1, 20} should load the last 20 characters [len-20:len]
-				start = o.size - x.End
-			}
-			partialContent = true
-		default:
-			if option.Mandatory() {
-				fs.Logf(nil, "Unsupported mandatory option: %v", option)
-			}
-		}
-	}
 	var resp *http.Response
+	fs.FixRangeOption(options, o.size)
 	opts := rest.Opts{
 		Method:  "GET",
 		Path:    "/download/" + o.id,
@@ -1215,20 +1182,6 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
 	if err != nil {
 		return nil, err
 	}
-	if partialContent && resp.StatusCode == 200 {
-		if start > 0 {
-			// We need to read and discard the beginning of the data...
-			_, err = io.CopyN(io.Discard, resp.Body, start)
-			if err != nil {
-				if resp != nil {
-					_ = resp.Body.Close()
-				}
-				return nil, err
-			}
-		}
-		// ... and return a limited reader for the remaining of the data
-		return readers.NewLimitedReadCloser(resp.Body, end-start), nil
-	}
 	return resp.Body, nil
 }
 
diff --git a/bin/.ignore-emails b/bin/.ignore-emails
index b88a3e1c29f5d..14cbc62fc8089 100644
--- a/bin/.ignore-emails
+++ b/bin/.ignore-emails
@@ -6,3 +6,7 @@
 <abhi18av@users.noreply.github.com>
 <ankur0493@gmail.com>
 <agupta@egnyte.com>
+<ricci@disroot.org>
+<stoesser@yay-digital.de>
+<services+github@simjo.st>
+<seb•ɑƬ•chezwam•ɖɵʈ•org>
diff --git a/bin/cross-compile.go b/bin/cross-compile.go
index f7915d7ce2ded..f0a02336fa260 100644
--- a/bin/cross-compile.go
+++ b/bin/cross-compile.go
@@ -6,7 +6,6 @@
 package main
 
 import (
-	"encoding/json"
 	"flag"
 	"fmt"
 	"log"
@@ -21,23 +20,21 @@ import (
 	"sync"
 	"text/template"
 	"time"
-
-	"github.com/coreos/go-semver/semver"
 )
 
 var (
 	// Flags
-	debug           = flag.Bool("d", false, "Print commands instead of running them.")
-	parallel        = flag.Int("parallel", runtime.NumCPU(), "Number of commands to run in parallel.")
+	debug           = flag.Bool("d", false, "Print commands instead of running them")
+	parallel        = flag.Int("parallel", runtime.NumCPU(), "Number of commands to run in parallel")
 	copyAs          = flag.String("release", "", "Make copies of the releases with this name")
 	gitLog          = flag.String("git-log", "", "git log to include as well")
 	include         = flag.String("include", "^.*$", "os/arch regexp to include")
 	exclude         = flag.String("exclude", "^$", "os/arch regexp to exclude")
 	cgo             = flag.Bool("cgo", false, "Use cgo for the build")
-	noClean         = flag.Bool("no-clean", false, "Don't clean the build directory before running.")
+	noClean         = flag.Bool("no-clean", false, "Don't clean the build directory before running")
 	tags            = flag.String("tags", "", "Space separated list of build tags")
 	buildmode       = flag.String("buildmode", "", "Passed to go build -buildmode flag")
-	compileOnly     = flag.Bool("compile-only", false, "Just build the binary, not the zip.")
+	compileOnly     = flag.Bool("compile-only", false, "Just build the binary, not the zip")
 	extraEnv        = flag.String("env", "", "comma separated list of VAR=VALUE env vars to set")
 	macOSSDK        = flag.String("macos-sdk", "", "macOS SDK to use")
 	macOSArch       = flag.String("macos-arch", "", "macOS arch to use")
@@ -140,21 +137,21 @@ func chdir(dir string) {
 func substitute(inFile, outFile string, data interface{}) {
 	t, err := template.ParseFiles(inFile)
 	if err != nil {
-		log.Fatalf("Failed to read template file %q: %v %v", inFile, err)
+		log.Fatalf("Failed to read template file %q: %v", inFile, err)
 	}
 	out, err := os.Create(outFile)
 	if err != nil {
-		log.Fatalf("Failed to create output file %q: %v %v", outFile, err)
+		log.Fatalf("Failed to create output file %q: %v", outFile, err)
 	}
 	defer func() {
 		err := out.Close()
 		if err != nil {
-			log.Fatalf("Failed to close output file %q: %v %v", outFile, err)
+			log.Fatalf("Failed to close output file %q: %v", outFile, err)
 		}
 	}()
 	err = t.Execute(out, data)
 	if err != nil {
-		log.Fatalf("Failed to substitute template file %q: %v %v", inFile, err)
+		log.Fatalf("Failed to substitute template file %q: %v", inFile, err)
 	}
 }
 
@@ -202,101 +199,6 @@ func buildDebAndRpm(dir, version, goarch string) []string {
 	return artifacts
 }
 
-// generate system object (syso) file to be picked up by a following go build for embedding icon and version info resources into windows executable
-func buildWindowsResourceSyso(goarch string, versionTag string) string {
-	type M map[string]interface{}
-	version := strings.TrimPrefix(versionTag, "v")
-	semanticVersion := semver.New(version)
-
-	// Build json input to goversioninfo utility
-	bs, err := json.Marshal(M{
-		"FixedFileInfo": M{
-			"FileVersion": M{
-				"Major": semanticVersion.Major,
-				"Minor": semanticVersion.Minor,
-				"Patch": semanticVersion.Patch,
-			},
-			"ProductVersion": M{
-				"Major": semanticVersion.Major,
-				"Minor": semanticVersion.Minor,
-				"Patch": semanticVersion.Patch,
-			},
-		},
-		"StringFileInfo": M{
-			"CompanyName":      "https://rclone.org",
-			"ProductName":      "Rclone",
-			"FileDescription":  "Rsync for cloud storage",
-			"InternalName":     "rclone",
-			"OriginalFilename": "rclone.exe",
-			"LegalCopyright":   "The Rclone Authors",
-			"FileVersion":      version,
-			"ProductVersion":   version,
-		},
-		"IconPath": "../graphics/logo/ico/logo_symbol_color.ico",
-	})
-	if err != nil {
-		log.Printf("Failed to build version info json: %v", err)
-		return ""
-	}
-
-	// Write json to temporary file that will only be used by the goversioninfo command executed below.
-	jsonPath, err := filepath.Abs("versioninfo_windows_" + goarch + ".json") // Appending goos and goarch as suffix to avoid any race conditions
-	if err != nil {
-		log.Printf("Failed to resolve path: %v", err)
-		return ""
-	}
-	err = os.WriteFile(jsonPath, bs, 0644)
-	if err != nil {
-		log.Printf("Failed to write %s: %v", jsonPath, err)
-		return ""
-	}
-	defer func() {
-		if err := os.Remove(jsonPath); err != nil {
-			if !os.IsNotExist(err) {
-				log.Printf("Warning: Couldn't remove generated %s: %v. Please remove it manually.", jsonPath, err)
-			}
-		}
-	}()
-
-	// Execute goversioninfo utility using the json file as input.
-	// It will produce a system object (syso) file that a following go build should pick up.
-	sysoPath, err := filepath.Abs("../resource_windows_" + goarch + ".syso") // Appending goos and goarch as suffix to avoid any race conditions, and also it is recognized by go build and avoids any builds for other systems considering it
-	if err != nil {
-		log.Printf("Failed to resolve path: %v", err)
-		return ""
-	}
-	args := []string{
-		"goversioninfo",
-		"-o",
-		sysoPath,
-	}
-	if strings.Contains(goarch, "64") {
-		args = append(args, "-64") // Make the syso a 64-bit coff file
-	}
-	if strings.Contains(goarch, "arm") {
-		args = append(args, "-arm") // Make the syso an arm binary
-	}
-	args = append(args, jsonPath)
-	err = runEnv(args, nil)
-	if err != nil {
-		return ""
-	}
-
-	return sysoPath
-}
-
-// delete generated system object (syso) resource file
-func cleanupResourceSyso(sysoFilePath string) {
-	if sysoFilePath == "" {
-		return
-	}
-	if err := os.Remove(sysoFilePath); err != nil {
-		if !os.IsNotExist(err) {
-			log.Printf("Warning: Couldn't remove generated %s: %v. Please remove it manually.", sysoFilePath, err)
-		}
-	}
-}
-
 // Trip a version suffix off the arch if present
 func stripVersion(goarch string) string {
 	i := strings.Index(goarch, "-")
@@ -315,17 +217,41 @@ func runOut(command ...string) string {
 	return strings.TrimSpace(string(out))
 }
 
+// Generate Windows resource system object file (.syso), which can be picked
+// up by the following go build for embedding version information and icon
+// resources into the executable.
+func generateResourceWindows(version, arch string) func() {
+	sysoPath := fmt.Sprintf("../resource_windows_%s.syso", arch) // Use explicit destination filename, even though it should be same as default, so that we are sure we have the correct reference to it
+	if err := os.Remove(sysoPath); !os.IsNotExist(err) {
+		// Note: This one we choose to treat as fatal, to avoid any risk of picking up an old .syso file without noticing.
+		log.Fatalf("Failed to remove existing Windows %s resource system object file %s: %v", arch, sysoPath, err)
+	}
+	args := []string{"go", "run", "../bin/resource_windows.go", "-arch", arch, "-version", version, "-syso", sysoPath}
+	if err := runEnv(args, nil); err != nil {
+		log.Printf("Warning: Couldn't generate Windows %s resource system object file, binaries will not have version information or icon embedded", arch)
+		return nil
+	}
+	if _, err := os.Stat(sysoPath); err != nil {
+		log.Printf("Warning: Couldn't find generated Windows %s resource system object file, binaries will not have version information or icon embedded", arch)
+		return nil
+	}
+	return func() {
+		if err := os.Remove(sysoPath); err != nil && !os.IsNotExist(err) {
+			log.Printf("Warning: Couldn't remove generated Windows %s resource system object file %s: %v. Please remove it manually.", arch, sysoPath, err)
+		}
+	}
+}
+
 // build the binary in dir returning success or failure
 func compileArch(version, goos, goarch, dir string) bool {
 	log.Printf("Compiling %s/%s into %s", goos, goarch, dir)
+	goarchBase := stripVersion(goarch)
 	output := filepath.Join(dir, "rclone")
 	if goos == "windows" {
 		output += ".exe"
-		sysoPath := buildWindowsResourceSyso(goarch, version)
-		if sysoPath == "" {
-			log.Printf("Warning: Windows binaries will not have file information embedded")
+		if cleanupFn := generateResourceWindows(version, goarchBase); cleanupFn != nil {
+			defer cleanupFn()
 		}
-		defer cleanupResourceSyso(sysoPath)
 	}
 	err := os.MkdirAll(dir, 0777)
 	if err != nil {
@@ -348,7 +274,7 @@ func compileArch(version, goos, goarch, dir string) bool {
 	)
 	env := []string{
 		"GOOS=" + goos,
-		"GOARCH=" + stripVersion(goarch),
+		"GOARCH=" + goarchBase,
 	}
 	if *extraEnv != "" {
 		env = append(env, strings.Split(*extraEnv, ",")...)
diff --git a/bin/make_manual.py b/bin/make_manual.py
index 4fa6fe59e5e84..94d3da215cf7f 100755
--- a/bin/make_manual.py
+++ b/bin/make_manual.py
@@ -25,6 +25,7 @@
     "flags.md",
     "docker.md",
     "bisync.md",
+    "release_signing.md",
 
     # Keep these alphabetical by full name
     "fichier.md",
@@ -49,23 +50,30 @@
     "hdfs.md",
     "hidrive.md",
     "http.md",
+    "imagekit.md",
     "internetarchive.md",
     "jottacloud.md",
     "koofr.md",
+    "linkbox.md",
     "mailru.md",
     "mega.md",
     "memory.md",
     "netstorage.md",
     "azureblob.md",
+    "azurefiles.md",
     "onedrive.md",
     "opendrive.md",
     "oracleobjectstorage.md",
     "qingstor.md",
+    "quatrix.md",
     "sia.md",
     "swift.md",
     "pcloud.md",
+    "pikpak.md",
     "premiumizeme.md",
+    "protondrive.md",
     "putio.md",
+    "protondrive.md",
     "seafile.md",
     "sftp.md",
     "smb.md",
@@ -113,7 +121,7 @@
 ignore_docs = [
     "downloads.md",
     "privacy.md",
-    "donate.md",
+    "sponsor.md",
 ]
 
 def read_doc(doc):
diff --git a/bin/resource_windows.go b/bin/resource_windows.go
new file mode 100644
index 0000000000000..2f74ad36342d0
--- /dev/null
+++ b/bin/resource_windows.go
@@ -0,0 +1,122 @@
+// Utility program to generate Rclone-specific Windows resource system object
+// file (.syso), that can be picked up by a following go build for embedding
+// version information and icon resources into a rclone binary.
+//
+// Run it with "go generate", or "go run" to be able to customize with
+// command-line flags. Note that this program is intended to be run directly
+// from its original location in the source tree: Default paths are absolute
+// within the current source tree, which is convenient because it makes it
+// oblivious to the working directory, and it gives identical result whether
+// run by "go generate" or "go run", but it will not make sense if this
+// program's source is moved out from the source tree.
+//
+// Can be used for rclone.exe (default), and other binaries such as
+// librclone.dll (must be specified with flag -binary).
+//
+
+//go:generate go run resource_windows.go
+//go:build tools
+// +build tools
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"path"
+	"runtime"
+	"strings"
+
+	"github.com/coreos/go-semver/semver"
+	"github.com/josephspurrier/goversioninfo"
+	"github.com/rclone/rclone/fs"
+)
+
+func main() {
+	// Get path of directory containing the current source file to use for absolute path references within the code tree (as described above)
+	projectDir := ""
+	_, sourceFile, _, ok := runtime.Caller(0)
+	if ok {
+		projectDir = path.Dir(path.Dir(sourceFile)) // Root of the current project working directory
+	}
+
+	// Define flags
+	binary := flag.String("binary", "rclone.exe", `The name of the binary to generate resource for, e.g. "rclone.exe" or "librclone.dll"`)
+	arch := flag.String("arch", runtime.GOARCH, `Architecture of resource file, or the target GOARCH, "386", "amd64", "arm", or "arm64"`)
+	version := flag.String("version", fs.Version, "Version number or tag name")
+	icon := flag.String("icon", path.Join(projectDir, "graphics/logo/ico/logo_symbol_color.ico"), "Path to icon file to embed in an .exe binary")
+	dir := flag.String("dir", projectDir, "Path to output directory where to write the resulting system object file (.syso), with a default name according to -arch (resource_windows_<arch>.syso), only considered if not -syso is specified")
+	syso := flag.String("syso", "", "Path to output resource system object file (.syso) to be created/overwritten, ignores -dir")
+
+	// Parse command-line flags
+	flag.Parse()
+
+	// Handle default value for -file which depends on optional -dir and -arch
+	if *syso == "" {
+		// Use default filename, which includes target GOOS (hardcoded "windows")
+		// and GOARCH (from argument -arch) as suffix, to avoid any race conditions,
+		// and also this will be recognized by go build when it is consuming the
+		// .syso file and will only be used for builds with matching os/arch.
+		*syso = path.Join(*dir, fmt.Sprintf("resource_windows_%s.syso", *arch))
+	}
+
+	// Parse version/tag string argument as a SemVer
+	stringVersion := strings.TrimPrefix(*version, "v")
+	semanticVersion, err := semver.NewVersion(stringVersion)
+	if err != nil {
+		log.Fatalf("Invalid version number: %v", err)
+	}
+
+	// Extract binary extension
+	binaryExt := path.Ext(*binary)
+
+	// Create the version info configuration container
+	vi := &goversioninfo.VersionInfo{}
+
+	// FixedFileInfo
+	vi.FixedFileInfo.FileOS = "040004" // VOS_NT_WINDOWS32
+	if strings.EqualFold(binaryExt, ".exe") {
+		vi.FixedFileInfo.FileType = "01" // VFT_APP
+	} else if strings.EqualFold(binaryExt, ".dll") {
+		vi.FixedFileInfo.FileType = "02" // VFT_DLL
+	} else {
+		log.Fatalf("Specified binary must have extension .exe or .dll")
+	}
+	// FixedFileInfo.FileVersion
+	vi.FixedFileInfo.FileVersion.Major = int(semanticVersion.Major)
+	vi.FixedFileInfo.FileVersion.Minor = int(semanticVersion.Minor)
+	vi.FixedFileInfo.FileVersion.Patch = int(semanticVersion.Patch)
+	vi.FixedFileInfo.FileVersion.Build = 0
+	// FixedFileInfo.ProductVersion
+	vi.FixedFileInfo.ProductVersion.Major = int(semanticVersion.Major)
+	vi.FixedFileInfo.ProductVersion.Minor = int(semanticVersion.Minor)
+	vi.FixedFileInfo.ProductVersion.Patch = int(semanticVersion.Patch)
+	vi.FixedFileInfo.ProductVersion.Build = 0
+
+	// StringFileInfo
+	vi.StringFileInfo.CompanyName = "https://rclone.org"
+	vi.StringFileInfo.ProductName = "Rclone"
+	vi.StringFileInfo.FileDescription = "Rclone"
+	vi.StringFileInfo.InternalName = (*binary)[:len(*binary)-len(binaryExt)]
+	vi.StringFileInfo.OriginalFilename = *binary
+	vi.StringFileInfo.LegalCopyright = "The Rclone Authors"
+	vi.StringFileInfo.FileVersion = stringVersion
+	vi.StringFileInfo.ProductVersion = stringVersion
+
+	// Icon (only relevant for .exe, not .dll)
+	if *icon != "" && strings.EqualFold(binaryExt, ".exe") {
+		vi.IconPath = *icon
+	}
+
+	// Build native structures from the configuration data
+	vi.Build()
+
+	// Write the native structures as binary data to a buffer
+	vi.Walk()
+
+	// Write the binary data buffer to file
+	if err := vi.WriteSyso(*syso, *arch); err != nil {
+		log.Fatalf(`Failed to generate Windows %s resource system object file for %v with path "%v": %v`, *arch, *binary, *syso, err)
+	}
+}
diff --git a/bin/test_metadata_mapper.py b/bin/test_metadata_mapper.py
new file mode 100755
index 0000000000000..6a99ee49a8aa2
--- /dev/null
+++ b/bin/test_metadata_mapper.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+"""
+A demo metadata mapper
+"""
+
+import sys
+import json
+
+def main():
+    i = json.load(sys.stdin)
+    # Add tag to description
+    metadata = i["Metadata"]
+    if "description" in metadata:
+        metadata["description"] += " [migrated from domain1]"
+    else:
+        metadata["description"] = "[migrated from domain1]"
+    # Modify owner
+    if "owner" in metadata:
+        metadata["owner"] = metadata["owner"].replace("domain1.com", "domain2.com")
+    o = { "Metadata": metadata }
+    json.dump(o, sys.stdout, indent="\t")
+
+if __name__ == "__main__":
+    main()
diff --git a/bin/update-authors.py b/bin/update-authors.py
index effedb091dc20..b422c16a6da6e 100755
--- a/bin/update-authors.py
+++ b/bin/update-authors.py
@@ -27,6 +27,7 @@ def add_email(name, email):
     subprocess.check_call(["git", "commit", "-m", "Add %s to contributors" % name, AUTHORS])
     
 def main():
+    # Add emails from authors
     out = subprocess.check_output(["git", "log", '--reverse', '--format=%an|%ae', "master"])
     out = out.decode("utf-8")
 
@@ -43,5 +44,23 @@ def main():
         previous.add(email)
         add_email(name, email)
 
+    # Add emails from Co-authored-by: lines
+    out = subprocess.check_output(["git", "log", '-i', '--grep', 'Co-authored-by:', "master"])
+    out = out.decode("utf-8")
+    co_authored_by = re.compile(r"(?i)Co-authored-by:\s+(.*?)\s+<([^>]+)>$")
+
+    for line in out.split("\n"):
+        line = line.strip()
+        m = co_authored_by.search(line)
+        if not m:
+            continue
+        name, email = m.group(1), m.group(2)
+        name = name.strip()
+        email = email.strip()
+        if email in previous:
+            continue
+        previous.add(email)
+        add_email(name, email)
+
 if __name__ == "__main__":
     main()
diff --git a/cmd/about/about.go b/cmd/about/about.go
index 6d3afc91de882..611cd5cbc6009 100644
--- a/cmd/about/about.go
+++ b/cmd/about/about.go
@@ -22,8 +22,8 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &jsonOutput, "json", "", false, "Format output as JSON")
-	flags.BoolVarP(cmdFlags, &fullOutput, "full", "", false, "Full numbers instead of human-readable")
+	flags.BoolVarP(cmdFlags, &jsonOutput, "json", "", false, "Format output as JSON", "")
+	flags.BoolVarP(cmdFlags, &fullOutput, "full", "", false, "Full numbers instead of human-readable", "")
 }
 
 // printValue formats uv to be output
@@ -95,6 +95,7 @@ see complete list in [documentation](https://rclone.org/overview/#optional-featu
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.41",
+		// "groups":            "",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/all/all.go b/cmd/all/all.go
index 569d1821ea1b5..5fb87ed16317c 100644
--- a/cmd/all/all.go
+++ b/cmd/all/all.go
@@ -40,6 +40,7 @@ import (
 	_ "github.com/rclone/rclone/cmd/move"
 	_ "github.com/rclone/rclone/cmd/moveto"
 	_ "github.com/rclone/rclone/cmd/ncdu"
+	_ "github.com/rclone/rclone/cmd/nfsmount"
 	_ "github.com/rclone/rclone/cmd/obscure"
 	_ "github.com/rclone/rclone/cmd/purge"
 	_ "github.com/rclone/rclone/cmd/rc"
diff --git a/cmd/authorize/authorize.go b/cmd/authorize/authorize.go
index 5d946880accc0..1804485c1d81b 100644
--- a/cmd/authorize/authorize.go
+++ b/cmd/authorize/authorize.go
@@ -18,8 +18,8 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &noAutoBrowser, "auth-no-open-browser", "", false, "Do not automatically open auth link in default browser")
-	flags.StringVarP(cmdFlags, &template, "template", "", "", "The path to a custom Go template for generating HTML responses")
+	flags.BoolVarP(cmdFlags, &noAutoBrowser, "auth-no-open-browser", "", false, "Do not automatically open auth link in default browser", "")
+	flags.StringVarP(cmdFlags, &template, "template", "", "", "The path to a custom Go template for generating HTML responses", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -36,6 +36,7 @@ link in default browser automatically.
 Use --template to generate HTML output via a custom Go template. If a blank string is provided as an argument to this flag, the default template is used.`,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.27",
+		// "groups":            "",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(1, 3, command, args)
diff --git a/cmd/backend/backend.go b/cmd/backend/backend.go
index 67d499923698e..3de8fa6f0e9d6 100644
--- a/cmd/backend/backend.go
+++ b/cmd/backend/backend.go
@@ -24,8 +24,8 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.StringArrayVarP(cmdFlags, &options, "option", "o", options, "Option in the form name=value or name")
-	flags.BoolVarP(cmdFlags, &useJSON, "json", "", useJSON, "Always output in JSON format")
+	flags.StringArrayVarP(cmdFlags, &options, "option", "o", options, "Option in the form name=value or name", "")
+	flags.BoolVarP(cmdFlags, &useJSON, "json", "", useJSON, "Always output in JSON format", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -60,6 +60,7 @@ Note to run these commands on a running backend then see
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.52",
+		"groups":            "Important",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(2, 1e6, command, args)
@@ -98,8 +99,14 @@ Note to run these commands on a running backend then see
 				out, err = doCommand(context.Background(), name, arg, opt)
 			}
 			if err != nil {
+				if err == fs.ErrorCommandNotFound {
+					extra := ""
+					if f.Features().Overlay {
+						extra = " (try the underlying remote)"
+					}
+					return fmt.Errorf("%q %w%s", name, err, extra)
+				}
 				return fmt.Errorf("command %q failed: %w", name, err)
-
 			}
 			// Output the result
 			writeJSON := false
diff --git a/cmd/bisync/bisync_test.go b/cmd/bisync/bisync_test.go
index 11299f012e686..55e98a19eaad8 100644
--- a/cmd/bisync/bisync_test.go
+++ b/cmd/bisync/bisync_test.go
@@ -614,6 +614,8 @@ func (b *bisyncTest) runBisync(ctx context.Context, args []string) (err error) {
 			opt.DryRun = true
 		case "force":
 			opt.Force = true
+		case "create-empty-src-dirs":
+			opt.CreateEmptySrcDirs = true
 		case "remove-empty-dirs":
 			opt.RemoveEmptyDirs = true
 		case "check-sync-only":
@@ -824,8 +826,9 @@ func touchFiles(ctx context.Context, dateStr string, f fs.Fs, dir, glob string)
 			err = nil
 			buf := new(bytes.Buffer)
 			size := obj.Size()
+			separator := ""
 			if size > 0 {
-				err = operations.Cat(ctx, f, buf, 0, size)
+				err = operations.Cat(ctx, f, buf, 0, size, []byte(separator))
 			}
 			info := object.NewStaticObjectInfo(remote, date, size, true, nil, f)
 			if err == nil {
@@ -1162,6 +1165,10 @@ func (b *bisyncTest) newReplacer(mangle bool) *strings.Replacer {
 		b.workDir + slash, "{workdir/}",
 		b.path1, "{path1/}",
 		b.path2, "{path2/}",
+		"//?/" + strings.TrimSuffix(strings.Replace(b.path1, slash, "/", -1), "/"), "{path1}", // fix windows-specific issue
+		"//?/" + strings.TrimSuffix(strings.Replace(b.path2, slash, "/", -1), "/"), "{path2}",
+		strings.TrimSuffix(b.path1, slash), "{path1}", // ensure it's still recognized without trailing slash
+		strings.TrimSuffix(b.path2, slash), "{path2}",
 		b.sessionName, "{session}",
 	}
 	if fixSlash {
diff --git a/cmd/bisync/cmd.go b/cmd/bisync/cmd.go
index 6f7c8fc151634..1a48660354188 100644
--- a/cmd/bisync/cmd.go
+++ b/cmd/bisync/cmd.go
@@ -27,18 +27,21 @@ import (
 
 // Options keep bisync options
 type Options struct {
-	Resync          bool
-	CheckAccess     bool
-	CheckFilename   string
-	CheckSync       CheckSyncMode
-	RemoveEmptyDirs bool
-	MaxDelete       int // percentage from 0 to 100
-	Force           bool
-	FiltersFile     string
-	Workdir         string
-	DryRun          bool
-	NoCleanup       bool
-	SaveQueues      bool // save extra debugging files (test only flag)
+	Resync                bool
+	CheckAccess           bool
+	CheckFilename         string
+	CheckSync             CheckSyncMode
+	CreateEmptySrcDirs    bool
+	RemoveEmptyDirs       bool
+	MaxDelete             int // percentage from 0 to 100
+	Force                 bool
+	FiltersFile           string
+	Workdir               string
+	DryRun                bool
+	NoCleanup             bool
+	SaveQueues            bool // save extra debugging files (test only flag)
+	IgnoreListingChecksum bool
+	Resilient             bool
 }
 
 // Default values
@@ -98,16 +101,19 @@ var Opt Options
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &Opt.Resync, "resync", "1", Opt.Resync, "Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.")
-	flags.BoolVarP(cmdFlags, &Opt.CheckAccess, "check-access", "", Opt.CheckAccess, makeHelp("Ensure expected {CHECKFILE} files are found on both Path1 and Path2 filesystems, else abort."))
-	flags.StringVarP(cmdFlags, &Opt.CheckFilename, "check-filename", "", Opt.CheckFilename, makeHelp("Filename for --check-access (default: {CHECKFILE})"))
-	flags.BoolVarP(cmdFlags, &Opt.Force, "force", "", Opt.Force, "Bypass --max-delete safety check and run the sync. Consider using with --verbose")
-	flags.FVarP(cmdFlags, &Opt.CheckSync, "check-sync", "", "Controls comparison of final listings: true|false|only (default: true)")
-	flags.BoolVarP(cmdFlags, &Opt.RemoveEmptyDirs, "remove-empty-dirs", "", Opt.RemoveEmptyDirs, "Remove empty directories at the final cleanup step.")
-	flags.StringVarP(cmdFlags, &Opt.FiltersFile, "filters-file", "", Opt.FiltersFile, "Read filtering patterns from a file")
-	flags.StringVarP(cmdFlags, &Opt.Workdir, "workdir", "", Opt.Workdir, makeHelp("Use custom working dir - useful for testing. (default: {WORKDIR})"))
-	flags.BoolVarP(cmdFlags, &tzLocal, "localtime", "", tzLocal, "Use local time in listings (default: UTC)")
-	flags.BoolVarP(cmdFlags, &Opt.NoCleanup, "no-cleanup", "", Opt.NoCleanup, "Retain working files (useful for troubleshooting and testing).")
+	flags.BoolVarP(cmdFlags, &Opt.Resync, "resync", "1", Opt.Resync, "Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.", "")
+	flags.BoolVarP(cmdFlags, &Opt.CheckAccess, "check-access", "", Opt.CheckAccess, makeHelp("Ensure expected {CHECKFILE} files are found on both Path1 and Path2 filesystems, else abort."), "")
+	flags.StringVarP(cmdFlags, &Opt.CheckFilename, "check-filename", "", Opt.CheckFilename, makeHelp("Filename for --check-access (default: {CHECKFILE})"), "")
+	flags.BoolVarP(cmdFlags, &Opt.Force, "force", "", Opt.Force, "Bypass --max-delete safety check and run the sync. Consider using with --verbose", "")
+	flags.FVarP(cmdFlags, &Opt.CheckSync, "check-sync", "", "Controls comparison of final listings: true|false|only (default: true)", "")
+	flags.BoolVarP(cmdFlags, &Opt.CreateEmptySrcDirs, "create-empty-src-dirs", "", Opt.CreateEmptySrcDirs, "Sync creation and deletion of empty directories. (Not compatible with --remove-empty-dirs)", "")
+	flags.BoolVarP(cmdFlags, &Opt.RemoveEmptyDirs, "remove-empty-dirs", "", Opt.RemoveEmptyDirs, "Remove ALL empty directories at the final cleanup step.", "")
+	flags.StringVarP(cmdFlags, &Opt.FiltersFile, "filters-file", "", Opt.FiltersFile, "Read filtering patterns from a file", "")
+	flags.StringVarP(cmdFlags, &Opt.Workdir, "workdir", "", Opt.Workdir, makeHelp("Use custom working dir - useful for testing. (default: {WORKDIR})"), "")
+	flags.BoolVarP(cmdFlags, &tzLocal, "localtime", "", tzLocal, "Use local time in listings (default: UTC)", "")
+	flags.BoolVarP(cmdFlags, &Opt.NoCleanup, "no-cleanup", "", Opt.NoCleanup, "Retain working files (useful for troubleshooting and testing).", "")
+	flags.BoolVarP(cmdFlags, &Opt.IgnoreListingChecksum, "ignore-listing-checksum", "", Opt.IgnoreListingChecksum, "Do not use checksums for listings (add --ignore-checksum to additionally skip post-copy checksum checks)", "")
+	flags.BoolVarP(cmdFlags, &Opt.Resilient, "resilient", "", Opt.Resilient, "Allow future runs to retry after certain less-serious errors, instead of requiring --resync. Use at your own risk!", "")
 }
 
 // bisync command definition
@@ -117,6 +123,7 @@ var commandDefinition = &cobra.Command{
 	Long:  longHelp,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.58",
+		"groups":            "Filter,Copy,Important",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(2, 2, command, args)
@@ -128,7 +135,6 @@ var commandDefinition = &cobra.Command{
 		ctx := context.Background()
 		opt := Opt
 		opt.applyContext(ctx)
-
 		if tzLocal {
 			TZ = time.Local
 		}
@@ -210,9 +216,13 @@ func (opt *Options) applyFilters(ctx context.Context) (context.Context, error) {
 	}
 
 	if opt.Resync {
-		fs.Infof(nil, "Storing filters file hash to %s", hashFile)
-		if err := os.WriteFile(hashFile, []byte(gotHash), bilib.PermSecure); err != nil {
-			return ctx, err
+		if opt.DryRun {
+			fs.Infof(nil, "Skipped storing filters file hash to %s as --dry-run is set", hashFile)
+		} else {
+			fs.Infof(nil, "Storing filters file hash to %s", hashFile)
+			if err := os.WriteFile(hashFile, []byte(gotHash), bilib.PermSecure); err != nil {
+				return ctx, err
+			}
 		}
 	}
 
diff --git a/cmd/bisync/deltas.go b/cmd/bisync/deltas.go
index d1dee1a1d1bf4..ccd43edbe7fc9 100644
--- a/cmd/bisync/deltas.go
+++ b/cmd/bisync/deltas.go
@@ -3,13 +3,18 @@
 package bisync
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"path/filepath"
 	"sort"
+	"strings"
 
 	"github.com/rclone/rclone/cmd/bisync/bilib"
+	"github.com/rclone/rclone/cmd/check"
 	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/fs/filter"
 	"github.com/rclone/rclone/fs/operations"
 )
 
@@ -90,6 +95,47 @@ func (ds *deltaSet) printStats() {
 		ds.msg, nAll, nNew, nNewer, nOlder, nDeleted)
 }
 
+// check potential conflicts (to avoid renaming if already identical)
+func (b *bisyncRun) checkconflicts(ctxCheck context.Context, filterCheck *filter.Filter, fs1, fs2 fs.Fs) (bilib.Names, error) {
+	matches := bilib.Names{}
+	if filterCheck.HaveFilesFrom() {
+		fs.Debugf(nil, "There are potential conflicts to check.")
+
+		opt, close, checkopterr := check.GetCheckOpt(b.fs1, b.fs2)
+		if checkopterr != nil {
+			b.critical = true
+			b.retryable = true
+			fs.Debugf(nil, "GetCheckOpt error: %v", checkopterr)
+			return matches, checkopterr
+		}
+		defer close()
+
+		opt.Match = new(bytes.Buffer)
+
+		// TODO: consider using custom CheckFn to act like cryptcheck, if either fs is a crypt remote and -c has been passed
+		// note that cryptCheck() is not currently exported
+
+		fs.Infof(nil, "Checking potential conflicts...")
+		check := operations.Check(ctxCheck, opt)
+		fs.Infof(nil, "Finished checking the potential conflicts. %s", check)
+
+		//reset error count, because we don't want to count check errors as bisync errors
+		accounting.Stats(ctxCheck).ResetErrors()
+
+		//return the list of identical files to check against later
+		if len(fmt.Sprint(opt.Match)) > 0 {
+			matches = bilib.ToNames(strings.Split(fmt.Sprint(opt.Match), "\n"))
+		}
+		if matches.NotEmpty() {
+			fs.Debugf(nil, "The following potential conflicts were determined to be identical. %v", matches)
+		} else {
+			fs.Debugf(nil, "None of the conflicts were determined to be identical.")
+		}
+
+	}
+	return matches, nil
+}
+
 // findDeltas
 func (b *bisyncRun) findDeltas(fctx context.Context, f fs.Fs, oldListing, newListing, msg string) (ds *deltaSet, err error) {
 	var old, now *fileList
@@ -183,6 +229,52 @@ func (b *bisyncRun) applyDeltas(ctx context.Context, ds1, ds2 *deltaSet) (change
 
 	ctxMove := b.opt.setDryRun(ctx)
 
+	// efficient isDir check
+	// we load the listing just once and store only the dirs
+	dirs1, dirs1Err := b.listDirsOnly(1)
+	if dirs1Err != nil {
+		b.critical = true
+		b.retryable = true
+		fs.Debugf(nil, "Error generating dirsonly list for path1: %v", dirs1Err)
+		return
+	}
+
+	dirs2, dirs2Err := b.listDirsOnly(2)
+	if dirs2Err != nil {
+		b.critical = true
+		b.retryable = true
+		fs.Debugf(nil, "Error generating dirsonly list for path2: %v", dirs2Err)
+		return
+	}
+
+	// build a list of only the "deltaOther"s so we don't have to check more files than necessary
+	// this is essentially the same as running rclone check with a --files-from filter, then exempting the --match results from being renamed
+	// we therefore avoid having to list the same directory more than once.
+
+	// we are intentionally overriding DryRun here because we need to perform the check, even during a dry run, or the results would be inaccurate.
+	// check is a read-only operation by its nature, so it's already "dry" in that sense.
+	ctxNew, ciCheck := fs.AddConfig(ctx)
+	ciCheck.DryRun = false
+
+	ctxCheck, filterCheck := filter.AddConfig(ctxNew)
+
+	for _, file := range ds1.sort() {
+		d1 := ds1.deltas[file]
+		if d1.is(deltaOther) {
+			d2 := ds2.deltas[file]
+			if d2.is(deltaOther) {
+				if err := filterCheck.AddFile(file); err != nil {
+					fs.Debugf(nil, "Non-critical error adding file to list of potential conflicts to check: %s", err)
+				} else {
+					fs.Debugf(nil, "Added file to list of potential conflicts to check: %s", file)
+				}
+			}
+		}
+	}
+
+	//if there are potential conflicts to check, check them all here (outside the loop) in one fell swoop
+	matches, err := b.checkconflicts(ctxCheck, filterCheck, b.fs1, b.fs2)
+
 	for _, file := range ds1.sort() {
 		p1 := path1 + file
 		p2 := path2 + file
@@ -199,22 +291,34 @@ func (b *bisyncRun) applyDeltas(ctx context.Context, ds1, ds2 *deltaSet) (change
 				handled.Add(file)
 			} else if d2.is(deltaOther) {
 				b.indent("!WARNING", file, "New or changed in both paths")
-				b.indent("!Path1", p1+"..path1", "Renaming Path1 copy")
-				if err = operations.MoveFile(ctxMove, b.fs1, b.fs1, file+"..path1", file); err != nil {
-					err = fmt.Errorf("path1 rename failed for %s: %w", p1, err)
-					b.critical = true
-					return
-				}
-				b.indent("!Path1", p2+"..path1", "Queue copy to Path2")
-				copy1to2.Add(file + "..path1")
 
-				b.indent("!Path2", p2+"..path2", "Renaming Path2 copy")
-				if err = operations.MoveFile(ctxMove, b.fs2, b.fs2, file+"..path2", file); err != nil {
-					err = fmt.Errorf("path2 rename failed for %s: %w", file, err)
-					return
+				//if files are identical, leave them alone instead of renaming
+				if dirs1.has(file) && dirs2.has(file) {
+					fs.Debugf(nil, "This is a directory, not a file. Skipping equality check and will not rename: %s", file)
+				} else {
+					equal := matches.Has(file)
+					if equal {
+						fs.Infof(nil, "Files are equal! Skipping: %s", file)
+					} else {
+						fs.Debugf(nil, "Files are NOT equal: %s", file)
+						b.indent("!Path1", p1+"..path1", "Renaming Path1 copy")
+						if err = operations.MoveFile(ctxMove, b.fs1, b.fs1, file+"..path1", file); err != nil {
+							err = fmt.Errorf("path1 rename failed for %s: %w", p1, err)
+							b.critical = true
+							return
+						}
+						b.indent("!Path1", p2+"..path1", "Queue copy to Path2")
+						copy1to2.Add(file + "..path1")
+
+						b.indent("!Path2", p2+"..path2", "Renaming Path2 copy")
+						if err = operations.MoveFile(ctxMove, b.fs2, b.fs2, file+"..path2", file); err != nil {
+							err = fmt.Errorf("path2 rename failed for %s: %w", file, err)
+							return
+						}
+						b.indent("!Path2", p1+"..path2", "Queue copy to Path1")
+						copy2to1.Add(file + "..path2")
+					}
 				}
-				b.indent("!Path2", p1+"..path2", "Queue copy to Path1")
-				copy2to1.Add(file + "..path2")
 				handled.Add(file)
 			}
 		} else {
@@ -258,6 +362,9 @@ func (b *bisyncRun) applyDeltas(ctx context.Context, ds1, ds2 *deltaSet) (change
 		if err != nil {
 			return
 		}
+
+		//copy empty dirs from path2 to path1 (if --create-empty-src-dirs)
+		b.syncEmptyDirs(ctx, b.fs1, copy2to1, dirs2, "make")
 	}
 
 	if copy1to2.NotEmpty() {
@@ -267,6 +374,9 @@ func (b *bisyncRun) applyDeltas(ctx context.Context, ds1, ds2 *deltaSet) (change
 		if err != nil {
 			return
 		}
+
+		//copy empty dirs from path1 to path2 (if --create-empty-src-dirs)
+		b.syncEmptyDirs(ctx, b.fs2, copy1to2, dirs1, "make")
 	}
 
 	if delete1.NotEmpty() {
@@ -276,6 +386,9 @@ func (b *bisyncRun) applyDeltas(ctx context.Context, ds1, ds2 *deltaSet) (change
 		if err != nil {
 			return
 		}
+
+		//propagate deletions of empty dirs from path2 to path1 (if --create-empty-src-dirs)
+		b.syncEmptyDirs(ctx, b.fs1, delete1, dirs1, "remove")
 	}
 
 	if delete2.NotEmpty() {
@@ -285,6 +398,9 @@ func (b *bisyncRun) applyDeltas(ctx context.Context, ds1, ds2 *deltaSet) (change
 		if err != nil {
 			return
 		}
+
+		//propagate deletions of empty dirs from path1 to path2 (if --create-empty-src-dirs)
+		b.syncEmptyDirs(ctx, b.fs2, delete2, dirs2, "remove")
 	}
 
 	return
diff --git a/cmd/bisync/help.go b/cmd/bisync/help.go
index 14e6f78663d31..84e78ab9d9b37 100644
--- a/cmd/bisync/help.go
+++ b/cmd/bisync/help.go
@@ -27,11 +27,16 @@ var rcHelp = makeHelp(`This takes the following parameters
 - checkFilename - file name for checkAccess (default: {CHECKFILE})
 - maxDelete - abort sync if percentage of deleted files is above
   this threshold (default: {MAXDELETE})
-- force - maxDelete safety check and run the sync
+- force - Bypass maxDelete safety check and run the sync
 - checkSync - |true| by default, |false| disables comparison of final listings,
               |only| will skip sync, only compare listings from the last run
+- createEmptySrcDirs - Sync creation and deletion of empty directories. 
+			  (Not compatible with --remove-empty-dirs)
 - removeEmptyDirs - remove empty directories at the final cleanup step
 - filtersFile - read filtering patterns from a file
+- ignoreListingChecksum - Do not use checksums for listings
+- resilient - Allow future runs to retry after certain less-serious errors, instead of requiring resync. 
+            Use at your own risk!
 - workdir - server directory for history files (default: {WORKDIR})
 - noCleanup - retain working files
 
diff --git a/cmd/bisync/listing.go b/cmd/bisync/listing.go
index 066b927e81843..b2edb7ec948f2 100644
--- a/cmd/bisync/listing.go
+++ b/cmd/bisync/listing.go
@@ -43,10 +43,11 @@ var tzLocal = false
 
 // fileInfo describes a file
 type fileInfo struct {
-	size int64
-	time time.Time
-	hash string
-	id   string
+	size  int64
+	time  time.Time
+	hash  string
+	id    string
+	flags string
 }
 
 // fileList represents a listing
@@ -76,17 +77,18 @@ func (ls *fileList) get(file string) *fileInfo {
 	return ls.info[file]
 }
 
-func (ls *fileList) put(file string, size int64, time time.Time, hash, id string) {
+func (ls *fileList) put(file string, size int64, time time.Time, hash, id string, flags string) {
 	fi := ls.get(file)
 	if fi != nil {
 		fi.size = size
 		fi.time = time
 	} else {
 		fi = &fileInfo{
-			size: size,
-			time: time,
-			hash: hash,
-			id:   id,
+			size:  size,
+			time:  time,
+			hash:  hash,
+			id:    id,
+			flags: flags,
 		}
 		ls.info[file] = fi
 		ls.list = append(ls.list, file)
@@ -152,7 +154,11 @@ func (ls *fileList) save(ctx context.Context, listing string) error {
 			id = "-"
 		}
 
-		flags := "-"
+		flags := fi.flags
+		if flags == "" {
+			flags = "-"
+		}
+
 		_, err = fmt.Fprintf(file, lineFormat, flags, fi.size, hash, id, time, remote)
 		if err != nil {
 			_ = file.Close()
@@ -217,7 +223,7 @@ func (b *bisyncRun) loadListing(listing string) (*fileList, error) {
 			}
 		}
 
-		if flags != "-" || id != "-" || sizeErr != nil || timeErr != nil || hashErr != nil || nameErr != nil {
+		if (flags != "-" && flags != "d") || id != "-" || sizeErr != nil || timeErr != nil || hashErr != nil || nameErr != nil {
 			fs.Logf(listing, "Ignoring incorrect line: %q", line)
 			continue
 		}
@@ -229,7 +235,7 @@ func (b *bisyncRun) loadListing(listing string) (*fileList, error) {
 			}
 		}
 
-		ls.put(nameVal, sizeVal, timeVal.In(TZ), hashVal, id)
+		ls.put(nameVal, sizeVal, timeVal.In(TZ), hashVal, id, flags)
 	}
 
 	return ls, nil
@@ -253,15 +259,20 @@ func (b *bisyncRun) makeListing(ctx context.Context, f fs.Fs, listing string) (l
 	ci := fs.GetConfig(ctx)
 	depth := ci.MaxDepth
 	hashType := hash.None
-	if !ci.IgnoreChecksum {
-		// Currently bisync just honors --ignore-checksum
+	if !b.opt.IgnoreListingChecksum {
+		// Currently bisync just honors --ignore-listing-checksum
+		// (note that this is different from --ignore-checksum)
 		// TODO add full support for checksums and related flags
 		hashType = f.Hashes().GetOne()
 	}
 	ls = newFileList()
 	ls.hash = hashType
 	var lock sync.Mutex
-	err = walk.ListR(ctx, f, "", false, depth, walk.ListObjects, func(entries fs.DirEntries) error {
+	listType := walk.ListObjects
+	if b.opt.CreateEmptySrcDirs {
+		listType = walk.ListAll
+	}
+	err = walk.ListR(ctx, f, "", false, depth, listType, func(entries fs.DirEntries) error {
 		var firstErr error
 		entries.ForObject(func(o fs.Object) {
 			//tr := accounting.Stats(ctx).NewCheckingTransfer(o) // TODO
@@ -276,12 +287,27 @@ func (b *bisyncRun) makeListing(ctx context.Context, f fs.Fs, listing string) (l
 				}
 			}
 			time := o.ModTime(ctx).In(TZ)
-			id := "" // TODO
+			id := ""     // TODO
+			flags := "-" // "-" for a file and "d" for a directory
 			lock.Lock()
-			ls.put(o.Remote(), o.Size(), time, hashVal, id)
+			ls.put(o.Remote(), o.Size(), time, hashVal, id, flags)
 			lock.Unlock()
 			//tr.Done(ctx, nil) // TODO
 		})
+		if b.opt.CreateEmptySrcDirs {
+			entries.ForDir(func(o fs.Directory) {
+				var (
+					hashVal string
+				)
+				time := o.ModTime(ctx).In(TZ)
+				id := ""     // TODO
+				flags := "d" // "-" for a file and "d" for a directory
+				lock.Lock()
+				//record size as 0 instead of -1, so bisync doesn't think it's a google doc
+				ls.put(o.Remote(), 0, time, hashVal, id, flags)
+				lock.Unlock()
+			})
+		}
 		return firstErr
 	})
 	if err == nil {
@@ -300,5 +326,53 @@ func (b *bisyncRun) checkListing(ls *fileList, listing, msg string) error {
 	}
 	fs.Errorf(nil, "Empty %s listing. Cannot sync to an empty directory: %s", msg, listing)
 	b.critical = true
+	b.retryable = true
 	return fmt.Errorf("empty %s listing: %s", msg, listing)
 }
+
+// listingNum should be 1 for path1 or 2 for path2
+func (b *bisyncRun) loadListingNum(listingNum int) (*fileList, error) {
+	listingpath := b.basePath + ".path1.lst-new"
+	if listingNum == 2 {
+		listingpath = b.basePath + ".path2.lst-new"
+	}
+
+	if b.opt.DryRun {
+		listingpath = strings.Replace(listingpath, ".lst-", ".lst-dry-", 1)
+	}
+
+	fs.Debugf(nil, "loading listing for path %d at: %s", listingNum, listingpath)
+	return b.loadListing(listingpath)
+}
+
+func (b *bisyncRun) listDirsOnly(listingNum int) (*fileList, error) {
+	var fulllisting *fileList
+	var dirsonly = newFileList()
+	var err error
+
+	if !b.opt.CreateEmptySrcDirs {
+		return dirsonly, err
+	}
+
+	fulllisting, err = b.loadListingNum(listingNum)
+
+	if err != nil {
+		b.critical = true
+		b.retryable = true
+		fs.Debugf(nil, "Error loading listing to generate dirsonly list: %v", err)
+		return dirsonly, err
+	}
+
+	for _, obj := range fulllisting.list {
+		info := fulllisting.get(obj)
+
+		if info.flags == "d" {
+			fs.Debugf(nil, "found a dir: %s", obj)
+			dirsonly.put(obj, info.size, info.time, info.hash, info.id, info.flags)
+		} else {
+			fs.Debugf(nil, "not a dir: %s", obj)
+		}
+	}
+
+	return dirsonly, err
+}
diff --git a/cmd/bisync/operations.go b/cmd/bisync/operations.go
index 85b1e43d17182..250437e626b41 100644
--- a/cmd/bisync/operations.go
+++ b/cmd/bisync/operations.go
@@ -25,13 +25,14 @@ var ErrBisyncAborted = errors.New("bisync aborted")
 
 // bisyncRun keeps bisync runtime state
 type bisyncRun struct {
-	fs1      fs.Fs
-	fs2      fs.Fs
-	abort    bool
-	critical bool
-	basePath string
-	workDir  string
-	opt      *Options
+	fs1       fs.Fs
+	fs2       fs.Fs
+	abort     bool
+	critical  bool
+	retryable bool
+	basePath  string
+	workDir   string
+	opt       *Options
 }
 
 // Bisync handles lock file, performs bisync run and checks exit status
@@ -123,14 +124,19 @@ func Bisync(ctx context.Context, fs1, fs2 fs.Fs, optArg *Options) (err error) {
 	}
 
 	if b.critical {
-		if bilib.FileExists(listing1) {
-			_ = os.Rename(listing1, listing1+"-err")
-		}
-		if bilib.FileExists(listing2) {
-			_ = os.Rename(listing2, listing2+"-err")
+		if b.retryable && b.opt.Resilient {
+			fs.Errorf(nil, "Bisync critical error: %v", err)
+			fs.Errorf(nil, "Bisync aborted. Error is retryable without --resync due to --resilient mode.")
+		} else {
+			if bilib.FileExists(listing1) {
+				_ = os.Rename(listing1, listing1+"-err")
+			}
+			if bilib.FileExists(listing2) {
+				_ = os.Rename(listing2, listing2+"-err")
+			}
+			fs.Errorf(nil, "Bisync critical error: %v", err)
+			fs.Errorf(nil, "Bisync aborted. Must run --resync to recover.")
 		}
-		fs.Errorf(nil, "Bisync critical error: %v", err)
-		fs.Errorf(nil, "Bisync aborted. Must run --resync to recover.")
 		return ErrBisyncAborted
 	}
 	if b.abort {
@@ -152,6 +158,7 @@ func (b *bisyncRun) runLocked(octx context.Context, listing1, listing2 string) (
 		fs.Infof(nil, "Validating listings for Path1 %s vs Path2 %s", quotePath(path1), quotePath(path2))
 		if err = b.checkSync(listing1, listing2); err != nil {
 			b.critical = true
+			b.retryable = true
 		}
 		return err
 	}
@@ -176,6 +183,7 @@ func (b *bisyncRun) runLocked(octx context.Context, listing1, listing2 string) (
 	var fctx context.Context
 	if fctx, err = b.opt.applyFilters(octx); err != nil {
 		b.critical = true
+		b.retryable = true
 		return
 	}
 
@@ -188,6 +196,7 @@ func (b *bisyncRun) runLocked(octx context.Context, listing1, listing2 string) (
 	if !bilib.FileExists(listing1) || !bilib.FileExists(listing2) {
 		// On prior critical error abort, the prior listings are renamed to .lst-err to lock out further runs
 		b.critical = true
+		b.retryable = true
 		return errors.New("cannot find prior Path1 or Path2 listings, likely due to critical error on prior run")
 	}
 
@@ -215,6 +224,7 @@ func (b *bisyncRun) runLocked(octx context.Context, listing1, listing2 string) (
 		err = b.checkAccess(ds1.checkFiles, ds2.checkFiles)
 		if err != nil {
 			b.critical = true
+			b.retryable = true
 			return
 		}
 	}
@@ -255,6 +265,7 @@ func (b *bisyncRun) runLocked(octx context.Context, listing1, listing2 string) (
 		changes1, changes2, err = b.applyDeltas(octx, ds1, ds2)
 		if err != nil {
 			b.critical = true
+			// b.retryable = true // not sure about this one
 			return err
 		}
 	}
@@ -283,6 +294,7 @@ func (b *bisyncRun) runLocked(octx context.Context, listing1, listing2 string) (
 	}
 	if err != nil {
 		b.critical = true
+		b.retryable = true
 		return err
 	}
 
@@ -310,6 +322,7 @@ func (b *bisyncRun) runLocked(octx context.Context, listing1, listing2 string) (
 		}
 		if err != nil {
 			b.critical = true
+			b.retryable = true
 			return err
 		}
 	}
@@ -341,6 +354,39 @@ func (b *bisyncRun) resync(octx, fctx context.Context, listing1, listing2 string
 		return err
 	}
 
+	// Check access health on the Path1 and Path2 filesystems
+	// enforce even though this is --resync
+	if b.opt.CheckAccess {
+		fs.Infof(nil, "Checking access health")
+
+		ds1 := &deltaSet{
+			checkFiles: bilib.Names{},
+		}
+
+		ds2 := &deltaSet{
+			checkFiles: bilib.Names{},
+		}
+
+		for _, file := range filesNow1.list {
+			if filepath.Base(file) == b.opt.CheckFilename {
+				ds1.checkFiles.Add(file)
+			}
+		}
+
+		for _, file := range filesNow2.list {
+			if filepath.Base(file) == b.opt.CheckFilename {
+				ds2.checkFiles.Add(file)
+			}
+		}
+
+		err = b.checkAccess(ds1.checkFiles, ds2.checkFiles)
+		if err != nil {
+			b.critical = true
+			b.retryable = true
+			return err
+		}
+	}
+
 	copy2to1 := []string{}
 	for _, file := range filesNow2.list {
 		if !filesNow1.has(file) {
@@ -367,11 +413,34 @@ func (b *bisyncRun) resync(octx, fctx context.Context, listing1, listing2 string
 		// prevent overwriting Google Doc files (their size is -1)
 		filterSync.Opt.MinSize = 0
 	}
-	if err = sync.Sync(ctxSync, b.fs2, b.fs1, false); err != nil {
+	if err = sync.CopyDir(ctxSync, b.fs2, b.fs1, b.opt.CreateEmptySrcDirs); err != nil {
 		b.critical = true
 		return err
 	}
 
+	if b.opt.CreateEmptySrcDirs {
+		// copy Path2 back to Path1, for empty dirs
+		// the fastCopy above cannot include directories, because it relies on --files-from for filtering,
+		// so instead we'll copy them here, relying on fctx for our filtering.
+
+		// This preserves the original resync order for backward compatibility. It is essentially:
+		// rclone copy Path2 Path1 --ignore-existing
+		// rclone copy Path1 Path2 --create-empty-src-dirs
+		// rclone copy Path2 Path1 --create-empty-src-dirs
+
+		// although if we were starting from scratch, it might be cleaner and faster to just do:
+		// rclone copy Path2 Path1 --create-empty-src-dirs
+		// rclone copy Path1 Path2 --create-empty-src-dirs
+
+		fs.Infof(nil, "Resynching Path2 to Path1 (for empty dirs)")
+
+		//note copy (not sync) and dst comes before src
+		if err = sync.CopyDir(ctxSync, b.fs1, b.fs2, b.opt.CreateEmptySrcDirs); err != nil {
+			b.critical = true
+			return err
+		}
+	}
+
 	fs.Infof(nil, "Resync updating listings")
 	if _, err = b.makeListing(fctx, b.fs1, listing1); err != nil {
 		b.critical = true
diff --git a/cmd/bisync/queue.go b/cmd/bisync/queue.go
index 08bb208621e45..701c8a922309b 100644
--- a/cmd/bisync/queue.go
+++ b/cmd/bisync/queue.go
@@ -3,6 +3,7 @@ package bisync
 import (
 	"context"
 	"fmt"
+	"sort"
 
 	"github.com/rclone/rclone/cmd/bisync/bilib"
 	"github.com/rclone/rclone/fs"
@@ -23,7 +24,7 @@ func (b *bisyncRun) fastCopy(ctx context.Context, fsrc, fdst fs.Fs, files bilib.
 		}
 	}
 
-	return sync.CopyDir(ctxCopy, fdst, fsrc, false)
+	return sync.CopyDir(ctxCopy, fdst, fsrc, b.opt.CreateEmptySrcDirs)
 }
 
 func (b *bisyncRun) fastDelete(ctx context.Context, f fs.Fs, files bilib.Names, queueName string) error {
@@ -32,7 +33,14 @@ func (b *bisyncRun) fastDelete(ctx context.Context, f fs.Fs, files bilib.Names,
 	}
 
 	transfers := fs.GetConfig(ctx).Transfers
-	ctxRun := b.opt.setDryRun(ctx)
+
+	ctxRun, filterDelete := filter.AddConfig(b.opt.setDryRun(ctx))
+
+	for _, file := range files.ToList() {
+		if err := filterDelete.AddFile(file); err != nil {
+			return err
+		}
+	}
 
 	objChan := make(fs.ObjectsChan, transfers)
 	errChan := make(chan error, 1)
@@ -53,6 +61,36 @@ func (b *bisyncRun) fastDelete(ctx context.Context, f fs.Fs, files bilib.Names,
 	return err
 }
 
+// operation should be "make" or "remove"
+func (b *bisyncRun) syncEmptyDirs(ctx context.Context, dst fs.Fs, candidates bilib.Names, dirsList *fileList, operation string) {
+	if b.opt.CreateEmptySrcDirs && (!b.opt.Resync || operation == "make") {
+
+		candidatesList := candidates.ToList()
+		if operation == "remove" {
+			// reverse the sort order to ensure we remove subdirs before parent dirs
+			sort.Sort(sort.Reverse(sort.StringSlice(candidatesList)))
+		}
+
+		for _, s := range candidatesList {
+			var direrr error
+			if dirsList.has(s) { //make sure it's a dir, not a file
+				if operation == "remove" {
+					//note: we need to use Rmdirs instead of Rmdir because directories will fail to delete if they have other empty dirs inside of them.
+					direrr = operations.Rmdirs(ctx, dst, s, false)
+				} else if operation == "make" {
+					direrr = operations.Mkdir(ctx, dst, s)
+				} else {
+					direrr = fmt.Errorf("invalid operation. Expected 'make' or 'remove', received '%q'", operation)
+				}
+
+				if direrr != nil {
+					fs.Debugf(nil, "Error syncing directory: %v", direrr)
+				}
+			}
+		}
+	}
+}
+
 func (b *bisyncRun) saveQueue(files bilib.Names, jobName string) error {
 	if !b.opt.SaveQueues {
 		return nil
diff --git a/cmd/bisync/rc.go b/cmd/bisync/rc.go
index 04f723f038c18..550be5e381343 100644
--- a/cmd/bisync/rc.go
+++ b/cmd/bisync/rc.go
@@ -26,6 +26,7 @@ func rcBisync(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 
 	if dryRun, err := in.GetBool("dryRun"); err == nil {
 		ci.DryRun = dryRun
+		opt.DryRun = dryRun
 	} else if rc.NotErrParamNotFound(err) {
 		return nil, err
 	}
@@ -34,7 +35,7 @@ func rcBisync(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 		if maxDelete < 0 || maxDelete > 100 {
 			return nil, rc.NewErrParamInvalid(errors.New("maxDelete must be a percentage between 0 and 100"))
 		}
-		ci.MaxDelete = maxDelete
+		opt.MaxDelete = int(maxDelete)
 	} else if rc.NotErrParamNotFound(err) {
 		return nil, err
 	}
@@ -48,12 +49,21 @@ func rcBisync(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 	if opt.Force, err = in.GetBool("force"); rc.NotErrParamNotFound(err) {
 		return
 	}
+	if opt.CreateEmptySrcDirs, err = in.GetBool("createEmptySrcDirs"); rc.NotErrParamNotFound(err) {
+		return
+	}
 	if opt.RemoveEmptyDirs, err = in.GetBool("removeEmptyDirs"); rc.NotErrParamNotFound(err) {
 		return
 	}
 	if opt.NoCleanup, err = in.GetBool("noCleanup"); rc.NotErrParamNotFound(err) {
 		return
 	}
+	if opt.IgnoreListingChecksum, err = in.GetBool("ignoreListingChecksum"); rc.NotErrParamNotFound(err) {
+		return
+	}
+	if opt.Resilient, err = in.GetBool("resilient"); rc.NotErrParamNotFound(err) {
+		return
+	}
 
 	if opt.CheckFilename, err = in.GetString("checkFilename"); rc.NotErrParamNotFound(err) {
 		return
@@ -69,6 +79,9 @@ func rcBisync(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 	if rc.NotErrParamNotFound(err) {
 		return nil, err
 	}
+	if checkSync == "" {
+		checkSync = "true"
+	}
 	if err := opt.CheckSync.Set(checkSync); err != nil {
 		return nil, err
 	}
diff --git a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst
index 49142c3e6da8e..ddb01f4a77fe2 100644
--- a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst
+++ b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst
@@ -4,7 +4,7 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst-new b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst-new
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst-new
+++ b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path1.lst-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst
index 49142c3e6da8e..ddb01f4a77fe2 100644
--- a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst
+++ b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst
@@ -4,7 +4,7 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst-new b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst-new
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst-new
+++ b/cmd/bisync/testdata/test_changes/golden/_testdir_path1.._testdir_path2.path2.lst-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_changes/golden/test.log b/cmd/bisync/testdata/test_changes/golden/test.log
index 1b314688d11db..222b297587298 100644
--- a/cmd/bisync/testdata/test_changes/golden/test.log
+++ b/cmd/bisync/testdata/test_changes/golden/test.log
@@ -68,6 +68,11 @@ INFO  : - Path2    File was deleted                    - file7.txt
 INFO  : - Path2    File was deleted                    - file8.txt
 INFO  : Path2:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
 INFO  : Applying changes
+INFO  : Checking potential conflicts...
+ERROR : file5.txt: md5 differ
+NOTICE: Local file system at {path2}: 1 differences found
+NOTICE: Local file system at {path2}: 1 errors while checking
+INFO  : Finished checking the potential conflicts. 1 differences found
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file11.txt
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file2.txt
 INFO  : - Path2    Queue delete                        - {path2/}file4.txt
diff --git a/cmd/bisync/testdata/test_changes/modfiles/file5L.txt b/cmd/bisync/testdata/test_changes/modfiles/file5L.txt
index 464147f09c0c8..43ceff1dbe273 100644
--- a/cmd/bisync/testdata/test_changes/modfiles/file5L.txt
+++ b/cmd/bisync/testdata/test_changes/modfiles/file5L.txt
@@ -1 +1 @@
-This file is newer
+This file is newer and not equal to 5R
diff --git a/cmd/bisync/testdata/test_changes/modfiles/file5R.txt b/cmd/bisync/testdata/test_changes/modfiles/file5R.txt
index 464147f09c0c8..a928fcf1382e0 100644
--- a/cmd/bisync/testdata/test_changes/modfiles/file5R.txt
+++ b/cmd/bisync/testdata/test_changes/modfiles/file5R.txt
@@ -1 +1 @@
-This file is newer
+This file is newer and not equal to 5L
diff --git a/cmd/bisync/testdata/test_check_access_filters/scenario.txt b/cmd/bisync/testdata/test_check_access_filters/scenario.txt
index 46948a468fcf5..f29806ba6424d 100644
--- a/cmd/bisync/testdata/test_check_access_filters/scenario.txt
+++ b/cmd/bisync/testdata/test_check_access_filters/scenario.txt
@@ -3,8 +3,8 @@ test check-access-filters
 # NOTE: Include Other tests may result in listing diffs due to rclone processing order change. False fail.
 #
 # Tests are done in two phases:
-#  - EXCLUDE OTHER tests check that RCLONE_TEST files are only found in the explicity included directories
-#  - INCLUDE OTHER tesss check that RCLONE_TEST files are found in all directories not explicity excluded
+#  - EXCLUDE OTHER tests check that RCLONE_TEST files are only found in the explicitly included directories
+#  - INCLUDE OTHER tesss check that RCLONE_TEST files are found in all directories not explicitly excluded
 #
 # Each phase checks that:
 #  - missing RCLONE_TEST files in don't care directories don't cause failures
diff --git a/cmd/bisync/testdata/test_check_filename/golden/test.log b/cmd/bisync/testdata/test_check_filename/golden/test.log
index 78d0555ac098d..d008b934d731a 100644
--- a/cmd/bisync/testdata/test_check_filename/golden/test.log
+++ b/cmd/bisync/testdata/test_check_filename/golden/test.log
@@ -39,10 +39,12 @@ Bisync error: bisync aborted
 (10)  : move-listings path2-missing
 
 (11)  : test 3. put the remote subdir .chk_file back, run resync.
-(12)  : copy-file {path1/}subdir/.chk_file {path2/}
+(12)  : copy-file {path1/}subdir/.chk_file {path2/}subdir/
 (13)  : bisync check-access resync check-filename=.chk_file
 INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
 INFO  : Copying unique Path2 files to Path1
+INFO  : Checking access health
+INFO  : Found 2 matching ".chk_file" files on both paths
 INFO  : Resynching Path1 to Path2
 INFO  : Resync updating listings
 INFO  : Bisync successful
diff --git a/cmd/bisync/testdata/test_check_filename/scenario.txt b/cmd/bisync/testdata/test_check_filename/scenario.txt
index 3d0b0ab49ba67..d20a3ee4820c7 100644
--- a/cmd/bisync/testdata/test_check_filename/scenario.txt
+++ b/cmd/bisync/testdata/test_check_filename/scenario.txt
@@ -20,7 +20,7 @@ bisync check-access check-filename=.chk_file
 move-listings path2-missing
 
 test 3. put the remote subdir .chk_file back, run resync.
-copy-file {path1/}subdir/.chk_file {path2/}
+copy-file {path1/}subdir/.chk_file {path2/}subdir/
 bisync check-access resync check-filename=.chk_file
 
 test 4. run sync with check-access. should pass.
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.copy1to2.que b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.copy1to2.que
new file mode 100644
index 0000000000000..4f985e416e189
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.copy1to2.que
@@ -0,0 +1 @@
+"subdir"
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.delete2.que b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.delete2.que
new file mode 100644
index 0000000000000..4f985e416e189
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.delete2.que
@@ -0,0 +1 @@
+"subdir"
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path1.lst b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path1.lst
new file mode 100644
index 0000000000000..5d46d406910a8
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path1.lst
@@ -0,0 +1,7 @@
+# bisync listing v1 from test
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy3.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy4.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy5.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.txt"
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path1.lst-new b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path1.lst-new
new file mode 100644
index 0000000000000..5d46d406910a8
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path1.lst-new
@@ -0,0 +1,7 @@
+# bisync listing v1 from test
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy3.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy4.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy5.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.txt"
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path2.lst b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path2.lst
new file mode 100644
index 0000000000000..5d46d406910a8
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path2.lst
@@ -0,0 +1,7 @@
+# bisync listing v1 from test
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy3.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy4.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy5.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.txt"
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path2.lst-new b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path2.lst-new
new file mode 100644
index 0000000000000..5d46d406910a8
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.path2.lst-new
@@ -0,0 +1,7 @@
+# bisync listing v1 from test
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy3.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy4.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.copy5.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2001-01-02T00:00:00.000000000+0000 "file1.txt"
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.resync-copy2to1.que b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.resync-copy2to1.que
new file mode 100644
index 0000000000000..4f985e416e189
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/_testdir_path1.._testdir_path2.resync-copy2to1.que
@@ -0,0 +1 @@
+"subdir"
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/golden/test.log b/cmd/bisync/testdata/test_createemptysrcdirs/golden/test.log
new file mode 100644
index 0000000000000..b8799524a97eb
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/golden/test.log
@@ -0,0 +1,142 @@
+(01)  : test createemptysrcdirs
+
+
+(02)  : test initial bisync
+(03)  : touch-glob 2001-01-02 {datadir/} placeholder.txt
+(04)  : copy-as {datadir/}placeholder.txt {path1/} file1.txt
+(05)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy1.txt
+(06)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy2.txt
+(07)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy3.txt
+(08)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy4.txt
+(09)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy5.txt
+(10)  : bisync resync
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Copying unique Path2 files to Path1
+INFO  : Resynching Path1 to Path2
+INFO  : Resync updating listings
+INFO  : Bisync successful
+
+(11)  : test 1. Create an empty dir on Path1 by creating subdir/placeholder.txt and then deleting the placeholder
+(12)  : copy-as {datadir/}placeholder.txt {path1/} subdir/placeholder.txt
+(13)  : touch-glob 2001-01-02 {path1/} subdir
+(14)  : delete-file {path1/}subdir/placeholder.txt
+
+(15)  : test 2. Run bisync without --create-empty-src-dirs
+(16)  : bisync
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Path1 checking for diffs
+INFO  : Path2 checking for diffs
+INFO  : No changes found
+INFO  : Updating listings
+INFO  : Validating listings for Path1 "{path1/}" vs Path2 "{path2/}"
+INFO  : Bisync successful
+
+(17)  : test 3. Confirm the subdir exists only on Path1 and not Path2
+(18)  : list-dirs {path1/}
+subdir/
+(19)  : list-dirs {path2/}
+
+(20)  : test 4.Run bisync WITH --create-empty-src-dirs
+(21)  : bisync create-empty-src-dirs
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Path1 checking for diffs
+INFO  : - Path1    File is new                         - subdir
+INFO  : Path1:    1 changes:    1 new,    0 newer,    0 older,    0 deleted
+INFO  : Path2 checking for diffs
+INFO  : Applying changes
+INFO  : - Path1    Queue copy to Path2                 - {path2/}subdir
+INFO  : - Path1    Do queued copies to                 - Path2
+INFO  : Updating listings
+INFO  : Validating listings for Path1 "{path1/}" vs Path2 "{path2/}"
+INFO  : Bisync successful
+
+(22)  : test 5. Confirm the subdir exists on both paths
+(23)  : list-dirs {path1/}
+subdir/
+(24)  : list-dirs {path2/}
+subdir/
+
+(25)  : test 6. Delete the empty dir on Path1 using purge-children (and also add files so the path isn't empty)
+(26)  : purge-children {path1/}
+(27)  : copy-as {datadir/}placeholder.txt {path1/} file1.txt
+(28)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy1.txt
+(29)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy2.txt
+(30)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy3.txt
+(31)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy4.txt
+(32)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy5.txt
+
+(33)  : test 7. Run bisync without --create-empty-src-dirs
+(34)  : bisync
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Path1 checking for diffs
+INFO  : - Path1    File was deleted                    - RCLONE_TEST
+INFO  : - Path1    File was deleted                    - subdir
+INFO  : Path1:    2 changes:    0 new,    0 newer,    0 older,    2 deleted
+INFO  : Path2 checking for diffs
+INFO  : - Path2    File was deleted                    - subdir
+INFO  : Path2:    1 changes:    0 new,    0 newer,    0 older,    1 deleted
+INFO  : Applying changes
+INFO  : - Path2    Queue delete                        - {path2/}RCLONE_TEST
+INFO  : -          Do queued deletes on                - Path2
+INFO  : Updating listings
+INFO  : Validating listings for Path1 "{path1/}" vs Path2 "{path2/}"
+INFO  : Bisync successful
+
+(35)  : test 8. Confirm the subdir exists only on Path2 and not Path1
+(36)  : list-dirs {path1/}
+(37)  : list-dirs {path2/}
+subdir/
+
+(38)  : test 9. Reset, do the delete again, and run bisync WITH --create-empty-src-dirs
+(39)  : bisync resync create-empty-src-dirs
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Copying unique Path2 files to Path1
+INFO  : - Path2    Resync will copy to Path1           - subdir
+INFO  : - Path2    Resync is doing queued copies to    - Path1
+INFO  : Resynching Path1 to Path2
+INFO  : Resynching Path2 to Path1 (for empty dirs)
+INFO  : Resync updating listings
+INFO  : Bisync successful
+(40)  : list-dirs {path1/}
+subdir/
+(41)  : list-dirs {path2/}
+subdir/
+
+(42)  : purge-children {path1/}
+(43)  : copy-as {datadir/}placeholder.txt {path1/} file1.txt
+(44)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy1.txt
+(45)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy2.txt
+(46)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy3.txt
+(47)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy4.txt
+(48)  : copy-as {datadir/}placeholder.txt {path1/} file1.copy5.txt
+(49)  : list-dirs {path1/}
+(50)  : list-dirs {path2/}
+subdir/
+
+(51)  : bisync create-empty-src-dirs
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Path1 checking for diffs
+INFO  : - Path1    File was deleted                    - subdir
+INFO  : Path1:    1 changes:    0 new,    0 newer,    0 older,    1 deleted
+INFO  : Path2 checking for diffs
+INFO  : Applying changes
+INFO  : - Path2    Queue delete                        - {path2/}subdir
+INFO  : -          Do queued deletes on                - Path2
+INFO  : subdir: Removing directory
+INFO  : Updating listings
+INFO  : Validating listings for Path1 "{path1/}" vs Path2 "{path2/}"
+INFO  : Bisync successful
+
+(52)  : test 10. Confirm the subdir has been removed on both paths
+(53)  : list-dirs {path1/}
+(54)  : list-dirs {path2/}
+
+(55)  : test 11. bisync again (because if we leave subdir in listings, test will fail due to mismatched modtime)
+(56)  : bisync create-empty-src-dirs
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Path1 checking for diffs
+INFO  : Path2 checking for diffs
+INFO  : No changes found
+INFO  : Updating listings
+INFO  : Validating listings for Path1 "{path1/}" vs Path2 "{path2/}"
+INFO  : Bisync successful
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/initial/RCLONE_TEST b/cmd/bisync/testdata/test_createemptysrcdirs/initial/RCLONE_TEST
new file mode 100644
index 0000000000000..d8ca97c2a4dbe
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/initial/RCLONE_TEST
@@ -0,0 +1 @@
+This file is used for testing the health of rclone accesses to the local/remote file system.  Do not delete.
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy1.txt b/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy1.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy2.txt b/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy2.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy3.txt b/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy3.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy4.txt b/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy4.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy5.txt b/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.copy5.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.txt b/cmd/bisync/testdata/test_createemptysrcdirs/initial/file1.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/modfiles/placeholder.txt b/cmd/bisync/testdata/test_createemptysrcdirs/modfiles/placeholder.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_createemptysrcdirs/scenario.txt b/cmd/bisync/testdata/test_createemptysrcdirs/scenario.txt
new file mode 100644
index 0000000000000..8b39ae2b598db
--- /dev/null
+++ b/cmd/bisync/testdata/test_createemptysrcdirs/scenario.txt
@@ -0,0 +1,87 @@
+test createemptysrcdirs
+# Test the --create-empty-src-dirs logic.
+# Should behave the same way as rclone sync.
+# Without this flag, empty directories created/deleted on one side are NOT created/deleted on the other side
+# With this flag, empty directories created/deleted on one side are created/deleted on the other side; the result should be an exact mirror.
+#
+# Placeholders are necessary to ensure that git does not lose our empty folders
+# After the initial setup sync:
+#  1. Create an empty dir on Path1 by creating subdir/placeholder.txt and then deleting the placeholder
+#  2. Run bisync without --create-empty-src-dirs
+#  3. Confirm the subdir exists only on Path1 and not Path2
+#  4. Run bisync WITH --create-empty-src-dirs
+#  5. Confirm the subdir exists on both paths
+#  6. Delete the empty dir on Path1 using purge-children (and also add files so the path isn't empty)
+#  7. Run bisync without --create-empty-src-dirs
+#  8. Confirm the subdir exists only on Path2 and not Path1
+#  9. Reset, do the delete again, and run bisync WITH --create-empty-src-dirs
+#  10. Confirm the subdir has been removed on both paths
+
+test initial bisync
+touch-glob 2001-01-02 {datadir/} placeholder.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy1.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy2.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy3.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy4.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy5.txt
+bisync resync
+
+test 1. Create an empty dir on Path1 by creating subdir/placeholder.txt and then deleting the placeholder
+copy-as {datadir/}placeholder.txt {path1/} subdir/placeholder.txt
+touch-glob 2001-01-02 {path1/} subdir
+delete-file {path1/}subdir/placeholder.txt
+
+test 2. Run bisync without --create-empty-src-dirs
+bisync
+
+test 3. Confirm the subdir exists only on Path1 and not Path2
+list-dirs {path1/}
+list-dirs {path2/}
+
+test 4.Run bisync WITH --create-empty-src-dirs
+bisync create-empty-src-dirs
+
+test 5. Confirm the subdir exists on both paths
+list-dirs {path1/}
+list-dirs {path2/}
+
+test 6. Delete the empty dir on Path1 using purge-children (and also add files so the path isn't empty)
+purge-children {path1/}
+copy-as {datadir/}placeholder.txt {path1/} file1.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy1.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy2.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy3.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy4.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy5.txt
+
+test 7. Run bisync without --create-empty-src-dirs
+bisync
+
+test 8. Confirm the subdir exists only on Path2 and not Path1
+list-dirs {path1/}
+list-dirs {path2/}
+
+test 9. Reset, do the delete again, and run bisync WITH --create-empty-src-dirs
+bisync resync create-empty-src-dirs
+list-dirs {path1/}
+list-dirs {path2/}
+
+purge-children {path1/}
+copy-as {datadir/}placeholder.txt {path1/} file1.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy1.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy2.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy3.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy4.txt
+copy-as {datadir/}placeholder.txt {path1/} file1.copy5.txt
+list-dirs {path1/}
+list-dirs {path2/}
+
+bisync create-empty-src-dirs
+
+test 10. Confirm the subdir has been removed on both paths
+list-dirs {path1/}
+list-dirs {path2/}
+
+test 11. bisync again (because if we leave subdir in listings, test will fail due to mismatched modtime)
+bisync create-empty-src-dirs
\ No newline at end of file
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst
index 49142c3e6da8e..ddb01f4a77fe2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst
@@ -4,7 +4,7 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry-new b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry-new
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-dry-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-new b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-new
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path1.lst-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst
index 49142c3e6da8e..ddb01f4a77fe2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst
@@ -4,7 +4,7 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt..path1"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt..path2"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry-new b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry-new
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-dry-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-new b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-new
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/_testdir_path1.._testdir_path2.path2.lst-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry-new b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry-new
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path1.lst-dry-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry-new b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry-new
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun-resync._testdir_path1.._testdir_path2.path2.lst-dry-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry-new b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry-new
index 239afb58ceead..8ea562aab97d2 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path1.lst-dry-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file11.txt"
 -       13 md5:fb3ecfb2800400fb01b0bfd39903e9fb - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file3.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:0860a03592626642f8fd6c8bfb447d2a - 2001-03-04T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file7.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry-new b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry-new
index 377ac6a2ac033..ba1b8daab2073 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry-new
+++ b/cmd/bisync/testdata/test_dry_run/golden/dryrun._testdir_path1.._testdir_path2.path2.lst-dry-new
@@ -4,5 +4,5 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file10.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
 -        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file4.txt"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
+-       39 md5:979a803b15d27df0c31ad7d29006d10b - 2001-01-02T00:00:00.000000000+0000 "file5.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "file6.txt"
diff --git a/cmd/bisync/testdata/test_dry_run/golden/test.log b/cmd/bisync/testdata/test_dry_run/golden/test.log
index 2efdb1f8162bb..13bd9654aa21d 100644
--- a/cmd/bisync/testdata/test_dry_run/golden/test.log
+++ b/cmd/bisync/testdata/test_dry_run/golden/test.log
@@ -54,13 +54,10 @@ NOTICE: file4.txt: Skipped copy as --dry-run is set (size 0)
 NOTICE: file6.txt: Skipped copy as --dry-run is set (size 19)
 INFO  : Resynching Path1 to Path2
 NOTICE: file1.txt: Skipped copy as --dry-run is set (size 0)
-NOTICE: file10.txt: Skipped delete as --dry-run is set (size 19)
 NOTICE: file11.txt: Skipped copy as --dry-run is set (size 19)
 NOTICE: file2.txt: Skipped copy as --dry-run is set (size 13)
 NOTICE: file3.txt: Skipped copy as --dry-run is set (size 0)
-NOTICE: file4.txt: Skipped delete as --dry-run is set (size 0)
-NOTICE: file5.txt: Skipped copy (or update modification time) as --dry-run is set (size 19)
-NOTICE: file6.txt: Skipped delete as --dry-run is set (size 19)
+NOTICE: file5.txt: Skipped copy (or update modification time) as --dry-run is set (size 39)
 NOTICE: file7.txt: Skipped copy as --dry-run is set (size 19)
 INFO  : Resync updating listings
 INFO  : Bisync successful
@@ -86,15 +83,20 @@ INFO  : - Path2    File was deleted                    - file3.txt
 INFO  : - Path2    File was deleted                    - file7.txt
 INFO  : Path2:    6 changes:    1 new,    3 newer,    0 older,    2 deleted
 INFO  : Applying changes
+INFO  : Checking potential conflicts...
+ERROR : file5.txt: md5 differ
+NOTICE: Local file system at {path2}: 1 differences found
+NOTICE: Local file system at {path2}: 1 errors while checking
+INFO  : Finished checking the potential conflicts. 1 differences found
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file11.txt
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file2.txt
 INFO  : - Path2    Queue delete                        - {path2/}file4.txt
 NOTICE: - WARNING  New or changed in both paths        - file5.txt
 NOTICE: - Path1    Renaming Path1 copy                 - {path1/}file5.txt..path1
-NOTICE: file5.txt: Skipped move as --dry-run is set (size 19)
+NOTICE: file5.txt: Skipped move as --dry-run is set (size 39)
 NOTICE: - Path1    Queue copy to Path2                 - {path2/}file5.txt..path1
 NOTICE: - Path2    Renaming Path2 copy                 - {path2/}file5.txt..path2
-NOTICE: file5.txt: Skipped move as --dry-run is set (size 19)
+NOTICE: file5.txt: Skipped move as --dry-run is set (size 39)
 NOTICE: - Path2    Queue copy to Path1                 - {path1/}file5.txt..path2
 INFO  : - Path2    Queue copy to Path1                 - {path1/}file6.txt
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file7.txt
@@ -137,6 +139,11 @@ INFO  : - Path2    File was deleted                    - file3.txt
 INFO  : - Path2    File was deleted                    - file7.txt
 INFO  : Path2:    6 changes:    1 new,    3 newer,    0 older,    2 deleted
 INFO  : Applying changes
+INFO  : Checking potential conflicts...
+ERROR : file5.txt: md5 differ
+NOTICE: Local file system at {path2}: 1 differences found
+NOTICE: Local file system at {path2}: 1 errors while checking
+INFO  : Finished checking the potential conflicts. 1 differences found
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file11.txt
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file2.txt
 INFO  : - Path2    Queue delete                        - {path2/}file4.txt
diff --git a/cmd/bisync/testdata/test_dry_run/modfiles/file5L.txt b/cmd/bisync/testdata/test_dry_run/modfiles/file5L.txt
index 464147f09c0c8..43ceff1dbe273 100644
--- a/cmd/bisync/testdata/test_dry_run/modfiles/file5L.txt
+++ b/cmd/bisync/testdata/test_dry_run/modfiles/file5L.txt
@@ -1 +1 @@
-This file is newer
+This file is newer and not equal to 5R
diff --git a/cmd/bisync/testdata/test_dry_run/modfiles/file5R.txt b/cmd/bisync/testdata/test_dry_run/modfiles/file5R.txt
index 464147f09c0c8..a928fcf1382e0 100644
--- a/cmd/bisync/testdata/test_dry_run/modfiles/file5R.txt
+++ b/cmd/bisync/testdata/test_dry_run/modfiles/file5R.txt
@@ -1 +1 @@
-This file is newer
+This file is newer and not equal to 5L
diff --git a/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.copy1to2.que b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.copy1to2.que
new file mode 100644
index 0000000000000..d988a5ab11a82
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.copy1to2.que
@@ -0,0 +1 @@
+"file1.txt..path1"
diff --git a/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.copy2to1.que b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.copy2to1.que
new file mode 100644
index 0000000000000..7f99cd1cee80d
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.copy2to1.que
@@ -0,0 +1 @@
+"file1.txt..path2"
diff --git a/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path1.lst b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path1.lst
new file mode 100644
index 0000000000000..8ef63fed892be
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path1.lst
@@ -0,0 +1,5 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-       33 md5:ea683c03f780b76a62405456b08ae6fd - 2001-03-04T00:00:00.000000000+0000 "file1.txt..path1"
+-       33 md5:2b4975bb20f7be674e66d78570ba2fb1 - 2001-01-02T00:00:00.000000000+0000 "file1.txt..path2"
+-       37 md5:9fe822ddd1cb81d83aae00fa48239bd3 - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
diff --git a/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path1.lst-new b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path1.lst-new
new file mode 100644
index 0000000000000..eb2bbe4cfef4d
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path1.lst-new
@@ -0,0 +1,4 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-       33 md5:ea683c03f780b76a62405456b08ae6fd - 2001-03-04T00:00:00.000000000+0000 "file1.txt"
+-       37 md5:9fe822ddd1cb81d83aae00fa48239bd3 - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
diff --git a/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path2.lst b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path2.lst
new file mode 100644
index 0000000000000..8ef63fed892be
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path2.lst
@@ -0,0 +1,5 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-       33 md5:ea683c03f780b76a62405456b08ae6fd - 2001-03-04T00:00:00.000000000+0000 "file1.txt..path1"
+-       33 md5:2b4975bb20f7be674e66d78570ba2fb1 - 2001-01-02T00:00:00.000000000+0000 "file1.txt..path2"
+-       37 md5:9fe822ddd1cb81d83aae00fa48239bd3 - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
diff --git a/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path2.lst-new b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path2.lst-new
new file mode 100644
index 0000000000000..8bea8b8450cc9
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/golden/_testdir_path1.._testdir_path2.path2.lst-new
@@ -0,0 +1,4 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-       33 md5:2b4975bb20f7be674e66d78570ba2fb1 - 2001-01-02T00:00:00.000000000+0000 "file1.txt"
+-       37 md5:9fe822ddd1cb81d83aae00fa48239bd3 - 2001-01-02T00:00:00.000000000+0000 "file2.txt"
diff --git a/cmd/bisync/testdata/test_equal/golden/test.log b/cmd/bisync/testdata/test_equal/golden/test.log
new file mode 100644
index 0000000000000..34cffc03748b1
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/golden/test.log
@@ -0,0 +1,52 @@
+(01)  : test equal
+
+
+(02)  : test initial bisync
+(03)  : bisync resync
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Copying unique Path2 files to Path1
+INFO  : Resynching Path1 to Path2
+INFO  : Resync updating listings
+INFO  : Bisync successful
+
+(04)  : test changed on both paths and NOT identical - file1 (file1R, file1L)
+(05)  : touch-glob 2001-01-02 {datadir/} file1R.txt
+(06)  : copy-as {datadir/}file1R.txt {path2/} file1.txt
+(07)  : touch-glob 2001-03-04 {datadir/} file1L.txt
+(08)  : copy-as {datadir/}file1L.txt {path1/} file1.txt
+
+(09)  : test changed on both paths and identical - file2
+(10)  : touch-glob 2001-01-02 {datadir/} file2.txt
+(11)  : copy-as {datadir/}file2.txt {path1/} file2.txt
+(12)  : copy-as {datadir/}file2.txt {path2/} file2.txt
+
+(13)  : test bisync run
+(14)  : bisync
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Path1 checking for diffs
+INFO  : - Path1    File is newer                       - file1.txt
+INFO  : - Path1    File is newer                       - file2.txt
+INFO  : Path1:    2 changes:    0 new,    2 newer,    0 older,    0 deleted
+INFO  : Path2 checking for diffs
+INFO  : - Path2    File is newer                       - file1.txt
+INFO  : - Path2    File is newer                       - file2.txt
+INFO  : Path2:    2 changes:    0 new,    2 newer,    0 older,    0 deleted
+INFO  : Applying changes
+INFO  : Checking potential conflicts...
+ERROR : file1.txt: md5 differ
+NOTICE: Local file system at {path2}: 1 differences found
+NOTICE: Local file system at {path2}: 1 errors while checking
+NOTICE: Local file system at {path2}: 1 matching files
+INFO  : Finished checking the potential conflicts. 1 differences found
+NOTICE: - WARNING  New or changed in both paths        - file1.txt
+NOTICE: - Path1    Renaming Path1 copy                 - {path1/}file1.txt..path1
+NOTICE: - Path1    Queue copy to Path2                 - {path2/}file1.txt..path1
+NOTICE: - Path2    Renaming Path2 copy                 - {path2/}file1.txt..path2
+NOTICE: - Path2    Queue copy to Path1                 - {path1/}file1.txt..path2
+NOTICE: - WARNING  New or changed in both paths        - file2.txt
+INFO  : Files are equal! Skipping: file2.txt
+INFO  : - Path2    Do queued copies to                 - Path1
+INFO  : - Path1    Do queued copies to                 - Path2
+INFO  : Updating listings
+INFO  : Validating listings for Path1 "{path1/}" vs Path2 "{path2/}"
+INFO  : Bisync successful
diff --git a/cmd/bisync/testdata/test_equal/initial/RCLONE_TEST b/cmd/bisync/testdata/test_equal/initial/RCLONE_TEST
new file mode 100644
index 0000000000000..d8ca97c2a4dbe
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/initial/RCLONE_TEST
@@ -0,0 +1 @@
+This file is used for testing the health of rclone accesses to the local/remote file system.  Do not delete.
diff --git a/cmd/bisync/testdata/test_equal/initial/file1.txt b/cmd/bisync/testdata/test_equal/initial/file1.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_equal/initial/file2.txt b/cmd/bisync/testdata/test_equal/initial/file2.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/cmd/bisync/testdata/test_equal/modfiles/file1L.txt b/cmd/bisync/testdata/test_equal/modfiles/file1L.txt
new file mode 100644
index 0000000000000..6906ccb095ef8
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/modfiles/file1L.txt
@@ -0,0 +1 @@
+This file is NOT identical to 1R
diff --git a/cmd/bisync/testdata/test_equal/modfiles/file1R.txt b/cmd/bisync/testdata/test_equal/modfiles/file1R.txt
new file mode 100644
index 0000000000000..e49d06a949b6d
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/modfiles/file1R.txt
@@ -0,0 +1 @@
+This file is NOT identical to 1L
diff --git a/cmd/bisync/testdata/test_equal/modfiles/file2.txt b/cmd/bisync/testdata/test_equal/modfiles/file2.txt
new file mode 100644
index 0000000000000..2ee5fc1eea273
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/modfiles/file2.txt
@@ -0,0 +1 @@
+This file is identical on both sides
diff --git a/cmd/bisync/testdata/test_equal/scenario.txt b/cmd/bisync/testdata/test_equal/scenario.txt
new file mode 100644
index 0000000000000..86fd26aca150c
--- /dev/null
+++ b/cmd/bisync/testdata/test_equal/scenario.txt
@@ -0,0 +1,22 @@
+test equal
+# Check that changed files on both sides are renamed ONLY if not-identical
+# See: https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Identical%20files%20should%20be%20left%20alone%2C%20even%20if%20new/newer/changed%20on%20both%20sides
+# - Changed on Path2 and on Path1, and NOT identical       file1 (file1r, file1l)
+# - Changed on Path2 and on Path1, and identical           file2
+
+test initial bisync
+bisync resync
+
+test changed on both paths and NOT identical - file1 (file1R, file1L)
+touch-glob 2001-01-02 {datadir/} file1R.txt
+copy-as {datadir/}file1R.txt {path2/} file1.txt
+touch-glob 2001-03-04 {datadir/} file1L.txt
+copy-as {datadir/}file1L.txt {path1/} file1.txt
+
+test changed on both paths and identical - file2
+touch-glob 2001-01-02 {datadir/} file2.txt
+copy-as {datadir/}file2.txt {path1/} file2.txt
+copy-as {datadir/}file2.txt {path2/} file2.txt
+
+test bisync run
+bisync
diff --git a/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path1.lst b/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path1.lst
index 60009c3fc0fab..2d9313ea4b557 100644
--- a/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path1.lst
+++ b/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path1.lst
@@ -12,7 +12,7 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_rawchars_␙_\x81_\xfe/file3_␙_\x81_\xfe"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/file_with_測試_.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-03T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt..path1"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt..path2"
+-       42 md5:40b811fb5009223b6da573f169619d8e - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt..path2"
 -      272 md5:0033328434f9662a7dae0d1aee7768b6 - 2000-01-01T00:00:00.000000000+0000 "subdir_with_ࢺ_/filename_contains_ࢺ_.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filename_contains_ࢺ_p2s.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/mañana_funcionará.txt"
diff --git a/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst b/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst
index 60009c3fc0fab..2d9313ea4b557 100644
--- a/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst
+++ b/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst
@@ -12,7 +12,7 @@
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_rawchars_␙_\x81_\xfe/file3_␙_\x81_\xfe"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/file_with_測試_.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-03T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt..path1"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt..path2"
+-       42 md5:40b811fb5009223b6da573f169619d8e - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt..path2"
 -      272 md5:0033328434f9662a7dae0d1aee7768b6 - 2000-01-01T00:00:00.000000000+0000 "subdir_with_ࢺ_/filename_contains_ࢺ_.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filename_contains_ࢺ_p2s.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/mañana_funcionará.txt"
diff --git a/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst-new b/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst-new
index 5f3e1c9f19c81..850de84a6433b 100644
--- a/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst-new
+++ b/cmd/bisync/testdata/test_extended_filenames/golden/_testdir_path1.._testdir_path2.path2.lst-new
@@ -8,7 +8,7 @@
 -      272 md5:0033328434f9662a7dae0d1aee7768b6 - 2000-01-01T00:00:00.000000000+0000 "filename_contains_ě_.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir with␊white space.txt/file2 with␊white space.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_rawchars_␙_\x81_\xfe/file3_␙_\x81_\xfe"
--       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt"
+-       42 md5:40b811fb5009223b6da573f169619d8e - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt"
 -      272 md5:0033328434f9662a7dae0d1aee7768b6 - 2000-01-01T00:00:00.000000000+0000 "subdir_with_ࢺ_/filename_contains_ࢺ_.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "subdir_with_ࢺ_/filename_contains_ࢺ_p2s.txt"
 -       19 md5:7fe98ed88552b828777d8630900346b8 - 2001-01-02T00:00:00.000000000+0000 "Русский.txt"
diff --git a/cmd/bisync/testdata/test_extended_filenames/golden/test.log b/cmd/bisync/testdata/test_extended_filenames/golden/test.log
index 9aef610022431..5a7f6412ac9b6 100644
--- a/cmd/bisync/testdata/test_extended_filenames/golden/test.log
+++ b/cmd/bisync/testdata/test_extended_filenames/golden/test.log
@@ -12,30 +12,31 @@ INFO  : Bisync successful
 (04)  : test place a newer files on both paths
 
 (05)  : touch-glob 2001-01-02 {datadir/} file1.txt
-(06)  : copy-as {datadir/}file1.txt {path2/} New_top_level_mañana_funcionará.txt
-(07)  : copy-as {datadir/}file1.txt {path2/} file_enconde_mañana_funcionará.txt
-(08)  : copy-as {datadir/}file1.txt {path1/} filename_contains_ࢺ_p1m.txt
-(09)  : copy-as {datadir/}file1.txt {path2/} Русский.txt
-(10)  : copy-as {datadir/}file1.txt {path1/} file1_with{spc}white{spc}space.txt
-(11)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ test.txt
-(12)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ mañana_funcionará.txt
-(13)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ file_with_測試_.txt
-(14)  : copy-as {datadir/}file1.txt {path2/}subdir_with_ࢺ_ filename_contains_ࢺ_p2s.txt
-(15)  : copy-as {datadir/}file1.txt {path2/}subdir{spc}with{eol}white{spc}space.txt file2{spc}with{eol}white{spc}space.txt
-(16)  : copy-as {datadir/}file1.txt {path2/}subdir_rawchars_{chr:19}_{chr:81}_{chr:fe} file3_{chr:19}_{chr:81}_{chr:fe}
+(06)  : touch-glob 2001-01-02 {datadir/} file2.txt
+(07)  : copy-as {datadir/}file1.txt {path2/} New_top_level_mañana_funcionará.txt
+(08)  : copy-as {datadir/}file1.txt {path2/} file_enconde_mañana_funcionará.txt
+(09)  : copy-as {datadir/}file1.txt {path1/} filename_contains_ࢺ_p1m.txt
+(10)  : copy-as {datadir/}file1.txt {path2/} Русский.txt
+(11)  : copy-as {datadir/}file1.txt {path1/} file1_with{spc}white{spc}space.txt
+(12)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ test.txt
+(13)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ mañana_funcionará.txt
+(14)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ file_with_測試_.txt
+(15)  : copy-as {datadir/}file1.txt {path2/}subdir_with_ࢺ_ filename_contains_ࢺ_p2s.txt
+(16)  : copy-as {datadir/}file1.txt {path2/}subdir{spc}with{eol}white{spc}space.txt file2{spc}with{eol}white{spc}space.txt
+(17)  : copy-as {datadir/}file1.txt {path2/}subdir_rawchars_{chr:19}_{chr:81}_{chr:fe} file3_{chr:19}_{chr:81}_{chr:fe}
 
-(17)  : test place a new file on both paths
-(18)  : copy-as {datadir/}file1.txt {path2/}subdir_with_ࢺ_ filechangedbothpaths_ࢺ_.txt
-(19)  : touch-glob 2001-01-03 {datadir/} file1.txt
-(20)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ filechangedbothpaths_ࢺ_.txt
+(18)  : test place a new file on both paths
+(19)  : copy-as {datadir/}file2.txt {path2/}subdir_with_ࢺ_ filechangedbothpaths_ࢺ_.txt
+(20)  : touch-glob 2001-01-03 {datadir/} file1.txt
+(21)  : copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ filechangedbothpaths_ࢺ_.txt
 
-(21)  : test delete files on both paths
-(22)  : delete-file {path2/}filename_contains_ࢺ_.txt
-(23)  : delete-file {path2/}subdir_with_ࢺ_/filename_contains_ě_.txt
-(24)  : delete-file {path1/}Русский.txt
+(22)  : test delete files on both paths
+(23)  : delete-file {path2/}filename_contains_ࢺ_.txt
+(24)  : delete-file {path2/}subdir_with_ࢺ_/filename_contains_ě_.txt
+(25)  : delete-file {path1/}Русский.txt
 
-(25)  : test bisync run
-(26)  : bisync
+(26)  : test bisync run
+(27)  : bisync
 INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
 INFO  : Path1 checking for diffs
 INFO  : - Path1    File is new                         - file1_with white space.txt
@@ -58,6 +59,11 @@ INFO  : - Path2    File was deleted                    - filename_contains_ࢺ_.
 INFO  : - Path2    File was deleted                    - subdir_with_ࢺ_/filename_contains_ě_.txt
 INFO  : Path2:    9 changes:    5 new,    2 newer,    0 older,    2 deleted
 INFO  : Applying changes
+INFO  : Checking potential conflicts...
+ERROR : subdir_with_ࢺ_/filechangedbothpaths_ࢺ_.txt: sizes differ
+NOTICE: Local file system at {path2}: 1 differences found
+NOTICE: Local file system at {path2}: 1 errors while checking
+INFO  : Finished checking the potential conflicts. 1 differences found
 INFO  : - Path1    Queue copy to Path2                 - {path2/}file1_with white space.txt
 INFO  : - Path1    Queue copy to Path2                 - {path2/}filename_contains_ࢺ_p1m.txt
 INFO  : - Path1    Queue copy to Path2                 - {path2/}subdir_with_ࢺ_/file_with_測試_.txt
diff --git a/cmd/bisync/testdata/test_extended_filenames/modfiles/file2.txt b/cmd/bisync/testdata/test_extended_filenames/modfiles/file2.txt
new file mode 100644
index 0000000000000..76f450b352469
--- /dev/null
+++ b/cmd/bisync/testdata/test_extended_filenames/modfiles/file2.txt
@@ -0,0 +1 @@
+This file is newer and not equal to file1
diff --git a/cmd/bisync/testdata/test_extended_filenames/scenario.txt b/cmd/bisync/testdata/test_extended_filenames/scenario.txt
index 7c722720a7675..774f5db8f5153 100644
--- a/cmd/bisync/testdata/test_extended_filenames/scenario.txt
+++ b/cmd/bisync/testdata/test_extended_filenames/scenario.txt
@@ -16,6 +16,7 @@ bisync resync
 test place a newer files on both paths
 # force specific modification time since file time is lost through git
 touch-glob 2001-01-02 {datadir/} file1.txt
+touch-glob 2001-01-02 {datadir/} file2.txt
 copy-as {datadir/}file1.txt {path2/} New_top_level_mañana_funcionará.txt
 copy-as {datadir/}file1.txt {path2/} file_enconde_mañana_funcionará.txt
 copy-as {datadir/}file1.txt {path1/} filename_contains_ࢺ_p1m.txt
@@ -29,7 +30,7 @@ copy-as {datadir/}file1.txt {path2/}subdir{spc}with{eol}white{spc}space.txt file
 copy-as {datadir/}file1.txt {path2/}subdir_rawchars_{chr:19}_{chr:81}_{chr:fe} file3_{chr:19}_{chr:81}_{chr:fe}
 
 test place a new file on both paths
-copy-as {datadir/}file1.txt {path2/}subdir_with_ࢺ_ filechangedbothpaths_ࢺ_.txt
+copy-as {datadir/}file2.txt {path2/}subdir_with_ࢺ_ filechangedbothpaths_ࢺ_.txt
 touch-glob 2001-01-03 {datadir/} file1.txt
 copy-as {datadir/}file1.txt {path1/}subdir_with_ࢺ_ filechangedbothpaths_ࢺ_.txt
 
diff --git a/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path1.lst-dry b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path1.lst-dry
new file mode 100644
index 0000000000000..84468462625ab
--- /dev/null
+++ b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path1.lst-dry
@@ -0,0 +1,5 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "subdir/file20.txt"
diff --git a/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path1.lst-dry-new b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path1.lst-dry-new
new file mode 100644
index 0000000000000..84468462625ab
--- /dev/null
+++ b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path1.lst-dry-new
@@ -0,0 +1,5 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "subdir/file20.txt"
diff --git a/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path2.lst-dry b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path2.lst-dry
new file mode 100644
index 0000000000000..84468462625ab
--- /dev/null
+++ b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path2.lst-dry
@@ -0,0 +1,5 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "subdir/file20.txt"
diff --git a/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path2.lst-dry-new b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path2.lst-dry-new
new file mode 100644
index 0000000000000..84468462625ab
--- /dev/null
+++ b/cmd/bisync/testdata/test_filtersfile_checks/golden/_testdir_path1.._testdir_path2.path2.lst-dry-new
@@ -0,0 +1,5 @@
+# bisync listing v1 from test
+-      109 md5:294d25b294ff26a5243dba914ac3fbf7 - 2000-01-01T00:00:00.000000000+0000 "RCLONE_TEST"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file1.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "file2.txt"
+-        0 md5:d41d8cd98f00b204e9800998ecf8427e - 2000-01-01T00:00:00.000000000+0000 "subdir/file20.txt"
diff --git a/cmd/bisync/testdata/test_filtersfile_checks/golden/test.log b/cmd/bisync/testdata/test_filtersfile_checks/golden/test.log
index 606e06ef7dba6..ab50cf9cfc446 100644
--- a/cmd/bisync/testdata/test_filtersfile_checks/golden/test.log
+++ b/cmd/bisync/testdata/test_filtersfile_checks/golden/test.log
@@ -58,3 +58,21 @@ INFO  : Using filters file {workdir/}filtersfile.txt
 ERROR : Bisync critical error: filters file has changed (must run --resync): {workdir/}filtersfile.txt
 ERROR : Bisync aborted. Must run --resync to recover.
 Bisync error: bisync aborted
+
+(18)  : test 8. run with filters-file and resync and dry-run. should do the dry-run but still cause next non-resync run to abort.
+(19)  : bisync filters-file={workdir/}filtersfile.txt resync dry-run
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Using filters file {workdir/}filtersfile.txt
+INFO  : Skipped storing filters file hash to {workdir/}filtersfile.txt.md5 as --dry-run is set
+INFO  : Copying unique Path2 files to Path1
+INFO  : Resynching Path1 to Path2
+INFO  : Resync updating listings
+INFO  : Bisync successful
+
+(20)  : test 9. run with filters-file alone. should abort.
+(21)  : bisync filters-file={workdir/}filtersfile.txt
+INFO  : Synching Path1 "{path1/}" with Path2 "{path2/}"
+INFO  : Using filters file {workdir/}filtersfile.txt
+ERROR : Bisync critical error: filters file has changed (must run --resync): {workdir/}filtersfile.txt
+ERROR : Bisync aborted. Must run --resync to recover.
+Bisync error: bisync aborted
diff --git a/cmd/bisync/testdata/test_filtersfile_checks/scenario.txt b/cmd/bisync/testdata/test_filtersfile_checks/scenario.txt
index 0cb206cef6e48..fa8054799967c 100644
--- a/cmd/bisync/testdata/test_filtersfile_checks/scenario.txt
+++ b/cmd/bisync/testdata/test_filtersfile_checks/scenario.txt
@@ -34,3 +34,9 @@ copy-as {datadir/}filtersfile2.txt {workdir/} filtersfile.txt
 
 test 7. run with filters-file alone. should abort.
 bisync filters-file={workdir/}filtersfile.txt
+
+test 8. run with filters-file and resync and dry-run. should do the dry-run but still cause next non-resync run to abort.
+bisync filters-file={workdir/}filtersfile.txt resync dry-run
+
+test 9. run with filters-file alone. should abort.
+bisync filters-file={workdir/}filtersfile.txt
\ No newline at end of file
diff --git a/cmd/cat/cat.go b/cmd/cat/cat.go
index 03ed4e6e39ebc..dc8d789be7922 100644
--- a/cmd/cat/cat.go
+++ b/cmd/cat/cat.go
@@ -16,21 +16,23 @@ import (
 
 // Globals
 var (
-	head    = int64(0)
-	tail    = int64(0)
-	offset  = int64(0)
-	count   = int64(-1)
-	discard = false
+	head      = int64(0)
+	tail      = int64(0)
+	offset    = int64(0)
+	count     = int64(-1)
+	discard   = false
+	separator = string("")
 )
 
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.Int64VarP(cmdFlags, &head, "head", "", head, "Only print the first N characters")
-	flags.Int64VarP(cmdFlags, &tail, "tail", "", tail, "Only print the last N characters")
-	flags.Int64VarP(cmdFlags, &offset, "offset", "", offset, "Start printing at offset N (or from end if -ve)")
-	flags.Int64VarP(cmdFlags, &count, "count", "", count, "Only print N characters")
-	flags.BoolVarP(cmdFlags, &discard, "discard", "", discard, "Discard the output instead of printing")
+	flags.Int64VarP(cmdFlags, &head, "head", "", head, "Only print the first N characters", "")
+	flags.Int64VarP(cmdFlags, &tail, "tail", "", tail, "Only print the last N characters", "")
+	flags.Int64VarP(cmdFlags, &offset, "offset", "", offset, "Start printing at offset N (or from end if -ve)", "")
+	flags.Int64VarP(cmdFlags, &count, "count", "", count, "Only print N characters", "")
+	flags.BoolVarP(cmdFlags, &discard, "discard", "", discard, "Discard the output instead of printing", "")
+	flags.StringVarP(cmdFlags, &separator, "separator", "", separator, "Separator to use between objects when printing multiple files", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -56,9 +58,22 @@ Use the |--head| flag to print characters only at the start, |--tail| for
 the end and |--offset| and |--count| to print a section in the middle.
 Note that if offset is negative it will count from the end, so
 |--offset -1 --count 1| is equivalent to |--tail 1|.
+
+Use the |--separator| flag to print a separator value between files. Be sure to
+shell-escape special characters. For example, to print a newline between
+files, use:
+
+* bash:
+
+      rclone --include "*.txt" --separator $'\n' cat remote:path/to/dir
+
+* powershell:
+
+      rclone --include "*.txt" --separator "|n" cat remote:path/to/dir
 `, "|", "`"),
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.33",
+		"groups":            "Filter,Listing",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		usedOffset := offset != 0 || count >= 0
@@ -82,7 +97,7 @@ Note that if offset is negative it will count from the end, so
 			w = io.Discard
 		}
 		cmd.Run(false, false, command, func() error {
-			return operations.Cat(context.Background(), fsrc, w, offset, count)
+			return operations.Cat(context.Background(), fsrc, w, offset, count, []byte(separator))
 		})
 	},
 }
diff --git a/cmd/check/check.go b/cmd/check/check.go
index 3c126e176275b..9217eee7d678f 100644
--- a/cmd/check/check.go
+++ b/cmd/check/check.go
@@ -33,20 +33,20 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &download, "download", "", download, "Check by downloading rather than with hash")
-	flags.StringVarP(cmdFlags, &checkFileHashType, "checkfile", "C", checkFileHashType, "Treat source:path as a SUM file with hashes of given type")
+	flags.BoolVarP(cmdFlags, &download, "download", "", download, "Check by downloading rather than with hash", "")
+	flags.StringVarP(cmdFlags, &checkFileHashType, "checkfile", "C", checkFileHashType, "Treat source:path as a SUM file with hashes of given type", "")
 	AddFlags(cmdFlags)
 }
 
 // AddFlags adds the check flags to the cmdFlags command
 func AddFlags(cmdFlags *pflag.FlagSet) {
-	flags.BoolVarP(cmdFlags, &oneway, "one-way", "", oneway, "Check one way only, source files must exist on remote")
-	flags.StringVarP(cmdFlags, &combined, "combined", "", combined, "Make a combined report of changes to this file")
-	flags.StringVarP(cmdFlags, &missingOnSrc, "missing-on-src", "", missingOnSrc, "Report all files missing from the source to this file")
-	flags.StringVarP(cmdFlags, &missingOnDst, "missing-on-dst", "", missingOnDst, "Report all files missing from the destination to this file")
-	flags.StringVarP(cmdFlags, &match, "match", "", match, "Report all matching files to this file")
-	flags.StringVarP(cmdFlags, &differ, "differ", "", differ, "Report all non-matching files to this file")
-	flags.StringVarP(cmdFlags, &errFile, "error", "", errFile, "Report all files with errors (hashing or reading) to this file")
+	flags.BoolVarP(cmdFlags, &oneway, "one-way", "", oneway, "Check one way only, source files must exist on remote", "")
+	flags.StringVarP(cmdFlags, &combined, "combined", "", combined, "Make a combined report of changes to this file", "")
+	flags.StringVarP(cmdFlags, &missingOnSrc, "missing-on-src", "", missingOnSrc, "Report all files missing from the source to this file", "")
+	flags.StringVarP(cmdFlags, &missingOnDst, "missing-on-dst", "", missingOnDst, "Report all files missing from the destination to this file", "")
+	flags.StringVarP(cmdFlags, &match, "match", "", match, "Report all matching files to this file", "")
+	flags.StringVarP(cmdFlags, &differ, "differ", "", differ, "Report all non-matching files to this file", "")
+	flags.StringVarP(cmdFlags, &errFile, "error", "", errFile, "Report all files with errors (hashing or reading) to this file", "")
 }
 
 // FlagsHelp describes the flags for the help
@@ -72,6 +72,9 @@ you what happened to it. These are reminiscent of diff files.
 - |+ path| means path was missing on the destination, so only in the source
 - |* path| means path was present in source and destination but different.
 - |! path| means there was an error reading or hashing the source or dest.
+
+The default number of parallel checks is 8. See the [--checkers=N](/docs/#checkers-n)
+option for more information.
 `, "|", "`")
 
 // GetCheckOpt gets the options corresponding to the check flags
@@ -142,7 +145,7 @@ match.  It doesn't alter the source or destination.
 
 For the [crypt](/crypt/) remote there is a dedicated command,
 [cryptcheck](/commands/rclone_cryptcheck/), that are able to check
-the checksums of the crypted files.
+the checksums of the encrypted files.
 
 If you supply the |--size-only| flag, it will only compare the sizes not
 the hashes as well.  Use this for a quick check.
@@ -155,6 +158,9 @@ to check all the data.
 If you supply the |--checkfile HASH| flag with a valid hash name,
 the |source:path| must point to a text file in the SUM format.
 `, "|", "`") + FlagsHelp,
+	Annotations: map[string]string{
+		"groups": "Filter,Listing,Check",
+	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(2, 2, command, args)
 		var (
diff --git a/cmd/checksum/checksum.go b/cmd/checksum/checksum.go
index 4dee6611c3020..16b83429e84ec 100644
--- a/cmd/checksum/checksum.go
+++ b/cmd/checksum/checksum.go
@@ -19,26 +19,30 @@ var download = false
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &download, "download", "", download, "Check by hashing the contents")
+	flags.BoolVarP(cmdFlags, &download, "download", "", download, "Check by hashing the contents", "")
 	check.AddFlags(cmdFlags)
 }
 
 var commandDefinition = &cobra.Command{
-	Use:   "checksum <hash> sumfile src:path",
-	Short: `Checks the files in the source against a SUM file.`,
+	Use:   "checksum <hash> sumfile dst:path",
+	Short: `Checks the files in the destination against a SUM file.`,
 	Long: strings.ReplaceAll(`
-Checks that hashsums of source files match the SUM file.
+Checks that hashsums of destination files match the SUM file.
 It compares hashes (MD5, SHA1, etc) and logs a report of files which
 don't match.  It doesn't alter the file system.
 
-If you supply the |--download| flag, it will download the data from remote
-and calculate the contents hash on the fly.  This can be useful for remotes
+The sumfile is treated as the source and the dst:path is treated as
+the destination for the purposes of the output.
+
+If you supply the |--download| flag, it will download the data from the remote
+and calculate the content hash on the fly.  This can be useful for remotes
 that don't support hashes or if you really want to check all the data.
 
 Note that hash values in the SUM file are treated as case insensitive.
 `, "|", "`") + check.FlagsHelp,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.56",
+		"groups":            "Filter,Listing",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(3, 3, command, args)
diff --git a/cmd/cleanup/cleanup.go b/cmd/cleanup/cleanup.go
index d23f0cb91bd17..0b6687e3b6af1 100644
--- a/cmd/cleanup/cleanup.go
+++ b/cmd/cleanup/cleanup.go
@@ -22,6 +22,7 @@ versions. Not supported by all remotes.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.31",
+		"groups":            "Important",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/cmd.go b/cmd/cmd.go
index 73fe98a2d1102..7043995f02b27 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -1,6 +1,6 @@
 // Package cmd implements the rclone command
 //
-// It is in a sub package so it's internals can be re-used elsewhere
+// It is in a sub package so it's internals can be reused elsewhere
 package cmd
 
 // FIXME only attach the remote flags when using a remote???
@@ -35,6 +35,7 @@ import (
 	fslog "github.com/rclone/rclone/fs/log"
 	"github.com/rclone/rclone/fs/rc/rcflags"
 	"github.com/rclone/rclone/fs/rc/rcserver"
+	fssync "github.com/rclone/rclone/fs/sync"
 	"github.com/rclone/rclone/lib/atexit"
 	"github.com/rclone/rclone/lib/buildinfo"
 	"github.com/rclone/rclone/lib/exitcode"
@@ -47,13 +48,13 @@ import (
 // Globals
 var (
 	// Flags
-	cpuProfile      = flags.StringP("cpuprofile", "", "", "Write cpu profile to file")
-	memProfile      = flags.StringP("memprofile", "", "", "Write memory profile to file")
-	statsInterval   = flags.DurationP("stats", "", time.Minute*1, "Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable)")
-	dataRateUnit    = flags.StringP("stats-unit", "", "bytes", "Show data rate in stats as either 'bits' or 'bytes' per second")
+	cpuProfile      = flags.StringP("cpuprofile", "", "", "Write cpu profile to file", "Debugging")
+	memProfile      = flags.StringP("memprofile", "", "", "Write memory profile to file", "Debugging")
+	statsInterval   = flags.DurationP("stats", "", time.Minute*1, "Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable)", "Logging")
+	dataRateUnit    = flags.StringP("stats-unit", "", "bytes", "Show data rate in stats as either 'bits' or 'bytes' per second", "Logging")
 	version         bool
-	retries         = flags.IntP("retries", "", 3, "Retry operations this many times if they fail")
-	retriesInterval = flags.DurationP("retries-sleep", "", 0, "Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable)")
+	retries         = flags.IntP("retries", "", 3, "Retry operations this many times if they fail", "Config")
+	retriesInterval = flags.DurationP("retries-sleep", "", 0, "Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable)", "Config")
 	// Errors
 	errorCommandNotFound    = errors.New("command not found")
 	errorUncategorized      = errors.New("uncategorized error")
@@ -501,6 +502,8 @@ func resolveExitCode(err error) {
 		os.Exit(exitcode.UncategorizedError)
 	case errors.Is(err, accounting.ErrorMaxTransferLimitReached):
 		os.Exit(exitcode.TransferExceeded)
+	case errors.Is(err, fssync.ErrorMaxDurationReached):
+		os.Exit(exitcode.DurationExceeded)
 	case fserrors.ShouldRetry(err):
 		os.Exit(exitcode.RetryError)
 	case fserrors.IsNoRetryError(err), fserrors.IsNoLowLevelRetryError(err):
diff --git a/cmd/cmount/fs.go b/cmd/cmount/fs.go
index a60bd833642b0..4ba22ea304618 100644
--- a/cmd/cmount/fs.go
+++ b/cmd/cmount/fs.go
@@ -30,7 +30,7 @@ type FS struct {
 	ready     chan (struct{})
 	mu        sync.Mutex // to protect the below
 	handles   []vfs.Handle
-	destroyed int32 // read/write with sync/atomic
+	destroyed atomic.Int32
 }
 
 // NewFS makes a new FS
@@ -190,7 +190,7 @@ func (fsys *FS) Init() {
 // Destroy call).
 func (fsys *FS) Destroy() {
 	defer log.Trace(fsys.f, "")("")
-	atomic.StoreInt32(&fsys.destroyed, 1)
+	fsys.destroyed.Store(1)
 }
 
 // Getattr reads the attributes for path
diff --git a/cmd/cmount/mount.go b/cmd/cmount/mount.go
index 2b7b5d19edf47..f6d86bdb5c5d9 100644
--- a/cmd/cmount/mount.go
+++ b/cmd/cmount/mount.go
@@ -13,7 +13,6 @@ import (
 	"os"
 	"runtime"
 	"strings"
-	"sync/atomic"
 	"time"
 
 	"github.com/rclone/rclone/cmd/mountlib"
@@ -26,7 +25,7 @@ import (
 
 func init() {
 	name := "cmount"
-	cmountOnly := ProvidedBy(runtime.GOOS)
+	cmountOnly := runtime.GOOS != "linux" // rclone mount only works for linux
 	if cmountOnly {
 		name = "mount"
 	}
@@ -160,7 +159,11 @@ func mount(VFS *vfs.VFS, mountPath string, opt *mountlib.Options) (<-chan error,
 	fsys := NewFS(VFS)
 	host := fuse.NewFileSystemHost(fsys)
 	host.SetCapReaddirPlus(true) // only works on Windows
-	host.SetCapCaseInsensitive(f.Features().CaseInsensitive)
+	if opt.CaseInsensitive.Valid {
+		host.SetCapCaseInsensitive(opt.CaseInsensitive.Value)
+	} else {
+		host.SetCapCaseInsensitive(f.Features().CaseInsensitive)
+	}
 
 	// Create options
 	options := mountOptions(VFS, opt.DeviceName, mountpoint, opt)
@@ -188,7 +191,7 @@ func mount(VFS *vfs.VFS, mountPath string, opt *mountlib.Options) (<-chan error,
 		// Shutdown the VFS
 		fsys.VFS.Shutdown()
 		var umountOK bool
-		if atomic.LoadInt32(&fsys.destroyed) != 0 {
+		if fsys.destroyed.Load() != 0 {
 			fs.Debugf(nil, "Not calling host.Unmount as mount already Destroyed")
 			umountOK = true
 		} else if atexit.Signalled() {
diff --git a/cmd/cmount/mount_brew.go b/cmd/cmount/mount_brew.go
index 964c0b234967b..7f368ccab0a02 100644
--- a/cmd/cmount/mount_brew.go
+++ b/cmd/cmount/mount_brew.go
@@ -28,7 +28,7 @@ func init() {
 // returns an error, and an error channel for the serve process to
 // report an error when fusermount is called.
 func mount(_ *vfs.VFS, _ string, _ *mountlib.Options) (<-chan error, func() error, error) {
-	return nil, nil, errors.New("mount is not supported on MacOS when installed via Homebrew. " +
-		"Please install the binaries available at https://rclone." +
-		"org/downloads/ instead if you want to use the mount command")
+	return nil, nil, errors.New("rclone mount is not supported on MacOS when rclone is installed via Homebrew. " +
+		"Please install the rclone binaries available at https://rclone.org/downloads/ " +
+		"instead if you want to use the rclone mount command")
 }
diff --git a/cmd/cmount/mount_test.go b/cmd/cmount/mount_test.go
index 7c9c852f6538c..8da6116e26d2a 100644
--- a/cmd/cmount/mount_test.go
+++ b/cmd/cmount/mount_test.go
@@ -15,6 +15,7 @@ import (
 	"testing"
 
 	"github.com/rclone/rclone/fstest/testy"
+	"github.com/rclone/rclone/vfs/vfscommon"
 	"github.com/rclone/rclone/vfs/vfstest"
 )
 
@@ -23,5 +24,5 @@ func TestMount(t *testing.T) {
 	if runtime.GOOS == "darwin" {
 		testy.SkipUnreliable(t)
 	}
-	vfstest.RunTests(t, false, mount)
+	vfstest.RunTests(t, false, vfscommon.CacheModeOff, true, mount)
 }
diff --git a/cmd/config/config.go b/cmd/config/config.go
index e3b916aad904c..9fca8a758fac6 100644
--- a/cmd/config/config.go
+++ b/cmd/config/config.go
@@ -26,6 +26,7 @@ func init() {
 	configCommand.AddCommand(configTouchCommand)
 	configCommand.AddCommand(configPathsCommand)
 	configCommand.AddCommand(configShowCommand)
+	configCommand.AddCommand(configRedactedCommand)
 	configCommand.AddCommand(configDumpCommand)
 	configCommand.AddCommand(configProvidersCommand)
 	configCommand.AddCommand(configCreateCommand)
@@ -60,7 +61,10 @@ var configEditCommand = &cobra.Command{
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.39",
 	},
-	Run: configCommand.Run,
+	RunE: func(command *cobra.Command, args []string) error {
+		cmd.CheckArgs(0, 0, command, args)
+		return config.EditConfig(context.Background())
+	},
 }
 
 var configFileCommand = &cobra.Command{
@@ -118,6 +122,35 @@ var configShowCommand = &cobra.Command{
 	},
 }
 
+var configRedactedCommand = &cobra.Command{
+	Use:   "redacted [<remote>]",
+	Short: `Print redacted (decrypted) config file, or the redacted config for a single remote.`,
+	Long: `This prints a redacted copy of the config file, either the
+whole config file or for a given remote.
+
+The config file will be redacted by replacing all passwords and other
+sensitive info with XXX.
+
+This makes the config file suitable for posting online for support.
+
+It should be double checked before posting as the redaction may not be perfect.
+
+`,
+	Annotations: map[string]string{
+		"versionIntroduced": "v1.64",
+	},
+	Run: func(command *cobra.Command, args []string) {
+		cmd.CheckArgs(0, 1, command, args)
+		if len(args) == 0 {
+			config.ShowRedactedConfig()
+		} else {
+			name := strings.TrimRight(args[0], ":")
+			config.ShowRedactedRemote(name)
+		}
+		fmt.Println("### Double check the config for sensitive info before posting publicly")
+	},
+}
+
 var configDumpCommand = &cobra.Command{
 	Use:   "dump",
 	Short: `Dump the config file as JSON.`,
@@ -288,13 +321,13 @@ func doConfig(name string, in rc.Params, do func(config.UpdateRemoteOpt) (*fs.Co
 
 func init() {
 	for _, cmdFlags := range []*pflag.FlagSet{configCreateCommand.Flags(), configUpdateCommand.Flags()} {
-		flags.BoolVarP(cmdFlags, &updateRemoteOpt.Obscure, "obscure", "", false, "Force any passwords to be obscured")
-		flags.BoolVarP(cmdFlags, &updateRemoteOpt.NoObscure, "no-obscure", "", false, "Force any passwords not to be obscured")
-		flags.BoolVarP(cmdFlags, &updateRemoteOpt.NonInteractive, "non-interactive", "", false, "Don't interact with user and return questions")
-		flags.BoolVarP(cmdFlags, &updateRemoteOpt.Continue, "continue", "", false, "Continue the configuration process with an answer")
-		flags.BoolVarP(cmdFlags, &updateRemoteOpt.All, "all", "", false, "Ask the full set of config questions")
-		flags.StringVarP(cmdFlags, &updateRemoteOpt.State, "state", "", "", "State - use with --continue")
-		flags.StringVarP(cmdFlags, &updateRemoteOpt.Result, "result", "", "", "Result - use with --continue")
+		flags.BoolVarP(cmdFlags, &updateRemoteOpt.Obscure, "obscure", "", false, "Force any passwords to be obscured", "Config")
+		flags.BoolVarP(cmdFlags, &updateRemoteOpt.NoObscure, "no-obscure", "", false, "Force any passwords not to be obscured", "Config")
+		flags.BoolVarP(cmdFlags, &updateRemoteOpt.NonInteractive, "non-interactive", "", false, "Don't interact with user and return questions", "Config")
+		flags.BoolVarP(cmdFlags, &updateRemoteOpt.Continue, "continue", "", false, "Continue the configuration process with an answer", "Config")
+		flags.BoolVarP(cmdFlags, &updateRemoteOpt.All, "all", "", false, "Ask the full set of config questions", "Config")
+		flags.StringVarP(cmdFlags, &updateRemoteOpt.State, "state", "", "", "State - use with --continue", "Config")
+		flags.StringVarP(cmdFlags, &updateRemoteOpt.Result, "result", "", "", "Result - use with --continue", "Config")
 	}
 }
 
@@ -450,7 +483,7 @@ var (
 )
 
 func init() {
-	flags.BoolVarP(configUserInfoCommand.Flags(), &jsonOutput, "json", "", false, "Format output as JSON")
+	flags.BoolVarP(configUserInfoCommand.Flags(), &jsonOutput, "json", "", false, "Format output as JSON", "")
 }
 
 var configUserInfoCommand = &cobra.Command{
diff --git a/cmd/copy/copy.go b/cmd/copy/copy.go
index c6e42a70ea9bd..745811de46e2a 100644
--- a/cmd/copy/copy.go
+++ b/cmd/copy/copy.go
@@ -19,7 +19,7 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &createEmptySrcDirs, "create-empty-src-dirs", "", createEmptySrcDirs, "Create empty source dirs on destination after copy")
+	flags.BoolVarP(cmdFlags, &createEmptySrcDirs, "create-empty-src-dirs", "", createEmptySrcDirs, "Create empty source dirs on destination after copy", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -83,6 +83,9 @@ recently very efficiently like this:
 
 **Note**: Use the |--dry-run| or the |--interactive|/|-i| flag to test without copying anything.
 `, "|", "`"),
+	Annotations: map[string]string{
+		"groups": "Copy,Filter,Listing,Important",
+	},
 	Run: func(command *cobra.Command, args []string) {
 
 		cmd.CheckArgs(2, 2, command, args)
diff --git a/cmd/copyto/copyto.go b/cmd/copyto/copyto.go
index 337a80b3aaa42..27efcc0beaea9 100644
--- a/cmd/copyto/copyto.go
+++ b/cmd/copyto/copyto.go
@@ -48,6 +48,7 @@ the destination.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.35",
+		"groups":            "Copy,Filter,Listing,Important",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(2, 2, command, args)
diff --git a/cmd/copyurl/copyurl.go b/cmd/copyurl/copyurl.go
index 9b9063861a355..b5df8c88f0c5f 100644
--- a/cmd/copyurl/copyurl.go
+++ b/cmd/copyurl/copyurl.go
@@ -25,11 +25,11 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &autoFilename, "auto-filename", "a", autoFilename, "Get the file name from the URL and use it for destination file path")
-	flags.BoolVarP(cmdFlags, &headerFilename, "header-filename", "", headerFilename, "Get the file name from the Content-Disposition header")
-	flags.BoolVarP(cmdFlags, &printFilename, "print-filename", "p", printFilename, "Print the resulting name from --auto-filename")
-	flags.BoolVarP(cmdFlags, &noClobber, "no-clobber", "", noClobber, "Prevent overwriting file with same name")
-	flags.BoolVarP(cmdFlags, &stdout, "stdout", "", stdout, "Write the output to stdout rather than a file")
+	flags.BoolVarP(cmdFlags, &autoFilename, "auto-filename", "a", autoFilename, "Get the file name from the URL and use it for destination file path", "")
+	flags.BoolVarP(cmdFlags, &headerFilename, "header-filename", "", headerFilename, "Get the file name from the Content-Disposition header", "")
+	flags.BoolVarP(cmdFlags, &printFilename, "print-filename", "p", printFilename, "Print the resulting name from --auto-filename", "")
+	flags.BoolVarP(cmdFlags, &noClobber, "no-clobber", "", noClobber, "Prevent overwriting file with same name", "")
+	flags.BoolVarP(cmdFlags, &stdout, "stdout", "", stdout, "Write the output to stdout rather than a file", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -53,6 +53,7 @@ will cause the output to be written to standard output.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.43",
+		"groups":            "Important",
 	},
 	RunE: func(command *cobra.Command, args []string) (err error) {
 		cmd.CheckArgs(1, 2, command, args)
diff --git a/cmd/cryptcheck/cryptcheck.go b/cmd/cryptcheck/cryptcheck.go
index 481c4cecec9ee..e26e1b89e880a 100644
--- a/cmd/cryptcheck/cryptcheck.go
+++ b/cmd/cryptcheck/cryptcheck.go
@@ -22,11 +22,11 @@ func init() {
 
 var commandDefinition = &cobra.Command{
 	Use:   "cryptcheck remote:path cryptedremote:path",
-	Short: `Cryptcheck checks the integrity of a crypted remote.`,
+	Short: `Cryptcheck checks the integrity of an encrypted remote.`,
 	Long: `
 rclone cryptcheck checks a remote against a [crypted](/crypt/) remote.
 This is the equivalent of running rclone [check](/commands/rclone_check/),
-but able to check the checksums of the crypted remote.
+but able to check the checksums of the encrypted remote.
 
 For it to work the underlying remote of the cryptedremote must support
 some kind of checksum.
@@ -49,6 +49,7 @@ After it has run it will log the status of the encryptedremote:.
 ` + check.FlagsHelp,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.36",
+		"groups":            "Filter,Listing,Check",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(2, 2, command, args)
@@ -59,7 +60,7 @@ After it has run it will log the status of the encryptedremote:.
 	},
 }
 
-// cryptCheck checks the integrity of a crypted remote
+// cryptCheck checks the integrity of an encrypted remote
 func cryptCheck(ctx context.Context, fdst, fsrc fs.Fs) error {
 	// Check to see fcrypt is a crypt
 	fcrypt, ok := fdst.(*crypt.Fs)
diff --git a/cmd/cryptdecode/cryptdecode.go b/cmd/cryptdecode/cryptdecode.go
index a657bb0c59be7..745e710029fda 100644
--- a/cmd/cryptdecode/cryptdecode.go
+++ b/cmd/cryptdecode/cryptdecode.go
@@ -20,7 +20,7 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &Reverse, "reverse", "", Reverse, "Reverse cryptdecode, encrypts filenames")
+	flags.BoolVarP(cmdFlags, &Reverse, "reverse", "", Reverse, "Reverse cryptdecode, encrypts filenames", "")
 }
 
 var commandDefinition = &cobra.Command{
diff --git a/cmd/dedupe/dedupe.go b/cmd/dedupe/dedupe.go
index b56d62d9f4095..a62a07ab69a79 100644
--- a/cmd/dedupe/dedupe.go
+++ b/cmd/dedupe/dedupe.go
@@ -20,8 +20,8 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlag := commandDefinition.Flags()
-	flags.FVarP(cmdFlag, &dedupeMode, "dedupe-mode", "", "Dedupe mode interactive|skip|first|newest|oldest|largest|smallest|rename")
-	flags.BoolVarP(cmdFlag, &byHash, "by-hash", "", false, "Find identical hashes rather than names")
+	flags.FVarP(cmdFlag, &dedupeMode, "dedupe-mode", "", "Dedupe mode interactive|skip|first|newest|oldest|largest|smallest|rename", "")
+	flags.BoolVarP(cmdFlag, &byHash, "by-hash", "", false, "Find identical hashes rather than names", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -137,6 +137,7 @@ Or
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.27",
+		"groups":            "Important",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 2, command, args)
diff --git a/cmd/delete/delete.go b/cmd/delete/delete.go
index 4dcc69ddd3b3c..32c93a8758073 100644
--- a/cmd/delete/delete.go
+++ b/cmd/delete/delete.go
@@ -18,7 +18,7 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &rmdirs, "rmdirs", "", rmdirs, "rmdirs removes empty directories but leaves root intact")
+	flags.BoolVarP(cmdFlags, &rmdirs, "rmdirs", "", rmdirs, "rmdirs removes empty directories but leaves root intact", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -55,6 +55,7 @@ delete all files bigger than 100 MiB.
 `, "|", "`"),
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.27",
+		"groups":            "Important,Filter,Listing",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/deletefile/deletefile.go b/cmd/deletefile/deletefile.go
index 6311b3ddfc7e3..1d6d26c2f81b2 100644
--- a/cmd/deletefile/deletefile.go
+++ b/cmd/deletefile/deletefile.go
@@ -25,6 +25,7 @@ it will always be removed.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.42",
+		"groups":            "Important",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/genautocomplete/genautocomplete.go b/cmd/genautocomplete/genautocomplete.go
index c1408d9f7615a..029b381d3e638 100644
--- a/cmd/genautocomplete/genautocomplete.go
+++ b/cmd/genautocomplete/genautocomplete.go
@@ -11,7 +11,7 @@ func init() {
 }
 
 var completionDefinition = &cobra.Command{
-	Use:   "genautocomplete [shell]",
+	Use:   "completion [shell]",
 	Short: `Output completion script for a given shell.`,
 	Long: `
 Generates a shell completion script for rclone.
@@ -20,4 +20,5 @@ Run with ` + "`--help`" + ` to list the supported shells.
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.33",
 	},
+	Aliases: []string{"genautocomplete"},
 }
diff --git a/cmd/genautocomplete/genautocomplete_powershell.go b/cmd/genautocomplete/genautocomplete_powershell.go
new file mode 100644
index 0000000000000..84e1ea16b2579
--- /dev/null
+++ b/cmd/genautocomplete/genautocomplete_powershell.go
@@ -0,0 +1,44 @@
+package genautocomplete
+
+import (
+	"log"
+	"os"
+
+	"github.com/rclone/rclone/cmd"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	completionDefinition.AddCommand(powershellCommandDefinition)
+}
+
+var powershellCommandDefinition = &cobra.Command{
+	Use:   "powershell [output_file]",
+	Short: `Output powershell completion script for rclone.`,
+	Long: `
+Generate the autocompletion script for powershell.
+
+To load completions in your current shell session:
+
+    rclone completion powershell | Out-String | Invoke-Expression
+
+To load completions for every new session, add the output of the above command
+to your powershell profile.
+
+If output_file is "-" or missing, then the output will be written to stdout.
+`,
+	Run: func(command *cobra.Command, args []string) {
+		cmd.CheckArgs(0, 1, command, args)
+		if len(args) == 0 || (len(args) > 0 && args[0] == "-") {
+			err := cmd.Root.GenPowerShellCompletion(os.Stdout)
+			if err != nil {
+				log.Fatal(err)
+			}
+			return
+		}
+		err := cmd.Root.GenPowerShellCompletionFile(args[0])
+		if err != nil {
+			log.Fatal(err)
+		}
+	},
+}
diff --git a/cmd/gendocs/gendocs.go b/cmd/gendocs/gendocs.go
index 83c54846d44a8..c80b75374f0e6 100644
--- a/cmd/gendocs/gendocs.go
+++ b/cmd/gendocs/gendocs.go
@@ -3,6 +3,7 @@ package gendocs
 
 import (
 	"bytes"
+	"fmt"
 	"log"
 	"os"
 	"path"
@@ -13,10 +14,10 @@ import (
 	"time"
 
 	"github.com/rclone/rclone/cmd"
+	"github.com/rclone/rclone/fs/config/flags"
 	"github.com/rclone/rclone/lib/file"
 	"github.com/spf13/cobra"
 	"github.com/spf13/cobra/doc"
-	"github.com/spf13/pflag"
 )
 
 func init() {
@@ -88,6 +89,7 @@ rclone.org website.`,
 			Annotations map[string]string
 		}
 		var commands = map[string]commandDetails{}
+		var aliases []string
 		var addCommandDetails func(root *cobra.Command)
 		addCommandDetails = func(root *cobra.Command) {
 			name := strings.ReplaceAll(root.CommandPath(), " ", "_") + ".md"
@@ -95,6 +97,7 @@ rclone.org website.`,
 				Short:       root.Short,
 				Annotations: root.Annotations,
 			}
+			aliases = append(aliases, root.Aliases...)
 			for _, c := range root.Commands() {
 				addCommandDetails(c)
 			}
@@ -126,10 +129,6 @@ rclone.org website.`,
 			return "/commands/" + strings.ToLower(base) + "/"
 		}
 
-		// Hide all of the root entries flags
-		cmd.Root.Flags().VisitAll(func(flag *pflag.Flag) {
-			flag.Hidden = true
-		})
 		err = doc.GenMarkdownTreeCustom(cmd.Root, out, prepender, linkHandler)
 		if err != nil {
 			return err
@@ -143,15 +142,50 @@ rclone.org website.`,
 				return err
 			}
 			if !info.IsDir() {
+				name := filepath.Base(path)
+				cmd, ok := commands[name]
+				if !ok {
+					// Avoid man pages which are for aliases. This is a bit messy!
+					for _, alias := range aliases {
+						if strings.Contains(name, alias) {
+							return nil
+						}
+					}
+					return fmt.Errorf("didn't find command for %q", name)
+				}
 				b, err := os.ReadFile(path)
 				if err != nil {
 					return err
 				}
 				doc := string(b)
-				doc = strings.Replace(doc, "\n### SEE ALSO", `
+
+				var out strings.Builder
+				if groupsString := cmd.Annotations["groups"]; groupsString != "" {
+					groups := flags.All.Include(groupsString)
+					for _, group := range groups.Groups {
+						if group.Flags.HasFlags() {
+							_, _ = fmt.Fprintf(&out, "\n### %s Options\n\n", group.Name)
+							_, _ = fmt.Fprintf(&out, "%s\n\n", group.Help)
+							_, _ = fmt.Fprintln(&out, "```")
+							_, _ = out.WriteString(group.Flags.FlagUsages())
+							_, _ = fmt.Fprintln(&out, "```")
+						}
+					}
+				}
+				_, _ = out.WriteString(`
 See the [global flags page](/flags/) for global options not listed here.
 
-### SEE ALSO`, 1)
+`)
+
+				startCut := strings.Index(doc, `### Options inherited from parent commands`)
+				endCut := strings.Index(doc, `## SEE ALSO`)
+				if startCut < 0 || endCut < 0 {
+					if name == "rclone.md" {
+						return nil
+					}
+					return fmt.Errorf("internal error: failed to find cut points: startCut = %d, endCut = %d", startCut, endCut)
+				}
+				doc = doc[:startCut] + out.String() + doc[endCut:]
 				// outdent all the titles by one
 				doc = outdentTitle.ReplaceAllString(doc, `$1`)
 				err = os.WriteFile(path, []byte(doc), 0777)
diff --git a/cmd/hashsum/hashsum.go b/cmd/hashsum/hashsum.go
index 6e39cf7ce82a4..098483499ac56 100644
--- a/cmd/hashsum/hashsum.go
+++ b/cmd/hashsum/hashsum.go
@@ -31,10 +31,10 @@ func init() {
 
 // AddHashsumFlags is a convenience function to add the command flags OutputBase64 and DownloadFlag to hashsum, md5sum, sha1sum
 func AddHashsumFlags(cmdFlags *pflag.FlagSet) {
-	flags.BoolVarP(cmdFlags, &OutputBase64, "base64", "", OutputBase64, "Output base64 encoded hashsum")
-	flags.StringVarP(cmdFlags, &HashsumOutfile, "output-file", "", HashsumOutfile, "Output hashsums to a file rather than the terminal")
-	flags.StringVarP(cmdFlags, &ChecksumFile, "checkfile", "C", ChecksumFile, "Validate hashes against a given SUM file instead of printing them")
-	flags.BoolVarP(cmdFlags, &DownloadFlag, "download", "", DownloadFlag, "Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote")
+	flags.BoolVarP(cmdFlags, &OutputBase64, "base64", "", OutputBase64, "Output base64 encoded hashsum", "")
+	flags.StringVarP(cmdFlags, &HashsumOutfile, "output-file", "", HashsumOutfile, "Output hashsums to a file rather than the terminal", "")
+	flags.StringVarP(cmdFlags, &ChecksumFile, "checkfile", "C", ChecksumFile, "Validate hashes against a given SUM file instead of printing them", "")
+	flags.BoolVarP(cmdFlags, &DownloadFlag, "download", "", DownloadFlag, "Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote", "")
 }
 
 // GetHashsumOutput opens and closes the output file when using the output-file flag
@@ -82,7 +82,7 @@ func CreateFromStdinArg(ht hash.Type, args []string, startArg int) (bool, error)
 }
 
 var commandDefinition = &cobra.Command{
-	Use:   "hashsum <hash> remote:path",
+	Use:   "hashsum [<hash> remote:path]",
 	Short: `Produces a hashsum file for all the objects in the path.`,
 	Long: `
 Produces a hash file for all the objects in the path using the hash
@@ -114,6 +114,7 @@ Note that hash names are case insensitive and values are output in lower case.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.41",
+		"groups":            "Filter,Listing",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(0, 2, command, args)
diff --git a/cmd/help.go b/cmd/help.go
index ecc34b63ea490..ef43a1c0ffadb 100644
--- a/cmd/help.go
+++ b/cmd/help.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/config/configflags"
+	"github.com/rclone/rclone/fs/config/flags"
 	"github.com/rclone/rclone/fs/filter/filterflags"
 	"github.com/rclone/rclone/fs/log/logflags"
 	"github.com/rclone/rclone/fs/rc/rcflags"
@@ -113,7 +114,7 @@ var helpFlags = &cobra.Command{
 	Short: "Show the global flags for rclone",
 	Run: func(command *cobra.Command, args []string) {
 		if len(args) > 0 {
-			re, err := regexp.Compile(args[0])
+			re, err := regexp.Compile(`(?i)` + args[0])
 			if err != nil {
 				log.Fatalf("Failed to compile flags regexp: %v", err)
 			}
@@ -181,7 +182,7 @@ func setupRootCommand(rootCmd *cobra.Command) {
 	Root.Flags().BoolVarP(&version, "version", "V", false, "Print the version number")
 
 	cobra.AddTemplateFunc("showGlobalFlags", func(cmd *cobra.Command) bool {
-		return cmd.CalledAs() == "flags"
+		return cmd.CalledAs() == "flags" || cmd.Annotations["groups"] != ""
 	})
 	cobra.AddTemplateFunc("showCommands", func(cmd *cobra.Command) bool {
 		return cmd.CalledAs() != "flags"
@@ -191,15 +192,21 @@ func setupRootCommand(rootCmd *cobra.Command) {
 		// "rclone help" (which shows the global help)
 		return cmd.CalledAs() != "rclone" && cmd.CalledAs() != ""
 	})
-	cobra.AddTemplateFunc("backendFlags", func(cmd *cobra.Command, include bool) *pflag.FlagSet {
-		backendFlagSet := pflag.NewFlagSet("Backend Flags", pflag.ExitOnError)
+	cobra.AddTemplateFunc("flagGroups", func(cmd *cobra.Command) []*flags.Group {
+		// Add the backend flags and check all flags
+		backendGroup := flags.All.NewGroup("Backend", "Backend only flags. These can be set in the config file also.")
+		allRegistered := flags.All.AllRegistered()
 		cmd.InheritedFlags().VisitAll(func(flag *pflag.Flag) {
-			matched := flagsRe == nil || flagsRe.MatchString(flag.Name)
-			if _, ok := backendFlags[flag.Name]; matched && ok == include {
-				backendFlagSet.AddFlag(flag)
+			if _, ok := backendFlags[flag.Name]; ok {
+				backendGroup.Add(flag)
+			} else if _, ok := allRegistered[flag]; ok {
+				// flag is in a group already
+			} else {
+				fs.Errorf(nil, "Flag --%s is unknown", flag.Name)
 			}
 		})
-		return backendFlagSet
+		groups := flags.All.Filter(flagsRe).Include(cmd.Annotations["groups"])
+		return groups.Groups
 	})
 	rootCmd.SetUsageTemplate(usageTemplate)
 	// rootCmd.SetHelpTemplate(helpTemplate)
@@ -233,11 +240,13 @@ Available Commands:{{range .Commands}}{{if (or .IsAvailableCommand (eq .Name "he
 Flags:
 {{.LocalFlags.FlagUsages | trimTrailingWhitespaces}}{{end}}{{if and (showGlobalFlags .) .HasAvailableInheritedFlags}}
 
-Global Flags:
-{{(backendFlags . false).FlagUsages | trimTrailingWhitespaces}}
+{{ range flagGroups . }}{{ if .Flags.HasFlags }}
+# {{ .Name }} Flags
+
+{{ .Help }}
 
-Backend Flags:
-{{(backendFlags . true).FlagUsages | trimTrailingWhitespaces}}{{end}}{{if .HasHelpSubCommands}}
+{{ .Flags.FlagUsages | trimTrailingWhitespaces}}
+{{ end }}{{ end }}
 
 Additional help topics:{{range .Commands}}{{if .IsAdditionalHelpTopicCommand}}
   {{rpad .CommandPath .CommandPathPadding}} {{.Short}}{{end}}{{end}}{{end}}
@@ -255,24 +264,18 @@ description: "Rclone Global Flags"
 # Global Flags
 
 This describes the global flags available to every rclone command
-split into two groups, non backend and backend flags.
+split into groups.
 
-## Non Backend Flags
+{{ range flagGroups . }}{{ if .Flags.HasFlags }}
+## {{ .Name }}
 
-These flags are available for every command.
+{{ .Help }}
 
 ` + "```" + `
-{{(backendFlags . false).FlagUsages | trimTrailingWhitespaces}}
+{{ .Flags.FlagUsages | trimTrailingWhitespaces}}
 ` + "```" + `
 
-## Backend Flags
-
-These flags are available for every command. They control the backends
-and may be set in the config file.
-
-` + "```" + `
-{{(backendFlags . true).FlagUsages | trimTrailingWhitespaces}}
-` + "```" + `
+{{ end }}{{ end }}
 `
 
 // show all the backends
@@ -306,6 +309,7 @@ func showBackend(name string) {
 		if _, doneAlready := done[opt.Name]; doneAlready {
 			continue
 		}
+		done[opt.Name] = struct{}{}
 		if opt.Advanced {
 			advancedOptions = append(advancedOptions, opt)
 		} else {
diff --git a/cmd/link/link.go b/cmd/link/link.go
index 380e5a46b0782..8b591373ffc36 100644
--- a/cmd/link/link.go
+++ b/cmd/link/link.go
@@ -20,8 +20,8 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.FVarP(cmdFlags, &expire, "expire", "", "The amount of time that the link will be valid")
-	flags.BoolVarP(cmdFlags, &unlink, "unlink", "", unlink, "Remove existing public link to file/folder")
+	flags.FVarP(cmdFlags, &expire, "expire", "", "The amount of time that the link will be valid", "")
+	flags.BoolVarP(cmdFlags, &unlink, "unlink", "", unlink, "Remove existing public link to file/folder", "")
 }
 
 var commandDefinition = &cobra.Command{
diff --git a/cmd/listremotes/listremotes.go b/cmd/listremotes/listremotes.go
index e473fcb212888..6f63ba26b5856 100644
--- a/cmd/listremotes/listremotes.go
+++ b/cmd/listremotes/listremotes.go
@@ -19,12 +19,12 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &listLong, "long", "", listLong, "Show the type as well as names")
+	flags.BoolVarP(cmdFlags, &listLong, "long", "", listLong, "Show the type as well as names", "")
 }
 
 var commandDefinition = &cobra.Command{
 	Use:   "listremotes",
-	Short: `List all the remotes in the config file.`,
+	Short: `List all the remotes in the config file and defined in environment variables.`,
 	Long: `
 rclone listremotes lists all the available remotes from the config file.
 
diff --git a/cmd/ls/ls.go b/cmd/ls/ls.go
index 334b12f8e8ecc..313744005ab0b 100644
--- a/cmd/ls/ls.go
+++ b/cmd/ls/ls.go
@@ -31,6 +31,9 @@ Eg
         37600 fubuwic
 
 ` + lshelp.Help,
+	Annotations: map[string]string{
+		"groups": "Filter,Listing",
+	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
 		fsrc := cmd.NewFsSrc(args)
diff --git a/cmd/lsd/lsd.go b/cmd/lsd/lsd.go
index 8d79266fb6985..62180761038e6 100644
--- a/cmd/lsd/lsd.go
+++ b/cmd/lsd/lsd.go
@@ -20,7 +20,7 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &recurse, "recursive", "R", false, "Recurse into the listing")
+	flags.BoolVarP(cmdFlags, &recurse, "recursive", "R", false, "Recurse into the listing", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -49,6 +49,9 @@ Or
 If you just want the directory names use ` + "`rclone lsf --dirs-only`" + `.
 
 ` + lshelp.Help,
+	Annotations: map[string]string{
+		"groups": "Filter,Listing",
+	},
 	Run: func(command *cobra.Command, args []string) {
 		ci := fs.GetConfig(context.Background())
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/lsf/lsf.go b/cmd/lsf/lsf.go
index 8322e7c25685f..22e4de754c822 100644
--- a/cmd/lsf/lsf.go
+++ b/cmd/lsf/lsf.go
@@ -31,15 +31,15 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.StringVarP(cmdFlags, &format, "format", "F", "p", "Output format - see  help for details")
-	flags.StringVarP(cmdFlags, &separator, "separator", "s", ";", "Separator for the items in the format")
-	flags.BoolVarP(cmdFlags, &dirSlash, "dir-slash", "d", true, "Append a slash to directory names")
-	flags.FVarP(cmdFlags, &hashType, "hash", "", "Use this hash when `h` is used in the format MD5|SHA-1|DropboxHash")
-	flags.BoolVarP(cmdFlags, &filesOnly, "files-only", "", false, "Only list files")
-	flags.BoolVarP(cmdFlags, &dirsOnly, "dirs-only", "", false, "Only list directories")
-	flags.BoolVarP(cmdFlags, &csv, "csv", "", false, "Output in CSV format")
-	flags.BoolVarP(cmdFlags, &absolute, "absolute", "", false, "Put a leading / in front of path names")
-	flags.BoolVarP(cmdFlags, &recurse, "recursive", "R", false, "Recurse into the listing")
+	flags.StringVarP(cmdFlags, &format, "format", "F", "p", "Output format - see  help for details", "")
+	flags.StringVarP(cmdFlags, &separator, "separator", "s", ";", "Separator for the items in the format", "")
+	flags.BoolVarP(cmdFlags, &dirSlash, "dir-slash", "d", true, "Append a slash to directory names", "")
+	flags.FVarP(cmdFlags, &hashType, "hash", "", "Use this hash when `h` is used in the format MD5|SHA-1|DropboxHash", "")
+	flags.BoolVarP(cmdFlags, &filesOnly, "files-only", "", false, "Only list files", "")
+	flags.BoolVarP(cmdFlags, &dirsOnly, "dirs-only", "", false, "Only list directories", "")
+	flags.BoolVarP(cmdFlags, &csv, "csv", "", false, "Output in CSV format", "")
+	flags.BoolVarP(cmdFlags, &absolute, "absolute", "", false, "Put a leading / in front of path names", "")
+	flags.BoolVarP(cmdFlags, &recurse, "recursive", "R", false, "Recurse into the listing", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -144,6 +144,7 @@ those only (without traversing the whole directory structure):
 ` + lshelp.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.40",
+		"groups":            "Filter,Listing",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/lsjson/lsjson.go b/cmd/lsjson/lsjson.go
index c7da1c8637064..00cb0f4b6bc63 100644
--- a/cmd/lsjson/lsjson.go
+++ b/cmd/lsjson/lsjson.go
@@ -23,17 +23,17 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &opt.Recurse, "recursive", "R", false, "Recurse into the listing")
-	flags.BoolVarP(cmdFlags, &opt.ShowHash, "hash", "", false, "Include hashes in the output (may take longer)")
-	flags.BoolVarP(cmdFlags, &opt.NoModTime, "no-modtime", "", false, "Don't read the modification time (can speed things up)")
-	flags.BoolVarP(cmdFlags, &opt.NoMimeType, "no-mimetype", "", false, "Don't read the mime type (can speed things up)")
-	flags.BoolVarP(cmdFlags, &opt.ShowEncrypted, "encrypted", "", false, "Show the encrypted names")
-	flags.BoolVarP(cmdFlags, &opt.ShowOrigIDs, "original", "", false, "Show the ID of the underlying Object")
-	flags.BoolVarP(cmdFlags, &opt.FilesOnly, "files-only", "", false, "Show only files in the listing")
-	flags.BoolVarP(cmdFlags, &opt.DirsOnly, "dirs-only", "", false, "Show only directories in the listing")
-	flags.BoolVarP(cmdFlags, &opt.Metadata, "metadata", "M", false, "Add metadata to the listing")
-	flags.StringArrayVarP(cmdFlags, &opt.HashTypes, "hash-type", "", nil, "Show only this hash type (may be repeated)")
-	flags.BoolVarP(cmdFlags, &statOnly, "stat", "", false, "Just return the info for the pointed to file")
+	flags.BoolVarP(cmdFlags, &opt.Recurse, "recursive", "R", false, "Recurse into the listing", "")
+	flags.BoolVarP(cmdFlags, &opt.ShowHash, "hash", "", false, "Include hashes in the output (may take longer)", "")
+	flags.BoolVarP(cmdFlags, &opt.NoModTime, "no-modtime", "", false, "Don't read the modification time (can speed things up)", "")
+	flags.BoolVarP(cmdFlags, &opt.NoMimeType, "no-mimetype", "", false, "Don't read the mime type (can speed things up)", "")
+	flags.BoolVarP(cmdFlags, &opt.ShowEncrypted, "encrypted", "", false, "Show the encrypted names", "")
+	flags.BoolVarP(cmdFlags, &opt.ShowOrigIDs, "original", "", false, "Show the ID of the underlying Object", "")
+	flags.BoolVarP(cmdFlags, &opt.FilesOnly, "files-only", "", false, "Show only files in the listing", "")
+	flags.BoolVarP(cmdFlags, &opt.DirsOnly, "dirs-only", "", false, "Show only directories in the listing", "")
+	flags.BoolVarP(cmdFlags, &opt.Metadata, "metadata", "M", false, "Add metadata to the listing", "")
+	flags.StringArrayVarP(cmdFlags, &opt.HashTypes, "hash-type", "", nil, "Show only this hash type (may be repeated)", "")
+	flags.BoolVarP(cmdFlags, &statOnly, "stat", "", false, "Just return the info for the pointed to file", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -114,8 +114,15 @@ can be processed line by line as each item is written one to a line.
 ` + lshelp.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.37",
+		"groups":            "Filter,Listing",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
+		// Make sure we set the global Metadata flag too as it
+		// isn't parsed by cobra. We need to do this first
+		// before any backends are created.
+		ci := fs.GetConfig(context.Background())
+		ci.Metadata = opt.Metadata
+
 		cmd.CheckArgs(1, 1, command, args)
 		var fsrc fs.Fs
 		var remote string
diff --git a/cmd/lsl/lsl.go b/cmd/lsl/lsl.go
index e7a7366f17a08..738f66a2ab292 100644
--- a/cmd/lsl/lsl.go
+++ b/cmd/lsl/lsl.go
@@ -33,6 +33,7 @@ Eg
 ` + lshelp.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.02",
+		"groups":            "Filter,Listing",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/md5sum/md5sum.go b/cmd/md5sum/md5sum.go
index 94c0ed3ef9f59..dd27a1f77aa8d 100644
--- a/cmd/md5sum/md5sum.go
+++ b/cmd/md5sum/md5sum.go
@@ -40,6 +40,7 @@ as a relative path).
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.02",
+		"groups":            "Filter,Listing",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(0, 1, command, args)
diff --git a/cmd/mkdir/mkdir.go b/cmd/mkdir/mkdir.go
index 3c99180feae52..37dfc18f850fc 100644
--- a/cmd/mkdir/mkdir.go
+++ b/cmd/mkdir/mkdir.go
@@ -18,6 +18,9 @@ func init() {
 var commandDefinition = &cobra.Command{
 	Use:   "mkdir remote:path",
 	Short: `Make the path if it doesn't already exist.`,
+	Annotations: map[string]string{
+		"groups": "Important",
+	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
 		fdst := cmd.NewFsDir(args)
diff --git a/cmd/mount/dir.go b/cmd/mount/dir.go
index b82b521796f13..4a6f939f6648e 100644
--- a/cmd/mount/dir.go
+++ b/cmd/mount/dir.go
@@ -1,5 +1,5 @@
-//go:build linux || freebsd
-// +build linux freebsd
+//go:build linux
+// +build linux
 
 package mount
 
@@ -250,7 +250,7 @@ func (d *Dir) Mknod(ctx context.Context, req *fuse.MknodRequest) (node fusefs.No
 	defer log.Trace(d, "name=%v, mode=%d, rdev=%d", req.Name, req.Mode, req.Rdev)("node=%v, err=%v", &node, &err)
 	if req.Rdev != 0 {
 		fs.Errorf(d, "Can't create device node %q", req.Name)
-		return nil, fuse.EIO
+		return nil, fuse.Errno(syscall.EIO)
 	}
 	var cReq = fuse.CreateRequest{
 		Name:  req.Name,
diff --git a/cmd/mount/file.go b/cmd/mount/file.go
index 1a0ad6c2860f5..f745dcc7bbc67 100644
--- a/cmd/mount/file.go
+++ b/cmd/mount/file.go
@@ -1,5 +1,5 @@
-//go:build linux || freebsd
-// +build linux freebsd
+//go:build linux
+// +build linux
 
 package mount
 
diff --git a/cmd/mount/fs.go b/cmd/mount/fs.go
index c89110ecc7f73..e81b2f07878ab 100644
--- a/cmd/mount/fs.go
+++ b/cmd/mount/fs.go
@@ -1,7 +1,7 @@
 // FUSE main Fs
 
-//go:build linux || freebsd
-// +build linux freebsd
+//go:build linux
+// +build linux
 
 package mount
 
@@ -82,11 +82,11 @@ func translateError(err error) error {
 	case vfs.OK:
 		return nil
 	case vfs.ENOENT, fs.ErrorDirNotFound, fs.ErrorObjectNotFound:
-		return fuse.ENOENT
+		return fuse.Errno(syscall.ENOENT)
 	case vfs.EEXIST, fs.ErrorDirExists:
-		return fuse.EEXIST
+		return fuse.Errno(syscall.EEXIST)
 	case vfs.EPERM, fs.ErrorPermissionDenied:
-		return fuse.EPERM
+		return fuse.Errno(syscall.EPERM)
 	case vfs.ECLOSED:
 		return fuse.Errno(syscall.EBADF)
 	case vfs.ENOTEMPTY:
diff --git a/cmd/mount/handle.go b/cmd/mount/handle.go
index 7b7b6c010eabd..65d344538b52c 100644
--- a/cmd/mount/handle.go
+++ b/cmd/mount/handle.go
@@ -1,5 +1,5 @@
-//go:build linux || freebsd
-// +build linux freebsd
+//go:build linux
+// +build linux
 
 package mount
 
@@ -25,15 +25,13 @@ var _ fusefs.HandleReader = (*FileHandle)(nil)
 func (fh *FileHandle) Read(ctx context.Context, req *fuse.ReadRequest, resp *fuse.ReadResponse) (err error) {
 	var n int
 	defer log.Trace(fh, "len=%d, offset=%d", req.Size, req.Offset)("read=%d, err=%v", &n, &err)
-	data := make([]byte, req.Size)
+	data := resp.Data[:req.Size]
 	n, err = fh.Handle.ReadAt(data, req.Offset)
+	resp.Data = data[:n]
 	if err == io.EOF {
 		err = nil
-	} else if err != nil {
-		return translateError(err)
 	}
-	resp.Data = data[:n]
-	return nil
+	return translateError(err)
 }
 
 // Check interface satisfied
diff --git a/cmd/mount/mount.go b/cmd/mount/mount.go
index 9be432c5e0b9d..b32ba29aedb8c 100644
--- a/cmd/mount/mount.go
+++ b/cmd/mount/mount.go
@@ -1,5 +1,5 @@
-//go:build linux || freebsd
-// +build linux freebsd
+//go:build linux
+// +build linux
 
 // Package mount implements a FUSE mounting system for rclone remotes.
 package mount
diff --git a/cmd/mount/mount_test.go b/cmd/mount/mount_test.go
index ec5422cc9189b..df4d02ec09629 100644
--- a/cmd/mount/mount_test.go
+++ b/cmd/mount/mount_test.go
@@ -1,14 +1,15 @@
-//go:build linux || freebsd
-// +build linux freebsd
+//go:build linux
+// +build linux
 
 package mount
 
 import (
 	"testing"
 
+	"github.com/rclone/rclone/vfs/vfscommon"
 	"github.com/rclone/rclone/vfs/vfstest"
 )
 
 func TestMount(t *testing.T) {
-	vfstest.RunTests(t, false, mount)
+	vfstest.RunTests(t, false, vfscommon.CacheModeOff, true, mount)
 }
diff --git a/cmd/mount/mount_unsupported.go b/cmd/mount/mount_unsupported.go
index 84f8656dc2e64..c2feafbc3e76d 100644
--- a/cmd/mount/mount_unsupported.go
+++ b/cmd/mount/mount_unsupported.go
@@ -1,10 +1,8 @@
-//go:build !linux && !freebsd
-// +build !linux,!freebsd
+//go:build !linux
+// +build !linux
 
 // Package mount implements a FUSE mounting system for rclone remotes.
 //
 // Build for mount for unsupported platforms to stop go complaining
 // about "no buildable Go source files".
-//
-// Invert the build constraint: linux freebsd
 package mount
diff --git a/cmd/mount2/mount.go b/cmd/mount2/mount.go
index 152f3a89edd20..f244bf40df63c 100644
--- a/cmd/mount2/mount.go
+++ b/cmd/mount2/mount.go
@@ -26,12 +26,14 @@ func init() {
 // man mount.fuse for more info and note the -o flag for other options
 func mountOptions(fsys *FS, f fs.Fs, opt *mountlib.Options) (mountOpts *fuse.MountOptions) {
 	mountOpts = &fuse.MountOptions{
-		AllowOther:    fsys.opt.AllowOther,
-		FsName:        opt.DeviceName,
-		Name:          "rclone",
-		DisableXAttrs: true,
-		Debug:         fsys.opt.DebugFUSE,
-		MaxReadAhead:  int(fsys.opt.MaxReadAhead),
+		AllowOther:         fsys.opt.AllowOther,
+		FsName:             opt.DeviceName,
+		Name:               "rclone",
+		DisableXAttrs:      true,
+		Debug:              fsys.opt.DebugFUSE,
+		MaxReadAhead:       int(fsys.opt.MaxReadAhead),
+		MaxWrite:           1024 * 1024, // Linux v4.20+ caps requests at 1 MiB
+		DisableReadDirPlus: true,
 
 		// RememberInodes: true,
 		// SingleThreaded: true,
@@ -47,12 +49,42 @@ func mountOptions(fsys *FS, f fs.Fs, opt *mountlib.Options) (mountOpts *fuse.Mou
 			// async I/O.  Concurrency for synchronous I/O is not limited.
 			MaxBackground int
 
-			// Write size to use.  If 0, use default. This number is
-			// capped at the kernel maximum.
+			// MaxWrite is the max size for read and write requests. If 0, use
+			// go-fuse default (currently 64 kiB).
+			// This number is internally capped at MAX_KERNEL_WRITE (higher values don't make
+			// sense).
+			//
+			// Non-direct-io reads are mostly served via kernel readahead, which is
+			// additionally subject to the MaxReadAhead limit.
+			//
+			// Implementation notes:
+			//
+			// There's four values the Linux kernel looks at when deciding the request size:
+			// * MaxWrite, passed via InitOut.MaxWrite. Limits the WRITE size.
+			// * max_read, passed via a string mount option. Limits the READ size.
+			//   go-fuse sets max_read equal to MaxWrite.
+			//   You can see the current max_read value in /proc/self/mounts .
+			// * MaxPages, passed via InitOut.MaxPages. In Linux 4.20 and later, the value
+			//   can go up to 1 MiB and go-fuse calculates the MaxPages value acc.
+			//   to MaxWrite, rounding up.
+			//   On older kernels, the value is fixed at 128 kiB and the
+			//   passed value is ignored. No request can be larger than MaxPages, so
+			//   READ and WRITE are effectively capped at MaxPages.
+			// * MaxReadAhead, passed via InitOut.MaxReadAhead.
 			MaxWrite int
 
-			// Max read ahead to use.  If 0, use default. This number is
-			// capped at the kernel maximum.
+			// MaxReadAhead is the max read ahead size to use. It controls how much data the
+			// kernel reads in advance to satisfy future read requests from applications.
+			// How much exactly is subject to clever heuristics in the kernel
+			// (see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/mm/readahead.c?h=v6.2-rc5#n375
+			// if you are brave) and hence also depends on the kernel version.
+			//
+			// If 0, use kernel default. This number is capped at the kernel maximum
+			// (128 kiB on Linux) and cannot be larger than MaxWrite.
+			//
+			// MaxReadAhead only affects buffered reads (=non-direct-io), but even then, the
+			// kernel can and does send larger reads to satisfy read requests from applications
+			// (up to MaxWrite or VM_READAHEAD_PAGES=128 kiB, whichever is less).
 			MaxReadAhead int
 
 			// If IgnoreSecurityLabels is set, all security related xattr
@@ -87,9 +119,19 @@ func mountOptions(fsys *FS, f fs.Fs, opt *mountlib.Options) (mountOpts *fuse.Mou
 			// you must implement the GetLk/SetLk/SetLkw methods.
 			EnableLocks bool
 
+			// If set, the kernel caches all Readlink return values. The
+			// filesystem must use content notification to force the
+			// kernel to issue a new Readlink call.
+			EnableSymlinkCaching bool
+
 			// If set, ask kernel not to do automatic data cache invalidation.
 			// The filesystem is fully responsible for invalidating data cache.
 			ExplicitDataCacheControl bool
+
+			// Disable ReadDirPlus capability so ReadDir is used instead. Simple
+			// directory queries (i.e. 'ls' without '-l') can be faster with
+			// ReadDir, as no per-file stat calls are needed
+			DisableReadDirPlus bool
 		*/
 
 	}
@@ -176,8 +218,8 @@ func mount(VFS *vfs.VFS, mountpoint string, opt *mountlib.Options) (<-chan error
 		MountOptions: *mountOpts,
 		EntryTimeout: &opt.AttrTimeout,
 		AttrTimeout:  &opt.AttrTimeout,
-		// UID
-		// GID
+		GID:          VFS.Opt.GID,
+		UID:          VFS.Opt.UID,
 	}
 
 	root, err := fsys.Root()
diff --git a/cmd/mount2/mount_test.go b/cmd/mount2/mount_test.go
index c6572a9832937..5ff74ff3c7764 100644
--- a/cmd/mount2/mount_test.go
+++ b/cmd/mount2/mount_test.go
@@ -1,16 +1,15 @@
-//go:build linux || (darwin && amd64)
-// +build linux darwin,amd64
+//go:build linux
+// +build linux
 
 package mount2
 
 import (
 	"testing"
 
-	"github.com/rclone/rclone/fstest/testy"
+	"github.com/rclone/rclone/vfs/vfscommon"
 	"github.com/rclone/rclone/vfs/vfstest"
 )
 
 func TestMount(t *testing.T) {
-	testy.SkipUnreliable(t)
-	vfstest.RunTests(t, false, mount)
+	vfstest.RunTests(t, false, vfscommon.CacheModeOff, true, mount)
 }
diff --git a/cmd/mount2/node.go b/cmd/mount2/node.go
index fae416d648218..0ba1aded4a075 100644
--- a/cmd/mount2/node.go
+++ b/cmd/mount2/node.go
@@ -85,17 +85,16 @@ func (n *Node) lookupVfsNodeInDir(leaf string) (vfsNode vfs.Node, errno syscall.
 // will not work.
 func (n *Node) Statfs(ctx context.Context, out *fuse.StatfsOut) syscall.Errno {
 	defer log.Trace(n, "")("out=%+v", &out)
-	out = new(fuse.StatfsOut)
 	const blockSize = 4096
-	const fsBlocks = (1 << 50) / blockSize
-	out.Blocks = fsBlocks  // Total data blocks in file system.
-	out.Bfree = fsBlocks   // Free blocks in file system.
-	out.Bavail = fsBlocks  // Free blocks in file system if you're not root.
-	out.Files = 1e9        // Total files in file system.
-	out.Ffree = 1e9        // Free files in file system.
-	out.Bsize = blockSize  // Block size
-	out.NameLen = 255      // Maximum file name length?
-	out.Frsize = blockSize // Fragment size, smallest addressable data size in the file system.
+	total, _, free := n.fsys.VFS.Statfs()
+	out.Blocks = uint64(total) / blockSize // Total data blocks in file system.
+	out.Bfree = uint64(free) / blockSize   // Free blocks in file system.
+	out.Bavail = out.Bfree                 // Free blocks in file system if you're not root.
+	out.Files = 1e9                        // Total files in file system.
+	out.Ffree = 1e9                        // Free files in file system.
+	out.Bsize = blockSize                  // Block size
+	out.NameLen = 255                      // Maximum file name length?
+	out.Frsize = blockSize                 // Fragment size, smallest addressable data size in the file system.
 	mountlib.ClipBlocks(&out.Blocks)
 	mountlib.ClipBlocks(&out.Bfree)
 	mountlib.ClipBlocks(&out.Bavail)
@@ -405,3 +404,40 @@ func (n *Node) Rename(ctx context.Context, oldName string, newParent fusefs.Inod
 }
 
 var _ = (fusefs.NodeRenamer)((*Node)(nil))
+
+// Getxattr should read data for the given attribute into
+// `dest` and return the number of bytes. If `dest` is too
+// small, it should return ERANGE and the size of the attribute.
+// If not defined, Getxattr will return ENOATTR.
+func (n *Node) Getxattr(ctx context.Context, attr string, dest []byte) (uint32, syscall.Errno) {
+	return 0, syscall.ENOSYS // we never implement this
+}
+
+var _ fusefs.NodeGetxattrer = (*Node)(nil)
+
+// Setxattr should store data for the given attribute.  See
+// setxattr(2) for information about flags.
+// If not defined, Setxattr will return ENOATTR.
+func (n *Node) Setxattr(ctx context.Context, attr string, data []byte, flags uint32) syscall.Errno {
+	return syscall.ENOSYS // we never implement this
+}
+
+var _ fusefs.NodeSetxattrer = (*Node)(nil)
+
+// Removexattr should delete the given attribute.
+// If not defined, Removexattr will return ENOATTR.
+func (n *Node) Removexattr(ctx context.Context, attr string) syscall.Errno {
+	return syscall.ENOSYS // we never implement this
+}
+
+var _ fusefs.NodeRemovexattrer = (*Node)(nil)
+
+// Listxattr should read all attributes (null terminated) into
+// `dest`. If the `dest` buffer is too small, it should return ERANGE
+// and the correct size.  If not defined, return an empty list and
+// success.
+func (n *Node) Listxattr(ctx context.Context, dest []byte) (uint32, syscall.Errno) {
+	return 0, syscall.ENOSYS // we never implement this
+}
+
+var _ fusefs.NodeListxattrer = (*Node)(nil)
diff --git a/cmd/mountlib/check_linux.go b/cmd/mountlib/check_linux.go
index 1c32a6d8ad426..81e3ccf37a43c 100644
--- a/cmd/mountlib/check_linux.go
+++ b/cmd/mountlib/check_linux.go
@@ -4,22 +4,20 @@
 package mountlib
 
 import (
-	"errors"
 	"fmt"
 	"path/filepath"
 	"strings"
 	"time"
 
-	"github.com/artyom/mtab"
+	"github.com/moby/sys/mountinfo"
 )
 
 const (
-	mtabPath     = "/proc/mounts"
 	pollInterval = 100 * time.Millisecond
 )
 
 // CheckMountEmpty checks if folder is not already a mountpoint.
-// On Linux we use the OS-specific /proc/mount API so the check won't access the path.
+// On Linux we use the OS-specific /proc/self/mountinfo API so the check won't access the path.
 // Directories marked as "mounted" by autofs are considered not mounted.
 func CheckMountEmpty(mountpoint string) error {
 	const msg = "directory already mounted, use --allow-non-empty to mount anyway: %s"
@@ -29,43 +27,57 @@ func CheckMountEmpty(mountpoint string) error {
 		return fmt.Errorf("cannot get absolute path: %s: %w", mountpoint, err)
 	}
 
-	entries, err := mtab.Entries(mtabPath)
+	infos, err := mountinfo.GetMounts(mountinfo.SingleEntryFilter(mountpointAbs))
 	if err != nil {
-		return fmt.Errorf("cannot read %s: %w", mtabPath, err)
+		return fmt.Errorf("cannot get mounts: %w", err)
 	}
+
 	foundAutofs := false
-	for _, entry := range entries {
-		if entry.Dir == mountpointAbs {
-			if entry.Type != "autofs" {
-				return fmt.Errorf(msg, mountpointAbs)
-			}
-			foundAutofs = true
+	for _, info := range infos {
+		if info.FSType != "autofs" {
+			return fmt.Errorf(msg, mountpointAbs)
 		}
+		foundAutofs = true
 	}
 	// It isn't safe to list an autofs in the middle of mounting
 	if foundAutofs {
 		return nil
 	}
+
 	return checkMountEmpty(mountpoint)
 }
 
+// singleEntryFilter looks for a specific entry.
+//
+// It may appear more than once and we return all of them if so.
+func singleEntryFilter(mp string) mountinfo.FilterFunc {
+	return func(m *mountinfo.Info) (skip, stop bool) {
+		return m.Mountpoint != mp, false
+	}
+}
+
 // CheckMountReady checks whether mountpoint is mounted by rclone.
 // Only mounts with type "rclone" or "fuse.rclone" count.
 func CheckMountReady(mountpoint string) error {
+	const msg = "mount not ready: %s"
+
 	mountpointAbs, err := filepath.Abs(mountpoint)
 	if err != nil {
 		return fmt.Errorf("cannot get absolute path: %s: %w", mountpoint, err)
 	}
-	entries, err := mtab.Entries(mtabPath)
+
+	infos, err := mountinfo.GetMounts(singleEntryFilter(mountpointAbs))
 	if err != nil {
-		return fmt.Errorf("cannot read %s: %w", mtabPath, err)
+		return fmt.Errorf("cannot get mounts: %w", err)
 	}
-	for _, entry := range entries {
-		if entry.Dir == mountpointAbs && strings.Contains(entry.Type, "rclone") {
+
+	for _, info := range infos {
+		if strings.Contains(info.FSType, "rclone") {
 			return nil
 		}
 	}
-	return errors.New("mount not ready")
+
+	return fmt.Errorf(msg, mountpointAbs)
 }
 
 // WaitMountReady waits until mountpoint is mounted by rclone.
diff --git a/cmd/mountlib/mount.go b/cmd/mountlib/mount.go
index 25fc272e1afea..4bc9e066a9e83 100644
--- a/cmd/mountlib/mount.go
+++ b/cmd/mountlib/mount.go
@@ -3,6 +3,7 @@ package mountlib
 
 import (
 	"context"
+	_ "embed"
 	"fmt"
 	"log"
 	"os"
@@ -27,6 +28,9 @@ import (
 	"github.com/spf13/pflag"
 )
 
+//go:embed mount.md
+var mountHelp string
+
 // Options for creating the mount
 type Options struct {
 	DebugFUSE          bool
@@ -48,6 +52,7 @@ type Options struct {
 	DaemonTimeout      time.Duration // OSXFUSE only
 	AsyncRead          bool
 	NetworkMode        bool // Windows only
+	CaseInsensitive    fs.Tristate
 }
 
 // DefaultOpt is the default values for creating the mount
@@ -124,30 +129,31 @@ var Opt Options
 // AddFlags adds the non filing system specific flags to the command
 func AddFlags(flagSet *pflag.FlagSet) {
 	rc.AddOption("mount", &Opt)
-	flags.BoolVarP(flagSet, &Opt.DebugFUSE, "debug-fuse", "", Opt.DebugFUSE, "Debug the FUSE internals - needs -v")
-	flags.DurationVarP(flagSet, &Opt.AttrTimeout, "attr-timeout", "", Opt.AttrTimeout, "Time for which file/directory attributes are cached")
-	flags.StringArrayVarP(flagSet, &Opt.ExtraOptions, "option", "o", []string{}, "Option for libfuse/WinFsp (repeat if required)")
-	flags.StringArrayVarP(flagSet, &Opt.ExtraFlags, "fuse-flag", "", []string{}, "Flags or arguments to be passed direct to libfuse/WinFsp (repeat if required)")
+	flags.BoolVarP(flagSet, &Opt.DebugFUSE, "debug-fuse", "", Opt.DebugFUSE, "Debug the FUSE internals - needs -v", "Mount")
+	flags.DurationVarP(flagSet, &Opt.AttrTimeout, "attr-timeout", "", Opt.AttrTimeout, "Time for which file/directory attributes are cached", "Mount")
+	flags.StringArrayVarP(flagSet, &Opt.ExtraOptions, "option", "o", []string{}, "Option for libfuse/WinFsp (repeat if required)", "Mount")
+	flags.StringArrayVarP(flagSet, &Opt.ExtraFlags, "fuse-flag", "", []string{}, "Flags or arguments to be passed direct to libfuse/WinFsp (repeat if required)", "Mount")
 	// Non-Windows only
-	flags.BoolVarP(flagSet, &Opt.Daemon, "daemon", "", Opt.Daemon, "Run mount in background and exit parent process (as background output is suppressed, use --log-file with --log-format=pid,... to monitor) (not supported on Windows)")
-	flags.DurationVarP(flagSet, &Opt.DaemonTimeout, "daemon-timeout", "", Opt.DaemonTimeout, "Time limit for rclone to respond to kernel (not supported on Windows)")
-	flags.BoolVarP(flagSet, &Opt.DefaultPermissions, "default-permissions", "", Opt.DefaultPermissions, "Makes kernel enforce access control based on the file mode (not supported on Windows)")
-	flags.BoolVarP(flagSet, &Opt.AllowNonEmpty, "allow-non-empty", "", Opt.AllowNonEmpty, "Allow mounting over a non-empty directory (not supported on Windows)")
-	flags.BoolVarP(flagSet, &Opt.AllowRoot, "allow-root", "", Opt.AllowRoot, "Allow access to root user (not supported on Windows)")
-	flags.BoolVarP(flagSet, &Opt.AllowOther, "allow-other", "", Opt.AllowOther, "Allow access to other users (not supported on Windows)")
-	flags.BoolVarP(flagSet, &Opt.AsyncRead, "async-read", "", Opt.AsyncRead, "Use asynchronous reads (not supported on Windows)")
-	flags.FVarP(flagSet, &Opt.MaxReadAhead, "max-read-ahead", "", "The number of bytes that can be prefetched for sequential reads (not supported on Windows)")
-	flags.BoolVarP(flagSet, &Opt.WritebackCache, "write-back-cache", "", Opt.WritebackCache, "Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)")
-	flags.StringVarP(flagSet, &Opt.DeviceName, "devname", "", Opt.DeviceName, "Set the device name - default is remote:path")
+	flags.BoolVarP(flagSet, &Opt.Daemon, "daemon", "", Opt.Daemon, "Run mount in background and exit parent process (as background output is suppressed, use --log-file with --log-format=pid,... to monitor) (not supported on Windows)", "Mount")
+	flags.DurationVarP(flagSet, &Opt.DaemonTimeout, "daemon-timeout", "", Opt.DaemonTimeout, "Time limit for rclone to respond to kernel (not supported on Windows)", "Mount")
+	flags.BoolVarP(flagSet, &Opt.DefaultPermissions, "default-permissions", "", Opt.DefaultPermissions, "Makes kernel enforce access control based on the file mode (not supported on Windows)", "Mount")
+	flags.BoolVarP(flagSet, &Opt.AllowNonEmpty, "allow-non-empty", "", Opt.AllowNonEmpty, "Allow mounting over a non-empty directory (not supported on Windows)", "Mount")
+	flags.BoolVarP(flagSet, &Opt.AllowRoot, "allow-root", "", Opt.AllowRoot, "Allow access to root user (not supported on Windows)", "Mount")
+	flags.BoolVarP(flagSet, &Opt.AllowOther, "allow-other", "", Opt.AllowOther, "Allow access to other users (not supported on Windows)", "Mount")
+	flags.BoolVarP(flagSet, &Opt.AsyncRead, "async-read", "", Opt.AsyncRead, "Use asynchronous reads (not supported on Windows)", "Mount")
+	flags.FVarP(flagSet, &Opt.MaxReadAhead, "max-read-ahead", "", "The number of bytes that can be prefetched for sequential reads (not supported on Windows)", "Mount")
+	flags.BoolVarP(flagSet, &Opt.WritebackCache, "write-back-cache", "", Opt.WritebackCache, "Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)", "Mount")
+	flags.StringVarP(flagSet, &Opt.DeviceName, "devname", "", Opt.DeviceName, "Set the device name - default is remote:path", "Mount")
+	flags.FVarP(flagSet, &Opt.CaseInsensitive, "mount-case-insensitive", "", "Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto)", "Mount")
 	// Windows and OSX
-	flags.StringVarP(flagSet, &Opt.VolumeName, "volname", "", Opt.VolumeName, "Set the volume name (supported on Windows and OSX only)")
+	flags.StringVarP(flagSet, &Opt.VolumeName, "volname", "", Opt.VolumeName, "Set the volume name (supported on Windows and OSX only)", "Mount")
 	// OSX only
-	flags.BoolVarP(flagSet, &Opt.NoAppleDouble, "noappledouble", "", Opt.NoAppleDouble, "Ignore Apple Double (._) and .DS_Store files (supported on OSX only)")
-	flags.BoolVarP(flagSet, &Opt.NoAppleXattr, "noapplexattr", "", Opt.NoAppleXattr, "Ignore all \"com.apple.*\" extended attributes (supported on OSX only)")
+	flags.BoolVarP(flagSet, &Opt.NoAppleDouble, "noappledouble", "", Opt.NoAppleDouble, "Ignore Apple Double (._) and .DS_Store files (supported on OSX only)", "Mount")
+	flags.BoolVarP(flagSet, &Opt.NoAppleXattr, "noapplexattr", "", Opt.NoAppleXattr, "Ignore all \"com.apple.*\" extended attributes (supported on OSX only)", "Mount")
 	// Windows only
-	flags.BoolVarP(flagSet, &Opt.NetworkMode, "network-mode", "", Opt.NetworkMode, "Mount as remote network drive, instead of fixed disk drive (supported on Windows only)")
+	flags.BoolVarP(flagSet, &Opt.NetworkMode, "network-mode", "", Opt.NetworkMode, "Mount as remote network drive, instead of fixed disk drive (supported on Windows only)", "Mount")
 	// Unix only
-	flags.DurationVarP(flagSet, &Opt.DaemonWait, "daemon-wait", "", Opt.DaemonWait, "Time to wait for ready mount from daemon (maximum time on Linux, constant sleep time on OSX/BSD) (not supported on Windows)")
+	flags.DurationVarP(flagSet, &Opt.DaemonWait, "daemon-wait", "", Opt.DaemonWait, "Time to wait for ready mount from daemon (maximum time on Linux, constant sleep time on OSX/BSD) (not supported on Windows)", "Mount")
 }
 
 // NewMountCommand makes a mount command with the given name and Mount function
@@ -156,9 +162,10 @@ func NewMountCommand(commandName string, hidden bool, mount MountFn) *cobra.Comm
 		Use:    commandName + " remote:path /path/to/mountpoint",
 		Hidden: hidden,
 		Short:  `Mount the remote as file system on a mountpoint.`,
-		Long:   strings.ReplaceAll(strings.ReplaceAll(mountHelp, "|", "`"), "@", commandName) + vfs.Help,
+		Long:   strings.ReplaceAll(mountHelp, "@", commandName) + vfs.Help,
 		Annotations: map[string]string{
 			"versionIntroduced": "v1.33",
+			"groups":            "Filter",
 		},
 		Run: func(command *cobra.Command, args []string) {
 			cmd.CheckArgs(2, 2, command, args)
diff --git a/cmd/mountlib/help.go b/cmd/mountlib/mount.md
similarity index 76%
rename from cmd/mountlib/help.go
rename to cmd/mountlib/mount.md
index 944330c75ecb7..9d367ca1ec08b 100644
--- a/cmd/mountlib/help.go
+++ b/cmd/mountlib/mount.md
@@ -1,15 +1,11 @@
-package mountlib
-
-// "@" will be replaced by the command name, "|" will be replaced by backticks
-var mountHelp = `
 rclone @ allows Linux, FreeBSD, macOS and Windows to
 mount any of Rclone's cloud storage systems as a file system with
 FUSE.
 
-First set up your remote using |rclone config|.  Check it works with |rclone ls| etc.
+First set up your remote using `rclone config`.  Check it works with `rclone ls` etc.
 
 On Linux and macOS, you can run mount in either foreground or background (aka
-daemon) mode. Mount runs in foreground mode by default. Use the |--daemon| flag
+daemon) mode. Mount runs in foreground mode by default. Use the `--daemon` flag
 to force background mode. On Windows you can run mount in foreground only,
 the flag is ignored.
 
@@ -18,7 +14,7 @@ program starts, spawns background rclone process to setup and maintain the
 mount, waits until success or timeout and exits with appropriate code
 (killing the child process if it fails).
 
-On Linux/macOS/FreeBSD start the mount like this, where |/path/to/local/mount|
+On Linux/macOS/FreeBSD start the mount like this, where `/path/to/local/mount`
 is an **empty** **existing** directory:
 
     rclone @ remote:path/to/files /path/to/local/mount
@@ -29,10 +25,10 @@ rclone will serve the mount and occupy the console so another window should be
 used to work with the mount until rclone is interrupted e.g. by pressing Ctrl-C.
 
 The following examples will mount to an automatically assigned drive,
-to specific drive letter |X:|, to path |C:\path\parent\mount|
+to specific drive letter `X:`, to path `C:\path\parent\mount`
 (where parent directory or drive must exist, and mount must **not** exist,
 and is not supported when [mounting as a network drive](#mounting-modes-on-windows)), and
-the last example will mount as network share |\\cloud\remote| and map it to an
+the last example will mount as network share `\\cloud\remote` and map it to an
 automatically assigned drive:
 
     rclone @ remote:path/to/files *
@@ -89,7 +85,7 @@ as a network drive instead.
 
 When mounting as a fixed disk drive you can either mount to an unused drive letter,
 or to a path representing a **nonexistent** subdirectory of an **existing** parent
-directory or drive. Using the special value |*| will tell rclone to
+directory or drive. Using the special value `*` will tell rclone to
 automatically assign the next available drive letter, starting with Z: and moving backward.
 Examples:
 
@@ -98,45 +94,45 @@ Examples:
     rclone @ remote:path/to/files C:\path\parent\mount
     rclone @ remote:path/to/files X:
 
-Option |--volname| can be used to set a custom volume name for the mounted
+Option `--volname` can be used to set a custom volume name for the mounted
 file system. The default is to use the remote name and path.
 
-To mount as network drive, you can add option |--network-mode|
+To mount as network drive, you can add option `--network-mode`
 to your @ command. Mounting to a directory path is not supported in
 this mode, it is a limitation Windows imposes on junctions, so the remote must always
 be mounted to a drive letter.
 
     rclone @ remote:path/to/files X: --network-mode
 
-A volume name specified with |--volname| will be used to create the network share path.
-A complete UNC path, such as |\\cloud\remote|, optionally with path
-|\\cloud\remote\madeup\path|, will be used as is. Any other
-string will be used as the share part, after a default prefix |\\server\|.
-If no volume name is specified then |\\server\share| will be used.
+A volume name specified with `--volname` will be used to create the network share path.
+A complete UNC path, such as `\\cloud\remote`, optionally with path
+`\\cloud\remote\madeup\path`, will be used as is. Any other
+string will be used as the share part, after a default prefix `\\server\`.
+If no volume name is specified then `\\server\share` will be used.
 You must make sure the volume name is unique when you are mounting more than one drive,
 or else the mount command will fail. The share name will treated as the volume label for
 the mapped drive, shown in Windows Explorer etc, while the complete
-|\\server\share| will be reported as the remote UNC path by
-|net use| etc, just like a normal network drive mapping.
+`\\server\share` will be reported as the remote UNC path by
+`net use` etc, just like a normal network drive mapping.
 
-If you specify a full network share UNC path with |--volname|, this will implicitly
-set the |--network-mode| option, so the following two examples have same result:
+If you specify a full network share UNC path with `--volname`, this will implicitly
+set the `--network-mode` option, so the following two examples have same result:
 
     rclone @ remote:path/to/files X: --network-mode
     rclone @ remote:path/to/files X: --volname \\server\share
 
 You may also specify the network share UNC path as the mountpoint itself. Then rclone
-will automatically assign a drive letter, same as with |*| and use that as
+will automatically assign a drive letter, same as with `*` and use that as
 mountpoint, and instead use the UNC path specified as the volume name, as if it were
-specified with the |--volname| option. This will also implicitly set
-the |--network-mode| option. This means the following two examples have same result:
+specified with the `--volname` option. This will also implicitly set
+the `--network-mode` option. This means the following two examples have same result:
 
     rclone @ remote:path/to/files \\cloud\remote
     rclone @ remote:path/to/files * --volname \\cloud\remote
 
 There is yet another way to enable network mode, and to set the share path,
 and that is to pass the "native" libfuse/WinFsp option directly:
-|--fuse-flag --VolumePrefix=\server\share|. Note that the path
+`--fuse-flag --VolumePrefix=\server\share`. Note that the path
 must be with just a single backslash prefix in this case.
 
 
@@ -157,15 +153,15 @@ representing permissions for the POSIX permission scopes: Owner, group and other
 By default, the owner and group will be taken from the current user, and the built-in
 group "Everyone" will be used to represent others. The user/group can be customized
 with FUSE options "UserName" and "GroupName",
-e.g. |-o UserName=user123 -o GroupName="Authenticated Users"|.
+e.g. `-o UserName=user123 -o GroupName="Authenticated Users"`.
 The permissions on each entry will be set according to [options](#options)
-|--dir-perms| and |--file-perms|, which takes a value in traditional Unix
+`--dir-perms` and `--file-perms`, which takes a value in traditional Unix
 [numeric notation](https://en.wikipedia.org/wiki/File-system_permissions#Numeric_notation).
 
-The default permissions corresponds to |--file-perms 0666 --dir-perms 0777|,
+The default permissions corresponds to `--file-perms 0666 --dir-perms 0777`,
 i.e. read and write permissions to everyone. This means you will not be able
 to start any programs from the mount. To be able to do that you must add
-execute permissions, e.g. |--file-perms 0777 --dir-perms 0777| to add it
+execute permissions, e.g. `--file-perms 0777 --dir-perms 0777` to add it
 to everyone. If the program needs to write files, chances are you will
 have to enable [VFS File Caching](#vfs-file-caching) as well (see also
 [limitations](#limitations)). Note that the default write permission have
@@ -193,12 +189,12 @@ will be added automatically for compatibility with Unix. Some example use
 cases will following.
 
 If you set POSIX permissions for only allowing access to the owner,
-using |--file-perms 0600 --dir-perms 0700|, the user group and the built-in
+using `--file-perms 0600 --dir-perms 0700`, the user group and the built-in
 "Everyone" group will still be given some special permissions, as described
 above. Some programs may then (incorrectly) interpret this as the file being
 accessible by everyone, for example an SSH client may warn about "unprotected
 private key file". You can work around this by specifying
-|-o FileSecurity="D:P(A;;FA;;;OW)"|, which sets file all access (FA) to the
+`-o FileSecurity="D:P(A;;FA;;;OW)"`, which sets file all access (FA) to the
 owner (OW), and nothing else.
 
 When setting write permissions then, except for the owner, this does not
@@ -207,11 +203,11 @@ This may prevent applications from writing to files, giving permission denied
 error instead. To set working write permissions for the built-in "Everyone"
 group, similar to what it gets by default but with the addition of the
 "write extended attributes", you can specify
-|-o FileSecurity="D:P(A;;FRFW;;;WD)"|, which sets file read (FR) and file
+`-o FileSecurity="D:P(A;;FRFW;;;WD)"`, which sets file read (FR) and file
 write (FW) to everyone (WD). If file execute (FX) is also needed, then change
-to |-o FileSecurity="D:P(A;;FRFWFX;;;WD)"|, or set file all access (FA) to
+to `-o FileSecurity="D:P(A;;FRFWFX;;;WD)"`, or set file all access (FA) to
 get full access permissions, including delete, with
-|-o FileSecurity="D:P(A;;FA;;;WD)"|.
+`-o FileSecurity="D:P(A;;FA;;;WD)"`.
 
 #### Windows caveats
 
@@ -235,7 +231,7 @@ It is also possible to make a drive mount available to everyone on the system,
 by running the process creating it as the built-in SYSTEM account.
 There are several ways to do this: One is to use the command-line
 utility [PsExec](https://docs.microsoft.com/en-us/sysinternals/downloads/psexec),
-from Microsoft's Sysinternals suite, which has option |-s| to start
+from Microsoft's Sysinternals suite, which has option `-s` to start
 processes as the SYSTEM account. Another alternative is to run the mount
 command from a Windows Scheduled Task, or a Windows Service, configured
 to run as the SYSTEM account. A third alternative is to use the
@@ -243,7 +239,7 @@ to run as the SYSTEM account. A third alternative is to use the
 Read more in the [install documentation](https://rclone.org/install/).
 Note that when running rclone as another user, it will not use
 the configuration file from your profile unless you tell it to
-with the [|--config|](https://rclone.org/docs/#config-config-file) option.
+with the [`--config`](https://rclone.org/docs/#config-config-file) option.
 Note also that it is now the SYSTEM account that will have the owner
 permissions, and other accounts will have permissions according to the
 group or others scopes. As mentioned above, these will then not get the
@@ -256,11 +252,28 @@ does not suffer from the same limitations.
 
 ### Mounting on macOS
 
-Mounting on macOS can be done either via [macFUSE](https://osxfuse.github.io/) 
+Mounting on macOS can be done either via [built-in NFS server](/commands/rclone_serve_nfs/), [macFUSE](https://osxfuse.github.io/) 
 (also known as osxfuse) or [FUSE-T](https://www.fuse-t.org/). macFUSE is a traditional
 FUSE driver utilizing a macOS kernel extension (kext). FUSE-T is an alternative FUSE system
 which "mounts" via an NFSv4 local server.
 
+## NFS mount
+
+This method spins up an NFS server using [serve nfs](/commands/rclone_serve_nfs/) command and mounts
+it to the specified mountpoint. If you run this in background mode using |--daemon|, you will need to
+send SIGTERM signal to the rclone process using |kill| command to stop the mount.
+
+#### macFUSE Notes
+
+If installing macFUSE using [dmg packages](https://github.com/osxfuse/osxfuse/releases) from
+the website, rclone will locate the macFUSE libraries without any further intervention.
+If however, macFUSE is installed using the [macports](https://www.macports.org/) package manager,
+the following addition steps are required.
+
+    sudo mkdir /usr/local/lib
+    cd /usr/local/lib
+    sudo ln -s /opt/local/lib/libfuse.2.dylib
+
 #### FUSE-T Limitations, Caveats, and Notes
 
 There are some limitations, caveats, and notes about how it works. These are current as 
@@ -283,31 +296,33 @@ of the file.
 Rclone includes flags for unicode normalization with macFUSE that should be updated
 for FUSE-T. See [this forum post](https://forum.rclone.org/t/some-unicode-forms-break-mount-on-macos-with-fuse-t/36403)
 and [FUSE-T issue #16](https://github.com/macos-fuse-t/fuse-t/issues/16). The following
-flag should be added to the |rclone mount| command.
+flag should be added to the `rclone mount` command.
 
     -o modules=iconv,from_code=UTF-8,to_code=UTF-8
     
 ##### Read Only mounts
 
-When mounting with |--read-only|, attempts to write to files will fail *silently* as
+When mounting with `--read-only`, attempts to write to files will fail *silently* as
 opposed to with a clear warning as in macFUSE.
 
 ### Limitations
 
-Without the use of |--vfs-cache-mode| this can only write files
+Without the use of `--vfs-cache-mode` this can only write files
 sequentially, it can only seek when reading.  This means that many
 applications won't work with their files on an rclone mount without
-|--vfs-cache-mode writes| or |--vfs-cache-mode full|.
+`--vfs-cache-mode writes` or `--vfs-cache-mode full`.
 See the [VFS File Caching](#vfs-file-caching) section for more info.
+When using NFS mount on macOS, if you don't specify |--vfs-cache-mode|
+the mount point will be read-only.
 
 The bucket-based remotes (e.g. Swift, S3, Google Compute Storage, B2)
 do not support the concept of empty directories, so empty
 directories will have a tendency to disappear once they fall out of
 the directory cache.
 
-When |rclone mount| is invoked on Unix with |--daemon| flag, the main rclone
+When `rclone mount` is invoked on Unix with `--daemon` flag, the main rclone
 program will wait for the background mount to become ready or until the timeout
-specified by the |--daemon-wait| flag. On Linux it can check mount status using
+specified by the `--daemon-wait` flag. On Linux it can check mount status using
 ProcFS so the flag in fact sets **maximum** time to wait, while the real wait
 can be less. On macOS / BSD the time to wait is constant and the check is
 performed only at the end. We advise you to set wait time on macOS reasonably.
@@ -325,10 +340,10 @@ for solutions to make @ more reliable.
 
 ### Attribute caching
 
-You can use the flag |--attr-timeout| to set the time the kernel caches
+You can use the flag `--attr-timeout` to set the time the kernel caches
 the attributes (size, modification time, etc.) for directory entries.
 
-The default is |1s| which caches files just long enough to avoid
+The default is `1s` which caches files just long enough to avoid
 too many callbacks to rclone from the kernel.
 
 In theory 0s should be the correct value for filesystems which can
@@ -339,14 +354,14 @@ few problems such as
 and [excessive time listing directories](https://github.com/rclone/rclone/issues/2095#issuecomment-371141147).
 
 The kernel can cache the info about a file for the time given by
-|--attr-timeout|. You may see corruption if the remote file changes
+`--attr-timeout`. You may see corruption if the remote file changes
 length during this window.  It will show up as either a truncated file
-or a file with garbage on the end.  With |--attr-timeout 1s| this is
-very unlikely but not impossible.  The higher you set |--attr-timeout|
+or a file with garbage on the end.  With `--attr-timeout 1s` this is
+very unlikely but not impossible.  The higher you set `--attr-timeout`
 the more likely it is.  The default setting of "1s" is the lowest
 setting which mitigates the problems above.
 
-If you set it higher (|10s| or |1m| say) then the kernel will call
+If you set it higher (`10s` or `1m` say) then the kernel will call
 back to rclone less often making it more efficient, however there is
 more chance of the corruption issue above.
 
@@ -369,81 +384,79 @@ Units having the rclone @ service specified as a requirement
 will see all files and folders immediately in this mode.
 
 Note that systemd runs mount units without any environment variables including
-|PATH| or |HOME|. This means that tilde (|~|) expansion will not work
-and you should provide |--config| and |--cache-dir| explicitly as absolute
+`PATH` or `HOME`. This means that tilde (`~`) expansion will not work
+and you should provide `--config` and `--cache-dir` explicitly as absolute
 paths via rclone arguments.
-Since mounting requires the |fusermount| program, rclone will use the fallback
-PATH of |/bin:/usr/bin| in this scenario. Please ensure that |fusermount|
+Since mounting requires the `fusermount` program, rclone will use the fallback
+PATH of `/bin:/usr/bin` in this scenario. Please ensure that `fusermount`
 is present on this PATH.
 
 ### Rclone as Unix mount helper
 
-The core Unix program |/bin/mount| normally takes the |-t FSTYPE| argument
-then runs the |/sbin/mount.FSTYPE| helper program passing it mount options
-as |-o key=val,...| or |--opt=...|. Automount (classic or systemd) behaves
+The core Unix program `/bin/mount` normally takes the `-t FSTYPE` argument
+then runs the `/sbin/mount.FSTYPE` helper program passing it mount options
+as `-o key=val,...` or `--opt=...`. Automount (classic or systemd) behaves
 in a similar way.
 
-rclone by default expects GNU-style flags |--key val|. To run it as a mount
-helper you should symlink rclone binary to |/sbin/mount.rclone| and optionally
-|/usr/bin/rclonefs|, e.g. |ln -s /usr/bin/rclone /sbin/mount.rclone|.
+rclone by default expects GNU-style flags `--key val`. To run it as a mount
+helper you should symlink rclone binary to `/sbin/mount.rclone` and optionally
+`/usr/bin/rclonefs`, e.g. `ln -s /usr/bin/rclone /sbin/mount.rclone`.
 rclone will detect it and translate command-line arguments appropriately.
 
 Now you can run classic mounts like this:
-|||
+```
 mount sftp1:subdir /mnt/data -t rclone -o vfs_cache_mode=writes,sftp_key_file=/path/to/pem
-|||
+```
 
 or create systemd mount units:
-|||
+```
 # /etc/systemd/system/mnt-data.mount
 [Unit]
-After=network-online.target
+Description=Mount for /mnt/data
 [Mount]
 Type=rclone
 What=sftp1:subdir
 Where=/mnt/data
-Options=rw,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
-|||
+Options=rw,_netdev,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
+```
 
 optionally accompanied by systemd automount unit
-|||
+```
 # /etc/systemd/system/mnt-data.automount
 [Unit]
-After=network-online.target
-Before=remote-fs.target
+Description=AutoMount for /mnt/data
 [Automount]
 Where=/mnt/data
 TimeoutIdleSec=600
 [Install]
 WantedBy=multi-user.target
-|||
+```
 
-or add in |/etc/fstab| a line like
-|||
+or add in `/etc/fstab` a line like
+```
 sftp1:subdir /mnt/data rclone rw,noauto,nofail,_netdev,x-systemd.automount,args2env,vfs_cache_mode=writes,config=/etc/rclone.conf,cache_dir=/var/cache/rclone 0 0
-|||
+```
 
 or use classic Automountd.
-Remember to provide explicit |config=...,cache-dir=...| as a workaround for
-mount units being run without |HOME|.
+Remember to provide explicit `config=...,cache-dir=...` as a workaround for
+mount units being run without `HOME`.
 
-Rclone in the mount helper mode will split |-o| argument(s) by comma, replace |_|
-by |-| and prepend |--| to get the command-line flags. Options containing commas
+Rclone in the mount helper mode will split `-o` argument(s) by comma, replace `_`
+by `-` and prepend `--` to get the command-line flags. Options containing commas
 or spaces can be wrapped in single or double quotes. Any inner quotes inside outer
 quotes of the same type should be doubled.
 
 Mount option syntax includes a few extra options treated specially:
 
-- |env.NAME=VALUE| will set an environment variable for the mount process.
+- `env.NAME=VALUE` will set an environment variable for the mount process.
   This helps with Automountd and Systemd.mount which don't allow setting
   custom environment for mount helpers.
-  Typically you will use |env.HTTPS_PROXY=proxy.host:3128| or |env.HOME=/root|
-- |command=cmount| can be used to run |cmount| or any other rclone command
-  rather than the default |mount|.
-- |args2env| will pass mount options to the mount helper running in background
+  Typically you will use `env.HTTPS_PROXY=proxy.host:3128` or `env.HOME=/root`
+- `command=cmount` can be used to run `cmount` or any other rclone command
+  rather than the default `mount`.
+- `args2env` will pass mount options to the mount helper running in background
   via environment variables instead of command line arguments. This allows to
-  hide secrets from such commands as |ps| or |pgrep|.
-- |vv...| will be transformed into appropriate |--verbose=N|
-- standard mount options like |x-systemd.automount|, |_netdev|, |nosuid| and alike
+  hide secrets from such commands as `ps` or `pgrep`.
+- `vv...` will be transformed into appropriate `--verbose=N`
+- standard mount options like `x-systemd.automount`, `_netdev`, `nosuid` and alike
   are intended only for Automountd and ignored by rclone.
-`
diff --git a/cmd/mountlib/rc.go b/cmd/mountlib/rc.go
index d4c091235a618..df13ca97ce820 100644
--- a/cmd/mountlib/rc.go
+++ b/cmd/mountlib/rc.go
@@ -98,7 +98,7 @@ func mountRc(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 	}
 
 	if mountOpt.Daemon {
-		return nil, errors.New("Daemon Option not supported over the API")
+		return nil, errors.New("daemon option not supported over the API")
 	}
 
 	mountType, err := in.GetString("mountType")
@@ -111,7 +111,7 @@ func mountRc(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 	}
 	mountType, mountFn := ResolveMountMethod(mountType)
 	if mountFn == nil {
-		return nil, errors.New("Mount Option specified is not registered, or is invalid")
+		return nil, errors.New("mount option specified is not registered, or is invalid")
 	}
 
 	// Get Fs.fs to be mounted from fs parameter in the params
diff --git a/cmd/move/move.go b/cmd/move/move.go
index fd1004db11420..ae726043009b2 100644
--- a/cmd/move/move.go
+++ b/cmd/move/move.go
@@ -21,8 +21,8 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &deleteEmptySrcDirs, "delete-empty-src-dirs", "", deleteEmptySrcDirs, "Delete empty source dirs after move")
-	flags.BoolVarP(cmdFlags, &createEmptySrcDirs, "create-empty-src-dirs", "", createEmptySrcDirs, "Create empty source dirs on destination after move")
+	flags.BoolVarP(cmdFlags, &deleteEmptySrcDirs, "delete-empty-src-dirs", "", deleteEmptySrcDirs, "Delete empty source dirs after move", "")
+	flags.BoolVarP(cmdFlags, &createEmptySrcDirs, "create-empty-src-dirs", "", createEmptySrcDirs, "Create empty source dirs on destination after move", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -62,6 +62,7 @@ can speed transfers up greatly.
 `, "|", "`"),
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.19",
+		"groups":            "Filter,Listing,Important,Copy",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(2, 2, command, args)
diff --git a/cmd/moveto/moveto.go b/cmd/moveto/moveto.go
index f007fb18287d0..68b354d556368 100644
--- a/cmd/moveto/moveto.go
+++ b/cmd/moveto/moveto.go
@@ -51,6 +51,7 @@ successful transfer.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.35",
+		"groups":            "Filter,Listing,Important,Copy",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(2, 2, command, args)
diff --git a/cmd/ncdu/ncdu.go b/cmd/ncdu/ncdu.go
index 6fdb210a5d702..cde48d972ca67 100644
--- a/cmd/ncdu/ncdu.go
+++ b/cmd/ncdu/ncdu.go
@@ -19,6 +19,7 @@ import (
 	"github.com/rclone/rclone/cmd/ncdu/scan"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/fspath"
+	"github.com/rclone/rclone/fs/log"
 	"github.com/rclone/rclone/fs/operations"
 	"github.com/rivo/uniseg"
 	"github.com/spf13/cobra"
@@ -76,12 +77,13 @@ the remote you can also use the [size](/commands/rclone_size/) command.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.37",
+		"groups":            "Filter,Listing",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
 		fsrc := cmd.NewFsSrc(args)
 		cmd.Run(false, false, command, func() error {
-			return NewUI(fsrc).Show()
+			return NewUI(fsrc).Run()
 		})
 	},
 }
@@ -110,6 +112,7 @@ func helpText() (tr []string) {
 	tr = append(tr, []string{
 		" Y display current path",
 		" ^L refresh screen (fix screen corruption)",
+		" r recalculate file sizes",
 		" ? to toggle help on and off",
 		" q/ESC/^c to quit",
 	}...)
@@ -120,6 +123,7 @@ func helpText() (tr []string) {
 type UI struct {
 	s                  tcell.Screen
 	f                  fs.Fs     // fs being displayed
+	cancel             func()    // cancel the current scanning process
 	fsName             string    // human name of Fs
 	root               *scan.Dir // root directory
 	d                  *scan.Dir // current directory being displayed
@@ -353,7 +357,7 @@ func (u *UI) hasEmptyDir() bool {
 }
 
 // Draw the current screen
-func (u *UI) Draw() error {
+func (u *UI) Draw() {
 	ctx := context.Background()
 	w, h := u.s.Size()
 	u.dirListHeight = h - 3
@@ -382,6 +386,12 @@ func (u *UI) Draw() error {
 		}
 		showEmptyDir := u.hasEmptyDir()
 		dirPos := u.dirPosMap[u.path]
+		// Check to see if a rescan has invalidated the position
+		if dirPos.offset >= len(u.sortPerm) {
+			delete(u.dirPosMap, u.path)
+			dirPos.offset = 0
+			dirPos.entry = 0
+		}
 		for i, j := range u.sortPerm[dirPos.offset:] {
 			entry := u.entries[j]
 			n := i + dirPos.offset
@@ -489,8 +499,6 @@ func (u *UI) Draw() error {
 	if u.showBox {
 		u.Box()
 	}
-	u.s.Show()
-	return nil
 }
 
 // Move the cursor this many spaces adjusting the viewport as necessary
@@ -900,8 +908,18 @@ func NewUI(f fs.Fs) *UI {
 	}
 }
 
-// Show shows the user interface
-func (u *UI) Show() error {
+func (u *UI) scan() (chan *scan.Dir, chan error, chan struct{}) {
+	if cancel := u.cancel; cancel != nil {
+		cancel()
+	}
+	u.listing = true
+	ctx := context.Background()
+	ctx, u.cancel = context.WithCancel(ctx)
+	return scan.Scan(ctx, u.f)
+}
+
+// Run shows the user interface
+func (u *UI) Run() error {
 	var err error
 	u.s, err = tcell.NewScreen()
 	if err != nil {
@@ -911,11 +929,32 @@ func (u *UI) Show() error {
 	if err != nil {
 		return fmt.Errorf("screen init: %w", err)
 	}
+
+	// Hijack fs.LogPrint so that it doesn't corrupt the screen.
+	if logPrint := fs.LogPrint; !log.Redirected() {
+		type log struct {
+			text  string
+			level fs.LogLevel
+		}
+		var logs []log
+		fs.LogPrint = func(level fs.LogLevel, text string) {
+			if len(logs) > 100 {
+				logs = logs[len(logs)-100:]
+			}
+			logs = append(logs, log{level: level, text: text})
+		}
+		defer func() {
+			fs.LogPrint = logPrint
+			for i := range logs {
+				logPrint(logs[i].level, logs[i].text)
+			}
+		}()
+	}
+
 	defer u.s.Fini()
 
 	// scan the disk in the background
-	u.listing = true
-	rootChan, errChan, updated := scan.Scan(context.Background(), u.f)
+	rootChan, errChan, updated := u.scan()
 
 	// Poll the events into a channel
 	events := make(chan tcell.Event)
@@ -924,10 +963,6 @@ func (u *UI) Show() error {
 	// Main loop, waiting for events and channels
 outer:
 	for {
-		err := u.Draw()
-		if err != nil {
-			return fmt.Errorf("draw failed: %w", err)
-		}
 		select {
 		case root := <-rootChan:
 			u.root = root
@@ -938,16 +973,14 @@ outer:
 			}
 			u.listing = false
 		case <-updated:
-			// redraw
 			// TODO: might want to limit updates per second
 			u.sortCurrentDir()
 		case ev := <-events:
 			switch ev := ev.(type) {
 			case *tcell.EventResize:
-				if u.root != nil {
-					u.sortCurrentDir() // redraw
-				}
+				u.Draw()
 				u.s.Sync()
+				continue // don't draw again
 			case *tcell.EventKey:
 				var c rune
 				if k := ev.Key(); k == tcell.KeyRune {
@@ -1022,15 +1055,22 @@ outer:
 					u.deleteSelected()
 				case '?':
 					u.togglePopupBox(helpText())
+				case 'r':
+					// restart scan
+					rootChan, errChan, updated = u.scan()
 
 				// Refresh the screen. Not obvious what key to map
 				// this onto, but ^L is a common choice.
 				case key(tcell.KeyCtrlL):
+					u.Draw()
 					u.s.Sync()
+					continue // don't draw again
 				}
 			}
 		}
-		// listen to key presses, etc.
+
+		u.Draw()
+		u.s.Show()
 	}
 	return nil
 }
diff --git a/cmd/nfsmount/nfsmount.go b/cmd/nfsmount/nfsmount.go
new file mode 100644
index 0000000000000..755197fa242e9
--- /dev/null
+++ b/cmd/nfsmount/nfsmount.go
@@ -0,0 +1,69 @@
+//go:build darwin && !cmount
+// +build darwin,!cmount
+
+// Package nfsmount implements mounting functionality using serve nfs command
+//
+// NFS mount is only needed for macOS since it has no
+// support for FUSE-based file systems
+package nfsmount
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"os/exec"
+	"runtime"
+	"strings"
+
+	"github.com/rclone/rclone/cmd/mountlib"
+	"github.com/rclone/rclone/cmd/serve/nfs"
+	"github.com/rclone/rclone/vfs"
+)
+
+func init() {
+	cmd := mountlib.NewMountCommand("mount", false, mount)
+	cmd.Aliases = append(cmd.Aliases, "nfsmount")
+	mountlib.AddRc("nfsmount", mount)
+}
+
+func mount(VFS *vfs.VFS, mountpoint string, opt *mountlib.Options) (asyncerrors <-chan error, unmount func() error, err error) {
+	s, err := nfs.NewServer(context.Background(), VFS, &nfs.Options{})
+	if err != nil {
+		return
+	}
+	errChan := make(chan error, 1)
+	go func() {
+		errChan <- s.Serve()
+	}()
+	// The port is always picked at random after the NFS server has started
+	// we need to query the server for the port number so we can mount it
+	_, port, err := net.SplitHostPort(s.Addr().String())
+	if err != nil {
+		err = fmt.Errorf("cannot find port number in %s", s.Addr().String())
+		return
+	}
+	optionsString := strings.Join(opt.ExtraOptions, ",")
+	err = exec.Command("mount", fmt.Sprintf("-oport=%s,mountport=%s,%s", port, port, optionsString), "localhost:", mountpoint).Run()
+	if err != nil {
+		err = fmt.Errorf("failed to mount NFS volume %e", err)
+		return
+	}
+	asyncerrors = errChan
+	unmount = func() error {
+		var umountErr error
+		if runtime.GOOS == "darwin" {
+			umountErr = exec.Command("diskutil", "umount", "force", mountpoint).Run()
+		} else {
+			umountErr = exec.Command("umount", "-f", mountpoint).Run()
+		}
+		shutdownErr := s.Shutdown()
+		VFS.Shutdown()
+		if umountErr != nil {
+			return fmt.Errorf("failed to umount the NFS volume %e", umountErr)
+		} else if shutdownErr != nil {
+			return fmt.Errorf("failed to shutdown NFS server: %e", shutdownErr)
+		}
+		return nil
+	}
+	return
+}
diff --git a/cmd/nfsmount/nfsmount_test.go b/cmd/nfsmount/nfsmount_test.go
new file mode 100644
index 0000000000000..d4c9c34417c0c
--- /dev/null
+++ b/cmd/nfsmount/nfsmount_test.go
@@ -0,0 +1,15 @@
+//go:build darwin && !cmount
+// +build darwin,!cmount
+
+package nfsmount
+
+import (
+	"testing"
+
+	"github.com/rclone/rclone/vfs/vfscommon"
+	"github.com/rclone/rclone/vfs/vfstest"
+)
+
+func TestMount(t *testing.T) {
+	vfstest.RunTests(t, false, vfscommon.CacheModeMinimal, false, mount)
+}
diff --git a/cmd/nfsmount/nfsmount_unsupported.go b/cmd/nfsmount/nfsmount_unsupported.go
new file mode 100644
index 0000000000000..d24115837015e
--- /dev/null
+++ b/cmd/nfsmount/nfsmount_unsupported.go
@@ -0,0 +1,8 @@
+// Build for nfsmount for unsupported platforms to stop go complaining
+// about "no buildable Go source files "
+
+//go:build !darwin || cmount
+// +build !darwin cmount
+
+// Package nfsmount implements mount command using NFS, not needed on most platforms
+package nfsmount
diff --git a/cmd/progress.go b/cmd/progress.go
index 56556db2e2b9e..fbdcd19a1ca90 100644
--- a/cmd/progress.go
+++ b/cmd/progress.go
@@ -20,7 +20,7 @@ const (
 	// interval between progress prints
 	defaultProgressInterval = 500 * time.Millisecond
 	// time format for logging
-	logTimeFormat = "2006-01-02 15:04:05"
+	logTimeFormat = "2006/01/02 15:04:05"
 )
 
 // startProgress starts the progress bar printing
@@ -75,14 +75,13 @@ func startProgress() func() {
 
 // state for the progress printing
 var (
-	nlines     = 0 // number of lines in the previous stats block
-	progressMu sync.Mutex
+	nlines = 0 // number of lines in the previous stats block
 )
 
 // printProgress prints the progress with an optional log
 func printProgress(logMessage string) {
-	progressMu.Lock()
-	defer progressMu.Unlock()
+	operations.StdoutMutex.Lock()
+	defer operations.StdoutMutex.Unlock()
 
 	var buf bytes.Buffer
 	w, _ := terminal.GetSize()
diff --git a/cmd/purge/purge.go b/cmd/purge/purge.go
index d41e22cf67ab5..a8ddb3a6c5b6e 100644
--- a/cmd/purge/purge.go
+++ b/cmd/purge/purge.go
@@ -26,6 +26,9 @@ delete files. To delete empty directories only, use command
 **Important**: Since this can cause data loss, test first with the
 ` + "`--dry-run` or the `--interactive`/`-i`" + ` flag.
 `,
+	Annotations: map[string]string{
+		"groups": "Important",
+	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
 		fdst := cmd.NewFsDir(args)
diff --git a/cmd/rc/rc.go b/cmd/rc/rc.go
index 1276fc024b364..2c88d2914b1c1 100644
--- a/cmd/rc/rc.go
+++ b/cmd/rc/rc.go
@@ -36,14 +36,14 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &noOutput, "no-output", "", noOutput, "If set, don't output the JSON result")
-	flags.StringVarP(cmdFlags, &url, "url", "", url, "URL to connect to rclone remote control")
-	flags.StringVarP(cmdFlags, &jsonInput, "json", "", jsonInput, "Input JSON - use instead of key=value args")
-	flags.StringVarP(cmdFlags, &authUser, "user", "", "", "Username to use to rclone remote control")
-	flags.StringVarP(cmdFlags, &authPass, "pass", "", "", "Password to use to connect to rclone remote control")
-	flags.BoolVarP(cmdFlags, &loopback, "loopback", "", false, "If set connect to this rclone instance not via HTTP")
-	flags.StringArrayVarP(cmdFlags, &options, "opt", "o", options, "Option in the form name=value or name placed in the \"opt\" array")
-	flags.StringArrayVarP(cmdFlags, &arguments, "arg", "a", arguments, "Argument placed in the \"arg\" array")
+	flags.BoolVarP(cmdFlags, &noOutput, "no-output", "", noOutput, "If set, don't output the JSON result", "")
+	flags.StringVarP(cmdFlags, &url, "url", "", url, "URL to connect to rclone remote control", "")
+	flags.StringVarP(cmdFlags, &jsonInput, "json", "", jsonInput, "Input JSON - use instead of key=value args", "")
+	flags.StringVarP(cmdFlags, &authUser, "user", "", "", "Username to use to rclone remote control", "")
+	flags.StringVarP(cmdFlags, &authPass, "pass", "", "", "Password to use to connect to rclone remote control", "")
+	flags.BoolVarP(cmdFlags, &loopback, "loopback", "", false, "If set connect to this rclone instance not via HTTP", "")
+	flags.StringArrayVarP(cmdFlags, &options, "opt", "o", options, "Option in the form name=value or name placed in the \"opt\" array", "")
+	flags.StringArrayVarP(cmdFlags, &arguments, "arg", "a", arguments, "Argument placed in the \"arg\" array", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -168,6 +168,16 @@ func setAlternateFlag(flagName string, output *string) {
 	}
 }
 
+// Format an error and create a synthetic server return from it
+func errorf(status int, path string, format string, arg ...any) (out rc.Params, err error) {
+	err = fmt.Errorf(format, arg...)
+	out = make(rc.Params)
+	out["error"] = err.Error()
+	out["path"] = path
+	out["status"] = status
+	return out, err
+}
+
 // do a call from (path, in) to (out, err).
 //
 // if err is set, out may be a valid error return or it may be nil
@@ -176,16 +186,16 @@ func doCall(ctx context.Context, path string, in rc.Params) (out rc.Params, err
 	if loopback {
 		call := rc.Calls.Get(path)
 		if call == nil {
-			return nil, fmt.Errorf("method %q not found", path)
+			return errorf(http.StatusBadRequest, path, "loopback: method %q not found", path)
 		}
 		_, out, err := jobs.NewJob(ctx, call.Fn, in)
 		if err != nil {
-			return nil, fmt.Errorf("loopback call failed: %w", err)
+			return errorf(http.StatusInternalServerError, path, "loopback: call failed: %w", err)
 		}
 		// Reshape (serialize then deserialize) the data so it is in the form expected
 		err = rc.Reshape(&out, out)
 		if err != nil {
-			return nil, fmt.Errorf("loopback reshape failed: %w", err)
+			return errorf(http.StatusInternalServerError, path, "loopback: reshape failed: %w", err)
 		}
 		return out, nil
 	}
@@ -195,12 +205,12 @@ func doCall(ctx context.Context, path string, in rc.Params) (out rc.Params, err
 	url += path
 	data, err := json.Marshal(in)
 	if err != nil {
-		return nil, fmt.Errorf("failed to encode JSON: %w", err)
+		return errorf(http.StatusBadRequest, path, "failed to encode request: %w", err)
 	}
 
 	req, err := http.NewRequestWithContext(ctx, "POST", url, bytes.NewBuffer(data))
 	if err != nil {
-		return nil, fmt.Errorf("failed to make request: %w", err)
+		return errorf(http.StatusInternalServerError, path, "failed to make request: %w", err)
 	}
 
 	req.Header.Set("Content-Type", "application/json")
@@ -210,28 +220,24 @@ func doCall(ctx context.Context, path string, in rc.Params) (out rc.Params, err
 
 	resp, err := client.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("connection failed: %w", err)
+		return errorf(http.StatusServiceUnavailable, path, "connection failed: %w", err)
 	}
 	defer fs.CheckClose(resp.Body, &err)
 
-	if resp.StatusCode != http.StatusOK {
-		var body []byte
-		body, err = io.ReadAll(resp.Body)
-		var bodyString string
-		if err == nil {
-			bodyString = string(body)
-		} else {
-			bodyString = err.Error()
-		}
-		bodyString = strings.TrimSpace(bodyString)
-		return nil, fmt.Errorf("failed to read rc response: %s: %s", resp.Status, bodyString)
+	// Read response
+	var body []byte
+	var bodyString string
+	body, err = io.ReadAll(resp.Body)
+	bodyString = strings.TrimSpace(string(body))
+	if err != nil {
+		return errorf(resp.StatusCode, "failed to read rc response: %s: %s", resp.Status, bodyString)
 	}
 
 	// Parse output
 	out = make(rc.Params)
-	err = json.NewDecoder(resp.Body).Decode(&out)
+	err = json.NewDecoder(strings.NewReader(bodyString)).Decode(&out)
 	if err != nil {
-		return nil, fmt.Errorf("failed to decode JSON: %w", err)
+		return errorf(resp.StatusCode, path, "failed to decode response: %w: %s", err, bodyString)
 	}
 
 	// Check we got 200 OK
diff --git a/cmd/rcat/rcat.go b/cmd/rcat/rcat.go
index c66fe465090ea..e352c6a1cf7dd 100644
--- a/cmd/rcat/rcat.go
+++ b/cmd/rcat/rcat.go
@@ -20,7 +20,7 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.Int64VarP(cmdFlags, &size, "size", "", size, "File size hint to preallocate")
+	flags.Int64VarP(cmdFlags, &size, "size", "", size, "File size hint to preallocate", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -52,12 +52,14 @@ and actually stream it, even if remote backend doesn't support streaming.
 size of the stream is different in length to the ` + "`--size`" + ` passed in
 then the transfer will likely fail.
 
-Note that the upload can also not be retried because the data is
-not kept around until the upload succeeds. If you need to transfer
-a lot of data, you're better off caching locally and then
-` + "`rclone move`" + ` it to the destination.`,
+Note that the upload cannot be retried because the data is not stored.
+If the backend supports multipart uploading then individual chunks can
+be retried. If you need to transfer a lot of data, you may be better
+off caching it locally and then ` + "`rclone move`" + ` it to the
+destination which can use retries.`,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.38",
+		"groups":            "Important",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/rcd/rcd.go b/cmd/rcd/rcd.go
index 818580f3ab43e..c023931f0359d 100644
--- a/cmd/rcd/rcd.go
+++ b/cmd/rcd/rcd.go
@@ -4,14 +4,12 @@ package rcd
 import (
 	"context"
 	"log"
-	"sync"
 
-	sysdnotify "github.com/iguanesolutions/go-systemd/v5/notify"
 	"github.com/rclone/rclone/cmd"
 	"github.com/rclone/rclone/fs/rc/rcflags"
 	"github.com/rclone/rclone/fs/rc/rcserver"
-	"github.com/rclone/rclone/lib/atexit"
 	libhttp "github.com/rclone/rclone/lib/http"
+	"github.com/rclone/rclone/lib/systemd"
 	"github.com/spf13/cobra"
 )
 
@@ -32,9 +30,10 @@ for GET requests on the URL passed in.  It will also open the URL in
 the browser when rclone is run.
 
 See the [rc documentation](/rc/) for more info on the rc flags.
-` + libhttp.Help + libhttp.TemplateHelp + libhttp.AuthHelp,
+` + libhttp.Help(rcflags.FlagPrefix) + libhttp.TemplateHelp(rcflags.FlagPrefix) + libhttp.AuthHelp(rcflags.FlagPrefix),
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.45",
+		"groups":            "RC",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(0, 1, command, args)
@@ -57,21 +56,8 @@ See the [rc documentation](/rc/) for more info on the rc flags.
 		}
 
 		// Notify stopping on exit
-		var finaliseOnce sync.Once
-		finalise := func() {
-			finaliseOnce.Do(func() {
-				_ = sysdnotify.Stopping()
-			})
-		}
-		fnHandle := atexit.Register(finalise)
-		defer atexit.Unregister(fnHandle)
-
-		// Notify ready to systemd
-		if err := sysdnotify.Ready(); err != nil {
-			log.Fatalf("failed to notify ready to systemd: %v", err)
-		}
+		defer systemd.Notify()()
 
 		s.Wait()
-		finalise()
 	},
 }
diff --git a/cmd/rmdir/rmdir.go b/cmd/rmdir/rmdir.go
index 778315be83e0a..00f77036660a2 100644
--- a/cmd/rmdir/rmdir.go
+++ b/cmd/rmdir/rmdir.go
@@ -24,6 +24,9 @@ with option ` + "`--rmdirs`" + `) to do that.
 
 To delete a path and any objects in it, use [purge](/commands/rclone_purge/) command.
 `,
+	Annotations: map[string]string{
+		"groups": "Important",
+	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
 		fdst := cmd.NewFsDir(args)
diff --git a/cmd/rmdirs/rmdirs.go b/cmd/rmdirs/rmdirs.go
index 62711dea40a25..470f34ff5b5fd 100644
--- a/cmd/rmdirs/rmdirs.go
+++ b/cmd/rmdirs/rmdirs.go
@@ -35,11 +35,15 @@ empty directories in. For example the [delete](/commands/rclone_delete/)
 command will delete files but leave the directory structure (unless
 used with option ` + "`--rmdirs`" + `).
 
-To delete a path and any objects in it, use [purge](/commands/rclone_purge/)
+This will delete ` + "`--checkers`" + ` directories concurrently so
+if you have thousands of empty directories consider increasing this number.
+
+To delete a path and any objects in it, use the [purge](/commands/rclone_purge/)
 command.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.35",
+		"groups":            "Important",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/selfupdate/selfupdate.go b/cmd/selfupdate/selfupdate.go
index 184710cb3ca3c..5adf9a4b8e908 100644
--- a/cmd/selfupdate/selfupdate.go
+++ b/cmd/selfupdate/selfupdate.go
@@ -10,6 +10,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/sha256"
+	_ "embed"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -35,6 +36,9 @@ import (
 	versionCmd "github.com/rclone/rclone/cmd/version"
 )
 
+//go:embed selfupdate.md
+var selfUpdateHelp string
+
 // Options contains options for the self-update command
 type Options struct {
 	Check   bool
@@ -51,30 +55,31 @@ var Opt = Options{}
 func init() {
 	cmd.Root.AddCommand(cmdSelfUpdate)
 	cmdFlags := cmdSelfUpdate.Flags()
-	flags.BoolVarP(cmdFlags, &Opt.Check, "check", "", Opt.Check, "Check for latest release, do not download")
-	flags.StringVarP(cmdFlags, &Opt.Output, "output", "", Opt.Output, "Save the downloaded binary at a given path (default: replace running binary)")
-	flags.BoolVarP(cmdFlags, &Opt.Stable, "stable", "", Opt.Stable, "Install stable release (this is the default)")
-	flags.BoolVarP(cmdFlags, &Opt.Beta, "beta", "", Opt.Beta, "Install beta release")
-	flags.StringVarP(cmdFlags, &Opt.Version, "version", "", Opt.Version, "Install the given rclone version (default: latest)")
-	flags.StringVarP(cmdFlags, &Opt.Package, "package", "", Opt.Package, "Package format: zip|deb|rpm (default: zip)")
+	flags.BoolVarP(cmdFlags, &Opt.Check, "check", "", Opt.Check, "Check for latest release, do not download", "")
+	flags.StringVarP(cmdFlags, &Opt.Output, "output", "", Opt.Output, "Save the downloaded binary at a given path (default: replace running binary)", "")
+	flags.BoolVarP(cmdFlags, &Opt.Stable, "stable", "", Opt.Stable, "Install stable release (this is the default)", "")
+	flags.BoolVarP(cmdFlags, &Opt.Beta, "beta", "", Opt.Beta, "Install beta release", "")
+	flags.StringVarP(cmdFlags, &Opt.Version, "version", "", Opt.Version, "Install the given rclone version (default: latest)", "")
+	flags.StringVarP(cmdFlags, &Opt.Package, "package", "", Opt.Package, "Package format: zip|deb|rpm (default: zip)", "")
 }
 
 var cmdSelfUpdate = &cobra.Command{
 	Use:     "selfupdate",
 	Aliases: []string{"self-update"},
 	Short:   `Update the rclone binary.`,
-	Long:    strings.ReplaceAll(selfUpdateHelp, "|", "`"),
+	Long:    selfUpdateHelp,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.55",
 	},
 	Run: func(command *cobra.Command, args []string) {
+		ctx := context.Background()
 		cmd.CheckArgs(0, 0, command, args)
 		if Opt.Package == "" {
 			Opt.Package = "zip"
 		}
 		gotActionFlags := Opt.Stable || Opt.Beta || Opt.Output != "" || Opt.Version != "" || Opt.Package != "zip"
 		if Opt.Check && !gotActionFlags {
-			versionCmd.CheckVersion()
+			versionCmd.CheckVersion(ctx)
 			return
 		}
 		if Opt.Package != "zip" {
@@ -108,7 +113,7 @@ func GetVersion(ctx context.Context, beta bool, version string) (newVersion, sit
 
 	if version == "" {
 		// Request the latest release number from the download site
-		_, newVersion, _, err = versionCmd.GetVersion(siteURL + "/version.txt")
+		_, newVersion, _, err = versionCmd.GetVersion(ctx, siteURL+"/version.txt")
 		return
 	}
 
diff --git a/cmd/selfupdate/help.go b/cmd/selfupdate/selfupdate.md
similarity index 52%
rename from cmd/selfupdate/help.go
rename to cmd/selfupdate/selfupdate.md
index d3044bb113cbe..73a0066620cd5 100644
--- a/cmd/selfupdate/help.go
+++ b/cmd/selfupdate/selfupdate.md
@@ -1,54 +1,47 @@
-//go:build !noselfupdate
-// +build !noselfupdate
+This command downloads the latest release of rclone and replaces the
+currently running binary. The download is verified with a hashsum and
+cryptographically signed signature; see [the release signing
+docs](/release_signing/) for details.
 
-package selfupdate
-
-// Note: "|" will be replaced by backticks in the help string below
-var selfUpdateHelp = `
-This command downloads the latest release of rclone and replaces
-the currently running binary. The download is verified with a hashsum
-and cryptographically signed signature.
-
-If used without flags (or with implied |--stable| flag), this command
+If used without flags (or with implied `--stable` flag), this command
 will install the latest stable release. However, some issues may be fixed
 (or features added) only in the latest beta release. In such cases you should
-run the command with the |--beta| flag, i.e. |rclone selfupdate --beta|.
+run the command with the `--beta` flag, i.e. `rclone selfupdate --beta`.
 You can check in advance what version would be installed by adding the
-|--check| flag, then repeat the command without it when you are satisfied.
+`--check` flag, then repeat the command without it when you are satisfied.
 
 Sometimes the rclone team may recommend you a concrete beta or stable
 rclone release to troubleshoot your issue or add a bleeding edge feature.
-The |--version VER| flag, if given, will update to the concrete version
-instead of the latest one. If you omit micro version from |VER| (for
-example |1.53|), the latest matching micro version will be used.
+The `--version VER` flag, if given, will update to the concrete version
+instead of the latest one. If you omit micro version from `VER` (for
+example `1.53`), the latest matching micro version will be used.
 
 Upon successful update rclone will print a message that contains a previous
 version number. You will need it if you later decide to revert your update
 for some reason. Then you'll have to note the previous version and run the
-following command: |rclone selfupdate [--beta] OLDVER|.
-If the old version contains only dots and digits (for example |v1.54.0|)
-then it's a stable release so you won't need the |--beta| flag. Beta releases
-have an additional information similar to |v1.54.0-beta.5111.06f1c0c61|.
+following command: `rclone selfupdate [--beta] OLDVER`.
+If the old version contains only dots and digits (for example `v1.54.0`)
+then it's a stable release so you won't need the `--beta` flag. Beta releases
+have an additional information similar to `v1.54.0-beta.5111.06f1c0c61`.
 (if you are a developer and use a locally built rclone, the version number
-will end with |-DEV|, you will have to rebuild it as it obviously can't
+will end with `-DEV`, you will have to rebuild it as it obviously can't
 be distributed).
 
 If you previously installed rclone via a package manager, the package may
 include local documentation or configure services. You may wish to update
-with the flag |--package deb| or |--package rpm| (whichever is correct for
-your OS) to update these too. This command with the default |--package zip|
+with the flag `--package deb` or `--package rpm` (whichever is correct for
+your OS) to update these too. This command with the default `--package zip`
 will update only the rclone executable so the local manual may become
 inaccurate after it.
 
-The |rclone mount| command (https://rclone.org/commands/rclone_mount/) may
+The [rclone mount](/commands/rclone_mount/) command may
 or may not support extended FUSE options depending on the build and OS.
-|selfupdate| will refuse to update if the capability would be discarded.
+`selfupdate` will refuse to update if the capability would be discarded.
 
 Note: Windows forbids deletion of a currently running executable so this
 command will rename the old executable to 'rclone.old.exe' upon success.
 
 Please note that this command was not available before rclone version 1.55.
-If it fails for you with the message |unknown command "selfupdate"| then
+If it fails for you with the message `unknown command "selfupdate"` then
 you will need to update manually following the install instructions located
 at https://rclone.org/install/
-`
diff --git a/cmd/selfupdate/selfupdate_test.go b/cmd/selfupdate/selfupdate_test.go
index 9c02f458412ac..92d1d91c79005 100644
--- a/cmd/selfupdate/selfupdate_test.go
+++ b/cmd/selfupdate/selfupdate_test.go
@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"github.com/rclone/rclone/fs"
+	_ "github.com/rclone/rclone/fstest" // needed to run under integration tests
 	"github.com/rclone/rclone/fstest/testy"
 	"github.com/stretchr/testify/assert"
 )
diff --git a/cmd/selfupdate/testdata/verify/SHA256SUMS b/cmd/selfupdate/testdata/verify/SHA256SUMS
new file mode 100644
index 0000000000000..8a2df1e6a0606
--- /dev/null
+++ b/cmd/selfupdate/testdata/verify/SHA256SUMS
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+b20b47f579a2c790ca752fb5d8e5651fade7d5867cbac0a4f71e805fc5c468d0  archive.zip
+-----BEGIN PGP SIGNATURE-----
+
+iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZS+oVQAKCRCTk14C/ztU
++lNsAJ9XRiODlM4fIW9yqiltO3N+lLeucwCfRzD3cXk6BCB5wdz7pTgnItk9N74=
+=1GTr
+-----END PGP SIGNATURE-----
diff --git a/cmd/selfupdate/testdata/verify/archive.zip b/cmd/selfupdate/testdata/verify/archive.zip
new file mode 100644
index 0000000000000..c2ecc6aecf550
Binary files /dev/null and b/cmd/selfupdate/testdata/verify/archive.zip differ
diff --git a/cmd/selfupdate/verify.go b/cmd/selfupdate/verify.go
index 503bbd7f6368d..7c3d76df61131 100644
--- a/cmd/selfupdate/verify.go
+++ b/cmd/selfupdate/verify.go
@@ -26,24 +26,37 @@ QbogRGodbKhqY4v+cMNkKiemBuTQiWPkpKjifwNsD1fNjNKfDP3pJ64Yz7a4fuzV
 X1YwBACpKVuEen34lmcX6ziY4jq8rKibKBs4JjQCRO24kYoHDULVe+RS9krQWY5b
 e0foDhru4dsKccefK099G+WEzKVCKxupstWkTT/iJwajR8mIqd4AhD0wO9W3MCfV
 Ov8ykMDZ7qBWk1DHc87Ep3W1o8t8wq74ifV+HjhhWg8QAylXg7QlTmljayBDcmFp
-Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPohxBBMRCAAxBQsHCgMEAxUDAgMW
-AgECF4AWIQT79zfs6firGGBL0qyTk14C/ztU+gUCXjg2UgIZAQAKCRCTk14C/ztU
-+lmmAJ4jH5FyULzStjisuTvHLTVz6G44eQCfaR5QGZFPseenE5ic2WeQcBcmtoG5
-Ag0EO7LdgRAIAI6QdFBg3/xa1gFKPYy1ihV9eSdGqwWZGJvokWsfCvHy5180tj/v
-UNOLAJrdqglMSvevNTXe8bT65D6423AAsLhch9wq/aNqrHolTYABzxRigjcS1//T
-yln5naGUzlVQXDVfrDk3Md/NrkdOFj7r/YyMF0+iWwpFz2qAjL95i5wfVZ1kWGrT
-2AmivE1wD1sWT/Ja3FDI0NRkU0Nbz/a0TKe4ml8iLVtZXpTRbxxCCPdkHXXgSyu1
-eZ4NrF/wTJuvwGn12TJ1EF95aVkHxAUw0+KmLGdcyBG+IKuHamrsjWIAXGXV///K
-AxPgUthccQ03HMjltFsrdmen5Q034YM3eOsAAwUH/jAKiIAA8LpZmZPnt9GZ4+Ol
-Zp22VAfyfDOFl4Ol+cWjkLAgjAFsm5gnOKcRSE/9XPxnQqkhw7+ZygYuUMgTDJ99
-/5IM1UQL3ooS+oFrDaE99S8bLeOe17skcdXcA/K83VqD9m93rQRnbtD+75zqKkZn
-9WNFyKCXg5P6PFPdNYRtlQKOcwFR9mHRLUmapQSAM8Y2pCgALZ7GViKQca8/TT1T
-gZk9fJMZYGez+IlOPxTJxjn80+vywk4/wdIWSiQj+8u5RzT9sjmm77wbMVNGRqYd
-W/EemW9Zz9vi0CIvJGgbPMqcuxw8e/5lnuQ6Mi3uDR0P2RNIAhFrdZpVSME8xQaI
-RgQYEQIABgUCO7LdgQAKCRCTk14C/ztU+mLBAKC2cdFy7eLaQAvyzcE2VK6HVIjn
-JACguA00bxLQuJ4+RCJrLFZP8ZlN2sc=
-=TtR5
------END PGP PUBLIC KEY BLOCK-----`
+Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPoh0BBMRCAA0BQsHCgMEAxUDAgMW
+AgECF4ACGQEWIQT79zfs6firGGBL0qyTk14C/ztU+gUCZS/mXAIbIwAKCRCTk14C
+/ztU+tX+AJ9CUAnPvT4w5yRAPRfDiwWIPUqBOgCgiTelkzvUxvLWnYmpowwzKmsx
+qaSJAjMEEAEIAB0WIQTjs1jchY+zB/SBcLnLDb68XzLIHQUCZPRnNAAKCRDLDb68
+XzLIHZSAD/oCk9Z0xJfbpriphTBxFy7bWyPKF1lM1GZZaLKkktGfunf1i0Q7rhwp
+Nu+u1launlOTp6ZoY36Ce2Qa1eSxWAQdjVajw9kOHXCAewrTREOMY/mb7RVGjajo
+0Egl8T9iD3JRyaxu2iVtbpZYuqehtGG28CaCzmtqE+EJcx1cGqAGSuuaDWRYlVX8
+KDip44GQB5Lut30vwSIoZG1CPCR6VE82u4cl3mYZUfcJkCHsiLzoeadVzb+fOd+2
+ybzBn8Y77ifGgM+dSFSHe03mFfcHPdp0QImF9HQR7XI0UMZmEJsw7c2vDrRa+kRY
+2A4/amGn4Tahuazq8g2yqgGm3yAj49qGNarAau849lDr7R49j73ESnNVBGJ9ShzU
+4Ls+S1A5gohZVu2s1fkE3mbAmoTfU4JCrpRydOuL9xRJk5gbL44sKeuGODNshyTP
+JzG9DmRHpLsBn59v8mg5tqSfBIGqcqBxxnYHJnkK801MkaLW2m7wDmtz6P3TW86g
+GukzfIN3/OufLjnpN3Nx376JwWDDIyif7sn6/q+ZMwGz9uLKZkAeM5c3Dh4ygpgl
+iSLoV2bZzDz0iLxKWW7QOVVdWHmlEqbTldpQ7gUEPG7mxpzVo0xd6nHncSq0M91x
+29It4B3fATx/iJB2eardMzSsbzHiwTg0eswhYYGpSKZLgp4RShnVAbkCDQQ7st2B
+EAgAjpB0UGDf/FrWAUo9jLWKFX15J0arBZkYm+iRax8K8fLnXzS2P+9Q04sAmt2q
+CUxK9681Nd7xtPrkPrjbcACwuFyH3Cr9o2qseiVNgAHPFGKCNxLX/9PKWfmdoZTO
+VVBcNV+sOTcx382uR04WPuv9jIwXT6JbCkXPaoCMv3mLnB9VnWRYatPYCaK8TXAP
+WxZP8lrcUMjQ1GRTQ1vP9rRMp7iaXyItW1lelNFvHEII92QddeBLK7V5ng2sX/BM
+m6/AafXZMnUQX3lpWQfEBTDT4qYsZ1zIEb4gq4dqauyNYgBcZdX//8oDE+BS2Fxx
+DTccyOW0Wyt2Z6flDTfhgzd46wADBQf+MAqIgADwulmZk+e30Znj46VmnbZUB/J8
+M4WXg6X5xaOQsCCMAWybmCc4pxFIT/1c/GdCqSHDv5nKBi5QyBMMn33/kgzVRAve
+ihL6gWsNoT31Lxst457XuyRx1dwD8rzdWoP2b3etBGdu0P7vnOoqRmf1Y0XIoJeD
+k/o8U901hG2VAo5zAVH2YdEtSZqlBIAzxjakKAAtnsZWIpBxrz9NPVOBmT18kxlg
+Z7P4iU4/FMnGOfzT6/LCTj/B0hZKJCP7y7lHNP2yOabvvBsxU0ZGph1b8R6Zb1nP
+2+LQIi8kaBs8ypy7HDx7/mWe5DoyLe4NHQ/ZE0gCEWt1mlVIwTzFBohGBBgRAgAG
+BQI7st2BAAoJEJOTXgL/O1T6YsEAoLZx0XLt4tpAC/LNwTZUrodUiOckAKC4DTRv
+EtC4nj5EImssVk/xmU3axw==
+=VUqh
+-----END PGP PUBLIC KEY BLOCK-----
+`
 
 func verifyHashsum(ctx context.Context, siteURL, version, archive string, hash []byte) error {
 	sumsURL := fmt.Sprintf("%s/%s/SHA256SUMS", siteURL, version)
@@ -52,16 +65,26 @@ func verifyHashsum(ctx context.Context, siteURL, version, archive string, hash [
 		return err
 	}
 	fs.Debugf(nil, "downloaded hashsum list: %s", sumsURL)
+	return verifyHashsumDownloaded(ctx, sumsBuf, archive, hash)
+}
 
+func verifyHashsumDownloaded(ctx context.Context, sumsBuf []byte, archive string, hash []byte) error {
 	keyRing, err := openpgp.ReadArmoredKeyRing(strings.NewReader(ncwPublicKeyPGP))
 	if err != nil {
-		return errors.New("unsupported signing key")
+		return fmt.Errorf("unsupported signing key: %w", err)
 	}
+
 	block, rest := clearsign.Decode(sumsBuf)
-	// block.Bytes = block.Bytes[1:] // uncomment to test invalid signature
+	if block == nil {
+		return errors.New("invalid hashsum signature: couldn't find detached signature")
+	}
+	if len(rest) > 0 {
+		return fmt.Errorf("invalid hashsum signature: %d bytes of unsigned data", len(rest))
+	}
+
 	_, err = openpgp.CheckDetachedSignature(keyRing, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body, nil)
-	if err != nil || len(rest) > 0 {
-		return errors.New("invalid hashsum signature")
+	if err != nil {
+		return fmt.Errorf("invalid hashsum signature: %w", err)
 	}
 
 	wantHash, err := findFileHash(sumsBuf, archive)
diff --git a/cmd/selfupdate/verify_test.go b/cmd/selfupdate/verify_test.go
new file mode 100644
index 0000000000000..bf3e7754db10d
--- /dev/null
+++ b/cmd/selfupdate/verify_test.go
@@ -0,0 +1,43 @@
+//go:build !noselfupdate
+// +build !noselfupdate
+
+package selfupdate
+
+import (
+	"context"
+	"encoding/hex"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestVerify(t *testing.T) {
+	ctx := context.Background()
+	sumsBuf, err := os.ReadFile("testdata/verify/SHA256SUMS")
+	require.NoError(t, err)
+	hash, err := hex.DecodeString("b20b47f579a2c790ca752fb5d8e5651fade7d5867cbac0a4f71e805fc5c468d0")
+	require.NoError(t, err)
+
+	t.Run("NoError", func(t *testing.T) {
+		err = verifyHashsumDownloaded(ctx, sumsBuf, "archive.zip", hash)
+		require.NoError(t, err)
+	})
+	t.Run("BadSig", func(t *testing.T) {
+		sumsBuf[0x60] ^= 1 // change the signature by one bit
+		err = verifyHashsumDownloaded(ctx, sumsBuf, "archive.zip", hash)
+		assert.ErrorContains(t, err, "invalid signature")
+		sumsBuf[0x60] ^= 1 // undo the change
+	})
+	t.Run("BadSum", func(t *testing.T) {
+		hash[0] ^= 1 // change the SHA256 by one bit
+		err = verifyHashsumDownloaded(ctx, sumsBuf, "archive.zip", hash)
+		assert.ErrorContains(t, err, "archive hash mismatch")
+		hash[0] ^= 1 // undo the change
+	})
+	t.Run("BadName", func(t *testing.T) {
+		err = verifyHashsumDownloaded(ctx, sumsBuf, "archive.zipX", hash)
+		assert.ErrorContains(t, err, "unable to find hash")
+	})
+}
diff --git a/cmd/serve/dlna/cds.go b/cmd/serve/dlna/cds.go
index f7cd77d1ff683..72fcceeab5850 100644
--- a/cmd/serve/dlna/cds.go
+++ b/cmd/serve/dlna/cds.go
@@ -60,6 +60,11 @@ func (cds *contentDirectoryService) cdsObjectToUpnpavObject(cdsObject object, fi
 	var mimeType string
 	if o, ok := fileInfo.DirEntry().(fs.Object); ok {
 		mimeType = fs.MimeType(context.TODO(), o)
+		// If backend doesn't know what the mime type is then
+		// try getting it from the file name
+		if mimeType == "application/octet-stream" {
+			mimeType = fs.MimeTypeFromName(fileInfo.Name())
+		}
 	} else {
 		mimeType = fs.MimeTypeFromName(fileInfo.Name())
 	}
diff --git a/cmd/serve/dlna/dlna.go b/cmd/serve/dlna/dlna.go
index 19db02f16ae88..1a2a779149259 100644
--- a/cmd/serve/dlna/dlna.go
+++ b/cmd/serve/dlna/dlna.go
@@ -22,6 +22,7 @@ import (
 	"github.com/rclone/rclone/cmd/serve/dlna/data"
 	"github.com/rclone/rclone/cmd/serve/dlna/dlnaflags"
 	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/lib/systemd"
 	"github.com/rclone/rclone/vfs"
 	"github.com/rclone/rclone/vfs/vfsflags"
 	"github.com/spf13/cobra"
@@ -50,6 +51,7 @@ files that they are not able to play back correctly.
 ` + dlnaflags.Help + vfs.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.46",
+		"groups":            "Filter",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
@@ -63,6 +65,7 @@ files that they are not able to play back correctly.
 			if err := s.Serve(); err != nil {
 				return err
 			}
+			defer systemd.Notify()()
 			s.Wait()
 			return nil
 		})
@@ -126,11 +129,10 @@ func newServer(f fs.Fs, opt *dlnaflags.Options) (*server, error) {
 		FriendlyName:     friendlyName,
 		RootDeviceUUID:   makeDeviceUUID(friendlyName),
 		Interfaces:       interfaces,
-
-		httpListenAddr: opt.ListenAddr,
-
-		f:   f,
-		vfs: vfs.New(f, &vfsflags.Opt),
+		waitChan:         make(chan struct{}),
+		httpListenAddr:   opt.ListenAddr,
+		f:                f,
+		vfs:              vfs.New(f, &vfsflags.Opt),
 	}
 
 	s.services = map[string]UPnPService{
@@ -303,7 +305,7 @@ func (s *server) Serve() (err error) {
 	go func() {
 		fs.Logf(s.f, "Serving HTTP on %s", s.HTTPConn.Addr().String())
 
-		err = s.serveHTTP()
+		err := s.serveHTTP()
 		if err != nil {
 			fs.Logf(s.f, "Error on serving HTTP server: %v", err)
 		}
diff --git a/cmd/serve/dlna/dlnaflags/dlnaflags.go b/cmd/serve/dlna/dlnaflags/dlnaflags.go
index 10745474c4d8c..8b2f393041713 100644
--- a/cmd/serve/dlna/dlnaflags/dlnaflags.go
+++ b/cmd/serve/dlna/dlnaflags/dlnaflags.go
@@ -49,11 +49,11 @@ var (
 
 func addFlagsPrefix(flagSet *pflag.FlagSet, prefix string, Opt *Options) {
 	rc.AddOption("dlna", &Opt)
-	flags.StringVarP(flagSet, &Opt.ListenAddr, prefix+"addr", "", Opt.ListenAddr, "The ip:port or :port to bind the DLNA http server to")
-	flags.StringVarP(flagSet, &Opt.FriendlyName, prefix+"name", "", Opt.FriendlyName, "Name of DLNA server")
-	flags.BoolVarP(flagSet, &Opt.LogTrace, prefix+"log-trace", "", Opt.LogTrace, "Enable trace logging of SOAP traffic")
-	flags.StringArrayVarP(flagSet, &Opt.InterfaceNames, prefix+"interface", "", Opt.InterfaceNames, "The interface to use for SSDP (repeat as necessary)")
-	flags.DurationVarP(flagSet, &Opt.AnnounceInterval, prefix+"announce-interval", "", Opt.AnnounceInterval, "The interval between SSDP announcements")
+	flags.StringVarP(flagSet, &Opt.ListenAddr, prefix+"addr", "", Opt.ListenAddr, "The ip:port or :port to bind the DLNA http server to", prefix)
+	flags.StringVarP(flagSet, &Opt.FriendlyName, prefix+"name", "", Opt.FriendlyName, "Name of DLNA server", prefix)
+	flags.BoolVarP(flagSet, &Opt.LogTrace, prefix+"log-trace", "", Opt.LogTrace, "Enable trace logging of SOAP traffic", prefix)
+	flags.StringArrayVarP(flagSet, &Opt.InterfaceNames, prefix+"interface", "", Opt.InterfaceNames, "The interface to use for SSDP (repeat as necessary)", prefix)
+	flags.DurationVarP(flagSet, &Opt.AnnounceInterval, prefix+"announce-interval", "", Opt.AnnounceInterval, "The interval between SSDP announcements", prefix)
 }
 
 // AddFlags add the command line flags for DLNA serving.
diff --git a/cmd/serve/docker/docker.go b/cmd/serve/docker/docker.go
index d160558651e2a..9493f740792cd 100644
--- a/cmd/serve/docker/docker.go
+++ b/cmd/serve/docker/docker.go
@@ -3,8 +3,8 @@ package docker
 
 import (
 	"context"
+	_ "embed"
 	"path/filepath"
-	"strings"
 	"syscall"
 
 	"github.com/spf13/cobra"
@@ -30,14 +30,17 @@ var (
 	noSpec      = false
 )
 
+//go:embed docker.md
+var longHelp string
+
 func init() {
 	cmdFlags := Command.Flags()
 	// Add command specific flags
-	flags.StringVarP(cmdFlags, &baseDir, "base-dir", "", baseDir, "Base directory for volumes")
-	flags.StringVarP(cmdFlags, &socketAddr, "socket-addr", "", socketAddr, "Address <host:port> or absolute path (default: /run/docker/plugins/rclone.sock)")
-	flags.IntVarP(cmdFlags, &socketGid, "socket-gid", "", socketGid, "GID for unix socket (default: current process GID)")
-	flags.BoolVarP(cmdFlags, &forgetState, "forget-state", "", forgetState, "Skip restoring previous state")
-	flags.BoolVarP(cmdFlags, &noSpec, "no-spec", "", noSpec, "Do not write spec file")
+	flags.StringVarP(cmdFlags, &baseDir, "base-dir", "", baseDir, "Base directory for volumes", "")
+	flags.StringVarP(cmdFlags, &socketAddr, "socket-addr", "", socketAddr, "Address <host:port> or absolute path (default: /run/docker/plugins/rclone.sock)", "")
+	flags.IntVarP(cmdFlags, &socketGid, "socket-gid", "", socketGid, "GID for unix socket (default: current process GID)", "")
+	flags.BoolVarP(cmdFlags, &forgetState, "forget-state", "", forgetState, "Skip restoring previous state", "")
+	flags.BoolVarP(cmdFlags, &noSpec, "no-spec", "", noSpec, "Do not write spec file", "")
 	// Add common mount/vfs flags
 	mountlib.AddFlags(cmdFlags)
 	vfsflags.AddFlags(cmdFlags)
@@ -47,9 +50,10 @@ func init() {
 var Command = &cobra.Command{
 	Use:   "docker",
 	Short: `Serve any remote on docker's volume plugin API.`,
-	Long:  strings.ReplaceAll(longHelp, "|", "`") + vfs.Help,
+	Long:  longHelp + vfs.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.56",
+		"groups":            "Filter",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(0, 0, command, args)
diff --git a/cmd/serve/docker/help.go b/cmd/serve/docker/docker.md
similarity index 67%
rename from cmd/serve/docker/help.go
rename to cmd/serve/docker/docker.md
index 531213dd059f6..853f5f954004e 100644
--- a/cmd/serve/docker/help.go
+++ b/cmd/serve/docker/docker.md
@@ -1,7 +1,3 @@
-package docker
-
-// Note: "|" will be replaced by backticks
-var longHelp = `
 This command implements the Docker volume plugin API allowing docker to use
 rclone as a data storage mechanism for various cloud providers.
 rclone provides [docker volume plugin](/docker) based on it.
@@ -12,32 +8,31 @@ docker daemon and runs the corresponding code when necessary.
 Docker plugins can run as a managed plugin under control of the docker daemon
 or as an independent native service. For testing, you can just run it directly
 from the command line, for example:
-|||
+```
 sudo rclone serve docker --base-dir /tmp/rclone-volumes --socket-addr localhost:8787 -vv
-|||
+```
 
-Running |rclone serve docker| will create the said socket, listening for
+Running `rclone serve docker` will create the said socket, listening for
 commands from Docker to create the necessary Volumes. Normally you need not
-give the |--socket-addr| flag. The API will listen on the unix domain socket
-at |/run/docker/plugins/rclone.sock|. In the example above rclone will create
-a TCP socket and a small file |/etc/docker/plugins/rclone.spec| containing
-the socket address. We use |sudo| because both paths are writeable only by
+give the `--socket-addr` flag. The API will listen on the unix domain socket
+at `/run/docker/plugins/rclone.sock`. In the example above rclone will create
+a TCP socket and a small file `/etc/docker/plugins/rclone.spec` containing
+the socket address. We use `sudo` because both paths are writeable only by
 the root user.
 
 If you later decide to change listening socket, the docker daemon must be
-restarted to reconnect to |/run/docker/plugins/rclone.sock|
-or parse new |/etc/docker/plugins/rclone.spec|. Until you restart, any
+restarted to reconnect to `/run/docker/plugins/rclone.sock`
+or parse new `/etc/docker/plugins/rclone.spec`. Until you restart, any
 volume related docker commands will timeout trying to access the old socket.
 Running directly is supported on **Linux only**, not on Windows or MacOS.
 This is not a problem with managed plugin mode described in details
 in the [full documentation](https://rclone.org/docker).
 
-The command will create volume mounts under the path given by |--base-dir|
-(by default |/var/lib/docker-volumes/rclone| available only to root)
-and maintain the JSON formatted file |docker-plugin.state| in the rclone cache
+The command will create volume mounts under the path given by `--base-dir`
+(by default `/var/lib/docker-volumes/rclone` available only to root)
+and maintain the JSON formatted file `docker-plugin.state` in the rclone cache
 directory with book-keeping records of created and mounted volumes.
 
 All mount and VFS options are submitted by the docker daemon via API, but
 you can also provide defaults on the command line as well as set path to the
 config file and cache directory or adjust logging verbosity.
-`
diff --git a/cmd/serve/ftp/ftp.go b/cmd/serve/ftp/ftp.go
index 28bd4325f5ed4..3c24c3583ccce 100644
--- a/cmd/serve/ftp/ftp.go
+++ b/cmd/serve/ftp/ftp.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	iofs "io/fs"
 	"net"
 	"os"
 	"os/user"
@@ -23,13 +24,14 @@ import (
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/accounting"
 	"github.com/rclone/rclone/fs/config/flags"
+	"github.com/rclone/rclone/fs/config/obscure"
 	"github.com/rclone/rclone/fs/log"
 	"github.com/rclone/rclone/fs/rc"
 	"github.com/rclone/rclone/vfs"
 	"github.com/rclone/rclone/vfs/vfsflags"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	ftp "goftp.io/server/core"
+	ftp "goftp.io/server/v2"
 )
 
 // Options contains options for the http Server
@@ -59,13 +61,13 @@ var Opt = DefaultOpt
 // AddFlags adds flags for ftp
 func AddFlags(flagSet *pflag.FlagSet) {
 	rc.AddOption("ftp", &Opt)
-	flags.StringVarP(flagSet, &Opt.ListenAddr, "addr", "", Opt.ListenAddr, "IPaddress:Port or :Port to bind server to")
-	flags.StringVarP(flagSet, &Opt.PublicIP, "public-ip", "", Opt.PublicIP, "Public IP address to advertise for passive connections")
-	flags.StringVarP(flagSet, &Opt.PassivePorts, "passive-port", "", Opt.PassivePorts, "Passive port range to use")
-	flags.StringVarP(flagSet, &Opt.BasicUser, "user", "", Opt.BasicUser, "User name for authentication")
-	flags.StringVarP(flagSet, &Opt.BasicPass, "pass", "", Opt.BasicPass, "Password for authentication (empty value allow every password)")
-	flags.StringVarP(flagSet, &Opt.TLSCert, "cert", "", Opt.TLSCert, "TLS PEM key (concatenation of certificate and CA certificate)")
-	flags.StringVarP(flagSet, &Opt.TLSKey, "key", "", Opt.TLSKey, "TLS PEM Private key")
+	flags.StringVarP(flagSet, &Opt.ListenAddr, "addr", "", Opt.ListenAddr, "IPaddress:Port or :Port to bind server to", "")
+	flags.StringVarP(flagSet, &Opt.PublicIP, "public-ip", "", Opt.PublicIP, "Public IP address to advertise for passive connections", "")
+	flags.StringVarP(flagSet, &Opt.PassivePorts, "passive-port", "", Opt.PassivePorts, "Passive port range to use", "")
+	flags.StringVarP(flagSet, &Opt.BasicUser, "user", "", Opt.BasicUser, "User name for authentication", "")
+	flags.StringVarP(flagSet, &Opt.BasicPass, "pass", "", Opt.BasicPass, "Password for authentication (empty value allow every password)", "")
+	flags.StringVarP(flagSet, &Opt.TLSCert, "cert", "", Opt.TLSCert, "TLS PEM key (concatenation of certificate and CA certificate)", "")
+	flags.StringVarP(flagSet, &Opt.TLSKey, "key", "", Opt.TLSKey, "TLS PEM Private key", "")
 }
 
 func init() {
@@ -101,6 +103,7 @@ You can set a single username and password with the --user and --pass flags.
 ` + vfs.Help + proxy.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.44",
+		"groups":            "Filter",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		var f fs.Fs
@@ -120,21 +123,23 @@ You can set a single username and password with the --user and --pass flags.
 	},
 }
 
-// server contains everything to run the server
-type server struct {
-	f      fs.Fs
-	srv    *ftp.Server
-	ctx    context.Context // for global config
-	opt    Options
-	vfs    *vfs.VFS
-	proxy  *proxy.Proxy
-	useTLS bool
+// driver contains everything to run the driver for the FTP server
+type driver struct {
+	f          fs.Fs
+	srv        *ftp.Server
+	ctx        context.Context // for global config
+	opt        Options
+	globalVFS  *vfs.VFS     // the VFS if not using auth proxy
+	proxy      *proxy.Proxy // may be nil if not in use
+	useTLS     bool
+	userPassMu sync.Mutex        // to protect userPass
+	userPass   map[string]string // cache of username => password when using vfs proxy
 }
 
 var passivePortsRe = regexp.MustCompile(`^\s*\d+\s*-\s*\d+\s*$`)
 
 // Make a new FTP to serve the remote
-func newServer(ctx context.Context, f fs.Fs, opt *Options) (*server, error) {
+func newServer(ctx context.Context, f fs.Fs, opt *Options) (*driver, error) {
 	host, port, err := net.SplitHostPort(opt.ListenAddr)
 	if err != nil {
 		return nil, errors.New("failed to parse host:port")
@@ -144,54 +149,59 @@ func newServer(ctx context.Context, f fs.Fs, opt *Options) (*server, error) {
 		return nil, errors.New("failed to parse host:port")
 	}
 
-	s := &server{
+	d := &driver{
 		f:   f,
 		ctx: ctx,
 		opt: *opt,
 	}
 	if proxyflags.Opt.AuthProxy != "" {
-		s.proxy = proxy.New(ctx, &proxyflags.Opt)
+		d.proxy = proxy.New(ctx, &proxyflags.Opt)
+		d.userPass = make(map[string]string, 16)
 	} else {
-		s.vfs = vfs.New(f, &vfsflags.Opt)
+		d.globalVFS = vfs.New(f, &vfsflags.Opt)
 	}
-	s.useTLS = s.opt.TLSKey != ""
+	d.useTLS = d.opt.TLSKey != ""
 
 	// Check PassivePorts format since the server library doesn't!
 	if !passivePortsRe.MatchString(opt.PassivePorts) {
 		return nil, fmt.Errorf("invalid format for passive ports %q", opt.PassivePorts)
 	}
 
-	ftpopt := &ftp.ServerOpts{
+	ftpopt := &ftp.Options{
 		Name:           "Rclone FTP Server",
 		WelcomeMessage: "Welcome to Rclone " + fs.Version + " FTP Server",
-		Factory:        s, // implemented by NewDriver method
+		Driver:         d,
 		Hostname:       host,
 		Port:           portNum,
 		PublicIP:       opt.PublicIP,
 		PassivePorts:   opt.PassivePorts,
-		Auth:           s, // implemented by CheckPasswd method
+		Auth:           d,
+		Perm:           ftp.NewSimplePerm("ftp", "ftp"), // fake user and group
 		Logger:         &Logger{},
-		TLS:            s.useTLS,
-		CertFile:       s.opt.TLSCert,
-		KeyFile:        s.opt.TLSKey,
+		TLS:            d.useTLS,
+		CertFile:       d.opt.TLSCert,
+		KeyFile:        d.opt.TLSKey,
 		//TODO implement a maximum of https://godoc.org/goftp.io/server#ServerOpts
 	}
-	s.srv = ftp.NewServer(ftpopt)
-	return s, nil
+	d.srv, err = ftp.NewServer(ftpopt)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create new FTP server: %w", err)
+	}
+	return d, nil
 }
 
 // serve runs the ftp server
-func (s *server) serve() error {
-	fs.Logf(s.f, "Serving FTP on %s", s.srv.Hostname+":"+strconv.Itoa(s.srv.Port))
-	return s.srv.ListenAndServe()
+func (d *driver) serve() error {
+	fs.Logf(d.f, "Serving FTP on %s", d.srv.Hostname+":"+strconv.Itoa(d.srv.Port))
+	return d.srv.ListenAndServe()
 }
 
 // close stops the ftp server
 //
 //lint:ignore U1000 unused when not building linux
-func (s *server) close() error {
-	fs.Logf(s.f, "Stopping FTP on %s", s.srv.Hostname+":"+strconv.Itoa(s.srv.Port))
-	return s.srv.Shutdown()
+func (d *driver) close() error {
+	fs.Logf(d.f, "Stopping FTP on %s", d.srv.Hostname+":"+strconv.Itoa(d.srv.Port))
+	return d.srv.Shutdown()
 }
 
 // Logger ftp logger output formatted message
@@ -222,44 +232,26 @@ func (l *Logger) PrintResponse(sessionID string, code int, message string) {
 }
 
 // CheckPasswd handle auth based on configuration
-//
-// This is not used - the one in Driver should be called instead
-func (s *server) CheckPasswd(user, pass string) (ok bool, err error) {
-	err = errors.New("internal error: server.CheckPasswd should never be called")
-	fs.Errorf(nil, "Error: %v", err)
-	return false, err
-}
-
-// NewDriver starts a new session for each client connection
-func (s *server) NewDriver() (ftp.Driver, error) {
-	log.Trace("", "Init driver")("")
-	d := &Driver{
-		s:   s,
-		vfs: s.vfs, // this can be nil if proxy set
-	}
-	return d, nil
-}
-
-// Driver implementation of ftp server
-type Driver struct {
-	s    *server
-	vfs  *vfs.VFS
-	lock sync.Mutex
-}
-
-// CheckPasswd handle auth based on configuration
-func (d *Driver) CheckPasswd(user, pass string) (ok bool, err error) {
-	s := d.s
-	if s.proxy != nil {
-		var VFS *vfs.VFS
-		VFS, _, err = s.proxy.Call(user, pass, false)
+func (d *driver) CheckPasswd(sctx *ftp.Context, user, pass string) (ok bool, err error) {
+	if d.proxy != nil {
+		_, _, err = d.proxy.Call(user, pass, false)
 		if err != nil {
 			fs.Infof(nil, "proxy login failed: %v", err)
 			return false, nil
 		}
-		d.vfs = VFS
+		// Cache obscured password for later lookup.
+		//
+		// We don't cache the VFS directly in the driver as we want them
+		// to be expired and the auth proxy does that for us.
+		oPass, err := obscure.Obscure(pass)
+		if err != nil {
+			return false, err
+		}
+		d.userPassMu.Lock()
+		d.userPass[user] = oPass
+		d.userPassMu.Unlock()
 	} else {
-		ok = s.opt.BasicUser == user && (s.opt.BasicPass == "" || s.opt.BasicPass == pass)
+		ok = d.opt.BasicUser == user && (d.opt.BasicPass == "" || d.opt.BasicPass == pass)
 		if !ok {
 			fs.Infof(nil, "login failed: bad credentials")
 			return false, nil
@@ -268,22 +260,52 @@ func (d *Driver) CheckPasswd(user, pass string) (ok bool, err error) {
 	return true, nil
 }
 
+// Get the VFS for this connection
+func (d *driver) getVFS(sctx *ftp.Context) (VFS *vfs.VFS, err error) {
+	if d.proxy == nil {
+		// If no proxy always use the same VFS
+		return d.globalVFS, nil
+	}
+	user := sctx.Sess.LoginUser()
+	d.userPassMu.Lock()
+	oPass, ok := d.userPass[user]
+	d.userPassMu.Unlock()
+	if !ok {
+		return nil, fmt.Errorf("proxy user not logged in")
+	}
+	pass, err := obscure.Reveal(oPass)
+	if err != nil {
+		return nil, err
+	}
+	VFS, _, err = d.proxy.Call(user, pass, false)
+	if err != nil {
+		return nil, fmt.Errorf("proxy login failed: %w", err)
+	}
+	return VFS, nil
+}
+
 // Stat get information on file or folder
-func (d *Driver) Stat(path string) (fi ftp.FileInfo, err error) {
+func (d *driver) Stat(sctx *ftp.Context, path string) (fi iofs.FileInfo, err error) {
 	defer log.Trace(path, "")("fi=%+v, err = %v", &fi, &err)
-	n, err := d.vfs.Stat(path)
+	VFS, err := d.getVFS(sctx)
 	if err != nil {
 		return nil, err
 	}
-	return &FileInfo{n, n.Mode(), d.vfs.Opt.UID, d.vfs.Opt.GID}, err
+	n, err := VFS.Stat(path)
+	if err != nil {
+		return nil, err
+	}
+	return &FileInfo{n, n.Mode(), VFS.Opt.UID, VFS.Opt.GID}, err
 }
 
 // ChangeDir move current folder
-func (d *Driver) ChangeDir(path string) (err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
+func (d *driver) ChangeDir(sctx *ftp.Context, path string) (err error) {
 	defer log.Trace(path, "")("err = %v", &err)
-	n, err := d.vfs.Stat(path)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return err
+	}
+	n, err := VFS.Stat(path)
 	if err != nil {
 		return err
 	}
@@ -294,11 +316,13 @@ func (d *Driver) ChangeDir(path string) (err error) {
 }
 
 // ListDir list content of a folder
-func (d *Driver) ListDir(path string, callback func(ftp.FileInfo) error) (err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
+func (d *driver) ListDir(sctx *ftp.Context, path string, callback func(iofs.FileInfo) error) (err error) {
 	defer log.Trace(path, "")("err = %v", &err)
-	node, err := d.vfs.Stat(path)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return err
+	}
+	node, err := VFS.Stat(path)
 	if err == vfs.ENOENT {
 		return errors.New("directory not found")
 	} else if err != nil {
@@ -317,11 +341,11 @@ func (d *Driver) ListDir(path string, callback func(ftp.FileInfo) error) (err er
 	// Account the transfer
 	tr := accounting.GlobalStats().NewTransferRemoteSize(path, node.Size())
 	defer func() {
-		tr.Done(d.s.ctx, err)
+		tr.Done(d.ctx, err)
 	}()
 
 	for _, file := range dirEntries {
-		err = callback(&FileInfo{file, file.Mode(), d.vfs.Opt.UID, d.vfs.Opt.GID})
+		err = callback(&FileInfo{file, file.Mode(), VFS.Opt.UID, VFS.Opt.GID})
 		if err != nil {
 			return err
 		}
@@ -330,11 +354,13 @@ func (d *Driver) ListDir(path string, callback func(ftp.FileInfo) error) (err er
 }
 
 // DeleteDir delete a folder and his content
-func (d *Driver) DeleteDir(path string) (err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
+func (d *driver) DeleteDir(sctx *ftp.Context, path string) (err error) {
 	defer log.Trace(path, "")("err = %v", &err)
-	node, err := d.vfs.Stat(path)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return err
+	}
+	node, err := VFS.Stat(path)
 	if err != nil {
 		return err
 	}
@@ -349,11 +375,13 @@ func (d *Driver) DeleteDir(path string) (err error) {
 }
 
 // DeleteFile delete a file
-func (d *Driver) DeleteFile(path string) (err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
+func (d *driver) DeleteFile(sctx *ftp.Context, path string) (err error) {
 	defer log.Trace(path, "")("err = %v", &err)
-	node, err := d.vfs.Stat(path)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return err
+	}
+	node, err := VFS.Stat(path)
 	if err != nil {
 		return err
 	}
@@ -368,19 +396,23 @@ func (d *Driver) DeleteFile(path string) (err error) {
 }
 
 // Rename rename a file or folder
-func (d *Driver) Rename(oldName, newName string) (err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
+func (d *driver) Rename(sctx *ftp.Context, oldName, newName string) (err error) {
 	defer log.Trace(oldName, "newName=%q", newName)("err = %v", &err)
-	return d.vfs.Rename(oldName, newName)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return err
+	}
+	return VFS.Rename(oldName, newName)
 }
 
 // MakeDir create a folder
-func (d *Driver) MakeDir(path string) (err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
+func (d *driver) MakeDir(sctx *ftp.Context, path string) (err error) {
 	defer log.Trace(path, "")("err = %v", &err)
-	dir, leaf, err := d.vfs.StatParent(path)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return err
+	}
+	dir, leaf, err := VFS.StatParent(path)
 	if err != nil {
 		return err
 	}
@@ -389,11 +421,13 @@ func (d *Driver) MakeDir(path string) (err error) {
 }
 
 // GetFile download a file
-func (d *Driver) GetFile(path string, offset int64) (size int64, fr io.ReadCloser, err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
+func (d *driver) GetFile(sctx *ftp.Context, path string, offset int64) (size int64, fr io.ReadCloser, err error) {
 	defer log.Trace(path, "offset=%v", offset)("err = %v", &err)
-	node, err := d.vfs.Stat(path)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return 0, nil, err
+	}
+	node, err := VFS.Stat(path)
 	if err == vfs.ENOENT {
 		fs.Infof(path, "File not found")
 		return 0, nil, errors.New("file not found")
@@ -415,22 +449,25 @@ func (d *Driver) GetFile(path string, offset int64) (size int64, fr io.ReadClose
 
 	// Account the transfer
 	tr := accounting.GlobalStats().NewTransferRemoteSize(path, node.Size())
-	defer tr.Done(d.s.ctx, nil)
+	defer tr.Done(d.ctx, nil)
 
 	return node.Size(), handle, nil
 }
 
 // PutFile upload a file
-func (d *Driver) PutFile(path string, data io.Reader, appendData bool) (n int64, err error) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
-	defer log.Trace(path, "append=%v", appendData)("err = %v", &err)
+func (d *driver) PutFile(sctx *ftp.Context, path string, data io.Reader, offset int64) (n int64, err error) {
+	defer log.Trace(path, "offset=%d", offset)("err = %v", &err)
+
 	var isExist bool
-	node, err := d.vfs.Stat(path)
+	VFS, err := d.getVFS(sctx)
+	if err != nil {
+		return 0, err
+	}
+	fi, err := VFS.Stat(path)
 	if err == nil {
 		isExist = true
-		if node.IsDir() {
-			return 0, errors.New("a dir has the same name")
+		if fi.IsDir() {
+			return 0, errors.New("can't create file - directory exists")
 		}
 	} else {
 		if os.IsNotExist(err) {
@@ -440,41 +477,51 @@ func (d *Driver) PutFile(path string, data io.Reader, appendData bool) (n int64,
 		}
 	}
 
-	if appendData && !isExist {
-		appendData = false
+	if offset > -1 && !isExist {
+		offset = -1
 	}
 
-	if !appendData {
+	var f vfs.Handle
+
+	if offset == -1 {
 		if isExist {
-			err = node.Remove()
+			err = VFS.Remove(path)
 			if err != nil {
 				return 0, err
 			}
 		}
-		f, err := d.vfs.OpenFile(path, os.O_RDWR|os.O_CREATE, 0660)
+		f, err = VFS.Create(path)
 		if err != nil {
 			return 0, err
 		}
-		defer closeIO(path, f)
-		bytes, err := io.Copy(f, data)
+		defer fs.CheckClose(f, &err)
+		n, err = io.Copy(f, data)
 		if err != nil {
 			return 0, err
 		}
-		return bytes, nil
+		return n, nil
 	}
 
-	of, err := d.vfs.OpenFile(path, os.O_APPEND|os.O_RDWR, 0660)
+	f, err = VFS.OpenFile(path, os.O_APPEND|os.O_RDWR, 0660)
 	if err != nil {
 		return 0, err
 	}
-	defer closeIO(path, of)
+	defer fs.CheckClose(f, &err)
 
-	_, err = of.Seek(0, os.SEEK_END)
+	info, err := f.Stat()
 	if err != nil {
 		return 0, err
 	}
+	if offset > info.Size() {
+		return 0, fmt.Errorf("offset %d is beyond file size %d", offset, info.Size())
+	}
 
-	bytes, err := io.Copy(of, data)
+	_, err = f.Seek(offset, io.SeekStart)
+	if err != nil {
+		return 0, err
+	}
+
+	bytes, err := io.Copy(f, data)
 	if err != nil {
 		return 0, err
 	}
@@ -520,10 +567,3 @@ func (f *FileInfo) Group() string {
 func (f *FileInfo) ModTime() time.Time {
 	return f.FileInfo.ModTime().UTC()
 }
-
-func closeIO(path string, c io.Closer) {
-	err := c.Close()
-	if err != nil {
-		log.Trace(path, "")("err = %v", &err)
-	}
-}
diff --git a/cmd/serve/ftp/ftp_test.go b/cmd/serve/ftp/ftp_test.go
index 6ac0d344ceefa..59fd59b8de10f 100644
--- a/cmd/serve/ftp/ftp_test.go
+++ b/cmd/serve/ftp/ftp_test.go
@@ -18,7 +18,7 @@ import (
 	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/fs/config/obscure"
 	"github.com/stretchr/testify/assert"
-	ftp "goftp.io/server/core"
+	ftp "goftp.io/server/v2"
 )
 
 const (
diff --git a/cmd/serve/http/data/assets_generate.go b/cmd/serve/http/data/assets_generate.go
deleted file mode 100644
index 6196ba206d450..0000000000000
--- a/cmd/serve/http/data/assets_generate.go
+++ /dev/null
@@ -1,23 +0,0 @@
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"log"
-	"net/http"
-
-	"github.com/shurcooL/vfsgen"
-)
-
-func main() {
-	var AssetDir http.FileSystem = http.Dir("./templates")
-	err := vfsgen.Generate(AssetDir, vfsgen.Options{
-		PackageName:  "data",
-		BuildTags:    "!dev",
-		VariableName: "Assets",
-	})
-	if err != nil {
-		log.Fatalln(err)
-	}
-}
diff --git a/cmd/serve/http/data/assets_vfsdata.go b/cmd/serve/http/data/assets_vfsdata.go
deleted file mode 100644
index 69bc52ef763f9..0000000000000
--- a/cmd/serve/http/data/assets_vfsdata.go
+++ /dev/null
@@ -1,186 +0,0 @@
-// Code generated by vfsgen; DO NOT EDIT.
-
-//go:build !dev
-// +build !dev
-
-package data
-
-import (
-	"bytes"
-	"compress/gzip"
-	"fmt"
-	"io"
-	"net/http"
-	"os"
-	pathpkg "path"
-	"time"
-)
-
-// Assets statically implements the virtual filesystem provided to vfsgen.
-var Assets = func() http.FileSystem {
-	fs := vfsgen۰FS{
-		"/": &vfsgen۰DirInfo{
-			name:    "/",
-			modTime: time.Date(2020, 5, 5, 16, 40, 6, 115915195, time.UTC),
-		},
-		"/index.html": &vfsgen۰CompressedFileInfo{
-			name:             "index.html",
-			modTime:          time.Date(2020, 5, 5, 16, 40, 5, 919909715, time.UTC),
-			uncompressedSize: 15424,
-
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xbc\x7b\x6d\x73\xdb\x46\xf2\xe7\x6b\xe9\x53\x4c\x98\xcd\x8a\x4a\xc0\xe1\x3c\x3f\x48\xa4\xf6\x6c\xc6\x59\xbb\x56\x71\x52\xb1\x9d\xad\x6c\x2a\x2f\x20\x62\x48\xe2\x0c\x02\x0c\x00\xea\xc1\x3a\x55\xdd\x87\xb8\x4f\x78\x9f\xe4\xaa\x67\x00\x12\x90\x28\x27\x7b\xf5\xdf\xbf\xec\xa2\x80\x9e\x99\x9e\x7e\xf8\x75\x4f\x37\x08\x4d\xbe\x18\x8d\xd0\xf1\x78\x8c\x66\xc5\xe6\xae\x4c\x97\xab\x1a\x31\x42\x25\xfa\x3e\xae\xeb\x95\xbb\x41\xaf\x8b\xac\x46\x71\x9e\xa0\xf7\x2b\x87\x66\x71\x92\xdc\xa1\x17\xdb\x7a\x55\x94\xd5\xf1\x78\x0c\xeb\x2e\xd3\xb9\xcb\x2b\x97\xa0\x6d\x9e\xb8\x12\xd5\x2b\x87\x5e\x6c\xe2\xf9\xca\xb5\x23\x11\xfa\xd9\x95\x55\x5a\xe4\x88\x61\x82\x86\x30\x61\xd0\x0c\x0d\x4e\xcf\x81\xc5\x5d\xb1\x45\xeb\xf8\x0e\xe5\x45\x8d\xb6\x95\x43\xf5\x2a\xad\xd0\x22\xcd\x1c\x72\xb7\x73\xb7\xa9\x51\x9a\xa3\x79\xb1\xde\x64\x69\x9c\xcf\x1d\xba\x49\xeb\x95\xdf\xa7\xe1\x82\x81\xc7\x2f\x0d\x8f\xe2\xaa\x8e\xd3\x1c\xc5\x68\x5e\x6c\xee\x50\xb1\xe8\x4e\x44\x71\xdd\x08\x0d\x3f\xab\xba\xde\x9c\x8d\xc7\x37\x37\x37\x38\xf6\x02\xe3\xa2\x5c\x8e\xb3\x30\xb5\x1a\x5f\xbe\x99\xbd\x7a\xfb\xee\xd5\x88\x61\xd2\x2c\xfa\x90\x67\xae\xaa\x50\xe9\x7e\xdf\xa6\xa5\x4b\xd0\xd5\x1d\x8a\x37\x9b\x2c\x9d\xc7\x57\x99\x43\x59\x7c\x83\x8a\x12\xc5\xcb\xd2\xb9\x04\xd5\x05\x08\x7d\x53\xa6\x75\x9a\x2f\x23\x54\x15\x8b\xfa\x26\x2e\x1d\xb0\x49\xd2\xaa\x2e\xd3\xab\x6d\xdd\xb3\x59\x2b\x62\x5a\xf5\x26\x14\x39\x8a\x73\x34\x78\xf1\x0e\xbd\x79\x37\x40\x2f\x5f\xbc\x7b\xf3\x2e\x02\x26\xff\x7c\xf3\xfe\xf5\x0f\x1f\xde\xa3\x7f\xbe\xf8\xe9\xa7\x17\x6f\xdf\xbf\x79\xf5\x0e\xfd\xf0\x13\x9a\xfd\xf0\xf6\xdb\x37\xef\xdf\xfc\xf0\xf6\x1d\xfa\xe1\x3b\xf4\xe2\xed\x2f\xe8\x1f\x6f\xde\x7e\x1b\x21\x97\xd6\x2b\x57\x22\x77\xbb\x29\x41\x83\xa2\x44\x29\x58\xd3\x25\xde\x74\xef\x9c\xeb\x89\xb0\x28\x82\x48\xd5\xc6\xcd\xd3\x45\x3a\x47\x59\x9c\x2f\xb7\xf1\xd2\xa1\x65\x71\xed\xca\x3c\xcd\x97\x68\xe3\xca\x75\x5a\x81\x57\x2b\x40\x07\xb0\xc9\xd2\x75\x5a\xc7\xb5\x27\x3d\xd1\x0b\xa3\xe3\xef\x8b\x04\xb8\x85\x19\x67\x08\xbd\x48\xe2\x4d\x1d\x4c\x55\xce\xb3\x22\x77\x68\x1d\x97\x1f\xb7\x1b\x34\x1a\x5d\x1c\x1f\x4f\xbe\xf8\xf6\x87\xd9\xfb\x5f\x7e\x7c\x85\x56\xf5\x3a\xbb\x38\x9e\x84\x5f\x47\x93\x95\x8b\x93\x8b\xe3\xa3\xa3\x49\x9d\xd6\x99\xbb\xb8\xbf\x87\x01\x84\xdf\xc6\x6b\xf7\xf0\x30\x19\x07\x2a\x8c\xaf\x5d\x1d\xa3\xf9\x2a\x2e\x2b\x57\x4f\x07\xdb\x7a\x31\x32\x83\xfd\x40\x1e\xaf\xdd\x74\x70\x9d\xba\x9b\x4d\x51\xd6\x03\x34\x2f\xf2\xda\xe5\xf5\x74\x70\x93\x26\xf5\x6a\x9a\xb8\xeb\x74\xee\x46\xfe\x26\x42\x69\x9e\xd6\x69\x9c\x8d\xaa\x79\x9c\xb9\x29\xc5\xe4\x09\xa3\x65\x51\x2c\x33\xd7\x61\x93\x17\x75\x19\xe7\x55\x16\xd7\x6e\x70\x71\x3c\xa9\xea\x3b\x10\xeb\x6b\x74\x8f\x36\x71\x92\xa4\xf9\xf2\x0c\x91\x73\xd0\x78\x99\xe6\xfe\xf2\xe1\xf8\xaa\x48\xee\xd0\xfd\xf1\xd1\xa2\xc8\xeb\xd1\x22\x5e\xa7\xd9\xdd\x19\xaa\xe2\xbc\x1a\x55\xae\x4c\x17\xe7\xc7\x47\xb5\xbb\xad\x47\xa5\x03\xe3\x7a\x0e\xc5\xa6\x4e\xd7\xe9\x27\x57\x6d\x9c\x4b\xce\x8f\x8f\xae\xe2\xf9\xc7\x65\x59\x6c\xf3\x64\x34\x2f\xb2\xa2\x3c\x43\x5f\x2e\xfc\xcf\xf9\xf1\xc3\x71\x0c\xbc\x5b\x32\x21\xca\x25\xbc\x65\x99\xb8\x79\x51\x7a\xc7\x9c\xa1\xbc\xc8\x9d\x9f\x7e\xb6\x02\x6f\x47\xc7\x2b\x8a\x9a\xeb\x2e\x03\x4e\xed\x3c\xf0\x05\x87\xc0\xbc\x2f\xab\xed\x7a\x1d\x97\x5e\x85\x46\xc7\x51\xe6\x16\xf5\x19\x92\x5f\x9d\xef\x49\x3e\xc7\x04\xda\xc3\x71\xbd\x3a\x5b\xa4\x65\x55\x8f\xe6\xab\x34\x4b\xa2\xe3\x3a\xe9\xde\x03\x27\xef\x81\x33\x44\xbf\x3a\x47\xe3\xaf\x51\x0d\x8b\x5d\xe9\x21\xba\x2e\xae\x20\x45\x7c\x3d\x0e\x7c\xb2\xb8\xc7\x66\x7f\xfb\xe7\xb9\x04\x4d\xba\xf2\xd7\xc5\xe6\x0c\x31\xb9\xb9\xed\x28\x70\x55\xd4\x75\xb1\x3e\x43\x34\x90\x0f\xd9\x9c\xc1\x3f\x6f\x1b\xba\x73\x68\x95\x7e\x72\x67\x88\x11\xbf\xc8\x53\x6e\x5c\x30\x45\x5e\x94\xeb\x38\x3b\x3f\x3e\xba\x59\xa5\xb5\x1b\x55\x9b\x78\xee\x80\x7a\x53\xc6\x9b\xf3\xe3\x23\xb0\xfc\x22\x2b\x6e\x46\xb7\x67\x68\x95\x26\x89\xcb\x5b\xb7\xb5\x23\x67\xc8\x65\x59\xba\xa9\xd2\xea\x7c\xef\x20\x6b\x6d\x23\xc1\x23\xc7\x93\xf3\xe3\xa3\x1d\xee\x90\x00\x79\x1e\x1e\x39\xf9\x09\x28\x7c\x3c\x67\x69\x40\x86\x9f\xfb\xc8\x4d\x7b\x20\x1f\x3f\x1c\xaf\x21\x03\xdf\x1f\x1f\x25\x69\xb5\xc9\xe2\xbb\x33\x74\x95\x15\xf3\x8f\x30\x82\x7d\xc8\xf4\x4d\x42\xd9\xde\x24\x2d\xea\x7f\x76\x65\x12\xe7\x71\xd4\x87\xff\x55\x51\x26\xae\xdc\x3b\x60\x73\x8b\xaa\x22\x4b\x13\xf4\xa5\x9d\xc1\xbf\xf3\x47\x8e\xa3\xe4\xb0\xe3\x48\xd0\xd9\x0b\x33\x4a\x6b\xb7\xde\x6b\xd0\xc2\x93\xba\x35\x4c\xf9\x72\x91\x66\x75\x0f\x12\x67\xc1\x62\x8d\x2c\x3d\x21\x66\xb3\x99\xc7\xb4\x3f\x0e\x3a\xa0\x23\xe4\xab\xbd\xf0\xf3\x22\xcb\xe2\x4d\xe5\xce\x50\x7b\xe5\xd7\xf8\x2d\x0e\xe8\x97\xc4\xd5\xca\x25\xe8\xcb\x24\x86\x7f\x7e\xaa\x4f\x13\x75\xb9\xf7\xd6\x33\x51\xef\xe6\x21\xc2\x20\x1c\x76\x4e\x8d\xb3\x74\x99\x9f\x21\x88\xcb\xf3\x8e\x4e\x60\x12\x04\x7e\x80\xf0\x98\xad\xe2\x7c\xe9\x12\xb4\x28\x8b\x35\x22\x90\x9f\x59\x1b\x65\x4f\x62\xe3\xb3\x26\xee\x79\x59\x79\xca\x41\x88\x7b\xce\x5d\x94\x5e\x65\x71\xc0\x4b\xbd\x42\xd5\xf5\x12\x46\xae\x5d\x59\xa7\xf3\x38\x6b\x35\x58\xa7\x49\x92\x05\xdb\x85\x08\x3f\x18\x3b\x5d\x01\x1a\xa4\xd7\xc9\x59\x5e\xaf\x02\x72\x87\xec\xb4\xe3\x28\x43\xbe\x7a\x32\x81\x9f\xf6\x7c\x4f\x7c\x00\x37\xbf\x9a\x04\xb6\x9f\x2c\x4e\xa3\xfe\x6a\x71\xfa\xd8\xf0\x1e\x5e\x87\xc4\x68\xd4\xdc\x14\x55\x1a\x42\x2e\xbe\xaa\x8a\x6c\x5b\xb7\x2a\x62\x38\x67\xbc\x2b\xf1\xb2\xd8\x6e\x3a\x88\x0d\x39\x96\x62\x2d\x01\xb3\x47\x37\x45\x99\x8c\xae\x4a\x17\x7f\x3c\x43\xfe\xd7\x28\xce\xb2\x6e\x1a\x01\xd3\xb4\x43\x30\xf9\xb1\x57\x36\xa5\x1b\xb5\x7e\xc1\xe9\xbc\xc8\x9f\x46\x87\x6c\x02\x08\x46\x71\x55\x94\x75\x2f\xda\xd3\x1c\x32\xc5\xa8\x09\xfa\x5d\x18\x78\xe9\x56\xae\x13\x5f\x1d\x6d\x4b\x97\xc5\x75\x7a\xed\x20\xb5\x01\xae\x30\x0b\x01\xd8\xd9\x02\xd7\xc5\xe6\x39\x13\x1d\x05\x23\x90\x76\xf9\x88\x3e\x91\x10\x07\x6c\x3e\xcb\xa1\x85\x6e\x58\xba\x67\xf8\x70\xbc\x28\x8a\x27\x39\xc0\xc7\xcb\x53\x90\x87\x54\xd6\x75\xf8\xdc\xe5\xb5\x2b\x81\xcd\xff\x58\xbb\x24\x8d\xd1\x70\x1d\xdf\x8e\x1a\x9b\x28\x42\x36\xb7\x80\x91\xf1\xd7\x47\x78\x95\x26\xae\x4d\x1d\x7b\x63\x86\xe3\xf8\xe8\x01\x95\x6e\x5d\x5c\x87\x72\xe9\xa3\x73\x1b\x94\xc4\xb5\xab\xa0\x3e\xdc\x9f\x60\x47\x07\xb0\xdd\x9a\x3f\xde\xd6\x05\xf0\x39\x3e\xea\x41\x96\x9f\x46\x8f\x96\x05\xc4\x1f\x3a\xae\x8f\x0e\x21\x19\x38\x86\x53\xee\xd1\x11\x13\xe8\x3e\xaa\xbb\xa7\x03\xd0\x3b\x59\xf5\xa8\x63\x0d\x4a\x82\x41\x1f\x8e\x1f\x8e\x27\xe3\xa6\x62\x3a\x9a\x8c\x9b\x8a\x6f\xe2\x13\x5f\x91\x67\x45\x9c\x4c\x4f\x02\x8b\xe1\xe9\x79\x5d\x2c\x97\x99\x1b\x0e\x7c\xee\x1c\x9c\x9e\xcf\x7d\xf6\x7a\x97\x7e\x72\xc3\xd3\x13\x5f\xa6\x41\x68\x5d\x87\x16\x64\x3a\xa0\x98\x0e\xd0\xed\x3a\xcb\xab\xe9\xa0\xd3\x01\xdc\x70\x5f\xfd\x33\x42\xc8\xb8\xba\x5e\x36\x53\xce\x6e\xb3\x34\xff\x78\x68\x22\xb5\xd6\x8e\xfd\xe8\x00\x05\x4c\x4f\x07\x64\x80\x42\xf1\x08\x57\x5e\xfc\xe9\xe0\x00\xd4\x7c\xed\x78\x34\x49\xdc\xa2\xf2\x57\x47\xbe\x05\xfb\xae\xc8\xa0\xf6\x80\xda\xd7\xd3\x96\x28\x4d\xa6\x83\x85\xa7\x0e\xa0\x19\xca\x46\xe5\x16\x38\xe6\x45\xfe\xc9\x95\x45\xa0\xf9\x5b\x17\x38\x1e\x1d\x4d\x36\x71\xbd\x42\xc9\x74\xf0\x3d\x33\x12\x33\x86\xb8\xc6\x52\xae\x46\x54\x30\xac\x2e\x29\x25\xd8\x22\xf2\x9a\x53\xac\x67\x54\x60\x26\x11\x41\x04\x51\x05\xd4\x30\xf5\x5a\x4b\x4c\x57\x1c\x48\xec\x67\xb8\x9e\x93\x11\x23\x58\xc9\x11\xcc\x57\x23\x3f\x69\x04\x0c\xc2\xe5\xa7\x56\x8a\x2f\xbf\xfb\xee\x05\x21\x64\x30\x7e\x56\x12\xd5\xdd\x97\x2b\x44\x90\x24\x98\x19\x44\x90\xd2\x58\x8b\x6b\x2a\x0d\xd6\x73\x82\xa8\xc6\x42\x23\xbf\x1d\x82\x15\xd2\x7f\x86\xcb\xd7\x9e\xd9\x1c\xa6\x08\x10\x19\xe4\xa0\x02\xf3\x70\xe5\xa7\xfc\x0c\xdc\xe4\x9c\x8c\x3c\x9f\x56\x6c\x18\x19\xed\x27\x75\xc5\x9e\xbd\x60\xa6\x15\x7b\x32\x5e\x1e\xb0\xfe\xa8\x5a\x15\x65\x3d\xdf\xd6\xe0\xd4\xb2\xf8\xe8\x1a\xa3\x37\x77\xa3\xc6\xe7\xb4\xe7\x91\xae\xc7\xdc\xb5\xcb\x8b\x24\xd9\x79\xe9\x20\xf3\x11\x9c\xe0\x9b\x83\x9e\x6e\xd6\x3d\xb7\xb0\x5a\xc5\x9b\x1d\x04\x9e\x9a\x5e\x18\xad\x22\xf0\x96\x30\xca\x12\x86\x2e\x3d\x1a\x28\x13\xdc\xf4\xc9\x00\x0f\x46\xb4\x91\x11\x41\x97\x9c\x62\x65\xa9\x92\xcc\x46\x04\x79\xaf\x35\x4b\x08\x22\x11\x55\xd8\x58\x65\x29\x51\x88\xf4\x78\x90\x88\x52\x86\x95\x50\x44\x53\xe0\xa1\x70\xc3\xe3\x19\xb2\x96\x98\x58\xcd\x0d\x91\x68\xd6\x21\x4b\x81\x85\x90\x8a\x10\x83\x38\x61\x58\x49\xc9\x8c\xec\x6e\x74\x58\xb3\x7f\x0d\xbc\x7d\xde\x79\x7b\x3c\x02\xe6\xc5\x64\x0c\x76\xf9\x03\x2b\xa9\x9e\xe2\x5c\xf5\x34\x07\xd0\x46\x1e\xb4\xdc\x48\x65\x10\x89\x3c\x72\xa9\x25\xdc\x82\xea\x8c\x29\x2c\x24\x15\x4c\xa0\x19\x89\x98\xe0\xd8\x12\x2b\x34\x45\x1d\x1e\x4c\x1a\x4c\x2d\xe7\xcc\xa0\xce\x46\x1d\xea\x65\x47\x9c\x0e\x79\xd6\xb1\x43\x8f\xc7\xce\x66\x9d\xfd\xba\xd4\xbd\x4c\x5d\xbb\x77\x04\xef\xd9\x7d\xaf\x5c\xd7\xee\x0a\xf5\x6d\xf4\x8c\x9d\x7d\x24\x3d\xb2\xf3\x2e\xa2\xba\x16\xa7\x4c\x61\x2a\x05\xe5\x22\x62\x92\x60\x29\x2d\x35\x02\xcd\x80\x6c\x24\xb1\x1a\xc8\x14\x1b\xc3\x95\xe6\x88\x32\x8d\x39\x21\x52\x80\x99\x38\x26\x44\x51\xc6\x3c\x55\x6b\xa6\x08\x8b\x98\x14\x98\x06\xea\x8c\x32\x83\x85\xb2\x42\x00\x59\x62\xd6\x4e\x36\xd8\x52\x4b\x28\x98\x54\x61\x4a\x04\x31\x40\xb5\x58\x71\xc3\x39\x58\x54\x63\x42\x18\x11\x14\xcd\x28\xf7\x12\x59\xc5\xbc\xa1\x39\x53\x92\x53\x44\x21\x6f\x30\x63\x24\x4c\xb6\x88\x72\x8e\x29\x21\x44\x6a\x7f\x3b\xa3\x5c\x60\x61\xb9\xe6\xba\x19\x96\x58\x50\xc9\x95\xf0\x3c\xa4\xa4\x84\x21\xca\x15\xa6\x94\x31\x22\xfc\x7e\x4a\x4b\xe9\xb7\x53\xd8\x10\x4b\x84\xe8\x4a\x41\xb9\xc6\x4c\x1a\x45\xad\xd7\xc3\x1e\xa0\x0a\x2c\x75\xcb\xa2\x43\x06\x10\x04\xf5\xba\x54\x86\xcd\x9e\x4a\x38\x37\x9c\x79\x1b\x0b\xa9\xa9\xe0\x41\x0a\x6d\x94\x54\x2a\x62\xc2\x62\x4b\x0c\x55\xdc\x4b\x2c\x15\xd5\xda\x7a\x2a\xf1\xb6\xe8\x53\x0d\x96\xc1\x4d\x9e\x05\x31\x56\x33\x60\xc1\xb0\xa1\x82\x19\xe5\x2d\x61\x94\xb0\xdc\x46\x8c\x6b\xc8\x2f\x82\x98\x3e\x95\x63\xa6\xb9\x50\xde\x8a\x7b\x32\x93\x98\x04\xe1\xba\xb2\x51\x8d\x65\xcb\xd8\x60\x6a\x08\x13\x40\x25\xd8\x08\x65\xb9\x67\x61\xb1\xb6\x46\x53\x1e\x31\x22\x30\x6b\x0c\x27\x00\x4e\x96\x71\x11\x51\x6b\xb0\x82\xed\x04\xa2\x42\x60\xc1\x2c\x67\x26\xa2\x96\x63\xad\x40\x3f\x88\x78\x8d\x19\x55\xca\xd8\x88\x1a\x83\x8d\xb2\xdc\x18\x44\x25\xc1\x4a\x1b\x41\x69\x44\x8d\xc0\x26\x88\x4c\xa5\xc0\x86\x2b\xab\x79\x44\x0d\x6d\xc1\x32\x83\xb3\xcc\x5a\x29\xb9\x8c\xa8\x06\xa0\x5a\x69\x19\xa2\x8a\x63\xc5\x14\x15\x36\xa2\x5a\xec\xf0\xad\x0c\x16\x86\x4a\xc9\x22\xaa\x19\x56\x80\x58\x08\x06\xcd\x31\xe7\xca\x4a\x11\x51\x4d\xb0\xe0\x46\x6b\x85\xa8\xb6\x98\x52\x6e\x0d\x8f\x60\x9d\x52\x92\x13\x85\xa8\x91\x58\x1a\x6d\x80\x85\xd2\x98\x0b\x70\x1f\x9a\x51\xcb\x30\x51\x54\x33\x20\x2b\xcc\x28\x6c\x88\xc0\x00\x5a\x11\xae\x4d\x44\x95\xc4\x5c\x30\x23\x35\x62\x44\x7a\x29\xa8\x88\xa8\x12\x58\x05\xa5\x67\x8c\x32\xb0\x32\xd5\x9e\xca\x82\xf7\x18\xb5\x58\x5a\x43\x85\x8a\x40\x25\x6b\x21\x7e\x11\x63\x06\x53\xc5\xbc\xce\x7b\xea\x25\x13\x0a\x13\x09\x21\xfe\x2c\xd9\xca\xd6\xa9\xb3\x1e\x59\x63\x0d\x16\x92\x08\xa8\x5a\x32\xc1\x81\x6a\x31\x44\x13\x11\x08\xc0\xc7\x35\x31\xd6\x46\x8c\x50\x4c\x9a\x2c\x02\x19\x85\x51\x88\xbe\x88\x41\x0e\x0b\x50\x86\x10\x20\xda\x1a\xa3\x22\x46\x38\x96\x21\x31\x40\x14\x71\xcd\x34\x95\x5d\xea\x0c\x92\x84\x50\x9c\xf1\x47\x93\x0d\x96\x9c\x32\xad\x7b\x8c\x15\xc1\x60\x62\xc6\xbb\x52\x5c\x72\x48\x71\x84\x31\x00\x11\xd7\x58\x5b\x80\x00\x9a\x71\x48\x5b\x8c\x68\xa9\x23\x80\x35\x13\xc6\x1a\xc4\x99\xc1\x4a\x30\x6e\x44\xe4\xf3\x88\x8f\xea\x1e\x91\x61\x06\x8e\xa6\xc0\xa0\x43\x26\x98\x00\x95\xa1\x2e\x5b\x66\x30\x0b\x81\xd3\x95\x81\x29\xac\x83\xc0\x97\x1d\x89\x15\xc7\x42\xb4\xae\xf6\x89\x8a\x6b\xa9\x22\x45\xb1\xb1\x01\xb3\x1d\x53\x28\x1a\xec\x65\x25\xb5\x02\xee\x66\x1d\xa3\xfa\x41\x82\x19\x57\x8a\xb3\x1e\x03\xf0\x92\xe5\x5c\xeb\xfe\x6e\xe0\x52\x2d\x2c\x8d\x94\x68\x40\x21\xbc\x9f\x89\x36\x44\x47\x4a\x61\x0d\x33\xb5\xe9\x12\x21\xa8\x02\x88\x2f\xf7\x54\x4a\x48\x8b\x88\xcb\x2e\x06\xf7\xe4\x19\xa0\xdf\x28\x4e\xc0\x68\x7b\x32\xe4\x7f\xaa\x14\x33\x2c\xa2\x54\x63\xaa\x34\x87\xc2\x93\x4a\xcc\xb4\x10\x5c\x47\x10\xf2\xa2\x3d\x9b\x28\xc1\x4a\x29\x4e\x00\xc6\x14\x2a\x0e\x6b\x10\x25\x06\x73\x49\xac\xe5\x11\xd5\x12\xf3\x86\x6f\x87\x6a\x29\xd6\x21\xc0\x66\x1d\x32\x04\x1b\x6b\x72\x02\x85\x84\x1d\xa0\xc6\x38\xb6\x10\xfc\x12\x51\x26\x20\x46\x85\x14\x11\x13\xba\x0d\xfe\x19\x85\xa4\x48\xb4\x66\x3e\xf1\xd2\x76\xae\x84\x34\xce\xac\x08\x49\xba\x55\xee\xd0\x11\xfb\xcc\xc1\x0d\x3f\x03\xe4\x1f\x57\x2f\x8a\x72\x3d\x1d\xec\x9e\x5c\x0f\x19\x35\x58\x58\x9f\x0c\x11\x55\x04\x13\xff\x73\x8a\xfc\x83\xf0\xe1\x88\x46\x88\x9e\xa2\xfd\xf4\x51\x77\xfe\xa8\xbb\xe0\x51\x61\xb0\xaf\xb4\x77\x17\xbe\x09\x82\x46\xf6\x71\x0b\x94\x66\x6e\x5f\x79\x43\x73\xf9\xb8\xf2\x66\xb2\xab\xcc\xc1\xd2\xbb\x5d\x91\xa5\xb9\x9b\xc7\x9b\xe9\xc0\x3f\x2e\xeb\x91\xff\x67\x91\xe6\x2d\xfd\x49\x17\x43\x39\x62\x02\x53\x76\xcd\x34\xb8\x66\x4e\x90\xc2\x54\x21\x89\x0d\x40\x06\x53\x38\x59\x31\x6d\xae\x5f\x33\x6e\xe7\x1a\x73\x68\xae\x80\x3a\x12\xd8\xaa\xe6\xd2\x4f\xf8\xd9\xd7\x02\xf2\x1d\x44\x36\x0c\xf8\x0a\x85\x6b\x44\xf9\x6b\xf0\x9b\x9e\x51\xe3\x19\x73\xff\x5f\x87\xd5\x41\x80\x4f\x07\x5a\x2c\x40\xb2\x5f\x7d\x49\x99\x0d\x90\x82\x46\x8a\x60\x69\x90\x86\x3e\x8a\x5a\x4c\xa1\xcf\x63\xda\x5f\xbe\x66\xc2\x5e\xee\x16\x7d\x7a\xb6\xfb\x49\x33\xf7\x9f\xea\x7d\xba\xac\xdb\xce\xe7\x20\x00\x29\x6f\x20\x14\xa1\xdd\xe5\xe9\x93\x8e\xa8\xc7\x2e\xf4\x43\x3d\xc4\xfc\x21\x68\x3c\x6e\xfe\xbf\x30\xd2\x75\x04\xb4\x3f\x98\x32\x2a\x8c\x51\xbe\x23\x30\x00\x10\x23\xb4\xf6\x1d\x01\x9c\xc7\xdc\x5a\x26\x3c\x6e\x84\x35\xbe\xc8\xb7\x0a\x5b\x6b\xad\xe1\x01\x21\xcc\x70\xcd\xbb\xd4\x4b\xa8\x85\xac\xd5\x70\xe8\x77\xc8\x33\x5f\x39\x59\xe9\xcb\xe5\x3d\x99\x71\x8b\xa9\x26\x86\xed\xb6\x13\xac\x4b\xdc\x4b\x74\xb9\xa7\x52\xc6\x31\x15\x32\x64\xe6\x43\x54\x0a\x47\xbe\x91\x82\x46\x0c\x1b\xc1\xa8\x26\x56\xb8\x11\x15\x3e\x5d\x72\x65\x05\x1c\x7f\xfd\x91\xcb\x46\x1b\x09\x3a\xf6\x87\x66\x20\x83\x24\xc4\x12\x1d\x8d\x28\xd6\x54\x68\x6b\x0d\x73\x23\x22\x11\x89\x20\x58\x08\x63\xd6\xc2\x4d\xc7\x9e\x4d\xf2\x2a\xdd\xbc\xa6\x54\xd3\xcf\x74\x74\x94\x2a\xa8\x0c\x88\x6f\x64\x29\x55\x3e\xeb\x5b\x22\xac\xf2\x99\x5c\x45\x94\x52\x2c\x0c\x9c\x55\x08\x94\x64\xd2\x10\x62\x22\xca\x20\x5e\x19\x94\xa3\x70\x5c\xc1\xed\x25\x24\x66\x7f\xf1\x98\xe7\xee\xa6\x2b\x96\xb6\xe2\x4f\x35\x40\x42\x63\x43\x38\x05\x73\x5a\x81\x49\x38\xe8\x66\x02\x52\xa7\xb5\x86\x02\x59\x62\x1a\xca\x7b\x61\xb0\x15\x56\x4a\x19\xbc\x4f\x42\x01\x25\x2c\x16\x8c\x2a\xb2\xc3\x84\xa7\xce\x24\xc1\x94\x1a\x21\x0c\x60\x42\x63\x13\xc8\x70\x00\x28\x43\x18\xd3\x11\xf3\xe5\xaf\x2f\x1a\x24\xc5\x0c\xca\x58\x28\x7e\xac\xc5\x3c\xd4\x92\x33\xc9\x30\x23\xc6\x2a\x63\x22\x4e\x08\x16\xfe\xa4\x93\x1c\x73\xad\x7d\x33\xc1\x09\x45\x52\x60\x2d\x2c\x51\x5c\xf8\xdb\x19\x34\x55\x82\x69\xc1\x55\x18\xd6\x98\x28\xc1\x35\xb1\x9e\x85\x0a\x7d\x83\xd4\x58\x2b\xca\xbc\x76\x16\x3a\x4e\xce\x34\x9a\x49\x83\x85\x34\x44\x36\xe4\x46\x0a\xa8\x9f\x89\x56\x0c\x0e\x40\x0b\x2d\xdd\x53\xaa\xc6\x1c\xea\x19\xee\x59\xec\xc9\x0a\x9b\x46\xbd\x2e\x55\x62\xbb\xa3\x2a\x03\x3d\x2e\xf3\xa6\x37\x80\x4f\x1a\xa4\xe0\x52\x6a\x06\x93\x39\xb4\x37\x50\x84\x4b\x83\x19\x25\xbe\xae\x86\x60\x32\x8d\x2d\xfa\x54\xd1\x74\x61\xa0\x1e\x37\x9a\x43\x24\x18\x8d\x75\xa8\xc1\x24\x34\x2c\xdc\x0a\x49\x23\x66\x38\xd6\xa1\x8c\xeb\x52\xb5\xc5\xd6\xf7\x87\xb3\x1e\x95\x63\x16\x64\xeb\x8a\xa6\x74\xdb\x14\x49\x8b\x0d\xb3\x4c\x42\xb7\xa5\x28\x56\x4d\xf3\xaa\x28\x16\xc2\x17\x08\xe0\x92\x60\x35\xc5\xb1\xe4\x86\x09\xc2\x7d\xcb\xa7\x42\x81\xa0\x7c\xfd\xc4\x39\xb4\xd5\x42\x63\xc5\x84\xb0\x68\xa6\xa0\xdf\x91\xbe\xeb\x60\x02\xba\x15\x5f\xf0\x6b\x86\x39\xd3\x82\xfa\xc2\x83\x60\xee\xc5\xd5\x0a\x0b\x23\xad\xb6\xcc\x77\x76\xc1\x36\x33\x43\xb0\x12\x42\x0a\x0a\x54\x81\x65\x68\xcb\x0c\xd4\x3b\x92\x4a\x45\x23\xc6\x59\x8b\x6c\x4b\x30\xe5\x44\x4a\xf0\x05\x07\xb6\xa1\xd4\xb2\x02\x5b\x23\xad\x02\x79\x99\xc1\x32\x74\x33\x10\xc2\x5a\x31\x28\xf6\x99\xf6\x8d\x26\x1c\x8a\x44\x43\xc9\x69\x64\x78\xd0\x41\xda\xa7\x00\x94\x63\x4d\x89\x66\x26\xf4\x91\x06\xf6\x43\x94\x11\x2c\x20\xd6\x64\xc4\x18\xd4\xfd\x54\xc0\x69\xc9\xb4\x97\x82\xf9\xfa\xcb\x04\x85\x67\xd0\xdf\x1b\x66\x29\xd4\xfa\x8c\x63\x11\xdc\x06\x6d\x24\x13\x9a\x36\x93\x59\xd3\x19\x0a\x8b\x0d\xa5\x52\xf4\xa8\x97\xd0\x89\x69\x22\xa4\x35\xcf\x92\xa1\x5c\x6b\x1b\xf0\x0e\x59\x12\x48\x8f\x92\x86\xd6\x90\xd0\xf0\xdc\x88\xed\x1e\x45\x68\x82\x09\xb5\x96\x48\xdf\xee\xcb\x26\x7b\x50\x4d\xa1\xc8\xf5\xcf\x38\x04\x36\x01\xc1\xd0\x45\x6a\x66\x0c\x14\x9d\x52\x62\x19\xf2\x01\xd5\x0a\x13\xe6\x1b\xc3\x0e\x75\x46\x75\x53\x54\xf6\xc8\xd4\x10\xdf\x68\x43\x4a\xe9\x30\x36\x14\x1b\x46\x01\xec\x7b\x19\x2e\x01\x49\x5a\x52\x66\x95\x6f\x86\x4c\xe8\xb3\x67\xa0\x28\x34\xc9\x0a\x4a\x5f\xc8\x45\xbe\xd2\xf6\xfd\x82\xa5\xdc\x86\xae\x8e\x86\x84\xd0\xa3\x6a\xcc\x9a\xc6\xa9\x47\x96\x58\xb4\xcd\xc5\x8e\x31\x85\x44\x1a\x22\xa6\x23\x05\xb4\xc0\x3a\x48\x7c\xb9\x17\x19\xfc\xb8\x7b\xdc\x63\x08\x66\x84\x79\x16\xdc\x62\xdd\x3c\x1a\xd8\x9b\x82\x72\x1b\x0c\x26\x04\x83\xea\xdf\x3f\x65\xd8\x9b\x35\x0c\x53\x6c\x8c\x54\xdc\xf6\x79\x10\x4c\x9a\x56\xad\xbb\x21\x38\x95\x71\x0b\x3d\xb5\x60\x3b\x10\x81\xff\x99\x26\x70\xee\x08\x60\x1e\x9e\x93\x74\xa9\x12\xc2\x18\xfa\x80\xcb\x2e\x59\xef\x9e\x3a\x5c\x76\x80\xd8\x21\xcf\x8c\xc1\x92\x32\x62\xe1\x84\xdb\x93\x01\x64\x54\x32\xe8\xdd\xa8\x11\xd8\x86\x67\x54\x5c\x61\xcb\xb8\xef\x7e\x7c\xeb\xdf\x60\x8b\x33\xcc\xa9\xe4\x44\x43\xe8\x50\xcc\x82\x03\x39\xf1\xd1\x2c\x03\x43\xb8\x13\x12\xdb\x10\x56\x33\xb8\x85\x73\x20\x24\x00\x2e\xb1\x94\x60\x4e\x16\x31\xcd\xc0\x93\x86\x6b\x24\x14\x04\xa4\x50\x04\xce\x25\xda\x46\xfa\x4c\x28\xac\xa4\xd2\x4c\xa9\x50\xc3\x34\x93\x35\xa6\x44\x71\x42\x6c\x48\xc6\x61\xd7\x83\x27\x69\xb7\xcd\x19\xcd\x8a\xcd\xdd\xae\xd2\x6b\x4b\xc1\x43\x5f\xa7\x1c\x2e\x3f\x05\x81\x1a\x48\x59\x19\x21\xc6\xfe\xb8\xff\xe9\xce\x1f\x75\x17\xfc\xb9\xfe\xe7\xc3\x06\xc5\x65\x59\xdc\x3c\xee\x81\xb6\x9b\x91\xa7\x3f\x23\xe5\x08\x4e\x11\xc6\xd0\x88\x11\x83\x29\x3b\xed\xf7\x2f\x9d\x25\xeb\xb8\x2e\xd3\xdb\x21\x66\x4c\x50\xee\xbf\xfd\xc1\x14\x4e\x7b\xc4\xb9\xc4\x4a\x23\xaa\x04\xe6\xf2\xf4\x71\xad\x4c\x06\x50\xb6\xac\x47\x10\x64\x54\x23\x41\x19\x26\x74\x35\x62\x06\x1b\xa6\x9b\x5f\x19\x15\x58\x50\x31\x62\x50\xbf\x49\x74\xe8\x0e\x85\xbb\x03\x0d\x07\xe8\xfe\x6d\x71\x93\x1f\xd6\x3e\x29\x6e\xf2\xff\x94\xfe\xa3\xbe\x01\x00\xb3\x96\xff\x77\x1b\x60\x32\x6e\xbf\x0c\x9c\x8c\xab\x6b\x4f\x9b\x84\x77\x91\xc2\xf0\x8a\x86\xf9\xf7\xf7\x65\x9c\x2f\x1d\xfa\x4b\x1a\xa1\xbf\xcc\xcb\xed\xfa\x0a\x9d\x4d\x11\x7e\x59\xba\x38\xf1\xb7\x0f\x0f\x93\x18\xad\x4a\xb7\x98\x0e\x9a\xf7\xe2\xc2\x34\x7c\x99\xe6\x1f\x1f\x1e\x06\x17\x7d\xea\x7b\x77\x5b\x3f\x3c\x4c\xc6\xf1\xc5\xfd\x7d\xba\x40\x39\x70\x46\xe4\xe1\x61\x7c\x7f\xef\xf2\xe4\xe1\xa1\xf9\x15\x44\x0c\x42\x84\x6f\x63\x83\x60\x93\x75\x9c\xe6\xcd\x97\x99\xe9\x35\x9a\x67\x71\x55\x4d\x07\x6b\x57\xc7\x8d\x03\x3c\x19\x3c\xd8\xbc\x19\xb6\xf3\x4b\xb5\x89\xf3\xee\x7c\xff\x12\xce\xe0\x62\x92\xe6\x9b\x6d\x8d\xea\xbb\x8d\x9b\x0e\x6a\x77\x5b\x0f\xd0\x26\x8b\xe7\x6e\xe5\xbf\xf1\xf2\x7d\x5e\xed\xca\x41\xdb\xf3\xf9\xeb\x22\xff\xe8\xee\xb6\x9b\xfd\x17\xc2\x27\x17\x93\x31\xf0\x6f\x4d\x9c\xa4\xd7\xad\x91\xdb\xab\x8e\xb4\x59\x5a\xd5\x69\xbe\x6c\x05\x0e\xef\xee\xc4\x65\x1a\x8f\x12\x57\xcd\xcb\xf4\xca\x25\x57\x77\x4f\x15\xa8\xdb\xb7\x10\xfd\x4d\xb9\x2b\xf1\xeb\xd5\xc5\x64\xdc\xa9\xfe\xbb\xfd\x49\xeb\x99\xbf\x55\x45\x59\x4f\xf3\x78\xed\x92\xb4\xf4\xaf\x51\xfd\xd5\x7f\x77\x3d\x8d\xab\xf9\xa0\x95\xcb\xbf\x77\xe1\xdf\x5b\x08\xdf\x6b\x5f\xf8\x6f\xb1\x9b\xc1\xba\xd8\xec\xbe\x6a\xa6\x6e\xbd\xff\x06\x1a\x4b\xb8\xeb\x7f\xd7\x7d\x9d\xba\x9b\x97\xc5\xed\x74\xe0\xbf\xec\x65\xd8\x32\x46\xad\x40\x0a\x13\x2e\x8d\xb1\x76\x70\x31\xd9\x56\x0e\xf9\xef\xb2\xcf\x82\x84\x5f\xee\xf2\xcd\xc5\x64\xbc\xad\xdc\x45\x80\x65\x57\x84\xf0\xb6\xc4\x7f\x56\x8a\x4e\xdc\xf7\xe5\x18\xc7\x3b\xab\x7e\xc6\xba\x07\xac\xda\xd8\xf2\x6d\xbc\x76\x1d\x26\x7f\xd2\x63\x55\xfa\xe9\x33\x3c\xdf\xa5\x9f\x3e\xc3\xb3\x9d\xdc\xbe\xe3\x31\x78\x6e\x93\x3a\xfd\x9c\xe0\xe1\x15\x5a\x97\xfc\x3b\x1b\x75\x26\x4c\xc6\x3b\xa8\x02\xb5\x0b\xe1\xab\x22\xb9\x3b\x84\xe7\x04\xd6\x27\xdd\xfb\x27\x82\x63\xbc\xd7\xa6\x1f\xda\xcb\x62\xbb\x19\x5c\xfc\xbd\x40\xdb\x4d\x37\x26\xfd\xf6\x5d\x05\x7a\xfc\xff\xba\x4e\xe2\x6a\x75\xfe\x88\xfc\x54\xaf\x3f\x3b\xaf\x33\xa1\xa3\xff\xfd\xfd\x08\x85\x64\x8a\x5f\xe5\x75\x99\xba\x2a\xe4\x39\xaf\x7e\xcb\xc4\x3f\x7a\x3c\xa0\xfb\x73\x26\x01\xa6\xe9\x02\xe1\x37\xd5\xb7\x69\xd9\xf2\x6b\x5e\x40\x69\x03\x25\x04\x47\x1b\x2a\xf4\x0f\x22\x85\x53\x38\x93\x0e\x46\x47\xf3\x6a\x48\x2f\x32\xba\x82\xb8\xac\x72\xff\x25\x32\x30\x25\x11\x67\xfc\xa0\x0c\x69\xb0\xf0\x33\x12\xb4\x87\xc7\x13\x60\x40\x78\x0e\x2e\x1e\x9f\x55\xf8\xc3\x4f\x97\x9d\x43\x0a\x5f\xba\x78\x11\x8e\xa7\x3e\x7a\xba\xe6\x3f\x6c\x72\x00\x42\x12\xd7\xf1\x28\x44\xd2\x60\x44\x0f\xe2\xe5\x89\x99\x1e\xaf\xbb\xbf\xc7\x10\xd7\x20\xd4\x04\xc2\xff\x62\x47\x98\x8c\xfd\xfd\x13\x6e\x1d\x95\x5b\xd1\xbe\x2f\x92\xf7\xe9\xda\xa1\xff\x85\xe2\x45\xed\xca\x57\x9b\x62\xbe\x42\xbd\x2d\x9f\x62\x16\xd2\x80\x7f\xc3\x0b\x2e\xbc\x1c\x2d\x97\x60\xa0\xce\xed\x64\x0c\x73\x9e\x4a\xf2\x58\xaf\x27\x9b\xfc\xdf\xff\xfd\x7f\x3e\x27\xfe\xbf\x19\x4c\x9d\xa5\x93\x71\x27\x9d\x4c\xc6\xfe\x4c\xed\x1f\xc1\x93\x71\x5b\x3a\x4c\xe0\x90\xdd\xd4\x7e\xf8\x3a\x2e\x51\x38\xc5\x5f\x65\x68\x8a\x92\x62\xbe\x5d\xbb\xbc\xc6\x4b\x57\xbf\xca\x1c\x5c\xbe\xbc\x7b\x93\x0c\x9b\x93\xfe\xe4\xf4\x1c\x16\xb5\x0b\xf0\xa2\x98\x6f\xab\x61\x43\xdc\xe6\xf3\x3a\x2d\x72\xd4\x16\x05\xfe\x55\xb3\xb0\xc3\xef\x68\xba\xdb\x05\x5f\xc7\xd9\xd6\xe1\xba\x4c\xd7\xc3\x53\x5c\x17\x97\xc5\x8d\x2b\x67\x71\xe5\x1a\x3e\x7e\x81\xcb\xdc\xba\xea\xca\xf3\xfb\xd6\x95\x77\xef\x5c\xe6\xe6\x75\x51\xbe\xc8\xb2\xe1\x49\x5d\x62\x08\x85\x46\xa4\x23\xbf\x02\x2f\x8a\xf2\x55\x3c\x5f\x0d\x5b\x61\x86\x2e\x6b\xe5\x38\x4a\x17\x68\xf8\xc5\xef\xbb\xdb\x23\x97\x61\xff\xc2\x18\x6e\xde\xfb\x43\x53\x74\x72\x72\xde\x0c\x96\xae\xde\x96\x79\x73\xd7\xd8\x18\x04\x83\x28\xf2\x96\x72\x59\x5f\xa6\xe1\x89\x7f\x5b\xb4\x15\x67\x37\xf9\xe7\x18\x66\x87\x65\x18\xea\xab\x59\xf8\x6b\x85\xcf\x18\xc0\x4b\xda\xac\xc5\x69\x9e\xb8\xdb\x1f\x16\xc3\xdf\x4f\xd1\x17\xd3\x29\x1a\xd1\x3f\xa7\xc0\x83\x07\xe3\x67\xa7\xe6\x45\xee\x4e\x7a\x1a\x3e\x04\x01\x1e\x7a\xee\xcc\x8a\x79\x9c\xa5\x9f\xdc\xb7\x4d\x64\x0c\x5d\x84\xbc\x50\x11\x8a\xcb\x56\x18\x90\xd8\x75\xd5\x43\xd3\xe9\xd4\xbf\xc1\xbe\x48\x73\x97\xec\x64\xee\x9a\xf5\x61\xe7\xed\x04\x2c\xe4\x6e\x10\x6c\x31\x74\x80\xbd\x17\x75\xf3\xd7\x38\xc3\x93\x36\x22\x4f\x4e\x1b\xf3\xc0\x5e\x69\xf5\x36\x7e\x3b\x4c\x4e\x77\x8c\x1f\xb1\xe8\x48\xd2\x35\xea\x93\x65\x87\xfc\x1c\x3e\x1f\x69\x83\x12\xef\x29\x68\x41\xdf\xd5\x65\x9a\x2f\x87\xbf\xfe\x16\xa1\xfb\x24\xbe\x3b\x43\x03\x36\x4a\xd2\x65\x5a\x0f\x22\xb4\x2e\xf2\x7a\xd5\xa3\xdc\xb9\xb8\x3c\x43\x83\x7c\xbb\x76\x65\x3a\x1f\x44\x68\x55\x6c\xcb\xfe\x9a\x34\xdf\xd6\xae\x47\xaa\xdc\xbc\xc8\x93\x0e\xa9\xeb\x19\xb0\x18\x18\xe4\x32\xad\x40\xb0\x17\x65\x19\xdf\xe1\x4d\x59\xd4\x05\x14\xf1\xb8\xca\xd2\xb9\xc3\xf3\x38\xcb\x86\x07\xa2\xb9\x7a\x79\xf7\x3e\x5e\x42\x31\x36\x1c\x00\x93\x41\x63\xd5\x96\xe1\x2e\x82\x1e\xbb\xfd\xf4\xfc\xb8\xdd\x7c\xe9\xea\x0f\x65\xf6\x63\x5c\xc6\x6b\x57\xbb\x12\x62\xbb\x05\xcb\xa3\xa1\x61\xe5\x2f\xbb\xa9\xa0\xfa\x31\x5e\xba\x0f\x3f\x5d\xa2\x29\xba\x49\xf3\xa4\xb8\xc1\xb0\x13\x2c\xc6\x95\x8b\xcb\xf9\x0a\x57\xdb\xab\x2a\x98\x98\x9e\x46\x7e\x5d\xf5\xe1\xa7\xcb\x9f\xa1\x41\xb8\xca\x1c\x64\x85\x96\x07\xae\x36\x59\x5a\x0f\x4f\xfe\x7a\xd2\x4e\xdc\xed\xfc\xd6\xbf\xb9\xed\xfd\x1e\x04\x3f\x5a\x14\x25\x1a\xa6\x68\x8a\xc8\x39\x4a\xd1\x04\xf5\x98\xe2\xcc\xe5\xcb\x7a\x75\x8e\xd2\x6f\xbe\xd9\x81\xa3\xcf\x0d\xf6\xed\x2e\xf9\x35\xfd\xad\xdd\x7f\x7a\xd2\x58\x27\xa0\xac\xbf\xee\x57\xf2\x9b\x0f\x86\xbe\x29\x5a\xe4\xa1\x47\x93\xe9\x6f\xfd\xc8\x41\x7f\x43\x75\xb9\x75\xe8\x0c\x25\x6e\x5e\x24\xee\xc3\x4f\x6f\x66\xc5\x7a\x53\xe4\x2e\xaf\x1f\x6f\x44\x7f\x3b\x7d\x0a\xe4\x87\x7e\x72\x6e\xde\xdc\xf5\x87\x0c\x2c\x3a\xdd\x7b\xc6\x9f\xbf\x68\xfa\xc4\x87\x27\x7e\xe0\xe4\x51\x76\x06\x2c\x1d\x3e\x30\xaa\x97\x77\xb3\x96\x7d\x67\xa3\xf3\xd6\x0b\x43\x60\xe1\x1d\x11\xa1\x60\x76\x9f\x4e\xc3\xda\xbd\x23\xd0\x04\x1d\x72\x0a\x2c\x9e\x6f\xcb\xf2\x75\xe9\x16\x9d\x75\xe0\x0d\x28\x6c\x76\xc1\x3e\x0c\xe5\xc4\xf4\x04\x7a\xca\x93\xd3\x7b\xd4\x98\xdd\xaf\x5f\x2d\xd1\x74\xc7\x05\x97\xce\x77\xbc\xc3\x30\x35\x42\x27\x31\xac\x38\xdf\xa5\xce\xfe\x0e\xb0\x72\xb5\xec\x9f\x0c\x9d\xed\xe2\x3f\xbd\x5b\x1c\x36\x0b\xf2\xfd\x1b\xbb\x1d\x72\x6b\xe9\xe2\x04\x50\xf9\x5d\x9a\x85\xd7\xb0\xa1\x52\xea\x86\xdd\x36\x4f\xbd\xbf\x7e\x3d\x79\x09\x9b\xfe\xc3\x7f\x7e\xef\x3f\xff\xee\x3f\xdf\xfb\xcf\x1f\xfd\xe7\x2b\xff\xf9\x2f\xff\xf9\xcb\xcb\x93\xdf\xf6\x9e\x0f\xf1\xe3\x6f\x6f\x56\x69\x16\xf6\x41\x17\x53\x44\x09\x13\xfb\xc0\x01\xe2\x38\x10\x1b\xd1\xbf\xf9\x26\xed\x66\xfd\x06\xfc\x9b\xb8\xac\xdc\x77\x59\x11\xd7\x41\x60\x5c\x17\xdf\xa5\xb7\xce\xbf\x47\xff\x0d\x3a\x41\x27\xe8\x9b\x20\xf9\xaf\xe9\x6f\x4d\x02\xec\xa9\xdd\x7d\xef\xbc\x9b\x63\xd2\x4f\xee\x79\x70\xee\xf2\x1f\x4c\x1b\x9c\x76\xd3\xc3\x5e\xc5\x90\x22\x80\xcf\xc1\xd4\xb0\xda\xae\xe3\x1c\xf6\x45\xd3\xc3\xb6\xf7\x0e\x4c\xf3\xdc\x95\xaf\xdf\x7f\x7f\xd9\xba\xf7\xe9\x08\x9a\xa2\x1d\xaf\x8e\x77\xc3\x63\xa9\xb6\x4c\x9b\x8c\x43\x6d\x37\x19\x87\x3f\xc8\xfc\x7f\x01\x00\x00\xff\xff\xd1\xe7\x7f\xef\x40\x3c\x00\x00"),
-		},
-	}
-	fs["/"].(*vfsgen۰DirInfo).entries = []os.FileInfo{
-		fs["/index.html"].(os.FileInfo),
-	}
-
-	return fs
-}()
-
-type vfsgen۰FS map[string]interface{}
-
-func (fs vfsgen۰FS) Open(path string) (http.File, error) {
-	path = pathpkg.Clean("/" + path)
-	f, ok := fs[path]
-	if !ok {
-		return nil, &os.PathError{Op: "open", Path: path, Err: os.ErrNotExist}
-	}
-
-	switch f := f.(type) {
-	case *vfsgen۰CompressedFileInfo:
-		gr, err := gzip.NewReader(bytes.NewReader(f.compressedContent))
-		if err != nil {
-			// This should never happen because we generate the gzip bytes such that they are always valid.
-			panic("unexpected error reading own gzip compressed bytes: " + err.Error())
-		}
-		return &vfsgen۰CompressedFile{
-			vfsgen۰CompressedFileInfo: f,
-			gr:                        gr,
-		}, nil
-	case *vfsgen۰DirInfo:
-		return &vfsgen۰Dir{
-			vfsgen۰DirInfo: f,
-		}, nil
-	default:
-		// This should never happen because we generate only the above types.
-		panic(fmt.Sprintf("unexpected type %T", f))
-	}
-}
-
-// vfsgen۰CompressedFileInfo is a static definition of a gzip compressed file.
-type vfsgen۰CompressedFileInfo struct {
-	name              string
-	modTime           time.Time
-	compressedContent []byte
-	uncompressedSize  int64
-}
-
-func (f *vfsgen۰CompressedFileInfo) Readdir(count int) ([]os.FileInfo, error) {
-	return nil, fmt.Errorf("cannot Readdir from file %s", f.name)
-}
-func (f *vfsgen۰CompressedFileInfo) Stat() (os.FileInfo, error) { return f, nil }
-
-func (f *vfsgen۰CompressedFileInfo) GzipBytes() []byte {
-	return f.compressedContent
-}
-
-func (f *vfsgen۰CompressedFileInfo) Name() string       { return f.name }
-func (f *vfsgen۰CompressedFileInfo) Size() int64        { return f.uncompressedSize }
-func (f *vfsgen۰CompressedFileInfo) Mode() os.FileMode  { return 0444 }
-func (f *vfsgen۰CompressedFileInfo) ModTime() time.Time { return f.modTime }
-func (f *vfsgen۰CompressedFileInfo) IsDir() bool        { return false }
-func (f *vfsgen۰CompressedFileInfo) Sys() interface{}   { return nil }
-
-// vfsgen۰CompressedFile is an opened compressedFile instance.
-type vfsgen۰CompressedFile struct {
-	*vfsgen۰CompressedFileInfo
-	gr      *gzip.Reader
-	grPos   int64 // Actual gr uncompressed position.
-	seekPos int64 // Seek uncompressed position.
-}
-
-func (f *vfsgen۰CompressedFile) Read(p []byte) (n int, err error) {
-	if f.grPos > f.seekPos {
-		// Rewind to beginning.
-		err = f.gr.Reset(bytes.NewReader(f.compressedContent))
-		if err != nil {
-			return 0, err
-		}
-		f.grPos = 0
-	}
-	if f.grPos < f.seekPos {
-		// Fast-forward.
-		_, err = io.CopyN(io.Discard, f.gr, f.seekPos-f.grPos)
-		if err != nil {
-			return 0, err
-		}
-		f.grPos = f.seekPos
-	}
-	n, err = f.gr.Read(p)
-	f.grPos += int64(n)
-	f.seekPos = f.grPos
-	return n, err
-}
-func (f *vfsgen۰CompressedFile) Seek(offset int64, whence int) (int64, error) {
-	switch whence {
-	case io.SeekStart:
-		f.seekPos = 0 + offset
-	case io.SeekCurrent:
-		f.seekPos += offset
-	case io.SeekEnd:
-		f.seekPos = f.uncompressedSize + offset
-	default:
-		panic(fmt.Errorf("invalid whence value: %v", whence))
-	}
-	return f.seekPos, nil
-}
-func (f *vfsgen۰CompressedFile) Close() error {
-	return f.gr.Close()
-}
-
-// vfsgen۰DirInfo is a static definition of a directory.
-type vfsgen۰DirInfo struct {
-	name    string
-	modTime time.Time
-	entries []os.FileInfo
-}
-
-func (d *vfsgen۰DirInfo) Read([]byte) (int, error) {
-	return 0, fmt.Errorf("cannot Read from directory %s", d.name)
-}
-func (d *vfsgen۰DirInfo) Close() error               { return nil }
-func (d *vfsgen۰DirInfo) Stat() (os.FileInfo, error) { return d, nil }
-
-func (d *vfsgen۰DirInfo) Name() string       { return d.name }
-func (d *vfsgen۰DirInfo) Size() int64        { return 0 }
-func (d *vfsgen۰DirInfo) Mode() os.FileMode  { return 0755 | os.ModeDir }
-func (d *vfsgen۰DirInfo) ModTime() time.Time { return d.modTime }
-func (d *vfsgen۰DirInfo) IsDir() bool        { return true }
-func (d *vfsgen۰DirInfo) Sys() interface{}   { return nil }
-
-// vfsgen۰Dir is an opened dir instance.
-type vfsgen۰Dir struct {
-	*vfsgen۰DirInfo
-	pos int // Position within entries for Seek and Readdir.
-}
-
-func (d *vfsgen۰Dir) Seek(offset int64, whence int) (int64, error) {
-	if offset == 0 && whence == io.SeekStart {
-		d.pos = 0
-		return 0, nil
-	}
-	return 0, fmt.Errorf("unsupported Seek in directory %s", d.name)
-}
-
-func (d *vfsgen۰Dir) Readdir(count int) ([]os.FileInfo, error) {
-	if d.pos >= len(d.entries) && count > 0 {
-		return nil, io.EOF
-	}
-	if count <= 0 || count > len(d.entries)-d.pos {
-		count = len(d.entries) - d.pos
-	}
-	e := d.entries[d.pos : d.pos+count]
-	d.pos += count
-	return e, nil
-}
diff --git a/cmd/serve/http/data/data.go b/cmd/serve/http/data/data.go
deleted file mode 100644
index d0ab355b5db2b..0000000000000
--- a/cmd/serve/http/data/data.go
+++ /dev/null
@@ -1,99 +0,0 @@
-// Package data provides common functionality for http servers
-// The "go:generate" directive compiles static assets by running assets_generate.go
-//
-//go:generate go run assets_generate.go
-package data
-
-import (
-	"fmt"
-	"html/template"
-	"io"
-	"os"
-	"time"
-
-	"github.com/spf13/pflag"
-
-	"github.com/rclone/rclone/fs"
-	"github.com/rclone/rclone/fs/config/flags"
-)
-
-// Help describes the options for the serve package
-var Help = `
-#### Template
-
-` + "`--template`" + ` allows a user to specify a custom markup template for HTTP
-and WebDAV serve functions.  The server exports the following markup
-to be used within the template to server pages:
-
-| Parameter   | Description |
-| :---------- | :---------- |
-| .Name       | The full path of a file/directory. |
-| .Title      | Directory listing of .Name |
-| .Sort       | The current sort used.  This is changeable via ?sort= parameter |
-|             | Sort Options: namedirfirst,name,size,time (default namedirfirst) |
-| .Order      | The current ordering used.  This is changeable via ?order= parameter |
-|             | Order Options: asc,desc (default asc) |
-| .Query      | Currently unused. |
-| .Breadcrumb | Allows for creating a relative navigation |
-|-- .Link     | The relative to the root link of the Text. |
-|-- .Text     | The Name of the directory. |
-| .Entries    | Information about a specific file/directory. |
-|-- .URL      | The 'url' of an entry.  |
-|-- .Leaf     | Currently same as 'URL' but intended to be 'just' the name. |
-|-- .IsDir    | Boolean for if an entry is a directory or not. |
-|-- .Size     | Size in Bytes of the entry. |
-|-- .ModTime  | The UTC timestamp of an entry. |
-`
-
-// Options for the templating functionality
-type Options struct {
-	Template string
-}
-
-// AddFlags for the templating functionality
-func AddFlags(flagSet *pflag.FlagSet, prefix string, Opt *Options) {
-	flags.StringVarP(flagSet, &Opt.Template, prefix+"template", "", Opt.Template, "User-specified template")
-}
-
-// AfterEpoch returns the time since the epoch for the given time
-func AfterEpoch(t time.Time) bool {
-	return t.After(time.Time{})
-}
-
-// GetTemplate returns the HTML template for serving directories via HTTP/WebDAV
-func GetTemplate(tmpl string) (tpl *template.Template, err error) {
-	var templateString string
-	if tmpl == "" {
-		templateFile, err := Assets.Open("index.html")
-		if err != nil {
-			return nil, fmt.Errorf("get template open: %w", err)
-		}
-
-		defer fs.CheckClose(templateFile, &err)
-
-		templateBytes, err := io.ReadAll(templateFile)
-		if err != nil {
-			return nil, fmt.Errorf("get template read: %w", err)
-		}
-
-		templateString = string(templateBytes)
-
-	} else {
-		templateFile, err := os.ReadFile(tmpl)
-		if err != nil {
-			return nil, fmt.Errorf("get template open: %w", err)
-		}
-
-		templateString = string(templateFile)
-	}
-
-	funcMap := template.FuncMap{
-		"afterEpoch": AfterEpoch,
-	}
-	tpl, err = template.New("index").Funcs(funcMap).Parse(templateString)
-	if err != nil {
-		return nil, fmt.Errorf("get template parse: %w", err)
-	}
-
-	return
-}
diff --git a/cmd/serve/http/data/templates/index.html b/cmd/serve/http/data/templates/index.html
deleted file mode 100644
index 348050c0278e4..0000000000000
--- a/cmd/serve/http/data/templates/index.html
+++ /dev/null
@@ -1,389 +0,0 @@
-<!-- 
-// Copyright 2015 Matthew Holt and The Caddy Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License. 
-Modifications:  Adapted to rclone markup -->
-
-<!DOCTYPE html>
-<html>
-	<head>
-		<title>{{html .Name}}</title>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="google" content="notranslate">
-<style>
-* { padding: 0; margin: 0; }
-body {
-	font-family: sans-serif;
-	text-rendering: optimizespeed;
-	background-color: #ffffff;
-}
-a {
-	color: #006ed3;
-	text-decoration: none;
-}
-a:hover,
-h1 a:hover {
-	color: #319cff;
-}
-header,
-#summary {
-	padding-left: 5%;
-	padding-right: 5%;
-}
-th:first-child,
-td:first-child {
-	width: 1%; /* tighter for mobile */
-}
-th:last-child,
-td:last-child {
-	width: 1%; /* tighter for mobile */
-}
-header {
-	padding-top: 25px;
-	padding-bottom: 15px;
-	background-color: #f2f2f2;
-}
-h1 {
-	font-size: 20px;
-	font-weight: normal;
-	white-space: nowrap;
-	overflow-x: hidden;
-	text-overflow: ellipsis;
-	color: #999;
-}
-h1 a {
-	color: #000;
-	margin: 0 4px;
-}
-h1 a:hover {
-	text-decoration: underline;
-}
-h1 a:first-child {
-	margin: 0;
-}
-main {
-	display: block;
-}
-.meta {
-	font-size: 12px;
-	font-family: Verdana, sans-serif;
-	border-bottom: 1px solid #9C9C9C;
-	padding-top: 10px;
-	padding-bottom: 10px;
-}
-.meta-item {
-	margin-right: 1em;
-}
-#filter {
-	padding: 4px;
-	border: 1px solid #CCC;
-}
-table {
-	width: 100%;
-	border-collapse: collapse;
-}
-tr {
-	border-bottom: 1px dashed #dadada;
-}
-tbody tr:hover {
-	background-color: #ffffec;
-}
-th,
-td {
-	text-align: left;
-	padding: 10px 2px; /* Changed from 0 to 2 */
-}
-th {
-	padding-top: 10px;
-	padding-bottom: 10px;
-	font-size: 16px;
-	white-space: nowrap;
-}
-th a {
-	color: black;
-}
-th svg {
-	vertical-align: middle;
-}
-td {
-	white-space: nowrap;
-	font-size: 14px;
-}
-td:nth-child(2) {
-	width: 80%;
-}
-td:nth-child(3) {
-	padding: 0 20px 0 20px;
-}
-th:nth-child(4),
-td:nth-child(4) {
-	text-align: right;
-}
-td:nth-child(2) svg {
-	position: absolute;
-}
-td .name,
-td .goup {
-	margin-left: 1.75em;
-	word-break: break-all;
-	overflow-wrap: break-word;
-	white-space: pre-wrap;
-}
-.icon {
-	margin-right: 5px;
-}
-.icon.sort {
-	display: inline-block;
-	width: 1em;
-	height: 1em;
-	position: relative;
-	top: .2em;
-}
-.icon.sort .top {
-	position: absolute;
-	left: 0;
-	top: -1px;
-}
-.icon.sort .bottom {
-	position: absolute;
-	bottom: -1px;
-	left: 0;
-}
-footer {
-	padding: 40px 20px;
-	font-size: 12px;
-	text-align: center;
-}
-@media (max-width: 600px) {
-/*	.hideable {
-		display: none;
-	} removed to keep dates on mobile */
-	td:nth-child(2) {
-		width: auto;
-	}
-	th:nth-child(3),
-	td:nth-child(3) {
-		padding-right: 5%;
-		text-align: right;
-	}
-	h1 {
-		color: #000;
-	}
-	h1 a {
-		margin: 0;
-	}
-	#filter {
-		max-width: 100px;
-	}
-}
-</style>
-	</head>
-	<body onload='filter();toggle("order");changeSize()'>
-		<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="0" width="0" style="position: absolute;">
-			<defs>
-				<!-- Folder -->
-				<g id="folder" fill-rule="nonzero" fill="none">
-					<path d="M285.22 37.55h-142.6L110.9 0H31.7C14.25 0 0 16.9 0 37.55v75.1h316.92V75.1c0-20.65-14.26-37.55-31.7-37.55z" fill="#FFA000"/>
-					<path d="M285.22 36H31.7C14.25 36 0 50.28 0 67.74v158.7c0 17.47 14.26 31.75 31.7 31.75H285.2c17.44 0 31.7-14.3 31.7-31.75V67.75c0-17.47-14.26-31.75-31.7-31.75z" fill="#FFCA28"/>
-				</g>
-				<g id="folder-shortcut" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-					<g id="folder-shortcut-group" fill-rule="nonzero">
-						<g id="folder-shortcut-shape">
-							<path d="M285.224876,37.5486902 L142.612438,37.5486902 L110.920785,0 L31.6916529,0 C14.2612438,0 0,16.8969106 0,37.5486902 L0,112.646071 L316.916529,112.646071 L316.916529,75.0973805 C316.916529,54.4456008 302.655285,37.5486902 285.224876,37.5486902 Z" id="Shape" fill="#FFA000"></path>
-							<path d="M285.224876,36 L31.6916529,36 C14.2612438,36 0,50.2838568 0,67.7419039 L0,226.451424 C0,243.909471 14.2612438,258.193328 31.6916529,258.193328 L285.224876,258.193328 C302.655285,258.193328 316.916529,243.909471 316.916529,226.451424 L316.916529,67.7419039 C316.916529,50.2838568 302.655285,36 285.224876,36 Z" id="Shape" fill="#FFCA28"></path>
-						</g>
-						<path d="M126.154134,250.559184 C126.850974,251.883673 127.300549,253.006122 127.772602,254.106122 C128.469442,255.206122 128.919016,256.104082 129.638335,257.002041 C130.559962,258.326531 131.728855,259 133.100057,259 C134.493737,259 135.415364,258.55102 136.112204,257.67551 C136.809044,257.002041 137.258619,255.902041 137.258619,254.577551 C137.258619,253.904082 137.258619,252.804082 137.033832,251.457143 C136.786566,249.908163 136.561779,249.032653 136.561779,248.583673 C136.089726,242.814286 135.864939,237.920408 135.864939,233.273469 C135.864939,225.057143 136.786566,217.514286 138.180246,210.846939 C139.798713,204.202041 141.889234,198.634694 144.429328,193.763265 C147.216689,188.869388 150.678411,184.873469 154.836973,181.326531 C158.995535,177.779592 163.626149,174.883673 168.481552,172.661224 C173.336954,170.438776 179.113983,168.665306 185.587852,167.340816 C192.061722,166.218367 198.760378,165.342857 205.481514,164.669388 C212.18017,164.220408 219.598146,163.995918 228.162535,163.995918 L246.055591,163.995918 L246.055591,195.514286 C246.055591,197.736735 246.752431,199.510204 248.370899,201.059184 C250.214153,202.608163 252.079886,203.506122 254.372715,203.506122 C256.463236,203.506122 258.531277,202.608163 260.172223,201.059184 L326.102289,137.797959 C327.720757,136.24898 328.642384,134.47551 328.642384,132.253061 C328.642384,130.030612 327.720757,128.257143 326.102289,126.708163 L260.172223,63.4469388 C258.553756,61.8979592 256.463236,61 254.395194,61 C252.079886,61 250.236632,61.8979592 248.393377,63.4469388 C246.77491,64.9959184 246.07807,66.7693878 246.07807,68.9918367 L246.07807,100.510204 L228.162535,100.510204 C166.863084,100.510204 129.166282,117.167347 115.274437,150.459184 C110.666301,161.54898 108.350993,175.310204 108.350993,191.742857 C108.350993,205.279592 113.903236,223.912245 124.760454,247.438776 C125.00772,248.112245 125.457294,249.010204 126.154134,250.559184 Z" id="Shape" fill="#FFFFFF" transform="translate(218.496689, 160.000000) scale(-1, 1) translate(-218.496689, -160.000000) "></path>
-					</g>
-				</g>
-				<!-- File -->
-				<g id="file" stroke="#000" stroke-width="25" fill="#FFF" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round">
-					<path d="M13 24.12v274.76c0 6.16 5.87 11.12 13.17 11.12H239c7.3 0 13.17-4.96 13.17-11.12V136.15S132.6 13 128.37 13H26.17C18.87 13 13 17.96 13 24.12z"/>
-					<path d="M129.37 13L129 113.9c0 10.58 7.26 19.1 16.27 19.1H249L129.37 13z"/>
-				</g>
-				<g id="file-shortcut" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-					<g id="file-shortcut-group" transform="translate(13.000000, 13.000000)">
-						<g id="file-shortcut-shape" stroke="#000000" stroke-width="25" fill="#FFFFFF" stroke-linecap="round" stroke-linejoin="round">
-							<path d="M0,11.1214886 L0,285.878477 C0,292.039924 5.87498876,296.999983 13.1728373,296.999983 L225.997983,296.999983 C233.295974,296.999983 239.17082,292.039942 239.17082,285.878477 L239.17082,123.145388 C239.17082,123.145388 119.58541,2.84217094e-14 115.369423,2.84217094e-14 L13.1728576,2.84217094e-14 C5.87500907,-1.71479982e-05 0,4.96022995 0,11.1214886 Z" id="rect1171"></path>
-							<path d="M116.37005,0 L116,100.904964 C116,111.483663 123.258008,120 132.273377,120 L236,120 L116.37005,0 L116.37005,0 Z" id="rect1794"></path>
-						</g>
-						<path d="M47.803141,294.093878 C48.4999811,295.177551 48.9495553,296.095918 49.4216083,296.995918 C50.1184484,297.895918 50.5680227,298.630612 51.2873415,299.365306 C52.2089688,300.44898 53.3778619,301 54.7490634,301 C56.1427436,301 57.0643709,300.632653 57.761211,299.916327 C58.4580511,299.365306 58.9076254,298.465306 58.9076254,297.381633 C58.9076254,296.830612 58.9076254,295.930612 58.6828382,294.828571 C58.4355724,293.561224 58.2107852,292.844898 58.2107852,292.477551 C57.7387323,287.757143 57.5139451,283.753061 57.5139451,279.95102 C57.5139451,273.228571 58.4355724,267.057143 59.8292526,261.602041 C61.44772,256.165306 63.5382403,251.610204 66.0783349,247.62449 C68.8656954,243.620408 72.3274172,240.35102 76.4859792,237.44898 C80.6445412,234.546939 85.2751561,232.177551 90.1305582,230.359184 C94.9859603,228.540816 100.76299,227.089796 107.236859,226.006122 C113.710728,225.087755 120.409385,224.371429 127.13052,223.820408 C133.829177,223.453061 141.247152,223.269388 149.811542,223.269388 L167.704598,223.269388 L167.704598,249.057143 C167.704598,250.87551 168.401438,252.326531 170.019905,253.593878 C171.86316,254.861224 173.728893,255.595918 176.021722,255.595918 C178.112242,255.595918 180.180284,254.861224 181.82123,253.593878 L247.751296,201.834694 C249.369763,200.567347 250.291391,199.116327 250.291391,197.297959 C250.291391,195.479592 249.369763,194.028571 247.751296,192.761224 L181.82123,141.002041 C180.202763,139.734694 178.112242,139 176.044201,139 C173.728893,139 171.885639,139.734694 170.042384,141.002041 C168.423917,142.269388 167.727077,143.720408 167.727077,145.538776 L167.727077,171.326531 L149.811542,171.326531 C88.5120908,171.326531 50.8152886,184.955102 36.9234437,212.193878 C32.3153075,221.267347 30,232.526531 30,245.971429 C30,257.046939 35.5522422,272.291837 46.4094607,291.540816 C46.6567266,292.091837 47.1063009,292.826531 47.803141,294.093878 Z" id="Shape-Copy" fill="#000000" fill-rule="nonzero" transform="translate(140.145695, 220.000000) scale(-1, 1) translate(-140.145695, -220.000000) "></path>
-					</g>
-				</g>
-				<!-- Up arrow -->
-				<g id="up-arrow" transform="translate(-279.22 -208.12)">
-					<path transform="matrix(.22413 0 0 .12089 335.67 164.35)" stroke-width="0" d="m-194.17 412.01h-28.827-28.827l14.414-24.965 14.414-24.965 14.414 24.965z"/>
-				</g>
-				<!-- Down arrow -->
-				<g id="down-arrow" transform="translate(-279.22 -208.12)">
-					<path transform="matrix(.22413 0 0 -.12089 335.67 257.93)" stroke-width="0" d="m-194.17 412.01h-28.827-28.827l14.414-24.965 14.414-24.965 14.414 24.965z"/>
-				</g>
-			</defs>
-		</svg>
-		<header>
-			<h1>
-				{{range $i, $crumb := .Breadcrumb}}<a href="{{html $crumb.Link}}">{{html $crumb.Text}}</a>{{if ne $i 0}}/{{end}}{{end}}
-			</h1>
-		</header>
-		<main>
-			<div class="meta">
-				<div id="summary">
-					<span class="meta-item"><input type="text" placeholder="filter" id="filter" onkeyup='filter()'></span>
-				</div>
-			</div>
-			<div class="listing">
-				<table aria-describedby="summary">
-					<thead>
-					<tr>
-						<th></th>
-						<th>
-							<a href="?sort=namedirfirst&order=asc" class="icon sort order"><svg class="top" width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#up-arrow"></use></svg><svg class="bottom" width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#down-arrow"></use></svg></a>
-							
-							<a href="?sort=name&order=asc" class="order">Name</a>
-						</th>
-						<th>
-							<a href="?sort=size&order=asc" class="order">Size</a>
-						</th>
-						<th class="hideable">
-							<a href="?sort=time&order=asc" class="order">Modified</a>
-						</th>
-						<th class="hideable"></th>
-					</tr>
-					</thead>
-					<tbody>
-					<tr>
-						<td></td>
-						<td>
-							<a href="..">
-								<span class="goup">Go up</span>
-							</a>
-						</td>
-						<td>&mdash;</td>
-						<td class="hideable">&mdash;</td>
-						<td class="hideable"></td>
-					</tr>
-					{{- range .Entries}}
-					<tr class="file">
-						<td>
-						</td>
-						<td>
-							{{- if .IsDir}}
-							<svg width="1.5em" height="1em" version="1.1" viewBox="0 0 317 259"><use xlink:href="#folder"></use></svg>
-							{{- else}}
-							<svg width="1.5em" height="1em" version="1.1" viewBox="0 0 265 323"><use xlink:href="#file"></use></svg>
-							{{- end}}
-							<span class="name"><a href="{{html .URL}}">{{html .Leaf}}</a></span>
-						</td>
-						{{- if .IsDir}}
-						<td data-order="-1">&mdash;</td>
-						{{- else}}
-						<td data-order="{{.Size}}"><size>{{.Size}}</size></td>
-						{{- end}}
-						{{- if .ModTime | afterEpoch }}
-						<td class="hideable"><time datetime="{{.ModTime }}">{{.ModTime }}</time></td>
-						{{- else}}
-						<td class="hideable">—</td>
-						{{- end}}
-						<td class="hideable"></td>
-					</tr>
-					{{- end}}
-					</tbody>
-				</table>
-			</div>
-		</main>
-		<script>
-			var filterEl = document.getElementById('filter');
-			filterEl.focus();
-			function filter() {
-				var q = filterEl.value.trim().toLowerCase();
-				var elems = document.querySelectorAll('tr.file');
-				elems.forEach(function(el) {
-					if (!q) {
-						el.style.display = '';
-						return;
-					}
-					var nameEl = el.querySelector('.name');
-					var nameVal = nameEl.textContent.trim().toLowerCase();
-					if (nameVal.indexOf(q) !== -1) {
-						el.style.display = '';
-					} else {
-						el.style.display = 'none';
-					}
-				});
-			}
-			function localizeDatetime(e, index, ar) {
-				if (e.textContent === undefined) {
-					return;
-				}
-				var d = new Date(e.getAttribute('datetime'));
-				if (isNaN(d)) {
-					d = new Date(e.textContent);
-					if (isNaN(d)) {
-						return;
-					}
-				}
-				e.textContent = d.toLocaleString([], {day: "2-digit", month: "2-digit", year: "numeric", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-			}
-			var timeList = Array.prototype.slice.call(document.getElementsByTagName("time"));
-			timeList.forEach(localizeDatetime);
-
-			var getUrlParameter = function getUrlParameter(sParam) {
-				var sPageURL = window.location.search.substring(1),
-				sURLVariables = sPageURL.split('&'),
-				sParameterName,
-				i;
-
-				for (i = 0; i < sURLVariables.length; i++) {
-					sParameterName = sURLVariables[i].split('=');
-
-					if (sParameterName[0] === sParam) {
-						return sParameterName[1] === undefined ? true : decodeURIComponent(sParameterName[1]);
-					}
-				}
-			};
-			function toggle(className){
-				var order = getUrlParameter('order');
-				var elements = document.getElementsByClassName(className);
-				for(var i = 0, length = elements.length; i < length; i++) {
-					var currHref = elements[i].href;
-					if(order=='desc'){ 
-						var chg = currHref.replace('desc', 'asc');
-						elements[i].href = chg;
-					}
-					if(order=='asc'){ 
-						var chg = currHref.replace('asc', 'desc');
-						elements[i].href = chg;
-					}
-				}
-			};
-			function readableFileSize(size) {
-				var units = ['B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB'];
-				var i = 0;
-				while(size >= 1024) {
-					size /= 1024;
-					++i;
-				}
-				return parseFloat(size).toFixed(2) + ' ' + units[i];
-			}
-
-			function changeSize() {
-				var sizes = document.getElementsByTagName("size");
-
-				for (var i = 0; i < sizes.length; i++) {
-					humanSize = readableFileSize(sizes[i].innerHTML);
-					sizes[i].innerHTML = humanSize
-				}
-			}
-		</script>
-	</body>
-</html>
diff --git a/cmd/serve/http/http.go b/cmd/serve/http/http.go
index 0385b21c758dc..6af35ccd9f21f 100644
--- a/cmd/serve/http/http.go
+++ b/cmd/serve/http/http.go
@@ -22,6 +22,7 @@ import (
 	"github.com/rclone/rclone/fs/accounting"
 	libhttp "github.com/rclone/rclone/lib/http"
 	"github.com/rclone/rclone/lib/http/serve"
+	"github.com/rclone/rclone/lib/systemd"
 	"github.com/rclone/rclone/vfs"
 	"github.com/rclone/rclone/vfs/vfsflags"
 	"github.com/spf13/cobra"
@@ -44,11 +45,15 @@ var DefaultOpt = Options{
 // Opt is options set by command line flags
 var Opt = DefaultOpt
 
+// flagPrefix is the prefix used to uniquely identify command line flags.
+// It is intentionally empty for this package.
+const flagPrefix = ""
+
 func init() {
 	flagSet := Command.Flags()
-	libhttp.AddAuthFlagsPrefix(flagSet, "", &Opt.Auth)
-	libhttp.AddHTTPFlagsPrefix(flagSet, "", &Opt.HTTP)
-	libhttp.AddTemplateFlagsPrefix(flagSet, "", &Opt.Template)
+	libhttp.AddAuthFlagsPrefix(flagSet, flagPrefix, &Opt.Auth)
+	libhttp.AddHTTPFlagsPrefix(flagSet, flagPrefix, &Opt.HTTP)
+	libhttp.AddTemplateFlagsPrefix(flagSet, flagPrefix, &Opt.Template)
 	vfsflags.AddFlags(flagSet)
 	proxyflags.AddFlags(flagSet)
 }
@@ -68,9 +73,10 @@ The server will log errors.  Use ` + "`-v`" + ` to see access logs.
 
 ` + "`--bwlimit`" + ` will be respected for file transfers.  Use ` + "`--stats`" + ` to
 control the stats printing.
-` + libhttp.Help + libhttp.TemplateHelp + libhttp.AuthHelp + vfs.Help + proxy.Help,
+` + libhttp.Help(flagPrefix) + libhttp.TemplateHelp(flagPrefix) + libhttp.AuthHelp(flagPrefix) + vfs.Help + proxy.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.39",
+		"groups":            "Filter",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		var f fs.Fs
@@ -87,6 +93,7 @@ control the stats printing.
 				log.Fatal(err)
 			}
 
+			defer systemd.Notify()()
 			s.server.Wait()
 			return nil
 		})
diff --git a/cmd/serve/nfs/filesystem.go b/cmd/serve/nfs/filesystem.go
new file mode 100644
index 0000000000000..25916e0ddc804
--- /dev/null
+++ b/cmd/serve/nfs/filesystem.go
@@ -0,0 +1,159 @@
+//go:build unix
+// +build unix
+
+package nfs
+
+import (
+	"os"
+	"path"
+	"strings"
+	"time"
+
+	billy "github.com/go-git/go-billy/v5"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/vfs"
+	"github.com/rclone/rclone/vfs/vfscommon"
+)
+
+// FS is our wrapper around the VFS to properly support billy.Filesystem interface
+type FS struct {
+	vfs *vfs.VFS
+}
+
+// ReadDir implements read dir
+func (f *FS) ReadDir(path string) (dir []os.FileInfo, err error) {
+	return f.vfs.ReadDir(path)
+}
+
+// Create implements creating new files
+func (f *FS) Create(filename string) (billy.File, error) {
+	return f.vfs.Create(filename)
+}
+
+// Open opens a file
+func (f *FS) Open(filename string) (billy.File, error) {
+	return f.vfs.Open(filename)
+}
+
+// OpenFile opens a file
+func (f *FS) OpenFile(filename string, flag int, perm os.FileMode) (billy.File, error) {
+	return f.vfs.OpenFile(filename, flag, perm)
+}
+
+// Stat gets the file stat
+func (f *FS) Stat(filename string) (os.FileInfo, error) {
+	return f.vfs.Stat(filename)
+}
+
+// Rename renames a file
+func (f *FS) Rename(oldpath, newpath string) error {
+	return f.vfs.Rename(oldpath, newpath)
+}
+
+// Remove deletes a file
+func (f *FS) Remove(filename string) error {
+	return f.vfs.Remove(filename)
+}
+
+// Join joins path elements
+func (f *FS) Join(elem ...string) string {
+	return path.Join(elem...)
+}
+
+// TempFile is not implemented
+func (f *FS) TempFile(dir, prefix string) (billy.File, error) {
+	return nil, os.ErrInvalid
+}
+
+// MkdirAll creates a directory and all the ones above it
+// it does not redirect to VFS.MkDirAll because that one doesn't
+// honor the permissions
+func (f *FS) MkdirAll(filename string, perm os.FileMode) error {
+	parts := strings.Split(filename, "/")
+	for i := range parts {
+		current := strings.Join(parts[:i+1], "/")
+		_, err := f.Stat(current)
+		if err == vfs.ENOENT {
+			err = f.vfs.Mkdir(current, perm)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// Lstat gets the stats for symlink
+func (f *FS) Lstat(filename string) (os.FileInfo, error) {
+	return f.vfs.Stat(filename)
+}
+
+// Symlink is not supported over NFS
+func (f *FS) Symlink(target, link string) error {
+	return os.ErrInvalid
+}
+
+// Readlink is not supported
+func (f *FS) Readlink(link string) (string, error) {
+	return "", os.ErrInvalid
+}
+
+// Chmod changes the file modes
+func (f *FS) Chmod(name string, mode os.FileMode) error {
+	file, err := f.vfs.Open(name)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err := file.Close(); err != nil {
+			fs.Logf(f, "Error while closing file: %e", err)
+		}
+	}()
+	return file.Chmod(mode)
+}
+
+// Lchown changes the owner of symlink
+func (f *FS) Lchown(name string, uid, gid int) error {
+	return f.Chown(name, uid, gid)
+}
+
+// Chown changes owner of the file
+func (f *FS) Chown(name string, uid, gid int) error {
+	file, err := f.vfs.Open(name)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err := file.Close(); err != nil {
+			fs.Logf(f, "Error while closing file: %e", err)
+		}
+	}()
+	return file.Chown(uid, gid)
+}
+
+// Chtimes changes the acces time and modified time
+func (f *FS) Chtimes(name string, atime time.Time, mtime time.Time) error {
+	return f.vfs.Chtimes(name, atime, mtime)
+}
+
+// Chroot is not supported in VFS
+func (f *FS) Chroot(path string) (billy.Filesystem, error) {
+	return nil, os.ErrInvalid
+}
+
+// Root  returns the root of a VFS
+func (f *FS) Root() string {
+	return f.vfs.Fs().Root()
+}
+
+// Capabilities exports the filesystem capabilities
+func (f *FS) Capabilities() billy.Capability {
+	if f.vfs.Opt.CacheMode == vfscommon.CacheModeOff {
+		return billy.ReadCapability | billy.SeekCapability
+	}
+	return billy.WriteCapability | billy.ReadCapability |
+		billy.ReadAndWriteCapability | billy.SeekCapability | billy.TruncateCapability
+}
+
+// Interface check
+var _ billy.Filesystem = (*FS)(nil)
diff --git a/cmd/serve/nfs/handler.go b/cmd/serve/nfs/handler.go
new file mode 100644
index 0000000000000..4a34d6138f76b
--- /dev/null
+++ b/cmd/serve/nfs/handler.go
@@ -0,0 +1,70 @@
+//go:build unix
+// +build unix
+
+package nfs
+
+import (
+	"context"
+	"net"
+
+	"github.com/go-git/go-billy/v5"
+	"github.com/rclone/rclone/vfs"
+	"github.com/willscott/go-nfs"
+	nfshelper "github.com/willscott/go-nfs/helpers"
+)
+
+// NewBackendAuthHandler creates a handler for the provided filesystem
+func NewBackendAuthHandler(vfs *vfs.VFS) nfs.Handler {
+	return &BackendAuthHandler{vfs}
+}
+
+// BackendAuthHandler returns a NFS backing that exposes a given file system in response to all mount requests.
+type BackendAuthHandler struct {
+	vfs *vfs.VFS
+}
+
+// Mount backs Mount RPC Requests, allowing for access control policies.
+func (h *BackendAuthHandler) Mount(ctx context.Context, conn net.Conn, req nfs.MountRequest) (status nfs.MountStatus, hndl billy.Filesystem, auths []nfs.AuthFlavor) {
+	status = nfs.MountStatusOk
+	hndl = &FS{vfs: h.vfs}
+	auths = []nfs.AuthFlavor{nfs.AuthFlavorNull}
+	return
+}
+
+// Change provides an interface for updating file attributes.
+func (h *BackendAuthHandler) Change(fs billy.Filesystem) billy.Change {
+	if c, ok := fs.(billy.Change); ok {
+		return c
+	}
+	return nil
+}
+
+// FSStat provides information about a filesystem.
+func (h *BackendAuthHandler) FSStat(ctx context.Context, f billy.Filesystem, s *nfs.FSStat) error {
+	total, _, free := h.vfs.Statfs()
+	s.TotalSize = uint64(total)
+	s.FreeSize = uint64(free)
+	s.AvailableSize = uint64(free)
+	return nil
+}
+
+// ToHandle handled by CachingHandler
+func (h *BackendAuthHandler) ToHandle(f billy.Filesystem, s []string) []byte {
+	return []byte{}
+}
+
+// FromHandle handled by CachingHandler
+func (h *BackendAuthHandler) FromHandle([]byte) (billy.Filesystem, []string, error) {
+	return nil, []string{}, nil
+}
+
+// HandleLimit handled by cachingHandler
+func (h *BackendAuthHandler) HandleLimit() int {
+	return -1
+}
+
+func newHandler(vfs *vfs.VFS) nfs.Handler {
+	handler := NewBackendAuthHandler(vfs)
+	cacheHelper := nfshelper.NewCachingHandler(handler, 1024)
+	return cacheHelper
+}
diff --git a/cmd/serve/nfs/nfs.go b/cmd/serve/nfs/nfs.go
new file mode 100644
index 0000000000000..3e4722cb64661
--- /dev/null
+++ b/cmd/serve/nfs/nfs.go
@@ -0,0 +1,97 @@
+//go:build unix
+// +build unix
+
+// Package nfs implements a server to serve a VFS remote over NFSv3 protocol
+//
+// There is no authentication available on this server
+// and it is served on loopback interface by default.
+//
+// This is primarily used for mounting a VFS remote
+// in macOS, where FUSE-mounting mechanisms are usually not available.
+package nfs
+
+import (
+	"context"
+
+	"github.com/rclone/rclone/cmd"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config/flags"
+	"github.com/rclone/rclone/fs/rc"
+	"github.com/rclone/rclone/vfs"
+	"github.com/rclone/rclone/vfs/vfsflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+// Options contains options for the NFS Server
+type Options struct {
+	ListenAddr string // Port to listen on
+}
+
+var opt Options
+
+// AddFlags adds flags for the sftp
+func AddFlags(flagSet *pflag.FlagSet, Opt *Options) {
+	rc.AddOption("nfs", &Opt)
+	flags.StringVarP(flagSet, &Opt.ListenAddr, "addr", "", Opt.ListenAddr, "IPaddress:Port or :Port to bind server to", "")
+}
+
+func init() {
+	vfsflags.AddFlags(Command.Flags())
+	AddFlags(Command.Flags(), &opt)
+}
+
+// Run the command
+func Run(command *cobra.Command, args []string) {
+	var f fs.Fs
+	cmd.CheckArgs(1, 1, command, args)
+	f = cmd.NewFsSrc(args)
+	cmd.Run(false, true, command, func() error {
+		s, err := NewServer(context.Background(), vfs.New(f, &vfsflags.Opt), &opt)
+		if err != nil {
+			return err
+		}
+		return s.Serve()
+	})
+}
+
+// Command is the definition of the command
+var Command = &cobra.Command{
+	Use:   "nfs remote:path",
+	Short: `Serve the remote as an NFS mount`,
+	Long: `Create an NFS server that serves the given remote over the network.
+	
+The primary purpose for this command is to enable [mount command](/commands/rclone_mount/) on recent macOS versions where
+installing FUSE is very cumbersome. 
+
+Since this is running on NFSv3, no authentication method is available. Any client
+will be able to access the data. To limit access, you can use serve NFS on loopback address
+and rely on secure tunnels (such as SSH). For this reason, by default, a random TCP port is chosen and loopback interface is used for the listening address;
+meaning that it is only available to the local machine. If you want other machines to access the
+NFS mount over local network, you need to specify the listening address and port using ` + "`--addr`" + ` flag.
+
+Modifying files through NFS protocol requires VFS caching. Usually you will need to specify ` + "`--vfs-cache-mode`" + `
+in order to be able to write to the mountpoint (full is recommended). If you don't specify VFS cache mode,
+the mount will be read-only.
+
+To serve NFS over the network use following command:
+
+    rclone serve nfs remote: --addr 0.0.0.0:$PORT --vfs-cache-mode=full
+
+We specify a specific port that we can use in the mount command:
+
+To mount the server under Linux/macOS, use the following command:
+    
+    mount -oport=$PORT,mountport=$PORT $HOSTNAME: path/to/mountpoint
+
+Where ` + "`$PORT`" + ` is the same port number we used in the serve nfs command.
+
+This feature is only available on Unix platforms.
+
+` + vfs.Help,
+	Annotations: map[string]string{
+		"versionIntroduced": "v1.65",
+		"groups":            "Filter",
+	},
+	Run: Run,
+}
diff --git a/cmd/serve/nfs/nfs_unsupported.go b/cmd/serve/nfs/nfs_unsupported.go
new file mode 100644
index 0000000000000..99b2f6df63066
--- /dev/null
+++ b/cmd/serve/nfs/nfs_unsupported.go
@@ -0,0 +1,13 @@
+// For unsupported architectures
+//go:build !unix
+// +build !unix
+
+// Package nfs is not supported on non-Unix platforms
+package nfs
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// For unsupported platforms we just put nil
+var Command *cobra.Command = nil
diff --git a/cmd/serve/nfs/server.go b/cmd/serve/nfs/server.go
new file mode 100644
index 0000000000000..c66e687a901df
--- /dev/null
+++ b/cmd/serve/nfs/server.go
@@ -0,0 +1,61 @@
+//go:build unix
+// +build unix
+
+package nfs
+
+import (
+	"context"
+	"net"
+
+	nfs "github.com/willscott/go-nfs"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/vfs"
+	"github.com/rclone/rclone/vfs/vfscommon"
+)
+
+// Server contains everything to run the Server
+type Server struct {
+	opt      Options
+	handler  nfs.Handler
+	ctx      context.Context // for global config
+	listener net.Listener
+}
+
+// NewServer creates a new server
+func NewServer(ctx context.Context, vfs *vfs.VFS, opt *Options) (s *Server, err error) {
+	if vfs.Opt.CacheMode == vfscommon.CacheModeOff {
+		fs.LogPrintf(fs.LogLevelWarning, ctx, "NFS writes don't work without a cache, the filesystem will be served read-only")
+	}
+	// Our NFS server doesn't have any authentication, we run it on localhost and random port by default
+	if opt.ListenAddr == "" {
+		opt.ListenAddr = "localhost:"
+	}
+
+	s = &Server{
+		ctx: ctx,
+		opt: *opt,
+	}
+	s.handler = newHandler(vfs)
+	s.listener, err = net.Listen("tcp", s.opt.ListenAddr)
+	if err != nil {
+		fs.Errorf(nil, "NFS server failed to listen: %v\n", err)
+	}
+	return
+}
+
+// Addr returns the listening address of the server
+func (s *Server) Addr() net.Addr {
+	return s.listener.Addr()
+}
+
+// Shutdown stops the server
+func (s *Server) Shutdown() error {
+	return s.listener.Close()
+}
+
+// Serve starts the server
+func (s *Server) Serve() (err error) {
+	fs.Logf(nil, "NFS Server running at %s\n", s.listener.Addr())
+	return nfs.Serve(s.listener, s.handler)
+}
diff --git a/cmd/serve/proxy/proxyflags/proxyflags.go b/cmd/serve/proxy/proxyflags/proxyflags.go
index 043cc6e4426a6..33fa5512dd535 100644
--- a/cmd/serve/proxy/proxyflags/proxyflags.go
+++ b/cmd/serve/proxy/proxyflags/proxyflags.go
@@ -14,5 +14,5 @@ var (
 
 // AddFlags adds the non filing system specific flags to the command
 func AddFlags(flagSet *pflag.FlagSet) {
-	flags.StringVarP(flagSet, &Opt.AuthProxy, "auth-proxy", "", Opt.AuthProxy, "A program to use to create the backend from the auth")
+	flags.StringVarP(flagSet, &Opt.AuthProxy, "auth-proxy", "", Opt.AuthProxy, "A program to use to create the backend from the auth", "")
 }
diff --git a/cmd/serve/restic/restic.go b/cmd/serve/restic/restic.go
index fbdc947e13d8d..be56fe947a05b 100644
--- a/cmd/serve/restic/restic.go
+++ b/cmd/serve/restic/restic.go
@@ -23,6 +23,7 @@ import (
 	"github.com/rclone/rclone/fs/walk"
 	libhttp "github.com/rclone/rclone/lib/http"
 	"github.com/rclone/rclone/lib/http/serve"
+	"github.com/rclone/rclone/lib/systemd"
 	"github.com/rclone/rclone/lib/terminal"
 	"github.com/spf13/cobra"
 	"golang.org/x/net/http2"
@@ -47,14 +48,18 @@ var DefaultOpt = Options{
 // Opt is options set by command line flags
 var Opt = DefaultOpt
 
+// flagPrefix is the prefix used to uniquely identify command line flags.
+// It is intentionally empty for this package.
+const flagPrefix = ""
+
 func init() {
 	flagSet := Command.Flags()
-	libhttp.AddAuthFlagsPrefix(flagSet, "", &Opt.Auth)
-	libhttp.AddHTTPFlagsPrefix(flagSet, "", &Opt.HTTP)
-	flags.BoolVarP(flagSet, &Opt.Stdio, "stdio", "", false, "Run an HTTP2 server on stdin/stdout")
-	flags.BoolVarP(flagSet, &Opt.AppendOnly, "append-only", "", false, "Disallow deletion of repository data")
-	flags.BoolVarP(flagSet, &Opt.PrivateRepos, "private-repos", "", false, "Users can only access their private repo")
-	flags.BoolVarP(flagSet, &Opt.CacheObjects, "cache-objects", "", true, "Cache listed objects")
+	libhttp.AddAuthFlagsPrefix(flagSet, flagPrefix, &Opt.Auth)
+	libhttp.AddHTTPFlagsPrefix(flagSet, flagPrefix, &Opt.HTTP)
+	flags.BoolVarP(flagSet, &Opt.Stdio, "stdio", "", false, "Run an HTTP2 server on stdin/stdout", "")
+	flags.BoolVarP(flagSet, &Opt.AppendOnly, "append-only", "", false, "Disallow deletion of repository data", "")
+	flags.BoolVarP(flagSet, &Opt.PrivateRepos, "private-repos", "", false, "Users can only access their private repo", "")
+	flags.BoolVarP(flagSet, &Opt.CacheObjects, "cache-objects", "", true, "Cache listed objects", "")
 }
 
 // Command definition for cobra
@@ -142,7 +147,7 @@ these **must** end with /.  Eg
 
 The` + "`--private-repos`" + ` flag can be used to limit users to repositories starting
 with a path of ` + "`/<username>/`" + `.
-` + libhttp.Help + libhttp.AuthHelp,
+` + libhttp.Help(flagPrefix) + libhttp.AuthHelp(flagPrefix),
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.40",
 	},
@@ -173,7 +178,10 @@ with a path of ` + "`/<username>/`" + `.
 				return nil
 			}
 			fs.Logf(s.f, "Serving restic REST API on %s", s.URLs())
+
+			defer systemd.Notify()()
 			s.Wait()
+
 			return nil
 		})
 	},
diff --git a/cmd/serve/s3/backend.go b/cmd/serve/s3/backend.go
new file mode 100644
index 0000000000000..397760102b40b
--- /dev/null
+++ b/cmd/serve/s3/backend.go
@@ -0,0 +1,468 @@
+// Package s3 implements an s3 server for rclone
+package s3
+
+import (
+	"context"
+	"encoding/hex"
+	"io"
+	"os"
+	"path"
+	"strings"
+	"sync"
+
+	"github.com/Mikubill/gofakes3"
+	"github.com/ncw/swift/v2"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/vfs"
+)
+
+var (
+	emptyPrefix = &gofakes3.Prefix{}
+	timeFormat  = "Mon, 2 Jan 2006 15:04:05.999999999 GMT"
+)
+
+// s3Backend implements the gofacess3.Backend interface to make an S3
+// backend for gofakes3
+type s3Backend struct {
+	opt  *Options
+	vfs  *vfs.VFS
+	meta *sync.Map
+}
+
+// newBackend creates a new SimpleBucketBackend.
+func newBackend(vfs *vfs.VFS, opt *Options) gofakes3.Backend {
+	return &s3Backend{
+		vfs:  vfs,
+		opt:  opt,
+		meta: new(sync.Map),
+	}
+}
+
+// ListBuckets always returns the default bucket.
+func (b *s3Backend) ListBuckets() ([]gofakes3.BucketInfo, error) {
+	dirEntries, err := getDirEntries("/", b.vfs)
+	if err != nil {
+		return nil, err
+	}
+	var response []gofakes3.BucketInfo
+	for _, entry := range dirEntries {
+		if entry.IsDir() {
+			response = append(response, gofakes3.BucketInfo{
+				Name:         gofakes3.URLEncode(entry.Name()),
+				CreationDate: gofakes3.NewContentTime(entry.ModTime()),
+			})
+		}
+		// FIXME: handle files in root dir
+	}
+
+	return response, nil
+}
+
+// ListBucket lists the objects in the given bucket.
+func (b *s3Backend) ListBucket(bucket string, prefix *gofakes3.Prefix, page gofakes3.ListBucketPage) (*gofakes3.ObjectList, error) {
+	_, err := b.vfs.Stat(bucket)
+	if err != nil {
+		return nil, gofakes3.BucketNotFound(bucket)
+	}
+	if prefix == nil {
+		prefix = emptyPrefix
+	}
+
+	// workaround
+	if strings.TrimSpace(prefix.Prefix) == "" {
+		prefix.HasPrefix = false
+	}
+	if strings.TrimSpace(prefix.Delimiter) == "" {
+		prefix.HasDelimiter = false
+	}
+
+	response := gofakes3.NewObjectList()
+	if b.vfs.Fs().Features().BucketBased || prefix.HasDelimiter && prefix.Delimiter != "/" {
+		err = b.getObjectsListArbitrary(bucket, prefix, response)
+	} else {
+		path, remaining := prefixParser(prefix)
+		err = b.entryListR(bucket, path, remaining, prefix.HasDelimiter, response)
+	}
+
+	if err == gofakes3.ErrNoSuchKey {
+		// AWS just returns an empty list
+		response = gofakes3.NewObjectList()
+	} else if err != nil {
+		return nil, err
+	}
+
+	return b.pager(response, page)
+}
+
+// HeadObject returns the fileinfo for the given object name.
+//
+// Note that the metadata is not supported yet.
+func (b *s3Backend) HeadObject(bucketName, objectName string) (*gofakes3.Object, error) {
+	_, err := b.vfs.Stat(bucketName)
+	if err != nil {
+		return nil, gofakes3.BucketNotFound(bucketName)
+	}
+
+	fp := path.Join(bucketName, objectName)
+	node, err := b.vfs.Stat(fp)
+	if err != nil {
+		return nil, gofakes3.KeyNotFound(objectName)
+	}
+
+	if !node.IsFile() {
+		return nil, gofakes3.KeyNotFound(objectName)
+	}
+
+	entry := node.DirEntry()
+	if entry == nil {
+		return nil, gofakes3.KeyNotFound(objectName)
+	}
+
+	fobj := entry.(fs.Object)
+	size := node.Size()
+	hash := getFileHashByte(fobj)
+
+	meta := map[string]string{
+		"Last-Modified": node.ModTime().Format(timeFormat),
+		"Content-Type":  fs.MimeType(context.Background(), fobj),
+	}
+
+	if val, ok := b.meta.Load(fp); ok {
+		metaMap := val.(map[string]string)
+		for k, v := range metaMap {
+			meta[k] = v
+		}
+	}
+
+	return &gofakes3.Object{
+		Name:     objectName,
+		Hash:     hash,
+		Metadata: meta,
+		Size:     size,
+		Contents: noOpReadCloser{},
+	}, nil
+}
+
+// GetObject fetchs the object from the filesystem.
+func (b *s3Backend) GetObject(bucketName, objectName string, rangeRequest *gofakes3.ObjectRangeRequest) (obj *gofakes3.Object, err error) {
+	_, err = b.vfs.Stat(bucketName)
+	if err != nil {
+		return nil, gofakes3.BucketNotFound(bucketName)
+	}
+
+	fp := path.Join(bucketName, objectName)
+	node, err := b.vfs.Stat(fp)
+	if err != nil {
+		return nil, gofakes3.KeyNotFound(objectName)
+	}
+
+	if !node.IsFile() {
+		return nil, gofakes3.KeyNotFound(objectName)
+	}
+
+	entry := node.DirEntry()
+	if entry == nil {
+		return nil, gofakes3.KeyNotFound(objectName)
+	}
+
+	fobj := entry.(fs.Object)
+	file := node.(*vfs.File)
+
+	size := node.Size()
+	hash := getFileHashByte(fobj)
+
+	in, err := file.Open(os.O_RDONLY)
+	if err != nil {
+		return nil, gofakes3.ErrInternal
+	}
+	defer func() {
+		// If an error occurs, the caller may not have access to Object.Body in order to close it:
+		if err != nil {
+			_ = in.Close()
+		}
+	}()
+
+	var rdr io.ReadCloser = in
+	rnge, err := rangeRequest.Range(size)
+	if err != nil {
+		return nil, err
+	}
+
+	if rnge != nil {
+		if _, err := in.Seek(rnge.Start, io.SeekStart); err != nil {
+			return nil, err
+		}
+		rdr = limitReadCloser(rdr, in.Close, rnge.Length)
+	}
+
+	meta := map[string]string{
+		"Last-Modified": node.ModTime().Format(timeFormat),
+		"Content-Type":  fs.MimeType(context.Background(), fobj),
+	}
+
+	if val, ok := b.meta.Load(fp); ok {
+		metaMap := val.(map[string]string)
+		for k, v := range metaMap {
+			meta[k] = v
+		}
+	}
+
+	return &gofakes3.Object{
+		Name:     gofakes3.URLEncode(objectName),
+		Hash:     hash,
+		Metadata: meta,
+		Size:     size,
+		Range:    rnge,
+		Contents: rdr,
+	}, nil
+}
+
+// TouchObject creates or updates meta on specified object.
+func (b *s3Backend) TouchObject(fp string, meta map[string]string) (result gofakes3.PutObjectResult, err error) {
+	_, err = b.vfs.Stat(fp)
+	if err == vfs.ENOENT {
+		f, err := b.vfs.Create(fp)
+		if err != nil {
+			return result, err
+		}
+		_ = f.Close()
+		return b.TouchObject(fp, meta)
+	} else if err != nil {
+		return result, err
+	}
+
+	_, err = b.vfs.Stat(fp)
+	if err != nil {
+		return result, err
+	}
+
+	b.meta.Store(fp, meta)
+
+	if val, ok := meta["X-Amz-Meta-Mtime"]; ok {
+		ti, err := swift.FloatStringToTime(val)
+		if err == nil {
+			return result, b.vfs.Chtimes(fp, ti, ti)
+		}
+		// ignore error since the file is successfully created
+	}
+
+	if val, ok := meta["mtime"]; ok {
+		ti, err := swift.FloatStringToTime(val)
+		if err == nil {
+			return result, b.vfs.Chtimes(fp, ti, ti)
+		}
+		// ignore error since the file is successfully created
+	}
+
+	return result, nil
+}
+
+// PutObject creates or overwrites the object with the given name.
+func (b *s3Backend) PutObject(
+	bucketName, objectName string,
+	meta map[string]string,
+	input io.Reader, size int64,
+) (result gofakes3.PutObjectResult, err error) {
+	_, err = b.vfs.Stat(bucketName)
+	if err != nil {
+		return result, gofakes3.BucketNotFound(bucketName)
+	}
+
+	fp := path.Join(bucketName, objectName)
+	objectDir := path.Dir(fp)
+	// _, err = db.fs.Stat(objectDir)
+	// if err == vfs.ENOENT {
+	// 	fs.Errorf(objectDir, "PutObject failed: path not found")
+	// 	return result, gofakes3.KeyNotFound(objectName)
+	// }
+
+	if objectDir != "." {
+		if err := mkdirRecursive(objectDir, b.vfs); err != nil {
+			return result, err
+		}
+	}
+
+	f, err := b.vfs.Create(fp)
+	if err != nil {
+		return result, err
+	}
+
+	if _, err := io.Copy(f, input); err != nil {
+		// remove file when i/o error occurred (FsPutErr)
+		_ = f.Close()
+		_ = b.vfs.Remove(fp)
+		return result, err
+	}
+
+	if err := f.Close(); err != nil {
+		// remove file when close error occurred (FsPutErr)
+		_ = b.vfs.Remove(fp)
+		return result, err
+	}
+
+	_, err = b.vfs.Stat(fp)
+	if err != nil {
+		return result, err
+	}
+
+	b.meta.Store(fp, meta)
+
+	if val, ok := meta["X-Amz-Meta-Mtime"]; ok {
+		ti, err := swift.FloatStringToTime(val)
+		if err == nil {
+			return result, b.vfs.Chtimes(fp, ti, ti)
+		}
+		// ignore error since the file is successfully created
+	}
+
+	if val, ok := meta["mtime"]; ok {
+		ti, err := swift.FloatStringToTime(val)
+		if err == nil {
+			return result, b.vfs.Chtimes(fp, ti, ti)
+		}
+		// ignore error since the file is successfully created
+	}
+
+	return result, nil
+}
+
+// DeleteMulti deletes multiple objects in a single request.
+func (b *s3Backend) DeleteMulti(bucketName string, objects ...string) (result gofakes3.MultiDeleteResult, rerr error) {
+	for _, object := range objects {
+		if err := b.deleteObject(bucketName, object); err != nil {
+			fs.Errorf("serve s3", "delete object failed: %v", err)
+			result.Error = append(result.Error, gofakes3.ErrorResult{
+				Code:    gofakes3.ErrInternal,
+				Message: gofakes3.ErrInternal.Message(),
+				Key:     object,
+			})
+		} else {
+			result.Deleted = append(result.Deleted, gofakes3.ObjectID{
+				Key: object,
+			})
+		}
+	}
+
+	return result, nil
+}
+
+// DeleteObject deletes the object with the given name.
+func (b *s3Backend) DeleteObject(bucketName, objectName string) (result gofakes3.ObjectDeleteResult, rerr error) {
+	return result, b.deleteObject(bucketName, objectName)
+}
+
+// deleteObject deletes the object from the filesystem.
+func (b *s3Backend) deleteObject(bucketName, objectName string) error {
+	_, err := b.vfs.Stat(bucketName)
+	if err != nil {
+		return gofakes3.BucketNotFound(bucketName)
+	}
+
+	fp := path.Join(bucketName, objectName)
+	// S3 does not report an error when attemping to delete a key that does not exist, so
+	// we need to skip IsNotExist errors.
+	if err := b.vfs.Remove(fp); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	// FIXME: unsafe operation
+	if b.vfs.Fs().Features().CanHaveEmptyDirectories {
+		rmdirRecursive(fp, b.vfs)
+	}
+	return nil
+}
+
+// CreateBucket creates a new bucket.
+func (b *s3Backend) CreateBucket(name string) error {
+	_, err := b.vfs.Stat(name)
+	if err != nil && err != vfs.ENOENT {
+		return gofakes3.ErrInternal
+	}
+
+	if err == nil {
+		return gofakes3.ErrBucketAlreadyExists
+	}
+
+	if err := b.vfs.Mkdir(name, 0755); err != nil {
+		return gofakes3.ErrInternal
+	}
+	return nil
+}
+
+// DeleteBucket deletes the bucket with the given name.
+func (b *s3Backend) DeleteBucket(name string) error {
+	_, err := b.vfs.Stat(name)
+	if err != nil {
+		return gofakes3.BucketNotFound(name)
+	}
+
+	if err := b.vfs.Remove(name); err != nil {
+		return gofakes3.ErrBucketNotEmpty
+	}
+
+	return nil
+}
+
+// BucketExists checks if the bucket exists.
+func (b *s3Backend) BucketExists(name string) (exists bool, err error) {
+	_, err = b.vfs.Stat(name)
+	if err != nil {
+		return false, nil
+	}
+
+	return true, nil
+}
+
+// CopyObject copy specified object from srcKey to dstKey.
+func (b *s3Backend) CopyObject(srcBucket, srcKey, dstBucket, dstKey string, meta map[string]string) (result gofakes3.CopyObjectResult, err error) {
+	fp := path.Join(srcBucket, srcKey)
+	if srcBucket == dstBucket && srcKey == dstKey {
+		b.meta.Store(fp, meta)
+
+		val, ok := meta["X-Amz-Meta-Mtime"]
+		if !ok {
+			if val, ok = meta["mtime"]; !ok {
+				return
+			}
+		}
+		// update modtime
+		ti, err := swift.FloatStringToTime(val)
+		if err != nil {
+			return result, nil
+		}
+
+		return result, b.vfs.Chtimes(fp, ti, ti)
+	}
+
+	cStat, err := b.vfs.Stat(fp)
+	if err != nil {
+		return
+	}
+
+	c, err := b.GetObject(srcBucket, srcKey, nil)
+	if err != nil {
+		return
+	}
+	defer func() {
+		_ = c.Contents.Close()
+	}()
+
+	for k, v := range c.Metadata {
+		if _, found := meta[k]; !found && k != "X-Amz-Acl" {
+			meta[k] = v
+		}
+	}
+	if _, ok := meta["mtime"]; !ok {
+		meta["mtime"] = swift.TimeToFloatString(cStat.ModTime())
+	}
+
+	_, err = b.PutObject(dstBucket, dstKey, meta, c.Contents, c.Size)
+	if err != nil {
+		return
+	}
+
+	return gofakes3.CopyObjectResult{
+		ETag:         `"` + hex.EncodeToString(c.Hash) + `"`,
+		LastModified: gofakes3.NewContentTime(cStat.ModTime()),
+	}, nil
+}
diff --git a/cmd/serve/s3/ioutils.go b/cmd/serve/s3/ioutils.go
new file mode 100644
index 0000000000000..9ca5e695d23f6
--- /dev/null
+++ b/cmd/serve/s3/ioutils.go
@@ -0,0 +1,34 @@
+package s3
+
+import "io"
+
+type noOpReadCloser struct{}
+
+type readerWithCloser struct {
+	io.Reader
+	closer func() error
+}
+
+var _ io.ReadCloser = &readerWithCloser{}
+
+func (d noOpReadCloser) Read(b []byte) (n int, err error) {
+	return 0, io.EOF
+}
+
+func (d noOpReadCloser) Close() error {
+	return nil
+}
+
+func limitReadCloser(rdr io.Reader, closer func() error, sz int64) io.ReadCloser {
+	return &readerWithCloser{
+		Reader: io.LimitReader(rdr, sz),
+		closer: closer,
+	}
+}
+
+func (rwc *readerWithCloser) Close() error {
+	if rwc.closer != nil {
+		return rwc.closer()
+	}
+	return nil
+}
diff --git a/cmd/serve/s3/list.go b/cmd/serve/s3/list.go
new file mode 100644
index 0000000000000..93f0f87e3f264
--- /dev/null
+++ b/cmd/serve/s3/list.go
@@ -0,0 +1,85 @@
+package s3
+
+import (
+	"context"
+	"path"
+	"strings"
+
+	"github.com/Mikubill/gofakes3"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/walk"
+)
+
+func (b *s3Backend) entryListR(bucket, fdPath, name string, acceptComPrefix bool, response *gofakes3.ObjectList) error {
+	fp := path.Join(bucket, fdPath)
+
+	dirEntries, err := getDirEntries(fp, b.vfs)
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range dirEntries {
+		object := entry.Name()
+
+		// workround for control-chars detect
+		objectPath := path.Join(fdPath, object)
+
+		if !strings.HasPrefix(object, name) {
+			continue
+		}
+
+		if entry.IsDir() {
+			if acceptComPrefix {
+				response.AddPrefix(gofakes3.URLEncode(objectPath))
+				continue
+			}
+			err := b.entryListR(bucket, path.Join(fdPath, object), "", false, response)
+			if err != nil {
+				return err
+			}
+		} else {
+			item := &gofakes3.Content{
+				Key:          gofakes3.URLEncode(objectPath),
+				LastModified: gofakes3.NewContentTime(entry.ModTime()),
+				ETag:         getFileHash(entry),
+				Size:         entry.Size(),
+				StorageClass: gofakes3.StorageStandard,
+			}
+			response.Add(item)
+		}
+	}
+	return nil
+}
+
+// getObjectsList lists the objects in the given bucket.
+func (b *s3Backend) getObjectsListArbitrary(bucket string, prefix *gofakes3.Prefix, response *gofakes3.ObjectList) error {
+	// ignore error - vfs may have uncommitted updates, such as new dir etc.
+	_ = walk.ListR(context.Background(), b.vfs.Fs(), bucket, false, -1, walk.ListObjects, func(entries fs.DirEntries) error {
+		for _, entry := range entries {
+			entry := entry.(fs.Object)
+			objName := entry.Remote()
+			object := strings.TrimPrefix(objName, bucket)[1:]
+
+			var matchResult gofakes3.PrefixMatch
+			if prefix.Match(object, &matchResult) {
+				if matchResult.CommonPrefix {
+					response.AddPrefix(gofakes3.URLEncode(object))
+					continue
+				}
+
+				item := &gofakes3.Content{
+					Key:          gofakes3.URLEncode(object),
+					LastModified: gofakes3.NewContentTime(entry.ModTime(context.Background())),
+					ETag:         getFileHash(entry),
+					Size:         entry.Size(),
+					StorageClass: gofakes3.StorageStandard,
+				}
+				response.Add(item)
+			}
+		}
+
+		return nil
+	})
+
+	return nil
+}
diff --git a/cmd/serve/s3/logger.go b/cmd/serve/s3/logger.go
new file mode 100644
index 0000000000000..8c9b3067bff17
--- /dev/null
+++ b/cmd/serve/s3/logger.go
@@ -0,0 +1,25 @@
+package s3
+
+import (
+	"fmt"
+
+	"github.com/Mikubill/gofakes3"
+	"github.com/rclone/rclone/fs"
+)
+
+// logger output formatted message
+type logger struct{}
+
+// print log message
+func (l logger) Print(level gofakes3.LogLevel, v ...interface{}) {
+	switch level {
+	default:
+		fallthrough
+	case gofakes3.LogErr:
+		fs.Errorf("serve s3", fmt.Sprintln(v...))
+	case gofakes3.LogWarn:
+		fs.Infof("serve s3", fmt.Sprintln(v...))
+	case gofakes3.LogInfo:
+		fs.Debugf("serve s3", fmt.Sprintln(v...))
+	}
+}
diff --git a/cmd/serve/s3/pager.go b/cmd/serve/s3/pager.go
new file mode 100644
index 0000000000000..1aa3c5e68b8c4
--- /dev/null
+++ b/cmd/serve/s3/pager.go
@@ -0,0 +1,66 @@
+// Package s3 implements a fake s3 server for rclone
+package s3
+
+import (
+	"sort"
+
+	"github.com/Mikubill/gofakes3"
+)
+
+// pager splits the object list into smulitply pages.
+func (db *s3Backend) pager(list *gofakes3.ObjectList, page gofakes3.ListBucketPage) (*gofakes3.ObjectList, error) {
+	// sort by alphabet
+	sort.Slice(list.CommonPrefixes, func(i, j int) bool {
+		return list.CommonPrefixes[i].Prefix < list.CommonPrefixes[j].Prefix
+	})
+	// sort by modtime
+	sort.Slice(list.Contents, func(i, j int) bool {
+		return list.Contents[i].LastModified.Before(list.Contents[j].LastModified.Time)
+	})
+	tokens := page.MaxKeys
+	if tokens == 0 {
+		tokens = 1000
+	}
+	if page.HasMarker {
+		for i, obj := range list.Contents {
+			if obj.Key == page.Marker {
+				list.Contents = list.Contents[i+1:]
+				break
+			}
+		}
+		for i, obj := range list.CommonPrefixes {
+			if obj.Prefix == page.Marker {
+				list.CommonPrefixes = list.CommonPrefixes[i+1:]
+				break
+			}
+		}
+	}
+
+	response := gofakes3.NewObjectList()
+	for _, obj := range list.CommonPrefixes {
+		if tokens <= 0 {
+			break
+		}
+		response.AddPrefix(obj.Prefix)
+		tokens--
+	}
+
+	for _, obj := range list.Contents {
+		if tokens <= 0 {
+			break
+		}
+		response.Add(obj)
+		tokens--
+	}
+
+	if len(list.CommonPrefixes)+len(list.Contents) > int(page.MaxKeys) {
+		response.IsTruncated = true
+		if len(response.Contents) > 0 {
+			response.NextMarker = response.Contents[len(response.Contents)-1].Key
+		} else {
+			response.NextMarker = response.CommonPrefixes[len(response.CommonPrefixes)-1].Prefix
+		}
+	}
+
+	return response, nil
+}
diff --git a/cmd/serve/s3/s3.go b/cmd/serve/s3/s3.go
new file mode 100644
index 0000000000000..db9e384915265
--- /dev/null
+++ b/cmd/serve/s3/s3.go
@@ -0,0 +1,81 @@
+package s3
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/rclone/rclone/cmd"
+	"github.com/rclone/rclone/fs/config/flags"
+	"github.com/rclone/rclone/fs/hash"
+	httplib "github.com/rclone/rclone/lib/http"
+	"github.com/rclone/rclone/vfs"
+	"github.com/rclone/rclone/vfs/vfsflags"
+	"github.com/spf13/cobra"
+)
+
+// DefaultOpt is the default values used for Options
+var DefaultOpt = Options{
+	pathBucketMode: true,
+	hashName:       "MD5",
+	hashType:       hash.MD5,
+	noCleanup:      false,
+	HTTP:           httplib.DefaultCfg(),
+}
+
+// Opt is options set by command line flags
+var Opt = DefaultOpt
+
+const flagPrefix = ""
+
+func init() {
+	flagSet := Command.Flags()
+	httplib.AddHTTPFlagsPrefix(flagSet, flagPrefix, &Opt.HTTP)
+	vfsflags.AddFlags(flagSet)
+	flags.BoolVarP(flagSet, &Opt.pathBucketMode, "force-path-style", "", Opt.pathBucketMode, "If true use path style access if false use virtual hosted style (default true)", "")
+	flags.StringVarP(flagSet, &Opt.hashName, "etag-hash", "", Opt.hashName, "Which hash to use for the ETag, or auto or blank for off", "")
+	flags.StringArrayVarP(flagSet, &Opt.authPair, "auth-key", "", Opt.authPair, "Set key pair for v4 authorization: access_key_id,secret_access_key", "")
+	flags.BoolVarP(flagSet, &Opt.noCleanup, "no-cleanup", "", Opt.noCleanup, "Not to cleanup empty folder after object is deleted", "")
+}
+
+//go:embed serve_s3.md
+var serveS3Help string
+
+// Command definition for cobra
+var Command = &cobra.Command{
+	Annotations: map[string]string{
+		"versionIntroduced": "v1.65",
+		"groups":            "Filter",
+		"status":            "Experimental",
+	},
+	Use:   "s3 remote:path",
+	Short: `Serve remote:path over s3.`,
+	Long:  serveS3Help + httplib.Help(flagPrefix) + vfs.Help,
+	RunE: func(command *cobra.Command, args []string) error {
+		cmd.CheckArgs(1, 1, command, args)
+		f := cmd.NewFsSrc(args)
+
+		if Opt.hashName == "auto" {
+			Opt.hashType = f.Hashes().GetOne()
+		} else if Opt.hashName != "" {
+			err := Opt.hashType.Set(Opt.hashName)
+			if err != nil {
+				return err
+			}
+		}
+		cmd.Run(false, false, command, func() error {
+			s, err := newServer(context.Background(), f, &Opt)
+			if err != nil {
+				return err
+			}
+			router := s.Router()
+			s.Bind(router)
+			err = s.serve()
+			if err != nil {
+				return err
+			}
+			s.Wait()
+			return nil
+		})
+		return nil
+	},
+}
diff --git a/cmd/serve/s3/s3_test.go b/cmd/serve/s3/s3_test.go
new file mode 100644
index 0000000000000..2622d5fbcd0f0
--- /dev/null
+++ b/cmd/serve/s3/s3_test.go
@@ -0,0 +1,204 @@
+// Serve s3 tests set up a server and run the integration tests
+// for the s3 remote against it.
+
+package s3
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+	"os/exec"
+	"path"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/rclone/rclone/fs/object"
+
+	_ "github.com/rclone/rclone/backend/local"
+	"github.com/rclone/rclone/cmd/serve/servetest"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config/configmap"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/fstest"
+	httplib "github.com/rclone/rclone/lib/http"
+	"github.com/rclone/rclone/lib/random"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	endpoint = "localhost:0"
+)
+
+// Configure and serve the server
+func serveS3(f fs.Fs) (testURL string, keyid string, keysec string) {
+	keyid = random.String(16)
+	keysec = random.String(16)
+	serveropt := &Options{
+		HTTP:           httplib.DefaultCfg(),
+		pathBucketMode: true,
+		hashName:       "",
+		hashType:       hash.None,
+		authPair:       []string{fmt.Sprintf("%s,%s", keyid, keysec)},
+	}
+
+	serveropt.HTTP.ListenAddr = []string{endpoint}
+	w, _ := newServer(context.Background(), f, serveropt)
+	router := w.Router()
+
+	w.Bind(router)
+	w.Serve()
+	testURL = w.Server.URLs()[0]
+
+	return
+}
+
+// TestS3 runs the s3 server then runs the unit tests for the
+// s3 remote against it.
+func TestS3(t *testing.T) {
+	start := func(f fs.Fs) (configmap.Simple, func()) {
+		testURL, keyid, keysec := serveS3(f)
+		// Config for the backend we'll use to connect to the server
+		config := configmap.Simple{
+			"type":              "s3",
+			"provider":          "Rclone",
+			"endpoint":          testURL,
+			"access_key_id":     keyid,
+			"secret_access_key": keysec,
+		}
+
+		return config, func() {}
+	}
+
+	RunS3UnitTests(t, "s3", start)
+}
+
+func RunS3UnitTests(t *testing.T, name string, start servetest.StartFn) {
+	fstest.Initialise()
+	ci := fs.GetConfig(context.Background())
+	ci.DisableFeatures = append(ci.DisableFeatures, "Metadata")
+
+	fremote, _, clean, err := fstest.RandomRemote()
+	assert.NoError(t, err)
+	defer clean()
+
+	err = fremote.Mkdir(context.Background(), "")
+	assert.NoError(t, err)
+
+	f := fremote
+	config, cleanup := start(f)
+	defer cleanup()
+
+	// Change directory to run the tests
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+	err = os.Chdir("../../../backend/" + name)
+	require.NoError(t, err, "failed to cd to "+name+" backend")
+	defer func() {
+		// Change back to the old directory
+		require.NoError(t, os.Chdir(cwd))
+	}()
+
+	// RunS3UnitTests the backend tests with an on the fly remote
+	args := []string{"test"}
+	if testing.Verbose() {
+		args = append(args, "-v")
+	}
+	if *fstest.Verbose {
+		args = append(args, "-verbose")
+	}
+	remoteName := "serve" + name + ":"
+	args = append(args, "-remote", remoteName)
+	args = append(args, "-run", "^TestIntegration$")
+	args = append(args, "-list-retries", fmt.Sprint(*fstest.ListRetries))
+	cmd := exec.Command("go", args...)
+
+	// Configure the backend with environment variables
+	cmd.Env = os.Environ()
+	prefix := "RCLONE_CONFIG_" + strings.ToUpper(remoteName[:len(remoteName)-1]) + "_"
+	for k, v := range config {
+		cmd.Env = append(cmd.Env, prefix+strings.ToUpper(k)+"="+v)
+	}
+
+	// RunS3UnitTests the test
+	out, err := cmd.CombinedOutput()
+	if len(out) != 0 {
+		t.Logf("\n----------\n%s----------\n", string(out))
+	}
+	assert.NoError(t, err, "Running "+name+" integration tests")
+}
+
+// tests using the minio client
+func TestEncodingWithMinioClient(t *testing.T) {
+	cases := []struct {
+		description string
+		bucket      string
+		path        string
+		filename    string
+		expected    string
+	}{
+		{
+			description: "weird file in bucket root",
+			bucket:      "mybucket",
+			path:        "",
+			filename:    " file with w€r^d ch@r \\#~+§4%&'. txt ",
+		},
+		{
+			description: "weird file inside a weird folder",
+			bucket:      "mybucket",
+			path:        "ä#/नेपाल&/?/",
+			filename:    " file with w€r^d ch@r \\#~+§4%&'. txt ",
+		},
+	}
+
+	for _, tt := range cases {
+		t.Run(tt.description, func(t *testing.T) {
+			fstest.Initialise()
+			f, _, clean, err := fstest.RandomRemote()
+			assert.NoError(t, err)
+			defer clean()
+			err = f.Mkdir(context.Background(), path.Join(tt.bucket, tt.path))
+			assert.NoError(t, err)
+
+			buf := bytes.NewBufferString("contents")
+			uploadHash := hash.NewMultiHasher()
+			in := io.TeeReader(buf, uploadHash)
+
+			obji := object.NewStaticObjectInfo(
+				path.Join(tt.bucket, tt.path, tt.filename),
+				time.Now(),
+				int64(buf.Len()),
+				true,
+				nil,
+				nil,
+			)
+			_, err = f.Put(context.Background(), in, obji)
+			assert.NoError(t, err)
+
+			endpoint, keyid, keysec := serveS3(f)
+			testURL, _ := url.Parse(endpoint)
+			minioClient, err := minio.New(testURL.Host, &minio.Options{
+				Creds:  credentials.NewStaticV4(keyid, keysec, ""),
+				Secure: false,
+			})
+			assert.NoError(t, err)
+
+			buckets, err := minioClient.ListBuckets(context.Background())
+			assert.NoError(t, err)
+			assert.Equal(t, buckets[0].Name, tt.bucket)
+			objects := minioClient.ListObjects(context.Background(), tt.bucket, minio.ListObjectsOptions{
+				Recursive: true,
+			})
+			for object := range objects {
+				assert.Equal(t, path.Join(tt.path, tt.filename), object.Key)
+			}
+		})
+	}
+
+}
diff --git a/cmd/serve/s3/serve_s3.md b/cmd/serve/s3/serve_s3.md
new file mode 100644
index 0000000000000..65445ff1cea61
--- /dev/null
+++ b/cmd/serve/s3/serve_s3.md
@@ -0,0 +1,115 @@
+`serve s3` implements a basic s3 server that serves a remote via s3.
+This can be viewed with an s3 client, or you can make an [s3 type
+remote](/s3/) to read and write to it with rclone.
+
+`serve s3` is considered **Experimental** so use with care.
+
+S3 server supports Signature Version 4 authentication. Just use
+`--auth-key accessKey,secretKey` and set the `Authorization`
+header correctly in the request. (See the [AWS
+docs](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)).
+
+`--auth-key` can be repeated for multiple auth pairs. If
+`--auth-key` is not provided then `serve s3` will allow anonymous
+access.
+
+Please note that some clients may require HTTPS endpoints. See [the
+SSL docs](#ssl-tls) for more information.
+
+This command uses the [VFS directory cache](#vfs-virtual-file-system).
+All the functionality will work with `--vfs-cache-mode off`. Using
+`--vfs-cache-mode full` (or `writes`) can be used to cache objects
+locally to improve performance.
+
+Use `--force-path-style=false` if you want to use the bucket name as a
+part of the hostname (such as mybucket.local)
+
+Use `--etag-hash` if you want to change the hash uses for the `ETag`.
+Note that using anything other than `MD5` (the default) is likely to
+cause problems for S3 clients which rely on the Etag being the MD5.
+
+### Quickstart
+
+For a simple set up, to serve `remote:path` over s3, run the server
+like this:
+
+```
+rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+```
+
+This will be compatible with an rclone remote which is defined like this:
+
+```
+[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false
+```
+
+Note that setting `disable_multipart_uploads = true` is to work around
+[a bug](#bugs) which will be fixed in due course.
+
+### Bugs
+
+When uploading multipart files `serve s3` holds all the parts in
+memory (see [#7453](https://github.com/rclone/rclone/issues/7453)).
+This is a limitaton of the library rclone uses for serving S3 and will
+hopefully be fixed at some point.
+
+Multipart server side copies do not work (see
+[#7454](https://github.com/rclone/rclone/issues/7454)). These take a
+very long time and eventually fail. The default threshold for
+multipart server side copies is 5G which is the maximum it can be, so
+files above this side will fail to be server side copied.
+
+For a current list of `serve s3` bugs see the [serve
+s3](https://github.com/rclone/rclone/labels/serve%20s3) bug category
+on GitHub.
+
+### Limitations
+
+`serve s3` will treat all directories in the root as buckets and
+ignore all files in the root. You can use `CreateBucket` to create
+folders under the root, but you can't create empty folders under other
+folders not in the root.
+
+When using `PutObject` or `DeleteObject`, rclone will automatically
+create or clean up empty folders. If you don't want to clean up empty
+folders automatically, use `--no-cleanup`.
+
+When using `ListObjects`, rclone will use `/` when the delimiter is
+empty. This reduces backend requests with no effect on most
+operations, but if the delimiter is something other than `/` and
+empty, rclone will do a full recursive search of the backend, which
+can take some time.
+
+Versioning is not currently supported.
+
+Metadata will only be saved in memory other than the rclone `mtime`
+metadata which will be set as the modification time of the file.
+
+### Supported operations
+
+`serve s3` currently supports the following operations.
+
+- Bucket
+    - `ListBuckets`
+    - `CreateBucket`
+    - `DeleteBucket`
+- Object
+    - `HeadObject`
+    - `ListObjects`
+    - `GetObject`
+    - `PutObject`
+    - `DeleteObject`
+    - `DeleteObjects`
+    - `CreateMultipartUpload`
+    - `CompleteMultipartUpload`
+    - `AbortMultipartUpload`
+    - `CopyObject`
+    - `UploadPart`
+
+Other operations will return error `Unimplemented`.
diff --git a/cmd/serve/s3/server.go b/cmd/serve/s3/server.go
new file mode 100644
index 0000000000000..b9e9a75504daa
--- /dev/null
+++ b/cmd/serve/s3/server.go
@@ -0,0 +1,83 @@
+// Package s3 implements a fake s3 server for rclone
+package s3
+
+import (
+	"context"
+	"fmt"
+	"math/rand"
+	"net/http"
+
+	"github.com/Mikubill/gofakes3"
+	"github.com/go-chi/chi/v5"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/hash"
+	httplib "github.com/rclone/rclone/lib/http"
+	"github.com/rclone/rclone/vfs"
+	"github.com/rclone/rclone/vfs/vfsflags"
+)
+
+// Options contains options for the http Server
+type Options struct {
+	//TODO add more options
+	pathBucketMode bool
+	hashName       string
+	hashType       hash.Type
+	authPair       []string
+	noCleanup      bool
+	HTTP           httplib.Config
+}
+
+// Server is a s3.FileSystem interface
+type Server struct {
+	*httplib.Server
+	f       fs.Fs
+	vfs     *vfs.VFS
+	faker   *gofakes3.GoFakeS3
+	handler http.Handler
+	ctx     context.Context // for global config
+}
+
+// Make a new S3 Server to serve the remote
+func newServer(ctx context.Context, f fs.Fs, opt *Options) (s *Server, err error) {
+	w := &Server{
+		f:   f,
+		ctx: ctx,
+		vfs: vfs.New(f, &vfsflags.Opt),
+	}
+
+	if len(opt.authPair) == 0 {
+		fs.Logf("serve s3", "No auth provided so allowing anonymous access")
+	}
+
+	var newLogger logger
+	w.faker = gofakes3.New(
+		newBackend(w.vfs, opt),
+		gofakes3.WithHostBucket(!opt.pathBucketMode),
+		gofakes3.WithLogger(newLogger),
+		gofakes3.WithRequestID(rand.Uint64()),
+		gofakes3.WithoutVersioning(),
+		gofakes3.WithV4Auth(authlistResolver(opt.authPair)),
+		gofakes3.WithIntegrityCheck(true), // Check Content-MD5 if supplied
+	)
+
+	w.Server, err = httplib.NewServer(ctx,
+		httplib.WithConfig(opt.HTTP),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("failed to init server: %w", err)
+	}
+
+	w.handler = w.faker.Server()
+	return w, nil
+}
+
+// Bind register the handler to http.Router
+func (w *Server) Bind(router chi.Router) {
+	router.Handle("/*", w.handler)
+}
+
+func (w *Server) serve() error {
+	w.Serve()
+	fs.Logf(w.f, "Starting s3 server on %s", w.URLs())
+	return nil
+}
diff --git a/cmd/serve/s3/utils.go b/cmd/serve/s3/utils.go
new file mode 100644
index 0000000000000..c61283cc6bf4f
--- /dev/null
+++ b/cmd/serve/s3/utils.go
@@ -0,0 +1,136 @@
+package s3
+
+import (
+	"context"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"os"
+	"path"
+	"strings"
+
+	"github.com/Mikubill/gofakes3"
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/vfs"
+)
+
+func getDirEntries(prefix string, VFS *vfs.VFS) (vfs.Nodes, error) {
+	node, err := VFS.Stat(prefix)
+
+	if err == vfs.ENOENT {
+		return nil, gofakes3.ErrNoSuchKey
+	} else if err != nil {
+		return nil, err
+	}
+
+	if !node.IsDir() {
+		return nil, gofakes3.ErrNoSuchKey
+	}
+
+	dir := node.(*vfs.Dir)
+	dirEntries, err := dir.ReadDirAll()
+	if err != nil {
+		return nil, err
+	}
+
+	return dirEntries, nil
+}
+
+func getFileHashByte(node interface{}) []byte {
+	b, err := hex.DecodeString(getFileHash(node))
+	if err != nil {
+		return nil
+	}
+	return b
+}
+
+func getFileHash(node interface{}) string {
+	var o fs.Object
+
+	switch b := node.(type) {
+	case vfs.Node:
+		fsObj, ok := b.DirEntry().(fs.Object)
+		if !ok {
+			fs.Debugf("serve s3", "File uploading - reading hash from VFS cache")
+			in, err := b.Open(os.O_RDONLY)
+			if err != nil {
+				return ""
+			}
+			defer func() {
+				_ = in.Close()
+			}()
+			h, err := hash.NewMultiHasherTypes(hash.NewHashSet(Opt.hashType))
+			if err != nil {
+				return ""
+			}
+			_, err = io.Copy(h, in)
+			if err != nil {
+				return ""
+			}
+			return h.Sums()[Opt.hashType]
+		}
+		o = fsObj
+	case fs.Object:
+		o = b
+	}
+
+	hash, err := o.Hash(context.Background(), Opt.hashType)
+	if err != nil {
+		return ""
+	}
+	return hash
+}
+
+func prefixParser(p *gofakes3.Prefix) (path, remaining string) {
+	idx := strings.LastIndexByte(p.Prefix, '/')
+	if idx < 0 {
+		return "", p.Prefix
+	}
+	return p.Prefix[:idx], p.Prefix[idx+1:]
+}
+
+// FIXME this could be implemented by VFS.MkdirAll()
+func mkdirRecursive(path string, VFS *vfs.VFS) error {
+	path = strings.Trim(path, "/")
+	dirs := strings.Split(path, "/")
+	dir := ""
+	for _, d := range dirs {
+		dir += "/" + d
+		if _, err := VFS.Stat(dir); err != nil {
+			err := VFS.Mkdir(dir, 0777)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func rmdirRecursive(p string, VFS *vfs.VFS) {
+	dir := path.Dir(p)
+	if !strings.ContainsAny(dir, "/\\") {
+		// might be bucket(root)
+		return
+	}
+	if _, err := VFS.Stat(dir); err == nil {
+		err := VFS.Remove(dir)
+		if err != nil {
+			return
+		}
+		rmdirRecursive(dir, VFS)
+	}
+}
+
+func authlistResolver(list []string) map[string]string {
+	authList := make(map[string]string)
+	for _, v := range list {
+		parts := strings.Split(v, ",")
+		if len(parts) != 2 {
+			fs.Infof(nil, fmt.Sprintf("Ignored: invalid auth pair %s", v))
+			continue
+		}
+		authList[parts[0]] = parts[1]
+	}
+	return authList
+}
diff --git a/cmd/serve/serve.go b/cmd/serve/serve.go
index 8f523f52c3f03..c415499a07f22 100644
--- a/cmd/serve/serve.go
+++ b/cmd/serve/serve.go
@@ -9,7 +9,9 @@ import (
 	"github.com/rclone/rclone/cmd/serve/docker"
 	"github.com/rclone/rclone/cmd/serve/ftp"
 	"github.com/rclone/rclone/cmd/serve/http"
+	"github.com/rclone/rclone/cmd/serve/nfs"
 	"github.com/rclone/rclone/cmd/serve/restic"
+	"github.com/rclone/rclone/cmd/serve/s3"
 	"github.com/rclone/rclone/cmd/serve/sftp"
 	"github.com/rclone/rclone/cmd/serve/webdav"
 	"github.com/spf13/cobra"
@@ -35,6 +37,12 @@ func init() {
 	if docker.Command != nil {
 		Command.AddCommand(docker.Command)
 	}
+	if nfs.Command != nil {
+		Command.AddCommand(nfs.Command)
+	}
+	if s3.Command != nil {
+		Command.AddCommand(s3.Command)
+	}
 	cmd.Root.AddCommand(Command)
 }
 
diff --git a/cmd/serve/sftp/connection.go b/cmd/serve/sftp/connection.go
index 42564c151d8c7..91c83002c122c 100644
--- a/cmd/serve/sftp/connection.go
+++ b/cmd/serve/sftp/connection.go
@@ -123,11 +123,28 @@ func (c *conn) execCommand(ctx context.Context, out io.Writer, command string) (
 			}
 			o, ok := node.DirEntry().(fs.ObjectInfo)
 			if !ok {
-				return errors.New("unexpected non file")
-			}
-			hashSum, err = o.Hash(ctx, ht)
-			if err != nil {
-				return fmt.Errorf("hash failed: %w", err)
+				fs.Debugf(args, "File uploading - reading hash from VFS cache")
+				in, err := node.Open(os.O_RDONLY)
+				if err != nil {
+					return fmt.Errorf("hash vfs open failed: %w", err)
+				}
+				defer func() {
+					_ = in.Close()
+				}()
+				h, err := hash.NewMultiHasherTypes(hash.NewHashSet(ht))
+				if err != nil {
+					return fmt.Errorf("hash vfs create multi-hasher failed: %w", err)
+				}
+				_, err = io.Copy(h, in)
+				if err != nil {
+					return fmt.Errorf("hash vfs copy failed: %w", err)
+				}
+				hashSum = h.Sums()[ht]
+			} else {
+				hashSum, err = o.Hash(ctx, ht)
+				if err != nil {
+					return fmt.Errorf("hash failed: %w", err)
+				}
 			}
 		}
 		_, err = fmt.Fprintf(out, "%s  %s\n", hashSum, args)
diff --git a/cmd/serve/sftp/handler.go b/cmd/serve/sftp/handler.go
index aba3601a29727..b937af80a1375 100644
--- a/cmd/serve/sftp/handler.go
+++ b/cmd/serve/sftp/handler.go
@@ -83,6 +83,10 @@ func (v vfsHandler) Filecmd(r *sftp.Request) error {
 		// link.symlink = r.Filepath
 		// v.files[r.Target] = link
 		return sftp.ErrSshFxOpUnsupported
+	case "Link":
+		return sftp.ErrSshFxOpUnsupported
+	default:
+		return sftp.ErrSshFxOpUnsupported
 	}
 	return nil
 }
diff --git a/cmd/serve/sftp/sftp.go b/cmd/serve/sftp/sftp.go
index 2a255224bee92..117f3ff615dc2 100644
--- a/cmd/serve/sftp/sftp.go
+++ b/cmd/serve/sftp/sftp.go
@@ -13,6 +13,7 @@ import (
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/config/flags"
 	"github.com/rclone/rclone/fs/rc"
+	"github.com/rclone/rclone/lib/systemd"
 	"github.com/rclone/rclone/vfs"
 	"github.com/rclone/rclone/vfs/vfsflags"
 	"github.com/spf13/cobra"
@@ -42,13 +43,13 @@ var Opt = DefaultOpt
 // AddFlags adds flags for the sftp
 func AddFlags(flagSet *pflag.FlagSet, Opt *Options) {
 	rc.AddOption("sftp", &Opt)
-	flags.StringVarP(flagSet, &Opt.ListenAddr, "addr", "", Opt.ListenAddr, "IPaddress:Port or :Port to bind server to")
-	flags.StringArrayVarP(flagSet, &Opt.HostKeys, "key", "", Opt.HostKeys, "SSH private host key file (Can be multi-valued, leave blank to auto generate)")
-	flags.StringVarP(flagSet, &Opt.AuthorizedKeys, "authorized-keys", "", Opt.AuthorizedKeys, "Authorized keys file")
-	flags.StringVarP(flagSet, &Opt.User, "user", "", Opt.User, "User name for authentication")
-	flags.StringVarP(flagSet, &Opt.Pass, "pass", "", Opt.Pass, "Password for authentication")
-	flags.BoolVarP(flagSet, &Opt.NoAuth, "no-auth", "", Opt.NoAuth, "Allow connections with no authentication if set")
-	flags.BoolVarP(flagSet, &Opt.Stdio, "stdio", "", Opt.Stdio, "Run an sftp server on stdin/stdout")
+	flags.StringVarP(flagSet, &Opt.ListenAddr, "addr", "", Opt.ListenAddr, "IPaddress:Port or :Port to bind server to", "")
+	flags.StringArrayVarP(flagSet, &Opt.HostKeys, "key", "", Opt.HostKeys, "SSH private host key file (Can be multi-valued, leave blank to auto generate)", "")
+	flags.StringVarP(flagSet, &Opt.AuthorizedKeys, "authorized-keys", "", Opt.AuthorizedKeys, "Authorized keys file", "")
+	flags.StringVarP(flagSet, &Opt.User, "user", "", Opt.User, "User name for authentication", "")
+	flags.StringVarP(flagSet, &Opt.Pass, "pass", "", Opt.Pass, "Password for authentication", "")
+	flags.BoolVarP(flagSet, &Opt.NoAuth, "no-auth", "", Opt.NoAuth, "Allow connections with no authentication if set", "")
+	flags.BoolVarP(flagSet, &Opt.Stdio, "stdio", "", Opt.Stdio, "Run an sftp server on stdin/stdout", "")
 }
 
 func init() {
@@ -108,7 +109,7 @@ which can lead to "corrupted on transfer" errors. This is the case because
 the client chooses indiscriminately which server to send commands to while
 the servers all have different views of the state of the filing system.
 
-The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from beeing
+The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from being
 used. Omitting "restrict" and using  ` + "`--sftp-path-override`" + ` to enable
 checksumming is possible but less secure and you could use the SFTP server
 provided by OpenSSH in this case.
@@ -116,6 +117,7 @@ provided by OpenSSH in this case.
 ` + vfs.Help + proxy.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.48",
+		"groups":            "Filter",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		var f fs.Fs
@@ -134,6 +136,7 @@ provided by OpenSSH in this case.
 			if err != nil {
 				return err
 			}
+			defer systemd.Notify()()
 			s.Wait()
 			return nil
 		})
diff --git a/cmd/serve/webdav/webdav.go b/cmd/serve/webdav/webdav.go
index daaa537f981f8..f482d13d5d7cd 100644
--- a/cmd/serve/webdav/webdav.go
+++ b/cmd/serve/webdav/webdav.go
@@ -3,10 +3,14 @@ package webdav
 
 import (
 	"context"
+	"encoding/xml"
 	"errors"
 	"fmt"
+	"mime"
 	"net/http"
 	"os"
+	"path"
+	"strconv"
 	"strings"
 	"time"
 
@@ -20,6 +24,7 @@ import (
 	"github.com/rclone/rclone/fs/hash"
 	libhttp "github.com/rclone/rclone/lib/http"
 	"github.com/rclone/rclone/lib/http/serve"
+	"github.com/rclone/rclone/lib/systemd"
 	"github.com/rclone/rclone/vfs"
 	"github.com/rclone/rclone/vfs/vfsflags"
 	"github.com/spf13/cobra"
@@ -48,15 +53,19 @@ var DefaultOpt = Options{
 // Opt is options set by command line flags
 var Opt = DefaultOpt
 
+// flagPrefix is the prefix used to uniquely identify command line flags.
+// It is intentionally empty for this package.
+const flagPrefix = ""
+
 func init() {
 	flagSet := Command.Flags()
-	libhttp.AddAuthFlagsPrefix(flagSet, "", &Opt.Auth)
-	libhttp.AddHTTPFlagsPrefix(flagSet, "", &Opt.HTTP)
+	libhttp.AddAuthFlagsPrefix(flagSet, flagPrefix, &Opt.Auth)
+	libhttp.AddHTTPFlagsPrefix(flagSet, flagPrefix, &Opt.HTTP)
 	libhttp.AddTemplateFlagsPrefix(flagSet, "", &Opt.Template)
 	vfsflags.AddFlags(flagSet)
 	proxyflags.AddFlags(flagSet)
-	flags.StringVarP(flagSet, &Opt.HashName, "etag-hash", "", "", "Which hash to use for the ETag, or auto or blank for off")
-	flags.BoolVarP(flagSet, &Opt.DisableGETDir, "disable-dir-list", "", false, "Disable HTML directory list on GET request for a directory")
+	flags.StringVarP(flagSet, &Opt.HashName, "etag-hash", "", "", "Which hash to use for the ETag, or auto or blank for off", "")
+	flags.BoolVarP(flagSet, &Opt.DisableGETDir, "disable-dir-list", "", false, "Disable HTML directory list on GET request for a directory", "")
 }
 
 // Command definition for cobra
@@ -103,9 +112,10 @@ Create a new DWORD BasicAuthLevel with value 2.
 
 https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint
 
-` + libhttp.Help + libhttp.TemplateHelp + libhttp.AuthHelp + vfs.Help + proxy.Help,
+` + libhttp.Help(flagPrefix) + libhttp.TemplateHelp(flagPrefix) + libhttp.AuthHelp(flagPrefix) + vfs.Help + proxy.Help,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.39",
+		"groups":            "Filter",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		var f fs.Fs
@@ -136,6 +146,7 @@ https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-bl
 			if err != nil {
 				return err
 			}
+			defer systemd.Notify()()
 			s.Wait()
 			return nil
 		})
@@ -251,6 +262,52 @@ func (w *WebDAV) auth(user, pass string) (value interface{}, err error) {
 	return VFS, err
 }
 
+type webdavRW struct {
+	http.ResponseWriter
+	status int
+}
+
+func (rw *webdavRW) WriteHeader(statusCode int) {
+	rw.status = statusCode
+	rw.ResponseWriter.WriteHeader(statusCode)
+}
+
+func (rw *webdavRW) isSuccessfull() bool {
+	return rw.status == 0 || (rw.status >= 200 && rw.status <= 299)
+}
+
+func (w *WebDAV) postprocess(r *http.Request, remote string) {
+	// set modtime from requests, don't write to client because status is already written
+	switch r.Method {
+	case "COPY", "MOVE", "PUT":
+		VFS, err := w.getVFS(r.Context())
+		if err != nil {
+			fs.Errorf(nil, "Failed to get VFS: %v", err)
+			return
+		}
+
+		// Get the node
+		node, err := VFS.Stat(remote)
+		if err != nil {
+			fs.Errorf(nil, "Failed to stat node: %v", err)
+			return
+		}
+
+		mh := r.Header.Get("X-OC-Mtime")
+		if mh != "" {
+			modtimeUnix, err := strconv.ParseInt(mh, 10, 64)
+			if err == nil {
+				err = node.SetModTime(time.Unix(modtimeUnix, 0))
+				if err != nil {
+					fs.Errorf(nil, "Failed to set modtime: %v", err)
+				}
+			} else {
+				fs.Errorf(nil, "Failed to parse modtime: %v", err)
+			}
+		}
+	}
+}
+
 func (w *WebDAV) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	urlPath := r.URL.Path
 	isDir := strings.HasSuffix(urlPath, "/")
@@ -262,7 +319,12 @@ func (w *WebDAV) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	// Add URL Prefix back to path since webdavhandler needs to
 	// return absolute references.
 	r.URL.Path = w.opt.HTTP.BaseURL + r.URL.Path
-	w.webdavhandler.ServeHTTP(rw, r)
+	wrw := &webdavRW{ResponseWriter: rw}
+	w.webdavhandler.ServeHTTP(wrw, r)
+
+	if wrw.isSuccessfull() {
+		w.postprocess(r, remote)
+	}
 }
 
 // serveDir serves a directory index at dirRemote
@@ -352,7 +414,7 @@ func (w *WebDAV) OpenFile(ctx context.Context, name string, flags int, perm os.F
 	if err != nil {
 		return nil, err
 	}
-	return Handle{Handle: f, w: w}, nil
+	return Handle{Handle: f, w: w, ctx: ctx}, nil
 }
 
 // RemoveAll removes a file or a directory and its contents
@@ -400,7 +462,8 @@ func (w *WebDAV) Stat(ctx context.Context, name string) (fi os.FileInfo, err err
 // Handle represents an open file
 type Handle struct {
 	vfs.Handle
-	w *WebDAV
+	w   *WebDAV
+	ctx context.Context
 }
 
 // Readdir reads directory entries from the handle
@@ -425,6 +488,65 @@ func (h Handle) Stat() (fi os.FileInfo, err error) {
 	return FileInfo{FileInfo: fi, w: h.w}, nil
 }
 
+// DeadProps returns extra properties about the handle
+func (h Handle) DeadProps() (map[xml.Name]webdav.Property, error) {
+	var (
+		xmlName    xml.Name
+		property   webdav.Property
+		properties = make(map[xml.Name]webdav.Property)
+	)
+	if h.w.opt.HashType != hash.None {
+		entry := h.Handle.Node().DirEntry()
+		if o, ok := entry.(fs.Object); ok {
+			hash, err := o.Hash(h.ctx, h.w.opt.HashType)
+			if err == nil {
+				xmlName.Space = "http://owncloud.org/ns"
+				xmlName.Local = "checksums"
+				property.XMLName = xmlName
+				property.InnerXML = append(property.InnerXML, "<checksum xmlns=\"http://owncloud.org/ns\">"...)
+				property.InnerXML = append(property.InnerXML, strings.ToUpper(h.w.opt.HashType.String())...)
+				property.InnerXML = append(property.InnerXML, ':')
+				property.InnerXML = append(property.InnerXML, hash...)
+				property.InnerXML = append(property.InnerXML, "</checksum>"...)
+				properties[xmlName] = property
+			} else {
+				fs.Errorf(nil, "failed to calculate hash: %v", err)
+			}
+		}
+	}
+
+	xmlName.Space = "DAV:"
+	xmlName.Local = "lastmodified"
+	property.XMLName = xmlName
+	property.InnerXML = strconv.AppendInt(nil, h.Handle.Node().ModTime().Unix(), 10)
+	properties[xmlName] = property
+
+	return properties, nil
+}
+
+// Patch changes modtime of the underlying resources, it returns ok for all properties, the error is from setModtime if any
+// FIXME does not check for invalid property and SetModTime error
+func (h Handle) Patch(proppatches []webdav.Proppatch) ([]webdav.Propstat, error) {
+	var (
+		stat webdav.Propstat
+		err  error
+	)
+	stat.Status = http.StatusOK
+	for _, patch := range proppatches {
+		for _, prop := range patch.Props {
+			stat.Props = append(stat.Props, webdav.Property{XMLName: prop.XMLName})
+			if prop.XMLName.Space == "DAV:" && prop.XMLName.Local == "lastmodified" {
+				var modtimeUnix int64
+				modtimeUnix, err = strconv.ParseInt(string(prop.InnerXML), 10, 64)
+				if err == nil {
+					err = h.Handle.Node().SetModTime(time.Unix(modtimeUnix, 0))
+				}
+			}
+		}
+	}
+	return []webdav.Propstat{stat}, err
+}
+
 // FileInfo represents info about a file satisfying os.FileInfo and
 // also some additional interfaces for webdav for ETag and ContentType
 type FileInfo struct {
@@ -463,12 +585,14 @@ func (fi FileInfo) ContentType(ctx context.Context) (contentType string, err err
 		fs.Errorf(fi, "Expecting vfs.Node, got %T", fi.FileInfo)
 		return "application/octet-stream", nil
 	}
-	entry := node.DirEntry()
+	entry := node.DirEntry() // can be nil
 	switch x := entry.(type) {
 	case fs.Object:
 		return fs.MimeType(ctx, x), nil
 	case fs.Directory:
 		return "inode/directory", nil
+	case nil:
+		return mime.TypeByExtension(path.Ext(node.Name())), nil
 	}
 	fs.Errorf(fi, "Expecting fs.Object or fs.Directory, got %T", entry)
 	return "application/octet-stream", nil
diff --git a/cmd/serve/webdav/webdav_test.go b/cmd/serve/webdav/webdav_test.go
index 2bc61a58af6bf..6734d6f6e5279 100644
--- a/cmd/serve/webdav/webdav_test.go
+++ b/cmd/serve/webdav/webdav_test.go
@@ -65,7 +65,7 @@ func TestWebDav(t *testing.T) {
 		// Config for the backend we'll use to connect to the server
 		config := configmap.Simple{
 			"type":   "webdav",
-			"vendor": "other",
+			"vendor": "rclone",
 			"url":    w.Server.URLs()[0],
 			"user":   testUser,
 			"pass":   obscure.MustObscure(testPass),
diff --git a/cmd/sha1sum/sha1sum.go b/cmd/sha1sum/sha1sum.go
index 483832ec2a740..6c70367a301ee 100644
--- a/cmd/sha1sum/sha1sum.go
+++ b/cmd/sha1sum/sha1sum.go
@@ -43,6 +43,7 @@ a remote:path.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.27",
+		"groups":            "Filter,Listing",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(0, 1, command, args)
diff --git a/cmd/size/size.go b/cmd/size/size.go
index 8be1305292042..be00952bb15eb 100644
--- a/cmd/size/size.go
+++ b/cmd/size/size.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"strconv"
 
 	"github.com/rclone/rclone/cmd"
 	"github.com/rclone/rclone/fs"
@@ -19,7 +20,7 @@ var jsonOutput bool
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &jsonOutput, "json", "", false, "Format output as JSON")
+	flags.BoolVarP(cmdFlags, &jsonOutput, "json", "", false, "Format output as JSON", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -39,13 +40,14 @@ recursion.
 
 Some backends do not always provide file sizes, see for example
 [Google Photos](/googlephotos/#size) and
-[Google Drive](/drive/#limitations-of-google-docs).
+[Google Docs](/drive/#limitations-of-google-docs).
 Rclone will then show a notice in the log indicating how many such
 files were encountered, and count them in as empty files in the output
 of the size command.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.23",
+		"groups":            "Filter,Listing",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
@@ -68,7 +70,13 @@ of the size command.
 			if jsonOutput {
 				return json.NewEncoder(os.Stdout).Encode(results)
 			}
-			fmt.Printf("Total objects: %s (%d)\n", fs.CountSuffix(results.Count), results.Count)
+			count := strconv.FormatInt(results.Count, 10)
+			countSuffix := fs.CountSuffix(results.Count).String()
+			if count == countSuffix {
+				fmt.Printf("Total objects: %s\n", count)
+			} else {
+				fmt.Printf("Total objects: %s (%s)\n", countSuffix, count)
+			}
 			fmt.Printf("Total size: %s (%d Byte)\n", fs.SizeSuffix(results.Bytes).ByteUnit(), results.Bytes)
 			if results.Sizeless > 0 {
 				fmt.Printf("Total objects with unknown size: %s (%d)\n", fs.CountSuffix(results.Sizeless), results.Sizeless)
diff --git a/cmd/sync/sync.go b/cmd/sync/sync.go
index 25c3746be50b9..da9184f300740 100644
--- a/cmd/sync/sync.go
+++ b/cmd/sync/sync.go
@@ -18,7 +18,7 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &createEmptySrcDirs, "create-empty-src-dirs", "", createEmptySrcDirs, "Create empty source dirs on destination after sync")
+	flags.BoolVarP(cmdFlags, &createEmptySrcDirs, "create-empty-src-dirs", "", createEmptySrcDirs, "Create empty source dirs on destination after sync", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -60,6 +60,9 @@ destination that is inside the source directory.
 **Note**: Use the ` + "`rclone dedupe`" + ` command to deal with "Duplicate object/directory found in source/destination - ignoring" errors.
 See [this forum post](https://forum.rclone.org/t/sync-not-clearing-duplicates/14372) for more info.
 `,
+	Annotations: map[string]string{
+		"groups": "Sync,Copy,Filter,Listing,Important",
+	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(2, 2, command, args)
 		fsrc, srcFileName, fdst := cmd.NewFsSrcFileDst(args)
diff --git a/cmd/test/changenotify/changenotify.go b/cmd/test/changenotify/changenotify.go
index 6b88e5f11b9dd..27d17ba30b623 100644
--- a/cmd/test/changenotify/changenotify.go
+++ b/cmd/test/changenotify/changenotify.go
@@ -20,7 +20,7 @@ var (
 func init() {
 	test.Command.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.DurationVarP(cmdFlags, &pollInterval, "poll-interval", "", pollInterval, "Time to wait between polling for changes")
+	flags.DurationVarP(cmdFlags, &pollInterval, "poll-interval", "", pollInterval, "Time to wait between polling for changes", "")
 }
 
 var commandDefinition = &cobra.Command{
diff --git a/cmd/test/info/base32768.go b/cmd/test/info/base32768.go
new file mode 100644
index 0000000000000..8f3f61343104f
--- /dev/null
+++ b/cmd/test/info/base32768.go
@@ -0,0 +1,94 @@
+package info
+
+// Create files with all possible base 32768 file names
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/fspath"
+	"github.com/rclone/rclone/fs/operations"
+	"github.com/rclone/rclone/fs/sync"
+)
+
+const safeAlphabet = "ƀɀɠʀҠԀڀڠݠހ߀ကႠᄀᄠᅀᆀᇠሀሠበዠጠᎠᏀᐠᑀᑠᒀᒠᓀᓠᔀᔠᕀᕠᖀᖠᗀᗠᘀᘠᙀᚠᛀកᠠᡀᣀᦀ᧠ᨠᯀᰀᴀ⇠⋀⍀⍠⎀⎠⏀␀─┠╀╠▀■◀◠☀☠♀♠⚀⚠⛀⛠✀✠❀➀➠⠀⠠⡀⡠⢀⢠⣀⣠⤀⤠⥀⥠⦠⨠⩀⪀⪠⫠⬀⬠⭀ⰀⲀⲠⳀⴀⵀ⺠⻀㇀㐀㐠㑀㑠㒀㒠㓀㓠㔀㔠㕀㕠㖀㖠㗀㗠㘀㘠㙀㙠㚀㚠㛀㛠㜀㜠㝀㝠㞀㞠㟀㟠㠀㠠㡀㡠㢀㢠㣀㣠㤀㤠㥀㥠㦀㦠㧀㧠㨀㨠㩀㩠㪀㪠㫀㫠㬀㬠㭀㭠㮀㮠㯀㯠㰀㰠㱀㱠㲀㲠㳀㳠㴀㴠㵀㵠㶀㶠㷀㷠㸀㸠㹀㹠㺀㺠㻀㻠㼀㼠㽀㽠㾀㾠㿀㿠䀀䀠䁀䁠䂀䂠䃀䃠䄀䄠䅀䅠䆀䆠䇀䇠䈀䈠䉀䉠䊀䊠䋀䋠䌀䌠䍀䍠䎀䎠䏀䏠䐀䐠䑀䑠䒀䒠䓀䓠䔀䔠䕀䕠䖀䖠䗀䗠䘀䘠䙀䙠䚀䚠䛀䛠䜀䜠䝀䝠䞀䞠䟀䟠䠀䠠䡀䡠䢀䢠䣀䣠䤀䤠䥀䥠䦀䦠䧀䧠䨀䨠䩀䩠䪀䪠䫀䫠䬀䬠䭀䭠䮀䮠䯀䯠䰀䰠䱀䱠䲀䲠䳀䳠䴀䴠䵀䵠䶀䷀䷠一丠乀习亀亠什仠伀传佀你侀侠俀俠倀倠偀偠傀傠僀僠儀儠兀兠冀冠净几刀删剀剠劀加勀勠匀匠區占厀厠叀叠吀吠呀呠咀咠哀哠唀唠啀啠喀喠嗀嗠嘀嘠噀噠嚀嚠囀因圀圠址坠垀垠埀埠堀堠塀塠墀墠壀壠夀夠奀奠妀妠姀姠娀娠婀婠媀媠嫀嫠嬀嬠孀孠宀宠寀寠尀尠局屠岀岠峀峠崀崠嵀嵠嶀嶠巀巠帀帠幀幠庀庠廀廠开张彀彠往徠忀忠怀怠恀恠悀悠惀惠愀愠慀慠憀憠懀懠戀戠所扠技抠拀拠挀挠捀捠掀掠揀揠搀搠摀摠撀撠擀擠攀攠敀敠斀斠旀无昀映晀晠暀暠曀曠最朠杀杠枀枠柀柠栀栠桀桠梀梠检棠椀椠楀楠榀榠槀槠樀樠橀橠檀檠櫀櫠欀欠歀歠殀殠毀毠氀氠汀池沀沠泀泠洀洠浀浠涀涠淀淠渀渠湀湠満溠滀滠漀漠潀潠澀澠激濠瀀瀠灀灠炀炠烀烠焀焠煀煠熀熠燀燠爀爠牀牠犀犠狀狠猀猠獀獠玀玠珀珠琀琠瑀瑠璀璠瓀瓠甀甠畀畠疀疠痀痠瘀瘠癀癠皀皠盀盠眀眠着睠瞀瞠矀矠砀砠础硠碀碠磀磠礀礠祀祠禀禠秀秠稀稠穀穠窀窠竀章笀笠筀筠简箠節篠簀簠籀籠粀粠糀糠紀素絀絠綀綠緀締縀縠繀繠纀纠绀绠缀缠罀罠羀羠翀翠耀耠聀聠肀肠胀胠脀脠腀腠膀膠臀臠舀舠艀艠芀芠苀苠茀茠荀荠莀莠菀菠萀萠葀葠蒀蒠蓀蓠蔀蔠蕀蕠薀薠藀藠蘀蘠虀虠蚀蚠蛀蛠蜀蜠蝀蝠螀螠蟀蟠蠀蠠血衠袀袠裀裠褀褠襀襠覀覠觀觠言訠詀詠誀誠諀諠謀謠譀譠讀讠诀诠谀谠豀豠貀負賀賠贀贠赀赠趀趠跀跠踀踠蹀蹠躀躠軀軠輀輠轀轠辀辠迀迠退造遀遠邀邠郀郠鄀鄠酀酠醀醠釀釠鈀鈠鉀鉠銀銠鋀鋠錀錠鍀鍠鎀鎠鏀鏠鐀鐠鑀鑠钀钠铀铠销锠镀镠門閠闀闠阀阠陀陠隀隠雀雠需霠靀靠鞀鞠韀韠頀頠顀顠颀颠飀飠餀餠饀饠馀馠駀駠騀騠驀驠骀骠髀髠鬀鬠魀魠鮀鮠鯀鯠鰀鰠鱀鱠鲀鲠鳀鳠鴀鴠鵀鵠鶀鶠鷀鷠鸀鸠鹀鹠麀麠黀黠鼀鼠齀齠龀龠ꀀꀠꁀꁠꂀꂠꃀꃠꄀꄠꅀꅠꆀꆠꇀꇠꈀꈠꉀꉠꊀꊠꋀꋠꌀꌠꍀꍠꎀꎠꏀꏠꐀꐠꑀꑠ꒠ꔀꔠꕀꕠꖀꖠꗀꗠꙀꚠꛀ꜀꜠ꝀꞀꡀ"
+
+func (r *results) checkBase32768() {
+	r.canBase32768 = false
+	ctx := context.Background()
+
+	n := 0
+	dir, err := os.MkdirTemp("", "rclone-base32768-files")
+	if err != nil {
+		log.Printf("Failed to make temp dir: %v", err)
+		return
+	}
+	defer func() {
+		_ = os.RemoveAll(dir)
+	}()
+
+	// Create test files
+	for _, c := range safeAlphabet {
+		var out strings.Builder
+		for i := rune(0); i < 32; i++ {
+			out.WriteRune(c + i)
+		}
+		fileName := filepath.Join(dir, fmt.Sprintf("%04d-%s.txt", n, out.String()))
+		err = os.WriteFile(fileName, []byte(fileName), 0666)
+		if err != nil {
+			log.Printf("write %q failed: %v", fileName, err)
+			return
+		}
+		n++
+	}
+
+	// Make a local fs
+	fLocal, err := fs.NewFs(ctx, dir)
+	if err != nil {
+		log.Printf("Failed to make local fs: %v", err)
+		return
+	}
+
+	testDir := "test-base32768"
+
+	// Make a remote fs
+	s := fs.ConfigStringFull(r.f)
+	s = fspath.JoinRootPath(s, testDir)
+	fRemote, err := fs.NewFs(ctx, s)
+	if err != nil {
+		log.Printf("Failed to make remote fs: %v", err)
+		return
+	}
+
+	defer func() {
+		err := operations.Purge(ctx, r.f, testDir)
+		if err != nil {
+			log.Printf("Failed to purge test directory: %v", err)
+			return
+		}
+	}()
+
+	// Sync local to remote
+	err = sync.Sync(ctx, fRemote, fLocal, false)
+	if err != nil {
+		log.Printf("Failed to sync remote fs: %v", err)
+		return
+	}
+
+	// Check local to remote
+	err = operations.Check(ctx, &operations.CheckOpt{
+		Fdst: fRemote,
+		Fsrc: fLocal,
+	})
+	if err != nil {
+		log.Printf("Failed to check remote fs: %v", err)
+		return
+	}
+
+	r.canBase32768 = true
+}
diff --git a/cmd/test/info/info.go b/cmd/test/info/info.go
index 0715547965587..40b9a9e6fe02b 100644
--- a/cmd/test/info/info.go
+++ b/cmd/test/info/info.go
@@ -37,6 +37,7 @@ var (
 	checkControl       bool
 	checkLength        bool
 	checkStreaming     bool
+	checkBase32768     bool
 	all                bool
 	uploadWait         time.Duration
 	positionLeftRe     = regexp.MustCompile(`(?s)^(.*)-position-left-([[:xdigit:]]+)$`)
@@ -47,13 +48,14 @@ var (
 func init() {
 	test.Command.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.StringVarP(cmdFlags, &writeJSON, "write-json", "", "", "Write results to file")
-	flags.BoolVarP(cmdFlags, &checkNormalization, "check-normalization", "", false, "Check UTF-8 Normalization")
-	flags.BoolVarP(cmdFlags, &checkControl, "check-control", "", false, "Check control characters")
-	flags.DurationVarP(cmdFlags, &uploadWait, "upload-wait", "", 0, "Wait after writing a file")
-	flags.BoolVarP(cmdFlags, &checkLength, "check-length", "", false, "Check max filename length")
-	flags.BoolVarP(cmdFlags, &checkStreaming, "check-streaming", "", false, "Check uploads with indeterminate file size")
-	flags.BoolVarP(cmdFlags, &all, "all", "", false, "Run all tests")
+	flags.StringVarP(cmdFlags, &writeJSON, "write-json", "", "", "Write results to file", "")
+	flags.BoolVarP(cmdFlags, &checkNormalization, "check-normalization", "", false, "Check UTF-8 Normalization", "")
+	flags.BoolVarP(cmdFlags, &checkControl, "check-control", "", false, "Check control characters", "")
+	flags.DurationVarP(cmdFlags, &uploadWait, "upload-wait", "", 0, "Wait after writing a file", "")
+	flags.BoolVarP(cmdFlags, &checkLength, "check-length", "", false, "Check max filename length", "")
+	flags.BoolVarP(cmdFlags, &checkStreaming, "check-streaming", "", false, "Check uploads with indeterminate file size", "")
+	flags.BoolVarP(cmdFlags, &checkBase32768, "check-base32768", "", false, "Check can store all possible base32768 characters", "")
+	flags.BoolVarP(cmdFlags, &all, "all", "", false, "Run all tests", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -71,14 +73,15 @@ a bit of go code for each one.
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1e6, command, args)
-		if !checkNormalization && !checkControl && !checkLength && !checkStreaming && !all {
-			log.Fatalf("no tests selected - select a test or use -all")
+		if !checkNormalization && !checkControl && !checkLength && !checkStreaming && !checkBase32768 && !all {
+			log.Fatalf("no tests selected - select a test or use --all")
 		}
 		if all {
 			checkNormalization = true
 			checkControl = true
 			checkLength = true
 			checkStreaming = true
+			checkBase32768 = true
 		}
 		for i := range args {
 			f := cmd.NewFsDir(args[i : i+1])
@@ -100,6 +103,7 @@ type results struct {
 	canReadUnnormalized  bool
 	canReadRenormalized  bool
 	canStream            bool
+	canBase32768         bool
 }
 
 func newResults(ctx context.Context, f fs.Fs) *results {
@@ -141,6 +145,9 @@ func (r *results) Print() {
 	if checkStreaming {
 		fmt.Printf("canStream = %v\n", r.canStream)
 	}
+	if checkBase32768 {
+		fmt.Printf("base32768isOK = %v // make sure maxFileLength for 2 byte unicode chars is the same as for 1 byte characters\n", r.canBase32768)
+	}
 }
 
 // WriteJSON writes the results to a JSON file when requested
@@ -483,6 +490,9 @@ func readInfo(ctx context.Context, f fs.Fs) error {
 	if checkStreaming {
 		r.checkStreaming()
 	}
+	if checkBase32768 {
+		r.checkBase32768()
+	}
 	r.Print()
 	r.WriteJSON()
 	return nil
diff --git a/cmd/test/makefiles/makefiles.go b/cmd/test/makefiles/makefiles.go
index 7b0ac57a88920..f48778cb03830 100644
--- a/cmd/test/makefiles/makefiles.go
+++ b/cmd/test/makefiles/makefiles.go
@@ -49,25 +49,25 @@ var (
 func init() {
 	test.Command.AddCommand(makefilesCmd)
 	makefilesFlags := makefilesCmd.Flags()
-	flags.IntVarP(makefilesFlags, &numberOfFiles, "files", "", numberOfFiles, "Number of files to create")
-	flags.IntVarP(makefilesFlags, &averageFilesPerDirectory, "files-per-directory", "", averageFilesPerDirectory, "Average number of files per directory")
-	flags.IntVarP(makefilesFlags, &maxDepth, "max-depth", "", maxDepth, "Maximum depth of directory hierarchy")
-	flags.FVarP(makefilesFlags, &minFileSize, "min-file-size", "", "Minimum size of file to create")
-	flags.FVarP(makefilesFlags, &maxFileSize, "max-file-size", "", "Maximum size of files to create")
-	flags.IntVarP(makefilesFlags, &minFileNameLength, "min-name-length", "", minFileNameLength, "Minimum size of file names")
-	flags.IntVarP(makefilesFlags, &maxFileNameLength, "max-name-length", "", maxFileNameLength, "Maximum size of file names")
+	flags.IntVarP(makefilesFlags, &numberOfFiles, "files", "", numberOfFiles, "Number of files to create", "")
+	flags.IntVarP(makefilesFlags, &averageFilesPerDirectory, "files-per-directory", "", averageFilesPerDirectory, "Average number of files per directory", "")
+	flags.IntVarP(makefilesFlags, &maxDepth, "max-depth", "", maxDepth, "Maximum depth of directory hierarchy", "")
+	flags.FVarP(makefilesFlags, &minFileSize, "min-file-size", "", "Minimum size of file to create", "")
+	flags.FVarP(makefilesFlags, &maxFileSize, "max-file-size", "", "Maximum size of files to create", "")
+	flags.IntVarP(makefilesFlags, &minFileNameLength, "min-name-length", "", minFileNameLength, "Minimum size of file names", "")
+	flags.IntVarP(makefilesFlags, &maxFileNameLength, "max-name-length", "", maxFileNameLength, "Maximum size of file names", "")
 
 	test.Command.AddCommand(makefileCmd)
 	makefileFlags := makefileCmd.Flags()
 
 	// Common flags to makefiles and makefile
 	for _, f := range []*pflag.FlagSet{makefilesFlags, makefileFlags} {
-		flags.Int64VarP(f, &seed, "seed", "", seed, "Seed for the random number generator (0 for random)")
-		flags.BoolVarP(f, &zero, "zero", "", zero, "Fill files with ASCII 0x00")
-		flags.BoolVarP(f, &sparse, "sparse", "", sparse, "Make the files sparse (appear to be filled with ASCII 0x00)")
-		flags.BoolVarP(f, &ascii, "ascii", "", ascii, "Fill files with random ASCII printable bytes only")
-		flags.BoolVarP(f, &pattern, "pattern", "", pattern, "Fill files with a periodic pattern")
-		flags.BoolVarP(f, &chargen, "chargen", "", chargen, "Fill files with a ASCII chargen pattern")
+		flags.Int64VarP(f, &seed, "seed", "", seed, "Seed for the random number generator (0 for random)", "")
+		flags.BoolVarP(f, &zero, "zero", "", zero, "Fill files with ASCII 0x00", "")
+		flags.BoolVarP(f, &sparse, "sparse", "", sparse, "Make the files sparse (appear to be filled with ASCII 0x00)", "")
+		flags.BoolVarP(f, &ascii, "ascii", "", ascii, "Fill files with random ASCII printable bytes only", "")
+		flags.BoolVarP(f, &pattern, "pattern", "", pattern, "Fill files with a periodic pattern", "")
+		flags.BoolVarP(f, &chargen, "chargen", "", chargen, "Fill files with a ASCII chargen pattern", "")
 	}
 }
 
@@ -224,7 +224,7 @@ func (r *chargenReader) Read(p []byte) (n int, err error) {
 func fileName() (name string) {
 	for {
 		length := randSource.Intn(maxFileNameLength-minFileNameLength) + minFileNameLength
-		name = random.StringFn(length, randSource.Intn)
+		name = random.StringFn(length, randSource)
 		if _, found := fileNames[name]; !found {
 			break
 		}
diff --git a/cmd/test/test.go b/cmd/test/test.go
index 8888f85c66fc7..381d5681a2fb0 100644
--- a/cmd/test/test.go
+++ b/cmd/test/test.go
@@ -16,7 +16,7 @@ var Command = &cobra.Command{
 	Short: `Run a test command`,
 	Long: `Rclone test is used to run test commands.
 
-Select which test comand you want with the subcommand, eg
+Select which test command you want with the subcommand, eg
 
     rclone test memory remote:
 
diff --git a/cmd/touch/touch.go b/cmd/touch/touch.go
index 5dcf123e37e23..e86aba5556463 100644
--- a/cmd/touch/touch.go
+++ b/cmd/touch/touch.go
@@ -34,10 +34,10 @@ const (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &notCreateNewFile, "no-create", "C", false, "Do not create the file if it does not exist (implied with --recursive)")
-	flags.StringVarP(cmdFlags, &timeAsArgument, "timestamp", "t", "", "Use specified time instead of the current time of day")
-	flags.BoolVarP(cmdFlags, &localTime, "localtime", "", false, "Use localtime for timestamp, not UTC")
-	flags.BoolVarP(cmdFlags, &recursive, "recursive", "R", false, "Recursively touch all files")
+	flags.BoolVarP(cmdFlags, &notCreateNewFile, "no-create", "C", false, "Do not create the file if it does not exist (implied with --recursive)", "")
+	flags.StringVarP(cmdFlags, &timeAsArgument, "timestamp", "t", "", "Use specified time instead of the current time of day", "")
+	flags.BoolVarP(cmdFlags, &localTime, "localtime", "", false, "Use localtime for timestamp, not UTC", "")
+	flags.BoolVarP(cmdFlags, &recursive, "recursive", "R", false, "Recursively touch all files", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -66,6 +66,7 @@ then add the ` + "`--localtime`" + ` flag.
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.39",
+		"groups":            "Filter,Listing,Important",
 	},
 	Run: func(command *cobra.Command, args []string) {
 		cmd.CheckArgs(1, 1, command, args)
@@ -141,7 +142,7 @@ func Touch(ctx context.Context, f fs.Fs, remote string) error {
 	file, err := f.NewObject(ctx, remote)
 	if err != nil {
 		if errors.Is(err, fs.ErrorObjectNotFound) {
-			// Touching non-existant path, possibly creating it as new file
+			// Touching non-existent path, possibly creating it as new file
 			if remote == "" {
 				fs.Logf(f, "Not touching empty directory")
 				return nil
diff --git a/cmd/tree/tree.go b/cmd/tree/tree.go
index 16fb1da371984..a0b1dd44de38e 100644
--- a/cmd/tree/tree.go
+++ b/cmd/tree/tree.go
@@ -35,35 +35,35 @@ func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
 	// List
-	flags.BoolVarP(cmdFlags, &opts.All, "all", "a", false, "All files are listed (list . files too)")
-	flags.BoolVarP(cmdFlags, &opts.DirsOnly, "dirs-only", "d", false, "List directories only")
-	flags.BoolVarP(cmdFlags, &opts.FullPath, "full-path", "", false, "Print the full path prefix for each file")
-	//flags.BoolVarP(cmdFlags, &opts.IgnoreCase, "ignore-case", "", false, "Ignore case when pattern matching")
-	flags.BoolVarP(cmdFlags, &noReport, "noreport", "", false, "Turn off file/directory count at end of tree listing")
-	// flags.BoolVarP(cmdFlags, &opts.FollowLink, "follow", "l", false, "Follow symbolic links like directories")
-	flags.IntVarP(cmdFlags, &opts.DeepLevel, "level", "", 0, "Descend only level directories deep")
+	flags.BoolVarP(cmdFlags, &opts.All, "all", "a", false, "All files are listed (list . files too)", "")
+	flags.BoolVarP(cmdFlags, &opts.DirsOnly, "dirs-only", "d", false, "List directories only", "")
+	flags.BoolVarP(cmdFlags, &opts.FullPath, "full-path", "", false, "Print the full path prefix for each file", "")
+	//flags.BoolVarP(cmdFlags, &opts.IgnoreCase, "ignore-case", "", false, "Ignore case when pattern matching", "")
+	flags.BoolVarP(cmdFlags, &noReport, "noreport", "", false, "Turn off file/directory count at end of tree listing", "")
+	// flags.BoolVarP(cmdFlags, &opts.FollowLink, "follow", "l", false, "Follow symbolic links like directories","")
+	flags.IntVarP(cmdFlags, &opts.DeepLevel, "level", "", 0, "Descend only level directories deep", "")
 	// flags.StringVarP(cmdFlags, &opts.Pattern, "pattern", "P", "", "List only those files that match the pattern given")
 	// flags.StringVarP(cmdFlags, &opts.IPattern, "exclude", "", "", "Do not list files that match the given pattern")
-	flags.StringVarP(cmdFlags, &outFileName, "output", "o", "", "Output to file instead of stdout")
+	flags.StringVarP(cmdFlags, &outFileName, "output", "o", "", "Output to file instead of stdout", "")
 	// Files
-	flags.BoolVarP(cmdFlags, &opts.ByteSize, "size", "s", false, "Print the size in bytes of each file.")
-	flags.BoolVarP(cmdFlags, &opts.FileMode, "protections", "p", false, "Print the protections for each file.")
+	flags.BoolVarP(cmdFlags, &opts.ByteSize, "size", "s", false, "Print the size in bytes of each file.", "")
+	flags.BoolVarP(cmdFlags, &opts.FileMode, "protections", "p", false, "Print the protections for each file.", "")
 	// flags.BoolVarP(cmdFlags, &opts.ShowUid, "uid", "", false, "Displays file owner or UID number.")
 	// flags.BoolVarP(cmdFlags, &opts.ShowGid, "gid", "", false, "Displays file group owner or GID number.")
-	flags.BoolVarP(cmdFlags, &opts.Quotes, "quote", "Q", false, "Quote filenames with double quotes.")
-	flags.BoolVarP(cmdFlags, &opts.LastMod, "modtime", "D", false, "Print the date of last modification.")
+	flags.BoolVarP(cmdFlags, &opts.Quotes, "quote", "Q", false, "Quote filenames with double quotes.", "")
+	flags.BoolVarP(cmdFlags, &opts.LastMod, "modtime", "D", false, "Print the date of last modification.", "")
 	// flags.BoolVarP(cmdFlags, &opts.Inodes, "inodes", "", false, "Print inode number of each file.")
 	// flags.BoolVarP(cmdFlags, &opts.Device, "device", "", false, "Print device ID number to which each file belongs.")
 	// Sort
-	flags.BoolVarP(cmdFlags, &opts.NoSort, "unsorted", "U", false, "Leave files unsorted")
-	flags.BoolVarP(cmdFlags, &opts.VerSort, "version", "", false, "Sort files alphanumerically by version")
-	flags.BoolVarP(cmdFlags, &opts.ModSort, "sort-modtime", "t", false, "Sort files by last modification time")
-	flags.BoolVarP(cmdFlags, &opts.CTimeSort, "sort-ctime", "", false, "Sort files by last status change time")
-	flags.BoolVarP(cmdFlags, &opts.ReverSort, "sort-reverse", "r", false, "Reverse the order of the sort")
-	flags.BoolVarP(cmdFlags, &opts.DirSort, "dirsfirst", "", false, "List directories before files (-U disables)")
-	flags.StringVarP(cmdFlags, &sort, "sort", "", "", "Select sort: name,version,size,mtime,ctime")
+	flags.BoolVarP(cmdFlags, &opts.NoSort, "unsorted", "U", false, "Leave files unsorted", "")
+	flags.BoolVarP(cmdFlags, &opts.VerSort, "version", "", false, "Sort files alphanumerically by version", "")
+	flags.BoolVarP(cmdFlags, &opts.ModSort, "sort-modtime", "t", false, "Sort files by last modification time", "")
+	flags.BoolVarP(cmdFlags, &opts.CTimeSort, "sort-ctime", "", false, "Sort files by last status change time", "")
+	flags.BoolVarP(cmdFlags, &opts.ReverSort, "sort-reverse", "r", false, "Reverse the order of the sort", "")
+	flags.BoolVarP(cmdFlags, &opts.DirSort, "dirsfirst", "", false, "List directories before files (-U disables)", "")
+	flags.StringVarP(cmdFlags, &sort, "sort", "", "", "Select sort: name,version,size,mtime,ctime", "")
 	// Graphics
-	flags.BoolVarP(cmdFlags, &opts.NoIndent, "noindent", "", false, "Don't print indentation lines")
+	flags.BoolVarP(cmdFlags, &opts.NoIndent, "noindent", "", false, "Don't print indentation lines", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -99,6 +99,7 @@ For a more interactive navigation of the remote see the
 `,
 	Annotations: map[string]string{
 		"versionIntroduced": "v1.38",
+		"groups":            "Filter,Listing",
 	},
 	RunE: func(command *cobra.Command, args []string) error {
 		cmd.CheckArgs(1, 1, command, args)
diff --git a/cmd/version/version.go b/cmd/version/version.go
index 5d35cb98ce956..4b61e8d929588 100644
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@@ -2,6 +2,7 @@
 package version
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -13,6 +14,7 @@ import (
 	"github.com/rclone/rclone/cmd"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/config/flags"
+	"github.com/rclone/rclone/fs/fshttp"
 	"github.com/spf13/cobra"
 )
 
@@ -23,7 +25,7 @@ var (
 func init() {
 	cmd.Root.AddCommand(commandDefinition)
 	cmdFlags := commandDefinition.Flags()
-	flags.BoolVarP(cmdFlags, &check, "check", "", false, "Check for new version")
+	flags.BoolVarP(cmdFlags, &check, "check", "", false, "Check for new version", "")
 }
 
 var commandDefinition = &cobra.Command{
@@ -71,9 +73,10 @@ Or
 		"versionIntroduced": "v1.33",
 	},
 	Run: func(command *cobra.Command, args []string) {
+		ctx := context.Background()
 		cmd.CheckArgs(0, 0, command, args)
 		if check {
-			CheckVersion()
+			CheckVersion(ctx)
 		} else {
 			cmd.ShowVersion()
 		}
@@ -89,8 +92,8 @@ func stripV(s string) string {
 }
 
 // GetVersion gets the version available for download
-func GetVersion(url string) (v *semver.Version, vs string, date time.Time, err error) {
-	resp, err := http.Get(url)
+func GetVersion(ctx context.Context, url string) (v *semver.Version, vs string, date time.Time, err error) {
+	resp, err := fshttp.NewClient(ctx).Get(url)
 	if err != nil {
 		return v, vs, date, err
 	}
@@ -114,7 +117,7 @@ func GetVersion(url string) (v *semver.Version, vs string, date time.Time, err e
 }
 
 // CheckVersion checks the installed version against available downloads
-func CheckVersion() {
+func CheckVersion(ctx context.Context) {
 	vCurrent, err := semver.NewVersion(stripV(fs.Version))
 	if err != nil {
 		fs.Errorf(nil, "Failed to parse version: %v", err)
@@ -122,7 +125,7 @@ func CheckVersion() {
 	const timeFormat = "2006-01-02"
 
 	printVersion := func(what, url string) {
-		v, vs, t, err := GetVersion(url + "version.txt")
+		v, vs, t, err := GetVersion(ctx, url+"version.txt")
 		if err != nil {
 			fs.Errorf(nil, "Failed to get rclone %s version: %v", what, err)
 			return
diff --git a/cmdtest/cmdtest_test.go b/cmdtest/cmdtest_test.go
index c8870258cc36f..f77ce9d93d63f 100644
--- a/cmdtest/cmdtest_test.go
+++ b/cmdtest/cmdtest_test.go
@@ -43,7 +43,7 @@ const rcloneTestMain = "RCLONE_TEST_MAIN"
 
 // rcloneExecMain calls rclone with the given environment and arguments.
 // The environment variables are in a single string separated by ;
-// The terminal output is retuned as a string.
+// The terminal output is returned as a string.
 func rcloneExecMain(env string, args ...string) (string, error) {
 	_, found := os.LookupEnv(rcloneTestMain)
 	if !found {
@@ -62,7 +62,7 @@ func rcloneExecMain(env string, args ...string) (string, error) {
 // rcloneEnv calls rclone with the given environment and arguments.
 // The environment variables are in a single string separated by ;
 // The test config file is automatically configured in RCLONE_CONFIG.
-// The terminal output is retuned as a string.
+// The terminal output is returned as a string.
 func rcloneEnv(env string, args ...string) (string, error) {
 	envConfig := env
 	if testConfig != "" {
@@ -76,7 +76,7 @@ func rcloneEnv(env string, args ...string) (string, error) {
 
 // rclone calls rclone with the given arguments, E.g. "version","--help".
 // The test config file is automatically configured in RCLONE_CONFIG.
-// The terminal output is retuned as a string.
+// The terminal output is returned as a string.
 func rclone(args ...string) (string, error) {
 	return rcloneEnv("", args...)
 }
diff --git a/contrib/docker-plugin/managed/Dockerfile b/contrib/docker-plugin/managed/Dockerfile
index 0f82b36aa7335..2a16ed1da633f 100644
--- a/contrib/docker-plugin/managed/Dockerfile
+++ b/contrib/docker-plugin/managed/Dockerfile
@@ -8,7 +8,7 @@ FROM alpine:latest
 COPY --from=binaries /usr/local/bin/rclone /usr/bin/rclone
 
 RUN mkdir -p /data/config /data/cache /mnt \
- && apk --no-cache add ca-certificates fuse tzdata \
+ && apk --no-cache add ca-certificates fuse3 tzdata \
  && echo "user_allow_other" >> /etc/fuse.conf \
  && rclone version
 
diff --git a/docs/content/KEYS b/docs/content/KEYS
new file mode 100644
index 0000000000000..af442fb390509
--- /dev/null
+++ b/docs/content/KEYS
@@ -0,0 +1,138 @@
+This file contains the PGP keys that are and have been used to sign
+rclone releases.
+
+Users: pgp < KEYS
+or
+       gpg --import KEYS
+       
+Developers: 
+    pgp -kxa <your name> and append it to this file.
+or
+    (pgpk -ll <your name> && pgpk -xa <your name>) >> this file.
+or
+    (gpg --list-sigs <your name> && gpg --armor --export <your name>) >> this file.
+
+pub   dsa1024 2001-09-27 [SCA]
+      FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+uid           [ultimate] Nick Craig-Wood <nick@craig-wood.com>
+sig 3        93935E02FF3B54FA 2001-09-27  Nick Craig-Wood <nick@craig-wood.com>
+sig 3        93935E02FF3B54FA 2020-02-03  Nick Craig-Wood <nick@craig-wood.com>
+sig 3        93935E02FF3B54FA 2001-09-27  Nick Craig-Wood <nick@craig-wood.com>
+sig          A54E275E4248E016 2019-11-04  [User ID not found]
+sig          CB0DBEBC5F32C81D 2023-09-03  Nick Craig-Wood <nick@craig-wood.com>
+sub   elg2048 2001-09-27 [E]
+sig          93935E02FF3B54FA 2001-09-27  Nick Craig-Wood <nick@craig-wood.com>
+
+pub   rsa4096 2022-09-16 [SC]
+      E3B358DC858FB307F48170B9CB0DBEBC5F32C81D
+uid           [ultimate] Nick Craig-Wood <nick@craig-wood.com>
+sig 3        CB0DBEBC5F32C81D 2022-09-16  Nick Craig-Wood <nick@craig-wood.com>
+sig          93935E02FF3B54FA 2023-09-03  Nick Craig-Wood <nick@craig-wood.com>
+sub   rsa4096 2022-09-16 [E]
+sig          CB0DBEBC5F32C81D 2022-09-16  Nick Craig-Wood <nick@craig-wood.com>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGiBDuy3V0RBADVQOAF5aFiCxD3t2h6iAF2WMiaMlgZ6kX2i/u7addNkzX71VU9
+7NpI0SnsP5YWt+gEedST6OmFbtLfZWCR4KWn5XnNdjCMNhxaH6WccVqNm4ALPIqT
+59uVjkgf8RISmmoNJ1d+2wMWjQTUfwOEmoIgH6n+2MYNUKuctBrwAACflwCg1I1Q
+O/prv/5hczdpQCs+fL87DxsD/Rt7pIXvsIOZyQWbIhSvNpGalJuMkW5Jx92UjsE9
+1Ipo3Xr6SGRPgW9+NxAZAsiZfCX/19knAyNrN9blwL0rcPDnkhdGwK69kfjF+wq+
+QbogRGodbKhqY4v+cMNkKiemBuTQiWPkpKjifwNsD1fNjNKfDP3pJ64Yz7a4fuzV
+X1YwBACpKVuEen34lmcX6ziY4jq8rKibKBs4JjQCRO24kYoHDULVe+RS9krQWY5b
+e0foDhru4dsKccefK099G+WEzKVCKxupstWkTT/iJwajR8mIqd4AhD0wO9W3MCfV
+Ov8ykMDZ7qBWk1DHc87Ep3W1o8t8wq74ifV+HjhhWg8QAylXg7QlTmljayBDcmFp
+Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPohXBBMRAgAXBQI7st1dBQsHCgME
+AxUDAgMWAgECF4AACgkQk5NeAv87VPoPswCfaetrHxFhv6vpjadYWc6tyAZJHD4A
+n2IfppvFB0vdOFgYBz/+u/6rN4p1iHEEExEIADEFCwcKAwQDFQMCAxYCAQIXgBYh
+BPv3N+zp+KsYYEvSrJOTXgL/O1T6BQJeODZSAhkBAAoJEJOTXgL/O1T6WaYAniMf
+kXJQvNK2OKy5O8ctNXPobjh5AJ9pHlAZkU+x56cTmJzZZ5BwFya2gYhXBBMRAgAX
+BQI7st1dBQsHCgMEAxUDAgMWAgECF4AACgkQk5NeAv87VPoPswCgwDDvPZfRHenT
+ca1r22pCum0FSlkAniLGFmVYPIcnMMF9OxQ6wBy34oZGiQIzBBABCgAdFiEEje07
+Kgm0YIzmpewHpU4nXkJI4BYFAl3Ap2EACgkQpU4nXkJI4BYFjw//Y3MtrkqtACWp
+idlcLHRYpU+e17dhsZBP2afq56/B2zXFvtYnH0QyGN/YDjHMfK6Zi2Xxem7jg8ww
+qH9s7eBAJUwbM6oAuhvQfdqpLCygAAep1ZKhuguSEUvJjoajqPQNjJE/aqini4Es
+fnEVuK+y9L+smQvtFFx9U+PV7l6Z9WE3SFYtFvjUBL3FeaIfh36fUyj4xXR17Guj
+ADtTHiWR4xElJ16NCj2VhfbE2wxoG2/SHDfHpzjW3B/pRJZOCOvJZcrtZRNqruff
+8JGvLObswTlNiTn9rjc5lCPkMhnEke5i20BIymlPMlaNCE64AkkB/FDFed69b7u8
+R1E1LivBL0qoXIt1s8E+UW9ADBCxwloFeHroZhDPs6Y00EK+hGSJonB1pzguVc0u
+MA9v9Gfcx099KQbfuSZefBCzpkktsmulb/59WEfK1Q4oVjdmCUG3/qwmLzAilzs6
+YaD75V6lp1lCON2jWod5xYSPsuvo2T0Exj4Q5MZcLVwqzH4UnmJPqdRVxWhhJEDE
+qlsU+t0LCpDt4saVI5A91k5HMqFOJpX2hbLEx5OG3/gksED6FcZd1mwUVWEChjC0
+L6UNqpQZi+bNAX0CxY9XeqEIMN/EhLDbmLEwUHgMC3G4hX813k23mSWHBRsa0Mik
+PCXX3tRioqPNF5ALl4gOmnF6ZD+WAQeJAjMEEAEIAB0WIQTjs1jchY+zB/SBcLnL
+Db68XzLIHQUCZPRnNAAKCRDLDb68XzLIHZSAD/oCk9Z0xJfbpriphTBxFy7bWyPK
+F1lM1GZZaLKkktGfunf1i0Q7rhwpNu+u1launlOTp6ZoY36Ce2Qa1eSxWAQdjVaj
+w9kOHXCAewrTREOMY/mb7RVGjajo0Egl8T9iD3JRyaxu2iVtbpZYuqehtGG28CaC
+zmtqE+EJcx1cGqAGSuuaDWRYlVX8KDip44GQB5Lut30vwSIoZG1CPCR6VE82u4cl
+3mYZUfcJkCHsiLzoeadVzb+fOd+2ybzBn8Y77ifGgM+dSFSHe03mFfcHPdp0QImF
+9HQR7XI0UMZmEJsw7c2vDrRa+kRY2A4/amGn4Tahuazq8g2yqgGm3yAj49qGNarA
+au849lDr7R49j73ESnNVBGJ9ShzU4Ls+S1A5gohZVu2s1fkE3mbAmoTfU4JCrpRy
+dOuL9xRJk5gbL44sKeuGODNshyTPJzG9DmRHpLsBn59v8mg5tqSfBIGqcqBxxnYH
+JnkK801MkaLW2m7wDmtz6P3TW86gGukzfIN3/OufLjnpN3Nx376JwWDDIyif7sn6
+/q+ZMwGz9uLKZkAeM5c3Dh4ygpgliSLoV2bZzDz0iLxKWW7QOVVdWHmlEqbTldpQ
+7gUEPG7mxpzVo0xd6nHncSq0M91x29It4B3fATx/iJB2eardMzSsbzHiwTg0eswh
+YYGpSKZLgp4RShnVAbkCDQQ7st2BEAgAjpB0UGDf/FrWAUo9jLWKFX15J0arBZkY
+m+iRax8K8fLnXzS2P+9Q04sAmt2qCUxK9681Nd7xtPrkPrjbcACwuFyH3Cr9o2qs
+eiVNgAHPFGKCNxLX/9PKWfmdoZTOVVBcNV+sOTcx382uR04WPuv9jIwXT6JbCkXP
+aoCMv3mLnB9VnWRYatPYCaK8TXAPWxZP8lrcUMjQ1GRTQ1vP9rRMp7iaXyItW1le
+lNFvHEII92QddeBLK7V5ng2sX/BMm6/AafXZMnUQX3lpWQfEBTDT4qYsZ1zIEb4g
+q4dqauyNYgBcZdX//8oDE+BS2FxxDTccyOW0Wyt2Z6flDTfhgzd46wADBQf+MAqI
+gADwulmZk+e30Znj46VmnbZUB/J8M4WXg6X5xaOQsCCMAWybmCc4pxFIT/1c/GdC
+qSHDv5nKBi5QyBMMn33/kgzVRAveihL6gWsNoT31Lxst457XuyRx1dwD8rzdWoP2
+b3etBGdu0P7vnOoqRmf1Y0XIoJeDk/o8U901hG2VAo5zAVH2YdEtSZqlBIAzxjak
+KAAtnsZWIpBxrz9NPVOBmT18kxlgZ7P4iU4/FMnGOfzT6/LCTj/B0hZKJCP7y7lH
+NP2yOabvvBsxU0ZGph1b8R6Zb1nP2+LQIi8kaBs8ypy7HDx7/mWe5DoyLe4NHQ/Z
+E0gCEWt1mlVIwTzFBohGBBgRAgAGBQI7st2BAAoJEJOTXgL/O1T6YsEAoLZx0XLt
+4tpAC/LNwTZUrodUiOckAKC4DTRvEtC4nj5EImssVk/xmU3ax5kCDQRjJI69ARAA
+wCCaKZZmZe8mmusRuoHrqeVImFo+JUTNiktszB/l97INgZCSpVGFOcc4l4Weoioy
+hObJV5wnpFjhadhpiRG1XYzNYi6vNKz8lsUkFxfkIFiXU2kRkwtQShiWf4LmobDQ
+sY9SXRK2cVEFQwOqK9E0k99ZKoaQ31aqq1zcAzkRlBrJmjgmRJHX3DltA7z676Ap
+YEJgAkDRBXFe3zViuxZ0/MMYqtwsbePvOMkXlPmQJ8havOjZRa0mEZtDekMt11vv
+1bG1qFebMFuwYVd7YZ1kzL8NU8gNOtuW0E67Ts5voZdlZiQAbDke9V9uj9+hfae6
+vICrZ7eriPGVD6BetGNjUNFN+8fwHMycOvvHjZ/JlN8lCfw4ImK4F18ms51pqD74
+3w0b2VvoQOkkCzEyUReTixh60aMIabx8so4BmFdi7cK9E+4/WU933d+dSEVgr9Hp
+ast2WoNTo7cPWgIcxSctWvq9AIULLDVytI2BVRbIRL5vZHNIlE839AVbef8SP5Vc
+V+8xjNRw3bzpxhnu4TqYTrvexvq7YOsMxVc9qqN2w8w+Q6jL/0Hjq2fUouV6JH/u
+6GY1vo9dCOXMROS/fD3qJfDIb/NZuYqnt2jQArJW2YVxL+4DE7yKvSNaHGY5kwEV
+BrQCCTb16ANWxUHkBBuSP2+hYKrVQPAisdsovHRgcF0AEQEAAbQlTmljayBDcmFp
+Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPokCTgQTAQgAOBYhBOOzWNyFj7MH
+9IFwucsNvrxfMsgdBQJjJI69AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
+EMsNvrxfMsgdxW8QAIckFmxogPfLD6kqIoiZerqPRcz5rYBfxa7lgQkuoLaqWhCP
+QR+e5Ug3bqxexkYQrTyZwqzTTgntTTWt4hSg75mgAujMQh1bsYbxcSHiLSh3Q8bO
+AaX3o+ewycqKRvaVLYD7m/f8ZHgjRdwtEV3M9tVIOpa/KB51+3PM23Kx7pWP8RnT
+mLhbxDCQTYE4yiLFPBIoG8NH1raLXonvLHP+wFs2OJ18fkq3DHTKK48dTRs/QyNl
+/kgmuFUv/SyXDEoe9XdweNnN4N005R7bHW9iJEoV8KBFJi9/K89jokwrrRCUk1Pz
+p/QXSKYLX59uqufL4LQOCtEhmVJPTQKCd4eUhvCva70efRm1fwqV/PHJDXB2Y84Q
+oBPyxitFJGvBc1RsB3t1iO9IAuWnfFLYBayVGbpHseO5RdgJT/Q1hWeZTFi3vfXX
+snuDSl5FcjLhDVe5rrAa/oAGki2fA7YOeK7PB0uwK7O8s2ZErDHnV99zYMVy7hnY
+LhxDhic4mQ/1uJ/6mcEO+6NU4FM6EA0Bt28WTgRyOM2WnZ8xjBBmHtV4ucvmbQn1
+CCZUCe6HG06l8/soaMKiCZFS0CKwed9ymhlHPp5nyD3CJw53EKdEDQAjSOxc9sI0
+L5/P73ijRkOVz5xMtyxXXAnsyVa0yXo/rbzBGjKMcJeuAa1168a3ydu0gMMWiF0E
+EBEIAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZPRnIgAKCRCTk14C/ztU+nDL
+AJ99G+k/+uCkMnJuQazlb10HeiF4DwCgx+BNLTMkLduN9F+bqPsKq0oVsCa5Ag0E
+YySOvQEQALoUUvMMNBKr7xMUVSe/lvBQUhzdthcDARdCf5m/UQoBYdyfYEA7m0x1
+5fKMl2duZdT9pYTSt60LeRXiC4bJaMCl60Nb2gwPF7ko32TFLpEyRHznVeEw+ExV
+OU82lOWwI6AOFwHO4hL+wgK5RXV9qgve3n30ccTvKRHpjmQSa2YD3S5pO20KRsJt
+iU8nm1+e7zXGEqWvR3L4QhJtN4Xtda+Gv95lH22Y+XnHri9MNMYbXrhTrOAig1ne
+5GF3goG/yps6QyoV2zdY+Zqojpi9sCtRdiwbETbp8izQNV53QBqORIILBuzZpmqJ
+gSNbbFsAdJkmPfLbjx57BieF2YUvsl0DtVc8KdN6UCrhQF2CNaGdWWpJyKF6AHkE
+iIt0npvlgAM8ZZ0y0WF5XqefvIEMx7DmpKZ822gvR2aTmDJzPhgFTVhelVHDJ6NS
+l5FUhA+DB1U7SwFULc2VFJdDa2zrnM0T+bz5cc8mi1zazzcBklzLNpRoT0Iex2LC
++KPFmsBbObKGffvDwQkEJgBJ9FweRGLfiHOo1V4E+QwIZhoch/H5u9+2J3Hp0S/r
+H6Jn97AjYZMUVZBC4rICBaIevqaIuP/Qno2hRSkccF388lLBWRW/qa8vaRpk9Xgt
+8umvLmnumEKmmWxF6rHZu34ijgnaWfuunydfiu/v0kd6H5tO8h9NABEBAAGJAjYE
+GAEIACAWIQTjs1jchY+zB/SBcLnLDb68XzLIHQUCYySOvQIbDAAKCRDLDb68XzLI
+HcZpD/oCT20Tufzh3YvRqd7+nAziHzPoz15bkd0Y2B9wAQ4kkT4o6/vSSqpQeBAL
+UVh54cTaMkyFUTr53U5rK0QyEFrwa1j6wQvHSbOhaCAVacii9n8eyELI0755eCAN
+7w7mRsS05hTgKdQwn4TKnb9FvST+TMyyBcL8IPnHcmYbiX1repRlUZ5VvyWtQDO2
+Z3BISWtOnMJjItQ9N8zj3KkeLVtWennroYpDEJo2qpb5Ga320Mijoh0Mm8r3uM7o
+rarpfnEsUGiko++elHVbgv7iTxyfxV+ny14ROAcY6VtF8a6MUflKYnAJytD9fwGt
+2+Of7CB72b3Zq47XLh7FXozqWL2zCVrU5u55NXKGaSRXmPec54RrtAF0BfGpkbHZ
+W4xOS2E4IzBNf3rhh7Nj+4MCGmx7RuRzHvlkltS38ktXQmUfch8pFhLKW8byxFhu
+Je3QS3vnKmA2dQzHKZDQj8uyHUUD0WQlBtaY2p7G4zFhuC+xNHDs8Xbo+NCgsmg7
+8qSub42rXViT0kK9xeAKr3qKbumQqIfXHWQvamFHJeIpvrLEffhWKZc83PXpL9wY
+JP/Rm0jTtKJeqD8w7rnafOi9qKyE2FgpltdWzsUSPDjqMlCgCrggqtUzTgKYl1S/
+6jXcPGkEadKE/t3kelkupnlwlyVLxF7NaIrb8fAqCau0MWIh4g==
+=Iv9u
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/docs/content/_index.md b/docs/content/_index.md
index 16ea91e1aafa1..a749137515c61 100644
--- a/docs/content/_index.md
+++ b/docs/content/_index.md
@@ -21,7 +21,7 @@ notoc: true
 
 Rclone is a command-line program to manage files on cloud storage. It
 is a feature-rich alternative to cloud vendors' web storage
-interfaces. [Over 40 cloud storage products](#providers) support
+interfaces. [Over 70 cloud storage products](#providers) support
 rclone including S3 object stores, business & consumer file storage
 services, as well as standard transfer protocols.
 
@@ -113,7 +113,7 @@ WebDAV or S3, that work out of the box.)
 {{< provider name="Box" home="https://www.box.com/" config="/box/" >}}
 {{< provider name="Ceph" home="http://ceph.com/" config="/s3/#ceph" >}}
 {{< provider name="China Mobile Ecloud Elastic Object Storage (EOS)" home="https://ecloud.10086.cn/home/product-introduction/eos/" config="/s3/#china-mobile-ecloud-eos" >}}
-{{< provider name="Arvan Cloud Object Storage (AOS)" home="https://www.arvancloud.com/en/products/cloud-storage" config="/s3/#arvan-cloud-object-storage-aos" >}}
+{{< provider name="Arvan Cloud Object Storage (AOS)" home="https://www.arvancloud.ir/en/products/cloud-storage" config="/s3/#arvan-cloud-object-storage-aos" >}}
 {{< provider name="Citrix ShareFile" home="http://sharefile.com/" config="/sharefile/" >}}
 {{< provider name="Cloudflare R2" home="https://blog.cloudflare.com/r2-open-beta/" config="/s3/#cloudflare-r2" >}}
 {{< provider name="DigitalOcean Spaces" home="https://www.digitalocean.com/products/object-storage/" config="/s3/#digitalocean-spaces" >}}
@@ -121,6 +121,7 @@ WebDAV or S3, that work out of the box.)
 {{< provider name="Dreamhost" home="https://www.dreamhost.com/cloud/storage/" config="/s3/#dreamhost" >}}
 {{< provider name="Dropbox" home="https://www.dropbox.com/" config="/dropbox/" >}}
 {{< provider name="Enterprise File Fabric" home="https://storagemadeeasy.com/about/" config="/filefabric/" >}}
+{{< provider name="Fastmail Files" home="https://www.fastmail.com/" config="/webdav/#fastmail-files" >}}
 {{< provider name="FTP" home="https://en.wikipedia.org/wiki/File_Transfer_Protocol" config="/ftp/" >}}
 {{< provider name="Google Cloud Storage" home="https://cloud.google.com/storage/" config="/googlecloudstorage/" >}}
 {{< provider name="Google Drive" home="https://www.google.com/drive/" config="/drive/" >}}
@@ -135,26 +136,35 @@ WebDAV or S3, that work out of the box.)
 {{< provider name="IDrive e2" home="https://www.idrive.com/e2/?refer=rclone" config="/s3/#idrive-e2" >}}
 {{< provider name="IONOS Cloud" home="https://cloud.ionos.com/storage/object-storage" config="/s3/#ionos" >}}
 {{< provider name="Koofr" home="https://koofr.eu/" config="/koofr/" >}}
+{{< provider name="Leviia Object Storage" home="https://www.leviia.com/object-storage" config="/s3/#leviia" >}}
 {{< provider name="Liara Object Storage" home="https://liara.ir/landing/object-storage" config="/s3/#liara-object-storage" >}}
+{{< provider name="Linkbox" home="https://linkbox.to/" config="/linkbox/" >}}
+{{< provider name="Linode Object Storage" home="https://www.linode.com/products/object-storage/" config="/s3/#linode" >}}
 {{< provider name="Mail.ru Cloud" home="https://cloud.mail.ru/" config="/mailru/" >}}
 {{< provider name="Memset Memstore" home="https://www.memset.com/cloud/storage/" config="/swift/" >}}
 {{< provider name="Mega" home="https://mega.nz/" config="/mega/" >}}
 {{< provider name="Memory" home="/memory/" config="/memory/" >}}
 {{< provider name="Microsoft Azure Blob Storage" home="https://azure.microsoft.com/en-us/services/storage/blobs/" config="/azureblob/" >}}
+{{< provider name="Microsoft Azure Files Storage" home="https://azure.microsoft.com/en-us/services/storage/files/" config="/azurefiles/" >}}
 {{< provider name="Microsoft OneDrive" home="https://onedrive.live.com/" config="/onedrive/" >}}
 {{< provider name="Minio" home="https://www.minio.io/" config="/s3/#minio" >}}
 {{< provider name="Nextcloud" home="https://nextcloud.com/" config="/webdav/#nextcloud" >}}
 {{< provider name="OVH" home="https://www.ovh.co.uk/public-cloud/storage/object-storage/" config="/swift/" >}}
+{{< provider name="Blomp Cloud Storage" home="https://rclone.org/swift/" config="/swift/" >}}
 {{< provider name="OpenDrive" home="https://www.opendrive.com/" config="/opendrive/" >}}
 {{< provider name="OpenStack Swift" home="https://docs.openstack.org/swift/latest/" config="/swift/" >}}
 {{< provider name="Oracle Cloud Storage Swift" home="https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html" config="/swift/" >}}
 {{< provider name="Oracle Object Storage" home="https://www.oracle.com/cloud/storage/object-storage" config="/oracleobjectstorage/" >}}
 {{< provider name="ownCloud" home="https://owncloud.org/" config="/webdav/#owncloud" >}}
 {{< provider name="pCloud" home="https://www.pcloud.com/" config="/pcloud/" >}}
+{{< provider name="Petabox" home="https://petabox.io/" config="/s3/#petabox" >}}
+{{< provider name="PikPak" home="https://mypikpak.com/" config="/pikpak/" >}}
 {{< provider name="premiumize.me" home="https://premiumize.me/" config="/premiumizeme/" >}}
 {{< provider name="put.io" home="https://put.io/" config="/putio/" >}}
+{{< provider name="Proton Drive" home="https://proton.me/drive" config="/protondrive/" >}}
 {{< provider name="QingStor" home="https://www.qingcloud.com/products/storage" config="/qingstor/" >}}
 {{< provider name="Qiniu Cloud Object Storage (Kodo)" home="https://www.qiniu.com/en/products/kodo" config="/s3/#qiniu" >}}
+{{< provider name="Quatrix by Maytech" home="https://www.maytech.net/products/quatrix-business" config="/quatrix/" >}}
 {{< provider name="Rackspace Cloud Files" home="https://www.rackspace.com/cloud/files" config="/swift/" >}}
 {{< provider name="rsync.net" home="https://rsync.net/products/rclone.html" config="/sftp/#rsync-net" >}}
 {{< provider name="Scaleway" home="https://www.scaleway.com/object-storage/" config="/s3/#scaleway" >}}
@@ -166,6 +176,7 @@ WebDAV or S3, that work out of the box.)
 {{< provider name="SMB / CIFS" home="https://en.wikipedia.org/wiki/Server_Message_Block" config="/smb/" >}}
 {{< provider name="StackPath" home="https://www.stackpath.com/products/object-storage/" config="/s3/#stackpath" >}}
 {{< provider name="Storj" home="https://storj.io/" config="/storj/" >}}
+{{< provider name="Synology" home="https://c2.synology.com/en-global/object-storage/overview" config="/s3/#synology-c2" >}}
 {{< provider name="SugarSync" home="https://sugarsync.com/" config="/sugarsync/" >}}
 {{< provider name="Tencent Cloud Object Storage (COS)" home="https://intl.cloud.tencent.com/product/cos" config="/s3/#tencent-cos" >}}
 {{< provider name="Uptobox" home="https://uptobox.com" config="/uptobox/" >}}
diff --git a/docs/content/amazonclouddrive.md b/docs/content/amazonclouddrive.md
index b0068f94f524d..cffc75e1f7285 100644
--- a/docs/content/amazonclouddrive.md
+++ b/docs/content/amazonclouddrive.md
@@ -127,13 +127,13 @@ To copy a local directory to an Amazon Drive directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and MD5SUMs
+### Modification times and hashes
 
 Amazon Drive doesn't allow modification times to be changed via
 the API so these won't be accurate or used for syncing.
 
-It does store MD5SUMs so for a more accurate sync, you can use the
-`--checksum` flag.
+It does support the MD5 hash algorithm, so for a more accurate sync,
+you can use the `--checksum` flag.
 
 ### Restricted filename characters
 
@@ -303,7 +303,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_ACD_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/authors.md b/docs/content/authors.md
index 34fa161c202d0..447fac7b84d15 100644
--- a/docs/content/authors.md
+++ b/docs/content/authors.md
@@ -13,7 +13,7 @@ Authors
 Contributors
 ------------
 
-{{< rem `email addresses removed from here need to be addeed to
+{{< rem `email addresses removed from here need to be added to
 bin/.ignore-emails to make sure update-authors.py doesn't immediately
 put them back in again.` >}}
 
@@ -526,7 +526,7 @@ put them back in again.` >}}
   * HNGamingUK <connor@earnshawhome.co.uk>
   * Jonta <359397+Jonta@users.noreply.github.com>
   * YenForYang <YenForYang@users.noreply.github.com>
-  * Joda Stößer <stoesser@yay-digital.de> <services+github@simjo.st>
+  * SimJoSt / Joda Stößer <git@simjo.st>
   * Logeshwaran <waranlogesh@gmail.com>
   * Rajat Goel <rajat@dropbox.com>
   * r0kk3rz <r0kk3rz@gmail.com>
@@ -541,7 +541,6 @@ put them back in again.` >}}
   * Chris Nelson <stuff@cjnaz.com>
   * Felix Bünemann <felix.buenemann@gmail.com>
   * Atílio Antônio <atiliodadalto@hotmail.com>
-  * Roberto Ricci <ricci@disroot.org>
   * Carlo Mion <mion00@gmail.com>
   * Chris Lu <chris.lu@gmail.com>
   * Vitor Arruda <vitor.pimenta.arruda@gmail.com>
@@ -587,7 +586,7 @@ put them back in again.` >}}
   * Leroy van Logchem <lr.vanlogchem@gmail.com>
   * Zsolt Ero <zsolt.ero@gmail.com>
   * Lesmiscore <nao20010128@gmail.com>
-  * ehsantdy <ehsan.tadayon@arvancloud.com>
+  * ehsantdy <ehsan.tadayon@arvancloud.com> <ehsantadayon85@gmail.com>
   * SwazRGB <65694696+swazrgb@users.noreply.github.com>
   * Mateusz Puczyński <mati6095@gmail.com>
   * Michael C Tiernan - MIT-Research Computing Project <mtiernan@mit.edu>
@@ -597,6 +596,7 @@ put them back in again.` >}}
   * Christian Galo <36752715+cgalo5758@users.noreply.github.com>
   * Erik van Velzen <erik@evanv.nl>
   * Derek Battams <derek@battams.ca>
+  * Paul <devnoname120@gmail.com>
   * SimonLiu <simonliu009@users.noreply.github.com>
   * Hugo Laloge <hla@lescompanions.com>
   * Mr-Kanister <68117355+Mr-Kanister@users.noreply.github.com>
@@ -696,3 +696,112 @@ put them back in again.` >}}
   * Leandro Sacchet <leandro.sacchet@animati.com.br>
   * dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
   * cycneuramus <56681631+cycneuramus@users.noreply.github.com>
+  * Arnavion <me@arnavion.dev>
+  * Christopher Merry <christopher.merry@mlb.com>
+  * Thibault Coupin <thibault.coupin@gmail.com>
+  * Richard Tweed <RichardoC@users.noreply.github.com>
+  * Zach Kipp <Zacho2@users.noreply.github.com>
+  * yuudi <26199752+yuudi@users.noreply.github.com>
+  * NickIAm <NickIAm@users.noreply.github.com>
+  * Juang, Yi-Lin <frankyjuang@gmail.com>
+  * jumbi77 <jumbi77@users.noreply.github.com>
+  * Aditya Basu <ab.aditya.basu@gmail.com>
+  * ed <s@ocv.me>
+  * Drew Parsons <dparsons@emerall.com>
+  * Joel <joelnb@users.noreply.github.com>
+  * wiserain <mail275@gmail.com>
+  * Roel Arents <roel.arents@kadaster.nl>
+  * Shyim <github@shyim.de>
+  * Rintze Zelle <78232505+rzelle-lallemand@users.noreply.github.com>
+  * Damo <damoclark@users.noreply.github.com>
+  * WeidiDeng <weidi_deng@icloud.com>
+  * Brian Starkey <stark3y@gmail.com>
+  * jladbrook <jhladbrook@gmail.com>
+  * Loren Gordon <lorengordon@users.noreply.github.com>
+  * dlitster <davidlitster@gmail.com>
+  * Tobias Gion <tobias@gion.io>
+  * Jānis Bebrītis <janis.bebritis@wunder.io>
+  * Adam K <github.com@ak.tidy.email>
+  * Andrei Smirnov <smirnov.captain@gmail.com>
+  * Janne Hellsten <jjhellst@gmail.com>
+  * cc <12904584+shvc@users.noreply.github.com>
+  * Tareq Sharafy <tareq.sha@gmail.com>
+  * kapitainsky <dariuszb@me.com>
+  * douchen <playgoobug@gmail.com>
+  * Sam Lai <70988+slai@users.noreply.github.com>
+  * URenko <18209292+URenko@users.noreply.github.com>
+  * Stanislav Gromov <kullfar@gmail.com>
+  * Paulo Schreiner <paulo.schreiner@delivion.de>
+  * Mariusz Suchodolski <mariusz@suchodol.ski>
+  * danielkrajnik <dan94kra@gmail.com>
+  * Peter Fern <github@0xc0dedbad.com>
+  * zzq <i@zhangzqs.cn>
+  * mac-15 <usman.ilamdin@phpstudios.com>
+  * Sawada Tsunayoshi <34431649+TsunayoshiSawada@users.noreply.github.com>
+  * Dean Attali <daattali@gmail.com>
+  * Fjodor42 <molgaard@gmail.com>
+  * BakaWang <wa11579@hotmail.com>
+  * Mahad <56235065+Mahad-lab@users.noreply.github.com>
+  * Vladislav Vorobev <x.miere@gmail.com>
+  * darix <darix@users.noreply.github.com>
+  * Benjamin <36415086+bbenjamin-sys@users.noreply.github.com>
+  * Chun-Hung Tseng <henrybear327@users.noreply.github.com>
+  * Ricardo D'O. Albanus <rdalbanus@users.noreply.github.com>
+  * gabriel-suela <gscsuela@gmail.com>
+  * Tiago Boeing <contato@tiagoboeing.com>
+  * Edwin Mackenzie-Owen <edwin.mowen@gmail.com>
+  * Niklas Hambüchen <mail@nh2.me>
+  * yuudi <yuudi@users.noreply.github.com>
+  * Zach <github@prozach.org>
+  * nielash <31582349+nielash@users.noreply.github.com>
+  * Julian Lepinski <lepinsk@users.noreply.github.com>
+  * Raymond Berger <RayBB@users.noreply.github.com>
+  * Nihaal Sangha <nihaal.git@gmail.com>
+  * Masamune3210 <1053504+Masamune3210@users.noreply.github.com>
+  * James Braza <jamesbraza@gmail.com>
+  * antoinetran <antoinetran@users.noreply.github.com>
+  * alexia <me@alexia.lol>
+  * nielash <nielronash@gmail.com>
+  * Vitor Gomes <vitor.gomes@delivion.de> <mail@vitorgomes.com>
+  * Jacob Hands <jacob@gogit.io>
+  * hideo aoyama <100831251+boukendesho@users.noreply.github.com>
+  * Roberto Ricci <io@r-ricci.it>
+  * Bjørn Smith <bjornsmith@gmail.com>
+  * Alishan Ladhani <8869764+aladh@users.noreply.github.com>
+  * zjx20 <zhoujianxiong2@gmail.com>
+  * Oksana <142890647+oks-maytech@users.noreply.github.com>
+  * Volodymyr Kit <v.kit@maytech.net>
+  * David Pedersen <limero@me.com>
+  * Drew Stinnett <drew@drewlink.com>
+  * Pat Patterson <pat@backblaze.com>
+  * Herby Gillot <herby.gillot@gmail.com>
+  * Nikita Shoshin <shoshin_nikita@fastmail.com>
+  * rinsuki <428rinsuki+git@gmail.com>
+  * Beyond Meat <51850644+beyondmeat@users.noreply.github.com>
+  * Saleh Dindar <salh@fb.com>
+  * Volodymyr <142890760+vkit-maytech@users.noreply.github.com>
+  * Gabriel Espinoza <31670639+gspinoza@users.noreply.github.com>
+  * Keigo Imai <keigo.imai@gmail.com>
+  * Ivan Yanitra <iyanitra@tesla-consulting.com>
+  * alfish2000 <alfish2000@gmail.com>
+  * wuxingzhong <qq330332812@gmail.com>
+  * Adithya Kumar <akumar42@protonmail.com>
+  * Tayo-pasedaRJ <138471223+Tayo-pasedaRJ@users.noreply.github.com>
+  * Peter Kreuser <logo@kreuser.name>
+  * Piyush <piyushgarg80>
+  * fotile96 <fotile96@users.noreply.github.com>
+  * Luc Ritchie <luc.ritchie@gmail.com>
+  * cynful <cynful@users.noreply.github.com>
+  * wjielai <wjielai@tencent.com>
+  * Jack Deng <jackdeng@gmail.com>
+  * Mikubill <31246794+Mikubill@users.noreply.github.com>
+  * Artur Neumann <artur@jankaritech.com>
+  * Saw-jan <saw.jan.grg3e@gmail.com>
+  * Oksana Zhykina <o.zhykina@maytech.net>
+  * karan <karan.gupta92@gmail.com>
+  * viktor <viktor@yakovchuk.net>
+  * moongdal <moongdal@tutanota.com>
+  * Mina Galić <freebsd@igalic.co>
+  * Alen Šiljak <dev@alensiljak.eu.org>
+  * 你知道未来吗 <rkonfj@gmail.com>
+  * Abhinav Dhiman <8640877+ahnv@users.noreply.github.com>
diff --git a/docs/content/azureblob.md b/docs/content/azureblob.md
index 9a3440e99a93f..0e4bfd7f2d7ec 100644
--- a/docs/content/azureblob.md
+++ b/docs/content/azureblob.md
@@ -75,10 +75,10 @@ This remote supports `--fast-list` which allows you to use fewer
 transactions in exchange for more memory. See the [rclone
 docs](/docs/#fast-list) for more details.
 
-### Modified time
+### Modification times and hashes
 
-The modified time is stored as metadata on the object with the `mtime`
-key.  It is stored using RFC3339 Format time with nanosecond
+The modification time is stored as metadata on the object with the
+`mtime` key.  It is stored using RFC3339 Format time with nanosecond
 precision.  The metadata is supplied during directory listings so
 there is no performance overhead to using it.
 
@@ -88,6 +88,10 @@ flag. Note that rclone can't set `LastModified`, so using the
 `--update` flag when syncing is recommended if using
 `--use-server-modtime`.
 
+MD5 hashes are stored with blobs. However blobs that were uploaded in
+chunks only have an MD5 if the source remote was capable of MD5
+hashes, e.g. the local disk.
+
 ### Performance
 
 When uploading large files, increasing the value of
@@ -116,12 +120,6 @@ These only get replaced if they are the last character in the name:
 Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
 as they can't be used in JSON strings.
 
-### Hashes
-
-MD5 hashes are stored with blobs.  However blobs that were uploaded in
-chunks only have an MD5 if the source remote was capable of MD5
-hashes, e.g. the local disk.
-
 ### Authentication {#authentication}
 
 There are a number of ways of supplying credentials for Azure Blob
@@ -162,6 +160,12 @@ It reads configuration from these variables, in the following order:
     - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
     - `AZURE_USERNAME`: a username (usually an email address)
     - `AZURE_PASSWORD`: the user's password
+4. Workload Identity
+    - `AZURE_TENANT_ID`: Tenant to authenticate in.
+    - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+    - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+    - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
 
 ##### Env Auth: 2. Managed Service Identity Credentials
 
@@ -189,7 +193,7 @@ Then you could access rclone resources like this:
 
 Or
 
-    rclone lsf --azureblob-env-auth --azureblob-acccount=ACCOUNT :azureblob:CONTAINER
+    rclone lsf --azureblob-env-auth --azureblob-account=ACCOUNT :azureblob:CONTAINER
 
 Which is analogous to using the `az` tool:
 
@@ -669,10 +673,10 @@ Properties:
 
 #### --azureblob-access-tier
 
-Access tier of blob: hot, cool or archive.
+Access tier of blob: hot, cool, cold or archive.
 
-Archived blobs can be restored by setting access tier to hot or
-cool. Leave blank if you intend to use default access tier, which is
+Archived blobs can be restored by setting access tier to hot, cool or
+cold. Leave blank if you intend to use default access tier, which is
 set at account level
 
 If there is no "access tier" specified, rclone doesn't apply any tier.
@@ -680,7 +684,7 @@ rclone performs "Set Tier" operation on blobs while uploading, if objects
 are not modified, specifying "access tier" to new one will have no effect.
 If blobs are in "archive tier" at remote, trying to perform data transfer
 operations from remote will not be allowed. User should first restore by
-tiering blob to "Hot" or "Cool".
+tiering blob to "Hot", "Cool" or "Cold".
 
 Properties:
 
@@ -731,10 +735,7 @@ Properties:
 
 #### --azureblob-memory-pool-flush-time
 
-How often internal memory buffer pools will be flushed.
-
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.
+How often internal memory buffer pools will be flushed. (no longer used)
 
 Properties:
 
@@ -745,7 +746,7 @@ Properties:
 
 #### --azureblob-memory-pool-use-mmap
 
-Whether to use mmap buffers in internal memory pool.
+Whether to use mmap buffers in internal memory pool. (no longer used)
 
 Properties:
 
@@ -764,7 +765,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_AZUREBLOB_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
 
 #### --azureblob-public-access
@@ -786,6 +787,24 @@ Properties:
     - "container"
         - Allow full public read access for container and blob data.
 
+#### --azureblob-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option
+creates an empty object ending with "/", to persist the folder.
+
+This object also has the metadata "hdi_isfolder = true" to conform to
+the Microsoft standard.
+ 
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_AZUREBLOB_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
 #### --azureblob-no-check-container
 
 If set, don't attempt to check the container exists or create it.
diff --git a/docs/content/azurefiles.md b/docs/content/azurefiles.md
new file mode 100644
index 0000000000000..a6e84f2e0c6fd
--- /dev/null
+++ b/docs/content/azurefiles.md
@@ -0,0 +1,707 @@
+---
+title: "Microsoft Azure Files Storage"
+description: "Rclone docs for Microsoft Azure Files Storage"
+versionIntroduced: "v1.65"
+---
+
+# {{< icon "fab fa-windows" >}} Microsoft Azure Files Storage
+
+Paths are specified as `remote:` You may put subdirectories in too,
+e.g. `remote:path/to/dir`.
+
+## Configuration
+
+Here is an example of making a Microsoft Azure Files Storage
+configuration.  For a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Microsoft Azure Files Storage
+   \ "azurefiles"
+[snip]
+
+Option account.
+Azure Storage Account Name.
+Set this to the Azure Storage Account Name in use.
+Leave blank to use SAS URL or connection string, otherwise it needs to be set.
+If this is blank and if env_auth is set it will be read from the
+environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
+Enter a value. Press Enter to leave empty.
+account> account_name
+
+Option share_name.
+Azure Files Share Name.
+This is required and is the name of the share to access.
+Enter a value. Press Enter to leave empty.
+share_name> share_name
+
+Option env_auth.
+Read credentials from runtime (environment variables, CLI or MSI).
+See the [authentication docs](/azurefiles#authentication) for full info.
+Enter a boolean value (true or false). Press Enter for the default (false).
+env_auth> 
+
+Option key.
+Storage Account Shared Key.
+Leave blank to use SAS URL or connection string.
+Enter a value. Press Enter to leave empty.
+key> base64encodedkey==
+
+Option sas_url.
+SAS URL.
+Leave blank if using account/key or connection string.
+Enter a value. Press Enter to leave empty.
+sas_url> 
+
+Option connection_string.
+Azure Files Connection String.
+Enter a value. Press Enter to leave empty.
+connection_string> 
+[snip]
+
+Configuration complete.
+Options:
+- type: azurefiles
+- account: account_name
+- share_name: share_name
+- key: base64encodedkey==
+Keep this "remote" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> 
+```
+
+Once configured you can use rclone.
+
+See all files in the top level:
+
+    rclone lsf remote:
+
+Make a new directory in the root:
+
+    rclone mkdir remote:dir
+
+Recursively List the contents:
+
+    rclone ls remote:
+
+Sync `/home/local/directory` to the remote directory, deleting any
+excess files in the directory.
+
+    rclone sync --interactive /home/local/directory remote:dir
+
+### Modified time
+
+The modified time is stored as Azure standard `LastModified` time on
+files
+
+### Performance
+
+When uploading large files, increasing the value of
+`--azurefiles-upload-concurrency` will increase performance at the cost
+of using more memory. The default of 16 is set quite conservatively to
+use less memory. It maybe be necessary raise it to 64 or higher to
+fully utilize a 1 GBit/s link with a single file transfer.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| "         | 0x22  | ＂          |
+| *         | 0x2A  | ＊          |
+| :         | 0x3A  | ：          |
+| <         | 0x3C  | ＜          |
+| >         | 0x3E  | ＞          |
+| ?         | 0x3F  | ？          |
+| \         | 0x5C  | ＼          |
+| \|        | 0x7C  | ｜          |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| .         | 0x2E  | ．          |
+
+Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
+as they can't be used in JSON strings.
+
+### Hashes
+
+MD5 hashes are stored with files. Not all files will have MD5 hashes
+as these have to be uploaded with the file.
+
+### Authentication {#authentication}
+
+There are a number of ways of supplying credentials for Azure Files
+Storage. Rclone tries them in the order of the sections below.
+
+#### Env Auth
+
+If the `env_auth` config parameter is `true` then rclone will pull
+credentials from the environment or runtime.
+
+It tries these authentication methods in this order:
+
+1. Environment Variables
+2. Managed Service Identity Credentials
+3. Azure CLI credentials (as used by the az tool)
+
+These are described in the following sections
+
+##### Env Auth: 1. Environment Variables
+
+If `env_auth` is set and environment variables are present rclone
+authenticates a service principal with a secret or certificate, or a
+user with a password, depending on which environment variable are set.
+It reads configuration from these variables, in the following order:
+
+1. Service principal with client secret
+    - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `AZURE_CLIENT_ID`: the service principal's client ID
+    - `AZURE_CLIENT_SECRET`: one of the service principal's client secrets
+2. Service principal with certificate
+    - `AZURE_TENANT_ID`: ID of the service principal's tenant. Also called its "directory" ID.
+    - `AZURE_CLIENT_ID`: the service principal's client ID
+    - `AZURE_CLIENT_CERTIFICATE_PATH`: path to a PEM or PKCS12 certificate file including the private key.
+    - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+    - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
+3. User with username and password
+    - `AZURE_TENANT_ID`: (optional) tenant to authenticate in. Defaults to "organizations".
+    - `AZURE_CLIENT_ID`: client ID of the application the user will authenticate to
+    - `AZURE_USERNAME`: a username (usually an email address)
+    - `AZURE_PASSWORD`: the user's password
+4. Workload Identity
+    - `AZURE_TENANT_ID`: Tenant to authenticate in.
+    - `AZURE_CLIENT_ID`: Client ID of the application the user will authenticate to.
+    - `AZURE_FEDERATED_TOKEN_FILE`: Path to projected service account token file.
+    - `AZURE_AUTHORITY_HOST`: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
+
+##### Env Auth: 2. Managed Service Identity Credentials
+
+When using Managed Service Identity if the VM(SS) on which this
+program is running has a system-assigned identity, it will be used by
+default. If the resource has no system-assigned but exactly one
+user-assigned identity, the user-assigned identity will be used by
+default.
+
+If the resource has multiple user-assigned identities you will need to
+unset `env_auth` and set `use_msi` instead. See the [`use_msi`
+section](#use_msi).
+
+##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
+
+Credentials created with the `az` tool can be picked up using `env_auth`.
+
+For example if you were to login with a service principal like this:
+
+    az login --service-principal -u XXX -p XXX --tenant XXX
+
+Then you could access rclone resources like this:
+
+    rclone lsf :azurefiles,env_auth,account=ACCOUNT:
+
+Or
+
+    rclone lsf --azurefiles-env-auth --azurefiles-account=ACCOUNT :azurefiles:
+
+#### Account and Shared Key
+
+This is the most straight forward and least flexible way.  Just fill
+in the `account` and `key` lines and leave the rest blank.
+
+#### SAS URL
+
+To use it leave `account`, `key` and `connection_string` blank and fill in `sas_url`.
+
+#### Connection String
+
+To use it leave `account`, `key` and "sas_url" blank and fill in `connection_string`.
+
+#### Service principal with client secret
+
+If these variables are set, rclone will authenticate with a service principal with a client secret.
+
+- `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+- `client_id`: the service principal's client ID
+- `client_secret`: one of the service principal's client secrets
+
+The credentials can also be placed in a file using the
+`service_principal_file` configuration option.
+
+#### Service principal with certificate
+
+If these variables are set, rclone will authenticate with a service principal with certificate.
+
+- `tenant`: ID of the service principal's tenant. Also called its "directory" ID.
+- `client_id`: the service principal's client ID
+- `client_certificate_path`: path to a PEM or PKCS12 certificate file including the private key.
+- `client_certificate_password`: (optional) password for the certificate file.
+- `client_send_certificate_chain`: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to "true" or "1", authentication requests include the x5c header.
+
+**NB** `client_certificate_password` must be obscured - see [rclone obscure](/commands/rclone_obscure/).
+
+#### User with username and password
+
+If these variables are set, rclone will authenticate with username and password.
+
+- `tenant`: (optional) tenant to authenticate in. Defaults to "organizations".
+- `client_id`: client ID of the application the user will authenticate to
+- `username`: a username (usually an email address)
+- `password`: the user's password
+
+Microsoft doesn't recommend this kind of authentication, because it's
+less secure than other authentication flows. This method is not
+interactive, so it isn't compatible with any form of multi-factor
+authentication, and the application must already have user or admin
+consent. This credential can only authenticate work and school
+accounts; it can't authenticate Microsoft accounts.
+
+**NB** `password` must be obscured - see [rclone obscure](/commands/rclone_obscure/).
+
+#### Managed Service Identity Credentials {#use_msi}
+
+If `use_msi` is set then managed service identity credentials are
+used. This authentication only works when running in an Azure service.
+`env_auth` needs to be unset to use this.
+
+However if you have multiple user identities to choose from these must
+be explicitly specified using exactly one of the `msi_object_id`,
+`msi_client_id`, or `msi_mi_res_id` parameters.
+
+If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
+set, this is is equivalent to using `env_auth`.
+
+{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/azurefiles/azurefiles.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to azurefiles (Microsoft Azure Files).
+
+#### --azurefiles-account
+
+Azure Storage Account Name.
+
+Set this to the Azure Storage Account Name in use.
+
+Leave blank to use SAS URL or connection string, otherwise it needs to be set.
+
+If this is blank and if env_auth is set it will be read from the
+environment variable `AZURE_STORAGE_ACCOUNT_NAME` if possible.
+
+
+Properties:
+
+- Config:      account
+- Env Var:     RCLONE_AZUREFILES_ACCOUNT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-share-name
+
+Azure Files Share Name.
+
+This is required and is the name of the share to access.
+
+
+Properties:
+
+- Config:      share_name
+- Env Var:     RCLONE_AZUREFILES_SHARE_NAME
+- Type:        string
+- Required:    false
+
+#### --azurefiles-env-auth
+
+Read credentials from runtime (environment variables, CLI or MSI).
+
+See the [authentication docs](/azurefiles#authentication) for full info.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_AZUREFILES_ENV_AUTH
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-key
+
+Storage Account Shared Key.
+
+Leave blank to use SAS URL or connection string.
+
+Properties:
+
+- Config:      key
+- Env Var:     RCLONE_AZUREFILES_KEY
+- Type:        string
+- Required:    false
+
+#### --azurefiles-sas-url
+
+SAS URL.
+
+Leave blank if using account/key or connection string.
+
+Properties:
+
+- Config:      sas_url
+- Env Var:     RCLONE_AZUREFILES_SAS_URL
+- Type:        string
+- Required:    false
+
+#### --azurefiles-connection-string
+
+Azure Files Connection String.
+
+Properties:
+
+- Config:      connection_string
+- Env Var:     RCLONE_AZUREFILES_CONNECTION_STRING
+- Type:        string
+- Required:    false
+
+#### --azurefiles-tenant
+
+ID of the service principal's tenant. Also called its directory ID.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      tenant
+- Env Var:     RCLONE_AZUREFILES_TENANT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-id
+
+The ID of the client in use.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_AZUREFILES_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-secret
+
+One of the service principal's client secrets
+
+Set this if using
+- Service principal with client secret
+
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-certificate-path
+
+Path to a PEM or PKCS12 certificate file including the private key.
+
+Set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_certificate_path
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PATH
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-certificate-password
+
+Password for the certificate file (optional).
+
+Optionally set this if using
+- Service principal with certificate
+
+And the certificate has a password.
+
+
+**NB** Input to this must be obscured - see [rclone obscure](/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      client_certificate_password
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PASSWORD
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to azurefiles (Microsoft Azure Files).
+
+#### --azurefiles-client-send-certificate-chain
+
+Send the certificate chain when using certificate auth.
+
+Specifies whether an authentication request will include an x5c header
+to support subject name / issuer based authentication. When set to
+true, authentication requests include the x5c header.
+
+Optionally set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_send_certificate_chain
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SEND_CERTIFICATE_CHAIN
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-username
+
+User name (usually an email address)
+
+Set this if using
+- User with username and password
+
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_AZUREFILES_USERNAME
+- Type:        string
+- Required:    false
+
+#### --azurefiles-password
+
+The user's password
+
+Set this if using
+- User with username and password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_AZUREFILES_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --azurefiles-service-principal-file
+
+Path to file containing credentials for use with a service principal.
+
+Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
+
+    $ az ad sp create-for-rbac --name "<name>" \
+      --role "Storage Files Data Owner" \
+      --scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
+      > azure-principal.json
+
+See ["Create an Azure service principal"](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and ["Assign an Azure role for access to files data"](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+**NB** this section needs updating for Azure Files - pull requests appreciated!
+
+It may be more convenient to put the credentials directly into the
+rclone config file under the `client_id`, `tenant` and `client_secret`
+keys instead of setting `service_principal_file`.
+
+
+Properties:
+
+- Config:      service_principal_file
+- Env Var:     RCLONE_AZUREFILES_SERVICE_PRINCIPAL_FILE
+- Type:        string
+- Required:    false
+
+#### --azurefiles-use-msi
+
+Use a managed service identity to authenticate (only works in Azure).
+
+When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+to authenticate to Azure Storage instead of a SAS token or account key.
+
+If the VM(SS) on which this program is running has a system-assigned identity, it will
+be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+the user-assigned identity will be used by default. If the resource has multiple user-assigned
+identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+msi_client_id, or msi_mi_res_id parameters.
+
+Properties:
+
+- Config:      use_msi
+- Env Var:     RCLONE_AZUREFILES_USE_MSI
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-msi-object-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_object_id
+- Env Var:     RCLONE_AZUREFILES_MSI_OBJECT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-msi-client-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_object_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_client_id
+- Env Var:     RCLONE_AZUREFILES_MSI_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-msi-mi-res-id
+
+Azure resource ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_object_id specified.
+
+Properties:
+
+- Config:      msi_mi_res_id
+- Env Var:     RCLONE_AZUREFILES_MSI_MI_RES_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-endpoint
+
+Endpoint for the service.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_AZUREFILES_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-chunk-size
+
+Upload chunk size.
+
+Note that this is stored in memory and there may be up to
+"--transfers" * "--azurefile-upload-concurrency" chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_AZUREFILES_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
+
+#### --azurefiles-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+If you are uploading small numbers of large files over high-speed
+links and these uploads do not fully utilize your bandwidth, then
+increasing this may help to speed up the transfers.
+
+Note that chunks are stored in memory and there may be up to
+"--transfers" * "--azurefile-upload-concurrency" chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_AZUREFILES_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     16
+
+#### --azurefiles-max-stream-size
+
+Max size for streamed files.
+
+Azure files needs to know in advance how big the file will be. When
+rclone doesn't know it uses this value instead.
+
+This will be used when rclone is streaming data, the most common uses are:
+
+- Uploading files with `--vfs-cache-mode off` with `rclone mount`
+- Using `rclone rcat`
+- Copying files with unknown length
+
+You will need this much free space in the share as the file will be this size temporarily.
+
+
+Properties:
+
+- Config:      max_stream_size
+- Env Var:     RCLONE_AZUREFILES_MAX_STREAM_SIZE
+- Type:        SizeSuffix
+- Default:     10Gi
+
+#### --azurefiles-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_AZUREFILES_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot
+
+{{< rem autogenerated options stop >}}
+
+### Custom upload headers
+
+You can set custom upload headers with the `--header-upload` flag. 
+
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+
+Eg `--header-upload "Content-Type: text/potato"`
+
+## Limitations
+
+MD5 sums are only uploaded with chunked files if the source has an MD5
+sum.  This will always be the case for a local to azure copy.
diff --git a/docs/content/b2.md b/docs/content/b2.md
index b5e5552b52304..7f822b42f109c 100644
--- a/docs/content/b2.md
+++ b/docs/content/b2.md
@@ -96,9 +96,9 @@ This remote supports `--fast-list` which allows you to use fewer
 transactions in exchange for more memory. See the [rclone
 docs](/docs/#fast-list) for more details.
 
-### Modified time
+### Modification times
 
-The modified time is stored as metadata on the object as
+The modification time is stored as metadata on the object as
 `X-Bz-Info-src_last_modified_millis` as milliseconds since 1970-01-01
 in the Backblaze standard.  Other tools should be able to use this as
 a modified time.
@@ -231,6 +231,19 @@ $ rclone -q --b2-versions ls b2:cleanup-test
         9 one.txt
 ```
 
+#### Versions naming caveat
+
+When using `--b2-versions` flag rclone is relying on the file name
+to work out whether the objects are versions or not. Versions' names
+are created by inserting timestamp between file name and its extension.
+```
+        9 file.txt
+        8 file-v2023-07-17-161032-000.txt
+       16 file-v2023-06-15-141003-000.txt
+```
+If there are real files present with the same names as versions, then
+behaviour of `--b2-versions` can be unpredictable.
+
 ### Data usage
 
 It is useful to know how many requests are sent to the server in different scenarios.
@@ -479,6 +492,24 @@ Properties:
 - Type:        SizeSuffix
 - Default:     96Mi
 
+#### --b2-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+Note that chunks are stored in memory and there may be up to
+"--transfers" * "--b2-upload-concurrency" chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_B2_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
+
 #### --b2-disable-checksum
 
 Disable checksums for large (> upload cutoff) files.
@@ -537,9 +568,7 @@ Properties:
 
 #### --b2-memory-pool-flush-time
 
-How often internal memory buffer pools will be flushed.
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.
+How often internal memory buffer pools will be flushed. (no longer used)
 
 Properties:
 
@@ -550,7 +579,7 @@ Properties:
 
 #### --b2-memory-pool-use-mmap
 
-Whether to use mmap buffers in internal memory pool.
+Whether to use mmap buffers in internal memory pool. (no longer used)
 
 Properties:
 
@@ -559,6 +588,37 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --b2-lifecycle
+
+Set the number of days deleted files should be kept when creating a bucket.
+
+On bucket creation, this parameter is used to create a lifecycle rule
+for the entire bucket.
+
+If lifecycle is 0 (the default) it does not create a lifecycle rule so
+the default B2 behaviour applies. This is to create versions of files
+on delete and overwrite and to keep them indefinitely.
+
+If lifecycle is >0 then it creates a single rule setting the number of
+days before a file that is deleted or overwritten is deleted
+permanently. This is known as daysFromHidingToDeleting in the b2 docs.
+
+The minimum value for this parameter is 1 day.
+
+You can also enable hard_delete in the config also which will mean
+deletions won't cause versions but overwrites will still cause
+versions to be made.
+
+See: [rclone backend lifecycle](#lifecycle) for setting lifecycles after bucket creation.
+
+
+Properties:
+
+- Config:      lifecycle
+- Env Var:     RCLONE_B2_LIFECYCLE
+- Type:        int
+- Default:     0
+
 #### --b2-encoding
 
 The encoding for the backend.
@@ -569,9 +629,76 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_B2_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
+## Backend commands
+
+Here are the commands specific to the b2 backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](/rc/#backend-command).
+
+### lifecycle
+
+Read or set the lifecycle for a bucket
+
+    rclone backend lifecycle remote: [options] [<arguments>+]
+
+This command can be used to read or set the lifecycle for a bucket.
+
+Usage Examples:
+
+To show the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket
+
+This will dump something like this showing the lifecycle rules.
+
+    [
+        {
+            "daysFromHidingToDeleting": 1,
+            "daysFromUploadingToHiding": null,
+            "fileNamePrefix": ""
+        }
+    ]
+
+If there are no lifecycle rules (the default) then it will just return [].
+
+To reset the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=30
+    rclone backend lifecycle b2:bucket -o daysFromUploadingToHiding=5 -o daysFromHidingToDeleting=1
+
+This will run and then print the new lifecycle rules as above.
+
+Rclone only lets you set lifecycles for the whole bucket with the
+fileNamePrefix = "".
+
+You can't disable versioning with B2. The best you can do is to set
+the daysFromHidingToDeleting to 1 day. You can enable hard_delete in
+the config also which will mean deletions won't cause versions but
+overwrites will still cause versions to be made.
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=1
+
+See: https://www.backblaze.com/docs/cloud-storage-lifecycle-rules
+
+
+Options:
+
+- "daysFromHidingToDeleting": After a file has been hidden for this many days it is deleted. 0 is off.
+- "daysFromUploadingToHiding": This many days after uploading a file is hidden
+
 {{< rem autogenerated options stop >}}
 
 ## Limitations
diff --git a/docs/content/bisync.md b/docs/content/bisync.md
index df88cf87eca58..be03f8cb83757 100644
--- a/docs/content/bisync.md
+++ b/docs/content/bisync.md
@@ -91,10 +91,16 @@ Optional Flags:
                                 If exceeded, the bisync run will abort. (default: 50%)
       --force                   Bypass `--max-delete` safety check and run the sync.
                                 Consider using with `--verbose`
+      --create-empty-src-dirs   Sync creation and deletion of empty directories. 
+                                  (Not compatible with --remove-empty-dirs)
       --remove-empty-dirs       Remove empty directories at the final cleanup step.
   -1, --resync                  Performs the resync run.
                                 Warning: Path1 files may overwrite Path2 versions.
                                 Consider using `--verbose` or `--dry-run` first.
+      --ignore-listing-checksum Do not use checksums for listings 
+                                  (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --resilient               Allow future runs to retry after certain less-serious errors, 
+                                  instead of requiring --resync. Use at your own risk!
       --localtime               Use local time in listings (default: UTC)
       --no-cleanup              Retain working files (useful for troubleshooting and testing).
       --workdir PATH            Use custom working directory (useful for testing).
@@ -121,7 +127,7 @@ Cloud references are distinguished by having a `:` in the argument
 (see [Windows support](#windows) below).
 
 Path1 and Path2 are treated equally, in that neither has priority for
-file changes, and access efficiency does not change whether a remote
+file changes (except during [`--resync`](#resync)), and access efficiency does not change whether a remote
 is on Path1 or Path2.
 
 The listings in bisync working directory (default: `~/.cache/rclone/bisync`)
@@ -130,8 +136,8 @@ to individual directories within the tree may be set up, e.g.:
 `path_to_local_tree..dropbox_subdir.lst`.
 
 Any empty directories after the sync on both the Path1 and Path2
-filesystems are not deleted by default. If the `--remove-empty-dirs`
-flag is specified, then both paths will have any empty directories purged
+filesystems are not deleted by default, unless `--create-empty-src-dirs` is specified. 
+If the `--remove-empty-dirs` flag is specified, then both paths will have ALL empty directories purged
 as the last step in the process.
 
 ## Command-line flags
@@ -140,15 +146,31 @@ as the last step in the process.
 
 This will effectively make both Path1 and Path2 filesystems contain a
 matching superset of all files. Path2 files that do not exist in Path1 will
-be copied to Path1, and the process will then sync the Path1 tree to Path2.
+be copied to Path1, and the process will then copy the Path1 tree to Path2.
 
-The base directories on the both Path1 and Path2 filesystems must exist
+The `--resync` sequence is roughly equivalent to:
+```
+rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2
+```
+Or, if using `--create-empty-src-dirs`:
+```
+rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2 --create-empty-src-dirs
+rclone copy Path2 Path1 --create-empty-src-dirs
+```
+
+The base directories on both Path1 and Path2 filesystems must exist
 or bisync will fail. This is required for safety - that bisync can verify
 that both paths are valid.
 
-When using `--resync`, a newer version of a file either on Path1 or Path2
-filesystem, will overwrite the file on the other path (only the last version
-will be kept). Carefully evaluate deltas using [--dry-run](/flags/#non-backend-flags).
+When using `--resync`, a newer version of a file on the Path2 filesystem
+will be overwritten by the Path1 filesystem version. 
+(Note that this is [NOT entirely symmetrical](https://github.com/rclone/rclone/issues/5681#issuecomment-938761815).)
+Carefully evaluate deltas using [--dry-run](/flags/#non-backend-flags).
+
+[//]: # (I reverted a recent change in the above paragraph, as it was incorrect.
+https://github.com/rclone/rclone/commit/dd72aff98a46c6e20848ac7ae5f7b19d45802493 )
 
 For a resync run, one of the paths may be empty (no files in the path tree).
 The resync run should result in files on both paths, else a normal non-resync
@@ -165,13 +187,23 @@ Access check files are an additional safety measure against data loss.
 bisync will ensure it can find matching `RCLONE_TEST` files in the same places
 in the Path1 and Path2 filesystems.
 `RCLONE_TEST` files are not generated automatically.
-For `--check-access`to succeed, you must first either:
-**A)** Place one or more `RCLONE_TEST` files in the Path1 or Path2 filesystem
-and then do either a run without `--check-access` or a [--resync](#resync) to
-set matching files on both filesystems, or
+For `--check-access` to succeed, you must first either:
+**A)** Place one or more `RCLONE_TEST` files in both systems, or
 **B)** Set `--check-filename` to a filename already in use in various locations
-throughout your sync'd fileset.
-Time stamps and file contents are not important, just the names and locations.
+throughout your sync'd fileset. Recommended methods for **A)** include:
+* `rclone touch Path1/RCLONE_TEST` (create a new file)
+* `rclone copyto Path1/RCLONE_TEST Path2/RCLONE_TEST` (copy an existing file)
+* `rclone copy Path1/RCLONE_TEST Path2/RCLONE_TEST  --include "RCLONE_TEST"` (copy multiple files at once, recursively)
+* create the files manually (outside of rclone)
+* run `bisync` once *without* `--check-access` to set matching files on both filesystems
+will also work, but is not preferred, due to potential for user error 
+(you are temporarily disabling the safety feature).
+
+Note that `--check-access` is still enforced on `--resync`, so `bisync --resync --check-access` 
+will not work as a method of initially setting the files (this is to ensure that bisync can't 
+[inadvertently circumvent its own safety switch](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should).)
+
+Time stamps and file contents for `RCLONE_TEST` files are not important, just the names and locations.
 If you have symbolic links in your sync tree it is recommended to place
 `RCLONE_TEST` files in the linked-to directory tree to protect against
 bisync assuming a bunch of deleted files if the linked-to tree should not be
@@ -198,7 +230,7 @@ files and a bunch of new files.
 This safety check is intended to block bisync from deleting all of the
 files on both filesystems due to a temporary network access issue, or if
 the user had inadvertently deleted the files on one side or the other.
-To force the sync either set a different delete percentage limit,
+To force the sync, either set a different delete percentage limit,
 e.g. `--max-delete 75` (allows up to 75% deletion), or use `--force`
 to bypass the check.
 
@@ -215,17 +247,17 @@ An [example filters file](#example-filters-file) contains filters for
 non-allowed files for synching with Dropbox.
 
 If you make changes to your filters file then bisync requires a run
-with `--resync`. This is a safety feature, which avoids existing files
+with `--resync`. This is a safety feature, which prevents existing files
 on the Path1 and/or Path2 side from seeming to disappear from view
 (since they are excluded in the new listings), which would fool bisync
 into seeing them as deleted (as compared to the prior run listings),
 and then bisync would proceed to delete them for real.
 
-To block this from happening bisync calculates an MD5 hash of the filters file
+To block this from happening, bisync calculates an MD5 hash of the filters file
 and stores the hash in a `.md5` file in the same place as your filters file.
-On the next runs with `--filters-file` set, bisync re-calculates the MD5 hash
-of the current filters file and compares it to the hash stored in `.md5` file.
-If they don't match the run aborts with a critical error and thus forces you
+On the next run with `--filters-file` set, bisync re-calculates the MD5 hash
+of the current filters file and compares it to the hash stored in the `.md5` file.
+If they don't match, the run aborts with a critical error and thus forces you
 to do a `--resync`, likely avoiding a disaster.
 
 #### --check-sync
@@ -245,6 +277,60 @@ sync run times for very large numbers of files.
 The check may be run manually with `--check-sync=only`. It runs only the
 integrity check and terminates without actually synching.
 
+See also: [Concurrent modifications](#concurrent-modifications)
+
+
+#### --ignore-listing-checksum
+
+By default, bisync will retrieve (or generate) checksums (for backends that support them) 
+when creating the listings for both paths, and store the checksums in the listing files. 
+`--ignore-listing-checksum` will disable this behavior, which may speed things up considerably, 
+especially on backends (such as [local](/local/)) where hashes must be computed on the fly instead of retrieved. 
+Please note the following:
+
+* While checksums are (by default) generated and stored in the listing files, 
+they are NOT currently used for determining diffs (deltas). 
+It is anticipated that full checksum support will be added in a future version.
+* `--ignore-listing-checksum` is NOT the same as [`--ignore-checksum`](/docs/#ignore-checksum), 
+and you may wish to use one or the other, or both. In a nutshell: 
+`--ignore-listing-checksum` controls whether checksums are considered when scanning for diffs, 
+while `--ignore-checksum` controls whether checksums are considered during the copy/sync operations that follow, 
+if there ARE diffs.
+* Unless `--ignore-listing-checksum` is passed, bisync currently computes hashes for one path 
+*even when there's no common hash with the other path* 
+(for example, a [crypt](/crypt/#modification-times-and-hashes) remote.)
+* If both paths support checksums and have a common hash, 
+AND `--ignore-listing-checksum` was not specified when creating the listings, 
+`--check-sync=only` can be used to compare Path1 vs. Path2 checksums (as of the time the previous listings were created.) 
+However, `--check-sync=only` will NOT include checksums if the previous listings 
+were generated on a run using `--ignore-listing-checksum`. For a more robust integrity check of the current state, 
+consider using [`check`](commands/rclone_check/) 
+(or [`cryptcheck`](/commands/rclone_cryptcheck/), if at least one path is a `crypt` remote.)
+
+#### --resilient
+
+***Caution: this is an experimental feature. Use at your own risk!***
+
+By default, most errors or interruptions will cause bisync to abort and 
+require [`--resync`](#resync) to recover. This is a safety feature, 
+to prevent bisync from running again until a user checks things out. 
+However, in some cases, bisync can go too far and enforce a lockout when one isn't actually necessary, 
+like for certain less-serious errors that might resolve themselves on the next run. 
+When `--resilient` is specified, bisync tries its best to recover and self-correct, 
+and only requires `--resync` as a last resort when a human's involvement is absolutely necessary. 
+The intended use case is for running bisync as a background process (such as via scheduled [cron](#cron)).
+
+When using `--resilient` mode, bisync will still report the error and abort, 
+however it will not lock out future runs -- allowing the possibility of retrying at the next normally scheduled time, 
+without requiring a `--resync` first. Examples of such retryable errors include 
+access test failures, missing listing files, and filter change detections. 
+These safety features will still prevent the *current* run from proceeding -- 
+the difference is that if conditions have improved by the time of the *next* run, 
+that next run will be allowed to proceed. 
+Certain more serious errors will still enforce a `--resync` lockout, even in `--resilient` mode, to prevent data loss.
+
+Behavior of `--resilient` may change in a future version.
+
 ## Operation
 
 ### Runtime flow details
@@ -288,15 +374,26 @@ Path1 deleted | File no longer exists on Path1                | File is deleted
 
  Type                           | Description                           | Result                             | Implementation
 --------------------------------|---------------------------------------|------------------------------------|-----------------------
-Path1 new AND Path2 new         | File is new on Path1 AND new on Path2 | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
-Path2 newer AND Path1 changed   | File is newer on Path2 AND also changed (newer/older/size) on Path1 | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
+Path1 new/changed AND Path2 new/changed AND Path1 == Path2       | File is new/changed on Path1 AND new/changed on Path2 AND Path1 version is currently identical to Path2 | No change | None
+Path1 new AND Path2 new         | File is new on Path1 AND new on Path2 (and Path1 version is NOT identical to Path2) | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
+Path2 newer AND Path1 changed   | File is newer on Path2 AND also changed (newer/older/size) on Path1 (and Path1 version is NOT identical to Path2) | Files renamed to _Path1 and _Path2 | `rclone copy` _Path2 file to Path1, `rclone copy` _Path1 file to Path2
 Path2 newer AND Path1 deleted   | File is newer on Path2 AND also deleted on Path1 | Path2 version survives  | `rclone copy` Path2 to Path1
 Path2 deleted AND Path1 changed | File is deleted on Path2 AND changed (newer/older/size) on Path1 | Path1 version survives |`rclone copy` Path1 to Path2
 Path1 deleted AND Path2 changed | File is deleted on Path1 AND changed (newer/older/size) on Path2 | Path2 version survives  | `rclone copy` Path2 to Path1
 
+As of `rclone v1.64`, bisync is now better at detecting *false positive* sync conflicts, 
+which would previously have resulted in unnecessary renames and duplicates. 
+Now, when bisync comes to a file that it wants to rename (because it is new/changed on both sides), 
+it first checks whether the Path1 and Path2 versions are currently *identical* 
+(using the same underlying function as [`check`](commands/rclone_check/).) 
+If bisync concludes that the files are identical, it will skip them and move on. 
+Otherwise, it will create renamed `..Path1` and `..Path2` duplicates, as before. 
+This behavior also [improves the experience of renaming directories](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=Renamed%20directories), 
+as a `--resync` is no longer required, so long as the same change has been made on both sides.
+
 ### All files changed check {#all-files-changed}
 
-if _all_ prior existing files on either of the filesystems have changed
+If _all_ prior existing files on either of the filesystems have changed
 (e.g. timestamps have changed due to changing the system's timezone)
 then bisync will abort without making any changes.
 Any new files are not considered for this check. You could use `--force`
@@ -305,7 +402,7 @@ Alternately, a `--resync` may be used (Path1 versions will be pushed
 to Path2). Consider the situation carefully and perhaps use `--dry-run`
 before you commit to the changes.
 
-### Modification time
+### Modification times
 
 Bisync relies on file timestamps to identify changed files and will
 _refuse_ to operate if backend lacks the modification time support.
@@ -333,7 +430,7 @@ It is recommended to use `--resync --dry-run --verbose` initially and
 _carefully_ review what changes will be made before running the `--resync`
 without `--dry-run`.
 
-Most of these events come up due to a error status from an internal call.
+Most of these events come up due to an error status from an internal call.
 On such a critical error the `{...}.path1.lst` and `{...}.path2.lst`
 listing files are renamed to extension `.lst-err`, which blocks any future
 bisync runs (since the normal `.lst` files are not found).
@@ -343,6 +440,8 @@ typically at `${HOME}/.cache/rclone/bisync/` on Linux.
 Some errors are considered temporary and re-running the bisync is not blocked.
 The _critical return_ blocks further bisync runs.
 
+See also: [`--resilient`](#resilient)
+
 ### Lock file
 
 When bisync is running, a lock file is created in the bisync working directory,
@@ -383,7 +482,7 @@ It has not been fully tested with other services yet.
 If it works, or sorta works, please let us know and we'll update the list.
 Run the test suite to check for proper operation as described below.
 
-First release of `rclone bisync` requires that underlying backend supported
+First release of `rclone bisync` requires that underlying backend supports
 the modification time feature and will refuse to run otherwise.
 This limitation will be lifted in a future `rclone bisync` release.
 
@@ -398,38 +497,97 @@ This will be solved in a future release, there is no workaround at the moment.
 Files that **change during** a bisync run may result in data loss.
 This has been seen in a highly dynamic environment, where the filesystem
 is getting hammered by running processes during the sync.
-The solution is to sync at quiet times or [filter out](#filtering)
+The currently recommended solution is to sync at quiet times or [filter out](#filtering)
 unnecessary directories and files.
 
-### Empty directories
+As an [alternative approach](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=scans%2C%20to%20avoid-,errors%20if%20files%20changed%20during%20sync,-Given%20the%20number), 
+consider using `--check-sync=false` (and possibly `--resilient`) to make bisync more forgiving
+of filesystems that change during the sync. 
+Be advised that this may cause bisync to miss events that occur during a bisync run, 
+so it is a good idea to supplement this with a periodic independent integrity check, 
+and corrective sync if diffs are found. For example, a possible sequence could look like this:
+
+1. Normally scheduled bisync run:
+
+```
+rclone bisync Path1 Path2 -MPc --check-access --max-delete 10 --filters-file /path/to/filters.txt -v --check-sync=false --no-cleanup --ignore-listing-checksum --disable ListR --checkers=16 --drive-pacer-min-sleep=10ms --create-empty-src-dirs --resilient
+```
+
+2. Periodic independent integrity check (perhaps scheduled nightly or weekly):
+
+```
+rclone check -MvPc Path1 Path2 --filter-from /path/to/filters.txt
+```
 
-New empty directories on one path are _not_ propagated to the other side.
-This is because bisync (and rclone) natively works on files not directories.
-The following sequence is a workaround but will not propagate the delete
-of an empty directory to the other side:
+3. If diffs are found, you have some choices to correct them. 
+If one side is more up-to-date and you want to make the other side match it, you could run:
 
 ```
-rclone bisync PATH1 PATH2
-rclone copy PATH1 PATH2 --filter "+ */" --filter "- **" --create-empty-src-dirs
-rclone copy PATH2 PATH2 --filter "+ */" --filter "- **" --create-empty-src-dirs
+rclone sync Path1 Path2 --filter-from /path/to/filters.txt --create-empty-src-dirs -MPc -v  
 ```
+(or switch Path1 and Path2 to make Path2 the source-of-truth)
+
+Or, if neither side is totally up-to-date, you could run a `--resync` to bring them back into agreement 
+(but remember that this could cause deleted files to re-appear.)
+
+*Note also that `rclone check` does not currently include empty directories, 
+so if you want to know if any empty directories are out of sync, 
+consider alternatively running the above `rclone sync` command with `--dry-run` added.
+
+### Empty directories
+
+By default, new/deleted empty directories on one path are _not_ propagated to the other side.
+This is because bisync (and rclone) natively works on files, not directories.
+However, this can be changed with the `--create-empty-src-dirs` flag, which works in
+much the same way as in [`sync`](/commands/rclone_sync/) and [`copy`](/commands/rclone_copy/).
+When used, empty directories created or deleted on one side will also be created or deleted on the other side.
+The following should be noted:
+* `--create-empty-src-dirs` is not compatible with `--remove-empty-dirs`. Use only one or the other (or neither).
+* It is not recommended to switch back and forth between `--create-empty-src-dirs` 
+and the default (no `--create-empty-src-dirs`) without running `--resync`. 
+This is because it may appear as though all directories (not just the empty ones) were created/deleted,
+when actually you've just toggled between making them visible/invisible to bisync. 
+It looks scarier than it is, but it's still probably best to stick to one or the other, 
+and use `--resync` when you need to switch.
 
 ### Renamed directories
 
-Renaming a folder on the Path1 side results is deleting all files on
+Renaming a folder on the Path1 side results in deleting all files on
 the Path2 side and then copying all files again from Path1 to Path2.
 Bisync sees this as all files in the old directory name as deleted and all
-files in the new directory name as new. Similarly, renaming a directory on
-both sides to the same name will result in creating `..path1` and `..path2`
-files on both sides.
-Currently the most effective and efficient method of renaming a directory
-is to rename it on both sides, then do a `--resync`.
+files in the new directory name as new. 
+Currently, the most effective and efficient method of renaming a directory
+is to rename it to the same name on both sides. (As of `rclone v1.64`, 
+a `--resync` is no longer required after doing so, as bisync will automatically
+detect that Path1 and Path2 are in agreement.)
+
+### `--fast-list` used by default
+
+Unlike most other rclone commands, bisync uses [`--fast-list`](/docs/#fast-list) by default, 
+for backends that support it. In many cases this is desirable, however, 
+there are some scenarios in which bisync could be faster *without* `--fast-list`, 
+and there is also a [known issue concerning Google Drive users with many empty directories](https://github.com/rclone/rclone/commit/cbf3d4356135814921382dd3285d859d15d0aa77). 
+For now, the recommended way to avoid using `--fast-list` is to add `--disable ListR` 
+to all bisync commands. The default behavior may change in a future version.
+
+### Overridden Configs
+
+When rclone detects an overridden config, it adds a suffix like `{ABCDE}` on the fly 
+to the internal name of the remote. Bisync follows suit by including this suffix in its listing filenames. 
+However, this suffix does not necessarily persist from run to run, especially if different flags are provided. 
+So if next time the suffix assigned is `{FGHIJ}`, bisync will get confused, 
+because it's looking for a listing file with `{FGHIJ}`, when the file it wants has `{ABCDE}`. 
+As a result, it throws 
+`Bisync critical error: cannot find prior Path1 or Path2 listings, likely due to critical error on prior run` 
+and refuses to run again until the user runs a `--resync` (unless using `--resilient`). 
+The best workaround at the moment is to set any backend-specific flags in the [config file](/commands/rclone_config/) 
+instead of specifying them with command flags. (You can still override them as needed for other rclone commands.)
 
 ### Case sensitivity
 
 Synching with **case-insensitive** filesystems, such as Windows or `Box`,
 can result in file name conflicts. This will be fixed in a future release.
-The near term workaround is to make sure that files on both sides
+The near-term workaround is to make sure that files on both sides
 don't have spelling case differences (`Smile.jpg` vs. `smile.jpg`).
 
 ## Windows support {#windows}
@@ -492,7 +650,7 @@ below.
     - Excluding such dirs first will make rclone operations (much) faster.
     - Specific files may also be excluded, as with the Dropbox exclusions
       example below.
-2. Decide if its easier (or cleaner) to:
+2. Decide if it's easier (or cleaner) to:
     - Include select directories and therefore _exclude everything else_ -- or --
     - Exclude select directories and therefore _include everything else_
 3. Include select directories:
@@ -511,7 +669,7 @@ below.
       For example: `-/Desktop/tempfiles/`, or `- /testdir/`.
       Again, a `**` on the end is not necessary.
     - Do _not_ add a `- **` in the file. Without this line, everything
-      will be included that has not be explicitly excluded.
+      will be included that has not been explicitly excluded.
     - Disregard step 3.
 
 A few rules for the syntax of a filter file expanding on
@@ -596,7 +754,7 @@ quashed by adding `--quiet` to the bisync command line.
 # NOTICE: If you make changes to this file you MUST do a --resync run.
 #         Run with --dry-run to see what changes will be made.
 
-# Dropbox wont sync some files so filter them away here.
+# Dropbox won't sync some files so filter them away here.
 # See https://help.dropbox.com/installs-integrations/sync-uploads/files-not-syncing
 - .dropbox.attr
 - ~*.tmp
@@ -655,7 +813,7 @@ The second has no deltas between local and remote.
 The `--dry-run` messages may indicate that it would try to delete some files.
 For example, if a file is new on Path2 and does not exist on Path1 then
 it would normally be copied to Path1, but with `--dry-run` enabled those
-copies don't happen, which leads to the attempted delete on the Path2,
+copies don't happen, which leads to the attempted delete on Path2,
 blocked again by --dry-run: `... Not deleting as --dry-run`.
 
 This whole confusing situation is an artifact of the `--dry-run` flag.
@@ -664,14 +822,14 @@ copied to Path1 then the threatened deletes on Path2 may be disregarded.
 
 ### Retries
 
-Rclone has built in retries. If you run with `--verbose` you'll see
+Rclone has built-in retries. If you run with `--verbose` you'll see
 error and retry messages such as shown below. This is usually not a bug.
-If at the end of the run you see `Bisync successful` and not
+If at the end of the run, you see `Bisync successful` and not
 `Bisync critical error` or `Bisync aborted` then the run was successful,
 and you can ignore the error messages.
 
 The following run shows an intermittent fail. Lines _5_ and _6- are
-low level messages. Line _6_ is a bubbled-up _warning_ message, conveying
+low-level messages. Line _6_ is a bubbled-up _warning_ message, conveying
 the error. Rclone normally retries failing commands, so there may be
 numerous such messages in the log.
 
@@ -751,7 +909,7 @@ and an OwnCloud server, with output logged to a runlog file:
   */5  *    *    *    *   /path/to/rclone bisync /local/files MyCloud: --check-access --filters-file /path/to/bysync-filters.txt --log-file /path/to//bisync.log
 ```
 
-See [crontab syntax](https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES)).
+See [crontab syntax](https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES)
 for the details of crontab time interval expressions.
 
 If you run `rclone bisync` as a cron job, redirect stdout/stderr to a file.
@@ -943,7 +1101,7 @@ test command flags can be equally prefixed by a single `-` or double dash.
   synched tree even if there are check file mismatches in the test tree.
 - Some Dropbox tests can fail, notably printing the following message:
   `src and dst identical but can't set mod time without deleting and re-uploading`
-  This is expected and happens due a way Dropbox handles modification times.
+  This is expected and happens due to the way Dropbox handles modification times.
   You should use the `-refresh-times` test flag to make up for this.
 - If Dropbox tests hit request limit for you and print error message
   `too_many_requests/...: Too many requests or write operations.`
@@ -1008,7 +1166,7 @@ Your normal workflow might be as follows:
   Delete a single file.
 - `delete-glob <dir> <pattern>`
   Delete a group of files located one level deep in the given directory
-  with names maching a given glob pattern.
+  with names matching a given glob pattern.
 - `touch-glob YYYY-MM-DD <dir> <pattern>`
   Change modification time on a group of files.
 - `touch-copy YYYY-MM-DD <source-file> <dest-dir>`
@@ -1096,9 +1254,28 @@ with [@cjnaz](https://github.com/cjnaz)'s full support and encouragement.
 
 Bisync adopts the differential synchronization technique, which is
 based on keeping history of changes performed by both synchronizing sides.
-See the _Dual Shadow Method_ section in the
+See the _Dual Shadow Method_ section in
 [Neil Fraser's article](https://neil.fraser.name/writing/sync/).
 
 Also note a number of academic publications by
 [Benjamin Pierce](http://www.cis.upenn.edu/%7Ebcpierce/papers/index.shtml#File%20Synchronization)
 about _Unison_ and synchronization in general.
+
+## Changelog
+
+### `v1.64`
+* Fixed an [issue](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Dry%20runs%20are%20not%20completely%20dry) 
+causing dry runs to inadvertently commit filter changes
+* Fixed an [issue](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20%2D%2Dresync%20deletes%20data%2C%20contrary%20to%20docs) 
+causing `--resync` to erroneously delete empty folders and duplicate files unique to Path2
+* `--check-access` is now enforced during `--resync`, preventing data loss in [certain user error scenarios](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should)
+* Fixed an [issue](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=5.%20Bisync%20reads%20files%20in%20excluded%20directories%20during%20delete%20operations) 
+causing bisync to consider more files than necessary due to overbroad filters during delete operations
+* [Improved detection of false positive change conflicts](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Identical%20files%20should%20be%20left%20alone%2C%20even%20if%20new/newer/changed%20on%20both%20sides) 
+(identical files are now left alone instead of renamed)
+* Added [support for `--create-empty-src-dirs`](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20Bisync%20should%20create/delete%20empty%20directories%20as%20sync%20does%2C%20when%20%2D%2Dcreate%2Dempty%2Dsrc%2Ddirs%20is%20passed)
+* Added experimental `--resilient` mode to allow [recovery from self-correctable errors](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20Bisync%20should%20be%20more%20resilient%20to%20self%2Dcorrectable%20errors)
+* Added [new `--ignore-listing-checksum` flag](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20%2D%2Dignore%2Dchecksum%20should%20be%20split%20into%20two%20flags%20for%20separate%20purposes) 
+to distinguish from `--ignore-checksum`
+* [Performance improvements](https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20Deletes%20take%20several%20times%20longer%20than%20copies) for large remotes
+* Documentation and testing improvements
\ No newline at end of file
diff --git a/docs/content/box.md b/docs/content/box.md
index 61634f8c9cbcc..9e35c5c4fb126 100644
--- a/docs/content/box.md
+++ b/docs/content/box.md
@@ -199,7 +199,7 @@ d) Delete this remote
 y/e/d> y
 ```
 
-### Modified time and hashes
+### Modification times and hashes
 
 Box allows modification times to be set on objects accurate to 1
 second.  These will be used to detect whether objects need syncing or
@@ -438,6 +438,28 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --box-impersonate
+
+Impersonate this user ID when using a service account.
+
+Setting this flag allows rclone, when using a JWT service account, to
+act on behalf of another user by setting the as-user header.
+
+The user ID is the Box identifier for a user. User IDs can found for
+any user via the GET /users endpoint, which is only available to
+admins, or by calling the GET /users/me endpoint with an authenticated
+user session.
+
+See: https://developer.box.com/guides/authentication/jwt/as-user/
+
+
+Properties:
+
+- Config:      impersonate
+- Env Var:     RCLONE_BOX_IMPERSONATE
+- Type:        string
+- Required:    false
+
 #### --box-encoding
 
 The encoding for the backend.
@@ -448,7 +470,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_BOX_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
@@ -473,3 +495,27 @@ remote.
 
 See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
 
+## Get your own Box App ID
+
+Here is how to create your own Box App ID for rclone:
+
+1. Go to the [Box Developer Console](https://app.box.com/developers/console)
+and login, then click `My Apps` on the sidebar. Click `Create New App`
+and select `Custom App`.
+
+2. In the first screen on the box that pops up, you can pretty much enter
+whatever you want. The `App Name` can be whatever. For `Purpose` choose
+automation to avoid having to fill out anything else. Click `Next`.
+
+3. In the second screen of the creation screen, select
+`User Authentication (OAuth 2.0)`. Then click `Create App`.
+
+4. You should now be on the `Configuration` tab of your new app. If not,
+click on it at the top of the webpage. Copy down `Client ID`
+and `Client Secret`, you'll need those for rclone.
+
+5. Under "OAuth 2.0 Redirect URI", add `http://127.0.0.1:53682/`
+
+6. For `Application Scopes`, select `Read all files and folders stored in Box`
+and `Write all files and folders stored in box` (assuming you want to do both).
+Leave others unchecked. Click `Save Changes` at the top right.
diff --git a/docs/content/changelog.md b/docs/content/changelog.md
index 7adb6066a2ba5..17387e5b0d1b3 100644
--- a/docs/content/changelog.md
+++ b/docs/content/changelog.md
@@ -5,6 +5,489 @@ description: "Rclone Changelog"
 
 # Changelog
 
+## v1.65.0 - 2023-11-26
+
+[See commits](https://github.com/rclone/rclone/compare/v1.64.0...v1.65.0)
+
+* New backends
+    * Azure Files (karan, moongdal, Nick Craig-Wood)
+    * ImageKit (Abhinav Dhiman)
+    * Linkbox (viktor, Nick Craig-Wood)
+* New commands
+    * `serve s3`: Let rclone act as an S3 compatible server (Mikubill, Artur Neumann, Saw-jan, Nick Craig-Wood)
+    * `nfsmount`: mount command to provide mount mechanism on macOS without FUSE (Saleh Dindar)
+    * `serve nfs`: to serve a remote for use by `nfsmount` (Saleh Dindar)
+* New Features
+    * install.sh: Clean up temp files in install script (Jacob Hands)
+    * build
+        * Update all dependencies (Nick Craig-Wood)
+        * Refactor version info and icon resource handling on windows (albertony)
+    * doc updates (albertony, alfish2000, asdffdsazqqq, Dimitri Papadopoulos, Herby Gillot, Joda Stößer, Manoj Ghosh, Nick Craig-Wood)
+    * Implement `--metadata-mapper` to transform metatadata with a user supplied program (Nick Craig-Wood)
+    * Add `ChunkWriterDoesntSeek` feature flag and set it for b2 (Nick Craig-Wood)
+    * lib/http: Export basic go string functions for use in `--template` (Gabriel Espinoza)
+    * makefile: Use POSIX compatible install arguments (Mina Galić)
+    * operations
+        * Use less memory when doing multithread uploads (Nick Craig-Wood)
+        * Implement `--partial-suffix` to control extension of temporary file names (Volodymyr)
+    * rc
+        * Add `operations/check` to the rc API (Nick Craig-Wood)
+        * Always report an error as JSON (Nick Craig-Wood)
+        * Set `Last-Modified` header for files served by `--rc-serve` (Nikita Shoshin)
+    * size: Dont show duplicate object count when less than 1k (albertony)
+* Bug Fixes
+    * fshttp: Fix `--contimeout` being ignored (你知道未来吗)
+    * march: Fix excessive parallelism when using `--no-traverse` (Nick Craig-Wood)
+    * ncdu: Fix crash when re-entering changed directory after rescan (Nick Craig-Wood)
+    * operations
+        * Fix overwrite of destination when multi-thread transfer fails (Nick Craig-Wood)
+        * Fix invalid UTF-8 when truncating file names when not using `--inplace` (Nick Craig-Wood)
+    * serve dnla: Fix crash on graceful exit (wuxingzhong)
+* Mount
+    * Disable mount for freebsd and alias cmount as mount on that platform (Nick Craig-Wood)
+* VFS
+    * Add `--vfs-refresh` flag to read all the directories on start (Beyond Meat)
+    * Implement Name() method in WriteFileHandle and ReadFileHandle (Saleh Dindar)
+    * Add go-billy dependency and make sure vfs.Handle implements billy.File (Saleh Dindar)
+    * Error out early if can't upload 0 length file (Nick Craig-Wood)
+* Local
+    * Fix copying from Windows Volume Shadows (Nick Craig-Wood)
+* Azure Blob
+    * Add support for cold tier (Ivan Yanitra)
+* B2
+    * Implement "rclone backend lifecycle" to read and set bucket lifecycles (Nick Craig-Wood)
+    * Implement `--b2-lifecycle` to control lifecycle when creating buckets (Nick Craig-Wood)
+    * Fix listing all buckets when not needed (Nick Craig-Wood)
+    * Fix multi-thread upload with copyto going to wrong name (Nick Craig-Wood)
+    * Fix server side chunked copy when file size was exactly `--b2-copy-cutoff` (Nick Craig-Wood)
+    * Fix streaming chunked files an exact multiple of chunk size (Nick Craig-Wood)
+* Box
+    * Filter more EventIDs when polling (David Sze)
+    * Add more logging for polling (David Sze)
+    * Fix performance problem reading metadata for single files (Nick Craig-Wood)
+* Drive
+    * Add read/write metadata support (Nick Craig-Wood)
+    * Add support for SHA-1 and SHA-256 checksums (rinsuki)
+    * Add `--drive-show-all-gdocs` to allow unexportable gdocs to be server side copied (Nick Craig-Wood)
+    * Add a note that `--drive-scope` accepts comma-separated list of scopes (Keigo Imai)
+    * Fix error updating created time metadata on existing object (Nick Craig-Wood)
+    * Fix integration tests by enabling metadata support from the context (Nick Craig-Wood)
+* Dropbox
+    * Factor batcher into lib/batcher (Nick Craig-Wood)
+    * Fix missing encoding for rclone purge (Nick Craig-Wood)
+* Google Cloud Storage
+    * Fix 400 Bad request errors when using multi-thread copy (Nick Craig-Wood)
+* Googlephotos
+    * Implement batcher for uploads (Nick Craig-Wood)
+* Hdfs
+    * Added support for list of namenodes in hdfs remote config (Tayo-pasedaRJ)
+* HTTP
+    * Implement set backend command to update running backend (Nick Craig-Wood)
+    * Enable methods used with WebDAV (Alen Šiljak)
+* Jottacloud
+    * Add support for reading and writing metadata (albertony)
+* Onedrive
+    * Implement ListR method which gives `--fast-list` support (Nick Craig-Wood)
+        * This must be enabled with the `--onedrive-delta` flag
+* Quatrix
+    * Add partial upload support (Oksana Zhykina)
+    * Overwrite files on conflict during server-side move (Oksana Zhykina)
+* S3
+    * Add Linode provider (Nick Craig-Wood)
+    * Add docs on how to add a new provider (Nick Craig-Wood)
+    * Fix no error being returned when creating a bucket we don't own (Nick Craig-Wood)
+    * Emit a debug message if anonymous credentials are in use (Nick Craig-Wood)
+    * Add `--s3-disable-multipart-uploads` flag (Nick Craig-Wood)
+    * Detect looping when using gcs and versions (Nick Craig-Wood)
+* SFTP
+    * Implement `--sftp-copy-is-hardlink` to server side copy as hardlink (Nick Craig-Wood)
+* Smb
+    * Fix incorrect `about` size by switching to `github.com/cloudsoda/go-smb2` fork (Nick Craig-Wood)
+    * Fix modtime of multithread uploads by setting PartialUploads (Nick Craig-Wood)
+* WebDAV
+    * Added an rclone vendor to work with `rclone serve webdav` (Adithya Kumar)
+
+## v1.64.2 - 2023-10-19
+
+[See commits](https://github.com/rclone/rclone/compare/v1.64.1...v1.64.2)
+
+* Bug Fixes
+    * selfupdate: Fix "invalid hashsum signature" error (Nick Craig-Wood)
+    * build: Fix docker build running out of space (Nick Craig-Wood)
+
+## v1.64.1 - 2023-10-17
+
+[See commits](https://github.com/rclone/rclone/compare/v1.64.0...v1.64.1)
+
+* Bug Fixes
+    * cmd: Make `--progress` output logs in the same format as without (Nick Craig-Wood)
+    * docs fixes (Dimitri Papadopoulos Orfanos, Herby Gillot, Manoj Ghosh, Nick Craig-Wood)
+    * lsjson: Make sure we set the global metadata flag too (Nick Craig-Wood)
+    * operations
+        * Ensure concurrency is no greater than the number of chunks (Pat Patterson)
+        * Fix OpenOptions ignored in copy if operation was a multiThreadCopy (Vitor Gomes)
+        * Fix error message on delete to have file name (Nick Craig-Wood)
+    * serve sftp: Return not supported error for not supported commands (Nick Craig-Wood)
+    * build: Upgrade golang.org/x/net to v0.17.0 to fix HTTP/2 rapid reset (Nick Craig-Wood)
+    * pacer: Fix b2 deadlock by defaulting max connections to unlimited (Nick Craig-Wood)
+* Mount
+    * Fix automount not detecting drive is ready (Nick Craig-Wood)
+* VFS
+    * Fix update dir modification time (Saleh Dindar)
+* Azure Blob
+    * Fix "fatal error: concurrent map writes" (Nick Craig-Wood)
+* B2
+    * Fix multipart upload: corrupted on transfer: sizes differ XXX vs 0 (Nick Craig-Wood)
+    * Fix locking window when getting mutipart upload URL (Nick Craig-Wood)
+    * Fix server side copies greater than 4GB (Nick Craig-Wood)
+    * Fix chunked streaming uploads (Nick Craig-Wood)
+    * Reduce default `--b2-upload-concurrency` to 4 to reduce memory usage (Nick Craig-Wood)
+* Onedrive
+    * Fix the configurator to allow `/teams/ID` in the config (Nick Craig-Wood)
+* Oracleobjectstorage
+    * Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Nick Craig-Wood)
+* S3
+    * Fix slice bounds out of range error when listing (Nick Craig-Wood)
+    * Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Vitor Gomes)
+* Storj
+    * Update storj.io/uplink to v1.12.0 (Kaloyan Raev)
+
+## v1.64.0 - 2023-09-11
+
+[See commits](https://github.com/rclone/rclone/compare/v1.63.0...v1.64.0)
+
+* New backends
+    * [Proton Drive](/protondrive/) (Chun-Hung Tseng)
+    * [Quatrix](/quatrix/) (Oksana, Volodymyr Kit)
+    * New S3 providers
+        * [Synology C2](/s3/#synology-c2) (BakaWang)
+        * [Leviia](/s3/#leviia) (Benjamin)
+    * New Jottacloud providers
+        * [Onlime](/jottacloud/) (Fjodor42)
+        * [Telia Sky](/jottacloud/) (NoLooseEnds)
+* Major changes
+    * Multi-thread transfers (Vitor Gomes, Nick Craig-Wood, Manoj Ghosh, Edwin Mackenzie-Owen)
+        * Multi-thread transfers are now available when transferring to:
+            * `local`, `s3`, `azureblob`, `b2`, `oracleobjectstorage` and `smb`
+        * This greatly improves transfer speed between two network sources.
+        * In memory buffering has been unified between all backends and should share memory better.
+        * See [--multi-thread docs](/docs/#multi-thread-cutoff) for more info
+* New commands
+    * `rclone config redacted` support mechanism for showing redacted config (Nick Craig-Wood)
+* New Features
+    * accounting
+        * Show server side stats in own lines and not as bytes transferred (Nick Craig-Wood)
+    * bisync
+        * Add new `--ignore-listing-checksum` flag to distinguish from `--ignore-checksum` (nielash)
+        * Add experimental `--resilient` mode to allow recovery from self-correctable errors (nielash)
+        * Add support for `--create-empty-src-dirs` (nielash)
+        * Dry runs no longer commit filter changes (nielash)
+        * Enforce `--check-access` during `--resync` (nielash)
+        * Apply filters correctly during deletes (nielash)
+        * Equality check before renaming (leave identical files alone) (nielash)
+        * Fix `dryRun` rc parameter being ignored (nielash)
+    * build
+        * Update to `go1.21` and make `go1.19` the minimum required version (Anagh Kumar Baranwal, Nick Craig-Wood)
+        * Update dependencies (Nick Craig-Wood)
+        * Add snap installation (hideo aoyama)
+        * Change Winget Releaser job to `ubuntu-latest` (sitiom)
+    * cmd: Refactor and use sysdnotify in more commands (eNV25)
+    * config: Add `--multi-thread-chunk-size` flag (Vitor Gomes)
+    * doc updates (antoinetran, Benjamin, Bjørn Smith, Dean Attali, gabriel-suela, James Braza, Justin Hellings, kapitainsky, Mahad, Masamune3210, Nick Craig-Wood, Nihaal Sangha, Niklas Hambüchen, Raymond Berger, r-ricci, Sawada Tsunayoshi, Tiago Boeing, Vladislav Vorobev)
+    * fs
+        * Use atomic types everywhere (Roberto Ricci)
+        * When `--max-transfer` limit is reached exit with code (10) (kapitainsky)
+        * Add rclone completion powershell - basic implementation only (Nick Craig-Wood)
+    * http servers: Allow CORS to be set with `--allow-origin` flag (yuudi)
+    * lib/rest: Remove unnecessary `nil` check (Eng Zer Jun)
+    * ncdu: Add keybinding to rescan filesystem (eNV25)
+    * rc
+        * Add `executeId` to job listings (yuudi)
+        * Add `core/du` to measure local disk usage (Nick Craig-Wood)
+        * Add `operations/settier` to API (Drew Stinnett)
+    * rclone test info: Add `--check-base32768` flag to check can store all base32768 characters (Nick Craig-Wood)
+    * rmdirs: Remove directories concurrently controlled by `--checkers` (Nick Craig-Wood)
+* Bug Fixes
+    * accounting: Don't stop calculating average transfer speed until the operation is complete (Jacob Hands)
+    * fs: Fix `transferTime` not being set in JSON logs (Jacob Hands)
+    * fshttp: Fix `--bind 0.0.0.0` allowing IPv6 and `--bind ::0` allowing IPv4 (Nick Craig-Wood)
+    * operations: Fix overlapping check on case insensitive file systems (Nick Craig-Wood)
+    * serve dlna: Fix MIME type if backend can't identify it (Nick Craig-Wood)
+    * serve ftp: Fix race condition when using the auth proxy (Nick Craig-Wood)
+    * serve sftp: Fix hash calculations with `--vfs-cache-mode full` (Nick Craig-Wood)
+    * serve webdav: Fix error: Expecting fs.Object or fs.Directory, got `nil` (Nick Craig-Wood)
+    * sync: Fix lockup with `--cutoff-mode=soft` and `--max-duration` (Nick Craig-Wood)
+* Mount
+    * fix: Mount parsing for linux (Anagh Kumar Baranwal)
+* VFS
+    * Add `--vfs-cache-min-free-space` to control minimum free space on the disk containing the cache (Nick Craig-Wood)
+    * Added cache cleaner for directories to reduce memory usage (Anagh Kumar Baranwal)
+    * Update parent directory modtimes on vfs actions (David Pedersen)
+    * Keep virtual directory status accurate and reduce deadlock potential (Anagh Kumar Baranwal)
+    * Make sure struct field is aligned for atomic access (Roberto Ricci)
+* Local
+    * Rmdir return an error if the path is not a dir (zjx20)
+* Azure Blob
+    * Implement `OpenChunkWriter` and multi-thread uploads (Nick Craig-Wood)
+    * Fix creation of directory markers (Nick Craig-Wood)
+    * Fix purging with directory markers (Nick Craig-Wood)
+* B2
+    * Implement `OpenChunkWriter` and multi-thread uploads (Nick Craig-Wood)
+    * Fix rclone link when object path contains special characters (Alishan Ladhani)
+* Box
+    * Add polling support (David Sze)
+    * Add `--box-impersonate` to impersonate a user ID (Nick Craig-Wood)
+    * Fix unhelpful decoding of error messages into decimal numbers (Nick Craig-Wood)
+* Chunker
+    * Update documentation to mention issue with small files (Ricardo D'O. Albanus)
+* Compress
+    * Fix ChangeNotify (Nick Craig-Wood)
+* Drive
+    * Add `--drive-fast-list-bug-fix` to control ListR bug workaround (Nick Craig-Wood)
+* Fichier
+    * Implement `DirMove` (Nick Craig-Wood)
+    * Fix error code parsing (alexia)
+* FTP
+    * Add socks_proxy support for SOCKS5 proxies (Zach)
+    * Fix 425 "TLS session of data connection not resumed" errors (Nick Craig-Wood)
+* Hdfs
+    * Retry "replication in progress" errors when uploading (Nick Craig-Wood)
+    * Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)
+* HTTP
+    * CORS should not be sent if not set (yuudi)
+    * Fix webdav OPTIONS response (yuudi)
+* Opendrive
+    * Fix List on a just deleted and remade directory (Nick Craig-Wood)
+* Oracleobjectstorage
+    * Use rclone's rate limiter in multipart transfers (Manoj Ghosh)
+    * Implement `OpenChunkWriter` and multi-thread uploads (Manoj Ghosh)
+* S3
+    * Refactor multipart upload to use `OpenChunkWriter` and `ChunkWriter` (Vitor Gomes)
+    * Factor generic multipart upload into `lib/multipart` (Nick Craig-Wood)
+    * Fix purging of root directory with `--s3-directory-markers` (Nick Craig-Wood)
+    * Add `rclone backend set` command to update the running config (Nick Craig-Wood)
+    * Add `rclone backend restore-status` command (Nick Craig-Wood)
+* SFTP
+    * Stop uploads re-using the same ssh connection to improve performance (Nick Craig-Wood)
+    * Add `--sftp-ssh` to specify an external ssh binary to use (Nick Craig-Wood)
+    * Add socks_proxy support for SOCKS5 proxies (Zach)
+    * Support dynamic `--sftp-path-override` (nielash)
+    * Fix spurious warning when using `--sftp-ssh` (Nick Craig-Wood)
+* Smb
+    * Implement multi-threaded writes for copies to smb (Edwin Mackenzie-Owen)
+* Storj
+    * Performance improvement for large file uploads (Kaloyan Raev)
+* Swift
+    * Fix HEADing 0-length objects when `--swift-no-large-objects` set (Julian Lepinski)
+* Union
+    * Add `:writback` to act as a simple cache (Nick Craig-Wood)
+* WebDAV
+    * Nextcloud: fix segment violation in low-level retry (Paul)
+* Zoho
+    * Remove Range requests workarounds to fix integration tests (Nick Craig-Wood)
+
+## v1.63.1 - 2023-07-17
+
+[See commits](https://github.com/rclone/rclone/compare/v1.63.0...v1.63.1)
+
+* Bug Fixes
+    * build: Fix macos builds for versions < 12 (Anagh Kumar Baranwal)
+    * dirtree: Fix performance with large directories of directories and `--fast-list` (Nick Craig-Wood)
+    * operations
+        * Fix deadlock when using `lsd`/`ls` with `--progress` (Nick Craig-Wood)
+        * Fix `.rclonelink` files not being converted back to symlinks (Nick Craig-Wood)
+    * doc fixes (Dean Attali, Mahad, Nick Craig-Wood, Sawada Tsunayoshi, Vladislav Vorobev)
+* Local
+    * Fix partial directory read for corrupted filesystem (Nick Craig-Wood)
+* Box
+    * Fix reconnect failing with HTTP 400 Bad Request (albertony)
+* Smb
+    * Fix "Statfs failed: bucket or container name is needed" when mounting (Nick Craig-Wood)
+* WebDAV
+    * Nextcloud: fix must use /dav/files/USER endpoint not /webdav error (Paul)
+    * Nextcloud chunking: add more guidance for the user to check the config (darix)
+
+## v1.63.0 - 2023-06-30
+
+[See commits](https://github.com/rclone/rclone/compare/v1.62.0...v1.63.0)
+
+* New backends
+    * [Pikpak](/pikpak/) (wiserain)
+    * New S3 providers
+        * [petabox.io](/s3/#petabox) (Andrei Smirnov)
+        * [Google Cloud Storage](/s3/#google-cloud-storage) (Anthony Pessy)
+    * New WebDAV providers
+        * [Fastmail](/webdav/#fastmail-files) (Arnavion)
+* Major changes
+    * Files will be copied to a temporary name ending in `.partial` when copying to `local`,`ftp`,`sftp` then renamed at the end of the transfer. (Janne Hellsten, Nick Craig-Wood)
+        * This helps with data integrity as we don't delete the existing file until the new one is complete.
+        * It can be disabled with the [--inplace](/docs/#inplace) flag.
+        * This behaviour will also happen if the backend is wrapped, for example `sftp` wrapped with `crypt`.
+    * The [s3](/s3/#s3-directory-markers), [azureblob](/azureblob/#azureblob-directory-markers) and [gcs](/googlecloudstorage/#gcs-directory-markers) backends now support directory markers so empty directories are supported (Jānis Bebrītis, Nick Craig-Wood)
+    * The [--default-time](/docs/#default-time-time) flag now controls the unknown modification time of files/dirs (Nick Craig-Wood)
+        * If a file or directory does not have a modification time rclone can read then rclone will display this fixed time instead.
+        * For the old behaviour use `--default-time 0s` which will set this time to the time rclone started up.
+* New Features
+    * build
+        * Modernise linters in use and fixup all affected code (albertony)
+        * Push docker beta to GHCR (GitHub container registry) (Richard Tweed)
+    * cat: Add `--separator` option to cat command (Loren Gordon)
+    * config
+        * Do not remove/overwrite other files during config file save (albertony)
+        * Do not overwrite config file symbolic link (albertony)
+        * Stop `config create` making invalid config files (Nick Craig-Wood)
+    * doc updates (Adam K, Aditya Basu, albertony, asdffdsazqqq, Damo, danielkrajnik, Dimitri Papadopoulos, dlitster, Drew Parsons, jumbi77, kapitainsky, mac-15, Mariusz Suchodolski, Nick Craig-Wood, NickIAm, Rintze Zelle, Stanislav Gromov, Tareq Sharafy, URenko, yuudi, Zach Kipp)
+    * fs
+        * Add `size` to JSON logs when moving or copying an object (Nick Craig-Wood)
+        * Allow boolean features to be enabled with `--disable !Feature` (Nick Craig-Wood)
+    * genautocomplete: Rename to `completion` with alias to the old name (Nick Craig-Wood)
+    * librclone: Added example on using `librclone` with Go (alankrit)
+    * lsjson: Make `--stat` more efficient (Nick Craig-Wood)
+    * operations
+        * Implement `--multi-thread-write-buffer-size` for speed improvements on downloads (Paulo Schreiner)
+        * Reopen downloads on error when using `check --download` and `cat` (Nick Craig-Wood)
+    * rc: `config/listremotes` includes remotes defined with environment variables (kapitainsky)
+    * selfupdate: Obey `--no-check-certificate` flag (Nick Craig-Wood)
+    * serve restic: Trigger systemd notify (Shyim)
+    * serve webdav: Implement owncloud checksum and modtime extensions (WeidiDeng)
+    * sync: `--suffix-keep-extension` preserve 2 part extensions like .tar.gz (Nick Craig-Wood)
+* Bug Fixes
+    * accounting
+        * Fix Prometheus metrics to be the same as `core/stats` (Nick Craig-Wood)
+        * Bwlimit signal handler should always start (Sam Lai)
+    * bisync: Fix `maxDelete` parameter being ignored via the rc (Nick Craig-Wood)
+    * cmd/ncdu: Fix screen corruption when logging (eNV25)
+    * filter: Fix deadlock with errors on `--files-from` (douchen)
+    * fs
+        * Fix interaction between `--progress` and `--interactive` (Nick Craig-Wood)
+        * Fix infinite recursive call in pacer ModifyCalculator (fixes issue reported by the staticcheck linter) (albertony)
+    * lib/atexit: Ensure OnError only calls cancel function once (Nick Craig-Wood)
+    * lib/rest: Fix problems re-using HTTP connections (Nick Craig-Wood)
+    * rc
+        * Fix `operations/stat` with trailing `/` (Nick Craig-Wood)
+        * Fix missing `--rc` flags (Nick Craig-Wood)
+        * Fix output of Time values in `options/get` (Nick Craig-Wood)
+    * serve dlna: Fix potential data race (Nick Craig-Wood)
+    * version: Fix reported os/kernel version for windows (albertony)
+* Mount
+    * Add `--mount-case-insensitive` to force the mount to be case insensitive (Nick Craig-Wood)
+    * Removed unnecessary byte slice allocation for reads (Anagh Kumar Baranwal)
+    * Clarify rclone mount error when installed via homebrew (Nick Craig-Wood)
+    * Added _netdev to the example mount so it gets treated as a remote-fs rather than local-fs (Anagh Kumar Baranwal)
+* Mount2
+    * Updated go-fuse version (Anagh Kumar Baranwal)
+    * Fixed statfs (Anagh Kumar Baranwal)
+    * Disable xattrs (Anagh Kumar Baranwal)
+* VFS
+    * Add MkdirAll function to make a directory and all beneath (Nick Craig-Wood)
+    * Fix reload: failed to add virtual dir entry: file does not exist (Nick Craig-Wood)
+    * Fix writing to a read only directory creating spurious directory entries (WeidiDeng)
+    * Fix potential data race (Nick Craig-Wood)
+    * Fix backends being Shutdown too early when startup takes a long time (Nick Craig-Wood)
+* Local
+    * Fix filtering of symlinks with `-l`/`--links` flag (Nick Craig-Wood)
+    * Fix /path/to/file.rclonelink when `-l`/`--links` is in use (Nick Craig-Wood)
+    * Fix crash with `--metadata` on Android (Nick Craig-Wood)
+* Cache
+    * Fix backends shutting down when in use when used via the rc (Nick Craig-Wood)
+* Crypt
+    * Add `--crypt-suffix` option to set a custom suffix for encrypted files (jladbrook)
+    * Add `--crypt-pass-bad-blocks` to allow corrupted file output (Nick Craig-Wood)
+    * Fix reading 0 length files (Nick Craig-Wood)
+    * Try not to return "unexpected EOF" error (Nick Craig-Wood)
+    * Reduce allocations (albertony)
+    * Recommend Dropbox for `base32768` encoding (Nick Craig-Wood)
+* Azure Blob
+    * Empty directory markers (Nick Craig-Wood)
+    * Support azure workload identities (Tareq Sharafy)
+    * Fix azure blob uploads with multiple bits of metadata (Nick Craig-Wood)
+    * Fix azurite compatibility by sending nil tier if set to empty string (Roel Arents)
+* Combine
+    * Implement missing methods (Nick Craig-Wood)
+    * Fix goroutine stack overflow on bad object (Nick Craig-Wood)
+* Drive
+    * Add `--drive-env-auth` to get IAM credentials from runtime (Peter Brunner)
+    * Update drive service account guide (Juang, Yi-Lin)
+    * Fix change notify picking up files outside the root (Nick Craig-Wood)
+    * Fix trailing slash mis-identificaton of folder as file (Nick Craig-Wood)
+    * Fix incorrect remote after Update on object (Nick Craig-Wood)
+* Dropbox
+    * Implement `--dropbox-pacer-min-sleep` flag (Nick Craig-Wood)
+    * Fix the dropbox batcher stalling (Misty)
+* Fichier
+    * Add `--ficicher-cdn` option to use the CDN for download (Nick Craig-Wood)
+* FTP
+    * Lower log message priority when `SetModTime` is not supported to debug (Tobias Gion)
+    * Fix "unsupported LIST line" errors on startup (Nick Craig-Wood)
+    * Fix "501 Not a valid pathname." errors when creating directories (Nick Craig-Wood)
+* Google Cloud Storage
+    * Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)
+    * Added `--gcs-user-project` needed for requester pays (Christopher Merry)
+* HTTP
+    * Add client certificate user auth middleware. This can auth `serve restic` from the username in the client cert. (Peter Fern)
+* Jottacloud
+    * Fix vfs writeback stuck in a failed upload loop with file versioning disabled (albertony)
+* Onedrive
+    * Add `--onedrive-av-override` flag to download files flagged as virus (Nick Craig-Wood)
+    * Fix quickxorhash on 32 bit architectures (Nick Craig-Wood)
+    * Report any list errors during `rclone cleanup` (albertony)
+* Putio
+    * Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)
+    * Fix modification times not being preserved for server side copy and move (Nick Craig-Wood)
+    * Fix server side copy failures (400 errors) (Nick Craig-Wood)
+* S3
+    * Empty directory markers (Jānis Bebrītis, Nick Craig-Wood)
+    * Update Scaleway storage classes (Brian Starkey)
+    * Fix `--s3-versions` on individual objects (Nick Craig-Wood)
+    * Fix hang on aborting multipart upload with iDrive e2 (Nick Craig-Wood)
+    * Fix missing "tier" metadata (Nick Craig-Wood)
+    * Fix V3sign: add missing subresource delete (cc)
+    * Fix Arvancloud Domain and region changes and alphabetise the provider (Ehsan Tadayon)
+    * Fix Qiniu KODO quirks virtualHostStyle is false (zzq)
+* SFTP
+    * Add `--sftp-host-key-algorithms ` to allow specifying SSH host key algorithms (Joel)
+    * Fix using `--sftp-key-use-agent` and `--sftp-key-file` together needing private key file (Arnav Singh)
+    * Fix move to allow overwriting existing files (Nick Craig-Wood)
+    * Don't stat directories before listing them (Nick Craig-Wood)
+    * Don't check remote points to a file if it ends with / (Nick Craig-Wood)
+* Sharefile
+    * Disable streamed transfers as they no longer work (Nick Craig-Wood)
+* Smb
+    * Code cleanup to avoid overwriting ctx before first use (fixes issue reported by the staticcheck linter) (albertony)
+* Storj
+    * Fix "uplink: too many requests" errors when uploading to the same file (Nick Craig-Wood)
+    * Fix uploading to the wrong object on Update with overridden remote name (Nick Craig-Wood)
+* Swift
+    * Ignore 404 error when deleting an object (Nick Craig-Wood)
+* Union
+    * Implement missing methods (Nick Craig-Wood)
+    * Allow errors to be unwrapped for inspection (Nick Craig-Wood)
+* Uptobox
+    * Add `--uptobox-private` flag to make all uploaded files private (Nick Craig-Wood)
+    * Fix improper regex (Aaron Gokaslan)
+    * Fix Update returning the wrong object (Nick Craig-Wood)
+    * Fix rmdir declaring that directories weren't empty (Nick Craig-Wood)
+* WebDAV
+    * nextcloud: Add support for chunked uploads (Paul)
+    * Set modtime using propset for owncloud and nextcloud (WeidiDeng)
+    * Make pacer minSleep configurable with `--webdav-pacer-min-sleep` (ed)
+    * Fix server side copy/move not overwriting (WeidiDeng)
+    * Fix modtime on server side copy for owncloud and nextcloud (Nick Craig-Wood)
+* Yandex
+    * Fix 400 Bad Request on transfer failure (Nick Craig-Wood)
+* Zoho
+    * Fix downloads with `Range:` header returning the wrong data (Nick Craig-Wood)
+
+## v1.62.2 - 2023-03-16
+
+[See commits](https://github.com/rclone/rclone/compare/v1.62.1...v1.62.2)
+
+* Bug Fixes
+    * docker volume plugin: Add missing fuse3 dependency (Nick Craig-Wood)
+    * docs: Fix size documentation (asdffdsazqqq)
+* FTP
+    * Fix 426 errors on downloads with vsftpd (Lesmiscore)
+
 ## v1.62.1 - 2023-03-15
 
 [See commits](https://github.com/rclone/rclone/compare/v1.62.0...v1.62.1)
@@ -2010,8 +2493,8 @@ all the docs and Edward Barker for helping re-write the front page.
     * Use proper import path go.etcd.io/bbolt (Robert-André Mauchin)
 * Crypt
     * Calculate hashes for uploads from local disk (Nick Craig-Wood)
-        * This allows crypted Jottacloud uploads without using local disk
-        * This means crypted s3/b2 uploads will now have hashes
+        * This allows encrypted Jottacloud uploads without using local disk
+        * This means encrypted s3/b2 uploads will now have hashes
     * Added `rclone backend decode`/`encode` commands to replicate functionality of `cryptdecode` (Anagh Kumar Baranwal)
     * Get rid of the unused Cipher interface as it obfuscated the code (Nick Craig-Wood)
 * Azure Blob
@@ -3221,7 +3704,7 @@ Point release to fix hubic and azureblob backends.
     * Fix panic when running without plex configs (Remus Bunduc)
     * Fix root folder caching (Remus Bunduc)
 * Crypt
-    * Check the crypted hash of files when uploading for extra data security
+    * Check the encrypted hash of files when uploading for extra data security
 * Dropbox
     * Make Dropbox for business folders accessible using an initial `/` in the path
 * Google Cloud Storage
@@ -3576,7 +4059,7 @@ Point release to fix hubic and azureblob backends.
 * New commands
     * `rcat` - read from standard input and stream upload
     * `tree` - shows a nicely formatted recursive listing
-    * `cryptdecode` - decode crypted file names (thanks ishuah)
+    * `cryptdecode` - decode encrypted file names (thanks ishuah)
     * `config show` - print the config file
     * `config file` - print the config file location
 * New Features
@@ -3602,7 +4085,7 @@ Point release to fix hubic and azureblob backends.
     * Revert to copy when moving file across file system boundaries
     * `--skip-links` to suppress symlink warnings (thanks Zhiming Wang)
 * Mount
-    * Re-use `rcat` internals to support uploads from all remotes
+    * Reuse `rcat` internals to support uploads from all remotes
 * Dropbox
     * Fix "entry doesn't belong in directory" error
     * Stop using deprecated API methods
@@ -3880,7 +4363,7 @@ Point release to fix hubic and azureblob backends.
     * Fix `rclone move` command
         * Delete src files which already existed in dst
         * Fix deletion of src file when dst file older
-    * Fix `rclone check` on crypted file systems
+    * Fix `rclone check` on encrypted file systems
     * Make failed uploads not count as "Transferred"
     * Make sure high level retries show with `-q`
     * Use a vendor directory with godep for repeatable builds
diff --git a/docs/content/chunker.md b/docs/content/chunker.md
index f9287c89ca2ff..e7011dc08abed 100644
--- a/docs/content/chunker.md
+++ b/docs/content/chunker.md
@@ -97,7 +97,7 @@ will put files in a directory called `name` in the current directory.
 
 When rclone starts a file upload, chunker checks the file size. If it
 doesn't exceed the configured chunk size, chunker will just pass the file
-to the wrapped remote. If a file is large, chunker will transparently cut
+to the wrapped remote (however, see caveat below). If a file is large, chunker will transparently cut
 data in pieces with temporary names and stream them one by one, on the fly.
 Each data chunk will contain the specified number of bytes, except for the
 last one which may have less data. If file size is unknown in advance
@@ -129,6 +129,14 @@ proceed with current command.
 You can set the `--chunker-fail-hard` flag to have commands abort with
 error message in such cases.
 
+**Caveat**: As it is now, chunker will always create a temporary file in the 
+backend and then rename it, even if the file is below the chunk threshold.
+This will result in unnecessary API calls and can severely restrict throughput
+when handling transfers primarily composed of small files on some backends (e.g. Box).
+A workaround to this issue is to use chunker only for files above the chunk threshold
+via `--min-size` and then perform a separate call without chunker on the remaining
+files. 
+
 
 #### Chunk names
 
@@ -218,7 +226,7 @@ guarantee given hash for all files. If wrapped remote doesn't support it,
 chunker will then add metadata to all files, even small. However, this can
 double the amount of small files in storage and incur additional service charges.
 You can even use chunker to force md5/sha1 support in any other remote
-at expense of sidecar meta objects by setting e.g. `chunk_type=sha1all`
+at expense of sidecar meta objects by setting e.g. `hash_type=sha1all`
 to force hashsums and `chunk_size=1P` to effectively disable chunking.
 
 Normally, when a file is copied to chunker controlled remote, chunker
@@ -236,7 +244,7 @@ revert (sometimes silently) to time/size comparison if compatible hashsums
 between source and target are not found.
 
 
-### Modified time
+### Modification times
 
 Chunker stores modification times using the wrapped remote so support
 depends on that. For a small non-chunked file the chunker overlay simply
diff --git a/docs/content/commands/rclone.md b/docs/content/commands/rclone.md
index f256d6f4f4891..e1489389dd01b 100644
--- a/docs/content/commands/rclone.md
+++ b/docs/content/commands/rclone.md
@@ -5,11 +5,11 @@ slug: rclone
 url: /commands/rclone/
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/ and as part of making a release run "make commanddocs"
 ---
-# rclone
+## rclone
 
 Show help for rclone commands, flags and backends.
 
-## Synopsis
+### Synopsis
 
 
 Rclone syncs files to and from cloud storage providers as well as
@@ -24,15 +24,843 @@ documentation, changelog and configuration walkthroughs.
 rclone [flags]
 ```
 
-## Options
+### Options
 
 ```
-  -h, --help   help for rclone
+      --acd-auth-url string                                 Auth server URL
+      --acd-client-id string                                OAuth Client Id
+      --acd-client-secret string                            OAuth Client Secret
+      --acd-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --acd-templink-threshold SizeSuffix                   Files >= this size will be downloaded via their tempLink (default 9Gi)
+      --acd-token string                                    OAuth Access Token as a JSON blob
+      --acd-token-url string                                Token server url
+      --acd-upload-wait-per-gb Duration                     Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
+      --alias-remote string                                 Remote or path to alias
+      --ask-password                                        Allow prompt for password for encrypted configuration (default true)
+      --auto-confirm                                        If enabled, do not request console confirmation
+      --azureblob-access-tier string                        Access tier of blob: hot, cool, cold or archive
+      --azureblob-account string                            Azure Storage Account Name
+      --azureblob-archive-tier-delete                       Delete archive tier blobs before overwriting
+      --azureblob-chunk-size SizeSuffix                     Upload chunk size (default 4Mi)
+      --azureblob-client-certificate-password string        Password for the certificate file (optional) (obscured)
+      --azureblob-client-certificate-path string            Path to a PEM or PKCS12 certificate file including the private key
+      --azureblob-client-id string                          The ID of the client in use
+      --azureblob-client-secret string                      One of the service principal's client secrets
+      --azureblob-client-send-certificate-chain             Send the certificate chain when using certificate auth
+      --azureblob-directory-markers                         Upload an empty object with a trailing slash when a new directory is created
+      --azureblob-disable-checksum                          Don't store MD5 checksum with object metadata
+      --azureblob-encoding Encoding                         The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
+      --azureblob-endpoint string                           Endpoint for the service
+      --azureblob-env-auth                                  Read credentials from runtime (environment variables, CLI or MSI)
+      --azureblob-key string                                Storage Account Shared Key
+      --azureblob-list-chunk int                            Size of blob list (default 5000)
+      --azureblob-msi-client-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-msi-mi-res-id string                      Azure resource ID of the user-assigned MSI to use, if any
+      --azureblob-msi-object-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-no-check-container                        If set, don't attempt to check the container exists or create it
+      --azureblob-no-head-object                            If set, do not do HEAD before GET when getting objects
+      --azureblob-password string                           The user's password (obscured)
+      --azureblob-public-access string                      Public access level of a container: blob or container
+      --azureblob-sas-url string                            SAS URL for container level access only
+      --azureblob-service-principal-file string             Path to file containing credentials for use with a service principal
+      --azureblob-tenant string                             ID of the service principal's tenant. Also called its directory ID
+      --azureblob-upload-concurrency int                    Concurrency for multipart uploads (default 16)
+      --azureblob-upload-cutoff string                      Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
+      --azureblob-use-emulator                              Uses local storage emulator if provided as 'true'
+      --azureblob-use-msi                                   Use a managed service identity to authenticate (only works in Azure)
+      --azureblob-username string                           User name (usually an email address)
+      --azurefiles-account string                           Azure Storage Account Name
+      --azurefiles-chunk-size SizeSuffix                    Upload chunk size (default 4Mi)
+      --azurefiles-client-certificate-password string       Password for the certificate file (optional) (obscured)
+      --azurefiles-client-certificate-path string           Path to a PEM or PKCS12 certificate file including the private key
+      --azurefiles-client-id string                         The ID of the client in use
+      --azurefiles-client-secret string                     One of the service principal's client secrets
+      --azurefiles-client-send-certificate-chain            Send the certificate chain when using certificate auth
+      --azurefiles-connection-string string                 Azure Files Connection String
+      --azurefiles-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot)
+      --azurefiles-endpoint string                          Endpoint for the service
+      --azurefiles-env-auth                                 Read credentials from runtime (environment variables, CLI or MSI)
+      --azurefiles-key string                               Storage Account Shared Key
+      --azurefiles-max-stream-size SizeSuffix               Max size for streamed files (default 10Gi)
+      --azurefiles-msi-client-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-mi-res-id string                     Azure resource ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-object-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-password string                          The user's password (obscured)
+      --azurefiles-sas-url string                           SAS URL
+      --azurefiles-service-principal-file string            Path to file containing credentials for use with a service principal
+      --azurefiles-share-name string                        Azure Files Share Name
+      --azurefiles-tenant string                            ID of the service principal's tenant. Also called its directory ID
+      --azurefiles-upload-concurrency int                   Concurrency for multipart uploads (default 16)
+      --azurefiles-use-msi                                  Use a managed service identity to authenticate (only works in Azure)
+      --azurefiles-username string                          User name (usually an email address)
+      --b2-account string                                   Account ID or Application Key ID
+      --b2-chunk-size SizeSuffix                            Upload chunk size (default 96Mi)
+      --b2-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4Gi)
+      --b2-disable-checksum                                 Disable checksums for large (> upload cutoff) files
+      --b2-download-auth-duration Duration                  Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
+      --b2-download-url string                              Custom endpoint for downloads
+      --b2-encoding Encoding                                The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --b2-endpoint string                                  Endpoint for the service
+      --b2-hard-delete                                      Permanently delete files on remote removal, otherwise hide files
+      --b2-key string                                       Application Key
+      --b2-lifecycle int                                    Set the number of days deleted files should be kept when creating a bucket
+      --b2-test-mode string                                 A flag string for X-Bz-Test-Mode header for debugging
+      --b2-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --b2-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --b2-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --b2-versions                                         Include old versions in directory listings
+      --backup-dir string                                   Make backups into hierarchy based in DIR
+      --bind string                                         Local address to bind to for outgoing connections, IPv4, IPv6 or name
+      --box-access-token string                             Box App Primary Access Token
+      --box-auth-url string                                 Auth server URL
+      --box-box-config-file string                          Box App config.json location
+      --box-box-sub-type string                              (default "user")
+      --box-client-id string                                OAuth Client Id
+      --box-client-secret string                            OAuth Client Secret
+      --box-commit-retries int                              Max number of times to try committing a multipart file (default 100)
+      --box-encoding Encoding                               The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
+      --box-impersonate string                              Impersonate this user ID when using a service account
+      --box-list-chunk int                                  Size of listing chunk 1-1000 (default 1000)
+      --box-owned-by string                                 Only show items owned by the login (email address) passed in
+      --box-root-folder-id string                           Fill in for rclone to use a non root folder as its starting point
+      --box-token string                                    OAuth Access Token as a JSON blob
+      --box-token-url string                                Token server url
+      --box-upload-cutoff SizeSuffix                        Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
+      --buffer-size SizeSuffix                              In memory buffer size when reading files for each --transfer (default 16Mi)
+      --bwlimit BwTimetable                                 Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --bwlimit-file BwTimetable                            Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --ca-cert stringArray                                 CA certificate used to verify servers
+      --cache-chunk-clean-interval Duration                 How often should the cache perform cleanups of the chunk storage (default 1m0s)
+      --cache-chunk-no-memory                               Disable the in-memory cache for storing chunks during streaming
+      --cache-chunk-path string                             Directory to cache chunk files (default "$HOME/.cache/rclone/cache-backend")
+      --cache-chunk-size SizeSuffix                         The size of a chunk (partial file data) (default 5Mi)
+      --cache-chunk-total-size SizeSuffix                   The total size that the chunks can take up on the local disk (default 10Gi)
+      --cache-db-path string                                Directory to store file structure metadata DB (default "$HOME/.cache/rclone/cache-backend")
+      --cache-db-purge                                      Clear all the cached data for this remote on start
+      --cache-db-wait-time Duration                         How long to wait for the DB to be available - 0 is unlimited (default 1s)
+      --cache-dir string                                    Directory rclone will use for caching (default "$HOME/.cache/rclone")
+      --cache-info-age Duration                             How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
+      --cache-plex-insecure string                          Skip all certificate verification when connecting to the Plex server
+      --cache-plex-password string                          The password of the Plex user (obscured)
+      --cache-plex-url string                               The URL of the Plex server
+      --cache-plex-username string                          The username of the Plex user
+      --cache-read-retries int                              How many times to retry a read from a cache storage (default 10)
+      --cache-remote string                                 Remote to cache
+      --cache-rps int                                       Limits the number of requests per second to the source FS (-1 to disable) (default -1)
+      --cache-tmp-upload-path string                        Directory to keep temporary files until they are uploaded
+      --cache-tmp-wait-time Duration                        How long should files be stored in local cache before being uploaded (default 15s)
+      --cache-workers int                                   How many workers should run in parallel to download chunks (default 4)
+      --cache-writes                                        Cache file data on writes through the FS
+      --check-first                                         Do all the checks before starting transfers
+      --checkers int                                        Number of checkers to run in parallel (default 8)
+  -c, --checksum                                            Check for changes with size & checksum (if available, or fallback to size only).
+      --chunker-chunk-size SizeSuffix                       Files larger than chunk size will be split in chunks (default 2Gi)
+      --chunker-fail-hard                                   Choose how chunker should handle files with missing or invalid chunks
+      --chunker-hash-type string                            Choose how chunker handles hash sums (default "md5")
+      --chunker-remote string                               Remote to chunk/unchunk
+      --client-cert string                                  Client SSL certificate (PEM) for mutual TLS auth
+      --client-key string                                   Client SSL private key (PEM) for mutual TLS auth
+      --color AUTO|NEVER|ALWAYS                             When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default AUTO)
+      --combine-upstreams SpaceSepList                      Upstreams for combining
+      --compare-dest stringArray                            Include additional comma separated server-side paths during comparison
+      --compress-level int                                  GZIP compression level (-2 to 9) (default -1)
+      --compress-mode string                                Compression mode (default "gzip")
+      --compress-ram-cache-limit SizeSuffix                 Some remotes don't allow the upload of files with unknown size (default 20Mi)
+      --compress-remote string                              Remote to compress
+      --config string                                       Config file (default "$HOME/.config/rclone/rclone.conf")
+      --contimeout Duration                                 Connect timeout (default 1m0s)
+      --copy-dest stringArray                               Implies --compare-dest but also copies files from paths into destination
+  -L, --copy-links                                          Follow symlinks and copy the pointed to item
+      --cpuprofile string                                   Write cpu profile to file
+      --crypt-directory-name-encryption                     Option to either encrypt directory names or leave them intact (default true)
+      --crypt-filename-encoding string                      How to encode the encrypted filename to text string (default "base32")
+      --crypt-filename-encryption string                    How to encrypt the filenames (default "standard")
+      --crypt-no-data-encryption                            Option to either encrypt file data or leave it unencrypted
+      --crypt-pass-bad-blocks                               If set this will pass bad blocks through as all 0
+      --crypt-password string                               Password or pass phrase for encryption (obscured)
+      --crypt-password2 string                              Password or pass phrase for salt (obscured)
+      --crypt-remote string                                 Remote to encrypt/decrypt
+      --crypt-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --crypt-show-mapping                                  For all files listed show how the names encrypt
+      --crypt-suffix string                                 If this is set it will override the default suffix of ".bin" (default ".bin")
+      --cutoff-mode HARD|SOFT|CAUTIOUS                      Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --default-time Time                                   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --delete-after                                        When synchronizing, delete files on destination after transferring (default)
+      --delete-before                                       When synchronizing, delete files on destination before transferring
+      --delete-during                                       When synchronizing, delete files during transfer
+      --delete-excluded                                     Delete files on dest excluded from sync
+      --disable string                                      Disable a comma separated list of features (use --disable help to see a list)
+      --disable-http-keep-alives                            Disable HTTP keep-alives and use each connection once.
+      --disable-http2                                       Disable HTTP/2 in the global transport
+      --drive-acknowledge-abuse                             Set to allow files which return cannotDownloadAbusiveFile to be downloaded
+      --drive-allow-import-name-change                      Allow the filetype to change when uploading Google docs
+      --drive-auth-owner-only                               Only consider files owned by the authenticated user
+      --drive-auth-url string                               Auth server URL
+      --drive-chunk-size SizeSuffix                         Upload chunk size (default 8Mi)
+      --drive-client-id string                              Google Application Client Id
+      --drive-client-secret string                          OAuth Client Secret
+      --drive-copy-shortcut-content                         Server side copy contents of shortcuts instead of the shortcut
+      --drive-disable-http2                                 Disable drive using http2 (default true)
+      --drive-encoding Encoding                             The encoding for the backend (default InvalidUtf8)
+      --drive-env-auth                                      Get IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --drive-export-formats string                         Comma separated list of preferred formats for downloading Google docs (default "docx,xlsx,pptx,svg")
+      --drive-fast-list-bug-fix                             Work around a bug in Google Drive listing (default true)
+      --drive-formats string                                Deprecated: See export_formats
+      --drive-impersonate string                            Impersonate this user when using a service account
+      --drive-import-formats string                         Comma separated list of preferred formats for uploading Google docs
+      --drive-keep-revision-forever                         Keep new head revision of each file forever
+      --drive-list-chunk int                                Size of listing chunk 100-1000, 0 to disable (default 1000)
+      --drive-metadata-labels Bits                          Control whether labels should be read or written in metadata (default off)
+      --drive-metadata-owner Bits                           Control whether owner should be read or written in metadata (default read)
+      --drive-metadata-permissions Bits                     Control whether permissions should be read or written in metadata (default off)
+      --drive-pacer-burst int                               Number of API calls to allow without sleeping (default 100)
+      --drive-pacer-min-sleep Duration                      Minimum time to sleep between API calls (default 100ms)
+      --drive-resource-key string                           Resource key for accessing a link-shared file
+      --drive-root-folder-id string                         ID of the root folder
+      --drive-scope string                                  Comma separated list of scopes that rclone should use when requesting access from drive
+      --drive-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --drive-service-account-credentials string            Service Account Credentials JSON blob
+      --drive-service-account-file string                   Service Account Credentials JSON file path
+      --drive-shared-with-me                                Only show files that are shared with me
+      --drive-show-all-gdocs                                Show all Google Docs including non-exportable ones in listings
+      --drive-size-as-quota                                 Show sizes as storage quota usage, not actual size
+      --drive-skip-checksum-gphotos                         Skip checksums on Google photos and videos only
+      --drive-skip-dangling-shortcuts                       If set skip dangling shortcut files
+      --drive-skip-gdocs                                    Skip google documents in all listings
+      --drive-skip-shortcuts                                If set skip shortcut files
+      --drive-starred-only                                  Only show files that are starred
+      --drive-stop-on-download-limit                        Make download limit errors be fatal
+      --drive-stop-on-upload-limit                          Make upload limit errors be fatal
+      --drive-team-drive string                             ID of the Shared Drive (Team Drive)
+      --drive-token string                                  OAuth Access Token as a JSON blob
+      --drive-token-url string                              Token server url
+      --drive-trashed-only                                  Only show files that are in the trash
+      --drive-upload-cutoff SizeSuffix                      Cutoff for switching to chunked upload (default 8Mi)
+      --drive-use-created-date                              Use file created date instead of modified date
+      --drive-use-shared-date                               Use date file was shared instead of modified date
+      --drive-use-trash                                     Send files to the trash instead of deleting permanently (default true)
+      --drive-v2-download-min-size SizeSuffix               If Object's are greater, use drive v2 API to download (default off)
+      --dropbox-auth-url string                             Auth server URL
+      --dropbox-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --dropbox-batch-mode string                           Upload file batching sync|async|off (default "sync")
+      --dropbox-batch-size int                              Max number of files in upload batch
+      --dropbox-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --dropbox-chunk-size SizeSuffix                       Upload chunk size (< 150Mi) (default 48Mi)
+      --dropbox-client-id string                            OAuth Client Id
+      --dropbox-client-secret string                        OAuth Client Secret
+      --dropbox-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
+      --dropbox-impersonate string                          Impersonate this user when using a business account
+      --dropbox-pacer-min-sleep Duration                    Minimum time to sleep between API calls (default 10ms)
+      --dropbox-shared-files                                Instructs rclone to work on individual shared files
+      --dropbox-shared-folders                              Instructs rclone to work on shared folders
+      --dropbox-token string                                OAuth Access Token as a JSON blob
+      --dropbox-token-url string                            Token server url
+  -n, --dry-run                                             Do a trial run with no permanent changes
+      --dscp string                                         Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
+      --dump DumpFlags                                      List of items to dump from: headers, bodies, requests, responses, auth, filters, goroutines, openfiles, mapper
+      --dump-bodies                                         Dump HTTP headers and bodies - may contain sensitive info
+      --dump-headers                                        Dump HTTP headers - may contain sensitive info
+      --error-on-no-transfer                                Sets exit code 9 if no files are transferred, useful in scripts
+      --exclude stringArray                                 Exclude files matching pattern
+      --exclude-from stringArray                            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray                      Exclude directories if filename is present
+      --expect-continue-timeout Duration                    Timeout when using expect / 100-continue in HTTP (default 1s)
+      --fast-list                                           Use recursive list if available; uses more memory but fewer transactions
+      --fichier-api-key string                              Your API Key, get it from https://1fichier.com/console/params.pl
+      --fichier-cdn                                         Set if you wish to use CDN download links
+      --fichier-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --fichier-file-password string                        If you want to download a shared file that is password protected, add this parameter (obscured)
+      --fichier-folder-password string                      If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
+      --fichier-shared-folder string                        If you want to download a shared folder, add this parameter
+      --filefabric-encoding Encoding                        The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --filefabric-permanent-token string                   Permanent Authentication Token
+      --filefabric-root-folder-id string                    ID of the root folder
+      --filefabric-token string                             Session Token
+      --filefabric-token-expiry string                      Token expiry time
+      --filefabric-url string                               URL of the Enterprise File Fabric to connect to
+      --filefabric-version string                           Version read from the file fabric
+      --files-from stringArray                              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray                          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                                  Add a file filtering rule
+      --filter-from stringArray                             Read file filtering patterns from a file (use - to read from stdin)
+      --fs-cache-expire-duration Duration                   Cache remotes for this long (0 to disable caching) (default 5m0s)
+      --fs-cache-expire-interval Duration                   Interval to check for expired remotes (default 1m0s)
+      --ftp-ask-password                                    Allow asking for FTP password when needed
+      --ftp-close-timeout Duration                          Maximum time to wait for a response to close (default 1m0s)
+      --ftp-concurrency int                                 Maximum number of FTP simultaneous connections, 0 for unlimited
+      --ftp-disable-epsv                                    Disable using EPSV even if server advertises support
+      --ftp-disable-mlsd                                    Disable using MLSD even if server advertises support
+      --ftp-disable-tls13                                   Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+      --ftp-disable-utf8                                    Disable using UTF-8 even if server advertises support
+      --ftp-encoding Encoding                               The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
+      --ftp-explicit-tls                                    Use Explicit FTPS (FTP over TLS)
+      --ftp-force-list-hidden                               Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
+      --ftp-host string                                     FTP host to connect to
+      --ftp-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --ftp-no-check-certificate                            Do not verify the TLS certificate of the server
+      --ftp-pass string                                     FTP password (obscured)
+      --ftp-port int                                        FTP port number (default 21)
+      --ftp-shut-timeout Duration                           Maximum time to wait for data connection closing status (default 1m0s)
+      --ftp-socks-proxy string                              Socks 5 proxy host
+      --ftp-tls                                             Use Implicit FTPS (FTP over TLS)
+      --ftp-tls-cache-size int                              Size of TLS session cache for all control and data connections (default 32)
+      --ftp-user string                                     FTP username (default "$USER")
+      --ftp-writing-mdtm                                    Use MDTM to set modification time (VsFtpd quirk)
+      --gcs-anonymous                                       Access public buckets and objects without credentials
+      --gcs-auth-url string                                 Auth server URL
+      --gcs-bucket-acl string                               Access Control List for new buckets
+      --gcs-bucket-policy-only                              Access checks should use bucket-level IAM policies
+      --gcs-client-id string                                OAuth Client Id
+      --gcs-client-secret string                            OAuth Client Secret
+      --gcs-decompress                                      If set this will decompress gzip encoded objects
+      --gcs-directory-markers                               Upload an empty object with a trailing slash when a new directory is created
+      --gcs-encoding Encoding                               The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gcs-endpoint string                                 Endpoint for the service
+      --gcs-env-auth                                        Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --gcs-location string                                 Location for the newly created buckets
+      --gcs-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+      --gcs-object-acl string                               Access Control List for new objects
+      --gcs-project-number string                           Project number
+      --gcs-service-account-file string                     Service Account Credentials JSON file path
+      --gcs-storage-class string                            The storage class to use when storing objects in Google Cloud Storage
+      --gcs-token string                                    OAuth Access Token as a JSON blob
+      --gcs-token-url string                                Token server url
+      --gcs-user-project string                             User project
+      --gphotos-auth-url string                             Auth server URL
+      --gphotos-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --gphotos-batch-mode string                           Upload file batching sync|async|off (default "sync")
+      --gphotos-batch-size int                              Max number of files in upload batch
+      --gphotos-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --gphotos-client-id string                            OAuth Client Id
+      --gphotos-client-secret string                        OAuth Client Secret
+      --gphotos-encoding Encoding                           The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gphotos-include-archived                            Also view and download archived media
+      --gphotos-read-only                                   Set to make the Google Photos backend read only
+      --gphotos-read-size                                   Set to read the size of media items
+      --gphotos-start-year int                              Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
+      --gphotos-token string                                OAuth Access Token as a JSON blob
+      --gphotos-token-url string                            Token server url
+      --hasher-auto-size SizeSuffix                         Auto-update checksum for files smaller than this size (disabled by default)
+      --hasher-hashes CommaSepList                          Comma separated list of supported checksum types (default md5,sha1)
+      --hasher-max-age Duration                             Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
+      --hasher-remote string                                Remote to cache checksums for (e.g. myRemote:path)
+      --hdfs-data-transfer-protection string                Kerberos data transfer protection: authentication|integrity|privacy
+      --hdfs-encoding Encoding                              The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
+      --hdfs-namenode CommaSepList                          Hadoop name nodes and ports
+      --hdfs-service-principal-name string                  Kerberos service principal name for the namenode
+      --hdfs-username string                                Hadoop user name
+      --header stringArray                                  Set HTTP header for all transactions
+      --header-download stringArray                         Set HTTP header for download transactions
+      --header-upload stringArray                           Set HTTP header for upload transactions
+  -h, --help                                                help for rclone
+      --hidrive-auth-url string                             Auth server URL
+      --hidrive-chunk-size SizeSuffix                       Chunksize for chunked uploads (default 48Mi)
+      --hidrive-client-id string                            OAuth Client Id
+      --hidrive-client-secret string                        OAuth Client Secret
+      --hidrive-disable-fetching-member-count               Do not fetch number of objects in directories unless it is absolutely necessary
+      --hidrive-encoding Encoding                           The encoding for the backend (default Slash,Dot)
+      --hidrive-endpoint string                             Endpoint for the service (default "https://api.hidrive.strato.com/2.1")
+      --hidrive-root-prefix string                          The root/parent folder for all paths (default "/")
+      --hidrive-scope-access string                         Access permissions that rclone should use when requesting access from HiDrive (default "rw")
+      --hidrive-scope-role string                           User-level that rclone should use when requesting access from HiDrive (default "user")
+      --hidrive-token string                                OAuth Access Token as a JSON blob
+      --hidrive-token-url string                            Token server url
+      --hidrive-upload-concurrency int                      Concurrency for chunked uploads (default 4)
+      --hidrive-upload-cutoff SizeSuffix                    Cutoff/Threshold for chunked uploads (default 96Mi)
+      --http-headers CommaSepList                           Set HTTP headers for all transactions
+      --http-no-head                                        Don't use HEAD requests
+      --http-no-slash                                       Set this if the site doesn't end directories with /
+      --http-url string                                     URL of HTTP host to connect to
+      --human-readable                                      Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
+      --ignore-case                                         Ignore case in filters (case insensitive)
+      --ignore-case-sync                                    Ignore case when synchronizing
+      --ignore-checksum                                     Skip post copy check of checksums
+      --ignore-errors                                       Delete even if there are I/O errors
+      --ignore-existing                                     Skip all files that exist on destination
+      --ignore-size                                         Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                        Don't skip files that match size and time - transfer all files
+      --imagekit-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket)
+      --imagekit-endpoint string                            You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-only-signed Restrict unsigned image URLs   If you have configured Restrict unsigned image URLs in your dashboard settings, set this to true
+      --imagekit-private-key string                         You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-public-key string                          You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-upload-tags string                         Tags to add to the uploaded files, e.g. "tag1,tag2"
+      --imagekit-versions                                   Include old versions in directory listings
+      --immutable                                           Do not modify files, fail if existing files have been modified
+      --include stringArray                                 Include files matching pattern
+      --include-from stringArray                            Read file include patterns from file (use - to read from stdin)
+      --inplace                                             Download directly to destination file instead of atomic download to temp/rename
+  -i, --interactive                                         Enable interactive mode
+      --internetarchive-access-key-id string                IAS3 Access Key
+      --internetarchive-disable-checksum                    Don't ask the server to test against MD5 checksum calculated by rclone (default true)
+      --internetarchive-encoding Encoding                   The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
+      --internetarchive-endpoint string                     IAS3 Endpoint (default "https://s3.us.archive.org")
+      --internetarchive-front-endpoint string               Host of InternetArchive Frontend (default "https://archive.org")
+      --internetarchive-secret-access-key string            IAS3 Secret Key (password)
+      --internetarchive-wait-archive Duration               Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish (default 0s)
+      --jottacloud-auth-url string                          Auth server URL
+      --jottacloud-client-id string                         OAuth Client Id
+      --jottacloud-client-secret string                     OAuth Client Secret
+      --jottacloud-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
+      --jottacloud-hard-delete                              Delete files permanently rather than putting them into the trash
+      --jottacloud-md5-memory-limit SizeSuffix              Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
+      --jottacloud-no-versions                              Avoid server side versioning by deleting files and recreating files instead of overwriting them
+      --jottacloud-token string                             OAuth Access Token as a JSON blob
+      --jottacloud-token-url string                         Token server url
+      --jottacloud-trashed-only                             Only show files that are in the trash
+      --jottacloud-upload-resume-limit SizeSuffix           Files bigger than this can be resumed if the upload fail's (default 10Mi)
+      --koofr-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --koofr-endpoint string                               The Koofr API endpoint to use
+      --koofr-mountid string                                Mount ID of the mount to use
+      --koofr-password string                               Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
+      --koofr-provider string                               Choose your storage provider
+      --koofr-setmtime                                      Does the backend support setting modification time (default true)
+      --koofr-user string                                   Your user name
+      --kv-lock-time Duration                               Maximum time to keep key-value database locked by process (default 1s)
+      --linkbox-token string                                Token from https://www.linkbox.to/admin/account
+  -l, --links                                               Translate symlinks to/from regular files with a '.rclonelink' extension
+      --local-case-insensitive                              Force the filesystem to report itself as case insensitive
+      --local-case-sensitive                                Force the filesystem to report itself as case sensitive
+      --local-encoding Encoding                             The encoding for the backend (default Slash,Dot)
+      --local-no-check-updated                              Don't check to see if the files change during upload
+      --local-no-preallocate                                Disable preallocation of disk space for transferred files
+      --local-no-set-modtime                                Disable setting modtime
+      --local-no-sparse                                     Disable sparse files for multi-thread downloads
+      --local-nounc                                         Disable UNC (long path names) conversion on Windows
+      --local-unicode-normalization                         Apply unicode NFC normalization to paths and filenames
+      --local-zero-size-links                               Assume the Stat size of links is zero (and read them instead) (deprecated)
+      --log-file string                                     Log everything to this file
+      --log-format string                                   Comma separated list of log format options (default "date,time")
+      --log-level LogLevel                                  Log level DEBUG|INFO|NOTICE|ERROR (default NOTICE)
+      --log-systemd                                         Activate systemd integration for the logger
+      --low-level-retries int                               Number of low level retries to do (default 10)
+      --mailru-auth-url string                              Auth server URL
+      --mailru-check-hash                                   What should copy do if file checksum is mismatched or invalid (default true)
+      --mailru-client-id string                             OAuth Client Id
+      --mailru-client-secret string                         OAuth Client Secret
+      --mailru-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --mailru-pass string                                  Password (obscured)
+      --mailru-speedup-enable                               Skip full upload if there is another file with same data hash (default true)
+      --mailru-speedup-file-patterns string                 Comma separated list of file name patterns eligible for speedup (put by hash) (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
+      --mailru-speedup-max-disk SizeSuffix                  This option allows you to disable speedup (put by hash) for large files (default 3Gi)
+      --mailru-speedup-max-memory SizeSuffix                Files larger than the size given below will always be hashed on disk (default 32Mi)
+      --mailru-token string                                 OAuth Access Token as a JSON blob
+      --mailru-token-url string                             Token server url
+      --mailru-user string                                  User name (usually email)
+      --max-age Duration                                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-backlog int                                     Maximum number of objects in sync or check backlog (default 10000)
+      --max-delete int                                      When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix                          When synchronizing, limit the total size of deletes (default off)
+      --max-depth int                                       If set limits the recursion depth to this (default -1)
+      --max-duration Duration                               Maximum duration rclone will transfer data for (default 0s)
+      --max-size SizeSuffix                                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --max-stats-groups int                                Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
+      --max-transfer SizeSuffix                             Maximum size of data to transfer (default off)
+      --mega-debug                                          Output more debug from Mega
+      --mega-encoding Encoding                              The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --mega-hard-delete                                    Delete files permanently rather than putting them into the trash
+      --mega-pass string                                    Password (obscured)
+      --mega-use-https                                      Use HTTPS for transfers
+      --mega-user string                                    User name
+      --memprofile string                                   Write memory profile to file
+  -M, --metadata                                            If set, preserve metadata when copying objects
+      --metadata-exclude stringArray                        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray                   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray                         Add a metadata filtering rule
+      --metadata-filter-from stringArray                    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray                        Include metadatas matching pattern
+      --metadata-include-from stringArray                   Read metadata include patterns from file (use - to read from stdin)
+      --metadata-mapper SpaceSepList                        Program to run to transforming metadata before upload
+      --metadata-set stringArray                            Add metadata key=value when uploading
+      --min-age Duration                                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+      --modify-window Duration                              Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix                  Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix                      Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                            Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix           In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --netstorage-account string                           Set the NetStorage account name
+      --netstorage-host string                              Domain+path of NetStorage host to connect to
+      --netstorage-protocol string                          Select between HTTP or HTTPS protocol (default "https")
+      --netstorage-secret string                            Set the NetStorage account secret/G2O key for authentication (obscured)
+      --no-check-certificate                                Do not verify the server SSL certificate (insecure)
+      --no-check-dest                                       Don't check the destination, copy regardless
+      --no-console                                          Hide console window (supported on Windows only)
+      --no-gzip-encoding                                    Don't set Accept-Encoding: gzip
+      --no-traverse                                         Don't traverse destination file system on copy
+      --no-unicode-normalization                            Don't normalize unicode characters in filenames
+      --no-update-modtime                                   Don't update destination modtime if files identical
+  -x, --one-file-system                                     Don't cross filesystem boundaries (unix/macOS only)
+      --onedrive-access-scopes SpaceSepList                 Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
+      --onedrive-auth-url string                            Auth server URL
+      --onedrive-av-override                                Allows download of files the server thinks has a virus
+      --onedrive-chunk-size SizeSuffix                      Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
+      --onedrive-client-id string                           OAuth Client Id
+      --onedrive-client-secret string                       OAuth Client Secret
+      --onedrive-delta                                      If set rclone will use delta listing to implement recursive listings
+      --onedrive-drive-id string                            The ID of the drive to use
+      --onedrive-drive-type string                          The type of the drive (personal | business | documentLibrary)
+      --onedrive-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --onedrive-expose-onenote-files                       Set to make OneNote files show up in directory listings
+      --onedrive-hash-type string                           Specify the hash in use for the backend (default "auto")
+      --onedrive-link-password string                       Set the password for links created by the link command
+      --onedrive-link-scope string                          Set the scope of the links created by the link command (default "anonymous")
+      --onedrive-link-type string                           Set the type of the links created by the link command (default "view")
+      --onedrive-list-chunk int                             Size of listing chunk (default 1000)
+      --onedrive-no-versions                                Remove all versions on modifying operations
+      --onedrive-region string                              Choose national cloud region for OneDrive (default "global")
+      --onedrive-root-folder-id string                      ID of the root folder
+      --onedrive-server-side-across-configs                 Deprecated: use --server-side-across-configs instead
+      --onedrive-token string                               OAuth Access Token as a JSON blob
+      --onedrive-token-url string                           Token server url
+      --oos-attempt-resume-upload                           If true attempt to resume previously started multipart upload for the object
+      --oos-chunk-size SizeSuffix                           Chunk size to use for uploading (default 5Mi)
+      --oos-compartment string                              Object storage compartment OCID
+      --oos-config-file string                              Path to OCI config file (default "~/.oci/config")
+      --oos-config-profile string                           Profile name inside the oci config file (default "Default")
+      --oos-copy-cutoff SizeSuffix                          Cutoff for switching to multipart copy (default 4.656Gi)
+      --oos-copy-timeout Duration                           Timeout for copy (default 1m0s)
+      --oos-disable-checksum                                Don't store MD5 checksum with object metadata
+      --oos-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --oos-endpoint string                                 Endpoint for Object storage API
+      --oos-leave-parts-on-error                            If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery
+      --oos-max-upload-parts int                            Maximum number of parts in a multipart upload (default 10000)
+      --oos-namespace string                                Object storage namespace
+      --oos-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+      --oos-provider string                                 Choose your Auth Provider (default "env_auth")
+      --oos-region string                                   Object storage Region
+      --oos-sse-customer-algorithm string                   If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm
+      --oos-sse-customer-key string                         To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+      --oos-sse-customer-key-file string                    To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+      --oos-sse-customer-key-sha256 string                  If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+      --oos-sse-kms-key-id string                           if using your own master key in vault, this header specifies the
+      --oos-storage-tier string                             The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default "Standard")
+      --oos-upload-concurrency int                          Concurrency for multipart uploads (default 10)
+      --oos-upload-cutoff SizeSuffix                        Cutoff for switching to chunked upload (default 200Mi)
+      --opendrive-chunk-size SizeSuffix                     Files will be uploaded in chunks this size (default 10Mi)
+      --opendrive-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
+      --opendrive-password string                           Password (obscured)
+      --opendrive-username string                           Username
+      --order-by string                                     Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                               Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --password-command SpaceSepList                       Command for supplying password for encrypted configuration
+      --pcloud-auth-url string                              Auth server URL
+      --pcloud-client-id string                             OAuth Client Id
+      --pcloud-client-secret string                         OAuth Client Secret
+      --pcloud-encoding Encoding                            The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --pcloud-hostname string                              Hostname to connect to (default "api.pcloud.com")
+      --pcloud-password string                              Your pcloud password (obscured)
+      --pcloud-root-folder-id string                        Fill in for rclone to use a non root folder as its starting point (default "d0")
+      --pcloud-token string                                 OAuth Access Token as a JSON blob
+      --pcloud-token-url string                             Token server url
+      --pcloud-username string                              Your pcloud username
+      --pikpak-auth-url string                              Auth server URL
+      --pikpak-client-id string                             OAuth Client Id
+      --pikpak-client-secret string                         OAuth Client Secret
+      --pikpak-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --pikpak-hash-memory-limit SizeSuffix                 Files bigger than this will be cached on disk to calculate hash if required (default 10Mi)
+      --pikpak-pass string                                  Pikpak password (obscured)
+      --pikpak-root-folder-id string                        ID of the root folder
+      --pikpak-token string                                 OAuth Access Token as a JSON blob
+      --pikpak-token-url string                             Token server url
+      --pikpak-trashed-only                                 Only show files that are in the trash
+      --pikpak-use-trash                                    Send files to the trash instead of deleting permanently (default true)
+      --pikpak-user string                                  Pikpak username
+      --premiumizeme-auth-url string                        Auth server URL
+      --premiumizeme-client-id string                       OAuth Client Id
+      --premiumizeme-client-secret string                   OAuth Client Secret
+      --premiumizeme-encoding Encoding                      The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --premiumizeme-token string                           OAuth Access Token as a JSON blob
+      --premiumizeme-token-url string                       Token server url
+  -P, --progress                                            Show progress during transfer
+      --progress-terminal-title                             Show progress on the terminal title (requires -P/--progress)
+      --protondrive-2fa string                              The 2FA code
+      --protondrive-app-version string                      The app version string (default "macos-drive@1.0.0-alpha.1+rclone")
+      --protondrive-enable-caching                          Caches the files and folders metadata to reduce API calls (default true)
+      --protondrive-encoding Encoding                       The encoding for the backend (default Slash,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --protondrive-mailbox-password string                 The mailbox password of your two-password proton account (obscured)
+      --protondrive-original-file-size                      Return the file size before encryption (default true)
+      --protondrive-password string                         The password of your proton account (obscured)
+      --protondrive-replace-existing-draft                  Create a new revision when filename conflict is detected
+      --protondrive-username string                         The username of your proton account
+      --putio-auth-url string                               Auth server URL
+      --putio-client-id string                              OAuth Client Id
+      --putio-client-secret string                          OAuth Client Secret
+      --putio-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --putio-token string                                  OAuth Access Token as a JSON blob
+      --putio-token-url string                              Token server url
+      --qingstor-access-key-id string                       QingStor Access Key ID
+      --qingstor-chunk-size SizeSuffix                      Chunk size to use for uploading (default 4Mi)
+      --qingstor-connection-retries int                     Number of connection retries (default 3)
+      --qingstor-encoding Encoding                          The encoding for the backend (default Slash,Ctl,InvalidUtf8)
+      --qingstor-endpoint string                            Enter an endpoint URL to connection QingStor API
+      --qingstor-env-auth                                   Get QingStor credentials from runtime
+      --qingstor-secret-access-key string                   QingStor Secret Access Key (password)
+      --qingstor-upload-concurrency int                     Concurrency for multipart uploads (default 1)
+      --qingstor-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
+      --qingstor-zone string                                Zone to connect to
+      --quatrix-api-key string                              API key for accessing Quatrix account
+      --quatrix-effective-upload-time string                Wanted upload time for one chunk (default "4s")
+      --quatrix-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --quatrix-hard-delete                                 Delete files permanently rather than putting them into the trash
+      --quatrix-host string                                 Host name of Quatrix account
+      --quatrix-maximal-summary-chunk-size SizeSuffix       The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size' (default 95.367Mi)
+      --quatrix-minimal-chunk-size SizeSuffix               The minimal size for one chunk (default 9.537Mi)
+  -q, --quiet                                               Print as little stuff as possible
+      --rc                                                  Enable the remote control server
+      --rc-addr stringArray                                 IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string                              Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                                   Prefix for URLs - leave blank for root
+      --rc-cert string                                      TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                                 Client certificate authority to verify clients with
+      --rc-enable-metrics                                   Enable prometheus metrics on /metrics
+      --rc-files string                                     Path to local files to serve on the HTTP server
+      --rc-htpasswd string                                  A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration                     Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration                     Interval to check for expired async jobs (default 10s)
+      --rc-key string                                       TLS PEM Private key
+      --rc-max-header-bytes int                             Maximum size of request header (default 4096)
+      --rc-min-tls-version string                           Minimum TLS version that is acceptable (default "tls1.0")
+      --rc-no-auth                                          Don't require auth for certain methods
+      --rc-pass string                                      Password for authentication
+      --rc-realm string                                     Realm for authentication
+      --rc-salt string                                      Password hashing salt (default "dlPL2MqE")
+      --rc-serve                                            Enable the serving of remote objects
+      --rc-server-read-timeout Duration                     Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration                    Timeout for server writing data (default 1h0m0s)
+      --rc-template string                                  User-specified template
+      --rc-user string                                      User name for authentication
+      --rc-web-fetch-url string                             URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
+      --rc-web-gui                                          Launch WebGUI on localhost
+      --rc-web-gui-force-update                             Force update to latest version of web gui
+      --rc-web-gui-no-open-browser                          Don't open the browser automatically
+      --rc-web-gui-update                                   Check and update to latest version of web gui
+      --refresh-times                                       Refresh the modtime of remote files
+      --retries int                                         Retry operations this many times if they fail (default 3)
+      --retries-sleep Duration                              Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
+      --s3-access-key-id string                             AWS Access Key ID
+      --s3-acl string                                       Canned ACL used when creating buckets and storing or copying objects
+      --s3-bucket-acl string                                Canned ACL used when creating buckets
+      --s3-chunk-size SizeSuffix                            Chunk size to use for uploading (default 5Mi)
+      --s3-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4.656Gi)
+      --s3-decompress                                       If set this will decompress gzip encoded objects
+      --s3-directory-markers                                Upload an empty object with a trailing slash when a new directory is created
+      --s3-disable-checksum                                 Don't store MD5 checksum with object metadata
+      --s3-disable-http2                                    Disable usage of http2 for S3 backends
+      --s3-download-url string                              Custom endpoint for downloads
+      --s3-encoding Encoding                                The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --s3-endpoint string                                  Endpoint for S3 API
+      --s3-env-auth                                         Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
+      --s3-force-path-style                                 If true use path style access if false use virtual hosted style (default true)
+      --s3-leave-parts-on-error                             If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
+      --s3-list-chunk int                                   Size of listing chunk (response list for each ListObject S3 request) (default 1000)
+      --s3-list-url-encode Tristate                         Whether to url encode listings: true/false/unset (default unset)
+      --s3-list-version int                                 Version of ListObjects to use: 1,2 or 0 for auto
+      --s3-location-constraint string                       Location constraint - must be set to match the Region
+      --s3-max-upload-parts int                             Maximum number of parts in a multipart upload (default 10000)
+      --s3-might-gzip Tristate                              Set this if the backend might gzip objects (default unset)
+      --s3-no-check-bucket                                  If set, don't attempt to check the bucket exists or create it
+      --s3-no-head                                          If set, don't HEAD uploaded objects to check integrity
+      --s3-no-head-object                                   If set, do not do HEAD before GET when getting objects
+      --s3-no-system-metadata                               Suppress setting and reading of system metadata
+      --s3-profile string                                   Profile to use in the shared credentials file
+      --s3-provider string                                  Choose your S3 provider
+      --s3-region string                                    Region to connect to
+      --s3-requester-pays                                   Enables requester pays option when interacting with S3 bucket
+      --s3-secret-access-key string                         AWS Secret Access Key (password)
+      --s3-server-side-encryption string                    The server-side encryption algorithm used when storing this object in S3
+      --s3-session-token string                             An AWS session token
+      --s3-shared-credentials-file string                   Path to the shared credentials file
+      --s3-sse-customer-algorithm string                    If using SSE-C, the server-side encryption algorithm used when storing this object in S3
+      --s3-sse-customer-key string                          To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
+      --s3-sse-customer-key-base64 string                   If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
+      --s3-sse-customer-key-md5 string                      If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
+      --s3-sse-kms-key-id string                            If using KMS ID you must provide the ARN of Key
+      --s3-storage-class string                             The storage class to use when storing new objects in S3
+      --s3-sts-endpoint string                              Endpoint for STS
+      --s3-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --s3-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --s3-use-accelerate-endpoint                          If true use the AWS S3 accelerated endpoint
+      --s3-use-accept-encoding-gzip Accept-Encoding: gzip   Whether to send Accept-Encoding: gzip header (default unset)
+      --s3-use-already-exists Tristate                      Set if rclone should report BucketAlreadyExists errors on bucket creation (default unset)
+      --s3-use-multipart-etag Tristate                      Whether to use ETag in multipart uploads for verification (default unset)
+      --s3-use-multipart-uploads Tristate                   Set if rclone should use multipart uploads (default unset)
+      --s3-use-presigned-request                            Whether to use a presigned request or PutObject for single part uploads
+      --s3-v2-auth                                          If true use v2 authentication
+      --s3-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --s3-versions                                         Include old versions in directory listings
+      --seafile-2fa                                         Two-factor authentication ('true' if the account has 2FA enabled)
+      --seafile-create-library                              Should rclone create a library if it doesn't exist
+      --seafile-encoding Encoding                           The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
+      --seafile-library string                              Name of the library
+      --seafile-library-key string                          Library password (for encrypted libraries only) (obscured)
+      --seafile-pass string                                 Password (obscured)
+      --seafile-url string                                  URL of seafile host to connect to
+      --seafile-user string                                 User name (usually email address)
+      --server-side-across-configs                          Allow server-side operations (e.g. copy) to work across different configs
+      --sftp-ask-password                                   Allow asking for SFTP password when needed
+      --sftp-chunk-size SizeSuffix                          Upload and download chunk size (default 32Ki)
+      --sftp-ciphers SpaceSepList                           Space separated list of ciphers to be used for session encryption, ordered by preference
+      --sftp-concurrency int                                The maximum number of outstanding requests for one file (default 64)
+      --sftp-copy-is-hardlink                               Set to enable server side copies using hardlinks
+      --sftp-disable-concurrent-reads                       If set don't use concurrent reads
+      --sftp-disable-concurrent-writes                      If set don't use concurrent writes
+      --sftp-disable-hashcheck                              Disable the execution of SSH commands to determine if remote file hashing is available
+      --sftp-host string                                    SSH host to connect to
+      --sftp-host-key-algorithms SpaceSepList               Space separated list of host key algorithms, ordered by preference
+      --sftp-idle-timeout Duration                          Max time before closing idle connections (default 1m0s)
+      --sftp-key-exchange SpaceSepList                      Space separated list of key exchange algorithms, ordered by preference
+      --sftp-key-file string                                Path to PEM-encoded private key file
+      --sftp-key-file-pass string                           The passphrase to decrypt the PEM-encoded private key file (obscured)
+      --sftp-key-pem string                                 Raw PEM-encoded private key
+      --sftp-key-use-agent                                  When set forces the usage of the ssh-agent
+      --sftp-known-hosts-file string                        Optional path to known_hosts file
+      --sftp-macs SpaceSepList                              Space separated list of MACs (message authentication code) algorithms, ordered by preference
+      --sftp-md5sum-command string                          The command used to read md5 hashes
+      --sftp-pass string                                    SSH password, leave blank to use ssh-agent (obscured)
+      --sftp-path-override string                           Override path used by SSH shell commands
+      --sftp-port int                                       SSH port number (default 22)
+      --sftp-pubkey-file string                             Optional path to public key file
+      --sftp-server-command string                          Specifies the path or command to run a sftp server on the remote host
+      --sftp-set-env SpaceSepList                           Environment variables to pass to sftp and commands
+      --sftp-set-modtime                                    Set the modified time on the remote if set (default true)
+      --sftp-sha1sum-command string                         The command used to read sha1 hashes
+      --sftp-shell-type string                              The type of SSH shell on remote server, if any
+      --sftp-skip-links                                     Set to skip any symlinks and any other non regular files
+      --sftp-socks-proxy string                             Socks 5 proxy host
+      --sftp-ssh SpaceSepList                               Path and arguments to external ssh binary
+      --sftp-subsystem string                               Specifies the SSH2 subsystem on the remote host (default "sftp")
+      --sftp-use-fstat                                      If set use fstat instead of stat
+      --sftp-use-insecure-cipher                            Enable the use of insecure ciphers and key exchange methods
+      --sftp-user string                                    SSH username (default "$USER")
+      --sharefile-auth-url string                           Auth server URL
+      --sharefile-chunk-size SizeSuffix                     Upload chunk size (default 64Mi)
+      --sharefile-client-id string                          OAuth Client Id
+      --sharefile-client-secret string                      OAuth Client Secret
+      --sharefile-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --sharefile-endpoint string                           Endpoint for API calls
+      --sharefile-root-folder-id string                     ID of the root folder
+      --sharefile-token string                              OAuth Access Token as a JSON blob
+      --sharefile-token-url string                          Token server url
+      --sharefile-upload-cutoff SizeSuffix                  Cutoff for switching to multipart upload (default 128Mi)
+      --sia-api-password string                             Sia Daemon API Password (obscured)
+      --sia-api-url string                                  Sia daemon API URL, like http://sia.daemon.host:9980 (default "http://127.0.0.1:9980")
+      --sia-encoding Encoding                               The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
+      --sia-user-agent string                               Siad User Agent (default "Sia-Agent")
+      --size-only                                           Skip based on size only, not modtime or checksum
+      --skip-links                                          Don't warn about skipped symlinks
+      --smb-case-insensitive                                Whether the server is configured to be case-insensitive (default true)
+      --smb-domain string                                   Domain name for NTLM authentication (default "WORKGROUP")
+      --smb-encoding Encoding                               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --smb-hide-special-share                              Hide special shares (e.g. print$) which users aren't supposed to access (default true)
+      --smb-host string                                     SMB server hostname to connect to
+      --smb-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --smb-pass string                                     SMB password (obscured)
+      --smb-port int                                        SMB port number (default 445)
+      --smb-spn string                                      Service principal name
+      --smb-user string                                     SMB username (default "$USER")
+      --stats Duration                                      Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
+      --stats-file-name-length int                          Max file name length in stats (0 for no limit) (default 45)
+      --stats-log-level LogLevel                            Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default INFO)
+      --stats-one-line                                      Make the stats fit on one line
+      --stats-one-line-date                                 Enable --stats-one-line and add current date/time prefix
+      --stats-one-line-date-format string                   Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes ("), see https://golang.org/pkg/time/#Time.Format
+      --stats-unit string                                   Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
+      --storj-access-grant string                           Access grant
+      --storj-api-key string                                API key
+      --storj-passphrase string                             Encryption passphrase
+      --storj-provider string                               Choose an authentication method (default "existing")
+      --storj-satellite-address string                      Satellite address (default "us1.storj.io")
+      --streaming-upload-cutoff SizeSuffix                  Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+      --suffix string                                       Suffix to add to changed files
+      --suffix-keep-extension                               Preserve the extension when using --suffix
+      --sugarsync-access-key-id string                      Sugarsync Access Key ID
+      --sugarsync-app-id string                             Sugarsync App ID
+      --sugarsync-authorization string                      Sugarsync authorization
+      --sugarsync-authorization-expiry string               Sugarsync authorization expiry
+      --sugarsync-deleted-id string                         Sugarsync deleted folder id
+      --sugarsync-encoding Encoding                         The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
+      --sugarsync-hard-delete                               Permanently delete files if true
+      --sugarsync-private-access-key string                 Sugarsync Private Access Key
+      --sugarsync-refresh-token string                      Sugarsync refresh token
+      --sugarsync-root-id string                            Sugarsync root id
+      --sugarsync-user string                               Sugarsync user
+      --swift-application-credential-id string              Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
+      --swift-application-credential-name string            Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
+      --swift-application-credential-secret string          Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
+      --swift-auth string                                   Authentication URL for server (OS_AUTH_URL)
+      --swift-auth-token string                             Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
+      --swift-auth-version int                              AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
+      --swift-chunk-size SizeSuffix                         Above this size files will be chunked into a _segments container (default 5Gi)
+      --swift-domain string                                 User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+      --swift-encoding Encoding                             The encoding for the backend (default Slash,InvalidUtf8)
+      --swift-endpoint-type string                          Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
+      --swift-env-auth                                      Get swift credentials from environment variables in standard OpenStack form
+      --swift-key string                                    API key or password (OS_PASSWORD)
+      --swift-leave-parts-on-error                          If true avoid calling abort upload on a failure
+      --swift-no-chunk                                      Don't chunk files during streaming upload
+      --swift-no-large-objects                              Disable support for static and dynamic large objects
+      --swift-region string                                 Region name - optional (OS_REGION_NAME)
+      --swift-storage-policy string                         The storage policy to use when creating a new container
+      --swift-storage-url string                            Storage URL - optional (OS_STORAGE_URL)
+      --swift-tenant string                                 Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
+      --swift-tenant-domain string                          Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
+      --swift-tenant-id string                              Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
+      --swift-user string                                   User name to log in (OS_USERNAME)
+      --swift-user-id string                                User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
+      --syslog                                              Use Syslog for logging
+      --syslog-facility string                              Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
+      --temp-dir string                                     Directory rclone will use for temporary files (default "/tmp")
+      --timeout Duration                                    IO idle timeout (default 5m0s)
+      --tpslimit float                                      Limit HTTP transactions per second to this
+      --tpslimit-burst int                                  Max burst of transactions for --tpslimit (default 1)
+      --track-renames                                       When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string                       Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
+      --transfers int                                       Number of file transfers to run in parallel (default 4)
+      --union-action-policy string                          Policy to choose upstream on ACTION category (default "epall")
+      --union-cache-time int                                Cache time of usage and free space (in seconds) (default 120)
+      --union-create-policy string                          Policy to choose upstream on CREATE category (default "epmfs")
+      --union-min-free-space SizeSuffix                     Minimum viable free space for lfs/eplfs policies (default 1Gi)
+      --union-search-policy string                          Policy to choose upstream on SEARCH category (default "ff")
+      --union-upstreams string                              List of space separated upstreams
+  -u, --update                                              Skip files that are newer on the destination
+      --uptobox-access-token string                         Your access token
+      --uptobox-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
+      --uptobox-private                                     Set to make uploaded files private
+      --use-cookies                                         Enable session cookiejar
+      --use-json-log                                        Use json log format
+      --use-mmap                                            Use mmap allocator (see docs)
+      --use-server-modtime                                  Use server modified time instead of object metadata
+      --user-agent string                                   Set the user-agent to a specified string (default "rclone/v1.65.0")
+  -v, --verbose count                                       Print lots more stuff (repeat for more)
+  -V, --version                                             Print the version number
+      --webdav-bearer-token string                          Bearer token instead of user/pass (e.g. a Macaroon)
+      --webdav-bearer-token-command string                  Command to run to get a bearer token
+      --webdav-encoding string                              The encoding for the backend
+      --webdav-headers CommaSepList                         Set HTTP headers for all transactions
+      --webdav-nextcloud-chunk-size SizeSuffix              Nextcloud upload chunk size (default 10Mi)
+      --webdav-pacer-min-sleep Duration                     Minimum time to sleep between API calls (default 10ms)
+      --webdav-pass string                                  Password (obscured)
+      --webdav-url string                                   URL of http host to connect to
+      --webdav-user string                                  User name
+      --webdav-vendor string                                Name of the WebDAV site/service/software you are using
+      --yandex-auth-url string                              Auth server URL
+      --yandex-client-id string                             OAuth Client Id
+      --yandex-client-secret string                         OAuth Client Secret
+      --yandex-encoding Encoding                            The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --yandex-hard-delete                                  Delete files permanently rather than putting them into the trash
+      --yandex-token string                                 OAuth Access Token as a JSON blob
+      --yandex-token-url string                             Token server url
+      --zoho-auth-url string                                Auth server URL
+      --zoho-client-id string                               OAuth Client Id
+      --zoho-client-secret string                           OAuth Client Secret
+      --zoho-encoding Encoding                              The encoding for the backend (default Del,Ctl,InvalidUtf8)
+      --zoho-region string                                  Zoho region to connect to
+      --zoho-token string                                   OAuth Access Token as a JSON blob
+      --zoho-token-url string                               Token server url
 ```
 
-See the [global flags page](/flags/) for global options not listed here.
-
-## SEE ALSO
+### SEE ALSO
 
 * [rclone about](/commands/rclone_about/)	 - Get quota information from the remote.
 * [rclone authorize](/commands/rclone_authorize/)	 - Remote authorization.
@@ -40,23 +868,22 @@ See the [global flags page](/flags/) for global options not listed here.
 * [rclone bisync](/commands/rclone_bisync/)	 - Perform bidirectional synchronization between two paths.
 * [rclone cat](/commands/rclone_cat/)	 - Concatenates any files and sends them to stdout.
 * [rclone check](/commands/rclone_check/)	 - Checks the files in the source and destination match.
-* [rclone checksum](/commands/rclone_checksum/)	 - Checks the files in the source against a SUM file.
+* [rclone checksum](/commands/rclone_checksum/)	 - Checks the files in the destination against a SUM file.
 * [rclone cleanup](/commands/rclone_cleanup/)	 - Clean up the remote if possible.
-* [rclone completion](/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](/commands/rclone_completion/)	 - Output completion script for a given shell.
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 * [rclone copy](/commands/rclone_copy/)	 - Copy files from source to dest, skipping identical files.
 * [rclone copyto](/commands/rclone_copyto/)	 - Copy files from source to dest, skipping identical files.
 * [rclone copyurl](/commands/rclone_copyurl/)	 - Copy url content to dest.
-* [rclone cryptcheck](/commands/rclone_cryptcheck/)	 - Cryptcheck checks the integrity of a crypted remote.
+* [rclone cryptcheck](/commands/rclone_cryptcheck/)	 - Cryptcheck checks the integrity of an encrypted remote.
 * [rclone cryptdecode](/commands/rclone_cryptdecode/)	 - Cryptdecode returns unencrypted file names.
 * [rclone dedupe](/commands/rclone_dedupe/)	 - Interactively find duplicate filenames and delete/rename them.
 * [rclone delete](/commands/rclone_delete/)	 - Remove the files in path.
 * [rclone deletefile](/commands/rclone_deletefile/)	 - Remove a single file from remote.
-* [rclone genautocomplete](/commands/rclone_genautocomplete/)	 - Output completion script for a given shell.
 * [rclone gendocs](/commands/rclone_gendocs/)	 - Output markdown docs for rclone to the directory supplied.
 * [rclone hashsum](/commands/rclone_hashsum/)	 - Produces a hashsum file for all the objects in the path.
 * [rclone link](/commands/rclone_link/)	 - Generate public link to file/folder.
-* [rclone listremotes](/commands/rclone_listremotes/)	 - List all the remotes in the config file.
+* [rclone listremotes](/commands/rclone_listremotes/)	 - List all the remotes in the config file and defined in environment variables.
 * [rclone ls](/commands/rclone_ls/)	 - List the objects in the path with size and path.
 * [rclone lsd](/commands/rclone_lsd/)	 - List all directories/containers/buckets in the path.
 * [rclone lsf](/commands/rclone_lsf/)	 - List directories and objects in remote:path formatted for parsing.
diff --git a/docs/content/commands/rclone_about.md b/docs/content/commands/rclone_about.md
index 4464aa80a634c..27328c8c4b9f4 100644
--- a/docs/content/commands/rclone_about.md
+++ b/docs/content/commands/rclone_about.md
@@ -72,9 +72,10 @@ rclone about remote: [flags]
       --json   Format output as JSON
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_authorize.md b/docs/content/commands/rclone_authorize.md
index 95b124822941f..5182880b42200 100644
--- a/docs/content/commands/rclone_authorize.md
+++ b/docs/content/commands/rclone_authorize.md
@@ -34,9 +34,10 @@ rclone authorize [flags]
       --template string        The path to a custom Go template for generating HTML responses
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_backend.md b/docs/content/commands/rclone_backend.md
index 8e29f42ede74d..e4d0c30102ce5 100644
--- a/docs/content/commands/rclone_backend.md
+++ b/docs/content/commands/rclone_backend.md
@@ -3,6 +3,7 @@ title: "rclone backend"
 description: "Run a backend-specific command."
 slug: rclone_backend
 url: /commands/rclone_backend/
+groups: Important
 versionIntroduced: v1.52
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/backend/ and as part of making a release run "make commanddocs"
 ---
@@ -52,9 +53,20 @@ rclone backend <command> remote:path [opts] <args> [flags]
   -o, --option stringArray   Option in the form name=value or name
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_bisync.md b/docs/content/commands/rclone_bisync.md
index dacda99370a81..057e31848ad62 100644
--- a/docs/content/commands/rclone_bisync.md
+++ b/docs/content/commands/rclone_bisync.md
@@ -3,6 +3,7 @@ title: "rclone bisync"
 description: "Perform bidirectional synchronization between two paths."
 slug: rclone_bisync
 url: /commands/rclone_bisync/
+groups: Filter,Copy,Important
 versionIntroduced: v1.58
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/bisync/ and as part of making a release run "make commanddocs"
 ---
@@ -32,22 +33,103 @@ rclone bisync remote1:path1 remote2:path2 [flags]
 ## Options
 
 ```
-      --check-access            Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
-      --check-filename string   Filename for --check-access (default: RCLONE_TEST)
-      --check-sync string       Controls comparison of final listings: true|false|only (default: true) (default "true")
-      --filters-file string     Read filtering patterns from a file
-      --force                   Bypass --max-delete safety check and run the sync. Consider using with --verbose
-  -h, --help                    help for bisync
-      --localtime               Use local time in listings (default: UTC)
-      --no-cleanup              Retain working files (useful for troubleshooting and testing).
-      --remove-empty-dirs       Remove empty directories at the final cleanup step.
-  -1, --resync                  Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
-      --workdir string          Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+      --check-access              Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
+      --check-filename string     Filename for --check-access (default: RCLONE_TEST)
+      --check-sync string         Controls comparison of final listings: true|false|only (default: true) (default "true")
+      --create-empty-src-dirs     Sync creation and deletion of empty directories. (Not compatible with --remove-empty-dirs)
+      --filters-file string       Read filtering patterns from a file
+      --force                     Bypass --max-delete safety check and run the sync. Consider using with --verbose
+  -h, --help                      help for bisync
+      --ignore-listing-checksum   Do not use checksums for listings (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --localtime                 Use local time in listings (default: UTC)
+      --no-cleanup                Retain working files (useful for troubleshooting and testing).
+      --remove-empty-dirs         Remove ALL empty directories at the final cleanup step.
+      --resilient                 Allow future runs to retry after certain less-serious errors, instead of requiring --resync. Use at your own risk!
+  -1, --resync                    Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
+      --workdir string            Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+```
+
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 ```
 
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_cat.md b/docs/content/commands/rclone_cat.md
index 6ad41423d65c3..6580c9590d926 100644
--- a/docs/content/commands/rclone_cat.md
+++ b/docs/content/commands/rclone_cat.md
@@ -3,6 +3,7 @@ title: "rclone cat"
 description: "Concatenates any files and sends them to stdout."
 slug: rclone_cat
 url: /commands/rclone_cat/
+groups: Filter,Listing
 versionIntroduced: v1.33
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/cat/ and as part of making a release run "make commanddocs"
 ---
@@ -32,6 +33,18 @@ the end and `--offset` and `--count` to print a section in the middle.
 Note that if offset is negative it will count from the end, so
 `--offset -1 --count 1` is equivalent to `--tail 1`.
 
+Use the `--separator` flag to print a separator value between files. Be sure to
+shell-escape special characters. For example, to print a newline between
+files, use:
+
+* bash:
+
+      rclone --include "*.txt" --separator $'\n' cat remote:path/to/dir
+
+* powershell:
+
+      rclone --include "*.txt" --separator "`n" cat remote:path/to/dir
+
 
 ```
 rclone cat remote:path [flags]
@@ -40,17 +53,57 @@ rclone cat remote:path [flags]
 ## Options
 
 ```
-      --count int    Only print N characters (default -1)
-      --discard      Discard the output instead of printing
-      --head int     Only print the first N characters
-  -h, --help         help for cat
-      --offset int   Start printing at offset N (or from end if -ve)
-      --tail int     Only print the last N characters
+      --count int          Only print N characters (default -1)
+      --discard            Discard the output instead of printing
+      --head int           Only print the first N characters
+  -h, --help               help for cat
+      --offset int         Start printing at offset N (or from end if -ve)
+      --separator string   Separator to use between objects when printing multiple files
+      --tail int           Only print the last N characters
+```
+
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
 ```
 
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_check.md b/docs/content/commands/rclone_check.md
index 112633fabbcc2..d6a2243ede0ae 100644
--- a/docs/content/commands/rclone_check.md
+++ b/docs/content/commands/rclone_check.md
@@ -3,6 +3,7 @@ title: "rclone check"
 description: "Checks the files in the source and destination match."
 slug: rclone_check
 url: /commands/rclone_check/
+groups: Filter,Listing,Check
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/check/ and as part of making a release run "make commanddocs"
 ---
 # rclone check
@@ -18,7 +19,7 @@ match.  It doesn't alter the source or destination.
 
 For the [crypt](/crypt/) remote there is a dedicated command,
 [cryptcheck](/commands/rclone_cryptcheck/), that are able to check
-the checksums of the crypted files.
+the checksums of the encrypted files.
 
 If you supply the `--size-only` flag, it will only compare the sizes not
 the hashes as well.  Use this for a quick check.
@@ -52,6 +53,9 @@ you what happened to it. These are reminiscent of diff files.
 - `* path` means path was present in source and destination but different.
 - `! path` means there was an error reading or hashing the source or dest.
 
+The default number of parallel checks is 8. See the [--checkers=N](/docs/#checkers-n)
+option for more information.
+
 
 ```
 rclone check source:path dest:path [flags]
@@ -72,9 +76,56 @@ rclone check source:path dest:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 ```
 
+
+## Check Options
+
+Flags used for `rclone check`.
+
+```
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_checksum.md b/docs/content/commands/rclone_checksum.md
index 661dab6b2d929..1e78aeb65e1fe 100644
--- a/docs/content/commands/rclone_checksum.md
+++ b/docs/content/commands/rclone_checksum.md
@@ -1,24 +1,28 @@
 ---
 title: "rclone checksum"
-description: "Checks the files in the source against a SUM file."
+description: "Checks the files in the destination against a SUM file."
 slug: rclone_checksum
 url: /commands/rclone_checksum/
+groups: Filter,Listing
 versionIntroduced: v1.56
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/checksum/ and as part of making a release run "make commanddocs"
 ---
 # rclone checksum
 
-Checks the files in the source against a SUM file.
+Checks the files in the destination against a SUM file.
 
 ## Synopsis
 
 
-Checks that hashsums of source files match the SUM file.
+Checks that hashsums of destination files match the SUM file.
 It compares hashes (MD5, SHA1, etc) and logs a report of files which
 don't match.  It doesn't alter the file system.
 
-If you supply the `--download` flag, it will download the data from remote
-and calculate the contents hash on the fly.  This can be useful for remotes
+The sumfile is treated as the source and the dst:path is treated as
+the destination for the purposes of the output.
+
+If you supply the `--download` flag, it will download the data from the remote
+and calculate the content hash on the fly.  This can be useful for remotes
 that don't support hashes or if you really want to check all the data.
 
 Note that hash values in the SUM file are treated as case insensitive.
@@ -44,9 +48,12 @@ you what happened to it. These are reminiscent of diff files.
 - `* path` means path was present in source and destination but different.
 - `! path` means there was an error reading or hashing the source or dest.
 
+The default number of parallel checks is 8. See the [--checkers=N](/docs/#checkers-n)
+option for more information.
+
 
 ```
-rclone checksum <hash> sumfile src:path [flags]
+rclone checksum <hash> sumfile dst:path [flags]
 ```
 
 ## Options
@@ -63,9 +70,48 @@ rclone checksum <hash> sumfile src:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_cleanup.md b/docs/content/commands/rclone_cleanup.md
index 0b7b0b189bb76..30b51d517ce19 100644
--- a/docs/content/commands/rclone_cleanup.md
+++ b/docs/content/commands/rclone_cleanup.md
@@ -3,6 +3,7 @@ title: "rclone cleanup"
 description: "Clean up the remote if possible."
 slug: rclone_cleanup
 url: /commands/rclone_cleanup/
+groups: Important
 versionIntroduced: v1.31
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/cleanup/ and as part of making a release run "make commanddocs"
 ---
@@ -27,9 +28,20 @@ rclone cleanup remote:path [flags]
   -h, --help   help for cleanup
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_completion.md b/docs/content/commands/rclone_completion.md
index 9193c9868f2ee..0ecf68522c3f7 100644
--- a/docs/content/commands/rclone_completion.md
+++ b/docs/content/commands/rclone_completion.md
@@ -1,18 +1,20 @@
 ---
 title: "rclone completion"
-description: "Generate the autocompletion script for the specified shell"
+description: "Output completion script for a given shell."
 slug: rclone_completion
 url: /commands/rclone_completion/
+versionIntroduced: v1.33
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/completion/ and as part of making a release run "make commanddocs"
 ---
 # rclone completion
 
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 
 ## Synopsis
 
-Generate the autocompletion script for rclone for the specified shell.
-See each sub-command's help for details on how to use the generated script.
+
+Generates a shell completion script for rclone.
+Run with `--help` to list the supported shells.
 
 
 ## Options
@@ -21,13 +23,14 @@ See each sub-command's help for details on how to use the generated script.
   -h, --help   help for completion
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
-* [rclone completion bash](/commands/rclone_completion_bash/)	 - Generate the autocompletion script for bash
-* [rclone completion fish](/commands/rclone_completion_fish/)	 - Generate the autocompletion script for fish
-* [rclone completion powershell](/commands/rclone_completion_powershell/)	 - Generate the autocompletion script for powershell
-* [rclone completion zsh](/commands/rclone_completion_zsh/)	 - Generate the autocompletion script for zsh
+* [rclone completion bash](/commands/rclone_completion_bash/)	 - Output bash completion script for rclone.
+* [rclone completion fish](/commands/rclone_completion_fish/)	 - Output fish completion script for rclone.
+* [rclone completion powershell](/commands/rclone_completion_powershell/)	 - Output powershell completion script for rclone.
+* [rclone completion zsh](/commands/rclone_completion_zsh/)	 - Output zsh completion script for rclone.
 
diff --git a/docs/content/commands/rclone_completion_bash.md b/docs/content/commands/rclone_completion_bash.md
index b5772be3ec1a1..08df4c9edbc65 100644
--- a/docs/content/commands/rclone_completion_bash.md
+++ b/docs/content/commands/rclone_completion_bash.md
@@ -1,52 +1,49 @@
 ---
 title: "rclone completion bash"
-description: "Generate the autocompletion script for bash"
+description: "Output bash completion script for rclone."
 slug: rclone_completion_bash
 url: /commands/rclone_completion_bash/
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/completion/bash/ and as part of making a release run "make commanddocs"
 ---
 # rclone completion bash
 
-Generate the autocompletion script for bash
+Output bash completion script for rclone.
 
 ## Synopsis
 
-Generate the autocompletion script for the bash shell.
 
-This script depends on the 'bash-completion' package.
-If it is not installed already, you can install it via your OS's package manager.
+Generates a bash shell autocompletion script for rclone.
 
-To load completions in your current shell session:
+This writes to /etc/bash_completion.d/rclone by default so will
+probably need to be run with sudo or as root, e.g.
 
-	source <(rclone completion bash)
+    sudo rclone genautocomplete bash
 
-To load completions for every new session, execute once:
+Logout and login again to use the autocompletion scripts, or source
+them directly
 
-### Linux:
+    . /etc/bash_completion
 
-	rclone completion bash > /etc/bash_completion.d/rclone
+If you supply a command line argument the script will be written
+there.
 
-### macOS:
-
-	rclone completion bash > $(brew --prefix)/etc/bash_completion.d/rclone
-
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
 
 ```
-rclone completion bash
+rclone completion bash [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for bash
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for bash
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](/commands/rclone_completion/)	 - Output completion script for a given shell.
 
diff --git a/docs/content/commands/rclone_completion_fish.md b/docs/content/commands/rclone_completion_fish.md
index 5e09dadfbb915..3934273a21742 100644
--- a/docs/content/commands/rclone_completion_fish.md
+++ b/docs/content/commands/rclone_completion_fish.md
@@ -1,43 +1,49 @@
 ---
 title: "rclone completion fish"
-description: "Generate the autocompletion script for fish"
+description: "Output fish completion script for rclone."
 slug: rclone_completion_fish
 url: /commands/rclone_completion_fish/
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/completion/fish/ and as part of making a release run "make commanddocs"
 ---
 # rclone completion fish
 
-Generate the autocompletion script for fish
+Output fish completion script for rclone.
 
 ## Synopsis
 
-Generate the autocompletion script for the fish shell.
 
-To load completions in your current shell session:
+Generates a fish autocompletion script for rclone.
 
-	rclone completion fish | source
+This writes to /etc/fish/completions/rclone.fish by default so will
+probably need to be run with sudo or as root, e.g.
 
-To load completions for every new session, execute once:
+    sudo rclone genautocomplete fish
 
-	rclone completion fish > ~/.config/fish/completions/rclone.fish
+Logout and login again to use the autocompletion scripts, or source
+them directly
 
-You will need to start a new shell for this setup to take effect.
+    . /etc/fish/completions/rclone.fish
+
+If you supply a command line argument the script will be written
+there.
+
+If output_file is "-", then the output will be written to stdout.
 
 
 ```
-rclone completion fish [flags]
+rclone completion fish [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for fish
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for fish
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](/commands/rclone_completion/)	 - Output completion script for a given shell.
 
diff --git a/docs/content/commands/rclone_completion_powershell.md b/docs/content/commands/rclone_completion_powershell.md
index 8dfbafc458f9d..47a5febbdcd50 100644
--- a/docs/content/commands/rclone_completion_powershell.md
+++ b/docs/content/commands/rclone_completion_powershell.md
@@ -1,40 +1,43 @@
 ---
 title: "rclone completion powershell"
-description: "Generate the autocompletion script for powershell"
+description: "Output powershell completion script for rclone."
 slug: rclone_completion_powershell
 url: /commands/rclone_completion_powershell/
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/completion/powershell/ and as part of making a release run "make commanddocs"
 ---
 # rclone completion powershell
 
-Generate the autocompletion script for powershell
+Output powershell completion script for rclone.
 
 ## Synopsis
 
+
 Generate the autocompletion script for powershell.
 
 To load completions in your current shell session:
 
-	rclone completion powershell | Out-String | Invoke-Expression
+    rclone completion powershell | Out-String | Invoke-Expression
 
 To load completions for every new session, add the output of the above command
 to your powershell profile.
 
+If output_file is "-" or missing, then the output will be written to stdout.
+
 
 ```
-rclone completion powershell [flags]
+rclone completion powershell [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for powershell
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for powershell
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](/commands/rclone_completion/)	 - Output completion script for a given shell.
 
diff --git a/docs/content/commands/rclone_completion_zsh.md b/docs/content/commands/rclone_completion_zsh.md
index 1490817f71326..92ca04c12fec9 100644
--- a/docs/content/commands/rclone_completion_zsh.md
+++ b/docs/content/commands/rclone_completion_zsh.md
@@ -1,54 +1,49 @@
 ---
 title: "rclone completion zsh"
-description: "Generate the autocompletion script for zsh"
+description: "Output zsh completion script for rclone."
 slug: rclone_completion_zsh
 url: /commands/rclone_completion_zsh/
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/completion/zsh/ and as part of making a release run "make commanddocs"
 ---
 # rclone completion zsh
 
-Generate the autocompletion script for zsh
+Output zsh completion script for rclone.
 
 ## Synopsis
 
-Generate the autocompletion script for the zsh shell.
 
-If shell completion is not already enabled in your environment you will need
-to enable it.  You can execute the following once:
+Generates a zsh autocompletion script for rclone.
 
-	echo "autoload -U compinit; compinit" >> ~/.zshrc
+This writes to /usr/share/zsh/vendor-completions/_rclone by default so will
+probably need to be run with sudo or as root, e.g.
 
-To load completions in your current shell session:
+    sudo rclone genautocomplete zsh
 
-	source <(rclone completion zsh); compdef _rclone rclone
+Logout and login again to use the autocompletion scripts, or source
+them directly
 
-To load completions for every new session, execute once:
+    autoload -U compinit && compinit
 
-### Linux:
+If you supply a command line argument the script will be written
+there.
 
-	rclone completion zsh > "${fpath[1]}/_rclone"
-
-### macOS:
-
-	rclone completion zsh > $(brew --prefix)/share/zsh/site-functions/_rclone
-
-You will need to start a new shell for this setup to take effect.
+If output_file is "-", then the output will be written to stdout.
 
 
 ```
-rclone completion zsh [flags]
+rclone completion zsh [output_file] [flags]
 ```
 
 ## Options
 
 ```
-  -h, --help              help for zsh
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for zsh
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
-* [rclone completion](/commands/rclone_completion/)	 - Generate the autocompletion script for the specified shell
+* [rclone completion](/commands/rclone_completion/)	 - Output completion script for a given shell.
 
diff --git a/docs/content/commands/rclone_config.md b/docs/content/commands/rclone_config.md
index 186d90d2651dd..ee4c1403bd235 100644
--- a/docs/content/commands/rclone_config.md
+++ b/docs/content/commands/rclone_config.md
@@ -27,20 +27,23 @@ rclone config [flags]
   -h, --help   help for config
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 * [rclone config create](/commands/rclone_config_create/)	 - Create a new remote with name, type and options.
 * [rclone config delete](/commands/rclone_config_delete/)	 - Delete an existing remote.
 * [rclone config disconnect](/commands/rclone_config_disconnect/)	 - Disconnects user from remote
 * [rclone config dump](/commands/rclone_config_dump/)	 - Dump the config file as JSON.
+* [rclone config edit](/commands/rclone_config_edit/)	 - Enter an interactive configuration session.
 * [rclone config file](/commands/rclone_config_file/)	 - Show path of configuration file in use.
 * [rclone config password](/commands/rclone_config_password/)	 - Update password in an existing remote.
 * [rclone config paths](/commands/rclone_config_paths/)	 - Show paths used for configuration, cache, temp etc.
 * [rclone config providers](/commands/rclone_config_providers/)	 - List in JSON format all the providers and options.
 * [rclone config reconnect](/commands/rclone_config_reconnect/)	 - Re-authenticates user with remote.
+* [rclone config redacted](/commands/rclone_config_redacted/)	 - Print redacted (decrypted) config file, or the redacted config for a single remote.
 * [rclone config show](/commands/rclone_config_show/)	 - Print (decrypted) config file, or the config for a single remote.
 * [rclone config touch](/commands/rclone_config_touch/)	 - Ensure configuration file exists.
 * [rclone config update](/commands/rclone_config_update/)	 - Update options in an existing remote.
diff --git a/docs/content/commands/rclone_config_create.md b/docs/content/commands/rclone_config_create.md
index a923b246dad5d..326c142c2fc1b 100644
--- a/docs/content/commands/rclone_config_create.md
+++ b/docs/content/commands/rclone_config_create.md
@@ -132,9 +132,10 @@ rclone config create name type [key value]* [flags]
       --state string      State - use with --continue
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_delete.md b/docs/content/commands/rclone_config_delete.md
index c58bed4e42c2e..aeafa236ba70b 100644
--- a/docs/content/commands/rclone_config_delete.md
+++ b/docs/content/commands/rclone_config_delete.md
@@ -20,9 +20,10 @@ rclone config delete name [flags]
   -h, --help   help for delete
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_disconnect.md b/docs/content/commands/rclone_config_disconnect.md
index 76a64378a8a93..619c01b82d016 100644
--- a/docs/content/commands/rclone_config_disconnect.md
+++ b/docs/content/commands/rclone_config_disconnect.md
@@ -29,9 +29,10 @@ rclone config disconnect remote: [flags]
   -h, --help   help for disconnect
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_dump.md b/docs/content/commands/rclone_config_dump.md
index e0119936dbc93..5e6c859bf8db8 100644
--- a/docs/content/commands/rclone_config_dump.md
+++ b/docs/content/commands/rclone_config_dump.md
@@ -20,9 +20,10 @@ rclone config dump [flags]
   -h, --help   help for dump
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_edit.md b/docs/content/commands/rclone_config_edit.md
index dade7e042a66d..2d36391963d34 100644
--- a/docs/content/commands/rclone_config_edit.md
+++ b/docs/content/commands/rclone_config_edit.md
@@ -3,13 +3,14 @@ title: "rclone config edit"
 description: "Enter an interactive configuration session."
 slug: rclone_config_edit
 url: /commands/rclone_config_edit/
+versionIntroduced: v1.39
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/config/edit/ and as part of making a release run "make commanddocs"
 ---
 # rclone config edit
 
 Enter an interactive configuration session.
 
-# Synopsis
+## Synopsis
 
 Enter an interactive configuration session where you can setup new
 remotes and manage existing ones. You may also set or remove a
@@ -20,12 +21,13 @@ password to protect your configuration.
 rclone config edit [flags]
 ```
 
-# Options
+## Options
 
 ```
   -h, --help   help for edit
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
 # SEE ALSO
diff --git a/docs/content/commands/rclone_config_file.md b/docs/content/commands/rclone_config_file.md
index 8585b77f933a1..76de779d59220 100644
--- a/docs/content/commands/rclone_config_file.md
+++ b/docs/content/commands/rclone_config_file.md
@@ -20,9 +20,10 @@ rclone config file [flags]
   -h, --help   help for file
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_password.md b/docs/content/commands/rclone_config_password.md
index f69301811e0ae..406877bc14ab5 100644
--- a/docs/content/commands/rclone_config_password.md
+++ b/docs/content/commands/rclone_config_password.md
@@ -36,9 +36,10 @@ rclone config password name [key value]+ [flags]
   -h, --help   help for password
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_paths.md b/docs/content/commands/rclone_config_paths.md
index 7762ce0903b96..2b12cc6ad6c45 100644
--- a/docs/content/commands/rclone_config_paths.md
+++ b/docs/content/commands/rclone_config_paths.md
@@ -20,9 +20,10 @@ rclone config paths [flags]
   -h, --help   help for paths
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_providers.md b/docs/content/commands/rclone_config_providers.md
index 43441af08832e..07668581d384d 100644
--- a/docs/content/commands/rclone_config_providers.md
+++ b/docs/content/commands/rclone_config_providers.md
@@ -20,9 +20,10 @@ rclone config providers [flags]
   -h, --help   help for providers
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_reconnect.md b/docs/content/commands/rclone_config_reconnect.md
index bb2e9f740cae1..c60608ced8a47 100644
--- a/docs/content/commands/rclone_config_reconnect.md
+++ b/docs/content/commands/rclone_config_reconnect.md
@@ -29,9 +29,10 @@ rclone config reconnect remote: [flags]
   -h, --help   help for reconnect
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_redacted.md b/docs/content/commands/rclone_config_redacted.md
new file mode 100644
index 0000000000000..e792dde4c8b77
--- /dev/null
+++ b/docs/content/commands/rclone_config_redacted.md
@@ -0,0 +1,43 @@
+---
+title: "rclone config redacted"
+description: "Print redacted (decrypted) config file, or the redacted config for a single remote."
+slug: rclone_config_redacted
+url: /commands/rclone_config_redacted/
+versionIntroduced: v1.64
+# autogenerated - DO NOT EDIT, instead edit the source code in cmd/config/redacted/ and as part of making a release run "make commanddocs"
+---
+# rclone config redacted
+
+Print redacted (decrypted) config file, or the redacted config for a single remote.
+
+## Synopsis
+
+This prints a redacted copy of the config file, either the
+whole config file or for a given remote.
+
+The config file will be redacted by replacing all passwords and other
+sensitive info with XXX.
+
+This makes the config file suitable for posting online for support.
+
+It should be double checked before posting as the redaction may not be perfect.
+
+
+
+```
+rclone config redacted [<remote>] [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for redacted
+```
+
+
+See the [global flags page](/flags/) for global options not listed here.
+
+# SEE ALSO
+
+* [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
+
diff --git a/docs/content/commands/rclone_config_show.md b/docs/content/commands/rclone_config_show.md
index beab56349cbfa..5bf4150bfcd37 100644
--- a/docs/content/commands/rclone_config_show.md
+++ b/docs/content/commands/rclone_config_show.md
@@ -20,9 +20,10 @@ rclone config show [<remote>] [flags]
   -h, --help   help for show
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_touch.md b/docs/content/commands/rclone_config_touch.md
index d96c3702782a3..c16f95af89bbb 100644
--- a/docs/content/commands/rclone_config_touch.md
+++ b/docs/content/commands/rclone_config_touch.md
@@ -20,9 +20,10 @@ rclone config touch [flags]
   -h, --help   help for touch
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_update.md b/docs/content/commands/rclone_config_update.md
index 9e3fa9a38a1f9..55147084d3031 100644
--- a/docs/content/commands/rclone_config_update.md
+++ b/docs/content/commands/rclone_config_update.md
@@ -132,9 +132,10 @@ rclone config update name [key value]+ [flags]
       --state string      State - use with --continue
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_config_userinfo.md b/docs/content/commands/rclone_config_userinfo.md
index d7930a0b32507..ab1ba95398a22 100644
--- a/docs/content/commands/rclone_config_userinfo.md
+++ b/docs/content/commands/rclone_config_userinfo.md
@@ -27,9 +27,10 @@ rclone config userinfo remote: [flags]
       --json   Format output as JSON
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone config](/commands/rclone_config/)	 - Enter an interactive configuration session.
 
diff --git a/docs/content/commands/rclone_copy.md b/docs/content/commands/rclone_copy.md
index 022f3e7b08e5f..315dc4b8a0bad 100644
--- a/docs/content/commands/rclone_copy.md
+++ b/docs/content/commands/rclone_copy.md
@@ -3,6 +3,7 @@ title: "rclone copy"
 description: "Copy files from source to dest, skipping identical files."
 slug: rclone_copy
 url: /commands/rclone_copy/
+groups: Copy,Filter,Listing,Important
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/copy/ and as part of making a release run "make commanddocs"
 ---
 # rclone copy
@@ -80,9 +81,96 @@ rclone copy source:path dest:path [flags]
   -h, --help                    help for copy
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_copyto.md b/docs/content/commands/rclone_copyto.md
index bfd8b5e72fb15..30a42e53f4c99 100644
--- a/docs/content/commands/rclone_copyto.md
+++ b/docs/content/commands/rclone_copyto.md
@@ -3,6 +3,7 @@ title: "rclone copyto"
 description: "Copy files from source to dest, skipping identical files."
 slug: rclone_copyto
 url: /commands/rclone_copyto/
+groups: Copy,Filter,Listing,Important
 versionIntroduced: v1.35
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/copyto/ and as part of making a release run "make commanddocs"
 ---
@@ -52,9 +53,96 @@ rclone copyto source:path dest:path [flags]
   -h, --help   help for copyto
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_copyurl.md b/docs/content/commands/rclone_copyurl.md
index 2d13cd9a8633c..caeea9de2e7f1 100644
--- a/docs/content/commands/rclone_copyurl.md
+++ b/docs/content/commands/rclone_copyurl.md
@@ -3,6 +3,7 @@ title: "rclone copyurl"
 description: "Copy url content to dest."
 slug: rclone_copyurl
 url: /commands/rclone_copyurl/
+groups: Important
 versionIntroduced: v1.43
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/copyurl/ and as part of making a release run "make commanddocs"
 ---
@@ -44,9 +45,20 @@ rclone copyurl https://example.com dest:path [flags]
       --stdout            Write the output to stdout rather than a file
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_cryptcheck.md b/docs/content/commands/rclone_cryptcheck.md
index 21528b029ff79..9f258d2f047ca 100644
--- a/docs/content/commands/rclone_cryptcheck.md
+++ b/docs/content/commands/rclone_cryptcheck.md
@@ -1,21 +1,22 @@
 ---
 title: "rclone cryptcheck"
-description: "Cryptcheck checks the integrity of a crypted remote."
+description: "Cryptcheck checks the integrity of an encrypted remote."
 slug: rclone_cryptcheck
 url: /commands/rclone_cryptcheck/
+groups: Filter,Listing,Check
 versionIntroduced: v1.36
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/cryptcheck/ and as part of making a release run "make commanddocs"
 ---
 # rclone cryptcheck
 
-Cryptcheck checks the integrity of a crypted remote.
+Cryptcheck checks the integrity of an encrypted remote.
 
 ## Synopsis
 
 
 rclone cryptcheck checks a remote against a [crypted](/crypt/) remote.
 This is the equivalent of running rclone [check](/commands/rclone_check/),
-but able to check the checksums of the crypted remote.
+but able to check the checksums of the encrypted remote.
 
 For it to work the underlying remote of the cryptedremote must support
 some kind of checksum.
@@ -57,6 +58,9 @@ you what happened to it. These are reminiscent of diff files.
 - `* path` means path was present in source and destination but different.
 - `! path` means there was an error reading or hashing the source or dest.
 
+The default number of parallel checks is 8. See the [--checkers=N](/docs/#checkers-n)
+option for more information.
+
 
 ```
 rclone cryptcheck remote:path cryptedremote:path [flags]
@@ -75,9 +79,56 @@ rclone cryptcheck remote:path cryptedremote:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 ```
 
+
+## Check Options
+
+Flags used for `rclone check`.
+
+```
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_cryptdecode.md b/docs/content/commands/rclone_cryptdecode.md
index 11be5a7d1c2a0..bc9425407f28c 100644
--- a/docs/content/commands/rclone_cryptdecode.md
+++ b/docs/content/commands/rclone_cryptdecode.md
@@ -39,9 +39,10 @@ rclone cryptdecode encryptedremote: encryptedfilename [flags]
       --reverse   Reverse cryptdecode, encrypts filenames
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_dedupe.md b/docs/content/commands/rclone_dedupe.md
index a7a711b4576be..3791dfb4109b6 100644
--- a/docs/content/commands/rclone_dedupe.md
+++ b/docs/content/commands/rclone_dedupe.md
@@ -3,6 +3,7 @@ title: "rclone dedupe"
 description: "Interactively find duplicate filenames and delete/rename them."
 slug: rclone_dedupe
 url: /commands/rclone_dedupe/
+groups: Important
 versionIntroduced: v1.27
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/dedupe/ and as part of making a release run "make commanddocs"
 ---
@@ -132,9 +133,20 @@ rclone dedupe [mode] remote:path [flags]
   -h, --help                 help for dedupe
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_delete.md b/docs/content/commands/rclone_delete.md
index 08ec20f98faa0..9bfa4f8daab32 100644
--- a/docs/content/commands/rclone_delete.md
+++ b/docs/content/commands/rclone_delete.md
@@ -3,6 +3,7 @@ title: "rclone delete"
 description: "Remove the files in path."
 slug: rclone_delete
 url: /commands/rclone_delete/
+groups: Important,Filter,Listing
 versionIntroduced: v1.27
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/delete/ and as part of making a release run "make commanddocs"
 ---
@@ -52,9 +53,58 @@ rclone delete remote:path [flags]
       --rmdirs   rmdirs removes empty directories but leaves root intact
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_deletefile.md b/docs/content/commands/rclone_deletefile.md
index 0cdaaf860be06..5bc923070ecb3 100644
--- a/docs/content/commands/rclone_deletefile.md
+++ b/docs/content/commands/rclone_deletefile.md
@@ -3,6 +3,7 @@ title: "rclone deletefile"
 description: "Remove a single file from remote."
 slug: rclone_deletefile
 url: /commands/rclone_deletefile/
+groups: Important
 versionIntroduced: v1.42
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/deletefile/ and as part of making a release run "make commanddocs"
 ---
@@ -28,9 +29,20 @@ rclone deletefile remote:path [flags]
   -h, --help   help for deletefile
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_genautocomplete.md b/docs/content/commands/rclone_genautocomplete.md
index efaa38b07db30..d9174320f98e7 100644
--- a/docs/content/commands/rclone_genautocomplete.md
+++ b/docs/content/commands/rclone_genautocomplete.md
@@ -10,14 +10,14 @@ versionIntroduced: v1.33
 
 Output completion script for a given shell.
 
-## Synopsis
+# Synopsis
 
 
 Generates a shell completion script for rclone.
 Run with `--help` to list the supported shells.
 
 
-## Options
+# Options
 
 ```
   -h, --help   help for genautocomplete
@@ -25,7 +25,7 @@ Run with `--help` to list the supported shells.
 
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 * [rclone genautocomplete bash](/commands/rclone_genautocomplete_bash/)	 - Output bash completion script for rclone.
diff --git a/docs/content/commands/rclone_genautocomplete_bash.md b/docs/content/commands/rclone_genautocomplete_bash.md
index a771b3af49d61..8def9b4a921e4 100644
--- a/docs/content/commands/rclone_genautocomplete_bash.md
+++ b/docs/content/commands/rclone_genautocomplete_bash.md
@@ -9,7 +9,7 @@ url: /commands/rclone_genautocomplete_bash/
 
 Output bash completion script for rclone.
 
-## Synopsis
+# Synopsis
 
 
 Generates a bash shell autocompletion script for rclone.
@@ -34,7 +34,7 @@ If output_file is "-", then the output will be written to stdout.
 rclone genautocomplete bash [output_file] [flags]
 ```
 
-## Options
+# Options
 
 ```
   -h, --help   help for bash
@@ -42,7 +42,7 @@ rclone genautocomplete bash [output_file] [flags]
 
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone genautocomplete](/commands/rclone_genautocomplete/)	 - Output completion script for a given shell.
 
diff --git a/docs/content/commands/rclone_genautocomplete_fish.md b/docs/content/commands/rclone_genautocomplete_fish.md
index 85650f6c8cc18..db124f3ba8ce6 100644
--- a/docs/content/commands/rclone_genautocomplete_fish.md
+++ b/docs/content/commands/rclone_genautocomplete_fish.md
@@ -9,7 +9,7 @@ url: /commands/rclone_genautocomplete_fish/
 
 Output fish completion script for rclone.
 
-## Synopsis
+# Synopsis
 
 
 Generates a fish autocompletion script for rclone.
@@ -34,7 +34,7 @@ If output_file is "-", then the output will be written to stdout.
 rclone genautocomplete fish [output_file] [flags]
 ```
 
-## Options
+# Options
 
 ```
   -h, --help   help for fish
@@ -42,7 +42,7 @@ rclone genautocomplete fish [output_file] [flags]
 
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone genautocomplete](/commands/rclone_genautocomplete/)	 - Output completion script for a given shell.
 
diff --git a/docs/content/commands/rclone_genautocomplete_zsh.md b/docs/content/commands/rclone_genautocomplete_zsh.md
index 5da7d79759e4a..33ca513425bb6 100644
--- a/docs/content/commands/rclone_genautocomplete_zsh.md
+++ b/docs/content/commands/rclone_genautocomplete_zsh.md
@@ -9,7 +9,7 @@ url: /commands/rclone_genautocomplete_zsh/
 
 Output zsh completion script for rclone.
 
-## Synopsis
+# Synopsis
 
 
 Generates a zsh autocompletion script for rclone.
@@ -34,7 +34,7 @@ If output_file is "-", then the output will be written to stdout.
 rclone genautocomplete zsh [output_file] [flags]
 ```
 
-## Options
+# Options
 
 ```
   -h, --help   help for zsh
@@ -42,7 +42,7 @@ rclone genautocomplete zsh [output_file] [flags]
 
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone genautocomplete](/commands/rclone_genautocomplete/)	 - Output completion script for a given shell.
 
diff --git a/docs/content/commands/rclone_gendocs.md b/docs/content/commands/rclone_gendocs.md
index 5389340c6e08b..d89d287c82dbb 100644
--- a/docs/content/commands/rclone_gendocs.md
+++ b/docs/content/commands/rclone_gendocs.md
@@ -27,9 +27,10 @@ rclone gendocs output_directory [flags]
   -h, --help   help for gendocs
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_hashsum.md b/docs/content/commands/rclone_hashsum.md
index e1a78e3be5abb..b3392c01b70eb 100644
--- a/docs/content/commands/rclone_hashsum.md
+++ b/docs/content/commands/rclone_hashsum.md
@@ -3,6 +3,7 @@ title: "rclone hashsum"
 description: "Produces a hashsum file for all the objects in the path."
 slug: rclone_hashsum
 url: /commands/rclone_hashsum/
+groups: Filter,Listing
 versionIntroduced: v1.41
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/hashsum/ and as part of making a release run "make commanddocs"
 ---
@@ -39,10 +40,6 @@ Run without a hash to see the list of all supported hashes, e.g.
       * whirlpool
       * crc32
       * sha256
-      * dropbox
-      * hidrive
-      * mailru
-      * quickxor
 
 Then
 
@@ -52,7 +49,7 @@ Note that hash names are case insensitive and values are output in lower case.
 
 
 ```
-rclone hashsum <hash> remote:path [flags]
+rclone hashsum [<hash> remote:path] [flags]
 ```
 
 ## Options
@@ -65,9 +62,48 @@ rclone hashsum <hash> remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_link.md b/docs/content/commands/rclone_link.md
index 45684987307b6..71b461a93719a 100644
--- a/docs/content/commands/rclone_link.md
+++ b/docs/content/commands/rclone_link.md
@@ -47,9 +47,10 @@ rclone link remote:path [flags]
       --unlink            Remove existing public link to file/folder
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_listremotes.md b/docs/content/commands/rclone_listremotes.md
index fdf20b88c8c99..d943182bb010f 100644
--- a/docs/content/commands/rclone_listremotes.md
+++ b/docs/content/commands/rclone_listremotes.md
@@ -1,6 +1,6 @@
 ---
 title: "rclone listremotes"
-description: "List all the remotes in the config file."
+description: "List all the remotes in the config file and defined in environment variables."
 slug: rclone_listremotes
 url: /commands/rclone_listremotes/
 versionIntroduced: v1.34
@@ -8,7 +8,7 @@ versionIntroduced: v1.34
 ---
 # rclone listremotes
 
-List all the remotes in the config file.
+List all the remotes in the config file and defined in environment variables.
 
 ## Synopsis
 
@@ -29,9 +29,10 @@ rclone listremotes [flags]
       --long   Show the type as well as names
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_ls.md b/docs/content/commands/rclone_ls.md
index a1bfc8cfe4c7f..5c438b1bb1c45 100644
--- a/docs/content/commands/rclone_ls.md
+++ b/docs/content/commands/rclone_ls.md
@@ -3,6 +3,7 @@ title: "rclone ls"
 description: "List the objects in the path with size and path."
 slug: rclone_ls
 url: /commands/rclone_ls/
+groups: Filter,Listing
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/ls/ and as part of making a release run "make commanddocs"
 ---
 # rclone ls
@@ -57,9 +58,48 @@ rclone ls remote:path [flags]
   -h, --help   help for ls
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_lsd.md b/docs/content/commands/rclone_lsd.md
index 86a1f47c7b5cd..8fd4193579653 100644
--- a/docs/content/commands/rclone_lsd.md
+++ b/docs/content/commands/rclone_lsd.md
@@ -3,6 +3,7 @@ title: "rclone lsd"
 description: "List all directories/containers/buckets in the path."
 slug: rclone_lsd
 url: /commands/rclone_lsd/
+groups: Filter,Listing
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/lsd/ and as part of making a release run "make commanddocs"
 ---
 # rclone lsd
@@ -68,9 +69,48 @@ rclone lsd remote:path [flags]
   -R, --recursive   Recurse into the listing
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_lsf.md b/docs/content/commands/rclone_lsf.md
index 8567cbc9e653e..c45322182152c 100644
--- a/docs/content/commands/rclone_lsf.md
+++ b/docs/content/commands/rclone_lsf.md
@@ -3,6 +3,7 @@ title: "rclone lsf"
 description: "List directories and objects in remote:path formatted for parsing."
 slug: rclone_lsf
 url: /commands/rclone_lsf/
+groups: Filter,Listing
 versionIntroduced: v1.40
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/lsf/ and as part of making a release run "make commanddocs"
 ---
@@ -151,9 +152,48 @@ rclone lsf remote:path [flags]
   -s, --separator string   Separator for the items in the format (default ";")
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_lsjson.md b/docs/content/commands/rclone_lsjson.md
index fbb979363ce3f..837427e5901d0 100644
--- a/docs/content/commands/rclone_lsjson.md
+++ b/docs/content/commands/rclone_lsjson.md
@@ -3,6 +3,7 @@ title: "rclone lsjson"
 description: "List directories and objects in the path in JSON format."
 slug: rclone_lsjson
 url: /commands/rclone_lsjson/
+groups: Filter,Listing
 versionIntroduced: v1.37
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/lsjson/ and as part of making a release run "make commanddocs"
 ---
@@ -129,9 +130,48 @@ rclone lsjson remote:path [flags]
       --stat                    Just return the info for the pointed to file
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_lsl.md b/docs/content/commands/rclone_lsl.md
index b7419e7ac8e40..eb4617906254f 100644
--- a/docs/content/commands/rclone_lsl.md
+++ b/docs/content/commands/rclone_lsl.md
@@ -3,6 +3,7 @@ title: "rclone lsl"
 description: "List the objects in path with modification time, size and path."
 slug: rclone_lsl
 url: /commands/rclone_lsl/
+groups: Filter,Listing
 versionIntroduced: v1.02
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/lsl/ and as part of making a release run "make commanddocs"
 ---
@@ -58,9 +59,48 @@ rclone lsl remote:path [flags]
   -h, --help   help for lsl
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_md5sum.md b/docs/content/commands/rclone_md5sum.md
index c805064295ce0..0ec173a5f66ff 100644
--- a/docs/content/commands/rclone_md5sum.md
+++ b/docs/content/commands/rclone_md5sum.md
@@ -3,6 +3,7 @@ title: "rclone md5sum"
 description: "Produces an md5sum file for all the objects in the path."
 slug: rclone_md5sum
 url: /commands/rclone_md5sum/
+groups: Filter,Listing
 versionIntroduced: v1.02
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/md5sum/ and as part of making a release run "make commanddocs"
 ---
@@ -45,9 +46,48 @@ rclone md5sum remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_mkdir.md b/docs/content/commands/rclone_mkdir.md
index 4d009c91ed828..0ca2025ab57c4 100644
--- a/docs/content/commands/rclone_mkdir.md
+++ b/docs/content/commands/rclone_mkdir.md
@@ -3,6 +3,7 @@ title: "rclone mkdir"
 description: "Make the path if it doesn't already exist."
 slug: rclone_mkdir
 url: /commands/rclone_mkdir/
+groups: Important
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/mkdir/ and as part of making a release run "make commanddocs"
 ---
 # rclone mkdir
@@ -19,9 +20,20 @@ rclone mkdir remote:path [flags]
   -h, --help   help for mkdir
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_mount.md b/docs/content/commands/rclone_mount.md
index 322a3426c736c..c22fb2e7ead14 100644
--- a/docs/content/commands/rclone_mount.md
+++ b/docs/content/commands/rclone_mount.md
@@ -3,6 +3,7 @@ title: "rclone mount"
 description: "Mount the remote as file system on a mountpoint."
 slug: rclone_mount
 url: /commands/rclone_mount/
+groups: Filter
 versionIntroduced: v1.33
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/mount/ and as part of making a release run "make commanddocs"
 ---
@@ -12,7 +13,6 @@ Mount the remote as file system on a mountpoint.
 
 ## Synopsis
 
-
 rclone mount allows Linux, FreeBSD, macOS and Windows to
 mount any of Rclone's cloud storage systems as a file system with
 FUSE.
@@ -267,11 +267,28 @@ does not suffer from the same limitations.
 
 ## Mounting on macOS
 
-Mounting on macOS can be done either via [macFUSE](https://osxfuse.github.io/) 
+Mounting on macOS can be done either via [built-in NFS server](/commands/rclone_serve_nfs/), [macFUSE](https://osxfuse.github.io/) 
 (also known as osxfuse) or [FUSE-T](https://www.fuse-t.org/). macFUSE is a traditional
 FUSE driver utilizing a macOS kernel extension (kext). FUSE-T is an alternative FUSE system
 which "mounts" via an NFSv4 local server.
 
+# NFS mount
+
+This method spins up an NFS server using [serve nfs](/commands/rclone_serve_nfs/) command and mounts
+it to the specified mountpoint. If you run this in background mode using |--daemon|, you will need to
+send SIGTERM signal to the rclone process using |kill| command to stop the mount.
+
+### macFUSE Notes
+
+If installing macFUSE using [dmg packages](https://github.com/osxfuse/osxfuse/releases) from
+the website, rclone will locate the macFUSE libraries without any further intervention.
+If however, macFUSE is installed using the [macports](https://www.macports.org/) package manager,
+the following addition steps are required.
+
+    sudo mkdir /usr/local/lib
+    cd /usr/local/lib
+    sudo ln -s /opt/local/lib/libfuse.2.dylib
+
 ### FUSE-T Limitations, Caveats, and Notes
 
 There are some limitations, caveats, and notes about how it works. These are current as 
@@ -310,6 +327,8 @@ sequentially, it can only seek when reading.  This means that many
 applications won't work with their files on an rclone mount without
 `--vfs-cache-mode writes` or `--vfs-cache-mode full`.
 See the [VFS File Caching](#vfs-file-caching) section for more info.
+When using NFS mount on macOS, if you don't specify |--vfs-cache-mode|
+the mount point will be read-only.
 
 The bucket-based remotes (e.g. Swift, S3, Google Compute Storage, B2)
 do not support the concept of empty directories, so empty
@@ -408,20 +427,19 @@ or create systemd mount units:
 ```
 # /etc/systemd/system/mnt-data.mount
 [Unit]
-After=network-online.target
+Description=Mount for /mnt/data
 [Mount]
 Type=rclone
 What=sftp1:subdir
 Where=/mnt/data
-Options=rw,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
+Options=rw,_netdev,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
 ```
 
 optionally accompanied by systemd automount unit
 ```
 # /etc/systemd/system/mnt-data.automount
 [Unit]
-After=network-online.target
-Before=remote-fs.target
+Description=AutoMount for /mnt/data
 [Automount]
 Where=/mnt/data
 TimeoutIdleSec=600
@@ -457,7 +475,6 @@ Mount option syntax includes a few extra options treated specially:
 - `vv...` will be transformed into appropriate `--verbose=N`
 - standard mount options like `x-systemd.automount`, `_netdev`, `nosuid` and alike
   are intended only for Automountd and ignored by rclone.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -532,12 +549,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -554,10 +572,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -802,6 +832,7 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for mount
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don't compare checksums on up/download
       --no-modtime                             Don't read/write the modification time (can speed things up)
@@ -813,8 +844,9 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -824,6 +856,7 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
@@ -831,9 +864,39 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_move.md b/docs/content/commands/rclone_move.md
index cd2e96fa35654..bc6efdddedd36 100644
--- a/docs/content/commands/rclone_move.md
+++ b/docs/content/commands/rclone_move.md
@@ -3,6 +3,7 @@ title: "rclone move"
 description: "Move files from source to dest."
 slug: rclone_move
 url: /commands/rclone_move/
+groups: Filter,Listing,Important,Copy
 versionIntroduced: v1.19
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/move/ and as part of making a release run "make commanddocs"
 ---
@@ -56,9 +57,96 @@ rclone move source:path dest:path [flags]
   -h, --help                    help for move
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_moveto.md b/docs/content/commands/rclone_moveto.md
index 4a236fe93f23c..79f3e3420937a 100644
--- a/docs/content/commands/rclone_moveto.md
+++ b/docs/content/commands/rclone_moveto.md
@@ -3,6 +3,7 @@ title: "rclone moveto"
 description: "Move file or directory from source to dest."
 slug: rclone_moveto
 url: /commands/rclone_moveto/
+groups: Filter,Listing,Important,Copy
 versionIntroduced: v1.35
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/moveto/ and as part of making a release run "make commanddocs"
 ---
@@ -55,9 +56,96 @@ rclone moveto source:path dest:path [flags]
   -h, --help   help for moveto
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_ncdu.md b/docs/content/commands/rclone_ncdu.md
index a92250cf25969..4c0a41b3e8c46 100644
--- a/docs/content/commands/rclone_ncdu.md
+++ b/docs/content/commands/rclone_ncdu.md
@@ -3,6 +3,7 @@ title: "rclone ncdu"
 description: "Explore a remote with a text based user interface."
 slug: rclone_ncdu
 url: /commands/rclone_ncdu/
+groups: Filter,Listing
 versionIntroduced: v1.37
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/ncdu/ and as part of making a release run "make commanddocs"
 ---
@@ -43,6 +44,7 @@ press '?' to toggle the help on and off. The supported keys are:
      y copy current path to clipboard
      Y display current path
      ^L refresh screen (fix screen corruption)
+     r recalculate file sizes
      ? to toggle help on and off
      q/ESC/^c to quit
 
@@ -83,9 +85,48 @@ rclone ncdu remote:path [flags]
   -h, --help   help for ncdu
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_obscure.md b/docs/content/commands/rclone_obscure.md
index 06f556430ad7c..d5ab27510c172 100644
--- a/docs/content/commands/rclone_obscure.md
+++ b/docs/content/commands/rclone_obscure.md
@@ -46,9 +46,10 @@ rclone obscure password [flags]
   -h, --help   help for obscure
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_purge.md b/docs/content/commands/rclone_purge.md
index 6b87acc56ed6a..7fea5b3f5c825 100644
--- a/docs/content/commands/rclone_purge.md
+++ b/docs/content/commands/rclone_purge.md
@@ -3,6 +3,7 @@ title: "rclone purge"
 description: "Remove the path and all of its contents."
 slug: rclone_purge
 url: /commands/rclone_purge/
+groups: Important
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/purge/ and as part of making a release run "make commanddocs"
 ---
 # rclone purge
@@ -32,9 +33,20 @@ rclone purge remote:path [flags]
   -h, --help   help for purge
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_rc.md b/docs/content/commands/rclone_rc.md
index 1cdd9b135d6e6..5ffad08042526 100644
--- a/docs/content/commands/rclone_rc.md
+++ b/docs/content/commands/rclone_rc.md
@@ -81,9 +81,10 @@ rclone rc commands parameter [flags]
       --user string       Username to use to rclone remote control
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_rcat.md b/docs/content/commands/rclone_rcat.md
index a51eda8515973..1f25458813240 100644
--- a/docs/content/commands/rclone_rcat.md
+++ b/docs/content/commands/rclone_rcat.md
@@ -3,6 +3,7 @@ title: "rclone rcat"
 description: "Copies standard input to file on remote."
 slug: rclone_rcat
 url: /commands/rclone_rcat/
+groups: Important
 versionIntroduced: v1.38
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/rcat/ and as part of making a release run "make commanddocs"
 ---
@@ -38,10 +39,11 @@ and actually stream it, even if remote backend doesn't support streaming.
 size of the stream is different in length to the `--size` passed in
 then the transfer will likely fail.
 
-Note that the upload can also not be retried because the data is
-not kept around until the upload succeeds. If you need to transfer
-a lot of data, you're better off caching locally and then
-`rclone move` it to the destination.
+Note that the upload cannot be retried because the data is not stored.
+If the backend supports multipart uploading then individual chunks can
+be retried. If you need to transfer a lot of data, you may be better
+off caching it locally and then `rclone move` it to the
+destination which can use retries.
 
 ```
 rclone rcat remote:path [flags]
@@ -54,9 +56,20 @@ rclone rcat remote:path [flags]
       --size int   File size hint to preallocate (default -1)
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_rcd.md b/docs/content/commands/rclone_rcd.md
index d179b606abddf..73a40c42bba0a 100644
--- a/docs/content/commands/rclone_rcd.md
+++ b/docs/content/commands/rclone_rcd.md
@@ -3,6 +3,7 @@ title: "rclone rcd"
 description: "Run rclone listening to remote control commands only."
 slug: rclone_rcd
 url: /commands/rclone_rcd/
+groups: RC
 versionIntroduced: v1.45
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/rcd/ and as part of making a release run "make commanddocs"
 ---
@@ -25,54 +26,54 @@ See the [rc documentation](/rc/) for more info on the rc flags.
 
 ## Server options
 
-Use `--addr` to specify which IP address and port the server should
-listen on, eg `--addr 1.2.3.4:8000` or `--addr :8080` to listen to all
+Use `--rc-addr` to specify which IP address and port the server should
+listen on, eg `--rc-addr 1.2.3.4:8000` or `--rc-addr :8080` to listen to all
 IPs.  By default it only listens on localhost.  You can use port
 :0 to let the OS choose an available port.
 
-If you set `--addr` to listen on a public or LAN accessible IP address
+If you set `--rc-addr` to listen on a public or LAN accessible IP address
 then using Authentication is advised - see the next section for info.
 
 You can use a unix socket by setting the url to `unix:///path/to/socket`
 or just by using an absolute path name. Note that unix sockets bypass the
 authentication - this is expected to be done with file system permissions.
 
-`--addr` may be repeated to listen on multiple IPs/ports/sockets.
+`--rc-addr` may be repeated to listen on multiple IPs/ports/sockets.
 
-`--server-read-timeout` and `--server-write-timeout` can be used to
+`--rc-server-read-timeout` and `--rc-server-write-timeout` can be used to
 control the timeouts on the server.  Note that this is the total time
 for a transfer.
 
-`--max-header-bytes` controls the maximum number of bytes the server will
+`--rc-max-header-bytes` controls the maximum number of bytes the server will
 accept in the HTTP header.
 
-`--baseurl` controls the URL prefix that rclone serves from.  By default
-rclone will serve from the root.  If you used `--baseurl "/rclone"` then
+`--rc-baseurl` controls the URL prefix that rclone serves from.  By default
+rclone will serve from the root.  If you used `--rc-baseurl "/rclone"` then
 rclone would serve from a URL starting with "/rclone/".  This is
 useful if you wish to proxy rclone serve.  Rclone automatically
-inserts leading and trailing "/" on `--baseurl`, so `--baseurl "rclone"`,
-`--baseurl "/rclone"` and `--baseurl "/rclone/"` are all treated
+inserts leading and trailing "/" on `--rc-baseurl`, so `--rc-baseurl "rclone"`,
+`--rc-baseurl "/rclone"` and `--rc-baseurl "/rclone/"` are all treated
 identically.
 
 ### TLS (SSL)
 
 By default this will serve over http.  If you want you can serve over
-https.  You will need to supply the `--cert` and `--key` flags.
+https.  You will need to supply the `--rc-cert` and `--rc-key` flags.
 If you wish to do client side certificate validation then you will need to
-supply `--client-ca` also.
+supply `--rc-client-ca` also.
 
-`--cert` should be a either a PEM encoded certificate or a concatenation
-of that with the CA certificate.  `--key` should be the PEM encoded
-private key and `--client-ca` should be the PEM encoded client
+`--rc-cert` should be a either a PEM encoded certificate or a concatenation
+of that with the CA certificate.  `--krc-ey` should be the PEM encoded
+private key and `--rc-client-ca` should be the PEM encoded client
 certificate authority certificate.
 
---min-tls-version is minimum TLS version that is acceptable. Valid
+--rc-min-tls-version is minimum TLS version that is acceptable. Valid
   values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
   "tls1.0").
 
 ### Template
 
-`--template` allows a user to specify a custom markup template for HTTP
+`--rc-template` allows a user to specify a custom markup template for HTTP
 and WebDAV serve functions.  The server exports the following markup
 to be used within the template to server pages:
 
@@ -95,14 +96,29 @@ to be used within the template to server pages:
 |-- .Size     | Size in Bytes of the entry. |
 |-- .ModTime  | The UTC timestamp of an entry. |
 
+The server also makes the following functions available so that they can be used within the
+template. These functions help extend the options for dynamic rendering of HTML. They can
+be used to render HTML based on specific conditions.
+
+| Function   | Description |
+| :---------- | :---------- |
+| afterEpoch  | Returns the time since the epoch for the given time. |
+| contains    | Checks whether a given substring is present or not in a given string. |
+| hasPrefix   | Checks whether the given string begins with the specified prefix. |
+| hasSuffix   | Checks whether the given string end with the specified suffix. |
+
 ### Authentication
 
 By default this will serve files without needing a login.
 
 You can either use an htpasswd file which can take lots of users, or
-set a single username and password with the `--user` and `--pass` flags.
+set a single username and password with the `--rc-user` and `--rc-pass` flags.
 
-Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
+
+Use `--rc-htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
 
@@ -114,9 +130,9 @@ To create an htpasswd file:
 
 The password file can be updated while rclone is running.
 
-Use `--realm` to set the authentication realm.
+Use `--rc-realm` to set the authentication realm.
 
-Use `--salt` to change the password hashing salt from the default.
+Use `--rc-salt` to change the password hashing salt from the default.
 
 
 ```
@@ -129,9 +145,45 @@ rclone rcd <path to files to serve>* [flags]
   -h, --help   help for rcd
 ```
 
+
+## RC Options
+
+Flags to control the Remote Control API.
+
+```
+      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
+      --rc-no-auth                         Don't require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default "dlPL2MqE")
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don't open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_rmdir.md b/docs/content/commands/rclone_rmdir.md
index c8424e24a0ee5..72c41b722d780 100644
--- a/docs/content/commands/rclone_rmdir.md
+++ b/docs/content/commands/rclone_rmdir.md
@@ -3,6 +3,7 @@ title: "rclone rmdir"
 description: "Remove the empty directory at path."
 slug: rclone_rmdir
 url: /commands/rclone_rmdir/
+groups: Important
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/rmdir/ and as part of making a release run "make commanddocs"
 ---
 # rclone rmdir
@@ -30,9 +31,20 @@ rclone rmdir remote:path [flags]
   -h, --help   help for rmdir
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_rmdirs.md b/docs/content/commands/rclone_rmdirs.md
index 22196b848ccdd..1a89a07269cc6 100644
--- a/docs/content/commands/rclone_rmdirs.md
+++ b/docs/content/commands/rclone_rmdirs.md
@@ -3,6 +3,7 @@ title: "rclone rmdirs"
 description: "Remove empty directories under the path."
 slug: rclone_rmdirs
 url: /commands/rclone_rmdirs/
+groups: Important
 versionIntroduced: v1.35
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/rmdirs/ and as part of making a release run "make commanddocs"
 ---
@@ -26,7 +27,10 @@ empty directories in. For example the [delete](/commands/rclone_delete/)
 command will delete files but leave the directory structure (unless
 used with option `--rmdirs`).
 
-To delete a path and any objects in it, use [purge](/commands/rclone_purge/)
+This will delete `--checkers` directories concurrently so
+if you have thousands of empty directories consider increasing this number.
+
+To delete a path and any objects in it, use the [purge](/commands/rclone_purge/)
 command.
 
 
@@ -41,9 +45,20 @@ rclone rmdirs remote:path [flags]
       --leave-root   Do not remove root directory if empty
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_selfupdate.md b/docs/content/commands/rclone_selfupdate.md
index 8a12883ad4ad0..82994370ec51a 100644
--- a/docs/content/commands/rclone_selfupdate.md
+++ b/docs/content/commands/rclone_selfupdate.md
@@ -12,10 +12,10 @@ Update the rclone binary.
 
 ## Synopsis
 
-
-This command downloads the latest release of rclone and replaces
-the currently running binary. The download is verified with a hashsum
-and cryptographically signed signature.
+This command downloads the latest release of rclone and replaces the
+currently running binary. The download is verified with a hashsum and
+cryptographically signed signature; see [the release signing
+docs](/release_signing/) for details.
 
 If used without flags (or with implied `--stable` flag), this command
 will install the latest stable release. However, some issues may be fixed
@@ -48,7 +48,7 @@ your OS) to update these too. This command with the default `--package zip`
 will update only the rclone executable so the local manual may become
 inaccurate after it.
 
-The `rclone mount` command (https://rclone.org/commands/rclone_mount/) may
+The [rclone mount](/commands/rclone_mount/) command may
 or may not support extended FUSE options depending on the build and OS.
 `selfupdate` will refuse to update if the capability would be discarded.
 
@@ -77,9 +77,10 @@ rclone selfupdate [flags]
       --version string   Install the given rclone version (default: latest)
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_serve.md b/docs/content/commands/rclone_serve.md
index ff08cc8b77afa..211472b8993c6 100644
--- a/docs/content/commands/rclone_serve.md
+++ b/docs/content/commands/rclone_serve.md
@@ -30,16 +30,19 @@ rclone serve <protocol> [opts] <remote> [flags]
   -h, --help   help for serve
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 * [rclone serve dlna](/commands/rclone_serve_dlna/)	 - Serve remote:path over DLNA
 * [rclone serve docker](/commands/rclone_serve_docker/)	 - Serve any remote on docker's volume plugin API.
 * [rclone serve ftp](/commands/rclone_serve_ftp/)	 - Serve remote:path over FTP.
 * [rclone serve http](/commands/rclone_serve_http/)	 - Serve the remote over HTTP.
+* [rclone serve nfs](/commands/rclone_serve_nfs/)	 - Serve the remote as an NFS mount
 * [rclone serve restic](/commands/rclone_serve_restic/)	 - Serve the remote for restic's REST API.
+* [rclone serve s3](/commands/rclone_serve_s3/)	 - Serve remote:path over s3.
 * [rclone serve sftp](/commands/rclone_serve_sftp/)	 - Serve the remote over SFTP.
 * [rclone serve webdav](/commands/rclone_serve_webdav/)	 - Serve remote:path over WebDAV.
 
diff --git a/docs/content/commands/rclone_serve_dlna.md b/docs/content/commands/rclone_serve_dlna.md
index 00718ef47a82b..abe864473a4cd 100644
--- a/docs/content/commands/rclone_serve_dlna.md
+++ b/docs/content/commands/rclone_serve_dlna.md
@@ -3,6 +3,7 @@ title: "rclone serve dlna"
 description: "Serve remote:path over DLNA"
 slug: rclone_serve_dlna
 url: /commands/rclone_serve_dlna/
+groups: Filter
 versionIntroduced: v1.46
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/dlna/ and as part of making a release run "make commanddocs"
 ---
@@ -35,7 +36,6 @@ default "rclone (hostname)".
 
 Use `--log-trace` in conjunction with `-vv` to enable additional debug
 logging of all UPNP traffic.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -110,12 +110,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -132,10 +133,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -379,8 +392,9 @@ rclone serve dlna remote:path [flags]
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -390,14 +404,45 @@ rclone serve dlna remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
diff --git a/docs/content/commands/rclone_serve_docker.md b/docs/content/commands/rclone_serve_docker.md
index a7d02fc0351f0..0366cf6c903a6 100644
--- a/docs/content/commands/rclone_serve_docker.md
+++ b/docs/content/commands/rclone_serve_docker.md
@@ -3,6 +3,7 @@ title: "rclone serve docker"
 description: "Serve any remote on docker's volume plugin API."
 slug: rclone_serve_docker
 url: /commands/rclone_serve_docker/
+groups: Filter
 versionIntroduced: v1.56
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/docker/ and as part of making a release run "make commanddocs"
 ---
@@ -12,7 +13,6 @@ Serve any remote on docker's volume plugin API.
 
 ## Synopsis
 
-
 This command implements the Docker volume plugin API allowing docker to use
 rclone as a data storage mechanism for various cloud providers.
 rclone provides [docker volume plugin](/docker) based on it.
@@ -51,7 +51,6 @@ directory with book-keeping records of created and mounted volumes.
 All mount and VFS options are submitted by the docker daemon via API, but
 you can also provide defaults on the command line as well as set path to the
 config file and cache directory or adjust logging verbosity.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -126,12 +125,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -148,10 +148,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -398,6 +410,7 @@ rclone serve docker [flags]
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for docker
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don't compare checksums on up/download
       --no-modtime                             Don't read/write the modification time (can speed things up)
@@ -412,8 +425,9 @@ rclone serve docker [flags]
       --socket-gid int                         GID for unix socket (default: current process GID) (default 1000)
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -423,6 +437,7 @@ rclone serve docker [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
@@ -430,9 +445,39 @@ rclone serve docker [flags]
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
diff --git a/docs/content/commands/rclone_serve_ftp.md b/docs/content/commands/rclone_serve_ftp.md
index 475e7bb2136e2..6ba8142e98027 100644
--- a/docs/content/commands/rclone_serve_ftp.md
+++ b/docs/content/commands/rclone_serve_ftp.md
@@ -3,6 +3,7 @@ title: "rclone serve ftp"
 description: "Serve remote:path over FTP."
 slug: rclone_serve_ftp
 url: /commands/rclone_serve_ftp/
+groups: Filter
 versionIntroduced: v1.44
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/ftp/ and as part of making a release run "make commanddocs"
 ---
@@ -32,7 +33,6 @@ then using Authentication is advised - see the next section for info.
 By default this will serve files without needing a login.
 
 You can set a single username and password with the --user and --pass flags.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -107,12 +107,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -129,10 +130,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -460,8 +473,9 @@ rclone serve ftp remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication (default "anonymous")
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -471,14 +485,45 @@ rclone serve ftp remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
diff --git a/docs/content/commands/rclone_serve_http.md b/docs/content/commands/rclone_serve_http.md
index 0986a93029d07..f599e5284cd57 100644
--- a/docs/content/commands/rclone_serve_http.md
+++ b/docs/content/commands/rclone_serve_http.md
@@ -3,6 +3,7 @@ title: "rclone serve http"
 description: "Serve the remote over HTTP."
 slug: rclone_serve_http
 url: /commands/rclone_serve_http/
+groups: Filter
 versionIntroduced: v1.39
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/http/ and as part of making a release run "make commanddocs"
 ---
@@ -96,6 +97,17 @@ to be used within the template to server pages:
 |-- .Size     | Size in Bytes of the entry. |
 |-- .ModTime  | The UTC timestamp of an entry. |
 
+The server also makes the following functions available so that they can be used within the
+template. These functions help extend the options for dynamic rendering of HTML. They can
+be used to render HTML based on specific conditions.
+
+| Function   | Description |
+| :---------- | :---------- |
+| afterEpoch  | Returns the time since the epoch for the given time. |
+| contains    | Checks whether a given substring is present or not in a given string. |
+| hasPrefix   | Checks whether the given string begins with the specified prefix. |
+| hasSuffix   | Checks whether the given string end with the specified suffix. |
+
 ### Authentication
 
 By default this will serve files without needing a login.
@@ -103,6 +115,10 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or
 set a single username and password with the `--user` and `--pass` flags.
 
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
+
 Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
@@ -118,7 +134,6 @@ The password file can be updated while rclone is running.
 Use `--realm` to set the authentication realm.
 
 Use `--salt` to change the password hashing salt from the default.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -193,12 +208,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -215,10 +231,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -527,6 +555,7 @@ rclone serve http remote:path [flags]
 
 ```
       --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
       --auth-proxy string                      A program to use to create the backend from the auth
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -554,8 +583,9 @@ rclone serve http remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -565,14 +595,45 @@ rclone serve http remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
diff --git a/docs/content/commands/rclone_serve_nfs.md b/docs/content/commands/rclone_serve_nfs.md
new file mode 100644
index 0000000000000..bbd28ccf825ee
--- /dev/null
+++ b/docs/content/commands/rclone_serve_nfs.md
@@ -0,0 +1,450 @@
+---
+title: "rclone serve nfs"
+description: "Serve the remote as an NFS mount"
+slug: rclone_serve_nfs
+url: /commands/rclone_serve_nfs/
+groups: Filter
+versionIntroduced: v1.65
+# autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/nfs/ and as part of making a release run "make commanddocs"
+---
+# rclone serve nfs
+
+Serve the remote as an NFS mount
+
+## Synopsis
+
+Create an NFS server that serves the given remote over the network.
+	
+The primary purpose for this command is to enable [mount command](/commands/rclone_mount/) on recent macOS versions where
+installing FUSE is very cumbersome. 
+
+Since this is running on NFSv3, no authentication method is available. Any client
+will be able to access the data. To limit access, you can use serve NFS on loopback address
+and rely on secure tunnels (such as SSH). For this reason, by default, a random TCP port is chosen and loopback interface is used for the listening address;
+meaning that it is only available to the local machine. If you want other machines to access the
+NFS mount over local network, you need to specify the listening address and port using `--addr` flag.
+
+Modifying files through NFS protocol requires VFS caching. Usually you will need to specify `--vfs-cache-mode`
+in order to be able to write to the mountpoint (full is recommended). If you don't specify VFS cache mode,
+the mount will be read-only.
+
+To serve NFS over the network use following command:
+
+    rclone serve nfs remote: --addr 0.0.0.0:$PORT --vfs-cache-mode=full
+
+We specify a specific port that we can use in the mount command:
+
+To mount the server under Linux/macOS, use the following command:
+    
+    mount -oport=$PORT,mountport=$PORT $HOSTNAME: path/to/mountpoint
+
+Where `$PORT` is the same port number we used in the serve nfs command.
+
+This feature is only available on Unix platforms.
+
+## VFS - Virtual File System
+
+This command uses the VFS layer. This adapts the cloud storage objects
+that rclone uses into something which looks much more like a disk
+filing system.
+
+Cloud storage objects have lots of properties which aren't like disk
+files - you can't extend them or write to the middle of them, so the
+VFS layer has to deal with that. Because there is no one right way of
+doing this there are various options explained below.
+
+The VFS layer also implements a directory cache - this caches info
+about files and directories (but not the data) in memory.
+
+## VFS Directory Cache
+
+Using the `--dir-cache-time` flag, you can control how long a
+directory should be considered up to date and not refreshed from the
+backend. Changes made through the VFS will appear immediately or
+invalidate the cache.
+
+    --dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+    --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
+
+However, changes made directly on the cloud storage by the web
+interface or a different copy of rclone will only be picked up once
+the directory cache expires if the backend configured does not support
+polling for changes. If the backend supports polling, changes will be
+picked up within the polling interval.
+
+You can send a `SIGHUP` signal to rclone for it to flush all
+directory caches, regardless of how old they are.  Assuming only one
+rclone instance is running, you can reset the cache like this:
+
+    kill -SIGHUP $(pidof rclone)
+
+If you configure rclone with a [remote control](/rc) then you can use
+rclone rc to flush the whole directory cache:
+
+    rclone rc vfs/forget
+
+Or individual files or directories:
+
+    rclone rc vfs/forget file=path/to/file dir=path/to/dir
+
+## VFS File Buffering
+
+The `--buffer-size` flag determines the amount of memory,
+that will be used to buffer data in advance.
+
+Each open file will try to keep the specified amount of data in memory
+at all times. The buffered data is bound to one open file and won't be
+shared.
+
+This flag is a upper limit for the used memory per open file.  The
+buffer will only use memory for data that is downloaded but not not
+yet read. If the buffer is empty, only a small amount of memory will
+be used.
+
+The maximum memory used by rclone for buffering can be up to
+`--buffer-size * open files`.
+
+## VFS File Caching
+
+These flags control the VFS file caching options. File caching is
+necessary to make the VFS layer appear compatible with a normal file
+system. It can be disabled at the cost of some compatibility.
+
+For example you'll need to enable VFS caching if you want to read and
+write simultaneously to a file.  See below for more details.
+
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
+
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
+
+If run with `-vv` rclone will print the location of the file cache.  The
+files are stored in the user cache file area which is OS dependent but
+can be controlled with `--cache-dir` or setting the appropriate
+environment variable.
+
+The cache has 4 different modes selected by `--vfs-cache-mode`.
+The higher the cache mode the more compatible rclone becomes at the
+cost of using disk space.
+
+Note that files are written back to the remote only when they are
+closed and if they haven't been accessed for `--vfs-write-back`
+seconds. If rclone is quit or dies with files that haven't been
+uploaded, these will be uploaded next time rclone is run with the same
+flags.
+
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
+
+You **should not** run two copies of rclone using the same VFS cache
+with the same or overlapping remotes if using `--vfs-cache-mode > off`.
+This can potentially cause data corruption if you do. You can work
+around this by giving each rclone its own cache hierarchy with
+`--cache-dir`. You don't need to worry about this if the remotes in
+use don't overlap.
+
+### --vfs-cache-mode off
+
+In this mode (the default) the cache will read directly from the remote and write
+directly to the remote without caching anything on disk.
+
+This will mean some operations are not possible
+
+  * Files can't be opened for both read AND write
+  * Files opened for write can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files open for read with O_TRUNC will be opened write only
+  * Files open for write only will behave as if O_TRUNC was supplied
+  * Open modes O_APPEND, O_TRUNC are ignored
+  * If an upload fails it can't be retried
+
+### --vfs-cache-mode minimal
+
+This is very similar to "off" except that files opened for read AND
+write will be buffered to disk.  This means that files opened for
+write will be a lot more compatible, but uses the minimal disk space.
+
+These operations are not possible
+
+  * Files opened for write only can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files opened for write only will ignore O_APPEND, O_TRUNC
+  * If an upload fails it can't be retried
+
+### --vfs-cache-mode writes
+
+In this mode files opened for read only are still read directly from
+the remote, write only and read/write files are buffered to disk
+first.
+
+This mode should support all normal file system operations.
+
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
+
+### --vfs-cache-mode full
+
+In this mode all reads and writes are buffered to and from disk. When
+data is read from the remote this is buffered to disk as well.
+
+In this mode the files in the cache will be sparse files and rclone
+will keep track of which bits of the files it has downloaded.
+
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file. These files will appear to be
+their full size in the cache, but they will be sparse files with only
+the data that has been downloaded present in them.
+
+This mode should support all normal file system operations and is
+otherwise identical to `--vfs-cache-mode` writes.
+
+When reading a file rclone will read `--buffer-size` plus
+`--vfs-read-ahead` bytes ahead.  The `--buffer-size` is buffered in memory
+whereas the `--vfs-read-ahead` is buffered on disk.
+
+When using this mode it is recommended that `--buffer-size` is not set
+too large and `--vfs-read-ahead` is set large if required.
+
+**IMPORTANT** not all file systems support sparse files. In particular
+FAT/exFAT do not. Rclone will perform very badly if the cache
+directory is on a filesystem which doesn't support sparse files and it
+will log an ERROR message if one is detected.
+
+### Fingerprinting
+
+Various parts of the VFS use fingerprinting to see if a local file
+copy has changed relative to a remote file. Fingerprints are made
+from:
+
+- size
+- modification time
+- hash
+
+where available on an object.
+
+On some backends some of these attributes are slow to read (they take
+an extra API call per object, or extra work per object).
+
+For example `hash` is slow with the `local` and `sftp` backends as
+they have to read the entire file and hash it, and `modtime` is slow
+with the `s3`, `swift`, `ftp` and `qinqstor` backends because they
+need to do an extra API call to fetch it.
+
+If you use the `--vfs-fast-fingerprint` flag then rclone will not
+include the slow operations in the fingerprint. This makes the
+fingerprinting less accurate but much faster and will improve the
+opening time of cached files.
+
+If you are running a vfs cache over `local`, `s3` or `swift` backends
+then using this flag is recommended.
+
+Note that if you change the value of this flag, the fingerprints of
+the files in the cache may be invalidated and the files will need to
+be downloaded again.
+
+## VFS Chunked Reading
+
+When rclone reads files from a remote it reads them in chunks. This
+means that rather than requesting the whole file rclone reads the
+chunk specified.  This can reduce the used download quota for some
+remotes by requesting only chunks from the remote that are actually
+read, at the cost of an increased number of requests.
+
+These flags control the chunking:
+
+    --vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+    --vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
+
+Rclone will start reading a chunk of size `--vfs-read-chunk-size`,
+and then double the size for each read. When `--vfs-read-chunk-size-limit` is
+specified, and greater than `--vfs-read-chunk-size`, the chunk size for each
+open file will get doubled only until the specified value is reached. If the
+value is "off", which is the default, the limit is disabled and the chunk size
+will grow indefinitely.
+
+With `--vfs-read-chunk-size 100M` and `--vfs-read-chunk-size-limit 0`
+the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on.
+When `--vfs-read-chunk-size-limit 500M` is specified, the result would be
+0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.
+
+Setting `--vfs-read-chunk-size` to `0` or "off" disables chunked reading.
+
+## VFS Performance
+
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons. See also the [chunked reading](#vfs-chunked-reading)
+feature.
+
+In particular S3 and Swift benefit hugely from the `--no-modtime` flag
+(or use `--use-server-modtime` for a slightly different effect) as each
+read of the modification time takes a transaction.
+
+    --no-checksum     Don't compare checksums on up/download.
+    --no-modtime      Don't read/write the modification time (can speed things up).
+    --no-seek         Don't allow seeking in files.
+    --read-only       Only allow read-only access.
+
+Sometimes rclone is delivered reads or writes out of order. Rather
+than seeking rclone will wait a short time for the in sequence read or
+write to come in. These flags only come into effect when not using an
+on disk cache file.
+
+    --vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+    --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
+
+When using VFS write caching (`--vfs-cache-mode` with value writes or full),
+the global flag `--transfers` can be set to adjust the number of parallel uploads of
+modified files from the cache (the related global flag `--checkers` has no effect on the VFS).
+
+    --transfers int  Number of file transfers to run in parallel (default 4)
+
+## VFS Case Sensitivity
+
+Linux file systems are case-sensitive: two files can differ only
+by case, and the exact case must be used when opening a file.
+
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case used
+to create the file is preserved and available for programs to query.
+It is not allowed for two files in the same directory to differ only by case.
+
+Usually file systems on macOS are case-insensitive. It is possible to make macOS
+file systems case-sensitive but that is not the default.
+
+The `--vfs-case-insensitive` VFS flag controls how rclone handles these
+two cases. If its value is "false", rclone passes file names to the remote
+as-is. If the flag is "true" (or appears without a value on the
+command line), rclone may perform a "fixup" as explained below.
+
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote. If an argument refers
+to an existing file with exactly the same name, then the case of the existing
+file on the disk will be used. However, if a file name with exactly the same
+name is not found but a name differing only by case exists, rclone will
+transparently fixup the name. This fixup happens only when an existing file
+is requested. Case sensitivity of file names created anew by rclone is
+controlled by the underlying remote.
+
+Note that case sensitivity of the operating system running rclone (the target)
+may differ from case sensitivity of a file system presented by rclone (the source).
+The flag controls whether "fixup" is performed to satisfy the target.
+
+If the flag is not provided on the command line, then its default value depends
+on the operating system where rclone runs: "true" on Windows and macOS, "false"
+otherwise. If the flag is provided without a value, then it is "true".
+
+## VFS Disk Options
+
+This flag allows you to manually set the statistics about the filing system.
+It can be useful when those statistics cannot be read correctly automatically.
+
+    --vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
+
+## Alternate report of used bytes
+
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running `df` on the
+filesystem, then pass the flag `--vfs-used-is-size` to rclone.
+With this flag set, instead of relying on the backend to report this
+information, rclone will scan the whole remote similar to `rclone size`
+and compute the total used space itself.
+
+_WARNING._ Contrary to `rclone size`, this flag ignores filters so that the
+result is accurate. However, this is very inefficient and may cost lots of API
+calls resulting in extra charges. Use it as a last resort and only with caching.
+
+
+```
+rclone serve nfs remote:path [flags]
+```
+
+## Options
+
+```
+      --addr string                            IPaddress:Port or :Port to bind server to
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --file-perms FileMode                    File permissions (default 0666)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for nfs
+      --no-checksum                            Don't compare checksums on up/download
+      --no-modtime                             Don't read/write the modification time (can speed things up)
+      --no-seek                                Don't allow seeking in files
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
+```
+
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+See the [global flags page](/flags/) for global options not listed here.
+
+# SEE ALSO
+
+* [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
+
diff --git a/docs/content/commands/rclone_serve_restic.md b/docs/content/commands/rclone_serve_restic.md
index cbd8cd5ac18a5..60f5f9a99eca0 100644
--- a/docs/content/commands/rclone_serve_restic.md
+++ b/docs/content/commands/rclone_serve_restic.md
@@ -148,6 +148,10 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or
 set a single username and password with the `--user` and `--pass` flags.
 
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
+
 Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
@@ -173,6 +177,7 @@ rclone serve restic remote:path [flags]
 
 ```
       --addr stringArray                IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string             Origin which cross-domain request (CORS) can be executed from
       --append-only                     Disallow deletion of repository data
       --baseurl string                  Prefix for URLs - leave blank for root
       --cache-objects                   Cache listed objects (default true)
@@ -193,9 +198,10 @@ rclone serve restic remote:path [flags]
       --user string                     User name for authentication
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
diff --git a/docs/content/commands/rclone_serve_s3.md b/docs/content/commands/rclone_serve_s3.md
new file mode 100644
index 0000000000000..986d311199799
--- /dev/null
+++ b/docs/content/commands/rclone_serve_s3.md
@@ -0,0 +1,597 @@
+---
+title: "rclone serve s3"
+description: "Serve remote:path over s3."
+slug: rclone_serve_s3
+url: /commands/rclone_serve_s3/
+groups: Filter
+status: Experimental
+versionIntroduced: v1.65
+# autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/s3/ and as part of making a release run "make commanddocs"
+---
+# rclone serve s3
+
+Serve remote:path over s3.
+
+## Synopsis
+
+`serve s3` implements a basic s3 server that serves a remote via s3.
+This can be viewed with an s3 client, or you can make an [s3 type
+remote](/s3/) to read and write to it with rclone.
+
+`serve s3` is considered **Experimental** so use with care.
+
+S3 server supports Signature Version 4 authentication. Just use
+`--auth-key accessKey,secretKey` and set the `Authorization`
+header correctly in the request. (See the [AWS
+docs](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)).
+
+`--auth-key` can be repeated for multiple auth pairs. If
+`--auth-key` is not provided then `serve s3` will allow anonymous
+access.
+
+Please note that some clients may require HTTPS endpoints. See [the
+SSL docs](#ssl-tls) for more information.
+
+This command uses the [VFS directory cache](#vfs-virtual-file-system).
+All the functionality will work with `--vfs-cache-mode off`. Using
+`--vfs-cache-mode full` (or `writes`) can be used to cache objects
+locally to improve performance.
+
+Use `--force-path-style=false` if you want to use the bucket name as a
+part of the hostname (such as mybucket.local)
+
+Use `--etag-hash` if you want to change the hash uses for the `ETag`.
+Note that using anything other than `MD5` (the default) is likely to
+cause problems for S3 clients which rely on the Etag being the MD5.
+
+## Quickstart
+
+For a simple set up, to serve `remote:path` over s3, run the server
+like this:
+
+```
+rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+```
+
+This will be compatible with an rclone remote which is defined like this:
+
+```
+[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false
+```
+
+Note that setting `disable_multipart_uploads = true` is to work around
+[a bug](#bugs) which will be fixed in due course.
+
+## Bugs
+
+When uploading multipart files `serve s3` holds all the parts in
+memory (see [#7453](https://github.com/rclone/rclone/issues/7453)).
+This is a limitaton of the library rclone uses for serving S3 and will
+hopefully be fixed at some point.
+
+Multipart server side copies do not work (see
+[#7454](https://github.com/rclone/rclone/issues/7454)). These take a
+very long time and eventually fail. The default threshold for
+multipart server side copies is 5G which is the maximum it can be, so
+files above this side will fail to be server side copied.
+
+For a current list of `serve s3` bugs see the [serve
+s3](https://github.com/rclone/rclone/labels/serve%20s3) bug category
+on GitHub.
+
+## Limitations
+
+`serve s3` will treat all directories in the root as buckets and
+ignore all files in the root. You can use `CreateBucket` to create
+folders under the root, but you can't create empty folders under other
+folders not in the root.
+
+When using `PutObject` or `DeleteObject`, rclone will automatically
+create or clean up empty folders. If you don't want to clean up empty
+folders automatically, use `--no-cleanup`.
+
+When using `ListObjects`, rclone will use `/` when the delimiter is
+empty. This reduces backend requests with no effect on most
+operations, but if the delimiter is something other than `/` and
+empty, rclone will do a full recursive search of the backend, which
+can take some time.
+
+Versioning is not currently supported.
+
+Metadata will only be saved in memory other than the rclone `mtime`
+metadata which will be set as the modification time of the file.
+
+## Supported operations
+
+`serve s3` currently supports the following operations.
+
+- Bucket
+    - `ListBuckets`
+    - `CreateBucket`
+    - `DeleteBucket`
+- Object
+    - `HeadObject`
+    - `ListObjects`
+    - `GetObject`
+    - `PutObject`
+    - `DeleteObject`
+    - `DeleteObjects`
+    - `CreateMultipartUpload`
+    - `CompleteMultipartUpload`
+    - `AbortMultipartUpload`
+    - `CopyObject`
+    - `UploadPart`
+
+Other operations will return error `Unimplemented`.
+
+## Server options
+
+Use `--addr` to specify which IP address and port the server should
+listen on, eg `--addr 1.2.3.4:8000` or `--addr :8080` to listen to all
+IPs.  By default it only listens on localhost.  You can use port
+:0 to let the OS choose an available port.
+
+If you set `--addr` to listen on a public or LAN accessible IP address
+then using Authentication is advised - see the next section for info.
+
+You can use a unix socket by setting the url to `unix:///path/to/socket`
+or just by using an absolute path name. Note that unix sockets bypass the
+authentication - this is expected to be done with file system permissions.
+
+`--addr` may be repeated to listen on multiple IPs/ports/sockets.
+
+`--server-read-timeout` and `--server-write-timeout` can be used to
+control the timeouts on the server.  Note that this is the total time
+for a transfer.
+
+`--max-header-bytes` controls the maximum number of bytes the server will
+accept in the HTTP header.
+
+`--baseurl` controls the URL prefix that rclone serves from.  By default
+rclone will serve from the root.  If you used `--baseurl "/rclone"` then
+rclone would serve from a URL starting with "/rclone/".  This is
+useful if you wish to proxy rclone serve.  Rclone automatically
+inserts leading and trailing "/" on `--baseurl`, so `--baseurl "rclone"`,
+`--baseurl "/rclone"` and `--baseurl "/rclone/"` are all treated
+identically.
+
+### TLS (SSL)
+
+By default this will serve over http.  If you want you can serve over
+https.  You will need to supply the `--cert` and `--key` flags.
+If you wish to do client side certificate validation then you will need to
+supply `--client-ca` also.
+
+`--cert` should be a either a PEM encoded certificate or a concatenation
+of that with the CA certificate.  `--key` should be the PEM encoded
+private key and `--client-ca` should be the PEM encoded client
+certificate authority certificate.
+
+--min-tls-version is minimum TLS version that is acceptable. Valid
+  values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
+  "tls1.0").
+## VFS - Virtual File System
+
+This command uses the VFS layer. This adapts the cloud storage objects
+that rclone uses into something which looks much more like a disk
+filing system.
+
+Cloud storage objects have lots of properties which aren't like disk
+files - you can't extend them or write to the middle of them, so the
+VFS layer has to deal with that. Because there is no one right way of
+doing this there are various options explained below.
+
+The VFS layer also implements a directory cache - this caches info
+about files and directories (but not the data) in memory.
+
+## VFS Directory Cache
+
+Using the `--dir-cache-time` flag, you can control how long a
+directory should be considered up to date and not refreshed from the
+backend. Changes made through the VFS will appear immediately or
+invalidate the cache.
+
+    --dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+    --poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
+
+However, changes made directly on the cloud storage by the web
+interface or a different copy of rclone will only be picked up once
+the directory cache expires if the backend configured does not support
+polling for changes. If the backend supports polling, changes will be
+picked up within the polling interval.
+
+You can send a `SIGHUP` signal to rclone for it to flush all
+directory caches, regardless of how old they are.  Assuming only one
+rclone instance is running, you can reset the cache like this:
+
+    kill -SIGHUP $(pidof rclone)
+
+If you configure rclone with a [remote control](/rc) then you can use
+rclone rc to flush the whole directory cache:
+
+    rclone rc vfs/forget
+
+Or individual files or directories:
+
+    rclone rc vfs/forget file=path/to/file dir=path/to/dir
+
+## VFS File Buffering
+
+The `--buffer-size` flag determines the amount of memory,
+that will be used to buffer data in advance.
+
+Each open file will try to keep the specified amount of data in memory
+at all times. The buffered data is bound to one open file and won't be
+shared.
+
+This flag is a upper limit for the used memory per open file.  The
+buffer will only use memory for data that is downloaded but not not
+yet read. If the buffer is empty, only a small amount of memory will
+be used.
+
+The maximum memory used by rclone for buffering can be up to
+`--buffer-size * open files`.
+
+## VFS File Caching
+
+These flags control the VFS file caching options. File caching is
+necessary to make the VFS layer appear compatible with a normal file
+system. It can be disabled at the cost of some compatibility.
+
+For example you'll need to enable VFS caching if you want to read and
+write simultaneously to a file.  See below for more details.
+
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
+
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
+
+If run with `-vv` rclone will print the location of the file cache.  The
+files are stored in the user cache file area which is OS dependent but
+can be controlled with `--cache-dir` or setting the appropriate
+environment variable.
+
+The cache has 4 different modes selected by `--vfs-cache-mode`.
+The higher the cache mode the more compatible rclone becomes at the
+cost of using disk space.
+
+Note that files are written back to the remote only when they are
+closed and if they haven't been accessed for `--vfs-write-back`
+seconds. If rclone is quit or dies with files that haven't been
+uploaded, these will be uploaded next time rclone is run with the same
+flags.
+
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
+
+You **should not** run two copies of rclone using the same VFS cache
+with the same or overlapping remotes if using `--vfs-cache-mode > off`.
+This can potentially cause data corruption if you do. You can work
+around this by giving each rclone its own cache hierarchy with
+`--cache-dir`. You don't need to worry about this if the remotes in
+use don't overlap.
+
+### --vfs-cache-mode off
+
+In this mode (the default) the cache will read directly from the remote and write
+directly to the remote without caching anything on disk.
+
+This will mean some operations are not possible
+
+  * Files can't be opened for both read AND write
+  * Files opened for write can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files open for read with O_TRUNC will be opened write only
+  * Files open for write only will behave as if O_TRUNC was supplied
+  * Open modes O_APPEND, O_TRUNC are ignored
+  * If an upload fails it can't be retried
+
+### --vfs-cache-mode minimal
+
+This is very similar to "off" except that files opened for read AND
+write will be buffered to disk.  This means that files opened for
+write will be a lot more compatible, but uses the minimal disk space.
+
+These operations are not possible
+
+  * Files opened for write only can't be seeked
+  * Existing files opened for write must have O_TRUNC set
+  * Files opened for write only will ignore O_APPEND, O_TRUNC
+  * If an upload fails it can't be retried
+
+### --vfs-cache-mode writes
+
+In this mode files opened for read only are still read directly from
+the remote, write only and read/write files are buffered to disk
+first.
+
+This mode should support all normal file system operations.
+
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
+
+### --vfs-cache-mode full
+
+In this mode all reads and writes are buffered to and from disk. When
+data is read from the remote this is buffered to disk as well.
+
+In this mode the files in the cache will be sparse files and rclone
+will keep track of which bits of the files it has downloaded.
+
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file. These files will appear to be
+their full size in the cache, but they will be sparse files with only
+the data that has been downloaded present in them.
+
+This mode should support all normal file system operations and is
+otherwise identical to `--vfs-cache-mode` writes.
+
+When reading a file rclone will read `--buffer-size` plus
+`--vfs-read-ahead` bytes ahead.  The `--buffer-size` is buffered in memory
+whereas the `--vfs-read-ahead` is buffered on disk.
+
+When using this mode it is recommended that `--buffer-size` is not set
+too large and `--vfs-read-ahead` is set large if required.
+
+**IMPORTANT** not all file systems support sparse files. In particular
+FAT/exFAT do not. Rclone will perform very badly if the cache
+directory is on a filesystem which doesn't support sparse files and it
+will log an ERROR message if one is detected.
+
+### Fingerprinting
+
+Various parts of the VFS use fingerprinting to see if a local file
+copy has changed relative to a remote file. Fingerprints are made
+from:
+
+- size
+- modification time
+- hash
+
+where available on an object.
+
+On some backends some of these attributes are slow to read (they take
+an extra API call per object, or extra work per object).
+
+For example `hash` is slow with the `local` and `sftp` backends as
+they have to read the entire file and hash it, and `modtime` is slow
+with the `s3`, `swift`, `ftp` and `qinqstor` backends because they
+need to do an extra API call to fetch it.
+
+If you use the `--vfs-fast-fingerprint` flag then rclone will not
+include the slow operations in the fingerprint. This makes the
+fingerprinting less accurate but much faster and will improve the
+opening time of cached files.
+
+If you are running a vfs cache over `local`, `s3` or `swift` backends
+then using this flag is recommended.
+
+Note that if you change the value of this flag, the fingerprints of
+the files in the cache may be invalidated and the files will need to
+be downloaded again.
+
+## VFS Chunked Reading
+
+When rclone reads files from a remote it reads them in chunks. This
+means that rather than requesting the whole file rclone reads the
+chunk specified.  This can reduce the used download quota for some
+remotes by requesting only chunks from the remote that are actually
+read, at the cost of an increased number of requests.
+
+These flags control the chunking:
+
+    --vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+    --vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
+
+Rclone will start reading a chunk of size `--vfs-read-chunk-size`,
+and then double the size for each read. When `--vfs-read-chunk-size-limit` is
+specified, and greater than `--vfs-read-chunk-size`, the chunk size for each
+open file will get doubled only until the specified value is reached. If the
+value is "off", which is the default, the limit is disabled and the chunk size
+will grow indefinitely.
+
+With `--vfs-read-chunk-size 100M` and `--vfs-read-chunk-size-limit 0`
+the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on.
+When `--vfs-read-chunk-size-limit 500M` is specified, the result would be
+0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.
+
+Setting `--vfs-read-chunk-size` to `0` or "off" disables chunked reading.
+
+## VFS Performance
+
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons. See also the [chunked reading](#vfs-chunked-reading)
+feature.
+
+In particular S3 and Swift benefit hugely from the `--no-modtime` flag
+(or use `--use-server-modtime` for a slightly different effect) as each
+read of the modification time takes a transaction.
+
+    --no-checksum     Don't compare checksums on up/download.
+    --no-modtime      Don't read/write the modification time (can speed things up).
+    --no-seek         Don't allow seeking in files.
+    --read-only       Only allow read-only access.
+
+Sometimes rclone is delivered reads or writes out of order. Rather
+than seeking rclone will wait a short time for the in sequence read or
+write to come in. These flags only come into effect when not using an
+on disk cache file.
+
+    --vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+    --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
+
+When using VFS write caching (`--vfs-cache-mode` with value writes or full),
+the global flag `--transfers` can be set to adjust the number of parallel uploads of
+modified files from the cache (the related global flag `--checkers` has no effect on the VFS).
+
+    --transfers int  Number of file transfers to run in parallel (default 4)
+
+## VFS Case Sensitivity
+
+Linux file systems are case-sensitive: two files can differ only
+by case, and the exact case must be used when opening a file.
+
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case used
+to create the file is preserved and available for programs to query.
+It is not allowed for two files in the same directory to differ only by case.
+
+Usually file systems on macOS are case-insensitive. It is possible to make macOS
+file systems case-sensitive but that is not the default.
+
+The `--vfs-case-insensitive` VFS flag controls how rclone handles these
+two cases. If its value is "false", rclone passes file names to the remote
+as-is. If the flag is "true" (or appears without a value on the
+command line), rclone may perform a "fixup" as explained below.
+
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote. If an argument refers
+to an existing file with exactly the same name, then the case of the existing
+file on the disk will be used. However, if a file name with exactly the same
+name is not found but a name differing only by case exists, rclone will
+transparently fixup the name. This fixup happens only when an existing file
+is requested. Case sensitivity of file names created anew by rclone is
+controlled by the underlying remote.
+
+Note that case sensitivity of the operating system running rclone (the target)
+may differ from case sensitivity of a file system presented by rclone (the source).
+The flag controls whether "fixup" is performed to satisfy the target.
+
+If the flag is not provided on the command line, then its default value depends
+on the operating system where rclone runs: "true" on Windows and macOS, "false"
+otherwise. If the flag is provided without a value, then it is "true".
+
+## VFS Disk Options
+
+This flag allows you to manually set the statistics about the filing system.
+It can be useful when those statistics cannot be read correctly automatically.
+
+    --vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
+
+## Alternate report of used bytes
+
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running `df` on the
+filesystem, then pass the flag `--vfs-used-is-size` to rclone.
+With this flag set, instead of relying on the backend to report this
+information, rclone will scan the whole remote similar to `rclone size`
+and compute the total used space itself.
+
+_WARNING._ Contrary to `rclone size`, this flag ignores filters so that the
+result is accurate. However, this is very inefficient and may cost lots of API
+calls resulting in extra charges. Use it as a last resort and only with caching.
+
+
+```
+rclone serve s3 remote:path [flags]
+```
+
+## Options
+
+```
+      --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
+      --auth-key stringArray                   Set key pair for v4 authorization: access_key_id,secret_access_key
+      --baseurl string                         Prefix for URLs - leave blank for root
+      --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
+      --client-ca string                       Client certificate authority to verify clients with
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off (default "MD5")
+      --file-perms FileMode                    File permissions (default 0666)
+      --force-path-style                       If true use path style access if false use virtual hosted style (default true) (default true)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for s3
+      --key string                             TLS PEM Private key
+      --max-header-bytes int                   Maximum size of request header (default 4096)
+      --min-tls-version string                 Minimum TLS version that is acceptable (default "tls1.0")
+      --no-checksum                            Don't compare checksums on up/download
+      --no-cleanup                             Not to cleanup empty folder after object is deleted
+      --no-modtime                             Don't read/write the modification time (can speed things up)
+      --no-seek                                Don't allow seeking in files
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --server-read-timeout Duration           Timeout for server reading data (default 1h0m0s)
+      --server-write-timeout Duration          Timeout for server writing data (default 1h0m0s)
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
+```
+
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+See the [global flags page](/flags/) for global options not listed here.
+
+# SEE ALSO
+
+* [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
+
diff --git a/docs/content/commands/rclone_serve_sftp.md b/docs/content/commands/rclone_serve_sftp.md
index 1e878c058bd0e..9181e7be424e5 100644
--- a/docs/content/commands/rclone_serve_sftp.md
+++ b/docs/content/commands/rclone_serve_sftp.md
@@ -3,6 +3,7 @@ title: "rclone serve sftp"
 description: "Serve the remote over SFTP."
 slug: rclone_serve_sftp
 url: /commands/rclone_serve_sftp/
+groups: Filter
 versionIntroduced: v1.48
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/sftp/ and as part of making a release run "make commanddocs"
 ---
@@ -59,12 +60,11 @@ which can lead to "corrupted on transfer" errors. This is the case because
 the client chooses indiscriminately which server to send commands to while
 the servers all have different views of the state of the filing system.
 
-The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from beeing
+The "restrict" in authorized_keys prevents SHA1SUMs and MD5SUMs from being
 used. Omitting "restrict" and using  `--sftp-path-override` to enable
 checksumming is possible but less secure and you could use the SFTP server
 provided by OpenSSH in this case.
 
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -139,12 +139,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -161,10 +162,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -492,8 +505,9 @@ rclone serve sftp remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -503,14 +517,45 @@ rclone serve sftp remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
diff --git a/docs/content/commands/rclone_serve_webdav.md b/docs/content/commands/rclone_serve_webdav.md
index 55bd16069980c..a2f6554b17a33 100644
--- a/docs/content/commands/rclone_serve_webdav.md
+++ b/docs/content/commands/rclone_serve_webdav.md
@@ -3,6 +3,7 @@ title: "rclone serve webdav"
 description: "Serve remote:path over WebDAV."
 slug: rclone_serve_webdav
 url: /commands/rclone_serve_webdav/
+groups: Filter
 versionIntroduced: v1.39
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/serve/webdav/ and as part of making a release run "make commanddocs"
 ---
@@ -125,6 +126,17 @@ to be used within the template to server pages:
 |-- .Size     | Size in Bytes of the entry. |
 |-- .ModTime  | The UTC timestamp of an entry. |
 
+The server also makes the following functions available so that they can be used within the
+template. These functions help extend the options for dynamic rendering of HTML. They can
+be used to render HTML based on specific conditions.
+
+| Function   | Description |
+| :---------- | :---------- |
+| afterEpoch  | Returns the time since the epoch for the given time. |
+| contains    | Checks whether a given substring is present or not in a given string. |
+| hasPrefix   | Checks whether the given string begins with the specified prefix. |
+| hasSuffix   | Checks whether the given string end with the specified suffix. |
+
 ### Authentication
 
 By default this will serve files without needing a login.
@@ -132,6 +144,10 @@ By default this will serve files without needing a login.
 You can either use an htpasswd file which can take lots of users, or
 set a single username and password with the `--user` and `--pass` flags.
 
+If no static users are configured by either of the above methods, and client
+certificates are required by the `--client-ca` flag passed to the server, the
+client certificate common name will be considered as the username.
+
 Use `--htpasswd /path/to/htpasswd` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
@@ -147,7 +163,6 @@ The password file can be updated while rclone is running.
 Use `--realm` to set the authentication realm.
 
 Use `--salt` to change the password hashing salt from the default.
-
 ## VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -222,12 +237,13 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
 If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
@@ -244,10 +260,22 @@ seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using `--vfs-cache-max-size` note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-`--vfs-cache-poll-interval`.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
 with the same or overlapping remotes if using `--vfs-cache-mode > off`.
@@ -556,6 +584,7 @@ rclone serve webdav remote:path [flags]
 
 ```
       --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
       --auth-proxy string                      A program to use to create the backend from the auth
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -585,8 +614,9 @@ rclone serve webdav remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -596,14 +626,45 @@ rclone serve webdav remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone serve](/commands/rclone_serve/)	 - Serve a remote over a protocol.
 
diff --git a/docs/content/commands/rclone_settier.md b/docs/content/commands/rclone_settier.md
index b69f9f302803d..5bcf1425d748d 100644
--- a/docs/content/commands/rclone_settier.md
+++ b/docs/content/commands/rclone_settier.md
@@ -46,9 +46,10 @@ rclone settier tier remote:path [flags]
   -h, --help   help for settier
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_sha1sum.md b/docs/content/commands/rclone_sha1sum.md
index 3d02f6d41ab95..4992640ad09ef 100644
--- a/docs/content/commands/rclone_sha1sum.md
+++ b/docs/content/commands/rclone_sha1sum.md
@@ -3,6 +3,7 @@ title: "rclone sha1sum"
 description: "Produces an sha1sum file for all the objects in the path."
 slug: rclone_sha1sum
 url: /commands/rclone_sha1sum/
+groups: Filter,Listing
 versionIntroduced: v1.27
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/sha1sum/ and as part of making a release run "make commanddocs"
 ---
@@ -48,9 +49,48 @@ rclone sha1sum remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_size.md b/docs/content/commands/rclone_size.md
index ad58f6f11e686..06858eb3b57e9 100644
--- a/docs/content/commands/rclone_size.md
+++ b/docs/content/commands/rclone_size.md
@@ -3,6 +3,7 @@ title: "rclone size"
 description: "Prints the total size and number of objects in remote:path."
 slug: rclone_size
 url: /commands/rclone_size/
+groups: Filter,Listing
 versionIntroduced: v1.23
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/size/ and as part of making a release run "make commanddocs"
 ---
@@ -26,7 +27,7 @@ recursion.
 
 Some backends do not always provide file sizes, see for example
 [Google Photos](/googlephotos/#size) and
-[Google Drive](/drive/#limitations-of-google-docs).
+[Google Docs](/drive/#limitations-of-google-docs).
 Rclone will then show a notice in the log indicating how many such
 files were encountered, and count them in as empty files in the output
 of the size command.
@@ -43,9 +44,48 @@ rclone size remote:path [flags]
       --json   Format output as JSON
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_sync.md b/docs/content/commands/rclone_sync.md
index ef888c4922df6..8096e01c3ebec 100644
--- a/docs/content/commands/rclone_sync.md
+++ b/docs/content/commands/rclone_sync.md
@@ -3,6 +3,7 @@ title: "rclone sync"
 description: "Make source and dest identical, modifying destination only."
 slug: rclone_sync
 url: /commands/rclone_sync/
+groups: Sync,Copy,Filter,Listing,Important
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/sync/ and as part of making a release run "make commanddocs"
 ---
 # rclone sync
@@ -59,9 +60,114 @@ rclone sync source:path dest:path [flags]
   -h, --help                    help for sync
 ```
 
+
+## Copy Options
+
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+## Sync Options
+
+Flags just used for `rclone sync`.
+
+```
+      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
+```
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_test.md b/docs/content/commands/rclone_test.md
index 4eed2b262e958..aa0f9a114e3f0 100644
--- a/docs/content/commands/rclone_test.md
+++ b/docs/content/commands/rclone_test.md
@@ -14,7 +14,7 @@ Run a test command
 
 Rclone test is used to run test commands.
 
-Select which test comand you want with the subcommand, eg
+Select which test command you want with the subcommand, eg
 
     rclone test memory remote:
 
@@ -30,9 +30,10 @@ so reading their documentation first is recommended.
   -h, --help   help for test
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 * [rclone test changenotify](/commands/rclone_test_changenotify/)	 - Log any change notify requests for the remote passed in.
diff --git a/docs/content/commands/rclone_test_changenotify.md b/docs/content/commands/rclone_test_changenotify.md
index 1f87bc68240e0..3b5b192af00da 100644
--- a/docs/content/commands/rclone_test_changenotify.md
+++ b/docs/content/commands/rclone_test_changenotify.md
@@ -21,9 +21,10 @@ rclone test changenotify remote: [flags]
       --poll-interval Duration   Time to wait between polling for changes (default 10s)
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone test](/commands/rclone_test/)	 - Run a test command
 
diff --git a/docs/content/commands/rclone_test_histogram.md b/docs/content/commands/rclone_test_histogram.md
index 493007d99bb86..9a9e2d875a0f0 100644
--- a/docs/content/commands/rclone_test_histogram.md
+++ b/docs/content/commands/rclone_test_histogram.md
@@ -29,9 +29,10 @@ rclone test histogram [remote:path] [flags]
   -h, --help   help for histogram
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone test](/commands/rclone_test/)	 - Run a test command
 
diff --git a/docs/content/commands/rclone_test_info.md b/docs/content/commands/rclone_test_info.md
index 1a16e62423381..7cef53bd97571 100644
--- a/docs/content/commands/rclone_test_info.md
+++ b/docs/content/commands/rclone_test_info.md
@@ -28,6 +28,7 @@ rclone test info [remote:path]+ [flags]
 
 ```
       --all                    Run all tests
+      --check-base32768        Check can store all possible base32768 characters
       --check-control          Check control characters
       --check-length           Check max filename length
       --check-normalization    Check UTF-8 Normalization
@@ -37,9 +38,10 @@ rclone test info [remote:path]+ [flags]
       --write-json string      Write results to file
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone test](/commands/rclone_test/)	 - Run a test command
 
diff --git a/docs/content/commands/rclone_test_makefile.md b/docs/content/commands/rclone_test_makefile.md
index 4eb0977e31634..195fb8fd696de 100644
--- a/docs/content/commands/rclone_test_makefile.md
+++ b/docs/content/commands/rclone_test_makefile.md
@@ -26,9 +26,10 @@ rclone test makefile <size> [<file>]+ [flags]
       --zero       Fill files with ASCII 0x00
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone test](/commands/rclone_test/)	 - Run a test command
 
diff --git a/docs/content/commands/rclone_test_makefiles.md b/docs/content/commands/rclone_test_makefiles.md
index 4211bed963d56..d2b0304fcbba8 100644
--- a/docs/content/commands/rclone_test_makefiles.md
+++ b/docs/content/commands/rclone_test_makefiles.md
@@ -33,9 +33,10 @@ rclone test makefiles <dir> [flags]
       --zero                       Fill files with ASCII 0x00
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone test](/commands/rclone_test/)	 - Run a test command
 
diff --git a/docs/content/commands/rclone_test_memory.md b/docs/content/commands/rclone_test_memory.md
index 5d527fe20d6ba..49141e14ce629 100644
--- a/docs/content/commands/rclone_test_memory.md
+++ b/docs/content/commands/rclone_test_memory.md
@@ -20,9 +20,10 @@ rclone test memory remote:path [flags]
   -h, --help   help for memory
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone test](/commands/rclone_test/)	 - Run a test command
 
diff --git a/docs/content/commands/rclone_touch.md b/docs/content/commands/rclone_touch.md
index 4c110248a9923..b44925414c8d9 100644
--- a/docs/content/commands/rclone_touch.md
+++ b/docs/content/commands/rclone_touch.md
@@ -3,6 +3,7 @@ title: "rclone touch"
 description: "Create new file or change file modification time."
 slug: rclone_touch
 url: /commands/rclone_touch/
+groups: Filter,Listing,Important
 versionIntroduced: v1.39
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/touch/ and as part of making a release run "make commanddocs"
 ---
@@ -48,9 +49,58 @@ rclone touch remote:path [flags]
   -t, --timestamp string   Use specified time instead of the current time of day
 ```
 
+
+## Important Options
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_tree.md b/docs/content/commands/rclone_tree.md
index 277f05e80b733..0151979042aeb 100644
--- a/docs/content/commands/rclone_tree.md
+++ b/docs/content/commands/rclone_tree.md
@@ -3,6 +3,7 @@ title: "rclone tree"
 description: "List the contents of the remote in a tree like fashion."
 slug: rclone_tree
 url: /commands/rclone_tree/
+groups: Filter,Listing
 versionIntroduced: v1.38
 # autogenerated - DO NOT EDIT, instead edit the source code in cmd/tree/ and as part of making a release run "make commanddocs"
 ---
@@ -69,9 +70,48 @@ rclone tree remote:path [flags]
       --version         Sort files alphanumerically by version
 ```
 
+
+## Filter Options
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+## Listing Options
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/commands/rclone_version.md b/docs/content/commands/rclone_version.md
index c2d424ee3e74a..d62ddf60bf4bc 100644
--- a/docs/content/commands/rclone_version.md
+++ b/docs/content/commands/rclone_version.md
@@ -62,9 +62,10 @@ rclone version [flags]
   -h, --help    help for version
 ```
 
+
 See the [global flags page](/flags/) for global options not listed here.
 
-## SEE ALSO
+# SEE ALSO
 
 * [rclone](/commands/rclone/)	 - Show help for rclone commands, flags and backends.
 
diff --git a/docs/content/contact.md b/docs/content/contact.md
index 62c7f7e7ef224..63e854090ae73 100644
--- a/docs/content/contact.md
+++ b/docs/content/contact.md
@@ -3,31 +3,42 @@ title: "Contact"
 description: "Contact the rclone project"
 ---
 
-# Contact the rclone project #
+# Contact the rclone project
 
-## Forum ##
+## Forum
 
 Forum for questions and general discussion:
 
-  * https://forum.rclone.org
+- https://forum.rclone.org
 
-## GitHub repository ##
+## Business support
+
+For business support or sponsorship enquiries please see:
+
+- https://rclone.com/
+- sponsorship@rclone.com
+
+## GitHub repository
 
 The project's repository is located at:
 
-  * https://github.com/rclone/rclone
+- https://github.com/rclone/rclone
 
 There you can file bug reports or contribute with pull requests.
 
-## Twitter ##
+## Twitter
 
-You can also follow me on twitter for rclone announcements:
+You can also follow Nick on twitter for rclone announcements:
 
-  * [@njcw](https://twitter.com/njcw)
+- [@njcw](https://twitter.com/njcw)
 
-## Email ##
+## Email
 
 Or if all else fails or you want to ask something private or
-confidential email [Nick Craig-Wood](mailto:nick@craig-wood.com).
-Please don't email me requests for help - those are better directed to
-the forum. Thanks!
+confidential
+
+- info@rclone.com
+
+Please don't email requests for help to this address - those are
+better directed to the forum unless you'd like to sign up for business
+support.
diff --git a/docs/content/crypt.md b/docs/content/crypt.md
index 6bc73dfe93e6a..269e26fed5392 100644
--- a/docs/content/crypt.md
+++ b/docs/content/crypt.md
@@ -379,7 +379,7 @@ address this problem to a certain degree.
 For cloud storage systems with case sensitive file names (e.g. Google Drive),
 `base64` can be used to reduce file name length. 
 For cloud storage systems using UTF-16 to store file names internally
-(e.g. OneDrive), `base32768` can be used to drastically reduce
+(e.g. OneDrive, Dropbox, Box), `base32768` can be used to drastically reduce
 file name length. 
 
 An alternative, future rclone file name encryption mode may tolerate
@@ -405,7 +405,7 @@ Example:
 `1/12/qgm4avr35m5loi1th53ato71v0`
 
 
-### Modified time and hashes
+### Modification times and hashes
 
 Crypt stores modification times using the underlying remote so support
 depends on that.
@@ -414,7 +414,7 @@ Hashes are not stored for crypt. However the data integrity is
 protected by an extremely strong crypto authenticator.
 
 Use the `rclone cryptcheck` command to check the
-integrity of a crypted remote instead of `rclone check` which can't
+integrity of an encrypted remote instead of `rclone check` which can't
 check the checksums properly.
 
 {{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/crypt/crypt.go then run make backenddocs" >}}
@@ -454,7 +454,7 @@ Properties:
         - Very simple filename obfuscation.
     - "off"
         - Don't encrypt the file names.
-        - Adds a ".bin" extension only.
+        - Adds a ".bin", or "suffix" extension only.
 
 #### --crypt-directory-name-encryption
 
@@ -509,6 +509,8 @@ Here are the Advanced options specific to crypt (Encrypt/Decrypt a remote).
 
 #### --crypt-server-side-across-configs
 
+Deprecated: use --server-side-across-configs instead.
+
 Allow server-side operations (e.g. copy) to work across different crypt configs.
 
 Normally this option is not what you want, but if you have two crypts
@@ -562,6 +564,21 @@ Properties:
     - "false"
         - Encrypt file data.
 
+#### --crypt-pass-bad-blocks
+
+If set this will pass bad blocks through as all 0.
+
+This should not be set in normal operation, it should only be set if
+trying to recover an encrypted file with errors and it is desired to
+recover as much of the file as possible.
+
+Properties:
+
+- Config:      pass_bad_blocks
+- Env Var:     RCLONE_CRYPT_PASS_BAD_BLOCKS
+- Type:        bool
+- Default:     false
+
 #### --crypt-filename-encoding
 
 How to encode the encrypted filename to text string.
@@ -583,7 +600,21 @@ Properties:
         - Encode using base64. Suitable for case sensitive remote.
     - "base32768"
         - Encode using base32768. Suitable if your remote counts UTF-16 or
-        - Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive)
+        - Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive, Dropbox)
+
+#### --crypt-suffix
+
+If this is set it will override the default suffix of ".bin".
+
+Setting suffix to "none" will result in an empty suffix. This may be useful 
+when the path length is critical.
+
+Properties:
+
+- Config:      suffix
+- Env Var:     RCLONE_CRYPT_SUFFIX
+- Type:        string
+- Default:     ".bin"
 
 ### Metadata
 
@@ -640,9 +671,9 @@ Usage Example:
 
 {{< rem autogenerated options stop >}}
 
-## Backing up a crypted remote
+## Backing up an encrypted remote
 
-If you wish to backup a crypted remote, it is recommended that you use
+If you wish to backup an encrypted remote, it is recommended that you use
 `rclone sync` on the encrypted files, and make sure the passwords are
 the same in the new encrypted remote.
 
@@ -681,7 +712,7 @@ has a header and is divided into chunks.
 The initial nonce is generated from the operating systems crypto
 strong random number generator.  The nonce is incremented for each
 chunk read making sure each nonce is unique for each block written.
-The chance of a nonce being re-used is minuscule.  If you wrote an
+The chance of a nonce being reused is minuscule.  If you wrote an
 exabyte of data (10¹⁸ bytes) you would have a probability of
 approximately 2×10⁻³² of re-using a nonce.
 
diff --git a/docs/content/docs.md b/docs/content/docs.md
index 5a9f441fbb465..30b2a5fbba6e2 100644
--- a/docs/content/docs.md
+++ b/docs/content/docs.md
@@ -54,18 +54,23 @@ See the following for detailed instructions for
   * [Internet Archive](/internetarchive/)
   * [Jottacloud](/jottacloud/)
   * [Koofr](/koofr/)
+  * [Linkbox](/linkbox/)
   * [Mail.ru Cloud](/mailru/)
   * [Mega](/mega/)
   * [Memory](/memory/)
   * [Microsoft Azure Blob Storage](/azureblob/)
+  * [Microsoft Azure Files Storage](/azurefiles/)
   * [Microsoft OneDrive](/onedrive/)
-  * [OpenStack Swift / Rackspace Cloudfiles / Memset Memstore](/swift/)
+  * [OpenStack Swift / Rackspace Cloudfiles / Blomp Cloud Storage / Memset Memstore](/swift/)
   * [OpenDrive](/opendrive/)
   * [Oracle Object Storage](/oracleobjectstorage/)
   * [Pcloud](/pcloud/)
+  * [PikPak](/pikpak/)
   * [premiumize.me](/premiumizeme/)
   * [put.io](/putio/)
+  * [Proton Drive](/protondrive/)
   * [QingStor](/qingstor/)
+  * [Quatrix by Maytech](/quatrix/)
   * [Seafile](/seafile/)
   * [SFTP](/sftp/)
   * [Sia](/sia/)
@@ -350,6 +355,10 @@ possible to write in all of them. This is mostly a problem on Windows, where
 the console traditionally uses a non-Unicode character set - defined
 by the so-called "code page".
 
+Do not use single character names on Windows as it creates ambiguity with Windows
+drives' names, e.g.: remote called `C` is indistinguishable from `C` drive. Rclone
+will always assume that single letter name refers to a drive.
+
 Quoting and the shell
 ---------------------
 
@@ -466,6 +475,10 @@ Note that arbitrary metadata may be added to objects using the
 `--metadata-set key=value` flag when the object is first uploaded.
 This flag can be repeated as many times as necessary.
 
+The [--metadata-mapper](#metadata-mapper) flag can be used to pass the
+name of a program in which can transform metadata when it is being
+copied from source to destination.
+
 ### Types of metadata
 
 Metadata is divided into two type. System metadata and User metadata.
@@ -543,6 +556,7 @@ backend may implement.
 | atime               | Time of last access:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
 | mtime               | Time of last modification:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
 | btime               | Time of file creation (birth):  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
+| utime               | Time of file upload:  RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 |
 | cache-control       | Cache-Control header | no-cache |
 | content-disposition | Content-Disposition header | inline |
 | content-encoding    | Content-Encoding header | gzip |
@@ -640,6 +654,9 @@ IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or host name.  If
 the host name doesn't resolve or resolves to more than one IP address
 it will give an error.
 
+You can use `--bind 0.0.0.0` to force rclone to use IPv4 addresses and
+`--bind ::0` to force rclone to use IPv6 addresses.
+
 ### --bwlimit=BANDWIDTH_SPEC ###
 
 This option controls the bandwidth limit. For example
@@ -840,7 +857,7 @@ they are incorrect as it would normally.
 
 ### --color WHEN ###
 
-Specifiy when colors (and other ANSI codes) should be added to the output.
+Specify when colors (and other ANSI codes) should be added to the output.
 
 `AUTO` (default) only allows ANSI codes when the output is a terminal
 
@@ -947,6 +964,22 @@ You may also choose to [encrypt](#configuration-encryption) the file.
 When token-based authentication are used, the configuration file
 must be writable, because rclone needs to update the tokens inside it.
 
+To reduce risk of corrupting an existing configuration file, rclone
+will not write directly to it when saving changes. Instead it will
+first write to a new, temporary, file. If a configuration file already
+existed, it will (on Unix systems) try to mirror its permissions to
+the new file. Then it will rename the existing file to a temporary
+name as backup. Next, rclone will rename the new file to the correct name,
+before finally cleaning up by deleting the backup file.
+
+If the configuration file path used by rclone is a symbolic link, then
+this will be evaluated and rclone will write to the resolved path, instead
+of overwriting the symbolic link. Temporary files used in the process
+(described above) will be written to the same parent directory as that
+of the resolved configuration file, but if this directory is also a
+symbolic link it will not be resolved and the temporary files will be
+written to the location of the directory symbolic link.
+
 ### --contimeout=TIME ###
 
 Set the connection timeout. This should be in go time format which
@@ -975,6 +1008,18 @@ Mode to run dedupe command in.  One of `interactive`, `skip`, `first`,
 `newest`, `oldest`, `rename`.  The default is `interactive`.  
 See the dedupe command for more information as to what these options mean.
 
+### --default-time TIME ###
+
+If a file or directory does have a modification time rclone can read
+then rclone will display this fixed time instead.
+
+The default is `2000-01-01 00:00:00 UTC`. This can be configured in
+any of the ways shown in [the time or duration options](#time-option).
+
+For example `--default-time 2020-06-01` to set the default time to the
+1st of June 2020 or `--default-time 0s` to set the default time to the
+time rclone started up.
+
 ### --disable FEATURE,FEATURE,... ###
 
 This disables a comma separated list of optional features. For example
@@ -988,10 +1033,24 @@ To see a list of which features can be disabled use:
 
     --disable help
 
+The features a remote has can be seen in JSON format with:
+
+    rclone backend features remote:
+
 See the overview [features](/overview/#features) and
 [optional features](/overview/#optional-features) to get an idea of
 which feature does what.
 
+Note that some features can be set to `true` if they are `true`/`false`
+feature flag features by prefixing them with `!`. For example the
+`CaseInsensitive` feature can be forced to `false` with `--disable CaseInsensitive`
+and forced to `true` with `--disable '!CaseInsensitive'`. In general
+it isn't a good idea doing this but it may be useful in extremis.
+
+(Note that `!` is a shell command which you will
+need to escape with single quotes or a backslash on unix like
+platforms.)
+
 This flag can be useful for debugging and in exceptional circumstances
 (e.g. Google Drive limiting the total volume of Server Side Copies to
 100 GiB/day).
@@ -1214,6 +1273,50 @@ This can be useful as an additional layer of protection for immutable
 or append-only data sets (notably backup archives), where modification
 implies corruption and should not be propagated.
 
+### --inplace {#inplace}
+
+The `--inplace` flag changes the behaviour of rclone when uploading
+files to some backends (backends with the `PartialUploads` feature
+flag set) such as:
+
+- local
+- ftp
+- sftp
+
+Without `--inplace` (the default) rclone will first upload to a
+temporary file with an extension like this, where `XXXXXX` represents a
+random string and `.partial` is [--partial-suffix](#partial-suffix) value
+(`.partial` by default).
+
+    original-file-name.XXXXXX.partial
+
+(rclone will make sure the final name is no longer than 100 characters
+by truncating the `original-file-name` part if necessary).
+
+When the upload is complete, rclone will rename the `.partial` file to
+the correct name, overwriting any existing file at that point. If the
+upload fails then the `.partial` file will be deleted.
+
+This prevents other users of the backend from seeing partially
+uploaded files in their new names and prevents overwriting the old
+file until the new one is completely uploaded.
+
+If the `--inplace` flag is supplied, rclone will upload directly to
+the final name without creating a `.partial` file.
+
+This means that an incomplete file will be visible in the directory
+listings while the upload is in progress and any existing files will
+be overwritten as soon as the upload starts. If the transfer fails
+then the file will be deleted. This can cause data loss of the
+existing file if the transfer fails.
+
+Note that on the local file system if you don't use `--inplace` hard
+links (Unix only) will be broken. And if you do use `--inplace` you
+won't be able to update in use executables.
+
+Note also that versions of rclone prior to v1.63.0 behave as if the
+`--inplace` flag is always supplied.
+
 ### -i, --interactive {#interactive}
 
 This flag can be used to tell rclone that you wish a manual
@@ -1368,14 +1471,14 @@ what will happen.
 
 ### --max-duration=TIME ###
 
-Rclone will stop scheduling new transfers when it has run for the
+Rclone will stop transferring when it has run for the
 duration specified.
-
 Defaults to off.
 
-When the limit is reached any existing transfers will complete.
+When the limit is reached all transfers will stop immediately.
+Use `--cutoff-mode` to modify this behaviour.
 
-Rclone won't exit with an error if the transfer limit is reached.
+Rclone will exit with exit code 10 if the duration limit is reached.
 
 ### --max-transfer=SIZE ###
 
@@ -1383,24 +1486,13 @@ Rclone will stop transferring when it has reached the size specified.
 Defaults to off.
 
 When the limit is reached all transfers will stop immediately.
+Use `--cutoff-mode` to modify this behaviour.
 
 Rclone will exit with exit code 8 if the transfer limit is reached.
 
-## -M, --metadata
-
-Setting this flag enables rclone to copy the metadata from the source
-to the destination. For local backends this is ownership, permissions,
-xattr etc. See the [#metadata](metadata section) for more info.
-
-### --metadata-set key=value
-
-Add metadata `key` = `value` when uploading. This can be repeated as
-many times as required. See the [#metadata](metadata section) for more
-info.
-
 ### --cutoff-mode=hard|soft|cautious ###
 
-This modifies the behavior of `--max-transfer`
+This modifies the behavior of `--max-transfer` and `--max-duration`
 Defaults to `--cutoff-mode=hard`.
 
 Specifying `--cutoff-mode=hard` will stop transferring immediately
@@ -1410,7 +1502,130 @@ Specifying `--cutoff-mode=soft` will stop starting new transfers
 when Rclone reaches the limit.
 
 Specifying `--cutoff-mode=cautious` will try to prevent Rclone
-from reaching the limit.
+from reaching the limit. Only applicable for `--max-transfer`
+
+## -M, --metadata
+
+Setting this flag enables rclone to copy the metadata from the source
+to the destination. For local backends this is ownership, permissions,
+xattr etc. See the [metadata section](#metadata) for more info.
+
+### --metadata-mapper SpaceSepList {#metadata-mapper}
+
+If you supply the parameter `--metadata-mapper /path/to/program` then
+rclone will use that program to map metadata from source object to
+destination object.
+
+The argument to this flag should be a command with an optional space separated
+list of arguments. If one of the arguments has a space in then enclose
+it in `"`, if you want a literal `"` in an argument then enclose the
+argument in `"` and double the `"`. See [CSV encoding](https://godoc.org/encoding/csv)
+for more info.
+
+    --metadata-mapper "python bin/test_metadata_mapper.py"
+    --metadata-mapper 'python bin/test_metadata_mapper.py "argument with a space"'
+    --metadata-mapper 'python bin/test_metadata_mapper.py "argument with ""two"" quotes"'
+
+This uses a simple JSON based protocol with input on STDIN and output
+on STDOUT. This will be called for every file and directory copied and
+may be called concurrently.
+
+The program's job is to take a metadata blob on the input and turn it
+into a metadata blob on the output suitable for the destination
+backend.
+
+Input to the program (via STDIN) might look like this. This provides
+some context for the `Metadata` which may be important.
+
+- `SrcFs` is the config string for the remote that the object is currently on.
+- `SrcFsType` is the name of the source backend.
+- `DstFs` is the config string for the remote that the object is being copied to
+- `DstFsType` is the name of the destination backend.
+- `Remote` is the path of the file relative to the root.
+- `Size`, `MimeType`, `ModTime` are attributes of the file.
+- `IsDir` is `true` if this is a directory (not yet implemented).
+- `ID` is the source `ID` of the file if known.
+- `Metadata` is the backend specific metadata as described in the backend docs.
+
+```json
+{
+    "SrcFs": "gdrive:",
+    "SrcFsType": "drive",
+    "DstFs": "newdrive:user",
+    "DstFsType": "onedrive",
+    "Remote": "test.txt",
+    "Size": 6,
+    "MimeType": "text/plain; charset=utf-8",
+    "ModTime": "2022-10-11T17:53:10.286745272+01:00",
+    "IsDir": false,
+    "ID": "xyz",
+    "Metadata": {
+        "btime": "2022-10-11T16:53:11Z",
+        "content-type": "text/plain; charset=utf-8",
+        "mtime": "2022-10-11T17:53:10.286745272+01:00",
+        "owner": "user1@domain1.com",
+        "permissions": "...",
+        "description": "my nice file",
+        "starred": "false"
+    }
+}
+```
+
+The program should then modify the input as desired and send it to
+STDOUT. The returned `Metadata` field will be used in its entirety for
+the destination object. Any other fields will be ignored. Note in this
+example we translate user names and permissions and add something to
+the description:
+
+```json
+{
+    "Metadata": {
+        "btime": "2022-10-11T16:53:11Z",
+        "content-type": "text/plain; charset=utf-8",
+        "mtime": "2022-10-11T17:53:10.286745272+01:00",
+        "owner": "user1@domain2.com",
+        "permissions": "...",
+        "description": "my nice file [migrated from domain1]",
+        "starred": "false"
+    }
+}
+```
+
+Metadata can be removed here too.
+
+An example python program might look something like this to implement
+the above transformations.
+
+```python
+import sys, json
+
+i = json.load(sys.stdin)
+metadata = i["Metadata"]
+# Add tag to description
+if "description" in metadata:
+    metadata["description"] += " [migrated from domain1]"
+else:
+    metadata["description"] = "[migrated from domain1]"
+# Modify owner
+if "owner" in metadata:
+    metadata["owner"] = metadata["owner"].replace("domain1.com", "domain2.com")
+o = { "Metadata": metadata }
+json.dump(o, sys.stdout, indent="\t")
+```
+
+You can find this example (slightly expanded) in the rclone source code at
+[bin/test_metadata_mapper.py](https://github.com/rclone/rclone/blob/master/test_metadata_mapper.py).
+
+If you want to see the input to the metadata mapper and the output
+returned from it in the log you can use `-vv --dump mapper`.
+
+See the [metadata section](#metadata) for more info.
+
+### --metadata-set key=value
+
+Add metadata `key` = `value` when uploading. This can be repeated as
+many times as required. See the [metadata section](#metadata) for more
+info.
 
 ### --modify-window=TIME ###
 
@@ -1425,58 +1640,85 @@ if you are reading and writing to an OS X filing system this will be
 
 This command line flag allows you to override that computed default.
 
-### --multi-thread-cutoff=SIZE ###
+### --multi-thread-write-buffer-size=SIZE ###
 
-When downloading files to the local backend above this size, rclone
-will use multiple threads to download the file (default 250M).
+When transferring with multiple threads, rclone will buffer SIZE bytes
+in memory before writing to disk for each thread.
 
-Rclone preallocates the file (using `fallocate(FALLOC_FL_KEEP_SIZE)`
-on unix or `NTSetInformationFile` on Windows both of which takes no
-time) then each thread writes directly into the file at the correct
-place.  This means that rclone won't create fragmented or sparse files
-and there won't be any assembly time at the end of the transfer.
+This can improve performance if the underlying filesystem does not deal
+well with a lot of small writes in different positions of the file, so
+if you see transfers being limited by disk write speed, you might want
+to experiment with different values. Specially for magnetic drives and
+remote file systems a higher value can be useful.
 
-The number of threads used to download is controlled by
+Nevertheless, the default of `128k` should be fine for almost all use
+cases, so before changing it ensure that network is not really your
+bottleneck.
+
+As a final hint, size is not the only factor: block size (or similar
+concept) can have an impact. In one case, we observed that exact
+multiples of 16k performed much better than other values.
+
+### --multi-thread-chunk-size=SizeSuffix ###
+
+Normally the chunk size for multi thread transfers is set by the backend.
+However some backends such as `local` and `smb` (which implement `OpenWriterAt`
+but not `OpenChunkWriter`) don't have a natural chunk size.
+
+In this case the value of this option is used (default 64Mi).
+
+### --multi-thread-cutoff=SIZE {#multi-thread-cutoff}
+
+When transferring files above SIZE to capable backends, rclone will
+use multiple threads to transfer the file (default 256M).
+
+Capable backends are marked in the
+[overview](/overview/#optional-features) as `MultithreadUpload`. (They
+need to implement either the `OpenWriterAt` or `OpenChunkedWriter`
+internal interfaces). These include include, `local`, `s3`,
+`azureblob`, `b2`, `oracleobjectstorage` and `smb` at the time of
+writing.
+
+On the local disk, rclone preallocates the file (using
+`fallocate(FALLOC_FL_KEEP_SIZE)` on unix or `NTSetInformationFile` on
+Windows both of which takes no time) then each thread writes directly
+into the file at the correct place. This means that rclone won't
+create fragmented or sparse files and there won't be any assembly time
+at the end of the transfer.
+
+The number of threads used to transfer is controlled by
 `--multi-thread-streams`.
 
 Use `-vv` if you wish to see info about the threads.
 
 This will work with the `sync`/`copy`/`move` commands and friends
-`copyto`/`moveto`.  Multi thread downloads will be used with `rclone
+`copyto`/`moveto`. Multi thread transfers will be used with `rclone
 mount` and `rclone serve` if `--vfs-cache-mode` is set to `writes` or
 above.
 
-**NB** that this **only** works for a local destination but will work
-with any source.
+**NB** that this **only** works with supported backends as the
+destination but will work with any backend as the source.
 
-**NB** that multi thread copies are disabled for local to local copies
+**NB** that multi-thread copies are disabled for local to local copies
 as they are faster without unless `--multi-thread-streams` is set
 explicitly.
 
-**NB** on Windows using multi-thread downloads will cause the
-resulting files to be [sparse](https://en.wikipedia.org/wiki/Sparse_file).
+**NB** on Windows using multi-thread transfers to the local disk will
+cause the resulting files to be [sparse](https://en.wikipedia.org/wiki/Sparse_file).
 Use `--local-no-sparse` to disable sparse files (which may cause long
-delays at the start of downloads) or disable multi-thread downloads
+delays at the start of transfers) or disable multi-thread transfers
 with `--multi-thread-streams 0`
 
 ### --multi-thread-streams=N ###
 
-When using multi thread downloads (see above `--multi-thread-cutoff`)
-this sets the maximum number of streams to use.  Set to `0` to disable
-multi thread downloads (Default 4).
-
-Exactly how many streams rclone uses for the download depends on the
-size of the file. To calculate the number of download streams Rclone
-divides the size of the file by the `--multi-thread-cutoff` and rounds
-up, up to the maximum set with `--multi-thread-streams`.
+When using multi thread transfers (see above `--multi-thread-cutoff`)
+this sets the number of streams to use. Set to `0` to disable multi
+thread transfers (Default 4).
 
-So if `--multi-thread-cutoff 250M` and `--multi-thread-streams 4` are
-in effect (the defaults):
-
-- 0..250 MiB files will be downloaded with 1 stream
-- 250..500 MiB files will be downloaded with 2 streams
-- 500..750 MiB files will be downloaded with 3 streams
-- 750+ MiB files will be downloaded with 4 streams
+If the backend has a `--backend-upload-concurrency` setting (eg
+`--s3-upload-concurrency`) then this setting will be used as the
+number of transfers instead if it is larger than the value of
+`--multi-thread-streams` or `--multi-thread-streams` isn't set.
 
 ### --no-check-dest ###
 
@@ -1602,6 +1844,15 @@ If you want perfect ordering then you will need to specify
 [--check-first](#check-first) which will find all the files which need
 transferring first before transferring any.
 
+### --partial-suffix {#partial-suffix}
+
+When [--inplace](#inplace) is not used, it causes rclone to use
+the `--partial-suffix` as suffix for temporary files.
+
+Suffix length limit is 16 characters.
+
+The default is `.partial`.
+
 ### --password-command SpaceSepList ###
 
 This flag supplies a program which should supply the config password
@@ -1616,9 +1867,9 @@ for more info.
 
 Eg
 
-    --password-command echo hello
-    --password-command echo "hello with space"
-    --password-command echo "hello with ""quotes"" and space"
+    --password-command "echo hello"
+    --password-command 'echo "hello with space"'
+    --password-command 'echo "hello with ""quotes"" and space"'
 
 See the [Configuration Encryption](#configuration-encryption) for more info.
 
@@ -1826,6 +2077,12 @@ would be backed up to `file.txt-2019-01-01` and with the flag it would
 be backed up to `file-2019-01-01.txt`.  This can be helpful to make
 sure the suffixed files can still be opened.
 
+If a file has two (or more) extensions and the second (or subsequent)
+extension is recognised as a valid mime type, then the suffix will go
+before that extension. So `file.tar.gz` would be backed up to
+`file-2019-01-01.tar.gz` whereas `file.badextension.gz` would be
+backed up to `file.badextension-2019-01-01.gz`.
+
 ### --syslog ###
 
 On capable OSes (not Windows or Plan9) send all log output to syslog.
@@ -1981,34 +2238,50 @@ there were IO errors`.
 ### --fast-list ###
 
 When doing anything which involves a directory listing (e.g. `sync`,
-`copy`, `ls` - in fact nearly every command), rclone normally lists a
-directory and processes it before using more directory lists to
-process any subdirectories.  This can be parallelised and works very
-quickly using the least amount of memory.
-
-However, some remotes have a way of listing all files beneath a
-directory in one (or a small number) of transactions.  These tend to
-be the bucket-based remotes (e.g. S3, B2, GCS, Swift).
-
-If you use the `--fast-list` flag then rclone will use this method for
-listing directories.  This will have the following consequences for
-the listing:
-
-  * It **will** use fewer transactions (important if you pay for them)
-  * It **will** use more memory.  Rclone has to load the whole listing into memory.
-  * It *may* be faster because it uses fewer transactions
-  * It *may* be slower because it can't be parallelized
-
-rclone should always give identical results with and without
-`--fast-list`.
-
-If you pay for transactions and can fit your entire sync listing into
-memory then `--fast-list` is recommended.  If you have a very big sync
-to do then don't use `--fast-list` otherwise you will run out of
-memory.
-
-If you use `--fast-list` on a remote which doesn't support it, then
-rclone will just ignore it.
+`copy`, `ls` - in fact nearly every command), rclone has different
+strategies to choose from.
+
+The basic strategy is to list one directory and processes it before using
+more directory lists to process any subdirectories. This is a mandatory
+backend feature, called `List`, which means it is supported by all backends.
+This strategy uses small amount of memory, and because it can be parallelised
+it is fast for operations involving processing of the list results.
+
+Some backends provide the support for an alternative strategy, where all
+files beneath a directory can be listed in one (or a small number) of
+transactions. Rclone supports this alternative strategy through an optional
+backend feature called [`ListR`](/overview/#listr). You can see in the storage
+system overview documentation's [optional features](/overview/#optional-features)
+section which backends it is enabled for (these tend to be the bucket-based
+ones, e.g. S3, B2, GCS, Swift). This strategy requires fewer transactions
+for highly recursive operations, which is important on backends where this
+is charged or heavily rate limited. It may be faster (due to fewer transactions)
+or slower (because it can't be parallelized) depending on different parameters,
+and may require more memory if rclone has to keep the whole listing in memory.
+
+Which listing strategy rclone picks for a given operation is complicated, but
+in general it tries to choose the best possible. It will prefer `ListR` in
+situations where it doesn't need to store the listed files in memory, e.g.
+for unlimited recursive `ls` command variants. In other situations it will
+prefer `List`, e.g. for `sync` and `copy`, where it needs to keep the listed
+files in memory, and is performing operations on them where parallelization
+may be a huge advantage.
+
+Rclone is not able to take all relevant parameters into account for deciding
+the best strategy, and therefore allows you to influence the choice in two ways:
+You can stop rclone from using `ListR` by disabling the feature, using the
+[--disable](#disable-feature-feature) option (`--disable ListR`), or you can
+allow rclone to use `ListR` where it would normally choose not to do so due to
+higher memory usage, using the `--fast-list` option. Rclone should always
+produce identical results either way. Using `--disable ListR` or `--fast-list`
+on a remote which doesn't support `ListR` does nothing, rclone will just ignore
+it.
+
+A rule of thumb is that if you pay for transactions and can fit your entire
+sync listing into memory, then `--fast-list` is recommended. If you have a
+very big sync to do, then don't use `--fast-list`, otherwise you will run out
+of memory. Run some tests and compare before you decide, and if in doubt then
+just leave the default, let rclone decide, i.e. not use `--fast-list`.
 
 ### --timeout=TIME ###
 
@@ -2345,6 +2618,12 @@ This dumps a list of the open files at the end of the command.  It
 uses the `lsof` command to do that so you'll need that installed to
 use it.
 
+#### --dump mapper ####
+
+This shows the JSON blobs being sent to the program supplied with
+`--metadata-mapper` and received from it. It can be useful for
+debugging the metadata mapper interface.
+
 ### --memprofile=FILE ###
 
 Write memory profile to file. This can be analysed with `go tool pprof`.
@@ -2450,6 +2729,7 @@ it will log a high priority message if the retry was successful.
   * `7` - Fatal error (one that more retries won't fix, like account suspended) (Fatal errors)
   * `8` - Transfer exceeded - limit set by --max-transfer reached
   * `9` - Operation successful, but no files transferred
+  * `10` - Duration exceeded - limit set by --max-duration reached
 
 Environment Variables
 ---------------------
@@ -2491,6 +2771,9 @@ for each backend.
 To find the name of the environment variable, you need to set, take
 `RCLONE_CONFIG_` + name of remote + `_` + name of config file option
 and make it all uppercase.
+Note one implication here is the remote's name must be
+convertible into a valid environment variable name,
+so it can only contain letters, digits, or the `_` (underscore) character.
 
 For example, to configure an S3 remote named `mys3:` without a config
 file (using unix ways of setting environment variables):
diff --git a/docs/content/donate.md b/docs/content/donate.md
deleted file mode 100644
index 59fd6a9775e14..0000000000000
--- a/docs/content/donate.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: "Donations"
-description: "Donations to the rclone project."
-type: page
----
-
-# {{< icon "fa fa-heart heart" >}} Donations to the rclone project
-
-Rclone is a free open-source project with thousands of contributions
-from volunteers all round the world and I would like to thank all of
-you for donating your time to the project.
-
-However, maintaining rclone is a lot of work - easily the equivalent
-of a **full time job** - for me. Nothing stands still in the world of
-cloud storage.  Rclone needs constant attention adapting to changes by
-cloud providers, adding new providers, adding new features, keeping
-the integration tests working, fixing bugs and many more things!
-
-I love doing the work and I'd like to spend more time doing it - your
-support helps make that possible.
-
-Thank you :-)
-
-{{< nick >}}
-
-PS I'm available for rclone and object storage related consultancy -
-[email me](mailto:nick@craig-wood.com) for more info.
-
-{{< monthly_donations >}}
-
-## Personal users
-
-If you are a personal user and you would like to support the project
-with sponsorship as a way of saying thank you that would be most
-appreciated. {{< icon "fa fa-heart heart" >}}
-
-## Business users
-
-If your business distributes rclone as part of its products (which the
-generous MIT licence allows) or uses it internally then it would make
-business sense to sponsor the rclone project to ensure that the
-project you rely on stays healthy and well maintained.
-
-If you run one of the cloud storage providers that rclone supports and
-rclone is driving revenue your way then you know it makes sense to
-sponsor the project. {{< icon "far fa-smile" >}}
-
-Note that if you choose the "GitHub Sponsors" option they will provide
-proper tax invoices appropriate for your country.
-
-## Monthly donations
-
-Monthly donations help keep rclone development sustainable in the long
-run so this is the preferred option. A small amount every month is
-much better than a one off donation as it allows planning for the
-future.
-
-{{< monthly_donations >}}
-
-## One off donations
-
-If you don't want to contribute monthly then of course we'd love a one
-off donation.
-
-{{< one_off_donations >}}
-
-If you require a receipt or wish to contribute in a different way then
-please [drop me an email](mailto:nick@craig-wood.com).
diff --git a/docs/content/downloads.md b/docs/content/downloads.md
index 96ea849a71d14..d1ae19af95e0a 100644
--- a/docs/content/downloads.md
+++ b/docs/content/downloads.md
@@ -29,6 +29,9 @@ See also [Android builds](https://beta.rclone.org/{{% version %}}/testbuilds/).
 These are built as part of the official release, but haven't been
 adopted as first class builds yet.
 
+See [the release signing docs](/release_signing/) for how to verify
+signatures on the release.
+
 ## Script download and install ##
 
 To install rclone on Linux/macOS/BSD systems, run:
diff --git a/docs/content/drive.md b/docs/content/drive.md
index 7975cf6b9bd13..854b185eb889c 100644
--- a/docs/content/drive.md
+++ b/docs/content/drive.md
@@ -124,6 +124,8 @@ use.  This changes what type of token is granted to rclone.  [The
 scopes are defined
 here](https://developers.google.com/drive/v3/web/about-auth).
 
+A comma-separated list is allowed e.g. `drive.readonly,drive.file`.
+
 The scope are
 
 #### drive
@@ -227,12 +229,9 @@ There's a few steps we need to go through to accomplish this:
 [Google Developer Console](https://console.developers.google.com).
   - You must have a project - create one if you don't.
   - Then go to "IAM & admin" -> "Service Accounts".
-  - Use the "Create Credentials" button. Fill in "Service account name"
-with something that identifies your client. "Role" can be empty.
-  - Tick "Furnish a new private key" - select "Key type JSON".
-  - Tick "Enable G Suite Domain-wide Delegation". This option makes
-"impersonation" possible, as documented here:
-[Delegating domain-wide authority to the service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority)
+  - Use the "Create Service Account" button. Fill in "Service account name"
+and "Service account ID" with something that identifies your client.
+  - Select "Create And Continue". Step 2 and 3 are optional.
   - These credentials are what rclone will use for authentication.
 If you ever need to remove access, press the "Delete service
 account key" button.
@@ -362,10 +361,14 @@ large folder (10600 directories, 39000 files):
 - without `--fast-list`: 22:05 min
 - with `--fast-list`: 58s
 
-### Modified time
+### Modification times and hashes
 
 Google drive stores modification times accurate to 1 ms.
 
+Hash algorithms MD5, SHA1 and SHA256 are supported. Note, however,
+that a small fraction of files uploaded may not have SHA1 or SHA256
+hashes especially if they were uploaded before 2018.
+
 ### Restricted filename characters
 
 Only Invalid UTF-8 bytes will be [replaced](/overview/#invalid-utf8),
@@ -406,7 +409,7 @@ like a symlink in unix, except they point to the underlying file data
 (e.g. the inode in unix terms) so they don't break if the source is
 renamed or moved about.
 
-Be default rclone treats these as follows.
+By default rclone treats these as follows.
 
 For shortcuts pointing to files:
 
@@ -585,7 +588,7 @@ Properties:
 
 #### --drive-scope
 
-Scope that rclone should use when requesting access from drive.
+Comma separated list of scopes that rclone should use when requesting access from drive.
 
 Properties:
 
@@ -773,15 +776,40 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --drive-show-all-gdocs
+
+Show all Google Docs including non-exportable ones in listings.
+
+If you try a server side copy on a Google Form without this flag, you
+will get this error:
+
+    No export formats found for "application/vnd.google-apps.form"
+
+However adding this flag will allow the form to be server side copied.
+
+Note that rclone doesn't add extensions to the Google Docs file names
+in this mode.
+
+Do **not** use this flag when trying to download Google Docs - rclone
+will fail to download them.
+
+
+Properties:
+
+- Config:      show_all_gdocs
+- Env Var:     RCLONE_DRIVE_SHOW_ALL_GDOCS
+- Type:        bool
+- Default:     false
+
 #### --drive-skip-checksum-gphotos
 
-Skip MD5 checksum on Google photos and videos only.
+Skip checksums on Google photos and videos only.
 
 Use this if you get checksum errors when transferring Google photos or
 videos.
 
 Setting this flag will cause Google photos and videos to return a
-blank MD5 checksum.
+blank checksums.
 
 Google photos are identified by being in the "photos" space.
 
@@ -1069,6 +1097,8 @@ Properties:
 
 #### --drive-server-side-across-configs
 
+Deprecated: use --server-side-across-configs instead.
+
 Allow server-side operations (e.g. copy) to work across different drive configs.
 
 This can be useful if you wish to do a server-side copy between two
@@ -1195,7 +1225,7 @@ This resource key requirement only applies to a subset of old files.
 
 Note also that opening the folder once in the web interface (with the
 user you've authenticated rclone with) seems to be enough so that the
-resource key is no needed.
+resource key is not needed.
 
 
 Properties:
@@ -1205,6 +1235,126 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --drive-fast-list-bug-fix
+
+Work around a bug in Google Drive listing.
+
+Normally rclone will work around a bug in Google Drive when using
+--fast-list (ListR) where the search "(A in parents) or (B in
+parents)" returns nothing sometimes. See #3114, #4289 and
+https://issuetracker.google.com/issues/149522397
+
+Rclone detects this by finding no items in more than one directory
+when listing and retries them as lists of individual directories.
+
+This means that if you have a lot of empty directories rclone will end
+up listing them all individually and this can take many more API
+calls.
+
+This flag allows the work-around to be disabled. This is **not**
+recommended in normal use - only if you have a particular case you are
+having trouble with like many empty directories.
+
+
+Properties:
+
+- Config:      fast_list_bug_fix
+- Env Var:     RCLONE_DRIVE_FAST_LIST_BUG_FIX
+- Type:        bool
+- Default:     true
+
+#### --drive-metadata-owner
+
+Control whether owner should be read or written in metadata.
+
+Owner is a standard part of the file metadata so is easy to read. But it
+isn't always desirable to set the owner from the metadata.
+
+Note that you can't set the owner on Shared Drives, and that setting
+ownership will generate an email to the new owner (this can't be
+disabled), and you can't transfer ownership to someone outside your
+organization.
+
+
+Properties:
+
+- Config:      metadata_owner
+- Env Var:     RCLONE_DRIVE_METADATA_OWNER
+- Type:        Bits
+- Default:     read
+- Examples:
+    - "off"
+        - Do not read or write the value
+    - "read"
+        - Read the value only
+    - "write"
+        - Write the value only
+    - "read,write"
+        - Read and Write the value.
+
+#### --drive-metadata-permissions
+
+Control whether permissions should be read or written in metadata.
+
+Reading permissions metadata from files can be done quickly, but it
+isn't always desirable to set the permissions from the metadata.
+
+Note that rclone drops any inherited permissions on Shared Drives and
+any owner permission on My Drives as these are duplicated in the owner
+metadata.
+
+
+Properties:
+
+- Config:      metadata_permissions
+- Env Var:     RCLONE_DRIVE_METADATA_PERMISSIONS
+- Type:        Bits
+- Default:     off
+- Examples:
+    - "off"
+        - Do not read or write the value
+    - "read"
+        - Read the value only
+    - "write"
+        - Write the value only
+    - "read,write"
+        - Read and Write the value.
+
+#### --drive-metadata-labels
+
+Control whether labels should be read or written in metadata.
+
+Reading labels metadata from files takes an extra API transaction and
+will slow down listings. It isn't always desirable to set the labels
+from the metadata.
+
+The format of labels is documented in the drive API documentation at
+https://developers.google.com/drive/api/reference/rest/v3/Label -
+rclone just provides a JSON dump of this format.
+
+When setting labels, the label and fields must already exist - rclone
+will not create them. This means that if you are transferring labels
+from two different accounts you will have to create the labels in
+advance and use the metadata mapper to translate the IDs between the
+two accounts.
+
+
+Properties:
+
+- Config:      metadata_labels
+- Env Var:     RCLONE_DRIVE_METADATA_LABELS
+- Type:        Bits
+- Default:     off
+- Examples:
+    - "off"
+        - Do not read or write the value
+    - "read"
+        - Read the value only
+    - "write"
+        - Write the value only
+    - "read,write"
+        - Read and Write the value.
+
 #### --drive-encoding
 
 The encoding for the backend.
@@ -1215,9 +1365,50 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_DRIVE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     InvalidUtf8
 
+#### --drive-env-auth
+
+Get IAM credentials from runtime (environment variables or instance meta data if no env vars).
+
+Only applies if service_account_file and service_account_credentials is blank.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_DRIVE_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - "false"
+        - Enter credentials in the next step.
+    - "true"
+        - Get GCP IAM credentials from the environment (env vars or IAM).
+
+### Metadata
+
+User metadata is stored in the properties field of the drive object.
+
+Here are the possible system metadata items for the drive backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation) with mS accuracy. Note that this is only writable on fresh uploads - it can't be written for updates. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| content-type | The MIME type of the file. | string | text/plain | N |
+| copy-requires-writer-permission | Whether the options to copy, print, or download this file, should be disabled for readers and commenters. | boolean | true | N |
+| description | A short description of the file. | string | Contract for signing | N |
+| folder-color-rgb | The color for a folder or a shortcut to a folder as an RGB hex string. | string | 881133 | N |
+| labels | Labels attached to this file in a JSON dump of Googled drive format. Enable with --drive-metadata-labels. | JSON | [] | N |
+| mtime | Time of last modification with mS accuracy. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| owner | The owner of the file. Usually an email address. Enable with --drive-metadata-owner. | string | user@example.com | N |
+| permissions | Permissions in a JSON dump of Google drive format. On shared drives these will only be present if they aren't inherited. Enable with --drive-metadata-permissions. | JSON | {} | N |
+| starred | Whether the user has starred the file. | boolean | false | N |
+| viewed-by-me | Whether the file has been viewed by this user. | boolean | true | **Y** |
+| writers-can-share | Whether users with only writer permission can modify the file's permissions. Not populated for items in shared drives. | boolean | false | N |
+
+See the [metadata](/docs/#metadata) docs for more info.
+
 ## Backend commands
 
 Here are the commands specific to the drive backend.
@@ -1481,6 +1672,11 @@ Waiting a moderate period of time between attempts (estimated to be
 approximately 1 hour) and/or not using --fast-list both seem to be
 effective in preventing the problem.
 
+### SHA1 or SHA256 hashes may be missing
+
+All files have MD5 hashes, but a small fraction of files uploaded may
+not have SHA1 or SHA256 hashes especially if they were uploaded before 2018.
+
 ## Making your own client_id
 
 When you use rclone with Google drive in its default configuration you
@@ -1505,7 +1701,7 @@ be the same account as the Google Drive you want to access)
 "Google Drive API".
 
 4. Click "Credentials" in the left-side panel (not "Create
-credentials", which opens the wizard), then "Create credentials"
+credentials", which opens the wizard).
 
 5. If you already configured an "Oauth Consent Screen", then skip
 to the next step; if not, click on "CONFIGURE CONSENT SCREEN" button 
diff --git a/docs/content/dropbox.md b/docs/content/dropbox.md
index cb9af2e1c6dd2..91b15688e8b74 100644
--- a/docs/content/dropbox.md
+++ b/docs/content/dropbox.md
@@ -97,7 +97,7 @@ You can then use team folders like this `remote:/TeamFolder` and
 A leading `/` for a Dropbox personal account will do nothing, but it
 will take an extra HTTP transaction so it should be avoided.
 
-### Modified time and Hashes
+### Modification times and hashes
 
 Dropbox supports modified times, but the only way to set a
 modification time is to re-upload the file.
@@ -343,6 +343,30 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --dropbox-pacer-min-sleep
+
+Minimum time to sleep between API calls.
+
+Properties:
+
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_DROPBOX_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     10ms
+
+#### --dropbox-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_DROPBOX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
+
 #### --dropbox-batch-mode
 
 Upload file batching sync|async|off.
@@ -406,8 +430,8 @@ uploaded.
 The default for this is 0 which means rclone will choose a sensible
 default based on the batch_mode in use.
 
-- batch_mode: async - default batch_timeout is 500ms
-- batch_mode: sync - default batch_timeout is 10s
+- batch_mode: async - default batch_timeout is 10s
+- batch_mode: sync - default batch_timeout is 500ms
 - batch_mode: off - not in use
 
 
@@ -429,19 +453,6 @@ Properties:
 - Type:        Duration
 - Default:     10m0s
 
-#### --dropbox-encoding
-
-The encoding for the backend.
-
-See the [encoding section in the overview](/overview/#encoding) for more info.
-
-Properties:
-
-- Config:      encoding
-- Env Var:     RCLONE_DROPBOX_ENCODING
-- Type:        MultiEncoder
-- Default:     Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
-
 {{< rem autogenerated options stop >}}
 
 ## Limitations
@@ -483,7 +494,7 @@ to be the same account as the Dropbox you want to access)
 
 2. Choose an API => Usually this should be `Dropbox API`
 
-3. Choose the type of access you want to use => `Full Dropbox` or `App Folder`
+3. Choose the type of access you want to use => `Full Dropbox` or `App Folder`. If you want to use Team Folders, `Full Dropbox` is required ([see here](https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-create-team-folder-inside-my-app-s-folder/m-p/601005/highlight/true#M27911)).
 
 4. Name your App. The app name is global, so you can't use `rclone` for example
 
@@ -491,6 +502,6 @@ to be the same account as the Dropbox you want to access)
 
 6. Switch to the `Permissions` tab. Enable at least the following permissions: `account_info.read`, `files.metadata.write`, `files.content.write`, `files.content.read`, `sharing.write`. The `files.metadata.read` and `sharing.read` checkboxes will be marked too. Click `Submit`
 
-7. Switch to the `Settings` tab. Fill `OAuth2 - Redirect URIs` as `http://localhost:53682/`
+7. Switch to the `Settings` tab. Fill `OAuth2 - Redirect URIs` as `http://localhost:53682/` and click on `Add`
 
 8. Find the `App key` and `App secret` values on the `Settings` tab. Use these values in rclone config to add a new remote or edit an existing remote. The `App key` setting corresponds to `client_id` in rclone config, the `App secret` corresponds to `client_secret`
diff --git a/docs/content/faq.md b/docs/content/faq.md
index 574cd540f955d..c529405591f70 100644
--- a/docs/content/faq.md
+++ b/docs/content/faq.md
@@ -190,9 +190,29 @@ If you are using `systemd-resolved` (default on Arch Linux), ensure it
 is at version 233 or higher. Previous releases contain a bug which
 causes not all domains to be resolved properly.
 
-Additionally with the `GODEBUG=netdns=` environment variable the Go
-resolver decision can be influenced. This also allows to resolve certain
-issues with DNS resolution. See the [name resolution section in the go docs](https://golang.org/pkg/net/#hdr-Name_Resolution).
+
+The Go resolver decision can be influenced with the `GODEBUG=netdns=...`
+environment variable. This also allows to resolve certain issues with
+DNS resolution. On Windows or MacOS systems, try forcing use of the
+internal Go resolver by setting `GODEBUG=netdns=go` at runtime. On
+other systems (Linux, \*BSD, etc) try forcing use of the system
+name resolver by setting `GODEBUG=netdns=cgo` (and recompile rclone
+from source with CGO enabled if necessary). See the
+[name resolution section in the go docs](https://golang.org/pkg/net/#hdr-Name_Resolution).
+
+### Failed to start auth webserver on Windows ###
+```
+Error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+...
+yyyy/mm/dd hh:mm:ss Fatal error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+```
+
+This is sometimes caused by the Host Network Service causing issues with opening the port on the host.
+
+A simple solution may be restarting the Host Network Service with eg. Powershell
+```
+Restart-Service hns
+```
 
 ### The total size reported in the stats for a sync is wrong and keeps changing
 
diff --git a/docs/content/fichier.md b/docs/content/fichier.md
index e4470faeab67a..b5a8245055685 100644
--- a/docs/content/fichier.md
+++ b/docs/content/fichier.md
@@ -76,11 +76,11 @@ To copy a local directory to a 1Fichier directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes ###
+### Modification times and hashes
 
 1Fichier does not support modification times. It supports the Whirlpool hash algorithm.
 
-### Duplicated files ###
+### Duplicated files
 
 1Fichier can have two files with exactly the same name and path (unlike a
 normal file system).
@@ -171,6 +171,17 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --fichier-cdn
+
+Set if you wish to use CDN download links.
+
+Properties:
+
+- Config:      cdn
+- Env Var:     RCLONE_FICHIER_CDN
+- Type:        bool
+- Default:     false
+
 #### --fichier-encoding
 
 The encoding for the backend.
@@ -181,7 +192,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_FICHIER_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/filefabric.md b/docs/content/filefabric.md
index 69ee67fcdcba8..1666cd6bc7793 100644
--- a/docs/content/filefabric.md
+++ b/docs/content/filefabric.md
@@ -101,7 +101,7 @@ To copy a local directory to an Enterprise File Fabric directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes
+### Modification times and hashes
 
 The Enterprise File Fabric allows modification times to be set on
 files accurate to 1 second.  These will be used to detect whether
@@ -271,7 +271,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_FILEFABRIC_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/filtering.md b/docs/content/filtering.md
index d61bb19924738..7afd66ff0f77b 100644
--- a/docs/content/filtering.md
+++ b/docs/content/filtering.md
@@ -27,7 +27,7 @@ E.g. `rclone copy "remote:dir*.jpg" /path/to/dir` does not have a filter effect.
 `rclone copy remote:dir /path/to/dir --include "*.jpg"` does.
 
 **Important** Avoid mixing any two of `--include...`, `--exclude...` or
-`--filter...` flags in an rclone command. The results may not be what
+`--filter...` flags in an rclone command. The results might not be what
 you expect. Instead use a `--filter...` flag.
 
 ## Patterns for matching path/file names
@@ -88,7 +88,7 @@ separator or the beginning of the path/file.
                - doesn't match "afile.jpg"
                - doesn't match "directory/file.jpg"
 
-The top level of the remote may not be the top level of the drive.
+The top level of the remote might not be the top level of the drive.
 
 E.g. for a Microsoft Windows local directory structure
 
@@ -166,7 +166,7 @@ Which will match a directory called `start` with a file called
 `end.jpg` in it as the `.*` will match `/` characters.
 
 Note that you can use `-vv --dump filters` to show the filter patterns
-in regexp format - rclone implements the glob patters by transforming
+in regexp format - rclone implements the glob patterns by transforming
 them into regular expressions.
 
 ## Filter pattern examples {#examples}
@@ -367,7 +367,7 @@ all files on `remote:` excluding those in root directory `dir` and sub
 directories.
 
 E.g. on Microsoft Windows `rclone ls remote: --exclude "*\[{JP,KR,HK}\]*"`
-lists the files in `remote:` with `[JP]` or `[KR]` or `[HK]` in
+lists the files in `remote:` without `[JP]` or `[KR]` or `[HK]` in
 their name. Quotes prevent the shell from interpreting the `\`
 characters.`\` characters escape the `[` and `]` so an rclone filter
 treats them literally rather than as a character-range. The `{` and `}`
diff --git a/docs/content/flags.md b/docs/content/flags.md
index 51e9f931fb992..4ce4c079f439a 100644
--- a/docs/content/flags.md
+++ b/docs/content/flags.md
@@ -6,727 +6,959 @@ description: "Rclone Global Flags"
 # Global Flags
 
 This describes the global flags available to every rclone command
-split into two groups, non backend and backend flags.
+split into groups.
 
-## Non Backend Flags
 
-These flags are available for every command.
+## Copy
 
+Flags for anything which can Copy a file.
+
+```
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don't skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don't check the destination, copy regardless
+      --no-traverse                                 Don't traverse destination file system on copy
+      --no-update-modtime                           Don't update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. 'size,descending'
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default ".partial")
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+```
+
+
+## Sync
+
+Flags just used for `rclone sync`.
+
+```
+      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
+```
+
+
+## Important
+
+Important flags useful for most commands.
+
+```
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+```
+
+
+## Check
+
+Flags used for `rclone check`.
+
+```
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+```
+
+
+## Networking
+
+General networking and HTTP stuff.
+
+```
+      --bind string                        Local address to bind to for outgoing connections, IPv4, IPv6 or name
+      --bwlimit BwTimetable                Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --bwlimit-file BwTimetable           Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --ca-cert stringArray                CA certificate used to verify servers
+      --client-cert string                 Client SSL certificate (PEM) for mutual TLS auth
+      --client-key string                  Client SSL private key (PEM) for mutual TLS auth
+      --contimeout Duration                Connect timeout (default 1m0s)
+      --disable-http-keep-alives           Disable HTTP keep-alives and use each connection once.
+      --disable-http2                      Disable HTTP/2 in the global transport
+      --dscp string                        Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
+      --expect-continue-timeout Duration   Timeout when using expect / 100-continue in HTTP (default 1s)
+      --header stringArray                 Set HTTP header for all transactions
+      --header-download stringArray        Set HTTP header for download transactions
+      --header-upload stringArray          Set HTTP header for upload transactions
+      --no-check-certificate               Do not verify the server SSL certificate (insecure)
+      --no-gzip-encoding                   Don't set Accept-Encoding: gzip
+      --timeout Duration                   IO idle timeout (default 5m0s)
+      --tpslimit float                     Limit HTTP transactions per second to this
+      --tpslimit-burst int                 Max burst of transactions for --tpslimit (default 1)
+      --use-cookies                        Enable session cookiejar
+      --user-agent string                  Set the user-agent to a specified string (default "rclone/v1.65.0")
+```
+
+
+## Performance
+
+Flags helpful for increasing performance.
+
+```
+      --buffer-size SizeSuffix   In memory buffer size when reading files for each --transfer (default 16Mi)
+      --checkers int             Number of checkers to run in parallel (default 8)
+      --transfers int            Number of file transfers to run in parallel (default 4)
+```
+
+
+## Config
+
+General configuration of rclone.
+
+```
+      --ask-password                        Allow prompt for password for encrypted configuration (default true)
+      --auto-confirm                        If enabled, do not request console confirmation
+      --cache-dir string                    Directory rclone will use for caching (default "$HOME/.cache/rclone")
+      --color AUTO|NEVER|ALWAYS             When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default AUTO)
+      --config string                       Config file (default "$HOME/.config/rclone/rclone.conf")
+      --default-time Time                   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --disable string                      Disable a comma separated list of features (use --disable help to see a list)
+  -n, --dry-run                             Do a trial run with no permanent changes
+      --error-on-no-transfer                Sets exit code 9 if no files are transferred, useful in scripts
+      --fs-cache-expire-duration Duration   Cache remotes for this long (0 to disable caching) (default 5m0s)
+      --fs-cache-expire-interval Duration   Interval to check for expired remotes (default 1m0s)
+      --human-readable                      Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
+  -i, --interactive                         Enable interactive mode
+      --kv-lock-time Duration               Maximum time to keep key-value database locked by process (default 1s)
+      --low-level-retries int               Number of low level retries to do (default 10)
+      --no-console                          Hide console window (supported on Windows only)
+      --no-unicode-normalization            Don't normalize unicode characters in filenames
+      --password-command SpaceSepList       Command for supplying password for encrypted configuration
+      --retries int                         Retry operations this many times if they fail (default 3)
+      --retries-sleep Duration              Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
+      --temp-dir string                     Directory rclone will use for temporary files (default "/tmp")
+      --use-mmap                            Use mmap allocator (see docs)
+      --use-server-modtime                  Use server modified time instead of object metadata
 ```
-      --ask-password                         Allow prompt for password for encrypted configuration (default true)
-      --auto-confirm                         If enabled, do not request console confirmation
-      --backup-dir string                    Make backups into hierarchy based in DIR
-      --bind string                          Local address to bind to for outgoing connections, IPv4, IPv6 or name
-      --buffer-size SizeSuffix               In memory buffer size when reading files for each --transfer (default 16Mi)
-      --bwlimit BwTimetable                  Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --bwlimit-file BwTimetable             Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --ca-cert stringArray                  CA certificate used to verify servers
-      --cache-dir string                     Directory rclone will use for caching (default "$HOME/.cache/rclone")
-      --check-first                          Do all the checks before starting transfers
-      --checkers int                         Number of checkers to run in parallel (default 8)
-  -c, --checksum                             Skip based on checksum (if available) & size, not mod-time & size
-      --client-cert string                   Client SSL certificate (PEM) for mutual TLS auth
-      --client-key string                    Client SSL private key (PEM) for mutual TLS auth
-      --color string                         When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default "AUTO")
-      --compare-dest stringArray             Include additional comma separated server-side paths during comparison
-      --config string                        Config file (default "$HOME/.config/rclone/rclone.conf")
-      --contimeout Duration                  Connect timeout (default 1m0s)
-      --copy-dest stringArray                Implies --compare-dest but also copies files from paths into destination
-      --cpuprofile string                    Write cpu profile to file
-      --cutoff-mode string                   Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default "HARD")
-      --delete-after                         When synchronizing, delete files on destination after transferring (default)
-      --delete-before                        When synchronizing, delete files on destination before transferring
-      --delete-during                        When synchronizing, delete files during transfer
-      --delete-excluded                      Delete files on dest excluded from sync
-      --disable string                       Disable a comma separated list of features (use --disable help to see a list)
-      --disable-http-keep-alives             Disable HTTP keep-alives and use each connection once.
-      --disable-http2                        Disable HTTP/2 in the global transport
-  -n, --dry-run                              Do a trial run with no permanent changes
-      --dscp string                          Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
-      --dump DumpFlags                       List of items to dump from: headers,bodies,requests,responses,auth,filters,goroutines,openfiles
-      --dump-bodies                          Dump HTTP headers and bodies - may contain sensitive info
-      --dump-headers                         Dump HTTP headers - may contain sensitive info
-      --error-on-no-transfer                 Sets exit code 9 if no files are transferred, useful in scripts
-      --exclude stringArray                  Exclude files matching pattern
-      --exclude-from stringArray             Read file exclude patterns from file (use - to read from stdin)
-      --exclude-if-present stringArray       Exclude directories if filename is present
-      --expect-continue-timeout Duration     Timeout when using expect / 100-continue in HTTP (default 1s)
-      --fast-list                            Use recursive list if available; uses more memory but fewer transactions
-      --files-from stringArray               Read list of source-file names from file (use - to read from stdin)
-      --files-from-raw stringArray           Read list of source-file names from file without any processing of lines (use - to read from stdin)
-  -f, --filter stringArray                   Add a file filtering rule
-      --filter-from stringArray              Read file filtering patterns from a file (use - to read from stdin)
-      --fs-cache-expire-duration Duration    Cache remotes for this long (0 to disable caching) (default 5m0s)
-      --fs-cache-expire-interval Duration    Interval to check for expired remotes (default 1m0s)
-      --header stringArray                   Set HTTP header for all transactions
-      --header-download stringArray          Set HTTP header for download transactions
-      --header-upload stringArray            Set HTTP header for upload transactions
-      --human-readable                       Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
-      --ignore-case                          Ignore case in filters (case insensitive)
-      --ignore-case-sync                     Ignore case when synchronizing
-      --ignore-checksum                      Skip post copy check of checksums
-      --ignore-errors                        Delete even if there are I/O errors
-      --ignore-existing                      Skip all files that exist on destination
-      --ignore-size                          Ignore size when skipping use mod-time or checksum
-  -I, --ignore-times                         Don't skip files that match size and time - transfer all files
-      --immutable                            Do not modify files, fail if existing files have been modified
-      --include stringArray                  Include files matching pattern
-      --include-from stringArray             Read file include patterns from file (use - to read from stdin)
-  -i, --interactive                          Enable interactive mode
-      --kv-lock-time Duration                Maximum time to keep key-value database locked by process (default 1s)
-      --log-file string                      Log everything to this file
-      --log-format string                    Comma separated list of log format options (default "date,time")
-      --log-level string                     Log level DEBUG|INFO|NOTICE|ERROR (default "NOTICE")
-      --log-systemd                          Activate systemd integration for the logger
-      --low-level-retries int                Number of low level retries to do (default 10)
-      --max-age Duration                     Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --max-backlog int                      Maximum number of objects in sync or check backlog (default 10000)
-      --max-delete int                       When synchronizing, limit the number of deletes (default -1)
-      --max-delete-size SizeSuffix           When synchronizing, limit the total size of deletes (default off)
-      --max-depth int                        If set limits the recursion depth to this (default -1)
-      --max-duration Duration                Maximum duration rclone will transfer data for (default 0s)
-      --max-size SizeSuffix                  Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
-      --max-stats-groups int                 Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
-      --max-transfer SizeSuffix              Maximum size of data to transfer (default off)
-      --memprofile string                    Write memory profile to file
-  -M, --metadata                             If set, preserve metadata when copying objects
-      --metadata-exclude stringArray         Exclude metadatas matching pattern
-      --metadata-exclude-from stringArray    Read metadata exclude patterns from file (use - to read from stdin)
-      --metadata-filter stringArray          Add a metadata filtering rule
-      --metadata-filter-from stringArray     Read metadata filtering patterns from a file (use - to read from stdin)
-      --metadata-include stringArray         Include metadatas matching pattern
-      --metadata-include-from stringArray    Read metadata include patterns from file (use - to read from stdin)
-      --metadata-set stringArray             Add metadata key=value when uploading
-      --min-age Duration                     Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --min-size SizeSuffix                  Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
-      --modify-window Duration               Max time diff to be considered the same (default 1ns)
-      --multi-thread-cutoff SizeSuffix       Use multi-thread downloads for files above this size (default 250Mi)
-      --multi-thread-streams int             Max number of streams to use for multi-thread downloads (default 4)
-      --no-check-certificate                 Do not verify the server SSL certificate (insecure)
-      --no-check-dest                        Don't check the destination, copy regardless
-      --no-console                           Hide console window (supported on Windows only)
-      --no-gzip-encoding                     Don't set Accept-Encoding: gzip
-      --no-traverse                          Don't traverse destination file system on copy
-      --no-unicode-normalization             Don't normalize unicode characters in filenames
-      --no-update-modtime                    Don't update destination mod-time if files identical
-      --order-by string                      Instructions on how to order the transfers, e.g. 'size,descending'
-      --password-command SpaceSepList        Command for supplying password for encrypted configuration
-  -P, --progress                             Show progress during transfer
-      --progress-terminal-title              Show progress on the terminal title (requires -P/--progress)
-  -q, --quiet                                Print as little stuff as possible
-      --rc                                   Enable the remote control server
-      --rc-addr stringArray                  IPaddress:Port or :Port to bind server to (default [localhost:5572])
-      --rc-allow-origin string               Set the allowed origin for CORS
-      --rc-baseurl string                    Prefix for URLs - leave blank for root
-      --rc-cert string                       TLS PEM key (concatenation of certificate and CA certificate)
-      --rc-client-ca string                  Client certificate authority to verify clients with
-      --rc-enable-metrics                    Enable prometheus metrics on /metrics
-      --rc-files string                      Path to local files to serve on the HTTP server
-      --rc-htpasswd string                   A htpasswd file - if not provided no authentication is done
-      --rc-job-expire-duration Duration      Expire finished async jobs older than this value (default 1m0s)
-      --rc-job-expire-interval Duration      Interval to check for expired async jobs (default 10s)
-      --rc-key string                        TLS PEM Private key
-      --rc-max-header-bytes int              Maximum size of request header (default 4096)
-      --rc-min-tls-version string            Minimum TLS version that is acceptable (default "tls1.0")
-      --rc-no-auth                           Don't require auth for certain methods
-      --rc-pass string                       Password for authentication
-      --rc-realm string                      Realm for authentication
-      --rc-salt string                       Password hashing salt (default "dlPL2MqE")
-      --rc-serve                             Enable the serving of remote objects
-      --rc-server-read-timeout Duration      Timeout for server reading data (default 1h0m0s)
-      --rc-server-write-timeout Duration     Timeout for server writing data (default 1h0m0s)
-      --rc-template string                   User-specified template
-      --rc-user string                       User name for authentication
-      --rc-web-fetch-url string              URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
-      --rc-web-gui                           Launch WebGUI on localhost
-      --rc-web-gui-force-update              Force update to latest version of web gui
-      --rc-web-gui-no-open-browser           Don't open the browser automatically
-      --rc-web-gui-update                    Check and update to latest version of web gui
-      --refresh-times                        Refresh the modtime of remote files
-      --retries int                          Retry operations this many times if they fail (default 3)
-      --retries-sleep Duration               Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
-      --server-side-across-configs           Allow server-side operations (e.g. copy) to work across different configs
-      --size-only                            Skip based on size only, not mod-time or checksum
-      --stats Duration                       Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
-      --stats-file-name-length int           Max file name length in stats (0 for no limit) (default 45)
-      --stats-log-level string               Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default "INFO")
-      --stats-one-line                       Make the stats fit on one line
-      --stats-one-line-date                  Enable --stats-one-line and add current date/time prefix
-      --stats-one-line-date-format string    Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes ("), see https://golang.org/pkg/time/#Time.Format
-      --stats-unit string                    Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
-      --streaming-upload-cutoff SizeSuffix   Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
-      --suffix string                        Suffix to add to changed files
-      --suffix-keep-extension                Preserve the extension when using --suffix
-      --syslog                               Use Syslog for logging
-      --syslog-facility string               Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
-      --temp-dir string                      Directory rclone will use for temporary files (default "/tmp")
-      --timeout Duration                     IO idle timeout (default 5m0s)
-      --tpslimit float                       Limit HTTP transactions per second to this
-      --tpslimit-burst int                   Max burst of transactions for --tpslimit (default 1)
-      --track-renames                        When synchronizing, track file renames and do a server-side move if possible
-      --track-renames-strategy string        Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
-      --transfers int                        Number of file transfers to run in parallel (default 4)
-  -u, --update                               Skip files that are newer on the destination
-      --use-cookies                          Enable session cookiejar
-      --use-json-log                         Use json log format
-      --use-mmap                             Use mmap allocator (see docs)
-      --use-server-modtime                   Use server modified time instead of object metadata
-      --user-agent string                    Set the user-agent to a specified string (default "rclone/v1.62.0")
-  -v, --verbose count                        Print lots more stuff (repeat for more)
+
+
+## Debugging
+
+Flags for developers.
+
+```
+      --cpuprofile string   Write cpu profile to file
+      --dump DumpFlags      List of items to dump from: headers, bodies, requests, responses, auth, filters, goroutines, openfiles, mapper
+      --dump-bodies         Dump HTTP headers and bodies - may contain sensitive info
+      --dump-headers        Dump HTTP headers - may contain sensitive info
+      --memprofile string   Write memory profile to file
+```
+
+
+## Filter
+
+Flags for filtering directory listings.
+
+```
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+```
+
+
+## Listing
+
+Flags for listing directories.
+
+```
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+```
+
+
+## Logging
+
+Logging and statistics.
+
 ```
+      --log-file string                     Log everything to this file
+      --log-format string                   Comma separated list of log format options (default "date,time")
+      --log-level LogLevel                  Log level DEBUG|INFO|NOTICE|ERROR (default NOTICE)
+      --log-systemd                         Activate systemd integration for the logger
+      --max-stats-groups int                Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
+  -P, --progress                            Show progress during transfer
+      --progress-terminal-title             Show progress on the terminal title (requires -P/--progress)
+  -q, --quiet                               Print as little stuff as possible
+      --stats Duration                      Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
+      --stats-file-name-length int          Max file name length in stats (0 for no limit) (default 45)
+      --stats-log-level LogLevel            Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default INFO)
+      --stats-one-line                      Make the stats fit on one line
+      --stats-one-line-date                 Enable --stats-one-line and add current date/time prefix
+      --stats-one-line-date-format string   Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes ("), see https://golang.org/pkg/time/#Time.Format
+      --stats-unit string                   Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
+      --syslog                              Use Syslog for logging
+      --syslog-facility string              Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
+      --use-json-log                        Use json log format
+  -v, --verbose count                       Print lots more stuff (repeat for more)
+```
+
 
-## Backend Flags
+## Metadata
 
-These flags are available for every command. They control the backends
-and may be set in the config file.
+Flags to control metadata.
 
 ```
-      --acd-auth-url string                            Auth server URL
-      --acd-client-id string                           OAuth Client Id
-      --acd-client-secret string                       OAuth Client Secret
-      --acd-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --acd-templink-threshold SizeSuffix              Files >= this size will be downloaded via their tempLink (default 9Gi)
-      --acd-token string                               OAuth Access Token as a JSON blob
-      --acd-token-url string                           Token server url
-      --acd-upload-wait-per-gb Duration                Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
-      --alias-remote string                            Remote or path to alias
-      --azureblob-access-tier string                   Access tier of blob: hot, cool or archive
-      --azureblob-account string                       Azure Storage Account Name
-      --azureblob-archive-tier-delete                  Delete archive tier blobs before overwriting
-      --azureblob-chunk-size SizeSuffix                Upload chunk size (default 4Mi)
-      --azureblob-client-certificate-password string   Password for the certificate file (optional) (obscured)
-      --azureblob-client-certificate-path string       Path to a PEM or PKCS12 certificate file including the private key
-      --azureblob-client-id string                     The ID of the client in use
-      --azureblob-client-secret string                 One of the service principal's client secrets
-      --azureblob-client-send-certificate-chain        Send the certificate chain when using certificate auth
-      --azureblob-disable-checksum                     Don't store MD5 checksum with object metadata
-      --azureblob-encoding MultiEncoder                The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
-      --azureblob-endpoint string                      Endpoint for the service
-      --azureblob-env-auth                             Read credentials from runtime (environment variables, CLI or MSI)
-      --azureblob-key string                           Storage Account Shared Key
-      --azureblob-list-chunk int                       Size of blob list (default 5000)
-      --azureblob-memory-pool-flush-time Duration      How often internal memory buffer pools will be flushed (default 1m0s)
-      --azureblob-memory-pool-use-mmap                 Whether to use mmap buffers in internal memory pool
-      --azureblob-msi-client-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-msi-mi-res-id string                 Azure resource ID of the user-assigned MSI to use, if any
-      --azureblob-msi-object-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-no-check-container                   If set, don't attempt to check the container exists or create it
-      --azureblob-no-head-object                       If set, do not do HEAD before GET when getting objects
-      --azureblob-password string                      The user's password (obscured)
-      --azureblob-public-access string                 Public access level of a container: blob or container
-      --azureblob-sas-url string                       SAS URL for container level access only
-      --azureblob-service-principal-file string        Path to file containing credentials for use with a service principal
-      --azureblob-tenant string                        ID of the service principal's tenant. Also called its directory ID
-      --azureblob-upload-concurrency int               Concurrency for multipart uploads (default 16)
-      --azureblob-upload-cutoff string                 Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
-      --azureblob-use-emulator                         Uses local storage emulator if provided as 'true'
-      --azureblob-use-msi                              Use a managed service identity to authenticate (only works in Azure)
-      --azureblob-username string                      User name (usually an email address)
-      --b2-account string                              Account ID or Application Key ID
-      --b2-chunk-size SizeSuffix                       Upload chunk size (default 96Mi)
-      --b2-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4Gi)
-      --b2-disable-checksum                            Disable checksums for large (> upload cutoff) files
-      --b2-download-auth-duration Duration             Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
-      --b2-download-url string                         Custom endpoint for downloads
-      --b2-encoding MultiEncoder                       The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --b2-endpoint string                             Endpoint for the service
-      --b2-hard-delete                                 Permanently delete files on remote removal, otherwise hide files
-      --b2-key string                                  Application Key
-      --b2-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --b2-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --b2-test-mode string                            A flag string for X-Bz-Test-Mode header for debugging
-      --b2-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --b2-version-at Time                             Show file versions as they were at the specified time (default off)
-      --b2-versions                                    Include old versions in directory listings
-      --box-access-token string                        Box App Primary Access Token
-      --box-auth-url string                            Auth server URL
-      --box-box-config-file string                     Box App config.json location
-      --box-box-sub-type string                         (default "user")
-      --box-client-id string                           OAuth Client Id
-      --box-client-secret string                       OAuth Client Secret
-      --box-commit-retries int                         Max number of times to try committing a multipart file (default 100)
-      --box-encoding MultiEncoder                      The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
-      --box-list-chunk int                             Size of listing chunk 1-1000 (default 1000)
-      --box-owned-by string                            Only show items owned by the login (email address) passed in
-      --box-root-folder-id string                      Fill in for rclone to use a non root folder as its starting point
-      --box-token string                               OAuth Access Token as a JSON blob
-      --box-token-url string                           Token server url
-      --box-upload-cutoff SizeSuffix                   Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
-      --cache-chunk-clean-interval Duration            How often should the cache perform cleanups of the chunk storage (default 1m0s)
-      --cache-chunk-no-memory                          Disable the in-memory cache for storing chunks during streaming
-      --cache-chunk-path string                        Directory to cache chunk files (default "$HOME/.cache/rclone/cache-backend")
-      --cache-chunk-size SizeSuffix                    The size of a chunk (partial file data) (default 5Mi)
-      --cache-chunk-total-size SizeSuffix              The total size that the chunks can take up on the local disk (default 10Gi)
-      --cache-db-path string                           Directory to store file structure metadata DB (default "$HOME/.cache/rclone/cache-backend")
-      --cache-db-purge                                 Clear all the cached data for this remote on start
-      --cache-db-wait-time Duration                    How long to wait for the DB to be available - 0 is unlimited (default 1s)
-      --cache-info-age Duration                        How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
-      --cache-plex-insecure string                     Skip all certificate verification when connecting to the Plex server
-      --cache-plex-password string                     The password of the Plex user (obscured)
-      --cache-plex-url string                          The URL of the Plex server
-      --cache-plex-username string                     The username of the Plex user
-      --cache-read-retries int                         How many times to retry a read from a cache storage (default 10)
-      --cache-remote string                            Remote to cache
-      --cache-rps int                                  Limits the number of requests per second to the source FS (-1 to disable) (default -1)
-      --cache-tmp-upload-path string                   Directory to keep temporary files until they are uploaded
-      --cache-tmp-wait-time Duration                   How long should files be stored in local cache before being uploaded (default 15s)
-      --cache-workers int                              How many workers should run in parallel to download chunks (default 4)
-      --cache-writes                                   Cache file data on writes through the FS
-      --chunker-chunk-size SizeSuffix                  Files larger than chunk size will be split in chunks (default 2Gi)
-      --chunker-fail-hard                              Choose how chunker should handle files with missing or invalid chunks
-      --chunker-hash-type string                       Choose how chunker handles hash sums (default "md5")
-      --chunker-remote string                          Remote to chunk/unchunk
-      --combine-upstreams SpaceSepList                 Upstreams for combining
-      --compress-level int                             GZIP compression level (-2 to 9) (default -1)
-      --compress-mode string                           Compression mode (default "gzip")
-      --compress-ram-cache-limit SizeSuffix            Some remotes don't allow the upload of files with unknown size (default 20Mi)
-      --compress-remote string                         Remote to compress
-  -L, --copy-links                                     Follow symlinks and copy the pointed to item
-      --crypt-directory-name-encryption                Option to either encrypt directory names or leave them intact (default true)
-      --crypt-filename-encoding string                 How to encode the encrypted filename to text string (default "base32")
-      --crypt-filename-encryption string               How to encrypt the filenames (default "standard")
-      --crypt-no-data-encryption                       Option to either encrypt file data or leave it unencrypted
-      --crypt-password string                          Password or pass phrase for encryption (obscured)
-      --crypt-password2 string                         Password or pass phrase for salt (obscured)
-      --crypt-remote string                            Remote to encrypt/decrypt
-      --crypt-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different crypt configs
-      --crypt-show-mapping                             For all files listed show how the names encrypt
-      --drive-acknowledge-abuse                        Set to allow files which return cannotDownloadAbusiveFile to be downloaded
-      --drive-allow-import-name-change                 Allow the filetype to change when uploading Google docs
-      --drive-auth-owner-only                          Only consider files owned by the authenticated user
-      --drive-auth-url string                          Auth server URL
-      --drive-chunk-size SizeSuffix                    Upload chunk size (default 8Mi)
-      --drive-client-id string                         Google Application Client Id
-      --drive-client-secret string                     OAuth Client Secret
-      --drive-copy-shortcut-content                    Server side copy contents of shortcuts instead of the shortcut
-      --drive-disable-http2                            Disable drive using http2 (default true)
-      --drive-encoding MultiEncoder                    The encoding for the backend (default InvalidUtf8)
-      --drive-export-formats string                    Comma separated list of preferred formats for downloading Google docs (default "docx,xlsx,pptx,svg")
-      --drive-formats string                           Deprecated: See export_formats
-      --drive-impersonate string                       Impersonate this user when using a service account
-      --drive-import-formats string                    Comma separated list of preferred formats for uploading Google docs
-      --drive-keep-revision-forever                    Keep new head revision of each file forever
-      --drive-list-chunk int                           Size of listing chunk 100-1000, 0 to disable (default 1000)
-      --drive-pacer-burst int                          Number of API calls to allow without sleeping (default 100)
-      --drive-pacer-min-sleep Duration                 Minimum time to sleep between API calls (default 100ms)
-      --drive-resource-key string                      Resource key for accessing a link-shared file
-      --drive-root-folder-id string                    ID of the root folder
-      --drive-scope string                             Scope that rclone should use when requesting access from drive
-      --drive-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different drive configs
-      --drive-service-account-credentials string       Service Account Credentials JSON blob
-      --drive-service-account-file string              Service Account Credentials JSON file path
-      --drive-shared-with-me                           Only show files that are shared with me
-      --drive-size-as-quota                            Show sizes as storage quota usage, not actual size
-      --drive-skip-checksum-gphotos                    Skip MD5 checksum on Google photos and videos only
-      --drive-skip-dangling-shortcuts                  If set skip dangling shortcut files
-      --drive-skip-gdocs                               Skip google documents in all listings
-      --drive-skip-shortcuts                           If set skip shortcut files
-      --drive-starred-only                             Only show files that are starred
-      --drive-stop-on-download-limit                   Make download limit errors be fatal
-      --drive-stop-on-upload-limit                     Make upload limit errors be fatal
-      --drive-team-drive string                        ID of the Shared Drive (Team Drive)
-      --drive-token string                             OAuth Access Token as a JSON blob
-      --drive-token-url string                         Token server url
-      --drive-trashed-only                             Only show files that are in the trash
-      --drive-upload-cutoff SizeSuffix                 Cutoff for switching to chunked upload (default 8Mi)
-      --drive-use-created-date                         Use file created date instead of modified date
-      --drive-use-shared-date                          Use date file was shared instead of modified date
-      --drive-use-trash                                Send files to the trash instead of deleting permanently (default true)
-      --drive-v2-download-min-size SizeSuffix          If Object's are greater, use drive v2 API to download (default off)
-      --dropbox-auth-url string                        Auth server URL
-      --dropbox-batch-commit-timeout Duration          Max time to wait for a batch to finish committing (default 10m0s)
-      --dropbox-batch-mode string                      Upload file batching sync|async|off (default "sync")
-      --dropbox-batch-size int                         Max number of files in upload batch
-      --dropbox-batch-timeout Duration                 Max time to allow an idle upload batch before uploading (default 0s)
-      --dropbox-chunk-size SizeSuffix                  Upload chunk size (< 150Mi) (default 48Mi)
-      --dropbox-client-id string                       OAuth Client Id
-      --dropbox-client-secret string                   OAuth Client Secret
-      --dropbox-encoding MultiEncoder                  The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
-      --dropbox-impersonate string                     Impersonate this user when using a business account
-      --dropbox-shared-files                           Instructs rclone to work on individual shared files
-      --dropbox-shared-folders                         Instructs rclone to work on shared folders
-      --dropbox-token string                           OAuth Access Token as a JSON blob
-      --dropbox-token-url string                       Token server url
-      --fichier-api-key string                         Your API Key, get it from https://1fichier.com/console/params.pl
-      --fichier-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
-      --fichier-file-password string                   If you want to download a shared file that is password protected, add this parameter (obscured)
-      --fichier-folder-password string                 If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
-      --fichier-shared-folder string                   If you want to download a shared folder, add this parameter
-      --filefabric-encoding MultiEncoder               The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --filefabric-permanent-token string              Permanent Authentication Token
-      --filefabric-root-folder-id string               ID of the root folder
-      --filefabric-token string                        Session Token
-      --filefabric-token-expiry string                 Token expiry time
-      --filefabric-url string                          URL of the Enterprise File Fabric to connect to
-      --filefabric-version string                      Version read from the file fabric
-      --ftp-ask-password                               Allow asking for FTP password when needed
-      --ftp-close-timeout Duration                     Maximum time to wait for a response to close (default 1m0s)
-      --ftp-concurrency int                            Maximum number of FTP simultaneous connections, 0 for unlimited
-      --ftp-disable-epsv                               Disable using EPSV even if server advertises support
-      --ftp-disable-mlsd                               Disable using MLSD even if server advertises support
-      --ftp-disable-tls13                              Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
-      --ftp-disable-utf8                               Disable using UTF-8 even if server advertises support
-      --ftp-encoding MultiEncoder                      The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
-      --ftp-explicit-tls                               Use Explicit FTPS (FTP over TLS)
-      --ftp-force-list-hidden                          Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
-      --ftp-host string                                FTP host to connect to
-      --ftp-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --ftp-no-check-certificate                       Do not verify the TLS certificate of the server
-      --ftp-pass string                                FTP password (obscured)
-      --ftp-port int                                   FTP port number (default 21)
-      --ftp-shut-timeout Duration                      Maximum time to wait for data connection closing status (default 1m0s)
-      --ftp-tls                                        Use Implicit FTPS (FTP over TLS)
-      --ftp-tls-cache-size int                         Size of TLS session cache for all control and data connections (default 32)
-      --ftp-user string                                FTP username (default "$USER")
-      --ftp-writing-mdtm                               Use MDTM to set modification time (VsFtpd quirk)
-      --gcs-anonymous                                  Access public buckets and objects without credentials
-      --gcs-auth-url string                            Auth server URL
-      --gcs-bucket-acl string                          Access Control List for new buckets
-      --gcs-bucket-policy-only                         Access checks should use bucket-level IAM policies
-      --gcs-client-id string                           OAuth Client Id
-      --gcs-client-secret string                       OAuth Client Secret
-      --gcs-decompress                                 If set this will decompress gzip encoded objects
-      --gcs-encoding MultiEncoder                      The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gcs-endpoint string                            Endpoint for the service
-      --gcs-env-auth                                   Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
-      --gcs-location string                            Location for the newly created buckets
-      --gcs-no-check-bucket                            If set, don't attempt to check the bucket exists or create it
-      --gcs-object-acl string                          Access Control List for new objects
-      --gcs-project-number string                      Project number
-      --gcs-service-account-file string                Service Account Credentials JSON file path
-      --gcs-storage-class string                       The storage class to use when storing objects in Google Cloud Storage
-      --gcs-token string                               OAuth Access Token as a JSON blob
-      --gcs-token-url string                           Token server url
-      --gphotos-auth-url string                        Auth server URL
-      --gphotos-client-id string                       OAuth Client Id
-      --gphotos-client-secret string                   OAuth Client Secret
-      --gphotos-encoding MultiEncoder                  The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gphotos-include-archived                       Also view and download archived media
-      --gphotos-read-only                              Set to make the Google Photos backend read only
-      --gphotos-read-size                              Set to read the size of media items
-      --gphotos-start-year int                         Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
-      --gphotos-token string                           OAuth Access Token as a JSON blob
-      --gphotos-token-url string                       Token server url
-      --hasher-auto-size SizeSuffix                    Auto-update checksum for files smaller than this size (disabled by default)
-      --hasher-hashes CommaSepList                     Comma separated list of supported checksum types (default md5,sha1)
-      --hasher-max-age Duration                        Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
-      --hasher-remote string                           Remote to cache checksums for (e.g. myRemote:path)
-      --hdfs-data-transfer-protection string           Kerberos data transfer protection: authentication|integrity|privacy
-      --hdfs-encoding MultiEncoder                     The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
-      --hdfs-namenode string                           Hadoop name node and port
-      --hdfs-service-principal-name string             Kerberos service principal name for the namenode
-      --hdfs-username string                           Hadoop user name
-      --hidrive-auth-url string                        Auth server URL
-      --hidrive-chunk-size SizeSuffix                  Chunksize for chunked uploads (default 48Mi)
-      --hidrive-client-id string                       OAuth Client Id
-      --hidrive-client-secret string                   OAuth Client Secret
-      --hidrive-disable-fetching-member-count          Do not fetch number of objects in directories unless it is absolutely necessary
-      --hidrive-encoding MultiEncoder                  The encoding for the backend (default Slash,Dot)
-      --hidrive-endpoint string                        Endpoint for the service (default "https://api.hidrive.strato.com/2.1")
-      --hidrive-root-prefix string                     The root/parent folder for all paths (default "/")
-      --hidrive-scope-access string                    Access permissions that rclone should use when requesting access from HiDrive (default "rw")
-      --hidrive-scope-role string                      User-level that rclone should use when requesting access from HiDrive (default "user")
-      --hidrive-token string                           OAuth Access Token as a JSON blob
-      --hidrive-token-url string                       Token server url
-      --hidrive-upload-concurrency int                 Concurrency for chunked uploads (default 4)
-      --hidrive-upload-cutoff SizeSuffix               Cutoff/Threshold for chunked uploads (default 96Mi)
-      --http-headers CommaSepList                      Set HTTP headers for all transactions
-      --http-no-head                                   Don't use HEAD requests
-      --http-no-slash                                  Set this if the site doesn't end directories with /
-      --http-url string                                URL of HTTP host to connect to
-      --internetarchive-access-key-id string           IAS3 Access Key
-      --internetarchive-disable-checksum               Don't ask the server to test against MD5 checksum calculated by rclone (default true)
-      --internetarchive-encoding MultiEncoder          The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
-      --internetarchive-endpoint string                IAS3 Endpoint (default "https://s3.us.archive.org")
-      --internetarchive-front-endpoint string          Host of InternetArchive Frontend (default "https://archive.org")
-      --internetarchive-secret-access-key string       IAS3 Secret Key (password)
-      --internetarchive-wait-archive Duration          Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish (default 0s)
-      --jottacloud-encoding MultiEncoder               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
-      --jottacloud-hard-delete                         Delete files permanently rather than putting them into the trash
-      --jottacloud-md5-memory-limit SizeSuffix         Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
-      --jottacloud-no-versions                         Avoid server side versioning by deleting files and recreating files instead of overwriting them
-      --jottacloud-trashed-only                        Only show files that are in the trash
-      --jottacloud-upload-resume-limit SizeSuffix      Files bigger than this can be resumed if the upload fail's (default 10Mi)
-      --koofr-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --koofr-endpoint string                          The Koofr API endpoint to use
-      --koofr-mountid string                           Mount ID of the mount to use
-      --koofr-password string                          Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
-      --koofr-provider string                          Choose your storage provider
-      --koofr-setmtime                                 Does the backend support setting modification time (default true)
-      --koofr-user string                              Your user name
-  -l, --links                                          Translate symlinks to/from regular files with a '.rclonelink' extension
-      --local-case-insensitive                         Force the filesystem to report itself as case insensitive
-      --local-case-sensitive                           Force the filesystem to report itself as case sensitive
-      --local-encoding MultiEncoder                    The encoding for the backend (default Slash,Dot)
-      --local-no-check-updated                         Don't check to see if the files change during upload
-      --local-no-preallocate                           Disable preallocation of disk space for transferred files
-      --local-no-set-modtime                           Disable setting modtime
-      --local-no-sparse                                Disable sparse files for multi-thread downloads
-      --local-nounc                                    Disable UNC (long path names) conversion on Windows
-      --local-unicode-normalization                    Apply unicode NFC normalization to paths and filenames
-      --local-zero-size-links                          Assume the Stat size of links is zero (and read them instead) (deprecated)
-      --mailru-check-hash                              What should copy do if file checksum is mismatched or invalid (default true)
-      --mailru-encoding MultiEncoder                   The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --mailru-pass string                             Password (obscured)
-      --mailru-speedup-enable                          Skip full upload if there is another file with same data hash (default true)
-      --mailru-speedup-file-patterns string            Comma separated list of file name patterns eligible for speedup (put by hash) (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
-      --mailru-speedup-max-disk SizeSuffix             This option allows you to disable speedup (put by hash) for large files (default 3Gi)
-      --mailru-speedup-max-memory SizeSuffix           Files larger than the size given below will always be hashed on disk (default 32Mi)
-      --mailru-user string                             User name (usually email)
-      --mega-debug                                     Output more debug from Mega
-      --mega-encoding MultiEncoder                     The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --mega-hard-delete                               Delete files permanently rather than putting them into the trash
-      --mega-pass string                               Password (obscured)
-      --mega-use-https                                 Use HTTPS for transfers
-      --mega-user string                               User name
-      --netstorage-account string                      Set the NetStorage account name
-      --netstorage-host string                         Domain+path of NetStorage host to connect to
-      --netstorage-protocol string                     Select between HTTP or HTTPS protocol (default "https")
-      --netstorage-secret string                       Set the NetStorage account secret/G2O key for authentication (obscured)
-  -x, --one-file-system                                Don't cross filesystem boundaries (unix/macOS only)
-      --onedrive-access-scopes SpaceSepList            Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
-      --onedrive-auth-url string                       Auth server URL
-      --onedrive-chunk-size SizeSuffix                 Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
-      --onedrive-client-id string                      OAuth Client Id
-      --onedrive-client-secret string                  OAuth Client Secret
-      --onedrive-drive-id string                       The ID of the drive to use
-      --onedrive-drive-type string                     The type of the drive (personal | business | documentLibrary)
-      --onedrive-encoding MultiEncoder                 The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --onedrive-expose-onenote-files                  Set to make OneNote files show up in directory listings
-      --onedrive-hash-type string                      Specify the hash in use for the backend (default "auto")
-      --onedrive-link-password string                  Set the password for links created by the link command
-      --onedrive-link-scope string                     Set the scope of the links created by the link command (default "anonymous")
-      --onedrive-link-type string                      Set the type of the links created by the link command (default "view")
-      --onedrive-list-chunk int                        Size of listing chunk (default 1000)
-      --onedrive-no-versions                           Remove all versions on modifying operations
-      --onedrive-region string                         Choose national cloud region for OneDrive (default "global")
-      --onedrive-root-folder-id string                 ID of the root folder
-      --onedrive-server-side-across-configs            Allow server-side operations (e.g. copy) to work across different onedrive configs
-      --onedrive-token string                          OAuth Access Token as a JSON blob
-      --onedrive-token-url string                      Token server url
-      --oos-chunk-size SizeSuffix                      Chunk size to use for uploading (default 5Mi)
-      --oos-compartment string                         Object storage compartment OCID
-      --oos-config-file string                         Path to OCI config file (default "~/.oci/config")
-      --oos-config-profile string                      Profile name inside the oci config file (default "Default")
-      --oos-copy-cutoff SizeSuffix                     Cutoff for switching to multipart copy (default 4.656Gi)
-      --oos-copy-timeout Duration                      Timeout for copy (default 1m0s)
-      --oos-disable-checksum                           Don't store MD5 checksum with object metadata
-      --oos-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --oos-endpoint string                            Endpoint for Object storage API
-      --oos-leave-parts-on-error                       If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --oos-namespace string                           Object storage namespace
-      --oos-no-check-bucket                            If set, don't attempt to check the bucket exists or create it
-      --oos-provider string                            Choose your Auth Provider (default "env_auth")
-      --oos-region string                              Object storage Region
-      --oos-sse-customer-algorithm string              If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm
-      --oos-sse-customer-key string                    To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
-      --oos-sse-customer-key-file string               To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
-      --oos-sse-customer-key-sha256 string             If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
-      --oos-sse-kms-key-id string                      if using using your own master key in vault, this header specifies the
-      --oos-storage-tier string                        The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default "Standard")
-      --oos-upload-concurrency int                     Concurrency for multipart uploads (default 10)
-      --oos-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
-      --opendrive-chunk-size SizeSuffix                Files will be uploaded in chunks this size (default 10Mi)
-      --opendrive-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
-      --opendrive-password string                      Password (obscured)
-      --opendrive-username string                      Username
-      --pcloud-auth-url string                         Auth server URL
-      --pcloud-client-id string                        OAuth Client Id
-      --pcloud-client-secret string                    OAuth Client Secret
-      --pcloud-encoding MultiEncoder                   The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --pcloud-hostname string                         Hostname to connect to (default "api.pcloud.com")
-      --pcloud-password string                         Your pcloud password (obscured)
-      --pcloud-root-folder-id string                   Fill in for rclone to use a non root folder as its starting point (default "d0")
-      --pcloud-token string                            OAuth Access Token as a JSON blob
-      --pcloud-token-url string                        Token server url
-      --pcloud-username string                         Your pcloud username
-      --premiumizeme-encoding MultiEncoder             The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --putio-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --qingstor-access-key-id string                  QingStor Access Key ID
-      --qingstor-chunk-size SizeSuffix                 Chunk size to use for uploading (default 4Mi)
-      --qingstor-connection-retries int                Number of connection retries (default 3)
-      --qingstor-encoding MultiEncoder                 The encoding for the backend (default Slash,Ctl,InvalidUtf8)
-      --qingstor-endpoint string                       Enter an endpoint URL to connection QingStor API
-      --qingstor-env-auth                              Get QingStor credentials from runtime
-      --qingstor-secret-access-key string              QingStor Secret Access Key (password)
-      --qingstor-upload-concurrency int                Concurrency for multipart uploads (default 1)
-      --qingstor-upload-cutoff SizeSuffix              Cutoff for switching to chunked upload (default 200Mi)
-      --qingstor-zone string                           Zone to connect to
-      --s3-access-key-id string                        AWS Access Key ID
-      --s3-acl string                                  Canned ACL used when creating buckets and storing or copying objects
-      --s3-bucket-acl string                           Canned ACL used when creating buckets
-      --s3-chunk-size SizeSuffix                       Chunk size to use for uploading (default 5Mi)
-      --s3-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4.656Gi)
-      --s3-decompress                                  If set this will decompress gzip encoded objects
-      --s3-disable-checksum                            Don't store MD5 checksum with object metadata
-      --s3-disable-http2                               Disable usage of http2 for S3 backends
-      --s3-download-url string                         Custom endpoint for downloads
-      --s3-encoding MultiEncoder                       The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --s3-endpoint string                             Endpoint for S3 API
-      --s3-env-auth                                    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
-      --s3-force-path-style                            If true use path style access if false use virtual hosted style (default true)
-      --s3-leave-parts-on-error                        If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --s3-list-chunk int                              Size of listing chunk (response list for each ListObject S3 request) (default 1000)
-      --s3-list-url-encode Tristate                    Whether to url encode listings: true/false/unset (default unset)
-      --s3-list-version int                            Version of ListObjects to use: 1,2 or 0 for auto
-      --s3-location-constraint string                  Location constraint - must be set to match the Region
-      --s3-max-upload-parts int                        Maximum number of parts in a multipart upload (default 10000)
-      --s3-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --s3-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --s3-might-gzip Tristate                         Set this if the backend might gzip objects (default unset)
-      --s3-no-check-bucket                             If set, don't attempt to check the bucket exists or create it
-      --s3-no-head                                     If set, don't HEAD uploaded objects to check integrity
-      --s3-no-head-object                              If set, do not do HEAD before GET when getting objects
-      --s3-no-system-metadata                          Suppress setting and reading of system metadata
-      --s3-profile string                              Profile to use in the shared credentials file
-      --s3-provider string                             Choose your S3 provider
-      --s3-region string                               Region to connect to
-      --s3-requester-pays                              Enables requester pays option when interacting with S3 bucket
-      --s3-secret-access-key string                    AWS Secret Access Key (password)
-      --s3-server-side-encryption string               The server-side encryption algorithm used when storing this object in S3
-      --s3-session-token string                        An AWS session token
-      --s3-shared-credentials-file string              Path to the shared credentials file
-      --s3-sse-customer-algorithm string               If using SSE-C, the server-side encryption algorithm used when storing this object in S3
-      --s3-sse-customer-key string                     To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
-      --s3-sse-customer-key-base64 string              If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
-      --s3-sse-customer-key-md5 string                 If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
-      --s3-sse-kms-key-id string                       If using KMS ID you must provide the ARN of Key
-      --s3-storage-class string                        The storage class to use when storing new objects in S3
-      --s3-sts-endpoint string                         Endpoint for STS
-      --s3-upload-concurrency int                      Concurrency for multipart uploads (default 4)
-      --s3-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --s3-use-accelerate-endpoint                     If true use the AWS S3 accelerated endpoint
-      --s3-use-multipart-etag Tristate                 Whether to use ETag in multipart uploads for verification (default unset)
-      --s3-use-presigned-request                       Whether to use a presigned request or PutObject for single part uploads
-      --s3-v2-auth                                     If true use v2 authentication
-      --s3-version-at Time                             Show file versions as they were at the specified time (default off)
-      --s3-versions                                    Include old versions in directory listings
-      --seafile-2fa                                    Two-factor authentication ('true' if the account has 2FA enabled)
-      --seafile-create-library                         Should rclone create a library if it doesn't exist
-      --seafile-encoding MultiEncoder                  The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
-      --seafile-library string                         Name of the library
-      --seafile-library-key string                     Library password (for encrypted libraries only) (obscured)
-      --seafile-pass string                            Password (obscured)
-      --seafile-url string                             URL of seafile host to connect to
-      --seafile-user string                            User name (usually email address)
-      --sftp-ask-password                              Allow asking for SFTP password when needed
-      --sftp-chunk-size SizeSuffix                     Upload and download chunk size (default 32Ki)
-      --sftp-ciphers SpaceSepList                      Space separated list of ciphers to be used for session encryption, ordered by preference
-      --sftp-concurrency int                           The maximum number of outstanding requests for one file (default 64)
-      --sftp-disable-concurrent-reads                  If set don't use concurrent reads
-      --sftp-disable-concurrent-writes                 If set don't use concurrent writes
-      --sftp-disable-hashcheck                         Disable the execution of SSH commands to determine if remote file hashing is available
-      --sftp-host string                               SSH host to connect to
-      --sftp-idle-timeout Duration                     Max time before closing idle connections (default 1m0s)
-      --sftp-key-exchange SpaceSepList                 Space separated list of key exchange algorithms, ordered by preference
-      --sftp-key-file string                           Path to PEM-encoded private key file
-      --sftp-key-file-pass string                      The passphrase to decrypt the PEM-encoded private key file (obscured)
-      --sftp-key-pem string                            Raw PEM-encoded private key
-      --sftp-key-use-agent                             When set forces the usage of the ssh-agent
-      --sftp-known-hosts-file string                   Optional path to known_hosts file
-      --sftp-macs SpaceSepList                         Space separated list of MACs (message authentication code) algorithms, ordered by preference
-      --sftp-md5sum-command string                     The command used to read md5 hashes
-      --sftp-pass string                               SSH password, leave blank to use ssh-agent (obscured)
-      --sftp-path-override string                      Override path used by SSH shell commands
-      --sftp-port int                                  SSH port number (default 22)
-      --sftp-pubkey-file string                        Optional path to public key file
-      --sftp-server-command string                     Specifies the path or command to run a sftp server on the remote host
-      --sftp-set-env SpaceSepList                      Environment variables to pass to sftp and commands
-      --sftp-set-modtime                               Set the modified time on the remote if set (default true)
-      --sftp-sha1sum-command string                    The command used to read sha1 hashes
-      --sftp-shell-type string                         The type of SSH shell on remote server, if any
-      --sftp-skip-links                                Set to skip any symlinks and any other non regular files
-      --sftp-subsystem string                          Specifies the SSH2 subsystem on the remote host (default "sftp")
-      --sftp-use-fstat                                 If set use fstat instead of stat
-      --sftp-use-insecure-cipher                       Enable the use of insecure ciphers and key exchange methods
-      --sftp-user string                               SSH username (default "$USER")
-      --sharefile-chunk-size SizeSuffix                Upload chunk size (default 64Mi)
-      --sharefile-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --sharefile-endpoint string                      Endpoint for API calls
-      --sharefile-root-folder-id string                ID of the root folder
-      --sharefile-upload-cutoff SizeSuffix             Cutoff for switching to multipart upload (default 128Mi)
-      --sia-api-password string                        Sia Daemon API Password (obscured)
-      --sia-api-url string                             Sia daemon API URL, like http://sia.daemon.host:9980 (default "http://127.0.0.1:9980")
-      --sia-encoding MultiEncoder                      The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
-      --sia-user-agent string                          Siad User Agent (default "Sia-Agent")
-      --skip-links                                     Don't warn about skipped symlinks
-      --smb-case-insensitive                           Whether the server is configured to be case-insensitive (default true)
-      --smb-domain string                              Domain name for NTLM authentication (default "WORKGROUP")
-      --smb-encoding MultiEncoder                      The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --smb-hide-special-share                         Hide special shares (e.g. print$) which users aren't supposed to access (default true)
-      --smb-host string                                SMB server hostname to connect to
-      --smb-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --smb-pass string                                SMB password (obscured)
-      --smb-port int                                   SMB port number (default 445)
-      --smb-spn string                                 Service principal name
-      --smb-user string                                SMB username (default "$USER")
-      --storj-access-grant string                      Access grant
-      --storj-api-key string                           API key
-      --storj-passphrase string                        Encryption passphrase
-      --storj-provider string                          Choose an authentication method (default "existing")
-      --storj-satellite-address string                 Satellite address (default "us1.storj.io")
-      --sugarsync-access-key-id string                 Sugarsync Access Key ID
-      --sugarsync-app-id string                        Sugarsync App ID
-      --sugarsync-authorization string                 Sugarsync authorization
-      --sugarsync-authorization-expiry string          Sugarsync authorization expiry
-      --sugarsync-deleted-id string                    Sugarsync deleted folder id
-      --sugarsync-encoding MultiEncoder                The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
-      --sugarsync-hard-delete                          Permanently delete files if true
-      --sugarsync-private-access-key string            Sugarsync Private Access Key
-      --sugarsync-refresh-token string                 Sugarsync refresh token
-      --sugarsync-root-id string                       Sugarsync root id
-      --sugarsync-user string                          Sugarsync user
-      --swift-application-credential-id string         Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
-      --swift-application-credential-name string       Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
-      --swift-application-credential-secret string     Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
-      --swift-auth string                              Authentication URL for server (OS_AUTH_URL)
-      --swift-auth-token string                        Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-      --swift-auth-version int                         AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-      --swift-chunk-size SizeSuffix                    Above this size files will be chunked into a _segments container (default 5Gi)
-      --swift-domain string                            User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-      --swift-encoding MultiEncoder                    The encoding for the backend (default Slash,InvalidUtf8)
-      --swift-endpoint-type string                     Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
-      --swift-env-auth                                 Get swift credentials from environment variables in standard OpenStack form
-      --swift-key string                               API key or password (OS_PASSWORD)
-      --swift-leave-parts-on-error                     If true avoid calling abort upload on a failure
-      --swift-no-chunk                                 Don't chunk files during streaming upload
-      --swift-no-large-objects                         Disable support for static and dynamic large objects
-      --swift-region string                            Region name - optional (OS_REGION_NAME)
-      --swift-storage-policy string                    The storage policy to use when creating a new container
-      --swift-storage-url string                       Storage URL - optional (OS_STORAGE_URL)
-      --swift-tenant string                            Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-      --swift-tenant-domain string                     Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-      --swift-tenant-id string                         Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-      --swift-user string                              User name to log in (OS_USERNAME)
-      --swift-user-id string                           User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
-      --union-action-policy string                     Policy to choose upstream on ACTION category (default "epall")
-      --union-cache-time int                           Cache time of usage and free space (in seconds) (default 120)
-      --union-create-policy string                     Policy to choose upstream on CREATE category (default "epmfs")
-      --union-min-free-space SizeSuffix                Minimum viable free space for lfs/eplfs policies (default 1Gi)
-      --union-search-policy string                     Policy to choose upstream on SEARCH category (default "ff")
-      --union-upstreams string                         List of space separated upstreams
-      --uptobox-access-token string                    Your access token
-      --uptobox-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
-      --webdav-bearer-token string                     Bearer token instead of user/pass (e.g. a Macaroon)
-      --webdav-bearer-token-command string             Command to run to get a bearer token
-      --webdav-encoding string                         The encoding for the backend
-      --webdav-headers CommaSepList                    Set HTTP headers for all transactions
-      --webdav-pass string                             Password (obscured)
-      --webdav-url string                              URL of http host to connect to
-      --webdav-user string                             User name
-      --webdav-vendor string                           Name of the WebDAV site/service/software you are using
-      --yandex-auth-url string                         Auth server URL
-      --yandex-client-id string                        OAuth Client Id
-      --yandex-client-secret string                    OAuth Client Secret
-      --yandex-encoding MultiEncoder                   The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --yandex-hard-delete                             Delete files permanently rather than putting them into the trash
-      --yandex-token string                            OAuth Access Token as a JSON blob
-      --yandex-token-url string                        Token server url
-      --zoho-auth-url string                           Auth server URL
-      --zoho-client-id string                          OAuth Client Id
-      --zoho-client-secret string                      OAuth Client Secret
-      --zoho-encoding MultiEncoder                     The encoding for the backend (default Del,Ctl,InvalidUtf8)
-      --zoho-region string                             Zoho region to connect to
-      --zoho-token string                              OAuth Access Token as a JSON blob
-      --zoho-token-url string                          Token server url
+  -M, --metadata                            If set, preserve metadata when copying objects
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --metadata-mapper SpaceSepList        Program to run to transforming metadata before upload
+      --metadata-set stringArray            Add metadata key=value when uploading
+```
+
+
+## RC
+
+Flags to control the Remote Control API.
+
 ```
+      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default "tls1.0")
+      --rc-no-auth                         Don't require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default "dlPL2MqE")
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don't open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui
+```
+
+
+## Backend
+
+Backend only flags. These can be set in the config file also.
+
+```
+      --acd-auth-url string                                 Auth server URL
+      --acd-client-id string                                OAuth Client Id
+      --acd-client-secret string                            OAuth Client Secret
+      --acd-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --acd-templink-threshold SizeSuffix                   Files >= this size will be downloaded via their tempLink (default 9Gi)
+      --acd-token string                                    OAuth Access Token as a JSON blob
+      --acd-token-url string                                Token server url
+      --acd-upload-wait-per-gb Duration                     Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
+      --alias-remote string                                 Remote or path to alias
+      --azureblob-access-tier string                        Access tier of blob: hot, cool, cold or archive
+      --azureblob-account string                            Azure Storage Account Name
+      --azureblob-archive-tier-delete                       Delete archive tier blobs before overwriting
+      --azureblob-chunk-size SizeSuffix                     Upload chunk size (default 4Mi)
+      --azureblob-client-certificate-password string        Password for the certificate file (optional) (obscured)
+      --azureblob-client-certificate-path string            Path to a PEM or PKCS12 certificate file including the private key
+      --azureblob-client-id string                          The ID of the client in use
+      --azureblob-client-secret string                      One of the service principal's client secrets
+      --azureblob-client-send-certificate-chain             Send the certificate chain when using certificate auth
+      --azureblob-directory-markers                         Upload an empty object with a trailing slash when a new directory is created
+      --azureblob-disable-checksum                          Don't store MD5 checksum with object metadata
+      --azureblob-encoding Encoding                         The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
+      --azureblob-endpoint string                           Endpoint for the service
+      --azureblob-env-auth                                  Read credentials from runtime (environment variables, CLI or MSI)
+      --azureblob-key string                                Storage Account Shared Key
+      --azureblob-list-chunk int                            Size of blob list (default 5000)
+      --azureblob-msi-client-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-msi-mi-res-id string                      Azure resource ID of the user-assigned MSI to use, if any
+      --azureblob-msi-object-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-no-check-container                        If set, don't attempt to check the container exists or create it
+      --azureblob-no-head-object                            If set, do not do HEAD before GET when getting objects
+      --azureblob-password string                           The user's password (obscured)
+      --azureblob-public-access string                      Public access level of a container: blob or container
+      --azureblob-sas-url string                            SAS URL for container level access only
+      --azureblob-service-principal-file string             Path to file containing credentials for use with a service principal
+      --azureblob-tenant string                             ID of the service principal's tenant. Also called its directory ID
+      --azureblob-upload-concurrency int                    Concurrency for multipart uploads (default 16)
+      --azureblob-upload-cutoff string                      Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
+      --azureblob-use-emulator                              Uses local storage emulator if provided as 'true'
+      --azureblob-use-msi                                   Use a managed service identity to authenticate (only works in Azure)
+      --azureblob-username string                           User name (usually an email address)
+      --azurefiles-account string                           Azure Storage Account Name
+      --azurefiles-chunk-size SizeSuffix                    Upload chunk size (default 4Mi)
+      --azurefiles-client-certificate-password string       Password for the certificate file (optional) (obscured)
+      --azurefiles-client-certificate-path string           Path to a PEM or PKCS12 certificate file including the private key
+      --azurefiles-client-id string                         The ID of the client in use
+      --azurefiles-client-secret string                     One of the service principal's client secrets
+      --azurefiles-client-send-certificate-chain            Send the certificate chain when using certificate auth
+      --azurefiles-connection-string string                 Azure Files Connection String
+      --azurefiles-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot)
+      --azurefiles-endpoint string                          Endpoint for the service
+      --azurefiles-env-auth                                 Read credentials from runtime (environment variables, CLI or MSI)
+      --azurefiles-key string                               Storage Account Shared Key
+      --azurefiles-max-stream-size SizeSuffix               Max size for streamed files (default 10Gi)
+      --azurefiles-msi-client-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-mi-res-id string                     Azure resource ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-object-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-password string                          The user's password (obscured)
+      --azurefiles-sas-url string                           SAS URL
+      --azurefiles-service-principal-file string            Path to file containing credentials for use with a service principal
+      --azurefiles-share-name string                        Azure Files Share Name
+      --azurefiles-tenant string                            ID of the service principal's tenant. Also called its directory ID
+      --azurefiles-upload-concurrency int                   Concurrency for multipart uploads (default 16)
+      --azurefiles-use-msi                                  Use a managed service identity to authenticate (only works in Azure)
+      --azurefiles-username string                          User name (usually an email address)
+      --b2-account string                                   Account ID or Application Key ID
+      --b2-chunk-size SizeSuffix                            Upload chunk size (default 96Mi)
+      --b2-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4Gi)
+      --b2-disable-checksum                                 Disable checksums for large (> upload cutoff) files
+      --b2-download-auth-duration Duration                  Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
+      --b2-download-url string                              Custom endpoint for downloads
+      --b2-encoding Encoding                                The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --b2-endpoint string                                  Endpoint for the service
+      --b2-hard-delete                                      Permanently delete files on remote removal, otherwise hide files
+      --b2-key string                                       Application Key
+      --b2-lifecycle int                                    Set the number of days deleted files should be kept when creating a bucket
+      --b2-test-mode string                                 A flag string for X-Bz-Test-Mode header for debugging
+      --b2-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --b2-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --b2-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --b2-versions                                         Include old versions in directory listings
+      --box-access-token string                             Box App Primary Access Token
+      --box-auth-url string                                 Auth server URL
+      --box-box-config-file string                          Box App config.json location
+      --box-box-sub-type string                              (default "user")
+      --box-client-id string                                OAuth Client Id
+      --box-client-secret string                            OAuth Client Secret
+      --box-commit-retries int                              Max number of times to try committing a multipart file (default 100)
+      --box-encoding Encoding                               The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
+      --box-impersonate string                              Impersonate this user ID when using a service account
+      --box-list-chunk int                                  Size of listing chunk 1-1000 (default 1000)
+      --box-owned-by string                                 Only show items owned by the login (email address) passed in
+      --box-root-folder-id string                           Fill in for rclone to use a non root folder as its starting point
+      --box-token string                                    OAuth Access Token as a JSON blob
+      --box-token-url string                                Token server url
+      --box-upload-cutoff SizeSuffix                        Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
+      --cache-chunk-clean-interval Duration                 How often should the cache perform cleanups of the chunk storage (default 1m0s)
+      --cache-chunk-no-memory                               Disable the in-memory cache for storing chunks during streaming
+      --cache-chunk-path string                             Directory to cache chunk files (default "$HOME/.cache/rclone/cache-backend")
+      --cache-chunk-size SizeSuffix                         The size of a chunk (partial file data) (default 5Mi)
+      --cache-chunk-total-size SizeSuffix                   The total size that the chunks can take up on the local disk (default 10Gi)
+      --cache-db-path string                                Directory to store file structure metadata DB (default "$HOME/.cache/rclone/cache-backend")
+      --cache-db-purge                                      Clear all the cached data for this remote on start
+      --cache-db-wait-time Duration                         How long to wait for the DB to be available - 0 is unlimited (default 1s)
+      --cache-info-age Duration                             How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
+      --cache-plex-insecure string                          Skip all certificate verification when connecting to the Plex server
+      --cache-plex-password string                          The password of the Plex user (obscured)
+      --cache-plex-url string                               The URL of the Plex server
+      --cache-plex-username string                          The username of the Plex user
+      --cache-read-retries int                              How many times to retry a read from a cache storage (default 10)
+      --cache-remote string                                 Remote to cache
+      --cache-rps int                                       Limits the number of requests per second to the source FS (-1 to disable) (default -1)
+      --cache-tmp-upload-path string                        Directory to keep temporary files until they are uploaded
+      --cache-tmp-wait-time Duration                        How long should files be stored in local cache before being uploaded (default 15s)
+      --cache-workers int                                   How many workers should run in parallel to download chunks (default 4)
+      --cache-writes                                        Cache file data on writes through the FS
+      --chunker-chunk-size SizeSuffix                       Files larger than chunk size will be split in chunks (default 2Gi)
+      --chunker-fail-hard                                   Choose how chunker should handle files with missing or invalid chunks
+      --chunker-hash-type string                            Choose how chunker handles hash sums (default "md5")
+      --chunker-remote string                               Remote to chunk/unchunk
+      --combine-upstreams SpaceSepList                      Upstreams for combining
+      --compress-level int                                  GZIP compression level (-2 to 9) (default -1)
+      --compress-mode string                                Compression mode (default "gzip")
+      --compress-ram-cache-limit SizeSuffix                 Some remotes don't allow the upload of files with unknown size (default 20Mi)
+      --compress-remote string                              Remote to compress
+  -L, --copy-links                                          Follow symlinks and copy the pointed to item
+      --crypt-directory-name-encryption                     Option to either encrypt directory names or leave them intact (default true)
+      --crypt-filename-encoding string                      How to encode the encrypted filename to text string (default "base32")
+      --crypt-filename-encryption string                    How to encrypt the filenames (default "standard")
+      --crypt-no-data-encryption                            Option to either encrypt file data or leave it unencrypted
+      --crypt-pass-bad-blocks                               If set this will pass bad blocks through as all 0
+      --crypt-password string                               Password or pass phrase for encryption (obscured)
+      --crypt-password2 string                              Password or pass phrase for salt (obscured)
+      --crypt-remote string                                 Remote to encrypt/decrypt
+      --crypt-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --crypt-show-mapping                                  For all files listed show how the names encrypt
+      --crypt-suffix string                                 If this is set it will override the default suffix of ".bin" (default ".bin")
+      --drive-acknowledge-abuse                             Set to allow files which return cannotDownloadAbusiveFile to be downloaded
+      --drive-allow-import-name-change                      Allow the filetype to change when uploading Google docs
+      --drive-auth-owner-only                               Only consider files owned by the authenticated user
+      --drive-auth-url string                               Auth server URL
+      --drive-chunk-size SizeSuffix                         Upload chunk size (default 8Mi)
+      --drive-client-id string                              Google Application Client Id
+      --drive-client-secret string                          OAuth Client Secret
+      --drive-copy-shortcut-content                         Server side copy contents of shortcuts instead of the shortcut
+      --drive-disable-http2                                 Disable drive using http2 (default true)
+      --drive-encoding Encoding                             The encoding for the backend (default InvalidUtf8)
+      --drive-env-auth                                      Get IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --drive-export-formats string                         Comma separated list of preferred formats for downloading Google docs (default "docx,xlsx,pptx,svg")
+      --drive-fast-list-bug-fix                             Work around a bug in Google Drive listing (default true)
+      --drive-formats string                                Deprecated: See export_formats
+      --drive-impersonate string                            Impersonate this user when using a service account
+      --drive-import-formats string                         Comma separated list of preferred formats for uploading Google docs
+      --drive-keep-revision-forever                         Keep new head revision of each file forever
+      --drive-list-chunk int                                Size of listing chunk 100-1000, 0 to disable (default 1000)
+      --drive-metadata-labels Bits                          Control whether labels should be read or written in metadata (default off)
+      --drive-metadata-owner Bits                           Control whether owner should be read or written in metadata (default read)
+      --drive-metadata-permissions Bits                     Control whether permissions should be read or written in metadata (default off)
+      --drive-pacer-burst int                               Number of API calls to allow without sleeping (default 100)
+      --drive-pacer-min-sleep Duration                      Minimum time to sleep between API calls (default 100ms)
+      --drive-resource-key string                           Resource key for accessing a link-shared file
+      --drive-root-folder-id string                         ID of the root folder
+      --drive-scope string                                  Comma separated list of scopes that rclone should use when requesting access from drive
+      --drive-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --drive-service-account-credentials string            Service Account Credentials JSON blob
+      --drive-service-account-file string                   Service Account Credentials JSON file path
+      --drive-shared-with-me                                Only show files that are shared with me
+      --drive-show-all-gdocs                                Show all Google Docs including non-exportable ones in listings
+      --drive-size-as-quota                                 Show sizes as storage quota usage, not actual size
+      --drive-skip-checksum-gphotos                         Skip checksums on Google photos and videos only
+      --drive-skip-dangling-shortcuts                       If set skip dangling shortcut files
+      --drive-skip-gdocs                                    Skip google documents in all listings
+      --drive-skip-shortcuts                                If set skip shortcut files
+      --drive-starred-only                                  Only show files that are starred
+      --drive-stop-on-download-limit                        Make download limit errors be fatal
+      --drive-stop-on-upload-limit                          Make upload limit errors be fatal
+      --drive-team-drive string                             ID of the Shared Drive (Team Drive)
+      --drive-token string                                  OAuth Access Token as a JSON blob
+      --drive-token-url string                              Token server url
+      --drive-trashed-only                                  Only show files that are in the trash
+      --drive-upload-cutoff SizeSuffix                      Cutoff for switching to chunked upload (default 8Mi)
+      --drive-use-created-date                              Use file created date instead of modified date
+      --drive-use-shared-date                               Use date file was shared instead of modified date
+      --drive-use-trash                                     Send files to the trash instead of deleting permanently (default true)
+      --drive-v2-download-min-size SizeSuffix               If Object's are greater, use drive v2 API to download (default off)
+      --dropbox-auth-url string                             Auth server URL
+      --dropbox-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --dropbox-batch-mode string                           Upload file batching sync|async|off (default "sync")
+      --dropbox-batch-size int                              Max number of files in upload batch
+      --dropbox-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --dropbox-chunk-size SizeSuffix                       Upload chunk size (< 150Mi) (default 48Mi)
+      --dropbox-client-id string                            OAuth Client Id
+      --dropbox-client-secret string                        OAuth Client Secret
+      --dropbox-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
+      --dropbox-impersonate string                          Impersonate this user when using a business account
+      --dropbox-pacer-min-sleep Duration                    Minimum time to sleep between API calls (default 10ms)
+      --dropbox-shared-files                                Instructs rclone to work on individual shared files
+      --dropbox-shared-folders                              Instructs rclone to work on shared folders
+      --dropbox-token string                                OAuth Access Token as a JSON blob
+      --dropbox-token-url string                            Token server url
+      --fichier-api-key string                              Your API Key, get it from https://1fichier.com/console/params.pl
+      --fichier-cdn                                         Set if you wish to use CDN download links
+      --fichier-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --fichier-file-password string                        If you want to download a shared file that is password protected, add this parameter (obscured)
+      --fichier-folder-password string                      If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
+      --fichier-shared-folder string                        If you want to download a shared folder, add this parameter
+      --filefabric-encoding Encoding                        The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --filefabric-permanent-token string                   Permanent Authentication Token
+      --filefabric-root-folder-id string                    ID of the root folder
+      --filefabric-token string                             Session Token
+      --filefabric-token-expiry string                      Token expiry time
+      --filefabric-url string                               URL of the Enterprise File Fabric to connect to
+      --filefabric-version string                           Version read from the file fabric
+      --ftp-ask-password                                    Allow asking for FTP password when needed
+      --ftp-close-timeout Duration                          Maximum time to wait for a response to close (default 1m0s)
+      --ftp-concurrency int                                 Maximum number of FTP simultaneous connections, 0 for unlimited
+      --ftp-disable-epsv                                    Disable using EPSV even if server advertises support
+      --ftp-disable-mlsd                                    Disable using MLSD even if server advertises support
+      --ftp-disable-tls13                                   Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+      --ftp-disable-utf8                                    Disable using UTF-8 even if server advertises support
+      --ftp-encoding Encoding                               The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
+      --ftp-explicit-tls                                    Use Explicit FTPS (FTP over TLS)
+      --ftp-force-list-hidden                               Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
+      --ftp-host string                                     FTP host to connect to
+      --ftp-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --ftp-no-check-certificate                            Do not verify the TLS certificate of the server
+      --ftp-pass string                                     FTP password (obscured)
+      --ftp-port int                                        FTP port number (default 21)
+      --ftp-shut-timeout Duration                           Maximum time to wait for data connection closing status (default 1m0s)
+      --ftp-socks-proxy string                              Socks 5 proxy host
+      --ftp-tls                                             Use Implicit FTPS (FTP over TLS)
+      --ftp-tls-cache-size int                              Size of TLS session cache for all control and data connections (default 32)
+      --ftp-user string                                     FTP username (default "$USER")
+      --ftp-writing-mdtm                                    Use MDTM to set modification time (VsFtpd quirk)
+      --gcs-anonymous                                       Access public buckets and objects without credentials
+      --gcs-auth-url string                                 Auth server URL
+      --gcs-bucket-acl string                               Access Control List for new buckets
+      --gcs-bucket-policy-only                              Access checks should use bucket-level IAM policies
+      --gcs-client-id string                                OAuth Client Id
+      --gcs-client-secret string                            OAuth Client Secret
+      --gcs-decompress                                      If set this will decompress gzip encoded objects
+      --gcs-directory-markers                               Upload an empty object with a trailing slash when a new directory is created
+      --gcs-encoding Encoding                               The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gcs-endpoint string                                 Endpoint for the service
+      --gcs-env-auth                                        Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --gcs-location string                                 Location for the newly created buckets
+      --gcs-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+      --gcs-object-acl string                               Access Control List for new objects
+      --gcs-project-number string                           Project number
+      --gcs-service-account-file string                     Service Account Credentials JSON file path
+      --gcs-storage-class string                            The storage class to use when storing objects in Google Cloud Storage
+      --gcs-token string                                    OAuth Access Token as a JSON blob
+      --gcs-token-url string                                Token server url
+      --gcs-user-project string                             User project
+      --gphotos-auth-url string                             Auth server URL
+      --gphotos-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --gphotos-batch-mode string                           Upload file batching sync|async|off (default "sync")
+      --gphotos-batch-size int                              Max number of files in upload batch
+      --gphotos-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --gphotos-client-id string                            OAuth Client Id
+      --gphotos-client-secret string                        OAuth Client Secret
+      --gphotos-encoding Encoding                           The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gphotos-include-archived                            Also view and download archived media
+      --gphotos-read-only                                   Set to make the Google Photos backend read only
+      --gphotos-read-size                                   Set to read the size of media items
+      --gphotos-start-year int                              Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
+      --gphotos-token string                                OAuth Access Token as a JSON blob
+      --gphotos-token-url string                            Token server url
+      --hasher-auto-size SizeSuffix                         Auto-update checksum for files smaller than this size (disabled by default)
+      --hasher-hashes CommaSepList                          Comma separated list of supported checksum types (default md5,sha1)
+      --hasher-max-age Duration                             Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
+      --hasher-remote string                                Remote to cache checksums for (e.g. myRemote:path)
+      --hdfs-data-transfer-protection string                Kerberos data transfer protection: authentication|integrity|privacy
+      --hdfs-encoding Encoding                              The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
+      --hdfs-namenode CommaSepList                          Hadoop name nodes and ports
+      --hdfs-service-principal-name string                  Kerberos service principal name for the namenode
+      --hdfs-username string                                Hadoop user name
+      --hidrive-auth-url string                             Auth server URL
+      --hidrive-chunk-size SizeSuffix                       Chunksize for chunked uploads (default 48Mi)
+      --hidrive-client-id string                            OAuth Client Id
+      --hidrive-client-secret string                        OAuth Client Secret
+      --hidrive-disable-fetching-member-count               Do not fetch number of objects in directories unless it is absolutely necessary
+      --hidrive-encoding Encoding                           The encoding for the backend (default Slash,Dot)
+      --hidrive-endpoint string                             Endpoint for the service (default "https://api.hidrive.strato.com/2.1")
+      --hidrive-root-prefix string                          The root/parent folder for all paths (default "/")
+      --hidrive-scope-access string                         Access permissions that rclone should use when requesting access from HiDrive (default "rw")
+      --hidrive-scope-role string                           User-level that rclone should use when requesting access from HiDrive (default "user")
+      --hidrive-token string                                OAuth Access Token as a JSON blob
+      --hidrive-token-url string                            Token server url
+      --hidrive-upload-concurrency int                      Concurrency for chunked uploads (default 4)
+      --hidrive-upload-cutoff SizeSuffix                    Cutoff/Threshold for chunked uploads (default 96Mi)
+      --http-headers CommaSepList                           Set HTTP headers for all transactions
+      --http-no-head                                        Don't use HEAD requests
+      --http-no-slash                                       Set this if the site doesn't end directories with /
+      --http-url string                                     URL of HTTP host to connect to
+      --imagekit-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket)
+      --imagekit-endpoint string                            You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-only-signed Restrict unsigned image URLs   If you have configured Restrict unsigned image URLs in your dashboard settings, set this to true
+      --imagekit-private-key string                         You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-public-key string                          You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-upload-tags string                         Tags to add to the uploaded files, e.g. "tag1,tag2"
+      --imagekit-versions                                   Include old versions in directory listings
+      --internetarchive-access-key-id string                IAS3 Access Key
+      --internetarchive-disable-checksum                    Don't ask the server to test against MD5 checksum calculated by rclone (default true)
+      --internetarchive-encoding Encoding                   The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
+      --internetarchive-endpoint string                     IAS3 Endpoint (default "https://s3.us.archive.org")
+      --internetarchive-front-endpoint string               Host of InternetArchive Frontend (default "https://archive.org")
+      --internetarchive-secret-access-key string            IAS3 Secret Key (password)
+      --internetarchive-wait-archive Duration               Timeout for waiting the server's processing tasks (specifically archive and book_op) to finish (default 0s)
+      --jottacloud-auth-url string                          Auth server URL
+      --jottacloud-client-id string                         OAuth Client Id
+      --jottacloud-client-secret string                     OAuth Client Secret
+      --jottacloud-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
+      --jottacloud-hard-delete                              Delete files permanently rather than putting them into the trash
+      --jottacloud-md5-memory-limit SizeSuffix              Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
+      --jottacloud-no-versions                              Avoid server side versioning by deleting files and recreating files instead of overwriting them
+      --jottacloud-token string                             OAuth Access Token as a JSON blob
+      --jottacloud-token-url string                         Token server url
+      --jottacloud-trashed-only                             Only show files that are in the trash
+      --jottacloud-upload-resume-limit SizeSuffix           Files bigger than this can be resumed if the upload fail's (default 10Mi)
+      --koofr-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --koofr-endpoint string                               The Koofr API endpoint to use
+      --koofr-mountid string                                Mount ID of the mount to use
+      --koofr-password string                               Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
+      --koofr-provider string                               Choose your storage provider
+      --koofr-setmtime                                      Does the backend support setting modification time (default true)
+      --koofr-user string                                   Your user name
+      --linkbox-token string                                Token from https://www.linkbox.to/admin/account
+  -l, --links                                               Translate symlinks to/from regular files with a '.rclonelink' extension
+      --local-case-insensitive                              Force the filesystem to report itself as case insensitive
+      --local-case-sensitive                                Force the filesystem to report itself as case sensitive
+      --local-encoding Encoding                             The encoding for the backend (default Slash,Dot)
+      --local-no-check-updated                              Don't check to see if the files change during upload
+      --local-no-preallocate                                Disable preallocation of disk space for transferred files
+      --local-no-set-modtime                                Disable setting modtime
+      --local-no-sparse                                     Disable sparse files for multi-thread downloads
+      --local-nounc                                         Disable UNC (long path names) conversion on Windows
+      --local-unicode-normalization                         Apply unicode NFC normalization to paths and filenames
+      --local-zero-size-links                               Assume the Stat size of links is zero (and read them instead) (deprecated)
+      --mailru-auth-url string                              Auth server URL
+      --mailru-check-hash                                   What should copy do if file checksum is mismatched or invalid (default true)
+      --mailru-client-id string                             OAuth Client Id
+      --mailru-client-secret string                         OAuth Client Secret
+      --mailru-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --mailru-pass string                                  Password (obscured)
+      --mailru-speedup-enable                               Skip full upload if there is another file with same data hash (default true)
+      --mailru-speedup-file-patterns string                 Comma separated list of file name patterns eligible for speedup (put by hash) (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
+      --mailru-speedup-max-disk SizeSuffix                  This option allows you to disable speedup (put by hash) for large files (default 3Gi)
+      --mailru-speedup-max-memory SizeSuffix                Files larger than the size given below will always be hashed on disk (default 32Mi)
+      --mailru-token string                                 OAuth Access Token as a JSON blob
+      --mailru-token-url string                             Token server url
+      --mailru-user string                                  User name (usually email)
+      --mega-debug                                          Output more debug from Mega
+      --mega-encoding Encoding                              The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --mega-hard-delete                                    Delete files permanently rather than putting them into the trash
+      --mega-pass string                                    Password (obscured)
+      --mega-use-https                                      Use HTTPS for transfers
+      --mega-user string                                    User name
+      --netstorage-account string                           Set the NetStorage account name
+      --netstorage-host string                              Domain+path of NetStorage host to connect to
+      --netstorage-protocol string                          Select between HTTP or HTTPS protocol (default "https")
+      --netstorage-secret string                            Set the NetStorage account secret/G2O key for authentication (obscured)
+  -x, --one-file-system                                     Don't cross filesystem boundaries (unix/macOS only)
+      --onedrive-access-scopes SpaceSepList                 Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
+      --onedrive-auth-url string                            Auth server URL
+      --onedrive-av-override                                Allows download of files the server thinks has a virus
+      --onedrive-chunk-size SizeSuffix                      Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
+      --onedrive-client-id string                           OAuth Client Id
+      --onedrive-client-secret string                       OAuth Client Secret
+      --onedrive-delta                                      If set rclone will use delta listing to implement recursive listings
+      --onedrive-drive-id string                            The ID of the drive to use
+      --onedrive-drive-type string                          The type of the drive (personal | business | documentLibrary)
+      --onedrive-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --onedrive-expose-onenote-files                       Set to make OneNote files show up in directory listings
+      --onedrive-hash-type string                           Specify the hash in use for the backend (default "auto")
+      --onedrive-link-password string                       Set the password for links created by the link command
+      --onedrive-link-scope string                          Set the scope of the links created by the link command (default "anonymous")
+      --onedrive-link-type string                           Set the type of the links created by the link command (default "view")
+      --onedrive-list-chunk int                             Size of listing chunk (default 1000)
+      --onedrive-no-versions                                Remove all versions on modifying operations
+      --onedrive-region string                              Choose national cloud region for OneDrive (default "global")
+      --onedrive-root-folder-id string                      ID of the root folder
+      --onedrive-server-side-across-configs                 Deprecated: use --server-side-across-configs instead
+      --onedrive-token string                               OAuth Access Token as a JSON blob
+      --onedrive-token-url string                           Token server url
+      --oos-attempt-resume-upload                           If true attempt to resume previously started multipart upload for the object
+      --oos-chunk-size SizeSuffix                           Chunk size to use for uploading (default 5Mi)
+      --oos-compartment string                              Object storage compartment OCID
+      --oos-config-file string                              Path to OCI config file (default "~/.oci/config")
+      --oos-config-profile string                           Profile name inside the oci config file (default "Default")
+      --oos-copy-cutoff SizeSuffix                          Cutoff for switching to multipart copy (default 4.656Gi)
+      --oos-copy-timeout Duration                           Timeout for copy (default 1m0s)
+      --oos-disable-checksum                                Don't store MD5 checksum with object metadata
+      --oos-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --oos-endpoint string                                 Endpoint for Object storage API
+      --oos-leave-parts-on-error                            If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery
+      --oos-max-upload-parts int                            Maximum number of parts in a multipart upload (default 10000)
+      --oos-namespace string                                Object storage namespace
+      --oos-no-check-bucket                                 If set, don't attempt to check the bucket exists or create it
+      --oos-provider string                                 Choose your Auth Provider (default "env_auth")
+      --oos-region string                                   Object storage Region
+      --oos-sse-customer-algorithm string                   If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm
+      --oos-sse-customer-key string                         To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+      --oos-sse-customer-key-file string                    To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+      --oos-sse-customer-key-sha256 string                  If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+      --oos-sse-kms-key-id string                           if using your own master key in vault, this header specifies the
+      --oos-storage-tier string                             The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default "Standard")
+      --oos-upload-concurrency int                          Concurrency for multipart uploads (default 10)
+      --oos-upload-cutoff SizeSuffix                        Cutoff for switching to chunked upload (default 200Mi)
+      --opendrive-chunk-size SizeSuffix                     Files will be uploaded in chunks this size (default 10Mi)
+      --opendrive-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
+      --opendrive-password string                           Password (obscured)
+      --opendrive-username string                           Username
+      --pcloud-auth-url string                              Auth server URL
+      --pcloud-client-id string                             OAuth Client Id
+      --pcloud-client-secret string                         OAuth Client Secret
+      --pcloud-encoding Encoding                            The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --pcloud-hostname string                              Hostname to connect to (default "api.pcloud.com")
+      --pcloud-password string                              Your pcloud password (obscured)
+      --pcloud-root-folder-id string                        Fill in for rclone to use a non root folder as its starting point (default "d0")
+      --pcloud-token string                                 OAuth Access Token as a JSON blob
+      --pcloud-token-url string                             Token server url
+      --pcloud-username string                              Your pcloud username
+      --pikpak-auth-url string                              Auth server URL
+      --pikpak-client-id string                             OAuth Client Id
+      --pikpak-client-secret string                         OAuth Client Secret
+      --pikpak-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --pikpak-hash-memory-limit SizeSuffix                 Files bigger than this will be cached on disk to calculate hash if required (default 10Mi)
+      --pikpak-pass string                                  Pikpak password (obscured)
+      --pikpak-root-folder-id string                        ID of the root folder
+      --pikpak-token string                                 OAuth Access Token as a JSON blob
+      --pikpak-token-url string                             Token server url
+      --pikpak-trashed-only                                 Only show files that are in the trash
+      --pikpak-use-trash                                    Send files to the trash instead of deleting permanently (default true)
+      --pikpak-user string                                  Pikpak username
+      --premiumizeme-auth-url string                        Auth server URL
+      --premiumizeme-client-id string                       OAuth Client Id
+      --premiumizeme-client-secret string                   OAuth Client Secret
+      --premiumizeme-encoding Encoding                      The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --premiumizeme-token string                           OAuth Access Token as a JSON blob
+      --premiumizeme-token-url string                       Token server url
+      --protondrive-2fa string                              The 2FA code
+      --protondrive-app-version string                      The app version string (default "macos-drive@1.0.0-alpha.1+rclone")
+      --protondrive-enable-caching                          Caches the files and folders metadata to reduce API calls (default true)
+      --protondrive-encoding Encoding                       The encoding for the backend (default Slash,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --protondrive-mailbox-password string                 The mailbox password of your two-password proton account (obscured)
+      --protondrive-original-file-size                      Return the file size before encryption (default true)
+      --protondrive-password string                         The password of your proton account (obscured)
+      --protondrive-replace-existing-draft                  Create a new revision when filename conflict is detected
+      --protondrive-username string                         The username of your proton account
+      --putio-auth-url string                               Auth server URL
+      --putio-client-id string                              OAuth Client Id
+      --putio-client-secret string                          OAuth Client Secret
+      --putio-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --putio-token string                                  OAuth Access Token as a JSON blob
+      --putio-token-url string                              Token server url
+      --qingstor-access-key-id string                       QingStor Access Key ID
+      --qingstor-chunk-size SizeSuffix                      Chunk size to use for uploading (default 4Mi)
+      --qingstor-connection-retries int                     Number of connection retries (default 3)
+      --qingstor-encoding Encoding                          The encoding for the backend (default Slash,Ctl,InvalidUtf8)
+      --qingstor-endpoint string                            Enter an endpoint URL to connection QingStor API
+      --qingstor-env-auth                                   Get QingStor credentials from runtime
+      --qingstor-secret-access-key string                   QingStor Secret Access Key (password)
+      --qingstor-upload-concurrency int                     Concurrency for multipart uploads (default 1)
+      --qingstor-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
+      --qingstor-zone string                                Zone to connect to
+      --quatrix-api-key string                              API key for accessing Quatrix account
+      --quatrix-effective-upload-time string                Wanted upload time for one chunk (default "4s")
+      --quatrix-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --quatrix-hard-delete                                 Delete files permanently rather than putting them into the trash
+      --quatrix-host string                                 Host name of Quatrix account
+      --quatrix-maximal-summary-chunk-size SizeSuffix       The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size' (default 95.367Mi)
+      --quatrix-minimal-chunk-size SizeSuffix               The minimal size for one chunk (default 9.537Mi)
+      --s3-access-key-id string                             AWS Access Key ID
+      --s3-acl string                                       Canned ACL used when creating buckets and storing or copying objects
+      --s3-bucket-acl string                                Canned ACL used when creating buckets
+      --s3-chunk-size SizeSuffix                            Chunk size to use for uploading (default 5Mi)
+      --s3-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4.656Gi)
+      --s3-decompress                                       If set this will decompress gzip encoded objects
+      --s3-directory-markers                                Upload an empty object with a trailing slash when a new directory is created
+      --s3-disable-checksum                                 Don't store MD5 checksum with object metadata
+      --s3-disable-http2                                    Disable usage of http2 for S3 backends
+      --s3-download-url string                              Custom endpoint for downloads
+      --s3-encoding Encoding                                The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --s3-endpoint string                                  Endpoint for S3 API
+      --s3-env-auth                                         Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
+      --s3-force-path-style                                 If true use path style access if false use virtual hosted style (default true)
+      --s3-leave-parts-on-error                             If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
+      --s3-list-chunk int                                   Size of listing chunk (response list for each ListObject S3 request) (default 1000)
+      --s3-list-url-encode Tristate                         Whether to url encode listings: true/false/unset (default unset)
+      --s3-list-version int                                 Version of ListObjects to use: 1,2 or 0 for auto
+      --s3-location-constraint string                       Location constraint - must be set to match the Region
+      --s3-max-upload-parts int                             Maximum number of parts in a multipart upload (default 10000)
+      --s3-might-gzip Tristate                              Set this if the backend might gzip objects (default unset)
+      --s3-no-check-bucket                                  If set, don't attempt to check the bucket exists or create it
+      --s3-no-head                                          If set, don't HEAD uploaded objects to check integrity
+      --s3-no-head-object                                   If set, do not do HEAD before GET when getting objects
+      --s3-no-system-metadata                               Suppress setting and reading of system metadata
+      --s3-profile string                                   Profile to use in the shared credentials file
+      --s3-provider string                                  Choose your S3 provider
+      --s3-region string                                    Region to connect to
+      --s3-requester-pays                                   Enables requester pays option when interacting with S3 bucket
+      --s3-secret-access-key string                         AWS Secret Access Key (password)
+      --s3-server-side-encryption string                    The server-side encryption algorithm used when storing this object in S3
+      --s3-session-token string                             An AWS session token
+      --s3-shared-credentials-file string                   Path to the shared credentials file
+      --s3-sse-customer-algorithm string                    If using SSE-C, the server-side encryption algorithm used when storing this object in S3
+      --s3-sse-customer-key string                          To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
+      --s3-sse-customer-key-base64 string                   If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
+      --s3-sse-customer-key-md5 string                      If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
+      --s3-sse-kms-key-id string                            If using KMS ID you must provide the ARN of Key
+      --s3-storage-class string                             The storage class to use when storing new objects in S3
+      --s3-sts-endpoint string                              Endpoint for STS
+      --s3-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --s3-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --s3-use-accelerate-endpoint                          If true use the AWS S3 accelerated endpoint
+      --s3-use-accept-encoding-gzip Accept-Encoding: gzip   Whether to send Accept-Encoding: gzip header (default unset)
+      --s3-use-already-exists Tristate                      Set if rclone should report BucketAlreadyExists errors on bucket creation (default unset)
+      --s3-use-multipart-etag Tristate                      Whether to use ETag in multipart uploads for verification (default unset)
+      --s3-use-multipart-uploads Tristate                   Set if rclone should use multipart uploads (default unset)
+      --s3-use-presigned-request                            Whether to use a presigned request or PutObject for single part uploads
+      --s3-v2-auth                                          If true use v2 authentication
+      --s3-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --s3-versions                                         Include old versions in directory listings
+      --seafile-2fa                                         Two-factor authentication ('true' if the account has 2FA enabled)
+      --seafile-create-library                              Should rclone create a library if it doesn't exist
+      --seafile-encoding Encoding                           The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
+      --seafile-library string                              Name of the library
+      --seafile-library-key string                          Library password (for encrypted libraries only) (obscured)
+      --seafile-pass string                                 Password (obscured)
+      --seafile-url string                                  URL of seafile host to connect to
+      --seafile-user string                                 User name (usually email address)
+      --sftp-ask-password                                   Allow asking for SFTP password when needed
+      --sftp-chunk-size SizeSuffix                          Upload and download chunk size (default 32Ki)
+      --sftp-ciphers SpaceSepList                           Space separated list of ciphers to be used for session encryption, ordered by preference
+      --sftp-concurrency int                                The maximum number of outstanding requests for one file (default 64)
+      --sftp-copy-is-hardlink                               Set to enable server side copies using hardlinks
+      --sftp-disable-concurrent-reads                       If set don't use concurrent reads
+      --sftp-disable-concurrent-writes                      If set don't use concurrent writes
+      --sftp-disable-hashcheck                              Disable the execution of SSH commands to determine if remote file hashing is available
+      --sftp-host string                                    SSH host to connect to
+      --sftp-host-key-algorithms SpaceSepList               Space separated list of host key algorithms, ordered by preference
+      --sftp-idle-timeout Duration                          Max time before closing idle connections (default 1m0s)
+      --sftp-key-exchange SpaceSepList                      Space separated list of key exchange algorithms, ordered by preference
+      --sftp-key-file string                                Path to PEM-encoded private key file
+      --sftp-key-file-pass string                           The passphrase to decrypt the PEM-encoded private key file (obscured)
+      --sftp-key-pem string                                 Raw PEM-encoded private key
+      --sftp-key-use-agent                                  When set forces the usage of the ssh-agent
+      --sftp-known-hosts-file string                        Optional path to known_hosts file
+      --sftp-macs SpaceSepList                              Space separated list of MACs (message authentication code) algorithms, ordered by preference
+      --sftp-md5sum-command string                          The command used to read md5 hashes
+      --sftp-pass string                                    SSH password, leave blank to use ssh-agent (obscured)
+      --sftp-path-override string                           Override path used by SSH shell commands
+      --sftp-port int                                       SSH port number (default 22)
+      --sftp-pubkey-file string                             Optional path to public key file
+      --sftp-server-command string                          Specifies the path or command to run a sftp server on the remote host
+      --sftp-set-env SpaceSepList                           Environment variables to pass to sftp and commands
+      --sftp-set-modtime                                    Set the modified time on the remote if set (default true)
+      --sftp-sha1sum-command string                         The command used to read sha1 hashes
+      --sftp-shell-type string                              The type of SSH shell on remote server, if any
+      --sftp-skip-links                                     Set to skip any symlinks and any other non regular files
+      --sftp-socks-proxy string                             Socks 5 proxy host
+      --sftp-ssh SpaceSepList                               Path and arguments to external ssh binary
+      --sftp-subsystem string                               Specifies the SSH2 subsystem on the remote host (default "sftp")
+      --sftp-use-fstat                                      If set use fstat instead of stat
+      --sftp-use-insecure-cipher                            Enable the use of insecure ciphers and key exchange methods
+      --sftp-user string                                    SSH username (default "$USER")
+      --sharefile-auth-url string                           Auth server URL
+      --sharefile-chunk-size SizeSuffix                     Upload chunk size (default 64Mi)
+      --sharefile-client-id string                          OAuth Client Id
+      --sharefile-client-secret string                      OAuth Client Secret
+      --sharefile-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --sharefile-endpoint string                           Endpoint for API calls
+      --sharefile-root-folder-id string                     ID of the root folder
+      --sharefile-token string                              OAuth Access Token as a JSON blob
+      --sharefile-token-url string                          Token server url
+      --sharefile-upload-cutoff SizeSuffix                  Cutoff for switching to multipart upload (default 128Mi)
+      --sia-api-password string                             Sia Daemon API Password (obscured)
+      --sia-api-url string                                  Sia daemon API URL, like http://sia.daemon.host:9980 (default "http://127.0.0.1:9980")
+      --sia-encoding Encoding                               The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
+      --sia-user-agent string                               Siad User Agent (default "Sia-Agent")
+      --skip-links                                          Don't warn about skipped symlinks
+      --smb-case-insensitive                                Whether the server is configured to be case-insensitive (default true)
+      --smb-domain string                                   Domain name for NTLM authentication (default "WORKGROUP")
+      --smb-encoding Encoding                               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --smb-hide-special-share                              Hide special shares (e.g. print$) which users aren't supposed to access (default true)
+      --smb-host string                                     SMB server hostname to connect to
+      --smb-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --smb-pass string                                     SMB password (obscured)
+      --smb-port int                                        SMB port number (default 445)
+      --smb-spn string                                      Service principal name
+      --smb-user string                                     SMB username (default "$USER")
+      --storj-access-grant string                           Access grant
+      --storj-api-key string                                API key
+      --storj-passphrase string                             Encryption passphrase
+      --storj-provider string                               Choose an authentication method (default "existing")
+      --storj-satellite-address string                      Satellite address (default "us1.storj.io")
+      --sugarsync-access-key-id string                      Sugarsync Access Key ID
+      --sugarsync-app-id string                             Sugarsync App ID
+      --sugarsync-authorization string                      Sugarsync authorization
+      --sugarsync-authorization-expiry string               Sugarsync authorization expiry
+      --sugarsync-deleted-id string                         Sugarsync deleted folder id
+      --sugarsync-encoding Encoding                         The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
+      --sugarsync-hard-delete                               Permanently delete files if true
+      --sugarsync-private-access-key string                 Sugarsync Private Access Key
+      --sugarsync-refresh-token string                      Sugarsync refresh token
+      --sugarsync-root-id string                            Sugarsync root id
+      --sugarsync-user string                               Sugarsync user
+      --swift-application-credential-id string              Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
+      --swift-application-credential-name string            Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
+      --swift-application-credential-secret string          Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
+      --swift-auth string                                   Authentication URL for server (OS_AUTH_URL)
+      --swift-auth-token string                             Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
+      --swift-auth-version int                              AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
+      --swift-chunk-size SizeSuffix                         Above this size files will be chunked into a _segments container (default 5Gi)
+      --swift-domain string                                 User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+      --swift-encoding Encoding                             The encoding for the backend (default Slash,InvalidUtf8)
+      --swift-endpoint-type string                          Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
+      --swift-env-auth                                      Get swift credentials from environment variables in standard OpenStack form
+      --swift-key string                                    API key or password (OS_PASSWORD)
+      --swift-leave-parts-on-error                          If true avoid calling abort upload on a failure
+      --swift-no-chunk                                      Don't chunk files during streaming upload
+      --swift-no-large-objects                              Disable support for static and dynamic large objects
+      --swift-region string                                 Region name - optional (OS_REGION_NAME)
+      --swift-storage-policy string                         The storage policy to use when creating a new container
+      --swift-storage-url string                            Storage URL - optional (OS_STORAGE_URL)
+      --swift-tenant string                                 Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
+      --swift-tenant-domain string                          Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
+      --swift-tenant-id string                              Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
+      --swift-user string                                   User name to log in (OS_USERNAME)
+      --swift-user-id string                                User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
+      --union-action-policy string                          Policy to choose upstream on ACTION category (default "epall")
+      --union-cache-time int                                Cache time of usage and free space (in seconds) (default 120)
+      --union-create-policy string                          Policy to choose upstream on CREATE category (default "epmfs")
+      --union-min-free-space SizeSuffix                     Minimum viable free space for lfs/eplfs policies (default 1Gi)
+      --union-search-policy string                          Policy to choose upstream on SEARCH category (default "ff")
+      --union-upstreams string                              List of space separated upstreams
+      --uptobox-access-token string                         Your access token
+      --uptobox-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
+      --uptobox-private                                     Set to make uploaded files private
+      --webdav-bearer-token string                          Bearer token instead of user/pass (e.g. a Macaroon)
+      --webdav-bearer-token-command string                  Command to run to get a bearer token
+      --webdav-encoding string                              The encoding for the backend
+      --webdav-headers CommaSepList                         Set HTTP headers for all transactions
+      --webdav-nextcloud-chunk-size SizeSuffix              Nextcloud upload chunk size (default 10Mi)
+      --webdav-pacer-min-sleep Duration                     Minimum time to sleep between API calls (default 10ms)
+      --webdav-pass string                                  Password (obscured)
+      --webdav-url string                                   URL of http host to connect to
+      --webdav-user string                                  User name
+      --webdav-vendor string                                Name of the WebDAV site/service/software you are using
+      --yandex-auth-url string                              Auth server URL
+      --yandex-client-id string                             OAuth Client Id
+      --yandex-client-secret string                         OAuth Client Secret
+      --yandex-encoding Encoding                            The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --yandex-hard-delete                                  Delete files permanently rather than putting them into the trash
+      --yandex-token string                                 OAuth Access Token as a JSON blob
+      --yandex-token-url string                             Token server url
+      --zoho-auth-url string                                Auth server URL
+      --zoho-client-id string                               OAuth Client Id
+      --zoho-client-secret string                           OAuth Client Secret
+      --zoho-encoding Encoding                              The encoding for the backend (default Del,Ctl,InvalidUtf8)
+      --zoho-region string                                  Zoho region to connect to
+      --zoho-token string                                   OAuth Access Token as a JSON blob
+      --zoho-token-url string                               Token server url
+```
+
+
diff --git a/docs/content/ftp.md b/docs/content/ftp.md
index 394ad8a4289b4..b00bb8accd939 100644
--- a/docs/content/ftp.md
+++ b/docs/content/ftp.md
@@ -415,6 +415,24 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --ftp-socks-proxy
+
+Socks 5 proxy host.
+		
+		Supports the format user:pass@host:port, user@host:port, host:port.
+		
+		Example:
+		
+			myUser:myPass@localhost:9005
+		
+
+Properties:
+
+- Config:      socks_proxy
+- Env Var:     RCLONE_FTP_SOCKS_PROXY
+- Type:        string
+- Required:    false
+
 #### --ftp-encoding
 
 The encoding for the backend.
@@ -425,7 +443,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_FTP_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Del,Ctl,RightSpace,Dot
 - Examples:
     - "Asterisk,Ctl,Dot,Slash"
@@ -468,7 +486,7 @@ at present.
 
 The `ftp_proxy` environment variable is not currently supported.
 
-#### Modified time
+### Modification times
 
 File modification time (timestamps) is supported to 1 second resolution
 for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP server.
diff --git a/docs/content/googlecloudstorage.md b/docs/content/googlecloudstorage.md
index 09254945678c8..561d536c5ee73 100644
--- a/docs/content/googlecloudstorage.md
+++ b/docs/content/googlecloudstorage.md
@@ -247,7 +247,7 @@ Eg `--header-upload "Content-Type text/potato"`
 Note that the last of these is for setting custom metadata in the form
 `--header-upload "x-goog-meta-key: value"`
 
-### Modification time
+### Modification times
 
 Google Cloud Storage stores md5sum natively.
 Google's [gsutil](https://cloud.google.com/storage/docs/gsutil) tool stores modification time
@@ -320,6 +320,19 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --gcs-user-project
+
+User project.
+
+Optional - needed only for requester pays.
+
+Properties:
+
+- Config:      user_project
+- Env Var:     RCLONE_GCS_USER_PROJECT
+- Type:        string
+- Required:    false
+
 #### --gcs-service-account-file
 
 Service Account Credentials JSON file path.
@@ -611,6 +624,21 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --gcs-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with "/", to persist the folder.
+
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_GCS_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
 #### --gcs-no-check-bucket
 
 If set, don't attempt to check the bucket exists or create it.
@@ -668,7 +696,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_GCS_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,CrLf,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/googlephotos.md b/docs/content/googlephotos.md
index e10b2a9fe09ef..76a9af6d6f35b 100644
--- a/docs/content/googlephotos.md
+++ b/docs/content/googlephotos.md
@@ -374,9 +374,93 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_GPHOTOS_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,CrLf,InvalidUtf8,Dot
 
+#### --gphotos-batch-mode
+
+Upload file batching sync|async|off.
+
+This sets the batch mode used by rclone.
+
+This has 3 possible values
+
+- off - no batching
+- sync - batch uploads and check completion (default)
+- async - batch upload and don't check completion
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+
+Properties:
+
+- Config:      batch_mode
+- Env Var:     RCLONE_GPHOTOS_BATCH_MODE
+- Type:        string
+- Default:     "sync"
+
+#### --gphotos-batch-size
+
+Max number of files in upload batch.
+
+This sets the batch size of files to upload. It has to be less than 50.
+
+By default this is 0 which means rclone which calculate the batch size
+depending on the setting of batch_mode.
+
+- batch_mode: async - default batch_size is 50
+- batch_mode: sync - default batch_size is the same as --transfers
+- batch_mode: off - not in use
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+Setting this is a great idea if you are uploading lots of small files
+as it will make them a lot quicker. You can use --transfers 32 to
+maximise throughput.
+
+
+Properties:
+
+- Config:      batch_size
+- Env Var:     RCLONE_GPHOTOS_BATCH_SIZE
+- Type:        int
+- Default:     0
+
+#### --gphotos-batch-timeout
+
+Max time to allow an idle upload batch before uploading.
+
+If an upload batch is idle for more than this long then it will be
+uploaded.
+
+The default for this is 0 which means rclone will choose a sensible
+default based on the batch_mode in use.
+
+- batch_mode: async - default batch_timeout is 10s
+- batch_mode: sync - default batch_timeout is 1s
+- batch_mode: off - not in use
+
+
+Properties:
+
+- Config:      batch_timeout
+- Env Var:     RCLONE_GPHOTOS_BATCH_TIMEOUT
+- Type:        Duration
+- Default:     0s
+
+#### --gphotos-batch-commit-timeout
+
+Max time to wait for a batch to finish committing
+
+Properties:
+
+- Config:      batch_commit_timeout
+- Env Var:     RCLONE_GPHOTOS_BATCH_COMMIT_TIMEOUT
+- Type:        Duration
+- Default:     10m0s
+
 {{< rem autogenerated options stop >}}
 
 ## Limitations
@@ -428,7 +512,7 @@ if you uploaded an image to `upload` then uploaded the same image to
 what it was uploaded with initially, not what you uploaded it with to
 `album`.  In practise this shouldn't cause too many problems.
 
-### Modified time
+### Modification times
 
 The date shown of media in Google Photos is the creation date as
 determined by the EXIF information, or the upload date if that is not
diff --git a/docs/content/hasher.md b/docs/content/hasher.md
index 324f2b85f694b..f2606fc0165a8 100644
--- a/docs/content/hasher.md
+++ b/docs/content/hasher.md
@@ -341,6 +341,6 @@ directory, usually `~/.cache/rclone/kv/`. Databases are maintained
 one per _base_ backend, named like `BaseRemote~hasher.bolt`.
 Checksums for multiple `alias`-es into a single base backend
 will be stored in the single database. All local paths are treated as
-aliases into the `local` backend (unless crypted or chunked) and stored
+aliases into the `local` backend (unless encrypted or chunked) and stored
 in `~/.cache/rclone/kv/local~hasher.bolt`.
 Databases can be shared between multiple rclone processes.
diff --git a/docs/content/hdfs.md b/docs/content/hdfs.md
index 701590e6078a0..6e85414c33c3c 100644
--- a/docs/content/hdfs.md
+++ b/docs/content/hdfs.md
@@ -126,7 +126,7 @@ username = root
 You can stop this image with `docker kill rclone-hdfs` (**NB** it does not use volumes, so all data
 uploaded will be lost.)
 
-### Modified time
+### Modification times
 
 Time accurate to 1 second is stored.
 
@@ -156,16 +156,16 @@ Here are the Standard options specific to hdfs (Hadoop distributed file system).
 
 #### --hdfs-namenode
 
-Hadoop name node and port.
+Hadoop name nodes and ports.
 
-E.g. "namenode:8020" to connect to host namenode at port 8020.
+E.g. "namenode-1:8020,namenode-2:8020,..." to connect to host namenodes at port 8020.
 
 Properties:
 
 - Config:      namenode
 - Env Var:     RCLONE_HDFS_NAMENODE
-- Type:        string
-- Required:    true
+- Type:        CommaSepList
+- Default:     
 
 #### --hdfs-username
 
@@ -205,9 +205,9 @@ Properties:
 Kerberos data transfer protection: authentication|integrity|privacy.
 
 Specifies whether or not authentication, data signature integrity
-checks, and wire encryption is required when communicating the the
-datanodes. Possible values are 'authentication', 'integrity' and
-'privacy'. Used only with KERBEROS enabled.
+checks, and wire encryption are required when communicating with
+the datanodes. Possible values are 'authentication', 'integrity'
+and 'privacy'. Used only with KERBEROS enabled.
 
 Properties:
 
@@ -229,7 +229,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_HDFS_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Colon,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/hidrive.md b/docs/content/hidrive.md
index 91e8ab29b6571..f48dcb8e9d9f0 100644
--- a/docs/content/hidrive.md
+++ b/docs/content/hidrive.md
@@ -123,7 +123,7 @@ Using
 
 the process is very similar to the process of initial setup exemplified before.
 
-### Modified time and hashes
+### Modification times and hashes
 
 HiDrive allows modification times to be set on objects accurate to 1 second.
 
@@ -415,7 +415,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_HIDRIVE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/http.md b/docs/content/http.md
index 06ae9cadacb28..0fa8ca0a18919 100644
--- a/docs/content/http.md
+++ b/docs/content/http.md
@@ -105,7 +105,7 @@ Sync the remote `directory` to `/home/local/directory`, deleting any excess file
 
 This remote is read only - you can't upload files to an HTTP server.
 
-### Modified time
+### Modification times
 
 Most HTTP servers store time accurate to 1 second.
 
@@ -212,6 +212,46 @@ Properties:
 - Type:        bool
 - Default:     false
 
+## Backend commands
+
+Here are the commands specific to the http backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](/rc/#backend-command).
+
+### set
+
+Set command for updating the config parameters.
+
+    rclone backend set remote: [options] [<arguments>+]
+
+This set command can be used to update the config parameters
+for a running http backend.
+
+Usage Examples:
+
+    rclone backend set remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: -o url=https://example.com
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the http backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn't return anything.
+
+
 {{< rem autogenerated options stop >}}
 
 ## Limitations
diff --git a/docs/content/imagekit.md b/docs/content/imagekit.md
new file mode 100644
index 0000000000000..c0ae147d2ea85
--- /dev/null
+++ b/docs/content/imagekit.md
@@ -0,0 +1,216 @@
+---
+title: "ImageKit"
+description: "Rclone docs for ImageKit backend."
+versionIntroduced: "v1.63"
+
+---
+# {{< icon "fa fa-cloud" >}} ImageKit
+This is a backend for the [ImageKit.io](https://imagekit.io/) storage service.
+
+#### About ImageKit
+[ImageKit.io](https://imagekit.io/)  provides real-time image and video optimizations, transformations, and CDN delivery. Over 1,000 businesses and 70,000 developers trust ImageKit with their images and videos on the web.
+
+
+#### Accounts & Pricing
+
+To use this backend, you need to [create an account](https://imagekit.io/registration/) on ImageKit. Start with a free plan with generous usage limits. Then, as your requirements grow, upgrade to a plan that best fits your needs. See [the pricing details](https://imagekit.io/plans).
+
+## Configuration
+
+Here is an example of making an imagekit configuration.
+
+Firstly create a [ImageKit.io](https://imagekit.io/) account and choose a plan.
+
+You will need to log in and get the `publicKey` and `privateKey` for your account from the developer section.
+
+Now run
+```
+rclone config
+```
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter the name for the new remote.
+name> imagekit-media-library
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / ImageKit.io
+\ (imagekit)
+[snip]
+Storage> imagekit
+  
+Option endpoint.
+You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+Enter a value.
+endpoint> https://ik.imagekit.io/imagekit_id  
+
+Option public_key.
+You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+Enter a value.
+public_key> public_****************************
+
+Option private_key.
+You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+Enter a value.
+private_key> private_****************************
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+
+Configuration complete.
+Options:
+- type: imagekit
+- endpoint: https://ik.imagekit.io/imagekit_id
+- public_key: public_****************************
+- private_key: private_****************************
+
+Keep this "imagekit-media-library" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+List directories in the top level of your Media Library
+```
+rclone lsd imagekit-media-library:
+```
+Make a new directory.
+```
+rclone mkdir imagekit-media-library:directory
+```
+List the contents of a directory.
+```
+rclone ls imagekit-media-library:directory
+```
+
+###   Modified time and hashes
+
+ImageKit does not support modification times or hashes yet.
+
+### Checksums
+
+No checksums are supported.
+
+{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/imagekit/imagekit.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to imagekit (ImageKit.io).
+
+#### --imagekit-endpoint
+
+You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_IMAGEKIT_ENDPOINT
+- Type:        string
+- Required:    true
+
+#### --imagekit-public-key
+
+You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+Properties:
+
+- Config:      public_key
+- Env Var:     RCLONE_IMAGEKIT_PUBLIC_KEY
+- Type:        string
+- Required:    true
+
+#### --imagekit-private-key
+
+You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
+Properties:
+
+- Config:      private_key
+- Env Var:     RCLONE_IMAGEKIT_PRIVATE_KEY
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to imagekit (ImageKit.io).
+
+#### --imagekit-only-signed
+
+If you have configured `Restrict unsigned image URLs` in your dashboard settings, set this to true.
+
+Properties:
+
+- Config:      only_signed
+- Env Var:     RCLONE_IMAGEKIT_ONLY_SIGNED
+- Type:        bool
+- Default:     false
+
+#### --imagekit-versions
+
+Include old versions in directory listings.
+
+Properties:
+
+- Config:      versions
+- Env Var:     RCLONE_IMAGEKIT_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --imagekit-upload-tags
+
+Tags to add to the uploaded files, e.g. "tag1,tag2".
+
+Properties:
+
+- Config:      upload_tags
+- Env Var:     RCLONE_IMAGEKIT_UPLOAD_TAGS
+- Type:        string
+- Required:    false
+
+#### --imagekit-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_IMAGEKIT_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+Here are the possible system metadata items for the imagekit backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| aws-tags | AI generated tags by AWS Rekognition associated with the image | string | tag1,tag2 | **Y** |
+| btime | Time of file birth (creation) read from Last-Modified header | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+| custom-coordinates | Custom coordinates of the file | string | 0,0,100,100 | **Y** |
+| file-type | Type of the file | string | image | **Y** |
+| google-tags | AI generated tags by Google Cloud Vision associated with the image | string | tag1,tag2 | **Y** |
+| has-alpha | Whether the image has alpha channel or not | bool |  | **Y** |
+| height | Height of the image or video in pixels | int |  | **Y** |
+| is-private-file | Whether the file is private or not | bool |  | **Y** |
+| size | Size of the object in bytes | int64 |  | **Y** |
+| tags | Tags associated with the file | string | tag1,tag2 | **Y** |
+| width | Width of the image or video in pixels | int |  | **Y** |
+
+See the [metadata](/docs/#metadata) docs for more info.
+
+{{< rem autogenerated options stop >}}
diff --git a/docs/content/install.md b/docs/content/install.md
index c17550c08c8e0..54b5480796291 100644
--- a/docs/content/install.md
+++ b/docs/content/install.md
@@ -22,6 +22,9 @@ run `rclone -h`.
 Already installed rclone can be easily updated to the latest version
 using the [rclone selfupdate](/commands/rclone_selfupdate/) command.
 
+See [the release signing docs](/release_signing/) for how to verify
+signatures on the release.
+
 ## Script installation
 
 To install rclone on Linux/macOS/BSD systems, run:
@@ -77,6 +80,19 @@ developers so it may be out of date. Its current version is as below.
 
 [![Homebrew package](https://repology.org/badge/version-for-repo/homebrew/rclone.svg)](https://repology.org/project/rclone/versions)
 
+### Installation with MacPorts (#macos-macports)
+
+On macOS, rclone can also be installed via [MacPorts](https://www.macports.org):
+
+    sudo port install rclone
+
+Note that this is a third party installer not controlled by the rclone
+developers so it may be out of date. Its current version is as below.
+
+[![MacPorts port](https://repology.org/badge/version-for-repo/macports/rclone.svg)](https://repology.org/project/rclone/versions)
+
+More information [here](https://ports.macports.org/port/rclone/).
+
 ### Precompiled binary, using curl {#macos-precompiled}
 
 To avoid problems with macOS gatekeeper enforcing the binary to be signed and
@@ -146,9 +162,14 @@ feature then you will need to install the third party utility
 
 [Winget](https://learn.microsoft.com/en-us/windows/package-manager/) comes pre-installed with the latest versions of Windows. If not, update the [App Installer](https://www.microsoft.com/p/app-installer/9nblggh4nns1) package from the Microsoft store.
 
+To install rclone
 ```
 winget install Rclone.Rclone
 ```
+To uninstall rclone
+```
+winget uninstall Rclone.Rclone --force
+```
 
 ### Chocolatey package manager {#windows-chocolatey}
 
@@ -258,10 +279,16 @@ Here are some commands tested on an Ubuntu 18.04.3 host:
 # config on host at ~/.config/rclone/rclone.conf
 # data on host at ~/data
 
+# add a remote interactively
+docker run --rm -it \
+    --volume ~/.config/rclone:/config/rclone \
+    --user $(id -u):$(id -g) \
+    rclone/rclone \
+    config
+
 # make sure the config is ok by listing the remotes
 docker run --rm \
     --volume ~/.config/rclone:/config/rclone \
-    --volume ~/data:/data:shared \
     --user $(id -u):$(id -g) \
     rclone/rclone \
     listremotes
@@ -279,11 +306,33 @@ docker run --rm \
 ls ~/data/mount
 kill %1
 ```
+## Snap installation {#snap}
+
+[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/rclone)
+
+Make sure you have [Snapd installed](https://snapcraft.io/docs/installing-snapd)
+
+```bash
+$ sudo snap install rclone
+```
+Due to the strict confinement of Snap, rclone snap cannot access real /home/$USER/.config/rclone directory, default config path is as below.
+
+- Default config directory:
+    - /home/$USER/snap/rclone/current/.config/rclone
+
+Note: Due to the strict confinement of Snap, `rclone mount` feature is `not` supported.
+
+If mounting is wanted, either install a precompiled binary or enable the relevant option when [installing from source](#source).
+
+Note that this is controlled by [community maintainer](https://github.com/boukendesho/rclone-snap) not the rclone developers so it may be out of date. Its current version is as below.
+
+[![rclone](https://snapcraft.io/rclone/badge.svg)](https://snapcraft.io/rclone)
+
 
 ## Source installation {#source}
 
 Make sure you have git and [Go](https://golang.org/) installed.
-Go version 1.17 or newer is required, latest release is recommended.
+Go version 1.18 or newer is required, the latest release is recommended.
 You can get it from your package manager, or download it from
 [golang.org/dl](https://golang.org/dl/). Then you can run the following:
 
@@ -317,26 +366,59 @@ port of GCC, e.g. by installing it in a [MSYS2](https://www.msys2.org)
 distribution (make sure you install it in the classic mingw64 subsystem, the
 ucrt64 version is not compatible).
 
-Additionally, on Windows, you must install the third party utility
-[WinFsp](https://winfsp.dev/), with the "Developer" feature selected.
+Additionally, to build with mount on Windows, you must install the third party
+utility [WinFsp](https://winfsp.dev/), with the "Developer" feature selected.
 If building with cgo, you must also set environment variable CPATH pointing to
 the fuse include directory within the WinFsp installation
 (normally `C:\Program Files (x86)\WinFsp\inc\fuse`).
 
-You may also add arguments `-ldflags -s` (with or without `-tags cmount`),
-to omit symbol table and debug information, making the executable file smaller,
-and `-trimpath` to remove references to local file system paths. This is how
-the official rclone releases are built.
+You may add arguments `-ldflags -s` to omit symbol table and debug information,
+making the executable file smaller, and `-trimpath` to remove references to
+local file system paths. The official rclone releases are built with both of these.
 
 ```
 go build -trimpath -ldflags -s -tags cmount
 ```
 
+If you want to customize the version string, as reported by
+the `rclone version` command, you can set one of the variables `fs.Version`,
+`fs.VersionTag` (to keep default suffix but customize the number),
+or `fs.VersionSuffix` (to keep default number but customize the suffix).
+This can be done from the build command, by adding to the `-ldflags`
+argument value as shown below.
+
+```
+go build -trimpath -ldflags "-s -X github.com/rclone/rclone/fs.Version=v9.9.9-test" -tags cmount
+```
+
+On Windows, the official executables also have the version information,
+as well as a file icon, embedded as binary resources. To get that with your
+own build you need to run the following command **before** the build command.
+It generates a Windows resource system object file, with extension .syso, e.g.
+`resource_windows_amd64.syso`, that will be automatically picked up by
+future build commands.
+
+```
+go run bin/resource_windows.go
+```
+
+The above command will generate a resource file containing version information
+based on the fs.Version variable in source at the time you run the command,
+which means if the value of this variable changes you need to re-run the
+command for it to be reflected in the version information. Also, if you
+override this version variable in the build command as described above, you
+need to do that also when generating the resource file, or else it will still
+use the value from the source.
+
+```
+go run bin/resource_windows.go -version v9.9.9-test
+```
+
 Instead of executing the `go build` command directly, you can run it via the
-Makefile. It changes the version number suffix from "-DEV" to "-beta" and
-appends commit details. It also copies the resulting rclone executable into
-your GOPATH bin folder (`$(go env GOPATH)/bin`, which corresponds to
-`~/go/bin/rclone` by default).
+Makefile. The default target changes the version suffix from "-DEV" to "-beta"
+followed by additional commit details, embeds version information binary resources
+on Windows, and copies the resulting rclone executable into your GOPATH bin folder
+(`$(go env GOPATH)/bin`, which corresponds to `~/go/bin/rclone` by default).
 
 ```
 make
@@ -349,32 +431,22 @@ make GOTAGS=cmount
 ```
 
 There are other make targets that can be used for more advanced builds,
-such as cross-compiling for all supported os/architectures, embedding
-icon and version info resources into windows executable, and packaging
+such as cross-compiling for all supported os/architectures, and packaging
 results into release artifacts.
 See [Makefile](https://github.com/rclone/rclone/blob/master/Makefile)
 and [cross-compile.go](https://github.com/rclone/rclone/blob/master/bin/cross-compile.go)
 for details.
 
-Another alternative is to download the source, build and install rclone in one
-operation, as a regular Go package. The source will be stored it in the Go
-module cache, and the resulting executable will be in your GOPATH bin folder
-(`$(go env GOPATH)/bin`, which corresponds to `~/go/bin/rclone` by default).
-
-With Go version 1.17 or newer:
+Another alternative method for source installation is to download the source,
+build and install rclone - all in one operation, as a regular Go package.
+The source will be stored it in the Go module cache, and the resulting
+executable will be in your GOPATH bin folder (`$(go env GOPATH)/bin`,
+which corresponds to `~/go/bin/rclone` by default).
 
 ```
 go install github.com/rclone/rclone@latest
 ```
 
-With Go versions older than 1.17 (do **not** use the `-u` flag, it causes Go to
-try to update the dependencies that rclone uses and sometimes these don't work
-with the current version):
-
-```
-go get github.com/rclone/rclone
-```
-
 ## Ansible installation {#ansible}
 
 This can be done with [Stefan Weichinger's ansible
@@ -536,7 +608,7 @@ It requires .NET Framework, but it is preinstalled on newer versions of Windows,
 also provides alternative standalone distributions which includes necessary runtime (.NET 5).
 WinSW is a command-line only utility, where you have to manually create an XML file with
 service configuration. This may be a drawback for some, but it can also be an advantage
-as it is easy to back up and re-use the configuration
+as it is easy to back up and reuse the configuration
 settings, without having go through manual steps in a GUI. One thing to note is that
 by default it does not restart the service on error, one have to explicit enable this
 in the configuration file (via the "onfailure" parameter).
diff --git a/docs/content/install.sh b/docs/content/install.sh
index 0adb744007efa..302882d824204 100755
--- a/docs/content/install.sh
+++ b/docs/content/install.sh
@@ -193,6 +193,8 @@ case "$OS" in
     exit 2
 esac
 
+#cleanup
+rm -rf "$tmp_dir"
 
 #update version variable post install
 version=$(rclone --version 2>>errors | head -n 1)
diff --git a/docs/content/internetarchive.md b/docs/content/internetarchive.md
index a2d5a4771d790..980c534a6f10a 100644
--- a/docs/content/internetarchive.md
+++ b/docs/content/internetarchive.md
@@ -260,7 +260,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_INTERNETARCHIVE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
 
 ### Metadata
diff --git a/docs/content/jottacloud.md b/docs/content/jottacloud.md
index 24bcda7e9e5ef..3ac1fc370b929 100644
--- a/docs/content/jottacloud.md
+++ b/docs/content/jottacloud.md
@@ -14,6 +14,8 @@ it also provides white-label solutions to different companies, such as:
   * Telia Sky (sky.telia.no)
 * Tele2
   * Tele2 Cloud (mittcloud.tele2.se)
+* Onlime
+  * Onlime Cloud Storage (onlime.dk)
 * Elkjøp (with subsidiaries):
   * Elkjøp Cloud (cloud.elkjop.no)
   * Elgiganten Sweden (cloud.elgiganten.se)
@@ -84,6 +86,18 @@ Tele2 Cloud customers as no support for creating a CLI token exists, and additio
 authentication flow where the username is generated internally. To setup rclone to use Tele2 Cloud,
 choose Tele2 Cloud authentication in the setup. The rest of the setup is identical to the default setup.
 
+### Onlime Cloud Storage authentication
+
+Onlime has sold access to Jottacloud proper, while providing localized support to Danish Customers, but
+have recently set up their own hosting, transferring their customers from Jottacloud servers to their
+own ones.
+
+This, of course, necessitates using their servers for authentication, but otherwise functionality and
+architecture seems equivalent to Jottacloud.
+
+To setup rclone to use Onlime Cloud Storage, choose Onlime Cloud authentication in the setup. The rest
+of the setup is identical to the default setup.
+
 ## Configuration
 
 Here is an example of how to make a remote called `remote` with the default setup.  First run:
@@ -127,6 +141,9 @@ Press Enter for the default (standard).
    / Tele2 Cloud authentication.
  4 | Use this if you are using Tele2 Cloud.
    \ (tele2)
+   / Onlime Cloud authentication.
+ 5 | Use this if you are using Onlime Cloud.
+   \ (onlime)
 config_type> 1
 Personal login token.
 Generate here: https://www.jottacloud.com/web/secure
@@ -216,7 +233,7 @@ them. Generally you should avoid these, unless you know what you are doing.
 
 ### --fast-list
 
-This remote supports `--fast-list` which allows you to use fewer
+This backend supports `--fast-list` which allows you to use fewer
 transactions in exchange for more memory. See the [rclone
 docs](/docs/#fast-list) for more details.
 
@@ -224,10 +241,11 @@ Note that the implementation in Jottacloud always uses only a single
 API request to get the entire list, so for large folders this could
 lead to long wait time before the first results are shown.
 
-Note also that with rclone version 1.58 and newer information about
-[MIME types](/overview/#mime-type) are not available when using `--fast-list`.
+Note also that with rclone version 1.58 and newer, information about
+[MIME types](/overview/#mime-type) and metadata item [utime](#metadata)
+are not available when using `--fast-list`.
 
-### Modified time and hashes
+### Modification times and hashes
 
 Jottacloud allows modification times to be set on objects accurate to 1
 second. These will be used to detect whether objects need syncing or
@@ -244,7 +262,7 @@ Small files will be cached in memory - see the
 [--jottacloud-md5-memory-limit](#jottacloud-md5-memory-limit) flag.
 When uploading from local disk the source checksum is always available,
 so this does not apply. Starting with rclone version 1.52 the same is
-true for crypted remotes (in older versions the crypt backend would not
+true for encrypted remotes (in older versions the crypt backend would not
 calculate hashes for uploads from local disk, so the Jottacloud
 backend had to do it as described above).
 
@@ -288,10 +306,77 @@ command which will display your usage limit (unless it is unlimited)
 and the current usage.
 
 {{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/jottacloud/jottacloud.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to jottacloud (Jottacloud).
+
+#### --jottacloud-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --jottacloud-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
 ### Advanced options
 
 Here are the Advanced options specific to jottacloud (Jottacloud).
 
+#### --jottacloud-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN
+- Type:        string
+- Required:    false
+
+#### --jottacloud-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_JOTTACLOUD_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --jottacloud-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN_URL
+- Type:        string
+- Required:    false
+
 #### --jottacloud-md5-memory-limit
 
 Files bigger than this will be cached on disk to calculate the MD5 if required.
@@ -359,9 +444,24 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_JOTTACLOUD_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
 
+### Metadata
+
+Jottacloud has limited support for metadata, currently an extended set of timestamps.
+
+Here are the possible system metadata items for the jottacloud backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation), read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| content-type | MIME type, also known as media type | string | text/plain | **Y** |
+| mtime | Time of last modification, read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| utime | Time of last upload, when current revision was created, generated by backend | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+
+See the [metadata](/docs/#metadata) docs for more info.
+
 {{< rem autogenerated options stop >}}
 
 ## Limitations
diff --git a/docs/content/koofr.md b/docs/content/koofr.md
index 6fbbbcabfaefd..3d161297f661d 100644
--- a/docs/content/koofr.md
+++ b/docs/content/koofr.md
@@ -171,34 +171,6 @@ Properties:
 - Type:        string
 - Required:    true
 
-#### --koofr-password
-
-Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).
-
-**NB** Input to this must be obscured - see [rclone obscure](/commands/rclone_obscure/).
-
-Properties:
-
-- Config:      password
-- Env Var:     RCLONE_KOOFR_PASSWORD
-- Provider:    digistorage
-- Type:        string
-- Required:    true
-
-#### --koofr-password
-
-Your password for rclone (generate one at your service's settings page).
-
-**NB** Input to this must be obscured - see [rclone obscure](/commands/rclone_obscure/).
-
-Properties:
-
-- Config:      password
-- Env Var:     RCLONE_KOOFR_PASSWORD
-- Provider:    other
-- Type:        string
-- Required:    true
-
 ### Advanced options
 
 Here are the Advanced options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
@@ -239,7 +211,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_KOOFR_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/linkbox.md b/docs/content/linkbox.md
new file mode 100644
index 0000000000000..4ea172b5e968c
--- /dev/null
+++ b/docs/content/linkbox.md
@@ -0,0 +1,76 @@
+---
+title: "Linkbox"
+description: "Rclone docs for Linkbox"
+versionIntroduced: "v1.65"
+---
+
+# {{< icon "fa fa-infinity" >}} Linkbox
+
+Linkbox is [a private cloud drive](https://linkbox.to/).
+
+## Configuration
+
+Here is an example of making a remote for Linkbox.
+
+First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter name for new remote.
+name> remote
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+XX / Linkbox
+   \ (linkbox)
+Storage> XX
+
+Option token.
+Token from https://www.linkbox.to/admin/account
+Enter a value.
+token> testFromCLToken
+
+Configuration complete.
+Options:
+- type: linkbox
+- token: XXXXXXXXXXX
+Keep this "linkbox" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+
+```
+
+{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/linkbox/linkbox.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to linkbox (Linkbox).
+
+#### --linkbox-token
+
+Token from https://www.linkbox.to/admin/account
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_LINKBOX_TOKEN
+- Type:        string
+- Required:    true
+
+{{< rem autogenerated options stop >}}
+
+## Limitations
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can't be used in JSON strings.
diff --git a/docs/content/local.md b/docs/content/local.md
index 42327a940d5b6..fec259cd73392 100644
--- a/docs/content/local.md
+++ b/docs/content/local.md
@@ -19,10 +19,10 @@ For consistencies sake one can also configure a remote of type
 rclone remote paths, e.g. `remote:path/to/wherever`, but it is probably
 easier not to.
 
-### Modified time ###
+### Modification times
 
-Rclone reads and writes the modified time using an accuracy determined by
-the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second
+Rclone reads and writes the modification times using an accuracy determined
+by the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second
 on OS X.
 
 ### Filenames ###
@@ -451,6 +451,11 @@ time we:
 - Only checksum the size that stat gave
 - Don't update the stat info for the file
 
+**NB** do not use this flag on a Windows Volume Shadow (VSS). For some
+unknown reason, files in a VSS sometimes show different sizes from the
+directory listing (where the initial stat value comes from on Windows)
+and when stat is called on them directly. Other copy tools always use
+the direct stat value and setting this flag will disable that.
 
 
 Properties:
@@ -561,7 +566,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_LOCAL_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Dot
 
 ### Metadata
diff --git a/docs/content/mailru.md b/docs/content/mailru.md
index c618b27f5205c..01de432f2a0c9 100644
--- a/docs/content/mailru.md
+++ b/docs/content/mailru.md
@@ -8,8 +8,6 @@ versionIntroduced: "v1.50"
 
 [Mail.ru Cloud](https://cloud.mail.ru/) is a cloud storage provided by a Russian internet company [Mail.Ru Group](https://mail.ru). The official desktop client is [Disk-O:](https://disk-o.cloud/en), available on Windows and Mac OS.
 
-Currently it is recommended to disable 2FA on Mail.ru accounts intended for rclone until it gets eventually implemented.
-
 ## Features highlights
 
 - Paths may be as deep as required, e.g. `remote:directory/subdirectory`
@@ -125,17 +123,15 @@ excess files in the path.
 
     rclone sync --interactive /home/local/directory remote:directory
 
-### Modified time
+### Modification times and hashes
 
 Files support a modification time attribute with up to 1 second precision.
 Directories do not have a modification time, which is shown as "Jan 1 1970".
 
-### Hash checksums
-
-Hash sums use a custom Mail.ru algorithm based on SHA1.
+File hashes are supported, with a custom Mail.ru algorithm based on SHA1.
 If file size is less than or equal to the SHA1 block size (20 bytes),
 its hash is simply its data right-padded with zero bytes.
-Hash sum of a larger file is computed as a SHA1 sum of the file data
+Hashes of a larger file is computed as a SHA1 of the file data
 bytes concatenated with a decimal representation of the data length.
 
 ### Emptying Trash
@@ -176,6 +172,32 @@ as they can't be used in JSON strings.
 
 Here are the Standard options specific to mailru (Mail.ru Cloud).
 
+#### --mailru-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_MAILRU_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --mailru-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_MAILRU_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
 #### --mailru-user
 
 User name (usually email).
@@ -234,6 +256,43 @@ Properties:
 
 Here are the Advanced options specific to mailru (Mail.ru Cloud).
 
+#### --mailru-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_MAILRU_TOKEN
+- Type:        string
+- Required:    false
+
+#### --mailru-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_MAILRU_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --mailru-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_MAILRU_TOKEN_URL
+- Type:        string
+- Required:    false
+
 #### --mailru-speedup-file-patterns
 
 Comma separated list of file name patterns eligible for speedup (put by hash).
@@ -350,7 +409,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_MAILRU_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/mega.md b/docs/content/mega.md
index 8326f1fcb5c3d..e553842c0c58a 100644
--- a/docs/content/mega.md
+++ b/docs/content/mega.md
@@ -82,7 +82,7 @@ To copy a local directory to an Mega directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes
+### Modification times and hashes
 
 Mega does not support modification times or hashes yet.
 
@@ -259,7 +259,7 @@ Use HTTPS for transfers.
 MEGA uses plain text HTTP connections by default.
 Some ISPs throttle HTTP connections, this causes transfers to become very slow.
 Enabling this will force MEGA to use HTTPS for all transfers.
-HTTPS is normally not necesary since all data is already encrypted anyway.
+HTTPS is normally not necessary since all data is already encrypted anyway.
 Enabling it will increase CPU usage and add network overhead.
 
 Properties:
@@ -279,11 +279,15 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_MEGA_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
 
+### Process `killed`
+
+On accounts with large files or something else, memory usage can significantly increase when executing list/sync instructions. When running on cloud providers (like AWS with EC2), check if the instance type has sufficient memory/CPU to execute the commands. Use the resource monitoring tools to inspect after sending the commands. Look [at this issue](https://forum.rclone.org/t/rclone-with-mega-appears-to-work-only-in-some-accounts/40233/4).
+
 ## Limitations
 
 This backend uses the [go-mega go library](https://github.com/t3rm1n4l/go-mega) which is an opensource
diff --git a/docs/content/memory.md b/docs/content/memory.md
index 843fc3cbd0270..783fc281594b1 100644
--- a/docs/content/memory.md
+++ b/docs/content/memory.md
@@ -54,7 +54,7 @@ testing or with an rclone server or rclone mount, e.g.
     rclone serve webdav :memory:
     rclone serve sftp :memory:
 
-### Modified time and hashes
+### Modification times and hashes
 
 The memory backend supports MD5 hashes and modification times accurate to 1 nS.
 
diff --git a/docs/content/onedrive.md b/docs/content/onedrive.md
index 8e65338e78562..e2ec8b0c2ce56 100644
--- a/docs/content/onedrive.md
+++ b/docs/content/onedrive.md
@@ -162,7 +162,7 @@ You may try to [verify you account](https://docs.microsoft.com/en-us/azure/activ
 Note: If you have a special region, you may need a different host in step 4 and 5. Here are [some hints](https://github.com/rclone/rclone/blob/bc23bf11db1c78c6ebbf8ea538fbebf7058b4176/backend/onedrive/onedrive.go#L86).
 
 
-### Modification time and hashes
+### Modification times and hashes
 
 OneDrive allows modification times to be set on objects accurate to 1
 second.  These will be used to detect whether objects need syncing or
@@ -183,6 +183,32 @@ your workflow.
 
 For all types of OneDrive you can use the `--checksum` flag.
 
+### --fast-list
+
+This remote supports `--fast-list` which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](/docs/#fast-list) for more details.
+
+This must be enabled with the `--onedrive-delta` flag (or `delta =
+true` in the config file) as it can cause performance degradation.
+
+It does this by using the delta listing facilities of OneDrive which
+returns all the files in the remote very efficiently. This is much
+more efficient than listing directories recursively and is Microsoft's
+recommended way of reading all the file information from a drive.
+
+This can be useful with `rclone mount` and [rclone rc vfs/refresh
+recursive=true](/rc/#vfs-refresh)) to very quickly fill the mount with
+information about all the files.
+
+The API used for the recursive listing (`ListR`) only supports listing
+from the root of the drive. This will become increasingly inefficient
+the further away you get from the root as rclone will have to discard
+files outside of the directory you are using.
+
+Some commands (like `rclone lsf -R`) will use `ListR` by default - you
+can turn this off with `--disable ListR` if you need to.
+
 ### Restricted filename characters
 
 In addition to the [default restricted characters set](/overview/#restricted-characters)
@@ -428,6 +454,8 @@ Properties:
 
 #### --onedrive-server-side-across-configs
 
+Deprecated: use --server-side-across-configs instead.
+
 Allow server-side operations (e.g. copy) to work across different onedrive configs.
 
 This will only work if you are copying between two OneDrive *Personal* drives AND
@@ -531,7 +559,7 @@ Properties:
 Specify the hash in use for the backend.
 
 This specifies the hash type in use. If set to "auto" it will use the
-default hash which is is QuickXorHash.
+default hash which is QuickXorHash.
 
 Before rclone 1.62 an SHA1 hash was used by default for Onedrive
 Personal. For 1.62 and later the default is to use a QuickXorHash for
@@ -568,6 +596,67 @@ Properties:
     - "none"
         - None - don't use any hashes
 
+#### --onedrive-av-override
+
+Allows download of files the server thinks has a virus.
+
+The onedrive/sharepoint server may check files uploaded with an Anti
+Virus checker. If it detects any potential viruses or malware it will
+block download of the file.
+
+In this case you will see a message like this
+
+    server reports this file is infected with a virus - use --onedrive-av-override to download anyway: Infected (name of virus): 403 Forbidden: 
+
+If you are 100% sure you want to download this file anyway then use
+the --onedrive-av-override flag, or av_override = true in the config
+file.
+
+
+Properties:
+
+- Config:      av_override
+- Env Var:     RCLONE_ONEDRIVE_AV_OVERRIDE
+- Type:        bool
+- Default:     false
+
+#### --onedrive-delta
+
+If set rclone will use delta listing to implement recursive listings.
+
+If this flag is set the the onedrive backend will advertise `ListR`
+support for recursive listings.
+
+Setting this flag speeds up these things greatly:
+
+    rclone lsf -R onedrive:
+    rclone size onedrive:
+    rclone rc vfs/refresh recursive=true
+
+**However** the delta listing API **only** works at the root of the
+drive. If you use it not at the root then it recurses from the root
+and discards all the data that is not under the directory you asked
+for. So it will be correct but may not be very efficient.
+
+This is why this flag is not set as the default.
+
+As a rule of thumb if nearly all of your data is under rclone's root
+directory (the `root/directory` in `onedrive:root/directory`) then
+using this flag will be be a big performance win. If your data is
+mostly not under the root then using this flag will be a big
+performance loss.
+
+It is recommended if you are mounting your onedrive at the root
+(or near the root when using crypt) and using rclone `rc vfs/refresh`.
+
+
+Properties:
+
+- Config:      delta
+- Env Var:     RCLONE_ONEDRIVE_DELTA
+- Type:        bool
+- Default:     false
+
 #### --onedrive-encoding
 
 The encoding for the backend.
@@ -578,7 +667,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_ONEDRIVE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/opendrive.md b/docs/content/opendrive.md
index 0758470a6631a..4cf82d77311db 100644
--- a/docs/content/opendrive.md
+++ b/docs/content/opendrive.md
@@ -64,12 +64,14 @@ To copy a local directory to an OpenDrive directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and MD5SUMs
+### Modification times and hashes
 
 OpenDrive allows modification times to be set on objects accurate to 1
 second. These will be used to detect whether objects need syncing or
 not.
 
+The MD5 hash algorithm is supported.
+
 ### Restricted filename characters
 
 | Character | Value | Replacement |
@@ -143,7 +145,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_OPENDRIVE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot
 
 #### --opendrive-chunk-size
diff --git a/docs/content/oracleobjectstorage.md b/docs/content/oracleobjectstorage.md
index 73cf1920dbb7e..a418ad8b30621 100644
--- a/docs/content/oracleobjectstorage.md
+++ b/docs/content/oracleobjectstorage.md
@@ -1,17 +1,22 @@
 ---
 title: "Oracle Object Storage"
 description: "Rclone docs for Oracle Object Storage"
+type: page
 versionIntroduced: "v1.60"
 ---
 
 # {{< icon "fa fa-cloud" >}} Oracle Object Storage
-[Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
-
-[Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
+- [Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
+- [Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
+- [Oracle Object Storage Limits](https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/oci-object-storage-best-practices.pdf)
 
 Paths are specified as `remote:bucket` (or `remote:` for the `lsd` command.)  You may put subdirectories in 
 too, e.g. `remote:bucket/path/to/dir`.
 
+Sample command to transfer local artifacts to remote:bucket in oracle object storage:
+
+`rclone -vvv  --progress --stats-one-line --max-stats-groups 10 --log-format date,time,UTC,longfile --fast-list --buffer-size 256Mi --oos-no-check-bucket --oos-upload-cutoff 10Mi --multi-thread-cutoff 16Mi --multi-thread-streams 3000 --transfers 3000 --checkers 64  --retries 2  --oos-chunk-size 10Mi --oos-upload-concurrency 10000  --oos-attempt-resume-upload --oos-leave-parts-on-error sync ./artifacts  remote:bucket -vv`
+
 ## Configuration
 
 Here is an example of making an oracle object storage configuration. `rclone config` walks you 
@@ -135,7 +140,7 @@ List the contents of a bucket
     rclone ls remote:bucket
     rclone ls remote:bucket --max-depth 1
 
-### OCI Authentication Provider 
+## Authentication Providers 
 
 OCI has various authentication methods. To learn more about authentication methods please refer [oci authentication 
 methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm) 
@@ -148,7 +153,8 @@ Rclone supports the following OCI authentication provider.
     Resource Principal
     No authentication
 
-#### Authentication provider choice: User Principal
+### User Principal
+
 Sample rclone config file for Authentication Provider User Principal:
 
     [oos]
@@ -168,7 +174,8 @@ Considerations:
 - Overhead of managing users and keys.
 - If the user is deleted, the config file will no longer work and may cause automation regressions that use the user's credentials.
 
-####  Authentication provider choice: Instance Principal
+###  Instance Principal
+
 An OCI compute instance can be authorized to use rclone by using it's identity and certificates as an instance principal. 
 With this approach no credentials have to be stored and managed.
 
@@ -197,7 +204,8 @@ Considerations:
 - Everyone who has access to this machine can execute the CLI commands.
 - It is applicable for oci compute instances only. It cannot be used on external instance or resources.
 
-#### Authentication provider choice: Resource Principal
+### Resource Principal
+
 Resource principal auth is very similar to instance principal auth but used for resources that are not 
 compute instances such as [serverless functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm). 
 To use resource principal ensure Rclone process is started with these environment variables set in its process.
@@ -216,7 +224,8 @@ Sample rclone configuration file for Authentication Provider Resource Principal:
     region = us-ashburn-1
     provider = resource_principal_auth
 
-#### Authentication provider choice: No authentication
+### No authentication
+
 Public buckets do not require any authentication mechanism to read objects.
 Sample rclone configuration file for No authentication:
     
@@ -227,10 +236,9 @@ Sample rclone configuration file for No authentication:
     region = us-ashburn-1
     provider = no_auth
 
-## Options
-### Modified time
+### Modification times and hashes
 
-The modified time is stored as metadata on the object as
+The modification time is stored as metadata on the object as
 `opc-meta-mtime` as floating point since the epoch, accurate to 1 ns.
 
 If the modification time needs to be updated rclone will attempt to perform a server
@@ -240,6 +248,8 @@ In the case the object is larger than 5Gb, the object will be uploaded rather th
 Note that reading this from the object takes an additional `HEAD` request as the metadata
 isn't returned in object listings.
 
+The MD5 hash algorithm is supported.
+
 ### Multipart uploads
 
 rclone supports multipart uploads with OOS which means that it can
@@ -419,9 +429,8 @@ Properties:
 Chunk size to use for uploading.
 
 When uploading files larger than upload_cutoff or files with unknown
-size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google
-photos or google docs) they will be uploaded as multipart uploads
-using this chunk size.
+size (e.g. from "rclone rcat" or uploaded with "rclone mount" they will be uploaded 
+as multipart uploads using this chunk size.
 
 Note that "upload_concurrency" chunks of this size are buffered
 in memory per transfer.
@@ -449,6 +458,26 @@ Properties:
 - Type:        SizeSuffix
 - Default:     5Mi
 
+#### --oos-max-upload-parts
+
+Maximum number of parts in a multipart upload.
+
+This option defines the maximum number of multipart chunks to use
+when doing a multipart upload.
+
+OCI has max parts limit of 10,000 chunks.
+
+Rclone will automatically increase the chunk size when uploading a
+large file of a known size to stay below this number of chunks limit.
+
+
+Properties:
+
+- Config:      max_upload_parts
+- Env Var:     RCLONE_OOS_MAX_UPLOAD_PARTS
+- Type:        int
+- Default:     10000
+
 #### --oos-upload-concurrency
 
 Concurrency for multipart uploads.
@@ -523,12 +552,12 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_OOS_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8,Dot
 
 #### --oos-leave-parts-on-error
 
-If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.
+If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
 
 It should be set to true for resuming uploads across different sessions.
 
@@ -543,6 +572,24 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --oos-attempt-resume-upload
+
+If true attempt to resume previously started multipart upload for the object.
+This will be helpful to speed up multipart transfers by resuming uploads from past session.
+
+WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is 
+aborted and a new multipart upload is started with the new chunk size.
+
+The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
+
+
+Properties:
+
+- Config:      attempt_resume_upload
+- Env Var:     RCLONE_OOS_ATTEMPT_RESUME_UPLOAD
+- Type:        bool
+- Default:     false
+
 #### --oos-no-check-bucket
 
 If set, don't attempt to check the bucket exists or create it.
@@ -611,7 +658,7 @@ Properties:
 
 #### --oos-sse-kms-key-id
 
-if using using your own master key in vault, this header specifies the 
+if using your own master key in vault, this header specifies the
 OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
 the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
 Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
@@ -725,3 +772,6 @@ Options:
 - "max-age": Max age of upload to delete
 
 {{< rem autogenerated options stop >}}
+
+## Tutorials
+### [Mounting Buckets](/oracleobjectstorage/tutorial_mount/)
diff --git a/docs/content/oracleobjectstorage/_index.md b/docs/content/oracleobjectstorage/_index.md
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/docs/content/oracleobjectstorage/tutorial_mount.md b/docs/content/oracleobjectstorage/tutorial_mount.md
new file mode 100644
index 0000000000000..85364d0aa9da2
--- /dev/null
+++ b/docs/content/oracleobjectstorage/tutorial_mount.md
@@ -0,0 +1,471 @@
+---
+title: "Oracle Object Storage Mount"
+description: "Oracle Object Storage mounting tutorial"
+slug: tutorial_mount
+url: /oracleobjectstorage/tutorial_mount/
+---
+# {{< icon "fa fa-cloud" >}} Mount Buckets and Expose via NFS Tutorial 
+This runbook shows how to [mount](/commands/rclone_mount/) *Oracle Object Storage* buckets as local file system in
+OCI compute Instance using rclone tool. 
+
+You will also learn how to export the rclone mounts as NFS mount, so that other NFS client can access them.
+
+Usage Pattern :
+
+NFS Client --> NFS Server --> RClone Mount --> OCI Object Storage
+
+## Step 1 : Install Rclone
+
+In oracle linux 8, Rclone can be installed from
+[OL8_Developer](https://yum.oracle.com/repo/OracleLinux/OL8/developer/x86_64/index.html) Yum Repo, Please enable the
+repo if not enabled already.
+
+```shell
+[opc@base-inst-boot ~]$ sudo yum-config-manager --enable ol8_developer
+[opc@base-inst-boot ~]$ sudo yum install -y rclone
+[opc@base-inst-boot ~]$ sudo yum install -y fuse
+# rclone will prefer fuse3 if available
+[opc@base-inst-boot ~]$ sudo yum install -y fuse3
+[opc@base-inst-boot ~]$ yum info rclone
+Last metadata expiration check: 0:01:58 ago on Fri 07 Apr 2023 05:53:43 PM GMT.
+Installed Packages
+Name                : rclone
+Version             : 1.62.2
+Release             : 1.0.1.el8
+Architecture        : x86_64
+Size                : 67 M
+Source              : rclone-1.62.2-1.0.1.el8.src.rpm
+Repository          : @System
+From repo           : ol8_developer
+Summary             : rsync for cloud storage
+URL                 : http://rclone.org/
+License             : MIT
+Description         : Rclone is a command line program to sync files and directories to and from various cloud services.  	
+```
+
+To run it as a mount helper you should symlink rclone binary to /sbin/mount.rclone and optionally /usr/bin/rclonefs,
+e.g. ln -s /usr/bin/rclone /sbin/mount.rclone. rclone will detect it and translate command-line arguments appropriately.
+
+```shell
+ln -s /usr/bin/rclone /sbin/mount.rclone
+```
+
+## Step 2: Setup Rclone Configuration file
+
+Let's assume you want to access 3 buckets from the oci compute instance using instance principal provider as means of
+authenticating with object storage service.
+
+- namespace-a, bucket-a,
+- namespace-b, bucket-b,
+- namespace-c, bucket-c
+
+Rclone configuration file needs to have 3 remote sections, one section of each of above 3 buckets. Create a
+configuration file in a accessible location that rclone program can read.
+
+```shell
+
+[opc@base-inst-boot ~]$ mkdir -p /etc/rclone
+[opc@base-inst-boot ~]$ sudo touch /etc/rclone/rclone.conf
+ 
+ 
+# add below contents to /etc/rclone/rclone.conf
+[opc@base-inst-boot ~]$ cat /etc/rclone/rclone.conf
+ 
+ 
+[ossa]
+type = oracleobjectstorage
+provider = instance_principal_auth
+namespace = namespace-a
+compartment = ocid1.compartment.oc1..aaaaaaaa...compartment-a
+region = us-ashburn-1
+ 
+[ossb]
+type = oracleobjectstorage
+provider = instance_principal_auth
+namespace = namespace-b
+compartment = ocid1.compartment.oc1..aaaaaaaa...compartment-b
+region = us-ashburn-1
+ 
+ 
+[ossc]
+type = oracleobjectstorage
+provider = instance_principal_auth
+namespace = namespace-c
+compartment = ocid1.compartment.oc1..aaaaaaaa...compartment-c
+region = us-ashburn-1
+ 
+# List remotes
+[opc@base-inst-boot ~]$ rclone --config /etc/rclone/rclone.conf listremotes
+ossa:
+ossb:
+ossc:
+ 
+# Now please ensure you do not see below errors while listing the bucket,
+# i.e you should fix the settings to see if namespace, compartment, bucket name are all correct. 
+# and you must have a dynamic group policy to allow the instance to use object-family in compartment.
+ 
+[opc@base-inst-boot ~]$ rclone --config /etc/rclone/rclone.conf ls ossa:
+2023/04/07 19:09:21 Failed to ls: Error returned by ObjectStorage Service. Http Status Code: 404. Error Code: NamespaceNotFound. Opc request id: iad-1:kVVAb0knsVXDvu9aHUGHRs3gSNBOFO2_334B6co82LrPMWo2lM5PuBKNxJOTmZsS. Message: You do not have authorization to perform this request, or the requested resource could not be found.
+Operation Name: ListBuckets
+Timestamp: 2023-04-07 19:09:21 +0000 GMT
+Client Version: Oracle-GoSDK/65.32.0
+Request Endpoint: GET https://objectstorage.us-ashburn-1.oraclecloud.com/n/namespace-a/b?compartmentId=ocid1.compartment.oc1..aaaaaaaa...compartment-a
+Troubleshooting Tips: See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_namespacenotfound for more information about resolving this error.
+Also see https://docs.oracle.com/iaas/api/#/en/objectstorage/20160918/Bucket/ListBuckets for details on this operation's requirements.
+To get more info on the failing request, you can set OCI_GO_SDK_DEBUG env var to info or higher level to log the request/response details.
+If you are unable to resolve this ObjectStorage issue, please contact Oracle support and provide them this full error message.
+[opc@base-inst-boot ~]$
+
+```
+
+## Step 3: Setup Dynamic Group and Add IAM Policy.
+Just like a human user has an identity identified by its USER-PRINCIPAL, every OCI compute instance is also a robotic
+user identified by its INSTANCE-PRINCIPAL. The instance principal key is automatically fetched by rclone/with-oci-sdk
+from instance-metadata to make calls to object storage.
+
+Similar to [user-group](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managinggroups.htm),
+[instance groups](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm)
+is known as dynamic-group in IAM.
+
+Create a dynamic group say rclone-dynamic-group that the oci compute instance becomes a member of the below group
+says all instances belonging to compartment a...c is member of this dynamic-group.
+
+```shell
+any {instance.compartment.id = '<compartment_ocid_a>', 
+     instance.compartment.id = '<compartment_ocid_b>', 
+     instance.compartment.id = '<compartment_ocid_c>'
+    }
+```
+
+Now that you have a dynamic group, you need to add a policy allowing what permissions this dynamic-group has.
+In our case, we want this dynamic-group to access object-storage. So create a policy now.
+
+```shell
+allow dynamic-group rclone-dynamic-group to manage object-family in compartment compartment-a
+allow dynamic-group rclone-dynamic-group to manage object-family in compartment compartment-b
+allow dynamic-group rclone-dynamic-group to manage object-family in compartment compartment-c
+```
+
+After you add the policy, now ensure the rclone can list files in your bucket, if not please troubleshoot any mistakes
+you did so far. Please note, identity can take upto a minute to ensure policy gets reflected.
+
+## Step 4: Setup Mount Folders
+Let's assume you have to mount 3 buckets, bucket-a, bucket-b, bucket-c at path /opt/mnt/bucket-a, /opt/mnt/bucket-b,
+/opt/mnt/bucket-c respectively.
+
+Create the mount folder and set its ownership to desired user, group.
+```shell
+[opc@base-inst-boot ~]$ sudo mkdir /opt/mnt
+[opc@base-inst-boot ~]$ sudo chown -R opc:adm /opt/mnt
+```
+
+Set chmod permissions to user, group, others as desired for each mount path
+```shell
+[opc@base-inst-boot ~]$ sudo chmod 764 /opt/mnt
+[opc@base-inst-boot ~]$ ls -al /opt/mnt/
+total 0
+drwxrw-r--. 2 opc adm 6 Apr 7 18:01 .
+drwxr-xr-x. 10 root root 179 Apr 7 18:01 ..
+
+[opc@base-inst-boot ~]$ mkdir -p /opt/mnt/bucket-a
+[opc@base-inst-boot ~]$ mkdir -p /opt/mnt/bucket-b
+[opc@base-inst-boot ~]$ mkdir -p /opt/mnt/bucket-c
+
+[opc@base-inst-boot ~]$ ls -al /opt/mnt
+total 0
+drwxrw-r--. 5 opc adm 54 Apr 7 18:17 .
+drwxr-xr-x. 10 root root 179 Apr 7 18:01 ..
+drwxrwxr-x. 2 opc opc 6 Apr 7 18:17 bucket-a
+drwxrwxr-x. 2 opc opc 6 Apr 7 18:17 bucket-b
+drwxrwxr-x. 2 opc opc 6 Apr 7 18:17 bucket-c
+```
+
+## Step 5: Identify Rclone mount CLI configuration settings to use.
+Please read through this [rclone mount](https://rclone.org/commands/rclone_mount/) page completely to really
+understand the mount and its flags, what is rclone
+[virtual file system](https://rclone.org/commands/rclone_mount/#vfs-virtual-file-system) mode settings and
+how to effectively use them for desired Read/Write consistencies.
+
+Local File systems expect things to be 100% reliable, whereas cloud storage systems are a long way from 100% reliable.
+Object storage can throw several errors like 429, 503, 404 etc. The rclone sync/copy commands cope with this with
+lots of retries. However rclone mount can't use retries in the same way without making local copies of the uploads.
+Please Look at the VFS File Caching for solutions to make mount more reliable.
+
+First lets understand the rclone mount flags and some global flags for troubleshooting.
+
+```shell
+
+rclone mount \
+    ossa:bucket-a \                     # Remote:bucket-name
+    /opt/mnt/bucket-a \                 # Local mount folder
+    --config /etc/rclone/rclone.conf \  # Path to rclone config file
+    --allow-non-empty \                 # Allow mounting over a non-empty directory
+    --dir-perms 0770 \                  # Directory permissions (default 0777)
+    --file-perms 0660 \                 # File permissions (default 0666)
+    --allow-other \                     # Allow access to other users
+    --umask 0117  \                     # sets (660) rw-rw---- as permissions for the mount using the umask
+    --transfers 8 \                     # default 4, can be set to adjust the number of parallel uploads of modified files to remote from the cache
+    --tpslimit 50  \                    # Limit HTTP transactions per second to this. A transaction is roughly defined as an API call;
+                                        # its exact meaning will depend on the backend. For HTTP based backends it is an HTTP PUT/GET/POST/etc and its response
+    --cache-dir /tmp/rclone/cache       # Directory rclone will use for caching.
+    --dir-cache-time 5m \               # Time to cache directory entries for (default 5m0s)
+    --vfs-cache-mode writes \           # Cache mode off|minimal|writes|full (default off), writes gives the maximum compatibility like a local disk
+    --vfs-cache-max-age 20m \           # Max age of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size 10G \          # Max total size of objects in the cache (default off)
+    --vfs-cache-poll-interval 1m \      # Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back 5s   \             # Time to writeback files after last use when using cache (default 5s). 
+                                        # Note that files are written back to the remote only when they are closed and
+                                        # if they haven't been accessed for --vfs-write-back seconds. If rclone is quit or
+                                        # dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
+    --vfs-fast-fingerprint              # Use fast (less accurate) fingerprints for change detection.    
+    --log-level ERROR \                            # log level, can be DEBUG, INFO, ERROR
+    --log-file /var/log/rclone/oosa-bucket-a.log   # rclone application log
+    
+```
+
+### --vfs-cache-mode writes
+
+In this mode files opened for read only are still read directly from the remote, write only and read/write files are
+buffered to disk first. This mode should support all normal file system operations. If an upload fails it will be
+retried at exponentially increasing intervals up to 1 minute.
+
+VFS cache mode of writes is recommended, so that application can have maximum compatibility of using remote storage
+as a local disk, when write is finished, file is closed, it is uploaded to backend remote after vfs-write-back duration
+has elapsed. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone
+is run with the same flags.
+
+### --tpslimit float
+
+Limit transactions per second to this number. Default is 0 which is used to mean unlimited transactions per second.
+
+A transaction is roughly defined as an API call; its exact meaning will depend on the backend. For HTTP based backends
+it is an HTTP PUT/GET/POST/etc and its response. For FTP/SFTP it is a round trip transaction over TCP.
+
+For example, to limit rclone to 10 transactions per second use --tpslimit 10, or to 1 transaction every 2 seconds
+use --tpslimit 0.5.
+
+Use this when the number of transactions per second from rclone is causing a problem with the cloud storage
+provider (e.g. getting you banned or rate limited or throttled).
+
+This can be very useful for rclone mount to control the behaviour of applications using it. Let's guess and say Object
+storage allows roughly 100 tps per tenant, so to be on safe side, it will be wise to set this at 50. (tune it to actuals per
+region)
+
+### --vfs-fast-fingerprint
+
+If you use the --vfs-fast-fingerprint flag then rclone will not include the slow operations in the fingerprint. This
+makes the fingerprinting less accurate but much faster and will improve the opening time of cached files. If you are
+running a vfs cache over local, s3, object storage or swift backends then using this flag is recommended.
+
+Various parts of the VFS use fingerprinting to see if a local file copy has changed relative to a remote file.
+Fingerprints are made from:
+- size
+- modification time
+- hash
+  where available on an object.
+
+
+## Step 6: Mounting Options, Use Any one option
+
+### Step 6a: Run as a Service Daemon: Configure FSTAB entry for Rclone mount
+Add this entry in /etc/fstab :
+```shell
+ossa:bucket-a /opt/mnt/bucket-a rclone rw,umask=0117,nofail,_netdev,args2env,config=/etc/rclone/rclone.conf,uid=1000,gid=4,
+file_perms=0760,dir_perms=0760,allow_other,vfs_cache_mode=writes,cache_dir=/tmp/rclone/cache 0 0
+```
+IMPORTANT: Please note in fstab entry arguments are specified as underscore instead of dash,
+example: vfs_cache_mode=writes instead of vfs-cache-mode=writes
+Rclone in the mount helper mode will split -o argument(s) by comma, replace _ by - and prepend -- to
+get the command-line flags. Options containing commas or spaces can be wrapped in single or double quotes.
+Any inner quotes inside outer quotes of the same type should be doubled.
+
+
+then run sudo mount -av
+```shell
+
+[opc@base-inst-boot ~]$ sudo mount -av
+/                    : ignored
+/boot                : already mounted
+/boot/efi            : already mounted
+/var/oled            : already mounted
+/dev/shm             : already mounted
+none                 : ignored
+/opt/mnt/bucket-a    : already mounted   # This is the bucket mounted information, running mount -av again and again is idempotent.
+
+```
+
+## Step 6b: Run as a Service Daemon: Configure systemd entry for Rclone mount
+
+If you are familiar with configuring systemd unit files, you can also configure the each rclone mount into a
+systemd units file.
+various examples in git search: https://github.com/search?l=Shell&q=rclone+unit&type=Code
+```shell
+tee "/etc/systemd/system/rclonebucketa.service" > /dev/null <<EOF
+[Unit]
+Description=RCloneMounting
+After=multi-user.target
+[Service]
+Type=simple
+User=0
+Group=0
+ExecStart=/bin/bash /etc/rclone/scripts/bucket-a.sh
+ExecStop=/bin/fusermount -uz /opt/mnt/bucket-a
+TimeoutStopSec=20
+KillMode=process
+RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+## Step 7: Optional: Mount Nanny, for resiliency, recover from process crash.
+Sometimes, rclone process crashes and the mount points are left in dangling state where its mounted but the rclone
+mount process is gone. To clean up the mount point you can force unmount by running this command.
+```shell
+sudo fusermount -uz /opt/mnt/bucket-a
+```
+One can also run a rclone_mount_nanny script, which detects and cleans up mount errors by unmounting and
+then auto-mounting.
+
+Content of /etc/rclone/scripts/rclone_nanny_script.sh
+```shell
+
+#!/bin/bash
+erroneous_list=$(df 2>&1 | grep -i 'Transport endpoint is not connected' | awk '{print ""$2"" }' | tr -d \:)
+rclone_list=$(findmnt -t fuse.rclone -n 2>&1 | awk '{print ""$1"" }' | tr -d \:)
+IFS=$'\n'; set -f
+intersection=$(comm -12 <(printf '%s\n' "$erroneous_list" | sort) <(printf '%s\n' "$rclone_list" | sort))
+for directory in $intersection
+do
+    echo "$directory is being fixed."
+    sudo fusermount -uz "$directory"
+done
+sudo mount -av
+
+```
+Script to idempotently add a Cron job to babysit the mount paths every 5 minutes
+```shell
+echo "Creating rclone nanny cron job."
+croncmd="/etc/rclone/scripts/rclone_nanny_script.sh"
+cronjob="*/5 * * * * $croncmd"
+# idempotency - adds rclone_nanny cronjob only if absent.
+( crontab -l | grep -v -F "$croncmd" || : ; echo "$cronjob" ) | crontab -
+echo "Finished creating rclone nanny cron job."
+```
+
+Ensure the crontab is added, so that above nanny script runs every 5 minutes.
+```shell
+[opc@base-inst-boot ~]$ sudo crontab -l
+*/5 * * * * /etc/rclone/scripts/rclone_nanny_script.sh
+[opc@base-inst-boot ~]$  
+```
+
+## Step 8: Optional: Setup NFS server to access the mount points of rclone
+
+Let's say you want to make the rclone mount path /opt/mnt/bucket-a available as a NFS server export so that other
+clients can access it by using a NFS client.
+
+### Step 8a : Setup NFS server
+
+Install NFS Utils
+```shell
+sudo yum install -y nfs-utils
+```
+
+Export the desired directory via NFS Server in the same machine where rclone has mounted to, ensure NFS service has
+desired permissions to read the directory. If it runs as root, then it will have permissions for sure, but if it runs
+as separate user then ensure that user has necessary desired privileges.
+```shell
+# this gives opc user and adm (administrators group) ownership to the path, so any user belonging to adm group will be able to access the files.
+[opc@tools ~]$ sudo chown -R opc:adm /opt/mnt/bucket-a/
+[opc@tools ~]$ sudo chmod 764 /opt/mnt/bucket-a/
+ 
+# Not export the mount path of rclone for exposing via nfs server
+# There are various nfs export options that you should keep per desired usage.
+# Syntax is
+# <path> <allowed-ipaddr>(<option>)
+[opc@tools ~]$ cat /etc/exports
+/opt/mnt/bucket-a *(fsid=1,rw)
+ 
+ 
+# Restart NFS server
+[opc@tools ~]$ sudo systemctl restart nfs-server
+ 
+ 
+# Show Export paths
+[opc@tools ~]$ showmount -e
+Export list for tools:
+/opt/mnt/bucket-a *
+ 
+# Know the port NFS server is running as, in this case it's listening on port 2049
+[opc@tools ~]$ sudo rpcinfo -p | grep nfs
+100003 3 tcp 2049 nfs
+100003 4 tcp 2049 nfs
+100227 3 tcp 2049 nfs_acl
+ 
+# Allow NFS service via firewall
+[opc@tools ~]$ sudo firewall-cmd --add-service=nfs --permanent
+Warning: ALREADY_ENABLED: nfs
+success
+[opc@tools ~]$ sudo firewall-cmd --reload
+success
+[opc@tools ~]$
+ 
+# Check status of NFS service
+[opc@tools ~]$ sudo systemctl status nfs-server.service
+● nfs-server.service - NFS server and services
+   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
+   Active: active (exited) since Wed 2023-04-19 17:59:58 GMT; 13min ago
+  Process: 2833741 ExecStopPost=/usr/sbin/exportfs -f (code=exited, status=0/SUCCESS)
+  Process: 2833740 ExecStopPost=/usr/sbin/exportfs -au (code=exited, status=0/SUCCESS)
+  Process: 2833737 ExecStop=/usr/sbin/rpc.nfsd 0 (code=exited, status=0/SUCCESS)
+  Process: 2833766 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exit>
+  Process: 2833756 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
+  Process: 2833754 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
+ Main PID: 2833766 (code=exited, status=0/SUCCESS)
+    Tasks: 0 (limit: 48514)
+   Memory: 0B
+   CGroup: /system.slice/nfs-server.service
+ 
+Apr 19 17:59:58 tools systemd[1]: Starting NFS server and services...
+Apr 19 17:59:58 tools systemd[1]: Started NFS server and services.  
+```
+
+### Step 8b : Setup NFS client
+
+Now to connect to the NFS server from a different client machine, ensure the client machine can reach to nfs server machine over tcp port 2049, ensure your subnet network acls allow from desired source IP ranges to destination:2049 port.
+
+In the client machine Mount the external NFS
+
+```shell
+# Install nfs-utils
+[opc@base-inst-boot ~]$ sudo yum install -y nfs-utils
+ 
+# In /etc/fstab, add the below entry
+[opc@base-inst-boot ~]$ cat /etc/fstab | grep nfs
+<ProvideYourIPAddress>:/opt/mnt/bucket-a /opt/mnt/buckert-a nfs rw 0 0
+ 
+# remount so that newly added path gets mounted.
+[opc@base-inst-boot ~]$ sudo mount -av
+/ : ignored
+/boot : already mounted
+/boot/efi : already mounted
+/var/oled : already mounted
+/dev/shm : already mounted
+/home/opc/share_drive/bucketa: already mounted
+/opt/mnt/bucket-a: successfully mounted # this is the NFS mount
+```
+
+### Step 8c : Test Connection
+
+```shell
+# List files to test connection
+[opc@base-inst-boot ~]$ ls -al /opt/mnt/bucket-a
+total 1
+drw-rw----. 1 opc adm 0 Apr 18 17:28 .
+drwxrw-r--. 7 opc adm 85 Apr 18 17:36 ..
+drw-rw----. 1 opc adm 0 Apr 18 17:29 FILES
+-rw-rw----. 1 opc adm 15 Apr 18 18:13 nfs.txt
+```
+
+
diff --git a/docs/content/overview.md b/docs/content/overview.md
index bee55abd414fe..7a05c39122539 100644
--- a/docs/content/overview.md
+++ b/docs/content/overview.md
@@ -14,52 +14,55 @@ show through.
 
 Here is an overview of the major features of each cloud storage system.
 
-| Name                         | Hash             | ModTime | Case Insensitive | Duplicate Files | MIME Type | Metadata |
-| ---------------------------- |:----------------:|:-------:|:----------------:|:---------------:|:---------:|:--------:|
-| 1Fichier                     | Whirlpool        | -       | No               | Yes             | R         | -        |
-| Akamai Netstorage            | MD5, SHA256      | R/W     | No               | No              | R         | -        |
-| Amazon Drive                 | MD5              | -       | Yes              | No              | R         | -        |
-| Amazon S3 (or S3 compatible) | MD5              | R/W     | No               | No              | R/W       | RWU      |
-| Backblaze B2                 | SHA1             | R/W     | No               | No              | R/W       | -        |
-| Box                          | SHA1             | R/W     | Yes              | No              | -         | -        |
-| Citrix ShareFile             | MD5              | R/W     | Yes              | No              | -         | -        |
-| Dropbox                      | DBHASH ¹         | R       | Yes              | No              | -         | -        |
-| Enterprise File Fabric       | -                | R/W     | Yes              | No              | R/W       | -        |
-| FTP                          | -                | R/W ¹⁰  | No               | No              | -         | -        |
-| Google Cloud Storage         | MD5              | R/W     | No               | No              | R/W       | -        |
-| Google Drive                 | MD5              | R/W     | No               | Yes             | R/W       | -        |
-| Google Photos                | -                | -       | No               | Yes             | R         | -        |
-| HDFS                         | -                | R/W     | No               | No              | -         | -        |
-| HiDrive                      | HiDrive ¹²       | R/W     | No               | No              | -         | -        |
-| HTTP                         | -                | R       | No               | No              | R         | -        |
-| Internet Archive             | MD5, SHA1, CRC32 | R/W ¹¹  | No               | No              | -         | RWU      |
-| Jottacloud                   | MD5              | R/W     | Yes              | No              | R         | -        |
-| Koofr                        | MD5              | -       | Yes              | No              | -         | -        |
-| Mail.ru Cloud                | Mailru ⁶         | R/W     | Yes              | No              | -         | -        |
-| Mega                         | -                | -       | No               | Yes             | -         | -        |
-| Memory                       | MD5              | R/W     | No               | No              | -         | -        |
-| Microsoft Azure Blob Storage | MD5              | R/W     | No               | No              | R/W       | -        |
-| Microsoft OneDrive           | QuickXorHash ⁵   | R/W     | Yes              | No              | R         | -        |
-| OpenDrive                    | MD5              | R/W     | Yes              | Partial ⁸       | -         | -        |
-| OpenStack Swift              | MD5              | R/W     | No               | No              | R/W       | -        |
-| Oracle Object Storage        | MD5              | R/W     | No               | No              | R/W       | -        |
-| pCloud                       | MD5, SHA1 ⁷      | R       | No               | No              | W         | -        |
-| premiumize.me                | -                | -       | Yes              | No              | R         | -        |
-| put.io                       | CRC-32           | R/W     | No               | Yes             | R         | -        |
-| QingStor                     | MD5              | - ⁹     | No               | No              | R/W       | -        |
-| Seafile                      | -                | -       | No               | No              | -         | -        |
-| SFTP                         | MD5, SHA1 ²      | R/W     | Depends          | No              | -         | -        |
-| Sia                          | -                | -       | No               | No              | -         | -        |
-| SMB                          | -                | -       | Yes              | No              | -         | -        |
-| SugarSync                    | -                | -       | No               | No              | -         | -        |
-| Storj                        | -                | R       | No               | No              | -         | -        |
-| Uptobox                      | -                | -       | No               | Yes             | -         | -        |
-| WebDAV                       | MD5, SHA1 ³      | R ⁴     | Depends          | No              | -         | -        |
-| Yandex Disk                  | MD5              | R/W     | No               | No              | R         | -        |
-| Zoho WorkDrive               | -                | -       | No               | No              | -         | -        |
-| The local filesystem         | All              | R/W     | Depends          | No              | -         | RWU      |
-
-### Notes
+| Name                         | Hash              | ModTime | Case Insensitive | Duplicate Files | MIME Type | Metadata |
+| ---------------------------- |:-----------------:|:-------:|:----------------:|:---------------:|:---------:|:--------:|
+| 1Fichier                     | Whirlpool         | -       | No               | Yes             | R         | -        |
+| Akamai Netstorage            | MD5, SHA256       | R/W     | No               | No              | R         | -        |
+| Amazon Drive                 | MD5               | -       | Yes              | No              | R         | -        |
+| Amazon S3 (or S3 compatible) | MD5               | R/W     | No               | No              | R/W       | RWU      |
+| Backblaze B2                 | SHA1              | R/W     | No               | No              | R/W       | -        |
+| Box                          | SHA1              | R/W     | Yes              | No              | -         | -        |
+| Citrix ShareFile             | MD5               | R/W     | Yes              | No              | -         | -        |
+| Dropbox                      | DBHASH ¹          | R       | Yes              | No              | -         | -        |
+| Enterprise File Fabric       | -                 | R/W     | Yes              | No              | R/W       | -        |
+| FTP                          | -                 | R/W ¹⁰  | No               | No              | -         | -        |
+| Google Cloud Storage         | MD5               | R/W     | No               | No              | R/W       | -        |
+| Google Drive                 | MD5, SHA1, SHA256 | R/W     | No               | Yes             | R/W       | -        |
+| Google Photos                | -                 | -       | No               | Yes             | R         | -        |
+| HDFS                         | -                 | R/W     | No               | No              | -         | -        |
+| HiDrive                      | HiDrive ¹²        | R/W     | No               | No              | -         | -        |
+| HTTP                         | -                 | R       | No               | No              | R         | -        |
+| Internet Archive             | MD5, SHA1, CRC32  | R/W ¹¹  | No               | No              | -         | RWU      |
+| Jottacloud                   | MD5               | R/W     | Yes              | No              | R         | RW       |
+| Koofr                        | MD5               | -       | Yes              | No              | -         | -        |
+| Linkbox                      | -                 | R       | No               | No              | -         | -        |
+| Mail.ru Cloud                | Mailru ⁶          | R/W     | Yes              | No              | -         | -        |
+| Mega                         | -                 | -       | No               | Yes             | -         | -        |
+| Memory                       | MD5               | R/W     | No               | No              | -         | -        |
+| Microsoft Azure Blob Storage | MD5               | R/W     | No               | No              | R/W       | -        |
+| Microsoft Azure Files Storage | MD5              | R/W     | Yes              | No              | R/W       | -        |
+| Microsoft OneDrive           | QuickXorHash ⁵    | R/W     | Yes              | No              | R         | -        |
+| OpenDrive                    | MD5               | R/W     | Yes              | Partial ⁸       | -         | -        |
+| OpenStack Swift              | MD5               | R/W     | No               | No              | R/W       | -        |
+| Oracle Object Storage        | MD5               | R/W     | No               | No              | R/W       | -        |
+| pCloud                       | MD5, SHA1 ⁷       | R       | No               | No              | W         | -        |
+| PikPak                       | MD5               | R       | No               | No              | R         | -        |
+| premiumize.me                | -                 | -       | Yes              | No              | R         | -        |
+| put.io                       | CRC-32            | R/W     | No               | Yes             | R         | -        |
+| Proton Drive                 | SHA1              | R/W     | No               | No              | R         | -        |
+| QingStor                     | MD5               | - ⁹     | No               | No              | R/W       | -        |
+| Quatrix by Maytech           | -                 | R/W     | No               | No              | -         | -        |
+| Seafile                      | -                 | -       | No               | No              | -         | -        |
+| SFTP                         | MD5, SHA1 ²       | R/W     | Depends          | No              | -         | -        |
+| Sia                          | -                 | -       | No               | No              | -         | -        |
+| SMB                          | -                 | R/W     | Yes              | No              | -         | -        |
+| SugarSync                    | -                 | -       | No               | No              | -         | -        |
+| Storj                        | -                 | R       | No               | No              | -         | -        |
+| Uptobox                      | -                 | -       | No               | Yes             | -         | -        |
+| WebDAV                       | MD5, SHA1 ³       | R ⁴     | Depends          | No              | -         | -        |
+| Yandex Disk                  | MD5               | R/W     | No               | No              | R         | -        |
+| Zoho WorkDrive               | -                 | -       | No               | No              | -         | -        |
+| The local filesystem         | All               | R/W     | Depends          | No              | -         | RWU      |
 
 ¹ Dropbox supports [its own custom
 hash](https://www.dropbox.com/developers/reference/content-hash).
@@ -68,9 +71,9 @@ This is an SHA256 sum of all the 4 MiB block SHA256s.
 ² SFTP supports checksums if the same login has shell access and
 `md5sum` or `sha1sum` as well as `echo` are in the remote's PATH.
 
-³ WebDAV supports hashes when used with Owncloud and Nextcloud only.
+³ WebDAV supports hashes when used with Fastmail Files, Owncloud and Nextcloud only.
 
-⁴ WebDAV supports modtimes when used with Owncloud and Nextcloud only.
+⁴ WebDAV supports modtimes when used with Fastmail Files, Owncloud and Nextcloud only.
 
 ⁵ [QuickXorHash](https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash) is Microsoft's own hash.
 
@@ -87,7 +90,7 @@ mistake or an unsupported feature.
 ⁹ QingStor does not support SetModTime for objects bigger than 5 GiB.
 
 ¹⁰ FTP supports modtimes for the major FTP servers, and also others
-if they advertised required protocol extensions. See [this](/ftp/#modified-time)
+if they advertised required protocol extensions. See [this](/ftp/#modification-times)
 for more details.
 
 ¹¹ Internet Archive requires option `wait_archive` to be set to a non-zero value
@@ -464,64 +467,72 @@ See [the metadata docs](/docs/#metadata) for more info.
 All rclone remotes support a base command set. Other features depend
 upon backend-specific capabilities.
 
-| Name                         | Purge | Copy | Move | DirMove | CleanUp | ListR | StreamUpload | LinkSharing  | About | EmptyDir |
-| ---------------------------- |:-----:|:----:|:----:|:-------:|:-------:|:-----:|:------------:|:------------:|:-----:|:--------:|
-| 1Fichier                     | No    | Yes  | Yes  | No      | No      | No    | No           | Yes          | No    | Yes      |
-| Akamai Netstorage            | Yes   | No   | No   | No      | No      | Yes   | Yes          | No           | No    | Yes      |
-| Amazon Drive                 | Yes   | No   | Yes  | Yes     | No      | No    | No           | No           | No    | Yes      |
-| Amazon S3 (or S3 compatible) | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes          | No    | No       |
-| Backblaze B2                 | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes          | No    | No       |
-| Box                          | Yes   | Yes  | Yes  | Yes     | Yes ‡‡  | No    | Yes          | Yes          | Yes   | Yes      |
-| Citrix ShareFile             | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| Dropbox                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes          | Yes   | Yes      |
-| Enterprise File Fabric       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No           | No    | Yes      |
-| FTP                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| Google Cloud Storage         | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | No           | No    | No       |
-| Google Drive                 | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | Yes          | Yes   | Yes      |
-| Google Photos                | No    | No   | No   | No      | No      | No    | No           | No           | No    | No       |
-| HDFS                         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | No           | Yes   | Yes      |
-| HiDrive                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| HTTP                         | No    | No   | No   | No      | No      | No    | No           | No           | No    | Yes      |
-| Internet Archive             | No    | Yes  | No   | No      | Yes     | Yes   | No           | Yes          | Yes   | No       |
-| Jottacloud                   | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | No           | Yes          | Yes   | Yes      |
-| Koofr                        | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes          | Yes   | Yes      |
-| Mail.ru Cloud                | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| Mega                         | Yes   | No   | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| Memory                       | No    | Yes  | No   | No      | No      | Yes   | Yes          | No           | No    | No       |
-| Microsoft Azure Blob Storage | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | No           | No    | No       |
-| Microsoft OneDrive           | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| OpenDrive                    | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No           | No    | Yes      |
-| OpenStack Swift              | Yes † | Yes  | No   | No      | No      | Yes   | Yes          | No           | Yes   | No       |
-| Oracle Object Storage        | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | No           | No    | No       |
-| pCloud                       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | Yes          | Yes   | Yes      |
-| premiumize.me                | Yes   | No   | Yes  | Yes     | No      | No    | No           | Yes          | Yes   | Yes      |
-| put.io                       | Yes   | No   | Yes  | Yes     | Yes     | No    | Yes          | No           | Yes   | Yes      |
-| QingStor                     | No    | Yes  | No   | No      | Yes     | Yes   | No           | No           | No    | No       |
-| Seafile                      | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | Yes          | Yes   | Yes      |
-| SFTP                         | No    | No   | Yes  | Yes     | No      | No    | Yes          | No           | Yes   | Yes      |
-| Sia                          | No    | No   | No   | No      | No      | No    | Yes          | No           | No    | Yes      |
-| SMB                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | No           | No    | Yes      |
-| SugarSync                    | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes          | No    | Yes      |
-| Storj                        | Yes ☨ | Yes  | Yes  | No      | No      | Yes   | Yes          | Yes          | No    | No       |
-| Uptobox                      | No    | Yes  | Yes  | Yes     | No      | No    | No           | No           | No    | No       |
-| WebDAV                       | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes ‡        | No           | Yes   | Yes      |
-| Yandex Disk                  | Yes   | Yes  | Yes  | Yes     | Yes     | No    | Yes          | Yes          | Yes   | Yes      |
-| Zoho WorkDrive               | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No           | Yes   | Yes      |
-| The local filesystem         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | No           | Yes   | Yes      |
+| Name                         | Purge | Copy | Move | DirMove | CleanUp | ListR | StreamUpload | MultithreadUpload | LinkSharing  | About | EmptyDir |
+| ---------------------------- |:-----:|:----:|:----:|:-------:|:-------:|:-----:|:------------:|:------------------|:------------:|:-----:|:--------:|
+| 1Fichier                     | No    | Yes  | Yes  | No      | No      | No    | No           | No                | Yes          | No    | Yes      |
+| Akamai Netstorage            | Yes   | No   | No   | No      | No      | Yes   | Yes          | No                | No           | No    | Yes      |
+| Amazon Drive                 | Yes   | No   | Yes  | Yes     | No      | No    | No           | No                | No           | No    | Yes      |
+| Amazon S3 (or S3 compatible) | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes               | Yes          | No    | No       |
+| Backblaze B2                 | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes               | Yes          | No    | No       |
+| Box                          | Yes   | Yes  | Yes  | Yes     | Yes     | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Citrix ShareFile             | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | No    | Yes      |
+| Dropbox                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Enterprise File Fabric       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | No           | No    | Yes      |
+| FTP                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | No                | No           | No    | Yes      |
+| Google Cloud Storage         | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | No                | No           | No    | No       |
+| Google Drive                 | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | No                | Yes          | Yes   | Yes      |
+| Google Photos                | No    | No   | No   | No      | No      | No    | No           | No                | No           | No    | No       |
+| HDFS                         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | No                | No           | Yes   | Yes      |
+| HiDrive                      | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | No           | No    | Yes      |
+| HTTP                         | No    | No   | No   | No      | No      | No    | No           | No                | No           | No    | Yes      |
+| Internet Archive             | No    | Yes  | No   | No      | Yes     | Yes   | No           | No                | Yes          | Yes   | No       |
+| Jottacloud                   | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | No           | No                | Yes          | Yes   | Yes      |
+| Koofr                        | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Mail.ru Cloud                | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| Mega                         | Yes   | No   | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| Memory                       | No    | Yes  | No   | No      | No      | Yes   | Yes          | No                | No           | No    | No       |
+| Microsoft Azure Blob Storage | Yes   | Yes  | No   | No      | No      | Yes   | Yes          | Yes               | No           | No    | No       |
+| Microsoft Azure Files Storage | No   | Yes  | Yes  | Yes     | No      | No    | Yes          | Yes               | No           | Yes   | Yes      |
+| Microsoft OneDrive           | Yes   | Yes  | Yes  | Yes     | Yes     | Yes ⁵ | No           | No                | Yes          | Yes   | Yes      |
+| OpenDrive                    | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | No    | Yes      |
+| OpenStack Swift              | Yes ¹ | Yes  | No   | No      | No      | Yes   | Yes          | No                | No           | Yes   | No       |
+| Oracle Object Storage        | No    | Yes  | No   | No      | Yes     | Yes   | Yes          | Yes               | No           | No    | No       |
+| pCloud                       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| PikPak                       | Yes   | Yes  | Yes  | Yes     | Yes     | No    | No           | No                | Yes          | Yes   | Yes      |
+| premiumize.me                | Yes   | No   | Yes  | Yes     | No      | No    | No           | No                | Yes          | Yes   | Yes      |
+| put.io                       | Yes   | No   | Yes  | Yes     | Yes     | No    | Yes          | No                | No           | Yes   | Yes      |
+| Proton Drive                 | Yes   | No   | Yes  | Yes     | Yes     | No    | No           | No                | No           | Yes   | Yes      |
+| QingStor                     | No    | Yes  | No   | No      | Yes     | Yes   | No           | No                | No           | No    | No       |
+| Quatrix by Maytech           | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | Yes   | Yes      |
+| Seafile                      | Yes   | Yes  | Yes  | Yes     | Yes     | Yes   | Yes          | No                | Yes          | Yes   | Yes      |
+| SFTP                         | No    | Yes ⁴| Yes  | Yes     | No      | No    | Yes          | No                | No           | Yes   | Yes      |
+| Sia                          | No    | No   | No   | No      | No      | No    | Yes          | No                | No           | No    | Yes      |
+| SMB                          | No    | No   | Yes  | Yes     | No      | No    | Yes          | Yes               | No           | No    | Yes      |
+| SugarSync                    | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes          | No                | Yes          | No    | Yes      |
+| Storj                        | Yes ² | Yes  | Yes  | No      | No      | Yes   | Yes          | No                | Yes          | No    | No       |
+| Uptobox                      | No    | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | No    | No       |
+| WebDAV                       | Yes   | Yes  | Yes  | Yes     | No      | No    | Yes ³        | No                | No           | Yes   | Yes      |
+| Yandex Disk                  | Yes   | Yes  | Yes  | Yes     | Yes     | No    | Yes          | No                | Yes          | Yes   | Yes      |
+| Zoho WorkDrive               | Yes   | Yes  | Yes  | Yes     | No      | No    | No           | No                | No           | Yes   | Yes      |
+| The local filesystem         | Yes   | No   | Yes  | Yes     | No      | No    | Yes          | Yes               | No           | Yes   | Yes      |
+
+¹ Note Swift implements this in order to delete directory markers but
+it doesn't actually have a quicker way of deleting files other than
+deleting them individually.
 
-### Purge ###
+² Storj implements this efficiently only for entire buckets. If
+purging a directory inside a bucket, files are deleted individually.
 
-This deletes a directory quicker than just deleting all the files in
-the directory.
+³ StreamUpload is not supported with Nextcloud
 
-† Note Swift implements this in order to delete directory markers but
-they don't actually have a quicker way of deleting files other than
-deleting them individually.
+⁴ Use the `--sftp-copy-is-hardlink` flag to enable.
 
-☨ Storj implements this efficiently only for entire buckets. If
-purging a directory inside a bucket, files are deleted individually.
+⁵ Use the `--onedrive-delta` flag to enable.
 
-‡ StreamUpload is not supported with Nextcloud
+### Purge ###
+
+This deletes a directory quicker than just deleting all the files in
+the directory.
 
 ### Copy ###
 
@@ -571,6 +582,12 @@ Some remotes allow files to be uploaded without knowing the file size
 in advance. This allows certain operations to work without spooling the
 file to local disk first, e.g. `rclone rcat`.
 
+### MultithreadUpload ###
+
+Some remotes allow transfers to the remote to be sent as chunks in
+parallel. If this is supported then rclone will use multi-thread
+copying to transfer files much faster.
+
 ### LinkSharing ###
 
 Sets the necessary permissions on a file or folder and prints a link
diff --git a/docs/content/pcloud.md b/docs/content/pcloud.md
index bbf06a1415a27..cb1b0ba368778 100644
--- a/docs/content/pcloud.md
+++ b/docs/content/pcloud.md
@@ -86,7 +86,7 @@ To copy a local directory to a pCloud directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes ###
+### Modification times and hashes
 
 pCloud allows modification times to be set on objects accurate to 1
 second.  These will be used to detect whether objects need syncing or
@@ -225,7 +225,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_PCLOUD_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 #### --pcloud-root-folder-id
diff --git a/docs/content/pikpak.md b/docs/content/pikpak.md
new file mode 100644
index 0000000000000..472e14fd14c29
--- /dev/null
+++ b/docs/content/pikpak.md
@@ -0,0 +1,313 @@
+---
+title: "PikPak"
+description: "Rclone docs for PikPak"
+versionIntroduced: "v1.62"
+---
+
+# {{< icon "fa fa-cloud" >}} PikPak
+
+PikPak is [a private cloud drive](https://mypikpak.com/).
+
+Paths are specified as `remote:path`, and may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configuration
+
+Here is an example of making a remote for PikPak.
+
+First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter name for new remote.
+name> remote
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+XX / PikPak
+   \ (pikpak)
+Storage> XX
+
+Option user.
+Pikpak username.
+Enter a value.
+user> USERNAME
+
+Option pass.
+Pikpak password.
+Choose an alternative below.
+y) Yes, type in my own password
+g) Generate random password
+y/g> y
+Enter the password:
+password:
+Confirm the password:
+password:
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> 
+
+Configuration complete.
+Options:
+- type: pikpak
+- user: USERNAME
+- pass: *** ENCRYPTED ***
+- token: {"access_token":"eyJ...","token_type":"Bearer","refresh_token":"os...","expiry":"2023-01-26T18:54:32.170582647+09:00"}
+Keep this "remote" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+### Modification times and hashes
+
+PikPak keeps modification times on objects, and updates them when uploading objects,
+but it does not support changing only the modification time
+
+The MD5 hash algorithm is supported.
+
+{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/pikpak/pikpak.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to pikpak (PikPak).
+
+#### --pikpak-user
+
+Pikpak username.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_PIKPAK_USER
+- Type:        string
+- Required:    true
+
+#### --pikpak-pass
+
+Pikpak password.
+
+**NB** Input to this must be obscured - see [rclone obscure](/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_PIKPAK_PASS
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to pikpak (PikPak).
+
+#### --pikpak-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PIKPAK_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PIKPAK_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --pikpak-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PIKPAK_TOKEN
+- Type:        string
+- Required:    false
+
+#### --pikpak-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PIKPAK_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PIKPAK_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-root-folder-id
+
+ID of the root folder.
+Leave blank normally.
+
+Fill in for rclone to use a non root folder as its starting point.
+
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_PIKPAK_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-use-trash
+
+Send files to the trash instead of deleting permanently.
+
+Defaults to true, namely sending files to the trash.
+Use `--pikpak-use-trash=false` to delete files permanently instead.
+
+Properties:
+
+- Config:      use_trash
+- Env Var:     RCLONE_PIKPAK_USE_TRASH
+- Type:        bool
+- Default:     true
+
+#### --pikpak-trashed-only
+
+Only show files that are in the trash.
+
+This will show trashed files in their original directory structure.
+
+Properties:
+
+- Config:      trashed_only
+- Env Var:     RCLONE_PIKPAK_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --pikpak-hash-memory-limit
+
+Files bigger than this will be cached on disk to calculate hash if required.
+
+Properties:
+
+- Config:      hash_memory_limit
+- Env Var:     RCLONE_PIKPAK_HASH_MEMORY_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --pikpak-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PIKPAK_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+## Backend commands
+
+Here are the commands specific to the pikpak backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](/rc/#backend-command).
+
+### addurl
+
+Add offline download task for url
+
+    rclone backend addurl remote: [options] [<arguments>+]
+
+This command adds offline download task for url.
+
+Usage:
+
+    rclone backend addurl pikpak:dirpath url
+
+Downloads will be stored in 'dirpath'. If 'dirpath' is invalid, 
+download will fallback to default 'My Pack' folder.
+
+
+### decompress
+
+Request decompress of a file/files in a folder
+
+    rclone backend decompress remote: [options] [<arguments>+]
+
+This command requests decompress of file/files in a folder.
+
+Usage:
+
+    rclone backend decompress pikpak:dirpath {filename} -o password=password
+    rclone backend decompress pikpak:dirpath {filename} -o delete-src-file
+
+An optional argument 'filename' can be specified for a file located in 
+'pikpak:dirpath'. You may want to pass '-o password=password' for a 
+password-protected files. Also, pass '-o delete-src-file' to delete 
+source files after decompression finished.
+
+Result:
+
+    {
+        "Decompressed": 17,
+        "SourceDeleted": 0,
+        "Errors": 0
+    }
+
+
+{{< rem autogenerated options stop >}}
+
+## Limitations
+
+### Hashes may be empty
+
+PikPak supports MD5 hash, but sometimes given empty especially for user-uploaded files.
+
+### Deleted files still visible with trashed-only
+
+Deleted files will still be visible with `--pikpak-trashed-only` even after the
+trash emptied. This goes away after few days.
diff --git a/docs/content/premiumizeme.md b/docs/content/premiumizeme.md
index 39d40a5cd5a06..2d462c60f963f 100644
--- a/docs/content/premiumizeme.md
+++ b/docs/content/premiumizeme.md
@@ -84,7 +84,7 @@ To copy a local directory to an premiumize.me directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes
+### Modification times and hashes
 
 premiumize.me does not support modification times or hashes, therefore
 syncing will default to `--size-only` checking.  Note that using
@@ -108,6 +108,32 @@ as they can't be used in JSON strings.
 
 Here are the Standard options specific to premiumizeme (premiumize.me).
 
+#### --premiumizeme-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
 #### --premiumizeme-api-key
 
 API Key.
@@ -126,6 +152,43 @@ Properties:
 
 Here are the Advanced options specific to premiumizeme (premiumize.me).
 
+#### --premiumizeme-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PREMIUMIZEME_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN_URL
+- Type:        string
+- Required:    false
+
 #### --premiumizeme-encoding
 
 The encoding for the backend.
@@ -136,7 +199,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_PREMIUMIZEME_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/protondrive.md b/docs/content/protondrive.md
new file mode 100644
index 0000000000000..3b23d39fea588
--- /dev/null
+++ b/docs/content/protondrive.md
@@ -0,0 +1,359 @@
+---
+title: "Proton Drive"
+description: "Rclone docs for Proton Drive"
+versionIntroduced: "v1.64.0"
+status: Beta
+---
+
+# {{< icon "fa fa-folder" >}} Proton Drive
+
+[Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+ for your files that protects your data.
+
+This is an rclone backend for Proton Drive which supports the file transfer
+features of Proton Drive using the same client-side encryption.
+
+Due to the fact that Proton Drive doesn't publish its API documentation, this 
+backend is implemented with best efforts by reading the open-sourced client 
+source code and observing the Proton Drive traffic in the browser.
+
+**NB** This backend is currently in Beta. It is believed to be correct
+and all the integration tests pass. However the Proton Drive protocol
+has evolved over time there may be accounts it is not compatible
+with. Please [post on the rclone forum](https://forum.rclone.org/) if
+you find an incompatibility.
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
+
+## Configurations
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Proton Drive
+   \ "Proton Drive"
+[snip]
+Storage> protondrive
+User name
+user> you@protonmail.com
+Password.
+y) Yes type in my own password
+g) Generate random password
+n) No leave this optional password blank
+y/g/n> y
+Enter the password:
+password:
+Confirm the password:
+password:
+Option 2fa.
+2FA code (if the account requires one)
+Enter a value. Press Enter to leave empty.
+2fa> 123456
+Remote config
+--------------------
+[remote]
+type = protondrive
+user = you@protonmail.com
+pass = *** ENCRYPTED ***
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+**NOTE:** The Proton Drive encryption keys need to have been already generated 
+after a regular login via the browser, otherwise attempting to use the 
+credentials in `rclone` will fail.
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Proton Drive
+
+    rclone lsd remote:
+
+List all the files in your Proton Drive
+
+    rclone ls remote:
+
+To copy a local directory to an Proton Drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Proton Drive Bridge does not support updating modification times yet.
+
+The SHA1 hash algorithm is supported.
+
+### Restricted filename characters
+
+Invalid UTF-8 bytes will be [replaced](/overview/#invalid-utf8), also left and 
+right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
+
+### Duplicated files
+
+Proton Drive can not have two files with exactly the same name and path. If the 
+conflict occurs, depending on the advanced config, the file might or might not 
+be overwritten.
+
+### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
+
+Please set your mailbox password in the advanced config section.
+
+### Caching
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/protondrive/protondrive.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to protondrive (Proton Drive).
+
+#### --protondrive-username
+
+The username of your proton account
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PROTONDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --protondrive-password
+
+The password of your proton account.
+
+**NB** Input to this must be obscured - see [rclone obscure](/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --protondrive-2fa
+
+The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_PROTONDRIVE_2FA
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to protondrive (Proton Drive).
+
+#### --protondrive-mailbox-password
+
+The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      mailbox_password
+- Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-uid
+
+Client uid key (internal use only)
+
+Properties:
+
+- Config:      client_uid
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-access-token
+
+Client access token key (internal use only)
+
+Properties:
+
+- Config:      client_access_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-refresh-token
+
+Client refresh token key (internal use only)
+
+Properties:
+
+- Config:      client_refresh_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-salted-key-pass
+
+Client salted key pass key (internal use only)
+
+Properties:
+
+- Config:      client_salted_key_pass
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+- Type:        string
+- Required:    false
+
+#### --protondrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PROTONDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
+
+#### --protondrive-original-file-size
+
+Return the file size before encryption
+			
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly
+
+Properties:
+
+- Config:      original_file_size
+- Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+- Type:        bool
+- Default:     true
+
+#### --protondrive-app-version
+
+The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.
+
+Properties:
+
+- Config:      app_version
+- Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+- Type:        string
+- Default:     "macos-drive@1.0.0-alpha.1+rclone"
+
+#### --protondrive-replace-existing-draft
+
+Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error "a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt" 
+will be returned, and no upload will happen.
+
+Properties:
+
+- Config:      replace_existing_draft
+- Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+- Type:        bool
+- Default:     false
+
+#### --protondrive-enable-caching
+
+Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn't update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won’t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+Properties:
+
+- Config:      enable_caching
+- Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+- Type:        bool
+- Default:     true
+
+{{< rem autogenerated options stop >}}
+
+## Limitations
+
+This backend uses the 
+[Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
+
+There is no official API documentation available from Proton Drive. But, thanks 
+to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+and the web, iOS, and Android client codebases, we don't need to completely 
+reverse engineer the APIs by observing the web client traffic! 
+
+[proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+building blocks of API calls and error handling, such as 429 exponential 
+back-off, but it is pretty much just a barebone interface to the Proton API. 
+For example, the encryption and decryption of the Proton Drive file are not 
+provided in this library. 
+
+The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+top of this quickly. This codebase handles the intricate tasks before and after 
+calling Proton APIs, particularly the complex encryption scheme, allowing 
+developers to implement features for other software on top of this codebase. 
+There are likely quite a few errors in this library, as there isn't official 
+documentation available. 
diff --git a/docs/content/putio.md b/docs/content/putio.md
index 1c45a8d73ec57..8c8722b9d3db0 100644
--- a/docs/content/putio.md
+++ b/docs/content/putio.md
@@ -115,10 +115,77 @@ Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
 as they can't be used in JSON strings.
 
 {{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/putio/putio.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to putio (Put.io).
+
+#### --putio-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PUTIO_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --putio-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PUTIO_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
 ### Advanced options
 
 Here are the Advanced options specific to putio (Put.io).
 
+#### --putio-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PUTIO_TOKEN
+- Type:        string
+- Required:    false
+
+#### --putio-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PUTIO_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --putio-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PUTIO_TOKEN_URL
+- Type:        string
+- Required:    false
+
 #### --putio-encoding
 
 The encoding for the backend.
@@ -129,7 +196,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_PUTIO_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/qingstor.md b/docs/content/qingstor.md
index 219e61a9b213e..69fd51f81d5df 100644
--- a/docs/content/qingstor.md
+++ b/docs/content/qingstor.md
@@ -307,7 +307,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_QINGSTOR_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Ctl,InvalidUtf8
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/quatrix.md b/docs/content/quatrix.md
new file mode 100644
index 0000000000000..bc8d715fd8eb4
--- /dev/null
+++ b/docs/content/quatrix.md
@@ -0,0 +1,249 @@
+---
+title: "Quatrix"
+description: "Rclone docs for Quatrix"
+versionIntroduced: "v1.63.2"
+---
+
+# {{< icon "fas fa-shield-alt" >}} Quatrix
+
+Quatrix by Maytech is [Quatrix Secure Compliant File Sharing | Maytech](https://www.maytech.net/products/quatrix-business).
+
+Paths are specified as `remote:path`
+
+Paths may be as deep as required, e.g., `remote:directory/subdirectory`.
+
+The initial setup for Quatrix involves getting an API Key from Quatrix. You can get the API key in the user's profile at `https://<account>/profile/api-keys`
+or with the help of the API - https://docs.maytech.net/quatrix/quatrix-api/api-explorer#/API-Key/post_api_key_create.
+
+See complete Swagger documentation for Quatrix - https://docs.maytech.net/quatrix/quatrix-api/api-explorer
+
+## Configuration
+
+Here is an example of how to make a remote called `remote`.  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Quatrix by Maytech
+   \ "quatrix"
+[snip]
+Storage> quatrix
+API key for accessing Quatrix account.
+api_key> your_api_key
+Host name of Quatrix account.
+host> example.quatrix.it
+
+--------------------
+[remote]
+api_key = your_api_key
+host = example.quatrix.it
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+Once configured you can then use `rclone` like this,
+
+List directories in top level of your Quatrix
+
+    rclone lsd remote:
+
+List all the files in your Quatrix
+
+    rclone ls remote:
+
+To copy a local directory to an Quatrix directory called backup
+
+    rclone copy /home/source remote:backup
+
+### API key validity
+
+API Key is created with no expiration date. It will be valid until you delete or deactivate it in your account.
+After disabling, the API Key can be enabled back. If the API Key was deleted and a new key was created, you can
+update it in rclone config. The same happens if the hostname was changed.
+
+```
+$ rclone config
+Current remotes:
+
+Name                 Type
+====                 ====
+remote               quatrix
+
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> e
+Choose a number from below, or type in an existing value
+ 1 > remote
+remote> remote
+--------------------
+[remote]
+type = quatrix
+host = some_host.quatrix.it
+api_key = your_api_key
+--------------------
+Edit remote
+Option api_key.
+API key for accessing Quatrix account
+Enter a string value. Press Enter for the default (your_api_key)
+api_key>
+Option host.
+Host name of Quatrix account
+Enter a string value. Press Enter for the default (some_host.quatrix.it).
+
+--------------------
+[remote]
+type = quatrix
+host = some_host.quatrix.it
+api_key = your_api_key
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+### Modification times and hashes
+
+Quatrix allows modification times to be set on objects accurate to 1 microsecond.
+These will be used to detect whether objects need syncing or not.
+
+Quatrix does not support hashes, so you cannot use the `--checksum` flag.
+
+### Restricted filename characters
+
+File names in Quatrix are case sensitive and have limitations like the maximum length of a filename is 255, and the minimum length is 1. A file name cannot be equal to `.` or `..` nor contain `/` , `\` or non-printable ascii.
+
+### Transfers
+
+For files above 50 MiB rclone will use a chunked transfer. Rclone will upload up to `--transfers` chunks at the same time (shared among all multipart uploads).
+Chunks are buffered in memory, and the minimal chunk size is 10_000_000 bytes by default, and it can be changed in the advanced configuration, so increasing `--transfers` will increase the memory use.
+The chunk size has a maximum size limit, which is set to 100_000_000 bytes by default and can be changed in the advanced configuration.
+The size of the uploaded chunk will dynamically change depending on the upload speed.
+The total memory use equals the number of transfers multiplied by the minimal chunk size.
+In case there's free memory allocated for the upload (which equals the difference of `maximal_summary_chunk_size` and `minimal_chunk_size` * `transfers`),
+the chunk size may increase in case of high upload speed. As well as it can decrease in case of upload speed problems.
+If no free memory is available, all chunks will equal `minimal_chunk_size`.
+
+### Deleting files
+
+Files you delete with rclone will end up in Trash and be stored there for 30 days.
+Quatrix also provides an API to permanently delete files and an API to empty the Trash so that you can remove files permanently from your account.
+
+{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/quatrix/quatrix.go then run make backenddocs" >}}
+### Standard options
+
+Here are the Standard options specific to quatrix (Quatrix by Maytech).
+
+#### --quatrix-api-key
+
+API key for accessing Quatrix account
+
+Properties:
+
+- Config:      api_key
+- Env Var:     RCLONE_QUATRIX_API_KEY
+- Type:        string
+- Required:    true
+
+#### --quatrix-host
+
+Host name of Quatrix account
+
+Properties:
+
+- Config:      host
+- Env Var:     RCLONE_QUATRIX_HOST
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to quatrix (Quatrix by Maytech).
+
+#### --quatrix-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_QUATRIX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+#### --quatrix-effective-upload-time
+
+Wanted upload time for one chunk
+
+Properties:
+
+- Config:      effective_upload_time
+- Env Var:     RCLONE_QUATRIX_EFFECTIVE_UPLOAD_TIME
+- Type:        string
+- Default:     "4s"
+
+#### --quatrix-minimal-chunk-size
+
+The minimal size for one chunk
+
+Properties:
+
+- Config:      minimal_chunk_size
+- Env Var:     RCLONE_QUATRIX_MINIMAL_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     9.537Mi
+
+#### --quatrix-maximal-summary-chunk-size
+
+The maximal summary for all chunks. It should not be less than 'transfers'*'minimal_chunk_size'
+
+Properties:
+
+- Config:      maximal_summary_chunk_size
+- Env Var:     RCLONE_QUATRIX_MAXIMAL_SUMMARY_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     95.367Mi
+
+#### --quatrix-hard-delete
+
+Delete files permanently rather than putting them into the trash.
+
+Properties:
+
+- Config:      hard_delete
+- Env Var:     RCLONE_QUATRIX_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+{{< rem autogenerated options stop >}}
+
+## Storage usage
+
+The storage usage in Quatrix is restricted to the account during the purchase. You can restrict any user with a smaller storage limit.
+The account limit is applied if the user has no custom storage limit. Once you've reached the limit, the upload of files will fail.
+This can be fixed by freeing up the space or increasing the quota.
+
+## Server-side operations
+
+Quatrix supports server-side operations (copy and move). In case of conflict, files are overwritten during server-side operation.
\ No newline at end of file
diff --git a/docs/content/rc.md b/docs/content/rc.md
index 1cb4dd55ba9f6..7e4ed11d00a9b 100644
--- a/docs/content/rc.md
+++ b/docs/content/rc.md
@@ -304,7 +304,7 @@ parameter, you would pass this parameter in your JSON blob.
 
 If using `rclone rc` this could be passed as
 
-    rclone rc operations/sync ... _config='{"CheckSum": true}'
+    rclone rc sync/sync ... _config='{"CheckSum": true}'
 
 Any config parameters you don't set will inherit the global defaults
 which were set with command line flags or environment variables.
@@ -586,7 +586,7 @@ See the [config dump](/commands/rclone_config_dump/) command for more informatio
 
 **Authentication is required for this call.**
 
-### config/listremotes: Lists the remotes in the config file. {#config-listremotes}
+### config/listremotes: Lists the remotes in the config file and defined in environment variables. {#config-listremotes}
 
 Returns
 - remotes - array of remote names
@@ -732,6 +732,28 @@ OR
 
 **Authentication is required for this call.**
 
+### core/du: Returns disk usage of a locally attached disk. {#core-du}
+
+This returns the disk usage for the local directory passed in as dir.
+
+If the directory is not passed in, it defaults to the directory
+pointed to by --cache-dir.
+
+- dir - string (optional)
+
+Returns:
+
+```
+{
+	"dir": "/",
+	"info": {
+		"Available": 361769115648,
+		"Free": 361785892864,
+		"Total": 982141468672
+	}
+}
+```
+
 ### core/gc: Runs a garbage collection. {#core-gc}
 
 This tells the go runtime to do a garbage collection run.  It isn't
@@ -811,6 +833,10 @@ Returns the following values:
 	"lastError": last error string,
 	"renames" : number of files renamed,
 	"retryError": boolean showing whether there has been at least one non-NoRetryError,
+        "serverSideCopies": number of server side copies done,
+        "serverSideCopyBytes": number bytes server side copied,
+        "serverSideMoves": number of server side moves done,
+        "serverSideMoveBytes": number bytes server side moved,
 	"speed": average speed in bytes per second since start of the group,
 	"totalBytes": total number of bytes in the group,
 	"totalChecks": total number of checks in the group,
@@ -1012,7 +1038,8 @@ Parameters: None.
 
 Results:
 
-- jobids - array of integer job ids.
+- executeId - string id of rclone executing (change after restart)
+- jobids - array of integer job ids (starting at 1 on each restart)
 
 ### job/status: Reads the status of the job ID {#job-status}
 
@@ -1146,6 +1173,56 @@ See the [about](/commands/rclone_about/) command for more information on the abo
 
 **Authentication is required for this call.**
 
+### operations/check: check the source and destination are the same {#operations-check}
+
+Checks the files in the source and destination match.  It compares
+sizes and hashes and logs a report of files that don't
+match.  It doesn't alter the source or destination.
+
+This takes the following parameters:
+
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
+- download - check by downloading rather than with hash
+- checkFileHash - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- checkFileFs - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- checkFileRemote - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- oneWay -  check one way only, source files must exist on remote
+- combined - make a combined report of changes (default false)
+- missingOnSrc - report all files missing from the source (default true)
+- missingOnDst - report all files missing from the destination (default true)
+- match - report all matching files (default false)
+- differ - report all non-matching files (default true)
+- error - report all files with errors (hashing or reading) (default true)
+
+If you supply the download flag, it will download the data from
+both remotes and check them against each other on the fly.  This can
+be useful for remotes that don't support hashes or if you really want
+to check all the data.
+
+If you supply the size-only global flag, it will only compare the sizes not
+the hashes as well.  Use this for a quick check.
+
+If you supply the checkFileHash option with a valid hash name, the
+checkFileFs:checkFileRemote must point to a text file in the SUM
+format. This treats the checksum file as the source and dstFs as the
+destination. Note that srcFs is not used and should not be supplied in
+this case.
+
+Returns:
+
+- success - true if no error, false otherwise
+- status - textual summary of check, OK or text string
+- hashType - hash used in check, may be missing
+- combined - array of strings of combined report of changes
+- missingOnSrc - array of strings of all files missing from the source
+- missingOnDst - array of strings of all files missing from the destination
+- match - array of strings of all matching files
+- differ - array of strings of all non-matching files
+- error - array of strings of all files with errors (hashing or reading)
+
+**Authentication is required for this call.**
+
 ### operations/cleanup: Remove trashed files in the remote or path {#operations-cleanup}
 
 This takes the following parameters:
@@ -1160,9 +1237,9 @@ See the [cleanup](/commands/rclone_cleanup/) command for more information on the
 
 This takes the following parameters:
 
-- srcFs - a remote name string e.g. "drive:" for the source
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
 - srcRemote - a path within that remote e.g. "file.txt" for the source
-- dstFs - a remote name string e.g. "drive2:" for the destination
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
 - dstRemote - a path within that remote e.g. "file2.txt" for the destination
 
 **Authentication is required for this call.**
@@ -1357,9 +1434,9 @@ See the [mkdir](/commands/rclone_mkdir/) command for more information on the abo
 
 This takes the following parameters:
 
-- srcFs - a remote name string e.g. "drive:" for the source
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
 - srcRemote - a path within that remote e.g. "file.txt" for the source
-- dstFs - a remote name string e.g. "drive2:" for the destination
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
 - dstRemote - a path within that remote e.g. "file2.txt" for the destination
 
 **Authentication is required for this call.**
@@ -1415,6 +1492,27 @@ See the [rmdirs](/commands/rclone_rmdirs/) command for more information on the a
 
 **Authentication is required for this call.**
 
+### operations/settier: Changes storage tier or class on all files in the path {#operations-settier}
+
+This takes the following parameters:
+
+- fs - a remote name string e.g. "drive:"
+
+See the [settier](/commands/rclone_settier/) command for more information on the above.
+
+**Authentication is required for this call.**
+
+### operations/settierfile: Changes storage tier or class on the single file pointed to {#operations-settierfile}
+
+This takes the following parameters:
+
+- fs - a remote name string e.g. "drive:"
+- remote - a path within that remote e.g. "dir"
+
+See the [settierfile](/commands/rclone_settierfile/) command for more information on the above.
+
+**Authentication is required for this call.**
+
 ### operations/size: Count the number of bytes and files in remote {#operations-size}
 
 This takes the following parameters:
@@ -1650,11 +1748,16 @@ This takes the following parameters
 - checkFilename - file name for checkAccess (default: RCLONE_TEST)
 - maxDelete - abort sync if percentage of deleted files is above
   this threshold (default: 50)
-- force - maxDelete safety check and run the sync
+- force - Bypass maxDelete safety check and run the sync
 - checkSync - `true` by default, `false` disables comparison of final listings,
               `only` will skip sync, only compare listings from the last run
+- createEmptySrcDirs - Sync creation and deletion of empty directories. 
+			  (Not compatible with --remove-empty-dirs)
 - removeEmptyDirs - remove empty directories at the final cleanup step
 - filtersFile - read filtering patterns from a file
+- ignoreListingChecksum - Do not use checksums for listings
+- resilient - Allow future runs to retry after certain less-serious errors, instead of requiring resync. 
+            Use at your own risk!
 - workdir - server directory for history files (default: /home/ncw/.cache/rclone/bisync)
 - noCleanup - retain working files
 
diff --git a/docs/content/release_signing.md b/docs/content/release_signing.md
new file mode 100644
index 0000000000000..8e19303dca5c5
--- /dev/null
+++ b/docs/content/release_signing.md
@@ -0,0 +1,158 @@
+---
+title: "Release Signing"
+description: "How the release is signed and how to check the signature."
+---
+
+# Release signing
+
+The hashes of the binary artefacts of the rclone release are signed
+with a public PGP/GPG key. This can be verified manually as described
+below.
+
+The same mechanism is also used by [rclone selfupdate](/commands/rclone_selfupdate/)
+to verify that the release has not been tampered with before the new
+update is installed. This checks the SHA256 hash and the signature
+with a public key compiled into the rclone binary.
+
+## Release signing key
+
+You may obtain the release signing key from:
+
+- From [KEYS](/KEYS) on this website - this file contains all past signing keys also.
+- The git repository hosted on GitHub - https://github.com/rclone/rclone/blob/master/docs/content/KEYS
+- `gpg --keyserver hkps://keys.openpgp.org --search nick@craig-wood.com`
+- `gpg --keyserver hkps://keyserver.ubuntu.com --search nick@craig-wood.com`
+- https://www.craig-wood.com/nick/pub/pgp-key.txt
+
+After importing the key, verify that the fingerprint of one of the
+keys matches: `FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA` as this key is used for signing.
+
+We recommend that you cross-check the fingerprint shown above through
+the domains listed below. By cross-checking the integrity of the
+fingerprint across multiple domains you can be confident that you
+obtained the correct key.
+
+- The [source for this page on GitHub](https://github.com/rclone/rclone/blob/master/docs/content/release_signing.md).
+- Through DNS `dig key.rclone.org txt`
+
+If you find anything that doesn't not match, please contact the
+developers at once.
+
+## How to verify the release
+
+In the release directory you will see the release files and some files called `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS`.
+
+```
+$ rclone lsf --http-url https://downloads.rclone.org/v1.63.1 :http:
+MD5SUMS
+SHA1SUMS
+SHA256SUMS
+rclone-v1.63.1-freebsd-386.zip
+rclone-v1.63.1-freebsd-amd64.zip
+...
+rclone-v1.63.1-windows-arm64.zip
+rclone-v1.63.1.tar.gz
+version.txt
+```
+
+The `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS` contain hashes of the
+binary files in the release directory along with a signature.
+
+For example:
+
+```
+$ rclone cat --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113  rclone-v1.63.1-freebsd-386.zip
+7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e  rclone-v1.63.1-freebsd-amd64.zip
+...
+66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73  rclone-v1.63.1-windows-amd64.zip
+bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0  rclone-v1.63.1-windows-arm64.zip
+-----BEGIN PGP SIGNATURE-----
+
+iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZLVKJQAKCRCTk14C/ztU
++pZuAJ0XJ+QWLP/3jCtkmgcgc4KAwd/rrwCcCRZQ7E+oye1FPY46HOVzCFU3L7g=
+=8qrL
+-----END PGP SIGNATURE-----
+```
+
+### Download the files
+
+The first step is to download the binary and SUMs file and verify that
+the SUMs you have downloaded match. Here we download
+`rclone-v1.63.1-windows-amd64.zip` - choose the binary (or binaries)
+appropriate to your architecture. We've also chosen the `SHA256SUMS`
+as these are the most secure. You could verify the other types of hash
+also for extra security. `rclone selfupdate` verifies just the
+`SHA256SUMS`.
+
+```
+$ mkdir /tmp/check
+$ cd /tmp/check
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS .
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:rclone-v1.63.1-windows-amd64.zip .
+```
+
+### Verify the signatures
+
+First verify the signatures on the SHA256 file.
+
+Import the key. See above for ways to verify this key is correct.
+
+```
+$ gpg --keyserver keyserver.ubuntu.com --receive-keys FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: key 93935E02FF3B54FA: public key "Nick Craig-Wood <nick@craig-wood.com>" imported
+gpg: Total number processed: 1
+gpg:               imported: 1
+```
+
+Then check the signature:
+
+```
+$ gpg --verify SHA256SUMS 
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
+```
+
+Verify the signature was good and is using the fingerprint shown above.
+
+Repeat for `MD5SUMS` and `SHA1SUMS` if desired.
+
+### Verify the hashes
+
+Now that we know the signatures on the hashes are OK we can verify the
+binaries match the hashes, completing the verification.
+
+```
+$ sha256sum -c SHA256SUMS 2>&1 | grep OK
+rclone-v1.63.1-windows-amd64.zip: OK
+```
+
+Or do the check with rclone
+
+```
+$ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip 
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 0
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 1
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 49
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: 4 warning(s) suppressed...
+= rclone-v1.63.1-windows-amd64.zip
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 0 differences found
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 1 matching files
+```
+
+### Verify signatures and hashes together
+
+You can verify the signatures and hashes in one command line like this:
+
+```
+$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
+gpg:                 aka "Nick Craig-Wood <nick@memset.com>" [unknown]
+rclone-v1.63.1-windows-amd64.zip: OK
+```
diff --git a/docs/content/s3.md b/docs/content/s3.md
index c6c5f6edb604f..aa16509acdd8e 100644
--- a/docs/content/s3.md
+++ b/docs/content/s3.md
@@ -17,19 +17,25 @@ The S3 backend can be used with a number of different providers:
 {{< provider name="Arvan Cloud Object Storage (AOS)" home="https://www.arvancloud.com/en/products/cloud-storage" config="/s3/#arvan-cloud" >}}
 {{< provider name="DigitalOcean Spaces" home="https://www.digitalocean.com/products/object-storage/" config="/s3/#digitalocean-spaces" >}}
 {{< provider name="Dreamhost" home="https://www.dreamhost.com/cloud/storage/" config="/s3/#dreamhost" >}}
+{{< provider name="GCS" home="https://cloud.google.com/storage/docs" config="/s3/#google-cloud-storage" >}}
 {{< provider name="Huawei OBS" home="https://www.huaweicloud.com/intl/en-us/product/obs.html" config="/s3/#huawei-obs" >}}
 {{< provider name="IBM COS S3" home="http://www.ibm.com/cloud/object-storage" config="/s3/#ibm-cos-s3" >}}
 {{< provider name="IDrive e2" home="https://www.idrive.com/e2/?refer=rclone" config="/s3/#idrive-e2" >}}
 {{< provider name="IONOS Cloud" home="https://cloud.ionos.com/storage/object-storage" config="/s3/#ionos" >}}
+{{< provider name="Leviia Object Storage" home="https://www.leviia.com/object-storage/" config="/s3/#leviia" >}}
 {{< provider name="Liara Object Storage" home="https://liara.ir/landing/object-storage" config="/s3/#liara-cloud" >}}
+{{< provider name="Linode Object Storage" home="https://www.linode.com/products/object-storage/" config="/s3/#linode" >}}
 {{< provider name="Minio" home="https://www.minio.io/" config="/s3/#minio" >}}
+{{< provider name="Petabox" home="https://petabox.io/" config="/s3/#petabox" >}}
 {{< provider name="Qiniu Cloud Object Storage (Kodo)" home="https://www.qiniu.com/en/products/kodo" config="/s3/#qiniu" >}}
 {{< provider name="RackCorp Object Storage" home="https://www.rackcorp.com/" config="/s3/#RackCorp" >}}
+{{< provider name="Rclone Serve S3" home="/commands/rclone_serve_http/" config="/s3/#rclone" >}}
 {{< provider name="Scaleway" home="https://www.scaleway.com/en/object-storage/" config="/s3/#scaleway" >}}
 {{< provider name="Seagate Lyve Cloud" home="https://www.seagate.com/gb/en/services/cloud/storage/" config="/s3/#lyve" >}}
 {{< provider name="SeaweedFS" home="https://github.com/chrislusf/seaweedfs/" config="/s3/#seaweedfs" >}}
 {{< provider name="StackPath" home="https://www.stackpath.com/products/object-storage/" config="/s3/#stackpath" >}}
 {{< provider name="Storj" home="https://storj.io/" config="/s3/#storj" >}}
+{{< provider name="Synology C2 Object Storage" home="https://c2.synology.com/en-global/object-storage/overview" config="/s3/#synology-c2" >}}
 {{< provider name="Tencent Cloud Object Storage (COS)" home="https://intl.cloud.tencent.com/product/cos" config="/s3/#tencent-cos" >}}
 {{< provider name="Wasabi" home="https://wasabi.com/" config="/s3/#wasabi" end="true" >}}
 {{< /provider_list >}}
@@ -265,7 +271,9 @@ d) Delete this remote
 y/e/d>
 ```
 
-### Modified time
+### Modification times and hashes
+
+#### Modification times
 
 The modified time is stored as metadata on the object as
 `X-Amz-Meta-Mtime` as floating point since the epoch, accurate to 1 ns.
@@ -278,6 +286,29 @@ storage the object will be uploaded rather than copied.
 Note that reading this from the object takes an additional `HEAD`
 request as the metadata isn't returned in object listings.
 
+#### Hashes
+
+For small objects which weren't uploaded as multipart uploads (objects
+sized below `--s3-upload-cutoff` if uploaded with rclone) rclone uses
+the `ETag:` header as an MD5 checksum.
+
+However for objects which were uploaded as multipart uploads or with
+server side encryption (SSE-AWS or SSE-C) the `ETag` header is no
+longer the MD5 sum of the data, so rclone adds an additional piece of
+metadata `X-Amz-Meta-Md5chksum` which is a base64 encoded MD5 hash (in
+the same format as is required for `Content-MD5`).  You can use base64 -d and hexdump to check this value manually:
+
+    echo 'VWTGdNx3LyXQDfA0e2Edxw==' | base64 -d | hexdump
+
+or you can use `rclone check` to verify the hashes are OK.
+
+For large objects, calculating this hash can take some time so the
+addition of this hash can be disabled with `--s3-disable-checksum`.
+This will mean that these objects do not have an MD5 checksum.
+
+Note that reading this from the object takes an additional `HEAD`
+request as the metadata isn't returned in object listings.
+
 ### Reducing costs
 
 #### Avoiding HEAD requests to read the modification time
@@ -369,25 +400,6 @@ there for more details.
 
 Setting this flag increases the chance for undetected upload failures.
 
-### Hashes
-
-For small objects which weren't uploaded as multipart uploads (objects
-sized below `--s3-upload-cutoff` if uploaded with rclone) rclone uses
-the `ETag:` header as an MD5 checksum.
-
-However for objects which were uploaded as multipart uploads or with
-server side encryption (SSE-AWS or SSE-C) the `ETag` header is no
-longer the MD5 sum of the data, so rclone adds an additional piece of
-metadata `X-Amz-Meta-Md5chksum` which is a base64 encoded MD5 hash (in
-the same format as is required for `Content-MD5`).
-
-For large objects, calculating this hash can take some time so the
-addition of this hash can be disabled with `--s3-disable-checksum`.
-This will mean that these objects do not have an MD5 checksum.
-
-Note that reading this from the object takes an additional `HEAD`
-request as the metadata isn't returned in object listings.
-
 ### Versions
 
 When bucket versioning is enabled (this can be done with rclone with
@@ -456,6 +468,19 @@ $ rclone -q --s3-versions ls s3:cleanup-test
         9 one.txt
 ```
 
+#### Versions naming caveat
+
+When using `--s3-versions` flag rclone is relying on the file name
+to work out whether the objects are versions or not. Versions' names
+are created by inserting timestamp between file name and its extension.
+```
+        9 file.txt
+        8 file-v2023-07-17-161032-000.txt
+       16 file-v2023-06-15-141003-000.txt
+```
+If there are real files present with the same names as versions, then
+behaviour of `--s3-versions` can be unpredictable.
+
 ### Cleanup
 
 If you run `rclone cleanup s3:bucket` then it will remove all pending
@@ -543,7 +568,7 @@ The different authentication methods are tried in this order:
      - Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`
      - Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
      - Session Token: `AWS_SESSION_TOKEN` (optional)
-   - Or, use a [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html):
+   - Or, use a [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html):
      - Profile files are standard files used by AWS CLI tools
      - By default it will use the profile in your home directory (e.g. `~/.aws/credentials` on unix based systems) file and the "default" profile, to change set these environment variables:
          - `AWS_SHARED_CREDENTIALS_FILE` to control which file.
@@ -637,13 +662,14 @@ According to AWS's [documentation on S3 Object Lock](https://docs.aws.amazon.com
 
 > If you configure a default retention period on a bucket, requests to upload objects in such a bucket must include the Content-MD5 header.
 
-As mentioned in the [Hashes](#hashes) section, small files that are not uploaded as multipart, use a different tag, causing the upload to fail.
+As mentioned in the [Modification times and hashes](#modification-times-and-hashes) section,
+small files that are not uploaded as multipart, use a different tag, causing the upload to fail.
 A simple solution is to set the `--s3-upload-cutoff 0` and force all the files to be uploaded as multipart.
 
 {{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/s3/s3.go then run make backenddocs" >}}
 ### Standard options
 
-Here are the Standard options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
+Here are the Standard options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others).
 
 #### --s3-provider
 
@@ -660,18 +686,20 @@ Properties:
         - Amazon Web Services (AWS) S3
     - "Alibaba"
         - Alibaba Cloud Object Storage System (OSS) formerly Aliyun
+    - "ArvanCloud"
+        - Arvan Cloud Object Storage (AOS)
     - "Ceph"
         - Ceph Object Storage
     - "ChinaMobile"
         - China Mobile Ecloud Elastic Object Storage (EOS)
     - "Cloudflare"
         - Cloudflare R2 Storage
-    - "ArvanCloud"
-        - Arvan Cloud Object Storage (AOS)
     - "DigitalOcean"
         - DigitalOcean Spaces
     - "Dreamhost"
         - Dreamhost DreamObjects
+    - "GCS"
+        - Google Cloud Storage
     - "HuaweiOBS"
         - Huawei Object Storage Service
     - "IBMCOS"
@@ -682,14 +710,22 @@ Properties:
         - IONOS Cloud
     - "LyveCloud"
         - Seagate Lyve Cloud
+    - "Leviia"
+        - Leviia Object Storage
     - "Liara"
         - Liara Object Storage
+    - "Linode"
+        - Linode Object Storage
     - "Minio"
         - Minio Object Storage
     - "Netease"
         - Netease Object Storage (NOS)
+    - "Petabox"
+        - Petabox Object Storage
     - "RackCorp"
         - RackCorp Object Storage
+    - "Rclone"
+        - Rclone S3 Server
     - "Scaleway"
         - Scaleway Object Storage
     - "SeaweedFS"
@@ -698,6 +734,8 @@ Properties:
         - StackPath Object Storage
     - "Storj"
         - Storj (S3 Compatible Gateway)
+    - "Synology"
+        - Synology C2 Object Storage
     - "TencentCOS"
         - Tencent Cloud Object Storage (COS)
     - "Wasabi"
@@ -840,1455 +878,223 @@ Properties:
         - AWS GovCloud (US) Region.
         - Needs location constraint us-gov-west-1.
 
-#### --s3-region
+#### --s3-endpoint
 
-region - the location where your bucket will be created and your data stored.
+Endpoint for S3 API.
 
+Leave blank if using AWS to use the default endpoint for the region.
 
 Properties:
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    RackCorp
+- Config:      endpoint
+- Env Var:     RCLONE_S3_ENDPOINT
+- Provider:    AWS
 - Type:        string
 - Required:    false
-- Examples:
-    - "global"
-        - Global CDN (All locations) Region
-    - "au"
-        - Australia (All states)
-    - "au-nsw"
-        - NSW (Australia) Region
-    - "au-qld"
-        - QLD (Australia) Region
-    - "au-vic"
-        - VIC (Australia) Region
-    - "au-wa"
-        - Perth (Australia) Region
-    - "ph"
-        - Manila (Philippines) Region
-    - "th"
-        - Bangkok (Thailand) Region
-    - "hk"
-        - HK (Hong Kong) Region
-    - "mn"
-        - Ulaanbaatar (Mongolia) Region
-    - "kg"
-        - Bishkek (Kyrgyzstan) Region
-    - "id"
-        - Jakarta (Indonesia) Region
-    - "jp"
-        - Tokyo (Japan) Region
-    - "sg"
-        - SG (Singapore) Region
-    - "de"
-        - Frankfurt (Germany) Region
-    - "us"
-        - USA (AnyCast) Region
-    - "us-east-1"
-        - New York (USA) Region
-    - "us-west-1"
-        - Freemont (USA) Region
-    - "nz"
-        - Auckland (New Zealand) Region
 
-#### --s3-region
+#### --s3-location-constraint
 
-Region to connect to.
+Location constraint - must be set to match the Region.
+
+Used when creating buckets only.
 
 Properties:
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    Scaleway
+- Config:      location_constraint
+- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
+- Provider:    AWS
 - Type:        string
 - Required:    false
 - Examples:
-    - "nl-ams"
-        - Amsterdam, The Netherlands
-    - "fr-par"
-        - Paris, France
-    - "pl-waw"
-        - Warsaw, Poland
+    - ""
+        - Empty for US Region, Northern Virginia, or Pacific Northwest
+    - "us-east-2"
+        - US East (Ohio) Region
+    - "us-west-1"
+        - US West (Northern California) Region
+    - "us-west-2"
+        - US West (Oregon) Region
+    - "ca-central-1"
+        - Canada (Central) Region
+    - "eu-west-1"
+        - EU (Ireland) Region
+    - "eu-west-2"
+        - EU (London) Region
+    - "eu-west-3"
+        - EU (Paris) Region
+    - "eu-north-1"
+        - EU (Stockholm) Region
+    - "eu-south-1"
+        - EU (Milan) Region
+    - "EU"
+        - EU Region
+    - "ap-southeast-1"
+        - Asia Pacific (Singapore) Region
+    - "ap-southeast-2"
+        - Asia Pacific (Sydney) Region
+    - "ap-northeast-1"
+        - Asia Pacific (Tokyo) Region
+    - "ap-northeast-2"
+        - Asia Pacific (Seoul) Region
+    - "ap-northeast-3"
+        - Asia Pacific (Osaka-Local) Region
+    - "ap-south-1"
+        - Asia Pacific (Mumbai) Region
+    - "ap-east-1"
+        - Asia Pacific (Hong Kong) Region
+    - "sa-east-1"
+        - South America (Sao Paulo) Region
+    - "me-south-1"
+        - Middle East (Bahrain) Region
+    - "af-south-1"
+        - Africa (Cape Town) Region
+    - "cn-north-1"
+        - China (Beijing) Region
+    - "cn-northwest-1"
+        - China (Ningxia) Region
+    - "us-gov-east-1"
+        - AWS GovCloud (US-East) Region
+    - "us-gov-west-1"
+        - AWS GovCloud (US) Region
 
-#### --s3-region
+#### --s3-acl
 
-Region to connect to. - the location where your bucket will be created and your data stored. Need bo be same with your endpoint.
+Canned ACL used when creating buckets and storing or copying objects.
 
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
 
-Properties:
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    HuaweiOBS
-- Type:        string
-- Required:    false
-- Examples:
-    - "af-south-1"
-        - AF-Johannesburg
-    - "ap-southeast-2"
-        - AP-Bangkok
-    - "ap-southeast-3"
-        - AP-Singapore
-    - "cn-east-3"
-        - CN East-Shanghai1
-    - "cn-east-2"
-        - CN East-Shanghai2
-    - "cn-north-1"
-        - CN North-Beijing1
-    - "cn-north-4"
-        - CN North-Beijing4
-    - "cn-south-1"
-        - CN South-Guangzhou
-    - "ap-southeast-1"
-        - CN-Hong Kong
-    - "sa-argentina-1"
-        - LA-Buenos Aires1
-    - "sa-peru-1"
-        - LA-Lima1
-    - "na-mexico-1"
-        - LA-Mexico City1
-    - "sa-chile-1"
-        - LA-Santiago2
-    - "sa-brazil-1"
-        - LA-Sao Paulo1
-    - "ru-northwest-2"
-        - RU-Moscow2
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
 
-#### --s3-region
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
 
-Region to connect to.
 
 Properties:
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    Cloudflare
+- Config:      acl
+- Env Var:     RCLONE_S3_ACL
+- Provider:    !Storj,Synology,Cloudflare
 - Type:        string
 - Required:    false
 - Examples:
-    - "auto"
-        - R2 buckets are automatically distributed across Cloudflare's data centers for low latency.
+    - "default"
+        - Owner gets Full_CONTROL.
+        - No one else has access rights (default).
+    - "private"
+        - Owner gets FULL_CONTROL.
+        - No one else has access rights (default).
+    - "public-read"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ access.
+    - "public-read-write"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ and WRITE access.
+        - Granting this on a bucket is generally not recommended.
+    - "authenticated-read"
+        - Owner gets FULL_CONTROL.
+        - The AuthenticatedUsers group gets READ access.
+    - "bucket-owner-read"
+        - Object owner gets FULL_CONTROL.
+        - Bucket owner gets READ access.
+        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+    - "bucket-owner-full-control"
+        - Both the object owner and the bucket owner get FULL_CONTROL over the object.
+        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+    - "private"
+        - Owner gets FULL_CONTROL.
+        - No one else has access rights (default).
+        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS.
+    - "public-read"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ access.
+        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS.
+    - "public-read-write"
+        - Owner gets FULL_CONTROL.
+        - The AllUsers group gets READ and WRITE access.
+        - This acl is available on IBM Cloud (Infra), On-Premise IBM COS.
+    - "authenticated-read"
+        - Owner gets FULL_CONTROL.
+        - The AuthenticatedUsers group gets READ access.
+        - Not supported on Buckets.
+        - This acl is available on IBM Cloud (Infra) and On-Premise IBM COS.
 
-#### --s3-region
+#### --s3-server-side-encryption
 
-Region to connect to.
+The server-side encryption algorithm used when storing this object in S3.
 
 Properties:
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    Qiniu
+- Config:      server_side_encryption
+- Env Var:     RCLONE_S3_SERVER_SIDE_ENCRYPTION
+- Provider:    AWS,Ceph,ChinaMobile,Minio
 - Type:        string
 - Required:    false
 - Examples:
-    - "cn-east-1"
-        - The default endpoint - a good choice if you are unsure.
-        - East China Region 1.
-        - Needs location constraint cn-east-1.
-    - "cn-east-2"
-        - East China Region 2.
-        - Needs location constraint cn-east-2.
-    - "cn-north-1"
-        - North China Region 1.
-        - Needs location constraint cn-north-1.
-    - "cn-south-1"
-        - South China Region 1.
-        - Needs location constraint cn-south-1.
-    - "us-north-1"
-        - North America Region.
-        - Needs location constraint us-north-1.
-    - "ap-southeast-1"
-        - Southeast Asia Region 1.
-        - Needs location constraint ap-southeast-1.
-    - "ap-northeast-1"
-        - Northeast Asia Region 1.
-        - Needs location constraint ap-northeast-1.
-
-#### --s3-region
+    - ""
+        - None
+    - "AES256"
+        - AES256
+    - "aws:kms"
+        - aws:kms
 
-Region where your bucket will be created and your data stored.
+#### --s3-sse-kms-key-id
 
+If using KMS ID you must provide the ARN of Key.
 
 Properties:
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    IONOS
+- Config:      sse_kms_key_id
+- Env Var:     RCLONE_S3_SSE_KMS_KEY_ID
+- Provider:    AWS,Ceph,Minio
 - Type:        string
 - Required:    false
 - Examples:
-    - "de"
-        - Frankfurt, Germany
-    - "eu-central-2"
-        - Berlin, Germany
-    - "eu-south-2"
-        - Logrono, Spain
-
-#### --s3-region
+    - ""
+        - None
+    - "arn:aws:kms:us-east-1:*"
+        - arn:aws:kms:*
 
-Region to connect to.
+#### --s3-storage-class
 
-Leave blank if you are using an S3 clone and you don't have a region.
+The storage class to use when storing new objects in S3.
 
 Properties:
 
-- Config:      region
-- Env Var:     RCLONE_S3_REGION
-- Provider:    !AWS,Alibaba,ChinaMobile,Cloudflare,IONOS,ArvanCloud,Liara,Qiniu,RackCorp,Scaleway,Storj,TencentCOS,HuaweiOBS,IDrive
+- Config:      storage_class
+- Env Var:     RCLONE_S3_STORAGE_CLASS
+- Provider:    AWS
 - Type:        string
 - Required:    false
 - Examples:
     - ""
-        - Use this if unsure.
-        - Will use v4 signatures and an empty region.
-    - "other-v2-signature"
-        - Use this only if v4 signatures don't work.
-        - E.g. pre Jewel/v10 CEPH.
+        - Default
+    - "STANDARD"
+        - Standard storage class
+    - "REDUCED_REDUNDANCY"
+        - Reduced redundancy storage class
+    - "STANDARD_IA"
+        - Standard Infrequent Access storage class
+    - "ONEZONE_IA"
+        - One Zone Infrequent Access storage class
+    - "GLACIER"
+        - Glacier storage class
+    - "DEEP_ARCHIVE"
+        - Glacier Deep Archive storage class
+    - "INTELLIGENT_TIERING"
+        - Intelligent-Tiering storage class
+    - "GLACIER_IR"
+        - Glacier Instant Retrieval storage class
 
-#### --s3-endpoint
+### Advanced options
 
-Endpoint for S3 API.
+Here are the Advanced options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others).
 
-Leave blank if using AWS to use the default endpoint for the region.
+#### --s3-bucket-acl
 
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    AWS
-- Type:        string
-- Required:    false
-
-#### --s3-endpoint
-
-Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    ChinaMobile
-- Type:        string
-- Required:    false
-- Examples:
-    - "eos-wuxi-1.cmecloud.cn"
-        - The default endpoint - a good choice if you are unsure.
-        - East China (Suzhou)
-    - "eos-jinan-1.cmecloud.cn"
-        - East China (Jinan)
-    - "eos-ningbo-1.cmecloud.cn"
-        - East China (Hangzhou)
-    - "eos-shanghai-1.cmecloud.cn"
-        - East China (Shanghai-1)
-    - "eos-zhengzhou-1.cmecloud.cn"
-        - Central China (Zhengzhou)
-    - "eos-hunan-1.cmecloud.cn"
-        - Central China (Changsha-1)
-    - "eos-zhuzhou-1.cmecloud.cn"
-        - Central China (Changsha-2)
-    - "eos-guangzhou-1.cmecloud.cn"
-        - South China (Guangzhou-2)
-    - "eos-dongguan-1.cmecloud.cn"
-        - South China (Guangzhou-3)
-    - "eos-beijing-1.cmecloud.cn"
-        - North China (Beijing-1)
-    - "eos-beijing-2.cmecloud.cn"
-        - North China (Beijing-2)
-    - "eos-beijing-4.cmecloud.cn"
-        - North China (Beijing-3)
-    - "eos-huhehaote-1.cmecloud.cn"
-        - North China (Huhehaote)
-    - "eos-chengdu-1.cmecloud.cn"
-        - Southwest China (Chengdu)
-    - "eos-chongqing-1.cmecloud.cn"
-        - Southwest China (Chongqing)
-    - "eos-guiyang-1.cmecloud.cn"
-        - Southwest China (Guiyang)
-    - "eos-xian-1.cmecloud.cn"
-        - Nouthwest China (Xian)
-    - "eos-yunnan.cmecloud.cn"
-        - Yunnan China (Kunming)
-    - "eos-yunnan-2.cmecloud.cn"
-        - Yunnan China (Kunming-2)
-    - "eos-tianjin-1.cmecloud.cn"
-        - Tianjin China (Tianjin)
-    - "eos-jilin-1.cmecloud.cn"
-        - Jilin China (Changchun)
-    - "eos-hubei-1.cmecloud.cn"
-        - Hubei China (Xiangyan)
-    - "eos-jiangxi-1.cmecloud.cn"
-        - Jiangxi China (Nanchang)
-    - "eos-gansu-1.cmecloud.cn"
-        - Gansu China (Lanzhou)
-    - "eos-shanxi-1.cmecloud.cn"
-        - Shanxi China (Taiyuan)
-    - "eos-liaoning-1.cmecloud.cn"
-        - Liaoning China (Shenyang)
-    - "eos-hebei-1.cmecloud.cn"
-        - Hebei China (Shijiazhuang)
-    - "eos-fujian-1.cmecloud.cn"
-        - Fujian China (Xiamen)
-    - "eos-guangxi-1.cmecloud.cn"
-        - Guangxi China (Nanning)
-    - "eos-anhui-1.cmecloud.cn"
-        - Anhui China (Huainan)
-
-#### --s3-endpoint
-
-Endpoint for Arvan Cloud Object Storage (AOS) API.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    ArvanCloud
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.ir-thr-at1.arvanstorage.com"
-        - The default endpoint - a good choice if you are unsure.
-        - Tehran Iran (Asiatech)
-    - "s3.ir-tbz-sh1.arvanstorage.com"
-        - Tabriz Iran (Shahriar)
-
-#### --s3-endpoint
-
-Endpoint for IBM COS S3 API.
-
-Specify if using an IBM COS On Premise.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    IBMCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Endpoint
-    - "s3.dal.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Dallas Endpoint
-    - "s3.wdc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Washington DC Endpoint
-    - "s3.sjc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region San Jose Endpoint
-    - "s3.private.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Private Endpoint
-    - "s3.private.dal.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Dallas Private Endpoint
-    - "s3.private.wdc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region Washington DC Private Endpoint
-    - "s3.private.sjc.us.cloud-object-storage.appdomain.cloud"
-        - US Cross Region San Jose Private Endpoint
-    - "s3.us-east.cloud-object-storage.appdomain.cloud"
-        - US Region East Endpoint
-    - "s3.private.us-east.cloud-object-storage.appdomain.cloud"
-        - US Region East Private Endpoint
-    - "s3.us-south.cloud-object-storage.appdomain.cloud"
-        - US Region South Endpoint
-    - "s3.private.us-south.cloud-object-storage.appdomain.cloud"
-        - US Region South Private Endpoint
-    - "s3.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Endpoint
-    - "s3.fra.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Frankfurt Endpoint
-    - "s3.mil.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Milan Endpoint
-    - "s3.ams.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Amsterdam Endpoint
-    - "s3.private.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Private Endpoint
-    - "s3.private.fra.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Frankfurt Private Endpoint
-    - "s3.private.mil.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Milan Private Endpoint
-    - "s3.private.ams.eu.cloud-object-storage.appdomain.cloud"
-        - EU Cross Region Amsterdam Private Endpoint
-    - "s3.eu-gb.cloud-object-storage.appdomain.cloud"
-        - Great Britain Endpoint
-    - "s3.private.eu-gb.cloud-object-storage.appdomain.cloud"
-        - Great Britain Private Endpoint
-    - "s3.eu-de.cloud-object-storage.appdomain.cloud"
-        - EU Region DE Endpoint
-    - "s3.private.eu-de.cloud-object-storage.appdomain.cloud"
-        - EU Region DE Private Endpoint
-    - "s3.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Endpoint
-    - "s3.tok.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Tokyo Endpoint
-    - "s3.hkg.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional HongKong Endpoint
-    - "s3.seo.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Seoul Endpoint
-    - "s3.private.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Private Endpoint
-    - "s3.private.tok.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Tokyo Private Endpoint
-    - "s3.private.hkg.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional HongKong Private Endpoint
-    - "s3.private.seo.ap.cloud-object-storage.appdomain.cloud"
-        - APAC Cross Regional Seoul Private Endpoint
-    - "s3.jp-tok.cloud-object-storage.appdomain.cloud"
-        - APAC Region Japan Endpoint
-    - "s3.private.jp-tok.cloud-object-storage.appdomain.cloud"
-        - APAC Region Japan Private Endpoint
-    - "s3.au-syd.cloud-object-storage.appdomain.cloud"
-        - APAC Region Australia Endpoint
-    - "s3.private.au-syd.cloud-object-storage.appdomain.cloud"
-        - APAC Region Australia Private Endpoint
-    - "s3.ams03.cloud-object-storage.appdomain.cloud"
-        - Amsterdam Single Site Endpoint
-    - "s3.private.ams03.cloud-object-storage.appdomain.cloud"
-        - Amsterdam Single Site Private Endpoint
-    - "s3.che01.cloud-object-storage.appdomain.cloud"
-        - Chennai Single Site Endpoint
-    - "s3.private.che01.cloud-object-storage.appdomain.cloud"
-        - Chennai Single Site Private Endpoint
-    - "s3.mel01.cloud-object-storage.appdomain.cloud"
-        - Melbourne Single Site Endpoint
-    - "s3.private.mel01.cloud-object-storage.appdomain.cloud"
-        - Melbourne Single Site Private Endpoint
-    - "s3.osl01.cloud-object-storage.appdomain.cloud"
-        - Oslo Single Site Endpoint
-    - "s3.private.osl01.cloud-object-storage.appdomain.cloud"
-        - Oslo Single Site Private Endpoint
-    - "s3.tor01.cloud-object-storage.appdomain.cloud"
-        - Toronto Single Site Endpoint
-    - "s3.private.tor01.cloud-object-storage.appdomain.cloud"
-        - Toronto Single Site Private Endpoint
-    - "s3.seo01.cloud-object-storage.appdomain.cloud"
-        - Seoul Single Site Endpoint
-    - "s3.private.seo01.cloud-object-storage.appdomain.cloud"
-        - Seoul Single Site Private Endpoint
-    - "s3.mon01.cloud-object-storage.appdomain.cloud"
-        - Montreal Single Site Endpoint
-    - "s3.private.mon01.cloud-object-storage.appdomain.cloud"
-        - Montreal Single Site Private Endpoint
-    - "s3.mex01.cloud-object-storage.appdomain.cloud"
-        - Mexico Single Site Endpoint
-    - "s3.private.mex01.cloud-object-storage.appdomain.cloud"
-        - Mexico Single Site Private Endpoint
-    - "s3.sjc04.cloud-object-storage.appdomain.cloud"
-        - San Jose Single Site Endpoint
-    - "s3.private.sjc04.cloud-object-storage.appdomain.cloud"
-        - San Jose Single Site Private Endpoint
-    - "s3.mil01.cloud-object-storage.appdomain.cloud"
-        - Milan Single Site Endpoint
-    - "s3.private.mil01.cloud-object-storage.appdomain.cloud"
-        - Milan Single Site Private Endpoint
-    - "s3.hkg02.cloud-object-storage.appdomain.cloud"
-        - Hong Kong Single Site Endpoint
-    - "s3.private.hkg02.cloud-object-storage.appdomain.cloud"
-        - Hong Kong Single Site Private Endpoint
-    - "s3.par01.cloud-object-storage.appdomain.cloud"
-        - Paris Single Site Endpoint
-    - "s3.private.par01.cloud-object-storage.appdomain.cloud"
-        - Paris Single Site Private Endpoint
-    - "s3.sng01.cloud-object-storage.appdomain.cloud"
-        - Singapore Single Site Endpoint
-    - "s3.private.sng01.cloud-object-storage.appdomain.cloud"
-        - Singapore Single Site Private Endpoint
-
-#### --s3-endpoint
-
-Endpoint for IONOS S3 Object Storage.
-
-Specify the endpoint from the same region.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    IONOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3-eu-central-1.ionoscloud.com"
-        - Frankfurt, Germany
-    - "s3-eu-central-2.ionoscloud.com"
-        - Berlin, Germany
-    - "s3-eu-south-2.ionoscloud.com"
-        - Logrono, Spain
-
-#### --s3-endpoint
-
-Endpoint for Liara Object Storage API.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Liara
-- Type:        string
-- Required:    false
-- Examples:
-    - "storage.iran.liara.space"
-        - The default endpoint
-        - Iran
-
-#### --s3-endpoint
-
-Endpoint for OSS API.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Alibaba
-- Type:        string
-- Required:    false
-- Examples:
-    - "oss-accelerate.aliyuncs.com"
-        - Global Accelerate
-    - "oss-accelerate-overseas.aliyuncs.com"
-        - Global Accelerate (outside mainland China)
-    - "oss-cn-hangzhou.aliyuncs.com"
-        - East China 1 (Hangzhou)
-    - "oss-cn-shanghai.aliyuncs.com"
-        - East China 2 (Shanghai)
-    - "oss-cn-qingdao.aliyuncs.com"
-        - North China 1 (Qingdao)
-    - "oss-cn-beijing.aliyuncs.com"
-        - North China 2 (Beijing)
-    - "oss-cn-zhangjiakou.aliyuncs.com"
-        - North China 3 (Zhangjiakou)
-    - "oss-cn-huhehaote.aliyuncs.com"
-        - North China 5 (Hohhot)
-    - "oss-cn-wulanchabu.aliyuncs.com"
-        - North China 6 (Ulanqab)
-    - "oss-cn-shenzhen.aliyuncs.com"
-        - South China 1 (Shenzhen)
-    - "oss-cn-heyuan.aliyuncs.com"
-        - South China 2 (Heyuan)
-    - "oss-cn-guangzhou.aliyuncs.com"
-        - South China 3 (Guangzhou)
-    - "oss-cn-chengdu.aliyuncs.com"
-        - West China 1 (Chengdu)
-    - "oss-cn-hongkong.aliyuncs.com"
-        - Hong Kong (Hong Kong)
-    - "oss-us-west-1.aliyuncs.com"
-        - US West 1 (Silicon Valley)
-    - "oss-us-east-1.aliyuncs.com"
-        - US East 1 (Virginia)
-    - "oss-ap-southeast-1.aliyuncs.com"
-        - Southeast Asia Southeast 1 (Singapore)
-    - "oss-ap-southeast-2.aliyuncs.com"
-        - Asia Pacific Southeast 2 (Sydney)
-    - "oss-ap-southeast-3.aliyuncs.com"
-        - Southeast Asia Southeast 3 (Kuala Lumpur)
-    - "oss-ap-southeast-5.aliyuncs.com"
-        - Asia Pacific Southeast 5 (Jakarta)
-    - "oss-ap-northeast-1.aliyuncs.com"
-        - Asia Pacific Northeast 1 (Japan)
-    - "oss-ap-south-1.aliyuncs.com"
-        - Asia Pacific South 1 (Mumbai)
-    - "oss-eu-central-1.aliyuncs.com"
-        - Central Europe 1 (Frankfurt)
-    - "oss-eu-west-1.aliyuncs.com"
-        - West Europe (London)
-    - "oss-me-east-1.aliyuncs.com"
-        - Middle East 1 (Dubai)
-
-#### --s3-endpoint
-
-Endpoint for OBS API.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    HuaweiOBS
-- Type:        string
-- Required:    false
-- Examples:
-    - "obs.af-south-1.myhuaweicloud.com"
-        - AF-Johannesburg
-    - "obs.ap-southeast-2.myhuaweicloud.com"
-        - AP-Bangkok
-    - "obs.ap-southeast-3.myhuaweicloud.com"
-        - AP-Singapore
-    - "obs.cn-east-3.myhuaweicloud.com"
-        - CN East-Shanghai1
-    - "obs.cn-east-2.myhuaweicloud.com"
-        - CN East-Shanghai2
-    - "obs.cn-north-1.myhuaweicloud.com"
-        - CN North-Beijing1
-    - "obs.cn-north-4.myhuaweicloud.com"
-        - CN North-Beijing4
-    - "obs.cn-south-1.myhuaweicloud.com"
-        - CN South-Guangzhou
-    - "obs.ap-southeast-1.myhuaweicloud.com"
-        - CN-Hong Kong
-    - "obs.sa-argentina-1.myhuaweicloud.com"
-        - LA-Buenos Aires1
-    - "obs.sa-peru-1.myhuaweicloud.com"
-        - LA-Lima1
-    - "obs.na-mexico-1.myhuaweicloud.com"
-        - LA-Mexico City1
-    - "obs.sa-chile-1.myhuaweicloud.com"
-        - LA-Santiago2
-    - "obs.sa-brazil-1.myhuaweicloud.com"
-        - LA-Sao Paulo1
-    - "obs.ru-northwest-2.myhuaweicloud.com"
-        - RU-Moscow2
-
-#### --s3-endpoint
-
-Endpoint for Scaleway Object Storage.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Scaleway
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.nl-ams.scw.cloud"
-        - Amsterdam Endpoint
-    - "s3.fr-par.scw.cloud"
-        - Paris Endpoint
-    - "s3.pl-waw.scw.cloud"
-        - Warsaw Endpoint
-
-#### --s3-endpoint
-
-Endpoint for StackPath Object Storage.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    StackPath
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.us-east-2.stackpathstorage.com"
-        - US East Endpoint
-    - "s3.us-west-1.stackpathstorage.com"
-        - US West Endpoint
-    - "s3.eu-central-1.stackpathstorage.com"
-        - EU Endpoint
-
-#### --s3-endpoint
-
-Endpoint for Storj Gateway.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Storj
-- Type:        string
-- Required:    false
-- Examples:
-    - "gateway.storjshare.io"
-        - Global Hosted Gateway
-
-#### --s3-endpoint
-
-Endpoint for Tencent COS API.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    TencentCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "cos.ap-beijing.myqcloud.com"
-        - Beijing Region
-    - "cos.ap-nanjing.myqcloud.com"
-        - Nanjing Region
-    - "cos.ap-shanghai.myqcloud.com"
-        - Shanghai Region
-    - "cos.ap-guangzhou.myqcloud.com"
-        - Guangzhou Region
-    - "cos.ap-nanjing.myqcloud.com"
-        - Nanjing Region
-    - "cos.ap-chengdu.myqcloud.com"
-        - Chengdu Region
-    - "cos.ap-chongqing.myqcloud.com"
-        - Chongqing Region
-    - "cos.ap-hongkong.myqcloud.com"
-        - Hong Kong (China) Region
-    - "cos.ap-singapore.myqcloud.com"
-        - Singapore Region
-    - "cos.ap-mumbai.myqcloud.com"
-        - Mumbai Region
-    - "cos.ap-seoul.myqcloud.com"
-        - Seoul Region
-    - "cos.ap-bangkok.myqcloud.com"
-        - Bangkok Region
-    - "cos.ap-tokyo.myqcloud.com"
-        - Tokyo Region
-    - "cos.na-siliconvalley.myqcloud.com"
-        - Silicon Valley Region
-    - "cos.na-ashburn.myqcloud.com"
-        - Virginia Region
-    - "cos.na-toronto.myqcloud.com"
-        - Toronto Region
-    - "cos.eu-frankfurt.myqcloud.com"
-        - Frankfurt Region
-    - "cos.eu-moscow.myqcloud.com"
-        - Moscow Region
-    - "cos.accelerate.myqcloud.com"
-        - Use Tencent COS Accelerate Endpoint
-
-#### --s3-endpoint
-
-Endpoint for RackCorp Object Storage.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    RackCorp
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3.rackcorp.com"
-        - Global (AnyCast) Endpoint
-    - "au.s3.rackcorp.com"
-        - Australia (Anycast) Endpoint
-    - "au-nsw.s3.rackcorp.com"
-        - Sydney (Australia) Endpoint
-    - "au-qld.s3.rackcorp.com"
-        - Brisbane (Australia) Endpoint
-    - "au-vic.s3.rackcorp.com"
-        - Melbourne (Australia) Endpoint
-    - "au-wa.s3.rackcorp.com"
-        - Perth (Australia) Endpoint
-    - "ph.s3.rackcorp.com"
-        - Manila (Philippines) Endpoint
-    - "th.s3.rackcorp.com"
-        - Bangkok (Thailand) Endpoint
-    - "hk.s3.rackcorp.com"
-        - HK (Hong Kong) Endpoint
-    - "mn.s3.rackcorp.com"
-        - Ulaanbaatar (Mongolia) Endpoint
-    - "kg.s3.rackcorp.com"
-        - Bishkek (Kyrgyzstan) Endpoint
-    - "id.s3.rackcorp.com"
-        - Jakarta (Indonesia) Endpoint
-    - "jp.s3.rackcorp.com"
-        - Tokyo (Japan) Endpoint
-    - "sg.s3.rackcorp.com"
-        - SG (Singapore) Endpoint
-    - "de.s3.rackcorp.com"
-        - Frankfurt (Germany) Endpoint
-    - "us.s3.rackcorp.com"
-        - USA (AnyCast) Endpoint
-    - "us-east-1.s3.rackcorp.com"
-        - New York (USA) Endpoint
-    - "us-west-1.s3.rackcorp.com"
-        - Freemont (USA) Endpoint
-    - "nz.s3.rackcorp.com"
-        - Auckland (New Zealand) Endpoint
-
-#### --s3-endpoint
-
-Endpoint for Qiniu Object Storage.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "s3-cn-east-1.qiniucs.com"
-        - East China Endpoint 1
-    - "s3-cn-east-2.qiniucs.com"
-        - East China Endpoint 2
-    - "s3-cn-north-1.qiniucs.com"
-        - North China Endpoint 1
-    - "s3-cn-south-1.qiniucs.com"
-        - South China Endpoint 1
-    - "s3-us-north-1.qiniucs.com"
-        - North America Endpoint 1
-    - "s3-ap-southeast-1.qiniucs.com"
-        - Southeast Asia Endpoint 1
-    - "s3-ap-northeast-1.qiniucs.com"
-        - Northeast Asia Endpoint 1
-
-#### --s3-endpoint
-
-Endpoint for S3 API.
-
-Required when using an S3 clone.
-
-Properties:
-
-- Config:      endpoint
-- Env Var:     RCLONE_S3_ENDPOINT
-- Provider:    !AWS,IBMCOS,IDrive,IONOS,TencentCOS,HuaweiOBS,Alibaba,ChinaMobile,Liara,ArvanCloud,Scaleway,StackPath,Storj,RackCorp,Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "objects-us-east-1.dream.io"
-        - Dream Objects endpoint
-    - "syd1.digitaloceanspaces.com"
-        - DigitalOcean Spaces Sydney 1
-    - "sfo3.digitaloceanspaces.com"
-        - DigitalOcean Spaces San Francisco 3
-    - "fra1.digitaloceanspaces.com"
-        - DigitalOcean Spaces Frankfurt 1
-    - "nyc3.digitaloceanspaces.com"
-        - DigitalOcean Spaces New York 3
-    - "ams3.digitaloceanspaces.com"
-        - DigitalOcean Spaces Amsterdam 3
-    - "sgp1.digitaloceanspaces.com"
-        - DigitalOcean Spaces Singapore 1
-    - "localhost:8333"
-        - SeaweedFS S3 localhost
-    - "s3.us-east-1.lyvecloud.seagate.com"
-        - Seagate Lyve Cloud US East 1 (Virginia)
-    - "s3.us-west-1.lyvecloud.seagate.com"
-        - Seagate Lyve Cloud US West 1 (California)
-    - "s3.ap-southeast-1.lyvecloud.seagate.com"
-        - Seagate Lyve Cloud AP Southeast 1 (Singapore)
-    - "s3.wasabisys.com"
-        - Wasabi US East 1 (N. Virginia)
-    - "s3.us-east-2.wasabisys.com"
-        - Wasabi US East 2 (N. Virginia)
-    - "s3.us-central-1.wasabisys.com"
-        - Wasabi US Central 1 (Texas)
-    - "s3.us-west-1.wasabisys.com"
-        - Wasabi US West 1 (Oregon)
-    - "s3.ca-central-1.wasabisys.com"
-        - Wasabi CA Central 1 (Toronto)
-    - "s3.eu-central-1.wasabisys.com"
-        - Wasabi EU Central 1 (Amsterdam)
-    - "s3.eu-central-2.wasabisys.com"
-        - Wasabi EU Central 2 (Frankfurt)
-    - "s3.eu-west-1.wasabisys.com"
-        - Wasabi EU West 1 (London)
-    - "s3.eu-west-2.wasabisys.com"
-        - Wasabi EU West 2 (Paris)
-    - "s3.ap-northeast-1.wasabisys.com"
-        - Wasabi AP Northeast 1 (Tokyo) endpoint
-    - "s3.ap-northeast-2.wasabisys.com"
-        - Wasabi AP Northeast 2 (Osaka) endpoint
-    - "s3.ap-southeast-1.wasabisys.com"
-        - Wasabi AP Southeast 1 (Singapore)
-    - "s3.ap-southeast-2.wasabisys.com"
-        - Wasabi AP Southeast 2 (Sydney)
-    - "storage.iran.liara.space"
-        - Liara Iran endpoint
-    - "s3.ir-thr-at1.arvanstorage.com"
-        - ArvanCloud Tehran Iran (Asiatech) endpoint
-
-#### --s3-location-constraint
-
-Location constraint - must be set to match the Region.
-
-Used when creating buckets only.
-
-Properties:
-
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    AWS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Empty for US Region, Northern Virginia, or Pacific Northwest
-    - "us-east-2"
-        - US East (Ohio) Region
-    - "us-west-1"
-        - US West (Northern California) Region
-    - "us-west-2"
-        - US West (Oregon) Region
-    - "ca-central-1"
-        - Canada (Central) Region
-    - "eu-west-1"
-        - EU (Ireland) Region
-    - "eu-west-2"
-        - EU (London) Region
-    - "eu-west-3"
-        - EU (Paris) Region
-    - "eu-north-1"
-        - EU (Stockholm) Region
-    - "eu-south-1"
-        - EU (Milan) Region
-    - "EU"
-        - EU Region
-    - "ap-southeast-1"
-        - Asia Pacific (Singapore) Region
-    - "ap-southeast-2"
-        - Asia Pacific (Sydney) Region
-    - "ap-northeast-1"
-        - Asia Pacific (Tokyo) Region
-    - "ap-northeast-2"
-        - Asia Pacific (Seoul) Region
-    - "ap-northeast-3"
-        - Asia Pacific (Osaka-Local) Region
-    - "ap-south-1"
-        - Asia Pacific (Mumbai) Region
-    - "ap-east-1"
-        - Asia Pacific (Hong Kong) Region
-    - "sa-east-1"
-        - South America (Sao Paulo) Region
-    - "me-south-1"
-        - Middle East (Bahrain) Region
-    - "af-south-1"
-        - Africa (Cape Town) Region
-    - "cn-north-1"
-        - China (Beijing) Region
-    - "cn-northwest-1"
-        - China (Ningxia) Region
-    - "us-gov-east-1"
-        - AWS GovCloud (US-East) Region
-    - "us-gov-west-1"
-        - AWS GovCloud (US) Region
-
-#### --s3-location-constraint
-
-Location constraint - must match endpoint.
-
-Used when creating buckets only.
-
-Properties:
-
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    ChinaMobile
-- Type:        string
-- Required:    false
-- Examples:
-    - "wuxi1"
-        - East China (Suzhou)
-    - "jinan1"
-        - East China (Jinan)
-    - "ningbo1"
-        - East China (Hangzhou)
-    - "shanghai1"
-        - East China (Shanghai-1)
-    - "zhengzhou1"
-        - Central China (Zhengzhou)
-    - "hunan1"
-        - Central China (Changsha-1)
-    - "zhuzhou1"
-        - Central China (Changsha-2)
-    - "guangzhou1"
-        - South China (Guangzhou-2)
-    - "dongguan1"
-        - South China (Guangzhou-3)
-    - "beijing1"
-        - North China (Beijing-1)
-    - "beijing2"
-        - North China (Beijing-2)
-    - "beijing4"
-        - North China (Beijing-3)
-    - "huhehaote1"
-        - North China (Huhehaote)
-    - "chengdu1"
-        - Southwest China (Chengdu)
-    - "chongqing1"
-        - Southwest China (Chongqing)
-    - "guiyang1"
-        - Southwest China (Guiyang)
-    - "xian1"
-        - Nouthwest China (Xian)
-    - "yunnan"
-        - Yunnan China (Kunming)
-    - "yunnan2"
-        - Yunnan China (Kunming-2)
-    - "tianjin1"
-        - Tianjin China (Tianjin)
-    - "jilin1"
-        - Jilin China (Changchun)
-    - "hubei1"
-        - Hubei China (Xiangyan)
-    - "jiangxi1"
-        - Jiangxi China (Nanchang)
-    - "gansu1"
-        - Gansu China (Lanzhou)
-    - "shanxi1"
-        - Shanxi China (Taiyuan)
-    - "liaoning1"
-        - Liaoning China (Shenyang)
-    - "hebei1"
-        - Hebei China (Shijiazhuang)
-    - "fujian1"
-        - Fujian China (Xiamen)
-    - "guangxi1"
-        - Guangxi China (Nanning)
-    - "anhui1"
-        - Anhui China (Huainan)
-
-#### --s3-location-constraint
-
-Location constraint - must match endpoint.
-
-Used when creating buckets only.
-
-Properties:
-
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    ArvanCloud
-- Type:        string
-- Required:    false
-- Examples:
-    - "ir-thr-at1"
-        - Tehran Iran (Asiatech)
-    - "ir-tbz-sh1"
-        - Tabriz Iran (Shahriar)
-
-#### --s3-location-constraint
-
-Location constraint - must match endpoint when using IBM Cloud Public.
-
-For on-prem COS, do not make a selection from this list, hit enter.
-
-Properties:
-
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    IBMCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - "us-standard"
-        - US Cross Region Standard
-    - "us-vault"
-        - US Cross Region Vault
-    - "us-cold"
-        - US Cross Region Cold
-    - "us-flex"
-        - US Cross Region Flex
-    - "us-east-standard"
-        - US East Region Standard
-    - "us-east-vault"
-        - US East Region Vault
-    - "us-east-cold"
-        - US East Region Cold
-    - "us-east-flex"
-        - US East Region Flex
-    - "us-south-standard"
-        - US South Region Standard
-    - "us-south-vault"
-        - US South Region Vault
-    - "us-south-cold"
-        - US South Region Cold
-    - "us-south-flex"
-        - US South Region Flex
-    - "eu-standard"
-        - EU Cross Region Standard
-    - "eu-vault"
-        - EU Cross Region Vault
-    - "eu-cold"
-        - EU Cross Region Cold
-    - "eu-flex"
-        - EU Cross Region Flex
-    - "eu-gb-standard"
-        - Great Britain Standard
-    - "eu-gb-vault"
-        - Great Britain Vault
-    - "eu-gb-cold"
-        - Great Britain Cold
-    - "eu-gb-flex"
-        - Great Britain Flex
-    - "ap-standard"
-        - APAC Standard
-    - "ap-vault"
-        - APAC Vault
-    - "ap-cold"
-        - APAC Cold
-    - "ap-flex"
-        - APAC Flex
-    - "mel01-standard"
-        - Melbourne Standard
-    - "mel01-vault"
-        - Melbourne Vault
-    - "mel01-cold"
-        - Melbourne Cold
-    - "mel01-flex"
-        - Melbourne Flex
-    - "tor01-standard"
-        - Toronto Standard
-    - "tor01-vault"
-        - Toronto Vault
-    - "tor01-cold"
-        - Toronto Cold
-    - "tor01-flex"
-        - Toronto Flex
-
-#### --s3-location-constraint
-
-Location constraint - the location where your bucket will be located and your data stored.
-
-
-Properties:
-
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    RackCorp
-- Type:        string
-- Required:    false
-- Examples:
-    - "global"
-        - Global CDN Region
-    - "au"
-        - Australia (All locations)
-    - "au-nsw"
-        - NSW (Australia) Region
-    - "au-qld"
-        - QLD (Australia) Region
-    - "au-vic"
-        - VIC (Australia) Region
-    - "au-wa"
-        - Perth (Australia) Region
-    - "ph"
-        - Manila (Philippines) Region
-    - "th"
-        - Bangkok (Thailand) Region
-    - "hk"
-        - HK (Hong Kong) Region
-    - "mn"
-        - Ulaanbaatar (Mongolia) Region
-    - "kg"
-        - Bishkek (Kyrgyzstan) Region
-    - "id"
-        - Jakarta (Indonesia) Region
-    - "jp"
-        - Tokyo (Japan) Region
-    - "sg"
-        - SG (Singapore) Region
-    - "de"
-        - Frankfurt (Germany) Region
-    - "us"
-        - USA (AnyCast) Region
-    - "us-east-1"
-        - New York (USA) Region
-    - "us-west-1"
-        - Freemont (USA) Region
-    - "nz"
-        - Auckland (New Zealand) Region
-
-#### --s3-location-constraint
-
-Location constraint - must be set to match the Region.
-
-Used when creating buckets only.
-
-Properties:
-
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "cn-east-1"
-        - East China Region 1
-    - "cn-east-2"
-        - East China Region 2
-    - "cn-north-1"
-        - North China Region 1
-    - "cn-south-1"
-        - South China Region 1
-    - "us-north-1"
-        - North America Region 1
-    - "ap-southeast-1"
-        - Southeast Asia Region 1
-    - "ap-northeast-1"
-        - Northeast Asia Region 1
-
-#### --s3-location-constraint
-
-Location constraint - must be set to match the Region.
-
-Leave blank if not sure. Used when creating buckets only.
-
-Properties:
-
-- Config:      location_constraint
-- Env Var:     RCLONE_S3_LOCATION_CONSTRAINT
-- Provider:    !AWS,Alibaba,HuaweiOBS,ChinaMobile,Cloudflare,IBMCOS,IDrive,IONOS,Liara,ArvanCloud,Qiniu,RackCorp,Scaleway,StackPath,Storj,TencentCOS
-- Type:        string
-- Required:    false
-
-#### --s3-acl
-
-Canned ACL used when creating buckets and storing or copying objects.
-
-This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
-
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-
-Note that this ACL is applied when server-side copying objects as S3
-doesn't copy the ACL from the source but rather writes a fresh one.
-
-If the acl is an empty string then no X-Amz-Acl: header is added and
-the default (private) will be used.
-
-
-Properties:
-
-- Config:      acl
-- Env Var:     RCLONE_S3_ACL
-- Provider:    !Storj,Cloudflare
-- Type:        string
-- Required:    false
-- Examples:
-    - "default"
-        - Owner gets Full_CONTROL.
-        - No one else has access rights (default).
-    - "private"
-        - Owner gets FULL_CONTROL.
-        - No one else has access rights (default).
-    - "public-read"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ access.
-    - "public-read-write"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ and WRITE access.
-        - Granting this on a bucket is generally not recommended.
-    - "authenticated-read"
-        - Owner gets FULL_CONTROL.
-        - The AuthenticatedUsers group gets READ access.
-    - "bucket-owner-read"
-        - Object owner gets FULL_CONTROL.
-        - Bucket owner gets READ access.
-        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-    - "bucket-owner-full-control"
-        - Both the object owner and the bucket owner get FULL_CONTROL over the object.
-        - If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-    - "private"
-        - Owner gets FULL_CONTROL.
-        - No one else has access rights (default).
-        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS.
-    - "public-read"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ access.
-        - This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS.
-    - "public-read-write"
-        - Owner gets FULL_CONTROL.
-        - The AllUsers group gets READ and WRITE access.
-        - This acl is available on IBM Cloud (Infra), On-Premise IBM COS.
-    - "authenticated-read"
-        - Owner gets FULL_CONTROL.
-        - The AuthenticatedUsers group gets READ access.
-        - Not supported on Buckets.
-        - This acl is available on IBM Cloud (Infra) and On-Premise IBM COS.
-
-#### --s3-server-side-encryption
-
-The server-side encryption algorithm used when storing this object in S3.
-
-Properties:
-
-- Config:      server_side_encryption
-- Env Var:     RCLONE_S3_SERVER_SIDE_ENCRYPTION
-- Provider:    AWS,Ceph,ChinaMobile,Minio
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - None
-    - "AES256"
-        - AES256
-    - "aws:kms"
-        - aws:kms
-
-#### --s3-sse-kms-key-id
-
-If using KMS ID you must provide the ARN of Key.
-
-Properties:
-
-- Config:      sse_kms_key_id
-- Env Var:     RCLONE_S3_SSE_KMS_KEY_ID
-- Provider:    AWS,Ceph,Minio
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - None
-    - "arn:aws:kms:us-east-1:*"
-        - arn:aws:kms:*
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in S3.
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    AWS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "REDUCED_REDUNDANCY"
-        - Reduced redundancy storage class
-    - "STANDARD_IA"
-        - Standard Infrequent Access storage class
-    - "ONEZONE_IA"
-        - One Zone Infrequent Access storage class
-    - "GLACIER"
-        - Glacier storage class
-    - "DEEP_ARCHIVE"
-        - Glacier Deep Archive storage class
-    - "INTELLIGENT_TIERING"
-        - Intelligent-Tiering storage class
-    - "GLACIER_IR"
-        - Glacier Instant Retrieval storage class
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in OSS.
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Alibaba
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "GLACIER"
-        - Archive storage mode
-    - "STANDARD_IA"
-        - Infrequent access storage mode
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in ChinaMobile.
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    ChinaMobile
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "GLACIER"
-        - Archive storage mode
-    - "STANDARD_IA"
-        - Infrequent access storage mode
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in Liara
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Liara
-- Type:        string
-- Required:    false
-- Examples:
-    - "STANDARD"
-        - Standard storage class
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in ArvanCloud.
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    ArvanCloud
-- Type:        string
-- Required:    false
-- Examples:
-    - "STANDARD"
-        - Standard storage class
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in Tencent COS.
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    TencentCOS
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default
-    - "STANDARD"
-        - Standard storage class
-    - "ARCHIVE"
-        - Archive storage mode
-    - "STANDARD_IA"
-        - Infrequent access storage mode
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in S3.
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Scaleway
-- Type:        string
-- Required:    false
-- Examples:
-    - ""
-        - Default.
-    - "STANDARD"
-        - The Standard class for any upload.
-        - Suitable for on-demand content like streaming or CDN.
-    - "GLACIER"
-        - Archived storage.
-        - Prices are lower, but it needs to be restored first to be accessed.
-
-#### --s3-storage-class
-
-The storage class to use when storing new objects in Qiniu.
-
-Properties:
-
-- Config:      storage_class
-- Env Var:     RCLONE_S3_STORAGE_CLASS
-- Provider:    Qiniu
-- Type:        string
-- Required:    false
-- Examples:
-    - "STANDARD"
-        - Standard storage class
-    - "LINE"
-        - Infrequent access storage mode
-    - "GLACIER"
-        - Archive storage mode
-    - "DEEP_ARCHIVE"
-        - Deep archive storage mode
-
-### Advanced options
-
-Here are the Advanced options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
-
-#### --s3-bucket-acl
-
-Canned ACL used when creating buckets.
+Canned ACL used when creating buckets.
 
 For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
 
@@ -2777,15 +1583,12 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_S3_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8,Dot
 
 #### --s3-memory-pool-flush-time
 
-How often internal memory buffer pools will be flushed.
-
-Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations.
-This option controls how often unused buffers will be removed from the pool.
+How often internal memory buffer pools will be flushed. (no longer used)
 
 Properties:
 
@@ -2796,7 +1599,7 @@ Properties:
 
 #### --s3-memory-pool-use-mmap
 
-Whether to use mmap buffers in internal memory pool.
+Whether to use mmap buffers in internal memory pool. (no longer used)
 
 Properties:
 
@@ -2837,6 +1640,21 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --s3-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with "/", to persist the folder.
+
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_S3_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
 #### --s3-use-multipart-etag
 
 Whether to use ETag in multipart uploads for verification
@@ -2947,8 +1765,32 @@ rclone's choice here.
 
 Properties:
 
-- Config:      might_gzip
-- Env Var:     RCLONE_S3_MIGHT_GZIP
+- Config:      might_gzip
+- Env Var:     RCLONE_S3_MIGHT_GZIP
+- Type:        Tristate
+- Default:     unset
+
+#### --s3-use-accept-encoding-gzip
+
+Whether to send `Accept-Encoding: gzip` header.
+
+By default, rclone will append `Accept-Encoding: gzip` to the request to download
+compressed objects whenever possible.
+
+However some providers such as Google Cloud Storage may alter the HTTP headers, breaking
+the signature of the request.
+
+A symptom of this would be receiving errors like
+
+	SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.
+
+In this case, you might want to try disabling this option.
+
+
+Properties:
+
+- Config:      use_accept_encoding_gzip
+- Env Var:     RCLONE_S3_USE_ACCEPT_ENCODING_GZIP
 - Type:        Tristate
 - Default:     unset
 
@@ -2977,6 +1819,57 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --s3-use-already-exists
+
+Set if rclone should report BucketAlreadyExists errors on bucket creation.
+
+At some point during the evolution of the s3 protocol, AWS started
+returning an `AlreadyOwnedByYou` error when attempting to create a
+bucket that the user already owned, rather than a
+`BucketAlreadyExists` error.
+
+Unfortunately exactly what has been implemented by s3 clones is a
+little inconsistent, some return `AlreadyOwnedByYou`, some return
+`BucketAlreadyExists` and some return no error at all.
+
+This is important to rclone because it ensures the bucket exists by
+creating it on quite a lot of operations (unless
+`--s3-no-check-bucket` is used).
+
+If rclone knows the provider can return `AlreadyOwnedByYou` or returns
+no error then it can report `BucketAlreadyExists` errors when the user
+attempts to create a bucket not owned by them. Otherwise rclone
+ignores the `BucketAlreadyExists` error which can lead to confusion.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+
+
+Properties:
+
+- Config:      use_already_exists
+- Env Var:     RCLONE_S3_USE_ALREADY_EXISTS
+- Type:        Tristate
+- Default:     unset
+
+#### --s3-use-multipart-uploads
+
+Set if rclone should use multipart uploads.
+
+You can change this if you want to disable the use of multipart uploads.
+This shouldn't be necessary in normal operation.
+
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+
+
+Properties:
+
+- Config:      use_multipart_uploads
+- Env Var:     RCLONE_S3_USE_MULTIPART_UPLOADS
+- Type:        Tristate
+- Default:     unset
+
 ### Metadata
 
 User metadata is stored as x-amz-meta- keys. S3 metadata keys are case insensitive and are always returned in lower case.
@@ -3023,17 +1916,17 @@ to normal storage.
 
 Usage Examples:
 
-    rclone backend restore s3:bucket/path/to/object [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket/path/to/directory [-o priority=PRIORITY] [-o lifetime=DAYS]
-    rclone backend restore s3:bucket [-o priority=PRIORITY] [-o lifetime=DAYS]
+    rclone backend restore s3:bucket/path/to/object -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket/path/to/directory -o priority=PRIORITY -o lifetime=DAYS
+    rclone backend restore s3:bucket -o priority=PRIORITY -o lifetime=DAYS
 
 This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags
 
-    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+    rclone --interactive backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
 
 All the objects shown will be marked for restore, then
 
-    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard
+    rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard -o lifetime=1
 
 It returns a list of status dictionaries with Remote and Status
 keys. The Status will be OK if it was successful or an error message
@@ -3042,11 +1935,11 @@ if not.
     [
         {
             "Status": "OK",
-            "Path": "test.txt"
+            "Remote": "test.txt"
         },
         {
             "Status": "OK",
-            "Path": "test/file4.txt"
+            "Remote": "test/file4.txt"
         }
     ]
 
@@ -3058,6 +1951,51 @@ Options:
 - "lifetime": Lifetime of the active copy in days
 - "priority": Priority of restore: Standard|Expedited|Bulk
 
+### restore-status
+
+Show the restore status for objects being restored from GLACIER to normal storage
+
+    rclone backend restore-status remote: [options] [<arguments>+]
+
+This command can be used to show the status for objects being restored from GLACIER
+to normal storage.
+
+Usage Examples:
+
+    rclone backend restore-status s3:bucket/path/to/object
+    rclone backend restore-status s3:bucket/path/to/directory
+    rclone backend restore-status -o all s3:bucket/path/to/directory
+
+This command does not obey the filters.
+
+It returns a list of status dictionaries.
+
+    [
+        {
+            "Remote": "file.txt",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": true,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "GLACIER"
+        },
+        {
+            "Remote": "test.pdf",
+            "VersionID": null,
+            "RestoreStatus": {
+                "IsRestoreInProgress": false,
+                "RestoreExpiryDate": "2023-09-06T12:29:19+01:00"
+            },
+            "StorageClass": "DEEP_ARCHIVE"
+        }
+    ]
+
+
+Options:
+
+- "all": if set then show all objects, not just ones with restore status
+
 ### list-multipart-uploads
 
 List the unfinished multipart uploads
@@ -3152,6 +2090,30 @@ It may return "Enabled", "Suspended" or "Unversioned". Note that once versioning
 has been enabled the status can't be set back to "Unversioned".
 
 
+### set
+
+Set command for updating the config parameters.
+
+    rclone backend set remote: [options] [<arguments>+]
+
+This set command can be used to update the config parameters
+for a running s3 backend.
+
+Usage Examples:
+
+    rclone backend set s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=s3: -o session_token=X -o access_key_id=X -o secret_access_key=X
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the s3 backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn't return anything.
+
+
 {{< rem autogenerated options stop >}}
 
 ### Anonymous access to public buckets
@@ -3298,7 +2260,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 ...
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \ (s3)
 ...
 Storage> s3
@@ -3394,6 +2356,27 @@ server_side_encryption =
 storage_class =
 ```
 
+### Google Cloud Storage
+
+[GoogleCloudStorage](https://cloud.google.com/storage/docs) is an [S3-interoperable](https://cloud.google.com/storage/docs/interoperability) object storage service from Google Cloud Platform.
+
+To connect to Google Cloud Storage you will need an access key and secret key. These can be retrieved by creating an [HMAC key](https://cloud.google.com/storage/docs/authentication/managing-hmackeys).
+
+```
+[gs]
+type = s3
+provider = GCS
+access_key_id = your_access_key
+secret_access_key = your_secret_key
+endpoint = https://storage.googleapis.com
+```
+
+**Note** that `--s3-versions` does not work with GCS when it needs to do directory paging. Rclone will return the error:
+
+    s3 protocol error: received versions listing with IsTruncated set with no NextKeyMarker
+
+This is Google bug [#312292516](https://issuetracker.google.com/u/0/issues/312292516).
+
 ### DigitalOcean Spaces
 
 [Spaces](https://www.digitalocean.com/products/object-storage/) is an [S3-interoperable](https://developers.digitalocean.com/documentation/spaces/) object storage service from cloud provider DigitalOcean.
@@ -3467,7 +2450,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 [snip]
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \ (s3)
 [snip]
 Storage> 5
@@ -3762,7 +2745,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 [snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \ (s3)
 [snip]
 Storage> s3
@@ -3868,7 +2851,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 [snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \ (s3)
 [snip]
 Storage> s3
@@ -4114,7 +3097,7 @@ Choose a number from below, or type in your own value
    \ (alias)
  4 / Amazon Drive
    \ (amazon cloud drive)
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
    \ (s3)
 [snip]
 Storage> s3
@@ -4303,6 +3286,31 @@ endpoint = s3.rackcorp.com
 location_constraint = au-nsw
 ```
 
+### Rclone Serve S3 {#rclone}
+
+Rclone can serve any remote over the S3 protocol. For details see the
+[rclone serve s3](/commands/rclone_serve_http/) documentation.
+
+For example, to serve `remote:path` over s3, run the server like this:
+
+```
+rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+```
+
+This will be compatible with an rclone remote which is defined like this:
+
+```
+[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false
+```
+
+Note that setting `disable_multipart_uploads = true` is to work around
+[a bug](/commands/rclone_serve_http/#bugs) which will be fixed in due course.
 
 ### Scaleway
 
@@ -4994,6 +4002,129 @@ e) Edit this remote
 d) Delete this remote
 y/e/d> y
 ```
+### Leviia Cloud Object Storage {#leviia}
+
+[Leviia Object Storage](https://www.leviia.com/object-storage/), backup and secure your data in a 100% French cloud, independent of GAFAM..
+
+To configure access to Leviia, follow the steps below:
+
+1. Run `rclone config` and select `n` for a new remote.
+
+```
+rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+```
+
+2. Give the name of the configuration. For example, name it 'leviia'.
+
+```
+name> leviia
+```
+
+3. Select `s3` storage.
+
+```
+Choose a number from below, or type in your own value
+ 1 / 1Fichier
+   \ (fichier)
+ 2 / Akamai NetStorage
+   \ (netstorage)
+ 3 / Alias for an existing remote
+   \ (alias)
+ 4 / Amazon Drive
+   \ (amazon cloud drive)
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ (s3)
+[snip]
+Storage> s3
+```
+
+4. Select `Leviia` provider.
+```
+Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \ "AWS"
+[snip]
+15 / Leviia Object Storage
+   \ (Leviia)
+[snip]
+provider> Leviia
+```
+
+5. Enter your SecretId and SecretKey of Leviia.
+
+```
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+env_auth> 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+access_key_id> ZnIx.xxxxxxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+secret_access_key> xxxxxxxxxxx
+```
+
+6. Select endpoint for Leviia.
+
+```
+   / The default endpoint
+ 1 | Leviia.
+   \ (s3.leviia.com)
+[snip]
+endpoint> 1
+```
+7. Choose acl.
+
+```
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+[snip]
+acl> 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[leviia]
+- type: s3
+- provider: Leviia
+- access_key_id: ZnIx.xxxxxxx
+- secret_access_key: xxxxxxxx
+- endpoint: s3.leviia.com
+- acl: private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
+
+Name                 Type
+====                 ====
+leviia                s3
+```
 
 ### Liara {#liara-cloud}
 
@@ -5082,18 +4213,151 @@ y/e/d> y
 This will leave the config file looking like this.
 
 ```
-[Liara]
+[Liara]
+type = s3
+provider = Liara
+env_auth = false
+access_key_id = YOURACCESSKEY
+secret_access_key = YOURSECRETACCESSKEY
+region =
+endpoint = storage.iran.liara.space
+location_constraint =
+acl =
+server_side_encryption =
+storage_class =
+```
+
+### Linode {#linode}
+
+Here is an example of making a [Linode Object Storage](https://www.linode.com/products/object-storage/)
+configuration.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter name for new remote.
+name> linode
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+ X / Amazon S3 Compliant Storage Providers including AWS, ...Linode, ...and others
+   \ (s3)
+[snip]
+Storage> s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Linode Object Storage
+   \ (Linode)
+[snip]
+provider> Linode
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> ACCESS_KEY
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> SECRET_ACCESS_KEY
+
+Option endpoint.
+Endpoint for Linode Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Atlanta, GA (USA), us-southeast-1
+   \ (us-southeast-1.linodeobjects.com)
+ 2 / Chicago, IL (USA), us-ord-1
+   \ (us-ord-1.linodeobjects.com)
+ 3 / Frankfurt (Germany), eu-central-1
+   \ (eu-central-1.linodeobjects.com)
+ 4 / Milan (Italy), it-mil-1
+   \ (it-mil-1.linodeobjects.com)
+ 5 / Newark, NJ (USA), us-east-1
+   \ (us-east-1.linodeobjects.com)
+ 6 / Paris (France), fr-par-1
+   \ (fr-par-1.linodeobjects.com)
+ 7 / Seattle, WA (USA), us-sea-1
+   \ (us-sea-1.linodeobjects.com)
+ 8 / Singapore ap-south-1
+   \ (ap-south-1.linodeobjects.com)
+ 9 / Stockholm (Sweden), se-sto-1
+   \ (se-sto-1.linodeobjects.com)
+10 / Washington, DC, (USA), us-iad-1
+   \ (us-iad-1.linodeobjects.com)
+endpoint> 3
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+[snip]
+acl> 
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Linode
+- access_key_id: ACCESS_KEY
+- secret_access_key: SECRET_ACCESS_KEY
+- endpoint: eu-central-1.linodeobjects.com
+Keep this "linode" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave the config file looking like this.
+
+```
+[linode]
 type = s3
-provider = Liara
-env_auth = false
-access_key_id = YOURACCESSKEY
-secret_access_key = YOURSECRETACCESSKEY
-region =
-endpoint = storage.iran.liara.space
-location_constraint =
-acl =
-server_side_encryption =
-storage_class =
+provider = Linode
+access_key_id = ACCESS_KEY
+secret_access_key = SECRET_ACCESS_KEY
+endpoint = eu-central-1.linodeobjects.com
 ```
 
 ### ArvanCloud {#arvan-cloud}
@@ -5342,6 +4606,166 @@ For Netease NOS configure as per the configurator `rclone config`
 setting the provider `Netease`.  This will automatically set
 `force_path_style = false` which is necessary for it to run properly.
 
+### Petabox
+
+Here is an example of making a [Petabox](https://petabox.io/)
+configuration. First run:
+
+```bash
+rclone config
+```
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s> n
+
+Enter name for new remote.
+name> My Petabox Storage
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, ...
+   \ "s3"
+[snip]
+Storage> s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Petabox Object Storage
+   \ (Petabox)
+[snip]
+provider> Petabox
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \ (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \ (true)
+env_auth> 1
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> YOUR_ACCESS_KEY_ID
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> YOUR_SECRET_ACCESS_KEY
+
+Option region.
+Region where your bucket will be created and your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / US East (N. Virginia)
+   \ (us-east-1)
+ 2 / Europe (Frankfurt)
+   \ (eu-central-1)
+ 3 / Asia Pacific (Singapore)
+   \ (ap-southeast-1)
+ 4 / Middle East (Bahrain)
+   \ (me-south-1)
+ 5 / South America (São Paulo)
+   \ (sa-east-1)
+region> 1
+
+Option endpoint.
+Endpoint for Petabox S3 Object Storage.
+Specify the endpoint from the same region.
+Choose a number from below, or type in your own value.
+ 1 / US East (N. Virginia)
+   \ (s3.petabox.io)
+ 2 / US East (N. Virginia)
+   \ (s3.us-east-1.petabox.io)
+ 3 / Europe (Frankfurt)
+   \ (s3.eu-central-1.petabox.io)
+ 4 / Asia Pacific (Singapore)
+   \ (s3.ap-southeast-1.petabox.io)
+ 5 / Middle East (Bahrain)
+   \ (s3.me-south-1.petabox.io)
+ 6 / South America (São Paulo)
+   \ (s3.sa-east-1.petabox.io)
+endpoint> 1
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn't copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \ (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \ (public-read)
+   / Owner gets FULL_CONTROL.
+ 3 | The AllUsers group gets READ and WRITE access.
+   | Granting this on a bucket is generally not recommended.
+   \ (public-read-write)
+   / Owner gets FULL_CONTROL.
+ 4 | The AuthenticatedUsers group gets READ access.
+   \ (authenticated-read)
+   / Object owner gets FULL_CONTROL.
+ 5 | Bucket owner gets READ access.
+   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-read)
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \ (bucket-owner-full-control)
+acl> 1
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> No
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Petabox
+- access_key_id: YOUR_ACCESS_KEY_ID
+- secret_access_key: YOUR_SECRET_ACCESS_KEY
+- region: us-east-1
+- endpoint: s3.petabox.io
+Keep this "My Petabox Storage" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+```
+
+This will leave the config file looking like this.
+
+```
+[My Petabox Storage]
+type = s3
+provider = Petabox
+access_key_id = YOUR_ACCESS_KEY_ID
+secret_access_key = YOUR_SECRET_ACCESS_KEY
+region = us-east-1
+endpoint = s3.petabox.io
+```
+
 ### Storj
 
 Storj is a decentralized cloud storage which can be used through its
@@ -5451,3 +4875,137 @@ use policy `mfs` (most free space) as a member of an rclone union
 remote.
 
 See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+
+
+### Synology C2 Object Storage {#synology-c2}
+
+[Synology C2 Object Storage](https://c2.synology.com/en-global/object-storage/overview) provides a secure, S3-compatible, and cost-effective cloud storage solution without API request, download fees, and deletion penalty.
+
+The S3 compatible gateway is configured using `rclone config` with a
+type of `s3` and with a provider name of `Synology`. Here is an example
+run of the configurator.
+
+First run:
+
+```
+rclone config
+```
+
+This will guide you through an interactive setup process.
+
+```
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+
+n/s/q> n
+
+Enter name for new remote.1
+name> syno
+
+Type of storage to configure.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, GCS, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, Petabox, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \ "s3"
+
+Storage> s3
+
+Choose your S3 provider.
+Enter a string value. Press Enter for the default ("").
+Choose a number from below, or type in your own value
+ 24 / Synology C2 Object Storage
+   \ (Synology)
+
+provider> Synology
+
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default ("false").
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \ "false"
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \ "true"
+
+env_auth> 1
+
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+
+access_key_id> accesskeyid
+
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default ("").
+
+secret_access_key> secretaccesskey
+
+Region where your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Europe Region 1
+   \ (eu-001)
+ 2 / Europe Region 2
+   \ (eu-002)
+ 3 / US Region 1
+   \ (us-001)
+ 4 / US Region 2
+   \ (us-002)
+ 5 / Asia (Taiwan)
+   \ (tw-001)
+
+region > 1
+
+Option endpoint.
+Endpoint for Synology C2 Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / EU Endpoint 1
+   \ (eu-001.s3.synologyc2.net)
+ 2 / US Endpoint 1
+   \ (us-001.s3.synologyc2.net)
+ 3 / TW Endpoint 1
+   \ (tw-001.s3.synologyc2.net)
+
+endpoint> 1
+
+Option location_constraint.
+Location constraint - must be set to match the Region.
+Leave blank if not sure. Used when creating buckets only.
+Enter a value. Press Enter to leave empty.
+location_constraint>
+
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> y
+
+Option no_check_bucket.
+If set, don't attempt to check the bucket exists or create it.
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
+It can also be needed if the user you are using does not have bucket
+creation permissions. Before v1.52.0 this would have passed silently
+due to a bug.
+Enter a boolean value (true or false). Press Enter for the default (true).
+
+no_check_bucket> true
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Synology
+- region: eu-001
+- endpoint: eu-001.s3.synologyc2.net
+- no_check_bucket: true
+Keep this "syno" remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+
+y/e/d> y
diff --git a/docs/content/seafile.md b/docs/content/seafile.md
index 5afeadbfec9dc..e3e1aa1095b69 100644
--- a/docs/content/seafile.md
+++ b/docs/content/seafile.md
@@ -386,7 +386,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SEAFILE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/sftp.md b/docs/content/sftp.md
index bff2796bec42d..a32564c76418f 100644
--- a/docs/content/sftp.md
+++ b/docs/content/sftp.md
@@ -359,7 +359,7 @@ commands is prohibited.  Set the configuration option `disable_hashcheck`
 to `true` to disable checksumming entirely, or set `shell_type` to `none`
 to disable all functionality based on remote shell command execution.
 
-### Modified time
+### Modification times and hashes
 
 Modified times are stored on the server to 1 second precision.
 
@@ -556,6 +556,42 @@ Properties:
 - Type:        bool
 - Default:     false
 
+#### --sftp-ssh
+
+Path and arguments to external ssh binary.
+
+Normally rclone will use its internal ssh library to connect to the
+SFTP server. However it does not implement all possible ssh options so
+it may be desirable to use an external ssh binary.
+
+Rclone ignores all the internal config if you use this option and
+expects you to configure the ssh binary with the user/host/port and
+any other options you need.
+
+**Important** The ssh command must log in without asking for a
+password so needs to be configured with keys or certificates.
+
+Rclone will run the command supplied either with the additional
+arguments "-s sftp" to access the SFTP subsystem or with commands such
+as "md5sum /path/to/file" appended to read checksums.
+
+Any arguments with spaces in should be surrounded by "double quotes".
+
+An example setting might be:
+
+    ssh -o ServerAliveInterval=20 user@example.com
+
+Note that when using an external ssh binary rclone makes a new ssh
+connection for every hash it calculates.
+
+
+Properties:
+
+- Config:      ssh
+- Env Var:     RCLONE_SFTP_SSH
+- Type:        SpaceSepList
+- Default:     
+
 ### Advanced options
 
 Here are the Advanced options specific to sftp (SSH/SFTP).
@@ -608,6 +644,18 @@ E.g. if shared folders can be found in directories representing volumes:
 E.g. if home directory can be found in a shared folder called "home":
 
     rclone sync /home/local/directory remote:/home/directory --sftp-path-override /volume1/homes/USER/directory
+	
+To specify only the path to the SFTP remote's root, and allow rclone to add any relative subpaths automatically (including unwrapping/decrypting remotes as necessary), add the '@' character to the beginning of the path.
+
+E.g. the first example above could be rewritten as:
+
+	rclone sync /home/local/directory remote:/directory --sftp-path-override @/volume2
+	
+Note that when using this method with Synology "home" folders, the full "/homes/USER" path should be specified instead of "/home".
+
+E.g. the second example above should be rewritten as:
+
+	rclone sync /home/local/directory remote:/homes/USER/directory --sftp-path-override @/volume1
 
 Properties:
 
@@ -703,6 +751,15 @@ Specifies the path or command to run a sftp server on the remote host.
 
 The subsystem option is ignored when server_command is defined.
 
+If adding server_command to the configuration file please note that 
+it should not be enclosed in quotes, since that will make rclone fail.
+
+A working example is:
+
+    [remote_name]
+    type = sftp
+    server_command = sudo /usr/libexec/openssh/sftp-server
+
 Properties:
 
 - Config:      server_command
@@ -850,7 +907,7 @@ Pass multiple variables space separated, eg
 
     VAR1=value VAR2=value
 
-and pass variables with spaces in in quotes, eg
+and pass variables with spaces in quotes, eg
 
     "VAR3=value with space" "VAR4=value with space" VAR5=nospacehere
 
@@ -921,6 +978,70 @@ Properties:
 - Type:        SpaceSepList
 - Default:     
 
+#### --sftp-host-key-algorithms
+
+Space separated list of host key algorithms, ordered by preference.
+
+At least one must match with server configuration. This can be checked for example using ssh -Q HostKeyAlgorithms.
+
+Note: This can affect the outcome of key negotiation with the server even if server host key validation is not enabled.
+
+Example:
+
+    ssh-ed25519 ssh-rsa ssh-dss
+
+
+Properties:
+
+- Config:      host_key_algorithms
+- Env Var:     RCLONE_SFTP_HOST_KEY_ALGORITHMS
+- Type:        SpaceSepList
+- Default:     
+
+#### --sftp-socks-proxy
+
+Socks 5 proxy host.
+	
+Supports the format user:pass@host:port, user@host:port, host:port.
+
+Example:
+
+	myUser:myPass@localhost:9005
+	
+
+Properties:
+
+- Config:      socks_proxy
+- Env Var:     RCLONE_SFTP_SOCKS_PROXY
+- Type:        string
+- Required:    false
+
+#### --sftp-copy-is-hardlink
+
+Set to enable server side copies using hardlinks.
+
+The SFTP protocol does not define a copy command so normally server
+side copies are not allowed with the sftp backend.
+
+However the SFTP protocol does support hardlinking, and if you enable
+this flag then the sftp backend will support server side copies. These
+will be implemented by doing a hardlink from the source to the
+destination.
+
+Not all sftp servers support this.
+
+Note that hardlinking two files together will use no additional space
+as the source and the destination will be the same file.
+
+This feature may be useful backups made with --copy-dest.
+
+Properties:
+
+- Config:      copy_is_hardlink
+- Env Var:     RCLONE_SFTP_COPY_IS_HARDLINK
+- Type:        bool
+- Default:     false
+
 {{< rem autogenerated options stop >}}
 
 ## Limitations
diff --git a/docs/content/sharefile.md b/docs/content/sharefile.md
index a86b36d799b2f..3dd1027f97b27 100644
--- a/docs/content/sharefile.md
+++ b/docs/content/sharefile.md
@@ -105,7 +105,7 @@ To copy a local directory to an ShareFile directory called backup
 
 Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-### Modified time and hashes
+### Modification times and hashes
 
 ShareFile allows modification times to be set on objects accurate to 1
 second.  These will be used to detect whether objects need syncing or
@@ -154,6 +154,32 @@ as they can't be used in JSON strings.
 
 Here are the Standard options specific to sharefile (Citrix Sharefile).
 
+#### --sharefile-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_SHAREFILE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --sharefile-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_SHAREFILE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
 #### --sharefile-root-folder-id
 
 ID of the root folder.
@@ -183,6 +209,43 @@ Properties:
 
 Here are the Advanced options specific to sharefile (Citrix Sharefile).
 
+#### --sharefile-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_SHAREFILE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --sharefile-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_SHAREFILE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --sharefile-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_SHAREFILE_TOKEN_URL
+- Type:        string
+- Required:    false
+
 #### --sharefile-upload-cutoff
 
 Cutoff for switching to multipart upload.
@@ -237,7 +300,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SHAREFILE_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/sia.md b/docs/content/sia.md
index ae9f74a2a0693..0ee8cba9424e3 100644
--- a/docs/content/sia.md
+++ b/docs/content/sia.md
@@ -191,7 +191,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SIA_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/smb.md b/docs/content/smb.md
index b55cdba5a2cd3..10eaec5182377 100644
--- a/docs/content/smb.md
+++ b/docs/content/smb.md
@@ -16,7 +16,7 @@ command.)  You may put subdirectories in too, e.g. `remote:item/path/to/dir`.
 ## Notes
 
 The first path segment must be the name of the share, which you entered when you started to share on Windows. On smbd, it's the section title in `smb.conf` (usually in `/etc/samba/`) file.
-You can find shares by quering the root if you're unsure (e.g. `rclone lsd remote:`).
+You can find shares by querying the root if you're unsure (e.g. `rclone lsd remote:`).
 
 You can't access to the shared printers from rclone, obviously.
 
@@ -245,7 +245,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SMB_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/sponsor.md b/docs/content/sponsor.md
new file mode 100644
index 0000000000000..91ad385414932
--- /dev/null
+++ b/docs/content/sponsor.md
@@ -0,0 +1,57 @@
+---
+title: "Sponsor"
+description: "Sponsor the rclone project."
+type: page
+aliases:
+- donate
+---
+
+# {{< icon "fa fa-heart heart" >}} Sponsor the rclone project
+
+Rclone is a free open-source project with thousands of contributions
+from volunteers all round the world and I would like to thank all of
+you for donating your time to the project.
+
+However, maintaining rclone is a lot of work - it is **my full time
+job**. Nothing stands still in the world of cloud storage. Rclone
+needs constant attention adapting to changes by cloud providers,
+adding new providers, adding new features, keeping the integration
+tests working, fixing bugs and many more things!
+
+I love doing the work and I'd like to keep doing it - your support
+helps make rclone possible.
+
+Thank you :-)
+
+{{< nick >}}
+
+## Business users
+
+If your business or your customers rely on rclone then it would make
+sense to sponsor rclone to ensure that the open source project you
+need stays healthy and well maintained.
+
+Sponsorship can include support contracts, advertising deals and
+consultancy.
+
+Please see our business site [rclone.com](https://rclone.com) for
+details.
+
+{{< bizbutton >}}
+
+## Personal users
+
+If you are a personal user and you would like to support the project
+with sponsorship as a way of saying thank you that would be most
+appreciated. {{< icon "fa fa-heart heart" >}}
+
+{{< monthly_donations >}}
+
+If you don't want to contribute monthly then of course we'd love a one
+off donation.
+
+{{< one_off_donations >}}
+
+## Current sponsors
+
+...Will appear here...
diff --git a/docs/content/sugarsync.md b/docs/content/sugarsync.md
index 0d9a29d7341c7..0b19927d7da9c 100644
--- a/docs/content/sugarsync.md
+++ b/docs/content/sugarsync.md
@@ -98,7 +98,7 @@ Paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 create a folder, which rclone will create as a "Sync Folder" with
 SugarSync.
 
-### Modified time and hashes
+### Modification times and hashes
 
 SugarSync does not support modification times or hashes, therefore
 syncing will default to `--size-only` checking.  Note that using
@@ -269,7 +269,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SUGARSYNC_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/swift.md b/docs/content/swift.md
index 7f73fa556fe9d..a627e3684e25f 100644
--- a/docs/content/swift.md
+++ b/docs/content/swift.md
@@ -13,6 +13,7 @@ Commercial implementations of that being:
   * [Memset Memstore](https://www.memset.com/cloud/storage/)
   * [OVH Object Storage](https://www.ovh.co.uk/public-cloud/storage/object-storage/)
   * [Oracle Cloud Storage](https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html)
+  * [Blomp Cloud Storage](https://www.blomp.com/cloud-storage/)
   * [IBM Bluemix Cloud ObjectStorage Swift](https://console.bluemix.net/docs/infrastructure/objectstorage-swift/index.html)
 
 Paths are specified as `remote:container` (or `remote:` for the `lsd`
@@ -36,7 +37,7 @@ name> remote
 Type of storage to configure.
 Choose a number from below, or type in your own value
 [snip]
-XX / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
+XX / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)
    \ "swift"
 [snip]
 Storage> swift
@@ -65,6 +66,8 @@ Choose a number from below, or type in your own value
    \ "https://auth.storage.memset.com/v2.0"
  6 / OVH
    \ "https://auth.cloud.ovh.net/v3"
+ 7  / Blomp Cloud Storage
+   \ "https://authenticate.ain.net"
 auth> 
 User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
 user_id> 
@@ -224,7 +227,7 @@ sufficient to determine if it is "dirty". By using `--update` along with
 `--use-server-modtime`, you can avoid the extra API call and simply upload
 files whose local modtime is newer than the time it was last uploaded.
 
-### Modified time
+### Modification times and hashes
 
 The modified time is stored as metadata on the object as
 `X-Object-Meta-Mtime` as floating point since the epoch accurate to 1
@@ -233,6 +236,8 @@ ns.
 This is a de facto standard (used in the official python-swiftclient
 amongst others) for storing the modification time for an object.
 
+The MD5 hash algorithm is supported.
+
 ### Restricted filename characters
 
 | Character | Value | Replacement |
@@ -246,7 +251,7 @@ as they can't be used in JSON strings.
 {{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/swift/swift.go then run make backenddocs" >}}
 ### Standard options
 
-Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).
+Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
 
 #### --swift-env-auth
 
@@ -310,6 +315,8 @@ Properties:
         - Memset Memstore UK v2
     - "https://auth.cloud.ovh.net/v3"
         - OVH
+    - "https://authenticate.ain.net"
+        - Blomp Cloud Storage
 
 #### --swift-user-id
 
@@ -486,7 +493,7 @@ Properties:
 
 ### Advanced options
 
-Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).
+Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
 
 #### --swift-leave-parts-on-error
 
@@ -577,7 +584,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_SWIFT_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,InvalidUtf8
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/union.md b/docs/content/union.md
index bce1c44aa0b4c..99b5f817d1c52 100644
--- a/docs/content/union.md
+++ b/docs/content/union.md
@@ -6,24 +6,27 @@ versionIntroduced: "v1.44"
 
 # {{< icon "fa fa-link" >}} Union
 
-The `union` remote provides a unification similar to UnionFS using other remotes.
-
-Paths may be as deep as required or a local path, 
-e.g. `remote:directory/subdirectory` or `/directory/subdirectory`.
+The `union` backend joins several remotes together to make a single unified view of them.
 
 During the initial setup with `rclone config` you will specify the upstream
-remotes as a space separated list. The upstream remotes can either be a local paths or other remotes.
+remotes as a space separated list. The upstream remotes can either be a local
+paths or other remotes.
+
+The attributes `:ro`, `:nc` and `:writeback` can be attached to the end of the remote
+to tag the remote as **read only**, **no create** or **writeback**, e.g.
+`remote:directory/subdirectory:ro` or `remote:directory/subdirectory:nc`.
 
-Attribute `:ro` and `:nc` can be attach to the end of path to tag the remote as **read only** or **no create**,
-e.g. `remote:directory/subdirectory:ro` or `remote:directory/subdirectory:nc`.
+- `:ro` means files will only be read from here and never written
+- `:nc` means new files or directories won't be created here
+- `:writeback` means files found in different remotes will be written back here. See the [writeback section](#writeback) for more info.
 
 Subfolders can be used in upstream remotes. Assume a union remote named `backup`
 with the remotes `mydrive:private/backup`. Invoking `rclone mkdir backup:desktop`
 is exactly the same as invoking `rclone mkdir mydrive:private/backup/desktop`.
 
-There will be no special handling of paths containing `..` segments.
-Invoking `rclone mkdir backup:../desktop` is exactly the same as invoking
-`rclone mkdir mydrive:private/backup/../desktop`.
+There is no special handling of paths containing `..` segments. Invoking `rclone
+mkdir backup:../desktop` is exactly the same as invoking `rclone mkdir
+mydrive:private/backup/../desktop`.
 
 ## Configuration
 
@@ -172,6 +175,36 @@ The policies definition are inspired by [trapexit/mergerfs](https://github.com/t
 | newest | Pick the file / directory with the largest mtime. |
 | rand (random) | Calls **all** and then randomizes. Returns only one upstream. |
 
+
+### Writeback {#writeback}
+
+The tag `:writeback` on an upstream remote can be used to make a simple cache
+system like this:
+
+```
+[union]
+type = union
+action_policy = all
+create_policy = all
+search_policy = ff
+upstreams = /local:writeback remote:dir
+```
+
+When files are opened for read, if the file is in `remote:dir` but not `/local`
+then rclone will copy the file entirely into `/local` before returning a
+reference to the file in `/local`. The copy will be done with the equivalent of
+`rclone copy` so will use `--multi-thread-streams` if configured. Any copies
+will be logged with an INFO log.
+
+When files are written, they will be written to both `remote:dir` and `/local`.
+
+As many remotes as desired can be added to `upstreams` but there should only be
+one `:writeback` tag.
+
+Rclone does not manage the `:writeback` remote in any way other than writing
+files back to it. So if you need to expire old files or manage the size then you
+will have to do this yourself.
+
 {{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/union/union.go then run make backenddocs" >}}
 ### Standard options
 
diff --git a/docs/content/uptobox.md b/docs/content/uptobox.md
index 7324058fc6e41..816337330ef69 100644
--- a/docs/content/uptobox.md
+++ b/docs/content/uptobox.md
@@ -82,9 +82,10 @@ To copy a local directory to an Uptobox directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes
+### Modification times and hashes
 
-Uptobox supports neither modified times nor checksums.
+Uptobox supports neither modified times nor checksums. All timestamps
+will read as that set by `--default-time`.
 
 ### Restricted filename characters
 
@@ -121,6 +122,17 @@ Properties:
 
 Here are the Advanced options specific to uptobox (Uptobox).
 
+#### --uptobox-private
+
+Set to make uploaded files private
+
+Properties:
+
+- Config:      private
+- Env Var:     RCLONE_UPTOBOX_PRIVATE
+- Type:        bool
+- Default:     false
+
 #### --uptobox-encoding
 
 The encoding for the backend.
@@ -131,7 +143,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_UPTOBOX_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/webdav.md b/docs/content/webdav.md
index 4ded05d1b053a..ea7b2669d23ce 100644
--- a/docs/content/webdav.md
+++ b/docs/content/webdav.md
@@ -43,17 +43,21 @@ Choose a number from below, or type in your own value
 url> https://example.com/remote.php/webdav/
 Name of the WebDAV site/service/software you are using
 Choose a number from below, or type in your own value
- 1 / Nextcloud
-   \ "nextcloud"
- 2 / Owncloud
-   \ "owncloud"
- 3 / Sharepoint Online, authenticated by Microsoft account.
-   \ "sharepoint"
- 4 / Sharepoint with NTLM authentication. Usually self-hosted or on-premises.
-   \ "sharepoint-ntlm"
- 5 / Other site/service or software
-   \ "other"
-vendor> 1
+ 1 / Fastmail Files
+   \ (fastmail)
+ 2 / Nextcloud
+   \ (nextcloud)
+ 3 / Owncloud
+   \ (owncloud)
+ 4 / Sharepoint Online, authenticated by Microsoft account
+   \ (sharepoint)
+ 5 / Sharepoint with NTLM authentication, usually self-hosted or on-premises
+   \ (sharepoint-ntlm)
+ 6 / rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
+   \ (rclone)
+ 7 / Other site/service or software
+   \ (other)
+vendor> 2
 User name
 user> user
 Password.
@@ -97,13 +101,13 @@ To copy a local directory to an WebDAV directory called backup
 
     rclone copy /home/source remote:backup
 
-### Modified time and hashes ###
+### Modification times and hashes
 
 Plain WebDAV does not support modified times.  However when used with
-Owncloud or Nextcloud rclone will support modified times.
+Fastmail Files, Owncloud or Nextcloud rclone will support modified times.
 
 Likewise plain WebDAV does not support hashes, however when used with
-Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes.
+Fastmail Files, Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes.
 Depending on the exact version of Owncloud or Nextcloud hashes may
 appear on all objects, or only on objects which had a hash uploaded
 with them.
@@ -137,6 +141,8 @@ Properties:
 - Type:        string
 - Required:    false
 - Examples:
+    - "fastmail"
+        - Fastmail Files
     - "nextcloud"
         - Nextcloud
     - "owncloud"
@@ -145,6 +151,8 @@ Properties:
         - Sharepoint Online, authenticated by Microsoft account
     - "sharepoint-ntlm"
         - Sharepoint with NTLM authentication, usually self-hosted or on-premises
+    - "rclone"
+        - rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
     - "other"
         - Other site/service or software
 
@@ -236,12 +244,50 @@ Properties:
 - Type:        CommaSepList
 - Default:     
 
+#### --webdav-pacer-min-sleep
+
+Minimum time to sleep between API calls.
+
+Properties:
+
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_WEBDAV_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     10ms
+
+#### --webdav-nextcloud-chunk-size
+
+Nextcloud upload chunk size.
+
+We recommend configuring your NextCloud instance to increase the max chunk size to 1 GB for better upload performances.
+See https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#adjust-chunk-size-on-nextcloud-side
+
+Set to 0 to disable chunked uploading.
+
+
+Properties:
+
+- Config:      nextcloud_chunk_size
+- Env Var:     RCLONE_WEBDAV_NEXTCLOUD_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     10Mi
+
 {{< rem autogenerated options stop >}}
 
 ## Provider notes
 
 See below for notes on specific providers.
 
+## Fastmail Files
+
+Use `https://webdav.fastmail.com/` or a subdirectory as the URL,
+and your Fastmail email `username@domain.tld` as the username.
+Follow [this documentation](https://www.fastmail.help/hc/en-us/articles/360058752854-App-passwords)
+to create an app password with access to `Files (WebDAV)` and use
+this as the password.
+
+Fastmail supports modified times using the `X-OC-Mtime` header.
+
 ### Owncloud
 
 Click on the settings cog in the bottom right of the page and this
@@ -337,6 +383,14 @@ For Rclone calls copying files (especially Office files such as .docx, .xlsx, et
 --ignore-size --ignore-checksum --update
 ```
 
+## Rclone
+
+Use this option if you are hosting remotes over WebDAV provided by rclone.
+Read [rclone serve webdav](commands/rclone_serve_webdav/) for more details.
+
+rclone serve supports modified times using the `X-OC-Mtime` header.
+
+
 ### dCache
 
 dCache is a storage system that supports many protocols and
diff --git a/docs/content/yandex.md b/docs/content/yandex.md
index 0606fdfbd041e..d8be5600615be 100644
--- a/docs/content/yandex.md
+++ b/docs/content/yandex.md
@@ -87,14 +87,12 @@ excess files in the path.
 
 Yandex paths may be as deep as required, e.g. `remote:directory/subdirectory`.
 
-### Modified time
+### Modification times and hashes
 
 Modified times are supported and are stored accurate to 1 ns in custom
 metadata called `rclone_modified` in RFC3339 with nanoseconds format.
 
-### MD5 checksums
-
-MD5 checksums are natively supported by Yandex Disk.
+The MD5 hash algorithm is natively supported by Yandex Disk.
 
 ### Emptying Trash
 
@@ -208,7 +206,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_YANDEX_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Slash,Del,Ctl,InvalidUtf8,Dot
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/content/zoho.md b/docs/content/zoho.md
index a103c4613261c..b9ecdd8cdaf94 100644
--- a/docs/content/zoho.md
+++ b/docs/content/zoho.md
@@ -107,13 +107,11 @@ excess files in the path.
 
 Zoho paths may be as deep as required, eg `remote:directory/subdirectory`.
 
-### Modified time
+### Modification times and hashes
 
 Modified times are currently not supported for Zoho Workdrive
 
-### Checksums
-
-No checksums are supported.
+No hash algorithms are supported.
 
 ### Usage information
 
@@ -236,7 +234,7 @@ Properties:
 
 - Config:      encoding
 - Env Var:     RCLONE_ZOHO_ENCODING
-- Type:        MultiEncoder
+- Type:        Encoding
 - Default:     Del,Ctl,InvalidUtf8
 
 {{< rem autogenerated options stop >}}
diff --git a/docs/layouts/_default/baseof.html b/docs/layouts/_default/baseof.html
index e84ba3f294497..bf06ab1298c64 100644
--- a/docs/layouts/_default/baseof.html
+++ b/docs/layouts/_default/baseof.html
@@ -7,13 +7,7 @@
     <meta name="description" content="{{ .Description }}">
     <meta name="author" content="Nick Craig-Wood">
     <link rel="shortcut icon" type="image/png" href="/img/rclone-32x32.png"/>
-    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-51081799-1"></script>
-    <script>
-      window.dataLayer = window.dataLayer || [];
-      function gtag(){dataLayer.push(arguments);}
-      gtag('js', new Date());
-      gtag('config', 'UA-51081799-1');
-    </script>
+    <script defer data-domain="rclone.org" src="https://weblog.rclone.org/js/script.js"></script>
     <title>{{ block "title" . }}{{ .Title }}{{ end }}</title>
     <link rel="canonical" href="{{ .Permalink }}">
     <link href="/css/bootstrap.min.4.4.1.css" rel="stylesheet">
diff --git a/docs/layouts/chrome/menu.html b/docs/layouts/chrome/menu.html
index 3f9ea6bf56d16..9b293012ba4c1 100644
--- a/docs/layouts/chrome/menu.html
+++ b/docs/layouts/chrome/menu.html
@@ -10,6 +10,26 @@
 </div>
 {{end}}
 
+<div class="card">
+  <div class="card-header" style="padding: 5px 15px;">
+    Gold Sponsor
+  </div>
+  <div class="card-body">
+    <a href="https://www.idrive.com/e2/?refer=rclone" target="_blank" rel="noopener" title="Visit rclone's sponsor IDrive e2"><img src="/img/logos/idrive_e2.svg" viewBox="0 0 60 55"></a><br />
+  </div>
+</div>
+
+{{if .IsHome}}
+<div class="card">
+  <div class="card-header" style="padding: 5px 15px;">
+    Silver Sponsor
+  </div>
+  <div class="card-body">
+    <a href="https://hubs.li/Q0261LHy0" target="_blank" rel="noopener" title="Visit rclone's sponsor Storj to see offer"><img src="/img/logos/storj-rclone-spot-1.png" style="max-width: 100%; height: auto;"></a><br />
+  </div>
+</div>
+{{end}}
+
 <div class="card">
   <div class="card-header" style="padding: 5px 10px;">
     Share and Enjoy
@@ -34,19 +54,8 @@
       <i class="fa fa-comments fa-fw" aria-hidden="true"></i> <a href="https://forum.rclone.org">Rclone forum</a><br />
       <i class="fab fa-github fa-fw" aria-hidden="true"></i> <a href="https://github.com/rclone/rclone">GitHub project</a><br />
       <i class="fa fa-book fa-fw" aria-hidden="true"></i> <a href="https://github.com/rclone/rclone/wiki">Rclone Wiki</a><br />
-      <i class="fa fa-heart heart fa-fw" aria-hidden="true"></i> <a href="/donate/">Donate</a><br />
+      <i class="fa fa-heart heart fa-fw" aria-hidden="true"></i> <a href="/sponsor/">Sponsor</a><br />
       <i class="fab fa-twitter fa-fw" aria-hidden="true"></i> <a href="https://twitter.com/njcw">@njcw</a>
     </p>
   </div>
 </div>
-
-<div class="card">
-  <div class="card-header" style="padding: 5px 15px;">
-    Sponsors
-  </div>
-  <div class="card-body">
-    <p class="menu">
-      <a href="https://www.idrive.com/e2/?refer=rclone" target="_blank" rel="noopener" aria-label="Visit rclone's sponsor IDrive e2"><img src="/img/logos/idrive_e2.svg" viewBox="0 0 60 55"></a><br />
-    </p>
-  </div>
-</div>
diff --git a/docs/layouts/chrome/navbar.html b/docs/layouts/chrome/navbar.html
index dfd1e83d9e742..8b3d7f8713028 100644
--- a/docs/layouts/chrome/navbar.html
+++ b/docs/layouts/chrome/navbar.html
@@ -77,18 +77,23 @@
           <a class="dropdown-item" href="/internetarchive/"><i class="fa fa-archive fa-fw"></i> Internet Archive</a>
           <a class="dropdown-item" href="/jottacloud/"><i class="fa fa-cloud fa-fw"></i> Jottacloud</a>
           <a class="dropdown-item" href="/koofr/"><i class="fa fa-suitcase fa-fw"></i> Koofr</a>
+          <a class="dropdown-item" href="/linkbox/"><i class="fa fa-infinity"></i> Linkbox</a>
           <a class="dropdown-item" href="/mailru/"><i class="fa fa-at fa-fw"></i> Mail.ru Cloud</a>
           <a class="dropdown-item" href="/mega/"><i class="fa fa-archive fa-fw"></i> Mega</a>
           <a class="dropdown-item" href="/memory/"><i class="fas fa-memory fa-fw"></i> Memory</a>
           <a class="dropdown-item" href="/azureblob/"><i class="fab fa-windows fa-fw"></i> Microsoft Azure Blob Storage</a>
+          <a class="dropdown-item" href="/azurefiles/"><i class="fab fa-windows fa-fw"></i> Microsoft Azure Files Storage</a>
           <a class="dropdown-item" href="/onedrive/"><i class="fab fa-windows fa-fw"></i> Microsoft OneDrive</a>
           <a class="dropdown-item" href="/opendrive/"><i class="fa fa-space-shuttle fa-fw"></i> OpenDrive</a>
           <a class="dropdown-item" href="/qingstor/"><i class="fas fa-hdd fa-fw"></i> QingStor</a>
           <a class="dropdown-item" href="/swift/"><i class="fa fa-space-shuttle fa-fw"></i> Openstack Swift</a>
           <a class="dropdown-item" href="/oracleobjectstorage/"><i class="fa fa-cloud fa-fw"></i> Oracle Object Storage</a>
           <a class="dropdown-item" href="/pcloud/"><i class="fa fa-cloud fa-fw"></i> pCloud</a>
+          <a class="dropdown-item" href="/pikpak/"><i class="fa fa-cloud fa-fw"></i> PikPak</a>
           <a class="dropdown-item" href="/premiumizeme/"><i class="fa fa-user fa-fw"></i> premiumize.me</a>
           <a class="dropdown-item" href="/putio/"><i class="fas fa-parking fa-fw"></i> put.io</a>
+          <a class="dropdown-item" href="/protondrive/"><i class="fas fa-folder fa-fw"></i> Proton Drive</a>
+          <a class="dropdown-item" href="/quatrix/"><i class="fas fa-shield-alt"></i> Quatrix</a>
           <a class="dropdown-item" href="/seafile/"><i class="fa fa-server fa-fw"></i> Seafile</a>
           <a class="dropdown-item" href="/sftp/"><i class="fa fa-server fa-fw"></i> SFTP</a>
           <a class="dropdown-item" href="/sia/"><i class="fa fa-globe fa-fw"></i> Sia</a>
@@ -108,7 +113,12 @@
         <a class="nav-link" href="/contact/"><i class="fa fa-envelope fa-fw"></i> Contact</a>
       </li>
       <li class="nav-item active">
-        <a class="nav-link" href="/donate/"><i class="fa fa-heart heart fa-fw"></i> Donate</a>
+        <a class="nav-link" href="/sponsor/"><i class="fa fa-heart heart fa-fw"></i> Sponsor</a>
+      </li>
+    </ul>
+    <ul class="navbar-nav mr-auto">
+      <li class="nav-item active">
+        <a href="https://rclone.com/" target="_blank" class="nav-link bizbutton" title="Click here for support and advertising contracts"><i class="fa fa-briefcase"></i> For Business</a>
       </li>
     </ul>
     <form class="form-inline" name="search_form" action="https://google.com/search" target="_blank" onsubmit="on_search();">
diff --git a/docs/layouts/partials/version.html b/docs/layouts/partials/version.html
index f6593dfb8d5cd..d7303a711a4d1 100644
--- a/docs/layouts/partials/version.html
+++ b/docs/layouts/partials/version.html
@@ -1 +1 @@
-v1.63.0
\ No newline at end of file
+v1.65.0
\ No newline at end of file
diff --git a/docs/layouts/shortcodes/bizbutton.html b/docs/layouts/shortcodes/bizbutton.html
new file mode 100644
index 0000000000000..d9a12a5db3518
--- /dev/null
+++ b/docs/layouts/shortcodes/bizbutton.html
@@ -0,0 +1 @@
+<a  class="btn btn-primary" role="button" href="https://rclone.com/" target="_blank"><i class="fa fa-briefcase" aria-hidden="true"></i> For Business</a>
diff --git a/docs/layouts/shortcodes/monthly_donations.html b/docs/layouts/shortcodes/monthly_donations.html
index 4e5481f283a56..7b8518981c649 100644
--- a/docs/layouts/shortcodes/monthly_donations.html
+++ b/docs/layouts/shortcodes/monthly_donations.html
@@ -6,9 +6,9 @@
     </a>
     <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
       <span class="dropdown-item"><small class="text-muted">Please check the "monthly" box</small></span>
-      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=B9JZV25DCP2SJ&amp;source=url">Donate in $ USD</a>
-      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=RGRFXCDDHK3LW&amp;source=url">Donate in £ GBP</a>
-      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=Y2AMZXSALFBR4&amp;source=url">Donate in € EUR</a>
+      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=B9JZV25DCP2SJ&amp;source=url">Sponsor in $ USD</a>
+      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=RGRFXCDDHK3LW&amp;source=url">Sponsor in £ GBP</a>
+      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=Y2AMZXSALFBR4&amp;source=url">Sponsor in € EUR</a>
     </div>
   </div>
   <a  class="btn btn-primary" role="button" href="https://patreon.com/njcw/" target="_blank"><i class="fab fa-patreon" aria-hidden="true"></i> Patreon</a>
diff --git a/docs/layouts/shortcodes/nick.html b/docs/layouts/shortcodes/nick.html
index 626db8dc92a35..0ff2869442cdd 100644
--- a/docs/layouts/shortcodes/nick.html
+++ b/docs/layouts/shortcodes/nick.html
@@ -1 +1 @@
-<p><img src="/img/nick.svg" width="80" alt="Nick"><br><small>Nick Craig-Wood</small></p>
+<p><img src="/img/nick.svg" width="60" alt="Nick"><br><small>Nick Craig-Wood</small></p>
diff --git a/docs/layouts/shortcodes/one_off_donations.html b/docs/layouts/shortcodes/one_off_donations.html
index e1f98077402ae..5f89972114f31 100644
--- a/docs/layouts/shortcodes/one_off_donations.html
+++ b/docs/layouts/shortcodes/one_off_donations.html
@@ -4,9 +4,9 @@
       <i class="fab fa-paypal" aria-hidden="true"></i> PayPal
     </a>
     <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
-      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=B9JZV25DCP2SJ&amp;source=url">Donate in $ USD</a>
-      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=RGRFXCDDHK3LW&amp;source=url">Donate in £ GBP</a>
-      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=Y2AMZXSALFBR4&amp;source=url">Donate in € EUR</a>
+      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=B9JZV25DCP2SJ&amp;source=url">Sponsor in $ USD</a>
+      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=RGRFXCDDHK3LW&amp;source=url">Sponsor in £ GBP</a>
+      <a class="dropdown-item" target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=Y2AMZXSALFBR4&amp;source=url">Sponsor in € EUR</a>
     </div>
   </div>
   <a  class="btn btn-primary" role="button" href="https://www.paypal.me/nickcw" target="_blank"><i class="fab fa-paypal" aria-hidden="true"></i> PayPal.Me</a>
diff --git a/docs/static/css/custom.css b/docs/static/css/custom.css
index 2ac4eb16ab7d7..2f547fbf61921 100644
--- a/docs/static/css/custom.css
+++ b/docs/static/css/custom.css
@@ -171,6 +171,17 @@ a.badge-primary.focus, a.badge-primary:focus {
     outline: 0;
     box-shadow: 0 0 0 0.2rem rgba(112,202,242,.5);
 }
+.bizbutton {
+    background-color:#fb7a20;
+    border-radius: 15px;
+    padding: 5px;
+}
+.bizbutton:hover {
+    /* background-color:#f29870; */
+    /* border-color:#f29870; */
+    background-color: #70caf2;
+    border-color: #70caf2;
+}
 nav#TableOfContents ul {
     list-style-type: none;
     padding: 0.0rem;
diff --git a/docs/static/img/logos/README.md b/docs/static/img/logos/README.md
deleted file mode 100644
index 7c43442623dcd..0000000000000
--- a/docs/static/img/logos/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Sponsor graphics
-
-This directory contains graphics from rclone sponsors used with
-permission.
-
-The copyright of the files in this directory belongs to the relevant
-sponsor and does not fall under the MIT licence of rclone.
diff --git a/docs/static/img/logos/idrive_e2.svg b/docs/static/img/logos/idrive_e2.svg
deleted file mode 100644
index a5abe1857e7c6..0000000000000
--- a/docs/static/img/logos/idrive_e2.svg
+++ /dev/null
@@ -1,219 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   version="1.1"
-   id="svg2"
-   xml:space="preserve"
-   viewBox="0 0 473.33334 180"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg"><defs
-     id="defs6"><clipPath
-       clipPathUnits="userSpaceOnUse"
-       id="clipPath16"><path
-         d="M 0,135 H 355 V 0 H 0 Z"
-         id="path14" /></clipPath></defs><g
-     id="g8"
-     transform="matrix(1.3333333,0,0,-1.3333333,0,180)"><g
-       id="g10"><g
-         id="g12"
-         clip-path="url(#clipPath16)"><g
-           id="g18"
-           transform="translate(268.92,82.6478)"><path
-             d="m 0,0 h -23.528 c 0.539,3.053 2.155,5.208 4.131,6.645 2.155,1.617 5.029,2.156 7.723,2.156 2.873,0 5.568,-0.719 7.723,-2.156 C -2.155,5.388 -0.718,3.233 0,0 m 0.359,10.597 c -3.592,2.873 -8.261,3.771 -12.213,3.771 -5.927,0 -10.417,-1.975 -13.47,-5.208 -2.874,-3.233 -4.31,-7.544 -4.31,-12.034 0,-3.951 1.077,-8.261 3.951,-11.674 2.873,-3.412 7.364,-5.747 13.829,-5.747 5.209,0 9.34,1.437 12.034,3.592 2.873,2.155 4.49,5.029 5.388,7.902 l 0.359,1.078 H 4.849 -0.18 l -0.179,-0.539 c -0.719,-2.335 -1.796,-3.771 -3.592,-5.029 -1.796,-1.077 -4.311,-1.616 -7.903,-1.616 -3.771,0 -6.645,1.257 -8.621,3.233 -1.796,1.796 -2.873,4.131 -3.053,6.825 H 6.466 v 0.898 c 0,7.004 -2.515,11.854 -6.107,14.548"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path20" /></g><g
-           id="g22"
-           transform="translate(304.4813,67.3815)"><path
-             d="m 0,0 h -0.898 -18.858 c 0.539,0.539 1.077,1.257 2.155,2.155 1.796,1.257 4.49,3.053 8.621,5.209 2.335,1.257 4.31,2.514 5.927,4.31 1.616,1.796 2.514,3.951 2.514,7.005 0,2.514 -0.898,5.388 -2.873,7.363 -1.976,2.156 -5.209,3.413 -9.699,3.413 -4.31,0 -7.543,-1.078 -9.878,-3.233 -2.335,-2.155 -3.413,-5.388 -3.413,-9.339 v -0.36 -0.898 h 5.748 v 1.078 c 0,1.796 0.359,3.592 1.437,5.029 1.077,1.437 2.694,2.514 6.286,2.514 2.514,0 4.13,-0.538 5.208,-1.436 1.078,-0.898 1.616,-2.156 1.616,-4.311 0,-1.976 -0.538,-3.053 -1.796,-4.31 -1.436,-1.258 -3.771,-2.694 -7.184,-4.49 -5.029,-2.515 -7.723,-5.029 -9.519,-7.185 -1.616,-2.334 -2.155,-4.49 -2.334,-6.286 v -0.359 l -0.18,-0.898 H 0 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path24" /></g><g
-           id="g26"
-           transform="translate(226.6159,96.099)"><path
-             d="m 0,0 c -0.13,-0.001 -0.273,-0.001 -0.435,-0.001 h -1.023 v 1.696 h 1.087 0.32 0.672 C 0.844,1.661 1.004,1.565 1.132,1.406 1.261,1.277 1.324,1.086 1.324,0.862 1.324,0.67 1.261,0.479 1.164,0.35 1.1,0.222 0.974,0.126 0.78,0.063 0.659,0.033 0.386,0.002 0,0 m 1.676,-1.505 c -0.191,0.224 -0.447,0.384 -0.736,0.576 0.609,0.096 1.055,0.288 1.344,0.608 0.288,0.352 0.447,0.767 0.447,1.279 0,0.384 -0.095,0.737 -0.288,1.055 C 2.22,2.334 1.964,2.558 1.644,2.685 1.324,2.781 0.78,2.845 0.076,2.845 h -0.127 -2.75 v -6.781 h 1.343 v 2.846 h 0.286 c 0.322,0 0.545,-0.031 0.705,-0.095 0.128,-0.033 0.256,-0.127 0.384,-0.256 C 0.045,-1.6 0.3,-1.921 0.653,-2.464 l 0.991,-1.472 h 1.632 l -0.833,1.343 c -0.32,0.513 -0.575,0.896 -0.767,1.088"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path28" /></g><g
-           id="g30"
-           transform="translate(230.2429,91.8113)"><path
-             d="m 0,0 c -0.959,-0.959 -2.271,-1.503 -3.743,-1.503 -1.439,0 -2.782,0.544 -3.741,1.503 -0.961,0.96 -1.536,2.302 -1.536,3.742 0,1.472 0.575,2.783 1.536,3.742 0.959,0.96 2.302,1.568 3.741,1.568 C -2.271,9.052 -0.959,8.444 0,7.484 0.958,6.525 1.567,5.214 1.567,3.742 1.567,2.302 0.958,0.96 0,0 m 0.958,8.444 c -1.213,1.183 -2.878,1.919 -4.701,1.919 -1.823,0 -3.486,-0.736 -4.668,-1.919 -1.216,-1.215 -1.952,-2.879 -1.952,-4.702 0,-1.822 0.736,-3.454 1.952,-4.67 1.182,-1.182 2.845,-1.918 4.668,-1.918 1.823,0 3.488,0.736 4.67,1.918 1.216,1.184 1.952,2.848 1.952,4.67 0,1.823 -0.736,3.487 -1.921,4.702"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path32" /></g><g
-           id="g34"
-           transform="translate(47.2134,103.9356)"><path
-             d="M 0,0 C -0.899,-0.848 -1.347,-1.878 -1.347,-3.091 V -40.434 H 7.758 V 1.273 H 3.269 C 1.988,1.273 0.897,0.85 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path36" /></g><g
-           id="g38"
-           transform="translate(84.0306,74.1712)"><path
-             d="m 0,0 c -1.968,-2.103 -5.046,-3.154 -9.233,-3.154 h -7.31 v 26.918 h 8.463 c 3.762,0 6.497,-1.092 8.208,-3.273 C 1.923,18.307 2.82,14.871 2.82,10.184 2.82,5.334 1.88,1.94 0,0 m -8.08,31.038 h -12.695 c -1.281,0 -2.372,-0.424 -3.269,-1.274 -0.898,-0.848 -1.347,-1.878 -1.347,-3.091 v -37.342 h 14.875 c 4.188,0 7.31,0.281 9.361,0.848 2.137,0.565 4.147,1.535 6.028,2.909 2.222,1.617 4.017,3.959 5.386,7.032 1.195,2.991 1.795,6.345 1.795,10.064 0,6.951 -1.667,12.204 -5.002,15.761 -3.333,3.396 -8.378,5.093 -15.132,5.093"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path40" /></g><g
-           id="g42"
-           transform="translate(115.8326,95.7523)"><path
-             d="m 0,0 c -2.307,0 -4.552,-0.285 -6.732,-0.849 -2.18,-0.567 -4.083,-1.455 -5.706,-2.667 -1.712,-1.293 -3.058,-3.012 -4.039,-5.152 -0.984,-2.144 -1.475,-4.791 -1.475,-7.943 V -32.25 h 8.976 v 16.608 c 0,2.427 0.598,4.204 1.796,5.337 1.196,1.131 3.034,1.697 5.514,1.697 H 1.283 L 1.283,0 H 0.642 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path44" /></g><g
-           id="g46"
-           transform="translate(124.4934,95.7523)"><path
-             d="m 0,0 h -4.616 v -32.25 h 8.977 v 28.128 c 0,1.131 -0.429,2.101 -1.282,2.91 C 2.222,-0.406 1.196,0 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path48" /></g><g
-           id="g50"
-           transform="translate(156.7491,95.7523)"><path
-             d="M 0,0 C -2.051,0 -3.422,-0.97 -4.104,-2.91 L -10.13,-22.673 -16.927,0 h -9.49 l 11.926,-32.25 h 9.104 L 6.668,0 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path52" /></g><g
-           id="g54"
-           transform="translate(123.9243,107.504)"><path
-             d="m 0,0 c -2.723,0 -4.929,-2.086 -4.929,-4.661 0,-2.574 2.206,-4.66 4.929,-4.66 2.723,0 4.93,2.086 4.93,4.66 C 4.93,-2.086 2.723,0 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path56" /></g><g
-           id="g58"
-           transform="translate(213.0013,113.7477)"><path
-             d="m 0,0 c -2.845,4.959 -7.049,8.181 -12.613,9.666 -5.563,1.486 -10.799,0.78 -15.784,-2.064 -4.958,-2.87 -8.18,-7.099 -9.666,-12.662 -0.226,-0.856 -0.403,-1.712 -0.554,-2.543 2.947,1.51 5.866,2.216 8.71,2.09 1.058,2.567 2.87,4.581 5.388,6.067 3.07,1.762 6.343,2.19 9.793,1.283 3.448,-0.931 6.066,-2.919 7.828,-5.991 1.46,-2.517 1.989,-5.135 1.662,-7.905 2.367,-1.309 4.506,-3.449 6.445,-6.368 0.328,0.83 0.628,1.686 0.907,2.593 C 3.574,-10.271 2.894,-4.985 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:evenodd;stroke:none"
-             id="path60" /></g><g
-           id="g62"
-           transform="translate(204.4005,78.9464)"><path
-             d="M 0,0 V -0.485 C 0,-0.89 -0.042,-1.173 -0.126,-1.334 h -22.186 c 0.083,-2.506 0.725,-4.365 1.924,-5.577 1.109,-1.294 2.778,-1.94 5.001,-1.94 1.453,0 2.693,0.282 3.718,0.848 0.257,0.08 0.491,0.222 0.707,0.425 0.212,0.201 0.447,0.425 0.704,0.667 0.085,0.242 0.405,0.565 0.963,0.969 0.555,0.404 1.345,0.606 2.372,0.606 h 6.411 c -0.941,-3.393 -2.737,-5.982 -5.386,-7.759 -2.65,-1.86 -5.985,-2.789 -10.003,-2.789 -4.872,0 -8.677,1.495 -11.414,4.487 -2.734,2.909 -4.102,7.072 -4.102,12.488 0,5.171 1.325,9.215 3.975,12.124 2.735,2.99 6.54,4.486 11.413,4.486 5.13,0 9.106,-1.454 11.926,-4.364 C -1.368,10.345 0,6.184 0,0.848 Z m 8.524,13.756 c -0.15,0.302 -0.301,0.604 -0.478,0.881 -0.175,0.327 -0.352,0.63 -0.552,0.906 -1.259,1.913 -2.846,3.424 -4.733,4.532 -1.158,0.705 -2.417,1.208 -3.802,1.56 l -17.118,4.607 c -1.335,0.352 -2.643,0.529 -3.928,0.529 -2.593,0.025 -5.06,-0.63 -7.476,-2.039 -0.227,-0.126 -0.453,-0.277 -0.654,-0.429 -1.158,-0.729 -2.14,-1.535 -2.996,-2.491 -1.586,-1.687 -2.694,-3.752 -3.322,-6.168 l -4.582,-17.118 c -1.083,-3.978 -0.579,-7.779 1.484,-11.354 2.066,-3.599 5.111,-5.941 9.114,-6.998 l 17.143,-4.607 c 3.977,-1.057 7.754,-0.529 11.328,1.535 3.6,2.064 5.941,5.086 7.024,9.063 L 9.557,3.283 c 0.957,3.676 0.629,7.15 -1.033,10.473"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:evenodd;stroke:none"
-             id="path64" /></g><g
-           id="g66"
-           transform="translate(188.6292,89.6158)"><path
-             d="M 0,0 C -1.882,0 -3.42,-0.566 -4.617,-1.697 -5.816,-2.831 -6.458,-4.447 -6.54,-6.548 H 6.539 C 6.367,-4.365 5.77,-2.749 4.744,-1.697 3.632,-0.566 2.049,0 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:evenodd;stroke:none"
-             id="path68" /></g><g
-           id="g70"
-           transform="translate(22.5654,17.21)"><path
-             d="M 0,0 H -2.707 V 6.939 H -9.7 V 0 h -2.718 V 15.641 H -9.7 v -6.51 h 6.993 v 6.51 H 0 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path72" /></g><g
-           id="g74"
-           transform="translate(27.6465,22.9033)"><path
-             d="m 0,0 c 0,-1.196 0.247,-2.133 0.741,-2.809 0.494,-0.677 1.182,-1.015 2.063,-1.015 0.881,0 1.566,0.344 2.057,1.031 0.49,0.688 0.736,1.693 0.736,3.019 C 5.597,1.4 5.344,2.331 4.839,3.019 4.334,3.706 3.648,4.05 2.782,4.05 1.93,4.05 1.253,3.711 0.752,3.035 0.25,2.357 0,1.347 0,0 m -2.61,0.226 c 0,1.138 0.225,2.165 0.676,3.077 0.452,0.914 1.085,1.615 1.902,2.105 C 0.784,5.899 1.722,6.145 2.782,6.145 4.351,6.145 5.624,5.64 6.601,4.63 7.579,3.62 8.106,2.281 8.186,0.612 L 8.196,0 c 0,-1.146 -0.22,-2.17 -0.66,-3.072 C 7.095,-3.975 6.465,-4.673 5.645,-5.167 4.825,-5.661 3.878,-5.908 2.804,-5.908 c -1.64,0 -2.953,0.546 -3.937,1.638 -0.985,1.092 -1.477,2.547 -1.477,4.367 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path76" /></g><g
-           id="g78"
-           transform="translate(41.3213,31.6582)"><path
-             d="M 0,0 V -2.825 H 2.052 V -4.759 H 0 v -6.488 c 0,-0.444 0.087,-0.765 0.263,-0.961 0.175,-0.197 0.489,-0.296 0.94,-0.296 0.301,0 0.605,0.036 0.913,0.108 v -2.02 c -0.595,-0.165 -1.167,-0.247 -1.719,-0.247 -2.005,0 -3.007,1.106 -3.007,3.319 v 6.585 h -1.912 v 1.934 h 1.912 l 0,2.825 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path80" /></g><g
-           id="g82"
-           transform="translate(59.2715,21.2383)"><path
-             d="m 0,0 c 0,0.687 -0.242,1.218 -0.725,1.59 -0.483,0.372 -1.356,0.748 -2.616,1.128 -1.261,0.38 -2.263,0.802 -3.008,1.267 -1.425,0.896 -2.137,2.063 -2.137,3.502 0,1.261 0.513,2.299 1.541,3.116 1.028,0.816 2.362,1.224 4.002,1.224 1.088,0 2.058,-0.2 2.911,-0.601 C 0.82,10.824 1.489,10.253 1.977,9.513 2.463,8.771 2.707,7.949 2.707,7.047 H 0 c 0,0.816 -0.256,1.456 -0.768,1.917 -0.512,0.463 -1.245,0.693 -2.197,0.693 -0.888,0 -1.577,-0.189 -2.068,-0.569 -0.49,-0.38 -0.736,-0.909 -0.736,-1.59 0,-0.573 0.265,-1.051 0.795,-1.435 C -4.444,5.681 -3.57,5.309 -2.353,4.946 -1.135,4.585 -0.158,4.173 0.58,3.712 1.317,3.249 1.858,2.72 2.202,2.122 2.546,1.523 2.718,0.823 2.718,0.021 c 0,-1.303 -0.5,-2.339 -1.499,-3.11 -0.999,-0.769 -2.354,-1.154 -4.066,-1.154 -1.132,0 -2.172,0.209 -3.12,0.629 -0.95,0.418 -1.687,0.997 -2.213,1.734 -0.527,0.737 -0.79,1.597 -0.79,2.578 h 2.718 c 0,-0.887 0.294,-1.575 0.881,-2.062 0.587,-0.488 1.429,-0.731 2.524,-0.731 0.946,0 1.656,0.192 2.133,0.574 C -0.238,-1.137 0,-0.63 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path84" /></g><g
-           id="g86"
-           transform="translate(66.9736,26.2227)"><path
-             d="M 0,0 H 1.59 C 2.392,0.007 3.027,0.215 3.497,0.623 3.965,1.031 4.2,1.622 4.2,2.396 4.2,3.141 4.005,3.719 3.615,4.13 3.224,4.542 2.628,4.748 1.826,4.748 1.124,4.748 0.548,4.546 0.097,4.142 -0.354,3.736 -0.58,3.208 -0.58,2.557 h -2.61 c 0,0.801 0.212,1.532 0.639,2.191 0.426,0.659 1.02,1.173 1.783,1.542 0.763,0.368 1.617,0.553 2.562,0.553 1.561,0 2.788,-0.393 3.679,-1.176 C 6.365,4.882 6.811,3.792 6.811,2.396 6.811,1.693 6.586,1.033 6.139,0.413 5.691,-0.206 5.113,-0.673 4.404,-0.988 c 0.86,-0.294 1.513,-0.756 1.961,-1.386 0.447,-0.63 0.671,-1.382 0.671,-2.256 0,-1.403 -0.482,-2.52 -1.445,-3.351 -0.963,-0.832 -2.229,-1.247 -3.797,-1.247 -1.504,0 -2.736,0.402 -3.695,1.204 -0.96,0.801 -1.44,1.869 -1.44,3.201 h 2.611 c 0,-0.688 0.23,-1.246 0.692,-1.676 0.462,-0.43 1.083,-0.645 1.864,-0.645 0.809,0 1.446,0.215 1.912,0.645 0.466,0.43 0.699,1.053 0.699,1.869 0,0.823 -0.244,1.457 -0.731,1.901 -0.487,0.445 -1.21,0.666 -2.17,0.666 l -1.536,0 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path88" /></g><g
-           id="g90"
-           transform="translate(94.291,22.3018)"><path
-             d="m 0,0 c -0.158,-1.669 -0.773,-2.971 -1.848,-3.904 -1.074,-0.936 -2.503,-1.403 -4.286,-1.403 -1.246,0 -2.344,0.295 -3.292,0.887 -0.949,0.59 -1.681,1.43 -2.197,2.519 -0.516,1.089 -0.784,2.352 -0.806,3.792 v 1.461 c 0,1.475 0.262,2.775 0.784,3.899 0.523,1.124 1.273,1.991 2.251,2.6 0.977,0.608 2.107,0.913 3.389,0.913 1.726,0 3.115,-0.467 4.168,-1.403 C -0.784,8.428 -0.172,7.104 0,5.393 H -2.707 C -2.836,6.517 -3.164,7.328 -3.69,7.826 -4.216,8.323 -4.988,8.572 -6.005,8.572 -7.187,8.572 -8.094,8.141 -8.728,7.276 -9.362,6.413 -9.686,5.146 -9.7,3.476 V 2.089 c 0,-1.692 0.302,-2.983 0.908,-3.871 0.604,-0.889 1.491,-1.333 2.658,-1.333 1.067,0 1.869,0.24 2.406,0.719 0.538,0.48 0.877,1.279 1.021,2.396 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path92" /></g><g
-           id="g94"
-           transform="translate(98.5879,22.9033)"><path
-             d="m 0,0 c 0,-1.196 0.247,-2.133 0.741,-2.809 0.494,-0.677 1.182,-1.015 2.063,-1.015 0.881,0 1.566,0.344 2.057,1.031 0.49,0.688 0.736,1.693 0.736,3.019 C 5.597,1.4 5.344,2.331 4.839,3.019 4.334,3.706 3.648,4.05 2.782,4.05 1.93,4.05 1.253,3.711 0.752,3.035 0.25,2.357 0,1.347 0,0 m -2.61,0.226 c 0,1.138 0.225,2.165 0.676,3.077 0.452,0.914 1.085,1.615 1.902,2.105 C 0.784,5.899 1.722,6.145 2.782,6.145 4.351,6.145 5.624,5.64 6.601,4.63 7.579,3.62 8.106,2.281 8.186,0.612 L 8.196,0 c 0,-1.146 -0.22,-2.17 -0.66,-3.072 C 7.095,-3.975 6.465,-4.673 5.645,-5.167 4.825,-5.661 3.878,-5.908 2.804,-5.908 c -1.64,0 -2.953,0.546 -3.937,1.638 -0.985,1.092 -1.477,2.547 -1.477,4.367 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path96" /></g><g
-           id="g98"
-           transform="translate(111.4463,28.833)"><path
-             d="m 0,0 0.075,-1.214 c 0.817,0.952 1.934,1.429 3.352,1.429 1.553,0 2.617,-0.595 3.19,-1.783 0.845,1.188 2.034,1.783 3.567,1.783 1.281,0 2.235,-0.355 2.862,-1.064 0.627,-0.709 0.947,-1.755 0.962,-3.136 v -7.638 h -2.611 v 7.562 c 0,0.738 -0.161,1.279 -0.483,1.623 -0.322,0.343 -0.856,0.515 -1.601,0.515 -0.594,0 -1.079,-0.159 -1.455,-0.477 -0.376,-0.32 -0.639,-0.737 -0.79,-1.252 l 0.011,-7.971 h -2.61 v 7.648 c -0.036,1.369 -0.735,2.052 -2.095,2.052 -1.046,0 -1.787,-0.426 -2.224,-1.278 v -8.422 H -2.46 L -2.46,0 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path100" /></g><g
-           id="g102"
-           transform="translate(135.7129,23.1289)"><path
-             d="m 0,0 c 0,1.16 -0.231,2.08 -0.693,2.761 -0.462,0.68 -1.122,1.02 -1.982,1.02 -1.067,0 -1.833,-0.44 -2.299,-1.321 v -5.156 c 0.473,-0.903 1.246,-1.354 2.321,-1.354 0.83,0 1.48,0.335 1.949,1.004 C -0.235,-2.376 0,-1.36 0,0 m 2.6,-0.226 c 0,-1.797 -0.409,-3.231 -1.225,-4.302 -0.816,-1.071 -1.912,-1.606 -3.287,-1.606 -1.275,0 -2.296,0.419 -3.062,1.257 v -5.511 h -2.61 V 5.704 h 2.406 L -5.07,4.522 c 0.766,0.931 1.808,1.397 3.126,1.397 1.418,0 2.529,-0.528 3.335,-1.584 C 2.197,3.278 2.6,1.812 2.6,-0.064 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path104" /></g><g
-           id="g106"
-           transform="translate(144.5967,19.0898)"><path
-             d="M 0,0 C 0.516,0 1,0.125 1.456,0.376 1.91,0.627 2.252,0.963 2.481,1.386 V 3.577 H 1.074 C 0.107,3.577 -0.62,3.409 -1.106,3.072 -1.594,2.735 -1.837,2.26 -1.837,1.644 c 0,-0.501 0.167,-0.901 0.5,-1.198 C -1.004,0.148 -0.559,0 0,0 m 2.868,-1.88 c -0.115,0.222 -0.215,0.584 -0.301,1.085 -0.831,-0.866 -1.847,-1.3 -3.05,-1.3 -1.168,0 -2.121,0.333 -2.858,0.999 -0.738,0.666 -1.106,1.49 -1.106,2.471 0,1.239 0.46,2.189 1.38,2.853 0.92,0.662 2.236,0.993 3.948,0.993 h 1.6 V 5.983 C 2.481,6.585 2.313,7.066 1.977,7.429 1.64,7.79 1.128,7.971 0.44,7.971 -0.154,7.971 -0.641,7.822 -1.021,7.524 -1.4,7.228 -1.59,6.85 -1.59,6.392 H -4.2 c 0,0.637 0.211,1.233 0.634,1.789 0.422,0.554 0.997,0.989 1.724,1.304 0.726,0.316 1.537,0.473 2.433,0.473 1.36,0 2.445,-0.342 3.255,-1.025 C 4.655,8.248 5.07,7.287 5.092,6.048 V 0.806 c 0,-1.046 0.146,-1.88 0.44,-2.503 V -1.88 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path108" /></g><g
-           id="g110"
-           transform="translate(155.6934,31.6582)"><path
-             d="M 0,0 V -2.825 H 2.052 V -4.759 H 0 v -6.488 c 0,-0.444 0.087,-0.765 0.263,-0.961 0.175,-0.197 0.489,-0.296 0.94,-0.296 0.301,0 0.605,0.036 0.913,0.108 v -2.02 c -0.595,-0.165 -1.167,-0.247 -1.719,-0.247 -2.005,0 -3.007,1.106 -3.007,3.319 v 6.585 h -1.912 v 1.934 h 1.912 l 0,2.825 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path112" /></g><path
-           d="m 162.515,17.21 h -2.61 v 11.623 h 2.61 z m -2.772,14.642 c 0,0.401 0.127,0.734 0.382,0.999 0.253,0.264 0.617,0.397 1.09,0.397 0.472,0 0.838,-0.133 1.096,-0.397 0.257,-0.265 0.386,-0.598 0.386,-0.999 0,-0.394 -0.129,-0.722 -0.386,-0.984 -0.258,-0.261 -0.624,-0.391 -1.096,-0.391 -0.473,0 -0.837,0.13 -1.09,0.391 -0.255,0.262 -0.382,0.59 -0.382,0.984"
-           style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-           id="path114" /><g
-           id="g116"
-           transform="translate(172.9453,23.1289)"><path
-             d="m 0,0 c 0,1.261 -0.222,2.206 -0.666,2.836 -0.444,0.63 -1.089,0.945 -1.934,0.945 -1.131,0 -1.926,-0.494 -2.384,-1.482 v -4.791 c 0.465,-1.01 1.267,-1.515 2.406,-1.515 0.816,0 1.446,0.305 1.891,0.913 0.443,0.609 0.672,1.53 0.687,2.761 z m 2.61,-0.226 c 0,-1.804 -0.402,-3.24 -1.208,-4.307 -0.806,-1.068 -1.914,-1.601 -3.325,-1.601 -1.361,0 -2.421,0.49 -3.18,1.472 l -0.128,-1.257 h -2.364 v 16.5 h 2.611 V 4.587 c 0.752,0.888 1.765,1.332 3.04,1.332 1.418,0 2.531,-0.526 3.34,-1.579 C 2.206,3.287 2.61,1.815 2.61,-0.075 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path118" /></g><path
-           d="m 180.519,17.21 h -2.61 v 16.5 h 2.61 z"
-           style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-           id="path120" /><g
-           id="g122"
-           transform="translate(188.167,26.9531)"><path
-             d="m 0,0 c -0.716,0 -1.295,-0.251 -1.734,-0.752 -0.442,-0.501 -0.722,-1.199 -0.844,-2.095 h 4.974 v 0.194 C 2.338,-1.779 2.105,-1.119 1.697,-0.671 1.289,-0.224 0.724,0 0,0 m 0.312,-9.958 c -1.655,0 -2.996,0.521 -4.023,1.562 -1.028,1.043 -1.542,2.43 -1.542,4.164 v 0.322 c 0,1.16 0.224,2.196 0.671,3.11 0.448,0.912 1.076,1.623 1.886,2.132 0.809,0.509 1.712,0.763 2.707,0.763 1.583,0 2.805,-0.505 3.669,-1.515 0.862,-1.01 1.294,-2.438 1.294,-4.286 v -1.053 h -7.595 c 0.079,-0.96 0.399,-1.719 0.961,-2.277 0.562,-0.559 1.269,-0.838 2.122,-0.838 1.196,0 2.17,0.483 2.922,1.45 L 4.791,-7.767 C 4.325,-8.461 3.704,-9 2.928,-9.384 2.15,-9.767 1.278,-9.958 0.312,-9.958"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path124" /></g><g
-           id="g126"
-           transform="translate(210.6611,25.4385)"><path
-             d="m 0,0 c 0,1.733 -0.327,3.062 -0.983,3.985 -0.655,0.924 -1.584,1.386 -2.788,1.386 -1.174,0 -2.092,-0.46 -2.755,-1.381 -0.662,-0.92 -1,-2.221 -1.015,-3.904 v -0.902 c 0,-1.719 0.335,-3.047 1.005,-3.986 0.669,-0.938 1.599,-1.407 2.787,-1.407 1.203,0 2.129,0.458 2.777,1.375 C -0.324,-3.917 0,-2.578 0,-0.816 Z m 2.718,-0.816 c 0,-1.533 -0.265,-2.877 -0.795,-4.034 -0.53,-1.157 -1.287,-2.045 -2.272,-2.664 -0.985,-0.62 -2.118,-0.929 -3.4,-0.929 -1.268,0 -2.397,0.309 -3.389,0.929 -0.992,0.619 -1.758,1.502 -2.299,2.648 -0.541,1.145 -0.815,2.467 -0.822,3.964 v 0.881 c 0,1.525 0.271,2.872 0.811,4.039 0.541,1.167 1.303,2.06 2.289,2.679 0.984,0.62 2.114,0.93 3.388,0.93 1.275,0 2.405,-0.307 3.389,-0.918 C 0.604,6.096 1.364,5.215 1.901,4.066 2.438,2.916 2.711,1.579 2.718,0.054 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path128" /></g><g
-           id="g130"
-           transform="translate(223.4229,23.1289)"><path
-             d="m 0,0 c 0,1.261 -0.222,2.206 -0.666,2.836 -0.444,0.63 -1.089,0.945 -1.934,0.945 -1.131,0 -1.926,-0.494 -2.384,-1.482 v -4.791 c 0.465,-1.01 1.267,-1.515 2.406,-1.515 0.816,0 1.446,0.305 1.891,0.913 0.444,0.609 0.672,1.53 0.687,2.761 z m 2.61,-0.226 c 0,-1.804 -0.402,-3.24 -1.209,-4.307 -0.804,-1.068 -1.913,-1.601 -3.324,-1.601 -1.36,0 -2.421,0.49 -3.18,1.472 l -0.128,-1.257 h -2.364 v 16.5 h 2.611 V 4.587 c 0.752,0.888 1.765,1.332 3.04,1.332 1.418,0 2.531,-0.526 3.34,-1.579 C 2.206,3.287 2.61,1.815 2.61,-0.075 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path132" /></g><g
-           id="g134"
-           transform="translate(228.1064,31.8516)"><path
-             d="M 0,0 C 0,0.401 0.127,0.734 0.381,0.999 0.636,1.264 0.999,1.396 1.472,1.396 1.944,1.396 2.31,1.264 2.567,0.999 2.825,0.734 2.954,0.401 2.954,0 2.954,-0.394 2.825,-0.722 2.567,-0.983 2.31,-1.244 1.944,-1.375 1.472,-1.375 0.999,-1.375 0.636,-1.244 0.381,-0.983 0.127,-0.722 0,-0.394 0,0 m 2.836,-3.019 v -12.654 c 0,-1.188 -0.295,-2.097 -0.887,-2.723 -0.59,-0.626 -1.455,-0.94 -2.594,-0.94 -0.479,0 -0.941,0.061 -1.385,0.183 v 2.062 c 0.272,-0.064 0.58,-0.096 0.924,-0.096 0.866,0 1.31,0.472 1.332,1.417 v 12.751 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path136" /></g><g
-           id="g138"
-           transform="translate(238.5371,26.9531)"><path
-             d="m 0,0 c -0.716,0 -1.295,-0.251 -1.734,-0.752 -0.442,-0.501 -0.722,-1.199 -0.844,-2.095 h 4.974 v 0.194 C 2.338,-1.779 2.105,-1.119 1.697,-0.671 1.289,-0.224 0.724,0 0,0 m 0.312,-9.958 c -1.655,0 -2.996,0.521 -4.023,1.562 -1.028,1.043 -1.542,2.43 -1.542,4.164 v 0.322 c 0,1.16 0.224,2.196 0.671,3.11 0.448,0.912 1.076,1.623 1.886,2.132 0.809,0.509 1.712,0.763 2.707,0.763 1.583,0 2.805,-0.505 3.669,-1.515 0.862,-1.01 1.294,-2.438 1.294,-4.286 v -1.053 h -7.595 c 0.079,-0.96 0.399,-1.719 0.961,-2.277 0.562,-0.559 1.269,-0.838 2.122,-0.838 1.196,0 2.17,0.483 2.922,1.45 L 4.791,-7.767 C 4.325,-8.461 3.704,-9 2.928,-9.384 2.15,-9.767 1.278,-9.958 0.312,-9.958"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path140" /></g><g
-           id="g142"
-           transform="translate(250.3105,19.0791)"><path
-             d="m 0,0 c 0.651,0 1.192,0.189 1.622,0.569 0.43,0.38 0.659,0.849 0.688,1.408 H 4.77 C 4.741,1.253 4.516,0.578 4.093,-0.049 3.67,-0.675 3.098,-1.171 2.374,-1.536 1.65,-1.901 0.87,-2.084 0.032,-2.084 c -1.626,0 -2.915,0.526 -3.867,1.579 -0.952,1.053 -1.429,2.507 -1.429,4.361 v 0.269 c 0,1.769 0.473,3.186 1.418,4.248 C -2.9,9.438 -1.611,9.969 0.021,9.969 1.403,9.969 2.53,9.566 3.399,8.76 4.271,7.955 4.727,6.896 4.77,5.586 H 2.31 C 2.281,6.252 2.054,6.8 1.628,7.229 1.201,7.659 0.659,7.874 0,7.874 -0.845,7.874 -1.497,7.568 -1.955,6.955 -2.413,6.344 -2.646,5.414 -2.653,4.168 V 3.749 c 0,-1.261 0.227,-2.2 0.681,-2.819 C -1.517,0.31 -0.859,0 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path144" /></g><g
-           id="g146"
-           transform="translate(260.3223,31.6582)"><path
-             d="M 0,0 V -2.825 H 2.052 V -4.759 H 0 v -6.488 c 0,-0.444 0.088,-0.765 0.263,-0.961 0.175,-0.197 0.489,-0.296 0.94,-0.296 0.301,0 0.606,0.036 0.913,0.108 v -2.02 c -0.595,-0.165 -1.167,-0.247 -1.719,-0.247 -2.004,0 -3.007,1.106 -3.007,3.319 v 6.585 h -1.912 v 1.934 h 1.912 l 0,2.825 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path148" /></g><g
-           id="g150"
-           transform="translate(278.2725,21.2383)"><path
-             d="m 0,0 c 0,0.687 -0.241,1.218 -0.726,1.59 -0.482,0.372 -1.354,0.748 -2.615,1.128 -1.261,0.38 -2.263,0.802 -3.008,1.267 -1.424,0.896 -2.137,2.063 -2.137,3.502 0,1.261 0.513,2.299 1.542,3.116 1.027,0.816 2.361,1.224 4.001,1.224 1.089,0 2.058,-0.2 2.911,-0.601 C 0.82,10.824 1.489,10.253 1.977,9.513 2.464,8.771 2.707,7.949 2.707,7.047 H 0 c 0,0.816 -0.256,1.456 -0.769,1.917 -0.511,0.463 -1.244,0.693 -2.196,0.693 -0.888,0 -1.577,-0.189 -2.067,-0.569 -0.491,-0.38 -0.737,-0.909 -0.737,-1.59 0,-0.573 0.265,-1.051 0.795,-1.435 C -4.443,5.681 -3.57,5.309 -2.353,4.946 -1.135,4.585 -0.157,4.173 0.58,3.712 1.317,3.249 1.858,2.72 2.202,2.122 2.546,1.523 2.718,0.823 2.718,0.021 c 0,-1.303 -0.5,-2.339 -1.498,-3.11 -1,-0.769 -2.355,-1.154 -4.067,-1.154 -1.132,0 -2.172,0.209 -3.121,0.629 -0.948,0.418 -1.685,0.997 -2.213,1.734 -0.525,0.737 -0.789,1.597 -0.789,2.578 h 2.718 c 0,-0.887 0.294,-1.575 0.881,-2.062 0.587,-0.488 1.429,-0.731 2.524,-0.731 0.946,0 1.657,0.192 2.133,0.574 C -0.238,-1.137 0,-0.63 0,0"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path152" /></g><g
-           id="g154"
-           transform="translate(286.3936,31.6582)"><path
-             d="M 0,0 V -2.825 H 2.052 V -4.759 H 0 v -6.488 c 0,-0.444 0.088,-0.765 0.263,-0.961 0.175,-0.197 0.489,-0.296 0.94,-0.296 0.301,0 0.606,0.036 0.913,0.108 v -2.02 c -0.595,-0.165 -1.167,-0.247 -1.719,-0.247 -2.004,0 -3.007,1.106 -3.007,3.319 v 6.585 h -1.912 v 1.934 h 1.912 l 0,2.825 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path156" /></g><g
-           id="g158"
-           transform="translate(292.5596,22.9033)"><path
-             d="m 0,0 c 0,-1.196 0.247,-2.133 0.741,-2.809 0.494,-0.677 1.182,-1.015 2.063,-1.015 0.881,0 1.566,0.344 2.057,1.031 C 5.352,-2.105 5.597,-1.1 5.597,0.226 5.597,1.4 5.344,2.331 4.84,3.019 4.334,3.706 3.648,4.05 2.782,4.05 1.93,4.05 1.253,3.711 0.752,3.035 0.251,2.357 0,1.347 0,0 m -2.61,0.226 c 0,1.138 0.225,2.165 0.676,3.077 0.452,0.914 1.085,1.615 1.902,2.105 0.816,0.491 1.755,0.737 2.814,0.737 1.569,0 2.841,-0.505 3.82,-1.515 C 7.578,3.62 8.106,2.281 8.186,0.612 L 8.196,0 c 0,-1.146 -0.219,-2.17 -0.661,-3.072 -0.439,-0.903 -1.07,-1.601 -1.89,-2.095 -0.82,-0.494 -1.767,-0.741 -2.841,-0.741 -1.64,0 -2.952,0.546 -3.937,1.638 -0.985,1.092 -1.477,2.547 -1.477,4.367 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path160" /></g><g
-           id="g162"
-           transform="translate(309.0488,26.4482)"><path
-             d="m 0,0 c -0.344,0.058 -0.698,0.086 -1.063,0.086 -1.197,0 -2.002,-0.458 -2.417,-1.375 V -9.238 H -6.091 V 2.385 h 2.492 l 0.065,-1.3 c 0.63,1.01 1.504,1.515 2.621,1.515 0.372,0 0.681,-0.05 0.924,-0.151 z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path164" /></g><g
-           id="g166"
-           transform="translate(314.7744,19.0898)"><path
-             d="M 0,0 C 0.516,0 1.001,0.125 1.455,0.376 1.91,0.627 2.252,0.963 2.481,1.386 V 3.577 H 1.074 C 0.107,3.577 -0.619,3.409 -1.106,3.072 -1.594,2.735 -1.837,2.26 -1.837,1.644 -1.837,1.143 -1.67,0.743 -1.338,0.446 -1.004,0.148 -0.559,0 0,0 m 2.868,-1.88 c -0.114,0.222 -0.215,0.584 -0.301,1.085 -0.831,-0.866 -1.847,-1.3 -3.05,-1.3 -1.167,0 -2.121,0.333 -2.858,0.999 -0.737,0.666 -1.106,1.49 -1.106,2.471 0,1.239 0.46,2.189 1.381,2.853 0.92,0.662 2.235,0.993 3.947,0.993 h 1.6 V 5.983 C 2.481,6.585 2.313,7.066 1.977,7.429 1.64,7.79 1.128,7.971 0.44,7.971 -0.154,7.971 -0.641,7.822 -1.021,7.524 -1.4,7.228 -1.59,6.85 -1.59,6.392 H -4.2 c 0,0.637 0.211,1.233 0.634,1.789 0.422,0.554 0.997,0.989 1.724,1.304 0.727,0.316 1.537,0.473 2.433,0.473 1.36,0 2.445,-0.342 3.255,-1.025 C 4.655,8.248 5.07,7.287 5.092,6.048 V 0.806 c 0,-1.046 0.146,-1.88 0.44,-2.503 V -1.88 Z"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path168" /></g><g
-           id="g170"
-           transform="translate(324.7432,22.8818)"><path
-             d="M 0,0 C 0,-1.167 0.238,-2.086 0.715,-2.756 1.19,-3.425 1.852,-3.76 2.696,-3.76 c 1.053,0 1.833,0.451 2.342,1.354 V 2.707 C 4.544,3.588 3.771,4.028 2.718,4.028 1.858,4.028 1.19,3.688 0.715,3.008 0.238,2.327 0,1.325 0,0 m -2.6,0.226 c 0,1.804 0.424,3.246 1.274,4.323 0.847,1.078 1.974,1.617 3.378,1.617 1.325,0 2.367,-0.462 3.126,-1.386 L 5.296,5.951 H 7.648 V -5.317 c 0,-1.526 -0.474,-2.729 -1.423,-3.61 -0.949,-0.881 -2.229,-1.321 -3.84,-1.321 -0.853,0 -1.685,0.178 -2.498,0.531 -0.813,0.356 -1.43,0.819 -1.853,1.392 l 1.236,1.568 c 0.801,-0.952 1.79,-1.429 2.964,-1.429 0.867,0 1.551,0.235 2.052,0.704 0.501,0.469 0.752,1.159 0.752,2.068 V -4.63 C 4.286,-5.468 3.283,-5.887 2.03,-5.887 c -1.36,0 -2.472,0.541 -3.335,1.622 -0.863,1.081 -1.295,2.578 -1.295,4.491"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path172" /></g><g
-           id="g174"
-           transform="translate(339.8789,26.9531)"><path
-             d="m 0,0 c -0.716,0 -1.295,-0.251 -1.734,-0.752 -0.442,-0.501 -0.722,-1.199 -0.844,-2.095 h 4.974 v 0.194 C 2.338,-1.779 2.105,-1.119 1.697,-0.671 1.289,-0.224 0.724,0 0,0 m 0.312,-9.958 c -1.655,0 -2.996,0.521 -4.023,1.562 -1.028,1.043 -1.542,2.43 -1.542,4.164 v 0.322 c 0,1.16 0.224,2.196 0.671,3.11 0.448,0.912 1.076,1.623 1.886,2.132 0.809,0.509 1.712,0.763 2.707,0.763 1.583,0 2.805,-0.505 3.669,-1.515 0.862,-1.01 1.294,-2.438 1.294,-4.286 v -1.053 h -7.595 c 0.079,-0.96 0.399,-1.719 0.961,-2.277 0.562,-0.559 1.269,-0.838 2.122,-0.838 1.196,0 2.17,0.483 2.922,1.45 L 4.791,-7.767 C 4.325,-8.461 3.704,-9 2.928,-9.384 2.15,-9.767 1.278,-9.958 0.312,-9.958"
-             style="fill:#0b73b8;fill-opacity:1;fill-rule:nonzero;stroke:none"
-             id="path176" /></g></g></g></g></svg>
diff --git a/fs/accounting/accounting.go b/fs/accounting/accounting.go
index a019232fb27e8..29681b604dc42 100644
--- a/fs/accounting/accounting.go
+++ b/fs/accounting/accounting.go
@@ -272,10 +272,10 @@ func (acc *Account) checkReadAfter(bytesUntilLimit int64, n int, err error) (out
 	return n, err
 }
 
-// ServerSideCopyStart should be called at the start of a server-side copy
+// ServerSideTransferStart should be called at the start of a server-side transfer
 //
 // This pretends a transfer has started
-func (acc *Account) ServerSideCopyStart() {
+func (acc *Account) ServerSideTransferStart() {
 	acc.values.mu.Lock()
 	// Set start time.
 	if acc.values.start.IsZero() {
@@ -284,8 +284,9 @@ func (acc *Account) ServerSideCopyStart() {
 	acc.values.mu.Unlock()
 }
 
-// ServerSideCopyEnd accounts for a read of n bytes in a sever side copy
-func (acc *Account) ServerSideCopyEnd(n int64) {
+// ServerSideTransferEnd accounts for a read of n bytes in a sever
+// side transfer to be treated as a normal transfer.
+func (acc *Account) ServerSideTransferEnd(n int64) {
 	// Update Stats
 	acc.values.mu.Lock()
 	acc.values.bytes += n
@@ -294,10 +295,20 @@ func (acc *Account) ServerSideCopyEnd(n int64) {
 	acc.stats.Bytes(n)
 }
 
+// ServerSideCopyEnd accounts for a read of n bytes in a sever side copy
+func (acc *Account) ServerSideCopyEnd(n int64) {
+	acc.stats.AddServerSideCopy(n)
+}
+
+// ServerSideMoveEnd accounts for a read of n bytes in a sever side move
+func (acc *Account) ServerSideMoveEnd(n int64) {
+	acc.stats.AddServerSideMove(n)
+}
+
 // DryRun accounts for statistics without running the operation
 func (acc *Account) DryRun(n int64) {
-	acc.ServerSideCopyStart()
-	acc.ServerSideCopyEnd(n)
+	acc.ServerSideTransferStart()
+	acc.ServerSideTransferEnd(n)
 }
 
 // Account for n bytes from the current file bandwidth limit (if any)
@@ -621,3 +632,15 @@ func UnWrap(in io.Reader) (unwrapped io.Reader, wrap WrapFn) {
 	}
 	return acc.OldStream(), acc.WrapStream
 }
+
+// UnWrapAccounting unwraps a reader returning unwrapped and acc a
+// pointer to the accounting.
+//
+// The caller is expected to manage the accounting at this point.
+func UnWrapAccounting(in io.Reader) (unwrapped io.Reader, acc *Account) {
+	a, ok := in.(*accountStream)
+	if !ok {
+		return in, nil
+	}
+	return a.in, a.acc
+}
diff --git a/fs/accounting/accounting_unix.go b/fs/accounting/accounting_unix.go
index ec79ce54492cf..761466a555cc5 100644
--- a/fs/accounting/accounting_unix.go
+++ b/fs/accounting/accounting_unix.go
@@ -23,15 +23,26 @@ func (tb *tokenBucket) startSignalHandler() {
 		// This runs forever, but blocks until the signal is received.
 		for {
 			<-signals
-			tb.mu.Lock()
-			tb.toggledOff = !tb.toggledOff
-			tb.curr, tb.prev = tb.prev, tb.curr
-			s := "disabled"
-			if !tb.curr._isOff() {
-				s = "enabled"
-			}
-			tb.mu.Unlock()
-			fs.Logf(nil, "Bandwidth limit %s by user", s)
+
+			func() {
+				tb.mu.Lock()
+				defer tb.mu.Unlock()
+
+				// if there's no bandwidth limit configured now, do nothing
+				if !tb.currLimit.Bandwidth.IsSet() {
+					fs.Debugf(nil, "SIGUSR2 received but no bandwidth limit configured right now, ignoring")
+					return
+				}
+
+				tb.toggledOff = !tb.toggledOff
+				tb.curr, tb.prev = tb.prev, tb.curr
+				s := "disabled"
+				if !tb.curr._isOff() {
+					s = "enabled"
+				}
+
+				fs.Logf(nil, "Bandwidth limit %s by user", s)
+			}()
 		}
 	}()
 }
diff --git a/fs/accounting/stats.go b/fs/accounting/stats.go
index 358cf4a6f77ee..24c9bcda1c00e 100644
--- a/fs/accounting/stats.go
+++ b/fs/accounting/stats.go
@@ -28,36 +28,40 @@ var MaxCompletedTransfers = 100
 // N.B.: if this struct is modified, please remember to also update sum() function in stats_groups
 // to correctly count the updated fields
 type StatsInfo struct {
-	mu                sync.RWMutex
-	ctx               context.Context
-	ci                *fs.ConfigInfo
-	bytes             int64
-	errors            int64
-	lastError         error
-	fatalError        bool
-	retryError        bool
-	retryAfter        time.Time
-	checks            int64
-	checking          *transferMap
-	checkQueue        int
-	checkQueueSize    int64
-	transfers         int64
-	transferring      *transferMap
-	transferQueue     int
-	transferQueueSize int64
-	renames           int64
-	renameQueue       int
-	renameQueueSize   int64
-	deletes           int64
-	deletesSize       int64
-	deletedDirs       int64
-	inProgress        *inProgress
-	startedTransfers  []*Transfer   // currently active transfers
-	oldTimeRanges     timeRanges    // a merged list of time ranges for the transfers
-	oldDuration       time.Duration // duration of transfers we have culled
-	group             string
-	startTime         time.Time // the moment these stats were initialized or reset
-	average           averageValues
+	mu                  sync.RWMutex
+	ctx                 context.Context
+	ci                  *fs.ConfigInfo
+	bytes               int64
+	errors              int64
+	lastError           error
+	fatalError          bool
+	retryError          bool
+	retryAfter          time.Time
+	checks              int64
+	checking            *transferMap
+	checkQueue          int
+	checkQueueSize      int64
+	transfers           int64
+	transferring        *transferMap
+	transferQueue       int
+	transferQueueSize   int64
+	renames             int64
+	renameQueue         int
+	renameQueueSize     int64
+	deletes             int64
+	deletesSize         int64
+	deletedDirs         int64
+	inProgress          *inProgress
+	startedTransfers    []*Transfer   // currently active transfers
+	oldTimeRanges       timeRanges    // a merged list of time ranges for the transfers
+	oldDuration         time.Duration // duration of transfers we have culled
+	group               string
+	startTime           time.Time // the moment these stats were initialized or reset
+	average             averageValues
+	serverSideCopies    int64
+	serverSideCopyBytes int64
+	serverSideMoves     int64
+	serverSideMoveBytes int64
 }
 
 type averageValues struct {
@@ -110,6 +114,10 @@ func (s *StatsInfo) RemoteStats() (out rc.Params, err error) {
 	out["deletedDirs"] = s.deletedDirs
 	out["renames"] = s.renames
 	out["elapsedTime"] = time.Since(s.startTime).Seconds()
+	out["serverSideCopies"] = s.serverSideCopies
+	out["serverSideCopyBytes"] = s.serverSideCopyBytes
+	out["serverSideMoves"] = s.serverSideMoves
+	out["serverSideMoveBytes"] = s.serverSideMoveBytes
 	eta, etaOK := eta(s.bytes, ts.totalBytes, ts.speed)
 	if etaOK {
 		out["eta"] = eta.Seconds()
@@ -135,13 +143,7 @@ func (s *StatsInfo) RemoteStats() (out rc.Params, err error) {
 //
 // Call with lock held
 func (s *StatsInfo) speed() float64 {
-	dt := s.totalDuration()
-	dtSeconds := dt.Seconds()
-	speed := 0.0
-	if dt > 0 {
-		speed = float64(s.bytes) / dtSeconds
-	}
-	return speed
+	return s.average.speed
 }
 
 // timeRange is a start and end time of a transfer
@@ -311,6 +313,8 @@ func (s *StatsInfo) calculateTransferStats() (ts transferStats) {
 	// we take it off here to avoid double counting
 	ts.totalBytes = s.transferQueueSize + s.bytes + transferringBytesTotal - transferringBytesDone
 	ts.speed = s.average.speed
+	dt := s.totalDuration()
+	ts.transferTime = dt.Seconds()
 
 	return ts
 }
@@ -455,6 +459,16 @@ func (s *StatsInfo) String() string {
 			_, _ = fmt.Fprintf(buf, "Transferred:   %10d / %d, %s\n",
 				s.transfers, ts.totalTransfers, percent(s.transfers, ts.totalTransfers))
 		}
+		if s.serverSideCopies != 0 || s.serverSideCopyBytes != 0 {
+			_, _ = fmt.Fprintf(buf, "Server Side Copies:%6d @ %s\n",
+				s.serverSideCopies, fs.SizeSuffix(s.serverSideCopyBytes).ByteUnit(),
+			)
+		}
+		if s.serverSideMoves != 0 || s.serverSideMoveBytes != 0 {
+			_, _ = fmt.Fprintf(buf, "Server Side Moves:%7d @ %s\n",
+				s.serverSideMoves, fs.SizeSuffix(s.serverSideMoveBytes).ByteUnit(),
+			)
+		}
 		_, _ = fmt.Fprintf(buf, "Elapsed time:  %10ss\n", strings.TrimRight(fs.Duration(elapsedTime.Truncate(time.Minute)).ReadableString(), "0s")+fmt.Sprintf("%.1f", elapsedTimeSecondsOnly.Seconds()))
 	}
 
@@ -765,7 +779,7 @@ func (s *StatsInfo) DoneTransferring(remote string, ok bool) {
 		s.transfers++
 		s.mu.Unlock()
 	}
-	if s.transferring.empty() {
+	if s.transferring.empty() && s.checking.empty() {
 		time.AfterFunc(averageStopAfter, s.stopAverageLoop)
 	}
 }
@@ -862,3 +876,19 @@ func (s *StatsInfo) PruneTransfers() {
 	}
 	s.mu.Unlock()
 }
+
+// AddServerSideMove counts a server side move
+func (s *StatsInfo) AddServerSideMove(n int64) {
+	s.mu.Lock()
+	s.serverSideMoves += 1
+	s.serverSideMoveBytes += n
+	s.mu.Unlock()
+}
+
+// AddServerSideCopy counts a server side copy
+func (s *StatsInfo) AddServerSideCopy(n int64) {
+	s.mu.Lock()
+	s.serverSideCopies += 1
+	s.serverSideCopyBytes += n
+	s.mu.Unlock()
+}
diff --git a/fs/accounting/stats_groups.go b/fs/accounting/stats_groups.go
index 7906df99842f4..eaa3d2a2f0dfe 100644
--- a/fs/accounting/stats_groups.go
+++ b/fs/accounting/stats_groups.go
@@ -97,6 +97,10 @@ Returns the following values:
 	"lastError": last error string,
 	"renames" : number of files renamed,
 	"retryError": boolean showing whether there has been at least one non-NoRetryError,
+        "serverSideCopies": number of server side copies done,
+        "serverSideCopyBytes": number bytes server side copied,
+        "serverSideMoves": number of server side moves done,
+        "serverSideMoveBytes": number bytes server side moved,
 	"speed": average speed in bytes per second since start of the group,
 	"totalBytes": total number of bytes in the group,
 	"totalChecks": total number of checks in the group,
diff --git a/fs/accounting/stats_test.go b/fs/accounting/stats_test.go
index 58e8150bdb765..773311824aec0 100644
--- a/fs/accounting/stats_test.go
+++ b/fs/accounting/stats_test.go
@@ -251,6 +251,28 @@ func TestStatsTotalDuration(t *testing.T) {
 	})
 }
 
+func TestRemoteStats(t *testing.T) {
+	ctx := context.Background()
+	startTime := time.Now()
+	time1 := startTime.Add(-40 * time.Second)
+	time2 := time1.Add(10 * time.Second)
+
+	t.Run("Single completed transfer", func(t *testing.T) {
+		s := NewStats(ctx)
+		tr1 := &Transfer{
+			startedAt:   time1,
+			completedAt: time2,
+		}
+		s.AddTransfer(tr1)
+		time.Sleep(time.Millisecond)
+		rs, err := s.RemoteStats()
+
+		require.NoError(t, err)
+		assert.Equal(t, float64(10), rs["transferTime"])
+		assert.Greater(t, rs["elapsedTime"], float64(0))
+	})
+}
+
 // make time ranges from string description for testing
 func makeTimeRanges(t *testing.T, in []string) timeRanges {
 	trs := make(timeRanges, len(in))
diff --git a/fs/accounting/token_bucket.go b/fs/accounting/token_bucket.go
index c875c568fddeb..29204b5eb9b6a 100644
--- a/fs/accounting/token_bucket.go
+++ b/fs/accounting/token_bucket.go
@@ -30,12 +30,11 @@ type buckets [TokenBucketSlots]*rate.Limiter
 
 // tokenBucket holds info about the rate limiters in use
 type tokenBucket struct {
-	mu          sync.RWMutex // protects the token bucket variables
-	curr        buckets
-	prev        buckets
-	toggledOff  bool
-	currLimitMu sync.Mutex // protects changes to the timeslot
-	currLimit   fs.BwTimeSlot
+	mu         sync.RWMutex // protects the token bucket variables
+	curr       buckets
+	prev       buckets
+	toggledOff bool
+	currLimit  fs.BwTimeSlot
 }
 
 // Return true if limit is disabled
@@ -106,11 +105,11 @@ func (tb *tokenBucket) StartTokenBucket(ctx context.Context) {
 	if tb.currLimit.Bandwidth.IsSet() {
 		tb.curr = newTokenBucket(tb.currLimit.Bandwidth)
 		fs.Infof(nil, "Starting bandwidth limiter at %v Byte/s", &tb.currLimit.Bandwidth)
-
-		// Start the SIGUSR2 signal handler to toggle bandwidth.
-		// This function does nothing in windows systems.
-		tb.startSignalHandler()
 	}
+
+	// Start the SIGUSR2 signal handler to toggle bandwidth.
+	// This function does nothing in windows systems.
+	tb.startSignalHandler()
 }
 
 // StartTokenTicker creates a ticker to update the bandwidth limiter every minute.
@@ -126,11 +125,9 @@ func (tb *tokenBucket) StartTokenTicker(ctx context.Context) {
 	go func() {
 		for range ticker.C {
 			limitNow := ci.BwLimit.LimitAt(time.Now())
-			tb.currLimitMu.Lock()
+			tb.mu.Lock()
 
 			if tb.currLimit.Bandwidth != limitNow.Bandwidth {
-				tb.mu.Lock()
-
 				// If bwlimit is toggled off, the change should only
 				// become active on the next toggle, which causes
 				// an exchange of tb.curr <-> tb.prev
@@ -156,9 +153,9 @@ func (tb *tokenBucket) StartTokenTicker(ctx context.Context) {
 				}
 
 				tb.currLimit = limitNow
-				tb.mu.Unlock()
 			}
-			tb.currLimitMu.Unlock()
+
+			tb.mu.Unlock()
 		}
 	}()
 }
diff --git a/fs/accounting/transfer.go b/fs/accounting/transfer.go
index c5b9862aa3f22..d4515e201f049 100644
--- a/fs/accounting/transfer.go
+++ b/fs/accounting/transfer.go
@@ -192,7 +192,7 @@ func (tr *Transfer) Snapshot() TransferSnapshot {
 // rcStats returns stats for the transfer suitable for the rc
 func (tr *Transfer) rcStats() rc.Params {
 	return rc.Params{
-		"name": tr.remote, // no locking needed to access thess
+		"name": tr.remote, // no locking needed to access this
 		"size": tr.size,
 	}
 }
diff --git a/fs/backend_config.go b/fs/backend_config.go
index 1e188a0ac1300..a65239834977c 100644
--- a/fs/backend_config.go
+++ b/fs/backend_config.go
@@ -376,7 +376,7 @@ func configAll(ctx context.Context, name string, m configmap.Mapper, ri *RegInfo
 	//
 	//     *all-ACTION,NUMBER,ADVANCED
 	//
-	// Where NUMBER is the curent state, ADVANCED is a flag true or false
+	// Where NUMBER is the current state, ADVANCED is a flag true or false
 	// to say whether we are asking about advanced config and
 	// ACTION is what the state should be doing next.
 	stateParams, state := StatePop(in.State)
diff --git a/fs/bits.go b/fs/bits.go
new file mode 100644
index 0000000000000..79c1b2887793a
--- /dev/null
+++ b/fs/bits.go
@@ -0,0 +1,153 @@
+package fs
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// Bits is an option which can be any combination of the Choices.
+//
+// Suggested implementation is something like this:
+//
+//	type bits = Bits[bitsChoices]
+//
+//	const (
+//		bitA bits = 1 << iota
+//		bitB
+//		bitC
+//	)
+//
+//	type bitsChoices struct{}
+//
+//	func (bitsChoices) Choices() []BitsChoicesInfo {
+//		return []BitsChoicesInfo{
+//			{Bit: uint64(0), Name: "OFF"}, // Optional Off value - "" if not defined
+//			{Bit: uint64(bitA), Name: "A"},
+//			{Bit: uint64(bitB), Name: "B"},
+//			{Bit: uint64(bitC), Name: "C"},
+//		}
+//	}
+type Bits[C BitsChoices] uint64
+
+// BitsChoicesInfo should be returned from the Choices method
+type BitsChoicesInfo struct {
+	Bit  uint64
+	Name string
+}
+
+// BitsChoices returns the valid choices for this type.
+//
+// It must work on the zero value.
+//
+// Note that when using this in an Option the ExampleBitsChoices will be
+// filled in automatically.
+type BitsChoices interface {
+	// Choices returns the valid choices for each bit of this type
+	Choices() []BitsChoicesInfo
+}
+
+// String turns a Bits into a string
+func (b Bits[C]) String() string {
+	var out []string
+	choices := b.Choices()
+	// Return an off value if set
+	if b == 0 {
+		for _, info := range choices {
+			if info.Bit == 0 {
+				return info.Name
+			}
+		}
+	}
+	for _, info := range choices {
+		if info.Bit == 0 {
+			continue
+		}
+		if b&Bits[C](info.Bit) != 0 {
+			out = append(out, info.Name)
+			b &^= Bits[C](info.Bit)
+		}
+	}
+	if b != 0 {
+		out = append(out, fmt.Sprintf("Unknown-0x%X", int(b)))
+	}
+	return strings.Join(out, ",")
+}
+
+// Help returns a comma separated list of all possible bits.
+func (b Bits[C]) Help() string {
+	var out []string
+	for _, info := range b.Choices() {
+		out = append(out, info.Name)
+	}
+	return strings.Join(out, ", ")
+}
+
+// Choices returns the possible values of the Bits.
+func (b Bits[C]) Choices() []BitsChoicesInfo {
+	var c C
+	return c.Choices()
+}
+
+// Set a Bits as a comma separated list of flags
+func (b *Bits[C]) Set(s string) error {
+	var flags Bits[C]
+	parts := strings.Split(s, ",")
+	choices := b.Choices()
+	for _, part := range parts {
+		found := false
+		part = strings.TrimSpace(part)
+		if part == "" {
+			continue
+		}
+		for _, info := range choices {
+			if strings.EqualFold(info.Name, part) {
+				found = true
+				flags |= Bits[C](info.Bit)
+			}
+		}
+		if !found {
+			return fmt.Errorf("invalid choice %q from: %s", part, b.Help())
+		}
+	}
+	*b = flags
+	return nil
+}
+
+// IsSet returns true all the bits in mask are set in b.
+func (b Bits[C]) IsSet(mask Bits[C]) bool {
+	return (b & mask) == mask
+}
+
+// Type of the value.
+//
+// If C has a Type() string method then it will be used instead.
+func (b Bits[C]) Type() string {
+	var c C
+	if do, ok := any(c).(typer); ok {
+		return do.Type()
+	}
+	return "Bits"
+}
+
+// Scan implements the fmt.Scanner interface
+func (b *Bits[C]) Scan(s fmt.ScanState, ch rune) error {
+	token, err := s.Token(true, nil)
+	if err != nil {
+		return err
+	}
+	return b.Set(string(token))
+}
+
+// UnmarshalJSON makes sure the value can be parsed as a string or integer in JSON
+func (b *Bits[C]) UnmarshalJSON(in []byte) error {
+	return UnmarshalJSONFlag(in, b, func(i int64) error {
+		*b = (Bits[C])(i)
+		return nil
+	})
+}
+
+// MarshalJSON encodes it as string
+func (b *Bits[C]) MarshalJSON() ([]byte, error) {
+	return json.Marshal(b.String())
+}
diff --git a/fs/bits_test.go b/fs/bits_test.go
new file mode 100644
index 0000000000000..4ab1585a0f113
--- /dev/null
+++ b/fs/bits_test.go
@@ -0,0 +1,151 @@
+package fs
+
+import (
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type bits = Bits[bitsChoices]
+
+const (
+	bitA bits = 1 << iota
+	bitB
+	bitC
+)
+
+type bitsChoices struct{}
+
+func (bitsChoices) Choices() []BitsChoicesInfo {
+	return []BitsChoicesInfo{
+		{uint64(0), "OFF"},
+		{uint64(bitA), "A"},
+		{uint64(bitB), "B"},
+		{uint64(bitC), "C"},
+	}
+}
+
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*bits)(nil)
+	_ flaggerNP = bits(0)
+)
+
+func TestBitsString(t *testing.T) {
+	assert.Equal(t, "OFF", bits(0).String())
+	assert.Equal(t, "A", (bitA).String())
+	assert.Equal(t, "A,B", (bitA | bitB).String())
+	assert.Equal(t, "A,B,C", (bitA | bitB | bitC).String())
+	assert.Equal(t, "A,Unknown-0x8000", (bitA | bits(0x8000)).String())
+}
+
+func TestBitsHelp(t *testing.T) {
+	assert.Equal(t, "OFF, A, B, C", bits(0).Help())
+}
+
+func TestBitsSet(t *testing.T) {
+	for _, test := range []struct {
+		in      string
+		want    bits
+		wantErr string
+	}{
+		{"", bits(0), ""},
+		{"B", bitB, ""},
+		{"B,A", bitB | bitA, ""},
+		{"a,b,C", bitA | bitB | bitC, ""},
+		{"A,B,unknown,E", 0, `invalid choice "unknown" from: OFF, A, B, C`},
+	} {
+		f := bits(0xffffffffffffffff)
+		initial := f
+		err := f.Set(test.in)
+		if err != nil {
+			if test.wantErr == "" {
+				t.Errorf("Got an error when not expecting one on %q: %v", test.in, err)
+			} else {
+				assert.Contains(t, err.Error(), test.wantErr)
+			}
+			assert.Equal(t, initial, f, test.want)
+		} else {
+			if test.wantErr != "" {
+				t.Errorf("Got no error when expecting one on %q", test.in)
+			} else {
+				assert.Equal(t, test.want, f)
+			}
+		}
+
+	}
+}
+
+func TestBitsIsSet(t *testing.T) {
+	b := bitA | bitB
+	assert.True(t, b.IsSet(bitA))
+	assert.True(t, b.IsSet(bitB))
+	assert.True(t, b.IsSet(bitA|bitB))
+	assert.False(t, b.IsSet(bitC))
+	assert.False(t, b.IsSet(bitA|bitC))
+}
+
+func TestBitsType(t *testing.T) {
+	f := bits(0)
+	assert.Equal(t, "Bits", f.Type())
+}
+
+func TestBitsScan(t *testing.T) {
+	var v bits
+	n, err := fmt.Sscan(" C,B ", &v)
+	require.NoError(t, err)
+	assert.Equal(t, 1, n)
+	assert.Equal(t, bitC|bitB, v)
+}
+
+func TestBitsUnmarshallJSON(t *testing.T) {
+	for _, test := range []struct {
+		in      string
+		want    bits
+		wantErr string
+	}{
+		{`""`, bits(0), ""},
+		{`"B"`, bitB, ""},
+		{`"B,A"`, bitB | bitA, ""},
+		{`"A,B,C"`, bitA | bitB | bitC, ""},
+		{`"A,B,unknown,E"`, 0, `invalid choice "unknown" from: OFF, A, B, C`},
+		{`0`, bits(0), ""},
+		{strconv.Itoa(int(bitB)), bitB, ""},
+		{strconv.Itoa(int(bitB | bitA)), bitB | bitA, ""},
+	} {
+		f := bits(0xffffffffffffffff)
+		initial := f
+		err := json.Unmarshal([]byte(test.in), &f)
+		if err != nil {
+			if test.wantErr == "" {
+				t.Errorf("Got an error when not expecting one on %q: %v", test.in, err)
+			} else {
+				assert.Contains(t, err.Error(), test.wantErr)
+			}
+			assert.Equal(t, initial, f, test.want)
+		} else {
+			if test.wantErr != "" {
+				t.Errorf("Got no error when expecting one on %q", test.in)
+			} else {
+				assert.Equal(t, test.want, f)
+			}
+		}
+	}
+}
+func TestBitsMarshalJSON(t *testing.T) {
+	for _, test := range []struct {
+		in   bits
+		want string
+	}{
+		{bitA | bitC, `"A,C"`},
+		{0, `"OFF"`},
+	} {
+		got, err := json.Marshal(&test.in)
+		require.NoError(t, err)
+		assert.Equal(t, test.want, string(got), fmt.Sprintf("%#v", test.in))
+	}
+}
diff --git a/fs/bwtimetable_test.go b/fs/bwtimetable_test.go
index 2e3f677f6a863..e51400cabbea3 100644
--- a/fs/bwtimetable_test.go
+++ b/fs/bwtimetable_test.go
@@ -9,8 +9,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*BwTimetable)(nil)
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*BwTimetable)(nil)
+	_ flaggerNP = BwTimetable{}
+)
 
 func TestBwTimetableSet(t *testing.T) {
 	for _, test := range []struct {
diff --git a/fs/cache/cache.go b/fs/cache/cache.go
index 4e2c4638e9924..c5eab3e39af7f 100644
--- a/fs/cache/cache.go
+++ b/fs/cache/cache.go
@@ -120,6 +120,14 @@ func Unpin(f fs.Fs) {
 	c.Unpin(fs.ConfigString(f))
 }
 
+// To avoid circular dependencies these are filled in by fs/rc/jobs/job.go
+var (
+	// JobGetJobID for internal use only
+	JobGetJobID func(context.Context) (int64, bool)
+	// JobOnFinish for internal use only
+	JobOnFinish func(int64, func()) (func(), error)
+)
+
 // Get gets an fs.Fs named fsString either from the cache or creates it afresh
 func Get(ctx context.Context, fsString string) (f fs.Fs, err error) {
 	// If we are making a long lived backend which lives longer
@@ -129,7 +137,22 @@ func Get(ctx context.Context, fsString string) (f fs.Fs, err error) {
 	newCtx := context.Background()
 	newCtx = fs.CopyConfig(newCtx, ctx)
 	newCtx = filter.CopyConfig(newCtx, ctx)
-	return GetFn(newCtx, fsString, fs.NewFs)
+	f, err = GetFn(newCtx, fsString, fs.NewFs)
+	if f == nil || (err != nil && err != fs.ErrorIsFile) {
+		return f, err
+	}
+	// If this is part of an rc job then pin the backend until it finishes
+	if JobOnFinish != nil && JobGetJobID != nil {
+		if jobID, ok := JobGetJobID(ctx); ok {
+			// fs.Debugf(f, "Pin for job %d", jobID)
+			Pin(f)
+			_, _ = JobOnFinish(jobID, func() {
+				// fs.Debugf(f, "Unpin for job %d", jobID)
+				Unpin(f)
+			})
+		}
+	}
+	return f, err
 }
 
 // GetArr gets []fs.Fs from []fsStrings either from the cache or creates it afresh
diff --git a/fs/cache/cache_test.go b/fs/cache/cache_test.go
index f4e5eb9c26809..210fcddbfde91 100644
--- a/fs/cache/cache_test.go
+++ b/fs/cache/cache_test.go
@@ -23,9 +23,11 @@ func mockNewFs(t *testing.T) func(ctx context.Context, path string) (fs.Fs, erro
 		called++
 		switch path {
 		case "mock:/":
-			return mockfs.NewFs(ctx, "mock", "/"), nil
+			return mockfs.NewFs(ctx, "mock", "/", nil)
 		case "mock:/file.txt", "mock:file.txt":
-			return mockfs.NewFs(ctx, "mock", "/"), fs.ErrorIsFile
+			fMock, err := mockfs.NewFs(ctx, "mock", "/", nil)
+			require.NoError(t, err)
+			return fMock, fs.ErrorIsFile
 		case "mock:/error":
 			return nil, errSentinel
 		}
@@ -117,7 +119,8 @@ func TestGetError(t *testing.T) {
 func TestPut(t *testing.T) {
 	create := mockNewFs(t)
 
-	f := mockfs.NewFs(context.Background(), "mock", "/alien")
+	f, err := mockfs.NewFs(context.Background(), "mock", "/alien", nil)
+	require.NoError(t, err)
 
 	assert.Equal(t, 0, Entries())
 
@@ -147,7 +150,8 @@ func TestPin(t *testing.T) {
 	create := mockNewFs(t)
 
 	// Test pinning and unpinning nonexistent
-	f := mockfs.NewFs(context.Background(), "mock", "/alien")
+	f, err := mockfs.NewFs(context.Background(), "mock", "/alien", nil)
+	require.NoError(t, err)
 	Pin(f)
 	Unpin(f)
 
diff --git a/fs/config.go b/fs/config.go
index 4049b6ea4bc5c..d405f55bb7ea6 100644
--- a/fs/config.go
+++ b/fs/config.go
@@ -51,99 +51,105 @@ var (
 
 // ConfigInfo is filesystem config options
 type ConfigInfo struct {
-	LogLevel                LogLevel
-	StatsLogLevel           LogLevel
-	UseJSONLog              bool
-	DryRun                  bool
-	Interactive             bool
-	CheckSum                bool
-	SizeOnly                bool
-	IgnoreTimes             bool
-	IgnoreExisting          bool
-	IgnoreErrors            bool
-	ModifyWindow            time.Duration
-	Checkers                int
-	Transfers               int
-	ConnectTimeout          time.Duration // Connect timeout
-	Timeout                 time.Duration // Data channel timeout
-	ExpectContinueTimeout   time.Duration
-	Dump                    DumpFlags
-	InsecureSkipVerify      bool // Skip server certificate verification
-	DeleteMode              DeleteMode
-	MaxDelete               int64
-	MaxDeleteSize           SizeSuffix
-	TrackRenames            bool   // Track file renames.
-	TrackRenamesStrategy    string // Comma separated list of strategies used to track renames
-	LowLevelRetries         int
-	UpdateOlder             bool // Skip files that are newer on the destination
-	NoGzip                  bool // Disable compression
-	MaxDepth                int
-	IgnoreSize              bool
-	IgnoreChecksum          bool
-	IgnoreCaseSync          bool
-	NoTraverse              bool
-	CheckFirst              bool
-	NoCheckDest             bool
-	NoUnicodeNormalization  bool
-	NoUpdateModTime         bool
-	DataRateUnit            string
-	CompareDest             []string
-	CopyDest                []string
-	BackupDir               string
-	Suffix                  string
-	SuffixKeepExtension     bool
-	UseListR                bool
-	BufferSize              SizeSuffix
-	BwLimit                 BwTimetable
-	BwLimitFile             BwTimetable
-	TPSLimit                float64
-	TPSLimitBurst           int
-	BindAddr                net.IP
-	DisableFeatures         []string
-	UserAgent               string
-	Immutable               bool
-	AutoConfirm             bool
-	StreamingUploadCutoff   SizeSuffix
-	StatsFileNameLength     int
-	AskPassword             bool
-	PasswordCommand         SpaceSepList
-	UseServerModTime        bool
-	MaxTransfer             SizeSuffix
-	MaxDuration             time.Duration
-	CutoffMode              CutoffMode
-	MaxBacklog              int
-	MaxStatsGroups          int
-	StatsOneLine            bool
-	StatsOneLineDate        bool   // If we want a date prefix at all
-	StatsOneLineDateFormat  string // If we want to customize the prefix
-	ErrorOnNoTransfer       bool   // Set appropriate exit code if no files transferred
-	Progress                bool
-	ProgressTerminalTitle   bool
-	Cookie                  bool
-	UseMmap                 bool
-	CaCert                  []string // Client Side CA
-	ClientCert              string   // Client Side Cert
-	ClientKey               string   // Client Side Key
-	MultiThreadCutoff       SizeSuffix
-	MultiThreadStreams      int
-	MultiThreadSet          bool   // whether MultiThreadStreams was set (set in fs/config/configflags)
-	OrderBy                 string // instructions on how to order the transfer
-	UploadHeaders           []*HTTPOption
-	DownloadHeaders         []*HTTPOption
-	Headers                 []*HTTPOption
-	MetadataSet             Metadata // extra metadata to write when uploading
-	RefreshTimes            bool
-	NoConsole               bool
-	TrafficClass            uint8
-	FsCacheExpireDuration   time.Duration
-	FsCacheExpireInterval   time.Duration
-	DisableHTTP2            bool
-	HumanReadable           bool
-	KvLockTime              time.Duration // maximum time to keep key-value database locked by process
-	DisableHTTPKeepAlives   bool
-	Metadata                bool
-	ServerSideAcrossConfigs bool
-	TerminalColorMode       TerminalColorMode
+	LogLevel                   LogLevel
+	StatsLogLevel              LogLevel
+	UseJSONLog                 bool
+	DryRun                     bool
+	Interactive                bool
+	CheckSum                   bool
+	SizeOnly                   bool
+	IgnoreTimes                bool
+	IgnoreExisting             bool
+	IgnoreErrors               bool
+	ModifyWindow               time.Duration
+	Checkers                   int
+	Transfers                  int
+	ConnectTimeout             time.Duration // Connect timeout
+	Timeout                    time.Duration // Data channel timeout
+	ExpectContinueTimeout      time.Duration
+	Dump                       DumpFlags
+	InsecureSkipVerify         bool // Skip server certificate verification
+	DeleteMode                 DeleteMode
+	MaxDelete                  int64
+	MaxDeleteSize              SizeSuffix
+	TrackRenames               bool   // Track file renames.
+	TrackRenamesStrategy       string // Comma separated list of strategies used to track renames
+	LowLevelRetries            int
+	UpdateOlder                bool // Skip files that are newer on the destination
+	NoGzip                     bool // Disable compression
+	MaxDepth                   int
+	IgnoreSize                 bool
+	IgnoreChecksum             bool
+	IgnoreCaseSync             bool
+	NoTraverse                 bool
+	CheckFirst                 bool
+	NoCheckDest                bool
+	NoUnicodeNormalization     bool
+	NoUpdateModTime            bool
+	DataRateUnit               string
+	CompareDest                []string
+	CopyDest                   []string
+	BackupDir                  string
+	Suffix                     string
+	SuffixKeepExtension        bool
+	UseListR                   bool
+	BufferSize                 SizeSuffix
+	BwLimit                    BwTimetable
+	BwLimitFile                BwTimetable
+	TPSLimit                   float64
+	TPSLimitBurst              int
+	BindAddr                   net.IP
+	DisableFeatures            []string
+	UserAgent                  string
+	Immutable                  bool
+	AutoConfirm                bool
+	StreamingUploadCutoff      SizeSuffix
+	StatsFileNameLength        int
+	AskPassword                bool
+	PasswordCommand            SpaceSepList
+	UseServerModTime           bool
+	MaxTransfer                SizeSuffix
+	MaxDuration                time.Duration
+	CutoffMode                 CutoffMode
+	MaxBacklog                 int
+	MaxStatsGroups             int
+	StatsOneLine               bool
+	StatsOneLineDate           bool   // If we want a date prefix at all
+	StatsOneLineDateFormat     string // If we want to customize the prefix
+	ErrorOnNoTransfer          bool   // Set appropriate exit code if no files transferred
+	Progress                   bool
+	ProgressTerminalTitle      bool
+	Cookie                     bool
+	UseMmap                    bool
+	CaCert                     []string // Client Side CA
+	ClientCert                 string   // Client Side Cert
+	ClientKey                  string   // Client Side Key
+	MultiThreadCutoff          SizeSuffix
+	MultiThreadStreams         int
+	MultiThreadSet             bool       // whether MultiThreadStreams was set (set in fs/config/configflags)
+	MultiThreadChunkSize       SizeSuffix // Chunk size for multi-thread downloads / uploads, if not set by filesystem
+	MultiThreadWriteBufferSize SizeSuffix
+	OrderBy                    string // instructions on how to order the transfer
+	UploadHeaders              []*HTTPOption
+	DownloadHeaders            []*HTTPOption
+	Headers                    []*HTTPOption
+	MetadataSet                Metadata // extra metadata to write when uploading
+	RefreshTimes               bool
+	NoConsole                  bool
+	TrafficClass               uint8
+	FsCacheExpireDuration      time.Duration
+	FsCacheExpireInterval      time.Duration
+	DisableHTTP2               bool
+	HumanReadable              bool
+	KvLockTime                 time.Duration // maximum time to keep key-value database locked by process
+	DisableHTTPKeepAlives      bool
+	Metadata                   bool
+	ServerSideAcrossConfigs    bool
+	TerminalColorMode          TerminalColorMode
+	DefaultTime                Time // time that directories with no time should display
+	Inplace                    bool // Download directly to destination file instead of atomic download to temp/rename
+	PartialSuffix              string
+	MetadataMapper             SpaceSepList
 }
 
 // NewConfig creates a new config with everything set to the default
@@ -178,13 +184,17 @@ func NewConfig() *ConfigInfo {
 	c.MaxBacklog = 10000
 	// We do not want to set the default here. We use this variable being empty as part of the fall-through of options.
 	//	c.StatsOneLineDateFormat = "2006/01/02 15:04:05 - "
-	c.MultiThreadCutoff = SizeSuffix(250 * 1024 * 1024)
+	c.MultiThreadCutoff = SizeSuffix(256 * 1024 * 1024)
 	c.MultiThreadStreams = 4
+	c.MultiThreadChunkSize = SizeSuffix(64 * 1024 * 1024)
+	c.MultiThreadWriteBufferSize = SizeSuffix(128 * 1024)
 
 	c.TrackRenamesStrategy = "hash"
 	c.FsCacheExpireDuration = 300 * time.Second
 	c.FsCacheExpireInterval = 60 * time.Second
 	c.KvLockTime = 1 * time.Second
+	c.DefaultTime = Time(time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC))
+	c.PartialSuffix = ".partial"
 
 	// Perform a simple check for debug flags to enable debug logging during the flag initialization
 	for argIndex, arg := range os.Args {
diff --git a/fs/config/config.go b/fs/config/config.go
index b2a354037c7ef..145f2a2dfeb00 100644
--- a/fs/config/config.go
+++ b/fs/config/config.go
@@ -475,6 +475,9 @@ func updateRemote(ctx context.Context, name string, keyValues rc.Params, opt Upd
 	// Set the config
 	for k, v := range keyValues {
 		vStr := fmt.Sprint(v)
+		if strings.ContainsAny(k, "\n\r") || strings.ContainsAny(vStr, "\n\r") {
+			return nil, fmt.Errorf("update remote: invalid key or value contains \\n or \\r")
+		}
 		// Obscure parameter if necessary
 		if _, ok := needsObscure[k]; ok {
 			_, err := obscure.Reveal(vStr)
@@ -483,7 +486,7 @@ func updateRemote(ctx context.Context, name string, keyValues rc.Params, opt Upd
 				// or we are forced to obscure
 				vStr, err = obscure.Obscure(vStr)
 				if err != nil {
-					return nil, fmt.Errorf("UpdateRemote: obscure failed: %w", err)
+					return nil, fmt.Errorf("update remote: obscure failed: %w", err)
 				}
 			}
 		}
diff --git a/fs/config/configfile/configfile.go b/fs/config/configfile/configfile.go
index 11763fd2e7d03..659df705d610f 100644
--- a/fs/config/configfile/configfile.go
+++ b/fs/config/configfile/configfile.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/Unknwon/goconfig"
+	"github.com/Unknwon/goconfig" //nolint:misspell // Don't include misspell when running golangci-lint
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/config"
 	"github.com/rclone/rclone/lib/file"
@@ -106,20 +106,37 @@ func (s *Storage) Save() error {
 	if configPath == "" {
 		return fmt.Errorf("failed to save config file, path is empty")
 	}
+	configDir, configName := filepath.Split(configPath)
 
-	dir, name := filepath.Split(configPath)
-	err := file.MkdirAll(dir, os.ModePerm)
+	info, err := os.Lstat(configPath)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return fmt.Errorf("failed to resolve config file path: %w", err)
+		}
+	} else {
+		if info.Mode()&os.ModeSymlink != 0 {
+			configPath, err = os.Readlink(configPath)
+			if err != nil {
+				return fmt.Errorf("failed to resolve config file symbolic link: %w", err)
+			}
+			if !filepath.IsAbs(configPath) {
+				configPath = filepath.Join(configDir, configPath)
+			}
+			configDir = filepath.Dir(configPath)
+		}
+	}
+	err = file.MkdirAll(configDir, os.ModePerm)
 	if err != nil {
 		return fmt.Errorf("failed to create config directory: %w", err)
 	}
-	f, err := os.CreateTemp(dir, name)
+	f, err := os.CreateTemp(configDir, configName)
 	if err != nil {
 		return fmt.Errorf("failed to create temp file for new config: %w", err)
 	}
 	defer func() {
 		_ = f.Close()
 		if err := os.Remove(f.Name()); err != nil && !os.IsNotExist(err) {
-			fs.Errorf(nil, "failed to remove temp config file: %v", err)
+			fs.Errorf(nil, "Failed to remove temp file for new config: %v", err)
 		}
 	}()
 
@@ -139,7 +156,7 @@ func (s *Storage) Save() error {
 	}
 
 	var fileMode os.FileMode = 0600
-	info, err := os.Stat(configPath)
+	info, err = os.Stat(configPath)
 	if err != nil {
 		fs.Debugf(nil, "Using default permissions for config file: %v", fileMode)
 	} else if info.Mode() != fileMode {
@@ -154,15 +171,33 @@ func (s *Storage) Save() error {
 		fs.Errorf(nil, "Failed to set permissions on config file: %v", err)
 	}
 
-	if err = os.Rename(configPath, configPath+".old"); err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("failed to move previous config to backup location: %w", err)
+	fbackup, err := os.CreateTemp(configDir, configName+".old")
+	if err != nil {
+		return fmt.Errorf("failed to create temp file for old config backup: %w", err)
+	}
+	err = fbackup.Close()
+	if err != nil {
+		return fmt.Errorf("failed to close temp file for old config backup: %w", err)
+	}
+	keepBackup := true
+	defer func() {
+		if !keepBackup {
+			if err := os.Remove(fbackup.Name()); err != nil && !os.IsNotExist(err) {
+				fs.Errorf(nil, "Failed to remove temp file for old config backup: %v", err)
+			}
+		}
+	}()
+
+	if err = os.Rename(configPath, fbackup.Name()); err != nil {
+		if !os.IsNotExist(err) {
+			return fmt.Errorf("failed to move previous config to backup location: %w", err)
+		}
+		keepBackup = false // no existing file, no need to keep backup even if writing of new file fails
 	}
 	if err = os.Rename(f.Name(), configPath); err != nil {
 		return fmt.Errorf("failed to move newly written config from %s to final location: %v", f.Name(), err)
 	}
-	if err := os.Remove(configPath + ".old"); err != nil && !os.IsNotExist(err) {
-		fs.Errorf(nil, "Failed to remove backup config file: %v", err)
-	}
+	keepBackup = false // new file was written, no need to keep backup
 
 	// Update s.fi with the newly written file
 	s.fi, _ = os.Stat(configPath)
diff --git a/fs/config/configfile/configfile_test.go b/fs/config/configfile/configfile_test.go
index c7a325cce28b5..2c2ba7e27805d 100644
--- a/fs/config/configfile/configfile_test.go
+++ b/fs/config/configfile/configfile_test.go
@@ -3,6 +3,7 @@ package configfile
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"runtime"
 	"strings"
 	"testing"
@@ -242,3 +243,121 @@ func TestConfigFileNoConfig(t *testing.T) {
 		testConfigFileNoConfig(t, "/notfound")
 	})
 }
+
+func TestConfigFileSave(t *testing.T) {
+	testDir := t.TempDir()
+	configPath := filepath.Join(testDir, "a", "b", "c", "configfile")
+
+	assert.NoError(t, config.SetConfigPath(configPath))
+	data := &Storage{}
+	require.Error(t, data.Load(), config.ErrorConfigFileNotFound)
+
+	t.Run("CreatesDirsAndFile", func(t *testing.T) {
+		err := data.Save()
+		require.NoError(t, err)
+		info, err := os.Stat(configPath)
+		require.NoError(t, err)
+		assert.False(t, info.IsDir())
+	})
+	t.Run("KeepsFileMode", func(t *testing.T) {
+		if runtime.GOOS != "linux" {
+			t.Skip("this is a Linux only test")
+		}
+		assert.NoError(t, os.Chmod(configPath, 0400)) // -r--------
+		defer func() {
+			_ = os.Chmod(configPath, 0644) // -rw-r--r--
+		}()
+		err := data.Save()
+		require.NoError(t, err)
+		info, err := os.Stat(configPath)
+		require.NoError(t, err)
+		assert.Equal(t, os.FileMode(0400), info.Mode().Perm())
+	})
+	t.Run("SucceedsEvenIfReadOnlyFile", func(t *testing.T) {
+		// Save succeeds even if file is read-only since it does not write directly to the file.
+		assert.NoError(t, os.Chmod(configPath, 0400)) // -r--------
+		defer func() {
+			_ = os.Chmod(configPath, 0644) // -rw-r--r--
+		}()
+		err := data.Save()
+		assert.NoError(t, err)
+	})
+	t.Run("FailsIfNotAccessToDir", func(t *testing.T) {
+		// Save fails if no access to the directory.
+		if runtime.GOOS != "linux" {
+			// On Windows the os.Chmod only affects the read-only attribute of files)
+			t.Skip("this is a Linux only test")
+		}
+		configDir := filepath.Dir(configPath)
+		assert.NoError(t, os.Chmod(configDir, 0400)) // -r--------
+		defer func() {
+			_ = os.Chmod(configDir, 0755) // -rwxr-xr-x
+		}()
+		err := data.Save()
+		require.Error(t, err)
+		assert.True(t, strings.HasPrefix(err.Error(), "failed to resolve config file path"))
+	})
+	t.Run("FailsIfNotAllowedToCreateNewFiles", func(t *testing.T) {
+		// Save fails if read-only access to the directory, since it needs to create temporary files in there.
+		if runtime.GOOS != "linux" {
+			// On Windows the os.Chmod only affects the read-only attribute of files)
+			t.Skip("this is a Linux only test")
+		}
+		configDir := filepath.Dir(configPath)
+		assert.NoError(t, os.Chmod(configDir, 0544)) // -r-xr--r--
+		defer func() {
+			_ = os.Chmod(configDir, 0755) // -rwxr-xr-x
+		}()
+		err := data.Save()
+		require.Error(t, err)
+		assert.True(t, strings.HasPrefix(err.Error(), "failed to create temp file for new config"))
+	})
+}
+
+func TestConfigFileSaveSymlinkAbsolute(t *testing.T) {
+	if runtime.GOOS != "linux" {
+		// Symlinks may require admin privileges on Windows and os.Symlink will then
+		// fail with "A required privilege is not held by the client."
+		t.Skip("this is a Linux only test")
+	}
+	testDir := t.TempDir()
+	linkDir := filepath.Join(testDir, "a")
+	err := os.Mkdir(linkDir, os.ModePerm)
+	require.NoError(t, err)
+
+	testSymlink := func(t *testing.T, link string, target string, resolvedTarget string) {
+		err = os.Symlink(target, link)
+		require.NoError(t, err)
+		defer func() {
+			_ = os.Remove(link)
+		}()
+
+		assert.NoError(t, config.SetConfigPath(link))
+		data := &Storage{}
+		require.Error(t, data.Load(), config.ErrorConfigFileNotFound)
+
+		err = data.Save()
+		require.NoError(t, err)
+
+		info, err := os.Lstat(link)
+		require.NoError(t, err)
+		assert.True(t, info.Mode()&os.ModeSymlink != 0)
+		assert.False(t, info.IsDir())
+
+		info, err = os.Lstat(resolvedTarget)
+		require.NoError(t, err)
+		assert.False(t, info.IsDir())
+	}
+
+	t.Run("Absolute", func(t *testing.T) {
+		link := filepath.Join(linkDir, "configfilelink")
+		target := filepath.Join(testDir, "b", "configfiletarget")
+		testSymlink(t, link, target, target)
+	})
+	t.Run("Relative", func(t *testing.T) {
+		link := filepath.Join(linkDir, "configfilelink")
+		target := filepath.Join("b", "c", "configfiletarget")
+		resolvedTarget := filepath.Join(filepath.Dir(link), target)
+		testSymlink(t, link, target, resolvedTarget)
+	})
+}
diff --git a/fs/config/configflags/configflags.go b/fs/config/configflags/configflags.go
index 96d728fccc303..7d856cf12d1f0 100644
--- a/fs/config/configflags/configflags.go
+++ b/fs/config/configflags/configflags.go
@@ -38,112 +38,119 @@ var (
 	downloadHeaders []string
 	headers         []string
 	metadataSet     []string
+	partialSuffix   string
 )
 
 // AddFlags adds the non filing system specific flags to the command
 func AddFlags(ci *fs.ConfigInfo, flagSet *pflag.FlagSet) {
 	rc.AddOption("main", ci)
 	// NB defaults which aren't the zero for the type should be set in fs/config.go NewConfig
-	flags.CountVarP(flagSet, &verbose, "verbose", "v", "Print lots more stuff (repeat for more)")
-	flags.BoolVarP(flagSet, &quiet, "quiet", "q", false, "Print as little stuff as possible")
-	flags.DurationVarP(flagSet, &ci.ModifyWindow, "modify-window", "", ci.ModifyWindow, "Max time diff to be considered the same")
-	flags.IntVarP(flagSet, &ci.Checkers, "checkers", "", ci.Checkers, "Number of checkers to run in parallel")
-	flags.IntVarP(flagSet, &ci.Transfers, "transfers", "", ci.Transfers, "Number of file transfers to run in parallel")
-	flags.StringVarP(flagSet, &configPath, "config", "", config.GetConfigPath(), "Config file")
-	flags.StringVarP(flagSet, &cacheDir, "cache-dir", "", config.GetCacheDir(), "Directory rclone will use for caching")
-	flags.StringVarP(flagSet, &tempDir, "temp-dir", "", os.TempDir(), "Directory rclone will use for temporary files")
-	flags.BoolVarP(flagSet, &ci.CheckSum, "checksum", "c", ci.CheckSum, "Skip based on checksum (if available) & size, not mod-time & size")
-	flags.BoolVarP(flagSet, &ci.SizeOnly, "size-only", "", ci.SizeOnly, "Skip based on size only, not mod-time or checksum")
-	flags.BoolVarP(flagSet, &ci.IgnoreTimes, "ignore-times", "I", ci.IgnoreTimes, "Don't skip files that match size and time - transfer all files")
-	flags.BoolVarP(flagSet, &ci.IgnoreExisting, "ignore-existing", "", ci.IgnoreExisting, "Skip all files that exist on destination")
-	flags.BoolVarP(flagSet, &ci.IgnoreErrors, "ignore-errors", "", ci.IgnoreErrors, "Delete even if there are I/O errors")
-	flags.BoolVarP(flagSet, &ci.DryRun, "dry-run", "n", ci.DryRun, "Do a trial run with no permanent changes")
-	flags.BoolVarP(flagSet, &ci.Interactive, "interactive", "i", ci.Interactive, "Enable interactive mode")
-	flags.DurationVarP(flagSet, &ci.ConnectTimeout, "contimeout", "", ci.ConnectTimeout, "Connect timeout")
-	flags.DurationVarP(flagSet, &ci.Timeout, "timeout", "", ci.Timeout, "IO idle timeout")
-	flags.DurationVarP(flagSet, &ci.ExpectContinueTimeout, "expect-continue-timeout", "", ci.ExpectContinueTimeout, "Timeout when using expect / 100-continue in HTTP")
-	flags.BoolVarP(flagSet, &dumpHeaders, "dump-headers", "", false, "Dump HTTP headers - may contain sensitive info")
-	flags.BoolVarP(flagSet, &dumpBodies, "dump-bodies", "", false, "Dump HTTP headers and bodies - may contain sensitive info")
-	flags.BoolVarP(flagSet, &ci.InsecureSkipVerify, "no-check-certificate", "", ci.InsecureSkipVerify, "Do not verify the server SSL certificate (insecure)")
-	flags.BoolVarP(flagSet, &ci.AskPassword, "ask-password", "", ci.AskPassword, "Allow prompt for password for encrypted configuration")
-	flags.FVarP(flagSet, &ci.PasswordCommand, "password-command", "", "Command for supplying password for encrypted configuration")
-	flags.BoolVarP(flagSet, &deleteBefore, "delete-before", "", false, "When synchronizing, delete files on destination before transferring")
-	flags.BoolVarP(flagSet, &deleteDuring, "delete-during", "", false, "When synchronizing, delete files during transfer")
-	flags.BoolVarP(flagSet, &deleteAfter, "delete-after", "", false, "When synchronizing, delete files on destination after transferring (default)")
-	flags.Int64VarP(flagSet, &ci.MaxDelete, "max-delete", "", -1, "When synchronizing, limit the number of deletes")
-	flags.FVarP(flagSet, &ci.MaxDeleteSize, "max-delete-size", "", "When synchronizing, limit the total size of deletes")
-	flags.BoolVarP(flagSet, &ci.TrackRenames, "track-renames", "", ci.TrackRenames, "When synchronizing, track file renames and do a server-side move if possible")
-	flags.StringVarP(flagSet, &ci.TrackRenamesStrategy, "track-renames-strategy", "", ci.TrackRenamesStrategy, "Strategies to use when synchronizing using track-renames hash|modtime|leaf")
-	flags.IntVarP(flagSet, &ci.LowLevelRetries, "low-level-retries", "", ci.LowLevelRetries, "Number of low level retries to do")
-	flags.BoolVarP(flagSet, &ci.UpdateOlder, "update", "u", ci.UpdateOlder, "Skip files that are newer on the destination")
-	flags.BoolVarP(flagSet, &ci.UseServerModTime, "use-server-modtime", "", ci.UseServerModTime, "Use server modified time instead of object metadata")
-	flags.BoolVarP(flagSet, &ci.NoGzip, "no-gzip-encoding", "", ci.NoGzip, "Don't set Accept-Encoding: gzip")
-	flags.IntVarP(flagSet, &ci.MaxDepth, "max-depth", "", ci.MaxDepth, "If set limits the recursion depth to this")
-	flags.BoolVarP(flagSet, &ci.IgnoreSize, "ignore-size", "", false, "Ignore size when skipping use mod-time or checksum")
-	flags.BoolVarP(flagSet, &ci.IgnoreChecksum, "ignore-checksum", "", ci.IgnoreChecksum, "Skip post copy check of checksums")
-	flags.BoolVarP(flagSet, &ci.IgnoreCaseSync, "ignore-case-sync", "", ci.IgnoreCaseSync, "Ignore case when synchronizing")
-	flags.BoolVarP(flagSet, &ci.NoTraverse, "no-traverse", "", ci.NoTraverse, "Don't traverse destination file system on copy")
-	flags.BoolVarP(flagSet, &ci.CheckFirst, "check-first", "", ci.CheckFirst, "Do all the checks before starting transfers")
-	flags.BoolVarP(flagSet, &ci.NoCheckDest, "no-check-dest", "", ci.NoCheckDest, "Don't check the destination, copy regardless")
-	flags.BoolVarP(flagSet, &ci.NoUnicodeNormalization, "no-unicode-normalization", "", ci.NoUnicodeNormalization, "Don't normalize unicode characters in filenames")
-	flags.BoolVarP(flagSet, &ci.NoUpdateModTime, "no-update-modtime", "", ci.NoUpdateModTime, "Don't update destination mod-time if files identical")
-	flags.StringArrayVarP(flagSet, &ci.CompareDest, "compare-dest", "", nil, "Include additional comma separated server-side paths during comparison")
-	flags.StringArrayVarP(flagSet, &ci.CopyDest, "copy-dest", "", nil, "Implies --compare-dest but also copies files from paths into destination")
-	flags.StringVarP(flagSet, &ci.BackupDir, "backup-dir", "", ci.BackupDir, "Make backups into hierarchy based in DIR")
-	flags.StringVarP(flagSet, &ci.Suffix, "suffix", "", ci.Suffix, "Suffix to add to changed files")
-	flags.BoolVarP(flagSet, &ci.SuffixKeepExtension, "suffix-keep-extension", "", ci.SuffixKeepExtension, "Preserve the extension when using --suffix")
-	flags.BoolVarP(flagSet, &ci.UseListR, "fast-list", "", ci.UseListR, "Use recursive list if available; uses more memory but fewer transactions")
-	flags.Float64VarP(flagSet, &ci.TPSLimit, "tpslimit", "", ci.TPSLimit, "Limit HTTP transactions per second to this")
-	flags.IntVarP(flagSet, &ci.TPSLimitBurst, "tpslimit-burst", "", ci.TPSLimitBurst, "Max burst of transactions for --tpslimit")
-	flags.StringVarP(flagSet, &bindAddr, "bind", "", "", "Local address to bind to for outgoing connections, IPv4, IPv6 or name")
-	flags.StringVarP(flagSet, &disableFeatures, "disable", "", "", "Disable a comma separated list of features (use --disable help to see a list)")
-	flags.StringVarP(flagSet, &ci.UserAgent, "user-agent", "", ci.UserAgent, "Set the user-agent to a specified string")
-	flags.BoolVarP(flagSet, &ci.Immutable, "immutable", "", ci.Immutable, "Do not modify files, fail if existing files have been modified")
-	flags.BoolVarP(flagSet, &ci.AutoConfirm, "auto-confirm", "", ci.AutoConfirm, "If enabled, do not request console confirmation")
-	flags.IntVarP(flagSet, &ci.StatsFileNameLength, "stats-file-name-length", "", ci.StatsFileNameLength, "Max file name length in stats (0 for no limit)")
-	flags.FVarP(flagSet, &ci.LogLevel, "log-level", "", "Log level DEBUG|INFO|NOTICE|ERROR")
-	flags.FVarP(flagSet, &ci.StatsLogLevel, "stats-log-level", "", "Log level to show --stats output DEBUG|INFO|NOTICE|ERROR")
-	flags.FVarP(flagSet, &ci.BwLimit, "bwlimit", "", "Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable")
-	flags.FVarP(flagSet, &ci.BwLimitFile, "bwlimit-file", "", "Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable")
-	flags.FVarP(flagSet, &ci.BufferSize, "buffer-size", "", "In memory buffer size when reading files for each --transfer")
-	flags.FVarP(flagSet, &ci.StreamingUploadCutoff, "streaming-upload-cutoff", "", "Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends")
-	flags.FVarP(flagSet, &ci.Dump, "dump", "", "List of items to dump from: "+fs.DumpFlagsList)
-	flags.FVarP(flagSet, &ci.MaxTransfer, "max-transfer", "", "Maximum size of data to transfer")
-	flags.DurationVarP(flagSet, &ci.MaxDuration, "max-duration", "", 0, "Maximum duration rclone will transfer data for")
-	flags.FVarP(flagSet, &ci.CutoffMode, "cutoff-mode", "", "Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS")
-	flags.IntVarP(flagSet, &ci.MaxBacklog, "max-backlog", "", ci.MaxBacklog, "Maximum number of objects in sync or check backlog")
-	flags.IntVarP(flagSet, &ci.MaxStatsGroups, "max-stats-groups", "", ci.MaxStatsGroups, "Maximum number of stats groups to keep in memory, on max oldest is discarded")
-	flags.BoolVarP(flagSet, &ci.StatsOneLine, "stats-one-line", "", ci.StatsOneLine, "Make the stats fit on one line")
-	flags.BoolVarP(flagSet, &ci.StatsOneLineDate, "stats-one-line-date", "", ci.StatsOneLineDate, "Enable --stats-one-line and add current date/time prefix")
-	flags.StringVarP(flagSet, &ci.StatsOneLineDateFormat, "stats-one-line-date-format", "", ci.StatsOneLineDateFormat, "Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes (\"), see https://golang.org/pkg/time/#Time.Format")
-	flags.BoolVarP(flagSet, &ci.ErrorOnNoTransfer, "error-on-no-transfer", "", ci.ErrorOnNoTransfer, "Sets exit code 9 if no files are transferred, useful in scripts")
-	flags.BoolVarP(flagSet, &ci.Progress, "progress", "P", ci.Progress, "Show progress during transfer")
-	flags.BoolVarP(flagSet, &ci.ProgressTerminalTitle, "progress-terminal-title", "", ci.ProgressTerminalTitle, "Show progress on the terminal title (requires -P/--progress)")
-	flags.BoolVarP(flagSet, &ci.Cookie, "use-cookies", "", ci.Cookie, "Enable session cookiejar")
-	flags.BoolVarP(flagSet, &ci.UseMmap, "use-mmap", "", ci.UseMmap, "Use mmap allocator (see docs)")
-	flags.StringArrayVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers")
-	flags.StringVarP(flagSet, &ci.ClientCert, "client-cert", "", ci.ClientCert, "Client SSL certificate (PEM) for mutual TLS auth")
-	flags.StringVarP(flagSet, &ci.ClientKey, "client-key", "", ci.ClientKey, "Client SSL private key (PEM) for mutual TLS auth")
-	flags.FVarP(flagSet, &ci.MultiThreadCutoff, "multi-thread-cutoff", "", "Use multi-thread downloads for files above this size")
-	flags.IntVarP(flagSet, &ci.MultiThreadStreams, "multi-thread-streams", "", ci.MultiThreadStreams, "Max number of streams to use for multi-thread downloads")
-	flags.BoolVarP(flagSet, &ci.UseJSONLog, "use-json-log", "", ci.UseJSONLog, "Use json log format")
-	flags.StringVarP(flagSet, &ci.OrderBy, "order-by", "", ci.OrderBy, "Instructions on how to order the transfers, e.g. 'size,descending'")
-	flags.StringArrayVarP(flagSet, &uploadHeaders, "header-upload", "", nil, "Set HTTP header for upload transactions")
-	flags.StringArrayVarP(flagSet, &downloadHeaders, "header-download", "", nil, "Set HTTP header for download transactions")
-	flags.StringArrayVarP(flagSet, &headers, "header", "", nil, "Set HTTP header for all transactions")
-	flags.StringArrayVarP(flagSet, &metadataSet, "metadata-set", "", nil, "Add metadata key=value when uploading")
-	flags.BoolVarP(flagSet, &ci.RefreshTimes, "refresh-times", "", ci.RefreshTimes, "Refresh the modtime of remote files")
-	flags.BoolVarP(flagSet, &ci.NoConsole, "no-console", "", ci.NoConsole, "Hide console window (supported on Windows only)")
-	flags.StringVarP(flagSet, &dscp, "dscp", "", "", "Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21")
-	flags.DurationVarP(flagSet, &ci.FsCacheExpireDuration, "fs-cache-expire-duration", "", ci.FsCacheExpireDuration, "Cache remotes for this long (0 to disable caching)")
-	flags.DurationVarP(flagSet, &ci.FsCacheExpireInterval, "fs-cache-expire-interval", "", ci.FsCacheExpireInterval, "Interval to check for expired remotes")
-	flags.BoolVarP(flagSet, &ci.DisableHTTP2, "disable-http2", "", ci.DisableHTTP2, "Disable HTTP/2 in the global transport")
-	flags.BoolVarP(flagSet, &ci.HumanReadable, "human-readable", "", ci.HumanReadable, "Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi")
-	flags.DurationVarP(flagSet, &ci.KvLockTime, "kv-lock-time", "", ci.KvLockTime, "Maximum time to keep key-value database locked by process")
-	flags.BoolVarP(flagSet, &ci.DisableHTTPKeepAlives, "disable-http-keep-alives", "", ci.DisableHTTPKeepAlives, "Disable HTTP keep-alives and use each connection once.")
-	flags.BoolVarP(flagSet, &ci.Metadata, "metadata", "M", ci.Metadata, "If set, preserve metadata when copying objects")
-	flags.BoolVarP(flagSet, &ci.ServerSideAcrossConfigs, "server-side-across-configs", "", ci.ServerSideAcrossConfigs, "Allow server-side operations (e.g. copy) to work across different configs")
-	flags.FVarP(flagSet, &ci.TerminalColorMode, "color", "", "When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS")
+	flags.CountVarP(flagSet, &verbose, "verbose", "v", "Print lots more stuff (repeat for more)", "Logging,Important")
+	flags.BoolVarP(flagSet, &quiet, "quiet", "q", false, "Print as little stuff as possible", "Logging")
+	flags.DurationVarP(flagSet, &ci.ModifyWindow, "modify-window", "", ci.ModifyWindow, "Max time diff to be considered the same", "Copy")
+	flags.IntVarP(flagSet, &ci.Checkers, "checkers", "", ci.Checkers, "Number of checkers to run in parallel", "Performance")
+	flags.IntVarP(flagSet, &ci.Transfers, "transfers", "", ci.Transfers, "Number of file transfers to run in parallel", "Performance")
+	flags.StringVarP(flagSet, &configPath, "config", "", config.GetConfigPath(), "Config file", "Config")
+	flags.StringVarP(flagSet, &cacheDir, "cache-dir", "", config.GetCacheDir(), "Directory rclone will use for caching", "Config")
+	flags.StringVarP(flagSet, &tempDir, "temp-dir", "", os.TempDir(), "Directory rclone will use for temporary files", "Config")
+	flags.BoolVarP(flagSet, &ci.CheckSum, "checksum", "c", ci.CheckSum, "Check for changes with size & checksum (if available, or fallback to size only).", "Copy")
+	flags.BoolVarP(flagSet, &ci.SizeOnly, "size-only", "", ci.SizeOnly, "Skip based on size only, not modtime or checksum", "Copy")
+	flags.BoolVarP(flagSet, &ci.IgnoreTimes, "ignore-times", "I", ci.IgnoreTimes, "Don't skip files that match size and time - transfer all files", "Copy")
+	flags.BoolVarP(flagSet, &ci.IgnoreExisting, "ignore-existing", "", ci.IgnoreExisting, "Skip all files that exist on destination", "Copy")
+	flags.BoolVarP(flagSet, &ci.IgnoreErrors, "ignore-errors", "", ci.IgnoreErrors, "Delete even if there are I/O errors", "Sync")
+	flags.BoolVarP(flagSet, &ci.DryRun, "dry-run", "n", ci.DryRun, "Do a trial run with no permanent changes", "Config,Important")
+	flags.BoolVarP(flagSet, &ci.Interactive, "interactive", "i", ci.Interactive, "Enable interactive mode", "Config,Important")
+	flags.DurationVarP(flagSet, &ci.ConnectTimeout, "contimeout", "", ci.ConnectTimeout, "Connect timeout", "Networking")
+	flags.DurationVarP(flagSet, &ci.Timeout, "timeout", "", ci.Timeout, "IO idle timeout", "Networking")
+	flags.DurationVarP(flagSet, &ci.ExpectContinueTimeout, "expect-continue-timeout", "", ci.ExpectContinueTimeout, "Timeout when using expect / 100-continue in HTTP", "Networking")
+	flags.BoolVarP(flagSet, &dumpHeaders, "dump-headers", "", false, "Dump HTTP headers - may contain sensitive info", "Debugging")
+	flags.BoolVarP(flagSet, &dumpBodies, "dump-bodies", "", false, "Dump HTTP headers and bodies - may contain sensitive info", "Debugging")
+	flags.BoolVarP(flagSet, &ci.InsecureSkipVerify, "no-check-certificate", "", ci.InsecureSkipVerify, "Do not verify the server SSL certificate (insecure)", "Networking")
+	flags.BoolVarP(flagSet, &ci.AskPassword, "ask-password", "", ci.AskPassword, "Allow prompt for password for encrypted configuration", "Config")
+	flags.FVarP(flagSet, &ci.PasswordCommand, "password-command", "", "Command for supplying password for encrypted configuration", "Config")
+	flags.BoolVarP(flagSet, &deleteBefore, "delete-before", "", false, "When synchronizing, delete files on destination before transferring", "Sync")
+	flags.BoolVarP(flagSet, &deleteDuring, "delete-during", "", false, "When synchronizing, delete files during transfer", "Sync")
+	flags.BoolVarP(flagSet, &deleteAfter, "delete-after", "", false, "When synchronizing, delete files on destination after transferring (default)", "Sync")
+	flags.Int64VarP(flagSet, &ci.MaxDelete, "max-delete", "", -1, "When synchronizing, limit the number of deletes", "Sync")
+	flags.FVarP(flagSet, &ci.MaxDeleteSize, "max-delete-size", "", "When synchronizing, limit the total size of deletes", "Sync")
+	flags.BoolVarP(flagSet, &ci.TrackRenames, "track-renames", "", ci.TrackRenames, "When synchronizing, track file renames and do a server-side move if possible", "Sync")
+	flags.StringVarP(flagSet, &ci.TrackRenamesStrategy, "track-renames-strategy", "", ci.TrackRenamesStrategy, "Strategies to use when synchronizing using track-renames hash|modtime|leaf", "Sync")
+	flags.IntVarP(flagSet, &ci.LowLevelRetries, "low-level-retries", "", ci.LowLevelRetries, "Number of low level retries to do", "Config")
+	flags.BoolVarP(flagSet, &ci.UpdateOlder, "update", "u", ci.UpdateOlder, "Skip files that are newer on the destination", "Copy")
+	flags.BoolVarP(flagSet, &ci.UseServerModTime, "use-server-modtime", "", ci.UseServerModTime, "Use server modified time instead of object metadata", "Config")
+	flags.BoolVarP(flagSet, &ci.NoGzip, "no-gzip-encoding", "", ci.NoGzip, "Don't set Accept-Encoding: gzip", "Networking")
+	flags.IntVarP(flagSet, &ci.MaxDepth, "max-depth", "", ci.MaxDepth, "If set limits the recursion depth to this", "Filter")
+	flags.BoolVarP(flagSet, &ci.IgnoreSize, "ignore-size", "", false, "Ignore size when skipping use modtime or checksum", "Copy")
+	flags.BoolVarP(flagSet, &ci.IgnoreChecksum, "ignore-checksum", "", ci.IgnoreChecksum, "Skip post copy check of checksums", "Copy")
+	flags.BoolVarP(flagSet, &ci.IgnoreCaseSync, "ignore-case-sync", "", ci.IgnoreCaseSync, "Ignore case when synchronizing", "Copy")
+	flags.BoolVarP(flagSet, &ci.NoTraverse, "no-traverse", "", ci.NoTraverse, "Don't traverse destination file system on copy", "Copy")
+	flags.BoolVarP(flagSet, &ci.CheckFirst, "check-first", "", ci.CheckFirst, "Do all the checks before starting transfers", "Copy")
+	flags.BoolVarP(flagSet, &ci.NoCheckDest, "no-check-dest", "", ci.NoCheckDest, "Don't check the destination, copy regardless", "Copy")
+	flags.BoolVarP(flagSet, &ci.NoUnicodeNormalization, "no-unicode-normalization", "", ci.NoUnicodeNormalization, "Don't normalize unicode characters in filenames", "Config")
+	flags.BoolVarP(flagSet, &ci.NoUpdateModTime, "no-update-modtime", "", ci.NoUpdateModTime, "Don't update destination modtime if files identical", "Copy")
+	flags.StringArrayVarP(flagSet, &ci.CompareDest, "compare-dest", "", nil, "Include additional comma separated server-side paths during comparison", "Copy")
+	flags.StringArrayVarP(flagSet, &ci.CopyDest, "copy-dest", "", nil, "Implies --compare-dest but also copies files from paths into destination", "Copy")
+	flags.StringVarP(flagSet, &ci.BackupDir, "backup-dir", "", ci.BackupDir, "Make backups into hierarchy based in DIR", "Sync")
+	flags.StringVarP(flagSet, &ci.Suffix, "suffix", "", ci.Suffix, "Suffix to add to changed files", "Sync")
+	flags.BoolVarP(flagSet, &ci.SuffixKeepExtension, "suffix-keep-extension", "", ci.SuffixKeepExtension, "Preserve the extension when using --suffix", "Sync")
+	flags.BoolVarP(flagSet, &ci.UseListR, "fast-list", "", ci.UseListR, "Use recursive list if available; uses more memory but fewer transactions", "Listing")
+	flags.Float64VarP(flagSet, &ci.TPSLimit, "tpslimit", "", ci.TPSLimit, "Limit HTTP transactions per second to this", "Networking")
+	flags.IntVarP(flagSet, &ci.TPSLimitBurst, "tpslimit-burst", "", ci.TPSLimitBurst, "Max burst of transactions for --tpslimit", "Networking")
+	flags.StringVarP(flagSet, &bindAddr, "bind", "", "", "Local address to bind to for outgoing connections, IPv4, IPv6 or name", "Networking")
+	flags.StringVarP(flagSet, &disableFeatures, "disable", "", "", "Disable a comma separated list of features (use --disable help to see a list)", "Config")
+	flags.StringVarP(flagSet, &ci.UserAgent, "user-agent", "", ci.UserAgent, "Set the user-agent to a specified string", "Networking")
+	flags.BoolVarP(flagSet, &ci.Immutable, "immutable", "", ci.Immutable, "Do not modify files, fail if existing files have been modified", "Copy")
+	flags.BoolVarP(flagSet, &ci.AutoConfirm, "auto-confirm", "", ci.AutoConfirm, "If enabled, do not request console confirmation", "Config")
+	flags.IntVarP(flagSet, &ci.StatsFileNameLength, "stats-file-name-length", "", ci.StatsFileNameLength, "Max file name length in stats (0 for no limit)", "Logging")
+	flags.FVarP(flagSet, &ci.LogLevel, "log-level", "", "Log level DEBUG|INFO|NOTICE|ERROR", "Logging")
+	flags.FVarP(flagSet, &ci.StatsLogLevel, "stats-log-level", "", "Log level to show --stats output DEBUG|INFO|NOTICE|ERROR", "Logging")
+	flags.FVarP(flagSet, &ci.BwLimit, "bwlimit", "", "Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable", "Networking")
+	flags.FVarP(flagSet, &ci.BwLimitFile, "bwlimit-file", "", "Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable", "Networking")
+	flags.FVarP(flagSet, &ci.BufferSize, "buffer-size", "", "In memory buffer size when reading files for each --transfer", "Performance")
+	flags.FVarP(flagSet, &ci.StreamingUploadCutoff, "streaming-upload-cutoff", "", "Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends", "Copy")
+	flags.FVarP(flagSet, &ci.Dump, "dump", "", "List of items to dump from: "+fs.DumpFlagsList, "Debugging")
+	flags.FVarP(flagSet, &ci.MaxTransfer, "max-transfer", "", "Maximum size of data to transfer", "Copy")
+	flags.DurationVarP(flagSet, &ci.MaxDuration, "max-duration", "", 0, "Maximum duration rclone will transfer data for", "Copy")
+	flags.FVarP(flagSet, &ci.CutoffMode, "cutoff-mode", "", "Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS", "Copy")
+	flags.IntVarP(flagSet, &ci.MaxBacklog, "max-backlog", "", ci.MaxBacklog, "Maximum number of objects in sync or check backlog", "Copy,Check")
+	flags.IntVarP(flagSet, &ci.MaxStatsGroups, "max-stats-groups", "", ci.MaxStatsGroups, "Maximum number of stats groups to keep in memory, on max oldest is discarded", "Logging")
+	flags.BoolVarP(flagSet, &ci.StatsOneLine, "stats-one-line", "", ci.StatsOneLine, "Make the stats fit on one line", "Logging")
+	flags.BoolVarP(flagSet, &ci.StatsOneLineDate, "stats-one-line-date", "", ci.StatsOneLineDate, "Enable --stats-one-line and add current date/time prefix", "Logging")
+	flags.StringVarP(flagSet, &ci.StatsOneLineDateFormat, "stats-one-line-date-format", "", ci.StatsOneLineDateFormat, "Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes (\"), see https://golang.org/pkg/time/#Time.Format", "Logging")
+	flags.BoolVarP(flagSet, &ci.ErrorOnNoTransfer, "error-on-no-transfer", "", ci.ErrorOnNoTransfer, "Sets exit code 9 if no files are transferred, useful in scripts", "Config")
+	flags.BoolVarP(flagSet, &ci.Progress, "progress", "P", ci.Progress, "Show progress during transfer", "Logging")
+	flags.BoolVarP(flagSet, &ci.ProgressTerminalTitle, "progress-terminal-title", "", ci.ProgressTerminalTitle, "Show progress on the terminal title (requires -P/--progress)", "Logging")
+	flags.BoolVarP(flagSet, &ci.Cookie, "use-cookies", "", ci.Cookie, "Enable session cookiejar", "Networking")
+	flags.BoolVarP(flagSet, &ci.UseMmap, "use-mmap", "", ci.UseMmap, "Use mmap allocator (see docs)", "Config")
+	flags.StringArrayVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers", "Networking")
+	flags.StringVarP(flagSet, &ci.ClientCert, "client-cert", "", ci.ClientCert, "Client SSL certificate (PEM) for mutual TLS auth", "Networking")
+	flags.StringVarP(flagSet, &ci.ClientKey, "client-key", "", ci.ClientKey, "Client SSL private key (PEM) for mutual TLS auth", "Networking")
+	flags.FVarP(flagSet, &ci.MultiThreadCutoff, "multi-thread-cutoff", "", "Use multi-thread downloads for files above this size", "Copy")
+	flags.IntVarP(flagSet, &ci.MultiThreadStreams, "multi-thread-streams", "", ci.MultiThreadStreams, "Number of streams to use for multi-thread downloads", "Copy")
+	flags.FVarP(flagSet, &ci.MultiThreadWriteBufferSize, "multi-thread-write-buffer-size", "", "In memory buffer size for writing when in multi-thread mode", "Copy")
+	flags.FVarP(flagSet, &ci.MultiThreadChunkSize, "multi-thread-chunk-size", "", "Chunk size for multi-thread downloads / uploads, if not set by filesystem", "Copy")
+	flags.BoolVarP(flagSet, &ci.UseJSONLog, "use-json-log", "", ci.UseJSONLog, "Use json log format", "Logging")
+	flags.StringVarP(flagSet, &ci.OrderBy, "order-by", "", ci.OrderBy, "Instructions on how to order the transfers, e.g. 'size,descending'", "Copy")
+	flags.StringArrayVarP(flagSet, &uploadHeaders, "header-upload", "", nil, "Set HTTP header for upload transactions", "Networking")
+	flags.StringArrayVarP(flagSet, &downloadHeaders, "header-download", "", nil, "Set HTTP header for download transactions", "Networking")
+	flags.StringArrayVarP(flagSet, &headers, "header", "", nil, "Set HTTP header for all transactions", "Networking")
+	flags.StringArrayVarP(flagSet, &metadataSet, "metadata-set", "", nil, "Add metadata key=value when uploading", "Metadata")
+	flags.BoolVarP(flagSet, &ci.RefreshTimes, "refresh-times", "", ci.RefreshTimes, "Refresh the modtime of remote files", "Copy")
+	flags.BoolVarP(flagSet, &ci.NoConsole, "no-console", "", ci.NoConsole, "Hide console window (supported on Windows only)", "Config")
+	flags.StringVarP(flagSet, &dscp, "dscp", "", "", "Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21", "Networking")
+	flags.DurationVarP(flagSet, &ci.FsCacheExpireDuration, "fs-cache-expire-duration", "", ci.FsCacheExpireDuration, "Cache remotes for this long (0 to disable caching)", "Config")
+	flags.DurationVarP(flagSet, &ci.FsCacheExpireInterval, "fs-cache-expire-interval", "", ci.FsCacheExpireInterval, "Interval to check for expired remotes", "Config")
+	flags.BoolVarP(flagSet, &ci.DisableHTTP2, "disable-http2", "", ci.DisableHTTP2, "Disable HTTP/2 in the global transport", "Networking")
+	flags.BoolVarP(flagSet, &ci.HumanReadable, "human-readable", "", ci.HumanReadable, "Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi", "Config")
+	flags.DurationVarP(flagSet, &ci.KvLockTime, "kv-lock-time", "", ci.KvLockTime, "Maximum time to keep key-value database locked by process", "Config")
+	flags.BoolVarP(flagSet, &ci.DisableHTTPKeepAlives, "disable-http-keep-alives", "", ci.DisableHTTPKeepAlives, "Disable HTTP keep-alives and use each connection once.", "Networking")
+	flags.BoolVarP(flagSet, &ci.Metadata, "metadata", "M", ci.Metadata, "If set, preserve metadata when copying objects", "Metadata,Copy")
+	flags.BoolVarP(flagSet, &ci.ServerSideAcrossConfigs, "server-side-across-configs", "", ci.ServerSideAcrossConfigs, "Allow server-side operations (e.g. copy) to work across different configs", "Copy")
+	flags.FVarP(flagSet, &ci.TerminalColorMode, "color", "", "When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS", "Config")
+	flags.FVarP(flagSet, &ci.DefaultTime, "default-time", "", "Time to show if modtime is unknown for files and directories", "Config,Listing")
+	flags.BoolVarP(flagSet, &ci.Inplace, "inplace", "", ci.Inplace, "Download directly to destination file instead of atomic download to temp/rename", "Copy")
+	flags.StringVarP(flagSet, &partialSuffix, "partial-suffix", "", ci.PartialSuffix, "Add partial-suffix to temporary file name when --inplace is not used", "Copy")
+	flags.FVarP(flagSet, &ci.MetadataMapper, "metadata-mapper", "", "Program to run to transforming metadata before upload", "Metadata")
 }
 
 // ParseHeaders converts the strings passed in via the header flags into HTTPOptions
@@ -318,6 +325,11 @@ func SetFlags(ci *fs.ConfigInfo) {
 	multiThreadStreamsFlag := pflag.Lookup("multi-thread-streams")
 	ci.MultiThreadSet = multiThreadStreamsFlag != nil && multiThreadStreamsFlag.Changed
 
+	if len(partialSuffix) > 16 {
+		log.Fatalf("--partial-suffix: Expecting suffix length not greater than %d but got %d", 16, len(partialSuffix))
+	}
+	ci.PartialSuffix = partialSuffix
+
 	// Make sure some values are > 0
 	nonZero := func(pi *int) {
 		if *pi <= 0 {
diff --git a/fs/config/configstruct/configstruct.go b/fs/config/configstruct/configstruct.go
index 637e5e4ef444e..e8692b1b66cf3 100644
--- a/fs/config/configstruct/configstruct.go
+++ b/fs/config/configstruct/configstruct.go
@@ -24,8 +24,7 @@ func camelToSnake(in string) string {
 // StringToInterface turns in into an interface{} the same type as def
 func StringToInterface(def interface{}, in string) (newValue interface{}, err error) {
 	typ := reflect.TypeOf(def)
-	switch typ.Kind() {
-	case reflect.String:
+	if typ.Kind() == reflect.String && typ.Name() == "string" {
 		// Pass strings unmodified
 		return in, nil
 	}
diff --git a/fs/config/flags/flags.go b/fs/config/flags/flags.go
index 53a4c2f160bef..ca20402d2fd68 100644
--- a/fs/config/flags/flags.go
+++ b/fs/config/flags/flags.go
@@ -5,25 +5,143 @@ package flags
 import (
 	"log"
 	"os"
+	"regexp"
+	"strings"
 	"time"
 
 	"github.com/rclone/rclone/fs"
 	"github.com/spf13/pflag"
 )
 
-// setValueFromEnv constructs a name from the flag passed in and
+// Groups of Flags
+type Groups struct {
+	// Groups of flags
+	Groups []*Group
+
+	// GroupsMaps maps a group name to a Group
+	ByName map[string]*Group
+}
+
+// Group related flags together for documentation purposes
+type Group struct {
+	Groups *Groups
+	Name   string
+	Help   string
+	Flags  *pflag.FlagSet
+}
+
+// NewGroups constructs a collection of Groups
+func NewGroups() *Groups {
+	return &Groups{
+		ByName: make(map[string]*Group),
+	}
+}
+
+// NewGroup to create Group
+func (gs *Groups) NewGroup(name, help string) *Group {
+	group := &Group{
+		Name:  name,
+		Help:  help,
+		Flags: pflag.NewFlagSet(name, pflag.ExitOnError),
+	}
+	gs.ByName[group.Name] = group
+	gs.Groups = append(gs.Groups, group)
+	return group
+}
+
+// Filter makes a copy of groups filtered by flagsRe
+func (gs *Groups) Filter(flagsRe *regexp.Regexp) *Groups {
+	newGs := NewGroups()
+	for _, g := range gs.Groups {
+		newG := newGs.NewGroup(g.Name, g.Help)
+		g.Flags.VisitAll(func(f *pflag.Flag) {
+			matched := flagsRe == nil || flagsRe.MatchString(f.Name) || flagsRe.MatchString(f.Usage)
+			if matched {
+				newG.Flags.AddFlag(f)
+			}
+		})
+	}
+	return newGs
+}
+
+// Include makes a copy of groups only including the ones in the filter string
+func (gs *Groups) Include(groupsString string) *Groups {
+	if groupsString == "" {
+		return gs
+	}
+	want := map[string]bool{}
+	for _, groupName := range strings.Split(groupsString, ",") {
+		_, ok := All.ByName[groupName]
+		if !ok {
+			log.Fatalf("Couldn't find group %q in command annotation", groupName)
+		}
+		want[groupName] = true
+	}
+	newGs := NewGroups()
+	for _, g := range gs.Groups {
+		if !want[g.Name] {
+			continue
+		}
+		newG := newGs.NewGroup(g.Name, g.Help)
+		newG.Flags = g.Flags
+	}
+	return newGs
+}
+
+// Add a new flag to the Group
+func (g *Group) Add(flag *pflag.Flag) {
+	g.Flags.AddFlag(flag)
+}
+
+// AllRegistered returns all flags in a group
+func (gs *Groups) AllRegistered() map[*pflag.Flag]struct{} {
+	out := make(map[*pflag.Flag]struct{})
+	for _, g := range gs.Groups {
+		g.Flags.VisitAll(func(f *pflag.Flag) {
+			out[f] = struct{}{}
+		})
+	}
+	return out
+}
+
+// All is the global stats Groups
+var All *Groups
+
+// Groups of flags for documentation purposes
+func init() {
+	All = NewGroups()
+	All.NewGroup("Copy", "Flags for anything which can Copy a file.")
+	All.NewGroup("Sync", "Flags just used for `rclone sync`.")
+	All.NewGroup("Important", "Important flags useful for most commands.")
+	All.NewGroup("Check", "Flags used for `rclone check`.")
+	All.NewGroup("Networking", "General networking and HTTP stuff.")
+	All.NewGroup("Performance", "Flags helpful for increasing performance.")
+	All.NewGroup("Config", "General configuration of rclone.")
+	All.NewGroup("Debugging", "Flags for developers.")
+	All.NewGroup("Filter", "Flags for filtering directory listings.")
+	All.NewGroup("Listing", "Flags for listing directories.")
+	All.NewGroup("Logging", "Logging and statistics.")
+	All.NewGroup("Metadata", "Flags to control metadata.")
+	All.NewGroup("RC", "Flags to control the Remote Control API.")
+}
+
+// installFlag constructs a name from the flag passed in and
 // sets the value and default from the environment if possible
 // the value may be overridden when the command line is parsed
 //
-// Used to create non-backend flags like --stats
-func setValueFromEnv(flags *pflag.FlagSet, name string) {
+// Used to create non-backend flags like --stats.
+//
+// It also adds the flag to the groups passed in.
+func installFlag(flags *pflag.FlagSet, name string, groupsString string) {
+	// Find flag
+	flag := flags.Lookup(name)
+	if flag == nil {
+		log.Fatalf("Couldn't find flag --%q", name)
+	}
+
+	// Read default from environment if possible
 	envKey := fs.OptionToEnv(name)
-	envValue, found := os.LookupEnv(envKey)
-	if found {
-		flag := flags.Lookup(name)
-		if flag == nil {
-			log.Fatalf("Couldn't find flag --%q", name)
-		}
+	if envValue, envFound := os.LookupEnv(envKey); envFound {
 		err := flags.Set(name, envValue)
 		if err != nil {
 			log.Fatalf("Invalid value when setting --%s from environment variable %s=%q: %v", name, envKey, envValue, err)
@@ -31,6 +149,20 @@ func setValueFromEnv(flags *pflag.FlagSet, name string) {
 		fs.Debugf(nil, "Setting --%s %q from environment variable %s=%q", name, flag.Value, envKey, envValue)
 		flag.DefValue = envValue
 	}
+
+	// Add flag to Group if it is a global flag
+	if flags == pflag.CommandLine {
+		for _, groupName := range strings.Split(groupsString, ",") {
+			if groupName == "rc-" {
+				groupName = "RC"
+			}
+			group, ok := All.ByName[groupName]
+			if !ok {
+				log.Fatalf("Couldn't find group %q for flag --%s", groupName, name)
+			}
+			group.Add(flag)
+		}
+	}
 }
 
 // SetDefaultFromEnv constructs a name from the flag passed in and
@@ -54,105 +186,105 @@ func SetDefaultFromEnv(flags *pflag.FlagSet, name string) {
 // StringP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.StringP
-func StringP(name, shorthand string, value string, usage string) (out *string) {
+func StringP(name, shorthand string, value string, usage string, groups string) (out *string) {
 	out = pflag.StringP(name, shorthand, value, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
 // StringVarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.StringVarP
-func StringVarP(flags *pflag.FlagSet, p *string, name, shorthand string, value string, usage string) {
+func StringVarP(flags *pflag.FlagSet, p *string, name, shorthand string, value string, usage string, groups string) {
 	flags.StringVarP(p, name, shorthand, value, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // BoolP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.BoolP
-func BoolP(name, shorthand string, value bool, usage string) (out *bool) {
+func BoolP(name, shorthand string, value bool, usage string, groups string) (out *bool) {
 	out = pflag.BoolP(name, shorthand, value, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
 // BoolVarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.BoolVarP
-func BoolVarP(flags *pflag.FlagSet, p *bool, name, shorthand string, value bool, usage string) {
+func BoolVarP(flags *pflag.FlagSet, p *bool, name, shorthand string, value bool, usage string, groups string) {
 	flags.BoolVarP(p, name, shorthand, value, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // IntP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.IntP
-func IntP(name, shorthand string, value int, usage string) (out *int) {
+func IntP(name, shorthand string, value int, usage string, groups string) (out *int) {
 	out = pflag.IntP(name, shorthand, value, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
 // Int64P defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.IntP
-func Int64P(name, shorthand string, value int64, usage string) (out *int64) {
+func Int64P(name, shorthand string, value int64, usage string, groups string) (out *int64) {
 	out = pflag.Int64P(name, shorthand, value, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
 // Int64VarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.Int64VarP
-func Int64VarP(flags *pflag.FlagSet, p *int64, name, shorthand string, value int64, usage string) {
+func Int64VarP(flags *pflag.FlagSet, p *int64, name, shorthand string, value int64, usage string, groups string) {
 	flags.Int64VarP(p, name, shorthand, value, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // IntVarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.IntVarP
-func IntVarP(flags *pflag.FlagSet, p *int, name, shorthand string, value int, usage string) {
+func IntVarP(flags *pflag.FlagSet, p *int, name, shorthand string, value int, usage string, groups string) {
 	flags.IntVarP(p, name, shorthand, value, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // Uint32VarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.Uint32VarP
-func Uint32VarP(flags *pflag.FlagSet, p *uint32, name, shorthand string, value uint32, usage string) {
+func Uint32VarP(flags *pflag.FlagSet, p *uint32, name, shorthand string, value uint32, usage string, groups string) {
 	flags.Uint32VarP(p, name, shorthand, value, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // Float64P defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.Float64P
-func Float64P(name, shorthand string, value float64, usage string) (out *float64) {
+func Float64P(name, shorthand string, value float64, usage string, groups string) (out *float64) {
 	out = pflag.Float64P(name, shorthand, value, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
 // Float64VarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.Float64VarP
-func Float64VarP(flags *pflag.FlagSet, p *float64, name, shorthand string, value float64, usage string) {
+func Float64VarP(flags *pflag.FlagSet, p *float64, name, shorthand string, value float64, usage string, groups string) {
 	flags.Float64VarP(p, name, shorthand, value, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // DurationP defines a flag which can be set by an environment variable
 //
 // It wraps the duration in an fs.Duration for extra suffixes and
 // passes it to pflag.VarP
-func DurationP(name, shorthand string, value time.Duration, usage string) (out *time.Duration) {
+func DurationP(name, shorthand string, value time.Duration, usage string, groups string) (out *time.Duration) {
 	out = new(time.Duration)
 	*out = value
 	pflag.VarP((*fs.Duration)(out), name, shorthand, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
@@ -160,25 +292,25 @@ func DurationP(name, shorthand string, value time.Duration, usage string) (out *
 //
 // It wraps the duration in an fs.Duration for extra suffixes and
 // passes it to pflag.VarP
-func DurationVarP(flags *pflag.FlagSet, p *time.Duration, name, shorthand string, value time.Duration, usage string) {
+func DurationVarP(flags *pflag.FlagSet, p *time.Duration, name, shorthand string, value time.Duration, usage string, groups string) {
 	flags.VarP((*fs.Duration)(p), name, shorthand, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // VarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.VarP
-func VarP(value pflag.Value, name, shorthand, usage string) {
+func VarP(value pflag.Value, name, shorthand, usage string, groups string) {
 	pflag.VarP(value, name, shorthand, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 }
 
 // FVarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.VarP
-func FVarP(flags *pflag.FlagSet, value pflag.Value, name, shorthand, usage string) {
+func FVarP(flags *pflag.FlagSet, value pflag.Value, name, shorthand, usage string, groups string) {
 	flags.VarP(value, name, shorthand, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // StringArrayP defines a flag which can be set by an environment variable
@@ -186,9 +318,9 @@ func FVarP(flags *pflag.FlagSet, value pflag.Value, name, shorthand, usage strin
 // It sets one value only - command line flags can be used to set more.
 //
 // It is a thin wrapper around pflag.StringArrayP
-func StringArrayP(name, shorthand string, value []string, usage string) (out *[]string) {
+func StringArrayP(name, shorthand string, value []string, usage string, groups string) (out *[]string) {
 	out = pflag.StringArrayP(name, shorthand, value, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
@@ -197,24 +329,24 @@ func StringArrayP(name, shorthand string, value []string, usage string) (out *[]
 // It sets one value only - command line flags can be used to set more.
 //
 // It is a thin wrapper around pflag.StringArrayVarP
-func StringArrayVarP(flags *pflag.FlagSet, p *[]string, name, shorthand string, value []string, usage string) {
+func StringArrayVarP(flags *pflag.FlagSet, p *[]string, name, shorthand string, value []string, usage string, groups string) {
 	flags.StringArrayVarP(p, name, shorthand, value, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
 
 // CountP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.CountP
-func CountP(name, shorthand string, usage string) (out *int) {
+func CountP(name, shorthand string, usage string, groups string) (out *int) {
 	out = pflag.CountP(name, shorthand, usage)
-	setValueFromEnv(pflag.CommandLine, name)
+	installFlag(pflag.CommandLine, name, groups)
 	return out
 }
 
 // CountVarP defines a flag which can be set by an environment variable
 //
 // It is a thin wrapper around pflag.CountVarP
-func CountVarP(flags *pflag.FlagSet, p *int, name, shorthand string, usage string) {
+func CountVarP(flags *pflag.FlagSet, p *int, name, shorthand string, usage string, groups string) {
 	flags.CountVarP(p, name, shorthand, usage)
-	setValueFromEnv(flags, name)
+	installFlag(flags, name, groups)
 }
diff --git a/fs/config/rc.go b/fs/config/rc.go
index f5902628d1338..951adefe5aa8f 100644
--- a/fs/config/rc.go
+++ b/fs/config/rc.go
@@ -59,7 +59,7 @@ func init() {
 	rc.Add(rc.Call{
 		Path:         "config/listremotes",
 		Fn:           rcListRemotes,
-		Title:        "Lists the remotes in the config file.",
+		Title:        "Lists the remotes in the config file and defined in environment variables.",
 		AuthRequired: true,
 		Help: `
 Returns
@@ -71,8 +71,9 @@ See the [listremotes](/commands/rclone_listremotes/) command for more informatio
 }
 
 // Return the a list of remotes in the config file
+// including any defined by environment variables.
 func rcListRemotes(ctx context.Context, in rc.Params) (out rc.Params, err error) {
-	remotes := LoadedData().GetSectionList()
+	remotes := FileSections()
 	out = rc.Params{
 		"remotes": remotes,
 	}
diff --git a/fs/config/rc_test.go b/fs/config/rc_test.go
index fc9f3756337bb..ac5a60ca374fc 100644
--- a/fs/config/rc_test.go
+++ b/fs/config/rc_test.go
@@ -2,6 +2,7 @@ package config_test
 
 import (
 	"context"
+	"os"
 	"testing"
 
 	_ "github.com/rclone/rclone/backend/local"
@@ -68,6 +69,10 @@ func TestRc(t *testing.T) {
 	})
 
 	t.Run("ListRemotes", func(t *testing.T) {
+		assert.NoError(t, os.Setenv("RCLONE_CONFIG_MY-LOCAL_TYPE", "local"))
+		defer func() {
+			assert.NoError(t, os.Unsetenv("RCLONE_CONFIG_MY-LOCAL_TYPE"))
+		}()
 		call := rc.Calls.Get("config/listremotes")
 		assert.NotNil(t, call)
 		in := rc.Params{}
@@ -80,6 +85,7 @@ func TestRc(t *testing.T) {
 		require.NoError(t, err)
 
 		assert.Contains(t, remotes, testName)
+		assert.Contains(t, remotes, "my-local")
 	})
 
 	t.Run("Update", func(t *testing.T) {
diff --git a/fs/config/ui.go b/fs/config/ui.go
index 60b5b3bc61e1e..c58fb92e48d11 100644
--- a/fs/config/ui.go
+++ b/fs/config/ui.go
@@ -46,6 +46,9 @@ func ReadNonEmptyLine(prompt string) string {
 
 // CommandDefault - choose one.  If return is pressed then it will
 // chose the defaultIndex if it is >= 0
+//
+// Must not call fs.Log anything from here to avoid deadlock in
+// --interactive --progress
 func CommandDefault(commands []string, defaultIndex int) byte {
 	opts := []string{}
 	for i, text := range commands {
@@ -299,19 +302,41 @@ func mustFindByName(name string) *fs.RegInfo {
 	return fs.MustFind(fsType)
 }
 
+// findByName finds the RegInfo for the remote name passed in or
+// returns an error
+func findByName(name string) (*fs.RegInfo, error) {
+	fsType := FileGet(name, "type")
+	if fsType == "" {
+		return nil, fmt.Errorf("couldn't find type of fs for %q", name)
+	}
+	return fs.Find(fsType)
+}
+
 // printRemoteOptions prints the options of the remote
-func printRemoteOptions(name string, prefix string, sep string) {
-	fs := mustFindByName(name)
+func printRemoteOptions(name string, prefix string, sep string, redacted bool) {
+	fsInfo, err := findByName(name)
+	if err != nil {
+		fmt.Printf("# %v\n", err)
+		fsInfo = nil
+	}
 	for _, key := range LoadedData().GetKeyList(name) {
 		isPassword := false
-		for _, option := range fs.Options {
-			if option.Name == key && option.IsPassword {
-				isPassword = true
-				break
+		isSensitive := false
+		if fsInfo != nil {
+			for _, option := range fsInfo.Options {
+				if option.Name == key {
+					if option.IsPassword {
+						isPassword = true
+					} else if option.Sensitive {
+						isSensitive = true
+					}
+				}
 			}
 		}
 		value := FileGet(name, key)
-		if isPassword && value != "" {
+		if redacted && (isSensitive || isPassword) && value != "" {
+			fmt.Printf("%s%s%sXXX\n", prefix, key, sep)
+		} else if isPassword && value != "" {
 			fmt.Printf("%s%s%s*** ENCRYPTED ***\n", prefix, key, sep)
 		} else {
 			fmt.Printf("%s%s%s%s\n", prefix, key, sep, value)
@@ -321,13 +346,19 @@ func printRemoteOptions(name string, prefix string, sep string) {
 
 // listRemoteOptions lists the options of the remote
 func listRemoteOptions(name string) {
-	printRemoteOptions(name, "- ", ": ")
+	printRemoteOptions(name, "- ", ": ", false)
 }
 
 // ShowRemote shows the contents of the remote in config file format
 func ShowRemote(name string) {
 	fmt.Printf("[%s]\n", name)
-	printRemoteOptions(name, "", " = ")
+	printRemoteOptions(name, "", " = ", false)
+}
+
+// ShowRedactedRemote shows the contents of the remote in config file format
+func ShowRedactedRemote(name string) {
+	fmt.Printf("[%s]\n", name)
+	printRemoteOptions(name, "", " = ", true)
 }
 
 // OkRemote prints the contents of the remote and ask if it is OK
@@ -631,6 +662,22 @@ func ShowConfig() {
 	fmt.Printf("%s", str)
 }
 
+// ShowRedactedConfig prints the redacted (unencrypted) config options
+func ShowRedactedConfig() {
+	remotes := LoadedData().GetSectionList()
+	if len(remotes) == 0 {
+		fmt.Println("; empty config")
+		return
+	}
+	sort.Strings(remotes)
+	for i, remote := range remotes {
+		if i != 0 {
+			fmt.Println()
+		}
+		ShowRedactedRemote(remote)
+	}
+}
+
 // EditConfig edits the config file interactively
 func EditConfig(ctx context.Context) (err error) {
 	for {
diff --git a/fs/config_test.go b/fs/config_test.go
index f9157bbf6e5f3..141f1185d7f98 100644
--- a/fs/config_test.go
+++ b/fs/config_test.go
@@ -11,7 +11,9 @@ func TestGetConfig(t *testing.T) {
 	ctx := context.Background()
 
 	// Check nil
-	config := GetConfig(nil) //lint:ignore SA1012 we want to test passing a nil Context and therefore ignore lint suggestion of using context.TODO
+	//lint:ignore SA1012 false positive when running staticcheck, we want to test passing a nil Context and therefore ignore lint suggestion to use context.TODO
+	//nolint:staticcheck // Don't include staticcheck when running golangci-lint to avoid SA1012
+	config := GetConfig(nil)
 	assert.Equal(t, globalConfig, config)
 
 	// Check empty config
diff --git a/fs/countsuffix.go b/fs/countsuffix.go
index cea3b6329805e..232a2ff43cd80 100644
--- a/fs/countsuffix.go
+++ b/fs/countsuffix.go
@@ -154,7 +154,7 @@ func (x *CountSuffix) Set(s string) error {
 }
 
 // Type of the value
-func (x *CountSuffix) Type() string {
+func (x CountSuffix) Type() string {
 	return "CountSuffix"
 }
 
diff --git a/fs/countsuffix_test.go b/fs/countsuffix_test.go
index e05921c5b7f4c..a8635572ca370 100644
--- a/fs/countsuffix_test.go
+++ b/fs/countsuffix_test.go
@@ -9,8 +9,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*CountSuffix)(nil)
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*CountSuffix)(nil)
+	_ flaggerNP = CountSuffix(0)
+)
 
 func TestCountSuffixString(t *testing.T) {
 	for _, test := range []struct {
diff --git a/fs/cutoffmode.go b/fs/cutoffmode.go
index 9f6390663c70d..759068ddc6b2a 100644
--- a/fs/cutoffmode.go
+++ b/fs/cutoffmode.go
@@ -1,58 +1,22 @@
 package fs
 
-import (
-	"fmt"
-	"strings"
-)
+type cutoffModeChoices struct{}
+
+func (cutoffModeChoices) Choices() []string {
+	return []string{
+		CutoffModeHard:     "HARD",
+		CutoffModeSoft:     "SOFT",
+		CutoffModeCautious: "CAUTIOUS",
+	}
+}
 
 // CutoffMode describes the possible delete modes in the config
-type CutoffMode byte
+type CutoffMode = Enum[cutoffModeChoices]
 
-// MaxTransferMode constants
+// CutoffMode constants
 const (
 	CutoffModeHard CutoffMode = iota
 	CutoffModeSoft
 	CutoffModeCautious
 	CutoffModeDefault = CutoffModeHard
 )
-
-var cutoffModeToString = []string{
-	CutoffModeHard:     "HARD",
-	CutoffModeSoft:     "SOFT",
-	CutoffModeCautious: "CAUTIOUS",
-}
-
-// String turns a LogLevel into a string
-func (m CutoffMode) String() string {
-	if m >= CutoffMode(len(cutoffModeToString)) {
-		return fmt.Sprintf("CutoffMode(%d)", m)
-	}
-	return cutoffModeToString[m]
-}
-
-// Set a LogLevel
-func (m *CutoffMode) Set(s string) error {
-	for n, name := range cutoffModeToString {
-		if s != "" && name == strings.ToUpper(s) {
-			*m = CutoffMode(n)
-			return nil
-		}
-	}
-	return fmt.Errorf("unknown cutoff mode %q", s)
-}
-
-// Type of the value
-func (m *CutoffMode) Type() string {
-	return "string"
-}
-
-// UnmarshalJSON makes sure the value can be parsed as a string or integer in JSON
-func (m *CutoffMode) UnmarshalJSON(in []byte) error {
-	return UnmarshalJSONFlag(in, m, func(i int64) error {
-		if i < 0 || i >= int64(len(cutoffModeToString)) {
-			return fmt.Errorf("out of range cutoff mode %d", i)
-		}
-		*m = (CutoffMode)(i)
-		return nil
-	})
-}
diff --git a/fs/cutoffmode_test.go b/fs/cutoffmode_test.go
index 2b20b71c8701c..8672098437238 100644
--- a/fs/cutoffmode_test.go
+++ b/fs/cutoffmode_test.go
@@ -9,8 +9,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*CutoffMode)(nil)
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*CutoffMode)(nil)
+	_ flaggerNP = CutoffMode(0)
+)
 
 func TestCutoffModeString(t *testing.T) {
 	for _, test := range []struct {
@@ -19,7 +22,7 @@ func TestCutoffModeString(t *testing.T) {
 	}{
 		{CutoffModeHard, "HARD"},
 		{CutoffModeSoft, "SOFT"},
-		{99, "CutoffMode(99)"},
+		{99, "Unknown(99)"},
 	} {
 		cm := test.in
 		got := cm.String()
diff --git a/fs/dir.go b/fs/dir.go
index 63c51a310d5d9..c55bcea23713b 100644
--- a/fs/dir.go
+++ b/fs/dir.go
@@ -16,6 +16,8 @@ type Dir struct {
 }
 
 // NewDir creates an unspecialized Directory object
+//
+// If the modTime is unknown pass in time.Time{}
 func NewDir(remote string, modTime time.Time) *Dir {
 	return &Dir{
 		remote:  remote,
@@ -75,12 +77,14 @@ func (d *Dir) SetParentID(parent string) *Dir {
 }
 
 // ModTime returns the modification date of the file
-// It should return a best guess if one isn't available
+//
+// If one isn't available it returns the configured --default-dir-time
 func (d *Dir) ModTime(ctx context.Context) time.Time {
 	if !d.modTime.IsZero() {
 		return d.modTime
 	}
-	return time.Now()
+	ci := GetConfig(ctx)
+	return time.Time(ci.DefaultTime)
 }
 
 // Size returns the size of the file
diff --git a/fs/dirtree/dirtree.go b/fs/dirtree/dirtree.go
index 6b4be8b6dce47..70344ab349559 100644
--- a/fs/dirtree/dirtree.go
+++ b/fs/dirtree/dirtree.go
@@ -63,10 +63,12 @@ func (dt DirTree) AddEntry(entry fs.DirEntry) {
 		panic("unknown entry type")
 	}
 	remoteParent := parentDir(entry.Remote())
-	dt.CheckParent("", remoteParent)
+	dt.checkParent("", remoteParent, nil)
 }
 
 // Find returns the DirEntry for filePath or nil if not found
+//
+// None that Find does a O(N) search so can be slow
 func (dt DirTree) Find(filePath string) (parentPath string, entry fs.DirEntry) {
 	parentPath = parentDir(filePath)
 	for _, entry := range dt[parentPath] {
@@ -77,23 +79,52 @@ func (dt DirTree) Find(filePath string) (parentPath string, entry fs.DirEntry) {
 	return parentPath, nil
 }
 
-// CheckParent checks that dirPath has a *Dir in its parent
-func (dt DirTree) CheckParent(root, dirPath string) {
-	if dirPath == root {
-		return
-	}
-	parentPath, entry := dt.Find(dirPath)
-	if entry != nil {
-		return
+// checkParent checks that dirPath has a *Dir in its parent
+//
+// If dirs is not nil it must contain entries for every *Dir found in
+// the tree. It is used to speed up the checking when calling this
+// repeatedly.
+func (dt DirTree) checkParent(root, dirPath string, dirs map[string]struct{}) {
+	var parentPath string
+	for {
+		if dirPath == root {
+			return
+		}
+		// Can rely on dirs to have all directories in it so
+		// we don't need to call Find.
+		if dirs != nil {
+			if _, found := dirs[dirPath]; found {
+				return
+			}
+			parentPath = parentDir(dirPath)
+		} else {
+			var entry fs.DirEntry
+			parentPath, entry = dt.Find(dirPath)
+			if entry != nil {
+				return
+			}
+		}
+		dt[parentPath] = append(dt[parentPath], fs.NewDir(dirPath, time.Now()))
+		if dirs != nil {
+			dirs[dirPath] = struct{}{}
+		}
+		dirPath = parentPath
 	}
-	dt[parentPath] = append(dt[parentPath], fs.NewDir(dirPath, time.Now()))
-	dt.CheckParent(root, parentPath)
 }
 
 // CheckParents checks every directory in the tree has *Dir in its parent
 func (dt DirTree) CheckParents(root string) {
+	dirs := make(map[string]struct{})
+	// Find all the directories and stick them in dirs
+	for _, entries := range dt {
+		for _, entry := range entries {
+			if _, ok := entry.(fs.Directory); ok {
+				dirs[entry.Remote()] = struct{}{}
+			}
+		}
+	}
 	for dirPath := range dt {
-		dt.CheckParent(root, dirPath)
+		dt.checkParent(root, dirPath, dirs)
 	}
 }
 
diff --git a/fs/dirtree/dirtree_test.go b/fs/dirtree/dirtree_test.go
index d548d8c6f4728..81930fc1afb1f 100644
--- a/fs/dirtree/dirtree_test.go
+++ b/fs/dirtree/dirtree_test.go
@@ -1,6 +1,7 @@
 package dirtree
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/rclone/rclone/fstest/mockdir"
@@ -108,7 +109,7 @@ func TestDirTreeCheckParent(t *testing.T) {
   sausage
 `, dt.String())
 
-	dt.CheckParent("", "dir/subdir")
+	dt.checkParent("", "dir/subdir", nil)
 
 	assert.Equal(t, `/
   dir/
@@ -200,3 +201,21 @@ dir2/
 `, dt.String())
 
 }
+
+func BenchmarkCheckParents(b *testing.B) {
+	for _, N := range []int{1e2, 1e3, 1e4, 1e5, 1e6} {
+		b.Run(fmt.Sprintf("%d", N), func(b *testing.B) {
+			b.StopTimer()
+			dt := New()
+			for i := 0; i < N; i++ {
+				remote := fmt.Sprintf("dir%09d/file%09d.txt", i, 1)
+				o := mockobject.New(remote)
+				dt.Add(o)
+			}
+			b.StartTimer()
+			for n := 0; n < b.N; n++ {
+				dt.CheckParents("")
+			}
+		})
+	}
+}
diff --git a/fs/dump.go b/fs/dump.go
index a156712533c36..a461d660a40dc 100644
--- a/fs/dump.go
+++ b/fs/dump.go
@@ -1,12 +1,7 @@
 package fs
 
-import (
-	"fmt"
-	"strings"
-)
-
 // DumpFlags describes the Dump options in force
-type DumpFlags int
+type DumpFlags = Bits[dumpChoices]
 
 // DumpFlags definitions
 const (
@@ -18,82 +13,28 @@ const (
 	DumpFilters
 	DumpGoRoutines
 	DumpOpenFiles
+	DumpMapper
 )
 
-var dumpFlags = []struct {
-	flag DumpFlags
-	name string
-}{
-	{DumpHeaders, "headers"},
-	{DumpBodies, "bodies"},
-	{DumpRequests, "requests"},
-	{DumpResponses, "responses"},
-	{DumpAuth, "auth"},
-	{DumpFilters, "filters"},
-	{DumpGoRoutines, "goroutines"},
-	{DumpOpenFiles, "openfiles"},
-}
-
-// DumpFlagsList is a list of dump flags used in the help
-var DumpFlagsList string
-
-func init() {
-	// calculate the dump flags list
-	var out []string
-	for _, info := range dumpFlags {
-		out = append(out, info.name)
+type dumpChoices struct{}
+
+func (dumpChoices) Choices() []BitsChoicesInfo {
+	return []BitsChoicesInfo{
+		{uint64(DumpHeaders), "headers"},
+		{uint64(DumpBodies), "bodies"},
+		{uint64(DumpRequests), "requests"},
+		{uint64(DumpResponses), "responses"},
+		{uint64(DumpAuth), "auth"},
+		{uint64(DumpFilters), "filters"},
+		{uint64(DumpGoRoutines), "goroutines"},
+		{uint64(DumpOpenFiles), "openfiles"},
+		{uint64(DumpMapper), "mapper"},
 	}
-	DumpFlagsList = strings.Join(out, ",")
 }
 
-// String turns a DumpFlags into a string
-func (f DumpFlags) String() string {
-	var out []string
-	for _, info := range dumpFlags {
-		if f&info.flag != 0 {
-			out = append(out, info.name)
-			f &^= info.flag
-		}
-	}
-	if f != 0 {
-		out = append(out, fmt.Sprintf("Unknown-0x%X", int(f)))
-	}
-	return strings.Join(out, ",")
-}
-
-// Set a DumpFlags as a comma separated list of flags
-func (f *DumpFlags) Set(s string) error {
-	var flags DumpFlags
-	parts := strings.Split(s, ",")
-	for _, part := range parts {
-		found := false
-		part = strings.ToLower(strings.TrimSpace(part))
-		if part == "" {
-			continue
-		}
-		for _, info := range dumpFlags {
-			if part == info.name {
-				found = true
-				flags |= info.flag
-			}
-		}
-		if !found {
-			return fmt.Errorf("unknown dump flag %q", part)
-		}
-	}
-	*f = flags
-	return nil
-}
-
-// Type of the value
-func (f *DumpFlags) Type() string {
+func (dumpChoices) Type() string {
 	return "DumpFlags"
 }
 
-// UnmarshalJSON makes sure the value can be parsed as a string or integer in JSON
-func (f *DumpFlags) UnmarshalJSON(in []byte) error {
-	return UnmarshalJSONFlag(in, f, func(i int64) error {
-		*f = (DumpFlags)(i)
-		return nil
-	})
-}
+// DumpFlagsList is a list of dump flags used in the help
+var DumpFlagsList = DumpHeaders.Help()
diff --git a/fs/dump_test.go b/fs/dump_test.go
index ede6125e8c731..b0bba60d03fd9 100644
--- a/fs/dump_test.go
+++ b/fs/dump_test.go
@@ -8,8 +8,11 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*DumpFlags)(nil)
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*DumpFlags)(nil)
+	_ flaggerNP = DumpFlags(0)
+)
 
 func TestDumpFlagsString(t *testing.T) {
 	assert.Equal(t, "", DumpFlags(0).String())
@@ -30,9 +33,9 @@ func TestDumpFlagsSet(t *testing.T) {
 		{"bodies,headers,auth", DumpBodies | DumpHeaders | DumpAuth, ""},
 		{"bodies,headers,auth", DumpBodies | DumpHeaders | DumpAuth, ""},
 		{"headers,bodies,requests,responses,auth,filters", DumpHeaders | DumpBodies | DumpRequests | DumpResponses | DumpAuth | DumpFilters, ""},
-		{"headers,bodies,unknown,auth", 0, "unknown dump flag \"unknown\""},
+		{"headers,bodies,unknown,auth", 0, "invalid choice \"unknown\""},
 	} {
-		f := DumpFlags(-1)
+		f := DumpFlags(0xffffffffffffffff)
 		initial := f
 		err := f.Set(test.in)
 		if err != nil {
@@ -69,12 +72,12 @@ func TestDumpFlagsUnmarshallJSON(t *testing.T) {
 		{`"bodies,headers,auth"`, DumpBodies | DumpHeaders | DumpAuth, ""},
 		{`"bodies,headers,auth"`, DumpBodies | DumpHeaders | DumpAuth, ""},
 		{`"headers,bodies,requests,responses,auth,filters"`, DumpHeaders | DumpBodies | DumpRequests | DumpResponses | DumpAuth | DumpFilters, ""},
-		{`"headers,bodies,unknown,auth"`, 0, "unknown dump flag \"unknown\""},
+		{`"headers,bodies,unknown,auth"`, 0, "invalid choice \"unknown\""},
 		{`0`, DumpFlags(0), ""},
 		{strconv.Itoa(int(DumpBodies)), DumpBodies, ""},
 		{strconv.Itoa(int(DumpBodies | DumpHeaders | DumpAuth)), DumpBodies | DumpHeaders | DumpAuth, ""},
 	} {
-		f := DumpFlags(-1)
+		f := DumpFlags(0xffffffffffffffff)
 		initial := f
 		err := json.Unmarshal([]byte(test.in), &f)
 		if err != nil {
diff --git a/fs/enum.go b/fs/enum.go
new file mode 100644
index 0000000000000..3a0127f39440f
--- /dev/null
+++ b/fs/enum.go
@@ -0,0 +1,110 @@
+package fs
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// Enum is an option which can only be one of the Choices.
+//
+// Suggested implementation is something like this:
+//
+//	type choice = Enum[choices]
+//
+//	const (
+//		choiceA choice = iota
+//		choiceB
+//		choiceC
+//	)
+//
+//	type choices struct{}
+//
+//	func (choices) Choices() []string {
+//		return []string{
+//			choiceA: "A",
+//			choiceB: "B",
+//			choiceC: "C",
+//		}
+//	}
+type Enum[C Choices] byte
+
+// Choices returns the valid choices for this type.
+//
+// It must work on the zero value.
+//
+// Note that when using this in an Option the ExampleChoices will be
+// filled in automatically.
+type Choices interface {
+	// Choices returns the valid choices for this type
+	Choices() []string
+}
+
+// String renders the Enum as a string
+func (e Enum[C]) String() string {
+	choices := e.Choices()
+	if int(e) >= len(choices) {
+		return fmt.Sprintf("Unknown(%d)", e)
+	}
+	return choices[e]
+}
+
+// Choices returns the possible values of the Enum.
+func (e Enum[C]) Choices() []string {
+	var c C
+	return c.Choices()
+}
+
+// Help returns a comma separated list of all possible states.
+func (e Enum[C]) Help() string {
+	return strings.Join(e.Choices(), ", ")
+}
+
+// Set the Enum entries
+func (e *Enum[C]) Set(s string) error {
+	for i, choice := range e.Choices() {
+		if strings.EqualFold(s, choice) {
+			*e = Enum[C](i)
+			return nil
+		}
+	}
+	return fmt.Errorf("invalid choice %q from: %s", s, e.Help())
+}
+
+// Type of the value.
+//
+// If C has a Type() string method then it will be used instead.
+func (e Enum[C]) Type() string {
+	var c C
+	if do, ok := any(c).(typer); ok {
+		return do.Type()
+	}
+	return strings.Join(e.Choices(), "|")
+}
+
+// Scan implements the fmt.Scanner interface
+func (e *Enum[C]) Scan(s fmt.ScanState, ch rune) error {
+	token, err := s.Token(true, nil)
+	if err != nil {
+		return err
+	}
+	return e.Set(string(token))
+}
+
+// UnmarshalJSON parses it as a string or an integer
+func (e *Enum[C]) UnmarshalJSON(in []byte) error {
+	choices := e.Choices()
+	return UnmarshalJSONFlag(in, e, func(i int64) error {
+		if i < 0 || i >= int64(len(choices)) {
+			return fmt.Errorf("%d is out of range: must be 0..%d", i, len(choices))
+		}
+		*e = Enum[C](i)
+		return nil
+	})
+
+}
+
+// MarshalJSON encodes it as string
+func (e *Enum[C]) MarshalJSON() ([]byte, error) {
+	return json.Marshal(e.String())
+}
diff --git a/fs/enum_test.go b/fs/enum_test.go
new file mode 100644
index 0000000000000..67dc3605669e4
--- /dev/null
+++ b/fs/enum_test.go
@@ -0,0 +1,143 @@
+package fs
+
+import (
+	"encoding/json"
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type choices struct{}
+
+func (choices) Choices() []string {
+	return []string{
+		choiceA: "A",
+		choiceB: "B",
+		choiceC: "C",
+	}
+}
+
+type choice = Enum[choices]
+
+const (
+	choiceA choice = iota
+	choiceB
+	choiceC
+)
+
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*choice)(nil)
+	_ flaggerNP = choice(0)
+)
+
+func TestEnumString(t *testing.T) {
+	for _, test := range []struct {
+		in   choice
+		want string
+	}{
+		{choiceA, "A"},
+		{choiceB, "B"},
+		{choiceC, "C"},
+		{choice(100), "Unknown(100)"},
+	} {
+		got := test.in.String()
+		assert.Equal(t, test.want, got)
+	}
+}
+
+func TestEnumType(t *testing.T) {
+	assert.Equal(t, "A|B|C", choiceA.Type())
+}
+
+// Enum with Type() on the choices
+type choicestype struct{}
+
+func (choicestype) Choices() []string {
+	return []string{}
+}
+
+func (choicestype) Type() string {
+	return "potato"
+}
+
+type choicetype = Enum[choicestype]
+
+func TestEnumTypeWithFunction(t *testing.T) {
+	assert.Equal(t, "potato", choicetype(0).Type())
+}
+
+func TestEnumHelp(t *testing.T) {
+	assert.Equal(t, "A, B, C", choice(0).Help())
+}
+
+func TestEnumSet(t *testing.T) {
+	for _, test := range []struct {
+		in   string
+		want choice
+		err  bool
+	}{
+		{"A", choiceA, false},
+		{"B", choiceB, false},
+		{"C", choiceC, false},
+		{"D", choice(100), true},
+	} {
+		var got choice
+		err := got.Set(test.in)
+		if test.err {
+			require.Error(t, err)
+		} else {
+			require.NoError(t, err)
+			assert.Equal(t, test.want, got)
+		}
+	}
+}
+
+func TestEnumScan(t *testing.T) {
+	var v choice
+	n, err := fmt.Sscan(" A ", &v)
+	require.NoError(t, err)
+	assert.Equal(t, 1, n)
+	assert.Equal(t, choiceA, v)
+}
+
+func TestEnumUnmarshalJSON(t *testing.T) {
+	for _, test := range []struct {
+		in   string
+		want choice
+		err  string
+	}{
+		{`"A"`, choiceA, ""},
+		{`"B"`, choiceB, ""},
+		{`0`, choiceA, ""},
+		{`1`, choiceB, ""},
+		{`"D"`, choice(0), `invalid choice "D" from: A, B, C`},
+		{`100`, choice(0), `100 is out of range: must be 0..3`},
+	} {
+		var got choice
+		err := json.Unmarshal([]byte(test.in), &got)
+		if test.err != "" {
+			require.Error(t, err, test.in)
+			assert.ErrorContains(t, err, test.err)
+		} else {
+			require.NoError(t, err, test.in)
+		}
+		assert.Equal(t, test.want, got, test.in)
+	}
+}
+
+func TestEnumMarshalJSON(t *testing.T) {
+	for _, test := range []struct {
+		in   choice
+		want string
+	}{
+		{choiceA, `"A"`},
+		{choiceB, `"B"`},
+	} {
+		got, err := json.Marshal(&test.in)
+		require.NoError(t, err)
+		assert.Equal(t, test.want, string(got), fmt.Sprintf("%#v", test.in))
+	}
+}
diff --git a/fs/features.go b/fs/features.go
index b8bbffc2136fd..060c4cc37a4c8 100644
--- a/fs/features.go
+++ b/fs/features.go
@@ -30,6 +30,10 @@ type Features struct {
 	WriteMetadata           bool // can write metadata to objects
 	UserMetadata            bool // can read/write general purpose metadata
 	FilterAware             bool // can make use of filters if provided for listing
+	PartialUploads          bool // uploaded file can appear incomplete on the fs while it's being uploaded
+	NoMultiThreading        bool // set if can't have multiplethreads on one download open
+	Overlay                 bool // this wraps one or more backends to add functionality
+	ChunkWriterDoesntSeek   bool // set if the chunk writer doesn't need to read the data more than once
 
 	// Purge all files in the directory specified
 	//
@@ -147,6 +151,13 @@ type Features struct {
 	// It truncates any existing object
 	OpenWriterAt func(ctx context.Context, remote string, size int64) (WriterAtCloser, error)
 
+	// OpenChunkWriter returns the chunk size and a ChunkWriter
+	//
+	// Pass in the remote and the src object
+	// You can also use options to hint at the desired chunk size
+	//
+	OpenChunkWriter func(ctx context.Context, remote string, src ObjectInfo, options ...OpenOption) (info ChunkWriterInfo, writer ChunkWriter, err error)
+
 	// UserInfo returns info about the connected user
 	UserInfo func(ctx context.Context) (map[string]string, error)
 
@@ -172,6 +183,12 @@ type Features struct {
 // Disable nil's out the named feature.  If it isn't found then it
 // will log a message.
 func (ft *Features) Disable(name string) *Features {
+	// Prefix boolean values with ! to set the feature
+	invert := false
+	if strings.HasPrefix(name, "!") {
+		name = name[1:]
+		invert = true
+	}
 	v := reflect.ValueOf(ft).Elem()
 	vType := v.Type()
 	for i := 0; i < v.NumField(); i++ {
@@ -181,9 +198,18 @@ func (ft *Features) Disable(name string) *Features {
 			if !field.CanSet() {
 				Errorf(nil, "Can't set Feature %q", name)
 			} else {
-				zero := reflect.Zero(field.Type())
-				field.Set(zero)
-				Debugf(nil, "Reset feature %q", name)
+				if invert {
+					if field.Type().Kind() == reflect.Bool {
+						field.Set(reflect.ValueOf(true))
+						Debugf(nil, "Set feature %q", name)
+					} else {
+						Errorf(nil, "Can't set Feature %q to true", name)
+					}
+				} else {
+					zero := reflect.Zero(field.Type())
+					field.Set(zero)
+					Debugf(nil, "Reset feature %q", name)
+				}
 			}
 		}
 	}
@@ -254,6 +280,7 @@ func (ft *Features) Fill(ctx context.Context, f Fs) *Features {
 	if do, ok := f.(Wrapper); ok {
 		ft.WrapFs = do.WrapFs
 		ft.SetWrapper = do.SetWrapper
+		ft.Overlay = true // if implement UnWrap then must be an Overlay
 	}
 	if do, ok := f.(DirCacheFlusher); ok {
 		ft.DirCacheFlush = do.DirCacheFlush
@@ -282,6 +309,9 @@ func (ft *Features) Fill(ctx context.Context, f Fs) *Features {
 	if do, ok := f.(OpenWriterAter); ok {
 		ft.OpenWriterAt = do.OpenWriterAt
 	}
+	if do, ok := f.(OpenChunkWriter); ok {
+		ft.OpenChunkWriter = do.OpenChunkWriter
+	}
 	if do, ok := f.(UserInfoer); ok {
 		ft.UserInfo = do.UserInfo
 	}
@@ -322,6 +352,9 @@ func (ft *Features) Mask(ctx context.Context, f Fs) *Features {
 	ft.SlowModTime = ft.SlowModTime && mask.SlowModTime
 	ft.SlowHash = ft.SlowHash && mask.SlowHash
 	ft.FilterAware = ft.FilterAware && mask.FilterAware
+	ft.PartialUploads = ft.PartialUploads && mask.PartialUploads
+	ft.NoMultiThreading = ft.NoMultiThreading && mask.NoMultiThreading
+	// ft.Overlay = ft.Overlay && mask.Overlay don't propagate Overlay
 
 	if mask.Purge == nil {
 		ft.Purge = nil
@@ -371,6 +404,9 @@ func (ft *Features) Mask(ctx context.Context, f Fs) *Features {
 	if mask.OpenWriterAt == nil {
 		ft.OpenWriterAt = nil
 	}
+	if mask.OpenChunkWriter == nil {
+		ft.OpenChunkWriter = nil
+	}
 	if mask.UserInfo == nil {
 		ft.UserInfo = nil
 	}
@@ -601,6 +637,42 @@ type OpenWriterAter interface {
 	OpenWriterAt(ctx context.Context, remote string, size int64) (WriterAtCloser, error)
 }
 
+// OpenWriterAtFn describes the OpenWriterAt function pointer
+type OpenWriterAtFn func(ctx context.Context, remote string, size int64) (WriterAtCloser, error)
+
+// ChunkWriterInfo describes how a backend would like ChunkWriter called
+type ChunkWriterInfo struct {
+	ChunkSize         int64 // preferred chunk size
+	Concurrency       int   // how many chunks to write at once
+	LeavePartsOnError bool  // if set don't delete parts uploaded so far on error
+}
+
+// OpenChunkWriter is an option interface for Fs to implement chunked writing
+type OpenChunkWriter interface {
+	// OpenChunkWriter returns the chunk size and a ChunkWriter
+	//
+	// Pass in the remote and the src object
+	// You can also use options to hint at the desired chunk size
+	OpenChunkWriter(ctx context.Context, remote string, src ObjectInfo, options ...OpenOption) (info ChunkWriterInfo, writer ChunkWriter, err error)
+}
+
+// OpenChunkWriterFn describes the OpenChunkWriter function pointer
+type OpenChunkWriterFn func(ctx context.Context, remote string, src ObjectInfo, options ...OpenOption) (info ChunkWriterInfo, writer ChunkWriter, err error)
+
+// ChunkWriter is returned by OpenChunkWriter to implement chunked writing
+type ChunkWriter interface {
+	// WriteChunk will write chunk number with reader bytes, where chunk number >= 0
+	WriteChunk(ctx context.Context, chunkNumber int, reader io.ReadSeeker) (bytesWritten int64, err error)
+
+	// Close complete chunked writer finalising the file.
+	Close(ctx context.Context) error
+
+	// Abort chunk write
+	//
+	// You can and should call Abort without calling Close.
+	Abort(ctx context.Context) error
+}
+
 // UserInfoer is an optional interface for Fs
 type UserInfoer interface {
 	// UserInfo returns info about the connected user
diff --git a/fs/filter/filter.go b/fs/filter/filter.go
index 156dbd4a7b309..736495f4dd0ff 100644
--- a/fs/filter/filter.go
+++ b/fs/filter/filter.go
@@ -433,13 +433,13 @@ func (f *Filter) MakeListR(ctx context.Context, NewObject func(ctx context.Conte
 		var (
 			checkers = ci.Checkers
 			remotes  = make(chan string, checkers)
-			g        errgroup.Group
+			g, gCtx  = errgroup.WithContext(ctx)
 		)
 		for i := 0; i < checkers; i++ {
 			g.Go(func() (err error) {
 				var entries = make(fs.DirEntries, 1)
 				for remote := range remotes {
-					entries[0], err = NewObject(ctx, remote)
+					entries[0], err = NewObject(gCtx, remote)
 					if err == fs.ErrorObjectNotFound {
 						// Skip files that are not found
 					} else if err != nil {
@@ -454,8 +454,13 @@ func (f *Filter) MakeListR(ctx context.Context, NewObject func(ctx context.Conte
 				return nil
 			})
 		}
+	outer:
 		for remote := range f.files {
-			remotes <- remote
+			select {
+			case remotes <- remote:
+			case <-gCtx.Done():
+				break outer
+			}
 		}
 		close(remotes)
 		return g.Wait()
diff --git a/fs/filter/filter_test.go b/fs/filter/filter_test.go
index ca24ecf27c97c..7821cec74f6c3 100644
--- a/fs/filter/filter_test.go
+++ b/fs/filter/filter_test.go
@@ -360,6 +360,15 @@ func TestNewFilterMakeListR(t *testing.T) {
 	require.NoError(t, f.AddFile("error"))
 	err = listR(context.Background(), "", listRcallback)
 	require.EqualError(t, err, assert.AnError.Error())
+
+	// The checker will exit by the error above
+	ci := fs.GetConfig(context.Background())
+	ci.Checkers = 1
+
+	// Now check an error is returned from NewObject
+	require.NoError(t, f.AddFile("error"))
+	err = listR(context.Background(), "", listRcallback)
+	require.EqualError(t, err, assert.AnError.Error())
 }
 
 func TestNewFilterMinSize(t *testing.T) {
@@ -848,7 +857,9 @@ func TestGetConfig(t *testing.T) {
 	ctx := context.Background()
 
 	// Check nil
-	config := GetConfig(nil) //lint:ignore SA1012 we want to test passing a nil Context and therefore ignore lint suggestion of using context.TODO
+	//lint:ignore SA1012 false positive when running staticcheck, we want to test passing a nil Context and therefore ignore lint suggestion to use context.TODO
+	//nolint:staticcheck // Don't include staticcheck when running golangci-lint to avoid SA1012
+	config := GetConfig(nil)
 	assert.Equal(t, globalConfig, config)
 
 	// Check empty config
diff --git a/fs/filter/filterflags/filterflags.go b/fs/filter/filterflags/filterflags.go
index 5bb17b8a3c06e..e5202bfc1b2b4 100644
--- a/fs/filter/filterflags/filterflags.go
+++ b/fs/filter/filterflags/filterflags.go
@@ -33,27 +33,31 @@ func AddRuleFlags(flagSet *pflag.FlagSet, Opt *filter.RulesOpt, what, prefix str
 	if prefix == "" {
 		shortFilter = "f"
 	}
-	flags.StringArrayVarP(flagSet, &Opt.FilterRule, prefix+"filter", shortFilter, nil, fmt.Sprintf("Add a %s filtering rule", what))
-	flags.StringArrayVarP(flagSet, &Opt.FilterFrom, prefix+"filter-from", "", nil, fmt.Sprintf("Read %s filtering patterns from a file (use - to read from stdin)", what))
-	flags.StringArrayVarP(flagSet, &Opt.ExcludeRule, prefix+"exclude", "", nil, fmt.Sprintf("Exclude %ss matching pattern", what))
-	flags.StringArrayVarP(flagSet, &Opt.ExcludeFrom, prefix+"exclude-from", "", nil, fmt.Sprintf("Read %s exclude patterns from file (use - to read from stdin)", what))
-	flags.StringArrayVarP(flagSet, &Opt.IncludeRule, prefix+"include", "", nil, fmt.Sprintf("Include %ss matching pattern", what))
-	flags.StringArrayVarP(flagSet, &Opt.IncludeFrom, prefix+"include-from", "", nil, fmt.Sprintf("Read %s include patterns from file (use - to read from stdin)", what))
+	group := "Filter"
+	if prefix == "metadata-" {
+		group += ",Metadata"
+	}
+	flags.StringArrayVarP(flagSet, &Opt.FilterRule, prefix+"filter", shortFilter, nil, fmt.Sprintf("Add a %s filtering rule", what), group)
+	flags.StringArrayVarP(flagSet, &Opt.FilterFrom, prefix+"filter-from", "", nil, fmt.Sprintf("Read %s filtering patterns from a file (use - to read from stdin)", what), group)
+	flags.StringArrayVarP(flagSet, &Opt.ExcludeRule, prefix+"exclude", "", nil, fmt.Sprintf("Exclude %ss matching pattern", what), group)
+	flags.StringArrayVarP(flagSet, &Opt.ExcludeFrom, prefix+"exclude-from", "", nil, fmt.Sprintf("Read %s exclude patterns from file (use - to read from stdin)", what), group)
+	flags.StringArrayVarP(flagSet, &Opt.IncludeRule, prefix+"include", "", nil, fmt.Sprintf("Include %ss matching pattern", what), group)
+	flags.StringArrayVarP(flagSet, &Opt.IncludeFrom, prefix+"include-from", "", nil, fmt.Sprintf("Read %s include patterns from file (use - to read from stdin)", what), group)
 }
 
 // AddFlags adds the non filing system specific flags to the command
 func AddFlags(flagSet *pflag.FlagSet) {
 	rc.AddOptionReload("filter", &Opt, Reload)
-	flags.BoolVarP(flagSet, &Opt.DeleteExcluded, "delete-excluded", "", false, "Delete files on dest excluded from sync")
+	flags.BoolVarP(flagSet, &Opt.DeleteExcluded, "delete-excluded", "", false, "Delete files on dest excluded from sync", "Filter")
 	AddRuleFlags(flagSet, &Opt.RulesOpt, "file", "")
 	AddRuleFlags(flagSet, &Opt.MetaRules, "metadata", "metadata-")
-	flags.StringArrayVarP(flagSet, &Opt.ExcludeFile, "exclude-if-present", "", nil, "Exclude directories if filename is present")
-	flags.StringArrayVarP(flagSet, &Opt.FilesFrom, "files-from", "", nil, "Read list of source-file names from file (use - to read from stdin)")
-	flags.StringArrayVarP(flagSet, &Opt.FilesFromRaw, "files-from-raw", "", nil, "Read list of source-file names from file without any processing of lines (use - to read from stdin)")
-	flags.FVarP(flagSet, &Opt.MinAge, "min-age", "", "Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y")
-	flags.FVarP(flagSet, &Opt.MaxAge, "max-age", "", "Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y")
-	flags.FVarP(flagSet, &Opt.MinSize, "min-size", "", "Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P")
-	flags.FVarP(flagSet, &Opt.MaxSize, "max-size", "", "Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P")
-	flags.BoolVarP(flagSet, &Opt.IgnoreCase, "ignore-case", "", false, "Ignore case in filters (case insensitive)")
+	flags.StringArrayVarP(flagSet, &Opt.ExcludeFile, "exclude-if-present", "", nil, "Exclude directories if filename is present", "Filter")
+	flags.StringArrayVarP(flagSet, &Opt.FilesFrom, "files-from", "", nil, "Read list of source-file names from file (use - to read from stdin)", "Filter")
+	flags.StringArrayVarP(flagSet, &Opt.FilesFromRaw, "files-from-raw", "", nil, "Read list of source-file names from file without any processing of lines (use - to read from stdin)", "Filter")
+	flags.FVarP(flagSet, &Opt.MinAge, "min-age", "", "Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y", "Filter")
+	flags.FVarP(flagSet, &Opt.MaxAge, "max-age", "", "Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y", "Filter")
+	flags.FVarP(flagSet, &Opt.MinSize, "min-size", "", "Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P", "Filter")
+	flags.FVarP(flagSet, &Opt.MaxSize, "max-size", "", "Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P", "Filter")
+	flags.BoolVarP(flagSet, &Opt.IgnoreCase, "ignore-case", "", false, "Ignore case in filters (case insensitive)", "Filter")
 	//cvsExclude     = BoolP("cvs-exclude", "C", false, "Exclude files in the same way CVS does")
 }
diff --git a/fs/fingerprint_test.go b/fs/fingerprint_test.go
index 0a69ceddfae3a..713baf4cb652f 100644
--- a/fs/fingerprint_test.go
+++ b/fs/fingerprint_test.go
@@ -10,11 +10,14 @@ import (
 	"github.com/rclone/rclone/fstest/mockfs"
 	"github.com/rclone/rclone/fstest/mockobject"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestFingerprint(t *testing.T) {
 	ctx := context.Background()
-	f := mockfs.NewFs(ctx, "test", "root")
+	fMock, err := mockfs.NewFs(ctx, "test", "root", nil)
+	require.NoError(t, err)
+	f := fMock.(*mockfs.Fs)
 	f.SetHashes(hash.NewHashSet(hash.MD5))
 
 	for i, test := range []struct {
diff --git a/fs/fs_test.go b/fs/fs_test.go
index 4e316b9b5010a..862ab34c485d1 100644
--- a/fs/fs_test.go
+++ b/fs/fs_test.go
@@ -243,6 +243,7 @@ func TestOptionMarshalJSON(t *testing.T) {
 "NoPrefix": false,
 "Advanced": true,
 "Exclusive": false,
+"Sensitive": false,
 "DefaultStr": "false",
 "ValueStr": "true",
 "Type": "bool"
diff --git a/fs/fshttp/dialer.go b/fs/fshttp/dialer.go
index adeece18588c4..a8ff67bc6c758 100644
--- a/fs/fshttp/dialer.go
+++ b/fs/fshttp/dialer.go
@@ -14,10 +14,6 @@ import (
 	"golang.org/x/net/ipv6"
 )
 
-func dialContext(ctx context.Context, network, address string, ci *fs.ConfigInfo) (net.Conn, error) {
-	return NewDialer(ctx).DialContext(ctx, network, address)
-}
-
 // Dialer structure contains default dialer and timeout, tclass support
 type Dialer struct {
 	net.Dialer
@@ -52,6 +48,17 @@ var warnDSCPFail, warnDSCPWindows sync.Once
 
 // DialContext connects to the network address using the provided context.
 func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	// If local address is 0.0.0.0 or ::0 force IPv4 or IPv6
+	// This works around https://github.com/golang/go/issues/48723
+	// Which means 0.0.0.0 and ::0 both bind to both IPv4 and IPv6
+	if ip, ok := d.Dialer.LocalAddr.(*net.TCPAddr); ok && ip.IP.IsUnspecified() && (network == "tcp" || network == "udp") {
+		if ip.IP.To4() != nil {
+			network += "4" // IPv4 address
+		} else {
+			network += "6" // IPv6 address
+		}
+	}
+
 	c, err := d.Dialer.DialContext(ctx, network, address)
 	if err != nil {
 		return c, err
diff --git a/fs/fshttp/http.go b/fs/fshttp/http.go
index f17c8298ec6a6..498714dfd30c9 100644
--- a/fs/fshttp/http.go
+++ b/fs/fshttp/http.go
@@ -91,8 +91,8 @@ func NewTransportCustom(ctx context.Context, customize func(*http.Transport)) ht
 	}
 
 	t.DisableCompression = ci.NoGzip
-	t.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
-		return dialContext(ctx, network, addr, ci)
+	t.DialContext = func(reqCtx context.Context, network, addr string) (net.Conn, error) {
+		return NewDialer(ctx).DialContext(reqCtx, network, addr)
 	}
 	t.IdleConnTimeout = 60 * time.Second
 	t.ExpectContinueTimeout = ci.ExpectContinueTimeout
diff --git a/fs/hash/hash.go b/fs/hash/hash.go
index 4540b40cf49c4..23956cee68cf4 100644
--- a/fs/hash/hash.go
+++ b/fs/hash/hash.go
@@ -55,6 +55,16 @@ func RegisterHash(name, alias string, width int, newFunc func() hash.Hash) Type
 	return hashType
 }
 
+// SupportOnly makes the hash package only support the types passed
+// in. Used for testing.
+//
+// It returns the previously supported types.
+func SupportOnly(new []Type) (old []Type) {
+	old = supported
+	supported = new
+	return old
+}
+
 // ErrUnsupported should be returned by filesystem,
 // if it is requested to deliver an unsupported hash type.
 var ErrUnsupported = errors.New("hash type not supported")
diff --git a/fs/log.go b/fs/log.go
index 3f6fe21a74ce6..b04c77252b68d 100644
--- a/fs/log.go
+++ b/fs/log.go
@@ -10,7 +10,7 @@ import (
 )
 
 // LogLevel describes rclone's logs.  These are a subset of the syslog log levels.
-type LogLevel byte
+type LogLevel = Enum[logLevelChoices]
 
 // Log levels.  These are the syslog levels of which we only use a
 // subset.
@@ -34,50 +34,23 @@ const (
 	LogLevelDebug  // Debug level, needs -vv
 )
 
-var logLevelToString = []string{
-	LogLevelEmergency: "EMERGENCY",
-	LogLevelAlert:     "ALERT",
-	LogLevelCritical:  "CRITICAL",
-	LogLevelError:     "ERROR",
-	LogLevelWarning:   "WARNING",
-	LogLevelNotice:    "NOTICE",
-	LogLevelInfo:      "INFO",
-	LogLevelDebug:     "DEBUG",
-}
-
-// String turns a LogLevel into a string
-func (l LogLevel) String() string {
-	if l >= LogLevel(len(logLevelToString)) {
-		return fmt.Sprintf("LogLevel(%d)", l)
+type logLevelChoices struct{}
+
+func (logLevelChoices) Choices() []string {
+	return []string{
+		LogLevelEmergency: "EMERGENCY",
+		LogLevelAlert:     "ALERT",
+		LogLevelCritical:  "CRITICAL",
+		LogLevelError:     "ERROR",
+		LogLevelWarning:   "WARNING",
+		LogLevelNotice:    "NOTICE",
+		LogLevelInfo:      "INFO",
+		LogLevelDebug:     "DEBUG",
 	}
-	return logLevelToString[l]
 }
 
-// Set a LogLevel
-func (l *LogLevel) Set(s string) error {
-	for n, name := range logLevelToString {
-		if s != "" && name == s {
-			*l = LogLevel(n)
-			return nil
-		}
-	}
-	return fmt.Errorf("unknown log level %q", s)
-}
-
-// Type of the value
-func (l *LogLevel) Type() string {
-	return "string"
-}
-
-// UnmarshalJSON makes sure the value can be parsed as a string or integer in JSON
-func (l *LogLevel) UnmarshalJSON(in []byte) error {
-	return UnmarshalJSONFlag(in, l, func(i int64) error {
-		if i < 0 || i >= int64(LogLevel(len(logLevelToString))) {
-			return fmt.Errorf("unknown log level %d", i)
-		}
-		*l = (LogLevel)(i)
-		return nil
-	})
+func (logLevelChoices) Type() string {
+	return "LogLevel"
 }
 
 // LogPrintPid enables process pid in log
diff --git a/fs/log/logflags/logflags.go b/fs/log/logflags/logflags.go
index 818aaac51d0dc..d1d3c8d893a34 100644
--- a/fs/log/logflags/logflags.go
+++ b/fs/log/logflags/logflags.go
@@ -12,9 +12,9 @@ import (
 func AddFlags(flagSet *pflag.FlagSet) {
 	rc.AddOption("log", &log.Opt)
 
-	flags.StringVarP(flagSet, &log.Opt.File, "log-file", "", log.Opt.File, "Log everything to this file")
-	flags.StringVarP(flagSet, &log.Opt.Format, "log-format", "", log.Opt.Format, "Comma separated list of log format options")
-	flags.BoolVarP(flagSet, &log.Opt.UseSyslog, "syslog", "", log.Opt.UseSyslog, "Use Syslog for logging")
-	flags.StringVarP(flagSet, &log.Opt.SyslogFacility, "syslog-facility", "", log.Opt.SyslogFacility, "Facility for syslog, e.g. KERN,USER,...")
-	flags.BoolVarP(flagSet, &log.Opt.LogSystemdSupport, "log-systemd", "", log.Opt.LogSystemdSupport, "Activate systemd integration for the logger")
+	flags.StringVarP(flagSet, &log.Opt.File, "log-file", "", log.Opt.File, "Log everything to this file", "Logging")
+	flags.StringVarP(flagSet, &log.Opt.Format, "log-format", "", log.Opt.Format, "Comma separated list of log format options", "Logging")
+	flags.BoolVarP(flagSet, &log.Opt.UseSyslog, "syslog", "", log.Opt.UseSyslog, "Use Syslog for logging", "Logging")
+	flags.StringVarP(flagSet, &log.Opt.SyslogFacility, "syslog-facility", "", log.Opt.SyslogFacility, "Facility for syslog, e.g. KERN,USER,...", "Logging")
+	flags.BoolVarP(flagSet, &log.Opt.LogSystemdSupport, "log-systemd", "", log.Opt.LogSystemdSupport, "Activate systemd integration for the logger", "Logging")
 }
diff --git a/fs/log_test.go b/fs/log_test.go
index dcccb80438304..ef3ae2a72fe60 100644
--- a/fs/log_test.go
+++ b/fs/log_test.go
@@ -10,9 +10,12 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*LogLevel)(nil)
-var _ fmt.Stringer = LogValueItem{}
+// Check it satisfies the interfaces
+var (
+	_ flagger      = (*LogLevel)(nil)
+	_ flaggerNP    = LogLevel(0)
+	_ fmt.Stringer = LogValueItem{}
+)
 
 type withString struct{}
 
@@ -36,7 +39,7 @@ func TestLogLevelString(t *testing.T) {
 	}{
 		{LogLevelEmergency, "EMERGENCY"},
 		{LogLevelDebug, "DEBUG"},
-		{99, "LogLevel(99)"},
+		{99, "Unknown(99)"},
 	} {
 		logLevel := test.in
 		got := logLevel.String()
diff --git a/fs/march/march.go b/fs/march/march.go
index 771f079f4a7e7..856be0e7c328d 100644
--- a/fs/march/march.go
+++ b/fs/march/march.go
@@ -35,6 +35,7 @@ type March struct {
 	srcListDir listDirFn // function to call to list a directory in the src
 	dstListDir listDirFn // function to call to list a directory in the dst
 	transforms []matchTransformFn
+	limiter    chan struct{} // make sure we don't do too many operations at once
 }
 
 // Marcher is called on each match
@@ -69,6 +70,8 @@ func (m *March) init(ctx context.Context) {
 	if m.Fdst.Features().CaseInsensitive || ci.IgnoreCaseSync {
 		m.transforms = append(m.transforms, strings.ToLower)
 	}
+	// Limit parallelism for operations
+	m.limiter = make(chan struct{}, ci.Checkers)
 }
 
 // list a directory into entries, err
@@ -429,13 +432,11 @@ func (m *March) processJob(job listDirJob) ([]listDirJob, error) {
 
 	// If NoTraverse is set, then try to find a matching object
 	// for each item in the srcList to head dst object
-	ci := fs.GetConfig(m.Ctx)
-	limiter := make(chan struct{}, ci.Checkers)
 	if m.NoTraverse && !m.NoCheckDest {
 		for _, src := range srcList {
 			wg.Add(1)
-			limiter <- struct{}{}
-			go func(limiter chan struct{}, src fs.DirEntry) {
+			m.limiter <- struct{}{}
+			go func(src fs.DirEntry) {
 				defer wg.Done()
 				if srcObj, ok := src.(fs.Object); ok {
 					leaf := path.Base(srcObj.Remote())
@@ -446,8 +447,8 @@ func (m *March) processJob(job listDirJob) ([]listDirJob, error) {
 						mu.Unlock()
 					}
 				}
-				<-limiter
-			}(limiter, src)
+				<-m.limiter
+			}(src)
 		}
 		wg.Wait()
 	}
diff --git a/fs/metadata.go b/fs/metadata.go
index 1fa48dc77e76a..19b07cb6337a8 100644
--- a/fs/metadata.go
+++ b/fs/metadata.go
@@ -1,6 +1,14 @@
 package fs
 
-import "context"
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"os/exec"
+	"strings"
+	"time"
+)
 
 // Metadata represents Object metadata in a standardised form
 //
@@ -66,12 +74,85 @@ func GetMetadata(ctx context.Context, o ObjectInfo) (metadata Metadata, err erro
 	return do.Metadata(ctx)
 }
 
+// mapItem descripts the item to be mapped
+type mapItem struct {
+	SrcFs     string
+	SrcFsType string
+	DstFs     string
+	DstFsType string
+	Remote    string
+	Size      int64
+	MimeType  string `json:",omitempty"`
+	ModTime   time.Time
+	IsDir     bool
+	ID        string   `json:",omitempty"`
+	Metadata  Metadata `json:",omitempty"`
+}
+
+// This runs an external program on the metadata which can be used to
+// map it from one form to another.
+func metadataMapper(ctx context.Context, cmdLine SpaceSepList, dstFs Fs, o ObjectInfo, metadata Metadata) (newMetadata Metadata, err error) {
+	ci := GetConfig(ctx)
+	cmd := exec.Command(cmdLine[0], cmdLine[1:]...)
+	in := mapItem{
+		DstFs:     ConfigString(dstFs),
+		DstFsType: Type(dstFs),
+		Remote:    o.Remote(),
+		Size:      o.Size(),
+		MimeType:  MimeType(ctx, o),
+		ModTime:   o.ModTime(ctx),
+		IsDir:     false,
+		Metadata:  metadata,
+	}
+	fInfo := o.Fs()
+	if f, ok := fInfo.(Fs); ok {
+		in.SrcFs = ConfigString(f)
+		in.SrcFsType = Type(f)
+	} else {
+		in.SrcFs = fInfo.Name() + ":" + fInfo.Root()
+		in.SrcFsType = "unknown"
+	}
+	if do, ok := o.(IDer); ok {
+		in.ID = do.ID()
+	}
+	inBytes, err := json.MarshalIndent(in, "", "\t")
+	if err != nil {
+		return nil, fmt.Errorf("metadata mapper: failed to marshal input: %w", err)
+	}
+	if ci.Dump.IsSet(DumpMapper) {
+		Debugf(nil, "Metadata mapper sent: \n%s\n", string(inBytes))
+	}
+	var stdout, stderr bytes.Buffer
+	cmd.Stdin = bytes.NewBuffer(inBytes)
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	start := time.Now()
+	err = cmd.Run()
+	Debugf(o, "Calling metadata mapper %v", cmdLine)
+	duration := time.Since(start)
+	if err != nil {
+		return nil, fmt.Errorf("metadata mapper: failed on %v: %q: %w", cmdLine, strings.TrimSpace(stderr.String()), err)
+	}
+	if ci.Dump.IsSet(DumpMapper) {
+		Debugf(nil, "Metadata mapper received: \n%s\n", stdout.String())
+	}
+	var out mapItem
+	err = json.Unmarshal(stdout.Bytes(), &out)
+	if err != nil {
+		return nil, fmt.Errorf("metadata mapper: failed to read output: %q: %w", stdout.String(), err)
+	}
+	Debugf(o, "Metadata mapper returned in %v", duration)
+	return out.Metadata, nil
+}
+
 // GetMetadataOptions from an ObjectInfo and merge it with any in options
 //
-// If --metadata isn't in use it will return nil
+// If --metadata isn't in use it will return nil.
 //
-// If the object has no metadata then metadata will be nil
-func GetMetadataOptions(ctx context.Context, o ObjectInfo, options []OpenOption) (metadata Metadata, err error) {
+// If the object has no metadata then metadata will be nil.
+//
+// This should be passed the destination Fs for the metadata mapper
+func GetMetadataOptions(ctx context.Context, dstFs Fs, o ObjectInfo, options []OpenOption) (metadata Metadata, err error) {
 	ci := GetConfig(ctx)
 	if !ci.Metadata {
 		return nil, nil
@@ -81,5 +162,11 @@ func GetMetadataOptions(ctx context.Context, o ObjectInfo, options []OpenOption)
 		return nil, err
 	}
 	metadata.MergeOptions(options)
+	if len(ci.MetadataMapper) != 0 {
+		metadata, err = metadataMapper(ctx, ci.MetadataMapper, dstFs, o, metadata)
+		if err != nil {
+			return nil, err
+		}
+	}
 	return metadata, nil
 }
diff --git a/fs/metadata_mapper_code.go b/fs/metadata_mapper_code.go
new file mode 100644
index 0000000000000..9f402df118749
--- /dev/null
+++ b/fs/metadata_mapper_code.go
@@ -0,0 +1,75 @@
+//go:build ignore
+// +build ignore
+
+// A simple metadata mapper for testing purposes
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"os"
+)
+
+func check[T comparable](in map[string]any, key string, want T) {
+	value, ok := in[key]
+	if !ok {
+		fmt.Fprintf(os.Stderr, "%s key not found\n", key)
+		os.Exit(1)
+	}
+	if value.(T) != want {
+		fmt.Fprintf(os.Stderr, "%s wrong - expecting %s but got %s\n", key, want, value)
+		os.Exit(1)
+	}
+}
+
+func main() {
+	// Read the input
+	var in map[string]any
+	err := json.NewDecoder(os.Stdin).Decode(&in)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Check the input
+	metadata, ok := in["Metadata"]
+	if !ok {
+		fmt.Fprintf(os.Stderr, "Metadata key not found\n")
+		os.Exit(1)
+	}
+	check(in, "Size", 5.0)
+	check(in, "SrcFs", "memory:")
+	check(in, "SrcFsType", "object.memoryFs")
+	check(in, "DstFs", "dstFs:dstFsRoot")
+	check(in, "DstFsType", "mockfs")
+	check(in, "Remote", "file.txt")
+	check(in, "MimeType", "text/plain; charset=utf-8")
+	check(in, "ModTime", "2001-02-03T04:05:06.000000007Z")
+	check(in, "IsDir", false)
+	//check(in, "ID", "Potato")
+
+	// Map the metadata
+	metadataOut := map[string]string{}
+	var out = map[string]any{
+		"Metadata": metadataOut,
+	}
+	for k, v := range metadata.(map[string]any) {
+		switch k {
+		case "error":
+			fmt.Fprintf(os.Stderr, "Error: %s\n", v)
+			os.Exit(1)
+		case "key1":
+			v = "two " + v.(string)
+		case "key3":
+			continue
+		}
+		metadataOut[k] = v.(string)
+	}
+	metadataOut["key0"] = "cabbage"
+
+	// Write the output
+	json.NewEncoder(os.Stdout).Encode(&out)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
diff --git a/fs/metadata_test.go b/fs/metadata_test.go
index ba982cbc1d0ee..7e5389fb6ebd1 100644
--- a/fs/metadata_test.go
+++ b/fs/metadata_test.go
@@ -1,14 +1,20 @@
-package fs
+package fs_test
 
 import (
+	"context"
 	"fmt"
 	"testing"
+	"time"
 
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/object"
+	"github.com/rclone/rclone/fstest/mockfs"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestMetadataSet(t *testing.T) {
-	var m Metadata
+	var m fs.Metadata
 	assert.Nil(t, m)
 	m.Set("key", "value")
 	assert.NotNil(t, m)
@@ -19,34 +25,34 @@ func TestMetadataSet(t *testing.T) {
 
 func TestMetadataMerge(t *testing.T) {
 	for _, test := range []struct {
-		in    Metadata
-		merge Metadata
-		want  Metadata
+		in    fs.Metadata
+		merge fs.Metadata
+		want  fs.Metadata
 	}{
 		{
-			in:    Metadata{},
-			merge: Metadata{},
-			want:  Metadata{},
+			in:    fs.Metadata{},
+			merge: fs.Metadata{},
+			want:  fs.Metadata{},
 		}, {
 			in:    nil,
 			merge: nil,
 			want:  nil,
 		}, {
 			in:    nil,
-			merge: Metadata{},
+			merge: fs.Metadata{},
 			want:  nil,
 		}, {
 			in:    nil,
-			merge: Metadata{"a": "1", "b": "2"},
-			want:  Metadata{"a": "1", "b": "2"},
+			merge: fs.Metadata{"a": "1", "b": "2"},
+			want:  fs.Metadata{"a": "1", "b": "2"},
 		}, {
-			in:    Metadata{"a": "1", "b": "2"},
+			in:    fs.Metadata{"a": "1", "b": "2"},
 			merge: nil,
-			want:  Metadata{"a": "1", "b": "2"},
+			want:  fs.Metadata{"a": "1", "b": "2"},
 		}, {
-			in:    Metadata{"a": "1", "b": "2"},
-			merge: Metadata{"b": "B", "c": "3"},
-			want:  Metadata{"a": "1", "b": "B", "c": "3"},
+			in:    fs.Metadata{"a": "1", "b": "2"},
+			merge: fs.Metadata{"b": "B", "c": "3"},
+			want:  fs.Metadata{"a": "1", "b": "B", "c": "3"},
 		},
 	} {
 		what := fmt.Sprintf("in=%v, merge=%v", test.in, test.merge)
@@ -57,36 +63,36 @@ func TestMetadataMerge(t *testing.T) {
 
 func TestMetadataMergeOptions(t *testing.T) {
 	for _, test := range []struct {
-		in   Metadata
-		opts []OpenOption
-		want Metadata
+		in   fs.Metadata
+		opts []fs.OpenOption
+		want fs.Metadata
 	}{
 		{
-			opts: []OpenOption{},
+			opts: []fs.OpenOption{},
 			want: nil,
 		}, {
-			opts: []OpenOption{&HTTPOption{}},
+			opts: []fs.OpenOption{&fs.HTTPOption{}},
 			want: nil,
 		}, {
-			opts: []OpenOption{MetadataOption{"a": "1", "b": "2"}},
-			want: Metadata{"a": "1", "b": "2"},
+			opts: []fs.OpenOption{fs.MetadataOption{"a": "1", "b": "2"}},
+			want: fs.Metadata{"a": "1", "b": "2"},
 		}, {
-			opts: []OpenOption{
-				&HTTPOption{},
-				MetadataOption{"a": "1", "b": "2"},
-				MetadataOption{"b": "B", "c": "3"},
-				&HTTPOption{},
+			opts: []fs.OpenOption{
+				&fs.HTTPOption{},
+				fs.MetadataOption{"a": "1", "b": "2"},
+				fs.MetadataOption{"b": "B", "c": "3"},
+				&fs.HTTPOption{},
 			},
-			want: Metadata{"a": "1", "b": "B", "c": "3"},
+			want: fs.Metadata{"a": "1", "b": "B", "c": "3"},
 		}, {
-			in: Metadata{"a": "first", "z": "OK"},
-			opts: []OpenOption{
-				&HTTPOption{},
-				MetadataOption{"a": "1", "b": "2"},
-				MetadataOption{"b": "B", "c": "3"},
-				&HTTPOption{},
+			in: fs.Metadata{"a": "first", "z": "OK"},
+			opts: []fs.OpenOption{
+				&fs.HTTPOption{},
+				fs.MetadataOption{"a": "1", "b": "2"},
+				fs.MetadataOption{"b": "B", "c": "3"},
+				&fs.HTTPOption{},
 			},
-			want: Metadata{"a": "1", "b": "B", "c": "3", "z": "OK"},
+			want: fs.Metadata{"a": "1", "b": "B", "c": "3", "z": "OK"},
 		},
 	} {
 		what := fmt.Sprintf("in=%v, opts=%v", test.in, test.opts)
@@ -94,3 +100,58 @@ func TestMetadataMergeOptions(t *testing.T) {
 		assert.Equal(t, test.want, test.in, what)
 	}
 }
+
+func TestMetadataMapper(t *testing.T) {
+	ctx := context.Background()
+	ctx, ci := fs.AddConfig(ctx)
+	ci.Metadata = true
+	require.NoError(t, ci.MetadataMapper.Set("go run metadata_mapper_code.go"))
+	now := time.Date(2001, 2, 3, 4, 5, 6, 7, time.UTC)
+	f, err := mockfs.NewFs(ctx, "dstFs", "dstFsRoot", nil)
+	require.NoError(t, err)
+
+	t.Run("Normal", func(t *testing.T) {
+		o := object.NewMemoryObject("file.txt", now, []byte("hello")).WithMetadata(fs.Metadata{
+			"key1": "potato",
+			"key2": "sausage",
+			"key3": "gravy",
+		})
+		metadata, err := fs.GetMetadataOptions(ctx, f, o, nil)
+		require.NoError(t, err)
+		assert.Equal(t, fs.Metadata{
+			"key0": "cabbage",
+			"key1": "two potato",
+			"key2": "sausage",
+		}, metadata)
+	})
+
+	t.Run("Error", func(t *testing.T) {
+		o := object.NewMemoryObject("file.txt", now, []byte("hello")).WithMetadata(fs.Metadata{
+			"error": "Red Alert",
+		})
+		metadata, err := fs.GetMetadataOptions(ctx, f, o, nil)
+		require.Error(t, err)
+		assert.ErrorContains(t, err, "Red Alert")
+		require.Nil(t, metadata)
+	})
+
+	t.Run("Merge", func(t *testing.T) {
+		o := object.NewMemoryObject("file.txt", now, []byte("hello")).WithMetadata(fs.Metadata{
+			"key1": "potato",
+			"key2": "sausage",
+			"key3": "gravy",
+		})
+		metadata, err := fs.GetMetadataOptions(ctx, f, o, []fs.OpenOption{fs.MetadataOption(fs.Metadata{
+			"option": "optionValue",
+			"key1":   "new potato",
+			"key2":   "salami",
+		})})
+		require.NoError(t, err)
+		assert.Equal(t, fs.Metadata{
+			"key0":   "cabbage",
+			"key1":   "two new potato",
+			"key2":   "salami",
+			"option": "optionValue",
+		}, metadata)
+	})
+}
diff --git a/fs/newfs.go b/fs/newfs.go
index cc921bb650b2e..9be890ec7ccc6 100644
--- a/fs/newfs.go
+++ b/fs/newfs.go
@@ -9,11 +9,18 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"sync"
 
 	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/fs/fspath"
 )
 
+// Store the hashes of the overridden config
+var (
+	overriddenConfigMu sync.Mutex
+	overriddenConfig   = make(map[string]string)
+)
+
 // NewFs makes a new Fs object from the path
 //
 // The path is of the form remote:path
@@ -37,18 +44,25 @@ func NewFs(ctx context.Context, path string) (Fs, error) {
 		extraConfig := overridden.String()
 		//Debugf(nil, "detected overridden config %q", extraConfig)
 		md5sumBinary := md5.Sum([]byte(extraConfig))
-		suffix := base64.RawURLEncoding.EncodeToString(md5sumBinary[:])
+		configHash := base64.RawURLEncoding.EncodeToString(md5sumBinary[:])
 		// 5 characters length is 5*6 = 30 bits of base64
-		const maxLength = 5
-		if len(suffix) > maxLength {
-			suffix = suffix[:maxLength]
+		overriddenConfigMu.Lock()
+		var suffix string
+		for maxLength := 5; ; maxLength++ {
+			suffix = "{" + configHash[:maxLength] + "}"
+			existingExtraConfig, ok := overriddenConfig[suffix]
+			if !ok || existingExtraConfig == extraConfig {
+				break
+			}
 		}
-		suffix = "{" + suffix + "}"
 		Debugf(configName, "detected overridden config - adding %q suffix to name", suffix)
 		// Add the suffix to the config name
 		//
 		// These need to work as filesystem names as the VFS cache will use them
 		configName += suffix
+		// Store the config suffixes for reversing in ConfigString
+		overriddenConfig[suffix] = extraConfig
+		overriddenConfigMu.Unlock()
 	}
 	f, err := fsInfo.NewFs(ctx, configName, fsPath, config)
 	if f != nil && (err == nil || err == ErrorIsFile) {
@@ -101,10 +115,21 @@ func ParseRemote(path string) (fsInfo *RegInfo, configName, fsPath string, conne
 	return fsInfo, configName, fsPath, parsed.Config, err
 }
 
-// ConfigString returns a canonical version of the config string used
+// configString returns a canonical version of the config string used
 // to configure the Fs as passed to fs.NewFs
-func ConfigString(f Fs) string {
+func configString(f Fs, full bool) string {
 	name := f.Name()
+	if open := strings.IndexRune(name, '{'); full && open >= 0 && strings.HasSuffix(name, "}") {
+		suffix := name[open:]
+		overriddenConfigMu.Lock()
+		config, ok := overriddenConfig[suffix]
+		overriddenConfigMu.Unlock()
+		if ok {
+			name = name[:open] + "," + config
+		} else {
+			Errorf(f, "Failed to find config for suffix %q", suffix)
+		}
+	}
 	root := f.Root()
 	if name == "local" && f.Features().IsLocal {
 		return root
@@ -112,6 +137,21 @@ func ConfigString(f Fs) string {
 	return name + ":" + root
 }
 
+// ConfigString returns a canonical version of the config string used
+// to configure the Fs as passed to fs.NewFs. For Fs with extra
+// parameters this will include a canonical {hexstring} suffix.
+func ConfigString(f Fs) string {
+	return configString(f, false)
+}
+
+// ConfigStringFull returns a canonical version of the config string
+// used to configure the Fs as passed to fs.NewFs. This string can be
+// used to re-instantiate the Fs exactly so includes all the extra
+// parameters passed in.
+func ConfigStringFull(f Fs) string {
+	return configString(f, true)
+}
+
 // TemporaryLocalFs creates a local FS in the OS's temporary directory.
 //
 // No cleanup is performed, the caller must call Purge on the Fs themselves.
diff --git a/fs/newfs_test.go b/fs/newfs_test.go
new file mode 100644
index 0000000000000..4d5ef85205e49
--- /dev/null
+++ b/fs/newfs_test.go
@@ -0,0 +1,45 @@
+package fs_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fstest/mockfs"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewFs(t *testing.T) {
+	ctx := context.Background()
+
+	// Register mockfs temporarily
+	oldRegistry := fs.Registry
+	mockfs.Register()
+	defer func() {
+		fs.Registry = oldRegistry
+	}()
+
+	f1, err := fs.NewFs(ctx, ":mockfs:/tmp")
+	require.NoError(t, err)
+	assert.Equal(t, ":mockfs", f1.Name())
+	assert.Equal(t, "/tmp", f1.Root())
+
+	assert.Equal(t, ":mockfs:/tmp", fs.ConfigString(f1))
+
+	f2, err := fs.NewFs(ctx, ":mockfs,potato:/tmp")
+	require.NoError(t, err)
+	assert.Equal(t, ":mockfs{S_NHG}", f2.Name())
+	assert.Equal(t, "/tmp", f2.Root())
+
+	assert.Equal(t, ":mockfs{S_NHG}:/tmp", fs.ConfigString(f2))
+	assert.Equal(t, ":mockfs,potato='true':/tmp", fs.ConfigStringFull(f2))
+
+	f3, err := fs.NewFs(ctx, ":mockfs,potato='true':/tmp")
+	require.NoError(t, err)
+	assert.Equal(t, ":mockfs{S_NHG}", f3.Name())
+	assert.Equal(t, "/tmp", f3.Root())
+
+	assert.Equal(t, ":mockfs{S_NHG}:/tmp", fs.ConfigString(f3))
+	assert.Equal(t, ":mockfs,potato='true':/tmp", fs.ConfigStringFull(f3))
+}
diff --git a/fs/object/object_test.go b/fs/object/object_test.go
index a00cf29a0f446..1e5ca75c45f99 100644
--- a/fs/object/object_test.go
+++ b/fs/object/object_test.go
@@ -152,7 +152,7 @@ func TestMemoryObject(t *testing.T) {
 	err = o.Update(context.Background(), newContent, src)
 	assert.NoError(t, err)
 	checkContent(o, newStr)
-	assert.Equal(t, "Rutaba", string(content)) // check we didn't re-use the buffer
+	assert.Equal(t, "Rutaba", string(content)) // check we didn't reuse the buffer
 
 	// now try streaming
 	newStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
diff --git a/fs/open_options.go b/fs/open_options.go
index 5dc3e32d47178..26d6d7053ddb8 100644
--- a/fs/open_options.go
+++ b/fs/open_options.go
@@ -276,6 +276,26 @@ func (o MetadataOption) Mandatory() bool {
 	return false
 }
 
+// ChunkOption defines an Option which returns a preferred chunk size
+type ChunkOption struct {
+	ChunkSize int64
+}
+
+// Header formats the option as an http header
+func (o *ChunkOption) Header() (key string, value string) {
+	return "chunkSize", fmt.Sprintf("%v", o.ChunkSize)
+}
+
+// Mandatory returns whether the option must be parsed or can be ignored
+func (o *ChunkOption) Mandatory() bool {
+	return false
+}
+
+// String formats the option into human-readable form
+func (o *ChunkOption) String() string {
+	return fmt.Sprintf("ChunkOption(%v)", o.ChunkSize)
+}
+
 // OpenOptionAddHeaders adds each header found in options to the
 // headers map provided the key was non empty.
 func OpenOptionAddHeaders(options []OpenOption, headers map[string]string) {
diff --git a/fs/operations/check.go b/fs/operations/check.go
index fd007819f6a95..06d9f14ec56e1 100644
--- a/fs/operations/check.go
+++ b/fs/operations/check.go
@@ -51,11 +51,11 @@ type checkMarch struct {
 	ioMu            sync.Mutex
 	wg              sync.WaitGroup
 	tokens          chan struct{}
-	differences     int32
-	noHashes        int32
-	srcFilesMissing int32
-	dstFilesMissing int32
-	matches         int32
+	differences     atomic.Int32
+	noHashes        atomic.Int32
+	srcFilesMissing atomic.Int32
+	dstFilesMissing atomic.Int32
+	matches         atomic.Int32
 	opt             CheckOpt
 }
 
@@ -83,8 +83,8 @@ func (c *checkMarch) DstOnly(dst fs.DirEntry) (recurse bool) {
 		err := fmt.Errorf("file not in %v", c.opt.Fsrc)
 		fs.Errorf(dst, "%v", err)
 		_ = fs.CountError(err)
-		atomic.AddInt32(&c.differences, 1)
-		atomic.AddInt32(&c.srcFilesMissing, 1)
+		c.differences.Add(1)
+		c.srcFilesMissing.Add(1)
 		c.report(dst, c.opt.MissingOnSrc, '-')
 	case fs.Directory:
 		// Do the same thing to the entire contents of the directory
@@ -105,8 +105,8 @@ func (c *checkMarch) SrcOnly(src fs.DirEntry) (recurse bool) {
 		err := fmt.Errorf("file not in %v", c.opt.Fdst)
 		fs.Errorf(src, "%v", err)
 		_ = fs.CountError(err)
-		atomic.AddInt32(&c.differences, 1)
-		atomic.AddInt32(&c.dstFilesMissing, 1)
+		c.differences.Add(1)
+		c.dstFilesMissing.Add(1)
 		c.report(src, c.opt.MissingOnDst, '+')
 	case fs.Directory:
 		// Do the same thing to the entire contents of the directory
@@ -157,16 +157,16 @@ func (c *checkMarch) Match(ctx context.Context, dst, src fs.DirEntry) (recurse b
 					_ = fs.CountError(err)
 					c.report(src, c.opt.Error, '!')
 				} else if differ {
-					atomic.AddInt32(&c.differences, 1)
+					c.differences.Add(1)
 					err := errors.New("files differ")
 					// the checkFn has already logged the reason
 					_ = fs.CountError(err)
 					c.report(src, c.opt.Differ, '*')
 				} else {
-					atomic.AddInt32(&c.matches, 1)
+					c.matches.Add(1)
 					c.report(src, c.opt.Match, '=')
 					if noHash {
-						atomic.AddInt32(&c.noHashes, 1)
+						c.noHashes.Add(1)
 						fs.Debugf(dstX, "OK - could not check hash")
 					} else {
 						fs.Debugf(dstX, "OK")
@@ -177,8 +177,8 @@ func (c *checkMarch) Match(ctx context.Context, dst, src fs.DirEntry) (recurse b
 			err := fmt.Errorf("is file on %v but directory on %v", c.opt.Fsrc, c.opt.Fdst)
 			fs.Errorf(src, "%v", err)
 			_ = fs.CountError(err)
-			atomic.AddInt32(&c.differences, 1)
-			atomic.AddInt32(&c.dstFilesMissing, 1)
+			c.differences.Add(1)
+			c.dstFilesMissing.Add(1)
 			c.report(src, c.opt.MissingOnDst, '+')
 		}
 	case fs.Directory:
@@ -190,8 +190,8 @@ func (c *checkMarch) Match(ctx context.Context, dst, src fs.DirEntry) (recurse b
 		err := fmt.Errorf("is file on %v but directory on %v", c.opt.Fdst, c.opt.Fsrc)
 		fs.Errorf(dst, "%v", err)
 		_ = fs.CountError(err)
-		atomic.AddInt32(&c.differences, 1)
-		atomic.AddInt32(&c.srcFilesMissing, 1)
+		c.differences.Add(1)
+		c.srcFilesMissing.Add(1)
 		c.report(dst, c.opt.MissingOnSrc, '-')
 
 	default:
@@ -235,33 +235,33 @@ func CheckFn(ctx context.Context, opt *CheckOpt) error {
 }
 
 func (c *checkMarch) reportResults(ctx context.Context, err error) error {
-	if c.dstFilesMissing > 0 {
-		fs.Logf(c.opt.Fdst, "%d files missing", c.dstFilesMissing)
+	if c.dstFilesMissing.Load() > 0 {
+		fs.Logf(c.opt.Fdst, "%d files missing", c.dstFilesMissing.Load())
 	}
-	if c.srcFilesMissing > 0 {
+	if c.srcFilesMissing.Load() > 0 {
 		entity := "files"
 		if c.opt.Fsrc == nil {
 			entity = "hashes"
 		}
-		fs.Logf(c.opt.Fsrc, "%d %s missing", c.srcFilesMissing, entity)
+		fs.Logf(c.opt.Fsrc, "%d %s missing", c.srcFilesMissing.Load(), entity)
 	}
 
 	fs.Logf(c.opt.Fdst, "%d differences found", accounting.Stats(ctx).GetErrors())
 	if errs := accounting.Stats(ctx).GetErrors(); errs > 0 {
 		fs.Logf(c.opt.Fdst, "%d errors while checking", errs)
 	}
-	if c.noHashes > 0 {
-		fs.Logf(c.opt.Fdst, "%d hashes could not be checked", c.noHashes)
+	if c.noHashes.Load() > 0 {
+		fs.Logf(c.opt.Fdst, "%d hashes could not be checked", c.noHashes.Load())
 	}
-	if c.matches > 0 {
-		fs.Logf(c.opt.Fdst, "%d matching files", c.matches)
+	if c.matches.Load() > 0 {
+		fs.Logf(c.opt.Fdst, "%d matching files", c.matches.Load())
 	}
 	if err != nil {
 		return err
 	}
-	if c.differences > 0 {
+	if c.differences.Load() > 0 {
 		// Return an already counted error so we don't double count this error too
-		err = fserrors.FsError(fmt.Errorf("%d differences found", c.differences))
+		err = fserrors.FsError(fmt.Errorf("%d differences found", c.differences.Load()))
 		fserrors.Count(err)
 		return err
 	}
@@ -335,7 +335,8 @@ func CheckIdenticalDownload(ctx context.Context, dst, src fs.Object) (differ boo
 
 // Does the work for CheckIdenticalDownload
 func checkIdenticalDownload(ctx context.Context, dst, src fs.Object) (differ bool, err error) {
-	in1, err := dst.Open(ctx)
+	var in1, in2 io.ReadCloser
+	in1, err = Open(ctx, dst)
 	if err != nil {
 		return true, fmt.Errorf("failed to open %q: %w", dst, err)
 	}
@@ -345,7 +346,7 @@ func checkIdenticalDownload(ctx context.Context, dst, src fs.Object) (differ boo
 	}()
 	in1 = tr1.Account(ctx, in1).WithBuffer() // account and buffer the transfer
 
-	in2, err := src.Open(ctx)
+	in2, err = Open(ctx, src)
 	if err != nil {
 		return true, fmt.Errorf("failed to open %q: %w", src, err)
 	}
@@ -430,7 +431,7 @@ func CheckSum(ctx context.Context, fsrc, fsum fs.Fs, sumFile string, hashType ha
 		if lastErr == nil {
 			lastErr = err
 		}
-		atomic.AddInt32(&c.dstFilesMissing, 1)
+		c.dstFilesMissing.Add(1)
 		c.reportFilename(filename, opt.MissingOnDst, '+')
 	}
 
@@ -457,8 +458,8 @@ func (c *checkMarch) checkSum(ctx context.Context, obj fs.Object, download bool,
 		err = errors.New("sum not found")
 		_ = fs.CountError(err)
 		fs.Errorf(obj, "%v", err)
-		atomic.AddInt32(&c.differences, 1)
-		atomic.AddInt32(&c.srcFilesMissing, 1)
+		c.differences.Add(1)
+		c.srcFilesMissing.Add(1)
 		c.report(obj, c.opt.MissingOnSrc, '-')
 		return
 	}
@@ -483,7 +484,7 @@ func (c *checkMarch) checkSum(ctx context.Context, obj fs.Object, download bool,
 			<-c.tokens // get the token back to free up a slot
 			c.wg.Done()
 		}()
-		if in, err = obj.Open(ctx); err != nil {
+		if in, err = Open(ctx, obj); err != nil {
 			return
 		}
 		tr := accounting.Stats(ctx).NewTransfer(obj)
@@ -515,12 +516,12 @@ func (c *checkMarch) matchSum(ctx context.Context, sumHash, objHash string, obj
 	case objHash == "":
 		fs.Debugf(nil, "%v = %s (sum)", hashType, sumHash)
 		fs.Debugf(obj, "%v - could not check hash (%v)", hashType, c.opt.Fdst)
-		atomic.AddInt32(&c.noHashes, 1)
-		atomic.AddInt32(&c.matches, 1)
+		c.noHashes.Add(1)
+		c.matches.Add(1)
 		c.report(obj, c.opt.Match, '=')
 	case objHash == sumHash:
 		fs.Debugf(obj, "%v = %s OK", hashType, sumHash)
-		atomic.AddInt32(&c.matches, 1)
+		c.matches.Add(1)
 		c.report(obj, c.opt.Match, '=')
 	default:
 		err = errors.New("files differ")
@@ -528,7 +529,7 @@ func (c *checkMarch) matchSum(ctx context.Context, sumHash, objHash string, obj
 		fs.Debugf(nil, "%v = %s (sum)", hashType, sumHash)
 		fs.Debugf(obj, "%v = %s (%v)", hashType, objHash, c.opt.Fdst)
 		fs.Errorf(obj, "%v", err)
-		atomic.AddInt32(&c.differences, 1)
+		c.differences.Add(1)
 		c.report(obj, c.opt.Differ, '*')
 	}
 }
@@ -538,7 +539,7 @@ type HashSums map[string]string
 
 // ParseSumFile parses a hash SUM file and returns hashes as a map
 func ParseSumFile(ctx context.Context, sumFile fs.Object) (HashSums, error) {
-	rd, err := sumFile.Open(ctx)
+	rd, err := Open(ctx, sumFile)
 	if err != nil {
 		return nil, err
 	}
diff --git a/fs/operations/copy.go b/fs/operations/copy.go
new file mode 100644
index 0000000000000..596c7ed04b19b
--- /dev/null
+++ b/fs/operations/copy.go
@@ -0,0 +1,410 @@
+// This file implements operations.Copy
+//
+// This is probably the most important operation in rclone.
+
+package operations
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"path"
+	"strings"
+	"time"
+	"unicode/utf8"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/fs/fserrors"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/lib/atexit"
+	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/random"
+)
+
+// State of the copy
+type copy struct {
+	f             fs.Fs                // destination fs.Fs
+	dstFeatures   *fs.Features         // Features() for fs.Fs
+	dst           fs.Object            // destination object to update, may be nil
+	remote        string               // destination path, used if dst is nil
+	src           fs.Object            // source object
+	ci            *fs.ConfigInfo       // current config
+	maxTries      int                  // max number of tries to do the copy
+	doUpdate      bool                 // whether we are updating an existing file or not
+	hashType      hash.Type            // common hash to use
+	hashOption    *fs.HashesOption     // open option for the common hash
+	tr            *accounting.Transfer // accounting for the transfer
+	inplace       bool                 // set if we are updating inplace and not using a partial name
+	remoteForCopy string               // the name used for the transfer, either remote or remote+".partial"
+}
+
+// Used to remove a failed copy
+func (c *copy) removeFailedCopy(ctx context.Context, o fs.Object) {
+	if o == nil {
+		return
+	}
+	fs.Infof(o, "Removing failed copy")
+	err := o.Remove(ctx)
+	if err != nil {
+		fs.Infof(o, "Failed to remove failed copy: %s", err)
+	}
+}
+
+// Used to remove a failed partial copy
+func (c *copy) removeFailedPartialCopy(ctx context.Context, f fs.Fs, remote string) {
+	o, err := f.NewObject(ctx, remote)
+	if errors.Is(err, fs.ErrorObjectNotFound) {
+		// Assume object has been deleted
+		return
+	}
+	if err != nil {
+		fs.Infof(remote, "Failed to remove failed partial copy: %s", err)
+		return
+	}
+	c.removeFailedCopy(ctx, o)
+}
+
+// TruncateString s to n bytes.
+//
+// If s is valid UTF-8 then this may truncate to fewer than n bytes to
+// make the returned string also valid UTF-8.
+func TruncateString(s string, n int) string {
+	truncated := s[:n]
+	if !utf8.ValidString(s) {
+		// If input string wasn't valid UTF-8 then just return the truncation
+		return truncated
+	}
+	for len(truncated) > 0 {
+		if utf8.ValidString(truncated) {
+			return truncated
+		}
+		// Remove 1 byte until valid
+		truncated = truncated[:len(truncated)-1]
+	}
+	return truncated
+}
+
+// Check to see if we should be using a partial name and return the name for the copy and the inplace flag
+func (c *copy) checkPartial() (remoteForCopy string, inplace bool, err error) {
+	remoteForCopy = c.remote
+	if c.ci.Inplace || c.dstFeatures.Move == nil || !c.dstFeatures.PartialUploads || strings.HasSuffix(c.remote, ".rclonelink") {
+		return remoteForCopy, true, nil
+	}
+	if len(c.ci.PartialSuffix) > 16 {
+		return remoteForCopy, true, fmt.Errorf("expecting length of --partial-suffix to be not greater than %d but got %d", 16, len(c.ci.PartialSuffix))
+	}
+	// Avoid making the leaf name longer if it's already lengthy to avoid
+	// trouble with file name length limits.
+	suffix := "." + random.String(8) + c.ci.PartialSuffix
+	base := path.Base(c.remoteForCopy)
+	if len(base) > 100 {
+		remoteForCopy = TruncateString(c.remoteForCopy, len(c.remoteForCopy)-len(suffix)) + suffix
+	} else {
+		remoteForCopy += suffix
+	}
+	return remoteForCopy, false, nil
+}
+
+// Check to see if we have hit max transfer limits
+func (c *copy) checkLimits(ctx context.Context) (err error) {
+	if c.ci.MaxTransfer < 0 {
+		return nil
+	}
+	var bytesSoFar int64
+	if c.ci.CutoffMode == fs.CutoffModeCautious {
+		bytesSoFar = accounting.Stats(ctx).GetBytesWithPending() + c.src.Size()
+	} else {
+		bytesSoFar = accounting.Stats(ctx).GetBytes()
+	}
+	if bytesSoFar >= int64(c.ci.MaxTransfer) {
+		if c.ci.CutoffMode == fs.CutoffModeHard {
+			return accounting.ErrorMaxTransferLimitReachedFatal
+		}
+		return accounting.ErrorMaxTransferLimitReachedGraceful
+	}
+	return nil
+}
+
+// Server side copy c.src to (c.f, c.remoteForCopy) if possible or return fs.ErrorCantCopy if not
+func (c *copy) serverSideCopy(ctx context.Context) (actionTaken string, newDst fs.Object, err error) {
+	doCopy := c.dstFeatures.Copy
+	serverSideCopyOK := false
+	if doCopy == nil {
+		serverSideCopyOK = false
+	} else if SameConfig(c.src.Fs(), c.f) {
+		serverSideCopyOK = true
+	} else if SameRemoteType(c.src.Fs(), c.f) {
+		serverSideCopyOK = c.dstFeatures.ServerSideAcrossConfigs || c.ci.ServerSideAcrossConfigs
+	}
+	if !serverSideCopyOK {
+		return actionTaken, nil, fs.ErrorCantCopy
+	}
+	in := c.tr.Account(ctx, nil) // account the transfer
+	in.ServerSideTransferStart()
+	newDst, err = doCopy(ctx, c.src, c.remoteForCopy)
+	if err == nil {
+		in.ServerSideCopyEnd(newDst.Size()) // account the bytes for the server-side transfer
+	}
+	_ = in.Close()
+	if errors.Is(err, fs.ErrorCantCopy) {
+		c.tr.Reset(ctx) // skip incomplete accounting - will be overwritten by the manual copy
+	}
+	actionTaken = "Copied (server-side copy)"
+	return actionTaken, newDst, err
+}
+
+// Copy c.src to (c.f, c.remoteForCopy) using multiThreadCopy
+func (c *copy) multiThreadCopy(ctx context.Context, uploadOptions []fs.OpenOption) (actionTaken string, newDst fs.Object, err error) {
+	newDst, err = multiThreadCopy(ctx, c.f, c.remoteForCopy, c.src, c.ci.MultiThreadStreams, c.tr, uploadOptions...)
+	if c.doUpdate {
+		actionTaken = "Multi-thread Copied (replaced existing)"
+	} else {
+		actionTaken = "Multi-thread Copied (new)"
+	}
+	return actionTaken, newDst, err
+}
+
+// Copy the stream from in to (c.f, c.remoteForCopy) and close it
+//
+// Use Rcat to handle both remotes supporting and not supporting PutStream.
+func (c *copy) rcat(ctx context.Context, in io.ReadCloser) (actionTaken string, newDst fs.Object, err error) {
+	// Make any metadata to pass to rcat
+	var meta fs.Metadata
+	if c.ci.Metadata {
+		meta, err = fs.GetMetadata(ctx, c.src)
+		if err != nil {
+			fs.Errorf(c.src, "Failed to read metadata: %v", err)
+		}
+	}
+
+	// NB Rcat closes in0
+	newDst, err = Rcat(ctx, c.f, c.remoteForCopy, in, c.src.ModTime(ctx), meta)
+	if c.doUpdate {
+		actionTaken = "Copied (Rcat, replaced existing)"
+	} else {
+		actionTaken = "Copied (Rcat, new)"
+	}
+	return actionTaken, newDst, err
+}
+
+// Copy the stream from in to (c.f, c.remoteForCopy) and close it
+func (c *copy) updateOrPut(ctx context.Context, in io.ReadCloser, uploadOptions []fs.OpenOption) (actionTaken string, newDst fs.Object, err error) {
+	// account and buffer the transfer
+	inAcc := c.tr.Account(ctx, in).WithBuffer()
+	var wrappedSrc fs.ObjectInfo = c.src
+
+	// We try to pass the original object if possible
+	if c.src.Remote() != c.remoteForCopy {
+		wrappedSrc = fs.NewOverrideRemote(c.src, c.remoteForCopy)
+	}
+	if c.doUpdate && c.inplace {
+		err = c.dst.Update(ctx, inAcc, wrappedSrc, uploadOptions...)
+		// Make sure newDst is c.dst since we updated it
+		if err == nil {
+			newDst = c.dst
+		}
+	} else {
+		newDst, err = c.f.Put(ctx, inAcc, wrappedSrc, uploadOptions...)
+	}
+	closeErr := inAcc.Close()
+	if err == nil {
+		err = closeErr
+	}
+	if c.doUpdate {
+		actionTaken = "Copied (replaced existing)"
+	} else {
+		actionTaken = "Copied (new)"
+	}
+	return actionTaken, newDst, err
+}
+
+// Do a manual copy by reading the bytes and writing them
+func (c *copy) manualCopy(ctx context.Context) (actionTaken string, newDst fs.Object, err error) {
+	// Remove partial files on premature exit
+	if !c.inplace {
+		defer atexit.Unregister(atexit.Register(func() {
+			ctx := context.Background()
+			c.removeFailedPartialCopy(ctx, c.f, c.remoteForCopy)
+		}))
+	}
+
+	// Options for the upload
+	uploadOptions := []fs.OpenOption{c.hashOption}
+	for _, option := range c.ci.UploadHeaders {
+		uploadOptions = append(uploadOptions, option)
+	}
+	if c.ci.MetadataSet != nil {
+		uploadOptions = append(uploadOptions, fs.MetadataOption(c.ci.MetadataSet))
+	}
+
+	// Options for the download
+	downloadOptions := []fs.OpenOption{c.hashOption}
+	for _, option := range c.ci.DownloadHeaders {
+		downloadOptions = append(downloadOptions, option)
+	}
+
+	if doMultiThreadCopy(ctx, c.f, c.src) {
+		return c.multiThreadCopy(ctx, uploadOptions)
+	}
+
+	var in io.ReadCloser
+	in, err = Open(ctx, c.src, downloadOptions...)
+	if err != nil {
+		return actionTaken, nil, fmt.Errorf("failed to open source object: %w", err)
+	}
+
+	// Note that c.rcat and c.updateOrPut close in
+	if c.src.Size() == -1 {
+		return c.rcat(ctx, in)
+	}
+	return c.updateOrPut(ctx, in, uploadOptions)
+}
+
+// Verify the copy
+func (c *copy) verify(ctx context.Context, newDst fs.Object) (err error) {
+	// Verify sizes are the same after transfer
+	if sizeDiffers(ctx, c.src, newDst) {
+		return fmt.Errorf("corrupted on transfer: sizes differ %d vs %d", c.src.Size(), newDst.Size())
+	}
+	// Verify hashes are the same after transfer - ignoring blank hashes
+	if c.hashType != hash.None {
+		// checkHashes has logs and counts errors
+		equal, _, srcSum, dstSum, _ := checkHashes(ctx, c.src, newDst, c.hashType)
+		if !equal {
+			return fmt.Errorf("corrupted on transfer: %v hash differ %q vs %q", c.hashType, srcSum, dstSum)
+		}
+	}
+	return nil
+}
+
+// copy src object to dst or f if nil.  If dst is nil then it uses
+// remote as the name of the new object.
+//
+// It returns the destination object if possible.  Note that this may
+// be nil.
+func (c *copy) copy(ctx context.Context) (newDst fs.Object, err error) {
+	var actionTaken string
+	retry := true
+	for tries := 0; retry && tries < c.maxTries; tries++ {
+		// Check we haven't hit any accounting limits
+		err = c.checkLimits(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		// Try server side copy
+		actionTaken, newDst, err = c.serverSideCopy(ctx)
+
+		// If can't server-side copy, do it manually
+		if errors.Is(err, fs.ErrorCantCopy) {
+			actionTaken, newDst, err = c.manualCopy(ctx)
+		}
+
+		// End if ctx is in error
+		if fserrors.ContextError(ctx, &err) {
+			break
+		}
+
+		// Retry if err returned a retry error
+		retry = false
+		if fserrors.IsRetryError(err) || fserrors.ShouldRetry(err) {
+			retry = true
+		} else if t, ok := pacer.IsRetryAfter(err); ok {
+			fs.Debugf(c.src, "Sleeping for %v (as indicated by the server) to obey Retry-After error: %v", t, err)
+			time.Sleep(t)
+			retry = true
+		}
+		if retry {
+			fs.Debugf(c.src, "Received error: %v - low level retry %d/%d", err, tries, c.maxTries)
+			c.tr.Reset(ctx) // skip incomplete accounting - will be overwritten by retry
+			continue
+		}
+	}
+	if err != nil {
+		err = fs.CountError(err)
+		fs.Errorf(c.src, "Failed to copy: %v", err)
+		if !c.inplace {
+			c.removeFailedPartialCopy(ctx, c.f, c.remoteForCopy)
+		}
+		return newDst, err
+	}
+
+	// Verify the copy
+	err = c.verify(ctx, newDst)
+	if err != nil {
+		fs.Errorf(newDst, "%v", err)
+		err = fs.CountError(err)
+		c.removeFailedCopy(ctx, newDst)
+		return nil, err
+	}
+
+	// Move the copied file to its real destination.
+	if !c.inplace && c.remoteForCopy != c.remote {
+		movedNewDst, err := c.dstFeatures.Move(ctx, newDst, c.remote)
+		if err != nil {
+			fs.Errorf(newDst, "partial file rename failed: %v", err)
+			err = fs.CountError(err)
+			c.removeFailedCopy(ctx, newDst)
+			return nil, err
+		}
+		fs.Debugf(newDst, "renamed to: %s", c.remote)
+		newDst = movedNewDst
+	}
+
+	// Log what we have done
+	if newDst != nil && c.src.String() != newDst.String() {
+		actionTaken = fmt.Sprintf("%s to: %s", actionTaken, newDst.String())
+	}
+	fs.Infof(c.src, "%s%s", actionTaken, fs.LogValueHide("size", fs.SizeSuffix(c.src.Size())))
+
+	return newDst, nil
+}
+
+// Copy src object to dst or f if nil.  If dst is nil then it uses
+// remote as the name of the new object.
+//
+// It returns the destination object if possible.  Note that this may
+// be nil.
+func Copy(ctx context.Context, f fs.Fs, dst fs.Object, remote string, src fs.Object) (newDst fs.Object, err error) {
+	ci := fs.GetConfig(ctx)
+	tr := accounting.Stats(ctx).NewTransfer(src)
+	defer func() {
+		tr.Done(ctx, err)
+	}()
+	if SkipDestructive(ctx, src, "copy") {
+		in := tr.Account(ctx, nil)
+		in.DryRun(src.Size())
+		return newDst, nil
+	}
+	c := &copy{
+		f:           f,
+		dstFeatures: f.Features(),
+		dst:         dst,
+		remote:      remote,
+		src:         src,
+		ci:          ci,
+		tr:          tr,
+		maxTries:    ci.LowLevelRetries,
+		doUpdate:    dst != nil,
+	}
+	c.hashType, c.hashOption = CommonHash(ctx, f, src.Fs())
+	if c.dst != nil {
+		c.remote = c.dst.Remote()
+	}
+	// Are we using partials?
+	//
+	// If so set the flag and update the name we use for the copy
+	c.remoteForCopy, c.inplace, err = c.checkPartial()
+	if err != nil {
+		return nil, err
+	}
+	// Do the copy now everything is set up
+	return c.copy(ctx)
+}
+
+// CopyFile moves a single file possibly to a new name
+func CopyFile(ctx context.Context, fdst fs.Fs, fsrc fs.Fs, dstFileName string, srcFileName string) (err error) {
+	return moveOrCopyFile(ctx, fdst, fsrc, dstFileName, srcFileName, true)
+}
diff --git a/fs/operations/copy_test.go b/fs/operations/copy_test.go
new file mode 100644
index 0000000000000..f309b00607887
--- /dev/null
+++ b/fs/operations/copy_test.go
@@ -0,0 +1,455 @@
+package operations_test
+
+import (
+	"context"
+	"crypto/rand"
+	"errors"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/fs/operations"
+	"github.com/rclone/rclone/fstest"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestTruncateString(t *testing.T) {
+	for _, test := range []struct {
+		in   string
+		n    int
+		want string
+	}{
+		{
+			in:   "",
+			n:    0,
+			want: "",
+		}, {
+			in:   "Hello World",
+			n:    5,
+			want: "Hello",
+		}, {
+			in:   "ááááá",
+			n:    5,
+			want: "áá",
+		}, {
+			in:   "ááááá\xFF\xFF",
+			n:    5,
+			want: "áá\xc3",
+		}, {
+			in:   "世世世世世",
+			n:    7,
+			want: "世世",
+		}, {
+			in:   "🙂🙂🙂🙂🙂",
+			n:    16,
+			want: "🙂🙂🙂🙂",
+		}, {
+			in:   "🙂🙂🙂🙂🙂",
+			n:    15,
+			want: "🙂🙂🙂",
+		}, {
+			in:   "🙂🙂🙂🙂🙂",
+			n:    14,
+			want: "🙂🙂🙂",
+		}, {
+			in:   "🙂🙂🙂🙂🙂",
+			n:    13,
+			want: "🙂🙂🙂",
+		}, {
+			in:   "🙂🙂🙂🙂🙂",
+			n:    12,
+			want: "🙂🙂🙂",
+		}, {
+			in:   "🙂🙂🙂🙂🙂",
+			n:    11,
+			want: "🙂🙂",
+		}, {
+			in:   "𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱˢⁱᵒⁿᵃʳʸ",
+			n:    100,
+			want: "𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱˢ",
+		}, {
+			in:   "a𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱˢⁱᵒⁿᵃʳʸ",
+			n:    100,
+			want: "a𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱˢ",
+		}, {
+			in:   "aa𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱˢⁱᵒⁿᵃʳʸ",
+			n:    100,
+			want: "aa𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱ",
+		}, {
+			in:   "aaa𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱˢⁱᵒⁿᵃʳʸ",
+			n:    100,
+			want: "aaa𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱ",
+		}, {
+			in:   "aaaa𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽⁱˢⁱᵒⁿᵃʳʸ",
+			n:    100,
+			want: "aaaa𝓝𝓸𝓫𝓸𝓭𝔂 𝓲𝓼 𝓱𝓸𝓶𝓮 ᴬ ⱽⁱˢⁱᵗ ᶠʳᵒᵐ ᵗʰᵉ ⱽ",
+		},
+	} {
+		got := operations.TruncateString(test.in, test.n)
+		assert.Equal(t, test.want, got, fmt.Sprintf("In %q", test.in))
+		assert.LessOrEqual(t, len(got), test.n)
+		assert.GreaterOrEqual(t, len(got), test.n-3)
+	}
+}
+
+func TestCopyFile(t *testing.T) {
+	ctx := context.Background()
+	r := fstest.NewRun(t)
+
+	file1 := r.WriteFile("file1", "file1 contents", t1)
+	r.CheckLocalItems(t, file1)
+
+	file2 := file1
+	file2.Path = "sub/file2"
+
+	err := operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+
+	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+
+	err = operations.CopyFile(ctx, r.Fremote, r.Fremote, file2.Path, file2.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+}
+
+func TestCopyFileBackupDir(t *testing.T) {
+	ctx := context.Background()
+	ctx, ci := fs.AddConfig(ctx)
+	r := fstest.NewRun(t)
+	if !operations.CanServerSideMove(r.Fremote) {
+		t.Skip("Skipping test as remote does not support server-side move or copy")
+	}
+
+	ci.BackupDir = r.FremoteName + "/backup"
+
+	file1 := r.WriteFile("dst/file1", "file1 contents", t1)
+	r.CheckLocalItems(t, file1)
+
+	file1old := r.WriteObject(ctx, "dst/file1", "file1 contents old", t1)
+	r.CheckRemoteItems(t, file1old)
+
+	err := operations.CopyFile(ctx, r.Fremote, r.Flocal, file1.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	file1old.Path = "backup/dst/file1"
+	r.CheckRemoteItems(t, file1old, file1)
+}
+
+// Test with CompareDest set
+func TestCopyFileCompareDest(t *testing.T) {
+	ctx := context.Background()
+	ctx, ci := fs.AddConfig(ctx)
+	r := fstest.NewRun(t)
+
+	ci.CompareDest = []string{r.FremoteName + "/CompareDest"}
+	fdst, err := fs.NewFs(ctx, r.FremoteName+"/dst")
+	require.NoError(t, err)
+
+	// check empty dest, empty compare
+	file1 := r.WriteFile("one", "one", t1)
+	r.CheckLocalItems(t, file1)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file1.Path, file1.Path)
+	require.NoError(t, err)
+
+	file1dst := file1
+	file1dst.Path = "dst/one"
+
+	r.CheckRemoteItems(t, file1dst)
+
+	// check old dest, empty compare
+	file1b := r.WriteFile("one", "onet2", t2)
+	r.CheckRemoteItems(t, file1dst)
+	r.CheckLocalItems(t, file1b)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file1b.Path, file1b.Path)
+	require.NoError(t, err)
+
+	file1bdst := file1b
+	file1bdst.Path = "dst/one"
+
+	r.CheckRemoteItems(t, file1bdst)
+
+	// check old dest, new compare
+	file3 := r.WriteObject(ctx, "dst/one", "one", t1)
+	file2 := r.WriteObject(ctx, "CompareDest/one", "onet2", t2)
+	file1c := r.WriteFile("one", "onet2", t2)
+	r.CheckRemoteItems(t, file2, file3)
+	r.CheckLocalItems(t, file1c)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file1c.Path, file1c.Path)
+	require.NoError(t, err)
+
+	r.CheckRemoteItems(t, file2, file3)
+
+	// check empty dest, new compare
+	file4 := r.WriteObject(ctx, "CompareDest/two", "two", t2)
+	file5 := r.WriteFile("two", "two", t2)
+	r.CheckRemoteItems(t, file2, file3, file4)
+	r.CheckLocalItems(t, file1c, file5)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
+	require.NoError(t, err)
+
+	r.CheckRemoteItems(t, file2, file3, file4)
+
+	// check new dest, new compare
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
+	require.NoError(t, err)
+
+	r.CheckRemoteItems(t, file2, file3, file4)
+
+	// check empty dest, old compare
+	file5b := r.WriteFile("two", "twot3", t3)
+	r.CheckRemoteItems(t, file2, file3, file4)
+	r.CheckLocalItems(t, file1c, file5b)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file5b.Path, file5b.Path)
+	require.NoError(t, err)
+
+	file5bdst := file5b
+	file5bdst.Path = "dst/two"
+
+	r.CheckRemoteItems(t, file2, file3, file4, file5bdst)
+}
+
+// Test with CopyDest set
+func TestCopyFileCopyDest(t *testing.T) {
+	ctx := context.Background()
+	ctx, ci := fs.AddConfig(ctx)
+	r := fstest.NewRun(t)
+
+	if r.Fremote.Features().Copy == nil {
+		t.Skip("Skipping test as remote does not support server-side copy")
+	}
+
+	ci.CopyDest = []string{r.FremoteName + "/CopyDest"}
+
+	fdst, err := fs.NewFs(ctx, r.FremoteName+"/dst")
+	require.NoError(t, err)
+
+	// check empty dest, empty copy
+	file1 := r.WriteFile("one", "one", t1)
+	r.CheckLocalItems(t, file1)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file1.Path, file1.Path)
+	require.NoError(t, err)
+
+	file1dst := file1
+	file1dst.Path = "dst/one"
+
+	r.CheckRemoteItems(t, file1dst)
+
+	// check old dest, empty copy
+	file1b := r.WriteFile("one", "onet2", t2)
+	r.CheckRemoteItems(t, file1dst)
+	r.CheckLocalItems(t, file1b)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file1b.Path, file1b.Path)
+	require.NoError(t, err)
+
+	file1bdst := file1b
+	file1bdst.Path = "dst/one"
+
+	r.CheckRemoteItems(t, file1bdst)
+
+	// check old dest, new copy, backup-dir
+
+	ci.BackupDir = r.FremoteName + "/BackupDir"
+
+	file3 := r.WriteObject(ctx, "dst/one", "one", t1)
+	file2 := r.WriteObject(ctx, "CopyDest/one", "onet2", t2)
+	file1c := r.WriteFile("one", "onet2", t2)
+	r.CheckRemoteItems(t, file2, file3)
+	r.CheckLocalItems(t, file1c)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file1c.Path, file1c.Path)
+	require.NoError(t, err)
+
+	file2dst := file2
+	file2dst.Path = "dst/one"
+	file3.Path = "BackupDir/one"
+
+	r.CheckRemoteItems(t, file2, file2dst, file3)
+	ci.BackupDir = ""
+
+	// check empty dest, new copy
+	file4 := r.WriteObject(ctx, "CopyDest/two", "two", t2)
+	file5 := r.WriteFile("two", "two", t2)
+	r.CheckRemoteItems(t, file2, file2dst, file3, file4)
+	r.CheckLocalItems(t, file1c, file5)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
+	require.NoError(t, err)
+
+	file4dst := file4
+	file4dst.Path = "dst/two"
+
+	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst)
+
+	// check new dest, new copy
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
+	require.NoError(t, err)
+
+	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst)
+
+	// check empty dest, old copy
+	file6 := r.WriteObject(ctx, "CopyDest/three", "three", t2)
+	file7 := r.WriteFile("three", "threet3", t3)
+	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst, file6)
+	r.CheckLocalItems(t, file1c, file5, file7)
+
+	err = operations.CopyFile(ctx, fdst, r.Flocal, file7.Path, file7.Path)
+	require.NoError(t, err)
+
+	file7dst := file7
+	file7dst.Path = "dst/three"
+
+	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst, file6, file7dst)
+}
+
+func TestCopyInplace(t *testing.T) {
+	ctx := context.Background()
+	ctx, ci := fs.AddConfig(ctx)
+	r := fstest.NewRun(t)
+
+	if !r.Fremote.Features().PartialUploads {
+		t.Skip("Partial uploads not supported")
+	}
+
+	ci.Inplace = true
+
+	file1 := r.WriteFile("file1", "file1 contents", t1)
+	r.CheckLocalItems(t, file1)
+
+	file2 := file1
+	file2.Path = "sub/file2"
+
+	err := operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+
+	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+
+	err = operations.CopyFile(ctx, r.Fremote, r.Fremote, file2.Path, file2.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+}
+
+func TestCopyLongFileName(t *testing.T) {
+	ctx := context.Background()
+	ctx, ci := fs.AddConfig(ctx)
+	r := fstest.NewRun(t)
+
+	if !r.Fremote.Features().PartialUploads {
+		t.Skip("Partial uploads not supported")
+	}
+
+	ci.Inplace = false // the default
+
+	file1 := r.WriteFile("file1", "file1 contents", t1)
+	r.CheckLocalItems(t, file1)
+
+	file2 := file1
+	file2.Path = "sub/" + strings.Repeat("file2", 30)
+
+	err := operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+
+	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+
+	err = operations.CopyFile(ctx, r.Fremote, r.Fremote, file2.Path, file2.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1)
+	r.CheckRemoteItems(t, file2)
+}
+
+func TestCopyFileMaxTransfer(t *testing.T) {
+	ctx := context.Background()
+	ctx, ci := fs.AddConfig(ctx)
+	r := fstest.NewRun(t)
+	defer accounting.Stats(ctx).ResetCounters()
+
+	const sizeCutoff = 2048
+
+	// Make random incompressible data
+	randomData := make([]byte, sizeCutoff)
+	_, err := rand.Read(randomData)
+	require.NoError(t, err)
+	randomString := string(randomData)
+
+	file1 := r.WriteFile("TestCopyFileMaxTransfer/file1", "file1 contents", t1)
+	file2 := r.WriteFile("TestCopyFileMaxTransfer/file2", "file2 contents"+randomString, t2)
+	file3 := r.WriteFile("TestCopyFileMaxTransfer/file3", "file3 contents"+randomString, t2)
+	file4 := r.WriteFile("TestCopyFileMaxTransfer/file4", "file4 contents"+randomString, t2)
+
+	// Cutoff mode: Hard
+	ci.MaxTransfer = sizeCutoff
+	ci.CutoffMode = fs.CutoffModeHard
+
+	// file1: Show a small file gets transferred OK
+	accounting.Stats(ctx).ResetCounters()
+	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file1.Path, file1.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1, file2, file3, file4)
+	r.CheckRemoteItems(t, file1)
+
+	// file2: show a large file does not get transferred
+	accounting.Stats(ctx).ResetCounters()
+	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file2.Path)
+	require.NotNil(t, err, "Did not get expected max transfer limit error")
+	if !errors.Is(err, accounting.ErrorMaxTransferLimitReachedFatal) {
+		t.Log("Expecting error to contain accounting.ErrorMaxTransferLimitReachedFatal")
+		// Sometimes the backends or their SDKs don't pass the
+		// error through properly, so check that it at least
+		// has the text we expect in.
+		assert.Contains(t, err.Error(), "max transfer limit reached")
+	}
+	r.CheckLocalItems(t, file1, file2, file3, file4)
+	r.CheckRemoteItems(t, file1)
+
+	// Cutoff mode: Cautious
+	ci.CutoffMode = fs.CutoffModeCautious
+
+	// file3: show a large file does not get transferred
+	accounting.Stats(ctx).ResetCounters()
+	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file3.Path, file3.Path)
+	require.NotNil(t, err)
+	assert.True(t, errors.Is(err, accounting.ErrorMaxTransferLimitReachedGraceful))
+	r.CheckLocalItems(t, file1, file2, file3, file4)
+	r.CheckRemoteItems(t, file1)
+
+	if isChunker(r.Fremote) {
+		t.Log("skipping remainder of test for chunker as it involves multiple transfers")
+		return
+	}
+
+	// Cutoff mode: Soft
+	ci.CutoffMode = fs.CutoffModeSoft
+
+	// file4: show a large file does get transferred this time
+	accounting.Stats(ctx).ResetCounters()
+	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file4.Path, file4.Path)
+	require.NoError(t, err)
+	r.CheckLocalItems(t, file1, file2, file3, file4)
+	r.CheckRemoteItems(t, file1, file4)
+}
diff --git a/fs/operations/lsjson.go b/fs/operations/lsjson.go
index 067681956747e..6c94ee6eeed85 100644
--- a/fs/operations/lsjson.go
+++ b/fs/operations/lsjson.go
@@ -291,7 +291,7 @@ func StatJSON(ctx context.Context, fsrc fs.Fs, remote string, opt *ListJSONOpt)
 	}
 
 	// Could be a file or a directory here
-	if lj.files {
+	if lj.files && !strings.HasSuffix(remote, "/") {
 		// NewObject can return the sentinel errors ErrorObjectNotFound or ErrorIsDir
 		// ErrorObjectNotFound can mean the source is a directory or not found
 		obj, err := fsrc.NewObject(ctx, remote)
@@ -314,6 +314,9 @@ func StatJSON(ctx context.Context, fsrc fs.Fs, remote string, opt *ListJSONOpt)
 		}
 	}
 	// Must be a directory here
+	//
+	// Remove trailing / as rclone listings won't have them
+	remote = strings.TrimRight(remote, "/")
 	parent := path.Dir(remote)
 	if parent == "." || parent == "/" {
 		parent = ""
diff --git a/fs/operations/lsjson_test.go b/fs/operations/lsjson_test.go
index c9be36173f116..7fbe673184351 100644
--- a/fs/operations/lsjson_test.go
+++ b/fs/operations/lsjson_test.go
@@ -292,6 +292,15 @@ func TestStatJSON(t *testing.T) {
 				Name:  "sub",
 				IsDir: true,
 			},
+		}, {
+			name:   "DirWithTrailingSlash",
+			remote: "sub/",
+			opt:    operations.ListJSONOpt{},
+			want: &operations.ListJSONItem{
+				Path:  "sub",
+				Name:  "sub",
+				IsDir: true,
+			},
 		}, {
 			name:   "File",
 			remote: "file1",
diff --git a/fs/operations/multithread.go b/fs/operations/multithread.go
index b8ace21d5367d..46e66dfa40fa6 100644
--- a/fs/operations/multithread.go
+++ b/fs/operations/multithread.go
@@ -1,6 +1,7 @@
 package operations
 
 import (
+	"bufio"
 	"context"
 	"errors"
 	"fmt"
@@ -8,13 +9,13 @@ import (
 
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/lib/atexit"
+	"github.com/rclone/rclone/lib/multipart"
 	"golang.org/x/sync/errgroup"
 )
 
 const (
-	multithreadChunkSize     = 64 << 10
-	multithreadChunkSizeMask = multithreadChunkSize - 1
-	multithreadBufferSize    = 32 * 1024
+	multithreadChunkSize = 64 << 10
 )
 
 // Return a boolean as to whether we should use multi thread copy for
@@ -28,13 +29,17 @@ func doMultiThreadCopy(ctx context.Context, f fs.Fs, src fs.Object) bool {
 	if ci.MultiThreadStreams <= 1 {
 		return false
 	}
+	// ...if the source doesn't support it
+	if src.Fs().Features().NoMultiThreading {
+		return false
+	}
 	// ...size of object is less than cutoff
 	if src.Size() < int64(ci.MultiThreadCutoff) {
 		return false
 	}
-	// ...source doesn't support it
+	// ...destination doesn't support it
 	dstFeatures := f.Features()
-	if dstFeatures.OpenWriterAt == nil {
+	if dstFeatures.OpenChunkWriter == nil && dstFeatures.OpenWriterAt == nil {
 		return false
 	}
 	// ...if --multi-thread-streams not in use and source and
@@ -47,24 +52,23 @@ func doMultiThreadCopy(ctx context.Context, f fs.Fs, src fs.Object) bool {
 
 // state for a multi-thread copy
 type multiThreadCopyState struct {
-	ctx      context.Context
-	partSize int64
-	size     int64
-	wc       fs.WriterAtCloser
-	src      fs.Object
-	acc      *accounting.Account
-	streams  int
+	ctx         context.Context
+	partSize    int64
+	size        int64
+	src         fs.Object
+	acc         *accounting.Account
+	numChunks   int
+	noBuffering bool // set to read the input without buffering
 }
 
-// Copy a single stream into place
-func (mc *multiThreadCopyState) copyStream(ctx context.Context, stream int) (err error) {
-	ci := fs.GetConfig(ctx)
+// Copy a single chunk into place
+func (mc *multiThreadCopyState) copyChunk(ctx context.Context, chunk int, writer fs.ChunkWriter) (err error) {
 	defer func() {
 		if err != nil {
-			fs.Debugf(mc.src, "multi-thread copy: stream %d/%d failed: %v", stream+1, mc.streams, err)
+			fs.Debugf(mc.src, "multi-thread copy: chunk %d/%d failed: %v", chunk+1, mc.numChunks, err)
 		}
 	}()
-	start := int64(stream) * mc.partSize
+	start := int64(chunk) * mc.partSize
 	if start >= mc.size {
 		return nil
 	}
@@ -72,132 +76,297 @@ func (mc *multiThreadCopyState) copyStream(ctx context.Context, stream int) (err
 	if end > mc.size {
 		end = mc.size
 	}
+	size := end - start
 
-	fs.Debugf(mc.src, "multi-thread copy: stream %d/%d (%d-%d) size %v starting", stream+1, mc.streams, start, end, fs.SizeSuffix(end-start))
+	fs.Debugf(mc.src, "multi-thread copy: chunk %d/%d (%d-%d) size %v starting", chunk+1, mc.numChunks, start, end, fs.SizeSuffix(size))
 
-	rc, err := NewReOpen(ctx, mc.src, ci.LowLevelRetries, &fs.RangeOption{Start: start, End: end - 1})
+	rc, err := Open(ctx, mc.src, &fs.RangeOption{Start: start, End: end - 1})
 	if err != nil {
-		return fmt.Errorf("multipart copy: failed to open source: %w", err)
+		return fmt.Errorf("multi-thread copy: failed to open source: %w", err)
 	}
 	defer fs.CheckClose(rc, &err)
 
-	// Copy the data
-	buf := make([]byte, multithreadBufferSize)
-	offset := start
-	for {
-		// Check if context cancelled and exit if so
-		if mc.ctx.Err() != nil {
-			return mc.ctx.Err()
-		}
-		nr, er := rc.Read(buf)
-		if nr > 0 {
-			err = mc.acc.AccountRead(nr)
-			if err != nil {
-				return fmt.Errorf("multipart copy: accounting failed: %w", err)
-			}
-			nw, ew := mc.wc.WriteAt(buf[0:nr], offset)
-			if nw > 0 {
-				offset += int64(nw)
-			}
-			if ew != nil {
-				return fmt.Errorf("multipart copy: write failed: %w", ew)
-			}
-			if nr != nw {
-				return fmt.Errorf("multipart copy: %w", io.ErrShortWrite)
-			}
-		}
-		if er != nil {
-			if er != io.EOF {
-				return fmt.Errorf("multipart copy: read failed: %w", er)
-			}
-			break
+	var rs io.ReadSeeker
+	if mc.noBuffering {
+		// Read directly if we are sure we aren't going to seek
+		// and account with accounting
+		rc.SetAccounting(mc.acc.AccountRead)
+		rs = rc
+	} else {
+		// Read the chunk into buffered reader
+		rw := multipart.NewRW()
+		defer fs.CheckClose(rw, &err)
+		_, err = io.CopyN(rw, rc, size)
+		if err != nil {
+			return fmt.Errorf("multi-thread copy: failed to read chunk: %w", err)
 		}
+		// Account as we go
+		rw.SetAccounting(mc.acc.AccountRead)
+		rs = rw
 	}
 
-	if offset != end {
-		return fmt.Errorf("multipart copy: wrote %d bytes but expected to write %d", offset-start, end-start)
+	// Write the chunk
+	bytesWritten, err := writer.WriteChunk(ctx, chunk, rs)
+	if err != nil {
+		return fmt.Errorf("multi-thread copy: failed to write chunk: %w", err)
 	}
 
-	fs.Debugf(mc.src, "multi-thread copy: stream %d/%d (%d-%d) size %v finished", stream+1, mc.streams, start, end, fs.SizeSuffix(end-start))
+	fs.Debugf(mc.src, "multi-thread copy: chunk %d/%d (%d-%d) size %v finished", chunk+1, mc.numChunks, start, end, fs.SizeSuffix(bytesWritten))
 	return nil
 }
 
-// Calculate the chunk sizes and updated number of streams
-func (mc *multiThreadCopyState) calculateChunks() {
-	partSize := mc.size / int64(mc.streams)
-	// Round partition size up so partSize * streams >= size
-	if (mc.size % int64(mc.streams)) != 0 {
-		partSize++
-	}
-	// round partSize up to nearest multithreadChunkSize boundary
-	mc.partSize = (partSize + multithreadChunkSizeMask) &^ multithreadChunkSizeMask
-	// recalculate number of streams
-	mc.streams = int(mc.size / mc.partSize)
-	// round streams up so partSize * streams >= size
-	if (mc.size % mc.partSize) != 0 {
-		mc.streams++
+// Given a file size and a chunkSize
+// it returns the number of chunks, so that chunkSize * numChunks >= size
+func calculateNumChunks(size int64, chunkSize int64) int {
+	numChunks := size / chunkSize
+	if size%chunkSize != 0 {
+		numChunks++
 	}
+	return int(numChunks)
 }
 
-// Copy src to (f, remote) using streams download threads and the OpenWriterAt feature
-func multiThreadCopy(ctx context.Context, f fs.Fs, remote string, src fs.Object, streams int, tr *accounting.Transfer) (newDst fs.Object, err error) {
-	openWriterAt := f.Features().OpenWriterAt
-	if openWriterAt == nil {
-		return nil, errors.New("multi-thread copy: OpenWriterAt not supported")
+// Copy src to (f, remote) using streams download threads. It tries to use the OpenChunkWriter feature
+// and if that's not available it creates an adapter using OpenWriterAt
+func multiThreadCopy(ctx context.Context, f fs.Fs, remote string, src fs.Object, concurrency int, tr *accounting.Transfer, options ...fs.OpenOption) (newDst fs.Object, err error) {
+	openChunkWriter := f.Features().OpenChunkWriter
+	ci := fs.GetConfig(ctx)
+	noBuffering := false
+	if openChunkWriter == nil {
+		openWriterAt := f.Features().OpenWriterAt
+		if openWriterAt == nil {
+			return nil, errors.New("multi-thread copy: neither OpenChunkWriter nor OpenWriterAt supported")
+		}
+		openChunkWriter = openChunkWriterFromOpenWriterAt(openWriterAt, int64(ci.MultiThreadChunkSize), int64(ci.MultiThreadWriteBufferSize), f)
+		// If we are using OpenWriterAt we don't seek the chunks so don't need to buffer
+		fs.Debugf(src, "multi-thread copy: disabling buffering because destination uses OpenWriterAt")
+		noBuffering = true
+	} else if src.Fs().Features().IsLocal {
+		// If the source fs is local we don't need to buffer
+		fs.Debugf(src, "multi-thread copy: disabling buffering because source is local disk")
+		noBuffering = true
+	} else if f.Features().ChunkWriterDoesntSeek {
+		// If the destination Fs promises not to seek its chunks
+		// (except for retries) then we don't need buffering.
+		fs.Debugf(src, "multi-thread copy: disabling buffering because destination has set ChunkWriterDoesntSeek")
+		noBuffering = true
 	}
+
 	if src.Size() < 0 {
-		return nil, errors.New("multi-thread copy: can't copy unknown sized file")
+		return nil, fmt.Errorf("multi-thread copy: can't copy unknown sized file")
 	}
 	if src.Size() == 0 {
-		return nil, errors.New("multi-thread copy: can't copy zero sized file")
+		return nil, fmt.Errorf("multi-thread copy: can't copy zero sized file")
 	}
 
-	g, gCtx := errgroup.WithContext(ctx)
-	mc := &multiThreadCopyState{
-		ctx:     gCtx,
-		size:    src.Size(),
-		src:     src,
-		streams: streams,
+	info, chunkWriter, err := openChunkWriter(ctx, remote, src, options...)
+	if err != nil {
+		return nil, fmt.Errorf("multi-thread copy: failed to open chunk writer: %w", err)
 	}
-	mc.calculateChunks()
 
-	// Make accounting
-	mc.acc = tr.Account(ctx, nil)
+	uploadCtx, cancel := context.WithCancel(ctx)
+	defer cancel()
+	uploadedOK := false
+	defer atexit.OnError(&err, func() {
+		cancel()
+		if info.LeavePartsOnError || uploadedOK {
+			return
+		}
+		fs.Debugf(src, "multi-thread copy: cancelling transfer on exit")
+		abortErr := chunkWriter.Abort(ctx)
+		if abortErr != nil {
+			fs.Debugf(src, "multi-thread copy: abort failed: %v", abortErr)
+		}
+	})()
 
-	// create write file handle
-	mc.wc, err = openWriterAt(gCtx, remote, mc.size)
-	if err != nil {
-		return nil, fmt.Errorf("multipart copy: failed to open destination: %w", err)
+	if info.ChunkSize > src.Size() {
+		fs.Debugf(src, "multi-thread copy: chunk size %v was bigger than source file size %v", fs.SizeSuffix(info.ChunkSize), fs.SizeSuffix(src.Size()))
+		info.ChunkSize = src.Size()
+	}
+
+	// Use the backend concurrency if it is higher than --multi-thread-streams or if --multi-thread-streams wasn't set explicitly
+	if !ci.MultiThreadSet || info.Concurrency > concurrency {
+		fs.Debugf(src, "multi-thread copy: using backend concurrency of %d instead of --multi-thread-streams %d", info.Concurrency, concurrency)
+		concurrency = info.Concurrency
 	}
 
-	fs.Debugf(src, "Starting multi-thread copy with %d parts of size %v", mc.streams, fs.SizeSuffix(mc.partSize))
-	for stream := 0; stream < mc.streams; stream++ {
-		stream := stream
-		g.Go(func() (err error) {
-			return mc.copyStream(gCtx, stream)
+	numChunks := calculateNumChunks(src.Size(), info.ChunkSize)
+	if concurrency > numChunks {
+		fs.Debugf(src, "multi-thread copy: number of streams %d was bigger than number of chunks %d", concurrency, numChunks)
+		concurrency = numChunks
+	}
+
+	if concurrency < 1 {
+		concurrency = 1
+	}
+
+	g, gCtx := errgroup.WithContext(uploadCtx)
+	g.SetLimit(concurrency)
+
+	mc := &multiThreadCopyState{
+		ctx:         gCtx,
+		size:        src.Size(),
+		src:         src,
+		partSize:    info.ChunkSize,
+		numChunks:   numChunks,
+		noBuffering: noBuffering,
+	}
+
+	// Make accounting
+	mc.acc = tr.Account(gCtx, nil)
+
+	fs.Debugf(src, "Starting multi-thread copy with %d chunks of size %v with %v parallel streams", mc.numChunks, fs.SizeSuffix(mc.partSize), concurrency)
+	for chunk := 0; chunk < mc.numChunks; chunk++ {
+		// Fail fast, in case an errgroup managed function returns an error
+		if gCtx.Err() != nil {
+			break
+		}
+		chunk := chunk
+		g.Go(func() error {
+			return mc.copyChunk(gCtx, chunk, chunkWriter)
 		})
 	}
+
 	err = g.Wait()
-	closeErr := mc.wc.Close()
 	if err != nil {
 		return nil, err
 	}
-	if closeErr != nil {
-		return nil, fmt.Errorf("multi-thread copy: failed to close object after copy: %w", closeErr)
+	err = chunkWriter.Close(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("multi-thread copy: failed to close object after copy: %w", err)
 	}
+	uploadedOK = true // file is definitely uploaded OK so no need to abort
 
 	obj, err := f.NewObject(ctx, remote)
 	if err != nil {
 		return nil, fmt.Errorf("multi-thread copy: failed to find object after copy: %w", err)
 	}
 
-	err = obj.SetModTime(ctx, src.ModTime(ctx))
-	switch err {
-	case nil, fs.ErrorCantSetModTime, fs.ErrorCantSetModTimeWithoutDelete:
-	default:
-		return nil, fmt.Errorf("multi-thread copy: failed to set modification time: %w", err)
+	if f.Features().PartialUploads {
+		err = obj.SetModTime(ctx, src.ModTime(ctx))
+		switch err {
+		case nil, fs.ErrorCantSetModTime, fs.ErrorCantSetModTimeWithoutDelete:
+		default:
+			return nil, fmt.Errorf("multi-thread copy: failed to set modification time: %w", err)
+		}
 	}
 
-	fs.Debugf(src, "Finished multi-thread copy with %d parts of size %v", mc.streams, fs.SizeSuffix(mc.partSize))
+	fs.Debugf(src, "Finished multi-thread copy with %d parts of size %v", mc.numChunks, fs.SizeSuffix(mc.partSize))
 	return obj, nil
 }
+
+// An offsetWriter maps writes at offset base to offset base+off in the underlying writer.
+//
+// Modified from the go source code. Can be replaced with
+// io.OffsetWriter when we no longer need to support go1.19
+type offsetWriter struct {
+	w   io.WriterAt
+	off int64 // the current offset
+}
+
+// newOffsetWriter returns an offsetWriter that writes to w
+// starting at offset off.
+func newOffsetWriter(w io.WriterAt, off int64) *offsetWriter {
+	return &offsetWriter{w, off}
+}
+
+func (o *offsetWriter) Write(p []byte) (n int, err error) {
+	n, err = o.w.WriteAt(p, o.off)
+	o.off += int64(n)
+	return
+}
+
+// writerAtChunkWriter converts a WriterAtCloser into a ChunkWriter
+type writerAtChunkWriter struct {
+	remote          string
+	size            int64
+	writerAt        fs.WriterAtCloser
+	chunkSize       int64
+	chunks          int
+	writeBufferSize int64
+	f               fs.Fs
+	closed          bool
+}
+
+// WriteChunk writes chunkNumber from reader
+func (w *writerAtChunkWriter) WriteChunk(ctx context.Context, chunkNumber int, reader io.ReadSeeker) (int64, error) {
+	fs.Debugf(w.remote, "writing chunk %v", chunkNumber)
+
+	bytesToWrite := w.chunkSize
+	if chunkNumber == (w.chunks-1) && w.size%w.chunkSize != 0 {
+		bytesToWrite = w.size % w.chunkSize
+	}
+
+	var writer io.Writer = newOffsetWriter(w.writerAt, int64(chunkNumber)*w.chunkSize)
+	if w.writeBufferSize > 0 {
+		writer = bufio.NewWriterSize(writer, int(w.writeBufferSize))
+	}
+	n, err := io.Copy(writer, reader)
+	if err != nil {
+		return -1, err
+	}
+	if n != bytesToWrite {
+		return -1, fmt.Errorf("expected to write %v bytes for chunk %v, but wrote %v bytes", bytesToWrite, chunkNumber, n)
+	}
+	// if we were buffering, flush to disk
+	switch w := writer.(type) {
+	case *bufio.Writer:
+		er2 := w.Flush()
+		if er2 != nil {
+			return -1, fmt.Errorf("multi-thread copy: flush failed: %w", err)
+		}
+	}
+	return n, nil
+}
+
+// Close the chunk writing
+func (w *writerAtChunkWriter) Close(ctx context.Context) error {
+	if w.closed {
+		return nil
+	}
+	w.closed = true
+	return w.writerAt.Close()
+}
+
+// Abort the chunk writing
+func (w *writerAtChunkWriter) Abort(ctx context.Context) error {
+	err := w.Close(ctx)
+	if err != nil {
+		fs.Errorf(w.remote, "multi-thread copy: failed to close file before aborting: %v", err)
+	}
+	obj, err := w.f.NewObject(ctx, w.remote)
+	if err != nil {
+		return fmt.Errorf("multi-thread copy: failed to find temp file when aborting chunk writer: %w", err)
+	}
+	return obj.Remove(ctx)
+}
+
+// openChunkWriterFromOpenWriterAt adapts an OpenWriterAtFn into an OpenChunkWriterFn using chunkSize and writeBufferSize
+func openChunkWriterFromOpenWriterAt(openWriterAt fs.OpenWriterAtFn, chunkSize int64, writeBufferSize int64, f fs.Fs) fs.OpenChunkWriterFn {
+	return func(ctx context.Context, remote string, src fs.ObjectInfo, options ...fs.OpenOption) (info fs.ChunkWriterInfo, writer fs.ChunkWriter, err error) {
+		ci := fs.GetConfig(ctx)
+
+		writerAt, err := openWriterAt(ctx, remote, src.Size())
+		if err != nil {
+			return info, nil, err
+		}
+
+		if writeBufferSize > 0 {
+			fs.Debugf(src.Remote(), "multi-thread copy: write buffer set to %v", writeBufferSize)
+		}
+
+		chunkWriter := &writerAtChunkWriter{
+			remote:          remote,
+			size:            src.Size(),
+			chunkSize:       chunkSize,
+			chunks:          calculateNumChunks(src.Size(), chunkSize),
+			writerAt:        writerAt,
+			writeBufferSize: writeBufferSize,
+			f:               f,
+		}
+		info = fs.ChunkWriterInfo{
+			ChunkSize:   chunkSize,
+			Concurrency: ci.MultiThreadStreams,
+		}
+		return info, chunkWriter, nil
+	}
+}
diff --git a/fs/operations/multithread_test.go b/fs/operations/multithread_test.go
index a036139e5d924..a61f3433195b0 100644
--- a/fs/operations/multithread_test.go
+++ b/fs/operations/multithread_test.go
@@ -2,10 +2,16 @@ package operations
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"io"
+	"sync"
 	"testing"
+	"time"
 
 	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/fs/hash"
+	"github.com/rclone/rclone/fs/object"
 	"github.com/rclone/rclone/fstest/mockfs"
 	"github.com/rclone/rclone/fstest/mockobject"
 	"github.com/rclone/rclone/lib/random"
@@ -19,9 +25,11 @@ import (
 func TestDoMultiThreadCopy(t *testing.T) {
 	ctx := context.Background()
 	ci := fs.GetConfig(ctx)
-	f := mockfs.NewFs(ctx, "potato", "")
+	f, err := mockfs.NewFs(ctx, "potato", "", nil)
+	require.NoError(t, err)
 	src := mockobject.New("file.txt").WithContent([]byte(random.String(100)), mockobject.SeekModeNone)
-	srcFs := mockfs.NewFs(ctx, "sausage", "")
+	srcFs, err := mockfs.NewFs(ctx, "sausage", "", nil)
+	require.NoError(t, err)
 	src.SetFs(srcFs)
 
 	oldStreams := ci.MultiThreadStreams
@@ -77,72 +85,222 @@ func TestDoMultiThreadCopy(t *testing.T) {
 	assert.True(t, doMultiThreadCopy(ctx, f, src))
 	srcFs.Features().IsLocal = false
 	assert.True(t, doMultiThreadCopy(ctx, f, src))
+
+	srcFs.Features().NoMultiThreading = true
+	assert.False(t, doMultiThreadCopy(ctx, f, src))
+	srcFs.Features().NoMultiThreading = false
+	assert.True(t, doMultiThreadCopy(ctx, f, src))
 }
 
-func TestMultithreadCalculateChunks(t *testing.T) {
+func TestMultithreadCalculateNumChunks(t *testing.T) {
 	for _, test := range []struct {
-		size         int64
-		streams      int
-		wantPartSize int64
-		wantStreams  int
+		size          int64
+		chunkSize     int64
+		wantNumChunks int
 	}{
-		{size: 1, streams: 10, wantPartSize: multithreadChunkSize, wantStreams: 1},
-		{size: 1 << 20, streams: 1, wantPartSize: 1 << 20, wantStreams: 1},
-		{size: 1 << 20, streams: 2, wantPartSize: 1 << 19, wantStreams: 2},
-		{size: (1 << 20) + 1, streams: 2, wantPartSize: (1 << 19) + multithreadChunkSize, wantStreams: 2},
-		{size: (1 << 20) - 1, streams: 2, wantPartSize: (1 << 19), wantStreams: 2},
+		{size: 1, chunkSize: multithreadChunkSize, wantNumChunks: 1},
+		{size: 1 << 20, chunkSize: 1, wantNumChunks: 1 << 20},
+		{size: 1 << 20, chunkSize: 2, wantNumChunks: 1 << 19},
+		{size: (1 << 20) + 1, chunkSize: 2, wantNumChunks: (1 << 19) + 1},
+		{size: (1 << 20) - 1, chunkSize: 2, wantNumChunks: 1 << 19},
 	} {
 		t.Run(fmt.Sprintf("%+v", test), func(t *testing.T) {
 			mc := &multiThreadCopyState{
-				size:    test.size,
-				streams: test.streams,
+				size: test.size,
 			}
-			mc.calculateChunks()
-			assert.Equal(t, test.wantPartSize, mc.partSize)
-			assert.Equal(t, test.wantStreams, mc.streams)
+			mc.numChunks = calculateNumChunks(test.size, test.chunkSize)
+			assert.Equal(t, test.wantNumChunks, mc.numChunks)
 		})
 	}
 }
 
+// Skip if not multithread, returning the chunkSize otherwise
+func skipIfNotMultithread(ctx context.Context, t *testing.T, r *fstest.Run) int {
+	features := r.Fremote.Features()
+	if features.OpenChunkWriter == nil && features.OpenWriterAt == nil {
+		t.Skip("multithread writing not supported")
+	}
+
+	// Only support one hash otherwise we end up spending a huge amount of CPU on hashing!
+	oldHashes := hash.SupportOnly([]hash.Type{r.Fremote.Hashes().GetOne()})
+	t.Cleanup(func() {
+		_ = hash.SupportOnly(oldHashes)
+	})
+
+	ci := fs.GetConfig(ctx)
+	chunkSize := int(ci.MultiThreadChunkSize)
+	if features.OpenChunkWriter != nil {
+		//OpenChunkWriter func(ctx context.Context, remote string, src ObjectInfo, options ...OpenOption) (info ChunkWriterInfo, writer ChunkWriter, err error)
+		const fileName = "chunksize-probe"
+		src := object.NewStaticObjectInfo(fileName, time.Now(), int64(100*fs.Mebi), true, nil, nil)
+		info, writer, err := features.OpenChunkWriter(ctx, fileName, src)
+		require.NoError(t, err)
+		chunkSize = int(info.ChunkSize)
+		err = writer.Abort(ctx)
+		require.NoError(t, err)
+	}
+	return chunkSize
+}
+
 func TestMultithreadCopy(t *testing.T) {
 	r := fstest.NewRun(t)
 	ctx := context.Background()
+	chunkSize := skipIfNotMultithread(ctx, t, r)
 
-	for _, test := range []struct {
-		size    int
-		streams int
-	}{
-		{size: multithreadChunkSize*2 - 1, streams: 2},
-		{size: multithreadChunkSize * 2, streams: 2},
-		{size: multithreadChunkSize*2 + 1, streams: 2},
-	} {
-		t.Run(fmt.Sprintf("%+v", test), func(t *testing.T) {
-			if *fstest.SizeLimit > 0 && int64(test.size) > *fstest.SizeLimit {
-				t.Skipf("exceeded file size limit %d > %d", test.size, *fstest.SizeLimit)
+	for _, upload := range []bool{false, true} {
+		for _, test := range []struct {
+			size    int
+			streams int
+		}{
+			{size: chunkSize*2 - 1, streams: 2},
+			{size: chunkSize * 2, streams: 2},
+			{size: chunkSize*2 + 1, streams: 2},
+		} {
+			fileName := fmt.Sprintf("test-multithread-copy-%v-%d-%d", upload, test.size, test.streams)
+			t.Run(fmt.Sprintf("upload=%v,size=%v,streams=%v", upload, test.size, test.streams), func(t *testing.T) {
+				if *fstest.SizeLimit > 0 && int64(test.size) > *fstest.SizeLimit {
+					t.Skipf("exceeded file size limit %d > %d", test.size, *fstest.SizeLimit)
+				}
+				var (
+					contents = random.String(test.size)
+					t1       = fstest.Time("2001-02-03T04:05:06.499999999Z")
+					file1    fstest.Item
+					src, dst fs.Object
+					err      error
+				)
+
+				if upload {
+					file1 = r.WriteFile(fileName, contents, t1)
+					r.CheckRemoteItems(t)
+					r.CheckLocalItems(t, file1)
+					src, err = r.Flocal.NewObject(ctx, fileName)
+				} else {
+					file1 = r.WriteObject(ctx, fileName, contents, t1)
+					r.CheckRemoteItems(t, file1)
+					r.CheckLocalItems(t)
+					src, err = r.Fremote.NewObject(ctx, fileName)
+				}
+				require.NoError(t, err)
+
+				accounting.GlobalStats().ResetCounters()
+				tr := accounting.GlobalStats().NewTransfer(src)
+
+				defer func() {
+					tr.Done(ctx, err)
+				}()
+
+				if upload {
+					dst, err = multiThreadCopy(ctx, r.Fremote, fileName, src, test.streams, tr)
+				} else {
+					dst, err = multiThreadCopy(ctx, r.Flocal, fileName, src, test.streams, tr)
+				}
+
+				require.NoError(t, err)
+				assert.Equal(t, src.Size(), dst.Size())
+				assert.Equal(t, fileName, dst.Remote())
+				fstest.CheckListingWithPrecision(t, r.Fremote, []fstest.Item{file1}, nil, fs.GetModifyWindow(ctx, r.Flocal, r.Fremote))
+				fstest.CheckListingWithPrecision(t, r.Flocal, []fstest.Item{file1}, nil, fs.GetModifyWindow(ctx, r.Flocal, r.Fremote))
+				require.NoError(t, dst.Remove(ctx))
+				require.NoError(t, src.Remove(ctx))
+			})
+		}
+	}
+}
+
+type errorObject struct {
+	fs.Object
+	size int64
+	wg   *sync.WaitGroup
+}
+
+// Open opens the file for read.  Call Close() on the returned io.ReadCloser
+//
+// Remember this is called multiple times whenever the backend seeks (eg having read checksum)
+func (o errorObject) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadCloser, error) {
+	fs.Debugf(nil, "Open with options = %v", options)
+	rc, err := o.Object.Open(ctx, options...)
+	if err != nil {
+		return nil, err
+	}
+	// Return an error reader for the second segment
+	for _, option := range options {
+		if ropt, ok := option.(*fs.RangeOption); ok {
+			end := ropt.End + 1
+			if end >= o.size {
+				// Give the other chunks a chance to start
+				time.Sleep(time.Second)
+				// Wait for chunks to upload first
+				o.wg.Wait()
+				fs.Debugf(nil, "Returning error reader")
+				return errorReadCloser{rc}, nil
 			}
-			var err error
-			contents := random.String(test.size)
-			t1 := fstest.Time("2001-02-03T04:05:06.499999999Z")
-			file1 := r.WriteObject(ctx, "file1", contents, t1)
-			r.CheckRemoteItems(t, file1)
-			r.CheckLocalItems(t)
-
-			src, err := r.Fremote.NewObject(ctx, "file1")
-			require.NoError(t, err)
-			accounting.GlobalStats().ResetCounters()
-			tr := accounting.GlobalStats().NewTransfer(src)
-
-			defer func() {
-				tr.Done(ctx, err)
-			}()
-			dst, err := multiThreadCopy(ctx, r.Flocal, "file1", src, 2, tr)
-			require.NoError(t, err)
-			assert.Equal(t, src.Size(), dst.Size())
-			assert.Equal(t, "file1", dst.Remote())
-
-			fstest.CheckListingWithPrecision(t, r.Flocal, []fstest.Item{file1}, nil, fs.GetModifyWindow(ctx, r.Flocal, r.Fremote))
-			require.NoError(t, dst.Remove(ctx))
-		})
+		}
+	}
+	o.wg.Add(1)
+	return wgReadCloser{rc, o.wg}, nil
+}
+
+type errorReadCloser struct {
+	io.ReadCloser
+}
+
+func (rc errorReadCloser) Read(p []byte) (n int, err error) {
+	fs.Debugf(nil, "BOOM: simulated read failure")
+	return 0, errors.New("BOOM: simulated read failure")
+}
+
+type wgReadCloser struct {
+	io.ReadCloser
+	wg *sync.WaitGroup
+}
+
+func (rc wgReadCloser) Close() (err error) {
+	rc.wg.Done()
+	return rc.ReadCloser.Close()
+}
+
+// Make sure aborting the multi-thread copy doesn't overwrite an existing file.
+func TestMultithreadCopyAbort(t *testing.T) {
+	r := fstest.NewRun(t)
+	ctx := context.Background()
+	chunkSize := skipIfNotMultithread(ctx, t, r)
+	size := 2*chunkSize + 1
+
+	if *fstest.SizeLimit > 0 && int64(size) > *fstest.SizeLimit {
+		t.Skipf("exceeded file size limit %d > %d", size, *fstest.SizeLimit)
 	}
 
+	// first write a canary file which we are trying not to overwrite
+	const fileName = "test-multithread-abort"
+	contents := random.String(100)
+	t1 := fstest.Time("2001-02-03T04:05:06.499999999Z")
+	canary := r.WriteObject(ctx, fileName, contents, t1)
+	r.CheckRemoteItems(t, canary)
+
+	// Now write a local file to upload
+	file1 := r.WriteFile(fileName, random.String(size), t1)
+	r.CheckLocalItems(t, file1)
+
+	src, err := r.Flocal.NewObject(ctx, fileName)
+	require.NoError(t, err)
+	accounting.GlobalStats().ResetCounters()
+	tr := accounting.GlobalStats().NewTransfer(src)
+
+	defer func() {
+		tr.Done(ctx, err)
+	}()
+	wg := new(sync.WaitGroup)
+	dst, err := multiThreadCopy(ctx, r.Fremote, fileName, errorObject{src, int64(size), wg}, 1, tr)
+	assert.Error(t, err)
+	assert.Nil(t, dst)
+
+	if r.Fremote.Features().PartialUploads {
+		r.CheckRemoteItems(t)
+
+	} else {
+		r.CheckRemoteItems(t, canary)
+		o, err := r.Fremote.NewObject(ctx, fileName)
+		require.NoError(t, err)
+		require.NoError(t, o.Remove(ctx))
+	}
 }
diff --git a/fs/operations/operations.go b/fs/operations/operations.go
index 0740a198dddba..a7e2f6d50ac30 100644
--- a/fs/operations/operations.go
+++ b/fs/operations/operations.go
@@ -34,7 +34,6 @@ import (
 	"github.com/rclone/rclone/fs/object"
 	"github.com/rclone/rclone/fs/walk"
 	"github.com/rclone/rclone/lib/atexit"
-	"github.com/rclone/rclone/lib/pacer"
 	"github.com/rclone/rclone/lib/random"
 	"github.com/rclone/rclone/lib/readers"
 	"golang.org/x/sync/errgroup"
@@ -254,11 +253,11 @@ func equal(ctx context.Context, src fs.ObjectInfo, dst fs.Object, opt equalOpt)
 			}
 			// Update the mtime of the dst object here
 			err := dst.SetModTime(ctx, srcModTime)
-			if err == fs.ErrorCantSetModTime {
+			if errors.Is(err, fs.ErrorCantSetModTime) {
 				logModTimeUpload(dst)
 				fs.Infof(dst, "src and dst identical but can't set mod time without re-uploading")
 				return false
-			} else if err == fs.ErrorCantSetModTimeWithoutDelete {
+			} else if errors.Is(err, fs.ErrorCantSetModTimeWithoutDelete) {
 				logModTimeUpload(dst)
 				fs.Infof(dst, "src and dst identical but can't set mod time without deleting and re-uploading")
 				// Remove the file if BackupDir isn't set.  If BackupDir is set we would rather have the old file
@@ -281,22 +280,6 @@ func equal(ctx context.Context, src fs.ObjectInfo, dst fs.Object, opt equalOpt)
 	return true
 }
 
-// Used to remove a failed copy
-//
-// Returns whether the file was successfully removed or not
-func removeFailedCopy(ctx context.Context, dst fs.Object) bool {
-	if dst == nil {
-		return false
-	}
-	fs.Infof(dst, "Removing failed copy")
-	removeErr := dst.Remove(ctx)
-	if removeErr != nil {
-		fs.Infof(dst, "Failed to remove failed copy: %s", removeErr)
-		return false
-	}
-	return true
-}
-
 // CommonHash returns a single hash.Type and a HashOption with that
 // type which is in common between the two fs.Fs.
 func CommonHash(ctx context.Context, fa, fb fs.Info) (hash.Type, *fs.HashesOption) {
@@ -314,199 +297,6 @@ func CommonHash(ctx context.Context, fa, fb fs.Info) (hash.Type, *fs.HashesOptio
 	return hashType, &fs.HashesOption{Hashes: common}
 }
 
-// Copy src object to dst or f if nil.  If dst is nil then it uses
-// remote as the name of the new object.
-//
-// It returns the destination object if possible.  Note that this may
-// be nil.
-func Copy(ctx context.Context, f fs.Fs, dst fs.Object, remote string, src fs.Object) (newDst fs.Object, err error) {
-	ci := fs.GetConfig(ctx)
-	tr := accounting.Stats(ctx).NewTransfer(src)
-	defer func() {
-		tr.Done(ctx, err)
-	}()
-	newDst = dst
-	if SkipDestructive(ctx, src, "copy") {
-		in := tr.Account(ctx, nil)
-		in.DryRun(src.Size())
-		return newDst, nil
-	}
-	maxTries := ci.LowLevelRetries
-	tries := 0
-	doUpdate := dst != nil
-	hashType, hashOption := CommonHash(ctx, f, src.Fs())
-
-	var actionTaken string
-	for {
-		// Try server-side copy first - if has optional interface and
-		// is same underlying remote
-		actionTaken = "Copied (server-side copy)"
-		if ci.MaxTransfer >= 0 {
-			var bytesSoFar int64
-			if ci.CutoffMode == fs.CutoffModeCautious {
-				bytesSoFar = accounting.Stats(ctx).GetBytesWithPending() + src.Size()
-			} else {
-				bytesSoFar = accounting.Stats(ctx).GetBytes()
-			}
-			if bytesSoFar >= int64(ci.MaxTransfer) {
-				if ci.CutoffMode == fs.CutoffModeHard {
-					return nil, accounting.ErrorMaxTransferLimitReachedFatal
-				}
-				return nil, accounting.ErrorMaxTransferLimitReachedGraceful
-			}
-		}
-		if doCopy := f.Features().Copy; doCopy != nil && (SameConfig(src.Fs(), f) || (SameRemoteType(src.Fs(), f) && (f.Features().ServerSideAcrossConfigs || ci.ServerSideAcrossConfigs))) {
-			in := tr.Account(ctx, nil) // account the transfer
-			in.ServerSideCopyStart()
-			newDst, err = doCopy(ctx, src, remote)
-			if err == nil {
-				dst = newDst
-				in.ServerSideCopyEnd(dst.Size()) // account the bytes for the server-side transfer
-				_ = in.Close()
-			} else {
-				_ = in.Close()
-			}
-			if err == fs.ErrorCantCopy {
-				tr.Reset(ctx) // skip incomplete accounting - will be overwritten by the manual copy below
-			}
-		} else {
-			err = fs.ErrorCantCopy
-		}
-		// If can't server-side copy, do it manually
-		if err == fs.ErrorCantCopy {
-			if doMultiThreadCopy(ctx, f, src) {
-				// Number of streams proportional to size
-				streams := src.Size() / int64(ci.MultiThreadCutoff)
-				// With maximum
-				if streams > int64(ci.MultiThreadStreams) {
-					streams = int64(ci.MultiThreadStreams)
-				}
-				if streams < 2 {
-					streams = 2
-				}
-				dst, err = multiThreadCopy(ctx, f, remote, src, int(streams), tr)
-				if doUpdate {
-					actionTaken = "Multi-thread Copied (replaced existing)"
-				} else {
-					actionTaken = "Multi-thread Copied (new)"
-				}
-			} else {
-				var in0 io.ReadCloser
-				options := []fs.OpenOption{hashOption}
-				for _, option := range ci.DownloadHeaders {
-					options = append(options, option)
-				}
-				in0, err = NewReOpen(ctx, src, ci.LowLevelRetries, options...)
-				if err != nil {
-					err = fmt.Errorf("failed to open source object: %w", err)
-				} else {
-					if src.Size() == -1 {
-						// -1 indicates unknown size. Use Rcat to handle both remotes supporting and not supporting PutStream.
-						if doUpdate {
-							actionTaken = "Copied (Rcat, replaced existing)"
-						} else {
-							actionTaken = "Copied (Rcat, new)"
-						}
-						// Make any metadata to pass to rcat
-						var meta fs.Metadata
-						if ci.Metadata {
-							meta, err = fs.GetMetadata(ctx, src)
-							if err != nil {
-								fs.Errorf(src, "Failed to read metadata: %v", err)
-							}
-						}
-						// NB Rcat closes in0
-						dst, err = Rcat(ctx, f, remote, in0, src.ModTime(ctx), meta)
-						newDst = dst
-					} else {
-						in := tr.Account(ctx, in0).WithBuffer() // account and buffer the transfer
-						var wrappedSrc fs.ObjectInfo = src
-						// We try to pass the original object if possible
-						if src.Remote() != remote {
-							wrappedSrc = fs.NewOverrideRemote(src, remote)
-						}
-						options := []fs.OpenOption{hashOption}
-						for _, option := range ci.UploadHeaders {
-							options = append(options, option)
-						}
-						if ci.MetadataSet != nil {
-							options = append(options, fs.MetadataOption(ci.MetadataSet))
-						}
-						if doUpdate {
-							actionTaken = "Copied (replaced existing)"
-							err = dst.Update(ctx, in, wrappedSrc, options...)
-						} else {
-							actionTaken = "Copied (new)"
-							dst, err = f.Put(ctx, in, wrappedSrc, options...)
-						}
-						closeErr := in.Close()
-						if err == nil {
-							newDst = dst
-							err = closeErr
-						}
-					}
-				}
-			}
-		}
-		tries++
-		if tries >= maxTries {
-			break
-		}
-		// Retry if err returned a retry error
-		if fserrors.ContextError(ctx, &err) {
-			break
-		}
-		var retry bool
-		if fserrors.IsRetryError(err) || fserrors.ShouldRetry(err) {
-			retry = true
-		} else if t, ok := pacer.IsRetryAfter(err); ok {
-			fs.Debugf(src, "Sleeping for %v (as indicated by the server) to obey Retry-After error: %v", t, err)
-			time.Sleep(t)
-			retry = true
-		}
-		if retry {
-			fs.Debugf(src, "Received error: %v - low level retry %d/%d", err, tries, maxTries)
-			tr.Reset(ctx) // skip incomplete accounting - will be overwritten by retry
-			continue
-		}
-		// otherwise finish
-		break
-	}
-	if err != nil {
-		err = fs.CountError(err)
-		fs.Errorf(src, "Failed to copy: %v", err)
-		return newDst, err
-	}
-
-	// Verify sizes are the same after transfer
-	if sizeDiffers(ctx, src, dst) {
-		err = fmt.Errorf("corrupted on transfer: sizes differ %d vs %d", src.Size(), dst.Size())
-		fs.Errorf(dst, "%v", err)
-		err = fs.CountError(err)
-		removeFailedCopy(ctx, dst)
-		return newDst, err
-	}
-
-	// Verify hashes are the same after transfer - ignoring blank hashes
-	if hashType != hash.None {
-		// checkHashes has logged and counted errors
-		equal, _, srcSum, dstSum, _ := checkHashes(ctx, src, dst, hashType)
-		if !equal {
-			err = fmt.Errorf("corrupted on transfer: %v hash differ %q vs %q", hashType, srcSum, dstSum)
-			fs.Errorf(dst, "%v", err)
-			err = fs.CountError(err)
-			removeFailedCopy(ctx, dst)
-			return newDst, err
-		}
-	}
-	if newDst != nil && src.String() != newDst.String() {
-		fs.Infof(src, "%s to: %s", actionTaken, newDst.String())
-	} else {
-		fs.Infof(src, actionTaken)
-	}
-	return newDst, err
-}
-
 // SameObject returns true if src and dst could be pointing to the
 // same object.
 func SameObject(src, dst fs.Object) bool {
@@ -568,7 +358,7 @@ func Move(ctx context.Context, fdst fs.Fs, dst fs.Object, remote string, src fs.
 		}
 		// Move dst <- src
 		in := tr.Account(ctx, nil) // account the transfer
-		in.ServerSideCopyStart()
+		in.ServerSideTransferStart()
 		newDst, err = doMove(ctx, src, remote)
 		switch err {
 		case nil:
@@ -577,7 +367,7 @@ func Move(ctx context.Context, fdst fs.Fs, dst fs.Object, remote string, src fs.
 			} else {
 				fs.Infof(src, "Moved (server-side)")
 			}
-			in.ServerSideCopyEnd(newDst.Size()) // account the bytes for the server-side transfer
+			in.ServerSideMoveEnd(newDst.Size()) // account the bytes for the server-side transfer
 			_ = in.Close()
 			return newDst, nil
 		case fs.ErrorCantMove:
@@ -619,9 +409,24 @@ func SuffixName(ctx context.Context, remote string) string {
 		return remote
 	}
 	if ci.SuffixKeepExtension {
-		ext := path.Ext(remote)
-		base := remote[:len(remote)-len(ext)]
-		return base + ci.Suffix + ext
+		var (
+			base  = remote
+			exts  = ""
+			first = true
+			ext   = path.Ext(remote)
+		)
+		for ext != "" {
+			// Look second and subsequent extensions in mime types.
+			// If they aren't found then don't keep it as an extension.
+			if !first && mime.TypeByExtension(ext) == "" {
+				break
+			}
+			base = base[:len(base)-len(ext)]
+			exts = ext + exts
+			first = false
+			ext = path.Ext(base)
+		}
+		return base + ci.Suffix + exts
 	}
 	return remote + ci.Suffix
 }
@@ -678,8 +483,8 @@ func DeleteFilesWithBackupDir(ctx context.Context, toBeDeleted fs.ObjectsChan, b
 	var wg sync.WaitGroup
 	ci := fs.GetConfig(ctx)
 	wg.Add(ci.Checkers)
-	var errorCount int32
-	var fatalErrorCount int32
+	var errorCount atomic.Int32
+	var fatalErrorCount atomic.Int32
 
 	for i := 0; i < ci.Checkers; i++ {
 		go func() {
@@ -687,10 +492,10 @@ func DeleteFilesWithBackupDir(ctx context.Context, toBeDeleted fs.ObjectsChan, b
 			for dst := range toBeDeleted {
 				err := DeleteFileWithBackupDir(ctx, dst, backupDir)
 				if err != nil {
-					atomic.AddInt32(&errorCount, 1)
+					errorCount.Add(1)
 					if fserrors.IsFatalError(err) {
-						fs.Errorf(nil, "Got fatal error on delete: %s", err)
-						atomic.AddInt32(&fatalErrorCount, 1)
+						fs.Errorf(dst, "Got fatal error on delete: %s", err)
+						fatalErrorCount.Add(1)
 						return
 					}
 				}
@@ -699,9 +504,9 @@ func DeleteFilesWithBackupDir(ctx context.Context, toBeDeleted fs.ObjectsChan, b
 	}
 	fs.Debugf(nil, "Waiting for deletions to finish")
 	wg.Wait()
-	if errorCount > 0 {
-		err := fmt.Errorf("failed to delete %d files", errorCount)
-		if fatalErrorCount > 0 {
+	if errorCount.Load() > 0 {
+		err := fmt.Errorf("failed to delete %d files", errorCount.Load())
+		if fatalErrorCount.Load() > 0 {
 			return fserrors.FatalError(err)
 		}
 		return err
@@ -740,17 +545,19 @@ func Same(fdst, fsrc fs.Info) bool {
 	return SameConfig(fdst, fsrc) && strings.Trim(fdst.Root(), "/") == strings.Trim(fsrc.Root(), "/")
 }
 
-// fixRoot returns the Root with a trailing / if not empty. It is
-// aware of case insensitive filesystems.
-func fixRoot(f fs.Info) string {
-	s := strings.Trim(filepath.ToSlash(f.Root()), "/")
+// fixRoot returns the Root with a trailing / if not empty.
+//
+// It returns a case folded version for case insensitive file systems
+func fixRoot(f fs.Info) (s string, folded string) {
+	s = strings.Trim(filepath.ToSlash(f.Root()), "/")
 	if s != "" {
 		s += "/"
 	}
+	folded = s
 	if f.Features().CaseInsensitive {
-		s = strings.ToLower(s)
+		folded = strings.ToLower(s)
 	}
-	return s
+	return s, folded
 }
 
 // OverlappingFilterCheck returns true if fdst and fsrc point to the same
@@ -759,37 +566,28 @@ func OverlappingFilterCheck(ctx context.Context, fdst fs.Fs, fsrc fs.Fs) bool {
 	if !SameConfig(fdst, fsrc) {
 		return false
 	}
-	fdstRoot := fixRoot(fdst)
-	fsrcRoot := fixRoot(fsrc)
-	if strings.HasPrefix(fdstRoot, fsrcRoot) {
+	fdstRoot, fdstRootFolded := fixRoot(fdst)
+	fsrcRoot, fsrcRootFolded := fixRoot(fsrc)
+	if fdstRootFolded == fsrcRootFolded {
+		return true
+	} else if strings.HasPrefix(fdstRootFolded, fsrcRootFolded) {
 		fdstRelative := fdstRoot[len(fsrcRoot):]
-		return filterCheckR(ctx, fdstRelative, 0, fsrc)
+		return filterCheck(ctx, fsrc, fdstRelative)
+	} else if strings.HasPrefix(fsrcRootFolded, fdstRootFolded) {
+		fsrcRelative := fsrcRoot[len(fdstRoot):]
+		return filterCheck(ctx, fdst, fsrcRelative)
 	}
-	return strings.HasPrefix(fsrcRoot, fdstRoot)
+	return false
 }
 
-// filterCheckR checks if fdst would be included in the sync
-func filterCheckR(ctx context.Context, fdstRelative string, pos int, fsrc fs.Fs) bool {
-	include := true
+// filterCheck checks if dir is included in f
+func filterCheck(ctx context.Context, f fs.Fs, dir string) bool {
 	fi := filter.GetConfig(ctx)
-	includeDirectory := fi.IncludeDirectory(ctx, fsrc)
-	dirs := strings.SplitAfterN(fdstRelative, "/", pos+2)
-	newPath := ""
-	for i := 0; i <= pos; i++ {
-		newPath += dirs[i]
-	}
-	if !strings.HasSuffix(newPath, "/") {
-		newPath += "/"
-	}
-	if strings.HasPrefix(fdstRelative, newPath) {
-		include, _ = includeDirectory(newPath)
-		if include {
-			if newPath == fdstRelative {
-				return true
-			}
-			pos++
-			include = filterCheckR(ctx, fdstRelative, pos, fsrc)
-		}
+	includeDirectory := fi.IncludeDirectory(ctx, f)
+	include, err := includeDirectory(dir)
+	if err != nil {
+		fs.Errorf(f, "Failed to discover whether directory is included: %v", err)
+		return true
 	}
 	return include
 }
@@ -800,9 +598,9 @@ func SameDir(fdst, fsrc fs.Info) bool {
 	if !SameConfig(fdst, fsrc) {
 		return false
 	}
-	fdstRoot := fixRoot(fdst)
-	fsrcRoot := fixRoot(fsrc)
-	return fdstRoot == fsrcRoot
+	_, fdstRootFolded := fixRoot(fdst)
+	_, fsrcRootFolded := fixRoot(fsrc)
+	return fdstRootFolded == fsrcRootFolded
 }
 
 // Retry runs fn up to maxTries times if it returns a retriable error
@@ -837,13 +635,18 @@ func ListFn(ctx context.Context, f fs.Fs, fn func(fs.Object)) error {
 	})
 }
 
-// mutex for synchronized output
-var outMutex sync.Mutex
+// StdoutMutex mutex for synchronized output on stdout
+var StdoutMutex sync.Mutex
 
-// SyncPrintf is a global var holding the Printf function used in syncFprintf so that it can be overridden
-// Note, despite name, does not provide sync and should not be called directly
-// Call syncFprintf, which provides sync
+// SyncPrintf is a global var holding the Printf function so that it
+// can be overridden.
+//
+// This writes to stdout holding the StdoutMutex. If you are going to
+// override it and write to os.Stdout then you should hold the
+// StdoutMutex too.
 var SyncPrintf = func(format string, a ...interface{}) {
+	StdoutMutex.Lock()
+	defer StdoutMutex.Unlock()
 	fmt.Printf(format, a...)
 }
 
@@ -851,14 +654,13 @@ var SyncPrintf = func(format string, a ...interface{}) {
 //
 // Ignores errors from Fprintf.
 //
-// Updated to print to terminal if no writer is defined
-// This special behavior is used to allow easier replacement of the print to terminal code by progress
+// Prints to stdout if w is nil
 func syncFprintf(w io.Writer, format string, a ...interface{}) {
-	outMutex.Lock()
-	defer outMutex.Unlock()
 	if w == nil || w == os.Stdout {
 		SyncPrintf(format, a...)
 	} else {
+		StdoutMutex.Lock()
+		defer StdoutMutex.Unlock()
 		_, _ = fmt.Fprintf(w, format, a...)
 	}
 }
@@ -969,7 +771,8 @@ func hashSum(ctx context.Context, ht hash.Type, base64Encoded bool, downloadFlag
 		for _, option := range fs.GetConfig(ctx).DownloadHeaders {
 			options = append(options, option)
 		}
-		in, err := NewReOpen(ctx, o, fs.GetConfig(ctx).LowLevelRetries, options...)
+		var in io.ReadCloser
+		in, err = Open(ctx, o, options...)
 		if err != nil {
 			return "ERROR", fmt.Errorf("failed to open file %v: %w", o, err)
 		}
@@ -1154,7 +957,7 @@ func Purge(ctx context.Context, f fs.Fs, dir string) (err error) {
 			return nil
 		}
 		err = doPurge(ctx, dir)
-		if err == fs.ErrorCantPurge {
+		if errors.Is(err, fs.ErrorCantPurge) {
 			doFallbackPurge = true
 		}
 	}
@@ -1245,7 +1048,7 @@ type readCloser struct {
 //
 // if count < 0 then it will be ignored
 // if count >= 0 then only that many characters will be output
-func Cat(ctx context.Context, f fs.Fs, w io.Writer, offset, count int64) error {
+func Cat(ctx context.Context, f fs.Fs, w io.Writer, offset, count int64, sep []byte) error {
 	var mu sync.Mutex
 	ci := fs.GetConfig(ctx)
 	return ListFn(ctx, f, func(o fs.Object) {
@@ -1269,7 +1072,8 @@ func Cat(ctx context.Context, f fs.Fs, w io.Writer, offset, count int64) error {
 		for _, option := range ci.DownloadHeaders {
 			options = append(options, option)
 		}
-		in, err := o.Open(ctx, options...)
+		var in io.ReadCloser
+		in, err = Open(ctx, o, options...)
 		if err != nil {
 			err = fs.CountError(err)
 			fs.Errorf(o, "Failed to open: %v", err)
@@ -1287,6 +1091,13 @@ func Cat(ctx context.Context, f fs.Fs, w io.Writer, offset, count int64) error {
 			err = fs.CountError(err)
 			fs.Errorf(o, "Failed to send to output: %v", err)
 		}
+		if len(sep) >= 0 {
+			_, err = w.Write(sep)
+			if err != nil {
+				err = fs.CountError(err)
+				fs.Errorf(o, "Failed to send separator to output: %v", err)
+			}
+		}
 	})
 }
 
@@ -1461,28 +1272,69 @@ func Rmdirs(ctx context.Context, f fs.Fs, dir string, leaveRoot bool) error {
 	if err != nil {
 		return fmt.Errorf("failed to rmdirs: %w", err)
 	}
-	// Now delete the empty directories, starting from the longest path
-	var toDelete []string
+
+	// Group directories to delete by level
+	var toDelete [][]string
 	for dir, empty := range dirEmpty {
 		if empty {
-			toDelete = append(toDelete, dir)
+			// If a filter matches the directory then that
+			// directory is a candidate for deletion
+			if fi.IncludeRemote(dir + "/") {
+				level := strings.Count(dir, "/") + 1
+				// The root directory "" is at the top level
+				if dir == "" {
+					level = 0
+				}
+				if len(toDelete) < level+1 {
+					toDelete = append(toDelete, make([][]string, level+1-len(toDelete))...)
+				}
+				toDelete[level] = append(toDelete[level], dir)
+			}
 		}
 	}
-	sort.Strings(toDelete)
-	for i := len(toDelete) - 1; i >= 0; i-- {
-		dir := toDelete[i]
-		// If a filter matches the directory then that
-		// directory is a candidate for deletion
-		if !fi.IncludeRemote(dir + "/") {
+
+	var (
+		errMu     sync.Mutex
+		errCount  int
+		lastError error
+	)
+	// Delete all directories at the same level in parallel
+	for level := len(toDelete) - 1; level >= 0; level-- {
+		dirs := toDelete[level]
+		if len(dirs) == 0 {
 			continue
 		}
-		err = TryRmdir(ctx, f, dir)
+		fs.Debugf(nil, "removing %d level %d directories", len(dirs), level)
+		sort.Strings(dirs)
+		g, gCtx := errgroup.WithContext(ctx)
+		g.SetLimit(ci.Checkers)
+		for _, dir := range dirs {
+			// End early if error
+			if gCtx.Err() != nil {
+				break
+			}
+			dir := dir
+			g.Go(func() error {
+				err := TryRmdir(gCtx, f, dir)
+				if err != nil {
+					err = fs.CountError(err)
+					fs.Errorf(dir, "Failed to rmdir: %v", err)
+					errMu.Lock()
+					lastError = err
+					errCount += 1
+					errMu.Unlock()
+				}
+				return nil // don't return errors, just count them
+			})
+		}
+		err := g.Wait()
 		if err != nil {
-			err = fs.CountError(err)
-			fs.Errorf(dir, "Failed to rmdir: %v", err)
 			return err
 		}
 	}
+	if lastError != nil {
+		return fmt.Errorf("failed to remove %d directories: last error: %w", errCount, lastError)
+	}
 	return nil
 }
 
@@ -1858,7 +1710,7 @@ func moveOrCopyFile(ctx context.Context, fdst fs.Fs, fsrc fs.Fs, dstFileName str
 	var dstObj fs.Object
 	if !ci.NoCheckDest {
 		dstObj, err = fdst.NewObject(ctx, dstFileName)
-		if err == fs.ErrorObjectNotFound {
+		if errors.Is(err, fs.ErrorObjectNotFound) {
 			dstObj = nil
 		} else if err != nil {
 			return err
@@ -1949,11 +1801,6 @@ func MoveFile(ctx context.Context, fdst fs.Fs, fsrc fs.Fs, dstFileName string, s
 	return moveOrCopyFile(ctx, fdst, fsrc, dstFileName, srcFileName, false)
 }
 
-// CopyFile moves a single file possibly to a new name
-func CopyFile(ctx context.Context, fdst fs.Fs, fsrc fs.Fs, dstFileName string, srcFileName string) (err error) {
-	return moveOrCopyFile(ctx, fdst, fsrc, dstFileName, srcFileName, true)
-}
-
 // SetTier changes tier of object in remote
 func SetTier(ctx context.Context, fsrc fs.Fs, tier string) error {
 	return ListFn(ctx, fsrc, func(o fs.Object) {
@@ -1969,6 +1816,20 @@ func SetTier(ctx context.Context, fsrc fs.Fs, tier string) error {
 	})
 }
 
+// SetTierFile changes tier of a single file in remote
+func SetTierFile(ctx context.Context, o fs.Object, tier string) error {
+	do, ok := o.(fs.SetTierer)
+	if !ok {
+		return errors.New("remote object does not implement SetTier")
+	}
+	err := do.SetTier(tier)
+	if err != nil {
+		fs.Errorf(o, "Failed to do SetTier, %v", err)
+		return err
+	}
+	return nil
+}
+
 // TouchDir touches every file in directory with time t
 func TouchDir(ctx context.Context, f fs.Fs, remote string, t time.Time, recursive bool) error {
 	return walk.ListR(ctx, f, remote, false, ConfigMaxDepth(ctx, recursive), walk.ListObjects, func(entries fs.DirEntries) error {
@@ -2283,7 +2144,7 @@ func GetFsInfo(f fs.Fs) *FsInfo {
 }
 
 var (
-	interactiveMu sync.Mutex
+	interactiveMu sync.Mutex // protects the following variables
 	skipped       = map[string]bool{}
 )
 
@@ -2291,14 +2152,22 @@ var (
 //
 // Call with interactiveMu held
 func skipDestructiveChoose(ctx context.Context, subject interface{}, action string) (skip bool) {
-	fmt.Printf("rclone: %s \"%v\"?\n", action, subject)
-	switch i := config.CommandDefault([]string{
+	// Lock the StdoutMutex - must not call fs.Log anything
+	// otherwise it will deadlock with --interactive --progress
+	StdoutMutex.Lock()
+
+	fmt.Printf("\nrclone: %s \"%v\"?\n", action, subject)
+	i := config.CommandDefault([]string{
 		"yYes, this is OK",
 		"nNo, skip this",
 		fmt.Sprintf("sSkip all %s operations with no more questions", action),
 		fmt.Sprintf("!Do all %s operations with no more questions", action),
 		"qExit rclone now.",
-	}, 0); i {
+	}, 0)
+
+	StdoutMutex.Unlock()
+
+	switch i {
 	case 'y':
 		skip = false
 	case 'n':
diff --git a/fs/operations/operations_test.go b/fs/operations/operations_test.go
index 18b7bfc36b0be..02f7b108c2386 100644
--- a/fs/operations/operations_test.go
+++ b/fs/operations/operations_test.go
@@ -22,7 +22,6 @@ package operations_test
 import (
 	"bytes"
 	"context"
-	"crypto/rand"
 	"errors"
 	"fmt"
 	"io"
@@ -38,7 +37,6 @@ import (
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/accounting"
 	"github.com/rclone/rclone/fs/filter"
-	"github.com/rclone/rclone/fs/fserrors"
 	"github.com/rclone/rclone/fs/fshttp"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/fs/operations"
@@ -371,9 +369,14 @@ func TestSuffixName(t *testing.T) {
 		{"test.txt", "-suffix", false, "test.txt-suffix"},
 		{"test.txt", "-suffix", true, "test-suffix.txt"},
 		{"test.txt.csv", "-suffix", false, "test.txt.csv-suffix"},
-		{"test.txt.csv", "-suffix", true, "test.txt-suffix.csv"},
+		{"test.txt.csv", "-suffix", true, "test-suffix.txt.csv"},
 		{"test", "-suffix", false, "test-suffix"},
 		{"test", "-suffix", true, "test-suffix"},
+		{"test.html", "-suffix", true, "test-suffix.html"},
+		{"test.html.txt", "-suffix", true, "test-suffix.html.txt"},
+		{"test.csv.html.txt", "-suffix", true, "test-suffix.csv.html.txt"},
+		{"test.badext.csv.html.txt", "-suffix", true, "test.badext-suffix.csv.html.txt"},
+		{"test.badext", "-suffix", true, "test-suffix.badext"},
 	} {
 		ci.Suffix = test.suffix
 		ci.SuffixKeepExtension = test.keepExt
@@ -524,23 +527,25 @@ func TestCat(t *testing.T) {
 	r.CheckRemoteItems(t, file1, file2)
 
 	for _, test := range []struct {
-		offset int64
-		count  int64
-		a      string
-		b      string
+		offset    int64
+		count     int64
+		separator string
+		a         string
+		b         string
 	}{
-		{0, -1, "ABCDEFGHIJ", "012345678"},
-		{0, 5, "ABCDE", "01234"},
-		{-3, -1, "HIJ", "678"},
-		{1, 3, "BCD", "123"},
+		{0, -1, "", "ABCDEFGHIJ", "012345678"},
+		{0, 5, "", "ABCDE", "01234"},
+		{-3, -1, "", "HIJ", "678"},
+		{1, 3, "", "BCD", "123"},
+		{0, -1, "\n", "ABCDEFGHIJ", "012345678"},
 	} {
 		var buf bytes.Buffer
-		err := operations.Cat(ctx, r.Fremote, &buf, test.offset, test.count)
+		err := operations.Cat(ctx, r.Fremote, &buf, test.offset, test.count, []byte(test.separator))
 		require.NoError(t, err)
 		res := buf.String()
 
-		if res != test.a+test.b && res != test.b+test.a {
-			t.Errorf("Incorrect output from Cat(%d,%d): %q", test.offset, test.count, res)
+		if res != test.a+test.separator+test.b+test.separator && res != test.b+test.separator+test.a+test.separator {
+			t.Errorf("Incorrect output from Cat(%d,%d,%s): %q", test.offset, test.count, test.separator, res)
 		}
 	}
 }
@@ -695,6 +700,22 @@ func TestRmdirsNoLeaveRoot(t *testing.T) {
 		fs.GetModifyWindow(ctx, r.Fremote),
 	)
 
+	// Delete the files so we can remove everything including the root
+	for _, file := range []fstest.Item{file1, file2} {
+		o, err := r.Fremote.NewObject(ctx, file.Path)
+		require.NoError(t, err)
+		require.NoError(t, o.Remove(ctx))
+	}
+
+	require.NoError(t, operations.Rmdirs(ctx, r.Fremote, "", false))
+
+	fstest.CheckListingWithPrecision(
+		t,
+		r.Fremote,
+		[]fstest.Item{},
+		[]string{},
+		fs.GetModifyWindow(ctx, r.Fremote),
+	)
 }
 
 func TestRmdirsLeaveRoot(t *testing.T) {
@@ -789,7 +810,7 @@ func TestCopyURL(t *testing.T) {
 	headerFilename := "headerfilename.txt"
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if status != 0 {
-			http.Error(w, "an error ocurred", status)
+			http.Error(w, "an error occurred", status)
 		}
 		if nameHeader {
 			w.Header().Set("Content-Disposition", `attachment; filename="folder\`+headerFilename+`"`)
@@ -863,7 +884,7 @@ func TestCopyURLToWriter(t *testing.T) {
 	status := 0
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if status != 0 {
-			http.Error(w, "an error ocurred", status)
+			http.Error(w, "an error occurred", status)
 			return
 		}
 		_, err := w.Write([]byte(contents))
@@ -999,228 +1020,6 @@ func TestMoveFileBackupDir(t *testing.T) {
 	r.CheckRemoteItems(t, file1old, file1)
 }
 
-func TestCopyFile(t *testing.T) {
-	ctx := context.Background()
-	r := fstest.NewRun(t)
-
-	file1 := r.WriteFile("file1", "file1 contents", t1)
-	r.CheckLocalItems(t, file1)
-
-	file2 := file1
-	file2.Path = "sub/file2"
-
-	err := operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
-	require.NoError(t, err)
-	r.CheckLocalItems(t, file1)
-	r.CheckRemoteItems(t, file2)
-
-	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file1.Path)
-	require.NoError(t, err)
-	r.CheckLocalItems(t, file1)
-	r.CheckRemoteItems(t, file2)
-
-	err = operations.CopyFile(ctx, r.Fremote, r.Fremote, file2.Path, file2.Path)
-	require.NoError(t, err)
-	r.CheckLocalItems(t, file1)
-	r.CheckRemoteItems(t, file2)
-}
-
-func TestCopyFileBackupDir(t *testing.T) {
-	ctx := context.Background()
-	ctx, ci := fs.AddConfig(ctx)
-	r := fstest.NewRun(t)
-	if !operations.CanServerSideMove(r.Fremote) {
-		t.Skip("Skipping test as remote does not support server-side move or copy")
-	}
-
-	ci.BackupDir = r.FremoteName + "/backup"
-
-	file1 := r.WriteFile("dst/file1", "file1 contents", t1)
-	r.CheckLocalItems(t, file1)
-
-	file1old := r.WriteObject(ctx, "dst/file1", "file1 contents old", t1)
-	r.CheckRemoteItems(t, file1old)
-
-	err := operations.CopyFile(ctx, r.Fremote, r.Flocal, file1.Path, file1.Path)
-	require.NoError(t, err)
-	r.CheckLocalItems(t, file1)
-	file1old.Path = "backup/dst/file1"
-	r.CheckRemoteItems(t, file1old, file1)
-}
-
-// Test with CompareDest set
-func TestCopyFileCompareDest(t *testing.T) {
-	ctx := context.Background()
-	ctx, ci := fs.AddConfig(ctx)
-	r := fstest.NewRun(t)
-
-	ci.CompareDest = []string{r.FremoteName + "/CompareDest"}
-	fdst, err := fs.NewFs(ctx, r.FremoteName+"/dst")
-	require.NoError(t, err)
-
-	// check empty dest, empty compare
-	file1 := r.WriteFile("one", "one", t1)
-	r.CheckLocalItems(t, file1)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file1.Path, file1.Path)
-	require.NoError(t, err)
-
-	file1dst := file1
-	file1dst.Path = "dst/one"
-
-	r.CheckRemoteItems(t, file1dst)
-
-	// check old dest, empty compare
-	file1b := r.WriteFile("one", "onet2", t2)
-	r.CheckRemoteItems(t, file1dst)
-	r.CheckLocalItems(t, file1b)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file1b.Path, file1b.Path)
-	require.NoError(t, err)
-
-	file1bdst := file1b
-	file1bdst.Path = "dst/one"
-
-	r.CheckRemoteItems(t, file1bdst)
-
-	// check old dest, new compare
-	file3 := r.WriteObject(ctx, "dst/one", "one", t1)
-	file2 := r.WriteObject(ctx, "CompareDest/one", "onet2", t2)
-	file1c := r.WriteFile("one", "onet2", t2)
-	r.CheckRemoteItems(t, file2, file3)
-	r.CheckLocalItems(t, file1c)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file1c.Path, file1c.Path)
-	require.NoError(t, err)
-
-	r.CheckRemoteItems(t, file2, file3)
-
-	// check empty dest, new compare
-	file4 := r.WriteObject(ctx, "CompareDest/two", "two", t2)
-	file5 := r.WriteFile("two", "two", t2)
-	r.CheckRemoteItems(t, file2, file3, file4)
-	r.CheckLocalItems(t, file1c, file5)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
-	require.NoError(t, err)
-
-	r.CheckRemoteItems(t, file2, file3, file4)
-
-	// check new dest, new compare
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
-	require.NoError(t, err)
-
-	r.CheckRemoteItems(t, file2, file3, file4)
-
-	// check empty dest, old compare
-	file5b := r.WriteFile("two", "twot3", t3)
-	r.CheckRemoteItems(t, file2, file3, file4)
-	r.CheckLocalItems(t, file1c, file5b)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file5b.Path, file5b.Path)
-	require.NoError(t, err)
-
-	file5bdst := file5b
-	file5bdst.Path = "dst/two"
-
-	r.CheckRemoteItems(t, file2, file3, file4, file5bdst)
-}
-
-// Test with CopyDest set
-func TestCopyFileCopyDest(t *testing.T) {
-	ctx := context.Background()
-	ctx, ci := fs.AddConfig(ctx)
-	r := fstest.NewRun(t)
-
-	if r.Fremote.Features().Copy == nil {
-		t.Skip("Skipping test as remote does not support server-side copy")
-	}
-
-	ci.CopyDest = []string{r.FremoteName + "/CopyDest"}
-
-	fdst, err := fs.NewFs(ctx, r.FremoteName+"/dst")
-	require.NoError(t, err)
-
-	// check empty dest, empty copy
-	file1 := r.WriteFile("one", "one", t1)
-	r.CheckLocalItems(t, file1)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file1.Path, file1.Path)
-	require.NoError(t, err)
-
-	file1dst := file1
-	file1dst.Path = "dst/one"
-
-	r.CheckRemoteItems(t, file1dst)
-
-	// check old dest, empty copy
-	file1b := r.WriteFile("one", "onet2", t2)
-	r.CheckRemoteItems(t, file1dst)
-	r.CheckLocalItems(t, file1b)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file1b.Path, file1b.Path)
-	require.NoError(t, err)
-
-	file1bdst := file1b
-	file1bdst.Path = "dst/one"
-
-	r.CheckRemoteItems(t, file1bdst)
-
-	// check old dest, new copy, backup-dir
-
-	ci.BackupDir = r.FremoteName + "/BackupDir"
-
-	file3 := r.WriteObject(ctx, "dst/one", "one", t1)
-	file2 := r.WriteObject(ctx, "CopyDest/one", "onet2", t2)
-	file1c := r.WriteFile("one", "onet2", t2)
-	r.CheckRemoteItems(t, file2, file3)
-	r.CheckLocalItems(t, file1c)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file1c.Path, file1c.Path)
-	require.NoError(t, err)
-
-	file2dst := file2
-	file2dst.Path = "dst/one"
-	file3.Path = "BackupDir/one"
-
-	r.CheckRemoteItems(t, file2, file2dst, file3)
-	ci.BackupDir = ""
-
-	// check empty dest, new copy
-	file4 := r.WriteObject(ctx, "CopyDest/two", "two", t2)
-	file5 := r.WriteFile("two", "two", t2)
-	r.CheckRemoteItems(t, file2, file2dst, file3, file4)
-	r.CheckLocalItems(t, file1c, file5)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
-	require.NoError(t, err)
-
-	file4dst := file4
-	file4dst.Path = "dst/two"
-
-	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst)
-
-	// check new dest, new copy
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file5.Path, file5.Path)
-	require.NoError(t, err)
-
-	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst)
-
-	// check empty dest, old copy
-	file6 := r.WriteObject(ctx, "CopyDest/three", "three", t2)
-	file7 := r.WriteFile("three", "threet3", t3)
-	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst, file6)
-	r.CheckLocalItems(t, file1c, file5, file7)
-
-	err = operations.CopyFile(ctx, fdst, r.Flocal, file7.Path, file7.Path)
-	require.NoError(t, err)
-
-	file7dst := file7
-	file7dst.Path = "dst/three"
-
-	r.CheckRemoteItems(t, file2, file2dst, file3, file4, file4dst, file6, file7dst)
-}
-
 // testFsInfo is for unit testing fs.Info
 type testFsInfo struct {
 	name      string
@@ -1345,11 +1144,13 @@ func TestOverlappingFilterCheckWithFilter(t *testing.T) {
 	ctx := context.Background()
 	fi, err := filter.NewFilter(nil)
 	require.NoError(t, err)
-	require.NoError(t, fi.Add(false, "*/exclude/"))
-	fi.Opt.ExcludeFile = []string{".ignore"}
+	require.NoError(t, fi.Add(false, "/exclude/"))
+	require.NoError(t, fi.Add(false, "/Exclude2/"))
+	require.NoError(t, fi.Add(true, "*"))
 	ctx = filter.ReplaceConfig(ctx, fi)
 
 	src := &testFs{testFsInfo{name: "name", root: "root"}}
+	src.features.CaseInsensitive = true
 	slash := string(os.PathSeparator) // native path separator
 	for _, test := range []struct {
 		name     string
@@ -1357,25 +1158,32 @@ func TestOverlappingFilterCheckWithFilter(t *testing.T) {
 		expected bool
 	}{
 		{"name", "root", true},
+		{"name", "ROOT", true}, // case insensitive is set
 		{"name", "/root", true},
 		{"name", "root/", true},
 		{"name", "root" + slash, true},
 		{"name", "root/exclude", false},
+		{"name", "root/Exclude2", false},
+		{"name", "root/include", true},
 		{"name", "root/exclude/", false},
+		{"name", "root/Exclude2/", false},
+		{"name", "root/exclude/sub", false},
+		{"name", "root/Exclude2/sub", false},
 		{"name", "/root/exclude/", false},
 		{"name", "root" + slash + "exclude", false},
 		{"name", "root" + slash + "exclude" + slash, false},
-		{"name", "root/.ignore", false},
-		{"name", "root" + slash + ".ignore", false},
 		{"namey", "root/include", false},
 		{"namey", "root/include/", false},
 		{"namey", "root" + slash + "include", false},
 		{"namey", "root" + slash + "include" + slash, false},
 	} {
 		dst := &testFs{testFsInfo{name: test.name, root: test.root}}
+		dst.features.CaseInsensitive = true
 		what := fmt.Sprintf("(%q,%q) vs (%q,%q)", src.name, src.root, dst.name, dst.root)
 		actual := operations.OverlappingFilterCheck(ctx, dst, src)
 		assert.Equal(t, test.expected, actual, what)
+		actual = operations.OverlappingFilterCheck(ctx, src, dst)
+		assert.Equal(t, test.expected, actual, what)
 	}
 }
 
@@ -1694,7 +1502,7 @@ func TestRcatMetadata(t *testing.T) {
 		gotMeta, err := fs.GetMetadata(ctx, o)
 		require.NoError(t, err)
 		// Check the specific user data we set is set
-		// Likey there will be other values
+		// Likely there will be other values
 		assert.Equal(t, "value", gotMeta["key"])
 		assert.Equal(t, "potato", gotMeta["sausage"])
 
@@ -1781,79 +1589,12 @@ func TestRcatSizeMetadata(t *testing.T) {
 		gotMeta, err := fs.GetMetadata(ctx, o)
 		require.NoError(t, err)
 		// Check the specific user data we set is set
-		// Likey there will be other values
+		// Likely there will be other values
 		assert.Equal(t, "value", gotMeta["key"])
 		assert.Equal(t, "potato", gotMeta["sausage"])
 	}
 }
 
-func TestCopyFileMaxTransfer(t *testing.T) {
-	ctx := context.Background()
-	ctx, ci := fs.AddConfig(ctx)
-	r := fstest.NewRun(t)
-	defer accounting.Stats(ctx).ResetCounters()
-
-	const sizeCutoff = 2048
-
-	// Make random incompressible data
-	randomData := make([]byte, sizeCutoff)
-	_, err := rand.Read(randomData)
-	require.NoError(t, err)
-	randomString := string(randomData)
-
-	file1 := r.WriteFile("TestCopyFileMaxTransfer/file1", "file1 contents", t1)
-	file2 := r.WriteFile("TestCopyFileMaxTransfer/file2", "file2 contents"+randomString, t2)
-	file3 := r.WriteFile("TestCopyFileMaxTransfer/file3", "file3 contents"+randomString, t2)
-	file4 := r.WriteFile("TestCopyFileMaxTransfer/file4", "file4 contents"+randomString, t2)
-
-	// Cutoff mode: Hard
-	ci.MaxTransfer = sizeCutoff
-	ci.CutoffMode = fs.CutoffModeHard
-
-	// file1: Show a small file gets transferred OK
-	accounting.Stats(ctx).ResetCounters()
-	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file1.Path, file1.Path)
-	require.NoError(t, err)
-	r.CheckLocalItems(t, file1, file2, file3, file4)
-	r.CheckRemoteItems(t, file1)
-
-	// file2: show a large file does not get transferred
-	accounting.Stats(ctx).ResetCounters()
-	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file2.Path, file2.Path)
-	require.NotNil(t, err, "Did not get expected max transfer limit error")
-	assert.Contains(t, err.Error(), "max transfer limit reached")
-	assert.True(t, fserrors.IsFatalError(err), fmt.Sprintf("Not fatal error: %v: %#v:", err, err))
-	r.CheckLocalItems(t, file1, file2, file3, file4)
-	r.CheckRemoteItems(t, file1)
-
-	// Cutoff mode: Cautious
-	ci.CutoffMode = fs.CutoffModeCautious
-
-	// file3: show a large file does not get transferred
-	accounting.Stats(ctx).ResetCounters()
-	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file3.Path, file3.Path)
-	require.NotNil(t, err)
-	assert.Contains(t, err.Error(), "max transfer limit reached")
-	assert.True(t, fserrors.IsNoRetryError(err))
-	r.CheckLocalItems(t, file1, file2, file3, file4)
-	r.CheckRemoteItems(t, file1)
-
-	if isChunker(r.Fremote) {
-		t.Log("skipping remainder of test for chunker as it involves multiple transfers")
-		return
-	}
-
-	// Cutoff mode: Soft
-	ci.CutoffMode = fs.CutoffModeSoft
-
-	// file4: show a large file does get transferred this time
-	accounting.Stats(ctx).ResetCounters()
-	err = operations.CopyFile(ctx, r.Fremote, r.Flocal, file4.Path, file4.Path)
-	require.NoError(t, err)
-	r.CheckLocalItems(t, file1, file2, file3, file4)
-	r.CheckRemoteItems(t, file1, file4)
-}
-
 func TestTouchDir(t *testing.T) {
 	ctx := context.Background()
 	r := fstest.NewRun(t)
@@ -1867,6 +1608,7 @@ func TestTouchDir(t *testing.T) {
 	file3 := r.WriteBoth(ctx, "sub dir/potato3", "hello", t2)
 	r.CheckRemoteItems(t, file1, file2, file3)
 
+	accounting.GlobalStats().ResetCounters()
 	timeValue := time.Date(2010, 9, 8, 7, 6, 5, 4, time.UTC)
 	err := operations.TouchDir(ctx, r.Fremote, "", timeValue, true)
 	require.NoError(t, err)
diff --git a/fs/operations/rc.go b/fs/operations/rc.go
index a4e15ea096bbd..533c3601ef70f 100644
--- a/fs/operations/rc.go
+++ b/fs/operations/rc.go
@@ -2,6 +2,7 @@ package operations
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"mime"
@@ -12,7 +13,10 @@ import (
 	"time"
 
 	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config"
+	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/fs/rc"
+	"github.com/rclone/rclone/lib/diskusage"
 )
 
 func init() {
@@ -170,9 +174,9 @@ func init() {
 			Title: name + " a file from source remote to destination remote",
 			Help: `This takes the following parameters:
 
-- srcFs - a remote name string e.g. "drive:" for the source
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
 - srcRemote - a path within that remote e.g. "file.txt" for the source
-- dstFs - a remote name string e.g. "drive2:" for the destination
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
 - dstRemote - a path within that remote e.g. "file2.txt" for the destination
 `,
 		})
@@ -209,6 +213,8 @@ func init() {
 		{name: "copyurl", title: "Copy the URL to the object", help: "- url - string, URL to read from\n - autoFilename - boolean, set to true to retrieve destination file name from url\n"},
 		{name: "uploadfile", title: "Upload file using multiform/form-data", help: "- each part in body represents a file to be uploaded\n", needsRequest: true},
 		{name: "cleanup", title: "Remove trashed files in the remote or path", noRemote: true},
+		{name: "settier", title: "Changes storage tier or class on all files in the path", noRemote: true},
+		{name: "settierfile", title: "Changes storage tier or class on the single file pointed to"},
 	} {
 		op := op
 		remote := "- remote - a path within that remote e.g. \"dir\"\n"
@@ -316,6 +322,28 @@ func rcSingleCommand(ctx context.Context, in rc.Params, name string, noRemote bo
 		return nil, nil
 	case "cleanup":
 		return nil, CleanUp(ctx, f)
+	case "settier":
+		if !f.Features().SetTier {
+			return nil, fmt.Errorf("remote %s does not support settier", f.Name())
+		}
+		tier, err := in.GetString("tier")
+		if err != nil {
+			return nil, err
+		}
+		return nil, SetTier(ctx, f, tier)
+	case "settierfile":
+		if !f.Features().SetTier {
+			return nil, fmt.Errorf("remote %s does not support settier", f.Name())
+		}
+		tier, err := in.GetString("tier")
+		if err != nil {
+			return nil, err
+		}
+		o, err := f.NewObject(ctx, remote)
+		if err != nil {
+			return nil, err
+		}
+		return nil, SetTierFile(ctx, o, tier)
 	}
 	panic("unknown rcSingleCommand type")
 }
@@ -620,3 +648,231 @@ func rcBackend(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 	out["result"] = result
 	return out, nil
 }
+
+// This should really be in fs/rc/internal.go but can't go there due
+// to a circular dependency on config.
+func init() {
+	rc.Add(rc.Call{
+		Path:  "core/du",
+		Fn:    rcDu,
+		Title: "Returns disk usage of a locally attached disk.",
+		Help: `
+This returns the disk usage for the local directory passed in as dir.
+
+If the directory is not passed in, it defaults to the directory
+pointed to by --cache-dir.
+
+- dir - string (optional)
+
+Returns:
+
+` + "```" + `
+{
+	"dir": "/",
+	"info": {
+		"Available": 361769115648,
+		"Free": 361785892864,
+		"Total": 982141468672
+	}
+}
+` + "```" + `
+`,
+	})
+}
+
+// Terminates app
+func rcDu(ctx context.Context, in rc.Params) (out rc.Params, err error) {
+	dir, err := in.GetString("dir")
+	if rc.IsErrParamNotFound(err) {
+		dir = config.GetCacheDir()
+
+	} else if err != nil {
+		return nil, err
+	}
+	info, err := diskusage.New(dir)
+	if err != nil {
+		return nil, err
+	}
+	out = rc.Params{
+		"dir":  dir,
+		"info": info,
+	}
+	return out, nil
+}
+
+func init() {
+	rc.Add(rc.Call{
+		Path:         "operations/check",
+		AuthRequired: true,
+		Fn:           rcCheck,
+		Title:        "check the source and destination are the same",
+		Help: `Checks the files in the source and destination match.  It compares
+sizes and hashes and logs a report of files that don't
+match.  It doesn't alter the source or destination.
+
+This takes the following parameters:
+
+- srcFs - a remote name string e.g. "drive:" for the source, "/" for local filesystem
+- dstFs - a remote name string e.g. "drive2:" for the destination, "/" for local filesystem
+- download - check by downloading rather than with hash
+- checkFileHash - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- checkFileFs - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- checkFileRemote - treat checkFileFs:checkFileRemote as a SUM file with hashes of given type
+- oneWay -  check one way only, source files must exist on remote
+- combined - make a combined report of changes (default false)
+- missingOnSrc - report all files missing from the source (default true)
+- missingOnDst - report all files missing from the destination (default true)
+- match - report all matching files (default false)
+- differ - report all non-matching files (default true)
+- error - report all files with errors (hashing or reading) (default true)
+
+If you supply the download flag, it will download the data from
+both remotes and check them against each other on the fly.  This can
+be useful for remotes that don't support hashes or if you really want
+to check all the data.
+
+If you supply the size-only global flag, it will only compare the sizes not
+the hashes as well.  Use this for a quick check.
+
+If you supply the checkFileHash option with a valid hash name, the
+checkFileFs:checkFileRemote must point to a text file in the SUM
+format. This treats the checksum file as the source and dstFs as the
+destination. Note that srcFs is not used and should not be supplied in
+this case.
+
+Returns:
+
+- success - true if no error, false otherwise
+- status - textual summary of check, OK or text string
+- hashType - hash used in check, may be missing
+- combined - array of strings of combined report of changes
+- missingOnSrc - array of strings of all files missing from the source
+- missingOnDst - array of strings of all files missing from the destination
+- match - array of strings of all matching files
+- differ - array of strings of all non-matching files
+- error - array of strings of all files with errors (hashing or reading)
+
+`,
+	})
+}
+
+// Writer which writes into the slice provided
+type stringWriter struct {
+	out *[]string
+}
+
+// Write writes len(p) bytes from p to the underlying data stream. It returns
+// the number of bytes written from p (0 <= n <= len(p)) and any error
+// encountered that caused the write to stop early. Write must return a non-nil
+// error if it returns n < len(p). Write must not modify the slice data,
+// even temporarily.
+//
+// Implementations must not retain p.
+func (s stringWriter) Write(p []byte) (n int, err error) {
+	result := string(p)
+	result = strings.TrimSuffix(result, "\n")
+	*s.out = append(*s.out, result)
+	return len(p), nil
+}
+
+// Check two directories
+func rcCheck(ctx context.Context, in rc.Params) (out rc.Params, err error) {
+	srcFs, err := rc.GetFsNamed(ctx, in, "srcFs")
+	if err != nil && !rc.IsErrParamNotFound(err) {
+		return nil, err
+	}
+
+	dstFs, err := rc.GetFsNamed(ctx, in, "dstFs")
+	if err != nil {
+		return nil, err
+	}
+
+	checkFileFs, checkFileRemote, err := rc.GetFsAndRemoteNamed(ctx, in, "checkFileFs", "checkFileRemote")
+	if err != nil && !rc.IsErrParamNotFound(err) {
+		return nil, err
+	}
+
+	checkFileHash, err := in.GetString("checkFileHash")
+	if err != nil && !rc.IsErrParamNotFound(err) {
+		return nil, err
+	}
+
+	checkFileSet := 0
+	if checkFileHash != "" {
+		checkFileSet++
+	}
+	if checkFileFs != nil {
+		checkFileSet++
+	}
+	if checkFileRemote != "" {
+		checkFileSet++
+	}
+	if checkFileSet > 0 && checkFileSet < 3 {
+		return nil, fmt.Errorf("need all of checkFileFs, checkFileRemote, checkFileHash to be set together")
+	}
+
+	var checkFileHashType hash.Type
+	if checkFileHash != "" {
+		if err := checkFileHashType.Set(checkFileHash); err != nil {
+			return nil, err
+		}
+		if srcFs != nil {
+			return nil, rc.NewErrParamInvalid(errors.New("only supply dstFs when using checkFileHash"))
+		}
+	} else {
+		if srcFs == nil {
+			return nil, rc.NewErrParamInvalid(errors.New("need srcFs parameter when not using checkFileHash"))
+		}
+	}
+
+	oneway, _ := in.GetBool("oneway")
+	download, _ := in.GetBool("download")
+
+	opt := &CheckOpt{
+		Fsrc:   srcFs,
+		Fdst:   dstFs,
+		OneWay: oneway,
+	}
+
+	out = rc.Params{}
+
+	getOutput := func(name string, Default bool) io.Writer {
+		active, err := in.GetBool(name)
+		if err != nil {
+			active = Default
+		}
+		if !active {
+			return nil
+		}
+		result := []string{}
+		out[name] = &result
+		return stringWriter{&result}
+	}
+
+	opt.Combined = getOutput("combined", false)
+	opt.MissingOnSrc = getOutput("missingOnSrc", true)
+	opt.MissingOnDst = getOutput("missingOnDst", true)
+	opt.Match = getOutput("match", false)
+	opt.Differ = getOutput("differ", true)
+	opt.Error = getOutput("error", true)
+
+	if checkFileHash != "" {
+		out["hashType"] = checkFileHashType.String()
+		err = CheckSum(context.Background(), dstFs, checkFileFs, checkFileRemote, checkFileHashType, opt, download)
+	} else {
+		if download {
+			err = CheckDownload(context.Background(), opt)
+		} else {
+			out["hashType"] = srcFs.Hashes().Overlap(dstFs.Hashes()).GetOne().String()
+			err = Check(context.Background(), opt)
+		}
+	}
+	if err != nil {
+		out["status"] = err.Error()
+		out["success"] = false
+	} else {
+		out["status"] = "OK"
+		out["success"] = true
+	}
+	return out, nil
+}
diff --git a/fs/operations/rc_test.go b/fs/operations/rc_test.go
index b73c63ff9fa01..5883b4f038be4 100644
--- a/fs/operations/rc_test.go
+++ b/fs/operations/rc_test.go
@@ -7,6 +7,8 @@ import (
 	"net/url"
 	"os"
 	"path"
+	"sort"
+	"strings"
 	"testing"
 	"time"
 
@@ -15,6 +17,7 @@ import (
 	"github.com/rclone/rclone/fs/operations"
 	"github.com/rclone/rclone/fs/rc"
 	"github.com/rclone/rclone/fstest"
+	"github.com/rclone/rclone/lib/diskusage"
 	"github.com/rclone/rclone/lib/rest"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -306,6 +309,61 @@ func TestRcStat(t *testing.T) {
 	})
 }
 
+// operations/settier: Set the storage tier of a fs
+func TestRcSetTier(t *testing.T) {
+	ctx := context.Background()
+	r, call := rcNewRun(t, "operations/settier")
+	if !r.Fremote.Features().SetTier {
+		t.Skip("settier not supported")
+	}
+	file1 := r.WriteObject(context.Background(), "file1", "file1 contents", t1)
+	r.CheckRemoteItems(t, file1)
+
+	// Because we don't know what the current tier options here are, let's
+	// just get the current tier, and reuse that
+	o, err := r.Fremote.NewObject(ctx, file1.Path)
+	require.NoError(t, err)
+	trr, ok := o.(fs.GetTierer)
+	require.True(t, ok)
+	ctier := trr.GetTier()
+	in := rc.Params{
+		"fs":   r.FremoteName,
+		"tier": ctier,
+	}
+	out, err := call.Fn(context.Background(), in)
+	require.NoError(t, err)
+	assert.Equal(t, rc.Params(nil), out)
+
+}
+
+// operations/settier: Set the storage tier of a file
+func TestRcSetTierFile(t *testing.T) {
+	ctx := context.Background()
+	r, call := rcNewRun(t, "operations/settierfile")
+	if !r.Fremote.Features().SetTier {
+		t.Skip("settier not supported")
+	}
+	file1 := r.WriteObject(context.Background(), "file1", "file1 contents", t1)
+	r.CheckRemoteItems(t, file1)
+
+	// Because we don't know what the current tier options here are, let's
+	// just get the current tier, and reuse that
+	o, err := r.Fremote.NewObject(ctx, file1.Path)
+	require.NoError(t, err)
+	trr, ok := o.(fs.GetTierer)
+	require.True(t, ok)
+	ctier := trr.GetTier()
+	in := rc.Params{
+		"fs":     r.FremoteName,
+		"remote": "file1",
+		"tier":   ctier,
+	}
+	out, err := call.Fn(context.Background(), in)
+	require.NoError(t, err)
+	assert.Equal(t, rc.Params(nil), out)
+
+}
+
 // operations/mkdir: Make a destination directory or container
 func TestRcMkdir(t *testing.T) {
 	ctx := context.Background()
@@ -488,7 +546,7 @@ func TestUploadFile(t *testing.T) {
 	r, call := rcNewRun(t, "operations/uploadfile")
 	ctx := context.Background()
 
-	testFileName := "test.txt"
+	testFileName := "uploadfile-test.txt"
 	testFileContent := "Hello World"
 	r.WriteFile(testFileName, testFileContent, t1)
 	testItem1 := fstest.NewItem(testFileName, testFileContent, t1)
@@ -497,6 +555,10 @@ func TestUploadFile(t *testing.T) {
 	currentFile, err := os.Open(path.Join(r.LocalName, testFileName))
 	require.NoError(t, err)
 
+	defer func() {
+		assert.NoError(t, currentFile.Close())
+	}()
+
 	formReader, contentType, _, err := rest.MultipartUpload(ctx, currentFile, url.Values{}, "file", testFileName)
 	require.NoError(t, err)
 
@@ -516,10 +578,14 @@ func TestUploadFile(t *testing.T) {
 
 	assert.NoError(t, r.Fremote.Mkdir(context.Background(), "subdir"))
 
-	currentFile, err = os.Open(path.Join(r.LocalName, testFileName))
+	currentFile2, err := os.Open(path.Join(r.LocalName, testFileName))
 	require.NoError(t, err)
 
-	formReader, contentType, _, err = rest.MultipartUpload(ctx, currentFile, url.Values{}, "file", testFileName)
+	defer func() {
+		assert.NoError(t, currentFile2.Close())
+	}()
+
+	formReader, contentType, _, err = rest.MultipartUpload(ctx, currentFile2, url.Values{}, "file", testFileName)
 	require.NoError(t, err)
 
 	httpReq = httptest.NewRequest("POST", "/", formReader)
@@ -577,3 +643,139 @@ func TestRcCommand(t *testing.T) {
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), errTxt)
 }
+
+// operations/command: Runs a backend command
+func TestRcDu(t *testing.T) {
+	ctx := context.Background()
+	_, call := rcNewRun(t, "core/du")
+	in := rc.Params{}
+	out, err := call.Fn(ctx, in)
+	if err == diskusage.ErrUnsupported {
+		t.Skip(err)
+	}
+	assert.NotEqual(t, "", out["dir"])
+	info := out["info"].(diskusage.Info)
+	assert.True(t, info.Total != 0)
+	assert.True(t, info.Total > info.Free)
+	assert.True(t, info.Total > info.Available)
+	assert.True(t, info.Free >= info.Available)
+}
+
+// operations/check: check the source and destination are the same
+func TestRcCheck(t *testing.T) {
+	ctx := context.Background()
+	r, call := rcNewRun(t, "operations/check")
+	r.Mkdir(ctx, r.Fremote)
+
+	MD5SUMS := `
+0ef726ce9b1a7692357ff70dd321d595  file1
+deadbeefcafe00000000000000000000  subdir/file2
+0386a8b8fcf672c326845c00ba41b9e2  subdir/subsubdir/file4
+`
+
+	file1 := r.WriteBoth(ctx, "file1", "file1 contents", t1)
+	file2 := r.WriteFile("subdir/file2", MD5SUMS, t2)
+	file3 := r.WriteObject(ctx, "subdir/subsubdir/file3", "file3 contents", t3)
+	file4a := r.WriteFile("subdir/subsubdir/file4", "file4 contents", t3)
+	file4b := r.WriteObject(ctx, "subdir/subsubdir/file4", "file4 different contents", t3)
+	// operations.HashLister(ctx, hash.MD5, false, false, r.Fremote, os.Stdout)
+
+	r.CheckLocalItems(t, file1, file2, file4a)
+	r.CheckRemoteItems(t, file1, file3, file4b)
+
+	pstring := func(items ...fstest.Item) *[]string {
+		xs := make([]string, len(items))
+		for i, item := range items {
+			xs[i] = item.Path
+		}
+		return &xs
+	}
+
+	for _, testName := range []string{"Normal", "Download"} {
+		t.Run(testName, func(t *testing.T) {
+			in := rc.Params{
+				"srcFs":        r.LocalName,
+				"dstFs":        r.FremoteName,
+				"combined":     true,
+				"missingOnSrc": true,
+				"missingOnDst": true,
+				"match":        true,
+				"differ":       true,
+				"error":        true,
+			}
+			if testName == "Download" {
+				in["download"] = true
+			}
+			out, err := call.Fn(ctx, in)
+			require.NoError(t, err)
+
+			combined := []string{
+				"= " + file1.Path,
+				"+ " + file2.Path,
+				"- " + file3.Path,
+				"* " + file4a.Path,
+			}
+			sort.Strings(combined)
+			sort.Strings(*out["combined"].(*[]string))
+			want := rc.Params{
+				"missingOnSrc": pstring(file3),
+				"missingOnDst": pstring(file2),
+				"differ":       pstring(file4a),
+				"error":        pstring(),
+				"match":        pstring(file1),
+				"combined":     &combined,
+				"status":       "3 differences found",
+				"success":      false,
+			}
+			if testName == "Normal" {
+				want["hashType"] = "md5"
+			}
+
+			assert.Equal(t, want, out)
+		})
+	}
+
+	t.Run("CheckFile", func(t *testing.T) {
+		// The checksum file is treated as the source and srcFs is not used
+		in := rc.Params{
+			"dstFs":           r.FremoteName,
+			"combined":        true,
+			"missingOnSrc":    true,
+			"missingOnDst":    true,
+			"match":           true,
+			"differ":          true,
+			"error":           true,
+			"checkFileFs":     r.LocalName,
+			"checkFileRemote": file2.Path,
+			"checkFileHash":   "md5",
+		}
+		out, err := call.Fn(ctx, in)
+		require.NoError(t, err)
+
+		combined := []string{
+			"= " + file1.Path,
+			"+ " + file2.Path,
+			"- " + file3.Path,
+			"* " + file4a.Path,
+		}
+		sort.Strings(combined)
+		sort.Strings(*out["combined"].(*[]string))
+		if strings.HasPrefix(out["status"].(string), "file not in") {
+			out["status"] = "file not in"
+		}
+		want := rc.Params{
+			"missingOnSrc": pstring(file3),
+			"missingOnDst": pstring(file2),
+			"differ":       pstring(file4a),
+			"error":        pstring(),
+			"match":        pstring(file1),
+			"combined":     &combined,
+			"hashType":     "md5",
+			"status":       "file not in",
+			"success":      false,
+		}
+
+		assert.Equal(t, want, out)
+	})
+
+}
diff --git a/fs/operations/reopen.go b/fs/operations/reopen.go
index 9bfb1508f61f3..b2531ced033dc 100644
--- a/fs/operations/reopen.go
+++ b/fs/operations/reopen.go
@@ -10,40 +10,95 @@ import (
 	"github.com/rclone/rclone/fs/fserrors"
 )
 
+// AccountFn is a function which will be called after every read
+// from the ReOpen.
+//
+// It may return an error which will be passed back to the user.
+type AccountFn func(n int) error
+
 // ReOpen is a wrapper for an object reader which reopens the stream on error
 type ReOpen struct {
-	ctx      context.Context
-	mu       sync.Mutex      // mutex to protect the below
-	src      fs.Object       // object to open
-	options  []fs.OpenOption // option to pass to initial open
-	rc       io.ReadCloser   // underlying stream
-	read     int64           // number of bytes read from this stream
-	maxTries int             // maximum number of retries
-	tries    int             // number of retries we've had so far in this stream
-	err      error           // if this is set then Read/Close calls will return it
-	opened   bool            // if set then rc is valid and needs closing
+	ctx         context.Context
+	mu          sync.Mutex      // mutex to protect the below
+	src         fs.Object       // object to open
+	baseOptions []fs.OpenOption // options to pass to initial open and where offset == 0
+	options     []fs.OpenOption // option to pass on subsequent opens where offset != 0
+	rangeOption fs.RangeOption  // adjust this range option on re-opens
+	rc          io.ReadCloser   // underlying stream
+	size        int64           // total size of object - can be -ve
+	start       int64           // absolute position to start reading from
+	end         int64           // absolute position to end reading (exclusive)
+	offset      int64           // offset in the file we are at, offset from start
+	newOffset   int64           // if different to offset, reopen needed
+	maxTries    int             // maximum number of retries
+	tries       int             // number of retries we've had so far in this stream
+	err         error           // if this is set then Read/Close calls will return it
+	opened      bool            // if set then rc is valid and needs closing
+	account     AccountFn       // account for a read
+	reads       int             // count how many times the data has been read
+	accountOn   int             // only account on or after this read
 }
 
 var (
-	errorFileClosed   = errors.New("file already closed")
-	errorTooManyTries = errors.New("failed to reopen: too many retries")
+	errFileClosed    = errors.New("file already closed")
+	errTooManyTries  = errors.New("failed to reopen: too many retries")
+	errInvalidWhence = errors.New("reopen Seek: invalid whence")
+	errNegativeSeek  = errors.New("reopen Seek: negative position")
+	errSeekPastEnd   = errors.New("reopen Seek: attempt to seek past end of data")
+	errBadEndSeek    = errors.New("reopen Seek: can't seek from end with unknown sized object")
 )
 
-// NewReOpen makes a handle which will reopen itself and seek to where it was on errors
+// NewReOpen makes a handle which will reopen itself and seek to where
+// it was on errors up to maxTries times.
 //
-// If hashOption is set this will be applied when reading from the start.
+// If an fs.HashesOption is set this will be applied when reading from
+// the start.
 //
-// If rangeOption is set then this will applied when reading from the
-// start, and updated on retries.
-func NewReOpen(ctx context.Context, src fs.Object, maxTries int, options ...fs.OpenOption) (rc io.ReadCloser, err error) {
+// If an fs.RangeOption is set then this will applied when reading from
+// the start, and updated on retries.
+func NewReOpen(ctx context.Context, src fs.Object, maxTries int, options ...fs.OpenOption) (rc *ReOpen, err error) {
 	h := &ReOpen{
-		ctx:      ctx,
-		src:      src,
-		maxTries: maxTries,
-		options:  options,
+		ctx:         ctx,
+		src:         src,
+		maxTries:    maxTries,
+		baseOptions: options,
+		size:        src.Size(),
+		start:       0,
+		offset:      0,
+		newOffset:   -1, // -1 means no seek required
 	}
 	h.mu.Lock()
 	defer h.mu.Unlock()
+
+	// Filter the options for subsequent opens
+	h.options = make([]fs.OpenOption, 0, len(options)+1)
+	var limit int64 = -1
+	for _, option := range options {
+		switch x := option.(type) {
+		case *fs.HashesOption:
+			// leave hash option out when ranging
+		case *fs.RangeOption:
+			h.start, limit = x.Decode(h.end)
+		case *fs.SeekOption:
+			h.start, limit = x.Offset, -1
+		default:
+			h.options = append(h.options, option)
+		}
+	}
+
+	// Put our RangeOption on the end
+	h.rangeOption.Start = h.start
+	h.options = append(h.options, &h.rangeOption)
+
+	// If a size range is set then set the end point of the file to that
+	if limit >= 0 && h.size >= 0 {
+		h.end = h.start + limit
+		h.rangeOption.End = h.end - 1 // remember range options are inclusive
+	} else {
+		h.end = h.size
+		h.rangeOption.End = -1
+	}
+
 	err = h.open()
 	if err != nil {
 		return nil, err
@@ -51,53 +106,47 @@ func NewReOpen(ctx context.Context, src fs.Object, maxTries int, options ...fs.O
 	return h, nil
 }
 
+// Open makes a handle which will reopen itself and seek to where it
+// was on errors.
+//
+// If an fs.HashesOption is set this will be applied when reading from
+// the start.
+//
+// If an fs.RangeOption is set then this will applied when reading from
+// the start, and updated on retries.
+//
+// It will obey LowLevelRetries in the ctx as the maximum number of
+// tries.
+//
+// Use this instead of calling the Open method on fs.Objects
+func Open(ctx context.Context, src fs.Object, options ...fs.OpenOption) (rc *ReOpen, err error) {
+	maxTries := fs.GetConfig(ctx).LowLevelRetries
+	return NewReOpen(ctx, src, maxTries, options...)
+}
+
 // open the underlying handle - call with lock held
 //
 // we don't retry here as the Open() call will itself have low level retries
 func (h *ReOpen) open() error {
-	opts := []fs.OpenOption{}
-	var hashOption *fs.HashesOption
-	var rangeOption *fs.RangeOption
-	for _, option := range h.options {
-		switch option := option.(type) {
-		case *fs.HashesOption:
-			hashOption = option
-		case *fs.RangeOption:
-			rangeOption = option
-		case *fs.HTTPOption:
-			opts = append(opts, option)
-		default:
-			if option.Mandatory() {
-				fs.Logf(h.src, "Unsupported mandatory option: %v", option)
-			}
-		}
-	}
-	if h.read == 0 {
-		if rangeOption != nil {
-			opts = append(opts, rangeOption)
-		}
-		if hashOption != nil {
-			// put hashOption on if reading from the start, ditch otherwise
-			opts = append(opts, hashOption)
-		}
+	var opts []fs.OpenOption
+	if h.offset == 0 {
+		// if reading from the start using the initial options
+		opts = h.baseOptions
 	} else {
-		if rangeOption != nil {
-			// range to the read point
-			opts = append(opts, &fs.RangeOption{Start: rangeOption.Start + h.read, End: rangeOption.End})
-		} else {
-			// seek to the read point
-			opts = append(opts, &fs.SeekOption{Offset: h.read})
-		}
+		// otherwise use the filtered options
+		opts = h.options
+		// Adjust range start to where we have got to
+		h.rangeOption.Start = h.start + h.offset
 	}
 	h.tries++
 	if h.tries > h.maxTries {
-		h.err = errorTooManyTries
+		h.err = errTooManyTries
 	} else {
 		h.rc, h.err = h.src.Open(h.ctx, opts...)
 	}
 	if h.err != nil {
 		if h.tries > 1 {
-			fs.Debugf(h.src, "Reopen failed after %d bytes read: %v", h.read, h.err)
+			fs.Debugf(h.src, "Reopen failed after offset %d bytes read: %v", h.offset, h.err)
 		}
 		return h.err
 	}
@@ -105,6 +154,31 @@ func (h *ReOpen) open() error {
 	return nil
 }
 
+// reopen the underlying handle by closing it and reopening it.
+func (h *ReOpen) reopen() (err error) {
+	// close underlying stream if needed
+	if h.opened {
+		h.opened = false
+		_ = h.rc.Close()
+	}
+	return h.open()
+}
+
+// account for n bytes being read
+func (h *ReOpen) accountRead(n int) error {
+	if h.account == nil {
+		return nil
+	}
+	// Don't start accounting until we've reached this many reads
+	//
+	// rw.reads will be 1 the first time this is called
+	// rw.accountOn 2 means start accounting on the 2nd read through
+	if h.reads >= h.accountOn {
+		return h.account(n)
+	}
+	return nil
+}
+
 // Read bytes retrying as necessary
 func (h *ReOpen) Read(p []byte) (n int, err error) {
 	h.mu.Lock()
@@ -113,32 +187,128 @@ func (h *ReOpen) Read(p []byte) (n int, err error) {
 		// return a previous error if there is one
 		return n, h.err
 	}
-	n, err = h.rc.Read(p)
-	if err != nil {
-		h.err = err
+
+	// re-open if seek needed
+	if h.newOffset >= 0 {
+		if h.offset != h.newOffset {
+			fs.Debugf(h.src, "Seek from %d to %d", h.offset, h.newOffset)
+			h.offset = h.newOffset
+			err = h.reopen()
+			if err != nil {
+				return 0, err
+			}
+		}
+		h.newOffset = -1
 	}
-	h.read += int64(n)
-	if err != nil && err != io.EOF && !fserrors.IsNoLowLevelRetryError(err) {
-		// close underlying stream
-		h.opened = false
-		_ = h.rc.Close()
-		// reopen stream, clearing error if successful
-		fs.Debugf(h.src, "Reopening on read failure after %d bytes: retry %d/%d: %v", h.read, h.tries, h.maxTries, err)
-		if h.open() == nil {
-			err = nil
+
+	// Read a full buffer
+	startOffset := h.offset
+	var nn int
+	for n < len(p) && err == nil {
+		nn, err = h.rc.Read(p[n:])
+		n += nn
+		h.offset += int64(nn)
+		if err != nil && err != io.EOF {
+			h.err = err
+			if !fserrors.IsNoLowLevelRetryError(err) {
+				fs.Debugf(h.src, "Reopening on read failure after offset %d bytes: retry %d/%d: %v", h.offset, h.tries, h.maxTries, err)
+				if h.reopen() == nil {
+					err = nil
+				}
+			}
 		}
 	}
+	// Count a read of the data if we read from the start successfully
+	if startOffset == 0 && n != 0 {
+		h.reads++
+	}
+	// Account the read
+	accErr := h.accountRead(n)
+	if err == nil {
+		err = accErr
+	}
 	return n, err
 }
 
+// Seek sets the offset for the next Read or Write to offset, interpreted
+// according to whence: SeekStart means relative to the start of the file,
+// SeekCurrent means relative to the current offset, and SeekEnd means relative
+// to the end (for example, offset = -2 specifies the penultimate byte of the
+// file). Seek returns the new offset relative to the start of the file or an
+// error, if any.
+//
+// Seeking to an offset before the start of the file is an error. Seeking
+// to any positive offset may be allowed, but if the new offset exceeds the
+// size of the underlying object the behavior of subsequent I/O operations is
+// implementation-dependent.
+func (h *ReOpen) Seek(offset int64, whence int) (int64, error) {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	if h.err != nil {
+		// return a previous error if there is one
+		return 0, h.err
+	}
+	var abs int64
+	var size = h.end - h.start
+	switch whence {
+	case io.SeekStart:
+		abs = offset
+	case io.SeekCurrent:
+		if h.newOffset >= 0 {
+			abs = h.newOffset + offset
+		} else {
+			abs = h.offset + offset
+		}
+	case io.SeekEnd:
+		if h.size < 0 {
+			return 0, errBadEndSeek
+		}
+		abs = size + offset
+	default:
+		return 0, errInvalidWhence
+	}
+	if abs < 0 {
+		return 0, errNegativeSeek
+	}
+	if h.size >= 0 && abs > size {
+		return size, errSeekPastEnd
+	}
+
+	h.tries = 0       // Reset open count on seek
+	h.newOffset = abs // New offset - applied in Read
+	return abs, nil
+}
+
 // Close the stream
 func (h *ReOpen) Close() error {
 	h.mu.Lock()
 	defer h.mu.Unlock()
 	if !h.opened {
-		return errorFileClosed
+		return errFileClosed
 	}
 	h.opened = false
-	h.err = errorFileClosed
+	h.err = errFileClosed
 	return h.rc.Close()
 }
+
+// SetAccounting should be provided with a function which will be
+// called after every read from the RW.
+//
+// It may return an error which will be passed back to the user.
+func (h *ReOpen) SetAccounting(account AccountFn) *ReOpen {
+	h.account = account
+	return h
+}
+
+// DelayAccounting makes sure the accounting function only gets called
+// on the i-th or later read of the data from this point (counting
+// from 1).
+//
+// This is useful so that we don't account initial reads of the data
+// e.g. when calculating hashes.
+//
+// Set this to 0 to account everything.
+func (h *ReOpen) DelayAccounting(i int) {
+	h.accountOn = i
+	h.reads = 0
+}
diff --git a/fs/operations/reopen_test.go b/fs/operations/reopen_test.go
index 2a7195b569dd1..6cb42a4393ca9 100644
--- a/fs/operations/reopen_test.go
+++ b/fs/operations/reopen_test.go
@@ -9,12 +9,17 @@ import (
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/fstest/mockobject"
+	"github.com/rclone/rclone/lib/pool"
 	"github.com/rclone/rclone/lib/readers"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
-// check interface
-var _ io.ReadCloser = (*ReOpen)(nil)
+// check interfaces
+var (
+	_ io.ReadSeekCloser      = (*ReOpen)(nil)
+	_ pool.DelayAccountinger = (*ReOpen)(nil)
+)
 
 var errorTestError = errors.New("test error")
 
@@ -24,13 +29,36 @@ var errorTestError = errors.New("test error")
 // error
 type reOpenTestObject struct {
 	fs.Object
-	breaks []int64
+	t           *testing.T
+	breaks      []int64
+	unknownSize bool
 }
 
 // Open opens the file for read.  Call Close() on the returned io.ReadCloser
 //
 // This will break after reading the number of bytes in breaks
 func (o *reOpenTestObject) Open(ctx context.Context, options ...fs.OpenOption) (io.ReadCloser, error) {
+	gotHash := false
+	gotRange := false
+	startPos := int64(0)
+	for _, option := range options {
+		switch x := option.(type) {
+		case *fs.HashesOption:
+			gotHash = true
+		case *fs.RangeOption:
+			gotRange = true
+			startPos = x.Start
+			if o.unknownSize {
+				assert.Equal(o.t, int64(-1), x.End)
+			}
+		case *fs.SeekOption:
+			startPos = x.Offset
+		}
+	}
+	// Check if ranging, mustn't have hash if offset != 0
+	if gotHash && gotRange {
+		assert.Equal(o.t, int64(0), startPos)
+	}
 	rc, err := o.Object.Open(ctx, options...)
 	if err != nil {
 		return nil, err
@@ -52,28 +80,53 @@ func (o *reOpenTestObject) Open(ctx context.Context, options ...fs.OpenOption) (
 }
 
 func TestReOpen(t *testing.T) {
-	for testIndex, testName := range []string{"Seek", "Range"} {
+	for _, testName := range []string{"Normal", "WithRangeOption", "WithSeekOption", "UnknownSize"} {
 		t.Run(testName, func(t *testing.T) {
 			// Contents for the mock object
 			var (
 				reOpenTestcontents = []byte("0123456789")
 				expectedRead       = reOpenTestcontents
 				rangeOption        *fs.RangeOption
+				seekOption         *fs.SeekOption
+				unknownSize        = false
 			)
-			if testIndex > 0 {
-				rangeOption = &fs.RangeOption{Start: 1, End: 7}
+			switch testName {
+			case "Normal":
+			case "WithRangeOption":
+				rangeOption = &fs.RangeOption{Start: 1, End: 7} // range is inclusive
 				expectedRead = reOpenTestcontents[1:8]
+			case "WithSeekOption":
+				seekOption = &fs.SeekOption{Offset: 2}
+				expectedRead = reOpenTestcontents[2:]
+			case "UnknownSize":
+				rangeOption = &fs.RangeOption{Start: 1, End: -1}
+				expectedRead = reOpenTestcontents[1:]
+				unknownSize = true
+			default:
+				panic("bad test name")
 			}
 
 			// Start the test with the given breaks
-			testReOpen := func(breaks []int64, maxRetries int) (io.ReadCloser, error) {
+			testReOpen := func(breaks []int64, maxRetries int) (*ReOpen, error) {
 				srcOrig := mockobject.New("potato").WithContent(reOpenTestcontents, mockobject.SeekModeNone)
+				srcOrig.SetUnknownSize(unknownSize)
 				src := &reOpenTestObject{
-					Object: srcOrig,
-					breaks: breaks,
+					Object:      srcOrig,
+					t:           t,
+					breaks:      breaks,
+					unknownSize: unknownSize,
 				}
-				hashOption := &fs.HashesOption{Hashes: hash.NewHashSet(hash.MD5)}
-				return NewReOpen(context.Background(), src, maxRetries, hashOption, rangeOption)
+				opts := []fs.OpenOption{}
+				if rangeOption == nil && seekOption == nil {
+					opts = append(opts, &fs.HashesOption{Hashes: hash.NewHashSet(hash.MD5)})
+				}
+				if rangeOption != nil {
+					opts = append(opts, rangeOption)
+				}
+				if seekOption != nil {
+					opts = append(opts, seekOption)
+				}
+				return NewReOpen(context.Background(), src, maxRetries, opts...)
 			}
 
 			t.Run("Basics", func(t *testing.T) {
@@ -92,16 +145,25 @@ func TestReOpen(t *testing.T) {
 				assert.Equal(t, 0, n)
 				assert.Equal(t, io.EOF, err)
 
+				// Rewind the stream
+				_, err = h.Seek(0, io.SeekStart)
+				require.NoError(t, err)
+
+				// Check contents read correctly
+				got, err = io.ReadAll(h)
+				assert.NoError(t, err)
+				assert.Equal(t, expectedRead, got)
+
 				// Check close
 				assert.NoError(t, h.Close())
 
 				// Check double close
-				assert.Equal(t, errorFileClosed, h.Close())
+				assert.Equal(t, errFileClosed, h.Close())
 
 				// Check read after close
 				n, err = h.Read(buf)
 				assert.Equal(t, 0, n)
-				assert.Equal(t, errorFileClosed, err)
+				assert.Equal(t, errFileClosed, err)
 			})
 
 			t.Run("ErrorAtStart", func(t *testing.T) {
@@ -139,10 +201,176 @@ func TestReOpen(t *testing.T) {
 				var buf = make([]byte, 1)
 				n, err := h.Read(buf)
 				assert.Equal(t, 0, n)
-				assert.Equal(t, errorTooManyTries, err)
+				assert.Equal(t, errTooManyTries, err)
 
 				// Check close
-				assert.Equal(t, errorFileClosed, h.Close())
+				assert.Equal(t, errFileClosed, h.Close())
+			})
+
+			t.Run("Seek", func(t *testing.T) {
+				// open
+				h, err := testReOpen([]int64{2, 1, 3}, 10)
+				assert.NoError(t, err)
+
+				// Seek to end
+				pos, err := h.Seek(int64(len(expectedRead)), io.SeekStart)
+				assert.NoError(t, err)
+				assert.Equal(t, int64(len(expectedRead)), pos)
+
+				// Seek to start
+				pos, err = h.Seek(0, io.SeekStart)
+				assert.NoError(t, err)
+				assert.Equal(t, int64(0), pos)
+
+				// Should not allow seek past end
+				pos, err = h.Seek(int64(len(expectedRead))+1, io.SeekCurrent)
+				if !unknownSize {
+					assert.Equal(t, errSeekPastEnd, err)
+					assert.Equal(t, len(expectedRead), int(pos))
+				} else {
+					assert.Equal(t, nil, err)
+					assert.Equal(t, len(expectedRead)+1, int(pos))
+
+					// Seek back to start to get tests in sync
+					pos, err = h.Seek(0, io.SeekStart)
+					assert.NoError(t, err)
+					assert.Equal(t, int64(0), pos)
+				}
+
+				// Should not allow seek to negative position start
+				pos, err = h.Seek(-1, io.SeekCurrent)
+				assert.Equal(t, errNegativeSeek, err)
+				assert.Equal(t, 0, int(pos))
+
+				// Should not allow seek with invalid whence
+				pos, err = h.Seek(0, 3)
+				assert.Equal(t, errInvalidWhence, err)
+				assert.Equal(t, 0, int(pos))
+
+				// check read
+				dst := make([]byte, 5)
+				n, err := h.Read(dst)
+				assert.Nil(t, err)
+				assert.Equal(t, 5, n)
+				assert.Equal(t, expectedRead[:5], dst)
+
+				// Test io.SeekCurrent
+				pos, err = h.Seek(-3, io.SeekCurrent)
+				assert.Nil(t, err)
+				assert.Equal(t, 2, int(pos))
+
+				// check read
+				n, err = h.Read(dst)
+				assert.Nil(t, err)
+				assert.Equal(t, 5, n)
+				assert.Equal(t, expectedRead[2:7], dst)
+
+				pos, err = h.Seek(-2, io.SeekCurrent)
+				assert.Nil(t, err)
+				assert.Equal(t, 5, int(pos))
+
+				// Test io.SeekEnd
+				pos, err = h.Seek(-3, io.SeekEnd)
+				if !unknownSize {
+					assert.Nil(t, err)
+					assert.Equal(t, len(expectedRead)-3, int(pos))
+				} else {
+					assert.Equal(t, errBadEndSeek, err)
+					assert.Equal(t, 0, int(pos))
+
+					// sync
+					pos, err = h.Seek(1, io.SeekCurrent)
+					assert.Nil(t, err)
+					assert.Equal(t, 6, int(pos))
+				}
+
+				// check read
+				dst = make([]byte, 3)
+				n, err = h.Read(dst)
+				assert.Nil(t, err)
+				assert.Equal(t, 3, n)
+				assert.Equal(t, expectedRead[len(expectedRead)-3:], dst)
+
+				// check close
+				assert.NoError(t, h.Close())
+				_, err = h.Seek(0, io.SeekCurrent)
+				assert.Equal(t, errFileClosed, err)
+			})
+
+			t.Run("AccountRead", func(t *testing.T) {
+				h, err := testReOpen(nil, 10)
+				assert.NoError(t, err)
+
+				var total int
+				h.SetAccounting(func(n int) error {
+					total += n
+					return nil
+				})
+
+				dst := make([]byte, 3)
+				n, err := h.Read(dst)
+				assert.Equal(t, 3, n)
+				assert.NoError(t, err)
+				assert.Equal(t, 3, total)
+			})
+
+			t.Run("AccountReadDelay", func(t *testing.T) {
+				h, err := testReOpen(nil, 10)
+				assert.NoError(t, err)
+
+				var total int
+				h.SetAccounting(func(n int) error {
+					total += n
+					return nil
+				})
+
+				rewind := func() {
+					_, err := h.Seek(0, io.SeekStart)
+					require.NoError(t, err)
+				}
+
+				h.DelayAccounting(3)
+
+				dst := make([]byte, 16)
+
+				n, err := h.Read(dst)
+				assert.Equal(t, len(expectedRead), n)
+				assert.Equal(t, io.EOF, err)
+				assert.Equal(t, 0, total)
+				rewind()
+
+				n, err = h.Read(dst)
+				assert.Equal(t, len(expectedRead), n)
+				assert.Equal(t, io.EOF, err)
+				assert.Equal(t, 0, total)
+				rewind()
+
+				n, err = h.Read(dst)
+				assert.Equal(t, len(expectedRead), n)
+				assert.Equal(t, io.EOF, err)
+				assert.Equal(t, len(expectedRead), total)
+				rewind()
+
+				n, err = h.Read(dst)
+				assert.Equal(t, len(expectedRead), n)
+				assert.Equal(t, io.EOF, err)
+				assert.Equal(t, 2*len(expectedRead), total)
+				rewind()
+			})
+
+			t.Run("AccountReadError", func(t *testing.T) {
+				// Test accounting errors
+				h, err := testReOpen(nil, 10)
+				assert.NoError(t, err)
+
+				h.SetAccounting(func(n int) error {
+					return errorTestError
+				})
+
+				dst := make([]byte, 3)
+				n, err := h.Read(dst)
+				assert.Equal(t, 3, n)
+				assert.Equal(t, errorTestError, err)
 			})
 		})
 	}
diff --git a/fs/override.go b/fs/override.go
index 014acb8ae4ed1..9ba8c4aeffba1 100644
--- a/fs/override.go
+++ b/fs/override.go
@@ -12,6 +12,13 @@ type OverrideRemote struct {
 // NewOverrideRemote returns an OverrideRemoteObject which will
 // return the remote specified
 func NewOverrideRemote(oi ObjectInfo, remote string) *OverrideRemote {
+	// re-wrap an OverrideRemote
+	if or, ok := oi.(*OverrideRemote); ok {
+		return &OverrideRemote{
+			ObjectInfo: or.ObjectInfo,
+			remote:     remote,
+		}
+	}
 	return &OverrideRemote{
 		ObjectInfo: oi,
 		remote:     remote,
@@ -23,6 +30,11 @@ func (o *OverrideRemote) Remote() string {
 	return o.remote
 }
 
+// String returns the overridden remote name
+func (o *OverrideRemote) String() string {
+	return o.remote
+}
+
 // MimeType returns the mime type of the underlying object or "" if it
 // can't be worked out
 func (o *OverrideRemote) MimeType(ctx context.Context) string {
diff --git a/fs/override_dir.go b/fs/override_dir.go
new file mode 100644
index 0000000000000..a206511559532
--- /dev/null
+++ b/fs/override_dir.go
@@ -0,0 +1,34 @@
+package fs
+
+// OverrideDirectory is a wrapper to override the Remote for an
+// Directory
+type OverrideDirectory struct {
+	Directory
+	remote string
+}
+
+// NewOverrideDirectory returns an OverrideDirectoryObject which will
+// return the remote specified
+func NewOverrideDirectory(oi Directory, remote string) *OverrideDirectory {
+	// re-wrap an OverrideDirectory
+	if or, ok := oi.(*OverrideDirectory); ok {
+		return &OverrideDirectory{
+			Directory: or.Directory,
+			remote:    remote,
+		}
+	}
+	return &OverrideDirectory{
+		Directory: oi,
+		remote:    remote,
+	}
+}
+
+// Remote returns the overridden remote name
+func (o *OverrideDirectory) Remote() string {
+	return o.remote
+}
+
+// String returns the overridden remote name
+func (o *OverrideDirectory) String() string {
+	return o.remote
+}
diff --git a/fs/override_dir_test.go b/fs/override_dir_test.go
new file mode 100644
index 0000000000000..0e23e1b551b37
--- /dev/null
+++ b/fs/override_dir_test.go
@@ -0,0 +1,4 @@
+package fs
+
+// Check interfaces satisfied
+var _ Directory = (*OverrideDirectory)(nil)
diff --git a/fs/pacer.go b/fs/pacer.go
index fbbfb7d63ffd4..00515623a8ee1 100644
--- a/fs/pacer.go
+++ b/fs/pacer.go
@@ -29,7 +29,7 @@ func NewPacer(ctx context.Context, c pacer.Calculator) *Pacer {
 	p := &Pacer{
 		Pacer: pacer.New(
 			pacer.InvokerOption(pacerInvoker),
-			pacer.MaxConnectionsOption(ci.Checkers+ci.Transfers),
+			// pacer.MaxConnectionsOption(ci.Checkers+ci.Transfers),
 			pacer.RetriesOption(retries),
 			pacer.CalculatorOption(c),
 		),
@@ -73,7 +73,7 @@ func (p *Pacer) SetCalculator(c pacer.Calculator) {
 // ModifyCalculator calls the given function with the currently configured
 // Calculator and the Pacer lock held.
 func (p *Pacer) ModifyCalculator(f func(pacer.Calculator)) {
-	p.ModifyCalculator(func(c pacer.Calculator) {
+	p.Pacer.ModifyCalculator(func(c pacer.Calculator) {
 		switch _c := c.(type) {
 		case *logCalculator:
 			f(_c.Calculator)
diff --git a/fs/parseduration_test.go b/fs/parseduration_test.go
index 8361fa3bd1e65..b95e7da8ddf75 100644
--- a/fs/parseduration_test.go
+++ b/fs/parseduration_test.go
@@ -11,8 +11,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*Duration)(nil)
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*Duration)(nil)
+	_ flaggerNP = Duration(0)
+)
 
 func TestParseDuration(t *testing.T) {
 	now := time.Date(2020, 9, 5, 8, 15, 5, 250, time.UTC)
diff --git a/fs/parsetime.go b/fs/parsetime.go
index 7e762451da719..504232b20d649 100644
--- a/fs/parsetime.go
+++ b/fs/parsetime.go
@@ -81,6 +81,11 @@ func (t *Time) UnmarshalJSON(in []byte) error {
 	return t.Set(s)
 }
 
+// MarshalJSON marshals as a time.Time value
+func (t Time) MarshalJSON() ([]byte, error) {
+	return json.Marshal(time.Time(t))
+}
+
 // Scan implements the fmt.Scanner interface
 func (t *Time) Scan(s fmt.ScanState, ch rune) error {
 	token, err := s.Token(true, func(rune) bool { return true })
diff --git a/fs/parsetime_test.go b/fs/parsetime_test.go
index 21d34c1eed945..611b0c79b2a1e 100644
--- a/fs/parsetime_test.go
+++ b/fs/parsetime_test.go
@@ -10,8 +10,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*Time)(nil)
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*Time)(nil)
+	_ flaggerNP = Time{}
+)
 
 func TestParseTime(t *testing.T) {
 	now := time.Date(2020, 9, 5, 8, 15, 5, 250, time.UTC)
@@ -153,3 +156,23 @@ func TestParseTimeUnmarshalJSON(t *testing.T) {
 		assert.Equal(t, Time(test.want), parsedTime, test.in)
 	}
 }
+
+func TestParseTimeMarshalJSON(t *testing.T) {
+	for _, test := range []struct {
+		in   time.Time
+		want string
+		err  bool
+	}{
+		{time.Time{}, `"0001-01-01T00:00:00Z"`, false},
+		{time.Date(2022, 03, 26, 17, 48, 19, 0, time.UTC), `"2022-03-26T17:48:19Z"`, false},
+	} {
+		gotBytes, err := json.Marshal(test.in)
+		got := string(gotBytes)
+		if test.err {
+			require.Error(t, err, test.in)
+		} else {
+			require.NoError(t, err, test.in)
+		}
+		assert.Equal(t, test.want, got, test.in)
+	}
+}
diff --git a/fs/rc/cache_test.go b/fs/rc/cache_test.go
index bbda7e0b63d2a..6d7c7730ee915 100644
--- a/fs/rc/cache_test.go
+++ b/fs/rc/cache_test.go
@@ -12,7 +12,8 @@ import (
 )
 
 func mockNewFs(t *testing.T) func() {
-	f := mockfs.NewFs(context.Background(), "mock", "mock")
+	f, err := mockfs.NewFs(context.Background(), "mock", "mock", nil)
+	require.NoError(t, err)
 	cache.Put("/", f)
 	cache.Put("mock:/", f)
 	cache.Put(":mock:/", f)
diff --git a/fs/rc/internal.go b/fs/rc/internal.go
index 4dafbb5069418..e2f439a2952bf 100644
--- a/fs/rc/internal.go
+++ b/fs/rc/internal.go
@@ -389,10 +389,7 @@ func rcSetSoftMemoryLimit(ctx context.Context, in Params) (out Params, err error
 	if err != nil {
 		return nil, err
 	}
-	oldMemLimit, err := debug.SetMemoryLimit(memLimit)
-	if err != nil {
-		return nil, err
-	}
+	oldMemLimit := debug.SetMemoryLimit(memLimit)
 	out = Params{
 		"existing-mem-limit": oldMemLimit,
 	}
diff --git a/fs/rc/jobs/job.go b/fs/rc/jobs/job.go
index 613093e259cc6..5523a66d692a0 100644
--- a/fs/rc/jobs/job.go
+++ b/fs/rc/jobs/job.go
@@ -10,12 +10,20 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/fs/cache"
 	"github.com/rclone/rclone/fs/filter"
 	"github.com/rclone/rclone/fs/rc"
 )
 
+// Fill in these to avoid circular dependencies
+func init() {
+	cache.JobOnFinish = OnFinish
+	cache.JobGetJobID = GetJobID
+}
+
 // Job describes an asynchronous task started via the rc package
 type Job struct {
 	mu        sync.Mutex
@@ -83,6 +91,17 @@ func (job *Job) removeListener(fn *func()) {
 	}
 }
 
+// OnFinish adds listener to job that will be triggered when job is finished.
+// It returns a function to cancel listening.
+func (job *Job) OnFinish(fn func()) func() {
+	if job.Finished {
+		fn()
+	} else {
+		job.addListener(&fn)
+	}
+	return func() { job.removeListener(&fn) }
+}
+
 // run the job until completion writing the return status
 func (job *Job) run(ctx context.Context, fn rc.Func, in rc.Params) {
 	defer func() {
@@ -102,8 +121,9 @@ type Jobs struct {
 }
 
 var (
-	running = newJobs()
-	jobID   = int64(0)
+	running   = newJobs()
+	jobID     atomic.Int64
+	executeID = uuid.New().String()
 )
 
 // newJobs makes a new Jobs structure
@@ -121,7 +141,7 @@ func SetOpt(opt *rc.Options) {
 
 // SetInitialJobID allows for setting jobID before starting any jobs.
 func SetInitialJobID(id int64) {
-	if !atomic.CompareAndSwapInt64(&jobID, 0, id) {
+	if !jobID.CompareAndSwap(0, id) {
 		panic("Setting jobID is only possible before starting any jobs")
 	}
 }
@@ -237,9 +257,14 @@ func getFilter(ctx context.Context, in rc.Params) (context.Context, error) {
 	return ctx, nil
 }
 
+type jobKeyType struct{}
+
+// Key for adding jobs to ctx
+var jobKey = jobKeyType{}
+
 // NewJob creates a Job and executes it, possibly in the background if _async is set
 func (jobs *Jobs) NewJob(ctx context.Context, fn rc.Func, in rc.Params) (job *Job, out rc.Params, err error) {
-	id := atomic.AddInt64(&jobID, 1)
+	id := jobID.Add(1)
 	in = in.Copy() // copy input so we can change it
 
 	ctx, isAsync, err := getAsync(ctx, in)
@@ -274,9 +299,14 @@ func (jobs *Jobs) NewJob(ctx context.Context, fn rc.Func, in rc.Params) (job *Jo
 		StartTime: time.Now(),
 		Stop:      stop,
 	}
+
 	jobs.mu.Lock()
 	jobs.jobs[job.ID] = job
 	jobs.mu.Unlock()
+
+	// Add the job to the context
+	ctx = context.WithValue(ctx, jobKey, job)
+
 	if isAsync {
 		go job.run(ctx, fn, in)
 		out = make(rc.Params)
@@ -303,12 +333,22 @@ func OnFinish(jobID int64, fn func()) (func(), error) {
 	if job == nil {
 		return func() {}, errors.New("job not found")
 	}
-	if job.Finished {
-		fn()
-	} else {
-		job.addListener(&fn)
+	return job.OnFinish(fn), nil
+}
+
+// GetJob gets the Job from the context if possible
+func GetJob(ctx context.Context) (job *Job, ok bool) {
+	job, ok = ctx.Value(jobKey).(*Job)
+	return job, ok
+}
+
+// GetJobID gets the Job from the context if possible
+func GetJobID(ctx context.Context) (jobID int64, ok bool) {
+	job, ok := GetJob(ctx)
+	if !ok {
+		return -1, ok
 	}
-	return func() { job.removeListener(&fn) }, nil
+	return job.ID, true
 }
 
 func init() {
@@ -365,7 +405,8 @@ func init() {
 
 Results:
 
-- jobids - array of integer job ids.
+- executeId - string id of rclone executing (change after restart)
+- jobids - array of integer job ids (starting at 1 on each restart)
 `,
 	})
 }
@@ -374,6 +415,7 @@ Results:
 func rcJobList(ctx context.Context, in rc.Params) (out rc.Params, err error) {
 	out = make(rc.Params)
 	out["jobids"] = running.IDs()
+	out["executeId"] = executeID
 	return out, nil
 }
 
diff --git a/fs/rc/jobs/job_test.go b/fs/rc/jobs/job_test.go
index 7552465def22d..6fc4a822c6cf3 100644
--- a/fs/rc/jobs/job_test.go
+++ b/fs/rc/jobs/job_test.go
@@ -44,13 +44,22 @@ func TestJobsExpire(t *testing.T) {
 	jobs := newJobs()
 	jobs.opt.JobExpireInterval = time.Millisecond
 	assert.Equal(t, false, jobs.expireRunning)
+	var gotJobID int64
+	var gotJob *Job
 	job, out, err := jobs.NewJob(ctx, func(ctx context.Context, in rc.Params) (rc.Params, error) {
 		defer close(wait)
+		var ok bool
+		gotJobID, ok = GetJobID(ctx)
+		assert.True(t, ok)
+		gotJob, ok = GetJob(ctx)
+		assert.True(t, ok)
 		return in, nil
 	}, rc.Params{"_async": true})
 	require.NoError(t, err)
 	assert.Equal(t, 1, len(out))
 	<-wait
+	assert.Equal(t, job.ID, gotJobID, "check can get JobID from ctx")
+	assert.Equal(t, job, gotJob, "check can get Job from ctx")
 	assert.Equal(t, 1, len(jobs.jobs))
 	jobs.Expire()
 	assert.Equal(t, 1, len(jobs.jobs))
@@ -220,7 +229,7 @@ func TestJobRunPanic(t *testing.T) {
 
 func TestJobsNewJob(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	jobs := newJobs()
 	job, out, err := jobs.NewJob(ctx, noopFn, rc.Params{"_async": true})
 	require.NoError(t, err)
@@ -232,7 +241,7 @@ func TestJobsNewJob(t *testing.T) {
 
 func TestStartJob(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	job, out, err := NewJob(ctx, longFn, rc.Params{"_async": true})
 	assert.NoError(t, err)
 	assert.Equal(t, rc.Params{"jobid": int64(1)}, out)
@@ -240,7 +249,7 @@ func TestStartJob(t *testing.T) {
 }
 
 func TestExecuteJob(t *testing.T) {
-	jobID = 0
+	jobID.Store(0)
 	job, out, err := NewJob(context.Background(), shortFn, rc.Params{})
 	assert.NoError(t, err)
 	assert.Equal(t, int64(1), job.ID)
@@ -249,7 +258,7 @@ func TestExecuteJob(t *testing.T) {
 
 func TestExecuteJobWithConfig(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	called := false
 	jobFn := func(ctx context.Context, in rc.Params) (rc.Params, error) {
 		ci := fs.GetConfig(ctx)
@@ -265,7 +274,7 @@ func TestExecuteJobWithConfig(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, true, called)
 	// Retest with string parameter
-	jobID = 0
+	jobID.Store(0)
 	called = false
 	_, _, err = NewJob(ctx, jobFn, rc.Params{
 		"_config": `{"BufferSize": "42M"}`,
@@ -280,7 +289,7 @@ func TestExecuteJobWithConfig(t *testing.T) {
 func TestExecuteJobWithFilter(t *testing.T) {
 	ctx := context.Background()
 	called := false
-	jobID = 0
+	jobID.Store(0)
 	jobFn := func(ctx context.Context, in rc.Params) (rc.Params, error) {
 		fi := filter.GetConfig(ctx)
 		assert.Equal(t, fs.SizeSuffix(1024), fi.Opt.MaxSize)
@@ -300,7 +309,7 @@ func TestExecuteJobWithFilter(t *testing.T) {
 
 func TestExecuteJobWithGroup(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	called := false
 	jobFn := func(ctx context.Context, in rc.Params) (rc.Params, error) {
 		called = true
@@ -318,7 +327,7 @@ func TestExecuteJobWithGroup(t *testing.T) {
 
 func TestExecuteJobErrorPropagation(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 
 	testErr := errors.New("test error")
 	errorFn := func(ctx context.Context, in rc.Params) (out rc.Params, err error) {
@@ -330,7 +339,7 @@ func TestExecuteJobErrorPropagation(t *testing.T) {
 
 func TestRcJobStatus(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	_, _, err := NewJob(ctx, longFn, rc.Params{"_async": true})
 	assert.NoError(t, err)
 
@@ -358,22 +367,36 @@ func TestRcJobStatus(t *testing.T) {
 
 func TestRcJobList(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	_, _, err := NewJob(ctx, longFn, rc.Params{"_async": true})
 	assert.NoError(t, err)
 
 	call := rc.Calls.Get("job/list")
 	assert.NotNil(t, call)
 	in := rc.Params{}
-	out, err := call.Fn(context.Background(), in)
+	out1, err := call.Fn(context.Background(), in)
 	require.NoError(t, err)
-	require.NotNil(t, out)
-	assert.Equal(t, rc.Params{"jobids": []int64{1}}, out)
+	require.NotNil(t, out1)
+	assert.Equal(t, []int64{1}, out1["jobids"], "should have job listed")
+
+	_, _, err = NewJob(ctx, longFn, rc.Params{"_async": true})
+	assert.NoError(t, err)
+
+	call = rc.Calls.Get("job/list")
+	assert.NotNil(t, call)
+	in = rc.Params{}
+	out2, err := call.Fn(context.Background(), in)
+	require.NoError(t, err)
+	require.NotNil(t, out2)
+	assert.Equal(t, 2, len(out2["jobids"].([]int64)), "should have all jobs listed")
+
+	require.NotNil(t, out1["executeId"], "should have executeId")
+	assert.Equal(t, out1["executeId"], out2["executeId"], "executeId should be the same")
 }
 
 func TestRcAsyncJobStop(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	_, _, err := NewJob(ctx, ctxFn, rc.Params{"_async": true})
 	assert.NoError(t, err)
 
@@ -411,7 +434,7 @@ func TestRcAsyncJobStop(t *testing.T) {
 func TestRcSyncJobStop(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	go func() {
-		jobID = 0
+		jobID.Store(0)
 		job, out, err := NewJob(ctx, ctxFn, rc.Params{})
 		assert.Error(t, err)
 		assert.Equal(t, int64(1), job.ID)
@@ -454,7 +477,7 @@ func TestRcSyncJobStop(t *testing.T) {
 
 func TestRcJobStopGroup(t *testing.T) {
 	ctx := context.Background()
-	jobID = 0
+	jobID.Store(0)
 	_, _, err := NewJob(ctx, ctxFn, rc.Params{
 		"_async": true,
 		"_group": "myparty",
@@ -495,7 +518,7 @@ func TestRcJobStopGroup(t *testing.T) {
 }
 
 func TestOnFinish(t *testing.T) {
-	jobID = 0
+	jobID.Store(0)
 	done := make(chan struct{})
 	ctx, cancel := context.WithCancel(context.Background())
 	job, _, err := NewJob(ctx, ctxParmFn(ctx, false), rc.Params{"_async": true})
@@ -515,7 +538,7 @@ func TestOnFinish(t *testing.T) {
 }
 
 func TestOnFinishAlreadyFinished(t *testing.T) {
-	jobID = 0
+	jobID.Store(0)
 	done := make(chan struct{})
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
diff --git a/fs/rc/rc.go b/fs/rc/rc.go
index c45f61cf9928e..b7db4e5878456 100644
--- a/fs/rc/rc.go
+++ b/fs/rc/rc.go
@@ -1,7 +1,7 @@
 // Package rc implements a remote control server and registry for rclone
 //
 // To register your internal calls, call rc.Add(path, function).  Your
-// function should take ane return a Param.  It can also return an
+// function should take and return a Param.  It can also return an
 // error.  Use rc.NewError to wrap an existing error along with an
 // http response type if another response other than 500 internal
 // error is required on error.
@@ -18,22 +18,21 @@ import (
 
 // Options contains options for the remote control server
 type Options struct {
-	HTTP                     libhttp.Config
-	Auth                     libhttp.AuthConfig
-	Template                 libhttp.TemplateConfig
-	Enabled                  bool   // set to enable the server
-	Serve                    bool   // set to serve files from remotes
-	Files                    string // set to enable serving files locally
-	NoAuth                   bool   // set to disable auth checks on AuthRequired methods
-	WebUI                    bool   // set to launch the web ui
-	WebGUIUpdate             bool   // set to check new update
-	WebGUIForceUpdate        bool   // set to force download new update
-	WebGUINoOpenBrowser      bool   // set to disable auto opening browser
-	WebGUIFetchURL           string // set the default url for fetching webgui
-	AccessControlAllowOrigin string // set the access control for CORS configuration
-	EnableMetrics            bool   // set to disable prometheus metrics on /metrics
-	JobExpireDuration        time.Duration
-	JobExpireInterval        time.Duration
+	HTTP                libhttp.Config
+	Auth                libhttp.AuthConfig
+	Template            libhttp.TemplateConfig
+	Enabled             bool   // set to enable the server
+	Serve               bool   // set to serve files from remotes
+	Files               string // set to enable serving files locally
+	NoAuth              bool   // set to disable auth checks on AuthRequired methods
+	WebUI               bool   // set to launch the web ui
+	WebGUIUpdate        bool   // set to check new update
+	WebGUIForceUpdate   bool   // set to force download new update
+	WebGUINoOpenBrowser bool   // set to disable auto opening browser
+	WebGUIFetchURL      string // set the default url for fetching webgui
+	EnableMetrics       bool   // set to disable prometheus metrics on /metrics
+	JobExpireDuration   time.Duration
+	JobExpireInterval   time.Duration
 }
 
 // DefaultOpt is the default values used for Options
diff --git a/fs/rc/rcflags/rcflags.go b/fs/rc/rcflags/rcflags.go
index db2412e06dbc3..6711d525555a9 100644
--- a/fs/rc/rcflags/rcflags.go
+++ b/fs/rc/rcflags/rcflags.go
@@ -7,6 +7,9 @@ import (
 	"github.com/spf13/pflag"
 )
 
+// FlagPrefix is the prefix used to uniquely identify command line flags.
+const FlagPrefix = "rc-"
+
 // Options set by command line flags
 var (
 	Opt = rc.DefaultOpt
@@ -15,20 +18,19 @@ var (
 // AddFlags adds the remote control flags to the flagSet
 func AddFlags(flagSet *pflag.FlagSet) {
 	rc.AddOption("rc", &Opt)
-	flags.BoolVarP(flagSet, &Opt.Enabled, "rc", "", false, "Enable the remote control server")
-	flags.StringVarP(flagSet, &Opt.Files, "rc-files", "", "", "Path to local files to serve on the HTTP server")
-	flags.BoolVarP(flagSet, &Opt.Serve, "rc-serve", "", false, "Enable the serving of remote objects")
-	flags.BoolVarP(flagSet, &Opt.NoAuth, "rc-no-auth", "", false, "Don't require auth for certain methods")
-	flags.BoolVarP(flagSet, &Opt.WebUI, "rc-web-gui", "", false, "Launch WebGUI on localhost")
-	flags.BoolVarP(flagSet, &Opt.WebGUIUpdate, "rc-web-gui-update", "", false, "Check and update to latest version of web gui")
-	flags.BoolVarP(flagSet, &Opt.WebGUIForceUpdate, "rc-web-gui-force-update", "", false, "Force update to latest version of web gui")
-	flags.BoolVarP(flagSet, &Opt.WebGUINoOpenBrowser, "rc-web-gui-no-open-browser", "", false, "Don't open the browser automatically")
-	flags.StringVarP(flagSet, &Opt.WebGUIFetchURL, "rc-web-fetch-url", "", "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest", "URL to fetch the releases for webgui")
-	flags.StringVarP(flagSet, &Opt.AccessControlAllowOrigin, "rc-allow-origin", "", "", "Set the allowed origin for CORS")
-	flags.BoolVarP(flagSet, &Opt.EnableMetrics, "rc-enable-metrics", "", false, "Enable prometheus metrics on /metrics")
-	flags.DurationVarP(flagSet, &Opt.JobExpireDuration, "rc-job-expire-duration", "", Opt.JobExpireDuration, "Expire finished async jobs older than this value")
-	flags.DurationVarP(flagSet, &Opt.JobExpireInterval, "rc-job-expire-interval", "", Opt.JobExpireInterval, "Interval to check for expired async jobs")
-	Opt.HTTP.AddFlagsPrefix(flagSet, "rc-")
-	Opt.Auth.AddFlagsPrefix(flagSet, "rc-")
-	Opt.Template.AddFlagsPrefix(flagSet, "rc-")
+	flags.BoolVarP(flagSet, &Opt.Enabled, "rc", "", false, "Enable the remote control server", "RC")
+	flags.StringVarP(flagSet, &Opt.Files, "rc-files", "", "", "Path to local files to serve on the HTTP server", "RC")
+	flags.BoolVarP(flagSet, &Opt.Serve, "rc-serve", "", false, "Enable the serving of remote objects", "RC")
+	flags.BoolVarP(flagSet, &Opt.NoAuth, "rc-no-auth", "", false, "Don't require auth for certain methods", "RC")
+	flags.BoolVarP(flagSet, &Opt.WebUI, "rc-web-gui", "", false, "Launch WebGUI on localhost", "RC")
+	flags.BoolVarP(flagSet, &Opt.WebGUIUpdate, "rc-web-gui-update", "", false, "Check and update to latest version of web gui", "RC")
+	flags.BoolVarP(flagSet, &Opt.WebGUIForceUpdate, "rc-web-gui-force-update", "", false, "Force update to latest version of web gui", "RC")
+	flags.BoolVarP(flagSet, &Opt.WebGUINoOpenBrowser, "rc-web-gui-no-open-browser", "", false, "Don't open the browser automatically", "RC")
+	flags.StringVarP(flagSet, &Opt.WebGUIFetchURL, "rc-web-fetch-url", "", "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest", "URL to fetch the releases for webgui", "RC")
+	flags.BoolVarP(flagSet, &Opt.EnableMetrics, "rc-enable-metrics", "", false, "Enable prometheus metrics on /metrics", "RC")
+	flags.DurationVarP(flagSet, &Opt.JobExpireDuration, "rc-job-expire-duration", "", Opt.JobExpireDuration, "Expire finished async jobs older than this value", "RC")
+	flags.DurationVarP(flagSet, &Opt.JobExpireInterval, "rc-job-expire-interval", "", Opt.JobExpireInterval, "Interval to check for expired async jobs", "RC")
+	Opt.HTTP.AddFlagsPrefix(flagSet, FlagPrefix)
+	Opt.Auth.AddFlagsPrefix(flagSet, FlagPrefix)
+	Opt.Template.AddFlagsPrefix(flagSet, FlagPrefix)
 }
diff --git a/fs/rc/rcserver/rcserver.go b/fs/rc/rcserver/rcserver.go
index f353c3ea16080..4ded73a6cc20a 100644
--- a/fs/rc/rcserver/rcserver.go
+++ b/fs/rc/rcserver/rcserver.go
@@ -15,7 +15,6 @@ import (
 	"regexp"
 	"sort"
 	"strings"
-	"sync"
 	"time"
 
 	"github.com/go-chi/chi/v5/middleware"
@@ -38,7 +37,6 @@ import (
 )
 
 var promHandler http.Handler
-var onlyOnceWarningAllowOrigin sync.Once
 
 func init() {
 	rcloneCollector := accounting.NewRcloneCollector(context.Background())
@@ -214,28 +212,6 @@ func writeError(path string, in rc.Params, w http.ResponseWriter, err error, sta
 func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
 	path := strings.TrimLeft(r.URL.Path, "/")
 
-	allowOrigin := rcflags.Opt.AccessControlAllowOrigin
-	if allowOrigin != "" {
-		onlyOnceWarningAllowOrigin.Do(func() {
-			if allowOrigin == "*" {
-				fs.Logf(nil, "Warning: Allow origin set to *. This can cause serious security problems.")
-			}
-		})
-		w.Header().Add("Access-Control-Allow-Origin", allowOrigin)
-	} else {
-		urls := s.server.URLs()
-		if len(urls) == 1 {
-			w.Header().Add("Access-Control-Allow-Origin", urls[0])
-		} else {
-			fs.Errorf(nil, "Warning, need exactly 1 URL for Access-Control-Allow-Origin, got %d %q", len(urls), urls)
-		}
-	}
-
-	// echo back access control headers client needs
-	//reqAccessHeaders := r.Header.Get("Access-Control-Request-Headers")
-	w.Header().Add("Access-Control-Request-Method", "POST, OPTIONS, GET, HEAD")
-	w.Header().Add("Access-Control-Allow-Headers", "authorization, Content-Type")
-
 	switch r.Method {
 	case "POST":
 		s.handlePost(w, r, path)
diff --git a/fs/rc/rcserver/rcserver_test.go b/fs/rc/rcserver/rcserver_test.go
index 27872229777af..05889ecc97889 100644
--- a/fs/rc/rcserver/rcserver_test.go
+++ b/fs/rc/rcserver/rcserver_test.go
@@ -552,32 +552,6 @@ Unknown command
 	testServer(t, tests, &opt)
 }
 
-func TestMethods(t *testing.T) {
-	tests := []testRun{{
-		Name:     "options",
-		URL:      "",
-		Method:   "OPTIONS",
-		Status:   http.StatusOK,
-		Expected: "",
-		Headers: map[string]string{
-			"Access-Control-Allow-Origin":   "testURL",
-			"Access-Control-Request-Method": "POST, OPTIONS, GET, HEAD",
-			"Access-Control-Allow-Headers":  "authorization, Content-Type",
-		},
-	}, {
-		Name:   "bad",
-		URL:    "",
-		Method: "POTATO",
-		Status: http.StatusMethodNotAllowed,
-		Expected: `Method Not Allowed
-`,
-	}}
-	opt := newTestOpt()
-	opt.Serve = true
-	opt.Files = testFs
-	testServer(t, tests, &opt)
-}
-
 func TestMetrics(t *testing.T) {
 	stats := accounting.GlobalStats()
 	tests := makeMetricsTestCases(stats)
diff --git a/fs/rc/webgui/plugins.go b/fs/rc/webgui/plugins.go
index c51eeab57bfa3..8784ae465dfa7 100644
--- a/fs/rc/webgui/plugins.go
+++ b/fs/rc/webgui/plugins.go
@@ -152,33 +152,6 @@ func (p *Plugins) addPlugin(pluginName string, packageJSONPath string) (err erro
 	return nil
 }
 
-func (p *Plugins) addTestPlugin(pluginName string, testURL string, handlesType []string) (err error) {
-	p.mutex.Lock()
-	defer p.mutex.Unlock()
-	err = p.readFromFile()
-	if err != nil {
-		return err
-	}
-
-	var pkgJSON = PackageJSON{
-		Name:    pluginName,
-		TestURL: testURL,
-		Rclone: RcloneConfig{
-			HandlesType: handlesType,
-			Test:        true,
-		},
-	}
-
-	p.LoadedPlugins[pluginName] = pkgJSON
-
-	err = p.writeToFile()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func (p *Plugins) writeToFile() (err error) {
 	availablePluginsJSON := filepath.Join(pluginsConfigPath, p.fileName)
 
diff --git a/fs/registry.go b/fs/registry.go
index adf891ad2efe7..1ecd2c3054405 100644
--- a/fs/registry.go
+++ b/fs/registry.go
@@ -60,6 +60,15 @@ func (os Options) setValues() {
 		if o.Default == nil {
 			o.Default = ""
 		}
+		// Create options for Enums
+		if do, ok := o.Default.(Choices); ok && len(o.Examples) == 0 {
+			o.Exclusive = true
+			o.Required = true
+			o.Examples = make(OptionExamples, len(do.Choices()))
+			for i, choice := range do.Choices() {
+				o.Examples[i].Value = choice
+			}
+		}
 	}
 }
 
@@ -154,6 +163,7 @@ type Option struct {
 	NoPrefix   bool             // set if the option for this should not use the backend prefix
 	Advanced   bool             // set if this is an advanced config option
 	Exclusive  bool             // set if the answer can only be one of the examples (empty string allowed unless Required or Default is set)
+	Sensitive  bool             // set if this option should be redacted when using rclone config redacted
 }
 
 // BaseOption is an alias for Option used internally
@@ -206,9 +216,20 @@ func (o *Option) Set(s string) (err error) {
 	return nil
 }
 
+type typer interface {
+	Type() string
+}
+
 // Type of the value
 func (o *Option) Type() string {
-	return reflect.TypeOf(o.GetValue()).Name()
+	v := o.GetValue()
+
+	// Try to call Type method on non-pointer
+	if do, ok := v.(typer); ok {
+		return do.Type()
+	}
+
+	return reflect.TypeOf(v).Name()
 }
 
 // FlagName for the option
diff --git a/fs/sizesuffix.go b/fs/sizesuffix.go
index 04056b707c5ba..0a2a5661c1d48 100644
--- a/fs/sizesuffix.go
+++ b/fs/sizesuffix.go
@@ -192,7 +192,7 @@ func (x *SizeSuffix) Set(s string) error {
 }
 
 // Type of the value
-func (x *SizeSuffix) Type() string {
+func (x SizeSuffix) Type() string {
 	return "SizeSuffix"
 }
 
diff --git a/fs/sizesuffix_test.go b/fs/sizesuffix_test.go
index cb58b807cac09..fd87811c89815 100644
--- a/fs/sizesuffix_test.go
+++ b/fs/sizesuffix_test.go
@@ -17,8 +17,20 @@ type flagger interface {
 	json.Unmarshaler
 }
 
-// Check it satisfies the interface
-var _ flagger = (*SizeSuffix)(nil)
+// Interface which non-pointer flags must satisfy
+//
+// These are from pflag.Value and need to be non-pointer due the the
+// way the backend flags are inserted into the flags.
+type flaggerNP interface {
+	String() string
+	Type() string
+}
+
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*SizeSuffix)(nil)
+	_ flaggerNP = SizeSuffix(0)
+)
 
 func TestSizeSuffixString(t *testing.T) {
 	for _, test := range []struct {
diff --git a/fs/sync/pipe_test.go b/fs/sync/pipe_test.go
index 2d56506ceec8e..4d9afbe26d4a1 100644
--- a/fs/sync/pipe_test.go
+++ b/fs/sync/pipe_test.go
@@ -112,7 +112,7 @@ func TestPipeConcurrent(t *testing.T) {
 	obj1 := mockobject.New("potato").WithContent([]byte("hello"), mockobject.SeekModeNone)
 	pair1 := fs.ObjectPair{Src: obj1, Dst: nil}
 	ctx := context.Background()
-	var count int64
+	var count atomic.Int64
 
 	for j := 0; j < readWriters; j++ {
 		wg.Add(2)
@@ -123,7 +123,7 @@ func TestPipeConcurrent(t *testing.T) {
 				pair2, ok := p.Get(ctx)
 				assert.Equal(t, pair1, pair2)
 				assert.Equal(t, true, ok)
-				atomic.AddInt64(&count, -1)
+				count.Add(-1)
 			}
 		}()
 		go func() {
@@ -132,13 +132,13 @@ func TestPipeConcurrent(t *testing.T) {
 				// Put an object
 				ok := p.Put(ctx, pair1)
 				assert.Equal(t, true, ok)
-				atomic.AddInt64(&count, 1)
+				count.Add(1)
 			}
 		}()
 	}
 	wg.Wait()
 
-	assert.Equal(t, int64(0), count)
+	assert.Equal(t, int64(0), count.Load())
 }
 
 func TestPipeOrderBy(t *testing.T) {
diff --git a/fs/sync/sync.go b/fs/sync/sync.go
index 95a49ab2fd807..255dfaf1a9fde 100644
--- a/fs/sync/sync.go
+++ b/fs/sync/sync.go
@@ -20,6 +20,14 @@ import (
 	"github.com/rclone/rclone/fs/operations"
 )
 
+// ErrorMaxDurationReached defines error when transfer duration is reached
+// Used for checking on exit and matching to correct exit code.
+var ErrorMaxDurationReached = errors.New("max transfer duration reached as set by --max-duration")
+
+// ErrorMaxDurationReachedFatal is returned from when the max
+// duration limit is reached.
+var ErrorMaxDurationReachedFatal = fserrors.FatalError(ErrorMaxDurationReached)
+
 type syncCopyMove struct {
 	// parameters
 	fdst               fs.Fs
@@ -357,13 +365,13 @@ func (s *syncCopyMove) pairChecker(in *pipe, out *pipe, fraction int, wg *sync.W
 						} else {
 							// If successful zero out the dst as it is no longer there and copy the file
 							pair.Dst = nil
-							ok = out.Put(s.ctx, pair)
+							ok = out.Put(s.inCtx, pair)
 							if !ok {
 								return
 							}
 						}
 					} else {
-						ok = out.Put(s.ctx, pair)
+						ok = out.Put(s.inCtx, pair)
 						if !ok {
 							return
 						}
@@ -381,7 +389,7 @@ func (s *syncCopyMove) pairChecker(in *pipe, out *pipe, fraction int, wg *sync.W
 						// If we want perfect ordering then use the transfers to delete the file
 						//
 						// We send src == dst, to say we want the src deleted
-						ok = out.Put(s.ctx, fs.ObjectPair{Src: src, Dst: src})
+						ok = out.Put(s.inCtx, fs.ObjectPair{Src: src, Dst: src})
 						if !ok {
 							return
 						}
@@ -407,7 +415,8 @@ func (s *syncCopyMove) pairRenamer(in *pipe, out *pipe, fraction int, wg *sync.W
 		src := pair.Src
 		if !s.tryRename(src) {
 			// pass on if not renamed
-			ok = out.Put(s.ctx, pair)
+			fs.Debugf(src, "Need to transfer - No matching file found at Destination")
+			ok = out.Put(s.inCtx, pair)
 			if !ok {
 				return
 			}
@@ -844,10 +853,6 @@ func (s *syncCopyMove) tryRename(src fs.Object) bool {
 	return true
 }
 
-// errorMaxDurationReached defines error when transfer duration is reached
-// Used for checking on exit and matching to correct exit code.
-var errorMaxDurationReached = fserrors.FatalError(errors.New("max transfer duration reached as set by --max-duration"))
-
 // Syncs fsrc into fdst
 //
 // If Delete is true then it deletes any files in fdst that aren't in fsrc
@@ -892,7 +897,7 @@ func (s *syncCopyMove) run() error {
 		s.makeRenameMap()
 		// Attempt renames for all the files which don't have a matching dst
 		for _, src := range s.renameCheck {
-			ok := s.toBeRenamed.Put(s.ctx, fs.ObjectPair{Src: src, Dst: nil})
+			ok := s.toBeRenamed.Put(s.inCtx, fs.ObjectPair{Src: src, Dst: nil})
 			if !ok {
 				break
 			}
@@ -944,8 +949,8 @@ func (s *syncCopyMove) run() error {
 
 	// If the duration was exceeded then add a Fatal Error so we don't retry
 	if !s.maxDurationEndTime.IsZero() && time.Since(s.maxDurationEndTime) > 0 {
-		fs.Errorf(s.fdst, "%v", errorMaxDurationReached)
-		s.processError(errorMaxDurationReached)
+		fs.Errorf(s.fdst, "%v", ErrorMaxDurationReachedFatal)
+		s.processError(ErrorMaxDurationReachedFatal)
 	}
 
 	// Print nothing to transfer message if there were no transfers and no errors
@@ -1026,7 +1031,8 @@ func (s *syncCopyMove) SrcOnly(src fs.DirEntry) (recurse bool) {
 			}
 			if !NoNeedTransfer {
 				// No need to check since doesn't exist
-				ok := s.toBeUploaded.Put(s.ctx, fs.ObjectPair{Src: x, Dst: nil})
+				fs.Debugf(src, "Need to transfer - File not found at Destination")
+				ok := s.toBeUploaded.Put(s.inCtx, fs.ObjectPair{Src: x, Dst: nil})
 				if !ok {
 					return
 				}
@@ -1059,7 +1065,7 @@ func (s *syncCopyMove) Match(ctx context.Context, dst, src fs.DirEntry) (recurse
 		}
 		dstX, ok := dst.(fs.Object)
 		if ok {
-			ok = s.toBeChecked.Put(s.ctx, fs.ObjectPair{Src: srcX, Dst: dstX})
+			ok = s.toBeChecked.Put(s.inCtx, fs.ObjectPair{Src: srcX, Dst: dstX})
 			if !ok {
 				return false
 			}
diff --git a/fs/sync/sync_test.go b/fs/sync/sync_test.go
index f439712484cb8..f24a783ed0a7a 100644
--- a/fs/sync/sync_test.go
+++ b/fs/sync/sync_test.go
@@ -996,7 +996,7 @@ func testSyncWithMaxDuration(t *testing.T, cutoffMode fs.CutoffMode) {
 	accounting.GlobalStats().ResetCounters()
 	startTime := time.Now()
 	err := Sync(ctx, r.Fremote, r.Flocal, false)
-	require.True(t, errors.Is(err, errorMaxDurationReached))
+	require.True(t, errors.Is(err, ErrorMaxDurationReached))
 
 	if cutoffMode == fs.CutoffModeHard {
 		r.CheckRemoteItems(t, file1)
@@ -1423,7 +1423,7 @@ func TestSyncOverlapWithFilter(t *testing.T) {
 	require.NoError(t, fi.Add(false, "/rclone-sync-test/"))
 	require.NoError(t, fi.Add(false, "*/layer2/"))
 	fi.Opt.ExcludeFile = []string{".ignore"}
-	ctx = filter.ReplaceConfig(ctx, fi)
+	filterCtx := filter.ReplaceConfig(ctx, fi)
 
 	subRemoteName := r.FremoteName + "/rclone-sync-test"
 	FremoteSync, err := fs.NewFs(ctx, subRemoteName)
@@ -1453,19 +1453,28 @@ func TestSyncOverlapWithFilter(t *testing.T) {
 	}
 
 	accounting.GlobalStats().ResetCounters()
-	checkNoErr(Sync(ctx, FremoteSync, r.Fremote, false))
+	checkNoErr(Sync(filterCtx, FremoteSync, r.Fremote, false))
+	checkErr(Sync(ctx, FremoteSync, r.Fremote, false))
+	checkNoErr(Sync(filterCtx, r.Fremote, FremoteSync, false))
 	checkErr(Sync(ctx, r.Fremote, FremoteSync, false))
+	checkErr(Sync(filterCtx, r.Fremote, r.Fremote, false))
 	checkErr(Sync(ctx, r.Fremote, r.Fremote, false))
+	checkErr(Sync(filterCtx, FremoteSync, FremoteSync, false))
 	checkErr(Sync(ctx, FremoteSync, FremoteSync, false))
 
-	checkNoErr(Sync(ctx, FremoteSync2, r.Fremote, false))
+	checkNoErr(Sync(filterCtx, FremoteSync2, r.Fremote, false))
+	checkErr(Sync(ctx, FremoteSync2, r.Fremote, false))
+	checkNoErr(Sync(filterCtx, r.Fremote, FremoteSync2, false))
 	checkErr(Sync(ctx, r.Fremote, FremoteSync2, false))
-	checkErr(Sync(ctx, r.Fremote, r.Fremote, false))
+	checkErr(Sync(filterCtx, FremoteSync2, FremoteSync2, false))
 	checkErr(Sync(ctx, FremoteSync2, FremoteSync2, false))
 
-	checkNoErr(Sync(ctx, FremoteSync3, r.Fremote, false))
+	checkNoErr(Sync(filterCtx, FremoteSync3, r.Fremote, false))
+	checkErr(Sync(ctx, FremoteSync3, r.Fremote, false))
+	// Destination is excluded so this test makes no sense
+	// checkNoErr(Sync(filterCtx, r.Fremote, FremoteSync3, false))
 	checkErr(Sync(ctx, r.Fremote, FremoteSync3, false))
-	checkErr(Sync(ctx, r.Fremote, r.Fremote, false))
+	checkErr(Sync(filterCtx, FremoteSync3, FremoteSync3, false))
 	checkErr(Sync(ctx, FremoteSync3, FremoteSync3, false))
 }
 
diff --git a/fs/terminalcolormode.go b/fs/terminalcolormode.go
index 7da58e13fce6b..44ec4b94aad62 100644
--- a/fs/terminalcolormode.go
+++ b/fs/terminalcolormode.go
@@ -1,12 +1,7 @@
 package fs
 
-import (
-	"fmt"
-	"strings"
-)
-
 // TerminalColorMode describes how ANSI codes should be handled
-type TerminalColorMode byte
+type TerminalColorMode = Enum[terminalColorModeChoices]
 
 // TerminalColorMode constants
 const (
@@ -15,43 +10,12 @@ const (
 	TerminalColorModeAlways
 )
 
-var terminalColorModeToString = []string{
-	TerminalColorModeAuto:   "AUTO",
-	TerminalColorModeNever:  "NEVER",
-	TerminalColorModeAlways: "ALWAYS",
-}
-
-// String converts a TerminalColorMode to a string
-func (m TerminalColorMode) String() string {
-	if m >= TerminalColorMode(len(terminalColorModeToString)) {
-		return fmt.Sprintf("TerminalColorMode(%d)", m)
-	}
-	return terminalColorModeToString[m]
-}
+type terminalColorModeChoices struct{}
 
-// Set a TerminalColorMode
-func (m *TerminalColorMode) Set(s string) error {
-	for n, name := range terminalColorModeToString {
-		if s != "" && name == strings.ToUpper(s) {
-			*m = TerminalColorMode(n)
-			return nil
-		}
+func (terminalColorModeChoices) Choices() []string {
+	return []string{
+		TerminalColorModeAuto:   "AUTO",
+		TerminalColorModeNever:  "NEVER",
+		TerminalColorModeAlways: "ALWAYS",
 	}
-	return fmt.Errorf("unknown terminal color mode %q", s)
-}
-
-// Type of TerminalColorMode
-func (m TerminalColorMode) Type() string {
-	return "string"
-}
-
-// UnmarshalJSON converts a string/integer in JSON to a TerminalColorMode
-func (m *TerminalColorMode) UnmarshalJSON(in []byte) error {
-	return UnmarshalJSONFlag(in, m, func(i int64) error {
-		if i < 0 || i >= int64(len(terminalColorModeToString)) {
-			return fmt.Errorf("out of range terminal color mode %d", i)
-		}
-		*m = (TerminalColorMode)(i)
-		return nil
-	})
 }
diff --git a/fs/terminalcolormode_test.go b/fs/terminalcolormode_test.go
index 6060b4342ff9a..4d6e0405d66ea 100644
--- a/fs/terminalcolormode_test.go
+++ b/fs/terminalcolormode_test.go
@@ -17,7 +17,7 @@ func TestTerminalColorModeString(t *testing.T) {
 		{TerminalColorModeAuto, "AUTO"},
 		{TerminalColorModeAlways, "ALWAYS"},
 		{TerminalColorModeNever, "NEVER"},
-		{36, "TerminalColorMode(36)"},
+		{36, "Unknown(36)"},
 	} {
 		tcm := test.in
 		assert.Equal(t, test.want, tcm.String(), test.in)
diff --git a/fs/tristate.go b/fs/tristate.go
index d03926a070360..dd70a6a62fe8f 100644
--- a/fs/tristate.go
+++ b/fs/tristate.go
@@ -70,3 +70,11 @@ func (t *Tristate) UnmarshalJSON(in []byte) error {
 	}
 	return nil
 }
+
+// MarshalJSON encodes it as a bool or nil for unset
+func (t *Tristate) MarshalJSON() ([]byte, error) {
+	if !t.Valid {
+		return json.Marshal(nil)
+	}
+	return json.Marshal(t.Value)
+}
diff --git a/fs/tristate_test.go b/fs/tristate_test.go
index 9189f22934694..7e9f11d9b40dd 100644
--- a/fs/tristate_test.go
+++ b/fs/tristate_test.go
@@ -9,8 +9,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// Check it satisfies the interface
-var _ flagger = (*Tristate)(nil)
+// Check it satisfies the interfaces
+var (
+	_ flagger   = (*Tristate)(nil)
+	_ flaggerNP = Tristate{}
+)
 
 func TestTristateString(t *testing.T) {
 	for _, test := range []struct {
@@ -85,3 +88,18 @@ func TestTristateUnmarshalJSON(t *testing.T) {
 		assert.Equal(t, test.want, got, test.in)
 	}
 }
+
+func TestTristateMarshalJSON(t *testing.T) {
+	for _, test := range []struct {
+		in   Tristate
+		want string
+	}{
+		{Tristate{}, `null`},
+		{Tristate{Valid: true, Value: true}, `true`},
+		{Tristate{Valid: true, Value: false}, `false`},
+	} {
+		got, err := json.Marshal(&test.in)
+		require.NoError(t, err)
+		assert.Equal(t, test.want, string(got), fmt.Sprintf("%#v", test.in))
+	}
+}
diff --git a/fs/versioncheck.go b/fs/versioncheck.go
index 7a58a4ac5decd..afa274c922990 100644
--- a/fs/versioncheck.go
+++ b/fs/versioncheck.go
@@ -1,8 +1,8 @@
-//go:build !go1.18
-// +build !go1.18
+//go:build !go1.19
+// +build !go1.19
 
 package fs
 
-// Upgrade to Go version 1.18 to compile rclone - latest stable go
+// Upgrade to Go version 1.19 to compile rclone - latest stable go
 // compiler recommended.
-func init() { Go_version_1_18_required_for_compilation() }
+func init() { Go_version_1_19_required_for_compilation() }
diff --git a/fs/versiontag.go b/fs/versiontag.go
index bc013213a9460..f9a696e2d1988 100644
--- a/fs/versiontag.go
+++ b/fs/versiontag.go
@@ -1,4 +1,4 @@
 package fs
 
 // VersionTag of rclone
-var VersionTag = "v1.63.0"
+var VersionTag = "v1.65.0"
diff --git a/fs/walk/walk_test.go b/fs/walk/walk_test.go
index cbfa82ce830b2..d479914866b2d 100644
--- a/fs/walk/walk_test.go
+++ b/fs/walk/walk_test.go
@@ -798,7 +798,8 @@ func TestListR(t *testing.T) {
 		mockobject.Object("dir/b"),
 		mockobject.Object("dir/c"),
 	}
-	f := mockfs.NewFs(ctx, "mock", "/")
+	f, err := mockfs.NewFs(ctx, "mock", "/", nil)
+	require.NoError(t, err)
 	var got []string
 	clearCallback := func() {
 		got = nil
diff --git a/fstest/fstest.go b/fstest/fstest.go
index 1c23b537351b7..9a3f75753543d 100644
--- a/fstest/fstest.go
+++ b/fstest/fstest.go
@@ -281,8 +281,8 @@ func CheckListingWithRoot(t *testing.T, f fs.Fs, dir string, items []Item, expec
 		if err != nil && err != fs.ErrorDirNotFound {
 			t.Fatalf("Error listing: %v", err)
 		}
-
 		gotListing = makeListingFromObjects(objs)
+
 		listingOK = wantListing == gotListing
 		if listingOK && (expectedDirs == nil || len(dirs) == len(expectedDirs)) {
 			// Put an extra sleep in if we did any retries just to make sure it really
diff --git a/fstest/fstests/fstests.go b/fstest/fstests/fstests.go
index 9c3ea61ff5134..7ab03dd60541d 100644
--- a/fstest/fstests/fstests.go
+++ b/fstest/fstests/fstests.go
@@ -60,6 +60,8 @@ type ChunkedUploadConfig struct {
 	CeilChunkSize func(fs.SizeSuffix) fs.SizeSuffix
 	// More than one chunk is required on upload
 	NeedMultipleChunks bool
+	// Skip this particular remote
+	Skip bool
 }
 
 // SetUploadChunkSizer is a test only interface to change the upload chunk size at runtime
@@ -76,6 +78,13 @@ type SetUploadCutoffer interface {
 	SetUploadCutoff(fs.SizeSuffix) (fs.SizeSuffix, error)
 }
 
+// SetCopyCutoffer is a test only interface to change the copy cutoff size at runtime
+type SetCopyCutoffer interface {
+	// Change the configured CopyCutoff.
+	// Will only be called while no transfer is in progress.
+	SetCopyCutoff(fs.SizeSuffix) (fs.SizeSuffix, error)
+}
+
 // NextPowerOfTwo returns the current or next bigger power of two.
 // All values less or equal 0 will return 0
 func NextPowerOfTwo(i fs.SizeSuffix) fs.SizeSuffix {
@@ -221,8 +230,10 @@ func testPutMimeType(ctx context.Context, t *testing.T, f fs.Fs, file *fstest.It
 	return contents, PutTestContentsMetadata(ctx, t, f, file, contents, true, mimeType, metadata)
 }
 
-// TestPutLarge puts file to the remote, checks it and removes it on success.
-func TestPutLarge(ctx context.Context, t *testing.T, f fs.Fs, file *fstest.Item) {
+// testPutLarge puts file to the remote, checks it and removes it on success.
+//
+// If stream is set, then it uploads the file with size -1
+func testPutLarge(ctx context.Context, t *testing.T, f fs.Fs, file *fstest.Item, stream bool) {
 	var (
 		err        error
 		obj        fs.Object
@@ -233,7 +244,11 @@ func TestPutLarge(ctx context.Context, t *testing.T, f fs.Fs, file *fstest.Item)
 		uploadHash = hash.NewMultiHasher()
 		in := io.TeeReader(r, uploadHash)
 
-		obji := object.NewStaticObjectInfo(file.Path, file.ModTime, file.Size, true, nil, nil)
+		size := file.Size
+		if stream {
+			size = -1
+		}
+		obji := object.NewStaticObjectInfo(file.Path, file.ModTime, size, true, nil, nil)
 		obj, err = f.Put(ctx, in, obji)
 		if file.Size == 0 && err == fs.ErrorCantUploadEmptyFiles {
 			t.Skip("Can't upload zero length files")
@@ -261,6 +276,16 @@ func TestPutLarge(ctx context.Context, t *testing.T, f fs.Fs, file *fstest.Item)
 	require.NoError(t, obj.Remove(ctx))
 }
 
+// TestPutLarge puts file to the remote, checks it and removes it on success.
+func TestPutLarge(ctx context.Context, t *testing.T, f fs.Fs, file *fstest.Item) {
+	testPutLarge(ctx, t, f, file, false)
+}
+
+// TestPutLargeStreamed puts file of unknown size to the remote, checks it and removes it on success.
+func TestPutLargeStreamed(ctx context.Context, t *testing.T, f fs.Fs, file *fstest.Item) {
+	testPutLarge(ctx, t, f, file, true)
+}
+
 // ReadObject reads the contents of an object as a string
 func ReadObject(ctx context.Context, t *testing.T, obj fs.Object, limit int64, options ...fs.OpenOption) string {
 	what := fmt.Sprintf("readObject(%q) limit=%d, options=%+v", obj, limit, options)
@@ -458,7 +483,7 @@ func Run(t *testing.T, opt *Opt) {
 			t.Skip("Skipping FsCheckWrap on this Fs")
 		}
 		ft := new(fs.Features).Fill(ctx, f)
-		if ft.UnWrap == nil {
+		if ft.UnWrap == nil && !f.Features().Overlay {
 			t.Skip("Not a wrapping Fs")
 		}
 		v := reflect.ValueOf(ft).Elem()
@@ -524,23 +549,33 @@ func Run(t *testing.T, opt *Opt) {
 	t.Run("FsName", func(t *testing.T) {
 		skipIfNotOk(t)
 		got := removeConfigID(f.Name())
-		want := remoteName[:strings.LastIndex(remoteName, ":")+1]
+		var want string
 		if isLocalRemote {
-			want = "local:"
+			want = "local"
+		} else {
+			want = remoteName[:strings.LastIndex(remoteName, ":")]
+			comma := strings.IndexRune(remoteName, ',')
+			if comma >= 0 {
+				want = want[:comma]
+			}
 		}
-		require.Equal(t, want, got+":")
+		require.Equal(t, want, got)
 	})
 
 	// TestFsRoot tests the Root method
 	t.Run("FsRoot", func(t *testing.T) {
 		skipIfNotOk(t)
-		name := removeConfigID(f.Name()) + ":"
-		root := f.Root()
+		got := f.Root()
+		want := subRemoteName
+		colon := strings.LastIndex(want, ":")
+		if colon >= 0 {
+			want = want[colon+1:]
+		}
 		if isLocalRemote {
 			// only check last path element on local
-			require.Equal(t, filepath.Base(subRemoteName), filepath.Base(root))
+			require.Equal(t, filepath.Base(subRemoteName), filepath.Base(got))
 		} else {
-			require.Equal(t, subRemoteName, name+root)
+			require.Equal(t, want, got)
 		}
 	})
 
@@ -773,6 +808,52 @@ func Run(t *testing.T, opt *Opt) {
 			assert.NoError(t, f.Rmdir(ctx, "writer-at-subdir"))
 		})
 
+		// TestFsOpenChunkWriter tests writing in chunks to fs
+		// then reads back the contents and check if they match
+		// go test -v -run 'TestIntegration/FsMkdir/FsOpenChunkWriter'
+		t.Run("FsOpenChunkWriter", func(t *testing.T) {
+			skipIfNotOk(t)
+			openChunkWriter := f.Features().OpenChunkWriter
+			if openChunkWriter == nil {
+				t.Skip("FS has no OpenChunkWriter interface")
+			}
+			size5MBs := 5 * 1024 * 1024
+			contents1 := random.String(size5MBs)
+			contents2 := random.String(size5MBs)
+
+			size1MB := 1 * 1024 * 1024
+			contents3 := random.String(size1MB)
+
+			path := "writer-at-subdir/writer-at-file"
+			objSrc := object.NewStaticObjectInfo(path+"-WRONG-REMOTE", file1.ModTime, -1, true, nil, nil)
+			_, out, err := openChunkWriter(ctx, path, objSrc, &fs.ChunkOption{
+				ChunkSize: int64(size5MBs),
+			})
+			require.NoError(t, err)
+
+			var n int64
+			n, err = out.WriteChunk(ctx, 1, strings.NewReader(contents2))
+			assert.NoError(t, err)
+			assert.Equal(t, int64(size5MBs), n)
+			n, err = out.WriteChunk(ctx, 2, strings.NewReader(contents3))
+			assert.NoError(t, err)
+			assert.Equal(t, int64(size1MB), n)
+			n, err = out.WriteChunk(ctx, 0, strings.NewReader(contents1))
+			assert.NoError(t, err)
+			assert.Equal(t, int64(size5MBs), n)
+
+			assert.NoError(t, out.Close(ctx))
+
+			obj := findObject(ctx, t, f, path)
+			originalContents := contents1 + contents2 + contents3
+			fileContents := ReadObject(ctx, t, obj, -1)
+			isEqual := originalContents == fileContents
+			assert.True(t, isEqual, "contents of file differ")
+
+			assert.NoError(t, obj.Remove(ctx))
+			assert.NoError(t, f.Rmdir(ctx, "writer-at-subdir"))
+		})
+
 		// TestFsChangeNotify tests that changes are properly
 		// propagated
 		//
@@ -1098,6 +1179,48 @@ func Run(t *testing.T, opt *Opt) {
 				}, fs.GetModifyWindow(ctx, f))
 			})
 
+			// TestFsPurge tests Purge on the Root
+			t.Run("FsPurgeRoot", func(t *testing.T) {
+				skipIfNotOk(t)
+
+				// Check have Purge
+				doPurge := f.Features().Purge
+				if doPurge == nil {
+					t.Skip("FS has no Purge interface")
+				}
+
+				// put up a file to purge
+				fileToPurge := fstest.Item{
+					ModTime: fstest.Time("2001-02-03T04:05:06.499999999Z"),
+					Path:    "dirToPurgeFromRoot/fileToPurgeFromRoot.txt",
+				}
+				_, _ = testPut(ctx, t, f, &fileToPurge)
+
+				fstest.CheckListingWithPrecision(t, f, []fstest.Item{file1, file2, fileToPurge}, []string{
+					"dirToPurgeFromRoot",
+					"hello? sausage",
+					"hello? sausage/êé",
+					"hello? sausage/êé/Hello, 世界",
+					"hello? sausage/êé/Hello, 世界/ \" ' @ < > & ? + ≠",
+				}, fs.GetModifyWindow(ctx, f))
+
+				// Create a new Fs pointing at the directory
+				remoteName := subRemoteName + "/" + "dirToPurgeFromRoot"
+				fPurge, err := fs.NewFs(context.Background(), remoteName)
+				require.NoError(t, err)
+
+				// Now purge it from the root
+				err = operations.Purge(ctx, fPurge, "")
+				require.NoError(t, err)
+
+				fstest.CheckListingWithPrecision(t, f, []fstest.Item{file1, file2}, []string{
+					"hello? sausage",
+					"hello? sausage/êé",
+					"hello? sausage/êé/Hello, 世界",
+					"hello? sausage/êé/Hello, 世界/ \" ' @ < > & ? + ≠",
+				}, fs.GetModifyWindow(ctx, f))
+			})
+
 			// TestFsCopy tests Copy
 			t.Run("FsCopy", func(t *testing.T) {
 				skipIfNotOk(t)
@@ -1362,6 +1485,8 @@ func Run(t *testing.T, opt *Opt) {
 			// TestObjectMetadata tests the Metadata of the object is correct
 			t.Run("ObjectMetadata", func(t *testing.T) {
 				skipIfNotOk(t)
+				ctx, ci := fs.AddConfig(ctx)
+				ci.Metadata = true
 				features := f.Features()
 				obj := findObject(ctx, t, f, file1.Path)
 				do, objectHasMetadata := obj.(fs.Metadataer)
@@ -1396,7 +1521,7 @@ func Run(t *testing.T, opt *Opt) {
 					if features.UserMetadata {
 						// check all the metadata bits we uploaded are present - there may be more we didn't write
 						for k, v := range file1Metadata {
-							assert.Equal(t, v, metadata[k], "can read and write metadata but failed on key %q", k)
+							assert.Equal(t, v, metadata[k], "can read and write metadata but failed on key %q (want=%+v, got=%+v)", k, file1Metadata, metadata)
 						}
 					}
 					// Now test we can set the mtime and content-type via the metadata and these take precedence
@@ -1504,16 +1629,21 @@ func Run(t *testing.T, opt *Opt) {
 			t.Run("ObjectUpdate", func(t *testing.T) {
 				skipIfNotOk(t)
 				contents := random.String(200)
-				buf := bytes.NewBufferString(contents)
-				hash := hash.NewMultiHasher()
-				in := io.TeeReader(buf, hash)
+				var h *hash.MultiHasher
 
-				file1.Size = int64(buf.Len())
+				file1.Size = int64(len(contents))
 				obj := findObject(ctx, t, f, file1.Path)
-				obji := object.NewStaticObjectInfo(file1.Path, file1.ModTime, int64(len(contents)), true, nil, obj.Fs())
-				err := obj.Update(ctx, in, obji)
-				require.NoError(t, err)
-				file1.Hashes = hash.Sums()
+				remoteBefore := obj.Remote()
+				obji := object.NewStaticObjectInfo(file1.Path+"-should-be-ignored.bin", file1.ModTime, int64(len(contents)), true, nil, obj.Fs())
+				retry(t, "Update object", func() error {
+					buf := bytes.NewBufferString(contents)
+					h = hash.NewMultiHasher()
+					in := io.TeeReader(buf, h)
+					return obj.Update(ctx, in, obji)
+				})
+				remoteAfter := obj.Remote()
+				assert.Equal(t, remoteBefore, remoteAfter, "Remote should not change")
+				file1.Hashes = h.Sums()
 
 				// check the object has been updated
 				file1.Check(t, obj, f.Precision())
@@ -1689,7 +1819,7 @@ func Run(t *testing.T, opt *Opt) {
 					}
 				}
 
-				expiry := fs.Duration(60 * time.Second)
+				expiry := fs.Duration(120 * time.Second)
 				doPublicLink := wrapPublicLinkFunc(publicLinkFunc)
 
 				// if object not found
@@ -1885,6 +2015,10 @@ func Run(t *testing.T, opt *Opt) {
 				t.Skip("not running with -short")
 			}
 
+			if opt.ChunkedUpload.Skip {
+				t.Skip("skipping as ChunkedUpload.Skip is set")
+			}
+
 			setUploadChunkSizer, _ := f.(SetUploadChunkSizer)
 			if setUploadChunkSizer == nil {
 				t.Skipf("%T does not implement SetUploadChunkSizer", f)
@@ -1979,12 +2113,105 @@ func Run(t *testing.T, opt *Opt) {
 								Path:    fmt.Sprintf("chunked-%s-%s.bin", cs.String(), fileSize.String()),
 								Size:    int64(fileSize),
 							})
+							t.Run("Streamed", func(t *testing.T) {
+								if f.Features().PutStream == nil {
+									t.Skip("FS has no PutStream interface")
+								}
+								TestPutLargeStreamed(ctx, t, f, &fstest.Item{
+									ModTime: fstest.Time("2001-02-03T04:05:06.499999999Z"),
+									Path:    fmt.Sprintf("chunked-%s-%s-streamed.bin", cs.String(), fileSize.String()),
+									Size:    int64(fileSize),
+								})
+							})
 						})
 					}
 				})
 			}
 		})
 
+		// Copy files with chunked copy if available
+		t.Run("FsCopyChunked", func(t *testing.T) {
+			skipIfNotOk(t)
+			if testing.Short() {
+				t.Skip("not running with -short")
+			}
+
+			// Check have Copy
+			doCopy := f.Features().Copy
+			if doCopy == nil {
+				t.Skip("FS has no Copier interface")
+			}
+
+			if opt.ChunkedUpload.Skip {
+				t.Skip("skipping as ChunkedUpload.Skip is set")
+			}
+
+			if strings.HasPrefix(f.Name(), "serves3") || strings.HasPrefix(f.Name(), "TestS3Rclone") {
+				t.Skip("FIXME skip test - see #7454")
+			}
+
+			do, _ := f.(SetCopyCutoffer)
+			if do == nil {
+				t.Skipf("%T does not implement SetCopyCutoff", f)
+			}
+
+			minChunkSize := opt.ChunkedUpload.MinChunkSize
+			if minChunkSize < 100 {
+				minChunkSize = 100
+			}
+			if opt.ChunkedUpload.CeilChunkSize != nil {
+				minChunkSize = opt.ChunkedUpload.CeilChunkSize(minChunkSize)
+			}
+
+			chunkSizes := fs.SizeSuffixList{
+				minChunkSize,
+				minChunkSize + 1,
+				2*minChunkSize - 1,
+				2 * minChunkSize,
+				2*minChunkSize + 1,
+			}
+			for _, chunkSize := range chunkSizes {
+				t.Run(fmt.Sprintf("%d", chunkSize), func(t *testing.T) {
+					contents := random.String(int(chunkSize))
+					item := fstest.NewItem("chunked-copy", contents, fstest.Time("2001-05-06T04:05:06.499999999Z"))
+					src := PutTestContents(ctx, t, f, &item, contents, true)
+					defer func() {
+						assert.NoError(t, src.Remove(ctx))
+					}()
+
+					var itemCopy = item
+					itemCopy.Path += ".copy"
+
+					// Set copy cutoff to mininum value so we make chunks
+					origCutoff, err := do.SetCopyCutoff(minChunkSize)
+					require.NoError(t, err)
+					defer func() {
+						_, err = do.SetCopyCutoff(origCutoff)
+						require.NoError(t, err)
+					}()
+
+					// Do the copy
+					dst, err := doCopy(ctx, src, itemCopy.Path)
+					require.NoError(t, err)
+					defer func() {
+						assert.NoError(t, dst.Remove(ctx))
+					}()
+
+					// Check size
+					assert.Equal(t, src.Size(), dst.Size())
+
+					// Check modtime
+					srcModTime := src.ModTime(ctx)
+					dstModTime := dst.ModTime(ctx)
+					assert.True(t, srcModTime.Equal(dstModTime))
+
+					// Make sure contents are correct
+					gotContents := ReadObject(ctx, t, dst, -1)
+					assert.Equal(t, contents, gotContents)
+				})
+			}
+		})
+
 		// TestFsUploadUnknownSize ensures Fs.Put() and Object.Update() don't panic when
 		// src.Size() == -1
 		//
diff --git a/fstest/mockfs/mockfs.go b/fstest/mockfs/mockfs.go
index 62489c2f6c381..68df1f6b4cdae 100644
--- a/fstest/mockfs/mockfs.go
+++ b/fstest/mockfs/mockfs.go
@@ -10,9 +10,24 @@ import (
 	"time"
 
 	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/fs/hash"
 )
 
+// Register with Fs
+func Register() {
+	fs.Register(&fs.RegInfo{
+		Name:        "mockfs",
+		Description: "Mock FS",
+		NewFs:       NewFs,
+		Options: []fs.Option{{
+			Name:     "potato",
+			Help:     "Does it have a potato?.",
+			Required: true,
+		}},
+	})
+}
+
 // Fs is a minimal mock Fs
 type Fs struct {
 	name     string        // the name of the remote
@@ -26,13 +41,13 @@ type Fs struct {
 var ErrNotImplemented = errors.New("not implemented")
 
 // NewFs returns a new mock Fs
-func NewFs(ctx context.Context, name, root string) *Fs {
+func NewFs(ctx context.Context, name string, root string, config configmap.Mapper) (fs.Fs, error) {
 	f := &Fs{
 		name: name,
 		root: root,
 	}
 	f.features = (&fs.Features{}).Fill(ctx, f)
-	return f
+	return f, nil
 }
 
 // AddObject adds an Object for List to return
diff --git a/fstest/mockobject/mockobject.go b/fstest/mockobject/mockobject.go
index 084536b85a1a5..89f0fab74fb28 100644
--- a/fstest/mockobject/mockobject.go
+++ b/fstest/mockobject/mockobject.go
@@ -93,13 +93,14 @@ const (
 // SeekModes contains all valid SeekMode's
 var SeekModes = []SeekMode{SeekModeNone, SeekModeRegular, SeekModeRange}
 
-// ContentMockObject mocks an fs.Object and has content
+// ContentMockObject mocks an fs.Object and has content, mod time
 type ContentMockObject struct {
 	Object
 	content     []byte
 	seekMode    SeekMode
 	f           fs.Fs
 	unknownSize bool
+	modTime     time.Time
 }
 
 // WithContent returns an fs.Object with the given content.
@@ -118,7 +119,7 @@ func (o *ContentMockObject) SetFs(f fs.Fs) {
 
 // SetUnknownSize makes the mock object return -1 for size if true
 func (o *ContentMockObject) SetUnknownSize(unknownSize bool) {
-	o.unknownSize = true
+	o.unknownSize = unknownSize
 }
 
 // Fs returns read only access to the Fs that this object is part of
@@ -192,6 +193,18 @@ func (o *ContentMockObject) Hash(ctx context.Context, t hash.Type) (string, erro
 	return hasher.Sums()[t], nil
 }
 
+// ModTime returns the modification date of the file
+// It should return a best guess if one isn't available
+func (o *ContentMockObject) ModTime(ctx context.Context) time.Time {
+	return o.modTime
+}
+
+// SetModTime sets the metadata on the object to set the modification date
+func (o *ContentMockObject) SetModTime(ctx context.Context, t time.Time) error {
+	o.modTime = t
+	return nil
+}
+
 type readCloser struct{ io.Reader }
 
 func (r *readCloser) Close() error { return nil }
diff --git a/fstest/test_all/config.yaml b/fstest/test_all/config.yaml
index 282a9936757fb..0e79602aa772a 100644
--- a/fstest/test_all/config.yaml
+++ b/fstest/test_all/config.yaml
@@ -10,6 +10,10 @@ tests:
  - path: vfs
  - path: cmd/serve/restic
    localonly: true
+ - path: cmd/serve/docker
+   localonly: true
+ - path: cmd/selfupdate
+   localonly: true
 backends:
  # - backend:  "amazonclouddrive"
  #   remote:   "TestAmazonCloudDrive:"
@@ -21,6 +25,11 @@ backends:
    remote:   "TestB2:"
    fastlist: true
    listretries: 5
+   ignore:
+     # This test fails because B2 versions make the empty bucket undeleteable.
+     # It isn't possible to turn off versions, and setting hard_delete doesn't stop
+     # versions being made on overwrite.
+     - TestRmdirsNoLeaveRoot
  - backend:  "crypt"
    remote:   "TestCryptDrive:"
    fastlist: true
@@ -122,13 +131,16 @@ backends:
      # This test doesn't work on a standard dropbox account because it
      # tries to set the expiry of the link
      - TestIntegration/FsMkdir/FsPutFiles/PublicLink
- - backend:  "filefabric"
-   remote:   "TestFileFabric:"
-   fastlist: false
-   extratime: 2.0
+ # - backend:  "filefabric"
+ #   remote:   "TestFileFabric:"
+ #   fastlist: false
+ #   extratime: 2.0
  - backend:  "googlecloudstorage"
    remote:   "TestGoogleCloudStorage:"
    fastlist: true
+ - backend:  "googlecloudstorage"
+   remote:   "TestGoogleCloudStorage,directory_markers:"
+   fastlist: true
  - backend:  "googlephotos"
    remote:   "TestGooglePhotos:"
    tests:
@@ -136,6 +148,9 @@ backends:
  - backend: "hidrive"
    remote:   "TestHiDrive:"
    fastlist: false
+ - backend:  "imagekit"
+   remote:   "TestImageKit:"
+   fastlist: false
  - backend:  "internetarchive"
    remote:   "TestIA:rclone-integration-test"
    fastlist: true
@@ -167,6 +182,12 @@ backends:
  - backend:  "s3"
    remote:   "TestS3:"
    fastlist: true
+ - backend:  "s3"
+   remote:   "TestS3,directory_markers:"
+   fastlist: true
+ - backend:  "s3"
+   remote:   "TestS3Rclone:"
+   fastlist: true
  - backend:  "s3"
    remote:   "TestS3Minio:"
    fastlist: true
@@ -232,6 +253,9 @@ backends:
  - backend:  "sftp"
    remote:   "TestSFTPRclone:"
    fastlist: false
+ - backend:  "sftp"
+   remote:   "TestSFTPRcloneSSH:"
+   fastlist: false
  - backend:  "sftp"
    remote:   "TestSFTPRsyncNet:"
    fastlist: false
@@ -299,9 +323,25 @@ backends:
  - backend:  "azureblob"
    remote:   "TestAzureBlob:"
    fastlist: true
+ - backend:  "azureblob"
+   remote:   "TestAzureBlob,directory_markers:"
+   fastlist: true
+ - backend:  "azurefiles"
+   remote:   "TestAzureFiles:"
  - backend:  "pcloud"
    remote:   "TestPcloud:"
    fastlist: true
+ - backend:  "pikpak"
+   remote:   "TestPikPak:"
+   fastlist: false
+   ignore:
+    #  fs/operations
+     - TestCheckSum
+     - TestHashSums/Md5
+    #  fs/sync
+     - TestSyncWithTrackRenames
+    # integration
+     - TestIntegration/FsMkdir/FsPutFiles/ObjectMimeType
  - backend:  "webdav"
    remote:   "TestWebdavNextcloud:"
    ignore:
@@ -313,10 +353,6 @@ backends:
    ignore:
      - TestIntegration/FsMkdir/FsEncoding/punctuation
      - TestIntegration/FsMkdir/FsEncoding/invalid_UTF-8
-     - TestIntegration/FsMkdir/FsPutFiles/FsCopy
-     - TestCopyFileCopyDest
-     - TestServerSideCopy
-     - TestSyncCopyDest
    fastlist: false
  - backend:  "webdav"
    remote:   "TestWebdavRclone:"
@@ -344,9 +380,19 @@ backends:
  # - backend:  "koofr"
  #   remote:   "TestDigiStorage:"
  #   fastlist: false
+ - backend: "linkbox"
+   remote: "TestLinkbox:"
+   fastlist: false
+   ignore:
+     - TestIntegration/FsMkdir/FsEncoding/invalid_UTF-8
+     - TestRWFileHandleWriteNoWrite
+     - TestCaseInsensitiveMoveFile
  - backend:  "premiumizeme"
    remote:   "TestPremiumizeMe:"
    fastlist: false
+ - backend:  "protondrive"
+   remote:   "TestProtonDrive:"
+   fastlist: false
  - backend:  "putio"
    remote:   "TestPutio:"
    fastlist: false
@@ -386,16 +432,18 @@ backends:
  - backend:  "zoho"
    remote:   "TestZoho:"
    fastlist: false
+   tests:
+     - backend
  - backend: "hdfs"
    remote: "TestHdfs:"
    fastlist: false
    ignore:
      - TestSyncUTFNorm
- - backend: "uptobox"
-   remote: "TestUptobox:"
-   fastlist: false
-   ignore:
-     - TestRWFileHandleWriteNoWrite
+ # - backend: "uptobox"
+ #   remote: "TestUptobox:"
+ #   fastlist: false
+ #   ignore:
+ #     - TestRWFileHandleWriteNoWrite
  - backend: "oracleobjectstorage"
    remote: "TestOracleObjectStorage:"
    fastlist: true
@@ -406,3 +454,7 @@ backends:
      - TestIntegration/FsMkdir/FsEncoding/trailing_CR
      - TestIntegration/FsMkdir/FsEncoding/trailing_LF
      - TestIntegration/FsMkdir/FsEncoding/leading_HT
+     - TestIntegration/FsMkdir/FsPutFiles/FsPutStream/0
+ - backend:  "quatrix"
+   remote:   "TestQuatrix:"
+   fastlist: false
diff --git a/fstest/test_all/test_all.go b/fstest/test_all/test_all.go
index 1bf0311e01cf4..d536b83dd43ed 100644
--- a/fstest/test_all/test_all.go
+++ b/fstest/test_all/test_all.go
@@ -73,7 +73,7 @@ func main() {
 	configfile.Install()
 
 	// Seed the random number generator
-	rand.Seed(time.Now().UTC().UnixNano())
+	randInstance := rand.New(rand.NewSource(time.Now().UTC().UnixNano()))
 
 	// Filter selection
 	if *testRemotes != "" {
@@ -103,7 +103,7 @@ func main() {
 
 	// Runs we will do for this test in random order
 	runs := conf.MakeRuns()
-	rand.Shuffle(len(runs), runs.Swap)
+	randInstance.Shuffle(len(runs), runs.Swap)
 
 	// Create Report
 	report := NewReport()
diff --git a/fstest/testserver/init.d/TestS3Rclone b/fstest/testserver/init.d/TestS3Rclone
new file mode 100755
index 0000000000000..13c94fc6021bc
--- /dev/null
+++ b/fstest/testserver/init.d/TestS3Rclone
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+NAME=rclone-serve-s3
+ACCESS_KEY_ID=rclone
+SECRET_ACCESS_KEY=JoltRogueVerde5
+IP=127.0.0.1
+PORT=28624
+
+start() {
+    run rclone serve s3 --auth-key ${ACCESS_KEY_ID},${SECRET_ACCESS_KEY} --addr ${IP}:${PORT} ${DATADIR}
+    
+    echo type=s3
+    echo provider=Rclone
+    echo endpoint=http://${IP}:${PORT}/
+    echo access_key_id=${ACCESS_KEY_ID}
+    echo secret_access_key=${SECRET_ACCESS_KEY}
+    echo _connect=${IP}:${PORT}
+}
+
+. $(dirname "$0")/rclone-serve.bash
diff --git a/fstest/testserver/init.d/TestSFTPOpenssh b/fstest/testserver/init.d/TestSFTPOpenssh
index ef29095d1be19..4eb14ac9a92ff 100755
--- a/fstest/testserver/init.d/TestSFTPOpenssh
+++ b/fstest/testserver/init.d/TestSFTPOpenssh
@@ -16,6 +16,7 @@ start() {
     echo host=$(docker_ip)
     echo user=$USER
     echo pass=$(rclone obscure $PASS)
+    echo copy_is_hardlink=true
     echo _connect=$(docker_ip):22
 }
 
diff --git a/fstest/testserver/init.d/TestSFTPRcloneSSH b/fstest/testserver/init.d/TestSFTPRcloneSSH
new file mode 100755
index 0000000000000..4c5bf8eb75eef
--- /dev/null
+++ b/fstest/testserver/init.d/TestSFTPRcloneSSH
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+set -e
+
+NAME=rclone-serve-sftp-ssh
+IP=127.0.0.1
+PORT=28623
+PRIVATE_KEY=/tmp/${NAME}.key
+PUBLIC_KEY=/tmp/${NAME}.pub
+
+start() {
+
+cat >${PRIVATE_KEY} <<'#EOF'
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAv7e6d+AbxELvRk7sZipketuqgE4/vVbf/6PMuOd1OSPyOOsAOs41
+tvc4Sk4S+/6ReHW4l1DKy5IH0smOsA1k58kKFkN1NChHU5z0CitAiZwdl7zqvxNJqlMmYi
+GTubhQdMnDrq0AAnhyr9TFrcZmYPcp9tHcpt9VQWeLYR/16tT53WnpgTuMWlgyM58bpCh/
+cDO7gOjSyXHhPPxrU1qdr5g/5T9HFgQfi2CX8vk4pDY+Qw1Lnp1MMpKT4i9xWGMU8oDJG3
+08RrzUi9tz1RTePtbs4xXOy8cXOZaAODDQok4iWvJEpGgJYLjhNuHzZiUDcfc1SkXvONui
+7j5RC/rsQOYB5Sd7ATlF4HymAxZJ3iPu+eYBZi7lwIPeug+42WlVon+D5dOYmrgcPpAZv7
+67Lthv62FMmvc1SHHGPZLS3dWfbZeXayve9+wIkKFEuDN76zYAavjSRm9fBKny6J+noJgp
+bDMVNnTfNA28fsNbsCS6OsBjLbiFjMHxhuYACMaVAAAFgBfF8CkXxfApAAAAB3NzaC1yc2
+EAAAGBAL+3unfgG8RC70ZO7GYqZHrbqoBOP71W3/+jzLjndTkj8jjrADrONbb3OEpOEvv+
+kXh1uJdQysuSB9LJjrANZOfJChZDdTQoR1Oc9AorQImcHZe86r8TSapTJmIhk7m4UHTJw6
+6tAAJ4cq/Uxa3GZmD3KfbR3KbfVUFni2Ef9erU+d1p6YE7jFpYMjOfG6Qof3Azu4Do0slx
+4Tz8a1Nana+YP+U/RxYEH4tgl/L5OKQ2PkMNS56dTDKSk+IvcVhjFPKAyRt9PEa81Ivbc9
+UU3j7W7OMVzsvHFzmWgDgw0KJOIlryRKRoCWC44Tbh82YlA3H3NUpF7zjbou4+UQv67EDm
+AeUnewE5ReB8pgMWSd4j7vnmAWYu5cCD3roPuNlpVaJ/g+XTmJq4HD6QGb++uy7Yb+thTJ
+r3NUhxxj2S0t3Vn22Xl2sr3vfsCJChRLgze+s2AGr40kZvXwSp8uifp6CYKWwzFTZ03zQN
+vH7DW7AkujrAYy24hYzB8YbmAAjGlQAAAAMBAAEAAAGABOxf8oIj1Gdvo5uVQI5oJCuN9l
+uMEX2wpOz87earwPrmVoXabKgtAvTYUjgtDqGb9L75LZGak529a7FXY7gEVlt4UdgLo3pB
+UqleLwCrWJ1UuTfVw3BoXOJjwvNfys4r6sPfrZWtwWJ8d318UhkdOfI+9qKvCu4DT3msP6
+NFenFbtU7p+zKfSRaou2CjohSUKTp63zWbbCbrhNhqnSpfkEnVojp8xdj3QmoJnOi/hqAJ
++0jVH06kzUusVounWoC41pTr1Dlnvy+gWhJcZtHNBXixL6JCM9XGh+z0XFgO8YTiHMdTfz
+Q2wf06TdXzOcM6XwPn3azyKmk7sn2v0s1pxGw8eu8tbmdU46xaLijwipn/B7NMsjk2gnqN
+eptwb/SQmIZZcloQZYLx9PejarAHe2NJ5BSJqOrSHZHYXjiSKj4X55lGdDOVCUCf4lmStQ
+qCS2LiM8Uhfga6f3X5EIBY75kqzmovDnPrqjufnCfYjBzQZ/m/txCbnZ9sTdQfXoVFAAAA
+wQC/5nbU5HzZtg7bA3kfBRUNGUSl8nM2zENY9Rxc8sZiL7iH3s1HAVyz8Frvmc1Wgt6EF+
+WhtmNFklOmdYwq0W5+2qRdUN2P9QL+GKbuyp4AvwRmCFNhgm2GrCWQj/rkZ61vYS3bM8J8
+MNJglvU2FktXvwFODhf6Kv/7fZQnJCf2LTMG6hIKF4LdBOSS/0V5MH2v4xu2U64wqQAQnu
+KzG4sRedsSHBGSknROJ7eGvGPZLh56PRb2gYPItoHcTMHqB6UAAADBAM4Xv6tHQFZtL+ul
+FwVVKhr3EKGY3+RV9IBXvXDkhee4i594Yl67BFUSU4eDb4xuek24znwKn+UFERzp+1X02h
+I1dZRdKtzJWOUQIF0FMPHbaPTuS7viT1OrL/PnG1yXUa+ii0qLExYI9qe463e8w6fNwhaT
+Em2wiDZcxr8SjQfqimyfmDizVlLE/xdgJ56eJ+OyXLjpezKKQif9YcFUW/eHej3YEcok6o
+WDwYpXG8z+VwOnOV4UN/sS8pLkJUdpqwAAAMEA7iTUVH3IvXMno0xYrVdhgNtZZGfQnryt
+pRfG/f5eQ1tjEQwE31mrbBcR278YWlQZwrMWZ0hDaJ3Q/Cp0+JySlm17jsA33lnTRmCHF4
+WolX/LlFtH6jLr9SB8GOsn/8lC6IcvkED0UYYBjXipl6Unh9ZPnpbmJK9SgZWKNTGS1NBw
+xcVWIZTKOrpCD+zWH6KCviuhd3J5vBgkSVxTUzDqA7TmnMnUUxDQAAaU7Eqtt3CJuxsJIs
+vmZ2QrVK8TstC/AAAACm5jd0Bkb2dnZXI=
+-----END OPENSSH PRIVATE KEY-----
+#EOF
+chmod 600 ${PRIVATE_KEY}
+
+cat >${PUBLIC_KEY} <<'#EOF'
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/t7p34BvEQu9GTuxmKmR626qATj+9Vt//o8y453U5I/I46wA6zjW29zhKThL7/pF4dbiXUMrLkgfSyY6wDWTnyQoWQ3U0KEdTnPQKK0CJnB2XvOq/E0mqUyZiIZO5uFB0ycOurQACeHKv1MWtxmZg9yn20dym31VBZ4thH/Xq1PndaemBO4xaWDIznxukKH9wM7uA6NLJceE8/GtTWp2vmD/lP0cWBB+LYJfy+TikNj5DDUuenUwykpPiL3FYYxTygMkbfTxGvNSL23PVFN4+1uzjFc7Lxxc5loA4MNCiTiJa8kSkaAlguOE24fNmJQNx9zVKRe8426LuPlEL+uxA5gHlJ3sBOUXgfKYDFkneI+755gFmLuXAg966D7jZaVWif4Pl05iauBw+kBm/vrsu2G/rYUya9zVIccY9ktLd1Z9tl5drK9737AiQoUS4M3vrNgBq+NJGb18EqfLon6egmClsMxU2dN80Dbx+w1uwJLo6wGMtuIWMwfGG5gAIxpU= user@rclone-serve-test
+#EOF
+chmod 600 ${PUBLIC_KEY}
+
+    run rclone serve sftp --authorized-keys "${PUBLIC_KEY}" --addr ${IP}:${PORT} ${DATADIR}
+    
+    echo type=sftp
+    echo ssh=ssh -i ${PRIVATE_KEY} -o StrictHostKeyChecking=no -p ${PORT} user@${IP}
+    echo _connect=${IP}:${PORT}
+}
+
+. $(dirname "$0")/rclone-serve.bash
diff --git a/fstest/testserver/init.d/TestSia b/fstest/testserver/init.d/TestSia
index 1f0451201b0fa..64e38c6611744 100755
--- a/fstest/testserver/init.d/TestSia
+++ b/fstest/testserver/init.d/TestSia
@@ -21,7 +21,7 @@ export -f wait_for_sia
 start() {
     # use non-production sia port in test
     SIA_CONN="127.0.0.1:39980"
-    # nebulouslabs/siaantfarm is stale, use uptodate image
+    # nebulouslabs/siaantfarm is stale, use up-to-date image
     ANTFARM_IMAGE=ivandeex/sia-antfarm:latest
 
     # pull latest antfarm image (dont use local image)
diff --git a/fstest/testserver/init.d/TestWebdavNextcloud b/fstest/testserver/init.d/TestWebdavNextcloud
index 8f61a0610383a..9cf391e387933 100755
--- a/fstest/testserver/init.d/TestWebdavNextcloud
+++ b/fstest/testserver/init.d/TestWebdavNextcloud
@@ -17,11 +17,10 @@ start() {
            nextcloud:latest
     
     echo type=webdav
-    echo url=http://$(docker_ip)/remote.php/webdav/
+    echo url=http://$(docker_ip)/remote.php/dav/files/$USER/
     echo user=$USER
     echo pass=$(rclone obscure $PASS)
-    # the tests don't pass if we use the nextcloud features
-    # echo vendor=nextcloud
+    echo vendor=nextcloud
     echo _connect=$(docker_ip):80
 }
 
diff --git a/fstest/testserver/init.d/TestWebdavRclone b/fstest/testserver/init.d/TestWebdavRclone
index fb6b617d95fe2..b0716dc7b2fc6 100755
--- a/fstest/testserver/init.d/TestWebdavRclone
+++ b/fstest/testserver/init.d/TestWebdavRclone
@@ -12,6 +12,7 @@ start() {
     run rclone serve webdav --user $USER --pass $PASS --addr ${IP}:${PORT} ${DATADIR}
     
     echo type=webdav
+    echo vendor=rclone
     echo url=http://${IP}:${PORT}/
     echo user=$USER
     echo pass=$(rclone obscure $PASS)
diff --git a/go.mod b/go.mod
index f34a78fec044a..eae95580f5ef7 100644
--- a/go.mod
+++ b/go.mod
@@ -1,151 +1,198 @@
 module github.com/rclone/rclone
 
-go 1.18
+go 1.19
 
 require (
-	bazil.org/fuse v0.0.0-20221209211307-2abb8038c751
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2
-	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
+	bazil.org/fuse v0.0.0-20230120002735-62a210ff1fd5
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0
+	github.com/Azure/azure-sdk-for-go/sdk/storage/azfile v1.1.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Max-Sum/base32768 v0.0.0-20230304063302-18e6ce5945fd
+	github.com/Mikubill/gofakes3 v0.0.3-0.20230622102024-284c0f988700
 	github.com/Unknwon/goconfig v1.0.0
 	github.com/a8m/tree v0.0.0-20230208161321-36ae24ddad15
 	github.com/aalpar/deheap v0.0.0-20210914013432-0cc84d79dec3
 	github.com/abbot/go-http-auth v0.4.0
 	github.com/aliyun/aliyun-oss-go-sdk v2.2.5+incompatible
-	github.com/anacrolix/dms v1.5.0
-	github.com/anacrolix/log v0.13.1
-	github.com/artyom/mtab v1.0.0
+	github.com/anacrolix/dms v1.6.0
+	github.com/anacrolix/log v0.14.2
 	github.com/atotto/clipboard v0.1.4
-	github.com/aws/aws-sdk-go v1.44.218
+	github.com/aws/aws-sdk-go v1.46.6
 	github.com/buengese/sgzip v0.1.1
-	github.com/colinmarc/hdfs/v2 v2.3.0
+	github.com/cloudsoda/go-smb2 v0.0.0-20231106205947-b0758ecc4c67
+	github.com/colinmarc/hdfs/v2 v2.4.0
 	github.com/coreos/go-semver v0.3.1
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
 	github.com/dop251/scsu v0.0.0-20220106150536-84ac88021d00
 	github.com/dropbox/dropbox-sdk-go-unofficial/v6 v6.0.5
-	github.com/gabriel-vasile/mimetype v1.4.2
+	github.com/gabriel-vasile/mimetype v1.4.3
 	github.com/gdamore/tcell/v2 v2.6.0
-	github.com/go-chi/chi/v5 v5.0.8
-	github.com/google/uuid v1.3.0
-	github.com/hanwen/go-fuse/v2 v2.2.0
-	github.com/hirochachacha/go-smb2 v1.1.0
+	github.com/go-chi/chi/v5 v5.0.10
+	github.com/go-git/go-billy/v5 v5.5.0
+	github.com/google/uuid v1.4.0
+	github.com/hanwen/go-fuse/v2 v2.4.0
+	github.com/henrybear327/Proton-API-Bridge v1.0.0
+	github.com/henrybear327/go-proton-api v1.0.0
 	github.com/iguanesolutions/go-systemd/v5 v5.1.1
 	github.com/jcmturner/gokrb5/v8 v8.4.4
-	github.com/jlaffaye/ftp v0.1.1-0.20230214004652-d84bf4be2b6e
+	github.com/jlaffaye/ftp v0.2.0
+	github.com/josephspurrier/goversioninfo v1.4.0
 	github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004
-	github.com/klauspost/compress v1.16.0
+	github.com/klauspost/compress v1.17.2
 	github.com/koofr/go-httpclient v0.0.0-20230225102643-5d51a2e9dea6
 	github.com/koofr/go-koofrclient v0.0.0-20221207135200-cbd7fc9ad6a6
 	github.com/mattn/go-colorable v0.1.13
-	github.com/mattn/go-runewidth v0.0.14
+	github.com/mattn/go-runewidth v0.0.15
+	github.com/minio/minio-go/v7 v7.0.63
 	github.com/mitchellh/go-homedir v1.1.0
+	github.com/moby/sys/mountinfo v0.6.2
 	github.com/ncw/go-acd v0.0.0-20201019170801-fe55f33415b1
-	github.com/ncw/swift/v2 v2.0.1
-	github.com/oracle/oci-go-sdk/v65 v65.32.0
+	github.com/ncw/swift/v2 v2.0.2
+	github.com/oracle/oci-go-sdk/v65 v65.51.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pkg/sftp v1.13.6-0.20230213180117-971c283182b6
+	github.com/pkg/sftp v1.13.6
 	github.com/pmezard/go-difflib v1.0.0
-	github.com/prometheus/client_golang v1.14.0
+	github.com/prometheus/client_golang v1.17.0
 	github.com/putdotio/go-putio/putio v0.0.0-20200123120452-16d982cac2b8
 	github.com/rfjakob/eme v1.1.2
 	github.com/rivo/uniseg v0.4.4
-	github.com/shirou/gopsutil/v3 v3.23.2
-	github.com/sirupsen/logrus v1.9.0
+	github.com/shirou/gopsutil/v3 v3.23.9
+	github.com/sirupsen/logrus v1.9.3
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
-	github.com/spf13/cobra v1.6.1
+	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.8.4
 	github.com/t3rm1n4l/go-mega v0.0.0-20230228171823-a01a2cda13ca
+	github.com/willscott/go-nfs v0.0.0-20231028170411-e6abde417d5d
 	github.com/winfsp/cgofuse v1.5.1-0.20221118130120-84c0898ad2e0
 	github.com/xanzy/ssh-agent v0.3.3
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a
 	github.com/yunify/qingstor-sdk-go/v3 v3.2.0
-	go.etcd.io/bbolt v1.3.7
-	goftp.io/server v0.4.2-0.20210615155358-d07a820aac35
-	golang.org/x/crypto v0.7.0
-	golang.org/x/net v0.8.0
-	golang.org/x/oauth2 v0.6.0
-	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.6.0
-	golang.org/x/text v0.8.0
+	go.etcd.io/bbolt v1.3.8
+	goftp.io/server/v2 v2.0.1
+	golang.org/x/crypto v0.14.0
+	golang.org/x/net v0.17.0
+	golang.org/x/oauth2 v0.13.0
+	golang.org/x/sync v0.4.0
+	golang.org/x/sys v0.13.0
+	golang.org/x/text v0.13.0
 	golang.org/x/time v0.3.0
-	google.golang.org/api v0.112.0
+	google.golang.org/api v0.148.0
+	gopkg.in/validator.v2 v2.0.1
 	gopkg.in/yaml.v2 v2.4.0
-	storj.io/uplink v1.10.0
+	storj.io/uplink v1.12.1
 )
 
 require (
-	cloud.google.com/go/compute v1.18.0 // indirect
+	cloud.google.com/go/compute v1.23.2 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect
+	github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf // indirect
+	github.com/ProtonMail/gluon v0.17.1-0.20230724134000-308be39be96e // indirect
+	github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
+	github.com/ProtonMail/go-srp v0.0.7 // indirect
+	github.com/ProtonMail/gopenpgp/v2 v2.7.4 // indirect
+	github.com/PuerkitoBio/goquery v1.8.1 // indirect
+	github.com/akavel/rsrc v0.10.2 // indirect
+	github.com/anacrolix/generics v0.0.0-20230911070922-5dd7545c6b13 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bradenaw/juniper v0.13.1 // indirect
 	github.com/calebcase/tmpfile v1.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cloudflare/circl v1.1.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cloudflare/circl v1.3.6 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
+	github.com/cronokirby/saferith v0.33.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/emersion/go-message v0.17.0 // indirect
+	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect
+	github.com/emersion/go-vcard v0.0.0-20230815062825-8fda7d206ec9 // indirect
+	github.com/flynn/noise v1.0.0 // indirect
 	github.com/gdamore/encoding v1.0.0 // indirect
 	github.com/geoffgarside/ber v1.1.0 // indirect
-	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
+	github.com/go-resty/resty/v2 v2.10.0 // indirect
 	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
-	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
 	github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
 	github.com/jcmturner/gofork v1.7.6 // indirect
 	github.com/jcmturner/goidentity/v6 v6.0.1 // indirect
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jtolio/eventkit v0.0.0-20221004135224-074cf276595b // indirect
-	github.com/klauspost/cpuid/v2 v2.0.12 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/jtolio/eventkit v0.0.0-20231019094657-5d77ebb407d9 // indirect
+	github.com/jtolio/noiseconn v0.0.0-20230621152802-afeab29449e0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
-	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/lufia/plan9stats v0.0.0-20231016141302-07b5767bb0ed // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/minio/md5-simd v1.1.2 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pengsrc/go-shared v0.2.1-0.20190131101655-1999055a4a14 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/rasky/go-xdr v0.0.0-20170124162913-1a41d1a06c93 // indirect
+	github.com/relvacode/iso8601 v1.3.0 // indirect
+	github.com/rs/xid v1.5.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect
+	github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/sony/gobreaker v0.5.0 // indirect
-	github.com/spacemonkeygo/monkit/v3 v3.0.19 // indirect
-	github.com/tklauser/go-sysconf v0.3.11 // indirect
-	github.com/tklauser/numcpus v0.6.0 // indirect
+	github.com/spacemonkeygo/monkit/v3 v3.0.22 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/vivint/infectious v0.0.0-20200605153912-25a574ae18a3 // indirect
-	github.com/yusufpapurcu/wmi v1.2.2 // indirect
+	github.com/willscott/go-nfs-client v0.0.0-20200605172546-271fa9065b33 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	github.com/zeebo/blake3 v0.2.3 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488 // indirect
-	google.golang.org/grpc v1.53.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	storj.io/common v0.0.0-20221123115229-fed3e6651b63 // indirect
-	storj.io/drpc v0.0.32 // indirect
+	storj.io/common v0.0.0-20231027080355-b4cb1b0d728e // indirect
+	storj.io/drpc v0.0.33 // indirect
+	storj.io/picobuf v0.0.2-0.20230906122608-c4ba17033c6c // indirect
 )
 
 require (
-	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
+	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/pkg/xattr v0.4.9
-	golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c
-	golang.org/x/term v0.6.0
+	golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe
+	golang.org/x/term v0.13.0
 )
diff --git a/go.sum b/go.sum
index 3b783675e1b5b..befb4c30b67e3 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-bazil.org/fuse v0.0.0-20221209211307-2abb8038c751 h1:WDXfyDLJ+tg8PYC6yIkOmc/RWFrqMgxk1rLpRrlR8Ng=
-bazil.org/fuse v0.0.0-20221209211307-2abb8038c751/go.mod h1:eX+feLR06AMFrTGQBzFnMMDz1vjBv2yHZBFlI9RJeaQ=
+bazil.org/fuse v0.0.0-20230120002735-62a210ff1fd5 h1:A0NsYy4lDBZAC6QiYeJ4N+XuHIKBpyhAVRMHRQZKTeQ=
+bazil.org/fuse v0.0.0-20230120002735-62a210ff1fd5/go.mod h1:gG3RZAMXCa/OTes6rr9EwusmR1OH1tDDy+cg9c5YliY=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@@ -15,20 +15,18 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY=
-cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs=
+cloud.google.com/go/compute v1.23.2 h1:nWEMDhgbBkBJjfpVySqU4jgWdc22PLR0o4vEexZHers=
+cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -39,26 +37,48 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 h1:rTnT/Jrcm+figWlYz4Ixzt0SJVR2cMC8lvZcimipiEY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2 h1:uqM+VoHjVH6zdlkLF2b6O0ZANcHoj3rO0PoQ3jglUJA=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2/go.mod h1:twTKAa1E6hLmSDjLhaCkbTMQKc7p/rNLU40rLxGEOCI=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 h1:leh5DwKv6Ihwi+h60uHtn6UWAxBbZ0q8DwQVMzf61zw=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
-github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 h1:u/LLAOFgsMv7HmNL4Qufg58y+qElGOt5qv0z1mURkRY=
-github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0/go.mod h1:2e8rMJtl2+2j+HXbTBwnyGpm5Nou7KhvSfxOq8JpTag=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 h1:TuEMD+E+1aTjjLICGQOW6vLe8UWES7kopac9mUXL56Y=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.2.0 h1:Ma67P/GGprNwsslzEH6+Kb8nybI8jpDTm4Wmzu2ReK8=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0 h1:gggzg0SUMs6SQbEw+3LoSsYf9YMjkupeAnHMX8O9mmY=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0/go.mod h1:+6KLcKIVgxoBDMqMO/Nvy7bZ9a0nbU3I1DtFQK3YvB4=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azfile v1.1.0 h1:1MDP9LGZzH2Nd4NzS82YZpddy8xEvwkxpcVJz8/TffQ=
+github.com/Azure/azure-sdk-for-go/sdk/storage/azfile v1.1.0/go.mod h1:qTVVvsSlVe5NZKdjBOJYxB0Ge5D+laQga/zckme+hw0=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 h1:UE9n9rkJF62ArLb1F3DEjRt8O3jLwMWdSoypKV4f3MU=
-github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 h1:hVeq+yCyUi+MsoO/CU95yqCIcdzra5ovzk8Q2BBpV2M=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
 github.com/Max-Sum/base32768 v0.0.0-20230304063302-18e6ce5945fd h1:nzE1YQBdx1bq9IlZinHa+HVffy+NmVRoKr+wHN8fpLE=
 github.com/Max-Sum/base32768 v0.0.0-20230304063302-18e6ce5945fd/go.mod h1:C8yoIfvESpM3GD07OCHU7fqI7lhwyZ2Td1rbNbTAhnc=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/Mikubill/gofakes3 v0.0.3-0.20230622102024-284c0f988700 h1:r3fp2/Ro+0RtpjNY0/wsbN7vRmCW//dXTOZDQTct25Q=
+github.com/Mikubill/gofakes3 v0.0.3-0.20230622102024-284c0f988700/go.mod h1:OSXqXEGUe9CmPiwLMMnVrbXonMf4BeLBkBdLufxxiyY=
+github.com/ProtonMail/bcrypt v0.0.0-20210511135022-227b4adcab57/go.mod h1:HecWFHognK8GfRDGnFQbW/LiV7A3MX3gZVs45vk5h8I=
+github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs69zUkSzubzjBbL+cmOXgnmt9Fyd9ug=
+github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
+github.com/ProtonMail/gluon v0.17.1-0.20230724134000-308be39be96e h1:lCsqUUACrcMC83lg5rTo9Y0PnPItE61JSfvMyIcANwk=
+github.com/ProtonMail/gluon v0.17.1-0.20230724134000-308be39be96e/go.mod h1:Og5/Dz1MiGpCJn51XujZwxiLG7WzvvjE5PRpZBQmAHo=
+github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
+github.com/ProtonMail/go-srp v0.0.7 h1:Sos3Qk+th4tQR64vsxGIxYpN3rdnG9Wf9K4ZloC1JrI=
+github.com/ProtonMail/go-srp v0.0.7/go.mod h1:giCp+7qRnMIcCvI6V6U3S1lDDXDQYx2ewJ6F/9wdlJk=
+github.com/ProtonMail/gopenpgp/v2 v2.7.4 h1:Vz/8+HViFFnf2A6XX8JOvZMrA6F5puwNvvF21O1mRlo=
+github.com/ProtonMail/gopenpgp/v2 v2.7.4/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
+github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
+github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
 github.com/RoaringBitmap/roaring v0.4.7/go.mod h1:8khRDP4HmeXns4xIj9oGrKSz7XTQiJx2zgh7AcNke4w=
 github.com/Unknwon/goconfig v1.0.0 h1:9IAu/BYbSLQi8puFjUQApZTxIHqSwrj5d8vpP8vTq4A=
 github.com/Unknwon/goconfig v1.0.0/go.mod h1:wngxua9XCNjvHjDiTiV26DaKDT+0c63QR6H5hjVUUxw=
@@ -68,109 +88,134 @@ github.com/aalpar/deheap v0.0.0-20210914013432-0cc84d79dec3 h1:hhdWprfSpFbN7lz3W
 github.com/aalpar/deheap v0.0.0-20210914013432-0cc84d79dec3/go.mod h1:XaUnRxSCYgL3kkgX0QHIV0D+znljPIDImxlv2kbGv0Y=
 github.com/abbot/go-http-auth v0.4.0 h1:QjmvZ5gSC7jm3Zg54DqWE/T5m1t2AfDu6QlXJT0EVT0=
 github.com/abbot/go-http-auth v0.4.0/go.mod h1:Cz6ARTIzApMJDzh5bRMSUou6UMSp0IEXg9km/ci7TJM=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/akavel/rsrc v0.10.2 h1:Zxm8V5eI1hW4gGaYsJQUhxpjkENuG91ki8B4zCrvEsw=
+github.com/akavel/rsrc v0.10.2/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/aliyun/aliyun-oss-go-sdk v2.2.5+incompatible h1:QoRMR0TCctLDqBCMyOu1eXdZyMw3F7uGA9qPn2J4+R8=
 github.com/aliyun/aliyun-oss-go-sdk v2.2.5+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
-github.com/anacrolix/dms v1.5.0 h1:2WWI++sNL3Jv1UtrlVzw2KvEcOO3yGX6LMR8UwMj6/Q=
-github.com/anacrolix/dms v1.5.0/go.mod h1:5fAMpBcPFG4WQFh91zhf2E7/KYZ3/WmmRAf/WMoL0Q0=
+github.com/anacrolix/dms v1.6.0 h1:v2g1Y+Fc/ICSEc+7M6B92oFcfcqa5LXYPhE4Hcm5tVA=
+github.com/anacrolix/dms v1.6.0/go.mod h1:5fAMpBcPFG4WQFh91zhf2E7/KYZ3/WmmRAf/WMoL0Q0=
 github.com/anacrolix/envpprof v0.0.0-20180404065416-323002cec2fa/go.mod h1:KgHhUaQMc8cC0+cEflSgCFNFbKwi5h54gqtVn8yhP7c=
 github.com/anacrolix/envpprof v1.0.0/go.mod h1:KgHhUaQMc8cC0+cEflSgCFNFbKwi5h54gqtVn8yhP7c=
 github.com/anacrolix/ffprobe v1.0.0/go.mod h1:BIw+Bjol6CWjm/CRWrVLk2Vy+UYlkgmBZ05vpSYqZPw=
-github.com/anacrolix/log v0.13.1 h1:BmVwTdxHd5VcNrLylgKwph4P4wf+5VvPgOK4yi91fTY=
+github.com/anacrolix/generics v0.0.0-20230911070922-5dd7545c6b13 h1:qwOprPTDMM3BASJRf84mmZnTXRsPGGJ8xoHKQS7m3so=
+github.com/anacrolix/generics v0.0.0-20230911070922-5dd7545c6b13/go.mod h1:ff2rHB/joTV03aMSSn/AZNnaIpUw0h3njetGsaXcMy8=
 github.com/anacrolix/log v0.13.1/go.mod h1:D4+CvN8SnruK6zIFS/xPoRJmtvtnxs+CSfDQ+BFxZ68=
+github.com/anacrolix/log v0.14.2 h1:i9v/Lw/CceCKthcLW+UiajkSW8M/razXCwVYlZtAKsk=
+github.com/anacrolix/log v0.14.2/go.mod h1:1OmJESOtxQGNMlUO5rcv96Vpp9mfMqXXbe2RdinFLdY=
 github.com/anacrolix/missinggo v1.1.0/go.mod h1:MBJu3Sk/k3ZfGYcS7z18gwfu72Ey/xopPFJJbTi5yIo=
 github.com/anacrolix/tagflag v0.0.0-20180109131632-2146c8d41bf0/go.mod h1:1m2U/K6ZT+JZG0+bdMK6qauP49QT4wE5pmhJXOKKCHw=
-github.com/artyom/mtab v1.0.0 h1:r7OSVo5Jeqi8+LotZ0rT2kzfPIBp9KCpEJP8RQqGmSE=
-github.com/artyom/mtab v1.0.0/go.mod h1:EHpkp5OmPfS1yZX+/DFTztlJ9di5UzdDLX1/XzWPXw8=
+github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
+github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
+github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
-github.com/aws/aws-sdk-go v1.44.218 h1:p707+xOCazWhkSpZOeyhtTcg7Z+asxxvueGgYPSitn4=
-github.com/aws/aws-sdk-go v1.44.218/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/aws/aws-sdk-go v1.46.6 h1:6wFnNC9hETIZLMf6SOTN7IcclrOGwp/n9SLp8Pjt6E8=
+github.com/aws/aws-sdk-go v1.46.6/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bradenaw/juniper v0.13.1 h1:9P7/xeaYuEyqPuJHSHCJoisWyPvZH4FAi59BxJLh7F8=
+github.com/bradenaw/juniper v0.13.1/go.mod h1:Z2B7aJlQ7xbfWsnMLROj5t/5FQ94/MkIdKC30J4WvzI=
 github.com/bradfitz/iter v0.0.0-20140124041915-454541ec3da2/go.mod h1:PyRFw1Lt2wKX4ZVSQ2mk+PeDa1rxyObEDlApuIsUKuo=
 github.com/buengese/sgzip v0.1.1 h1:ry+T8l1mlmiWEsDrH/YHZnCVWD2S3im1KLsyO+8ZmTU=
 github.com/buengese/sgzip v0.1.1/go.mod h1:i5ZiXGF3fhV7gL1xaRRL1nDnmpNj0X061FQzOS8VMas=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
 github.com/calebcase/tmpfile v1.0.3 h1:BZrOWZ79gJqQ3XbAQlihYZf/YCV0H4KPIdM5K5oMpJo=
 github.com/calebcase/tmpfile v1.0.3/go.mod h1:UAUc01aHeC+pudPagY/lWvt2qS9ZO5Zzof6/tIUzqeI=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg=
+github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudsoda/go-smb2 v0.0.0-20231106205947-b0758ecc4c67 h1:KzZU0EMkUm4vX/jPp5d/VttocDpocL/8QP0zyiI9Xiw=
+github.com/cloudsoda/go-smb2 v0.0.0-20231106205947-b0758ecc4c67/go.mod h1:xFxVVe3plxwhM+6BgTTPByEgG8hggo8+gtRUkbc5W8Q=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/colinmarc/hdfs/v2 v2.3.0 h1:tMxOjXn6+7iPUlxAyup9Ha2hnmLe3Sv5DM2qqbSQ2VY=
-github.com/colinmarc/hdfs/v2 v2.3.0/go.mod h1:nsyY1uyQOomU34KVQk9Qb/lDJobN1MQ/9WS6IqcVZno=
+github.com/colinmarc/hdfs/v2 v2.4.0 h1:v6R8oBx/Wu9fHpdPoJJjpGSUxo8NhHIwrwsfhFvU9W0=
+github.com/colinmarc/hdfs/v2 v2.4.0/go.mod h1:0NAO+/3knbMx6+5pCv+Hcbaz4xn/Zzbn9+WIib2rKVI=
 github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
 github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cronokirby/saferith v0.33.0 h1:TgoQlfsD4LIwx71+ChfRcIpjkw+RPOapDEVxa+LhwLo=
+github.com/cronokirby/saferith v0.33.0/go.mod h1:QKJhjoqUtBsXCAVEjw38mFqoi7DebT7kthcD7UzbnoA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
+github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dop251/scsu v0.0.0-20220106150536-84ac88021d00 h1:xJBhC00smQpSZw3Kr0ErMUBXhUSjYoLRm2szxdbRBL0=
 github.com/dop251/scsu v0.0.0-20220106150536-84ac88021d00/go.mod h1:nNICngOdmNImBb/vuL+dSc0aIg3ryNATpjxThNoPw4g=
 github.com/dropbox/dropbox-sdk-go-unofficial/v6 v6.0.5 h1:FT+t0UEDykcor4y3dMVKXIiWJETBpRgERYTGlmMd7HU=
 github.com/dropbox/dropbox-sdk-go-unofficial/v6 v6.0.5/go.mod h1:rSS3kM9XMzSQ6pw91Qgd6yB5jdt70N4OdtrAf74As5M=
+github.com/dsnet/try v0.0.3 h1:ptR59SsrcFUYbT/FhAbKTV6iLkeD6O18qfIWRml2fqI=
 github.com/dustin/go-humanize v0.0.0-20180421182945-02af3965c54e/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/emersion/go-message v0.17.0 h1:NIdSKHiVUx4qKqdd0HyJFD41cW8iFguM2XJnRZWQH04=
+github.com/emersion/go-message v0.17.0/go.mod h1:/9Bazlb1jwUNB0npYYBsdJ2EMOiiyN3m5UVHbY7GoNw=
+github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 h1:IbFBtwoTQyw0fIM5xv1HF+Y+3ZijDR839WMulgxCcUY=
+github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
+github.com/emersion/go-vcard v0.0.0-20230815062825-8fda7d206ec9 h1:ATgqloALX6cHCranzkLb8/zjivwQ9DWWDCQRnxTPfaA=
+github.com/emersion/go-vcard v0.0.0-20230815062825-8fda7d206ec9/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/flynn/noise v1.0.0 h1:DlTHqmzmvcEiKj+4RYo/imoswx/4r6iBlCMfVtrMXpQ=
+github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
-github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gdamore/encoding v1.0.0 h1:+7OoQ1Bc6eTm5niUzBa0Ctsh6JbMW6Ra+YNuAtDBdko=
 github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg=
 github.com/gdamore/tcell/v2 v2.6.0 h1:OKbluoP9VYmJwZwq/iLb4BxwKcwGthaa1YNBJIyCySg=
 github.com/gdamore/tcell/v2 v2.6.0/go.mod h1:be9omFATkdr0D9qewWW3d+MEvl5dha+Etb5y65J2H8Y=
 github.com/geoffgarside/ber v1.1.0 h1:qTmFG4jJbwiSzSXoNJeHcOprVzZ8Ulde2Rrrifu5U9w=
 github.com/geoffgarside/ber v1.1.0/go.mod h1:jVPKeCbj6MvQZhwLYsGwaGI52oUorHoHKNecGT85ZCc=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/glycerine/go-unsnap-stream v0.0.0-20180323001048-9f0cb55181dd/go.mod h1:/20jfyN9Y5QPEAprSgKAUr+glWDY39ZiUEAYOEv5dsE=
 github.com/glycerine/goconvey v0.0.0-20180728074245-46e3a41ad493/go.mod h1:Ogl1Tioa0aV7gstGFO7KhffUsb9M4ydbEbbxpcEDc24=
-github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0=
-github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
+github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
+github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
+github.com/go-resty/resty/v2 v2.10.0 h1:Qla4W/+TMmv0fOeeRqzEpXPLfTUnR5HZ1+lGs+CkiCo=
+github.com/go-resty/resty/v2 v2.10.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -199,8 +244,9 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -214,11 +260,11 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -231,17 +277,19 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20211108044417-e9b028704de0 h1:rsq1yB2xiFLDYYaYdlGBsSkwVzsCo500wMhxvW5A/bk=
+github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
-github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -249,10 +297,11 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/hanwen/go-fuse/v2 v2.2.0 h1:jo5QZYmBLNcl9ovypWaQ5yXMSSV+Ch68xoC3rtZvvBM=
-github.com/hanwen/go-fuse/v2 v2.2.0/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
+github.com/hanwen/go-fuse/v2 v2.4.0 h1:12OhD7CkXXQdvxG2osIdBQLdXh+nmLXY9unkUIe/xaU=
+github.com/hanwen/go-fuse/v2 v2.4.0/go.mod h1:xKwi1cF7nXAOBCXujD5ie0ZKsxc8GGSA1rlMJc+8IJs=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
@@ -260,14 +309,18 @@ github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/C
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hirochachacha/go-smb2 v1.1.0 h1:b6hs9qKIql9eVXAiN0M2wSFY5xnhbHAQoCwRKbaRTZI=
-github.com/hirochachacha/go-smb2 v1.1.0/go.mod h1:8F1A4d5EZzrGu5R7PU163UcMRDJQl4FtcxjBfsY8TZE=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/henrybear327/Proton-API-Bridge v1.0.0 h1:gjKAaWfKu++77WsZTHg6FUyPC5W0LTKWQciUm8PMZb0=
+github.com/henrybear327/Proton-API-Bridge v1.0.0/go.mod h1:gunH16hf6U74W2b9CGDaWRadiLICsoJ6KRkSt53zLts=
+github.com/henrybear327/go-proton-api v1.0.0 h1:zYi/IbjLwFAW7ltCeqXneUGJey0TN//Xo851a/BgLXw=
+github.com/henrybear327/go-proton-api v1.0.0/go.mod h1:w63MZuzufKcIZ93pwRgiOtxMXYafI8H74D77AxytOBc=
 github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/iguanesolutions/go-systemd/v5 v5.1.1 h1:Hs0Z16knPGCBFnKECrICPh+RQ89Sgy0xyzcalrHMKdw=
 github.com/iguanesolutions/go-systemd/v5 v5.1.1/go.mod h1:Quv57scs6S7T0rC6qyLfW20KU/P4p9hrbLPF+ILYrXY=
-github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
@@ -281,47 +334,46 @@ github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jlaffaye/ftp v0.0.0-20190624084859-c1312a7102bf/go.mod h1:lli8NYPQOFy3O++YmYbqVgOcQ1JPCwdOy+5zSjKJ9qY=
-github.com/jlaffaye/ftp v0.1.1-0.20230214004652-d84bf4be2b6e h1:Xofa5zcfulLjSb9ZNpb7MI9TFCpVkPCy3JSwrL7xoWE=
-github.com/jlaffaye/ftp v0.1.1-0.20230214004652-d84bf4be2b6e/go.mod h1:sRSt+7UoQ5BgrZhwta4kr7N5SenQsoIZHMJHY7+zqJg=
+github.com/jlaffaye/ftp v0.2.0 h1:lXNvW7cBu7R/68bknOX3MrRIIqZ61zELs1P2RAiA3lg=
+github.com/jlaffaye/ftp v0.2.0/go.mod h1:is2Ds5qkhceAPy2xD6RLI6hmp/qysSoymZ+Z2uTnspI=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/josephspurrier/goversioninfo v1.4.0 h1:Puhl12NSHUSALHSuzYwPYQkqa2E1+7SrtAPJorKK0C8=
+github.com/josephspurrier/goversioninfo v1.4.0/go.mod h1:JWzv5rKQr+MmW+LvM412ToT/IkYDZjaclF2pKDss8IY=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/jtolio/eventkit v0.0.0-20221004135224-074cf276595b h1:tO4MX3k5bvV0Sjv5jYrxStMTJxf1m/TW24XRyHji4aU=
-github.com/jtolio/eventkit v0.0.0-20221004135224-074cf276595b/go.mod h1:q7yMR8BavTz/gBNtIT/uF487LMgcuEpNGKISLAjNQes=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/jtolio/eventkit v0.0.0-20231019094657-5d77ebb407d9 h1:5aw4qPuPiOjYJGATzHQllDfom77cgZrzE1ttOj7GRWQ=
+github.com/jtolio/eventkit v0.0.0-20231019094657-5d77ebb407d9/go.mod h1:PXFUrknJu7TkBNyL8t7XWDPtDFFLFrNQQAdsXv9YfJE=
+github.com/jtolio/noiseconn v0.0.0-20230621152802-afeab29449e0 h1:sR951BhhagmltT3d9bxQPHPwf1GKnzhzfarNxqhQMCE=
+github.com/jtolio/noiseconn v0.0.0-20230621152802-afeab29449e0/go.mod h1:MEkhEPFwP3yudWO0lj6vfYpLIB+3eIcuIW+e0AZzUQk=
 github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004 h1:G+9t9cEtnC9jFiTxyptEKuNIAbiN5ZCQzX2a74lj3xg=
 github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004/go.mod h1:KmHnJWQrgEvbuy0vcvj00gtMqbvNn1L+3YUZLK/B92c=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
-github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE=
+github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4=
+github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/koofr/go-httpclient v0.0.0-20230225102643-5d51a2e9dea6 h1:uF5FHZ/L5gvZTyBNhhcm55rRorL66DOs4KIeeVXZ8eI=
 github.com/koofr/go-httpclient v0.0.0-20230225102643-5d51a2e9dea6/go.mod h1:6HAT62hK6QH+ljNtZayJCKpbZy5hJIB12+1Ze1bFS7M=
 github.com/koofr/go-koofrclient v0.0.0-20221207135200-cbd7fc9ad6a6 h1:FHVoZMOVRA+6/y4yRlbiR3WvsrOcKBd/f64H7YiWR2U=
 github.com/koofr/go-koofrclient v0.0.0-20221207135200-cbd7fc9ad6a6/go.mod h1:MRAz4Gsxd+OzrZ0owwrUHc0zLESL+1Y5syqK/sJxK2A=
 github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -329,88 +381,89 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
-github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
+github.com/lufia/plan9stats v0.0.0-20231016141302-07b5767bb0ed h1:036IscGBfJsFIgJQzlui7nK1Ncm0tp2ktmPj8xO4N/0=
+github.com/lufia/plan9stats v0.0.0-20231016141302-07b5767bb0ed/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
+github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
+github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
 github.com/minio/minio-go/v6 v6.0.46/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg=
+github.com/minio/minio-go/v7 v7.0.63 h1:GbZ2oCvaUdgT5640WJOpyDhhDxvknAJU2/T3yurwcbQ=
+github.com/minio/minio-go/v7 v7.0.63/go.mod h1:Q6X7Qjb7WMhvG65qKf4gUgA5XaiSox74kR1uAEjxRS4=
 github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
+github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
+github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
+github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae/go.mod h1:qAyveg+e4CE+eKJXWVjKXM4ck2QobLqTDytGJbLLhJg=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/ncw/go-acd v0.0.0-20201019170801-fe55f33415b1 h1:nAjWYc03awJAjsozNehdGZsm5LP7AhLOvjgbS8zN1tk=
 github.com/ncw/go-acd v0.0.0-20201019170801-fe55f33415b1/go.mod h1:MLIrzg7gp/kzVBxRE1olT7CWYMCklcUWU+ekoxOD9x0=
-github.com/ncw/swift/v2 v2.0.1 h1:q1IN8hNViXEv8Zvg3Xdis4a3c4IlIGezkYz09zQL5J0=
-github.com/ncw/swift/v2 v2.0.1/go.mod h1:z0A9RVdYPjNjXVo2pDOPxZ4eu3oarO1P91fTItcb+Kg=
+github.com/ncw/swift/v2 v2.0.2 h1:jx282pcAKFhmoZBSdMcCRFn9VWkoBIRsCpe+yZq7vEk=
+github.com/ncw/swift/v2 v2.0.2/go.mod h1:z0A9RVdYPjNjXVo2pDOPxZ4eu3oarO1P91fTItcb+Kg=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754=
-github.com/oracle/oci-go-sdk/v65 v65.32.0 h1:6ASjGPE+k42xHgeAavNGbWtTZ4Z4KhlEhvJ4SVFMZrI=
-github.com/oracle/oci-go-sdk/v65 v65.32.0/go.mod h1:oyMrMa1vOzzKTmPN+kqrTR9y9kPA2tU1igN3NUSNTIE=
+github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
+github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
+github.com/oracle/oci-go-sdk/v65 v65.51.0 h1:BL1KjY4hTTvdmOuzYbULSwMwDSo2VApuaxLxfqtrkK0=
+github.com/oracle/oci-go-sdk/v65 v65.51.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
 github.com/pengsrc/go-shared v0.2.1-0.20190131101655-1999055a4a14 h1:XeOYlK9W1uCmhjJSsY78Mcuh7MVkNjTzmHx1yBzizSU=
 github.com/pengsrc/go-shared v0.2.1-0.20190131101655-1999055a4a14/go.mod h1:jVblp62SafmidSkvWrXyxAme3gaTfEtWwRPGz5cpvHg=
 github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.6-0.20230213180117-971c283182b6 h1:5TvW1dv00Y13njmQ1AWkxSWtPkwE7ZEF6yDuv9q+Als=
-github.com/pkg/sftp v1.13.6-0.20230213180117-971c283182b6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=
+github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=
+github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=
 github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
 github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b h1:0LFwY6Q3gMACTjAbMZBjXAqTOzOwFaj2Ld6cjeQ7Rig=
+github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
+github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
+github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
+github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/putdotio/go-putio/putio v0.0.0-20200123120452-16d982cac2b8 h1:Y258uzXU/potCYnQd1r6wlAnoMB68BiCkCcCnKx1SH8=
 github.com/putdotio/go-putio/putio v0.0.0-20200123120452-16d982cac2b8/go.mod h1:bSJjRokAHHOhA+XFxplld8w2R/dXLH7Z3BZ532vhFwU=
+github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg=
+github.com/quic-go/quic-go v0.39.3 h1:o3YB6t2SR+HU/pgwF29kJ6g4jJIJEwEZ8CKia1h1TKg=
+github.com/rasky/go-xdr v0.0.0-20170124162913-1a41d1a06c93 h1:UVArwN/wkKjMVhh2EQGC0tEc1+FqiLlvYXY5mQ2f8Wg=
+github.com/rasky/go-xdr v0.0.0-20170124162913-1a41d1a06c93/go.mod h1:Nfe4efndBz4TibWycNE+lqyJZiMX4ycx+QKV8Ta0f/o=
+github.com/relvacode/iso8601 v1.3.0 h1:HguUjsGpIMh/zsTczGN3DVJFxTU/GX+MMmzcKoMO7ko=
+github.com/relvacode/iso8601 v1.3.0/go.mod h1:FlNp+jz+TXpyRqgmM7tnzHHzBnz776kmAH2h3sZCn0I=
 github.com/rfjakob/eme v1.1.2 h1:SxziR8msSOElPayZNFfQw4Tjx/Sbaeeh3eRvrHVMUs4=
 github.com/rfjakob/eme v1.1.2/go.mod h1:cVvpasglm/G3ngEfcfT/Wt0GwhkuO32pf/poW6Nyk1k=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -419,19 +472,26 @@ github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 h1:GHRpF1pTW19a8tTFrMLUcfWwyC0pnifVo2ClaLq+hP8=
 github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46/go.mod h1:uAQ5PCi+MFsC7HjREoAz1BU+Mq60+05gifQSsHSDG/8=
-github.com/shirou/gopsutil/v3 v3.23.2 h1:PAWSuiAszn7IhPMBtXsbSCafej7PqUOvY6YywlQUExU=
-github.com/shirou/gopsutil/v3 v3.23.2/go.mod h1:gv0aQw33GLo3pG8SiWKiQrbDzbRY1K80RyZJ7V4Th1M=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 h1:WnNuhiq+FOY3jNj6JXFT+eLN3CQ/oPIsDPRanvwsmbI=
+github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500/go.mod h1:+njLrG5wSeoG4Ds61rFgEzKvenR2UHbjMoDHsczxly0=
+github.com/shirou/gopsutil/v3 v3.23.9 h1:ZI5bWVeu2ep4/DIxB4U9okeYJ7zp/QLTO4auRb/ty/E=
+github.com/shirou/gopsutil/v3 v3.23.9/go.mod h1:x/NWSb71eMcjFIO0vhyGW5nZ7oSIgVjrCnADckb85GA=
+github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
+github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
+github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
+github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
@@ -441,10 +501,10 @@ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/sony/gobreaker v0.5.0 h1:dRCvqm0P490vZPmy7ppEk2qCnCieBooFJ+YoXGYB+yg=
 github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
-github.com/spacemonkeygo/monkit/v3 v3.0.19 h1:wqBb9bpD7jXkVi4XwIp8jn1fektaVBQ+cp9SHRXgAdo=
-github.com/spacemonkeygo/monkit/v3 v3.0.19/go.mod h1:kj1ViJhlyADa7DiA4xVnTuPA46lFKbM7mxQTrXCuJP4=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spacemonkeygo/monkit/v3 v3.0.22 h1:4/g8IVItBDKLdVnqrdHZrCVPpIrwDBzl1jrV0IHQHDU=
+github.com/spacemonkeygo/monkit/v3 v3.0.22/go.mod h1:XkZYGzknZwkD0AKUnZaSXhRiVTLCkq7CWVa3IsE72gA=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -462,19 +522,25 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/t3rm1n4l/go-mega v0.0.0-20230228171823-a01a2cda13ca h1:I9rVnNXdIkij4UvMT7OmKhH9sOIvS8iXkxfPdnn9wQA=
 github.com/t3rm1n4l/go-mega v0.0.0-20230228171823-a01a2cda13ca/go.mod h1:suDIky6yrK07NnaBadCB4sS0CqFOvUK91lH7CR+JlDA=
 github.com/tinylib/msgp v1.0.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
-github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
-github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
-github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
-github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
+github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
+github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
+github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
+github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
 github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c h1:u6SKchux2yDvFQnDHS3lPnIRmfVJ5Sxy3ao2SIdysLQ=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/vivint/infectious v0.0.0-20200605153912-25a574ae18a3 h1:zMsHhfK9+Wdl1F7sIKLyx3wrOFofpb3rWFbA4HgcK5k=
 github.com/vivint/infectious v0.0.0-20200605153912-25a574ae18a3/go.mod h1:R0Gbuw7ElaGSLOZUSwBm/GgVwMd30jWxBDdAyMOeTuc=
 github.com/willf/bitset v1.1.9/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
+github.com/willscott/go-nfs v0.0.0-20231028170411-e6abde417d5d h1:Mi3VHVbB25piluNw9KN1ZdsD1q65yQGr9GWPy9M6Tuk=
+github.com/willscott/go-nfs v0.0.0-20231028170411-e6abde417d5d/go.mod h1:wWJ0QPsRtNrdtdYqKbFe8+u3wUsITJoqYw2TgnhI8GI=
+github.com/willscott/go-nfs-client v0.0.0-20200605172546-271fa9065b33 h1:Wd8wdpRzPXskyHvZLyw7Wc1fp5oCE2mhBCj7bAiibUs=
+github.com/willscott/go-nfs-client v0.0.0-20200605172546-271fa9065b33/go.mod h1:cOUKSNty+RabZqKhm5yTJT5Vq/Fe83ZRWAJ5Kj8nRes=
 github.com/winfsp/cgofuse v1.5.1-0.20221118130120-84c0898ad2e0 h1:j3un8DqYvvAOqKI5OPz+/RRVhDFipbPKI4t2Uk5RBJw=
 github.com/winfsp/cgofuse v1.5.1-0.20221118130120-84c0898ad2e0/go.mod h1:uxjoF2jEYT3+x+vC2KJddEGdk/LU8pRowXmyVMHSV5I=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
@@ -488,19 +554,19 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yunify/qingstor-sdk-go/v3 v3.2.0 h1:9sB2WZMgjwSUNZhrgvaNGazVltoFUUfuS9f0uCWtTr8=
 github.com/yunify/qingstor-sdk-go/v3 v3.2.0/go.mod h1:KciFNuMu6F4WLk9nGwwK69sCGKLCdd9f97ac/wfumS4=
-github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
-github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
+github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/assert v1.3.1 h1:vukIABvugfNMZMQO1ABsyQDJDTVQbn+LWSMy1ol1h6A=
-github.com/zeebo/assert v1.3.1/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/blake3 v0.2.3 h1:TFoLXsjeXqRNFxSbk35Dk4YtszE/MQQGK10BH4ptoTg=
 github.com/zeebo/blake3 v0.2.3/go.mod h1:mjJjZpnsyIVtVgTOSpJ9vmRE4wgDeyt2HU3qXvvKCaQ=
 github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
 github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
 github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
-go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
-go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
+github.com/zema1/go-nfs-client v0.0.0-20200604081958-0cf942f0e0fe/go.mod h1:im3CVJ32XM3+E+2RhY0sa5IVJVQehUrX0oE1wX4xOwU=
+go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA=
+go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -508,9 +574,11 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-goftp.io/server v0.4.2-0.20210615155358-d07a820aac35 h1:D4DhKKOtievTsshtbA6W0XL/gBjERF5/vu6Vhmb4sBw=
-goftp.io/server v0.4.2-0.20210615155358-d07a820aac35/go.mod h1:hFZeR656ErRt3ojMKt7H10vQ5nuWV1e0YeUTeorlR6k=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
+goftp.io/server/v2 v2.0.1 h1:H+9UbCX2N206ePDSVNCjBftOKOgil6kQ5RAQNx5hJwE=
+goftp.io/server/v2 v2.0.1/go.mod h1:7+H/EIq7tXdfo1Muu5p+l3oQ6rYkDZ8lY7IM5d5kVdQ=
+golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -519,13 +587,15 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -536,6 +606,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -550,8 +622,8 @@ golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPI
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c h1:Gk61ECugwEHL6IiyyNLXNzmu8XslmRP2dS0xjIYhbb4=
-golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c/go.mod h1:aAjjkJNdrh3PMckS4B10TGS2nag27cbKR1y2BpUxsiY=
+golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe h1:lrXv4yHeD9FA8PSJATWowP1QvexpyAPWmPia+Kbzql8=
+golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe/go.mod h1:BrnXpEObnFxpaT75Jo9hsCazwOWcp7nVIa8NNuH5cuA=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
@@ -559,9 +631,11 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -570,11 +644,9 @@ golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -592,27 +664,27 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220524220425-1d687d428aca/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
-golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -626,11 +698,10 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -645,7 +716,6 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -658,8 +728,6 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -668,13 +736,10 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -682,15 +747,25 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -698,10 +773,14 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -721,6 +800,7 @@ golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190829051458-42f498d34c4d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -751,6 +831,9 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -771,16 +854,16 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.112.0 h1:iDmzvZ4C086R3+en4nSyIf07HlQKMOX1Xx2dmia/+KQ=
-google.golang.org/api v0.112.0/go.mod h1:737UfWHNsOq4F3REUTmb+GN9pugkgNLCayLTfoIKpPc=
+google.golang.org/api v0.148.0 h1:HBq4TZlN4/1pNcu0geJZ/Q50vIwIXT532UIMYoo0vOs=
+google.golang.org/api v0.148.0/go.mod h1:8/TBgwaKjfqTdacOJrOv2+2Q6fBDU1uHKK06oGSkxzU=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -810,8 +893,10 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488 h1:QQF+HdiI4iocoxUjjpLgvTYDHKm99C/VtTBFnfiCJos=
-google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488/go.mod h1:TvhZT5f700eVlTNwND1xoEZQeWTB2RY/65kplwl/bFA=
+google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a h1:fwgW9j3vHirt4ObdHoYNwuO24BEZjSzbh+zPaNWoiY8=
+google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -825,8 +910,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
-google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -839,9 +924,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -849,13 +933,13 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/validator.v2 v2.0.1 h1:xF0KWyGWXm/LM2G1TrEjqOu4pa6coO9AlWSf3msVfDY=
+gopkg.in/validator.v2 v2.0.1/go.mod h1:lIUZBlB3Im4s/eYp39Ry/wkR02yOPhZ9IwIRBjuPuG8=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -871,9 +955,11 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-storj.io/common v0.0.0-20221123115229-fed3e6651b63 h1:OuleF/3FvZe3Nnu6NdwVr+FvCXjfD4iNNdgfI2kcs3k=
-storj.io/common v0.0.0-20221123115229-fed3e6651b63/go.mod h1:+gF7jbVvpjVIVHhK+EJFhfPbudX395lnPq/dKkj/Qys=
-storj.io/drpc v0.0.32 h1:5p5ZwsK/VOgapaCu+oxaPVwO6UwIs+iwdMiD50+R4PI=
-storj.io/drpc v0.0.32/go.mod h1:6rcOyR/QQkSTX/9L5ZGtlZaE2PtXTTZl8d+ulSeeYEg=
-storj.io/uplink v1.10.0 h1:3hS0hszupHSxEoC4DsMpljaRy0uNoijEPVF6siIE28Q=
-storj.io/uplink v1.10.0/go.mod h1:gJIQumB8T3tBHPRive51AVpbc+v2xe+P/goFNMSRLG4=
+storj.io/common v0.0.0-20231027080355-b4cb1b0d728e h1:wuqU8YLarJbnbkh4ficH+ocvu334p6CcyN3BU+piwiU=
+storj.io/common v0.0.0-20231027080355-b4cb1b0d728e/go.mod h1:qzung7BKWOk/EHHKNkXUBevcVPCocfp90tMU3jUsEa0=
+storj.io/drpc v0.0.33 h1:yCGZ26r66ZdMP0IcTYsj7WDAUIIjzXk6DJhbhvt9FHI=
+storj.io/drpc v0.0.33/go.mod h1:vR804UNzhBa49NOJ6HeLjd2H3MakC1j5Gv8bsOQT6N4=
+storj.io/picobuf v0.0.2-0.20230906122608-c4ba17033c6c h1:or/DtG5uaZpzimL61ahlgAA+MTYn/U3txz4fe+XBFUg=
+storj.io/picobuf v0.0.2-0.20230906122608-c4ba17033c6c/go.mod h1:JCuc3C0gzCJHQ4J6SOx/Yjg+QTpX0D+Fvs5H46FETCk=
+storj.io/uplink v1.12.1 h1:bDc2dI6Q7EXcvPJLZuH9jIOTIf2oKxvW3xKEA+Y5EI0=
+storj.io/uplink v1.12.1/go.mod h1:1+czctHG25pMzcUp4Mds6QnoJ7LvbgYA5d1qlpFFexg=
diff --git a/lib/atexit/atexit.go b/lib/atexit/atexit.go
index 363d3267b6b2c..07af75ebcb06c 100644
--- a/lib/atexit/atexit.go
+++ b/lib/atexit/atexit.go
@@ -19,8 +19,8 @@ var (
 	exitChan     chan os.Signal
 	exitOnce     sync.Once
 	registerOnce sync.Once
-	signalled    int32
-	runCalled    int32
+	signalled    atomic.Int32
+	runCalled    atomic.Int32
 )
 
 // FnHandle is the type of the handle returned by function `Register`
@@ -47,7 +47,7 @@ func Register(fn func()) FnHandle {
 				return
 			}
 			signal.Stop(exitChan)
-			atomic.StoreInt32(&signalled, 1)
+			signalled.Store(1)
 			fs.Infof(nil, "Signal received: %s", sig)
 			Run()
 			fs.Infof(nil, "Exiting...")
@@ -60,12 +60,12 @@ func Register(fn func()) FnHandle {
 
 // Signalled returns true if an exit signal has been received
 func Signalled() bool {
-	return atomic.LoadInt32(&signalled) != 0
+	return signalled.Load() != 0
 }
 
 // running returns true if run has been called
 func running() bool {
-	return atomic.LoadInt32(&runCalled) != 0
+	return runCalled.Load() != 0
 }
 
 // Unregister a function using the handle returned by `Register`
@@ -93,7 +93,7 @@ func IgnoreSignals() {
 
 // Run all the at exit functions if they haven't been run already
 func Run() {
-	atomic.StoreInt32(&runCalled, 1)
+	runCalled.Store(1)
 	// Take the lock here (not inside the exitOnce) so we wait
 	// until the exit handlers have run before any calls to Run()
 	// return.
@@ -115,12 +115,18 @@ func Run() {
 //
 // So cancelFunc will be run if the function exits with an error or
 // at exit.
+//
+// cancelFunc will only be run once.
 func OnError(perr *error, fn func()) func() {
-	handle := Register(fn)
+	var once sync.Once
+	onceFn := func() {
+		once.Do(fn)
+	}
+	handle := Register(onceFn)
 	return func() {
 		defer Unregister(handle)
 		if *perr != nil {
-			fn()
+			onceFn()
 		}
 	}
 
diff --git a/lib/batcher/batcher.go b/lib/batcher/batcher.go
new file mode 100644
index 0000000000000..1ac7f589d24d3
--- /dev/null
+++ b/lib/batcher/batcher.go
@@ -0,0 +1,282 @@
+// Package batcher implements a generic batcher.
+//
+// It uses two types:
+//
+//	Item - the thing to be batched
+//	Result - the result from the batching
+//
+// And one function of type CommitBatchFn which is called to do the actual batching.
+package batcher
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/fserrors"
+	"github.com/rclone/rclone/lib/atexit"
+)
+
+// Options for configuring the batcher
+type Options struct {
+	Mode                  string        // mode of the batcher "sync", "async" or "off"
+	Size                  int           // size of batch
+	Timeout               time.Duration // timeout before committing the batch
+	MaxBatchSize          int           // max size the batch can be
+	DefaultTimeoutSync    time.Duration // default time to kick off the batch if nothing added for this long (sync)
+	DefaultTimeoutAsync   time.Duration // default time to kick off the batch if nothing added for this long (async)
+	DefaultBatchSizeAsync int           // default batch size if async
+}
+
+// CommitBatchFn is called to commit a batch of Item and return Result to the callers.
+//
+// It should commit the batch of items then for each result i (of
+// which there should be len(items)) it should set either results[i]
+// or errors[i]
+type CommitBatchFn[Item, Result any] func(ctx context.Context, items []Item, results []Result, errors []error) (err error)
+
+// Batcher holds info about the current items waiting to be acted on.
+type Batcher[Item, Result any] struct {
+	opt      Options                     // options for configuring the batcher
+	f        any                         // logging identity for fs.Debugf(f, ...)
+	commit   CommitBatchFn[Item, Result] // User defined function to commit the batch
+	async    bool                        // whether we are using async batching
+	in       chan request[Item, Result]  // incoming items to batch
+	closed   chan struct{}               // close to indicate batcher shut down
+	atexit   atexit.FnHandle             // atexit handle
+	shutOnce sync.Once                   // make sure we shutdown once only
+	wg       sync.WaitGroup              // wait for shutdown
+}
+
+// request holds an incoming request with a place for a reply
+type request[Item, Result any] struct {
+	item   Item
+	name   string
+	result chan<- response[Result]
+	quit   bool // if set then quit
+}
+
+// response holds a response to be delivered to clients waiting
+// for a batch to complete.
+type response[Result any] struct {
+	err   error
+	entry Result
+}
+
+// New creates a Batcher for Item and Result calling commit to do the actual committing.
+func New[Item, Result any](ctx context.Context, f any, commit CommitBatchFn[Item, Result], opt Options) (*Batcher[Item, Result], error) {
+	// fs.Debugf(f, "Creating batcher with mode %q, size %d, timeout %v", mode, size, timeout)
+	if opt.Size > opt.MaxBatchSize || opt.Size < 0 {
+		return nil, fmt.Errorf("batcher: batch size must be < %d and >= 0 - it is currently %d", opt.MaxBatchSize, opt.Size)
+	}
+
+	async := false
+
+	switch opt.Mode {
+	case "sync":
+		if opt.Size <= 0 {
+			ci := fs.GetConfig(ctx)
+			opt.Size = ci.Transfers
+		}
+		if opt.Timeout <= 0 {
+			opt.Timeout = opt.DefaultTimeoutSync
+		}
+	case "async":
+		if opt.Size <= 0 {
+			opt.Size = opt.DefaultBatchSizeAsync
+		}
+		if opt.Timeout <= 0 {
+			opt.Timeout = opt.DefaultTimeoutAsync
+		}
+		async = true
+	case "off":
+		opt.Size = 0
+	default:
+		return nil, fmt.Errorf("batcher: batch mode must be sync|async|off not %q", opt.Mode)
+	}
+
+	b := &Batcher[Item, Result]{
+		opt:    opt,
+		f:      f,
+		commit: commit,
+		async:  async,
+		in:     make(chan request[Item, Result], opt.Size),
+		closed: make(chan struct{}),
+	}
+	if b.Batching() {
+		b.atexit = atexit.Register(b.Shutdown)
+		b.wg.Add(1)
+		go b.commitLoop(context.Background())
+	}
+	return b, nil
+
+}
+
+// Batching returns true if batching is active
+func (b *Batcher[Item, Result]) Batching() bool {
+	return b.opt.Size > 0
+}
+
+// commit a batch calling the user defined commit function then distributing the results.
+func (b *Batcher[Item, Result]) commitBatch(ctx context.Context, requests []request[Item, Result]) (err error) {
+	// If commit fails then signal clients if sync
+	var signalled = b.async
+	defer func() {
+		if err != nil && !signalled {
+			// Signal to clients that there was an error
+			for _, req := range requests {
+				req.result <- response[Result]{err: err}
+			}
+		}
+	}()
+	desc := fmt.Sprintf("%s batch length %d starting with: %s", b.opt.Mode, len(requests), requests[0].name)
+	fs.Debugf(b.f, "Committing %s", desc)
+
+	var (
+		items   = make([]Item, len(requests))
+		results = make([]Result, len(requests))
+		errors  = make([]error, len(requests))
+	)
+
+	for i := range requests {
+		items[i] = requests[i].item
+	}
+
+	// Commit the batch
+	err = b.commit(ctx, items, results, errors)
+	if err != nil {
+		return err
+	}
+
+	// Report results to clients
+	var (
+		lastError  error
+		errorCount = 0
+	)
+	for i, req := range requests {
+		result := results[i]
+		err := errors[i]
+		resp := response[Result]{}
+		if err == nil {
+			resp.entry = result
+		} else {
+			errorCount++
+			lastError = err
+			resp.err = fmt.Errorf("batch upload failed: %w", err)
+		}
+		if !b.async {
+			req.result <- resp
+		}
+	}
+
+	// show signalled so no need to report error to clients from now on
+	signalled = true
+
+	// Report an error if any failed in the batch
+	if lastError != nil {
+		return fmt.Errorf("batch had %d errors: last error: %w", errorCount, lastError)
+	}
+
+	fs.Debugf(b.f, "Committed %s", desc)
+	return nil
+}
+
+// commitLoop runs the commit engine in the background
+func (b *Batcher[Item, Result]) commitLoop(ctx context.Context) {
+	var (
+		requests  []request[Item, Result] // current batch of uncommitted Items
+		idleTimer = time.NewTimer(b.opt.Timeout)
+		commit    = func() {
+			err := b.commitBatch(ctx, requests)
+			if err != nil {
+				fs.Errorf(b.f, "%s batch commit: failed to commit batch length %d: %v", b.opt.Mode, len(requests), err)
+			}
+			requests = nil
+		}
+	)
+	defer b.wg.Done()
+	defer idleTimer.Stop()
+	idleTimer.Stop()
+
+outer:
+	for {
+		select {
+		case req := <-b.in:
+			if req.quit {
+				break outer
+			}
+			requests = append(requests, req)
+			idleTimer.Stop()
+			if len(requests) >= b.opt.Size {
+				commit()
+			} else {
+				idleTimer.Reset(b.opt.Timeout)
+			}
+		case <-idleTimer.C:
+			if len(requests) > 0 {
+				fs.Debugf(b.f, "Batch idle for %v so committing", b.opt.Timeout)
+				commit()
+			}
+		}
+
+	}
+	// commit any remaining items
+	if len(requests) > 0 {
+		commit()
+	}
+}
+
+// Shutdown finishes any pending batches then shuts everything down.
+//
+// This is registered as an atexit handler by New.
+func (b *Batcher[Item, Result]) Shutdown() {
+	if !b.Batching() {
+		return
+	}
+	b.shutOnce.Do(func() {
+		atexit.Unregister(b.atexit)
+		fs.Infof(b.f, "Committing uploads - please wait...")
+		// show that batcher is shutting down
+		close(b.closed)
+		// quit the commitLoop by sending a quitRequest message
+		//
+		// Note that we don't close b.in because that will
+		// cause write to closed channel in Commit when we are
+		// exiting due to a signal.
+		b.in <- request[Item, Result]{quit: true}
+		b.wg.Wait()
+	})
+}
+
+// Commit commits the Item getting a Result or error using a batch
+// call, first adding it to the batch and then waiting for the batch
+// to complete in a synchronous way if async is not set.
+//
+// If async is set then this will return no error and a nil/empty
+// Result.
+//
+// This should not be called if batching is off - check first with
+// IsBatching.
+func (b *Batcher[Item, Result]) Commit(ctx context.Context, name string, item Item) (entry Result, err error) {
+	select {
+	case <-b.closed:
+		return entry, fserrors.FatalError(errors.New("batcher is shutting down"))
+	default:
+	}
+	fs.Debugf(b.f, "Adding %q to batch", name)
+	resp := make(chan response[Result], 1)
+	b.in <- request[Item, Result]{
+		item:   item,
+		name:   name,
+		result: resp,
+	}
+	// If running async then don't wait for the result
+	if b.async {
+		return entry, nil
+	}
+	result := <-resp
+	return result.entry, result.err
+}
diff --git a/lib/batcher/batcher_test.go b/lib/batcher/batcher_test.go
new file mode 100644
index 0000000000000..e1f5d5551f019
--- /dev/null
+++ b/lib/batcher/batcher_test.go
@@ -0,0 +1,275 @@
+package batcher
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type (
+	Result string
+	Item   string
+)
+
+func TestBatcherNew(t *testing.T) {
+	ctx := context.Background()
+	ci := fs.GetConfig(ctx)
+
+	opt := Options{
+		Mode:                  "async",
+		Size:                  100,
+		Timeout:               1 * time.Second,
+		MaxBatchSize:          1000,
+		DefaultTimeoutSync:    500 * time.Millisecond,
+		DefaultTimeoutAsync:   10 * time.Second,
+		DefaultBatchSizeAsync: 100,
+	}
+	commitBatch := func(ctx context.Context, items []Item, results []Result, errors []error) (err error) {
+		return nil
+	}
+
+	b, err := New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	require.True(t, b.Batching())
+	b.Shutdown()
+
+	opt.Mode = "sync"
+	b, err = New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	require.True(t, b.Batching())
+	b.Shutdown()
+
+	opt.Mode = "off"
+	b, err = New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	require.False(t, b.Batching())
+	b.Shutdown()
+
+	opt.Mode = "bad"
+	_, err = New[Item, Result](ctx, nil, commitBatch, opt)
+	require.ErrorContains(t, err, "batch mode")
+
+	opt.Mode = "async"
+	opt.Size = opt.MaxBatchSize + 1
+	_, err = New[Item, Result](ctx, nil, commitBatch, opt)
+	require.ErrorContains(t, err, "batch size")
+
+	opt.Mode = "sync"
+	opt.Size = 0
+	opt.Timeout = 0
+	b, err = New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	assert.Equal(t, ci.Transfers, b.opt.Size)
+	assert.Equal(t, opt.DefaultTimeoutSync, b.opt.Timeout)
+	b.Shutdown()
+
+	opt.Mode = "async"
+	opt.Size = 0
+	opt.Timeout = 0
+	b, err = New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	assert.Equal(t, opt.DefaultBatchSizeAsync, b.opt.Size)
+	assert.Equal(t, opt.DefaultTimeoutAsync, b.opt.Timeout)
+	b.Shutdown()
+
+	// Check we get an error on commit
+	_, err = b.Commit(ctx, "last", Item("last"))
+	require.ErrorContains(t, err, "shutting down")
+
+}
+
+func TestBatcherCommit(t *testing.T) {
+	ctx := context.Background()
+
+	opt := Options{
+		Mode:                  "sync",
+		Size:                  3,
+		Timeout:               1 * time.Second,
+		MaxBatchSize:          1000,
+		DefaultTimeoutSync:    500 * time.Millisecond,
+		DefaultTimeoutAsync:   10 * time.Second,
+		DefaultBatchSizeAsync: 100,
+	}
+	var wg sync.WaitGroup
+	errFail := errors.New("fail")
+	var commits int
+	var totalSize int
+	commitBatch := func(ctx context.Context, items []Item, results []Result, errors []error) (err error) {
+		commits += 1
+		totalSize += len(items)
+		for i := range items {
+			if items[i] == "5" {
+				errors[i] = errFail
+			} else {
+				results[i] = Result(items[i]) + " result"
+			}
+		}
+		return nil
+	}
+	b, err := New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	defer b.Shutdown()
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		s := fmt.Sprintf("%d", i)
+		go func() {
+			defer wg.Done()
+			result, err := b.Commit(ctx, s, Item(s))
+			if s == "5" {
+				assert.True(t, errors.Is(err, errFail))
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, Result(s+" result"), result)
+			}
+		}()
+	}
+	wg.Wait()
+	assert.Equal(t, 4, commits)
+	assert.Equal(t, 10, totalSize)
+}
+
+func TestBatcherCommitFail(t *testing.T) {
+	ctx := context.Background()
+
+	opt := Options{
+		Mode:                  "sync",
+		Size:                  3,
+		Timeout:               1 * time.Second,
+		MaxBatchSize:          1000,
+		DefaultTimeoutSync:    500 * time.Millisecond,
+		DefaultTimeoutAsync:   10 * time.Second,
+		DefaultBatchSizeAsync: 100,
+	}
+	var wg sync.WaitGroup
+	errFail := errors.New("fail")
+	var commits int
+	var totalSize int
+	commitBatch := func(ctx context.Context, items []Item, results []Result, errors []error) (err error) {
+		commits += 1
+		totalSize += len(items)
+		return errFail
+	}
+	b, err := New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	defer b.Shutdown()
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		s := fmt.Sprintf("%d", i)
+		go func() {
+			defer wg.Done()
+			_, err := b.Commit(ctx, s, Item(s))
+			assert.True(t, errors.Is(err, errFail))
+		}()
+	}
+	wg.Wait()
+	assert.Equal(t, 4, commits)
+	assert.Equal(t, 10, totalSize)
+}
+
+func TestBatcherCommitShutdown(t *testing.T) {
+	ctx := context.Background()
+
+	opt := Options{
+		Mode:                  "sync",
+		Size:                  3,
+		Timeout:               1 * time.Second,
+		MaxBatchSize:          1000,
+		DefaultTimeoutSync:    500 * time.Millisecond,
+		DefaultTimeoutAsync:   10 * time.Second,
+		DefaultBatchSizeAsync: 100,
+	}
+	var wg sync.WaitGroup
+	var commits int
+	var totalSize int
+	commitBatch := func(ctx context.Context, items []Item, results []Result, errors []error) (err error) {
+		commits += 1
+		totalSize += len(items)
+		for i := range items {
+			results[i] = Result(items[i])
+		}
+		return nil
+	}
+	b, err := New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		s := fmt.Sprintf("%d", i)
+		go func() {
+			defer wg.Done()
+			result, err := b.Commit(ctx, s, Item(s))
+			assert.NoError(t, err)
+			assert.Equal(t, Result(s), result)
+		}()
+	}
+
+	time.Sleep(100 * time.Millisecond)
+	b.Shutdown() // shutdown with batches outstanding
+
+	wg.Wait()
+	assert.Equal(t, 4, commits)
+	assert.Equal(t, 10, totalSize)
+}
+
+func TestBatcherCommitAsync(t *testing.T) {
+	ctx := context.Background()
+
+	opt := Options{
+		Mode:                  "async",
+		Size:                  3,
+		Timeout:               1 * time.Second,
+		MaxBatchSize:          1000,
+		DefaultTimeoutSync:    500 * time.Millisecond,
+		DefaultTimeoutAsync:   10 * time.Second,
+		DefaultBatchSizeAsync: 100,
+	}
+	var wg sync.WaitGroup
+	errFail := errors.New("fail")
+	var commits atomic.Int32
+	var totalSize atomic.Int32
+	commitBatch := func(ctx context.Context, items []Item, results []Result, errors []error) (err error) {
+		wg.Add(1)
+		defer wg.Done()
+		// t.Logf("commit %d", len(items))
+		commits.Add(1)
+		totalSize.Add(int32(len(items)))
+		for i := range items {
+			if items[i] == "5" {
+				errors[i] = errFail
+			} else {
+				results[i] = Result(items[i]) + " result"
+			}
+		}
+		return nil
+	}
+	b, err := New[Item, Result](ctx, nil, commitBatch, opt)
+	require.NoError(t, err)
+	defer b.Shutdown()
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		s := fmt.Sprintf("%d", i)
+		go func() {
+			defer wg.Done()
+			result, err := b.Commit(ctx, s, Item(s))
+			// Async just returns straight away
+			require.NoError(t, err)
+			assert.Equal(t, Result(""), result)
+		}()
+	}
+	time.Sleep(2 * time.Second) // wait for batch timeout - needed with async
+	wg.Wait()
+
+	assert.Equal(t, int32(4), commits.Load())
+	assert.Equal(t, int32(10), totalSize.Load())
+}
diff --git a/lib/batcher/options.go b/lib/batcher/options.go
new file mode 100644
index 0000000000000..a4cc47c7107b7
--- /dev/null
+++ b/lib/batcher/options.go
@@ -0,0 +1,73 @@
+package batcher
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/rclone/rclone/fs"
+)
+
+// FsOptions returns the batch mode fs.Options
+func (opt *Options) FsOptions(extra string) []fs.Option {
+	return []fs.Option{{
+		Name: "batch_mode",
+		Help: fmt.Sprintf(`Upload file batching sync|async|off.
+
+This sets the batch mode used by rclone.
+
+%sThis has 3 possible values
+
+- off - no batching
+- sync - batch uploads and check completion (default)
+- async - batch upload and don't check completion
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+`, extra),
+		Default:  "sync",
+		Advanced: true,
+	}, {
+		Name: "batch_size",
+		Help: fmt.Sprintf(`Max number of files in upload batch.
+
+This sets the batch size of files to upload. It has to be less than %d.
+
+By default this is 0 which means rclone which calculate the batch size
+depending on the setting of batch_mode.
+
+- batch_mode: async - default batch_size is %d
+- batch_mode: sync - default batch_size is the same as --transfers
+- batch_mode: off - not in use
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+Setting this is a great idea if you are uploading lots of small files
+as it will make them a lot quicker. You can use --transfers 32 to
+maximise throughput.
+`, opt.MaxBatchSize, opt.DefaultBatchSizeAsync),
+		Default:  0,
+		Advanced: true,
+	}, {
+		Name: "batch_timeout",
+		Help: fmt.Sprintf(`Max time to allow an idle upload batch before uploading.
+
+If an upload batch is idle for more than this long then it will be
+uploaded.
+
+The default for this is 0 which means rclone will choose a sensible
+default based on the batch_mode in use.
+
+- batch_mode: async - default batch_timeout is %v
+- batch_mode: sync - default batch_timeout is %v
+- batch_mode: off - not in use
+`, opt.DefaultTimeoutAsync, opt.DefaultTimeoutSync),
+		Default:  fs.Duration(0),
+		Advanced: true,
+	}, {
+		Name:     "batch_commit_timeout",
+		Help:     `Max time to wait for a batch to finish committing`,
+		Default:  fs.Duration(10 * time.Minute),
+		Advanced: true,
+	}}
+}
diff --git a/lib/buildinfo/arch.go b/lib/buildinfo/arch.go
index 7b565f558fa43..cf5f2d69a400d 100644
--- a/lib/buildinfo/arch.go
+++ b/lib/buildinfo/arch.go
@@ -26,7 +26,7 @@ import (
 func GetSupportedGOARM() int {
 	if runtime.GOARCH == "arm" && cpu.Initialized {
 		// This CPU is an ARM (32-bit), and cpu.Initialized true means its
-		// features could be retrived on current GOOS so that we can check
+		// features could be retrieved on current GOOS so that we can check
 		// for floating point hardware support.
 		if cpu.ARM.HasVFPv3 {
 			// This CPU has VFPv3 floating point hardware, which means it can
@@ -37,13 +37,12 @@ func GetSupportedGOARM() int {
 			// means it can run programs built with GOARM value 6 and lower,
 			// but not 7.
 			return 6
-		} else {
-			// This CPU has no VFP floating point hardware, which means it can
-			// only run programs built with GOARM value 5, which is minimum supported.
-			// Note that the CPU can still in reality be based on e.g. ARMv7
-			// architecture, but simply lack hardfloat support.
-			return 5
 		}
+		// This CPU has no VFP floating point hardware, which means it can
+		// only run programs built with GOARM value 5, which is minimum supported.
+		// Note that the CPU can still in reality be based on e.g. ARMv7
+		// architecture, but simply lack hardfloat support.
+		return 5
 	}
 	return 0
 }
diff --git a/lib/buildinfo/osversion_windows.go b/lib/buildinfo/osversion_windows.go
index 2f0a07a7d4440..bcc903c36c58f 100644
--- a/lib/buildinfo/osversion_windows.go
+++ b/lib/buildinfo/osversion_windows.go
@@ -1,7 +1,6 @@
 package buildinfo
 
 import (
-	"fmt"
 	"regexp"
 	"strings"
 	"unsafe"
@@ -32,10 +31,10 @@ func GetOSVersion() (osVersion, osKernel string) {
 			}
 		}
 
-		// Simplify kernel output: `RELEASE.BUILD Build BUILD` -> `RELEASE.BUILD`
-		match := regexp.MustCompile(`^([\d\.]+?\.)(\d+) Build (\d+)$`).FindStringSubmatch(osKernel)
+		// Simplify kernel output: `MAJOR.MINOR.BUILD.REVISION Build BUILD.REVISION` -> `MAJOR.MINOR.BUILD.REVISION`
+		match := regexp.MustCompile(`^(\d+\.\d+\.(\d+\.\d+)) Build (\d+\.\d+)$`).FindStringSubmatch(osKernel)
 		if len(match) == 4 && match[2] == match[3] {
-			osKernel = match[1] + match[2]
+			osKernel = match[1]
 		}
 	}
 
@@ -53,11 +52,6 @@ func GetOSVersion() (osVersion, osKernel string) {
 		}
 	}
 
-	updateRevision := getRegistryVersionInt("UBR")
-	if osKernel != "" && updateRevision != 0 {
-		osKernel += fmt.Sprintf(".%d", updateRevision)
-	}
-
 	if arch, err := host.KernelArch(); err == nil && arch != "" {
 		if strings.HasSuffix(arch, "64") && osVersion != "" {
 			osVersion += " (64 bit)"
diff --git a/lib/buildinfo/snap.go b/lib/buildinfo/snap.go
new file mode 100644
index 0000000000000..0cc8abd218836
--- /dev/null
+++ b/lib/buildinfo/snap.go
@@ -0,0 +1,8 @@
+//go:build snap
+// +build snap
+
+package buildinfo
+
+func init() {
+	Tags = append(Tags, "snap")
+}
diff --git a/lib/debug/common.go b/lib/debug/common.go
index ab0a28da92f46..14ea9ddc2a38b 100644
--- a/lib/debug/common.go
+++ b/lib/debug/common.go
@@ -10,3 +10,9 @@ import (
 func SetGCPercent(percent int) int {
 	return debug.SetGCPercent(percent)
 }
+
+// SetMemoryLimit calls the runtime/debug.SetMemoryLimit function to set the
+// soft-memory limit.
+func SetMemoryLimit(limit int64) int64 {
+	return debug.SetMemoryLimit(limit)
+}
diff --git a/lib/debug/go1.19.go b/lib/debug/go1.19.go
deleted file mode 100644
index 1103f20259e8e..0000000000000
--- a/lib/debug/go1.19.go
+++ /dev/null
@@ -1,14 +0,0 @@
-//go:build go1.19
-// +build go1.19
-
-package debug
-
-import (
-	"runtime/debug"
-)
-
-// SetMemoryLimit calls the runtime/debug.SetMemoryLimit function to set the
-// soft-memory limit.
-func SetMemoryLimit(limit int64) (int64, error) {
-	return debug.SetMemoryLimit(limit), nil
-}
diff --git a/lib/debug/go1.19_compat.go b/lib/debug/go1.19_compat.go
deleted file mode 100644
index e4ccbc6955b11..0000000000000
--- a/lib/debug/go1.19_compat.go
+++ /dev/null
@@ -1,14 +0,0 @@
-//go:build !go1.19
-// +build !go1.19
-
-package debug
-
-import (
-	"fmt"
-	"runtime"
-)
-
-// SetMemoryLimit is a no-op on Go version < 1.19.
-func SetMemoryLimit(limit int64) (int64, error) {
-	return limit, fmt.Errorf("not implemented on Go version below 1.19: %s", runtime.Version())
-}
diff --git a/lib/dircache/dircache.go b/lib/dircache/dircache.go
index 8076e7c8f72f0..8cab02453e7c5 100644
--- a/lib/dircache/dircache.go
+++ b/lib/dircache/dircache.go
@@ -48,7 +48,7 @@ type DirCacher interface {
 // error. This isn't done at initialization as it isn't known whether
 // the root and intermediate directories need to be created or not.
 //
-// Most of the utility functions wil call FindRoot() on the caller's
+// Most of the utility functions will call FindRoot() on the caller's
 // behalf with the create flag passed in.
 //
 // The cache is safe for concurrent use
diff --git a/lib/diskusage/diskusage.go b/lib/diskusage/diskusage.go
new file mode 100644
index 0000000000000..a2caa93aed6a3
--- /dev/null
+++ b/lib/diskusage/diskusage.go
@@ -0,0 +1,15 @@
+// Package diskusage provides a cross platform version of the statfs
+// system call to read disk space usage.
+package diskusage
+
+import "errors"
+
+// Info is returned from New showing details about the disk.
+type Info struct {
+	Free      uint64 // total free bytes
+	Available uint64 // free bytes available to the current user
+	Total     uint64 // total bytes on disk
+}
+
+// ErrUnsupported is returned if this platform doesn't support disk usage.
+var ErrUnsupported = errors.New("disk usage unsupported on this platform")
diff --git a/lib/diskusage/diskusage_netbsd.go b/lib/diskusage/diskusage_netbsd.go
new file mode 100644
index 0000000000000..973bd1d863a6b
--- /dev/null
+++ b/lib/diskusage/diskusage_netbsd.go
@@ -0,0 +1,27 @@
+//go:build netbsd
+
+package diskusage
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// New returns the disk status for dir.
+//
+// May return Unsupported error if it doesn't work on this platform.
+func New(dir string) (info Info, err error) {
+	var statfs unix.Statvfs_t
+	err = unix.Statvfs(dir, &statfs)
+	if err != nil {
+		return info, err
+	}
+	// Note that these can be different sizes on different OSes so
+	// we upcast them all to uint64
+	//nolint:unconvert
+	info.Free = uint64(statfs.Bfree) * uint64(statfs.Bsize)
+	//nolint:unconvert
+	info.Available = uint64(statfs.Bavail) * uint64(statfs.Bsize)
+	//nolint:unconvert
+	info.Total = uint64(statfs.Blocks) * uint64(statfs.Bsize)
+	return info, nil
+}
diff --git a/lib/diskusage/diskusage_openbsd.go b/lib/diskusage/diskusage_openbsd.go
new file mode 100644
index 0000000000000..ff0e1f7a47210
--- /dev/null
+++ b/lib/diskusage/diskusage_openbsd.go
@@ -0,0 +1,27 @@
+//go:build openbsd
+
+package diskusage
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// New returns the disk status for dir.
+//
+// May return Unsupported error if it doesn't work on this platform.
+func New(dir string) (info Info, err error) {
+	var statfs unix.Statfs_t
+	err = unix.Statfs(dir, &statfs)
+	if err != nil {
+		return info, err
+	}
+	// Note that these can be different sizes on different OSes so
+	// we upcast them all to uint64
+	//nolint:unconvert
+	info.Free = uint64(statfs.F_bfree) * uint64(statfs.F_bsize)
+	//nolint:unconvert
+	info.Available = uint64(statfs.F_bavail) * uint64(statfs.F_bsize)
+	//nolint:unconvert
+	info.Total = uint64(statfs.F_blocks) * uint64(statfs.F_bsize)
+	return info, nil
+}
diff --git a/lib/diskusage/diskusage_test.go b/lib/diskusage/diskusage_test.go
new file mode 100644
index 0000000000000..f0263bfb5380c
--- /dev/null
+++ b/lib/diskusage/diskusage_test.go
@@ -0,0 +1,23 @@
+package diskusage
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNew(t *testing.T) {
+	info, err := New(".")
+	if err == ErrUnsupported {
+		t.Skip(err)
+	}
+	require.NoError(t, err)
+	t.Logf("Free      %16d", info.Free)
+	t.Logf("Available %16d", info.Available)
+	t.Logf("Total     %16d", info.Total)
+	assert.True(t, info.Total != 0)
+	assert.True(t, info.Total > info.Free)
+	assert.True(t, info.Total > info.Available)
+	assert.True(t, info.Free >= info.Available)
+}
diff --git a/lib/diskusage/diskusage_unix.go b/lib/diskusage/diskusage_unix.go
new file mode 100644
index 0000000000000..822cd96f7f993
--- /dev/null
+++ b/lib/diskusage/diskusage_unix.go
@@ -0,0 +1,27 @@
+//go:build aix || android || darwin || dragonfly || freebsd || ios || linux
+
+package diskusage
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// New returns the disk status for dir.
+//
+// May return Unsupported error if it doesn't work on this platform.
+func New(dir string) (info Info, err error) {
+	var statfs unix.Statfs_t
+	err = unix.Statfs(dir, &statfs)
+	if err != nil {
+		return info, err
+	}
+	// Note that these can be different sizes on different OSes so
+	// we upcast them all to uint64
+	//nolint:unconvert
+	info.Free = uint64(statfs.Bfree) * uint64(statfs.Bsize)
+	//nolint:unconvert
+	info.Available = uint64(statfs.Bavail) * uint64(statfs.Bsize)
+	//nolint:unconvert
+	info.Total = uint64(statfs.Blocks) * uint64(statfs.Bsize)
+	return info, nil
+}
diff --git a/lib/diskusage/diskusage_unsupported.go b/lib/diskusage/diskusage_unsupported.go
new file mode 100644
index 0000000000000..1e4bddc40d66a
--- /dev/null
+++ b/lib/diskusage/diskusage_unsupported.go
@@ -0,0 +1,10 @@
+//go:build illumos || js || plan9 || solaris
+
+package diskusage
+
+// New returns the disk status for dir.
+//
+// May return Unsupported error if it doesn't work on this platform.
+func New(dir string) (info Info, err error) {
+	return info, ErrUnsupported
+}
diff --git a/lib/diskusage/diskusage_windows.go b/lib/diskusage/diskusage_windows.go
new file mode 100644
index 0000000000000..e7a957c5d0e1e
--- /dev/null
+++ b/lib/diskusage/diskusage_windows.go
@@ -0,0 +1,16 @@
+//go:build windows
+
+package diskusage
+
+import (
+	"golang.org/x/sys/windows"
+)
+
+// New returns the disk status for dir.
+//
+// May return Unsupported error if it doesn't work on this platform.
+func New(dir string) (info Info, err error) {
+	dir16 := windows.StringToUTF16Ptr(dir)
+	err = windows.GetDiskFreeSpaceEx(dir16, &info.Available, &info.Total, &info.Free)
+	return info, err
+}
diff --git a/lib/errors/errors.go b/lib/errors/errors.go
index a978909ab31c3..ea8d70318254f 100644
--- a/lib/errors/errors.go
+++ b/lib/errors/errors.go
@@ -1,4 +1,4 @@
-// Package errors provides error handling utilites.
+// Package errors provides error handling utilities.
 package errors
 
 import (
diff --git a/lib/exitcode/exitcode.go b/lib/exitcode/exitcode.go
index 7b850cdb8c557..6cedb33030ac2 100644
--- a/lib/exitcode/exitcode.go
+++ b/lib/exitcode/exitcode.go
@@ -22,4 +22,6 @@ const (
 	TransferExceeded
 	// NoFilesTransferred everything succeeded, but no transfer was made.
 	NoFilesTransferred
+	// DurationExceeded is returned when transfer duration exceeded the quota.
+	DurationExceeded
 )
diff --git a/lib/file/mkdir_windows.go b/lib/file/mkdir_windows.go
index 73a82ac62dd8d..929587fd8c796 100644
--- a/lib/file/mkdir_windows.go
+++ b/lib/file/mkdir_windows.go
@@ -53,7 +53,7 @@ func MkdirAll(path string, perm os.FileMode) error {
 				j--
 			}
 			if j > 1 {
-				if path[:j-1] != `\\?\UNC` {
+				if path[:j-1] != `\\?\UNC` && path[:j-1] != `\\?` {
 					// Create parent.
 					err = MkdirAll(path[:j-1], perm)
 					if err != nil {
diff --git a/lib/file/mkdir_windows_test.go b/lib/file/mkdir_windows_test.go
index 2750e2dc3d85f..a969f2d7fc298 100644
--- a/lib/file/mkdir_windows_test.go
+++ b/lib/file/mkdir_windows_test.go
@@ -89,7 +89,7 @@ func checkMkdirAll(t *testing.T, path string, valid bool, errormsgs ...string) {
 				ok = true
 			}
 		}
-		assert.True(t, ok, err.Error())
+		assert.True(t, ok, fmt.Sprintf("Error message '%v' didn't match any of %v", err, errormsgs))
 	}
 }
 
@@ -114,7 +114,7 @@ func TestMkdirAllOnDrive(t *testing.T) {
 
 	checkMkdirAll(t, drive, true, "")
 	checkMkdirAll(t, drive+`\`, true, "")
-	checkMkdirAll(t, `\\?\`+drive, true, "")
+	// checkMkdirAll(t, `\\?\`+drive, true, "") - this isn't actually a Valid Windows path - this test used to work under go1.21.3 but fails under go1.21.4
 	checkMkdirAll(t, `\\?\`+drive+`\`, true, "")
 	checkMkdirAllSubdirs(t, path, true, "")
 	checkMkdirAllSubdirs(t, `\\?\`+path, true, "")
@@ -129,10 +129,11 @@ func TestMkdirAllOnDrive(t *testing.T) {
 // "mkdir \\?\A:\: The system cannot find the path specified."
 func TestMkdirAllOnUnusedDrive(t *testing.T) {
 	path := unusedDrive(t)
-	errormsg := fmt.Sprintf("mkdir %s\\: The system cannot find the path specified.", path)
+	errormsg := fmt.Sprintf(`mkdir %s\: The system cannot find the path specified.`, path)
 	checkMkdirAllSubdirs(t, path, false, errormsg)
-	errormsg = fmt.Sprintf("mkdir \\\\?\\%s\\: The system cannot find the path specified.", path)
-	checkMkdirAllSubdirs(t, `\\?\`+path, false, errormsg)
+	errormsg1 := fmt.Sprintf(`mkdir \\?\%s\: The system cannot find the path specified.`, path) // pre go1.21.4
+	errormsg2 := fmt.Sprintf(`mkdir \\?\%s: The system cannot find the file specified.`, path)  // go1.21.4 and after
+	checkMkdirAllSubdirs(t, `\\?\`+path, false, errormsg1, errormsg2)
 }
 
 // Testing paths on unknown network host
diff --git a/lib/file/preallocate_unix.go b/lib/file/preallocate_unix.go
index e6f85272cdd39..3ffefb20d6fb3 100644
--- a/lib/file/preallocate_unix.go
+++ b/lib/file/preallocate_unix.go
@@ -18,7 +18,7 @@ var (
 		unix.FALLOC_FL_KEEP_SIZE,                             // Default
 		unix.FALLOC_FL_KEEP_SIZE | unix.FALLOC_FL_PUNCH_HOLE, // for ZFS #3066
 	}
-	fallocFlagsIndex int32
+	fallocFlagsIndex atomic.Int32
 	preAllocateMu    sync.Mutex
 )
 
@@ -37,7 +37,7 @@ func PreAllocate(size int64, out *os.File) (err error) {
 
 	for {
 
-		index := atomic.LoadInt32(&fallocFlagsIndex)
+		index := fallocFlagsIndex.Load()
 	again:
 		if index >= int32(len(fallocFlags)) {
 			return nil // Fallocate is disabled
@@ -47,7 +47,7 @@ func PreAllocate(size int64, out *os.File) (err error) {
 		if err == unix.ENOTSUP {
 			// Try the next flags combination
 			index++
-			atomic.StoreInt32(&fallocFlagsIndex, index)
+			fallocFlagsIndex.Store(index)
 			fs.Debugf(nil, "preAllocate: got error on fallocate, trying combination %d/%d: %v", index, len(fallocFlags), err)
 			goto again
 
diff --git a/lib/http/auth.go b/lib/http/auth.go
index 50b024f707790..6b5ce6eb52df2 100644
--- a/lib/http/auth.go
+++ b/lib/http/auth.go
@@ -1,20 +1,29 @@
 package http
 
 import (
+	"bytes"
+	"html/template"
+	"log"
+
 	"github.com/rclone/rclone/fs/config/flags"
 	"github.com/spf13/pflag"
 )
 
-// AuthHelp contains text describing the http authentication to add to the command help.
-var AuthHelp = `
+// AuthHelp returns text describing the http authentication to add to the command help.
+func AuthHelp(prefix string) string {
+	help := `
 #### Authentication
 
 By default this will serve files without needing a login.
 
 You can either use an htpasswd file which can take lots of users, or
-set a single username and password with the ` + "`--user` and `--pass`" + ` flags.
+set a single username and password with the ` + "`--{{ .Prefix }}user` and `--{{ .Prefix }}pass`" + ` flags.
+
+If no static users are configured by either of the above methods, and client
+certificates are required by the ` + "`--client-ca`" + ` flag passed to the server, the
+client certificate common name will be considered as the username.
 
-Use ` + "`--htpasswd /path/to/htpasswd`" + ` to provide an htpasswd file.  This is
+Use ` + "`--{{ .Prefix }}htpasswd /path/to/htpasswd`" + ` to provide an htpasswd file.  This is
 in standard apache format and supports MD5, SHA1 and BCrypt for basic
 authentication.  Bcrypt is recommended.
 
@@ -26,10 +35,27 @@ To create an htpasswd file:
 
 The password file can be updated while rclone is running.
 
-Use ` + "`--realm`" + ` to set the authentication realm.
+Use ` + "`--{{ .Prefix }}realm`" + ` to set the authentication realm.
 
-Use ` + "`--salt`" + ` to change the password hashing salt from the default.
+Use ` + "`--{{ .Prefix }}salt`" + ` to change the password hashing salt from the default.
 `
+	tmpl, err := template.New("auth help").Parse(help)
+	if err != nil {
+		log.Fatal("Fatal error parsing template", err)
+	}
+
+	data := struct {
+		Prefix string
+	}{
+		Prefix: prefix,
+	}
+	buf := &bytes.Buffer{}
+	err = tmpl.Execute(buf, data)
+	if err != nil {
+		log.Fatal("Fatal error executing template", err)
+	}
+	return buf.String()
+}
 
 // CustomAuthFn if used will be used to authenticate user, pass. If an error
 // is returned then the user is not authenticated.
@@ -49,11 +75,11 @@ type AuthConfig struct {
 
 // AddFlagsPrefix adds flags to the flag set for AuthConfig
 func (cfg *AuthConfig) AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string) {
-	flags.StringVarP(flagSet, &cfg.HtPasswd, prefix+"htpasswd", "", cfg.HtPasswd, "A htpasswd file - if not provided no authentication is done")
-	flags.StringVarP(flagSet, &cfg.Realm, prefix+"realm", "", cfg.Realm, "Realm for authentication")
-	flags.StringVarP(flagSet, &cfg.BasicUser, prefix+"user", "", cfg.BasicUser, "User name for authentication")
-	flags.StringVarP(flagSet, &cfg.BasicPass, prefix+"pass", "", cfg.BasicPass, "Password for authentication")
-	flags.StringVarP(flagSet, &cfg.Salt, prefix+"salt", "", cfg.Salt, "Password hashing salt")
+	flags.StringVarP(flagSet, &cfg.HtPasswd, prefix+"htpasswd", "", cfg.HtPasswd, "A htpasswd file - if not provided no authentication is done", prefix)
+	flags.StringVarP(flagSet, &cfg.Realm, prefix+"realm", "", cfg.Realm, "Realm for authentication", prefix)
+	flags.StringVarP(flagSet, &cfg.BasicUser, prefix+"user", "", cfg.BasicUser, "User name for authentication", prefix)
+	flags.StringVarP(flagSet, &cfg.BasicPass, prefix+"pass", "", cfg.BasicPass, "Password for authentication", prefix)
+	flags.StringVarP(flagSet, &cfg.Salt, prefix+"salt", "", cfg.Salt, "Password hashing salt", prefix)
 }
 
 // AddAuthFlagsPrefix adds flags to the flag set for AuthConfig
diff --git a/lib/http/auth_test.go b/lib/http/auth_test.go
new file mode 100644
index 0000000000000..dec115a1237c0
--- /dev/null
+++ b/lib/http/auth_test.go
@@ -0,0 +1,15 @@
+package http
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestHelpPrefixAuth(t *testing.T) {
+	// This test assumes template variables are placed correctly.
+	const testPrefix = "server-help-test"
+	helpMessage := AuthHelp(testPrefix)
+	if !strings.Contains(helpMessage, testPrefix) {
+		t.Fatal("flag prefix not found")
+	}
+}
diff --git a/lib/http/middleware.go b/lib/http/middleware.go
index cef2485d68c81..3ee5c0cdc2020 100644
--- a/lib/http/middleware.go
+++ b/lib/http/middleware.go
@@ -62,6 +62,11 @@ func basicAuth(authenticator *LoggedBasicAuth) func(next http.Handler) http.Hand
 				next.ServeHTTP(w, r)
 				return
 			}
+			// skip auth for CORS preflight
+			if r.Method == "OPTIONS" {
+				next.ServeHTTP(w, r)
+				return
+			}
 
 			username := authenticator.CheckAuth(r)
 			if username == "" {
@@ -74,6 +79,24 @@ func basicAuth(authenticator *LoggedBasicAuth) func(next http.Handler) http.Hand
 	}
 }
 
+// MiddlewareAuthCertificateUser instantiates middleware that extracts the authenticated user via client certificate common name
+func MiddlewareAuthCertificateUser() Middleware {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			for _, cert := range r.TLS.PeerCertificates {
+				if cert.Subject.CommonName != "" {
+					r = r.WithContext(context.WithValue(r.Context(), ctxKeyUser, cert.Subject.CommonName))
+					next.ServeHTTP(w, r)
+					return
+				}
+			}
+			code := http.StatusUnauthorized
+			w.Header().Set("Content-Type", "text/plain")
+			http.Error(w, http.StatusText(code), code)
+		})
+	}
+}
+
 // MiddlewareAuthHtpasswd instantiates middleware that authenticates against the passed htpasswd file
 func MiddlewareAuthHtpasswd(path, realm string) Middleware {
 	fs.Infof(nil, "Using %q as htpasswd storage", path)
@@ -97,7 +120,7 @@ func MiddlewareAuthBasic(user, pass, realm, salt string) Middleware {
 }
 
 // MiddlewareAuthCustom instantiates middleware that authenticates using a custom function
-func MiddlewareAuthCustom(fn CustomAuthFn, realm string) Middleware {
+func MiddlewareAuthCustom(fn CustomAuthFn, realm string, userFromContext bool) Middleware {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// skip auth for unix socket
@@ -105,8 +128,17 @@ func MiddlewareAuthCustom(fn CustomAuthFn, realm string) Middleware {
 				next.ServeHTTP(w, r)
 				return
 			}
+			// skip auth for CORS preflight
+			if r.Method == "OPTIONS" {
+				next.ServeHTTP(w, r)
+				return
+			}
 
 			user, pass, ok := parseAuthorization(r)
+			if !ok && userFromContext {
+				user, ok = CtxGetUser(r.Context())
+			}
+
 			if !ok {
 				code := http.StatusUnauthorized
 				w.Header().Set("Content-Type", "text/plain")
@@ -151,14 +183,10 @@ func MiddlewareCORS(allowOrigin string) Middleware {
 
 			if allowOrigin != "" {
 				w.Header().Add("Access-Control-Allow-Origin", allowOrigin)
-			} else {
-				w.Header().Add("Access-Control-Allow-Origin", PublicURL(r))
+				w.Header().Add("Access-Control-Allow-Headers", "authorization, Content-Type")
+				w.Header().Add("Access-Control-Allow-Methods", "COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, TRACE, UNLOCK")
 			}
 
-			// echo back access control headers client needs
-			w.Header().Add("Access-Control-Request-Method", "POST, OPTIONS, GET, HEAD")
-			w.Header().Add("Access-Control-Allow-Headers", "authorization, Content-Type")
-
 			next.ServeHTTP(w, r)
 		})
 	}
diff --git a/lib/http/middleware_test.go b/lib/http/middleware_test.go
index 8932ca4fd1b95..15d0b0525d663 100644
--- a/lib/http/middleware_test.go
+++ b/lib/http/middleware_test.go
@@ -2,6 +2,7 @@ package http
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"net/http"
@@ -159,31 +160,239 @@ func TestMiddlewareAuth(t *testing.T) {
 	}
 }
 
+func TestMiddlewareAuthCertificateUser(t *testing.T) {
+	serverCertBytes := testReadTestdataFile(t, "local.crt")
+	serverKeyBytes := testReadTestdataFile(t, "local.key")
+	clientCertBytes := testReadTestdataFile(t, "client.crt")
+	clientKeyBytes := testReadTestdataFile(t, "client.key")
+	clientCert, err := tls.X509KeyPair(clientCertBytes, clientKeyBytes)
+	require.NoError(t, err)
+	emptyCertBytes := testReadTestdataFile(t, "emptyclient.crt")
+	emptyKeyBytes := testReadTestdataFile(t, "emptyclient.key")
+	emptyCert, err := tls.X509KeyPair(emptyCertBytes, emptyKeyBytes)
+	require.NoError(t, err)
+	invalidCert, err := tls.X509KeyPair(serverCertBytes, serverKeyBytes)
+	require.NoError(t, err)
+
+	servers := []struct {
+		name        string
+		wantErr     bool
+		status      int
+		result      string
+		http        Config
+		auth        AuthConfig
+		clientCerts []tls.Certificate
+	}{
+		{
+			name:    "Missing",
+			wantErr: true,
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+		},
+		{
+			name:        "Invalid",
+			wantErr:     true,
+			clientCerts: []tls.Certificate{invalidCert},
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+		},
+		{
+			name:        "EmptyCommonName",
+			status:      http.StatusUnauthorized,
+			result:      fmt.Sprintf("%s\n", http.StatusText(http.StatusUnauthorized)),
+			clientCerts: []tls.Certificate{emptyCert},
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+		},
+		{
+			name:        "Valid",
+			status:      http.StatusOK,
+			result:      "rclone-dev-client",
+			clientCerts: []tls.Certificate{clientCert},
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+		},
+		{
+			name:        "CustomAuth/Invalid",
+			status:      http.StatusUnauthorized,
+			result:      fmt.Sprintf("%d %s\n", http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized)),
+			clientCerts: []tls.Certificate{clientCert},
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+			auth: AuthConfig{
+				Realm: "test",
+				CustomAuthFn: func(user, pass string) (value interface{}, err error) {
+					if user == "custom" && pass == "custom" {
+						return true, nil
+					}
+					return nil, errors.New("invalid credentials")
+				},
+			},
+		},
+		{
+			name:        "CustomAuth/Valid",
+			status:      http.StatusOK,
+			result:      "rclone-dev-client",
+			clientCerts: []tls.Certificate{clientCert},
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+			auth: AuthConfig{
+				Realm: "test",
+				CustomAuthFn: func(user, pass string) (value interface{}, err error) {
+					fmt.Println("CUSTOMAUTH", user, pass)
+					if user == "rclone-dev-client" && pass == "" {
+						return true, nil
+					}
+					return nil, errors.New("invalid credentials")
+				},
+			},
+		},
+	}
+
+	for _, ss := range servers {
+		t.Run(ss.name, func(t *testing.T) {
+			s, err := NewServer(context.Background(), WithConfig(ss.http), WithAuth(ss.auth))
+			require.NoError(t, err)
+			defer func() {
+				require.NoError(t, s.Shutdown())
+			}()
+
+			s.Router().Mount("/", testAuthUserHandler())
+			s.Serve()
+
+			url := testGetServerURL(t, s)
+			client := &http.Client{
+				Transport: &http.Transport{
+					TLSClientConfig: &tls.Config{
+						Certificates:       ss.clientCerts,
+						InsecureSkipVerify: true,
+					},
+				},
+			}
+			req, err := http.NewRequest("GET", url, nil)
+			require.NoError(t, err)
+
+			resp, err := client.Do(req)
+			if ss.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+
+			defer func() {
+				_ = resp.Body.Close()
+			}()
+
+			require.Equal(t, ss.status, resp.StatusCode, fmt.Sprintf("should return status %d", ss.status))
+
+			testExpectRespBody(t, resp, []byte(ss.result))
+		})
+	}
+
+}
+
 var _testCORSHeaderKeys = []string{
 	"Access-Control-Allow-Origin",
-	"Access-Control-Request-Method",
 	"Access-Control-Allow-Headers",
+	"Access-Control-Allow-Methods",
 }
 
 func TestMiddlewareCORS(t *testing.T) {
 	servers := []struct {
-		name   string
-		http   Config
-		origin string
+		name string
+		http Config
 	}{
 		{
-			name: "EmptyOrigin",
+			name: "CustomOrigin",
 			http: Config{
-				ListenAddr: []string{"127.0.0.1:0"},
+				ListenAddr:  []string{"127.0.0.1:0"},
+				AllowOrigin: "http://test.rclone.org",
 			},
-			origin: "",
 		},
+	}
+
+	for _, ss := range servers {
+		t.Run(ss.name, func(t *testing.T) {
+			s, err := NewServer(context.Background(), WithConfig(ss.http))
+			require.NoError(t, err)
+			defer func() {
+				require.NoError(t, s.Shutdown())
+			}()
+
+			expected := []byte("data")
+			s.Router().Mount("/", testEchoHandler(expected))
+			s.Serve()
+
+			url := testGetServerURL(t, s)
+
+			client := &http.Client{}
+			req, err := http.NewRequest("GET", url, nil)
+			require.NoError(t, err)
+
+			resp, err := client.Do(req)
+			require.NoError(t, err)
+			defer func() {
+				_ = resp.Body.Close()
+			}()
+
+			require.Equal(t, http.StatusOK, resp.StatusCode, "should return ok")
+
+			testExpectRespBody(t, resp, expected)
+
+			for _, key := range _testCORSHeaderKeys {
+				require.Contains(t, resp.Header, key, "CORS headers should be sent")
+			}
+
+			expectedOrigin := url
+			if ss.http.AllowOrigin != "" {
+				expectedOrigin = ss.http.AllowOrigin
+			}
+			require.Equal(t, expectedOrigin, resp.Header.Get("Access-Control-Allow-Origin"), "allow origin should match")
+		})
+	}
+}
+
+func TestMiddlewareCORSEmptyOrigin(t *testing.T) {
+	servers := []struct {
+		name string
+		http Config
+	}{
 		{
-			name: "CustomOrigin",
+			name: "EmptyOrigin",
 			http: Config{
-				ListenAddr: []string{"127.0.0.1:0"},
+				ListenAddr:  []string{"127.0.0.1:0"},
+				AllowOrigin: "",
 			},
-			origin: "http://test.rclone.org",
 		},
 	}
 
@@ -195,8 +404,6 @@ func TestMiddlewareCORS(t *testing.T) {
 				require.NoError(t, s.Shutdown())
 			}()
 
-			s.Router().Use(MiddlewareCORS(ss.origin))
-
 			expected := []byte("data")
 			s.Router().Mount("/", testEchoHandler(expected))
 			s.Serve()
@@ -218,12 +425,66 @@ func TestMiddlewareCORS(t *testing.T) {
 			testExpectRespBody(t, resp, expected)
 
 			for _, key := range _testCORSHeaderKeys {
-				require.Contains(t, resp.Header, key, "CORS headers should be sent")
+				require.NotContains(t, resp.Header, key, "CORS headers should not be sent")
+			}
+		})
+	}
+}
+
+func TestMiddlewareCORSWithAuth(t *testing.T) {
+	authServers := []struct {
+		name string
+		http Config
+		auth AuthConfig
+	}{
+		{
+			name: "ServerWithAuth",
+			http: Config{
+				ListenAddr:  []string{"127.0.0.1:0"},
+				AllowOrigin: "http://test.rclone.org",
+			},
+			auth: AuthConfig{
+				Realm:     "test",
+				BasicUser: "test_user",
+				BasicPass: "test_pass",
+			},
+		},
+	}
+
+	for _, ss := range authServers {
+		t.Run(ss.name, func(t *testing.T) {
+			s, err := NewServer(context.Background(), WithConfig(ss.http))
+			require.NoError(t, err)
+			defer func() {
+				require.NoError(t, s.Shutdown())
+			}()
+
+			s.Router().Mount("/", testEmptyHandler())
+			s.Serve()
+
+			url := testGetServerURL(t, s)
+
+			client := &http.Client{}
+			req, err := http.NewRequest("OPTIONS", url, nil)
+			require.NoError(t, err)
+
+			resp, err := client.Do(req)
+			require.NoError(t, err)
+			defer func() {
+				_ = resp.Body.Close()
+			}()
+
+			require.Equal(t, http.StatusOK, resp.StatusCode, "OPTIONS should return ok even if not authenticated")
+
+			testExpectRespBody(t, resp, []byte{})
+
+			for _, key := range _testCORSHeaderKeys {
+				require.Contains(t, resp.Header, key, "CORS headers should be sent even if not authenticated")
 			}
 
 			expectedOrigin := url
-			if ss.origin != "" {
-				expectedOrigin = ss.origin
+			if ss.http.AllowOrigin != "" {
+				expectedOrigin = ss.http.AllowOrigin
 			}
 			require.Equal(t, expectedOrigin, resp.Header.Get("Access-Control-Allow-Origin"), "allow origin should match")
 		})
diff --git a/lib/http/serve/dir_test.go b/lib/http/serve/dir_test.go
index be128ae33adc8..7bedc04717ad8 100644
--- a/lib/http/serve/dir_test.go
+++ b/lib/http/serve/dir_test.go
@@ -10,14 +10,13 @@ import (
 	"testing"
 	"time"
 
+	libhttp "github.com/rclone/rclone/lib/http"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-
-	"github.com/rclone/rclone/cmd/serve/http/data"
 )
 
 func GetTemplate(t *testing.T) *template.Template {
-	htmlTemplate, err := data.GetTemplate("../../../cmd/serve/http/testdata/golden/testindex.html")
+	htmlTemplate, err := libhttp.GetTemplate("../../../cmd/serve/http/testdata/golden/testindex.html")
 	require.NoError(t, err)
 	return htmlTemplate
 }
diff --git a/lib/http/serve/serve.go b/lib/http/serve/serve.go
index c4b70f1fd1b33..6f97d0d8a04b6 100644
--- a/lib/http/serve/serve.go
+++ b/lib/http/serve/serve.go
@@ -35,6 +35,10 @@ func Object(w http.ResponseWriter, r *http.Request, o fs.Object) {
 		w.Header().Set("Content-Type", mimeType)
 	}
 
+	// Set last modified
+	modTime := o.ModTime(r.Context())
+	w.Header().Set("Last-Modified", modTime.UTC().Format(http.TimeFormat))
+
 	if r.Method == "HEAD" {
 		return
 	}
diff --git a/lib/http/serve/serve_test.go b/lib/http/serve/serve_test.go
index b6cc70976d32b..dc90984281534 100644
--- a/lib/http/serve/serve_test.go
+++ b/lib/http/serve/serve_test.go
@@ -1,10 +1,12 @@
 package serve
 
 import (
+	"context"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 
 	"github.com/rclone/rclone/fstest/mockobject"
 	"github.com/stretchr/testify/assert"
@@ -25,11 +27,13 @@ func TestObjectHEAD(t *testing.T) {
 	w := httptest.NewRecorder()
 	r := httptest.NewRequest("HEAD", "http://example.com/aFile", nil)
 	o := mockobject.New("aFile").WithContent([]byte("hello"), mockobject.SeekModeNone)
+	_ = o.SetModTime(context.Background(), time.Date(2023, 9, 20, 12, 11, 15, 0, time.FixedZone("", 4*60*60))) // UTC+4
 	Object(w, r, o)
 	resp := w.Result()
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 	assert.Equal(t, "5", resp.Header.Get("Content-Length"))
 	assert.Equal(t, "bytes", resp.Header.Get("Accept-Ranges"))
+	assert.Equal(t, "Wed, 20 Sep 2023 08:11:15 GMT", resp.Header.Get("Last-Modified"))
 	body, _ := io.ReadAll(resp.Body)
 	assert.Equal(t, "", string(body))
 }
@@ -38,11 +42,13 @@ func TestObjectGET(t *testing.T) {
 	w := httptest.NewRecorder()
 	r := httptest.NewRequest("GET", "http://example.com/aFile", nil)
 	o := mockobject.New("aFile").WithContent([]byte("hello"), mockobject.SeekModeNone)
+	_ = o.SetModTime(context.Background(), time.Date(2023, 9, 20, 12, 11, 15, 0, time.FixedZone("", 2*60*60))) // UTC+2
 	Object(w, r, o)
 	resp := w.Result()
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 	assert.Equal(t, "5", resp.Header.Get("Content-Length"))
 	assert.Equal(t, "bytes", resp.Header.Get("Accept-Ranges"))
+	assert.Equal(t, "Wed, 20 Sep 2023 10:11:15 GMT", resp.Header.Get("Last-Modified"))
 	body, _ := io.ReadAll(resp.Body)
 	assert.Equal(t, "hello", string(body))
 }
diff --git a/lib/http/server.go b/lib/http/server.go
index a7c1f64b240c5..68de85e50f137 100644
--- a/lib/http/server.go
+++ b/lib/http/server.go
@@ -2,6 +2,7 @@
 package http
 
 import (
+	"bytes"
 	"context"
 	"crypto/tls"
 	"crypto/x509"
@@ -23,56 +24,74 @@ import (
 	"github.com/spf13/pflag"
 )
 
-// Help contains text describing the http server to add to the command
+// Help returns text describing the http server to add to the command
 // help.
-var Help = `
+func Help(prefix string) string {
+	help := `
 ### Server options
 
-Use ` + "`--addr`" + ` to specify which IP address and port the server should
-listen on, eg ` + "`--addr 1.2.3.4:8000` or `--addr :8080`" + ` to listen to all
+Use ` + "`--{{ .Prefix }}addr`" + ` to specify which IP address and port the server should
+listen on, eg ` + "`--{{ .Prefix }}addr 1.2.3.4:8000` or `--{{ .Prefix }}addr :8080`" + ` to listen to all
 IPs.  By default it only listens on localhost.  You can use port
 :0 to let the OS choose an available port.
 
-If you set ` + "`--addr`" + ` to listen on a public or LAN accessible IP address
+If you set ` + "`--{{ .Prefix }}addr`" + ` to listen on a public or LAN accessible IP address
 then using Authentication is advised - see the next section for info.
 
 You can use a unix socket by setting the url to ` + "`unix:///path/to/socket`" + `
 or just by using an absolute path name. Note that unix sockets bypass the
 authentication - this is expected to be done with file system permissions.
 
-` + "`--addr`" + ` may be repeated to listen on multiple IPs/ports/sockets.
+` + "`--{{ .Prefix }}addr`" + ` may be repeated to listen on multiple IPs/ports/sockets.
 
-` + "`--server-read-timeout` and `--server-write-timeout`" + ` can be used to
+` + "`--{{ .Prefix }}server-read-timeout` and `--{{ .Prefix }}server-write-timeout`" + ` can be used to
 control the timeouts on the server.  Note that this is the total time
 for a transfer.
 
-` + "`--max-header-bytes`" + ` controls the maximum number of bytes the server will
+` + "`--{{ .Prefix }}max-header-bytes`" + ` controls the maximum number of bytes the server will
 accept in the HTTP header.
 
-` + "`--baseurl`" + ` controls the URL prefix that rclone serves from.  By default
-rclone will serve from the root.  If you used ` + "`--baseurl \"/rclone\"`" + ` then
+` + "`--{{ .Prefix }}baseurl`" + ` controls the URL prefix that rclone serves from.  By default
+rclone will serve from the root.  If you used ` + "`--{{ .Prefix }}baseurl \"/rclone\"`" + ` then
 rclone would serve from a URL starting with "/rclone/".  This is
 useful if you wish to proxy rclone serve.  Rclone automatically
-inserts leading and trailing "/" on ` + "`--baseurl`" + `, so ` + "`--baseurl \"rclone\"`" + `,
-` + "`--baseurl \"/rclone\"` and `--baseurl \"/rclone/\"`" + ` are all treated
+inserts leading and trailing "/" on ` + "`--{{ .Prefix }}baseurl`" + `, so ` + "`--{{ .Prefix }}baseurl \"rclone\"`" + `,
+` + "`--{{ .Prefix }}baseurl \"/rclone\"` and `--{{ .Prefix }}baseurl \"/rclone/\"`" + ` are all treated
 identically.
 
 #### TLS (SSL)
 
 By default this will serve over http.  If you want you can serve over
-https.  You will need to supply the ` + "`--cert` and `--key`" + ` flags.
+https.  You will need to supply the ` + "`--{{ .Prefix }}cert` and `--{{ .Prefix }}key`" + ` flags.
 If you wish to do client side certificate validation then you will need to
-supply ` + "`--client-ca`" + ` also.
+supply ` + "`--{{ .Prefix }}client-ca`" + ` also.
 
-` + "`--cert`" + ` should be a either a PEM encoded certificate or a concatenation
-of that with the CA certificate.  ` + "`--key`" + ` should be the PEM encoded
-private key and ` + "`--client-ca`" + ` should be the PEM encoded client
+` + "`--{{ .Prefix }}cert`" + ` should be a either a PEM encoded certificate or a concatenation
+of that with the CA certificate.  ` + "`--k{{ .Prefix }}ey`" + ` should be the PEM encoded
+private key and ` + "`--{{ .Prefix }}client-ca`" + ` should be the PEM encoded client
 certificate authority certificate.
 
---min-tls-version is minimum TLS version that is acceptable. Valid
+--{{ .Prefix }}min-tls-version is minimum TLS version that is acceptable. Valid
   values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
   "tls1.0").
 `
+	tmpl, err := template.New("server help").Parse(help)
+	if err != nil {
+		log.Fatal("Fatal error parsing template", err)
+	}
+
+	data := struct {
+		Prefix string
+	}{
+		Prefix: prefix,
+	}
+	buf := &bytes.Buffer{}
+	err = tmpl.Execute(buf, data)
+	if err != nil {
+		log.Fatal("Fatal error executing template", err)
+	}
+	return buf.String()
+}
 
 // Middleware function signature required by chi.Router.Use()
 type Middleware func(http.Handler) http.Handler
@@ -90,19 +109,21 @@ type Config struct {
 	TLSKeyBody         []byte        // TLS PEM Private key body, ignores TLSKey
 	ClientCA           string        // Client certificate authority to verify clients with
 	MinTLSVersion      string        // MinTLSVersion contains the minimum TLS version that is acceptable.
+	AllowOrigin        string        // AllowOrigin sets the Access-Control-Allow-Origin header
 }
 
 // AddFlagsPrefix adds flags for the httplib
 func (cfg *Config) AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string) {
-	flags.StringArrayVarP(flagSet, &cfg.ListenAddr, prefix+"addr", "", cfg.ListenAddr, "IPaddress:Port or :Port to bind server to")
-	flags.DurationVarP(flagSet, &cfg.ServerReadTimeout, prefix+"server-read-timeout", "", cfg.ServerReadTimeout, "Timeout for server reading data")
-	flags.DurationVarP(flagSet, &cfg.ServerWriteTimeout, prefix+"server-write-timeout", "", cfg.ServerWriteTimeout, "Timeout for server writing data")
-	flags.IntVarP(flagSet, &cfg.MaxHeaderBytes, prefix+"max-header-bytes", "", cfg.MaxHeaderBytes, "Maximum size of request header")
-	flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "TLS PEM key (concatenation of certificate and CA certificate)")
-	flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "TLS PEM Private key")
-	flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Client certificate authority to verify clients with")
-	flags.StringVarP(flagSet, &cfg.BaseURL, prefix+"baseurl", "", cfg.BaseURL, "Prefix for URLs - leave blank for root")
-	flags.StringVarP(flagSet, &cfg.MinTLSVersion, prefix+"min-tls-version", "", cfg.MinTLSVersion, "Minimum TLS version that is acceptable")
+	flags.StringArrayVarP(flagSet, &cfg.ListenAddr, prefix+"addr", "", cfg.ListenAddr, "IPaddress:Port or :Port to bind server to", prefix)
+	flags.DurationVarP(flagSet, &cfg.ServerReadTimeout, prefix+"server-read-timeout", "", cfg.ServerReadTimeout, "Timeout for server reading data", prefix)
+	flags.DurationVarP(flagSet, &cfg.ServerWriteTimeout, prefix+"server-write-timeout", "", cfg.ServerWriteTimeout, "Timeout for server writing data", prefix)
+	flags.IntVarP(flagSet, &cfg.MaxHeaderBytes, prefix+"max-header-bytes", "", cfg.MaxHeaderBytes, "Maximum size of request header", prefix)
+	flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "TLS PEM key (concatenation of certificate and CA certificate)", prefix)
+	flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "TLS PEM Private key", prefix)
+	flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Client certificate authority to verify clients with", prefix)
+	flags.StringVarP(flagSet, &cfg.BaseURL, prefix+"baseurl", "", cfg.BaseURL, "Prefix for URLs - leave blank for root", prefix)
+	flags.StringVarP(flagSet, &cfg.MinTLSVersion, prefix+"min-tls-version", "", cfg.MinTLSVersion, "Minimum TLS version that is acceptable", prefix)
+	flags.StringVarP(flagSet, &cfg.AllowOrigin, prefix+"allow-origin", "", cfg.AllowOrigin, "Origin which cross-domain request (CORS) can be executed from", prefix)
 }
 
 // AddHTTPFlagsPrefix adds flags for the httplib
@@ -207,8 +228,6 @@ func NewServer(ctx context.Context, options ...Option) (*Server, error) {
 		s.mux.Use(MiddlewareStripPrefix(s.cfg.BaseURL))
 	}
 
-	s.initAuth()
-
 	err := s.initTemplate()
 	if err != nil {
 		return nil, err
@@ -219,6 +238,10 @@ func NewServer(ctx context.Context, options ...Option) (*Server, error) {
 		return nil, err
 	}
 
+	s.mux.Use(MiddlewareCORS(s.cfg.AllowOrigin))
+
+	s.initAuth()
+
 	for _, addr := range s.cfg.ListenAddr {
 		var url string
 		var network = "tcp"
@@ -274,9 +297,17 @@ func NewServer(ctx context.Context, options ...Option) (*Server, error) {
 }
 
 func (s *Server) initAuth() {
+	s.usingAuth = false
+
+	authCertificateUserEnabled := s.tlsConfig != nil && s.tlsConfig.ClientAuth != tls.NoClientCert && s.auth.HtPasswd == "" && s.auth.BasicUser == ""
+	if authCertificateUserEnabled {
+		s.usingAuth = true
+		s.mux.Use(MiddlewareAuthCertificateUser())
+	}
+
 	if s.auth.CustomAuthFn != nil {
 		s.usingAuth = true
-		s.mux.Use(MiddlewareAuthCustom(s.auth.CustomAuthFn, s.auth.Realm))
+		s.mux.Use(MiddlewareAuthCustom(s.auth.CustomAuthFn, s.auth.Realm, authCertificateUserEnabled))
 		return
 	}
 
@@ -291,7 +322,6 @@ func (s *Server) initAuth() {
 		s.mux.Use(MiddlewareAuthBasic(s.auth.BasicUser, s.auth.BasicPass, s.auth.Realm, s.auth.Salt))
 		return
 	}
-	s.usingAuth = false
 }
 
 func (s *Server) initTemplate() error {
diff --git a/lib/http/server_test.go b/lib/http/server_test.go
index 506a78d51668f..0c636d274a7f3 100644
--- a/lib/http/server_test.go
+++ b/lib/http/server_test.go
@@ -14,12 +14,26 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func testEmptyHandler() http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
+}
+
 func testEchoHandler(data []byte) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		_, _ = w.Write(data)
 	})
 }
 
+func testAuthUserHandler() http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		userID, ok := CtxGetUser(r.Context())
+		if !ok {
+			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		}
+		_, _ = w.Write([]byte(userID))
+	})
+}
+
 func testExpectRespBody(t *testing.T, resp *http.Response, expected []byte) {
 	body, err := io.ReadAll(resp.Body)
 	require.NoError(t, err)
@@ -72,8 +86,6 @@ func TestNewServerUnix(t *testing.T) {
 
 	require.Empty(t, s.URLs(), "unix socket should not appear in URLs")
 
-	s.Router().Use(MiddlewareCORS(""))
-
 	expected := []byte("hello world")
 	s.Router().Mount("/", testEchoHandler(expected))
 	s.Serve()
@@ -234,19 +246,22 @@ func TestNewServerBaseURL(t *testing.T) {
 }
 
 func TestNewServerTLS(t *testing.T) {
-	certBytes := testReadTestdataFile(t, "local.crt")
-	keyBytes := testReadTestdataFile(t, "local.key")
+	serverCertBytes := testReadTestdataFile(t, "local.crt")
+	serverKeyBytes := testReadTestdataFile(t, "local.key")
+	clientCertBytes := testReadTestdataFile(t, "client.crt")
+	clientKeyBytes := testReadTestdataFile(t, "client.key")
+	clientCert, err := tls.X509KeyPair(clientCertBytes, clientKeyBytes)
+	require.NoError(t, err)
 
 	// TODO: generate a proper cert with SAN
-	// TODO: generate CA, test mTLS
-	// clientCert, err := tls.X509KeyPair(certBytes, keyBytes)
-	// require.NoError(t, err, "should be testing with a valid self signed certificate")
 
 	servers := []struct {
-		name    string
-		wantErr bool
-		err     error
-		http    Config
+		name          string
+		clientCerts   []tls.Certificate
+		wantErr       bool
+		wantClientErr bool
+		err           error
+		http          Config
 	}{
 		{
 			name: "FromFile/Valid",
@@ -303,8 +318,8 @@ func TestNewServerTLS(t *testing.T) {
 			name: "FromBody/Valid",
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
-				TLSCertBody:   certBytes,
-				TLSKeyBody:    keyBytes,
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
 				MinTLSVersion: "tls1.0",
 			},
 		},
@@ -315,7 +330,7 @@ func TestNewServerTLS(t *testing.T) {
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
 				TLSCertBody:   nil,
-				TLSKeyBody:    keyBytes,
+				TLSKeyBody:    serverKeyBytes,
 				MinTLSVersion: "tls1.0",
 			},
 		},
@@ -325,7 +340,7 @@ func TestNewServerTLS(t *testing.T) {
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
 				TLSCertBody:   []byte("JUNK DATA"),
-				TLSKeyBody:    keyBytes,
+				TLSKeyBody:    serverKeyBytes,
 				MinTLSVersion: "tls1.0",
 			},
 		},
@@ -335,7 +350,7 @@ func TestNewServerTLS(t *testing.T) {
 			err:     ErrTLSBodyMismatch,
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
-				TLSCertBody:   certBytes,
+				TLSCertBody:   serverCertBytes,
 				TLSKeyBody:    nil,
 				MinTLSVersion: "tls1.0",
 			},
@@ -345,7 +360,7 @@ func TestNewServerTLS(t *testing.T) {
 			wantErr: true,
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
-				TLSCertBody:   certBytes,
+				TLSCertBody:   serverCertBytes,
 				TLSKeyBody:    []byte("JUNK DATA"),
 				MinTLSVersion: "tls1.0",
 			},
@@ -354,8 +369,8 @@ func TestNewServerTLS(t *testing.T) {
 			name: "MinTLSVersion/Valid/1.1",
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
-				TLSCertBody:   certBytes,
-				TLSKeyBody:    keyBytes,
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
 				MinTLSVersion: "tls1.1",
 			},
 		},
@@ -363,8 +378,8 @@ func TestNewServerTLS(t *testing.T) {
 			name: "MinTLSVersion/Valid/1.2",
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
-				TLSCertBody:   certBytes,
-				TLSKeyBody:    keyBytes,
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
 				MinTLSVersion: "tls1.2",
 			},
 		},
@@ -372,8 +387,8 @@ func TestNewServerTLS(t *testing.T) {
 			name: "MinTLSVersion/Valid/1.3",
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
-				TLSCertBody:   certBytes,
-				TLSKeyBody:    keyBytes,
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
 				MinTLSVersion: "tls1.3",
 			},
 		},
@@ -383,11 +398,46 @@ func TestNewServerTLS(t *testing.T) {
 			err:     ErrInvalidMinTLSVersion,
 			http: Config{
 				ListenAddr:    []string{"127.0.0.1:0"},
-				TLSCertBody:   certBytes,
-				TLSKeyBody:    keyBytes,
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
 				MinTLSVersion: "tls0.9",
 			},
 		},
+		{
+			name:        "MutualTLS/InvalidCA",
+			clientCerts: []tls.Certificate{clientCert},
+			wantErr:     true,
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt.invalid",
+			},
+		},
+		{
+			name:          "MutualTLS/InvalidClient",
+			clientCerts:   []tls.Certificate{},
+			wantClientErr: true,
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+		},
+		{
+			name:        "MutualTLS/Valid",
+			clientCerts: []tls.Certificate{clientCert},
+			http: Config{
+				ListenAddr:    []string{"127.0.0.1:0"},
+				TLSCertBody:   serverCertBytes,
+				TLSKeyBody:    serverKeyBytes,
+				MinTLSVersion: "tls1.0",
+				ClientCA:      "./testdata/client-ca.crt",
+			},
+		},
 	}
 
 	for _, ss := range servers {
@@ -422,7 +472,7 @@ func TestNewServerTLS(t *testing.T) {
 						return net.Dial("tcp", dest)
 					},
 					TLSClientConfig: &tls.Config{
-						// Certificates: []tls.Certificate{clientCert},
+						Certificates:       ss.clientCerts,
 						InsecureSkipVerify: true,
 					},
 				},
@@ -431,6 +481,12 @@ func TestNewServerTLS(t *testing.T) {
 			require.NoError(t, err)
 
 			resp, err := client.Do(req)
+
+			if ss.wantClientErr {
+				require.Error(t, err, "new server client should return error")
+				return
+			}
+
 			require.NoError(t, err)
 			defer func() {
 				_ = resp.Body.Close()
@@ -442,3 +498,12 @@ func TestNewServerTLS(t *testing.T) {
 		})
 	}
 }
+
+func TestHelpPrefixServer(t *testing.T) {
+	// This test assumes template variables are placed correctly.
+	const testPrefix = "server-help-test"
+	helpMessage := Help(testPrefix)
+	if !strings.Contains(helpMessage, testPrefix) {
+		t.Fatal("flag prefix not found")
+	}
+}
diff --git a/lib/http/template.go b/lib/http/template.go
index bed80dc308b0b..db50d6d89b6eb 100644
--- a/lib/http/template.go
+++ b/lib/http/template.go
@@ -1,9 +1,12 @@
 package http
 
 import (
+	"bytes"
 	"embed"
 	"html/template"
+	"log"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/spf13/pflag"
@@ -11,11 +14,12 @@ import (
 	"github.com/rclone/rclone/fs/config/flags"
 )
 
-// TemplateHelp describes how to use a custom template
-var TemplateHelp = `
+// TemplateHelp returns a string that describes how to use a custom template
+func TemplateHelp(prefix string) string {
+	help := `
 #### Template
 
-` + "`--template`" + ` allows a user to specify a custom markup template for HTTP
+` + "`--{{ .Prefix }}template`" + ` allows a user to specify a custom markup template for HTTP
 and WebDAV serve functions.  The server exports the following markup
 to be used within the template to server pages:
 
@@ -37,8 +41,37 @@ to be used within the template to server pages:
 |-- .IsDir    | Boolean for if an entry is a directory or not. |
 |-- .Size     | Size in Bytes of the entry. |
 |-- .ModTime  | The UTC timestamp of an entry. |
+
+The server also makes the following functions available so that they can be used within the
+template. These functions help extend the options for dynamic rendering of HTML. They can
+be used to render HTML based on specific conditions.
+
+| Function   | Description |
+| :---------- | :---------- |
+| afterEpoch  | Returns the time since the epoch for the given time. |
+| contains    | Checks whether a given substring is present or not in a given string. |
+| hasPrefix   | Checks whether the given string begins with the specified prefix. |
+| hasSuffix   | Checks whether the given string end with the specified suffix. |
 `
 
+	tmpl, err := template.New("template help").Parse(help)
+	if err != nil {
+		log.Fatal("Fatal error parsing template", err)
+	}
+
+	data := struct {
+		Prefix string
+	}{
+		Prefix: prefix,
+	}
+	buf := &bytes.Buffer{}
+	err = tmpl.Execute(buf, data)
+	if err != nil {
+		log.Fatal("Fatal error executing template", err)
+	}
+	return buf.String()
+}
+
 // TemplateConfig for the templating functionality
 type TemplateConfig struct {
 	Path string
@@ -46,7 +79,7 @@ type TemplateConfig struct {
 
 // AddFlagsPrefix for the templating functionality
 func (cfg *TemplateConfig) AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string) {
-	flags.StringVarP(flagSet, &cfg.Path, prefix+"template", "", cfg.Path, "User-specified template")
+	flags.StringVarP(flagSet, &cfg.Path, prefix+"template", "", cfg.Path, "User-specified template", prefix)
 }
 
 // AddTemplateFlagsPrefix for the templating functionality
@@ -84,6 +117,9 @@ func GetTemplate(tmpl string) (*template.Template, error) {
 
 	funcMap := template.FuncMap{
 		"afterEpoch": AfterEpoch,
+		"contains":   strings.Contains,
+		"hasPrefix":  strings.HasPrefix,
+		"hasSuffix":  strings.HasSuffix,
 	}
 
 	tpl, err := template.New("index").Funcs(funcMap).Parse(string(data))
diff --git a/lib/http/template_test.go b/lib/http/template_test.go
new file mode 100644
index 0000000000000..c6d787330a000
--- /dev/null
+++ b/lib/http/template_test.go
@@ -0,0 +1,15 @@
+package http
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestHelpPrefixTemplate(t *testing.T) {
+	// This test assumes template variables are placed correctly.
+	const testPrefix = "template-help-test"
+	helpMessage := TemplateHelp(testPrefix)
+	if !strings.Contains(helpMessage, testPrefix) {
+		t.Fatal("flag prefix not found")
+	}
+}
diff --git a/lib/http/testdata/client-ca.crt b/lib/http/testdata/client-ca.crt
new file mode 100644
index 0000000000000..64642c06ceaf9
--- /dev/null
+++ b/lib/http/testdata/client-ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIURSp4/DIspJDvwXq6udbAqg2Yk9IwDQYJKoZIhvcNAQEL
+BQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xDzANBgNVBAoM
+BnJjbG9uZTETMBEGA1UECwwKcmNsb25lLWRldjEdMBsGA1UEAwwUcmNsb25lLWRl
+di1jbGllbnQtY2EwHhcNMjMwNTI1MjM1NzE3WhcNMzMwNTIyMjM1NzE3WjBnMQsw
+CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEPMA0GA1UECgwGcmNsb25l
+MRMwEQYDVQQLDApyY2xvbmUtZGV2MR0wGwYDVQQDDBRyY2xvbmUtZGV2LWNsaWVu
+dC1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxufFA5IrPWTnk+
+EEUttdGNystKNkJyuRV2Mgso9VX5HrwIGyNCOVeRX2Uds2Piaz8uSET8/fWMg3h4
+ZNTImoomMUcaqL7lmBsPxXZUguo9M5ZlrlLW9VrwuSIZs9+W26Gy44WliivZl3f5
+RNYzk+0UyZ0hp7h81LufUiVQhT8MX3XoVdDFAgoDipEI07ROipB2KXPa1lr1Mdhu
+kAEKu0gLb7RoGrIEADyCKMr4waE5SovXWfC0jTVbMdB9DLCYmR5/zmR9ykUzWaWJ
+ug7iIv6a/q+r+sB/Xh+PHY0CTieYGkd4rweFQk5ImwspOIx0RdtWj4pyxDoKiIuK
+vhLyzl0CAwEAAaNTMFEwHQYDVR0OBBYEFDcCPxWKtwaU8DCpAdGuZ8X07x67MB8G
+A1UdIwQYMBaAFDcCPxWKtwaU8DCpAdGuZ8X07x67MA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBACgU9YDjoqrOAhfhYz8MNkb8yWofCGse8fDrhXft
+ZdJjlVBd343Ja97o6P5IaS9H8mM2ZRVtw0p/JoBvnsF74GMbSAR/M1VovxPa/Ze9
+SjGKdJAwxjhx3+YCU61psR0DZO1By1+mjKfvbOMOHD+HVvvG7x1/iv3buPId935+
+53dt36d1OYx7Z6BbYYjL8/CXtkaOhgdKbCtng2frU3OvOtSs1OBLBimtc9ja+evk
+Nn/NiG14F962ZWRPXEKQAH1tpqzWJ6okjY3F58hPb5c//p/kgOiWefCZ+XF/75HL
+vZAQjtmpn0pv4ObCHWp/6ZFWdmnxGDuOigcC09R74P+HNuU=
+-----END CERTIFICATE-----
diff --git a/lib/http/testdata/client-ca.key b/lib/http/testdata/client-ca.key
new file mode 100644
index 0000000000000..f06e776965418
--- /dev/null
+++ b/lib/http/testdata/client-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDcbnxQOSKz1k55
+PhBFLbXRjcrLSjZCcrkVdjILKPVV+R68CBsjQjlXkV9lHbNj4ms/LkhE/P31jIN4
+eGTUyJqKJjFHGqi+5ZgbD8V2VILqPTOWZa5S1vVa8LkiGbPfltuhsuOFpYor2Zd3
++UTWM5PtFMmdIae4fNS7n1IlUIU/DF916FXQxQIKA4qRCNO0ToqQdilz2tZa9THY
+bpABCrtIC2+0aBqyBAA8gijK+MGhOUqL11nwtI01WzHQfQywmJkef85kfcpFM1ml
+iboO4iL+mv6vq/rAf14fjx2NAk4nmBpHeK8HhUJOSJsLKTiMdEXbVo+KcsQ6CoiL
+ir4S8s5dAgMBAAECggEATNrw2P+yy8USw08SWSxg0ll/tXWAiZZ6VbNKK33yXDFp
+t+GTpK14VMHI4vaCD3doMTUv2W3kFfMR+7TuYwo2Z6h9Ue9HmpduezD6hhFdO9Ju
+5Cc7qoJsNXLs+ajAgFqW5T/7+CMJk9Rf7WKpz41YLDctPG35jmdnvKsF9yCl9J70
+Fd8ZGq7l6WDbTpAlb+cbEEb/dXuBgesgp0qlnzBd8E4Ib5IhAuex1c+lY7gHZBn4
+9f8fEowusjidFtvKZxK5cXhumZ6qQdXwk2rBPOcND73k8ftYjX6uFMvhCpoDkrGA
+uIAPHOq3/DpgH1fOXe/KxZCvFNyX8OgW8QwI+ASU+QKBgQDxTb0+52m+mGvcx3ZF
+6D9PQAOoMgxMPP0e6rKHDxBPdroJE1PevbfEvU6mdrqzvNhGbOsxlQpDqDWqgNKK
+asBiPw0Tm4+Tcnytol86OCd0Nhgkat/QwGx5PpwOQwNkeCJv3igazaGrsUxfGkEK
+h3NjL8G1vgCTLJdSZPjgM/1/swKBgQDp21JKczoMs0f969x/O2TQzFt5NSLS1ZCd
+SYV8bskLwFVywX7ij6j3eYm9fZy7283hO8Jmw+kxNnvqT624qte87oeLgWplJ7k4
+wglOqMTsU47sGyl7tY6Eqz2FH0D3euzx2Em0Uw3Qv7CP0Eh9AdHj17T5pOEB9Wgw
+YRu8nkvxrwKBgD4uQi4Lg/xRWroxzBCHoIjTfh3Bh9m9fZyR7h9Pimxvs9DS4jHr
+wYc5ISNURRg7+Z9sQc8tENAOcIXXXGm+yISIqt36oCzmu6oixVdDUSdpKR95SuOI
+Mmur7preOemR643YOY1un9KWhY+cPFZyQRG2JLyokY1bWEMrMdbUjuZxAoGAA+Zx
+f+ZeEHoo+DYnzkNqUgUmfWYCd6uyJr1kKYgbeEOz6R8LA7JLqhzvzCY9J/DphRkf
+C+G2kOiMtoKvrgXDZVZBEnWNFbTM5QJvb01nQ129Y3isf3CuuM22T/MOfVIig4IM
+8KH1+AZKZoudud/+5SLi1MsIKaUzIKNt9/5X2+cCgYAitKJmHLgLnXlRbswioHy1
+l9Anqrh+sDjLzfcuSKaNucivqNProC/K45o33p61BTVrKr8aFWHfmPyLrXAbKWOI
+c+5YcUBh6dqsk96nbNsKH+pqvWYTdEsbfaqOjVv5R7Y8/rGt3TEeBfIYvht6ILkQ
++waZBbneFx9gdQ2Q/x0yhg==
+-----END PRIVATE KEY-----
diff --git a/lib/http/testdata/client-ca.srl b/lib/http/testdata/client-ca.srl
new file mode 100644
index 0000000000000..c46e043cb4284
--- /dev/null
+++ b/lib/http/testdata/client-ca.srl
@@ -0,0 +1 @@
+607C74360F5500750AA949B367AC937975C32987
diff --git a/lib/http/testdata/client.crt b/lib/http/testdata/client.crt
new file mode 100644
index 0000000000000..6a1b3f4e61294
--- /dev/null
+++ b/lib/http/testdata/client.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjoCFGB8dDYPVQB1CqlJs2esk3l1wymGMA0GCSqGSIb3DQEBCwUAMGcx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMQ8wDQYDVQQKDAZyY2xv
+bmUxEzARBgNVBAsMCnJjbG9uZS1kZXYxHTAbBgNVBAMMFHJjbG9uZS1kZXYtY2xp
+ZW50LWNhMB4XDTIzMDUyNTIzNTgzMloXDTMzMDUyMjIzNTgzMlowZDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xDzANBgNVBAoMBnJjbG9uZTETMBEG
+A1UECwwKcmNsb25lLWRldjEaMBgGA1UEAwwRcmNsb25lLWRldi1jbGllbnQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0hCo8Q7MsmdZMh+5t4+NtiU2D
+h/QQYlQsXybJYtjuO4KMWvx4rqIrJkP5P/RBBQKbVcv2KvjfIDddHfHxdkFBT5bN
+l/RHg6dzrvv18cFwk4Ho9e+LZ5Uq7aLCUkYxdrBwCvrd7+RfzGSlcpdupLtlWDX2
+5QvC0G3B2Cb0jCUl18vxO6u9XRcKJREjcjZ0kmORLX4kKWQQDtOc3Lb51q0zpRjf
+Ev4otSugyo3B4VNpOnJdXxVTDQXDDkmvErxMrylKe4KMm3v608obODLFd49CCXI8
+g9TSHQGeMQBtyq7u/7B6Z11/iEyrGxxqUpe/bTK7vtUXG1xXF8CF4f2oJ9CJAgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBADML6IM1HPaQM7xF2tIrEyVzzLf1wlPS914a
+CUI2Ck8q9wIwZ02P605dzgzwvAXyq5SZx+A0tYKeyai01lgL5dGF1Bo38E4yGwbW
+2Zk00yGB2fdiCXKjj4yWhVnbCH7/GNIrFlCb7KZOWhkf1Ia66iDuZW6RZID37ai2
+qZxvDk7oW316pAVfl5hEPsKJcQXQJBX/+jJzjN/VSpGv6vuk1VzCHNROg6M5aEdh
+D7r/kX/yEF5eVaPlE42S7YpzfgQpT3HKU/PLdq51MrRZ2B4Jm3daaGwty1bvymFv
+zcEADCCnFdKlg0QfLkF/gsonMqlohaL0KKP6/7xO/YMD0Sb9Fe8=
+-----END CERTIFICATE-----
diff --git a/lib/http/testdata/client.csr b/lib/http/testdata/client.csr
new file mode 100644
index 0000000000000..ab6db60d85399
--- /dev/null
+++ b/lib/http/testdata/client.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqTCCAZECAQAwZDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24x
+DzANBgNVBAoMBnJjbG9uZTETMBEGA1UECwwKcmNsb25lLWRldjEaMBgGA1UEAwwR
+cmNsb25lLWRldi1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC0hCo8Q7MsmdZMh+5t4+NtiU2Dh/QQYlQsXybJYtjuO4KMWvx4rqIrJkP5P/RB
+BQKbVcv2KvjfIDddHfHxdkFBT5bNl/RHg6dzrvv18cFwk4Ho9e+LZ5Uq7aLCUkYx
+drBwCvrd7+RfzGSlcpdupLtlWDX25QvC0G3B2Cb0jCUl18vxO6u9XRcKJREjcjZ0
+kmORLX4kKWQQDtOc3Lb51q0zpRjfEv4otSugyo3B4VNpOnJdXxVTDQXDDkmvErxM
+rylKe4KMm3v608obODLFd49CCXI8g9TSHQGeMQBtyq7u/7B6Z11/iEyrGxxqUpe/
+bTK7vtUXG1xXF8CF4f2oJ9CJAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAZy97
+RGpwNyBJVLM10lgZjUMPlUOC3smGBfiJ75W0lQ/YlRhRMr2IeO15c7rD5Z4t4G06
+HI+1X8KObH61RvIRdDp+ypaqMGhu5UdHH8khyqsmB98e4gI1nhRKfWoAay+vrV3y
+vwK/qgpsgst98HHzkEYIlSZtdHzpY5APjEqoTwWlAoRcwGbFj7Cnme5ga5NIn0W8
+jZ8S4ue0BompGNGwlE8T8swd14/IDNI9VLL1iHcOiClKX15ldHKlZPM1u1RXciQJ
+1btA6JElqdLvuIA8DqwKiMniQotSz/X4xigEm7CLJQqVwj8brHJCNDDbx2qcGr1S
+wiU3dzpA4NOuC635DA==
+-----END CERTIFICATE REQUEST-----
diff --git a/lib/http/testdata/client.key b/lib/http/testdata/client.key
new file mode 100644
index 0000000000000..6b77c22a12fea
--- /dev/null
+++ b/lib/http/testdata/client.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQC0hCo8Q7MsmdZM
+h+5t4+NtiU2Dh/QQYlQsXybJYtjuO4KMWvx4rqIrJkP5P/RBBQKbVcv2KvjfIDdd
+HfHxdkFBT5bNl/RHg6dzrvv18cFwk4Ho9e+LZ5Uq7aLCUkYxdrBwCvrd7+RfzGSl
+cpdupLtlWDX25QvC0G3B2Cb0jCUl18vxO6u9XRcKJREjcjZ0kmORLX4kKWQQDtOc
+3Lb51q0zpRjfEv4otSugyo3B4VNpOnJdXxVTDQXDDkmvErxMrylKe4KMm3v608ob
+ODLFd49CCXI8g9TSHQGeMQBtyq7u/7B6Z11/iEyrGxxqUpe/bTK7vtUXG1xXF8CF
+4f2oJ9CJAgMBAAECgf985XTTfYPauBWtnd856RLSFs2q08XqEB5tFOihLeMp8cLB
+mbJVTX6mnDMroTQ+SFklYJdeGx1WQ9QKeU2M42UC6y5L0XcSg+S4BboO0NYmLekU
+ZhT3PxPWP9T83i/yyUwKOY6ZQAGixqhcUIy14QRHemDcEl2wzMUj+Yn6aXzKUPqw
+3BQgtTVBItoBMOPz2OaK22JzSxI7TXLi8E6+Rqb+uXDE2flgcjSSO4VwVrhUzL4r
+kxnTWhmwEn3p9GlSSRqL1vJIU7pQu1h+/d5PjYRAy1hFZikALe/U//V9uLetzMP/
+98ybqcCD/wUXu5ae5IYBpZ/E7D3t1Va1oskhilECgYEAytmZ78+5mxAlN50v8jM/
+1lHj1dd3VQGuEjvwdoyxcPX6sOooEXHz8+BchDomLO3aDpaaazGi5mom6VUNhvBE
+GaWhK7VgFQGcfn13GIE+p5GFsZ3zs1eakNGSf7qN9yrDQLa/0MShUoflwxC2+fxl
+2nIONerrSO7bXlc60JQ2d/ECgYEA49CApQCOOQFFQHrQx+6YrkmTHL6eJ5ckVW4X
+31Ppli5OiqdaOSp+nXCqm0IyhRWiZ8teMqz0b92fZLUm4jfR939bV+3H8YRimjyc
+n7Nxs8IhsPzgzlZtku2XZctdqI3U0OOn1w2zVDYAAIQPVydTA+IaqcWvEOlNKNmY
+6R/BuhkCgYAHnTtmAQoag/ShrcjK8pmG1fQTZs8X5cQ+8vkHuig+8TzDv0ZZwUlC
+8j0GyZf9P8Bbo9OQCoDu3TUwtPyZABPOUqVGGrzMjQ7uwI7j4JYVfCTkkeU/6h3n
+KbayDLKfgH9rwnBYyci0bF13gP0dTRgVpwpZg8PpLO4XEHcotSeGQQKBgQDeu3z7
+Vea3bzmRCELWJr3aMQ8HHIsudARPDjuC2tzXO2EJCQQaPiTas0vqTjdsjLFjP59S
+dmzqbkknwkFJDYBYtYjOGCnTRTbOS5JqRZxWPuiHzUXSFwg8jdTm7oUchcbbkKkJ
+hlidbcpktrj04fq1IjwlXqSCKUeKN+zbiHP1CQKBgB6jZ7Vk6CGBSZTS5fJB8kgD
+3IEX3K7mZF/4B2C48gvfysASR2hdDFfLzg2WTZhiavjWM91UDcvfPsIMAnFSA29I
+oVYaZdBlkFJCGwImVOynn0GZQL5oTCN4He5k20Y0mSOX995ngXHSYsCNSbyyNwSQ
+uOlbvNTIooMkhu2Tpr52
+-----END PRIVATE KEY-----
diff --git a/lib/http/testdata/emptyclient.crt b/lib/http/testdata/emptyclient.crt
new file mode 100644
index 0000000000000..586cbe3e9c5f4
--- /dev/null
+++ b/lib/http/testdata/emptyclient.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNjCCAh4CFGB8dDYPVQB1CqlJs2esk3l1wymHMA0GCSqGSIb3DQEBCwUAMGcx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMQ8wDQYDVQQKDAZyY2xv
+bmUxEzARBgNVBAsMCnJjbG9uZS1kZXYxHTAbBgNVBAMMFHJjbG9uZS1kZXYtY2xp
+ZW50LWNhMB4XDTIzMDUyNjAzNTIzMVoXDTMzMDUyMzAzNTIzMVowSDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xDzANBgNVBAoMBnJjbG9uZTETMBEG
+A1UECwwKcmNsb25lLWRldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJqTaR9wVpkpalY972W102Fj5LL+cSvqte4kSzp2RTlRW5CXa5AJat+IXSeUln/6
+TJdwnpnRyHP12XSWWlqTeBG1Q6cDBMt7GRrIqK5qEitDNihlSVElJkeFHDStT79a
+YJbyZ86IJXGKXP42TZGv56NkC/UCLbpRV7lq7zNgrCptZH+ZClRcNq7UGGsxEgzy
+iISQ2ALf9MFtVxq85J76pi5nJ1WYc6d3usSBPk9uLWQvTPNNoVf35SRCWUPNHM0O
+cOXIMicUIlpm6Ksh7KfiEEuuHlNH6F9YnlmEQkXzR+90KfSwwBH+jlBAUuuSkI4s
+a5lES42sOEdjgno8lThXPgcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAikhwkc1d
+O+9fO9fMqi7iqdMBzF8c5F004IH1JRVHnkaMEOo2I+dUgVwwGj3iVQA7PdJce3Ij
+GPwef1Wc5RdyhuwigjPO8Z4zRMBAASFnwerVS31HhO42ZS9sdfJwldBnBX4h/uKy
+4ib3XVj+VfCBKDuKbV4Z6cjp9r81vO96xE5PVbNqK+DH1qNUIS+jDPJDK8nAyL7z
+YjyluIR8ECbJje2WGIaNK/kNlz/8sRO64z8FZZbI67sL1fsauNcq8EFURq55tcfA
+llwvwVB9Guns70pEsgvZLO5Vy+Gzq+veFdbmJ+aa2ayCor6hdZ8N7r8/Mj6KeEXZ
+Eq03flwdARJKJQ==
+-----END CERTIFICATE-----
diff --git a/lib/http/testdata/emptyclient.csr b/lib/http/testdata/emptyclient.csr
new file mode 100644
index 0000000000000..e266d36f05e98
--- /dev/null
+++ b/lib/http/testdata/emptyclient.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjTCCAXUCAQAwSDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24x
+DzANBgNVBAoMBnJjbG9uZTETMBEGA1UECwwKcmNsb25lLWRldjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJqTaR9wVpkpalY972W102Fj5LL+cSvqte4k
+Szp2RTlRW5CXa5AJat+IXSeUln/6TJdwnpnRyHP12XSWWlqTeBG1Q6cDBMt7GRrI
+qK5qEitDNihlSVElJkeFHDStT79aYJbyZ86IJXGKXP42TZGv56NkC/UCLbpRV7lq
+7zNgrCptZH+ZClRcNq7UGGsxEgzyiISQ2ALf9MFtVxq85J76pi5nJ1WYc6d3usSB
+Pk9uLWQvTPNNoVf35SRCWUPNHM0OcOXIMicUIlpm6Ksh7KfiEEuuHlNH6F9YnlmE
+QkXzR+90KfSwwBH+jlBAUuuSkI4sa5lES42sOEdjgno8lThXPgcCAwEAAaAAMA0G
+CSqGSIb3DQEBCwUAA4IBAQBtGAtDmIdSZOpKLNHMqruN2J/ZP/W7N00wEViu3Etu
+3GS5UofXoqVfeRVp6phbp8KdXBiU/VkMAWIAC8ZDqvQGArD/pr4mrIaqiWrzBQDG
+NxuyXz3aRjkR9CVjRNyWiodQPY2lSkKlgVg0Erbb5TaWWzt9AHbDO1pUhg748CkY
+AGZoLZvxWIR0XivCyFqYbhFOW6yzgXgqxrCr5wd2OGyrzaZBQUoydp1EVGZHkgGp
+d8ZUH7cb497SAPcGImCgB1RQdFAHmUI6DjPJmsTe+4dcATDBL+IayUOGedWLu3yZ
+PZc1O8/f50YjdLIeHuNqiIBb4hlKCoikZ1cdp/7J2hrq
+-----END CERTIFICATE REQUEST-----
diff --git a/lib/http/testdata/emptyclient.key b/lib/http/testdata/emptyclient.key
new file mode 100644
index 0000000000000..59482a61661f4
--- /dev/null
+++ b/lib/http/testdata/emptyclient.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCak2kfcFaZKWpW
+Pe9ltdNhY+Sy/nEr6rXuJEs6dkU5UVuQl2uQCWrfiF0nlJZ/+kyXcJ6Z0chz9dl0
+llpak3gRtUOnAwTLexkayKiuahIrQzYoZUlRJSZHhRw0rU+/WmCW8mfOiCVxilz+
+Nk2Rr+ejZAv1Ai26UVe5au8zYKwqbWR/mQpUXDau1BhrMRIM8oiEkNgC3/TBbVca
+vOSe+qYuZydVmHOnd7rEgT5Pbi1kL0zzTaFX9+UkQllDzRzNDnDlyDInFCJaZuir
+Ieyn4hBLrh5TR+hfWJ5ZhEJF80fvdCn0sMAR/o5QQFLrkpCOLGuZREuNrDhHY4J6
+PJU4Vz4HAgMBAAECggEAL+ExUretW0vk0Enm+Y5Up3oVwQvnaj8Nk3JSiw1Pa+2z
+exosCzWfkRXgJP51j7asOsx7lBHTEXg5n09jNWMwceu/xN++gHjk0dMNzNi2QAhV
+ojWdfDERpl2o2vhEF3WbLaZwWRz63CyLmYKgjFv8WDQJMB84otnHXnutFDEBozI7
+0+QQLacPVCuqid48x/ydDAzUdggmSkaB4WoIzYzEHHa1abC+giZZSxy9tMKAHHJH
+rKuAANGC18cGeeQcGYxDz5FDYQiEZu/NEEv1gGbbOaMBu5pCZ6+43jzydv7BYiXJ
+fzrCryeFihVzEG2Ri28JYYKi01YkOE3k2zsLSQUF4QKBgQDTcFsA8cveO03mZDFh
+m6lf3K9EuDkJmGiusG/tYb+zfTkBwLNRQysQynjgq/5nxAVz/XawuvMSX+DBxvUR
+IEWX2TCt62gb6eQW3q6S4RIBbp8qwQ75tZXXOfc/G3ho5zmJDikWMfor1kUnZwKI
++y8RmlCIc4MubVuIOj9sVTjr+wKBgQC7JydjAE9PyOMT8Zncc5atXSagOC6bbd0B
+5xk7vxojjmOkvoi4OPUzxP22P5tLKZdor8jBv1oGwgmKKLjlnqfkJhpHa35bFx9y
+NQ6koUdCqaDkWtXv5lEFZWRYniGU62LJMSHlLBu7L6PwX+Hfz+r62lSCGzUZnA9g
+yX+s5YksZQKBgAmgjAQ2/jlYKevblAQFumiK+8/9M1ukfN+3WOFOGhRqFzZlN8Tz
+cfqJvYc9TZAb9MObPtQ9LuQfSXSJQo9NEN4hHX5NwafDtob0DK7TYKaACu8/axcj
+lXb/RKqy7YCZRp1e76/7BpEIaI2quwrRpQsAI7qSx95NTGWfgVPFbZoRAoGBALFZ
+cSGH8aCRpV4I3NzjTC4Mz8WUd9YiTgS3klnjxklbbWF4jObGUtY0HpjNvcOELk6u
+BXhUdGNjDNc3r78okcDJuq1jV+HKD6qSTMYFbxnk1OqQiZtEjhKm+mhfsUMFrB8r
+yAr7uWuwwZHPyqPky6/bpamFTtRt5sS5LZwSB+NhAoGBALah1gCxay3pZLHg2Yhx
+r5r4cUTaQmSs8NBqYeXHNx388ObQP01XxrD22XnyBKOqev4k9jSzz+RNRxl6kI8w
+7IQhx2/dk5f032xmzIy/6nNrYI3qq0hwHkoPkG1g4VRDGBVscSQ5/IeZ6ysZbo5s
+fOG8ouxBmrh03LCmnvYVGluA
+-----END PRIVATE KEY-----
diff --git a/lib/jwtutil/jwtutil.go b/lib/jwtutil/jwtutil.go
index da3b0e7cb1267..e5f0dbd8e9f98 100644
--- a/lib/jwtutil/jwtutil.go
+++ b/lib/jwtutil/jwtutil.go
@@ -14,12 +14,12 @@ import (
 	"strings"
 	"time"
 
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/lib/oauthutil"
 
 	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/jws"
 )
 
 // RandomHex creates a random string of the given length
@@ -32,12 +32,16 @@ func RandomHex(n int) (string, error) {
 }
 
 // Config configures rclone using JWT
-func Config(id, name string, claims *jws.ClaimSet, header *jws.Header, queryParams map[string]string, privateKey *rsa.PrivateKey, m configmap.Mapper, client *http.Client) (err error) {
-	payload, err := jws.Encode(header, claims, privateKey)
+func Config(id, name, url string, claims jwt.Claims, headerParams map[string]interface{}, queryParams map[string]string, privateKey *rsa.PrivateKey, m configmap.Mapper, client *http.Client) (err error) {
+	jwtToken := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
+	for key, value := range headerParams {
+		jwtToken.Header[key] = value
+	}
+	payload, err := jwtToken.SignedString(privateKey)
 	if err != nil {
 		return fmt.Errorf("jwtutil: failed to encode payload: %w", err)
 	}
-	req, err := http.NewRequest("POST", claims.Aud, nil)
+	req, err := http.NewRequest("POST", url, nil)
 	if err != nil {
 		return fmt.Errorf("jwtutil: failed to create new request: %w", err)
 	}
@@ -49,7 +53,7 @@ func Config(id, name string, claims *jws.ClaimSet, header *jws.Header, queryPara
 	}
 	queryString := q.Encode()
 
-	req, err = http.NewRequest("POST", claims.Aud, bytes.NewBuffer([]byte(queryString)))
+	req, err = http.NewRequest("POST", url, bytes.NewBuffer([]byte(queryString)))
 	if err != nil {
 		return fmt.Errorf("jwtutil: failed to create new request: %w", err)
 	}
diff --git a/lib/multipart/multipart.go b/lib/multipart/multipart.go
new file mode 100644
index 0000000000000..f96db4533b3f0
--- /dev/null
+++ b/lib/multipart/multipart.go
@@ -0,0 +1,152 @@
+// Package multipart implements generic multipart uploading.
+package multipart
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/accounting"
+	"github.com/rclone/rclone/lib/atexit"
+	"github.com/rclone/rclone/lib/pacer"
+	"github.com/rclone/rclone/lib/pool"
+	"golang.org/x/sync/errgroup"
+)
+
+const (
+	bufferSize           = 1024 * 1024     // default size of the pages used in the reader
+	bufferCacheSize      = 64              // max number of buffers to keep in cache
+	bufferCacheFlushTime = 5 * time.Second // flush the cached buffers after this long
+)
+
+// bufferPool is a global pool of buffers
+var (
+	bufferPool     *pool.Pool
+	bufferPoolOnce sync.Once
+)
+
+// get a buffer pool
+func getPool() *pool.Pool {
+	bufferPoolOnce.Do(func() {
+		ci := fs.GetConfig(context.Background())
+		// Initialise the buffer pool when used
+		bufferPool = pool.New(bufferCacheFlushTime, bufferSize, bufferCacheSize, ci.UseMmap)
+	})
+	return bufferPool
+}
+
+// NewRW gets a pool.RW using the multipart pool
+func NewRW() *pool.RW {
+	return pool.NewRW(getPool())
+}
+
+// UploadMultipartOptions options for the generic multipart upload
+type UploadMultipartOptions struct {
+	Open        fs.OpenChunkWriter // thing to call OpenChunkWriter on
+	OpenOptions []fs.OpenOption    // options for OpenChunkWriter
+}
+
+// UploadMultipart does a generic multipart upload from src using f as OpenChunkWriter.
+//
+// in is read seqentially and chunks from it are uploaded in parallel.
+//
+// It returns the chunkWriter used in case the caller needs to extract any private info from it.
+func UploadMultipart(ctx context.Context, src fs.ObjectInfo, in io.Reader, opt UploadMultipartOptions) (chunkWriterOut fs.ChunkWriter, err error) {
+	info, chunkWriter, err := opt.Open.OpenChunkWriter(ctx, src.Remote(), src, opt.OpenOptions...)
+	if err != nil {
+		return nil, fmt.Errorf("multipart upload failed to initialise: %w", err)
+	}
+
+	// make concurrency machinery
+	concurrency := info.Concurrency
+	if concurrency < 1 {
+		concurrency = 1
+	}
+	tokens := pacer.NewTokenDispenser(concurrency)
+
+	uploadCtx, cancel := context.WithCancel(ctx)
+	defer cancel()
+	defer atexit.OnError(&err, func() {
+		cancel()
+		if info.LeavePartsOnError {
+			return
+		}
+		fs.Debugf(src, "Cancelling multipart upload")
+		errCancel := chunkWriter.Abort(ctx)
+		if errCancel != nil {
+			fs.Debugf(src, "Failed to cancel multipart upload: %v", errCancel)
+		}
+	})()
+
+	var (
+		g, gCtx   = errgroup.WithContext(uploadCtx)
+		finished  = false
+		off       int64
+		size      = src.Size()
+		chunkSize = info.ChunkSize
+	)
+
+	// Do the accounting manually
+	in, acc := accounting.UnWrapAccounting(in)
+
+	for partNum := int64(0); !finished; partNum++ {
+		// Get a block of memory from the pool and token which limits concurrency.
+		tokens.Get()
+		rw := NewRW()
+		if acc != nil {
+			rw.SetAccounting(acc.AccountRead)
+		}
+
+		free := func() {
+			// return the memory and token
+			_ = rw.Close() // Can't return an error
+			tokens.Put()
+		}
+
+		// Fail fast, in case an errgroup managed function returns an error
+		// gCtx is cancelled. There is no point in uploading all the other parts.
+		if gCtx.Err() != nil {
+			free()
+			break
+		}
+
+		// Read the chunk
+		var n int64
+		n, err = io.CopyN(rw, in, chunkSize)
+		if err == io.EOF {
+			if n == 0 && partNum != 0 { // end if no data and if not first chunk
+				free()
+				break
+			}
+			finished = true
+		} else if err != nil {
+			free()
+			return nil, fmt.Errorf("multipart upload: failed to read source: %w", err)
+		}
+
+		partNum := partNum
+		partOff := off
+		off += n
+		g.Go(func() (err error) {
+			defer free()
+			fs.Debugf(src, "multipart upload: starting chunk %d size %v offset %v/%v", partNum, fs.SizeSuffix(n), fs.SizeSuffix(partOff), fs.SizeSuffix(size))
+			_, err = chunkWriter.WriteChunk(gCtx, int(partNum), rw)
+			return err
+		})
+	}
+
+	err = g.Wait()
+	if err != nil {
+		return nil, err
+	}
+
+	err = chunkWriter.Close(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("multipart upload: failed to finalise: %w", err)
+	}
+
+	return chunkWriter, nil
+}
diff --git a/lib/oauthutil/oauthutil.go b/lib/oauthutil/oauthutil.go
index 80fe41b82f86c..d3562e41a2e74 100644
--- a/lib/oauthutil/oauthutil.go
+++ b/lib/oauthutil/oauthutil.go
@@ -82,15 +82,18 @@ All done. Please go back to rclone.
 
 // SharedOptions are shared between backends the utilize an OAuth flow
 var SharedOptions = []fs.Option{{
-	Name: config.ConfigClientID,
-	Help: "OAuth Client Id.\n\nLeave blank normally.",
+	Name:      config.ConfigClientID,
+	Help:      "OAuth Client Id.\n\nLeave blank normally.",
+	Sensitive: true,
 }, {
-	Name: config.ConfigClientSecret,
-	Help: "OAuth Client Secret.\n\nLeave blank normally.",
+	Name:      config.ConfigClientSecret,
+	Help:      "OAuth Client Secret.\n\nLeave blank normally.",
+	Sensitive: true,
 }, {
-	Name:     config.ConfigToken,
-	Help:     "OAuth Access Token as a JSON blob.",
-	Advanced: true,
+	Name:      config.ConfigToken,
+	Help:      "OAuth Access Token as a JSON blob.",
+	Advanced:  true,
+	Sensitive: true,
 }, {
 	Name:     config.ConfigAuthURL,
 	Help:     "Auth server URL.\n\nLeave blank to use the provider defaults.",
@@ -229,7 +232,7 @@ func maybeWrapOAuthError(err error, remoteName string) (newErr error) {
 			var suggestion string
 			switch resp.Error {
 			case "invalid_client", "unauthorized_client", "unsupported_grant_type", "invalid_scope":
-				suggestion = fmt.Sprintf("if you're using your own client id/secret, make sure they're properly set up following the docs")
+				suggestion = "if you're using your own client id/secret, make sure they're properly set up following the docs"
 			case "invalid_grant":
 				fallthrough
 			default:
diff --git a/lib/oauthutil/renew.go b/lib/oauthutil/renew.go
index 29786cf69aaf3..7f98491e8a6cc 100644
--- a/lib/oauthutil/renew.go
+++ b/lib/oauthutil/renew.go
@@ -10,7 +10,7 @@ import (
 type Renew struct {
 	name    string       // name to use in logs
 	ts      *TokenSource // token source that needs renewing
-	uploads int32        // number of uploads in progress - atomic access required
+	uploads atomic.Int32 // number of uploads in progress
 	run     func() error // a transaction to run to renew the token on
 }
 
@@ -37,7 +37,7 @@ func (r *Renew) renewOnExpiry() {
 	expiry := r.ts.OnExpiry()
 	for {
 		<-expiry
-		uploads := atomic.LoadInt32(&r.uploads)
+		uploads := r.uploads.Load()
 		if uploads != 0 {
 			fs.Debugf(r.name, "Token expired - %d uploads in progress - refreshing", uploads)
 			// Do a transaction
@@ -55,12 +55,12 @@ func (r *Renew) renewOnExpiry() {
 
 // Start should be called before starting an upload
 func (r *Renew) Start() {
-	atomic.AddInt32(&r.uploads, 1)
+	r.uploads.Add(1)
 }
 
 // Stop should be called after finishing an upload
 func (r *Renew) Stop() {
-	atomic.AddInt32(&r.uploads, -1)
+	r.uploads.Add(-1)
 }
 
 // Invalidate invalidates the token source
diff --git a/lib/pacer/pacer.go b/lib/pacer/pacer.go
index 4b1cbb37b022e..6cfcb84d63e99 100644
--- a/lib/pacer/pacer.go
+++ b/lib/pacer/pacer.go
@@ -75,7 +75,7 @@ type Paced func() (bool, error)
 // New returns a Pacer with sensible defaults.
 func New(options ...Option) *Pacer {
 	opts := pacerOptions{
-		maxConnections: 10,
+		maxConnections: 0,
 		retries:        3,
 	}
 	for _, o := range options {
@@ -103,7 +103,7 @@ func New(options ...Option) *Pacer {
 // SetMaxConnections sets the maximum number of concurrent connections.
 // Setting the value to 0 will allow unlimited number of connections.
 // Should not be changed once you have started calling the pacer.
-// By default this will be set to fs.Config.Checkers.
+// By default this will be 0.
 func (p *Pacer) SetMaxConnections(n int) {
 	p.mu.Lock()
 	defer p.mu.Unlock()
diff --git a/lib/pool/reader_writer.go b/lib/pool/reader_writer.go
new file mode 100644
index 0000000000000..18bd11e8e148c
--- /dev/null
+++ b/lib/pool/reader_writer.go
@@ -0,0 +1,276 @@
+package pool
+
+import (
+	"errors"
+	"io"
+)
+
+// RWAccount is a function which will be called after every read
+// from the RW.
+//
+// It may return an error which will be passed back to the user.
+type RWAccount func(n int) error
+
+// RW contains the state for the read/writer
+type RW struct {
+	pool       *Pool     // pool to get pages from
+	pages      [][]byte  // backing store
+	size       int       // size written
+	out        int       // offset we are reading from
+	lastOffset int       // size in last page
+	account    RWAccount // account for a read
+	reads      int       // count how many times the data has been read
+	accountOn  int       // only account on or after this read
+}
+
+var (
+	errInvalidWhence = errors.New("pool.RW Seek: invalid whence")
+	errNegativeSeek  = errors.New("pool.RW Seek: negative position")
+	errSeekPastEnd   = errors.New("pool.RW Seek: attempt to seek past end of data")
+)
+
+// NewRW returns a reader / writer which is backed from pages from the
+// pool passed in.
+//
+// Data can be stored in it by calling Write and read from it by
+// calling Read.
+//
+// When writing it only appends data. Seek only applies to reading.
+func NewRW(pool *Pool) *RW {
+	return &RW{
+		pool:  pool,
+		pages: make([][]byte, 0, 16),
+	}
+}
+
+// SetAccounting should be provided with a function which will be
+// called after every read from the RW.
+//
+// It may return an error which will be passed back to the user.
+func (rw *RW) SetAccounting(account RWAccount) *RW {
+	rw.account = account
+	return rw
+}
+
+// DelayAccountinger enables an accounting delay
+type DelayAccountinger interface {
+	// DelayAccounting makes sure the accounting function only
+	// gets called on the i-th or later read of the data from this
+	// point (counting from 1).
+	//
+	// This is useful so that we don't account initial reads of
+	// the data e.g. when calculating hashes.
+	//
+	// Set this to 0 to account everything.
+	DelayAccounting(i int)
+}
+
+// DelayAccounting makes sure the accounting function only gets called
+// on the i-th or later read of the data from this point (counting
+// from 1).
+//
+// This is useful so that we don't account initial reads of the data
+// e.g. when calculating hashes.
+//
+// Set this to 0 to account everything.
+func (rw *RW) DelayAccounting(i int) {
+	rw.accountOn = i
+	rw.reads = 0
+}
+
+// Returns the page and offset of i for reading.
+//
+// Ensure there are pages before calling this.
+func (rw *RW) readPage(i int) (page []byte) {
+	// Count a read of the data if we read the first page
+	if i == 0 {
+		rw.reads++
+	}
+	pageNumber := i / rw.pool.bufferSize
+	offset := i % rw.pool.bufferSize
+	page = rw.pages[pageNumber]
+	// Clip the last page to the amount written
+	if pageNumber == len(rw.pages)-1 {
+		page = page[:rw.lastOffset]
+	}
+	return page[offset:]
+}
+
+// account for n bytes being read
+func (rw *RW) accountRead(n int) error {
+	if rw.account == nil {
+		return nil
+	}
+	// Don't start accounting until we've reached this many reads
+	//
+	// rw.reads will be 1 the first time this is called
+	// rw.accountOn 2 means start accounting on the 2nd read through
+	if rw.reads >= rw.accountOn {
+		return rw.account(n)
+	}
+	return nil
+}
+
+// Read reads up to len(p) bytes into p. It returns the number of
+// bytes read (0 <= n <= len(p)) and any error encountered. If some
+// data is available but not len(p) bytes, Read returns what is
+// available instead of waiting for more.
+func (rw *RW) Read(p []byte) (n int, err error) {
+	var (
+		nn   int
+		page []byte
+	)
+	for len(p) > 0 {
+		if rw.out >= rw.size {
+			return n, io.EOF
+		}
+		page = rw.readPage(rw.out)
+		nn = copy(p, page)
+		p = p[nn:]
+		n += nn
+		rw.out += nn
+		err = rw.accountRead(nn)
+		if err != nil {
+			return n, err
+		}
+	}
+	return n, nil
+}
+
+// WriteTo writes data to w until there's no more data to write or
+// when an error occurs. The return value n is the number of bytes
+// written. Any error encountered during the write is also returned.
+//
+// The Copy function uses WriteTo if available. This avoids an
+// allocation and a copy.
+func (rw *RW) WriteTo(w io.Writer) (n int64, err error) {
+	var (
+		nn   int
+		page []byte
+	)
+	for rw.out < rw.size {
+		page = rw.readPage(rw.out)
+		nn, err = w.Write(page)
+		n += int64(nn)
+		rw.out += nn
+		if err != nil {
+			return n, err
+		}
+		err = rw.accountRead(nn)
+		if err != nil {
+			return n, err
+		}
+	}
+	return n, nil
+}
+
+// Get the page we are writing to
+func (rw *RW) writePage() (page []byte) {
+	if len(rw.pages) > 0 && rw.lastOffset < rw.pool.bufferSize {
+		return rw.pages[len(rw.pages)-1][rw.lastOffset:]
+	}
+	page = rw.pool.Get()
+	rw.pages = append(rw.pages, page)
+	rw.lastOffset = 0
+	return page
+}
+
+// Write writes len(p) bytes from p to the underlying data stream. It returns
+// the number of bytes written len(p). It cannot return an error.
+func (rw *RW) Write(p []byte) (n int, err error) {
+	var (
+		nn   int
+		page []byte
+	)
+	for len(p) > 0 {
+		page = rw.writePage()
+		nn = copy(page, p)
+		p = p[nn:]
+		n += nn
+		rw.size += nn
+		rw.lastOffset += nn
+	}
+	return n, nil
+}
+
+// ReadFrom reads data from r until EOF or error. The return value n is the
+// number of bytes read. Any error except EOF encountered during the read is
+// also returned.
+//
+// The Copy function uses ReadFrom if available. This avoids an
+// allocation and a copy.
+func (rw *RW) ReadFrom(r io.Reader) (n int64, err error) {
+	var (
+		nn   int
+		page []byte
+	)
+	for err == nil {
+		page = rw.writePage()
+		nn, err = r.Read(page)
+		n += int64(nn)
+		rw.size += nn
+		rw.lastOffset += nn
+	}
+	if err == io.EOF {
+		err = nil
+	}
+	return n, err
+}
+
+// Seek sets the offset for the next Read (not Write - this is always
+// appended) to offset, interpreted according to whence: SeekStart
+// means relative to the start of the file, SeekCurrent means relative
+// to the current offset, and SeekEnd means relative to the end (for
+// example, offset = -2 specifies the penultimate byte of the file).
+// Seek returns the new offset relative to the start of the file or an
+// error, if any.
+//
+// Seeking to an offset before the start of the file is an error. Seeking
+// beyond the end of the written data is an error.
+func (rw *RW) Seek(offset int64, whence int) (int64, error) {
+	var abs int64
+	size := int64(rw.size)
+	switch whence {
+	case io.SeekStart:
+		abs = offset
+	case io.SeekCurrent:
+		abs = int64(rw.out) + offset
+	case io.SeekEnd:
+		abs = size + offset
+	default:
+		return 0, errInvalidWhence
+	}
+	if abs < 0 {
+		return 0, errNegativeSeek
+	}
+	if abs > size {
+		return offset - (abs - size), errSeekPastEnd
+	}
+	rw.out = int(abs)
+	return abs, nil
+}
+
+// Close the buffer returning memory to the pool
+func (rw *RW) Close() error {
+	for _, page := range rw.pages {
+		rw.pool.Put(page)
+	}
+	rw.pages = nil
+	return nil
+}
+
+// Size returns the number of bytes in the buffer
+func (rw *RW) Size() int64 {
+	return int64(rw.size)
+}
+
+// Check interfaces
+var (
+	_ io.Reader         = (*RW)(nil)
+	_ io.ReaderFrom     = (*RW)(nil)
+	_ io.Writer         = (*RW)(nil)
+	_ io.WriterTo       = (*RW)(nil)
+	_ io.Seeker         = (*RW)(nil)
+	_ io.Closer         = (*RW)(nil)
+	_ DelayAccountinger = (*RW)(nil)
+)
diff --git a/lib/pool/reader_writer_test.go b/lib/pool/reader_writer_test.go
new file mode 100644
index 0000000000000..e9e02c22ed169
--- /dev/null
+++ b/lib/pool/reader_writer_test.go
@@ -0,0 +1,491 @@
+package pool
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"testing"
+	"time"
+
+	"github.com/rclone/rclone/lib/random"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const blockSize = 4096
+
+var rwPool = New(60*time.Second, blockSize, 2, false)
+
+// A writer that always returns an error
+type testWriterError struct{}
+
+var errWriteError = errors.New("write error")
+
+func (testWriterError) Write(p []byte) (n int, err error) {
+	return 0, errWriteError
+}
+
+func TestRW(t *testing.T) {
+	var dst []byte
+	var pos int64
+	var err error
+	var n int
+
+	testData := []byte("Goodness!!") // 10 bytes long
+
+	newRW := func() *RW {
+		rw := NewRW(rwPool)
+		buf := bytes.NewBuffer(testData)
+		nn, err := rw.ReadFrom(buf) // fill up with goodness
+		assert.NoError(t, err)
+		assert.Equal(t, int64(10), nn)
+		assert.Equal(t, int64(10), rw.Size())
+		return rw
+	}
+
+	close := func(rw *RW) {
+		assert.NoError(t, rw.Close())
+	}
+
+	t.Run("Empty", func(t *testing.T) {
+		// Test empty read
+		rw := NewRW(rwPool)
+		defer close(rw)
+		assert.Equal(t, int64(0), rw.Size())
+
+		dst = make([]byte, 10)
+		n, err = rw.Read(dst)
+		assert.Equal(t, io.EOF, err)
+		assert.Equal(t, 0, n)
+		assert.Equal(t, int64(0), rw.Size())
+	})
+
+	t.Run("Full", func(t *testing.T) {
+		rw := newRW()
+		defer close(rw)
+
+		// Test full read
+		dst = make([]byte, 100)
+		n, err = rw.Read(dst)
+		assert.Equal(t, io.EOF, err)
+		assert.Equal(t, 10, n)
+		assert.Equal(t, testData, dst[0:10])
+
+		// Test read EOF
+		n, err = rw.Read(dst)
+		assert.Equal(t, io.EOF, err)
+		assert.Equal(t, 0, n)
+
+		// Test Seek Back to start
+		dst = make([]byte, 10)
+		pos, err = rw.Seek(0, io.SeekStart)
+		assert.Nil(t, err)
+		assert.Equal(t, 0, int(pos))
+
+		// Now full read
+		n, err = rw.Read(dst)
+		assert.Nil(t, err)
+		assert.Equal(t, 10, n)
+		assert.Equal(t, testData, dst)
+	})
+
+	t.Run("WriteTo", func(t *testing.T) {
+		rw := newRW()
+		defer close(rw)
+		var b bytes.Buffer
+
+		n, err := rw.WriteTo(&b)
+		assert.NoError(t, err)
+		assert.Equal(t, int64(10), n)
+		assert.Equal(t, testData, b.Bytes())
+	})
+
+	t.Run("WriteToError", func(t *testing.T) {
+		rw := newRW()
+		defer close(rw)
+		w := testWriterError{}
+
+		n, err := rw.WriteTo(w)
+		assert.Equal(t, errWriteError, err)
+		assert.Equal(t, int64(0), n)
+	})
+
+	t.Run("Partial", func(t *testing.T) {
+		// Test partial read
+		rw := newRW()
+		defer close(rw)
+
+		dst = make([]byte, 5)
+		n, err = rw.Read(dst)
+		assert.Nil(t, err)
+		assert.Equal(t, 5, n)
+		assert.Equal(t, testData[0:5], dst)
+		n, err = rw.Read(dst)
+		assert.Nil(t, err)
+		assert.Equal(t, 5, n)
+		assert.Equal(t, testData[5:], dst)
+	})
+
+	t.Run("Seek", func(t *testing.T) {
+		// Test Seek
+		rw := newRW()
+		defer close(rw)
+
+		// Seek to end
+		pos, err = rw.Seek(10, io.SeekStart)
+		assert.NoError(t, err)
+		assert.Equal(t, int64(10), pos)
+
+		// Seek to start
+		pos, err = rw.Seek(0, io.SeekStart)
+		assert.NoError(t, err)
+		assert.Equal(t, int64(0), pos)
+
+		// Should not allow seek past cache index
+		pos, err = rw.Seek(11, io.SeekCurrent)
+		assert.Equal(t, errSeekPastEnd, err)
+		assert.Equal(t, 10, int(pos))
+
+		// Should not allow seek to negative position start
+		pos, err = rw.Seek(-1, io.SeekCurrent)
+		assert.Equal(t, errNegativeSeek, err)
+		assert.Equal(t, 0, int(pos))
+
+		// Should not allow seek with invalid whence
+		pos, err = rw.Seek(0, 3)
+		assert.Equal(t, errInvalidWhence, err)
+		assert.Equal(t, 0, int(pos))
+
+		// Should seek from index with io.SeekCurrent(1) whence
+		dst = make([]byte, 5)
+		_, _ = rw.Read(dst)
+		pos, err = rw.Seek(-3, io.SeekCurrent)
+		assert.Nil(t, err)
+		assert.Equal(t, 2, int(pos))
+		pos, err = rw.Seek(1, io.SeekCurrent)
+		assert.Nil(t, err)
+		assert.Equal(t, 3, int(pos))
+
+		// Should seek from cache end with io.SeekEnd(2) whence
+		pos, err = rw.Seek(-3, io.SeekEnd)
+		assert.Nil(t, err)
+		assert.Equal(t, 7, int(pos))
+
+		// Should read from seek position and past it
+		dst = make([]byte, 3)
+		n, err = io.ReadFull(rw, dst)
+		assert.Nil(t, err)
+		assert.Equal(t, 3, n)
+		assert.Equal(t, testData[7:10], dst)
+	})
+
+	t.Run("Account", func(t *testing.T) {
+		errBoom := errors.New("accounting error")
+
+		t.Run("Read", func(t *testing.T) {
+			rw := newRW()
+			defer close(rw)
+
+			var total int
+			rw.SetAccounting(func(n int) error {
+				total += n
+				return nil
+			})
+
+			dst = make([]byte, 3)
+			n, err = rw.Read(dst)
+			assert.Equal(t, 3, n)
+			assert.NoError(t, err)
+			assert.Equal(t, 3, total)
+		})
+
+		t.Run("WriteTo", func(t *testing.T) {
+			rw := newRW()
+			defer close(rw)
+			var b bytes.Buffer
+
+			var total int
+			rw.SetAccounting(func(n int) error {
+				total += n
+				return nil
+			})
+
+			n, err := rw.WriteTo(&b)
+			assert.NoError(t, err)
+			assert.Equal(t, 10, total)
+			assert.Equal(t, int64(10), n)
+			assert.Equal(t, testData, b.Bytes())
+		})
+
+		t.Run("ReadDelay", func(t *testing.T) {
+			rw := newRW()
+			defer close(rw)
+
+			var total int
+			rw.SetAccounting(func(n int) error {
+				total += n
+				return nil
+			})
+
+			rewind := func() {
+				_, err := rw.Seek(0, io.SeekStart)
+				require.NoError(t, err)
+			}
+
+			rw.DelayAccounting(3)
+
+			dst = make([]byte, 16)
+
+			n, err = rw.Read(dst)
+			assert.Equal(t, 10, n)
+			assert.Equal(t, io.EOF, err)
+			assert.Equal(t, 0, total)
+			rewind()
+
+			n, err = rw.Read(dst)
+			assert.Equal(t, 10, n)
+			assert.Equal(t, io.EOF, err)
+			assert.Equal(t, 0, total)
+			rewind()
+
+			n, err = rw.Read(dst)
+			assert.Equal(t, 10, n)
+			assert.Equal(t, io.EOF, err)
+			assert.Equal(t, 10, total)
+			rewind()
+
+			n, err = rw.Read(dst)
+			assert.Equal(t, 10, n)
+			assert.Equal(t, io.EOF, err)
+			assert.Equal(t, 20, total)
+			rewind()
+		})
+
+		t.Run("WriteToDelay", func(t *testing.T) {
+			rw := newRW()
+			defer close(rw)
+			var b bytes.Buffer
+
+			var total int
+			rw.SetAccounting(func(n int) error {
+				total += n
+				return nil
+			})
+
+			rw.DelayAccounting(3)
+
+			rewind := func() {
+				_, err := rw.Seek(0, io.SeekStart)
+				require.NoError(t, err)
+				b.Reset()
+			}
+
+			n, err := rw.WriteTo(&b)
+			assert.NoError(t, err)
+			assert.Equal(t, 0, total)
+			assert.Equal(t, int64(10), n)
+			assert.Equal(t, testData, b.Bytes())
+			rewind()
+
+			n, err = rw.WriteTo(&b)
+			assert.NoError(t, err)
+			assert.Equal(t, 0, total)
+			assert.Equal(t, int64(10), n)
+			assert.Equal(t, testData, b.Bytes())
+			rewind()
+
+			n, err = rw.WriteTo(&b)
+			assert.NoError(t, err)
+			assert.Equal(t, 10, total)
+			assert.Equal(t, int64(10), n)
+			assert.Equal(t, testData, b.Bytes())
+			rewind()
+
+			n, err = rw.WriteTo(&b)
+			assert.NoError(t, err)
+			assert.Equal(t, 20, total)
+			assert.Equal(t, int64(10), n)
+			assert.Equal(t, testData, b.Bytes())
+			rewind()
+		})
+
+		t.Run("ReadError", func(t *testing.T) {
+			// Test accounting errors
+			rw := newRW()
+			defer close(rw)
+
+			rw.SetAccounting(func(n int) error {
+				return errBoom
+			})
+
+			dst = make([]byte, 3)
+			n, err = rw.Read(dst)
+			assert.Equal(t, 3, n)
+			assert.Equal(t, errBoom, err)
+		})
+
+		t.Run("WriteToError", func(t *testing.T) {
+			rw := newRW()
+			defer close(rw)
+			rw.SetAccounting(func(n int) error {
+				return errBoom
+			})
+			var b bytes.Buffer
+
+			n, err := rw.WriteTo(&b)
+			assert.Equal(t, errBoom, err)
+			assert.Equal(t, int64(10), n)
+			assert.Equal(t, testData, b.Bytes())
+		})
+	})
+
+}
+
+// A reader to read in chunkSize chunks
+type testReader struct {
+	data      []byte
+	chunkSize int
+}
+
+// Read in chunkSize chunks
+func (r *testReader) Read(p []byte) (n int, err error) {
+	if len(r.data) == 0 {
+		return 0, io.EOF
+	}
+	chunkSize := r.chunkSize
+	if chunkSize > len(r.data) {
+		chunkSize = len(r.data)
+	}
+	n = copy(p, r.data[:chunkSize])
+	r.data = r.data[n:]
+	return n, nil
+}
+
+// A writer to write in chunkSize chunks
+type testWriter struct {
+	t         *testing.T
+	data      []byte
+	chunkSize int
+	buf       []byte
+	offset    int
+}
+
+// Write in chunkSize chunks
+func (w *testWriter) Write(p []byte) (n int, err error) {
+	if w.buf == nil {
+		w.buf = make([]byte, w.chunkSize)
+	}
+	n = copy(w.buf, p)
+	assert.Equal(w.t, w.data[w.offset:w.offset+n], w.buf[:n])
+	w.offset += n
+	return n, nil
+}
+
+func TestRWBoundaryConditions(t *testing.T) {
+	var accounted int
+	account := func(n int) error {
+		accounted += n
+		return nil
+	}
+
+	maxSize := 3 * blockSize
+	buf := []byte(random.String(maxSize))
+
+	sizes := []int{
+		1, 2, 3,
+		blockSize - 2, blockSize - 1, blockSize, blockSize + 1, blockSize + 2,
+		2*blockSize - 2, 2*blockSize - 1, 2 * blockSize, 2*blockSize + 1, 2*blockSize + 2,
+		3*blockSize - 2, 3*blockSize - 1, 3 * blockSize,
+	}
+
+	// Write the data in chunkSize chunks
+	write := func(rw *RW, data []byte, chunkSize int) {
+		writeData := data
+		for len(writeData) > 0 {
+			i := chunkSize
+			if i > len(writeData) {
+				i = len(writeData)
+			}
+			nn, err := rw.Write(writeData[:i])
+			assert.NoError(t, err)
+			assert.Equal(t, len(writeData[:i]), nn)
+			writeData = writeData[nn:]
+		}
+	}
+
+	// Write the data in chunkSize chunks using ReadFrom
+	readFrom := func(rw *RW, data []byte, chunkSize int) {
+		nn, err := rw.ReadFrom(&testReader{
+			data:      data,
+			chunkSize: chunkSize,
+		})
+		assert.NoError(t, err)
+		assert.Equal(t, int64(len(data)), nn)
+	}
+
+	// Read the data back and check it is OK in chunkSize chunks
+	read := func(rw *RW, data []byte, chunkSize int) {
+		size := len(data)
+		buf := make([]byte, chunkSize)
+		offset := 0
+		for {
+			nn, err := rw.Read(buf)
+			expectedRead := len(buf)
+			if offset+chunkSize > size {
+				expectedRead = size - offset
+				assert.Equal(t, err, io.EOF)
+			} else {
+				assert.NoError(t, err)
+			}
+			assert.Equal(t, expectedRead, nn)
+			assert.Equal(t, data[offset:offset+nn], buf[:nn])
+			offset += nn
+			if err == io.EOF {
+				break
+			}
+		}
+	}
+
+	// Read the data back and check it is OK in chunkSize chunks using WriteTo
+	writeTo := func(rw *RW, data []byte, chunkSize int) {
+		nn, err := rw.WriteTo(&testWriter{
+			t:         t,
+			data:      data,
+			chunkSize: chunkSize,
+		})
+		assert.NoError(t, err)
+		assert.Equal(t, int64(len(data)), nn)
+	}
+
+	type test struct {
+		name string
+		fn   func(*RW, []byte, int)
+	}
+
+	// Read and Write the data with a range of block sizes and functions
+	for _, write := range []test{{"Write", write}, {"ReadFrom", readFrom}} {
+		t.Run(write.name, func(t *testing.T) {
+			for _, read := range []test{{"Read", read}, {"WriteTo", writeTo}} {
+				t.Run(read.name, func(t *testing.T) {
+					for _, size := range sizes {
+						data := buf[:size]
+						for _, chunkSize := range sizes {
+							//t.Logf("Testing size=%d chunkSize=%d", useWrite, size, chunkSize)
+							rw := NewRW(rwPool)
+							assert.Equal(t, int64(0), rw.Size())
+							accounted = 0
+							rw.SetAccounting(account)
+							assert.Equal(t, 0, accounted)
+							write.fn(rw, data, chunkSize)
+							assert.Equal(t, int64(size), rw.Size())
+							assert.Equal(t, 0, accounted)
+							read.fn(rw, data, chunkSize)
+							assert.NoError(t, rw.Close())
+							assert.Equal(t, size, accounted)
+						}
+					}
+				})
+			}
+		})
+	}
+}
diff --git a/lib/proxy/socks.go b/lib/proxy/socks.go
new file mode 100644
index 0000000000000..1f8e3c40a9b0e
--- /dev/null
+++ b/lib/proxy/socks.go
@@ -0,0 +1,42 @@
+// Package proxy enables SOCKS5 proxy dialling
+package proxy
+
+import (
+	"fmt"
+	"net"
+	"strings"
+
+	"golang.org/x/net/proxy"
+)
+
+// SOCKS5Dial dials a net.Conn using a SOCKS5 proxy server.
+// The socks5Proxy address can be in the form of [user:password@]host:port, [user@]host:port or just host:port if no auth is required.
+// It will optionally take a proxyDialer to dial the SOCKS5 proxy server. If nil is passed, it will use the default net.Dialer.
+func SOCKS5Dial(network, addr, socks5Proxy string, proxyDialer proxy.Dialer) (net.Conn, error) {
+
+	if proxyDialer == nil {
+		proxyDialer = &net.Dialer{}
+	}
+	var (
+		proxyAddress string
+		proxyAuth    *proxy.Auth
+	)
+	if credsAndHost := strings.SplitN(socks5Proxy, "@", 2); len(credsAndHost) == 2 {
+		proxyCreds := strings.SplitN(credsAndHost[0], ":", 2)
+		proxyAuth = &proxy.Auth{
+			User: proxyCreds[0],
+		}
+		if len(proxyCreds) == 2 {
+			proxyAuth.Password = proxyCreds[1]
+		}
+		proxyAddress = credsAndHost[1]
+	} else {
+		proxyAddress = credsAndHost[0]
+	}
+	proxyDialer, err := proxy.SOCKS5("tcp", proxyAddress, proxyAuth, proxyDialer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create proxy dialer: %w", err)
+	}
+	return proxyDialer.Dial(network, addr)
+
+}
diff --git a/lib/random/random.go b/lib/random/random.go
index 08e752b8458f6..8a7dfa077fce0 100644
--- a/lib/random/random.go
+++ b/lib/random/random.go
@@ -4,28 +4,35 @@ package random
 import (
 	cryptorand "crypto/rand"
 	"encoding/base64"
-	"encoding/binary"
 	"fmt"
-	mathrand "math/rand"
+	"io"
 )
 
 // StringFn create a random string for test purposes using the random
 // number generator function passed in.
 //
 // Do not use these for passwords.
-func StringFn(n int, randIntn func(n int) int) string {
+func StringFn(n int, randReader io.Reader) string {
 	const (
 		vowel     = "aeiou"
 		consonant = "bcdfghjklmnpqrstvwxyz"
 		digit     = "0123456789"
 	)
-	pattern := []string{consonant, vowel, consonant, vowel, consonant, vowel, consonant, digit}
-	out := make([]byte, n)
-	p := 0
+	var (
+		pattern = []string{consonant, vowel, consonant, vowel, consonant, vowel, consonant, digit}
+		out     = make([]byte, n)
+		p       = 0
+	)
+	_, err := io.ReadFull(randReader, out)
+	if err != nil {
+		panic(fmt.Sprintf("internal error: failed to read from random reader: %v", err))
+	}
 	for i := range out {
 		source := pattern[p]
 		p = (p + 1) % len(pattern)
-		out[i] = source[randIntn(len(source))]
+		// this generation method means the distribution is slightly biased. However these
+		// strings are not for passwords so this is deemed OK.
+		out[i] = source[out[i]%byte(len(source))]
 	}
 	return string(out)
 }
@@ -34,7 +41,7 @@ func StringFn(n int, randIntn func(n int) int) string {
 //
 // Do not use these for passwords.
 func String(n int) string {
-	return StringFn(n, mathrand.Intn)
+	return StringFn(n, cryptorand.Reader)
 }
 
 // Password creates a crypto strong password which is just about
@@ -60,19 +67,3 @@ func Password(bits int) (password string, err error) {
 	password = base64.RawURLEncoding.EncodeToString(pw)
 	return password, nil
 }
-
-// Seed the global math/rand with crypto strong data
-//
-// This doesn't make it OK to use math/rand in crypto sensitive
-// environments - don't do that! However it does help to mitigate the
-// problem if that happens accidentally. This would have helped with
-// CVE-2020-28924 - #4783
-func Seed() error {
-	var seed int64
-	err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
-	if err != nil {
-		return fmt.Errorf("failed to read random seed: %w", err)
-	}
-	mathrand.Seed(seed)
-	return nil
-}
diff --git a/lib/random/random_seed.go b/lib/random/random_seed.go
new file mode 100644
index 0000000000000..c0c165779ce7e
--- /dev/null
+++ b/lib/random/random_seed.go
@@ -0,0 +1,17 @@
+//go:build go1.20
+
+package random
+
+// Seed the global math/rand with crypto strong data
+//
+// This doesn't make it OK to use math/rand in crypto sensitive
+// environments - don't do that! However it does help to mitigate the
+// problem if that happens accidentally. This would have helped with
+// CVE-2020-28924 - #4783
+//
+// As of Go 1.20 there is no reason to call math/rand.Seed with a
+// random value as it is self seeded to a random 64 bit number so this
+// does nothing.
+func Seed() error {
+	return nil
+}
diff --git a/lib/random/random_seed_old.go b/lib/random/random_seed_old.go
new file mode 100644
index 0000000000000..8fce03ec3b4c4
--- /dev/null
+++ b/lib/random/random_seed_old.go
@@ -0,0 +1,29 @@
+//go:build !go1.20
+
+package random
+
+import (
+	cryptorand "crypto/rand"
+	"encoding/binary"
+	"fmt"
+	mathrand "math/rand"
+)
+
+// Seed the global math/rand with crypto strong data
+//
+// This doesn't make it OK to use math/rand in crypto sensitive
+// environments - don't do that! However it does help to mitigate the
+// problem if that happens accidentally. This would have helped with
+// CVE-2020-28924 - #4783
+//
+// As of Go 1.20 there is no reason to call math/rand.Seed with a
+// random value as it is self seeded to a random 64 bit number.
+func Seed() error {
+	var seed int64
+	err := binary.Read(cryptorand.Reader, binary.LittleEndian, &seed)
+	if err != nil {
+		return fmt.Errorf("failed to read random seed: %w", err)
+	}
+	mathrand.Seed(seed)
+	return nil
+}
diff --git a/lib/readers/gzip_test.go b/lib/readers/gzip_test.go
index 799e52f6e6122..3999e33366695 100644
--- a/lib/readers/gzip_test.go
+++ b/lib/readers/gzip_test.go
@@ -38,7 +38,7 @@ func TestGzipReader(t *testing.T) {
 	require.NoError(t, err)
 	_, err = io.Copy(&decompressed, zr)
 	require.NoError(t, err)
-	assert.Equal(t, data, string(decompressed.Bytes()))
+	assert.Equal(t, data, decompressed.String())
 
 	// Check the underlying close gets called
 	assert.False(t, cc.closed)
diff --git a/lib/readers/noseeker.go b/lib/readers/noseeker.go
new file mode 100644
index 0000000000000..1cd7e762c3fe3
--- /dev/null
+++ b/lib/readers/noseeker.go
@@ -0,0 +1,22 @@
+package readers
+
+import (
+	"errors"
+	"io"
+)
+
+var (
+	errCantSeek = errors.New("can't Seek")
+)
+
+// NoSeeker adapts an io.Reader into an io.ReadSeeker.
+//
+// However if Seek() is called it will return an error.
+type NoSeeker struct {
+	io.Reader
+}
+
+// Seek the stream - returns an error
+func (r NoSeeker) Seek(offset int64, whence int) (abs int64, err error) {
+	return 0, errCantSeek
+}
diff --git a/lib/readers/noseeker_test.go b/lib/readers/noseeker_test.go
new file mode 100644
index 0000000000000..3f8d88c2f0c16
--- /dev/null
+++ b/lib/readers/noseeker_test.go
@@ -0,0 +1,31 @@
+package readers
+
+import (
+	"bytes"
+	"io"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNoSeeker(t *testing.T) {
+	r := bytes.NewBufferString("hello")
+	rs := NoSeeker{Reader: r}
+
+	// Check read
+	b := make([]byte, 4)
+	n, err := rs.Read(b)
+	assert.NoError(t, err)
+	assert.Equal(t, 4, n)
+	assert.Equal(t, []byte("hell"), b)
+
+	// Check seek
+	_, err = rs.Seek(0, io.SeekCurrent)
+	assert.Equal(t, errCantSeek, err)
+}
+
+// check interfaces
+var (
+	_ io.Reader = NoSeeker{}
+	_ io.Seeker = NoSeeker{}
+)
diff --git a/lib/rest/rest.go b/lib/rest/rest.go
index b5f575ce79267..a7bba472ba627 100644
--- a/lib/rest/rest.go
+++ b/lib/rest/rest.go
@@ -130,7 +130,8 @@ type Opts struct {
 	Path                  string // relative to RootURL
 	RootURL               string // override RootURL passed into SetRoot()
 	Body                  io.Reader
-	NoResponse            bool // set to close Body
+	GetBody               func() (io.ReadCloser, error) // body builder, needed to enable low-level HTTP/2 retries
+	NoResponse            bool                          // set to close Body
 	ContentType           string
 	ContentLength         *int64
 	ContentRange          string
@@ -156,16 +157,41 @@ func (o *Opts) Copy() *Opts {
 	return &newOpts
 }
 
+const drainLimit = 10 * 1024 * 1024
+
+// drainAndClose discards up to drainLimit bytes from r and closes
+// it. Any errors from the Read or Close are returned.
+func drainAndClose(r io.ReadCloser) (err error) {
+	_, readErr := io.CopyN(io.Discard, r, drainLimit)
+	if readErr == io.EOF {
+		readErr = nil
+	}
+	err = r.Close()
+	if readErr != nil {
+		return readErr
+	}
+	return err
+}
+
+// checkDrainAndClose is a utility function used to check the return
+// from drainAndClose in a defer statement.
+func checkDrainAndClose(r io.ReadCloser, err *error) {
+	cerr := drainAndClose(r)
+	if *err == nil {
+		*err = cerr
+	}
+}
+
 // DecodeJSON decodes resp.Body into result
 func DecodeJSON(resp *http.Response, result interface{}) (err error) {
-	defer fs.CheckClose(resp.Body, &err)
+	defer checkDrainAndClose(resp.Body, &err)
 	decoder := json.NewDecoder(resp.Body)
 	return decoder.Decode(result)
 }
 
 // DecodeXML decodes resp.Body into result
 func DecodeXML(resp *http.Response, result interface{}) (err error) {
-	defer fs.CheckClose(resp.Body, &err)
+	defer checkDrainAndClose(resp.Body, &err)
 	decoder := xml.NewDecoder(resp.Body)
 	// MEGAcmd has included escaped HTML entities in its XML output, so we have to be able to
 	// decode them.
@@ -239,6 +265,9 @@ func (api *Client) Call(ctx context.Context, opts *Opts) (resp *http.Response, e
 	if len(opts.TransferEncoding) != 0 {
 		req.TransferEncoding = opts.TransferEncoding
 	}
+	if opts.GetBody != nil {
+		req.GetBody = opts.GetBody
+	}
 	if opts.Trailer != nil {
 		req.Trailer = *opts.Trailer
 	}
@@ -246,10 +275,8 @@ func (api *Client) Call(ctx context.Context, opts *Opts) (resp *http.Response, e
 		req.Close = true
 	}
 	// Set any extra headers
-	if opts.ExtraHeaders != nil {
-		for k, v := range opts.ExtraHeaders {
-			headers[k] = v
-		}
+	for k, v := range opts.ExtraHeaders {
+		headers[k] = v
 	}
 	// add any options to the headers
 	fs.OpenOptionAddHeaders(opts.Options, headers)
@@ -300,7 +327,7 @@ func (api *Client) Call(ctx context.Context, opts *Opts) (resp *http.Response, e
 		}
 	}
 	if opts.NoResponse {
-		return resp, resp.Body.Close()
+		return resp, drainAndClose(resp.Body)
 	}
 	return resp, nil
 }
diff --git a/lib/structs/structs_test.go b/lib/structs/structs_test.go
index d9c3bc67833b1..7f742c5c99711 100644
--- a/lib/structs/structs_test.go
+++ b/lib/structs/structs_test.go
@@ -21,9 +21,7 @@ func TestSetDefaults(t *testing.T) {
 	// Check functions by comparing the "%p" representations of them
 	assert.Equal(t, ptr(old.Proxy), ptr(newT.Proxy), "when checking .Proxy")
 	assert.Equal(t, ptr(old.DialContext), ptr(newT.DialContext), "when checking .DialContext")
-	// Check the other public fields
-	assert.Equal(t, ptr(old.Dial), ptr(newT.Dial), "when checking .Dial")          //lint:ignore SA1019 newT.Dial has been deprecated since Go 1.7: Use DialContext instead, which allows the transport to cancel dials as soon as they are no longer needed. If both are set, DialContext takes priority.
-	assert.Equal(t, ptr(old.DialTLS), ptr(newT.DialTLS), "when checking .DialTLS") //lint:ignore SA1019 old.DialTLS has been deprecated since Go 1.14: Use DialTLSContext instead, which allows the transport to cancel dials as soon as they are no longer needed. If both are set, DialTLSContext takes priority.
+	assert.Equal(t, ptr(old.DialTLSContext), ptr(newT.DialTLSContext), "when checking .DialTLSContext")
 	assert.Equal(t, old.TLSClientConfig, newT.TLSClientConfig, "when checking .TLSClientConfig")
 	assert.Equal(t, old.TLSHandshakeTimeout, newT.TLSHandshakeTimeout, "when checking .TLSHandshakeTimeout")
 	assert.Equal(t, old.DisableKeepAlives, newT.DisableKeepAlives, "when checking .DisableKeepAlives")
diff --git a/lib/systemd/doc.go b/lib/systemd/doc.go
new file mode 100644
index 0000000000000..5786e65525cc6
--- /dev/null
+++ b/lib/systemd/doc.go
@@ -0,0 +1,2 @@
+// Package systemd contains utilities for communication with the systemd service manager.
+package systemd
diff --git a/lib/systemd/notify.go b/lib/systemd/notify.go
new file mode 100644
index 0000000000000..a185b71a613c8
--- /dev/null
+++ b/lib/systemd/notify.go
@@ -0,0 +1,32 @@
+package systemd
+
+import (
+	"log"
+	"sync"
+
+	sysdnotify "github.com/iguanesolutions/go-systemd/v5/notify"
+	"github.com/rclone/rclone/lib/atexit"
+)
+
+// Notify systemd that the service is starting. This returns a
+// function which should be called to notify that the service is
+// stopping. This function will be called on exit if the service exits
+// on a signal.
+func Notify() func() {
+	if err := sysdnotify.Ready(); err != nil {
+		log.Printf("failed to notify ready to systemd: %v", err)
+	}
+	var finaliseOnce sync.Once
+	finalise := func() {
+		finaliseOnce.Do(func() {
+			if err := sysdnotify.Stopping(); err != nil {
+				log.Printf("failed to notify stopping to systemd: %v", err)
+			}
+		})
+	}
+	finaliseHandle := atexit.Register(finalise)
+	return func() {
+		atexit.Unregister(finaliseHandle)
+		finalise()
+	}
+}
diff --git a/lib/terminal/terminal.go b/lib/terminal/terminal.go
index f933de7193ae0..e695dac70ed72 100644
--- a/lib/terminal/terminal.go
+++ b/lib/terminal/terminal.go
@@ -116,7 +116,7 @@ func Write(out []byte) {
 // This enables virtual terminal processing on Windows 10 console,
 // adding native support for VT100 escape codes. When this terminal
 // package is used for output, the result is that the colorable library
-// don't have to decode the escapes and explicitely write text with color
+// don't have to decode the escapes and explicitly write text with color
 // formatting to the console using Windows API functions, but can simply
 // relay everything to stdout.
 func EnableColorsStdout() {
diff --git a/librclone/README.md b/librclone/README.md
index 45d5228283077..3b80f9f98ba85 100644
--- a/librclone/README.md
+++ b/librclone/README.md
@@ -45,6 +45,14 @@ pointing to the fuse include directory within the WinFsp installation
 (typically `C:\Program Files (x86)\WinFsp\inc\fuse`). See also the
 [mount](/commands/rclone_mount/#installing-on-windows) documentation.
 
+On Windows, when you build a shared library, you can embed version information
+as binary resource. To do that you need to run the following command **before**
+the build command.
+
+```
+go run bin/resource_windows.go -binary librclone.dll -dir librclone
+```
+
 ### Documentation
 
 For documentation see the Go documentation for:
@@ -163,6 +171,29 @@ const char* input = "{"
 With C++11 you can use raw string literals to avoid the C++ escaping of string
 constants, leaving escaping only necessary for the contained JSON.
 
+## Example in golang
+
+Here is a go example to help you move files : 
+
+```go
+func main() {
+  librclone.Initialize()
+    syncRequest: = syncRequest {
+    SrcFs: "<absolute_path>",
+    DstFs: ":s3,env_auth=false,access_key_id=<access>,secret_access_key=<secret>,endpoint='<endpoint>':<bucket>",
+    }
+
+    syncRequestJSON, err: = json.Marshal(syncRequest)
+    if err != nil {
+    fmt.Println(err)
+    }
+		
+    out, status: = librclone.RPC("sync/copy", string(syncRequestJSON))
+    fmt.Println("Got status : %d and output %q", status, out)
+}
+
+```
+
 ## gomobile
 
 The `gomobile` subdirectory contains the equivalent of the C binding but
diff --git a/rclone.1 b/rclone.1
index ca3b343967f6c..347ad18463fa6 100644
--- a/rclone.1
+++ b/rclone.1
@@ -1,7 +1,7 @@
 .\"t
 .\" Automatically generated by Pandoc 2.9.2.1
 .\"
-.TH "rclone" "1" "Mar 14, 2023" "User Manual" ""
+.TH "rclone" "1" "Nov 26, 2023" "User Manual" ""
 .hy
 .SH Rclone syncs your files to cloud storage
 .PP
@@ -24,7 +24,7 @@ Donate. (https://rclone.org/donate/)
 Rclone is a command-line program to manage files on cloud storage.
 It is a feature-rich alternative to cloud vendors\[aq] web storage
 interfaces.
-Over 40 cloud storage products support rclone including S3 object
+Over 70 cloud storage products support rclone including S3 object
 stores, business & consumer file storage services, as well as standard
 transfer protocols.
 .PP
@@ -175,6 +175,8 @@ Dropbox
 .IP \[bu] 2
 Enterprise File Fabric
 .IP \[bu] 2
+Fastmail Files
+.IP \[bu] 2
 FTP
 .IP \[bu] 2
 Google Cloud Storage
@@ -203,8 +205,14 @@ IONOS Cloud
 .IP \[bu] 2
 Koofr
 .IP \[bu] 2
+Leviia Object Storage
+.IP \[bu] 2
 Liara Object Storage
 .IP \[bu] 2
+Linkbox
+.IP \[bu] 2
+Linode Object Storage
+.IP \[bu] 2
 Mail.ru Cloud
 .IP \[bu] 2
 Memset Memstore
@@ -215,6 +223,8 @@ Memory
 .IP \[bu] 2
 Microsoft Azure Blob Storage
 .IP \[bu] 2
+Microsoft Azure Files Storage
+.IP \[bu] 2
 Microsoft OneDrive
 .IP \[bu] 2
 Minio
@@ -223,6 +233,8 @@ Nextcloud
 .IP \[bu] 2
 OVH
 .IP \[bu] 2
+Blomp Cloud Storage
+.IP \[bu] 2
 OpenDrive
 .IP \[bu] 2
 OpenStack Swift
@@ -235,14 +247,22 @@ ownCloud
 .IP \[bu] 2
 pCloud
 .IP \[bu] 2
+Petabox
+.IP \[bu] 2
+PikPak
+.IP \[bu] 2
 premiumize.me
 .IP \[bu] 2
 put.io
 .IP \[bu] 2
+Proton Drive
+.IP \[bu] 2
 QingStor
 .IP \[bu] 2
 Qiniu Cloud Object Storage (Kodo)
 .IP \[bu] 2
+Quatrix by Maytech
+.IP \[bu] 2
 Rackspace Cloud Files
 .IP \[bu] 2
 rsync.net
@@ -265,6 +285,8 @@ StackPath
 .IP \[bu] 2
 Storj
 .IP \[bu] 2
+Synology
+.IP \[bu] 2
 SugarSync
 .IP \[bu] 2
 Tencent Cloud Object Storage (COS)
@@ -332,6 +354,9 @@ run \f[C]rclone -h\f[R].
 Already installed rclone can be easily updated to the latest version
 using the rclone
 selfupdate (https://rclone.org/commands/rclone_selfupdate/) command.
+.PP
+See the release signing docs (https://rclone.org/release_signing/) for
+how to verify signatures on the release.
 .SS Script installation
 .PP
 To install rclone on Linux/macOS/BSD systems, run:
@@ -413,6 +438,25 @@ Its current version is as below.
 .PP
 [IMAGE: Homebrew
 package (https://repology.org/badge/version-for-repo/homebrew/rclone.svg)] (https://repology.org/project/rclone/versions)
+.SS Installation with MacPorts (#macos-macports)
+.PP
+On macOS, rclone can also be installed via
+MacPorts (https://www.macports.org):
+.IP
+.nf
+\f[C]
+sudo port install rclone
+\f[R]
+.fi
+.PP
+Note that this is a third party installer not controlled by the rclone
+developers so it may be out of date.
+Its current version is as below.
+.PP
+[IMAGE: MacPorts
+port (https://repology.org/badge/version-for-repo/macports/rclone.svg)] (https://repology.org/project/rclone/versions)
+.PP
+More information here (https://ports.macports.org/port/rclone/).
 .SS Precompiled binary, using curl
 .PP
 To avoid problems with macOS gatekeeper enforcing the binary to be
@@ -524,12 +568,22 @@ comes pre-installed with the latest versions of Windows.
 If not, update the App
 Installer (https://www.microsoft.com/p/app-installer/9nblggh4nns1)
 package from the Microsoft store.
+.PP
+To install rclone
 .IP
 .nf
 \f[C]
 winget install Rclone.Rclone
 \f[R]
 .fi
+.PP
+To uninstall rclone
+.IP
+.nf
+\f[C]
+winget uninstall Rclone.Rclone --force
+\f[R]
+.fi
 .SS Chocolatey package manager
 .PP
 Make sure you have Choco (https://chocolatey.org/) installed
@@ -667,10 +721,16 @@ Here are some commands tested on an Ubuntu 18.04.3 host:
 # config on host at \[ti]/.config/rclone/rclone.conf
 # data on host at \[ti]/data
 
+# add a remote interactively
+docker run --rm -it \[rs]
+    --volume \[ti]/.config/rclone:/config/rclone \[rs]
+    --user $(id -u):$(id -g) \[rs]
+    rclone/rclone \[rs]
+    config
+
 # make sure the config is ok by listing the remotes
 docker run --rm \[rs]
     --volume \[ti]/.config/rclone:/config/rclone \[rs]
-    --volume \[ti]/data:/data:shared \[rs]
     --user $(id -u):$(id -g) \[rs]
     rclone/rclone \[rs]
     listremotes
@@ -689,10 +749,45 @@ ls \[ti]/data/mount
 kill %1
 \f[R]
 .fi
+.SS Snap installation
+.PP
+[IMAGE: Get it from the Snap
+Store (https://snapcraft.io/static/images/badges/en/snap-store-black.svg)] (https://snapcraft.io/rclone)
+.PP
+Make sure you have Snapd
+installed (https://snapcraft.io/docs/installing-snapd)
+.IP
+.nf
+\f[C]
+$ sudo snap install rclone
+\f[R]
+.fi
+.PP
+Due to the strict confinement of Snap, rclone snap cannot access real
+/home/$USER/.config/rclone directory, default config path is as below.
+.IP \[bu] 2
+Default config directory:
+.RS 2
+.IP \[bu] 2
+/home/$USER/snap/rclone/current/.config/rclone
+.RE
+.PP
+Note: Due to the strict confinement of Snap, \f[C]rclone mount\f[R]
+feature is \f[C]not\f[R] supported.
+.PP
+If mounting is wanted, either install a precompiled binary or enable the
+relevant option when installing from source.
+.PP
+Note that this is controlled by community
+maintainer (https://github.com/boukendesho/rclone-snap) not the rclone
+developers so it may be out of date.
+Its current version is as below.
+.PP
+[IMAGE: rclone (https://snapcraft.io/rclone/badge.svg)] (https://snapcraft.io/rclone)
 .SS Source installation
 .PP
 Make sure you have git and Go (https://golang.org/) installed.
-Go version 1.17 or newer is required, latest release is recommended.
+Go version 1.18 or newer is required, the latest release is recommended.
 You can get it from your package manager, or download it from
 golang.org/dl (https://golang.org/dl/).
 Then you can run the following:
@@ -735,19 +830,18 @@ by installing it in a MSYS2 (https://www.msys2.org) distribution (make
 sure you install it in the classic mingw64 subsystem, the ucrt64 version
 is not compatible).
 .PP
-Additionally, on Windows, you must install the third party utility
-WinFsp (https://winfsp.dev/), with the \[dq]Developer\[dq] feature
-selected.
+Additionally, to build with mount on Windows, you must install the third
+party utility WinFsp (https://winfsp.dev/), with the \[dq]Developer\[dq]
+feature selected.
 If building with cgo, you must also set environment variable CPATH
 pointing to the fuse include directory within the WinFsp installation
 (normally
 \f[C]C:\[rs]Program Files (x86)\[rs]WinFsp\[rs]inc\[rs]fuse\f[R]).
 .PP
-You may also add arguments \f[C]-ldflags -s\f[R] (with or without
-\f[C]-tags cmount\f[R]), to omit symbol table and debug information,
-making the executable file smaller, and \f[C]-trimpath\f[R] to remove
-references to local file system paths.
-This is how the official rclone releases are built.
+You may add arguments \f[C]-ldflags -s\f[R] to omit symbol table and
+debug information, making the executable file smaller, and
+\f[C]-trimpath\f[R] to remove references to local file system paths.
+The official rclone releases are built with both of these.
 .IP
 .nf
 \f[C]
@@ -755,13 +849,57 @@ go build -trimpath -ldflags -s -tags cmount
 \f[R]
 .fi
 .PP
+If you want to customize the version string, as reported by the
+\f[C]rclone version\f[R] command, you can set one of the variables
+\f[C]fs.Version\f[R], \f[C]fs.VersionTag\f[R] (to keep default suffix
+but customize the number), or \f[C]fs.VersionSuffix\f[R] (to keep
+default number but customize the suffix).
+This can be done from the build command, by adding to the
+\f[C]-ldflags\f[R] argument value as shown below.
+.IP
+.nf
+\f[C]
+go build -trimpath -ldflags \[dq]-s -X github.com/rclone/rclone/fs.Version=v9.9.9-test\[dq] -tags cmount
+\f[R]
+.fi
+.PP
+On Windows, the official executables also have the version information,
+as well as a file icon, embedded as binary resources.
+To get that with your own build you need to run the following command
+\f[B]before\f[R] the build command.
+It generates a Windows resource system object file, with extension
+\&.syso, e.g.
+\f[C]resource_windows_amd64.syso\f[R], that will be automatically picked
+up by future build commands.
+.IP
+.nf
+\f[C]
+go run bin/resource_windows.go
+\f[R]
+.fi
+.PP
+The above command will generate a resource file containing version
+information based on the fs.Version variable in source at the time you
+run the command, which means if the value of this variable changes you
+need to re-run the command for it to be reflected in the version
+information.
+Also, if you override this version variable in the build command as
+described above, you need to do that also when generating the resource
+file, or else it will still use the value from the source.
+.IP
+.nf
+\f[C]
+go run bin/resource_windows.go -version v9.9.9-test
+\f[R]
+.fi
+.PP
 Instead of executing the \f[C]go build\f[R] command directly, you can
 run it via the Makefile.
-It changes the version number suffix from \[dq]-DEV\[dq] to
-\[dq]-beta\[dq] and appends commit details.
-It also copies the resulting rclone executable into your GOPATH bin
-folder (\f[C]$(go env GOPATH)/bin\f[R], which corresponds to
-\f[C]\[ti]/go/bin/rclone\f[R] by default).
+The default target changes the version suffix from \[dq]-DEV\[dq] to
+\[dq]-beta\[dq] followed by additional commit details, embeds version
+information binary resources on Windows, and copies the resulting rclone
+executable into your GOPATH bin folder (\f[C]$(go env GOPATH)/bin\f[R],
+which corresponds to \f[C]\[ti]/go/bin/rclone\f[R] by default).
 .IP
 .nf
 \f[C]
@@ -778,37 +916,25 @@ make GOTAGS=cmount
 .fi
 .PP
 There are other make targets that can be used for more advanced builds,
-such as cross-compiling for all supported os/architectures, embedding
-icon and version info resources into windows executable, and packaging
-results into release artifacts.
+such as cross-compiling for all supported os/architectures, and
+packaging results into release artifacts.
 See Makefile (https://github.com/rclone/rclone/blob/master/Makefile) and
 cross-compile.go (https://github.com/rclone/rclone/blob/master/bin/cross-compile.go)
 for details.
 .PP
-Another alternative is to download the source, build and install rclone
-in one operation, as a regular Go package.
+Another alternative method for source installation is to download the
+source, build and install rclone - all in one operation, as a regular Go
+package.
 The source will be stored it in the Go module cache, and the resulting
 executable will be in your GOPATH bin folder
 (\f[C]$(go env GOPATH)/bin\f[R], which corresponds to
 \f[C]\[ti]/go/bin/rclone\f[R] by default).
-.PP
-With Go version 1.17 or newer:
 .IP
 .nf
 \f[C]
 go install github.com/rclone/rclone\[at]latest
 \f[R]
 .fi
-.PP
-With Go versions older than 1.17 (do \f[B]not\f[R] use the \f[C]-u\f[R]
-flag, it causes Go to try to update the dependencies that rclone uses
-and sometimes these don\[aq]t work with the current version):
-.IP
-.nf
-\f[C]
-go get github.com/rclone/rclone
-\f[R]
-.fi
 .SS Ansible installation
 .PP
 This can be done with Stefan Weichinger\[aq]s ansible
@@ -1008,7 +1134,7 @@ includes necessary runtime (.NET 5).
 WinSW is a command-line only utility, where you have to manually create
 an XML file with service configuration.
 This may be a drawback for some, but it can also be an advantage as it
-is easy to back up and re-use the configuration settings, without having
+is easy to back up and reuse the configuration settings, without having
 go through manual steps in a GUI.
 One thing to note is that by default it does not restart the service on
 error, one have to explicit enable this in the configuration file (via
@@ -1108,6 +1234,8 @@ Jottacloud (https://rclone.org/jottacloud/)
 .IP \[bu] 2
 Koofr (https://rclone.org/koofr/)
 .IP \[bu] 2
+Linkbox (https://rclone.org/linkbox/)
+.IP \[bu] 2
 Mail.ru Cloud (https://rclone.org/mailru/)
 .IP \[bu] 2
 Mega (https://rclone.org/mega/)
@@ -1116,9 +1244,11 @@ Memory (https://rclone.org/memory/)
 .IP \[bu] 2
 Microsoft Azure Blob Storage (https://rclone.org/azureblob/)
 .IP \[bu] 2
+Microsoft Azure Files Storage (https://rclone.org/azurefiles/)
+.IP \[bu] 2
 Microsoft OneDrive (https://rclone.org/onedrive/)
 .IP \[bu] 2
-OpenStack Swift / Rackspace Cloudfiles / Memset
+OpenStack Swift / Rackspace Cloudfiles / Blomp Cloud Storage / Memset
 Memstore (https://rclone.org/swift/)
 .IP \[bu] 2
 OpenDrive (https://rclone.org/opendrive/)
@@ -1127,12 +1257,18 @@ Oracle Object Storage (https://rclone.org/oracleobjectstorage/)
 .IP \[bu] 2
 Pcloud (https://rclone.org/pcloud/)
 .IP \[bu] 2
+PikPak (https://rclone.org/pikpak/)
+.IP \[bu] 2
 premiumize.me (https://rclone.org/premiumizeme/)
 .IP \[bu] 2
 put.io (https://rclone.org/putio/)
 .IP \[bu] 2
+Proton Drive (https://rclone.org/protondrive/)
+.IP \[bu] 2
 QingStor (https://rclone.org/qingstor/)
 .IP \[bu] 2
+Quatrix by Maytech (https://rclone.org/quatrix/)
+.IP \[bu] 2
 Seafile (https://rclone.org/seafile/)
 .IP \[bu] 2
 SFTP (https://rclone.org/sftp/)
@@ -1212,7 +1348,7 @@ rclone config [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1230,6 +1366,9 @@ Disconnects user from remote
 rclone config dump (https://rclone.org/commands/rclone_config_dump/) -
 Dump the config file as JSON.
 .IP \[bu] 2
+rclone config edit (https://rclone.org/commands/rclone_config_edit/) -
+Enter an interactive configuration session.
+.IP \[bu] 2
 rclone config file (https://rclone.org/commands/rclone_config_file/) -
 Show path of configuration file in use.
 .IP \[bu] 2
@@ -1248,6 +1387,11 @@ rclone config
 reconnect (https://rclone.org/commands/rclone_config_reconnect/) -
 Re-authenticates user with remote.
 .IP \[bu] 2
+rclone config
+redacted (https://rclone.org/commands/rclone_config_redacted/) - Print
+redacted (decrypted) config file, or the redacted config for a single
+remote.
+.IP \[bu] 2
 rclone config show (https://rclone.org/commands/rclone_config_show/) -
 Print (decrypted) config file, or the config for a single remote.
 .IP \[bu] 2
@@ -1360,10 +1504,100 @@ rclone copy source:path dest:path [flags]
   -h, --help                    help for copy
 \f[R]
 .fi
+.SS Copy Options
+.PP
+Flags for anything which can Copy a file.
+.IP
+.nf
+\f[C]
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don\[aq]t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don\[aq]t check the destination, copy regardless
+      --no-traverse                                 Don\[aq]t traverse destination file system on copy
+      --no-update-modtime                           Don\[aq]t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default \[dq].partial\[dq])
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+\f[R]
+.fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1432,10 +1666,119 @@ rclone sync source:path dest:path [flags]
   -h, --help                    help for sync
 \f[R]
 .fi
+.SS Copy Options
+.PP
+Flags for anything which can Copy a file.
+.IP
+.nf
+\f[C]
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don\[aq]t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don\[aq]t check the destination, copy regardless
+      --no-traverse                                 Don\[aq]t traverse destination file system on copy
+      --no-update-modtime                           Don\[aq]t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default \[dq].partial\[dq])
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+\f[R]
+.fi
+.SS Sync Options
+.PP
+Flags just used for \f[C]rclone sync\f[R].
+.IP
+.nf
+\f[C]
+      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default \[dq]hash\[dq])
+\f[R]
+.fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1489,10 +1832,100 @@ rclone move source:path dest:path [flags]
   -h, --help                    help for move
 \f[R]
 .fi
+.SS Copy Options
+.PP
+Flags for anything which can Copy a file.
+.IP
+.nf
+\f[C]
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don\[aq]t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don\[aq]t check the destination, copy regardless
+      --no-traverse                                 Don\[aq]t traverse destination file system on copy
+      --no-update-modtime                           Don\[aq]t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default \[dq].partial\[dq])
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+\f[R]
+.fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1554,10 +1987,61 @@ rclone delete remote:path [flags]
       --rmdirs   rmdirs removes empty directories but leaves root intact
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1590,10 +2074,21 @@ rclone purge remote:path [flags]
   -h, --help   help for purge
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1613,10 +2108,21 @@ rclone mkdir remote:path [flags]
   -h, --help   help for mkdir
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1647,10 +2153,21 @@ rclone rmdir remote:path [flags]
   -h, --help   help for rmdir
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1666,7 +2183,7 @@ It doesn\[aq]t alter the source or destination.
 .PP
 For the crypt (https://rclone.org/crypt/) remote there is a dedicated
 command, cryptcheck (https://rclone.org/commands/rclone_cryptcheck/),
-that are able to check the checksums of the crypted files.
+that are able to check the checksums of the encrypted files.
 .PP
 If you supply the \f[C]--size-only\f[R] flag, it will only compare the
 sizes not the hashes as well.
@@ -1714,6 +2231,10 @@ different.
 .IP \[bu] 2
 \f[C]! path\f[R] means there was an error reading or hashing the source
 or dest.
+.PP
+The default number of parallel checks is 8.
+See the --checkers=N (https://rclone.org/docs/#checkers-n) option for
+more information.
 .IP
 .nf
 \f[C]
@@ -1736,10 +2257,59 @@ rclone check source:path dest:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 \f[R]
 .fi
+.SS Check Options
+.PP
+Flags used for \f[C]rclone check\f[R].
+.IP
+.nf
+\f[C]
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1805,10 +2375,50 @@ rclone ls remote:path [flags]
   -h, --help   help for ls
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1890,10 +2500,50 @@ rclone lsd remote:path [flags]
   -R, --recursive   Recurse into the listing
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -1959,10 +2609,50 @@ rclone lsl remote:path [flags]
   -h, --help   help for lsl
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2005,10 +2695,50 @@ rclone md5sum remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2054,10 +2784,50 @@ rclone sha1sum remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2078,7 +2848,7 @@ Recurses by default, use \f[C]--max-depth 1\f[R] to stop the recursion.
 .PP
 Some backends do not always provide file sizes, see for example Google
 Photos (https://rclone.org/googlephotos/#size) and Google
-Drive (https://rclone.org/drive/#limitations-of-google-docs).
+Docs (https://rclone.org/drive/#limitations-of-google-docs).
 Rclone will then show a notice in the log indicating how many such files
 were encountered, and count them in as empty files in the output of the
 size command.
@@ -2096,10 +2866,50 @@ rclone size remote:path [flags]
       --json   Format output as JSON
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2173,7 +2983,7 @@ rclone version [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2198,10 +3008,21 @@ rclone cleanup remote:path [flags]
   -h, --help   help for cleanup
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2373,10 +3194,21 @@ rclone dedupe [mode] remote:path [flags]
   -h, --help                 help for dedupe
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2472,7 +3304,7 @@ rclone about remote: [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2509,7 +3341,7 @@ rclone authorize [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2576,10 +3408,21 @@ rclone backend <command> remote:path [opts] <args> [flags]
   -o, --option stringArray   Option in the form name=value or name
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2610,23 +3453,106 @@ rclone bisync remote1:path1 remote2:path2 [flags]
 .IP
 .nf
 \f[C]
-      --check-access            Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
-      --check-filename string   Filename for --check-access (default: RCLONE_TEST)
-      --check-sync string       Controls comparison of final listings: true|false|only (default: true) (default \[dq]true\[dq])
-      --filters-file string     Read filtering patterns from a file
-      --force                   Bypass --max-delete safety check and run the sync. Consider using with --verbose
-  -h, --help                    help for bisync
-      --localtime               Use local time in listings (default: UTC)
-      --no-cleanup              Retain working files (useful for troubleshooting and testing).
-      --remove-empty-dirs       Remove empty directories at the final cleanup step.
-  -1, --resync                  Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
-      --workdir string          Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+      --check-access              Ensure expected RCLONE_TEST files are found on both Path1 and Path2 filesystems, else abort.
+      --check-filename string     Filename for --check-access (default: RCLONE_TEST)
+      --check-sync string         Controls comparison of final listings: true|false|only (default: true) (default \[dq]true\[dq])
+      --create-empty-src-dirs     Sync creation and deletion of empty directories. (Not compatible with --remove-empty-dirs)
+      --filters-file string       Read filtering patterns from a file
+      --force                     Bypass --max-delete safety check and run the sync. Consider using with --verbose
+  -h, --help                      help for bisync
+      --ignore-listing-checksum   Do not use checksums for listings (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --localtime                 Use local time in listings (default: UTC)
+      --no-cleanup                Retain working files (useful for troubleshooting and testing).
+      --remove-empty-dirs         Remove ALL empty directories at the final cleanup step.
+      --resilient                 Allow future runs to retry after certain less-serious errors, instead of requiring --resync. Use at your own risk!
+  -1, --resync                    Performs the resync run. Path1 files may overwrite Path2 versions. Consider using --verbose or --dry-run first.
+      --workdir string            Use custom working dir - useful for testing. (default: $HOME/.cache/rclone/bisync)
+\f[R]
+.fi
+.SS Copy Options
+.PP
+Flags for anything which can Copy a file.
+.IP
+.nf
+\f[C]
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don\[aq]t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don\[aq]t check the destination, copy regardless
+      --no-traverse                                 Don\[aq]t traverse destination file system on copy
+      --no-update-modtime                           Don\[aq]t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default \[dq].partial\[dq])
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+\f[R]
+.fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 \f[R]
 .fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -2666,6 +3592,31 @@ Use the \f[C]--head\f[R] flag to print characters only at the start,
 \f[C]--count\f[R] to print a section in the middle.
 Note that if offset is negative it will count from the end, so
 \f[C]--offset -1 --count 1\f[R] is equivalent to \f[C]--tail 1\f[R].
+.PP
+Use the \f[C]--separator\f[R] flag to print a separator value between
+files.
+Be sure to shell-escape special characters.
+For example, to print a newline between files, use:
+.IP \[bu] 2
+bash:
+.RS 2
+.IP
+.nf
+\f[C]
+rclone --include \[dq]*.txt\[dq] --separator $\[aq]\[rs]n\[aq] cat remote:path/to/dir
+\f[R]
+.fi
+.RE
+.IP \[bu] 2
+powershell:
+.RS 2
+.IP
+.nf
+\f[C]
+rclone --include \[dq]*.txt\[dq] --separator \[dq]\[ga]n\[dq] cat remote:path/to/dir
+\f[R]
+.fi
+.RE
 .IP
 .nf
 \f[C]
@@ -2676,33 +3627,77 @@ rclone cat remote:path [flags]
 .IP
 .nf
 \f[C]
-      --count int    Only print N characters (default -1)
-      --discard      Discard the output instead of printing
-      --head int     Only print the first N characters
-  -h, --help         help for cat
-      --offset int   Start printing at offset N (or from end if -ve)
-      --tail int     Only print the last N characters
+      --count int          Only print N characters (default -1)
+      --discard            Discard the output instead of printing
+      --head int           Only print the first N characters
+  -h, --help               help for cat
+      --offset int         Start printing at offset N (or from end if -ve)
+      --separator string   Separator to use between objects when printing multiple files
+      --tail int           Only print the last N characters
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
 \f[R]
 .fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
 .SH rclone checksum
 .PP
-Checks the files in the source against a SUM file.
+Checks the files in the destination against a SUM file.
 .SS Synopsis
 .PP
-Checks that hashsums of source files match the SUM file.
+Checks that hashsums of destination files match the SUM file.
 It compares hashes (MD5, SHA1, etc) and logs a report of files which
 don\[aq]t match.
 It doesn\[aq]t alter the file system.
 .PP
+The sumfile is treated as the source and the dst:path is treated as the
+destination for the purposes of the output.
+.PP
 If you supply the \f[C]--download\f[R] flag, it will download the data
-from remote and calculate the contents hash on the fly.
+from the remote and calculate the content hash on the fly.
 This can be useful for remotes that don\[aq]t support hashes or if you
 really want to check all the data.
 .PP
@@ -2741,10 +3736,14 @@ different.
 .IP \[bu] 2
 \f[C]! path\f[R] means there was an error reading or hashing the source
 or dest.
+.PP
+The default number of parallel checks is 8.
+See the --checkers=N (https://rclone.org/docs/#checkers-n) option for
+more information.
 .IP
 .nf
 \f[C]
-rclone checksum <hash> sumfile src:path [flags]
+rclone checksum <hash> sumfile dst:path [flags]
 \f[R]
 .fi
 .SS Options
@@ -2762,21 +3761,60 @@ rclone checksum <hash> sumfile src:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
 .SH rclone completion
 .PP
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 .SS Synopsis
 .PP
-Generate the autocompletion script for rclone for the specified shell.
-See each sub-command\[aq]s help for details on how to use the generated
-script.
+Generates a shell completion script for rclone.
+Run with \f[C]--help\f[R] to list the supported shells.
 .SS Options
 .IP
 .nf
@@ -2787,131 +3825,127 @@ script.
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
 .IP \[bu] 2
 rclone completion
-bash (https://rclone.org/commands/rclone_completion_bash/) - Generate
-the autocompletion script for bash
+bash (https://rclone.org/commands/rclone_completion_bash/) - Output bash
+completion script for rclone.
 .IP \[bu] 2
 rclone completion
-fish (https://rclone.org/commands/rclone_completion_fish/) - Generate
-the autocompletion script for fish
+fish (https://rclone.org/commands/rclone_completion_fish/) - Output fish
+completion script for rclone.
 .IP \[bu] 2
 rclone completion
 powershell (https://rclone.org/commands/rclone_completion_powershell/) -
-Generate the autocompletion script for powershell
+Output powershell completion script for rclone.
 .IP \[bu] 2
 rclone completion
-zsh (https://rclone.org/commands/rclone_completion_zsh/) - Generate the
-autocompletion script for zsh
+zsh (https://rclone.org/commands/rclone_completion_zsh/) - Output zsh
+completion script for rclone.
 .SH rclone completion bash
 .PP
-Generate the autocompletion script for bash
+Output bash completion script for rclone.
 .SS Synopsis
 .PP
-Generate the autocompletion script for the bash shell.
-.PP
-This script depends on the \[aq]bash-completion\[aq] package.
-If it is not installed already, you can install it via your OS\[aq]s
-package manager.
+Generates a bash shell autocompletion script for rclone.
 .PP
-To load completions in your current shell session:
+This writes to /etc/bash_completion.d/rclone by default so will probably
+need to be run with sudo or as root, e.g.
 .IP
 .nf
 \f[C]
-source <(rclone completion bash)
+sudo rclone genautocomplete bash
 \f[R]
 .fi
 .PP
-To load completions for every new session, execute once:
-.SS Linux:
-.IP
-.nf
-\f[C]
-rclone completion bash > /etc/bash_completion.d/rclone
-\f[R]
-.fi
-.SS macOS:
+Logout and login again to use the autocompletion scripts, or source them
+directly
 .IP
 .nf
 \f[C]
-rclone completion bash > $(brew --prefix)/etc/bash_completion.d/rclone
+\&. /etc/bash_completion
 \f[R]
 .fi
 .PP
-You will need to start a new shell for this setup to take effect.
+If you supply a command line argument the script will be written there.
+.PP
+If output_file is \[dq]-\[dq], then the output will be written to
+stdout.
 .IP
 .nf
 \f[C]
-rclone completion bash
+rclone completion bash [output_file] [flags]
 \f[R]
 .fi
 .SS Options
 .IP
 .nf
 \f[C]
-  -h, --help              help for bash
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for bash
 \f[R]
 .fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone completion (https://rclone.org/commands/rclone_completion/) -
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 .SH rclone completion fish
 .PP
-Generate the autocompletion script for fish
+Output fish completion script for rclone.
 .SS Synopsis
 .PP
-Generate the autocompletion script for the fish shell.
+Generates a fish autocompletion script for rclone.
 .PP
-To load completions in your current shell session:
+This writes to /etc/fish/completions/rclone.fish by default so will
+probably need to be run with sudo or as root, e.g.
 .IP
 .nf
 \f[C]
-rclone completion fish | source
+sudo rclone genautocomplete fish
 \f[R]
 .fi
 .PP
-To load completions for every new session, execute once:
+Logout and login again to use the autocompletion scripts, or source them
+directly
 .IP
 .nf
 \f[C]
-rclone completion fish > \[ti]/.config/fish/completions/rclone.fish
+\&. /etc/fish/completions/rclone.fish
 \f[R]
 .fi
 .PP
-You will need to start a new shell for this setup to take effect.
+If you supply a command line argument the script will be written there.
+.PP
+If output_file is \[dq]-\[dq], then the output will be written to
+stdout.
 .IP
 .nf
 \f[C]
-rclone completion fish [flags]
+rclone completion fish [output_file] [flags]
 \f[R]
 .fi
 .SS Options
 .IP
 .nf
 \f[C]
-  -h, --help              help for fish
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for fish
 \f[R]
 .fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone completion (https://rclone.org/commands/rclone_completion/) -
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 .SH rclone completion powershell
 .PP
-Generate the autocompletion script for powershell
+Output powershell completion script for rclone.
 .SS Synopsis
 .PP
 Generate the autocompletion script for powershell.
@@ -2926,90 +3960,78 @@ rclone completion powershell | Out-String | Invoke-Expression
 .PP
 To load completions for every new session, add the output of the above
 command to your powershell profile.
+.PP
+If output_file is \[dq]-\[dq] or missing, then the output will be
+written to stdout.
 .IP
 .nf
 \f[C]
-rclone completion powershell [flags]
+rclone completion powershell [output_file] [flags]
 \f[R]
 .fi
 .SS Options
 .IP
 .nf
 \f[C]
-  -h, --help              help for powershell
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for powershell
 \f[R]
 .fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone completion (https://rclone.org/commands/rclone_completion/) -
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 .SH rclone completion zsh
 .PP
-Generate the autocompletion script for zsh
+Output zsh completion script for rclone.
 .SS Synopsis
 .PP
-Generate the autocompletion script for the zsh shell.
+Generates a zsh autocompletion script for rclone.
 .PP
-If shell completion is not already enabled in your environment you will
-need to enable it.
-You can execute the following once:
+This writes to /usr/share/zsh/vendor-completions/_rclone by default so
+will probably need to be run with sudo or as root, e.g.
 .IP
 .nf
 \f[C]
-echo \[dq]autoload -U compinit; compinit\[dq] >> \[ti]/.zshrc
+sudo rclone genautocomplete zsh
 \f[R]
 .fi
 .PP
-To load completions in your current shell session:
+Logout and login again to use the autocompletion scripts, or source them
+directly
 .IP
 .nf
 \f[C]
-source <(rclone completion zsh); compdef _rclone rclone
+autoload -U compinit && compinit
 \f[R]
 .fi
 .PP
-To load completions for every new session, execute once:
-.SS Linux:
-.IP
-.nf
-\f[C]
-rclone completion zsh > \[dq]${fpath[1]}/_rclone\[dq]
-\f[R]
-.fi
-.SS macOS:
-.IP
-.nf
-\f[C]
-rclone completion zsh > $(brew --prefix)/share/zsh/site-functions/_rclone
-\f[R]
-.fi
+If you supply a command line argument the script will be written there.
 .PP
-You will need to start a new shell for this setup to take effect.
+If output_file is \[dq]-\[dq], then the output will be written to
+stdout.
 .IP
 .nf
 \f[C]
-rclone completion zsh [flags]
+rclone completion zsh [output_file] [flags]
 \f[R]
 .fi
 .SS Options
 .IP
 .nf
 \f[C]
-  -h, --help              help for zsh
-      --no-descriptions   disable completion descriptions
+  -h, --help   help for zsh
 \f[R]
 .fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone completion (https://rclone.org/commands/rclone_completion/) -
-Generate the autocompletion script for the specified shell
+Output completion script for a given shell.
 .SH rclone config create
 .PP
 Create a new remote with name, type and options.
@@ -3171,7 +4193,7 @@ rclone config create name type [key value]* [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3194,7 +4216,7 @@ rclone config delete name [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3224,7 +4246,7 @@ rclone config disconnect remote: [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3247,14 +4269,14 @@ rclone config dump [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
 .SH rclone config edit
 .PP
 Enter an interactive configuration session.
-.SH Synopsis
+.SS Synopsis
 .PP
 Enter an interactive configuration session where you can setup new
 remotes and manage existing ones.
@@ -3265,7 +4287,7 @@ You may also set or remove a password to protect your configuration.
 rclone config edit [flags]
 \f[R]
 .fi
-.SH Options
+.SS Options
 .IP
 .nf
 \f[C]
@@ -3298,7 +4320,7 @@ rclone config file [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3339,7 +4361,7 @@ rclone config password name [key value]+ [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3362,7 +4384,7 @@ rclone config paths [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3385,7 +4407,7 @@ rclone config providers [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3415,7 +4437,43 @@ rclone config reconnect remote: [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
+.IP \[bu] 2
+rclone config (https://rclone.org/commands/rclone_config/) - Enter an
+interactive configuration session.
+.SH rclone config redacted
+.PP
+Print redacted (decrypted) config file, or the redacted config for a
+single remote.
+.SS Synopsis
+.PP
+This prints a redacted copy of the config file, either the whole config
+file or for a given remote.
+.PP
+The config file will be redacted by replacing all passwords and other
+sensitive info with XXX.
+.PP
+This makes the config file suitable for posting online for support.
+.PP
+It should be double checked before posting as the redaction may not be
+perfect.
+.IP
+.nf
+\f[C]
+rclone config redacted [<remote>] [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+  -h, --help   help for redacted
+\f[R]
+.fi
+.PP
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3438,7 +4496,7 @@ rclone config show [<remote>] [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3461,7 +4519,7 @@ rclone config touch [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3626,7 +4684,7 @@ rclone config update name [key value]+ [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3654,7 +4712,7 @@ rclone config userinfo remote: [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone config (https://rclone.org/commands/rclone_config/) - Enter an
 interactive configuration session.
@@ -3713,10 +4771,100 @@ rclone copyto source:path dest:path [flags]
   -h, --help   help for copyto
 \f[R]
 .fi
+.SS Copy Options
+.PP
+Flags for anything which can Copy a file.
+.IP
+.nf
+\f[C]
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don\[aq]t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don\[aq]t check the destination, copy regardless
+      --no-traverse                                 Don\[aq]t traverse destination file system on copy
+      --no-update-modtime                           Don\[aq]t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default \[dq].partial\[dq])
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+\f[R]
+.fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -3760,23 +4908,34 @@ rclone copyurl https://example.com dest:path [flags]
       --stdout            Write the output to stdout rather than a file
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
 .SH rclone cryptcheck
 .PP
-Cryptcheck checks the integrity of a crypted remote.
+Cryptcheck checks the integrity of an encrypted remote.
 .SS Synopsis
 .PP
 rclone cryptcheck checks a remote against a
 crypted (https://rclone.org/crypt/) remote.
 This is the equivalent of running rclone
 check (https://rclone.org/commands/rclone_check/), but able to check the
-checksums of the crypted remote.
+checksums of the encrypted remote.
 .PP
 For it to work the underlying remote of the cryptedremote must support
 some kind of checksum.
@@ -3838,6 +4997,10 @@ different.
 .IP \[bu] 2
 \f[C]! path\f[R] means there was an error reading or hashing the source
 or dest.
+.PP
+The default number of parallel checks is 8.
+See the --checkers=N (https://rclone.org/docs/#checkers-n) option for
+more information.
 .IP
 .nf
 \f[C]
@@ -3858,10 +5021,59 @@ rclone cryptcheck remote:path cryptedremote:path [flags]
       --one-way                 Check one way only, source files must exist on remote
 \f[R]
 .fi
+.SS Check Options
+.PP
+Flags used for \f[C]rclone check\f[R].
+.IP
+.nf
+\f[C]
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -3908,7 +5120,7 @@ rclone cryptdecode encryptedremote: encryptedfilename [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -3934,21 +5146,32 @@ rclone deletefile remote:path [flags]
   -h, --help   help for deletefile
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
 .SH rclone genautocomplete
 .PP
 Output completion script for a given shell.
-.SS Synopsis
+.SH Synopsis
 .PP
 Generates a shell completion script for rclone.
 Run with \f[C]--help\f[R] to list the supported shells.
-.SS Options
+.SH Options
 .IP
 .nf
 \f[C]
@@ -3958,7 +5181,7 @@ Run with \f[C]--help\f[R] to list the supported shells.
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -3977,7 +5200,7 @@ zsh completion script for rclone.
 .SH rclone genautocomplete bash
 .PP
 Output bash completion script for rclone.
-.SS Synopsis
+.SH Synopsis
 .PP
 Generates a bash shell autocompletion script for rclone.
 .PP
@@ -4009,7 +5232,7 @@ stdout.
 rclone genautocomplete bash [output_file] [flags]
 \f[R]
 .fi
-.SS Options
+.SH Options
 .IP
 .nf
 \f[C]
@@ -4019,7 +5242,7 @@ rclone genautocomplete bash [output_file] [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone
 genautocomplete (https://rclone.org/commands/rclone_genautocomplete/) -
@@ -4027,7 +5250,7 @@ Output completion script for a given shell.
 .SH rclone genautocomplete fish
 .PP
 Output fish completion script for rclone.
-.SS Synopsis
+.SH Synopsis
 .PP
 Generates a fish autocompletion script for rclone.
 .PP
@@ -4059,7 +5282,7 @@ stdout.
 rclone genautocomplete fish [output_file] [flags]
 \f[R]
 .fi
-.SS Options
+.SH Options
 .IP
 .nf
 \f[C]
@@ -4069,7 +5292,7 @@ rclone genautocomplete fish [output_file] [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone
 genautocomplete (https://rclone.org/commands/rclone_genautocomplete/) -
@@ -4077,7 +5300,7 @@ Output completion script for a given shell.
 .SH rclone genautocomplete zsh
 .PP
 Output zsh completion script for rclone.
-.SS Synopsis
+.SH Synopsis
 .PP
 Generates a zsh autocompletion script for rclone.
 .PP
@@ -4109,7 +5332,7 @@ stdout.
 rclone genautocomplete zsh [output_file] [flags]
 \f[R]
 .fi
-.SS Options
+.SH Options
 .IP
 .nf
 \f[C]
@@ -4119,7 +5342,7 @@ rclone genautocomplete zsh [output_file] [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone
 genautocomplete (https://rclone.org/commands/rclone_genautocomplete/) -
@@ -4149,7 +5372,7 @@ rclone gendocs output_directory [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -4187,10 +5410,6 @@ Supported hashes are:
   * whirlpool
   * crc32
   * sha256
-  * dropbox
-  * hidrive
-  * mailru
-  * quickxor
 \f[R]
 .fi
 .PP
@@ -4207,7 +5426,7 @@ case.
 .IP
 .nf
 \f[C]
-rclone hashsum <hash> remote:path [flags]
+rclone hashsum [<hash> remote:path] [flags]
 \f[R]
 .fi
 .SS Options
@@ -4221,10 +5440,50 @@ rclone hashsum <hash> remote:path [flags]
       --output-file string   Output hashsums to a file rather than the terminal
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -4277,13 +5536,14 @@ rclone link remote:path [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
 .SH rclone listremotes
 .PP
-List all the remotes in the config file.
+List all the remotes in the config file and defined in environment
+variables.
 .SS Synopsis
 .PP
 rclone listremotes lists all the available remotes from the config file.
@@ -4306,7 +5566,7 @@ rclone listremotes [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -4496,10 +5756,50 @@ rclone lsf remote:path [flags]
   -s, --separator string   Separator for the items in the format (default \[dq];\[dq])
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -4649,10 +5949,50 @@ rclone lsjson remote:path [flags]
       --stat                    Just return the info for the pointed to file
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -4991,13 +6331,39 @@ Note that mapping to a directory path, instead of a drive letter, does
 not suffer from the same limitations.
 .SS Mounting on macOS
 .PP
-Mounting on macOS can be done either via
+Mounting on macOS can be done either via built-in NFS
+server (https://rclone.org/commands/rclone_serve_nfs/),
 macFUSE (https://osxfuse.github.io/) (also known as osxfuse) or
 FUSE-T (https://www.fuse-t.org/).
 macFUSE is a traditional FUSE driver utilizing a macOS kernel extension
 (kext).
 FUSE-T is an alternative FUSE system which \[dq]mounts\[dq] via an NFSv4
 local server.
+.SH NFS mount
+.PP
+This method spins up an NFS server using serve
+nfs (https://rclone.org/commands/rclone_serve_nfs/) command and mounts
+it to the specified mountpoint.
+If you run this in background mode using |--daemon|, you will need to
+send SIGTERM signal to the rclone process using |kill| command to stop
+the mount.
+.SS macFUSE Notes
+.PP
+If installing macFUSE using dmg
+packages (https://github.com/osxfuse/osxfuse/releases) from the website,
+rclone will locate the macFUSE libraries without any further
+intervention.
+If however, macFUSE is installed using the
+macports (https://www.macports.org/) package manager, the following
+addition steps are required.
+.IP
+.nf
+\f[C]
+sudo mkdir /usr/local/lib
+cd /usr/local/lib
+sudo ln -s /opt/local/lib/libfuse.2.dylib
+\f[R]
+.fi
 .SS FUSE-T Limitations, Caveats, and Notes
 .PP
 There are some limitations, caveats, and notes about how it works.
@@ -5045,6 +6411,8 @@ This means that many applications won\[aq]t work with their files on an
 rclone mount without \f[C]--vfs-cache-mode writes\f[R] or
 \f[C]--vfs-cache-mode full\f[R].
 See the VFS File Caching section for more info.
+When using NFS mount on macOS, if you don\[aq]t specify
+|--vfs-cache-mode| the mount point will be read-only.
 .PP
 The bucket-based remotes (e.g.
 Swift, S3, Google Compute Storage, B2) do not support the concept of
@@ -5159,12 +6527,12 @@ or create systemd mount units:
 \f[C]
 # /etc/systemd/system/mnt-data.mount
 [Unit]
-After=network-online.target
+Description=Mount for /mnt/data
 [Mount]
 Type=rclone
 What=sftp1:subdir
 Where=/mnt/data
-Options=rw,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
+Options=rw,_netdev,allow_other,args2env,vfs-cache-mode=writes,config=/etc/rclone.conf,cache-dir=/var/rclone
 \f[R]
 .fi
 .PP
@@ -5174,8 +6542,7 @@ optionally accompanied by systemd automount unit
 \f[C]
 # /etc/systemd/system/mnt-data.automount
 [Unit]
-After=network-online.target
-Before=remote-fs.target
+Description=AutoMount for /mnt/data
 [Automount]
 Where=/mnt/data
 TimeoutIdleSec=600
@@ -5227,7 +6594,7 @@ This allows to hide secrets from such commands as \f[C]ps\f[R] or
 standard mount options like \f[C]x-systemd.automount\f[R],
 \f[C]_netdev\f[R], \f[C]nosuid\f[R] and alike are intended only for
 Automountd and ignored by rclone.
-.SS VFS - Virtual File System
+## VFS - Virtual File System
 .PP
 This command uses the VFS layer.
 This adapts the cloud storage objects that rclone uses into something
@@ -5322,12 +6689,13 @@ find that you need one or the other or both.
 .IP
 .nf
 \f[C]
---cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
@@ -5347,11 +6715,27 @@ seconds.
 If rclone is quit or dies with files that haven\[aq]t been uploaded,
 these will be uploaded next time rclone is run with the same flags.
 .PP
-If using \f[C]--vfs-cache-max-size\f[R] note that the cache may exceed
-this size for two reasons.
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
 Firstly because it is only checked every
 \f[C]--vfs-cache-poll-interval\f[R].
 Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
 .PP
 You \f[B]should not\f[R] run two copies of rclone using the same VFS
 cache with the same or overlapping remotes if using
@@ -5647,6 +7031,7 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for mount
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don\[aq]t compare checksums on up/download
       --no-modtime                             Don\[aq]t read/write the modification time (can speed things up)
@@ -5658,8 +7043,9 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -5669,6 +7055,7 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
@@ -5676,10 +7063,40 @@ rclone mount remote:path /path/to/mountpoint [flags]
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -5741,10 +7158,100 @@ rclone moveto source:path dest:path [flags]
   -h, --help   help for moveto
 \f[R]
 .fi
+.SS Copy Options
+.PP
+Flags for anything which can Copy a file.
+.IP
+.nf
+\f[C]
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don\[aq]t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don\[aq]t check the destination, copy regardless
+      --no-traverse                                 Don\[aq]t traverse destination file system on copy
+      --no-update-modtime                           Don\[aq]t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default \[dq].partial\[dq])
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
+\f[R]
+.fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -5785,6 +7292,7 @@ The supported keys are:
  y copy current path to clipboard
  Y display current path
  \[ha]L refresh screen (fix screen corruption)
+ r recalculate file sizes
  ? to toggle help on and off
  q/ESC/\[ha]c to quit
 \f[R]
@@ -5834,10 +7342,50 @@ rclone ncdu remote:path [flags]
   -h, --help   help for ncdu
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
+.PP
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -5890,7 +7438,7 @@ rclone obscure password [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -5998,7 +7546,7 @@ rclone rc commands parameter [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -6041,10 +7589,12 @@ support streaming.
 If the size of the stream is different in length to the \f[C]--size\f[R]
 passed in then the transfer will likely fail.
 .PP
-Note that the upload can also not be retried because the data is not
-kept around until the upload succeeds.
-If you need to transfer a lot of data, you\[aq]re better off caching
-locally and then \f[C]rclone move\f[R] it to the destination.
+Note that the upload cannot be retried because the data is not stored.
+If the backend supports multipart uploading then individual chunks can
+be retried.
+If you need to transfer a lot of data, you may be better off caching it
+locally and then \f[C]rclone move\f[R] it to the destination which can
+use retries.
 .IP
 .nf
 \f[C]
@@ -6059,10 +7609,21 @@ rclone rcat remote:path [flags]
       --size int   File size hint to preallocate (default -1)
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -6083,61 +7644,63 @@ See the rc documentation (https://rclone.org/rc/) for more info on the
 rc flags.
 .SS Server options
 .PP
-Use \f[C]--addr\f[R] to specify which IP address and port the server
-should listen on, eg \f[C]--addr 1.2.3.4:8000\f[R] or
-\f[C]--addr :8080\f[R] to listen to all IPs.
+Use \f[C]--rc-addr\f[R] to specify which IP address and port the server
+should listen on, eg \f[C]--rc-addr 1.2.3.4:8000\f[R] or
+\f[C]--rc-addr :8080\f[R] to listen to all IPs.
 By default it only listens on localhost.
 You can use port :0 to let the OS choose an available port.
 .PP
-If you set \f[C]--addr\f[R] to listen on a public or LAN accessible IP
-address then using Authentication is advised - see the next section for
-info.
+If you set \f[C]--rc-addr\f[R] to listen on a public or LAN accessible
+IP address then using Authentication is advised - see the next section
+for info.
 .PP
 You can use a unix socket by setting the url to
 \f[C]unix:///path/to/socket\f[R] or just by using an absolute path name.
 Note that unix sockets bypass the authentication - this is expected to
 be done with file system permissions.
 .PP
-\f[C]--addr\f[R] may be repeated to listen on multiple
+\f[C]--rc-addr\f[R] may be repeated to listen on multiple
 IPs/ports/sockets.
 .PP
-\f[C]--server-read-timeout\f[R] and \f[C]--server-write-timeout\f[R] can
-be used to control the timeouts on the server.
+\f[C]--rc-server-read-timeout\f[R] and
+\f[C]--rc-server-write-timeout\f[R] can be used to control the timeouts
+on the server.
 Note that this is the total time for a transfer.
 .PP
-\f[C]--max-header-bytes\f[R] controls the maximum number of bytes the
+\f[C]--rc-max-header-bytes\f[R] controls the maximum number of bytes the
 server will accept in the HTTP header.
 .PP
-\f[C]--baseurl\f[R] controls the URL prefix that rclone serves from.
+\f[C]--rc-baseurl\f[R] controls the URL prefix that rclone serves from.
 By default rclone will serve from the root.
-If you used \f[C]--baseurl \[dq]/rclone\[dq]\f[R] then rclone would
+If you used \f[C]--rc-baseurl \[dq]/rclone\[dq]\f[R] then rclone would
 serve from a URL starting with \[dq]/rclone/\[dq].
 This is useful if you wish to proxy rclone serve.
 Rclone automatically inserts leading and trailing \[dq]/\[dq] on
-\f[C]--baseurl\f[R], so \f[C]--baseurl \[dq]rclone\[dq]\f[R],
-\f[C]--baseurl \[dq]/rclone\[dq]\f[R] and
-\f[C]--baseurl \[dq]/rclone/\[dq]\f[R] are all treated identically.
+\f[C]--rc-baseurl\f[R], so \f[C]--rc-baseurl \[dq]rclone\[dq]\f[R],
+\f[C]--rc-baseurl \[dq]/rclone\[dq]\f[R] and
+\f[C]--rc-baseurl \[dq]/rclone/\[dq]\f[R] are all treated identically.
 .SS TLS (SSL)
 .PP
 By default this will serve over http.
 If you want you can serve over https.
-You will need to supply the \f[C]--cert\f[R] and \f[C]--key\f[R] flags.
+You will need to supply the \f[C]--rc-cert\f[R] and \f[C]--rc-key\f[R]
+flags.
 If you wish to do client side certificate validation then you will need
-to supply \f[C]--client-ca\f[R] also.
+to supply \f[C]--rc-client-ca\f[R] also.
 .PP
-\f[C]--cert\f[R] should be a either a PEM encoded certificate or a
+\f[C]--rc-cert\f[R] should be a either a PEM encoded certificate or a
 concatenation of that with the CA certificate.
-\f[C]--key\f[R] should be the PEM encoded private key and
-\f[C]--client-ca\f[R] should be the PEM encoded client certificate
+\f[C]--krc-ey\f[R] should be the PEM encoded private key and
+\f[C]--rc-client-ca\f[R] should be the PEM encoded client certificate
 authority certificate.
 .PP
---min-tls-version is minimum TLS version that is acceptable.
+--rc-min-tls-version is minimum TLS version that is acceptable.
 Valid values are \[dq]tls1.0\[dq], \[dq]tls1.1\[dq], \[dq]tls1.2\[dq]
 and \[dq]tls1.3\[dq] (default \[dq]tls1.0\[dq]).
 .SS Template
 .PP
-\f[C]--template\f[R] allows a user to specify a custom markup template
-for HTTP and WebDAV serve functions.
+\f[C]--rc-template\f[R] allows a user to specify a custom markup
+template for HTTP and WebDAV serve functions.
 The server exports the following markup to be used within the template
 to server pages:
 .PP
@@ -6232,15 +7795,57 @@ T}@T{
 The UTC timestamp of an entry.
 T}
 .TE
+.PP
+The server also makes the following functions available so that they can
+be used within the template.
+These functions help extend the options for dynamic rendering of HTML.
+They can be used to render HTML based on specific conditions.
+.PP
+.TS
+tab(@);
+lw(35.0n) lw(35.0n).
+T{
+Function
+T}@T{
+Description
+T}
+_
+T{
+afterEpoch
+T}@T{
+Returns the time since the epoch for the given time.
+T}
+T{
+contains
+T}@T{
+Checks whether a given substring is present or not in a given string.
+T}
+T{
+hasPrefix
+T}@T{
+Checks whether the given string begins with the specified prefix.
+T}
+T{
+hasSuffix
+T}@T{
+Checks whether the given string end with the specified suffix.
+T}
+.TE
 .SS Authentication
 .PP
 By default this will serve files without needing a login.
 .PP
 You can either use an htpasswd file which can take lots of users, or set
-a single username and password with the \f[C]--user\f[R] and
-\f[C]--pass\f[R] flags.
+a single username and password with the \f[C]--rc-user\f[R] and
+\f[C]--rc-pass\f[R] flags.
 .PP
-Use \f[C]--htpasswd /path/to/htpasswd\f[R] to provide an htpasswd file.
+If no static users are configured by either of the above methods, and
+client certificates are required by the \f[C]--client-ca\f[R] flag
+passed to the server, the client certificate common name will be
+considered as the username.
+.PP
+Use \f[C]--rc-htpasswd /path/to/htpasswd\f[R] to provide an htpasswd
+file.
 This is in standard apache format and supports MD5, SHA1 and BCrypt for
 basic authentication.
 Bcrypt is recommended.
@@ -6257,9 +7862,9 @@ htpasswd -B htpasswd anotherUser
 .PP
 The password file can be updated while rclone is running.
 .PP
-Use \f[C]--realm\f[R] to set the authentication realm.
+Use \f[C]--rc-realm\f[R] to set the authentication realm.
 .PP
-Use \f[C]--salt\f[R] to change the password hashing salt from the
+Use \f[C]--rc-salt\f[R] to change the password hashing salt from the
 default.
 .IP
 .nf
@@ -6274,10 +7879,46 @@ rclone rcd <path to files to serve>* [flags]
   -h, --help   help for rcd
 \f[R]
 .fi
+.SS RC Options
+.PP
+Flags to control the Remote Control API.
+.IP
+.nf
+\f[C]
+      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default \[dq]tls1.0\[dq])
+      --rc-no-auth                         Don\[aq]t require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default \[dq]dlPL2MqE\[dq])
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default \[dq]https://api.github.com/repos/rclone/rclone-webui-react/releases/latest\[dq])
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don\[aq]t open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -6300,7 +7941,10 @@ For example the delete (https://rclone.org/commands/rclone_delete/)
 command will delete files but leave the directory structure (unless used
 with option \f[C]--rmdirs\f[R]).
 .PP
-To delete a path and any objects in it, use
+This will delete \f[C]--checkers\f[R] directories concurrently so if you
+have thousands of empty directories consider increasing this number.
+.PP
+To delete a path and any objects in it, use the
 purge (https://rclone.org/commands/rclone_purge/) command.
 .IP
 .nf
@@ -6316,10 +7960,21 @@ rclone rmdirs remote:path [flags]
       --leave-root   Do not remove root directory if empty
 \f[R]
 .fi
+.SS Important Options
+.PP
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -6331,7 +7986,8 @@ Update the rclone binary.
 This command downloads the latest release of rclone and replaces the
 currently running binary.
 The download is verified with a hashsum and cryptographically signed
-signature.
+signature; see the release signing
+docs (https://rclone.org/release_signing/) for details.
 .PP
 If used without flags (or with implied \f[C]--stable\f[R] flag), this
 command will install the latest stable release.
@@ -6376,9 +8032,8 @@ This command with the default \f[C]--package zip\f[R] will update only
 the rclone executable so the local manual may become inaccurate after
 it.
 .PP
-The \f[C]rclone mount\f[R] command
-(https://rclone.org/commands/rclone_mount/) may or may not support
-extended FUSE options depending on the build and OS.
+The rclone mount (https://rclone.org/commands/rclone_mount/) command may
+or may not support extended FUSE options depending on the build and OS.
 \f[C]selfupdate\f[R] will refuse to update if the capability would be
 discarded.
 .PP
@@ -6414,7 +8069,7 @@ rclone selfupdate [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -6449,7 +8104,7 @@ rclone serve <protocol> [opts] <remote> [flags]
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone (https://rclone.org/commands/rclone/) - Show help for rclone
 commands, flags and backends.
@@ -6466,9 +8121,15 @@ remote:path over FTP.
 rclone serve http (https://rclone.org/commands/rclone_serve_http/) -
 Serve the remote over HTTP.
 .IP \[bu] 2
+rclone serve nfs (https://rclone.org/commands/rclone_serve_nfs/) - Serve
+the remote as an NFS mount
+.IP \[bu] 2
 rclone serve restic (https://rclone.org/commands/rclone_serve_restic/) -
 Serve the remote for restic\[aq]s REST API.
 .IP \[bu] 2
+rclone serve s3 (https://rclone.org/commands/rclone_serve_s3/) - Serve
+remote:path over s3.
+.IP \[bu] 2
 rclone serve sftp (https://rclone.org/commands/rclone_serve_sftp/) -
 Serve the remote over SFTP.
 .IP \[bu] 2
@@ -6503,7 +8164,7 @@ default \[dq]rclone (hostname)\[dq].
 .PP
 Use \f[C]--log-trace\f[R] in conjunction with \f[C]-vv\f[R] to enable
 additional debug logging of all UPNP traffic.
-.SS VFS - Virtual File System
+## VFS - Virtual File System
 .PP
 This command uses the VFS layer.
 This adapts the cloud storage objects that rclone uses into something
@@ -6598,12 +8259,13 @@ find that you need one or the other or both.
 .IP
 .nf
 \f[C]
---cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
@@ -6623,11 +8285,27 @@ seconds.
 If rclone is quit or dies with files that haven\[aq]t been uploaded,
 these will be uploaded next time rclone is run with the same flags.
 .PP
-If using \f[C]--vfs-cache-max-size\f[R] note that the cache may exceed
-this size for two reasons.
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
 Firstly because it is only checked every
 \f[C]--vfs-cache-poll-interval\f[R].
 Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
 .PP
 You \f[B]should not\f[R] run two copies of rclone using the same VFS
 cache with the same or overlapping remotes if using
@@ -6922,8 +8600,9 @@ rclone serve dlna remote:path [flags]
       --read-only                              Only allow read-only access
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -6933,15 +8612,46 @@ rclone serve dlna remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
 remote over a protocol.
@@ -6999,7 +8709,7 @@ volumes.
 All mount and VFS options are submitted by the docker daemon via API,
 but you can also provide defaults on the command line as well as set
 path to the config file and cache directory or adjust logging verbosity.
-.SS VFS - Virtual File System
+## VFS - Virtual File System
 .PP
 This command uses the VFS layer.
 This adapts the cloud storage objects that rclone uses into something
@@ -7094,12 +8804,13 @@ find that you need one or the other or both.
 .IP
 .nf
 \f[C]
---cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
@@ -7119,11 +8830,27 @@ seconds.
 If rclone is quit or dies with files that haven\[aq]t been uploaded,
 these will be uploaded next time rclone is run with the same flags.
 .PP
-If using \f[C]--vfs-cache-max-size\f[R] note that the cache may exceed
-this size for two reasons.
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
 Firstly because it is only checked every
 \f[C]--vfs-cache-poll-interval\f[R].
 Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
 .PP
 You \f[B]should not\f[R] run two copies of rclone using the same VFS
 cache with the same or overlapping remotes if using
@@ -7421,6 +9148,7 @@ rclone serve docker [flags]
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
   -h, --help                                   help for docker
       --max-read-ahead SizeSuffix              The number of bytes that can be prefetched for sequential reads (not supported on Windows) (default 128Ki)
+      --mount-case-insensitive Tristate        Tell the OS the mount is case insensitive (true) or sensitive (false) regardless of the backend (auto) (default unset)
       --network-mode                           Mount as remote network drive, instead of fixed disk drive (supported on Windows only)
       --no-checksum                            Don\[aq]t compare checksums on up/download
       --no-modtime                             Don\[aq]t read/write the modification time (can speed things up)
@@ -7435,8 +9163,9 @@ rclone serve docker [flags]
       --socket-gid int                         GID for unix socket (default: current process GID) (default 1000)
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -7446,6 +9175,7 @@ rclone serve docker [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
@@ -7453,10 +9183,40 @@ rclone serve docker [flags]
       --write-back-cache                       Makes kernel buffer writes before sending them to rclone (without this, writethrough caching is used) (not supported on Windows)
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
 remote over a protocol.
@@ -7484,7 +9244,7 @@ By default this will serve files without needing a login.
 .PP
 You can set a single username and password with the --user and --pass
 flags.
-.SS VFS - Virtual File System
+## VFS - Virtual File System
 .PP
 This command uses the VFS layer.
 This adapts the cloud storage objects that rclone uses into something
@@ -7579,12 +9339,13 @@ find that you need one or the other or both.
 .IP
 .nf
 \f[C]
---cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
@@ -7604,11 +9365,27 @@ seconds.
 If rclone is quit or dies with files that haven\[aq]t been uploaded,
 these will be uploaded next time rclone is run with the same flags.
 .PP
-If using \f[C]--vfs-cache-max-size\f[R] note that the cache may exceed
-this size for two reasons.
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
 Firstly because it is only checked every
 \f[C]--vfs-cache-poll-interval\f[R].
 Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
 .PP
 You \f[B]should not\f[R] run two copies of rclone using the same VFS
 cache with the same or overlapping remotes if using
@@ -7999,8 +9776,9 @@ rclone serve ftp remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication (default \[dq]anonymous\[dq])
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -8010,15 +9788,46 @@ rclone serve ftp remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
 remote over a protocol.
@@ -8190,6 +9999,42 @@ T}@T{
 The UTC timestamp of an entry.
 T}
 .TE
+.PP
+The server also makes the following functions available so that they can
+be used within the template.
+These functions help extend the options for dynamic rendering of HTML.
+They can be used to render HTML based on specific conditions.
+.PP
+.TS
+tab(@);
+lw(35.0n) lw(35.0n).
+T{
+Function
+T}@T{
+Description
+T}
+_
+T{
+afterEpoch
+T}@T{
+Returns the time since the epoch for the given time.
+T}
+T{
+contains
+T}@T{
+Checks whether a given substring is present or not in a given string.
+T}
+T{
+hasPrefix
+T}@T{
+Checks whether the given string begins with the specified prefix.
+T}
+T{
+hasSuffix
+T}@T{
+Checks whether the given string end with the specified suffix.
+T}
+.TE
 .SS Authentication
 .PP
 By default this will serve files without needing a login.
@@ -8198,6 +10043,11 @@ You can either use an htpasswd file which can take lots of users, or set
 a single username and password with the \f[C]--user\f[R] and
 \f[C]--pass\f[R] flags.
 .PP
+If no static users are configured by either of the above methods, and
+client certificates are required by the \f[C]--client-ca\f[R] flag
+passed to the server, the client certificate common name will be
+considered as the username.
+.PP
 Use \f[C]--htpasswd /path/to/htpasswd\f[R] to provide an htpasswd file.
 This is in standard apache format and supports MD5, SHA1 and BCrypt for
 basic authentication.
@@ -8219,7 +10069,7 @@ Use \f[C]--realm\f[R] to set the authentication realm.
 .PP
 Use \f[C]--salt\f[R] to change the password hashing salt from the
 default.
-.SS VFS - Virtual File System
+## VFS - Virtual File System
 .PP
 This command uses the VFS layer.
 This adapts the cloud storage objects that rclone uses into something
@@ -8314,12 +10164,13 @@ find that you need one or the other or both.
 .IP
 .nf
 \f[C]
---cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
@@ -8339,11 +10190,27 @@ seconds.
 If rclone is quit or dies with files that haven\[aq]t been uploaded,
 these will be uploaded next time rclone is run with the same flags.
 .PP
-If using \f[C]--vfs-cache-max-size\f[R] note that the cache may exceed
-this size for two reasons.
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
 Firstly because it is only checked every
 \f[C]--vfs-cache-poll-interval\f[R].
 Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
 .PP
 You \f[B]should not\f[R] run two copies of rclone using the same VFS
 cache with the same or overlapping remotes if using
@@ -8715,6 +10582,7 @@ rclone serve http remote:path [flags]
 .nf
 \f[C]
       --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
       --auth-proxy string                      A program to use to create the backend from the auth
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
@@ -8742,8 +10610,9 @@ rclone serve http remote:path [flags]
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
       --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -8753,303 +10622,98 @@ rclone serve http remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
+.SS Filter Options
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
-remote over a protocol.
-.SH rclone serve restic
-.PP
-Serve the remote for restic\[aq]s REST API.
-.SS Synopsis
-.PP
-Run a basic web server to serve a remote over restic\[aq]s REST backend
-API over HTTP.
-This allows restic to use rclone as a data storage mechanism for cloud
-providers that restic does not support directly.
-.PP
-Restic (https://restic.net/) is a command-line program for doing
-backups.
-.PP
-The server will log errors.
-Use -v to see access logs.
-.PP
-\f[C]--bwlimit\f[R] will be respected for file transfers.
-Use \f[C]--stats\f[R] to control the stats printing.
-.SS Setting up rclone for use by restic
-.PP
-First set up a remote for your chosen cloud
-provider (https://rclone.org/docs/#configure).
-.PP
-Once you have set up the remote, check it is working with, for example
-\[dq]rclone lsd remote:\[dq].
-You may have called the remote something other than \[dq]remote:\[dq] -
-just substitute whatever you called it in the following instructions.
-.PP
-Now start the rclone restic server
+Flags for filtering directory listings.
 .IP
 .nf
 \f[C]
-rclone serve restic -v remote:backup
-\f[R]
-.fi
-.PP
-Where you can replace \[dq]backup\[dq] in the above by whatever path in
-the remote you wish to use.
-.PP
-By default this will serve on \[dq]localhost:8080\[dq] you can change
-this with use of the \f[C]--addr\f[R] flag.
-.PP
-You might wish to start this server on boot.
-.PP
-Adding \f[C]--cache-objects=false\f[R] will cause rclone to stop caching
-objects returned from the List call.
-Caching is normally desirable as it speeds up downloading objects, saves
-transactions and uses very little memory.
-.SS Setting up restic to use rclone
-.PP
-Now you can follow the restic
-instructions (http://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server)
-on setting up restic.
-.PP
-Note that you will need restic 0.8.2 or later to interoperate with
-rclone.
-.PP
-For the example above you will want to use
-\[dq]http://localhost:8080/\[dq] as the URL for the REST server.
-.PP
-For example:
-.IP
-.nf
-\f[C]
-$ export RESTIC_REPOSITORY=rest:http://localhost:8080/
-$ export RESTIC_PASSWORD=yourpassword
-$ restic init
-created restic backend 8b1a4b56ae at rest:http://localhost:8080/
-
-Please note that knowledge of your password is required to access
-the repository. Losing your password means that your data is
-irrecoverably lost.
-$ restic backup /path/to/files/to/backup
-scan [/path/to/files/to/backup]
-scanned 189 directories, 312 files in 0:00
-[0:00] 100.00%  38.128 MiB / 38.128 MiB  501 / 501 items  0 errors  ETA 0:00
-duration: 0:00
-snapshot 45c8fdd8 saved
-\f[R]
-.fi
-.SS Multiple repositories
-.PP
-Note that you can use the endpoint to host multiple repositories.
-Do this by adding a directory name or path after the URL.
-Note that these \f[B]must\f[R] end with /.
-Eg
-.IP
-.nf
-\f[C]
-$ export RESTIC_REPOSITORY=rest:http://localhost:8080/user1repo/
-# backup user1 stuff
-$ export RESTIC_REPOSITORY=rest:http://localhost:8080/user2repo/
-# backup user2 stuff
-\f[R]
-.fi
-.SS Private repositories
-.PP
-The\f[C]--private-repos\f[R] flag can be used to limit users to
-repositories starting with a path of \f[C]/<username>/\f[R].
-.SS Server options
-.PP
-Use \f[C]--addr\f[R] to specify which IP address and port the server
-should listen on, eg \f[C]--addr 1.2.3.4:8000\f[R] or
-\f[C]--addr :8080\f[R] to listen to all IPs.
-By default it only listens on localhost.
-You can use port :0 to let the OS choose an available port.
-.PP
-If you set \f[C]--addr\f[R] to listen on a public or LAN accessible IP
-address then using Authentication is advised - see the next section for
-info.
-.PP
-You can use a unix socket by setting the url to
-\f[C]unix:///path/to/socket\f[R] or just by using an absolute path name.
-Note that unix sockets bypass the authentication - this is expected to
-be done with file system permissions.
-.PP
-\f[C]--addr\f[R] may be repeated to listen on multiple
-IPs/ports/sockets.
-.PP
-\f[C]--server-read-timeout\f[R] and \f[C]--server-write-timeout\f[R] can
-be used to control the timeouts on the server.
-Note that this is the total time for a transfer.
-.PP
-\f[C]--max-header-bytes\f[R] controls the maximum number of bytes the
-server will accept in the HTTP header.
-.PP
-\f[C]--baseurl\f[R] controls the URL prefix that rclone serves from.
-By default rclone will serve from the root.
-If you used \f[C]--baseurl \[dq]/rclone\[dq]\f[R] then rclone would
-serve from a URL starting with \[dq]/rclone/\[dq].
-This is useful if you wish to proxy rclone serve.
-Rclone automatically inserts leading and trailing \[dq]/\[dq] on
-\f[C]--baseurl\f[R], so \f[C]--baseurl \[dq]rclone\[dq]\f[R],
-\f[C]--baseurl \[dq]/rclone\[dq]\f[R] and
-\f[C]--baseurl \[dq]/rclone/\[dq]\f[R] are all treated identically.
-.SS TLS (SSL)
-.PP
-By default this will serve over http.
-If you want you can serve over https.
-You will need to supply the \f[C]--cert\f[R] and \f[C]--key\f[R] flags.
-If you wish to do client side certificate validation then you will need
-to supply \f[C]--client-ca\f[R] also.
-.PP
-\f[C]--cert\f[R] should be a either a PEM encoded certificate or a
-concatenation of that with the CA certificate.
-\f[C]--key\f[R] should be the PEM encoded private key and
-\f[C]--client-ca\f[R] should be the PEM encoded client certificate
-authority certificate.
-.PP
---min-tls-version is minimum TLS version that is acceptable.
-Valid values are \[dq]tls1.0\[dq], \[dq]tls1.1\[dq], \[dq]tls1.2\[dq]
-and \[dq]tls1.3\[dq] (default \[dq]tls1.0\[dq]).
-.SS Authentication
-.PP
-By default this will serve files without needing a login.
-.PP
-You can either use an htpasswd file which can take lots of users, or set
-a single username and password with the \f[C]--user\f[R] and
-\f[C]--pass\f[R] flags.
-.PP
-Use \f[C]--htpasswd /path/to/htpasswd\f[R] to provide an htpasswd file.
-This is in standard apache format and supports MD5, SHA1 and BCrypt for
-basic authentication.
-Bcrypt is recommended.
-.PP
-To create an htpasswd file:
-.IP
-.nf
-\f[C]
-touch htpasswd
-htpasswd -B htpasswd user
-htpasswd -B htpasswd anotherUser
-\f[R]
-.fi
-.PP
-The password file can be updated while rclone is running.
-.PP
-Use \f[C]--realm\f[R] to set the authentication realm.
-.PP
-Use \f[C]--salt\f[R] to change the password hashing salt from the
-default.
-.IP
-.nf
-\f[C]
-rclone serve restic remote:path [flags]
-\f[R]
-.fi
-.SS Options
-.IP
-.nf
-\f[C]
-      --addr stringArray                IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
-      --append-only                     Disallow deletion of repository data
-      --baseurl string                  Prefix for URLs - leave blank for root
-      --cache-objects                   Cache listed objects (default true)
-      --cert string                     TLS PEM key (concatenation of certificate and CA certificate)
-      --client-ca string                Client certificate authority to verify clients with
-  -h, --help                            help for restic
-      --htpasswd string                 A htpasswd file - if not provided no authentication is done
-      --key string                      TLS PEM Private key
-      --max-header-bytes int            Maximum size of request header (default 4096)
-      --min-tls-version string          Minimum TLS version that is acceptable (default \[dq]tls1.0\[dq])
-      --pass string                     Password for authentication
-      --private-repos                   Users can only access their private repo
-      --realm string                    Realm for authentication
-      --salt string                     Password hashing salt (default \[dq]dlPL2MqE\[dq])
-      --server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
-      --server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
-      --stdio                           Run an HTTP2 server on stdin/stdout
-      --user string                     User name for authentication
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 \f[R]
 .fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
 remote over a protocol.
-.SH rclone serve sftp
+.SH rclone serve nfs
 .PP
-Serve the remote over SFTP.
+Serve the remote as an NFS mount
 .SS Synopsis
 .PP
-Run an SFTP server to serve a remote over SFTP.
-This can be used with an SFTP client or you can make a remote of type
-sftp to use with it.
+Create an NFS server that serves the given remote over the network.
 .PP
-You can use the filter flags (e.g.
-\f[C]--include\f[R], \f[C]--exclude\f[R]) to control what is served.
-.PP
-The server will respond to a small number of shell commands, mainly
-md5sum, sha1sum and df, which enable it to provide support for checksums
-and the about feature when accessed from an sftp remote.
+The primary purpose for this command is to enable mount
+command (https://rclone.org/commands/rclone_mount/) on recent macOS
+versions where installing FUSE is very cumbersome.
 .PP
-Note that this server uses standard 32 KiB packet payload size, which
-means you must not configure the client to expect anything else, e.g.
-with the chunk_size (https://rclone.org/sftp/#sftp-chunk-size) option on
-an sftp remote.
+Since this is running on NFSv3, no authentication method is available.
+Any client will be able to access the data.
+To limit access, you can use serve NFS on loopback address and rely on
+secure tunnels (such as SSH).
+For this reason, by default, a random TCP port is chosen and loopback
+interface is used for the listening address; meaning that it is only
+available to the local machine.
+If you want other machines to access the NFS mount over local network,
+you need to specify the listening address and port using
+\f[C]--addr\f[R] flag.
 .PP
-The server will log errors.
-Use \f[C]-v\f[R] to see access logs.
+Modifying files through NFS protocol requires VFS caching.
+Usually you will need to specify \f[C]--vfs-cache-mode\f[R] in order to
+be able to write to the mountpoint (full is recommended).
+If you don\[aq]t specify VFS cache mode, the mount will be read-only.
 .PP
-\f[C]--bwlimit\f[R] will be respected for file transfers.
-Use \f[C]--stats\f[R] to control the stats printing.
-.PP
-You must provide some means of authentication, either with
-\f[C]--user\f[R]/\f[C]--pass\f[R], an authorized keys file (specify
-location with \f[C]--authorized-keys\f[R] - the default is the same as
-ssh), an \f[C]--auth-proxy\f[R], or set the \f[C]--no-auth\f[R] flag for
-no authentication when logging in.
-.PP
-If you don\[aq]t supply a host \f[C]--key\f[R] then rclone will generate
-rsa, ecdsa and ed25519 variants, and cache them for later use in
-rclone\[aq]s cache directory (see \f[C]rclone help flags cache-dir\f[R])
-in the \[dq]serve-sftp\[dq] directory.
-.PP
-By default the server binds to localhost:2022 - if you want it to be
-reachable externally then supply \f[C]--addr :2022\f[R] for example.
+To serve NFS over the network use following command:
+.IP
+.nf
+\f[C]
+rclone serve nfs remote: --addr 0.0.0.0:$PORT --vfs-cache-mode=full
+\f[R]
+.fi
 .PP
-Note that the default of \f[C]--vfs-cache-mode off\f[R] is fine for the
-rclone sftp backend, but it may not be with other SFTP clients.
+We specify a specific port that we can use in the mount command:
 .PP
-If \f[C]--stdio\f[R] is specified, rclone will serve SFTP over stdio,
-which can be used with sshd via \[ti]/.ssh/authorized_keys, for example:
+To mount the server under Linux/macOS, use the following command:
 .IP
 .nf
 \f[C]
-restrict,command=\[dq]rclone serve sftp --stdio ./photos\[dq] ssh-rsa ...
+mount -oport=$PORT,mountport=$PORT $HOSTNAME: path/to/mountpoint
 \f[R]
 .fi
 .PP
-On the client you need to set \f[C]--transfers 1\f[R] when using
-\f[C]--stdio\f[R].
-Otherwise multiple instances of the rclone server are started by OpenSSH
-which can lead to \[dq]corrupted on transfer\[dq] errors.
-This is the case because the client chooses indiscriminately which
-server to send commands to while the servers all have different views of
-the state of the filing system.
+Where \f[C]$PORT\f[R] is the same port number we used in the serve nfs
+command.
 .PP
-The \[dq]restrict\[dq] in authorized_keys prevents SHA1SUMs and MD5SUMs
-from beeing used.
-Omitting \[dq]restrict\[dq] and using \f[C]--sftp-path-override\f[R] to
-enable checksumming is possible but less secure and you could use the
-SFTP server provided by OpenSSH in this case.
+This feature is only available on Unix platforms.
 .SS VFS - Virtual File System
 .PP
 This command uses the VFS layer.
@@ -9145,12 +10809,13 @@ find that you need one or the other or both.
 .IP
 .nf
 \f[C]
---cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
@@ -9170,11 +10835,27 @@ seconds.
 If rclone is quit or dies with files that haven\[aq]t been uploaded,
 these will be uploaded next time rclone is run with the same flags.
 .PP
-If using \f[C]--vfs-cache-max-size\f[R] note that the cache may exceed
-this size for two reasons.
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
 Firstly because it is only checked every
 \f[C]--vfs-cache-poll-interval\f[R].
 Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
 .PP
 You \f[B]should not\f[R] run two copies of rclone using the same VFS
 cache with the same or overlapping remotes if using
@@ -9442,131 +11123,32 @@ filters so that the result is accurate.
 However, this is very inefficient and may cost lots of API calls
 resulting in extra charges.
 Use it as a last resort and only with caching.
-.SS Auth Proxy
-.PP
-If you supply the parameter \f[C]--auth-proxy /path/to/program\f[R] then
-rclone will use that program to generate backends on the fly which then
-are used to authenticate incoming requests.
-This uses a simple JSON based protocol with input on STDIN and output on
-STDOUT.
-.PP
-\f[B]PLEASE NOTE:\f[R] \f[C]--auth-proxy\f[R] and
-\f[C]--authorized-keys\f[R] cannot be used together, if
-\f[C]--auth-proxy\f[R] is set the authorized keys option will be
-ignored.
-.PP
-There is an example program
-bin/test_proxy.py (https://github.com/rclone/rclone/blob/master/test_proxy.py)
-in the rclone source code.
-.PP
-The program\[aq]s job is to take a \f[C]user\f[R] and \f[C]pass\f[R] on
-the input and turn those into the config for a backend on STDOUT in JSON
-format.
-This config will have any default parameters for the backend added, but
-it won\[aq]t use configuration from environment variables or command
-line options - it is the job of the proxy program to make a complete
-config.
-.PP
-This config generated must have this extra parameter - \f[C]_root\f[R] -
-root to use for the backend
-.PP
-And it may have this parameter - \f[C]_obscure\f[R] - comma separated
-strings for parameters to obscure
-.PP
-If password authentication was used by the client, input to the proxy
-process (on STDIN) would look similar to this:
-.IP
-.nf
-\f[C]
-{
-    \[dq]user\[dq]: \[dq]me\[dq],
-    \[dq]pass\[dq]: \[dq]mypassword\[dq]
-}
-\f[R]
-.fi
-.PP
-If public-key authentication was used by the client, input to the proxy
-process (on STDIN) would look similar to this:
-.IP
-.nf
-\f[C]
-{
-    \[dq]user\[dq]: \[dq]me\[dq],
-    \[dq]public_key\[dq]: \[dq]AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf\[dq]
-}
-\f[R]
-.fi
-.PP
-And as an example return this on STDOUT
-.IP
-.nf
-\f[C]
-{
-    \[dq]type\[dq]: \[dq]sftp\[dq],
-    \[dq]_root\[dq]: \[dq]\[dq],
-    \[dq]_obscure\[dq]: \[dq]pass\[dq],
-    \[dq]user\[dq]: \[dq]me\[dq],
-    \[dq]pass\[dq]: \[dq]mypassword\[dq],
-    \[dq]host\[dq]: \[dq]sftp.example.com\[dq]
-}
-\f[R]
-.fi
-.PP
-This would mean that an SFTP backend would be created on the fly for the
-\f[C]user\f[R] and \f[C]pass\f[R]/\f[C]public_key\f[R] returned in the
-output to the host given.
-Note that since \f[C]_obscure\f[R] is set to \f[C]pass\f[R], rclone will
-obscure the \f[C]pass\f[R] parameter before creating the backend (which
-is required for sftp backends).
-.PP
-The program can manipulate the supplied \f[C]user\f[R] in any way, for
-example to make proxy to many different sftp backends, you could make
-the \f[C]user\f[R] be \f[C]user\[at]example.com\f[R] and then set the
-\f[C]host\f[R] to \f[C]example.com\f[R] in the output and the user to
-\f[C]user\f[R].
-For security you\[aq]d probably want to restrict the \f[C]host\f[R] to a
-limited list.
-.PP
-Note that an internal cache is keyed on \f[C]user\f[R] so only use that
-for configuration, don\[aq]t use \f[C]pass\f[R] or \f[C]public_key\f[R].
-This also means that if a user\[aq]s password or public-key is changed
-the cache will need to expire (which takes 5 mins) before it takes
-effect.
-.PP
-This can be used to build general purpose proxies to any kind of backend
-that rclone supports.
 .IP
 .nf
 \f[C]
-rclone serve sftp remote:path [flags]
+rclone serve nfs remote:path [flags]
 \f[R]
 .fi
 .SS Options
 .IP
 .nf
 \f[C]
-      --addr string                            IPaddress:Port or :Port to bind server to (default \[dq]localhost:2022\[dq])
-      --auth-proxy string                      A program to use to create the backend from the auth
-      --authorized-keys string                 Authorized keys file (default \[dq]\[ti]/.ssh/authorized_keys\[dq])
+      --addr string                            IPaddress:Port or :Port to bind server to
       --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
       --dir-perms FileMode                     Directory permissions (default 0777)
       --file-perms FileMode                    File permissions (default 0666)
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
-  -h, --help                                   help for sftp
-      --key stringArray                        SSH private host key file (Can be multi-valued, leave blank to auto generate)
-      --no-auth                                Allow connections with no authentication if set
+  -h, --help                                   help for nfs
       --no-checksum                            Don\[aq]t compare checksums on up/download
       --no-modtime                             Don\[aq]t read/write the modification time (can speed things up)
       --no-seek                                Don\[aq]t allow seeking in files
-      --pass string                            Password for authentication
       --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
       --read-only                              Only allow read-only access
-      --stdio                                  Run an sftp server on stdin/stdout
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -9576,68 +11158,148 @@ rclone serve sftp remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
 remote over a protocol.
-.SH rclone serve webdav
+.SH rclone serve restic
 .PP
-Serve remote:path over WebDAV.
+Serve the remote for restic\[aq]s REST API.
 .SS Synopsis
 .PP
-Run a basic WebDAV server to serve a remote over HTTP via the WebDAV
-protocol.
-This can be viewed with a WebDAV client, through a web browser, or you
-can make a remote of type WebDAV to read and write it.
-.SS WebDAV options
-.SS --etag-hash
+Run a basic web server to serve a remote over restic\[aq]s REST backend
+API over HTTP.
+This allows restic to use rclone as a data storage mechanism for cloud
+providers that restic does not support directly.
 .PP
-This controls the ETag header.
-Without this flag the ETag will be based on the ModTime and Size of the
-object.
+Restic (https://restic.net/) is a command-line program for doing
+backups.
 .PP
-If this flag is set to \[dq]auto\[dq] then rclone will choose the first
-supported hash on the backend or you can use a named hash such as
-\[dq]MD5\[dq] or \[dq]SHA-1\[dq].
-Use the hashsum (https://rclone.org/commands/rclone_hashsum/) command to
-see the full list.
-.SS Access WebDAV on Windows
+The server will log errors.
+Use -v to see access logs.
 .PP
-WebDAV shared folder can be mapped as a drive on Windows, however the
-default settings prevent it.
-Windows will fail to connect to the server using insecure Basic
-authentication.
-It will not even display any login dialog.
-Windows requires SSL / HTTPS connection to be used with Basic.
-If you try to connect via Add Network Location Wizard you will get the
-following error: \[dq]The folder you entered does not appear to be
-valid.
-Please choose another\[dq].
-However, you still can connect if you set the following registry key on
-a client machine: HKEY_LOCAL_MACHINEto 2.
-The BasicAuthLevel can be set to the following values: 0 - Basic
-authentication disabled 1 - Basic authentication enabled for SSL
-connections only 2 - Basic authentication enabled for SSL connections
-and for non-SSL connections If required, increase the
-FileSizeLimitInBytes to a higher value.
-Navigate to the Services interface, then restart the WebClient service.
-.SS Access Office applications on WebDAV
+\f[C]--bwlimit\f[R] will be respected for file transfers.
+Use \f[C]--stats\f[R] to control the stats printing.
+.SS Setting up rclone for use by restic
 .PP
-Navigate to following registry HKEY_CURRENT_USER[14.0/15.0/16.0] Create
-a new DWORD BasicAuthLevel with value 2.
-0 - Basic authentication disabled 1 - Basic authentication enabled for
-SSL connections only 2 - Basic authentication enabled for SSL and for
-non-SSL connections
+First set up a remote for your chosen cloud
+provider (https://rclone.org/docs/#configure).
 .PP
-https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint
+Once you have set up the remote, check it is working with, for example
+\[dq]rclone lsd remote:\[dq].
+You may have called the remote something other than \[dq]remote:\[dq] -
+just substitute whatever you called it in the following instructions.
+.PP
+Now start the rclone restic server
+.IP
+.nf
+\f[C]
+rclone serve restic -v remote:backup
+\f[R]
+.fi
+.PP
+Where you can replace \[dq]backup\[dq] in the above by whatever path in
+the remote you wish to use.
+.PP
+By default this will serve on \[dq]localhost:8080\[dq] you can change
+this with use of the \f[C]--addr\f[R] flag.
+.PP
+You might wish to start this server on boot.
+.PP
+Adding \f[C]--cache-objects=false\f[R] will cause rclone to stop caching
+objects returned from the List call.
+Caching is normally desirable as it speeds up downloading objects, saves
+transactions and uses very little memory.
+.SS Setting up restic to use rclone
+.PP
+Now you can follow the restic
+instructions (http://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server)
+on setting up restic.
+.PP
+Note that you will need restic 0.8.2 or later to interoperate with
+rclone.
+.PP
+For the example above you will want to use
+\[dq]http://localhost:8080/\[dq] as the URL for the REST server.
+.PP
+For example:
+.IP
+.nf
+\f[C]
+$ export RESTIC_REPOSITORY=rest:http://localhost:8080/
+$ export RESTIC_PASSWORD=yourpassword
+$ restic init
+created restic backend 8b1a4b56ae at rest:http://localhost:8080/
+
+Please note that knowledge of your password is required to access
+the repository. Losing your password means that your data is
+irrecoverably lost.
+$ restic backup /path/to/files/to/backup
+scan [/path/to/files/to/backup]
+scanned 189 directories, 312 files in 0:00
+[0:00] 100.00%  38.128 MiB / 38.128 MiB  501 / 501 items  0 errors  ETA 0:00
+duration: 0:00
+snapshot 45c8fdd8 saved
+\f[R]
+.fi
+.SS Multiple repositories
+.PP
+Note that you can use the endpoint to host multiple repositories.
+Do this by adding a directory name or path after the URL.
+Note that these \f[B]must\f[R] end with /.
+Eg
+.IP
+.nf
+\f[C]
+$ export RESTIC_REPOSITORY=rest:http://localhost:8080/user1repo/
+# backup user1 stuff
+$ export RESTIC_REPOSITORY=rest:http://localhost:8080/user2repo/
+# backup user2 stuff
+\f[R]
+.fi
+.SS Private repositories
+.PP
+The\f[C]--private-repos\f[R] flag can be used to limit users to
+repositories starting with a path of \f[C]/<username>/\f[R].
 .SS Server options
 .PP
 Use \f[C]--addr\f[R] to specify which IP address and port the server
@@ -9691,104 +11353,6 @@ authority certificate.
 --min-tls-version is minimum TLS version that is acceptable.
 Valid values are \[dq]tls1.0\[dq], \[dq]tls1.1\[dq], \[dq]tls1.2\[dq]
 and \[dq]tls1.3\[dq] (default \[dq]tls1.0\[dq]).
-.SS Template
-.PP
-\f[C]--template\f[R] allows a user to specify a custom markup template
-for HTTP and WebDAV serve functions.
-The server exports the following markup to be used within the template
-to server pages:
-.PP
-.TS
-tab(@);
-lw(35.0n) lw(35.0n).
-T{
-Parameter
-T}@T{
-Description
-T}
-_
-T{
-\&.Name
-T}@T{
-The full path of a file/directory.
-T}
-T{
-\&.Title
-T}@T{
-Directory listing of .Name
-T}
-T{
-\&.Sort
-T}@T{
-The current sort used.
-This is changeable via ?sort= parameter
-T}
-T{
-T}@T{
-Sort Options: namedirfirst,name,size,time (default namedirfirst)
-T}
-T{
-\&.Order
-T}@T{
-The current ordering used.
-This is changeable via ?order= parameter
-T}
-T{
-T}@T{
-Order Options: asc,desc (default asc)
-T}
-T{
-\&.Query
-T}@T{
-Currently unused.
-T}
-T{
-\&.Breadcrumb
-T}@T{
-Allows for creating a relative navigation
-T}
-T{
--- .Link
-T}@T{
-The relative to the root link of the Text.
-T}
-T{
--- .Text
-T}@T{
-The Name of the directory.
-T}
-T{
-\&.Entries
-T}@T{
-Information about a specific file/directory.
-T}
-T{
--- .URL
-T}@T{
-The \[aq]url\[aq] of an entry.
-T}
-T{
--- .Leaf
-T}@T{
-Currently same as \[aq]URL\[aq] but intended to be \[aq]just\[aq] the
-name.
-T}
-T{
--- .IsDir
-T}@T{
-Boolean for if an entry is a directory or not.
-T}
-T{
--- .Size
-T}@T{
-Size in Bytes of the entry.
-T}
-T{
--- .ModTime
-T}@T{
-The UTC timestamp of an entry.
-T}
-.TE
 .SS Authentication
 .PP
 By default this will serve files without needing a login.
@@ -9797,6 +11361,11 @@ You can either use an htpasswd file which can take lots of users, or set
 a single username and password with the \f[C]--user\f[R] and
 \f[C]--pass\f[R] flags.
 .PP
+If no static users are configured by either of the above methods, and
+client certificates are required by the \f[C]--client-ca\f[R] flag
+passed to the server, the client certificate common name will be
+considered as the username.
+.PP
 Use \f[C]--htpasswd /path/to/htpasswd\f[R] to provide an htpasswd file.
 This is in standard apache format and supports MD5, SHA1 and BCrypt for
 basic authentication.
@@ -9818,7 +11387,247 @@ Use \f[C]--realm\f[R] to set the authentication realm.
 .PP
 Use \f[C]--salt\f[R] to change the password hashing salt from the
 default.
-.SS VFS - Virtual File System
+.IP
+.nf
+\f[C]
+rclone serve restic remote:path [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+      --addr stringArray                IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --append-only                     Disallow deletion of repository data
+      --baseurl string                  Prefix for URLs - leave blank for root
+      --cache-objects                   Cache listed objects (default true)
+      --cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --client-ca string                Client certificate authority to verify clients with
+  -h, --help                            help for restic
+      --htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --key string                      TLS PEM Private key
+      --max-header-bytes int            Maximum size of request header (default 4096)
+      --min-tls-version string          Minimum TLS version that is acceptable (default \[dq]tls1.0\[dq])
+      --pass string                     Password for authentication
+      --private-repos                   Users can only access their private repo
+      --realm string                    Realm for authentication
+      --salt string                     Password hashing salt (default \[dq]dlPL2MqE\[dq])
+      --server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --stdio                           Run an HTTP2 server on stdin/stdout
+      --user string                     User name for authentication
+\f[R]
+.fi
+.PP
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
+remote over a protocol.
+.SH rclone serve s3
+.PP
+Serve remote:path over s3.
+.SS Synopsis
+.PP
+\f[C]serve s3\f[R] implements a basic s3 server that serves a remote via
+s3.
+This can be viewed with an s3 client, or you can make an s3 type
+remote (https://rclone.org/s3/) to read and write to it with rclone.
+.PP
+\f[C]serve s3\f[R] is considered \f[B]Experimental\f[R] so use with
+care.
+.PP
+S3 server supports Signature Version 4 authentication.
+Just use \f[C]--auth-key accessKey,secretKey\f[R] and set the
+\f[C]Authorization\f[R] header correctly in the request.
+(See the AWS
+docs (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)).
+.PP
+\f[C]--auth-key\f[R] can be repeated for multiple auth pairs.
+If \f[C]--auth-key\f[R] is not provided then \f[C]serve s3\f[R] will
+allow anonymous access.
+.PP
+Please note that some clients may require HTTPS endpoints.
+See the SSL docs for more information.
+.PP
+This command uses the VFS directory cache.
+All the functionality will work with \f[C]--vfs-cache-mode off\f[R].
+Using \f[C]--vfs-cache-mode full\f[R] (or \f[C]writes\f[R]) can be used
+to cache objects locally to improve performance.
+.PP
+Use \f[C]--force-path-style=false\f[R] if you want to use the bucket
+name as a part of the hostname (such as mybucket.local)
+.PP
+Use \f[C]--etag-hash\f[R] if you want to change the hash uses for the
+\f[C]ETag\f[R].
+Note that using anything other than \f[C]MD5\f[R] (the default) is
+likely to cause problems for S3 clients which rely on the Etag being the
+MD5.
+.SS Quickstart
+.PP
+For a simple set up, to serve \f[C]remote:path\f[R] over s3, run the
+server like this:
+.IP
+.nf
+\f[C]
+rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+\f[R]
+.fi
+.PP
+This will be compatible with an rclone remote which is defined like
+this:
+.IP
+.nf
+\f[C]
+[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false
+\f[R]
+.fi
+.PP
+Note that setting \f[C]disable_multipart_uploads = true\f[R] is to work
+around a bug which will be fixed in due course.
+.SS Bugs
+.PP
+When uploading multipart files \f[C]serve s3\f[R] holds all the parts in
+memory (see #7453 (https://github.com/rclone/rclone/issues/7453)).
+This is a limitaton of the library rclone uses for serving S3 and will
+hopefully be fixed at some point.
+.PP
+Multipart server side copies do not work (see
+#7454 (https://github.com/rclone/rclone/issues/7454)).
+These take a very long time and eventually fail.
+The default threshold for multipart server side copies is 5G which is
+the maximum it can be, so files above this side will fail to be server
+side copied.
+.PP
+For a current list of \f[C]serve s3\f[R] bugs see the serve
+s3 (https://github.com/rclone/rclone/labels/serve%20s3) bug category on
+GitHub.
+.SS Limitations
+.PP
+\f[C]serve s3\f[R] will treat all directories in the root as buckets and
+ignore all files in the root.
+You can use \f[C]CreateBucket\f[R] to create folders under the root, but
+you can\[aq]t create empty folders under other folders not in the root.
+.PP
+When using \f[C]PutObject\f[R] or \f[C]DeleteObject\f[R], rclone will
+automatically create or clean up empty folders.
+If you don\[aq]t want to clean up empty folders automatically, use
+\f[C]--no-cleanup\f[R].
+.PP
+When using \f[C]ListObjects\f[R], rclone will use \f[C]/\f[R] when the
+delimiter is empty.
+This reduces backend requests with no effect on most operations, but if
+the delimiter is something other than \f[C]/\f[R] and empty, rclone will
+do a full recursive search of the backend, which can take some time.
+.PP
+Versioning is not currently supported.
+.PP
+Metadata will only be saved in memory other than the rclone
+\f[C]mtime\f[R] metadata which will be set as the modification time of
+the file.
+.SS Supported operations
+.PP
+\f[C]serve s3\f[R] currently supports the following operations.
+.IP \[bu] 2
+Bucket
+.RS 2
+.IP \[bu] 2
+\f[C]ListBuckets\f[R]
+.IP \[bu] 2
+\f[C]CreateBucket\f[R]
+.IP \[bu] 2
+\f[C]DeleteBucket\f[R]
+.RE
+.IP \[bu] 2
+Object
+.RS 2
+.IP \[bu] 2
+\f[C]HeadObject\f[R]
+.IP \[bu] 2
+\f[C]ListObjects\f[R]
+.IP \[bu] 2
+\f[C]GetObject\f[R]
+.IP \[bu] 2
+\f[C]PutObject\f[R]
+.IP \[bu] 2
+\f[C]DeleteObject\f[R]
+.IP \[bu] 2
+\f[C]DeleteObjects\f[R]
+.IP \[bu] 2
+\f[C]CreateMultipartUpload\f[R]
+.IP \[bu] 2
+\f[C]CompleteMultipartUpload\f[R]
+.IP \[bu] 2
+\f[C]AbortMultipartUpload\f[R]
+.IP \[bu] 2
+\f[C]CopyObject\f[R]
+.IP \[bu] 2
+\f[C]UploadPart\f[R]
+.RE
+.PP
+Other operations will return error \f[C]Unimplemented\f[R].
+.SS Server options
+.PP
+Use \f[C]--addr\f[R] to specify which IP address and port the server
+should listen on, eg \f[C]--addr 1.2.3.4:8000\f[R] or
+\f[C]--addr :8080\f[R] to listen to all IPs.
+By default it only listens on localhost.
+You can use port :0 to let the OS choose an available port.
+.PP
+If you set \f[C]--addr\f[R] to listen on a public or LAN accessible IP
+address then using Authentication is advised - see the next section for
+info.
+.PP
+You can use a unix socket by setting the url to
+\f[C]unix:///path/to/socket\f[R] or just by using an absolute path name.
+Note that unix sockets bypass the authentication - this is expected to
+be done with file system permissions.
+.PP
+\f[C]--addr\f[R] may be repeated to listen on multiple
+IPs/ports/sockets.
+.PP
+\f[C]--server-read-timeout\f[R] and \f[C]--server-write-timeout\f[R] can
+be used to control the timeouts on the server.
+Note that this is the total time for a transfer.
+.PP
+\f[C]--max-header-bytes\f[R] controls the maximum number of bytes the
+server will accept in the HTTP header.
+.PP
+\f[C]--baseurl\f[R] controls the URL prefix that rclone serves from.
+By default rclone will serve from the root.
+If you used \f[C]--baseurl \[dq]/rclone\[dq]\f[R] then rclone would
+serve from a URL starting with \[dq]/rclone/\[dq].
+This is useful if you wish to proxy rclone serve.
+Rclone automatically inserts leading and trailing \[dq]/\[dq] on
+\f[C]--baseurl\f[R], so \f[C]--baseurl \[dq]rclone\[dq]\f[R],
+\f[C]--baseurl \[dq]/rclone\[dq]\f[R] and
+\f[C]--baseurl \[dq]/rclone/\[dq]\f[R] are all treated identically.
+.SS TLS (SSL)
+.PP
+By default this will serve over http.
+If you want you can serve over https.
+You will need to supply the \f[C]--cert\f[R] and \f[C]--key\f[R] flags.
+If you wish to do client side certificate validation then you will need
+to supply \f[C]--client-ca\f[R] also.
+.PP
+\f[C]--cert\f[R] should be a either a PEM encoded certificate or a
+concatenation of that with the CA certificate.
+\f[C]--key\f[R] should be the PEM encoded private key and
+\f[C]--client-ca\f[R] should be the PEM encoded client certificate
+authority certificate.
+.PP
+--min-tls-version is minimum TLS version that is acceptable.
+Valid values are \[dq]tls1.0\[dq], \[dq]tls1.1\[dq], \[dq]tls1.2\[dq]
+and \[dq]tls1.3\[dq] (default \[dq]tls1.0\[dq]).
+## VFS - Virtual File System
 .PP
 This command uses the VFS layer.
 This adapts the cloud storage objects that rclone uses into something
@@ -9913,12 +11722,13 @@ find that you need one or the other or both.
 .IP
 .nf
 \f[C]
---cache-dir string                   Directory rclone will use for caching.
---vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
---vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
---vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
---vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
---vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
@@ -9938,11 +11748,27 @@ seconds.
 If rclone is quit or dies with files that haven\[aq]t been uploaded,
 these will be uploaded next time rclone is run with the same flags.
 .PP
-If using \f[C]--vfs-cache-max-size\f[R] note that the cache may exceed
-this size for two reasons.
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
 Firstly because it is only checked every
 \f[C]--vfs-cache-poll-interval\f[R].
 Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
 .PP
 You \f[B]should not\f[R] run two copies of rclone using the same VFS
 cache with the same or overlapping remotes if using
@@ -10210,103 +12036,10 @@ filters so that the result is accurate.
 However, this is very inefficient and may cost lots of API calls
 resulting in extra charges.
 Use it as a last resort and only with caching.
-.SS Auth Proxy
-.PP
-If you supply the parameter \f[C]--auth-proxy /path/to/program\f[R] then
-rclone will use that program to generate backends on the fly which then
-are used to authenticate incoming requests.
-This uses a simple JSON based protocol with input on STDIN and output on
-STDOUT.
-.PP
-\f[B]PLEASE NOTE:\f[R] \f[C]--auth-proxy\f[R] and
-\f[C]--authorized-keys\f[R] cannot be used together, if
-\f[C]--auth-proxy\f[R] is set the authorized keys option will be
-ignored.
-.PP
-There is an example program
-bin/test_proxy.py (https://github.com/rclone/rclone/blob/master/test_proxy.py)
-in the rclone source code.
-.PP
-The program\[aq]s job is to take a \f[C]user\f[R] and \f[C]pass\f[R] on
-the input and turn those into the config for a backend on STDOUT in JSON
-format.
-This config will have any default parameters for the backend added, but
-it won\[aq]t use configuration from environment variables or command
-line options - it is the job of the proxy program to make a complete
-config.
-.PP
-This config generated must have this extra parameter - \f[C]_root\f[R] -
-root to use for the backend
-.PP
-And it may have this parameter - \f[C]_obscure\f[R] - comma separated
-strings for parameters to obscure
-.PP
-If password authentication was used by the client, input to the proxy
-process (on STDIN) would look similar to this:
-.IP
-.nf
-\f[C]
-{
-    \[dq]user\[dq]: \[dq]me\[dq],
-    \[dq]pass\[dq]: \[dq]mypassword\[dq]
-}
-\f[R]
-.fi
-.PP
-If public-key authentication was used by the client, input to the proxy
-process (on STDIN) would look similar to this:
-.IP
-.nf
-\f[C]
-{
-    \[dq]user\[dq]: \[dq]me\[dq],
-    \[dq]public_key\[dq]: \[dq]AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf\[dq]
-}
-\f[R]
-.fi
-.PP
-And as an example return this on STDOUT
-.IP
-.nf
-\f[C]
-{
-    \[dq]type\[dq]: \[dq]sftp\[dq],
-    \[dq]_root\[dq]: \[dq]\[dq],
-    \[dq]_obscure\[dq]: \[dq]pass\[dq],
-    \[dq]user\[dq]: \[dq]me\[dq],
-    \[dq]pass\[dq]: \[dq]mypassword\[dq],
-    \[dq]host\[dq]: \[dq]sftp.example.com\[dq]
-}
-\f[R]
-.fi
-.PP
-This would mean that an SFTP backend would be created on the fly for the
-\f[C]user\f[R] and \f[C]pass\f[R]/\f[C]public_key\f[R] returned in the
-output to the host given.
-Note that since \f[C]_obscure\f[R] is set to \f[C]pass\f[R], rclone will
-obscure the \f[C]pass\f[R] parameter before creating the backend (which
-is required for sftp backends).
-.PP
-The program can manipulate the supplied \f[C]user\f[R] in any way, for
-example to make proxy to many different sftp backends, you could make
-the \f[C]user\f[R] be \f[C]user\[at]example.com\f[R] and then set the
-\f[C]host\f[R] to \f[C]example.com\f[R] in the output and the user to
-\f[C]user\f[R].
-For security you\[aq]d probably want to restrict the \f[C]host\f[R] to a
-limited list.
-.PP
-Note that an internal cache is keyed on \f[C]user\f[R] so only use that
-for configuration, don\[aq]t use \f[C]pass\f[R] or \f[C]public_key\f[R].
-This also means that if a user\[aq]s password or public-key is changed
-the cache will need to expire (which takes 5 mins) before it takes
-effect.
-.PP
-This can be used to build general purpose proxies to any kind of backend
-that rclone supports.
 .IP
 .nf
 \f[C]
-rclone serve webdav remote:path [flags]
+rclone serve s3 remote:path [flags]
 \f[R]
 .fi
 .SS Options
@@ -10314,37 +12047,34 @@ rclone serve webdav remote:path [flags]
 .nf
 \f[C]
       --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
-      --auth-proxy string                      A program to use to create the backend from the auth
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
+      --auth-key stringArray                   Set key pair for v4 authorization: access_key_id,secret_access_key
       --baseurl string                         Prefix for URLs - leave blank for root
       --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
       --client-ca string                       Client certificate authority to verify clients with
       --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
       --dir-perms FileMode                     Directory permissions (default 0777)
-      --disable-dir-list                       Disable HTML directory list on GET request for a directory
-      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off
+      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off (default \[dq]MD5\[dq])
       --file-perms FileMode                    File permissions (default 0666)
+      --force-path-style                       If true use path style access if false use virtual hosted style (default true) (default true)
       --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
-  -h, --help                                   help for webdav
-      --htpasswd string                        A htpasswd file - if not provided no authentication is done
+  -h, --help                                   help for s3
       --key string                             TLS PEM Private key
       --max-header-bytes int                   Maximum size of request header (default 4096)
       --min-tls-version string                 Minimum TLS version that is acceptable (default \[dq]tls1.0\[dq])
       --no-checksum                            Don\[aq]t compare checksums on up/download
+      --no-cleanup                             Not to cleanup empty folder after object is deleted
       --no-modtime                             Don\[aq]t read/write the modification time (can speed things up)
       --no-seek                                Don\[aq]t allow seeking in files
-      --pass string                            Password for authentication
       --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
       --read-only                              Only allow read-only access
-      --realm string                           Realm for authentication
-      --salt string                            Password hashing salt (default \[dq]dlPL2MqE\[dq])
       --server-read-timeout Duration           Timeout for server reading data (default 1h0m0s)
       --server-write-timeout Duration          Timeout for server writing data (default 1h0m0s)
-      --template string                        User-specified template
       --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
       --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
-      --user string                            User name for authentication
-      --vfs-cache-max-age Duration             Max age of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
       --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
       --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
       --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
       --vfs-case-insensitive                   If a file name not found, find a case insensitive match
@@ -10354,17192 +12084,17636 @@ rclone serve webdav remote:path [flags]
       --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
       --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
       --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
       --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
       --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
       --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
+.SS Filter Options
+.PP
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
 .PP
 See the global flags page (https://rclone.org/flags/) for global options
 not listed here.
-.SS SEE ALSO
+.SH SEE ALSO
 .IP \[bu] 2
 rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
 remote over a protocol.
-.SH rclone settier
+.SH rclone serve sftp
 .PP
-Changes storage class/tier of objects in remote.
+Serve the remote over SFTP.
 .SS Synopsis
 .PP
-rclone settier changes storage tier or class at remote if supported.
-Few cloud storage services provides different storage classes on
-objects, for example AWS S3 and Glacier, Azure Blob storage - Hot, Cool
-and Archive, Google Cloud Storage, Regional Storage, Nearline, Coldline
-etc.
+Run an SFTP server to serve a remote over SFTP.
+This can be used with an SFTP client or you can make a remote of type
+sftp to use with it.
 .PP
-Note that, certain tier changes make objects not available to access
-immediately.
-For example tiering to archive in azure blob storage makes objects in
-frozen state, user can restore by setting tier to Hot/Cool, similarly S3
-to Glacier makes object inaccessible.true
+You can use the filter flags (e.g.
+\f[C]--include\f[R], \f[C]--exclude\f[R]) to control what is served.
 .PP
-You can use it to tier single object
+The server will respond to a small number of shell commands, mainly
+md5sum, sha1sum and df, which enable it to provide support for checksums
+and the about feature when accessed from an sftp remote.
+.PP
+Note that this server uses standard 32 KiB packet payload size, which
+means you must not configure the client to expect anything else, e.g.
+with the chunk_size (https://rclone.org/sftp/#sftp-chunk-size) option on
+an sftp remote.
+.PP
+The server will log errors.
+Use \f[C]-v\f[R] to see access logs.
+.PP
+\f[C]--bwlimit\f[R] will be respected for file transfers.
+Use \f[C]--stats\f[R] to control the stats printing.
+.PP
+You must provide some means of authentication, either with
+\f[C]--user\f[R]/\f[C]--pass\f[R], an authorized keys file (specify
+location with \f[C]--authorized-keys\f[R] - the default is the same as
+ssh), an \f[C]--auth-proxy\f[R], or set the \f[C]--no-auth\f[R] flag for
+no authentication when logging in.
+.PP
+If you don\[aq]t supply a host \f[C]--key\f[R] then rclone will generate
+rsa, ecdsa and ed25519 variants, and cache them for later use in
+rclone\[aq]s cache directory (see \f[C]rclone help flags cache-dir\f[R])
+in the \[dq]serve-sftp\[dq] directory.
+.PP
+By default the server binds to localhost:2022 - if you want it to be
+reachable externally then supply \f[C]--addr :2022\f[R] for example.
+.PP
+Note that the default of \f[C]--vfs-cache-mode off\f[R] is fine for the
+rclone sftp backend, but it may not be with other SFTP clients.
+.PP
+If \f[C]--stdio\f[R] is specified, rclone will serve SFTP over stdio,
+which can be used with sshd via \[ti]/.ssh/authorized_keys, for example:
 .IP
 .nf
 \f[C]
-rclone settier Cool remote:path/file
+restrict,command=\[dq]rclone serve sftp --stdio ./photos\[dq] ssh-rsa ...
 \f[R]
 .fi
 .PP
-Or use rclone filters to set tier on only specific files
+On the client you need to set \f[C]--transfers 1\f[R] when using
+\f[C]--stdio\f[R].
+Otherwise multiple instances of the rclone server are started by OpenSSH
+which can lead to \[dq]corrupted on transfer\[dq] errors.
+This is the case because the client chooses indiscriminately which
+server to send commands to while the servers all have different views of
+the state of the filing system.
+.PP
+The \[dq]restrict\[dq] in authorized_keys prevents SHA1SUMs and MD5SUMs
+from being used.
+Omitting \[dq]restrict\[dq] and using \f[C]--sftp-path-override\f[R] to
+enable checksumming is possible but less secure and you could use the
+SFTP server provided by OpenSSH in this case.
+.SS VFS - Virtual File System
+.PP
+This command uses the VFS layer.
+This adapts the cloud storage objects that rclone uses into something
+which looks much more like a disk filing system.
+.PP
+Cloud storage objects have lots of properties which aren\[aq]t like disk
+files - you can\[aq]t extend them or write to the middle of them, so the
+VFS layer has to deal with that.
+Because there is no one right way of doing this there are various
+options explained below.
+.PP
+The VFS layer also implements a directory cache - this caches info about
+files and directories (but not the data) in memory.
+.SS VFS Directory Cache
+.PP
+Using the \f[C]--dir-cache-time\f[R] flag, you can control how long a
+directory should be considered up to date and not refreshed from the
+backend.
+Changes made through the VFS will appear immediately or invalidate the
+cache.
 .IP
 .nf
 \f[C]
-rclone --include \[dq]*.txt\[dq] settier Hot remote:path/dir
+--dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+--poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
 \f[R]
 .fi
 .PP
-Or just provide remote directory and all files in directory will be
-tiered
+However, changes made directly on the cloud storage by the web interface
+or a different copy of rclone will only be picked up once the directory
+cache expires if the backend configured does not support polling for
+changes.
+If the backend supports polling, changes will be picked up within the
+polling interval.
+.PP
+You can send a \f[C]SIGHUP\f[R] signal to rclone for it to flush all
+directory caches, regardless of how old they are.
+Assuming only one rclone instance is running, you can reset the cache
+like this:
 .IP
 .nf
 \f[C]
-rclone settier tier remote:path/dir
+kill -SIGHUP $(pidof rclone)
 \f[R]
 .fi
+.PP
+If you configure rclone with a remote control then you can use rclone rc
+to flush the whole directory cache:
 .IP
 .nf
 \f[C]
-rclone settier tier remote:path [flags]
+rclone rc vfs/forget
 \f[R]
 .fi
-.SS Options
+.PP
+Or individual files or directories:
 .IP
 .nf
 \f[C]
-  -h, --help   help for settier
+rclone rc vfs/forget file=path/to/file dir=path/to/dir
 \f[R]
 .fi
+.SS VFS File Buffering
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone (https://rclone.org/commands/rclone/) - Show help for rclone
-commands, flags and backends.
-.SH rclone test
+The \f[C]--buffer-size\f[R] flag determines the amount of memory, that
+will be used to buffer data in advance.
 .PP
-Run a test command
-.SS Synopsis
+Each open file will try to keep the specified amount of data in memory
+at all times.
+The buffered data is bound to one open file and won\[aq]t be shared.
 .PP
-Rclone test is used to run test commands.
+This flag is a upper limit for the used memory per open file.
+The buffer will only use memory for data that is downloaded but not not
+yet read.
+If the buffer is empty, only a small amount of memory will be used.
 .PP
-Select which test comand you want with the subcommand, eg
-.IP
-.nf
-\f[C]
-rclone test memory remote:
-\f[R]
-.fi
+The maximum memory used by rclone for buffering can be up to
+\f[C]--buffer-size * open files\f[R].
+.SS VFS File Caching
 .PP
-Each subcommand has its own options which you can see in their help.
+These flags control the VFS file caching options.
+File caching is necessary to make the VFS layer appear compatible with a
+normal file system.
+It can be disabled at the cost of some compatibility.
 .PP
-\f[B]NB\f[R] Be careful running these commands, they may do strange
-things so reading their documentation first is recommended.
-.SS Options
+For example you\[aq]ll need to enable VFS caching if you want to read
+and write simultaneously to a file.
+See below for more details.
+.PP
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
 .IP
 .nf
 \f[C]
-  -h, --help   help for test
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
+If run with \f[C]-vv\f[R] rclone will print the location of the file
+cache.
+The files are stored in the user cache file area which is OS dependent
+but can be controlled with \f[C]--cache-dir\f[R] or setting the
+appropriate environment variable.
+.PP
+The cache has 4 different modes selected by \f[C]--vfs-cache-mode\f[R].
+The higher the cache mode the more compatible rclone becomes at the cost
+of using disk space.
+.PP
+Note that files are written back to the remote only when they are closed
+and if they haven\[aq]t been accessed for \f[C]--vfs-write-back\f[R]
+seconds.
+If rclone is quit or dies with files that haven\[aq]t been uploaded,
+these will be uploaded next time rclone is run with the same flags.
+.PP
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
+Firstly because it is only checked every
+\f[C]--vfs-cache-poll-interval\f[R].
+Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
+.PP
+You \f[B]should not\f[R] run two copies of rclone using the same VFS
+cache with the same or overlapping remotes if using
+\f[C]--vfs-cache-mode > off\f[R].
+This can potentially cause data corruption if you do.
+You can work around this by giving each rclone its own cache hierarchy
+with \f[C]--cache-dir\f[R].
+You don\[aq]t need to worry about this if the remotes in use don\[aq]t
+overlap.
+.SS --vfs-cache-mode off
+.PP
+In this mode (the default) the cache will read directly from the remote
+and write directly to the remote without caching anything on disk.
+.PP
+This will mean some operations are not possible
 .IP \[bu] 2
-rclone (https://rclone.org/commands/rclone/) - Show help for rclone
-commands, flags and backends.
+Files can\[aq]t be opened for both read AND write
 .IP \[bu] 2
-rclone test
-changenotify (https://rclone.org/commands/rclone_test_changenotify/) -
-Log any change notify requests for the remote passed in.
+Files opened for write can\[aq]t be seeked
 .IP \[bu] 2
-rclone test
-histogram (https://rclone.org/commands/rclone_test_histogram/) - Makes a
-histogram of file name characters.
+Existing files opened for write must have O_TRUNC set
 .IP \[bu] 2
-rclone test info (https://rclone.org/commands/rclone_test_info/) -
-Discovers file name or other limitations for paths.
+Files open for read with O_TRUNC will be opened write only
 .IP \[bu] 2
-rclone test makefile (https://rclone.org/commands/rclone_test_makefile/)
-- Make files with random contents of the size given
+Files open for write only will behave as if O_TRUNC was supplied
 .IP \[bu] 2
-rclone test
-makefiles (https://rclone.org/commands/rclone_test_makefiles/) - Make a
-random file hierarchy in a directory
+Open modes O_APPEND, O_TRUNC are ignored
 .IP \[bu] 2
-rclone test memory (https://rclone.org/commands/rclone_test_memory/) -
-Load all the objects at remote:path into memory and report memory stats.
-.SH rclone test changenotify
+If an upload fails it can\[aq]t be retried
+.SS --vfs-cache-mode minimal
 .PP
-Log any change notify requests for the remote passed in.
-.IP
-.nf
-\f[C]
-rclone test changenotify remote: [flags]
-\f[R]
-.fi
-.SS Options
-.IP
-.nf
-\f[C]
-  -h, --help                     help for changenotify
-      --poll-interval Duration   Time to wait between polling for changes (default 10s)
-\f[R]
-.fi
+This is very similar to \[dq]off\[dq] except that files opened for read
+AND write will be buffered to disk.
+This means that files opened for write will be a lot more compatible,
+but uses the minimal disk space.
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
+These operations are not possible
 .IP \[bu] 2
-rclone test (https://rclone.org/commands/rclone_test/) - Run a test
-command
-.SH rclone test histogram
+Files opened for write only can\[aq]t be seeked
+.IP \[bu] 2
+Existing files opened for write must have O_TRUNC set
+.IP \[bu] 2
+Files opened for write only will ignore O_APPEND, O_TRUNC
+.IP \[bu] 2
+If an upload fails it can\[aq]t be retried
+.SS --vfs-cache-mode writes
 .PP
-Makes a histogram of file name characters.
-.SS Synopsis
+In this mode files opened for read only are still read directly from the
+remote, write only and read/write files are buffered to disk first.
 .PP
-This command outputs JSON which shows the histogram of characters used
-in filenames in the remote:path specified.
+This mode should support all normal file system operations.
 .PP
-The data doesn\[aq]t contain any identifying information but is useful
-for the rclone developers when developing filename compression.
-.IP
-.nf
-\f[C]
-rclone test histogram [remote:path] [flags]
-\f[R]
-.fi
-.SS Options
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
+.SS --vfs-cache-mode full
+.PP
+In this mode all reads and writes are buffered to and from disk.
+When data is read from the remote this is buffered to disk as well.
+.PP
+In this mode the files in the cache will be sparse files and rclone will
+keep track of which bits of the files it has downloaded.
+.PP
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file.
+These files will appear to be their full size in the cache, but they
+will be sparse files with only the data that has been downloaded present
+in them.
+.PP
+This mode should support all normal file system operations and is
+otherwise identical to \f[C]--vfs-cache-mode\f[R] writes.
+.PP
+When reading a file rclone will read \f[C]--buffer-size\f[R] plus
+\f[C]--vfs-read-ahead\f[R] bytes ahead.
+The \f[C]--buffer-size\f[R] is buffered in memory whereas the
+\f[C]--vfs-read-ahead\f[R] is buffered on disk.
+.PP
+When using this mode it is recommended that \f[C]--buffer-size\f[R] is
+not set too large and \f[C]--vfs-read-ahead\f[R] is set large if
+required.
+.PP
+\f[B]IMPORTANT\f[R] not all file systems support sparse files.
+In particular FAT/exFAT do not.
+Rclone will perform very badly if the cache directory is on a filesystem
+which doesn\[aq]t support sparse files and it will log an ERROR message
+if one is detected.
+.SS Fingerprinting
+.PP
+Various parts of the VFS use fingerprinting to see if a local file copy
+has changed relative to a remote file.
+Fingerprints are made from:
+.IP \[bu] 2
+size
+.IP \[bu] 2
+modification time
+.IP \[bu] 2
+hash
+.PP
+where available on an object.
+.PP
+On some backends some of these attributes are slow to read (they take an
+extra API call per object, or extra work per object).
+.PP
+For example \f[C]hash\f[R] is slow with the \f[C]local\f[R] and
+\f[C]sftp\f[R] backends as they have to read the entire file and hash
+it, and \f[C]modtime\f[R] is slow with the \f[C]s3\f[R],
+\f[C]swift\f[R], \f[C]ftp\f[R] and \f[C]qinqstor\f[R] backends because
+they need to do an extra API call to fetch it.
+.PP
+If you use the \f[C]--vfs-fast-fingerprint\f[R] flag then rclone will
+not include the slow operations in the fingerprint.
+This makes the fingerprinting less accurate but much faster and will
+improve the opening time of cached files.
+.PP
+If you are running a vfs cache over \f[C]local\f[R], \f[C]s3\f[R] or
+\f[C]swift\f[R] backends then using this flag is recommended.
+.PP
+Note that if you change the value of this flag, the fingerprints of the
+files in the cache may be invalidated and the files will need to be
+downloaded again.
+.SS VFS Chunked Reading
+.PP
+When rclone reads files from a remote it reads them in chunks.
+This means that rather than requesting the whole file rclone reads the
+chunk specified.
+This can reduce the used download quota for some remotes by requesting
+only chunks from the remote that are actually read, at the cost of an
+increased number of requests.
+.PP
+These flags control the chunking:
 .IP
 .nf
 \f[C]
-  -h, --help   help for histogram
+--vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+--vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
 \f[R]
 .fi
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone test (https://rclone.org/commands/rclone_test/) - Run a test
-command
-.SH rclone test info
+Rclone will start reading a chunk of size
+\f[C]--vfs-read-chunk-size\f[R], and then double the size for each read.
+When \f[C]--vfs-read-chunk-size-limit\f[R] is specified, and greater
+than \f[C]--vfs-read-chunk-size\f[R], the chunk size for each open file
+will get doubled only until the specified value is reached.
+If the value is \[dq]off\[dq], which is the default, the limit is
+disabled and the chunk size will grow indefinitely.
 .PP
-Discovers file name or other limitations for paths.
-.SS Synopsis
+With \f[C]--vfs-read-chunk-size 100M\f[R] and
+\f[C]--vfs-read-chunk-size-limit 0\f[R] the following parts will be
+downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on.
+When \f[C]--vfs-read-chunk-size-limit 500M\f[R] is specified, the result
+would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so
+on.
 .PP
-rclone info discovers what filenames and upload methods are possible to
-write to the paths passed in and how long they can be.
-It can take some time.
-It will write test files into the remote:path passed in.
-It outputs a bit of go code for each one.
+Setting \f[C]--vfs-read-chunk-size\f[R] to \f[C]0\f[R] or \[dq]off\[dq]
+disables chunked reading.
+.SS VFS Performance
 .PP
-\f[B]NB\f[R] this can create undeletable files and other hazards - use
-with care
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons.
+See also the chunked reading feature.
+.PP
+In particular S3 and Swift benefit hugely from the
+\f[C]--no-modtime\f[R] flag (or use \f[C]--use-server-modtime\f[R] for a
+slightly different effect) as each read of the modification time takes a
+transaction.
 .IP
 .nf
 \f[C]
-rclone test info [remote:path]+ [flags]
+--no-checksum     Don\[aq]t compare checksums on up/download.
+--no-modtime      Don\[aq]t read/write the modification time (can speed things up).
+--no-seek         Don\[aq]t allow seeking in files.
+--read-only       Only allow read-only access.
 \f[R]
 .fi
-.SS Options
+.PP
+Sometimes rclone is delivered reads or writes out of order.
+Rather than seeking rclone will wait a short time for the in sequence
+read or write to come in.
+These flags only come into effect when not using an on disk cache file.
 .IP
 .nf
 \f[C]
-      --all                    Run all tests
-      --check-control          Check control characters
-      --check-length           Check max filename length
-      --check-normalization    Check UTF-8 Normalization
-      --check-streaming        Check uploads with indeterminate file size
-  -h, --help                   help for info
-      --upload-wait Duration   Wait after writing a file (default 0s)
-      --write-json string      Write results to file
+--vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+--vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone test (https://rclone.org/commands/rclone_test/) - Run a test
-command
-.SH rclone test makefile
-.PP
-Make files with random contents of the size given
-.IP
-.nf
-\f[C]
-rclone test makefile <size> [<file>]+ [flags]
-\f[R]
-.fi
-.SS Options
+When using VFS write caching (\f[C]--vfs-cache-mode\f[R] with value
+writes or full), the global flag \f[C]--transfers\f[R] can be set to
+adjust the number of parallel uploads of modified files from the cache
+(the related global flag \f[C]--checkers\f[R] has no effect on the VFS).
 .IP
 .nf
 \f[C]
-      --ascii      Fill files with random ASCII printable bytes only
-      --chargen    Fill files with a ASCII chargen pattern
-  -h, --help       help for makefile
-      --pattern    Fill files with a periodic pattern
-      --seed int   Seed for the random number generator (0 for random) (default 1)
-      --sparse     Make the files sparse (appear to be filled with ASCII 0x00)
-      --zero       Fill files with ASCII 0x00
+--transfers int  Number of file transfers to run in parallel (default 4)
 \f[R]
 .fi
+.SS VFS Case Sensitivity
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone test (https://rclone.org/commands/rclone_test/) - Run a test
-command
-.SH rclone test makefiles
+Linux file systems are case-sensitive: two files can differ only by
+case, and the exact case must be used when opening a file.
 .PP
-Make a random file hierarchy in a directory
-.IP
-.nf
-\f[C]
-rclone test makefiles <dir> [flags]
-\f[R]
-.fi
-.SS Options
-.IP
-.nf
-\f[C]
-      --ascii                      Fill files with random ASCII printable bytes only
-      --chargen                    Fill files with a ASCII chargen pattern
-      --files int                  Number of files to create (default 1000)
-      --files-per-directory int    Average number of files per directory (default 10)
-  -h, --help                       help for makefiles
-      --max-depth int              Maximum depth of directory hierarchy (default 10)
-      --max-file-size SizeSuffix   Maximum size of files to create (default 100)
-      --max-name-length int        Maximum size of file names (default 12)
-      --min-file-size SizeSuffix   Minimum size of file to create
-      --min-name-length int        Minimum size of file names (default 4)
-      --pattern                    Fill files with a periodic pattern
-      --seed int                   Seed for the random number generator (0 for random) (default 1)
-      --sparse                     Make the files sparse (appear to be filled with ASCII 0x00)
-      --zero                       Fill files with ASCII 0x00
-\f[R]
-.fi
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case
+used to create the file is preserved and available for programs to
+query.
+It is not allowed for two files in the same directory to differ only by
+case.
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone test (https://rclone.org/commands/rclone_test/) - Run a test
-command
-.SH rclone test memory
+Usually file systems on macOS are case-insensitive.
+It is possible to make macOS file systems case-sensitive but that is not
+the default.
 .PP
-Load all the objects at remote:path into memory and report memory stats.
-.IP
-.nf
-\f[C]
-rclone test memory remote:path [flags]
-\f[R]
-.fi
-.SS Options
+The \f[C]--vfs-case-insensitive\f[R] VFS flag controls how rclone
+handles these two cases.
+If its value is \[dq]false\[dq], rclone passes file names to the remote
+as-is.
+If the flag is \[dq]true\[dq] (or appears without a value on the command
+line), rclone may perform a \[dq]fixup\[dq] as explained below.
+.PP
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote.
+If an argument refers to an existing file with exactly the same name,
+then the case of the existing file on the disk will be used.
+However, if a file name with exactly the same name is not found but a
+name differing only by case exists, rclone will transparently fixup the
+name.
+This fixup happens only when an existing file is requested.
+Case sensitivity of file names created anew by rclone is controlled by
+the underlying remote.
+.PP
+Note that case sensitivity of the operating system running rclone (the
+target) may differ from case sensitivity of a file system presented by
+rclone (the source).
+The flag controls whether \[dq]fixup\[dq] is performed to satisfy the
+target.
+.PP
+If the flag is not provided on the command line, then its default value
+depends on the operating system where rclone runs: \[dq]true\[dq] on
+Windows and macOS, \[dq]false\[dq] otherwise.
+If the flag is provided without a value, then it is \[dq]true\[dq].
+.SS VFS Disk Options
+.PP
+This flag allows you to manually set the statistics about the filing
+system.
+It can be useful when those statistics cannot be read correctly
+automatically.
 .IP
 .nf
 \f[C]
-  -h, --help   help for memory
+--vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
 \f[R]
 .fi
+.SS Alternate report of used bytes
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone test (https://rclone.org/commands/rclone_test/) - Run a test
-command
-.SH rclone touch
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running \f[C]df\f[R]
+on the filesystem, then pass the flag \f[C]--vfs-used-is-size\f[R] to
+rclone.
+With this flag set, instead of relying on the backend to report this
+information, rclone will scan the whole remote similar to
+\f[C]rclone size\f[R] and compute the total used space itself.
 .PP
-Create new file or change file modification time.
-.SS Synopsis
+\f[I]WARNING.\f[R] Contrary to \f[C]rclone size\f[R], this flag ignores
+filters so that the result is accurate.
+However, this is very inefficient and may cost lots of API calls
+resulting in extra charges.
+Use it as a last resort and only with caching.
+.SS Auth Proxy
 .PP
-Set the modification time on file(s) as specified by remote:path to have
-the current time.
+If you supply the parameter \f[C]--auth-proxy /path/to/program\f[R] then
+rclone will use that program to generate backends on the fly which then
+are used to authenticate incoming requests.
+This uses a simple JSON based protocol with input on STDIN and output on
+STDOUT.
 .PP
-If remote:path does not exist then a zero sized file will be created,
-unless \f[C]--no-create\f[R] or \f[C]--recursive\f[R] is provided.
+\f[B]PLEASE NOTE:\f[R] \f[C]--auth-proxy\f[R] and
+\f[C]--authorized-keys\f[R] cannot be used together, if
+\f[C]--auth-proxy\f[R] is set the authorized keys option will be
+ignored.
 .PP
-If \f[C]--recursive\f[R] is used then recursively sets the modification
-time on all existing files that is found under the path.
-Filters are supported, and you can test with the \f[C]--dry-run\f[R] or
-the \f[C]--interactive\f[R]/\f[C]-i\f[R] flag.
+There is an example program
+bin/test_proxy.py (https://github.com/rclone/rclone/blob/master/test_proxy.py)
+in the rclone source code.
 .PP
-If \f[C]--timestamp\f[R] is used then sets the modification time to that
-time instead of the current time.
-Times may be specified as one of:
-.IP \[bu] 2
-\[aq]YYMMDD\[aq] - e.g.
-17.10.30
-.IP \[bu] 2
-\[aq]YYYY-MM-DDTHH:MM:SS\[aq] - e.g.
-2006-01-02T15:04:05
-.IP \[bu] 2
-\[aq]YYYY-MM-DDTHH:MM:SS.SSS\[aq] - e.g.
-2006-01-02T15:04:05.123456789
+The program\[aq]s job is to take a \f[C]user\f[R] and \f[C]pass\f[R] on
+the input and turn those into the config for a backend on STDOUT in JSON
+format.
+This config will have any default parameters for the backend added, but
+it won\[aq]t use configuration from environment variables or command
+line options - it is the job of the proxy program to make a complete
+config.
 .PP
-Note that value of \f[C]--timestamp\f[R] is in UTC.
-If you want local time then add the \f[C]--localtime\f[R] flag.
+This config generated must have this extra parameter - \f[C]_root\f[R] -
+root to use for the backend
+.PP
+And it may have this parameter - \f[C]_obscure\f[R] - comma separated
+strings for parameters to obscure
+.PP
+If password authentication was used by the client, input to the proxy
+process (on STDIN) would look similar to this:
 .IP
 .nf
 \f[C]
-rclone touch remote:path [flags]
+{
+    \[dq]user\[dq]: \[dq]me\[dq],
+    \[dq]pass\[dq]: \[dq]mypassword\[dq]
+}
 \f[R]
 .fi
-.SS Options
+.PP
+If public-key authentication was used by the client, input to the proxy
+process (on STDIN) would look similar to this:
 .IP
 .nf
 \f[C]
-  -h, --help               help for touch
-      --localtime          Use localtime for timestamp, not UTC
-  -C, --no-create          Do not create the file if it does not exist (implied with --recursive)
-  -R, --recursive          Recursively touch all files
-  -t, --timestamp string   Use specified time instead of the current time of day
+{
+    \[dq]user\[dq]: \[dq]me\[dq],
+    \[dq]public_key\[dq]: \[dq]AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf\[dq]
+}
 \f[R]
 .fi
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone (https://rclone.org/commands/rclone/) - Show help for rclone
-commands, flags and backends.
-.SH rclone tree
-.PP
-List the contents of the remote in a tree like fashion.
-.SS Synopsis
-.PP
-rclone tree lists the contents of a remote in a similar way to the unix
-tree command.
-.PP
-For example
+And as an example return this on STDOUT
 .IP
 .nf
 \f[C]
-$ rclone tree remote:path
-/
-\[u251C]\[u2500]\[u2500] file1
-\[u251C]\[u2500]\[u2500] file2
-\[u251C]\[u2500]\[u2500] file3
-\[u2514]\[u2500]\[u2500] subdir
-    \[u251C]\[u2500]\[u2500] file4
-    \[u2514]\[u2500]\[u2500] file5
-
-1 directories, 5 files
+{
+    \[dq]type\[dq]: \[dq]sftp\[dq],
+    \[dq]_root\[dq]: \[dq]\[dq],
+    \[dq]_obscure\[dq]: \[dq]pass\[dq],
+    \[dq]user\[dq]: \[dq]me\[dq],
+    \[dq]pass\[dq]: \[dq]mypassword\[dq],
+    \[dq]host\[dq]: \[dq]sftp.example.com\[dq]
+}
 \f[R]
 .fi
 .PP
-You can use any of the filtering options with the tree command (e.g.
-\f[C]--include\f[R] and \f[C]--exclude\f[R].
-You can also use \f[C]--fast-list\f[R].
+This would mean that an SFTP backend would be created on the fly for the
+\f[C]user\f[R] and \f[C]pass\f[R]/\f[C]public_key\f[R] returned in the
+output to the host given.
+Note that since \f[C]_obscure\f[R] is set to \f[C]pass\f[R], rclone will
+obscure the \f[C]pass\f[R] parameter before creating the backend (which
+is required for sftp backends).
 .PP
-The tree command has many options for controlling the listing which are
-compatible with the tree command, for example you can include file sizes
-with \f[C]--size\f[R].
-Note that not all of them have short options as they conflict with
-rclone\[aq]s short options.
+The program can manipulate the supplied \f[C]user\f[R] in any way, for
+example to make proxy to many different sftp backends, you could make
+the \f[C]user\f[R] be \f[C]user\[at]example.com\f[R] and then set the
+\f[C]host\f[R] to \f[C]example.com\f[R] in the output and the user to
+\f[C]user\f[R].
+For security you\[aq]d probably want to restrict the \f[C]host\f[R] to a
+limited list.
 .PP
-For a more interactive navigation of the remote see the
-ncdu (https://rclone.org/commands/rclone_ncdu/) command.
+Note that an internal cache is keyed on \f[C]user\f[R] so only use that
+for configuration, don\[aq]t use \f[C]pass\f[R] or \f[C]public_key\f[R].
+This also means that if a user\[aq]s password or public-key is changed
+the cache will need to expire (which takes 5 mins) before it takes
+effect.
+.PP
+This can be used to build general purpose proxies to any kind of backend
+that rclone supports.
 .IP
 .nf
 \f[C]
-rclone tree remote:path [flags]
+rclone serve sftp remote:path [flags]
 \f[R]
 .fi
 .SS Options
 .IP
 .nf
 \f[C]
-  -a, --all             All files are listed (list . files too)
-  -d, --dirs-only       List directories only
-      --dirsfirst       List directories before files (-U disables)
-      --full-path       Print the full path prefix for each file
-  -h, --help            help for tree
-      --level int       Descend only level directories deep
-  -D, --modtime         Print the date of last modification.
-      --noindent        Don\[aq]t print indentation lines
-      --noreport        Turn off file/directory count at end of tree listing
-  -o, --output string   Output to file instead of stdout
-  -p, --protections     Print the protections for each file.
-  -Q, --quote           Quote filenames with double quotes.
-  -s, --size            Print the size in bytes of each file.
-      --sort string     Select sort: name,version,size,mtime,ctime
-      --sort-ctime      Sort files by last status change time
-  -t, --sort-modtime    Sort files by last modification time
-  -r, --sort-reverse    Reverse the order of the sort
-  -U, --unsorted        Leave files unsorted
-      --version         Sort files alphanumerically by version
+      --addr string                            IPaddress:Port or :Port to bind server to (default \[dq]localhost:2022\[dq])
+      --auth-proxy string                      A program to use to create the backend from the auth
+      --authorized-keys string                 Authorized keys file (default \[dq]\[ti]/.ssh/authorized_keys\[dq])
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --file-perms FileMode                    File permissions (default 0666)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for sftp
+      --key stringArray                        SSH private host key file (Can be multi-valued, leave blank to auto generate)
+      --no-auth                                Allow connections with no authentication if set
+      --no-checksum                            Don\[aq]t compare checksums on up/download
+      --no-modtime                             Don\[aq]t read/write the modification time (can speed things up)
+      --no-seek                                Don\[aq]t allow seeking in files
+      --pass string                            Password for authentication
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --stdio                                  Run an sftp server on stdin/stdout
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --user string                            User name for authentication
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
+.SS Filter Options
 .PP
-See the global flags page (https://rclone.org/flags/) for global options
-not listed here.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone (https://rclone.org/commands/rclone/) - Show help for rclone
-commands, flags and backends.
-.SS Copying single files
-.PP
-rclone normally syncs or copies directories.
-However, if the source remote points to a file, rclone will just copy
-that file.
-The destination remote must point to a directory - rclone will give the
-error
-\f[C]Failed to create file system for \[dq]remote:file\[dq]: is a file not a directory\f[R]
-if it isn\[aq]t.
-.PP
-For example, suppose you have a remote with a file in called
-\f[C]test.jpg\f[R], then you could copy just that file like this
+Flags for filtering directory listings.
 .IP
 .nf
 \f[C]
-rclone copy remote:test.jpg /tmp/download
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 \f[R]
 .fi
 .PP
-The file \f[C]test.jpg\f[R] will be placed inside
-\f[C]/tmp/download\f[R].
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
+remote over a protocol.
+.SH rclone serve webdav
 .PP
-This is equivalent to specifying
-.IP
-.nf
-\f[C]
-rclone copy --files-from /tmp/files remote: /tmp/download
-\f[R]
-.fi
+Serve remote:path over WebDAV.
+.SS Synopsis
 .PP
-Where \f[C]/tmp/files\f[R] contains the single line
-.IP
-.nf
-\f[C]
-test.jpg
-\f[R]
-.fi
+Run a basic WebDAV server to serve a remote over HTTP via the WebDAV
+protocol.
+This can be viewed with a WebDAV client, through a web browser, or you
+can make a remote of type WebDAV to read and write it.
+.SS WebDAV options
+.SS --etag-hash
 .PP
-It is recommended to use \f[C]copy\f[R] when copying individual files,
-not \f[C]sync\f[R].
-They have pretty much the same effect but \f[C]copy\f[R] will use a lot
-less memory.
-.SS Syntax of remote paths
+This controls the ETag header.
+Without this flag the ETag will be based on the ModTime and Size of the
+object.
 .PP
-The syntax of the paths passed to the rclone command are as follows.
-.SS /path/to/dir
+If this flag is set to \[dq]auto\[dq] then rclone will choose the first
+supported hash on the backend or you can use a named hash such as
+\[dq]MD5\[dq] or \[dq]SHA-1\[dq].
+Use the hashsum (https://rclone.org/commands/rclone_hashsum/) command to
+see the full list.
+.SS Access WebDAV on Windows
 .PP
-This refers to the local file system.
+WebDAV shared folder can be mapped as a drive on Windows, however the
+default settings prevent it.
+Windows will fail to connect to the server using insecure Basic
+authentication.
+It will not even display any login dialog.
+Windows requires SSL / HTTPS connection to be used with Basic.
+If you try to connect via Add Network Location Wizard you will get the
+following error: \[dq]The folder you entered does not appear to be
+valid.
+Please choose another\[dq].
+However, you still can connect if you set the following registry key on
+a client machine: HKEY_LOCAL_MACHINEto 2.
+The BasicAuthLevel can be set to the following values: 0 - Basic
+authentication disabled 1 - Basic authentication enabled for SSL
+connections only 2 - Basic authentication enabled for SSL connections
+and for non-SSL connections If required, increase the
+FileSizeLimitInBytes to a higher value.
+Navigate to the Services interface, then restart the WebClient service.
+.SS Access Office applications on WebDAV
 .PP
-On Windows \f[C]\[rs]\f[R] may be used instead of \f[C]/\f[R] in local
-paths \f[B]only\f[R], non local paths must use \f[C]/\f[R].
-See local filesystem (https://rclone.org/local/#paths-on-windows)
-documentation for more about Windows-specific paths.
+Navigate to following registry HKEY_CURRENT_USER[14.0/15.0/16.0] Create
+a new DWORD BasicAuthLevel with value 2.
+0 - Basic authentication disabled 1 - Basic authentication enabled for
+SSL connections only 2 - Basic authentication enabled for SSL and for
+non-SSL connections
 .PP
-These paths needn\[aq]t start with a leading \f[C]/\f[R] - if they
-don\[aq]t then they will be relative to the current directory.
-.SS remote:path/to/dir
+https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint
+.SS Server options
 .PP
-This refers to a directory \f[C]path/to/dir\f[R] on \f[C]remote:\f[R] as
-defined in the config file (configured with \f[C]rclone config\f[R]).
-.SS remote:/path/to/dir
+Use \f[C]--addr\f[R] to specify which IP address and port the server
+should listen on, eg \f[C]--addr 1.2.3.4:8000\f[R] or
+\f[C]--addr :8080\f[R] to listen to all IPs.
+By default it only listens on localhost.
+You can use port :0 to let the OS choose an available port.
 .PP
-On most backends this is refers to the same directory as
-\f[C]remote:path/to/dir\f[R] and that format should be preferred.
-On a very small number of remotes (FTP, SFTP, Dropbox for business) this
-will refer to a different directory.
-On these, paths without a leading \f[C]/\f[R] will refer to your
-\[dq]home\[dq] directory and paths with a leading \f[C]/\f[R] will refer
-to the root.
-.SS :backend:path/to/dir
+If you set \f[C]--addr\f[R] to listen on a public or LAN accessible IP
+address then using Authentication is advised - see the next section for
+info.
 .PP
-This is an advanced form for creating remotes on the fly.
-\f[C]backend\f[R] should be the name or prefix of a backend (the
-\f[C]type\f[R] in the config file) and all the configuration for the
-backend should be provided on the command line (or in environment
-variables).
+You can use a unix socket by setting the url to
+\f[C]unix:///path/to/socket\f[R] or just by using an absolute path name.
+Note that unix sockets bypass the authentication - this is expected to
+be done with file system permissions.
 .PP
-Here are some examples:
-.IP
-.nf
-\f[C]
-rclone lsd --http-url https://pub.rclone.org :http:
-\f[R]
-.fi
+\f[C]--addr\f[R] may be repeated to listen on multiple
+IPs/ports/sockets.
 .PP
-To list all the directories in the root of
-\f[C]https://pub.rclone.org/\f[R].
-.IP
-.nf
-\f[C]
-rclone lsf --http-url https://example.com :http:path/to/dir
-\f[R]
-.fi
+\f[C]--server-read-timeout\f[R] and \f[C]--server-write-timeout\f[R] can
+be used to control the timeouts on the server.
+Note that this is the total time for a transfer.
 .PP
-To list files and directories in
-\f[C]https://example.com/path/to/dir/\f[R]
-.IP
-.nf
-\f[C]
-rclone copy --http-url https://example.com :http:path/to/dir /tmp/dir
-\f[R]
-.fi
+\f[C]--max-header-bytes\f[R] controls the maximum number of bytes the
+server will accept in the HTTP header.
 .PP
-To copy files and directories in
-\f[C]https://example.com/path/to/dir\f[R] to \f[C]/tmp/dir\f[R].
-.IP
-.nf
-\f[C]
-rclone copy --sftp-host example.com :sftp:path/to/dir /tmp/dir
-\f[R]
-.fi
+\f[C]--baseurl\f[R] controls the URL prefix that rclone serves from.
+By default rclone will serve from the root.
+If you used \f[C]--baseurl \[dq]/rclone\[dq]\f[R] then rclone would
+serve from a URL starting with \[dq]/rclone/\[dq].
+This is useful if you wish to proxy rclone serve.
+Rclone automatically inserts leading and trailing \[dq]/\[dq] on
+\f[C]--baseurl\f[R], so \f[C]--baseurl \[dq]rclone\[dq]\f[R],
+\f[C]--baseurl \[dq]/rclone\[dq]\f[R] and
+\f[C]--baseurl \[dq]/rclone/\[dq]\f[R] are all treated identically.
+.SS TLS (SSL)
 .PP
-To copy files and directories from \f[C]example.com\f[R] in the relative
-directory \f[C]path/to/dir\f[R] to \f[C]/tmp/dir\f[R] using sftp.
-.SS Connection strings
+By default this will serve over http.
+If you want you can serve over https.
+You will need to supply the \f[C]--cert\f[R] and \f[C]--key\f[R] flags.
+If you wish to do client side certificate validation then you will need
+to supply \f[C]--client-ca\f[R] also.
 .PP
-The above examples can also be written using a connection string syntax,
-so instead of providing the arguments as command line parameters
-\f[C]--http-url https://pub.rclone.org\f[R] they are provided as part of
-the remote specification as a kind of connection string.
-.IP
-.nf
-\f[C]
-rclone lsd \[dq]:http,url=\[aq]https://pub.rclone.org\[aq]:\[dq]
-rclone lsf \[dq]:http,url=\[aq]https://example.com\[aq]:path/to/dir\[dq]
-rclone copy \[dq]:http,url=\[aq]https://example.com\[aq]:path/to/dir\[dq] /tmp/dir
-rclone copy :sftp,host=example.com:path/to/dir /tmp/dir
-\f[R]
-.fi
+\f[C]--cert\f[R] should be a either a PEM encoded certificate or a
+concatenation of that with the CA certificate.
+\f[C]--key\f[R] should be the PEM encoded private key and
+\f[C]--client-ca\f[R] should be the PEM encoded client certificate
+authority certificate.
 .PP
-These can apply to modify existing remotes as well as create new remotes
-with the on the fly syntax.
-This example is equivalent to adding the
-\f[C]--drive-shared-with-me\f[R] parameter to the remote
-\f[C]gdrive:\f[R].
-.IP
-.nf
-\f[C]
-rclone lsf \[dq]gdrive,shared_with_me:path/to/dir\[dq]
-\f[R]
-.fi
+--min-tls-version is minimum TLS version that is acceptable.
+Valid values are \[dq]tls1.0\[dq], \[dq]tls1.1\[dq], \[dq]tls1.2\[dq]
+and \[dq]tls1.3\[dq] (default \[dq]tls1.0\[dq]).
+.SS Template
 .PP
-The major advantage to using the connection string style syntax is that
-it only applies to the remote, not to all the remotes of that type of
-the command line.
-A common confusion is this attempt to copy a file shared on google drive
-to the normal drive which \f[B]does not work\f[R] because the
-\f[C]--drive-shared-with-me\f[R] flag applies to both the source and the
-destination.
-.IP
-.nf
-\f[C]
-rclone copy --drive-shared-with-me gdrive:shared-file.txt gdrive:
-\f[R]
-.fi
+\f[C]--template\f[R] allows a user to specify a custom markup template
+for HTTP and WebDAV serve functions.
+The server exports the following markup to be used within the template
+to server pages:
 .PP
-However using the connection string syntax, this does work.
+.TS
+tab(@);
+lw(35.0n) lw(35.0n).
+T{
+Parameter
+T}@T{
+Description
+T}
+_
+T{
+\&.Name
+T}@T{
+The full path of a file/directory.
+T}
+T{
+\&.Title
+T}@T{
+Directory listing of .Name
+T}
+T{
+\&.Sort
+T}@T{
+The current sort used.
+This is changeable via ?sort= parameter
+T}
+T{
+T}@T{
+Sort Options: namedirfirst,name,size,time (default namedirfirst)
+T}
+T{
+\&.Order
+T}@T{
+The current ordering used.
+This is changeable via ?order= parameter
+T}
+T{
+T}@T{
+Order Options: asc,desc (default asc)
+T}
+T{
+\&.Query
+T}@T{
+Currently unused.
+T}
+T{
+\&.Breadcrumb
+T}@T{
+Allows for creating a relative navigation
+T}
+T{
+-- .Link
+T}@T{
+The relative to the root link of the Text.
+T}
+T{
+-- .Text
+T}@T{
+The Name of the directory.
+T}
+T{
+\&.Entries
+T}@T{
+Information about a specific file/directory.
+T}
+T{
+-- .URL
+T}@T{
+The \[aq]url\[aq] of an entry.
+T}
+T{
+-- .Leaf
+T}@T{
+Currently same as \[aq]URL\[aq] but intended to be \[aq]just\[aq] the
+name.
+T}
+T{
+-- .IsDir
+T}@T{
+Boolean for if an entry is a directory or not.
+T}
+T{
+-- .Size
+T}@T{
+Size in Bytes of the entry.
+T}
+T{
+-- .ModTime
+T}@T{
+The UTC timestamp of an entry.
+T}
+.TE
+.PP
+The server also makes the following functions available so that they can
+be used within the template.
+These functions help extend the options for dynamic rendering of HTML.
+They can be used to render HTML based on specific conditions.
+.PP
+.TS
+tab(@);
+lw(35.0n) lw(35.0n).
+T{
+Function
+T}@T{
+Description
+T}
+_
+T{
+afterEpoch
+T}@T{
+Returns the time since the epoch for the given time.
+T}
+T{
+contains
+T}@T{
+Checks whether a given substring is present or not in a given string.
+T}
+T{
+hasPrefix
+T}@T{
+Checks whether the given string begins with the specified prefix.
+T}
+T{
+hasSuffix
+T}@T{
+Checks whether the given string end with the specified suffix.
+T}
+.TE
+.SS Authentication
+.PP
+By default this will serve files without needing a login.
+.PP
+You can either use an htpasswd file which can take lots of users, or set
+a single username and password with the \f[C]--user\f[R] and
+\f[C]--pass\f[R] flags.
+.PP
+If no static users are configured by either of the above methods, and
+client certificates are required by the \f[C]--client-ca\f[R] flag
+passed to the server, the client certificate common name will be
+considered as the username.
+.PP
+Use \f[C]--htpasswd /path/to/htpasswd\f[R] to provide an htpasswd file.
+This is in standard apache format and supports MD5, SHA1 and BCrypt for
+basic authentication.
+Bcrypt is recommended.
+.PP
+To create an htpasswd file:
 .IP
 .nf
 \f[C]
-rclone copy \[dq]gdrive,shared_with_me:shared-file.txt\[dq] gdrive:
+touch htpasswd
+htpasswd -B htpasswd user
+htpasswd -B htpasswd anotherUser
 \f[R]
 .fi
 .PP
-Note that the connection string only affects the options of the
-immediate backend.
-If for example gdriveCrypt is a crypt based on gdrive, then the
-following command \f[B]will not work\f[R] as intended, because
-\f[C]shared_with_me\f[R] is ignored by the crypt backend:
+The password file can be updated while rclone is running.
+.PP
+Use \f[C]--realm\f[R] to set the authentication realm.
+.PP
+Use \f[C]--salt\f[R] to change the password hashing salt from the
+default.
+## VFS - Virtual File System
+.PP
+This command uses the VFS layer.
+This adapts the cloud storage objects that rclone uses into something
+which looks much more like a disk filing system.
+.PP
+Cloud storage objects have lots of properties which aren\[aq]t like disk
+files - you can\[aq]t extend them or write to the middle of them, so the
+VFS layer has to deal with that.
+Because there is no one right way of doing this there are various
+options explained below.
+.PP
+The VFS layer also implements a directory cache - this caches info about
+files and directories (but not the data) in memory.
+.SS VFS Directory Cache
+.PP
+Using the \f[C]--dir-cache-time\f[R] flag, you can control how long a
+directory should be considered up to date and not refreshed from the
+backend.
+Changes made through the VFS will appear immediately or invalidate the
+cache.
 .IP
 .nf
 \f[C]
-rclone copy \[dq]gdriveCrypt,shared_with_me:shared-file.txt\[dq] gdriveCrypt:
+--dir-cache-time duration   Time to cache directory entries for (default 5m0s)
+--poll-interval duration    Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable (default 1m0s)
 \f[R]
 .fi
 .PP
-The connection strings have the following syntax
+However, changes made directly on the cloud storage by the web interface
+or a different copy of rclone will only be picked up once the directory
+cache expires if the backend configured does not support polling for
+changes.
+If the backend supports polling, changes will be picked up within the
+polling interval.
+.PP
+You can send a \f[C]SIGHUP\f[R] signal to rclone for it to flush all
+directory caches, regardless of how old they are.
+Assuming only one rclone instance is running, you can reset the cache
+like this:
 .IP
 .nf
 \f[C]
-remote,parameter=value,parameter2=value2:path/to/dir
-:backend,parameter=value,parameter2=value2:path/to/dir
+kill -SIGHUP $(pidof rclone)
 \f[R]
 .fi
 .PP
-If the \f[C]parameter\f[R] has a \f[C]:\f[R] or \f[C],\f[R] then it must
-be placed in quotes \f[C]\[dq]\f[R] or \f[C]\[aq]\f[R], so
+If you configure rclone with a remote control then you can use rclone rc
+to flush the whole directory cache:
 .IP
 .nf
 \f[C]
-remote,parameter=\[dq]colon:value\[dq],parameter2=\[dq]comma,value\[dq]:path/to/dir
-:backend,parameter=\[aq]colon:value\[aq],parameter2=\[aq]comma,value\[aq]:path/to/dir
+rclone rc vfs/forget
 \f[R]
 .fi
 .PP
-If a quoted value needs to include that quote, then it should be
-doubled, so
+Or individual files or directories:
 .IP
 .nf
 \f[C]
-remote,parameter=\[dq]with\[dq]\[dq]quote\[dq],parameter2=\[aq]with\[aq]\[aq]quote\[aq]:path/to/dir
+rclone rc vfs/forget file=path/to/file dir=path/to/dir
 \f[R]
 .fi
+.SS VFS File Buffering
 .PP
-This will make \f[C]parameter\f[R] be \f[C]with\[dq]quote\f[R] and
-\f[C]parameter2\f[R] be \f[C]with\[aq]quote\f[R].
+The \f[C]--buffer-size\f[R] flag determines the amount of memory, that
+will be used to buffer data in advance.
 .PP
-If you leave off the \f[C]=parameter\f[R] then rclone will substitute
-\f[C]=true\f[R] which works very well with flags.
-For example, to use s3 configured in the environment you could use:
-.IP
-.nf
-\f[C]
-rclone lsd :s3,env_auth:
-\f[R]
-.fi
+Each open file will try to keep the specified amount of data in memory
+at all times.
+The buffered data is bound to one open file and won\[aq]t be shared.
 .PP
-Which is equivalent to
+This flag is a upper limit for the used memory per open file.
+The buffer will only use memory for data that is downloaded but not not
+yet read.
+If the buffer is empty, only a small amount of memory will be used.
+.PP
+The maximum memory used by rclone for buffering can be up to
+\f[C]--buffer-size * open files\f[R].
+.SS VFS File Caching
+.PP
+These flags control the VFS file caching options.
+File caching is necessary to make the VFS layer appear compatible with a
+normal file system.
+It can be disabled at the cost of some compatibility.
+.PP
+For example you\[aq]ll need to enable VFS caching if you want to read
+and write simultaneously to a file.
+See below for more details.
+.PP
+Note that the VFS cache is separate from the cache backend and you may
+find that you need one or the other or both.
 .IP
 .nf
 \f[C]
-rclone lsd :s3,env_auth=true:
+--cache-dir string                     Directory rclone will use for caching.
+--vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+--vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+--vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+--vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+--vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+--vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 \f[R]
 .fi
 .PP
-Note that on the command line you might need to surround these
-connection strings with \f[C]\[dq]\f[R] or \f[C]\[aq]\f[R] to stop the
-shell interpreting any special characters within them.
+If run with \f[C]-vv\f[R] rclone will print the location of the file
+cache.
+The files are stored in the user cache file area which is OS dependent
+but can be controlled with \f[C]--cache-dir\f[R] or setting the
+appropriate environment variable.
 .PP
-If you are a shell master then you\[aq]ll know which strings are OK and
-which aren\[aq]t, but if you aren\[aq]t sure then enclose them in
-\f[C]\[dq]\f[R] and use \f[C]\[aq]\f[R] as the inside quote.
-This syntax works on all OSes.
+The cache has 4 different modes selected by \f[C]--vfs-cache-mode\f[R].
+The higher the cache mode the more compatible rclone becomes at the cost
+of using disk space.
+.PP
+Note that files are written back to the remote only when they are closed
+and if they haven\[aq]t been accessed for \f[C]--vfs-write-back\f[R]
+seconds.
+If rclone is quit or dies with files that haven\[aq]t been uploaded,
+these will be uploaded next time rclone is run with the same flags.
+.PP
+If using \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] note that the cache may exceed these
+quotas for two reasons.
+Firstly because it is only checked every
+\f[C]--vfs-cache-poll-interval\f[R].
+Secondly because open files cannot be evicted from the cache.
+When \f[C]--vfs-cache-max-size\f[R] or
+\f[C]--vfs-cache-min-free-size\f[R] is exceeded, rclone will attempt to
+evict the least accessed files from the cache first.
+rclone will start with files that haven\[aq]t been accessed for the
+longest.
+This cache flushing strategy is efficient and more relevant files are
+likely to remain cached.
+.PP
+The \f[C]--vfs-cache-max-age\f[R] will evict files from the cache after
+the set time since last access has passed.
+The default value of 1 hour will start evicting files from cache that
+haven\[aq]t been accessed for 1 hour.
+When a cached file is accessed the 1 hour timer is reset to 0 and will
+wait for 1 more hour before evicting.
+Specify the time with standard notation, s, m, h, d, w .
+.PP
+You \f[B]should not\f[R] run two copies of rclone using the same VFS
+cache with the same or overlapping remotes if using
+\f[C]--vfs-cache-mode > off\f[R].
+This can potentially cause data corruption if you do.
+You can work around this by giving each rclone its own cache hierarchy
+with \f[C]--cache-dir\f[R].
+You don\[aq]t need to worry about this if the remotes in use don\[aq]t
+overlap.
+.SS --vfs-cache-mode off
+.PP
+In this mode (the default) the cache will read directly from the remote
+and write directly to the remote without caching anything on disk.
+.PP
+This will mean some operations are not possible
+.IP \[bu] 2
+Files can\[aq]t be opened for both read AND write
+.IP \[bu] 2
+Files opened for write can\[aq]t be seeked
+.IP \[bu] 2
+Existing files opened for write must have O_TRUNC set
+.IP \[bu] 2
+Files open for read with O_TRUNC will be opened write only
+.IP \[bu] 2
+Files open for write only will behave as if O_TRUNC was supplied
+.IP \[bu] 2
+Open modes O_APPEND, O_TRUNC are ignored
+.IP \[bu] 2
+If an upload fails it can\[aq]t be retried
+.SS --vfs-cache-mode minimal
+.PP
+This is very similar to \[dq]off\[dq] except that files opened for read
+AND write will be buffered to disk.
+This means that files opened for write will be a lot more compatible,
+but uses the minimal disk space.
+.PP
+These operations are not possible
+.IP \[bu] 2
+Files opened for write only can\[aq]t be seeked
+.IP \[bu] 2
+Existing files opened for write must have O_TRUNC set
+.IP \[bu] 2
+Files opened for write only will ignore O_APPEND, O_TRUNC
+.IP \[bu] 2
+If an upload fails it can\[aq]t be retried
+.SS --vfs-cache-mode writes
+.PP
+In this mode files opened for read only are still read directly from the
+remote, write only and read/write files are buffered to disk first.
+.PP
+This mode should support all normal file system operations.
+.PP
+If an upload fails it will be retried at exponentially increasing
+intervals up to 1 minute.
+.SS --vfs-cache-mode full
+.PP
+In this mode all reads and writes are buffered to and from disk.
+When data is read from the remote this is buffered to disk as well.
+.PP
+In this mode the files in the cache will be sparse files and rclone will
+keep track of which bits of the files it has downloaded.
+.PP
+So if an application only reads the starts of each file, then rclone
+will only buffer the start of the file.
+These files will appear to be their full size in the cache, but they
+will be sparse files with only the data that has been downloaded present
+in them.
+.PP
+This mode should support all normal file system operations and is
+otherwise identical to \f[C]--vfs-cache-mode\f[R] writes.
+.PP
+When reading a file rclone will read \f[C]--buffer-size\f[R] plus
+\f[C]--vfs-read-ahead\f[R] bytes ahead.
+The \f[C]--buffer-size\f[R] is buffered in memory whereas the
+\f[C]--vfs-read-ahead\f[R] is buffered on disk.
+.PP
+When using this mode it is recommended that \f[C]--buffer-size\f[R] is
+not set too large and \f[C]--vfs-read-ahead\f[R] is set large if
+required.
+.PP
+\f[B]IMPORTANT\f[R] not all file systems support sparse files.
+In particular FAT/exFAT do not.
+Rclone will perform very badly if the cache directory is on a filesystem
+which doesn\[aq]t support sparse files and it will log an ERROR message
+if one is detected.
+.SS Fingerprinting
+.PP
+Various parts of the VFS use fingerprinting to see if a local file copy
+has changed relative to a remote file.
+Fingerprints are made from:
+.IP \[bu] 2
+size
+.IP \[bu] 2
+modification time
+.IP \[bu] 2
+hash
+.PP
+where available on an object.
+.PP
+On some backends some of these attributes are slow to read (they take an
+extra API call per object, or extra work per object).
+.PP
+For example \f[C]hash\f[R] is slow with the \f[C]local\f[R] and
+\f[C]sftp\f[R] backends as they have to read the entire file and hash
+it, and \f[C]modtime\f[R] is slow with the \f[C]s3\f[R],
+\f[C]swift\f[R], \f[C]ftp\f[R] and \f[C]qinqstor\f[R] backends because
+they need to do an extra API call to fetch it.
+.PP
+If you use the \f[C]--vfs-fast-fingerprint\f[R] flag then rclone will
+not include the slow operations in the fingerprint.
+This makes the fingerprinting less accurate but much faster and will
+improve the opening time of cached files.
+.PP
+If you are running a vfs cache over \f[C]local\f[R], \f[C]s3\f[R] or
+\f[C]swift\f[R] backends then using this flag is recommended.
+.PP
+Note that if you change the value of this flag, the fingerprints of the
+files in the cache may be invalidated and the files will need to be
+downloaded again.
+.SS VFS Chunked Reading
+.PP
+When rclone reads files from a remote it reads them in chunks.
+This means that rather than requesting the whole file rclone reads the
+chunk specified.
+This can reduce the used download quota for some remotes by requesting
+only chunks from the remote that are actually read, at the cost of an
+increased number of requests.
+.PP
+These flags control the chunking:
 .IP
 .nf
 \f[C]
-rclone copy \[dq]:http,url=\[aq]https://example.com\[aq]:path/to/dir\[dq] /tmp/dir
+--vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
+--vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
 \f[R]
 .fi
 .PP
-On Linux/macOS some characters are still interpreted inside
-\f[C]\[dq]\f[R] strings in the shell (notably \f[C]\[rs]\f[R] and
-\f[C]$\f[R] and \f[C]\[dq]\f[R]) so if your strings contain those you
-can swap the roles of \f[C]\[dq]\f[R] and \f[C]\[aq]\f[R] thus.
-(This syntax does not work on Windows.)
+Rclone will start reading a chunk of size
+\f[C]--vfs-read-chunk-size\f[R], and then double the size for each read.
+When \f[C]--vfs-read-chunk-size-limit\f[R] is specified, and greater
+than \f[C]--vfs-read-chunk-size\f[R], the chunk size for each open file
+will get doubled only until the specified value is reached.
+If the value is \[dq]off\[dq], which is the default, the limit is
+disabled and the chunk size will grow indefinitely.
+.PP
+With \f[C]--vfs-read-chunk-size 100M\f[R] and
+\f[C]--vfs-read-chunk-size-limit 0\f[R] the following parts will be
+downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on.
+When \f[C]--vfs-read-chunk-size-limit 500M\f[R] is specified, the result
+would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so
+on.
+.PP
+Setting \f[C]--vfs-read-chunk-size\f[R] to \f[C]0\f[R] or \[dq]off\[dq]
+disables chunked reading.
+.SS VFS Performance
+.PP
+These flags may be used to enable/disable features of the VFS for
+performance or other reasons.
+See also the chunked reading feature.
+.PP
+In particular S3 and Swift benefit hugely from the
+\f[C]--no-modtime\f[R] flag (or use \f[C]--use-server-modtime\f[R] for a
+slightly different effect) as each read of the modification time takes a
+transaction.
 .IP
 .nf
 \f[C]
-rclone copy \[aq]:http,url=\[dq]https://example.com\[dq]:path/to/dir\[aq] /tmp/dir
+--no-checksum     Don\[aq]t compare checksums on up/download.
+--no-modtime      Don\[aq]t read/write the modification time (can speed things up).
+--no-seek         Don\[aq]t allow seeking in files.
+--read-only       Only allow read-only access.
 \f[R]
 .fi
-.SS Connection strings, config and logging
 .PP
-If you supply extra configuration to a backend by command line flag,
-environment variable or connection string then rclone will add a suffix
-based on the hash of the config to the name of the remote, eg
+Sometimes rclone is delivered reads or writes out of order.
+Rather than seeking rclone will wait a short time for the in sequence
+read or write to come in.
+These flags only come into effect when not using an on disk cache file.
 .IP
 .nf
 \f[C]
-rclone -vv lsf --s3-chunk-size 20M s3:
+--vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
+--vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
 .PP
-Has the log message
+When using VFS write caching (\f[C]--vfs-cache-mode\f[R] with value
+writes or full), the global flag \f[C]--transfers\f[R] can be set to
+adjust the number of parallel uploads of modified files from the cache
+(the related global flag \f[C]--checkers\f[R] has no effect on the VFS).
 .IP
 .nf
 \f[C]
-DEBUG : s3: detected overridden config - adding \[dq]{Srj1p}\[dq] suffix to name
+--transfers int  Number of file transfers to run in parallel (default 4)
 \f[R]
 .fi
+.SS VFS Case Sensitivity
 .PP
-This is so rclone can tell the modified remote apart from the unmodified
-remote when caching the backends.
+Linux file systems are case-sensitive: two files can differ only by
+case, and the exact case must be used when opening a file.
 .PP
-This should only be noticeable in the logs.
+File systems in modern Windows are case-insensitive but case-preserving:
+although existing files can be opened using any case, the exact case
+used to create the file is preserved and available for programs to
+query.
+It is not allowed for two files in the same directory to differ only by
+case.
 .PP
-This means that on the fly backends such as
-.IP
-.nf
-\f[C]
-rclone -vv lsf :s3,env_auth:
-\f[R]
-.fi
+Usually file systems on macOS are case-insensitive.
+It is possible to make macOS file systems case-sensitive but that is not
+the default.
 .PP
-Will get their own names
+The \f[C]--vfs-case-insensitive\f[R] VFS flag controls how rclone
+handles these two cases.
+If its value is \[dq]false\[dq], rclone passes file names to the remote
+as-is.
+If the flag is \[dq]true\[dq] (or appears without a value on the command
+line), rclone may perform a \[dq]fixup\[dq] as explained below.
+.PP
+The user may specify a file name to open/delete/rename/etc with a case
+different than what is stored on the remote.
+If an argument refers to an existing file with exactly the same name,
+then the case of the existing file on the disk will be used.
+However, if a file name with exactly the same name is not found but a
+name differing only by case exists, rclone will transparently fixup the
+name.
+This fixup happens only when an existing file is requested.
+Case sensitivity of file names created anew by rclone is controlled by
+the underlying remote.
+.PP
+Note that case sensitivity of the operating system running rclone (the
+target) may differ from case sensitivity of a file system presented by
+rclone (the source).
+The flag controls whether \[dq]fixup\[dq] is performed to satisfy the
+target.
+.PP
+If the flag is not provided on the command line, then its default value
+depends on the operating system where rclone runs: \[dq]true\[dq] on
+Windows and macOS, \[dq]false\[dq] otherwise.
+If the flag is provided without a value, then it is \[dq]true\[dq].
+.SS VFS Disk Options
+.PP
+This flag allows you to manually set the statistics about the filing
+system.
+It can be useful when those statistics cannot be read correctly
+automatically.
 .IP
 .nf
 \f[C]
-DEBUG : :s3: detected overridden config - adding \[dq]{YTu53}\[dq] suffix to name
+--vfs-disk-space-total-size    Manually set the total disk space size (example: 256G, default: -1)
 \f[R]
 .fi
-.SS Valid remote names
+.SS Alternate report of used bytes
 .PP
-Remote names are case sensitive, and must adhere to the following rules:
-- May contain number, letter, \f[C]_\f[R], \f[C]-\f[R], \f[C].\f[R],
-\f[C]+\f[R], \f[C]\[at]\f[R] and space.
-- May not start with \f[C]-\f[R] or space.
-- May not end with space.
+Some backends, most notably S3, do not report the amount of bytes used.
+If you need this information to be available when running \f[C]df\f[R]
+on the filesystem, then pass the flag \f[C]--vfs-used-is-size\f[R] to
+rclone.
+With this flag set, instead of relying on the backend to report this
+information, rclone will scan the whole remote similar to
+\f[C]rclone size\f[R] and compute the total used space itself.
 .PP
-Starting with rclone version 1.61, any Unicode numbers and letters are
-allowed, while in older versions it was limited to plain ASCII (0-9,
-A-Z, a-z).
-If you use the same rclone configuration from different shells, which
-may be configured with different character encoding, you must be
-cautious to use characters that are possible to write in all of them.
-This is mostly a problem on Windows, where the console traditionally
-uses a non-Unicode character set - defined by the so-called \[dq]code
-page\[dq].
-.SS Quoting and the shell
+\f[I]WARNING.\f[R] Contrary to \f[C]rclone size\f[R], this flag ignores
+filters so that the result is accurate.
+However, this is very inefficient and may cost lots of API calls
+resulting in extra charges.
+Use it as a last resort and only with caching.
+.SS Auth Proxy
 .PP
-When you are typing commands to your computer you are using something
-called the command line shell.
-This interprets various characters in an OS specific way.
+If you supply the parameter \f[C]--auth-proxy /path/to/program\f[R] then
+rclone will use that program to generate backends on the fly which then
+are used to authenticate incoming requests.
+This uses a simple JSON based protocol with input on STDIN and output on
+STDOUT.
 .PP
-Here are some gotchas which may help users unfamiliar with the shell
-rules
-.SS Linux / OSX
+\f[B]PLEASE NOTE:\f[R] \f[C]--auth-proxy\f[R] and
+\f[C]--authorized-keys\f[R] cannot be used together, if
+\f[C]--auth-proxy\f[R] is set the authorized keys option will be
+ignored.
 .PP
-If your names have spaces or shell metacharacters (e.g.
-\f[C]*\f[R], \f[C]?\f[R], \f[C]$\f[R], \f[C]\[aq]\f[R], \f[C]\[dq]\f[R],
-etc.) then you must quote them.
-Use single quotes \f[C]\[aq]\f[R] by default.
+There is an example program
+bin/test_proxy.py (https://github.com/rclone/rclone/blob/master/test_proxy.py)
+in the rclone source code.
+.PP
+The program\[aq]s job is to take a \f[C]user\f[R] and \f[C]pass\f[R] on
+the input and turn those into the config for a backend on STDOUT in JSON
+format.
+This config will have any default parameters for the backend added, but
+it won\[aq]t use configuration from environment variables or command
+line options - it is the job of the proxy program to make a complete
+config.
+.PP
+This config generated must have this extra parameter - \f[C]_root\f[R] -
+root to use for the backend
+.PP
+And it may have this parameter - \f[C]_obscure\f[R] - comma separated
+strings for parameters to obscure
+.PP
+If password authentication was used by the client, input to the proxy
+process (on STDIN) would look similar to this:
 .IP
 .nf
 \f[C]
-rclone copy \[aq]Important files?\[aq] remote:backup
+{
+    \[dq]user\[dq]: \[dq]me\[dq],
+    \[dq]pass\[dq]: \[dq]mypassword\[dq]
+}
 \f[R]
 .fi
 .PP
-If you want to send a \f[C]\[aq]\f[R] you will need to use
-\f[C]\[dq]\f[R], e.g.
+If public-key authentication was used by the client, input to the proxy
+process (on STDIN) would look similar to this:
 .IP
 .nf
 \f[C]
-rclone copy \[dq]O\[aq]Reilly Reviews\[dq] remote:backup
+{
+    \[dq]user\[dq]: \[dq]me\[dq],
+    \[dq]public_key\[dq]: \[dq]AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf\[dq]
+}
 \f[R]
 .fi
 .PP
-The rules for quoting metacharacters are complicated and if you want the
-full details you\[aq]ll have to consult the manual page for your shell.
-.SS Windows
-.PP
-If your names have spaces in you need to put them in \f[C]\[dq]\f[R],
-e.g.
+And as an example return this on STDOUT
 .IP
 .nf
 \f[C]
-rclone copy \[dq]E:\[rs]folder name\[rs]folder name\[rs]folder name\[dq] remote:backup
+{
+    \[dq]type\[dq]: \[dq]sftp\[dq],
+    \[dq]_root\[dq]: \[dq]\[dq],
+    \[dq]_obscure\[dq]: \[dq]pass\[dq],
+    \[dq]user\[dq]: \[dq]me\[dq],
+    \[dq]pass\[dq]: \[dq]mypassword\[dq],
+    \[dq]host\[dq]: \[dq]sftp.example.com\[dq]
+}
 \f[R]
 .fi
 .PP
-If you are using the root directory on its own then don\[aq]t quote it
-(see #464 (https://github.com/rclone/rclone/issues/464) for why), e.g.
+This would mean that an SFTP backend would be created on the fly for the
+\f[C]user\f[R] and \f[C]pass\f[R]/\f[C]public_key\f[R] returned in the
+output to the host given.
+Note that since \f[C]_obscure\f[R] is set to \f[C]pass\f[R], rclone will
+obscure the \f[C]pass\f[R] parameter before creating the backend (which
+is required for sftp backends).
+.PP
+The program can manipulate the supplied \f[C]user\f[R] in any way, for
+example to make proxy to many different sftp backends, you could make
+the \f[C]user\f[R] be \f[C]user\[at]example.com\f[R] and then set the
+\f[C]host\f[R] to \f[C]example.com\f[R] in the output and the user to
+\f[C]user\f[R].
+For security you\[aq]d probably want to restrict the \f[C]host\f[R] to a
+limited list.
+.PP
+Note that an internal cache is keyed on \f[C]user\f[R] so only use that
+for configuration, don\[aq]t use \f[C]pass\f[R] or \f[C]public_key\f[R].
+This also means that if a user\[aq]s password or public-key is changed
+the cache will need to expire (which takes 5 mins) before it takes
+effect.
+.PP
+This can be used to build general purpose proxies to any kind of backend
+that rclone supports.
 .IP
 .nf
 \f[C]
-rclone copy E:\[rs] remote:backup
+rclone serve webdav remote:path [flags]
 \f[R]
 .fi
-.SS Copying files or directories with \f[C]:\f[R] in the names
-.PP
-rclone uses \f[C]:\f[R] to mark a remote name.
-This is, however, a valid filename component in non-Windows OSes.
-The remote name parser will only search for a \f[C]:\f[R] up to the
-first \f[C]/\f[R] so if you need to act on a file or directory like this
-then use the full path starting with a \f[C]/\f[R], or use \f[C]./\f[R]
-as a current directory prefix.
-.PP
-So to sync a directory called \f[C]sync:me\f[R] to a remote called
-\f[C]remote:\f[R] use
+.SS Options
 .IP
 .nf
 \f[C]
-rclone sync --interactive ./sync:me remote:path
+      --addr stringArray                       IPaddress:Port or :Port to bind server to (default [127.0.0.1:8080])
+      --allow-origin string                    Origin which cross-domain request (CORS) can be executed from
+      --auth-proxy string                      A program to use to create the backend from the auth
+      --baseurl string                         Prefix for URLs - leave blank for root
+      --cert string                            TLS PEM key (concatenation of certificate and CA certificate)
+      --client-ca string                       Client certificate authority to verify clients with
+      --dir-cache-time Duration                Time to cache directory entries for (default 5m0s)
+      --dir-perms FileMode                     Directory permissions (default 0777)
+      --disable-dir-list                       Disable HTML directory list on GET request for a directory
+      --etag-hash string                       Which hash to use for the ETag, or auto or blank for off
+      --file-perms FileMode                    File permissions (default 0666)
+      --gid uint32                             Override the gid field set by the filesystem (not supported on Windows) (default 1000)
+  -h, --help                                   help for webdav
+      --htpasswd string                        A htpasswd file - if not provided no authentication is done
+      --key string                             TLS PEM Private key
+      --max-header-bytes int                   Maximum size of request header (default 4096)
+      --min-tls-version string                 Minimum TLS version that is acceptable (default \[dq]tls1.0\[dq])
+      --no-checksum                            Don\[aq]t compare checksums on up/download
+      --no-modtime                             Don\[aq]t read/write the modification time (can speed things up)
+      --no-seek                                Don\[aq]t allow seeking in files
+      --pass string                            Password for authentication
+      --poll-interval Duration                 Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable) (default 1m0s)
+      --read-only                              Only allow read-only access
+      --realm string                           Realm for authentication
+      --salt string                            Password hashing salt (default \[dq]dlPL2MqE\[dq])
+      --server-read-timeout Duration           Timeout for server reading data (default 1h0m0s)
+      --server-write-timeout Duration          Timeout for server writing data (default 1h0m0s)
+      --template string                        User-specified template
+      --uid uint32                             Override the uid field set by the filesystem (not supported on Windows) (default 1000)
+      --umask int                              Override the permission bits set by the filesystem (not supported on Windows) (default 2)
+      --user string                            User name for authentication
+      --vfs-cache-max-age Duration             Max time since last access of objects in the cache (default 1h0m0s)
+      --vfs-cache-max-size SizeSuffix          Max total size of objects in the cache (default off)
+      --vfs-cache-min-free-space SizeSuffix    Target minimum free space on the disk containing the cache (default off)
+      --vfs-cache-mode CacheMode               Cache mode off|minimal|writes|full (default off)
+      --vfs-cache-poll-interval Duration       Interval to poll the cache for stale objects (default 1m0s)
+      --vfs-case-insensitive                   If a file name not found, find a case insensitive match
+      --vfs-disk-space-total-size SizeSuffix   Specify the total space of disk (default off)
+      --vfs-fast-fingerprint                   Use fast (less accurate) fingerprints for change detection
+      --vfs-read-ahead SizeSuffix              Extra read ahead over --buffer-size when using cache-mode full
+      --vfs-read-chunk-size SizeSuffix         Read the source objects in chunks (default 128Mi)
+      --vfs-read-chunk-size-limit SizeSuffix   If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached (\[aq]off\[aq] is unlimited) (default off)
+      --vfs-read-wait Duration                 Time to wait for in-sequence read before seeking (default 20ms)
+      --vfs-refresh                            Refreshes the directory cache recursively on start
+      --vfs-used-is-size rclone size           Use the rclone size algorithm for Used size
+      --vfs-write-back Duration                Time to writeback files after last use when using cache (default 5s)
+      --vfs-write-wait Duration                Time to wait for in-sequence write before giving error (default 1s)
 \f[R]
 .fi
+.SS Filter Options
 .PP
-or
+Flags for filtering directory listings.
 .IP
 .nf
 \f[C]
-rclone sync --interactive /full/path/to/sync:me remote:path
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 \f[R]
 .fi
-.SS Server Side Copy
 .PP
-Most remotes (but not all - see the
-overview (https://rclone.org/overview/#optional-features)) support
-server-side copy.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone serve (https://rclone.org/commands/rclone_serve/) - Serve a
+remote over a protocol.
+.SH rclone settier
 .PP
-This means if you want to copy one folder to another then rclone
-won\[aq]t download all the files and re-upload them; it will instruct
-the server to copy them in place.
+Changes storage class/tier of objects in remote.
+.SS Synopsis
 .PP
-Eg
+rclone settier changes storage tier or class at remote if supported.
+Few cloud storage services provides different storage classes on
+objects, for example AWS S3 and Glacier, Azure Blob storage - Hot, Cool
+and Archive, Google Cloud Storage, Regional Storage, Nearline, Coldline
+etc.
+.PP
+Note that, certain tier changes make objects not available to access
+immediately.
+For example tiering to archive in azure blob storage makes objects in
+frozen state, user can restore by setting tier to Hot/Cool, similarly S3
+to Glacier makes object inaccessible.true
+.PP
+You can use it to tier single object
 .IP
 .nf
 \f[C]
-rclone copy s3:oldbucket s3:newbucket
+rclone settier Cool remote:path/file
 \f[R]
 .fi
 .PP
-Will copy the contents of \f[C]oldbucket\f[R] to \f[C]newbucket\f[R]
-without downloading and re-uploading.
-.PP
-Remotes which don\[aq]t support server-side copy \f[B]will\f[R] download
-and re-upload in this case.
-.PP
-Server side copies are used with \f[C]sync\f[R] and \f[C]copy\f[R] and
-will be identified in the log when using the \f[C]-v\f[R] flag.
-The \f[C]move\f[R] command may also use them if remote doesn\[aq]t
-support server-side move directly.
-This is done by issuing a server-side copy then a delete which is much
-quicker than a download and re-upload.
-.PP
-Server side copies will only be attempted if the remote names are the
-same.
+Or use rclone filters to set tier on only specific files
+.IP
+.nf
+\f[C]
+rclone --include \[dq]*.txt\[dq] settier Hot remote:path/dir
+\f[R]
+.fi
 .PP
-This can be used when scripting to make aged backups efficiently, e.g.
+Or just provide remote directory and all files in directory will be
+tiered
 .IP
 .nf
 \f[C]
-rclone sync --interactive remote:current-backup remote:previous-backup
-rclone sync --interactive /path/to/files remote:current-backup
+rclone settier tier remote:path/dir
+\f[R]
+.fi
+.IP
+.nf
+\f[C]
+rclone settier tier remote:path [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+  -h, --help   help for settier
 \f[R]
 .fi
-.SS Metadata support
 .PP
-Metadata is data about a file which isn\[aq]t the contents of the file.
-Normally rclone only preserves the modification time and the content
-(MIME) type where possible.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone (https://rclone.org/commands/rclone/) - Show help for rclone
+commands, flags and backends.
+.SH rclone test
 .PP
-Rclone supports preserving all the available metadata on files (not
-directories) when using the \f[C]--metadata\f[R] or \f[C]-M\f[R] flag.
+Run a test command
+.SS Synopsis
 .PP
-Exactly what metadata is supported and what that support means depends
-on the backend.
-Backends that support metadata have a metadata section in their docs and
-are listed in the features table (https://rclone.org/overview/#features)
-(Eg local (https://rclone.org/local/#metadata), s3)
+Rclone test is used to run test commands.
 .PP
-Rclone only supports a one-time sync of metadata.
-This means that metadata will be synced from the source object to the
-destination object only when the source object has changed and needs to
-be re-uploaded.
-If the metadata subsequently changes on the source object without
-changing the object itself then it won\[aq]t be synced to the
-destination object.
-This is in line with the way rclone syncs \f[C]Content-Type\f[R] without
-the \f[C]--metadata\f[R] flag.
+Select which test command you want with the subcommand, eg
+.IP
+.nf
+\f[C]
+rclone test memory remote:
+\f[R]
+.fi
 .PP
-Using \f[C]--metadata\f[R] when syncing from local to local will
-preserve file attributes such as file mode, owner, extended attributes
-(not Windows).
+Each subcommand has its own options which you can see in their help.
 .PP
-Note that arbitrary metadata may be added to objects using the
-\f[C]--metadata-set key=value\f[R] flag when the object is first
-uploaded.
-This flag can be repeated as many times as necessary.
-.SS Types of metadata
+\f[B]NB\f[R] Be careful running these commands, they may do strange
+things so reading their documentation first is recommended.
+.SS Options
+.IP
+.nf
+\f[C]
+  -h, --help   help for test
+\f[R]
+.fi
 .PP
-Metadata is divided into two type.
-System metadata and User metadata.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone (https://rclone.org/commands/rclone/) - Show help for rclone
+commands, flags and backends.
+.IP \[bu] 2
+rclone test
+changenotify (https://rclone.org/commands/rclone_test_changenotify/) -
+Log any change notify requests for the remote passed in.
+.IP \[bu] 2
+rclone test
+histogram (https://rclone.org/commands/rclone_test_histogram/) - Makes a
+histogram of file name characters.
+.IP \[bu] 2
+rclone test info (https://rclone.org/commands/rclone_test_info/) -
+Discovers file name or other limitations for paths.
+.IP \[bu] 2
+rclone test makefile (https://rclone.org/commands/rclone_test_makefile/)
+- Make files with random contents of the size given
+.IP \[bu] 2
+rclone test
+makefiles (https://rclone.org/commands/rclone_test_makefiles/) - Make a
+random file hierarchy in a directory
+.IP \[bu] 2
+rclone test memory (https://rclone.org/commands/rclone_test_memory/) -
+Load all the objects at remote:path into memory and report memory stats.
+.SH rclone test changenotify
 .PP
-Metadata which the backend uses itself is called system metadata.
-For example on the local backend the system metadata \f[C]uid\f[R] will
-store the user ID of the file when used on a unix based platform.
+Log any change notify requests for the remote passed in.
+.IP
+.nf
+\f[C]
+rclone test changenotify remote: [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+  -h, --help                     help for changenotify
+      --poll-interval Duration   Time to wait between polling for changes (default 10s)
+\f[R]
+.fi
 .PP
-Arbitrary metadata is called user metadata and this can be set however
-is desired.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone test (https://rclone.org/commands/rclone_test/) - Run a test
+command
+.SH rclone test histogram
 .PP
-When objects are copied from backend to backend, they will attempt to
-interpret system metadata if it is supplied.
-Metadata may change from being user metadata to system metadata as
-objects are copied between different backends.
-For example copying an object from s3 sets the \f[C]content-type\f[R]
-metadata.
-In a backend which understands this (like \f[C]azureblob\f[R]) this will
-become the Content-Type of the object.
-In a backend which doesn\[aq]t understand this (like the \f[C]local\f[R]
-backend) this will become user metadata.
-However should the local object be copied back to s3, the Content-Type
-will be set correctly.
-.SS Metadata framework
+Makes a histogram of file name characters.
+.SS Synopsis
 .PP
-Rclone implements a metadata framework which can read metadata from an
-object and write it to the object when (and only when) it is being
-uploaded.
+This command outputs JSON which shows the histogram of characters used
+in filenames in the remote:path specified.
 .PP
-This metadata is stored as a dictionary with string keys and string
-values.
+The data doesn\[aq]t contain any identifying information but is useful
+for the rclone developers when developing filename compression.
+.IP
+.nf
+\f[C]
+rclone test histogram [remote:path] [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+  -h, --help   help for histogram
+\f[R]
+.fi
 .PP
-There are some limits on the names of the keys (these may be clarified
-further in the future).
-.IP \[bu] 2
-must be lower case
-.IP \[bu] 2
-may be \f[C]a-z\f[R] \f[C]0-9\f[R] containing \f[C].\f[R] \f[C]-\f[R] or
-\f[C]_\f[R]
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
 .IP \[bu] 2
-length is backend dependent
-.PP
-Each backend can provide system metadata that it understands.
-Some backends can also store arbitrary user metadata.
+rclone test (https://rclone.org/commands/rclone_test/) - Run a test
+command
+.SH rclone test info
 .PP
-Where possible the key names are standardized, so, for example, it is
-possible to copy object metadata from s3 to azureblob for example and
-metadata will be translated appropriately.
+Discovers file name or other limitations for paths.
+.SS Synopsis
 .PP
-Some backends have limits on the size of the metadata and rclone will
-give errors on upload if they are exceeded.
-.SS Metadata preservation
+rclone info discovers what filenames and upload methods are possible to
+write to the paths passed in and how long they can be.
+It can take some time.
+It will write test files into the remote:path passed in.
+It outputs a bit of go code for each one.
 .PP
-The goal of the implementation is to
-.IP "1." 3
-Preserve metadata if at all possible
-.IP "2." 3
-Interpret metadata if at all possible
+\f[B]NB\f[R] this can create undeletable files and other hazards - use
+with care
+.IP
+.nf
+\f[C]
+rclone test info [remote:path]+ [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+      --all                    Run all tests
+      --check-base32768        Check can store all possible base32768 characters
+      --check-control          Check control characters
+      --check-length           Check max filename length
+      --check-normalization    Check UTF-8 Normalization
+      --check-streaming        Check uploads with indeterminate file size
+  -h, --help                   help for info
+      --upload-wait Duration   Wait after writing a file (default 0s)
+      --write-json string      Write results to file
+\f[R]
+.fi
 .PP
-The consequences of 1 is that you can copy an S3 object to a local disk
-then back to S3 losslessly.
-Likewise you can copy a local file with file attributes and xattrs from
-local disk to s3 and back again losslessly.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone test (https://rclone.org/commands/rclone_test/) - Run a test
+command
+.SH rclone test makefile
 .PP
-The consequence of 2 is that you can copy an S3 object with metadata to
-Azureblob (say) and have the metadata appear on the Azureblob object
-also.
-.SS Standard system metadata
+Make files with random contents of the size given
+.IP
+.nf
+\f[C]
+rclone test makefile <size> [<file>]+ [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+      --ascii      Fill files with random ASCII printable bytes only
+      --chargen    Fill files with a ASCII chargen pattern
+  -h, --help       help for makefile
+      --pattern    Fill files with a periodic pattern
+      --seed int   Seed for the random number generator (0 for random) (default 1)
+      --sparse     Make the files sparse (appear to be filled with ASCII 0x00)
+      --zero       Fill files with ASCII 0x00
+\f[R]
+.fi
 .PP
-Here is a table of standard system metadata which, if appropriate, a
-backend may implement.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone test (https://rclone.org/commands/rclone_test/) - Run a test
+command
+.SH rclone test makefiles
 .PP
-.TS
-tab(@);
-lw(34.2n) lw(21.2n) lw(14.7n).
-T{
-key
-T}@T{
-description
-T}@T{
-example
-T}
-_
-T{
-mode
-T}@T{
-File type and mode: octal, unix style
-T}@T{
-0100664
-T}
-T{
-uid
-T}@T{
-User ID of owner: decimal number
-T}@T{
-500
-T}
-T{
-gid
-T}@T{
-Group ID of owner: decimal number
-T}@T{
-500
-T}
-T{
-rdev
-T}@T{
-Device ID (if special file) => hexadecimal
-T}@T{
-0
-T}
-T{
-atime
-T}@T{
-Time of last access: RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z07:00
-T}
-T{
-mtime
-T}@T{
-Time of last modification: RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z07:00
-T}
-T{
-btime
-T}@T{
-Time of file creation (birth): RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z07:00
-T}
-T{
-cache-control
-T}@T{
-Cache-Control header
-T}@T{
-no-cache
-T}
-T{
-content-disposition
-T}@T{
-Content-Disposition header
-T}@T{
-inline
-T}
-T{
-content-encoding
-T}@T{
-Content-Encoding header
-T}@T{
-gzip
-T}
-T{
-content-language
-T}@T{
-Content-Language header
-T}@T{
-en-US
-T}
-T{
-content-type
-T}@T{
-Content-Type header
-T}@T{
-text/plain
-T}
-.TE
+Make a random file hierarchy in a directory
+.IP
+.nf
+\f[C]
+rclone test makefiles <dir> [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+      --ascii                      Fill files with random ASCII printable bytes only
+      --chargen                    Fill files with a ASCII chargen pattern
+      --files int                  Number of files to create (default 1000)
+      --files-per-directory int    Average number of files per directory (default 10)
+  -h, --help                       help for makefiles
+      --max-depth int              Maximum depth of directory hierarchy (default 10)
+      --max-file-size SizeSuffix   Maximum size of files to create (default 100)
+      --max-name-length int        Maximum size of file names (default 12)
+      --min-file-size SizeSuffix   Minimum size of file to create
+      --min-name-length int        Minimum size of file names (default 4)
+      --pattern                    Fill files with a periodic pattern
+      --seed int                   Seed for the random number generator (0 for random) (default 1)
+      --sparse                     Make the files sparse (appear to be filled with ASCII 0x00)
+      --zero                       Fill files with ASCII 0x00
+\f[R]
+.fi
 .PP
-The metadata keys \f[C]mtime\f[R] and \f[C]content-type\f[R] will take
-precedence if supplied in the metadata over reading the
-\f[C]Content-Type\f[R] or modification time of the source object.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone test (https://rclone.org/commands/rclone_test/) - Run a test
+command
+.SH rclone test memory
 .PP
-Hashes are not included in system metadata as there is a well defined
-way of reading those already.
+Load all the objects at remote:path into memory and report memory stats.
+.IP
+.nf
+\f[C]
+rclone test memory remote:path [flags]
+\f[R]
+.fi
 .SS Options
+.IP
+.nf
+\f[C]
+  -h, --help   help for memory
+\f[R]
+.fi
 .PP
-Rclone has a number of options to control its behaviour.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone test (https://rclone.org/commands/rclone_test/) - Run a test
+command
+.SH rclone touch
 .PP
-Options that take parameters can have the values passed in two ways,
-\f[C]--option=value\f[R] or \f[C]--option value\f[R].
-However boolean (true/false) options behave slightly differently to the
-other options in that \f[C]--boolean\f[R] sets the option to
-\f[C]true\f[R] and the absence of the flag sets it to \f[C]false\f[R].
-It is also possible to specify \f[C]--boolean=false\f[R] or
-\f[C]--boolean=true\f[R].
-Note that \f[C]--boolean false\f[R] is not valid - this is parsed as
-\f[C]--boolean\f[R] and the \f[C]false\f[R] is parsed as an extra
-command line argument for rclone.
-.SS Time or duration options
+Create new file or change file modification time.
+.SS Synopsis
 .PP
-TIME or DURATION options can be specified as a duration string or a time
-string.
+Set the modification time on file(s) as specified by remote:path to have
+the current time.
 .PP
-A duration string is a possibly signed sequence of decimal numbers, each
-with optional fraction and a unit suffix, such as \[dq]300ms\[dq],
-\[dq]-1.5h\[dq] or \[dq]2h45m\[dq].
-Default units are seconds or the following abbreviations are valid:
-.IP \[bu] 2
-\f[C]ms\f[R] - Milliseconds
-.IP \[bu] 2
-\f[C]s\f[R] - Seconds
-.IP \[bu] 2
-\f[C]m\f[R] - Minutes
-.IP \[bu] 2
-\f[C]h\f[R] - Hours
-.IP \[bu] 2
-\f[C]d\f[R] - Days
-.IP \[bu] 2
-\f[C]w\f[R] - Weeks
-.IP \[bu] 2
-\f[C]M\f[R] - Months
-.IP \[bu] 2
-\f[C]y\f[R] - Years
+If remote:path does not exist then a zero sized file will be created,
+unless \f[C]--no-create\f[R] or \f[C]--recursive\f[R] is provided.
 .PP
-These can also be specified as an absolute time in the following
-formats:
-.IP \[bu] 2
-RFC3339 - e.g.
-\f[C]2006-01-02T15:04:05Z\f[R] or \f[C]2006-01-02T15:04:05+07:00\f[R]
+If \f[C]--recursive\f[R] is used then recursively sets the modification
+time on all existing files that is found under the path.
+Filters are supported, and you can test with the \f[C]--dry-run\f[R] or
+the \f[C]--interactive\f[R]/\f[C]-i\f[R] flag.
+.PP
+If \f[C]--timestamp\f[R] is used then sets the modification time to that
+time instead of the current time.
+Times may be specified as one of:
 .IP \[bu] 2
-ISO8601 Date and time, local timezone - \f[C]2006-01-02T15:04:05\f[R]
+\[aq]YYMMDD\[aq] - e.g.
+17.10.30
 .IP \[bu] 2
-ISO8601 Date and time, local timezone - \f[C]2006-01-02 15:04:05\f[R]
+\[aq]YYYY-MM-DDTHH:MM:SS\[aq] - e.g.
+2006-01-02T15:04:05
 .IP \[bu] 2
-ISO8601 Date - \f[C]2006-01-02\f[R] (YYYY-MM-DD)
-.SS Size options
-.PP
-Options which use SIZE use KiB (multiples of 1024 bytes) by default.
-However, a suffix of \f[C]B\f[R] for Byte, \f[C]K\f[R] for KiB,
-\f[C]M\f[R] for MiB, \f[C]G\f[R] for GiB, \f[C]T\f[R] for TiB and
-\f[C]P\f[R] for PiB may be used.
-These are the binary units, e.g.
-1, 2**10, 2**20, 2**30 respectively.
-.SS --backup-dir=DIR
-.PP
-When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] any files
-which would have been overwritten or deleted are moved in their original
-hierarchy into this directory.
-.PP
-If \f[C]--suffix\f[R] is set, then the moved files will have the suffix
-added to them.
-If there is a file with the same path (after the suffix has been added)
-in DIR, then it will be overwritten.
-.PP
-The remote in use must support server-side move or copy and you must use
-the same remote as the destination of the sync.
-The backup directory must not overlap the destination directory without
-it being excluded by a filter rule.
+\[aq]YYYY-MM-DDTHH:MM:SS.SSS\[aq] - e.g.
+2006-01-02T15:04:05.123456789
 .PP
-For example
+Note that value of \f[C]--timestamp\f[R] is in UTC.
+If you want local time then add the \f[C]--localtime\f[R] flag.
 .IP
 .nf
 \f[C]
-rclone sync --interactive /path/to/local remote:current --backup-dir remote:old
+rclone touch remote:path [flags]
 \f[R]
 .fi
-.PP
-will sync \f[C]/path/to/local\f[R] to \f[C]remote:current\f[R], but for
-any files which would have been updated or deleted will be stored in
-\f[C]remote:old\f[R].
-.PP
-If running rclone from a script you might want to use today\[aq]s date
-as the directory name passed to \f[C]--backup-dir\f[R] to store the old
-files, or you might want to pass \f[C]--suffix\f[R] with today\[aq]s
-date.
-.PP
-See \f[C]--compare-dest\f[R] and \f[C]--copy-dest\f[R].
-.SS --bind string
-.PP
-Local address to bind to for outgoing connections.
-This can be an IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or
-host name.
-If the host name doesn\[aq]t resolve or resolves to more than one IP
-address it will give an error.
-.SS --bwlimit=BANDWIDTH_SPEC
-.PP
-This option controls the bandwidth limit.
-For example
+.SS Options
 .IP
 .nf
 \f[C]
---bwlimit 10M
+  -h, --help               help for touch
+      --localtime          Use localtime for timestamp, not UTC
+  -C, --no-create          Do not create the file if it does not exist (implied with --recursive)
+  -R, --recursive          Recursively touch all files
+  -t, --timestamp string   Use specified time instead of the current time of day
 \f[R]
 .fi
+.SS Important Options
 .PP
-would mean limit the upload and download bandwidth to 10 MiB/s.
-\f[B]NB\f[R] this is \f[B]bytes\f[R] per second not \f[B]bits\f[R] per
-second.
-To use a single limit, specify the desired bandwidth in KiB/s, or use a
-suffix B|K|M|G|T|P.
-The default is \f[C]0\f[R] which means to not limit bandwidth.
-.PP
-The upload and download bandwidth can be specified separately, as
-\f[C]--bwlimit UP:DOWN\f[R], so
+Important flags useful for most commands.
 .IP
 .nf
 \f[C]
---bwlimit 10M:100k
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
 \f[R]
 .fi
+.SS Filter Options
 .PP
-would mean limit the upload bandwidth to 10 MiB/s and the download
-bandwidth to 100 KiB/s.
-Either limit can be \[dq]off\[dq] meaning no limit, so to just limit the
-upload bandwidth you would use
+Flags for filtering directory listings.
 .IP
 .nf
 \f[C]
---bwlimit 10M:off
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
 \f[R]
 .fi
+.SS Listing Options
 .PP
-this would limit the upload bandwidth to 10 MiB/s but the download
-bandwidth would be unlimited.
-.PP
-When specified as above the bandwidth limits last for the duration of
-run of the rclone binary.
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
-It is also possible to specify a \[dq]timetable\[dq] of limits, which
-will cause certain limits to be applied at certain times.
-To specify a timetable, format your entries as
-\f[C]WEEKDAY-HH:MM,BANDWIDTH WEEKDAY-HH:MM,BANDWIDTH...\f[R] where:
-\f[C]WEEKDAY\f[R] is optional element.
-.IP \[bu] 2
-\f[C]BANDWIDTH\f[R] can be a single number, e.g.\f[C]100k\f[R] or a pair
-of numbers for upload:download, e.g.\f[C]10M:1M\f[R].
-.IP \[bu] 2
-\f[C]WEEKDAY\f[R] can be written as the whole word or only using the
-first 3 characters.
-It is optional.
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
 .IP \[bu] 2
-\f[C]HH:MM\f[R] is an hour from 00:00 to 23:59.
-.PP
-An example of a typical timetable to avoid link saturation during
-daytime working hours could be:
-.PP
-\f[C]--bwlimit \[dq]08:00,512k 12:00,10M 13:00,512k 18:00,30M 23:00,off\[dq]\f[R]
+rclone (https://rclone.org/commands/rclone/) - Show help for rclone
+commands, flags and backends.
+.SH rclone tree
 .PP
-In this example, the transfer bandwidth will be set to 512 KiB/s at 8am
-every day.
-At noon, it will rise to 10 MiB/s, and drop back to 512 KiB/sec at 1pm.
-At 6pm, the bandwidth limit will be set to 30 MiB/s, and at 11pm it will
-be completely disabled (full speed).
-Anything between 11pm and 8am will remain unlimited.
+List the contents of the remote in a tree like fashion.
+.SS Synopsis
 .PP
-An example of timetable with \f[C]WEEKDAY\f[R] could be:
+rclone tree lists the contents of a remote in a similar way to the unix
+tree command.
 .PP
-\f[C]--bwlimit \[dq]Mon-00:00,512 Fri-23:59,10M Sat-10:00,1M Sun-20:00,off\[dq]\f[R]
+For example
+.IP
+.nf
+\f[C]
+$ rclone tree remote:path
+/
+\[u251C]\[u2500]\[u2500] file1
+\[u251C]\[u2500]\[u2500] file2
+\[u251C]\[u2500]\[u2500] file3
+\[u2514]\[u2500]\[u2500] subdir
+    \[u251C]\[u2500]\[u2500] file4
+    \[u2514]\[u2500]\[u2500] file5
+
+1 directories, 5 files
+\f[R]
+.fi
 .PP
-It means that, the transfer bandwidth will be set to 512 KiB/s on
-Monday.
-It will rise to 10 MiB/s before the end of Friday.
-At 10:00 on Saturday it will be set to 1 MiB/s.
-From 20:00 on Sunday it will be unlimited.
+You can use any of the filtering options with the tree command (e.g.
+\f[C]--include\f[R] and \f[C]--exclude\f[R].
+You can also use \f[C]--fast-list\f[R].
 .PP
-Timeslots without \f[C]WEEKDAY\f[R] are extended to the whole week.
-So this example:
+The tree command has many options for controlling the listing which are
+compatible with the tree command, for example you can include file sizes
+with \f[C]--size\f[R].
+Note that not all of them have short options as they conflict with
+rclone\[aq]s short options.
 .PP
-\f[C]--bwlimit \[dq]Mon-00:00,512 12:00,1M Sun-20:00,off\[dq]\f[R]
+For a more interactive navigation of the remote see the
+ncdu (https://rclone.org/commands/rclone_ncdu/) command.
+.IP
+.nf
+\f[C]
+rclone tree remote:path [flags]
+\f[R]
+.fi
+.SS Options
+.IP
+.nf
+\f[C]
+  -a, --all             All files are listed (list . files too)
+  -d, --dirs-only       List directories only
+      --dirsfirst       List directories before files (-U disables)
+      --full-path       Print the full path prefix for each file
+  -h, --help            help for tree
+      --level int       Descend only level directories deep
+  -D, --modtime         Print the date of last modification.
+      --noindent        Don\[aq]t print indentation lines
+      --noreport        Turn off file/directory count at end of tree listing
+  -o, --output string   Output to file instead of stdout
+  -p, --protections     Print the protections for each file.
+  -Q, --quote           Quote filenames with double quotes.
+  -s, --size            Print the size in bytes of each file.
+      --sort string     Select sort: name,version,size,mtime,ctime
+      --sort-ctime      Sort files by last status change time
+  -t, --sort-modtime    Sort files by last modification time
+  -r, --sort-reverse    Reverse the order of the sort
+  -U, --unsorted        Leave files unsorted
+      --version         Sort files alphanumerically by version
+\f[R]
+.fi
+.SS Filter Options
 .PP
-Is equivalent to this:
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing Options
 .PP
-\f[C]--bwlimit \[dq]Mon-00:00,512Mon-12:00,1M Tue-12:00,1M Wed-12:00,1M Thu-12:00,1M Fri-12:00,1M Sat-12:00,1M Sun-12:00,1M Sun-20:00,off\[dq]\f[R]
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
 .PP
-Bandwidth limit apply to the data transfer for all backends.
-For most backends the directory listing bandwidth is also included
-(exceptions being the non HTTP backends, \f[C]ftp\f[R], \f[C]sftp\f[R]
-and \f[C]storj\f[R]).
+See the global flags page (https://rclone.org/flags/) for global options
+not listed here.
+.SH SEE ALSO
+.IP \[bu] 2
+rclone (https://rclone.org/commands/rclone/) - Show help for rclone
+commands, flags and backends.
+.SS Copying single files
 .PP
-Note that the units are \f[B]Byte/s\f[R], not \f[B]bit/s\f[R].
-Typically connections are measured in bit/s - to convert divide by 8.
-For example, let\[aq]s say you have a 10 Mbit/s connection and you wish
-rclone to use half of it - 5 Mbit/s.
-This is 5/8 = 0.625 MiB/s so you would use a \f[C]--bwlimit 0.625M\f[R]
-parameter for rclone.
+rclone normally syncs or copies directories.
+However, if the source remote points to a file, rclone will just copy
+that file.
+The destination remote must point to a directory - rclone will give the
+error
+\f[C]Failed to create file system for \[dq]remote:file\[dq]: is a file not a directory\f[R]
+if it isn\[aq]t.
 .PP
-On Unix systems (Linux, macOS, \&...) the bandwidth limiter can be
-toggled by sending a \f[C]SIGUSR2\f[R] signal to rclone.
-This allows to remove the limitations of a long running rclone transfer
-and to restore it back to the value specified with \f[C]--bwlimit\f[R]
-quickly when needed.
-Assuming there is only one rclone instance running, you can toggle the
-limiter like this:
+For example, suppose you have a remote with a file in called
+\f[C]test.jpg\f[R], then you could copy just that file like this
 .IP
 .nf
 \f[C]
-kill -SIGUSR2 $(pidof rclone)
+rclone copy remote:test.jpg /tmp/download
 \f[R]
 .fi
 .PP
-If you configure rclone with a remote control then you can use change
-the bwlimit dynamically:
+The file \f[C]test.jpg\f[R] will be placed inside
+\f[C]/tmp/download\f[R].
+.PP
+This is equivalent to specifying
 .IP
 .nf
 \f[C]
-rclone rc core/bwlimit rate=1M
+rclone copy --files-from /tmp/files remote: /tmp/download
 \f[R]
 .fi
-.SS --bwlimit-file=BANDWIDTH_SPEC
-.PP
-This option controls per file bandwidth limit.
-For the options see the \f[C]--bwlimit\f[R] flag.
 .PP
-For example use this to allow no transfers to be faster than 1 MiB/s
+Where \f[C]/tmp/files\f[R] contains the single line
 .IP
 .nf
 \f[C]
---bwlimit-file 1M
+test.jpg
 \f[R]
 .fi
 .PP
-This can be used in conjunction with \f[C]--bwlimit\f[R].
+It is recommended to use \f[C]copy\f[R] when copying individual files,
+not \f[C]sync\f[R].
+They have pretty much the same effect but \f[C]copy\f[R] will use a lot
+less memory.
+.SS Syntax of remote paths
 .PP
-Note that if a schedule is provided the file will use the schedule in
-effect at the start of the transfer.
-.SS --buffer-size=SIZE
+The syntax of the paths passed to the rclone command are as follows.
+.SS /path/to/dir
 .PP
-Use this sized buffer to speed up file transfers.
-Each \f[C]--transfer\f[R] will use this much memory for buffering.
+This refers to the local file system.
 .PP
-When using \f[C]mount\f[R] or \f[C]cmount\f[R] each open file descriptor
-will use this much memory for buffering.
-See the mount (https://rclone.org/commands/rclone_mount/#file-buffering)
-documentation for more details.
-.PP
-Set to \f[C]0\f[R] to disable the buffering for the minimum memory
-usage.
-.PP
-Note that the memory allocation of the buffers is influenced by the
---use-mmap flag.
-.SS --cache-dir=DIR
-.PP
-Specify the directory rclone will use for caching, to override the
-default.
-.PP
-Default value is depending on operating system: - Windows
-\f[C]%LocalAppData%\[rs]rclone\f[R], if \f[C]LocalAppData\f[R] is
-defined.
-- macOS \f[C]$HOME/Library/Caches/rclone\f[R] if \f[C]HOME\f[R] is
-defined.
-- Unix \f[C]$XDG_CACHE_HOME/rclone\f[R] if \f[C]XDG_CACHE_HOME\f[R] is
-defined, else \f[C]$HOME/.cache/rclone\f[R] if \f[C]HOME\f[R] is
-defined.
-- Fallback (on all OS) to \f[C]$TMPDIR/rclone\f[R], where
-\f[C]TMPDIR\f[R] is the value from --temp-dir.
-.PP
-You can use the config
-paths (https://rclone.org/commands/rclone_config_paths/) command to see
-the current value.
-.PP
-Cache directory is heavily used by the VFS File
-Caching (https://rclone.org/commands/rclone_mount/#vfs-file-caching)
-mount feature, but also by
-serve (https://rclone.org/commands/rclone_serve/), GUI and other parts
-of rclone.
-.SS --check-first
-.PP
-If this flag is set then in a \f[C]sync\f[R], \f[C]copy\f[R] or
-\f[C]move\f[R], rclone will do all the checks to see whether files need
-to be transferred before doing any of the transfers.
-Normally rclone would start running transfers as soon as possible.
-.PP
-This flag can be useful on IO limited systems where transfers interfere
-with checking.
-.PP
-It can also be useful to ensure perfect ordering when using
-\f[C]--order-by\f[R].
-.PP
-If both \f[C]--check-first\f[R] and \f[C]--order-by\f[R] are set when
-doing \f[C]rclone move\f[R] then rclone will use the transfer thread to
-delete source files which don\[aq]t need transferring.
-This will enable perfect ordering of the transfers and deletes but will
-cause the transfer stats to have more items in than expected.
-.PP
-Using this flag can use more memory as it effectively sets
-\f[C]--max-backlog\f[R] to infinite.
-This means that all the info on the objects to transfer is held in
-memory before the transfers start.
-.SS --checkers=N
+On Windows \f[C]\[rs]\f[R] may be used instead of \f[C]/\f[R] in local
+paths \f[B]only\f[R], non local paths must use \f[C]/\f[R].
+See local filesystem (https://rclone.org/local/#paths-on-windows)
+documentation for more about Windows-specific paths.
 .PP
-Originally controlling just the number of file checkers to run in
-parallel, e.g.
-by \f[C]rclone copy\f[R].
-Now a fairly universal parallelism control used by \f[C]rclone\f[R] in
-several places.
+These paths needn\[aq]t start with a leading \f[C]/\f[R] - if they
+don\[aq]t then they will be relative to the current directory.
+.SS remote:path/to/dir
 .PP
-Note: checkers do the equality checking of files during a sync.
-For some storage systems (e.g.
-S3, Swift, Dropbox) this can take a significant amount of time so they
-are run in parallel.
+This refers to a directory \f[C]path/to/dir\f[R] on \f[C]remote:\f[R] as
+defined in the config file (configured with \f[C]rclone config\f[R]).
+.SS remote:/path/to/dir
 .PP
-The default is to run 8 checkers in parallel.
-However, in case of slow-reacting backends you may need to lower (rather
-than increase) this default by setting \f[C]--checkers\f[R] to 4 or less
-threads.
-This is especially advised if you are experiencing backend server
-crashes during file checking phase (e.g.
-on subsequent or top-up backups where little or no file copying is done
-and checking takes up most of the time).
-Increase this setting only with utmost care, while monitoring your
-server health and file checking throughput.
-.SS -c, --checksum
+On most backends this is refers to the same directory as
+\f[C]remote:path/to/dir\f[R] and that format should be preferred.
+On a very small number of remotes (FTP, SFTP, Dropbox for business) this
+will refer to a different directory.
+On these, paths without a leading \f[C]/\f[R] will refer to your
+\[dq]home\[dq] directory and paths with a leading \f[C]/\f[R] will refer
+to the root.
+.SS :backend:path/to/dir
 .PP
-Normally rclone will look at modification time and size of files to see
-if they are equal.
-If you set this flag then rclone will check the file hash and size to
-determine if files are equal.
+This is an advanced form for creating remotes on the fly.
+\f[C]backend\f[R] should be the name or prefix of a backend (the
+\f[C]type\f[R] in the config file) and all the configuration for the
+backend should be provided on the command line (or in environment
+variables).
 .PP
-This is useful when the remote doesn\[aq]t support setting modified time
-and a more accurate sync is desired than just checking the file size.
+Here are some examples:
+.IP
+.nf
+\f[C]
+rclone lsd --http-url https://pub.rclone.org :http:
+\f[R]
+.fi
 .PP
-This is very useful when transferring between remotes which store the
-same hash type on the object, e.g.
-Drive and Swift.
-For details of which remotes support which hash type see the table in
-the overview section (https://rclone.org/overview/).
+To list all the directories in the root of
+\f[C]https://pub.rclone.org/\f[R].
+.IP
+.nf
+\f[C]
+rclone lsf --http-url https://example.com :http:path/to/dir
+\f[R]
+.fi
 .PP
-Eg \f[C]rclone --checksum sync s3:/bucket swift:/bucket\f[R] would run
-much quicker than without the \f[C]--checksum\f[R] flag.
+To list files and directories in
+\f[C]https://example.com/path/to/dir/\f[R]
+.IP
+.nf
+\f[C]
+rclone copy --http-url https://example.com :http:path/to/dir /tmp/dir
+\f[R]
+.fi
 .PP
-When using this flag, rclone won\[aq]t update mtimes of remote files if
-they are incorrect as it would normally.
-.SS --color WHEN
+To copy files and directories in
+\f[C]https://example.com/path/to/dir\f[R] to \f[C]/tmp/dir\f[R].
+.IP
+.nf
+\f[C]
+rclone copy --sftp-host example.com :sftp:path/to/dir /tmp/dir
+\f[R]
+.fi
 .PP
-Specifiy when colors (and other ANSI codes) should be added to the
-output.
+To copy files and directories from \f[C]example.com\f[R] in the relative
+directory \f[C]path/to/dir\f[R] to \f[C]/tmp/dir\f[R] using sftp.
+.SS Connection strings
 .PP
-\f[C]AUTO\f[R] (default) only allows ANSI codes when the output is a
-terminal
+The above examples can also be written using a connection string syntax,
+so instead of providing the arguments as command line parameters
+\f[C]--http-url https://pub.rclone.org\f[R] they are provided as part of
+the remote specification as a kind of connection string.
+.IP
+.nf
+\f[C]
+rclone lsd \[dq]:http,url=\[aq]https://pub.rclone.org\[aq]:\[dq]
+rclone lsf \[dq]:http,url=\[aq]https://example.com\[aq]:path/to/dir\[dq]
+rclone copy \[dq]:http,url=\[aq]https://example.com\[aq]:path/to/dir\[dq] /tmp/dir
+rclone copy :sftp,host=example.com:path/to/dir /tmp/dir
+\f[R]
+.fi
 .PP
-\f[C]NEVER\f[R] never allow ANSI codes
+These can apply to modify existing remotes as well as create new remotes
+with the on the fly syntax.
+This example is equivalent to adding the
+\f[C]--drive-shared-with-me\f[R] parameter to the remote
+\f[C]gdrive:\f[R].
+.IP
+.nf
+\f[C]
+rclone lsf \[dq]gdrive,shared_with_me:path/to/dir\[dq]
+\f[R]
+.fi
 .PP
-\f[C]ALWAYS\f[R] always add ANSI codes, regardless of the output format
-(terminal or file)
-.SS --compare-dest=DIR
+The major advantage to using the connection string style syntax is that
+it only applies to the remote, not to all the remotes of that type of
+the command line.
+A common confusion is this attempt to copy a file shared on google drive
+to the normal drive which \f[B]does not work\f[R] because the
+\f[C]--drive-shared-with-me\f[R] flag applies to both the source and the
+destination.
+.IP
+.nf
+\f[C]
+rclone copy --drive-shared-with-me gdrive:shared-file.txt gdrive:
+\f[R]
+.fi
 .PP
-When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] DIR is
-checked in addition to the destination for files.
-If a file identical to the source is found that file is NOT copied from
-source.
-This is useful to copy just files that have changed since the last
-backup.
+However using the connection string syntax, this does work.
+.IP
+.nf
+\f[C]
+rclone copy \[dq]gdrive,shared_with_me:shared-file.txt\[dq] gdrive:
+\f[R]
+.fi
 .PP
-You must use the same remote as the destination of the sync.
-The compare directory must not overlap the destination directory.
+Note that the connection string only affects the options of the
+immediate backend.
+If for example gdriveCrypt is a crypt based on gdrive, then the
+following command \f[B]will not work\f[R] as intended, because
+\f[C]shared_with_me\f[R] is ignored by the crypt backend:
+.IP
+.nf
+\f[C]
+rclone copy \[dq]gdriveCrypt,shared_with_me:shared-file.txt\[dq] gdriveCrypt:
+\f[R]
+.fi
 .PP
-See \f[C]--copy-dest\f[R] and \f[C]--backup-dir\f[R].
-.SS --config=CONFIG_FILE
+The connection strings have the following syntax
+.IP
+.nf
+\f[C]
+remote,parameter=value,parameter2=value2:path/to/dir
+:backend,parameter=value,parameter2=value2:path/to/dir
+\f[R]
+.fi
 .PP
-Specify the location of the rclone configuration file, to override the
-default.
-E.g.
-\f[C]rclone config --config=\[dq]rclone.conf\[dq]\f[R].
+If the \f[C]parameter\f[R] has a \f[C]:\f[R] or \f[C],\f[R] then it must
+be placed in quotes \f[C]\[dq]\f[R] or \f[C]\[aq]\f[R], so
+.IP
+.nf
+\f[C]
+remote,parameter=\[dq]colon:value\[dq],parameter2=\[dq]comma,value\[dq]:path/to/dir
+:backend,parameter=\[aq]colon:value\[aq],parameter2=\[aq]comma,value\[aq]:path/to/dir
+\f[R]
+.fi
 .PP
-The exact default is a bit complex to describe, due to changes
-introduced through different versions of rclone while preserving
-backwards compatibility, but in most cases it is as simple as:
-.IP \[bu] 2
-\f[C]%APPDATA%/rclone/rclone.conf\f[R] on Windows
-.IP \[bu] 2
-\f[C]\[ti]/.config/rclone/rclone.conf\f[R] on other
+If a quoted value needs to include that quote, then it should be
+doubled, so
+.IP
+.nf
+\f[C]
+remote,parameter=\[dq]with\[dq]\[dq]quote\[dq],parameter2=\[aq]with\[aq]\[aq]quote\[aq]:path/to/dir
+\f[R]
+.fi
 .PP
-The complete logic is as follows: Rclone will look for an existing
-configuration file in any of the following locations, in priority order:
-.IP "1." 3
-\f[C]rclone.conf\f[R] (in program directory, where rclone executable is)
-.IP "2." 3
-\f[C]%APPDATA%/rclone/rclone.conf\f[R] (only on Windows)
-.IP "3." 3
-\f[C]$XDG_CONFIG_HOME/rclone/rclone.conf\f[R] (on all systems, including
-Windows)
-.IP "4." 3
-\f[C]\[ti]/.config/rclone/rclone.conf\f[R] (see below for explanation of
-\[ti] symbol)
-.IP "5." 3
-\f[C]\[ti]/.rclone.conf\f[R]
+This will make \f[C]parameter\f[R] be \f[C]with\[dq]quote\f[R] and
+\f[C]parameter2\f[R] be \f[C]with\[aq]quote\f[R].
 .PP
-If no existing configuration file is found, then a new one will be
-created in the following location:
-.IP \[bu] 2
-On Windows: Location 2 listed above, except in the unlikely event that
-\f[C]APPDATA\f[R] is not defined, then location 4 is used instead.
-.IP \[bu] 2
-On Unix: Location 3 if \f[C]XDG_CONFIG_HOME\f[R] is defined, else
-location 4.
-.IP \[bu] 2
-Fallback to location 5 (on all OS), when the rclone directory cannot be
-created, but if also a home directory was not found then path
-\f[C].rclone.conf\f[R] relative to current working directory will be
-used as a final resort.
+If you leave off the \f[C]=parameter\f[R] then rclone will substitute
+\f[C]=true\f[R] which works very well with flags.
+For example, to use s3 configured in the environment you could use:
+.IP
+.nf
+\f[C]
+rclone lsd :s3,env_auth:
+\f[R]
+.fi
 .PP
-The \f[C]\[ti]\f[R] symbol in paths above represent the home directory
-of the current user on any OS, and the value is defined as following:
-.IP \[bu] 2
-On Windows: \f[C]%HOME%\f[R] if defined, else \f[C]%USERPROFILE%\f[R],
-or else \f[C]%HOMEDRIVE%\[rs]%HOMEPATH%\f[R].
-.IP \[bu] 2
-On Unix: \f[C]$HOME\f[R] if defined, else by looking up current user in
-OS-specific user database (e.g.
-passwd file), or else use the result from shell command
-\f[C]cd && pwd\f[R].
+Which is equivalent to
+.IP
+.nf
+\f[C]
+rclone lsd :s3,env_auth=true:
+\f[R]
+.fi
 .PP
-If you run \f[C]rclone config file\f[R] you will see where the default
-location is for you.
+Note that on the command line you might need to surround these
+connection strings with \f[C]\[dq]\f[R] or \f[C]\[aq]\f[R] to stop the
+shell interpreting any special characters within them.
 .PP
-The fact that an existing file \f[C]rclone.conf\f[R] in the same
-directory as the rclone executable is always preferred, means that it is
-easy to run in \[dq]portable\[dq] mode by downloading rclone executable
-to a writable directory and then create an empty file
-\f[C]rclone.conf\f[R] in the same directory.
+If you are a shell master then you\[aq]ll know which strings are OK and
+which aren\[aq]t, but if you aren\[aq]t sure then enclose them in
+\f[C]\[dq]\f[R] and use \f[C]\[aq]\f[R] as the inside quote.
+This syntax works on all OSes.
+.IP
+.nf
+\f[C]
+rclone copy \[dq]:http,url=\[aq]https://example.com\[aq]:path/to/dir\[dq] /tmp/dir
+\f[R]
+.fi
 .PP
-If the location is set to empty string \f[C]\[dq]\[dq]\f[R] or path to a
-file with name \f[C]notfound\f[R], or the os null device represented by
-value \f[C]NUL\f[R] on Windows and \f[C]/dev/null\f[R] on Unix systems,
-then rclone will keep the config file in memory only.
+On Linux/macOS some characters are still interpreted inside
+\f[C]\[dq]\f[R] strings in the shell (notably \f[C]\[rs]\f[R] and
+\f[C]$\f[R] and \f[C]\[dq]\f[R]) so if your strings contain those you
+can swap the roles of \f[C]\[dq]\f[R] and \f[C]\[aq]\f[R] thus.
+(This syntax does not work on Windows.)
+.IP
+.nf
+\f[C]
+rclone copy \[aq]:http,url=\[dq]https://example.com\[dq]:path/to/dir\[aq] /tmp/dir
+\f[R]
+.fi
+.SS Connection strings, config and logging
 .PP
-The file format is basic
-INI (https://en.wikipedia.org/wiki/INI_file#Format): Sections of text,
-led by a \f[C][section]\f[R] header and followed by \f[C]key=value\f[R]
-entries on separate lines.
-In rclone each remote is represented by its own section, where the
-section name defines the name of the remote.
-Options are specified as the \f[C]key=value\f[R] entries, where the key
-is the option name without the \f[C]--backend-\f[R] prefix, in lowercase
-and with \f[C]_\f[R] instead of \f[C]-\f[R].
-E.g.
-option \f[C]--mega-hard-delete\f[R] corresponds to key
-\f[C]hard_delete\f[R].
-Only backend options can be specified.
-A special, and required, key \f[C]type\f[R] identifies the storage
-system (https://rclone.org/overview/), where the value is the internal
-lowercase name as returned by command \f[C]rclone help backends\f[R].
-Comments are indicated by \f[C];\f[R] or \f[C]#\f[R] at the beginning of
-a line.
+If you supply extra configuration to a backend by command line flag,
+environment variable or connection string then rclone will add a suffix
+based on the hash of the config to the name of the remote, eg
+.IP
+.nf
+\f[C]
+rclone -vv lsf --s3-chunk-size 20M s3:
+\f[R]
+.fi
 .PP
-Example:
+Has the log message
 .IP
 .nf
 \f[C]
-[megaremote]
-type = mega
-user = you\[at]example.com
-pass = PDPcQVVjVtzFY-GTdDFozqBhTdsPg3qH
+DEBUG : s3: detected overridden config - adding \[dq]{Srj1p}\[dq] suffix to name
 \f[R]
 .fi
 .PP
-Note that passwords are in
-obscured (https://rclone.org/commands/rclone_obscure/) form.
-Also, many storage systems uses token-based authentication instead of
-passwords, and this requires additional steps.
-It is easier, and safer, to use the interactive command
-\f[C]rclone config\f[R] instead of manually editing the configuration
-file.
+This is so rclone can tell the modified remote apart from the unmodified
+remote when caching the backends.
 .PP
-The configuration file will typically contain login information, and
-should therefore have restricted permissions so that only the current
-user can read it.
-Rclone tries to ensure this when it writes the file.
-You may also choose to encrypt the file.
+This should only be noticeable in the logs.
 .PP
-When token-based authentication are used, the configuration file must be
-writable, because rclone needs to update the tokens inside it.
-.SS --contimeout=TIME
+This means that on the fly backends such as
+.IP
+.nf
+\f[C]
+rclone -vv lsf :s3,env_auth:
+\f[R]
+.fi
 .PP
-Set the connection timeout.
-This should be in go time format which looks like \f[C]5s\f[R] for 5
-seconds, \f[C]10m\f[R] for 10 minutes, or \f[C]3h30m\f[R].
+Will get their own names
+.IP
+.nf
+\f[C]
+DEBUG : :s3: detected overridden config - adding \[dq]{YTu53}\[dq] suffix to name
+\f[R]
+.fi
+.SS Valid remote names
 .PP
-The connection timeout is the amount of time rclone will wait for a
-connection to go through to a remote object storage system.
-It is \f[C]1m\f[R] by default.
-.SS --copy-dest=DIR
+Remote names are case sensitive, and must adhere to the following rules:
+- May contain number, letter, \f[C]_\f[R], \f[C]-\f[R], \f[C].\f[R],
+\f[C]+\f[R], \f[C]\[at]\f[R] and space.
+- May not start with \f[C]-\f[R] or space.
+- May not end with space.
 .PP
-When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] DIR is
-checked in addition to the destination for files.
-If a file identical to the source is found that file is server-side
-copied from DIR to the destination.
-This is useful for incremental backup.
+Starting with rclone version 1.61, any Unicode numbers and letters are
+allowed, while in older versions it was limited to plain ASCII (0-9,
+A-Z, a-z).
+If you use the same rclone configuration from different shells, which
+may be configured with different character encoding, you must be
+cautious to use characters that are possible to write in all of them.
+This is mostly a problem on Windows, where the console traditionally
+uses a non-Unicode character set - defined by the so-called \[dq]code
+page\[dq].
 .PP
-The remote in use must support server-side copy and you must use the
-same remote as the destination of the sync.
-The compare directory must not overlap the destination directory.
+Do not use single character names on Windows as it creates ambiguity
+with Windows drives\[aq] names, e.g.: remote called \f[C]C\f[R] is
+indistinguishable from \f[C]C\f[R] drive.
+Rclone will always assume that single letter name refers to a drive.
+.SS Quoting and the shell
 .PP
-See \f[C]--compare-dest\f[R] and \f[C]--backup-dir\f[R].
-.SS --dedupe-mode MODE
+When you are typing commands to your computer you are using something
+called the command line shell.
+This interprets various characters in an OS specific way.
 .PP
-Mode to run dedupe command in.
-One of \f[C]interactive\f[R], \f[C]skip\f[R], \f[C]first\f[R],
-\f[C]newest\f[R], \f[C]oldest\f[R], \f[C]rename\f[R].
-The default is \f[C]interactive\f[R].
-.PD 0
-.P
-.PD
-See the dedupe command for more information as to what these options
-mean.
-.SS --disable FEATURE,FEATURE,...
+Here are some gotchas which may help users unfamiliar with the shell
+rules
+.SS Linux / OSX
 .PP
-This disables a comma separated list of optional features.
-For example to disable server-side move and server-side copy use:
+If your names have spaces or shell metacharacters (e.g.
+\f[C]*\f[R], \f[C]?\f[R], \f[C]$\f[R], \f[C]\[aq]\f[R], \f[C]\[dq]\f[R],
+etc.) then you must quote them.
+Use single quotes \f[C]\[aq]\f[R] by default.
 .IP
 .nf
 \f[C]
---disable move,copy
+rclone copy \[aq]Important files?\[aq] remote:backup
 \f[R]
 .fi
 .PP
-The features can be put in any case.
-.PP
-To see a list of which features can be disabled use:
+If you want to send a \f[C]\[aq]\f[R] you will need to use
+\f[C]\[dq]\f[R], e.g.
 .IP
 .nf
 \f[C]
---disable help
+rclone copy \[dq]O\[aq]Reilly Reviews\[dq] remote:backup
 \f[R]
 .fi
 .PP
-See the overview features (https://rclone.org/overview/#features) and
-optional features (https://rclone.org/overview/#optional-features) to
-get an idea of which feature does what.
-.PP
-This flag can be useful for debugging and in exceptional circumstances
-(e.g.
-Google Drive limiting the total volume of Server Side Copies to 100
-GiB/day).
-.SS --disable-http2
-.PP
-This stops rclone from trying to use HTTP/2 if available.
-This can sometimes speed up transfers due to a problem in the Go
-standard library (https://github.com/golang/go/issues/37373).
-.SS --dscp VALUE
-.PP
-Specify a DSCP value or name to use in connections.
-This could help QoS system to identify traffic class.
-BE, EF, DF, LE, CSx and AFxx are allowed.
-.PP
-See the description of differentiated
-services (https://en.wikipedia.org/wiki/Differentiated_services) to get
-an idea of this field.
-Setting this to 1 (LE) to identify the flow to SCAVENGER class can avoid
-occupying too much bandwidth in a network with DiffServ support (RFC
-8622 (https://tools.ietf.org/html/rfc8622)).
+The rules for quoting metacharacters are complicated and if you want the
+full details you\[aq]ll have to consult the manual page for your shell.
+.SS Windows
 .PP
-For example, if you configured QoS on router to handle LE properly.
-Running:
+If your names have spaces in you need to put them in \f[C]\[dq]\f[R],
+e.g.
 .IP
 .nf
 \f[C]
-rclone copy --dscp LE from:/from to:/to
+rclone copy \[dq]E:\[rs]folder name\[rs]folder name\[rs]folder name\[dq] remote:backup
 \f[R]
 .fi
 .PP
-would make the priority lower than usual internet flows.
-.PP
-This option has no effect on Windows (see
-golang/go#42728 (https://github.com/golang/go/issues/42728)).
-.SS -n, --dry-run
-.PP
-Do a trial run with no permanent changes.
-Use this to see what rclone would do without actually doing it.
-Useful when setting up the \f[C]sync\f[R] command which deletes files in
-the destination.
-.SS --expect-continue-timeout=TIME
-.PP
-This specifies the amount of time to wait for a server\[aq]s first
-response headers after fully writing the request headers if the request
-has an \[dq]Expect: 100-continue\[dq] header.
-Not all backends support using this.
-.PP
-Zero means no timeout and causes the body to be sent immediately,
-without waiting for the server to approve.
-This time does not include the time to send the request header.
-.PP
-The default is \f[C]1s\f[R].
-Set to \f[C]0\f[R] to disable.
-.SS --error-on-no-transfer
-.PP
-By default, rclone will exit with return code 0 if there were no errors.
-.PP
-This option allows rclone to return exit code 9 if no files were
-transferred between the source and destination.
-This allows using rclone in scripts, and triggering follow-on actions if
-data was copied, or skipping if not.
-.PP
-NB: Enabling this option turns a usually non-fatal error into a
-potentially fatal one - please check and adjust your scripts
-accordingly!
-.SS --fs-cache-expire-duration=TIME
-.PP
-When using rclone via the API rclone caches created remotes for 5
-minutes by default in the \[dq]fs cache\[dq].
-This means that if you do repeated actions on the same remote then
-rclone won\[aq]t have to build it again from scratch, which makes it
-more efficient.
-.PP
-This flag sets the time that the remotes are cached for.
-If you set it to \f[C]0\f[R] (or negative) then rclone won\[aq]t cache
-the remotes at all.
-.PP
-Note that if you use some flags, eg \f[C]--backup-dir\f[R] and if this
-is set to \f[C]0\f[R] rclone may build two remotes (one for the source
-or destination and one for the \f[C]--backup-dir\f[R] where it may have
-only built one before.
-.SS --fs-cache-expire-interval=TIME
-.PP
-This controls how often rclone checks for cached remotes to expire.
-See the \f[C]--fs-cache-expire-duration\f[R] documentation above for
-more info.
-The default is 60s, set to 0 to disable expiry.
-.SS --header
+If you are using the root directory on its own then don\[aq]t quote it
+(see #464 (https://github.com/rclone/rclone/issues/464) for why), e.g.
+.IP
+.nf
+\f[C]
+rclone copy E:\[rs] remote:backup
+\f[R]
+.fi
+.SS Copying files or directories with \f[C]:\f[R] in the names
 .PP
-Add an HTTP header for all transactions.
-The flag can be repeated to add multiple headers.
+rclone uses \f[C]:\f[R] to mark a remote name.
+This is, however, a valid filename component in non-Windows OSes.
+The remote name parser will only search for a \f[C]:\f[R] up to the
+first \f[C]/\f[R] so if you need to act on a file or directory like this
+then use the full path starting with a \f[C]/\f[R], or use \f[C]./\f[R]
+as a current directory prefix.
 .PP
-If you want to add headers only for uploads use
-\f[C]--header-upload\f[R] and if you want to add headers only for
-downloads use \f[C]--header-download\f[R].
+So to sync a directory called \f[C]sync:me\f[R] to a remote called
+\f[C]remote:\f[R] use
+.IP
+.nf
+\f[C]
+rclone sync --interactive ./sync:me remote:path
+\f[R]
+.fi
 .PP
-This flag is supported for all HTTP based backends even those not
-supported by \f[C]--header-upload\f[R] and \f[C]--header-download\f[R]
-so may be used as a workaround for those with care.
+or
 .IP
 .nf
 \f[C]
-rclone ls remote:test --header \[dq]X-Rclone: Foo\[dq] --header \[dq]X-LetMeIn: Yes\[dq]
+rclone sync --interactive /full/path/to/sync:me remote:path
 \f[R]
 .fi
-.SS --header-download
+.SS Server Side Copy
 .PP
-Add an HTTP header for all download transactions.
-The flag can be repeated to add multiple headers.
+Most remotes (but not all - see the
+overview (https://rclone.org/overview/#optional-features)) support
+server-side copy.
+.PP
+This means if you want to copy one folder to another then rclone
+won\[aq]t download all the files and re-upload them; it will instruct
+the server to copy them in place.
+.PP
+Eg
 .IP
 .nf
 \f[C]
-rclone sync --interactive s3:test/src \[ti]/dst --header-download \[dq]X-Amz-Meta-Test: Foo\[dq] --header-download \[dq]X-Amz-Meta-Test2: Bar\[dq]
+rclone copy s3:oldbucket s3:newbucket
 \f[R]
 .fi
 .PP
-See the GitHub issue here (https://github.com/rclone/rclone/issues/59)
-for currently supported backends.
-.SS --header-upload
+Will copy the contents of \f[C]oldbucket\f[R] to \f[C]newbucket\f[R]
+without downloading and re-uploading.
 .PP
-Add an HTTP header for all upload transactions.
-The flag can be repeated to add multiple headers.
+Remotes which don\[aq]t support server-side copy \f[B]will\f[R] download
+and re-upload in this case.
+.PP
+Server side copies are used with \f[C]sync\f[R] and \f[C]copy\f[R] and
+will be identified in the log when using the \f[C]-v\f[R] flag.
+The \f[C]move\f[R] command may also use them if remote doesn\[aq]t
+support server-side move directly.
+This is done by issuing a server-side copy then a delete which is much
+quicker than a download and re-upload.
+.PP
+Server side copies will only be attempted if the remote names are the
+same.
+.PP
+This can be used when scripting to make aged backups efficiently, e.g.
 .IP
 .nf
 \f[C]
-rclone sync --interactive \[ti]/src s3:test/dst --header-upload \[dq]Content-Disposition: attachment; filename=\[aq]cool.html\[aq]\[dq] --header-upload \[dq]X-Amz-Meta-Test: FooBar\[dq]
+rclone sync --interactive remote:current-backup remote:previous-backup
+rclone sync --interactive /path/to/files remote:current-backup
 \f[R]
 .fi
+.SS Metadata support
 .PP
-See the GitHub issue here (https://github.com/rclone/rclone/issues/59)
-for currently supported backends.
-.SS --human-readable
+Metadata is data about a file which isn\[aq]t the contents of the file.
+Normally rclone only preserves the modification time and the content
+(MIME) type where possible.
 .PP
-Rclone commands output values for sizes (e.g.
-number of bytes) and counts (e.g.
-number of files) either as \f[I]raw\f[R] numbers, or in
-\f[I]human-readable\f[R] format.
+Rclone supports preserving all the available metadata on files (not
+directories) when using the \f[C]--metadata\f[R] or \f[C]-M\f[R] flag.
 .PP
-In human-readable format the values are scaled to larger units,
-indicated with a suffix shown after the value, and rounded to three
-decimals.
-Rclone consistently uses binary units (powers of 2) for sizes and
-decimal units (powers of 10) for counts.
-The unit prefix for size is according to IEC standard notation, e.g.
-\f[C]Ki\f[R] for kibi.
-Used with byte unit, \f[C]1 KiB\f[R] means 1024 Byte.
-In list type of output, only the unit prefix appended to the value (e.g.
-\f[C]9.762Ki\f[R]), while in more textual output the full unit is shown
-(e.g.
-\f[C]9.762 KiB\f[R]).
-For counts the SI standard notation is used, e.g.
-prefix \f[C]k\f[R] for kilo.
-Used with file counts, \f[C]1k\f[R] means 1000 files.
+Exactly what metadata is supported and what that support means depends
+on the backend.
+Backends that support metadata have a metadata section in their docs and
+are listed in the features table (https://rclone.org/overview/#features)
+(Eg local (https://rclone.org/local/#metadata), s3)
 .PP
-The various list (https://rclone.org/commands/rclone_ls/) commands
-output raw numbers by default.
-Option \f[C]--human-readable\f[R] will make them output values in
-human-readable format instead (with the short unit prefix).
+Rclone only supports a one-time sync of metadata.
+This means that metadata will be synced from the source object to the
+destination object only when the source object has changed and needs to
+be re-uploaded.
+If the metadata subsequently changes on the source object without
+changing the object itself then it won\[aq]t be synced to the
+destination object.
+This is in line with the way rclone syncs \f[C]Content-Type\f[R] without
+the \f[C]--metadata\f[R] flag.
 .PP
-The about (https://rclone.org/commands/rclone_about/) command outputs
-human-readable by default, with a command-specific option
-\f[C]--full\f[R] to output the raw numbers instead.
+Using \f[C]--metadata\f[R] when syncing from local to local will
+preserve file attributes such as file mode, owner, extended attributes
+(not Windows).
 .PP
-Command size (https://rclone.org/commands/rclone_size/) outputs both
-human-readable and raw numbers in the same output.
+Note that arbitrary metadata may be added to objects using the
+\f[C]--metadata-set key=value\f[R] flag when the object is first
+uploaded.
+This flag can be repeated as many times as necessary.
 .PP
-The tree (https://rclone.org/commands/rclone_tree/) command also
-considers \f[C]--human-readable\f[R], but it will not use the exact same
-notation as the other commands: It rounds to one decimal, and uses
-single letter suffix, e.g.
-\f[C]K\f[R] instead of \f[C]Ki\f[R].
-The reason for this is that it relies on an external library.
+The --metadata-mapper flag can be used to pass the name of a program in
+which can transform metadata when it is being copied from source to
+destination.
+.SS Types of metadata
 .PP
-The interactive command ncdu (https://rclone.org/commands/rclone_ncdu/)
-shows human-readable by default, and responds to key \f[C]u\f[R] for
-toggling human-readable format.
-.SS --ignore-case-sync
+Metadata is divided into two type.
+System metadata and User metadata.
 .PP
-Using this option will cause rclone to ignore the case of the files when
-synchronizing so files will not be copied/synced when the existing
-filenames are the same, even if the casing is different.
-.SS --ignore-checksum
+Metadata which the backend uses itself is called system metadata.
+For example on the local backend the system metadata \f[C]uid\f[R] will
+store the user ID of the file when used on a unix based platform.
 .PP
-Normally rclone will check that the checksums of transferred files
-match, and give an error \[dq]corrupted on transfer\[dq] if they
-don\[aq]t.
+Arbitrary metadata is called user metadata and this can be set however
+is desired.
 .PP
-You can use this option to skip that check.
-You should only use it if you have had the \[dq]corrupted on
-transfer\[dq] error message and you are sure you might want to transfer
-potentially corrupted data.
-.SS --ignore-existing
+When objects are copied from backend to backend, they will attempt to
+interpret system metadata if it is supplied.
+Metadata may change from being user metadata to system metadata as
+objects are copied between different backends.
+For example copying an object from s3 sets the \f[C]content-type\f[R]
+metadata.
+In a backend which understands this (like \f[C]azureblob\f[R]) this will
+become the Content-Type of the object.
+In a backend which doesn\[aq]t understand this (like the \f[C]local\f[R]
+backend) this will become user metadata.
+However should the local object be copied back to s3, the Content-Type
+will be set correctly.
+.SS Metadata framework
 .PP
-Using this option will make rclone unconditionally skip all files that
-exist on the destination, no matter the content of these files.
+Rclone implements a metadata framework which can read metadata from an
+object and write it to the object when (and only when) it is being
+uploaded.
 .PP
-While this isn\[aq]t a generally recommended option, it can be useful in
-cases where your files change due to encryption.
-However, it cannot correct partial transfers in case a transfer was
-interrupted.
+This metadata is stored as a dictionary with string keys and string
+values.
 .PP
-When performing a \f[C]move\f[R]/\f[C]moveto\f[R] command, this flag
-will leave skipped files in the source location unchanged when a file
-with the same name exists on the destination.
-.SS --ignore-size
+There are some limits on the names of the keys (these may be clarified
+further in the future).
+.IP \[bu] 2
+must be lower case
+.IP \[bu] 2
+may be \f[C]a-z\f[R] \f[C]0-9\f[R] containing \f[C].\f[R] \f[C]-\f[R] or
+\f[C]_\f[R]
+.IP \[bu] 2
+length is backend dependent
 .PP
-Normally rclone will look at modification time and size of files to see
-if they are equal.
-If you set this flag then rclone will check only the modification time.
-If \f[C]--checksum\f[R] is set then it only checks the checksum.
+Each backend can provide system metadata that it understands.
+Some backends can also store arbitrary user metadata.
 .PP
-It will also cause rclone to skip verifying the sizes are the same after
-transfer.
+Where possible the key names are standardized, so, for example, it is
+possible to copy object metadata from s3 to azureblob for example and
+metadata will be translated appropriately.
 .PP
-This can be useful for transferring files to and from OneDrive which
-occasionally misreports the size of image files (see
-#399 (https://github.com/rclone/rclone/issues/399) for more info).
-.SS -I, --ignore-times
+Some backends have limits on the size of the metadata and rclone will
+give errors on upload if they are exceeded.
+.SS Metadata preservation
 .PP
-Using this option will cause rclone to unconditionally upload all files
-regardless of the state of files on the destination.
+The goal of the implementation is to
+.IP "1." 3
+Preserve metadata if at all possible
+.IP "2." 3
+Interpret metadata if at all possible
 .PP
-Normally rclone would skip any files that have the same modification
-time and are the same size (or have the same checksum if using
-\f[C]--checksum\f[R]).
-.SS --immutable
+The consequences of 1 is that you can copy an S3 object to a local disk
+then back to S3 losslessly.
+Likewise you can copy a local file with file attributes and xattrs from
+local disk to s3 and back again losslessly.
 .PP
-Treat source and destination files as immutable and disallow
-modification.
+The consequence of 2 is that you can copy an S3 object with metadata to
+Azureblob (say) and have the metadata appear on the Azureblob object
+also.
+.SS Standard system metadata
 .PP
-With this option set, files will be created and deleted as requested,
-but existing files will never be updated.
-If an existing file does not match between the source and destination,
-rclone will give the error
-\f[C]Source and destination exist but do not match: immutable file modified\f[R].
+Here is a table of standard system metadata which, if appropriate, a
+backend may implement.
 .PP
-Note that only commands which transfer files (e.g.
-\f[C]sync\f[R], \f[C]copy\f[R], \f[C]move\f[R]) are affected by this
-behavior, and only modification is disallowed.
-Files may still be deleted explicitly (e.g.
-\f[C]delete\f[R], \f[C]purge\f[R]) or implicitly (e.g.
-\f[C]sync\f[R], \f[C]move\f[R]).
-Use \f[C]copy --immutable\f[R] if it is desired to avoid deletion as
-well as modification.
+.TS
+tab(@);
+lw(34.2n) lw(21.2n) lw(14.7n).
+T{
+key
+T}@T{
+description
+T}@T{
+example
+T}
+_
+T{
+mode
+T}@T{
+File type and mode: octal, unix style
+T}@T{
+0100664
+T}
+T{
+uid
+T}@T{
+User ID of owner: decimal number
+T}@T{
+500
+T}
+T{
+gid
+T}@T{
+Group ID of owner: decimal number
+T}@T{
+500
+T}
+T{
+rdev
+T}@T{
+Device ID (if special file) => hexadecimal
+T}@T{
+0
+T}
+T{
+atime
+T}@T{
+Time of last access: RFC 3339
+T}@T{
+2006-01-02T15:04:05.999999999Z07:00
+T}
+T{
+mtime
+T}@T{
+Time of last modification: RFC 3339
+T}@T{
+2006-01-02T15:04:05.999999999Z07:00
+T}
+T{
+btime
+T}@T{
+Time of file creation (birth): RFC 3339
+T}@T{
+2006-01-02T15:04:05.999999999Z07:00
+T}
+T{
+utime
+T}@T{
+Time of file upload: RFC 3339
+T}@T{
+2006-01-02T15:04:05.999999999Z07:00
+T}
+T{
+cache-control
+T}@T{
+Cache-Control header
+T}@T{
+no-cache
+T}
+T{
+content-disposition
+T}@T{
+Content-Disposition header
+T}@T{
+inline
+T}
+T{
+content-encoding
+T}@T{
+Content-Encoding header
+T}@T{
+gzip
+T}
+T{
+content-language
+T}@T{
+Content-Language header
+T}@T{
+en-US
+T}
+T{
+content-type
+T}@T{
+Content-Type header
+T}@T{
+text/plain
+T}
+.TE
 .PP
-This can be useful as an additional layer of protection for immutable or
-append-only data sets (notably backup archives), where modification
-implies corruption and should not be propagated.
-.SS -i, --interactive
+The metadata keys \f[C]mtime\f[R] and \f[C]content-type\f[R] will take
+precedence if supplied in the metadata over reading the
+\f[C]Content-Type\f[R] or modification time of the source object.
 .PP
-This flag can be used to tell rclone that you wish a manual confirmation
-before destructive operations.
+Hashes are not included in system metadata as there is a well defined
+way of reading those already.
+.SS Options
 .PP
-It is \f[B]recommended\f[R] that you use this flag while learning rclone
-especially with \f[C]rclone sync\f[R].
+Rclone has a number of options to control its behaviour.
 .PP
-For example
-.IP
-.nf
-\f[C]
-$ rclone delete --interactive /tmp/dir
-rclone: delete \[dq]important-file.txt\[dq]?
-y) Yes, this is OK (default)
-n) No, skip this
-s) Skip all delete operations with no more questions
-!) Do all delete operations with no more questions
-q) Exit rclone now.
-y/n/s/!/q> n
-\f[R]
-.fi
+Options that take parameters can have the values passed in two ways,
+\f[C]--option=value\f[R] or \f[C]--option value\f[R].
+However boolean (true/false) options behave slightly differently to the
+other options in that \f[C]--boolean\f[R] sets the option to
+\f[C]true\f[R] and the absence of the flag sets it to \f[C]false\f[R].
+It is also possible to specify \f[C]--boolean=false\f[R] or
+\f[C]--boolean=true\f[R].
+Note that \f[C]--boolean false\f[R] is not valid - this is parsed as
+\f[C]--boolean\f[R] and the \f[C]false\f[R] is parsed as an extra
+command line argument for rclone.
+.SS Time or duration options
 .PP
-The options mean
+TIME or DURATION options can be specified as a duration string or a time
+string.
+.PP
+A duration string is a possibly signed sequence of decimal numbers, each
+with optional fraction and a unit suffix, such as \[dq]300ms\[dq],
+\[dq]-1.5h\[dq] or \[dq]2h45m\[dq].
+Default units are seconds or the following abbreviations are valid:
 .IP \[bu] 2
-\f[C]y\f[R]: \f[B]Yes\f[R], this operation should go ahead.
-You can also press Return for this to happen.
-You\[aq]ll be asked every time unless you choose \f[C]s\f[R] or
-\f[C]!\f[R].
+\f[C]ms\f[R] - Milliseconds
 .IP \[bu] 2
-\f[C]n\f[R]: \f[B]No\f[R], do not do this operation.
-You\[aq]ll be asked every time unless you choose \f[C]s\f[R] or
-\f[C]!\f[R].
+\f[C]s\f[R] - Seconds
 .IP \[bu] 2
-\f[C]s\f[R]: \f[B]Skip\f[R] all the following operations of this type
-with no more questions.
-This takes effect until rclone exits.
-If there are any different kind of operations you\[aq]ll be prompted for
-them.
+\f[C]m\f[R] - Minutes
 .IP \[bu] 2
-\f[C]!\f[R]: \f[B]Do all\f[R] the following operations with no more
-questions.
-Useful if you\[aq]ve decided that you don\[aq]t mind rclone doing that
-kind of operation.
-This takes effect until rclone exits .
-If there are any different kind of operations you\[aq]ll be prompted for
-them.
+\f[C]h\f[R] - Hours
 .IP \[bu] 2
-\f[C]q\f[R]: \f[B]Quit\f[R] rclone now, just in case!
-.SS --leave-root
-.PP
-During rmdirs it will not remove root directory, even if it\[aq]s empty.
-.SS --log-file=FILE
+\f[C]d\f[R] - Days
+.IP \[bu] 2
+\f[C]w\f[R] - Weeks
+.IP \[bu] 2
+\f[C]M\f[R] - Months
+.IP \[bu] 2
+\f[C]y\f[R] - Years
 .PP
-Log all of rclone\[aq]s output to FILE.
-This is not active by default.
-This can be useful for tracking down problems with syncs in combination
-with the \f[C]-v\f[R] flag.
-See the Logging section for more info.
+These can also be specified as an absolute time in the following
+formats:
+.IP \[bu] 2
+RFC3339 - e.g.
+\f[C]2006-01-02T15:04:05Z\f[R] or \f[C]2006-01-02T15:04:05+07:00\f[R]
+.IP \[bu] 2
+ISO8601 Date and time, local timezone - \f[C]2006-01-02T15:04:05\f[R]
+.IP \[bu] 2
+ISO8601 Date and time, local timezone - \f[C]2006-01-02 15:04:05\f[R]
+.IP \[bu] 2
+ISO8601 Date - \f[C]2006-01-02\f[R] (YYYY-MM-DD)
+.SS Size options
 .PP
-If FILE exists then rclone will append to it.
-.PP
-Note that if you are using the \f[C]logrotate\f[R] program to manage
-rclone\[aq]s logs, then you should use the \f[C]copytruncate\f[R] option
-as rclone doesn\[aq]t have a signal to rotate logs.
-.SS --log-format LIST
-.PP
-Comma separated list of log format options.
-Accepted options are \f[C]date\f[R], \f[C]time\f[R],
-\f[C]microseconds\f[R], \f[C]pid\f[R], \f[C]longfile\f[R],
-\f[C]shortfile\f[R], \f[C]UTC\f[R].
-Any other keywords will be silently ignored.
-\f[C]pid\f[R] will tag log messages with process identifier which useful
-with \f[C]rclone mount --daemon\f[R].
-Other accepted options are explained in the go
-documentation (https://pkg.go.dev/log#pkg-constants).
-The default log format is \[dq]\f[C]date\f[R],\f[C]time\f[R]\[dq].
-.SS --log-level LEVEL
-.PP
-This sets the log level for rclone.
-The default log level is \f[C]NOTICE\f[R].
+Options which use SIZE use KiB (multiples of 1024 bytes) by default.
+However, a suffix of \f[C]B\f[R] for Byte, \f[C]K\f[R] for KiB,
+\f[C]M\f[R] for MiB, \f[C]G\f[R] for GiB, \f[C]T\f[R] for TiB and
+\f[C]P\f[R] for PiB may be used.
+These are the binary units, e.g.
+1, 2**10, 2**20, 2**30 respectively.
+.SS --backup-dir=DIR
 .PP
-\f[C]DEBUG\f[R] is equivalent to \f[C]-vv\f[R].
-It outputs lots of debug info - useful for bug reports and really
-finding out what rclone is doing.
+When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] any files
+which would have been overwritten or deleted are moved in their original
+hierarchy into this directory.
 .PP
-\f[C]INFO\f[R] is equivalent to \f[C]-v\f[R].
-It outputs information about each transfer and prints stats once a
-minute by default.
+If \f[C]--suffix\f[R] is set, then the moved files will have the suffix
+added to them.
+If there is a file with the same path (after the suffix has been added)
+in DIR, then it will be overwritten.
 .PP
-\f[C]NOTICE\f[R] is the default log level if no logging flags are
-supplied.
-It outputs very little when things are working normally.
-It outputs warnings and significant events.
+The remote in use must support server-side move or copy and you must use
+the same remote as the destination of the sync.
+The backup directory must not overlap the destination directory without
+it being excluded by a filter rule.
 .PP
-\f[C]ERROR\f[R] is equivalent to \f[C]-q\f[R].
-It only outputs error messages.
-.SS --use-json-log
+For example
+.IP
+.nf
+\f[C]
+rclone sync --interactive /path/to/local remote:current --backup-dir remote:old
+\f[R]
+.fi
 .PP
-This switches the log format to JSON for rclone.
-The fields of json log are level, msg, source, time.
-.SS --low-level-retries NUMBER
+will sync \f[C]/path/to/local\f[R] to \f[C]remote:current\f[R], but for
+any files which would have been updated or deleted will be stored in
+\f[C]remote:old\f[R].
 .PP
-This controls the number of low level retries rclone does.
+If running rclone from a script you might want to use today\[aq]s date
+as the directory name passed to \f[C]--backup-dir\f[R] to store the old
+files, or you might want to pass \f[C]--suffix\f[R] with today\[aq]s
+date.
 .PP
-A low level retry is used to retry a failing operation - typically one
-HTTP request.
-This might be uploading a chunk of a big file for example.
-You will see low level retries in the log with the \f[C]-v\f[R] flag.
+See \f[C]--compare-dest\f[R] and \f[C]--copy-dest\f[R].
+.SS --bind string
 .PP
-This shouldn\[aq]t need to be changed from the default in normal
-operations.
-However, if you get a lot of low level retries you may wish to reduce
-the value so rclone moves on to a high level retry (see the
-\f[C]--retries\f[R] flag) quicker.
+Local address to bind to for outgoing connections.
+This can be an IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or
+host name.
+If the host name doesn\[aq]t resolve or resolves to more than one IP
+address it will give an error.
 .PP
-Disable low level retries with \f[C]--low-level-retries 1\f[R].
-.SS --max-backlog=N
+You can use \f[C]--bind 0.0.0.0\f[R] to force rclone to use IPv4
+addresses and \f[C]--bind ::0\f[R] to force rclone to use IPv6
+addresses.
+.SS --bwlimit=BANDWIDTH_SPEC
 .PP
-This is the maximum allowable backlog of files in a sync/copy/move
-queued for being checked or transferred.
+This option controls the bandwidth limit.
+For example
+.IP
+.nf
+\f[C]
+--bwlimit 10M
+\f[R]
+.fi
 .PP
-This can be set arbitrarily large.
-It will only use memory when the queue is in use.
-Note that it will use in the order of N KiB of memory when the backlog
-is in use.
+would mean limit the upload and download bandwidth to 10 MiB/s.
+\f[B]NB\f[R] this is \f[B]bytes\f[R] per second not \f[B]bits\f[R] per
+second.
+To use a single limit, specify the desired bandwidth in KiB/s, or use a
+suffix B|K|M|G|T|P.
+The default is \f[C]0\f[R] which means to not limit bandwidth.
 .PP
-Setting this large allows rclone to calculate how many files are pending
-more accurately, give a more accurate estimated finish time and make
-\f[C]--order-by\f[R] work more accurately.
+The upload and download bandwidth can be specified separately, as
+\f[C]--bwlimit UP:DOWN\f[R], so
+.IP
+.nf
+\f[C]
+--bwlimit 10M:100k
+\f[R]
+.fi
 .PP
-Setting this small will make rclone more synchronous to the listings of
-the remote which may be desirable.
+would mean limit the upload bandwidth to 10 MiB/s and the download
+bandwidth to 100 KiB/s.
+Either limit can be \[dq]off\[dq] meaning no limit, so to just limit the
+upload bandwidth you would use
+.IP
+.nf
+\f[C]
+--bwlimit 10M:off
+\f[R]
+.fi
 .PP
-Setting this to a negative number will make the backlog as large as
-possible.
-.SS --max-delete=N
+this would limit the upload bandwidth to 10 MiB/s but the download
+bandwidth would be unlimited.
 .PP
-This tells rclone not to delete more than N files.
-If that limit is exceeded then a fatal error will be generated and
-rclone will stop the operation in progress.
-.SS --max-delete-size=SIZE
+When specified as above the bandwidth limits last for the duration of
+run of the rclone binary.
 .PP
-Rclone will stop deleting files when the total size of deletions has
-reached the size specified.
-It defaults to off.
+It is also possible to specify a \[dq]timetable\[dq] of limits, which
+will cause certain limits to be applied at certain times.
+To specify a timetable, format your entries as
+\f[C]WEEKDAY-HH:MM,BANDWIDTH WEEKDAY-HH:MM,BANDWIDTH...\f[R] where:
+\f[C]WEEKDAY\f[R] is optional element.
+.IP \[bu] 2
+\f[C]BANDWIDTH\f[R] can be a single number, e.g.\f[C]100k\f[R] or a pair
+of numbers for upload:download, e.g.\f[C]10M:1M\f[R].
+.IP \[bu] 2
+\f[C]WEEKDAY\f[R] can be written as the whole word or only using the
+first 3 characters.
+It is optional.
+.IP \[bu] 2
+\f[C]HH:MM\f[R] is an hour from 00:00 to 23:59.
 .PP
-If that limit is exceeded then a fatal error will be generated and
-rclone will stop the operation in progress.
-.SS --max-depth=N
+An example of a typical timetable to avoid link saturation during
+daytime working hours could be:
 .PP
-This modifies the recursion depth for all the commands except purge.
+\f[C]--bwlimit \[dq]08:00,512k 12:00,10M 13:00,512k 18:00,30M 23:00,off\[dq]\f[R]
 .PP
-So if you do \f[C]rclone --max-depth 1 ls remote:path\f[R] you will see
-only the files in the top level directory.
-Using \f[C]--max-depth 2\f[R] means you will see all the files in first
-two directory levels and so on.
+In this example, the transfer bandwidth will be set to 512 KiB/s at 8am
+every day.
+At noon, it will rise to 10 MiB/s, and drop back to 512 KiB/sec at 1pm.
+At 6pm, the bandwidth limit will be set to 30 MiB/s, and at 11pm it will
+be completely disabled (full speed).
+Anything between 11pm and 8am will remain unlimited.
 .PP
-For historical reasons the \f[C]lsd\f[R] command defaults to using a
-\f[C]--max-depth\f[R] of 1 - you can override this with the command line
-flag.
+An example of timetable with \f[C]WEEKDAY\f[R] could be:
 .PP
-You can use this command to disable recursion (with
-\f[C]--max-depth 1\f[R]).
+\f[C]--bwlimit \[dq]Mon-00:00,512 Fri-23:59,10M Sat-10:00,1M Sun-20:00,off\[dq]\f[R]
 .PP
-Note that if you use this with \f[C]sync\f[R] and
-\f[C]--delete-excluded\f[R] the files not recursed through are
-considered excluded and will be deleted on the destination.
-Test first with \f[C]--dry-run\f[R] if you are not sure what will
-happen.
-.SS --max-duration=TIME
+It means that, the transfer bandwidth will be set to 512 KiB/s on
+Monday.
+It will rise to 10 MiB/s before the end of Friday.
+At 10:00 on Saturday it will be set to 1 MiB/s.
+From 20:00 on Sunday it will be unlimited.
 .PP
-Rclone will stop scheduling new transfers when it has run for the
-duration specified.
+Timeslots without \f[C]WEEKDAY\f[R] are extended to the whole week.
+So this example:
 .PP
-Defaults to off.
+\f[C]--bwlimit \[dq]Mon-00:00,512 12:00,1M Sun-20:00,off\[dq]\f[R]
 .PP
-When the limit is reached any existing transfers will complete.
+Is equivalent to this:
 .PP
-Rclone won\[aq]t exit with an error if the transfer limit is reached.
-.SS --max-transfer=SIZE
+\f[C]--bwlimit \[dq]Mon-00:00,512Mon-12:00,1M Tue-12:00,1M Wed-12:00,1M Thu-12:00,1M Fri-12:00,1M Sat-12:00,1M Sun-12:00,1M Sun-20:00,off\[dq]\f[R]
 .PP
-Rclone will stop transferring when it has reached the size specified.
-Defaults to off.
+Bandwidth limit apply to the data transfer for all backends.
+For most backends the directory listing bandwidth is also included
+(exceptions being the non HTTP backends, \f[C]ftp\f[R], \f[C]sftp\f[R]
+and \f[C]storj\f[R]).
 .PP
-When the limit is reached all transfers will stop immediately.
+Note that the units are \f[B]Byte/s\f[R], not \f[B]bit/s\f[R].
+Typically connections are measured in bit/s - to convert divide by 8.
+For example, let\[aq]s say you have a 10 Mbit/s connection and you wish
+rclone to use half of it - 5 Mbit/s.
+This is 5/8 = 0.625 MiB/s so you would use a \f[C]--bwlimit 0.625M\f[R]
+parameter for rclone.
 .PP
-Rclone will exit with exit code 8 if the transfer limit is reached.
-.SS -M, --metadata
+On Unix systems (Linux, macOS, \&...) the bandwidth limiter can be
+toggled by sending a \f[C]SIGUSR2\f[R] signal to rclone.
+This allows to remove the limitations of a long running rclone transfer
+and to restore it back to the value specified with \f[C]--bwlimit\f[R]
+quickly when needed.
+Assuming there is only one rclone instance running, you can toggle the
+limiter like this:
+.IP
+.nf
+\f[C]
+kill -SIGUSR2 $(pidof rclone)
+\f[R]
+.fi
 .PP
-Setting this flag enables rclone to copy the metadata from the source to
-the destination.
-For local backends this is ownership, permissions, xattr etc.
-See the #metadata for more info.
-.SS --metadata-set key=value
+If you configure rclone with a remote control then you can use change
+the bwlimit dynamically:
+.IP
+.nf
+\f[C]
+rclone rc core/bwlimit rate=1M
+\f[R]
+.fi
+.SS --bwlimit-file=BANDWIDTH_SPEC
 .PP
-Add metadata \f[C]key\f[R] = \f[C]value\f[R] when uploading.
-This can be repeated as many times as required.
-See the #metadata for more info.
-.SS --cutoff-mode=hard|soft|cautious
+This option controls per file bandwidth limit.
+For the options see the \f[C]--bwlimit\f[R] flag.
 .PP
-This modifies the behavior of \f[C]--max-transfer\f[R] Defaults to
-\f[C]--cutoff-mode=hard\f[R].
+For example use this to allow no transfers to be faster than 1 MiB/s
+.IP
+.nf
+\f[C]
+--bwlimit-file 1M
+\f[R]
+.fi
 .PP
-Specifying \f[C]--cutoff-mode=hard\f[R] will stop transferring
-immediately when Rclone reaches the limit.
+This can be used in conjunction with \f[C]--bwlimit\f[R].
 .PP
-Specifying \f[C]--cutoff-mode=soft\f[R] will stop starting new transfers
-when Rclone reaches the limit.
+Note that if a schedule is provided the file will use the schedule in
+effect at the start of the transfer.
+.SS --buffer-size=SIZE
 .PP
-Specifying \f[C]--cutoff-mode=cautious\f[R] will try to prevent Rclone
-from reaching the limit.
-.SS --modify-window=TIME
+Use this sized buffer to speed up file transfers.
+Each \f[C]--transfer\f[R] will use this much memory for buffering.
 .PP
-When checking whether a file has been modified, this is the maximum
-allowed time difference that a file can have and still be considered
-equivalent.
+When using \f[C]mount\f[R] or \f[C]cmount\f[R] each open file descriptor
+will use this much memory for buffering.
+See the mount (https://rclone.org/commands/rclone_mount/#file-buffering)
+documentation for more details.
 .PP
-The default is \f[C]1ns\f[R] unless this is overridden by a remote.
-For example OS X only stores modification times to the nearest second so
-if you are reading and writing to an OS X filing system this will be
-\f[C]1s\f[R] by default.
+Set to \f[C]0\f[R] to disable the buffering for the minimum memory
+usage.
 .PP
-This command line flag allows you to override that computed default.
-.SS --multi-thread-cutoff=SIZE
+Note that the memory allocation of the buffers is influenced by the
+--use-mmap flag.
+.SS --cache-dir=DIR
 .PP
-When downloading files to the local backend above this size, rclone will
-use multiple threads to download the file (default 250M).
+Specify the directory rclone will use for caching, to override the
+default.
 .PP
-Rclone preallocates the file (using
-\f[C]fallocate(FALLOC_FL_KEEP_SIZE)\f[R] on unix or
-\f[C]NTSetInformationFile\f[R] on Windows both of which takes no time)
-then each thread writes directly into the file at the correct place.
-This means that rclone won\[aq]t create fragmented or sparse files and
-there won\[aq]t be any assembly time at the end of the transfer.
+Default value is depending on operating system: - Windows
+\f[C]%LocalAppData%\[rs]rclone\f[R], if \f[C]LocalAppData\f[R] is
+defined.
+- macOS \f[C]$HOME/Library/Caches/rclone\f[R] if \f[C]HOME\f[R] is
+defined.
+- Unix \f[C]$XDG_CACHE_HOME/rclone\f[R] if \f[C]XDG_CACHE_HOME\f[R] is
+defined, else \f[C]$HOME/.cache/rclone\f[R] if \f[C]HOME\f[R] is
+defined.
+- Fallback (on all OS) to \f[C]$TMPDIR/rclone\f[R], where
+\f[C]TMPDIR\f[R] is the value from --temp-dir.
 .PP
-The number of threads used to download is controlled by
-\f[C]--multi-thread-streams\f[R].
+You can use the config
+paths (https://rclone.org/commands/rclone_config_paths/) command to see
+the current value.
 .PP
-Use \f[C]-vv\f[R] if you wish to see info about the threads.
+Cache directory is heavily used by the VFS File
+Caching (https://rclone.org/commands/rclone_mount/#vfs-file-caching)
+mount feature, but also by
+serve (https://rclone.org/commands/rclone_serve/), GUI and other parts
+of rclone.
+.SS --check-first
 .PP
-This will work with the \f[C]sync\f[R]/\f[C]copy\f[R]/\f[C]move\f[R]
-commands and friends \f[C]copyto\f[R]/\f[C]moveto\f[R].
-Multi thread downloads will be used with \f[C]rclone mount\f[R] and
-\f[C]rclone serve\f[R] if \f[C]--vfs-cache-mode\f[R] is set to
-\f[C]writes\f[R] or above.
+If this flag is set then in a \f[C]sync\f[R], \f[C]copy\f[R] or
+\f[C]move\f[R], rclone will do all the checks to see whether files need
+to be transferred before doing any of the transfers.
+Normally rclone would start running transfers as soon as possible.
 .PP
-\f[B]NB\f[R] that this \f[B]only\f[R] works for a local destination but
-will work with any source.
+This flag can be useful on IO limited systems where transfers interfere
+with checking.
 .PP
-\f[B]NB\f[R] that multi thread copies are disabled for local to local
-copies as they are faster without unless
-\f[C]--multi-thread-streams\f[R] is set explicitly.
+It can also be useful to ensure perfect ordering when using
+\f[C]--order-by\f[R].
 .PP
-\f[B]NB\f[R] on Windows using multi-thread downloads will cause the
-resulting files to be
-sparse (https://en.wikipedia.org/wiki/Sparse_file).
-Use \f[C]--local-no-sparse\f[R] to disable sparse files (which may cause
-long delays at the start of downloads) or disable multi-thread downloads
-with \f[C]--multi-thread-streams 0\f[R]
-.SS --multi-thread-streams=N
+If both \f[C]--check-first\f[R] and \f[C]--order-by\f[R] are set when
+doing \f[C]rclone move\f[R] then rclone will use the transfer thread to
+delete source files which don\[aq]t need transferring.
+This will enable perfect ordering of the transfers and deletes but will
+cause the transfer stats to have more items in than expected.
 .PP
-When using multi thread downloads (see above
-\f[C]--multi-thread-cutoff\f[R]) this sets the maximum number of streams
-to use.
-Set to \f[C]0\f[R] to disable multi thread downloads (Default 4).
+Using this flag can use more memory as it effectively sets
+\f[C]--max-backlog\f[R] to infinite.
+This means that all the info on the objects to transfer is held in
+memory before the transfers start.
+.SS --checkers=N
 .PP
-Exactly how many streams rclone uses for the download depends on the
-size of the file.
-To calculate the number of download streams Rclone divides the size of
-the file by the \f[C]--multi-thread-cutoff\f[R] and rounds up, up to the
-maximum set with \f[C]--multi-thread-streams\f[R].
+Originally controlling just the number of file checkers to run in
+parallel, e.g.
+by \f[C]rclone copy\f[R].
+Now a fairly universal parallelism control used by \f[C]rclone\f[R] in
+several places.
 .PP
-So if \f[C]--multi-thread-cutoff 250M\f[R] and
-\f[C]--multi-thread-streams 4\f[R] are in effect (the defaults):
-.IP \[bu] 2
-0..250 MiB files will be downloaded with 1 stream
-.IP \[bu] 2
-250..500 MiB files will be downloaded with 2 streams
-.IP \[bu] 2
-500..750 MiB files will be downloaded with 3 streams
-.IP \[bu] 2
-750+ MiB files will be downloaded with 4 streams
-.SS --no-check-dest
+Note: checkers do the equality checking of files during a sync.
+For some storage systems (e.g.
+S3, Swift, Dropbox) this can take a significant amount of time so they
+are run in parallel.
 .PP
-The \f[C]--no-check-dest\f[R] can be used with \f[C]move\f[R] or
-\f[C]copy\f[R] and it causes rclone not to check the destination at all
-when copying files.
+The default is to run 8 checkers in parallel.
+However, in case of slow-reacting backends you may need to lower (rather
+than increase) this default by setting \f[C]--checkers\f[R] to 4 or less
+threads.
+This is especially advised if you are experiencing backend server
+crashes during file checking phase (e.g.
+on subsequent or top-up backups where little or no file copying is done
+and checking takes up most of the time).
+Increase this setting only with utmost care, while monitoring your
+server health and file checking throughput.
+.SS -c, --checksum
 .PP
-This means that:
-.IP \[bu] 2
-the destination is not listed minimising the API calls
-.IP \[bu] 2
-files are always transferred
-.IP \[bu] 2
-this can cause duplicates on remotes which allow it (e.g.
-Google Drive)
-.IP \[bu] 2
-\f[C]--retries 1\f[R] is recommended otherwise you\[aq]ll transfer
-everything again on a retry
+Normally rclone will look at modification time and size of files to see
+if they are equal.
+If you set this flag then rclone will check the file hash and size to
+determine if files are equal.
 .PP
-This flag is useful to minimise the transactions if you know that none
-of the files are on the destination.
+This is useful when the remote doesn\[aq]t support setting modified time
+and a more accurate sync is desired than just checking the file size.
 .PP
-This is a specialized flag which should be ignored by most users!
-.SS --no-gzip-encoding
+This is very useful when transferring between remotes which store the
+same hash type on the object, e.g.
+Drive and Swift.
+For details of which remotes support which hash type see the table in
+the overview section (https://rclone.org/overview/).
 .PP
-Don\[aq]t set \f[C]Accept-Encoding: gzip\f[R].
-This means that rclone won\[aq]t ask the server for compressed files
-automatically.
-Useful if you\[aq]ve set the server to return files with
-\f[C]Content-Encoding: gzip\f[R] but you uploaded compressed files.
+Eg \f[C]rclone --checksum sync s3:/bucket swift:/bucket\f[R] would run
+much quicker than without the \f[C]--checksum\f[R] flag.
 .PP
-There is no need to set this in normal operation, and doing so will
-decrease the network transfer efficiency of rclone.
-.SS --no-traverse
+When using this flag, rclone won\[aq]t update mtimes of remote files if
+they are incorrect as it would normally.
+.SS --color WHEN
 .PP
-The \f[C]--no-traverse\f[R] flag controls whether the destination file
-system is traversed when using the \f[C]copy\f[R] or \f[C]move\f[R]
-commands.
-\f[C]--no-traverse\f[R] is not compatible with \f[C]sync\f[R] and will
-be ignored if you supply it with \f[C]sync\f[R].
+Specify when colors (and other ANSI codes) should be added to the
+output.
 .PP
-If you are only copying a small number of files (or are filtering most
-of the files) and/or have a large number of files on the destination
-then \f[C]--no-traverse\f[R] will stop rclone listing the destination
-and save time.
+\f[C]AUTO\f[R] (default) only allows ANSI codes when the output is a
+terminal
 .PP
-However, if you are copying a large number of files, especially if you
-are doing a copy where lots of the files under consideration haven\[aq]t
-changed and won\[aq]t need copying then you shouldn\[aq]t use
-\f[C]--no-traverse\f[R].
+\f[C]NEVER\f[R] never allow ANSI codes
 .PP
-See rclone copy (https://rclone.org/commands/rclone_copy/) for an
-example of how to use it.
-.SS --no-unicode-normalization
+\f[C]ALWAYS\f[R] always add ANSI codes, regardless of the output format
+(terminal or file)
+.SS --compare-dest=DIR
 .PP
-Don\[aq]t normalize unicode characters in filenames during the sync
-routine.
+When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] DIR is
+checked in addition to the destination for files.
+If a file identical to the source is found that file is NOT copied from
+source.
+This is useful to copy just files that have changed since the last
+backup.
 .PP
-Sometimes, an operating system will store filenames containing unicode
-parts in their decomposed form (particularly macOS).
-Some cloud storage systems will then recompose the unicode, resulting in
-duplicate files if the data is ever copied back to a local filesystem.
+You must use the same remote as the destination of the sync.
+The compare directory must not overlap the destination directory.
 .PP
-Using this flag will disable that functionality, treating each unicode
-character as unique.
-For example, by default e\[u0301] and \['e] will be normalized into the
-same character.
-With \f[C]--no-unicode-normalization\f[R] they will be treated as unique
-characters.
-.SS --no-update-modtime
+See \f[C]--copy-dest\f[R] and \f[C]--backup-dir\f[R].
+.SS --config=CONFIG_FILE
 .PP
-When using this flag, rclone won\[aq]t update modification times of
-remote files if they are incorrect as it would normally.
+Specify the location of the rclone configuration file, to override the
+default.
+E.g.
+\f[C]rclone config --config=\[dq]rclone.conf\[dq]\f[R].
 .PP
-This can be used if the remote is being synced with another tool also
-(e.g.
-the Google Drive client).
-.SS --order-by string
+The exact default is a bit complex to describe, due to changes
+introduced through different versions of rclone while preserving
+backwards compatibility, but in most cases it is as simple as:
+.IP \[bu] 2
+\f[C]%APPDATA%/rclone/rclone.conf\f[R] on Windows
+.IP \[bu] 2
+\f[C]\[ti]/.config/rclone/rclone.conf\f[R] on other
 .PP
-The \f[C]--order-by\f[R] flag controls the order in which files in the
-backlog are processed in \f[C]rclone sync\f[R], \f[C]rclone copy\f[R]
-and \f[C]rclone move\f[R].
+The complete logic is as follows: Rclone will look for an existing
+configuration file in any of the following locations, in priority order:
+.IP "1." 3
+\f[C]rclone.conf\f[R] (in program directory, where rclone executable is)
+.IP "2." 3
+\f[C]%APPDATA%/rclone/rclone.conf\f[R] (only on Windows)
+.IP "3." 3
+\f[C]$XDG_CONFIG_HOME/rclone/rclone.conf\f[R] (on all systems, including
+Windows)
+.IP "4." 3
+\f[C]\[ti]/.config/rclone/rclone.conf\f[R] (see below for explanation of
+\[ti] symbol)
+.IP "5." 3
+\f[C]\[ti]/.rclone.conf\f[R]
 .PP
-The order by string is constructed like this.
-The first part describes what aspect is being measured:
+If no existing configuration file is found, then a new one will be
+created in the following location:
 .IP \[bu] 2
-\f[C]size\f[R] - order by the size of the files
+On Windows: Location 2 listed above, except in the unlikely event that
+\f[C]APPDATA\f[R] is not defined, then location 4 is used instead.
 .IP \[bu] 2
-\f[C]name\f[R] - order by the full path of the files
+On Unix: Location 3 if \f[C]XDG_CONFIG_HOME\f[R] is defined, else
+location 4.
 .IP \[bu] 2
-\f[C]modtime\f[R] - order by the modification date of the files
+Fallback to location 5 (on all OS), when the rclone directory cannot be
+created, but if also a home directory was not found then path
+\f[C].rclone.conf\f[R] relative to current working directory will be
+used as a final resort.
 .PP
-This can have a modifier appended with a comma:
+The \f[C]\[ti]\f[R] symbol in paths above represent the home directory
+of the current user on any OS, and the value is defined as following:
 .IP \[bu] 2
-\f[C]ascending\f[R] or \f[C]asc\f[R] - order so that the smallest (or
-oldest) is processed first
+On Windows: \f[C]%HOME%\f[R] if defined, else \f[C]%USERPROFILE%\f[R],
+or else \f[C]%HOMEDRIVE%\[rs]%HOMEPATH%\f[R].
 .IP \[bu] 2
-\f[C]descending\f[R] or \f[C]desc\f[R] - order so that the largest (or
-newest) is processed first
-.IP \[bu] 2
-\f[C]mixed\f[R] - order so that the smallest is processed first for some
-threads and the largest for others
-.PP
-If the modifier is \f[C]mixed\f[R] then it can have an optional
-percentage (which defaults to \f[C]50\f[R]), e.g.
-\f[C]size,mixed,25\f[R] which means that 25% of the threads should be
-taking the smallest items and 75% the largest.
-The threads which take the smallest first will always take the smallest
-first and likewise the largest first threads.
-The \f[C]mixed\f[R] mode can be useful to minimise the transfer time
-when you are transferring a mixture of large and small files - the large
-files are guaranteed upload threads and bandwidth and the small files
-will be processed continuously.
-.PP
-If no modifier is supplied then the order is \f[C]ascending\f[R].
-.PP
-For example
-.IP \[bu] 2
-\f[C]--order-by size,desc\f[R] - send the largest files first
-.IP \[bu] 2
-\f[C]--order-by modtime,ascending\f[R] - send the oldest files first
-.IP \[bu] 2
-\f[C]--order-by name\f[R] - send the files with alphabetically by path
-first
-.PP
-If the \f[C]--order-by\f[R] flag is not supplied or it is supplied with
-an empty string then the default ordering will be used which is as
-scanned.
-With \f[C]--checkers 1\f[R] this is mostly alphabetical, however with
-the default \f[C]--checkers 8\f[R] it is somewhat random.
-.SS Limitations
-.PP
-The \f[C]--order-by\f[R] flag does not do a separate pass over the data.
-This means that it may transfer some files out of the order specified if
-.IP \[bu] 2
-there are no files in the backlog or the source has not been fully
-scanned yet
-.IP \[bu] 2
-there are more than --max-backlog files in the backlog
+On Unix: \f[C]$HOME\f[R] if defined, else by looking up current user in
+OS-specific user database (e.g.
+passwd file), or else use the result from shell command
+\f[C]cd && pwd\f[R].
 .PP
-Rclone will do its best to transfer the best file it has so in practice
-this should not cause a problem.
-Think of \f[C]--order-by\f[R] as being more of a best efforts flag
-rather than a perfect ordering.
+If you run \f[C]rclone config file\f[R] you will see where the default
+location is for you.
 .PP
-If you want perfect ordering then you will need to specify --check-first
-which will find all the files which need transferring first before
-transferring any.
-.SS --password-command SpaceSepList
+The fact that an existing file \f[C]rclone.conf\f[R] in the same
+directory as the rclone executable is always preferred, means that it is
+easy to run in \[dq]portable\[dq] mode by downloading rclone executable
+to a writable directory and then create an empty file
+\f[C]rclone.conf\f[R] in the same directory.
 .PP
-This flag supplies a program which should supply the config password
-when run.
-This is an alternative to rclone prompting for the password or setting
-the \f[C]RCLONE_CONFIG_PASS\f[R] variable.
+If the location is set to empty string \f[C]\[dq]\[dq]\f[R] or path to a
+file with name \f[C]notfound\f[R], or the os null device represented by
+value \f[C]NUL\f[R] on Windows and \f[C]/dev/null\f[R] on Unix systems,
+then rclone will keep the config file in memory only.
 .PP
-The argument to this should be a command with a space separated list of
-arguments.
-If one of the arguments has a space in then enclose it in
-\f[C]\[dq]\f[R], if you want a literal \f[C]\[dq]\f[R] in an argument
-then enclose the argument in \f[C]\[dq]\f[R] and double the
-\f[C]\[dq]\f[R].
-See CSV encoding (https://godoc.org/encoding/csv) for more info.
+The file format is basic
+INI (https://en.wikipedia.org/wiki/INI_file#Format): Sections of text,
+led by a \f[C][section]\f[R] header and followed by \f[C]key=value\f[R]
+entries on separate lines.
+In rclone each remote is represented by its own section, where the
+section name defines the name of the remote.
+Options are specified as the \f[C]key=value\f[R] entries, where the key
+is the option name without the \f[C]--backend-\f[R] prefix, in lowercase
+and with \f[C]_\f[R] instead of \f[C]-\f[R].
+E.g.
+option \f[C]--mega-hard-delete\f[R] corresponds to key
+\f[C]hard_delete\f[R].
+Only backend options can be specified.
+A special, and required, key \f[C]type\f[R] identifies the storage
+system (https://rclone.org/overview/), where the value is the internal
+lowercase name as returned by command \f[C]rclone help backends\f[R].
+Comments are indicated by \f[C];\f[R] or \f[C]#\f[R] at the beginning of
+a line.
 .PP
-Eg
+Example:
 .IP
 .nf
 \f[C]
---password-command echo hello
---password-command echo \[dq]hello with space\[dq]
---password-command echo \[dq]hello with \[dq]\[dq]quotes\[dq]\[dq] and space\[dq]
+[megaremote]
+type = mega
+user = you\[at]example.com
+pass = PDPcQVVjVtzFY-GTdDFozqBhTdsPg3qH
 \f[R]
 .fi
 .PP
-See the Configuration Encryption for more info.
-.PP
-See a Windows PowerShell example on the
-Wiki (https://github.com/rclone/rclone/wiki/Windows-Powershell-use-rclone-password-command-for-Config-file-password).
-.SS -P, --progress
-.PP
-This flag makes rclone update the stats in a static block in the
-terminal providing a realtime overview of the transfer.
-.PP
-Any log messages will scroll above the static block.
-Log messages will push the static block down to the bottom of the
-terminal where it will stay.
-.PP
-Normally this is updated every 500mS but this period can be overridden
-with the \f[C]--stats\f[R] flag.
-.PP
-This can be used with the \f[C]--stats-one-line\f[R] flag for a simpler
-display.
+Note that passwords are in
+obscured (https://rclone.org/commands/rclone_obscure/) form.
+Also, many storage systems uses token-based authentication instead of
+passwords, and this requires additional steps.
+It is easier, and safer, to use the interactive command
+\f[C]rclone config\f[R] instead of manually editing the configuration
+file.
 .PP
-Note: On Windows until this
-bug (https://github.com/Azure/go-ansiterm/issues/26) is fixed all
-non-ASCII characters will be replaced with \f[C].\f[R] when
-\f[C]--progress\f[R] is in use.
-.SS --progress-terminal-title
+The configuration file will typically contain login information, and
+should therefore have restricted permissions so that only the current
+user can read it.
+Rclone tries to ensure this when it writes the file.
+You may also choose to encrypt the file.
 .PP
-This flag, when used with \f[C]-P/--progress\f[R], will print the string
-\f[C]ETA: %s\f[R] to the terminal title.
-.SS -q, --quiet
+When token-based authentication are used, the configuration file must be
+writable, because rclone needs to update the tokens inside it.
 .PP
-This flag will limit rclone\[aq]s output to error messages only.
-.SS --refresh-times
+To reduce risk of corrupting an existing configuration file, rclone will
+not write directly to it when saving changes.
+Instead it will first write to a new, temporary, file.
+If a configuration file already existed, it will (on Unix systems) try
+to mirror its permissions to the new file.
+Then it will rename the existing file to a temporary name as backup.
+Next, rclone will rename the new file to the correct name, before
+finally cleaning up by deleting the backup file.
+.PP
+If the configuration file path used by rclone is a symbolic link, then
+this will be evaluated and rclone will write to the resolved path,
+instead of overwriting the symbolic link.
+Temporary files used in the process (described above) will be written to
+the same parent directory as that of the resolved configuration file,
+but if this directory is also a symbolic link it will not be resolved
+and the temporary files will be written to the location of the directory
+symbolic link.
+.SS --contimeout=TIME
 .PP
-The \f[C]--refresh-times\f[R] flag can be used to update modification
-times of existing files when they are out of sync on backends which
-don\[aq]t support hashes.
+Set the connection timeout.
+This should be in go time format which looks like \f[C]5s\f[R] for 5
+seconds, \f[C]10m\f[R] for 10 minutes, or \f[C]3h30m\f[R].
 .PP
-This is useful if you uploaded files with the incorrect timestamps and
-you now wish to correct them.
+The connection timeout is the amount of time rclone will wait for a
+connection to go through to a remote object storage system.
+It is \f[C]1m\f[R] by default.
+.SS --copy-dest=DIR
 .PP
-This flag is \f[B]only\f[R] useful for destinations which don\[aq]t
-support hashes (e.g.
-\f[C]crypt\f[R]).
+When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] DIR is
+checked in addition to the destination for files.
+If a file identical to the source is found that file is server-side
+copied from DIR to the destination.
+This is useful for incremental backup.
 .PP
-This can be used any of the sync commands \f[C]sync\f[R], \f[C]copy\f[R]
-or \f[C]move\f[R].
+The remote in use must support server-side copy and you must use the
+same remote as the destination of the sync.
+The compare directory must not overlap the destination directory.
 .PP
-To use this flag you will need to be doing a modification time sync (so
-not using \f[C]--size-only\f[R] or \f[C]--checksum\f[R]).
-The flag will have no effect when using \f[C]--size-only\f[R] or
-\f[C]--checksum\f[R].
+See \f[C]--compare-dest\f[R] and \f[C]--backup-dir\f[R].
+.SS --dedupe-mode MODE
 .PP
-If this flag is used when rclone comes to upload a file it will check to
-see if there is an existing file on the destination.
-If this file matches the source with size (and checksum if available)
-but has a differing timestamp then instead of re-uploading it, rclone
-will update the timestamp on the destination file.
-If the checksum does not match rclone will upload the new file.
-If the checksum is absent (e.g.
-on a \f[C]crypt\f[R] backend) then rclone will update the timestamp.
+Mode to run dedupe command in.
+One of \f[C]interactive\f[R], \f[C]skip\f[R], \f[C]first\f[R],
+\f[C]newest\f[R], \f[C]oldest\f[R], \f[C]rename\f[R].
+The default is \f[C]interactive\f[R].
+.PD 0
+.P
+.PD
+See the dedupe command for more information as to what these options
+mean.
+.SS --default-time TIME
 .PP
-Note that some remotes can\[aq]t set the modification time without
-re-uploading the file so this flag is less useful on them.
+If a file or directory does have a modification time rclone can read
+then rclone will display this fixed time instead.
 .PP
-Normally if you are doing a modification time sync rclone will update
-modification times without \f[C]--refresh-times\f[R] provided that the
-remote supports checksums \f[B]and\f[R] the checksums match on the file.
-However if the checksums are absent then rclone will upload the file
-rather than setting the timestamp as this is the safe behaviour.
-.SS --retries int
+The default is \f[C]2000-01-01 00:00:00 UTC\f[R].
+This can be configured in any of the ways shown in the time or duration
+options.
 .PP
-Retry the entire sync if it fails this many times it fails (default 3).
+For example \f[C]--default-time 2020-06-01\f[R] to set the default time
+to the 1st of June 2020 or \f[C]--default-time 0s\f[R] to set the
+default time to the time rclone started up.
+.SS --disable FEATURE,FEATURE,...
 .PP
-Some remotes can be unreliable and a few retries help pick up the files
-which didn\[aq]t get transferred because of errors.
+This disables a comma separated list of optional features.
+For example to disable server-side move and server-side copy use:
+.IP
+.nf
+\f[C]
+--disable move,copy
+\f[R]
+.fi
 .PP
-Disable retries with \f[C]--retries 1\f[R].
-.SS --retries-sleep=TIME
+The features can be put in any case.
 .PP
-This sets the interval between each retry specified by
-\f[C]--retries\f[R]
+To see a list of which features can be disabled use:
+.IP
+.nf
+\f[C]
+--disable help
+\f[R]
+.fi
 .PP
-The default is \f[C]0\f[R].
-Use \f[C]0\f[R] to disable.
-.SS --server-side-across-configs
+The features a remote has can be seen in JSON format with:
+.IP
+.nf
+\f[C]
+rclone backend features remote:
+\f[R]
+.fi
 .PP
-Allow server-side operations (e.g.
-copy or move) to work across different configurations.
+See the overview features (https://rclone.org/overview/#features) and
+optional features (https://rclone.org/overview/#optional-features) to
+get an idea of which feature does what.
 .PP
-This can be useful if you wish to do a server-side copy or move between
-two remotes which use the same backend but are configured differently.
+Note that some features can be set to \f[C]true\f[R] if they are
+\f[C]true\f[R]/\f[C]false\f[R] feature flag features by prefixing them
+with \f[C]!\f[R].
+For example the \f[C]CaseInsensitive\f[R] feature can be forced to
+\f[C]false\f[R] with \f[C]--disable CaseInsensitive\f[R] and forced to
+\f[C]true\f[R] with \f[C]--disable \[aq]!CaseInsensitive\[aq]\f[R].
+In general it isn\[aq]t a good idea doing this but it may be useful in
+extremis.
 .PP
-Note that this isn\[aq]t enabled by default because it isn\[aq]t easy
-for rclone to tell if it will work between any two configurations.
-.SS --size-only
+(Note that \f[C]!\f[R] is a shell command which you will need to escape
+with single quotes or a backslash on unix like platforms.)
 .PP
-Normally rclone will look at modification time and size of files to see
-if they are equal.
-If you set this flag then rclone will check only the size.
+This flag can be useful for debugging and in exceptional circumstances
+(e.g.
+Google Drive limiting the total volume of Server Side Copies to 100
+GiB/day).
+.SS --disable-http2
 .PP
-This can be useful transferring files from Dropbox which have been
-modified by the desktop sync client which doesn\[aq]t set checksums of
-modification times in the same way as rclone.
-.SS --stats=TIME
+This stops rclone from trying to use HTTP/2 if available.
+This can sometimes speed up transfers due to a problem in the Go
+standard library (https://github.com/golang/go/issues/37373).
+.SS --dscp VALUE
 .PP
-Commands which transfer data (\f[C]sync\f[R], \f[C]copy\f[R],
-\f[C]copyto\f[R], \f[C]move\f[R], \f[C]moveto\f[R]) will print data
-transfer stats at regular intervals to show their progress.
+Specify a DSCP value or name to use in connections.
+This could help QoS system to identify traffic class.
+BE, EF, DF, LE, CSx and AFxx are allowed.
 .PP
-This sets the interval.
+See the description of differentiated
+services (https://en.wikipedia.org/wiki/Differentiated_services) to get
+an idea of this field.
+Setting this to 1 (LE) to identify the flow to SCAVENGER class can avoid
+occupying too much bandwidth in a network with DiffServ support (RFC
+8622 (https://tools.ietf.org/html/rfc8622)).
 .PP
-The default is \f[C]1m\f[R].
-Use \f[C]0\f[R] to disable.
+For example, if you configured QoS on router to handle LE properly.
+Running:
+.IP
+.nf
+\f[C]
+rclone copy --dscp LE from:/from to:/to
+\f[R]
+.fi
 .PP
-If you set the stats interval then all commands can show stats.
-This can be useful when running other commands, \f[C]check\f[R] or
-\f[C]mount\f[R] for example.
+would make the priority lower than usual internet flows.
 .PP
-Stats are logged at \f[C]INFO\f[R] level by default which means they
-won\[aq]t show at default log level \f[C]NOTICE\f[R].
-Use \f[C]--stats-log-level NOTICE\f[R] or \f[C]-v\f[R] to make them
-show.
-See the Logging section for more info on log levels.
+This option has no effect on Windows (see
+golang/go#42728 (https://github.com/golang/go/issues/42728)).
+.SS -n, --dry-run
 .PP
-Note that on macOS you can send a SIGINFO (which is normally ctrl-T in
-the terminal) to make the stats print immediately.
-.SS --stats-file-name-length integer
+Do a trial run with no permanent changes.
+Use this to see what rclone would do without actually doing it.
+Useful when setting up the \f[C]sync\f[R] command which deletes files in
+the destination.
+.SS --expect-continue-timeout=TIME
 .PP
-By default, the \f[C]--stats\f[R] output will truncate file names and
-paths longer than 40 characters.
-This is equivalent to providing \f[C]--stats-file-name-length 40\f[R].
-Use \f[C]--stats-file-name-length 0\f[R] to disable any truncation of
-file names printed by stats.
-.SS --stats-log-level string
+This specifies the amount of time to wait for a server\[aq]s first
+response headers after fully writing the request headers if the request
+has an \[dq]Expect: 100-continue\[dq] header.
+Not all backends support using this.
 .PP
-Log level to show \f[C]--stats\f[R] output at.
-This can be \f[C]DEBUG\f[R], \f[C]INFO\f[R], \f[C]NOTICE\f[R], or
-\f[C]ERROR\f[R].
-The default is \f[C]INFO\f[R].
-This means at the default level of logging which is \f[C]NOTICE\f[R] the
-stats won\[aq]t show - if you want them to then use
-\f[C]--stats-log-level NOTICE\f[R].
-See the Logging section for more info on log levels.
-.SS --stats-one-line
+Zero means no timeout and causes the body to be sent immediately,
+without waiting for the server to approve.
+This time does not include the time to send the request header.
 .PP
-When this is specified, rclone condenses the stats into a single line
-showing the most important stats only.
-.SS --stats-one-line-date
+The default is \f[C]1s\f[R].
+Set to \f[C]0\f[R] to disable.
+.SS --error-on-no-transfer
 .PP
-When this is specified, rclone enables the single-line stats and
-prepends the display with a date string.
-The default is \f[C]2006/01/02 15:04:05 -\f[R]
-.SS --stats-one-line-date-format
+By default, rclone will exit with return code 0 if there were no errors.
 .PP
-When this is specified, rclone enables the single-line stats and
-prepends the display with a user-supplied date string.
-The date string MUST be enclosed in quotes.
-Follow golang specs (https://golang.org/pkg/time/#Time.Format) for date
-formatting syntax.
-.SS --stats-unit=bits|bytes
+This option allows rclone to return exit code 9 if no files were
+transferred between the source and destination.
+This allows using rclone in scripts, and triggering follow-on actions if
+data was copied, or skipping if not.
 .PP
-By default, data transfer rates will be printed in bytes per second.
+NB: Enabling this option turns a usually non-fatal error into a
+potentially fatal one - please check and adjust your scripts
+accordingly!
+.SS --fs-cache-expire-duration=TIME
 .PP
-This option allows the data rate to be printed in bits per second.
+When using rclone via the API rclone caches created remotes for 5
+minutes by default in the \[dq]fs cache\[dq].
+This means that if you do repeated actions on the same remote then
+rclone won\[aq]t have to build it again from scratch, which makes it
+more efficient.
 .PP
-Data transfer volume will still be reported in bytes.
+This flag sets the time that the remotes are cached for.
+If you set it to \f[C]0\f[R] (or negative) then rclone won\[aq]t cache
+the remotes at all.
 .PP
-The rate is reported as a binary unit, not SI unit.
-So 1 Mbit/s equals 1,048,576 bit/s and not 1,000,000 bit/s.
+Note that if you use some flags, eg \f[C]--backup-dir\f[R] and if this
+is set to \f[C]0\f[R] rclone may build two remotes (one for the source
+or destination and one for the \f[C]--backup-dir\f[R] where it may have
+only built one before.
+.SS --fs-cache-expire-interval=TIME
 .PP
-The default is \f[C]bytes\f[R].
-.SS --suffix=SUFFIX
+This controls how often rclone checks for cached remotes to expire.
+See the \f[C]--fs-cache-expire-duration\f[R] documentation above for
+more info.
+The default is 60s, set to 0 to disable expiry.
+.SS --header
 .PP
-When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] any files
-which would have been overwritten or deleted will have the suffix added
-to them.
-If there is a file with the same path (after the suffix has been added),
-then it will be overwritten.
+Add an HTTP header for all transactions.
+The flag can be repeated to add multiple headers.
 .PP
-The remote in use must support server-side move or copy and you must use
-the same remote as the destination of the sync.
+If you want to add headers only for uploads use
+\f[C]--header-upload\f[R] and if you want to add headers only for
+downloads use \f[C]--header-download\f[R].
 .PP
-This is for use with files to add the suffix in the current directory or
-with \f[C]--backup-dir\f[R].
-See \f[C]--backup-dir\f[R] for more info.
+This flag is supported for all HTTP based backends even those not
+supported by \f[C]--header-upload\f[R] and \f[C]--header-download\f[R]
+so may be used as a workaround for those with care.
+.IP
+.nf
+\f[C]
+rclone ls remote:test --header \[dq]X-Rclone: Foo\[dq] --header \[dq]X-LetMeIn: Yes\[dq]
+\f[R]
+.fi
+.SS --header-download
 .PP
-For example
+Add an HTTP header for all download transactions.
+The flag can be repeated to add multiple headers.
 .IP
 .nf
 \f[C]
-rclone copy --interactive /path/to/local/file remote:current --suffix .bak
+rclone sync --interactive s3:test/src \[ti]/dst --header-download \[dq]X-Amz-Meta-Test: Foo\[dq] --header-download \[dq]X-Amz-Meta-Test2: Bar\[dq]
 \f[R]
 .fi
 .PP
-will copy \f[C]/path/to/local\f[R] to \f[C]remote:current\f[R], but for
-any files which would have been updated or deleted have .bak added.
+See the GitHub issue here (https://github.com/rclone/rclone/issues/59)
+for currently supported backends.
+.SS --header-upload
 .PP
-If using \f[C]rclone sync\f[R] with \f[C]--suffix\f[R] and without
-\f[C]--backup-dir\f[R] then it is recommended to put a filter rule in
-excluding the suffix otherwise the \f[C]sync\f[R] will delete the backup
-files.
+Add an HTTP header for all upload transactions.
+The flag can be repeated to add multiple headers.
 .IP
 .nf
 \f[C]
-rclone sync --interactive /path/to/local/file remote:current --suffix .bak --exclude \[dq]*.bak\[dq]
+rclone sync --interactive \[ti]/src s3:test/dst --header-upload \[dq]Content-Disposition: attachment; filename=\[aq]cool.html\[aq]\[dq] --header-upload \[dq]X-Amz-Meta-Test: FooBar\[dq]
 \f[R]
 .fi
-.SS --suffix-keep-extension
 .PP
-When using \f[C]--suffix\f[R], setting this causes rclone put the SUFFIX
-before the extension of the files that it backs up rather than after.
+See the GitHub issue here (https://github.com/rclone/rclone/issues/59)
+for currently supported backends.
+.SS --human-readable
 .PP
-So let\[aq]s say we had \f[C]--suffix -2019-01-01\f[R], without the flag
-\f[C]file.txt\f[R] would be backed up to \f[C]file.txt-2019-01-01\f[R]
-and with the flag it would be backed up to
-\f[C]file-2019-01-01.txt\f[R].
-This can be helpful to make sure the suffixed files can still be opened.
-.SS --syslog
+Rclone commands output values for sizes (e.g.
+number of bytes) and counts (e.g.
+number of files) either as \f[I]raw\f[R] numbers, or in
+\f[I]human-readable\f[R] format.
 .PP
-On capable OSes (not Windows or Plan9) send all log output to syslog.
+In human-readable format the values are scaled to larger units,
+indicated with a suffix shown after the value, and rounded to three
+decimals.
+Rclone consistently uses binary units (powers of 2) for sizes and
+decimal units (powers of 10) for counts.
+The unit prefix for size is according to IEC standard notation, e.g.
+\f[C]Ki\f[R] for kibi.
+Used with byte unit, \f[C]1 KiB\f[R] means 1024 Byte.
+In list type of output, only the unit prefix appended to the value (e.g.
+\f[C]9.762Ki\f[R]), while in more textual output the full unit is shown
+(e.g.
+\f[C]9.762 KiB\f[R]).
+For counts the SI standard notation is used, e.g.
+prefix \f[C]k\f[R] for kilo.
+Used with file counts, \f[C]1k\f[R] means 1000 files.
 .PP
-This can be useful for running rclone in a script or
-\f[C]rclone mount\f[R].
-.SS --syslog-facility string
+The various list (https://rclone.org/commands/rclone_ls/) commands
+output raw numbers by default.
+Option \f[C]--human-readable\f[R] will make them output values in
+human-readable format instead (with the short unit prefix).
 .PP
-If using \f[C]--syslog\f[R] this sets the syslog facility (e.g.
-\f[C]KERN\f[R], \f[C]USER\f[R]).
-See \f[C]man syslog\f[R] for a list of possible facilities.
-The default facility is \f[C]DAEMON\f[R].
-.SS --temp-dir=DIR
+The about (https://rclone.org/commands/rclone_about/) command outputs
+human-readable by default, with a command-specific option
+\f[C]--full\f[R] to output the raw numbers instead.
 .PP
-Specify the directory rclone will use for temporary files, to override
-the default.
-Make sure the directory exists and have accessible permissions.
+Command size (https://rclone.org/commands/rclone_size/) outputs both
+human-readable and raw numbers in the same output.
 .PP
-By default the operating system\[aq]s temp directory will be used: - On
-Unix systems, \f[C]$TMPDIR\f[R] if non-empty, else \f[C]/tmp\f[R].
-- On Windows, the first non-empty value from \f[C]%TMP%\f[R],
-\f[C]%TEMP%\f[R], \f[C]%USERPROFILE%\f[R], or the Windows directory.
+The tree (https://rclone.org/commands/rclone_tree/) command also
+considers \f[C]--human-readable\f[R], but it will not use the exact same
+notation as the other commands: It rounds to one decimal, and uses
+single letter suffix, e.g.
+\f[C]K\f[R] instead of \f[C]Ki\f[R].
+The reason for this is that it relies on an external library.
 .PP
-When overriding the default with this option, the specified path will be
-set as value of environment variable \f[C]TMPDIR\f[R] on Unix systems
-and \f[C]TMP\f[R] and \f[C]TEMP\f[R] on Windows.
+The interactive command ncdu (https://rclone.org/commands/rclone_ncdu/)
+shows human-readable by default, and responds to key \f[C]u\f[R] for
+toggling human-readable format.
+.SS --ignore-case-sync
 .PP
-You can use the config
-paths (https://rclone.org/commands/rclone_config_paths/) command to see
-the current value.
-.SS --tpslimit float
+Using this option will cause rclone to ignore the case of the files when
+synchronizing so files will not be copied/synced when the existing
+filenames are the same, even if the casing is different.
+.SS --ignore-checksum
 .PP
-Limit transactions per second to this number.
-Default is 0 which is used to mean unlimited transactions per second.
+Normally rclone will check that the checksums of transferred files
+match, and give an error \[dq]corrupted on transfer\[dq] if they
+don\[aq]t.
 .PP
-A transaction is roughly defined as an API call; its exact meaning will
-depend on the backend.
-For HTTP based backends it is an HTTP PUT/GET/POST/etc and its response.
-For FTP/SFTP it is a round trip transaction over TCP.
+You can use this option to skip that check.
+You should only use it if you have had the \[dq]corrupted on
+transfer\[dq] error message and you are sure you might want to transfer
+potentially corrupted data.
+.SS --ignore-existing
 .PP
-For example, to limit rclone to 10 transactions per second use
-\f[C]--tpslimit 10\f[R], or to 1 transaction every 2 seconds use
-\f[C]--tpslimit 0.5\f[R].
+Using this option will make rclone unconditionally skip all files that
+exist on the destination, no matter the content of these files.
 .PP
-Use this when the number of transactions per second from rclone is
-causing a problem with the cloud storage provider (e.g.
-getting you banned or rate limited).
-.PP
-This can be very useful for \f[C]rclone mount\f[R] to control the
-behaviour of applications using it.
-.PP
-This limit applies to all HTTP based backends and to the FTP and SFTP
-backends.
-It does not apply to the local backend or the Storj backend.
-.PP
-See also \f[C]--tpslimit-burst\f[R].
-.SS --tpslimit-burst int
-.PP
-Max burst of transactions for \f[C]--tpslimit\f[R] (default
-\f[C]1\f[R]).
-.PP
-Normally \f[C]--tpslimit\f[R] will do exactly the number of transaction
-per second specified.
-However if you supply \f[C]--tps-burst\f[R] then rclone can save up some
-transactions from when it was idle giving a burst of up to the parameter
-supplied.
-.PP
-For example if you provide \f[C]--tpslimit-burst 10\f[R] then if rclone
-has been idle for more than 10*\f[C]--tpslimit\f[R] then it can do 10
-transactions very quickly before they are limited again.
+While this isn\[aq]t a generally recommended option, it can be useful in
+cases where your files change due to encryption.
+However, it cannot correct partial transfers in case a transfer was
+interrupted.
 .PP
-This may be used to increase performance of \f[C]--tpslimit\f[R] without
-changing the long term average number of transactions per second.
-.SS --track-renames
+When performing a \f[C]move\f[R]/\f[C]moveto\f[R] command, this flag
+will leave skipped files in the source location unchanged when a file
+with the same name exists on the destination.
+.SS --ignore-size
 .PP
-By default, rclone doesn\[aq]t keep track of renamed files, so if you
-rename a file locally then sync it to a remote, rclone will delete the
-old file on the remote and upload a new copy.
+Normally rclone will look at modification time and size of files to see
+if they are equal.
+If you set this flag then rclone will check only the modification time.
+If \f[C]--checksum\f[R] is set then it only checks the checksum.
 .PP
-An rclone sync with \f[C]--track-renames\f[R] runs like a normal sync,
-but keeps track of objects which exist in the destination but not in the
-source (which would normally be deleted), and which objects exist in the
-source but not the destination (which would normally be transferred).
-These objects are then candidates for renaming.
+It will also cause rclone to skip verifying the sizes are the same after
+transfer.
 .PP
-After the sync, rclone matches up the source only and destination only
-objects using the \f[C]--track-renames-strategy\f[R] specified and
-either renames the destination object or transfers the source and
-deletes the destination object.
-\f[C]--track-renames\f[R] is stateless like all of rclone\[aq]s syncs.
+This can be useful for transferring files to and from OneDrive which
+occasionally misreports the size of image files (see
+#399 (https://github.com/rclone/rclone/issues/399) for more info).
+.SS -I, --ignore-times
 .PP
-To use this flag the destination must support server-side copy or
-server-side move, and to use a hash based
-\f[C]--track-renames-strategy\f[R] (the default) the source and the
-destination must have a compatible hash.
+Using this option will cause rclone to unconditionally upload all files
+regardless of the state of files on the destination.
 .PP
-If the destination does not support server-side copy or move, rclone
-will fall back to the default behaviour and log an error level message
-to the console.
+Normally rclone would skip any files that have the same modification
+time and are the same size (or have the same checksum if using
+\f[C]--checksum\f[R]).
+.SS --immutable
 .PP
-Encrypted destinations are not currently supported by
-\f[C]--track-renames\f[R] if \f[C]--track-renames-strategy\f[R] includes
-\f[C]hash\f[R].
+Treat source and destination files as immutable and disallow
+modification.
 .PP
-Note that \f[C]--track-renames\f[R] is incompatible with
-\f[C]--no-traverse\f[R] and that it uses extra memory to keep track of
-all the rename candidates.
+With this option set, files will be created and deleted as requested,
+but existing files will never be updated.
+If an existing file does not match between the source and destination,
+rclone will give the error
+\f[C]Source and destination exist but do not match: immutable file modified\f[R].
 .PP
-Note also that \f[C]--track-renames\f[R] is incompatible with
-\f[C]--delete-before\f[R] and will select \f[C]--delete-after\f[R]
-instead of \f[C]--delete-during\f[R].
-.SS --track-renames-strategy (hash,modtime,leaf,size)
+Note that only commands which transfer files (e.g.
+\f[C]sync\f[R], \f[C]copy\f[R], \f[C]move\f[R]) are affected by this
+behavior, and only modification is disallowed.
+Files may still be deleted explicitly (e.g.
+\f[C]delete\f[R], \f[C]purge\f[R]) or implicitly (e.g.
+\f[C]sync\f[R], \f[C]move\f[R]).
+Use \f[C]copy --immutable\f[R] if it is desired to avoid deletion as
+well as modification.
 .PP
-This option changes the file matching criteria for
-\f[C]--track-renames\f[R].
+This can be useful as an additional layer of protection for immutable or
+append-only data sets (notably backup archives), where modification
+implies corruption and should not be propagated.
+.SS --inplace
 .PP
-The matching is controlled by a comma separated selection of these
-tokens:
+The \f[C]--inplace\f[R] flag changes the behaviour of rclone when
+uploading files to some backends (backends with the
+\f[C]PartialUploads\f[R] feature flag set) such as:
 .IP \[bu] 2
-\f[C]modtime\f[R] - the modification time of the file - not supported on
-all backends
-.IP \[bu] 2
-\f[C]hash\f[R] - the hash of the file contents - not supported on all
-backends
+local
 .IP \[bu] 2
-\f[C]leaf\f[R] - the name of the file not including its directory name
+ftp
 .IP \[bu] 2
-\f[C]size\f[R] - the size of the file (this is always enabled)
+sftp
 .PP
-The default option is \f[C]hash\f[R].
+Without \f[C]--inplace\f[R] (the default) rclone will first upload to a
+temporary file with an extension like this, where \f[C]XXXXXX\f[R]
+represents a random string and \f[C].partial\f[R] is --partial-suffix
+value (\f[C].partial\f[R] by default).
+.IP
+.nf
+\f[C]
+original-file-name.XXXXXX.partial
+\f[R]
+.fi
 .PP
-Using \f[C]--track-renames-strategy modtime,leaf\f[R] would match files
-based on modification time, the leaf of the file name and the size only.
+(rclone will make sure the final name is no longer than 100 characters
+by truncating the \f[C]original-file-name\f[R] part if necessary).
 .PP
-Using \f[C]--track-renames-strategy modtime\f[R] or \f[C]leaf\f[R] can
-enable \f[C]--track-renames\f[R] support for encrypted destinations.
+When the upload is complete, rclone will rename the \f[C].partial\f[R]
+file to the correct name, overwriting any existing file at that point.
+If the upload fails then the \f[C].partial\f[R] file will be deleted.
 .PP
-Note that the \f[C]hash\f[R] strategy is not supported with encrypted
-destinations.
-.SS --delete-(before,during,after)
+This prevents other users of the backend from seeing partially uploaded
+files in their new names and prevents overwriting the old file until the
+new one is completely uploaded.
 .PP
-This option allows you to specify when files on your destination are
-deleted when you sync folders.
+If the \f[C]--inplace\f[R] flag is supplied, rclone will upload directly
+to the final name without creating a \f[C].partial\f[R] file.
 .PP
-Specifying the value \f[C]--delete-before\f[R] will delete all files
-present on the destination, but not on the source \f[I]before\f[R]
-starting the transfer of any new or updated files.
-This uses two passes through the file systems, one for the deletions and
-one for the copies.
+This means that an incomplete file will be visible in the directory
+listings while the upload is in progress and any existing files will be
+overwritten as soon as the upload starts.
+If the transfer fails then the file will be deleted.
+This can cause data loss of the existing file if the transfer fails.
 .PP
-Specifying \f[C]--delete-during\f[R] will delete files while checking
-and uploading files.
-This is the fastest option and uses the least memory.
+Note that on the local file system if you don\[aq]t use
+\f[C]--inplace\f[R] hard links (Unix only) will be broken.
+And if you do use \f[C]--inplace\f[R] you won\[aq]t be able to update in
+use executables.
 .PP
-Specifying \f[C]--delete-after\f[R] (the default value) will delay
-deletion of files until all new/updated files have been successfully
-transferred.
-The files to be deleted are collected in the copy pass then deleted
-after the copy pass has completed successfully.
-The files to be deleted are held in memory so this mode may use more
-memory.
-This is the safest mode as it will only delete files if there have been
-no errors subsequent to that.
-If there have been errors before the deletions start then you will get
-the message \f[C]not deleting files as there were IO errors\f[R].
-.SS --fast-list
+Note also that versions of rclone prior to v1.63.0 behave as if the
+\f[C]--inplace\f[R] flag is always supplied.
+.SS -i, --interactive
 .PP
-When doing anything which involves a directory listing (e.g.
-\f[C]sync\f[R], \f[C]copy\f[R], \f[C]ls\f[R] - in fact nearly every
-command), rclone normally lists a directory and processes it before
-using more directory lists to process any subdirectories.
-This can be parallelised and works very quickly using the least amount
-of memory.
+This flag can be used to tell rclone that you wish a manual confirmation
+before destructive operations.
 .PP
-However, some remotes have a way of listing all files beneath a
-directory in one (or a small number) of transactions.
-These tend to be the bucket-based remotes (e.g.
-S3, B2, GCS, Swift).
+It is \f[B]recommended\f[R] that you use this flag while learning rclone
+especially with \f[C]rclone sync\f[R].
+.PP
+For example
+.IP
+.nf
+\f[C]
+$ rclone delete --interactive /tmp/dir
+rclone: delete \[dq]important-file.txt\[dq]?
+y) Yes, this is OK (default)
+n) No, skip this
+s) Skip all delete operations with no more questions
+!) Do all delete operations with no more questions
+q) Exit rclone now.
+y/n/s/!/q> n
+\f[R]
+.fi
 .PP
-If you use the \f[C]--fast-list\f[R] flag then rclone will use this
-method for listing directories.
-This will have the following consequences for the listing:
+The options mean
+.IP \[bu] 2
+\f[C]y\f[R]: \f[B]Yes\f[R], this operation should go ahead.
+You can also press Return for this to happen.
+You\[aq]ll be asked every time unless you choose \f[C]s\f[R] or
+\f[C]!\f[R].
 .IP \[bu] 2
-It \f[B]will\f[R] use fewer transactions (important if you pay for them)
+\f[C]n\f[R]: \f[B]No\f[R], do not do this operation.
+You\[aq]ll be asked every time unless you choose \f[C]s\f[R] or
+\f[C]!\f[R].
 .IP \[bu] 2
-It \f[B]will\f[R] use more memory.
-Rclone has to load the whole listing into memory.
+\f[C]s\f[R]: \f[B]Skip\f[R] all the following operations of this type
+with no more questions.
+This takes effect until rclone exits.
+If there are any different kind of operations you\[aq]ll be prompted for
+them.
 .IP \[bu] 2
-It \f[I]may\f[R] be faster because it uses fewer transactions
+\f[C]!\f[R]: \f[B]Do all\f[R] the following operations with no more
+questions.
+Useful if you\[aq]ve decided that you don\[aq]t mind rclone doing that
+kind of operation.
+This takes effect until rclone exits .
+If there are any different kind of operations you\[aq]ll be prompted for
+them.
 .IP \[bu] 2
-It \f[I]may\f[R] be slower because it can\[aq]t be parallelized
+\f[C]q\f[R]: \f[B]Quit\f[R] rclone now, just in case!
+.SS --leave-root
 .PP
-rclone should always give identical results with and without
-\f[C]--fast-list\f[R].
+During rmdirs it will not remove root directory, even if it\[aq]s empty.
+.SS --log-file=FILE
 .PP
-If you pay for transactions and can fit your entire sync listing into
-memory then \f[C]--fast-list\f[R] is recommended.
-If you have a very big sync to do then don\[aq]t use
-\f[C]--fast-list\f[R] otherwise you will run out of memory.
+Log all of rclone\[aq]s output to FILE.
+This is not active by default.
+This can be useful for tracking down problems with syncs in combination
+with the \f[C]-v\f[R] flag.
+See the Logging section for more info.
 .PP
-If you use \f[C]--fast-list\f[R] on a remote which doesn\[aq]t support
-it, then rclone will just ignore it.
-.SS --timeout=TIME
+If FILE exists then rclone will append to it.
 .PP
-This sets the IO idle timeout.
-If a transfer has started but then becomes idle for this long it is
-considered broken and disconnected.
+Note that if you are using the \f[C]logrotate\f[R] program to manage
+rclone\[aq]s logs, then you should use the \f[C]copytruncate\f[R] option
+as rclone doesn\[aq]t have a signal to rotate logs.
+.SS --log-format LIST
 .PP
-The default is \f[C]5m\f[R].
-Set to \f[C]0\f[R] to disable.
-.SS --transfers=N
+Comma separated list of log format options.
+Accepted options are \f[C]date\f[R], \f[C]time\f[R],
+\f[C]microseconds\f[R], \f[C]pid\f[R], \f[C]longfile\f[R],
+\f[C]shortfile\f[R], \f[C]UTC\f[R].
+Any other keywords will be silently ignored.
+\f[C]pid\f[R] will tag log messages with process identifier which useful
+with \f[C]rclone mount --daemon\f[R].
+Other accepted options are explained in the go
+documentation (https://pkg.go.dev/log#pkg-constants).
+The default log format is \[dq]\f[C]date\f[R],\f[C]time\f[R]\[dq].
+.SS --log-level LEVEL
 .PP
-The number of file transfers to run in parallel.
-It can sometimes be useful to set this to a smaller number if the remote
-is giving a lot of timeouts or bigger if you have lots of bandwidth and
-a fast remote.
+This sets the log level for rclone.
+The default log level is \f[C]NOTICE\f[R].
 .PP
-The default is to run 4 file transfers in parallel.
+\f[C]DEBUG\f[R] is equivalent to \f[C]-vv\f[R].
+It outputs lots of debug info - useful for bug reports and really
+finding out what rclone is doing.
 .PP
-Look at --multi-thread-streams if you would like to control single file
-transfers.
-.SS -u, --update
+\f[C]INFO\f[R] is equivalent to \f[C]-v\f[R].
+It outputs information about each transfer and prints stats once a
+minute by default.
 .PP
-This forces rclone to skip any files which exist on the destination and
-have a modified time that is newer than the source file.
+\f[C]NOTICE\f[R] is the default log level if no logging flags are
+supplied.
+It outputs very little when things are working normally.
+It outputs warnings and significant events.
 .PP
-This can be useful in avoiding needless transfers when transferring to a
-remote which doesn\[aq]t support modification times directly (or when
-using \f[C]--use-server-modtime\f[R] to avoid extra API calls) as it is
-more accurate than a \f[C]--size-only\f[R] check and faster than using
-\f[C]--checksum\f[R].
-On such remotes (or when using \f[C]--use-server-modtime\f[R]) the time
-checked will be the uploaded time.
+\f[C]ERROR\f[R] is equivalent to \f[C]-q\f[R].
+It only outputs error messages.
+.SS --use-json-log
 .PP
-If an existing destination file has a modification time older than the
-source file\[aq]s, it will be updated if the sizes are different.
-If the sizes are the same, it will be updated if the checksum is
-different or not available.
+This switches the log format to JSON for rclone.
+The fields of json log are level, msg, source, time.
+.SS --low-level-retries NUMBER
 .PP
-If an existing destination file has a modification time equal (within
-the computed modify window) to the source file\[aq]s, it will be updated
-if the sizes are different.
-The checksum will not be checked in this case unless the
-\f[C]--checksum\f[R] flag is provided.
+This controls the number of low level retries rclone does.
 .PP
-In all other cases the file will not be updated.
+A low level retry is used to retry a failing operation - typically one
+HTTP request.
+This might be uploading a chunk of a big file for example.
+You will see low level retries in the log with the \f[C]-v\f[R] flag.
 .PP
-Consider using the \f[C]--modify-window\f[R] flag to compensate for time
-skews between the source and the backend, for backends that do not
-support mod times, and instead use uploaded times.
-However, if the backend does not support checksums, note that syncing or
-copying within the time skew window may still result in additional
-transfers for safety.
-.SS --use-mmap
+This shouldn\[aq]t need to be changed from the default in normal
+operations.
+However, if you get a lot of low level retries you may wish to reduce
+the value so rclone moves on to a high level retry (see the
+\f[C]--retries\f[R] flag) quicker.
 .PP
-If this flag is set then rclone will use anonymous memory allocated by
-mmap on Unix based platforms and VirtualAlloc on Windows for its
-transfer buffers (size controlled by \f[C]--buffer-size\f[R]).
-Memory allocated like this does not go on the Go heap and can be
-returned to the OS immediately when it is finished with.
+Disable low level retries with \f[C]--low-level-retries 1\f[R].
+.SS --max-backlog=N
 .PP
-If this flag is not set then rclone will allocate and free the buffers
-using the Go memory allocator which may use more memory as memory pages
-are returned less aggressively to the OS.
+This is the maximum allowable backlog of files in a sync/copy/move
+queued for being checked or transferred.
 .PP
-It is possible this does not work well on all platforms so it is
-disabled by default; in the future it may be enabled by default.
-.SS --use-server-modtime
+This can be set arbitrarily large.
+It will only use memory when the queue is in use.
+Note that it will use in the order of N KiB of memory when the backlog
+is in use.
 .PP
-Some object-store backends (e.g, Swift, S3) do not preserve file
-modification times (modtime).
-On these backends, rclone stores the original modtime as additional
-metadata on the object.
-By default it will make an API call to retrieve the metadata when the
-modtime is needed by an operation.
+Setting this large allows rclone to calculate how many files are pending
+more accurately, give a more accurate estimated finish time and make
+\f[C]--order-by\f[R] work more accurately.
 .PP
-Use this flag to disable the extra API call and rely instead on the
-server\[aq]s modified time.
-In cases such as a local to remote sync using \f[C]--update\f[R],
-knowing the local file is newer than the time it was last uploaded to
-the remote is sufficient.
-In those cases, this flag can speed up the process and reduce the number
-of API calls necessary.
+Setting this small will make rclone more synchronous to the listings of
+the remote which may be desirable.
 .PP
-Using this flag on a sync operation without also using
-\f[C]--update\f[R] would cause all files modified at any time other than
-the last upload time to be uploaded again, which is probably not what
-you want.
-.SS -v, -vv, --verbose
+Setting this to a negative number will make the backlog as large as
+possible.
+.SS --max-delete=N
 .PP
-With \f[C]-v\f[R] rclone will tell you about each file that is
-transferred and a small number of significant events.
+This tells rclone not to delete more than N files.
+If that limit is exceeded then a fatal error will be generated and
+rclone will stop the operation in progress.
+.SS --max-delete-size=SIZE
 .PP
-With \f[C]-vv\f[R] rclone will become very verbose telling you about
-every file it considers and transfers.
-Please send bug reports with a log with this setting.
+Rclone will stop deleting files when the total size of deletions has
+reached the size specified.
+It defaults to off.
 .PP
-When setting verbosity as an environment variable, use
-\f[C]RCLONE_VERBOSE=1\f[R] or \f[C]RCLONE_VERBOSE=2\f[R] for
-\f[C]-v\f[R] and \f[C]-vv\f[R] respectively.
-.SS -V, --version
+If that limit is exceeded then a fatal error will be generated and
+rclone will stop the operation in progress.
+.SS --max-depth=N
 .PP
-Prints the version number
-.SS SSL/TLS options
+This modifies the recursion depth for all the commands except purge.
 .PP
-The outgoing SSL/TLS connections rclone makes can be controlled with
-these options.
-For example this can be very useful with the HTTP or WebDAV backends.
-Rclone HTTP servers have their own set of configuration for SSL/TLS
-which you can find in their documentation.
-.SS --ca-cert stringArray
+So if you do \f[C]rclone --max-depth 1 ls remote:path\f[R] you will see
+only the files in the top level directory.
+Using \f[C]--max-depth 2\f[R] means you will see all the files in first
+two directory levels and so on.
 .PP
-This loads the PEM encoded certificate authority certificates and uses
-it to verify the certificates of the servers rclone connects to.
+For historical reasons the \f[C]lsd\f[R] command defaults to using a
+\f[C]--max-depth\f[R] of 1 - you can override this with the command line
+flag.
 .PP
-If you have generated certificates signed with a local CA then you will
-need this flag to connect to servers using those certificates.
-.SS --client-cert string
+You can use this command to disable recursion (with
+\f[C]--max-depth 1\f[R]).
 .PP
-This loads the PEM encoded client side certificate.
+Note that if you use this with \f[C]sync\f[R] and
+\f[C]--delete-excluded\f[R] the files not recursed through are
+considered excluded and will be deleted on the destination.
+Test first with \f[C]--dry-run\f[R] if you are not sure what will
+happen.
+.SS --max-duration=TIME
 .PP
-This is used for mutual TLS
-authentication (https://en.wikipedia.org/wiki/Mutual_authentication).
+Rclone will stop transferring when it has run for the duration
+specified.
+Defaults to off.
 .PP
-The \f[C]--client-key\f[R] flag is required too when using this.
-.SS --client-key string
+When the limit is reached all transfers will stop immediately.
+Use \f[C]--cutoff-mode\f[R] to modify this behaviour.
 .PP
-This loads the PEM encoded client side private key used for mutual TLS
-authentication.
-Used in conjunction with \f[C]--client-cert\f[R].
-.SS --no-check-certificate=true/false
+Rclone will exit with exit code 10 if the duration limit is reached.
+.SS --max-transfer=SIZE
 .PP
-\f[C]--no-check-certificate\f[R] controls whether a client verifies the
-server\[aq]s certificate chain and host name.
-If \f[C]--no-check-certificate\f[R] is true, TLS accepts any certificate
-presented by the server and any host name in that certificate.
-In this mode, TLS is susceptible to man-in-the-middle attacks.
+Rclone will stop transferring when it has reached the size specified.
+Defaults to off.
 .PP
-This option defaults to \f[C]false\f[R].
+When the limit is reached all transfers will stop immediately.
+Use \f[C]--cutoff-mode\f[R] to modify this behaviour.
 .PP
-\f[B]This should be used only for testing.\f[R]
-.SS Configuration Encryption
+Rclone will exit with exit code 8 if the transfer limit is reached.
+.SS --cutoff-mode=hard|soft|cautious
 .PP
-Your configuration file contains information for logging in to your
-cloud services.
-This means that you should keep your \f[C]rclone.conf\f[R] file in a
-secure location.
+This modifies the behavior of \f[C]--max-transfer\f[R] and
+\f[C]--max-duration\f[R] Defaults to \f[C]--cutoff-mode=hard\f[R].
 .PP
-If you are in an environment where that isn\[aq]t possible, you can add
-a password to your configuration.
-This means that you will have to supply the password every time you
-start rclone.
+Specifying \f[C]--cutoff-mode=hard\f[R] will stop transferring
+immediately when Rclone reaches the limit.
 .PP
-To add a password to your rclone configuration, execute
-\f[C]rclone config\f[R].
+Specifying \f[C]--cutoff-mode=soft\f[R] will stop starting new transfers
+when Rclone reaches the limit.
+.PP
+Specifying \f[C]--cutoff-mode=cautious\f[R] will try to prevent Rclone
+from reaching the limit.
+Only applicable for \f[C]--max-transfer\f[R]
+.SS -M, --metadata
+.PP
+Setting this flag enables rclone to copy the metadata from the source to
+the destination.
+For local backends this is ownership, permissions, xattr etc.
+See the metadata section for more info.
+.SS --metadata-mapper SpaceSepList
+.PP
+If you supply the parameter \f[C]--metadata-mapper /path/to/program\f[R]
+then rclone will use that program to map metadata from source object to
+destination object.
+.PP
+The argument to this flag should be a command with an optional space
+separated list of arguments.
+If one of the arguments has a space in then enclose it in
+\f[C]\[dq]\f[R], if you want a literal \f[C]\[dq]\f[R] in an argument
+then enclose the argument in \f[C]\[dq]\f[R] and double the
+\f[C]\[dq]\f[R].
+See CSV encoding (https://godoc.org/encoding/csv) for more info.
 .IP
 .nf
 \f[C]
->rclone config
-Current remotes:
-
-e) Edit existing remote
-n) New remote
-d) Delete remote
-s) Set configuration password
-q) Quit config
-e/n/d/s/q>
+--metadata-mapper \[dq]python bin/test_metadata_mapper.py\[dq]
+--metadata-mapper \[aq]python bin/test_metadata_mapper.py \[dq]argument with a space\[dq]\[aq]
+--metadata-mapper \[aq]python bin/test_metadata_mapper.py \[dq]argument with \[dq]\[dq]two\[dq]\[dq] quotes\[dq]\[aq]
 \f[R]
 .fi
 .PP
-Go into \f[C]s\f[R], Set configuration password:
+This uses a simple JSON based protocol with input on STDIN and output on
+STDOUT.
+This will be called for every file and directory copied and may be
+called concurrently.
+.PP
+The program\[aq]s job is to take a metadata blob on the input and turn
+it into a metadata blob on the output suitable for the destination
+backend.
+.PP
+Input to the program (via STDIN) might look like this.
+This provides some context for the \f[C]Metadata\f[R] which may be
+important.
+.IP \[bu] 2
+\f[C]SrcFs\f[R] is the config string for the remote that the object is
+currently on.
+.IP \[bu] 2
+\f[C]SrcFsType\f[R] is the name of the source backend.
+.IP \[bu] 2
+\f[C]DstFs\f[R] is the config string for the remote that the object is
+being copied to
+.IP \[bu] 2
+\f[C]DstFsType\f[R] is the name of the destination backend.
+.IP \[bu] 2
+\f[C]Remote\f[R] is the path of the file relative to the root.
+.IP \[bu] 2
+\f[C]Size\f[R], \f[C]MimeType\f[R], \f[C]ModTime\f[R] are attributes of
+the file.
+.IP \[bu] 2
+\f[C]IsDir\f[R] is \f[C]true\f[R] if this is a directory (not yet
+implemented).
+.IP \[bu] 2
+\f[C]ID\f[R] is the source \f[C]ID\f[R] of the file if known.
+.IP \[bu] 2
+\f[C]Metadata\f[R] is the backend specific metadata as described in the
+backend docs.
 .IP
 .nf
 \f[C]
-e/n/d/s/q> s
-Your configuration is not encrypted.
-If you add a password, you will protect your login information to cloud services.
-a) Add Password
-q) Quit to main menu
-a/q> a
-Enter NEW configuration password:
-password:
-Confirm NEW password:
-password:
-Password set
-Your configuration is encrypted.
-c) Change Password
-u) Unencrypt configuration
-q) Quit to main menu
-c/u/q>
+{
+    \[dq]SrcFs\[dq]: \[dq]gdrive:\[dq],
+    \[dq]SrcFsType\[dq]: \[dq]drive\[dq],
+    \[dq]DstFs\[dq]: \[dq]newdrive:user\[dq],
+    \[dq]DstFsType\[dq]: \[dq]onedrive\[dq],
+    \[dq]Remote\[dq]: \[dq]test.txt\[dq],
+    \[dq]Size\[dq]: 6,
+    \[dq]MimeType\[dq]: \[dq]text/plain; charset=utf-8\[dq],
+    \[dq]ModTime\[dq]: \[dq]2022-10-11T17:53:10.286745272+01:00\[dq],
+    \[dq]IsDir\[dq]: false,
+    \[dq]ID\[dq]: \[dq]xyz\[dq],
+    \[dq]Metadata\[dq]: {
+        \[dq]btime\[dq]: \[dq]2022-10-11T16:53:11Z\[dq],
+        \[dq]content-type\[dq]: \[dq]text/plain; charset=utf-8\[dq],
+        \[dq]mtime\[dq]: \[dq]2022-10-11T17:53:10.286745272+01:00\[dq],
+        \[dq]owner\[dq]: \[dq]user1\[at]domain1.com\[dq],
+        \[dq]permissions\[dq]: \[dq]...\[dq],
+        \[dq]description\[dq]: \[dq]my nice file\[dq],
+        \[dq]starred\[dq]: \[dq]false\[dq]
+    }
+}
 \f[R]
 .fi
 .PP
-Your configuration is now encrypted, and every time you start rclone you
-will have to supply the password.
-See below for details.
-In the same menu, you can change the password or completely remove
-encryption from your configuration.
+The program should then modify the input as desired and send it to
+STDOUT.
+The returned \f[C]Metadata\f[R] field will be used in its entirety for
+the destination object.
+Any other fields will be ignored.
+Note in this example we translate user names and permissions and add
+something to the description:
+.IP
+.nf
+\f[C]
+{
+    \[dq]Metadata\[dq]: {
+        \[dq]btime\[dq]: \[dq]2022-10-11T16:53:11Z\[dq],
+        \[dq]content-type\[dq]: \[dq]text/plain; charset=utf-8\[dq],
+        \[dq]mtime\[dq]: \[dq]2022-10-11T17:53:10.286745272+01:00\[dq],
+        \[dq]owner\[dq]: \[dq]user1\[at]domain2.com\[dq],
+        \[dq]permissions\[dq]: \[dq]...\[dq],
+        \[dq]description\[dq]: \[dq]my nice file [migrated from domain1]\[dq],
+        \[dq]starred\[dq]: \[dq]false\[dq]
+    }
+}
+\f[R]
+.fi
 .PP
-There is no way to recover the configuration if you lose your password.
+Metadata can be removed here too.
 .PP
-rclone uses nacl
-secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox) which
-in turn uses XSalsa20 and Poly1305 to encrypt and authenticate your
-configuration with secret-key cryptography.
-The password is SHA-256 hashed, which produces the key for secretbox.
-The hashed password is not stored.
+An example python program might look something like this to implement
+the above transformations.
+.IP
+.nf
+\f[C]
+import sys, json
+
+i = json.load(sys.stdin)
+metadata = i[\[dq]Metadata\[dq]]
+# Add tag to description
+if \[dq]description\[dq] in metadata:
+    metadata[\[dq]description\[dq]] += \[dq] [migrated from domain1]\[dq]
+else:
+    metadata[\[dq]description\[dq]] = \[dq][migrated from domain1]\[dq]
+# Modify owner
+if \[dq]owner\[dq] in metadata:
+    metadata[\[dq]owner\[dq]] = metadata[\[dq]owner\[dq]].replace(\[dq]domain1.com\[dq], \[dq]domain2.com\[dq])
+o = { \[dq]Metadata\[dq]: metadata }
+json.dump(o, sys.stdout, indent=\[dq]\[rs]t\[dq])
+\f[R]
+.fi
 .PP
-While this provides very good security, we do not recommend storing your
-encrypted rclone configuration in public if it contains sensitive
-information, maybe except if you use a very strong password.
+You can find this example (slightly expanded) in the rclone source code
+at
+bin/test_metadata_mapper.py (https://github.com/rclone/rclone/blob/master/test_metadata_mapper.py).
 .PP
-If it is safe in your environment, you can set the
-\f[C]RCLONE_CONFIG_PASS\f[R] environment variable to contain your
-password, in which case it will be used for decrypting the
-configuration.
+If you want to see the input to the metadata mapper and the output
+returned from it in the log you can use \f[C]-vv --dump mapper\f[R].
 .PP
-You can set this for a session from a script.
-For unix like systems save this to a file called
-\f[C]set-rclone-password\f[R]:
-.IP
-.nf
-\f[C]
-#!/bin/echo Source this file don\[aq]t run it
-
-read -s RCLONE_CONFIG_PASS
-export RCLONE_CONFIG_PASS
-\f[R]
-.fi
+See the metadata section for more info.
+.SS --metadata-set key=value
 .PP
-Then source the file when you want to use it.
-From the shell you would do \f[C]source set-rclone-password\f[R].
-It will then ask you for the password and set it in the environment
-variable.
+Add metadata \f[C]key\f[R] = \f[C]value\f[R] when uploading.
+This can be repeated as many times as required.
+See the metadata section for more info.
+.SS --modify-window=TIME
 .PP
-An alternate means of supplying the password is to provide a script
-which will retrieve the password and print on standard output.
-This script should have a fully specified path name and not rely on any
-environment variables.
-The script is supplied either via
-\f[C]--password-command=\[dq]...\[dq]\f[R] command line argument or via
-the \f[C]RCLONE_PASSWORD_COMMAND\f[R] environment variable.
+When checking whether a file has been modified, this is the maximum
+allowed time difference that a file can have and still be considered
+equivalent.
 .PP
-One useful example of this is using the \f[C]passwordstore\f[R]
-application to retrieve the password:
-.IP
-.nf
-\f[C]
-export RCLONE_PASSWORD_COMMAND=\[dq]pass rclone/config\[dq]
-\f[R]
-.fi
+The default is \f[C]1ns\f[R] unless this is overridden by a remote.
+For example OS X only stores modification times to the nearest second so
+if you are reading and writing to an OS X filing system this will be
+\f[C]1s\f[R] by default.
 .PP
-If the \f[C]passwordstore\f[R] password manager holds the password for
-the rclone configuration, using the script method means the password is
-primarily protected by the \f[C]passwordstore\f[R] system, and is never
-embedded in the clear in scripts, nor available for examination using
-the standard commands available.
-It is quite possible with long running rclone sessions for copies of
-passwords to be innocently captured in log files or terminal scroll
-buffers, etc.
-Using the script method of supplying the password enhances the security
-of the config password considerably.
+This command line flag allows you to override that computed default.
+.SS --multi-thread-write-buffer-size=SIZE
 .PP
-If you are running rclone inside a script, unless you are using the
-\f[C]--password-command\f[R] method, you might want to disable password
-prompts.
-To do that, pass the parameter \f[C]--ask-password=false\f[R] to rclone.
-This will make rclone fail instead of asking for a password if
-\f[C]RCLONE_CONFIG_PASS\f[R] doesn\[aq]t contain a valid password, and
-\f[C]--password-command\f[R] has not been supplied.
+When transferring with multiple threads, rclone will buffer SIZE bytes
+in memory before writing to disk for each thread.
 .PP
-Whenever running commands that may be affected by options in a
-configuration file, rclone will look for an existing file according to
-the rules described above, and load any it finds.
-If an encrypted file is found, this includes decrypting it, with the
-possible consequence of a password prompt.
-When executing a command line that you know are not actually using
-anything from such a configuration file, you can avoid it being loaded
-by overriding the location, e.g.
-with one of the documented special values for memory-only configuration.
-Since only backend options can be stored in configuration files, this is
-normally unnecessary for commands that do not operate on backends, e.g.
-\f[C]genautocomplete\f[R].
-However, it will be relevant for commands that do operate on backends in
-general, but are used without referencing a stored remote, e.g.
-listing local filesystem paths, or connection strings:
-\f[C]rclone --config=\[dq]\[dq] ls .\f[R]
-.SS Developer options
+This can improve performance if the underlying filesystem does not deal
+well with a lot of small writes in different positions of the file, so
+if you see transfers being limited by disk write speed, you might want
+to experiment with different values.
+Specially for magnetic drives and remote file systems a higher value can
+be useful.
 .PP
-These options are useful when developing or debugging rclone.
-There are also some more remote specific options which aren\[aq]t
-documented here which are used for testing.
-These start with remote name e.g.
-\f[C]--drive-test-option\f[R] - see the docs for the remote in question.
-.SS --cpuprofile=FILE
+Nevertheless, the default of \f[C]128k\f[R] should be fine for almost
+all use cases, so before changing it ensure that network is not really
+your bottleneck.
 .PP
-Write CPU profile to file.
-This can be analysed with \f[C]go tool pprof\f[R].
-.SS --dump flag,flag,flag
+As a final hint, size is not the only factor: block size (or similar
+concept) can have an impact.
+In one case, we observed that exact multiples of 16k performed much
+better than other values.
+.SS --multi-thread-chunk-size=SizeSuffix
 .PP
-The \f[C]--dump\f[R] flag takes a comma separated list of flags to dump
-info about.
+Normally the chunk size for multi thread transfers is set by the
+backend.
+However some backends such as \f[C]local\f[R] and \f[C]smb\f[R] (which
+implement \f[C]OpenWriterAt\f[R] but not \f[C]OpenChunkWriter\f[R])
+don\[aq]t have a natural chunk size.
 .PP
-Note that some headers including \f[C]Accept-Encoding\f[R] as shown may
-not be correct in the request and the response may not show
-\f[C]Content-Encoding\f[R] if the go standard libraries auto gzip
-encoding was in effect.
-In this case the body of the request will be gunzipped before showing
-it.
+In this case the value of this option is used (default 64Mi).
+.SS --multi-thread-cutoff=SIZE
 .PP
-The available flags are:
-.SS --dump headers
+When transferring files above SIZE to capable backends, rclone will use
+multiple threads to transfer the file (default 256M).
 .PP
-Dump HTTP headers with \f[C]Authorization:\f[R] lines removed.
-May still contain sensitive info.
-Can be very verbose.
-Useful for debugging only.
+Capable backends are marked in the
+overview (https://rclone.org/overview/#optional-features) as
+\f[C]MultithreadUpload\f[R].
+(They need to implement either the \f[C]OpenWriterAt\f[R] or
+\f[C]OpenChunkedWriter\f[R] internal interfaces).
+These include include, \f[C]local\f[R], \f[C]s3\f[R],
+\f[C]azureblob\f[R], \f[C]b2\f[R], \f[C]oracleobjectstorage\f[R] and
+\f[C]smb\f[R] at the time of writing.
 .PP
-Use \f[C]--dump auth\f[R] if you do want the \f[C]Authorization:\f[R]
-headers.
-.SS --dump bodies
+On the local disk, rclone preallocates the file (using
+\f[C]fallocate(FALLOC_FL_KEEP_SIZE)\f[R] on unix or
+\f[C]NTSetInformationFile\f[R] on Windows both of which takes no time)
+then each thread writes directly into the file at the correct place.
+This means that rclone won\[aq]t create fragmented or sparse files and
+there won\[aq]t be any assembly time at the end of the transfer.
 .PP
-Dump HTTP headers and bodies - may contain sensitive info.
-Can be very verbose.
-Useful for debugging only.
+The number of threads used to transfer is controlled by
+\f[C]--multi-thread-streams\f[R].
 .PP
-Note that the bodies are buffered in memory so don\[aq]t use this for
-enormous files.
-.SS --dump requests
+Use \f[C]-vv\f[R] if you wish to see info about the threads.
 .PP
-Like \f[C]--dump bodies\f[R] but dumps the request bodies and the
-response headers.
-Useful for debugging download problems.
-.SS --dump responses
+This will work with the \f[C]sync\f[R]/\f[C]copy\f[R]/\f[C]move\f[R]
+commands and friends \f[C]copyto\f[R]/\f[C]moveto\f[R].
+Multi thread transfers will be used with \f[C]rclone mount\f[R] and
+\f[C]rclone serve\f[R] if \f[C]--vfs-cache-mode\f[R] is set to
+\f[C]writes\f[R] or above.
 .PP
-Like \f[C]--dump bodies\f[R] but dumps the response bodies and the
-request headers.
-Useful for debugging upload problems.
-.SS --dump auth
+\f[B]NB\f[R] that this \f[B]only\f[R] works with supported backends as
+the destination but will work with any backend as the source.
 .PP
-Dump HTTP headers - will contain sensitive info such as
-\f[C]Authorization:\f[R] headers - use \f[C]--dump headers\f[R] to dump
-without \f[C]Authorization:\f[R] headers.
-Can be very verbose.
-Useful for debugging only.
-.SS --dump filters
+\f[B]NB\f[R] that multi-thread copies are disabled for local to local
+copies as they are faster without unless
+\f[C]--multi-thread-streams\f[R] is set explicitly.
 .PP
-Dump the filters to the output.
-Useful to see exactly what include and exclude options are filtering on.
-.SS --dump goroutines
+\f[B]NB\f[R] on Windows using multi-thread transfers to the local disk
+will cause the resulting files to be
+sparse (https://en.wikipedia.org/wiki/Sparse_file).
+Use \f[C]--local-no-sparse\f[R] to disable sparse files (which may cause
+long delays at the start of transfers) or disable multi-thread transfers
+with \f[C]--multi-thread-streams 0\f[R]
+.SS --multi-thread-streams=N
 .PP
-This dumps a list of the running go-routines at the end of the command
-to standard output.
-.SS --dump openfiles
+When using multi thread transfers (see above
+\f[C]--multi-thread-cutoff\f[R]) this sets the number of streams to use.
+Set to \f[C]0\f[R] to disable multi thread transfers (Default 4).
 .PP
-This dumps a list of the open files at the end of the command.
-It uses the \f[C]lsof\f[R] command to do that so you\[aq]ll need that
-installed to use it.
-.SS --memprofile=FILE
+If the backend has a \f[C]--backend-upload-concurrency\f[R] setting (eg
+\f[C]--s3-upload-concurrency\f[R]) then this setting will be used as the
+number of transfers instead if it is larger than the value of
+\f[C]--multi-thread-streams\f[R] or \f[C]--multi-thread-streams\f[R]
+isn\[aq]t set.
+.SS --no-check-dest
 .PP
-Write memory profile to file.
-This can be analysed with \f[C]go tool pprof\f[R].
-.SS Filtering
+The \f[C]--no-check-dest\f[R] can be used with \f[C]move\f[R] or
+\f[C]copy\f[R] and it causes rclone not to check the destination at all
+when copying files.
 .PP
-For the filtering options
-.IP \[bu] 2
-\f[C]--delete-excluded\f[R]
-.IP \[bu] 2
-\f[C]--filter\f[R]
-.IP \[bu] 2
-\f[C]--filter-from\f[R]
-.IP \[bu] 2
-\f[C]--exclude\f[R]
-.IP \[bu] 2
-\f[C]--exclude-from\f[R]
-.IP \[bu] 2
-\f[C]--exclude-if-present\f[R]
-.IP \[bu] 2
-\f[C]--include\f[R]
-.IP \[bu] 2
-\f[C]--include-from\f[R]
-.IP \[bu] 2
-\f[C]--files-from\f[R]
-.IP \[bu] 2
-\f[C]--files-from-raw\f[R]
-.IP \[bu] 2
-\f[C]--min-size\f[R]
-.IP \[bu] 2
-\f[C]--max-size\f[R]
-.IP \[bu] 2
-\f[C]--min-age\f[R]
-.IP \[bu] 2
-\f[C]--max-age\f[R]
-.IP \[bu] 2
-\f[C]--dump filters\f[R]
-.IP \[bu] 2
-\f[C]--metadata-include\f[R]
-.IP \[bu] 2
-\f[C]--metadata-include-from\f[R]
+This means that:
 .IP \[bu] 2
-\f[C]--metadata-exclude\f[R]
+the destination is not listed minimising the API calls
 .IP \[bu] 2
-\f[C]--metadata-exclude-from\f[R]
+files are always transferred
 .IP \[bu] 2
-\f[C]--metadata-filter\f[R]
+this can cause duplicates on remotes which allow it (e.g.
+Google Drive)
 .IP \[bu] 2
-\f[C]--metadata-filter-from\f[R]
-.PP
-See the filtering section (https://rclone.org/filtering/).
-.SS Remote control
+\f[C]--retries 1\f[R] is recommended otherwise you\[aq]ll transfer
+everything again on a retry
 .PP
-For the remote control options and for instructions on how to remote
-control rclone
-.IP \[bu] 2
-\f[C]--rc\f[R]
-.IP \[bu] 2
-and anything starting with \f[C]--rc-\f[R]
+This flag is useful to minimise the transactions if you know that none
+of the files are on the destination.
 .PP
-See the remote control section (https://rclone.org/rc/).
-.SS Logging
+This is a specialized flag which should be ignored by most users!
+.SS --no-gzip-encoding
 .PP
-rclone has 4 levels of logging, \f[C]ERROR\f[R], \f[C]NOTICE\f[R],
-\f[C]INFO\f[R] and \f[C]DEBUG\f[R].
+Don\[aq]t set \f[C]Accept-Encoding: gzip\f[R].
+This means that rclone won\[aq]t ask the server for compressed files
+automatically.
+Useful if you\[aq]ve set the server to return files with
+\f[C]Content-Encoding: gzip\f[R] but you uploaded compressed files.
 .PP
-By default, rclone logs to standard error.
-This means you can redirect standard error and still see the normal
-output of rclone commands (e.g.
-\f[C]rclone ls\f[R]).
+There is no need to set this in normal operation, and doing so will
+decrease the network transfer efficiency of rclone.
+.SS --no-traverse
 .PP
-By default, rclone will produce \f[C]Error\f[R] and \f[C]Notice\f[R]
-level messages.
+The \f[C]--no-traverse\f[R] flag controls whether the destination file
+system is traversed when using the \f[C]copy\f[R] or \f[C]move\f[R]
+commands.
+\f[C]--no-traverse\f[R] is not compatible with \f[C]sync\f[R] and will
+be ignored if you supply it with \f[C]sync\f[R].
 .PP
-If you use the \f[C]-q\f[R] flag, rclone will only produce
-\f[C]Error\f[R] messages.
+If you are only copying a small number of files (or are filtering most
+of the files) and/or have a large number of files on the destination
+then \f[C]--no-traverse\f[R] will stop rclone listing the destination
+and save time.
 .PP
-If you use the \f[C]-v\f[R] flag, rclone will produce \f[C]Error\f[R],
-\f[C]Notice\f[R] and \f[C]Info\f[R] messages.
+However, if you are copying a large number of files, especially if you
+are doing a copy where lots of the files under consideration haven\[aq]t
+changed and won\[aq]t need copying then you shouldn\[aq]t use
+\f[C]--no-traverse\f[R].
 .PP
-If you use the \f[C]-vv\f[R] flag, rclone will produce \f[C]Error\f[R],
-\f[C]Notice\f[R], \f[C]Info\f[R] and \f[C]Debug\f[R] messages.
+See rclone copy (https://rclone.org/commands/rclone_copy/) for an
+example of how to use it.
+.SS --no-unicode-normalization
 .PP
-You can also control the log levels with the \f[C]--log-level\f[R] flag.
+Don\[aq]t normalize unicode characters in filenames during the sync
+routine.
 .PP
-If you use the \f[C]--log-file=FILE\f[R] option, rclone will redirect
-\f[C]Error\f[R], \f[C]Info\f[R] and \f[C]Debug\f[R] messages along with
-standard error to FILE.
+Sometimes, an operating system will store filenames containing unicode
+parts in their decomposed form (particularly macOS).
+Some cloud storage systems will then recompose the unicode, resulting in
+duplicate files if the data is ever copied back to a local filesystem.
 .PP
-If you use the \f[C]--syslog\f[R] flag then rclone will log to syslog
-and the \f[C]--syslog-facility\f[R] control which facility it uses.
+Using this flag will disable that functionality, treating each unicode
+character as unique.
+For example, by default e\[u0301] and \['e] will be normalized into the
+same character.
+With \f[C]--no-unicode-normalization\f[R] they will be treated as unique
+characters.
+.SS --no-update-modtime
 .PP
-Rclone prefixes all log messages with their level in capitals, e.g.
-INFO which makes it easy to grep the log file for different kinds of
-information.
-.SS Exit Code
+When using this flag, rclone won\[aq]t update modification times of
+remote files if they are incorrect as it would normally.
 .PP
-If any errors occur during the command execution, rclone will exit with
-a non-zero exit code.
-This allows scripts to detect when rclone operations have failed.
+This can be used if the remote is being synced with another tool also
+(e.g.
+the Google Drive client).
+.SS --order-by string
 .PP
-During the startup phase, rclone will exit immediately if an error is
-detected in the configuration.
-There will always be a log message immediately before exiting.
+The \f[C]--order-by\f[R] flag controls the order in which files in the
+backlog are processed in \f[C]rclone sync\f[R], \f[C]rclone copy\f[R]
+and \f[C]rclone move\f[R].
 .PP
-When rclone is running it will accumulate errors as it goes along, and
-only exit with a non-zero exit code if (after retries) there were still
-failed transfers.
-For every error counted there will be a high priority log message
-(visible with \f[C]-q\f[R]) showing the message and which file caused
-the problem.
-A high priority message is also shown when starting a retry so the user
-can see that any previous error messages may not be valid after the
-retry.
-If rclone has done a retry it will log a high priority message if the
-retry was successful.
-.SS List of exit codes
-.IP \[bu] 2
-\f[C]0\f[R] - success
+The order by string is constructed like this.
+The first part describes what aspect is being measured:
 .IP \[bu] 2
-\f[C]1\f[R] - Syntax or usage error
+\f[C]size\f[R] - order by the size of the files
 .IP \[bu] 2
-\f[C]2\f[R] - Error not otherwise categorised
+\f[C]name\f[R] - order by the full path of the files
 .IP \[bu] 2
-\f[C]3\f[R] - Directory not found
+\f[C]modtime\f[R] - order by the modification date of the files
+.PP
+This can have a modifier appended with a comma:
 .IP \[bu] 2
-\f[C]4\f[R] - File not found
+\f[C]ascending\f[R] or \f[C]asc\f[R] - order so that the smallest (or
+oldest) is processed first
 .IP \[bu] 2
-\f[C]5\f[R] - Temporary error (one that more retries might fix) (Retry
-errors)
+\f[C]descending\f[R] or \f[C]desc\f[R] - order so that the largest (or
+newest) is processed first
 .IP \[bu] 2
-\f[C]6\f[R] - Less serious errors (like 461 errors from dropbox)
-(NoRetry errors)
+\f[C]mixed\f[R] - order so that the smallest is processed first for some
+threads and the largest for others
+.PP
+If the modifier is \f[C]mixed\f[R] then it can have an optional
+percentage (which defaults to \f[C]50\f[R]), e.g.
+\f[C]size,mixed,25\f[R] which means that 25% of the threads should be
+taking the smallest items and 75% the largest.
+The threads which take the smallest first will always take the smallest
+first and likewise the largest first threads.
+The \f[C]mixed\f[R] mode can be useful to minimise the transfer time
+when you are transferring a mixture of large and small files - the large
+files are guaranteed upload threads and bandwidth and the small files
+will be processed continuously.
+.PP
+If no modifier is supplied then the order is \f[C]ascending\f[R].
+.PP
+For example
 .IP \[bu] 2
-\f[C]7\f[R] - Fatal error (one that more retries won\[aq]t fix, like
-account suspended) (Fatal errors)
+\f[C]--order-by size,desc\f[R] - send the largest files first
 .IP \[bu] 2
-\f[C]8\f[R] - Transfer exceeded - limit set by --max-transfer reached
+\f[C]--order-by modtime,ascending\f[R] - send the oldest files first
 .IP \[bu] 2
-\f[C]9\f[R] - Operation successful, but no files transferred
-.SS Environment Variables
-.PP
-Rclone can be configured entirely using environment variables.
-These can be used to set defaults for options or config file entries.
-.SS Options
+\f[C]--order-by name\f[R] - send the files with alphabetically by path
+first
 .PP
-Every option in rclone can have its default set by environment variable.
+If the \f[C]--order-by\f[R] flag is not supplied or it is supplied with
+an empty string then the default ordering will be used which is as
+scanned.
+With \f[C]--checkers 1\f[R] this is mostly alphabetical, however with
+the default \f[C]--checkers 8\f[R] it is somewhat random.
+.SS Limitations
 .PP
-To find the name of the environment variable, first, take the long
-option name, strip the leading \f[C]--\f[R], change \f[C]-\f[R] to
-\f[C]_\f[R], make upper case and prepend \f[C]RCLONE_\f[R].
+The \f[C]--order-by\f[R] flag does not do a separate pass over the data.
+This means that it may transfer some files out of the order specified if
+.IP \[bu] 2
+there are no files in the backlog or the source has not been fully
+scanned yet
+.IP \[bu] 2
+there are more than --max-backlog files in the backlog
 .PP
-For example, to always set \f[C]--stats 5s\f[R], set the environment
-variable \f[C]RCLONE_STATS=5s\f[R].
-If you set stats on the command line this will override the environment
-variable setting.
+Rclone will do its best to transfer the best file it has so in practice
+this should not cause a problem.
+Think of \f[C]--order-by\f[R] as being more of a best efforts flag
+rather than a perfect ordering.
 .PP
-Or to always use the trash in drive \f[C]--drive-use-trash\f[R], set
-\f[C]RCLONE_DRIVE_USE_TRASH=true\f[R].
+If you want perfect ordering then you will need to specify --check-first
+which will find all the files which need transferring first before
+transferring any.
+.SS --partial-suffix
 .PP
-Verbosity is slightly different, the environment variable equivalent of
-\f[C]--verbose\f[R] or \f[C]-v\f[R] is \f[C]RCLONE_VERBOSE=1\f[R], or
-for \f[C]-vv\f[R], \f[C]RCLONE_VERBOSE=2\f[R].
+When --inplace is not used, it causes rclone to use the
+\f[C]--partial-suffix\f[R] as suffix for temporary files.
 .PP
-The same parser is used for the options and the environment variables so
-they take exactly the same form.
+Suffix length limit is 16 characters.
 .PP
-The options set by environment variables can be seen with the
-\f[C]-vv\f[R] flag, e.g.
-\f[C]rclone version -vv\f[R].
-.SS Config file
+The default is \f[C].partial\f[R].
+.SS --password-command SpaceSepList
 .PP
-You can set defaults for values in the config file on an individual
-remote basis.
-The names of the config items are documented in the page for each
-backend.
+This flag supplies a program which should supply the config password
+when run.
+This is an alternative to rclone prompting for the password or setting
+the \f[C]RCLONE_CONFIG_PASS\f[R] variable.
 .PP
-To find the name of the environment variable, you need to set, take
-\f[C]RCLONE_CONFIG_\f[R] + name of remote + \f[C]_\f[R] + name of config
-file option and make it all uppercase.
+The argument to this should be a command with a space separated list of
+arguments.
+If one of the arguments has a space in then enclose it in
+\f[C]\[dq]\f[R], if you want a literal \f[C]\[dq]\f[R] in an argument
+then enclose the argument in \f[C]\[dq]\f[R] and double the
+\f[C]\[dq]\f[R].
+See CSV encoding (https://godoc.org/encoding/csv) for more info.
 .PP
-For example, to configure an S3 remote named \f[C]mys3:\f[R] without a
-config file (using unix ways of setting environment variables):
+Eg
 .IP
 .nf
 \f[C]
-$ export RCLONE_CONFIG_MYS3_TYPE=s3
-$ export RCLONE_CONFIG_MYS3_ACCESS_KEY_ID=XXX
-$ export RCLONE_CONFIG_MYS3_SECRET_ACCESS_KEY=XXX
-$ rclone lsd mys3:
-          -1 2016-09-21 12:54:21        -1 my-bucket
-$ rclone listremotes | grep mys3
-mys3:
+--password-command \[dq]echo hello\[dq]
+--password-command \[aq]echo \[dq]hello with space\[dq]\[aq]
+--password-command \[aq]echo \[dq]hello with \[dq]\[dq]quotes\[dq]\[dq] and space\[dq]\[aq]
 \f[R]
 .fi
 .PP
-Note that if you want to create a remote using environment variables you
-must create the \f[C]..._TYPE\f[R] variable as above.
+See the Configuration Encryption for more info.
 .PP
-Note that the name of a remote created using environment variable is
-case insensitive, in contrast to regular remotes stored in config file
-as documented above.
-You must write the name in uppercase in the environment variable, but as
-seen from example above it will be listed and can be accessed in
-lowercase, while you can also refer to the same remote in uppercase:
-.IP
-.nf
-\f[C]
-$ rclone lsd mys3:
-          -1 2016-09-21 12:54:21        -1 my-bucket
-$ rclone lsd MYS3:
-          -1 2016-09-21 12:54:21        -1 my-bucket
-\f[R]
-.fi
+See a Windows PowerShell example on the
+Wiki (https://github.com/rclone/rclone/wiki/Windows-Powershell-use-rclone-password-command-for-Config-file-password).
+.SS -P, --progress
 .PP
-Note that you can only set the options of the immediate backend, so
-RCLONE_CONFIG_MYS3CRYPT_ACCESS_KEY_ID has no effect, if myS3Crypt is a
-crypt remote based on an S3 remote.
-However RCLONE_S3_ACCESS_KEY_ID will set the access key of all remotes
-using S3, including myS3Crypt.
+This flag makes rclone update the stats in a static block in the
+terminal providing a realtime overview of the transfer.
 .PP
-Note also that now rclone has connection strings, it is probably easier
-to use those instead which makes the above example
-.IP
-.nf
-\f[C]
-rclone lsd :s3,access_key_id=XXX,secret_access_key=XXX:
-\f[R]
-.fi
-.SS Precedence
+Any log messages will scroll above the static block.
+Log messages will push the static block down to the bottom of the
+terminal where it will stay.
 .PP
-The various different methods of backend configuration are read in this
-order and the first one with a value is used.
-.IP \[bu] 2
-Parameters in connection strings, e.g.
-\f[C]myRemote,skip_links:\f[R]
-.IP \[bu] 2
-Flag values as supplied on the command line, e.g.
-\f[C]--skip-links\f[R]
-.IP \[bu] 2
-Remote specific environment vars, e.g.
-\f[C]RCLONE_CONFIG_MYREMOTE_SKIP_LINKS\f[R] (see above).
-.IP \[bu] 2
-Backend-specific environment vars, e.g.
-\f[C]RCLONE_LOCAL_SKIP_LINKS\f[R].
-.IP \[bu] 2
-Backend generic environment vars, e.g.
-\f[C]RCLONE_SKIP_LINKS\f[R].
-.IP \[bu] 2
-Config file, e.g.
-\f[C]skip_links = true\f[R].
-.IP \[bu] 2
-Default values, e.g.
-\f[C]false\f[R] - these can\[aq]t be changed.
+Normally this is updated every 500mS but this period can be overridden
+with the \f[C]--stats\f[R] flag.
 .PP
-So if both \f[C]--skip-links\f[R] is supplied on the command line and an
-environment variable \f[C]RCLONE_LOCAL_SKIP_LINKS\f[R] is set, the
-command line flag will take preference.
+This can be used with the \f[C]--stats-one-line\f[R] flag for a simpler
+display.
 .PP
-The backend configurations set by environment variables can be seen with
-the \f[C]-vv\f[R] flag, e.g.
-\f[C]rclone about myRemote: -vv\f[R].
+Note: On Windows until this
+bug (https://github.com/Azure/go-ansiterm/issues/26) is fixed all
+non-ASCII characters will be replaced with \f[C].\f[R] when
+\f[C]--progress\f[R] is in use.
+.SS --progress-terminal-title
 .PP
-For non backend configuration the order is as follows:
-.IP \[bu] 2
-Flag values as supplied on the command line, e.g.
-\f[C]--stats 5s\f[R].
-.IP \[bu] 2
-Environment vars, e.g.
-\f[C]RCLONE_STATS=5s\f[R].
-.IP \[bu] 2
-Default values, e.g.
-\f[C]1m\f[R] - these can\[aq]t be changed.
-.SS Other environment variables
-.IP \[bu] 2
-\f[C]RCLONE_CONFIG_PASS\f[R] set to contain your config file password
-(see Configuration Encryption section)
-.IP \[bu] 2
-\f[C]HTTP_PROXY\f[R], \f[C]HTTPS_PROXY\f[R] and \f[C]NO_PROXY\f[R] (or
-the lowercase versions thereof).
-.RS 2
-.IP \[bu] 2
-\f[C]HTTPS_PROXY\f[R] takes precedence over \f[C]HTTP_PROXY\f[R] for
-https requests.
-.IP \[bu] 2
-The environment values may be either a complete URL or a
-\[dq]host[:port]\[dq] for, in which case the \[dq]http\[dq] scheme is
-assumed.
-.RE
-.IP \[bu] 2
-\f[C]USER\f[R] and \f[C]LOGNAME\f[R] values are used as fallbacks for
-current username.
-The primary method for looking up username is OS-specific: Windows API
-on Windows, real user ID in /etc/passwd on Unix systems.
-In the documentation the current username is simply referred to as
-\f[C]$USER\f[R].
-.IP \[bu] 2
-\f[C]RCLONE_CONFIG_DIR\f[R] - rclone \f[B]sets\f[R] this variable for
-use in config files and sub processes to point to the directory holding
-the config file.
+This flag, when used with \f[C]-P/--progress\f[R], will print the string
+\f[C]ETA: %s\f[R] to the terminal title.
+.SS -q, --quiet
 .PP
-The options set by environment variables can be seen with the
-\f[C]-vv\f[R] and \f[C]--log-level=DEBUG\f[R] flags, e.g.
-\f[C]rclone version -vv\f[R].
-.SH Configuring rclone on a remote / headless machine
+This flag will limit rclone\[aq]s output to error messages only.
+.SS --refresh-times
 .PP
-Some of the configurations (those involving oauth2) require an Internet
-connected web browser.
+The \f[C]--refresh-times\f[R] flag can be used to update modification
+times of existing files when they are out of sync on backends which
+don\[aq]t support hashes.
 .PP
-If you are trying to set rclone up on a remote or headless box with no
-browser available on it (e.g.
-a NAS or a server in a datacenter) then you will need to use an
-alternative means of configuration.
-There are two ways of doing it, described below.
-.SS Configuring using rclone authorize
+This is useful if you uploaded files with the incorrect timestamps and
+you now wish to correct them.
 .PP
-On the headless box run \f[C]rclone\f[R] config but answer \f[C]N\f[R]
-to the \f[C]Use web browser  to automatically authenticate?\f[R]
-question.
-.IP
-.nf
-\f[C]
-\&...
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes (default)
-n) No
-y/n> n
-For this to work, you will need rclone available on a machine that has
-a web browser available.
-
-For more help and alternate methods see: https://rclone.org/remote_setup/
-
-Execute the following on the machine with the web browser (same rclone
-version recommended):
-
-    rclone authorize \[dq]amazon cloud drive\[dq]
-
-Then paste the result below:
-result>
-\f[R]
-.fi
+This flag is \f[B]only\f[R] useful for destinations which don\[aq]t
+support hashes (e.g.
+\f[C]crypt\f[R]).
 .PP
-Then on your main desktop machine
-.IP
-.nf
-\f[C]
-rclone authorize \[dq]amazon cloud drive\[dq]
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-Paste the following into your remote machine --->
-SECRET_TOKEN
-<---End paste
-\f[R]
-.fi
+This can be used any of the sync commands \f[C]sync\f[R], \f[C]copy\f[R]
+or \f[C]move\f[R].
 .PP
-Then back to the headless box, paste in the code
-.IP
-.nf
-\f[C]
-result> SECRET_TOKEN
---------------------
-[acd12]
-client_id = 
-client_secret = 
-token = SECRET_TOKEN
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d>
-\f[R]
-.fi
-.SS Configuring by copying the config file
+To use this flag you will need to be doing a modification time sync (so
+not using \f[C]--size-only\f[R] or \f[C]--checksum\f[R]).
+The flag will have no effect when using \f[C]--size-only\f[R] or
+\f[C]--checksum\f[R].
 .PP
-Rclone stores all of its config in a single configuration file.
-This can easily be copied to configure a remote rclone.
+If this flag is used when rclone comes to upload a file it will check to
+see if there is an existing file on the destination.
+If this file matches the source with size (and checksum if available)
+but has a differing timestamp then instead of re-uploading it, rclone
+will update the timestamp on the destination file.
+If the checksum does not match rclone will upload the new file.
+If the checksum is absent (e.g.
+on a \f[C]crypt\f[R] backend) then rclone will update the timestamp.
 .PP
-So first configure rclone on your desktop machine with
-.IP
-.nf
-\f[C]
-rclone config
-\f[R]
-.fi
+Note that some remotes can\[aq]t set the modification time without
+re-uploading the file so this flag is less useful on them.
 .PP
-to set up the config file.
+Normally if you are doing a modification time sync rclone will update
+modification times without \f[C]--refresh-times\f[R] provided that the
+remote supports checksums \f[B]and\f[R] the checksums match on the file.
+However if the checksums are absent then rclone will upload the file
+rather than setting the timestamp as this is the safe behaviour.
+.SS --retries int
 .PP
-Find the config file by running \f[C]rclone config file\f[R], for
-example
-.IP
-.nf
-\f[C]
-$ rclone config file
-Configuration file is stored at:
-/home/user/.rclone.conf
-\f[R]
-.fi
+Retry the entire sync if it fails this many times it fails (default 3).
 .PP
-Now transfer it to the remote box (scp, cut paste, ftp, sftp, etc.) and
-place it in the correct place (use \f[C]rclone config file\f[R] on the
-remote box to find out where).
-.SS Configuring using SSH Tunnel
+Some remotes can be unreliable and a few retries help pick up the files
+which didn\[aq]t get transferred because of errors.
 .PP
-Linux and MacOS users can utilize SSH Tunnel to redirect the headless
-box port 53682 to local machine by using the following command:
-.IP
-.nf
-\f[C]
-ssh -L localhost:53682:localhost:53682 username\[at]remote_server
-\f[R]
-.fi
+Disable retries with \f[C]--retries 1\f[R].
+.SS --retries-sleep=TIME
 .PP
-Then on the headless box run \f[C]rclone\f[R] config and answer
-\f[C]Y\f[R] to the
-\f[C]Use web  browser to automatically authenticate?\f[R] question.
-.IP
-.nf
-\f[C]
-\&...
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes (default)
-n) No
-y/n> y
-\f[R]
-.fi
+This sets the interval between each retry specified by
+\f[C]--retries\f[R]
 .PP
-Then copy and paste the auth url
-\f[C]http://127.0.0.1:53682/auth?state=xxxxxxxxxxxx\f[R] to the browser
-on your local machine, complete the auth and it is done.
-.SH Filtering, includes and excludes
+The default is \f[C]0\f[R].
+Use \f[C]0\f[R] to disable.
+.SS --server-side-across-configs
 .PP
-Filter flags determine which files rclone \f[C]sync\f[R],
-\f[C]move\f[R], \f[C]ls\f[R], \f[C]lsl\f[R], \f[C]md5sum\f[R],
-\f[C]sha1sum\f[R], \f[C]size\f[R], \f[C]delete\f[R], \f[C]check\f[R] and
-similar commands apply to.
+Allow server-side operations (e.g.
+copy or move) to work across different configurations.
 .PP
-They are specified in terms of path/file name patterns; path/file lists;
-file age and size, or presence of a file in a directory.
-Bucket based remotes without the concept of directory apply filters to
-object key, age and size in an analogous way.
+This can be useful if you wish to do a server-side copy or move between
+two remotes which use the same backend but are configured differently.
 .PP
-Rclone \f[C]purge\f[R] does not obey filters.
+Note that this isn\[aq]t enabled by default because it isn\[aq]t easy
+for rclone to tell if it will work between any two configurations.
+.SS --size-only
 .PP
-To test filters without risk of damage to data, apply them to
-\f[C]rclone ls\f[R], or with the \f[C]--dry-run\f[R] and \f[C]-vv\f[R]
-flags.
+Normally rclone will look at modification time and size of files to see
+if they are equal.
+If you set this flag then rclone will check only the size.
 .PP
-Rclone filter patterns can only be used in filter command line options,
-not in the specification of a remote.
+This can be useful transferring files from Dropbox which have been
+modified by the desktop sync client which doesn\[aq]t set checksums of
+modification times in the same way as rclone.
+.SS --stats=TIME
 .PP
-E.g.
-\f[C]rclone copy \[dq]remote:dir*.jpg\[dq] /path/to/dir\f[R] does not
-have a filter effect.
-\f[C]rclone copy remote:dir /path/to/dir --include \[dq]*.jpg\[dq]\f[R]
-does.
+Commands which transfer data (\f[C]sync\f[R], \f[C]copy\f[R],
+\f[C]copyto\f[R], \f[C]move\f[R], \f[C]moveto\f[R]) will print data
+transfer stats at regular intervals to show their progress.
 .PP
-\f[B]Important\f[R] Avoid mixing any two of \f[C]--include...\f[R],
-\f[C]--exclude...\f[R] or \f[C]--filter...\f[R] flags in an rclone
-command.
-The results may not be what you expect.
-Instead use a \f[C]--filter...\f[R] flag.
-.SS Patterns for matching path/file names
-.SS Pattern syntax
+This sets the interval.
 .PP
-Here is a formal definition of the pattern syntax, examples are below.
+The default is \f[C]1m\f[R].
+Use \f[C]0\f[R] to disable.
 .PP
-Rclone matching rules follow a glob style:
-.IP
-.nf
-\f[C]
-*         matches any sequence of non-separator (/) characters
-**        matches any sequence of characters including / separators
-?         matches any single non-separator (/) character
-[ [ ! ] { character-range } ]
-          character class (must be non-empty)
-{ pattern-list }
-          pattern alternatives
-{{ regexp }}
-          regular expression to match
-c         matches character c (c != *, **, ?, \[rs], [, {, })
-\[rs]c        matches reserved character c (c = *, **, ?, \[rs], [, {, }) or character class
-\f[R]
-.fi
+If you set the stats interval then all commands can show stats.
+This can be useful when running other commands, \f[C]check\f[R] or
+\f[C]mount\f[R] for example.
 .PP
-character-range:
-.IP
-.nf
-\f[C]
-c         matches character c (c != \[rs], -, ])
-\[rs]c        matches reserved character c (c = \[rs], -, ])
-lo - hi   matches character c for lo <= c <= hi
-\f[R]
-.fi
+Stats are logged at \f[C]INFO\f[R] level by default which means they
+won\[aq]t show at default log level \f[C]NOTICE\f[R].
+Use \f[C]--stats-log-level NOTICE\f[R] or \f[C]-v\f[R] to make them
+show.
+See the Logging section for more info on log levels.
 .PP
-pattern-list:
-.IP
-.nf
-\f[C]
-pattern { , pattern }
-          comma-separated (without spaces) patterns
-\f[R]
-.fi
+Note that on macOS you can send a SIGINFO (which is normally ctrl-T in
+the terminal) to make the stats print immediately.
+.SS --stats-file-name-length integer
 .PP
-character classes (see Go regular expression
-reference (https://golang.org/pkg/regexp/syntax/)) include:
-.IP
-.nf
-\f[C]
-Named character classes (e.g. [\[rs]d], [\[ha]\[rs]d], [\[rs]D], [\[ha]\[rs]D])
-Perl character classes (e.g. \[rs]s, \[rs]S, \[rs]w, \[rs]W)
-ASCII character classes (e.g. [[:alnum:]], [[:alpha:]], [[:punct:]], [[:xdigit:]])
-\f[R]
-.fi
+By default, the \f[C]--stats\f[R] output will truncate file names and
+paths longer than 40 characters.
+This is equivalent to providing \f[C]--stats-file-name-length 40\f[R].
+Use \f[C]--stats-file-name-length 0\f[R] to disable any truncation of
+file names printed by stats.
+.SS --stats-log-level string
 .PP
-regexp for advanced users to insert a regular expression - see below for
-more info:
-.IP
-.nf
-\f[C]
-Any re2 regular expression not containing \[ga]}}\[ga]
-\f[R]
-.fi
+Log level to show \f[C]--stats\f[R] output at.
+This can be \f[C]DEBUG\f[R], \f[C]INFO\f[R], \f[C]NOTICE\f[R], or
+\f[C]ERROR\f[R].
+The default is \f[C]INFO\f[R].
+This means at the default level of logging which is \f[C]NOTICE\f[R] the
+stats won\[aq]t show - if you want them to then use
+\f[C]--stats-log-level NOTICE\f[R].
+See the Logging section for more info on log levels.
+.SS --stats-one-line
 .PP
-If the filter pattern starts with a \f[C]/\f[R] then it only matches at
-the top level of the directory tree, \f[B]relative to the root of the
-remote\f[R] (not necessarily the root of the drive).
-If it does not start with \f[C]/\f[R] then it is matched starting at the
-\f[B]end of the path/file name\f[R] but it only matches a complete path
-element - it must match from a \f[C]/\f[R] separator or the beginning of
-the path/file.
-.IP
-.nf
-\f[C]
-file.jpg   - matches \[dq]file.jpg\[dq]
-           - matches \[dq]directory/file.jpg\[dq]
-           - doesn\[aq]t match \[dq]afile.jpg\[dq]
-           - doesn\[aq]t match \[dq]directory/afile.jpg\[dq]
-/file.jpg  - matches \[dq]file.jpg\[dq] in the root directory of the remote
-           - doesn\[aq]t match \[dq]afile.jpg\[dq]
-           - doesn\[aq]t match \[dq]directory/file.jpg\[dq]
-\f[R]
-.fi
+When this is specified, rclone condenses the stats into a single line
+showing the most important stats only.
+.SS --stats-one-line-date
 .PP
-The top level of the remote may not be the top level of the drive.
+When this is specified, rclone enables the single-line stats and
+prepends the display with a date string.
+The default is \f[C]2006/01/02 15:04:05 -\f[R]
+.SS --stats-one-line-date-format
 .PP
-E.g.
-for a Microsoft Windows local directory structure
-.IP
-.nf
-\f[C]
-F:
-\[u251C]\[u2500]\[u2500] bkp
-\[u251C]\[u2500]\[u2500] data
-\[br]   \[u251C]\[u2500]\[u2500] excl
-\[br]   \[br]   \[u251C]\[u2500]\[u2500] 123.jpg
-\[br]   \[br]   \[u2514]\[u2500]\[u2500] 456.jpg
-\[br]   \[u251C]\[u2500]\[u2500] incl
-\[br]   \[br]   \[u2514]\[u2500]\[u2500] document.pdf
-\f[R]
-.fi
+When this is specified, rclone enables the single-line stats and
+prepends the display with a user-supplied date string.
+The date string MUST be enclosed in quotes.
+Follow golang specs (https://golang.org/pkg/time/#Time.Format) for date
+formatting syntax.
+.SS --stats-unit=bits|bytes
 .PP
-To copy the contents of folder \f[C]data\f[R] into folder \f[C]bkp\f[R]
-excluding the contents of subfolder \f[C]excl\f[R]the following command
-treats \f[C]F:\[rs]data\f[R] and \f[C]F:\[rs]bkp\f[R] as top level for
-filtering.
+By default, data transfer rates will be printed in bytes per second.
 .PP
-\f[C]rclone copy F:\[rs]data\[rs] F:\[rs]bkp\[rs] --exclude=/excl/**\f[R]
+This option allows the data rate to be printed in bits per second.
 .PP
-\f[B]Important\f[R] Use \f[C]/\f[R] in path/file name patterns and not
-\f[C]\[rs]\f[R] even if running on Microsoft Windows.
+Data transfer volume will still be reported in bytes.
 .PP
-Simple patterns are case sensitive unless the \f[C]--ignore-case\f[R]
-flag is used.
+The rate is reported as a binary unit, not SI unit.
+So 1 Mbit/s equals 1,048,576 bit/s and not 1,000,000 bit/s.
 .PP
-Without \f[C]--ignore-case\f[R] (default)
-.IP
-.nf
-\f[C]
-potato - matches \[dq]potato\[dq]
-       - doesn\[aq]t match \[dq]POTATO\[dq]
-\f[R]
-.fi
+The default is \f[C]bytes\f[R].
+.SS --suffix=SUFFIX
 .PP
-With \f[C]--ignore-case\f[R]
-.IP
-.nf
-\f[C]
-potato - matches \[dq]potato\[dq]
-       - matches \[dq]POTATO\[dq]
-\f[R]
-.fi
-.SS Using regular expressions in filter patterns
+When using \f[C]sync\f[R], \f[C]copy\f[R] or \f[C]move\f[R] any files
+which would have been overwritten or deleted will have the suffix added
+to them.
+If there is a file with the same path (after the suffix has been added),
+then it will be overwritten.
 .PP
-The syntax of filter patterns is glob style matching (like
-\f[C]bash\f[R] uses) to make things easy for users.
-However this does not provide absolute control over the matching, so for
-advanced users rclone also provides a regular expression syntax.
+The remote in use must support server-side move or copy and you must use
+the same remote as the destination of the sync.
 .PP
-The regular expressions used are as defined in the Go regular expression
-reference (https://golang.org/pkg/regexp/syntax/).
-Regular expressions should be enclosed in \f[C]{{\f[R] \f[C]}}\f[R].
-They will match only the last path segment if the glob doesn\[aq]t start
-with \f[C]/\f[R] or the whole path name if it does.
-Note that rclone does not attempt to parse the supplied regular
-expression, meaning that using any regular expression filter will
-prevent rclone from using directory filter rules, as it will instead
-check every path against the supplied regular expression(s).
+This is for use with files to add the suffix in the current directory or
+with \f[C]--backup-dir\f[R].
+See \f[C]--backup-dir\f[R] for more info.
 .PP
-Here is how the \f[C]{{regexp}}\f[R] is transformed into an full regular
-expression to match the entire path:
+For example
 .IP
 .nf
 \f[C]
-{{regexp}}  becomes (\[ha]|/)(regexp)$
-/{{regexp}} becomes \[ha](regexp)$
+rclone copy --interactive /path/to/local/file remote:current --suffix .bak
 \f[R]
 .fi
 .PP
-Regexp syntax can be mixed with glob syntax, for example
-.IP
-.nf
-\f[C]
-*.{{jpe?g}} to match file.jpg, file.jpeg but not file.png
-\f[R]
-.fi
+will copy \f[C]/path/to/local\f[R] to \f[C]remote:current\f[R], but for
+any files which would have been updated or deleted have .bak added.
 .PP
-You can also use regexp flags - to set case insensitive, for example
+If using \f[C]rclone sync\f[R] with \f[C]--suffix\f[R] and without
+\f[C]--backup-dir\f[R] then it is recommended to put a filter rule in
+excluding the suffix otherwise the \f[C]sync\f[R] will delete the backup
+files.
 .IP
 .nf
 \f[C]
-*.{{(?i)jpg}} to match file.jpg, file.JPG but not file.png
+rclone sync --interactive /path/to/local/file remote:current --suffix .bak --exclude \[dq]*.bak\[dq]
 \f[R]
 .fi
+.SS --suffix-keep-extension
 .PP
-Be careful with wildcards in regular expressions - you don\[aq]t want
-them to match path separators normally.
-To match any file name starting with \f[C]start\f[R] and ending with
-\f[C]end\f[R] write
-.IP
-.nf
-\f[C]
-{{start[\[ha]/]*end\[rs].jpg}}
-\f[R]
-.fi
+When using \f[C]--suffix\f[R], setting this causes rclone put the SUFFIX
+before the extension of the files that it backs up rather than after.
 .PP
-Not
-.IP
-.nf
-\f[C]
-{{start.*end\[rs].jpg}}
-\f[R]
-.fi
+So let\[aq]s say we had \f[C]--suffix -2019-01-01\f[R], without the flag
+\f[C]file.txt\f[R] would be backed up to \f[C]file.txt-2019-01-01\f[R]
+and with the flag it would be backed up to
+\f[C]file-2019-01-01.txt\f[R].
+This can be helpful to make sure the suffixed files can still be opened.
 .PP
-Which will match a directory called \f[C]start\f[R] with a file called
-\f[C]end.jpg\f[R] in it as the \f[C].*\f[R] will match \f[C]/\f[R]
-characters.
+If a file has two (or more) extensions and the second (or subsequent)
+extension is recognised as a valid mime type, then the suffix will go
+before that extension.
+So \f[C]file.tar.gz\f[R] would be backed up to
+\f[C]file-2019-01-01.tar.gz\f[R] whereas \f[C]file.badextension.gz\f[R]
+would be backed up to \f[C]file.badextension-2019-01-01.gz\f[R].
+.SS --syslog
 .PP
-Note that you can use \f[C]-vv --dump filters\f[R] to show the filter
-patterns in regexp format - rclone implements the glob patters by
-transforming them into regular expressions.
-.SS Filter pattern examples
+On capable OSes (not Windows or Plan9) send all log output to syslog.
 .PP
-.TS
-tab(@);
-l l l l.
-T{
-Description
-T}@T{
-Pattern
-T}@T{
-Matches
-T}@T{
-Does not match
-T}
-_
-T{
-Wildcard
-T}@T{
-\f[C]*.jpg\f[R]
-T}@T{
-\f[C]/file.jpg\f[R]
-T}@T{
-\f[C]/file.png\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/dir/file.jpg\f[R]
-T}@T{
-\f[C]/dir/file.png\f[R]
-T}
-T{
-Rooted
-T}@T{
-\f[C]/*.jpg\f[R]
-T}@T{
-\f[C]/file.jpg\f[R]
-T}@T{
-\f[C]/file.png\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/file2.jpg\f[R]
-T}@T{
-\f[C]/dir/file.jpg\f[R]
-T}
-T{
-Alternates
-T}@T{
-\f[C]*.{jpg,png}\f[R]
-T}@T{
-\f[C]/file.jpg\f[R]
-T}@T{
-\f[C]/file.gif\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/dir/file.png\f[R]
-T}@T{
-\f[C]/dir/file.gif\f[R]
-T}
-T{
-Path Wildcard
-T}@T{
-\f[C]dir/**\f[R]
-T}@T{
-\f[C]/dir/anyfile\f[R]
-T}@T{
-\f[C]file.png\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/subdir/dir/subsubdir/anyfile\f[R]
-T}@T{
-\f[C]/subdir/file.png\f[R]
-T}
-T{
-Any Char
-T}@T{
-\f[C]*.t?t\f[R]
-T}@T{
-\f[C]/file.txt\f[R]
-T}@T{
-\f[C]/file.qxt\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/dir/file.tzt\f[R]
-T}@T{
-\f[C]/dir/file.png\f[R]
-T}
-T{
-Range
-T}@T{
-\f[C]*.[a-z]\f[R]
-T}@T{
-\f[C]/file.a\f[R]
-T}@T{
-\f[C]/file.0\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/dir/file.b\f[R]
-T}@T{
-\f[C]/dir/file.1\f[R]
-T}
-T{
-Escape
-T}@T{
-\f[C]*.\[rs]?\[rs]?\[rs]?\f[R]
-T}@T{
-\f[C]/file.???\f[R]
-T}@T{
-\f[C]/file.abc\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/dir/file.???\f[R]
-T}@T{
-\f[C]/dir/file.def\f[R]
-T}
-T{
-Class
-T}@T{
-\f[C]*.\[rs]d\[rs]d\[rs]d\f[R]
-T}@T{
-\f[C]/file.012\f[R]
-T}@T{
-\f[C]/file.abc\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/dir/file.345\f[R]
-T}@T{
-\f[C]/dir/file.def\f[R]
-T}
-T{
-Regexp
-T}@T{
-\f[C]*.{{jpe?g}}\f[R]
-T}@T{
-\f[C]/file.jpeg\f[R]
-T}@T{
-\f[C]/file.png\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/dir/file.jpg\f[R]
-T}@T{
-\f[C]/dir/file.jpeeg\f[R]
-T}
-T{
-Rooted Regexp
-T}@T{
-\f[C]/{{.*\[rs].jpe?g}}\f[R]
-T}@T{
-\f[C]/file.jpeg\f[R]
-T}@T{
-\f[C]/file.png\f[R]
-T}
-T{
-T}@T{
-T}@T{
-\f[C]/file.jpg\f[R]
-T}@T{
-\f[C]/dir/file.jpg\f[R]
-T}
-.TE
-.SS How filter rules are applied to files
-.PP
-Rclone path/file name filters are made up of one or more of the
-following flags:
-.IP \[bu] 2
-\f[C]--include\f[R]
-.IP \[bu] 2
-\f[C]--include-from\f[R]
-.IP \[bu] 2
-\f[C]--exclude\f[R]
-.IP \[bu] 2
-\f[C]--exclude-from\f[R]
-.IP \[bu] 2
-\f[C]--filter\f[R]
-.IP \[bu] 2
-\f[C]--filter-from\f[R]
-.PP
-There can be more than one instance of individual flags.
+This can be useful for running rclone in a script or
+\f[C]rclone mount\f[R].
+.SS --syslog-facility string
 .PP
-Rclone internally uses a combined list of all the include and exclude
-rules.
-The order in which rules are processed can influence the result of the
-filter.
+If using \f[C]--syslog\f[R] this sets the syslog facility (e.g.
+\f[C]KERN\f[R], \f[C]USER\f[R]).
+See \f[C]man syslog\f[R] for a list of possible facilities.
+The default facility is \f[C]DAEMON\f[R].
+.SS --temp-dir=DIR
 .PP
-All flags of the same type are processed together in the order above,
-regardless of what order the different types of flags are included on
-the command line.
+Specify the directory rclone will use for temporary files, to override
+the default.
+Make sure the directory exists and have accessible permissions.
 .PP
-Multiple instances of the same flag are processed from left to right
-according to their position in the command line.
+By default the operating system\[aq]s temp directory will be used: - On
+Unix systems, \f[C]$TMPDIR\f[R] if non-empty, else \f[C]/tmp\f[R].
+- On Windows, the first non-empty value from \f[C]%TMP%\f[R],
+\f[C]%TEMP%\f[R], \f[C]%USERPROFILE%\f[R], or the Windows directory.
 .PP
-To mix up the order of processing includes and excludes use
-\f[C]--filter...\f[R] flags.
+When overriding the default with this option, the specified path will be
+set as value of environment variable \f[C]TMPDIR\f[R] on Unix systems
+and \f[C]TMP\f[R] and \f[C]TEMP\f[R] on Windows.
 .PP
-Within \f[C]--include-from\f[R], \f[C]--exclude-from\f[R] and
-\f[C]--filter-from\f[R] flags rules are processed from top to bottom of
-the referenced file.
+You can use the config
+paths (https://rclone.org/commands/rclone_config_paths/) command to see
+the current value.
+.SS --tpslimit float
 .PP
-If there is an \f[C]--include\f[R] or \f[C]--include-from\f[R] flag
-specified, rclone implies a \f[C]- **\f[R] rule which it adds to the
-bottom of the internal rule list.
-Specifying a \f[C]+\f[R] rule with a \f[C]--filter...\f[R] flag does not
-imply that rule.
+Limit transactions per second to this number.
+Default is 0 which is used to mean unlimited transactions per second.
 .PP
-Each path/file name passed through rclone is matched against the
-combined filter list.
-At first match to a rule the path/file name is included or excluded and
-no further filter rules are processed for that path/file.
+A transaction is roughly defined as an API call; its exact meaning will
+depend on the backend.
+For HTTP based backends it is an HTTP PUT/GET/POST/etc and its response.
+For FTP/SFTP it is a round trip transaction over TCP.
 .PP
-If rclone does not find a match, after testing against all rules
-(including the implied rule if appropriate), the path/file name is
-included.
+For example, to limit rclone to 10 transactions per second use
+\f[C]--tpslimit 10\f[R], or to 1 transaction every 2 seconds use
+\f[C]--tpslimit 0.5\f[R].
 .PP
-Any path/file included at that stage is processed by the rclone command.
+Use this when the number of transactions per second from rclone is
+causing a problem with the cloud storage provider (e.g.
+getting you banned or rate limited).
 .PP
-\f[C]--files-from\f[R] and \f[C]--files-from-raw\f[R] flags over-ride
-and cannot be combined with other filter options.
+This can be very useful for \f[C]rclone mount\f[R] to control the
+behaviour of applications using it.
 .PP
-To see the internal combined rule list, in regular expression form, for
-a command add the \f[C]--dump filters\f[R] flag.
-Running an rclone command with \f[C]--dump filters\f[R] and
-\f[C]-vv\f[R] flags lists the internal filter elements and shows how
-they are applied to each source path/file.
-There is not currently a means provided to pass regular expression
-filter options into rclone directly though character class filter rules
-contain character classes.
-Go regular expression reference (https://golang.org/pkg/regexp/syntax/)
-.SS How filter rules are applied to directories
+This limit applies to all HTTP based backends and to the FTP and SFTP
+backends.
+It does not apply to the local backend or the Storj backend.
 .PP
-Rclone commands are applied to path/file names not directories.
-The entire contents of a directory can be matched to a filter by the
-pattern \f[C]directory/*\f[R] or recursively by \f[C]directory/**\f[R].
+See also \f[C]--tpslimit-burst\f[R].
+.SS --tpslimit-burst int
 .PP
-Directory filter rules are defined with a closing \f[C]/\f[R] separator.
+Max burst of transactions for \f[C]--tpslimit\f[R] (default
+\f[C]1\f[R]).
 .PP
-E.g.
-\f[C]/directory/subdirectory/\f[R] is an rclone directory filter rule.
+Normally \f[C]--tpslimit\f[R] will do exactly the number of transaction
+per second specified.
+However if you supply \f[C]--tps-burst\f[R] then rclone can save up some
+transactions from when it was idle giving a burst of up to the parameter
+supplied.
 .PP
-Rclone commands can use directory filter rules to determine whether they
-recurse into subdirectories.
-This potentially optimises access to a remote by avoiding listing
-unnecessary directories.
-Whether optimisation is desirable depends on the specific filter rules
-and source remote content.
+For example if you provide \f[C]--tpslimit-burst 10\f[R] then if rclone
+has been idle for more than 10*\f[C]--tpslimit\f[R] then it can do 10
+transactions very quickly before they are limited again.
 .PP
-If any regular expression filters are in use, then no directory
-recursion optimisation is possible, as rclone must check every path
-against the supplied regular expression(s).
+This may be used to increase performance of \f[C]--tpslimit\f[R] without
+changing the long term average number of transactions per second.
+.SS --track-renames
 .PP
-Directory recursion optimisation occurs if either:
-.IP \[bu] 2
-A source remote does not support the rclone \f[C]ListR\f[R] primitive.
-local, sftp, Microsoft OneDrive and WebDAV do not support
-\f[C]ListR\f[R].
-Google Drive and most bucket type storage do.
-Full list (https://rclone.org/overview/#optional-features)
-.IP \[bu] 2
-On other remotes (those that support \f[C]ListR\f[R]), if the rclone
-command is not naturally recursive, and provided it is not run with the
-\f[C]--fast-list\f[R] flag.
-\f[C]ls\f[R], \f[C]lsf -R\f[R] and \f[C]size\f[R] are naturally
-recursive but \f[C]sync\f[R], \f[C]copy\f[R] and \f[C]move\f[R] are not.
-.IP \[bu] 2
-Whenever the \f[C]--disable ListR\f[R] flag is applied to an rclone
-command.
+By default, rclone doesn\[aq]t keep track of renamed files, so if you
+rename a file locally then sync it to a remote, rclone will delete the
+old file on the remote and upload a new copy.
 .PP
-Rclone commands imply directory filter rules from path/file filter
-rules.
-To view the directory filter rules rclone has implied for a command
-specify the \f[C]--dump filters\f[R] flag.
+An rclone sync with \f[C]--track-renames\f[R] runs like a normal sync,
+but keeps track of objects which exist in the destination but not in the
+source (which would normally be deleted), and which objects exist in the
+source but not the destination (which would normally be transferred).
+These objects are then candidates for renaming.
 .PP
-E.g.
-for an include rule
-.IP
-.nf
-\f[C]
-/a/*.jpg
-\f[R]
-.fi
+After the sync, rclone matches up the source only and destination only
+objects using the \f[C]--track-renames-strategy\f[R] specified and
+either renames the destination object or transfers the source and
+deletes the destination object.
+\f[C]--track-renames\f[R] is stateless like all of rclone\[aq]s syncs.
 .PP
-Rclone implies the directory include rule
-.IP
-.nf
-\f[C]
-/a/
-\f[R]
-.fi
+To use this flag the destination must support server-side copy or
+server-side move, and to use a hash based
+\f[C]--track-renames-strategy\f[R] (the default) the source and the
+destination must have a compatible hash.
 .PP
-Directory filter rules specified in an rclone command can limit the
-scope of an rclone command but path/file filters still have to be
-specified.
+If the destination does not support server-side copy or move, rclone
+will fall back to the default behaviour and log an error level message
+to the console.
 .PP
-E.g.
-\f[C]rclone ls remote: --include /directory/\f[R] will not match any
-files.
-Because it is an \f[C]--include\f[R] option the \f[C]--exclude **\f[R]
-rule is implied, and the \f[C]/directory/\f[R] pattern serves only to
-optimise access to the remote by ignoring everything outside of that
-directory.
+Encrypted destinations are not currently supported by
+\f[C]--track-renames\f[R] if \f[C]--track-renames-strategy\f[R] includes
+\f[C]hash\f[R].
 .PP
-E.g.
-\f[C]rclone ls remote: --filter-from filter-list.txt\f[R] with a file
-\f[C]filter-list.txt\f[R]:
-.IP
-.nf
-\f[C]
-- /dir1/
-- /dir2/
-+ *.pdf
-- **
-\f[R]
-.fi
+Note that \f[C]--track-renames\f[R] is incompatible with
+\f[C]--no-traverse\f[R] and that it uses extra memory to keep track of
+all the rename candidates.
 .PP
-All files in directories \f[C]dir1\f[R] or \f[C]dir2\f[R] or their
-subdirectories are completely excluded from the listing.
-Only files of suffix \f[C]pdf\f[R] in the root of \f[C]remote:\f[R] or
-its subdirectories are listed.
-The \f[C]- **\f[R] rule prevents listing of any path/files not
-previously matched by the rules above.
+Note also that \f[C]--track-renames\f[R] is incompatible with
+\f[C]--delete-before\f[R] and will select \f[C]--delete-after\f[R]
+instead of \f[C]--delete-during\f[R].
+.SS --track-renames-strategy (hash,modtime,leaf,size)
 .PP
-Option \f[C]exclude-if-present\f[R] creates a directory exclude rule
-based on the presence of a file in a directory and takes precedence over
-other rclone directory filter rules.
+This option changes the file matching criteria for
+\f[C]--track-renames\f[R].
 .PP
-When using pattern list syntax, if a pattern item contains either
-\f[C]/\f[R] or \f[C]**\f[R], then rclone will not able to imply a
-directory filter rule from this pattern list.
+The matching is controlled by a comma separated selection of these
+tokens:
+.IP \[bu] 2
+\f[C]modtime\f[R] - the modification time of the file - not supported on
+all backends
+.IP \[bu] 2
+\f[C]hash\f[R] - the hash of the file contents - not supported on all
+backends
+.IP \[bu] 2
+\f[C]leaf\f[R] - the name of the file not including its directory name
+.IP \[bu] 2
+\f[C]size\f[R] - the size of the file (this is always enabled)
 .PP
-E.g.
-for an include rule
-.IP
-.nf
-\f[C]
-{dir1/**,dir2/**}
-\f[R]
-.fi
+The default option is \f[C]hash\f[R].
 .PP
-Rclone will match files below directories \f[C]dir1\f[R] or
-\f[C]dir2\f[R] only, but will not be able to use this filter to exclude
-a directory \f[C]dir3\f[R] from being traversed.
+Using \f[C]--track-renames-strategy modtime,leaf\f[R] would match files
+based on modification time, the leaf of the file name and the size only.
 .PP
-Directory recursion optimisation may affect performance, but normally
-not the result.
-One exception to this is sync operations with option
-\f[C]--create-empty-src-dirs\f[R], where any traversed empty directories
-will be created.
-With the pattern list example \f[C]{dir1/**,dir2/**}\f[R] above, this
-would create an empty directory \f[C]dir3\f[R] on destination (when it
-exists on source).
-Changing the filter to \f[C]{dir1,dir2}/**\f[R], or splitting it into
-two include rules \f[C]--include dir1/** --include dir2/**\f[R], will
-match the same files while also filtering directories, with the result
-that an empty directory \f[C]dir3\f[R] will no longer be created.
-.SS \f[C]--exclude\f[R] - Exclude files matching pattern
+Using \f[C]--track-renames-strategy modtime\f[R] or \f[C]leaf\f[R] can
+enable \f[C]--track-renames\f[R] support for encrypted destinations.
 .PP
-Excludes path/file names from an rclone command based on a single
-exclude rule.
+Note that the \f[C]hash\f[R] strategy is not supported with encrypted
+destinations.
+.SS --delete-(before,during,after)
 .PP
-This flag can be repeated.
-See above for the order filter flags are processed in.
+This option allows you to specify when files on your destination are
+deleted when you sync folders.
 .PP
-\f[C]--exclude\f[R] should not be used with \f[C]--include\f[R],
-\f[C]--include-from\f[R], \f[C]--filter\f[R] or \f[C]--filter-from\f[R]
-flags.
+Specifying the value \f[C]--delete-before\f[R] will delete all files
+present on the destination, but not on the source \f[I]before\f[R]
+starting the transfer of any new or updated files.
+This uses two passes through the file systems, one for the deletions and
+one for the copies.
 .PP
-\f[C]--exclude\f[R] has no effect when combined with
-\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
+Specifying \f[C]--delete-during\f[R] will delete files while checking
+and uploading files.
+This is the fastest option and uses the least memory.
 .PP
-E.g.
-\f[C]rclone ls remote: --exclude *.bak\f[R] excludes all .bak files from
-listing.
+Specifying \f[C]--delete-after\f[R] (the default value) will delay
+deletion of files until all new/updated files have been successfully
+transferred.
+The files to be deleted are collected in the copy pass then deleted
+after the copy pass has completed successfully.
+The files to be deleted are held in memory so this mode may use more
+memory.
+This is the safest mode as it will only delete files if there have been
+no errors subsequent to that.
+If there have been errors before the deletions start then you will get
+the message \f[C]not deleting files as there were IO errors\f[R].
+.SS --fast-list
 .PP
-E.g.
-\f[C]rclone size remote: \[dq]--exclude /dir/**\[dq]\f[R] returns the
-total size of all files on \f[C]remote:\f[R] excluding those in root
-directory \f[C]dir\f[R] and sub directories.
+When doing anything which involves a directory listing (e.g.
+\f[C]sync\f[R], \f[C]copy\f[R], \f[C]ls\f[R] - in fact nearly every
+command), rclone has different strategies to choose from.
 .PP
-E.g.
-on Microsoft Windows
-\f[C]rclone ls remote: --exclude \[dq]*\[rs][{JP,KR,HK}\[rs]]*\[dq]\f[R]
-lists the files in \f[C]remote:\f[R] with \f[C][JP]\f[R] or
-\f[C][KR]\f[R] or \f[C][HK]\f[R] in their name.
-Quotes prevent the shell from interpreting the \f[C]\[rs]\f[R]
-characters.\f[C]\[rs]\f[R] characters escape the \f[C][\f[R] and
-\f[C]]\f[R] so an rclone filter treats them literally rather than as a
-character-range.
-The \f[C]{\f[R] and \f[C]}\f[R] define an rclone pattern list.
-For other operating systems single quotes are required ie
-\f[C]rclone ls remote: --exclude \[aq]*\[rs][{JP,KR,HK}\[rs]]*\[aq]\f[R]
-.SS \f[C]--exclude-from\f[R] - Read exclude patterns from file
+The basic strategy is to list one directory and processes it before
+using more directory lists to process any subdirectories.
+This is a mandatory backend feature, called \f[C]List\f[R], which means
+it is supported by all backends.
+This strategy uses small amount of memory, and because it can be
+parallelised it is fast for operations involving processing of the list
+results.
+.PP
+Some backends provide the support for an alternative strategy, where all
+files beneath a directory can be listed in one (or a small number) of
+transactions.
+Rclone supports this alternative strategy through an optional backend
+feature called \f[C]ListR\f[R] (https://rclone.org/overview/#listr).
+You can see in the storage system overview documentation\[aq]s optional
+features (https://rclone.org/overview/#optional-features) section which
+backends it is enabled for (these tend to be the bucket-based ones, e.g.
+S3, B2, GCS, Swift).
+This strategy requires fewer transactions for highly recursive
+operations, which is important on backends where this is charged or
+heavily rate limited.
+It may be faster (due to fewer transactions) or slower (because it
+can\[aq]t be parallelized) depending on different parameters, and may
+require more memory if rclone has to keep the whole listing in memory.
+.PP
+Which listing strategy rclone picks for a given operation is
+complicated, but in general it tries to choose the best possible.
+It will prefer \f[C]ListR\f[R] in situations where it doesn\[aq]t need
+to store the listed files in memory, e.g.
+for unlimited recursive \f[C]ls\f[R] command variants.
+In other situations it will prefer \f[C]List\f[R], e.g.
+for \f[C]sync\f[R] and \f[C]copy\f[R], where it needs to keep the listed
+files in memory, and is performing operations on them where
+parallelization may be a huge advantage.
+.PP
+Rclone is not able to take all relevant parameters into account for
+deciding the best strategy, and therefore allows you to influence the
+choice in two ways: You can stop rclone from using \f[C]ListR\f[R] by
+disabling the feature, using the --disable option
+(\f[C]--disable ListR\f[R]), or you can allow rclone to use
+\f[C]ListR\f[R] where it would normally choose not to do so due to
+higher memory usage, using the \f[C]--fast-list\f[R] option.
+Rclone should always produce identical results either way.
+Using \f[C]--disable ListR\f[R] or \f[C]--fast-list\f[R] on a remote
+which doesn\[aq]t support \f[C]ListR\f[R] does nothing, rclone will just
+ignore it.
+.PP
+A rule of thumb is that if you pay for transactions and can fit your
+entire sync listing into memory, then \f[C]--fast-list\f[R] is
+recommended.
+If you have a very big sync to do, then don\[aq]t use
+\f[C]--fast-list\f[R], otherwise you will run out of memory.
+Run some tests and compare before you decide, and if in doubt then just
+leave the default, let rclone decide, i.e.
+not use \f[C]--fast-list\f[R].
+.SS --timeout=TIME
 .PP
-Excludes path/file names from an rclone command based on rules in a
-named file.
-The file contains a list of remarks and pattern rules.
+This sets the IO idle timeout.
+If a transfer has started but then becomes idle for this long it is
+considered broken and disconnected.
 .PP
-For an example \f[C]exclude-file.txt\f[R]:
-.IP
-.nf
-\f[C]
-# a sample exclude rule file
-*.bak
-file2.jpg
-\f[R]
-.fi
+The default is \f[C]5m\f[R].
+Set to \f[C]0\f[R] to disable.
+.SS --transfers=N
 .PP
-\f[C]rclone ls remote: --exclude-from exclude-file.txt\f[R] lists the
-files on \f[C]remote:\f[R] except those named \f[C]file2.jpg\f[R] or
-with a suffix \f[C].bak\f[R].
-That is equivalent to
-\f[C]rclone ls remote: --exclude file2.jpg --exclude \[dq]*.bak\[dq]\f[R].
+The number of file transfers to run in parallel.
+It can sometimes be useful to set this to a smaller number if the remote
+is giving a lot of timeouts or bigger if you have lots of bandwidth and
+a fast remote.
 .PP
-This flag can be repeated.
-See above for the order filter flags are processed in.
+The default is to run 4 file transfers in parallel.
 .PP
-The \f[C]--exclude-from\f[R] flag is useful where multiple exclude
-filter rules are applied to an rclone command.
+Look at --multi-thread-streams if you would like to control single file
+transfers.
+.SS -u, --update
 .PP
-\f[C]--exclude-from\f[R] should not be used with \f[C]--include\f[R],
-\f[C]--include-from\f[R], \f[C]--filter\f[R] or \f[C]--filter-from\f[R]
-flags.
+This forces rclone to skip any files which exist on the destination and
+have a modified time that is newer than the source file.
 .PP
-\f[C]--exclude-from\f[R] has no effect when combined with
-\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
-.PP
-\f[C]--exclude-from\f[R] followed by \f[C]-\f[R] reads filter rules from
-standard input.
-.SS \f[C]--include\f[R] - Include files matching pattern
-.PP
-Adds a single include rule based on path/file names to an rclone
-command.
+This can be useful in avoiding needless transfers when transferring to a
+remote which doesn\[aq]t support modification times directly (or when
+using \f[C]--use-server-modtime\f[R] to avoid extra API calls) as it is
+more accurate than a \f[C]--size-only\f[R] check and faster than using
+\f[C]--checksum\f[R].
+On such remotes (or when using \f[C]--use-server-modtime\f[R]) the time
+checked will be the uploaded time.
 .PP
-This flag can be repeated.
-See above for the order filter flags are processed in.
+If an existing destination file has a modification time older than the
+source file\[aq]s, it will be updated if the sizes are different.
+If the sizes are the same, it will be updated if the checksum is
+different or not available.
 .PP
-\f[C]--include\f[R] has no effect when combined with
-\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
+If an existing destination file has a modification time equal (within
+the computed modify window) to the source file\[aq]s, it will be updated
+if the sizes are different.
+The checksum will not be checked in this case unless the
+\f[C]--checksum\f[R] flag is provided.
 .PP
-\f[C]--include\f[R] implies \f[C]--exclude **\f[R] at the end of an
-rclone internal filter list.
-Therefore if you mix \f[C]--include\f[R] and \f[C]--include-from\f[R]
-flags with \f[C]--exclude\f[R], \f[C]--exclude-from\f[R],
-\f[C]--filter\f[R] or \f[C]--filter-from\f[R], you must use include
-rules for all the files you want in the include statement.
-For more flexibility use the \f[C]--filter-from\f[R] flag.
+In all other cases the file will not be updated.
 .PP
-E.g.
-\f[C]rclone ls remote: --include \[dq]*.{png,jpg}\[dq]\f[R] lists the
-files on \f[C]remote:\f[R] with suffix \f[C].png\f[R] and
-\f[C].jpg\f[R].
-All other files are excluded.
+Consider using the \f[C]--modify-window\f[R] flag to compensate for time
+skews between the source and the backend, for backends that do not
+support mod times, and instead use uploaded times.
+However, if the backend does not support checksums, note that syncing or
+copying within the time skew window may still result in additional
+transfers for safety.
+.SS --use-mmap
 .PP
-E.g.
-multiple rclone copy commands can be combined with \f[C]--include\f[R]
-and a pattern-list.
-.IP
-.nf
-\f[C]
-rclone copy /vol1/A remote:A
-rclone copy /vol1/B remote:B
-\f[R]
-.fi
+If this flag is set then rclone will use anonymous memory allocated by
+mmap on Unix based platforms and VirtualAlloc on Windows for its
+transfer buffers (size controlled by \f[C]--buffer-size\f[R]).
+Memory allocated like this does not go on the Go heap and can be
+returned to the OS immediately when it is finished with.
 .PP
-is equivalent to:
-.IP
-.nf
-\f[C]
-rclone copy /vol1 remote: --include \[dq]{A,B}/**\[dq]
-\f[R]
-.fi
+If this flag is not set then rclone will allocate and free the buffers
+using the Go memory allocator which may use more memory as memory pages
+are returned less aggressively to the OS.
 .PP
-E.g.
-\f[C]rclone ls remote:/wheat --include \[dq]??[\[ha][:punct:]]*\[dq]\f[R]
-lists the files \f[C]remote:\f[R] directory \f[C]wheat\f[R] (and
-subdirectories) whose third character is not punctuation.
-This example uses an ASCII character
-class (https://golang.org/pkg/regexp/syntax/).
-.SS \f[C]--include-from\f[R] - Read include patterns from file
+It is possible this does not work well on all platforms so it is
+disabled by default; in the future it may be enabled by default.
+.SS --use-server-modtime
 .PP
-Adds path/file names to an rclone command based on rules in a named
-file.
-The file contains a list of remarks and pattern rules.
+Some object-store backends (e.g, Swift, S3) do not preserve file
+modification times (modtime).
+On these backends, rclone stores the original modtime as additional
+metadata on the object.
+By default it will make an API call to retrieve the metadata when the
+modtime is needed by an operation.
 .PP
-For an example \f[C]include-file.txt\f[R]:
-.IP
-.nf
-\f[C]
-# a sample include rule file
-*.jpg
-file2.avi
-\f[R]
-.fi
+Use this flag to disable the extra API call and rely instead on the
+server\[aq]s modified time.
+In cases such as a local to remote sync using \f[C]--update\f[R],
+knowing the local file is newer than the time it was last uploaded to
+the remote is sufficient.
+In those cases, this flag can speed up the process and reduce the number
+of API calls necessary.
 .PP
-\f[C]rclone ls remote: --include-from include-file.txt\f[R] lists the
-files on \f[C]remote:\f[R] with name \f[C]file2.avi\f[R] or suffix
-\f[C].jpg\f[R].
-That is equivalent to
-\f[C]rclone ls remote: --include file2.avi --include \[dq]*.jpg\[dq]\f[R].
+Using this flag on a sync operation without also using
+\f[C]--update\f[R] would cause all files modified at any time other than
+the last upload time to be uploaded again, which is probably not what
+you want.
+.SS -v, -vv, --verbose
 .PP
-This flag can be repeated.
-See above for the order filter flags are processed in.
+With \f[C]-v\f[R] rclone will tell you about each file that is
+transferred and a small number of significant events.
 .PP
-The \f[C]--include-from\f[R] flag is useful where multiple include
-filter rules are applied to an rclone command.
+With \f[C]-vv\f[R] rclone will become very verbose telling you about
+every file it considers and transfers.
+Please send bug reports with a log with this setting.
 .PP
-\f[C]--include-from\f[R] implies \f[C]--exclude **\f[R] at the end of an
-rclone internal filter list.
-Therefore if you mix \f[C]--include\f[R] and \f[C]--include-from\f[R]
-flags with \f[C]--exclude\f[R], \f[C]--exclude-from\f[R],
-\f[C]--filter\f[R] or \f[C]--filter-from\f[R], you must use include
-rules for all the files you want in the include statement.
-For more flexibility use the \f[C]--filter-from\f[R] flag.
+When setting verbosity as an environment variable, use
+\f[C]RCLONE_VERBOSE=1\f[R] or \f[C]RCLONE_VERBOSE=2\f[R] for
+\f[C]-v\f[R] and \f[C]-vv\f[R] respectively.
+.SS -V, --version
 .PP
-\f[C]--exclude-from\f[R] has no effect when combined with
-\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
+Prints the version number
+.SS SSL/TLS options
 .PP
-\f[C]--exclude-from\f[R] followed by \f[C]-\f[R] reads filter rules from
-standard input.
-.SS \f[C]--filter\f[R] - Add a file-filtering rule
+The outgoing SSL/TLS connections rclone makes can be controlled with
+these options.
+For example this can be very useful with the HTTP or WebDAV backends.
+Rclone HTTP servers have their own set of configuration for SSL/TLS
+which you can find in their documentation.
+.SS --ca-cert stringArray
 .PP
-Specifies path/file names to an rclone command, based on a single
-include or exclude rule, in \f[C]+\f[R] or \f[C]-\f[R] format.
+This loads the PEM encoded certificate authority certificates and uses
+it to verify the certificates of the servers rclone connects to.
 .PP
-This flag can be repeated.
-See above for the order filter flags are processed in.
+If you have generated certificates signed with a local CA then you will
+need this flag to connect to servers using those certificates.
+.SS --client-cert string
 .PP
-\f[C]--filter +\f[R] differs from \f[C]--include\f[R].
-In the case of \f[C]--include\f[R] rclone implies an
-\f[C]--exclude *\f[R] rule which it adds to the bottom of the internal
-rule list.
-\f[C]--filter...+\f[R] does not imply that rule.
+This loads the PEM encoded client side certificate.
 .PP
-\f[C]--filter\f[R] has no effect when combined with
-\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
+This is used for mutual TLS
+authentication (https://en.wikipedia.org/wiki/Mutual_authentication).
 .PP
-\f[C]--filter\f[R] should not be used with \f[C]--include\f[R],
-\f[C]--include-from\f[R], \f[C]--exclude\f[R] or
-\f[C]--exclude-from\f[R] flags.
+The \f[C]--client-key\f[R] flag is required too when using this.
+.SS --client-key string
 .PP
-E.g.
-\f[C]rclone ls remote: --filter \[dq]- *.bak\[dq]\f[R] excludes all
-\f[C].bak\f[R] files from a list of \f[C]remote:\f[R].
-.SS \f[C]--filter-from\f[R] - Read filtering patterns from a file
+This loads the PEM encoded client side private key used for mutual TLS
+authentication.
+Used in conjunction with \f[C]--client-cert\f[R].
+.SS --no-check-certificate=true/false
 .PP
-Adds path/file names to an rclone command based on rules in a named
-file.
-The file contains a list of remarks and pattern rules.
-Include rules start with \f[C]+\f[R] and exclude rules with \f[C]-\f[R].
-\f[C]!\f[R] clears existing rules.
-Rules are processed in the order they are defined.
+\f[C]--no-check-certificate\f[R] controls whether a client verifies the
+server\[aq]s certificate chain and host name.
+If \f[C]--no-check-certificate\f[R] is true, TLS accepts any certificate
+presented by the server and any host name in that certificate.
+In this mode, TLS is susceptible to man-in-the-middle attacks.
 .PP
-This flag can be repeated.
-See above for the order filter flags are processed in.
+This option defaults to \f[C]false\f[R].
 .PP
-Arrange the order of filter rules with the most restrictive first and
-work down.
+\f[B]This should be used only for testing.\f[R]
+.SS Configuration Encryption
 .PP
-E.g.
-for \f[C]filter-file.txt\f[R]:
-.IP
-.nf
-\f[C]
-# a sample filter rule file
-- secret*.jpg
-+ *.jpg
-+ *.png
-+ file2.avi
-- /dir/Trash/**
-+ /dir/**
-# exclude everything else
-- *
-\f[R]
-.fi
+Your configuration file contains information for logging in to your
+cloud services.
+This means that you should keep your \f[C]rclone.conf\f[R] file in a
+secure location.
 .PP
-\f[C]rclone ls remote: --filter-from filter-file.txt\f[R] lists the
-path/files on \f[C]remote:\f[R] including all \f[C]jpg\f[R] and
-\f[C]png\f[R] files, excluding any matching \f[C]secret*.jpg\f[R] and
-including \f[C]file2.avi\f[R].
-It also includes everything in the directory \f[C]dir\f[R] at the root
-of \f[C]remote\f[R], except \f[C]remote:dir/Trash\f[R] which it
-excludes.
-Everything else is excluded.
+If you are in an environment where that isn\[aq]t possible, you can add
+a password to your configuration.
+This means that you will have to supply the password every time you
+start rclone.
 .PP
-E.g.
-for an alternative \f[C]filter-file.txt\f[R]:
+To add a password to your rclone configuration, execute
+\f[C]rclone config\f[R].
 .IP
 .nf
 \f[C]
-- secret*.jpg
-+ *.jpg
-+ *.png
-+ file2.avi
-- *
+>rclone config
+Current remotes:
+
+e) Edit existing remote
+n) New remote
+d) Delete remote
+s) Set configuration password
+q) Quit config
+e/n/d/s/q>
 \f[R]
 .fi
 .PP
-Files \f[C]file1.jpg\f[R], \f[C]file3.png\f[R] and \f[C]file2.avi\f[R]
-are listed whilst \f[C]secret17.jpg\f[R] and files without the suffix
-\&.jpg\f[C]or\f[R].png\[ga] are excluded.
-.PP
-E.g.
-for an alternative \f[C]filter-file.txt\f[R]:
+Go into \f[C]s\f[R], Set configuration password:
 .IP
 .nf
 \f[C]
-+ *.jpg
-+ *.gif
-!
-+ 42.doc
-- *
+e/n/d/s/q> s
+Your configuration is not encrypted.
+If you add a password, you will protect your login information to cloud services.
+a) Add Password
+q) Quit to main menu
+a/q> a
+Enter NEW configuration password:
+password:
+Confirm NEW password:
+password:
+Password set
+Your configuration is encrypted.
+c) Change Password
+u) Unencrypt configuration
+q) Quit to main menu
+c/u/q>
 \f[R]
 .fi
 .PP
-Only file 42.doc is listed.
-Prior rules are cleared by the \f[C]!\f[R].
-.SS \f[C]--files-from\f[R] - Read list of source-file names
-.PP
-Adds path/files to an rclone command from a list in a named file.
-Rclone processes the path/file names in the order of the list, and no
-others.
-.PP
-Other filter flags (\f[C]--include\f[R], \f[C]--include-from\f[R],
-\f[C]--exclude\f[R], \f[C]--exclude-from\f[R], \f[C]--filter\f[R] and
-\f[C]--filter-from\f[R]) are ignored when \f[C]--files-from\f[R] is
-used.
-.PP
-\f[C]--files-from\f[R] expects a list of files as its input.
-Leading or trailing whitespace is stripped from the input lines.
-Lines starting with \f[C]#\f[R] or \f[C];\f[R] are ignored.
-.PP
-Rclone commands with a \f[C]--files-from\f[R] flag traverse the remote,
-treating the names in \f[C]--files-from\f[R] as a set of filters.
-.PP
-If the \f[C]--no-traverse\f[R] and \f[C]--files-from\f[R] flags are used
-together an rclone command does not traverse the remote.
-Instead it addresses each path/file named in the file individually.
-For each path/file name, that requires typically 1 API call.
-This can be efficient for a short \f[C]--files-from\f[R] list and a
-remote containing many files.
+Your configuration is now encrypted, and every time you start rclone you
+will have to supply the password.
+See below for details.
+In the same menu, you can change the password or completely remove
+encryption from your configuration.
 .PP
-Rclone commands do not error if any names in the \f[C]--files-from\f[R]
-file are missing from the source remote.
+There is no way to recover the configuration if you lose your password.
 .PP
-The \f[C]--files-from\f[R] flag can be repeated in a single rclone
-command to read path/file names from more than one file.
-The files are read from left to right along the command line.
+rclone uses nacl
+secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox) which
+in turn uses XSalsa20 and Poly1305 to encrypt and authenticate your
+configuration with secret-key cryptography.
+The password is SHA-256 hashed, which produces the key for secretbox.
+The hashed password is not stored.
 .PP
-Paths within the \f[C]--files-from\f[R] file are interpreted as starting
-with the root specified in the rclone command.
-Leading \f[C]/\f[R] separators are ignored.
-See --files-from-raw if you need the input to be processed in a raw
-manner.
+While this provides very good security, we do not recommend storing your
+encrypted rclone configuration in public if it contains sensitive
+information, maybe except if you use a very strong password.
 .PP
-E.g.
-for a file \f[C]files-from.txt\f[R]:
-.IP
-.nf
-\f[C]
-# comment
-file1.jpg
-subdir/file2.jpg
-\f[R]
-.fi
+If it is safe in your environment, you can set the
+\f[C]RCLONE_CONFIG_PASS\f[R] environment variable to contain your
+password, in which case it will be used for decrypting the
+configuration.
 .PP
-\f[C]rclone copy --files-from files-from.txt /home/me/pics remote:pics\f[R]
-copies the following, if they exist, and only those files.
+You can set this for a session from a script.
+For unix like systems save this to a file called
+\f[C]set-rclone-password\f[R]:
 .IP
 .nf
 \f[C]
-/home/me/pics/file1.jpg        \[->] remote:pics/file1.jpg
-/home/me/pics/subdir/file2.jpg \[->] remote:pics/subdir/file2.jpg
+#!/bin/echo Source this file don\[aq]t run it
+
+read -s RCLONE_CONFIG_PASS
+export RCLONE_CONFIG_PASS
 \f[R]
 .fi
 .PP
-E.g.
-to copy the following files referenced by their absolute paths:
-.IP
-.nf
-\f[C]
-/home/user1/42
-/home/user1/dir/ford
-/home/user2/prefect
-\f[R]
-.fi
+Then source the file when you want to use it.
+From the shell you would do \f[C]source set-rclone-password\f[R].
+It will then ask you for the password and set it in the environment
+variable.
 .PP
-First find a common subdirectory - in this case \f[C]/home\f[R] and put
-the remaining files in \f[C]files-from.txt\f[R] with or without leading
-\f[C]/\f[R], e.g.
-.IP
-.nf
-\f[C]
-user1/42
-user1/dir/ford
-user2/prefect
-\f[R]
-.fi
+An alternate means of supplying the password is to provide a script
+which will retrieve the password and print on standard output.
+This script should have a fully specified path name and not rely on any
+environment variables.
+The script is supplied either via
+\f[C]--password-command=\[dq]...\[dq]\f[R] command line argument or via
+the \f[C]RCLONE_PASSWORD_COMMAND\f[R] environment variable.
 .PP
-Then copy these to a remote:
+One useful example of this is using the \f[C]passwordstore\f[R]
+application to retrieve the password:
 .IP
 .nf
 \f[C]
-rclone copy --files-from files-from.txt /home remote:backup
+export RCLONE_PASSWORD_COMMAND=\[dq]pass rclone/config\[dq]
 \f[R]
 .fi
 .PP
-The three files are transferred as follows:
-.IP
-.nf
-\f[C]
-/home/user1/42       \[->] remote:backup/user1/important
-/home/user1/dir/ford \[->] remote:backup/user1/dir/file
-/home/user2/prefect  \[->] remote:backup/user2/stuff
-\f[R]
-.fi
+If the \f[C]passwordstore\f[R] password manager holds the password for
+the rclone configuration, using the script method means the password is
+primarily protected by the \f[C]passwordstore\f[R] system, and is never
+embedded in the clear in scripts, nor available for examination using
+the standard commands available.
+It is quite possible with long running rclone sessions for copies of
+passwords to be innocently captured in log files or terminal scroll
+buffers, etc.
+Using the script method of supplying the password enhances the security
+of the config password considerably.
 .PP
-Alternatively if \f[C]/\f[R] is chosen as root \f[C]files-from.txt\f[R]
-will be:
-.IP
-.nf
-\f[C]
-/home/user1/42
-/home/user1/dir/ford
-/home/user2/prefect
-\f[R]
-.fi
+If you are running rclone inside a script, unless you are using the
+\f[C]--password-command\f[R] method, you might want to disable password
+prompts.
+To do that, pass the parameter \f[C]--ask-password=false\f[R] to rclone.
+This will make rclone fail instead of asking for a password if
+\f[C]RCLONE_CONFIG_PASS\f[R] doesn\[aq]t contain a valid password, and
+\f[C]--password-command\f[R] has not been supplied.
 .PP
-The copy command will be:
-.IP
-.nf
-\f[C]
-rclone copy --files-from files-from.txt / remote:backup
-\f[R]
-.fi
+Whenever running commands that may be affected by options in a
+configuration file, rclone will look for an existing file according to
+the rules described above, and load any it finds.
+If an encrypted file is found, this includes decrypting it, with the
+possible consequence of a password prompt.
+When executing a command line that you know are not actually using
+anything from such a configuration file, you can avoid it being loaded
+by overriding the location, e.g.
+with one of the documented special values for memory-only configuration.
+Since only backend options can be stored in configuration files, this is
+normally unnecessary for commands that do not operate on backends, e.g.
+\f[C]genautocomplete\f[R].
+However, it will be relevant for commands that do operate on backends in
+general, but are used without referencing a stored remote, e.g.
+listing local filesystem paths, or connection strings:
+\f[C]rclone --config=\[dq]\[dq] ls .\f[R]
+.SS Developer options
 .PP
-Then there will be an extra \f[C]home\f[R] directory on the remote:
-.IP
-.nf
-\f[C]
-/home/user1/42       \[->] remote:backup/home/user1/42
-/home/user1/dir/ford \[->] remote:backup/home/user1/dir/ford
-/home/user2/prefect  \[->] remote:backup/home/user2/prefect
-\f[R]
-.fi
-.SS \f[C]--files-from-raw\f[R] - Read list of source-file names without any processing
+These options are useful when developing or debugging rclone.
+There are also some more remote specific options which aren\[aq]t
+documented here which are used for testing.
+These start with remote name e.g.
+\f[C]--drive-test-option\f[R] - see the docs for the remote in question.
+.SS --cpuprofile=FILE
 .PP
-This flag is the same as \f[C]--files-from\f[R] except that input is
-read in a raw manner.
-Lines with leading / trailing whitespace, and lines starting with
-\f[C];\f[R] or \f[C]#\f[R] are read without any processing.
-rclone lsf (https://rclone.org/commands/rclone_lsf/) has a compatible
-format that can be used to export file lists from remotes for input to
-\f[C]--files-from-raw\f[R].
-.SS \f[C]--ignore-case\f[R] - make searches case insensitive
+Write CPU profile to file.
+This can be analysed with \f[C]go tool pprof\f[R].
+.SS --dump flag,flag,flag
 .PP
-By default, rclone filter patterns are case sensitive.
-The \f[C]--ignore-case\f[R] flag makes all of the filters patterns on
-the command line case insensitive.
+The \f[C]--dump\f[R] flag takes a comma separated list of flags to dump
+info about.
 .PP
-E.g.
-\f[C]--include \[dq]zaphod.txt\[dq]\f[R] does not match a file
-\f[C]Zaphod.txt\f[R].
-With \f[C]--ignore-case\f[R] a match is made.
-.SS Quoting shell metacharacters
+Note that some headers including \f[C]Accept-Encoding\f[R] as shown may
+not be correct in the request and the response may not show
+\f[C]Content-Encoding\f[R] if the go standard libraries auto gzip
+encoding was in effect.
+In this case the body of the request will be gunzipped before showing
+it.
 .PP
-Rclone commands with filter patterns containing shell metacharacters may
-not as work as expected in your shell and may require quoting.
+The available flags are:
+.SS --dump headers
 .PP
-E.g.
-linux, OSX (\f[C]*\f[R] metacharacter)
-.IP \[bu] 2
-\f[C]--include \[rs]*.jpg\f[R]
-.IP \[bu] 2
-\f[C]--include \[aq]*.jpg\[aq]\f[R]
-.IP \[bu] 2
-\f[C]--include=\[aq]*.jpg\[aq]\f[R]
+Dump HTTP headers with \f[C]Authorization:\f[R] lines removed.
+May still contain sensitive info.
+Can be very verbose.
+Useful for debugging only.
 .PP
-Microsoft Windows expansion is done by the command, not shell, so
-\f[C]--include *.jpg\f[R] does not require quoting.
-.PP
-If the rclone error
-\f[C]Command .... needs .... arguments maximum: you provided .... non flag arguments:\f[R]
-is encountered, the cause is commonly spaces within the name of a remote
-or flag value.
-The fix then is to quote values containing spaces.
-.SS Other filters
-.SS \f[C]--min-size\f[R] - Don\[aq]t transfer any file smaller than this
-.PP
-Controls the minimum size file within the scope of an rclone command.
-Default units are \f[C]KiB\f[R] but abbreviations \f[C]K\f[R],
-\f[C]M\f[R], \f[C]G\f[R], \f[C]T\f[R] or \f[C]P\f[R] are valid.
-.PP
-E.g.
-\f[C]rclone ls remote: --min-size 50k\f[R] lists files on
-\f[C]remote:\f[R] of 50 KiB size or larger.
-.PP
-See the size option docs (https://rclone.org/docs/#size-option) for more
-info.
-.SS \f[C]--max-size\f[R] - Don\[aq]t transfer any file larger than this
+Use \f[C]--dump auth\f[R] if you do want the \f[C]Authorization:\f[R]
+headers.
+.SS --dump bodies
 .PP
-Controls the maximum size file within the scope of an rclone command.
-Default units are \f[C]KiB\f[R] but abbreviations \f[C]K\f[R],
-\f[C]M\f[R], \f[C]G\f[R], \f[C]T\f[R] or \f[C]P\f[R] are valid.
+Dump HTTP headers and bodies - may contain sensitive info.
+Can be very verbose.
+Useful for debugging only.
 .PP
-E.g.
-\f[C]rclone ls remote: --max-size 1G\f[R] lists files on
-\f[C]remote:\f[R] of 1 GiB size or smaller.
+Note that the bodies are buffered in memory so don\[aq]t use this for
+enormous files.
+.SS --dump requests
 .PP
-See the size option docs (https://rclone.org/docs/#size-option) for more
-info.
-.SS \f[C]--max-age\f[R] - Don\[aq]t transfer any file older than this
+Like \f[C]--dump bodies\f[R] but dumps the request bodies and the
+response headers.
+Useful for debugging download problems.
+.SS --dump responses
 .PP
-Controls the maximum age of files within the scope of an rclone command.
+Like \f[C]--dump bodies\f[R] but dumps the response bodies and the
+request headers.
+Useful for debugging upload problems.
+.SS --dump auth
 .PP
-\f[C]--max-age\f[R] applies only to files and not to directories.
+Dump HTTP headers - will contain sensitive info such as
+\f[C]Authorization:\f[R] headers - use \f[C]--dump headers\f[R] to dump
+without \f[C]Authorization:\f[R] headers.
+Can be very verbose.
+Useful for debugging only.
+.SS --dump filters
 .PP
-E.g.
-\f[C]rclone ls remote: --max-age 2d\f[R] lists files on
-\f[C]remote:\f[R] of 2 days old or less.
+Dump the filters to the output.
+Useful to see exactly what include and exclude options are filtering on.
+.SS --dump goroutines
 .PP
-See the time option docs (https://rclone.org/docs/#time-option) for
-valid formats.
-.SS \f[C]--min-age\f[R] - Don\[aq]t transfer any file younger than this
+This dumps a list of the running go-routines at the end of the command
+to standard output.
+.SS --dump openfiles
 .PP
-Controls the minimum age of files within the scope of an rclone command.
-(see \f[C]--max-age\f[R] for valid formats)
+This dumps a list of the open files at the end of the command.
+It uses the \f[C]lsof\f[R] command to do that so you\[aq]ll need that
+installed to use it.
+.SS --dump mapper
 .PP
-\f[C]--min-age\f[R] applies only to files and not to directories.
+This shows the JSON blobs being sent to the program supplied with
+\f[C]--metadata-mapper\f[R] and received from it.
+It can be useful for debugging the metadata mapper interface.
+.SS --memprofile=FILE
 .PP
-E.g.
-\f[C]rclone ls remote: --min-age 2d\f[R] lists files on
-\f[C]remote:\f[R] of 2 days old or more.
+Write memory profile to file.
+This can be analysed with \f[C]go tool pprof\f[R].
+.SS Filtering
 .PP
-See the time option docs (https://rclone.org/docs/#time-option) for
-valid formats.
-.SS Other flags
-.SS \f[C]--delete-excluded\f[R] - Delete files on dest excluded from sync
+For the filtering options
+.IP \[bu] 2
+\f[C]--delete-excluded\f[R]
+.IP \[bu] 2
+\f[C]--filter\f[R]
+.IP \[bu] 2
+\f[C]--filter-from\f[R]
+.IP \[bu] 2
+\f[C]--exclude\f[R]
+.IP \[bu] 2
+\f[C]--exclude-from\f[R]
+.IP \[bu] 2
+\f[C]--exclude-if-present\f[R]
+.IP \[bu] 2
+\f[C]--include\f[R]
+.IP \[bu] 2
+\f[C]--include-from\f[R]
+.IP \[bu] 2
+\f[C]--files-from\f[R]
+.IP \[bu] 2
+\f[C]--files-from-raw\f[R]
+.IP \[bu] 2
+\f[C]--min-size\f[R]
+.IP \[bu] 2
+\f[C]--max-size\f[R]
+.IP \[bu] 2
+\f[C]--min-age\f[R]
+.IP \[bu] 2
+\f[C]--max-age\f[R]
+.IP \[bu] 2
+\f[C]--dump filters\f[R]
+.IP \[bu] 2
+\f[C]--metadata-include\f[R]
+.IP \[bu] 2
+\f[C]--metadata-include-from\f[R]
+.IP \[bu] 2
+\f[C]--metadata-exclude\f[R]
+.IP \[bu] 2
+\f[C]--metadata-exclude-from\f[R]
+.IP \[bu] 2
+\f[C]--metadata-filter\f[R]
+.IP \[bu] 2
+\f[C]--metadata-filter-from\f[R]
 .PP
-\f[B]Important\f[R] this flag is dangerous to your data - use with
-\f[C]--dry-run\f[R] and \f[C]-v\f[R] first.
+See the filtering section (https://rclone.org/filtering/).
+.SS Remote control
 .PP
-In conjunction with \f[C]rclone sync\f[R], \f[C]--delete-excluded\f[R]
-deletes any files on the destination which are excluded from the
-command.
+For the remote control options and for instructions on how to remote
+control rclone
+.IP \[bu] 2
+\f[C]--rc\f[R]
+.IP \[bu] 2
+and anything starting with \f[C]--rc-\f[R]
 .PP
-E.g.
-the scope of \f[C]rclone sync --interactive A: B:\f[R] can be
-restricted:
-.IP
-.nf
-\f[C]
-rclone --min-size 50k --delete-excluded sync A: B:
-\f[R]
-.fi
+See the remote control section (https://rclone.org/rc/).
+.SS Logging
 .PP
-All files on \f[C]B:\f[R] which are less than 50 KiB are deleted because
-they are excluded from the rclone sync command.
-.SS \f[C]--dump filters\f[R] - dump the filters to the output
+rclone has 4 levels of logging, \f[C]ERROR\f[R], \f[C]NOTICE\f[R],
+\f[C]INFO\f[R] and \f[C]DEBUG\f[R].
 .PP
-Dumps the defined filters to standard output in regular expression
-format.
+By default, rclone logs to standard error.
+This means you can redirect standard error and still see the normal
+output of rclone commands (e.g.
+\f[C]rclone ls\f[R]).
 .PP
-Useful for debugging.
-.SS Exclude directory based on a file
+By default, rclone will produce \f[C]Error\f[R] and \f[C]Notice\f[R]
+level messages.
 .PP
-The \f[C]--exclude-if-present\f[R] flag controls whether a directory is
-within the scope of an rclone command based on the presence of a named
-file within it.
-The flag can be repeated to check for multiple file names, presence of
-any of them will exclude the directory.
+If you use the \f[C]-q\f[R] flag, rclone will only produce
+\f[C]Error\f[R] messages.
 .PP
-This flag has a priority over other filter flags.
+If you use the \f[C]-v\f[R] flag, rclone will produce \f[C]Error\f[R],
+\f[C]Notice\f[R] and \f[C]Info\f[R] messages.
 .PP
-E.g.
-for the following directory structure:
-.IP
-.nf
-\f[C]
-dir1/file1
-dir1/dir2/file2
-dir1/dir2/dir3/file3
-dir1/dir2/dir3/.ignore
-\f[R]
-.fi
+If you use the \f[C]-vv\f[R] flag, rclone will produce \f[C]Error\f[R],
+\f[C]Notice\f[R], \f[C]Info\f[R] and \f[C]Debug\f[R] messages.
 .PP
-The command \f[C]rclone ls --exclude-if-present .ignore dir1\f[R] does
-not list \f[C]dir3\f[R], \f[C]file3\f[R] or \f[C].ignore\f[R].
-.SS Metadata filters
+You can also control the log levels with the \f[C]--log-level\f[R] flag.
 .PP
-The metadata filters work in a very similar way to the normal file name
-filters, except they match metadata (https://rclone.org/docs/#metadata)
-on the object.
+If you use the \f[C]--log-file=FILE\f[R] option, rclone will redirect
+\f[C]Error\f[R], \f[C]Info\f[R] and \f[C]Debug\f[R] messages along with
+standard error to FILE.
 .PP
-The metadata should be specified as \f[C]key=value\f[R] patterns.
-This may be wildcarded using the normal filter patterns or regular
-expressions.
+If you use the \f[C]--syslog\f[R] flag then rclone will log to syslog
+and the \f[C]--syslog-facility\f[R] control which facility it uses.
 .PP
-For example if you wished to list only local files with a mode of
-\f[C]100664\f[R] you could do that with:
-.IP
-.nf
-\f[C]
-rclone lsf -M --files-only --metadata-include \[dq]mode=100664\[dq] .
-\f[R]
-.fi
+Rclone prefixes all log messages with their level in capitals, e.g.
+INFO which makes it easy to grep the log file for different kinds of
+information.
+.SS Exit Code
 .PP
-Or if you wished to show files with an \f[C]atime\f[R], \f[C]mtime\f[R]
-or \f[C]btime\f[R] at a given date:
-.IP
-.nf
-\f[C]
-rclone lsf -M --files-only --metadata-include \[dq][abm]time=2022-12-16*\[dq] .
-\f[R]
-.fi
+If any errors occur during the command execution, rclone will exit with
+a non-zero exit code.
+This allows scripts to detect when rclone operations have failed.
 .PP
-Like file filtering, metadata filtering only applies to files not to
-directories.
+During the startup phase, rclone will exit immediately if an error is
+detected in the configuration.
+There will always be a log message immediately before exiting.
 .PP
-The filters can be applied using these flags.
+When rclone is running it will accumulate errors as it goes along, and
+only exit with a non-zero exit code if (after retries) there were still
+failed transfers.
+For every error counted there will be a high priority log message
+(visible with \f[C]-q\f[R]) showing the message and which file caused
+the problem.
+A high priority message is also shown when starting a retry so the user
+can see that any previous error messages may not be valid after the
+retry.
+If rclone has done a retry it will log a high priority message if the
+retry was successful.
+.SS List of exit codes
 .IP \[bu] 2
-\f[C]--metadata-include\f[R] - Include metadatas matching pattern
+\f[C]0\f[R] - success
 .IP \[bu] 2
-\f[C]--metadata-include-from\f[R] - Read metadata include patterns from
-file (use - to read from stdin)
+\f[C]1\f[R] - Syntax or usage error
 .IP \[bu] 2
-\f[C]--metadata-exclude\f[R] - Exclude metadatas matching pattern
+\f[C]2\f[R] - Error not otherwise categorised
 .IP \[bu] 2
-\f[C]--metadata-exclude-from\f[R] - Read metadata exclude patterns from
-file (use - to read from stdin)
+\f[C]3\f[R] - Directory not found
 .IP \[bu] 2
-\f[C]--metadata-filter\f[R] - Add a metadata filtering rule
+\f[C]4\f[R] - File not found
 .IP \[bu] 2
-\f[C]--metadata-filter-from\f[R] - Read metadata filtering patterns from
-a file (use - to read from stdin)
-.PP
-Each flag can be repeated.
-See the section on how filter rules are applied for more details - these
-flags work in an identical way to the file name filtering flags, but
-instead of file name patterns have metadata patterns.
-.SS Common pitfalls
-.PP
-The most frequent filter support issues on the rclone
-forum (https://forum.rclone.org/) are:
+\f[C]5\f[R] - Temporary error (one that more retries might fix) (Retry
+errors)
 .IP \[bu] 2
-Not using paths relative to the root of the remote
+\f[C]6\f[R] - Less serious errors (like 461 errors from dropbox)
+(NoRetry errors)
 .IP \[bu] 2
-Not using \f[C]/\f[R] to match from the root of a remote
+\f[C]7\f[R] - Fatal error (one that more retries won\[aq]t fix, like
+account suspended) (Fatal errors)
 .IP \[bu] 2
-Not using \f[C]**\f[R] to match the contents of a directory
-.SH GUI (Experimental)
+\f[C]8\f[R] - Transfer exceeded - limit set by --max-transfer reached
+.IP \[bu] 2
+\f[C]9\f[R] - Operation successful, but no files transferred
+.IP \[bu] 2
+\f[C]10\f[R] - Duration exceeded - limit set by --max-duration reached
+.SS Environment Variables
 .PP
-Rclone can serve a web based GUI (graphical user interface).
-This is somewhat experimental at the moment so things may be subject to
-change.
+Rclone can be configured entirely using environment variables.
+These can be used to set defaults for options or config file entries.
+.SS Options
 .PP
-Run this command in a terminal and rclone will download and then display
-the GUI in a web browser.
+Every option in rclone can have its default set by environment variable.
+.PP
+To find the name of the environment variable, first, take the long
+option name, strip the leading \f[C]--\f[R], change \f[C]-\f[R] to
+\f[C]_\f[R], make upper case and prepend \f[C]RCLONE_\f[R].
+.PP
+For example, to always set \f[C]--stats 5s\f[R], set the environment
+variable \f[C]RCLONE_STATS=5s\f[R].
+If you set stats on the command line this will override the environment
+variable setting.
+.PP
+Or to always use the trash in drive \f[C]--drive-use-trash\f[R], set
+\f[C]RCLONE_DRIVE_USE_TRASH=true\f[R].
+.PP
+Verbosity is slightly different, the environment variable equivalent of
+\f[C]--verbose\f[R] or \f[C]-v\f[R] is \f[C]RCLONE_VERBOSE=1\f[R], or
+for \f[C]-vv\f[R], \f[C]RCLONE_VERBOSE=2\f[R].
+.PP
+The same parser is used for the options and the environment variables so
+they take exactly the same form.
+.PP
+The options set by environment variables can be seen with the
+\f[C]-vv\f[R] flag, e.g.
+\f[C]rclone version -vv\f[R].
+.SS Config file
+.PP
+You can set defaults for values in the config file on an individual
+remote basis.
+The names of the config items are documented in the page for each
+backend.
+.PP
+To find the name of the environment variable, you need to set, take
+\f[C]RCLONE_CONFIG_\f[R] + name of remote + \f[C]_\f[R] + name of config
+file option and make it all uppercase.
+Note one implication here is the remote\[aq]s name must be convertible
+into a valid environment variable name, so it can only contain letters,
+digits, or the \f[C]_\f[R] (underscore) character.
+.PP
+For example, to configure an S3 remote named \f[C]mys3:\f[R] without a
+config file (using unix ways of setting environment variables):
 .IP
 .nf
 \f[C]
-rclone rcd --rc-web-gui
+$ export RCLONE_CONFIG_MYS3_TYPE=s3
+$ export RCLONE_CONFIG_MYS3_ACCESS_KEY_ID=XXX
+$ export RCLONE_CONFIG_MYS3_SECRET_ACCESS_KEY=XXX
+$ rclone lsd mys3:
+          -1 2016-09-21 12:54:21        -1 my-bucket
+$ rclone listremotes | grep mys3
+mys3:
 \f[R]
 .fi
 .PP
-This will produce logs like this and rclone needs to continue to run to
-serve the GUI:
+Note that if you want to create a remote using environment variables you
+must create the \f[C]..._TYPE\f[R] variable as above.
+.PP
+Note that the name of a remote created using environment variable is
+case insensitive, in contrast to regular remotes stored in config file
+as documented above.
+You must write the name in uppercase in the environment variable, but as
+seen from example above it will be listed and can be accessed in
+lowercase, while you can also refer to the same remote in uppercase:
 .IP
 .nf
 \f[C]
-2019/08/25 11:40:14 NOTICE: A new release for gui is present at https://github.com/rclone/rclone-webui-react/releases/download/v0.0.6/currentbuild.zip
-2019/08/25 11:40:14 NOTICE: Downloading webgui binary. Please wait. [Size: 3813937, Path :  /home/USER/.cache/rclone/webgui/v0.0.6.zip]
-2019/08/25 11:40:16 NOTICE: Unzipping
-2019/08/25 11:40:16 NOTICE: Serving remote control on http://127.0.0.1:5572/
+$ rclone lsd mys3:
+          -1 2016-09-21 12:54:21        -1 my-bucket
+$ rclone lsd MYS3:
+          -1 2016-09-21 12:54:21        -1 my-bucket
 \f[R]
 .fi
 .PP
-This assumes you are running rclone locally on your machine.
-It is possible to separate the rclone and the GUI - see below for
-details.
-.PP
-If you wish to check for updates then you can add
-\f[C]--rc-web-gui-update\f[R] to the command line.
-.PP
-If you find your GUI broken, you may force it to update by add
-\f[C]--rc-web-gui-force-update\f[R].
-.PP
-By default, rclone will open your browser.
-Add \f[C]--rc-web-gui-no-open-browser\f[R] to disable this feature.
-.SS Using the GUI
-.PP
-Once the GUI opens, you will be looking at the dashboard which has an
-overall overview.
-.PP
-On the left hand side you will see a series of view buttons you can
-click on:
-.IP \[bu] 2
-Dashboard - main overview
-.IP \[bu] 2
-Configs - examine and create new configurations
-.IP \[bu] 2
-Explorer - view, download and upload files to the cloud storage systems
-.IP \[bu] 2
-Backend - view or alter the backend config
-.IP \[bu] 2
-Log out
+Note that you can only set the options of the immediate backend, so
+RCLONE_CONFIG_MYS3CRYPT_ACCESS_KEY_ID has no effect, if myS3Crypt is a
+crypt remote based on an S3 remote.
+However RCLONE_S3_ACCESS_KEY_ID will set the access key of all remotes
+using S3, including myS3Crypt.
 .PP
-(More docs and walkthrough video to come!)
-.SS How it works
+Note also that now rclone has connection strings, it is probably easier
+to use those instead which makes the above example
+.IP
+.nf
+\f[C]
+rclone lsd :s3,access_key_id=XXX,secret_access_key=XXX:
+\f[R]
+.fi
+.SS Precedence
 .PP
-When you run the \f[C]rclone rcd --rc-web-gui\f[R] this is what happens
-.IP \[bu] 2
-Rclone starts but only runs the remote control API (\[dq]rc\[dq]).
-.IP \[bu] 2
-The API is bound to localhost with an auto-generated username and
-password.
-.IP \[bu] 2
-If the API bundle is missing then rclone will download it.
+The various different methods of backend configuration are read in this
+order and the first one with a value is used.
 .IP \[bu] 2
-rclone will start serving the files from the API bundle over the same
-port as the API
+Parameters in connection strings, e.g.
+\f[C]myRemote,skip_links:\f[R]
 .IP \[bu] 2
-rclone will open the browser with a \f[C]login_token\f[R] so it can log
-straight in.
-.SS Advanced use
-.PP
-The \f[C]rclone rcd\f[R] may use any of the flags documented on the rc
-page (https://rclone.org/rc/#supported-parameters).
-.PP
-The flag \f[C]--rc-web-gui\f[R] is shorthand for
+Flag values as supplied on the command line, e.g.
+\f[C]--skip-links\f[R]
 .IP \[bu] 2
-Download the web GUI if necessary
+Remote specific environment vars, e.g.
+\f[C]RCLONE_CONFIG_MYREMOTE_SKIP_LINKS\f[R] (see above).
 .IP \[bu] 2
-Check we are using some authentication
+Backend-specific environment vars, e.g.
+\f[C]RCLONE_LOCAL_SKIP_LINKS\f[R].
 .IP \[bu] 2
-\f[C]--rc-user gui\f[R]
+Backend generic environment vars, e.g.
+\f[C]RCLONE_SKIP_LINKS\f[R].
 .IP \[bu] 2
-\f[C]--rc-pass <random password>\f[R]
+Config file, e.g.
+\f[C]skip_links = true\f[R].
 .IP \[bu] 2
-\f[C]--rc-serve\f[R]
+Default values, e.g.
+\f[C]false\f[R] - these can\[aq]t be changed.
 .PP
-These flags can be overridden as desired.
+So if both \f[C]--skip-links\f[R] is supplied on the command line and an
+environment variable \f[C]RCLONE_LOCAL_SKIP_LINKS\f[R] is set, the
+command line flag will take preference.
 .PP
-See also the rclone rcd
-documentation (https://rclone.org/commands/rclone_rcd/).
-.SS Example: Running a public GUI
+The backend configurations set by environment variables can be seen with
+the \f[C]-vv\f[R] flag, e.g.
+\f[C]rclone about myRemote: -vv\f[R].
 .PP
-For example the GUI could be served on a public port over SSL using an
-htpasswd file using the following flags:
-.IP \[bu] 2
-\f[C]--rc-web-gui\f[R]
+For non backend configuration the order is as follows:
 .IP \[bu] 2
-\f[C]--rc-addr :443\f[R]
+Flag values as supplied on the command line, e.g.
+\f[C]--stats 5s\f[R].
 .IP \[bu] 2
-\f[C]--rc-htpasswd /path/to/htpasswd\f[R]
+Environment vars, e.g.
+\f[C]RCLONE_STATS=5s\f[R].
 .IP \[bu] 2
-\f[C]--rc-cert /path/to/ssl.crt\f[R]
+Default values, e.g.
+\f[C]1m\f[R] - these can\[aq]t be changed.
+.SS Other environment variables
 .IP \[bu] 2
-\f[C]--rc-key /path/to/ssl.key\f[R]
-.SS Example: Running a GUI behind a proxy
-.PP
-If you want to run the GUI behind a proxy at \f[C]/rclone\f[R] you could
-use these flags:
+\f[C]RCLONE_CONFIG_PASS\f[R] set to contain your config file password
+(see Configuration Encryption section)
 .IP \[bu] 2
-\f[C]--rc-web-gui\f[R]
+\f[C]HTTP_PROXY\f[R], \f[C]HTTPS_PROXY\f[R] and \f[C]NO_PROXY\f[R] (or
+the lowercase versions thereof).
+.RS 2
 .IP \[bu] 2
-\f[C]--rc-baseurl rclone\f[R]
+\f[C]HTTPS_PROXY\f[R] takes precedence over \f[C]HTTP_PROXY\f[R] for
+https requests.
 .IP \[bu] 2
-\f[C]--rc-htpasswd /path/to/htpasswd\f[R]
-.PP
-Or instead of htpasswd if you just want a single user and password:
+The environment values may be either a complete URL or a
+\[dq]host[:port]\[dq] for, in which case the \[dq]http\[dq] scheme is
+assumed.
+.RE
 .IP \[bu] 2
-\f[C]--rc-user me\f[R]
+\f[C]USER\f[R] and \f[C]LOGNAME\f[R] values are used as fallbacks for
+current username.
+The primary method for looking up username is OS-specific: Windows API
+on Windows, real user ID in /etc/passwd on Unix systems.
+In the documentation the current username is simply referred to as
+\f[C]$USER\f[R].
 .IP \[bu] 2
-\f[C]--rc-pass mypassword\f[R]
-.SS Project
-.PP
-The GUI is being developed in the: rclone/rclone-webui-react
-repository (https://github.com/rclone/rclone-webui-react).
+\f[C]RCLONE_CONFIG_DIR\f[R] - rclone \f[B]sets\f[R] this variable for
+use in config files and sub processes to point to the directory holding
+the config file.
 .PP
-Bug reports and contributions are very welcome :-)
+The options set by environment variables can be seen with the
+\f[C]-vv\f[R] and \f[C]--log-level=DEBUG\f[R] flags, e.g.
+\f[C]rclone version -vv\f[R].
+.SH Configuring rclone on a remote / headless machine
 .PP
-If you have questions then please ask them on the rclone
-forum (https://forum.rclone.org/).
-.SH Remote controlling rclone with its API
+Some of the configurations (those involving oauth2) require an Internet
+connected web browser.
 .PP
-If rclone is run with the \f[C]--rc\f[R] flag then it starts an HTTP
-server which can be used to remote control rclone using its API.
-.PP
-You can either use the rc command to access the API or use HTTP
-directly.
-.PP
-If you just want to run a remote control then see the
-rcd (https://rclone.org/commands/rclone_rcd/) command.
-.SS Supported parameters
-.SS --rc
-.PP
-Flag to start the http server listen on remote requests
-.SS --rc-addr=IP
-.PP
-IPaddress:Port or :Port to bind server to.
-(default \[dq]localhost:5572\[dq])
-.SS --rc-cert=KEY
-.PP
-SSL PEM key (concatenation of certificate and CA certificate)
-.SS --rc-client-ca=PATH
-.PP
-Client certificate authority to verify clients with
-.SS --rc-htpasswd=PATH
-.PP
-htpasswd file - if not provided no authentication is done
-.SS --rc-key=PATH
-.PP
-SSL PEM Private key
-.SS --rc-max-header-bytes=VALUE
-.PP
-Maximum size of request header (default 4096)
-.SS --rc-min-tls-version=VALUE
-.PP
-The minimum TLS version that is acceptable.
-Valid values are \[dq]tls1.0\[dq], \[dq]tls1.1\[dq], \[dq]tls1.2\[dq]
-and \[dq]tls1.3\[dq] (default \[dq]tls1.0\[dq]).
-.SS --rc-user=VALUE
-.PP
-User name for authentication.
-.SS --rc-pass=VALUE
-.PP
-Password for authentication.
-.SS --rc-realm=VALUE
-.PP
-Realm for authentication (default \[dq]rclone\[dq])
-.SS --rc-server-read-timeout=DURATION
-.PP
-Timeout for server reading data (default 1h0m0s)
-.SS --rc-server-write-timeout=DURATION
-.PP
-Timeout for server writing data (default 1h0m0s)
-.SS --rc-serve
-.PP
-Enable the serving of remote objects via the HTTP interface.
-This means objects will be accessible at http://127.0.0.1:5572/ by
-default, so you can browse to http://127.0.0.1:5572/ or
-http://127.0.0.1:5572/* to see a listing of the remotes.
-Objects may be requested from remotes using this syntax
-http://127.0.0.1:5572/[remote:path]/path/to/object
-.PP
-Default Off.
-.SS --rc-files /path/to/directory
-.PP
-Path to local files to serve on the HTTP server.
-.PP
-If this is set then rclone will serve the files in that directory.
-It will also open the root in the web browser if specified.
-This is for implementing browser based GUIs for rclone functions.
-.PP
-If \f[C]--rc-user\f[R] or \f[C]--rc-pass\f[R] is set then the URL that
-is opened will have the authorization in the URL in the
-\f[C]http://user:pass\[at]localhost/\f[R] style.
-.PP
-Default Off.
-.SS --rc-enable-metrics
-.PP
-Enable OpenMetrics/Prometheus compatible endpoint at \f[C]/metrics\f[R].
-.PP
-Default Off.
-.SS --rc-web-gui
-.PP
-Set this flag to serve the default web gui on the same port as rclone.
-.PP
-Default Off.
-.SS --rc-allow-origin
-.PP
-Set the allowed Access-Control-Allow-Origin for rc requests.
+If you are trying to set rclone up on a remote or headless box with no
+browser available on it (e.g.
+a NAS or a server in a datacenter) then you will need to use an
+alternative means of configuration.
+There are two ways of doing it, described below.
+.SS Configuring using rclone authorize
 .PP
-Can be used with --rc-web-gui if the rclone is running on different IP
-than the web-gui.
+On the headless box run \f[C]rclone\f[R] config but answer \f[C]N\f[R]
+to the \f[C]Use web browser  to automatically authenticate?\f[R]
+question.
+.IP
+.nf
+\f[C]
+\&...
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes (default)
+n) No
+y/n> n
+For this to work, you will need rclone available on a machine that has
+a web browser available.
+
+For more help and alternate methods see: https://rclone.org/remote_setup/
+
+Execute the following on the machine with the web browser (same rclone
+version recommended):
+
+    rclone authorize \[dq]amazon cloud drive\[dq]
+
+Then paste the result below:
+result>
+\f[R]
+.fi
 .PP
-Default is IP address on which rc is running.
-.SS --rc-web-fetch-url
+Then on your main desktop machine
+.IP
+.nf
+\f[C]
+rclone authorize \[dq]amazon cloud drive\[dq]
+If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+Paste the following into your remote machine --->
+SECRET_TOKEN
+<---End paste
+\f[R]
+.fi
 .PP
-Set the URL to fetch the rclone-web-gui files from.
+Then back to the headless box, paste in the code
+.IP
+.nf
+\f[C]
+result> SECRET_TOKEN
+--------------------
+[acd12]
+client_id = 
+client_secret = 
+token = SECRET_TOKEN
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d>
+\f[R]
+.fi
+.SS Configuring by copying the config file
 .PP
-Default
-https://api.github.com/repos/rclone/rclone-webui-react/releases/latest.
-.SS --rc-web-gui-update
+Rclone stores all of its config in a single configuration file.
+This can easily be copied to configure a remote rclone.
 .PP
-Set this flag to check and update rclone-webui-react from the
-rc-web-fetch-url.
+So first configure rclone on your desktop machine with
+.IP
+.nf
+\f[C]
+rclone config
+\f[R]
+.fi
 .PP
-Default Off.
-.SS --rc-web-gui-force-update
+to set up the config file.
 .PP
-Set this flag to force update rclone-webui-react from the
-rc-web-fetch-url.
+Find the config file by running \f[C]rclone config file\f[R], for
+example
+.IP
+.nf
+\f[C]
+$ rclone config file
+Configuration file is stored at:
+/home/user/.rclone.conf
+\f[R]
+.fi
 .PP
-Default Off.
-.SS --rc-web-gui-no-open-browser
+Now transfer it to the remote box (scp, cut paste, ftp, sftp, etc.) and
+place it in the correct place (use \f[C]rclone config file\f[R] on the
+remote box to find out where).
+.SS Configuring using SSH Tunnel
 .PP
-Set this flag to disable opening browser automatically when using
-web-gui.
+Linux and MacOS users can utilize SSH Tunnel to redirect the headless
+box port 53682 to local machine by using the following command:
+.IP
+.nf
+\f[C]
+ssh -L localhost:53682:localhost:53682 username\[at]remote_server
+\f[R]
+.fi
 .PP
-Default Off.
-.SS --rc-job-expire-duration=DURATION
+Then on the headless box run \f[C]rclone\f[R] config and answer
+\f[C]Y\f[R] to the
+\f[C]Use web  browser to automatically authenticate?\f[R] question.
+.IP
+.nf
+\f[C]
+\&...
+Remote config
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes (default)
+n) No
+y/n> y
+\f[R]
+.fi
 .PP
-Expire finished async jobs older than DURATION (default 60s).
-.SS --rc-job-expire-interval=DURATION
+Then copy and paste the auth url
+\f[C]http://127.0.0.1:53682/auth?state=xxxxxxxxxxxx\f[R] to the browser
+on your local machine, complete the auth and it is done.
+.SH Filtering, includes and excludes
 .PP
-Interval duration to check for expired async jobs (default 10s).
-.SS --rc-no-auth
+Filter flags determine which files rclone \f[C]sync\f[R],
+\f[C]move\f[R], \f[C]ls\f[R], \f[C]lsl\f[R], \f[C]md5sum\f[R],
+\f[C]sha1sum\f[R], \f[C]size\f[R], \f[C]delete\f[R], \f[C]check\f[R] and
+similar commands apply to.
 .PP
-By default rclone will require authorisation to have been set up on the
-rc interface in order to use any methods which access any rclone
-remotes.
-Eg \f[C]operations/list\f[R] is denied as it involved creating a remote
-as is \f[C]sync/copy\f[R].
+They are specified in terms of path/file name patterns; path/file lists;
+file age and size, or presence of a file in a directory.
+Bucket based remotes without the concept of directory apply filters to
+object key, age and size in an analogous way.
 .PP
-If this is set then no authorisation will be required on the server to
-use these methods.
-The alternative is to use \f[C]--rc-user\f[R] and \f[C]--rc-pass\f[R]
-and use these credentials in the request.
+Rclone \f[C]purge\f[R] does not obey filters.
 .PP
-Default Off.
-.SS --rc-baseurl
+To test filters without risk of damage to data, apply them to
+\f[C]rclone ls\f[R], or with the \f[C]--dry-run\f[R] and \f[C]-vv\f[R]
+flags.
 .PP
-Prefix for URLs.
+Rclone filter patterns can only be used in filter command line options,
+not in the specification of a remote.
 .PP
-Default is root
-.SS --rc-template
+E.g.
+\f[C]rclone copy \[dq]remote:dir*.jpg\[dq] /path/to/dir\f[R] does not
+have a filter effect.
+\f[C]rclone copy remote:dir /path/to/dir --include \[dq]*.jpg\[dq]\f[R]
+does.
 .PP
-User-specified template.
-.SS Accessing the remote control via the rclone rc command
+\f[B]Important\f[R] Avoid mixing any two of \f[C]--include...\f[R],
+\f[C]--exclude...\f[R] or \f[C]--filter...\f[R] flags in an rclone
+command.
+The results might not be what you expect.
+Instead use a \f[C]--filter...\f[R] flag.
+.SS Patterns for matching path/file names
+.SS Pattern syntax
 .PP
-Rclone itself implements the remote control protocol in its
-\f[C]rclone rc\f[R] command.
+Here is a formal definition of the pattern syntax, examples are below.
 .PP
-You can use it like this
+Rclone matching rules follow a glob style:
 .IP
 .nf
 \f[C]
-$ rclone rc rc/noop param1=one param2=two
-{
-    \[dq]param1\[dq]: \[dq]one\[dq],
-    \[dq]param2\[dq]: \[dq]two\[dq]
-}
+*         matches any sequence of non-separator (/) characters
+**        matches any sequence of characters including / separators
+?         matches any single non-separator (/) character
+[ [ ! ] { character-range } ]
+          character class (must be non-empty)
+{ pattern-list }
+          pattern alternatives
+{{ regexp }}
+          regular expression to match
+c         matches character c (c != *, **, ?, \[rs], [, {, })
+\[rs]c        matches reserved character c (c = *, **, ?, \[rs], [, {, }) or character class
 \f[R]
 .fi
 .PP
-Run \f[C]rclone rc\f[R] on its own to see the help for the installed
-remote control commands.
-.SS JSON input
-.PP
-\f[C]rclone rc\f[R] also supports a \f[C]--json\f[R] flag which can be
-used to send more complicated input parameters.
+character-range:
 .IP
 .nf
 \f[C]
-$ rclone rc --json \[aq]{ \[dq]p1\[dq]: [1,\[dq]2\[dq],null,4], \[dq]p2\[dq]: { \[dq]a\[dq]:1, \[dq]b\[dq]:2 } }\[aq] rc/noop
-{
-    \[dq]p1\[dq]: [
-        1,
-        \[dq]2\[dq],
-        null,
-        4
-    ],
-    \[dq]p2\[dq]: {
-        \[dq]a\[dq]: 1,
-        \[dq]b\[dq]: 2
-    }
-}
+c         matches character c (c != \[rs], -, ])
+\[rs]c        matches reserved character c (c = \[rs], -, ])
+lo - hi   matches character c for lo <= c <= hi
 \f[R]
 .fi
 .PP
-If the parameter being passed is an object then it can be passed as a
-JSON string rather than using the \f[C]--json\f[R] flag which simplifies
-the command line.
+pattern-list:
 .IP
 .nf
 \f[C]
-rclone rc operations/list fs=/tmp remote=test opt=\[aq]{\[dq]showHash\[dq]: true}\[aq]
+pattern { , pattern }
+          comma-separated (without spaces) patterns
 \f[R]
 .fi
 .PP
-Rather than
+character classes (see Go regular expression
+reference (https://golang.org/pkg/regexp/syntax/)) include:
 .IP
 .nf
 \f[C]
-rclone rc operations/list --json \[aq]{\[dq]fs\[dq]: \[dq]/tmp\[dq], \[dq]remote\[dq]: \[dq]test\[dq], \[dq]opt\[dq]: {\[dq]showHash\[dq]: true}}\[aq]
+Named character classes (e.g. [\[rs]d], [\[ha]\[rs]d], [\[rs]D], [\[ha]\[rs]D])
+Perl character classes (e.g. \[rs]s, \[rs]S, \[rs]w, \[rs]W)
+ASCII character classes (e.g. [[:alnum:]], [[:alpha:]], [[:punct:]], [[:xdigit:]])
 \f[R]
 .fi
-.SS Special parameters
-.PP
-The rc interface supports some special parameters which apply to
-\f[B]all\f[R] commands.
-These start with \f[C]_\f[R] to show they are different.
-.SS Running asynchronous jobs with _async = true
-.PP
-Each rc call is classified as a job and it is assigned its own id.
-By default jobs are executed immediately as they are created or
-synchronously.
-.PP
-If \f[C]_async\f[R] has a true value when supplied to an rc call then it
-will return immediately with a job id and the task will be run in the
-background.
-The \f[C]job/status\f[R] call can be used to get information of the
-background job.
-The job can be queried for up to 1 minute after it has finished.
-.PP
-It is recommended that potentially long running jobs, e.g.
-\f[C]sync/sync\f[R], \f[C]sync/copy\f[R], \f[C]sync/move\f[R],
-\f[C]operations/purge\f[R] are run with the \f[C]_async\f[R] flag to
-avoid any potential problems with the HTTP request and response timing
-out.
 .PP
-Starting a job with the \f[C]_async\f[R] flag:
+regexp for advanced users to insert a regular expression - see below for
+more info:
 .IP
 .nf
 \f[C]
-$ rclone rc --json \[aq]{ \[dq]p1\[dq]: [1,\[dq]2\[dq],null,4], \[dq]p2\[dq]: { \[dq]a\[dq]:1, \[dq]b\[dq]:2 }, \[dq]_async\[dq]: true }\[aq] rc/noop
-{
-    \[dq]jobid\[dq]: 2
-}
+Any re2 regular expression not containing \[ga]}}\[ga]
 \f[R]
 .fi
 .PP
-Query the status to see if the job has finished.
-For more information on the meaning of these return parameters see the
-\f[C]job/status\f[R] call.
+If the filter pattern starts with a \f[C]/\f[R] then it only matches at
+the top level of the directory tree, \f[B]relative to the root of the
+remote\f[R] (not necessarily the root of the drive).
+If it does not start with \f[C]/\f[R] then it is matched starting at the
+\f[B]end of the path/file name\f[R] but it only matches a complete path
+element - it must match from a \f[C]/\f[R] separator or the beginning of
+the path/file.
 .IP
 .nf
 \f[C]
-$ rclone rc --json \[aq]{ \[dq]jobid\[dq]:2 }\[aq] job/status
-{
-    \[dq]duration\[dq]: 0.000124163,
-    \[dq]endTime\[dq]: \[dq]2018-10-27T11:38:07.911245881+01:00\[dq],
-    \[dq]error\[dq]: \[dq]\[dq],
-    \[dq]finished\[dq]: true,
-    \[dq]id\[dq]: 2,
-    \[dq]output\[dq]: {
-        \[dq]_async\[dq]: true,
-        \[dq]p1\[dq]: [
-            1,
-            \[dq]2\[dq],
-            null,
-            4
-        ],
-        \[dq]p2\[dq]: {
-            \[dq]a\[dq]: 1,
-            \[dq]b\[dq]: 2
-        }
-    },
-    \[dq]startTime\[dq]: \[dq]2018-10-27T11:38:07.911121728+01:00\[dq],
-    \[dq]success\[dq]: true
-}
+file.jpg   - matches \[dq]file.jpg\[dq]
+           - matches \[dq]directory/file.jpg\[dq]
+           - doesn\[aq]t match \[dq]afile.jpg\[dq]
+           - doesn\[aq]t match \[dq]directory/afile.jpg\[dq]
+/file.jpg  - matches \[dq]file.jpg\[dq] in the root directory of the remote
+           - doesn\[aq]t match \[dq]afile.jpg\[dq]
+           - doesn\[aq]t match \[dq]directory/file.jpg\[dq]
 \f[R]
 .fi
 .PP
-\f[C]job/list\f[R] can be used to show the running or recently completed
-jobs
+The top level of the remote might not be the top level of the drive.
+.PP
+E.g.
+for a Microsoft Windows local directory structure
 .IP
 .nf
 \f[C]
-$ rclone rc job/list
-{
-    \[dq]jobids\[dq]: [
-        2
-    ]
-}
+F:
+\[u251C]\[u2500]\[u2500] bkp
+\[u251C]\[u2500]\[u2500] data
+\[br]   \[u251C]\[u2500]\[u2500] excl
+\[br]   \[br]   \[u251C]\[u2500]\[u2500] 123.jpg
+\[br]   \[br]   \[u2514]\[u2500]\[u2500] 456.jpg
+\[br]   \[u251C]\[u2500]\[u2500] incl
+\[br]   \[br]   \[u2514]\[u2500]\[u2500] document.pdf
 \f[R]
 .fi
-.SS Setting config flags with _config
 .PP
-If you wish to set config (the equivalent of the global flags) for the
-duration of an rc call only then pass in the \f[C]_config\f[R]
-parameter.
+To copy the contents of folder \f[C]data\f[R] into folder \f[C]bkp\f[R]
+excluding the contents of subfolder \f[C]excl\f[R]the following command
+treats \f[C]F:\[rs]data\f[R] and \f[C]F:\[rs]bkp\f[R] as top level for
+filtering.
 .PP
-This should be in the same format as the \f[C]config\f[R] key returned
-by options/get.
+\f[C]rclone copy F:\[rs]data\[rs] F:\[rs]bkp\[rs] --exclude=/excl/**\f[R]
 .PP
-For example, if you wished to run a sync with the \f[C]--checksum\f[R]
-parameter, you would pass this parameter in your JSON blob.
+\f[B]Important\f[R] Use \f[C]/\f[R] in path/file name patterns and not
+\f[C]\[rs]\f[R] even if running on Microsoft Windows.
+.PP
+Simple patterns are case sensitive unless the \f[C]--ignore-case\f[R]
+flag is used.
+.PP
+Without \f[C]--ignore-case\f[R] (default)
 .IP
 .nf
 \f[C]
-\[dq]_config\[dq]:{\[dq]CheckSum\[dq]: true}
+potato - matches \[dq]potato\[dq]
+       - doesn\[aq]t match \[dq]POTATO\[dq]
 \f[R]
 .fi
 .PP
-If using \f[C]rclone rc\f[R] this could be passed as
+With \f[C]--ignore-case\f[R]
 .IP
 .nf
 \f[C]
-rclone rc operations/sync ... _config=\[aq]{\[dq]CheckSum\[dq]: true}\[aq]
+potato - matches \[dq]potato\[dq]
+       - matches \[dq]POTATO\[dq]
 \f[R]
 .fi
+.SS Using regular expressions in filter patterns
 .PP
-Any config parameters you don\[aq]t set will inherit the global defaults
-which were set with command line flags or environment variables.
+The syntax of filter patterns is glob style matching (like
+\f[C]bash\f[R] uses) to make things easy for users.
+However this does not provide absolute control over the matching, so for
+advanced users rclone also provides a regular expression syntax.
 .PP
-Note that it is possible to set some values as strings or integers - see
-data types for more info.
-Here is an example setting the equivalent of \f[C]--buffer-size\f[R] in
-string or integer format.
+The regular expressions used are as defined in the Go regular expression
+reference (https://golang.org/pkg/regexp/syntax/).
+Regular expressions should be enclosed in \f[C]{{\f[R] \f[C]}}\f[R].
+They will match only the last path segment if the glob doesn\[aq]t start
+with \f[C]/\f[R] or the whole path name if it does.
+Note that rclone does not attempt to parse the supplied regular
+expression, meaning that using any regular expression filter will
+prevent rclone from using directory filter rules, as it will instead
+check every path against the supplied regular expression(s).
+.PP
+Here is how the \f[C]{{regexp}}\f[R] is transformed into an full regular
+expression to match the entire path:
 .IP
 .nf
 \f[C]
-\[dq]_config\[dq]:{\[dq]BufferSize\[dq]: \[dq]42M\[dq]}
-\[dq]_config\[dq]:{\[dq]BufferSize\[dq]: 44040192}
+{{regexp}}  becomes (\[ha]|/)(regexp)$
+/{{regexp}} becomes \[ha](regexp)$
 \f[R]
 .fi
 .PP
-If you wish to check the \f[C]_config\f[R] assignment has worked
-properly then calling \f[C]options/local\f[R] will show what the value
-got set to.
-.SS Setting filter flags with _filter
-.PP
-If you wish to set filters for the duration of an rc call only then pass
-in the \f[C]_filter\f[R] parameter.
-.PP
-This should be in the same format as the \f[C]filter\f[R] key returned
-by options/get.
-.PP
-For example, if you wished to run a sync with these flags
+Regexp syntax can be mixed with glob syntax, for example
 .IP
 .nf
 \f[C]
---max-size 1M --max-age 42s --include \[dq]a\[dq] --include \[dq]b\[dq]
+*.{{jpe?g}} to match file.jpg, file.jpeg but not file.png
 \f[R]
 .fi
 .PP
-you would pass this parameter in your JSON blob.
+You can also use regexp flags - to set case insensitive, for example
 .IP
 .nf
 \f[C]
-\[dq]_filter\[dq]:{\[dq]MaxSize\[dq]:\[dq]1M\[dq], \[dq]IncludeRule\[dq]:[\[dq]a\[dq],\[dq]b\[dq]], \[dq]MaxAge\[dq]:\[dq]42s\[dq]}
+*.{{(?i)jpg}} to match file.jpg, file.JPG but not file.png
 \f[R]
 .fi
 .PP
-If using \f[C]rclone rc\f[R] this could be passed as
+Be careful with wildcards in regular expressions - you don\[aq]t want
+them to match path separators normally.
+To match any file name starting with \f[C]start\f[R] and ending with
+\f[C]end\f[R] write
 .IP
 .nf
 \f[C]
-rclone rc ... _filter=\[aq]{\[dq]MaxSize\[dq]:\[dq]1M\[dq], \[dq]IncludeRule\[dq]:[\[dq]a\[dq],\[dq]b\[dq]], \[dq]MaxAge\[dq]:\[dq]42s\[dq]}\[aq]
+{{start[\[ha]/]*end\[rs].jpg}}
 \f[R]
 .fi
 .PP
-Any filter parameters you don\[aq]t set will inherit the global defaults
-which were set with command line flags or environment variables.
-.PP
-Note that it is possible to set some values as strings or integers - see
-data types for more info.
-Here is an example setting the equivalent of \f[C]--buffer-size\f[R] in
-string or integer format.
+Not
 .IP
 .nf
 \f[C]
-\[dq]_filter\[dq]:{\[dq]MinSize\[dq]: \[dq]42M\[dq]}
-\[dq]_filter\[dq]:{\[dq]MinSize\[dq]: 44040192}
+{{start.*end\[rs].jpg}}
 \f[R]
 .fi
 .PP
-If you wish to check the \f[C]_filter\f[R] assignment has worked
-properly then calling \f[C]options/local\f[R] will show what the value
-got set to.
-.SS Assigning operations to groups with _group = value
-.PP
-Each rc call has its own stats group for tracking its metrics.
-By default grouping is done by the composite group name from prefix
-\f[C]job/\f[R] and id of the job like so \f[C]job/1\f[R].
-.PP
-If \f[C]_group\f[R] has a value then stats for that request will be
-grouped under that value.
-This allows caller to group stats under their own name.
+Which will match a directory called \f[C]start\f[R] with a file called
+\f[C]end.jpg\f[R] in it as the \f[C].*\f[R] will match \f[C]/\f[R]
+characters.
 .PP
-Stats for specific group can be accessed by passing \f[C]group\f[R] to
-\f[C]core/stats\f[R]:
-.IP
-.nf
-\f[C]
-$ rclone rc --json \[aq]{ \[dq]group\[dq]: \[dq]job/1\[dq] }\[aq] core/stats
-{
-    \[dq]speed\[dq]: 12345
-    ...
-}
-\f[R]
-.fi
-.SS Data types
+Note that you can use \f[C]-vv --dump filters\f[R] to show the filter
+patterns in regexp format - rclone implements the glob patterns by
+transforming them into regular expressions.
+.SS Filter pattern examples
 .PP
-When the API returns types, these will mostly be straight forward
-integer, string or boolean types.
+.TS
+tab(@);
+l l l l.
+T{
+Description
+T}@T{
+Pattern
+T}@T{
+Matches
+T}@T{
+Does not match
+T}
+_
+T{
+Wildcard
+T}@T{
+\f[C]*.jpg\f[R]
+T}@T{
+\f[C]/file.jpg\f[R]
+T}@T{
+\f[C]/file.png\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/dir/file.jpg\f[R]
+T}@T{
+\f[C]/dir/file.png\f[R]
+T}
+T{
+Rooted
+T}@T{
+\f[C]/*.jpg\f[R]
+T}@T{
+\f[C]/file.jpg\f[R]
+T}@T{
+\f[C]/file.png\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/file2.jpg\f[R]
+T}@T{
+\f[C]/dir/file.jpg\f[R]
+T}
+T{
+Alternates
+T}@T{
+\f[C]*.{jpg,png}\f[R]
+T}@T{
+\f[C]/file.jpg\f[R]
+T}@T{
+\f[C]/file.gif\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/dir/file.png\f[R]
+T}@T{
+\f[C]/dir/file.gif\f[R]
+T}
+T{
+Path Wildcard
+T}@T{
+\f[C]dir/**\f[R]
+T}@T{
+\f[C]/dir/anyfile\f[R]
+T}@T{
+\f[C]file.png\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/subdir/dir/subsubdir/anyfile\f[R]
+T}@T{
+\f[C]/subdir/file.png\f[R]
+T}
+T{
+Any Char
+T}@T{
+\f[C]*.t?t\f[R]
+T}@T{
+\f[C]/file.txt\f[R]
+T}@T{
+\f[C]/file.qxt\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/dir/file.tzt\f[R]
+T}@T{
+\f[C]/dir/file.png\f[R]
+T}
+T{
+Range
+T}@T{
+\f[C]*.[a-z]\f[R]
+T}@T{
+\f[C]/file.a\f[R]
+T}@T{
+\f[C]/file.0\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/dir/file.b\f[R]
+T}@T{
+\f[C]/dir/file.1\f[R]
+T}
+T{
+Escape
+T}@T{
+\f[C]*.\[rs]?\[rs]?\[rs]?\f[R]
+T}@T{
+\f[C]/file.???\f[R]
+T}@T{
+\f[C]/file.abc\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/dir/file.???\f[R]
+T}@T{
+\f[C]/dir/file.def\f[R]
+T}
+T{
+Class
+T}@T{
+\f[C]*.\[rs]d\[rs]d\[rs]d\f[R]
+T}@T{
+\f[C]/file.012\f[R]
+T}@T{
+\f[C]/file.abc\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/dir/file.345\f[R]
+T}@T{
+\f[C]/dir/file.def\f[R]
+T}
+T{
+Regexp
+T}@T{
+\f[C]*.{{jpe?g}}\f[R]
+T}@T{
+\f[C]/file.jpeg\f[R]
+T}@T{
+\f[C]/file.png\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/dir/file.jpg\f[R]
+T}@T{
+\f[C]/dir/file.jpeeg\f[R]
+T}
+T{
+Rooted Regexp
+T}@T{
+\f[C]/{{.*\[rs].jpe?g}}\f[R]
+T}@T{
+\f[C]/file.jpeg\f[R]
+T}@T{
+\f[C]/file.png\f[R]
+T}
+T{
+T}@T{
+T}@T{
+\f[C]/file.jpg\f[R]
+T}@T{
+\f[C]/dir/file.jpg\f[R]
+T}
+.TE
+.SS How filter rules are applied to files
 .PP
-However some of the types returned by the options/get call and taken by
-the options/set calls as well as the \f[C]vfsOpt\f[R],
-\f[C]mountOpt\f[R] and the \f[C]_config\f[R] parameters.
+Rclone path/file name filters are made up of one or more of the
+following flags:
 .IP \[bu] 2
-\f[C]Duration\f[R] - these are returned as an integer duration in
-nanoseconds.
-They may be set as an integer, or they may be set with time string, eg
-\[dq]5s\[dq].
-See the options section (https://rclone.org/docs/#options) for more
-info.
+\f[C]--include\f[R]
 .IP \[bu] 2
-\f[C]Size\f[R] - these are returned as an integer number of bytes.
-They may be set as an integer or they may be set with a size suffix
-string, eg \[dq]10M\[dq].
-See the options section (https://rclone.org/docs/#options) for more
-info.
+\f[C]--include-from\f[R]
 .IP \[bu] 2
-Enumerated type (such as \f[C]CutoffMode\f[R], \f[C]DumpFlags\f[R],
-\f[C]LogLevel\f[R], \f[C]VfsCacheMode\f[R] - these will be returned as
-an integer and may be set as an integer but more conveniently they can
-be set as a string, eg \[dq]HARD\[dq] for \f[C]CutoffMode\f[R] or
-\f[C]DEBUG\f[R] for \f[C]LogLevel\f[R].
+\f[C]--exclude\f[R]
 .IP \[bu] 2
-\f[C]BandwidthSpec\f[R] - this will be set and returned as a string, eg
-\[dq]1M\[dq].
-.SS Specifying remotes to work on
+\f[C]--exclude-from\f[R]
+.IP \[bu] 2
+\f[C]--filter\f[R]
+.IP \[bu] 2
+\f[C]--filter-from\f[R]
 .PP
-Remotes are specified with the \f[C]fs=\f[R], \f[C]srcFs=\f[R],
-\f[C]dstFs=\f[R] parameters depending on the command being used.
+There can be more than one instance of individual flags.
 .PP
-The parameters can be a string as per the rest of rclone, eg
-\f[C]s3:bucket/path\f[R] or \f[C]:sftp:/my/dir\f[R].
-They can also be specified as JSON blobs.
+Rclone internally uses a combined list of all the include and exclude
+rules.
+The order in which rules are processed can influence the result of the
+filter.
 .PP
-If specifying a JSON blob it should be a object mapping strings to
-strings.
-These values will be used to configure the remote.
-There are 3 special values which may be set:
-.IP \[bu] 2
-\f[C]type\f[R] - set to \f[C]type\f[R] to specify a remote called
-\f[C]:type:\f[R]
-.IP \[bu] 2
-\f[C]_name\f[R] - set to \f[C]name\f[R] to specify a remote called
-\f[C]name:\f[R]
-.IP \[bu] 2
-\f[C]_root\f[R] - sets the root of the remote - may be empty
+All flags of the same type are processed together in the order above,
+regardless of what order the different types of flags are included on
+the command line.
 .PP
-One of \f[C]_name\f[R] or \f[C]type\f[R] should normally be set.
-If the \f[C]local\f[R] backend is desired then \f[C]type\f[R] should be
-set to \f[C]local\f[R].
-If \f[C]_root\f[R] isn\[aq]t specified then it defaults to the root of
-the remote.
+Multiple instances of the same flag are processed from left to right
+according to their position in the command line.
 .PP
-For example this JSON is equivalent to \f[C]remote:/tmp\f[R]
-.IP
-.nf
-\f[C]
-{
-    \[dq]_name\[dq]: \[dq]remote\[dq],
-    \[dq]_path\[dq]: \[dq]/tmp\[dq]
-}
-\f[R]
-.fi
+To mix up the order of processing includes and excludes use
+\f[C]--filter...\f[R] flags.
 .PP
-And this is equivalent to
-\f[C]:sftp,host=\[aq]example.com\[aq]:/tmp\f[R]
-.IP
-.nf
-\f[C]
-{
-    \[dq]type\[dq]: \[dq]sftp\[dq],
-    \[dq]host\[dq]: \[dq]example.com\[dq],
-    \[dq]_path\[dq]: \[dq]/tmp\[dq]
-}
-\f[R]
-.fi
+Within \f[C]--include-from\f[R], \f[C]--exclude-from\f[R] and
+\f[C]--filter-from\f[R] flags rules are processed from top to bottom of
+the referenced file.
 .PP
-And this is equivalent to \f[C]/tmp/dir\f[R]
-.IP
-.nf
-\f[C]
-{
-    type = \[dq]local\[dq],
-    _ path = \[dq]/tmp/dir\[dq]
-}
-\f[R]
-.fi
-.SS Supported commands
-.SS backend/command: Runs a backend command.
+If there is an \f[C]--include\f[R] or \f[C]--include-from\f[R] flag
+specified, rclone implies a \f[C]- **\f[R] rule which it adds to the
+bottom of the internal rule list.
+Specifying a \f[C]+\f[R] rule with a \f[C]--filter...\f[R] flag does not
+imply that rule.
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-command - a string with the command name
+Each path/file name passed through rclone is matched against the
+combined filter list.
+At first match to a rule the path/file name is included or excluded and
+no further filter rules are processed for that path/file.
+.PP
+If rclone does not find a match, after testing against all rules
+(including the implied rule if appropriate), the path/file name is
+included.
+.PP
+Any path/file included at that stage is processed by the rclone command.
+.PP
+\f[C]--files-from\f[R] and \f[C]--files-from-raw\f[R] flags over-ride
+and cannot be combined with other filter options.
+.PP
+To see the internal combined rule list, in regular expression form, for
+a command add the \f[C]--dump filters\f[R] flag.
+Running an rclone command with \f[C]--dump filters\f[R] and
+\f[C]-vv\f[R] flags lists the internal filter elements and shows how
+they are applied to each source path/file.
+There is not currently a means provided to pass regular expression
+filter options into rclone directly though character class filter rules
+contain character classes.
+Go regular expression reference (https://golang.org/pkg/regexp/syntax/)
+.SS How filter rules are applied to directories
+.PP
+Rclone commands are applied to path/file names not directories.
+The entire contents of a directory can be matched to a filter by the
+pattern \f[C]directory/*\f[R] or recursively by \f[C]directory/**\f[R].
+.PP
+Directory filter rules are defined with a closing \f[C]/\f[R] separator.
+.PP
+E.g.
+\f[C]/directory/subdirectory/\f[R] is an rclone directory filter rule.
+.PP
+Rclone commands can use directory filter rules to determine whether they
+recurse into subdirectories.
+This potentially optimises access to a remote by avoiding listing
+unnecessary directories.
+Whether optimisation is desirable depends on the specific filter rules
+and source remote content.
+.PP
+If any regular expression filters are in use, then no directory
+recursion optimisation is possible, as rclone must check every path
+against the supplied regular expression(s).
+.PP
+Directory recursion optimisation occurs if either:
 .IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
+A source remote does not support the rclone \f[C]ListR\f[R] primitive.
+local, sftp, Microsoft OneDrive and WebDAV do not support
+\f[C]ListR\f[R].
+Google Drive and most bucket type storage do.
+Full list (https://rclone.org/overview/#optional-features)
 .IP \[bu] 2
-arg - a list of arguments for the backend command
+On other remotes (those that support \f[C]ListR\f[R]), if the rclone
+command is not naturally recursive, and provided it is not run with the
+\f[C]--fast-list\f[R] flag.
+\f[C]ls\f[R], \f[C]lsf -R\f[R] and \f[C]size\f[R] are naturally
+recursive but \f[C]sync\f[R], \f[C]copy\f[R] and \f[C]move\f[R] are not.
 .IP \[bu] 2
-opt - a map of string to string of options
+Whenever the \f[C]--disable ListR\f[R] flag is applied to an rclone
+command.
 .PP
-Returns:
-.IP \[bu] 2
-result - result from the backend command
+Rclone commands imply directory filter rules from path/file filter
+rules.
+To view the directory filter rules rclone has implied for a command
+specify the \f[C]--dump filters\f[R] flag.
 .PP
-Example:
+E.g.
+for an include rule
 .IP
 .nf
 \f[C]
-rclone rc backend/command command=noop fs=. -o echo=yes -o blue -a path1 -a path2
+/a/*.jpg
 \f[R]
 .fi
 .PP
-Returns
+Rclone implies the directory include rule
 .IP
 .nf
 \f[C]
-{
-    \[dq]result\[dq]: {
-        \[dq]arg\[dq]: [
-            \[dq]path1\[dq],
-            \[dq]path2\[dq]
-        ],
-        \[dq]name\[dq]: \[dq]noop\[dq],
-        \[dq]opt\[dq]: {
-            \[dq]blue\[dq]: \[dq]\[dq],
-            \[dq]echo\[dq]: \[dq]yes\[dq]
-        }
-    }
-}
+/a/
 \f[R]
 .fi
 .PP
-Note that this is the direct equivalent of using this \[dq]backend\[dq]
-command:
+Directory filter rules specified in an rclone command can limit the
+scope of an rclone command but path/file filters still have to be
+specified.
+.PP
+E.g.
+\f[C]rclone ls remote: --include /directory/\f[R] will not match any
+files.
+Because it is an \f[C]--include\f[R] option the \f[C]--exclude **\f[R]
+rule is implied, and the \f[C]/directory/\f[R] pattern serves only to
+optimise access to the remote by ignoring everything outside of that
+directory.
+.PP
+E.g.
+\f[C]rclone ls remote: --filter-from filter-list.txt\f[R] with a file
+\f[C]filter-list.txt\f[R]:
 .IP
 .nf
 \f[C]
-rclone backend noop . -o echo=yes -o blue path1 path2
+- /dir1/
+- /dir2/
++ *.pdf
+- **
 \f[R]
 .fi
 .PP
-Note that arguments must be preceded by the \[dq]-a\[dq] flag
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more information.
+All files in directories \f[C]dir1\f[R] or \f[C]dir2\f[R] or their
+subdirectories are completely excluded from the listing.
+Only files of suffix \f[C]pdf\f[R] in the root of \f[C]remote:\f[R] or
+its subdirectories are listed.
+The \f[C]- **\f[R] rule prevents listing of any path/files not
+previously matched by the rules above.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS cache/expire: Purge a remote from cache
+Option \f[C]exclude-if-present\f[R] creates a directory exclude rule
+based on the presence of a file in a directory and takes precedence over
+other rclone directory filter rules.
 .PP
-Purge a remote from the cache backend.
-Supports either a directory or a file.
-Params: - remote = path to remote (required) - withData = true/false to
-delete cached data (chunks) as well (optional)
+When using pattern list syntax, if a pattern item contains either
+\f[C]/\f[R] or \f[C]**\f[R], then rclone will not able to imply a
+directory filter rule from this pattern list.
 .PP
-Eg
+E.g.
+for an include rule
 .IP
 .nf
 \f[C]
-rclone rc cache/expire remote=path/to/sub/folder/
-rclone rc cache/expire remote=/ withData=true
+{dir1/**,dir2/**}
 \f[R]
 .fi
-.SS cache/fetch: Fetch file chunks
-.PP
-Ensure the specified file chunks are cached on disk.
 .PP
-The chunks= parameter specifies the file chunks to check.
-It takes a comma separated list of array slice indices.
-The slice indices are similar to Python slices: start[:end]
+Rclone will match files below directories \f[C]dir1\f[R] or
+\f[C]dir2\f[R] only, but will not be able to use this filter to exclude
+a directory \f[C]dir3\f[R] from being traversed.
 .PP
-start is the 0 based chunk number from the beginning of the file to
-fetch inclusive.
-end is 0 based chunk number from the beginning of the file to fetch
-exclusive.
-Both values can be negative, in which case they count from the back of
-the file.
-The value \[dq]-5:\[dq] represents the last 5 chunks of a file.
+Directory recursion optimisation may affect performance, but normally
+not the result.
+One exception to this is sync operations with option
+\f[C]--create-empty-src-dirs\f[R], where any traversed empty directories
+will be created.
+With the pattern list example \f[C]{dir1/**,dir2/**}\f[R] above, this
+would create an empty directory \f[C]dir3\f[R] on destination (when it
+exists on source).
+Changing the filter to \f[C]{dir1,dir2}/**\f[R], or splitting it into
+two include rules \f[C]--include dir1/** --include dir2/**\f[R], will
+match the same files while also filtering directories, with the result
+that an empty directory \f[C]dir3\f[R] will no longer be created.
+.SS \f[C]--exclude\f[R] - Exclude files matching pattern
 .PP
-Some valid examples are: \[dq]:5,-5:\[dq] -> the first and last five
-chunks \[dq]0,-2\[dq] -> the first and the second last chunk
-\[dq]0:10\[dq] -> the first ten chunks
+Excludes path/file names from an rclone command based on a single
+exclude rule.
 .PP
-Any parameter with a key that starts with \[dq]file\[dq] can be used to
-specify files to fetch, e.g.
-.IP
-.nf
-\f[C]
-rclone rc cache/fetch chunks=0 file=hello file2=home/goodbye
-\f[R]
-.fi
+This flag can be repeated.
+See above for the order filter flags are processed in.
 .PP
-File names will automatically be encrypted when the a crypt remote is
-used on top of the cache.
-.SS cache/stats: Get cache stats
+\f[C]--exclude\f[R] should not be used with \f[C]--include\f[R],
+\f[C]--include-from\f[R], \f[C]--filter\f[R] or \f[C]--filter-from\f[R]
+flags.
 .PP
-Show statistics for the cache remote.
-.SS config/create: create the config for a remote.
+\f[C]--exclude\f[R] has no effect when combined with
+\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-name - name of remote
-.IP \[bu] 2
-parameters - a map of { \[dq]key\[dq]: \[dq]value\[dq] } pairs
-.IP \[bu] 2
-type - type of the new remote
-.IP \[bu] 2
-opt - a dictionary of options to control the configuration
-.RS 2
-.IP \[bu] 2
-obscure - declare passwords are plain and need obscuring
-.IP \[bu] 2
-noObscure - declare passwords are already obscured and don\[aq]t need
-obscuring
-.IP \[bu] 2
-nonInteractive - don\[aq]t interact with a user, return questions
-.IP \[bu] 2
-continue - continue the config process with an answer
-.IP \[bu] 2
-all - ask all the config questions not just the post config ones
-.IP \[bu] 2
-state - state to restart with - used with continue
-.IP \[bu] 2
-result - result to restart with - used with continue
-.RE
+E.g.
+\f[C]rclone ls remote: --exclude *.bak\f[R] excludes all .bak files from
+listing.
 .PP
-See the config
-create (https://rclone.org/commands/rclone_config_create/) command for
-more information on the above.
+E.g.
+\f[C]rclone size remote: \[dq]--exclude /dir/**\[dq]\f[R] returns the
+total size of all files on \f[C]remote:\f[R] excluding those in root
+directory \f[C]dir\f[R] and sub directories.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/delete: Delete a remote in the config file.
+E.g.
+on Microsoft Windows
+\f[C]rclone ls remote: --exclude \[dq]*\[rs][{JP,KR,HK}\[rs]]*\[dq]\f[R]
+lists the files in \f[C]remote:\f[R] without \f[C][JP]\f[R] or
+\f[C][KR]\f[R] or \f[C][HK]\f[R] in their name.
+Quotes prevent the shell from interpreting the \f[C]\[rs]\f[R]
+characters.\f[C]\[rs]\f[R] characters escape the \f[C][\f[R] and
+\f[C]]\f[R] so an rclone filter treats them literally rather than as a
+character-range.
+The \f[C]{\f[R] and \f[C]}\f[R] define an rclone pattern list.
+For other operating systems single quotes are required ie
+\f[C]rclone ls remote: --exclude \[aq]*\[rs][{JP,KR,HK}\[rs]]*\[aq]\f[R]
+.SS \f[C]--exclude-from\f[R] - Read exclude patterns from file
 .PP
-Parameters:
-.IP \[bu] 2
-name - name of remote to delete
+Excludes path/file names from an rclone command based on rules in a
+named file.
+The file contains a list of remarks and pattern rules.
 .PP
-See the config
-delete (https://rclone.org/commands/rclone_config_delete/) command for
-more information on the above.
+For an example \f[C]exclude-file.txt\f[R]:
+.IP
+.nf
+\f[C]
+# a sample exclude rule file
+*.bak
+file2.jpg
+\f[R]
+.fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/dump: Dumps the config file.
+\f[C]rclone ls remote: --exclude-from exclude-file.txt\f[R] lists the
+files on \f[C]remote:\f[R] except those named \f[C]file2.jpg\f[R] or
+with a suffix \f[C].bak\f[R].
+That is equivalent to
+\f[C]rclone ls remote: --exclude file2.jpg --exclude \[dq]*.bak\[dq]\f[R].
 .PP
-Returns a JSON object: - key: value
+This flag can be repeated.
+See above for the order filter flags are processed in.
 .PP
-Where keys are remote names and values are the config parameters.
+The \f[C]--exclude-from\f[R] flag is useful where multiple exclude
+filter rules are applied to an rclone command.
 .PP
-See the config dump (https://rclone.org/commands/rclone_config_dump/)
-command for more information on the above.
+\f[C]--exclude-from\f[R] should not be used with \f[C]--include\f[R],
+\f[C]--include-from\f[R], \f[C]--filter\f[R] or \f[C]--filter-from\f[R]
+flags.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/get: Get a remote in the config file.
+\f[C]--exclude-from\f[R] has no effect when combined with
+\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
 .PP
-Parameters:
-.IP \[bu] 2
-name - name of remote to get
+\f[C]--exclude-from\f[R] followed by \f[C]-\f[R] reads filter rules from
+standard input.
+.SS \f[C]--include\f[R] - Include files matching pattern
 .PP
-See the config dump (https://rclone.org/commands/rclone_config_dump/)
-command for more information on the above.
+Adds a single include rule based on path/file names to an rclone
+command.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/listremotes: Lists the remotes in the config file.
+This flag can be repeated.
+See above for the order filter flags are processed in.
 .PP
-Returns - remotes - array of remote names
+\f[C]--include\f[R] has no effect when combined with
+\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
 .PP
-See the listremotes (https://rclone.org/commands/rclone_listremotes/)
-command for more information on the above.
+\f[C]--include\f[R] implies \f[C]--exclude **\f[R] at the end of an
+rclone internal filter list.
+Therefore if you mix \f[C]--include\f[R] and \f[C]--include-from\f[R]
+flags with \f[C]--exclude\f[R], \f[C]--exclude-from\f[R],
+\f[C]--filter\f[R] or \f[C]--filter-from\f[R], you must use include
+rules for all the files you want in the include statement.
+For more flexibility use the \f[C]--filter-from\f[R] flag.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/password: password the config for a remote.
+E.g.
+\f[C]rclone ls remote: --include \[dq]*.{png,jpg}\[dq]\f[R] lists the
+files on \f[C]remote:\f[R] with suffix \f[C].png\f[R] and
+\f[C].jpg\f[R].
+All other files are excluded.
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-name - name of remote
-.IP \[bu] 2
-parameters - a map of { \[dq]key\[dq]: \[dq]value\[dq] } pairs
+E.g.
+multiple rclone copy commands can be combined with \f[C]--include\f[R]
+and a pattern-list.
+.IP
+.nf
+\f[C]
+rclone copy /vol1/A remote:A
+rclone copy /vol1/B remote:B
+\f[R]
+.fi
 .PP
-See the config
-password (https://rclone.org/commands/rclone_config_password/) command
-for more information on the above.
+is equivalent to:
+.IP
+.nf
+\f[C]
+rclone copy /vol1 remote: --include \[dq]{A,B}/**\[dq]
+\f[R]
+.fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/providers: Shows how providers are configured in the config file.
+E.g.
+\f[C]rclone ls remote:/wheat --include \[dq]??[\[ha][:punct:]]*\[dq]\f[R]
+lists the files \f[C]remote:\f[R] directory \f[C]wheat\f[R] (and
+subdirectories) whose third character is not punctuation.
+This example uses an ASCII character
+class (https://golang.org/pkg/regexp/syntax/).
+.SS \f[C]--include-from\f[R] - Read include patterns from file
 .PP
-Returns a JSON object: - providers - array of objects
+Adds path/file names to an rclone command based on rules in a named
+file.
+The file contains a list of remarks and pattern rules.
 .PP
-See the config
-providers (https://rclone.org/commands/rclone_config_providers/) command
-for more information on the above.
+For an example \f[C]include-file.txt\f[R]:
+.IP
+.nf
+\f[C]
+# a sample include rule file
+*.jpg
+file2.avi
+\f[R]
+.fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/setpath: Set the path of the config file
+\f[C]rclone ls remote: --include-from include-file.txt\f[R] lists the
+files on \f[C]remote:\f[R] with name \f[C]file2.avi\f[R] or suffix
+\f[C].jpg\f[R].
+That is equivalent to
+\f[C]rclone ls remote: --include file2.avi --include \[dq]*.jpg\[dq]\f[R].
 .PP
-Parameters:
-.IP \[bu] 2
-path - path to the config file to use
+This flag can be repeated.
+See above for the order filter flags are processed in.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS config/update: update the config for a remote.
+The \f[C]--include-from\f[R] flag is useful where multiple include
+filter rules are applied to an rclone command.
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-name - name of remote
-.IP \[bu] 2
-parameters - a map of { \[dq]key\[dq]: \[dq]value\[dq] } pairs
-.IP \[bu] 2
-opt - a dictionary of options to control the configuration
-.RS 2
-.IP \[bu] 2
-obscure - declare passwords are plain and need obscuring
-.IP \[bu] 2
-noObscure - declare passwords are already obscured and don\[aq]t need
-obscuring
-.IP \[bu] 2
-nonInteractive - don\[aq]t interact with a user, return questions
-.IP \[bu] 2
-continue - continue the config process with an answer
-.IP \[bu] 2
-all - ask all the config questions not just the post config ones
-.IP \[bu] 2
-state - state to restart with - used with continue
-.IP \[bu] 2
-result - result to restart with - used with continue
-.RE
+\f[C]--include-from\f[R] implies \f[C]--exclude **\f[R] at the end of an
+rclone internal filter list.
+Therefore if you mix \f[C]--include\f[R] and \f[C]--include-from\f[R]
+flags with \f[C]--exclude\f[R], \f[C]--exclude-from\f[R],
+\f[C]--filter\f[R] or \f[C]--filter-from\f[R], you must use include
+rules for all the files you want in the include statement.
+For more flexibility use the \f[C]--filter-from\f[R] flag.
 .PP
-See the config
-update (https://rclone.org/commands/rclone_config_update/) command for
-more information on the above.
+\f[C]--exclude-from\f[R] has no effect when combined with
+\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS core/bwlimit: Set the bandwidth limit.
+\f[C]--exclude-from\f[R] followed by \f[C]-\f[R] reads filter rules from
+standard input.
+.SS \f[C]--filter\f[R] - Add a file-filtering rule
 .PP
-This sets the bandwidth limit to the string passed in.
-This should be a single bandwidth limit entry or a pair of
-upload:download bandwidth.
+Specifies path/file names to an rclone command, based on a single
+include or exclude rule, in \f[C]+\f[R] or \f[C]-\f[R] format.
 .PP
-Eg
+This flag can be repeated.
+See above for the order filter flags are processed in.
+.PP
+\f[C]--filter +\f[R] differs from \f[C]--include\f[R].
+In the case of \f[C]--include\f[R] rclone implies an
+\f[C]--exclude *\f[R] rule which it adds to the bottom of the internal
+rule list.
+\f[C]--filter...+\f[R] does not imply that rule.
+.PP
+\f[C]--filter\f[R] has no effect when combined with
+\f[C]--files-from\f[R] or \f[C]--files-from-raw\f[R] flags.
+.PP
+\f[C]--filter\f[R] should not be used with \f[C]--include\f[R],
+\f[C]--include-from\f[R], \f[C]--exclude\f[R] or
+\f[C]--exclude-from\f[R] flags.
+.PP
+E.g.
+\f[C]rclone ls remote: --filter \[dq]- *.bak\[dq]\f[R] excludes all
+\f[C].bak\f[R] files from a list of \f[C]remote:\f[R].
+.SS \f[C]--filter-from\f[R] - Read filtering patterns from a file
+.PP
+Adds path/file names to an rclone command based on rules in a named
+file.
+The file contains a list of remarks and pattern rules.
+Include rules start with \f[C]+\f[R] and exclude rules with \f[C]-\f[R].
+\f[C]!\f[R] clears existing rules.
+Rules are processed in the order they are defined.
+.PP
+This flag can be repeated.
+See above for the order filter flags are processed in.
+.PP
+Arrange the order of filter rules with the most restrictive first and
+work down.
+.PP
+E.g.
+for \f[C]filter-file.txt\f[R]:
 .IP
 .nf
 \f[C]
-rclone rc core/bwlimit rate=off
-{
-    \[dq]bytesPerSecond\[dq]: -1,
-    \[dq]bytesPerSecondTx\[dq]: -1,
-    \[dq]bytesPerSecondRx\[dq]: -1,
-    \[dq]rate\[dq]: \[dq]off\[dq]
-}
-rclone rc core/bwlimit rate=1M
-{
-    \[dq]bytesPerSecond\[dq]: 1048576,
-    \[dq]bytesPerSecondTx\[dq]: 1048576,
-    \[dq]bytesPerSecondRx\[dq]: 1048576,
-    \[dq]rate\[dq]: \[dq]1M\[dq]
-}
-rclone rc core/bwlimit rate=1M:100k
-{
-    \[dq]bytesPerSecond\[dq]: 1048576,
-    \[dq]bytesPerSecondTx\[dq]: 1048576,
-    \[dq]bytesPerSecondRx\[dq]: 131072,
-    \[dq]rate\[dq]: \[dq]1M\[dq]
-}
+# a sample filter rule file
+- secret*.jpg
++ *.jpg
++ *.png
++ file2.avi
+- /dir/Trash/**
++ /dir/**
+# exclude everything else
+- *
 \f[R]
 .fi
 .PP
-If the rate parameter is not supplied then the bandwidth is queried
+\f[C]rclone ls remote: --filter-from filter-file.txt\f[R] lists the
+path/files on \f[C]remote:\f[R] including all \f[C]jpg\f[R] and
+\f[C]png\f[R] files, excluding any matching \f[C]secret*.jpg\f[R] and
+including \f[C]file2.avi\f[R].
+It also includes everything in the directory \f[C]dir\f[R] at the root
+of \f[C]remote\f[R], except \f[C]remote:dir/Trash\f[R] which it
+excludes.
+Everything else is excluded.
+.PP
+E.g.
+for an alternative \f[C]filter-file.txt\f[R]:
 .IP
 .nf
 \f[C]
-rclone rc core/bwlimit
-{
-    \[dq]bytesPerSecond\[dq]: 1048576,
-    \[dq]bytesPerSecondTx\[dq]: 1048576,
-    \[dq]bytesPerSecondRx\[dq]: 1048576,
-    \[dq]rate\[dq]: \[dq]1M\[dq]
-}
+- secret*.jpg
++ *.jpg
++ *.png
++ file2.avi
+- *
 \f[R]
 .fi
 .PP
-The format of the parameter is exactly the same as passed to --bwlimit
-except only one bandwidth may be specified.
+Files \f[C]file1.jpg\f[R], \f[C]file3.png\f[R] and \f[C]file2.avi\f[R]
+are listed whilst \f[C]secret17.jpg\f[R] and files without the suffix
+\&.jpg\f[C]or\f[R].png\[ga] are excluded.
 .PP
-In either case \[dq]rate\[dq] is returned as a human-readable string,
-and \[dq]bytesPerSecond\[dq] is returned as a number.
-.SS core/command: Run a rclone terminal command over rc.
+E.g.
+for an alternative \f[C]filter-file.txt\f[R]:
+.IP
+.nf
+\f[C]
++ *.jpg
++ *.gif
+!
++ 42.doc
+- *
+\f[R]
+.fi
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-command - a string with the command name.
-.IP \[bu] 2
-arg - a list of arguments for the backend command.
-.IP \[bu] 2
-opt - a map of string to string of options.
-.IP \[bu] 2
-returnType - one of (\[dq]COMBINED_OUTPUT\[dq], \[dq]STREAM\[dq],
-\[dq]STREAM_ONLY_STDOUT\[dq], \[dq]STREAM_ONLY_STDERR\[dq]).
-.RS 2
-.IP \[bu] 2
-Defaults to \[dq]COMBINED_OUTPUT\[dq] if not set.
-.IP \[bu] 2
-The STREAM returnTypes will write the output to the body of the HTTP
-message.
-.IP \[bu] 2
-The COMBINED_OUTPUT will write the output to the \[dq]result\[dq]
-parameter.
-.RE
+Only file 42.doc is listed.
+Prior rules are cleared by the \f[C]!\f[R].
+.SS \f[C]--files-from\f[R] - Read list of source-file names
 .PP
-Returns:
-.IP \[bu] 2
-result - result from the backend command.
-.RS 2
-.IP \[bu] 2
-Only set when using returnType \[dq]COMBINED_OUTPUT\[dq].
-.RE
-.IP \[bu] 2
-error - set if rclone exits with an error code.
-.IP \[bu] 2
-returnType - one of (\[dq]COMBINED_OUTPUT\[dq], \[dq]STREAM\[dq],
-\[dq]STREAM_ONLY_STDOUT\[dq], \[dq]STREAM_ONLY_STDERR\[dq]).
+Adds path/files to an rclone command from a list in a named file.
+Rclone processes the path/file names in the order of the list, and no
+others.
 .PP
-Example:
+Other filter flags (\f[C]--include\f[R], \f[C]--include-from\f[R],
+\f[C]--exclude\f[R], \f[C]--exclude-from\f[R], \f[C]--filter\f[R] and
+\f[C]--filter-from\f[R]) are ignored when \f[C]--files-from\f[R] is
+used.
+.PP
+\f[C]--files-from\f[R] expects a list of files as its input.
+Leading or trailing whitespace is stripped from the input lines.
+Lines starting with \f[C]#\f[R] or \f[C];\f[R] are ignored.
+.PP
+Rclone commands with a \f[C]--files-from\f[R] flag traverse the remote,
+treating the names in \f[C]--files-from\f[R] as a set of filters.
+.PP
+If the \f[C]--no-traverse\f[R] and \f[C]--files-from\f[R] flags are used
+together an rclone command does not traverse the remote.
+Instead it addresses each path/file named in the file individually.
+For each path/file name, that requires typically 1 API call.
+This can be efficient for a short \f[C]--files-from\f[R] list and a
+remote containing many files.
+.PP
+Rclone commands do not error if any names in the \f[C]--files-from\f[R]
+file are missing from the source remote.
+.PP
+The \f[C]--files-from\f[R] flag can be repeated in a single rclone
+command to read path/file names from more than one file.
+The files are read from left to right along the command line.
+.PP
+Paths within the \f[C]--files-from\f[R] file are interpreted as starting
+with the root specified in the rclone command.
+Leading \f[C]/\f[R] separators are ignored.
+See --files-from-raw if you need the input to be processed in a raw
+manner.
+.PP
+E.g.
+for a file \f[C]files-from.txt\f[R]:
 .IP
 .nf
 \f[C]
-rclone rc core/command command=ls -a mydrive:/ -o max-depth=1
-rclone rc core/command -a ls -a mydrive:/ -o max-depth=1
+# comment
+file1.jpg
+subdir/file2.jpg
 \f[R]
 .fi
 .PP
-Returns:
+\f[C]rclone copy --files-from files-from.txt /home/me/pics remote:pics\f[R]
+copies the following, if they exist, and only those files.
 .IP
 .nf
 \f[C]
-{
-    \[dq]error\[dq]: false,
-    \[dq]result\[dq]: \[dq]<Raw command line output>\[dq]
-}
-
-OR
-{
-    \[dq]error\[dq]: true,
-    \[dq]result\[dq]: \[dq]<Raw command line output>\[dq]
-}
+/home/me/pics/file1.jpg        \[->] remote:pics/file1.jpg
+/home/me/pics/subdir/file2.jpg \[->] remote:pics/subdir/file2.jpg
 \f[R]
 .fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS core/gc: Runs a garbage collection.
-.PP
-This tells the go runtime to do a garbage collection run.
-It isn\[aq]t necessary to call this normally, but it can be useful for
-debugging memory problems.
-.SS core/group-list: Returns list of stats.
-.PP
-This returns list of stats groups currently in memory.
-.PP
-Returns the following values:
+E.g.
+to copy the following files referenced by their absolute paths:
 .IP
 .nf
 \f[C]
-{
-    \[dq]groups\[dq]:  an array of group names:
-        [
-            \[dq]group1\[dq],
-            \[dq]group2\[dq],
-            ...
-        ]
-}
+/home/user1/42
+/home/user1/dir/ford
+/home/user2/prefect
 \f[R]
 .fi
-.SS core/memstats: Returns the memory statistics
-.PP
-This returns the memory statistics of the running program.
-What the values mean are explained in the go docs:
-https://golang.org/pkg/runtime/#MemStats
-.PP
-The most interesting values for most people are:
-.IP \[bu] 2
-HeapAlloc - this is the amount of memory rclone is actually using
-.IP \[bu] 2
-HeapSys - this is the amount of memory rclone has obtained from the OS
-.IP \[bu] 2
-Sys - this is the total amount of memory requested from the OS
-.RS 2
-.IP \[bu] 2
-It is virtual memory so may include unused memory
-.RE
-.SS core/obscure: Obscures a string passed in.
-.PP
-Pass a clear string and rclone will obscure it for the config file: -
-clear - string
-.PP
-Returns: - obscured - string
-.SS core/pid: Return PID of current process
-.PP
-This returns PID of current process.
-Useful for stopping rclone process.
-.SS core/quit: Terminates the app.
-.PP
-(Optional) Pass an exit code to be used for terminating the app: -
-exitCode - int
-.SS core/stats: Returns stats about current transfers.
 .PP
-This returns all available stats:
+First find a common subdirectory - in this case \f[C]/home\f[R] and put
+the remaining files in \f[C]files-from.txt\f[R] with or without leading
+\f[C]/\f[R], e.g.
 .IP
 .nf
 \f[C]
-rclone rc core/stats
+user1/42
+user1/dir/ford
+user2/prefect
 \f[R]
 .fi
 .PP
-If group is not provided then summed up stats for all groups will be
-returned.
-.PP
-Parameters
-.IP \[bu] 2
-group - name of the stats group (string)
-.PP
-Returns the following values:
+Then copy these to a remote:
 .IP
 .nf
 \f[C]
-{
-    \[dq]bytes\[dq]: total transferred bytes since the start of the group,
-    \[dq]checks\[dq]: number of files checked,
-    \[dq]deletes\[dq] : number of files deleted,
-    \[dq]elapsedTime\[dq]: time in floating point seconds since rclone was started,
-    \[dq]errors\[dq]: number of errors,
-    \[dq]eta\[dq]: estimated time in seconds until the group completes,
-    \[dq]fatalError\[dq]: boolean whether there has been at least one fatal error,
-    \[dq]lastError\[dq]: last error string,
-    \[dq]renames\[dq] : number of files renamed,
-    \[dq]retryError\[dq]: boolean showing whether there has been at least one non-NoRetryError,
-    \[dq]speed\[dq]: average speed in bytes per second since start of the group,
-    \[dq]totalBytes\[dq]: total number of bytes in the group,
-    \[dq]totalChecks\[dq]: total number of checks in the group,
-    \[dq]totalTransfers\[dq]: total number of transfers in the group,
-    \[dq]transferTime\[dq] : total time spent on running jobs,
-    \[dq]transfers\[dq]: number of transferred files,
-    \[dq]transferring\[dq]: an array of currently active file transfers:
-        [
-            {
-                \[dq]bytes\[dq]: total transferred bytes for this file,
-                \[dq]eta\[dq]: estimated time in seconds until file transfer completion
-                \[dq]name\[dq]: name of the file,
-                \[dq]percentage\[dq]: progress of the file transfer in percent,
-                \[dq]speed\[dq]: average speed over the whole transfer in bytes per second,
-                \[dq]speedAvg\[dq]: current speed in bytes per second as an exponentially weighted moving average,
-                \[dq]size\[dq]: size of the file in bytes
-            }
-        ],
-    \[dq]checking\[dq]: an array of names of currently active file checks
-        []
-}
+rclone copy --files-from files-from.txt /home remote:backup
 \f[R]
 .fi
 .PP
-Values for \[dq]transferring\[dq], \[dq]checking\[dq] and
-\[dq]lastError\[dq] are only assigned if data is available.
-The value for \[dq]eta\[dq] is null if an eta cannot be determined.
-.SS core/stats-delete: Delete stats group.
-.PP
-This deletes entire stats group.
-.PP
-Parameters
-.IP \[bu] 2
-group - name of the stats group (string)
-.SS core/stats-reset: Reset stats.
-.PP
-This clears counters, errors and finished transfers for all stats or
-specific stats group if group is provided.
-.PP
-Parameters
-.IP \[bu] 2
-group - name of the stats group (string)
-.SS core/transferred: Returns stats about completed transfers.
-.PP
-This returns stats about completed transfers:
+The three files are transferred as follows:
 .IP
 .nf
 \f[C]
-rclone rc core/transferred
+/home/user1/42       \[->] remote:backup/user1/important
+/home/user1/dir/ford \[->] remote:backup/user1/dir/file
+/home/user2/prefect  \[->] remote:backup/user2/stuff
 \f[R]
 .fi
 .PP
-If group is not provided then completed transfers for all groups will be
-returned.
-.PP
-Note only the last 100 completed transfers are returned.
-.PP
-Parameters
-.IP \[bu] 2
-group - name of the stats group (string)
-.PP
-Returns the following values:
+Alternatively if \f[C]/\f[R] is chosen as root \f[C]files-from.txt\f[R]
+will be:
 .IP
 .nf
 \f[C]
-{
-    \[dq]transferred\[dq]:  an array of completed transfers (including failed ones):
-        [
-            {
-                \[dq]name\[dq]: name of the file,
-                \[dq]size\[dq]: size of the file in bytes,
-                \[dq]bytes\[dq]: total transferred bytes for this file,
-                \[dq]checked\[dq]: if the transfer is only checked (skipped, deleted),
-                \[dq]timestamp\[dq]: integer representing millisecond unix epoch,
-                \[dq]error\[dq]: string description of the error (empty if successful),
-                \[dq]jobid\[dq]: id of the job that this transfer belongs to
-            }
-        ]
-}
+/home/user1/42
+/home/user1/dir/ford
+/home/user2/prefect
 \f[R]
 .fi
-.SS core/version: Shows the current version of rclone and the go runtime.
-.PP
-This shows the current version of go and the go runtime:
-.IP \[bu] 2
-version - rclone version, e.g.
-\[dq]v1.53.0\[dq]
-.IP \[bu] 2
-decomposed - version number as [major, minor, patch]
-.IP \[bu] 2
-isGit - boolean - true if this was compiled from the git version
-.IP \[bu] 2
-isBeta - boolean - true if this is a beta version
-.IP \[bu] 2
-os - OS in use as according to Go
-.IP \[bu] 2
-arch - cpu architecture in use according to Go
-.IP \[bu] 2
-goVersion - version of Go runtime in use
-.IP \[bu] 2
-linking - type of rclone executable (static or dynamic)
-.IP \[bu] 2
-goTags - space separated build tags or \[dq]none\[dq]
-.SS debug/set-block-profile-rate: Set runtime.SetBlockProfileRate for blocking profiling.
-.PP
-SetBlockProfileRate controls the fraction of goroutine blocking events
-that are reported in the blocking profile.
-The profiler aims to sample an average of one blocking event per rate
-nanoseconds spent blocked.
-.PP
-To include every blocking event in the profile, pass rate = 1.
-To turn off profiling entirely, pass rate <= 0.
 .PP
-After calling this you can use this to see the blocking profile:
+The copy command will be:
 .IP
 .nf
 \f[C]
-go tool pprof http://localhost:5572/debug/pprof/block
+rclone copy --files-from files-from.txt / remote:backup
 \f[R]
 .fi
 .PP
-Parameters:
-.IP \[bu] 2
-rate - int
-.SS debug/set-gc-percent: Call runtime/debug.SetGCPercent for setting the garbage collection target percentage.
-.PP
-SetGCPercent sets the garbage collection target percentage: a collection
-is triggered when the ratio of freshly allocated data to live data
-remaining after the previous collection reaches this percentage.
-SetGCPercent returns the previous setting.
-The initial setting is the value of the GOGC environment variable at
-startup, or 100 if the variable is not set.
-.PP
-This setting may be effectively reduced in order to maintain a memory
-limit.
-A negative percentage effectively disables garbage collection, unless
-the memory limit is reached.
-.PP
-See https://pkg.go.dev/runtime/debug#SetMemoryLimit for more details.
-.PP
-Parameters:
-.IP \[bu] 2
-gc-percent - int
-.SS debug/set-mutex-profile-fraction: Set runtime.SetMutexProfileFraction for mutex profiling.
-.PP
-SetMutexProfileFraction controls the fraction of mutex contention events
-that are reported in the mutex profile.
-On average 1/rate events are reported.
-The previous rate is returned.
-.PP
-To turn off profiling entirely, pass rate 0.
-To just read the current rate, pass rate < 0.
-(For n>1 the details of sampling may change.)
-.PP
-Once this is set you can look use this to profile the mutex contention:
+Then there will be an extra \f[C]home\f[R] directory on the remote:
 .IP
 .nf
 \f[C]
-go tool pprof http://localhost:5572/debug/pprof/mutex
+/home/user1/42       \[->] remote:backup/home/user1/42
+/home/user1/dir/ford \[->] remote:backup/home/user1/dir/ford
+/home/user2/prefect  \[->] remote:backup/home/user2/prefect
 \f[R]
 .fi
+.SS \f[C]--files-from-raw\f[R] - Read list of source-file names without any processing
 .PP
-Parameters:
-.IP \[bu] 2
-rate - int
-.PP
-Results:
-.IP \[bu] 2
-previousRate - int
-.SS debug/set-soft-memory-limit: Call runtime/debug.SetMemoryLimit for setting a soft memory limit for the runtime.
+This flag is the same as \f[C]--files-from\f[R] except that input is
+read in a raw manner.
+Lines with leading / trailing whitespace, and lines starting with
+\f[C];\f[R] or \f[C]#\f[R] are read without any processing.
+rclone lsf (https://rclone.org/commands/rclone_lsf/) has a compatible
+format that can be used to export file lists from remotes for input to
+\f[C]--files-from-raw\f[R].
+.SS \f[C]--ignore-case\f[R] - make searches case insensitive
 .PP
-SetMemoryLimit provides the runtime with a soft memory limit.
+By default, rclone filter patterns are case sensitive.
+The \f[C]--ignore-case\f[R] flag makes all of the filters patterns on
+the command line case insensitive.
 .PP
-The runtime undertakes several processes to try to respect this memory
-limit, including adjustments to the frequency of garbage collections and
-returning memory to the underlying system more aggressively.
-This limit will be respected even if GOGC=off (or, if SetGCPercent(-1)
-is executed).
+E.g.
+\f[C]--include \[dq]zaphod.txt\[dq]\f[R] does not match a file
+\f[C]Zaphod.txt\f[R].
+With \f[C]--ignore-case\f[R] a match is made.
+.SS Quoting shell metacharacters
 .PP
-The input limit is provided as bytes, and includes all memory mapped,
-managed, and not released by the Go runtime.
-Notably, it does not account for space used by the Go binary and memory
-external to Go, such as memory managed by the underlying system on
-behalf of the process, or memory managed by non-Go code inside the same
-process.
-Examples of excluded memory sources include: OS kernel memory held on
-behalf of the process, memory allocated by C code, and memory mapped by
-syscall.Mmap (because it is not managed by the Go runtime).
+Rclone commands with filter patterns containing shell metacharacters may
+not as work as expected in your shell and may require quoting.
 .PP
-A zero limit or a limit that\[aq]s lower than the amount of memory used
-by the Go runtime may cause the garbage collector to run nearly
-continuously.
-However, the application may still make progress.
+E.g.
+linux, OSX (\f[C]*\f[R] metacharacter)
+.IP \[bu] 2
+\f[C]--include \[rs]*.jpg\f[R]
+.IP \[bu] 2
+\f[C]--include \[aq]*.jpg\[aq]\f[R]
+.IP \[bu] 2
+\f[C]--include=\[aq]*.jpg\[aq]\f[R]
 .PP
-The memory limit is always respected by the Go runtime, so to
-effectively disable this behavior, set the limit very high.
-math.MaxInt64 is the canonical value for disabling the limit, but values
-much greater than the available memory on the underlying system work
-just as well.
+Microsoft Windows expansion is done by the command, not shell, so
+\f[C]--include *.jpg\f[R] does not require quoting.
 .PP
-See https://go.dev/doc/gc-guide for a detailed guide explaining the soft
-memory limit in more detail, as well as a variety of common use-cases
-and scenarios.
+If the rclone error
+\f[C]Command .... needs .... arguments maximum: you provided .... non flag arguments:\f[R]
+is encountered, the cause is commonly spaces within the name of a remote
+or flag value.
+The fix then is to quote values containing spaces.
+.SS Other filters
+.SS \f[C]--min-size\f[R] - Don\[aq]t transfer any file smaller than this
 .PP
-SetMemoryLimit returns the previously set memory limit.
-A negative input does not adjust the limit, and allows for retrieval of
-the currently set memory limit.
+Controls the minimum size file within the scope of an rclone command.
+Default units are \f[C]KiB\f[R] but abbreviations \f[C]K\f[R],
+\f[C]M\f[R], \f[C]G\f[R], \f[C]T\f[R] or \f[C]P\f[R] are valid.
 .PP
-Parameters:
-.IP \[bu] 2
-mem-limit - int
-.SS fscache/clear: Clear the Fs cache.
+E.g.
+\f[C]rclone ls remote: --min-size 50k\f[R] lists files on
+\f[C]remote:\f[R] of 50 KiB size or larger.
 .PP
-This clears the fs cache.
-This is where remotes created from backends are cached for a short while
-to make repeated rc calls more efficient.
+See the size option docs (https://rclone.org/docs/#size-option) for more
+info.
+.SS \f[C]--max-size\f[R] - Don\[aq]t transfer any file larger than this
 .PP
-If you change the parameters of a backend then you may want to call this
-to clear an existing remote out of the cache before re-creating it.
+Controls the maximum size file within the scope of an rclone command.
+Default units are \f[C]KiB\f[R] but abbreviations \f[C]K\f[R],
+\f[C]M\f[R], \f[C]G\f[R], \f[C]T\f[R] or \f[C]P\f[R] are valid.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS fscache/entries: Returns the number of entries in the fs cache.
+E.g.
+\f[C]rclone ls remote: --max-size 1G\f[R] lists files on
+\f[C]remote:\f[R] of 1 GiB size or smaller.
 .PP
-This returns the number of entries in the fs cache.
+See the size option docs (https://rclone.org/docs/#size-option) for more
+info.
+.SS \f[C]--max-age\f[R] - Don\[aq]t transfer any file older than this
 .PP
-Returns - entries - number of items in the cache
+Controls the maximum age of files within the scope of an rclone command.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS job/list: Lists the IDs of the running jobs
+\f[C]--max-age\f[R] applies only to files and not to directories.
 .PP
-Parameters: None.
+E.g.
+\f[C]rclone ls remote: --max-age 2d\f[R] lists files on
+\f[C]remote:\f[R] of 2 days old or less.
 .PP
-Results:
-.IP \[bu] 2
-jobids - array of integer job ids.
-.SS job/status: Reads the status of the job ID
+See the time option docs (https://rclone.org/docs/#time-option) for
+valid formats.
+.SS \f[C]--min-age\f[R] - Don\[aq]t transfer any file younger than this
 .PP
-Parameters:
-.IP \[bu] 2
-jobid - id of the job (integer).
+Controls the minimum age of files within the scope of an rclone command.
+(see \f[C]--max-age\f[R] for valid formats)
 .PP
-Results:
-.IP \[bu] 2
-finished - boolean
-.IP \[bu] 2
-duration - time in seconds that the job ran for
-.IP \[bu] 2
-endTime - time the job finished (e.g.
-\[dq]2018-10-26T18:50:20.528746884+01:00\[dq])
-.IP \[bu] 2
-error - error from the job or empty string for no error
-.IP \[bu] 2
-finished - boolean whether the job has finished or not
-.IP \[bu] 2
-id - as passed in above
-.IP \[bu] 2
-startTime - time the job started (e.g.
-\[dq]2018-10-26T18:50:20.528336039+01:00\[dq])
-.IP \[bu] 2
-success - boolean - true for success false otherwise
-.IP \[bu] 2
-output - output of the job as would have been returned if called
-synchronously
-.IP \[bu] 2
-progress - output of the progress related to the underlying job
-.SS job/stop: Stop the running job
+\f[C]--min-age\f[R] applies only to files and not to directories.
 .PP
-Parameters:
-.IP \[bu] 2
-jobid - id of the job (integer).
-.SS job/stopgroup: Stop all running jobs in a group
+E.g.
+\f[C]rclone ls remote: --min-age 2d\f[R] lists files on
+\f[C]remote:\f[R] of 2 days old or more.
 .PP
-Parameters:
-.IP \[bu] 2
-group - name of the group (string).
-.SS mount/listmounts: Show current mount points
+See the time option docs (https://rclone.org/docs/#time-option) for
+valid formats.
+.SS Other flags
+.SS \f[C]--delete-excluded\f[R] - Delete files on dest excluded from sync
 .PP
-This shows currently mounted points, which can be used for performing an
-unmount.
+\f[B]Important\f[R] this flag is dangerous to your data - use with
+\f[C]--dry-run\f[R] and \f[C]-v\f[R] first.
 .PP
-This takes no parameters and returns
-.IP \[bu] 2
-mountPoints: list of current mount points
+In conjunction with \f[C]rclone sync\f[R], \f[C]--delete-excluded\f[R]
+deletes any files on the destination which are excluded from the
+command.
 .PP
-Eg
+E.g.
+the scope of \f[C]rclone sync --interactive A: B:\f[R] can be
+restricted:
 .IP
 .nf
 \f[C]
-rclone rc mount/listmounts
+rclone --min-size 50k --delete-excluded sync A: B:
 \f[R]
 .fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS mount/mount: Create a new mount point
+All files on \f[C]B:\f[R] which are less than 50 KiB are deleted because
+they are excluded from the rclone sync command.
+.SS \f[C]--dump filters\f[R] - dump the filters to the output
 .PP
-rclone allows Linux, FreeBSD, macOS and Windows to mount any of
-Rclone\[aq]s cloud storage systems as a file system with FUSE.
+Dumps the defined filters to standard output in regular expression
+format.
 .PP
-If no mountType is provided, the priority is given as follows: 1.
-mount 2.cmount 3.mount2
+Useful for debugging.
+.SS Exclude directory based on a file
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote path to be mounted (required)
-.IP \[bu] 2
-mountPoint: valid path on the local machine (required)
-.IP \[bu] 2
-mountType: one of the values (mount, cmount, mount2) specifies the mount
-implementation to use
-.IP \[bu] 2
-mountOpt: a JSON object with Mount options in.
-.IP \[bu] 2
-vfsOpt: a JSON object with VFS options in.
+The \f[C]--exclude-if-present\f[R] flag controls whether a directory is
+within the scope of an rclone command based on the presence of a named
+file within it.
+The flag can be repeated to check for multiple file names, presence of
+any of them will exclude the directory.
 .PP
-Example:
+This flag has a priority over other filter flags.
+.PP
+E.g.
+for the following directory structure:
 .IP
 .nf
 \f[C]
-rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint
-rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint mountType=mount
-rclone rc mount/mount fs=TestDrive: mountPoint=/mnt/tmp vfsOpt=\[aq]{\[dq]CacheMode\[dq]: 2}\[aq] mountOpt=\[aq]{\[dq]AllowOther\[dq]: true}\[aq]
+dir1/file1
+dir1/dir2/file2
+dir1/dir2/dir3/file3
+dir1/dir2/dir3/.ignore
 \f[R]
 .fi
 .PP
-The vfsOpt are as described in options/get and can be seen in the the
-\[dq]vfs\[dq] section when running and the mountOpt can be seen in the
-\[dq]mount\[dq] section:
+The command \f[C]rclone ls --exclude-if-present .ignore dir1\f[R] does
+not list \f[C]dir3\f[R], \f[C]file3\f[R] or \f[C].ignore\f[R].
+.SS Metadata filters
+.PP
+The metadata filters work in a very similar way to the normal file name
+filters, except they match metadata (https://rclone.org/docs/#metadata)
+on the object.
+.PP
+The metadata should be specified as \f[C]key=value\f[R] patterns.
+This may be wildcarded using the normal filter patterns or regular
+expressions.
+.PP
+For example if you wished to list only local files with a mode of
+\f[C]100664\f[R] you could do that with:
 .IP
 .nf
 \f[C]
-rclone rc options/get
+rclone lsf -M --files-only --metadata-include \[dq]mode=100664\[dq] .
 \f[R]
 .fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS mount/types: Show all possible mount types
-.PP
-This shows all possible mount types and returns them as a list.
-.PP
-This takes no parameters and returns
-.IP \[bu] 2
-mountTypes: list of mount types
-.PP
-The mount types are strings like \[dq]mount\[dq], \[dq]mount2\[dq],
-\[dq]cmount\[dq] and can be passed to mount/mount as the mountType
-parameter.
-.PP
-Eg
+Or if you wished to show files with an \f[C]atime\f[R], \f[C]mtime\f[R]
+or \f[C]btime\f[R] at a given date:
 .IP
 .nf
 \f[C]
-rclone rc mount/types
+rclone lsf -M --files-only --metadata-include \[dq][abm]time=2022-12-16*\[dq] .
 \f[R]
 .fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS mount/unmount: Unmount selected active mount
+Like file filtering, metadata filtering only applies to files not to
+directories.
 .PP
-rclone allows Linux, FreeBSD, macOS and Windows to mount any of
-Rclone\[aq]s cloud storage systems as a file system with FUSE.
+The filters can be applied using these flags.
+.IP \[bu] 2
+\f[C]--metadata-include\f[R] - Include metadatas matching pattern
+.IP \[bu] 2
+\f[C]--metadata-include-from\f[R] - Read metadata include patterns from
+file (use - to read from stdin)
+.IP \[bu] 2
+\f[C]--metadata-exclude\f[R] - Exclude metadatas matching pattern
+.IP \[bu] 2
+\f[C]--metadata-exclude-from\f[R] - Read metadata exclude patterns from
+file (use - to read from stdin)
+.IP \[bu] 2
+\f[C]--metadata-filter\f[R] - Add a metadata filtering rule
+.IP \[bu] 2
+\f[C]--metadata-filter-from\f[R] - Read metadata filtering patterns from
+a file (use - to read from stdin)
 .PP
-This takes the following parameters:
+Each flag can be repeated.
+See the section on how filter rules are applied for more details - these
+flags work in an identical way to the file name filtering flags, but
+instead of file name patterns have metadata patterns.
+.SS Common pitfalls
+.PP
+The most frequent filter support issues on the rclone
+forum (https://forum.rclone.org/) are:
 .IP \[bu] 2
-mountPoint: valid path on the local machine where the mount was created
-(required)
+Not using paths relative to the root of the remote
+.IP \[bu] 2
+Not using \f[C]/\f[R] to match from the root of a remote
+.IP \[bu] 2
+Not using \f[C]**\f[R] to match the contents of a directory
+.SH GUI (Experimental)
 .PP
-Example:
+Rclone can serve a web based GUI (graphical user interface).
+This is somewhat experimental at the moment so things may be subject to
+change.
+.PP
+Run this command in a terminal and rclone will download and then display
+the GUI in a web browser.
 .IP
 .nf
 \f[C]
-rclone rc mount/unmount mountPoint=/home/<user>/mountPoint
+rclone rcd --rc-web-gui
 \f[R]
 .fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS mount/unmountall: Unmount all active mounts
-.PP
-rclone allows Linux, FreeBSD, macOS and Windows to mount any of
-Rclone\[aq]s cloud storage systems as a file system with FUSE.
-.PP
-This takes no parameters and returns error if unmount does not succeed.
-.PP
-Eg
+This will produce logs like this and rclone needs to continue to run to
+serve the GUI:
 .IP
 .nf
 \f[C]
-rclone rc mount/unmountall
+2019/08/25 11:40:14 NOTICE: A new release for gui is present at https://github.com/rclone/rclone-webui-react/releases/download/v0.0.6/currentbuild.zip
+2019/08/25 11:40:14 NOTICE: Downloading webgui binary. Please wait. [Size: 3813937, Path :  /home/USER/.cache/rclone/webgui/v0.0.6.zip]
+2019/08/25 11:40:16 NOTICE: Unzipping
+2019/08/25 11:40:16 NOTICE: Serving remote control on http://127.0.0.1:5572/
 \f[R]
 .fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/about: Return the space used on the remote
+This assumes you are running rclone locally on your machine.
+It is possible to separate the rclone and the GUI - see below for
+details.
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
+If you wish to check for updates then you can add
+\f[C]--rc-web-gui-update\f[R] to the command line.
 .PP
-The result is as returned from rclone about --json
+If you find your GUI broken, you may force it to update by add
+\f[C]--rc-web-gui-force-update\f[R].
 .PP
-See the about (https://rclone.org/commands/rclone_about/) command for
-more information on the above.
+By default, rclone will open your browser.
+Add \f[C]--rc-web-gui-no-open-browser\f[R] to disable this feature.
+.SS Using the GUI
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/cleanup: Remove trashed files in the remote or path
+Once the GUI opens, you will be looking at the dashboard which has an
+overall overview.
 .PP
-This takes the following parameters:
+On the left hand side you will see a series of view buttons you can
+click on:
 .IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.PP
-See the cleanup (https://rclone.org/commands/rclone_cleanup/) command
-for more information on the above.
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/copyfile: Copy a file from source remote to destination remote
-.PP
-This takes the following parameters:
+Dashboard - main overview
 .IP \[bu] 2
-srcFs - a remote name string e.g.
-\[dq]drive:\[dq] for the source
+Configs - examine and create new configurations
 .IP \[bu] 2
-srcRemote - a path within that remote e.g.
-\[dq]file.txt\[dq] for the source
+Explorer - view, download and upload files to the cloud storage systems
 .IP \[bu] 2
-dstFs - a remote name string e.g.
-\[dq]drive2:\[dq] for the destination
+Backend - view or alter the backend config
 .IP \[bu] 2
-dstRemote - a path within that remote e.g.
-\[dq]file2.txt\[dq] for the destination
+Log out
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/copyurl: Copy the URL to the object
+(More docs and walkthrough video to come!)
+.SS How it works
 .PP
-This takes the following parameters:
+When you run the \f[C]rclone rcd --rc-web-gui\f[R] this is what happens
 .IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
+Rclone starts but only runs the remote control API (\[dq]rc\[dq]).
 .IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
+The API is bound to localhost with an auto-generated username and
+password.
 .IP \[bu] 2
-url - string, URL to read from
+If the API bundle is missing then rclone will download it.
 .IP \[bu] 2
-autoFilename - boolean, set to true to retrieve destination file name
-from url
-.PP
-See the copyurl (https://rclone.org/commands/rclone_copyurl/) command
-for more information on the above.
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/delete: Remove files in the path
-.PP
-This takes the following parameters:
+rclone will start serving the files from the API bundle over the same
+port as the API
 .IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.PP
-See the delete (https://rclone.org/commands/rclone_delete/) command for
-more information on the above.
+rclone will open the browser with a \f[C]login_token\f[R] so it can log
+straight in.
+.SS Advanced use
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/deletefile: Remove the single file pointed to
+The \f[C]rclone rcd\f[R] may use any of the flags documented on the rc
+page (https://rclone.org/rc/#supported-parameters).
 .PP
-This takes the following parameters:
+The flag \f[C]--rc-web-gui\f[R] is shorthand for
 .IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
+Download the web GUI if necessary
 .IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
-.PP
-See the deletefile (https://rclone.org/commands/rclone_deletefile/)
-command for more information on the above.
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/fsinfo: Return information about the remote
-.PP
-This takes the following parameters:
+Check we are using some authentication
 .IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
+\f[C]--rc-user gui\f[R]
+.IP \[bu] 2
+\f[C]--rc-pass <random password>\f[R]
+.IP \[bu] 2
+\f[C]--rc-serve\f[R]
 .PP
-This returns info about the remote passed in;
-.IP
-.nf
-\f[C]
-{
-        // optional features and whether they are available or not
-        \[dq]Features\[dq]: {
-                \[dq]About\[dq]: true,
-                \[dq]BucketBased\[dq]: false,
-                \[dq]BucketBasedRootOK\[dq]: false,
-                \[dq]CanHaveEmptyDirectories\[dq]: true,
-                \[dq]CaseInsensitive\[dq]: false,
-                \[dq]ChangeNotify\[dq]: false,
-                \[dq]CleanUp\[dq]: false,
-                \[dq]Command\[dq]: true,
-                \[dq]Copy\[dq]: false,
-                \[dq]DirCacheFlush\[dq]: false,
-                \[dq]DirMove\[dq]: true,
-                \[dq]Disconnect\[dq]: false,
-                \[dq]DuplicateFiles\[dq]: false,
-                \[dq]GetTier\[dq]: false,
-                \[dq]IsLocal\[dq]: true,
-                \[dq]ListR\[dq]: false,
-                \[dq]MergeDirs\[dq]: false,
-                \[dq]MetadataInfo\[dq]: true,
-                \[dq]Move\[dq]: true,
-                \[dq]OpenWriterAt\[dq]: true,
-                \[dq]PublicLink\[dq]: false,
-                \[dq]Purge\[dq]: true,
-                \[dq]PutStream\[dq]: true,
-                \[dq]PutUnchecked\[dq]: false,
-                \[dq]ReadMetadata\[dq]: true,
-                \[dq]ReadMimeType\[dq]: false,
-                \[dq]ServerSideAcrossConfigs\[dq]: false,
-                \[dq]SetTier\[dq]: false,
-                \[dq]SetWrapper\[dq]: false,
-                \[dq]Shutdown\[dq]: false,
-                \[dq]SlowHash\[dq]: true,
-                \[dq]SlowModTime\[dq]: false,
-                \[dq]UnWrap\[dq]: false,
-                \[dq]UserInfo\[dq]: false,
-                \[dq]UserMetadata\[dq]: true,
-                \[dq]WrapFs\[dq]: false,
-                \[dq]WriteMetadata\[dq]: true,
-                \[dq]WriteMimeType\[dq]: false
-        },
-        // Names of hashes available
-        \[dq]Hashes\[dq]: [
-                \[dq]md5\[dq],
-                \[dq]sha1\[dq],
-                \[dq]whirlpool\[dq],
-                \[dq]crc32\[dq],
-                \[dq]sha256\[dq],
-                \[dq]dropbox\[dq],
-                \[dq]mailru\[dq],
-                \[dq]quickxor\[dq]
-        ],
-        \[dq]Name\[dq]: \[dq]local\[dq],        // Name as created
-        \[dq]Precision\[dq]: 1,         // Precision of timestamps in ns
-        \[dq]Root\[dq]: \[dq]/\[dq],            // Path as created
-        \[dq]String\[dq]: \[dq]Local file system at /\[dq], // how the remote will appear in logs
-        // Information about the system metadata for this backend
-        \[dq]MetadataInfo\[dq]: {
-                \[dq]System\[dq]: {
-                        \[dq]atime\[dq]: {
-                                \[dq]Help\[dq]: \[dq]Time of last access\[dq],
-                                \[dq]Type\[dq]: \[dq]RFC 3339\[dq],
-                                \[dq]Example\[dq]: \[dq]2006-01-02T15:04:05.999999999Z07:00\[dq]
-                        },
-                        \[dq]btime\[dq]: {
-                                \[dq]Help\[dq]: \[dq]Time of file birth (creation)\[dq],
-                                \[dq]Type\[dq]: \[dq]RFC 3339\[dq],
-                                \[dq]Example\[dq]: \[dq]2006-01-02T15:04:05.999999999Z07:00\[dq]
-                        },
-                        \[dq]gid\[dq]: {
-                                \[dq]Help\[dq]: \[dq]Group ID of owner\[dq],
-                                \[dq]Type\[dq]: \[dq]decimal number\[dq],
-                                \[dq]Example\[dq]: \[dq]500\[dq]
-                        },
-                        \[dq]mode\[dq]: {
-                                \[dq]Help\[dq]: \[dq]File type and mode\[dq],
-                                \[dq]Type\[dq]: \[dq]octal, unix style\[dq],
-                                \[dq]Example\[dq]: \[dq]0100664\[dq]
-                        },
-                        \[dq]mtime\[dq]: {
-                                \[dq]Help\[dq]: \[dq]Time of last modification\[dq],
-                                \[dq]Type\[dq]: \[dq]RFC 3339\[dq],
-                                \[dq]Example\[dq]: \[dq]2006-01-02T15:04:05.999999999Z07:00\[dq]
-                        },
-                        \[dq]rdev\[dq]: {
-                                \[dq]Help\[dq]: \[dq]Device ID (if special file)\[dq],
-                                \[dq]Type\[dq]: \[dq]hexadecimal\[dq],
-                                \[dq]Example\[dq]: \[dq]1abc\[dq]
-                        },
-                        \[dq]uid\[dq]: {
-                                \[dq]Help\[dq]: \[dq]User ID of owner\[dq],
-                                \[dq]Type\[dq]: \[dq]decimal number\[dq],
-                                \[dq]Example\[dq]: \[dq]500\[dq]
-                        }
-                },
-                \[dq]Help\[dq]: \[dq]Textual help string\[rs]n\[dq]
-        }
-}
-\f[R]
-.fi
+These flags can be overridden as desired.
 .PP
-This command does not have a command line equivalent so use this
-instead:
-.IP
-.nf
-\f[C]
-rclone rc --loopback operations/fsinfo fs=remote:
-\f[R]
-.fi
-.SS operations/list: List the given remote and path in JSON format
+See also the rclone rcd
+documentation (https://rclone.org/commands/rclone_rcd/).
+.SS Example: Running a public GUI
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
-.IP \[bu] 2
-opt - a dictionary of options to control the listing (optional)
-.RS 2
-.IP \[bu] 2
-recurse - If set recurse directories
-.IP \[bu] 2
-noModTime - If set return modification time
+For example the GUI could be served on a public port over SSL using an
+htpasswd file using the following flags:
 .IP \[bu] 2
-showEncrypted - If set show decrypted names
+\f[C]--rc-web-gui\f[R]
 .IP \[bu] 2
-showOrigIDs - If set show the IDs for each item if known
+\f[C]--rc-addr :443\f[R]
 .IP \[bu] 2
-showHash - If set return a dictionary of hashes
+\f[C]--rc-htpasswd /path/to/htpasswd\f[R]
 .IP \[bu] 2
-noMimeType - If set don\[aq]t show mime types
+\f[C]--rc-cert /path/to/ssl.crt\f[R]
 .IP \[bu] 2
-dirsOnly - If set only show directories
+\f[C]--rc-key /path/to/ssl.key\f[R]
+.SS Example: Running a GUI behind a proxy
+.PP
+If you want to run the GUI behind a proxy at \f[C]/rclone\f[R] you could
+use these flags:
 .IP \[bu] 2
-filesOnly - If set only show files
+\f[C]--rc-web-gui\f[R]
 .IP \[bu] 2
-metadata - If set return metadata of objects also
+\f[C]--rc-baseurl rclone\f[R]
 .IP \[bu] 2
-hashTypes - array of strings of hash types to show if showHash set
-.RE
+\f[C]--rc-htpasswd /path/to/htpasswd\f[R]
 .PP
-Returns:
+Or instead of htpasswd if you just want a single user and password:
 .IP \[bu] 2
-list
-.RS 2
+\f[C]--rc-user me\f[R]
 .IP \[bu] 2
-This is an array of objects as described in the lsjson command
-.RE
+\f[C]--rc-pass mypassword\f[R]
+.SS Project
 .PP
-See the lsjson (https://rclone.org/commands/rclone_lsjson/) command for
-more information on the above and examples.
+The GUI is being developed in the: rclone/rclone-webui-react
+repository (https://github.com/rclone/rclone-webui-react).
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/mkdir: Make a destination directory or container
+Bug reports and contributions are very welcome :-)
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
+If you have questions then please ask them on the rclone
+forum (https://forum.rclone.org/).
+.SH Remote controlling rclone with its API
 .PP
-See the mkdir (https://rclone.org/commands/rclone_mkdir/) command for
-more information on the above.
+If rclone is run with the \f[C]--rc\f[R] flag then it starts an HTTP
+server which can be used to remote control rclone using its API.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/movefile: Move a file from source remote to destination remote
+You can either use the rc command to access the API or use HTTP
+directly.
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-srcFs - a remote name string e.g.
-\[dq]drive:\[dq] for the source
-.IP \[bu] 2
-srcRemote - a path within that remote e.g.
-\[dq]file.txt\[dq] for the source
-.IP \[bu] 2
-dstFs - a remote name string e.g.
-\[dq]drive2:\[dq] for the destination
-.IP \[bu] 2
-dstRemote - a path within that remote e.g.
-\[dq]file2.txt\[dq] for the destination
+If you just want to run a remote control then see the
+rcd (https://rclone.org/commands/rclone_rcd/) command.
+.SS Supported parameters
+.SS --rc
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/publiclink: Create or retrieve a public link to the given file or folder.
+Flag to start the http server listen on remote requests
+.SS --rc-addr=IP
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
-.IP \[bu] 2
-unlink - boolean - if set removes the link rather than adding it
-(optional)
-.IP \[bu] 2
-expire - string - the expiry time of the link e.g.
-\[dq]1d\[dq] (optional)
+IPaddress:Port or :Port to bind server to.
+(default \[dq]localhost:5572\[dq])
+.SS --rc-cert=KEY
 .PP
-Returns:
-.IP \[bu] 2
-url - URL of the resource
+SSL PEM key (concatenation of certificate and CA certificate)
+.SS --rc-client-ca=PATH
 .PP
-See the link (https://rclone.org/commands/rclone_link/) command for more
-information on the above.
+Client certificate authority to verify clients with
+.SS --rc-htpasswd=PATH
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/purge: Remove a directory or container and all of its contents
+htpasswd file - if not provided no authentication is done
+.SS --rc-key=PATH
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
+SSL PEM Private key
+.SS --rc-max-header-bytes=VALUE
 .PP
-See the purge (https://rclone.org/commands/rclone_purge/) command for
-more information on the above.
+Maximum size of request header (default 4096)
+.SS --rc-min-tls-version=VALUE
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/rmdir: Remove an empty directory or container
+The minimum TLS version that is acceptable.
+Valid values are \[dq]tls1.0\[dq], \[dq]tls1.1\[dq], \[dq]tls1.2\[dq]
+and \[dq]tls1.3\[dq] (default \[dq]tls1.0\[dq]).
+.SS --rc-user=VALUE
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
+User name for authentication.
+.SS --rc-pass=VALUE
 .PP
-See the rmdir (https://rclone.org/commands/rclone_rmdir/) command for
-more information on the above.
+Password for authentication.
+.SS --rc-realm=VALUE
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/rmdirs: Remove all the empty directories in the path
+Realm for authentication (default \[dq]rclone\[dq])
+.SS --rc-server-read-timeout=DURATION
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
-.IP \[bu] 2
-leaveRoot - boolean, set to true not to delete the root
+Timeout for server reading data (default 1h0m0s)
+.SS --rc-server-write-timeout=DURATION
 .PP
-See the rmdirs (https://rclone.org/commands/rclone_rmdirs/) command for
-more information on the above.
+Timeout for server writing data (default 1h0m0s)
+.SS --rc-serve
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/size: Count the number of bytes and files in remote
+Enable the serving of remote objects via the HTTP interface.
+This means objects will be accessible at http://127.0.0.1:5572/ by
+default, so you can browse to http://127.0.0.1:5572/ or
+http://127.0.0.1:5572/* to see a listing of the remotes.
+Objects may be requested from remotes using this syntax
+http://127.0.0.1:5572/[remote:path]/path/to/object
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:path/to/dir\[dq]
+Default Off.
+.SS --rc-files /path/to/directory
 .PP
-Returns:
-.IP \[bu] 2
-count - number of files
-.IP \[bu] 2
-bytes - number of bytes in those files
+Path to local files to serve on the HTTP server.
 .PP
-See the size (https://rclone.org/commands/rclone_size/) command for more
-information on the above.
+If this is set then rclone will serve the files in that directory.
+It will also open the root in the web browser if specified.
+This is for implementing browser based GUIs for rclone functions.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/stat: Give information about the supplied file or directory
+If \f[C]--rc-user\f[R] or \f[C]--rc-pass\f[R] is set then the URL that
+is opened will have the authorization in the URL in the
+\f[C]http://user:pass\[at]localhost/\f[R] style.
 .PP
-This takes the following parameters
-.IP \[bu] 2
-fs - a remote name string eg \[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote eg \[dq]dir\[dq]
-.IP \[bu] 2
-opt - a dictionary of options to control the listing (optional)
-.RS 2
-.IP \[bu] 2
-see operations/list for the options
-.RE
+Default Off.
+.SS --rc-enable-metrics
 .PP
-The result is
-.IP \[bu] 2
-item - an object as described in the lsjson command.
-Will be null if not found.
+Enable OpenMetrics/Prometheus compatible endpoint at \f[C]/metrics\f[R].
 .PP
-Note that if you are only interested in files then it is much more
-efficient to set the filesOnly flag in the options.
+Default Off.
+.SS --rc-web-gui
 .PP
-See the lsjson (https://rclone.org/commands/rclone_lsjson/) command for
-more information on the above and examples.
+Set this flag to serve the default web gui on the same port as rclone.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS operations/uploadfile: Upload file using multiform/form-data
+Default Off.
+.SS --rc-allow-origin
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-fs - a remote name string e.g.
-\[dq]drive:\[dq]
-.IP \[bu] 2
-remote - a path within that remote e.g.
-\[dq]dir\[dq]
-.IP \[bu] 2
-each part in body represents a file to be uploaded
+Set the allowed Access-Control-Allow-Origin for rc requests.
 .PP
-See the uploadfile (https://rclone.org/commands/rclone_uploadfile/)
-command for more information on the above.
+Can be used with --rc-web-gui if the rclone is running on different IP
+than the web-gui.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS options/blocks: List all the option blocks
+Default is IP address on which rc is running.
+.SS --rc-web-fetch-url
 .PP
-Returns: - options - a list of the options block names
-.SS options/get: Get all the global options
+Set the URL to fetch the rclone-web-gui files from.
 .PP
-Returns an object where keys are option block names and values are an
-object with the current option values in.
+Default
+https://api.github.com/repos/rclone/rclone-webui-react/releases/latest.
+.SS --rc-web-gui-update
 .PP
-Note that these are the global options which are unaffected by use of
-the _config and _filter parameters.
-If you wish to read the parameters set in _config then use
-options/config and for _filter use options/filter.
+Set this flag to check and update rclone-webui-react from the
+rc-web-fetch-url.
 .PP
-This shows the internal names of the option within rclone which should
-map to the external options very easily with a few exceptions.
-.SS options/local: Get the currently active config for this call
+Default Off.
+.SS --rc-web-gui-force-update
 .PP
-Returns an object with the keys \[dq]config\[dq] and \[dq]filter\[dq].
-The \[dq]config\[dq] key contains the local config and the
-\[dq]filter\[dq] key contains the local filters.
+Set this flag to force update rclone-webui-react from the
+rc-web-fetch-url.
 .PP
-Note that these are the local options specific to this rc call.
-If _config was not supplied then they will be the global options.
-Likewise with \[dq]_filter\[dq].
+Default Off.
+.SS --rc-web-gui-no-open-browser
 .PP
-This call is mostly useful for seeing if _config and _filter passing is
-working.
+Set this flag to disable opening browser automatically when using
+web-gui.
 .PP
-This shows the internal names of the option within rclone which should
-map to the external options very easily with a few exceptions.
-.SS options/set: Set an option
+Default Off.
+.SS --rc-job-expire-duration=DURATION
 .PP
-Parameters:
-.IP \[bu] 2
-option block name containing an object with
-.RS 2
-.IP \[bu] 2
-key: value
-.RE
+Expire finished async jobs older than DURATION (default 60s).
+.SS --rc-job-expire-interval=DURATION
 .PP
-Repeated as often as required.
+Interval duration to check for expired async jobs (default 10s).
+.SS --rc-no-auth
 .PP
-Only supply the options you wish to change.
-If an option is unknown it will be silently ignored.
-Not all options will have an effect when changed like this.
+By default rclone will require authorisation to have been set up on the
+rc interface in order to use any methods which access any rclone
+remotes.
+Eg \f[C]operations/list\f[R] is denied as it involved creating a remote
+as is \f[C]sync/copy\f[R].
 .PP
-For example:
+If this is set then no authorisation will be required on the server to
+use these methods.
+The alternative is to use \f[C]--rc-user\f[R] and \f[C]--rc-pass\f[R]
+and use these credentials in the request.
 .PP
-This sets DEBUG level logs (-vv) (these can be set by number or string)
-.IP
-.nf
-\f[C]
-rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: \[dq]DEBUG\[dq]}}\[aq]
-rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: 8}}\[aq]
-\f[R]
-.fi
+Default Off.
+.SS --rc-baseurl
 .PP
-And this sets INFO level logs (-v)
+Prefix for URLs.
+.PP
+Default is root
+.SS --rc-template
+.PP
+User-specified template.
+.SS Accessing the remote control via the rclone rc command
+.PP
+Rclone itself implements the remote control protocol in its
+\f[C]rclone rc\f[R] command.
+.PP
+You can use it like this
 .IP
 .nf
 \f[C]
-rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: \[dq]INFO\[dq]}}\[aq]
+$ rclone rc rc/noop param1=one param2=two
+{
+    \[dq]param1\[dq]: \[dq]one\[dq],
+    \[dq]param2\[dq]: \[dq]two\[dq]
+}
 \f[R]
 .fi
 .PP
-And this sets NOTICE level logs (normal without -v)
+Run \f[C]rclone rc\f[R] on its own to see the help for the installed
+remote control commands.
+.SS JSON input
+.PP
+\f[C]rclone rc\f[R] also supports a \f[C]--json\f[R] flag which can be
+used to send more complicated input parameters.
 .IP
 .nf
 \f[C]
-rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: \[dq]NOTICE\[dq]}}\[aq]
+$ rclone rc --json \[aq]{ \[dq]p1\[dq]: [1,\[dq]2\[dq],null,4], \[dq]p2\[dq]: { \[dq]a\[dq]:1, \[dq]b\[dq]:2 } }\[aq] rc/noop
+{
+    \[dq]p1\[dq]: [
+        1,
+        \[dq]2\[dq],
+        null,
+        4
+    ],
+    \[dq]p2\[dq]: {
+        \[dq]a\[dq]: 1,
+        \[dq]b\[dq]: 2
+    }
+}
 \f[R]
 .fi
-.SS pluginsctl/addPlugin: Add a plugin using url
-.PP
-Used for adding a plugin to the webgui.
-.PP
-This takes the following parameters:
-.IP \[bu] 2
-url - http url of the github repo where the plugin is hosted
-(http://github.com/rclone/rclone-webui-react).
-.PP
-Example:
-.PP
-rclone rc pluginsctl/addPlugin
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS pluginsctl/getPluginsForType: Get plugins with type criteria
-.PP
-This shows all possible plugins by a mime type.
 .PP
-This takes the following parameters:
-.IP \[bu] 2
-type - supported mime type by a loaded plugin e.g.
-(video/mp4, audio/mp3).
-.IP \[bu] 2
-pluginType - filter plugins based on their type e.g.
-(DASHBOARD, FILE_HANDLER, TERMINAL).
-.PP
-Returns:
-.IP \[bu] 2
-loadedPlugins - list of current production plugins.
-.IP \[bu] 2
-testPlugins - list of temporarily loaded development plugins, usually
-running on a different server.
-.PP
-Example:
-.PP
-rclone rc pluginsctl/getPluginsForType type=video/mp4
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS pluginsctl/listPlugins: Get the list of currently loaded plugins
-.PP
-This allows you to get the currently enabled plugins and their details.
-.PP
-This takes no parameters and returns:
-.IP \[bu] 2
-loadedPlugins - list of current production plugins.
-.IP \[bu] 2
-testPlugins - list of temporarily loaded development plugins, usually
-running on a different server.
-.PP
-E.g.
-.PP
-rclone rc pluginsctl/listPlugins
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS pluginsctl/listTestPlugins: Show currently loaded test plugins
-.PP
-Allows listing of test plugins with the rclone.test set to true in
-package.json of the plugin.
-.PP
-This takes no parameters and returns:
-.IP \[bu] 2
-loadedTestPlugins - list of currently available test plugins.
-.PP
-E.g.
+If the parameter being passed is an object then it can be passed as a
+JSON string rather than using the \f[C]--json\f[R] flag which simplifies
+the command line.
 .IP
 .nf
 \f[C]
-rclone rc pluginsctl/listTestPlugins
+rclone rc operations/list fs=/tmp remote=test opt=\[aq]{\[dq]showHash\[dq]: true}\[aq]
 \f[R]
 .fi
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS pluginsctl/removePlugin: Remove a loaded plugin
-.PP
-This allows you to remove a plugin using it\[aq]s name.
-.PP
-This takes parameters:
-.IP \[bu] 2
-name - name of the plugin in the format
-\f[C]author\f[R]/\f[C]plugin_name\f[R].
-.PP
-E.g.
-.PP
-rclone rc pluginsctl/removePlugin name=rclone/video-plugin
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS pluginsctl/removeTestPlugin: Remove a test plugin
-.PP
-This allows you to remove a plugin using it\[aq]s name.
-.PP
-This takes the following parameters:
-.IP \[bu] 2
-name - name of the plugin in the format
-\f[C]author\f[R]/\f[C]plugin_name\f[R].
-.PP
-Example:
+Rather than
 .IP
 .nf
 \f[C]
-rclone rc pluginsctl/removeTestPlugin name=rclone/rclone-webui-react
+rclone rc operations/list --json \[aq]{\[dq]fs\[dq]: \[dq]/tmp\[dq], \[dq]remote\[dq]: \[dq]test\[dq], \[dq]opt\[dq]: {\[dq]showHash\[dq]: true}}\[aq]
 \f[R]
 .fi
+.SS Special parameters
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS rc/error: This returns an error
-.PP
-This returns an error with the input as part of its error string.
-Useful for testing error handling.
-.SS rc/list: List all the registered remote control commands
-.PP
-This lists all the registered remote control commands as a JSON map in
-the commands response.
-.SS rc/noop: Echo the input to the output parameters
-.PP
-This echoes the input parameters to the output parameters for testing
-purposes.
-It can be used to check that rclone is still alive and to check that
-parameter passing is working properly.
-.SS rc/noopauth: Echo the input to the output parameters requiring auth
-.PP
-This echoes the input parameters to the output parameters for testing
-purposes.
-It can be used to check that rclone is still alive and to check that
-parameter passing is working properly.
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS sync/bisync: Perform bidirectional synchronization between two paths.
-.PP
-This takes the following parameters
-.IP \[bu] 2
-path1 - a remote directory string e.g.
-\f[C]drive:path1\f[R]
-.IP \[bu] 2
-path2 - a remote directory string e.g.
-\f[C]drive:path2\f[R]
-.IP \[bu] 2
-dryRun - dry-run mode
-.IP \[bu] 2
-resync - performs the resync run
-.IP \[bu] 2
-checkAccess - abort if RCLONE_TEST files are not found on both
-filesystems
-.IP \[bu] 2
-checkFilename - file name for checkAccess (default: RCLONE_TEST)
-.IP \[bu] 2
-maxDelete - abort sync if percentage of deleted files is above this
-threshold (default: 50)
-.IP \[bu] 2
-force - maxDelete safety check and run the sync
-.IP \[bu] 2
-checkSync - \f[C]true\f[R] by default, \f[C]false\f[R] disables
-comparison of final listings, \f[C]only\f[R] will skip sync, only
-compare listings from the last run
-.IP \[bu] 2
-removeEmptyDirs - remove empty directories at the final cleanup step
-.IP \[bu] 2
-filtersFile - read filtering patterns from a file
-.IP \[bu] 2
-workdir - server directory for history files (default:
-/home/ncw/.cache/rclone/bisync)
-.IP \[bu] 2
-noCleanup - retain working files
-.PP
-See bisync command help (https://rclone.org/commands/rclone_bisync/) and
-full bisync description (https://rclone.org/bisync/) for more
-information.
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS sync/copy: copy a directory from source remote to destination remote
-.PP
-This takes the following parameters:
-.IP \[bu] 2
-srcFs - a remote name string e.g.
-\[dq]drive:src\[dq] for the source
-.IP \[bu] 2
-dstFs - a remote name string e.g.
-\[dq]drive:dst\[dq] for the destination
-.IP \[bu] 2
-createEmptySrcDirs - create empty src directories on destination if set
-.PP
-See the copy (https://rclone.org/commands/rclone_copy/) command for more
-information on the above.
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS sync/move: move a directory from source remote to destination remote
-.PP
-This takes the following parameters:
-.IP \[bu] 2
-srcFs - a remote name string e.g.
-\[dq]drive:src\[dq] for the source
-.IP \[bu] 2
-dstFs - a remote name string e.g.
-\[dq]drive:dst\[dq] for the destination
-.IP \[bu] 2
-createEmptySrcDirs - create empty src directories on destination if set
-.IP \[bu] 2
-deleteEmptySrcDirs - delete empty src directories if set
-.PP
-See the move (https://rclone.org/commands/rclone_move/) command for more
-information on the above.
-.PP
-\f[B]Authentication is required for this call.\f[R]
-.SS sync/sync: sync a directory from source remote to destination remote
-.PP
-This takes the following parameters:
-.IP \[bu] 2
-srcFs - a remote name string e.g.
-\[dq]drive:src\[dq] for the source
-.IP \[bu] 2
-dstFs - a remote name string e.g.
-\[dq]drive:dst\[dq] for the destination
-.IP \[bu] 2
-createEmptySrcDirs - create empty src directories on destination if set
+The rc interface supports some special parameters which apply to
+\f[B]all\f[R] commands.
+These start with \f[C]_\f[R] to show they are different.
+.SS Running asynchronous jobs with _async = true
 .PP
-See the sync (https://rclone.org/commands/rclone_sync/) command for more
-information on the above.
+Each rc call is classified as a job and it is assigned its own id.
+By default jobs are executed immediately as they are created or
+synchronously.
 .PP
-\f[B]Authentication is required for this call.\f[R]
-.SS vfs/forget: Forget files or directories in the directory cache.
+If \f[C]_async\f[R] has a true value when supplied to an rc call then it
+will return immediately with a job id and the task will be run in the
+background.
+The \f[C]job/status\f[R] call can be used to get information of the
+background job.
+The job can be queried for up to 1 minute after it has finished.
 .PP
-This forgets the paths in the directory cache causing them to be re-read
-from the remote when needed.
+It is recommended that potentially long running jobs, e.g.
+\f[C]sync/sync\f[R], \f[C]sync/copy\f[R], \f[C]sync/move\f[R],
+\f[C]operations/purge\f[R] are run with the \f[C]_async\f[R] flag to
+avoid any potential problems with the HTTP request and response timing
+out.
 .PP
-If no paths are passed in then it will forget all the paths in the
-directory cache.
+Starting a job with the \f[C]_async\f[R] flag:
 .IP
 .nf
 \f[C]
-rclone rc vfs/forget
+$ rclone rc --json \[aq]{ \[dq]p1\[dq]: [1,\[dq]2\[dq],null,4], \[dq]p2\[dq]: { \[dq]a\[dq]:1, \[dq]b\[dq]:2 }, \[dq]_async\[dq]: true }\[aq] rc/noop
+{
+    \[dq]jobid\[dq]: 2
+}
 \f[R]
 .fi
 .PP
-Otherwise pass files or dirs in as file=path or dir=path.
-Any parameter key starting with file will forget that file and any
-starting with dir will forget that dir, e.g.
+Query the status to see if the job has finished.
+For more information on the meaning of these return parameters see the
+\f[C]job/status\f[R] call.
 .IP
 .nf
 \f[C]
-rclone rc vfs/forget file=hello file2=goodbye dir=home/junk
+$ rclone rc --json \[aq]{ \[dq]jobid\[dq]:2 }\[aq] job/status
+{
+    \[dq]duration\[dq]: 0.000124163,
+    \[dq]endTime\[dq]: \[dq]2018-10-27T11:38:07.911245881+01:00\[dq],
+    \[dq]error\[dq]: \[dq]\[dq],
+    \[dq]finished\[dq]: true,
+    \[dq]id\[dq]: 2,
+    \[dq]output\[dq]: {
+        \[dq]_async\[dq]: true,
+        \[dq]p1\[dq]: [
+            1,
+            \[dq]2\[dq],
+            null,
+            4
+        ],
+        \[dq]p2\[dq]: {
+            \[dq]a\[dq]: 1,
+            \[dq]b\[dq]: 2
+        }
+    },
+    \[dq]startTime\[dq]: \[dq]2018-10-27T11:38:07.911121728+01:00\[dq],
+    \[dq]success\[dq]: true
+}
 \f[R]
 .fi
 .PP
-This command takes an \[dq]fs\[dq] parameter.
-If this parameter is not supplied and if there is only one VFS in use
-then that VFS will be used.
-If there is more than one VFS in use then the \[dq]fs\[dq] parameter
-must be supplied.
-.SS vfs/list: List active VFSes.
-.PP
-This lists the active VFSes.
-.PP
-It returns a list under the key \[dq]vfses\[dq] where the values are the
-VFS names that could be passed to the other VFS commands in the
-\[dq]fs\[dq] parameter.
-.SS vfs/poll-interval: Get the status or update the value of the poll-interval option.
-.PP
-Without any parameter given this returns the current status of the
-poll-interval setting.
-.PP
-When the interval=duration parameter is set, the poll-interval value is
-updated and the polling function is notified.
-Setting interval=0 disables poll-interval.
+\f[C]job/list\f[R] can be used to show the running or recently completed
+jobs
 .IP
 .nf
 \f[C]
-rclone rc vfs/poll-interval interval=5m
+$ rclone rc job/list
+{
+    \[dq]jobids\[dq]: [
+        2
+    ]
+}
 \f[R]
 .fi
+.SS Setting config flags with _config
 .PP
-The timeout=duration parameter can be used to specify a time to wait for
-the current poll function to apply the new value.
-If timeout is less or equal 0, which is the default, wait indefinitely.
-.PP
-The new poll-interval value will only be active when the timeout is not
-reached.
-.PP
-If poll-interval is updated or disabled temporarily, some changes might
-not get picked up by the polling function, depending on the used remote.
-.PP
-This command takes an \[dq]fs\[dq] parameter.
-If this parameter is not supplied and if there is only one VFS in use
-then that VFS will be used.
-If there is more than one VFS in use then the \[dq]fs\[dq] parameter
-must be supplied.
-.SS vfs/refresh: Refresh the directory cache.
+If you wish to set config (the equivalent of the global flags) for the
+duration of an rc call only then pass in the \f[C]_config\f[R]
+parameter.
 .PP
-This reads the directories for the specified paths and freshens the
-directory cache.
+This should be in the same format as the \f[C]config\f[R] key returned
+by options/get.
 .PP
-If no paths are passed in then it will refresh the root directory.
+For example, if you wished to run a sync with the \f[C]--checksum\f[R]
+parameter, you would pass this parameter in your JSON blob.
 .IP
 .nf
 \f[C]
-rclone rc vfs/refresh
+\[dq]_config\[dq]:{\[dq]CheckSum\[dq]: true}
 \f[R]
 .fi
 .PP
-Otherwise pass directories in as dir=path.
-Any parameter key starting with dir will refresh that directory, e.g.
+If using \f[C]rclone rc\f[R] this could be passed as
 .IP
 .nf
 \f[C]
-rclone rc vfs/refresh dir=home/junk dir2=data/misc
+rclone rc sync/sync ... _config=\[aq]{\[dq]CheckSum\[dq]: true}\[aq]
 \f[R]
 .fi
 .PP
-If the parameter recursive=true is given the whole directory tree will
-get refreshed.
-This refresh will use --fast-list if enabled.
-.PP
-This command takes an \[dq]fs\[dq] parameter.
-If this parameter is not supplied and if there is only one VFS in use
-then that VFS will be used.
-If there is more than one VFS in use then the \[dq]fs\[dq] parameter
-must be supplied.
-.SS vfs/stats: Stats for a VFS.
+Any config parameters you don\[aq]t set will inherit the global defaults
+which were set with command line flags or environment variables.
 .PP
-This returns stats for the selected VFS.
+Note that it is possible to set some values as strings or integers - see
+data types for more info.
+Here is an example setting the equivalent of \f[C]--buffer-size\f[R] in
+string or integer format.
 .IP
 .nf
 \f[C]
-{
-    // Status of the disk cache - only present if --vfs-cache-mode > off
-    \[dq]diskCache\[dq]: {
-        \[dq]bytesUsed\[dq]: 0,
-        \[dq]erroredFiles\[dq]: 0,
-        \[dq]files\[dq]: 0,
-        \[dq]hashType\[dq]: 1,
-        \[dq]outOfSpace\[dq]: false,
-        \[dq]path\[dq]: \[dq]/home/user/.cache/rclone/vfs/local/mnt/a\[dq],
-        \[dq]pathMeta\[dq]: \[dq]/home/user/.cache/rclone/vfsMeta/local/mnt/a\[dq],
-        \[dq]uploadsInProgress\[dq]: 0,
-        \[dq]uploadsQueued\[dq]: 0
-    },
-    \[dq]fs\[dq]: \[dq]/mnt/a\[dq],
-    \[dq]inUse\[dq]: 1,
-    // Status of the in memory metadata cache
-    \[dq]metadataCache\[dq]: {
-        \[dq]dirs\[dq]: 1,
-        \[dq]files\[dq]: 0
-    },
-    // Options as returned by options/get
-    \[dq]opt\[dq]: {
-        \[dq]CacheMaxAge\[dq]: 3600000000000,
-        // ...
-        \[dq]WriteWait\[dq]: 1000000000
-    }
-}
+\[dq]_config\[dq]:{\[dq]BufferSize\[dq]: \[dq]42M\[dq]}
+\[dq]_config\[dq]:{\[dq]BufferSize\[dq]: 44040192}
 \f[R]
 .fi
 .PP
-This command takes an \[dq]fs\[dq] parameter.
-If this parameter is not supplied and if there is only one VFS in use
-then that VFS will be used.
-If there is more than one VFS in use then the \[dq]fs\[dq] parameter
-must be supplied.
-.SS Accessing the remote control via HTTP
-.PP
-Rclone implements a simple HTTP based protocol.
-.PP
-Each endpoint takes an JSON object and returns a JSON object or an
-error.
-The JSON objects are essentially a map of string names to values.
-.PP
-All calls must made using POST.
+If you wish to check the \f[C]_config\f[R] assignment has worked
+properly then calling \f[C]options/local\f[R] will show what the value
+got set to.
+.SS Setting filter flags with _filter
 .PP
-The input objects can be supplied using URL parameters, POST parameters
-or by supplying \[dq]Content-Type: application/json\[dq] and a JSON blob
-in the body.
-There are examples of these below using \f[C]curl\f[R].
+If you wish to set filters for the duration of an rc call only then pass
+in the \f[C]_filter\f[R] parameter.
 .PP
-The response will be a JSON blob in the body of the response.
-This is formatted to be reasonably human-readable.
-.SS Error returns
+This should be in the same format as the \f[C]filter\f[R] key returned
+by options/get.
 .PP
-If an error occurs then there will be an HTTP error status (e.g.
-500) and the body of the response will contain a JSON encoded error
-object, e.g.
+For example, if you wished to run a sync with these flags
 .IP
 .nf
 \f[C]
-{
-    \[dq]error\[dq]: \[dq]Expecting string value for key \[rs]\[dq]remote\[rs]\[dq] (was float64)\[dq],
-    \[dq]input\[dq]: {
-        \[dq]fs\[dq]: \[dq]/tmp\[dq],
-        \[dq]remote\[dq]: 3
-    },
-    \[dq]status\[dq]: 400
-    \[dq]path\[dq]: \[dq]operations/rmdir\[dq],
-}
+--max-size 1M --max-age 42s --include \[dq]a\[dq] --include \[dq]b\[dq]
 \f[R]
 .fi
 .PP
-The keys in the error response are - error - error string - input - the
-input parameters to the call - status - the HTTP status code - path -
-the path of the call
-.SS CORS
-.PP
-The sever implements basic CORS support and allows all origins for that.
-The response to a preflight OPTIONS request will echo the requested
-\[dq]Access-Control-Request-Headers\[dq] back.
-.SS Using POST with URL parameters only
+you would pass this parameter in your JSON blob.
 .IP
 .nf
 \f[C]
-curl -X POST \[aq]http://localhost:5572/rc/noop?potato=1&sausage=2\[aq]
+\[dq]_filter\[dq]:{\[dq]MaxSize\[dq]:\[dq]1M\[dq], \[dq]IncludeRule\[dq]:[\[dq]a\[dq],\[dq]b\[dq]], \[dq]MaxAge\[dq]:\[dq]42s\[dq]}
 \f[R]
 .fi
 .PP
-Response
+If using \f[C]rclone rc\f[R] this could be passed as
 .IP
 .nf
 \f[C]
-{
-    \[dq]potato\[dq]: \[dq]1\[dq],
-    \[dq]sausage\[dq]: \[dq]2\[dq]
-}
+rclone rc ... _filter=\[aq]{\[dq]MaxSize\[dq]:\[dq]1M\[dq], \[dq]IncludeRule\[dq]:[\[dq]a\[dq],\[dq]b\[dq]], \[dq]MaxAge\[dq]:\[dq]42s\[dq]}\[aq]
 \f[R]
 .fi
 .PP
-Here is what an error response looks like:
+Any filter parameters you don\[aq]t set will inherit the global defaults
+which were set with command line flags or environment variables.
+.PP
+Note that it is possible to set some values as strings or integers - see
+data types for more info.
+Here is an example setting the equivalent of \f[C]--buffer-size\f[R] in
+string or integer format.
 .IP
 .nf
 \f[C]
-curl -X POST \[aq]http://localhost:5572/rc/error?potato=1&sausage=2\[aq]
+\[dq]_filter\[dq]:{\[dq]MinSize\[dq]: \[dq]42M\[dq]}
+\[dq]_filter\[dq]:{\[dq]MinSize\[dq]: 44040192}
 \f[R]
 .fi
+.PP
+If you wish to check the \f[C]_filter\f[R] assignment has worked
+properly then calling \f[C]options/local\f[R] will show what the value
+got set to.
+.SS Assigning operations to groups with _group = value
+.PP
+Each rc call has its own stats group for tracking its metrics.
+By default grouping is done by the composite group name from prefix
+\f[C]job/\f[R] and id of the job like so \f[C]job/1\f[R].
+.PP
+If \f[C]_group\f[R] has a value then stats for that request will be
+grouped under that value.
+This allows caller to group stats under their own name.
+.PP
+Stats for specific group can be accessed by passing \f[C]group\f[R] to
+\f[C]core/stats\f[R]:
 .IP
 .nf
 \f[C]
+$ rclone rc --json \[aq]{ \[dq]group\[dq]: \[dq]job/1\[dq] }\[aq] core/stats
 {
-    \[dq]error\[dq]: \[dq]arbitrary error on input map[potato:1 sausage:2]\[dq],
-    \[dq]input\[dq]: {
-        \[dq]potato\[dq]: \[dq]1\[dq],
-        \[dq]sausage\[dq]: \[dq]2\[dq]
-    }
+    \[dq]speed\[dq]: 12345
+    ...
 }
 \f[R]
 .fi
+.SS Data types
 .PP
-Note that curl doesn\[aq]t return errors to the shell unless you use the
-\f[C]-f\f[R] option
-.IP
-.nf
-\f[C]
-$ curl -f -X POST \[aq]http://localhost:5572/rc/error?potato=1&sausage=2\[aq]
-curl: (22) The requested URL returned error: 400 Bad Request
-$ echo $?
-22
-\f[R]
-.fi
-.SS Using POST with a form
-.IP
-.nf
-\f[C]
-curl --data \[dq]potato=1\[dq] --data \[dq]sausage=2\[dq] http://localhost:5572/rc/noop
-\f[R]
-.fi
+When the API returns types, these will mostly be straight forward
+integer, string or boolean types.
 .PP
-Response
+However some of the types returned by the options/get call and taken by
+the options/set calls as well as the \f[C]vfsOpt\f[R],
+\f[C]mountOpt\f[R] and the \f[C]_config\f[R] parameters.
+.IP \[bu] 2
+\f[C]Duration\f[R] - these are returned as an integer duration in
+nanoseconds.
+They may be set as an integer, or they may be set with time string, eg
+\[dq]5s\[dq].
+See the options section (https://rclone.org/docs/#options) for more
+info.
+.IP \[bu] 2
+\f[C]Size\f[R] - these are returned as an integer number of bytes.
+They may be set as an integer or they may be set with a size suffix
+string, eg \[dq]10M\[dq].
+See the options section (https://rclone.org/docs/#options) for more
+info.
+.IP \[bu] 2
+Enumerated type (such as \f[C]CutoffMode\f[R], \f[C]DumpFlags\f[R],
+\f[C]LogLevel\f[R], \f[C]VfsCacheMode\f[R] - these will be returned as
+an integer and may be set as an integer but more conveniently they can
+be set as a string, eg \[dq]HARD\[dq] for \f[C]CutoffMode\f[R] or
+\f[C]DEBUG\f[R] for \f[C]LogLevel\f[R].
+.IP \[bu] 2
+\f[C]BandwidthSpec\f[R] - this will be set and returned as a string, eg
+\[dq]1M\[dq].
+.SS Specifying remotes to work on
+.PP
+Remotes are specified with the \f[C]fs=\f[R], \f[C]srcFs=\f[R],
+\f[C]dstFs=\f[R] parameters depending on the command being used.
+.PP
+The parameters can be a string as per the rest of rclone, eg
+\f[C]s3:bucket/path\f[R] or \f[C]:sftp:/my/dir\f[R].
+They can also be specified as JSON blobs.
+.PP
+If specifying a JSON blob it should be a object mapping strings to
+strings.
+These values will be used to configure the remote.
+There are 3 special values which may be set:
+.IP \[bu] 2
+\f[C]type\f[R] - set to \f[C]type\f[R] to specify a remote called
+\f[C]:type:\f[R]
+.IP \[bu] 2
+\f[C]_name\f[R] - set to \f[C]name\f[R] to specify a remote called
+\f[C]name:\f[R]
+.IP \[bu] 2
+\f[C]_root\f[R] - sets the root of the remote - may be empty
+.PP
+One of \f[C]_name\f[R] or \f[C]type\f[R] should normally be set.
+If the \f[C]local\f[R] backend is desired then \f[C]type\f[R] should be
+set to \f[C]local\f[R].
+If \f[C]_root\f[R] isn\[aq]t specified then it defaults to the root of
+the remote.
+.PP
+For example this JSON is equivalent to \f[C]remote:/tmp\f[R]
 .IP
 .nf
 \f[C]
 {
-    \[dq]potato\[dq]: \[dq]1\[dq],
-    \[dq]sausage\[dq]: \[dq]2\[dq]
+    \[dq]_name\[dq]: \[dq]remote\[dq],
+    \[dq]_path\[dq]: \[dq]/tmp\[dq]
 }
 \f[R]
 .fi
 .PP
-Note that you can combine these with URL parameters too with the POST
-parameters taking precedence.
+And this is equivalent to
+\f[C]:sftp,host=\[aq]example.com\[aq]:/tmp\f[R]
 .IP
 .nf
 \f[C]
-curl --data \[dq]potato=1\[dq] --data \[dq]sausage=2\[dq] \[dq]http://localhost:5572/rc/noop?rutabaga=3&sausage=4\[dq]
+{
+    \[dq]type\[dq]: \[dq]sftp\[dq],
+    \[dq]host\[dq]: \[dq]example.com\[dq],
+    \[dq]_path\[dq]: \[dq]/tmp\[dq]
+}
 \f[R]
 .fi
 .PP
-Response
+And this is equivalent to \f[C]/tmp/dir\f[R]
 .IP
 .nf
 \f[C]
 {
-    \[dq]potato\[dq]: \[dq]1\[dq],
-    \[dq]rutabaga\[dq]: \[dq]3\[dq],
-    \[dq]sausage\[dq]: \[dq]4\[dq]
+    type = \[dq]local\[dq],
+    _ path = \[dq]/tmp/dir\[dq]
 }
 \f[R]
 .fi
-.SS Using POST with a JSON blob
+.SS Supported commands
+.SS backend/command: Runs a backend command.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+command - a string with the command name
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+arg - a list of arguments for the backend command
+.IP \[bu] 2
+opt - a map of string to string of options
+.PP
+Returns:
+.IP \[bu] 2
+result - result from the backend command
+.PP
+Example:
 .IP
 .nf
 \f[C]
-curl -H \[dq]Content-Type: application/json\[dq] -X POST -d \[aq]{\[dq]potato\[dq]:2,\[dq]sausage\[dq]:1}\[aq] http://localhost:5572/rc/noop
+rclone rc backend/command command=noop fs=. -o echo=yes -o blue -a path1 -a path2
 \f[R]
 .fi
 .PP
-response
+Returns
 .IP
 .nf
 \f[C]
 {
-    \[dq]password\[dq]: \[dq]xyz\[dq],
-    \[dq]username\[dq]: \[dq]xyz\[dq]
+    \[dq]result\[dq]: {
+        \[dq]arg\[dq]: [
+            \[dq]path1\[dq],
+            \[dq]path2\[dq]
+        ],
+        \[dq]name\[dq]: \[dq]noop\[dq],
+        \[dq]opt\[dq]: {
+            \[dq]blue\[dq]: \[dq]\[dq],
+            \[dq]echo\[dq]: \[dq]yes\[dq]
+        }
+    }
 }
 \f[R]
 .fi
 .PP
-This can be combined with URL parameters too if required.
-The JSON blob takes precedence.
+Note that this is the direct equivalent of using this \[dq]backend\[dq]
+command:
 .IP
 .nf
 \f[C]
-curl -H \[dq]Content-Type: application/json\[dq] -X POST -d \[aq]{\[dq]potato\[dq]:2,\[dq]sausage\[dq]:1}\[aq] \[aq]http://localhost:5572/rc/noop?rutabaga=3&potato=4\[aq]
+rclone backend noop . -o echo=yes -o blue path1 path2
 \f[R]
 .fi
+.PP
+Note that arguments must be preceded by the \[dq]-a\[dq] flag
+.PP
+See the backend (https://rclone.org/commands/rclone_backend/) command
+for more information.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS cache/expire: Purge a remote from cache
+.PP
+Purge a remote from the cache backend.
+Supports either a directory or a file.
+Params: - remote = path to remote (required) - withData = true/false to
+delete cached data (chunks) as well (optional)
+.PP
+Eg
 .IP
 .nf
 \f[C]
-{
-    \[dq]potato\[dq]: 2,
-    \[dq]rutabaga\[dq]: \[dq]3\[dq],
-    \[dq]sausage\[dq]: 1
-}
+rclone rc cache/expire remote=path/to/sub/folder/
+rclone rc cache/expire remote=/ withData=true
 \f[R]
 .fi
-.SS Debugging rclone with pprof
+.SS cache/fetch: Fetch file chunks
 .PP
-If you use the \f[C]--rc\f[R] flag this will also enable the use of the
-go profiling tools on the same port.
+Ensure the specified file chunks are cached on disk.
 .PP
-To use these, first install go (https://golang.org/doc/install).
-.SS Debugging memory use
+The chunks= parameter specifies the file chunks to check.
+It takes a comma separated list of array slice indices.
+The slice indices are similar to Python slices: start[:end]
 .PP
-To profile rclone\[aq]s memory use you can run:
+start is the 0 based chunk number from the beginning of the file to
+fetch inclusive.
+end is 0 based chunk number from the beginning of the file to fetch
+exclusive.
+Both values can be negative, in which case they count from the back of
+the file.
+The value \[dq]-5:\[dq] represents the last 5 chunks of a file.
+.PP
+Some valid examples are: \[dq]:5,-5:\[dq] -> the first and last five
+chunks \[dq]0,-2\[dq] -> the first and the second last chunk
+\[dq]0:10\[dq] -> the first ten chunks
+.PP
+Any parameter with a key that starts with \[dq]file\[dq] can be used to
+specify files to fetch, e.g.
 .IP
 .nf
 \f[C]
-go tool pprof -web http://localhost:5572/debug/pprof/heap
+rclone rc cache/fetch chunks=0 file=hello file2=home/goodbye
 \f[R]
 .fi
 .PP
-This should open a page in your browser showing what is using what
-memory.
+File names will automatically be encrypted when the a crypt remote is
+used on top of the cache.
+.SS cache/stats: Get cache stats
 .PP
-You can also use the \f[C]-text\f[R] flag to produce a textual summary
+Show statistics for the cache remote.
+.SS config/create: create the config for a remote.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+name - name of remote
+.IP \[bu] 2
+parameters - a map of { \[dq]key\[dq]: \[dq]value\[dq] } pairs
+.IP \[bu] 2
+type - type of the new remote
+.IP \[bu] 2
+opt - a dictionary of options to control the configuration
+.RS 2
+.IP \[bu] 2
+obscure - declare passwords are plain and need obscuring
+.IP \[bu] 2
+noObscure - declare passwords are already obscured and don\[aq]t need
+obscuring
+.IP \[bu] 2
+nonInteractive - don\[aq]t interact with a user, return questions
+.IP \[bu] 2
+continue - continue the config process with an answer
+.IP \[bu] 2
+all - ask all the config questions not just the post config ones
+.IP \[bu] 2
+state - state to restart with - used with continue
+.IP \[bu] 2
+result - result to restart with - used with continue
+.RE
+.PP
+See the config
+create (https://rclone.org/commands/rclone_config_create/) command for
+more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/delete: Delete a remote in the config file.
+.PP
+Parameters:
+.IP \[bu] 2
+name - name of remote to delete
+.PP
+See the config
+delete (https://rclone.org/commands/rclone_config_delete/) command for
+more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/dump: Dumps the config file.
+.PP
+Returns a JSON object: - key: value
+.PP
+Where keys are remote names and values are the config parameters.
+.PP
+See the config dump (https://rclone.org/commands/rclone_config_dump/)
+command for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/get: Get a remote in the config file.
+.PP
+Parameters:
+.IP \[bu] 2
+name - name of remote to get
+.PP
+See the config dump (https://rclone.org/commands/rclone_config_dump/)
+command for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/listremotes: Lists the remotes in the config file and defined in environment variables.
+.PP
+Returns - remotes - array of remote names
+.PP
+See the listremotes (https://rclone.org/commands/rclone_listremotes/)
+command for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/password: password the config for a remote.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+name - name of remote
+.IP \[bu] 2
+parameters - a map of { \[dq]key\[dq]: \[dq]value\[dq] } pairs
+.PP
+See the config
+password (https://rclone.org/commands/rclone_config_password/) command
+for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/providers: Shows how providers are configured in the config file.
+.PP
+Returns a JSON object: - providers - array of objects
+.PP
+See the config
+providers (https://rclone.org/commands/rclone_config_providers/) command
+for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/setpath: Set the path of the config file
+.PP
+Parameters:
+.IP \[bu] 2
+path - path to the config file to use
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS config/update: update the config for a remote.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+name - name of remote
+.IP \[bu] 2
+parameters - a map of { \[dq]key\[dq]: \[dq]value\[dq] } pairs
+.IP \[bu] 2
+opt - a dictionary of options to control the configuration
+.RS 2
+.IP \[bu] 2
+obscure - declare passwords are plain and need obscuring
+.IP \[bu] 2
+noObscure - declare passwords are already obscured and don\[aq]t need
+obscuring
+.IP \[bu] 2
+nonInteractive - don\[aq]t interact with a user, return questions
+.IP \[bu] 2
+continue - continue the config process with an answer
+.IP \[bu] 2
+all - ask all the config questions not just the post config ones
+.IP \[bu] 2
+state - state to restart with - used with continue
+.IP \[bu] 2
+result - result to restart with - used with continue
+.RE
+.PP
+See the config
+update (https://rclone.org/commands/rclone_config_update/) command for
+more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS core/bwlimit: Set the bandwidth limit.
+.PP
+This sets the bandwidth limit to the string passed in.
+This should be a single bandwidth limit entry or a pair of
+upload:download bandwidth.
+.PP
+Eg
 .IP
 .nf
 \f[C]
-$ go tool pprof -text http://localhost:5572/debug/pprof/heap
-Showing nodes accounting for 1537.03kB, 100% of 1537.03kB total
-      flat  flat%   sum%        cum   cum%
- 1024.03kB 66.62% 66.62%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.addDecoderNode
-     513kB 33.38%   100%      513kB 33.38%  net/http.newBufioWriterSize
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/all.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve/restic.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init
-         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init.0
-         0     0%   100%  1024.03kB 66.62%  main.init
-         0     0%   100%      513kB 33.38%  net/http.(*conn).readRequest
-         0     0%   100%      513kB 33.38%  net/http.(*conn).serve
-         0     0%   100%  1024.03kB 66.62%  runtime.main
+rclone rc core/bwlimit rate=off
+{
+    \[dq]bytesPerSecond\[dq]: -1,
+    \[dq]bytesPerSecondTx\[dq]: -1,
+    \[dq]bytesPerSecondRx\[dq]: -1,
+    \[dq]rate\[dq]: \[dq]off\[dq]
+}
+rclone rc core/bwlimit rate=1M
+{
+    \[dq]bytesPerSecond\[dq]: 1048576,
+    \[dq]bytesPerSecondTx\[dq]: 1048576,
+    \[dq]bytesPerSecondRx\[dq]: 1048576,
+    \[dq]rate\[dq]: \[dq]1M\[dq]
+}
+rclone rc core/bwlimit rate=1M:100k
+{
+    \[dq]bytesPerSecond\[dq]: 1048576,
+    \[dq]bytesPerSecondTx\[dq]: 1048576,
+    \[dq]bytesPerSecondRx\[dq]: 131072,
+    \[dq]rate\[dq]: \[dq]1M\[dq]
+}
 \f[R]
 .fi
-.SS Debugging go routine leaks
-.PP
-Memory leaks are most often caused by go routine leaks keeping memory
-alive which should have been garbage collected.
 .PP
-See all active go routines using
+If the rate parameter is not supplied then the bandwidth is queried
 .IP
 .nf
 \f[C]
-curl http://localhost:5572/debug/pprof/goroutine?debug=1
+rclone rc core/bwlimit
+{
+    \[dq]bytesPerSecond\[dq]: 1048576,
+    \[dq]bytesPerSecondTx\[dq]: 1048576,
+    \[dq]bytesPerSecondRx\[dq]: 1048576,
+    \[dq]rate\[dq]: \[dq]1M\[dq]
+}
 \f[R]
 .fi
 .PP
-Or go to http://localhost:5572/debug/pprof/goroutine?debug=1 in your
-browser.
-.SS Other profiles to look at
+The format of the parameter is exactly the same as passed to --bwlimit
+except only one bandwidth may be specified.
 .PP
-You can see a summary of profiles available at
-http://localhost:5572/debug/pprof/
+In either case \[dq]rate\[dq] is returned as a human-readable string,
+and \[dq]bytesPerSecond\[dq] is returned as a number.
+.SS core/command: Run a rclone terminal command over rc.
 .PP
-Here is how to use some of them:
-.IP \[bu] 2
-Memory: \f[C]go tool pprof http://localhost:5572/debug/pprof/heap\f[R]
+This takes the following parameters:
 .IP \[bu] 2
-Go routines:
-\f[C]curl http://localhost:5572/debug/pprof/goroutine?debug=1\f[R]
+command - a string with the command name.
 .IP \[bu] 2
-30-second CPU profile:
-\f[C]go tool pprof http://localhost:5572/debug/pprof/profile\f[R]
+arg - a list of arguments for the backend command.
 .IP \[bu] 2
-5-second execution trace:
-\f[C]wget http://localhost:5572/debug/pprof/trace?seconds=5\f[R]
+opt - a map of string to string of options.
 .IP \[bu] 2
-Goroutine blocking profile
+returnType - one of (\[dq]COMBINED_OUTPUT\[dq], \[dq]STREAM\[dq],
+\[dq]STREAM_ONLY_STDOUT\[dq], \[dq]STREAM_ONLY_STDERR\[dq]).
 .RS 2
 .IP \[bu] 2
-Enable first with:
-\f[C]rclone rc debug/set-block-profile-rate rate=1\f[R] (docs)
+Defaults to \[dq]COMBINED_OUTPUT\[dq] if not set.
 .IP \[bu] 2
-\f[C]go tool pprof http://localhost:5572/debug/pprof/block\f[R]
+The STREAM returnTypes will write the output to the body of the HTTP
+message.
+.IP \[bu] 2
+The COMBINED_OUTPUT will write the output to the \[dq]result\[dq]
+parameter.
 .RE
+.PP
+Returns:
 .IP \[bu] 2
-Contended mutexes:
+result - result from the backend command.
 .RS 2
 .IP \[bu] 2
-Enable first with:
-\f[C]rclone rc debug/set-mutex-profile-fraction rate=1\f[R] (docs)
-.IP \[bu] 2
-\f[C]go tool pprof http://localhost:5572/debug/pprof/mutex\f[R]
+Only set when using returnType \[dq]COMBINED_OUTPUT\[dq].
 .RE
+.IP \[bu] 2
+error - set if rclone exits with an error code.
+.IP \[bu] 2
+returnType - one of (\[dq]COMBINED_OUTPUT\[dq], \[dq]STREAM\[dq],
+\[dq]STREAM_ONLY_STDOUT\[dq], \[dq]STREAM_ONLY_STDERR\[dq]).
 .PP
-See the net/http/pprof docs (https://golang.org/pkg/net/http/pprof/) for
-more info on how to use the profiling and for a general overview see the
-Go team\[aq]s blog post on profiling go
-programs (https://blog.golang.org/profiling-go-programs).
+Example:
+.IP
+.nf
+\f[C]
+rclone rc core/command command=ls -a mydrive:/ -o max-depth=1
+rclone rc core/command -a ls -a mydrive:/ -o max-depth=1
+\f[R]
+.fi
 .PP
-The profiling hook is zero overhead unless it is
-used (https://stackoverflow.com/q/26545159/164234).
-.SH Overview of cloud storage systems
+Returns:
+.IP
+.nf
+\f[C]
+{
+    \[dq]error\[dq]: false,
+    \[dq]result\[dq]: \[dq]<Raw command line output>\[dq]
+}
+
+OR
+{
+    \[dq]error\[dq]: true,
+    \[dq]result\[dq]: \[dq]<Raw command line output>\[dq]
+}
+\f[R]
+.fi
 .PP
-Each cloud storage system is slightly different.
-Rclone attempts to provide a unified interface to them, but some
-underlying differences show through.
-.SS Features
+\f[B]Authentication is required for this call.\f[R]
+.SS core/du: Returns disk usage of a locally attached disk.
 .PP
-Here is an overview of the major features of each cloud storage system.
+This returns the disk usage for the local directory passed in as dir.
 .PP
-.TS
-tab(@);
-l c c c c c c.
-T{
-Name
-T}@T{
-Hash
-T}@T{
-ModTime
-T}@T{
-Case Insensitive
-T}@T{
-Duplicate Files
-T}@T{
-MIME Type
-T}@T{
-Metadata
-T}
-_
-T{
-1Fichier
-T}@T{
-Whirlpool
-T}@T{
--
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-R
-T}@T{
--
-T}
-T{
-Akamai Netstorage
-T}@T{
-MD5, SHA256
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R
-T}@T{
--
-T}
-T{
-Amazon Drive
-T}@T{
-MD5
-T}@T{
--
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-R
-T}@T{
--
-T}
-T{
-Amazon S3 (or S3 compatible)
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
-RWU
-T}
-T{
-Backblaze B2
-T}@T{
-SHA1
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-Box
-T}@T{
-SHA1
-T}@T{
-R/W
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Citrix ShareFile
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Dropbox
-T}@T{
-DBHASH \[S1]
-T}@T{
-R
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Enterprise File Fabric
-T}@T{
--
-T}@T{
-R/W
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-FTP
-T}@T{
--
-T}@T{
-R/W \[S1]\[u2070]
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Google Cloud Storage
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-Google Drive
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-Google Photos
-T}@T{
--
-T}@T{
--
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-R
-T}@T{
--
-T}
-T{
-HDFS
-T}@T{
--
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-HiDrive
-T}@T{
-HiDrive \[S1]\[S2]
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-HTTP
-T}@T{
--
-T}@T{
-R
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R
-T}@T{
--
-T}
-T{
-Internet Archive
-T}@T{
-MD5, SHA1, CRC32
-T}@T{
-R/W \[S1]\[S1]
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
-RWU
-T}
-T{
-Jottacloud
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-R
-T}@T{
--
-T}
-T{
-Koofr
-T}@T{
-MD5
-T}@T{
--
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Mail.ru Cloud
-T}@T{
-Mailru \[u2076]
-T}@T{
-R/W
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Mega
-T}@T{
--
-T}@T{
--
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
--
-T}@T{
--
-T}
-T{
-Memory
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Microsoft Azure Blob Storage
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-Microsoft OneDrive
-T}@T{
-QuickXorHash \[u2075]
-T}@T{
-R/W
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-R
-T}@T{
--
-T}
-T{
-OpenDrive
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-Yes
-T}@T{
-Partial \[u2078]
-T}@T{
--
-T}@T{
--
-T}
-T{
-OpenStack Swift
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-Oracle Object Storage
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-pCloud
-T}@T{
-MD5, SHA1 \[u2077]
-T}@T{
-R
-T}@T{
-No
-T}@T{
-No
-T}@T{
-W
-T}@T{
--
-T}
-T{
-premiumize.me
-T}@T{
--
-T}@T{
--
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-R
-T}@T{
--
-T}
-T{
-put.io
-T}@T{
-CRC-32
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-R
-T}@T{
--
-T}
-T{
-QingStor
-T}@T{
-MD5
-T}@T{
-- \[u2079]
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R/W
-T}@T{
--
-T}
-T{
-Seafile
-T}@T{
--
-T}@T{
--
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-SFTP
-T}@T{
-MD5, SHA1 \[S2]
-T}@T{
-R/W
-T}@T{
-Depends
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Sia
-T}@T{
--
-T}@T{
--
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-SMB
-T}@T{
--
-T}@T{
--
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-SugarSync
-T}@T{
--
-T}@T{
--
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Storj
-T}@T{
--
-T}@T{
-R
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Uptobox
-T}@T{
--
-T}@T{
--
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
--
-T}@T{
--
-T}
-T{
-WebDAV
-T}@T{
-MD5, SHA1 \[S3]
-T}@T{
-R \[u2074]
-T}@T{
-Depends
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-Yandex Disk
-T}@T{
-MD5
-T}@T{
-R/W
-T}@T{
-No
-T}@T{
-No
-T}@T{
-R
-T}@T{
--
-T}
-T{
-Zoho WorkDrive
-T}@T{
--
-T}@T{
--
-T}@T{
-No
-T}@T{
-No
-T}@T{
--
-T}@T{
--
-T}
-T{
-The local filesystem
-T}@T{
-All
-T}@T{
-R/W
-T}@T{
-Depends
-T}@T{
-No
-T}@T{
--
-T}@T{
-RWU
-T}
-.TE
-.SS Notes
-.PP
-\[S1] Dropbox supports its own custom
-hash (https://www.dropbox.com/developers/reference/content-hash).
-This is an SHA256 sum of all the 4 MiB block SHA256s.
-.PP
-\[S2] SFTP supports checksums if the same login has shell access and
-\f[C]md5sum\f[R] or \f[C]sha1sum\f[R] as well as \f[C]echo\f[R] are in
-the remote\[aq]s PATH.
-.PP
-\[S3] WebDAV supports hashes when used with Owncloud and Nextcloud only.
-.PP
-\[u2074] WebDAV supports modtimes when used with Owncloud and Nextcloud
-only.
-.PP
-\[u2075]
-QuickXorHash (https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash)
-is Microsoft\[aq]s own hash.
-.PP
-\[u2076] Mail.ru uses its own modified SHA1 hash
-.PP
-\[u2077] pCloud only supports SHA1 (not MD5) in its EU region
-.PP
-\[u2078] Opendrive does not support creation of duplicate files using
-their web client interface or other stock clients, but the underlying
-storage platform has been determined to allow duplicate files, and it is
-possible to create them with \f[C]rclone\f[R].
-It may be that this is a mistake or an unsupported feature.
-.PP
-\[u2079] QingStor does not support SetModTime for objects bigger than 5
-GiB.
-.PP
-\[S1]\[u2070] FTP supports modtimes for the major FTP servers, and also
-others if they advertised required protocol extensions.
-See this (https://rclone.org/ftp/#modified-time) for more details.
-.PP
-\[S1]\[S1] Internet Archive requires option \f[C]wait_archive\f[R] to be
-set to a non-zero value for full modtime support.
-.PP
-\[S1]\[S2] HiDrive supports its own custom
-hash (https://static.hidrive.com/dev/0001).
-It combines SHA1 sums for each 4 KiB block hierarchically to a single
-top-level sum.
-.SS Hash
-.PP
-The cloud storage system supports various hash types of the objects.
-The hashes are used when transferring data as an integrity check and can
-be specifically used with the \f[C]--checksum\f[R] flag in syncs and in
-the \f[C]check\f[R] command.
-.PP
-To use the verify checksums when transferring between cloud storage
-systems they must support a common hash type.
-.SS ModTime
-.PP
-Almost all cloud storage systems store some sort of timestamp on
-objects, but several of them not something that is appropriate to use
-for syncing.
-E.g.
-some backends will only write a timestamp that represent the time of the
-upload.
-To be relevant for syncing it should be able to store the modification
-time of the source object.
-If this is not the case, rclone will only check the file size by
-default, though can be configured to check the file hash (with the
-\f[C]--checksum\f[R] flag).
-Ideally it should also be possible to change the timestamp of an
-existing file without having to re-upload it.
-.PP
-Storage systems with a \f[C]-\f[R] in the ModTime column, means the
-modification read on objects is not the modification time of the file
-when uploaded.
-It is most likely the time the file was uploaded, or possibly something
-else (like the time the picture was taken in Google Photos).
-.PP
-Storage systems with a \f[C]R\f[R] (for read-only) in the ModTime
-column, means the it keeps modification times on objects, and updates
-them when uploading objects, but it does not support changing only the
-modification time (\f[C]SetModTime\f[R] operation) without re-uploading,
-possibly not even without deleting existing first.
-Some operations in rclone, such as \f[C]copy\f[R] and \f[C]sync\f[R]
-commands, will automatically check for \f[C]SetModTime\f[R] support and
-re-upload if necessary to keep the modification times in sync.
-Other commands will not work without \f[C]SetModTime\f[R] support, e.g.
-\f[C]touch\f[R] command on an existing file will fail, and changes to
-modification time only on a files in a \f[C]mount\f[R] will be silently
-ignored.
-.PP
-Storage systems with \f[C]R/W\f[R] (for read/write) in the ModTime
-column, means they do also support modtime-only operations.
-.SS Case Insensitive
-.PP
-If a cloud storage systems is case sensitive then it is possible to have
-two files which differ only in case, e.g.
-\f[C]file.txt\f[R] and \f[C]FILE.txt\f[R].
-If a cloud storage system is case insensitive then that isn\[aq]t
-possible.
-.PP
-This can cause problems when syncing between a case insensitive system
-and a case sensitive system.
-The symptom of this is that no matter how many times you run the sync it
-never completes fully.
-.PP
-The local filesystem and SFTP may or may not be case sensitive depending
-on OS.
-.IP \[bu] 2
-Windows - usually case insensitive, though case is preserved
-.IP \[bu] 2
-OSX - usually case insensitive, though it is possible to format case
-sensitive
-.IP \[bu] 2
-Linux - usually case sensitive, but there are case insensitive file
-systems (e.g.
-FAT formatted USB keys)
-.PP
-Most of the time this doesn\[aq]t cause any problems as people tend to
-avoid files whose name differs only by case even on case sensitive
-systems.
-.SS Duplicate files
-.PP
-If a cloud storage system allows duplicate files then it can have two
-objects with the same name.
-.PP
-This confuses rclone greatly when syncing - use the
-\f[C]rclone dedupe\f[R] command to rename or remove duplicates.
-.SS Restricted filenames
-.PP
-Some cloud storage systems might have restrictions on the characters
-that are usable in file or directory names.
-When \f[C]rclone\f[R] detects such a name during a file upload, it will
-transparently replace the restricted characters with similar looking
-Unicode characters.
-To handle the different sets of restricted characters for different
-backends, rclone uses something it calls encoding.
-.PP
-This process is designed to avoid ambiguous file names as much as
-possible and allow to move files between many cloud storage systems
-transparently.
-.PP
-The name shown by \f[C]rclone\f[R] to the user or during log output will
-only contain a minimal set of replaced characters to ensure correct
-formatting and not necessarily the actual name used on the cloud
-storage.
-.PP
-This transformation is reversed when downloading a file or parsing
-\f[C]rclone\f[R] arguments.
-For example, when uploading a file named \f[C]my file?.txt\f[R] to
-Onedrive, it will be displayed as \f[C]my file?.txt\f[R] on the console,
-but stored as \f[C]my file\[uFF1F].txt\f[R] to Onedrive (the \f[C]?\f[R]
-gets replaced by the similar looking \f[C]\[uFF1F]\f[R] character, the
-so-called \[dq]fullwidth question mark\[dq]).
-The reverse transformation allows to read a file
-\f[C]unusual/name.txt\f[R] from Google Drive, by passing the name
-\f[C]unusual\[uFF0F]name.txt\f[R] on the command line (the \f[C]/\f[R]
-needs to be replaced by the similar looking \f[C]\[uFF0F]\f[R]
-character).
-.SS Caveats
-.PP
-The filename encoding system works well in most cases, at least where
-file names are written in English or similar languages.
-You might not even notice it: It just works.
-In some cases it may lead to issues, though.
-E.g.
-when file names are written in Chinese, or Japanese, where it is always
-the Unicode fullwidth variants of the punctuation marks that are used.
-.PP
-On Windows, the characters \f[C]:\f[R], \f[C]*\f[R] and \f[C]?\f[R] are
-examples of restricted characters.
-If these are used in filenames on a remote that supports it, Rclone will
-transparently convert them to their fullwidth Unicode variants
-\f[C]\[uFF0A]\f[R], \f[C]\[uFF1F]\f[R] and \f[C]\[uFF1A]\f[R] when
-downloading to Windows, and back again when uploading.
-This way files with names that are not allowed on Windows can still be
-stored.
-.PP
-However, if you have files on your Windows system originally with these
-same Unicode characters in their names, they will be included in the
-same conversion process.
-E.g.
-if you create a file in your Windows filesystem with name
-\f[C]Test\[uFF1A]1.jpg\f[R], where \f[C]\[uFF1A]\f[R] is the Unicode
-fullwidth colon symbol, and use rclone to upload it to Google Drive,
-which supports regular \f[C]:\f[R] (halfwidth question mark), rclone
-will replace the fullwidth \f[C]:\f[R] with the halfwidth \f[C]:\f[R]
-and store the file as \f[C]Test:1.jpg\f[R] in Google Drive.
-Since both Windows and Google Drive allows the name
-\f[C]Test\[uFF1A]1.jpg\f[R], it would probably be better if rclone just
-kept the name as is in this case.
-.PP
-With the opposite situation; if you have a file named
-\f[C]Test:1.jpg\f[R], in your Google Drive, e.g.
-uploaded from a Linux system where \f[C]:\f[R] is valid in file names.
-Then later use rclone to copy this file to your Windows computer you
-will notice that on your local disk it gets renamed to
-\f[C]Test\[uFF1A]1.jpg\f[R].
-The original filename is not legal on Windows, due to the \f[C]:\f[R],
-and rclone therefore renames it to make the copy possible.
-That is all good.
-However, this can also lead to an issue: If you already had a
-\f[I]different\f[R] file named \f[C]Test\[uFF1A]1.jpg\f[R] on Windows,
-and then use rclone to copy either way.
-Rclone will then treat the file originally named \f[C]Test:1.jpg\f[R] on
-Google Drive and the file originally named \f[C]Test\[uFF1A]1.jpg\f[R]
-on Windows as the same file, and replace the contents from one with the
-other.
-.PP
-Its virtually impossible to handle all cases like these correctly in all
-situations, but by customizing the encoding option, changing the set of
-characters that rclone should convert, you should be able to create a
-configuration that works well for your specific situation.
-See also the
-example (https://rclone.org/overview/#encoding-example-windows) below.
-.PP
-(Windows was used as an example of a file system with many restricted
-characters, and Google drive a storage system with few.)
-.SS Default restricted characters
-.PP
-The table below shows the characters that are replaced by default.
-.PP
-When a replacement character is found in a filename, this character will
-be escaped with the \f[C]\[u201B]\f[R] character to avoid ambiguous file
-names.
-(e.g.
-a file named \f[C]\[u2400].txt\f[R] would shown as
-\f[C]\[u201B]\[u2400].txt\f[R])
-.PP
-Each cloud storage backend can use a different set of characters, which
-will be specified in the documentation for each backend.
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-NUL
-T}@T{
-0x00
-T}@T{
-\[u2400]
-T}
-T{
-SOH
-T}@T{
-0x01
-T}@T{
-\[u2401]
-T}
-T{
-STX
-T}@T{
-0x02
-T}@T{
-\[u2402]
-T}
-T{
-ETX
-T}@T{
-0x03
-T}@T{
-\[u2403]
-T}
-T{
-EOT
-T}@T{
-0x04
-T}@T{
-\[u2404]
-T}
-T{
-ENQ
-T}@T{
-0x05
-T}@T{
-\[u2405]
-T}
-T{
-ACK
-T}@T{
-0x06
-T}@T{
-\[u2406]
-T}
-T{
-BEL
-T}@T{
-0x07
-T}@T{
-\[u2407]
-T}
-T{
-BS
-T}@T{
-0x08
-T}@T{
-\[u2408]
-T}
-T{
-HT
-T}@T{
-0x09
-T}@T{
-\[u2409]
-T}
-T{
-LF
-T}@T{
-0x0A
-T}@T{
-\[u240A]
-T}
-T{
-VT
-T}@T{
-0x0B
-T}@T{
-\[u240B]
-T}
-T{
-FF
-T}@T{
-0x0C
-T}@T{
-\[u240C]
-T}
-T{
-CR
-T}@T{
-0x0D
-T}@T{
-\[u240D]
-T}
-T{
-SO
-T}@T{
-0x0E
-T}@T{
-\[u240E]
-T}
-T{
-SI
-T}@T{
-0x0F
-T}@T{
-\[u240F]
-T}
-T{
-DLE
-T}@T{
-0x10
-T}@T{
-\[u2410]
-T}
-T{
-DC1
-T}@T{
-0x11
-T}@T{
-\[u2411]
-T}
-T{
-DC2
-T}@T{
-0x12
-T}@T{
-\[u2412]
-T}
-T{
-DC3
-T}@T{
-0x13
-T}@T{
-\[u2413]
-T}
-T{
-DC4
-T}@T{
-0x14
-T}@T{
-\[u2414]
-T}
-T{
-NAK
-T}@T{
-0x15
-T}@T{
-\[u2415]
-T}
-T{
-SYN
-T}@T{
-0x16
-T}@T{
-\[u2416]
-T}
-T{
-ETB
-T}@T{
-0x17
-T}@T{
-\[u2417]
-T}
-T{
-CAN
-T}@T{
-0x18
-T}@T{
-\[u2418]
-T}
-T{
-EM
-T}@T{
-0x19
-T}@T{
-\[u2419]
-T}
-T{
-SUB
-T}@T{
-0x1A
-T}@T{
-\[u241A]
-T}
-T{
-ESC
-T}@T{
-0x1B
-T}@T{
-\[u241B]
-T}
-T{
-FS
-T}@T{
-0x1C
-T}@T{
-\[u241C]
-T}
-T{
-GS
-T}@T{
-0x1D
-T}@T{
-\[u241D]
-T}
-T{
-RS
-T}@T{
-0x1E
-T}@T{
-\[u241E]
-T}
-T{
-US
-T}@T{
-0x1F
-T}@T{
-\[u241F]
-T}
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-T{
-DEL
-T}@T{
-0x7F
-T}@T{
-\[u2421]
-T}
-.TE
-.PP
-The default encoding will also encode these file names as they are
-problematic with many cloud storage systems.
-.PP
-.TS
-tab(@);
-l c.
-T{
-File name
-T}@T{
-Replacement
-T}
-_
-T{
-\&.
-T}@T{
-\[uFF0E]
-T}
-T{
-\&..
-T}@T{
-\[uFF0E]\[uFF0E]
-T}
-.TE
-.SS Invalid UTF-8 bytes
-.PP
-Some backends only support a sequence of well formed UTF-8 bytes as file
-or directory names.
-.PP
-In this case all invalid UTF-8 bytes will be replaced with a quoted
-representation of the byte value to allow uploading a file to such a
-backend.
-For example, the invalid byte \f[C]0xFE\f[R] will be encoded as
-\f[C]\[u201B]FE\f[R].
-.PP
-A common source of invalid UTF-8 bytes are local filesystems, that store
-names in a different encoding than UTF-8 or UTF-16, like latin1.
-See the local filenames (https://rclone.org/local/#filenames) section
-for details.
-.SS Encoding option
-.PP
-Most backends have an encoding option, specified as a flag
-\f[C]--backend-encoding\f[R] where \f[C]backend\f[R] is the name of the
-backend, or as a config parameter \f[C]encoding\f[R] (you\[aq]ll need to
-select the Advanced config in \f[C]rclone config\f[R] to see it).
-.PP
-This will have default value which encodes and decodes characters in
-such a way as to preserve the maximum number of characters (see above).
-.PP
-However this can be incorrect in some scenarios, for example if you have
-a Windows file system with Unicode fullwidth characters
-\f[C]\[uFF0A]\f[R], \f[C]\[uFF1F]\f[R] or \f[C]\[uFF1A]\f[R], that you
-want to remain as those characters on the remote rather than being
-translated to regular (halfwidth) \f[C]*\f[R], \f[C]?\f[R] and
-\f[C]:\f[R].
-.PP
-The \f[C]--backend-encoding\f[R] flags allow you to change that.
-You can disable the encoding completely with
-\f[C]--backend-encoding None\f[R] or set \f[C]encoding = None\f[R] in
-the config file.
-.PP
-Encoding takes a comma separated list of encodings.
-You can see the list of all possible values by passing an invalid value
-to this flag, e.g.
-\f[C]--local-encoding \[dq]help\[dq]\f[R].
-The command \f[C]rclone help flags encoding\f[R] will show you the
-defaults for the backends.
-.PP
-.TS
-tab(@);
-lw(21.7n) lw(24.1n) lw(24.1n).
-T{
-Encoding
-T}@T{
-Characters
-T}@T{
-Encoded as
-T}
-_
-T{
-Asterisk
-T}@T{
-\f[C]*\f[R]
-T}@T{
-\f[C]\[uFF0A]\f[R]
-T}
-T{
-BackQuote
-T}@T{
-\f[C]\[ga]\f[R]
-T}@T{
-\f[C]\[uFF40]\f[R]
-T}
-T{
-BackSlash
-T}@T{
-\f[C]\[rs]\f[R]
-T}@T{
-\f[C]\[uFF3C]\f[R]
-T}
-T{
-Colon
-T}@T{
-\f[C]:\f[R]
-T}@T{
-\f[C]\[uFF1A]\f[R]
-T}
-T{
-CrLf
-T}@T{
-CR 0x0D, LF 0x0A
-T}@T{
-\f[C]\[u240D]\f[R], \f[C]\[u240A]\f[R]
-T}
-T{
-Ctl
-T}@T{
-All control characters 0x00-0x1F
-T}@T{
-\f[C]\[u2400]\[u2401]\[u2402]\[u2403]\[u2404]\[u2405]\[u2406]\[u2407]\[u2408]\[u2409]\[u240A]\[u240B]\[u240C]\[u240D]\[u240E]\[u240F]\[u2410]\[u2411]\[u2412]\[u2413]\[u2414]\[u2415]\[u2416]\[u2417]\[u2418]\[u2419]\[u241A]\[u241B]\[u241C]\[u241D]\[u241E]\[u241F]\f[R]
-T}
-T{
-Del
-T}@T{
-DEL 0x7F
-T}@T{
-\f[C]\[u2421]\f[R]
-T}
-T{
-Dollar
-T}@T{
-\f[C]$\f[R]
-T}@T{
-\f[C]\[uFF04]\f[R]
-T}
-T{
-Dot
-T}@T{
-\f[C].\f[R] or \f[C]..\f[R] as entire string
-T}@T{
-\f[C]\[uFF0E]\f[R], \f[C]\[uFF0E]\[uFF0E]\f[R]
-T}
-T{
-DoubleQuote
-T}@T{
-\f[C]\[dq]\f[R]
-T}@T{
-\f[C]\[uFF02]\f[R]
-T}
-T{
-Hash
-T}@T{
-\f[C]#\f[R]
-T}@T{
-\f[C]\[uFF03]\f[R]
-T}
-T{
-InvalidUtf8
-T}@T{
-An invalid UTF-8 character (e.g.
-latin1)
-T}@T{
-\f[C]\[uFFFD]\f[R]
-T}
-T{
-LeftCrLfHtVt
-T}@T{
-CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the left of a string
-T}@T{
-\f[C]\[u240D]\f[R], \f[C]\[u240A]\f[R], \f[C]\[u2409]\f[R],
-\f[C]\[u240B]\f[R]
-T}
-T{
-LeftPeriod
-T}@T{
-\f[C].\f[R] on the left of a string
-T}@T{
-\f[C].\f[R]
-T}
-T{
-LeftSpace
-T}@T{
-SPACE on the left of a string
-T}@T{
-\f[C]\[u2420]\f[R]
-T}
-T{
-LeftTilde
-T}@T{
-\f[C]\[ti]\f[R] on the left of a string
-T}@T{
-\f[C]\[uFF5E]\f[R]
-T}
-T{
-LtGt
-T}@T{
-\f[C]<\f[R], \f[C]>\f[R]
-T}@T{
-\f[C]\[uFF1C]\f[R], \f[C]\[uFF1E]\f[R]
-T}
-T{
-None
-T}@T{
-No characters are encoded
-T}@T{
-T}
-T{
-Percent
-T}@T{
-\f[C]%\f[R]
-T}@T{
-\f[C]\[uFF05]\f[R]
-T}
-T{
-Pipe
-T}@T{
-|
-T}@T{
-\f[C]\[uFF5C]\f[R]
-T}
-T{
-Question
-T}@T{
-\f[C]?\f[R]
-T}@T{
-\f[C]\[uFF1F]\f[R]
-T}
-T{
-RightCrLfHtVt
-T}@T{
-CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the right of a string
-T}@T{
-\f[C]\[u240D]\f[R], \f[C]\[u240A]\f[R], \f[C]\[u2409]\f[R],
-\f[C]\[u240B]\f[R]
-T}
-T{
-RightPeriod
-T}@T{
-\f[C].\f[R] on the right of a string
-T}@T{
-\f[C].\f[R]
-T}
-T{
-RightSpace
-T}@T{
-SPACE on the right of a string
-T}@T{
-\f[C]\[u2420]\f[R]
-T}
-T{
-Semicolon
-T}@T{
-\f[C];\f[R]
-T}@T{
-\f[C]\[uFF1B]\f[R]
-T}
-T{
-SingleQuote
-T}@T{
-\f[C]\[aq]\f[R]
-T}@T{
-\f[C]\[uFF07]\f[R]
-T}
-T{
-Slash
-T}@T{
-\f[C]/\f[R]
-T}@T{
-\f[C]\[uFF0F]\f[R]
-T}
-T{
-SquareBracket
-T}@T{
-\f[C][\f[R], \f[C]]\f[R]
-T}@T{
-\f[C]\[uFF3B]\f[R], \f[C]\[uFF3D]\f[R]
-T}
-.TE
-.SS Encoding example: FTP
-.PP
-To take a specific example, the FTP backend\[aq]s default encoding is
-.IP
-.nf
-\f[C]
---ftp-encoding \[dq]Slash,Del,Ctl,RightSpace,Dot\[dq]
-\f[R]
-.fi
-.PP
-However, let\[aq]s say the FTP server is running on Windows and
-can\[aq]t have any of the invalid Windows characters in file names.
-You are backing up Linux servers to this FTP server which do have those
-characters in file names.
-So you would add the Windows set which are
-.IP
-.nf
-\f[C]
-Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
-\f[R]
-.fi
-.PP
-to the existing ones, giving:
-.IP
-.nf
-\f[C]
-Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot,Del,RightSpace
-\f[R]
-.fi
-.PP
-This can be specified using the \f[C]--ftp-encoding\f[R] flag or using
-an \f[C]encoding\f[R] parameter in the config file.
-.SS Encoding example: Windows
-.PP
-As a nother example, take a Windows system where there is a file with
-name \f[C]Test\[uFF1A]1.jpg\f[R], where \f[C]\[uFF1A]\f[R] is the
-Unicode fullwidth colon symbol.
-When using rclone to copy this to a remote which supports \f[C]:\f[R],
-the regular (halfwidth) colon (such as Google Drive), you will notice
-that the file gets renamed to \f[C]Test:1.jpg\f[R].
-.PP
-To avoid this you can change the set of characters rclone should convert
-for the local filesystem, using command-line argument
-\f[C]--local-encoding\f[R].
-Rclone\[aq]s default behavior on Windows corresponds to
-.IP
-.nf
-\f[C]
---local-encoding \[dq]Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot\[dq]
-\f[R]
-.fi
-.PP
-If you want to use fullwidth characters \f[C]\[uFF1A]\f[R],
-\f[C]\[uFF0A]\f[R] and \f[C]\[uFF1F]\f[R] in your filenames without
-rclone changing them when uploading to a remote, then set the same as
-the default value but without \f[C]Colon,Question,Asterisk\f[R]:
-.IP
-.nf
-\f[C]
---local-encoding \[dq]Slash,LtGt,DoubleQuote,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot\[dq]
-\f[R]
-.fi
-.PP
-Alternatively, you can disable the conversion of any characters with
-\f[C]--local-encoding None\f[R].
-.PP
-Instead of using command-line argument \f[C]--local-encoding\f[R], you
-may also set it as environment
-variable (https://rclone.org/docs/#environment-variables)
-\f[C]RCLONE_LOCAL_ENCODING\f[R], or
-configure (https://rclone.org/docs/#configure) a remote of type
-\f[C]local\f[R] in your config, and set the \f[C]encoding\f[R] option
-there.
-.PP
-The risk by doing this is that if you have a filename with the regular
-(halfwidth) \f[C]:\f[R], \f[C]*\f[R] and \f[C]?\f[R] in your cloud
-storage, and you try to download it to your Windows filesystem, this
-will fail.
-These characters are not valid in filenames on Windows, and you have
-told rclone not to work around this by converting them to valid
-fullwidth variants.
-.SS MIME Type
-.PP
-MIME types (also known as media types) classify types of documents using
-a simple text classification, e.g.
-\f[C]text/html\f[R] or \f[C]application/pdf\f[R].
-.PP
-Some cloud storage systems support reading (\f[C]R\f[R]) the MIME type
-of objects and some support writing (\f[C]W\f[R]) the MIME type of
-objects.
-.PP
-The MIME type can be important if you are serving files directly to HTTP
-from the storage system.
-.PP
-If you are copying from a remote which supports reading (\f[C]R\f[R]) to
-a remote which supports writing (\f[C]W\f[R]) then rclone will preserve
-the MIME types.
-Otherwise they will be guessed from the extension, or the remote itself
-may assign the MIME type.
-.SS Metadata
-.PP
-Backends may or may support reading or writing metadata.
-They may support reading and writing system metadata (metadata intrinsic
-to that backend) and/or user metadata (general purpose metadata).
-.PP
-The levels of metadata support are
-.PP
-.TS
-tab(@);
-l l.
-T{
-Key
-T}@T{
-Explanation
-T}
-_
-T{
-\f[C]R\f[R]
-T}@T{
-Read only System Metadata
-T}
-T{
-\f[C]RW\f[R]
-T}@T{
-Read and write System Metadata
-T}
-T{
-\f[C]RWU\f[R]
-T}@T{
-Read and write System Metadata and read and write User Metadata
-T}
-.TE
-.PP
-See the metadata docs (https://rclone.org/docs/#metadata) for more info.
-.SS Optional Features
-.PP
-All rclone remotes support a base command set.
-Other features depend upon backend-specific capabilities.
-.PP
-.TS
-tab(@);
-l c c c c c c c c c c.
-T{
-Name
-T}@T{
-Purge
-T}@T{
-Copy
-T}@T{
-Move
-T}@T{
-DirMove
-T}@T{
-CleanUp
-T}@T{
-ListR
-T}@T{
-StreamUpload
-T}@T{
-LinkSharing
-T}@T{
-About
-T}@T{
-EmptyDir
-T}
-_
-T{
-1Fichier
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-Akamai Netstorage
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-Amazon Drive
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-Amazon S3 (or S3 compatible)
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-Backblaze B2
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-Box
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes \[dd]\[dd]
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Citrix ShareFile
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-Dropbox
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Enterprise File Fabric
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-FTP
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-Google Cloud Storage
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-Google Drive
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Google Photos
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-HDFS
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-HiDrive
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-HTTP
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-Internet Archive
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}
-T{
-Jottacloud
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Koofr
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Mail.ru Cloud
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Mega
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Memory
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-Microsoft Azure Blob Storage
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-Microsoft OneDrive
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-OpenDrive
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-OpenStack Swift
-T}@T{
-Yes \[dg]
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}
-T{
-Oracle Object Storage
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-pCloud
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-premiumize.me
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-put.io
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-QingStor
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-Seafile
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-SFTP
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Sia
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-SMB
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-SugarSync
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}
-T{
-Storj
-T}@T{
-Yes \[u2628]
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-Uptobox
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}
-T{
-WebDAV
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes \[dd]
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Yandex Disk
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-Zoho WorkDrive
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-T{
-The local filesystem
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-No
-T}@T{
-Yes
-T}@T{
-Yes
-T}
-.TE
-.SS Purge
+If the directory is not passed in, it defaults to the directory pointed
+to by --cache-dir.
+.IP \[bu] 2
+dir - string (optional)
+.PP
+Returns:
+.IP
+.nf
+\f[C]
+{
+    \[dq]dir\[dq]: \[dq]/\[dq],
+    \[dq]info\[dq]: {
+        \[dq]Available\[dq]: 361769115648,
+        \[dq]Free\[dq]: 361785892864,
+        \[dq]Total\[dq]: 982141468672
+    }
+}
+\f[R]
+.fi
+.SS core/gc: Runs a garbage collection.
+.PP
+This tells the go runtime to do a garbage collection run.
+It isn\[aq]t necessary to call this normally, but it can be useful for
+debugging memory problems.
+.SS core/group-list: Returns list of stats.
+.PP
+This returns list of stats groups currently in memory.
+.PP
+Returns the following values:
+.IP
+.nf
+\f[C]
+{
+    \[dq]groups\[dq]:  an array of group names:
+        [
+            \[dq]group1\[dq],
+            \[dq]group2\[dq],
+            ...
+        ]
+}
+\f[R]
+.fi
+.SS core/memstats: Returns the memory statistics
+.PP
+This returns the memory statistics of the running program.
+What the values mean are explained in the go docs:
+https://golang.org/pkg/runtime/#MemStats
+.PP
+The most interesting values for most people are:
+.IP \[bu] 2
+HeapAlloc - this is the amount of memory rclone is actually using
+.IP \[bu] 2
+HeapSys - this is the amount of memory rclone has obtained from the OS
+.IP \[bu] 2
+Sys - this is the total amount of memory requested from the OS
+.RS 2
+.IP \[bu] 2
+It is virtual memory so may include unused memory
+.RE
+.SS core/obscure: Obscures a string passed in.
+.PP
+Pass a clear string and rclone will obscure it for the config file: -
+clear - string
+.PP
+Returns: - obscured - string
+.SS core/pid: Return PID of current process
+.PP
+This returns PID of current process.
+Useful for stopping rclone process.
+.SS core/quit: Terminates the app.
+.PP
+(Optional) Pass an exit code to be used for terminating the app: -
+exitCode - int
+.SS core/stats: Returns stats about current transfers.
+.PP
+This returns all available stats:
+.IP
+.nf
+\f[C]
+rclone rc core/stats
+\f[R]
+.fi
+.PP
+If group is not provided then summed up stats for all groups will be
+returned.
+.PP
+Parameters
+.IP \[bu] 2
+group - name of the stats group (string)
+.PP
+Returns the following values:
+.IP
+.nf
+\f[C]
+{
+    \[dq]bytes\[dq]: total transferred bytes since the start of the group,
+    \[dq]checks\[dq]: number of files checked,
+    \[dq]deletes\[dq] : number of files deleted,
+    \[dq]elapsedTime\[dq]: time in floating point seconds since rclone was started,
+    \[dq]errors\[dq]: number of errors,
+    \[dq]eta\[dq]: estimated time in seconds until the group completes,
+    \[dq]fatalError\[dq]: boolean whether there has been at least one fatal error,
+    \[dq]lastError\[dq]: last error string,
+    \[dq]renames\[dq] : number of files renamed,
+    \[dq]retryError\[dq]: boolean showing whether there has been at least one non-NoRetryError,
+        \[dq]serverSideCopies\[dq]: number of server side copies done,
+        \[dq]serverSideCopyBytes\[dq]: number bytes server side copied,
+        \[dq]serverSideMoves\[dq]: number of server side moves done,
+        \[dq]serverSideMoveBytes\[dq]: number bytes server side moved,
+    \[dq]speed\[dq]: average speed in bytes per second since start of the group,
+    \[dq]totalBytes\[dq]: total number of bytes in the group,
+    \[dq]totalChecks\[dq]: total number of checks in the group,
+    \[dq]totalTransfers\[dq]: total number of transfers in the group,
+    \[dq]transferTime\[dq] : total time spent on running jobs,
+    \[dq]transfers\[dq]: number of transferred files,
+    \[dq]transferring\[dq]: an array of currently active file transfers:
+        [
+            {
+                \[dq]bytes\[dq]: total transferred bytes for this file,
+                \[dq]eta\[dq]: estimated time in seconds until file transfer completion
+                \[dq]name\[dq]: name of the file,
+                \[dq]percentage\[dq]: progress of the file transfer in percent,
+                \[dq]speed\[dq]: average speed over the whole transfer in bytes per second,
+                \[dq]speedAvg\[dq]: current speed in bytes per second as an exponentially weighted moving average,
+                \[dq]size\[dq]: size of the file in bytes
+            }
+        ],
+    \[dq]checking\[dq]: an array of names of currently active file checks
+        []
+}
+\f[R]
+.fi
+.PP
+Values for \[dq]transferring\[dq], \[dq]checking\[dq] and
+\[dq]lastError\[dq] are only assigned if data is available.
+The value for \[dq]eta\[dq] is null if an eta cannot be determined.
+.SS core/stats-delete: Delete stats group.
+.PP
+This deletes entire stats group.
+.PP
+Parameters
+.IP \[bu] 2
+group - name of the stats group (string)
+.SS core/stats-reset: Reset stats.
+.PP
+This clears counters, errors and finished transfers for all stats or
+specific stats group if group is provided.
+.PP
+Parameters
+.IP \[bu] 2
+group - name of the stats group (string)
+.SS core/transferred: Returns stats about completed transfers.
+.PP
+This returns stats about completed transfers:
+.IP
+.nf
+\f[C]
+rclone rc core/transferred
+\f[R]
+.fi
+.PP
+If group is not provided then completed transfers for all groups will be
+returned.
+.PP
+Note only the last 100 completed transfers are returned.
+.PP
+Parameters
+.IP \[bu] 2
+group - name of the stats group (string)
+.PP
+Returns the following values:
+.IP
+.nf
+\f[C]
+{
+    \[dq]transferred\[dq]:  an array of completed transfers (including failed ones):
+        [
+            {
+                \[dq]name\[dq]: name of the file,
+                \[dq]size\[dq]: size of the file in bytes,
+                \[dq]bytes\[dq]: total transferred bytes for this file,
+                \[dq]checked\[dq]: if the transfer is only checked (skipped, deleted),
+                \[dq]timestamp\[dq]: integer representing millisecond unix epoch,
+                \[dq]error\[dq]: string description of the error (empty if successful),
+                \[dq]jobid\[dq]: id of the job that this transfer belongs to
+            }
+        ]
+}
+\f[R]
+.fi
+.SS core/version: Shows the current version of rclone and the go runtime.
+.PP
+This shows the current version of go and the go runtime:
+.IP \[bu] 2
+version - rclone version, e.g.
+\[dq]v1.53.0\[dq]
+.IP \[bu] 2
+decomposed - version number as [major, minor, patch]
+.IP \[bu] 2
+isGit - boolean - true if this was compiled from the git version
+.IP \[bu] 2
+isBeta - boolean - true if this is a beta version
+.IP \[bu] 2
+os - OS in use as according to Go
+.IP \[bu] 2
+arch - cpu architecture in use according to Go
+.IP \[bu] 2
+goVersion - version of Go runtime in use
+.IP \[bu] 2
+linking - type of rclone executable (static or dynamic)
+.IP \[bu] 2
+goTags - space separated build tags or \[dq]none\[dq]
+.SS debug/set-block-profile-rate: Set runtime.SetBlockProfileRate for blocking profiling.
+.PP
+SetBlockProfileRate controls the fraction of goroutine blocking events
+that are reported in the blocking profile.
+The profiler aims to sample an average of one blocking event per rate
+nanoseconds spent blocked.
+.PP
+To include every blocking event in the profile, pass rate = 1.
+To turn off profiling entirely, pass rate <= 0.
+.PP
+After calling this you can use this to see the blocking profile:
+.IP
+.nf
+\f[C]
+go tool pprof http://localhost:5572/debug/pprof/block
+\f[R]
+.fi
+.PP
+Parameters:
+.IP \[bu] 2
+rate - int
+.SS debug/set-gc-percent: Call runtime/debug.SetGCPercent for setting the garbage collection target percentage.
+.PP
+SetGCPercent sets the garbage collection target percentage: a collection
+is triggered when the ratio of freshly allocated data to live data
+remaining after the previous collection reaches this percentage.
+SetGCPercent returns the previous setting.
+The initial setting is the value of the GOGC environment variable at
+startup, or 100 if the variable is not set.
+.PP
+This setting may be effectively reduced in order to maintain a memory
+limit.
+A negative percentage effectively disables garbage collection, unless
+the memory limit is reached.
+.PP
+See https://pkg.go.dev/runtime/debug#SetMemoryLimit for more details.
+.PP
+Parameters:
+.IP \[bu] 2
+gc-percent - int
+.SS debug/set-mutex-profile-fraction: Set runtime.SetMutexProfileFraction for mutex profiling.
+.PP
+SetMutexProfileFraction controls the fraction of mutex contention events
+that are reported in the mutex profile.
+On average 1/rate events are reported.
+The previous rate is returned.
+.PP
+To turn off profiling entirely, pass rate 0.
+To just read the current rate, pass rate < 0.
+(For n>1 the details of sampling may change.)
+.PP
+Once this is set you can look use this to profile the mutex contention:
+.IP
+.nf
+\f[C]
+go tool pprof http://localhost:5572/debug/pprof/mutex
+\f[R]
+.fi
+.PP
+Parameters:
+.IP \[bu] 2
+rate - int
+.PP
+Results:
+.IP \[bu] 2
+previousRate - int
+.SS debug/set-soft-memory-limit: Call runtime/debug.SetMemoryLimit for setting a soft memory limit for the runtime.
+.PP
+SetMemoryLimit provides the runtime with a soft memory limit.
+.PP
+The runtime undertakes several processes to try to respect this memory
+limit, including adjustments to the frequency of garbage collections and
+returning memory to the underlying system more aggressively.
+This limit will be respected even if GOGC=off (or, if SetGCPercent(-1)
+is executed).
+.PP
+The input limit is provided as bytes, and includes all memory mapped,
+managed, and not released by the Go runtime.
+Notably, it does not account for space used by the Go binary and memory
+external to Go, such as memory managed by the underlying system on
+behalf of the process, or memory managed by non-Go code inside the same
+process.
+Examples of excluded memory sources include: OS kernel memory held on
+behalf of the process, memory allocated by C code, and memory mapped by
+syscall.Mmap (because it is not managed by the Go runtime).
+.PP
+A zero limit or a limit that\[aq]s lower than the amount of memory used
+by the Go runtime may cause the garbage collector to run nearly
+continuously.
+However, the application may still make progress.
+.PP
+The memory limit is always respected by the Go runtime, so to
+effectively disable this behavior, set the limit very high.
+math.MaxInt64 is the canonical value for disabling the limit, but values
+much greater than the available memory on the underlying system work
+just as well.
+.PP
+See https://go.dev/doc/gc-guide for a detailed guide explaining the soft
+memory limit in more detail, as well as a variety of common use-cases
+and scenarios.
+.PP
+SetMemoryLimit returns the previously set memory limit.
+A negative input does not adjust the limit, and allows for retrieval of
+the currently set memory limit.
+.PP
+Parameters:
+.IP \[bu] 2
+mem-limit - int
+.SS fscache/clear: Clear the Fs cache.
+.PP
+This clears the fs cache.
+This is where remotes created from backends are cached for a short while
+to make repeated rc calls more efficient.
+.PP
+If you change the parameters of a backend then you may want to call this
+to clear an existing remote out of the cache before re-creating it.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS fscache/entries: Returns the number of entries in the fs cache.
+.PP
+This returns the number of entries in the fs cache.
+.PP
+Returns - entries - number of items in the cache
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS job/list: Lists the IDs of the running jobs
+.PP
+Parameters: None.
+.PP
+Results:
+.IP \[bu] 2
+executeId - string id of rclone executing (change after restart)
+.IP \[bu] 2
+jobids - array of integer job ids (starting at 1 on each restart)
+.SS job/status: Reads the status of the job ID
+.PP
+Parameters:
+.IP \[bu] 2
+jobid - id of the job (integer).
+.PP
+Results:
+.IP \[bu] 2
+finished - boolean
+.IP \[bu] 2
+duration - time in seconds that the job ran for
+.IP \[bu] 2
+endTime - time the job finished (e.g.
+\[dq]2018-10-26T18:50:20.528746884+01:00\[dq])
+.IP \[bu] 2
+error - error from the job or empty string for no error
+.IP \[bu] 2
+finished - boolean whether the job has finished or not
+.IP \[bu] 2
+id - as passed in above
+.IP \[bu] 2
+startTime - time the job started (e.g.
+\[dq]2018-10-26T18:50:20.528336039+01:00\[dq])
+.IP \[bu] 2
+success - boolean - true for success false otherwise
+.IP \[bu] 2
+output - output of the job as would have been returned if called
+synchronously
+.IP \[bu] 2
+progress - output of the progress related to the underlying job
+.SS job/stop: Stop the running job
+.PP
+Parameters:
+.IP \[bu] 2
+jobid - id of the job (integer).
+.SS job/stopgroup: Stop all running jobs in a group
+.PP
+Parameters:
+.IP \[bu] 2
+group - name of the group (string).
+.SS mount/listmounts: Show current mount points
+.PP
+This shows currently mounted points, which can be used for performing an
+unmount.
+.PP
+This takes no parameters and returns
+.IP \[bu] 2
+mountPoints: list of current mount points
+.PP
+Eg
+.IP
+.nf
+\f[C]
+rclone rc mount/listmounts
+\f[R]
+.fi
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS mount/mount: Create a new mount point
+.PP
+rclone allows Linux, FreeBSD, macOS and Windows to mount any of
+Rclone\[aq]s cloud storage systems as a file system with FUSE.
+.PP
+If no mountType is provided, the priority is given as follows: 1.
+mount 2.cmount 3.mount2
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote path to be mounted (required)
+.IP \[bu] 2
+mountPoint: valid path on the local machine (required)
+.IP \[bu] 2
+mountType: one of the values (mount, cmount, mount2) specifies the mount
+implementation to use
+.IP \[bu] 2
+mountOpt: a JSON object with Mount options in.
+.IP \[bu] 2
+vfsOpt: a JSON object with VFS options in.
+.PP
+Example:
+.IP
+.nf
+\f[C]
+rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint
+rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint mountType=mount
+rclone rc mount/mount fs=TestDrive: mountPoint=/mnt/tmp vfsOpt=\[aq]{\[dq]CacheMode\[dq]: 2}\[aq] mountOpt=\[aq]{\[dq]AllowOther\[dq]: true}\[aq]
+\f[R]
+.fi
+.PP
+The vfsOpt are as described in options/get and can be seen in the the
+\[dq]vfs\[dq] section when running and the mountOpt can be seen in the
+\[dq]mount\[dq] section:
+.IP
+.nf
+\f[C]
+rclone rc options/get
+\f[R]
+.fi
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS mount/types: Show all possible mount types
+.PP
+This shows all possible mount types and returns them as a list.
+.PP
+This takes no parameters and returns
+.IP \[bu] 2
+mountTypes: list of mount types
+.PP
+The mount types are strings like \[dq]mount\[dq], \[dq]mount2\[dq],
+\[dq]cmount\[dq] and can be passed to mount/mount as the mountType
+parameter.
+.PP
+Eg
+.IP
+.nf
+\f[C]
+rclone rc mount/types
+\f[R]
+.fi
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS mount/unmount: Unmount selected active mount
+.PP
+rclone allows Linux, FreeBSD, macOS and Windows to mount any of
+Rclone\[aq]s cloud storage systems as a file system with FUSE.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+mountPoint: valid path on the local machine where the mount was created
+(required)
+.PP
+Example:
+.IP
+.nf
+\f[C]
+rclone rc mount/unmount mountPoint=/home/<user>/mountPoint
+\f[R]
+.fi
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS mount/unmountall: Unmount all active mounts
+.PP
+rclone allows Linux, FreeBSD, macOS and Windows to mount any of
+Rclone\[aq]s cloud storage systems as a file system with FUSE.
+.PP
+This takes no parameters and returns error if unmount does not succeed.
+.PP
+Eg
+.IP
+.nf
+\f[C]
+rclone rc mount/unmountall
+\f[R]
+.fi
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/about: Return the space used on the remote
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.PP
+The result is as returned from rclone about --json
+.PP
+See the about (https://rclone.org/commands/rclone_about/) command for
+more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/check: check the source and destination are the same
+.PP
+Checks the files in the source and destination match.
+It compares sizes and hashes and logs a report of files that don\[aq]t
+match.
+It doesn\[aq]t alter the source or destination.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+srcFs - a remote name string e.g.
+\[dq]drive:\[dq] for the source, \[dq]/\[dq] for local filesystem
+.IP \[bu] 2
+dstFs - a remote name string e.g.
+\[dq]drive2:\[dq] for the destination, \[dq]/\[dq] for local filesystem
+.IP \[bu] 2
+download - check by downloading rather than with hash
+.IP \[bu] 2
+checkFileHash - treat checkFileFs:checkFileRemote as a SUM file with
+hashes of given type
+.IP \[bu] 2
+checkFileFs - treat checkFileFs:checkFileRemote as a SUM file with
+hashes of given type
+.IP \[bu] 2
+checkFileRemote - treat checkFileFs:checkFileRemote as a SUM file with
+hashes of given type
+.IP \[bu] 2
+oneWay - check one way only, source files must exist on remote
+.IP \[bu] 2
+combined - make a combined report of changes (default false)
+.IP \[bu] 2
+missingOnSrc - report all files missing from the source (default true)
+.IP \[bu] 2
+missingOnDst - report all files missing from the destination (default
+true)
+.IP \[bu] 2
+match - report all matching files (default false)
+.IP \[bu] 2
+differ - report all non-matching files (default true)
+.IP \[bu] 2
+error - report all files with errors (hashing or reading) (default true)
+.PP
+If you supply the download flag, it will download the data from both
+remotes and check them against each other on the fly.
+This can be useful for remotes that don\[aq]t support hashes or if you
+really want to check all the data.
+.PP
+If you supply the size-only global flag, it will only compare the sizes
+not the hashes as well.
+Use this for a quick check.
+.PP
+If you supply the checkFileHash option with a valid hash name, the
+checkFileFs:checkFileRemote must point to a text file in the SUM format.
+This treats the checksum file as the source and dstFs as the
+destination.
+Note that srcFs is not used and should not be supplied in this case.
+.PP
+Returns:
+.IP \[bu] 2
+success - true if no error, false otherwise
+.IP \[bu] 2
+status - textual summary of check, OK or text string
+.IP \[bu] 2
+hashType - hash used in check, may be missing
+.IP \[bu] 2
+combined - array of strings of combined report of changes
+.IP \[bu] 2
+missingOnSrc - array of strings of all files missing from the source
+.IP \[bu] 2
+missingOnDst - array of strings of all files missing from the
+destination
+.IP \[bu] 2
+match - array of strings of all matching files
+.IP \[bu] 2
+differ - array of strings of all non-matching files
+.IP \[bu] 2
+error - array of strings of all files with errors (hashing or reading)
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/cleanup: Remove trashed files in the remote or path
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.PP
+See the cleanup (https://rclone.org/commands/rclone_cleanup/) command
+for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/copyfile: Copy a file from source remote to destination remote
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+srcFs - a remote name string e.g.
+\[dq]drive:\[dq] for the source, \[dq]/\[dq] for local filesystem
+.IP \[bu] 2
+srcRemote - a path within that remote e.g.
+\[dq]file.txt\[dq] for the source
+.IP \[bu] 2
+dstFs - a remote name string e.g.
+\[dq]drive2:\[dq] for the destination, \[dq]/\[dq] for local filesystem
+.IP \[bu] 2
+dstRemote - a path within that remote e.g.
+\[dq]file2.txt\[dq] for the destination
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/copyurl: Copy the URL to the object
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
+.IP \[bu] 2
+url - string, URL to read from
+.IP \[bu] 2
+autoFilename - boolean, set to true to retrieve destination file name
+from url
+.PP
+See the copyurl (https://rclone.org/commands/rclone_copyurl/) command
+for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/delete: Remove files in the path
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.PP
+See the delete (https://rclone.org/commands/rclone_delete/) command for
+more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/deletefile: Remove the single file pointed to
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
+.PP
+See the deletefile (https://rclone.org/commands/rclone_deletefile/)
+command for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/fsinfo: Return information about the remote
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.PP
+This returns info about the remote passed in;
+.IP
+.nf
+\f[C]
+{
+        // optional features and whether they are available or not
+        \[dq]Features\[dq]: {
+                \[dq]About\[dq]: true,
+                \[dq]BucketBased\[dq]: false,
+                \[dq]BucketBasedRootOK\[dq]: false,
+                \[dq]CanHaveEmptyDirectories\[dq]: true,
+                \[dq]CaseInsensitive\[dq]: false,
+                \[dq]ChangeNotify\[dq]: false,
+                \[dq]CleanUp\[dq]: false,
+                \[dq]Command\[dq]: true,
+                \[dq]Copy\[dq]: false,
+                \[dq]DirCacheFlush\[dq]: false,
+                \[dq]DirMove\[dq]: true,
+                \[dq]Disconnect\[dq]: false,
+                \[dq]DuplicateFiles\[dq]: false,
+                \[dq]GetTier\[dq]: false,
+                \[dq]IsLocal\[dq]: true,
+                \[dq]ListR\[dq]: false,
+                \[dq]MergeDirs\[dq]: false,
+                \[dq]MetadataInfo\[dq]: true,
+                \[dq]Move\[dq]: true,
+                \[dq]OpenWriterAt\[dq]: true,
+                \[dq]PublicLink\[dq]: false,
+                \[dq]Purge\[dq]: true,
+                \[dq]PutStream\[dq]: true,
+                \[dq]PutUnchecked\[dq]: false,
+                \[dq]ReadMetadata\[dq]: true,
+                \[dq]ReadMimeType\[dq]: false,
+                \[dq]ServerSideAcrossConfigs\[dq]: false,
+                \[dq]SetTier\[dq]: false,
+                \[dq]SetWrapper\[dq]: false,
+                \[dq]Shutdown\[dq]: false,
+                \[dq]SlowHash\[dq]: true,
+                \[dq]SlowModTime\[dq]: false,
+                \[dq]UnWrap\[dq]: false,
+                \[dq]UserInfo\[dq]: false,
+                \[dq]UserMetadata\[dq]: true,
+                \[dq]WrapFs\[dq]: false,
+                \[dq]WriteMetadata\[dq]: true,
+                \[dq]WriteMimeType\[dq]: false
+        },
+        // Names of hashes available
+        \[dq]Hashes\[dq]: [
+                \[dq]md5\[dq],
+                \[dq]sha1\[dq],
+                \[dq]whirlpool\[dq],
+                \[dq]crc32\[dq],
+                \[dq]sha256\[dq],
+                \[dq]dropbox\[dq],
+                \[dq]mailru\[dq],
+                \[dq]quickxor\[dq]
+        ],
+        \[dq]Name\[dq]: \[dq]local\[dq],        // Name as created
+        \[dq]Precision\[dq]: 1,         // Precision of timestamps in ns
+        \[dq]Root\[dq]: \[dq]/\[dq],            // Path as created
+        \[dq]String\[dq]: \[dq]Local file system at /\[dq], // how the remote will appear in logs
+        // Information about the system metadata for this backend
+        \[dq]MetadataInfo\[dq]: {
+                \[dq]System\[dq]: {
+                        \[dq]atime\[dq]: {
+                                \[dq]Help\[dq]: \[dq]Time of last access\[dq],
+                                \[dq]Type\[dq]: \[dq]RFC 3339\[dq],
+                                \[dq]Example\[dq]: \[dq]2006-01-02T15:04:05.999999999Z07:00\[dq]
+                        },
+                        \[dq]btime\[dq]: {
+                                \[dq]Help\[dq]: \[dq]Time of file birth (creation)\[dq],
+                                \[dq]Type\[dq]: \[dq]RFC 3339\[dq],
+                                \[dq]Example\[dq]: \[dq]2006-01-02T15:04:05.999999999Z07:00\[dq]
+                        },
+                        \[dq]gid\[dq]: {
+                                \[dq]Help\[dq]: \[dq]Group ID of owner\[dq],
+                                \[dq]Type\[dq]: \[dq]decimal number\[dq],
+                                \[dq]Example\[dq]: \[dq]500\[dq]
+                        },
+                        \[dq]mode\[dq]: {
+                                \[dq]Help\[dq]: \[dq]File type and mode\[dq],
+                                \[dq]Type\[dq]: \[dq]octal, unix style\[dq],
+                                \[dq]Example\[dq]: \[dq]0100664\[dq]
+                        },
+                        \[dq]mtime\[dq]: {
+                                \[dq]Help\[dq]: \[dq]Time of last modification\[dq],
+                                \[dq]Type\[dq]: \[dq]RFC 3339\[dq],
+                                \[dq]Example\[dq]: \[dq]2006-01-02T15:04:05.999999999Z07:00\[dq]
+                        },
+                        \[dq]rdev\[dq]: {
+                                \[dq]Help\[dq]: \[dq]Device ID (if special file)\[dq],
+                                \[dq]Type\[dq]: \[dq]hexadecimal\[dq],
+                                \[dq]Example\[dq]: \[dq]1abc\[dq]
+                        },
+                        \[dq]uid\[dq]: {
+                                \[dq]Help\[dq]: \[dq]User ID of owner\[dq],
+                                \[dq]Type\[dq]: \[dq]decimal number\[dq],
+                                \[dq]Example\[dq]: \[dq]500\[dq]
+                        }
+                },
+                \[dq]Help\[dq]: \[dq]Textual help string\[rs]n\[dq]
+        }
+}
+\f[R]
+.fi
+.PP
+This command does not have a command line equivalent so use this
+instead:
+.IP
+.nf
+\f[C]
+rclone rc --loopback operations/fsinfo fs=remote:
+\f[R]
+.fi
+.SS operations/list: List the given remote and path in JSON format
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
+.IP \[bu] 2
+opt - a dictionary of options to control the listing (optional)
+.RS 2
+.IP \[bu] 2
+recurse - If set recurse directories
+.IP \[bu] 2
+noModTime - If set return modification time
+.IP \[bu] 2
+showEncrypted - If set show decrypted names
+.IP \[bu] 2
+showOrigIDs - If set show the IDs for each item if known
+.IP \[bu] 2
+showHash - If set return a dictionary of hashes
+.IP \[bu] 2
+noMimeType - If set don\[aq]t show mime types
+.IP \[bu] 2
+dirsOnly - If set only show directories
+.IP \[bu] 2
+filesOnly - If set only show files
+.IP \[bu] 2
+metadata - If set return metadata of objects also
+.IP \[bu] 2
+hashTypes - array of strings of hash types to show if showHash set
+.RE
+.PP
+Returns:
+.IP \[bu] 2
+list
+.RS 2
+.IP \[bu] 2
+This is an array of objects as described in the lsjson command
+.RE
+.PP
+See the lsjson (https://rclone.org/commands/rclone_lsjson/) command for
+more information on the above and examples.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/mkdir: Make a destination directory or container
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
+.PP
+See the mkdir (https://rclone.org/commands/rclone_mkdir/) command for
+more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/movefile: Move a file from source remote to destination remote
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+srcFs - a remote name string e.g.
+\[dq]drive:\[dq] for the source, \[dq]/\[dq] for local filesystem
+.IP \[bu] 2
+srcRemote - a path within that remote e.g.
+\[dq]file.txt\[dq] for the source
+.IP \[bu] 2
+dstFs - a remote name string e.g.
+\[dq]drive2:\[dq] for the destination, \[dq]/\[dq] for local filesystem
+.IP \[bu] 2
+dstRemote - a path within that remote e.g.
+\[dq]file2.txt\[dq] for the destination
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/publiclink: Create or retrieve a public link to the given file or folder.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
+.IP \[bu] 2
+unlink - boolean - if set removes the link rather than adding it
+(optional)
+.IP \[bu] 2
+expire - string - the expiry time of the link e.g.
+\[dq]1d\[dq] (optional)
 .PP
-This deletes a directory quicker than just deleting all the files in the
-directory.
+Returns:
+.IP \[bu] 2
+url - URL of the resource
 .PP
-\[dg] Note Swift implements this in order to delete directory markers
-but they don\[aq]t actually have a quicker way of deleting files other
-than deleting them individually.
+See the link (https://rclone.org/commands/rclone_link/) command for more
+information on the above.
 .PP
-\[u2628] Storj implements this efficiently only for entire buckets.
-If purging a directory inside a bucket, files are deleted individually.
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/purge: Remove a directory or container and all of its contents
 .PP
-\[dd] StreamUpload is not supported with Nextcloud
-.SS Copy
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
 .PP
-Used when copying an object to and from the same remote.
-This known as a server-side copy so you can copy a file without
-downloading it and uploading it again.
-It is used if you use \f[C]rclone copy\f[R] or \f[C]rclone move\f[R] if
-the remote doesn\[aq]t support \f[C]Move\f[R] directly.
+See the purge (https://rclone.org/commands/rclone_purge/) command for
+more information on the above.
 .PP
-If the server doesn\[aq]t support \f[C]Copy\f[R] directly then for copy
-operations the file is downloaded then re-uploaded.
-.SS Move
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/rmdir: Remove an empty directory or container
 .PP
-Used when moving/renaming an object on the same remote.
-This is known as a server-side move of a file.
-This is used in \f[C]rclone move\f[R] if the server doesn\[aq]t support
-\f[C]DirMove\f[R].
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
 .PP
-If the server isn\[aq]t capable of \f[C]Move\f[R] then rclone simulates
-it with \f[C]Copy\f[R] then delete.
-If the server doesn\[aq]t support \f[C]Copy\f[R] then rclone will
-download the file and re-upload it.
-.SS DirMove
+See the rmdir (https://rclone.org/commands/rclone_rmdir/) command for
+more information on the above.
 .PP
-This is used to implement \f[C]rclone move\f[R] to move a directory if
-possible.
-If it isn\[aq]t then it will use \f[C]Move\f[R] on each file (which
-falls back to \f[C]Copy\f[R] then download and upload - see
-\f[C]Move\f[R] section).
-.SS CleanUp
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/rmdirs: Remove all the empty directories in the path
 .PP
-This is used for emptying the trash for a remote by
-\f[C]rclone cleanup\f[R].
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
+.IP \[bu] 2
+leaveRoot - boolean, set to true not to delete the root
 .PP
-If the server can\[aq]t do \f[C]CleanUp\f[R] then
-\f[C]rclone cleanup\f[R] will return an error.
+See the rmdirs (https://rclone.org/commands/rclone_rmdirs/) command for
+more information on the above.
 .PP
-\[dd]\[dd] Note that while Box implements this it has to delete every
-file individually so it will be slower than emptying the trash via the
-WebUI
-.SS ListR
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/settier: Changes storage tier or class on all files in the path
 .PP
-The remote supports a recursive list to list all the contents beneath a
-directory quickly.
-This enables the \f[C]--fast-list\f[R] flag to work.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
-.SS StreamUpload
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
 .PP
-Some remotes allow files to be uploaded without knowing the file size in
-advance.
-This allows certain operations to work without spooling the file to
-local disk first, e.g.
-\f[C]rclone rcat\f[R].
-.SS LinkSharing
+See the settier (https://rclone.org/commands/rclone_settier/) command
+for more information on the above.
 .PP
-Sets the necessary permissions on a file or folder and prints a link
-that allows others to access them, even if they don\[aq]t have an
-account on the particular cloud provider.
-.SS About
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/settierfile: Changes storage tier or class on the single file pointed to
 .PP
-Rclone \f[C]about\f[R] prints quota information for a remote.
-Typical output includes bytes used, free, quota and in trash.
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
 .PP
-If a remote lacks about capability \f[C]rclone about remote:\f[R]returns
-an error.
+See the settierfile (https://rclone.org/commands/rclone_settierfile/)
+command for more information on the above.
 .PP
-Backends without about capability cannot determine free space for an
-rclone mount, or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/size: Count the number of bytes and files in remote
 .PP
-See rclone about command (https://rclone.org/commands/rclone_about/)
-.SS EmptyDir
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:path/to/dir\[dq]
 .PP
-The remote supports empty directories.
-See Limitations (https://rclone.org/bugs/#limitations) for details.
-Most Object/Bucket-based remotes do not support this.
-.SH Global Flags
+Returns:
+.IP \[bu] 2
+count - number of files
+.IP \[bu] 2
+bytes - number of bytes in those files
 .PP
-This describes the global flags available to every rclone command split
-into two groups, non backend and backend flags.
-.SS Non Backend Flags
-.PP
-These flags are available for every command.
-.IP
-.nf
-\f[C]
-      --ask-password                         Allow prompt for password for encrypted configuration (default true)
-      --auto-confirm                         If enabled, do not request console confirmation
-      --backup-dir string                    Make backups into hierarchy based in DIR
-      --bind string                          Local address to bind to for outgoing connections, IPv4, IPv6 or name
-      --buffer-size SizeSuffix               In memory buffer size when reading files for each --transfer (default 16Mi)
-      --bwlimit BwTimetable                  Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --bwlimit-file BwTimetable             Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
-      --ca-cert stringArray                  CA certificate used to verify servers
-      --cache-dir string                     Directory rclone will use for caching (default \[dq]$HOME/.cache/rclone\[dq])
-      --check-first                          Do all the checks before starting transfers
-      --checkers int                         Number of checkers to run in parallel (default 8)
-  -c, --checksum                             Skip based on checksum (if available) & size, not mod-time & size
-      --client-cert string                   Client SSL certificate (PEM) for mutual TLS auth
-      --client-key string                    Client SSL private key (PEM) for mutual TLS auth
-      --color string                         When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default \[dq]AUTO\[dq])
-      --compare-dest stringArray             Include additional comma separated server-side paths during comparison
-      --config string                        Config file (default \[dq]$HOME/.config/rclone/rclone.conf\[dq])
-      --contimeout Duration                  Connect timeout (default 1m0s)
-      --copy-dest stringArray                Implies --compare-dest but also copies files from paths into destination
-      --cpuprofile string                    Write cpu profile to file
-      --cutoff-mode string                   Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default \[dq]HARD\[dq])
-      --delete-after                         When synchronizing, delete files on destination after transferring (default)
-      --delete-before                        When synchronizing, delete files on destination before transferring
-      --delete-during                        When synchronizing, delete files during transfer
-      --delete-excluded                      Delete files on dest excluded from sync
-      --disable string                       Disable a comma separated list of features (use --disable help to see a list)
-      --disable-http-keep-alives             Disable HTTP keep-alives and use each connection once.
-      --disable-http2                        Disable HTTP/2 in the global transport
-  -n, --dry-run                              Do a trial run with no permanent changes
-      --dscp string                          Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
-      --dump DumpFlags                       List of items to dump from: headers,bodies,requests,responses,auth,filters,goroutines,openfiles
-      --dump-bodies                          Dump HTTP headers and bodies - may contain sensitive info
-      --dump-headers                         Dump HTTP headers - may contain sensitive info
-      --error-on-no-transfer                 Sets exit code 9 if no files are transferred, useful in scripts
-      --exclude stringArray                  Exclude files matching pattern
-      --exclude-from stringArray             Read file exclude patterns from file (use - to read from stdin)
-      --exclude-if-present stringArray       Exclude directories if filename is present
-      --expect-continue-timeout Duration     Timeout when using expect / 100-continue in HTTP (default 1s)
-      --fast-list                            Use recursive list if available; uses more memory but fewer transactions
-      --files-from stringArray               Read list of source-file names from file (use - to read from stdin)
-      --files-from-raw stringArray           Read list of source-file names from file without any processing of lines (use - to read from stdin)
-  -f, --filter stringArray                   Add a file filtering rule
-      --filter-from stringArray              Read file filtering patterns from a file (use - to read from stdin)
-      --fs-cache-expire-duration Duration    Cache remotes for this long (0 to disable caching) (default 5m0s)
-      --fs-cache-expire-interval Duration    Interval to check for expired remotes (default 1m0s)
-      --header stringArray                   Set HTTP header for all transactions
-      --header-download stringArray          Set HTTP header for download transactions
-      --header-upload stringArray            Set HTTP header for upload transactions
-      --human-readable                       Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
-      --ignore-case                          Ignore case in filters (case insensitive)
-      --ignore-case-sync                     Ignore case when synchronizing
-      --ignore-checksum                      Skip post copy check of checksums
-      --ignore-errors                        Delete even if there are I/O errors
-      --ignore-existing                      Skip all files that exist on destination
-      --ignore-size                          Ignore size when skipping use mod-time or checksum
-  -I, --ignore-times                         Don\[aq]t skip files that match size and time - transfer all files
-      --immutable                            Do not modify files, fail if existing files have been modified
-      --include stringArray                  Include files matching pattern
-      --include-from stringArray             Read file include patterns from file (use - to read from stdin)
-  -i, --interactive                          Enable interactive mode
-      --kv-lock-time Duration                Maximum time to keep key-value database locked by process (default 1s)
-      --log-file string                      Log everything to this file
-      --log-format string                    Comma separated list of log format options (default \[dq]date,time\[dq])
-      --log-level string                     Log level DEBUG|INFO|NOTICE|ERROR (default \[dq]NOTICE\[dq])
-      --log-systemd                          Activate systemd integration for the logger
-      --low-level-retries int                Number of low level retries to do (default 10)
-      --max-age Duration                     Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --max-backlog int                      Maximum number of objects in sync or check backlog (default 10000)
-      --max-delete int                       When synchronizing, limit the number of deletes (default -1)
-      --max-delete-size SizeSuffix           When synchronizing, limit the total size of deletes (default off)
-      --max-depth int                        If set limits the recursion depth to this (default -1)
-      --max-duration Duration                Maximum duration rclone will transfer data for (default 0s)
-      --max-size SizeSuffix                  Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
-      --max-stats-groups int                 Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
-      --max-transfer SizeSuffix              Maximum size of data to transfer (default off)
-      --memprofile string                    Write memory profile to file
-  -M, --metadata                             If set, preserve metadata when copying objects
-      --metadata-exclude stringArray         Exclude metadatas matching pattern
-      --metadata-exclude-from stringArray    Read metadata exclude patterns from file (use - to read from stdin)
-      --metadata-filter stringArray          Add a metadata filtering rule
-      --metadata-filter-from stringArray     Read metadata filtering patterns from a file (use - to read from stdin)
-      --metadata-include stringArray         Include metadatas matching pattern
-      --metadata-include-from stringArray    Read metadata include patterns from file (use - to read from stdin)
-      --metadata-set stringArray             Add metadata key=value when uploading
-      --min-age Duration                     Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
-      --min-size SizeSuffix                  Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
-      --modify-window Duration               Max time diff to be considered the same (default 1ns)
-      --multi-thread-cutoff SizeSuffix       Use multi-thread downloads for files above this size (default 250Mi)
-      --multi-thread-streams int             Max number of streams to use for multi-thread downloads (default 4)
-      --no-check-certificate                 Do not verify the server SSL certificate (insecure)
-      --no-check-dest                        Don\[aq]t check the destination, copy regardless
-      --no-console                           Hide console window (supported on Windows only)
-      --no-gzip-encoding                     Don\[aq]t set Accept-Encoding: gzip
-      --no-traverse                          Don\[aq]t traverse destination file system on copy
-      --no-unicode-normalization             Don\[aq]t normalize unicode characters in filenames
-      --no-update-modtime                    Don\[aq]t update destination mod-time if files identical
-      --order-by string                      Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
-      --password-command SpaceSepList        Command for supplying password for encrypted configuration
-  -P, --progress                             Show progress during transfer
-      --progress-terminal-title              Show progress on the terminal title (requires -P/--progress)
-  -q, --quiet                                Print as little stuff as possible
-      --rc                                   Enable the remote control server
-      --rc-addr stringArray                  IPaddress:Port or :Port to bind server to (default [localhost:5572])
-      --rc-allow-origin string               Set the allowed origin for CORS
-      --rc-baseurl string                    Prefix for URLs - leave blank for root
-      --rc-cert string                       TLS PEM key (concatenation of certificate and CA certificate)
-      --rc-client-ca string                  Client certificate authority to verify clients with
-      --rc-enable-metrics                    Enable prometheus metrics on /metrics
-      --rc-files string                      Path to local files to serve on the HTTP server
-      --rc-htpasswd string                   A htpasswd file - if not provided no authentication is done
-      --rc-job-expire-duration Duration      Expire finished async jobs older than this value (default 1m0s)
-      --rc-job-expire-interval Duration      Interval to check for expired async jobs (default 10s)
-      --rc-key string                        TLS PEM Private key
-      --rc-max-header-bytes int              Maximum size of request header (default 4096)
-      --rc-min-tls-version string            Minimum TLS version that is acceptable (default \[dq]tls1.0\[dq])
-      --rc-no-auth                           Don\[aq]t require auth for certain methods
-      --rc-pass string                       Password for authentication
-      --rc-realm string                      Realm for authentication
-      --rc-salt string                       Password hashing salt (default \[dq]dlPL2MqE\[dq])
-      --rc-serve                             Enable the serving of remote objects
-      --rc-server-read-timeout Duration      Timeout for server reading data (default 1h0m0s)
-      --rc-server-write-timeout Duration     Timeout for server writing data (default 1h0m0s)
-      --rc-template string                   User-specified template
-      --rc-user string                       User name for authentication
-      --rc-web-fetch-url string              URL to fetch the releases for webgui (default \[dq]https://api.github.com/repos/rclone/rclone-webui-react/releases/latest\[dq])
-      --rc-web-gui                           Launch WebGUI on localhost
-      --rc-web-gui-force-update              Force update to latest version of web gui
-      --rc-web-gui-no-open-browser           Don\[aq]t open the browser automatically
-      --rc-web-gui-update                    Check and update to latest version of web gui
-      --refresh-times                        Refresh the modtime of remote files
-      --retries int                          Retry operations this many times if they fail (default 3)
-      --retries-sleep Duration               Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
-      --server-side-across-configs           Allow server-side operations (e.g. copy) to work across different configs
-      --size-only                            Skip based on size only, not mod-time or checksum
-      --stats Duration                       Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
-      --stats-file-name-length int           Max file name length in stats (0 for no limit) (default 45)
-      --stats-log-level string               Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default \[dq]INFO\[dq])
-      --stats-one-line                       Make the stats fit on one line
-      --stats-one-line-date                  Enable --stats-one-line and add current date/time prefix
-      --stats-one-line-date-format string    Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes (\[dq]), see https://golang.org/pkg/time/#Time.Format
-      --stats-unit string                    Show data rate in stats as either \[aq]bits\[aq] or \[aq]bytes\[aq] per second (default \[dq]bytes\[dq])
-      --streaming-upload-cutoff SizeSuffix   Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
-      --suffix string                        Suffix to add to changed files
-      --suffix-keep-extension                Preserve the extension when using --suffix
-      --syslog                               Use Syslog for logging
-      --syslog-facility string               Facility for syslog, e.g. KERN,USER,... (default \[dq]DAEMON\[dq])
-      --temp-dir string                      Directory rclone will use for temporary files (default \[dq]/tmp\[dq])
-      --timeout Duration                     IO idle timeout (default 5m0s)
-      --tpslimit float                       Limit HTTP transactions per second to this
-      --tpslimit-burst int                   Max burst of transactions for --tpslimit (default 1)
-      --track-renames                        When synchronizing, track file renames and do a server-side move if possible
-      --track-renames-strategy string        Strategies to use when synchronizing using track-renames hash|modtime|leaf (default \[dq]hash\[dq])
-      --transfers int                        Number of file transfers to run in parallel (default 4)
-  -u, --update                               Skip files that are newer on the destination
-      --use-cookies                          Enable session cookiejar
-      --use-json-log                         Use json log format
-      --use-mmap                             Use mmap allocator (see docs)
-      --use-server-modtime                   Use server modified time instead of object metadata
-      --user-agent string                    Set the user-agent to a specified string (default \[dq]rclone/v1.62.0\[dq])
-  -v, --verbose count                        Print lots more stuff (repeat for more)
-\f[R]
-.fi
-.SS Backend Flags
-.PP
-These flags are available for every command.
-They control the backends and may be set in the config file.
-.IP
-.nf
-\f[C]
-      --acd-auth-url string                            Auth server URL
-      --acd-client-id string                           OAuth Client Id
-      --acd-client-secret string                       OAuth Client Secret
-      --acd-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --acd-templink-threshold SizeSuffix              Files >= this size will be downloaded via their tempLink (default 9Gi)
-      --acd-token string                               OAuth Access Token as a JSON blob
-      --acd-token-url string                           Token server url
-      --acd-upload-wait-per-gb Duration                Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
-      --alias-remote string                            Remote or path to alias
-      --azureblob-access-tier string                   Access tier of blob: hot, cool or archive
-      --azureblob-account string                       Azure Storage Account Name
-      --azureblob-archive-tier-delete                  Delete archive tier blobs before overwriting
-      --azureblob-chunk-size SizeSuffix                Upload chunk size (default 4Mi)
-      --azureblob-client-certificate-password string   Password for the certificate file (optional) (obscured)
-      --azureblob-client-certificate-path string       Path to a PEM or PKCS12 certificate file including the private key
-      --azureblob-client-id string                     The ID of the client in use
-      --azureblob-client-secret string                 One of the service principal\[aq]s client secrets
-      --azureblob-client-send-certificate-chain        Send the certificate chain when using certificate auth
-      --azureblob-disable-checksum                     Don\[aq]t store MD5 checksum with object metadata
-      --azureblob-encoding MultiEncoder                The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
-      --azureblob-endpoint string                      Endpoint for the service
-      --azureblob-env-auth                             Read credentials from runtime (environment variables, CLI or MSI)
-      --azureblob-key string                           Storage Account Shared Key
-      --azureblob-list-chunk int                       Size of blob list (default 5000)
-      --azureblob-memory-pool-flush-time Duration      How often internal memory buffer pools will be flushed (default 1m0s)
-      --azureblob-memory-pool-use-mmap                 Whether to use mmap buffers in internal memory pool
-      --azureblob-msi-client-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-msi-mi-res-id string                 Azure resource ID of the user-assigned MSI to use, if any
-      --azureblob-msi-object-id string                 Object ID of the user-assigned MSI to use, if any
-      --azureblob-no-check-container                   If set, don\[aq]t attempt to check the container exists or create it
-      --azureblob-no-head-object                       If set, do not do HEAD before GET when getting objects
-      --azureblob-password string                      The user\[aq]s password (obscured)
-      --azureblob-public-access string                 Public access level of a container: blob or container
-      --azureblob-sas-url string                       SAS URL for container level access only
-      --azureblob-service-principal-file string        Path to file containing credentials for use with a service principal
-      --azureblob-tenant string                        ID of the service principal\[aq]s tenant. Also called its directory ID
-      --azureblob-upload-concurrency int               Concurrency for multipart uploads (default 16)
-      --azureblob-upload-cutoff string                 Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
-      --azureblob-use-emulator                         Uses local storage emulator if provided as \[aq]true\[aq]
-      --azureblob-use-msi                              Use a managed service identity to authenticate (only works in Azure)
-      --azureblob-username string                      User name (usually an email address)
-      --b2-account string                              Account ID or Application Key ID
-      --b2-chunk-size SizeSuffix                       Upload chunk size (default 96Mi)
-      --b2-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4Gi)
-      --b2-disable-checksum                            Disable checksums for large (> upload cutoff) files
-      --b2-download-auth-duration Duration             Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
-      --b2-download-url string                         Custom endpoint for downloads
-      --b2-encoding MultiEncoder                       The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --b2-endpoint string                             Endpoint for the service
-      --b2-hard-delete                                 Permanently delete files on remote removal, otherwise hide files
-      --b2-key string                                  Application Key
-      --b2-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --b2-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --b2-test-mode string                            A flag string for X-Bz-Test-Mode header for debugging
-      --b2-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --b2-version-at Time                             Show file versions as they were at the specified time (default off)
-      --b2-versions                                    Include old versions in directory listings
-      --box-access-token string                        Box App Primary Access Token
-      --box-auth-url string                            Auth server URL
-      --box-box-config-file string                     Box App config.json location
-      --box-box-sub-type string                         (default \[dq]user\[dq])
-      --box-client-id string                           OAuth Client Id
-      --box-client-secret string                       OAuth Client Secret
-      --box-commit-retries int                         Max number of times to try committing a multipart file (default 100)
-      --box-encoding MultiEncoder                      The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
-      --box-list-chunk int                             Size of listing chunk 1-1000 (default 1000)
-      --box-owned-by string                            Only show items owned by the login (email address) passed in
-      --box-root-folder-id string                      Fill in for rclone to use a non root folder as its starting point
-      --box-token string                               OAuth Access Token as a JSON blob
-      --box-token-url string                           Token server url
-      --box-upload-cutoff SizeSuffix                   Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
-      --cache-chunk-clean-interval Duration            How often should the cache perform cleanups of the chunk storage (default 1m0s)
-      --cache-chunk-no-memory                          Disable the in-memory cache for storing chunks during streaming
-      --cache-chunk-path string                        Directory to cache chunk files (default \[dq]$HOME/.cache/rclone/cache-backend\[dq])
-      --cache-chunk-size SizeSuffix                    The size of a chunk (partial file data) (default 5Mi)
-      --cache-chunk-total-size SizeSuffix              The total size that the chunks can take up on the local disk (default 10Gi)
-      --cache-db-path string                           Directory to store file structure metadata DB (default \[dq]$HOME/.cache/rclone/cache-backend\[dq])
-      --cache-db-purge                                 Clear all the cached data for this remote on start
-      --cache-db-wait-time Duration                    How long to wait for the DB to be available - 0 is unlimited (default 1s)
-      --cache-info-age Duration                        How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
-      --cache-plex-insecure string                     Skip all certificate verification when connecting to the Plex server
-      --cache-plex-password string                     The password of the Plex user (obscured)
-      --cache-plex-url string                          The URL of the Plex server
-      --cache-plex-username string                     The username of the Plex user
-      --cache-read-retries int                         How many times to retry a read from a cache storage (default 10)
-      --cache-remote string                            Remote to cache
-      --cache-rps int                                  Limits the number of requests per second to the source FS (-1 to disable) (default -1)
-      --cache-tmp-upload-path string                   Directory to keep temporary files until they are uploaded
-      --cache-tmp-wait-time Duration                   How long should files be stored in local cache before being uploaded (default 15s)
-      --cache-workers int                              How many workers should run in parallel to download chunks (default 4)
-      --cache-writes                                   Cache file data on writes through the FS
-      --chunker-chunk-size SizeSuffix                  Files larger than chunk size will be split in chunks (default 2Gi)
-      --chunker-fail-hard                              Choose how chunker should handle files with missing or invalid chunks
-      --chunker-hash-type string                       Choose how chunker handles hash sums (default \[dq]md5\[dq])
-      --chunker-remote string                          Remote to chunk/unchunk
-      --combine-upstreams SpaceSepList                 Upstreams for combining
-      --compress-level int                             GZIP compression level (-2 to 9) (default -1)
-      --compress-mode string                           Compression mode (default \[dq]gzip\[dq])
-      --compress-ram-cache-limit SizeSuffix            Some remotes don\[aq]t allow the upload of files with unknown size (default 20Mi)
-      --compress-remote string                         Remote to compress
-  -L, --copy-links                                     Follow symlinks and copy the pointed to item
-      --crypt-directory-name-encryption                Option to either encrypt directory names or leave them intact (default true)
-      --crypt-filename-encoding string                 How to encode the encrypted filename to text string (default \[dq]base32\[dq])
-      --crypt-filename-encryption string               How to encrypt the filenames (default \[dq]standard\[dq])
-      --crypt-no-data-encryption                       Option to either encrypt file data or leave it unencrypted
-      --crypt-password string                          Password or pass phrase for encryption (obscured)
-      --crypt-password2 string                         Password or pass phrase for salt (obscured)
-      --crypt-remote string                            Remote to encrypt/decrypt
-      --crypt-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different crypt configs
-      --crypt-show-mapping                             For all files listed show how the names encrypt
-      --drive-acknowledge-abuse                        Set to allow files which return cannotDownloadAbusiveFile to be downloaded
-      --drive-allow-import-name-change                 Allow the filetype to change when uploading Google docs
-      --drive-auth-owner-only                          Only consider files owned by the authenticated user
-      --drive-auth-url string                          Auth server URL
-      --drive-chunk-size SizeSuffix                    Upload chunk size (default 8Mi)
-      --drive-client-id string                         Google Application Client Id
-      --drive-client-secret string                     OAuth Client Secret
-      --drive-copy-shortcut-content                    Server side copy contents of shortcuts instead of the shortcut
-      --drive-disable-http2                            Disable drive using http2 (default true)
-      --drive-encoding MultiEncoder                    The encoding for the backend (default InvalidUtf8)
-      --drive-export-formats string                    Comma separated list of preferred formats for downloading Google docs (default \[dq]docx,xlsx,pptx,svg\[dq])
-      --drive-formats string                           Deprecated: See export_formats
-      --drive-impersonate string                       Impersonate this user when using a service account
-      --drive-import-formats string                    Comma separated list of preferred formats for uploading Google docs
-      --drive-keep-revision-forever                    Keep new head revision of each file forever
-      --drive-list-chunk int                           Size of listing chunk 100-1000, 0 to disable (default 1000)
-      --drive-pacer-burst int                          Number of API calls to allow without sleeping (default 100)
-      --drive-pacer-min-sleep Duration                 Minimum time to sleep between API calls (default 100ms)
-      --drive-resource-key string                      Resource key for accessing a link-shared file
-      --drive-root-folder-id string                    ID of the root folder
-      --drive-scope string                             Scope that rclone should use when requesting access from drive
-      --drive-server-side-across-configs               Allow server-side operations (e.g. copy) to work across different drive configs
-      --drive-service-account-credentials string       Service Account Credentials JSON blob
-      --drive-service-account-file string              Service Account Credentials JSON file path
-      --drive-shared-with-me                           Only show files that are shared with me
-      --drive-size-as-quota                            Show sizes as storage quota usage, not actual size
-      --drive-skip-checksum-gphotos                    Skip MD5 checksum on Google photos and videos only
-      --drive-skip-dangling-shortcuts                  If set skip dangling shortcut files
-      --drive-skip-gdocs                               Skip google documents in all listings
-      --drive-skip-shortcuts                           If set skip shortcut files
-      --drive-starred-only                             Only show files that are starred
-      --drive-stop-on-download-limit                   Make download limit errors be fatal
-      --drive-stop-on-upload-limit                     Make upload limit errors be fatal
-      --drive-team-drive string                        ID of the Shared Drive (Team Drive)
-      --drive-token string                             OAuth Access Token as a JSON blob
-      --drive-token-url string                         Token server url
-      --drive-trashed-only                             Only show files that are in the trash
-      --drive-upload-cutoff SizeSuffix                 Cutoff for switching to chunked upload (default 8Mi)
-      --drive-use-created-date                         Use file created date instead of modified date
-      --drive-use-shared-date                          Use date file was shared instead of modified date
-      --drive-use-trash                                Send files to the trash instead of deleting permanently (default true)
-      --drive-v2-download-min-size SizeSuffix          If Object\[aq]s are greater, use drive v2 API to download (default off)
-      --dropbox-auth-url string                        Auth server URL
-      --dropbox-batch-commit-timeout Duration          Max time to wait for a batch to finish committing (default 10m0s)
-      --dropbox-batch-mode string                      Upload file batching sync|async|off (default \[dq]sync\[dq])
-      --dropbox-batch-size int                         Max number of files in upload batch
-      --dropbox-batch-timeout Duration                 Max time to allow an idle upload batch before uploading (default 0s)
-      --dropbox-chunk-size SizeSuffix                  Upload chunk size (< 150Mi) (default 48Mi)
-      --dropbox-client-id string                       OAuth Client Id
-      --dropbox-client-secret string                   OAuth Client Secret
-      --dropbox-encoding MultiEncoder                  The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
-      --dropbox-impersonate string                     Impersonate this user when using a business account
-      --dropbox-shared-files                           Instructs rclone to work on individual shared files
-      --dropbox-shared-folders                         Instructs rclone to work on shared folders
-      --dropbox-token string                           OAuth Access Token as a JSON blob
-      --dropbox-token-url string                       Token server url
-      --fichier-api-key string                         Your API Key, get it from https://1fichier.com/console/params.pl
-      --fichier-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
-      --fichier-file-password string                   If you want to download a shared file that is password protected, add this parameter (obscured)
-      --fichier-folder-password string                 If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
-      --fichier-shared-folder string                   If you want to download a shared folder, add this parameter
-      --filefabric-encoding MultiEncoder               The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --filefabric-permanent-token string              Permanent Authentication Token
-      --filefabric-root-folder-id string               ID of the root folder
-      --filefabric-token string                        Session Token
-      --filefabric-token-expiry string                 Token expiry time
-      --filefabric-url string                          URL of the Enterprise File Fabric to connect to
-      --filefabric-version string                      Version read from the file fabric
-      --ftp-ask-password                               Allow asking for FTP password when needed
-      --ftp-close-timeout Duration                     Maximum time to wait for a response to close (default 1m0s)
-      --ftp-concurrency int                            Maximum number of FTP simultaneous connections, 0 for unlimited
-      --ftp-disable-epsv                               Disable using EPSV even if server advertises support
-      --ftp-disable-mlsd                               Disable using MLSD even if server advertises support
-      --ftp-disable-tls13                              Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
-      --ftp-disable-utf8                               Disable using UTF-8 even if server advertises support
-      --ftp-encoding MultiEncoder                      The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
-      --ftp-explicit-tls                               Use Explicit FTPS (FTP over TLS)
-      --ftp-force-list-hidden                          Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
-      --ftp-host string                                FTP host to connect to
-      --ftp-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --ftp-no-check-certificate                       Do not verify the TLS certificate of the server
-      --ftp-pass string                                FTP password (obscured)
-      --ftp-port int                                   FTP port number (default 21)
-      --ftp-shut-timeout Duration                      Maximum time to wait for data connection closing status (default 1m0s)
-      --ftp-tls                                        Use Implicit FTPS (FTP over TLS)
-      --ftp-tls-cache-size int                         Size of TLS session cache for all control and data connections (default 32)
-      --ftp-user string                                FTP username (default \[dq]$USER\[dq])
-      --ftp-writing-mdtm                               Use MDTM to set modification time (VsFtpd quirk)
-      --gcs-anonymous                                  Access public buckets and objects without credentials
-      --gcs-auth-url string                            Auth server URL
-      --gcs-bucket-acl string                          Access Control List for new buckets
-      --gcs-bucket-policy-only                         Access checks should use bucket-level IAM policies
-      --gcs-client-id string                           OAuth Client Id
-      --gcs-client-secret string                       OAuth Client Secret
-      --gcs-decompress                                 If set this will decompress gzip encoded objects
-      --gcs-encoding MultiEncoder                      The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gcs-endpoint string                            Endpoint for the service
-      --gcs-env-auth                                   Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
-      --gcs-location string                            Location for the newly created buckets
-      --gcs-no-check-bucket                            If set, don\[aq]t attempt to check the bucket exists or create it
-      --gcs-object-acl string                          Access Control List for new objects
-      --gcs-project-number string                      Project number
-      --gcs-service-account-file string                Service Account Credentials JSON file path
-      --gcs-storage-class string                       The storage class to use when storing objects in Google Cloud Storage
-      --gcs-token string                               OAuth Access Token as a JSON blob
-      --gcs-token-url string                           Token server url
-      --gphotos-auth-url string                        Auth server URL
-      --gphotos-client-id string                       OAuth Client Id
-      --gphotos-client-secret string                   OAuth Client Secret
-      --gphotos-encoding MultiEncoder                  The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
-      --gphotos-include-archived                       Also view and download archived media
-      --gphotos-read-only                              Set to make the Google Photos backend read only
-      --gphotos-read-size                              Set to read the size of media items
-      --gphotos-start-year int                         Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
-      --gphotos-token string                           OAuth Access Token as a JSON blob
-      --gphotos-token-url string                       Token server url
-      --hasher-auto-size SizeSuffix                    Auto-update checksum for files smaller than this size (disabled by default)
-      --hasher-hashes CommaSepList                     Comma separated list of supported checksum types (default md5,sha1)
-      --hasher-max-age Duration                        Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
-      --hasher-remote string                           Remote to cache checksums for (e.g. myRemote:path)
-      --hdfs-data-transfer-protection string           Kerberos data transfer protection: authentication|integrity|privacy
-      --hdfs-encoding MultiEncoder                     The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
-      --hdfs-namenode string                           Hadoop name node and port
-      --hdfs-service-principal-name string             Kerberos service principal name for the namenode
-      --hdfs-username string                           Hadoop user name
-      --hidrive-auth-url string                        Auth server URL
-      --hidrive-chunk-size SizeSuffix                  Chunksize for chunked uploads (default 48Mi)
-      --hidrive-client-id string                       OAuth Client Id
-      --hidrive-client-secret string                   OAuth Client Secret
-      --hidrive-disable-fetching-member-count          Do not fetch number of objects in directories unless it is absolutely necessary
-      --hidrive-encoding MultiEncoder                  The encoding for the backend (default Slash,Dot)
-      --hidrive-endpoint string                        Endpoint for the service (default \[dq]https://api.hidrive.strato.com/2.1\[dq])
-      --hidrive-root-prefix string                     The root/parent folder for all paths (default \[dq]/\[dq])
-      --hidrive-scope-access string                    Access permissions that rclone should use when requesting access from HiDrive (default \[dq]rw\[dq])
-      --hidrive-scope-role string                      User-level that rclone should use when requesting access from HiDrive (default \[dq]user\[dq])
-      --hidrive-token string                           OAuth Access Token as a JSON blob
-      --hidrive-token-url string                       Token server url
-      --hidrive-upload-concurrency int                 Concurrency for chunked uploads (default 4)
-      --hidrive-upload-cutoff SizeSuffix               Cutoff/Threshold for chunked uploads (default 96Mi)
-      --http-headers CommaSepList                      Set HTTP headers for all transactions
-      --http-no-head                                   Don\[aq]t use HEAD requests
-      --http-no-slash                                  Set this if the site doesn\[aq]t end directories with /
-      --http-url string                                URL of HTTP host to connect to
-      --internetarchive-access-key-id string           IAS3 Access Key
-      --internetarchive-disable-checksum               Don\[aq]t ask the server to test against MD5 checksum calculated by rclone (default true)
-      --internetarchive-encoding MultiEncoder          The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
-      --internetarchive-endpoint string                IAS3 Endpoint (default \[dq]https://s3.us.archive.org\[dq])
-      --internetarchive-front-endpoint string          Host of InternetArchive Frontend (default \[dq]https://archive.org\[dq])
-      --internetarchive-secret-access-key string       IAS3 Secret Key (password)
-      --internetarchive-wait-archive Duration          Timeout for waiting the server\[aq]s processing tasks (specifically archive and book_op) to finish (default 0s)
-      --jottacloud-encoding MultiEncoder               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
-      --jottacloud-hard-delete                         Delete files permanently rather than putting them into the trash
-      --jottacloud-md5-memory-limit SizeSuffix         Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
-      --jottacloud-no-versions                         Avoid server side versioning by deleting files and recreating files instead of overwriting them
-      --jottacloud-trashed-only                        Only show files that are in the trash
-      --jottacloud-upload-resume-limit SizeSuffix      Files bigger than this can be resumed if the upload fail\[aq]s (default 10Mi)
-      --koofr-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --koofr-endpoint string                          The Koofr API endpoint to use
-      --koofr-mountid string                           Mount ID of the mount to use
-      --koofr-password string                          Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
-      --koofr-provider string                          Choose your storage provider
-      --koofr-setmtime                                 Does the backend support setting modification time (default true)
-      --koofr-user string                              Your user name
-  -l, --links                                          Translate symlinks to/from regular files with a \[aq].rclonelink\[aq] extension
-      --local-case-insensitive                         Force the filesystem to report itself as case insensitive
-      --local-case-sensitive                           Force the filesystem to report itself as case sensitive
-      --local-encoding MultiEncoder                    The encoding for the backend (default Slash,Dot)
-      --local-no-check-updated                         Don\[aq]t check to see if the files change during upload
-      --local-no-preallocate                           Disable preallocation of disk space for transferred files
-      --local-no-set-modtime                           Disable setting modtime
-      --local-no-sparse                                Disable sparse files for multi-thread downloads
-      --local-nounc                                    Disable UNC (long path names) conversion on Windows
-      --local-unicode-normalization                    Apply unicode NFC normalization to paths and filenames
-      --local-zero-size-links                          Assume the Stat size of links is zero (and read them instead) (deprecated)
-      --mailru-check-hash                              What should copy do if file checksum is mismatched or invalid (default true)
-      --mailru-encoding MultiEncoder                   The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --mailru-pass string                             Password (obscured)
-      --mailru-speedup-enable                          Skip full upload if there is another file with same data hash (default true)
-      --mailru-speedup-file-patterns string            Comma separated list of file name patterns eligible for speedup (put by hash) (default \[dq]*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf\[dq])
-      --mailru-speedup-max-disk SizeSuffix             This option allows you to disable speedup (put by hash) for large files (default 3Gi)
-      --mailru-speedup-max-memory SizeSuffix           Files larger than the size given below will always be hashed on disk (default 32Mi)
-      --mailru-user string                             User name (usually email)
-      --mega-debug                                     Output more debug from Mega
-      --mega-encoding MultiEncoder                     The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --mega-hard-delete                               Delete files permanently rather than putting them into the trash
-      --mega-pass string                               Password (obscured)
-      --mega-use-https                                 Use HTTPS for transfers
-      --mega-user string                               User name
-      --netstorage-account string                      Set the NetStorage account name
-      --netstorage-host string                         Domain+path of NetStorage host to connect to
-      --netstorage-protocol string                     Select between HTTP or HTTPS protocol (default \[dq]https\[dq])
-      --netstorage-secret string                       Set the NetStorage account secret/G2O key for authentication (obscured)
-  -x, --one-file-system                                Don\[aq]t cross filesystem boundaries (unix/macOS only)
-      --onedrive-access-scopes SpaceSepList            Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
-      --onedrive-auth-url string                       Auth server URL
-      --onedrive-chunk-size SizeSuffix                 Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
-      --onedrive-client-id string                      OAuth Client Id
-      --onedrive-client-secret string                  OAuth Client Secret
-      --onedrive-drive-id string                       The ID of the drive to use
-      --onedrive-drive-type string                     The type of the drive (personal | business | documentLibrary)
-      --onedrive-encoding MultiEncoder                 The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --onedrive-expose-onenote-files                  Set to make OneNote files show up in directory listings
-      --onedrive-hash-type string                      Specify the hash in use for the backend (default \[dq]auto\[dq])
-      --onedrive-link-password string                  Set the password for links created by the link command
-      --onedrive-link-scope string                     Set the scope of the links created by the link command (default \[dq]anonymous\[dq])
-      --onedrive-link-type string                      Set the type of the links created by the link command (default \[dq]view\[dq])
-      --onedrive-list-chunk int                        Size of listing chunk (default 1000)
-      --onedrive-no-versions                           Remove all versions on modifying operations
-      --onedrive-region string                         Choose national cloud region for OneDrive (default \[dq]global\[dq])
-      --onedrive-root-folder-id string                 ID of the root folder
-      --onedrive-server-side-across-configs            Allow server-side operations (e.g. copy) to work across different onedrive configs
-      --onedrive-token string                          OAuth Access Token as a JSON blob
-      --onedrive-token-url string                      Token server url
-      --oos-chunk-size SizeSuffix                      Chunk size to use for uploading (default 5Mi)
-      --oos-compartment string                         Object storage compartment OCID
-      --oos-config-file string                         Path to OCI config file (default \[dq]\[ti]/.oci/config\[dq])
-      --oos-config-profile string                      Profile name inside the oci config file (default \[dq]Default\[dq])
-      --oos-copy-cutoff SizeSuffix                     Cutoff for switching to multipart copy (default 4.656Gi)
-      --oos-copy-timeout Duration                      Timeout for copy (default 1m0s)
-      --oos-disable-checksum                           Don\[aq]t store MD5 checksum with object metadata
-      --oos-encoding MultiEncoder                      The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --oos-endpoint string                            Endpoint for Object storage API
-      --oos-leave-parts-on-error                       If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --oos-namespace string                           Object storage namespace
-      --oos-no-check-bucket                            If set, don\[aq]t attempt to check the bucket exists or create it
-      --oos-provider string                            Choose your Auth Provider (default \[dq]env_auth\[dq])
-      --oos-region string                              Object storage Region
-      --oos-sse-customer-algorithm string              If using SSE-C, the optional header that specifies \[dq]AES256\[dq] as the encryption algorithm
-      --oos-sse-customer-key string                    To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
-      --oos-sse-customer-key-file string               To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
-      --oos-sse-customer-key-sha256 string             If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
-      --oos-sse-kms-key-id string                      if using using your own master key in vault, this header specifies the
-      --oos-storage-tier string                        The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default \[dq]Standard\[dq])
-      --oos-upload-concurrency int                     Concurrency for multipart uploads (default 10)
-      --oos-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
-      --opendrive-chunk-size SizeSuffix                Files will be uploaded in chunks this size (default 10Mi)
-      --opendrive-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
-      --opendrive-password string                      Password (obscured)
-      --opendrive-username string                      Username
-      --pcloud-auth-url string                         Auth server URL
-      --pcloud-client-id string                        OAuth Client Id
-      --pcloud-client-secret string                    OAuth Client Secret
-      --pcloud-encoding MultiEncoder                   The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --pcloud-hostname string                         Hostname to connect to (default \[dq]api.pcloud.com\[dq])
-      --pcloud-password string                         Your pcloud password (obscured)
-      --pcloud-root-folder-id string                   Fill in for rclone to use a non root folder as its starting point (default \[dq]d0\[dq])
-      --pcloud-token string                            OAuth Access Token as a JSON blob
-      --pcloud-token-url string                        Token server url
-      --pcloud-username string                         Your pcloud username
-      --premiumizeme-encoding MultiEncoder             The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --putio-encoding MultiEncoder                    The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
-      --qingstor-access-key-id string                  QingStor Access Key ID
-      --qingstor-chunk-size SizeSuffix                 Chunk size to use for uploading (default 4Mi)
-      --qingstor-connection-retries int                Number of connection retries (default 3)
-      --qingstor-encoding MultiEncoder                 The encoding for the backend (default Slash,Ctl,InvalidUtf8)
-      --qingstor-endpoint string                       Enter an endpoint URL to connection QingStor API
-      --qingstor-env-auth                              Get QingStor credentials from runtime
-      --qingstor-secret-access-key string              QingStor Secret Access Key (password)
-      --qingstor-upload-concurrency int                Concurrency for multipart uploads (default 1)
-      --qingstor-upload-cutoff SizeSuffix              Cutoff for switching to chunked upload (default 200Mi)
-      --qingstor-zone string                           Zone to connect to
-      --s3-access-key-id string                        AWS Access Key ID
-      --s3-acl string                                  Canned ACL used when creating buckets and storing or copying objects
-      --s3-bucket-acl string                           Canned ACL used when creating buckets
-      --s3-chunk-size SizeSuffix                       Chunk size to use for uploading (default 5Mi)
-      --s3-copy-cutoff SizeSuffix                      Cutoff for switching to multipart copy (default 4.656Gi)
-      --s3-decompress                                  If set this will decompress gzip encoded objects
-      --s3-disable-checksum                            Don\[aq]t store MD5 checksum with object metadata
-      --s3-disable-http2                               Disable usage of http2 for S3 backends
-      --s3-download-url string                         Custom endpoint for downloads
-      --s3-encoding MultiEncoder                       The encoding for the backend (default Slash,InvalidUtf8,Dot)
-      --s3-endpoint string                             Endpoint for S3 API
-      --s3-env-auth                                    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
-      --s3-force-path-style                            If true use path style access if false use virtual hosted style (default true)
-      --s3-leave-parts-on-error                        If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
-      --s3-list-chunk int                              Size of listing chunk (response list for each ListObject S3 request) (default 1000)
-      --s3-list-url-encode Tristate                    Whether to url encode listings: true/false/unset (default unset)
-      --s3-list-version int                            Version of ListObjects to use: 1,2 or 0 for auto
-      --s3-location-constraint string                  Location constraint - must be set to match the Region
-      --s3-max-upload-parts int                        Maximum number of parts in a multipart upload (default 10000)
-      --s3-memory-pool-flush-time Duration             How often internal memory buffer pools will be flushed (default 1m0s)
-      --s3-memory-pool-use-mmap                        Whether to use mmap buffers in internal memory pool
-      --s3-might-gzip Tristate                         Set this if the backend might gzip objects (default unset)
-      --s3-no-check-bucket                             If set, don\[aq]t attempt to check the bucket exists or create it
-      --s3-no-head                                     If set, don\[aq]t HEAD uploaded objects to check integrity
-      --s3-no-head-object                              If set, do not do HEAD before GET when getting objects
-      --s3-no-system-metadata                          Suppress setting and reading of system metadata
-      --s3-profile string                              Profile to use in the shared credentials file
-      --s3-provider string                             Choose your S3 provider
-      --s3-region string                               Region to connect to
-      --s3-requester-pays                              Enables requester pays option when interacting with S3 bucket
-      --s3-secret-access-key string                    AWS Secret Access Key (password)
-      --s3-server-side-encryption string               The server-side encryption algorithm used when storing this object in S3
-      --s3-session-token string                        An AWS session token
-      --s3-shared-credentials-file string              Path to the shared credentials file
-      --s3-sse-customer-algorithm string               If using SSE-C, the server-side encryption algorithm used when storing this object in S3
-      --s3-sse-customer-key string                     To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
-      --s3-sse-customer-key-base64 string              If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
-      --s3-sse-customer-key-md5 string                 If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
-      --s3-sse-kms-key-id string                       If using KMS ID you must provide the ARN of Key
-      --s3-storage-class string                        The storage class to use when storing new objects in S3
-      --s3-sts-endpoint string                         Endpoint for STS
-      --s3-upload-concurrency int                      Concurrency for multipart uploads (default 4)
-      --s3-upload-cutoff SizeSuffix                    Cutoff for switching to chunked upload (default 200Mi)
-      --s3-use-accelerate-endpoint                     If true use the AWS S3 accelerated endpoint
-      --s3-use-multipart-etag Tristate                 Whether to use ETag in multipart uploads for verification (default unset)
-      --s3-use-presigned-request                       Whether to use a presigned request or PutObject for single part uploads
-      --s3-v2-auth                                     If true use v2 authentication
-      --s3-version-at Time                             Show file versions as they were at the specified time (default off)
-      --s3-versions                                    Include old versions in directory listings
-      --seafile-2fa                                    Two-factor authentication (\[aq]true\[aq] if the account has 2FA enabled)
-      --seafile-create-library                         Should rclone create a library if it doesn\[aq]t exist
-      --seafile-encoding MultiEncoder                  The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
-      --seafile-library string                         Name of the library
-      --seafile-library-key string                     Library password (for encrypted libraries only) (obscured)
-      --seafile-pass string                            Password (obscured)
-      --seafile-url string                             URL of seafile host to connect to
-      --seafile-user string                            User name (usually email address)
-      --sftp-ask-password                              Allow asking for SFTP password when needed
-      --sftp-chunk-size SizeSuffix                     Upload and download chunk size (default 32Ki)
-      --sftp-ciphers SpaceSepList                      Space separated list of ciphers to be used for session encryption, ordered by preference
-      --sftp-concurrency int                           The maximum number of outstanding requests for one file (default 64)
-      --sftp-disable-concurrent-reads                  If set don\[aq]t use concurrent reads
-      --sftp-disable-concurrent-writes                 If set don\[aq]t use concurrent writes
-      --sftp-disable-hashcheck                         Disable the execution of SSH commands to determine if remote file hashing is available
-      --sftp-host string                               SSH host to connect to
-      --sftp-idle-timeout Duration                     Max time before closing idle connections (default 1m0s)
-      --sftp-key-exchange SpaceSepList                 Space separated list of key exchange algorithms, ordered by preference
-      --sftp-key-file string                           Path to PEM-encoded private key file
-      --sftp-key-file-pass string                      The passphrase to decrypt the PEM-encoded private key file (obscured)
-      --sftp-key-pem string                            Raw PEM-encoded private key
-      --sftp-key-use-agent                             When set forces the usage of the ssh-agent
-      --sftp-known-hosts-file string                   Optional path to known_hosts file
-      --sftp-macs SpaceSepList                         Space separated list of MACs (message authentication code) algorithms, ordered by preference
-      --sftp-md5sum-command string                     The command used to read md5 hashes
-      --sftp-pass string                               SSH password, leave blank to use ssh-agent (obscured)
-      --sftp-path-override string                      Override path used by SSH shell commands
-      --sftp-port int                                  SSH port number (default 22)
-      --sftp-pubkey-file string                        Optional path to public key file
-      --sftp-server-command string                     Specifies the path or command to run a sftp server on the remote host
-      --sftp-set-env SpaceSepList                      Environment variables to pass to sftp and commands
-      --sftp-set-modtime                               Set the modified time on the remote if set (default true)
-      --sftp-sha1sum-command string                    The command used to read sha1 hashes
-      --sftp-shell-type string                         The type of SSH shell on remote server, if any
-      --sftp-skip-links                                Set to skip any symlinks and any other non regular files
-      --sftp-subsystem string                          Specifies the SSH2 subsystem on the remote host (default \[dq]sftp\[dq])
-      --sftp-use-fstat                                 If set use fstat instead of stat
-      --sftp-use-insecure-cipher                       Enable the use of insecure ciphers and key exchange methods
-      --sftp-user string                               SSH username (default \[dq]$USER\[dq])
-      --sharefile-chunk-size SizeSuffix                Upload chunk size (default 64Mi)
-      --sharefile-encoding MultiEncoder                The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --sharefile-endpoint string                      Endpoint for API calls
-      --sharefile-root-folder-id string                ID of the root folder
-      --sharefile-upload-cutoff SizeSuffix             Cutoff for switching to multipart upload (default 128Mi)
-      --sia-api-password string                        Sia Daemon API Password (obscured)
-      --sia-api-url string                             Sia daemon API URL, like http://sia.daemon.host:9980 (default \[dq]http://127.0.0.1:9980\[dq])
-      --sia-encoding MultiEncoder                      The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
-      --sia-user-agent string                          Siad User Agent (default \[dq]Sia-Agent\[dq])
-      --skip-links                                     Don\[aq]t warn about skipped symlinks
-      --smb-case-insensitive                           Whether the server is configured to be case-insensitive (default true)
-      --smb-domain string                              Domain name for NTLM authentication (default \[dq]WORKGROUP\[dq])
-      --smb-encoding MultiEncoder                      The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
-      --smb-hide-special-share                         Hide special shares (e.g. print$) which users aren\[aq]t supposed to access (default true)
-      --smb-host string                                SMB server hostname to connect to
-      --smb-idle-timeout Duration                      Max time before closing idle connections (default 1m0s)
-      --smb-pass string                                SMB password (obscured)
-      --smb-port int                                   SMB port number (default 445)
-      --smb-spn string                                 Service principal name
-      --smb-user string                                SMB username (default \[dq]$USER\[dq])
-      --storj-access-grant string                      Access grant
-      --storj-api-key string                           API key
-      --storj-passphrase string                        Encryption passphrase
-      --storj-provider string                          Choose an authentication method (default \[dq]existing\[dq])
-      --storj-satellite-address string                 Satellite address (default \[dq]us1.storj.io\[dq])
-      --sugarsync-access-key-id string                 Sugarsync Access Key ID
-      --sugarsync-app-id string                        Sugarsync App ID
-      --sugarsync-authorization string                 Sugarsync authorization
-      --sugarsync-authorization-expiry string          Sugarsync authorization expiry
-      --sugarsync-deleted-id string                    Sugarsync deleted folder id
-      --sugarsync-encoding MultiEncoder                The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
-      --sugarsync-hard-delete                          Permanently delete files if true
-      --sugarsync-private-access-key string            Sugarsync Private Access Key
-      --sugarsync-refresh-token string                 Sugarsync refresh token
-      --sugarsync-root-id string                       Sugarsync root id
-      --sugarsync-user string                          Sugarsync user
-      --swift-application-credential-id string         Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
-      --swift-application-credential-name string       Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
-      --swift-application-credential-secret string     Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
-      --swift-auth string                              Authentication URL for server (OS_AUTH_URL)
-      --swift-auth-token string                        Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-      --swift-auth-version int                         AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-      --swift-chunk-size SizeSuffix                    Above this size files will be chunked into a _segments container (default 5Gi)
-      --swift-domain string                            User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-      --swift-encoding MultiEncoder                    The encoding for the backend (default Slash,InvalidUtf8)
-      --swift-endpoint-type string                     Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default \[dq]public\[dq])
-      --swift-env-auth                                 Get swift credentials from environment variables in standard OpenStack form
-      --swift-key string                               API key or password (OS_PASSWORD)
-      --swift-leave-parts-on-error                     If true avoid calling abort upload on a failure
-      --swift-no-chunk                                 Don\[aq]t chunk files during streaming upload
-      --swift-no-large-objects                         Disable support for static and dynamic large objects
-      --swift-region string                            Region name - optional (OS_REGION_NAME)
-      --swift-storage-policy string                    The storage policy to use when creating a new container
-      --swift-storage-url string                       Storage URL - optional (OS_STORAGE_URL)
-      --swift-tenant string                            Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-      --swift-tenant-domain string                     Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-      --swift-tenant-id string                         Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-      --swift-user string                              User name to log in (OS_USERNAME)
-      --swift-user-id string                           User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
-      --union-action-policy string                     Policy to choose upstream on ACTION category (default \[dq]epall\[dq])
-      --union-cache-time int                           Cache time of usage and free space (in seconds) (default 120)
-      --union-create-policy string                     Policy to choose upstream on CREATE category (default \[dq]epmfs\[dq])
-      --union-min-free-space SizeSuffix                Minimum viable free space for lfs/eplfs policies (default 1Gi)
-      --union-search-policy string                     Policy to choose upstream on SEARCH category (default \[dq]ff\[dq])
-      --union-upstreams string                         List of space separated upstreams
-      --uptobox-access-token string                    Your access token
-      --uptobox-encoding MultiEncoder                  The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
-      --webdav-bearer-token string                     Bearer token instead of user/pass (e.g. a Macaroon)
-      --webdav-bearer-token-command string             Command to run to get a bearer token
-      --webdav-encoding string                         The encoding for the backend
-      --webdav-headers CommaSepList                    Set HTTP headers for all transactions
-      --webdav-pass string                             Password (obscured)
-      --webdav-url string                              URL of http host to connect to
-      --webdav-user string                             User name
-      --webdav-vendor string                           Name of the WebDAV site/service/software you are using
-      --yandex-auth-url string                         Auth server URL
-      --yandex-client-id string                        OAuth Client Id
-      --yandex-client-secret string                    OAuth Client Secret
-      --yandex-encoding MultiEncoder                   The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
-      --yandex-hard-delete                             Delete files permanently rather than putting them into the trash
-      --yandex-token string                            OAuth Access Token as a JSON blob
-      --yandex-token-url string                        Token server url
-      --zoho-auth-url string                           Auth server URL
-      --zoho-client-id string                          OAuth Client Id
-      --zoho-client-secret string                      OAuth Client Secret
-      --zoho-encoding MultiEncoder                     The encoding for the backend (default Del,Ctl,InvalidUtf8)
-      --zoho-region string                             Zoho region to connect to
-      --zoho-token string                              OAuth Access Token as a JSON blob
-      --zoho-token-url string                          Token server url
-\f[R]
-.fi
-.SH Docker Volume Plugin
-.SS Introduction
+See the size (https://rclone.org/commands/rclone_size/) command for more
+information on the above.
 .PP
-Docker 1.9 has added support for creating named
-volumes (https://docs.docker.com/storage/volumes/) via command-line
-interface (https://docs.docker.com/engine/reference/commandline/volume_create/)
-and mounting them in containers as a way to share data between them.
-Since Docker 1.10 you can create named volumes with Docker
-Compose (https://docs.docker.com/compose/) by descriptions in
-docker-compose.yml (https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference)
-files for use by container groups on a single host.
-As of Docker 1.12 volumes are supported by Docker
-Swarm (https://docs.docker.com/engine/swarm/key-concepts/) included with
-Docker Engine and created from descriptions in swarm compose
-v3 (https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference)
-files for use with \f[I]swarm stacks\f[R] across multiple cluster nodes.
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/stat: Give information about the supplied file or directory
 .PP
-Docker Volume
-Plugins (https://docs.docker.com/engine/extend/plugins_volume/) augment
-the default \f[C]local\f[R] volume driver included in Docker with
-stateful volumes shared across containers and hosts.
-Unlike local volumes, your data will \f[I]not\f[R] be deleted when such
-volume is removed.
-Plugins can run managed by the docker daemon, as a native system service
-(under systemd, \f[I]sysv\f[R] or \f[I]upstart\f[R]) or as a standalone
-executable.
-Rclone can run as docker volume plugin in all these modes.
-It interacts with the local docker daemon via plugin
-API (https://docs.docker.com/engine/extend/plugin_api/) and handles
-mounting of remote file systems into docker containers so it must run on
-the same host as the docker daemon or on every Swarm node.
-.SS Getting started
+This takes the following parameters
+.IP \[bu] 2
+fs - a remote name string eg \[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote eg \[dq]dir\[dq]
+.IP \[bu] 2
+opt - a dictionary of options to control the listing (optional)
+.RS 2
+.IP \[bu] 2
+see operations/list for the options
+.RE
 .PP
-In the first example we will use the SFTP (https://rclone.org/sftp/)
-rclone volume with Docker engine on a standalone Ubuntu machine.
+The result is
+.IP \[bu] 2
+item - an object as described in the lsjson command.
+Will be null if not found.
 .PP
-Start from installing Docker (https://docs.docker.com/engine/install/)
-on the host.
+Note that if you are only interested in files then it is much more
+efficient to set the filesOnly flag in the options.
 .PP
-The \f[I]FUSE\f[R] driver is a prerequisite for rclone mounting and
-should be installed on host:
+See the lsjson (https://rclone.org/commands/rclone_lsjson/) command for
+more information on the above and examples.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS operations/uploadfile: Upload file using multiform/form-data
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+fs - a remote name string e.g.
+\[dq]drive:\[dq]
+.IP \[bu] 2
+remote - a path within that remote e.g.
+\[dq]dir\[dq]
+.IP \[bu] 2
+each part in body represents a file to be uploaded
+.PP
+See the uploadfile (https://rclone.org/commands/rclone_uploadfile/)
+command for more information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS options/blocks: List all the option blocks
+.PP
+Returns: - options - a list of the options block names
+.SS options/get: Get all the global options
+.PP
+Returns an object where keys are option block names and values are an
+object with the current option values in.
+.PP
+Note that these are the global options which are unaffected by use of
+the _config and _filter parameters.
+If you wish to read the parameters set in _config then use
+options/config and for _filter use options/filter.
+.PP
+This shows the internal names of the option within rclone which should
+map to the external options very easily with a few exceptions.
+.SS options/local: Get the currently active config for this call
+.PP
+Returns an object with the keys \[dq]config\[dq] and \[dq]filter\[dq].
+The \[dq]config\[dq] key contains the local config and the
+\[dq]filter\[dq] key contains the local filters.
+.PP
+Note that these are the local options specific to this rc call.
+If _config was not supplied then they will be the global options.
+Likewise with \[dq]_filter\[dq].
+.PP
+This call is mostly useful for seeing if _config and _filter passing is
+working.
+.PP
+This shows the internal names of the option within rclone which should
+map to the external options very easily with a few exceptions.
+.SS options/set: Set an option
+.PP
+Parameters:
+.IP \[bu] 2
+option block name containing an object with
+.RS 2
+.IP \[bu] 2
+key: value
+.RE
+.PP
+Repeated as often as required.
+.PP
+Only supply the options you wish to change.
+If an option is unknown it will be silently ignored.
+Not all options will have an effect when changed like this.
+.PP
+For example:
+.PP
+This sets DEBUG level logs (-vv) (these can be set by number or string)
 .IP
 .nf
 \f[C]
-sudo apt-get -y install fuse
+rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: \[dq]DEBUG\[dq]}}\[aq]
+rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: 8}}\[aq]
 \f[R]
 .fi
 .PP
-Create two directories required by rclone docker plugin:
+And this sets INFO level logs (-v)
 .IP
 .nf
 \f[C]
-sudo mkdir -p /var/lib/docker-plugins/rclone/config
-sudo mkdir -p /var/lib/docker-plugins/rclone/cache
+rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: \[dq]INFO\[dq]}}\[aq]
 \f[R]
 .fi
 .PP
-Install the managed rclone docker plugin for your architecture (here
-\f[C]amd64\f[R]):
+And this sets NOTICE level logs (normal without -v)
 .IP
 .nf
 \f[C]
-docker plugin install rclone/docker-volume-rclone:amd64 args=\[dq]-v\[dq] --alias rclone --grant-all-permissions
-docker plugin list
+rclone rc options/set --json \[aq]{\[dq]main\[dq]: {\[dq]LogLevel\[dq]: \[dq]NOTICE\[dq]}}\[aq]
 \f[R]
 .fi
+.SS pluginsctl/addPlugin: Add a plugin using url
 .PP
-Create your SFTP volume (https://rclone.org/sftp/#standard-options):
+Used for adding a plugin to the webgui.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+url - http url of the github repo where the plugin is hosted
+(http://github.com/rclone/rclone-webui-react).
+.PP
+Example:
+.PP
+rclone rc pluginsctl/addPlugin
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS pluginsctl/getPluginsForType: Get plugins with type criteria
+.PP
+This shows all possible plugins by a mime type.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+type - supported mime type by a loaded plugin e.g.
+(video/mp4, audio/mp3).
+.IP \[bu] 2
+pluginType - filter plugins based on their type e.g.
+(DASHBOARD, FILE_HANDLER, TERMINAL).
+.PP
+Returns:
+.IP \[bu] 2
+loadedPlugins - list of current production plugins.
+.IP \[bu] 2
+testPlugins - list of temporarily loaded development plugins, usually
+running on a different server.
+.PP
+Example:
+.PP
+rclone rc pluginsctl/getPluginsForType type=video/mp4
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS pluginsctl/listPlugins: Get the list of currently loaded plugins
+.PP
+This allows you to get the currently enabled plugins and their details.
+.PP
+This takes no parameters and returns:
+.IP \[bu] 2
+loadedPlugins - list of current production plugins.
+.IP \[bu] 2
+testPlugins - list of temporarily loaded development plugins, usually
+running on a different server.
+.PP
+E.g.
+.PP
+rclone rc pluginsctl/listPlugins
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS pluginsctl/listTestPlugins: Show currently loaded test plugins
+.PP
+Allows listing of test plugins with the rclone.test set to true in
+package.json of the plugin.
+.PP
+This takes no parameters and returns:
+.IP \[bu] 2
+loadedTestPlugins - list of currently available test plugins.
+.PP
+E.g.
 .IP
 .nf
 \f[C]
-docker volume create firstvolume -d rclone -o type=sftp -o sftp-host=_hostname_ -o sftp-user=_username_ -o sftp-pass=_password_ -o allow-other=true
+rclone rc pluginsctl/listTestPlugins
 \f[R]
 .fi
 .PP
-Note that since all options are static, you don\[aq]t even have to run
-\f[C]rclone config\f[R] or create the \f[C]rclone.conf\f[R] file (but
-the \f[C]config\f[R] directory should still be present).
-In the simplest case you can use \f[C]localhost\f[R] as
-\f[I]hostname\f[R] and your SSH credentials as \f[I]username\f[R] and
-\f[I]password\f[R].
-You can also change the remote path to your home directory on the host,
-for example \f[C]-o path=/home/username\f[R].
+\f[B]Authentication is required for this call.\f[R]
+.SS pluginsctl/removePlugin: Remove a loaded plugin
 .PP
-Time to create a test container and mount the volume into it:
+This allows you to remove a plugin using it\[aq]s name.
+.PP
+This takes parameters:
+.IP \[bu] 2
+name - name of the plugin in the format
+\f[C]author\f[R]/\f[C]plugin_name\f[R].
+.PP
+E.g.
+.PP
+rclone rc pluginsctl/removePlugin name=rclone/video-plugin
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS pluginsctl/removeTestPlugin: Remove a test plugin
+.PP
+This allows you to remove a plugin using it\[aq]s name.
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+name - name of the plugin in the format
+\f[C]author\f[R]/\f[C]plugin_name\f[R].
+.PP
+Example:
+.IP
+.nf
+\f[C]
+rclone rc pluginsctl/removeTestPlugin name=rclone/rclone-webui-react
+\f[R]
+.fi
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS rc/error: This returns an error
+.PP
+This returns an error with the input as part of its error string.
+Useful for testing error handling.
+.SS rc/list: List all the registered remote control commands
+.PP
+This lists all the registered remote control commands as a JSON map in
+the commands response.
+.SS rc/noop: Echo the input to the output parameters
+.PP
+This echoes the input parameters to the output parameters for testing
+purposes.
+It can be used to check that rclone is still alive and to check that
+parameter passing is working properly.
+.SS rc/noopauth: Echo the input to the output parameters requiring auth
+.PP
+This echoes the input parameters to the output parameters for testing
+purposes.
+It can be used to check that rclone is still alive and to check that
+parameter passing is working properly.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS sync/bisync: Perform bidirectional synchronization between two paths.
+.PP
+This takes the following parameters
+.IP \[bu] 2
+path1 - a remote directory string e.g.
+\f[C]drive:path1\f[R]
+.IP \[bu] 2
+path2 - a remote directory string e.g.
+\f[C]drive:path2\f[R]
+.IP \[bu] 2
+dryRun - dry-run mode
+.IP \[bu] 2
+resync - performs the resync run
+.IP \[bu] 2
+checkAccess - abort if RCLONE_TEST files are not found on both
+filesystems
+.IP \[bu] 2
+checkFilename - file name for checkAccess (default: RCLONE_TEST)
+.IP \[bu] 2
+maxDelete - abort sync if percentage of deleted files is above this
+threshold (default: 50)
+.IP \[bu] 2
+force - Bypass maxDelete safety check and run the sync
+.IP \[bu] 2
+checkSync - \f[C]true\f[R] by default, \f[C]false\f[R] disables
+comparison of final listings, \f[C]only\f[R] will skip sync, only
+compare listings from the last run
+.IP \[bu] 2
+createEmptySrcDirs - Sync creation and deletion of empty directories.
+(Not compatible with --remove-empty-dirs)
+.IP \[bu] 2
+removeEmptyDirs - remove empty directories at the final cleanup step
+.IP \[bu] 2
+filtersFile - read filtering patterns from a file
+.IP \[bu] 2
+ignoreListingChecksum - Do not use checksums for listings
+.IP \[bu] 2
+resilient - Allow future runs to retry after certain less-serious
+errors, instead of requiring resync.
+Use at your own risk!
+.IP \[bu] 2
+workdir - server directory for history files (default:
+/home/ncw/.cache/rclone/bisync)
+.IP \[bu] 2
+noCleanup - retain working files
+.PP
+See bisync command help (https://rclone.org/commands/rclone_bisync/) and
+full bisync description (https://rclone.org/bisync/) for more
+information.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS sync/copy: copy a directory from source remote to destination remote
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+srcFs - a remote name string e.g.
+\[dq]drive:src\[dq] for the source
+.IP \[bu] 2
+dstFs - a remote name string e.g.
+\[dq]drive:dst\[dq] for the destination
+.IP \[bu] 2
+createEmptySrcDirs - create empty src directories on destination if set
+.PP
+See the copy (https://rclone.org/commands/rclone_copy/) command for more
+information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS sync/move: move a directory from source remote to destination remote
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+srcFs - a remote name string e.g.
+\[dq]drive:src\[dq] for the source
+.IP \[bu] 2
+dstFs - a remote name string e.g.
+\[dq]drive:dst\[dq] for the destination
+.IP \[bu] 2
+createEmptySrcDirs - create empty src directories on destination if set
+.IP \[bu] 2
+deleteEmptySrcDirs - delete empty src directories if set
+.PP
+See the move (https://rclone.org/commands/rclone_move/) command for more
+information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS sync/sync: sync a directory from source remote to destination remote
+.PP
+This takes the following parameters:
+.IP \[bu] 2
+srcFs - a remote name string e.g.
+\[dq]drive:src\[dq] for the source
+.IP \[bu] 2
+dstFs - a remote name string e.g.
+\[dq]drive:dst\[dq] for the destination
+.IP \[bu] 2
+createEmptySrcDirs - create empty src directories on destination if set
+.PP
+See the sync (https://rclone.org/commands/rclone_sync/) command for more
+information on the above.
+.PP
+\f[B]Authentication is required for this call.\f[R]
+.SS vfs/forget: Forget files or directories in the directory cache.
+.PP
+This forgets the paths in the directory cache causing them to be re-read
+from the remote when needed.
+.PP
+If no paths are passed in then it will forget all the paths in the
+directory cache.
 .IP
 .nf
 \f[C]
-docker run --rm -it -v firstvolume:/mnt --workdir /mnt ubuntu:latest bash
+rclone rc vfs/forget
 \f[R]
 .fi
 .PP
-If all goes well, you will enter the new container and change right to
-the mounted SFTP remote.
-You can type \f[C]ls\f[R] to list the mounted directory or otherwise
-play with it.
-Type \f[C]exit\f[R] when you are done.
-The container will stop but the volume will stay, ready to be reused.
-When it\[aq]s not needed anymore, remove it:
+Otherwise pass files or dirs in as file=path or dir=path.
+Any parameter key starting with file will forget that file and any
+starting with dir will forget that dir, e.g.
 .IP
 .nf
 \f[C]
-docker volume list
-docker volume remove firstvolume
+rclone rc vfs/forget file=hello file2=goodbye dir=home/junk
 \f[R]
 .fi
 .PP
-Now let us try \f[B]something more elaborate\f[R]: Google
-Drive (https://rclone.org/drive/) volume on multi-node Docker Swarm.
+This command takes an \[dq]fs\[dq] parameter.
+If this parameter is not supplied and if there is only one VFS in use
+then that VFS will be used.
+If there is more than one VFS in use then the \[dq]fs\[dq] parameter
+must be supplied.
+.SS vfs/list: List active VFSes.
 .PP
-You should start from installing Docker and FUSE, creating plugin
-directories and installing rclone plugin on \f[I]every\f[R] swarm node.
-Then setup the Swarm (https://docs.docker.com/engine/swarm/swarm-mode/).
+This lists the active VFSes.
 .PP
-Google Drive volumes need an access token which can be setup via web
-browser and will be periodically renewed by rclone.
-The managed plugin cannot run a browser so we will use a technique
-similar to the rclone setup on a headless
-box (https://rclone.org/remote_setup/).
+It returns a list under the key \[dq]vfses\[dq] where the values are the
+VFS names that could be passed to the other VFS commands in the
+\[dq]fs\[dq] parameter.
+.SS vfs/poll-interval: Get the status or update the value of the poll-interval option.
 .PP
-Run rclone config (https://rclone.org/commands/rclone_config_create/) on
-\f[I]another\f[R] machine equipped with \f[I]web browser\f[R] and
-graphical user interface.
-Create the Google Drive
-remote (https://rclone.org/drive/#standard-options).
-When done, transfer the resulting \f[C]rclone.conf\f[R] to the Swarm
-cluster and save as
-\f[C]/var/lib/docker-plugins/rclone/config/rclone.conf\f[R] on
-\f[I]every\f[R] node.
-By default this location is accessible only to the root user so you will
-need appropriate privileges.
-The resulting config will look like this:
-.IP
-.nf
-\f[C]
-[gdrive]
-type = drive
-scope = drive
-drive_id = 1234567...
-root_folder_id = 0Abcd...
-token = {\[dq]access_token\[dq]:...}
-\f[R]
-.fi
+Without any parameter given this returns the current status of the
+poll-interval setting.
 .PP
-Now create the file named \f[C]example.yml\f[R] with a swarm stack
-description like this:
+When the interval=duration parameter is set, the poll-interval value is
+updated and the polling function is notified.
+Setting interval=0 disables poll-interval.
 .IP
 .nf
 \f[C]
-version: \[aq]3\[aq]
-services:
-  heimdall:
-    image: linuxserver/heimdall:latest
-    ports: [8080:80]
-    volumes: [configdata:/config]
-volumes:
-  configdata:
-    driver: rclone
-    driver_opts:
-      remote: \[aq]gdrive:heimdall\[aq]
-      allow_other: \[aq]true\[aq]
-      vfs_cache_mode: full
-      poll_interval: 0
+rclone rc vfs/poll-interval interval=5m
 \f[R]
 .fi
 .PP
-and run the stack:
-.IP
-.nf
-\f[C]
-docker stack deploy example -c ./example.yml
-\f[R]
-.fi
+The timeout=duration parameter can be used to specify a time to wait for
+the current poll function to apply the new value.
+If timeout is less or equal 0, which is the default, wait indefinitely.
 .PP
-After a few seconds docker will spread the parsed stack description over
-cluster, create the \f[C]example_heimdall\f[R] service on port
-\f[I]8080\f[R], run service containers on one or more cluster nodes and
-request the \f[C]example_configdata\f[R] volume from rclone plugins on
-the node hosts.
-You can use the following commands to confirm results:
-.IP
-.nf
-\f[C]
-docker service ls
-docker service ps example_heimdall
-docker volume ls
-\f[R]
-.fi
+The new poll-interval value will only be active when the timeout is not
+reached.
 .PP
-Point your browser to \f[C]http://cluster.host.address:8080\f[R] and
-play with the service.
-Stop it with \f[C]docker stack remove example\f[R] when you are done.
-Note that the \f[C]example_configdata\f[R] volume(s) created on demand
-at the cluster nodes will not be automatically removed together with the
-stack but stay for future reuse.
-You can remove them manually by invoking the
-\f[C]docker volume remove example_configdata\f[R] command on every node.
-.SS Creating Volumes via CLI
+If poll-interval is updated or disabled temporarily, some changes might
+not get picked up by the polling function, depending on the used remote.
 .PP
-Volumes can be created with docker volume
-create (https://docs.docker.com/engine/reference/commandline/volume_create/).
-Here are a few examples:
+This command takes an \[dq]fs\[dq] parameter.
+If this parameter is not supplied and if there is only one VFS in use
+then that VFS will be used.
+If there is more than one VFS in use then the \[dq]fs\[dq] parameter
+must be supplied.
+.SS vfs/refresh: Refresh the directory cache.
+.PP
+This reads the directories for the specified paths and freshens the
+directory cache.
+.PP
+If no paths are passed in then it will refresh the root directory.
 .IP
 .nf
 \f[C]
-docker volume create vol1 -d rclone -o remote=storj: -o vfs-cache-mode=full
-docker volume create vol2 -d rclone -o remote=:storj,access_grant=xxx:heimdall
-docker volume create vol3 -d rclone -o type=storj -o path=heimdall -o storj-access-grant=xxx -o poll-interval=0
+rclone rc vfs/refresh
 \f[R]
 .fi
 .PP
-Note the \f[C]-d rclone\f[R] flag that tells docker to request volume
-from the rclone driver.
-This works even if you installed managed driver by its full name
-\f[C]rclone/docker-volume-rclone\f[R] because you provided the
-\f[C]--alias rclone\f[R] option.
-.PP
-Volumes can be inspected as follows:
+Otherwise pass directories in as dir=path.
+Any parameter key starting with dir will refresh that directory, e.g.
 .IP
 .nf
 \f[C]
-docker volume list
-docker volume inspect vol1
+rclone rc vfs/refresh dir=home/junk dir2=data/misc
 \f[R]
 .fi
-.SS Volume Configuration
 .PP
-Rclone flags and volume options are set via the \f[C]-o\f[R] flag to the
-\f[C]docker volume create\f[R] command.
-They include backend-specific parameters as well as mount and
-\f[I]VFS\f[R] options.
-Also there are a few special \f[C]-o\f[R] options: \f[C]remote\f[R],
-\f[C]fs\f[R], \f[C]type\f[R], \f[C]path\f[R], \f[C]mount-type\f[R] and
-\f[C]persist\f[R].
+If the parameter recursive=true is given the whole directory tree will
+get refreshed.
+This refresh will use --fast-list if enabled.
 .PP
-\f[C]remote\f[R] determines an existing remote name from the config
-file, with trailing colon and optionally with a remote path.
-See the full syntax in the rclone
-documentation (https://rclone.org/docs/#syntax-of-remote-paths).
-This option can be aliased as \f[C]fs\f[R] to prevent confusion with the
-\f[I]remote\f[R] parameter of such backends as \f[I]crypt\f[R] or
-\f[I]alias\f[R].
+This command takes an \[dq]fs\[dq] parameter.
+If this parameter is not supplied and if there is only one VFS in use
+then that VFS will be used.
+If there is more than one VFS in use then the \[dq]fs\[dq] parameter
+must be supplied.
+.SS vfs/stats: Stats for a VFS.
 .PP
-The \f[C]remote=:backend:dir/subdir\f[R] syntax can be used to create
-on-the-fly (config-less)
-remotes (https://rclone.org/docs/#backend-path-to-dir), while the
-\f[C]type\f[R] and \f[C]path\f[R] options provide a simpler alternative
-for this.
-Using two split options
+This returns stats for the selected VFS.
 .IP
 .nf
 \f[C]
--o type=backend -o path=dir/subdir
+{
+    // Status of the disk cache - only present if --vfs-cache-mode > off
+    \[dq]diskCache\[dq]: {
+        \[dq]bytesUsed\[dq]: 0,
+        \[dq]erroredFiles\[dq]: 0,
+        \[dq]files\[dq]: 0,
+        \[dq]hashType\[dq]: 1,
+        \[dq]outOfSpace\[dq]: false,
+        \[dq]path\[dq]: \[dq]/home/user/.cache/rclone/vfs/local/mnt/a\[dq],
+        \[dq]pathMeta\[dq]: \[dq]/home/user/.cache/rclone/vfsMeta/local/mnt/a\[dq],
+        \[dq]uploadsInProgress\[dq]: 0,
+        \[dq]uploadsQueued\[dq]: 0
+    },
+    \[dq]fs\[dq]: \[dq]/mnt/a\[dq],
+    \[dq]inUse\[dq]: 1,
+    // Status of the in memory metadata cache
+    \[dq]metadataCache\[dq]: {
+        \[dq]dirs\[dq]: 1,
+        \[dq]files\[dq]: 0
+    },
+    // Options as returned by options/get
+    \[dq]opt\[dq]: {
+        \[dq]CacheMaxAge\[dq]: 3600000000000,
+        // ...
+        \[dq]WriteWait\[dq]: 1000000000
+    }
+}
 \f[R]
 .fi
 .PP
-is equivalent to the combined syntax
-.IP
-.nf
-\f[C]
--o remote=:backend:dir/subdir
-\f[R]
-.fi
+This command takes an \[dq]fs\[dq] parameter.
+If this parameter is not supplied and if there is only one VFS in use
+then that VFS will be used.
+If there is more than one VFS in use then the \[dq]fs\[dq] parameter
+must be supplied.
+.SS Accessing the remote control via HTTP
 .PP
-but is arguably easier to parameterize in scripts.
-The \f[C]path\f[R] part is optional.
+Rclone implements a simple HTTP based protocol.
 .PP
-Mount and VFS
-options (https://rclone.org/commands/rclone_serve_docker/#options) as
-well as backend parameters (https://rclone.org/flags/#backend-flags) are
-named like their twin command-line flags without the \f[C]--\f[R] CLI
-prefix.
-Optionally you can use underscores instead of dashes in option names.
-For example, \f[C]--vfs-cache-mode full\f[R] becomes
-\f[C]-o vfs-cache-mode=full\f[R] or \f[C]-o vfs_cache_mode=full\f[R].
-Boolean CLI flags without value will gain the \f[C]true\f[R] value, e.g.
-\f[C]--allow-other\f[R] becomes \f[C]-o allow-other=true\f[R] or
-\f[C]-o allow_other=true\f[R].
+Each endpoint takes an JSON object and returns a JSON object or an
+error.
+The JSON objects are essentially a map of string names to values.
 .PP
-Please note that you can provide parameters only for the backend
-immediately referenced by the backend type of mounted \f[C]remote\f[R].
-If this is a wrapping backend like \f[I]alias, chunker or crypt\f[R],
-you cannot provide options for the referred to remote or backend.
-This limitation is imposed by the rclone connection string parser.
-The only workaround is to feed plugin with \f[C]rclone.conf\f[R] or
-configure plugin arguments (see below).
-.SS Special Volume Options
+All calls must made using POST.
 .PP
-\f[C]mount-type\f[R] determines the mount method and in general can be
-one of: \f[C]mount\f[R], \f[C]cmount\f[R], or \f[C]mount2\f[R].
-This can be aliased as \f[C]mount_type\f[R].
-It should be noted that the managed rclone docker plugin currently does
-not support the \f[C]cmount\f[R] method and \f[C]mount2\f[R] is rarely
-needed.
-This option defaults to the first found method, which is usually
-\f[C]mount\f[R] so you generally won\[aq]t need it.
+The input objects can be supplied using URL parameters, POST parameters
+or by supplying \[dq]Content-Type: application/json\[dq] and a JSON blob
+in the body.
+There are examples of these below using \f[C]curl\f[R].
 .PP
-\f[C]persist\f[R] is a reserved boolean (true/false) option.
-In future it will allow to persist on-the-fly remotes in the plugin
-\f[C]rclone.conf\f[R] file.
-.SS Connection Strings
+The response will be a JSON blob in the body of the response.
+This is formatted to be reasonably human-readable.
+.SS Error returns
 .PP
-The \f[C]remote\f[R] value can be extended with connection
-strings (https://rclone.org/docs/#connection-strings) as an alternative
-way to supply backend parameters.
-This is equivalent to the \f[C]-o\f[R] backend options with one
-\f[I]syntactic difference\f[R].
-Inside connection string the backend prefix must be dropped from
-parameter names but in the \f[C]-o param=value\f[R] array it must be
-present.
-For instance, compare the following option array
+If an error occurs then there will be an HTTP error status (e.g.
+500) and the body of the response will contain a JSON encoded error
+object, e.g.
 .IP
 .nf
 \f[C]
--o remote=:sftp:/home -o sftp-host=localhost
+{
+    \[dq]error\[dq]: \[dq]Expecting string value for key \[rs]\[dq]remote\[rs]\[dq] (was float64)\[dq],
+    \[dq]input\[dq]: {
+        \[dq]fs\[dq]: \[dq]/tmp\[dq],
+        \[dq]remote\[dq]: 3
+    },
+    \[dq]status\[dq]: 400
+    \[dq]path\[dq]: \[dq]operations/rmdir\[dq],
+}
 \f[R]
 .fi
 .PP
-with equivalent connection string:
+The keys in the error response are - error - error string - input - the
+input parameters to the call - status - the HTTP status code - path -
+the path of the call
+.SS CORS
+.PP
+The sever implements basic CORS support and allows all origins for that.
+The response to a preflight OPTIONS request will echo the requested
+\[dq]Access-Control-Request-Headers\[dq] back.
+.SS Using POST with URL parameters only
 .IP
 .nf
 \f[C]
--o remote=:sftp,host=localhost:/home
+curl -X POST \[aq]http://localhost:5572/rc/noop?potato=1&sausage=2\[aq]
 \f[R]
 .fi
 .PP
-This difference exists because flag options \f[C]-o key=val\f[R] include
-not only backend parameters but also mount/VFS flags and possibly other
-settings.
-Also it allows to discriminate the \f[C]remote\f[R] option from the
-\f[C]crypt-remote\f[R] (or similarly named backend parameters) and
-arguably simplifies scripting due to clearer value substitution.
-.SS Using with Swarm or Compose
-.PP
-Both \f[I]Docker Swarm\f[R] and \f[I]Docker Compose\f[R] use
-YAML (http://yaml.org/spec/1.2/spec.html)-formatted text files to
-describe groups (stacks) of containers, their properties, networks and
-volumes.
-\f[I]Compose\f[R] uses the compose
-v2 (https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference)
-format, \f[I]Swarm\f[R] uses the compose
-v3 (https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference)
-format.
-They are mostly similar, differences are explained in the docker
-documentation (https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading).
-.PP
-Volumes are described by the children of the top-level
-\f[C]volumes:\f[R] node.
-Each of them should be named after its volume and have at least two
-elements, the self-explanatory \f[C]driver: rclone\f[R] value and the
-\f[C]driver_opts:\f[R] structure playing the same role as
-\f[C]-o key=val\f[R] CLI flags:
+Response
 .IP
 .nf
 \f[C]
-volumes:
-  volume_name_1:
-    driver: rclone
-    driver_opts:
-      remote: \[aq]gdrive:\[aq]
-      allow_other: \[aq]true\[aq]
-      vfs_cache_mode: full
-      token: \[aq]{\[dq]type\[dq]: \[dq]borrower\[dq], \[dq]expires\[dq]: \[dq]2021-12-31\[dq]}\[aq]
-      poll_interval: 0
+{
+    \[dq]potato\[dq]: \[dq]1\[dq],
+    \[dq]sausage\[dq]: \[dq]2\[dq]
+}
 \f[R]
 .fi
 .PP
-Notice a few important details: - YAML prefers \f[C]_\f[R] in option
-names instead of \f[C]-\f[R].
-- YAML treats single and double quotes interchangeably.
-Simple strings and integers can be left unquoted.
-- Boolean values must be quoted like \f[C]\[aq]true\[aq]\f[R] or
-\f[C]\[dq]false\[dq]\f[R] because these two words are reserved by YAML.
-- The filesystem string is keyed with \f[C]remote\f[R] (or with
-\f[C]fs\f[R]).
-Normally you can omit quotes here, but if the string ends with colon,
-you \f[B]must\f[R] quote it like
-\f[C]remote: \[dq]storage_box:\[dq]\f[R].
-- YAML is picky about surrounding braces in values as this is in fact
-another syntax for key/value
-mappings (http://yaml.org/spec/1.2/spec.html#id2790832).
-For example, JSON access tokens usually contain double quotes and
-surrounding braces, so you must put them in single quotes.
-.SS Installing as Managed Plugin
-.PP
-Docker daemon can install plugins from an image registry and run them
-managed.
-We maintain the
-docker-volume-rclone (https://hub.docker.com/p/rclone/docker-volume-rclone/)
-plugin image on Docker Hub (https://hub.docker.com).
-.PP
-Rclone volume plugin requires \f[B]Docker Engine >= 19.03.15\f[R]
-.PP
-The plugin requires presence of two directories on the host before it
-can be installed.
-Note that plugin will \f[B]not\f[R] create them automatically.
-By default they must exist on host at the following locations (though
-you can tweak the paths): -
-\f[C]/var/lib/docker-plugins/rclone/config\f[R] is reserved for the
-\f[C]rclone.conf\f[R] config file and \f[B]must\f[R] exist even if
-it\[aq]s empty and the config file is not present.
-- \f[C]/var/lib/docker-plugins/rclone/cache\f[R] holds the plugin state
-file as well as optional VFS caches.
-.PP
-You can install managed
-plugin (https://docs.docker.com/engine/reference/commandline/plugin_install/)
-with default settings as follows:
+Here is what an error response looks like:
 .IP
 .nf
 \f[C]
-docker plugin install rclone/docker-volume-rclone:amd64 --grant-all-permissions --alias rclone
+curl -X POST \[aq]http://localhost:5572/rc/error?potato=1&sausage=2\[aq]
 \f[R]
 .fi
-.PP
-The \f[C]:amd64\f[R] part of the image specification after colon is
-called a \f[I]tag\f[R].
-Usually you will want to install the latest plugin for your
-architecture.
-In this case the tag will just name it, like \f[C]amd64\f[R] above.
-The following plugin architectures are currently available: -
-\f[C]amd64\f[R] - \f[C]arm64\f[R] - \f[C]arm-v7\f[R]
-.PP
-Sometimes you might want a concrete plugin version, not the latest one.
-Then you should use image tag in the form
-\f[C]:ARCHITECTURE-VERSION\f[R].
-For example, to install plugin version \f[C]v1.56.2\f[R] on architecture
-\f[C]arm64\f[R] you will use tag \f[C]arm64-1.56.2\f[R] (note the
-removed \f[C]v\f[R]) so the full image specification becomes
-\f[C]rclone/docker-volume-rclone:arm64-1.56.2\f[R].
-.PP
-We also provide the \f[C]latest\f[R] plugin tag, but since docker does
-not support multi-architecture plugins as of the time of this writing,
-this tag is currently an \f[B]alias for \f[CB]amd64\f[B]\f[R].
-By convention the \f[C]latest\f[R] tag is the default one and can be
-omitted, thus both \f[C]rclone/docker-volume-rclone:latest\f[R] and just
-\f[C]rclone/docker-volume-rclone\f[R] will refer to the latest plugin
-release for the \f[C]amd64\f[R] platform.
-.PP
-Also the \f[C]amd64\f[R] part can be omitted from the versioned rclone
-plugin tags.
-For example, rclone image reference
-\f[C]rclone/docker-volume-rclone:amd64-1.56.2\f[R] can be abbreviated as
-\f[C]rclone/docker-volume-rclone:1.56.2\f[R] for convenience.
-However, for non-intel architectures you still have to use the full tag
-as \f[C]amd64\f[R] or \f[C]latest\f[R] will fail to start.
-.PP
-Managed plugin is in fact a special container running in a namespace
-separate from normal docker containers.
-Inside it runs the \f[C]rclone serve docker\f[R] command.
-The config and cache directories are bind-mounted into the container at
-start.
-The docker daemon connects to a unix socket created by the command
-inside the container.
-The command creates on-demand remote mounts right inside, then docker
-machinery propagates them through kernel mount namespaces and
-bind-mounts into requesting user containers.
-.PP
-You can tweak a few plugin settings after installation when it\[aq]s
-disabled (not in use), for instance:
 .IP
 .nf
 \f[C]
-docker plugin disable rclone
-docker plugin set rclone RCLONE_VERBOSE=2 config=/etc/rclone args=\[dq]--vfs-cache-mode=writes --allow-other\[dq]
-docker plugin enable rclone
-docker plugin inspect rclone
+{
+    \[dq]error\[dq]: \[dq]arbitrary error on input map[potato:1 sausage:2]\[dq],
+    \[dq]input\[dq]: {
+        \[dq]potato\[dq]: \[dq]1\[dq],
+        \[dq]sausage\[dq]: \[dq]2\[dq]
+    }
+}
 \f[R]
 .fi
 .PP
-Note that if docker refuses to disable the plugin, you should find and
-remove all active volumes connected with it as well as containers and
-swarm services that use them.
-This is rather tedious so please carefully plan in advance.
-.PP
-You can tweak the following settings: \f[C]args\f[R], \f[C]config\f[R],
-\f[C]cache\f[R], \f[C]HTTP_PROXY\f[R], \f[C]HTTPS_PROXY\f[R],
-\f[C]NO_PROXY\f[R] and \f[C]RCLONE_VERBOSE\f[R].
-It\[aq]s \f[I]your\f[R] task to keep plugin settings in sync across
-swarm cluster nodes.
-.PP
-\f[C]args\f[R] sets command-line arguments for the
-\f[C]rclone serve docker\f[R] command (\f[I]none\f[R] by default).
-Arguments should be separated by space so you will normally want to put
-them in quotes on the docker plugin
-set (https://docs.docker.com/engine/reference/commandline/plugin_set/)
-command line.
-Both serve docker
-flags (https://rclone.org/commands/rclone_serve_docker/#options) and
-generic rclone flags (https://rclone.org/flags/) are supported,
-including backend parameters that will be used as defaults for volume
-creation.
-Note that plugin will fail (due to this docker
-bug (https://github.com/moby/moby/blob/v20.10.7/plugin/v2/plugin.go#L195))
-if the \f[C]args\f[R] value is empty.
-Use e.g.
-\f[C]args=\[dq]-v\[dq]\f[R] as a workaround.
-.PP
-\f[C]config=/host/dir\f[R] sets alternative host location for the config
-directory.
-Plugin will look for \f[C]rclone.conf\f[R] here.
-It\[aq]s not an error if the config file is not present but the
-directory must exist.
-Please note that plugin can periodically rewrite the config file, for
-example when it renews storage access tokens.
-Keep this in mind and try to avoid races between the plugin and other
-instances of rclone on the host that might try to change the config
-simultaneously resulting in corrupted \f[C]rclone.conf\f[R].
-You can also put stuff like private key files for SFTP remotes in this
-directory.
-Just note that it\[aq]s bind-mounted inside the plugin container at the
-predefined path \f[C]/data/config\f[R].
-For example, if your key file is named \f[C]sftp-box1.key\f[R] on the
-host, the corresponding volume config option should read
-\f[C]-o sftp-key-file=/data/config/sftp-box1.key\f[R].
-.PP
-\f[C]cache=/host/dir\f[R] sets alternative host location for the
-\f[I]cache\f[R] directory.
-The plugin will keep VFS caches here.
-Also it will create and maintain the \f[C]docker-plugin.state\f[R] file
-in this directory.
-When the plugin is restarted or reinstalled, it will look in this file
-to recreate any volumes that existed previously.
-However, they will not be re-mounted into consuming containers after
-restart.
-Usually this is not a problem as the docker daemon normally will restart
-affected user containers after failures, daemon restarts or host
-reboots.
-.PP
-\f[C]RCLONE_VERBOSE\f[R] sets plugin verbosity from \f[C]0\f[R] (errors
-only, by default) to \f[C]2\f[R] (debugging).
-Verbosity can be also tweaked via \f[C]args=\[dq]-v [-v] ...\[dq]\f[R].
-Since arguments are more generic, you will rarely need this setting.
-The plugin output by default feeds the docker daemon log on local host.
-Log entries are reflected as \f[I]errors\f[R] in the docker log but
-retain their actual level assigned by rclone in the encapsulated message
-string.
-.PP
-\f[C]HTTP_PROXY\f[R], \f[C]HTTPS_PROXY\f[R], \f[C]NO_PROXY\f[R]
-customize the plugin proxy settings.
-.PP
-You can set custom plugin options right when you install it, \f[I]in one
-go\f[R]:
+Note that curl doesn\[aq]t return errors to the shell unless you use the
+\f[C]-f\f[R] option
 .IP
 .nf
 \f[C]
-docker plugin remove rclone
-docker plugin install rclone/docker-volume-rclone:amd64 \[rs]
-       --alias rclone --grant-all-permissions \[rs]
-       args=\[dq]-v --allow-other\[dq] config=/etc/rclone
-docker plugin inspect rclone
+$ curl -f -X POST \[aq]http://localhost:5572/rc/error?potato=1&sausage=2\[aq]
+curl: (22) The requested URL returned error: 400 Bad Request
+$ echo $?
+22
 \f[R]
 .fi
-.SS Healthchecks
-.PP
-The docker plugin volume protocol doesn\[aq]t provide a way for plugins
-to inform the docker daemon that a volume is (un-)available.
-As a workaround you can setup a healthcheck to verify that the mount is
-responding, for example:
+.SS Using POST with a form
 .IP
 .nf
 \f[C]
-services:
-  my_service:
-    image: my_image
-    healthcheck:
-      test: ls /path/to/rclone/mount || exit 1
-      interval: 1m
-      timeout: 15s
-      retries: 3
-      start_period: 15s
+curl --data \[dq]potato=1\[dq] --data \[dq]sausage=2\[dq] http://localhost:5572/rc/noop
 \f[R]
 .fi
-.SS Running Plugin under Systemd
-.PP
-In most cases you should prefer managed mode.
-Moreover, MacOS and Windows do not support native Docker plugins.
-Please use managed mode on these systems.
-Proceed further only if you are on Linux.
-.PP
-First, install rclone (https://rclone.org/install/).
-You can just run it (type \f[C]rclone serve docker\f[R] and hit enter)
-for the test.
 .PP
-Install \f[I]FUSE\f[R]:
+Response
 .IP
 .nf
 \f[C]
-sudo apt-get -y install fuse
+{
+    \[dq]potato\[dq]: \[dq]1\[dq],
+    \[dq]sausage\[dq]: \[dq]2\[dq]
+}
 \f[R]
 .fi
 .PP
-Download two systemd configuration files:
-docker-volume-rclone.service (https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.service)
-and
-docker-volume-rclone.socket (https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.socket).
-.PP
-Put them to the \f[C]/etc/systemd/system/\f[R] directory:
+Note that you can combine these with URL parameters too with the POST
+parameters taking precedence.
 .IP
 .nf
 \f[C]
-cp docker-volume-plugin.service /etc/systemd/system/
-cp docker-volume-plugin.socket  /etc/systemd/system/
+curl --data \[dq]potato=1\[dq] --data \[dq]sausage=2\[dq] \[dq]http://localhost:5572/rc/noop?rutabaga=3&sausage=4\[dq]
 \f[R]
 .fi
 .PP
-Please note that all commands in this section must be run as
-\f[I]root\f[R] but we omit \f[C]sudo\f[R] prefix for brevity.
-Now create directories required by the service:
+Response
 .IP
 .nf
 \f[C]
-mkdir -p /var/lib/docker-volumes/rclone
-mkdir -p /var/lib/docker-plugins/rclone/config
-mkdir -p /var/lib/docker-plugins/rclone/cache
+{
+    \[dq]potato\[dq]: \[dq]1\[dq],
+    \[dq]rutabaga\[dq]: \[dq]3\[dq],
+    \[dq]sausage\[dq]: \[dq]4\[dq]
+}
 \f[R]
 .fi
-.PP
-Run the docker plugin service in the socket activated mode:
+.SS Using POST with a JSON blob
 .IP
 .nf
 \f[C]
-systemctl daemon-reload
-systemctl start docker-volume-rclone.service
-systemctl enable docker-volume-rclone.socket
-systemctl start docker-volume-rclone.socket
-systemctl restart docker
+curl -H \[dq]Content-Type: application/json\[dq] -X POST -d \[aq]{\[dq]potato\[dq]:2,\[dq]sausage\[dq]:1}\[aq] http://localhost:5572/rc/noop
 \f[R]
 .fi
 .PP
-Or run the service directly: - run \f[C]systemctl daemon-reload\f[R] to
-let systemd pick up new config - run
-\f[C]systemctl enable docker-volume-rclone.service\f[R] to make the new
-service start automatically when you power on your machine.
-- run \f[C]systemctl start docker-volume-rclone.service\f[R] to start
-the service now.
-- run \f[C]systemctl restart docker\f[R] to restart docker daemon and
-let it detect the new plugin socket.
-Note that this step is not needed in managed mode where docker knows
-about plugin state changes.
-.PP
-The two methods are equivalent from the user perspective, but I
-personally prefer socket activation.
-.SS Troubleshooting
-.PP
-You can see managed plugin
-settings (https://docs.docker.com/engine/extend/#debugging-plugins) with
+response
 .IP
 .nf
 \f[C]
-docker plugin list
-docker plugin inspect rclone
+{
+    \[dq]password\[dq]: \[dq]xyz\[dq],
+    \[dq]username\[dq]: \[dq]xyz\[dq]
+}
 \f[R]
 .fi
 .PP
-Note that docker (including latest 20.10.7) will not show actual values
-of \f[C]args\f[R], just the defaults.
-.PP
-Use \f[C]journalctl --unit docker\f[R] to see managed plugin output as
-part of the docker daemon log.
-Note that docker reflects plugin lines as \f[I]errors\f[R] but their
-actual level can be seen from encapsulated message string.
-.PP
-You will usually install the latest version of managed plugin for your
-platform.
-Use the following commands to print the actual installed version:
+This can be combined with URL parameters too if required.
+The JSON blob takes precedence.
 .IP
 .nf
 \f[C]
-PLUGID=$(docker plugin list --no-trunc | awk \[aq]/rclone/{print$1}\[aq])
-sudo runc --root /run/docker/runtime-runc/plugins.moby exec $PLUGID rclone version
+curl -H \[dq]Content-Type: application/json\[dq] -X POST -d \[aq]{\[dq]potato\[dq]:2,\[dq]sausage\[dq]:1}\[aq] \[aq]http://localhost:5572/rc/noop?rutabaga=3&potato=4\[aq]
 \f[R]
 .fi
-.PP
-You can even use \f[C]runc\f[R] to run shell inside the plugin
-container:
 .IP
 .nf
 \f[C]
-sudo runc --root /run/docker/runtime-runc/plugins.moby exec --tty $PLUGID bash
+{
+    \[dq]potato\[dq]: 2,
+    \[dq]rutabaga\[dq]: \[dq]3\[dq],
+    \[dq]sausage\[dq]: 1
+}
 \f[R]
 .fi
+.SS Debugging rclone with pprof
 .PP
-Also you can use curl to check the plugin socket connectivity:
+If you use the \f[C]--rc\f[R] flag this will also enable the use of the
+go profiling tools on the same port.
+.PP
+To use these, first install go (https://golang.org/doc/install).
+.SS Debugging memory use
+.PP
+To profile rclone\[aq]s memory use you can run:
 .IP
 .nf
 \f[C]
-docker plugin list --no-trunc
-PLUGID=123abc...
-sudo curl -H Content-Type:application/json -XPOST -d {} --unix-socket /run/docker/plugins/$PLUGID/rclone.sock http://localhost/Plugin.Activate
+go tool pprof -web http://localhost:5572/debug/pprof/heap
 \f[R]
 .fi
 .PP
-though this is rarely needed.
-.SS Caveats
+This should open a page in your browser showing what is using what
+memory.
 .PP
-Finally I\[aq]d like to mention a \f[I]caveat with updating volume
-settings\f[R].
-Docker CLI does not have a dedicated command like
-\f[C]docker volume update\f[R].
-It may be tempting to invoke \f[C]docker volume create\f[R] with updated
-options on existing volume, but there is a gotcha.
-The command will do nothing, it won\[aq]t even return an error.
-I hope that docker maintainers will fix this some day.
-In the meantime be aware that you must remove your volume before
-recreating it with new settings:
+You can also use the \f[C]-text\f[R] flag to produce a textual summary
 .IP
 .nf
 \f[C]
-docker volume remove my_vol
-docker volume create my_vol -d rclone -o opt1=new_val1 ...
+$ go tool pprof -text http://localhost:5572/debug/pprof/heap
+Showing nodes accounting for 1537.03kB, 100% of 1537.03kB total
+      flat  flat%   sum%        cum   cum%
+ 1024.03kB 66.62% 66.62%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.addDecoderNode
+     513kB 33.38%   100%      513kB 33.38%  net/http.newBufioWriterSize
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/all.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/cmd/serve/restic.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init
+         0     0%   100%  1024.03kB 66.62%  github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init.0
+         0     0%   100%  1024.03kB 66.62%  main.init
+         0     0%   100%      513kB 33.38%  net/http.(*conn).readRequest
+         0     0%   100%      513kB 33.38%  net/http.(*conn).serve
+         0     0%   100%  1024.03kB 66.62%  runtime.main
 \f[R]
 .fi
+.SS Debugging go routine leaks
 .PP
-and verify that settings did update:
+Memory leaks are most often caused by go routine leaks keeping memory
+alive which should have been garbage collected.
+.PP
+See all active go routines using
 .IP
 .nf
 \f[C]
-docker volume list
-docker volume inspect my_vol
+curl http://localhost:5572/debug/pprof/goroutine?debug=1
 \f[R]
 .fi
 .PP
-If docker refuses to remove the volume, you should find containers or
-swarm services that use it and stop them first.
-.SS Getting started
+Or go to http://localhost:5572/debug/pprof/goroutine?debug=1 in your
+browser.
+.SS Other profiles to look at
+.PP
+You can see a summary of profiles available at
+http://localhost:5572/debug/pprof/
+.PP
+Here is how to use some of them:
 .IP \[bu] 2
-Install rclone (https://rclone.org/install/) and setup your remotes.
+Memory: \f[C]go tool pprof http://localhost:5572/debug/pprof/heap\f[R]
 .IP \[bu] 2
-Bisync will create its working directory at
-\f[C]\[ti]/.cache/rclone/bisync\f[R] on Linux or
-\f[C]C:\[rs]Users\[rs]MyLogin\[rs]AppData\[rs]Local\[rs]rclone\[rs]bisync\f[R]
-on Windows.
-Make sure that this location is writable.
+Go routines:
+\f[C]curl http://localhost:5572/debug/pprof/goroutine?debug=1\f[R]
 .IP \[bu] 2
-Run bisync with the \f[C]--resync\f[R] flag, specifying the paths to the
-local and remote sync directory roots.
+30-second CPU profile:
+\f[C]go tool pprof http://localhost:5572/debug/pprof/profile\f[R]
 .IP \[bu] 2
-For successive sync runs, leave off the \f[C]--resync\f[R] flag.
+5-second execution trace:
+\f[C]wget http://localhost:5572/debug/pprof/trace?seconds=5\f[R]
 .IP \[bu] 2
-Consider using a filters file for excluding unnecessary files and
-directories from the sync.
+Goroutine blocking profile
+.RS 2
 .IP \[bu] 2
-Consider setting up the --check-access feature for safety.
+Enable first with:
+\f[C]rclone rc debug/set-block-profile-rate rate=1\f[R] (docs)
 .IP \[bu] 2
-On Linux, consider setting up a crontab entry.
-bisync can safely run in concurrent cron jobs thanks to lock files it
-maintains.
+\f[C]go tool pprof http://localhost:5572/debug/pprof/block\f[R]
+.RE
+.IP \[bu] 2
+Contended mutexes:
+.RS 2
+.IP \[bu] 2
+Enable first with:
+\f[C]rclone rc debug/set-mutex-profile-fraction rate=1\f[R] (docs)
+.IP \[bu] 2
+\f[C]go tool pprof http://localhost:5572/debug/pprof/mutex\f[R]
+.RE
 .PP
-Here is a typical run log (with timestamps removed for clarity):
-.IP
-.nf
-\f[C]
-rclone bisync /testdir/path1/ /testdir/path2/ --verbose
-INFO  : Synching Path1 \[dq]/testdir/path1/\[dq] with Path2 \[dq]/testdir/path2/\[dq]
-INFO  : Path1 checking for diffs
-INFO  : - Path1    File is new                         - file11.txt
-INFO  : - Path1    File is newer                       - file2.txt
-INFO  : - Path1    File is newer                       - file5.txt
-INFO  : - Path1    File is newer                       - file7.txt
-INFO  : - Path1    File was deleted                    - file4.txt
-INFO  : - Path1    File was deleted                    - file6.txt
-INFO  : - Path1    File was deleted                    - file8.txt
-INFO  : Path1:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
-INFO  : Path2 checking for diffs
-INFO  : - Path2    File is new                         - file10.txt
-INFO  : - Path2    File is newer                       - file1.txt
-INFO  : - Path2    File is newer                       - file5.txt
-INFO  : - Path2    File is newer                       - file6.txt
-INFO  : - Path2    File was deleted                    - file3.txt
-INFO  : - Path2    File was deleted                    - file7.txt
-INFO  : - Path2    File was deleted                    - file8.txt
-INFO  : Path2:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
-INFO  : Applying changes
-INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file11.txt
-INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file2.txt
-INFO  : - Path2    Queue delete                        - /testdir/path2/file4.txt
-NOTICE: - WARNING  New or changed in both paths        - file5.txt
-NOTICE: - Path1    Renaming Path1 copy                 - /testdir/path1/file5.txt..path1
-NOTICE: - Path1    Queue copy to Path2                 - /testdir/path2/file5.txt..path1
-NOTICE: - Path2    Renaming Path2 copy                 - /testdir/path2/file5.txt..path2
-NOTICE: - Path2    Queue copy to Path1                 - /testdir/path1/file5.txt..path2
-INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file6.txt
-INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file7.txt
-INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file1.txt
-INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file10.txt
-INFO  : - Path1    Queue delete                        - /testdir/path1/file3.txt
-INFO  : - Path2    Do queued copies to                 - Path1
-INFO  : - Path1    Do queued copies to                 - Path2
-INFO  : -          Do queued deletes on                - Path1
-INFO  : -          Do queued deletes on                - Path2
-INFO  : Updating listings
-INFO  : Validating listings for Path1 \[dq]/testdir/path1/\[dq] vs Path2 \[dq]/testdir/path2/\[dq]
-INFO  : Bisync successful
-\f[R]
-.fi
-.SS Command line syntax
-.IP
-.nf
-\f[C]
-$ rclone bisync --help
-Usage:
-  rclone bisync remote1:path1 remote2:path2 [flags]
-
-Positional arguments:
-  Path1, Path2  Local path, or remote storage with \[aq]:\[aq] plus optional path.
-                Type \[aq]rclone listremotes\[aq] for list of configured remotes.
-
-Optional Flags:
-      --check-access            Ensure expected \[ga]RCLONE_TEST\[ga] files are found on
-                                both Path1 and Path2 filesystems, else abort.
-      --check-filename FILENAME Filename for \[ga]--check-access\[ga] (default: \[ga]RCLONE_TEST\[ga])
-      --check-sync CHOICE       Controls comparison of final listings:
-                                \[ga]true | false | only\[ga] (default: true)
-                                If set to \[ga]only\[ga], bisync will only compare listings
-                                from the last run but skip actual sync.
-      --filters-file PATH       Read filtering patterns from a file
-      --max-delete PERCENT      Safety check on maximum percentage of deleted files allowed.
-                                If exceeded, the bisync run will abort. (default: 50%)
-      --force                   Bypass \[ga]--max-delete\[ga] safety check and run the sync.
-                                Consider using with \[ga]--verbose\[ga]
-      --remove-empty-dirs       Remove empty directories at the final cleanup step.
-  -1, --resync                  Performs the resync run.
-                                Warning: Path1 files may overwrite Path2 versions.
-                                Consider using \[ga]--verbose\[ga] or \[ga]--dry-run\[ga] first.
-      --localtime               Use local time in listings (default: UTC)
-      --no-cleanup              Retain working files (useful for troubleshooting and testing).
-      --workdir PATH            Use custom working directory (useful for testing).
-                                (default: \[ga]\[ti]/.cache/rclone/bisync\[ga])
-  -n, --dry-run                 Go through the motions - No files are copied/deleted.
-  -v, --verbose                 Increases logging verbosity.
-                                May be specified more than once for more details.
-  -h, --help                    help for bisync
-\f[R]
-.fi
+See the net/http/pprof docs (https://golang.org/pkg/net/http/pprof/) for
+more info on how to use the profiling and for a general overview see the
+Go team\[aq]s blog post on profiling go
+programs (https://blog.golang.org/profiling-go-programs).
+.PP
+The profiling hook is zero overhead unless it is
+used (https://stackoverflow.com/q/26545159/164234).
+.SH Overview of cloud storage systems
+.PP
+Each cloud storage system is slightly different.
+Rclone attempts to provide a unified interface to them, but some
+underlying differences show through.
+.SS Features
+.PP
+Here is an overview of the major features of each cloud storage system.
+.PP
+.TS
+tab(@);
+l c c c c c c.
+T{
+Name
+T}@T{
+Hash
+T}@T{
+ModTime
+T}@T{
+Case Insensitive
+T}@T{
+Duplicate Files
+T}@T{
+MIME Type
+T}@T{
+Metadata
+T}
+_
+T{
+1Fichier
+T}@T{
+Whirlpool
+T}@T{
+-
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+Akamai Netstorage
+T}@T{
+MD5, SHA256
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+Amazon Drive
+T}@T{
+MD5
+T}@T{
+-
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+Amazon S3 (or S3 compatible)
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+RWU
+T}
+T{
+Backblaze B2
+T}@T{
+SHA1
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+Box
+T}@T{
+SHA1
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Citrix ShareFile
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Dropbox
+T}@T{
+DBHASH \[S1]
+T}@T{
+R
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Enterprise File Fabric
+T}@T{
+-
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+FTP
+T}@T{
+-
+T}@T{
+R/W \[S1]\[u2070]
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Google Cloud Storage
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+Google Drive
+T}@T{
+MD5, SHA1, SHA256
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+Google Photos
+T}@T{
+-
+T}@T{
+-
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+HDFS
+T}@T{
+-
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+HiDrive
+T}@T{
+HiDrive \[S1]\[S2]
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+HTTP
+T}@T{
+-
+T}@T{
+R
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+Internet Archive
+T}@T{
+MD5, SHA1, CRC32
+T}@T{
+R/W \[S1]\[S1]
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+RWU
+T}
+T{
+Jottacloud
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+R
+T}@T{
+RW
+T}
+T{
+Koofr
+T}@T{
+MD5
+T}@T{
+-
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Linkbox
+T}@T{
+-
+T}@T{
+R
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Mail.ru Cloud
+T}@T{
+Mailru \[u2076]
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Mega
+T}@T{
+-
+T}@T{
+-
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Memory
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Microsoft Azure Blob Storage
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+Microsoft Azure Files Storage
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+Microsoft OneDrive
+T}@T{
+QuickXorHash \[u2075]
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+OpenDrive
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+Partial \[u2078]
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+OpenStack Swift
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+Oracle Object Storage
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+pCloud
+T}@T{
+MD5, SHA1 \[u2077]
+T}@T{
+R
+T}@T{
+No
+T}@T{
+No
+T}@T{
+W
+T}@T{
+-
+T}
+T{
+PikPak
+T}@T{
+MD5
+T}@T{
+R
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+premiumize.me
+T}@T{
+-
+T}@T{
+-
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+put.io
+T}@T{
+CRC-32
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+Proton Drive
+T}@T{
+SHA1
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+QingStor
+T}@T{
+MD5
+T}@T{
+- \[u2079]
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R/W
+T}@T{
+-
+T}
+T{
+Quatrix by Maytech
+T}@T{
+-
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Seafile
+T}@T{
+-
+T}@T{
+-
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+SFTP
+T}@T{
+MD5, SHA1 \[S2]
+T}@T{
+R/W
+T}@T{
+Depends
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Sia
+T}@T{
+-
+T}@T{
+-
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+SMB
+T}@T{
+-
+T}@T{
+R/W
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+SugarSync
+T}@T{
+-
+T}@T{
+-
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Storj
+T}@T{
+-
+T}@T{
+R
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Uptobox
+T}@T{
+-
+T}@T{
+-
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+WebDAV
+T}@T{
+MD5, SHA1 \[S3]
+T}@T{
+R \[u2074]
+T}@T{
+Depends
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+Yandex Disk
+T}@T{
+MD5
+T}@T{
+R/W
+T}@T{
+No
+T}@T{
+No
+T}@T{
+R
+T}@T{
+-
+T}
+T{
+Zoho WorkDrive
+T}@T{
+-
+T}@T{
+-
+T}@T{
+No
+T}@T{
+No
+T}@T{
+-
+T}@T{
+-
+T}
+T{
+The local filesystem
+T}@T{
+All
+T}@T{
+R/W
+T}@T{
+Depends
+T}@T{
+No
+T}@T{
+-
+T}@T{
+RWU
+T}
+.TE
 .PP
-Arbitrary rclone flags may be specified on the bisync command
-line (https://rclone.org/commands/rclone_bisync/), for example
-\f[C]rclone bisync ./testdir/path1/ gdrive:testdir/path2/ --drive-skip-gdocs -v -v --timeout 10s\f[R]
-Note that interactions of various rclone flags with bisync process flow
-has not been fully tested yet.
-.SS Paths
+\[S1] Dropbox supports its own custom
+hash (https://www.dropbox.com/developers/reference/content-hash).
+This is an SHA256 sum of all the 4 MiB block SHA256s.
 .PP
-Path1 and Path2 arguments may be references to any mix of local
-directory paths (absolute or relative), UNC paths
-(\f[C]//server/share/path\f[R]), Windows drive paths (with a drive
-letter and \f[C]:\f[R]) or configured
-remotes (https://rclone.org/docs/#syntax-of-remote-paths) with optional
-subdirectory paths.
-Cloud references are distinguished by having a \f[C]:\f[R] in the
-argument (see Windows support below).
+\[S2] SFTP supports checksums if the same login has shell access and
+\f[C]md5sum\f[R] or \f[C]sha1sum\f[R] as well as \f[C]echo\f[R] are in
+the remote\[aq]s PATH.
 .PP
-Path1 and Path2 are treated equally, in that neither has priority for
-file changes, and access efficiency does not change whether a remote is
-on Path1 or Path2.
+\[S3] WebDAV supports hashes when used with Fastmail Files, Owncloud and
+Nextcloud only.
 .PP
-The listings in bisync working directory (default:
-\f[C]\[ti]/.cache/rclone/bisync\f[R]) are named based on the Path1 and
-Path2 arguments so that separate syncs to individual directories within
-the tree may be set up, e.g.:
-\f[C]path_to_local_tree..dropbox_subdir.lst\f[R].
+\[u2074] WebDAV supports modtimes when used with Fastmail Files,
+Owncloud and Nextcloud only.
 .PP
-Any empty directories after the sync on both the Path1 and Path2
-filesystems are not deleted by default.
-If the \f[C]--remove-empty-dirs\f[R] flag is specified, then both paths
-will have any empty directories purged as the last step in the process.
-.SS Command-line flags
-.SS --resync
+\[u2075]
+QuickXorHash (https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash)
+is Microsoft\[aq]s own hash.
 .PP
-This will effectively make both Path1 and Path2 filesystems contain a
-matching superset of all files.
-Path2 files that do not exist in Path1 will be copied to Path1, and the
-process will then sync the Path1 tree to Path2.
+\[u2076] Mail.ru uses its own modified SHA1 hash
 .PP
-The base directories on the both Path1 and Path2 filesystems must exist
-or bisync will fail.
-This is required for safety - that bisync can verify that both paths are
-valid.
+\[u2077] pCloud only supports SHA1 (not MD5) in its EU region
 .PP
-When using \f[C]--resync\f[R], a newer version of a file either on Path1
-or Path2 filesystem, will overwrite the file on the other path (only the
-last version will be kept).
-Carefully evaluate deltas using
---dry-run (https://rclone.org/flags/#non-backend-flags).
+\[u2078] Opendrive does not support creation of duplicate files using
+their web client interface or other stock clients, but the underlying
+storage platform has been determined to allow duplicate files, and it is
+possible to create them with \f[C]rclone\f[R].
+It may be that this is a mistake or an unsupported feature.
 .PP
-For a resync run, one of the paths may be empty (no files in the path
-tree).
-The resync run should result in files on both paths, else a normal
-non-resync run will fail.
+\[u2079] QingStor does not support SetModTime for objects bigger than 5
+GiB.
 .PP
-For a non-resync run, either path being empty (no files in the tree)
-fails with
-\f[C]Empty current PathN listing. Cannot sync to an empty directory: X.pathN.lst\f[R]
-This is a safety check that an unexpected empty path does not result in
-deleting \f[B]everything\f[R] in the other path.
-.SS --check-access
+\[S1]\[u2070] FTP supports modtimes for the major FTP servers, and also
+others if they advertised required protocol extensions.
+See this (https://rclone.org/ftp/#modification-times) for more details.
 .PP
-Access check files are an additional safety measure against data loss.
-bisync will ensure it can find matching \f[C]RCLONE_TEST\f[R] files in
-the same places in the Path1 and Path2 filesystems.
-\f[C]RCLONE_TEST\f[R] files are not generated automatically.
-For \f[C]--check-access\f[R]to succeed, you must first either:
-\f[B]A)\f[R] Place one or more \f[C]RCLONE_TEST\f[R] files in the Path1
-or Path2 filesystem and then do either a run without
-\f[C]--check-access\f[R] or a --resync to set matching files on both
-filesystems, or \f[B]B)\f[R] Set \f[C]--check-filename\f[R] to a
-filename already in use in various locations throughout your sync\[aq]d
-fileset.
-Time stamps and file contents are not important, just the names and
-locations.
-If you have symbolic links in your sync tree it is recommended to place
-\f[C]RCLONE_TEST\f[R] files in the linked-to directory tree to protect
-against bisync assuming a bunch of deleted files if the linked-to tree
-should not be accessible.
-See also the --check-filename flag.
-.SS --check-filename
+\[S1]\[S1] Internet Archive requires option \f[C]wait_archive\f[R] to be
+set to a non-zero value for full modtime support.
 .PP
-Name of the file(s) used in access health validation.
-The default \f[C]--check-filename\f[R] is \f[C]RCLONE_TEST\f[R].
-One or more files having this filename must exist, synchronized between
-your source and destination filesets, in order for
-\f[C]--check-access\f[R] to succeed.
-See --check-access for additional details.
-.SS --max-delete
+\[S1]\[S2] HiDrive supports its own custom
+hash (https://static.hidrive.com/dev/0001).
+It combines SHA1 sums for each 4 KiB block hierarchically to a single
+top-level sum.
+.SS Hash
 .PP
-As a safety check, if greater than the \f[C]--max-delete\f[R] percent of
-files were deleted on either the Path1 or Path2 filesystem, then bisync
-will abort with a warning message, without making any changes.
-The default \f[C]--max-delete\f[R] is \f[C]50%\f[R].
-One way to trigger this limit is to rename a directory that contains
-more than half of your files.
-This will appear to bisync as a bunch of deleted files and a bunch of
-new files.
-This safety check is intended to block bisync from deleting all of the
-files on both filesystems due to a temporary network access issue, or if
-the user had inadvertently deleted the files on one side or the other.
-To force the sync either set a different delete percentage limit, e.g.
-\f[C]--max-delete 75\f[R] (allows up to 75% deletion), or use
-\f[C]--force\f[R] to bypass the check.
+The cloud storage system supports various hash types of the objects.
+The hashes are used when transferring data as an integrity check and can
+be specifically used with the \f[C]--checksum\f[R] flag in syncs and in
+the \f[C]check\f[R] command.
 .PP
-Also see the all files changed check.
-.SS --filters-file
+To use the verify checksums when transferring between cloud storage
+systems they must support a common hash type.
+.SS ModTime
 .PP
-By using rclone filter features you can exclude file types or directory
-sub-trees from the sync.
-See the bisync filters section and generic
---filter-from (https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
-documentation.
-An example filters file contains filters for non-allowed files for
-synching with Dropbox.
+Almost all cloud storage systems store some sort of timestamp on
+objects, but several of them not something that is appropriate to use
+for syncing.
+E.g.
+some backends will only write a timestamp that represent the time of the
+upload.
+To be relevant for syncing it should be able to store the modification
+time of the source object.
+If this is not the case, rclone will only check the file size by
+default, though can be configured to check the file hash (with the
+\f[C]--checksum\f[R] flag).
+Ideally it should also be possible to change the timestamp of an
+existing file without having to re-upload it.
 .PP
-If you make changes to your filters file then bisync requires a run with
-\f[C]--resync\f[R].
-This is a safety feature, which avoids existing files on the Path1
-and/or Path2 side from seeming to disappear from view (since they are
-excluded in the new listings), which would fool bisync into seeing them
-as deleted (as compared to the prior run listings), and then bisync
-would proceed to delete them for real.
+Storage systems with a \f[C]-\f[R] in the ModTime column, means the
+modification read on objects is not the modification time of the file
+when uploaded.
+It is most likely the time the file was uploaded, or possibly something
+else (like the time the picture was taken in Google Photos).
 .PP
-To block this from happening bisync calculates an MD5 hash of the
-filters file and stores the hash in a \f[C].md5\f[R] file in the same
-place as your filters file.
-On the next runs with \f[C]--filters-file\f[R] set, bisync re-calculates
-the MD5 hash of the current filters file and compares it to the hash
-stored in \f[C].md5\f[R] file.
-If they don\[aq]t match the run aborts with a critical error and thus
-forces you to do a \f[C]--resync\f[R], likely avoiding a disaster.
-.SS --check-sync
+Storage systems with a \f[C]R\f[R] (for read-only) in the ModTime
+column, means the it keeps modification times on objects, and updates
+them when uploading objects, but it does not support changing only the
+modification time (\f[C]SetModTime\f[R] operation) without re-uploading,
+possibly not even without deleting existing first.
+Some operations in rclone, such as \f[C]copy\f[R] and \f[C]sync\f[R]
+commands, will automatically check for \f[C]SetModTime\f[R] support and
+re-upload if necessary to keep the modification times in sync.
+Other commands will not work without \f[C]SetModTime\f[R] support, e.g.
+\f[C]touch\f[R] command on an existing file will fail, and changes to
+modification time only on a files in a \f[C]mount\f[R] will be silently
+ignored.
 .PP
-Enabled by default, the check-sync function checks that all of the same
-files exist in both the Path1 and Path2 history listings.
-This \f[I]check-sync\f[R] integrity check is performed at the end of the
-sync run by default.
-Any untrapped failing copy/deletes between the two paths might result in
-differences between the two listings and in the untracked file content
-differences between the two paths.
-A resync run would correct the error.
+Storage systems with \f[C]R/W\f[R] (for read/write) in the ModTime
+column, means they do also support modtime-only operations.
+.SS Case Insensitive
 .PP
-Note that the default-enabled integrity check locally executes a load of
-both the final Path1 and Path2 listings, and thus adds to the run time
-of a sync.
-Using \f[C]--check-sync=false\f[R] will disable it and may significantly
-reduce the sync run times for very large numbers of files.
+If a cloud storage systems is case sensitive then it is possible to have
+two files which differ only in case, e.g.
+\f[C]file.txt\f[R] and \f[C]FILE.txt\f[R].
+If a cloud storage system is case insensitive then that isn\[aq]t
+possible.
 .PP
-The check may be run manually with \f[C]--check-sync=only\f[R].
-It runs only the integrity check and terminates without actually
-synching.
-.SS Operation
-.SS Runtime flow details
+This can cause problems when syncing between a case insensitive system
+and a case sensitive system.
+The symptom of this is that no matter how many times you run the sync it
+never completes fully.
 .PP
-bisync retains the listings of the \f[C]Path1\f[R] and \f[C]Path2\f[R]
-filesystems from the prior run.
-On each successive run it will:
-.IP \[bu] 2
-list files on \f[C]path1\f[R] and \f[C]path2\f[R], and check for changes
-on each side.
-Changes include \f[C]New\f[R], \f[C]Newer\f[R], \f[C]Older\f[R], and
-\f[C]Deleted\f[R] files.
-.IP \[bu] 2
-Propagate changes on \f[C]path1\f[R] to \f[C]path2\f[R], and vice-versa.
-.SS Safety measures
-.IP \[bu] 2
-Lock file prevents multiple simultaneous runs when taking a while.
-This can be particularly useful if bisync is run by cron scheduler.
-.IP \[bu] 2
-Handle change conflicts non-destructively by creating \f[C]..path1\f[R]
-and \f[C]..path2\f[R] file versions.
+The local filesystem and SFTP may or may not be case sensitive depending
+on OS.
 .IP \[bu] 2
-File system access health check using \f[C]RCLONE_TEST\f[R] files (see
-the \f[C]--check-access\f[R] flag).
+Windows - usually case insensitive, though case is preserved
 .IP \[bu] 2
-Abort on excessive deletes - protects against a failed listing being
-interpreted as all the files were deleted.
-See the \f[C]--max-delete\f[R] and \f[C]--force\f[R] flags.
+OSX - usually case insensitive, though it is possible to format case
+sensitive
 .IP \[bu] 2
-If something evil happens, bisync goes into a safe state to block damage
-by later runs.
-(See Error Handling)
-.SS Normal sync checks
+Linux - usually case sensitive, but there are case insensitive file
+systems (e.g.
+FAT formatted USB keys)
+.PP
+Most of the time this doesn\[aq]t cause any problems as people tend to
+avoid files whose name differs only by case even on case sensitive
+systems.
+.SS Duplicate files
+.PP
+If a cloud storage system allows duplicate files then it can have two
+objects with the same name.
+.PP
+This confuses rclone greatly when syncing - use the
+\f[C]rclone dedupe\f[R] command to rename or remove duplicates.
+.SS Restricted filenames
+.PP
+Some cloud storage systems might have restrictions on the characters
+that are usable in file or directory names.
+When \f[C]rclone\f[R] detects such a name during a file upload, it will
+transparently replace the restricted characters with similar looking
+Unicode characters.
+To handle the different sets of restricted characters for different
+backends, rclone uses something it calls encoding.
+.PP
+This process is designed to avoid ambiguous file names as much as
+possible and allow to move files between many cloud storage systems
+transparently.
+.PP
+The name shown by \f[C]rclone\f[R] to the user or during log output will
+only contain a minimal set of replaced characters to ensure correct
+formatting and not necessarily the actual name used on the cloud
+storage.
+.PP
+This transformation is reversed when downloading a file or parsing
+\f[C]rclone\f[R] arguments.
+For example, when uploading a file named \f[C]my file?.txt\f[R] to
+Onedrive, it will be displayed as \f[C]my file?.txt\f[R] on the console,
+but stored as \f[C]my file\[uFF1F].txt\f[R] to Onedrive (the \f[C]?\f[R]
+gets replaced by the similar looking \f[C]\[uFF1F]\f[R] character, the
+so-called \[dq]fullwidth question mark\[dq]).
+The reverse transformation allows to read a file
+\f[C]unusual/name.txt\f[R] from Google Drive, by passing the name
+\f[C]unusual\[uFF0F]name.txt\f[R] on the command line (the \f[C]/\f[R]
+needs to be replaced by the similar looking \f[C]\[uFF0F]\f[R]
+character).
+.SS Caveats
+.PP
+The filename encoding system works well in most cases, at least where
+file names are written in English or similar languages.
+You might not even notice it: It just works.
+In some cases it may lead to issues, though.
+E.g.
+when file names are written in Chinese, or Japanese, where it is always
+the Unicode fullwidth variants of the punctuation marks that are used.
+.PP
+On Windows, the characters \f[C]:\f[R], \f[C]*\f[R] and \f[C]?\f[R] are
+examples of restricted characters.
+If these are used in filenames on a remote that supports it, Rclone will
+transparently convert them to their fullwidth Unicode variants
+\f[C]\[uFF0A]\f[R], \f[C]\[uFF1F]\f[R] and \f[C]\[uFF1A]\f[R] when
+downloading to Windows, and back again when uploading.
+This way files with names that are not allowed on Windows can still be
+stored.
+.PP
+However, if you have files on your Windows system originally with these
+same Unicode characters in their names, they will be included in the
+same conversion process.
+E.g.
+if you create a file in your Windows filesystem with name
+\f[C]Test\[uFF1A]1.jpg\f[R], where \f[C]\[uFF1A]\f[R] is the Unicode
+fullwidth colon symbol, and use rclone to upload it to Google Drive,
+which supports regular \f[C]:\f[R] (halfwidth question mark), rclone
+will replace the fullwidth \f[C]:\f[R] with the halfwidth \f[C]:\f[R]
+and store the file as \f[C]Test:1.jpg\f[R] in Google Drive.
+Since both Windows and Google Drive allows the name
+\f[C]Test\[uFF1A]1.jpg\f[R], it would probably be better if rclone just
+kept the name as is in this case.
+.PP
+With the opposite situation; if you have a file named
+\f[C]Test:1.jpg\f[R], in your Google Drive, e.g.
+uploaded from a Linux system where \f[C]:\f[R] is valid in file names.
+Then later use rclone to copy this file to your Windows computer you
+will notice that on your local disk it gets renamed to
+\f[C]Test\[uFF1A]1.jpg\f[R].
+The original filename is not legal on Windows, due to the \f[C]:\f[R],
+and rclone therefore renames it to make the copy possible.
+That is all good.
+However, this can also lead to an issue: If you already had a
+\f[I]different\f[R] file named \f[C]Test\[uFF1A]1.jpg\f[R] on Windows,
+and then use rclone to copy either way.
+Rclone will then treat the file originally named \f[C]Test:1.jpg\f[R] on
+Google Drive and the file originally named \f[C]Test\[uFF1A]1.jpg\f[R]
+on Windows as the same file, and replace the contents from one with the
+other.
+.PP
+Its virtually impossible to handle all cases like these correctly in all
+situations, but by customizing the encoding option, changing the set of
+characters that rclone should convert, you should be able to create a
+configuration that works well for your specific situation.
+See also the
+example (https://rclone.org/overview/#encoding-example-windows) below.
+.PP
+(Windows was used as an example of a file system with many restricted
+characters, and Google drive a storage system with few.)
+.SS Default restricted characters
+.PP
+The table below shows the characters that are replaced by default.
+.PP
+When a replacement character is found in a filename, this character will
+be escaped with the \f[C]\[u201B]\f[R] character to avoid ambiguous file
+names.
+(e.g.
+a file named \f[C]\[u2400].txt\f[R] would shown as
+\f[C]\[u201B]\[u2400].txt\f[R])
+.PP
+Each cloud storage backend can use a different set of characters, which
+will be specified in the documentation for each backend.
 .PP
 .TS
 tab(@);
-lw(8.4n) lw(28.4n) lw(15.7n) lw(17.5n).
+l c c.
 T{
-Type
-T}@T{
-Description
+Character
 T}@T{
-Result
+Value
 T}@T{
-Implementation
+Replacement
 T}
 _
 T{
-Path2 new
+NUL
 T}@T{
-File is new on Path2, does not exist on Path1
+0x00
 T}@T{
-Path2 version survives
+\[u2400]
+T}
+T{
+SOH
 T}@T{
-\f[C]rclone copy\f[R] Path2 to Path1
+0x01
+T}@T{
+\[u2401]
 T}
 T{
-Path2 newer
+STX
 T}@T{
-File is newer on Path2, unchanged on Path1
+0x02
 T}@T{
-Path2 version survives
+\[u2402]
+T}
+T{
+ETX
+T}@T{
+0x03
+T}@T{
+\[u2403]
+T}
+T{
+EOT
+T}@T{
+0x04
+T}@T{
+\[u2404]
+T}
+T{
+ENQ
+T}@T{
+0x05
+T}@T{
+\[u2405]
+T}
+T{
+ACK
+T}@T{
+0x06
+T}@T{
+\[u2406]
+T}
+T{
+BEL
+T}@T{
+0x07
+T}@T{
+\[u2407]
+T}
+T{
+BS
+T}@T{
+0x08
+T}@T{
+\[u2408]
+T}
+T{
+HT
+T}@T{
+0x09
+T}@T{
+\[u2409]
+T}
+T{
+LF
+T}@T{
+0x0A
+T}@T{
+\[u240A]
+T}
+T{
+VT
+T}@T{
+0x0B
+T}@T{
+\[u240B]
+T}
+T{
+FF
+T}@T{
+0x0C
+T}@T{
+\[u240C]
+T}
+T{
+CR
+T}@T{
+0x0D
+T}@T{
+\[u240D]
+T}
+T{
+SO
+T}@T{
+0x0E
+T}@T{
+\[u240E]
+T}
+T{
+SI
+T}@T{
+0x0F
+T}@T{
+\[u240F]
+T}
+T{
+DLE
+T}@T{
+0x10
+T}@T{
+\[u2410]
+T}
+T{
+DC1
+T}@T{
+0x11
+T}@T{
+\[u2411]
+T}
+T{
+DC2
+T}@T{
+0x12
+T}@T{
+\[u2412]
+T}
+T{
+DC3
+T}@T{
+0x13
+T}@T{
+\[u2413]
+T}
+T{
+DC4
+T}@T{
+0x14
 T}@T{
-\f[C]rclone copy\f[R] Path2 to Path1
+\[u2414]
 T}
 T{
-Path2 deleted
-T}@T{
-File is deleted on Path2, unchanged on Path1
+NAK
 T}@T{
-File is deleted
+0x15
 T}@T{
-\f[C]rclone delete\f[R] Path1
+\[u2415]
 T}
 T{
-Path1 new
-T}@T{
-File is new on Path1, does not exist on Path2
+SYN
 T}@T{
-Path1 version survives
+0x16
 T}@T{
-\f[C]rclone copy\f[R] Path1 to Path2
+\[u2416]
 T}
 T{
-Path1 newer
-T}@T{
-File is newer on Path1, unchanged on Path2
+ETB
 T}@T{
-Path1 version survives
+0x17
 T}@T{
-\f[C]rclone copy\f[R] Path1 to Path2
+\[u2417]
 T}
 T{
-Path1 older
-T}@T{
-File is older on Path1, unchanged on Path2
+CAN
 T}@T{
-\f[I]Path1 version survives\f[R]
+0x18
 T}@T{
-\f[C]rclone copy\f[R] Path1 to Path2
+\[u2418]
 T}
 T{
-Path2 older
-T}@T{
-File is older on Path2, unchanged on Path1
+EM
 T}@T{
-\f[I]Path2 version survives\f[R]
+0x19
 T}@T{
-\f[C]rclone copy\f[R] Path2 to Path1
+\[u2419]
 T}
 T{
-Path1 deleted
-T}@T{
-File no longer exists on Path1
+SUB
 T}@T{
-File is deleted
+0x1A
 T}@T{
-\f[C]rclone delete\f[R] Path2
+\[u241A]
 T}
-.TE
-.SS Unusual sync checks
-.PP
-.TS
-tab(@);
-lw(17.2n) lw(21.0n) lw(19.4n) lw(12.4n).
 T{
-Type
-T}@T{
-Description
+ESC
 T}@T{
-Result
+0x1B
 T}@T{
-Implementation
+\[u241B]
 T}
-_
 T{
-Path1 new AND Path2 new
-T}@T{
-File is new on Path1 AND new on Path2
+FS
 T}@T{
-Files renamed to _Path1 and _Path2
+0x1C
 T}@T{
-\f[C]rclone copy\f[R] _Path2 file to Path1, \f[C]rclone copy\f[R] _Path1
-file to Path2
+\[u241C]
 T}
 T{
-Path2 newer AND Path1 changed
-T}@T{
-File is newer on Path2 AND also changed (newer/older/size) on Path1
+GS
 T}@T{
-Files renamed to _Path1 and _Path2
+0x1D
 T}@T{
-\f[C]rclone copy\f[R] _Path2 file to Path1, \f[C]rclone copy\f[R] _Path1
-file to Path2
+\[u241D]
 T}
 T{
-Path2 newer AND Path1 deleted
-T}@T{
-File is newer on Path2 AND also deleted on Path1
+RS
 T}@T{
-Path2 version survives
+0x1E
 T}@T{
-\f[C]rclone copy\f[R] Path2 to Path1
+\[u241E]
 T}
 T{
-Path2 deleted AND Path1 changed
-T}@T{
-File is deleted on Path2 AND changed (newer/older/size) on Path1
+US
 T}@T{
-Path1 version survives
+0x1F
 T}@T{
-\f[C]rclone copy\f[R] Path1 to Path2
+\[u241F]
 T}
 T{
-Path1 deleted AND Path2 changed
-T}@T{
-File is deleted on Path1 AND changed (newer/older/size) on Path2
+/
 T}@T{
-Path2 version survives
+0x2F
 T}@T{
-\f[C]rclone copy\f[R] Path2 to Path1
-T}
-.TE
-.SS All files changed check
-.PP
-if \f[I]all\f[R] prior existing files on either of the filesystems have
-changed (e.g.
-timestamps have changed due to changing the system\[aq]s timezone) then
-bisync will abort without making any changes.
-Any new files are not considered for this check.
-You could use \f[C]--force\f[R] to force the sync (whichever side has
-the changed timestamp files wins).
-Alternately, a \f[C]--resync\f[R] may be used (Path1 versions will be
-pushed to Path2).
-Consider the situation carefully and perhaps use \f[C]--dry-run\f[R]
-before you commit to the changes.
-.SS Modification time
-.PP
-Bisync relies on file timestamps to identify changed files and will
-\f[I]refuse\f[R] to operate if backend lacks the modification time
-support.
-.PP
-If you or your application should change the content of a file without
-changing the modification time then bisync will \f[I]not\f[R] notice the
-change, and thus will not copy it to the other side.
-.PP
-Note that on some cloud storage systems it is not possible to have file
-timestamps that match \f[I]precisely\f[R] between the local and other
-filesystems.
-.PP
-Bisync\[aq]s approach to this problem is by tracking the changes on each
-side \f[I]separately\f[R] over time with a local database of files in
-that side then applying the resulting changes on the other side.
-.SS Error handling
-.PP
-Certain bisync critical errors, such as file copy/move failing, will
-result in a bisync lockout of following runs.
-The lockout is asserted because the sync status and history of the Path1
-and Path2 filesystems cannot be trusted, so it is safer to block any
-further changes until someone checks things out.
-The recovery is to do a \f[C]--resync\f[R] again.
-.PP
-It is recommended to use \f[C]--resync --dry-run --verbose\f[R]
-initially and \f[I]carefully\f[R] review what changes will be made
-before running the \f[C]--resync\f[R] without \f[C]--dry-run\f[R].
-.PP
-Most of these events come up due to a error status from an internal
-call.
-On such a critical error the \f[C]{...}.path1.lst\f[R] and
-\f[C]{...}.path2.lst\f[R] listing files are renamed to extension
-\f[C].lst-err\f[R], which blocks any future bisync runs (since the
-normal \f[C].lst\f[R] files are not found).
-Bisync keeps them under \f[C]bisync\f[R] subdirectory of the rclone
-cache directory, typically at \f[C]${HOME}/.cache/rclone/bisync/\f[R] on
-Linux.
-.PP
-Some errors are considered temporary and re-running the bisync is not
-blocked.
-The \f[I]critical return\f[R] blocks further bisync runs.
-.SS Lock file
-.PP
-When bisync is running, a lock file is created in the bisync working
-directory, typically at
-\f[C]\[ti]/.cache/rclone/bisync/PATH1..PATH2.lck\f[R] on Linux.
-If bisync should crash or hang, the lock file will remain in place and
-block any further runs of bisync \f[I]for the same paths\f[R].
-Delete the lock file as part of debugging the situation.
-The lock file effectively blocks follow-on (e.g., scheduled by
-\f[I]cron\f[R]) runs when the prior invocation is taking a long time.
-The lock file contains \f[I]PID\f[R] of the blocking process, which may
-help in debug.
-.PP
-\f[B]Note\f[R] that while concurrent bisync runs are allowed, \f[I]be
-very cautious\f[R] that there is no overlap in the trees being synched
-between concurrent runs, lest there be replicated files, deleted files
-and general mayhem.
-.SS Return codes
-.PP
-\f[C]rclone bisync\f[R] returns the following codes to calling program:
-- \f[C]0\f[R] on a successful run, - \f[C]1\f[R] for a non-critical
-failing run (a rerun may be successful), - \f[C]2\f[R] for a critically
-aborted run (requires a \f[C]--resync\f[R] to recover).
-.SS Limitations
-.SS Supported backends
-.PP
-Bisync is considered \f[I]BETA\f[R] and has been tested with the
-following backends: - Local filesystem - Google Drive - Dropbox -
-OneDrive - S3 - SFTP - Yandex Disk
-.PP
-It has not been fully tested with other services yet.
-If it works, or sorta works, please let us know and we\[aq]ll update the
-list.
-Run the test suite to check for proper operation as described below.
-.PP
-First release of \f[C]rclone bisync\f[R] requires that underlying
-backend supported the modification time feature and will refuse to run
-otherwise.
-This limitation will be lifted in a future \f[C]rclone bisync\f[R]
-release.
-.SS Concurrent modifications
-.PP
-When using \f[B]Local, FTP or SFTP\f[R] remotes rclone does not create
-\f[I]temporary\f[R] files at the destination when copying, and thus if
-the connection is lost the created file may be corrupt, which will
-likely propagate back to the original path on the next sync, resulting
-in data loss.
-This will be solved in a future release, there is no workaround at the
-moment.
-.PP
-Files that \f[B]change during\f[R] a bisync run may result in data loss.
-This has been seen in a highly dynamic environment, where the filesystem
-is getting hammered by running processes during the sync.
-The solution is to sync at quiet times or filter out unnecessary
-directories and files.
-.SS Empty directories
-.PP
-New empty directories on one path are \f[I]not\f[R] propagated to the
-other side.
-This is because bisync (and rclone) natively works on files not
-directories.
-The following sequence is a workaround but will not propagate the delete
-of an empty directory to the other side:
-.IP
-.nf
-\f[C]
-rclone bisync PATH1 PATH2
-rclone copy PATH1 PATH2 --filter \[dq]+ */\[dq] --filter \[dq]- **\[dq] --create-empty-src-dirs
-rclone copy PATH2 PATH2 --filter \[dq]+ */\[dq] --filter \[dq]- **\[dq] --create-empty-src-dirs
-\f[R]
-.fi
-.SS Renamed directories
-.PP
-Renaming a folder on the Path1 side results is deleting all files on the
-Path2 side and then copying all files again from Path1 to Path2.
-Bisync sees this as all files in the old directory name as deleted and
-all files in the new directory name as new.
-Similarly, renaming a directory on both sides to the same name will
-result in creating \f[C]..path1\f[R] and \f[C]..path2\f[R] files on both
-sides.
-Currently the most effective and efficient method of renaming a
-directory is to rename it on both sides, then do a \f[C]--resync\f[R].
-.SS Case sensitivity
-.PP
-Synching with \f[B]case-insensitive\f[R] filesystems, such as Windows or
-\f[C]Box\f[R], can result in file name conflicts.
-This will be fixed in a future release.
-The near term workaround is to make sure that files on both sides
-don\[aq]t have spelling case differences (\f[C]Smile.jpg\f[R] vs.
-\f[C]smile.jpg\f[R]).
-.SS Windows support
-.PP
-Bisync has been tested on Windows 8.1, Windows 10 Pro 64-bit and on
-Windows GitHub runners.
-.PP
-Drive letters are allowed, including drive letters mapped to network
-drives (\f[C]rclone bisync J:\[rs]localsync GDrive:\f[R]).
-If a drive letter is omitted, the shell current drive is the default.
-Drive letters are a single character follows by \f[C]:\f[R], so cloud
-names must be more than one character long.
-.PP
-Absolute paths (with or without a drive letter), and relative paths
-(with or without a drive letter) are supported.
-.PP
-Working directory is created at
-\f[C]C:\[rs]Users\[rs]MyLogin\[rs]AppData\[rs]Local\[rs]rclone\[rs]bisync\f[R].
-.PP
-Note that bisync output may show a mix of forward \f[C]/\f[R] and back
-\f[C]\[rs]\f[R] slashes.
-.PP
-Be careful of case independent directory and file naming on Windows vs.
-case dependent Linux
-.SS Filtering
-.PP
-See filtering documentation (https://rclone.org/filtering/) for how
-filter rules are written and interpreted.
-.PP
-Bisync\[aq]s \f[C]--filters-file\f[R] flag slightly extends the
-rclone\[aq]s
---filter-from (https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
-filtering mechanism.
-For a given bisync run you may provide \f[I]only one\f[R]
-\f[C]--filters-file\f[R].
-The \f[C]--include*\f[R], \f[C]--exclude*\f[R], and \f[C]--filter\f[R]
-flags are also supported.
-.SS How to filter directories
-.PP
-Filtering portions of the directory tree is a critical feature for
-synching.
-.PP
-Examples of directory trees (always beneath the Path1/Path2 root level)
-you may want to exclude from your sync: - Directory trees containing
-only software build intermediate files.
-- Directory trees containing application temporary files and data such
-as the Windows \f[C]C:\[rs]Users\[rs]MyLogin\[rs]AppData\[rs]\f[R] tree.
-- Directory trees containing files that are large, less important, or
-are getting thrashed continuously by ongoing processes.
-.PP
-On the other hand, there may be only select directories that you
-actually want to sync, and exclude all others.
-See the Example include-style filters for Windows user directories
-below.
-.SS Filters file writing guidelines
-.IP "1." 3
-Begin with excluding directory trees:
-.RS 4
-.IP \[bu] 2
-e.g.
-\[ga]- /AppData/\[ga]
-.IP \[bu] 2
-\f[C]**\f[R] on the end is not necessary.
-Once a given directory level is excluded then everything beneath it
-won\[aq]t be looked at by rclone.
-.IP \[bu] 2
-Exclude such directories that are unneeded, are big, dynamically
-thrashed, or where there may be access permission issues.
-.IP \[bu] 2
-Excluding such dirs first will make rclone operations (much) faster.
-.IP \[bu] 2
-Specific files may also be excluded, as with the Dropbox exclusions
-example below.
-.RE
-.IP "2." 3
-Decide if its easier (or cleaner) to:
-.RS 4
-.IP \[bu] 2
-Include select directories and therefore \f[I]exclude everything
-else\f[R] -- or --
-.IP \[bu] 2
-Exclude select directories and therefore \f[I]include everything
-else\f[R]
-.RE
-.IP "3." 3
-Include select directories:
-.RS 4
-.IP \[bu] 2
-Add lines like: \[ga]+ /Documents/PersonalFiles/**\[ga] to select which
-directories to include in the sync.
-.IP \[bu] 2
-\f[C]**\f[R] on the end specifies to include the full depth of the
-specified tree.
-.IP \[bu] 2
-With Include-style filters, files at the Path1/Path2 root are not
-included.
-They may be included with \[ga]+ /*\[ga].
-.IP \[bu] 2
-Place RCLONE_TEST files within these included directory trees.
-They will only be looked for in these directory trees.
-.IP \[bu] 2
-Finish by excluding everything else by adding \[ga]- **\[ga] at the end
-of the filters file.
-.IP \[bu] 2
-Disregard step 4.
-.RE
-.IP "4." 3
-Exclude select directories:
-.RS 4
-.IP \[bu] 2
-Add more lines like in step 1.
-For example: \f[C]-/Desktop/tempfiles/\f[R], or \[ga]-
-/testdir/\f[C].    Again, a\f[R]**\[ga] on the end is not necessary.
-.IP \[bu] 2
-Do \f[I]not\f[R] add a \[ga]- **\[ga] in the file.
-Without this line, everything will be included that has not be
-explicitly excluded.
-.IP \[bu] 2
-Disregard step 3.
-.RE
-.PP
-A few rules for the syntax of a filter file expanding on filtering
-documentation (https://rclone.org/filtering/):
-.IP \[bu] 2
-Lines may start with spaces and tabs - rclone strips leading whitespace.
-.IP \[bu] 2
-If the first non-whitespace character is a \f[C]#\f[R] then the line is
-a comment and will be ignored.
-.IP \[bu] 2
-Blank lines are ignored.
-.IP \[bu] 2
-The first non-whitespace character on a filter line must be a
-\f[C]+\f[R] or \f[C]-\f[R].
-.IP \[bu] 2
-Exactly 1 space is allowed between the \f[C]+/-\f[R] and the path term.
-.IP \[bu] 2
-Only forward slashes (\f[C]/\f[R]) are used in path terms, even on
-Windows.
-.IP \[bu] 2
-The rest of the line is taken as the path term.
-Trailing whitespace is taken literally, and probably is an error.
-.SS Example include-style filters for Windows user directories
-.PP
-This Windows \f[I]include-style\f[R] example is based on the sync root
-(Path1) set to \f[C]C:\[rs]Users\[rs]MyLogin\f[R].
-The strategy is to select specific directories to be synched with a
-network drive (Path2).
-.IP \[bu] 2
-\[ga]- /AppData/\[ga] excludes an entire tree of Windows stored stuff
-that need not be synched.
-In my case, AppData has >11 GB of stuff I don\[aq]t care about, and
-there are some subdirectories beneath AppData that are not accessible to
-my user login, resulting in bisync critical aborts.
-.IP \[bu] 2
-Windows creates cache files starting with both upper and lowercase
-\f[C]NTUSER\f[R] at \f[C]C:\[rs]Users\[rs]MyLogin\f[R].
-These files may be dynamic, locked, and are generally \f[I]don\[aq]t
-care\f[R].
-.IP \[bu] 2
-There are just a few directories with \f[I]my\f[R] data that I do want
-synched, in the form of \[ga]+
-/\f[C]. By selecting only the directory trees I   want to avoid the dozen plus directories that various apps make   at\f[R]C:\[ga].
-.IP \[bu] 2
-Include files in the root of the sync point,
-\f[C]C:\[rs]Users\[rs]MyLogin\f[R], by adding the \[ga]+ /*\[ga] line.
-.IP \[bu] 2
-This is an Include-style filters file, therefore it ends with \[ga]-
-**\[ga] which excludes everything not explicitly included.
-.IP
-.nf
-\f[C]
-- /AppData/
-- NTUSER*
-- ntuser*
-+ /Documents/Family/**
-+ /Documents/Sketchup/**
-+ /Documents/Microcapture_Photo/**
-+ /Documents/Microcapture_Video/**
-+ /Desktop/**
-+ /Pictures/**
-+ /*
-- **
-\f[R]
-.fi
-.PP
-Note also that Windows implements several \[dq]library\[dq] links such
-as \f[C]C:\[rs]Users\[rs]MyLogin\[rs]My Documents\[rs]My Music\f[R]
-pointing to \f[C]C:\[rs]Users\[rs]MyLogin\[rs]Music\f[R].
-rclone sees these as links, so you must add \f[C]--links\f[R] to the
-bisync command line if you which to follow these links.
-I find that I get permission errors in trying to follow the links, so I
-don\[aq]t include the rclone \f[C]--links\f[R] flag, but then you get
-lots of \f[C]Can\[aq]t follow symlink\&...\f[R] noise from rclone about
-not following the links.
-This noise can be quashed by adding \f[C]--quiet\f[R] to the bisync
-command line.
-.SS Example exclude-style filters files for use with Dropbox
-.IP \[bu] 2
-Dropbox disallows synching the listed temporary and configuration/data
-files.
-The \[ga]- \[ga] filters exclude these files where ever they may occur
-in the sync tree.
-Consider adding similar exclusions for file types you don\[aq]t need to
-sync, such as core dump and software build files.
-.IP \[bu] 2
-bisync testing creates \f[C]/testdir/\f[R] at the top level of the sync
-tree, and usually deletes the tree after the test.
-If a normal sync should run while the \f[C]/testdir/\f[R] tree exists
-the \f[C]--check-access\f[R] phase may fail due to unbalanced
-RCLONE_TEST files.
-The \[ga]- /testdir/\[ga] filter blocks this tree from being synched.
-You don\[aq]t need this exclusion if you are not doing bisync
-development testing.
-.IP \[bu] 2
-Everything else beneath the Path1/Path2 root will be synched.
-.IP \[bu] 2
-RCLONE_TEST files may be placed anywhere within the tree, including the
-root.
-.SS Example filters file for Dropbox
-.IP
-.nf
-\f[C]
-# Filter file for use with bisync
-# See https://rclone.org/filtering/ for filtering rules
-# NOTICE: If you make changes to this file you MUST do a --resync run.
-#         Run with --dry-run to see what changes will be made.
-
-# Dropbox wont sync some files so filter them away here.
-# See https://help.dropbox.com/installs-integrations/sync-uploads/files-not-syncing
-- .dropbox.attr
-- \[ti]*.tmp
-- \[ti]$*
-- .\[ti]*
-- desktop.ini
-- .dropbox
-
-# Used for bisync testing, so excluded from normal runs
-- /testdir/
-
-# Other example filters
-#- /TiBU/
-#- /Photos/
-\f[R]
-.fi
-.SS How --check-access handles filters
-.PP
-At the start of a bisync run, listings are gathered for Path1 and Path2
-while using the user\[aq]s \f[C]--filters-file\f[R].
-During the check access phase, bisync scans these listings for
-\f[C]RCLONE_TEST\f[R] files.
-Any \f[C]RCLONE_TEST\f[R] files hidden by the \f[C]--filters-file\f[R]
-are \f[I]not\f[R] in the listings and thus not checked during the check
-access phase.
-.SS Troubleshooting
-.SS Reading bisync logs
-.PP
-Here are two normal runs.
-The first one has a newer file on the remote.
-The second has no deltas between local and remote.
-.IP
-.nf
-\f[C]
-2021/05/16 00:24:38 INFO  : Synching Path1 \[dq]/path/to/local/tree/\[dq] with Path2 \[dq]dropbox:/\[dq]
-2021/05/16 00:24:38 INFO  : Path1 checking for diffs
-2021/05/16 00:24:38 INFO  : - Path1    File is new                         - file.txt
-2021/05/16 00:24:38 INFO  : Path1:    1 changes:    1 new,    0 newer,    0 older,    0 deleted
-2021/05/16 00:24:38 INFO  : Path2 checking for diffs
-2021/05/16 00:24:38 INFO  : Applying changes
-2021/05/16 00:24:38 INFO  : - Path1    Queue copy to Path2                 - dropbox:/file.txt
-2021/05/16 00:24:38 INFO  : - Path1    Do queued copies to                 - Path2
-2021/05/16 00:24:38 INFO  : Updating listings
-2021/05/16 00:24:38 INFO  : Validating listings for Path1 \[dq]/path/to/local/tree/\[dq] vs Path2 \[dq]dropbox:/\[dq]
-2021/05/16 00:24:38 INFO  : Bisync successful
-
-2021/05/16 00:36:52 INFO  : Synching Path1 \[dq]/path/to/local/tree/\[dq] with Path2 \[dq]dropbox:/\[dq]
-2021/05/16 00:36:52 INFO  : Path1 checking for diffs
-2021/05/16 00:36:52 INFO  : Path2 checking for diffs
-2021/05/16 00:36:52 INFO  : No changes found
-2021/05/16 00:36:52 INFO  : Updating listings
-2021/05/16 00:36:52 INFO  : Validating listings for Path1 \[dq]/path/to/local/tree/\[dq] vs Path2 \[dq]dropbox:/\[dq]
-2021/05/16 00:36:52 INFO  : Bisync successful
-\f[R]
-.fi
-.SS Dry run oddity
+\[uFF0F]
+T}
+T{
+DEL
+T}@T{
+0x7F
+T}@T{
+\[u2421]
+T}
+.TE
 .PP
-The \f[C]--dry-run\f[R] messages may indicate that it would try to
-delete some files.
-For example, if a file is new on Path2 and does not exist on Path1 then
-it would normally be copied to Path1, but with \f[C]--dry-run\f[R]
-enabled those copies don\[aq]t happen, which leads to the attempted
-delete on the Path2, blocked again by --dry-run:
-\f[C]... Not deleting as --dry-run\f[R].
+The default encoding will also encode these file names as they are
+problematic with many cloud storage systems.
 .PP
-This whole confusing situation is an artifact of the \f[C]--dry-run\f[R]
-flag.
-Scrutinize the proposed deletes carefully, and if the files would have
-been copied to Path1 then the threatened deletes on Path2 may be
-disregarded.
-.SS Retries
+.TS
+tab(@);
+l c.
+T{
+File name
+T}@T{
+Replacement
+T}
+_
+T{
+\&.
+T}@T{
+\[uFF0E]
+T}
+T{
+\&..
+T}@T{
+\[uFF0E]\[uFF0E]
+T}
+.TE
+.SS Invalid UTF-8 bytes
 .PP
-Rclone has built in retries.
-If you run with \f[C]--verbose\f[R] you\[aq]ll see error and retry
-messages such as shown below.
-This is usually not a bug.
-If at the end of the run you see \f[C]Bisync successful\f[R] and not
-\f[C]Bisync critical error\f[R] or \f[C]Bisync aborted\f[R] then the run
-was successful, and you can ignore the error messages.
+Some backends only support a sequence of well formed UTF-8 bytes as file
+or directory names.
 .PP
-The following run shows an intermittent fail.
-Lines \f[I]5\f[R] and _6- are low level messages.
-Line \f[I]6\f[R] is a bubbled-up \f[I]warning\f[R] message, conveying
-the error.
-Rclone normally retries failing commands, so there may be numerous such
-messages in the log.
+In this case all invalid UTF-8 bytes will be replaced with a quoted
+representation of the byte value to allow uploading a file to such a
+backend.
+For example, the invalid byte \f[C]0xFE\f[R] will be encoded as
+\f[C]\[u201B]FE\f[R].
 .PP
-Since there are no final error/warning messages on line \f[I]7\f[R],
-rclone has recovered from failure after a retry, and the overall sync
-was successful.
-.IP
-.nf
-\f[C]
-1: 2021/05/14 00:44:12 INFO  : Synching Path1 \[dq]/path/to/local/tree\[dq] with Path2 \[dq]dropbox:\[dq]
-2: 2021/05/14 00:44:12 INFO  : Path1 checking for diffs
-3: 2021/05/14 00:44:12 INFO  : Path2 checking for diffs
-4: 2021/05/14 00:44:12 INFO  : Path2:  113 changes:   22 new,    0 newer,    0 older,   91 deleted
-5: 2021/05/14 00:44:12 ERROR : /path/to/local/tree/objects/af: error listing: unexpected end of JSON input
-6: 2021/05/14 00:44:12 NOTICE: WARNING  listing try 1 failed.                 - dropbox:
-7: 2021/05/14 00:44:12 INFO  : Bisync successful
-\f[R]
-.fi
+A common source of invalid UTF-8 bytes are local filesystems, that store
+names in a different encoding than UTF-8 or UTF-16, like latin1.
+See the local filenames (https://rclone.org/local/#filenames) section
+for details.
+.SS Encoding option
 .PP
-This log shows a \f[I]Critical failure\f[R] which requires a
-\f[C]--resync\f[R] to recover from.
-See the Runtime Error Handling section.
-.IP
-.nf
-\f[C]
-2021/05/12 00:49:40 INFO  : Google drive root \[aq]\[aq]: Waiting for checks to finish
-2021/05/12 00:49:40 INFO  : Google drive root \[aq]\[aq]: Waiting for transfers to finish
-2021/05/12 00:49:40 INFO  : Google drive root \[aq]\[aq]: not deleting files as there were IO errors
-2021/05/12 00:49:40 ERROR : Attempt 3/3 failed with 3 errors and: not deleting files as there were IO errors
-2021/05/12 00:49:40 ERROR : Failed to sync: not deleting files as there were IO errors
-2021/05/12 00:49:40 NOTICE: WARNING  rclone sync try 3 failed.           - /path/to/local/tree/
-2021/05/12 00:49:40 ERROR : Bisync aborted. Must run --resync to recover.
-\f[R]
-.fi
-.SS Denied downloads of \[dq]infected\[dq] or \[dq]abusive\[dq] files
+Most backends have an encoding option, specified as a flag
+\f[C]--backend-encoding\f[R] where \f[C]backend\f[R] is the name of the
+backend, or as a config parameter \f[C]encoding\f[R] (you\[aq]ll need to
+select the Advanced config in \f[C]rclone config\f[R] to see it).
 .PP
-Google Drive has a filter for certain file types (\f[C].exe\f[R],
-\f[C].apk\f[R], et cetera) that by default cannot be copied from Google
-Drive to the local filesystem.
-If you are having problems, run with \f[C]--verbose\f[R] to see
-specifically which files are generating complaints.
-If the error is
-\f[C]This file has been identified as malware or spam and cannot be downloaded\f[R],
-consider using the flag
---drive-acknowledge-abuse (https://rclone.org/drive/#drive-acknowledge-abuse).
-.SS Google Doc files
+This will have default value which encodes and decodes characters in
+such a way as to preserve the maximum number of characters (see above).
 .PP
-Google docs exist as virtual files on Google Drive and cannot be
-transferred to other filesystems natively.
-While it is possible to export a Google doc to a normal file (with
-\f[C].xlsx\f[R] extension, for example), it is not possible to import a
-normal file back into a Google document.
+However this can be incorrect in some scenarios, for example if you have
+a Windows file system with Unicode fullwidth characters
+\f[C]\[uFF0A]\f[R], \f[C]\[uFF1F]\f[R] or \f[C]\[uFF1A]\f[R], that you
+want to remain as those characters on the remote rather than being
+translated to regular (halfwidth) \f[C]*\f[R], \f[C]?\f[R] and
+\f[C]:\f[R].
 .PP
-Bisync\[aq]s handling of Google Doc files is to flag them in the run log
-output for user\[aq]s attention and ignore them for any file transfers,
-deletes, or syncs.
-They will show up with a length of \f[C]-1\f[R] in the listings.
-This bisync run is otherwise successful:
-.IP
-.nf
-\f[C]
-2021/05/11 08:23:15 INFO  : Synching Path1 \[dq]/path/to/local/tree/base/\[dq] with Path2 \[dq]GDrive:\[dq]
-2021/05/11 08:23:15 INFO  : ...path2.lst-new: Ignoring incorrect line: \[dq]- -1 - - 2018-07-29T08:49:30.136000000+0000 GoogleDoc.docx\[dq]
-2021/05/11 08:23:15 INFO  : Bisync successful
-\f[R]
-.fi
-.SS Usage examples
-.SS Cron
+The \f[C]--backend-encoding\f[R] flags allow you to change that.
+You can disable the encoding completely with
+\f[C]--backend-encoding None\f[R] or set \f[C]encoding = None\f[R] in
+the config file.
 .PP
-Rclone does not yet have a built-in capability to monitor the local file
-system for changes and must be blindly run periodically.
-On Windows this can be done using a \f[I]Task Scheduler\f[R], on Linux
-you can use \f[I]Cron\f[R] which is described below.
+Encoding takes a comma separated list of encodings.
+You can see the list of all possible values by passing an invalid value
+to this flag, e.g.
+\f[C]--local-encoding \[dq]help\[dq]\f[R].
+The command \f[C]rclone help flags encoding\f[R] will show you the
+defaults for the backends.
 .PP
-The 1st example runs a sync every 5 minutes between a local directory
-and an OwnCloud server, with output logged to a runlog file:
+.TS
+tab(@);
+lw(21.7n) lw(24.1n) lw(24.1n).
+T{
+Encoding
+T}@T{
+Characters
+T}@T{
+Encoded as
+T}
+_
+T{
+Asterisk
+T}@T{
+\f[C]*\f[R]
+T}@T{
+\f[C]\[uFF0A]\f[R]
+T}
+T{
+BackQuote
+T}@T{
+\f[C]\[ga]\f[R]
+T}@T{
+\f[C]\[uFF40]\f[R]
+T}
+T{
+BackSlash
+T}@T{
+\f[C]\[rs]\f[R]
+T}@T{
+\f[C]\[uFF3C]\f[R]
+T}
+T{
+Colon
+T}@T{
+\f[C]:\f[R]
+T}@T{
+\f[C]\[uFF1A]\f[R]
+T}
+T{
+CrLf
+T}@T{
+CR 0x0D, LF 0x0A
+T}@T{
+\f[C]\[u240D]\f[R], \f[C]\[u240A]\f[R]
+T}
+T{
+Ctl
+T}@T{
+All control characters 0x00-0x1F
+T}@T{
+\f[C]\[u2400]\[u2401]\[u2402]\[u2403]\[u2404]\[u2405]\[u2406]\[u2407]\[u2408]\[u2409]\[u240A]\[u240B]\[u240C]\[u240D]\[u240E]\[u240F]\[u2410]\[u2411]\[u2412]\[u2413]\[u2414]\[u2415]\[u2416]\[u2417]\[u2418]\[u2419]\[u241A]\[u241B]\[u241C]\[u241D]\[u241E]\[u241F]\f[R]
+T}
+T{
+Del
+T}@T{
+DEL 0x7F
+T}@T{
+\f[C]\[u2421]\f[R]
+T}
+T{
+Dollar
+T}@T{
+\f[C]$\f[R]
+T}@T{
+\f[C]\[uFF04]\f[R]
+T}
+T{
+Dot
+T}@T{
+\f[C].\f[R] or \f[C]..\f[R] as entire string
+T}@T{
+\f[C]\[uFF0E]\f[R], \f[C]\[uFF0E]\[uFF0E]\f[R]
+T}
+T{
+DoubleQuote
+T}@T{
+\f[C]\[dq]\f[R]
+T}@T{
+\f[C]\[uFF02]\f[R]
+T}
+T{
+Hash
+T}@T{
+\f[C]#\f[R]
+T}@T{
+\f[C]\[uFF03]\f[R]
+T}
+T{
+InvalidUtf8
+T}@T{
+An invalid UTF-8 character (e.g.
+latin1)
+T}@T{
+\f[C]\[uFFFD]\f[R]
+T}
+T{
+LeftCrLfHtVt
+T}@T{
+CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the left of a string
+T}@T{
+\f[C]\[u240D]\f[R], \f[C]\[u240A]\f[R], \f[C]\[u2409]\f[R],
+\f[C]\[u240B]\f[R]
+T}
+T{
+LeftPeriod
+T}@T{
+\f[C].\f[R] on the left of a string
+T}@T{
+\f[C].\f[R]
+T}
+T{
+LeftSpace
+T}@T{
+SPACE on the left of a string
+T}@T{
+\f[C]\[u2420]\f[R]
+T}
+T{
+LeftTilde
+T}@T{
+\f[C]\[ti]\f[R] on the left of a string
+T}@T{
+\f[C]\[uFF5E]\f[R]
+T}
+T{
+LtGt
+T}@T{
+\f[C]<\f[R], \f[C]>\f[R]
+T}@T{
+\f[C]\[uFF1C]\f[R], \f[C]\[uFF1E]\f[R]
+T}
+T{
+None
+T}@T{
+No characters are encoded
+T}@T{
+T}
+T{
+Percent
+T}@T{
+\f[C]%\f[R]
+T}@T{
+\f[C]\[uFF05]\f[R]
+T}
+T{
+Pipe
+T}@T{
+|
+T}@T{
+\f[C]\[uFF5C]\f[R]
+T}
+T{
+Question
+T}@T{
+\f[C]?\f[R]
+T}@T{
+\f[C]\[uFF1F]\f[R]
+T}
+T{
+RightCrLfHtVt
+T}@T{
+CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the right of a string
+T}@T{
+\f[C]\[u240D]\f[R], \f[C]\[u240A]\f[R], \f[C]\[u2409]\f[R],
+\f[C]\[u240B]\f[R]
+T}
+T{
+RightPeriod
+T}@T{
+\f[C].\f[R] on the right of a string
+T}@T{
+\f[C].\f[R]
+T}
+T{
+RightSpace
+T}@T{
+SPACE on the right of a string
+T}@T{
+\f[C]\[u2420]\f[R]
+T}
+T{
+Semicolon
+T}@T{
+\f[C];\f[R]
+T}@T{
+\f[C]\[uFF1B]\f[R]
+T}
+T{
+SingleQuote
+T}@T{
+\f[C]\[aq]\f[R]
+T}@T{
+\f[C]\[uFF07]\f[R]
+T}
+T{
+Slash
+T}@T{
+\f[C]/\f[R]
+T}@T{
+\f[C]\[uFF0F]\f[R]
+T}
+T{
+SquareBracket
+T}@T{
+\f[C][\f[R], \f[C]]\f[R]
+T}@T{
+\f[C]\[uFF3B]\f[R], \f[C]\[uFF3D]\f[R]
+T}
+.TE
+.SS Encoding example: FTP
+.PP
+To take a specific example, the FTP backend\[aq]s default encoding is
 .IP
 .nf
 \f[C]
-# Minute (0-59)
-#      Hour (0-23)
-#           Day of Month (1-31)
-#                Month (1-12 or Jan-Dec)
-#                     Day of Week (0-6 or Sun-Sat)
-#                         Command
-  */5  *    *    *    *   /path/to/rclone bisync /local/files MyCloud: --check-access --filters-file /path/to/bysync-filters.txt --log-file /path/to//bisync.log
+--ftp-encoding \[dq]Slash,Del,Ctl,RightSpace,Dot\[dq]
 \f[R]
 .fi
 .PP
-See crontab
-syntax (https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES)).
-for the details of crontab time interval expressions.
-.PP
-If you run \f[C]rclone bisync\f[R] as a cron job, redirect stdout/stderr
-to a file.
-The 2nd example runs a sync to Dropbox every hour and logs all stdout
-(via the \f[C]>>\f[R]) and stderr (via \f[C]2>&1\f[R]) to a log file.
+However, let\[aq]s say the FTP server is running on Windows and
+can\[aq]t have any of the invalid Windows characters in file names.
+You are backing up Linux servers to this FTP server which do have those
+characters in file names.
+So you would add the Windows set which are
 .IP
 .nf
 \f[C]
-0 * * * * /path/to/rclone bisync /path/to/local/dropbox Dropbox: --check-access --filters-file /home/user/filters.txt >> /path/to/logs/dropbox-run.log 2>&1
+Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
 \f[R]
 .fi
-.SS Sharing an encrypted folder tree between hosts
-.PP
-bisync can keep a local folder in sync with a cloud service, but what if
-you have some highly sensitive files to be synched?
 .PP
-Usage of a cloud service is for exchanging both routine and sensitive
-personal files between one\[aq]s home network, one\[aq]s personal
-notebook when on the road, and with one\[aq]s work computer.
-The routine data is not sensitive.
-For the sensitive data, configure an rclone crypt
-remote (https://rclone.org/crypt/) to point to a subdirectory within the
-local disk tree that is bisync\[aq]d to Dropbox, and then set up an
-bisync for this local crypt directory to a directory outside of the main
-sync tree.
-.SS Linux server setup
-.IP \[bu] 2
-\f[C]/path/to/DBoxroot\f[R] is the root of my local sync tree.
-There are numerous subdirectories.
-.IP \[bu] 2
-\f[C]/path/to/DBoxroot/crypt\f[R] is the root subdirectory for files
-that are encrypted.
-This local directory target is setup as an rclone crypt remote named
-\f[C]Dropcrypt:\f[R].
-See rclone.conf snippet below.
-.IP \[bu] 2
-\f[C]/path/to/my/unencrypted/files\f[R] is the root of my sensitive
-files - not encrypted, not within the tree synched to Dropbox.
-.IP \[bu] 2
-To sync my local unencrypted files with the encrypted Dropbox versions I
-manually run \f[C]bisync /path/to/my/unencrypted/files DropCrypt:\f[R].
-This step could be bundled into a script to run before and after the
-full Dropbox tree sync in the last step, thus actively keeping the
-sensitive files in sync.
-.IP \[bu] 2
-\f[C]bisync /path/to/DBoxroot Dropbox:\f[R] runs periodically via cron,
-keeping my full local sync tree in sync with Dropbox.
-.SS Windows notebook setup
-.IP \[bu] 2
-The Dropbox client runs keeping the local tree
-\f[C]C:\[rs]Users\[rs]MyLogin\[rs]Dropbox\f[R] always in sync with
-Dropbox.
-I could have used \f[C]rclone bisync\f[R] instead.
-.IP \[bu] 2
-A separate directory tree at
-\f[C]C:\[rs]Users\[rs]MyLogin\[rs]Documents\[rs]DropLocal\f[R] hosts the
-tree of unencrypted files/folders.
-.IP \[bu] 2
-To sync my local unencrypted files with the encrypted Dropbox versions I
-manually run the following command:
-\f[C]rclone bisync C:\[rs]Users\[rs]MyLogin\[rs]Documents\[rs]DropLocal Dropcrypt:\f[R].
-.IP \[bu] 2
-The Dropbox client then syncs the changes with Dropbox.
-.SS rclone.conf snippet
+to the existing ones, giving:
 .IP
 .nf
 \f[C]
-[Dropbox]
-type = dropbox
-\&...
-
-[Dropcrypt]
-type = crypt
-remote = /path/to/DBoxroot/crypt          # on the Linux server
-remote = C:\[rs]Users\[rs]MyLogin\[rs]Dropbox\[rs]crypt   # on the Windows notebook
-filename_encryption = standard
-directory_name_encryption = true
-password = ...
-\&...
+Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot,Del,RightSpace
 \f[R]
 .fi
-.SS Testing
 .PP
-You should read this section only if you are developing for rclone.
-You need to have rclone source code locally to work with bisync tests.
+This can be specified using the \f[C]--ftp-encoding\f[R] flag or using
+an \f[C]encoding\f[R] parameter in the config file.
+.SS Encoding example: Windows
 .PP
-Bisync has a dedicated test framework implemented in the
-\f[C]bisync_test.go\f[R] file located in the rclone source tree.
-The test suite is based on the \f[C]go test\f[R] command.
-Series of tests are stored in subdirectories below the
-\f[C]cmd/bisync/testdata\f[R] directory.
-Individual tests can be invoked by their directory name, e.g.
-\f[C]go test . -case basic -remote local -remote2 gdrive: -v\f[R]
+As a nother example, take a Windows system where there is a file with
+name \f[C]Test\[uFF1A]1.jpg\f[R], where \f[C]\[uFF1A]\f[R] is the
+Unicode fullwidth colon symbol.
+When using rclone to copy this to a remote which supports \f[C]:\f[R],
+the regular (halfwidth) colon (such as Google Drive), you will notice
+that the file gets renamed to \f[C]Test:1.jpg\f[R].
 .PP
-Tests will make a temporary folder on remote and purge it afterwards.
-If during test run there are intermittent errors and rclone retries,
-these errors will be captured and flagged as invalid MISCOMPAREs.
-Rerunning the test will let it pass.
-Consider such failures as noise.
-.SS Test command syntax
+To avoid this you can change the set of characters rclone should convert
+for the local filesystem, using command-line argument
+\f[C]--local-encoding\f[R].
+Rclone\[aq]s default behavior on Windows corresponds to
 .IP
 .nf
 \f[C]
-usage: go test ./cmd/bisync [options...]
-
-Options:
-  -case NAME        Name(s) of the test case(s) to run. Multiple names should
-                    be separated by commas. You can remove the \[ga]test_\[ga] prefix
-                    and replace \[ga]_\[ga] by \[ga]-\[ga] in test name for convenience.
-                    If not \[ga]all\[ga], the name(s) should map to a directory under
-                    \[ga]./cmd/bisync/testdata\[ga].
-                    Use \[ga]all\[ga] to run all tests (default: all)
-  -remote PATH1     \[ga]local\[ga] or name of cloud service with \[ga]:\[ga] (default: local)
-  -remote2 PATH2    \[ga]local\[ga] or name of cloud service with \[ga]:\[ga] (default: local)
-  -no-compare       Disable comparing test results with the golden directory
-                    (default: compare)
-  -no-cleanup       Disable cleanup of Path1 and Path2 testdirs.
-                    Useful for troubleshooting. (default: cleanup)
-  -golden           Store results in the golden directory (default: false)
-                    This flag can be used with multiple tests.
-  -debug            Print debug messages
-  -stop-at NUM      Stop test after given step number. (default: run to the end)
-                    Implies \[ga]-no-compare\[ga] and \[ga]-no-cleanup\[ga], if the test really
-                    ends prematurely. Only meaningful for a single test case.
-  -refresh-times    Force refreshing the target modtime, useful for Dropbox
-                    (default: false)
-  -verbose          Run tests verbosely
+--local-encoding \[dq]Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot\[dq]
+\f[R]
+.fi
+.PP
+If you want to use fullwidth characters \f[C]\[uFF1A]\f[R],
+\f[C]\[uFF0A]\f[R] and \f[C]\[uFF1F]\f[R] in your filenames without
+rclone changing them when uploading to a remote, then set the same as
+the default value but without \f[C]Colon,Question,Asterisk\f[R]:
+.IP
+.nf
+\f[C]
+--local-encoding \[dq]Slash,LtGt,DoubleQuote,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot\[dq]
 \f[R]
 .fi
 .PP
-Note: unlike rclone flags which must be prefixed by double dash
-(\f[C]--\f[R]), the test command flags can be equally prefixed by a
-single \f[C]-\f[R] or double dash.
-.SS Running tests
-.IP \[bu] 2
-\f[C]go test . -case basic -remote local -remote2 local\f[R] runs the
-\f[C]test_basic\f[R] test case using only the local filesystem, synching
-one local directory with another local directory.
-Test script output is to the console, while commands within scenario.txt
-have their output sent to the \f[C].../workdir/test.log\f[R] file, which
-is finally compared to the golden copy.
-.IP \[bu] 2
-The first argument after \f[C]go test\f[R] should be a relative name of
-the directory containing bisync source code.
-If you run tests right from there, the argument will be \f[C].\f[R]
-(current directory) as in most examples below.
-If you run bisync tests from the rclone source directory, the command
-should be \f[C]go test ./cmd/bisync ...\f[R].
-.IP \[bu] 2
-The test engine will mangle rclone output to ensure comparability with
-golden listings and logs.
-.IP \[bu] 2
-Test scenarios are located in \f[C]./cmd/bisync/testdata\f[R].
-The test \f[C]-case\f[R] argument should match the full name of a
-subdirectory under that directory.
-Every test subdirectory name on disk must start with \f[C]test_\f[R],
-this prefix can be omitted on command line for brevity.
-Also, underscores in the name can be replaced by dashes for convenience.
-.IP \[bu] 2
-\f[C]go test . -remote local -remote2 local -case all\f[R] runs all
-tests.
-.IP \[bu] 2
-Path1 and Path2 may either be the keyword \f[C]local\f[R] or may be
-names of configured cloud services.
-\f[C]go test . -remote gdrive: -remote2 dropbox: -case basic\f[R] will
-run the test between these two services, without transferring any files
-to the local filesystem.
-.IP \[bu] 2
-Test run stdout and stderr console output may be directed to a file,
-e.g.
-\f[C]go test . -remote gdrive: -remote2 local -case all > runlog.txt 2>&1\f[R]
-.SS Test execution flow
-.IP "1." 3
-The base setup in the \f[C]initial\f[R] directory of the testcase is
-applied on the Path1 and Path2 filesystems (via rclone copy the initial
-directory to Path1, then rclone sync Path1 to Path2).
-.IP "2." 3
-The commands in the scenario.txt file are applied, with output directed
-to the \f[C]test.log\f[R] file in the test working directory.
-Typically, the first actual command in the \f[C]scenario.txt\f[R] file
-is to do a \f[C]--resync\f[R], which establishes the baseline
-\f[C]{...}.path1.lst\f[R] and \f[C]{...}.path2.lst\f[R] files in the
-test working directory (\f[C].../workdir/\f[R] relative to the temporary
-test directory).
-Various commands and listing snapshots are done within the test.
-.IP "3." 3
-Finally, the contents of the test working directory are compared to the
-contents of the testcase\[aq]s golden directory.
-.SS Notes about testing
-.IP \[bu] 2
-Test cases are in individual directories beneath
-\f[C]./cmd/bisync/testdata\f[R].
-A command line reference to a test is understood to reference a
-directory beneath \f[C]testdata\f[R].
-For example,
-\f[C]go test ./cmd/bisync -case dry-run -remote gdrive: -remote2 local\f[R]
-refers to the test case in \f[C]./cmd/bisync/testdata/test_dry_run\f[R].
-.IP \[bu] 2
-The test working directory is located at \f[C].../workdir\f[R] relative
-to a temporary test directory, usually under \f[C]/tmp\f[R] on Linux.
-.IP \[bu] 2
-The local test sync tree is created at a temporary directory named like
-\f[C]bisync.XXX\f[R] under system temporary directory.
-.IP \[bu] 2
-The remote test sync tree is located at a temporary directory under
-\f[C]<remote:>/bisync.XXX/\f[R].
-.IP \[bu] 2
-\f[C]path1\f[R] and/or \f[C]path2\f[R] subdirectories are created in a
-temporary directory under the respective local or cloud test remote.
-.IP \[bu] 2
-By default, the Path1 and Path2 test dirs and workdir will be deleted
-after each test run.
-The \f[C]-no-cleanup\f[R] flag disables purging these directories when
-validating and debugging a given test.
-These directories will be flushed before running another test,
-independent of the \f[C]-no-cleanup\f[R] usage.
-.IP \[bu] 2
-You will likely want to add \[ga]-
-/testdir/\f[C]to your normal   bisync\f[R]--filters-file\f[C]so that normal syncs do not attempt to sync   the test temporary directories, which may have\f[R]RCLONE_TEST\f[C]miscompares   in some testcases which would otherwise trip the\f[R]--check-access\f[C]system.   The\f[R]--check-access\f[C]mechanism is hard-coded to ignore\f[R]RCLONE_TEST\f[C]files beneath\f[R]bisync/testdata\[ga],
-so the test cases may reside on the synched tree even if there are check
-file mismatches in the test tree.
-.IP \[bu] 2
-Some Dropbox tests can fail, notably printing the following message:
-\f[C]src and dst identical but can\[aq]t set mod time without deleting and re-uploading\f[R]
-This is expected and happens due a way Dropbox handles modification
-times.
-You should use the \f[C]-refresh-times\f[R] test flag to make up for
-this.
-.IP \[bu] 2
-If Dropbox tests hit request limit for you and print error message
-\f[C]too_many_requests/...: Too many requests or write operations.\f[R]
-then follow the Dropbox App ID
-instructions (https://rclone.org/dropbox/#get-your-own-dropbox-app-id).
-.SS Updating golden results
+Alternatively, you can disable the conversion of any characters with
+\f[C]--local-encoding None\f[R].
 .PP
-Sometimes even a slight change in the bisync source can cause little
-changes spread around many log files.
-Updating them manually would be a nightmare.
+Instead of using command-line argument \f[C]--local-encoding\f[R], you
+may also set it as environment
+variable (https://rclone.org/docs/#environment-variables)
+\f[C]RCLONE_LOCAL_ENCODING\f[R], or
+configure (https://rclone.org/docs/#configure) a remote of type
+\f[C]local\f[R] in your config, and set the \f[C]encoding\f[R] option
+there.
 .PP
-The \f[C]-golden\f[R] flag will store the \f[C]test.log\f[R] and
-\f[C]*.lst\f[R] listings from each test case into respective golden
-directories.
-Golden results will automatically contain generic strings instead of
-local or cloud paths which means that they should match when run with a
-different cloud service.
+The risk by doing this is that if you have a filename with the regular
+(halfwidth) \f[C]:\f[R], \f[C]*\f[R] and \f[C]?\f[R] in your cloud
+storage, and you try to download it to your Windows filesystem, this
+will fail.
+These characters are not valid in filenames on Windows, and you have
+told rclone not to work around this by converting them to valid
+fullwidth variants.
+.SS MIME Type
 .PP
-Your normal workflow might be as follows: 1.
-Git-clone the rclone sources locally 2.
-Modify bisync source and check that it builds 3.
-Run the whole test suite \f[C]go test ./cmd/bisync -remote local\f[R] 4.
-If some tests show log difference, recheck them individually, e.g.:
-\f[C]go test ./cmd/bisync -remote local -case basic\f[R] 5.
-If you are convinced with the difference, goldenize all tests at once:
-\f[C]go test ./cmd/bisync -remote local -golden\f[R] 6.
-Use word diff: \f[C]git diff --word-diff ./cmd/bisync/testdata/\f[R].
-Please note that normal line-level diff is generally useless here.
-7.
-Check the difference \f[I]carefully\f[R]! 8.
-Commit the change (\f[C]git commit\f[R]) \f[I]only\f[R] if you are sure.
-If unsure, save your code changes then wipe the log diffs from git:
-\f[C]git reset [--hard]\f[R].
-.SS Structure of test scenarios
-.IP \[bu] 2
-\f[C]<testname>/initial/\f[R] contains a tree of files that will be set
-as the initial condition on both Path1 and Path2 testdirs.
-.IP \[bu] 2
-\f[C]<testname>/modfiles/\f[R] contains files that will be used to
-modify the Path1 and/or Path2 filesystems.
-.IP \[bu] 2
-\f[C]<testname>/golden/\f[R] contains the expected content of the test
-working directory (\f[C]workdir\f[R]) at the completion of the testcase.
-.IP \[bu] 2
-\f[C]<testname>/scenario.txt\f[R] contains the body of the test, in the
-form of various commands to modify files, run bisync, and snapshot
-listings.
-Output from these commands is captured to \f[C].../workdir/test.log\f[R]
-for comparison to the golden files.
-.SS Supported test commands
-.IP \[bu] 2
-\f[C]test <some message>\f[R] Print the line to the console and to the
-\f[C]test.log\f[R]:
-\f[C]test sync is working correctly with options x, y, z\f[R]
-.IP \[bu] 2
-\f[C]copy-listings <prefix>\f[R] Save a copy of all \f[C].lst\f[R]
-listings in the test working directory with the specified prefix:
-\f[C]save-listings exclude-pass-run\f[R]
-.IP \[bu] 2
-\f[C]move-listings <prefix>\f[R] Similar to \f[C]copy-listings\f[R] but
-removes the source
-.IP \[bu] 2
-\f[C]purge-children <dir>\f[R] This will delete all child files and
-purge all child subdirs under given directory but keep the parent
-intact.
-This behavior is important for tests with Google Drive because removing
-and re-creating the parent would change its ID.
-.IP \[bu] 2
-\f[C]delete-file <file>\f[R] Delete a single file.
-.IP \[bu] 2
-\f[C]delete-glob <dir> <pattern>\f[R] Delete a group of files located
-one level deep in the given directory with names maching a given glob
-pattern.
-.IP \[bu] 2
-\f[C]touch-glob YYYY-MM-DD <dir> <pattern>\f[R] Change modification time
-on a group of files.
-.IP \[bu] 2
-\f[C]touch-copy YYYY-MM-DD <source-file> <dest-dir>\f[R] Change file
-modification time then copy it to destination.
-.IP \[bu] 2
-\f[C]copy-file <source-file> <dest-dir>\f[R] Copy a single file to given
-directory.
-.IP \[bu] 2
-\f[C]copy-as <source-file> <dest-file>\f[R] Similar to above but
-destination must include both directory and the new file name at
-destination.
-.IP \[bu] 2
-\f[C]copy-dir <src> <dst>\f[R] and \f[C]sync-dir <src> <dst>\f[R]
-Copy/sync a directory.
-Equivalent of \f[C]rclone copy\f[R] and \f[C]rclone sync\f[R].
-.IP \[bu] 2
-\f[C]list-dirs <dir>\f[R] Equivalent to
-\f[C]rclone lsf -R --dirs-only <dir>\f[R]
-.IP \[bu] 2
-\f[C]bisync [options]\f[R] Runs bisync against \f[C]-remote\f[R] and
-\f[C]-remote2\f[R].
-.SS Supported substitution terms
-.IP \[bu] 2
-\f[C]{testdir/}\f[R] - the root dir of the testcase
-.IP \[bu] 2
-\f[C]{datadir/}\f[R] - the \f[C]modfiles\f[R] dir under the testcase
-root
-.IP \[bu] 2
-\f[C]{workdir/}\f[R] - the temporary test working directory
-.IP \[bu] 2
-\f[C]{path1/}\f[R] - the root of the Path1 test directory tree
-.IP \[bu] 2
-\f[C]{path2/}\f[R] - the root of the Path2 test directory tree
-.IP \[bu] 2
-\f[C]{session}\f[R] - base name of the test listings
-.IP \[bu] 2
-\f[C]{/}\f[R] - OS-specific path separator
-.IP \[bu] 2
-\f[C]{spc}\f[R], \f[C]{tab}\f[R], \f[C]{eol}\f[R] - whitespace
-.IP \[bu] 2
-\f[C]{chr:HH}\f[R] - raw byte with given hexadecimal code
+MIME types (also known as media types) classify types of documents using
+a simple text classification, e.g.
+\f[C]text/html\f[R] or \f[C]application/pdf\f[R].
 .PP
-Substitution results of the terms named like \f[C]{dir/}\f[R] will end
-with \f[C]/\f[R] (or backslash on Windows), so it is not necessary to
-include slash in the usage, for example
-\f[C]delete-file {path1/}file1.txt\f[R].
-.SS Benchmarks
+Some cloud storage systems support reading (\f[C]R\f[R]) the MIME type
+of objects and some support writing (\f[C]W\f[R]) the MIME type of
+objects.
 .PP
-\f[I]This section is work in progress.\f[R]
+The MIME type can be important if you are serving files directly to HTTP
+from the storage system.
 .PP
-Here are a few data points for scale, execution times, and memory usage.
+If you are copying from a remote which supports reading (\f[C]R\f[R]) to
+a remote which supports writing (\f[C]W\f[R]) then rclone will preserve
+the MIME types.
+Otherwise they will be guessed from the extension, or the remote itself
+may assign the MIME type.
+.SS Metadata
 .PP
-The first set of data was taken between a local disk to Dropbox.
-The speedtest.net (https://speedtest.net) download speed was \[ti]170
-Mbps, and upload speed was \[ti]10 Mbps.
-500 files (\[ti]9.5 MB each) had been already synched.
-50 files were added in a new directory, each \[ti]9.5 MB, \[ti]475 MB
-total.
+Backends may or may support reading or writing metadata.
+They may support reading and writing system metadata (metadata intrinsic
+to that backend) and/or user metadata (general purpose metadata).
+.PP
+The levels of metadata support are
 .PP
 .TS
 tab(@);
-lw(23.8n) lw(35.0n) lw(11.2n).
+l l.
+T{
+Key
+T}@T{
+Explanation
+T}
+_
+T{
+\f[C]R\f[R]
+T}@T{
+Read only System Metadata
+T}
+T{
+\f[C]RW\f[R]
+T}@T{
+Read and write System Metadata
+T}
+T{
+\f[C]RWU\f[R]
+T}@T{
+Read and write System Metadata and read and write User Metadata
+T}
+.TE
+.PP
+See the metadata docs (https://rclone.org/docs/#metadata) for more info.
+.SS Optional Features
+.PP
+All rclone remotes support a base command set.
+Other features depend upon backend-specific capabilities.
+.PP
+.TS
+tab(@);
+lw(14.4n) cw(3.6n) cw(3.1n) cw(3.1n) cw(4.6n) cw(4.6n) cw(3.6n) cw(7.2n) lw(9.8n) cw(7.2n) cw(3.6n) cw(5.1n).
+T{
+Name
+T}@T{
+Purge
+T}@T{
+Copy
+T}@T{
+Move
+T}@T{
+DirMove
+T}@T{
+CleanUp
+T}@T{
+ListR
+T}@T{
+StreamUpload
+T}@T{
+MultithreadUpload
+T}@T{
+LinkSharing
+T}@T{
+About
+T}@T{
+EmptyDir
+T}
+_
+T{
+1Fichier
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
+Akamai Netstorage
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
+Amazon Drive
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
+Amazon S3 (or S3 compatible)
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}
+T{
+Backblaze B2
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}
+T{
+Box
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Citrix ShareFile
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
+Dropbox
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
 T{
-Change
+Enterprise File Fabric
 T}@T{
-Operations and times
+Yes
 T}@T{
-Overall run time
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
 T}
-_
 T{
-500 files synched (nothing to move)
+FTP
 T}@T{
-1x listings for Path1 & Path2
+No
 T}@T{
-1.5 sec
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
 T}
 T{
-500 files synched with --check-access
+Google Cloud Storage
 T}@T{
-1x listings for Path1 & Path2
+Yes
 T}@T{
-1.5 sec
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
 T}
 T{
-50 new files on remote
+Google Drive
 T}@T{
-Queued 50 copies down: 27 sec
+Yes
 T}@T{
-29 sec
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
 T}
 T{
-Moved local dir
+Google Photos
 T}@T{
-Queued 50 copies up: 410 sec, 50 deletes up: 9 sec
+No
 T}@T{
-421 sec
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
 T}
 T{
-Moved remote dir
+HDFS
 T}@T{
-Queued 50 copies down: 31 sec, 50 deletes down: <1 sec
+Yes
 T}@T{
-33 sec
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
 T}
 T{
-Delete local dir
+HiDrive
 T}@T{
-Queued 50 deletes up: 9 sec
+Yes
 T}@T{
-13 sec
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
 T}
-.TE
-.PP
-This next data is from a user\[aq]s application.
-They had \[ti]400GB of data over 1.96 million files being sync\[aq]ed
-between a Windows local disk and some remote cloud.
-The file full path length was on average 35 characters (which factors
-into load time and RAM required).
-.IP \[bu] 2
-Loading the prior listing into memory (1.96 million files, listing file
-size 140 MB) took \[ti]30 sec and occupied about 1 GB of RAM.
-.IP \[bu] 2
-Getting a fresh listing of the local file system (producing the 140 MB
-output file) took about XXX sec.
-.IP \[bu] 2
-Getting a fresh listing of the remote file system (producing the 140 MB
-output file) took about XXX sec.
-The network download speed was measured at XXX Mb/s.
-.IP \[bu] 2
-Once the prior and current Path1 and Path2 listings were loaded (a total
-of four to be loaded, two at a time), determining the deltas was pretty
-quick (a few seconds for this test case), and the transfer time for any
-files to be copied was dominated by the network bandwidth.
-.SS References
-.PP
-rclone\[aq]s bisync implementation was derived from the
-rclonesync-V2 (https://github.com/cjnaz/rclonesync-V2) project,
-including documentation and test mechanisms, with
-[\[at]cjnaz](https://github.com/cjnaz)\[aq]s full support and
-encouragement.
-.PP
-\f[C]rclone bisync\f[R] is similar in nature to a range of other
-projects:
-.IP \[bu] 2
-unison (https://github.com/bcpierce00/unison)
-.IP \[bu] 2
-syncthing (https://github.com/syncthing/syncthing)
-.IP \[bu] 2
-cjnaz/rclonesync (https://github.com/cjnaz/rclonesync-V2)
-.IP \[bu] 2
-ConorWilliams/rsinc (https://github.com/ConorWilliams/rsinc)
-.IP \[bu] 2
-jwink3101/syncrclone (https://github.com/Jwink3101/syncrclone)
-.IP \[bu] 2
-DavideRossi/upback (https://github.com/DavideRossi/upback)
-.PP
-Bisync adopts the differential synchronization technique, which is based
-on keeping history of changes performed by both synchronizing sides.
-See the \f[I]Dual Shadow Method\f[R] section in the Neil Fraser\[aq]s
-article (https://neil.fraser.name/writing/sync/).
-.PP
-Also note a number of academic publications by Benjamin
-Pierce (http://www.cis.upenn.edu/%7Ebcpierce/papers/index.shtml#File%20Synchronization)
-about \f[I]Unison\f[R] and synchronization in general.
-.SH 1Fichier
-.PP
-This is a backend for the 1fichier (https://1fichier.com) cloud storage
-service.
-Note that a Premium subscription is required to use the API.
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
-The initial setup for 1Fichier involves getting the API key from the
-website which you need to do in your browser.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / 1Fichier
-   \[rs] \[dq]fichier\[dq]
-[snip]
-Storage> fichier
-** See help for fichier backend at: https://rclone.org/fichier/ **
-
-Your API Key, get it from https://1fichier.com/console/params.pl
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-api_key> example_key
-
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> 
-Remote config
---------------------
-[remote]
-type = fichier
-api_key = example_key
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your 1Fichier account
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
-List all the files in your 1Fichier account
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
-To copy a local directory to a 1Fichier directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Modified time and hashes
-.PP
-1Fichier does not support modification times.
-It supports the Whirlpool hash algorithm.
-.SS Duplicated files
-.PP
-1Fichier can have two files with exactly the same name and path (unlike
-a normal file system).
-.PP
-Duplicated files cause problems with the syncing and you will see
-messages in the log about duplicates.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
 T{
-Character
+HTTP
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
+Internet Archive
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}
+T{
+Jottacloud
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Koofr
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Mail.ru Cloud
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Mega
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Memory
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
 T}@T{
-Value
+No
 T}@T{
-Replacement
+No
 T}
-_
 T{
-\[rs]
+Microsoft Azure Blob Storage
 T}@T{
-0x5C
+Yes
 T}@T{
-\[uFF3C]
-T}
-T{
-<
+Yes
 T}@T{
-0x3C
+No
 T}@T{
-\[uFF1C]
-T}
-T{
->
+No
 T}@T{
-0x3E
+No
 T}@T{
-\[uFF1E]
-T}
-T{
-\[dq]
+Yes
 T}@T{
-0x22
+Yes
 T}@T{
-\[uFF02]
-T}
-T{
-$
+Yes
 T}@T{
-0x24
+No
 T}@T{
-\[uFF04]
+No
+T}@T{
+No
 T}
 T{
-\[ga]
+Microsoft Azure Files Storage
 T}@T{
-0x60
+No
 T}@T{
-\[uFF40]
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
 T}
 T{
-\[aq]
+Microsoft OneDrive
 T}@T{
-0x27
+Yes
 T}@T{
-\[uFF07]
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes \[u2075]
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
 T}
-.TE
-.PP
-File names can also not start or end with the following characters.
-These only get replaced if they are the first or last character in the
-name:
-.PP
-.TS
-tab(@);
-l c c.
 T{
-Character
+OpenDrive
 T}@T{
-Value
+Yes
 T}@T{
-Replacement
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
 T}
-_
 T{
-SP
+OpenStack Swift
 T}@T{
-0x20
+Yes \[S1]
 T}@T{
-\[u2420]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
-Here are the Standard options specific to fichier (1Fichier).
-.SS --fichier-api-key
-.PP
-Your API Key, get it from https://1fichier.com/console/params.pl.
-.PP
-Properties:
-.IP \[bu] 2
-Config: api_key
-.IP \[bu] 2
-Env Var: RCLONE_FICHIER_API_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
-Here are the Advanced options specific to fichier (1Fichier).
-.SS --fichier-shared-folder
-.PP
-If you want to download a shared folder, add this parameter.
-.PP
-Properties:
-.IP \[bu] 2
-Config: shared_folder
-.IP \[bu] 2
-Env Var: RCLONE_FICHIER_SHARED_FOLDER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --fichier-file-password
-.PP
-If you want to download a shared file that is password protected, add
-this parameter.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
-Properties:
-.IP \[bu] 2
-Config: file_password
-.IP \[bu] 2
-Env Var: RCLONE_FICHIER_FILE_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --fichier-folder-password
-.PP
-If you want to list the files in a shared folder that is password
-protected, add this parameter.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
-Properties:
-.IP \[bu] 2
-Config: folder_password
-.IP \[bu] 2
-Env Var: RCLONE_FICHIER_FOLDER_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --fichier-encoding
-.PP
-The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
-Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_FICHIER_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default:
-Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot
-.SS Limitations
-.PP
-\f[C]rclone about\f[R] is not supported by the 1Fichier backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Alias
-.PP
-The \f[C]alias\f[R] remote provides a new name for another remote.
-.PP
-Paths may be as deep as required or a local path, e.g.
-\f[C]remote:directory/subdirectory\f[R] or
-\f[C]/directory/subdirectory\f[R].
-.PP
-During the initial setup with \f[C]rclone config\f[R] you will specify
-the target remote.
-The target remote can either be a local path or another remote.
-.PP
-Subfolders can be used in target remote.
-Assume an alias remote named \f[C]backup\f[R] with the target
-\f[C]mydrive:private/backup\f[R].
-Invoking \f[C]rclone mkdir backup:desktop\f[R] is exactly the same as
-invoking \f[C]rclone mkdir mydrive:private/backup/desktop\f[R].
-.PP
-There will be no special handling of paths containing \f[C]..\f[R]
-segments.
-Invoking \f[C]rclone mkdir backup:../desktop\f[R] is exactly the same as
-invoking \f[C]rclone mkdir mydrive:private/backup/../desktop\f[R].
-The empty path is not allowed as a remote.
-To alias the current directory use \f[C].\f[R] instead.
-.PP
-The target remote can also be a connection
-string (https://rclone.org/docs/#connection-strings).
-This can be used to modify the config of a remote for different uses,
-e.g.
-the alias \f[C]myDriveTrash\f[R] with the target remote
-\f[C]myDrive,trashed_only:\f[R] can be used to only show the trashed
-files in \f[C]myDrive\f[R].
-.SS Configuration
-.PP
-Here is an example of how to make an alias called \f[C]remote\f[R] for
-local folder.
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Alias for an existing remote
-   \[rs] \[dq]alias\[dq]
-[snip]
-Storage> alias
-Remote or path to alias.
-Can be \[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq], \[dq]myremote:\[dq] or \[dq]/local/path\[dq].
-remote> /mnt/storage/backup
-Remote config
---------------------
-[remote]
-remote = /mnt/storage/backup
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
-
-Name                 Type
-====                 ====
-remote               alias
-
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
-\f[R]
-.fi
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level in \f[C]/mnt/storage/backup\f[R]
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
-List all the files in \f[C]/mnt/storage/backup\f[R]
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
-Copy another local directory to the alias directory called source
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:source
-\f[R]
-.fi
-.SS Standard options
-.PP
-Here are the Standard options specific to alias (Alias for an existing
-remote).
-.SS --alias-remote
-.PP
-Remote or path to alias.
-.PP
-Can be \[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq],
-\[dq]myremote:\[dq] or \[dq]/local/path\[dq].
-.PP
-Properties:
-.IP \[bu] 2
-Config: remote
-.IP \[bu] 2
-Env Var: RCLONE_ALIAS_REMOTE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SH Amazon Drive
-.PP
-Amazon Drive, formerly known as Amazon Cloud Drive, is a cloud storage
-service run by Amazon for consumers.
-.SS Status
-.PP
-\f[B]Important:\f[R] rclone supports Amazon Drive only if you have your
-own set of API keys.
-Unfortunately the Amazon Drive developer
-program (https://developer.amazon.com/amazon-drive) is now closed to new
-entries so if you don\[aq]t already have your own set of keys you will
-not be able to use rclone with Amazon Drive.
-.PP
-For the history on why rclone no longer has a set of Amazon Drive API
-keys see the
-forum (https://forum.rclone.org/t/rclone-has-been-banned-from-amazon-drive/2314).
-.PP
-If you happen to know anyone who works at Amazon then please ask them to
-re-instate rclone into the Amazon Drive developer program - thanks!
-.SS Configuration
-.PP
-The initial setup for Amazon Drive involves getting a token from Amazon
-which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-The configuration process for Amazon Drive may involve using an oauth
-proxy (https://github.com/ncw/oauthproxy).
-This is used to keep the Amazon credentials out of the source code.
-The proxy runs in Google\[aq]s very secure App Engine environment and
-doesn\[aq]t store any credentials which pass through it.
-.PP
-Since rclone doesn\[aq]t currently have its own Amazon Drive credentials
-so you will either need to have your own \f[C]client_id\f[R] and
-\f[C]client_secret\f[R] with Amazon Drive, or use a third-party oauth
-proxy in which case you will need to enter \f[C]client_id\f[R],
-\f[C]client_secret\f[R], \f[C]auth_url\f[R] and \f[C]token_url\f[R].
-.PP
-Note also if you are not using Amazon\[aq]s \f[C]auth_url\f[R] and
-\f[C]token_url\f[R], (ie you filled in something for those) then if
-setting up on a remote machine you can only use the copying the config
-method of
-configuration (https://rclone.org/remote_setup/#configuring-by-copying-the-config-file)
-- \f[C]rclone authorize\f[R] will not work.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon Drive
-   \[rs] \[dq]amazon cloud drive\[dq]
-[snip]
-Storage> amazon cloud drive
-Amazon Application Client Id - required.
-client_id> your client ID goes here
-Amazon Application Client Secret - required.
-client_secret> your client secret goes here
-Auth server URL - leave blank to use Amazon\[aq]s.
-auth_url> Optional auth URL
-Token server url - leave blank to use Amazon\[aq]s.
-token_url> Optional token URL
-Remote config
-Make sure your Redirect URL is set to \[dq]http://127.0.0.1:53682/\[dq] in your custom config.
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-client_id = your client ID goes here
-client_secret = your client secret goes here
-auth_url = Optional auth URL
-token_url = Optional token URL
-token = {\[dq]access_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxx\[dq],\[dq]expiry\[dq]:\[dq]2015-09-06T16:07:39.658438471+01:00\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Amazon.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your Amazon Drive
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
-List all the files in your Amazon Drive
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
-To copy a local directory to an Amazon Drive directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Modified time and MD5SUMs
-.PP
-Amazon Drive doesn\[aq]t allow modification times to be changed via the
-API so these won\[aq]t be accurate or used for syncing.
-.PP
-It does store MD5SUMs so for a more accurate sync, you can use the
-\f[C]--checksum\f[R] flag.
-.SS Restricted filename characters
-.PP
-.TS
-tab(@);
-l c c.
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}
 T{
-Character
+Oracle Object Storage
 T}@T{
-Value
+No
 T}@T{
-Replacement
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
 T}
-_
 T{
-NUL
+pCloud
 T}@T{
-0x00
+Yes
 T}@T{
-\[u2400]
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
 T}
 T{
-/
+PikPak
 T}@T{
-0x2F
+Yes
 T}@T{
-\[uFF0F]
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
 T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Deleting files
-.PP
-Any files you delete with rclone will end up in the trash.
-Amazon don\[aq]t provide an API to permanently delete files, nor to
-empty the trash, so you will have to do that with one of Amazon\[aq]s
-apps or via the Amazon Drive website.
-As of November 17, 2016, files are automatically deleted by Amazon from
-the trash after 30 days.
-.SS Using with non \f[C].com\f[R] Amazon accounts
-.PP
-Let\[aq]s say you usually use \f[C]amazon.co.uk\f[R].
-When you authenticate with rclone it will take you to an
-\f[C]amazon.com\f[R] page to log in.
-Your \f[C]amazon.co.uk\f[R] email and password should work here just
-fine.
-.SS Standard options
-.PP
-Here are the Standard options specific to amazon cloud drive (Amazon
-Drive).
-.SS --acd-client-id
-.PP
-OAuth Client Id.
-.PP
-Leave blank normally.
-.PP
-Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_ACD_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --acd-client-secret
-.PP
-OAuth Client Secret.
-.PP
-Leave blank normally.
-.PP
-Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_ACD_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
-Here are the Advanced options specific to amazon cloud drive (Amazon
-Drive).
-.SS --acd-token
-.PP
-OAuth Access Token as a JSON blob.
-.PP
-Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_ACD_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --acd-auth-url
-.PP
-Auth server URL.
-.PP
-Leave blank to use the provider defaults.
-.PP
-Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_ACD_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --acd-token-url
-.PP
-Token server url.
-.PP
-Leave blank to use the provider defaults.
-.PP
-Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_ACD_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --acd-checkpoint
-.PP
-Checkpoint for internal polling (debug).
-.PP
-Properties:
-.IP \[bu] 2
-Config: checkpoint
-.IP \[bu] 2
-Env Var: RCLONE_ACD_CHECKPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --acd-upload-wait-per-gb
-.PP
-Additional time per GiB to wait after a failed complete upload to see if
-it appears.
-.PP
-Sometimes Amazon Drive gives an error when a file has been fully
-uploaded but the file appears anyway after a little while.
-This happens sometimes for files over 1 GiB in size and nearly every
-time for files bigger than 10 GiB.
-This parameter controls the time rclone waits for the file to appear.
-.PP
-The default value for this parameter is 3 minutes per GiB, so by default
-it will wait 3 minutes for every GiB uploaded to see if the file
-appears.
-.PP
-You can disable this feature by setting it to 0.
-This may cause conflict errors as rclone retries the failed upload but
-the file will most likely appear correctly eventually.
-.PP
-These values were determined empirically by observing lots of uploads of
-big files for a range of file sizes.
-.PP
-Upload with the \[dq]-v\[dq] flag to see more info about what rclone is
-doing in this situation.
-.PP
-Properties:
-.IP \[bu] 2
-Config: upload_wait_per_gb
-.IP \[bu] 2
-Env Var: RCLONE_ACD_UPLOAD_WAIT_PER_GB
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 3m0s
-.SS --acd-templink-threshold
-.PP
-Files >= this size will be downloaded via their tempLink.
-.PP
-Files this size or more will be downloaded via their \[dq]tempLink\[dq].
-This is to work around a problem with Amazon Drive which blocks
-downloads of files bigger than about 10 GiB.
-The default for this is 9 GiB which shouldn\[aq]t need to be changed.
-.PP
-To download files above this threshold, rclone requests a
-\[dq]tempLink\[dq] which downloads the file through a temporary URL
-directly from the underlying S3 storage.
-.PP
-Properties:
-.IP \[bu] 2
-Config: templink_threshold
-.IP \[bu] 2
-Env Var: RCLONE_ACD_TEMPLINK_THRESHOLD
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 9Gi
-.SS --acd-encoding
-.PP
-The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
-Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_ACD_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,InvalidUtf8,Dot
-.SS Limitations
-.PP
-Note that Amazon Drive is case insensitive so you can\[aq]t have a file
-called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
-Amazon Drive has rate limiting so you may notice errors in the sync (429
-errors).
-rclone will automatically retry the sync up to 3 times by default (see
-\f[C]--retries\f[R] flag) which should hopefully work around this
-problem.
-.PP
-Amazon Drive has an internal limit of file sizes that can be uploaded to
-the service.
-This limit is not officially published, but all files larger than this
-will fail.
-.PP
-At the time of writing (Jan 2016) is in the area of 50 GiB per file.
-This means that larger files are likely to fail.
-.PP
-Unfortunately there is no way for rclone to see that this failure is
-because of file size, so it will retry the operation, as any other
-failure.
-To avoid this problem, use \f[C]--max-size 50000M\f[R] option to limit
-the maximum size of uploaded files.
-Note that \f[C]--max-size\f[R] does not split files into segments, it
-only ignores files over this size.
-.PP
-\f[C]rclone about\f[R] is not supported by the Amazon Drive backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Amazon S3 Storage Providers
-.PP
-The S3 backend can be used with a number of different providers:
-.IP \[bu] 2
-AWS S3
-.IP \[bu] 2
-Alibaba Cloud (Aliyun) Object Storage System (OSS)
-.IP \[bu] 2
-Ceph
-.IP \[bu] 2
-China Mobile Ecloud Elastic Object Storage (EOS)
-.IP \[bu] 2
-Cloudflare R2
-.IP \[bu] 2
-Arvan Cloud Object Storage (AOS)
-.IP \[bu] 2
-DigitalOcean Spaces
-.IP \[bu] 2
-Dreamhost
-.IP \[bu] 2
-Huawei OBS
-.IP \[bu] 2
-IBM COS S3
-.IP \[bu] 2
-IDrive e2
-.IP \[bu] 2
-IONOS Cloud
-.IP \[bu] 2
-Liara Object Storage
-.IP \[bu] 2
-Minio
-.IP \[bu] 2
-Qiniu Cloud Object Storage (Kodo)
-.IP \[bu] 2
-RackCorp Object Storage
-.IP \[bu] 2
-Scaleway
-.IP \[bu] 2
-Seagate Lyve Cloud
-.IP \[bu] 2
-SeaweedFS
-.IP \[bu] 2
-StackPath
-.IP \[bu] 2
+T{
+premiumize.me
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+put.io
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Proton Drive
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+QingStor
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}
+T{
+Quatrix by Maytech
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Seafile
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+SFTP
+T}@T{
+No
+T}@T{
+Yes \[u2074]
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Sia
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
+SMB
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
+SugarSync
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}
+T{
 Storj
-.IP \[bu] 2
-Tencent Cloud Object Storage (COS)
-.IP \[bu] 2
-Wasabi
-.PP
-Paths are specified as \f[C]remote:bucket\f[R] (or \f[C]remote:\f[R] for
-the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:bucket/path/to/dir\f[R].
-.PP
-Once you have made a remote (see the provider specific section above)
-you can use it like this:
-.PP
-See all buckets
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
+T}@T{
+Yes \[S2]
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}
+T{
+Uptobox
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}
+T{
+WebDAV
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes \[S3]
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Yandex Disk
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+Zoho WorkDrive
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+T{
+The local filesystem
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}@T{
+No
+T}@T{
+Yes
+T}@T{
+Yes
+T}
+.TE
 .PP
-Make a new bucket
-.IP
-.nf
-\f[C]
-rclone mkdir remote:bucket
-\f[R]
-.fi
+\[S1] Note Swift implements this in order to delete directory markers
+but it doesn\[aq]t actually have a quicker way of deleting files other
+than deleting them individually.
 .PP
-List the contents of a bucket
-.IP
-.nf
-\f[C]
-rclone ls remote:bucket
-\f[R]
-.fi
+\[S2] Storj implements this efficiently only for entire buckets.
+If purging a directory inside a bucket, files are deleted individually.
 .PP
-Sync \f[C]/home/local/directory\f[R] to the remote bucket, deleting any
-excess files in the bucket.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory remote:bucket
-\f[R]
-.fi
-.SS Configuration
+\[S3] StreamUpload is not supported with Nextcloud
 .PP
-Here is an example of making an s3 configuration for the AWS S3
-provider.
-Most applies to the other providers as well, any differences are
-described below.
+\[u2074] Use the \f[C]--sftp-copy-is-hardlink\f[R] flag to enable.
 .PP
-First run
-.IP
-.nf
-\f[C]
-rclone config
-\f[R]
-.fi
+\[u2075] Use the \f[C]--onedrive-delta\f[R] flag to enable.
+.SS Purge
 .PP
-This will guide you through an interactive setup process.
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Ceph, ChinaMobile, ArvanCloud, Dreamhost, IBM COS, Liara, Minio, and Tencent COS
-   \[rs] \[dq]s3\[dq]
-[snip]
-Storage> s3
-Choose your S3 provider.
-Choose a number from below, or type in your own value
- 1 / Amazon Web Services (AWS) S3
-   \[rs] \[dq]AWS\[dq]
- 2 / Ceph Object Storage
-   \[rs] \[dq]Ceph\[dq]
- 3 / DigitalOcean Spaces
-   \[rs] \[dq]DigitalOcean\[dq]
- 4 / Dreamhost DreamObjects
-   \[rs] \[dq]Dreamhost\[dq]
- 5 / IBM COS S3
-   \[rs] \[dq]IBMCOS\[dq]
- 6 / Minio Object Storage
-   \[rs] \[dq]Minio\[dq]
- 7 / Wasabi Object Storage
-   \[rs] \[dq]Wasabi\[dq]
- 8 / Any other S3 compatible provider
-   \[rs] \[dq]Other\[dq]
-provider> 1
-Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter AWS credentials in the next step
-   \[rs] \[dq]false\[dq]
- 2 / Get AWS credentials from the environment (env vars or IAM)
-   \[rs] \[dq]true\[dq]
-env_auth> 1
-AWS Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id> XXX
-AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key> YYY
-Region to connect to.
-Choose a number from below, or type in your own value
-   / The default endpoint - a good choice if you are unsure.
- 1 | US Region, Northern Virginia, or Pacific Northwest.
-   | Leave location constraint empty.
-   \[rs] \[dq]us-east-1\[dq]
-   / US East (Ohio) Region
- 2 | Needs location constraint us-east-2.
-   \[rs] \[dq]us-east-2\[dq]
-   / US West (Oregon) Region
- 3 | Needs location constraint us-west-2.
-   \[rs] \[dq]us-west-2\[dq]
-   / US West (Northern California) Region
- 4 | Needs location constraint us-west-1.
-   \[rs] \[dq]us-west-1\[dq]
-   / Canada (Central) Region
- 5 | Needs location constraint ca-central-1.
-   \[rs] \[dq]ca-central-1\[dq]
-   / EU (Ireland) Region
- 6 | Needs location constraint EU or eu-west-1.
-   \[rs] \[dq]eu-west-1\[dq]
-   / EU (London) Region
- 7 | Needs location constraint eu-west-2.
-   \[rs] \[dq]eu-west-2\[dq]
-   / EU (Frankfurt) Region
- 8 | Needs location constraint eu-central-1.
-   \[rs] \[dq]eu-central-1\[dq]
-   / Asia Pacific (Singapore) Region
- 9 | Needs location constraint ap-southeast-1.
-   \[rs] \[dq]ap-southeast-1\[dq]
-   / Asia Pacific (Sydney) Region
-10 | Needs location constraint ap-southeast-2.
-   \[rs] \[dq]ap-southeast-2\[dq]
-   / Asia Pacific (Tokyo) Region
-11 | Needs location constraint ap-northeast-1.
-   \[rs] \[dq]ap-northeast-1\[dq]
-   / Asia Pacific (Seoul)
-12 | Needs location constraint ap-northeast-2.
-   \[rs] \[dq]ap-northeast-2\[dq]
-   / Asia Pacific (Mumbai)
-13 | Needs location constraint ap-south-1.
-   \[rs] \[dq]ap-south-1\[dq]
-   / Asia Pacific (Hong Kong) Region
-14 | Needs location constraint ap-east-1.
-   \[rs] \[dq]ap-east-1\[dq]
-   / South America (Sao Paulo) Region
-15 | Needs location constraint sa-east-1.
-   \[rs] \[dq]sa-east-1\[dq]
-region> 1
-Endpoint for S3 API.
-Leave blank if using AWS to use the default endpoint for the region.
-endpoint>
-Location constraint - must be set to match the Region. Used when creating buckets only.
-Choose a number from below, or type in your own value
- 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
-   \[rs] \[dq]\[dq]
- 2 / US East (Ohio) Region.
-   \[rs] \[dq]us-east-2\[dq]
- 3 / US West (Oregon) Region.
-   \[rs] \[dq]us-west-2\[dq]
- 4 / US West (Northern California) Region.
-   \[rs] \[dq]us-west-1\[dq]
- 5 / Canada (Central) Region.
-   \[rs] \[dq]ca-central-1\[dq]
- 6 / EU (Ireland) Region.
-   \[rs] \[dq]eu-west-1\[dq]
- 7 / EU (London) Region.
-   \[rs] \[dq]eu-west-2\[dq]
- 8 / EU Region.
-   \[rs] \[dq]EU\[dq]
- 9 / Asia Pacific (Singapore) Region.
-   \[rs] \[dq]ap-southeast-1\[dq]
-10 / Asia Pacific (Sydney) Region.
-   \[rs] \[dq]ap-southeast-2\[dq]
-11 / Asia Pacific (Tokyo) Region.
-   \[rs] \[dq]ap-northeast-1\[dq]
-12 / Asia Pacific (Seoul)
-   \[rs] \[dq]ap-northeast-2\[dq]
-13 / Asia Pacific (Mumbai)
-   \[rs] \[dq]ap-south-1\[dq]
-14 / Asia Pacific (Hong Kong)
-   \[rs] \[dq]ap-east-1\[dq]
-15 / South America (Sao Paulo) Region.
-   \[rs] \[dq]sa-east-1\[dq]
-location_constraint> 1
-Canned ACL used when creating buckets and/or storing objects in S3.
-For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
-Choose a number from below, or type in your own value
- 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
-   \[rs] \[dq]private\[dq]
- 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
-   \[rs] \[dq]public-read\[dq]
-   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
- 3 | Granting this on a bucket is generally not recommended.
-   \[rs] \[dq]public-read-write\[dq]
- 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
-   \[rs] \[dq]authenticated-read\[dq]
-   / Object owner gets FULL_CONTROL. Bucket owner gets READ access.
- 5 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \[rs] \[dq]bucket-owner-read\[dq]
-   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
- 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
-   \[rs] \[dq]bucket-owner-full-control\[dq]
-acl> 1
-The server-side encryption algorithm used when storing this object in S3.
-Choose a number from below, or type in your own value
- 1 / None
-   \[rs] \[dq]\[dq]
- 2 / AES256
-   \[rs] \[dq]AES256\[dq]
-server_side_encryption> 1
-The storage class to use when storing objects in S3.
-Choose a number from below, or type in your own value
- 1 / Default
-   \[rs] \[dq]\[dq]
- 2 / Standard storage class
-   \[rs] \[dq]STANDARD\[dq]
- 3 / Reduced redundancy storage class
-   \[rs] \[dq]REDUCED_REDUNDANCY\[dq]
- 4 / Standard Infrequent Access storage class
-   \[rs] \[dq]STANDARD_IA\[dq]
- 5 / One Zone Infrequent Access storage class
-   \[rs] \[dq]ONEZONE_IA\[dq]
- 6 / Glacier storage class
-   \[rs] \[dq]GLACIER\[dq]
- 7 / Glacier Deep Archive storage class
-   \[rs] \[dq]DEEP_ARCHIVE\[dq]
- 8 / Intelligent-Tiering storage class
-   \[rs] \[dq]INTELLIGENT_TIERING\[dq]
- 9 / Glacier Instant Retrieval storage class
-   \[rs] \[dq]GLACIER_IR\[dq]
-storage_class> 1
-Remote config
---------------------
-[remote]
-type = s3
-provider = AWS
-env_auth = false
-access_key_id = XXX
-secret_access_key = YYY
-region = us-east-1
-endpoint =
-location_constraint =
-acl = private
-server_side_encryption =
-storage_class =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d>
-\f[R]
-.fi
-.SS Modified time
+This deletes a directory quicker than just deleting all the files in the
+directory.
+.SS Copy
 .PP
-The modified time is stored as metadata on the object as
-\f[C]X-Amz-Meta-Mtime\f[R] as floating point since the epoch, accurate
-to 1 ns.
+Used when copying an object to and from the same remote.
+This known as a server-side copy so you can copy a file without
+downloading it and uploading it again.
+It is used if you use \f[C]rclone copy\f[R] or \f[C]rclone move\f[R] if
+the remote doesn\[aq]t support \f[C]Move\f[R] directly.
 .PP
-If the modification time needs to be updated rclone will attempt to
-perform a server side copy to update the modification if the object can
-be copied in a single part.
-In the case the object is larger than 5Gb or is in Glacier or Glacier
-Deep Archive storage the object will be uploaded rather than copied.
+If the server doesn\[aq]t support \f[C]Copy\f[R] directly then for copy
+operations the file is downloaded then re-uploaded.
+.SS Move
 .PP
-Note that reading this from the object takes an additional
-\f[C]HEAD\f[R] request as the metadata isn\[aq]t returned in object
-listings.
-.SS Reducing costs
-.SS Avoiding HEAD requests to read the modification time
+Used when moving/renaming an object on the same remote.
+This is known as a server-side move of a file.
+This is used in \f[C]rclone move\f[R] if the server doesn\[aq]t support
+\f[C]DirMove\f[R].
 .PP
-By default, rclone will use the modification time of objects stored in
-S3 for syncing.
-This is stored in object metadata which unfortunately takes an extra
-HEAD request to read which can be expensive (in time and money).
+If the server isn\[aq]t capable of \f[C]Move\f[R] then rclone simulates
+it with \f[C]Copy\f[R] then delete.
+If the server doesn\[aq]t support \f[C]Copy\f[R] then rclone will
+download the file and re-upload it.
+.SS DirMove
 .PP
-The modification time is used by default for all operations that require
-checking the time a file was last updated.
-It allows rclone to treat the remote more like a true filesystem, but it
-is inefficient on S3 because it requires an extra API call to retrieve
-the metadata.
+This is used to implement \f[C]rclone move\f[R] to move a directory if
+possible.
+If it isn\[aq]t then it will use \f[C]Move\f[R] on each file (which
+falls back to \f[C]Copy\f[R] then download and upload - see
+\f[C]Move\f[R] section).
+.SS CleanUp
 .PP
-The extra API calls can be avoided when syncing (using
-\f[C]rclone sync\f[R] or \f[C]rclone copy\f[R]) in a few different ways,
-each with its own tradeoffs.
-.IP \[bu] 2
-\f[C]--size-only\f[R]
-.RS 2
-.IP \[bu] 2
-Only checks the size of files.
-.IP \[bu] 2
-Uses no extra transactions.
-.IP \[bu] 2
-If the file doesn\[aq]t change size then rclone won\[aq]t detect it has
-changed.
-.IP \[bu] 2
-\f[C]rclone sync --size-only /path/to/source s3:bucket\f[R]
-.RE
-.IP \[bu] 2
-\f[C]--checksum\f[R]
-.RS 2
-.IP \[bu] 2
-Checks the size and MD5 checksum of files.
-.IP \[bu] 2
-Uses no extra transactions.
-.IP \[bu] 2
-The most accurate detection of changes possible.
-.IP \[bu] 2
-Will cause the source to read an MD5 checksum which, if it is a local
-disk, will cause lots of disk activity.
-.IP \[bu] 2
-If the source and destination are both S3 this is the
-\f[B]recommended\f[R] flag to use for maximum efficiency.
-.IP \[bu] 2
-\f[C]rclone sync --checksum /path/to/source s3:bucket\f[R]
-.RE
-.IP \[bu] 2
-\f[C]--update --use-server-modtime\f[R]
-.RS 2
-.IP \[bu] 2
-Uses no extra transactions.
-.IP \[bu] 2
-Modification time becomes the time the object was uploaded.
-.IP \[bu] 2
-For many operations this is sufficient to determine if it needs
-uploading.
-.IP \[bu] 2
-Using \f[C]--update\f[R] along with \f[C]--use-server-modtime\f[R],
-avoids the extra API call and uploads files whose local modification
-time is newer than the time it was last uploaded.
-.IP \[bu] 2
-Files created with timestamps in the past will be missed by the sync.
-.IP \[bu] 2
-\f[C]rclone sync --update --use-server-modtime /path/to/source s3:bucket\f[R]
-.RE
+This is used for emptying the trash for a remote by
+\f[C]rclone cleanup\f[R].
 .PP
-These flags can and should be used in combination with
-\f[C]--fast-list\f[R] - see below.
+If the server can\[aq]t do \f[C]CleanUp\f[R] then
+\f[C]rclone cleanup\f[R] will return an error.
 .PP
-If using \f[C]rclone mount\f[R] or any command using the VFS (eg
-\f[C]rclone serve\f[R]) commands then you might want to consider using
-the VFS flag \f[C]--no-modtime\f[R] which will stop rclone reading the
-modification time for every object.
-You could also use \f[C]--use-server-modtime\f[R] if you are happy with
-the modification times of the objects being the time of upload.
-.SS Avoiding GET requests to read directory listings
+\[dd]\[dd] Note that while Box implements this it has to delete every
+file individually so it will be slower than emptying the trash via the
+WebUI
+.SS ListR
 .PP
-Rclone\[aq]s default directory traversal is to process each directory
-individually.
-This takes one API call per directory.
-Using the \f[C]--fast-list\f[R] flag will read all info about the
-objects into memory first using a smaller number of API calls (one per
-1000 objects).
+The remote supports a recursive list to list all the contents beneath a
+directory quickly.
+This enables the \f[C]--fast-list\f[R] flag to work.
 See the rclone docs (https://rclone.org/docs/#fast-list) for more
 details.
+.SS StreamUpload
+.PP
+Some remotes allow files to be uploaded without knowing the file size in
+advance.
+This allows certain operations to work without spooling the file to
+local disk first, e.g.
+\f[C]rclone rcat\f[R].
+.SS MultithreadUpload
+.PP
+Some remotes allow transfers to the remote to be sent as chunks in
+parallel.
+If this is supported then rclone will use multi-thread copying to
+transfer files much faster.
+.SS LinkSharing
+.PP
+Sets the necessary permissions on a file or folder and prints a link
+that allows others to access them, even if they don\[aq]t have an
+account on the particular cloud provider.
+.SS About
+.PP
+Rclone \f[C]about\f[R] prints quota information for a remote.
+Typical output includes bytes used, free, quota and in trash.
+.PP
+If a remote lacks about capability \f[C]rclone about remote:\f[R]returns
+an error.
+.PP
+Backends without about capability cannot determine free space for an
+rclone mount, or use policy \f[C]mfs\f[R] (most free space) as a member
+of an rclone union remote.
+.PP
+See rclone about command (https://rclone.org/commands/rclone_about/)
+.SS EmptyDir
+.PP
+The remote supports empty directories.
+See Limitations (https://rclone.org/bugs/#limitations) for details.
+Most Object/Bucket-based remotes do not support this.
+.SH Global Flags
+.PP
+This describes the global flags available to every rclone command split
+into groups.
+.SS Copy
+.PP
+Flags for anything which can Copy a file.
 .IP
 .nf
 \f[C]
-rclone sync --fast-list --checksum /path/to/source s3:bucket
+      --check-first                                 Do all the checks before starting transfers
+  -c, --checksum                                    Check for changes with size & checksum (if available, or fallback to size only).
+      --compare-dest stringArray                    Include additional comma separated server-side paths during comparison
+      --copy-dest stringArray                       Implies --compare-dest but also copies files from paths into destination
+      --cutoff-mode HARD|SOFT|CAUTIOUS              Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default HARD)
+      --ignore-case-sync                            Ignore case when synchronizing
+      --ignore-checksum                             Skip post copy check of checksums
+      --ignore-existing                             Skip all files that exist on destination
+      --ignore-size                                 Ignore size when skipping use modtime or checksum
+  -I, --ignore-times                                Don\[aq]t skip files that match size and time - transfer all files
+      --immutable                                   Do not modify files, fail if existing files have been modified
+      --inplace                                     Download directly to destination file instead of atomic download to temp/rename
+      --max-backlog int                             Maximum number of objects in sync or check backlog (default 10000)
+      --max-duration Duration                       Maximum duration rclone will transfer data for (default 0s)
+      --max-transfer SizeSuffix                     Maximum size of data to transfer (default off)
+  -M, --metadata                                    If set, preserve metadata when copying objects
+      --modify-window Duration                      Max time diff to be considered the same (default 1ns)
+      --multi-thread-chunk-size SizeSuffix          Chunk size for multi-thread downloads / uploads, if not set by filesystem (default 64Mi)
+      --multi-thread-cutoff SizeSuffix              Use multi-thread downloads for files above this size (default 256Mi)
+      --multi-thread-streams int                    Number of streams to use for multi-thread downloads (default 4)
+      --multi-thread-write-buffer-size SizeSuffix   In memory buffer size for writing when in multi-thread mode (default 128Ki)
+      --no-check-dest                               Don\[aq]t check the destination, copy regardless
+      --no-traverse                                 Don\[aq]t traverse destination file system on copy
+      --no-update-modtime                           Don\[aq]t update destination modtime if files identical
+      --order-by string                             Instructions on how to order the transfers, e.g. \[aq]size,descending\[aq]
+      --partial-suffix string                       Add partial-suffix to temporary file name when --inplace is not used (default \[dq].partial\[dq])
+      --refresh-times                               Refresh the modtime of remote files
+      --server-side-across-configs                  Allow server-side operations (e.g. copy) to work across different configs
+      --size-only                                   Skip based on size only, not modtime or checksum
+      --streaming-upload-cutoff SizeSuffix          Cutoff for switching to chunked upload if file size is unknown, upload starts after reaching cutoff or when file ends (default 100Ki)
+  -u, --update                                      Skip files that are newer on the destination
 \f[R]
 .fi
+.SS Sync
 .PP
-\f[C]--fast-list\f[R] trades off API transactions for memory use.
-As a rough guide rclone uses 1k of memory per object stored, so using
-\f[C]--fast-list\f[R] on a sync of a million objects will use roughly 1
-GiB of RAM.
-.PP
-If you are only copying a small number of files into a big repository
-then using \f[C]--no-traverse\f[R] is a good idea.
-This finds objects directly instead of through directory listings.
-You can do a \[dq]top-up\[dq] sync very cheaply by using
-\f[C]--max-age\f[R] and \f[C]--no-traverse\f[R] to copy only recent
-files, eg
+Flags just used for \f[C]rclone sync\f[R].
 .IP
 .nf
 \f[C]
-rclone copy --max-age 24h --no-traverse /path/to/source s3:bucket
+      --backup-dir string               Make backups into hierarchy based in DIR
+      --delete-after                    When synchronizing, delete files on destination after transferring (default)
+      --delete-before                   When synchronizing, delete files on destination before transferring
+      --delete-during                   When synchronizing, delete files during transfer
+      --ignore-errors                   Delete even if there are I/O errors
+      --max-delete int                  When synchronizing, limit the number of deletes (default -1)
+      --max-delete-size SizeSuffix      When synchronizing, limit the total size of deletes (default off)
+      --suffix string                   Suffix to add to changed files
+      --suffix-keep-extension           Preserve the extension when using --suffix
+      --track-renames                   When synchronizing, track file renames and do a server-side move if possible
+      --track-renames-strategy string   Strategies to use when synchronizing using track-renames hash|modtime|leaf (default \[dq]hash\[dq])
 \f[R]
 .fi
+.SS Important
 .PP
-You\[aq]d then do a full \f[C]rclone sync\f[R] less often.
-.PP
-Note that \f[C]--fast-list\f[R] isn\[aq]t required in the top-up sync.
-.SS Avoiding HEAD requests after PUT
-.PP
-By default, rclone will HEAD every object it uploads.
-It does this to check the object got uploaded correctly.
+Important flags useful for most commands.
+.IP
+.nf
+\f[C]
+  -n, --dry-run         Do a trial run with no permanent changes
+  -i, --interactive     Enable interactive mode
+  -v, --verbose count   Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Check
 .PP
-You can disable this with the --s3-no-head option - see there for more
-details.
+Flags used for \f[C]rclone check\f[R].
+.IP
+.nf
+\f[C]
+      --max-backlog int   Maximum number of objects in sync or check backlog (default 10000)
+\f[R]
+.fi
+.SS Networking
 .PP
-Setting this flag increases the chance for undetected upload failures.
-.SS Hashes
+General networking and HTTP stuff.
+.IP
+.nf
+\f[C]
+      --bind string                        Local address to bind to for outgoing connections, IPv4, IPv6 or name
+      --bwlimit BwTimetable                Bandwidth limit in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --bwlimit-file BwTimetable           Bandwidth limit per file in KiB/s, or use suffix B|K|M|G|T|P or a full timetable
+      --ca-cert stringArray                CA certificate used to verify servers
+      --client-cert string                 Client SSL certificate (PEM) for mutual TLS auth
+      --client-key string                  Client SSL private key (PEM) for mutual TLS auth
+      --contimeout Duration                Connect timeout (default 1m0s)
+      --disable-http-keep-alives           Disable HTTP keep-alives and use each connection once.
+      --disable-http2                      Disable HTTP/2 in the global transport
+      --dscp string                        Set DSCP value to connections, value or name, e.g. CS1, LE, DF, AF21
+      --expect-continue-timeout Duration   Timeout when using expect / 100-continue in HTTP (default 1s)
+      --header stringArray                 Set HTTP header for all transactions
+      --header-download stringArray        Set HTTP header for download transactions
+      --header-upload stringArray          Set HTTP header for upload transactions
+      --no-check-certificate               Do not verify the server SSL certificate (insecure)
+      --no-gzip-encoding                   Don\[aq]t set Accept-Encoding: gzip
+      --timeout Duration                   IO idle timeout (default 5m0s)
+      --tpslimit float                     Limit HTTP transactions per second to this
+      --tpslimit-burst int                 Max burst of transactions for --tpslimit (default 1)
+      --use-cookies                        Enable session cookiejar
+      --user-agent string                  Set the user-agent to a specified string (default \[dq]rclone/v1.65.0\[dq])
+\f[R]
+.fi
+.SS Performance
 .PP
-For small objects which weren\[aq]t uploaded as multipart uploads
-(objects sized below \f[C]--s3-upload-cutoff\f[R] if uploaded with
-rclone) rclone uses the \f[C]ETag:\f[R] header as an MD5 checksum.
+Flags helpful for increasing performance.
+.IP
+.nf
+\f[C]
+      --buffer-size SizeSuffix   In memory buffer size when reading files for each --transfer (default 16Mi)
+      --checkers int             Number of checkers to run in parallel (default 8)
+      --transfers int            Number of file transfers to run in parallel (default 4)
+\f[R]
+.fi
+.SS Config
 .PP
-However for objects which were uploaded as multipart uploads or with
-server side encryption (SSE-AWS or SSE-C) the \f[C]ETag\f[R] header is
-no longer the MD5 sum of the data, so rclone adds an additional piece of
-metadata \f[C]X-Amz-Meta-Md5chksum\f[R] which is a base64 encoded MD5
-hash (in the same format as is required for \f[C]Content-MD5\f[R]).
+General configuration of rclone.
+.IP
+.nf
+\f[C]
+      --ask-password                        Allow prompt for password for encrypted configuration (default true)
+      --auto-confirm                        If enabled, do not request console confirmation
+      --cache-dir string                    Directory rclone will use for caching (default \[dq]$HOME/.cache/rclone\[dq])
+      --color AUTO|NEVER|ALWAYS             When to show colors (and other ANSI codes) AUTO|NEVER|ALWAYS (default AUTO)
+      --config string                       Config file (default \[dq]$HOME/.config/rclone/rclone.conf\[dq])
+      --default-time Time                   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --disable string                      Disable a comma separated list of features (use --disable help to see a list)
+  -n, --dry-run                             Do a trial run with no permanent changes
+      --error-on-no-transfer                Sets exit code 9 if no files are transferred, useful in scripts
+      --fs-cache-expire-duration Duration   Cache remotes for this long (0 to disable caching) (default 5m0s)
+      --fs-cache-expire-interval Duration   Interval to check for expired remotes (default 1m0s)
+      --human-readable                      Print numbers in a human-readable format, sizes with suffix Ki|Mi|Gi|Ti|Pi
+  -i, --interactive                         Enable interactive mode
+      --kv-lock-time Duration               Maximum time to keep key-value database locked by process (default 1s)
+      --low-level-retries int               Number of low level retries to do (default 10)
+      --no-console                          Hide console window (supported on Windows only)
+      --no-unicode-normalization            Don\[aq]t normalize unicode characters in filenames
+      --password-command SpaceSepList       Command for supplying password for encrypted configuration
+      --retries int                         Retry operations this many times if they fail (default 3)
+      --retries-sleep Duration              Interval between retrying operations if they fail, e.g. 500ms, 60s, 5m (0 to disable) (default 0s)
+      --temp-dir string                     Directory rclone will use for temporary files (default \[dq]/tmp\[dq])
+      --use-mmap                            Use mmap allocator (see docs)
+      --use-server-modtime                  Use server modified time instead of object metadata
+\f[R]
+.fi
+.SS Debugging
 .PP
-For large objects, calculating this hash can take some time so the
-addition of this hash can be disabled with
-\f[C]--s3-disable-checksum\f[R].
-This will mean that these objects do not have an MD5 checksum.
+Flags for developers.
+.IP
+.nf
+\f[C]
+      --cpuprofile string   Write cpu profile to file
+      --dump DumpFlags      List of items to dump from: headers, bodies, requests, responses, auth, filters, goroutines, openfiles, mapper
+      --dump-bodies         Dump HTTP headers and bodies - may contain sensitive info
+      --dump-headers        Dump HTTP headers - may contain sensitive info
+      --memprofile string   Write memory profile to file
+\f[R]
+.fi
+.SS Filter
 .PP
-Note that reading this from the object takes an additional
-\f[C]HEAD\f[R] request as the metadata isn\[aq]t returned in object
-listings.
-.SS Versions
+Flags for filtering directory listings.
+.IP
+.nf
+\f[C]
+      --delete-excluded                     Delete files on dest excluded from sync
+      --exclude stringArray                 Exclude files matching pattern
+      --exclude-from stringArray            Read file exclude patterns from file (use - to read from stdin)
+      --exclude-if-present stringArray      Exclude directories if filename is present
+      --files-from stringArray              Read list of source-file names from file (use - to read from stdin)
+      --files-from-raw stringArray          Read list of source-file names from file without any processing of lines (use - to read from stdin)
+  -f, --filter stringArray                  Add a file filtering rule
+      --filter-from stringArray             Read file filtering patterns from a file (use - to read from stdin)
+      --ignore-case                         Ignore case in filters (case insensitive)
+      --include stringArray                 Include files matching pattern
+      --include-from stringArray            Read file include patterns from file (use - to read from stdin)
+      --max-age Duration                    Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --max-depth int                       If set limits the recursion depth to this (default -1)
+      --max-size SizeSuffix                 Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --min-age Duration                    Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
+      --min-size SizeSuffix                 Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
+\f[R]
+.fi
+.SS Listing
 .PP
-When bucket versioning is enabled (this can be done with rclone with the
-\f[C]rclone backend versioning\f[R] command) when rclone uploads a new
-version of a file it creates a new version of
-it (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html)
-Likewise when you delete a file, the old version will be marked hidden
-and still be available.
+Flags for listing directories.
+.IP
+.nf
+\f[C]
+      --default-time Time   Time to show if modtime is unknown for files and directories (default 2000-01-01T00:00:00Z)
+      --fast-list           Use recursive list if available; uses more memory but fewer transactions
+\f[R]
+.fi
+.SS Logging
 .PP
-Old versions of files, where available, are visible using the
-\f[C]--s3-versions\f[R] flag.
+Logging and statistics.
+.IP
+.nf
+\f[C]
+      --log-file string                     Log everything to this file
+      --log-format string                   Comma separated list of log format options (default \[dq]date,time\[dq])
+      --log-level LogLevel                  Log level DEBUG|INFO|NOTICE|ERROR (default NOTICE)
+      --log-systemd                         Activate systemd integration for the logger
+      --max-stats-groups int                Maximum number of stats groups to keep in memory, on max oldest is discarded (default 1000)
+  -P, --progress                            Show progress during transfer
+      --progress-terminal-title             Show progress on the terminal title (requires -P/--progress)
+  -q, --quiet                               Print as little stuff as possible
+      --stats Duration                      Interval between printing stats, e.g. 500ms, 60s, 5m (0 to disable) (default 1m0s)
+      --stats-file-name-length int          Max file name length in stats (0 for no limit) (default 45)
+      --stats-log-level LogLevel            Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default INFO)
+      --stats-one-line                      Make the stats fit on one line
+      --stats-one-line-date                 Enable --stats-one-line and add current date/time prefix
+      --stats-one-line-date-format string   Enable --stats-one-line-date and use custom formatted date: Enclose date string in double quotes (\[dq]), see https://golang.org/pkg/time/#Time.Format
+      --stats-unit string                   Show data rate in stats as either \[aq]bits\[aq] or \[aq]bytes\[aq] per second (default \[dq]bytes\[dq])
+      --syslog                              Use Syslog for logging
+      --syslog-facility string              Facility for syslog, e.g. KERN,USER,... (default \[dq]DAEMON\[dq])
+      --use-json-log                        Use json log format
+  -v, --verbose count                       Print lots more stuff (repeat for more)
+\f[R]
+.fi
+.SS Metadata
 .PP
-It is also possible to view a bucket as it was at a certain point in
-time, using the \f[C]--s3-version-at\f[R] flag.
-This will show the file versions as they were at that time, showing
-files that have been deleted afterwards, and hiding files that were
-created since.
+Flags to control metadata.
+.IP
+.nf
+\f[C]
+  -M, --metadata                            If set, preserve metadata when copying objects
+      --metadata-exclude stringArray        Exclude metadatas matching pattern
+      --metadata-exclude-from stringArray   Read metadata exclude patterns from file (use - to read from stdin)
+      --metadata-filter stringArray         Add a metadata filtering rule
+      --metadata-filter-from stringArray    Read metadata filtering patterns from a file (use - to read from stdin)
+      --metadata-include stringArray        Include metadatas matching pattern
+      --metadata-include-from stringArray   Read metadata include patterns from file (use - to read from stdin)
+      --metadata-mapper SpaceSepList        Program to run to transforming metadata before upload
+      --metadata-set stringArray            Add metadata key=value when uploading
+\f[R]
+.fi
+.SS RC
+.PP
+Flags to control the Remote Control API.
+.IP
+.nf
+\f[C]
+      --rc                                 Enable the remote control server
+      --rc-addr stringArray                IPaddress:Port or :Port to bind server to (default [localhost:5572])
+      --rc-allow-origin string             Origin which cross-domain request (CORS) can be executed from
+      --rc-baseurl string                  Prefix for URLs - leave blank for root
+      --rc-cert string                     TLS PEM key (concatenation of certificate and CA certificate)
+      --rc-client-ca string                Client certificate authority to verify clients with
+      --rc-enable-metrics                  Enable prometheus metrics on /metrics
+      --rc-files string                    Path to local files to serve on the HTTP server
+      --rc-htpasswd string                 A htpasswd file - if not provided no authentication is done
+      --rc-job-expire-duration Duration    Expire finished async jobs older than this value (default 1m0s)
+      --rc-job-expire-interval Duration    Interval to check for expired async jobs (default 10s)
+      --rc-key string                      TLS PEM Private key
+      --rc-max-header-bytes int            Maximum size of request header (default 4096)
+      --rc-min-tls-version string          Minimum TLS version that is acceptable (default \[dq]tls1.0\[dq])
+      --rc-no-auth                         Don\[aq]t require auth for certain methods
+      --rc-pass string                     Password for authentication
+      --rc-realm string                    Realm for authentication
+      --rc-salt string                     Password hashing salt (default \[dq]dlPL2MqE\[dq])
+      --rc-serve                           Enable the serving of remote objects
+      --rc-server-read-timeout Duration    Timeout for server reading data (default 1h0m0s)
+      --rc-server-write-timeout Duration   Timeout for server writing data (default 1h0m0s)
+      --rc-template string                 User-specified template
+      --rc-user string                     User name for authentication
+      --rc-web-fetch-url string            URL to fetch the releases for webgui (default \[dq]https://api.github.com/repos/rclone/rclone-webui-react/releases/latest\[dq])
+      --rc-web-gui                         Launch WebGUI on localhost
+      --rc-web-gui-force-update            Force update to latest version of web gui
+      --rc-web-gui-no-open-browser         Don\[aq]t open the browser automatically
+      --rc-web-gui-update                  Check and update to latest version of web gui
+\f[R]
+.fi
+.SS Backend
+.PP
+Backend only flags.
+These can be set in the config file also.
+.IP
+.nf
+\f[C]
+      --acd-auth-url string                                 Auth server URL
+      --acd-client-id string                                OAuth Client Id
+      --acd-client-secret string                            OAuth Client Secret
+      --acd-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --acd-templink-threshold SizeSuffix                   Files >= this size will be downloaded via their tempLink (default 9Gi)
+      --acd-token string                                    OAuth Access Token as a JSON blob
+      --acd-token-url string                                Token server url
+      --acd-upload-wait-per-gb Duration                     Additional time per GiB to wait after a failed complete upload to see if it appears (default 3m0s)
+      --alias-remote string                                 Remote or path to alias
+      --azureblob-access-tier string                        Access tier of blob: hot, cool, cold or archive
+      --azureblob-account string                            Azure Storage Account Name
+      --azureblob-archive-tier-delete                       Delete archive tier blobs before overwriting
+      --azureblob-chunk-size SizeSuffix                     Upload chunk size (default 4Mi)
+      --azureblob-client-certificate-password string        Password for the certificate file (optional) (obscured)
+      --azureblob-client-certificate-path string            Path to a PEM or PKCS12 certificate file including the private key
+      --azureblob-client-id string                          The ID of the client in use
+      --azureblob-client-secret string                      One of the service principal\[aq]s client secrets
+      --azureblob-client-send-certificate-chain             Send the certificate chain when using certificate auth
+      --azureblob-directory-markers                         Upload an empty object with a trailing slash when a new directory is created
+      --azureblob-disable-checksum                          Don\[aq]t store MD5 checksum with object metadata
+      --azureblob-encoding Encoding                         The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
+      --azureblob-endpoint string                           Endpoint for the service
+      --azureblob-env-auth                                  Read credentials from runtime (environment variables, CLI or MSI)
+      --azureblob-key string                                Storage Account Shared Key
+      --azureblob-list-chunk int                            Size of blob list (default 5000)
+      --azureblob-msi-client-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-msi-mi-res-id string                      Azure resource ID of the user-assigned MSI to use, if any
+      --azureblob-msi-object-id string                      Object ID of the user-assigned MSI to use, if any
+      --azureblob-no-check-container                        If set, don\[aq]t attempt to check the container exists or create it
+      --azureblob-no-head-object                            If set, do not do HEAD before GET when getting objects
+      --azureblob-password string                           The user\[aq]s password (obscured)
+      --azureblob-public-access string                      Public access level of a container: blob or container
+      --azureblob-sas-url string                            SAS URL for container level access only
+      --azureblob-service-principal-file string             Path to file containing credentials for use with a service principal
+      --azureblob-tenant string                             ID of the service principal\[aq]s tenant. Also called its directory ID
+      --azureblob-upload-concurrency int                    Concurrency for multipart uploads (default 16)
+      --azureblob-upload-cutoff string                      Cutoff for switching to chunked upload (<= 256 MiB) (deprecated)
+      --azureblob-use-emulator                              Uses local storage emulator if provided as \[aq]true\[aq]
+      --azureblob-use-msi                                   Use a managed service identity to authenticate (only works in Azure)
+      --azureblob-username string                           User name (usually an email address)
+      --azurefiles-account string                           Azure Storage Account Name
+      --azurefiles-chunk-size SizeSuffix                    Upload chunk size (default 4Mi)
+      --azurefiles-client-certificate-password string       Password for the certificate file (optional) (obscured)
+      --azurefiles-client-certificate-path string           Path to a PEM or PKCS12 certificate file including the private key
+      --azurefiles-client-id string                         The ID of the client in use
+      --azurefiles-client-secret string                     One of the service principal\[aq]s client secrets
+      --azurefiles-client-send-certificate-chain            Send the certificate chain when using certificate auth
+      --azurefiles-connection-string string                 Azure Files Connection String
+      --azurefiles-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot)
+      --azurefiles-endpoint string                          Endpoint for the service
+      --azurefiles-env-auth                                 Read credentials from runtime (environment variables, CLI or MSI)
+      --azurefiles-key string                               Storage Account Shared Key
+      --azurefiles-max-stream-size SizeSuffix               Max size for streamed files (default 10Gi)
+      --azurefiles-msi-client-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-mi-res-id string                     Azure resource ID of the user-assigned MSI to use, if any
+      --azurefiles-msi-object-id string                     Object ID of the user-assigned MSI to use, if any
+      --azurefiles-password string                          The user\[aq]s password (obscured)
+      --azurefiles-sas-url string                           SAS URL
+      --azurefiles-service-principal-file string            Path to file containing credentials for use with a service principal
+      --azurefiles-share-name string                        Azure Files Share Name
+      --azurefiles-tenant string                            ID of the service principal\[aq]s tenant. Also called its directory ID
+      --azurefiles-upload-concurrency int                   Concurrency for multipart uploads (default 16)
+      --azurefiles-use-msi                                  Use a managed service identity to authenticate (only works in Azure)
+      --azurefiles-username string                          User name (usually an email address)
+      --b2-account string                                   Account ID or Application Key ID
+      --b2-chunk-size SizeSuffix                            Upload chunk size (default 96Mi)
+      --b2-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4Gi)
+      --b2-disable-checksum                                 Disable checksums for large (> upload cutoff) files
+      --b2-download-auth-duration Duration                  Time before the authorization token will expire in s or suffix ms|s|m|h|d (default 1w)
+      --b2-download-url string                              Custom endpoint for downloads
+      --b2-encoding Encoding                                The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --b2-endpoint string                                  Endpoint for the service
+      --b2-hard-delete                                      Permanently delete files on remote removal, otherwise hide files
+      --b2-key string                                       Application Key
+      --b2-lifecycle int                                    Set the number of days deleted files should be kept when creating a bucket
+      --b2-test-mode string                                 A flag string for X-Bz-Test-Mode header for debugging
+      --b2-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --b2-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --b2-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --b2-versions                                         Include old versions in directory listings
+      --box-access-token string                             Box App Primary Access Token
+      --box-auth-url string                                 Auth server URL
+      --box-box-config-file string                          Box App config.json location
+      --box-box-sub-type string                              (default \[dq]user\[dq])
+      --box-client-id string                                OAuth Client Id
+      --box-client-secret string                            OAuth Client Secret
+      --box-commit-retries int                              Max number of times to try committing a multipart file (default 100)
+      --box-encoding Encoding                               The encoding for the backend (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
+      --box-impersonate string                              Impersonate this user ID when using a service account
+      --box-list-chunk int                                  Size of listing chunk 1-1000 (default 1000)
+      --box-owned-by string                                 Only show items owned by the login (email address) passed in
+      --box-root-folder-id string                           Fill in for rclone to use a non root folder as its starting point
+      --box-token string                                    OAuth Access Token as a JSON blob
+      --box-token-url string                                Token server url
+      --box-upload-cutoff SizeSuffix                        Cutoff for switching to multipart upload (>= 50 MiB) (default 50Mi)
+      --cache-chunk-clean-interval Duration                 How often should the cache perform cleanups of the chunk storage (default 1m0s)
+      --cache-chunk-no-memory                               Disable the in-memory cache for storing chunks during streaming
+      --cache-chunk-path string                             Directory to cache chunk files (default \[dq]$HOME/.cache/rclone/cache-backend\[dq])
+      --cache-chunk-size SizeSuffix                         The size of a chunk (partial file data) (default 5Mi)
+      --cache-chunk-total-size SizeSuffix                   The total size that the chunks can take up on the local disk (default 10Gi)
+      --cache-db-path string                                Directory to store file structure metadata DB (default \[dq]$HOME/.cache/rclone/cache-backend\[dq])
+      --cache-db-purge                                      Clear all the cached data for this remote on start
+      --cache-db-wait-time Duration                         How long to wait for the DB to be available - 0 is unlimited (default 1s)
+      --cache-info-age Duration                             How long to cache file structure information (directory listings, file size, times, etc.) (default 6h0m0s)
+      --cache-plex-insecure string                          Skip all certificate verification when connecting to the Plex server
+      --cache-plex-password string                          The password of the Plex user (obscured)
+      --cache-plex-url string                               The URL of the Plex server
+      --cache-plex-username string                          The username of the Plex user
+      --cache-read-retries int                              How many times to retry a read from a cache storage (default 10)
+      --cache-remote string                                 Remote to cache
+      --cache-rps int                                       Limits the number of requests per second to the source FS (-1 to disable) (default -1)
+      --cache-tmp-upload-path string                        Directory to keep temporary files until they are uploaded
+      --cache-tmp-wait-time Duration                        How long should files be stored in local cache before being uploaded (default 15s)
+      --cache-workers int                                   How many workers should run in parallel to download chunks (default 4)
+      --cache-writes                                        Cache file data on writes through the FS
+      --chunker-chunk-size SizeSuffix                       Files larger than chunk size will be split in chunks (default 2Gi)
+      --chunker-fail-hard                                   Choose how chunker should handle files with missing or invalid chunks
+      --chunker-hash-type string                            Choose how chunker handles hash sums (default \[dq]md5\[dq])
+      --chunker-remote string                               Remote to chunk/unchunk
+      --combine-upstreams SpaceSepList                      Upstreams for combining
+      --compress-level int                                  GZIP compression level (-2 to 9) (default -1)
+      --compress-mode string                                Compression mode (default \[dq]gzip\[dq])
+      --compress-ram-cache-limit SizeSuffix                 Some remotes don\[aq]t allow the upload of files with unknown size (default 20Mi)
+      --compress-remote string                              Remote to compress
+  -L, --copy-links                                          Follow symlinks and copy the pointed to item
+      --crypt-directory-name-encryption                     Option to either encrypt directory names or leave them intact (default true)
+      --crypt-filename-encoding string                      How to encode the encrypted filename to text string (default \[dq]base32\[dq])
+      --crypt-filename-encryption string                    How to encrypt the filenames (default \[dq]standard\[dq])
+      --crypt-no-data-encryption                            Option to either encrypt file data or leave it unencrypted
+      --crypt-pass-bad-blocks                               If set this will pass bad blocks through as all 0
+      --crypt-password string                               Password or pass phrase for encryption (obscured)
+      --crypt-password2 string                              Password or pass phrase for salt (obscured)
+      --crypt-remote string                                 Remote to encrypt/decrypt
+      --crypt-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --crypt-show-mapping                                  For all files listed show how the names encrypt
+      --crypt-suffix string                                 If this is set it will override the default suffix of \[dq].bin\[dq] (default \[dq].bin\[dq])
+      --drive-acknowledge-abuse                             Set to allow files which return cannotDownloadAbusiveFile to be downloaded
+      --drive-allow-import-name-change                      Allow the filetype to change when uploading Google docs
+      --drive-auth-owner-only                               Only consider files owned by the authenticated user
+      --drive-auth-url string                               Auth server URL
+      --drive-chunk-size SizeSuffix                         Upload chunk size (default 8Mi)
+      --drive-client-id string                              Google Application Client Id
+      --drive-client-secret string                          OAuth Client Secret
+      --drive-copy-shortcut-content                         Server side copy contents of shortcuts instead of the shortcut
+      --drive-disable-http2                                 Disable drive using http2 (default true)
+      --drive-encoding Encoding                             The encoding for the backend (default InvalidUtf8)
+      --drive-env-auth                                      Get IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --drive-export-formats string                         Comma separated list of preferred formats for downloading Google docs (default \[dq]docx,xlsx,pptx,svg\[dq])
+      --drive-fast-list-bug-fix                             Work around a bug in Google Drive listing (default true)
+      --drive-formats string                                Deprecated: See export_formats
+      --drive-impersonate string                            Impersonate this user when using a service account
+      --drive-import-formats string                         Comma separated list of preferred formats for uploading Google docs
+      --drive-keep-revision-forever                         Keep new head revision of each file forever
+      --drive-list-chunk int                                Size of listing chunk 100-1000, 0 to disable (default 1000)
+      --drive-metadata-labels Bits                          Control whether labels should be read or written in metadata (default off)
+      --drive-metadata-owner Bits                           Control whether owner should be read or written in metadata (default read)
+      --drive-metadata-permissions Bits                     Control whether permissions should be read or written in metadata (default off)
+      --drive-pacer-burst int                               Number of API calls to allow without sleeping (default 100)
+      --drive-pacer-min-sleep Duration                      Minimum time to sleep between API calls (default 100ms)
+      --drive-resource-key string                           Resource key for accessing a link-shared file
+      --drive-root-folder-id string                         ID of the root folder
+      --drive-scope string                                  Comma separated list of scopes that rclone should use when requesting access from drive
+      --drive-server-side-across-configs                    Deprecated: use --server-side-across-configs instead
+      --drive-service-account-credentials string            Service Account Credentials JSON blob
+      --drive-service-account-file string                   Service Account Credentials JSON file path
+      --drive-shared-with-me                                Only show files that are shared with me
+      --drive-show-all-gdocs                                Show all Google Docs including non-exportable ones in listings
+      --drive-size-as-quota                                 Show sizes as storage quota usage, not actual size
+      --drive-skip-checksum-gphotos                         Skip checksums on Google photos and videos only
+      --drive-skip-dangling-shortcuts                       If set skip dangling shortcut files
+      --drive-skip-gdocs                                    Skip google documents in all listings
+      --drive-skip-shortcuts                                If set skip shortcut files
+      --drive-starred-only                                  Only show files that are starred
+      --drive-stop-on-download-limit                        Make download limit errors be fatal
+      --drive-stop-on-upload-limit                          Make upload limit errors be fatal
+      --drive-team-drive string                             ID of the Shared Drive (Team Drive)
+      --drive-token string                                  OAuth Access Token as a JSON blob
+      --drive-token-url string                              Token server url
+      --drive-trashed-only                                  Only show files that are in the trash
+      --drive-upload-cutoff SizeSuffix                      Cutoff for switching to chunked upload (default 8Mi)
+      --drive-use-created-date                              Use file created date instead of modified date
+      --drive-use-shared-date                               Use date file was shared instead of modified date
+      --drive-use-trash                                     Send files to the trash instead of deleting permanently (default true)
+      --drive-v2-download-min-size SizeSuffix               If Object\[aq]s are greater, use drive v2 API to download (default off)
+      --dropbox-auth-url string                             Auth server URL
+      --dropbox-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --dropbox-batch-mode string                           Upload file batching sync|async|off (default \[dq]sync\[dq])
+      --dropbox-batch-size int                              Max number of files in upload batch
+      --dropbox-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --dropbox-chunk-size SizeSuffix                       Upload chunk size (< 150Mi) (default 48Mi)
+      --dropbox-client-id string                            OAuth Client Id
+      --dropbox-client-secret string                        OAuth Client Secret
+      --dropbox-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
+      --dropbox-impersonate string                          Impersonate this user when using a business account
+      --dropbox-pacer-min-sleep Duration                    Minimum time to sleep between API calls (default 10ms)
+      --dropbox-shared-files                                Instructs rclone to work on individual shared files
+      --dropbox-shared-folders                              Instructs rclone to work on shared folders
+      --dropbox-token string                                OAuth Access Token as a JSON blob
+      --dropbox-token-url string                            Token server url
+      --fichier-api-key string                              Your API Key, get it from https://1fichier.com/console/params.pl
+      --fichier-cdn                                         Set if you wish to use CDN download links
+      --fichier-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --fichier-file-password string                        If you want to download a shared file that is password protected, add this parameter (obscured)
+      --fichier-folder-password string                      If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
+      --fichier-shared-folder string                        If you want to download a shared folder, add this parameter
+      --filefabric-encoding Encoding                        The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --filefabric-permanent-token string                   Permanent Authentication Token
+      --filefabric-root-folder-id string                    ID of the root folder
+      --filefabric-token string                             Session Token
+      --filefabric-token-expiry string                      Token expiry time
+      --filefabric-url string                               URL of the Enterprise File Fabric to connect to
+      --filefabric-version string                           Version read from the file fabric
+      --ftp-ask-password                                    Allow asking for FTP password when needed
+      --ftp-close-timeout Duration                          Maximum time to wait for a response to close (default 1m0s)
+      --ftp-concurrency int                                 Maximum number of FTP simultaneous connections, 0 for unlimited
+      --ftp-disable-epsv                                    Disable using EPSV even if server advertises support
+      --ftp-disable-mlsd                                    Disable using MLSD even if server advertises support
+      --ftp-disable-tls13                                   Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+      --ftp-disable-utf8                                    Disable using UTF-8 even if server advertises support
+      --ftp-encoding Encoding                               The encoding for the backend (default Slash,Del,Ctl,RightSpace,Dot)
+      --ftp-explicit-tls                                    Use Explicit FTPS (FTP over TLS)
+      --ftp-force-list-hidden                               Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD
+      --ftp-host string                                     FTP host to connect to
+      --ftp-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --ftp-no-check-certificate                            Do not verify the TLS certificate of the server
+      --ftp-pass string                                     FTP password (obscured)
+      --ftp-port int                                        FTP port number (default 21)
+      --ftp-shut-timeout Duration                           Maximum time to wait for data connection closing status (default 1m0s)
+      --ftp-socks-proxy string                              Socks 5 proxy host
+      --ftp-tls                                             Use Implicit FTPS (FTP over TLS)
+      --ftp-tls-cache-size int                              Size of TLS session cache for all control and data connections (default 32)
+      --ftp-user string                                     FTP username (default \[dq]$USER\[dq])
+      --ftp-writing-mdtm                                    Use MDTM to set modification time (VsFtpd quirk)
+      --gcs-anonymous                                       Access public buckets and objects without credentials
+      --gcs-auth-url string                                 Auth server URL
+      --gcs-bucket-acl string                               Access Control List for new buckets
+      --gcs-bucket-policy-only                              Access checks should use bucket-level IAM policies
+      --gcs-client-id string                                OAuth Client Id
+      --gcs-client-secret string                            OAuth Client Secret
+      --gcs-decompress                                      If set this will decompress gzip encoded objects
+      --gcs-directory-markers                               Upload an empty object with a trailing slash when a new directory is created
+      --gcs-encoding Encoding                               The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gcs-endpoint string                                 Endpoint for the service
+      --gcs-env-auth                                        Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars)
+      --gcs-location string                                 Location for the newly created buckets
+      --gcs-no-check-bucket                                 If set, don\[aq]t attempt to check the bucket exists or create it
+      --gcs-object-acl string                               Access Control List for new objects
+      --gcs-project-number string                           Project number
+      --gcs-service-account-file string                     Service Account Credentials JSON file path
+      --gcs-storage-class string                            The storage class to use when storing objects in Google Cloud Storage
+      --gcs-token string                                    OAuth Access Token as a JSON blob
+      --gcs-token-url string                                Token server url
+      --gcs-user-project string                             User project
+      --gphotos-auth-url string                             Auth server URL
+      --gphotos-batch-commit-timeout Duration               Max time to wait for a batch to finish committing (default 10m0s)
+      --gphotos-batch-mode string                           Upload file batching sync|async|off (default \[dq]sync\[dq])
+      --gphotos-batch-size int                              Max number of files in upload batch
+      --gphotos-batch-timeout Duration                      Max time to allow an idle upload batch before uploading (default 0s)
+      --gphotos-client-id string                            OAuth Client Id
+      --gphotos-client-secret string                        OAuth Client Secret
+      --gphotos-encoding Encoding                           The encoding for the backend (default Slash,CrLf,InvalidUtf8,Dot)
+      --gphotos-include-archived                            Also view and download archived media
+      --gphotos-read-only                                   Set to make the Google Photos backend read only
+      --gphotos-read-size                                   Set to read the size of media items
+      --gphotos-start-year int                              Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
+      --gphotos-token string                                OAuth Access Token as a JSON blob
+      --gphotos-token-url string                            Token server url
+      --hasher-auto-size SizeSuffix                         Auto-update checksum for files smaller than this size (disabled by default)
+      --hasher-hashes CommaSepList                          Comma separated list of supported checksum types (default md5,sha1)
+      --hasher-max-age Duration                             Maximum time to keep checksums in cache (0 = no cache, off = cache forever) (default off)
+      --hasher-remote string                                Remote to cache checksums for (e.g. myRemote:path)
+      --hdfs-data-transfer-protection string                Kerberos data transfer protection: authentication|integrity|privacy
+      --hdfs-encoding Encoding                              The encoding for the backend (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
+      --hdfs-namenode CommaSepList                          Hadoop name nodes and ports
+      --hdfs-service-principal-name string                  Kerberos service principal name for the namenode
+      --hdfs-username string                                Hadoop user name
+      --hidrive-auth-url string                             Auth server URL
+      --hidrive-chunk-size SizeSuffix                       Chunksize for chunked uploads (default 48Mi)
+      --hidrive-client-id string                            OAuth Client Id
+      --hidrive-client-secret string                        OAuth Client Secret
+      --hidrive-disable-fetching-member-count               Do not fetch number of objects in directories unless it is absolutely necessary
+      --hidrive-encoding Encoding                           The encoding for the backend (default Slash,Dot)
+      --hidrive-endpoint string                             Endpoint for the service (default \[dq]https://api.hidrive.strato.com/2.1\[dq])
+      --hidrive-root-prefix string                          The root/parent folder for all paths (default \[dq]/\[dq])
+      --hidrive-scope-access string                         Access permissions that rclone should use when requesting access from HiDrive (default \[dq]rw\[dq])
+      --hidrive-scope-role string                           User-level that rclone should use when requesting access from HiDrive (default \[dq]user\[dq])
+      --hidrive-token string                                OAuth Access Token as a JSON blob
+      --hidrive-token-url string                            Token server url
+      --hidrive-upload-concurrency int                      Concurrency for chunked uploads (default 4)
+      --hidrive-upload-cutoff SizeSuffix                    Cutoff/Threshold for chunked uploads (default 96Mi)
+      --http-headers CommaSepList                           Set HTTP headers for all transactions
+      --http-no-head                                        Don\[aq]t use HEAD requests
+      --http-no-slash                                       Set this if the site doesn\[aq]t end directories with /
+      --http-url string                                     URL of HTTP host to connect to
+      --imagekit-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket)
+      --imagekit-endpoint string                            You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-only-signed Restrict unsigned image URLs   If you have configured Restrict unsigned image URLs in your dashboard settings, set this to true
+      --imagekit-private-key string                         You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-public-key string                          You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+      --imagekit-upload-tags string                         Tags to add to the uploaded files, e.g. \[dq]tag1,tag2\[dq]
+      --imagekit-versions                                   Include old versions in directory listings
+      --internetarchive-access-key-id string                IAS3 Access Key
+      --internetarchive-disable-checksum                    Don\[aq]t ask the server to test against MD5 checksum calculated by rclone (default true)
+      --internetarchive-encoding Encoding                   The encoding for the backend (default Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot)
+      --internetarchive-endpoint string                     IAS3 Endpoint (default \[dq]https://s3.us.archive.org\[dq])
+      --internetarchive-front-endpoint string               Host of InternetArchive Frontend (default \[dq]https://archive.org\[dq])
+      --internetarchive-secret-access-key string            IAS3 Secret Key (password)
+      --internetarchive-wait-archive Duration               Timeout for waiting the server\[aq]s processing tasks (specifically archive and book_op) to finish (default 0s)
+      --jottacloud-auth-url string                          Auth server URL
+      --jottacloud-client-id string                         OAuth Client Id
+      --jottacloud-client-secret string                     OAuth Client Secret
+      --jottacloud-encoding Encoding                        The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
+      --jottacloud-hard-delete                              Delete files permanently rather than putting them into the trash
+      --jottacloud-md5-memory-limit SizeSuffix              Files bigger than this will be cached on disk to calculate the MD5 if required (default 10Mi)
+      --jottacloud-no-versions                              Avoid server side versioning by deleting files and recreating files instead of overwriting them
+      --jottacloud-token string                             OAuth Access Token as a JSON blob
+      --jottacloud-token-url string                         Token server url
+      --jottacloud-trashed-only                             Only show files that are in the trash
+      --jottacloud-upload-resume-limit SizeSuffix           Files bigger than this can be resumed if the upload fail\[aq]s (default 10Mi)
+      --koofr-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --koofr-endpoint string                               The Koofr API endpoint to use
+      --koofr-mountid string                                Mount ID of the mount to use
+      --koofr-password string                               Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
+      --koofr-provider string                               Choose your storage provider
+      --koofr-setmtime                                      Does the backend support setting modification time (default true)
+      --koofr-user string                                   Your user name
+      --linkbox-token string                                Token from https://www.linkbox.to/admin/account
+  -l, --links                                               Translate symlinks to/from regular files with a \[aq].rclonelink\[aq] extension
+      --local-case-insensitive                              Force the filesystem to report itself as case insensitive
+      --local-case-sensitive                                Force the filesystem to report itself as case sensitive
+      --local-encoding Encoding                             The encoding for the backend (default Slash,Dot)
+      --local-no-check-updated                              Don\[aq]t check to see if the files change during upload
+      --local-no-preallocate                                Disable preallocation of disk space for transferred files
+      --local-no-set-modtime                                Disable setting modtime
+      --local-no-sparse                                     Disable sparse files for multi-thread downloads
+      --local-nounc                                         Disable UNC (long path names) conversion on Windows
+      --local-unicode-normalization                         Apply unicode NFC normalization to paths and filenames
+      --local-zero-size-links                               Assume the Stat size of links is zero (and read them instead) (deprecated)
+      --mailru-auth-url string                              Auth server URL
+      --mailru-check-hash                                   What should copy do if file checksum is mismatched or invalid (default true)
+      --mailru-client-id string                             OAuth Client Id
+      --mailru-client-secret string                         OAuth Client Secret
+      --mailru-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --mailru-pass string                                  Password (obscured)
+      --mailru-speedup-enable                               Skip full upload if there is another file with same data hash (default true)
+      --mailru-speedup-file-patterns string                 Comma separated list of file name patterns eligible for speedup (put by hash) (default \[dq]*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf\[dq])
+      --mailru-speedup-max-disk SizeSuffix                  This option allows you to disable speedup (put by hash) for large files (default 3Gi)
+      --mailru-speedup-max-memory SizeSuffix                Files larger than the size given below will always be hashed on disk (default 32Mi)
+      --mailru-token string                                 OAuth Access Token as a JSON blob
+      --mailru-token-url string                             Token server url
+      --mailru-user string                                  User name (usually email)
+      --mega-debug                                          Output more debug from Mega
+      --mega-encoding Encoding                              The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --mega-hard-delete                                    Delete files permanently rather than putting them into the trash
+      --mega-pass string                                    Password (obscured)
+      --mega-use-https                                      Use HTTPS for transfers
+      --mega-user string                                    User name
+      --netstorage-account string                           Set the NetStorage account name
+      --netstorage-host string                              Domain+path of NetStorage host to connect to
+      --netstorage-protocol string                          Select between HTTP or HTTPS protocol (default \[dq]https\[dq])
+      --netstorage-secret string                            Set the NetStorage account secret/G2O key for authentication (obscured)
+  -x, --one-file-system                                     Don\[aq]t cross filesystem boundaries (unix/macOS only)
+      --onedrive-access-scopes SpaceSepList                 Set scopes to be requested by rclone (default Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access)
+      --onedrive-auth-url string                            Auth server URL
+      --onedrive-av-override                                Allows download of files the server thinks has a virus
+      --onedrive-chunk-size SizeSuffix                      Chunk size to upload files with - must be multiple of 320k (327,680 bytes) (default 10Mi)
+      --onedrive-client-id string                           OAuth Client Id
+      --onedrive-client-secret string                       OAuth Client Secret
+      --onedrive-delta                                      If set rclone will use delta listing to implement recursive listings
+      --onedrive-drive-id string                            The ID of the drive to use
+      --onedrive-drive-type string                          The type of the drive (personal | business | documentLibrary)
+      --onedrive-encoding Encoding                          The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --onedrive-expose-onenote-files                       Set to make OneNote files show up in directory listings
+      --onedrive-hash-type string                           Specify the hash in use for the backend (default \[dq]auto\[dq])
+      --onedrive-link-password string                       Set the password for links created by the link command
+      --onedrive-link-scope string                          Set the scope of the links created by the link command (default \[dq]anonymous\[dq])
+      --onedrive-link-type string                           Set the type of the links created by the link command (default \[dq]view\[dq])
+      --onedrive-list-chunk int                             Size of listing chunk (default 1000)
+      --onedrive-no-versions                                Remove all versions on modifying operations
+      --onedrive-region string                              Choose national cloud region for OneDrive (default \[dq]global\[dq])
+      --onedrive-root-folder-id string                      ID of the root folder
+      --onedrive-server-side-across-configs                 Deprecated: use --server-side-across-configs instead
+      --onedrive-token string                               OAuth Access Token as a JSON blob
+      --onedrive-token-url string                           Token server url
+      --oos-attempt-resume-upload                           If true attempt to resume previously started multipart upload for the object
+      --oos-chunk-size SizeSuffix                           Chunk size to use for uploading (default 5Mi)
+      --oos-compartment string                              Object storage compartment OCID
+      --oos-config-file string                              Path to OCI config file (default \[dq]\[ti]/.oci/config\[dq])
+      --oos-config-profile string                           Profile name inside the oci config file (default \[dq]Default\[dq])
+      --oos-copy-cutoff SizeSuffix                          Cutoff for switching to multipart copy (default 4.656Gi)
+      --oos-copy-timeout Duration                           Timeout for copy (default 1m0s)
+      --oos-disable-checksum                                Don\[aq]t store MD5 checksum with object metadata
+      --oos-encoding Encoding                               The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --oos-endpoint string                                 Endpoint for Object storage API
+      --oos-leave-parts-on-error                            If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery
+      --oos-max-upload-parts int                            Maximum number of parts in a multipart upload (default 10000)
+      --oos-namespace string                                Object storage namespace
+      --oos-no-check-bucket                                 If set, don\[aq]t attempt to check the bucket exists or create it
+      --oos-provider string                                 Choose your Auth Provider (default \[dq]env_auth\[dq])
+      --oos-region string                                   Object storage Region
+      --oos-sse-customer-algorithm string                   If using SSE-C, the optional header that specifies \[dq]AES256\[dq] as the encryption algorithm
+      --oos-sse-customer-key string                         To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+      --oos-sse-customer-key-file string                    To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+      --oos-sse-customer-key-sha256 string                  If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+      --oos-sse-kms-key-id string                           if using your own master key in vault, this header specifies the
+      --oos-storage-tier string                             The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm (default \[dq]Standard\[dq])
+      --oos-upload-concurrency int                          Concurrency for multipart uploads (default 10)
+      --oos-upload-cutoff SizeSuffix                        Cutoff for switching to chunked upload (default 200Mi)
+      --opendrive-chunk-size SizeSuffix                     Files will be uploaded in chunks this size (default 10Mi)
+      --opendrive-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
+      --opendrive-password string                           Password (obscured)
+      --opendrive-username string                           Username
+      --pcloud-auth-url string                              Auth server URL
+      --pcloud-client-id string                             OAuth Client Id
+      --pcloud-client-secret string                         OAuth Client Secret
+      --pcloud-encoding Encoding                            The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --pcloud-hostname string                              Hostname to connect to (default \[dq]api.pcloud.com\[dq])
+      --pcloud-password string                              Your pcloud password (obscured)
+      --pcloud-root-folder-id string                        Fill in for rclone to use a non root folder as its starting point (default \[dq]d0\[dq])
+      --pcloud-token string                                 OAuth Access Token as a JSON blob
+      --pcloud-token-url string                             Token server url
+      --pcloud-username string                              Your pcloud username
+      --pikpak-auth-url string                              Auth server URL
+      --pikpak-client-id string                             OAuth Client Id
+      --pikpak-client-secret string                         OAuth Client Secret
+      --pikpak-encoding Encoding                            The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --pikpak-hash-memory-limit SizeSuffix                 Files bigger than this will be cached on disk to calculate hash if required (default 10Mi)
+      --pikpak-pass string                                  Pikpak password (obscured)
+      --pikpak-root-folder-id string                        ID of the root folder
+      --pikpak-token string                                 OAuth Access Token as a JSON blob
+      --pikpak-token-url string                             Token server url
+      --pikpak-trashed-only                                 Only show files that are in the trash
+      --pikpak-use-trash                                    Send files to the trash instead of deleting permanently (default true)
+      --pikpak-user string                                  Pikpak username
+      --premiumizeme-auth-url string                        Auth server URL
+      --premiumizeme-client-id string                       OAuth Client Id
+      --premiumizeme-client-secret string                   OAuth Client Secret
+      --premiumizeme-encoding Encoding                      The encoding for the backend (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --premiumizeme-token string                           OAuth Access Token as a JSON blob
+      --premiumizeme-token-url string                       Token server url
+      --protondrive-2fa string                              The 2FA code
+      --protondrive-app-version string                      The app version string (default \[dq]macos-drive\[at]1.0.0-alpha.1+rclone\[dq])
+      --protondrive-enable-caching                          Caches the files and folders metadata to reduce API calls (default true)
+      --protondrive-encoding Encoding                       The encoding for the backend (default Slash,LeftSpace,RightSpace,InvalidUtf8,Dot)
+      --protondrive-mailbox-password string                 The mailbox password of your two-password proton account (obscured)
+      --protondrive-original-file-size                      Return the file size before encryption (default true)
+      --protondrive-password string                         The password of your proton account (obscured)
+      --protondrive-replace-existing-draft                  Create a new revision when filename conflict is detected
+      --protondrive-username string                         The username of your proton account
+      --putio-auth-url string                               Auth server URL
+      --putio-client-id string                              OAuth Client Id
+      --putio-client-secret string                          OAuth Client Secret
+      --putio-encoding Encoding                             The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --putio-token string                                  OAuth Access Token as a JSON blob
+      --putio-token-url string                              Token server url
+      --qingstor-access-key-id string                       QingStor Access Key ID
+      --qingstor-chunk-size SizeSuffix                      Chunk size to use for uploading (default 4Mi)
+      --qingstor-connection-retries int                     Number of connection retries (default 3)
+      --qingstor-encoding Encoding                          The encoding for the backend (default Slash,Ctl,InvalidUtf8)
+      --qingstor-endpoint string                            Enter an endpoint URL to connection QingStor API
+      --qingstor-env-auth                                   Get QingStor credentials from runtime
+      --qingstor-secret-access-key string                   QingStor Secret Access Key (password)
+      --qingstor-upload-concurrency int                     Concurrency for multipart uploads (default 1)
+      --qingstor-upload-cutoff SizeSuffix                   Cutoff for switching to chunked upload (default 200Mi)
+      --qingstor-zone string                                Zone to connect to
+      --quatrix-api-key string                              API key for accessing Quatrix account
+      --quatrix-effective-upload-time string                Wanted upload time for one chunk (default \[dq]4s\[dq])
+      --quatrix-encoding Encoding                           The encoding for the backend (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
+      --quatrix-hard-delete                                 Delete files permanently rather than putting them into the trash
+      --quatrix-host string                                 Host name of Quatrix account
+      --quatrix-maximal-summary-chunk-size SizeSuffix       The maximal summary for all chunks. It should not be less than \[aq]transfers\[aq]*\[aq]minimal_chunk_size\[aq] (default 95.367Mi)
+      --quatrix-minimal-chunk-size SizeSuffix               The minimal size for one chunk (default 9.537Mi)
+      --s3-access-key-id string                             AWS Access Key ID
+      --s3-acl string                                       Canned ACL used when creating buckets and storing or copying objects
+      --s3-bucket-acl string                                Canned ACL used when creating buckets
+      --s3-chunk-size SizeSuffix                            Chunk size to use for uploading (default 5Mi)
+      --s3-copy-cutoff SizeSuffix                           Cutoff for switching to multipart copy (default 4.656Gi)
+      --s3-decompress                                       If set this will decompress gzip encoded objects
+      --s3-directory-markers                                Upload an empty object with a trailing slash when a new directory is created
+      --s3-disable-checksum                                 Don\[aq]t store MD5 checksum with object metadata
+      --s3-disable-http2                                    Disable usage of http2 for S3 backends
+      --s3-download-url string                              Custom endpoint for downloads
+      --s3-encoding Encoding                                The encoding for the backend (default Slash,InvalidUtf8,Dot)
+      --s3-endpoint string                                  Endpoint for S3 API
+      --s3-env-auth                                         Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars)
+      --s3-force-path-style                                 If true use path style access if false use virtual hosted style (default true)
+      --s3-leave-parts-on-error                             If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery
+      --s3-list-chunk int                                   Size of listing chunk (response list for each ListObject S3 request) (default 1000)
+      --s3-list-url-encode Tristate                         Whether to url encode listings: true/false/unset (default unset)
+      --s3-list-version int                                 Version of ListObjects to use: 1,2 or 0 for auto
+      --s3-location-constraint string                       Location constraint - must be set to match the Region
+      --s3-max-upload-parts int                             Maximum number of parts in a multipart upload (default 10000)
+      --s3-might-gzip Tristate                              Set this if the backend might gzip objects (default unset)
+      --s3-no-check-bucket                                  If set, don\[aq]t attempt to check the bucket exists or create it
+      --s3-no-head                                          If set, don\[aq]t HEAD uploaded objects to check integrity
+      --s3-no-head-object                                   If set, do not do HEAD before GET when getting objects
+      --s3-no-system-metadata                               Suppress setting and reading of system metadata
+      --s3-profile string                                   Profile to use in the shared credentials file
+      --s3-provider string                                  Choose your S3 provider
+      --s3-region string                                    Region to connect to
+      --s3-requester-pays                                   Enables requester pays option when interacting with S3 bucket
+      --s3-secret-access-key string                         AWS Secret Access Key (password)
+      --s3-server-side-encryption string                    The server-side encryption algorithm used when storing this object in S3
+      --s3-session-token string                             An AWS session token
+      --s3-shared-credentials-file string                   Path to the shared credentials file
+      --s3-sse-customer-algorithm string                    If using SSE-C, the server-side encryption algorithm used when storing this object in S3
+      --s3-sse-customer-key string                          To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data
+      --s3-sse-customer-key-base64 string                   If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data
+      --s3-sse-customer-key-md5 string                      If using SSE-C you may provide the secret encryption key MD5 checksum (optional)
+      --s3-sse-kms-key-id string                            If using KMS ID you must provide the ARN of Key
+      --s3-storage-class string                             The storage class to use when storing new objects in S3
+      --s3-sts-endpoint string                              Endpoint for STS
+      --s3-upload-concurrency int                           Concurrency for multipart uploads (default 4)
+      --s3-upload-cutoff SizeSuffix                         Cutoff for switching to chunked upload (default 200Mi)
+      --s3-use-accelerate-endpoint                          If true use the AWS S3 accelerated endpoint
+      --s3-use-accept-encoding-gzip Accept-Encoding: gzip   Whether to send Accept-Encoding: gzip header (default unset)
+      --s3-use-already-exists Tristate                      Set if rclone should report BucketAlreadyExists errors on bucket creation (default unset)
+      --s3-use-multipart-etag Tristate                      Whether to use ETag in multipart uploads for verification (default unset)
+      --s3-use-multipart-uploads Tristate                   Set if rclone should use multipart uploads (default unset)
+      --s3-use-presigned-request                            Whether to use a presigned request or PutObject for single part uploads
+      --s3-v2-auth                                          If true use v2 authentication
+      --s3-version-at Time                                  Show file versions as they were at the specified time (default off)
+      --s3-versions                                         Include old versions in directory listings
+      --seafile-2fa                                         Two-factor authentication (\[aq]true\[aq] if the account has 2FA enabled)
+      --seafile-create-library                              Should rclone create a library if it doesn\[aq]t exist
+      --seafile-encoding Encoding                           The encoding for the backend (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
+      --seafile-library string                              Name of the library
+      --seafile-library-key string                          Library password (for encrypted libraries only) (obscured)
+      --seafile-pass string                                 Password (obscured)
+      --seafile-url string                                  URL of seafile host to connect to
+      --seafile-user string                                 User name (usually email address)
+      --sftp-ask-password                                   Allow asking for SFTP password when needed
+      --sftp-chunk-size SizeSuffix                          Upload and download chunk size (default 32Ki)
+      --sftp-ciphers SpaceSepList                           Space separated list of ciphers to be used for session encryption, ordered by preference
+      --sftp-concurrency int                                The maximum number of outstanding requests for one file (default 64)
+      --sftp-copy-is-hardlink                               Set to enable server side copies using hardlinks
+      --sftp-disable-concurrent-reads                       If set don\[aq]t use concurrent reads
+      --sftp-disable-concurrent-writes                      If set don\[aq]t use concurrent writes
+      --sftp-disable-hashcheck                              Disable the execution of SSH commands to determine if remote file hashing is available
+      --sftp-host string                                    SSH host to connect to
+      --sftp-host-key-algorithms SpaceSepList               Space separated list of host key algorithms, ordered by preference
+      --sftp-idle-timeout Duration                          Max time before closing idle connections (default 1m0s)
+      --sftp-key-exchange SpaceSepList                      Space separated list of key exchange algorithms, ordered by preference
+      --sftp-key-file string                                Path to PEM-encoded private key file
+      --sftp-key-file-pass string                           The passphrase to decrypt the PEM-encoded private key file (obscured)
+      --sftp-key-pem string                                 Raw PEM-encoded private key
+      --sftp-key-use-agent                                  When set forces the usage of the ssh-agent
+      --sftp-known-hosts-file string                        Optional path to known_hosts file
+      --sftp-macs SpaceSepList                              Space separated list of MACs (message authentication code) algorithms, ordered by preference
+      --sftp-md5sum-command string                          The command used to read md5 hashes
+      --sftp-pass string                                    SSH password, leave blank to use ssh-agent (obscured)
+      --sftp-path-override string                           Override path used by SSH shell commands
+      --sftp-port int                                       SSH port number (default 22)
+      --sftp-pubkey-file string                             Optional path to public key file
+      --sftp-server-command string                          Specifies the path or command to run a sftp server on the remote host
+      --sftp-set-env SpaceSepList                           Environment variables to pass to sftp and commands
+      --sftp-set-modtime                                    Set the modified time on the remote if set (default true)
+      --sftp-sha1sum-command string                         The command used to read sha1 hashes
+      --sftp-shell-type string                              The type of SSH shell on remote server, if any
+      --sftp-skip-links                                     Set to skip any symlinks and any other non regular files
+      --sftp-socks-proxy string                             Socks 5 proxy host
+      --sftp-ssh SpaceSepList                               Path and arguments to external ssh binary
+      --sftp-subsystem string                               Specifies the SSH2 subsystem on the remote host (default \[dq]sftp\[dq])
+      --sftp-use-fstat                                      If set use fstat instead of stat
+      --sftp-use-insecure-cipher                            Enable the use of insecure ciphers and key exchange methods
+      --sftp-user string                                    SSH username (default \[dq]$USER\[dq])
+      --sharefile-auth-url string                           Auth server URL
+      --sharefile-chunk-size SizeSuffix                     Upload chunk size (default 64Mi)
+      --sharefile-client-id string                          OAuth Client Id
+      --sharefile-client-secret string                      OAuth Client Secret
+      --sharefile-encoding Encoding                         The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --sharefile-endpoint string                           Endpoint for API calls
+      --sharefile-root-folder-id string                     ID of the root folder
+      --sharefile-token string                              OAuth Access Token as a JSON blob
+      --sharefile-token-url string                          Token server url
+      --sharefile-upload-cutoff SizeSuffix                  Cutoff for switching to multipart upload (default 128Mi)
+      --sia-api-password string                             Sia Daemon API Password (obscured)
+      --sia-api-url string                                  Sia daemon API URL, like http://sia.daemon.host:9980 (default \[dq]http://127.0.0.1:9980\[dq])
+      --sia-encoding Encoding                               The encoding for the backend (default Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot)
+      --sia-user-agent string                               Siad User Agent (default \[dq]Sia-Agent\[dq])
+      --skip-links                                          Don\[aq]t warn about skipped symlinks
+      --smb-case-insensitive                                Whether the server is configured to be case-insensitive (default true)
+      --smb-domain string                                   Domain name for NTLM authentication (default \[dq]WORKGROUP\[dq])
+      --smb-encoding Encoding                               The encoding for the backend (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot)
+      --smb-hide-special-share                              Hide special shares (e.g. print$) which users aren\[aq]t supposed to access (default true)
+      --smb-host string                                     SMB server hostname to connect to
+      --smb-idle-timeout Duration                           Max time before closing idle connections (default 1m0s)
+      --smb-pass string                                     SMB password (obscured)
+      --smb-port int                                        SMB port number (default 445)
+      --smb-spn string                                      Service principal name
+      --smb-user string                                     SMB username (default \[dq]$USER\[dq])
+      --storj-access-grant string                           Access grant
+      --storj-api-key string                                API key
+      --storj-passphrase string                             Encryption passphrase
+      --storj-provider string                               Choose an authentication method (default \[dq]existing\[dq])
+      --storj-satellite-address string                      Satellite address (default \[dq]us1.storj.io\[dq])
+      --sugarsync-access-key-id string                      Sugarsync Access Key ID
+      --sugarsync-app-id string                             Sugarsync App ID
+      --sugarsync-authorization string                      Sugarsync authorization
+      --sugarsync-authorization-expiry string               Sugarsync authorization expiry
+      --sugarsync-deleted-id string                         Sugarsync deleted folder id
+      --sugarsync-encoding Encoding                         The encoding for the backend (default Slash,Ctl,InvalidUtf8,Dot)
+      --sugarsync-hard-delete                               Permanently delete files if true
+      --sugarsync-private-access-key string                 Sugarsync Private Access Key
+      --sugarsync-refresh-token string                      Sugarsync refresh token
+      --sugarsync-root-id string                            Sugarsync root id
+      --sugarsync-user string                               Sugarsync user
+      --swift-application-credential-id string              Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
+      --swift-application-credential-name string            Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
+      --swift-application-credential-secret string          Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
+      --swift-auth string                                   Authentication URL for server (OS_AUTH_URL)
+      --swift-auth-token string                             Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
+      --swift-auth-version int                              AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
+      --swift-chunk-size SizeSuffix                         Above this size files will be chunked into a _segments container (default 5Gi)
+      --swift-domain string                                 User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
+      --swift-encoding Encoding                             The encoding for the backend (default Slash,InvalidUtf8)
+      --swift-endpoint-type string                          Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default \[dq]public\[dq])
+      --swift-env-auth                                      Get swift credentials from environment variables in standard OpenStack form
+      --swift-key string                                    API key or password (OS_PASSWORD)
+      --swift-leave-parts-on-error                          If true avoid calling abort upload on a failure
+      --swift-no-chunk                                      Don\[aq]t chunk files during streaming upload
+      --swift-no-large-objects                              Disable support for static and dynamic large objects
+      --swift-region string                                 Region name - optional (OS_REGION_NAME)
+      --swift-storage-policy string                         The storage policy to use when creating a new container
+      --swift-storage-url string                            Storage URL - optional (OS_STORAGE_URL)
+      --swift-tenant string                                 Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
+      --swift-tenant-domain string                          Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
+      --swift-tenant-id string                              Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
+      --swift-user string                                   User name to log in (OS_USERNAME)
+      --swift-user-id string                                User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID)
+      --union-action-policy string                          Policy to choose upstream on ACTION category (default \[dq]epall\[dq])
+      --union-cache-time int                                Cache time of usage and free space (in seconds) (default 120)
+      --union-create-policy string                          Policy to choose upstream on CREATE category (default \[dq]epmfs\[dq])
+      --union-min-free-space SizeSuffix                     Minimum viable free space for lfs/eplfs policies (default 1Gi)
+      --union-search-policy string                          Policy to choose upstream on SEARCH category (default \[dq]ff\[dq])
+      --union-upstreams string                              List of space separated upstreams
+      --uptobox-access-token string                         Your access token
+      --uptobox-encoding Encoding                           The encoding for the backend (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
+      --uptobox-private                                     Set to make uploaded files private
+      --webdav-bearer-token string                          Bearer token instead of user/pass (e.g. a Macaroon)
+      --webdav-bearer-token-command string                  Command to run to get a bearer token
+      --webdav-encoding string                              The encoding for the backend
+      --webdav-headers CommaSepList                         Set HTTP headers for all transactions
+      --webdav-nextcloud-chunk-size SizeSuffix              Nextcloud upload chunk size (default 10Mi)
+      --webdav-pacer-min-sleep Duration                     Minimum time to sleep between API calls (default 10ms)
+      --webdav-pass string                                  Password (obscured)
+      --webdav-url string                                   URL of http host to connect to
+      --webdav-user string                                  User name
+      --webdav-vendor string                                Name of the WebDAV site/service/software you are using
+      --yandex-auth-url string                              Auth server URL
+      --yandex-client-id string                             OAuth Client Id
+      --yandex-client-secret string                         OAuth Client Secret
+      --yandex-encoding Encoding                            The encoding for the backend (default Slash,Del,Ctl,InvalidUtf8,Dot)
+      --yandex-hard-delete                                  Delete files permanently rather than putting them into the trash
+      --yandex-token string                                 OAuth Access Token as a JSON blob
+      --yandex-token-url string                             Token server url
+      --zoho-auth-url string                                Auth server URL
+      --zoho-client-id string                               OAuth Client Id
+      --zoho-client-secret string                           OAuth Client Secret
+      --zoho-encoding Encoding                              The encoding for the backend (default Del,Ctl,InvalidUtf8)
+      --zoho-region string                                  Zoho region to connect to
+      --zoho-token string                                   OAuth Access Token as a JSON blob
+      --zoho-token-url string                               Token server url
+\f[R]
+.fi
+.SH Docker Volume Plugin
+.SS Introduction
 .PP
-If you wish to remove all the old versions then you can use the
-\f[C]rclone backend cleanup-hidden remote:bucket\f[R] command which will
-delete all the old hidden versions of files, leaving the current ones
-intact.
-You can also supply a path and only old versions under that path will be
-deleted, e.g.
-\f[C]rclone backend cleanup-hidden remote:bucket/path/to/stuff\f[R].
+Docker 1.9 has added support for creating named
+volumes (https://docs.docker.com/storage/volumes/) via command-line
+interface (https://docs.docker.com/engine/reference/commandline/volume_create/)
+and mounting them in containers as a way to share data between them.
+Since Docker 1.10 you can create named volumes with Docker
+Compose (https://docs.docker.com/compose/) by descriptions in
+docker-compose.yml (https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference)
+files for use by container groups on a single host.
+As of Docker 1.12 volumes are supported by Docker
+Swarm (https://docs.docker.com/engine/swarm/key-concepts/) included with
+Docker Engine and created from descriptions in swarm compose
+v3 (https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference)
+files for use with \f[I]swarm stacks\f[R] across multiple cluster nodes.
 .PP
-When you \f[C]purge\f[R] a bucket, the current and the old versions will
-be deleted then the bucket will be deleted.
+Docker Volume
+Plugins (https://docs.docker.com/engine/extend/plugins_volume/) augment
+the default \f[C]local\f[R] volume driver included in Docker with
+stateful volumes shared across containers and hosts.
+Unlike local volumes, your data will \f[I]not\f[R] be deleted when such
+volume is removed.
+Plugins can run managed by the docker daemon, as a native system service
+(under systemd, \f[I]sysv\f[R] or \f[I]upstart\f[R]) or as a standalone
+executable.
+Rclone can run as docker volume plugin in all these modes.
+It interacts with the local docker daemon via plugin
+API (https://docs.docker.com/engine/extend/plugin_api/) and handles
+mounting of remote file systems into docker containers so it must run on
+the same host as the docker daemon or on every Swarm node.
+.SS Getting started
 .PP
-However \f[C]delete\f[R] will cause the current versions of the files to
-become hidden old versions.
+In the first example we will use the SFTP (https://rclone.org/sftp/)
+rclone volume with Docker engine on a standalone Ubuntu machine.
 .PP
-Here is a session showing the listing and retrieval of an old version
-followed by a \f[C]cleanup\f[R] of the old versions.
+Start from installing Docker (https://docs.docker.com/engine/install/)
+on the host.
 .PP
-Show current version and all the versions with \f[C]--s3-versions\f[R]
-flag.
+The \f[I]FUSE\f[R] driver is a prerequisite for rclone mounting and
+should be installed on host:
 .IP
 .nf
 \f[C]
-$ rclone -q ls s3:cleanup-test
-        9 one.txt
-
-$ rclone -q --s3-versions ls s3:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt
+sudo apt-get -y install fuse
 \f[R]
 .fi
 .PP
-Retrieve an old version
+Create two directories required by rclone docker plugin:
 .IP
 .nf
 \f[C]
-$ rclone -q --s3-versions copy s3:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
-
-$ ls -l /tmp/one-v2016-07-04-141003-000.txt
--rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
+sudo mkdir -p /var/lib/docker-plugins/rclone/config
+sudo mkdir -p /var/lib/docker-plugins/rclone/cache
 \f[R]
 .fi
 .PP
-Clean up all the old versions and show that they\[aq]ve gone.
+Install the managed rclone docker plugin for your architecture (here
+\f[C]amd64\f[R]):
 .IP
 .nf
 \f[C]
-$ rclone -q backend cleanup-hidden s3:cleanup-test
-
-$ rclone -q ls s3:cleanup-test
-        9 one.txt
-
-$ rclone -q --s3-versions ls s3:cleanup-test
-        9 one.txt
+docker plugin install rclone/docker-volume-rclone:amd64 args=\[dq]-v\[dq] --alias rclone --grant-all-permissions
+docker plugin list
 \f[R]
 .fi
-.SS Cleanup
-.PP
-If you run \f[C]rclone cleanup s3:bucket\f[R] then it will remove all
-pending multipart uploads older than 24 hours.
-You can use the \f[C]--interactive\f[R]/\f[C]i\f[R] or
-\f[C]--dry-run\f[R] flag to see exactly what it will do.
-If you want more control over the expiry date then run
-\f[C]rclone backend cleanup s3:bucket -o max-age=1h\f[R] to expire all
-uploads older than one hour.
-You can use \f[C]rclone backend list-multipart-uploads s3:bucket\f[R] to
-see the pending multipart uploads.
-.SS Restricted filename characters
-.PP
-S3 allows any valid UTF-8 string as a key.
-.PP
-Invalid UTF-8 bytes will be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in XML.
-.PP
-The following characters are replaced since these are problematic when
-dealing with the REST API:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-NUL
-T}@T{
-0x00
-T}@T{
-\[u2400]
-T}
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-.TE
-.PP
-The encoding will also encode these file names as they don\[aq]t seem to
-work with the SDK properly:
 .PP
-.TS
-tab(@);
-l c.
-T{
-File name
-T}@T{
-Replacement
-T}
-_
-T{
-\&.
-T}@T{
-\[uFF0E]
-T}
-T{
-\&..
-T}@T{
-\[uFF0E]\[uFF0E]
-T}
-.TE
-.SS Multipart uploads
+Create your SFTP volume (https://rclone.org/sftp/#standard-options):
+.IP
+.nf
+\f[C]
+docker volume create firstvolume -d rclone -o type=sftp -o sftp-host=_hostname_ -o sftp-user=_username_ -o sftp-pass=_password_ -o allow-other=true
+\f[R]
+.fi
 .PP
-rclone supports multipart uploads with S3 which means that it can upload
-files bigger than 5 GiB.
+Note that since all options are static, you don\[aq]t even have to run
+\f[C]rclone config\f[R] or create the \f[C]rclone.conf\f[R] file (but
+the \f[C]config\f[R] directory should still be present).
+In the simplest case you can use \f[C]localhost\f[R] as
+\f[I]hostname\f[R] and your SSH credentials as \f[I]username\f[R] and
+\f[I]password\f[R].
+You can also change the remote path to your home directory on the host,
+for example \f[C]-o path=/home/username\f[R].
 .PP
-Note that files uploaded \f[I]both\f[R] with multipart upload
-\f[I]and\f[R] through crypt remotes do not have MD5 sums.
+Time to create a test container and mount the volume into it:
+.IP
+.nf
+\f[C]
+docker run --rm -it -v firstvolume:/mnt --workdir /mnt ubuntu:latest bash
+\f[R]
+.fi
 .PP
-rclone switches from single part uploads to multipart uploads at the
-point specified by \f[C]--s3-upload-cutoff\f[R].
-This can be a maximum of 5 GiB and a minimum of 0 (ie always upload
-multipart files).
+If all goes well, you will enter the new container and change right to
+the mounted SFTP remote.
+You can type \f[C]ls\f[R] to list the mounted directory or otherwise
+play with it.
+Type \f[C]exit\f[R] when you are done.
+The container will stop but the volume will stay, ready to be reused.
+When it\[aq]s not needed anymore, remove it:
+.IP
+.nf
+\f[C]
+docker volume list
+docker volume remove firstvolume
+\f[R]
+.fi
 .PP
-The chunk sizes used in the multipart upload are specified by
-\f[C]--s3-chunk-size\f[R] and the number of chunks uploaded concurrently
-is specified by \f[C]--s3-upload-concurrency\f[R].
+Now let us try \f[B]something more elaborate\f[R]: Google
+Drive (https://rclone.org/drive/) volume on multi-node Docker Swarm.
 .PP
-Multipart uploads will use \f[C]--transfers\f[R] *
-\f[C]--s3-upload-concurrency\f[R] * \f[C]--s3-chunk-size\f[R] extra
-memory.
-Single part uploads to not use extra memory.
+You should start from installing Docker and FUSE, creating plugin
+directories and installing rclone plugin on \f[I]every\f[R] swarm node.
+Then setup the Swarm (https://docs.docker.com/engine/swarm/swarm-mode/).
 .PP
-Single part transfers can be faster than multipart transfers or slower
-depending on your latency from S3 - the more latency, the more likely
-single part transfers will be faster.
+Google Drive volumes need an access token which can be setup via web
+browser and will be periodically renewed by rclone.
+The managed plugin cannot run a browser so we will use a technique
+similar to the rclone setup on a headless
+box (https://rclone.org/remote_setup/).
 .PP
-Increasing \f[C]--s3-upload-concurrency\f[R] will increase throughput (8
-would be a sensible value) and increasing \f[C]--s3-chunk-size\f[R] also
-increases throughput (16M would be sensible).
-Increasing either of these will use more memory.
-The default values are high enough to gain most of the possible
-performance without using too much memory.
-.SS Buckets and Regions
+Run rclone config (https://rclone.org/commands/rclone_config_create/) on
+\f[I]another\f[R] machine equipped with \f[I]web browser\f[R] and
+graphical user interface.
+Create the Google Drive
+remote (https://rclone.org/drive/#standard-options).
+When done, transfer the resulting \f[C]rclone.conf\f[R] to the Swarm
+cluster and save as
+\f[C]/var/lib/docker-plugins/rclone/config/rclone.conf\f[R] on
+\f[I]every\f[R] node.
+By default this location is accessible only to the root user so you will
+need appropriate privileges.
+The resulting config will look like this:
+.IP
+.nf
+\f[C]
+[gdrive]
+type = drive
+scope = drive
+drive_id = 1234567...
+root_folder_id = 0Abcd...
+token = {\[dq]access_token\[dq]:...}
+\f[R]
+.fi
 .PP
-With Amazon S3 you can list buckets (\f[C]rclone lsd\f[R]) using any
-region, but you can only access the content of a bucket from the region
-it was created in.
-If you attempt to access a bucket from the wrong region, you will get an
-error,
-\f[C]incorrect region, the bucket is not in \[aq]XXX\[aq] region\f[R].
-.SS Authentication
+Now create the file named \f[C]example.yml\f[R] with a swarm stack
+description like this:
+.IP
+.nf
+\f[C]
+version: \[aq]3\[aq]
+services:
+  heimdall:
+    image: linuxserver/heimdall:latest
+    ports: [8080:80]
+    volumes: [configdata:/config]
+volumes:
+  configdata:
+    driver: rclone
+    driver_opts:
+      remote: \[aq]gdrive:heimdall\[aq]
+      allow_other: \[aq]true\[aq]
+      vfs_cache_mode: full
+      poll_interval: 0
+\f[R]
+.fi
 .PP
-There are a number of ways to supply \f[C]rclone\f[R] with a set of AWS
-credentials, with and without using the environment.
+and run the stack:
+.IP
+.nf
+\f[C]
+docker stack deploy example -c ./example.yml
+\f[R]
+.fi
 .PP
-The different authentication methods are tried in this order:
-.IP \[bu] 2
-Directly in the rclone configuration file (\f[C]env_auth = false\f[R] in
-the config file):
-.RS 2
-.IP \[bu] 2
-\f[C]access_key_id\f[R] and \f[C]secret_access_key\f[R] are required.
-.IP \[bu] 2
-\f[C]session_token\f[R] can be optionally set when using AWS STS.
-.RE
-.IP \[bu] 2
-Runtime configuration (\f[C]env_auth = true\f[R] in the config file):
-.RS 2
-.IP \[bu] 2
-Export the following environment variables before running
-\f[C]rclone\f[R]:
-.RS 2
-.IP \[bu] 2
-Access Key ID: \f[C]AWS_ACCESS_KEY_ID\f[R] or \f[C]AWS_ACCESS_KEY\f[R]
-.IP \[bu] 2
-Secret Access Key: \f[C]AWS_SECRET_ACCESS_KEY\f[R] or
-\f[C]AWS_SECRET_KEY\f[R]
-.IP \[bu] 2
-Session Token: \f[C]AWS_SESSION_TOKEN\f[R] (optional)
-.RE
-.IP \[bu] 2
-Or, use a named
-profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html):
-.RS 2
-.IP \[bu] 2
-Profile files are standard files used by AWS CLI tools
-.IP \[bu] 2
-By default it will use the profile in your home directory (e.g.
-\f[C]\[ti]/.aws/credentials\f[R] on unix based systems) file and the
-\[dq]default\[dq] profile, to change set these environment variables:
-.RS 2
-.IP \[bu] 2
-\f[C]AWS_SHARED_CREDENTIALS_FILE\f[R] to control which file.
-.IP \[bu] 2
-\f[C]AWS_PROFILE\f[R] to control which profile to use.
-.RE
-.RE
-.IP \[bu] 2
-Or, run \f[C]rclone\f[R] in an ECS task with an IAM role (AWS only).
-.IP \[bu] 2
-Or, run \f[C]rclone\f[R] on an EC2 instance with an IAM role (AWS only).
-.IP \[bu] 2
-Or, run \f[C]rclone\f[R] in an EKS pod with an IAM role that is
-associated with a service account (AWS only).
-.RE
+After a few seconds docker will spread the parsed stack description over
+cluster, create the \f[C]example_heimdall\f[R] service on port
+\f[I]8080\f[R], run service containers on one or more cluster nodes and
+request the \f[C]example_configdata\f[R] volume from rclone plugins on
+the node hosts.
+You can use the following commands to confirm results:
+.IP
+.nf
+\f[C]
+docker service ls
+docker service ps example_heimdall
+docker volume ls
+\f[R]
+.fi
 .PP
-If none of these option actually end up providing \f[C]rclone\f[R] with
-AWS credentials then S3 interaction will be non-authenticated (see
-below).
-.SS S3 Permissions
+Point your browser to \f[C]http://cluster.host.address:8080\f[R] and
+play with the service.
+Stop it with \f[C]docker stack remove example\f[R] when you are done.
+Note that the \f[C]example_configdata\f[R] volume(s) created on demand
+at the cluster nodes will not be automatically removed together with the
+stack but stay for future reuse.
+You can remove them manually by invoking the
+\f[C]docker volume remove example_configdata\f[R] command on every node.
+.SS Creating Volumes via CLI
 .PP
-When using the \f[C]sync\f[R] subcommand of \f[C]rclone\f[R] the
-following minimum permissions are required to be available on the bucket
-being written to:
-.IP \[bu] 2
-\f[C]ListBucket\f[R]
-.IP \[bu] 2
-\f[C]DeleteObject\f[R]
-.IP \[bu] 2
-\f[C]GetObject\f[R]
-.IP \[bu] 2
-\f[C]PutObject\f[R]
-.IP \[bu] 2
-\f[C]PutObjectACL\f[R]
+Volumes can be created with docker volume
+create (https://docs.docker.com/engine/reference/commandline/volume_create/).
+Here are a few examples:
+.IP
+.nf
+\f[C]
+docker volume create vol1 -d rclone -o remote=storj: -o vfs-cache-mode=full
+docker volume create vol2 -d rclone -o remote=:storj,access_grant=xxx:heimdall
+docker volume create vol3 -d rclone -o type=storj -o path=heimdall -o storj-access-grant=xxx -o poll-interval=0
+\f[R]
+.fi
 .PP
-When using the \f[C]lsd\f[R] subcommand, the \f[C]ListAllMyBuckets\f[R]
-permission is required.
+Note the \f[C]-d rclone\f[R] flag that tells docker to request volume
+from the rclone driver.
+This works even if you installed managed driver by its full name
+\f[C]rclone/docker-volume-rclone\f[R] because you provided the
+\f[C]--alias rclone\f[R] option.
 .PP
-Example policy:
+Volumes can be inspected as follows:
 .IP
 .nf
 \f[C]
-{
-    \[dq]Version\[dq]: \[dq]2012-10-17\[dq],
-    \[dq]Statement\[dq]: [
-        {
-            \[dq]Effect\[dq]: \[dq]Allow\[dq],
-            \[dq]Principal\[dq]: {
-                \[dq]AWS\[dq]: \[dq]arn:aws:iam::USER_SID:user/USER_NAME\[dq]
-            },
-            \[dq]Action\[dq]: [
-                \[dq]s3:ListBucket\[dq],
-                \[dq]s3:DeleteObject\[dq],
-                \[dq]s3:GetObject\[dq],
-                \[dq]s3:PutObject\[dq],
-                \[dq]s3:PutObjectAcl\[dq]
-            ],
-            \[dq]Resource\[dq]: [
-              \[dq]arn:aws:s3:::BUCKET_NAME/*\[dq],
-              \[dq]arn:aws:s3:::BUCKET_NAME\[dq]
-            ]
-        },
-        {
-            \[dq]Effect\[dq]: \[dq]Allow\[dq],
-            \[dq]Action\[dq]: \[dq]s3:ListAllMyBuckets\[dq],
-            \[dq]Resource\[dq]: \[dq]arn:aws:s3:::*\[dq]
-        }
-    ]
-}
+docker volume list
+docker volume inspect vol1
 \f[R]
 .fi
+.SS Volume Configuration
 .PP
-Notes on above:
-.IP "1." 3
-This is a policy that can be used when creating bucket.
-It assumes that \f[C]USER_NAME\f[R] has been created.
-.IP "2." 3
-The Resource entry must include both resource ARNs, as one implies the
-bucket and the other implies the bucket\[aq]s objects.
+Rclone flags and volume options are set via the \f[C]-o\f[R] flag to the
+\f[C]docker volume create\f[R] command.
+They include backend-specific parameters as well as mount and
+\f[I]VFS\f[R] options.
+Also there are a few special \f[C]-o\f[R] options: \f[C]remote\f[R],
+\f[C]fs\f[R], \f[C]type\f[R], \f[C]path\f[R], \f[C]mount-type\f[R] and
+\f[C]persist\f[R].
 .PP
-For reference, here\[aq]s an Ansible
-script (https://gist.github.com/ebridges/ebfc9042dd7c756cd101cfa807b7ae2b)
-that will generate one or more buckets that will work with
-\f[C]rclone sync\f[R].
-.SS Key Management System (KMS)
+\f[C]remote\f[R] determines an existing remote name from the config
+file, with trailing colon and optionally with a remote path.
+See the full syntax in the rclone
+documentation (https://rclone.org/docs/#syntax-of-remote-paths).
+This option can be aliased as \f[C]fs\f[R] to prevent confusion with the
+\f[I]remote\f[R] parameter of such backends as \f[I]crypt\f[R] or
+\f[I]alias\f[R].
 .PP
-If you are using server-side encryption with KMS then you must make sure
-rclone is configured with \f[C]server_side_encryption = aws:kms\f[R]
-otherwise you will find you can\[aq]t transfer small objects - these
-will create checksum errors.
-.SS Glacier and Glacier Deep Archive
+The \f[C]remote=:backend:dir/subdir\f[R] syntax can be used to create
+on-the-fly (config-less)
+remotes (https://rclone.org/docs/#backend-path-to-dir), while the
+\f[C]type\f[R] and \f[C]path\f[R] options provide a simpler alternative
+for this.
+Using two split options
+.IP
+.nf
+\f[C]
+-o type=backend -o path=dir/subdir
+\f[R]
+.fi
 .PP
-You can upload objects using the glacier storage class or transition
-them to glacier using a lifecycle
-policy (http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html).
-The bucket can still be synced or copied into normally, but if rclone
-tries to access data from the glacier storage class you will see an
-error like below.
+is equivalent to the combined syntax
 .IP
 .nf
 \f[C]
-2017/09/11 19:07:43 Failed to sync: failed to open source object: Object in GLACIER, restore first: path/to/file
+-o remote=:backend:dir/subdir
 \f[R]
 .fi
 .PP
-In this case you need to
-restore (http://docs.aws.amazon.com/AmazonS3/latest/user-guide/restore-archived-objects.html)
-the object(s) in question before using rclone.
+but is arguably easier to parameterize in scripts.
+The \f[C]path\f[R] part is optional.
 .PP
-Note that rclone only speaks the S3 API it does not speak the Glacier
-Vault API, so rclone cannot directly access Glacier Vaults.
-.SS Object-lock enabled S3 bucket
+Mount and VFS
+options (https://rclone.org/commands/rclone_serve_docker/#options) as
+well as backend parameters (https://rclone.org/flags/#backend-flags) are
+named like their twin command-line flags without the \f[C]--\f[R] CLI
+prefix.
+Optionally you can use underscores instead of dashes in option names.
+For example, \f[C]--vfs-cache-mode full\f[R] becomes
+\f[C]-o vfs-cache-mode=full\f[R] or \f[C]-o vfs_cache_mode=full\f[R].
+Boolean CLI flags without value will gain the \f[C]true\f[R] value, e.g.
+\f[C]--allow-other\f[R] becomes \f[C]-o allow-other=true\f[R] or
+\f[C]-o allow_other=true\f[R].
 .PP
-According to AWS\[aq]s documentation on S3 Object
-Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-permission):
-.RS
+Please note that you can provide parameters only for the backend
+immediately referenced by the backend type of mounted \f[C]remote\f[R].
+If this is a wrapping backend like \f[I]alias, chunker or crypt\f[R],
+you cannot provide options for the referred to remote or backend.
+This limitation is imposed by the rclone connection string parser.
+The only workaround is to feed plugin with \f[C]rclone.conf\f[R] or
+configure plugin arguments (see below).
+.SS Special Volume Options
 .PP
-If you configure a default retention period on a bucket, requests to
-upload objects in such a bucket must include the Content-MD5 header.
-.RE
+\f[C]mount-type\f[R] determines the mount method and in general can be
+one of: \f[C]mount\f[R], \f[C]cmount\f[R], or \f[C]mount2\f[R].
+This can be aliased as \f[C]mount_type\f[R].
+It should be noted that the managed rclone docker plugin currently does
+not support the \f[C]cmount\f[R] method and \f[C]mount2\f[R] is rarely
+needed.
+This option defaults to the first found method, which is usually
+\f[C]mount\f[R] so you generally won\[aq]t need it.
 .PP
-As mentioned in the Hashes section, small files that are not uploaded as
-multipart, use a different tag, causing the upload to fail.
-A simple solution is to set the \f[C]--s3-upload-cutoff 0\f[R] and force
-all the files to be uploaded as multipart.
-.SS Standard options
+\f[C]persist\f[R] is a reserved boolean (true/false) option.
+In future it will allow to persist on-the-fly remotes in the plugin
+\f[C]rclone.conf\f[R] file.
+.SS Connection Strings
 .PP
-Here are the Standard options specific to s3 (Amazon S3 Compliant
-Storage Providers including AWS, Alibaba, Ceph, China Mobile,
-Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS,
-IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp,
-Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
-.SS --s3-provider
+The \f[C]remote\f[R] value can be extended with connection
+strings (https://rclone.org/docs/#connection-strings) as an alternative
+way to supply backend parameters.
+This is equivalent to the \f[C]-o\f[R] backend options with one
+\f[I]syntactic difference\f[R].
+Inside connection string the backend prefix must be dropped from
+parameter names but in the \f[C]-o param=value\f[R] array it must be
+present.
+For instance, compare the following option array
+.IP
+.nf
+\f[C]
+-o remote=:sftp:/home -o sftp-host=localhost
+\f[R]
+.fi
 .PP
-Choose your S3 provider.
+with equivalent connection string:
+.IP
+.nf
+\f[C]
+-o remote=:sftp,host=localhost:/home
+\f[R]
+.fi
 .PP
-Properties:
-.IP \[bu] 2
-Config: provider
-.IP \[bu] 2
-Env Var: RCLONE_S3_PROVIDER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]AWS\[dq]
-.RS 2
-.IP \[bu] 2
-Amazon Web Services (AWS) S3
-.RE
-.IP \[bu] 2
-\[dq]Alibaba\[dq]
-.RS 2
-.IP \[bu] 2
-Alibaba Cloud Object Storage System (OSS) formerly Aliyun
-.RE
-.IP \[bu] 2
-\[dq]Ceph\[dq]
-.RS 2
-.IP \[bu] 2
-Ceph Object Storage
-.RE
-.IP \[bu] 2
-\[dq]ChinaMobile\[dq]
-.RS 2
-.IP \[bu] 2
-China Mobile Ecloud Elastic Object Storage (EOS)
-.RE
-.IP \[bu] 2
-\[dq]Cloudflare\[dq]
-.RS 2
-.IP \[bu] 2
-Cloudflare R2 Storage
-.RE
-.IP \[bu] 2
-\[dq]ArvanCloud\[dq]
-.RS 2
-.IP \[bu] 2
-Arvan Cloud Object Storage (AOS)
-.RE
-.IP \[bu] 2
-\[dq]DigitalOcean\[dq]
-.RS 2
-.IP \[bu] 2
-DigitalOcean Spaces
-.RE
-.IP \[bu] 2
-\[dq]Dreamhost\[dq]
-.RS 2
-.IP \[bu] 2
-Dreamhost DreamObjects
-.RE
-.IP \[bu] 2
-\[dq]HuaweiOBS\[dq]
-.RS 2
-.IP \[bu] 2
-Huawei Object Storage Service
-.RE
-.IP \[bu] 2
-\[dq]IBMCOS\[dq]
-.RS 2
-.IP \[bu] 2
-IBM COS S3
-.RE
-.IP \[bu] 2
-\[dq]IDrive\[dq]
-.RS 2
-.IP \[bu] 2
-IDrive e2
-.RE
-.IP \[bu] 2
-\[dq]IONOS\[dq]
-.RS 2
-.IP \[bu] 2
-IONOS Cloud
-.RE
-.IP \[bu] 2
-\[dq]LyveCloud\[dq]
-.RS 2
-.IP \[bu] 2
-Seagate Lyve Cloud
-.RE
-.IP \[bu] 2
-\[dq]Liara\[dq]
-.RS 2
-.IP \[bu] 2
-Liara Object Storage
-.RE
-.IP \[bu] 2
-\[dq]Minio\[dq]
-.RS 2
-.IP \[bu] 2
-Minio Object Storage
-.RE
-.IP \[bu] 2
-\[dq]Netease\[dq]
-.RS 2
-.IP \[bu] 2
-Netease Object Storage (NOS)
-.RE
-.IP \[bu] 2
-\[dq]RackCorp\[dq]
-.RS 2
-.IP \[bu] 2
-RackCorp Object Storage
-.RE
-.IP \[bu] 2
-\[dq]Scaleway\[dq]
-.RS 2
-.IP \[bu] 2
-Scaleway Object Storage
-.RE
-.IP \[bu] 2
-\[dq]SeaweedFS\[dq]
-.RS 2
-.IP \[bu] 2
-SeaweedFS S3
-.RE
-.IP \[bu] 2
-\[dq]StackPath\[dq]
-.RS 2
-.IP \[bu] 2
-StackPath Object Storage
-.RE
-.IP \[bu] 2
-\[dq]Storj\[dq]
-.RS 2
-.IP \[bu] 2
-Storj (S3 Compatible Gateway)
-.RE
-.IP \[bu] 2
-\[dq]TencentCOS\[dq]
-.RS 2
-.IP \[bu] 2
-Tencent Cloud Object Storage (COS)
-.RE
-.IP \[bu] 2
-\[dq]Wasabi\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi Object Storage
-.RE
-.IP \[bu] 2
-\[dq]Qiniu\[dq]
-.RS 2
-.IP \[bu] 2
-Qiniu Object Storage (Kodo)
-.RE
-.IP \[bu] 2
-\[dq]Other\[dq]
-.RS 2
-.IP \[bu] 2
-Any other S3 compatible provider
-.RE
-.RE
-.SS --s3-env-auth
+This difference exists because flag options \f[C]-o key=val\f[R] include
+not only backend parameters but also mount/VFS flags and possibly other
+settings.
+Also it allows to discriminate the \f[C]remote\f[R] option from the
+\f[C]crypt-remote\f[R] (or similarly named backend parameters) and
+arguably simplifies scripting due to clearer value substitution.
+.SS Using with Swarm or Compose
 .PP
-Get AWS credentials from runtime (environment variables or EC2/ECS meta
-data if no env vars).
+Both \f[I]Docker Swarm\f[R] and \f[I]Docker Compose\f[R] use
+YAML (http://yaml.org/spec/1.2/spec.html)-formatted text files to
+describe groups (stacks) of containers, their properties, networks and
+volumes.
+\f[I]Compose\f[R] uses the compose
+v2 (https://docs.docker.com/compose/compose-file/compose-file-v2/#volume-configuration-reference)
+format, \f[I]Swarm\f[R] uses the compose
+v3 (https://docs.docker.com/compose/compose-file/compose-file-v3/#volume-configuration-reference)
+format.
+They are mostly similar, differences are explained in the docker
+documentation (https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading).
+.PP
+Volumes are described by the children of the top-level
+\f[C]volumes:\f[R] node.
+Each of them should be named after its volume and have at least two
+elements, the self-explanatory \f[C]driver: rclone\f[R] value and the
+\f[C]driver_opts:\f[R] structure playing the same role as
+\f[C]-o key=val\f[R] CLI flags:
+.IP
+.nf
+\f[C]
+volumes:
+  volume_name_1:
+    driver: rclone
+    driver_opts:
+      remote: \[aq]gdrive:\[aq]
+      allow_other: \[aq]true\[aq]
+      vfs_cache_mode: full
+      token: \[aq]{\[dq]type\[dq]: \[dq]borrower\[dq], \[dq]expires\[dq]: \[dq]2021-12-31\[dq]}\[aq]
+      poll_interval: 0
+\f[R]
+.fi
+.PP
+Notice a few important details: - YAML prefers \f[C]_\f[R] in option
+names instead of \f[C]-\f[R].
+- YAML treats single and double quotes interchangeably.
+Simple strings and integers can be left unquoted.
+- Boolean values must be quoted like \f[C]\[aq]true\[aq]\f[R] or
+\f[C]\[dq]false\[dq]\f[R] because these two words are reserved by YAML.
+- The filesystem string is keyed with \f[C]remote\f[R] (or with
+\f[C]fs\f[R]).
+Normally you can omit quotes here, but if the string ends with colon,
+you \f[B]must\f[R] quote it like
+\f[C]remote: \[dq]storage_box:\[dq]\f[R].
+- YAML is picky about surrounding braces in values as this is in fact
+another syntax for key/value
+mappings (http://yaml.org/spec/1.2/spec.html#id2790832).
+For example, JSON access tokens usually contain double quotes and
+surrounding braces, so you must put them in single quotes.
+.SS Installing as Managed Plugin
+.PP
+Docker daemon can install plugins from an image registry and run them
+managed.
+We maintain the
+docker-volume-rclone (https://hub.docker.com/p/rclone/docker-volume-rclone/)
+plugin image on Docker Hub (https://hub.docker.com).
 .PP
-Only applies if access_key_id and secret_access_key is blank.
+Rclone volume plugin requires \f[B]Docker Engine >= 19.03.15\f[R]
 .PP
-Properties:
-.IP \[bu] 2
-Config: env_auth
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENV_AUTH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Enter AWS credentials in the next step.
-.RE
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Get AWS credentials from the environment (env vars or IAM).
-.RE
-.RE
-.SS --s3-access-key-id
+The plugin requires presence of two directories on the host before it
+can be installed.
+Note that plugin will \f[B]not\f[R] create them automatically.
+By default they must exist on host at the following locations (though
+you can tweak the paths): -
+\f[C]/var/lib/docker-plugins/rclone/config\f[R] is reserved for the
+\f[C]rclone.conf\f[R] config file and \f[B]must\f[R] exist even if
+it\[aq]s empty and the config file is not present.
+- \f[C]/var/lib/docker-plugins/rclone/cache\f[R] holds the plugin state
+file as well as optional VFS caches.
 .PP
-AWS Access Key ID.
+You can install managed
+plugin (https://docs.docker.com/engine/reference/commandline/plugin_install/)
+with default settings as follows:
+.IP
+.nf
+\f[C]
+docker plugin install rclone/docker-volume-rclone:amd64 --grant-all-permissions --alias rclone
+\f[R]
+.fi
 .PP
-Leave blank for anonymous access or runtime credentials.
+The \f[C]:amd64\f[R] part of the image specification after colon is
+called a \f[I]tag\f[R].
+Usually you will want to install the latest plugin for your
+architecture.
+In this case the tag will just name it, like \f[C]amd64\f[R] above.
+The following plugin architectures are currently available: -
+\f[C]amd64\f[R] - \f[C]arm64\f[R] - \f[C]arm-v7\f[R]
 .PP
-Properties:
-.IP \[bu] 2
-Config: access_key_id
-.IP \[bu] 2
-Env Var: RCLONE_S3_ACCESS_KEY_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --s3-secret-access-key
+Sometimes you might want a concrete plugin version, not the latest one.
+Then you should use image tag in the form
+\f[C]:ARCHITECTURE-VERSION\f[R].
+For example, to install plugin version \f[C]v1.56.2\f[R] on architecture
+\f[C]arm64\f[R] you will use tag \f[C]arm64-1.56.2\f[R] (note the
+removed \f[C]v\f[R]) so the full image specification becomes
+\f[C]rclone/docker-volume-rclone:arm64-1.56.2\f[R].
 .PP
-AWS Secret Access Key (password).
+We also provide the \f[C]latest\f[R] plugin tag, but since docker does
+not support multi-architecture plugins as of the time of this writing,
+this tag is currently an \f[B]alias for \f[CB]amd64\f[B]\f[R].
+By convention the \f[C]latest\f[R] tag is the default one and can be
+omitted, thus both \f[C]rclone/docker-volume-rclone:latest\f[R] and just
+\f[C]rclone/docker-volume-rclone\f[R] will refer to the latest plugin
+release for the \f[C]amd64\f[R] platform.
 .PP
-Leave blank for anonymous access or runtime credentials.
+Also the \f[C]amd64\f[R] part can be omitted from the versioned rclone
+plugin tags.
+For example, rclone image reference
+\f[C]rclone/docker-volume-rclone:amd64-1.56.2\f[R] can be abbreviated as
+\f[C]rclone/docker-volume-rclone:1.56.2\f[R] for convenience.
+However, for non-intel architectures you still have to use the full tag
+as \f[C]amd64\f[R] or \f[C]latest\f[R] will fail to start.
 .PP
-Properties:
-.IP \[bu] 2
-Config: secret_access_key
-.IP \[bu] 2
-Env Var: RCLONE_S3_SECRET_ACCESS_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --s3-region
+Managed plugin is in fact a special container running in a namespace
+separate from normal docker containers.
+Inside it runs the \f[C]rclone serve docker\f[R] command.
+The config and cache directories are bind-mounted into the container at
+start.
+The docker daemon connects to a unix socket created by the command
+inside the container.
+The command creates on-demand remote mounts right inside, then docker
+machinery propagates them through kernel mount namespaces and
+bind-mounts into requesting user containers.
 .PP
-Region to connect to.
+You can tweak a few plugin settings after installation when it\[aq]s
+disabled (not in use), for instance:
+.IP
+.nf
+\f[C]
+docker plugin disable rclone
+docker plugin set rclone RCLONE_VERBOSE=2 config=/etc/rclone args=\[dq]--vfs-cache-mode=writes --allow-other\[dq]
+docker plugin enable rclone
+docker plugin inspect rclone
+\f[R]
+.fi
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider: AWS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]us-east-1\[dq]
-.RS 2
-.IP \[bu] 2
-The default endpoint - a good choice if you are unsure.
-.IP \[bu] 2
-US Region, Northern Virginia, or Pacific Northwest.
-.IP \[bu] 2
-Leave location constraint empty.
-.RE
-.IP \[bu] 2
-\[dq]us-east-2\[dq]
-.RS 2
-.IP \[bu] 2
-US East (Ohio) Region.
-.IP \[bu] 2
-Needs location constraint us-east-2.
-.RE
-.IP \[bu] 2
-\[dq]us-west-1\[dq]
-.RS 2
-.IP \[bu] 2
-US West (Northern California) Region.
-.IP \[bu] 2
-Needs location constraint us-west-1.
-.RE
-.IP \[bu] 2
-\[dq]us-west-2\[dq]
-.RS 2
-.IP \[bu] 2
-US West (Oregon) Region.
-.IP \[bu] 2
-Needs location constraint us-west-2.
-.RE
-.IP \[bu] 2
-\[dq]ca-central-1\[dq]
-.RS 2
-.IP \[bu] 2
-Canada (Central) Region.
-.IP \[bu] 2
-Needs location constraint ca-central-1.
-.RE
-.IP \[bu] 2
-\[dq]eu-west-1\[dq]
-.RS 2
-.IP \[bu] 2
-EU (Ireland) Region.
-.IP \[bu] 2
-Needs location constraint EU or eu-west-1.
-.RE
-.IP \[bu] 2
-\[dq]eu-west-2\[dq]
-.RS 2
-.IP \[bu] 2
-EU (London) Region.
-.IP \[bu] 2
-Needs location constraint eu-west-2.
-.RE
-.IP \[bu] 2
-\[dq]eu-west-3\[dq]
-.RS 2
-.IP \[bu] 2
-EU (Paris) Region.
-.IP \[bu] 2
-Needs location constraint eu-west-3.
-.RE
-.IP \[bu] 2
-\[dq]eu-north-1\[dq]
-.RS 2
-.IP \[bu] 2
-EU (Stockholm) Region.
-.IP \[bu] 2
-Needs location constraint eu-north-1.
-.RE
-.IP \[bu] 2
-\[dq]eu-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-EU (Milan) Region.
-.IP \[bu] 2
-Needs location constraint eu-south-1.
-.RE
-.IP \[bu] 2
-\[dq]eu-central-1\[dq]
-.RS 2
-.IP \[bu] 2
-EU (Frankfurt) Region.
-.IP \[bu] 2
-Needs location constraint eu-central-1.
-.RE
-.IP \[bu] 2
-\[dq]ap-southeast-1\[dq]
-.RS 2
-.IP \[bu] 2
-Asia Pacific (Singapore) Region.
-.IP \[bu] 2
-Needs location constraint ap-southeast-1.
-.RE
-.IP \[bu] 2
-\[dq]ap-southeast-2\[dq]
-.RS 2
-.IP \[bu] 2
-Asia Pacific (Sydney) Region.
-.IP \[bu] 2
-Needs location constraint ap-southeast-2.
-.RE
-.IP \[bu] 2
-\[dq]ap-northeast-1\[dq]
-.RS 2
-.IP \[bu] 2
-Asia Pacific (Tokyo) Region.
-.IP \[bu] 2
-Needs location constraint ap-northeast-1.
-.RE
-.IP \[bu] 2
-\[dq]ap-northeast-2\[dq]
-.RS 2
-.IP \[bu] 2
-Asia Pacific (Seoul).
-.IP \[bu] 2
-Needs location constraint ap-northeast-2.
-.RE
-.IP \[bu] 2
-\[dq]ap-northeast-3\[dq]
-.RS 2
-.IP \[bu] 2
-Asia Pacific (Osaka-Local).
-.IP \[bu] 2
-Needs location constraint ap-northeast-3.
-.RE
-.IP \[bu] 2
-\[dq]ap-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-Asia Pacific (Mumbai).
-.IP \[bu] 2
-Needs location constraint ap-south-1.
-.RE
-.IP \[bu] 2
-\[dq]ap-east-1\[dq]
-.RS 2
-.IP \[bu] 2
-Asia Pacific (Hong Kong) Region.
-.IP \[bu] 2
-Needs location constraint ap-east-1.
-.RE
-.IP \[bu] 2
-\[dq]sa-east-1\[dq]
-.RS 2
-.IP \[bu] 2
-South America (Sao Paulo) Region.
-.IP \[bu] 2
-Needs location constraint sa-east-1.
-.RE
-.IP \[bu] 2
-\[dq]me-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-Middle East (Bahrain) Region.
-.IP \[bu] 2
-Needs location constraint me-south-1.
-.RE
-.IP \[bu] 2
-\[dq]af-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-Africa (Cape Town) Region.
-.IP \[bu] 2
-Needs location constraint af-south-1.
-.RE
-.IP \[bu] 2
-\[dq]cn-north-1\[dq]
-.RS 2
-.IP \[bu] 2
-China (Beijing) Region.
-.IP \[bu] 2
-Needs location constraint cn-north-1.
-.RE
-.IP \[bu] 2
-\[dq]cn-northwest-1\[dq]
-.RS 2
-.IP \[bu] 2
-China (Ningxia) Region.
-.IP \[bu] 2
-Needs location constraint cn-northwest-1.
-.RE
-.IP \[bu] 2
-\[dq]us-gov-east-1\[dq]
-.RS 2
-.IP \[bu] 2
-AWS GovCloud (US-East) Region.
-.IP \[bu] 2
-Needs location constraint us-gov-east-1.
-.RE
-.IP \[bu] 2
-\[dq]us-gov-west-1\[dq]
-.RS 2
-.IP \[bu] 2
-AWS GovCloud (US) Region.
-.IP \[bu] 2
-Needs location constraint us-gov-west-1.
-.RE
-.RE
-.SS --s3-region
+Note that if docker refuses to disable the plugin, you should find and
+remove all active volumes connected with it as well as containers and
+swarm services that use them.
+This is rather tedious so please carefully plan in advance.
 .PP
-region - the location where your bucket will be created and your data
-stored.
+You can tweak the following settings: \f[C]args\f[R], \f[C]config\f[R],
+\f[C]cache\f[R], \f[C]HTTP_PROXY\f[R], \f[C]HTTPS_PROXY\f[R],
+\f[C]NO_PROXY\f[R] and \f[C]RCLONE_VERBOSE\f[R].
+It\[aq]s \f[I]your\f[R] task to keep plugin settings in sync across
+swarm cluster nodes.
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider: RackCorp
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]global\[dq]
-.RS 2
-.IP \[bu] 2
-Global CDN (All locations) Region
-.RE
-.IP \[bu] 2
-\[dq]au\[dq]
-.RS 2
-.IP \[bu] 2
-Australia (All states)
-.RE
-.IP \[bu] 2
-\[dq]au-nsw\[dq]
-.RS 2
-.IP \[bu] 2
-NSW (Australia) Region
-.RE
-.IP \[bu] 2
-\[dq]au-qld\[dq]
-.RS 2
-.IP \[bu] 2
-QLD (Australia) Region
-.RE
-.IP \[bu] 2
-\[dq]au-vic\[dq]
-.RS 2
-.IP \[bu] 2
-VIC (Australia) Region
-.RE
-.IP \[bu] 2
-\[dq]au-wa\[dq]
-.RS 2
-.IP \[bu] 2
-Perth (Australia) Region
-.RE
-.IP \[bu] 2
-\[dq]ph\[dq]
-.RS 2
-.IP \[bu] 2
-Manila (Philippines) Region
-.RE
-.IP \[bu] 2
-\[dq]th\[dq]
-.RS 2
-.IP \[bu] 2
-Bangkok (Thailand) Region
-.RE
-.IP \[bu] 2
-\[dq]hk\[dq]
-.RS 2
-.IP \[bu] 2
-HK (Hong Kong) Region
-.RE
-.IP \[bu] 2
-\[dq]mn\[dq]
-.RS 2
-.IP \[bu] 2
-Ulaanbaatar (Mongolia) Region
-.RE
-.IP \[bu] 2
-\[dq]kg\[dq]
-.RS 2
-.IP \[bu] 2
-Bishkek (Kyrgyzstan) Region
-.RE
-.IP \[bu] 2
-\[dq]id\[dq]
-.RS 2
-.IP \[bu] 2
-Jakarta (Indonesia) Region
-.RE
-.IP \[bu] 2
-\[dq]jp\[dq]
-.RS 2
-.IP \[bu] 2
-Tokyo (Japan) Region
-.RE
-.IP \[bu] 2
-\[dq]sg\[dq]
-.RS 2
-.IP \[bu] 2
-SG (Singapore) Region
-.RE
-.IP \[bu] 2
-\[dq]de\[dq]
-.RS 2
-.IP \[bu] 2
-Frankfurt (Germany) Region
-.RE
-.IP \[bu] 2
-\[dq]us\[dq]
-.RS 2
-.IP \[bu] 2
-USA (AnyCast) Region
-.RE
-.IP \[bu] 2
-\[dq]us-east-1\[dq]
-.RS 2
-.IP \[bu] 2
-New York (USA) Region
-.RE
-.IP \[bu] 2
-\[dq]us-west-1\[dq]
-.RS 2
-.IP \[bu] 2
-Freemont (USA) Region
-.RE
-.IP \[bu] 2
-\[dq]nz\[dq]
-.RS 2
-.IP \[bu] 2
-Auckland (New Zealand) Region
-.RE
-.RE
-.SS --s3-region
+\f[C]args\f[R] sets command-line arguments for the
+\f[C]rclone serve docker\f[R] command (\f[I]none\f[R] by default).
+Arguments should be separated by space so you will normally want to put
+them in quotes on the docker plugin
+set (https://docs.docker.com/engine/reference/commandline/plugin_set/)
+command line.
+Both serve docker
+flags (https://rclone.org/commands/rclone_serve_docker/#options) and
+generic rclone flags (https://rclone.org/flags/) are supported,
+including backend parameters that will be used as defaults for volume
+creation.
+Note that plugin will fail (due to this docker
+bug (https://github.com/moby/moby/blob/v20.10.7/plugin/v2/plugin.go#L195))
+if the \f[C]args\f[R] value is empty.
+Use e.g.
+\f[C]args=\[dq]-v\[dq]\f[R] as a workaround.
 .PP
-Region to connect to.
+\f[C]config=/host/dir\f[R] sets alternative host location for the config
+directory.
+Plugin will look for \f[C]rclone.conf\f[R] here.
+It\[aq]s not an error if the config file is not present but the
+directory must exist.
+Please note that plugin can periodically rewrite the config file, for
+example when it renews storage access tokens.
+Keep this in mind and try to avoid races between the plugin and other
+instances of rclone on the host that might try to change the config
+simultaneously resulting in corrupted \f[C]rclone.conf\f[R].
+You can also put stuff like private key files for SFTP remotes in this
+directory.
+Just note that it\[aq]s bind-mounted inside the plugin container at the
+predefined path \f[C]/data/config\f[R].
+For example, if your key file is named \f[C]sftp-box1.key\f[R] on the
+host, the corresponding volume config option should read
+\f[C]-o sftp-key-file=/data/config/sftp-box1.key\f[R].
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider: Scaleway
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]nl-ams\[dq]
-.RS 2
-.IP \[bu] 2
-Amsterdam, The Netherlands
-.RE
-.IP \[bu] 2
-\[dq]fr-par\[dq]
-.RS 2
-.IP \[bu] 2
-Paris, France
-.RE
-.IP \[bu] 2
-\[dq]pl-waw\[dq]
-.RS 2
-.IP \[bu] 2
-Warsaw, Poland
-.RE
-.RE
-.SS --s3-region
+\f[C]cache=/host/dir\f[R] sets alternative host location for the
+\f[I]cache\f[R] directory.
+The plugin will keep VFS caches here.
+Also it will create and maintain the \f[C]docker-plugin.state\f[R] file
+in this directory.
+When the plugin is restarted or reinstalled, it will look in this file
+to recreate any volumes that existed previously.
+However, they will not be re-mounted into consuming containers after
+restart.
+Usually this is not a problem as the docker daemon normally will restart
+affected user containers after failures, daemon restarts or host
+reboots.
 .PP
-Region to connect to.
-- the location where your bucket will be created and your data stored.
-Need bo be same with your endpoint.
+\f[C]RCLONE_VERBOSE\f[R] sets plugin verbosity from \f[C]0\f[R] (errors
+only, by default) to \f[C]2\f[R] (debugging).
+Verbosity can be also tweaked via \f[C]args=\[dq]-v [-v] ...\[dq]\f[R].
+Since arguments are more generic, you will rarely need this setting.
+The plugin output by default feeds the docker daemon log on local host.
+Log entries are reflected as \f[I]errors\f[R] in the docker log but
+retain their actual level assigned by rclone in the encapsulated message
+string.
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider: HuaweiOBS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]af-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-AF-Johannesburg
-.RE
-.IP \[bu] 2
-\[dq]ap-southeast-2\[dq]
-.RS 2
-.IP \[bu] 2
-AP-Bangkok
-.RE
-.IP \[bu] 2
-\[dq]ap-southeast-3\[dq]
-.RS 2
-.IP \[bu] 2
-AP-Singapore
-.RE
-.IP \[bu] 2
-\[dq]cn-east-3\[dq]
-.RS 2
-.IP \[bu] 2
-CN East-Shanghai1
-.RE
-.IP \[bu] 2
-\[dq]cn-east-2\[dq]
-.RS 2
-.IP \[bu] 2
-CN East-Shanghai2
-.RE
-.IP \[bu] 2
-\[dq]cn-north-1\[dq]
-.RS 2
-.IP \[bu] 2
-CN North-Beijing1
-.RE
-.IP \[bu] 2
-\[dq]cn-north-4\[dq]
-.RS 2
-.IP \[bu] 2
-CN North-Beijing4
-.RE
-.IP \[bu] 2
-\[dq]cn-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-CN South-Guangzhou
-.RE
-.IP \[bu] 2
-\[dq]ap-southeast-1\[dq]
-.RS 2
-.IP \[bu] 2
-CN-Hong Kong
-.RE
-.IP \[bu] 2
-\[dq]sa-argentina-1\[dq]
-.RS 2
-.IP \[bu] 2
-LA-Buenos Aires1
-.RE
-.IP \[bu] 2
-\[dq]sa-peru-1\[dq]
-.RS 2
-.IP \[bu] 2
-LA-Lima1
-.RE
-.IP \[bu] 2
-\[dq]na-mexico-1\[dq]
-.RS 2
-.IP \[bu] 2
-LA-Mexico City1
-.RE
-.IP \[bu] 2
-\[dq]sa-chile-1\[dq]
-.RS 2
-.IP \[bu] 2
-LA-Santiago2
-.RE
-.IP \[bu] 2
-\[dq]sa-brazil-1\[dq]
-.RS 2
-.IP \[bu] 2
-LA-Sao Paulo1
-.RE
-.IP \[bu] 2
-\[dq]ru-northwest-2\[dq]
-.RS 2
-.IP \[bu] 2
-RU-Moscow2
-.RE
-.RE
-.SS --s3-region
+\f[C]HTTP_PROXY\f[R], \f[C]HTTPS_PROXY\f[R], \f[C]NO_PROXY\f[R]
+customize the plugin proxy settings.
 .PP
-Region to connect to.
+You can set custom plugin options right when you install it, \f[I]in one
+go\f[R]:
+.IP
+.nf
+\f[C]
+docker plugin remove rclone
+docker plugin install rclone/docker-volume-rclone:amd64 \[rs]
+       --alias rclone --grant-all-permissions \[rs]
+       args=\[dq]-v --allow-other\[dq] config=/etc/rclone
+docker plugin inspect rclone
+\f[R]
+.fi
+.SS Healthchecks
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider: Cloudflare
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]auto\[dq]
-.RS 2
-.IP \[bu] 2
-R2 buckets are automatically distributed across Cloudflare\[aq]s data
-centers for low latency.
-.RE
-.RE
-.SS --s3-region
+The docker plugin volume protocol doesn\[aq]t provide a way for plugins
+to inform the docker daemon that a volume is (un-)available.
+As a workaround you can setup a healthcheck to verify that the mount is
+responding, for example:
+.IP
+.nf
+\f[C]
+services:
+  my_service:
+    image: my_image
+    healthcheck:
+      test: ls /path/to/rclone/mount || exit 1
+      interval: 1m
+      timeout: 15s
+      retries: 3
+      start_period: 15s
+\f[R]
+.fi
+.SS Running Plugin under Systemd
 .PP
-Region to connect to.
+In most cases you should prefer managed mode.
+Moreover, MacOS and Windows do not support native Docker plugins.
+Please use managed mode on these systems.
+Proceed further only if you are on Linux.
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider: Qiniu
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]cn-east-1\[dq]
-.RS 2
-.IP \[bu] 2
-The default endpoint - a good choice if you are unsure.
-.IP \[bu] 2
-East China Region 1.
-.IP \[bu] 2
-Needs location constraint cn-east-1.
-.RE
-.IP \[bu] 2
-\[dq]cn-east-2\[dq]
-.RS 2
-.IP \[bu] 2
-East China Region 2.
-.IP \[bu] 2
-Needs location constraint cn-east-2.
-.RE
-.IP \[bu] 2
-\[dq]cn-north-1\[dq]
-.RS 2
-.IP \[bu] 2
-North China Region 1.
-.IP \[bu] 2
-Needs location constraint cn-north-1.
-.RE
-.IP \[bu] 2
-\[dq]cn-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-South China Region 1.
-.IP \[bu] 2
-Needs location constraint cn-south-1.
-.RE
-.IP \[bu] 2
-\[dq]us-north-1\[dq]
-.RS 2
-.IP \[bu] 2
-North America Region.
-.IP \[bu] 2
-Needs location constraint us-north-1.
-.RE
-.IP \[bu] 2
-\[dq]ap-southeast-1\[dq]
-.RS 2
-.IP \[bu] 2
-Southeast Asia Region 1.
-.IP \[bu] 2
-Needs location constraint ap-southeast-1.
-.RE
-.IP \[bu] 2
-\[dq]ap-northeast-1\[dq]
-.RS 2
-.IP \[bu] 2
-Northeast Asia Region 1.
-.IP \[bu] 2
-Needs location constraint ap-northeast-1.
-.RE
-.RE
-.SS --s3-region
+First, install rclone (https://rclone.org/install/).
+You can just run it (type \f[C]rclone serve docker\f[R] and hit enter)
+for the test.
 .PP
-Region where your bucket will be created and your data stored.
+Install \f[I]FUSE\f[R]:
+.IP
+.nf
+\f[C]
+sudo apt-get -y install fuse
+\f[R]
+.fi
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider: IONOS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]de\[dq]
-.RS 2
-.IP \[bu] 2
-Frankfurt, Germany
-.RE
-.IP \[bu] 2
-\[dq]eu-central-2\[dq]
-.RS 2
-.IP \[bu] 2
-Berlin, Germany
-.RE
-.IP \[bu] 2
-\[dq]eu-south-2\[dq]
-.RS 2
-.IP \[bu] 2
-Logrono, Spain
-.RE
-.RE
-.SS --s3-region
+Download two systemd configuration files:
+docker-volume-rclone.service (https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.service)
+and
+docker-volume-rclone.socket (https://raw.githubusercontent.com/rclone/rclone/master/contrib/docker-plugin/systemd/docker-volume-rclone.socket).
 .PP
-Region to connect to.
+Put them to the \f[C]/etc/systemd/system/\f[R] directory:
+.IP
+.nf
+\f[C]
+cp docker-volume-plugin.service /etc/systemd/system/
+cp docker-volume-plugin.socket  /etc/systemd/system/
+\f[R]
+.fi
 .PP
-Leave blank if you are using an S3 clone and you don\[aq]t have a
-region.
+Please note that all commands in this section must be run as
+\f[I]root\f[R] but we omit \f[C]sudo\f[R] prefix for brevity.
+Now create directories required by the service:
+.IP
+.nf
+\f[C]
+mkdir -p /var/lib/docker-volumes/rclone
+mkdir -p /var/lib/docker-plugins/rclone/config
+mkdir -p /var/lib/docker-plugins/rclone/cache
+\f[R]
+.fi
 .PP
-Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_S3_REGION
-.IP \[bu] 2
-Provider:
-!AWS,Alibaba,ChinaMobile,Cloudflare,IONOS,ArvanCloud,Liara,Qiniu,RackCorp,Scaleway,Storj,TencentCOS,HuaweiOBS,IDrive
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Use this if unsure.
-.IP \[bu] 2
-Will use v4 signatures and an empty region.
-.RE
-.IP \[bu] 2
-\[dq]other-v2-signature\[dq]
-.RS 2
-.IP \[bu] 2
-Use this only if v4 signatures don\[aq]t work.
-.IP \[bu] 2
-E.g.
-pre Jewel/v10 CEPH.
-.RE
-.RE
-.SS --s3-endpoint
+Run the docker plugin service in the socket activated mode:
+.IP
+.nf
+\f[C]
+systemctl daemon-reload
+systemctl start docker-volume-rclone.service
+systemctl enable docker-volume-rclone.socket
+systemctl start docker-volume-rclone.socket
+systemctl restart docker
+\f[R]
+.fi
 .PP
-Endpoint for S3 API.
+Or run the service directly: - run \f[C]systemctl daemon-reload\f[R] to
+let systemd pick up new config - run
+\f[C]systemctl enable docker-volume-rclone.service\f[R] to make the new
+service start automatically when you power on your machine.
+- run \f[C]systemctl start docker-volume-rclone.service\f[R] to start
+the service now.
+- run \f[C]systemctl restart docker\f[R] to restart docker daemon and
+let it detect the new plugin socket.
+Note that this step is not needed in managed mode where docker knows
+about plugin state changes.
 .PP
-Leave blank if using AWS to use the default endpoint for the region.
+The two methods are equivalent from the user perspective, but I
+personally prefer socket activation.
+.SS Troubleshooting
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider: AWS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --s3-endpoint
+You can see managed plugin
+settings (https://docs.docker.com/engine/extend/#debugging-plugins) with
+.IP
+.nf
+\f[C]
+docker plugin list
+docker plugin inspect rclone
+\f[R]
+.fi
 .PP
-Endpoint for China Mobile Ecloud Elastic Object Storage (EOS) API.
+Note that docker (including latest 20.10.7) will not show actual values
+of \f[C]args\f[R], just the defaults.
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider: ChinaMobile
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]eos-wuxi-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-The default endpoint - a good choice if you are unsure.
-.IP \[bu] 2
-East China (Suzhou)
-.RE
-.IP \[bu] 2
-\[dq]eos-jinan-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-East China (Jinan)
-.RE
-.IP \[bu] 2
-\[dq]eos-ningbo-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-East China (Hangzhou)
-.RE
-.IP \[bu] 2
-\[dq]eos-shanghai-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-East China (Shanghai-1)
-.RE
-.IP \[bu] 2
-\[dq]eos-zhengzhou-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Central China (Zhengzhou)
-.RE
-.IP \[bu] 2
-\[dq]eos-hunan-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Central China (Changsha-1)
-.RE
-.IP \[bu] 2
-\[dq]eos-zhuzhou-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Central China (Changsha-2)
-.RE
-.IP \[bu] 2
-\[dq]eos-guangzhou-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-South China (Guangzhou-2)
-.RE
-.IP \[bu] 2
-\[dq]eos-dongguan-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-South China (Guangzhou-3)
-.RE
-.IP \[bu] 2
-\[dq]eos-beijing-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-North China (Beijing-1)
-.RE
-.IP \[bu] 2
-\[dq]eos-beijing-2.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-North China (Beijing-2)
-.RE
-.IP \[bu] 2
-\[dq]eos-beijing-4.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-North China (Beijing-3)
-.RE
-.IP \[bu] 2
-\[dq]eos-huhehaote-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-North China (Huhehaote)
-.RE
-.IP \[bu] 2
-\[dq]eos-chengdu-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Southwest China (Chengdu)
-.RE
-.IP \[bu] 2
-\[dq]eos-chongqing-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Southwest China (Chongqing)
-.RE
-.IP \[bu] 2
-\[dq]eos-guiyang-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Southwest China (Guiyang)
-.RE
-.IP \[bu] 2
-\[dq]eos-xian-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Nouthwest China (Xian)
-.RE
-.IP \[bu] 2
-\[dq]eos-yunnan.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Yunnan China (Kunming)
-.RE
-.IP \[bu] 2
-\[dq]eos-yunnan-2.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Yunnan China (Kunming-2)
-.RE
-.IP \[bu] 2
-\[dq]eos-tianjin-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Tianjin China (Tianjin)
-.RE
-.IP \[bu] 2
-\[dq]eos-jilin-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Jilin China (Changchun)
-.RE
-.IP \[bu] 2
-\[dq]eos-hubei-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Hubei China (Xiangyan)
-.RE
-.IP \[bu] 2
-\[dq]eos-jiangxi-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Jiangxi China (Nanchang)
-.RE
-.IP \[bu] 2
-\[dq]eos-gansu-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Gansu China (Lanzhou)
-.RE
-.IP \[bu] 2
-\[dq]eos-shanxi-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Shanxi China (Taiyuan)
-.RE
-.IP \[bu] 2
-\[dq]eos-liaoning-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Liaoning China (Shenyang)
-.RE
-.IP \[bu] 2
-\[dq]eos-hebei-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Hebei China (Shijiazhuang)
-.RE
-.IP \[bu] 2
-\[dq]eos-fujian-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Fujian China (Xiamen)
-.RE
-.IP \[bu] 2
-\[dq]eos-guangxi-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Guangxi China (Nanning)
-.RE
-.IP \[bu] 2
-\[dq]eos-anhui-1.cmecloud.cn\[dq]
-.RS 2
-.IP \[bu] 2
-Anhui China (Huainan)
-.RE
-.RE
-.SS --s3-endpoint
+Use \f[C]journalctl --unit docker\f[R] to see managed plugin output as
+part of the docker daemon log.
+Note that docker reflects plugin lines as \f[I]errors\f[R] but their
+actual level can be seen from encapsulated message string.
+.PP
+You will usually install the latest version of managed plugin for your
+platform.
+Use the following commands to print the actual installed version:
+.IP
+.nf
+\f[C]
+PLUGID=$(docker plugin list --no-trunc | awk \[aq]/rclone/{print$1}\[aq])
+sudo runc --root /run/docker/runtime-runc/plugins.moby exec $PLUGID rclone version
+\f[R]
+.fi
+.PP
+You can even use \f[C]runc\f[R] to run shell inside the plugin
+container:
+.IP
+.nf
+\f[C]
+sudo runc --root /run/docker/runtime-runc/plugins.moby exec --tty $PLUGID bash
+\f[R]
+.fi
+.PP
+Also you can use curl to check the plugin socket connectivity:
+.IP
+.nf
+\f[C]
+docker plugin list --no-trunc
+PLUGID=123abc...
+sudo curl -H Content-Type:application/json -XPOST -d {} --unix-socket /run/docker/plugins/$PLUGID/rclone.sock http://localhost/Plugin.Activate
+\f[R]
+.fi
 .PP
-Endpoint for Arvan Cloud Object Storage (AOS) API.
+though this is rarely needed.
+.SS Caveats
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider: ArvanCloud
-.IP \[bu] 2
-Type: string
+Finally I\[aq]d like to mention a \f[I]caveat with updating volume
+settings\f[R].
+Docker CLI does not have a dedicated command like
+\f[C]docker volume update\f[R].
+It may be tempting to invoke \f[C]docker volume create\f[R] with updated
+options on existing volume, but there is a gotcha.
+The command will do nothing, it won\[aq]t even return an error.
+I hope that docker maintainers will fix this some day.
+In the meantime be aware that you must remove your volume before
+recreating it with new settings:
+.IP
+.nf
+\f[C]
+docker volume remove my_vol
+docker volume create my_vol -d rclone -o opt1=new_val1 ...
+\f[R]
+.fi
+.PP
+and verify that settings did update:
+.IP
+.nf
+\f[C]
+docker volume list
+docker volume inspect my_vol
+\f[R]
+.fi
+.PP
+If docker refuses to remove the volume, you should find containers or
+swarm services that use it and stop them first.
+.SS Getting started
 .IP \[bu] 2
-Required: false
+Install rclone (https://rclone.org/install/) and setup your remotes.
 .IP \[bu] 2
-Examples:
-.RS 2
+Bisync will create its working directory at
+\f[C]\[ti]/.cache/rclone/bisync\f[R] on Linux or
+\f[C]C:\[rs]Users\[rs]MyLogin\[rs]AppData\[rs]Local\[rs]rclone\[rs]bisync\f[R]
+on Windows.
+Make sure that this location is writable.
 .IP \[bu] 2
-\[dq]s3.ir-thr-at1.arvanstorage.com\[dq]
-.RS 2
+Run bisync with the \f[C]--resync\f[R] flag, specifying the paths to the
+local and remote sync directory roots.
 .IP \[bu] 2
-The default endpoint - a good choice if you are unsure.
+For successive sync runs, leave off the \f[C]--resync\f[R] flag.
 .IP \[bu] 2
-Tehran Iran (Asiatech)
-.RE
+Consider using a filters file for excluding unnecessary files and
+directories from the sync.
 .IP \[bu] 2
-\[dq]s3.ir-tbz-sh1.arvanstorage.com\[dq]
-.RS 2
+Consider setting up the --check-access feature for safety.
 .IP \[bu] 2
-Tabriz Iran (Shahriar)
-.RE
-.RE
-.SS --s3-endpoint
+On Linux, consider setting up a crontab entry.
+bisync can safely run in concurrent cron jobs thanks to lock files it
+maintains.
 .PP
-Endpoint for IBM COS S3 API.
+Here is a typical run log (with timestamps removed for clarity):
+.IP
+.nf
+\f[C]
+rclone bisync /testdir/path1/ /testdir/path2/ --verbose
+INFO  : Synching Path1 \[dq]/testdir/path1/\[dq] with Path2 \[dq]/testdir/path2/\[dq]
+INFO  : Path1 checking for diffs
+INFO  : - Path1    File is new                         - file11.txt
+INFO  : - Path1    File is newer                       - file2.txt
+INFO  : - Path1    File is newer                       - file5.txt
+INFO  : - Path1    File is newer                       - file7.txt
+INFO  : - Path1    File was deleted                    - file4.txt
+INFO  : - Path1    File was deleted                    - file6.txt
+INFO  : - Path1    File was deleted                    - file8.txt
+INFO  : Path1:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
+INFO  : Path2 checking for diffs
+INFO  : - Path2    File is new                         - file10.txt
+INFO  : - Path2    File is newer                       - file1.txt
+INFO  : - Path2    File is newer                       - file5.txt
+INFO  : - Path2    File is newer                       - file6.txt
+INFO  : - Path2    File was deleted                    - file3.txt
+INFO  : - Path2    File was deleted                    - file7.txt
+INFO  : - Path2    File was deleted                    - file8.txt
+INFO  : Path2:    7 changes:    1 new,    3 newer,    0 older,    3 deleted
+INFO  : Applying changes
+INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file11.txt
+INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file2.txt
+INFO  : - Path2    Queue delete                        - /testdir/path2/file4.txt
+NOTICE: - WARNING  New or changed in both paths        - file5.txt
+NOTICE: - Path1    Renaming Path1 copy                 - /testdir/path1/file5.txt..path1
+NOTICE: - Path1    Queue copy to Path2                 - /testdir/path2/file5.txt..path1
+NOTICE: - Path2    Renaming Path2 copy                 - /testdir/path2/file5.txt..path2
+NOTICE: - Path2    Queue copy to Path1                 - /testdir/path1/file5.txt..path2
+INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file6.txt
+INFO  : - Path1    Queue copy to Path2                 - /testdir/path2/file7.txt
+INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file1.txt
+INFO  : - Path2    Queue copy to Path1                 - /testdir/path1/file10.txt
+INFO  : - Path1    Queue delete                        - /testdir/path1/file3.txt
+INFO  : - Path2    Do queued copies to                 - Path1
+INFO  : - Path1    Do queued copies to                 - Path2
+INFO  : -          Do queued deletes on                - Path1
+INFO  : -          Do queued deletes on                - Path2
+INFO  : Updating listings
+INFO  : Validating listings for Path1 \[dq]/testdir/path1/\[dq] vs Path2 \[dq]/testdir/path2/\[dq]
+INFO  : Bisync successful
+\f[R]
+.fi
+.SS Command line syntax
+.IP
+.nf
+\f[C]
+$ rclone bisync --help
+Usage:
+  rclone bisync remote1:path1 remote2:path2 [flags]
+
+Positional arguments:
+  Path1, Path2  Local path, or remote storage with \[aq]:\[aq] plus optional path.
+                Type \[aq]rclone listremotes\[aq] for list of configured remotes.
+
+Optional Flags:
+      --check-access            Ensure expected \[ga]RCLONE_TEST\[ga] files are found on
+                                both Path1 and Path2 filesystems, else abort.
+      --check-filename FILENAME Filename for \[ga]--check-access\[ga] (default: \[ga]RCLONE_TEST\[ga])
+      --check-sync CHOICE       Controls comparison of final listings:
+                                \[ga]true | false | only\[ga] (default: true)
+                                If set to \[ga]only\[ga], bisync will only compare listings
+                                from the last run but skip actual sync.
+      --filters-file PATH       Read filtering patterns from a file
+      --max-delete PERCENT      Safety check on maximum percentage of deleted files allowed.
+                                If exceeded, the bisync run will abort. (default: 50%)
+      --force                   Bypass \[ga]--max-delete\[ga] safety check and run the sync.
+                                Consider using with \[ga]--verbose\[ga]
+      --create-empty-src-dirs   Sync creation and deletion of empty directories. 
+                                  (Not compatible with --remove-empty-dirs)
+      --remove-empty-dirs       Remove empty directories at the final cleanup step.
+  -1, --resync                  Performs the resync run.
+                                Warning: Path1 files may overwrite Path2 versions.
+                                Consider using \[ga]--verbose\[ga] or \[ga]--dry-run\[ga] first.
+      --ignore-listing-checksum Do not use checksums for listings 
+                                  (add --ignore-checksum to additionally skip post-copy checksum checks)
+      --resilient               Allow future runs to retry after certain less-serious errors, 
+                                  instead of requiring --resync. Use at your own risk!
+      --localtime               Use local time in listings (default: UTC)
+      --no-cleanup              Retain working files (useful for troubleshooting and testing).
+      --workdir PATH            Use custom working directory (useful for testing).
+                                (default: \[ga]\[ti]/.cache/rclone/bisync\[ga])
+  -n, --dry-run                 Go through the motions - No files are copied/deleted.
+  -v, --verbose                 Increases logging verbosity.
+                                May be specified more than once for more details.
+  -h, --help                    help for bisync
+\f[R]
+.fi
 .PP
-Specify if using an IBM COS On Premise.
+Arbitrary rclone flags may be specified on the bisync command
+line (https://rclone.org/commands/rclone_bisync/), for example
+\f[C]rclone bisync ./testdir/path1/ gdrive:testdir/path2/ --drive-skip-gdocs -v -v --timeout 10s\f[R]
+Note that interactions of various rclone flags with bisync process flow
+has not been fully tested yet.
+.SS Paths
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider: IBMCOS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]s3.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.dal.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region Dallas Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.wdc.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region Washington DC Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.sjc.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region San Jose Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.dal.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region Dallas Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.wdc.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region Washington DC Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.sjc.us.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Cross Region San Jose Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.us-east.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Region East Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.us-east.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Region East Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.us-south.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Region South Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.us-south.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-US Region South Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.fra.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Frankfurt Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.mil.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Milan Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.ams.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Amsterdam Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.fra.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Frankfurt Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.mil.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Milan Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.ams.eu.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Cross Region Amsterdam Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.eu-gb.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Great Britain Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.eu-gb.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Great Britain Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.eu-de.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Region DE Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.eu-de.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-EU Region DE Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.tok.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional Tokyo Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.hkg.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional HongKong Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.seo.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional Seoul Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.tok.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional Tokyo Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.hkg.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional HongKong Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.seo.ap.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Cross Regional Seoul Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.jp-tok.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Region Japan Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.jp-tok.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Region Japan Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.au-syd.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Region Australia Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.au-syd.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-APAC Region Australia Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.ams03.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Amsterdam Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.ams03.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Amsterdam Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.che01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Chennai Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.che01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Chennai Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.mel01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Melbourne Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.mel01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Melbourne Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.osl01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Oslo Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.osl01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Oslo Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.tor01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Toronto Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.tor01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Toronto Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.seo01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Seoul Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.seo01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Seoul Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.mon01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Montreal Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.mon01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Montreal Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.mex01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Mexico Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.mex01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Mexico Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.sjc04.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-San Jose Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.sjc04.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-San Jose Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.mil01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Milan Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.mil01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Milan Single Site Private Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.hkg02.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Hong Kong Single Site Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.private.hkg02.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
-.IP \[bu] 2
-Hong Kong Single Site Private Endpoint
-.RE
+Path1 and Path2 arguments may be references to any mix of local
+directory paths (absolute or relative), UNC paths
+(\f[C]//server/share/path\f[R]), Windows drive paths (with a drive
+letter and \f[C]:\f[R]) or configured
+remotes (https://rclone.org/docs/#syntax-of-remote-paths) with optional
+subdirectory paths.
+Cloud references are distinguished by having a \f[C]:\f[R] in the
+argument (see Windows support below).
+.PP
+Path1 and Path2 are treated equally, in that neither has priority for
+file changes (except during \f[C]--resync\f[R]), and access efficiency
+does not change whether a remote is on Path1 or Path2.
+.PP
+The listings in bisync working directory (default:
+\f[C]\[ti]/.cache/rclone/bisync\f[R]) are named based on the Path1 and
+Path2 arguments so that separate syncs to individual directories within
+the tree may be set up, e.g.:
+\f[C]path_to_local_tree..dropbox_subdir.lst\f[R].
+.PP
+Any empty directories after the sync on both the Path1 and Path2
+filesystems are not deleted by default, unless
+\f[C]--create-empty-src-dirs\f[R] is specified.
+If the \f[C]--remove-empty-dirs\f[R] flag is specified, then both paths
+will have ALL empty directories purged as the last step in the process.
+.SS Command-line flags
+.SS --resync
+.PP
+This will effectively make both Path1 and Path2 filesystems contain a
+matching superset of all files.
+Path2 files that do not exist in Path1 will be copied to Path1, and the
+process will then copy the Path1 tree to Path2.
+.PP
+The \f[C]--resync\f[R] sequence is roughly equivalent to:
+.IP
+.nf
+\f[C]
+rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2
+\f[R]
+.fi
+.PP
+Or, if using \f[C]--create-empty-src-dirs\f[R]:
+.IP
+.nf
+\f[C]
+rclone copy Path2 Path1 --ignore-existing
+rclone copy Path1 Path2 --create-empty-src-dirs
+rclone copy Path2 Path1 --create-empty-src-dirs
+\f[R]
+.fi
+.PP
+The base directories on both Path1 and Path2 filesystems must exist or
+bisync will fail.
+This is required for safety - that bisync can verify that both paths are
+valid.
+.PP
+When using \f[C]--resync\f[R], a newer version of a file on the Path2
+filesystem will be overwritten by the Path1 filesystem version.
+(Note that this is NOT entirely
+symmetrical (https://github.com/rclone/rclone/issues/5681#issuecomment-938761815).)
+Carefully evaluate deltas using
+--dry-run (https://rclone.org/flags/#non-backend-flags).
+.PP
+For a resync run, one of the paths may be empty (no files in the path
+tree).
+The resync run should result in files on both paths, else a normal
+non-resync run will fail.
+.PP
+For a non-resync run, either path being empty (no files in the tree)
+fails with
+\f[C]Empty current PathN listing. Cannot sync to an empty directory: X.pathN.lst\f[R]
+This is a safety check that an unexpected empty path does not result in
+deleting \f[B]everything\f[R] in the other path.
+.SS --check-access
+.PP
+Access check files are an additional safety measure against data loss.
+bisync will ensure it can find matching \f[C]RCLONE_TEST\f[R] files in
+the same places in the Path1 and Path2 filesystems.
+\f[C]RCLONE_TEST\f[R] files are not generated automatically.
+For \f[C]--check-access\f[R] to succeed, you must first either:
+\f[B]A)\f[R] Place one or more \f[C]RCLONE_TEST\f[R] files in both
+systems, or \f[B]B)\f[R] Set \f[C]--check-filename\f[R] to a filename
+already in use in various locations throughout your sync\[aq]d fileset.
+Recommended methods for \f[B]A)\f[R] include: *
+\f[C]rclone touch Path1/RCLONE_TEST\f[R] (create a new file) *
+\f[C]rclone copyto Path1/RCLONE_TEST Path2/RCLONE_TEST\f[R] (copy an
+existing file) *
+\f[C]rclone copy Path1/RCLONE_TEST Path2/RCLONE_TEST  --include \[dq]RCLONE_TEST\[dq]\f[R]
+(copy multiple files at once, recursively) * create the files manually
+(outside of rclone) * run \f[C]bisync\f[R] once \f[I]without\f[R]
+\f[C]--check-access\f[R] to set matching files on both filesystems will
+also work, but is not preferred, due to potential for user error (you
+are temporarily disabling the safety feature).
+.PP
+Note that \f[C]--check-access\f[R] is still enforced on
+\f[C]--resync\f[R], so \f[C]bisync --resync --check-access\f[R] will not
+work as a method of initially setting the files (this is to ensure that
+bisync can\[aq]t inadvertently circumvent its own safety
+switch (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should).)
+.PP
+Time stamps and file contents for \f[C]RCLONE_TEST\f[R] files are not
+important, just the names and locations.
+If you have symbolic links in your sync tree it is recommended to place
+\f[C]RCLONE_TEST\f[R] files in the linked-to directory tree to protect
+against bisync assuming a bunch of deleted files if the linked-to tree
+should not be accessible.
+See also the --check-filename flag.
+.SS --check-filename
+.PP
+Name of the file(s) used in access health validation.
+The default \f[C]--check-filename\f[R] is \f[C]RCLONE_TEST\f[R].
+One or more files having this filename must exist, synchronized between
+your source and destination filesets, in order for
+\f[C]--check-access\f[R] to succeed.
+See --check-access for additional details.
+.SS --max-delete
+.PP
+As a safety check, if greater than the \f[C]--max-delete\f[R] percent of
+files were deleted on either the Path1 or Path2 filesystem, then bisync
+will abort with a warning message, without making any changes.
+The default \f[C]--max-delete\f[R] is \f[C]50%\f[R].
+One way to trigger this limit is to rename a directory that contains
+more than half of your files.
+This will appear to bisync as a bunch of deleted files and a bunch of
+new files.
+This safety check is intended to block bisync from deleting all of the
+files on both filesystems due to a temporary network access issue, or if
+the user had inadvertently deleted the files on one side or the other.
+To force the sync, either set a different delete percentage limit, e.g.
+\f[C]--max-delete 75\f[R] (allows up to 75% deletion), or use
+\f[C]--force\f[R] to bypass the check.
+.PP
+Also see the all files changed check.
+.SS --filters-file
+.PP
+By using rclone filter features you can exclude file types or directory
+sub-trees from the sync.
+See the bisync filters section and generic
+--filter-from (https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
+documentation.
+An example filters file contains filters for non-allowed files for
+synching with Dropbox.
+.PP
+If you make changes to your filters file then bisync requires a run with
+\f[C]--resync\f[R].
+This is a safety feature, which prevents existing files on the Path1
+and/or Path2 side from seeming to disappear from view (since they are
+excluded in the new listings), which would fool bisync into seeing them
+as deleted (as compared to the prior run listings), and then bisync
+would proceed to delete them for real.
+.PP
+To block this from happening, bisync calculates an MD5 hash of the
+filters file and stores the hash in a \f[C].md5\f[R] file in the same
+place as your filters file.
+On the next run with \f[C]--filters-file\f[R] set, bisync re-calculates
+the MD5 hash of the current filters file and compares it to the hash
+stored in the \f[C].md5\f[R] file.
+If they don\[aq]t match, the run aborts with a critical error and thus
+forces you to do a \f[C]--resync\f[R], likely avoiding a disaster.
+.SS --check-sync
+.PP
+Enabled by default, the check-sync function checks that all of the same
+files exist in both the Path1 and Path2 history listings.
+This \f[I]check-sync\f[R] integrity check is performed at the end of the
+sync run by default.
+Any untrapped failing copy/deletes between the two paths might result in
+differences between the two listings and in the untracked file content
+differences between the two paths.
+A resync run would correct the error.
+.PP
+Note that the default-enabled integrity check locally executes a load of
+both the final Path1 and Path2 listings, and thus adds to the run time
+of a sync.
+Using \f[C]--check-sync=false\f[R] will disable it and may significantly
+reduce the sync run times for very large numbers of files.
+.PP
+The check may be run manually with \f[C]--check-sync=only\f[R].
+It runs only the integrity check and terminates without actually
+synching.
+.PP
+See also: Concurrent modifications
+.SS --ignore-listing-checksum
+.PP
+By default, bisync will retrieve (or generate) checksums (for backends
+that support them) when creating the listings for both paths, and store
+the checksums in the listing files.
+\f[C]--ignore-listing-checksum\f[R] will disable this behavior, which
+may speed things up considerably, especially on backends (such as
+local (https://rclone.org/local/)) where hashes must be computed on the
+fly instead of retrieved.
+Please note the following:
+.IP \[bu] 2
+While checksums are (by default) generated and stored in the listing
+files, they are NOT currently used for determining diffs (deltas).
+It is anticipated that full checksum support will be added in a future
+version.
 .IP \[bu] 2
-\[dq]s3.par01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
+\f[C]--ignore-listing-checksum\f[R] is NOT the same as
+\f[C]--ignore-checksum\f[R] (https://rclone.org/docs/#ignore-checksum),
+and you may wish to use one or the other, or both.
+In a nutshell: \f[C]--ignore-listing-checksum\f[R] controls whether
+checksums are considered when scanning for diffs, while
+\f[C]--ignore-checksum\f[R] controls whether checksums are considered
+during the copy/sync operations that follow, if there ARE diffs.
+.IP \[bu] 2
+Unless \f[C]--ignore-listing-checksum\f[R] is passed, bisync currently
+computes hashes for one path \f[I]even when there\[aq]s no common hash
+with the other path\f[R] (for example, a
+crypt (https://rclone.org/crypt/#modification-times-and-hashes) remote.)
+.IP \[bu] 2
+If both paths support checksums and have a common hash, AND
+\f[C]--ignore-listing-checksum\f[R] was not specified when creating the
+listings, \f[C]--check-sync=only\f[R] can be used to compare Path1 vs.
+Path2 checksums (as of the time the previous listings were created.)
+However, \f[C]--check-sync=only\f[R] will NOT include checksums if the
+previous listings were generated on a run using
+\f[C]--ignore-listing-checksum\f[R].
+For a more robust integrity check of the current state, consider using
+\f[C]check\f[R] (or
+\f[C]cryptcheck\f[R] (https://rclone.org/commands/rclone_cryptcheck/),
+if at least one path is a \f[C]crypt\f[R] remote.)
+.SS --resilient
+.PP
+\f[B]\f[BI]Caution: this is an experimental feature. Use at your own
+risk!\f[B]\f[R]
+.PP
+By default, most errors or interruptions will cause bisync to abort and
+require \f[C]--resync\f[R] to recover.
+This is a safety feature, to prevent bisync from running again until a
+user checks things out.
+However, in some cases, bisync can go too far and enforce a lockout when
+one isn\[aq]t actually necessary, like for certain less-serious errors
+that might resolve themselves on the next run.
+When \f[C]--resilient\f[R] is specified, bisync tries its best to
+recover and self-correct, and only requires \f[C]--resync\f[R] as a last
+resort when a human\[aq]s involvement is absolutely necessary.
+The intended use case is for running bisync as a background process
+(such as via scheduled cron).
+.PP
+When using \f[C]--resilient\f[R] mode, bisync will still report the
+error and abort, however it will not lock out future runs -- allowing
+the possibility of retrying at the next normally scheduled time, without
+requiring a \f[C]--resync\f[R] first.
+Examples of such retryable errors include access test failures, missing
+listing files, and filter change detections.
+These safety features will still prevent the \f[I]current\f[R] run from
+proceeding -- the difference is that if conditions have improved by the
+time of the \f[I]next\f[R] run, that next run will be allowed to
+proceed.
+Certain more serious errors will still enforce a \f[C]--resync\f[R]
+lockout, even in \f[C]--resilient\f[R] mode, to prevent data loss.
+.PP
+Behavior of \f[C]--resilient\f[R] may change in a future version.
+.SS Operation
+.SS Runtime flow details
+.PP
+bisync retains the listings of the \f[C]Path1\f[R] and \f[C]Path2\f[R]
+filesystems from the prior run.
+On each successive run it will:
 .IP \[bu] 2
-Paris Single Site Endpoint
-.RE
+list files on \f[C]path1\f[R] and \f[C]path2\f[R], and check for changes
+on each side.
+Changes include \f[C]New\f[R], \f[C]Newer\f[R], \f[C]Older\f[R], and
+\f[C]Deleted\f[R] files.
 .IP \[bu] 2
-\[dq]s3.private.par01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
+Propagate changes on \f[C]path1\f[R] to \f[C]path2\f[R], and vice-versa.
+.SS Safety measures
 .IP \[bu] 2
-Paris Single Site Private Endpoint
-.RE
+Lock file prevents multiple simultaneous runs when taking a while.
+This can be particularly useful if bisync is run by cron scheduler.
 .IP \[bu] 2
-\[dq]s3.sng01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
+Handle change conflicts non-destructively by creating \f[C]..path1\f[R]
+and \f[C]..path2\f[R] file versions.
 .IP \[bu] 2
-Singapore Single Site Endpoint
-.RE
+File system access health check using \f[C]RCLONE_TEST\f[R] files (see
+the \f[C]--check-access\f[R] flag).
 .IP \[bu] 2
-\[dq]s3.private.sng01.cloud-object-storage.appdomain.cloud\[dq]
-.RS 2
+Abort on excessive deletes - protects against a failed listing being
+interpreted as all the files were deleted.
+See the \f[C]--max-delete\f[R] and \f[C]--force\f[R] flags.
 .IP \[bu] 2
-Singapore Single Site Private Endpoint
-.RE
-.RE
-.SS --s3-endpoint
+If something evil happens, bisync goes into a safe state to block damage
+by later runs.
+(See Error Handling)
+.SS Normal sync checks
 .PP
-Endpoint for IONOS S3 Object Storage.
+.TS
+tab(@);
+lw(8.4n) lw(28.4n) lw(15.7n) lw(17.5n).
+T{
+Type
+T}@T{
+Description
+T}@T{
+Result
+T}@T{
+Implementation
+T}
+_
+T{
+Path2 new
+T}@T{
+File is new on Path2, does not exist on Path1
+T}@T{
+Path2 version survives
+T}@T{
+\f[C]rclone copy\f[R] Path2 to Path1
+T}
+T{
+Path2 newer
+T}@T{
+File is newer on Path2, unchanged on Path1
+T}@T{
+Path2 version survives
+T}@T{
+\f[C]rclone copy\f[R] Path2 to Path1
+T}
+T{
+Path2 deleted
+T}@T{
+File is deleted on Path2, unchanged on Path1
+T}@T{
+File is deleted
+T}@T{
+\f[C]rclone delete\f[R] Path1
+T}
+T{
+Path1 new
+T}@T{
+File is new on Path1, does not exist on Path2
+T}@T{
+Path1 version survives
+T}@T{
+\f[C]rclone copy\f[R] Path1 to Path2
+T}
+T{
+Path1 newer
+T}@T{
+File is newer on Path1, unchanged on Path2
+T}@T{
+Path1 version survives
+T}@T{
+\f[C]rclone copy\f[R] Path1 to Path2
+T}
+T{
+Path1 older
+T}@T{
+File is older on Path1, unchanged on Path2
+T}@T{
+\f[I]Path1 version survives\f[R]
+T}@T{
+\f[C]rclone copy\f[R] Path1 to Path2
+T}
+T{
+Path2 older
+T}@T{
+File is older on Path2, unchanged on Path1
+T}@T{
+\f[I]Path2 version survives\f[R]
+T}@T{
+\f[C]rclone copy\f[R] Path2 to Path1
+T}
+T{
+Path1 deleted
+T}@T{
+File no longer exists on Path1
+T}@T{
+File is deleted
+T}@T{
+\f[C]rclone delete\f[R] Path2
+T}
+.TE
+.SS Unusual sync checks
 .PP
-Specify the endpoint from the same region.
+.TS
+tab(@);
+lw(17.2n) lw(21.0n) lw(19.4n) lw(12.4n).
+T{
+Type
+T}@T{
+Description
+T}@T{
+Result
+T}@T{
+Implementation
+T}
+_
+T{
+Path1 new/changed AND Path2 new/changed AND Path1 == Path2
+T}@T{
+File is new/changed on Path1 AND new/changed on Path2 AND Path1 version
+is currently identical to Path2
+T}@T{
+No change
+T}@T{
+None
+T}
+T{
+Path1 new AND Path2 new
+T}@T{
+File is new on Path1 AND new on Path2 (and Path1 version is NOT
+identical to Path2)
+T}@T{
+Files renamed to _Path1 and _Path2
+T}@T{
+\f[C]rclone copy\f[R] _Path2 file to Path1, \f[C]rclone copy\f[R] _Path1
+file to Path2
+T}
+T{
+Path2 newer AND Path1 changed
+T}@T{
+File is newer on Path2 AND also changed (newer/older/size) on Path1 (and
+Path1 version is NOT identical to Path2)
+T}@T{
+Files renamed to _Path1 and _Path2
+T}@T{
+\f[C]rclone copy\f[R] _Path2 file to Path1, \f[C]rclone copy\f[R] _Path1
+file to Path2
+T}
+T{
+Path2 newer AND Path1 deleted
+T}@T{
+File is newer on Path2 AND also deleted on Path1
+T}@T{
+Path2 version survives
+T}@T{
+\f[C]rclone copy\f[R] Path2 to Path1
+T}
+T{
+Path2 deleted AND Path1 changed
+T}@T{
+File is deleted on Path2 AND changed (newer/older/size) on Path1
+T}@T{
+Path1 version survives
+T}@T{
+\f[C]rclone copy\f[R] Path1 to Path2
+T}
+T{
+Path1 deleted AND Path2 changed
+T}@T{
+File is deleted on Path1 AND changed (newer/older/size) on Path2
+T}@T{
+Path2 version survives
+T}@T{
+\f[C]rclone copy\f[R] Path2 to Path1
+T}
+.TE
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider: IONOS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
+As of \f[C]rclone v1.64\f[R], bisync is now better at detecting
+\f[I]false positive\f[R] sync conflicts, which would previously have
+resulted in unnecessary renames and duplicates.
+Now, when bisync comes to a file that it wants to rename (because it is
+new/changed on both sides), it first checks whether the Path1 and Path2
+versions are currently \f[I]identical\f[R] (using the same underlying
+function as \f[C]check\f[R].) If bisync concludes that the files are
+identical, it will skip them and move on.
+Otherwise, it will create renamed \f[C]..Path1\f[R] and
+\f[C]..Path2\f[R] duplicates, as before.
+This behavior also improves the experience of renaming
+directories (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=Renamed%20directories),
+as a \f[C]--resync\f[R] is no longer required, so long as the same
+change has been made on both sides.
+.SS All files changed check
+.PP
+If \f[I]all\f[R] prior existing files on either of the filesystems have
+changed (e.g.
+timestamps have changed due to changing the system\[aq]s timezone) then
+bisync will abort without making any changes.
+Any new files are not considered for this check.
+You could use \f[C]--force\f[R] to force the sync (whichever side has
+the changed timestamp files wins).
+Alternately, a \f[C]--resync\f[R] may be used (Path1 versions will be
+pushed to Path2).
+Consider the situation carefully and perhaps use \f[C]--dry-run\f[R]
+before you commit to the changes.
+.SS Modification times
+.PP
+Bisync relies on file timestamps to identify changed files and will
+\f[I]refuse\f[R] to operate if backend lacks the modification time
+support.
+.PP
+If you or your application should change the content of a file without
+changing the modification time then bisync will \f[I]not\f[R] notice the
+change, and thus will not copy it to the other side.
+.PP
+Note that on some cloud storage systems it is not possible to have file
+timestamps that match \f[I]precisely\f[R] between the local and other
+filesystems.
+.PP
+Bisync\[aq]s approach to this problem is by tracking the changes on each
+side \f[I]separately\f[R] over time with a local database of files in
+that side then applying the resulting changes on the other side.
+.SS Error handling
+.PP
+Certain bisync critical errors, such as file copy/move failing, will
+result in a bisync lockout of following runs.
+The lockout is asserted because the sync status and history of the Path1
+and Path2 filesystems cannot be trusted, so it is safer to block any
+further changes until someone checks things out.
+The recovery is to do a \f[C]--resync\f[R] again.
+.PP
+It is recommended to use \f[C]--resync --dry-run --verbose\f[R]
+initially and \f[I]carefully\f[R] review what changes will be made
+before running the \f[C]--resync\f[R] without \f[C]--dry-run\f[R].
+.PP
+Most of these events come up due to an error status from an internal
+call.
+On such a critical error the \f[C]{...}.path1.lst\f[R] and
+\f[C]{...}.path2.lst\f[R] listing files are renamed to extension
+\f[C].lst-err\f[R], which blocks any future bisync runs (since the
+normal \f[C].lst\f[R] files are not found).
+Bisync keeps them under \f[C]bisync\f[R] subdirectory of the rclone
+cache directory, typically at \f[C]${HOME}/.cache/rclone/bisync/\f[R] on
+Linux.
+.PP
+Some errors are considered temporary and re-running the bisync is not
+blocked.
+The \f[I]critical return\f[R] blocks further bisync runs.
+.PP
+See also: \f[C]--resilient\f[R]
+.SS Lock file
+.PP
+When bisync is running, a lock file is created in the bisync working
+directory, typically at
+\f[C]\[ti]/.cache/rclone/bisync/PATH1..PATH2.lck\f[R] on Linux.
+If bisync should crash or hang, the lock file will remain in place and
+block any further runs of bisync \f[I]for the same paths\f[R].
+Delete the lock file as part of debugging the situation.
+The lock file effectively blocks follow-on (e.g., scheduled by
+\f[I]cron\f[R]) runs when the prior invocation is taking a long time.
+The lock file contains \f[I]PID\f[R] of the blocking process, which may
+help in debug.
+.PP
+\f[B]Note\f[R] that while concurrent bisync runs are allowed, \f[I]be
+very cautious\f[R] that there is no overlap in the trees being synched
+between concurrent runs, lest there be replicated files, deleted files
+and general mayhem.
+.SS Return codes
+.PP
+\f[C]rclone bisync\f[R] returns the following codes to calling program:
+- \f[C]0\f[R] on a successful run, - \f[C]1\f[R] for a non-critical
+failing run (a rerun may be successful), - \f[C]2\f[R] for a critically
+aborted run (requires a \f[C]--resync\f[R] to recover).
+.SS Limitations
+.SS Supported backends
+.PP
+Bisync is considered \f[I]BETA\f[R] and has been tested with the
+following backends: - Local filesystem - Google Drive - Dropbox -
+OneDrive - S3 - SFTP - Yandex Disk
+.PP
+It has not been fully tested with other services yet.
+If it works, or sorta works, please let us know and we\[aq]ll update the
+list.
+Run the test suite to check for proper operation as described below.
+.PP
+First release of \f[C]rclone bisync\f[R] requires that underlying
+backend supports the modification time feature and will refuse to run
+otherwise.
+This limitation will be lifted in a future \f[C]rclone bisync\f[R]
+release.
+.SS Concurrent modifications
+.PP
+When using \f[B]Local, FTP or SFTP\f[R] remotes rclone does not create
+\f[I]temporary\f[R] files at the destination when copying, and thus if
+the connection is lost the created file may be corrupt, which will
+likely propagate back to the original path on the next sync, resulting
+in data loss.
+This will be solved in a future release, there is no workaround at the
+moment.
+.PP
+Files that \f[B]change during\f[R] a bisync run may result in data loss.
+This has been seen in a highly dynamic environment, where the filesystem
+is getting hammered by running processes during the sync.
+The currently recommended solution is to sync at quiet times or filter
+out unnecessary directories and files.
+.PP
+As an alternative
+approach (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=scans%2C%20to%20avoid-,errors%20if%20files%20changed%20during%20sync,-Given%20the%20number),
+consider using \f[C]--check-sync=false\f[R] (and possibly
+\f[C]--resilient\f[R]) to make bisync more forgiving of filesystems that
+change during the sync.
+Be advised that this may cause bisync to miss events that occur during a
+bisync run, so it is a good idea to supplement this with a periodic
+independent integrity check, and corrective sync if diffs are found.
+For example, a possible sequence could look like this:
+.IP "1." 3
+Normally scheduled bisync run:
+.IP
+.nf
+\f[C]
+rclone bisync Path1 Path2 -MPc --check-access --max-delete 10 --filters-file /path/to/filters.txt -v --check-sync=false --no-cleanup --ignore-listing-checksum --disable ListR --checkers=16 --drive-pacer-min-sleep=10ms --create-empty-src-dirs --resilient
+\f[R]
+.fi
+.IP "2." 3
+Periodic independent integrity check (perhaps scheduled nightly or
+weekly):
+.IP
+.nf
+\f[C]
+rclone check -MvPc Path1 Path2 --filter-from /path/to/filters.txt
+\f[R]
+.fi
+.IP "3." 3
+If diffs are found, you have some choices to correct them.
+If one side is more up-to-date and you want to make the other side match
+it, you could run:
+.IP
+.nf
+\f[C]
+rclone sync Path1 Path2 --filter-from /path/to/filters.txt --create-empty-src-dirs -MPc -v  
+\f[R]
+.fi
+.PP
+(or switch Path1 and Path2 to make Path2 the source-of-truth)
+.PP
+Or, if neither side is totally up-to-date, you could run a
+\f[C]--resync\f[R] to bring them back into agreement (but remember that
+this could cause deleted files to re-appear.)
+.PP
+*Note also that \f[C]rclone check\f[R] does not currently include empty
+directories, so if you want to know if any empty directories are out of
+sync, consider alternatively running the above \f[C]rclone sync\f[R]
+command with \f[C]--dry-run\f[R] added.
+.SS Empty directories
+.PP
+By default, new/deleted empty directories on one path are \f[I]not\f[R]
+propagated to the other side.
+This is because bisync (and rclone) natively works on files, not
+directories.
+However, this can be changed with the \f[C]--create-empty-src-dirs\f[R]
+flag, which works in much the same way as in
+\f[C]sync\f[R] (https://rclone.org/commands/rclone_sync/) and
+\f[C]copy\f[R] (https://rclone.org/commands/rclone_copy/).
+When used, empty directories created or deleted on one side will also be
+created or deleted on the other side.
+The following should be noted: * \f[C]--create-empty-src-dirs\f[R] is
+not compatible with \f[C]--remove-empty-dirs\f[R].
+Use only one or the other (or neither).
+* It is not recommended to switch back and forth between
+\f[C]--create-empty-src-dirs\f[R] and the default (no
+\f[C]--create-empty-src-dirs\f[R]) without running \f[C]--resync\f[R].
+This is because it may appear as though all directories (not just the
+empty ones) were created/deleted, when actually you\[aq]ve just toggled
+between making them visible/invisible to bisync.
+It looks scarier than it is, but it\[aq]s still probably best to stick
+to one or the other, and use \f[C]--resync\f[R] when you need to switch.
+.SS Renamed directories
+.PP
+Renaming a folder on the Path1 side results in deleting all files on the
+Path2 side and then copying all files again from Path1 to Path2.
+Bisync sees this as all files in the old directory name as deleted and
+all files in the new directory name as new.
+Currently, the most effective and efficient method of renaming a
+directory is to rename it to the same name on both sides.
+(As of \f[C]rclone v1.64\f[R], a \f[C]--resync\f[R] is no longer
+required after doing so, as bisync will automatically detect that Path1
+and Path2 are in agreement.)
+.SS \f[C]--fast-list\f[R] used by default
+.PP
+Unlike most other rclone commands, bisync uses
+\f[C]--fast-list\f[R] (https://rclone.org/docs/#fast-list) by default,
+for backends that support it.
+In many cases this is desirable, however, there are some scenarios in
+which bisync could be faster \f[I]without\f[R] \f[C]--fast-list\f[R],
+and there is also a known issue concerning Google Drive users with many
+empty
+directories (https://github.com/rclone/rclone/commit/cbf3d4356135814921382dd3285d859d15d0aa77).
+For now, the recommended way to avoid using \f[C]--fast-list\f[R] is to
+add \f[C]--disable ListR\f[R] to all bisync commands.
+The default behavior may change in a future version.
+.SS Overridden Configs
+.PP
+When rclone detects an overridden config, it adds a suffix like
+\f[C]{ABCDE}\f[R] on the fly to the internal name of the remote.
+Bisync follows suit by including this suffix in its listing filenames.
+However, this suffix does not necessarily persist from run to run,
+especially if different flags are provided.
+So if next time the suffix assigned is \f[C]{FGHIJ}\f[R], bisync will
+get confused, because it\[aq]s looking for a listing file with
+\f[C]{FGHIJ}\f[R], when the file it wants has \f[C]{ABCDE}\f[R].
+As a result, it throws
+\f[C]Bisync critical error: cannot find prior Path1 or Path2 listings, likely due to critical error on prior run\f[R]
+and refuses to run again until the user runs a \f[C]--resync\f[R]
+(unless using \f[C]--resilient\f[R]).
+The best workaround at the moment is to set any backend-specific flags
+in the config file (https://rclone.org/commands/rclone_config/) instead
+of specifying them with command flags.
+(You can still override them as needed for other rclone commands.)
+.SS Case sensitivity
+.PP
+Synching with \f[B]case-insensitive\f[R] filesystems, such as Windows or
+\f[C]Box\f[R], can result in file name conflicts.
+This will be fixed in a future release.
+The near-term workaround is to make sure that files on both sides
+don\[aq]t have spelling case differences (\f[C]Smile.jpg\f[R] vs.
+\f[C]smile.jpg\f[R]).
+.SS Windows support
+.PP
+Bisync has been tested on Windows 8.1, Windows 10 Pro 64-bit and on
+Windows GitHub runners.
+.PP
+Drive letters are allowed, including drive letters mapped to network
+drives (\f[C]rclone bisync J:\[rs]localsync GDrive:\f[R]).
+If a drive letter is omitted, the shell current drive is the default.
+Drive letters are a single character follows by \f[C]:\f[R], so cloud
+names must be more than one character long.
+.PP
+Absolute paths (with or without a drive letter), and relative paths
+(with or without a drive letter) are supported.
+.PP
+Working directory is created at
+\f[C]C:\[rs]Users\[rs]MyLogin\[rs]AppData\[rs]Local\[rs]rclone\[rs]bisync\f[R].
+.PP
+Note that bisync output may show a mix of forward \f[C]/\f[R] and back
+\f[C]\[rs]\f[R] slashes.
+.PP
+Be careful of case independent directory and file naming on Windows vs.
+case dependent Linux
+.SS Filtering
+.PP
+See filtering documentation (https://rclone.org/filtering/) for how
+filter rules are written and interpreted.
+.PP
+Bisync\[aq]s \f[C]--filters-file\f[R] flag slightly extends the
+rclone\[aq]s
+--filter-from (https://rclone.org/filtering/#filter-from-read-filtering-patterns-from-a-file)
+filtering mechanism.
+For a given bisync run you may provide \f[I]only one\f[R]
+\f[C]--filters-file\f[R].
+The \f[C]--include*\f[R], \f[C]--exclude*\f[R], and \f[C]--filter\f[R]
+flags are also supported.
+.SS How to filter directories
+.PP
+Filtering portions of the directory tree is a critical feature for
+synching.
+.PP
+Examples of directory trees (always beneath the Path1/Path2 root level)
+you may want to exclude from your sync: - Directory trees containing
+only software build intermediate files.
+- Directory trees containing application temporary files and data such
+as the Windows \f[C]C:\[rs]Users\[rs]MyLogin\[rs]AppData\[rs]\f[R] tree.
+- Directory trees containing files that are large, less important, or
+are getting thrashed continuously by ongoing processes.
+.PP
+On the other hand, there may be only select directories that you
+actually want to sync, and exclude all others.
+See the Example include-style filters for Windows user directories
+below.
+.SS Filters file writing guidelines
+.IP "1." 3
+Begin with excluding directory trees:
+.RS 4
 .IP \[bu] 2
-Examples:
-.RS 2
+e.g.
+\[ga]- /AppData/\[ga]
 .IP \[bu] 2
-\[dq]s3-eu-central-1.ionoscloud.com\[dq]
-.RS 2
+\f[C]**\f[R] on the end is not necessary.
+Once a given directory level is excluded then everything beneath it
+won\[aq]t be looked at by rclone.
 .IP \[bu] 2
-Frankfurt, Germany
-.RE
+Exclude such directories that are unneeded, are big, dynamically
+thrashed, or where there may be access permission issues.
 .IP \[bu] 2
-\[dq]s3-eu-central-2.ionoscloud.com\[dq]
-.RS 2
+Excluding such dirs first will make rclone operations (much) faster.
 .IP \[bu] 2
-Berlin, Germany
+Specific files may also be excluded, as with the Dropbox exclusions
+example below.
 .RE
+.IP "2." 3
+Decide if it\[aq]s easier (or cleaner) to:
+.RS 4
 .IP \[bu] 2
-\[dq]s3-eu-south-2.ionoscloud.com\[dq]
-.RS 2
+Include select directories and therefore \f[I]exclude everything
+else\f[R] -- or --
 .IP \[bu] 2
-Logrono, Spain
-.RE
+Exclude select directories and therefore \f[I]include everything
+else\f[R]
 .RE
-.SS --s3-endpoint
-.PP
-Endpoint for Liara Object Storage API.
-.PP
-Properties:
+.IP "3." 3
+Include select directories:
+.RS 4
 .IP \[bu] 2
-Config: endpoint
+Add lines like: \[ga]+ /Documents/PersonalFiles/**\[ga] to select which
+directories to include in the sync.
 .IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
+\f[C]**\f[R] on the end specifies to include the full depth of the
+specified tree.
 .IP \[bu] 2
-Provider: Liara
+With Include-style filters, files at the Path1/Path2 root are not
+included.
+They may be included with \[ga]+ /*\[ga].
 .IP \[bu] 2
-Type: string
+Place RCLONE_TEST files within these included directory trees.
+They will only be looked for in these directory trees.
 .IP \[bu] 2
-Required: false
+Finish by excluding everything else by adding \[ga]- **\[ga] at the end
+of the filters file.
 .IP \[bu] 2
-Examples:
-.RS 2
+Disregard step 4.
+.RE
+.IP "4." 3
+Exclude select directories:
+.RS 4
 .IP \[bu] 2
-\[dq]storage.iran.liara.space\[dq]
-.RS 2
+Add more lines like in step 1.
+For example: \f[C]-/Desktop/tempfiles/\f[R], or \[ga]-
+/testdir/\f[C].    Again, a\f[R]**\[ga] on the end is not necessary.
 .IP \[bu] 2
-The default endpoint
+Do \f[I]not\f[R] add a \[ga]- **\[ga] in the file.
+Without this line, everything will be included that has not been
+explicitly excluded.
 .IP \[bu] 2
-Iran
-.RE
+Disregard step 3.
 .RE
-.SS --s3-endpoint
-.PP
-Endpoint for OSS API.
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider: Alibaba
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
+A few rules for the syntax of a filter file expanding on filtering
+documentation (https://rclone.org/filtering/):
 .IP \[bu] 2
-Examples:
-.RS 2
+Lines may start with spaces and tabs - rclone strips leading whitespace.
 .IP \[bu] 2
-\[dq]oss-accelerate.aliyuncs.com\[dq]
-.RS 2
+If the first non-whitespace character is a \f[C]#\f[R] then the line is
+a comment and will be ignored.
 .IP \[bu] 2
-Global Accelerate
-.RE
+Blank lines are ignored.
 .IP \[bu] 2
-\[dq]oss-accelerate-overseas.aliyuncs.com\[dq]
-.RS 2
+The first non-whitespace character on a filter line must be a
+\f[C]+\f[R] or \f[C]-\f[R].
 .IP \[bu] 2
-Global Accelerate (outside mainland China)
-.RE
+Exactly 1 space is allowed between the \f[C]+/-\f[R] and the path term.
 .IP \[bu] 2
-\[dq]oss-cn-hangzhou.aliyuncs.com\[dq]
-.RS 2
+Only forward slashes (\f[C]/\f[R]) are used in path terms, even on
+Windows.
 .IP \[bu] 2
-East China 1 (Hangzhou)
-.RE
+The rest of the line is taken as the path term.
+Trailing whitespace is taken literally, and probably is an error.
+.SS Example include-style filters for Windows user directories
+.PP
+This Windows \f[I]include-style\f[R] example is based on the sync root
+(Path1) set to \f[C]C:\[rs]Users\[rs]MyLogin\f[R].
+The strategy is to select specific directories to be synched with a
+network drive (Path2).
 .IP \[bu] 2
-\[dq]oss-cn-shanghai.aliyuncs.com\[dq]
-.RS 2
+\[ga]- /AppData/\[ga] excludes an entire tree of Windows stored stuff
+that need not be synched.
+In my case, AppData has >11 GB of stuff I don\[aq]t care about, and
+there are some subdirectories beneath AppData that are not accessible to
+my user login, resulting in bisync critical aborts.
 .IP \[bu] 2
-East China 2 (Shanghai)
-.RE
+Windows creates cache files starting with both upper and lowercase
+\f[C]NTUSER\f[R] at \f[C]C:\[rs]Users\[rs]MyLogin\f[R].
+These files may be dynamic, locked, and are generally \f[I]don\[aq]t
+care\f[R].
 .IP \[bu] 2
-\[dq]oss-cn-qingdao.aliyuncs.com\[dq]
-.RS 2
+There are just a few directories with \f[I]my\f[R] data that I do want
+synched, in the form of \[ga]+
+/\f[C]. By selecting only the directory trees I   want to avoid the dozen plus directories that various apps make   at\f[R]C:\[ga].
 .IP \[bu] 2
-North China 1 (Qingdao)
-.RE
+Include files in the root of the sync point,
+\f[C]C:\[rs]Users\[rs]MyLogin\f[R], by adding the \[ga]+ /*\[ga] line.
 .IP \[bu] 2
-\[dq]oss-cn-beijing.aliyuncs.com\[dq]
-.RS 2
+This is an Include-style filters file, therefore it ends with \[ga]-
+**\[ga] which excludes everything not explicitly included.
+.IP
+.nf
+\f[C]
+- /AppData/
+- NTUSER*
+- ntuser*
++ /Documents/Family/**
++ /Documents/Sketchup/**
++ /Documents/Microcapture_Photo/**
++ /Documents/Microcapture_Video/**
++ /Desktop/**
++ /Pictures/**
++ /*
+- **
+\f[R]
+.fi
+.PP
+Note also that Windows implements several \[dq]library\[dq] links such
+as \f[C]C:\[rs]Users\[rs]MyLogin\[rs]My Documents\[rs]My Music\f[R]
+pointing to \f[C]C:\[rs]Users\[rs]MyLogin\[rs]Music\f[R].
+rclone sees these as links, so you must add \f[C]--links\f[R] to the
+bisync command line if you which to follow these links.
+I find that I get permission errors in trying to follow the links, so I
+don\[aq]t include the rclone \f[C]--links\f[R] flag, but then you get
+lots of \f[C]Can\[aq]t follow symlink\&...\f[R] noise from rclone about
+not following the links.
+This noise can be quashed by adding \f[C]--quiet\f[R] to the bisync
+command line.
+.SS Example exclude-style filters files for use with Dropbox
 .IP \[bu] 2
-North China 2 (Beijing)
-.RE
+Dropbox disallows synching the listed temporary and configuration/data
+files.
+The \[ga]- \[ga] filters exclude these files where ever they may occur
+in the sync tree.
+Consider adding similar exclusions for file types you don\[aq]t need to
+sync, such as core dump and software build files.
 .IP \[bu] 2
-\[dq]oss-cn-zhangjiakou.aliyuncs.com\[dq]
-.RS 2
+bisync testing creates \f[C]/testdir/\f[R] at the top level of the sync
+tree, and usually deletes the tree after the test.
+If a normal sync should run while the \f[C]/testdir/\f[R] tree exists
+the \f[C]--check-access\f[R] phase may fail due to unbalanced
+RCLONE_TEST files.
+The \[ga]- /testdir/\[ga] filter blocks this tree from being synched.
+You don\[aq]t need this exclusion if you are not doing bisync
+development testing.
 .IP \[bu] 2
-North China 3 (Zhangjiakou)
-.RE
+Everything else beneath the Path1/Path2 root will be synched.
 .IP \[bu] 2
-\[dq]oss-cn-huhehaote.aliyuncs.com\[dq]
-.RS 2
+RCLONE_TEST files may be placed anywhere within the tree, including the
+root.
+.SS Example filters file for Dropbox
+.IP
+.nf
+\f[C]
+# Filter file for use with bisync
+# See https://rclone.org/filtering/ for filtering rules
+# NOTICE: If you make changes to this file you MUST do a --resync run.
+#         Run with --dry-run to see what changes will be made.
+
+# Dropbox won\[aq]t sync some files so filter them away here.
+# See https://help.dropbox.com/installs-integrations/sync-uploads/files-not-syncing
+- .dropbox.attr
+- \[ti]*.tmp
+- \[ti]$*
+- .\[ti]*
+- desktop.ini
+- .dropbox
+
+# Used for bisync testing, so excluded from normal runs
+- /testdir/
+
+# Other example filters
+#- /TiBU/
+#- /Photos/
+\f[R]
+.fi
+.SS How --check-access handles filters
+.PP
+At the start of a bisync run, listings are gathered for Path1 and Path2
+while using the user\[aq]s \f[C]--filters-file\f[R].
+During the check access phase, bisync scans these listings for
+\f[C]RCLONE_TEST\f[R] files.
+Any \f[C]RCLONE_TEST\f[R] files hidden by the \f[C]--filters-file\f[R]
+are \f[I]not\f[R] in the listings and thus not checked during the check
+access phase.
+.SS Troubleshooting
+.SS Reading bisync logs
+.PP
+Here are two normal runs.
+The first one has a newer file on the remote.
+The second has no deltas between local and remote.
+.IP
+.nf
+\f[C]
+2021/05/16 00:24:38 INFO  : Synching Path1 \[dq]/path/to/local/tree/\[dq] with Path2 \[dq]dropbox:/\[dq]
+2021/05/16 00:24:38 INFO  : Path1 checking for diffs
+2021/05/16 00:24:38 INFO  : - Path1    File is new                         - file.txt
+2021/05/16 00:24:38 INFO  : Path1:    1 changes:    1 new,    0 newer,    0 older,    0 deleted
+2021/05/16 00:24:38 INFO  : Path2 checking for diffs
+2021/05/16 00:24:38 INFO  : Applying changes
+2021/05/16 00:24:38 INFO  : - Path1    Queue copy to Path2                 - dropbox:/file.txt
+2021/05/16 00:24:38 INFO  : - Path1    Do queued copies to                 - Path2
+2021/05/16 00:24:38 INFO  : Updating listings
+2021/05/16 00:24:38 INFO  : Validating listings for Path1 \[dq]/path/to/local/tree/\[dq] vs Path2 \[dq]dropbox:/\[dq]
+2021/05/16 00:24:38 INFO  : Bisync successful
+
+2021/05/16 00:36:52 INFO  : Synching Path1 \[dq]/path/to/local/tree/\[dq] with Path2 \[dq]dropbox:/\[dq]
+2021/05/16 00:36:52 INFO  : Path1 checking for diffs
+2021/05/16 00:36:52 INFO  : Path2 checking for diffs
+2021/05/16 00:36:52 INFO  : No changes found
+2021/05/16 00:36:52 INFO  : Updating listings
+2021/05/16 00:36:52 INFO  : Validating listings for Path1 \[dq]/path/to/local/tree/\[dq] vs Path2 \[dq]dropbox:/\[dq]
+2021/05/16 00:36:52 INFO  : Bisync successful
+\f[R]
+.fi
+.SS Dry run oddity
+.PP
+The \f[C]--dry-run\f[R] messages may indicate that it would try to
+delete some files.
+For example, if a file is new on Path2 and does not exist on Path1 then
+it would normally be copied to Path1, but with \f[C]--dry-run\f[R]
+enabled those copies don\[aq]t happen, which leads to the attempted
+delete on Path2, blocked again by --dry-run:
+\f[C]... Not deleting as --dry-run\f[R].
+.PP
+This whole confusing situation is an artifact of the \f[C]--dry-run\f[R]
+flag.
+Scrutinize the proposed deletes carefully, and if the files would have
+been copied to Path1 then the threatened deletes on Path2 may be
+disregarded.
+.SS Retries
+.PP
+Rclone has built-in retries.
+If you run with \f[C]--verbose\f[R] you\[aq]ll see error and retry
+messages such as shown below.
+This is usually not a bug.
+If at the end of the run, you see \f[C]Bisync successful\f[R] and not
+\f[C]Bisync critical error\f[R] or \f[C]Bisync aborted\f[R] then the run
+was successful, and you can ignore the error messages.
+.PP
+The following run shows an intermittent fail.
+Lines \f[I]5\f[R] and _6- are low-level messages.
+Line \f[I]6\f[R] is a bubbled-up \f[I]warning\f[R] message, conveying
+the error.
+Rclone normally retries failing commands, so there may be numerous such
+messages in the log.
+.PP
+Since there are no final error/warning messages on line \f[I]7\f[R],
+rclone has recovered from failure after a retry, and the overall sync
+was successful.
+.IP
+.nf
+\f[C]
+1: 2021/05/14 00:44:12 INFO  : Synching Path1 \[dq]/path/to/local/tree\[dq] with Path2 \[dq]dropbox:\[dq]
+2: 2021/05/14 00:44:12 INFO  : Path1 checking for diffs
+3: 2021/05/14 00:44:12 INFO  : Path2 checking for diffs
+4: 2021/05/14 00:44:12 INFO  : Path2:  113 changes:   22 new,    0 newer,    0 older,   91 deleted
+5: 2021/05/14 00:44:12 ERROR : /path/to/local/tree/objects/af: error listing: unexpected end of JSON input
+6: 2021/05/14 00:44:12 NOTICE: WARNING  listing try 1 failed.                 - dropbox:
+7: 2021/05/14 00:44:12 INFO  : Bisync successful
+\f[R]
+.fi
+.PP
+This log shows a \f[I]Critical failure\f[R] which requires a
+\f[C]--resync\f[R] to recover from.
+See the Runtime Error Handling section.
+.IP
+.nf
+\f[C]
+2021/05/12 00:49:40 INFO  : Google drive root \[aq]\[aq]: Waiting for checks to finish
+2021/05/12 00:49:40 INFO  : Google drive root \[aq]\[aq]: Waiting for transfers to finish
+2021/05/12 00:49:40 INFO  : Google drive root \[aq]\[aq]: not deleting files as there were IO errors
+2021/05/12 00:49:40 ERROR : Attempt 3/3 failed with 3 errors and: not deleting files as there were IO errors
+2021/05/12 00:49:40 ERROR : Failed to sync: not deleting files as there were IO errors
+2021/05/12 00:49:40 NOTICE: WARNING  rclone sync try 3 failed.           - /path/to/local/tree/
+2021/05/12 00:49:40 ERROR : Bisync aborted. Must run --resync to recover.
+\f[R]
+.fi
+.SS Denied downloads of \[dq]infected\[dq] or \[dq]abusive\[dq] files
+.PP
+Google Drive has a filter for certain file types (\f[C].exe\f[R],
+\f[C].apk\f[R], et cetera) that by default cannot be copied from Google
+Drive to the local filesystem.
+If you are having problems, run with \f[C]--verbose\f[R] to see
+specifically which files are generating complaints.
+If the error is
+\f[C]This file has been identified as malware or spam and cannot be downloaded\f[R],
+consider using the flag
+--drive-acknowledge-abuse (https://rclone.org/drive/#drive-acknowledge-abuse).
+.SS Google Doc files
+.PP
+Google docs exist as virtual files on Google Drive and cannot be
+transferred to other filesystems natively.
+While it is possible to export a Google doc to a normal file (with
+\f[C].xlsx\f[R] extension, for example), it is not possible to import a
+normal file back into a Google document.
+.PP
+Bisync\[aq]s handling of Google Doc files is to flag them in the run log
+output for user\[aq]s attention and ignore them for any file transfers,
+deletes, or syncs.
+They will show up with a length of \f[C]-1\f[R] in the listings.
+This bisync run is otherwise successful:
+.IP
+.nf
+\f[C]
+2021/05/11 08:23:15 INFO  : Synching Path1 \[dq]/path/to/local/tree/base/\[dq] with Path2 \[dq]GDrive:\[dq]
+2021/05/11 08:23:15 INFO  : ...path2.lst-new: Ignoring incorrect line: \[dq]- -1 - - 2018-07-29T08:49:30.136000000+0000 GoogleDoc.docx\[dq]
+2021/05/11 08:23:15 INFO  : Bisync successful
+\f[R]
+.fi
+.SS Usage examples
+.SS Cron
+.PP
+Rclone does not yet have a built-in capability to monitor the local file
+system for changes and must be blindly run periodically.
+On Windows this can be done using a \f[I]Task Scheduler\f[R], on Linux
+you can use \f[I]Cron\f[R] which is described below.
+.PP
+The 1st example runs a sync every 5 minutes between a local directory
+and an OwnCloud server, with output logged to a runlog file:
+.IP
+.nf
+\f[C]
+# Minute (0-59)
+#      Hour (0-23)
+#           Day of Month (1-31)
+#                Month (1-12 or Jan-Dec)
+#                     Day of Week (0-6 or Sun-Sat)
+#                         Command
+  */5  *    *    *    *   /path/to/rclone bisync /local/files MyCloud: --check-access --filters-file /path/to/bysync-filters.txt --log-file /path/to//bisync.log
+\f[R]
+.fi
+.PP
+See crontab
+syntax (https://www.man7.org/linux/man-pages/man1/crontab.1p.html#INPUT_FILES)
+for the details of crontab time interval expressions.
+.PP
+If you run \f[C]rclone bisync\f[R] as a cron job, redirect stdout/stderr
+to a file.
+The 2nd example runs a sync to Dropbox every hour and logs all stdout
+(via the \f[C]>>\f[R]) and stderr (via \f[C]2>&1\f[R]) to a log file.
+.IP
+.nf
+\f[C]
+0 * * * * /path/to/rclone bisync /path/to/local/dropbox Dropbox: --check-access --filters-file /home/user/filters.txt >> /path/to/logs/dropbox-run.log 2>&1
+\f[R]
+.fi
+.SS Sharing an encrypted folder tree between hosts
+.PP
+bisync can keep a local folder in sync with a cloud service, but what if
+you have some highly sensitive files to be synched?
+.PP
+Usage of a cloud service is for exchanging both routine and sensitive
+personal files between one\[aq]s home network, one\[aq]s personal
+notebook when on the road, and with one\[aq]s work computer.
+The routine data is not sensitive.
+For the sensitive data, configure an rclone crypt
+remote (https://rclone.org/crypt/) to point to a subdirectory within the
+local disk tree that is bisync\[aq]d to Dropbox, and then set up an
+bisync for this local crypt directory to a directory outside of the main
+sync tree.
+.SS Linux server setup
 .IP \[bu] 2
-North China 5 (Hohhot)
-.RE
+\f[C]/path/to/DBoxroot\f[R] is the root of my local sync tree.
+There are numerous subdirectories.
 .IP \[bu] 2
-\[dq]oss-cn-wulanchabu.aliyuncs.com\[dq]
-.RS 2
+\f[C]/path/to/DBoxroot/crypt\f[R] is the root subdirectory for files
+that are encrypted.
+This local directory target is setup as an rclone crypt remote named
+\f[C]Dropcrypt:\f[R].
+See rclone.conf snippet below.
 .IP \[bu] 2
-North China 6 (Ulanqab)
-.RE
+\f[C]/path/to/my/unencrypted/files\f[R] is the root of my sensitive
+files - not encrypted, not within the tree synched to Dropbox.
 .IP \[bu] 2
-\[dq]oss-cn-shenzhen.aliyuncs.com\[dq]
-.RS 2
+To sync my local unencrypted files with the encrypted Dropbox versions I
+manually run \f[C]bisync /path/to/my/unencrypted/files DropCrypt:\f[R].
+This step could be bundled into a script to run before and after the
+full Dropbox tree sync in the last step, thus actively keeping the
+sensitive files in sync.
 .IP \[bu] 2
-South China 1 (Shenzhen)
-.RE
+\f[C]bisync /path/to/DBoxroot Dropbox:\f[R] runs periodically via cron,
+keeping my full local sync tree in sync with Dropbox.
+.SS Windows notebook setup
 .IP \[bu] 2
-\[dq]oss-cn-heyuan.aliyuncs.com\[dq]
-.RS 2
+The Dropbox client runs keeping the local tree
+\f[C]C:\[rs]Users\[rs]MyLogin\[rs]Dropbox\f[R] always in sync with
+Dropbox.
+I could have used \f[C]rclone bisync\f[R] instead.
 .IP \[bu] 2
-South China 2 (Heyuan)
-.RE
+A separate directory tree at
+\f[C]C:\[rs]Users\[rs]MyLogin\[rs]Documents\[rs]DropLocal\f[R] hosts the
+tree of unencrypted files/folders.
 .IP \[bu] 2
-\[dq]oss-cn-guangzhou.aliyuncs.com\[dq]
-.RS 2
+To sync my local unencrypted files with the encrypted Dropbox versions I
+manually run the following command:
+\f[C]rclone bisync C:\[rs]Users\[rs]MyLogin\[rs]Documents\[rs]DropLocal Dropcrypt:\f[R].
 .IP \[bu] 2
-South China 3 (Guangzhou)
-.RE
+The Dropbox client then syncs the changes with Dropbox.
+.SS rclone.conf snippet
+.IP
+.nf
+\f[C]
+[Dropbox]
+type = dropbox
+\&...
+
+[Dropcrypt]
+type = crypt
+remote = /path/to/DBoxroot/crypt          # on the Linux server
+remote = C:\[rs]Users\[rs]MyLogin\[rs]Dropbox\[rs]crypt   # on the Windows notebook
+filename_encryption = standard
+directory_name_encryption = true
+password = ...
+\&...
+\f[R]
+.fi
+.SS Testing
+.PP
+You should read this section only if you are developing for rclone.
+You need to have rclone source code locally to work with bisync tests.
+.PP
+Bisync has a dedicated test framework implemented in the
+\f[C]bisync_test.go\f[R] file located in the rclone source tree.
+The test suite is based on the \f[C]go test\f[R] command.
+Series of tests are stored in subdirectories below the
+\f[C]cmd/bisync/testdata\f[R] directory.
+Individual tests can be invoked by their directory name, e.g.
+\f[C]go test . -case basic -remote local -remote2 gdrive: -v\f[R]
+.PP
+Tests will make a temporary folder on remote and purge it afterwards.
+If during test run there are intermittent errors and rclone retries,
+these errors will be captured and flagged as invalid MISCOMPAREs.
+Rerunning the test will let it pass.
+Consider such failures as noise.
+.SS Test command syntax
+.IP
+.nf
+\f[C]
+usage: go test ./cmd/bisync [options...]
+
+Options:
+  -case NAME        Name(s) of the test case(s) to run. Multiple names should
+                    be separated by commas. You can remove the \[ga]test_\[ga] prefix
+                    and replace \[ga]_\[ga] by \[ga]-\[ga] in test name for convenience.
+                    If not \[ga]all\[ga], the name(s) should map to a directory under
+                    \[ga]./cmd/bisync/testdata\[ga].
+                    Use \[ga]all\[ga] to run all tests (default: all)
+  -remote PATH1     \[ga]local\[ga] or name of cloud service with \[ga]:\[ga] (default: local)
+  -remote2 PATH2    \[ga]local\[ga] or name of cloud service with \[ga]:\[ga] (default: local)
+  -no-compare       Disable comparing test results with the golden directory
+                    (default: compare)
+  -no-cleanup       Disable cleanup of Path1 and Path2 testdirs.
+                    Useful for troubleshooting. (default: cleanup)
+  -golden           Store results in the golden directory (default: false)
+                    This flag can be used with multiple tests.
+  -debug            Print debug messages
+  -stop-at NUM      Stop test after given step number. (default: run to the end)
+                    Implies \[ga]-no-compare\[ga] and \[ga]-no-cleanup\[ga], if the test really
+                    ends prematurely. Only meaningful for a single test case.
+  -refresh-times    Force refreshing the target modtime, useful for Dropbox
+                    (default: false)
+  -verbose          Run tests verbosely
+\f[R]
+.fi
+.PP
+Note: unlike rclone flags which must be prefixed by double dash
+(\f[C]--\f[R]), the test command flags can be equally prefixed by a
+single \f[C]-\f[R] or double dash.
+.SS Running tests
 .IP \[bu] 2
-\[dq]oss-cn-chengdu.aliyuncs.com\[dq]
-.RS 2
+\f[C]go test . -case basic -remote local -remote2 local\f[R] runs the
+\f[C]test_basic\f[R] test case using only the local filesystem, synching
+one local directory with another local directory.
+Test script output is to the console, while commands within scenario.txt
+have their output sent to the \f[C].../workdir/test.log\f[R] file, which
+is finally compared to the golden copy.
 .IP \[bu] 2
-West China 1 (Chengdu)
-.RE
+The first argument after \f[C]go test\f[R] should be a relative name of
+the directory containing bisync source code.
+If you run tests right from there, the argument will be \f[C].\f[R]
+(current directory) as in most examples below.
+If you run bisync tests from the rclone source directory, the command
+should be \f[C]go test ./cmd/bisync ...\f[R].
 .IP \[bu] 2
-\[dq]oss-cn-hongkong.aliyuncs.com\[dq]
-.RS 2
+The test engine will mangle rclone output to ensure comparability with
+golden listings and logs.
 .IP \[bu] 2
-Hong Kong (Hong Kong)
-.RE
+Test scenarios are located in \f[C]./cmd/bisync/testdata\f[R].
+The test \f[C]-case\f[R] argument should match the full name of a
+subdirectory under that directory.
+Every test subdirectory name on disk must start with \f[C]test_\f[R],
+this prefix can be omitted on command line for brevity.
+Also, underscores in the name can be replaced by dashes for convenience.
 .IP \[bu] 2
-\[dq]oss-us-west-1.aliyuncs.com\[dq]
-.RS 2
+\f[C]go test . -remote local -remote2 local -case all\f[R] runs all
+tests.
 .IP \[bu] 2
-US West 1 (Silicon Valley)
-.RE
+Path1 and Path2 may either be the keyword \f[C]local\f[R] or may be
+names of configured cloud services.
+\f[C]go test . -remote gdrive: -remote2 dropbox: -case basic\f[R] will
+run the test between these two services, without transferring any files
+to the local filesystem.
 .IP \[bu] 2
-\[dq]oss-us-east-1.aliyuncs.com\[dq]
-.RS 2
+Test run stdout and stderr console output may be directed to a file,
+e.g.
+\f[C]go test . -remote gdrive: -remote2 local -case all > runlog.txt 2>&1\f[R]
+.SS Test execution flow
+.IP "1." 3
+The base setup in the \f[C]initial\f[R] directory of the testcase is
+applied on the Path1 and Path2 filesystems (via rclone copy the initial
+directory to Path1, then rclone sync Path1 to Path2).
+.IP "2." 3
+The commands in the scenario.txt file are applied, with output directed
+to the \f[C]test.log\f[R] file in the test working directory.
+Typically, the first actual command in the \f[C]scenario.txt\f[R] file
+is to do a \f[C]--resync\f[R], which establishes the baseline
+\f[C]{...}.path1.lst\f[R] and \f[C]{...}.path2.lst\f[R] files in the
+test working directory (\f[C].../workdir/\f[R] relative to the temporary
+test directory).
+Various commands and listing snapshots are done within the test.
+.IP "3." 3
+Finally, the contents of the test working directory are compared to the
+contents of the testcase\[aq]s golden directory.
+.SS Notes about testing
 .IP \[bu] 2
-US East 1 (Virginia)
-.RE
+Test cases are in individual directories beneath
+\f[C]./cmd/bisync/testdata\f[R].
+A command line reference to a test is understood to reference a
+directory beneath \f[C]testdata\f[R].
+For example,
+\f[C]go test ./cmd/bisync -case dry-run -remote gdrive: -remote2 local\f[R]
+refers to the test case in \f[C]./cmd/bisync/testdata/test_dry_run\f[R].
 .IP \[bu] 2
-\[dq]oss-ap-southeast-1.aliyuncs.com\[dq]
-.RS 2
+The test working directory is located at \f[C].../workdir\f[R] relative
+to a temporary test directory, usually under \f[C]/tmp\f[R] on Linux.
 .IP \[bu] 2
-Southeast Asia Southeast 1 (Singapore)
-.RE
+The local test sync tree is created at a temporary directory named like
+\f[C]bisync.XXX\f[R] under system temporary directory.
 .IP \[bu] 2
-\[dq]oss-ap-southeast-2.aliyuncs.com\[dq]
-.RS 2
+The remote test sync tree is located at a temporary directory under
+\f[C]<remote:>/bisync.XXX/\f[R].
 .IP \[bu] 2
-Asia Pacific Southeast 2 (Sydney)
-.RE
+\f[C]path1\f[R] and/or \f[C]path2\f[R] subdirectories are created in a
+temporary directory under the respective local or cloud test remote.
 .IP \[bu] 2
-\[dq]oss-ap-southeast-3.aliyuncs.com\[dq]
-.RS 2
+By default, the Path1 and Path2 test dirs and workdir will be deleted
+after each test run.
+The \f[C]-no-cleanup\f[R] flag disables purging these directories when
+validating and debugging a given test.
+These directories will be flushed before running another test,
+independent of the \f[C]-no-cleanup\f[R] usage.
 .IP \[bu] 2
-Southeast Asia Southeast 3 (Kuala Lumpur)
-.RE
+You will likely want to add \[ga]-
+/testdir/\f[C]to your normal   bisync\f[R]--filters-file\f[C]so that normal syncs do not attempt to sync   the test temporary directories, which may have\f[R]RCLONE_TEST\f[C]miscompares   in some testcases which would otherwise trip the\f[R]--check-access\f[C]system.   The\f[R]--check-access\f[C]mechanism is hard-coded to ignore\f[R]RCLONE_TEST\f[C]files beneath\f[R]bisync/testdata\[ga],
+so the test cases may reside on the synched tree even if there are check
+file mismatches in the test tree.
 .IP \[bu] 2
-\[dq]oss-ap-southeast-5.aliyuncs.com\[dq]
-.RS 2
+Some Dropbox tests can fail, notably printing the following message:
+\f[C]src and dst identical but can\[aq]t set mod time without deleting and re-uploading\f[R]
+This is expected and happens due to the way Dropbox handles modification
+times.
+You should use the \f[C]-refresh-times\f[R] test flag to make up for
+this.
 .IP \[bu] 2
-Asia Pacific Southeast 5 (Jakarta)
-.RE
+If Dropbox tests hit request limit for you and print error message
+\f[C]too_many_requests/...: Too many requests or write operations.\f[R]
+then follow the Dropbox App ID
+instructions (https://rclone.org/dropbox/#get-your-own-dropbox-app-id).
+.SS Updating golden results
+.PP
+Sometimes even a slight change in the bisync source can cause little
+changes spread around many log files.
+Updating them manually would be a nightmare.
+.PP
+The \f[C]-golden\f[R] flag will store the \f[C]test.log\f[R] and
+\f[C]*.lst\f[R] listings from each test case into respective golden
+directories.
+Golden results will automatically contain generic strings instead of
+local or cloud paths which means that they should match when run with a
+different cloud service.
+.PP
+Your normal workflow might be as follows: 1.
+Git-clone the rclone sources locally 2.
+Modify bisync source and check that it builds 3.
+Run the whole test suite \f[C]go test ./cmd/bisync -remote local\f[R] 4.
+If some tests show log difference, recheck them individually, e.g.:
+\f[C]go test ./cmd/bisync -remote local -case basic\f[R] 5.
+If you are convinced with the difference, goldenize all tests at once:
+\f[C]go test ./cmd/bisync -remote local -golden\f[R] 6.
+Use word diff: \f[C]git diff --word-diff ./cmd/bisync/testdata/\f[R].
+Please note that normal line-level diff is generally useless here.
+7.
+Check the difference \f[I]carefully\f[R]! 8.
+Commit the change (\f[C]git commit\f[R]) \f[I]only\f[R] if you are sure.
+If unsure, save your code changes then wipe the log diffs from git:
+\f[C]git reset [--hard]\f[R].
+.SS Structure of test scenarios
 .IP \[bu] 2
-\[dq]oss-ap-northeast-1.aliyuncs.com\[dq]
-.RS 2
+\f[C]<testname>/initial/\f[R] contains a tree of files that will be set
+as the initial condition on both Path1 and Path2 testdirs.
 .IP \[bu] 2
-Asia Pacific Northeast 1 (Japan)
-.RE
+\f[C]<testname>/modfiles/\f[R] contains files that will be used to
+modify the Path1 and/or Path2 filesystems.
 .IP \[bu] 2
-\[dq]oss-ap-south-1.aliyuncs.com\[dq]
-.RS 2
+\f[C]<testname>/golden/\f[R] contains the expected content of the test
+working directory (\f[C]workdir\f[R]) at the completion of the testcase.
 .IP \[bu] 2
-Asia Pacific South 1 (Mumbai)
-.RE
+\f[C]<testname>/scenario.txt\f[R] contains the body of the test, in the
+form of various commands to modify files, run bisync, and snapshot
+listings.
+Output from these commands is captured to \f[C].../workdir/test.log\f[R]
+for comparison to the golden files.
+.SS Supported test commands
 .IP \[bu] 2
-\[dq]oss-eu-central-1.aliyuncs.com\[dq]
-.RS 2
+\f[C]test <some message>\f[R] Print the line to the console and to the
+\f[C]test.log\f[R]:
+\f[C]test sync is working correctly with options x, y, z\f[R]
 .IP \[bu] 2
-Central Europe 1 (Frankfurt)
-.RE
+\f[C]copy-listings <prefix>\f[R] Save a copy of all \f[C].lst\f[R]
+listings in the test working directory with the specified prefix:
+\f[C]save-listings exclude-pass-run\f[R]
 .IP \[bu] 2
-\[dq]oss-eu-west-1.aliyuncs.com\[dq]
-.RS 2
+\f[C]move-listings <prefix>\f[R] Similar to \f[C]copy-listings\f[R] but
+removes the source
 .IP \[bu] 2
-West Europe (London)
-.RE
+\f[C]purge-children <dir>\f[R] This will delete all child files and
+purge all child subdirs under given directory but keep the parent
+intact.
+This behavior is important for tests with Google Drive because removing
+and re-creating the parent would change its ID.
 .IP \[bu] 2
-\[dq]oss-me-east-1.aliyuncs.com\[dq]
-.RS 2
+\f[C]delete-file <file>\f[R] Delete a single file.
 .IP \[bu] 2
-Middle East 1 (Dubai)
-.RE
-.RE
-.SS --s3-endpoint
-.PP
-Endpoint for OBS API.
-.PP
-Properties:
+\f[C]delete-glob <dir> <pattern>\f[R] Delete a group of files located
+one level deep in the given directory with names matching a given glob
+pattern.
 .IP \[bu] 2
-Config: endpoint
+\f[C]touch-glob YYYY-MM-DD <dir> <pattern>\f[R] Change modification time
+on a group of files.
 .IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
+\f[C]touch-copy YYYY-MM-DD <source-file> <dest-dir>\f[R] Change file
+modification time then copy it to destination.
 .IP \[bu] 2
-Provider: HuaweiOBS
+\f[C]copy-file <source-file> <dest-dir>\f[R] Copy a single file to given
+directory.
 .IP \[bu] 2
-Type: string
+\f[C]copy-as <source-file> <dest-file>\f[R] Similar to above but
+destination must include both directory and the new file name at
+destination.
 .IP \[bu] 2
-Required: false
+\f[C]copy-dir <src> <dst>\f[R] and \f[C]sync-dir <src> <dst>\f[R]
+Copy/sync a directory.
+Equivalent of \f[C]rclone copy\f[R] and \f[C]rclone sync\f[R].
 .IP \[bu] 2
-Examples:
-.RS 2
+\f[C]list-dirs <dir>\f[R] Equivalent to
+\f[C]rclone lsf -R --dirs-only <dir>\f[R]
 .IP \[bu] 2
-\[dq]obs.af-south-1.myhuaweicloud.com\[dq]
-.RS 2
+\f[C]bisync [options]\f[R] Runs bisync against \f[C]-remote\f[R] and
+\f[C]-remote2\f[R].
+.SS Supported substitution terms
 .IP \[bu] 2
-AF-Johannesburg
-.RE
+\f[C]{testdir/}\f[R] - the root dir of the testcase
 .IP \[bu] 2
-\[dq]obs.ap-southeast-2.myhuaweicloud.com\[dq]
-.RS 2
+\f[C]{datadir/}\f[R] - the \f[C]modfiles\f[R] dir under the testcase
+root
 .IP \[bu] 2
-AP-Bangkok
-.RE
+\f[C]{workdir/}\f[R] - the temporary test working directory
 .IP \[bu] 2
-\[dq]obs.ap-southeast-3.myhuaweicloud.com\[dq]
-.RS 2
+\f[C]{path1/}\f[R] - the root of the Path1 test directory tree
 .IP \[bu] 2
-AP-Singapore
-.RE
+\f[C]{path2/}\f[R] - the root of the Path2 test directory tree
 .IP \[bu] 2
-\[dq]obs.cn-east-3.myhuaweicloud.com\[dq]
-.RS 2
+\f[C]{session}\f[R] - base name of the test listings
 .IP \[bu] 2
-CN East-Shanghai1
-.RE
+\f[C]{/}\f[R] - OS-specific path separator
 .IP \[bu] 2
-\[dq]obs.cn-east-2.myhuaweicloud.com\[dq]
-.RS 2
+\f[C]{spc}\f[R], \f[C]{tab}\f[R], \f[C]{eol}\f[R] - whitespace
 .IP \[bu] 2
-CN East-Shanghai2
-.RE
+\f[C]{chr:HH}\f[R] - raw byte with given hexadecimal code
+.PP
+Substitution results of the terms named like \f[C]{dir/}\f[R] will end
+with \f[C]/\f[R] (or backslash on Windows), so it is not necessary to
+include slash in the usage, for example
+\f[C]delete-file {path1/}file1.txt\f[R].
+.SS Benchmarks
+.PP
+\f[I]This section is work in progress.\f[R]
+.PP
+Here are a few data points for scale, execution times, and memory usage.
+.PP
+The first set of data was taken between a local disk to Dropbox.
+The speedtest.net (https://speedtest.net) download speed was \[ti]170
+Mbps, and upload speed was \[ti]10 Mbps.
+500 files (\[ti]9.5 MB each) had been already synched.
+50 files were added in a new directory, each \[ti]9.5 MB, \[ti]475 MB
+total.
+.PP
+.TS
+tab(@);
+lw(23.8n) lw(35.0n) lw(11.2n).
+T{
+Change
+T}@T{
+Operations and times
+T}@T{
+Overall run time
+T}
+_
+T{
+500 files synched (nothing to move)
+T}@T{
+1x listings for Path1 & Path2
+T}@T{
+1.5 sec
+T}
+T{
+500 files synched with --check-access
+T}@T{
+1x listings for Path1 & Path2
+T}@T{
+1.5 sec
+T}
+T{
+50 new files on remote
+T}@T{
+Queued 50 copies down: 27 sec
+T}@T{
+29 sec
+T}
+T{
+Moved local dir
+T}@T{
+Queued 50 copies up: 410 sec, 50 deletes up: 9 sec
+T}@T{
+421 sec
+T}
+T{
+Moved remote dir
+T}@T{
+Queued 50 copies down: 31 sec, 50 deletes down: <1 sec
+T}@T{
+33 sec
+T}
+T{
+Delete local dir
+T}@T{
+Queued 50 deletes up: 9 sec
+T}@T{
+13 sec
+T}
+.TE
+.PP
+This next data is from a user\[aq]s application.
+They had \[ti]400GB of data over 1.96 million files being sync\[aq]ed
+between a Windows local disk and some remote cloud.
+The file full path length was on average 35 characters (which factors
+into load time and RAM required).
 .IP \[bu] 2
-\[dq]obs.cn-north-1.myhuaweicloud.com\[dq]
-.RS 2
+Loading the prior listing into memory (1.96 million files, listing file
+size 140 MB) took \[ti]30 sec and occupied about 1 GB of RAM.
 .IP \[bu] 2
-CN North-Beijing1
-.RE
+Getting a fresh listing of the local file system (producing the 140 MB
+output file) took about XXX sec.
 .IP \[bu] 2
-\[dq]obs.cn-north-4.myhuaweicloud.com\[dq]
-.RS 2
+Getting a fresh listing of the remote file system (producing the 140 MB
+output file) took about XXX sec.
+The network download speed was measured at XXX Mb/s.
 .IP \[bu] 2
-CN North-Beijing4
-.RE
+Once the prior and current Path1 and Path2 listings were loaded (a total
+of four to be loaded, two at a time), determining the deltas was pretty
+quick (a few seconds for this test case), and the transfer time for any
+files to be copied was dominated by the network bandwidth.
+.SS References
+.PP
+rclone\[aq]s bisync implementation was derived from the
+rclonesync-V2 (https://github.com/cjnaz/rclonesync-V2) project,
+including documentation and test mechanisms, with
+[\[at]cjnaz](https://github.com/cjnaz)\[aq]s full support and
+encouragement.
+.PP
+\f[C]rclone bisync\f[R] is similar in nature to a range of other
+projects:
 .IP \[bu] 2
-\[dq]obs.cn-south-1.myhuaweicloud.com\[dq]
-.RS 2
+unison (https://github.com/bcpierce00/unison)
 .IP \[bu] 2
-CN South-Guangzhou
-.RE
+syncthing (https://github.com/syncthing/syncthing)
 .IP \[bu] 2
-\[dq]obs.ap-southeast-1.myhuaweicloud.com\[dq]
-.RS 2
+cjnaz/rclonesync (https://github.com/cjnaz/rclonesync-V2)
 .IP \[bu] 2
-CN-Hong Kong
-.RE
+ConorWilliams/rsinc (https://github.com/ConorWilliams/rsinc)
 .IP \[bu] 2
-\[dq]obs.sa-argentina-1.myhuaweicloud.com\[dq]
-.RS 2
+jwink3101/syncrclone (https://github.com/Jwink3101/syncrclone)
 .IP \[bu] 2
-LA-Buenos Aires1
-.RE
+DavideRossi/upback (https://github.com/DavideRossi/upback)
+.PP
+Bisync adopts the differential synchronization technique, which is based
+on keeping history of changes performed by both synchronizing sides.
+See the \f[I]Dual Shadow Method\f[R] section in Neil Fraser\[aq]s
+article (https://neil.fraser.name/writing/sync/).
+.PP
+Also note a number of academic publications by Benjamin
+Pierce (http://www.cis.upenn.edu/%7Ebcpierce/papers/index.shtml#File%20Synchronization)
+about \f[I]Unison\f[R] and synchronization in general.
+.SS Changelog
+.SS \f[C]v1.64\f[R]
 .IP \[bu] 2
-\[dq]obs.sa-peru-1.myhuaweicloud.com\[dq]
-.RS 2
+Fixed an
+issue (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Dry%20runs%20are%20not%20completely%20dry)
+causing dry runs to inadvertently commit filter changes
 .IP \[bu] 2
-LA-Lima1
-.RE
+Fixed an
+issue (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20%2D%2Dresync%20deletes%20data%2C%20contrary%20to%20docs)
+causing \f[C]--resync\f[R] to erroneously delete empty folders and
+duplicate files unique to Path2
 .IP \[bu] 2
-\[dq]obs.na-mexico-1.myhuaweicloud.com\[dq]
-.RS 2
+\f[C]--check-access\f[R] is now enforced during \f[C]--resync\f[R],
+preventing data loss in certain user error
+scenarios (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=%2D%2Dcheck%2Daccess%20doesn%27t%20always%20fail%20when%20it%20should)
 .IP \[bu] 2
-LA-Mexico City1
-.RE
+Fixed an
+issue (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=5.%20Bisync%20reads%20files%20in%20excluded%20directories%20during%20delete%20operations)
+causing bisync to consider more files than necessary due to overbroad
+filters during delete operations
 .IP \[bu] 2
-\[dq]obs.sa-chile-1.myhuaweicloud.com\[dq]
-.RS 2
+Improved detection of false positive change
+conflicts (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=1.%20Identical%20files%20should%20be%20left%20alone%2C%20even%20if%20new/newer/changed%20on%20both%20sides)
+(identical files are now left alone instead of renamed)
 .IP \[bu] 2
-LA-Santiago2
-.RE
+Added support for
+\f[C]--create-empty-src-dirs\f[R] (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=3.%20Bisync%20should%20create/delete%20empty%20directories%20as%20sync%20does%2C%20when%20%2D%2Dcreate%2Dempty%2Dsrc%2Ddirs%20is%20passed)
 .IP \[bu] 2
-\[dq]obs.sa-brazil-1.myhuaweicloud.com\[dq]
-.RS 2
+Added experimental \f[C]--resilient\f[R] mode to allow recovery from
+self-correctable
+errors (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=2.%20Bisync%20should%20be%20more%20resilient%20to%20self%2Dcorrectable%20errors)
 .IP \[bu] 2
-LA-Sao Paulo1
-.RE
+Added new \f[C]--ignore-listing-checksum\f[R]
+flag (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20%2D%2Dignore%2Dchecksum%20should%20be%20split%20into%20two%20flags%20for%20separate%20purposes)
+to distinguish from \f[C]--ignore-checksum\f[R]
 .IP \[bu] 2
-\[dq]obs.ru-northwest-2.myhuaweicloud.com\[dq]
-.RS 2
+Performance
+improvements (https://forum.rclone.org/t/bisync-bugs-and-feature-requests/37636#:~:text=6.%20Deletes%20take%20several%20times%20longer%20than%20copies)
+for large remotes
 .IP \[bu] 2
-RU-Moscow2
-.RE
-.RE
-.SS --s3-endpoint
+Documentation and testing improvements
+.SH Release signing
 .PP
-Endpoint for Scaleway Object Storage.
+The hashes of the binary artefacts of the rclone release are signed with
+a public PGP/GPG key.
+This can be verified manually as described below.
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider: Scaleway
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
+The same mechanism is also used by rclone
+selfupdate (https://rclone.org/commands/rclone_selfupdate/) to verify
+that the release has not been tampered with before the new update is
+installed.
+This checks the SHA256 hash and the signature with a public key compiled
+into the rclone binary.
+.SS Release signing key
+.PP
+You may obtain the release signing key from:
 .IP \[bu] 2
-Examples:
-.RS 2
+From KEYS on this website - this file contains all past signing keys
+also.
 .IP \[bu] 2
-\[dq]s3.nl-ams.scw.cloud\[dq]
-.RS 2
+The git repository hosted on GitHub -
+https://github.com/rclone/rclone/blob/master/docs/content/KEYS
 .IP \[bu] 2
-Amsterdam Endpoint
-.RE
+\f[C]gpg --keyserver hkps://keys.openpgp.org --search nick\[at]craig-wood.com\f[R]
 .IP \[bu] 2
-\[dq]s3.fr-par.scw.cloud\[dq]
-.RS 2
+\f[C]gpg --keyserver hkps://keyserver.ubuntu.com --search nick\[at]craig-wood.com\f[R]
 .IP \[bu] 2
-Paris Endpoint
-.RE
+https://www.craig-wood.com/nick/pub/pgp-key.txt
+.PP
+After importing the key, verify that the fingerprint of one of the keys
+matches: \f[C]FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA\f[R] as this key
+is used for signing.
+.PP
+We recommend that you cross-check the fingerprint shown above through
+the domains listed below.
+By cross-checking the integrity of the fingerprint across multiple
+domains you can be confident that you obtained the correct key.
 .IP \[bu] 2
-\[dq]s3.pl-waw.scw.cloud\[dq]
-.RS 2
+The source for this page on
+GitHub (https://github.com/rclone/rclone/blob/master/docs/content/release_signing.md).
 .IP \[bu] 2
-Warsaw Endpoint
-.RE
-.RE
-.SS --s3-endpoint
+Through DNS \f[C]dig key.rclone.org txt\f[R]
+.PP
+If you find anything that doesn\[aq]t not match, please contact the
+developers at once.
+.SS How to verify the release
+.PP
+In the release directory you will see the release files and some files
+called \f[C]MD5SUMS\f[R], \f[C]SHA1SUMS\f[R] and \f[C]SHA256SUMS\f[R].
+.IP
+.nf
+\f[C]
+$ rclone lsf --http-url https://downloads.rclone.org/v1.63.1 :http:
+MD5SUMS
+SHA1SUMS
+SHA256SUMS
+rclone-v1.63.1-freebsd-386.zip
+rclone-v1.63.1-freebsd-amd64.zip
+\&...
+rclone-v1.63.1-windows-arm64.zip
+rclone-v1.63.1.tar.gz
+version.txt
+\f[R]
+.fi
+.PP
+The \f[C]MD5SUMS\f[R], \f[C]SHA1SUMS\f[R] and \f[C]SHA256SUMS\f[R]
+contain hashes of the binary files in the release directory along with a
+signature.
+.PP
+For example:
+.IP
+.nf
+\f[C]
+$ rclone cat --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113  rclone-v1.63.1-freebsd-386.zip
+7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e  rclone-v1.63.1-freebsd-amd64.zip
+\&...
+66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73  rclone-v1.63.1-windows-amd64.zip
+bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0  rclone-v1.63.1-windows-arm64.zip
+-----BEGIN PGP SIGNATURE-----
+
+iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZLVKJQAKCRCTk14C/ztU
++pZuAJ0XJ+QWLP/3jCtkmgcgc4KAwd/rrwCcCRZQ7E+oye1FPY46HOVzCFU3L7g=
+=8qrL
+-----END PGP SIGNATURE-----
+\f[R]
+.fi
+.SS Download the files
+.PP
+The first step is to download the binary and SUMs file and verify that
+the SUMs you have downloaded match.
+Here we download \f[C]rclone-v1.63.1-windows-amd64.zip\f[R] - choose the
+binary (or binaries) appropriate to your architecture.
+We\[aq]ve also chosen the \f[C]SHA256SUMS\f[R] as these are the most
+secure.
+You could verify the other types of hash also for extra security.
+\f[C]rclone selfupdate\f[R] verifies just the \f[C]SHA256SUMS\f[R].
+.IP
+.nf
+\f[C]
+$ mkdir /tmp/check
+$ cd /tmp/check
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS .
+$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:rclone-v1.63.1-windows-amd64.zip .
+\f[R]
+.fi
+.SS Verify the signatures
+.PP
+First verify the signatures on the SHA256 file.
+.PP
+Import the key.
+See above for ways to verify this key is correct.
+.IP
+.nf
+\f[C]
+$ gpg --keyserver keyserver.ubuntu.com --receive-keys FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: key 93935E02FF3B54FA: public key \[dq]Nick Craig-Wood <nick\[at]craig-wood.com>\[dq] imported
+gpg: Total number processed: 1
+gpg:               imported: 1
+\f[R]
+.fi
+.PP
+Then check the signature:
+.IP
+.nf
+\f[C]
+$ gpg --verify SHA256SUMS 
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from \[dq]Nick Craig-Wood <nick\[at]craig-wood.com>\[dq] [ultimate]
+\f[R]
+.fi
+.PP
+Verify the signature was good and is using the fingerprint shown above.
+.PP
+Repeat for \f[C]MD5SUMS\f[R] and \f[C]SHA1SUMS\f[R] if desired.
+.SS Verify the hashes
+.PP
+Now that we know the signatures on the hashes are OK we can verify the
+binaries match the hashes, completing the verification.
+.IP
+.nf
+\f[C]
+$ sha256sum -c SHA256SUMS 2>&1 | grep OK
+rclone-v1.63.1-windows-amd64.zip: OK
+\f[R]
+.fi
+.PP
+Or do the check with rclone
+.IP
+.nf
+\f[C]
+$ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip 
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 0
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 1
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 49
+2023/09/11 10:53:58 NOTICE: SHA256SUMS: 4 warning(s) suppressed...
+= rclone-v1.63.1-windows-amd64.zip
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 0 differences found
+2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 1 matching files
+\f[R]
+.fi
+.SS Verify signatures and hashes together
+.PP
+You can verify the signatures and hashes in one command line like this:
+.IP
+.nf
+\f[C]
+$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
+gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
+gpg:                using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
+gpg: Good signature from \[dq]Nick Craig-Wood <nick\[at]craig-wood.com>\[dq] [ultimate]
+gpg:                 aka \[dq]Nick Craig-Wood <nick\[at]memset.com>\[dq] [unknown]
+rclone-v1.63.1-windows-amd64.zip: OK
+\f[R]
+.fi
+.SH 1Fichier
+.PP
+This is a backend for the 1fichier (https://1fichier.com) cloud storage
+service.
+Note that a Premium subscription is required to use the API.
+.PP
+Paths are specified as \f[C]remote:path\f[R]
+.PP
+Paths may be as deep as required, e.g.
+\f[C]remote:directory/subdirectory\f[R].
+.SS Configuration
+.PP
+The initial setup for 1Fichier involves getting the API key from the
+website which you need to do in your browser.
+.PP
+Here is an example of how to make a remote called \f[C]remote\f[R].
+First run:
+.IP
+.nf
+\f[C]
+ rclone config
+\f[R]
+.fi
+.PP
+This will guide you through an interactive setup process:
+.IP
+.nf
+\f[C]
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value
+[snip]
+XX / 1Fichier
+   \[rs] \[dq]fichier\[dq]
+[snip]
+Storage> fichier
+** See help for fichier backend at: https://rclone.org/fichier/ **
+
+Your API Key, get it from https://1fichier.com/console/params.pl
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+api_key> example_key
+
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> 
+Remote config
+--------------------
+[remote]
+type = fichier
+api_key = example_key
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+\f[R]
+.fi
+.PP
+Once configured you can then use \f[C]rclone\f[R] like this,
+.PP
+List directories in top level of your 1Fichier account
+.IP
+.nf
+\f[C]
+rclone lsd remote:
+\f[R]
+.fi
+.PP
+List all the files in your 1Fichier account
+.IP
+.nf
+\f[C]
+rclone ls remote:
+\f[R]
+.fi
+.PP
+To copy a local directory to a 1Fichier directory called backup
+.IP
+.nf
+\f[C]
+rclone copy /home/source remote:backup
+\f[R]
+.fi
+.SS Modification times and hashes
+.PP
+1Fichier does not support modification times.
+It supports the Whirlpool hash algorithm.
+.SS Duplicated files
+.PP
+1Fichier can have two files with exactly the same name and path (unlike
+a normal file system).
+.PP
+Duplicated files cause problems with the syncing and you will see
+messages in the log about duplicates.
+.SS Restricted filename characters
+.PP
+In addition to the default restricted characters
+set (https://rclone.org/overview/#restricted-characters) the following
+characters are also replaced:
+.PP
+.TS
+tab(@);
+l c c.
+T{
+Character
+T}@T{
+Value
+T}@T{
+Replacement
+T}
+_
+T{
+\[rs]
+T}@T{
+0x5C
+T}@T{
+\[uFF3C]
+T}
+T{
+<
+T}@T{
+0x3C
+T}@T{
+\[uFF1C]
+T}
+T{
+>
+T}@T{
+0x3E
+T}@T{
+\[uFF1E]
+T}
+T{
+\[dq]
+T}@T{
+0x22
+T}@T{
+\[uFF02]
+T}
+T{
+$
+T}@T{
+0x24
+T}@T{
+\[uFF04]
+T}
+T{
+\[ga]
+T}@T{
+0x60
+T}@T{
+\[uFF40]
+T}
+T{
+\[aq]
+T}@T{
+0x27
+T}@T{
+\[uFF07]
+T}
+.TE
+.PP
+File names can also not start or end with the following characters.
+These only get replaced if they are the first or last character in the
+name:
+.PP
+.TS
+tab(@);
+l c c.
+T{
+Character
+T}@T{
+Value
+T}@T{
+Replacement
+T}
+_
+T{
+SP
+T}@T{
+0x20
+T}@T{
+\[u2420]
+T}
+.TE
+.PP
+Invalid UTF-8 bytes will also be
+replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
+be used in JSON strings.
+.SS Standard options
+.PP
+Here are the Standard options specific to fichier (1Fichier).
+.SS --fichier-api-key
 .PP
-Endpoint for StackPath Object Storage.
+Your API Key, get it from https://1fichier.com/console/params.pl.
 .PP
 Properties:
 .IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
+Config: api_key
 .IP \[bu] 2
-Provider: StackPath
+Env Var: RCLONE_FICHIER_API_KEY
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
 Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]s3.us-east-2.stackpathstorage.com\[dq]
-.RS 2
-.IP \[bu] 2
-US East Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.us-west-1.stackpathstorage.com\[dq]
-.RS 2
-.IP \[bu] 2
-US West Endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.eu-central-1.stackpathstorage.com\[dq]
-.RS 2
-.IP \[bu] 2
-EU Endpoint
-.RE
-.RE
-.SS --s3-endpoint
+.SS Advanced options
+.PP
+Here are the Advanced options specific to fichier (1Fichier).
+.SS --fichier-shared-folder
 .PP
-Endpoint for Storj Gateway.
+If you want to download a shared folder, add this parameter.
 .PP
 Properties:
 .IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
+Config: shared_folder
 .IP \[bu] 2
-Provider: Storj
+Env Var: RCLONE_FICHIER_SHARED_FOLDER
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
 Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]gateway.storjshare.io\[dq]
-.RS 2
-.IP \[bu] 2
-Global Hosted Gateway
-.RE
-.RE
-.SS --s3-endpoint
+.SS --fichier-file-password
 .PP
-Endpoint for Tencent COS API.
+If you want to download a shared file that is password protected, add
+this parameter.
+.PP
+\f[B]NB\f[R] Input to this must be obscured - see rclone
+obscure (https://rclone.org/commands/rclone_obscure/).
 .PP
 Properties:
 .IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
+Config: file_password
 .IP \[bu] 2
-Provider: TencentCOS
+Env Var: RCLONE_FICHIER_FILE_PASSWORD
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
 Required: false
+.SS --fichier-folder-password
+.PP
+If you want to list the files in a shared folder that is password
+protected, add this parameter.
+.PP
+\f[B]NB\f[R] Input to this must be obscured - see rclone
+obscure (https://rclone.org/commands/rclone_obscure/).
+.PP
+Properties:
 .IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]cos.ap-beijing.myqcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Beijing Region
-.RE
-.IP \[bu] 2
-\[dq]cos.ap-nanjing.myqcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Nanjing Region
-.RE
-.IP \[bu] 2
-\[dq]cos.ap-shanghai.myqcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Shanghai Region
-.RE
-.IP \[bu] 2
-\[dq]cos.ap-guangzhou.myqcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Guangzhou Region
-.RE
-.IP \[bu] 2
-\[dq]cos.ap-nanjing.myqcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Nanjing Region
-.RE
-.IP \[bu] 2
-\[dq]cos.ap-chengdu.myqcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Chengdu Region
-.RE
-.IP \[bu] 2
-\[dq]cos.ap-chongqing.myqcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Chongqing Region
-.RE
-.IP \[bu] 2
-\[dq]cos.ap-hongkong.myqcloud.com\[dq]
-.RS 2
+Config: folder_password
 .IP \[bu] 2
-Hong Kong (China) Region
-.RE
+Env Var: RCLONE_FICHIER_FOLDER_PASSWORD
 .IP \[bu] 2
-\[dq]cos.ap-singapore.myqcloud.com\[dq]
-.RS 2
+Type: string
 .IP \[bu] 2
-Singapore Region
-.RE
+Required: false
+.SS --fichier-cdn
+.PP
+Set if you wish to use CDN download links.
+.PP
+Properties:
 .IP \[bu] 2
-\[dq]cos.ap-mumbai.myqcloud.com\[dq]
-.RS 2
+Config: cdn
 .IP \[bu] 2
-Mumbai Region
-.RE
+Env Var: RCLONE_FICHIER_CDN
 .IP \[bu] 2
-\[dq]cos.ap-seoul.myqcloud.com\[dq]
-.RS 2
+Type: bool
 .IP \[bu] 2
-Seoul Region
-.RE
+Default: false
+.SS --fichier-encoding
+.PP
+The encoding for the backend.
+.PP
+See the encoding section in the
+overview (https://rclone.org/overview/#encoding) for more info.
+.PP
+Properties:
 .IP \[bu] 2
-\[dq]cos.ap-bangkok.myqcloud.com\[dq]
-.RS 2
+Config: encoding
 .IP \[bu] 2
-Bangkok Region
-.RE
+Env Var: RCLONE_FICHIER_ENCODING
 .IP \[bu] 2
-\[dq]cos.ap-tokyo.myqcloud.com\[dq]
-.RS 2
+Type: Encoding
 .IP \[bu] 2
-Tokyo Region
-.RE
+Default:
+Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot
+.SS Limitations
+.PP
+\f[C]rclone about\f[R] is not supported by the 1Fichier backend.
+Backends without this capability cannot determine free space for an
+rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
+of an rclone union remote.
+.PP
+See List of backends that do not support rclone
+about (https://rclone.org/overview/#optional-features) and rclone
+about (https://rclone.org/commands/rclone_about/)
+.SH Alias
+.PP
+The \f[C]alias\f[R] remote provides a new name for another remote.
+.PP
+Paths may be as deep as required or a local path, e.g.
+\f[C]remote:directory/subdirectory\f[R] or
+\f[C]/directory/subdirectory\f[R].
+.PP
+During the initial setup with \f[C]rclone config\f[R] you will specify
+the target remote.
+The target remote can either be a local path or another remote.
+.PP
+Subfolders can be used in target remote.
+Assume an alias remote named \f[C]backup\f[R] with the target
+\f[C]mydrive:private/backup\f[R].
+Invoking \f[C]rclone mkdir backup:desktop\f[R] is exactly the same as
+invoking \f[C]rclone mkdir mydrive:private/backup/desktop\f[R].
+.PP
+There will be no special handling of paths containing \f[C]..\f[R]
+segments.
+Invoking \f[C]rclone mkdir backup:../desktop\f[R] is exactly the same as
+invoking \f[C]rclone mkdir mydrive:private/backup/../desktop\f[R].
+The empty path is not allowed as a remote.
+To alias the current directory use \f[C].\f[R] instead.
+.PP
+The target remote can also be a connection
+string (https://rclone.org/docs/#connection-strings).
+This can be used to modify the config of a remote for different uses,
+e.g.
+the alias \f[C]myDriveTrash\f[R] with the target remote
+\f[C]myDrive,trashed_only:\f[R] can be used to only show the trashed
+files in \f[C]myDrive\f[R].
+.SS Configuration
+.PP
+Here is an example of how to make an alias called \f[C]remote\f[R] for
+local folder.
+First run:
+.IP
+.nf
+\f[C]
+ rclone config
+\f[R]
+.fi
+.PP
+This will guide you through an interactive setup process:
+.IP
+.nf
+\f[C]
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Alias for an existing remote
+   \[rs] \[dq]alias\[dq]
+[snip]
+Storage> alias
+Remote or path to alias.
+Can be \[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq], \[dq]myremote:\[dq] or \[dq]/local/path\[dq].
+remote> /mnt/storage/backup
+Remote config
+--------------------
+[remote]
+remote = /mnt/storage/backup
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
+
+Name                 Type
+====                 ====
+remote               alias
+
+e) Edit existing remote
+n) New remote
+d) Delete remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+e/n/d/r/c/s/q> q
+\f[R]
+.fi
+.PP
+Once configured you can then use \f[C]rclone\f[R] like this,
+.PP
+List directories in top level in \f[C]/mnt/storage/backup\f[R]
+.IP
+.nf
+\f[C]
+rclone lsd remote:
+\f[R]
+.fi
+.PP
+List all the files in \f[C]/mnt/storage/backup\f[R]
+.IP
+.nf
+\f[C]
+rclone ls remote:
+\f[R]
+.fi
+.PP
+Copy another local directory to the alias directory called source
+.IP
+.nf
+\f[C]
+rclone copy /home/source remote:source
+\f[R]
+.fi
+.SS Standard options
+.PP
+Here are the Standard options specific to alias (Alias for an existing
+remote).
+.SS --alias-remote
+.PP
+Remote or path to alias.
+.PP
+Can be \[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq],
+\[dq]myremote:\[dq] or \[dq]/local/path\[dq].
+.PP
+Properties:
 .IP \[bu] 2
-\[dq]cos.na-siliconvalley.myqcloud.com\[dq]
-.RS 2
+Config: remote
 .IP \[bu] 2
-Silicon Valley Region
-.RE
+Env Var: RCLONE_ALIAS_REMOTE
 .IP \[bu] 2
-\[dq]cos.na-ashburn.myqcloud.com\[dq]
-.RS 2
+Type: string
 .IP \[bu] 2
-Virginia Region
-.RE
+Required: true
+.SH Amazon Drive
+.PP
+Amazon Drive, formerly known as Amazon Cloud Drive, is a cloud storage
+service run by Amazon for consumers.
+.SS Status
+.PP
+\f[B]Important:\f[R] rclone supports Amazon Drive only if you have your
+own set of API keys.
+Unfortunately the Amazon Drive developer
+program (https://developer.amazon.com/amazon-drive) is now closed to new
+entries so if you don\[aq]t already have your own set of keys you will
+not be able to use rclone with Amazon Drive.
+.PP
+For the history on why rclone no longer has a set of Amazon Drive API
+keys see the
+forum (https://forum.rclone.org/t/rclone-has-been-banned-from-amazon-drive/2314).
+.PP
+If you happen to know anyone who works at Amazon then please ask them to
+re-instate rclone into the Amazon Drive developer program - thanks!
+.SS Configuration
+.PP
+The initial setup for Amazon Drive involves getting a token from Amazon
+which you need to do in your browser.
+\f[C]rclone config\f[R] walks you through it.
+.PP
+The configuration process for Amazon Drive may involve using an oauth
+proxy (https://github.com/ncw/oauthproxy).
+This is used to keep the Amazon credentials out of the source code.
+The proxy runs in Google\[aq]s very secure App Engine environment and
+doesn\[aq]t store any credentials which pass through it.
+.PP
+Since rclone doesn\[aq]t currently have its own Amazon Drive credentials
+so you will either need to have your own \f[C]client_id\f[R] and
+\f[C]client_secret\f[R] with Amazon Drive, or use a third-party oauth
+proxy in which case you will need to enter \f[C]client_id\f[R],
+\f[C]client_secret\f[R], \f[C]auth_url\f[R] and \f[C]token_url\f[R].
+.PP
+Note also if you are not using Amazon\[aq]s \f[C]auth_url\f[R] and
+\f[C]token_url\f[R], (ie you filled in something for those) then if
+setting up on a remote machine you can only use the copying the config
+method of
+configuration (https://rclone.org/remote_setup/#configuring-by-copying-the-config-file)
+- \f[C]rclone authorize\f[R] will not work.
+.PP
+Here is an example of how to make a remote called \f[C]remote\f[R].
+First run:
+.IP
+.nf
+\f[C]
+ rclone config
+\f[R]
+.fi
+.PP
+This will guide you through an interactive setup process:
+.IP
+.nf
+\f[C]
+No remotes found, make a new one?
+n) New remote
+r) Rename remote
+c) Copy remote
+s) Set configuration password
+q) Quit config
+n/r/c/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon Drive
+   \[rs] \[dq]amazon cloud drive\[dq]
+[snip]
+Storage> amazon cloud drive
+Amazon Application Client Id - required.
+client_id> your client ID goes here
+Amazon Application Client Secret - required.
+client_secret> your client secret goes here
+Auth server URL - leave blank to use Amazon\[aq]s.
+auth_url> Optional auth URL
+Token server url - leave blank to use Amazon\[aq]s.
+token_url> Optional token URL
+Remote config
+Make sure your Redirect URL is set to \[dq]http://127.0.0.1:53682/\[dq] in your custom config.
+Use web browser to automatically authenticate rclone with remote?
+ * Say Y if the machine running rclone has a web browser you can use
+ * Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y. If Y failed, try N.
+y) Yes
+n) No
+y/n> y
+If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
+Log in and authorize rclone for access
+Waiting for code...
+Got code
+--------------------
+[remote]
+client_id = your client ID goes here
+client_secret = your client secret goes here
+auth_url = Optional auth URL
+token_url = Optional token URL
+token = {\[dq]access_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxx\[dq],\[dq]expiry\[dq]:\[dq]2015-09-06T16:07:39.658438471+01:00\[dq]}
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+\f[R]
+.fi
+.PP
+See the remote setup docs (https://rclone.org/remote_setup/) for how to
+set it up on a machine with no Internet browser available.
+.PP
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Amazon.
+This only runs from the moment it opens your browser to the moment you
+get back the verification code.
+This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
+to unblock it temporarily if you are running a host firewall.
+.PP
+Once configured you can then use \f[C]rclone\f[R] like this,
+.PP
+List directories in top level of your Amazon Drive
+.IP
+.nf
+\f[C]
+rclone lsd remote:
+\f[R]
+.fi
+.PP
+List all the files in your Amazon Drive
+.IP
+.nf
+\f[C]
+rclone ls remote:
+\f[R]
+.fi
+.PP
+To copy a local directory to an Amazon Drive directory called backup
+.IP
+.nf
+\f[C]
+rclone copy /home/source remote:backup
+\f[R]
+.fi
+.SS Modification times and hashes
+.PP
+Amazon Drive doesn\[aq]t allow modification times to be changed via the
+API so these won\[aq]t be accurate or used for syncing.
+.PP
+It does support the MD5 hash algorithm, so for a more accurate sync, you
+can use the \f[C]--checksum\f[R] flag.
+.SS Restricted filename characters
+.PP
+.TS
+tab(@);
+l c c.
+T{
+Character
+T}@T{
+Value
+T}@T{
+Replacement
+T}
+_
+T{
+NUL
+T}@T{
+0x00
+T}@T{
+\[u2400]
+T}
+T{
+/
+T}@T{
+0x2F
+T}@T{
+\[uFF0F]
+T}
+.TE
+.PP
+Invalid UTF-8 bytes will also be
+replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
+be used in JSON strings.
+.SS Deleting files
+.PP
+Any files you delete with rclone will end up in the trash.
+Amazon don\[aq]t provide an API to permanently delete files, nor to
+empty the trash, so you will have to do that with one of Amazon\[aq]s
+apps or via the Amazon Drive website.
+As of November 17, 2016, files are automatically deleted by Amazon from
+the trash after 30 days.
+.SS Using with non \f[C].com\f[R] Amazon accounts
+.PP
+Let\[aq]s say you usually use \f[C]amazon.co.uk\f[R].
+When you authenticate with rclone it will take you to an
+\f[C]amazon.com\f[R] page to log in.
+Your \f[C]amazon.co.uk\f[R] email and password should work here just
+fine.
+.SS Standard options
+.PP
+Here are the Standard options specific to amazon cloud drive (Amazon
+Drive).
+.SS --acd-client-id
+.PP
+OAuth Client Id.
+.PP
+Leave blank normally.
+.PP
+Properties:
 .IP \[bu] 2
-\[dq]cos.na-toronto.myqcloud.com\[dq]
-.RS 2
+Config: client_id
 .IP \[bu] 2
-Toronto Region
-.RE
+Env Var: RCLONE_ACD_CLIENT_ID
 .IP \[bu] 2
-\[dq]cos.eu-frankfurt.myqcloud.com\[dq]
-.RS 2
+Type: string
 .IP \[bu] 2
-Frankfurt Region
-.RE
+Required: false
+.SS --acd-client-secret
+.PP
+OAuth Client Secret.
+.PP
+Leave blank normally.
+.PP
+Properties:
 .IP \[bu] 2
-\[dq]cos.eu-moscow.myqcloud.com\[dq]
-.RS 2
+Config: client_secret
 .IP \[bu] 2
-Moscow Region
-.RE
+Env Var: RCLONE_ACD_CLIENT_SECRET
 .IP \[bu] 2
-\[dq]cos.accelerate.myqcloud.com\[dq]
-.RS 2
+Type: string
 .IP \[bu] 2
-Use Tencent COS Accelerate Endpoint
-.RE
-.RE
-.SS --s3-endpoint
+Required: false
+.SS Advanced options
+.PP
+Here are the Advanced options specific to amazon cloud drive (Amazon
+Drive).
+.SS --acd-token
 .PP
-Endpoint for RackCorp Object Storage.
+OAuth Access Token as a JSON blob.
 .PP
 Properties:
 .IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
+Config: token
 .IP \[bu] 2
-Provider: RackCorp
+Env Var: RCLONE_ACD_TOKEN
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
 Required: false
+.SS --acd-auth-url
+.PP
+Auth server URL.
+.PP
+Leave blank to use the provider defaults.
+.PP
+Properties:
 .IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]s3.rackcorp.com\[dq]
-.RS 2
-.IP \[bu] 2
-Global (AnyCast) Endpoint
-.RE
-.IP \[bu] 2
-\[dq]au.s3.rackcorp.com\[dq]
-.RS 2
-.IP \[bu] 2
-Australia (Anycast) Endpoint
-.RE
-.IP \[bu] 2
-\[dq]au-nsw.s3.rackcorp.com\[dq]
-.RS 2
-.IP \[bu] 2
-Sydney (Australia) Endpoint
-.RE
+Config: auth_url
 .IP \[bu] 2
-\[dq]au-qld.s3.rackcorp.com\[dq]
-.RS 2
+Env Var: RCLONE_ACD_AUTH_URL
 .IP \[bu] 2
-Brisbane (Australia) Endpoint
-.RE
+Type: string
 .IP \[bu] 2
-\[dq]au-vic.s3.rackcorp.com\[dq]
-.RS 2
+Required: false
+.SS --acd-token-url
+.PP
+Token server url.
+.PP
+Leave blank to use the provider defaults.
+.PP
+Properties:
 .IP \[bu] 2
-Melbourne (Australia) Endpoint
-.RE
+Config: token_url
 .IP \[bu] 2
-\[dq]au-wa.s3.rackcorp.com\[dq]
-.RS 2
+Env Var: RCLONE_ACD_TOKEN_URL
 .IP \[bu] 2
-Perth (Australia) Endpoint
-.RE
+Type: string
 .IP \[bu] 2
-\[dq]ph.s3.rackcorp.com\[dq]
-.RS 2
+Required: false
+.SS --acd-checkpoint
+.PP
+Checkpoint for internal polling (debug).
+.PP
+Properties:
 .IP \[bu] 2
-Manila (Philippines) Endpoint
-.RE
+Config: checkpoint
 .IP \[bu] 2
-\[dq]th.s3.rackcorp.com\[dq]
-.RS 2
+Env Var: RCLONE_ACD_CHECKPOINT
 .IP \[bu] 2
-Bangkok (Thailand) Endpoint
-.RE
+Type: string
 .IP \[bu] 2
-\[dq]hk.s3.rackcorp.com\[dq]
-.RS 2
+Required: false
+.SS --acd-upload-wait-per-gb
+.PP
+Additional time per GiB to wait after a failed complete upload to see if
+it appears.
+.PP
+Sometimes Amazon Drive gives an error when a file has been fully
+uploaded but the file appears anyway after a little while.
+This happens sometimes for files over 1 GiB in size and nearly every
+time for files bigger than 10 GiB.
+This parameter controls the time rclone waits for the file to appear.
+.PP
+The default value for this parameter is 3 minutes per GiB, so by default
+it will wait 3 minutes for every GiB uploaded to see if the file
+appears.
+.PP
+You can disable this feature by setting it to 0.
+This may cause conflict errors as rclone retries the failed upload but
+the file will most likely appear correctly eventually.
+.PP
+These values were determined empirically by observing lots of uploads of
+big files for a range of file sizes.
+.PP
+Upload with the \[dq]-v\[dq] flag to see more info about what rclone is
+doing in this situation.
+.PP
+Properties:
 .IP \[bu] 2
-HK (Hong Kong) Endpoint
-.RE
+Config: upload_wait_per_gb
 .IP \[bu] 2
-\[dq]mn.s3.rackcorp.com\[dq]
-.RS 2
+Env Var: RCLONE_ACD_UPLOAD_WAIT_PER_GB
 .IP \[bu] 2
-Ulaanbaatar (Mongolia) Endpoint
-.RE
+Type: Duration
 .IP \[bu] 2
-\[dq]kg.s3.rackcorp.com\[dq]
-.RS 2
+Default: 3m0s
+.SS --acd-templink-threshold
+.PP
+Files >= this size will be downloaded via their tempLink.
+.PP
+Files this size or more will be downloaded via their \[dq]tempLink\[dq].
+This is to work around a problem with Amazon Drive which blocks
+downloads of files bigger than about 10 GiB.
+The default for this is 9 GiB which shouldn\[aq]t need to be changed.
+.PP
+To download files above this threshold, rclone requests a
+\[dq]tempLink\[dq] which downloads the file through a temporary URL
+directly from the underlying S3 storage.
+.PP
+Properties:
 .IP \[bu] 2
-Bishkek (Kyrgyzstan) Endpoint
-.RE
+Config: templink_threshold
 .IP \[bu] 2
-\[dq]id.s3.rackcorp.com\[dq]
-.RS 2
+Env Var: RCLONE_ACD_TEMPLINK_THRESHOLD
 .IP \[bu] 2
-Jakarta (Indonesia) Endpoint
-.RE
+Type: SizeSuffix
 .IP \[bu] 2
-\[dq]jp.s3.rackcorp.com\[dq]
-.RS 2
+Default: 9Gi
+.SS --acd-encoding
+.PP
+The encoding for the backend.
+.PP
+See the encoding section in the
+overview (https://rclone.org/overview/#encoding) for more info.
+.PP
+Properties:
 .IP \[bu] 2
-Tokyo (Japan) Endpoint
-.RE
+Config: encoding
 .IP \[bu] 2
-\[dq]sg.s3.rackcorp.com\[dq]
-.RS 2
+Env Var: RCLONE_ACD_ENCODING
 .IP \[bu] 2
-SG (Singapore) Endpoint
-.RE
+Type: Encoding
 .IP \[bu] 2
-\[dq]de.s3.rackcorp.com\[dq]
-.RS 2
+Default: Slash,InvalidUtf8,Dot
+.SS Limitations
+.PP
+Note that Amazon Drive is case insensitive so you can\[aq]t have a file
+called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
+.PP
+Amazon Drive has rate limiting so you may notice errors in the sync (429
+errors).
+rclone will automatically retry the sync up to 3 times by default (see
+\f[C]--retries\f[R] flag) which should hopefully work around this
+problem.
+.PP
+Amazon Drive has an internal limit of file sizes that can be uploaded to
+the service.
+This limit is not officially published, but all files larger than this
+will fail.
+.PP
+At the time of writing (Jan 2016) is in the area of 50 GiB per file.
+This means that larger files are likely to fail.
+.PP
+Unfortunately there is no way for rclone to see that this failure is
+because of file size, so it will retry the operation, as any other
+failure.
+To avoid this problem, use \f[C]--max-size 50000M\f[R] option to limit
+the maximum size of uploaded files.
+Note that \f[C]--max-size\f[R] does not split files into segments, it
+only ignores files over this size.
+.PP
+\f[C]rclone about\f[R] is not supported by the Amazon Drive backend.
+Backends without this capability cannot determine free space for an
+rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
+of an rclone union remote.
+.PP
+See List of backends that do not support rclone
+about (https://rclone.org/overview/#optional-features) and rclone
+about (https://rclone.org/commands/rclone_about/)
+.SH Amazon S3 Storage Providers
+.PP
+The S3 backend can be used with a number of different providers:
 .IP \[bu] 2
-Frankfurt (Germany) Endpoint
-.RE
+AWS S3
 .IP \[bu] 2
-\[dq]us.s3.rackcorp.com\[dq]
-.RS 2
+Alibaba Cloud (Aliyun) Object Storage System (OSS)
 .IP \[bu] 2
-USA (AnyCast) Endpoint
-.RE
+Ceph
 .IP \[bu] 2
-\[dq]us-east-1.s3.rackcorp.com\[dq]
-.RS 2
+China Mobile Ecloud Elastic Object Storage (EOS)
 .IP \[bu] 2
-New York (USA) Endpoint
-.RE
+Cloudflare R2
 .IP \[bu] 2
-\[dq]us-west-1.s3.rackcorp.com\[dq]
-.RS 2
+Arvan Cloud Object Storage (AOS)
 .IP \[bu] 2
-Freemont (USA) Endpoint
-.RE
+DigitalOcean Spaces
 .IP \[bu] 2
-\[dq]nz.s3.rackcorp.com\[dq]
-.RS 2
+Dreamhost
 .IP \[bu] 2
-Auckland (New Zealand) Endpoint
-.RE
-.RE
-.SS --s3-endpoint
-.PP
-Endpoint for Qiniu Object Storage.
-.PP
-Properties:
+GCS
 .IP \[bu] 2
-Config: endpoint
+Huawei OBS
 .IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
+IBM COS S3
 .IP \[bu] 2
-Provider: Qiniu
+IDrive e2
 .IP \[bu] 2
-Type: string
+IONOS Cloud
 .IP \[bu] 2
-Required: false
+Leviia Object Storage
 .IP \[bu] 2
-Examples:
-.RS 2
+Liara Object Storage
 .IP \[bu] 2
-\[dq]s3-cn-east-1.qiniucs.com\[dq]
-.RS 2
+Linode Object Storage
 .IP \[bu] 2
-East China Endpoint 1
-.RE
+Minio
 .IP \[bu] 2
-\[dq]s3-cn-east-2.qiniucs.com\[dq]
-.RS 2
+Petabox
 .IP \[bu] 2
-East China Endpoint 2
-.RE
+Qiniu Cloud Object Storage (Kodo)
 .IP \[bu] 2
-\[dq]s3-cn-north-1.qiniucs.com\[dq]
-.RS 2
+RackCorp Object Storage
 .IP \[bu] 2
-North China Endpoint 1
-.RE
+Rclone Serve S3
 .IP \[bu] 2
-\[dq]s3-cn-south-1.qiniucs.com\[dq]
-.RS 2
+Scaleway
 .IP \[bu] 2
-South China Endpoint 1
-.RE
+Seagate Lyve Cloud
 .IP \[bu] 2
-\[dq]s3-us-north-1.qiniucs.com\[dq]
-.RS 2
+SeaweedFS
 .IP \[bu] 2
-North America Endpoint 1
-.RE
+StackPath
 .IP \[bu] 2
-\[dq]s3-ap-southeast-1.qiniucs.com\[dq]
-.RS 2
+Storj
 .IP \[bu] 2
-Southeast Asia Endpoint 1
-.RE
+Synology C2 Object Storage
 .IP \[bu] 2
-\[dq]s3-ap-northeast-1.qiniucs.com\[dq]
-.RS 2
+Tencent Cloud Object Storage (COS)
 .IP \[bu] 2
-Northeast Asia Endpoint 1
-.RE
-.RE
-.SS --s3-endpoint
+Wasabi
+.PP
+Paths are specified as \f[C]remote:bucket\f[R] (or \f[C]remote:\f[R] for
+the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
+\f[C]remote:bucket/path/to/dir\f[R].
+.PP
+Once you have made a remote (see the provider specific section above)
+you can use it like this:
+.PP
+See all buckets
+.IP
+.nf
+\f[C]
+rclone lsd remote:
+\f[R]
+.fi
+.PP
+Make a new bucket
+.IP
+.nf
+\f[C]
+rclone mkdir remote:bucket
+\f[R]
+.fi
+.PP
+List the contents of a bucket
+.IP
+.nf
+\f[C]
+rclone ls remote:bucket
+\f[R]
+.fi
+.PP
+Sync \f[C]/home/local/directory\f[R] to the remote bucket, deleting any
+excess files in the bucket.
+.IP
+.nf
+\f[C]
+rclone sync --interactive /home/local/directory remote:bucket
+\f[R]
+.fi
+.SS Configuration
+.PP
+Here is an example of making an s3 configuration for the AWS S3
+provider.
+Most applies to the other providers as well, any differences are
+described below.
+.PP
+First run
+.IP
+.nf
+\f[C]
+rclone config
+\f[R]
+.fi
+.PP
+This will guide you through an interactive setup process.
+.IP
+.nf
+\f[C]
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+name> remote
+Type of storage to configure.
+Choose a number from below, or type in your own value
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, Ceph, ChinaMobile, ArvanCloud, Dreamhost, IBM COS, Liara, Minio, and Tencent COS
+   \[rs] \[dq]s3\[dq]
+[snip]
+Storage> s3
+Choose your S3 provider.
+Choose a number from below, or type in your own value
+ 1 / Amazon Web Services (AWS) S3
+   \[rs] \[dq]AWS\[dq]
+ 2 / Ceph Object Storage
+   \[rs] \[dq]Ceph\[dq]
+ 3 / DigitalOcean Spaces
+   \[rs] \[dq]DigitalOcean\[dq]
+ 4 / Dreamhost DreamObjects
+   \[rs] \[dq]Dreamhost\[dq]
+ 5 / IBM COS S3
+   \[rs] \[dq]IBMCOS\[dq]
+ 6 / Minio Object Storage
+   \[rs] \[dq]Minio\[dq]
+ 7 / Wasabi Object Storage
+   \[rs] \[dq]Wasabi\[dq]
+ 8 / Any other S3 compatible provider
+   \[rs] \[dq]Other\[dq]
+provider> 1
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \[rs] \[dq]false\[dq]
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \[rs] \[dq]true\[dq]
+env_auth> 1
+AWS Access Key ID - leave blank for anonymous access or runtime credentials.
+access_key_id> XXX
+AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
+secret_access_key> YYY
+Region to connect to.
+Choose a number from below, or type in your own value
+   / The default endpoint - a good choice if you are unsure.
+ 1 | US Region, Northern Virginia, or Pacific Northwest.
+   | Leave location constraint empty.
+   \[rs] \[dq]us-east-1\[dq]
+   / US East (Ohio) Region
+ 2 | Needs location constraint us-east-2.
+   \[rs] \[dq]us-east-2\[dq]
+   / US West (Oregon) Region
+ 3 | Needs location constraint us-west-2.
+   \[rs] \[dq]us-west-2\[dq]
+   / US West (Northern California) Region
+ 4 | Needs location constraint us-west-1.
+   \[rs] \[dq]us-west-1\[dq]
+   / Canada (Central) Region
+ 5 | Needs location constraint ca-central-1.
+   \[rs] \[dq]ca-central-1\[dq]
+   / EU (Ireland) Region
+ 6 | Needs location constraint EU or eu-west-1.
+   \[rs] \[dq]eu-west-1\[dq]
+   / EU (London) Region
+ 7 | Needs location constraint eu-west-2.
+   \[rs] \[dq]eu-west-2\[dq]
+   / EU (Frankfurt) Region
+ 8 | Needs location constraint eu-central-1.
+   \[rs] \[dq]eu-central-1\[dq]
+   / Asia Pacific (Singapore) Region
+ 9 | Needs location constraint ap-southeast-1.
+   \[rs] \[dq]ap-southeast-1\[dq]
+   / Asia Pacific (Sydney) Region
+10 | Needs location constraint ap-southeast-2.
+   \[rs] \[dq]ap-southeast-2\[dq]
+   / Asia Pacific (Tokyo) Region
+11 | Needs location constraint ap-northeast-1.
+   \[rs] \[dq]ap-northeast-1\[dq]
+   / Asia Pacific (Seoul)
+12 | Needs location constraint ap-northeast-2.
+   \[rs] \[dq]ap-northeast-2\[dq]
+   / Asia Pacific (Mumbai)
+13 | Needs location constraint ap-south-1.
+   \[rs] \[dq]ap-south-1\[dq]
+   / Asia Pacific (Hong Kong) Region
+14 | Needs location constraint ap-east-1.
+   \[rs] \[dq]ap-east-1\[dq]
+   / South America (Sao Paulo) Region
+15 | Needs location constraint sa-east-1.
+   \[rs] \[dq]sa-east-1\[dq]
+region> 1
+Endpoint for S3 API.
+Leave blank if using AWS to use the default endpoint for the region.
+endpoint>
+Location constraint - must be set to match the Region. Used when creating buckets only.
+Choose a number from below, or type in your own value
+ 1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
+   \[rs] \[dq]\[dq]
+ 2 / US East (Ohio) Region.
+   \[rs] \[dq]us-east-2\[dq]
+ 3 / US West (Oregon) Region.
+   \[rs] \[dq]us-west-2\[dq]
+ 4 / US West (Northern California) Region.
+   \[rs] \[dq]us-west-1\[dq]
+ 5 / Canada (Central) Region.
+   \[rs] \[dq]ca-central-1\[dq]
+ 6 / EU (Ireland) Region.
+   \[rs] \[dq]eu-west-1\[dq]
+ 7 / EU (London) Region.
+   \[rs] \[dq]eu-west-2\[dq]
+ 8 / EU Region.
+   \[rs] \[dq]EU\[dq]
+ 9 / Asia Pacific (Singapore) Region.
+   \[rs] \[dq]ap-southeast-1\[dq]
+10 / Asia Pacific (Sydney) Region.
+   \[rs] \[dq]ap-southeast-2\[dq]
+11 / Asia Pacific (Tokyo) Region.
+   \[rs] \[dq]ap-northeast-1\[dq]
+12 / Asia Pacific (Seoul)
+   \[rs] \[dq]ap-northeast-2\[dq]
+13 / Asia Pacific (Mumbai)
+   \[rs] \[dq]ap-south-1\[dq]
+14 / Asia Pacific (Hong Kong)
+   \[rs] \[dq]ap-east-1\[dq]
+15 / South America (Sao Paulo) Region.
+   \[rs] \[dq]sa-east-1\[dq]
+location_constraint> 1
+Canned ACL used when creating buckets and/or storing objects in S3.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Choose a number from below, or type in your own value
+ 1 / Owner gets FULL_CONTROL. No one else has access rights (default).
+   \[rs] \[dq]private\[dq]
+ 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
+   \[rs] \[dq]public-read\[dq]
+   / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
+ 3 | Granting this on a bucket is generally not recommended.
+   \[rs] \[dq]public-read-write\[dq]
+ 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
+   \[rs] \[dq]authenticated-read\[dq]
+   / Object owner gets FULL_CONTROL. Bucket owner gets READ access.
+ 5 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \[rs] \[dq]bucket-owner-read\[dq]
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \[rs] \[dq]bucket-owner-full-control\[dq]
+acl> 1
+The server-side encryption algorithm used when storing this object in S3.
+Choose a number from below, or type in your own value
+ 1 / None
+   \[rs] \[dq]\[dq]
+ 2 / AES256
+   \[rs] \[dq]AES256\[dq]
+server_side_encryption> 1
+The storage class to use when storing objects in S3.
+Choose a number from below, or type in your own value
+ 1 / Default
+   \[rs] \[dq]\[dq]
+ 2 / Standard storage class
+   \[rs] \[dq]STANDARD\[dq]
+ 3 / Reduced redundancy storage class
+   \[rs] \[dq]REDUCED_REDUNDANCY\[dq]
+ 4 / Standard Infrequent Access storage class
+   \[rs] \[dq]STANDARD_IA\[dq]
+ 5 / One Zone Infrequent Access storage class
+   \[rs] \[dq]ONEZONE_IA\[dq]
+ 6 / Glacier storage class
+   \[rs] \[dq]GLACIER\[dq]
+ 7 / Glacier Deep Archive storage class
+   \[rs] \[dq]DEEP_ARCHIVE\[dq]
+ 8 / Intelligent-Tiering storage class
+   \[rs] \[dq]INTELLIGENT_TIERING\[dq]
+ 9 / Glacier Instant Retrieval storage class
+   \[rs] \[dq]GLACIER_IR\[dq]
+storage_class> 1
+Remote config
+--------------------
+[remote]
+type = s3
+provider = AWS
+env_auth = false
+access_key_id = XXX
+secret_access_key = YYY
+region = us-east-1
+endpoint =
+location_constraint =
+acl = private
+server_side_encryption =
+storage_class =
+--------------------
+y) Yes this is OK
+e) Edit this remote
+d) Delete this remote
+y/e/d>
+\f[R]
+.fi
+.SS Modification times and hashes
+.SS Modification times
+.PP
+The modified time is stored as metadata on the object as
+\f[C]X-Amz-Meta-Mtime\f[R] as floating point since the epoch, accurate
+to 1 ns.
+.PP
+If the modification time needs to be updated rclone will attempt to
+perform a server side copy to update the modification if the object can
+be copied in a single part.
+In the case the object is larger than 5Gb or is in Glacier or Glacier
+Deep Archive storage the object will be uploaded rather than copied.
+.PP
+Note that reading this from the object takes an additional
+\f[C]HEAD\f[R] request as the metadata isn\[aq]t returned in object
+listings.
+.SS Hashes
+.PP
+For small objects which weren\[aq]t uploaded as multipart uploads
+(objects sized below \f[C]--s3-upload-cutoff\f[R] if uploaded with
+rclone) rclone uses the \f[C]ETag:\f[R] header as an MD5 checksum.
+.PP
+However for objects which were uploaded as multipart uploads or with
+server side encryption (SSE-AWS or SSE-C) the \f[C]ETag\f[R] header is
+no longer the MD5 sum of the data, so rclone adds an additional piece of
+metadata \f[C]X-Amz-Meta-Md5chksum\f[R] which is a base64 encoded MD5
+hash (in the same format as is required for \f[C]Content-MD5\f[R]).
+You can use base64 -d and hexdump to check this value manually:
+.IP
+.nf
+\f[C]
+echo \[aq]VWTGdNx3LyXQDfA0e2Edxw==\[aq] | base64 -d | hexdump
+\f[R]
+.fi
 .PP
-Endpoint for S3 API.
+or you can use \f[C]rclone check\f[R] to verify the hashes are OK.
 .PP
-Required when using an S3 clone.
+For large objects, calculating this hash can take some time so the
+addition of this hash can be disabled with
+\f[C]--s3-disable-checksum\f[R].
+This will mean that these objects do not have an MD5 checksum.
 .PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_S3_ENDPOINT
-.IP \[bu] 2
-Provider:
-!AWS,IBMCOS,IDrive,IONOS,TencentCOS,HuaweiOBS,Alibaba,ChinaMobile,Liara,ArvanCloud,Scaleway,StackPath,Storj,RackCorp,Qiniu
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]objects-us-east-1.dream.io\[dq]
-.RS 2
-.IP \[bu] 2
-Dream Objects endpoint
-.RE
-.IP \[bu] 2
-\[dq]syd1.digitaloceanspaces.com\[dq]
-.RS 2
-.IP \[bu] 2
-DigitalOcean Spaces Sydney 1
-.RE
-.IP \[bu] 2
-\[dq]sfo3.digitaloceanspaces.com\[dq]
-.RS 2
-.IP \[bu] 2
-DigitalOcean Spaces San Francisco 3
-.RE
-.IP \[bu] 2
-\[dq]fra1.digitaloceanspaces.com\[dq]
-.RS 2
-.IP \[bu] 2
-DigitalOcean Spaces Frankfurt 1
-.RE
-.IP \[bu] 2
-\[dq]nyc3.digitaloceanspaces.com\[dq]
-.RS 2
-.IP \[bu] 2
-DigitalOcean Spaces New York 3
-.RE
-.IP \[bu] 2
-\[dq]ams3.digitaloceanspaces.com\[dq]
-.RS 2
-.IP \[bu] 2
-DigitalOcean Spaces Amsterdam 3
-.RE
-.IP \[bu] 2
-\[dq]sgp1.digitaloceanspaces.com\[dq]
-.RS 2
-.IP \[bu] 2
-DigitalOcean Spaces Singapore 1
-.RE
-.IP \[bu] 2
-\[dq]localhost:8333\[dq]
-.RS 2
-.IP \[bu] 2
-SeaweedFS S3 localhost
-.RE
-.IP \[bu] 2
-\[dq]s3.us-east-1.lyvecloud.seagate.com\[dq]
-.RS 2
-.IP \[bu] 2
-Seagate Lyve Cloud US East 1 (Virginia)
-.RE
-.IP \[bu] 2
-\[dq]s3.us-west-1.lyvecloud.seagate.com\[dq]
-.RS 2
-.IP \[bu] 2
-Seagate Lyve Cloud US West 1 (California)
-.RE
-.IP \[bu] 2
-\[dq]s3.ap-southeast-1.lyvecloud.seagate.com\[dq]
-.RS 2
-.IP \[bu] 2
-Seagate Lyve Cloud AP Southeast 1 (Singapore)
-.RE
-.IP \[bu] 2
-\[dq]s3.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi US East 1 (N.
-Virginia)
-.RE
-.IP \[bu] 2
-\[dq]s3.us-east-2.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi US East 2 (N.
-Virginia)
-.RE
-.IP \[bu] 2
-\[dq]s3.us-central-1.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi US Central 1 (Texas)
-.RE
-.IP \[bu] 2
-\[dq]s3.us-west-1.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi US West 1 (Oregon)
-.RE
-.IP \[bu] 2
-\[dq]s3.ca-central-1.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi CA Central 1 (Toronto)
-.RE
-.IP \[bu] 2
-\[dq]s3.eu-central-1.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi EU Central 1 (Amsterdam)
-.RE
-.IP \[bu] 2
-\[dq]s3.eu-central-2.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi EU Central 2 (Frankfurt)
-.RE
-.IP \[bu] 2
-\[dq]s3.eu-west-1.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi EU West 1 (London)
-.RE
-.IP \[bu] 2
-\[dq]s3.eu-west-2.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi EU West 2 (Paris)
-.RE
-.IP \[bu] 2
-\[dq]s3.ap-northeast-1.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi AP Northeast 1 (Tokyo) endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.ap-northeast-2.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi AP Northeast 2 (Osaka) endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.ap-southeast-1.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi AP Southeast 1 (Singapore)
-.RE
-.IP \[bu] 2
-\[dq]s3.ap-southeast-2.wasabisys.com\[dq]
-.RS 2
-.IP \[bu] 2
-Wasabi AP Southeast 2 (Sydney)
-.RE
-.IP \[bu] 2
-\[dq]storage.iran.liara.space\[dq]
-.RS 2
-.IP \[bu] 2
-Liara Iran endpoint
-.RE
-.IP \[bu] 2
-\[dq]s3.ir-thr-at1.arvanstorage.com\[dq]
-.RS 2
-.IP \[bu] 2
-ArvanCloud Tehran Iran (Asiatech) endpoint
-.RE
-.RE
-.SS --s3-location-constraint
+Note that reading this from the object takes an additional
+\f[C]HEAD\f[R] request as the metadata isn\[aq]t returned in object
+listings.
+.SS Reducing costs
+.SS Avoiding HEAD requests to read the modification time
 .PP
-Location constraint - must be set to match the Region.
+By default, rclone will use the modification time of objects stored in
+S3 for syncing.
+This is stored in object metadata which unfortunately takes an extra
+HEAD request to read which can be expensive (in time and money).
 .PP
-Used when creating buckets only.
+The modification time is used by default for all operations that require
+checking the time a file was last updated.
+It allows rclone to treat the remote more like a true filesystem, but it
+is inefficient on S3 because it requires an extra API call to retrieve
+the metadata.
 .PP
-Properties:
-.IP \[bu] 2
-Config: location_constraint
-.IP \[bu] 2
-Env Var: RCLONE_S3_LOCATION_CONSTRAINT
-.IP \[bu] 2
-Provider: AWS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Empty for US Region, Northern Virginia, or Pacific Northwest
-.RE
-.IP \[bu] 2
-\[dq]us-east-2\[dq]
-.RS 2
-.IP \[bu] 2
-US East (Ohio) Region
-.RE
-.IP \[bu] 2
-\[dq]us-west-1\[dq]
-.RS 2
-.IP \[bu] 2
-US West (Northern California) Region
-.RE
-.IP \[bu] 2
-\[dq]us-west-2\[dq]
-.RS 2
-.IP \[bu] 2
-US West (Oregon) Region
-.RE
+The extra API calls can be avoided when syncing (using
+\f[C]rclone sync\f[R] or \f[C]rclone copy\f[R]) in a few different ways,
+each with its own tradeoffs.
 .IP \[bu] 2
-\[dq]ca-central-1\[dq]
+\f[C]--size-only\f[R]
 .RS 2
 .IP \[bu] 2
-Canada (Central) Region
-.RE
-.IP \[bu] 2
-\[dq]eu-west-1\[dq]
-.RS 2
+Only checks the size of files.
 .IP \[bu] 2
-EU (Ireland) Region
-.RE
+Uses no extra transactions.
 .IP \[bu] 2
-\[dq]eu-west-2\[dq]
-.RS 2
+If the file doesn\[aq]t change size then rclone won\[aq]t detect it has
+changed.
 .IP \[bu] 2
-EU (London) Region
+\f[C]rclone sync --size-only /path/to/source s3:bucket\f[R]
 .RE
 .IP \[bu] 2
-\[dq]eu-west-3\[dq]
+\f[C]--checksum\f[R]
 .RS 2
 .IP \[bu] 2
-EU (Paris) Region
-.RE
-.IP \[bu] 2
-\[dq]eu-north-1\[dq]
-.RS 2
+Checks the size and MD5 checksum of files.
 .IP \[bu] 2
-EU (Stockholm) Region
-.RE
+Uses no extra transactions.
 .IP \[bu] 2
-\[dq]eu-south-1\[dq]
-.RS 2
+The most accurate detection of changes possible.
 .IP \[bu] 2
-EU (Milan) Region
-.RE
+Will cause the source to read an MD5 checksum which, if it is a local
+disk, will cause lots of disk activity.
 .IP \[bu] 2
-\[dq]EU\[dq]
-.RS 2
+If the source and destination are both S3 this is the
+\f[B]recommended\f[R] flag to use for maximum efficiency.
 .IP \[bu] 2
-EU Region
+\f[C]rclone sync --checksum /path/to/source s3:bucket\f[R]
 .RE
 .IP \[bu] 2
-\[dq]ap-southeast-1\[dq]
+\f[C]--update --use-server-modtime\f[R]
 .RS 2
 .IP \[bu] 2
-Asia Pacific (Singapore) Region
-.RE
-.IP \[bu] 2
-\[dq]ap-southeast-2\[dq]
-.RS 2
+Uses no extra transactions.
 .IP \[bu] 2
-Asia Pacific (Sydney) Region
-.RE
+Modification time becomes the time the object was uploaded.
 .IP \[bu] 2
-\[dq]ap-northeast-1\[dq]
-.RS 2
+For many operations this is sufficient to determine if it needs
+uploading.
 .IP \[bu] 2
-Asia Pacific (Tokyo) Region
-.RE
+Using \f[C]--update\f[R] along with \f[C]--use-server-modtime\f[R],
+avoids the extra API call and uploads files whose local modification
+time is newer than the time it was last uploaded.
 .IP \[bu] 2
-\[dq]ap-northeast-2\[dq]
-.RS 2
+Files created with timestamps in the past will be missed by the sync.
 .IP \[bu] 2
-Asia Pacific (Seoul) Region
+\f[C]rclone sync --update --use-server-modtime /path/to/source s3:bucket\f[R]
 .RE
+.PP
+These flags can and should be used in combination with
+\f[C]--fast-list\f[R] - see below.
+.PP
+If using \f[C]rclone mount\f[R] or any command using the VFS (eg
+\f[C]rclone serve\f[R]) commands then you might want to consider using
+the VFS flag \f[C]--no-modtime\f[R] which will stop rclone reading the
+modification time for every object.
+You could also use \f[C]--use-server-modtime\f[R] if you are happy with
+the modification times of the objects being the time of upload.
+.SS Avoiding GET requests to read directory listings
+.PP
+Rclone\[aq]s default directory traversal is to process each directory
+individually.
+This takes one API call per directory.
+Using the \f[C]--fast-list\f[R] flag will read all info about the
+objects into memory first using a smaller number of API calls (one per
+1000 objects).
+See the rclone docs (https://rclone.org/docs/#fast-list) for more
+details.
+.IP
+.nf
+\f[C]
+rclone sync --fast-list --checksum /path/to/source s3:bucket
+\f[R]
+.fi
+.PP
+\f[C]--fast-list\f[R] trades off API transactions for memory use.
+As a rough guide rclone uses 1k of memory per object stored, so using
+\f[C]--fast-list\f[R] on a sync of a million objects will use roughly 1
+GiB of RAM.
+.PP
+If you are only copying a small number of files into a big repository
+then using \f[C]--no-traverse\f[R] is a good idea.
+This finds objects directly instead of through directory listings.
+You can do a \[dq]top-up\[dq] sync very cheaply by using
+\f[C]--max-age\f[R] and \f[C]--no-traverse\f[R] to copy only recent
+files, eg
+.IP
+.nf
+\f[C]
+rclone copy --max-age 24h --no-traverse /path/to/source s3:bucket
+\f[R]
+.fi
+.PP
+You\[aq]d then do a full \f[C]rclone sync\f[R] less often.
+.PP
+Note that \f[C]--fast-list\f[R] isn\[aq]t required in the top-up sync.
+.SS Avoiding HEAD requests after PUT
+.PP
+By default, rclone will HEAD every object it uploads.
+It does this to check the object got uploaded correctly.
+.PP
+You can disable this with the --s3-no-head option - see there for more
+details.
+.PP
+Setting this flag increases the chance for undetected upload failures.
+.SS Versions
+.PP
+When bucket versioning is enabled (this can be done with rclone with the
+\f[C]rclone backend versioning\f[R] command) when rclone uploads a new
+version of a file it creates a new version of
+it (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html)
+Likewise when you delete a file, the old version will be marked hidden
+and still be available.
+.PP
+Old versions of files, where available, are visible using the
+\f[C]--s3-versions\f[R] flag.
+.PP
+It is also possible to view a bucket as it was at a certain point in
+time, using the \f[C]--s3-version-at\f[R] flag.
+This will show the file versions as they were at that time, showing
+files that have been deleted afterwards, and hiding files that were
+created since.
+.PP
+If you wish to remove all the old versions then you can use the
+\f[C]rclone backend cleanup-hidden remote:bucket\f[R] command which will
+delete all the old hidden versions of files, leaving the current ones
+intact.
+You can also supply a path and only old versions under that path will be
+deleted, e.g.
+\f[C]rclone backend cleanup-hidden remote:bucket/path/to/stuff\f[R].
+.PP
+When you \f[C]purge\f[R] a bucket, the current and the old versions will
+be deleted then the bucket will be deleted.
+.PP
+However \f[C]delete\f[R] will cause the current versions of the files to
+become hidden old versions.
+.PP
+Here is a session showing the listing and retrieval of an old version
+followed by a \f[C]cleanup\f[R] of the old versions.
+.PP
+Show current version and all the versions with \f[C]--s3-versions\f[R]
+flag.
+.IP
+.nf
+\f[C]
+$ rclone -q ls s3:cleanup-test
+        9 one.txt
+
+$ rclone -q --s3-versions ls s3:cleanup-test
+        9 one.txt
+        8 one-v2016-07-04-141032-000.txt
+       16 one-v2016-07-04-141003-000.txt
+       15 one-v2016-07-02-155621-000.txt
+\f[R]
+.fi
+.PP
+Retrieve an old version
+.IP
+.nf
+\f[C]
+$ rclone -q --s3-versions copy s3:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
+
+$ ls -l /tmp/one-v2016-07-04-141003-000.txt
+-rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
+\f[R]
+.fi
+.PP
+Clean up all the old versions and show that they\[aq]ve gone.
+.IP
+.nf
+\f[C]
+$ rclone -q backend cleanup-hidden s3:cleanup-test
+
+$ rclone -q ls s3:cleanup-test
+        9 one.txt
+
+$ rclone -q --s3-versions ls s3:cleanup-test
+        9 one.txt
+\f[R]
+.fi
+.SS Versions naming caveat
+.PP
+When using \f[C]--s3-versions\f[R] flag rclone is relying on the file
+name to work out whether the objects are versions or not.
+Versions\[aq] names are created by inserting timestamp between file name
+and its extension.
+.IP
+.nf
+\f[C]
+        9 file.txt
+        8 file-v2023-07-17-161032-000.txt
+       16 file-v2023-06-15-141003-000.txt
+\f[R]
+.fi
+.PP
+If there are real files present with the same names as versions, then
+behaviour of \f[C]--s3-versions\f[R] can be unpredictable.
+.SS Cleanup
+.PP
+If you run \f[C]rclone cleanup s3:bucket\f[R] then it will remove all
+pending multipart uploads older than 24 hours.
+You can use the \f[C]--interactive\f[R]/\f[C]i\f[R] or
+\f[C]--dry-run\f[R] flag to see exactly what it will do.
+If you want more control over the expiry date then run
+\f[C]rclone backend cleanup s3:bucket -o max-age=1h\f[R] to expire all
+uploads older than one hour.
+You can use \f[C]rclone backend list-multipart-uploads s3:bucket\f[R] to
+see the pending multipart uploads.
+.SS Restricted filename characters
+.PP
+S3 allows any valid UTF-8 string as a key.
+.PP
+Invalid UTF-8 bytes will be
+replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
+be used in XML.
+.PP
+The following characters are replaced since these are problematic when
+dealing with the REST API:
+.PP
+.TS
+tab(@);
+l c c.
+T{
+Character
+T}@T{
+Value
+T}@T{
+Replacement
+T}
+_
+T{
+NUL
+T}@T{
+0x00
+T}@T{
+\[u2400]
+T}
+T{
+/
+T}@T{
+0x2F
+T}@T{
+\[uFF0F]
+T}
+.TE
+.PP
+The encoding will also encode these file names as they don\[aq]t seem to
+work with the SDK properly:
+.PP
+.TS
+tab(@);
+l c.
+T{
+File name
+T}@T{
+Replacement
+T}
+_
+T{
+\&.
+T}@T{
+\[uFF0E]
+T}
+T{
+\&..
+T}@T{
+\[uFF0E]\[uFF0E]
+T}
+.TE
+.SS Multipart uploads
+.PP
+rclone supports multipart uploads with S3 which means that it can upload
+files bigger than 5 GiB.
+.PP
+Note that files uploaded \f[I]both\f[R] with multipart upload
+\f[I]and\f[R] through crypt remotes do not have MD5 sums.
+.PP
+rclone switches from single part uploads to multipart uploads at the
+point specified by \f[C]--s3-upload-cutoff\f[R].
+This can be a maximum of 5 GiB and a minimum of 0 (ie always upload
+multipart files).
+.PP
+The chunk sizes used in the multipart upload are specified by
+\f[C]--s3-chunk-size\f[R] and the number of chunks uploaded concurrently
+is specified by \f[C]--s3-upload-concurrency\f[R].
+.PP
+Multipart uploads will use \f[C]--transfers\f[R] *
+\f[C]--s3-upload-concurrency\f[R] * \f[C]--s3-chunk-size\f[R] extra
+memory.
+Single part uploads to not use extra memory.
+.PP
+Single part transfers can be faster than multipart transfers or slower
+depending on your latency from S3 - the more latency, the more likely
+single part transfers will be faster.
+.PP
+Increasing \f[C]--s3-upload-concurrency\f[R] will increase throughput (8
+would be a sensible value) and increasing \f[C]--s3-chunk-size\f[R] also
+increases throughput (16M would be sensible).
+Increasing either of these will use more memory.
+The default values are high enough to gain most of the possible
+performance without using too much memory.
+.SS Buckets and Regions
+.PP
+With Amazon S3 you can list buckets (\f[C]rclone lsd\f[R]) using any
+region, but you can only access the content of a bucket from the region
+it was created in.
+If you attempt to access a bucket from the wrong region, you will get an
+error,
+\f[C]incorrect region, the bucket is not in \[aq]XXX\[aq] region\f[R].
+.SS Authentication
+.PP
+There are a number of ways to supply \f[C]rclone\f[R] with a set of AWS
+credentials, with and without using the environment.
+.PP
+The different authentication methods are tried in this order:
 .IP \[bu] 2
-\[dq]ap-northeast-3\[dq]
+Directly in the rclone configuration file (\f[C]env_auth = false\f[R] in
+the config file):
 .RS 2
 .IP \[bu] 2
-Asia Pacific (Osaka-Local) Region
-.RE
-.IP \[bu] 2
-\[dq]ap-south-1\[dq]
-.RS 2
+\f[C]access_key_id\f[R] and \f[C]secret_access_key\f[R] are required.
 .IP \[bu] 2
-Asia Pacific (Mumbai) Region
+\f[C]session_token\f[R] can be optionally set when using AWS STS.
 .RE
 .IP \[bu] 2
-\[dq]ap-east-1\[dq]
+Runtime configuration (\f[C]env_auth = true\f[R] in the config file):
 .RS 2
 .IP \[bu] 2
-Asia Pacific (Hong Kong) Region
-.RE
-.IP \[bu] 2
-\[dq]sa-east-1\[dq]
+Export the following environment variables before running
+\f[C]rclone\f[R]:
 .RS 2
 .IP \[bu] 2
-South America (Sao Paulo) Region
-.RE
+Access Key ID: \f[C]AWS_ACCESS_KEY_ID\f[R] or \f[C]AWS_ACCESS_KEY\f[R]
 .IP \[bu] 2
-\[dq]me-south-1\[dq]
-.RS 2
+Secret Access Key: \f[C]AWS_SECRET_ACCESS_KEY\f[R] or
+\f[C]AWS_SECRET_KEY\f[R]
 .IP \[bu] 2
-Middle East (Bahrain) Region
+Session Token: \f[C]AWS_SESSION_TOKEN\f[R] (optional)
 .RE
 .IP \[bu] 2
-\[dq]af-south-1\[dq]
+Or, use a named
+profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html):
 .RS 2
 .IP \[bu] 2
-Africa (Cape Town) Region
-.RE
+Profile files are standard files used by AWS CLI tools
 .IP \[bu] 2
-\[dq]cn-north-1\[dq]
+By default it will use the profile in your home directory (e.g.
+\f[C]\[ti]/.aws/credentials\f[R] on unix based systems) file and the
+\[dq]default\[dq] profile, to change set these environment variables:
 .RS 2
 .IP \[bu] 2
-China (Beijing) Region
+\f[C]AWS_SHARED_CREDENTIALS_FILE\f[R] to control which file.
+.IP \[bu] 2
+\f[C]AWS_PROFILE\f[R] to control which profile to use.
+.RE
 .RE
 .IP \[bu] 2
-\[dq]cn-northwest-1\[dq]
-.RS 2
+Or, run \f[C]rclone\f[R] in an ECS task with an IAM role (AWS only).
 .IP \[bu] 2
-China (Ningxia) Region
+Or, run \f[C]rclone\f[R] on an EC2 instance with an IAM role (AWS only).
+.IP \[bu] 2
+Or, run \f[C]rclone\f[R] in an EKS pod with an IAM role that is
+associated with a service account (AWS only).
 .RE
+.PP
+If none of these option actually end up providing \f[C]rclone\f[R] with
+AWS credentials then S3 interaction will be non-authenticated (see
+below).
+.SS S3 Permissions
+.PP
+When using the \f[C]sync\f[R] subcommand of \f[C]rclone\f[R] the
+following minimum permissions are required to be available on the bucket
+being written to:
 .IP \[bu] 2
-\[dq]us-gov-east-1\[dq]
-.RS 2
+\f[C]ListBucket\f[R]
 .IP \[bu] 2
-AWS GovCloud (US-East) Region
-.RE
+\f[C]DeleteObject\f[R]
 .IP \[bu] 2
-\[dq]us-gov-west-1\[dq]
-.RS 2
+\f[C]GetObject\f[R]
 .IP \[bu] 2
-AWS GovCloud (US) Region
-.RE
+\f[C]PutObject\f[R]
+.IP \[bu] 2
+\f[C]PutObjectACL\f[R]
+.PP
+When using the \f[C]lsd\f[R] subcommand, the \f[C]ListAllMyBuckets\f[R]
+permission is required.
+.PP
+Example policy:
+.IP
+.nf
+\f[C]
+{
+    \[dq]Version\[dq]: \[dq]2012-10-17\[dq],
+    \[dq]Statement\[dq]: [
+        {
+            \[dq]Effect\[dq]: \[dq]Allow\[dq],
+            \[dq]Principal\[dq]: {
+                \[dq]AWS\[dq]: \[dq]arn:aws:iam::USER_SID:user/USER_NAME\[dq]
+            },
+            \[dq]Action\[dq]: [
+                \[dq]s3:ListBucket\[dq],
+                \[dq]s3:DeleteObject\[dq],
+                \[dq]s3:GetObject\[dq],
+                \[dq]s3:PutObject\[dq],
+                \[dq]s3:PutObjectAcl\[dq]
+            ],
+            \[dq]Resource\[dq]: [
+              \[dq]arn:aws:s3:::BUCKET_NAME/*\[dq],
+              \[dq]arn:aws:s3:::BUCKET_NAME\[dq]
+            ]
+        },
+        {
+            \[dq]Effect\[dq]: \[dq]Allow\[dq],
+            \[dq]Action\[dq]: \[dq]s3:ListAllMyBuckets\[dq],
+            \[dq]Resource\[dq]: \[dq]arn:aws:s3:::*\[dq]
+        }
+    ]
+}
+\f[R]
+.fi
+.PP
+Notes on above:
+.IP "1." 3
+This is a policy that can be used when creating bucket.
+It assumes that \f[C]USER_NAME\f[R] has been created.
+.IP "2." 3
+The Resource entry must include both resource ARNs, as one implies the
+bucket and the other implies the bucket\[aq]s objects.
+.PP
+For reference, here\[aq]s an Ansible
+script (https://gist.github.com/ebridges/ebfc9042dd7c756cd101cfa807b7ae2b)
+that will generate one or more buckets that will work with
+\f[C]rclone sync\f[R].
+.SS Key Management System (KMS)
+.PP
+If you are using server-side encryption with KMS then you must make sure
+rclone is configured with \f[C]server_side_encryption = aws:kms\f[R]
+otherwise you will find you can\[aq]t transfer small objects - these
+will create checksum errors.
+.SS Glacier and Glacier Deep Archive
+.PP
+You can upload objects using the glacier storage class or transition
+them to glacier using a lifecycle
+policy (http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html).
+The bucket can still be synced or copied into normally, but if rclone
+tries to access data from the glacier storage class you will see an
+error like below.
+.IP
+.nf
+\f[C]
+2017/09/11 19:07:43 Failed to sync: failed to open source object: Object in GLACIER, restore first: path/to/file
+\f[R]
+.fi
+.PP
+In this case you need to
+restore (http://docs.aws.amazon.com/AmazonS3/latest/user-guide/restore-archived-objects.html)
+the object(s) in question before using rclone.
+.PP
+Note that rclone only speaks the S3 API it does not speak the Glacier
+Vault API, so rclone cannot directly access Glacier Vaults.
+.SS Object-lock enabled S3 bucket
+.PP
+According to AWS\[aq]s documentation on S3 Object
+Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-permission):
+.RS
+.PP
+If you configure a default retention period on a bucket, requests to
+upload objects in such a bucket must include the Content-MD5 header.
 .RE
-.SS --s3-location-constraint
 .PP
-Location constraint - must match endpoint.
+As mentioned in the Modification times and hashes section, small files
+that are not uploaded as multipart, use a different tag, causing the
+upload to fail.
+A simple solution is to set the \f[C]--s3-upload-cutoff 0\f[R] and force
+all the files to be uploaded as multipart.
+.SS Standard options
 .PP
-Used when creating buckets only.
+Here are the Standard options specific to s3 (Amazon S3 Compliant
+Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile,
+Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive,
+IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox,
+RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology,
+TencentCOS, Wasabi, Qiniu and others).
+.SS --s3-provider
+.PP
+Choose your S3 provider.
 .PP
 Properties:
 .IP \[bu] 2
-Config: location_constraint
-.IP \[bu] 2
-Env Var: RCLONE_S3_LOCATION_CONSTRAINT
+Config: provider
 .IP \[bu] 2
-Provider: ChinaMobile
+Env Var: RCLONE_S3_PROVIDER
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
@@ -27548,436 +29722,497 @@ Required: false
 Examples:
 .RS 2
 .IP \[bu] 2
-\[dq]wuxi1\[dq]
+\[dq]AWS\[dq]
+.RS 2
+.IP \[bu] 2
+Amazon Web Services (AWS) S3
+.RE
+.IP \[bu] 2
+\[dq]Alibaba\[dq]
 .RS 2
 .IP \[bu] 2
-East China (Suzhou)
+Alibaba Cloud Object Storage System (OSS) formerly Aliyun
 .RE
 .IP \[bu] 2
-\[dq]jinan1\[dq]
+\[dq]ArvanCloud\[dq]
 .RS 2
 .IP \[bu] 2
-East China (Jinan)
+Arvan Cloud Object Storage (AOS)
 .RE
 .IP \[bu] 2
-\[dq]ningbo1\[dq]
+\[dq]Ceph\[dq]
 .RS 2
 .IP \[bu] 2
-East China (Hangzhou)
+Ceph Object Storage
 .RE
 .IP \[bu] 2
-\[dq]shanghai1\[dq]
+\[dq]ChinaMobile\[dq]
 .RS 2
 .IP \[bu] 2
-East China (Shanghai-1)
+China Mobile Ecloud Elastic Object Storage (EOS)
 .RE
 .IP \[bu] 2
-\[dq]zhengzhou1\[dq]
+\[dq]Cloudflare\[dq]
 .RS 2
 .IP \[bu] 2
-Central China (Zhengzhou)
+Cloudflare R2 Storage
 .RE
 .IP \[bu] 2
-\[dq]hunan1\[dq]
+\[dq]DigitalOcean\[dq]
 .RS 2
 .IP \[bu] 2
-Central China (Changsha-1)
+DigitalOcean Spaces
 .RE
 .IP \[bu] 2
-\[dq]zhuzhou1\[dq]
+\[dq]Dreamhost\[dq]
 .RS 2
 .IP \[bu] 2
-Central China (Changsha-2)
+Dreamhost DreamObjects
 .RE
 .IP \[bu] 2
-\[dq]guangzhou1\[dq]
+\[dq]GCS\[dq]
 .RS 2
 .IP \[bu] 2
-South China (Guangzhou-2)
+Google Cloud Storage
 .RE
 .IP \[bu] 2
-\[dq]dongguan1\[dq]
+\[dq]HuaweiOBS\[dq]
 .RS 2
 .IP \[bu] 2
-South China (Guangzhou-3)
+Huawei Object Storage Service
 .RE
 .IP \[bu] 2
-\[dq]beijing1\[dq]
+\[dq]IBMCOS\[dq]
 .RS 2
 .IP \[bu] 2
-North China (Beijing-1)
+IBM COS S3
 .RE
 .IP \[bu] 2
-\[dq]beijing2\[dq]
+\[dq]IDrive\[dq]
 .RS 2
 .IP \[bu] 2
-North China (Beijing-2)
+IDrive e2
 .RE
 .IP \[bu] 2
-\[dq]beijing4\[dq]
+\[dq]IONOS\[dq]
 .RS 2
 .IP \[bu] 2
-North China (Beijing-3)
+IONOS Cloud
 .RE
 .IP \[bu] 2
-\[dq]huhehaote1\[dq]
+\[dq]LyveCloud\[dq]
 .RS 2
 .IP \[bu] 2
-North China (Huhehaote)
+Seagate Lyve Cloud
 .RE
 .IP \[bu] 2
-\[dq]chengdu1\[dq]
+\[dq]Leviia\[dq]
 .RS 2
 .IP \[bu] 2
-Southwest China (Chengdu)
+Leviia Object Storage
 .RE
 .IP \[bu] 2
-\[dq]chongqing1\[dq]
+\[dq]Liara\[dq]
 .RS 2
 .IP \[bu] 2
-Southwest China (Chongqing)
+Liara Object Storage
 .RE
 .IP \[bu] 2
-\[dq]guiyang1\[dq]
+\[dq]Linode\[dq]
 .RS 2
 .IP \[bu] 2
-Southwest China (Guiyang)
+Linode Object Storage
 .RE
 .IP \[bu] 2
-\[dq]xian1\[dq]
+\[dq]Minio\[dq]
 .RS 2
 .IP \[bu] 2
-Nouthwest China (Xian)
+Minio Object Storage
 .RE
 .IP \[bu] 2
-\[dq]yunnan\[dq]
+\[dq]Netease\[dq]
 .RS 2
 .IP \[bu] 2
-Yunnan China (Kunming)
+Netease Object Storage (NOS)
 .RE
 .IP \[bu] 2
-\[dq]yunnan2\[dq]
+\[dq]Petabox\[dq]
 .RS 2
 .IP \[bu] 2
-Yunnan China (Kunming-2)
+Petabox Object Storage
 .RE
 .IP \[bu] 2
-\[dq]tianjin1\[dq]
+\[dq]RackCorp\[dq]
 .RS 2
 .IP \[bu] 2
-Tianjin China (Tianjin)
+RackCorp Object Storage
 .RE
 .IP \[bu] 2
-\[dq]jilin1\[dq]
+\[dq]Rclone\[dq]
 .RS 2
 .IP \[bu] 2
-Jilin China (Changchun)
+Rclone S3 Server
 .RE
 .IP \[bu] 2
-\[dq]hubei1\[dq]
+\[dq]Scaleway\[dq]
 .RS 2
 .IP \[bu] 2
-Hubei China (Xiangyan)
+Scaleway Object Storage
 .RE
 .IP \[bu] 2
-\[dq]jiangxi1\[dq]
+\[dq]SeaweedFS\[dq]
 .RS 2
 .IP \[bu] 2
-Jiangxi China (Nanchang)
+SeaweedFS S3
 .RE
 .IP \[bu] 2
-\[dq]gansu1\[dq]
+\[dq]StackPath\[dq]
 .RS 2
 .IP \[bu] 2
-Gansu China (Lanzhou)
+StackPath Object Storage
 .RE
 .IP \[bu] 2
-\[dq]shanxi1\[dq]
+\[dq]Storj\[dq]
 .RS 2
 .IP \[bu] 2
-Shanxi China (Taiyuan)
+Storj (S3 Compatible Gateway)
 .RE
 .IP \[bu] 2
-\[dq]liaoning1\[dq]
+\[dq]Synology\[dq]
 .RS 2
 .IP \[bu] 2
-Liaoning China (Shenyang)
+Synology C2 Object Storage
 .RE
 .IP \[bu] 2
-\[dq]hebei1\[dq]
+\[dq]TencentCOS\[dq]
 .RS 2
 .IP \[bu] 2
-Hebei China (Shijiazhuang)
+Tencent Cloud Object Storage (COS)
 .RE
 .IP \[bu] 2
-\[dq]fujian1\[dq]
+\[dq]Wasabi\[dq]
 .RS 2
 .IP \[bu] 2
-Fujian China (Xiamen)
+Wasabi Object Storage
 .RE
 .IP \[bu] 2
-\[dq]guangxi1\[dq]
+\[dq]Qiniu\[dq]
 .RS 2
 .IP \[bu] 2
-Guangxi China (Nanning)
+Qiniu Object Storage (Kodo)
 .RE
 .IP \[bu] 2
-\[dq]anhui1\[dq]
+\[dq]Other\[dq]
 .RS 2
 .IP \[bu] 2
-Anhui China (Huainan)
+Any other S3 compatible provider
 .RE
 .RE
-.SS --s3-location-constraint
+.SS --s3-env-auth
 .PP
-Location constraint - must match endpoint.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta
+data if no env vars).
 .PP
-Used when creating buckets only.
+Only applies if access_key_id and secret_access_key is blank.
 .PP
 Properties:
 .IP \[bu] 2
-Config: location_constraint
-.IP \[bu] 2
-Env Var: RCLONE_S3_LOCATION_CONSTRAINT
+Config: env_auth
 .IP \[bu] 2
-Provider: ArvanCloud
+Env Var: RCLONE_S3_ENV_AUTH
 .IP \[bu] 2
-Type: string
+Type: bool
 .IP \[bu] 2
-Required: false
+Default: false
 .IP \[bu] 2
 Examples:
 .RS 2
 .IP \[bu] 2
-\[dq]ir-thr-at1\[dq]
+\[dq]false\[dq]
 .RS 2
 .IP \[bu] 2
-Tehran Iran (Asiatech)
+Enter AWS credentials in the next step.
 .RE
 .IP \[bu] 2
-\[dq]ir-tbz-sh1\[dq]
+\[dq]true\[dq]
 .RS 2
 .IP \[bu] 2
-Tabriz Iran (Shahriar)
+Get AWS credentials from the environment (env vars or IAM).
 .RE
 .RE
-.SS --s3-location-constraint
+.SS --s3-access-key-id
 .PP
-Location constraint - must match endpoint when using IBM Cloud Public.
+AWS Access Key ID.
 .PP
-For on-prem COS, do not make a selection from this list, hit enter.
+Leave blank for anonymous access or runtime credentials.
 .PP
 Properties:
 .IP \[bu] 2
-Config: location_constraint
-.IP \[bu] 2
-Env Var: RCLONE_S3_LOCATION_CONSTRAINT
+Config: access_key_id
 .IP \[bu] 2
-Provider: IBMCOS
+Env Var: RCLONE_S3_ACCESS_KEY_ID
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
 Required: false
+.SS --s3-secret-access-key
+.PP
+AWS Secret Access Key (password).
+.PP
+Leave blank for anonymous access or runtime credentials.
+.PP
+Properties:
 .IP \[bu] 2
-Examples:
-.RS 2
+Config: secret_access_key
 .IP \[bu] 2
-\[dq]us-standard\[dq]
-.RS 2
+Env Var: RCLONE_S3_SECRET_ACCESS_KEY
 .IP \[bu] 2
-US Cross Region Standard
-.RE
+Type: string
 .IP \[bu] 2
-\[dq]us-vault\[dq]
-.RS 2
+Required: false
+.SS --s3-region
+.PP
+Region to connect to.
+.PP
+Properties:
 .IP \[bu] 2
-US Cross Region Vault
-.RE
+Config: region
 .IP \[bu] 2
-\[dq]us-cold\[dq]
-.RS 2
+Env Var: RCLONE_S3_REGION
 .IP \[bu] 2
-US Cross Region Cold
-.RE
+Provider: AWS
 .IP \[bu] 2
-\[dq]us-flex\[dq]
-.RS 2
+Type: string
 .IP \[bu] 2
-US Cross Region Flex
-.RE
+Required: false
 .IP \[bu] 2
-\[dq]us-east-standard\[dq]
+Examples:
 .RS 2
 .IP \[bu] 2
-US East Region Standard
-.RE
-.IP \[bu] 2
-\[dq]us-east-vault\[dq]
+\[dq]us-east-1\[dq]
 .RS 2
 .IP \[bu] 2
-US East Region Vault
-.RE
+The default endpoint - a good choice if you are unsure.
 .IP \[bu] 2
-\[dq]us-east-cold\[dq]
-.RS 2
+US Region, Northern Virginia, or Pacific Northwest.
 .IP \[bu] 2
-US East Region Cold
+Leave location constraint empty.
 .RE
 .IP \[bu] 2
-\[dq]us-east-flex\[dq]
+\[dq]us-east-2\[dq]
 .RS 2
 .IP \[bu] 2
-US East Region Flex
-.RE
-.IP \[bu] 2
-\[dq]us-south-standard\[dq]
-.RS 2
+US East (Ohio) Region.
 .IP \[bu] 2
-US South Region Standard
+Needs location constraint us-east-2.
 .RE
 .IP \[bu] 2
-\[dq]us-south-vault\[dq]
+\[dq]us-west-1\[dq]
 .RS 2
 .IP \[bu] 2
-US South Region Vault
+US West (Northern California) Region.
+.IP \[bu] 2
+Needs location constraint us-west-1.
 .RE
 .IP \[bu] 2
-\[dq]us-south-cold\[dq]
+\[dq]us-west-2\[dq]
 .RS 2
 .IP \[bu] 2
-US South Region Cold
+US West (Oregon) Region.
+.IP \[bu] 2
+Needs location constraint us-west-2.
 .RE
 .IP \[bu] 2
-\[dq]us-south-flex\[dq]
+\[dq]ca-central-1\[dq]
 .RS 2
 .IP \[bu] 2
-US South Region Flex
+Canada (Central) Region.
+.IP \[bu] 2
+Needs location constraint ca-central-1.
 .RE
 .IP \[bu] 2
-\[dq]eu-standard\[dq]
+\[dq]eu-west-1\[dq]
 .RS 2
 .IP \[bu] 2
-EU Cross Region Standard
+EU (Ireland) Region.
+.IP \[bu] 2
+Needs location constraint EU or eu-west-1.
 .RE
 .IP \[bu] 2
-\[dq]eu-vault\[dq]
+\[dq]eu-west-2\[dq]
 .RS 2
 .IP \[bu] 2
-EU Cross Region Vault
+EU (London) Region.
+.IP \[bu] 2
+Needs location constraint eu-west-2.
 .RE
 .IP \[bu] 2
-\[dq]eu-cold\[dq]
+\[dq]eu-west-3\[dq]
 .RS 2
 .IP \[bu] 2
-EU Cross Region Cold
+EU (Paris) Region.
+.IP \[bu] 2
+Needs location constraint eu-west-3.
 .RE
 .IP \[bu] 2
-\[dq]eu-flex\[dq]
+\[dq]eu-north-1\[dq]
 .RS 2
 .IP \[bu] 2
-EU Cross Region Flex
+EU (Stockholm) Region.
+.IP \[bu] 2
+Needs location constraint eu-north-1.
 .RE
 .IP \[bu] 2
-\[dq]eu-gb-standard\[dq]
+\[dq]eu-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-Great Britain Standard
+EU (Milan) Region.
+.IP \[bu] 2
+Needs location constraint eu-south-1.
 .RE
 .IP \[bu] 2
-\[dq]eu-gb-vault\[dq]
+\[dq]eu-central-1\[dq]
 .RS 2
 .IP \[bu] 2
-Great Britain Vault
+EU (Frankfurt) Region.
+.IP \[bu] 2
+Needs location constraint eu-central-1.
 .RE
 .IP \[bu] 2
-\[dq]eu-gb-cold\[dq]
+\[dq]ap-southeast-1\[dq]
 .RS 2
 .IP \[bu] 2
-Great Britain Cold
+Asia Pacific (Singapore) Region.
+.IP \[bu] 2
+Needs location constraint ap-southeast-1.
 .RE
 .IP \[bu] 2
-\[dq]eu-gb-flex\[dq]
+\[dq]ap-southeast-2\[dq]
 .RS 2
 .IP \[bu] 2
-Great Britain Flex
+Asia Pacific (Sydney) Region.
+.IP \[bu] 2
+Needs location constraint ap-southeast-2.
 .RE
 .IP \[bu] 2
-\[dq]ap-standard\[dq]
+\[dq]ap-northeast-1\[dq]
 .RS 2
 .IP \[bu] 2
-APAC Standard
+Asia Pacific (Tokyo) Region.
+.IP \[bu] 2
+Needs location constraint ap-northeast-1.
 .RE
 .IP \[bu] 2
-\[dq]ap-vault\[dq]
+\[dq]ap-northeast-2\[dq]
 .RS 2
 .IP \[bu] 2
-APAC Vault
+Asia Pacific (Seoul).
+.IP \[bu] 2
+Needs location constraint ap-northeast-2.
 .RE
 .IP \[bu] 2
-\[dq]ap-cold\[dq]
+\[dq]ap-northeast-3\[dq]
 .RS 2
 .IP \[bu] 2
-APAC Cold
+Asia Pacific (Osaka-Local).
+.IP \[bu] 2
+Needs location constraint ap-northeast-3.
 .RE
 .IP \[bu] 2
-\[dq]ap-flex\[dq]
+\[dq]ap-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-APAC Flex
+Asia Pacific (Mumbai).
+.IP \[bu] 2
+Needs location constraint ap-south-1.
 .RE
 .IP \[bu] 2
-\[dq]mel01-standard\[dq]
+\[dq]ap-east-1\[dq]
 .RS 2
 .IP \[bu] 2
-Melbourne Standard
+Asia Pacific (Hong Kong) Region.
+.IP \[bu] 2
+Needs location constraint ap-east-1.
 .RE
 .IP \[bu] 2
-\[dq]mel01-vault\[dq]
+\[dq]sa-east-1\[dq]
 .RS 2
 .IP \[bu] 2
-Melbourne Vault
+South America (Sao Paulo) Region.
+.IP \[bu] 2
+Needs location constraint sa-east-1.
 .RE
 .IP \[bu] 2
-\[dq]mel01-cold\[dq]
+\[dq]me-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-Melbourne Cold
+Middle East (Bahrain) Region.
+.IP \[bu] 2
+Needs location constraint me-south-1.
 .RE
 .IP \[bu] 2
-\[dq]mel01-flex\[dq]
+\[dq]af-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-Melbourne Flex
+Africa (Cape Town) Region.
+.IP \[bu] 2
+Needs location constraint af-south-1.
 .RE
 .IP \[bu] 2
-\[dq]tor01-standard\[dq]
+\[dq]cn-north-1\[dq]
 .RS 2
 .IP \[bu] 2
-Toronto Standard
+China (Beijing) Region.
+.IP \[bu] 2
+Needs location constraint cn-north-1.
 .RE
 .IP \[bu] 2
-\[dq]tor01-vault\[dq]
+\[dq]cn-northwest-1\[dq]
 .RS 2
 .IP \[bu] 2
-Toronto Vault
+China (Ningxia) Region.
+.IP \[bu] 2
+Needs location constraint cn-northwest-1.
 .RE
 .IP \[bu] 2
-\[dq]tor01-cold\[dq]
+\[dq]us-gov-east-1\[dq]
 .RS 2
 .IP \[bu] 2
-Toronto Cold
+AWS GovCloud (US-East) Region.
+.IP \[bu] 2
+Needs location constraint us-gov-east-1.
 .RE
 .IP \[bu] 2
-\[dq]tor01-flex\[dq]
+\[dq]us-gov-west-1\[dq]
 .RS 2
 .IP \[bu] 2
-Toronto Flex
+AWS GovCloud (US) Region.
+.IP \[bu] 2
+Needs location constraint us-gov-west-1.
 .RE
 .RE
+.SS --s3-endpoint
+.PP
+Endpoint for S3 API.
+.PP
+Leave blank if using AWS to use the default endpoint for the region.
+.PP
+Properties:
+.IP \[bu] 2
+Config: endpoint
+.IP \[bu] 2
+Env Var: RCLONE_S3_ENDPOINT
+.IP \[bu] 2
+Provider: AWS
+.IP \[bu] 2
+Type: string
+.IP \[bu] 2
+Required: false
 .SS --s3-location-constraint
 .PP
-Location constraint - the location where your bucket will be located and
-your data stored.
+Location constraint - must be set to match the Region.
+.PP
+Used when creating buckets only.
 .PP
 Properties:
 .IP \[bu] 2
@@ -27985,7 +30220,7 @@ Config: location_constraint
 .IP \[bu] 2
 Env Var: RCLONE_S3_LOCATION_CONSTRAINT
 .IP \[bu] 2
-Provider: RackCorp
+Provider: AWS
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
@@ -27994,202 +30229,156 @@ Required: false
 Examples:
 .RS 2
 .IP \[bu] 2
-\[dq]global\[dq]
+\[dq]\[dq]
 .RS 2
 .IP \[bu] 2
-Global CDN Region
+Empty for US Region, Northern Virginia, or Pacific Northwest
 .RE
 .IP \[bu] 2
-\[dq]au\[dq]
+\[dq]us-east-2\[dq]
 .RS 2
 .IP \[bu] 2
-Australia (All locations)
+US East (Ohio) Region
 .RE
 .IP \[bu] 2
-\[dq]au-nsw\[dq]
+\[dq]us-west-1\[dq]
 .RS 2
 .IP \[bu] 2
-NSW (Australia) Region
+US West (Northern California) Region
 .RE
 .IP \[bu] 2
-\[dq]au-qld\[dq]
+\[dq]us-west-2\[dq]
 .RS 2
 .IP \[bu] 2
-QLD (Australia) Region
+US West (Oregon) Region
 .RE
 .IP \[bu] 2
-\[dq]au-vic\[dq]
+\[dq]ca-central-1\[dq]
 .RS 2
 .IP \[bu] 2
-VIC (Australia) Region
+Canada (Central) Region
 .RE
 .IP \[bu] 2
-\[dq]au-wa\[dq]
+\[dq]eu-west-1\[dq]
 .RS 2
 .IP \[bu] 2
-Perth (Australia) Region
+EU (Ireland) Region
 .RE
 .IP \[bu] 2
-\[dq]ph\[dq]
+\[dq]eu-west-2\[dq]
 .RS 2
 .IP \[bu] 2
-Manila (Philippines) Region
+EU (London) Region
 .RE
 .IP \[bu] 2
-\[dq]th\[dq]
+\[dq]eu-west-3\[dq]
 .RS 2
 .IP \[bu] 2
-Bangkok (Thailand) Region
+EU (Paris) Region
 .RE
 .IP \[bu] 2
-\[dq]hk\[dq]
+\[dq]eu-north-1\[dq]
 .RS 2
 .IP \[bu] 2
-HK (Hong Kong) Region
+EU (Stockholm) Region
 .RE
 .IP \[bu] 2
-\[dq]mn\[dq]
+\[dq]eu-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-Ulaanbaatar (Mongolia) Region
+EU (Milan) Region
 .RE
 .IP \[bu] 2
-\[dq]kg\[dq]
+\[dq]EU\[dq]
 .RS 2
 .IP \[bu] 2
-Bishkek (Kyrgyzstan) Region
+EU Region
 .RE
 .IP \[bu] 2
-\[dq]id\[dq]
+\[dq]ap-southeast-1\[dq]
 .RS 2
 .IP \[bu] 2
-Jakarta (Indonesia) Region
+Asia Pacific (Singapore) Region
 .RE
 .IP \[bu] 2
-\[dq]jp\[dq]
+\[dq]ap-southeast-2\[dq]
 .RS 2
 .IP \[bu] 2
-Tokyo (Japan) Region
+Asia Pacific (Sydney) Region
 .RE
 .IP \[bu] 2
-\[dq]sg\[dq]
+\[dq]ap-northeast-1\[dq]
 .RS 2
 .IP \[bu] 2
-SG (Singapore) Region
+Asia Pacific (Tokyo) Region
 .RE
 .IP \[bu] 2
-\[dq]de\[dq]
+\[dq]ap-northeast-2\[dq]
 .RS 2
 .IP \[bu] 2
-Frankfurt (Germany) Region
+Asia Pacific (Seoul) Region
 .RE
 .IP \[bu] 2
-\[dq]us\[dq]
+\[dq]ap-northeast-3\[dq]
 .RS 2
 .IP \[bu] 2
-USA (AnyCast) Region
+Asia Pacific (Osaka-Local) Region
 .RE
 .IP \[bu] 2
-\[dq]us-east-1\[dq]
+\[dq]ap-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-New York (USA) Region
+Asia Pacific (Mumbai) Region
 .RE
 .IP \[bu] 2
-\[dq]us-west-1\[dq]
+\[dq]ap-east-1\[dq]
 .RS 2
 .IP \[bu] 2
-Freemont (USA) Region
+Asia Pacific (Hong Kong) Region
 .RE
 .IP \[bu] 2
-\[dq]nz\[dq]
+\[dq]sa-east-1\[dq]
 .RS 2
 .IP \[bu] 2
-Auckland (New Zealand) Region
-.RE
+South America (Sao Paulo) Region
 .RE
-.SS --s3-location-constraint
-.PP
-Location constraint - must be set to match the Region.
-.PP
-Used when creating buckets only.
-.PP
-Properties:
-.IP \[bu] 2
-Config: location_constraint
-.IP \[bu] 2
-Env Var: RCLONE_S3_LOCATION_CONSTRAINT
-.IP \[bu] 2
-Provider: Qiniu
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
 .IP \[bu] 2
-\[dq]cn-east-1\[dq]
+\[dq]me-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-East China Region 1
+Middle East (Bahrain) Region
 .RE
 .IP \[bu] 2
-\[dq]cn-east-2\[dq]
+\[dq]af-south-1\[dq]
 .RS 2
 .IP \[bu] 2
-East China Region 2
+Africa (Cape Town) Region
 .RE
 .IP \[bu] 2
 \[dq]cn-north-1\[dq]
 .RS 2
 .IP \[bu] 2
-North China Region 1
-.RE
-.IP \[bu] 2
-\[dq]cn-south-1\[dq]
-.RS 2
-.IP \[bu] 2
-South China Region 1
+China (Beijing) Region
 .RE
 .IP \[bu] 2
-\[dq]us-north-1\[dq]
+\[dq]cn-northwest-1\[dq]
 .RS 2
 .IP \[bu] 2
-North America Region 1
+China (Ningxia) Region
 .RE
 .IP \[bu] 2
-\[dq]ap-southeast-1\[dq]
+\[dq]us-gov-east-1\[dq]
 .RS 2
 .IP \[bu] 2
-Southeast Asia Region 1
+AWS GovCloud (US-East) Region
 .RE
 .IP \[bu] 2
-\[dq]ap-northeast-1\[dq]
+\[dq]us-gov-west-1\[dq]
 .RS 2
 .IP \[bu] 2
-Northeast Asia Region 1
+AWS GovCloud (US) Region
 .RE
 .RE
-.SS --s3-location-constraint
-.PP
-Location constraint - must be set to match the Region.
-.PP
-Leave blank if not sure.
-Used when creating buckets only.
-.PP
-Properties:
-.IP \[bu] 2
-Config: location_constraint
-.IP \[bu] 2
-Env Var: RCLONE_S3_LOCATION_CONSTRAINT
-.IP \[bu] 2
-Provider:
-!AWS,Alibaba,HuaweiOBS,ChinaMobile,Cloudflare,IBMCOS,IDrive,IONOS,Liara,ArvanCloud,Qiniu,RackCorp,Scaleway,StackPath,Storj,TencentCOS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
 .SS --s3-acl
 .PP
 Canned ACL used when creating buckets and storing or copying objects.
@@ -28212,7 +30401,7 @@ Config: acl
 .IP \[bu] 2
 Env Var: RCLONE_S3_ACL
 .IP \[bu] 2
-Provider: !Storj,Cloudflare
+Provider: !Storj,Synology,Cloudflare
 .IP \[bu] 2
 Type: string
 .IP \[bu] 2
@@ -28470,276 +30659,14 @@ Intelligent-Tiering storage class
 Glacier Instant Retrieval storage class
 .RE
 .RE
-.SS --s3-storage-class
-.PP
-The storage class to use when storing new objects in OSS.
-.PP
-Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_S3_STORAGE_CLASS
-.IP \[bu] 2
-Provider: Alibaba
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Default
-.RE
-.IP \[bu] 2
-\[dq]STANDARD\[dq]
-.RS 2
-.IP \[bu] 2
-Standard storage class
-.RE
-.IP \[bu] 2
-\[dq]GLACIER\[dq]
-.RS 2
-.IP \[bu] 2
-Archive storage mode
-.RE
-.IP \[bu] 2
-\[dq]STANDARD_IA\[dq]
-.RS 2
-.IP \[bu] 2
-Infrequent access storage mode
-.RE
-.RE
-.SS --s3-storage-class
-.PP
-The storage class to use when storing new objects in ChinaMobile.
-.PP
-Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_S3_STORAGE_CLASS
-.IP \[bu] 2
-Provider: ChinaMobile
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Default
-.RE
-.IP \[bu] 2
-\[dq]STANDARD\[dq]
-.RS 2
-.IP \[bu] 2
-Standard storage class
-.RE
-.IP \[bu] 2
-\[dq]GLACIER\[dq]
-.RS 2
-.IP \[bu] 2
-Archive storage mode
-.RE
-.IP \[bu] 2
-\[dq]STANDARD_IA\[dq]
-.RS 2
-.IP \[bu] 2
-Infrequent access storage mode
-.RE
-.RE
-.SS --s3-storage-class
-.PP
-The storage class to use when storing new objects in Liara
-.PP
-Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_S3_STORAGE_CLASS
-.IP \[bu] 2
-Provider: Liara
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]STANDARD\[dq]
-.RS 2
-.IP \[bu] 2
-Standard storage class
-.RE
-.RE
-.SS --s3-storage-class
-.PP
-The storage class to use when storing new objects in ArvanCloud.
-.PP
-Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_S3_STORAGE_CLASS
-.IP \[bu] 2
-Provider: ArvanCloud
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]STANDARD\[dq]
-.RS 2
-.IP \[bu] 2
-Standard storage class
-.RE
-.RE
-.SS --s3-storage-class
-.PP
-The storage class to use when storing new objects in Tencent COS.
-.PP
-Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_S3_STORAGE_CLASS
-.IP \[bu] 2
-Provider: TencentCOS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Default
-.RE
-.IP \[bu] 2
-\[dq]STANDARD\[dq]
-.RS 2
-.IP \[bu] 2
-Standard storage class
-.RE
-.IP \[bu] 2
-\[dq]ARCHIVE\[dq]
-.RS 2
-.IP \[bu] 2
-Archive storage mode
-.RE
-.IP \[bu] 2
-\[dq]STANDARD_IA\[dq]
-.RS 2
-.IP \[bu] 2
-Infrequent access storage mode
-.RE
-.RE
-.SS --s3-storage-class
-.PP
-The storage class to use when storing new objects in S3.
-.PP
-Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_S3_STORAGE_CLASS
-.IP \[bu] 2
-Provider: Scaleway
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Default.
-.RE
-.IP \[bu] 2
-\[dq]STANDARD\[dq]
-.RS 2
-.IP \[bu] 2
-The Standard class for any upload.
-.IP \[bu] 2
-Suitable for on-demand content like streaming or CDN.
-.RE
-.IP \[bu] 2
-\[dq]GLACIER\[dq]
-.RS 2
-.IP \[bu] 2
-Archived storage.
-.IP \[bu] 2
-Prices are lower, but it needs to be restored first to be accessed.
-.RE
-.RE
-.SS --s3-storage-class
-.PP
-The storage class to use when storing new objects in Qiniu.
-.PP
-Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_S3_STORAGE_CLASS
-.IP \[bu] 2
-Provider: Qiniu
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]STANDARD\[dq]
-.RS 2
-.IP \[bu] 2
-Standard storage class
-.RE
-.IP \[bu] 2
-\[dq]LINE\[dq]
-.RS 2
-.IP \[bu] 2
-Infrequent access storage mode
-.RE
-.IP \[bu] 2
-\[dq]GLACIER\[dq]
-.RS 2
-.IP \[bu] 2
-Archive storage mode
-.RE
-.IP \[bu] 2
-\[dq]DEEP_ARCHIVE\[dq]
-.RS 2
-.IP \[bu] 2
-Deep archive storage mode
-.RE
-.RE
 .SS Advanced options
 .PP
 Here are the Advanced options specific to s3 (Amazon S3 Compliant
-Storage Providers including AWS, Alibaba, Ceph, China Mobile,
-Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS,
-IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, RackCorp,
-Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi).
+Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile,
+Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive,
+IONOS, LyveCloud, Leviia, Liara, Linode, Minio, Netease, Petabox,
+RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology,
+TencentCOS, Wasabi, Qiniu and others).
 .SS --s3-bucket-acl
 .PP
 Canned ACL used when creating buckets.
@@ -29363,17 +31290,13 @@ Config: encoding
 .IP \[bu] 2
 Env Var: RCLONE_S3_ENCODING
 .IP \[bu] 2
-Type: MultiEncoder
+Type: Encoding
 .IP \[bu] 2
 Default: Slash,InvalidUtf8,Dot
 .SS --s3-memory-pool-flush-time
 .PP
 How often internal memory buffer pools will be flushed.
-.PP
-Uploads which requires additional buffers (f.e multipart) will use
-memory pool for allocations.
-This option controls how often unused buffers will be removed from the
-pool.
+(no longer used)
 .PP
 Properties:
 .IP \[bu] 2
@@ -29387,6 +31310,7 @@ Default: 1m0s
 .SS --s3-memory-pool-use-mmap
 .PP
 Whether to use mmap buffers in internal memory pool.
+(no longer used)
 .PP
 Properties:
 .IP \[bu] 2
@@ -29434,6 +31358,23 @@ Env Var: RCLONE_S3_DOWNLOAD_URL
 Type: string
 .IP \[bu] 2
 Required: false
+.SS --s3-directory-markers
+.PP
+Upload an empty object with a trailing slash when a new directory is
+created
+.PP
+Empty folders are unsupported for bucket based remotes, this option
+creates an empty object ending with \[dq]/\[dq], to persist the folder.
+.PP
+Properties:
+.IP \[bu] 2
+Config: directory_markers
+.IP \[bu] 2
+Env Var: RCLONE_S3_DIRECTORY_MARKERS
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
 .SS --s3-use-multipart-etag
 .PP
 Whether to use ETag in multipart uploads for verification
@@ -29565,6 +31506,35 @@ Env Var: RCLONE_S3_MIGHT_GZIP
 Type: Tristate
 .IP \[bu] 2
 Default: unset
+.SS --s3-use-accept-encoding-gzip
+.PP
+Whether to send \f[C]Accept-Encoding: gzip\f[R] header.
+.PP
+By default, rclone will append \f[C]Accept-Encoding: gzip\f[R] to the
+request to download compressed objects whenever possible.
+.PP
+However some providers such as Google Cloud Storage may alter the HTTP
+headers, breaking the signature of the request.
+.PP
+A symptom of this would be receiving errors like
+.IP
+.nf
+\f[C]
+SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.
+\f[R]
+.fi
+.PP
+In this case, you might want to try disabling this option.
+.PP
+Properties:
+.IP \[bu] 2
+Config: use_accept_encoding_gzip
+.IP \[bu] 2
+Env Var: RCLONE_S3_USE_ACCEPT_ENCODING_GZIP
+.IP \[bu] 2
+Type: Tristate
+.IP \[bu] 2
+Default: unset
 .SS --s3-no-system-metadata
 .PP
 Suppress setting and reading of system metadata
@@ -29595,6 +31565,61 @@ Provider: AWS
 Type: string
 .IP \[bu] 2
 Required: false
+.SS --s3-use-already-exists
+.PP
+Set if rclone should report BucketAlreadyExists errors on bucket
+creation.
+.PP
+At some point during the evolution of the s3 protocol, AWS started
+returning an \f[C]AlreadyOwnedByYou\f[R] error when attempting to create
+a bucket that the user already owned, rather than a
+\f[C]BucketAlreadyExists\f[R] error.
+.PP
+Unfortunately exactly what has been implemented by s3 clones is a little
+inconsistent, some return \f[C]AlreadyOwnedByYou\f[R], some return
+\f[C]BucketAlreadyExists\f[R] and some return no error at all.
+.PP
+This is important to rclone because it ensures the bucket exists by
+creating it on quite a lot of operations (unless
+\f[C]--s3-no-check-bucket\f[R] is used).
+.PP
+If rclone knows the provider can return \f[C]AlreadyOwnedByYou\f[R] or
+returns no error then it can report \f[C]BucketAlreadyExists\f[R] errors
+when the user attempts to create a bucket not owned by them.
+Otherwise rclone ignores the \f[C]BucketAlreadyExists\f[R] error which
+can lead to confusion.
+.PP
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+.PP
+Properties:
+.IP \[bu] 2
+Config: use_already_exists
+.IP \[bu] 2
+Env Var: RCLONE_S3_USE_ALREADY_EXISTS
+.IP \[bu] 2
+Type: Tristate
+.IP \[bu] 2
+Default: unset
+.SS --s3-use-multipart-uploads
+.PP
+Set if rclone should use multipart uploads.
+.PP
+You can change this if you want to disable the use of multipart uploads.
+This shouldn\[aq]t be necessary in normal operation.
+.PP
+This should be automatically set correctly for all providers rclone
+knows about - please make a bug report if not.
+.PP
+Properties:
+.IP \[bu] 2
+Config: use_multipart_uploads
+.IP \[bu] 2
+Env Var: RCLONE_S3_USE_MULTIPART_UPLOADS
+.IP \[bu] 2
+Type: Tristate
+.IP \[bu] 2
+Default: unset
 .SS Metadata
 .PP
 User metadata is stored as x-amz-meta- keys.
@@ -29745,9 +31770,9 @@ Usage Examples:
 .IP
 .nf
 \f[C]
-rclone backend restore s3:bucket/path/to/object [-o priority=PRIORITY] [-o lifetime=DAYS]
-rclone backend restore s3:bucket/path/to/directory [-o priority=PRIORITY] [-o lifetime=DAYS]
-rclone backend restore s3:bucket [-o priority=PRIORITY] [-o lifetime=DAYS]
+rclone backend restore s3:bucket/path/to/object -o priority=PRIORITY -o lifetime=DAYS
+rclone backend restore s3:bucket/path/to/directory -o priority=PRIORITY -o lifetime=DAYS
+rclone backend restore s3:bucket -o priority=PRIORITY -o lifetime=DAYS
 \f[R]
 .fi
 .PP
@@ -29756,7 +31781,7 @@ Test first with --interactive/-i or --dry-run flags
 .IP
 .nf
 \f[C]
-rclone --interactive backend restore --include \[dq]*.txt\[dq] s3:bucket/path -o priority=Standard
+rclone --interactive backend restore --include \[dq]*.txt\[dq] s3:bucket/path -o priority=Standard -o lifetime=1
 \f[R]
 .fi
 .PP
@@ -29764,7 +31789,7 @@ All the objects shown will be marked for restore, then
 .IP
 .nf
 \f[C]
-rclone backend restore --include \[dq]*.txt\[dq] s3:bucket/path -o priority=Standard
+rclone backend restore --include \[dq]*.txt\[dq] s3:bucket/path -o priority=Standard -o lifetime=1
 \f[R]
 .fi
 .PP
@@ -29776,11 +31801,11 @@ The Status will be OK if it was successful or an error message if not.
 [
     {
         \[dq]Status\[dq]: \[dq]OK\[dq],
-        \[dq]Path\[dq]: \[dq]test.txt\[dq]
+        \[dq]Remote\[dq]: \[dq]test.txt\[dq]
     },
     {
         \[dq]Status\[dq]: \[dq]OK\[dq],
-        \[dq]Path\[dq]: \[dq]test/file4.txt\[dq]
+        \[dq]Remote\[dq]: \[dq]test/file4.txt\[dq]
     }
 ]
 \f[R]
@@ -29793,6 +31818,63 @@ Options:
 \[dq]lifetime\[dq]: Lifetime of the active copy in days
 .IP \[bu] 2
 \[dq]priority\[dq]: Priority of restore: Standard|Expedited|Bulk
+.SS restore-status
+.PP
+Show the restore status for objects being restored from GLACIER to
+normal storage
+.IP
+.nf
+\f[C]
+rclone backend restore-status remote: [options] [<arguments>+]
+\f[R]
+.fi
+.PP
+This command can be used to show the status for objects being restored
+from GLACIER to normal storage.
+.PP
+Usage Examples:
+.IP
+.nf
+\f[C]
+rclone backend restore-status s3:bucket/path/to/object
+rclone backend restore-status s3:bucket/path/to/directory
+rclone backend restore-status -o all s3:bucket/path/to/directory
+\f[R]
+.fi
+.PP
+This command does not obey the filters.
+.PP
+It returns a list of status dictionaries.
+.IP
+.nf
+\f[C]
+[
+    {
+        \[dq]Remote\[dq]: \[dq]file.txt\[dq],
+        \[dq]VersionID\[dq]: null,
+        \[dq]RestoreStatus\[dq]: {
+            \[dq]IsRestoreInProgress\[dq]: true,
+            \[dq]RestoreExpiryDate\[dq]: \[dq]2023-09-06T12:29:19+01:00\[dq]
+        },
+        \[dq]StorageClass\[dq]: \[dq]GLACIER\[dq]
+    },
+    {
+        \[dq]Remote\[dq]: \[dq]test.pdf\[dq],
+        \[dq]VersionID\[dq]: null,
+        \[dq]RestoreStatus\[dq]: {
+            \[dq]IsRestoreInProgress\[dq]: false,
+            \[dq]RestoreExpiryDate\[dq]: \[dq]2023-09-06T12:29:19+01:00\[dq]
+        },
+        \[dq]StorageClass\[dq]: \[dq]DEEP_ARCHIVE\[dq]
+    }
+]
+\f[R]
+.fi
+.PP
+Options:
+.IP \[bu] 2
+\[dq]all\[dq]: if set then show all objects, not just ones with restore
+status
 .SS list-multipart-uploads
 .PP
 List the unfinished multipart uploads
@@ -29915,6 +31997,37 @@ It may return \[dq]Enabled\[dq], \[dq]Suspended\[dq] or
 \[dq]Unversioned\[dq].
 Note that once versioning has been enabled the status can\[aq]t be set
 back to \[dq]Unversioned\[dq].
+.SS set
+.PP
+Set command for updating the config parameters.
+.IP
+.nf
+\f[C]
+rclone backend set remote: [options] [<arguments>+]
+\f[R]
+.fi
+.PP
+This set command can be used to update the config parameters for a
+running s3 backend.
+.PP
+Usage Examples:
+.IP
+.nf
+\f[C]
+rclone backend set s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+rclone rc backend/command command=set fs=s3: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+rclone rc backend/command command=set fs=s3: -o session_token=X -o access_key_id=X -o secret_access_key=X
+\f[R]
+.fi
+.PP
+The option keys are named as they are in the config file.
+.PP
+This rebuilds the connection to the s3 backend when it is called with
+the new parameters.
+Only new parameters need be passed as the values will default to those
+currently in use.
+.PP
+It doesn\[aq]t return anything.
 .SS Anonymous access to public buckets
 .PP
 If you want to use rclone to access a public bucket, configure with a
@@ -30077,7 +32190,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 \&...
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \[rs] (s3)
 \&...
 Storage> s3
@@ -30176,6 +32289,40 @@ server_side_encryption =
 storage_class =
 \f[R]
 .fi
+.SS Google Cloud Storage
+.PP
+GoogleCloudStorage (https://cloud.google.com/storage/docs) is an
+S3-interoperable (https://cloud.google.com/storage/docs/interoperability)
+object storage service from Google Cloud Platform.
+.PP
+To connect to Google Cloud Storage you will need an access key and
+secret key.
+These can be retrieved by creating an HMAC
+key (https://cloud.google.com/storage/docs/authentication/managing-hmackeys).
+.IP
+.nf
+\f[C]
+[gs]
+type = s3
+provider = GCS
+access_key_id = your_access_key
+secret_access_key = your_secret_key
+endpoint = https://storage.googleapis.com
+\f[R]
+.fi
+.PP
+\f[B]Note\f[R] that \f[C]--s3-versions\f[R] does not work with GCS when
+it needs to do directory paging.
+Rclone will return the error:
+.IP
+.nf
+\f[C]
+s3 protocol error: received versions listing with IsTruncated set with no NextKeyMarker
+\f[R]
+.fi
+.PP
+This is Google bug
+#312292516 (https://issuetracker.google.com/u/0/issues/312292516).
 .SS DigitalOcean Spaces
 .PP
 Spaces (https://www.digitalocean.com/products/object-storage/) is an
@@ -30277,7 +32424,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 [snip]
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \[rs] (s3)
 [snip]
 Storage> 5
@@ -30620,7 +32767,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 [snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \[rs] (s3)
 [snip]
 Storage> s3
@@ -30737,7 +32884,7 @@ Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 [snip]
-XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS and Wasabi
+XX / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS and Wasabi
    \[rs] (s3)
 [snip]
 Storage> s3
@@ -31054,7 +33201,7 @@ Choose a number from below, or type in your own value
    \[rs] (alias)
  4 / Amazon Drive
    \[rs] (amazon cloud drive)
- 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Tencent COS, Qiniu and Wasabi
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
    \[rs] (s3)
 [snip]
 Storage> s3
@@ -31263,6 +33410,39 @@ endpoint = s3.rackcorp.com
 location_constraint = au-nsw
 \f[R]
 .fi
+.SS Rclone Serve S3
+.PP
+Rclone can serve any remote over the S3 protocol.
+For details see the rclone serve
+s3 (https://rclone.org/commands/rclone_serve_http/) documentation.
+.PP
+For example, to serve \f[C]remote:path\f[R] over s3, run the server like
+this:
+.IP
+.nf
+\f[C]
+rclone serve s3 --auth-key ACCESS_KEY_ID,SECRET_ACCESS_KEY remote:path
+\f[R]
+.fi
+.PP
+This will be compatible with an rclone remote which is defined like
+this:
+.IP
+.nf
+\f[C]
+[serves3]
+type = s3
+provider = Rclone
+endpoint = http://127.0.0.1:8080/
+access_key_id = ACCESS_KEY_ID
+secret_access_key = SECRET_ACCESS_KEY
+use_multipart_uploads = false
+\f[R]
+.fi
+.PP
+Note that setting \f[C]disable_multipart_uploads = true\f[R] is to work
+around a bug (https://rclone.org/commands/rclone_serve_http/#bugs) which
+will be fixed in due course.
 .SS Scaleway
 .PP
 Scaleway (https://www.scaleway.com/object-storage/) The Object Storage
@@ -32016,6 +34196,147 @@ d) Delete this remote
 y/e/d> y
 \f[R]
 .fi
+.SS Leviia Cloud Object Storage
+.PP
+Leviia Object Storage (https://www.leviia.com/object-storage/), backup
+and secure your data in a 100% French cloud, independent of GAFAM..
+.PP
+To configure access to Leviia, follow the steps below:
+.IP "1." 3
+Run \f[C]rclone config\f[R] and select \f[C]n\f[R] for a new remote.
+.IP
+.nf
+\f[C]
+rclone config
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+\f[R]
+.fi
+.IP "2." 3
+Give the name of the configuration.
+For example, name it \[aq]leviia\[aq].
+.IP
+.nf
+\f[C]
+name> leviia
+\f[R]
+.fi
+.IP "3." 3
+Select \f[C]s3\f[R] storage.
+.IP
+.nf
+\f[C]
+Choose a number from below, or type in your own value
+ 1 / 1Fichier
+   \[rs] (fichier)
+ 2 / Akamai NetStorage
+   \[rs] (netstorage)
+ 3 / Alias for an existing remote
+   \[rs] (alias)
+ 4 / Amazon Drive
+   \[rs] (amazon cloud drive)
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, Liara, Lyve Cloud, Minio, Netease, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \[rs] (s3)
+[snip]
+Storage> s3
+\f[R]
+.fi
+.IP "4." 3
+Select \f[C]Leviia\f[R] provider.
+.IP
+.nf
+\f[C]
+Choose a number from below, or type in your own value
+1 / Amazon Web Services (AWS) S3
+   \[rs] \[dq]AWS\[dq]
+[snip]
+15 / Leviia Object Storage
+   \[rs] (Leviia)
+[snip]
+provider> Leviia
+\f[R]
+.fi
+.IP "5." 3
+Enter your SecretId and SecretKey of Leviia.
+.IP
+.nf
+\f[C]
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default (\[dq]false\[dq]).
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \[rs] \[dq]false\[dq]
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \[rs] \[dq]true\[dq]
+env_auth> 1
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+access_key_id> ZnIx.xxxxxxxxxxxxxxx
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+secret_access_key> xxxxxxxxxxx
+\f[R]
+.fi
+.IP "6." 3
+Select endpoint for Leviia.
+.IP
+.nf
+\f[C]
+   / The default endpoint
+ 1 | Leviia.
+   \[rs] (s3.leviia.com)
+[snip]
+endpoint> 1
+\f[R]
+.fi
+.IP "7." 3
+Choose acl.
+.IP
+.nf
+\f[C]
+Note that this ACL is applied when server-side copying objects as S3
+doesn\[aq]t copy the ACL from the source but rather writes a fresh one.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \[rs] (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \[rs] (public-read)
+[snip]
+acl> 1
+Edit advanced config? (y/n)
+y) Yes
+n) No (default)
+y/n> n
+Remote config
+--------------------
+[leviia]
+- type: s3
+- provider: Leviia
+- access_key_id: ZnIx.xxxxxxx
+- secret_access_key: xxxxxxxx
+- endpoint: s3.leviia.com
+- acl: private
+--------------------
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+Current remotes:
+
+Name                 Type
+====                 ====
+leviia                s3
+\f[R]
+.fi
 .SS Liara
 .PP
 Here is an example of making a Liara Object
@@ -32125,6 +34446,147 @@ server_side_encryption =
 storage_class =
 \f[R]
 .fi
+.SS Linode
+.PP
+Here is an example of making a Linode Object
+Storage (https://www.linode.com/products/object-storage/) configuration.
+First run:
+.IP
+.nf
+\f[C]
+rclone config
+\f[R]
+.fi
+.PP
+This will guide you through an interactive setup process.
+.IP
+.nf
+\f[C]
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+q) Quit config
+n/s/q> n
+
+Enter name for new remote.
+name> linode
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+ X / Amazon S3 Compliant Storage Providers including AWS, ...Linode, ...and others
+   \[rs] (s3)
+[snip]
+Storage> s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Linode Object Storage
+   \[rs] (Linode)
+[snip]
+provider> Linode
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \[rs] (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \[rs] (true)
+env_auth> 
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> ACCESS_KEY
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> SECRET_ACCESS_KEY
+
+Option endpoint.
+Endpoint for Linode Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Atlanta, GA (USA), us-southeast-1
+   \[rs] (us-southeast-1.linodeobjects.com)
+ 2 / Chicago, IL (USA), us-ord-1
+   \[rs] (us-ord-1.linodeobjects.com)
+ 3 / Frankfurt (Germany), eu-central-1
+   \[rs] (eu-central-1.linodeobjects.com)
+ 4 / Milan (Italy), it-mil-1
+   \[rs] (it-mil-1.linodeobjects.com)
+ 5 / Newark, NJ (USA), us-east-1
+   \[rs] (us-east-1.linodeobjects.com)
+ 6 / Paris (France), fr-par-1
+   \[rs] (fr-par-1.linodeobjects.com)
+ 7 / Seattle, WA (USA), us-sea-1
+   \[rs] (us-sea-1.linodeobjects.com)
+ 8 / Singapore ap-south-1
+   \[rs] (ap-south-1.linodeobjects.com)
+ 9 / Stockholm (Sweden), se-sto-1
+   \[rs] (se-sto-1.linodeobjects.com)
+10 / Washington, DC, (USA), us-iad-1
+   \[rs] (us-iad-1.linodeobjects.com)
+endpoint> 3
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn\[aq]t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn\[aq]t copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \[rs] (private)
+[snip]
+acl> 
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> n
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Linode
+- access_key_id: ACCESS_KEY
+- secret_access_key: SECRET_ACCESS_KEY
+- endpoint: eu-central-1.linodeobjects.com
+Keep this \[dq]linode\[dq] remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+\f[R]
+.fi
+.PP
+This will leave the config file looking like this.
+.IP
+.nf
+\f[C]
+[linode]
+type = s3
+provider = Linode
+access_key_id = ACCESS_KEY
+secret_access_key = SECRET_ACCESS_KEY
+endpoint = eu-central-1.linodeobjects.com
+\f[R]
+.fi
 .SS ArvanCloud
 .PP
 ArvanCloud (https://www.arvancloud.com/en/products/cloud-storage)
@@ -32397,6 +34859,172 @@ For Netease NOS configure as per the configurator
 \f[C]rclone config\f[R] setting the provider \f[C]Netease\f[R].
 This will automatically set \f[C]force_path_style = false\f[R] which is
 necessary for it to run properly.
+.SS Petabox
+.PP
+Here is an example of making a Petabox (https://petabox.io/)
+configuration.
+First run:
+.IP
+.nf
+\f[C]
+rclone config
+\f[R]
+.fi
+.PP
+This will guide you through an interactive setup process.
+.IP
+.nf
+\f[C]
+No remotes found, make a new one?
+n) New remote
+s) Set configuration password
+n/s> n
+
+Enter name for new remote.
+name> My Petabox Storage
+
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip]
+XX / Amazon S3 Compliant Storage Providers including AWS, ...
+   \[rs] \[dq]s3\[dq]
+[snip]
+Storage> s3
+
+Option provider.
+Choose your S3 provider.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+[snip]
+XX / Petabox Object Storage
+   \[rs] (Petabox)
+[snip]
+provider> Petabox
+
+Option env_auth.
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own boolean value (true or false).
+Press Enter for the default (false).
+ 1 / Enter AWS credentials in the next step.
+   \[rs] (false)
+ 2 / Get AWS credentials from the environment (env vars or IAM).
+   \[rs] (true)
+env_auth> 1
+
+Option access_key_id.
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+access_key_id> YOUR_ACCESS_KEY_ID
+
+Option secret_access_key.
+AWS Secret Access Key (password).
+Leave blank for anonymous access or runtime credentials.
+Enter a value. Press Enter to leave empty.
+secret_access_key> YOUR_SECRET_ACCESS_KEY
+
+Option region.
+Region where your bucket will be created and your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / US East (N. Virginia)
+   \[rs] (us-east-1)
+ 2 / Europe (Frankfurt)
+   \[rs] (eu-central-1)
+ 3 / Asia Pacific (Singapore)
+   \[rs] (ap-southeast-1)
+ 4 / Middle East (Bahrain)
+   \[rs] (me-south-1)
+ 5 / South America (S\[~a]o Paulo)
+   \[rs] (sa-east-1)
+region> 1
+
+Option endpoint.
+Endpoint for Petabox S3 Object Storage.
+Specify the endpoint from the same region.
+Choose a number from below, or type in your own value.
+ 1 / US East (N. Virginia)
+   \[rs] (s3.petabox.io)
+ 2 / US East (N. Virginia)
+   \[rs] (s3.us-east-1.petabox.io)
+ 3 / Europe (Frankfurt)
+   \[rs] (s3.eu-central-1.petabox.io)
+ 4 / Asia Pacific (Singapore)
+   \[rs] (s3.ap-southeast-1.petabox.io)
+ 5 / Middle East (Bahrain)
+   \[rs] (s3.me-south-1.petabox.io)
+ 6 / South America (S\[~a]o Paulo)
+   \[rs] (s3.sa-east-1.petabox.io)
+endpoint> 1
+
+Option acl.
+Canned ACL used when creating buckets and storing or copying objects.
+This ACL is used for creating objects and if bucket_acl isn\[aq]t set, for creating buckets too.
+For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
+Note that this ACL is applied when server-side copying objects as S3
+doesn\[aq]t copy the ACL from the source but rather writes a fresh one.
+If the acl is an empty string then no X-Amz-Acl: header is added and
+the default (private) will be used.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+   / Owner gets FULL_CONTROL.
+ 1 | No one else has access rights (default).
+   \[rs] (private)
+   / Owner gets FULL_CONTROL.
+ 2 | The AllUsers group gets READ access.
+   \[rs] (public-read)
+   / Owner gets FULL_CONTROL.
+ 3 | The AllUsers group gets READ and WRITE access.
+   | Granting this on a bucket is generally not recommended.
+   \[rs] (public-read-write)
+   / Owner gets FULL_CONTROL.
+ 4 | The AuthenticatedUsers group gets READ access.
+   \[rs] (authenticated-read)
+   / Object owner gets FULL_CONTROL.
+ 5 | Bucket owner gets READ access.
+   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \[rs] (bucket-owner-read)
+   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
+ 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
+   \[rs] (bucket-owner-full-control)
+acl> 1
+
+Edit advanced config?
+y) Yes
+n) No (default)
+y/n> No
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Petabox
+- access_key_id: YOUR_ACCESS_KEY_ID
+- secret_access_key: YOUR_SECRET_ACCESS_KEY
+- region: us-east-1
+- endpoint: s3.petabox.io
+Keep this \[dq]My Petabox Storage\[dq] remote?
+y) Yes this is OK (default)
+e) Edit this remote
+d) Delete this remote
+y/e/d> y
+\f[R]
+.fi
+.PP
+This will leave the config file looking like this.
+.IP
+.nf
+\f[C]
+[My Petabox Storage]
+type = s3
+provider = Petabox
+access_key_id = YOUR_ACCESS_KEY_ID
+secret_access_key = YOUR_SECRET_ACCESS_KEY
+region = us-east-1
+endpoint = s3.petabox.io
+\f[R]
+.fi
 .SS Storj
 .PP
 Storj is a decentralized cloud storage which can be used through its
@@ -32526,18 +35154,19 @@ of an rclone union remote.
 See List of backends that do not support rclone
 about (https://rclone.org/overview/#optional-features) and rclone
 about (https://rclone.org/commands/rclone_about/)
-.SH Backblaze B2
+.SS Synology C2 Object Storage
 .PP
-B2 is Backblaze\[aq]s cloud storage
-system (https://www.backblaze.com/b2/).
+Synology C2 Object
+Storage (https://c2.synology.com/en-global/object-storage/overview)
+provides a secure, S3-compatible, and cost-effective cloud storage
+solution without API request, download fees, and deletion penalty.
 .PP
-Paths are specified as \f[C]remote:bucket\f[R] (or \f[C]remote:\f[R] for
-the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:bucket/path/to/dir\f[R].
-.SS Configuration
+The S3 compatible gateway is configured using \f[C]rclone config\f[R]
+with a type of \f[C]s3\f[R] and with a provider name of
+\f[C]Synology\f[R].
+Here is an example run of the configurator.
 .PP
-Here is an example of making a b2 configuration.
-First run
+First run:
 .IP
 .nf
 \f[C]
@@ -32546,9169 +35175,7489 @@ rclone config
 .fi
 .PP
 This will guide you through an interactive setup process.
-To authenticate you will either need your Account ID (a short hex
-number) and Master Application Key (a long hex number) OR an Application
-Key, which is the recommended method.
-See below for further details on generating and using an Application
-Key.
 .IP
 .nf
 \f[C]
 No remotes found, make a new one?
 n) New remote
+s) Set configuration password
 q) Quit config
-n/q> n
-name> remote
+
+n/s/q> n
+
+Enter name for new remote.1
+name> syno
+
 Type of storage to configure.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
 Choose a number from below, or type in your own value
-[snip]
-XX / Backblaze B2
-   \[rs] \[dq]b2\[dq]
-[snip]
-Storage> b2
-Account ID or Application Key ID
-account> 123456789abc
-Application Key
-key> 0123456789abcdef0123456789abcdef0123456789
-Endpoint for the service - leave blank normally.
-endpoint>
-Remote config
---------------------
-[remote]
-account = 123456789abc
-key = 0123456789abcdef0123456789abcdef0123456789
-endpoint =
---------------------
-y) Yes this is OK
+
+ 5 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, China Mobile, Cloudflare, GCS, ArvanCloud, DigitalOcean, Dreamhost, Huawei OBS, IBM COS, IDrive e2, IONOS Cloud, Liara, Lyve Cloud, Minio, Netease, Petabox, RackCorp, Scaleway, SeaweedFS, StackPath, Storj, Synology, Tencent COS, Qiniu and Wasabi
+   \[rs] \[dq]s3\[dq]
+
+Storage> s3
+
+Choose your S3 provider.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value
+ 24 / Synology C2 Object Storage
+   \[rs] (Synology)
+
+provider> Synology
+
+Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
+Only applies if access_key_id and secret_access_key is blank.
+Enter a boolean value (true or false). Press Enter for the default (\[dq]false\[dq]).
+Choose a number from below, or type in your own value
+ 1 / Enter AWS credentials in the next step
+   \[rs] \[dq]false\[dq]
+ 2 / Get AWS credentials from the environment (env vars or IAM)
+   \[rs] \[dq]true\[dq]
+
+env_auth> 1
+
+AWS Access Key ID.
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+
+access_key_id> accesskeyid
+
+AWS Secret Access Key (password)
+Leave blank for anonymous access or runtime credentials.
+Enter a string value. Press Enter for the default (\[dq]\[dq]).
+
+secret_access_key> secretaccesskey
+
+Region where your data stored.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / Europe Region 1
+   \[rs] (eu-001)
+ 2 / Europe Region 2
+   \[rs] (eu-002)
+ 3 / US Region 1
+   \[rs] (us-001)
+ 4 / US Region 2
+   \[rs] (us-002)
+ 5 / Asia (Taiwan)
+   \[rs] (tw-001)
+
+region > 1
+
+Option endpoint.
+Endpoint for Synology C2 Object Storage API.
+Choose a number from below, or type in your own value.
+Press Enter to leave empty.
+ 1 / EU Endpoint 1
+   \[rs] (eu-001.s3.synologyc2.net)
+ 2 / US Endpoint 1
+   \[rs] (us-001.s3.synologyc2.net)
+ 3 / TW Endpoint 1
+   \[rs] (tw-001.s3.synologyc2.net)
+
+endpoint> 1
+
+Option location_constraint.
+Location constraint - must be set to match the Region.
+Leave blank if not sure. Used when creating buckets only.
+Enter a value. Press Enter to leave empty.
+location_constraint>
+
+Edit advanced config? (y/n)
+y) Yes
+n) No
+y/n> y
+
+Option no_check_bucket.
+If set, don\[aq]t attempt to check the bucket exists or create it.
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the bucket exists already.
+It can also be needed if the user you are using does not have bucket
+creation permissions. Before v1.52.0 this would have passed silently
+due to a bug.
+Enter a boolean value (true or false). Press Enter for the default (true).
+
+no_check_bucket> true
+
+Configuration complete.
+Options:
+- type: s3
+- provider: Synology
+- region: eu-001
+- endpoint: eu-001.s3.synologyc2.net
+- no_check_bucket: true
+Keep this \[dq]syno\[dq] remote?
+y) Yes this is OK (default)
 e) Edit this remote
 d) Delete this remote
+
 y/e/d> y
+
+#  Backblaze B2
+
+B2 is [Backblaze\[aq]s cloud storage system](https://www.backblaze.com/b2/).
+
+Paths are specified as \[ga]remote:bucket\[ga] (or \[ga]remote:\[ga] for the \[ga]lsd\[ga]
+command.)  You may put subdirectories in too, e.g. \[ga]remote:bucket/path/to/dir\[ga].
+
+## Configuration
+
+Here is an example of making a b2 configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.  To authenticate
+you will either need your Account ID (a short hex number) and Master
+Application Key (a long hex number) OR an Application Key, which is the
+recommended method. See below for further details on generating and using
+an Application Key.
 \f[R]
 .fi
 .PP
-This remote is called \f[C]remote\f[R] and can now be used like this
-.PP
-See all buckets
+No remotes found, make a new one?
+n) New remote q) Quit config n/q> n name> remote Type of storage to
+configure.
+Choose a number from below, or type in your own value [snip] XX /
+Backblaze B2 \ \[dq]b2\[dq] [snip] Storage> b2 Account ID or Application
+Key ID account> 123456789abc Application Key key>
+0123456789abcdef0123456789abcdef0123456789 Endpoint for the service -
+leave blank normally.
+endpoint> Remote config -------------------- [remote] account =
+123456789abc key = 0123456789abcdef0123456789abcdef0123456789 endpoint =
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+This remote is called \[ga]remote\[ga] and can now be used like this
+
+See all buckets
+
+    rclone lsd remote:
+
 Create a new bucket
-.IP
-.nf
-\f[C]
-rclone mkdir remote:bucket
+
+    rclone mkdir remote:bucket
+
+List the contents of a bucket
+
+    rclone ls remote:bucket
+
+Sync \[ga]/home/local/directory\[ga] to the remote bucket, deleting any
+excess files in the bucket.
+
+    rclone sync --interactive /home/local/directory remote:bucket
+
+### Application Keys
+
+B2 supports multiple [Application Keys for different access permission
+to B2 Buckets](https://www.backblaze.com/b2/docs/application_keys.html).
+
+You can use these with rclone too; you will need to use rclone version 1.43
+or later.
+
+Follow Backblaze\[aq]s docs to create an Application Key with the required
+permission and add the \[ga]applicationKeyId\[ga] as the \[ga]account\[ga] and the
+\[ga]Application Key\[ga] itself as the \[ga]key\[ga].
+
+Note that you must put the _applicationKeyId_ as the \[ga]account\[ga] \[en] you
+can\[aq]t use the master Account ID.  If you try then B2 will return 401
+errors.
+
+### --fast-list
+
+This remote supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Modification times
+
+The modification time is stored as metadata on the object as
+\[ga]X-Bz-Info-src_last_modified_millis\[ga] as milliseconds since 1970-01-01
+in the Backblaze standard.  Other tools should be able to use this as
+a modified time.
+
+Modified times are used in syncing and are fully supported. Note that
+if a modification time needs to be updated on an object then it will
+create a new version of the object.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[rs]         | 0x5C  | \[uFF3C]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+Note that in 2020-05 Backblaze started allowing \[rs] characters in file
+names. Rclone hasn\[aq]t changed its encoding as this could cause syncs to
+re-transfer files. If you want rclone not to replace \[rs] then see the
+\[ga]--b2-encoding\[ga] flag below and remove the \[ga]BackSlash\[ga] from the
+string. This can be set in the config.
+
+### SHA1 checksums
+
+The SHA1 checksums of the files are checked on upload and download and
+will be used in the syncing process.
+
+Large files (bigger than the limit in \[ga]--b2-upload-cutoff\[ga]) which are
+uploaded in chunks will store their SHA1 on the object as
+\[ga]X-Bz-Info-large_file_sha1\[ga] as recommended by Backblaze.
+
+For a large file to be uploaded with an SHA1 checksum, the source
+needs to support SHA1 checksums. The local disk supports SHA1
+checksums so large file transfers from local disk will have an SHA1.
+See [the overview](https://rclone.org/overview/#features) for exactly which remotes
+support SHA1.
+
+Sources which don\[aq]t support SHA1, in particular \[ga]crypt\[ga] will upload
+large files without SHA1 checksums.  This may be fixed in the future
+(see [#1767](https://github.com/rclone/rclone/issues/1767)).
+
+Files sizes below \[ga]--b2-upload-cutoff\[ga] will always have an SHA1
+regardless of the source.
+
+### Transfers
+
+Backblaze recommends that you do lots of transfers simultaneously for
+maximum speed.  In tests from my SSD equipped laptop the optimum
+setting is about \[ga]--transfers 32\[ga] though higher numbers may be used
+for a slight speed improvement. The optimum number for you may vary
+depending on your hardware, how big the files are, how much you want
+to load your computer, etc.  The default of \[ga]--transfers 4\[ga] is
+definitely too low for Backblaze B2 though.
+
+Note that uploading big files (bigger than 200 MiB by default) will use
+a 96 MiB RAM buffer by default.  There can be at most \[ga]--transfers\[ga] of
+these in use at any moment, so this sets the upper limit on the memory
+used.
+
+### Versions
+
+When rclone uploads a new version of a file it creates a [new version
+of it](https://www.backblaze.com/b2/docs/file_versions.html).
+Likewise when you delete a file, the old version will be marked hidden
+and still be available.  Conversely, you may opt in to a \[dq]hard delete\[dq]
+of files with the \[ga]--b2-hard-delete\[ga] flag which would permanently remove
+the file instead of hiding it.
+
+Old versions of files, where available, are visible using the 
+\[ga]--b2-versions\[ga] flag.
+
+It is also possible to view a bucket as it was at a certain point in time,
+using the \[ga]--b2-version-at\[ga] flag. This will show the file versions as they
+were at that time, showing files that have been deleted afterwards, and
+hiding files that were created since.
+
+If you wish to remove all the old versions then you can use the
+\[ga]rclone cleanup remote:bucket\[ga] command which will delete all the old
+versions of files, leaving the current ones intact.  You can also
+supply a path and only old versions under that path will be deleted,
+e.g. \[ga]rclone cleanup remote:bucket/path/to/stuff\[ga].
+
+Note that \[ga]cleanup\[ga] will remove partially uploaded files from the bucket
+if they are more than a day old.
+
+When you \[ga]purge\[ga] a bucket, the current and the old versions will be
+deleted then the bucket will be deleted.
+
+However \[ga]delete\[ga] will cause the current versions of the files to
+become hidden old versions.
+
+Here is a session showing the listing and retrieval of an old
+version followed by a \[ga]cleanup\[ga] of the old versions.
+
+Show current version and all the versions with \[ga]--b2-versions\[ga] flag.
 \f[R]
 .fi
 .PP
-List the contents of a bucket
+$ rclone -q ls b2:cleanup-test 9 one.txt
+.PP
+$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt 8
+one-v2016-07-04-141032-000.txt 16 one-v2016-07-04-141003-000.txt 15
+one-v2016-07-02-155621-000.txt
 .IP
 .nf
 \f[C]
-rclone ls remote:bucket
+Retrieve an old version
 \f[R]
 .fi
 .PP
-Sync \f[C]/home/local/directory\f[R] to the remote bucket, deleting any
-excess files in the bucket.
+$ rclone -q --b2-versions copy
+b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
+.PP
+$ ls -l /tmp/one-v2016-07-04-141003-000.txt -rw-rw-r-- 1 ncw ncw 16 Jul
+2 17:46 /tmp/one-v2016-07-04-141003-000.txt
 .IP
 .nf
 \f[C]
-rclone sync --interactive /home/local/directory remote:bucket
+Clean up all the old versions and show that they\[aq]ve gone.
 \f[R]
 .fi
-.SS Application Keys
-.PP
-B2 supports multiple Application Keys for different access permission to
-B2 Buckets (https://www.backblaze.com/b2/docs/application_keys.html).
-.PP
-You can use these with rclone too; you will need to use rclone version
-1.43 or later.
-.PP
-Follow Backblaze\[aq]s docs to create an Application Key with the
-required permission and add the \f[C]applicationKeyId\f[R] as the
-\f[C]account\f[R] and the \f[C]Application Key\f[R] itself as the
-\f[C]key\f[R].
-.PP
-Note that you must put the \f[I]applicationKeyId\f[R] as the
-\f[C]account\f[R] \[en] you can\[aq]t use the master Account ID.
-If you try then B2 will return 401 errors.
-.SS --fast-list
-.PP
-This remote supports \f[C]--fast-list\f[R] which allows you to use fewer
-transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
-.SS Modified time
-.PP
-The modified time is stored as metadata on the object as
-\f[C]X-Bz-Info-src_last_modified_millis\f[R] as milliseconds since
-1970-01-01 in the Backblaze standard.
-Other tools should be able to use this as a modified time.
-.PP
-Modified times are used in syncing and are fully supported.
-Note that if a modification time needs to be updated on an object then
-it will create a new version of the object.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.PP
-Note that in 2020-05 Backblaze started allowing \ characters in file
-names.
-Rclone hasn\[aq]t changed its encoding as this could cause syncs to
-re-transfer files.
-If you want rclone not to replace \ then see the \f[C]--b2-encoding\f[R]
-flag below and remove the \f[C]BackSlash\f[R] from the string.
-This can be set in the config.
-.SS SHA1 checksums
-.PP
-The SHA1 checksums of the files are checked on upload and download and
-will be used in the syncing process.
-.PP
-Large files (bigger than the limit in \f[C]--b2-upload-cutoff\f[R])
-which are uploaded in chunks will store their SHA1 on the object as
-\f[C]X-Bz-Info-large_file_sha1\f[R] as recommended by Backblaze.
-.PP
-For a large file to be uploaded with an SHA1 checksum, the source needs
-to support SHA1 checksums.
-The local disk supports SHA1 checksums so large file transfers from
-local disk will have an SHA1.
-See the overview (https://rclone.org/overview/#features) for exactly
-which remotes support SHA1.
-.PP
-Sources which don\[aq]t support SHA1, in particular \f[C]crypt\f[R] will
-upload large files without SHA1 checksums.
-This may be fixed in the future (see
-#1767 (https://github.com/rclone/rclone/issues/1767)).
-.PP
-Files sizes below \f[C]--b2-upload-cutoff\f[R] will always have an SHA1
-regardless of the source.
-.SS Transfers
-.PP
-Backblaze recommends that you do lots of transfers simultaneously for
-maximum speed.
-In tests from my SSD equipped laptop the optimum setting is about
-\f[C]--transfers 32\f[R] though higher numbers may be used for a slight
-speed improvement.
-The optimum number for you may vary depending on your hardware, how big
-the files are, how much you want to load your computer, etc.
-The default of \f[C]--transfers 4\f[R] is definitely too low for
-Backblaze B2 though.
-.PP
-Note that uploading big files (bigger than 200 MiB by default) will use
-a 96 MiB RAM buffer by default.
-There can be at most \f[C]--transfers\f[R] of these in use at any
-moment, so this sets the upper limit on the memory used.
-.SS Versions
-.PP
-When rclone uploads a new version of a file it creates a new version of
-it (https://www.backblaze.com/b2/docs/file_versions.html).
-Likewise when you delete a file, the old version will be marked hidden
-and still be available.
-Conversely, you may opt in to a \[dq]hard delete\[dq] of files with the
-\f[C]--b2-hard-delete\f[R] flag which would permanently remove the file
-instead of hiding it.
-.PP
-Old versions of files, where available, are visible using the
-\f[C]--b2-versions\f[R] flag.
-.PP
-It is also possible to view a bucket as it was at a certain point in
-time, using the \f[C]--b2-version-at\f[R] flag.
-This will show the file versions as they were at that time, showing
-files that have been deleted afterwards, and hiding files that were
-created since.
-.PP
-If you wish to remove all the old versions then you can use the
-\f[C]rclone cleanup remote:bucket\f[R] command which will delete all the
-old versions of files, leaving the current ones intact.
-You can also supply a path and only old versions under that path will be
-deleted, e.g.
-\f[C]rclone cleanup remote:bucket/path/to/stuff\f[R].
-.PP
-Note that \f[C]cleanup\f[R] will remove partially uploaded files from
-the bucket if they are more than a day old.
-.PP
-When you \f[C]purge\f[R] a bucket, the current and the old versions will
-be deleted then the bucket will be deleted.
 .PP
-However \f[C]delete\f[R] will cause the current versions of the files to
-become hidden old versions.
+$ rclone -q cleanup b2:cleanup-test
 .PP
-Here is a session showing the listing and retrieval of an old version
-followed by a \f[C]cleanup\f[R] of the old versions.
+$ rclone -q ls b2:cleanup-test 9 one.txt
 .PP
-Show current version and all the versions with \f[C]--b2-versions\f[R]
-flag.
+$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt
 .IP
 .nf
 \f[C]
-$ rclone -q ls b2:cleanup-test
-        9 one.txt
+#### Versions naming caveat
 
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt
+When using \[ga]--b2-versions\[ga] flag rclone is relying on the file name
+to work out whether the objects are versions or not. Versions\[aq] names
+are created by inserting timestamp between file name and its extension.
 \f[R]
 .fi
-.PP
-Retrieve an old version
 .IP
 .nf
 \f[C]
-$ rclone -q --b2-versions copy b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
-
-$ ls -l /tmp/one-v2016-07-04-141003-000.txt
--rw-rw-r-- 1 ncw ncw 16 Jul  2 17:46 /tmp/one-v2016-07-04-141003-000.txt
+    9 file.txt
+    8 file-v2023-07-17-161032-000.txt
+   16 file-v2023-06-15-141003-000.txt
 \f[R]
 .fi
-.PP
-Clean up all the old versions and show that they\[aq]ve gone.
 .IP
 .nf
 \f[C]
-$ rclone -q cleanup b2:cleanup-test
+If there are real files present with the same names as versions, then
+behaviour of \[ga]--b2-versions\[ga] can be unpredictable.
 
-$ rclone -q ls b2:cleanup-test
-        9 one.txt
+### Data usage
 
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
+It is useful to know how many requests are sent to the server in different scenarios.
+
+All copy commands send the following 4 requests:
 \f[R]
 .fi
-.SS Data usage
 .PP
-It is useful to know how many requests are sent to the server in
-different scenarios.
-.PP
-All copy commands send the following 4 requests:
+/b2api/v1/b2_authorize_account /b2api/v1/b2_create_bucket
+/b2api/v1/b2_list_buckets /b2api/v1/b2_list_file_names
 .IP
 .nf
 \f[C]
-/b2api/v1/b2_authorize_account
-/b2api/v1/b2_create_bucket
-/b2api/v1/b2_list_buckets
-/b2api/v1/b2_list_file_names
+The \[ga]b2_list_file_names\[ga] request will be sent once for every 1k files
+in the remote path, providing the checksum and modification time of
+the listed files. As of version 1.33 issue
+[#818](https://github.com/rclone/rclone/issues/818) causes extra requests
+to be sent when using B2 with Crypt. When a copy operation does not
+require any files to be uploaded, no more requests will be sent.
+
+Uploading files that do not require chunking, will send 2 requests per
+file upload:
 \f[R]
 .fi
 .PP
-The \f[C]b2_list_file_names\f[R] request will be sent once for every 1k
-files in the remote path, providing the checksum and modification time
-of the listed files.
-As of version 1.33 issue
-#818 (https://github.com/rclone/rclone/issues/818) causes extra requests
-to be sent when using B2 with Crypt.
-When a copy operation does not require any files to be uploaded, no more
-requests will be sent.
-.PP
-Uploading files that do not require chunking, will send 2 requests per
-file upload:
+/b2api/v1/b2_get_upload_url /b2api/v1/b2_upload_file/
 .IP
 .nf
 \f[C]
-/b2api/v1/b2_get_upload_url
-/b2api/v1/b2_upload_file/
+Uploading files requiring chunking, will send 2 requests (one each to
+start and finish the upload) and another 2 requests for each chunk:
 \f[R]
 .fi
 .PP
-Uploading files requiring chunking, will send 2 requests (one each to
-start and finish the upload) and another 2 requests for each chunk:
+/b2api/v1/b2_start_large_file /b2api/v1/b2_get_upload_part_url
+/b2api/v1/b2_upload_part/ /b2api/v1/b2_finish_large_file
 .IP
 .nf
 \f[C]
-/b2api/v1/b2_start_large_file
-/b2api/v1/b2_get_upload_part_url
-/b2api/v1/b2_upload_part/
-/b2api/v1/b2_finish_large_file
+#### Versions
+
+Versions can be viewed with the \[ga]--b2-versions\[ga] flag. When it is set
+rclone will show and act on older versions of files.  For example
+
+Listing without \[ga]--b2-versions\[ga]
 \f[R]
 .fi
-.SS Versions
-.PP
-Versions can be viewed with the \f[C]--b2-versions\f[R] flag.
-When it is set rclone will show and act on older versions of files.
-For example
 .PP
-Listing without \f[C]--b2-versions\f[R]
+$ rclone -q ls b2:cleanup-test 9 one.txt
 .IP
 .nf
 \f[C]
-$ rclone -q ls b2:cleanup-test
-        9 one.txt
+And with
 \f[R]
 .fi
 .PP
-And with
+$ rclone -q --b2-versions ls b2:cleanup-test 9 one.txt 8
+one-v2016-07-04-141032-000.txt 16 one-v2016-07-04-141003-000.txt 15
+one-v2016-07-02-155621-000.txt
 .IP
 .nf
 \f[C]
-$ rclone -q --b2-versions ls b2:cleanup-test
-        9 one.txt
-        8 one-v2016-07-04-141032-000.txt
-       16 one-v2016-07-04-141003-000.txt
-       15 one-v2016-07-02-155621-000.txt
+Showing that the current version is unchanged but older versions can
+be seen.  These have the UTC date that they were uploaded to the
+server to the nearest millisecond appended to them.
+
+Note that when using \[ga]--b2-versions\[ga] no file write operations are
+permitted, so you can\[aq]t upload files or delete them.
+
+### B2 and rclone link
+
+Rclone supports generating file share links for private B2 buckets.
+They can either be for a file for example:
 \f[R]
 .fi
 .PP
-Showing that the current version is unchanged but older versions can be
-seen.
-These have the UTC date that they were uploaded to the server to the
-nearest millisecond appended to them.
-.PP
-Note that when using \f[C]--b2-versions\f[R] no file write operations
-are permitted, so you can\[aq]t upload files or delete them.
-.SS B2 and rclone link
-.PP
-Rclone supports generating file share links for private B2 buckets.
-They can either be for a file for example:
+\&./rclone link B2:bucket/path/to/file.txt
+https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
 .IP
 .nf
 \f[C]
-\&./rclone link B2:bucket/path/to/file.txt
-https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
+or if run on a directory you will get:
 \f[R]
 .fi
 .PP
-or if run on a directory you will get:
+\&./rclone link B2:bucket/path
+https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx
 .IP
 .nf
 \f[C]
-\&./rclone link B2:bucket/path
-https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx
+you can then use the authorization token (the part of the url from the
+ \[ga]?Authorization=\[ga] on) on any file path under that directory. For example:
 \f[R]
 .fi
 .PP
-you can then use the authorization token (the part of the url from the
-\f[C]?Authorization=\f[R] on) on any file path under that directory.
-For example:
-.IP
-.nf
-\f[C]
 https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx
 https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx
 https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx
-\f[R]
-.fi
-.SS Standard options
-.PP
+.IP
+.nf
+\f[C]
+
+### Standard options
+
 Here are the Standard options specific to b2 (Backblaze B2).
-.SS --b2-account
-.PP
+
+#### --b2-account
+
 Account ID or Application Key ID.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: account
-.IP \[bu] 2
-Env Var: RCLONE_B2_ACCOUNT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --b2-key
-.PP
+
+- Config:      account
+- Env Var:     RCLONE_B2_ACCOUNT
+- Type:        string
+- Required:    true
+
+#### --b2-key
+
 Application Key.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: key
-.IP \[bu] 2
-Env Var: RCLONE_B2_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --b2-hard-delete
-.PP
+
+- Config:      key
+- Env Var:     RCLONE_B2_KEY
+- Type:        string
+- Required:    true
+
+#### --b2-hard-delete
+
 Permanently delete files on remote removal, otherwise hide files.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: hard_delete
-.IP \[bu] 2
-Env Var: RCLONE_B2_HARD_DELETE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS Advanced options
-.PP
+
+- Config:      hard_delete
+- Env Var:     RCLONE_B2_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+### Advanced options
+
 Here are the Advanced options specific to b2 (Backblaze B2).
-.SS --b2-endpoint
-.PP
+
+#### --b2-endpoint
+
 Endpoint for the service.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_B2_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --b2-test-mode
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_B2_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --b2-test-mode
+
 A flag string for X-Bz-Test-Mode header for debugging.
-.PP
-This is for debugging purposes only.
-Setting it to one of the strings below will cause b2 to return specific
-errors:
-.IP \[bu] 2
-\[dq]fail_some_uploads\[dq]
-.IP \[bu] 2
-\[dq]expire_some_account_authorization_tokens\[dq]
-.IP \[bu] 2
-\[dq]force_cap_exceeded\[dq]
-.PP
-These will be set in the \[dq]X-Bz-Test-Mode\[dq] header which is
-documented in the b2 integrations
-checklist (https://www.backblaze.com/b2/docs/integration_checklist.html).
-.PP
+
+This is for debugging purposes only. Setting it to one of the strings
+below will cause b2 to return specific errors:
+
+  * \[dq]fail_some_uploads\[dq]
+  * \[dq]expire_some_account_authorization_tokens\[dq]
+  * \[dq]force_cap_exceeded\[dq]
+
+These will be set in the \[dq]X-Bz-Test-Mode\[dq] header which is documented
+in the [b2 integrations checklist](https://www.backblaze.com/b2/docs/integration_checklist.html).
+
 Properties:
-.IP \[bu] 2
-Config: test_mode
-.IP \[bu] 2
-Env Var: RCLONE_B2_TEST_MODE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --b2-versions
-.PP
+
+- Config:      test_mode
+- Env Var:     RCLONE_B2_TEST_MODE
+- Type:        string
+- Required:    false
+
+#### --b2-versions
+
 Include old versions in directory listings.
-.PP
-Note that when using this no file write operations are permitted, so you
-can\[aq]t upload files or delete them.
-.PP
+
+Note that when using this no file write operations are permitted,
+so you can\[aq]t upload files or delete them.
+
 Properties:
-.IP \[bu] 2
-Config: versions
-.IP \[bu] 2
-Env Var: RCLONE_B2_VERSIONS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --b2-version-at
-.PP
+
+- Config:      versions
+- Env Var:     RCLONE_B2_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --b2-version-at
+
 Show file versions as they were at the specified time.
-.PP
-Note that when using this no file write operations are permitted, so you
-can\[aq]t upload files or delete them.
-.PP
+
+Note that when using this no file write operations are permitted,
+so you can\[aq]t upload files or delete them.
+
 Properties:
-.IP \[bu] 2
-Config: version_at
-.IP \[bu] 2
-Env Var: RCLONE_B2_VERSION_AT
-.IP \[bu] 2
-Type: Time
-.IP \[bu] 2
-Default: off
-.SS --b2-upload-cutoff
-.PP
+
+- Config:      version_at
+- Env Var:     RCLONE_B2_VERSION_AT
+- Type:        Time
+- Default:     off
+
+#### --b2-upload-cutoff
+
 Cutoff for switching to chunked upload.
-.PP
-Files above this size will be uploaded in chunks of
-\[dq]--b2-chunk-size\[dq].
-.PP
+
+Files above this size will be uploaded in chunks of \[dq]--b2-chunk-size\[dq].
+
 This value should be set no larger than 4.657 GiB (== 5 GB).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_B2_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 200Mi
-.SS --b2-copy-cutoff
-.PP
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_B2_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
+
+#### --b2-copy-cutoff
+
 Cutoff for switching to multipart copy.
-.PP
+
 Any files larger than this that need to be server-side copied will be
 copied in chunks of this size.
-.PP
+
 The minimum is 0 and the maximum is 4.6 GiB.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: copy_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_B2_COPY_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 4Gi
-.SS --b2-chunk-size
-.PP
+
+- Config:      copy_cutoff
+- Env Var:     RCLONE_B2_COPY_CUTOFF
+- Type:        SizeSuffix
+- Default:     4Gi
+
+#### --b2-chunk-size
+
 Upload chunk size.
-.PP
+
 When uploading large files, chunk the file into this size.
-.PP
-Must fit in memory.
-These chunks are buffered in memory and there might a maximum of
-\[dq]--transfers\[dq] chunks in progress at once.
-.PP
+
+Must fit in memory. These chunks are buffered in memory and there
+might a maximum of \[dq]--transfers\[dq] chunks in progress at once.
+
 5,000,000 Bytes is the minimum size.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_B2_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 96Mi
-.SS --b2-disable-checksum
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_B2_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     96Mi
+
+#### --b2-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+Note that chunks are stored in memory and there may be up to
+\[dq]--transfers\[dq] * \[dq]--b2-upload-concurrency\[dq] chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_B2_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
+
+#### --b2-disable-checksum
+
 Disable checksums for large (> upload cutoff) files.
-.PP
+
 Normally rclone will calculate the SHA1 checksum of the input before
-uploading it so it can add it to metadata on the object.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
-.PP
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
+
 Properties:
-.IP \[bu] 2
-Config: disable_checksum
-.IP \[bu] 2
-Env Var: RCLONE_B2_DISABLE_CHECKSUM
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --b2-download-url
-.PP
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_B2_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
+
+#### --b2-download-url
+
 Custom endpoint for downloads.
-.PP
-This is usually set to a Cloudflare CDN URL as Backblaze offers free
-egress for data downloaded through the Cloudflare network.
-Rclone works with private buckets by sending an \[dq]Authorization\[dq]
-header.
-If the custom endpoint rewrites the requests for authentication, e.g.,
-in Cloudflare Workers, this header needs to be handled properly.
+
+This is usually set to a Cloudflare CDN URL as Backblaze offers
+free egress for data downloaded through the Cloudflare network.
+Rclone works with private buckets by sending an \[dq]Authorization\[dq] header.
+If the custom endpoint rewrites the requests for authentication,
+e.g., in Cloudflare Workers, this header needs to be handled properly.
 Leave blank if you want to use the endpoint provided by Backblaze.
-.PP
-The URL provided here SHOULD have the protocol and SHOULD NOT have a
-trailing slash or specify the /file/bucket subpath as rclone will
+
+The URL provided here SHOULD have the protocol and SHOULD NOT have
+a trailing slash or specify the /file/bucket subpath as rclone will
 request files with \[dq]{download_url}/file/{bucket_name}/{path}\[dq].
-.PP
-Example: > https://mysubdomain.mydomain.tld (No trailing \[dq]/\[dq],
-\[dq]file\[dq] or \[dq]bucket\[dq])
-.PP
+
+Example:
+> https://mysubdomain.mydomain.tld
+(No trailing \[dq]/\[dq], \[dq]file\[dq] or \[dq]bucket\[dq])
+
 Properties:
-.IP \[bu] 2
-Config: download_url
-.IP \[bu] 2
-Env Var: RCLONE_B2_DOWNLOAD_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --b2-download-auth-duration
-.PP
-Time before the authorization token will expire in s or suffix
-ms|s|m|h|d.
-.PP
+
+- Config:      download_url
+- Env Var:     RCLONE_B2_DOWNLOAD_URL
+- Type:        string
+- Required:    false
+
+#### --b2-download-auth-duration
+
+Time before the authorization token will expire in s or suffix ms|s|m|h|d.
+
 The duration before the download authorization token will expire.
-The minimum value is 1 second.
-The maximum value is one week.
-.PP
+The minimum value is 1 second. The maximum value is one week.
+
 Properties:
-.IP \[bu] 2
-Config: download_auth_duration
-.IP \[bu] 2
-Env Var: RCLONE_B2_DOWNLOAD_AUTH_DURATION
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1w
-.SS --b2-memory-pool-flush-time
-.PP
-How often internal memory buffer pools will be flushed.
-Uploads which requires additional buffers (f.e multipart) will use
-memory pool for allocations.
-This option controls how often unused buffers will be removed from the
-pool.
-.PP
+
+- Config:      download_auth_duration
+- Env Var:     RCLONE_B2_DOWNLOAD_AUTH_DURATION
+- Type:        Duration
+- Default:     1w
+
+#### --b2-memory-pool-flush-time
+
+How often internal memory buffer pools will be flushed. (no longer used)
+
 Properties:
-.IP \[bu] 2
-Config: memory_pool_flush_time
-.IP \[bu] 2
-Env Var: RCLONE_B2_MEMORY_POOL_FLUSH_TIME
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1m0s
-.SS --b2-memory-pool-use-mmap
-.PP
-Whether to use mmap buffers in internal memory pool.
-.PP
+
+- Config:      memory_pool_flush_time
+- Env Var:     RCLONE_B2_MEMORY_POOL_FLUSH_TIME
+- Type:        Duration
+- Default:     1m0s
+
+#### --b2-memory-pool-use-mmap
+
+Whether to use mmap buffers in internal memory pool. (no longer used)
+
 Properties:
-.IP \[bu] 2
-Config: memory_pool_use_mmap
-.IP \[bu] 2
-Env Var: RCLONE_B2_MEMORY_POOL_USE_MMAP
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --b2-encoding
-.PP
+
+- Config:      memory_pool_use_mmap
+- Env Var:     RCLONE_B2_MEMORY_POOL_USE_MMAP
+- Type:        bool
+- Default:     false
+
+#### --b2-lifecycle
+
+Set the number of days deleted files should be kept when creating a bucket.
+
+On bucket creation, this parameter is used to create a lifecycle rule
+for the entire bucket.
+
+If lifecycle is 0 (the default) it does not create a lifecycle rule so
+the default B2 behaviour applies. This is to create versions of files
+on delete and overwrite and to keep them indefinitely.
+
+If lifecycle is >0 then it creates a single rule setting the number of
+days before a file that is deleted or overwritten is deleted
+permanently. This is known as daysFromHidingToDeleting in the b2 docs.
+
+The minimum value for this parameter is 1 day.
+
+You can also enable hard_delete in the config also which will mean
+deletions won\[aq]t cause versions but overwrites will still cause
+versions to be made.
+
+See: [rclone backend lifecycle](#lifecycle) for setting lifecycles after bucket creation.
+
+
+Properties:
+
+- Config:      lifecycle
+- Env Var:     RCLONE_B2_LIFECYCLE
+- Type:        int
+- Default:     0
+
+#### --b2-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_B2_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.PP
-\f[C]rclone about\f[R] is not supported by the B2 backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Box
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.PP
-The initial setup for Box involves getting a token from Box which you
-can do either in your browser, or with a config.json downloaded from Box
-to use JWT authentication.
-\f[C]rclone config\f[R] walks you through it.
-.SS Configuration
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+
+- Config:      encoding
+- Env Var:     RCLONE_B2_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+## Backend commands
+
+Here are the commands specific to the b2 backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### lifecycle
+
+Read or set the lifecycle for a bucket
+
+    rclone backend lifecycle remote: [options] [<arguments>+]
+
+This command can be used to read or set the lifecycle for a bucket.
+
+Usage Examples:
+
+To show the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket
+
+This will dump something like this showing the lifecycle rules.
+
+    [
+        {
+            \[dq]daysFromHidingToDeleting\[dq]: 1,
+            \[dq]daysFromUploadingToHiding\[dq]: null,
+            \[dq]fileNamePrefix\[dq]: \[dq]\[dq]
+        }
+    ]
+
+If there are no lifecycle rules (the default) then it will just return [].
+
+To reset the current lifecycle rules:
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=30
+    rclone backend lifecycle b2:bucket -o daysFromUploadingToHiding=5 -o daysFromHidingToDeleting=1
+
+This will run and then print the new lifecycle rules as above.
+
+Rclone only lets you set lifecycles for the whole bucket with the
+fileNamePrefix = \[dq]\[dq].
+
+You can\[aq]t disable versioning with B2. The best you can do is to set
+the daysFromHidingToDeleting to 1 day. You can enable hard_delete in
+the config also which will mean deletions won\[aq]t cause versions but
+overwrites will still cause versions to be made.
+
+    rclone backend lifecycle b2:bucket -o daysFromHidingToDeleting=1
+
+See: https://www.backblaze.com/docs/cloud-storage-lifecycle-rules
+
+
+Options:
+
+- \[dq]daysFromHidingToDeleting\[dq]: After a file has been hidden for this many days it is deleted. 0 is off.
+- \[dq]daysFromUploadingToHiding\[dq]: This many days after uploading a file is hidden
+
+
+
+## Limitations
+
+\[ga]rclone about\[ga] is not supported by the B2 backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Box
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+The initial setup for Box involves getting a token from Box which you
+can do either in your browser, or with a config.json downloaded from Box
+to use JWT authentication.  \[ga]rclone config\[ga] walks you through it.
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Box
-   \[rs] \[dq]box\[dq]
-[snip]
-Storage> box
-Box App Client Id - leave blank normally.
-client_id> 
-Box App Client Secret - leave blank normally.
-client_secret>
-Box App config.json location
-Leave blank normally.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-box_config_file>
-Box App Primary Access Token
-Leave blank normally.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / Box
+\ \[dq]box\[dq] [snip] Storage> box Box App Client Id - leave blank
+normally.
+client_id> Box App Client Secret - leave blank normally.
+client_secret> Box App config.json location Leave blank normally.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+box_config_file> Box App Primary Access Token Leave blank normally.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
 access_token>
-
-Enter a string value. Press Enter for the default (\[dq]user\[dq]).
-Choose a number from below, or type in your own value
- 1 / Rclone should act on behalf of a user
-   \[rs] \[dq]user\[dq]
- 2 / Rclone should act on behalf of a service account
-   \[rs] \[dq]enterprise\[dq]
-box_sub_type>
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-client_id = 
-client_secret = 
-token = {\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]XXX\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
 .PP
+Enter a string value.
+Press Enter for the default (\[dq]user\[dq]).
+Choose a number from below, or type in your own value 1 / Rclone should
+act on behalf of a user \ \[dq]user\[dq] 2 / Rclone should act on behalf
+of a service account \ \[dq]enterprise\[dq] box_sub_type> Remote config
+Use web browser to automatically authenticate rclone with remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y) Yes n) No y/n> y If your browser doesn\[aq]t open automatically go to
+the following link: http://127.0.0.1:53682/auth Log in and authorize
+rclone for access Waiting for code...
+Got code -------------------- [remote] client_id = client_secret = token
+=
+{\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]XXX\[dq]}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
+.IP
+.nf
+\f[C]
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
 Note that rclone runs a webserver on your local machine to collect the
-token as returned from Box.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
+token as returned from Box. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on \[ga]http://127.0.0.1:53682/\[ga] and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
 List directories in top level of your Box
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 List all the files in your Box
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to an Box directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
+
+    rclone copy /home/source remote:backup
+
+### Using rclone with an Enterprise account with SSO
+
+If you have an \[dq]Enterprise\[dq] account type with Box with single sign on
+(SSO), you need to create a password to use Box with rclone. This can
+be done at your Enterprise Box account by going to Settings, \[dq]Account\[dq]
+Tab, and then set the password in the \[dq]Authentication\[dq] field.
+
+Once you have done this, you can setup your Enterprise Box account
+using the same procedure detailed above in the, using the password you
+have just set.
+
+### Invalid refresh token
+
+According to the [box docs](https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens):
+
+> Each refresh_token is valid for one use in 60 days.
+
+This means that if you
+
+  * Don\[aq]t use the box remote for 60 days
+  * Copy the config file with a box refresh token in and use it in two places
+  * Get an error on a token refresh
+
+then rclone will return an error which includes the text \[ga]Invalid
+refresh token\[ga].
+
+To fix this you will need to use oauth2 again to update the refresh
+token.  You can use the methods in [the remote setup
+docs](https://rclone.org/remote_setup/), bearing in mind that if you use the copy the
+config file method, you should not use that remote on the computer you
+did the authentication on.
+
+Here is how to do it.
 \f[R]
 .fi
-.SS Using rclone with an Enterprise account with SSO
-.PP
-If you have an \[dq]Enterprise\[dq] account type with Box with single
-sign on (SSO), you need to create a password to use Box with rclone.
-This can be done at your Enterprise Box account by going to Settings,
-\[dq]Account\[dq] Tab, and then set the password in the
-\[dq]Authentication\[dq] field.
-.PP
-Once you have done this, you can setup your Enterprise Box account using
-the same procedure detailed above in the, using the password you have
-just set.
-.SS Invalid refresh token
-.PP
-According to the box
-docs (https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens):
-.RS
-.PP
-Each refresh_token is valid for one use in 60 days.
-.RE
 .PP
-This means that if you
-.IP \[bu] 2
-Don\[aq]t use the box remote for 60 days
+$ rclone config Current remotes:
+.PP
+Name Type ==== ==== remote box
+.IP "e)" 3
+Edit existing remote
+.IP "f)" 3
+New remote
+.IP "g)" 3
+Delete remote
+.IP "h)" 3
+Rename remote
+.IP "i)" 3
+Copy remote
+.IP "j)" 3
+Set configuration password
+.IP "k)" 3
+Quit config e/n/d/r/c/s/q> e Choose a number from below, or type in an
+existing value 1 > remote remote> remote -------------------- [remote]
+type = box token =
+{\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2017-07-08T23:40:08.059167677+01:00\[dq]}
+-------------------- Edit remote Value \[dq]client_id\[dq] = \[dq]\[dq]
+Edit?
+(y/n)>
+.IP "l)" 3
+Yes
+.IP "m)" 3
+No y/n> n Value \[dq]client_secret\[dq] = \[dq]\[dq] Edit?
+(y/n)>
+.IP "n)" 3
+Yes
+.IP "o)" 3
+No y/n> n Remote config Already have a token - refresh?
+.IP "p)" 3
+Yes
+.IP "q)" 3
+No y/n> y Use web browser to automatically authenticate rclone with
+remote?
 .IP \[bu] 2
-Copy the config file with a box refresh token in and use it in two
-places
+Say Y if the machine running rclone has a web browser you can use
 .IP \[bu] 2
-Get an error on a token refresh
-.PP
-then rclone will return an error which includes the text
-\f[C]Invalid refresh token\f[R].
-.PP
-To fix this you will need to use oauth2 again to update the refresh
-token.
-You can use the methods in the remote setup
-docs (https://rclone.org/remote_setup/), bearing in mind that if you use
-the copy the config file method, you should not use that remote on the
-computer you did the authentication on.
-.PP
-Here is how to do it.
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+.IP "y)" 3
+Yes
+.IP "z)" 3
+No y/n> y If your browser doesn\[aq]t open automatically go to the
+following link: http://127.0.0.1:53682/auth Log in and authorize rclone
+for access Waiting for code...
+Got code -------------------- [remote] type = box token =
+{\[dq]access_token\[dq]:\[dq]YYY\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]YYY\[dq],\[dq]expiry\[dq]:\[dq]2017-07-23T12:22:29.259137901+01:00\[dq]}
+--------------------
+.IP "a)" 3
+Yes this is OK
+.IP "b)" 3
+Edit this remote
+.IP "c)" 3
+Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-$ rclone config
-Current remotes:
+### Modification times and hashes
 
-Name                 Type
-====                 ====
-remote               box
+Box allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> e
-Choose a number from below, or type in an existing value
- 1 > remote
-remote> remote
---------------------
-[remote]
-type = box
-token = {\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2017-07-08T23:40:08.059167677+01:00\[dq]}
---------------------
-Edit remote
-Value \[dq]client_id\[dq] = \[dq]\[dq]
-Edit? (y/n)>
-y) Yes
-n) No
-y/n> n
-Value \[dq]client_secret\[dq] = \[dq]\[dq]
-Edit? (y/n)>
-y) Yes
-n) No
-y/n> n
-Remote config
-Already have a token - refresh?
-y) Yes
-n) No
-y/n> y
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = box
-token = {\[dq]access_token\[dq]:\[dq]YYY\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]YYY\[dq],\[dq]expiry\[dq]:\[dq]2017-07-23T12:22:29.259137901+01:00\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.SS Modified time and hashes
-.PP
-Box allows modification times to be set on objects accurate to 1 second.
-These will be used to detect whether objects need syncing or not.
-.PP
-Box supports SHA1 type hashes, so you can use the \f[C]--checksum\f[R]
+Box supports SHA1 type hashes, so you can use the \[ga]--checksum\[ga]
 flag.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
-.PP
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[rs]         | 0x5C  | \[uFF3C]           |
+
 File names can also not end with the following characters.
 These only get replaced if they are the last character in the name:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-SP
-T}@T{
-0x20
-T}@T{
-\[u2420]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Transfers
-.PP
-For files above 50 MiB rclone will use a chunked transfer.
-Rclone will upload up to \f[C]--transfers\f[R] chunks at the same time
-(shared among all the multipart uploads).
-Chunks are buffered in memory and are normally 8 MiB so increasing
-\f[C]--transfers\f[R] will increase memory use.
-.SS Deleting files
-.PP
-Depending on the enterprise settings for your user, the item will either
-be actually deleted from Box or moved to the trash.
-.PP
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | \[u2420]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Transfers
+
+For files above 50 MiB rclone will use a chunked transfer.  Rclone will
+upload up to \[ga]--transfers\[ga] chunks at the same time (shared among all
+the multipart uploads).  Chunks are buffered in memory and are
+normally 8 MiB so increasing \[ga]--transfers\[ga] will increase memory use.
+
+### Deleting files
+
+Depending on the enterprise settings for your user, the item will
+either be actually deleted from Box or moved to the trash.
+
 Emptying the trash is supported via the rclone however cleanup command
 however this deletes every trashed file and folder individually so it
-may take a very long time.
-Emptying the trash via the WebUI does not have this limitation so it is
-advised to empty the trash via the WebUI.
-.SS Root folder ID
-.PP
-You can set the \f[C]root_folder_id\f[R] for rclone.
-This is the directory (identified by its \f[C]Folder ID\f[R]) that
-rclone considers to be the root of your Box drive.
-.PP
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
-.PP
+may take a very long time. 
+Emptying the trash via the  WebUI does not have this limitation 
+so it is advised to empty the trash via the WebUI.
+
+### Root folder ID
+
+You can set the \[ga]root_folder_id\[ga] for rclone.  This is the directory
+(identified by its \[ga]Folder ID\[ga]) that rclone considers to be the root
+of your Box drive.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
 However you can set this to restrict rclone to a specific folder
 hierarchy.
-.PP
-In order to do this you will have to find the \f[C]Folder ID\f[R] of the
-directory you wish rclone to display.
-This will be the last segment of the URL when you open the relevant
-folder in the Box web interface.
-.PP
+
+In order to do this you will have to find the \[ga]Folder ID\[ga] of the
+directory you wish rclone to display.  This will be the last segment
+of the URL when you open the relevant folder in the Box web
+interface.
+
 So if the folder you want rclone to use has a URL which looks like
-\f[C]https://app.box.com/folder/11xxxxxxxxx8\f[R] in the browser, then
-you use \f[C]11xxxxxxxxx8\f[R] as the \f[C]root_folder_id\f[R] in the
-config.
-.SS Standard options
-.PP
+\[ga]https://app.box.com/folder/11xxxxxxxxx8\[ga]
+in the browser, then you use \[ga]11xxxxxxxxx8\[ga] as
+the \[ga]root_folder_id\[ga] in the config.
+
+
+### Standard options
+
 Here are the Standard options specific to box (Box).
-.SS --box-client-id
-.PP
+
+#### --box-client-id
+
 OAuth Client Id.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_BOX_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_BOX_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --box-client-secret
+
 OAuth Client Secret.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_BOX_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-box-config-file
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_BOX_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --box-box-config-file
+
 Box App config.json location
-.PP
+
 Leave blank normally.
-.PP
-Leading \f[C]\[ti]\f[R] will be expanded in the file name as will
-environment variables such as \f[C]${RCLONE_CONFIG_DIR}\f[R].
-.PP
+
+Leading \[ga]\[ti]\[ga] will be expanded in the file name as will environment variables such as \[ga]${RCLONE_CONFIG_DIR}\[ga].
+
 Properties:
-.IP \[bu] 2
-Config: box_config_file
-.IP \[bu] 2
-Env Var: RCLONE_BOX_BOX_CONFIG_FILE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-access-token
-.PP
+
+- Config:      box_config_file
+- Env Var:     RCLONE_BOX_BOX_CONFIG_FILE
+- Type:        string
+- Required:    false
+
+#### --box-access-token
+
 Box App Primary Access Token
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: access_token
-.IP \[bu] 2
-Env Var: RCLONE_BOX_ACCESS_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-box-sub-type
-.PP
+
+- Config:      access_token
+- Env Var:     RCLONE_BOX_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --box-box-sub-type
+
+
+
 Properties:
-.IP \[bu] 2
-Config: box_sub_type
-.IP \[bu] 2
-Env Var: RCLONE_BOX_BOX_SUB_TYPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]user\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]user\[dq]
-.RS 2
-.IP \[bu] 2
-Rclone should act on behalf of a user.
-.RE
-.IP \[bu] 2
-\[dq]enterprise\[dq]
-.RS 2
-.IP \[bu] 2
-Rclone should act on behalf of a service account.
-.RE
-.RE
-.SS Advanced options
-.PP
+
+- Config:      box_sub_type
+- Env Var:     RCLONE_BOX_BOX_SUB_TYPE
+- Type:        string
+- Default:     \[dq]user\[dq]
+- Examples:
+    - \[dq]user\[dq]
+        - Rclone should act on behalf of a user.
+    - \[dq]enterprise\[dq]
+        - Rclone should act on behalf of a service account.
+
+### Advanced options
+
 Here are the Advanced options specific to box (Box).
-.SS --box-token
-.PP
+
+#### --box-token
+
 OAuth Access Token as a JSON blob.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_BOX_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-auth-url
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_BOX_TOKEN
+- Type:        string
+- Required:    false
+
+#### --box-auth-url
+
 Auth server URL.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_BOX_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-token-url
-.PP
+
+- Config:      auth_url
+- Env Var:     RCLONE_BOX_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --box-token-url
+
 Token server url.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_BOX_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-root-folder-id
-.PP
+
+- Config:      token_url
+- Env Var:     RCLONE_BOX_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --box-root-folder-id
+
 Fill in for rclone to use a non root folder as its starting point.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: root_folder_id
-.IP \[bu] 2
-Env Var: RCLONE_BOX_ROOT_FOLDER_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]0\[dq]
-.SS --box-upload-cutoff
-.PP
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_BOX_ROOT_FOLDER_ID
+- Type:        string
+- Default:     \[dq]0\[dq]
+
+#### --box-upload-cutoff
+
 Cutoff for switching to multipart upload (>= 50 MiB).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_BOX_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 50Mi
-.SS --box-commit-retries
-.PP
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_BOX_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     50Mi
+
+#### --box-commit-retries
+
 Max number of times to try committing a multipart file.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: commit_retries
-.IP \[bu] 2
-Env Var: RCLONE_BOX_COMMIT_RETRIES
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 100
-.SS --box-list-chunk
-.PP
+
+- Config:      commit_retries
+- Env Var:     RCLONE_BOX_COMMIT_RETRIES
+- Type:        int
+- Default:     100
+
+#### --box-list-chunk
+
 Size of listing chunk 1-1000.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: list_chunk
-.IP \[bu] 2
-Env Var: RCLONE_BOX_LIST_CHUNK
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 1000
-.SS --box-owned-by
-.PP
+
+- Config:      list_chunk
+- Env Var:     RCLONE_BOX_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --box-owned-by
+
 Only show items owned by the login (email address) passed in.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: owned_by
-.IP \[bu] 2
-Env Var: RCLONE_BOX_OWNED_BY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --box-encoding
-.PP
+
+- Config:      owned_by
+- Env Var:     RCLONE_BOX_OWNED_BY
+- Type:        string
+- Required:    false
+
+#### --box-impersonate
+
+Impersonate this user ID when using a service account.
+
+Setting this flag allows rclone, when using a JWT service account, to
+act on behalf of another user by setting the as-user header.
+
+The user ID is the Box identifier for a user. User IDs can found for
+any user via the GET /users endpoint, which is only available to
+admins, or by calling the GET /users/me endpoint with an authenticated
+user session.
+
+See: https://developer.box.com/guides/authentication/jwt/as-user/
+
+
+Properties:
+
+- Config:      impersonate
+- Env Var:     RCLONE_BOX_IMPERSONATE
+- Type:        string
+- Required:    false
+
+#### --box-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_BOX_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
-.SS Limitations
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_BOX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot
+
+
+
+## Limitations
+
 Note that Box is case insensitive so you can\[aq]t have a file called
 \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
-Box file names can\[aq]t have the \f[C]\[rs]\f[R] character in.
-rclone maps this to and from an identical looking unicode equivalent
-\f[C]\[uFF3C]\f[R] (U+FF3C Fullwidth Reverse Solidus).
-.PP
+
+Box file names can\[aq]t have the \[ga]\[rs]\[ga] character in.  rclone maps this to
+and from an identical looking unicode equivalent \[ga]\[uFF3C]\[ga] (U+FF3C Fullwidth
+Reverse Solidus).
+
 Box only supports filenames up to 255 characters in length.
-.PP
-Box has API rate
-limits (https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/)
-that sometimes reduce the speed of rclone.
-.PP
-\f[C]rclone about\f[R] is not supported by the Box backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Cache
-.PP
-The \f[C]cache\f[R] remote wraps another existing remote and stores file
-structure and its data for long running tasks like
-\f[C]rclone mount\f[R].
-.SS Status
-.PP
-The cache backend code is working but it currently doesn\[aq]t have a
-maintainer so there are outstanding
-bugs (https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug+label%3A%22Remote%3A+Cache%22)
-which aren\[aq]t getting fixed.
-.PP
+
+Box has [API rate limits](https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/) that sometimes reduce the speed of rclone.
+
+\[ga]rclone about\[ga] is not supported by the Box backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+## Get your own Box App ID
+
+Here is how to create your own Box App ID for rclone:
+
+1. Go to the [Box Developer Console](https://app.box.com/developers/console)
+and login, then click \[ga]My Apps\[ga] on the sidebar. Click \[ga]Create New App\[ga]
+and select \[ga]Custom App\[ga].
+
+2. In the first screen on the box that pops up, you can pretty much enter
+whatever you want. The \[ga]App Name\[ga] can be whatever. For \[ga]Purpose\[ga] choose
+automation to avoid having to fill out anything else. Click \[ga]Next\[ga].
+
+3. In the second screen of the creation screen, select
+\[ga]User Authentication (OAuth 2.0)\[ga]. Then click \[ga]Create App\[ga].
+
+4. You should now be on the \[ga]Configuration\[ga] tab of your new app. If not,
+click on it at the top of the webpage. Copy down \[ga]Client ID\[ga]
+and \[ga]Client Secret\[ga], you\[aq]ll need those for rclone.
+
+5. Under \[dq]OAuth 2.0 Redirect URI\[dq], add \[ga]http://127.0.0.1:53682/\[ga]
+
+6. For \[ga]Application Scopes\[ga], select \[ga]Read all files and folders stored in Box\[ga]
+and \[ga]Write all files and folders stored in box\[ga] (assuming you want to do both).
+Leave others unchecked. Click \[ga]Save Changes\[ga] at the top right.
+
+#  Cache
+
+The \[ga]cache\[ga] remote wraps another existing remote and stores file structure
+and its data for long running tasks like \[ga]rclone mount\[ga].
+
+## Status
+
+The cache backend code is working but it currently doesn\[aq]t
+have a maintainer so there are [outstanding bugs](https://github.com/rclone/rclone/issues?q=is%3Aopen+is%3Aissue+label%3Abug+label%3A%22Remote%3A+Cache%22) which aren\[aq]t getting fixed.
+
 The cache backend is due to be phased out in favour of the VFS caching
 layer eventually which is more tightly integrated into rclone.
-.PP
-Until this happens we recommend only using the cache backend if you find
-you can\[aq]t work without it.
-There are many docs online describing the use of the cache backend to
-minimize API hits and by-and-large these are out of date and the cache
-backend isn\[aq]t needed in those scenarios any more.
-.SS Configuration
-.PP
-To get started you just need to have an existing remote which can be
-configured with \f[C]cache\f[R].
-.PP
-Here is an example of how to make a remote called \f[C]test-cache\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+
+Until this happens we recommend only using the cache backend if you
+find you can\[aq]t work without it. There are many docs online describing
+the use of the cache backend to minimize API hits and by-and-large
+these are out of date and the cache backend isn\[aq]t needed in those
+scenarios any more.
+
+## Configuration
+
+To get started you just need to have an existing remote which can be configured
+with \[ga]cache\[ga].
+
+Here is an example of how to make a remote called \[ga]test-cache\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> test-cache
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Cache a remote
-   \[rs] \[dq]cache\[dq]
-[snip]
-Storage> cache
-Remote to cache.
-Normally should contain a \[aq]:\[aq] and a path, e.g. \[dq]myremote:path/to/dir\[dq],
-\[dq]myremote:bucket\[dq] or maybe \[dq]myremote:\[dq] (not recommended).
-remote> local:/test
-Optional: The URL of the Plex server
-plex_url> http://127.0.0.1:32400
-Optional: The username of the Plex user
-plex_username> dummyusername
-Optional: The password of the Plex user
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n> y
-Enter the password:
-password:
-Confirm the password:
-password:
-The size of a chunk. Lower value good for slow connections but can affect seamless reading.
-Default: 5M
-Choose a number from below, or type in your own value
- 1 / 1 MiB
-   \[rs] \[dq]1M\[dq]
- 2 / 5 MiB
-   \[rs] \[dq]5M\[dq]
- 3 / 10 MiB
-   \[rs] \[dq]10M\[dq]
-chunk_size> 2
-How much time should object info (file size, file hashes, etc.) be stored in cache. Use a very high value if you don\[aq]t plan on changing the source FS from outside the cache.
+n) New remote r) Rename remote c) Copy remote s) Set configuration
+password q) Quit config n/r/c/s/q> n name> test-cache Type of storage to
+configure.
+Choose a number from below, or type in your own value [snip] XX / Cache
+a remote \ \[dq]cache\[dq] [snip] Storage> cache Remote to cache.
+Normally should contain a \[aq]:\[aq] and a path, e.g.
+\[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq] or maybe
+\[dq]myremote:\[dq] (not recommended).
+remote> local:/test Optional: The URL of the Plex server plex_url>
+http://127.0.0.1:32400 Optional: The username of the Plex user
+plex_username> dummyusername Optional: The password of the Plex user y)
+Yes type in my own password g) Generate random password n) No leave this
+optional password blank y/g/n> y Enter the password: password: Confirm
+the password: password: The size of a chunk.
+Lower value good for slow connections but can affect seamless reading.
+Default: 5M Choose a number from below, or type in your own value 1 / 1
+MiB \ \[dq]1M\[dq] 2 / 5 MiB \ \[dq]5M\[dq] 3 / 10 MiB \ \[dq]10M\[dq]
+chunk_size> 2 How much time should object info (file size, file hashes,
+etc.) be stored in cache.
+Use a very high value if you don\[aq]t plan on changing the source FS
+from outside the cache.
 Accepted units are: \[dq]s\[dq], \[dq]m\[dq], \[dq]h\[dq].
-Default: 5m
-Choose a number from below, or type in your own value
- 1 / 1 hour
-   \[rs] \[dq]1h\[dq]
- 2 / 24 hours
-   \[rs] \[dq]24h\[dq]
- 3 / 24 hours
-   \[rs] \[dq]48h\[dq]
-info_age> 2
-The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted.
-Default: 10G
-Choose a number from below, or type in your own value
- 1 / 500 MiB
-   \[rs] \[dq]500M\[dq]
- 2 / 1 GiB
-   \[rs] \[dq]1G\[dq]
- 3 / 10 GiB
-   \[rs] \[dq]10G\[dq]
-chunk_total_size> 3
-Remote config
---------------------
-[test-cache]
-remote = local:/test
-plex_url = http://127.0.0.1:32400
-plex_username = dummyusername
-plex_password = *** ENCRYPTED ***
-chunk_size = 5M
-info_age = 48h
-chunk_total_size = 10G
-\f[R]
-.fi
-.PP
-You can then use it like this,
-.PP
-List directories in top level of your drive
+Default: 5m Choose a number from below, or type in your own value 1 / 1
+hour \ \[dq]1h\[dq] 2 / 24 hours \ \[dq]24h\[dq] 3 / 24 hours
+\ \[dq]48h\[dq] info_age> 2 The maximum size of stored chunks.
+When the storage grows beyond this size, the oldest chunks will be
+deleted.
+Default: 10G Choose a number from below, or type in your own value 1 /
+500 MiB \ \[dq]500M\[dq] 2 / 1 GiB \ \[dq]1G\[dq] 3 / 10 GiB
+\ \[dq]10G\[dq] chunk_total_size> 3 Remote config --------------------
+[test-cache] remote = local:/test plex_url = http://127.0.0.1:32400
+plex_username = dummyusername plex_password = *** ENCRYPTED ***
+chunk_size = 5M info_age = 48h chunk_total_size = 10G
 .IP
 .nf
 \f[C]
-rclone lsd test-cache:
-\f[R]
-.fi
-.PP
+You can then use it like this,
+
+List directories in top level of your drive
+
+    rclone lsd test-cache:
+
 List all the files in your drive
-.IP
-.nf
-\f[C]
-rclone ls test-cache:
-\f[R]
-.fi
-.PP
+
+    rclone ls test-cache:
+
 To start a cached mount
-.IP
-.nf
-\f[C]
-rclone mount --allow-other test-cache: /var/tmp/test-cache
-\f[R]
-.fi
-.SS Write Features
-.SS Offline uploading
-.PP
-In an effort to make writing through cache more reliable, the backend
+
+    rclone mount --allow-other test-cache: /var/tmp/test-cache
+
+### Write Features ###
+
+### Offline uploading ###
+
+In an effort to make writing through cache more reliable, the backend 
 now supports this feature which can be activated by specifying a
-\f[C]cache-tmp-upload-path\f[R].
-.PP
+\[ga]cache-tmp-upload-path\[ga].
+
 A files goes through these states when using this feature:
-.IP "1." 3
-An upload is started (usually by copying a file on the cache remote)
-.IP "2." 3
-When the copy to the temporary location is complete the file is part of
-the cached remote and looks and behaves like any other file (reading
-included)
-.IP "3." 3
-After \f[C]cache-tmp-wait-time\f[R] passes and the file is next in line,
-\f[C]rclone move\f[R] is used to move the file to the cloud provider
-.IP "4." 3
-Reading the file still works during the upload but most modifications on
-it will be prohibited
-.IP "5." 3
-Once the move is complete the file is unlocked for modifications as it
+
+1. An upload is started (usually by copying a file on the cache remote)
+2. When the copy to the temporary location is complete the file is part 
+of the cached remote and looks and behaves like any other file (reading included)
+3. After \[ga]cache-tmp-wait-time\[ga] passes and the file is next in line, \[ga]rclone move\[ga] 
+is used to move the file to the cloud provider
+4. Reading the file still works during the upload but most modifications on it will be prohibited
+5. Once the move is complete the file is unlocked for modifications as it
 becomes as any other regular file
-.IP "6." 3
-If the file is being read through \f[C]cache\f[R] when it\[aq]s actually
-deleted from the temporary path then \f[C]cache\f[R] will simply swap
-the source to the cloud provider without interrupting the reading (small
-blip can happen though)
-.PP
+6. If the file is being read through \[ga]cache\[ga] when it\[aq]s actually
+deleted from the temporary path then \[ga]cache\[ga] will simply swap the source
+to the cloud provider without interrupting the reading (small blip can happen though)
+
 Files are uploaded in sequence and only one file is uploaded at a time.
-Uploads will be stored in a queue and be processed based on the order
-they were added.
+Uploads will be stored in a queue and be processed based on the order they were added.
 The queue and the temporary storage is persistent across restarts but
-can be cleared on startup with the \f[C]--cache-db-purge\f[R] flag.
-.SS Write Support
-.PP
-Writes are supported through \f[C]cache\f[R].
-One caveat is that a mounted cache remote does not add any retry or
-fallback mechanism to the upload operation.
-This will depend on the implementation of the wrapped remote.
-Consider using \f[C]Offline uploading\f[R] for reliable writes.
-.PP
-One special case is covered with \f[C]cache-writes\f[R] which will cache
-the file data at the same time as the upload when it is enabled making
-it available from the cache store immediately once the upload is
-finished.
-.SS Read Features
-.SS Multiple connections
-.PP
+can be cleared on startup with the \[ga]--cache-db-purge\[ga] flag.
+
+### Write Support ###
+
+Writes are supported through \[ga]cache\[ga].
+One caveat is that a mounted cache remote does not add any retry or fallback
+mechanism to the upload operation. This will depend on the implementation
+of the wrapped remote. Consider using \[ga]Offline uploading\[ga] for reliable writes.
+
+One special case is covered with \[ga]cache-writes\[ga] which will cache the file
+data at the same time as the upload when it is enabled making it available
+from the cache store immediately once the upload is finished.
+
+### Read Features ###
+
+#### Multiple connections ####
+
 To counter the high latency between a local PC where rclone is running
 and cloud providers, the cache remote can split multiple requests to the
-cloud provider for smaller file chunks and combines them together
-locally where they can be available almost immediately before the reader
-usually needs them.
-.PP
-This is similar to buffering when media files are played online.
-Rclone will stay around the current marker but always try its best to
-stay ahead and prepare the data before.
-.SS Plex Integration
-.PP
-There is a direct integration with Plex which allows cache to detect
-during reading if the file is in playback or not.
-This helps cache to adapt how it queries the cloud provider depending on
-what is needed for.
-.PP
-Scans will have a minimum amount of workers (1) while in a confirmed
-playback cache will deploy the configured number of workers.
-.PP
-This integration opens the doorway to additional performance
-improvements which will be explored in the near future.
-.PP
-\f[B]Note:\f[R] If Plex options are not configured, \f[C]cache\f[R] will
-function with its configured options without adapting any of its
-settings.
-.PP
-How to enable?
-Run \f[C]rclone config\f[R] and add all the Plex options (endpoint,
-username and password) in your remote and it will be automatically
-enabled.
-.PP
-Affected settings: - \f[C]cache-workers\f[R]: \f[I]Configured value\f[R]
-during confirmed playback or \f[I]1\f[R] all the other times
-.SS Certificate Validation
-.PP
-When the Plex server is configured to only accept secure connections, it
-is possible to use \f[C].plex.direct\f[R] URLs to ensure certificate
-validation succeeds.
-These URLs are used by Plex internally to connect to the Plex server
-securely.
-.PP
+cloud provider for smaller file chunks and combines them together locally
+where they can be available almost immediately before the reader usually
+needs them.
+
+This is similar to buffering when media files are played online. Rclone
+will stay around the current marker but always try its best to stay ahead
+and prepare the data before.
+
+#### Plex Integration ####
+
+There is a direct integration with Plex which allows cache to detect during reading
+if the file is in playback or not. This helps cache to adapt how it queries
+the cloud provider depending on what is needed for.
+
+Scans will have a minimum amount of workers (1) while in a confirmed playback cache
+will deploy the configured number of workers.
+
+This integration opens the doorway to additional performance improvements
+which will be explored in the near future.
+
+**Note:** If Plex options are not configured, \[ga]cache\[ga] will function with its
+configured options without adapting any of its settings.
+
+How to enable? Run \[ga]rclone config\[ga] and add all the Plex options (endpoint, username
+and password) in your remote and it will be automatically enabled.
+
+Affected settings:
+- \[ga]cache-workers\[ga]: _Configured value_ during confirmed playback or _1_ all the other times
+
+##### Certificate Validation #####
+
+When the Plex server is configured to only accept secure connections, it is
+possible to use \[ga].plex.direct\[ga] URLs to ensure certificate validation succeeds.
+These URLs are used by Plex internally to connect to the Plex server securely.
+
 The format for these URLs is the following:
-.PP
-\f[C]https://ip-with-dots-replaced.server-hash.plex.direct:32400/\f[R]
-.PP
-The \f[C]ip-with-dots-replaced\f[R] part can be any IPv4 address, where
-the dots have been replaced with dashes, e.g.
-\f[C]127.0.0.1\f[R] becomes \f[C]127-0-0-1\f[R].
-.PP
-To get the \f[C]server-hash\f[R] part, the easiest way is to visit
-.PP
+
+\[ga]https://ip-with-dots-replaced.server-hash.plex.direct:32400/\[ga]
+
+The \[ga]ip-with-dots-replaced\[ga] part can be any IPv4 address, where the dots
+have been replaced with dashes, e.g. \[ga]127.0.0.1\[ga] becomes \[ga]127-0-0-1\[ga].
+
+To get the \[ga]server-hash\[ga] part, the easiest way is to visit
+
 https://plex.tv/api/resources?includeHttps=1&X-Plex-Token=your-plex-token
-.PP
-This page will list all the available Plex servers for your account with
-at least one \f[C].plex.direct\f[R] link for each.
-Copy one URL and replace the IP address with the desired address.
-This can be used as the \f[C]plex_url\f[R] value.
-.SS Known issues
-.SS Mount and --dir-cache-time
-.PP
---dir-cache-time controls the first layer of directory caching which
-works at the mount layer.
-Being an independent caching mechanism from the \f[C]cache\f[R] backend,
-it will manage its own entries based on the configured time.
-.PP
-To avoid getting in a scenario where dir cache has obsolete data and
-cache would have the correct one, try to set \f[C]--dir-cache-time\f[R]
-to a lower time than \f[C]--cache-info-age\f[R].
-Default values are already configured in this way.
-.SS Windows support - Experimental
-.PP
-There are a couple of issues with Windows \f[C]mount\f[R] functionality
-that still require some investigations.
-It should be considered as experimental thus far as fixes come in for
-this OS.
-.PP
-Most of the issues seem to be related to the difference between
-filesystems on Linux flavors and Windows as cache is heavily dependent
-on them.
-.PP
-Any reports or feedback on how cache behaves on this OS is greatly
-appreciated.
-.IP \[bu] 2
-https://github.com/rclone/rclone/issues/1935
-.IP \[bu] 2
-https://github.com/rclone/rclone/issues/1907
-.IP \[bu] 2
-https://github.com/rclone/rclone/issues/1834
-.SS Risk of throttling
-.PP
-Future iterations of the cache backend will make use of the pooling
-functionality of the cloud provider to synchronize and at the same time
-make writing through it more tolerant to failures.
-.PP
-There are a couple of enhancements in track to add these but in the
-meantime there is a valid concern that the expiring cache listings can
-lead to cloud provider throttles or bans due to repeated queries on it
-for very large mounts.
-.PP
-Some recommendations: - don\[aq]t use a very small interval for entry
-information (\f[C]--cache-info-age\f[R]) - while writes aren\[aq]t yet
-optimised, you can still write through \f[C]cache\f[R] which gives you
-the advantage of adding the file in the cache at the same time if
-configured to do so.
-.PP
+
+This page will list all the available Plex servers for your account
+with at least one \[ga].plex.direct\[ga] link for each. Copy one URL and replace
+the IP address with the desired address. This can be used as the
+\[ga]plex_url\[ga] value.
+
+### Known issues ###
+
+#### Mount and --dir-cache-time ####
+
+--dir-cache-time controls the first layer of directory caching which works at the mount layer.
+Being an independent caching mechanism from the \[ga]cache\[ga] backend, it will manage its own entries
+based on the configured time.
+
+To avoid getting in a scenario where dir cache has obsolete data and cache would have the correct
+one, try to set \[ga]--dir-cache-time\[ga] to a lower time than \[ga]--cache-info-age\[ga]. Default values are
+already configured in this way. 
+
+#### Windows support - Experimental ####
+
+There are a couple of issues with Windows \[ga]mount\[ga] functionality that still require some investigations.
+It should be considered as experimental thus far as fixes come in for this OS.
+
+Most of the issues seem to be related to the difference between filesystems
+on Linux flavors and Windows as cache is heavily dependent on them.
+
+Any reports or feedback on how cache behaves on this OS is greatly appreciated.
+ 
+- https://github.com/rclone/rclone/issues/1935
+- https://github.com/rclone/rclone/issues/1907
+- https://github.com/rclone/rclone/issues/1834 
+
+#### Risk of throttling ####
+
+Future iterations of the cache backend will make use of the pooling functionality
+of the cloud provider to synchronize and at the same time make writing through it
+more tolerant to failures. 
+
+There are a couple of enhancements in track to add these but in the meantime
+there is a valid concern that the expiring cache listings can lead to cloud provider
+throttles or bans due to repeated queries on it for very large mounts.
+
+Some recommendations:
+- don\[aq]t use a very small interval for entry information (\[ga]--cache-info-age\[ga])
+- while writes aren\[aq]t yet optimised, you can still write through \[ga]cache\[ga] which gives you the advantage
+of adding the file in the cache at the same time if configured to do so.
+
 Future enhancements:
-.IP \[bu] 2
-https://github.com/rclone/rclone/issues/1937
-.IP \[bu] 2
-https://github.com/rclone/rclone/issues/1936
-.SS cache and crypt
-.PP
+
+- https://github.com/rclone/rclone/issues/1937
+- https://github.com/rclone/rclone/issues/1936 
+
+#### cache and crypt ####
+
 One common scenario is to keep your data encrypted in the cloud provider
-using the \f[C]crypt\f[R] remote.
-\f[C]crypt\f[R] uses a similar technique to wrap around an existing
-remote and handles this translation in a seamless way.
-.PP
-There is an issue with wrapping the remotes in this order: \f[B]cloud
-remote\f[R] -> \f[B]crypt\f[R] -> \f[B]cache\f[R]
-.PP
-During testing, I experienced a lot of bans with the remotes in this
-order.
-I suspect it might be related to how crypt opens files on the cloud
-provider which makes it think we\[aq]re downloading the full file
-instead of small chunks.
-Organizing the remotes in this order yields better results: \f[B]cloud
-remote\f[R] -> \f[B]cache\f[R] -> \f[B]crypt\f[R]
-.SS absolute remote paths
-.PP
-\f[C]cache\f[R] can not differentiate between relative and absolute
-paths for the wrapped remote.
-Any path given in the \f[C]remote\f[R] config setting and on the command
-line will be passed to the wrapped remote as is, but for storing the
-chunks on disk the path will be made relative by removing any leading
-\f[C]/\f[R] character.
-.PP
-This behavior is irrelevant for most backend types, but there are
-backends where a leading \f[C]/\f[R] changes the effective directory,
-e.g.
-in the \f[C]sftp\f[R] backend paths starting with a \f[C]/\f[R] are
-relative to the root of the SSH server and paths without are relative to
-the user home directory.
-As a result \f[C]sftp:bin\f[R] and \f[C]sftp:/bin\f[R] will share the
-same cache folder, even if they represent a different directory on the
-SSH server.
-.SS Cache and Remote Control (--rc)
-.PP
-Cache supports the new \f[C]--rc\f[R] mode in rclone and can be remote
-controlled through the following end points: By default, the listener is
-disabled if you do not add the flag.
-.SS rc cache/expire
-.PP
-Purge a remote from the cache backend.
-Supports either a directory or a file.
-It supports both encrypted and unencrypted file names if cache is
-wrapped by crypt.
-.PP
-Params: - \f[B]remote\f[R] = path to remote \f[B](required)\f[R] -
-\f[B]withData\f[R] = true/false to delete cached data (chunks) as well
-\f[I](optional, false by default)\f[R]
-.SS Standard options
-.PP
+using the \[ga]crypt\[ga] remote. \[ga]crypt\[ga] uses a similar technique to wrap around
+an existing remote and handles this translation in a seamless way.
+
+There is an issue with wrapping the remotes in this order:
+**cloud remote** -> **crypt** -> **cache**
+
+During testing, I experienced a lot of bans with the remotes in this order.
+I suspect it might be related to how crypt opens files on the cloud provider
+which makes it think we\[aq]re downloading the full file instead of small chunks.
+Organizing the remotes in this order yields better results:
+**cloud remote** -> **cache** -> **crypt**
+
+#### absolute remote paths ####
+
+\[ga]cache\[ga] can not differentiate between relative and absolute paths for the wrapped remote.
+Any path given in the \[ga]remote\[ga] config setting and on the command line will be passed to
+the wrapped remote as is, but for storing the chunks on disk the path will be made
+relative by removing any leading \[ga]/\[ga] character.
+
+This behavior is irrelevant for most backend types, but there are backends where a leading \[ga]/\[ga]
+changes the effective directory, e.g. in the \[ga]sftp\[ga] backend paths starting with a \[ga]/\[ga] are
+relative to the root of the SSH server and paths without are relative to the user home directory.
+As a result \[ga]sftp:bin\[ga] and \[ga]sftp:/bin\[ga] will share the same cache folder, even if they represent
+a different directory on the SSH server.
+
+### Cache and Remote Control (--rc) ###
+Cache supports the new \[ga]--rc\[ga] mode in rclone and can be remote controlled through the following end points:
+By default, the listener is disabled if you do not add the flag.
+
+### rc cache/expire
+Purge a remote from the cache backend. Supports either a directory or a file.
+It supports both encrypted and unencrypted file names if cache is wrapped by crypt.
+
+Params:
+  - **remote** = path to remote **(required)**
+  - **withData** = true/false to delete cached data (chunks) as well _(optional, false by default)_
+
+
+### Standard options
+
 Here are the Standard options specific to cache (Cache a remote).
-.SS --cache-remote
-.PP
+
+#### --cache-remote
+
 Remote to cache.
-.PP
-Normally should contain a \[aq]:\[aq] and a path, e.g.
-\[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq] or maybe
-\[dq]myremote:\[dq] (not recommended).
-.PP
+
+Normally should contain a \[aq]:\[aq] and a path, e.g. \[dq]myremote:path/to/dir\[dq],
+\[dq]myremote:bucket\[dq] or maybe \[dq]myremote:\[dq] (not recommended).
+
 Properties:
-.IP \[bu] 2
-Config: remote
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_REMOTE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --cache-plex-url
-.PP
+
+- Config:      remote
+- Env Var:     RCLONE_CACHE_REMOTE
+- Type:        string
+- Required:    true
+
+#### --cache-plex-url
+
 The URL of the Plex server.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: plex_url
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_PLEX_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --cache-plex-username
-.PP
+
+- Config:      plex_url
+- Env Var:     RCLONE_CACHE_PLEX_URL
+- Type:        string
+- Required:    false
+
+#### --cache-plex-username
+
 The username of the Plex user.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: plex_username
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_PLEX_USERNAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --cache-plex-password
-.PP
+
+- Config:      plex_username
+- Env Var:     RCLONE_CACHE_PLEX_USERNAME
+- Type:        string
+- Required:    false
+
+#### --cache-plex-password
+
 The password of the Plex user.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: plex_password
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_PLEX_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --cache-chunk-size
-.PP
+
+- Config:      plex_password
+- Env Var:     RCLONE_CACHE_PLEX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --cache-chunk-size
+
 The size of a chunk (partial file data).
-.PP
-Use lower numbers for slower connections.
-If the chunk size is changed, any downloaded chunks will be invalid and
-cache-chunk-path will need to be cleared or unexpected EOF errors will
-occur.
-.PP
+
+Use lower numbers for slower connections. If the chunk size is
+changed, any downloaded chunks will be invalid and cache-chunk-path
+will need to be cleared or unexpected EOF errors will occur.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 5Mi
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]1M\[dq]
-.RS 2
-.IP \[bu] 2
-1 MiB
-.RE
-.IP \[bu] 2
-\[dq]5M\[dq]
-.RS 2
-.IP \[bu] 2
-5 MiB
-.RE
-.IP \[bu] 2
-\[dq]10M\[dq]
-.RS 2
-.IP \[bu] 2
-10 MiB
-.RE
-.RE
-.SS --cache-info-age
-.PP
-How long to cache file structure information (directory listings, file
-size, times, etc.).
-If all write operations are done through the cache then you can safely
-make this value very large as the cache store will also be updated in
-real time.
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_CACHE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Mi
+- Examples:
+    - \[dq]1M\[dq]
+        - 1 MiB
+    - \[dq]5M\[dq]
+        - 5 MiB
+    - \[dq]10M\[dq]
+        - 10 MiB
+
+#### --cache-info-age
+
+How long to cache file structure information (directory listings, file size, times, etc.). 
+If all write operations are done through the cache then you can safely make
+this value very large as the cache store will also be updated in real time.
+
 Properties:
-.IP \[bu] 2
-Config: info_age
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_INFO_AGE
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 6h0m0s
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]1h\[dq]
-.RS 2
-.IP \[bu] 2
-1 hour
-.RE
-.IP \[bu] 2
-\[dq]24h\[dq]
-.RS 2
-.IP \[bu] 2
-24 hours
-.RE
-.IP \[bu] 2
-\[dq]48h\[dq]
-.RS 2
-.IP \[bu] 2
-48 hours
-.RE
-.RE
-.SS --cache-chunk-total-size
-.PP
+
+- Config:      info_age
+- Env Var:     RCLONE_CACHE_INFO_AGE
+- Type:        Duration
+- Default:     6h0m0s
+- Examples:
+    - \[dq]1h\[dq]
+        - 1 hour
+    - \[dq]24h\[dq]
+        - 24 hours
+    - \[dq]48h\[dq]
+        - 48 hours
+
+#### --cache-chunk-total-size
+
 The total size that the chunks can take up on the local disk.
-.PP
-If the cache exceeds this value then it will start to delete the oldest
-chunks until it goes under this value.
-.PP
+
+If the cache exceeds this value then it will start to delete the
+oldest chunks until it goes under this value.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_total_size
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_CHUNK_TOTAL_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 10Gi
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]500M\[dq]
-.RS 2
-.IP \[bu] 2
-500 MiB
-.RE
-.IP \[bu] 2
-\[dq]1G\[dq]
-.RS 2
-.IP \[bu] 2
-1 GiB
-.RE
-.IP \[bu] 2
-\[dq]10G\[dq]
-.RS 2
-.IP \[bu] 2
-10 GiB
-.RE
-.RE
-.SS Advanced options
-.PP
+
+- Config:      chunk_total_size
+- Env Var:     RCLONE_CACHE_CHUNK_TOTAL_SIZE
+- Type:        SizeSuffix
+- Default:     10Gi
+- Examples:
+    - \[dq]500M\[dq]
+        - 500 MiB
+    - \[dq]1G\[dq]
+        - 1 GiB
+    - \[dq]10G\[dq]
+        - 10 GiB
+
+### Advanced options
+
 Here are the Advanced options specific to cache (Cache a remote).
-.SS --cache-plex-token
-.PP
+
+#### --cache-plex-token
+
 The plex token for authentication - auto set normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: plex_token
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_PLEX_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --cache-plex-insecure
-.PP
+
+- Config:      plex_token
+- Env Var:     RCLONE_CACHE_PLEX_TOKEN
+- Type:        string
+- Required:    false
+
+#### --cache-plex-insecure
+
 Skip all certificate verification when connecting to the Plex server.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: plex_insecure
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_PLEX_INSECURE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --cache-db-path
-.PP
+
+- Config:      plex_insecure
+- Env Var:     RCLONE_CACHE_PLEX_INSECURE
+- Type:        string
+- Required:    false
+
+#### --cache-db-path
+
 Directory to store file structure metadata DB.
-.PP
+
 The remote name is used as the DB file name.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: db_path
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_DB_PATH
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]$HOME/.cache/rclone/cache-backend\[dq]
-.SS --cache-chunk-path
-.PP
+
+- Config:      db_path
+- Env Var:     RCLONE_CACHE_DB_PATH
+- Type:        string
+- Default:     \[dq]$HOME/.cache/rclone/cache-backend\[dq]
+
+#### --cache-chunk-path
+
 Directory to cache chunk files.
-.PP
-Path to where partial file data (chunks) are stored locally.
-The remote name is appended to the final path.
-.PP
-This config follows the \[dq]--cache-db-path\[dq].
-If you specify a custom location for \[dq]--cache-db-path\[dq] and
-don\[aq]t specify one for \[dq]--cache-chunk-path\[dq] then
-\[dq]--cache-chunk-path\[dq] will use the same path as
-\[dq]--cache-db-path\[dq].
-.PP
+
+Path to where partial file data (chunks) are stored locally. The remote
+name is appended to the final path.
+
+This config follows the \[dq]--cache-db-path\[dq]. If you specify a custom
+location for \[dq]--cache-db-path\[dq] and don\[aq]t specify one for \[dq]--cache-chunk-path\[dq]
+then \[dq]--cache-chunk-path\[dq] will use the same path as \[dq]--cache-db-path\[dq].
+
 Properties:
-.IP \[bu] 2
-Config: chunk_path
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_CHUNK_PATH
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]$HOME/.cache/rclone/cache-backend\[dq]
-.SS --cache-db-purge
-.PP
+
+- Config:      chunk_path
+- Env Var:     RCLONE_CACHE_CHUNK_PATH
+- Type:        string
+- Default:     \[dq]$HOME/.cache/rclone/cache-backend\[dq]
+
+#### --cache-db-purge
+
 Clear all the cached data for this remote on start.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: db_purge
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_DB_PURGE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --cache-chunk-clean-interval
-.PP
+
+- Config:      db_purge
+- Env Var:     RCLONE_CACHE_DB_PURGE
+- Type:        bool
+- Default:     false
+
+#### --cache-chunk-clean-interval
+
 How often should the cache perform cleanups of the chunk storage.
-.PP
-The default value should be ok for most people.
-If you find that the cache goes over \[dq]cache-chunk-total-size\[dq]
-too often then try to lower this value to force it to perform cleanups
-more often.
-.PP
+
+The default value should be ok for most people. If you find that the
+cache goes over \[dq]cache-chunk-total-size\[dq] too often then try to lower
+this value to force it to perform cleanups more often.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_clean_interval
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1m0s
-.SS --cache-read-retries
-.PP
+
+- Config:      chunk_clean_interval
+- Env Var:     RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
+- Type:        Duration
+- Default:     1m0s
+
+#### --cache-read-retries
+
 How many times to retry a read from a cache storage.
-.PP
+
 Since reading from a cache stream is independent from downloading file
 data, readers can get to a point where there\[aq]s no more data in the
-cache.
-Most of the times this can indicate a connectivity issue if cache
-isn\[aq]t able to provide file data anymore.
-.PP
-For really slow connections, increase this to a point where the stream
-is able to provide data but your experience will be very stuttering.
-.PP
+cache.  Most of the times this can indicate a connectivity issue if
+cache isn\[aq]t able to provide file data anymore.
+
+For really slow connections, increase this to a point where the stream is
+able to provide data but your experience will be very stuttering.
+
 Properties:
-.IP \[bu] 2
-Config: read_retries
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_READ_RETRIES
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 10
-.SS --cache-workers
-.PP
+
+- Config:      read_retries
+- Env Var:     RCLONE_CACHE_READ_RETRIES
+- Type:        int
+- Default:     10
+
+#### --cache-workers
+
 How many workers should run in parallel to download chunks.
-.PP
-Higher values will mean more parallel processing (better CPU needed) and
-more concurrent requests on the cloud provider.
-This impacts several aspects like the cloud provider API limits, more
-stress on the hardware that rclone runs on but it also means that
-streams will be more fluid and data will be available much more faster
-to readers.
-.PP
-\f[B]Note\f[R]: If the optional Plex integration is enabled then this
+
+Higher values will mean more parallel processing (better CPU needed)
+and more concurrent requests on the cloud provider.  This impacts
+several aspects like the cloud provider API limits, more stress on the
+hardware that rclone runs on but it also means that streams will be
+more fluid and data will be available much more faster to readers.
+
+**Note**: If the optional Plex integration is enabled then this
 setting will adapt to the type of reading performed and the value
 specified here will be used as a maximum number of workers to use.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: workers
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_WORKERS
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 4
-.SS --cache-chunk-no-memory
-.PP
+
+- Config:      workers
+- Env Var:     RCLONE_CACHE_WORKERS
+- Type:        int
+- Default:     4
+
+#### --cache-chunk-no-memory
+
 Disable the in-memory cache for storing chunks during streaming.
-.PP
-By default, cache will keep file data during streaming in RAM as well to
-provide it to readers as fast as possible.
-.PP
+
+By default, cache will keep file data during streaming in RAM as well
+to provide it to readers as fast as possible.
+
 This transient data is evicted as soon as it is read and the number of
-chunks stored doesn\[aq]t exceed the number of workers.
-However, depending on other settings like \[dq]cache-chunk-size\[dq] and
-\[dq]cache-workers\[dq] this footprint can increase if there are
-parallel streams too (multiple files being read at the same time).
-.PP
-If the hardware permits it, use this feature to provide an overall
-better performance during streaming but it can also be disabled if RAM
-is not available on the local machine.
-.PP
+chunks stored doesn\[aq]t exceed the number of workers. However, depending
+on other settings like \[dq]cache-chunk-size\[dq] and \[dq]cache-workers\[dq] this footprint
+can increase if there are parallel streams too (multiple files being read
+at the same time).
+
+If the hardware permits it, use this feature to provide an overall better
+performance during streaming but it can also be disabled if RAM is not
+available on the local machine.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_no_memory
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_CHUNK_NO_MEMORY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --cache-rps
-.PP
-Limits the number of requests per second to the source FS (-1 to
-disable).
-.PP
+
+- Config:      chunk_no_memory
+- Env Var:     RCLONE_CACHE_CHUNK_NO_MEMORY
+- Type:        bool
+- Default:     false
+
+#### --cache-rps
+
+Limits the number of requests per second to the source FS (-1 to disable).
+
 This setting places a hard limit on the number of requests per second
-that cache will be doing to the cloud provider remote and try to respect
-that value by setting waits between reads.
-.PP
+that cache will be doing to the cloud provider remote and try to
+respect that value by setting waits between reads.
+
 If you find that you\[aq]re getting banned or limited on the cloud
 provider through cache and know that a smaller number of requests per
-second will allow you to work with it then you can use this setting for
-that.
-.PP
+second will allow you to work with it then you can use this setting
+for that.
+
 A good balance of all the other settings should make this setting
 useless but it is available to set for more special cases.
-.PP
-\f[B]NOTE\f[R]: This will limit the number of requests during streams
-but other API calls to the cloud provider like directory listings will
+
+**NOTE**: This will limit the number of requests during streams but
+other API calls to the cloud provider like directory listings will
 still pass.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: rps
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_RPS
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: -1
-.SS --cache-writes
-.PP
+
+- Config:      rps
+- Env Var:     RCLONE_CACHE_RPS
+- Type:        int
+- Default:     -1
+
+#### --cache-writes
+
 Cache file data on writes through the FS.
-.PP
+
 If you need to read files immediately after you upload them through
-cache you can enable this flag to have their data stored in the cache
-store at the same time during upload.
-.PP
+cache you can enable this flag to have their data stored in the
+cache store at the same time during upload.
+
 Properties:
-.IP \[bu] 2
-Config: writes
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_WRITES
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --cache-tmp-upload-path
-.PP
+
+- Config:      writes
+- Env Var:     RCLONE_CACHE_WRITES
+- Type:        bool
+- Default:     false
+
+#### --cache-tmp-upload-path
+
 Directory to keep temporary files until they are uploaded.
-.PP
-This is the path where cache will use as a temporary storage for new
-files that need to be uploaded to the cloud provider.
-.PP
-Specifying a value will enable this feature.
-Without it, it is completely disabled and files will be uploaded
-directly to the cloud provider
-.PP
-Properties:
-.IP \[bu] 2
-Config: tmp_upload_path
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_TMP_UPLOAD_PATH
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --cache-tmp-wait-time
-.PP
+
+This is the path where cache will use as a temporary storage for new
+files that need to be uploaded to the cloud provider.
+
+Specifying a value will enable this feature. Without it, it is
+completely disabled and files will be uploaded directly to the cloud
+provider
+
+Properties:
+
+- Config:      tmp_upload_path
+- Env Var:     RCLONE_CACHE_TMP_UPLOAD_PATH
+- Type:        string
+- Required:    false
+
+#### --cache-tmp-wait-time
+
 How long should files be stored in local cache before being uploaded.
-.PP
+
 This is the duration that a file must wait in the temporary location
-\f[I]cache-tmp-upload-path\f[R] before it is selected for upload.
-.PP
-Note that only one file is uploaded at a time and it can take longer to
-start the upload if a queue formed for this purpose.
-.PP
+_cache-tmp-upload-path_ before it is selected for upload.
+
+Note that only one file is uploaded at a time and it can take longer
+to start the upload if a queue formed for this purpose.
+
 Properties:
-.IP \[bu] 2
-Config: tmp_wait_time
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_TMP_WAIT_TIME
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 15s
-.SS --cache-db-wait-time
-.PP
+
+- Config:      tmp_wait_time
+- Env Var:     RCLONE_CACHE_TMP_WAIT_TIME
+- Type:        Duration
+- Default:     15s
+
+#### --cache-db-wait-time
+
 How long to wait for the DB to be available - 0 is unlimited.
-.PP
+
 Only one process can have the DB open at any one time, so rclone waits
 for this duration for the DB to become available before it gives an
 error.
-.PP
+
 If you set it to 0 then it will wait forever.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: db_wait_time
-.IP \[bu] 2
-Env Var: RCLONE_CACHE_DB_WAIT_TIME
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1s
-.SS Backend commands
-.PP
+
+- Config:      db_wait_time
+- Env Var:     RCLONE_CACHE_DB_WAIT_TIME
+- Type:        Duration
+- Default:     1s
+
+## Backend commands
+
 Here are the commands specific to the cache backend.
-.PP
+
 Run them with
-.IP
-.nf
-\f[C]
-rclone backend COMMAND remote:
-\f[R]
-.fi
-.PP
+
+    rclone backend COMMAND remote:
+
 The help below will explain what arguments each command takes.
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more info on how to pass options and arguments.
-.PP
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
 These can be run on a running backend using the rc command
-backend/command (https://rclone.org/rc/#backend-command).
-.SS stats
-.PP
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### stats
+
 Print stats on the cache backend in JSON format.
-.IP
-.nf
-\f[C]
-rclone backend stats remote: [options] [<arguments>+]
+
+    rclone backend stats remote: [options] [<arguments>+]
+
+
+
+#  Chunker
+
+The \[ga]chunker\[ga] overlay transparently splits large files into smaller chunks
+during upload to wrapped remote and transparently assembles them back
+when the file is downloaded. This allows to effectively overcome size limits
+imposed by storage providers.
+
+## Configuration
+
+To use it, first set up the underlying remote following the configuration
+instructions for that remote. You can also use a local pathname instead of
+a remote.
+
+First check your chosen remote is working - we\[aq]ll call it \[ga]remote:path\[ga] here.
+Note that anything inside \[ga]remote:path\[ga] will be chunked and anything outside
+won\[aq]t. This means that if you are using a bucket-based remote (e.g. S3, B2, swift)
+then you should probably put the bucket in the remote \[ga]s3:bucket\[ga].
+
+Now configure \[ga]chunker\[ga] using \[ga]rclone config\[ga]. We will call this one \[ga]overlay\[ga]
+to separate it from the \[ga]remote\[ga] itself.
 \f[R]
 .fi
-.SH Chunker
 .PP
-The \f[C]chunker\f[R] overlay transparently splits large files into
-smaller chunks during upload to wrapped remote and transparently
-assembles them back when the file is downloaded.
-This allows to effectively overcome size limits imposed by storage
-providers.
-.SS Configuration
-.PP
-To use it, first set up the underlying remote following the
-configuration instructions for that remote.
-You can also use a local pathname instead of a remote.
-.PP
-First check your chosen remote is working - we\[aq]ll call it
-\f[C]remote:path\f[R] here.
-Note that anything inside \f[C]remote:path\f[R] will be chunked and
-anything outside won\[aq]t.
-This means that if you are using a bucket-based remote (e.g.
-S3, B2, swift) then you should probably put the bucket in the remote
-\f[C]s3:bucket\f[R].
-.PP
-Now configure \f[C]chunker\f[R] using \f[C]rclone config\f[R].
-We will call this one \f[C]overlay\f[R] to separate it from the
-\f[C]remote\f[R] itself.
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> overlay
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Transparently chunk/split large files
-   \[rs] \[dq]chunker\[dq]
-[snip]
-Storage> chunker
-Remote to chunk/unchunk.
-Normally should contain a \[aq]:\[aq] and a path, e.g. \[dq]myremote:path/to/dir\[dq],
-\[dq]myremote:bucket\[dq] or maybe \[dq]myremote:\[dq] (not recommended).
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-remote> remote:path
-Files larger than chunk size will be split in chunks.
-Enter a size with suffix K,M,G,T. Press Enter for the default (\[dq]2G\[dq]).
-chunk_size> 100M
-Choose how chunker handles hash sums. All modes but \[dq]none\[dq] require metadata.
-Enter a string value. Press Enter for the default (\[dq]md5\[dq]).
-Choose a number from below, or type in your own value
- 1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise
-   \[rs] \[dq]none\[dq]
- 2 / MD5 for composite files
-   \[rs] \[dq]md5\[dq]
- 3 / SHA1 for composite files
-   \[rs] \[dq]sha1\[dq]
- 4 / MD5 for all files
-   \[rs] \[dq]md5all\[dq]
- 5 / SHA1 for all files
-   \[rs] \[dq]sha1all\[dq]
- 6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported
-   \[rs] \[dq]md5quick\[dq]
- 7 / Similar to \[dq]md5quick\[dq] but prefers SHA1 over MD5
-   \[rs] \[dq]sha1quick\[dq]
-hash_type> md5
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
---------------------
-[overlay]
-type = chunker
-remote = remote:bucket
-chunk_size = 100M
-hash_type = md5
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.SS Specifying the remote
-.PP
-In normal use, make sure the remote has a \f[C]:\f[R] in.
-If you specify the remote without a \f[C]:\f[R] then rclone will use a
-local directory of that name.
-So if you use a remote of \f[C]/path/to/secret/files\f[R] then rclone
-will chunk stuff in that directory.
-If you use a remote of \f[C]name\f[R] then rclone will put files in a
-directory called \f[C]name\f[R] in the current directory.
-.SS Chunking
-.PP
-When rclone starts a file upload, chunker checks the file size.
-If it doesn\[aq]t exceed the configured chunk size, chunker will just
-pass the file to the wrapped remote.
-If a file is large, chunker will transparently cut data in pieces with
-temporary names and stream them one by one, on the fly.
-Each data chunk will contain the specified number of bytes, except for
-the last one which may have less data.
-If file size is unknown in advance (this is called a streaming upload),
-chunker will internally create a temporary copy, record its size and
-repeat the above process.
-.PP
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> overlay Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+Transparently chunk/split large files \ \[dq]chunker\[dq] [snip]
+Storage> chunker Remote to chunk/unchunk.
+Normally should contain a \[aq]:\[aq] and a path, e.g.
+\[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq] or maybe
+\[dq]myremote:\[dq] (not recommended).
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+remote> remote:path Files larger than chunk size will be split in
+chunks.
+Enter a size with suffix K,M,G,T.
+Press Enter for the default (\[dq]2G\[dq]).
+chunk_size> 100M Choose how chunker handles hash sums.
+All modes but \[dq]none\[dq] require metadata.
+Enter a string value.
+Press Enter for the default (\[dq]md5\[dq]).
+Choose a number from below, or type in your own value 1 / Pass any hash
+supported by wrapped remote for non-chunked files, return nothing
+otherwise \ \[dq]none\[dq] 2 / MD5 for composite files \ \[dq]md5\[dq] 3
+/ SHA1 for composite files \ \[dq]sha1\[dq] 4 / MD5 for all files
+\ \[dq]md5all\[dq] 5 / SHA1 for all files \ \[dq]sha1all\[dq] 6 /
+Copying a file to chunker will request MD5 from the source falling back
+to SHA1 if unsupported \ \[dq]md5quick\[dq] 7 / Similar to
+\[dq]md5quick\[dq] but prefers SHA1 over MD5 \ \[dq]sha1quick\[dq]
+hash_type> md5 Edit advanced config?
+(y/n) y) Yes n) No y/n> n Remote config -------------------- [overlay]
+type = chunker remote = remote:bucket chunk_size = 100M hash_type = md5
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
+.IP
+.nf
+\f[C]
+### Specifying the remote
+
+In normal use, make sure the remote has a \[ga]:\[ga] in. If you specify the remote
+without a \[ga]:\[ga] then rclone will use a local directory of that name.
+So if you use a remote of \[ga]/path/to/secret/files\[ga] then rclone will
+chunk stuff in that directory. If you use a remote of \[ga]name\[ga] then rclone
+will put files in a directory called \[ga]name\[ga] in the current directory.
+
+
+### Chunking
+
+When rclone starts a file upload, chunker checks the file size. If it
+doesn\[aq]t exceed the configured chunk size, chunker will just pass the file
+to the wrapped remote (however, see caveat below). If a file is large, chunker will transparently cut
+data in pieces with temporary names and stream them one by one, on the fly.
+Each data chunk will contain the specified number of bytes, except for the
+last one which may have less data. If file size is unknown in advance
+(this is called a streaming upload), chunker will internally create
+a temporary copy, record its size and repeat the above process.
+
 When upload completes, temporary chunk files are finally renamed.
 This scheme guarantees that operations can be run in parallel and look
 from outside as atomic.
-A similar method with hidden temporary chunks is used for other
-operations (copy/move/rename, etc.).
-If an operation fails, hidden chunks are normally destroyed, and the
-target composite file stays intact.
-.PP
+A similar method with hidden temporary chunks is used for other operations
+(copy/move/rename, etc.). If an operation fails, hidden chunks are normally
+destroyed, and the target composite file stays intact.
+
 When a composite file download is requested, chunker transparently
-assembles it by concatenating data chunks in order.
-As the split is trivial one could even manually concatenate data chunks
-together to obtain the original content.
-.PP
-When the \f[C]list\f[R] rclone command scans a directory on wrapped
-remote, the potential chunk files are accounted for, grouped and
-assembled into composite directory entries.
-Any temporary chunks are hidden.
-.PP
+assembles it by concatenating data chunks in order. As the split is trivial
+one could even manually concatenate data chunks together to obtain the
+original content.
+
+When the \[ga]list\[ga] rclone command scans a directory on wrapped remote,
+the potential chunk files are accounted for, grouped and assembled into
+composite directory entries. Any temporary chunks are hidden.
+
 List and other commands can sometimes come across composite files with
-missing or invalid chunks, e.g.
-shadowed by like-named directory or another file.
-This usually means that wrapped file system has been directly tampered
-with or damaged.
-If chunker detects a missing chunk it will by default print warning,
-skip the whole incomplete group of chunks but proceed with current
-command.
-You can set the \f[C]--chunker-fail-hard\f[R] flag to have commands
-abort with error message in such cases.
-.SS Chunk names
-.PP
-The default chunk name format is \f[C]*.rclone_chunk.###\f[R], hence by
-default chunk names are \f[C]BIG_FILE_NAME.rclone_chunk.001\f[R],
-\f[C]BIG_FILE_NAME.rclone_chunk.002\f[R] etc.
-You can configure another name format using the \f[C]name_format\f[R]
-configuration file option.
-The format uses asterisk \f[C]*\f[R] as a placeholder for the base file
-name and one or more consecutive hash characters \f[C]#\f[R] as a
-placeholder for sequential chunk number.
-There must be one and only one asterisk.
-The number of consecutive hash characters defines the minimum length of
-a string representing a chunk number.
+missing or invalid chunks, e.g. shadowed by like-named directory or
+another file. This usually means that wrapped file system has been directly
+tampered with or damaged. If chunker detects a missing chunk it will
+by default print warning, skip the whole incomplete group of chunks but
+proceed with current command.
+You can set the \[ga]--chunker-fail-hard\[ga] flag to have commands abort with
+error message in such cases.
+
+**Caveat**: As it is now, chunker will always create a temporary file in the 
+backend and then rename it, even if the file is below the chunk threshold.
+This will result in unnecessary API calls and can severely restrict throughput
+when handling transfers primarily composed of small files on some backends (e.g. Box).
+A workaround to this issue is to use chunker only for files above the chunk threshold
+via \[ga]--min-size\[ga] and then perform a separate call without chunker on the remaining
+files. 
+
+
+#### Chunk names
+
+The default chunk name format is \[ga]*.rclone_chunk.###\[ga], hence by default
+chunk names are \[ga]BIG_FILE_NAME.rclone_chunk.001\[ga],
+\[ga]BIG_FILE_NAME.rclone_chunk.002\[ga] etc. You can configure another name format
+using the \[ga]name_format\[ga] configuration file option. The format uses asterisk
+\[ga]*\[ga] as a placeholder for the base file name and one or more consecutive
+hash characters \[ga]#\[ga] as a placeholder for sequential chunk number.
+There must be one and only one asterisk. The number of consecutive hash
+characters defines the minimum length of a string representing a chunk number.
 If decimal chunk number has less digits than the number of hashes, it is
-left-padded by zeros.
-If the decimal string is longer, it is left intact.
-By default numbering starts from 1 but there is another option that
-allows user to start from 0, e.g.
-for compatibility with legacy software.
-.PP
-For example, if name format is \f[C]big_*-##.part\f[R] and original file
-name is \f[C]data.txt\f[R] and numbering starts from 0, then the first
-chunk will be named \f[C]big_data.txt-00.part\f[R], the 99th chunk will
-be \f[C]big_data.txt-98.part\f[R] and the 302nd chunk will become
-\f[C]big_data.txt-301.part\f[R].
-.PP
-Note that \f[C]list\f[R] assembles composite directory entries only when
-chunk names match the configured format and treats non-conforming file
-names as normal non-chunked files.
-.PP
-When using \f[C]norename\f[R] transactions, chunk names will
-additionally have a unique file version suffix.
-For example, \f[C]BIG_FILE_NAME.rclone_chunk.001_bp562k\f[R].
-.SS Metadata
-.PP
-Besides data chunks chunker will by default create metadata object for a
-composite file.
-The object is named after the original file.
-Chunker allows user to disable metadata completely (the \f[C]none\f[R]
-format).
+left-padded by zeros. If the decimal string is longer, it is left intact.
+By default numbering starts from 1 but there is another option that allows
+user to start from 0, e.g. for compatibility with legacy software.
+
+For example, if name format is \[ga]big_*-##.part\[ga] and original file name is
+\[ga]data.txt\[ga] and numbering starts from 0, then the first chunk will be named
+\[ga]big_data.txt-00.part\[ga], the 99th chunk will be \[ga]big_data.txt-98.part\[ga]
+and the 302nd chunk will become \[ga]big_data.txt-301.part\[ga].
+
+Note that \[ga]list\[ga] assembles composite directory entries only when chunk names
+match the configured format and treats non-conforming file names as normal
+non-chunked files.
+
+When using \[ga]norename\[ga] transactions, chunk names will additionally have a unique
+file version suffix. For example, \[ga]BIG_FILE_NAME.rclone_chunk.001_bp562k\[ga].
+
+
+### Metadata
+
+Besides data chunks chunker will by default create metadata object for
+a composite file. The object is named after the original file.
+Chunker allows user to disable metadata completely (the \[ga]none\[ga] format).
 Note that metadata is normally not created for files smaller than the
-configured chunk size.
-This may change in future rclone releases.
-.SS Simple JSON metadata format
-.PP
-This is the default format.
-It supports hash sums and chunk validation for composite files.
-Meta objects carry the following fields:
-.IP \[bu] 2
-\f[C]ver\f[R] - version of format, currently \f[C]1\f[R]
-.IP \[bu] 2
-\f[C]size\f[R] - total size of composite file
-.IP \[bu] 2
-\f[C]nchunks\f[R] - number of data chunks in file
-.IP \[bu] 2
-\f[C]md5\f[R] - MD5 hashsum of composite file (if present)
-.IP \[bu] 2
-\f[C]sha1\f[R] - SHA1 hashsum (if present)
-.IP \[bu] 2
-\f[C]txn\f[R] - identifies current version of the file
-.PP
-There is no field for composite file name as it\[aq]s simply equal to
-the name of meta object on the wrapped remote.
-Please refer to respective sections for details on hashsums and modified
-time handling.
-.SS No metadata
-.PP
-You can disable meta objects by setting the meta format option to
-\f[C]none\f[R].
+configured chunk size. This may change in future rclone releases.
+
+#### Simple JSON metadata format
+
+This is the default format. It supports hash sums and chunk validation
+for composite files. Meta objects carry the following fields:
+
+- \[ga]ver\[ga]     - version of format, currently \[ga]1\[ga]
+- \[ga]size\[ga]    - total size of composite file
+- \[ga]nchunks\[ga] - number of data chunks in file
+- \[ga]md5\[ga]     - MD5 hashsum of composite file (if present)
+- \[ga]sha1\[ga]    - SHA1 hashsum (if present)
+- \[ga]txn\[ga]     - identifies current version of the file
+
+There is no field for composite file name as it\[aq]s simply equal to the name
+of meta object on the wrapped remote. Please refer to respective sections
+for details on hashsums and modified time handling.
+
+#### No metadata
+
+You can disable meta objects by setting the meta format option to \[ga]none\[ga].
 In this mode chunker will scan directory for all files that follow
-configured chunk name format, group them by detecting chunks with the
-same base name and show group names as virtual composite files.
+configured chunk name format, group them by detecting chunks with the same
+base name and show group names as virtual composite files.
 This method is more prone to missing chunk errors (especially missing
 last chunk) than format with metadata enabled.
-.SS Hashsums
-.PP
+
+
+### Hashsums
+
 Chunker supports hashsums only when a compatible metadata is present.
-Hence, if you choose metadata format of \f[C]none\f[R], chunker will
-report hashsum as \f[C]UNSUPPORTED\f[R].
-.PP
+Hence, if you choose metadata format of \[ga]none\[ga], chunker will report hashsum
+as \[ga]UNSUPPORTED\[ga].
+
 Please note that by default metadata is stored only for composite files.
-If a file is smaller than configured chunk size, chunker will
-transparently redirect hash requests to wrapped remote, so support
-depends on that.
+If a file is smaller than configured chunk size, chunker will transparently
+redirect hash requests to wrapped remote, so support depends on that.
 You will see the empty string as a hashsum of requested type for small
 files if the wrapped remote doesn\[aq]t support it.
-.PP
+
 Many storage backends support MD5 and SHA1 hash types, so does chunker.
 With chunker you can choose one or another but not both.
 MD5 is set by default as the most supported type.
 Since chunker keeps hashes for composite files and falls back to the
-wrapped remote hash for non-chunked ones, we advise you to choose the
-same hash type as supported by wrapped remote so that your file listings
+wrapped remote hash for non-chunked ones, we advise you to choose the same
+hash type as supported by wrapped remote so that your file listings
 look coherent.
-.PP
-If your storage backend does not support MD5 or SHA1 but you need
-consistent file hashing, configure chunker with \f[C]md5all\f[R] or
-\f[C]sha1all\f[R].
-These two modes guarantee given hash for all files.
-If wrapped remote doesn\[aq]t support it, chunker will then add metadata
-to all files, even small.
-However, this can double the amount of small files in storage and incur
-additional service charges.
+
+If your storage backend does not support MD5 or SHA1 but you need consistent
+file hashing, configure chunker with \[ga]md5all\[ga] or \[ga]sha1all\[ga]. These two modes
+guarantee given hash for all files. If wrapped remote doesn\[aq]t support it,
+chunker will then add metadata to all files, even small. However, this can
+double the amount of small files in storage and incur additional service charges.
 You can even use chunker to force md5/sha1 support in any other remote
-at expense of sidecar meta objects by setting e.g.
-\f[C]chunk_type=sha1all\f[R] to force hashsums and
-\f[C]chunk_size=1P\f[R] to effectively disable chunking.
-.PP
+at expense of sidecar meta objects by setting e.g. \[ga]hash_type=sha1all\[ga]
+to force hashsums and \[ga]chunk_size=1P\[ga] to effectively disable chunking.
+
 Normally, when a file is copied to chunker controlled remote, chunker
-will ask the file source for compatible file hash and revert to
-on-the-fly calculation if none is found.
-This involves some CPU overhead but provides a guarantee that given
-hashsum is available.
-Also, chunker will reject a server-side copy or move operation if source
-and destination hashsum types are different resulting in the extra
-network bandwidth, too.
-In some rare cases this may be undesired, so chunker provides two
-optional choices: \f[C]sha1quick\f[R] and \f[C]md5quick\f[R].
-If the source does not support primary hash type and the quick mode is
-enabled, chunker will try to fall back to the secondary type.
-This will save CPU and bandwidth but can result in empty hashsums at
-destination.
-Beware of consequences: the \f[C]sync\f[R] command will revert
-(sometimes silently) to time/size comparison if compatible hashsums
+will ask the file source for compatible file hash and revert to on-the-fly
+calculation if none is found. This involves some CPU overhead but provides
+a guarantee that given hashsum is available. Also, chunker will reject
+a server-side copy or move operation if source and destination hashsum
+types are different resulting in the extra network bandwidth, too.
+In some rare cases this may be undesired, so chunker provides two optional
+choices: \[ga]sha1quick\[ga] and \[ga]md5quick\[ga]. If the source does not support primary
+hash type and the quick mode is enabled, chunker will try to fall back to
+the secondary type. This will save CPU and bandwidth but can result in empty
+hashsums at destination. Beware of consequences: the \[ga]sync\[ga] command will
+revert (sometimes silently) to time/size comparison if compatible hashsums
 between source and target are not found.
-.SS Modified time
-.PP
+
+
+### Modification times
+
 Chunker stores modification times using the wrapped remote so support
-depends on that.
-For a small non-chunked file the chunker overlay simply manipulates
-modification time of the wrapped remote file.
-For a composite file with metadata chunker will get and set modification
-time of the metadata object on the wrapped remote.
-If file is chunked but metadata format is \f[C]none\f[R] then chunker
-will use modification time of the first data chunk.
-.SS Migrations
-.PP
-The idiomatic way to migrate to a different chunk size, hash type,
-transaction style or chunk naming scheme is to:
-.IP \[bu] 2
-Collect all your chunked files under a directory and have your chunker
-remote point to it.
-.IP \[bu] 2
-Create another directory (most probably on the same cloud storage) and
-configure a new remote with desired metadata format, hash type, chunk
-naming etc.
-.IP \[bu] 2
-Now run \f[C]rclone sync --interactive oldchunks: newchunks:\f[R] and
-all your data will be transparently converted in transfer.
-This may take some time, yet chunker will try server-side copy if
-possible.
-.IP \[bu] 2
-After checking data integrity you may remove configuration section of
-the old remote.
-.PP
+depends on that. For a small non-chunked file the chunker overlay simply
+manipulates modification time of the wrapped remote file.
+For a composite file with metadata chunker will get and set
+modification time of the metadata object on the wrapped remote.
+If file is chunked but metadata format is \[ga]none\[ga] then chunker will
+use modification time of the first data chunk.
+
+
+### Migrations
+
+The idiomatic way to migrate to a different chunk size, hash type, transaction
+style or chunk naming scheme is to:
+
+- Collect all your chunked files under a directory and have your
+  chunker remote point to it.
+- Create another directory (most probably on the same cloud storage)
+  and configure a new remote with desired metadata format,
+  hash type, chunk naming etc.
+- Now run \[ga]rclone sync --interactive oldchunks: newchunks:\[ga] and all your data
+  will be transparently converted in transfer.
+  This may take some time, yet chunker will try server-side
+  copy if possible.
+- After checking data integrity you may remove configuration section
+  of the old remote.
+
 If rclone gets killed during a long operation on a big composite file,
-hidden temporary chunks may stay in the directory.
-They will not be shown by the \f[C]list\f[R] command but will eat up
-your account quota.
-Please note that the \f[C]deletefile\f[R] command deletes only active
-chunks of a file.
-As a workaround, you can use remote of the wrapped file system to see
-them.
+hidden temporary chunks may stay in the directory. They will not be
+shown by the \[ga]list\[ga] command but will eat up your account quota.
+Please note that the \[ga]deletefile\[ga] command deletes only active
+chunks of a file. As a workaround, you can use remote of the wrapped
+file system to see them.
 An easy way to get rid of hidden garbage is to copy littered directory
 somewhere using the chunker remote and purge the original directory.
-The \f[C]copy\f[R] command will copy only active chunks while the
-\f[C]purge\f[R] will remove everything including garbage.
-.SS Caveats and Limitations
-.PP
-Chunker requires wrapped remote to support server-side \f[C]move\f[R]
-(or \f[C]copy\f[R] + \f[C]delete\f[R]) operations, otherwise it will
-explicitly refuse to start.
-This is because it internally renames temporary chunk files to their
-final names when an operation completes successfully.
-.PP
-Chunker encodes chunk number in file name, so with default
-\f[C]name_format\f[R] setting it adds 17 characters.
-Also chunker adds 7 characters of temporary suffix during operations.
-Many file systems limit base file name without path by 255 characters.
-Using rclone\[aq]s crypt remote as a base file system limits file name
-by 143 characters.
-Thus, maximum name length is 231 for most files and 119 for
-chunker-over-crypt.
-A user in need can change name format to e.g.
-\f[C]*.rcc##\f[R] and save 10 characters (provided at most 99 chunks per
-file).
-.PP
+The \[ga]copy\[ga] command will copy only active chunks while the \[ga]purge\[ga] will
+remove everything including garbage.
+
+
+### Caveats and Limitations
+
+Chunker requires wrapped remote to support server-side \[ga]move\[ga] (or \[ga]copy\[ga] +
+\[ga]delete\[ga]) operations, otherwise it will explicitly refuse to start.
+This is because it internally renames temporary chunk files to their final
+names when an operation completes successfully.
+
+Chunker encodes chunk number in file name, so with default \[ga]name_format\[ga]
+setting it adds 17 characters. Also chunker adds 7 characters of temporary
+suffix during operations. Many file systems limit base file name without path
+by 255 characters. Using rclone\[aq]s crypt remote as a base file system limits
+file name by 143 characters. Thus, maximum name length is 231 for most files
+and 119 for chunker-over-crypt. A user in need can change name format to
+e.g. \[ga]*.rcc##\[ga] and save 10 characters (provided at most 99 chunks per file).
+
 Note that a move implemented using the copy-and-delete method may incur
 double charging with some cloud storage providers.
-.PP
+
 Chunker will not automatically rename existing chunks when you run
-\f[C]rclone config\f[R] on a live remote and change the chunk name
-format.
-Beware that in result of this some files which have been treated as
-chunks before the change can pop up in directory listings as normal
-files and vice versa.
-The same warning holds for the chunk size.
+\[ga]rclone config\[ga] on a live remote and change the chunk name format.
+Beware that in result of this some files which have been treated as chunks
+before the change can pop up in directory listings as normal files
+and vice versa. The same warning holds for the chunk size.
 If you desperately need to change critical chunking settings, you should
 run data migration as described above.
-.PP
+
 If wrapped remote is case insensitive, the chunker overlay will inherit
-that property (so you can\[aq]t have a file called \[dq]Hello.doc\[dq]
-and \[dq]hello.doc\[dq] in the same directory).
-.PP
-Chunker included in rclone releases up to \f[C]v1.54\f[R] can sometimes
-fail to detect metadata produced by recent versions of rclone.
-We recommend users to keep rclone up-to-date to avoid data corruption.
-.PP
-Changing \f[C]transactions\f[R] is dangerous and requires explicit
-migration.
-.SS Standard options
-.PP
-Here are the Standard options specific to chunker (Transparently
-chunk/split large files).
-.SS --chunker-remote
-.PP
+that property (so you can\[aq]t have a file called \[dq]Hello.doc\[dq] and \[dq]hello.doc\[dq]
+in the same directory).
+
+Chunker included in rclone releases up to \[ga]v1.54\[ga] can sometimes fail to
+detect metadata produced by recent versions of rclone. We recommend users
+to keep rclone up-to-date to avoid data corruption.
+
+Changing \[ga]transactions\[ga] is dangerous and requires explicit migration.
+
+
+### Standard options
+
+Here are the Standard options specific to chunker (Transparently chunk/split large files).
+
+#### --chunker-remote
+
 Remote to chunk/unchunk.
-.PP
-Normally should contain a \[aq]:\[aq] and a path, e.g.
-\[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq] or maybe
-\[dq]myremote:\[dq] (not recommended).
-.PP
+
+Normally should contain a \[aq]:\[aq] and a path, e.g. \[dq]myremote:path/to/dir\[dq],
+\[dq]myremote:bucket\[dq] or maybe \[dq]myremote:\[dq] (not recommended).
+
 Properties:
-.IP \[bu] 2
-Config: remote
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_REMOTE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --chunker-chunk-size
-.PP
+
+- Config:      remote
+- Env Var:     RCLONE_CHUNKER_REMOTE
+- Type:        string
+- Required:    true
+
+#### --chunker-chunk-size
+
 Files larger than chunk size will be split in chunks.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 2Gi
-.SS --chunker-hash-type
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_CHUNKER_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     2Gi
+
+#### --chunker-hash-type
+
 Choose how chunker handles hash sums.
-.PP
+
 All modes but \[dq]none\[dq] require metadata.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: hash_type
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_HASH_TYPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]md5\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]none\[dq]
-.RS 2
-.IP \[bu] 2
-Pass any hash supported by wrapped remote for non-chunked files.
-.IP \[bu] 2
-Return nothing otherwise.
-.RE
-.IP \[bu] 2
-\[dq]md5\[dq]
-.RS 2
-.IP \[bu] 2
-MD5 for composite files.
-.RE
-.IP \[bu] 2
-\[dq]sha1\[dq]
-.RS 2
-.IP \[bu] 2
-SHA1 for composite files.
-.RE
-.IP \[bu] 2
-\[dq]md5all\[dq]
-.RS 2
-.IP \[bu] 2
-MD5 for all files.
-.RE
-.IP \[bu] 2
-\[dq]sha1all\[dq]
-.RS 2
-.IP \[bu] 2
-SHA1 for all files.
-.RE
-.IP \[bu] 2
-\[dq]md5quick\[dq]
-.RS 2
-.IP \[bu] 2
-Copying a file to chunker will request MD5 from the source.
-.IP \[bu] 2
-Falling back to SHA1 if unsupported.
-.RE
-.IP \[bu] 2
-\[dq]sha1quick\[dq]
-.RS 2
-.IP \[bu] 2
-Similar to \[dq]md5quick\[dq] but prefers SHA1 over MD5.
-.RE
-.RE
-.SS Advanced options
-.PP
-Here are the Advanced options specific to chunker (Transparently
-chunk/split large files).
-.SS --chunker-name-format
-.PP
+
+- Config:      hash_type
+- Env Var:     RCLONE_CHUNKER_HASH_TYPE
+- Type:        string
+- Default:     \[dq]md5\[dq]
+- Examples:
+    - \[dq]none\[dq]
+        - Pass any hash supported by wrapped remote for non-chunked files.
+        - Return nothing otherwise.
+    - \[dq]md5\[dq]
+        - MD5 for composite files.
+    - \[dq]sha1\[dq]
+        - SHA1 for composite files.
+    - \[dq]md5all\[dq]
+        - MD5 for all files.
+    - \[dq]sha1all\[dq]
+        - SHA1 for all files.
+    - \[dq]md5quick\[dq]
+        - Copying a file to chunker will request MD5 from the source.
+        - Falling back to SHA1 if unsupported.
+    - \[dq]sha1quick\[dq]
+        - Similar to \[dq]md5quick\[dq] but prefers SHA1 over MD5.
+
+### Advanced options
+
+Here are the Advanced options specific to chunker (Transparently chunk/split large files).
+
+#### --chunker-name-format
+
 String format of chunk file names.
-.PP
+
 The two placeholders are: base file name (*) and chunk number (#...).
-There must be one and only one asterisk and one or more consecutive hash
-characters.
-If chunk number has less digits than the number of hashes, it is
-left-padded by zeros.
+There must be one and only one asterisk and one or more consecutive hash characters.
+If chunk number has less digits than the number of hashes, it is left-padded by zeros.
 If there are more digits in the number, they are left as is.
-Possible chunk files are ignored if their name does not match given
-format.
-.PP
+Possible chunk files are ignored if their name does not match given format.
+
 Properties:
-.IP \[bu] 2
-Config: name_format
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_NAME_FORMAT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]*.rclone_chunk.###\[dq]
-.SS --chunker-start-from
-.PP
-Minimum valid chunk number.
-Usually 0 or 1.
-.PP
+
+- Config:      name_format
+- Env Var:     RCLONE_CHUNKER_NAME_FORMAT
+- Type:        string
+- Default:     \[dq]*.rclone_chunk.###\[dq]
+
+#### --chunker-start-from
+
+Minimum valid chunk number. Usually 0 or 1.
+
 By default chunk numbers start from 1.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: start_from
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_START_FROM
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 1
-.SS --chunker-meta-format
-.PP
+
+- Config:      start_from
+- Env Var:     RCLONE_CHUNKER_START_FROM
+- Type:        int
+- Default:     1
+
+#### --chunker-meta-format
+
 Format of the metadata object or \[dq]none\[dq].
-.PP
+
 By default \[dq]simplejson\[dq].
 Metadata is a small JSON file named after the composite file.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: meta_format
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_META_FORMAT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]simplejson\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]none\[dq]
-.RS 2
-.IP \[bu] 2
-Do not use metadata files at all.
-.IP \[bu] 2
-Requires hash type \[dq]none\[dq].
-.RE
-.IP \[bu] 2
-\[dq]simplejson\[dq]
-.RS 2
-.IP \[bu] 2
-Simple JSON supports hash sums and chunk validation.
-.IP \[bu] 2
-It has the following fields: ver, size, nchunks, md5, sha1.
-.RE
-.RE
-.SS --chunker-fail-hard
-.PP
+
+- Config:      meta_format
+- Env Var:     RCLONE_CHUNKER_META_FORMAT
+- Type:        string
+- Default:     \[dq]simplejson\[dq]
+- Examples:
+    - \[dq]none\[dq]
+        - Do not use metadata files at all.
+        - Requires hash type \[dq]none\[dq].
+    - \[dq]simplejson\[dq]
+        - Simple JSON supports hash sums and chunk validation.
+        - 
+        - It has the following fields: ver, size, nchunks, md5, sha1.
+
+#### --chunker-fail-hard
+
 Choose how chunker should handle files with missing or invalid chunks.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: fail_hard
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_FAIL_HARD
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Report errors and abort current command.
-.RE
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Warn user, skip incomplete file and proceed.
-.RE
-.RE
-.SS --chunker-transactions
-.PP
+
+- Config:      fail_hard
+- Env Var:     RCLONE_CHUNKER_FAIL_HARD
+- Type:        bool
+- Default:     false
+- Examples:
+    - \[dq]true\[dq]
+        - Report errors and abort current command.
+    - \[dq]false\[dq]
+        - Warn user, skip incomplete file and proceed.
+
+#### --chunker-transactions
+
 Choose how chunker should handle temporary files during transactions.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: transactions
-.IP \[bu] 2
-Env Var: RCLONE_CHUNKER_TRANSACTIONS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]rename\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]rename\[dq]
-.RS 2
-.IP \[bu] 2
-Rename temporary files after a successful transaction.
-.RE
-.IP \[bu] 2
-\[dq]norename\[dq]
-.RS 2
-.IP \[bu] 2
-Leave temporary file names and write transaction ID to metadata file.
-.IP \[bu] 2
-Metadata is required for no rename transactions (meta format cannot be
-\[dq]none\[dq]).
-.IP \[bu] 2
-If you are using norename transactions you should be careful not to
-downgrade Rclone
-.IP \[bu] 2
-as older versions of Rclone don\[aq]t support this transaction style and
-will misinterpret
-.IP \[bu] 2
-files manipulated by norename transactions.
-.IP \[bu] 2
-This method is EXPERIMENTAL, don\[aq]t use on production systems.
-.RE
-.IP \[bu] 2
-\[dq]auto\[dq]
-.RS 2
-.IP \[bu] 2
-Rename or norename will be used depending on capabilities of the
-backend.
-.IP \[bu] 2
-If meta format is set to \[dq]none\[dq], rename transactions will always
-be used.
-.IP \[bu] 2
-This method is EXPERIMENTAL, don\[aq]t use on production systems.
-.RE
-.RE
-.SH Citrix ShareFile
-.PP
-Citrix ShareFile (https://sharefile.com) is a secure file sharing and
-transfer service aimed as business.
-.SS Configuration
-.PP
+
+- Config:      transactions
+- Env Var:     RCLONE_CHUNKER_TRANSACTIONS
+- Type:        string
+- Default:     \[dq]rename\[dq]
+- Examples:
+    - \[dq]rename\[dq]
+        - Rename temporary files after a successful transaction.
+    - \[dq]norename\[dq]
+        - Leave temporary file names and write transaction ID to metadata file.
+        - Metadata is required for no rename transactions (meta format cannot be \[dq]none\[dq]).
+        - If you are using norename transactions you should be careful not to downgrade Rclone
+        - as older versions of Rclone don\[aq]t support this transaction style and will misinterpret
+        - files manipulated by norename transactions.
+        - This method is EXPERIMENTAL, don\[aq]t use on production systems.
+    - \[dq]auto\[dq]
+        - Rename or norename will be used depending on capabilities of the backend.
+        - If meta format is set to \[dq]none\[dq], rename transactions will always be used.
+        - This method is EXPERIMENTAL, don\[aq]t use on production systems.
+
+
+
+#  Citrix ShareFile
+
+[Citrix ShareFile](https://sharefile.com) is a secure file sharing and transfer service aimed as business.
+
+## Configuration
+
 The initial setup for Citrix ShareFile involves getting a token from
-Citrix ShareFile which you can in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-XX / Citrix Sharefile
-   \[rs] \[dq]sharefile\[dq]
-Storage> sharefile
-** See help for sharefile backend at: https://rclone.org/sharefile/ **
+Citrix ShareFile which you can in your browser.  \[ga]rclone config\[ga] walks you
+through it.
 
-ID of the root folder
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
 
-Leave blank to access \[dq]Personal Folders\[dq].  You can use one of the
-standard values here or any folder ID (long hex number ID).
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / Access the Personal Folders. (Default)
-   \[rs] \[dq]\[dq]
- 2 / Access the Favorites folder.
-   \[rs] \[dq]favorites\[dq]
- 3 / Access all the shared folders.
-   \[rs] \[dq]allshared\[dq]
- 4 / Access all the individual connectors.
-   \[rs] \[dq]connectors\[dq]
- 5 / Access the home, favorites, and shared folders as well as the connectors.
-   \[rs] \[dq]top\[dq]
-root_folder_id> 
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = sharefile
-endpoint = https://XXX.sharefile.com
-token = {\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2019-09-30T19:41:45.878561877+01:00\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Citrix ShareFile.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your ShareFile
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
-List all the files in your ShareFile
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
-To copy a local directory to an ShareFile directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Modified time and hashes
-.PP
-ShareFile allows modification times to be set on objects accurate to 1
-second.
-These will be used to detect whether objects need syncing or not.
-.PP
-ShareFile supports MD5 type hashes, so you can use the
-\f[C]--checksum\f[R] flag.
-.SS Transfers
-.PP
-For files above 128 MiB rclone will use a chunked transfer.
-Rclone will upload up to \f[C]--transfers\f[R] chunks at the same time
-(shared among all the multipart uploads).
-Chunks are buffered in memory and are normally 64 MiB so increasing
-\f[C]--transfers\f[R] will increase memory use.
-.SS Restricted filename characters
+     rclone config
+
+This will guide you through an interactive setup process:
+\f[R]
+.fi
 .PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value XX / Citrix
+Sharefile \ \[dq]sharefile\[dq] Storage> sharefile ** See help for
+sharefile backend at: https://rclone.org/sharefile/ **
 .PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-T{
-*
-T}@T{
-0x2A
-T}@T{
-\[uFF0A]
-T}
-T{
-<
-T}@T{
-0x3C
-T}@T{
-\[uFF1C]
-T}
-T{
->
-T}@T{
-0x3E
-T}@T{
-\[uFF1E]
-T}
-T{
-?
-T}@T{
-0x3F
-T}@T{
-\[uFF1F]
-T}
-T{
-:
-T}@T{
-0x3A
-T}@T{
-\[uFF1A]
-T}
-T{
-|
-T}@T{
-0x7C
-T}@T{
-\[uFF5C]
-T}
-T{
-\[dq]
-T}@T{
-0x22
-T}@T{
-\[uFF02]
-T}
-.TE
+ID of the root folder
 .PP
+Leave blank to access \[dq]Personal Folders\[dq].
+You can use one of the standard values here or any folder ID (long hex
+number ID).
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / Access the
+Personal Folders.
+(Default) \ \[dq]\[dq] 2 / Access the Favorites folder.
+\ \[dq]favorites\[dq] 3 / Access all the shared folders.
+\ \[dq]allshared\[dq] 4 / Access all the individual connectors.
+\ \[dq]connectors\[dq] 5 / Access the home, favorites, and shared
+folders as well as the connectors.
+\ \[dq]top\[dq] root_folder_id> Edit advanced config?
+(y/n) y) Yes n) No y/n> n Remote config Use web browser to automatically
+authenticate rclone with remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y) Yes n) No y/n> y If your browser doesn\[aq]t open automatically go to
+the following link: http://127.0.0.1:53682/auth?state=XXX Log in and
+authorize rclone for access Waiting for code...
+Got code -------------------- [remote] type = sharefile endpoint =
+https://XXX.sharefile.com token =
+{\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2019-09-30T19:41:45.878561877+01:00\[dq]}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
+.IP
+.nf
+\f[C]
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Citrix ShareFile. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on \[ga]http://127.0.0.1:53682/\[ga] and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your ShareFile
+
+    rclone lsd remote:
+
+List all the files in your ShareFile
+
+    rclone ls remote:
+
+To copy a local directory to an ShareFile directory called backup
+
+    rclone copy /home/source remote:backup
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+### Modification times and hashes
+
+ShareFile allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
+
+ShareFile supports MD5 type hashes, so you can use the \[ga]--checksum\[ga]
+flag.
+
+### Transfers
+
+For files above 128 MiB rclone will use a chunked transfer.  Rclone will
+upload up to \[ga]--transfers\[ga] chunks at the same time (shared among all
+the multipart uploads).  Chunks are buffered in memory and are
+normally 64 MiB so increasing \[ga]--transfers\[ga] will increase memory use.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[rs]\[rs]        | 0x5C  | \[uFF3C]           |
+| *         | 0x2A  | \[uFF0A]           |
+| <         | 0x3C  | \[uFF1C]           |
+| >         | 0x3E  | \[uFF1E]           |
+| ?         | 0x3F  | \[uFF1F]           |
+| :         | 0x3A  | \[uFF1A]           |
+| \[rs]|        | 0x7C  | \[uFF5C]           |
+| \[dq]         | 0x22  | \[uFF02]           |
+
 File names can also not start or end with the following characters.
 These only get replaced if they are the first or last character in the
 name:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-SP
-T}@T{
-0x20
-T}@T{
-\[u2420]
-T}
-T{
-\&.
-T}@T{
-0x2E
-T}@T{
-\[uFF0E]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | \[u2420]           |
+| .         | 0x2E  | \[uFF0E]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
 Here are the Standard options specific to sharefile (Citrix Sharefile).
-.SS --sharefile-root-folder-id
-.PP
+
+#### --sharefile-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_SHAREFILE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --sharefile-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_SHAREFILE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --sharefile-root-folder-id
+
 ID of the root folder.
-.PP
-Leave blank to access \[dq]Personal Folders\[dq].
-You can use one of the standard values here or any folder ID (long hex
-number ID).
-.PP
+
+Leave blank to access \[dq]Personal Folders\[dq].  You can use one of the
+standard values here or any folder ID (long hex number ID).
+
 Properties:
-.IP \[bu] 2
-Config: root_folder_id
-.IP \[bu] 2
-Env Var: RCLONE_SHAREFILE_ROOT_FOLDER_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Access the Personal Folders (default).
-.RE
-.IP \[bu] 2
-\[dq]favorites\[dq]
-.RS 2
-.IP \[bu] 2
-Access the Favorites folder.
-.RE
-.IP \[bu] 2
-\[dq]allshared\[dq]
-.RS 2
-.IP \[bu] 2
-Access all the shared folders.
-.RE
-.IP \[bu] 2
-\[dq]connectors\[dq]
-.RS 2
-.IP \[bu] 2
-Access all the individual connectors.
-.RE
-.IP \[bu] 2
-\[dq]top\[dq]
-.RS 2
-.IP \[bu] 2
-Access the home, favorites, and shared folders as well as the
-connectors.
-.RE
-.RE
-.SS Advanced options
-.PP
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_SHAREFILE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - Access the Personal Folders (default).
+    - \[dq]favorites\[dq]
+        - Access the Favorites folder.
+    - \[dq]allshared\[dq]
+        - Access all the shared folders.
+    - \[dq]connectors\[dq]
+        - Access all the individual connectors.
+    - \[dq]top\[dq]
+        - Access the home, favorites, and shared folders as well as the connectors.
+
+### Advanced options
+
 Here are the Advanced options specific to sharefile (Citrix Sharefile).
-.SS --sharefile-upload-cutoff
-.PP
+
+#### --sharefile-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_SHAREFILE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --sharefile-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_SHAREFILE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --sharefile-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_SHAREFILE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --sharefile-upload-cutoff
+
 Cutoff for switching to multipart upload.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_SHAREFILE_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 128Mi
-.SS --sharefile-chunk-size
-.PP
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_SHAREFILE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     128Mi
+
+#### --sharefile-chunk-size
+
 Upload chunk size.
-.PP
+
 Must a power of 2 >= 256k.
-.PP
-Making this larger will improve performance, but note that each chunk is
-buffered in memory one per transfer.
-.PP
+
+Making this larger will improve performance, but note that each chunk
+is buffered in memory one per transfer.
+
 Reducing this will reduce memory usage but decrease performance.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_SHAREFILE_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 64Mi
-.SS --sharefile-endpoint
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_SHAREFILE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     64Mi
+
+#### --sharefile-endpoint
+
 Endpoint for API calls.
-.PP
-This is usually auto discovered as part of the oauth process, but can be
-set manually to something like: https://XXX.sharefile.com
-.PP
+
+This is usually auto discovered as part of the oauth process, but can
+be set manually to something like: https://XXX.sharefile.com
+
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_SHAREFILE_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --sharefile-encoding
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_SHAREFILE_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --sharefile-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_SHAREFILE_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default:
-Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
-.SS Limitations
-.PP
-Note that ShareFile is case insensitive so you can\[aq]t have a file
-called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_SHAREFILE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+
+## Limitations
+
+Note that ShareFile is case insensitive so you can\[aq]t have a file called
+\[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
+
 ShareFile only supports filenames up to 256 characters in length.
-.PP
-\f[C]rclone about\f[R] is not supported by the Citrix ShareFile backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Crypt
-.PP
-Rclone \f[C]crypt\f[R] remotes encrypt and decrypt other remotes.
-.PP
-A remote of type \f[C]crypt\f[R] does not access a storage
-system (https://rclone.org/overview/) directly, but instead wraps
-another remote, which in turn accesses the storage system.
-This is similar to how alias (https://rclone.org/alias/),
-union (https://rclone.org/union/), chunker (https://rclone.org/chunker/)
-and a few others work.
-It makes the usage very flexible, as you can add a layer, in this case
-an encryption layer, on top of any other backend, even in multiple
-layers.
-Rclone\[aq]s functionality can be used as with any other remote, for
-example you can mount (https://rclone.org/commands/rclone_mount/) a
-crypt remote.
-.PP
+
+\[ga]rclone about\[ga] is not supported by the Citrix ShareFile backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Crypt
+
+Rclone \[ga]crypt\[ga] remotes encrypt and decrypt other remotes.
+
+A remote of type \[ga]crypt\[ga] does not access a [storage system](https://rclone.org/overview/)
+directly, but instead wraps another remote, which in turn accesses
+the storage system. This is similar to how [alias](https://rclone.org/alias/),
+[union](https://rclone.org/union/), [chunker](https://rclone.org/chunker/)
+and a few others work. It makes the usage very flexible, as you can
+add a layer, in this case an encryption layer, on top of any other
+backend, even in multiple layers. Rclone\[aq]s functionality
+can be used as with any other remote, for example you can
+[mount](https://rclone.org/commands/rclone_mount/) a crypt remote.
+
 Accessing a storage system through a crypt remote realizes client-side
 encryption, which makes it safe to keep your data in a location you do
 not trust will not get compromised.
-When working against the \f[C]crypt\f[R] remote, rclone will
-automatically encrypt (before uploading) and decrypt (after downloading)
-on your local system as needed on the fly, leaving the data encrypted at
-rest in the wrapped remote.
-If you access the storage system using an application other than rclone,
-or access the wrapped remote directly using rclone, there will not be
-any encryption/decryption: Downloading existing content will just give
-you the encrypted (scrambled) format, and anything you upload will
-\f[I]not\f[R] become encrypted.
-.PP
-The encryption is a secret-key encryption (also called symmetric key
-encryption) algorithm, where a password (or pass phrase) is used to
-generate real encryption key.
+When working against the \[ga]crypt\[ga] remote, rclone will automatically
+encrypt (before uploading) and decrypt (after downloading) on your local
+system as needed on the fly, leaving the data encrypted at rest in the
+wrapped remote. If you access the storage system using an application
+other than rclone, or access the wrapped remote directly using rclone,
+there will not be any encryption/decryption: Downloading existing content
+will just give you the encrypted (scrambled) format, and anything you
+upload will *not* become encrypted.
+
+The encryption is a secret-key encryption (also called symmetric key encryption)
+algorithm, where a password (or pass phrase) is used to generate real encryption key.
 The password can be supplied by user, or you may chose to let rclone
-generate one.
-It will be stored in the configuration file, in a lightly obscured form.
-If you are in an environment where you are not able to keep your
-configuration secured, you should add configuration
-encryption (https://rclone.org/docs/#configuration-encryption) as
-protection.
-As long as you have this configuration file, you will be able to decrypt
-your data.
-Without the configuration file, as long as you remember the password (or
-keep it in a safe place), you can re-create the configuration and gain
-access to the existing data.
-You may also configure a corresponding remote in a different
-installation to access the same data.
-See below for guidance to changing password.
-.PP
-Encryption uses cryptographic
-salt (https://en.wikipedia.org/wiki/Salt_(cryptography)), to permute the
-encryption key so that the same string may be encrypted in different
-ways.
-When configuring the crypt remote it is optional to enter a salt, or to
-let rclone generate a unique salt.
-If omitted, rclone uses a built-in unique string.
-Normally in cryptography, the salt is stored together with the encrypted
-content, and do not have to be memorized by the user.
-This is not the case in rclone, because rclone does not store any
-additional information on the remotes.
-Use of custom salt is effectively a second password that must be
-memorized.
-.PP
-File content encryption is performed using NaCl
-SecretBox (https://godoc.org/golang.org/x/crypto/nacl/secretbox), based
-on XSalsa20 cipher and Poly1305 for integrity.
-Names (file- and directory names) are also encrypted by default, but
-this has some implications and is therefore possible to be turned off.
-.SS Configuration
-.PP
-Here is an example of how to make a remote called \f[C]secret\f[R].
-.PP
-To use \f[C]crypt\f[R], first set up the underlying remote.
-Follow the \f[C]rclone config\f[R] instructions for the specific
-backend.
-.PP
+generate one. It will be stored in the configuration file, in a lightly obscured form.
+If you are in an environment where you are not able to keep your configuration
+secured, you should add
+[configuration encryption](https://rclone.org/docs/#configuration-encryption)
+as protection. As long as you have this configuration file, you will be able to
+decrypt your data. Without the configuration file, as long as you remember
+the password (or keep it in a safe place), you can re-create the configuration
+and gain access to the existing data. You may also configure a corresponding
+remote in a different installation to access the same data.
+See below for guidance to [changing password](#changing-password).
+
+Encryption uses [cryptographic salt](https://en.wikipedia.org/wiki/Salt_(cryptography)),
+to permute the encryption key so that the same string may be encrypted in
+different ways. When configuring the crypt remote it is optional to enter a salt,
+or to let rclone generate a unique salt. If omitted, rclone uses a built-in unique string.
+Normally in cryptography, the salt is stored together with the encrypted content,
+and do not have to be memorized by the user. This is not the case in rclone,
+because rclone does not store any additional information on the remotes. Use of
+custom salt is effectively a second password that must be memorized.
+
+[File content](#file-encryption) encryption is performed using
+[NaCl SecretBox](https://godoc.org/golang.org/x/crypto/nacl/secretbox),
+based on XSalsa20 cipher and Poly1305 for integrity.
+[Names](#name-encryption) (file- and directory names) are also encrypted
+by default, but this has some implications and is therefore
+possible to be turned off.
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]secret\[ga].
+
+To use \[ga]crypt\[ga], first set up the underlying remote. Follow the
+\[ga]rclone config\[ga] instructions for the specific backend.
+
 Before configuring the crypt remote, check the underlying remote is
-working.
-In this example the underlying remote is called \f[C]remote\f[R].
-We will configure a path \f[C]path\f[R] within this remote to contain
-the encrypted content.
-Anything inside \f[C]remote:path\f[R] will be encrypted and anything
-outside will not.
-.PP
-Configure \f[C]crypt\f[R] using \f[C]rclone config\f[R].
-In this example the \f[C]crypt\f[R] remote is called \f[C]secret\f[R],
-to differentiate it from the underlying \f[C]remote\f[R].
-.PP
-When you are done you can use the crypt remote named \f[C]secret\f[R]
-just as you would with any other remote, e.g.
-\f[C]rclone copy D:\[rs]docs secret:\[rs]docs\f[R], and rclone will
-encrypt and decrypt as needed on the fly.
-If you access the wrapped remote \f[C]remote:path\f[R] directly you will
-bypass the encryption, and anything you read will be in encrypted form,
-and anything you write will be unencrypted.
-To avoid issues it is best to configure a dedicated path for encrypted
-content, and access it exclusively through a crypt remote.
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> secret
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Encrypt/Decrypt a remote
-   \[rs] \[dq]crypt\[dq]
-[snip]
-Storage> crypt
-** See help for crypt backend at: https://rclone.org/crypt/ **
+working. In this example the underlying remote is called \[ga]remote\[ga].
+We will configure a path \[ga]path\[ga] within this remote to contain the
+encrypted content. Anything inside \[ga]remote:path\[ga] will be encrypted
+and anything outside will not.
 
-Remote to encrypt/decrypt.
-Normally should contain a \[aq]:\[aq] and a path, eg \[dq]myremote:path/to/dir\[dq],
-\[dq]myremote:bucket\[dq] or maybe \[dq]myremote:\[dq] (not recommended).
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-remote> remote:path
-How to encrypt the filenames.
-Enter a string value. Press Enter for the default (\[dq]standard\[dq]).
-Choose a number from below, or type in your own value.
-   / Encrypt the filenames.
- 1 | See the docs for the details.
-   \[rs] \[dq]standard\[dq]
- 2 / Very simple filename obfuscation.
-   \[rs] \[dq]obfuscate\[dq]
-   / Don\[aq]t encrypt the file names.
- 3 | Adds a \[dq].bin\[dq] extension only.
-   \[rs] \[dq]off\[dq]
-filename_encryption>
-Option to either encrypt directory names or leave them intact.
+Configure \[ga]crypt\[ga] using \[ga]rclone config\[ga]. In this example the \[ga]crypt\[ga]
+remote is called \[ga]secret\[ga], to differentiate it from the underlying
+\[ga]remote\[ga].
 
-NB If filename_encryption is \[dq]off\[dq] then this option will do nothing.
-Enter a boolean value (true or false). Press Enter for the default (\[dq]true\[dq]).
-Choose a number from below, or type in your own value
- 1 / Encrypt directory names.
-   \[rs] \[dq]true\[dq]
- 2 / Don\[aq]t encrypt directory names, leave them intact.
-   \[rs] \[dq]false\[dq]
-directory_name_encryption>
-Password or pass phrase for encryption.
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Password or pass phrase for salt. Optional but recommended.
-Should be different to the previous password.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n> g
-Password strength in bits.
-64 is just about memorable
-128 is secure
-1024 is the maximum
-Bits> 128
-Your password is: JAsJvRcgR-_veXNfy_sGmQ
-Use this password? Please note that an obscured version of this
-password (and not the password itself) will be stored under your
-configuration file, so keep this generated password in a safe place.
-y) Yes (default)
-n) No
-y/n>
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n>
-Remote config
---------------------
-[secret]
-type = crypt
-remote = remote:path
-password = *** ENCRYPTED ***
-password2 = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d>
+When you are done you can use the crypt remote named \[ga]secret\[ga] just
+as you would with any other remote, e.g. \[ga]rclone copy D:\[rs]docs secret:\[rs]docs\[ga],
+and rclone will encrypt and decrypt as needed on the fly.
+If you access the wrapped remote \[ga]remote:path\[ga] directly you will bypass
+the encryption, and anything you read will be in encrypted form, and
+anything you write will be unencrypted. To avoid issues it is best to
+configure a dedicated path for encrypted content, and access it
+exclusively through a crypt remote.
 \f[R]
 .fi
 .PP
-\f[B]Important\f[R] The crypt password stored in \f[C]rclone.conf\f[R]
-is lightly obscured.
-That only protects it from cursory inspection.
-It is not secure unless configuration
-encryption (https://rclone.org/docs/#configuration-encryption) of
-\f[C]rclone.conf\f[R] is specified.
-.PP
-A long passphrase is recommended, or \f[C]rclone config\f[R] can
-generate a random one.
-.PP
-The obscured password is created using AES-CTR with a static key.
-The salt is stored verbatim at the beginning of the obscured password.
-This static key is shared between all versions of rclone.
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> secret Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX /
+Encrypt/Decrypt a remote \ \[dq]crypt\[dq] [snip] Storage> crypt ** See
+help for crypt backend at: https://rclone.org/crypt/ **
 .PP
-If you reconfigure rclone with the same passwords/passphrases elsewhere
-it will be compatible, but the obscured version will be different due to
-the different salt.
+Remote to encrypt/decrypt.
+Normally should contain a \[aq]:\[aq] and a path, eg
+\[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq] or maybe
+\[dq]myremote:\[dq] (not recommended).
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+remote> remote:path How to encrypt the filenames.
+Enter a string value.
+Press Enter for the default (\[dq]standard\[dq]).
+Choose a number from below, or type in your own value.
+/ Encrypt the filenames.
+1 | See the docs for the details.
+\ \[dq]standard\[dq] 2 / Very simple filename obfuscation.
+\ \[dq]obfuscate\[dq] / Don\[aq]t encrypt the file names.
+3 | Adds a \[dq].bin\[dq] extension only.
+\ \[dq]off\[dq] filename_encryption> Option to either encrypt directory
+names or leave them intact.
 .PP
+NB If filename_encryption is \[dq]off\[dq] then this option will do
+nothing.
+Enter a boolean value (true or false).
+Press Enter for the default (\[dq]true\[dq]).
+Choose a number from below, or type in your own value 1 / Encrypt
+directory names.
+\ \[dq]true\[dq] 2 / Don\[aq]t encrypt directory names, leave them
+intact.
+\ \[dq]false\[dq] directory_name_encryption> Password or pass phrase for
+encryption.
+y) Yes type in my own password g) Generate random password y/g> y Enter
+the password: password: Confirm the password: password: Password or pass
+phrase for salt.
+Optional but recommended.
+Should be different to the previous password.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank (default) y/g/n> g Password strength in
+bits.
+64 is just about memorable 128 is secure 1024 is the maximum Bits> 128
+Your password is: JAsJvRcgR-_veXNfy_sGmQ Use this password?
+Please note that an obscured version of this password (and not the
+password itself) will be stored under your configuration file, so keep
+this generated password in a safe place.
+y) Yes (default) n) No y/n> Edit advanced config?
+(y/n) y) Yes n) No (default) y/n> Remote config --------------------
+[secret] type = crypt remote = remote:path password = *** ENCRYPTED
+\f[B]\f[BI] password2 = \f[B]\f[R] ENCRYPTED *** -------------------- y)
+Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d>
+.IP
+.nf
+\f[C]
+**Important** The crypt password stored in \[ga]rclone.conf\[ga] is lightly
+obscured. That only protects it from cursory inspection. It is not
+secure unless [configuration encryption](https://rclone.org/docs/#configuration-encryption) of \[ga]rclone.conf\[ga] is specified.
+
+A long passphrase is recommended, or \[ga]rclone config\[ga] can generate a
+random one.
+
+The obscured password is created using AES-CTR with a static key. The
+salt is stored verbatim at the beginning of the obscured password. This
+static key is shared between all versions of rclone.
+
+If you reconfigure rclone with the same passwords/passphrases
+elsewhere it will be compatible, but the obscured version will be different
+due to the different salt.
+
 Rclone does not encrypt
-.IP \[bu] 2
-file length - this can be calculated within 16 bytes
-.IP \[bu] 2
-modification time - used for syncing
-.SS Specifying the remote
-.PP
+
+  * file length - this can be calculated within 16 bytes
+  * modification time - used for syncing
+
+### Specifying the remote
+
 When configuring the remote to encrypt/decrypt, you may specify any
 string that rclone accepts as a source/destination of other commands.
-.PP
+
 The primary use case is to specify the path into an already configured
-remote (e.g.
-\f[C]remote:path/to/dir\f[R] or \f[C]remote:bucket\f[R]), such that data
-in a remote untrusted location can be stored encrypted.
-.PP
+remote (e.g. \[ga]remote:path/to/dir\[ga] or \[ga]remote:bucket\[ga]), such that
+data in a remote untrusted location can be stored encrypted.
+
 You may also specify a local filesystem path, such as
-\f[C]/path/to/dir\f[R] on Linux, \f[C]C:\[rs]path\[rs]to\[rs]dir\f[R] on
-Windows.
-By creating a crypt remote pointing to such a local filesystem path, you
-can use rclone as a utility for pure local file encryption, for example
+\[ga]/path/to/dir\[ga] on Linux, \[ga]C:\[rs]path\[rs]to\[rs]dir\[ga] on Windows. By creating
+a crypt remote pointing to such a local filesystem path, you can
+use rclone as a utility for pure local file encryption, for example
 to keep encrypted files on a removable USB drive.
-.PP
-\f[B]Note\f[R]: A string which do not contain a \f[C]:\f[R] will by
-rclone be treated as a relative path in the local filesystem.
-For example, if you enter the name \f[C]remote\f[R] without the trailing
-\f[C]:\f[R], it will be treated as a subdirectory of the current
-directory with name \[dq]remote\[dq].
-.PP
-If a path \f[C]remote:path/to/dir\f[R] is specified, rclone stores
-encrypted files in \f[C]path/to/dir\f[R] on the remote.
-With file name encryption, files saved to
-\f[C]secret:subdir/subfile\f[R] are stored in the unencrypted path
-\f[C]path/to/dir\f[R] but the \f[C]subdir/subpath\f[R] element is
-encrypted.
-.PP
-The path you specify does not have to exist, rclone will create it when
-needed.
-.PP
+
+**Note**: A string which do not contain a \[ga]:\[ga] will by rclone be treated
+as a relative path in the local filesystem. For example, if you enter
+the name \[ga]remote\[ga] without the trailing \[ga]:\[ga], it will be treated as
+a subdirectory of the current directory with name \[dq]remote\[dq].
+
+If a path \[ga]remote:path/to/dir\[ga] is specified, rclone stores encrypted
+files in \[ga]path/to/dir\[ga] on the remote. With file name encryption, files
+saved to \[ga]secret:subdir/subfile\[ga] are stored in the unencrypted path
+\[ga]path/to/dir\[ga] but the \[ga]subdir/subpath\[ga] element is encrypted.
+
+The path you specify does not have to exist, rclone will create
+it when needed.
+
 If you intend to use the wrapped remote both directly for keeping
 unencrypted content, as well as through a crypt remote for encrypted
 content, it is recommended to point the crypt remote to a separate
-directory within the wrapped remote.
-If you use a bucket-based storage system (e.g.
-Swift, S3, Google Compute Storage, B2) it is generally advisable to wrap
-the crypt remote around a specific bucket (\f[C]s3:bucket\f[R]).
-If wrapping around the entire root of the storage (\f[C]s3:\f[R]), and
-use the optional file name encryption, rclone will encrypt the bucket
-name.
-.SS Changing password
-.PP
-Should the password, or the configuration file containing a lightly
-obscured form of the password, be compromised, you need to re-encrypt
-your data with a new password.
-Since rclone uses secret-key encryption, where the encryption key is
-generated directly from the password kept on the client, it is not
-possible to change the password/key of already encrypted content.
-Just changing the password configured for an existing crypt remote means
-you will no longer able to decrypt any of the previously encrypted
-content.
-The only possibility is to re-upload everything via a crypt remote
-configured with your new password.
-.PP
-Depending on the size of your data, your bandwidth, storage quota etc,
-there are different approaches you can take: - If you have everything in
-a different location, for example on your local system, you could remove
-all of the prior encrypted files, change the password for your
-configured crypt remote (or delete and re-create the crypt
-configuration), and then re-upload everything from the alternative
-location.
-- If you have enough space on the storage system you can create a new
-crypt remote pointing to a separate directory on the same backend, and
-then use rclone to copy everything from the original crypt remote to the
-new, effectively decrypting everything on the fly using the old password
-and re-encrypting using the new password.
-When done, delete the original crypt remote directory and finally the
-rclone crypt configuration with the old password.
+directory within the wrapped remote. If you use a bucket-based storage
+system (e.g. Swift, S3, Google Compute Storage, B2) it is generally
+advisable to wrap the crypt remote around a specific bucket (\[ga]s3:bucket\[ga]).
+If wrapping around the entire root of the storage (\[ga]s3:\[ga]), and use the
+optional file name encryption, rclone will encrypt the bucket name.
+
+### Changing password
+
+Should the password, or the configuration file containing a lightly obscured
+form of the password, be compromised, you need to re-encrypt your data with
+a new password. Since rclone uses secret-key encryption, where the encryption
+key is generated directly from the password kept on the client, it is not
+possible to change the password/key of already encrypted content. Just changing
+the password configured for an existing crypt remote means you will no longer
+able to decrypt any of the previously encrypted content. The only possibility
+is to re-upload everything via a crypt remote configured with your new password.
+
+Depending on the size of your data, your bandwidth, storage quota etc, there are
+different approaches you can take:
+- If you have everything in a different location, for example on your local system,
+you could remove all of the prior encrypted files, change the password for your
+configured crypt remote (or delete and re-create the crypt configuration),
+and then re-upload everything from the alternative location.
+- If you have enough space on the storage system you can create a new crypt
+remote pointing to a separate directory on the same backend, and then use
+rclone to copy everything from the original crypt remote to the new,
+effectively decrypting everything on the fly using the old password and
+re-encrypting using the new password. When done, delete the original crypt
+remote directory and finally the rclone crypt configuration with the old password.
 All data will be streamed from the storage system and back, so you will
-get half the bandwidth and be charged twice if you have upload and
-download quota on the storage system.
-.PP
-\f[B]Note\f[R]: A security problem related to the random password
-generator was fixed in rclone version 1.53.3 (released 2020-11-19).
-Passwords generated by rclone config in version 1.49.0 (released
-2019-08-26) to 1.53.2 (released 2020-10-26) are not considered secure
-and should be changed.
-If you made up your own password, or used rclone version older than
-1.49.0 or newer than 1.53.2 to generate it, you are \f[I]not\f[R]
-affected by this issue.
-See issue #4783 (https://github.com/rclone/rclone/issues/4783) for more
+get half the bandwidth and be charged twice if you have upload and download quota
+on the storage system.
+
+**Note**: A security problem related to the random password generator
+was fixed in rclone version 1.53.3 (released 2020-11-19). Passwords generated
+by rclone config in version 1.49.0 (released 2019-08-26) to 1.53.2
+(released 2020-10-26) are not considered secure and should be changed.
+If you made up your own password, or used rclone version older than 1.49.0 or
+newer than 1.53.2 to generate it, you are *not* affected by this issue.
+See [issue #4783](https://github.com/rclone/rclone/issues/4783) for more
 details, and a tool you can use to check if you are affected.
-.SS Example
-.PP
+
+### Example
+
 Create the following file structure using \[dq]standard\[dq] file name
 encryption.
-.IP
-.nf
-\f[C]
-plaintext/
-\[u251C]\[u2500]\[u2500] file0.txt
-\[u251C]\[u2500]\[u2500] file1.txt
-\[u2514]\[u2500]\[u2500] subdir
-    \[u251C]\[u2500]\[u2500] file2.txt
-    \[u251C]\[u2500]\[u2500] file3.txt
-    \[u2514]\[u2500]\[u2500] subsubdir
-        \[u2514]\[u2500]\[u2500] file4.txt
 \f[R]
 .fi
 .PP
-Copy these to the remote, and list them
+plaintext/ \[u251C]\[u2500]\[u2500] file0.txt \[u251C]\[u2500]\[u2500]
+file1.txt \[u2514]\[u2500]\[u2500] subdir \[u251C]\[u2500]\[u2500]
+file2.txt \[u251C]\[u2500]\[u2500] file3.txt \[u2514]\[u2500]\[u2500]
+subsubdir \[u2514]\[u2500]\[u2500] file4.txt
 .IP
 .nf
 \f[C]
-$ rclone -q copy plaintext secret:
-$ rclone -q ls secret:
-        7 file1.txt
-        6 file0.txt
-        8 subdir/file2.txt
-       10 subdir/subsubdir/file4.txt
-        9 subdir/file3.txt
+Copy these to the remote, and list them
 \f[R]
 .fi
 .PP
-The crypt remote looks like
+$ rclone -q copy plaintext secret: $ rclone -q ls secret: 7 file1.txt 6
+file0.txt 8 subdir/file2.txt 10 subdir/subsubdir/file4.txt 9
+subdir/file3.txt
 .IP
 .nf
 \f[C]
-$ rclone -q ls remote:path
-       55 hagjclgavj2mbiqm6u6cnjjqcg
-       54 v05749mltvv1tf4onltun46gls
-       57 86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo
-       58 86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
-       56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps
+The crypt remote looks like
 \f[R]
 .fi
 .PP
-The directory structure is preserved
+$ rclone -q ls remote:path 55 hagjclgavj2mbiqm6u6cnjjqcg 54
+v05749mltvv1tf4onltun46gls 57
+86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo 58
+86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
+56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps
 .IP
 .nf
 \f[C]
-$ rclone -q ls secret:subdir
-        8 file2.txt
-        9 file3.txt
-       10 subsubdir/file4.txt
+The directory structure is preserved
 \f[R]
 .fi
 .PP
-Without file name encryption \f[C].bin\f[R] extensions are added to
-underlying names.
-This prevents the cloud provider attempting to interpret file content.
+$ rclone -q ls secret:subdir 8 file2.txt 9 file3.txt 10
+subsubdir/file4.txt
 .IP
 .nf
 \f[C]
-$ rclone -q ls remote:path
-       54 file0.txt.bin
-       57 subdir/file3.txt.bin
-       56 subdir/file2.txt.bin
-       58 subdir/subsubdir/file4.txt.bin
-       55 file1.txt.bin
+Without file name encryption \[ga].bin\[ga] extensions are added to underlying
+names. This prevents the cloud provider attempting to interpret file
+content.
 \f[R]
 .fi
-.SS File name encryption modes
 .PP
+$ rclone -q ls remote:path 54 file0.txt.bin 57 subdir/file3.txt.bin 56
+subdir/file2.txt.bin 58 subdir/subsubdir/file4.txt.bin 55 file1.txt.bin
+.IP
+.nf
+\f[C]
+### File name encryption modes
+
 Off
-.IP \[bu] 2
-doesn\[aq]t hide file names or directory structure
-.IP \[bu] 2
-allows for longer file names (\[ti]246 characters)
-.IP \[bu] 2
-can use sub paths and copy single files
-.PP
+
+  * doesn\[aq]t hide file names or directory structure
+  * allows for longer file names (\[ti]246 characters)
+  * can use sub paths and copy single files
+
 Standard
-.IP \[bu] 2
-file names encrypted
-.IP \[bu] 2
-file names can\[aq]t be as long (\[ti]143 characters)
-.IP \[bu] 2
-can use sub paths and copy single files
-.IP \[bu] 2
-directory structure visible
-.IP \[bu] 2
-identical files names will have identical uploaded names
-.IP \[bu] 2
-can use shortcuts to shorten the directory recursion
-.PP
+
+  * file names encrypted
+  * file names can\[aq]t be as long (\[ti]143 characters)
+  * can use sub paths and copy single files
+  * directory structure visible
+  * identical files names will have identical uploaded names
+  * can use shortcuts to shorten the directory recursion
+
 Obfuscation
-.PP
-This is a simple \[dq]rotate\[dq] of the filename, with each file having
-a rot distance based on the filename.
-Rclone stores the distance at the beginning of the filename.
-A file called \[dq]hello\[dq] may become \[dq]53.jgnnq\[dq].
-.PP
+
+This is a simple \[dq]rotate\[dq] of the filename, with each file having a rot
+distance based on the filename. Rclone stores the distance at the
+beginning of the filename. A file called \[dq]hello\[dq] may become \[dq]53.jgnnq\[dq].
+
 Obfuscation is not a strong encryption of filenames, but hinders
-automated scanning tools picking up on filename patterns.
-It is an intermediate between \[dq]off\[dq] and \[dq]standard\[dq] which
-allows for longer path segment names.
-.PP
+automated scanning tools picking up on filename patterns. It is an
+intermediate between \[dq]off\[dq] and \[dq]standard\[dq] which allows for longer path
+segment names.
+
 There is a possibility with some unicode based filenames that the
 obfuscation is weak and may map lower case characters to upper case
 equivalents.
-.PP
+
 Obfuscation cannot be relied upon for strong protection.
-.IP \[bu] 2
-file names very lightly obfuscated
-.IP \[bu] 2
-file names can be longer than standard encryption
-.IP \[bu] 2
-can use sub paths and copy single files
-.IP \[bu] 2
-directory structure visible
-.IP \[bu] 2
-identical files names will have identical uploaded names
-.PP
-Cloud storage systems have limits on file name length and total path
-length which rclone is more likely to breach using \[dq]Standard\[dq]
-file name encryption.
-Where file names are less than 156 characters in length issues should
-not be encountered, irrespective of cloud storage provider.
-.PP
-An experimental advanced option \f[C]filename_encoding\f[R] is now
-provided to address this problem to a certain degree.
-For cloud storage systems with case sensitive file names (e.g.
-Google Drive), \f[C]base64\f[R] can be used to reduce file name length.
+
+  * file names very lightly obfuscated
+  * file names can be longer than standard encryption
+  * can use sub paths and copy single files
+  * directory structure visible
+  * identical files names will have identical uploaded names
+
+Cloud storage systems have limits on file name length and
+total path length which rclone is more likely to breach using
+\[dq]Standard\[dq] file name encryption.  Where file names are less than 156
+characters in length issues should not be encountered, irrespective of
+cloud storage provider.
+
+An experimental advanced option \[ga]filename_encoding\[ga] is now provided to
+address this problem to a certain degree.
+For cloud storage systems with case sensitive file names (e.g. Google Drive),
+\[ga]base64\[ga] can be used to reduce file name length. 
 For cloud storage systems using UTF-16 to store file names internally
-(e.g.
-OneDrive), \f[C]base32768\f[R] can be used to drastically reduce file
-name length.
-.PP
+(e.g. OneDrive, Dropbox, Box), \[ga]base32768\[ga] can be used to drastically reduce
+file name length. 
+
 An alternative, future rclone file name encryption mode may tolerate
 backend provider path length limits.
-.SS Directory name encryption
-.PP
+
+### Directory name encryption
+
 Crypt offers the option of encrypting dir names or leaving them intact.
 There are two options:
-.PP
+
 True
-.PP
-Encrypts the whole file path including directory names Example:
-\f[C]1/12/123.txt\f[R] is encrypted to
-\f[C]p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0\f[R]
-.PP
+
+Encrypts the whole file path including directory names
+Example:
+\[ga]1/12/123.txt\[ga] is encrypted to
+\[ga]p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0\[ga]
+
 False
-.PP
-Only encrypts file names, skips directory names Example:
-\f[C]1/12/123.txt\f[R] is encrypted to
-\f[C]1/12/qgm4avr35m5loi1th53ato71v0\f[R]
-.SS Modified time and hashes
-.PP
+
+Only encrypts file names, skips directory names
+Example:
+\[ga]1/12/123.txt\[ga] is encrypted to
+\[ga]1/12/qgm4avr35m5loi1th53ato71v0\[ga]
+
+
+### Modification times and hashes
+
 Crypt stores modification times using the underlying remote so support
 depends on that.
-.PP
-Hashes are not stored for crypt.
-However the data integrity is protected by an extremely strong crypto
-authenticator.
-.PP
-Use the \f[C]rclone cryptcheck\f[R] command to check the integrity of a
-crypted remote instead of \f[C]rclone check\f[R] which can\[aq]t check
-the checksums properly.
-.SS Standard options
-.PP
-Here are the Standard options specific to crypt (Encrypt/Decrypt a
-remote).
-.SS --crypt-remote
-.PP
+
+Hashes are not stored for crypt. However the data integrity is
+protected by an extremely strong crypto authenticator.
+
+Use the \[ga]rclone cryptcheck\[ga] command to check the
+integrity of an encrypted remote instead of \[ga]rclone check\[ga] which can\[aq]t
+check the checksums properly.
+
+
+### Standard options
+
+Here are the Standard options specific to crypt (Encrypt/Decrypt a remote).
+
+#### --crypt-remote
+
 Remote to encrypt/decrypt.
-.PP
-Normally should contain a \[aq]:\[aq] and a path, e.g.
-\[dq]myremote:path/to/dir\[dq], \[dq]myremote:bucket\[dq] or maybe
-\[dq]myremote:\[dq] (not recommended).
-.PP
+
+Normally should contain a \[aq]:\[aq] and a path, e.g. \[dq]myremote:path/to/dir\[dq],
+\[dq]myremote:bucket\[dq] or maybe \[dq]myremote:\[dq] (not recommended).
+
 Properties:
-.IP \[bu] 2
-Config: remote
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_REMOTE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --crypt-filename-encryption
-.PP
+
+- Config:      remote
+- Env Var:     RCLONE_CRYPT_REMOTE
+- Type:        string
+- Required:    true
+
+#### --crypt-filename-encryption
+
 How to encrypt the filenames.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: filename_encryption
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_FILENAME_ENCRYPTION
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]standard\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]standard\[dq]
-.RS 2
-.IP \[bu] 2
-Encrypt the filenames.
-.IP \[bu] 2
-See the docs for the details.
-.RE
-.IP \[bu] 2
-\[dq]obfuscate\[dq]
-.RS 2
-.IP \[bu] 2
-Very simple filename obfuscation.
-.RE
-.IP \[bu] 2
-\[dq]off\[dq]
-.RS 2
-.IP \[bu] 2
-Don\[aq]t encrypt the file names.
-.IP \[bu] 2
-Adds a \[dq].bin\[dq] extension only.
-.RE
-.RE
-.SS --crypt-directory-name-encryption
-.PP
+
+- Config:      filename_encryption
+- Env Var:     RCLONE_CRYPT_FILENAME_ENCRYPTION
+- Type:        string
+- Default:     \[dq]standard\[dq]
+- Examples:
+    - \[dq]standard\[dq]
+        - Encrypt the filenames.
+        - See the docs for the details.
+    - \[dq]obfuscate\[dq]
+        - Very simple filename obfuscation.
+    - \[dq]off\[dq]
+        - Don\[aq]t encrypt the file names.
+        - Adds a \[dq].bin\[dq], or \[dq]suffix\[dq] extension only.
+
+#### --crypt-directory-name-encryption
+
 Option to either encrypt directory names or leave them intact.
-.PP
-NB If filename_encryption is \[dq]off\[dq] then this option will do
-nothing.
-.PP
+
+NB If filename_encryption is \[dq]off\[dq] then this option will do nothing.
+
 Properties:
-.IP \[bu] 2
-Config: directory_name_encryption
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: true
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Encrypt directory names.
-.RE
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Don\[aq]t encrypt directory names, leave them intact.
-.RE
-.RE
-.SS --crypt-password
-.PP
+
+- Config:      directory_name_encryption
+- Env Var:     RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
+- Type:        bool
+- Default:     true
+- Examples:
+    - \[dq]true\[dq]
+        - Encrypt directory names.
+    - \[dq]false\[dq]
+        - Don\[aq]t encrypt directory names, leave them intact.
+
+#### --crypt-password
+
 Password or pass phrase for encryption.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: password
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --crypt-password2
-.PP
+
+- Config:      password
+- Env Var:     RCLONE_CRYPT_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --crypt-password2
+
 Password or pass phrase for salt.
-.PP
+
 Optional but recommended.
 Should be different to the previous password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: password2
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_PASSWORD2
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
-Here are the Advanced options specific to crypt (Encrypt/Decrypt a
-remote).
-.SS --crypt-server-side-across-configs
-.PP
-Allow server-side operations (e.g.
-copy) to work across different crypt configs.
-.PP
+
+- Config:      password2
+- Env Var:     RCLONE_CRYPT_PASSWORD2
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to crypt (Encrypt/Decrypt a remote).
+
+#### --crypt-server-side-across-configs
+
+Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different crypt configs.
+
 Normally this option is not what you want, but if you have two crypts
 pointing to the same backend you can use it.
-.PP
+
 This can be used, for example, to change file name encryption type
-without re-uploading all the data.
-Just make two crypt backends pointing to two different directories with
-the single changed parameter and use rclone move to move the files
-between the crypt remotes.
-.PP
+without re-uploading all the data. Just make two crypt backends
+pointing to two different directories with the single changed
+parameter and use rclone move to move the files between the crypt
+remotes.
+
 Properties:
-.IP \[bu] 2
-Config: server_side_across_configs
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --crypt-show-mapping
-.PP
+
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
+
+#### --crypt-show-mapping
+
 For all files listed show how the names encrypt.
-.PP
-If this flag is set then for each file that the remote is asked to list,
-it will log (at level INFO) a line stating the decrypted file name and
-the encrypted file name.
-.PP
+
+If this flag is set then for each file that the remote is asked to
+list, it will log (at level INFO) a line stating the decrypted file
+name and the encrypted file name.
+
 This is so you can work out which encrypted names are which decrypted
 names just in case you need to do something with the encrypted file
 names, or for debugging purposes.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: show_mapping
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_SHOW_MAPPING
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --crypt-no-data-encryption
-.PP
+
+- Config:      show_mapping
+- Env Var:     RCLONE_CRYPT_SHOW_MAPPING
+- Type:        bool
+- Default:     false
+
+#### --crypt-no-data-encryption
+
 Option to either encrypt file data or leave it unencrypted.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: no_data_encryption
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_NO_DATA_ENCRYPTION
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Don\[aq]t encrypt file data, leave it unencrypted.
-.RE
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Encrypt file data.
-.RE
-.RE
-.SS --crypt-filename-encoding
-.PP
+
+- Config:      no_data_encryption
+- Env Var:     RCLONE_CRYPT_NO_DATA_ENCRYPTION
+- Type:        bool
+- Default:     false
+- Examples:
+    - \[dq]true\[dq]
+        - Don\[aq]t encrypt file data, leave it unencrypted.
+    - \[dq]false\[dq]
+        - Encrypt file data.
+
+#### --crypt-pass-bad-blocks
+
+If set this will pass bad blocks through as all 0.
+
+This should not be set in normal operation, it should only be set if
+trying to recover an encrypted file with errors and it is desired to
+recover as much of the file as possible.
+
+Properties:
+
+- Config:      pass_bad_blocks
+- Env Var:     RCLONE_CRYPT_PASS_BAD_BLOCKS
+- Type:        bool
+- Default:     false
+
+#### --crypt-filename-encoding
+
 How to encode the encrypted filename to text string.
-.PP
-This option could help with shortening the encrypted filename.
-The suitable option would depend on the way your remote count the
-filename length and if it\[aq]s case sensitive.
-.PP
+
+This option could help with shortening the encrypted filename. The 
+suitable option would depend on the way your remote count the filename
+length and if it\[aq]s case sensitive.
+
 Properties:
-.IP \[bu] 2
-Config: filename_encoding
-.IP \[bu] 2
-Env Var: RCLONE_CRYPT_FILENAME_ENCODING
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]base32\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]base32\[dq]
-.RS 2
-.IP \[bu] 2
-Encode using base32.
-Suitable for all remote.
-.RE
-.IP \[bu] 2
-\[dq]base64\[dq]
-.RS 2
-.IP \[bu] 2
-Encode using base64.
-Suitable for case sensitive remote.
-.RE
-.IP \[bu] 2
-\[dq]base32768\[dq]
-.RS 2
-.IP \[bu] 2
-Encode using base32768.
-Suitable if your remote counts UTF-16 or
-.IP \[bu] 2
-Unicode codepoint instead of UTF-8 byte length.
-(Eg.
-Onedrive)
-.RE
-.RE
-.SS Metadata
-.PP
+
+- Config:      filename_encoding
+- Env Var:     RCLONE_CRYPT_FILENAME_ENCODING
+- Type:        string
+- Default:     \[dq]base32\[dq]
+- Examples:
+    - \[dq]base32\[dq]
+        - Encode using base32. Suitable for all remote.
+    - \[dq]base64\[dq]
+        - Encode using base64. Suitable for case sensitive remote.
+    - \[dq]base32768\[dq]
+        - Encode using base32768. Suitable if your remote counts UTF-16 or
+        - Unicode codepoint instead of UTF-8 byte length. (Eg. Onedrive, Dropbox)
+
+#### --crypt-suffix
+
+If this is set it will override the default suffix of \[dq].bin\[dq].
+
+Setting suffix to \[dq]none\[dq] will result in an empty suffix. This may be useful 
+when the path length is critical.
+
+Properties:
+
+- Config:      suffix
+- Env Var:     RCLONE_CRYPT_SUFFIX
+- Type:        string
+- Default:     \[dq].bin\[dq]
+
+### Metadata
+
 Any metadata supported by the underlying remote is read and written.
-.PP
-See the metadata (https://rclone.org/docs/#metadata) docs for more info.
-.SS Backend commands
-.PP
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+## Backend commands
+
 Here are the commands specific to the crypt backend.
-.PP
+
 Run them with
-.IP
-.nf
-\f[C]
-rclone backend COMMAND remote:
-\f[R]
-.fi
-.PP
+
+    rclone backend COMMAND remote:
+
 The help below will explain what arguments each command takes.
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more info on how to pass options and arguments.
-.PP
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
 These can be run on a running backend using the rc command
-backend/command (https://rclone.org/rc/#backend-command).
-.SS encode
-.PP
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### encode
+
 Encode the given filename(s)
-.IP
-.nf
-\f[C]
-rclone backend encode remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend encode remote: [options] [<arguments>+]
+
 This encodes the filenames given as arguments returning a list of
 strings of the encoded results.
-.PP
+
 Usage Example:
-.IP
-.nf
-\f[C]
-rclone backend encode crypt: file1 [file2...]
-rclone rc backend/command command=encode fs=crypt: file1 [file2...]
-\f[R]
-.fi
-.SS decode
-.PP
+
+    rclone backend encode crypt: file1 [file2...]
+    rclone rc backend/command command=encode fs=crypt: file1 [file2...]
+
+
+### decode
+
 Decode the given filename(s)
-.IP
-.nf
-\f[C]
-rclone backend decode remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend decode remote: [options] [<arguments>+]
+
 This decodes the filenames given as arguments returning a list of
-strings of the decoded results.
-It will return an error if any of the inputs are invalid.
-.PP
+strings of the decoded results. It will return an error if any of the
+inputs are invalid.
+
 Usage Example:
-.IP
-.nf
-\f[C]
-rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
-rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
-\f[R]
-.fi
-.SS Backing up a crypted remote
-.PP
-If you wish to backup a crypted remote, it is recommended that you use
-\f[C]rclone sync\f[R] on the encrypted files, and make sure the
-passwords are the same in the new encrypted remote.
-.PP
+
+    rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
+    rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
+
+
+
+
+## Backing up an encrypted remote
+
+If you wish to backup an encrypted remote, it is recommended that you use
+\[ga]rclone sync\[ga] on the encrypted files, and make sure the passwords are
+the same in the new encrypted remote.
+
 This will have the following advantages
-.IP \[bu] 2
-\f[C]rclone sync\f[R] will check the checksums while copying
-.IP \[bu] 2
-you can use \f[C]rclone check\f[R] between the encrypted remotes
-.IP \[bu] 2
-you don\[aq]t decrypt and encrypt unnecessarily
-.PP
-For example, let\[aq]s say you have your original remote at
-\f[C]remote:\f[R] with the encrypted version at \f[C]eremote:\f[R] with
-path \f[C]remote:crypt\f[R].
-You would then set up the new remote \f[C]remote2:\f[R] and then the
-encrypted version \f[C]eremote2:\f[R] with path \f[C]remote2:crypt\f[R]
-using the same passwords as \f[C]eremote:\f[R].
-.PP
+
+  * \[ga]rclone sync\[ga] will check the checksums while copying
+  * you can use \[ga]rclone check\[ga] between the encrypted remotes
+  * you don\[aq]t decrypt and encrypt unnecessarily
+
+For example, let\[aq]s say you have your original remote at \[ga]remote:\[ga] with
+the encrypted version at \[ga]eremote:\[ga] with path \[ga]remote:crypt\[ga].  You
+would then set up the new remote \[ga]remote2:\[ga] and then the encrypted
+version \[ga]eremote2:\[ga] with path \[ga]remote2:crypt\[ga] using the same passwords
+as \[ga]eremote:\[ga].
+
 To sync the two remotes you would do
-.IP
-.nf
-\f[C]
-rclone sync --interactive remote:crypt remote2:crypt
-\f[R]
-.fi
-.PP
+
+    rclone sync --interactive remote:crypt remote2:crypt
+
 And to check the integrity you would do
-.IP
-.nf
-\f[C]
-rclone check remote:crypt remote2:crypt
-\f[R]
-.fi
-.SS File formats
-.SS File encryption
-.PP
-Files are encrypted 1:1 source file to destination object.
-The file has a header and is divided into chunks.
-.SS Header
-.IP \[bu] 2
-8 bytes magic string \f[C]RCLONE\[rs]x00\[rs]x00\f[R]
-.IP \[bu] 2
-24 bytes Nonce (IV)
-.PP
-The initial nonce is generated from the operating systems crypto strong
-random number generator.
-The nonce is incremented for each chunk read making sure each nonce is
-unique for each block written.
-The chance of a nonce being re-used is minuscule.
-If you wrote an exabyte of data (10\[S1]\[u2078] bytes) you would have a
-probability of approximately 2\[tmu]10\[u207B]\[S3]\[S2] of re-using a
-nonce.
-.SS Chunk
-.PP
+
+    rclone check remote:crypt remote2:crypt
+
+## File formats
+
+### File encryption
+
+Files are encrypted 1:1 source file to destination object.  The file
+has a header and is divided into chunks.
+
+#### Header
+
+  * 8 bytes magic string \[ga]RCLONE\[rs]x00\[rs]x00\[ga]
+  * 24 bytes Nonce (IV)
+
+The initial nonce is generated from the operating systems crypto
+strong random number generator.  The nonce is incremented for each
+chunk read making sure each nonce is unique for each block written.
+The chance of a nonce being reused is minuscule.  If you wrote an
+exabyte of data (10\[S1]\[u2078] bytes) you would have a probability of
+approximately 2\[tmu]10\[u207B]\[S3]\[S2] of re-using a nonce.
+
+#### Chunk
+
 Each chunk will contain 64 KiB of data, except for the last one which
-may have less data.
-The data chunk is in standard NaCl SecretBox format.
-SecretBox uses XSalsa20 and Poly1305 to encrypt and authenticate
-messages.
-.PP
+may have less data. The data chunk is in standard NaCl SecretBox
+format. SecretBox uses XSalsa20 and Poly1305 to encrypt and
+authenticate messages.
+
 Each chunk contains:
-.IP \[bu] 2
-16 Bytes of Poly1305 authenticator
-.IP \[bu] 2
-1 - 65536 bytes XSalsa20 encrypted data
-.PP
+
+  * 16 Bytes of Poly1305 authenticator
+  * 1 - 65536 bytes XSalsa20 encrypted data
+
 64k chunk size was chosen as the best performing chunk size (the
 authenticator takes too much time below this and the performance drops
-off due to cache effects above this).
-Note that these chunks are buffered in memory so they can\[aq]t be too
-big.
-.PP
+off due to cache effects above this).  Note that these chunks are
+buffered in memory so they can\[aq]t be too big.
+
 This uses a 32 byte (256 bit key) key derived from the user password.
-.SS Examples
-.PP
+
+#### Examples
+
 1 byte file will encrypt to
-.IP \[bu] 2
-32 bytes header
-.IP \[bu] 2
-17 bytes data chunk
-.PP
+
+  * 32 bytes header
+  * 17 bytes data chunk
+
 49 bytes total
-.PP
+
 1 MiB (1048576 bytes) file will encrypt to
-.IP \[bu] 2
-32 bytes header
-.IP \[bu] 2
-16 chunks of 65568 bytes
-.PP
-1049120 bytes total (a 0.05% overhead).
-This is the overhead for big files.
-.SS Name encryption
-.PP
-File names are encrypted segment by segment - the path is broken up into
-\f[C]/\f[R] separated strings and these are encrypted individually.
-.PP
-File segments are padded using PKCS#7 to a multiple of 16 bytes before
-encryption.
-.PP
-They are then encrypted with EME using AES with 256 bit key.
-EME (ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
+
+  * 32 bytes header
+  * 16 chunks of 65568 bytes
+
+1049120 bytes total (a 0.05% overhead). This is the overhead for big
+files.
+
+### Name encryption
+
+File names are encrypted segment by segment - the path is broken up
+into \[ga]/\[ga] separated strings and these are encrypted individually.
+
+File segments are padded using PKCS#7 to a multiple of 16 bytes
+before encryption.
+
+They are then encrypted with EME using AES with 256 bit key. EME
+(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
 paper \[dq]A Parallelizable Enciphering Mode\[dq] by Halevi and Rogaway.
-.PP
-This makes for deterministic encryption which is what we want - the same
-filename must encrypt to the same thing otherwise we can\[aq]t find it
-on the cloud storage system.
-.PP
+
+This makes for deterministic encryption which is what we want - the
+same filename must encrypt to the same thing otherwise we can\[aq]t find
+it on the cloud storage system.
+
 This means that
-.IP \[bu] 2
-filenames with the same name will encrypt the same
-.IP \[bu] 2
-filenames which start the same won\[aq]t have a common prefix
-.PP
+
+  * filenames with the same name will encrypt the same
+  * filenames which start the same won\[aq]t have a common prefix
+
 This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of
 which are derived from the user password.
-.PP
+
 After encryption they are written out using a modified version of
-standard \f[C]base32\f[R] encoding as described in RFC4648.
-The standard encoding is modified in two ways:
-.IP \[bu] 2
-it becomes lower case (no-one likes upper case filenames!)
-.IP \[bu] 2
-we strip the padding character \f[C]=\f[R]
-.PP
-\f[C]base32\f[R] is used rather than the more efficient \f[C]base64\f[R]
-so rclone can be used on case insensitive remotes (e.g.
-Windows, Amazon Drive).
-.SS Key derivation
-.PP
-Rclone uses \f[C]scrypt\f[R] with parameters \f[C]N=16384, r=8, p=1\f[R]
-with an optional user supplied salt (password2) to derive the 32+32+16 =
-80 bytes of key material required.
-If the user doesn\[aq]t supply a salt then rclone uses an internal one.
-.PP
-\f[C]scrypt\f[R] makes it impractical to mount a dictionary attack on
-rclone encrypted data.
-For full protection against this you should always use a salt.
-.SS SEE ALSO
-.IP \[bu] 2
-rclone cryptdecode (https://rclone.org/commands/rclone_cryptdecode/) -
-Show forward/reverse mapping of encrypted filenames
-.SH Compress
-.SS Warning
-.PP
-This remote is currently \f[B]experimental\f[R].
-Things may break and data may be lost.
-Anything you do with this remote is at your own risk.
-Please understand the risks associated with using experimental code and
-don\[aq]t use this remote in critical applications.
-.PP
-The \f[C]Compress\f[R] remote adds compression to another remote.
-It is best used with remotes containing many large compressible files.
-.SS Configuration
-.PP
-To use this remote, all you need to do is specify another remote and a
-compression mode to use:
-.IP
-.nf
-\f[C]
-Current remotes:
+standard \[ga]base32\[ga] encoding as described in RFC4648.  The standard
+encoding is modified in two ways:
 
-Name                 Type
-====                 ====
-remote_to_press      sometype
+  * it becomes lower case (no-one likes upper case filenames!)
+  * we strip the padding character \[ga]=\[ga]
 
-e) Edit existing remote
-$ rclone config
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> n
-name> compress
-\&...
- 8 / Compress a remote
-   \[rs] \[dq]compress\[dq]
-\&...
-Storage> compress
-** See help for compress backend at: https://rclone.org/compress/ **
+\[ga]base32\[ga] is used rather than the more efficient \[ga]base64\[ga] so rclone can be
+used on case insensitive remotes (e.g. Windows, Amazon Drive).
 
-Remote to compress.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-remote> remote_to_press:subdir 
-Compression mode.
-Enter a string value. Press Enter for the default (\[dq]gzip\[dq]).
-Choose a number from below, or type in your own value
- 1 / Gzip compression balanced for speed and compression strength.
-   \[rs] \[dq]gzip\[dq]
-compression_mode> gzip
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
---------------------
-[compress]
-type = compress
-remote = remote_to_press:subdir
-compression_mode = gzip
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+### Key derivation
+
+Rclone uses \[ga]scrypt\[ga] with parameters \[ga]N=16384, r=8, p=1\[ga] with an
+optional user supplied salt (password2) to derive the 32+32+16 = 80
+bytes of key material required.  If the user doesn\[aq]t supply a salt
+then rclone uses an internal one.
+
+\[ga]scrypt\[ga] makes it impractical to mount a dictionary attack on rclone
+encrypted data.  For full protection against this you should always use
+a salt.
+
+## SEE ALSO
+
+* [rclone cryptdecode](https://rclone.org/commands/rclone_cryptdecode/)    - Show forward/reverse mapping of encrypted filenames
+
+#  Compress
+
+## Warning
+
+This remote is currently **experimental**. Things may break and data may be lost. Anything you do with this remote is
+at your own risk. Please understand the risks associated with using experimental code and don\[aq]t use this remote in
+critical applications.
+
+The \[ga]Compress\[ga] remote adds compression to another remote. It is best used with remotes containing
+many large compressible files.
+
+## Configuration
+
+To use this remote, all you need to do is specify another remote and a compression mode to use:
 \f[R]
 .fi
-.SS Compression Modes
-.PP
-Currently only gzip compression is supported.
-It provides a decent balance between speed and size and is well
-supported by other applications.
-Compression strength can further be configured via an advanced setting
-where 0 is no compression and 9 is strongest compression.
-.SS File types
-.PP
-If you open a remote wrapped by compress, you will see that there are
-many files with an extension corresponding to the compression algorithm
-you chose.
-These files are standard files that can be opened by various archive
-programs, but they have some hidden metadata that allows them to be used
-by rclone.
-While you may download and decompress these files at will, do
-\f[B]not\f[R] manually delete or rename files.
-Files without correct metadata files will not be recognized by rclone.
-.SS File names
-.PP
-The compressed files will be named \f[C]*.###########.gz\f[R] where
-\f[C]*\f[R] is the base file and the \f[C]#\f[R] part is base64 encoded
-size of the uncompressed file.
-The file names should not be changed by anything other than the rclone
-compression backend.
-.SS Standard options
 .PP
-Here are the Standard options specific to compress (Compress a remote).
-.SS --compress-remote
+Current remotes:
 .PP
-Remote to compress.
+Name Type ==== ==== remote_to_press sometype
+.IP "e)" 3
+Edit existing remote $ rclone config
+.IP "f)" 3
+New remote
+.IP "g)" 3
+Delete remote
+.IP "h)" 3
+Rename remote
+.IP "i)" 3
+Copy remote
+.IP "j)" 3
+Set configuration password
+.IP "k)" 3
+Quit config e/n/d/r/c/s/q> n name> compress ...
+8 / Compress a remote \ \[dq]compress\[dq] ...
+Storage> compress ** See help for compress backend at:
+https://rclone.org/compress/ **
 .PP
+Remote to compress.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+remote> remote_to_press:subdir Compression mode.
+Enter a string value.
+Press Enter for the default (\[dq]gzip\[dq]).
+Choose a number from below, or type in your own value 1 / Gzip
+compression balanced for speed and compression strength.
+\ \[dq]gzip\[dq] compression_mode> gzip Edit advanced config?
+(y/n) y) Yes n) No (default) y/n> n Remote config --------------------
+[compress] type = compress remote = remote_to_press:subdir
+compression_mode = gzip -------------------- y) Yes this is OK (default)
+e) Edit this remote d) Delete this remote y/e/d> y
+.IP
+.nf
+\f[C]
+### Compression Modes
+
+Currently only gzip compression is supported. It provides a decent balance between speed and size and is well
+supported by other applications. Compression strength can further be configured via an advanced setting where 0 is no
+compression and 9 is strongest compression.
+
+### File types
+
+If you open a remote wrapped by compress, you will see that there are many files with an extension corresponding to
+the compression algorithm you chose. These files are standard files that can be opened by various archive programs, 
+but they have some hidden metadata that allows them to be used by rclone.
+While you may download and decompress these files at will, do **not** manually delete or rename files. Files without
+correct metadata files will not be recognized by rclone.
+
+### File names
+
+The compressed files will be named \[ga]*.###########.gz\[ga] where \[ga]*\[ga] is the base file and the \[ga]#\[ga] part is base64 encoded 
+size of the uncompressed file. The file names should not be changed by anything other than the rclone compression backend.
+
+
+### Standard options
+
+Here are the Standard options specific to compress (Compress a remote).
+
+#### --compress-remote
+
+Remote to compress.
+
 Properties:
-.IP \[bu] 2
-Config: remote
-.IP \[bu] 2
-Env Var: RCLONE_COMPRESS_REMOTE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --compress-mode
-.PP
+
+- Config:      remote
+- Env Var:     RCLONE_COMPRESS_REMOTE
+- Type:        string
+- Required:    true
+
+#### --compress-mode
+
 Compression mode.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: mode
-.IP \[bu] 2
-Env Var: RCLONE_COMPRESS_MODE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]gzip\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]gzip\[dq]
-.RS 2
-.IP \[bu] 2
-Standard gzip compression with fastest parameters.
-.RE
-.RE
-.SS Advanced options
-.PP
+
+- Config:      mode
+- Env Var:     RCLONE_COMPRESS_MODE
+- Type:        string
+- Default:     \[dq]gzip\[dq]
+- Examples:
+    - \[dq]gzip\[dq]
+        - Standard gzip compression with fastest parameters.
+
+### Advanced options
+
 Here are the Advanced options specific to compress (Compress a remote).
-.SS --compress-level
-.PP
+
+#### --compress-level
+
 GZIP compression level (-2 to 9).
-.PP
+
 Generally -1 (default, equivalent to 5) is recommended.
-Levels 1 to 9 increase compression at the cost of speed.
-Going past 6 generally offers very little return.
-.PP
-Level -2 uses Huffman encoding only.
-Only use if you know what you are doing.
+Levels 1 to 9 increase compression at the cost of speed. Going past 6 
+generally offers very little return.
+
+Level -2 uses Huffman encoding only. Only use if you know what you
+are doing.
 Level 0 turns off compression.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: level
-.IP \[bu] 2
-Env Var: RCLONE_COMPRESS_LEVEL
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: -1
-.SS --compress-ram-cache-limit
-.PP
+
+- Config:      level
+- Env Var:     RCLONE_COMPRESS_LEVEL
+- Type:        int
+- Default:     -1
+
+#### --compress-ram-cache-limit
+
 Some remotes don\[aq]t allow the upload of files with unknown size.
 In this case the compressed file will need to be cached to determine
 it\[aq]s size.
-.PP
-Files smaller than this limit will be cached in RAM, files larger than
+
+Files smaller than this limit will be cached in RAM, files larger than 
 this limit will be cached on disk.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: ram_cache_limit
-.IP \[bu] 2
-Env Var: RCLONE_COMPRESS_RAM_CACHE_LIMIT
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 20Mi
-.SS Metadata
-.PP
+
+- Config:      ram_cache_limit
+- Env Var:     RCLONE_COMPRESS_RAM_CACHE_LIMIT
+- Type:        SizeSuffix
+- Default:     20Mi
+
+### Metadata
+
 Any metadata supported by the underlying remote is read and written.
-.PP
-See the metadata (https://rclone.org/docs/#metadata) docs for more info.
-.SH Combine
-.PP
-The \f[C]combine\f[R] backend joins remotes together into a single
-directory tree.
-.PP
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Combine
+
+The \[ga]combine\[ga] backend joins remotes together into a single directory
+tree.
+
 For example you might have a remote for images on one provider:
-.IP
-.nf
-\f[C]
-$ rclone tree s3:imagesbucket
-/
-\[u251C]\[u2500]\[u2500] image1.jpg
-\[u2514]\[u2500]\[u2500] image2.jpg
 \f[R]
 .fi
 .PP
-And a remote for files on another:
-.IP
-.nf
-\f[C]
-$ rclone tree drive:important/files
-/
-\[u251C]\[u2500]\[u2500] file1.txt
-\[u2514]\[u2500]\[u2500] file2.txt
-\f[R]
-.fi
-.PP
-The \f[C]combine\f[R] backend can join these together into a synthetic
-directory structure like this:
+$ rclone tree s3:imagesbucket / \[u251C]\[u2500]\[u2500] image1.jpg
+\[u2514]\[u2500]\[u2500] image2.jpg
 .IP
 .nf
 \f[C]
-$ rclone tree combined:
-/
-\[u251C]\[u2500]\[u2500] files
-\[br]   \[u251C]\[u2500]\[u2500] file1.txt
-\[br]   \[u2514]\[u2500]\[u2500] file2.txt
-\[u2514]\[u2500]\[u2500] images
-    \[u251C]\[u2500]\[u2500] image1.jpg
-    \[u2514]\[u2500]\[u2500] image2.jpg
+And a remote for files on another:
 \f[R]
 .fi
 .PP
-You\[aq]d do this by specifying an \f[C]upstreams\f[R] parameter in the
-config like this
+$ rclone tree drive:important/files / \[u251C]\[u2500]\[u2500] file1.txt
+\[u2514]\[u2500]\[u2500] file2.txt
 .IP
 .nf
 \f[C]
-upstreams = images=s3:imagesbucket files=drive:important/files
+The \[ga]combine\[ga] backend can join these together into a synthetic
+directory structure like this:
 \f[R]
 .fi
 .PP
-During the initial setup with \f[C]rclone config\f[R] you will specify
-the upstreams remotes as a space separated list.
-The upstream remotes can either be a local paths or other remotes.
-.SS Configuration
-.PP
-Here is an example of how to make a combine called \f[C]remote\f[R] for
-the example above.
-First run:
+$ rclone tree combined: / \[u251C]\[u2500]\[u2500] files \[br]
+\[u251C]\[u2500]\[u2500] file1.txt \[br] \[u2514]\[u2500]\[u2500]
+file2.txt \[u2514]\[u2500]\[u2500] images \[u251C]\[u2500]\[u2500]
+image1.jpg \[u2514]\[u2500]\[u2500] image2.jpg
 .IP
 .nf
 \f[C]
- rclone config
+You\[aq]d do this by specifying an \[ga]upstreams\[ga] parameter in the config
+like this
+
+    upstreams = images=s3:imagesbucket files=drive:important/files
+
+During the initial setup with \[ga]rclone config\[ga] you will specify the
+upstreams remotes as a space separated list. The upstream remotes can
+either be a local paths or other remotes.
+
+## Configuration
+
+Here is an example of how to make a combine called \[ga]remote\[ga] for the
+example above. First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Option Storage.
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
 \&...
-XX / Combine several remotes into one
-   \[rs] (combine)
-\&...
-Storage> combine
-Option upstreams.
-Upstreams for combining
-These should be in the form
-    dir=remote:path dir2=remote2:path
-Where before the = is specified the root directory and after is the remote to
-put there.
-Embedded spaces can be added using quotes
-    \[dq]dir=remote:path with space\[dq] \[dq]dir2=remote2:path with space\[dq]
-Enter a fs.SpaceSepList value.
+XX / Combine several remotes into one \ (combine) ...
+Storage> combine Option upstreams.
+Upstreams for combining These should be in the form dir=remote:path
+dir2=remote2:path Where before the = is specified the root directory and
+after is the remote to put there.
+Embedded spaces can be added using quotes \[dq]dir=remote:path with
+space\[dq] \[dq]dir2=remote2:path with space\[dq] Enter a
+fs.SpaceSepList value.
 upstreams> images=s3:imagesbucket files=drive:important/files
---------------------
-[remote]
-type = combine
-upstreams = images=s3:imagesbucket files=drive:important/files
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
+-------------------- [remote] type = combine upstreams =
+images=s3:imagesbucket files=drive:important/files --------------------
+y) Yes this is OK (default) e) Edit this remote d) Delete this remote
 y/e/d> y
-\f[R]
-.fi
-.SS Configuring for Google Drive Shared Drives
-.PP
-Rclone has a convenience feature for making a combine backend for all
-the shared drives you have access to.
-.PP
-Assuming your main (non shared drive) Google drive remote is called
-\f[C]drive:\f[R] you would run
 .IP
 .nf
 \f[C]
-rclone backend -o config drives drive:
-\f[R]
-.fi
-.PP
+### Configuring for Google Drive Shared Drives
+
+Rclone has a convenience feature for making a combine backend for all
+the shared drives you have access to.
+
+Assuming your main (non shared drive) Google drive remote is called
+\[ga]drive:\[ga] you would run
+
+    rclone backend -o config drives drive:
+
 This would produce something like this:
-.IP
-.nf
-\f[C]
-[My Drive]
-type = alias
-remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
 
-[Test Drive]
-type = alias
-remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+    [My Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+
+    [Test Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+
+    [AllDrives]
+    type = combine
+    upstreams = \[dq]My Drive=My Drive:\[dq] \[dq]Test Drive=Test Drive:\[dq]
+
+If you then add that config to your config file (find it with \[ga]rclone
+config file\[ga]) then you can access all the shared drives in one place
+with the \[ga]AllDrives:\[ga] remote.
+
+See [the Google Drive docs](https://rclone.org/drive/#drives) for full info.
+
+
+### Standard options
+
+Here are the Standard options specific to combine (Combine several remotes into one).
+
+#### --combine-upstreams
 
-[AllDrives]
-type = combine
-upstreams = \[dq]My Drive=My Drive:\[dq] \[dq]Test Drive=Test Drive:\[dq]
-\f[R]
-.fi
-.PP
-If you then add that config to your config file (find it with
-\f[C]rclone config file\f[R]) then you can access all the shared drives
-in one place with the \f[C]AllDrives:\f[R] remote.
-.PP
-See the Google Drive docs (https://rclone.org/drive/#drives) for full
-info.
-.SS Standard options
-.PP
-Here are the Standard options specific to combine (Combine several
-remotes into one).
-.SS --combine-upstreams
-.PP
 Upstreams for combining
-.PP
+
 These should be in the form
-.IP
-.nf
-\f[C]
-dir=remote:path dir2=remote2:path
-\f[R]
-.fi
-.PP
-Where before the = is specified the root directory and after is the
-remote to put there.
-.PP
+
+    dir=remote:path dir2=remote2:path
+
+Where before the = is specified the root directory and after is the remote to
+put there.
+
 Embedded spaces can be added using quotes
-.IP
-.nf
-\f[C]
-\[dq]dir=remote:path with space\[dq] \[dq]dir2=remote2:path with space\[dq]
-\f[R]
-.fi
-.PP
+
+    \[dq]dir=remote:path with space\[dq] \[dq]dir2=remote2:path with space\[dq]
+
+
+
 Properties:
-.IP \[bu] 2
-Config: upstreams
-.IP \[bu] 2
-Env Var: RCLONE_COMBINE_UPSTREAMS
-.IP \[bu] 2
-Type: SpaceSepList
-.IP \[bu] 2
-Default:
-.SS Metadata
-.PP
+
+- Config:      upstreams
+- Env Var:     RCLONE_COMBINE_UPSTREAMS
+- Type:        SpaceSepList
+- Default:     
+
+### Metadata
+
 Any metadata supported by the underlying remote is read and written.
-.PP
-See the metadata (https://rclone.org/docs/#metadata) docs for more info.
-.SH Dropbox
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Dropbox
+
+Paths are specified as \[ga]remote:path\[ga]
+
 Dropbox paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
+\[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
 The initial setup for dropbox involves getting a token from Dropbox
-which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+which you need to do in your browser.  \[ga]rclone config\[ga] walks you
+through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Dropbox
-   \[rs] \[dq]dropbox\[dq]
-[snip]
-Storage> dropbox
-Dropbox App Key - leave blank normally.
-app_key>
-Dropbox App Secret - leave blank normally.
-app_secret>
-Remote config
-Please visit:
+.IP "n)" 3
+New remote
+.IP "o)" 3
+Delete remote
+.IP "p)" 3
+Quit config e/n/d/q> n name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+Dropbox \ \[dq]dropbox\[dq] [snip] Storage> dropbox Dropbox App Key -
+leave blank normally.
+app_key> Dropbox App Secret - leave blank normally.
+app_secret> Remote config Please visit:
 https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&response_type=code
 Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX
+-------------------- [remote] app_key = app_secret = token =
+XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 --------------------
-[remote]
-app_key =
-app_secret =
-token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Dropbox.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and it may require you to
-unblock it temporarily if you are running a host firewall, or use manual
-mode.
-.PP
-You can then use it like this,
-.PP
-List directories in top level of your dropbox
+.IP "q)" 3
+Yes this is OK
+.IP "r)" 3
+Edit this remote
+.IP "s)" 3
+Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Dropbox. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on \[ga]http://127.0.0.1:53682/\[ga] and it
+may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
+You can then use it like this,
+
+List directories in top level of your dropbox
+
+    rclone lsd remote:
+
 List all the files in your dropbox
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to a dropbox directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Dropbox for business
-.PP
+
+    rclone copy /home/source remote:backup
+
+### Dropbox for business
+
 Rclone supports Dropbox for business and Team Folders.
-.PP
-When using Dropbox for business \f[C]remote:\f[R] and
-\f[C]remote:path/to/file\f[R] will refer to your personal folder.
-.PP
-If you wish to see Team Folders you must use a leading \f[C]/\f[R] in
-the path, so \f[C]rclone lsd remote:/\f[R] will refer to the root and
-show you all Team Folders and your User Folder.
-.PP
-You can then use team folders like this \f[C]remote:/TeamFolder\f[R] and
-\f[C]remote:/TeamFolder/path/to/file\f[R].
-.PP
-A leading \f[C]/\f[R] for a Dropbox personal account will do nothing,
-but it will take an extra HTTP transaction so it should be avoided.
-.SS Modified time and Hashes
-.PP
-Dropbox supports modified times, but the only way to set a modification
-time is to re-upload the file.
-.PP
+
+When using Dropbox for business \[ga]remote:\[ga] and \[ga]remote:path/to/file\[ga]
+will refer to your personal folder.
+
+If you wish to see Team Folders you must use a leading \[ga]/\[ga] in the
+path, so \[ga]rclone lsd remote:/\[ga] will refer to the root and show you all
+Team Folders and your User Folder.
+
+You can then use team folders like this \[ga]remote:/TeamFolder\[ga] and
+\[ga]remote:/TeamFolder/path/to/file\[ga].
+
+A leading \[ga]/\[ga] for a Dropbox personal account will do nothing, but it
+will take an extra HTTP transaction so it should be avoided.
+
+### Modification times and hashes
+
+Dropbox supports modified times, but the only way to set a
+modification time is to re-upload the file.
+
 This means that if you uploaded your data with an older version of
-rclone which didn\[aq]t support the v2 API and modified times, rclone
-will decide to upload all your old data to fix the modification times.
-If you don\[aq]t want this to happen use \f[C]--size-only\f[R] or
-\f[C]--checksum\f[R] flag to stop it.
-.PP
-Dropbox supports its own hash
-type (https://www.dropbox.com/developers/reference/content-hash) which
+rclone which didn\[aq]t support the v2 API and modified times, rclone will
+decide to upload all your old data to fix the modification times.  If
+you don\[aq]t want this to happen use \[ga]--size-only\[ga] or \[ga]--checksum\[ga] flag
+to stop it.
+
+Dropbox supports [its own hash
+type](https://www.dropbox.com/developers/reference/content-hash) which
 is checked for all transfers.
-.SS Restricted filename characters
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-NUL
-T}@T{
-0x00
-T}@T{
-\[u2400]
-T}
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-T{
-DEL
-T}@T{
-0x7F
-T}@T{
-\[u2421]
-T}
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
-.PP
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | \[u2400]           |
+| /         | 0x2F  | \[uFF0F]           |
+| DEL       | 0x7F  | \[u2421]           |
+| \[rs]         | 0x5C  | \[uFF3C]           |
+
 File names can also not end with the following characters.
 These only get replaced if they are the last character in the name:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-SP
-T}@T{
-0x20
-T}@T{
-\[u2420]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Batch mode uploads
-.PP
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | \[u2420]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Batch mode uploads {#batch-mode}
+
 Using batch mode uploads is very important for performance when using
-the Dropbox API.
-See the dropbox performance
-guide (https://developers.dropbox.com/dbx-performance-guide) for more
-info.
-.PP
+the Dropbox API. See [the dropbox performance guide](https://developers.dropbox.com/dbx-performance-guide)
+for more info.
+
 There are 3 modes rclone can use for uploads.
-.SS --dropbox-batch-mode off
-.PP
-In this mode rclone will not use upload batching.
-This was the default before rclone v1.55.
-It has the disadvantage that it is very likely to encounter
-\f[C]too_many_requests\f[R] errors like this
-.IP
-.nf
-\f[C]
-NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
-\f[R]
-.fi
-.PP
+
+#### --dropbox-batch-mode off
+
+In this mode rclone will not use upload batching. This was the default
+before rclone v1.55. It has the disadvantage that it is very likely to
+encounter \[ga]too_many_requests\[ga] errors like this
+
+    NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
+
 When rclone receives these it has to wait for 15s or sometimes 300s
 before continuing which really slows down transfers.
-.PP
-This will happen especially if \f[C]--transfers\f[R] is large, so this
-mode isn\[aq]t recommended except for compatibility or investigating
-problems.
-.SS --dropbox-batch-mode sync
-.PP
+
+This will happen especially if \[ga]--transfers\[ga] is large, so this mode
+isn\[aq]t recommended except for compatibility or investigating problems.
+
+#### --dropbox-batch-mode sync
+
 In this mode rclone will batch up uploads to the size specified by
-\f[C]--dropbox-batch-size\f[R] and commit them together.
-.PP
-Using this mode means you can use a much higher \f[C]--transfers\f[R]
-parameter (32 or 64 works fine) without receiving
-\f[C]too_many_requests\f[R] errors.
-.PP
+\[ga]--dropbox-batch-size\[ga] and commit them together.
+
+Using this mode means you can use a much higher \[ga]--transfers\[ga]
+parameter (32 or 64 works fine) without receiving \[ga]too_many_requests\[ga]
+errors.
+
 This mode ensures full data integrity.
-.PP
+
 Note that there may be a pause when quitting rclone while rclone
 finishes up the last batch using this mode.
-.SS --dropbox-batch-mode async
-.PP
+
+#### --dropbox-batch-mode async
+
 In this mode rclone will batch up uploads to the size specified by
-\f[C]--dropbox-batch-size\f[R] and commit them together.
-.PP
+\[ga]--dropbox-batch-size\[ga] and commit them together.
+
 However it will not wait for the status of the batch to be returned to
-the caller.
-This means rclone can use a much bigger batch size (much bigger than
-\f[C]--transfers\f[R]), at the cost of not being able to check the
+the caller. This means rclone can use a much bigger batch size (much
+bigger than \[ga]--transfers\[ga]), at the cost of not being able to check the
 status of the upload.
-.PP
-This provides the maximum possible upload speed especially with lots of
-small files, however rclone can\[aq]t check the file got uploaded
+
+This provides the maximum possible upload speed especially with lots
+of small files, however rclone can\[aq]t check the file got uploaded
 properly using this mode.
-.PP
+
 If you are using this mode then using \[dq]rclone check\[dq] after the
-transfer completes is recommended.
-Or you could do an initial transfer with
-\f[C]--dropbox-batch-mode async\f[R] then do a final transfer with
-\f[C]--dropbox-batch-mode sync\f[R] (the default).
-.PP
+transfer completes is recommended. Or you could do an initial transfer
+with \[ga]--dropbox-batch-mode async\[ga] then do a final transfer with
+\[ga]--dropbox-batch-mode sync\[ga] (the default).
+
 Note that there may be a pause when quitting rclone while rclone
 finishes up the last batch using this mode.
-.SS Standard options
-.PP
+
+
+
+### Standard options
+
 Here are the Standard options specific to dropbox (Dropbox).
-.SS --dropbox-client-id
-.PP
+
+#### --dropbox-client-id
+
 OAuth Client Id.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --dropbox-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_DROPBOX_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --dropbox-client-secret
+
 OAuth Client Secret.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_DROPBOX_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
 Here are the Advanced options specific to dropbox (Dropbox).
-.SS --dropbox-token
-.PP
+
+#### --dropbox-token
+
 OAuth Access Token as a JSON blob.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --dropbox-auth-url
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_DROPBOX_TOKEN
+- Type:        string
+- Required:    false
+
+#### --dropbox-auth-url
+
 Auth server URL.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --dropbox-token-url
-.PP
+
+- Config:      auth_url
+- Env Var:     RCLONE_DROPBOX_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --dropbox-token-url
+
 Token server url.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --dropbox-chunk-size
-.PP
+
+- Config:      token_url
+- Env Var:     RCLONE_DROPBOX_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --dropbox-chunk-size
+
 Upload chunk size (< 150Mi).
-.PP
+
 Any files larger than this will be uploaded in chunks of this size.
-.PP
+
 Note that chunks are buffered in memory (one at a time) so rclone can
-deal with retries.
-Setting this larger will increase the speed slightly (at most 10% for
-128 MiB in tests) at the cost of using more memory.
-It can be set smaller if you are tight on memory.
-.PP
+deal with retries.  Setting this larger will increase the speed
+slightly (at most 10% for 128 MiB in tests) at the cost of using more
+memory.  It can be set smaller if you are tight on memory.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 48Mi
-.SS --dropbox-impersonate
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_DROPBOX_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     48Mi
+
+#### --dropbox-impersonate
+
 Impersonate this user when using a business account.
-.PP
-Note that if you want to use impersonate, you should make sure this flag
-is set when running \[dq]rclone config\[dq] as this will cause rclone to
-request the \[dq]members.read\[dq] scope which it won\[aq]t normally.
-This is needed to lookup a members email address into the internal ID
-that dropbox uses in the API.
-.PP
+
+Note that if you want to use impersonate, you should make sure this
+flag is set when running \[dq]rclone config\[dq] as this will cause rclone to
+request the \[dq]members.read\[dq] scope which it won\[aq]t normally. This is
+needed to lookup a members email address into the internal ID that
+dropbox uses in the API.
+
 Using the \[dq]members.read\[dq] scope will require a Dropbox Team Admin
 to approve during the OAuth flow.
-.PP
+
 You will have to use your own App (setting your own client_id and
-client_secret) to use this option as currently rclone\[aq]s default set
-of permissions doesn\[aq]t include \[dq]members.read\[dq].
-This can be added once v1.55 or later is in use everywhere.
-.PP
+client_secret) to use this option as currently rclone\[aq]s default set of
+permissions doesn\[aq]t include \[dq]members.read\[dq]. This can be added once
+v1.55 or later is in use everywhere.
+
+
 Properties:
-.IP \[bu] 2
-Config: impersonate
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_IMPERSONATE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --dropbox-shared-files
-.PP
+
+- Config:      impersonate
+- Env Var:     RCLONE_DROPBOX_IMPERSONATE
+- Type:        string
+- Required:    false
+
+#### --dropbox-shared-files
+
 Instructs rclone to work on individual shared files.
-.PP
-In this mode rclone\[aq]s features are extremely limited - only list
-(ls, lsl, etc.) operations and read operations (e.g.
-downloading) are supported in this mode.
+
+In this mode rclone\[aq]s features are extremely limited - only list (ls, lsl, etc.) 
+operations and read operations (e.g. downloading) are supported in this mode.
 All other operations will be disabled.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: shared_files
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_SHARED_FILES
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --dropbox-shared-folders
-.PP
+
+- Config:      shared_files
+- Env Var:     RCLONE_DROPBOX_SHARED_FILES
+- Type:        bool
+- Default:     false
+
+#### --dropbox-shared-folders
+
 Instructs rclone to work on shared folders.
-.PP
-When this flag is used with no path only the List operation is supported
-and all available shared folders will be listed.
-If you specify a path the first part will be interpreted as the name of
+            
+When this flag is used with no path only the List operation is supported and 
+all available shared folders will be listed. If you specify a path the first part 
+will be interpreted as the name of shared folder. Rclone will then try to mount this 
+shared to the root namespace. On success shared folder rclone proceeds normally. 
+The shared folder is now pretty much a normal folder and all normal operations 
+are supported. 
+
+Note that we don\[aq]t unmount the shared folder afterwards so the 
+--dropbox-shared-folders can be omitted after the first use of a particular 
 shared folder.
-Rclone will then try to mount this shared to the root namespace.
-On success shared folder rclone proceeds normally.
-The shared folder is now pretty much a normal folder and all normal
-operations are supported.
-.PP
-Note that we don\[aq]t unmount the shared folder afterwards so the
---dropbox-shared-folders can be omitted after the first use of a
-particular shared folder.
-.PP
+
+Properties:
+
+- Config:      shared_folders
+- Env Var:     RCLONE_DROPBOX_SHARED_FOLDERS
+- Type:        bool
+- Default:     false
+
+#### --dropbox-pacer-min-sleep
+
+Minimum time to sleep between API calls.
+
 Properties:
-.IP \[bu] 2
-Config: shared_folders
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_SHARED_FOLDERS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --dropbox-batch-mode
-.PP
+
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_DROPBOX_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     10ms
+
+#### --dropbox-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_DROPBOX_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
+
+#### --dropbox-batch-mode
+
 Upload file batching sync|async|off.
-.PP
+
 This sets the batch mode used by rclone.
-.PP
-For full info see the main docs (https://rclone.org/dropbox/#batch-mode)
-.PP
+
+For full info see [the main docs](https://rclone.org/dropbox/#batch-mode)
+
 This has 3 possible values
-.IP \[bu] 2
-off - no batching
-.IP \[bu] 2
-sync - batch uploads and check completion (default)
-.IP \[bu] 2
-async - batch upload and don\[aq]t check completion
-.PP
-Rclone will close any outstanding batches when it exits which may make a
-delay on quit.
-.PP
+
+- off - no batching
+- sync - batch uploads and check completion (default)
+- async - batch upload and don\[aq]t check completion
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+
 Properties:
-.IP \[bu] 2
-Config: batch_mode
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_BATCH_MODE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]sync\[dq]
-.SS --dropbox-batch-size
-.PP
+
+- Config:      batch_mode
+- Env Var:     RCLONE_DROPBOX_BATCH_MODE
+- Type:        string
+- Default:     \[dq]sync\[dq]
+
+#### --dropbox-batch-size
+
 Max number of files in upload batch.
-.PP
-This sets the batch size of files to upload.
-It has to be less than 1000.
-.PP
+
+This sets the batch size of files to upload. It has to be less than 1000.
+
 By default this is 0 which means rclone which calculate the batch size
 depending on the setting of batch_mode.
-.IP \[bu] 2
-batch_mode: async - default batch_size is 100
-.IP \[bu] 2
-batch_mode: sync - default batch_size is the same as --transfers
-.IP \[bu] 2
-batch_mode: off - not in use
-.PP
-Rclone will close any outstanding batches when it exits which may make a
-delay on quit.
-.PP
-Setting this is a great idea if you are uploading lots of small files as
-it will make them a lot quicker.
-You can use --transfers 32 to maximise throughput.
-.PP
+
+- batch_mode: async - default batch_size is 100
+- batch_mode: sync - default batch_size is the same as --transfers
+- batch_mode: off - not in use
+
+Rclone will close any outstanding batches when it exits which may make
+a delay on quit.
+
+Setting this is a great idea if you are uploading lots of small files
+as it will make them a lot quicker. You can use --transfers 32 to
+maximise throughput.
+
+
 Properties:
-.IP \[bu] 2
-Config: batch_size
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_BATCH_SIZE
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 0
-.SS --dropbox-batch-timeout
-.PP
+
+- Config:      batch_size
+- Env Var:     RCLONE_DROPBOX_BATCH_SIZE
+- Type:        int
+- Default:     0
+
+#### --dropbox-batch-timeout
+
 Max time to allow an idle upload batch before uploading.
-.PP
+
 If an upload batch is idle for more than this long then it will be
 uploaded.
-.PP
+
 The default for this is 0 which means rclone will choose a sensible
 default based on the batch_mode in use.
-.IP \[bu] 2
-batch_mode: async - default batch_timeout is 500ms
-.IP \[bu] 2
-batch_mode: sync - default batch_timeout is 10s
-.IP \[bu] 2
-batch_mode: off - not in use
-.PP
+
+- batch_mode: async - default batch_timeout is 10s
+- batch_mode: sync - default batch_timeout is 500ms
+- batch_mode: off - not in use
+
+
 Properties:
-.IP \[bu] 2
-Config: batch_timeout
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_BATCH_TIMEOUT
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 0s
-.SS --dropbox-batch-commit-timeout
-.PP
+
+- Config:      batch_timeout
+- Env Var:     RCLONE_DROPBOX_BATCH_TIMEOUT
+- Type:        Duration
+- Default:     0s
+
+#### --dropbox-batch-commit-timeout
+
 Max time to wait for a batch to finish committing
-.PP
-Properties:
-.IP \[bu] 2
-Config: batch_commit_timeout
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 10m0s
-.SS --dropbox-encoding
-.PP
-The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_DROPBOX_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot
-.SS Limitations
-.PP
-Note that Dropbox is case insensitive so you can\[aq]t have a file
-called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
-There are some file names such as \f[C]thumbs.db\f[R] which Dropbox
-can\[aq]t store.
-There is a full list of them in the \[dq]Ignored Files\[dq] section of
-this document (https://www.dropbox.com/en/help/145).
-Rclone will issue an error message
-\f[C]File name disallowed - not uploading\f[R] if it attempts to upload
-one of those file names, but the sync won\[aq]t fail.
-.PP
+
+- Config:      batch_commit_timeout
+- Env Var:     RCLONE_DROPBOX_BATCH_COMMIT_TIMEOUT
+- Type:        Duration
+- Default:     10m0s
+
+
+
+## Limitations
+
+Note that Dropbox is case insensitive so you can\[aq]t have a file called
+\[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
+
+There are some file names such as \[ga]thumbs.db\[ga] which Dropbox can\[aq]t
+store.  There is a full list of them in the [\[dq]Ignored Files\[dq] section
+of this document](https://www.dropbox.com/en/help/145).  Rclone will
+issue an error message \[ga]File name disallowed - not uploading\[ga] if it
+attempts to upload one of those file names, but the sync won\[aq]t fail.
+
 Some errors may occur if you try to sync copyright-protected files
-because Dropbox has its own copyright
-detector (https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/)
-that prevents this sort of file being downloaded.
-This will return the error
-\f[C]ERROR : /path/to/your/file: Failed to copy: failed to open source object: path/restricted_content/.\f[R]
-.PP
-If you have more than 10,000 files in a directory then
-\f[C]rclone purge dropbox:dir\f[R] will return the error
-\f[C]Failed to purge: There are too many files involved in this operation\f[R].
-As a work-around do an \f[C]rclone delete dropbox:dir\f[R] followed by
-an \f[C]rclone rmdir dropbox:dir\f[R].
-.PP
-When using \f[C]rclone link\f[R] you\[aq]ll need to set
-\f[C]--expire\f[R] if using a non-personal account otherwise the
-visibility may not be correct.
-(Note that \f[C]--expire\f[R] isn\[aq]t supported on personal accounts).
-See the forum
-discussion (https://forum.rclone.org/t/rclone-link-dropbox-permissions/23211)
-and the dropbox SDK
-issue (https://github.com/dropbox/dropbox-sdk-go-unofficial/issues/75).
-.SS Get your own Dropbox App ID
-.PP
-When you use rclone with Dropbox in its default configuration you are
-using rclone\[aq]s App ID.
-This is shared between all the rclone users.
-.PP
+because Dropbox has its own [copyright detector](https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/) that
+prevents this sort of file being downloaded. This will return the error \[ga]ERROR :
+/path/to/your/file: Failed to copy: failed to open source object:
+path/restricted_content/.\[ga]
+
+If you have more than 10,000 files in a directory then \[ga]rclone purge
+dropbox:dir\[ga] will return the error \[ga]Failed to purge: There are too
+many files involved in this operation\[ga].  As a work-around do an
+\[ga]rclone delete dropbox:dir\[ga] followed by an \[ga]rclone rmdir dropbox:dir\[ga].
+
+When using \[ga]rclone link\[ga] you\[aq]ll need to set \[ga]--expire\[ga] if using a
+non-personal account otherwise the visibility may not be correct.
+(Note that \[ga]--expire\[ga] isn\[aq]t supported on personal accounts). See the
+[forum discussion](https://forum.rclone.org/t/rclone-link-dropbox-permissions/23211) and the 
+[dropbox SDK issue](https://github.com/dropbox/dropbox-sdk-go-unofficial/issues/75).
+
+## Get your own Dropbox App ID
+
+When you use rclone with Dropbox in its default configuration you are using rclone\[aq]s App ID. This is shared between all the rclone users.
+
 Here is how to create your own Dropbox App ID for rclone:
-.IP "1." 3
-Log into the Dropbox App
-console (https://www.dropbox.com/developers/apps/create) with your
-Dropbox Account (It need not to be the same account as the Dropbox you
-want to access)
-.IP "2." 3
-Choose an API => Usually this should be \f[C]Dropbox API\f[R]
-.IP "3." 3
-Choose the type of access you want to use => \f[C]Full Dropbox\f[R] or
-\f[C]App Folder\f[R]
-.IP "4." 3
-Name your App.
-The app name is global, so you can\[aq]t use \f[C]rclone\f[R] for
-example
-.IP "5." 3
-Click the button \f[C]Create App\f[R]
-.IP "6." 3
-Switch to the \f[C]Permissions\f[R] tab.
-Enable at least the following permissions: \f[C]account_info.read\f[R],
-\f[C]files.metadata.write\f[R], \f[C]files.content.write\f[R],
-\f[C]files.content.read\f[R], \f[C]sharing.write\f[R].
-The \f[C]files.metadata.read\f[R] and \f[C]sharing.read\f[R] checkboxes
-will be marked too.
-Click \f[C]Submit\f[R]
-.IP "7." 3
-Switch to the \f[C]Settings\f[R] tab.
-Fill \f[C]OAuth2 - Redirect URIs\f[R] as
-\f[C]http://localhost:53682/\f[R]
-.IP "8." 3
-Find the \f[C]App key\f[R] and \f[C]App secret\f[R] values on the
-\f[C]Settings\f[R] tab.
-Use these values in rclone config to add a new remote or edit an
-existing remote.
-The \f[C]App key\f[R] setting corresponds to \f[C]client_id\f[R] in
-rclone config, the \f[C]App secret\f[R] corresponds to
-\f[C]client_secret\f[R]
-.SH Enterprise File Fabric
-.PP
-This backend supports Storage Made Easy\[aq]s Enterprise File
-Fabric\[tm] (https://storagemadeeasy.com/about/) which provides a
-software solution to integrate and unify File and Object Storage
-accessible through a global file system.
-.SS Configuration
-.PP
-The initial setup for the Enterprise File Fabric backend involves
-getting a token from the Enterprise File Fabric which you need to do in
-your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Enterprise File Fabric
-   \[rs] \[dq]filefabric\[dq]
-[snip]
-Storage> filefabric
-** See help for filefabric backend at: https://rclone.org/filefabric/ **
 
-URL of the Enterprise File Fabric to connect to
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / Storage Made Easy US
-   \[rs] \[dq]https://storagemadeeasy.com\[dq]
- 2 / Storage Made Easy EU
-   \[rs] \[dq]https://eu.storagemadeeasy.com\[dq]
- 3 / Connect to your Enterprise File Fabric
-   \[rs] \[dq]https://yourfabric.smestorage.com\[dq]
-url> https://yourfabric.smestorage.com/
-ID of the root folder
-Leave blank normally.
+1. Log into the [Dropbox App console](https://www.dropbox.com/developers/apps/create) with your Dropbox Account (It need not
+to be the same account as the Dropbox you want to access)
 
-Fill in to make rclone start with directory of a given ID.
+2. Choose an API => Usually this should be \[ga]Dropbox API\[ga]
 
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-root_folder_id> 
-Permanent Authentication Token
+3. Choose the type of access you want to use => \[ga]Full Dropbox\[ga] or \[ga]App Folder\[ga]. If you want to use Team Folders, \[ga]Full Dropbox\[ga] is required ([see here](https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-create-team-folder-inside-my-app-s-folder/m-p/601005/highlight/true#M27911)).
 
-A Permanent Authentication Token can be created in the Enterprise File
-Fabric, on the users Dashboard under Security, there is an entry
-you\[aq]ll see called \[dq]My Authentication Tokens\[dq]. Click the Manage button
-to create one.
+4. Name your App. The app name is global, so you can\[aq]t use \[ga]rclone\[ga] for example
 
-These tokens are normally valid for several years.
+5. Click the button \[ga]Create App\[ga]
 
-For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+6. Switch to the \[ga]Permissions\[ga] tab. Enable at least the following permissions: \[ga]account_info.read\[ga], \[ga]files.metadata.write\[ga], \[ga]files.content.write\[ga], \[ga]files.content.read\[ga], \[ga]sharing.write\[ga]. The \[ga]files.metadata.read\[ga] and \[ga]sharing.read\[ga] checkboxes will be marked too. Click \[ga]Submit\[ga]
 
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-permanent_token> xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
---------------------
-[remote]
-type = filefabric
-url = https://yourfabric.smestorage.com/
-permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your Enterprise File Fabric
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
-List all the files in your Enterprise File Fabric
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
-To copy a local directory to an Enterprise File Fabric directory called
-backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
+7. Switch to the \[ga]Settings\[ga] tab. Fill \[ga]OAuth2 - Redirect URIs\[ga] as \[ga]http://localhost:53682/\[ga] and click on \[ga]Add\[ga]
+
+8. Find the \[ga]App key\[ga] and \[ga]App secret\[ga] values on the \[ga]Settings\[ga] tab. Use these values in rclone config to add a new remote or edit an existing remote. The \[ga]App key\[ga] setting corresponds to \[ga]client_id\[ga] in rclone config, the \[ga]App secret\[ga] corresponds to \[ga]client_secret\[ga]
+
+#  Enterprise File Fabric
+
+This backend supports [Storage Made Easy\[aq]s Enterprise File
+Fabric\[tm]](https://storagemadeeasy.com/about/) which provides a software
+solution to integrate and unify File and Object Storage accessible
+through a global file system.
+
+## Configuration
+
+The initial setup for the Enterprise File Fabric backend involves
+getting a token from the Enterprise File Fabric which you need to
+do in your browser.  \[ga]rclone config\[ga] walks you through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
-.SS Modified time and hashes
-.PP
-The Enterprise File Fabric allows modification times to be set on files
-accurate to 1 second.
-These will be used to detect whether objects need syncing or not.
 .PP
-The Enterprise File Fabric does not support any data hashes at this
-time.
-.SS Restricted filename characters
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX /
+Enterprise File Fabric \ \[dq]filefabric\[dq] [snip] Storage> filefabric
+** See help for filefabric backend at: https://rclone.org/filefabric/ **
 .PP
-The default restricted characters
-set (https://rclone.org/overview/#restricted-characters) will be
-replaced.
+URL of the Enterprise File Fabric to connect to Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / Storage Made
+Easy US \ \[dq]https://storagemadeeasy.com\[dq] 2 / Storage Made Easy EU
+\ \[dq]https://eu.storagemadeeasy.com\[dq] 3 / Connect to your
+Enterprise File Fabric \ \[dq]https://yourfabric.smestorage.com\[dq]
+url> https://yourfabric.smestorage.com/ ID of the root folder Leave
+blank normally.
 .PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Empty files
+Fill in to make rclone start with directory of a given ID.
 .PP
-Empty files aren\[aq]t supported by the Enterprise File Fabric.
-Rclone will therefore upload an empty file as a single space with a mime
-type of \f[C]application/vnd.rclone.empty.file\f[R] and files with that
-mime type are treated as empty.
-.SS Root folder ID
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+root_folder_id> Permanent Authentication Token
 .PP
-You can set the \f[C]root_folder_id\f[R] for rclone.
-This is the directory (identified by its \f[C]Folder ID\f[R]) that
-rclone considers to be the root of your Enterprise File Fabric.
+A Permanent Authentication Token can be created in the Enterprise File
+Fabric, on the users Dashboard under Security, there is an entry
+you\[aq]ll see called \[dq]My Authentication Tokens\[dq].
+Click the Manage button to create one.
 .PP
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
+These tokens are normally valid for several years.
 .PP
-However you can set this to restrict rclone to a specific folder
-hierarchy.
+For more info see:
+https://docs.storagemadeeasy.com/organisationcloud/api-tokens
 .PP
-In order to do this you will have to find the \f[C]Folder ID\f[R] of the
-directory you wish rclone to display.
-These aren\[aq]t displayed in the web interface, but you can use
-\f[C]rclone lsf\f[R] to find them, for example
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+permanent_token> xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx Edit advanced config?
+(y/n) y) Yes n) No (default) y/n> n Remote config --------------------
+[remote] type = filefabric url = https://yourfabric.smestorage.com/
+permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx --------------------
+y) Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d> y
 .IP
 .nf
 \f[C]
-$ rclone lsf --dirs-only -Fip --csv filefabric:
-120673758,Burnt PDFs/
-120673759,My Quick Uploads/
-120673755,My Syncs/
-120673756,My backups/
-120673757,My contacts/
-120673761,S3 Storage/
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your Enterprise File Fabric
+
+    rclone lsd remote:
+
+List all the files in your Enterprise File Fabric
+
+    rclone ls remote:
+
+To copy a local directory to an Enterprise File Fabric directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+The Enterprise File Fabric allows modification times to be set on
+files accurate to 1 second.  These will be used to detect whether
+objects need syncing or not.
+
+The Enterprise File Fabric does not support any data hashes at this time.
+
+### Restricted filename characters
+
+The [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+will be replaced.
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Empty files
+
+Empty files aren\[aq]t supported by the Enterprise File Fabric. Rclone will therefore
+upload an empty file as a single space with a mime type of
+\[ga]application/vnd.rclone.empty.file\[ga] and files with that mime type are
+treated as empty.
+
+### Root folder ID ###
+
+You can set the \[ga]root_folder_id\[ga] for rclone.  This is the directory
+(identified by its \[ga]Folder ID\[ga]) that rclone considers to be the root
+of your Enterprise File Fabric.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
+However you can set this to restrict rclone to a specific folder
+hierarchy.
+
+In order to do this you will have to find the \[ga]Folder ID\[ga] of the
+directory you wish rclone to display.  These aren\[aq]t displayed in the
+web interface, but you can use \[ga]rclone lsf\[ga] to find them, for example
 \f[R]
 .fi
 .PP
-The ID for \[dq]S3 Storage\[dq] would be \f[C]120673761\f[R].
-.SS Standard options
-.PP
-Here are the Standard options specific to filefabric (Enterprise File
-Fabric).
-.SS --filefabric-url
-.PP
+$ rclone lsf --dirs-only -Fip --csv filefabric: 120673758,Burnt PDFs/
+120673759,My Quick Uploads/ 120673755,My Syncs/ 120673756,My backups/
+120673757,My contacts/ 120673761,S3 Storage/
+.IP
+.nf
+\f[C]
+The ID for \[dq]S3 Storage\[dq] would be \[ga]120673761\[ga].
+
+
+### Standard options
+
+Here are the Standard options specific to filefabric (Enterprise File Fabric).
+
+#### --filefabric-url
+
 URL of the Enterprise File Fabric to connect to.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: url
-.IP \[bu] 2
-Env Var: RCLONE_FILEFABRIC_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]https://storagemadeeasy.com\[dq]
-.RS 2
-.IP \[bu] 2
-Storage Made Easy US
-.RE
-.IP \[bu] 2
-\[dq]https://eu.storagemadeeasy.com\[dq]
-.RS 2
-.IP \[bu] 2
-Storage Made Easy EU
-.RE
-.IP \[bu] 2
-\[dq]https://yourfabric.smestorage.com\[dq]
-.RS 2
-.IP \[bu] 2
-Connect to your Enterprise File Fabric
-.RE
-.RE
-.SS --filefabric-root-folder-id
-.PP
+
+- Config:      url
+- Env Var:     RCLONE_FILEFABRIC_URL
+- Type:        string
+- Required:    true
+- Examples:
+    - \[dq]https://storagemadeeasy.com\[dq]
+        - Storage Made Easy US
+    - \[dq]https://eu.storagemadeeasy.com\[dq]
+        - Storage Made Easy EU
+    - \[dq]https://yourfabric.smestorage.com\[dq]
+        - Connect to your Enterprise File Fabric
+
+#### --filefabric-root-folder-id
+
 ID of the root folder.
-.PP
+
 Leave blank normally.
-.PP
+
 Fill in to make rclone start with directory of a given ID.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: root_folder_id
-.IP \[bu] 2
-Env Var: RCLONE_FILEFABRIC_ROOT_FOLDER_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --filefabric-permanent-token
-.PP
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_FILEFABRIC_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --filefabric-permanent-token
+
 Permanent Authentication Token.
-.PP
+
 A Permanent Authentication Token can be created in the Enterprise File
 Fabric, on the users Dashboard under Security, there is an entry
-you\[aq]ll see called \[dq]My Authentication Tokens\[dq].
-Click the Manage button to create one.
-.PP
+you\[aq]ll see called \[dq]My Authentication Tokens\[dq]. Click the Manage button
+to create one.
+
 These tokens are normally valid for several years.
-.PP
-For more info see:
-https://docs.storagemadeeasy.com/organisationcloud/api-tokens
-.PP
+
+For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
+
+
 Properties:
-.IP \[bu] 2
-Config: permanent_token
-.IP \[bu] 2
-Env Var: RCLONE_FILEFABRIC_PERMANENT_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
-Here are the Advanced options specific to filefabric (Enterprise File
-Fabric).
-.SS --filefabric-token
-.PP
+
+- Config:      permanent_token
+- Env Var:     RCLONE_FILEFABRIC_PERMANENT_TOKEN
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to filefabric (Enterprise File Fabric).
+
+#### --filefabric-token
+
 Session Token.
-.PP
-This is a session token which rclone caches in the config file.
-It is usually valid for 1 hour.
-.PP
+
+This is a session token which rclone caches in the config file. It is
+usually valid for 1 hour.
+
 Don\[aq]t set this value - rclone will set it automatically.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_FILEFABRIC_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --filefabric-token-expiry
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_FILEFABRIC_TOKEN
+- Type:        string
+- Required:    false
+
+#### --filefabric-token-expiry
+
 Token expiry time.
-.PP
+
 Don\[aq]t set this value - rclone will set it automatically.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: token_expiry
-.IP \[bu] 2
-Env Var: RCLONE_FILEFABRIC_TOKEN_EXPIRY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --filefabric-version
-.PP
+
+- Config:      token_expiry
+- Env Var:     RCLONE_FILEFABRIC_TOKEN_EXPIRY
+- Type:        string
+- Required:    false
+
+#### --filefabric-version
+
 Version read from the file fabric.
-.PP
+
 Don\[aq]t set this value - rclone will set it automatically.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: version
-.IP \[bu] 2
-Env Var: RCLONE_FILEFABRIC_VERSION
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --filefabric-encoding
-.PP
+
+- Config:      version
+- Env Var:     RCLONE_FILEFABRIC_VERSION
+- Type:        string
+- Required:    false
+
+#### --filefabric-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_FILEFABRIC_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,Del,Ctl,InvalidUtf8,Dot
-.SH FTP
-.PP
-FTP is the File Transfer Protocol.
-Rclone FTP support is provided using the
-github.com/jlaffaye/ftp (https://godoc.org/github.com/jlaffaye/ftp)
+
+- Config:      encoding
+- Env Var:     RCLONE_FILEFABRIC_ENCODING
+- Type:        Encoding
+- Default:     Slash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+#  FTP
+
+FTP is the File Transfer Protocol. Rclone FTP support is provided using the
+[github.com/jlaffaye/ftp](https://godoc.org/github.com/jlaffaye/ftp)
 package.
-.PP
-Limitations of Rclone\[aq]s FTP backend
-.PP
-Paths are specified as \f[C]remote:path\f[R].
-If the path does not begin with a \f[C]/\f[R] it is relative to the home
-directory of the user.
-An empty path \f[C]remote:\f[R] refers to the user\[aq]s home directory.
-.SS Configuration
-.PP
-To create an FTP configuration named \f[C]remote\f[R], run
-.IP
-.nf
-\f[C]
-rclone config
-\f[R]
-.fi
-.PP
-Rclone config guides you through an interactive setup process.
-A minimal rclone FTP remote definition only requires host, username and
-password.
-For an anonymous FTP server, see below.
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / FTP
-   \[rs] \[dq]ftp\[dq]
-[snip]
-Storage> ftp
-** See help for ftp backend at: https://rclone.org/ftp/ **
 
-FTP host to connect to
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / Connect to ftp.example.com
-   \[rs] \[dq]ftp.example.com\[dq]
-host> ftp.example.com
-FTP username
-Enter a string value. Press Enter for the default (\[dq]$USER\[dq]).
-user> 
-FTP port number
-Enter a signed integer. Press Enter for the default (21).
-port> 
-FTP password
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Use FTP over TLS (Implicit)
-Enter a boolean value (true or false). Press Enter for the default (\[dq]false\[dq]).
-tls> 
-Use FTP over TLS (Explicit)
-Enter a boolean value (true or false). Press Enter for the default (\[dq]false\[dq]).
-explicit_tls> 
-Remote config
---------------------
-[remote]
-type = ftp
-host = ftp.example.com
-pass = *** ENCRYPTED ***
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-To see all directories in the home directory of \f[C]remote\f[R]
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
-Make a new directory
-.IP
-.nf
-\f[C]
-rclone mkdir remote:path/to/directory
-\f[R]
-.fi
-.PP
-List the contents of a directory
-.IP
-.nf
-\f[C]
-rclone ls remote:path/to/directory
-\f[R]
-.fi
-.PP
-Sync \f[C]/home/local/directory\f[R] to the remote directory, deleting
-any excess files in the directory.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory remote:directory
-\f[R]
-.fi
-.SS Anonymous FTP
-.PP
-When connecting to a FTP server that allows anonymous login, you can use
-the special \[dq]anonymous\[dq] username.
-Traditionally, this user account accepts any string as a password,
-although it is common to use either the password \[dq]anonymous\[dq] or
-\[dq]guest\[dq].
-Some servers require the use of a valid e-mail address as password.
-.PP
-Using on-the-fly or connection
-string (https://rclone.org/docs/#connection-strings) remotes makes it
-easy to access such servers, without requiring any configuration in
-advance.
-The following are examples of that:
-.IP
-.nf
-\f[C]
-rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
-rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):
+[Limitations of Rclone\[aq]s FTP backend](#limitations)
+
+Paths are specified as \[ga]remote:path\[ga]. If the path does not begin with
+a \[ga]/\[ga] it is relative to the home directory of the user.  An empty path
+\[ga]remote:\[ga] refers to the user\[aq]s home directory.
+
+## Configuration
+
+To create an FTP configuration named \[ga]remote\[ga], run
+
+    rclone config
+
+Rclone config guides you through an interactive setup process. A minimal
+rclone FTP remote definition only requires host, username and password.
+For an anonymous FTP server, see [below](#anonymous-ftp).
 \f[R]
 .fi
 .PP
-The above examples work in Linux shells and in PowerShell, but not
-Windows Command Prompt.
-They execute the rclone
-obscure (https://rclone.org/commands/rclone_obscure/) command to create
-a password string in the format required by the pass option.
-The following examples are exactly the same, except use an already
-obscured string representation of the same password \[dq]dummy\[dq], and
+No remotes found, make a new one?
+n) New remote r) Rename remote c) Copy remote s) Set configuration
+password q) Quit config n/r/c/s/q> n name> remote Type of storage to
+configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX / FTP
+\ \[dq]ftp\[dq] [snip] Storage> ftp ** See help for ftp backend at:
+https://rclone.org/ftp/ **
+.PP
+FTP host to connect to Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / Connect to
+ftp.example.com \ \[dq]ftp.example.com\[dq] host> ftp.example.com FTP
+username Enter a string value.
+Press Enter for the default (\[dq]$USER\[dq]).
+user> FTP port number Enter a signed integer.
+Press Enter for the default (21).
+port> FTP password y) Yes type in my own password g) Generate random
+password y/g> y Enter the password: password: Confirm the password:
+password: Use FTP over TLS (Implicit) Enter a boolean value (true or
+false).
+Press Enter for the default (\[dq]false\[dq]).
+tls> Use FTP over TLS (Explicit) Enter a boolean value (true or false).
+Press Enter for the default (\[dq]false\[dq]).
+explicit_tls> Remote config -------------------- [remote] type = ftp
+host = ftp.example.com pass = *** ENCRYPTED *** -------------------- y)
+Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y
+.IP
+.nf
+\f[C]
+To see all directories in the home directory of \[ga]remote\[ga]
+
+    rclone lsd remote:
+
+Make a new directory
+
+    rclone mkdir remote:path/to/directory
+
+List the contents of a directory
+
+    rclone ls remote:path/to/directory
+
+Sync \[ga]/home/local/directory\[ga] to the remote directory, deleting any
+excess files in the directory.
+
+    rclone sync --interactive /home/local/directory remote:directory
+
+### Anonymous FTP
+
+When connecting to a FTP server that allows anonymous login, you can use the
+special \[dq]anonymous\[dq] username. Traditionally, this user account accepts any
+string as a password, although it is common to use either the password
+\[dq]anonymous\[dq] or \[dq]guest\[dq]. Some servers require the use of a valid e-mail
+address as password.
+
+Using [on-the-fly](#backend-path-to-dir) or
+[connection string](https://rclone.org/docs/#connection-strings) remotes makes it easy to access
+such servers, without requiring any configuration in advance. The following
+are examples of that:
+
+    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=$(rclone obscure dummy)
+    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=$(rclone obscure dummy):
+
+The above examples work in Linux shells and in PowerShell, but not Windows
+Command Prompt. They execute the [rclone obscure](https://rclone.org/commands/rclone_obscure/)
+command to create a password string in the format required by the
+[pass](#ftp-pass) option. The following examples are exactly the same, except use
+an already obscured string representation of the same password \[dq]dummy\[dq], and
 therefore works even in Windows Command Prompt:
-.IP
-.nf
-\f[C]
-rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
-rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:
-\f[R]
-.fi
-.SS Implicit TLS
-.PP
-Rlone FTP supports implicit FTP over TLS servers (FTPS).
-This has to be enabled in the FTP backend config for the remote, or with
-\f[C]--ftp-tls\f[R].
-The default FTPS port is \f[C]990\f[R], not \f[C]21\f[R] and can be set
-with \f[C]--ftp-port\f[R].
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-File names cannot end with the following characters.
-Replacement is limited to the last character in a file name:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-SP
-T}@T{
-0x20
-T}@T{
-\[u2420]
-T}
-.TE
-.PP
+
+    rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM
+    rclone lsf :ftp,host=speedtest.tele2.net,user=anonymous,pass=IXs2wc8OJOz7SYLBk47Ji1rHTmxM:
+
+### Implicit TLS
+
+Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to
+be enabled in the FTP backend config for the remote, or with
+[\[ga]--ftp-tls\[ga]](#ftp-tls). The default FTPS port is \[ga]990\[ga], not \[ga]21\[ga] and
+can be set with [\[ga]--ftp-port\[ga]](#ftp-port).
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+File names cannot end with the following characters. Replacement is
+limited to the last character in a file name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | \[u2420]           |
+
 Not all FTP servers can have all characters in file names, for example:
-.PP
-.TS
-tab(@);
-l c.
-T{
-FTP Server
-T}@T{
-Forbidden characters
-T}
-_
-T{
-proftpd
-T}@T{
-\f[C]*\f[R]
-T}
-T{
-pureftpd
-T}@T{
-\f[C]\[rs] [ ]\f[R]
-T}
-.TE
-.PP
-This backend\[aq]s interactive configuration wizard provides a selection
-of sensible encoding settings for major FTP servers: ProFTPd, PureFTPd,
-VsFTPd.
+
+| FTP Server| Forbidden characters |
+| --------- |:--------------------:|
+| proftpd   | \[ga]*\[ga]                  |
+| pureftpd  | \[ga]\[rs] [ ]\[ga]              |
+
+This backend\[aq]s interactive configuration wizard provides a selection of
+sensible encoding settings for major FTP servers: ProFTPd, PureFTPd, VsFTPd.
 Just hit a selection number when prompted.
-.SS Standard options
-.PP
+
+
+### Standard options
+
 Here are the Standard options specific to ftp (FTP).
-.SS --ftp-host
-.PP
+
+#### --ftp-host
+
 FTP host to connect to.
-.PP
-E.g.
-\[dq]ftp.example.com\[dq].
-.PP
+
+E.g. \[dq]ftp.example.com\[dq].
+
 Properties:
-.IP \[bu] 2
-Config: host
-.IP \[bu] 2
-Env Var: RCLONE_FTP_HOST
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --ftp-user
-.PP
+
+- Config:      host
+- Env Var:     RCLONE_FTP_HOST
+- Type:        string
+- Required:    true
+
+#### --ftp-user
+
 FTP username.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: user
-.IP \[bu] 2
-Env Var: RCLONE_FTP_USER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]$USER\[dq]
-.SS --ftp-port
-.PP
+
+- Config:      user
+- Env Var:     RCLONE_FTP_USER
+- Type:        string
+- Default:     \[dq]$USER\[dq]
+
+#### --ftp-port
+
 FTP port number.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: port
-.IP \[bu] 2
-Env Var: RCLONE_FTP_PORT
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 21
-.SS --ftp-pass
-.PP
+
+- Config:      port
+- Env Var:     RCLONE_FTP_PORT
+- Type:        int
+- Default:     21
+
+#### --ftp-pass
+
 FTP password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: pass
-.IP \[bu] 2
-Env Var: RCLONE_FTP_PASS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --ftp-tls
-.PP
+
+- Config:      pass
+- Env Var:     RCLONE_FTP_PASS
+- Type:        string
+- Required:    false
+
+#### --ftp-tls
+
 Use Implicit FTPS (FTP over TLS).
-.PP
-When using implicit FTP over TLS the client connects using TLS right
-from the start which breaks compatibility with non-TLS-aware servers.
-This is usually served over port 990 rather than port 21.
-Cannot be used in combination with explicit FTPS.
-.PP
+
+When using implicit FTP over TLS the client connects using TLS
+right from the start which breaks compatibility with
+non-TLS-aware servers. This is usually served over port 990 rather
+than port 21. Cannot be used in combination with explicit FTPS.
+
 Properties:
-.IP \[bu] 2
-Config: tls
-.IP \[bu] 2
-Env Var: RCLONE_FTP_TLS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-explicit-tls
-.PP
+
+- Config:      tls
+- Env Var:     RCLONE_FTP_TLS
+- Type:        bool
+- Default:     false
+
+#### --ftp-explicit-tls
+
 Use Explicit FTPS (FTP over TLS).
-.PP
-When using explicit FTP over TLS the client explicitly requests security
-from the server in order to upgrade a plain text connection to an
-encrypted one.
-Cannot be used in combination with implicit FTPS.
-.PP
+
+When using explicit FTP over TLS the client explicitly requests
+security from the server in order to upgrade a plain text connection
+to an encrypted one. Cannot be used in combination with implicit FTPS.
+
 Properties:
-.IP \[bu] 2
-Config: explicit_tls
-.IP \[bu] 2
-Env Var: RCLONE_FTP_EXPLICIT_TLS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS Advanced options
-.PP
+
+- Config:      explicit_tls
+- Env Var:     RCLONE_FTP_EXPLICIT_TLS
+- Type:        bool
+- Default:     false
+
+### Advanced options
+
 Here are the Advanced options specific to ftp (FTP).
-.SS --ftp-concurrency
-.PP
+
+#### --ftp-concurrency
+
 Maximum number of FTP simultaneous connections, 0 for unlimited.
-.PP
-Note that setting this is very likely to cause deadlocks so it should be
-used with care.
-.PP
+
+Note that setting this is very likely to cause deadlocks so it should
+be used with care.
+
 If you are doing a sync or copy then make sure concurrency is one more
-than the sum of \f[C]--transfers\f[R] and \f[C]--checkers\f[R].
-.PP
-If you use \f[C]--check-first\f[R] then it just needs to be one more
-than the maximum of \f[C]--checkers\f[R] and \f[C]--transfers\f[R].
-.PP
-So for \f[C]concurrency 3\f[R] you\[aq]d use
-\f[C]--checkers 2 --transfers 2 --check-first\f[R] or
-\f[C]--checkers 1 --transfers 1\f[R].
-.PP
+than the sum of \[ga]--transfers\[ga] and \[ga]--checkers\[ga].
+
+If you use \[ga]--check-first\[ga] then it just needs to be one more than the
+maximum of \[ga]--checkers\[ga] and \[ga]--transfers\[ga].
+
+So for \[ga]concurrency 3\[ga] you\[aq]d use \[ga]--checkers 2 --transfers 2
+--check-first\[ga] or \[ga]--checkers 1 --transfers 1\[ga].
+
+
+
 Properties:
-.IP \[bu] 2
-Config: concurrency
-.IP \[bu] 2
-Env Var: RCLONE_FTP_CONCURRENCY
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 0
-.SS --ftp-no-check-certificate
-.PP
+
+- Config:      concurrency
+- Env Var:     RCLONE_FTP_CONCURRENCY
+- Type:        int
+- Default:     0
+
+#### --ftp-no-check-certificate
+
 Do not verify the TLS certificate of the server.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: no_check_certificate
-.IP \[bu] 2
-Env Var: RCLONE_FTP_NO_CHECK_CERTIFICATE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-disable-epsv
-.PP
+
+- Config:      no_check_certificate
+- Env Var:     RCLONE_FTP_NO_CHECK_CERTIFICATE
+- Type:        bool
+- Default:     false
+
+#### --ftp-disable-epsv
+
 Disable using EPSV even if server advertises support.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: disable_epsv
-.IP \[bu] 2
-Env Var: RCLONE_FTP_DISABLE_EPSV
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-disable-mlsd
-.PP
+
+- Config:      disable_epsv
+- Env Var:     RCLONE_FTP_DISABLE_EPSV
+- Type:        bool
+- Default:     false
+
+#### --ftp-disable-mlsd
+
 Disable using MLSD even if server advertises support.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: disable_mlsd
-.IP \[bu] 2
-Env Var: RCLONE_FTP_DISABLE_MLSD
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-disable-utf8
-.PP
+
+- Config:      disable_mlsd
+- Env Var:     RCLONE_FTP_DISABLE_MLSD
+- Type:        bool
+- Default:     false
+
+#### --ftp-disable-utf8
+
 Disable using UTF-8 even if server advertises support.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: disable_utf8
-.IP \[bu] 2
-Env Var: RCLONE_FTP_DISABLE_UTF8
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-writing-mdtm
-.PP
+
+- Config:      disable_utf8
+- Env Var:     RCLONE_FTP_DISABLE_UTF8
+- Type:        bool
+- Default:     false
+
+#### --ftp-writing-mdtm
+
 Use MDTM to set modification time (VsFtpd quirk)
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: writing_mdtm
-.IP \[bu] 2
-Env Var: RCLONE_FTP_WRITING_MDTM
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-force-list-hidden
-.PP
-Use LIST -a to force listing of hidden files and folders.
-This will disable the use of MLSD.
-.PP
+
+- Config:      writing_mdtm
+- Env Var:     RCLONE_FTP_WRITING_MDTM
+- Type:        bool
+- Default:     false
+
+#### --ftp-force-list-hidden
+
+Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD.
+
 Properties:
-.IP \[bu] 2
-Config: force_list_hidden
-.IP \[bu] 2
-Env Var: RCLONE_FTP_FORCE_LIST_HIDDEN
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-idle-timeout
-.PP
+
+- Config:      force_list_hidden
+- Env Var:     RCLONE_FTP_FORCE_LIST_HIDDEN
+- Type:        bool
+- Default:     false
+
+#### --ftp-idle-timeout
+
 Max time before closing idle connections.
-.PP
+
 If no connections have been returned to the connection pool in the time
 given, rclone will empty the connection pool.
-.PP
+
 Set to 0 to keep connections indefinitely.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: idle_timeout
-.IP \[bu] 2
-Env Var: RCLONE_FTP_IDLE_TIMEOUT
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1m0s
-.SS --ftp-close-timeout
-.PP
+
+- Config:      idle_timeout
+- Env Var:     RCLONE_FTP_IDLE_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --ftp-close-timeout
+
 Maximum time to wait for a response to close.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: close_timeout
-.IP \[bu] 2
-Env Var: RCLONE_FTP_CLOSE_TIMEOUT
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1m0s
-.SS --ftp-tls-cache-size
-.PP
+
+- Config:      close_timeout
+- Env Var:     RCLONE_FTP_CLOSE_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --ftp-tls-cache-size
+
 Size of TLS session cache for all control and data connections.
-.PP
-TLS cache allows to resume TLS sessions and reuse PSK between
-connections.
-Increase if default size is not enough resulting in TLS resumption
-errors.
-Enabled by default.
-Use 0 to disable.
-.PP
+
+TLS cache allows to resume TLS sessions and reuse PSK between connections.
+Increase if default size is not enough resulting in TLS resumption errors.
+Enabled by default. Use 0 to disable.
+
 Properties:
-.IP \[bu] 2
-Config: tls_cache_size
-.IP \[bu] 2
-Env Var: RCLONE_FTP_TLS_CACHE_SIZE
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 32
-.SS --ftp-disable-tls13
-.PP
+
+- Config:      tls_cache_size
+- Env Var:     RCLONE_FTP_TLS_CACHE_SIZE
+- Type:        int
+- Default:     32
+
+#### --ftp-disable-tls13
+
 Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: disable_tls13
-.IP \[bu] 2
-Env Var: RCLONE_FTP_DISABLE_TLS13
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-shut-timeout
-.PP
+
+- Config:      disable_tls13
+- Env Var:     RCLONE_FTP_DISABLE_TLS13
+- Type:        bool
+- Default:     false
+
+#### --ftp-shut-timeout
+
 Maximum time to wait for data connection closing status.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: shut_timeout
-.IP \[bu] 2
-Env Var: RCLONE_FTP_SHUT_TIMEOUT
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1m0s
-.SS --ftp-ask-password
-.PP
+
+- Config:      shut_timeout
+- Env Var:     RCLONE_FTP_SHUT_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --ftp-ask-password
+
 Allow asking for FTP password when needed.
-.PP
-If this is set and no password is supplied then rclone will ask for a
-password
-.PP
+
+If this is set and no password is supplied then rclone will ask for a password
+
+
 Properties:
-.IP \[bu] 2
-Config: ask_password
-.IP \[bu] 2
-Env Var: RCLONE_FTP_ASK_PASSWORD
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --ftp-encoding
-.PP
+
+- Config:      ask_password
+- Env Var:     RCLONE_FTP_ASK_PASSWORD
+- Type:        bool
+- Default:     false
+
+#### --ftp-socks-proxy
+
+Socks 5 proxy host.
+        
+        Supports the format user:pass\[at]host:port, user\[at]host:port, host:port.
+        
+        Example:
+        
+            myUser:myPass\[at]localhost:9005
+        
+
+Properties:
+
+- Config:      socks_proxy
+- Env Var:     RCLONE_FTP_SOCKS_PROXY
+- Type:        string
+- Required:    false
+
+#### --ftp-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_FTP_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,Del,Ctl,RightSpace,Dot
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]Asterisk,Ctl,Dot,Slash\[dq]
-.RS 2
-.IP \[bu] 2
-ProFTPd can\[aq]t handle \[aq]*\[aq] in file names
-.RE
-.IP \[bu] 2
-\[dq]BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket\[dq]
-.RS 2
-.IP \[bu] 2
-PureFTPd can\[aq]t handle \[aq][]\[aq] or \[aq]*\[aq] in file names
-.RE
-.IP \[bu] 2
-\[dq]Ctl,LeftPeriod,Slash\[dq]
-.RS 2
-.IP \[bu] 2
-VsFTPd can\[aq]t handle file names starting with dot
-.RE
-.RE
-.SS Limitations
-.PP
-FTP servers acting as rclone remotes must support \f[C]passive\f[R]
-mode.
-The mode cannot be configured as \f[C]passive\f[R] is the only supported
-one.
-Rclone\[aq]s FTP implementation is not compatible with \f[C]active\f[R]
-mode as the library it uses doesn\[aq]t support
-it (https://github.com/jlaffaye/ftp/issues/29).
+
+- Config:      encoding
+- Env Var:     RCLONE_FTP_ENCODING
+- Type:        Encoding
+- Default:     Slash,Del,Ctl,RightSpace,Dot
+- Examples:
+    - \[dq]Asterisk,Ctl,Dot,Slash\[dq]
+        - ProFTPd can\[aq]t handle \[aq]*\[aq] in file names
+    - \[dq]BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket\[dq]
+        - PureFTPd can\[aq]t handle \[aq][]\[aq] or \[aq]*\[aq] in file names
+    - \[dq]Ctl,LeftPeriod,Slash\[dq]
+        - VsFTPd can\[aq]t handle file names starting with dot
+
+
+
+## Limitations
+
+FTP servers acting as rclone remotes must support \[ga]passive\[ga] mode.
+The mode cannot be configured as \[ga]passive\[ga] is the only supported one.
+Rclone\[aq]s FTP implementation is not compatible with \[ga]active\[ga] mode
+as [the library it uses doesn\[aq]t support it](https://github.com/jlaffaye/ftp/issues/29).
 This will likely never be supported due to security concerns.
-.PP
+
 Rclone\[aq]s FTP backend does not support any checksums but can compare
 file sizes.
-.PP
-\f[C]rclone about\f[R] is not supported by the FTP backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.PP
-The implementation of : \f[C]--dump headers\f[R],
-\f[C]--dump bodies\f[R], \f[C]--dump auth\f[R] for debugging isn\[aq]t
-the same as for rclone HTTP based backends - it has less fine grained
-control.
-.PP
-\f[C]--timeout\f[R] isn\[aq]t supported (but \f[C]--contimeout\f[R] is).
-.PP
-\f[C]--bind\f[R] isn\[aq]t supported.
-.PP
-Rclone\[aq]s FTP backend could support server-side move but does not at
-present.
-.PP
-The \f[C]ftp_proxy\f[R] environment variable is not currently supported.
-.SS Modified time
-.PP
-File modification time (timestamps) is supported to 1 second resolution
-for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP
-server.
-The \f[C]VsFTPd\f[R] server has non-standard implementation of time
-related protocol commands and needs a special configuration setting:
-\f[C]writing_mdtm = true\f[R].
-.PP
-Support for precise file time with other FTP servers varies depending on
-what protocol extensions they advertise.
-If all the \f[C]MLSD\f[R], \f[C]MDTM\f[R] and \f[C]MFTM\f[R] extensions
-are present, rclone will use them together to provide precise time.
-Otherwise the times you see on the FTP server through rclone are those
-of the last file upload.
-.PP
-You can use the following command to check whether rclone can use
-precise time with your FTP server:
-\f[C]rclone backend features your_ftp_remote:\f[R] (the trailing colon
-is important).
-Look for the number in the line tagged by \f[C]Precision\f[R]
-designating the remote time precision expressed as nanoseconds.
-A value of \f[C]1000000000\f[R] means that file time precision of 1
-second is available.
-A value of \f[C]3153600000000000000\f[R] (or another large number) means
-\[dq]unsupported\[dq].
-.SH Google Cloud Storage
-.PP
-Paths are specified as \f[C]remote:bucket\f[R] (or \f[C]remote:\f[R] for
-the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:bucket/path/to/dir\f[R].
-.SS Configuration
-.PP
-The initial setup for google cloud storage involves getting a token from
-Google Cloud Storage which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Cloud Storage (this is not Google Drive)
-   \[rs] \[dq]google cloud storage\[dq]
-[snip]
-Storage> google cloud storage
-Google Application Client Id - leave blank normally.
-client_id>
-Google Application Client Secret - leave blank normally.
-client_secret>
-Project number optional - needed only for list/create/delete buckets - see your developer console.
-project_number> 12345678
-Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-service_account_file>
-Access Control List for new objects.
-Choose a number from below, or type in your own value
- 1 / Object owner gets OWNER access, and all Authenticated Users get READER access.
-   \[rs] \[dq]authenticatedRead\[dq]
- 2 / Object owner gets OWNER access, and project team owners get OWNER access.
-   \[rs] \[dq]bucketOwnerFullControl\[dq]
- 3 / Object owner gets OWNER access, and project team owners get READER access.
-   \[rs] \[dq]bucketOwnerRead\[dq]
- 4 / Object owner gets OWNER access [default if left blank].
-   \[rs] \[dq]private\[dq]
- 5 / Object owner gets OWNER access, and project team members get access according to their roles.
-   \[rs] \[dq]projectPrivate\[dq]
- 6 / Object owner gets OWNER access, and all Users get READER access.
-   \[rs] \[dq]publicRead\[dq]
-object_acl> 4
-Access Control List for new buckets.
-Choose a number from below, or type in your own value
- 1 / Project team owners get OWNER access, and all Authenticated Users get READER access.
-   \[rs] \[dq]authenticatedRead\[dq]
- 2 / Project team owners get OWNER access [default if left blank].
-   \[rs] \[dq]private\[dq]
- 3 / Project team members get access according to their roles.
-   \[rs] \[dq]projectPrivate\[dq]
- 4 / Project team owners get OWNER access, and all Users get READER access.
-   \[rs] \[dq]publicRead\[dq]
- 5 / Project team owners get OWNER access, and all Users get WRITER access.
-   \[rs] \[dq]publicReadWrite\[dq]
-bucket_acl> 2
-Location for the newly created buckets.
-Choose a number from below, or type in your own value
- 1 / Empty for default location (US).
-   \[rs] \[dq]\[dq]
- 2 / Multi-regional location for Asia.
-   \[rs] \[dq]asia\[dq]
- 3 / Multi-regional location for Europe.
-   \[rs] \[dq]eu\[dq]
- 4 / Multi-regional location for United States.
-   \[rs] \[dq]us\[dq]
- 5 / Taiwan.
-   \[rs] \[dq]asia-east1\[dq]
- 6 / Tokyo.
-   \[rs] \[dq]asia-northeast1\[dq]
- 7 / Singapore.
-   \[rs] \[dq]asia-southeast1\[dq]
- 8 / Sydney.
-   \[rs] \[dq]australia-southeast1\[dq]
- 9 / Belgium.
-   \[rs] \[dq]europe-west1\[dq]
-10 / London.
-   \[rs] \[dq]europe-west2\[dq]
-11 / Iowa.
-   \[rs] \[dq]us-central1\[dq]
-12 / South Carolina.
-   \[rs] \[dq]us-east1\[dq]
-13 / Northern Virginia.
-   \[rs] \[dq]us-east4\[dq]
-14 / Oregon.
-   \[rs] \[dq]us-west1\[dq]
-location> 12
-The storage class to use when storing objects in Google Cloud Storage.
-Choose a number from below, or type in your own value
- 1 / Default
-   \[rs] \[dq]\[dq]
- 2 / Multi-regional storage class
-   \[rs] \[dq]MULTI_REGIONAL\[dq]
- 3 / Regional storage class
-   \[rs] \[dq]REGIONAL\[dq]
- 4 / Nearline storage class
-   \[rs] \[dq]NEARLINE\[dq]
- 5 / Coldline storage class
-   \[rs] \[dq]COLDLINE\[dq]
- 6 / Durable reduced availability storage class
-   \[rs] \[dq]DURABLE_REDUCED_AVAILABILITY\[dq]
-storage_class> 5
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = google cloud storage
-client_id =
-client_secret =
-token = {\[dq]AccessToken\[dq]:\[dq]xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]RefreshToken\[dq]:\[dq]x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx\[dq],\[dq]Expiry\[dq]:\[dq]2014-07-17T20:49:14.929208288+01:00\[dq],\[dq]Extra\[dq]:null}
-project_number = 12345678
-object_acl = private
-bucket_acl = private
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically
-authenticate.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall, or use
-manual mode.
-.PP
-This remote is called \f[C]remote\f[R] and can now be used like this
-.PP
-See all the buckets in your project
-.IP
-.nf
-\f[C]
-rclone lsd remote:
+
+\[ga]rclone about\[ga] is not supported by the FTP backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+The implementation of : \[ga]--dump headers\[ga],
+\[ga]--dump bodies\[ga], \[ga]--dump auth\[ga] for debugging isn\[aq]t the same as
+for rclone HTTP based backends - it has less fine grained control.
+
+\[ga]--timeout\[ga] isn\[aq]t supported (but \[ga]--contimeout\[ga] is).
+
+\[ga]--bind\[ga] isn\[aq]t supported.
+
+Rclone\[aq]s FTP backend could support server-side move but does not
+at present.
+
+The \[ga]ftp_proxy\[ga] environment variable is not currently supported.
+
+### Modification times
+
+File modification time (timestamps) is supported to 1 second resolution
+for major FTP servers: ProFTPd, PureFTPd, VsFTPd, and FileZilla FTP server.
+The \[ga]VsFTPd\[ga] server has non-standard implementation of time related protocol
+commands and needs a special configuration setting: \[ga]writing_mdtm = true\[ga].
+
+Support for precise file time with other FTP servers varies depending on what
+protocol extensions they advertise. If all the \[ga]MLSD\[ga], \[ga]MDTM\[ga] and \[ga]MFTM\[ga]
+extensions are present, rclone will use them together to provide precise time.
+Otherwise the times you see on the FTP server through rclone are those of the
+last file upload.
+
+You can use the following command to check whether rclone can use precise time
+with your FTP server: \[ga]rclone backend features your_ftp_remote:\[ga] (the trailing
+colon is important). Look for the number in the line tagged by \[ga]Precision\[ga]
+designating the remote time precision expressed as nanoseconds. A value of
+\[ga]1000000000\[ga] means that file time precision of 1 second is available.
+A value of \[ga]3153600000000000000\[ga] (or another large number) means \[dq]unsupported\[dq].
+
+#  Google Cloud Storage
+
+Paths are specified as \[ga]remote:bucket\[ga] (or \[ga]remote:\[ga] for the \[ga]lsd\[ga]
+command.)  You may put subdirectories in too, e.g. \[ga]remote:bucket/path/to/dir\[ga].
+
+## Configuration
+
+The initial setup for google cloud storage involves getting a token from Google Cloud Storage
+which you need to do in your browser.  \[ga]rclone config\[ga] walks you
+through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
-.PP
-Make a new bucket
+.IP "n)" 3
+New remote
+.IP "o)" 3
+Delete remote
+.IP "p)" 3
+Quit config e/n/d/q> n name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / Google
+Cloud Storage (this is not Google Drive) \ \[dq]google cloud
+storage\[dq] [snip] Storage> google cloud storage Google Application
+Client Id - leave blank normally.
+client_id> Google Application Client Secret - leave blank normally.
+client_secret> Project number optional - needed only for
+list/create/delete buckets - see your developer console.
+project_number> 12345678 Service Account Credentials JSON file path -
+needed only if you want use SA instead of interactive login.
+service_account_file> Access Control List for new objects.
+Choose a number from below, or type in your own value 1 / Object owner
+gets OWNER access, and all Authenticated Users get READER access.
+\ \[dq]authenticatedRead\[dq] 2 / Object owner gets OWNER access, and
+project team owners get OWNER access.
+\ \[dq]bucketOwnerFullControl\[dq] 3 / Object owner gets OWNER access,
+and project team owners get READER access.
+\ \[dq]bucketOwnerRead\[dq] 4 / Object owner gets OWNER access [default
+if left blank].
+\ \[dq]private\[dq] 5 / Object owner gets OWNER access, and project team
+members get access according to their roles.
+\ \[dq]projectPrivate\[dq] 6 / Object owner gets OWNER access, and all
+Users get READER access.
+\ \[dq]publicRead\[dq] object_acl> 4 Access Control List for new
+buckets.
+Choose a number from below, or type in your own value 1 / Project team
+owners get OWNER access, and all Authenticated Users get READER access.
+\ \[dq]authenticatedRead\[dq] 2 / Project team owners get OWNER access
+[default if left blank].
+\ \[dq]private\[dq] 3 / Project team members get access according to
+their roles.
+\ \[dq]projectPrivate\[dq] 4 / Project team owners get OWNER access, and
+all Users get READER access.
+\ \[dq]publicRead\[dq] 5 / Project team owners get OWNER access, and all
+Users get WRITER access.
+\ \[dq]publicReadWrite\[dq] bucket_acl> 2 Location for the newly created
+buckets.
+Choose a number from below, or type in your own value 1 / Empty for
+default location (US).
+\ \[dq]\[dq] 2 / Multi-regional location for Asia.
+\ \[dq]asia\[dq] 3 / Multi-regional location for Europe.
+\ \[dq]eu\[dq] 4 / Multi-regional location for United States.
+\ \[dq]us\[dq] 5 / Taiwan.
+\ \[dq]asia-east1\[dq] 6 / Tokyo.
+\ \[dq]asia-northeast1\[dq] 7 / Singapore.
+\ \[dq]asia-southeast1\[dq] 8 / Sydney.
+\ \[dq]australia-southeast1\[dq] 9 / Belgium.
+\ \[dq]europe-west1\[dq] 10 / London.
+\ \[dq]europe-west2\[dq] 11 / Iowa.
+\ \[dq]us-central1\[dq] 12 / South Carolina.
+\ \[dq]us-east1\[dq] 13 / Northern Virginia.
+\ \[dq]us-east4\[dq] 14 / Oregon.
+\ \[dq]us-west1\[dq] location> 12 The storage class to use when storing
+objects in Google Cloud Storage.
+Choose a number from below, or type in your own value 1 / Default
+\ \[dq]\[dq] 2 / Multi-regional storage class \ \[dq]MULTI_REGIONAL\[dq]
+3 / Regional storage class \ \[dq]REGIONAL\[dq] 4 / Nearline storage
+class \ \[dq]NEARLINE\[dq] 5 / Coldline storage class
+\ \[dq]COLDLINE\[dq] 6 / Durable reduced availability storage class
+\ \[dq]DURABLE_REDUCED_AVAILABILITY\[dq] storage_class> 5 Remote config
+Use web browser to automatically authenticate rclone with remote?
+.IP \[bu] 2
+Say Y if the machine running rclone has a web browser you can use
+.IP \[bu] 2
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+.IP "y)" 3
+Yes
+.IP "z)" 3
+No y/n> y If your browser doesn\[aq]t open automatically go to the
+following link: http://127.0.0.1:53682/auth Log in and authorize rclone
+for access Waiting for code...
+Got code -------------------- [remote] type = google cloud storage
+client_id = client_secret = token =
+{\[dq]AccessToken\[dq]:\[dq]xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]RefreshToken\[dq]:\[dq]x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx\[dq],\[dq]Expiry\[dq]:\[dq]2014-07-17T20:49:14.929208288+01:00\[dq],\[dq]Extra\[dq]:null}
+project_number = 12345678 object_acl = private bucket_acl = private
+--------------------
+.IP "a)" 3
+Yes this is OK
+.IP "b)" 3
+Edit this remote
+.IP "c)" 3
+Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone mkdir remote:bucket
-\f[R]
-.fi
-.PP
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Google if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on \[ga]http://127.0.0.1:53682/\[ga] and this
+it may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
+This remote is called \[ga]remote\[ga] and can now be used like this
+
+See all the buckets in your project
+
+    rclone lsd remote:
+
+Make a new bucket
+
+    rclone mkdir remote:bucket
+
 List the contents of a bucket
-.IP
-.nf
-\f[C]
-rclone ls remote:bucket
-\f[R]
-.fi
-.PP
-Sync \f[C]/home/local/directory\f[R] to the remote bucket, deleting any
-excess files in the bucket.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory remote:bucket
-\f[R]
-.fi
-.SS Service Account support
-.PP
+
+    rclone ls remote:bucket
+
+Sync \[ga]/home/local/directory\[ga] to the remote bucket, deleting any excess
+files in the bucket.
+
+    rclone sync --interactive /home/local/directory remote:bucket
+
+### Service Account support
+
 You can set up rclone with Google Cloud Storage in an unattended mode,
-i.e.
-not tied to a specific end-user Google account.
-This is useful when you want to synchronise files onto machines that
-don\[aq]t have actively logged-in users, for example build machines.
-.PP
-To get credentials for Google Cloud Platform IAM Service
-Accounts (https://cloud.google.com/iam/docs/service-accounts), please
-head to the Service
-Account (https://console.cloud.google.com/permissions/serviceaccounts)
-section of the Google Developer Console.
-Service Accounts behave just like normal \f[C]User\f[R] permissions in
-Google Cloud Storage
-ACLs (https://cloud.google.com/storage/docs/access-control), so you can
-limit their access (e.g.
-make them read only).
-After creating an account, a JSON file containing the Service
-Account\[aq]s credentials will be downloaded onto your machines.
-These credentials are what rclone will use for authentication.
-.PP
-To use a Service Account instead of OAuth2 token flow, enter the path to
-your Service Account credentials at the \f[C]service_account_file\f[R]
-prompt and rclone won\[aq]t use the browser based authentication flow.
-If you\[aq]d rather stuff the contents of the credentials file into the
-rclone config file, you can set \f[C]service_account_credentials\f[R]
-with the actual contents of the file instead, or set the equivalent
+i.e. not tied to a specific end-user Google account. This is useful
+when you want to synchronise files onto machines that don\[aq]t have
+actively logged-in users, for example build machines.
+
+To get credentials for Google Cloud Platform
+[IAM Service Accounts](https://cloud.google.com/iam/docs/service-accounts),
+please head to the
+[Service Account](https://console.cloud.google.com/permissions/serviceaccounts)
+section of the Google Developer Console. Service Accounts behave just
+like normal \[ga]User\[ga] permissions in
+[Google Cloud Storage ACLs](https://cloud.google.com/storage/docs/access-control),
+so you can limit their access (e.g. make them read only). After
+creating an account, a JSON file containing the Service Account\[aq]s
+credentials will be downloaded onto your machines. These credentials
+are what rclone will use for authentication.
+
+To use a Service Account instead of OAuth2 token flow, enter the path
+to your Service Account credentials at the \[ga]service_account_file\[ga]
+prompt and rclone won\[aq]t use the browser based authentication
+flow. If you\[aq]d rather stuff the contents of the credentials file into
+the rclone config file, you can set \[ga]service_account_credentials\[ga] with
+the actual contents of the file instead, or set the equivalent
 environment variable.
-.SS Anonymous Access
-.PP
-For downloads of objects that permit public access you can configure
-rclone to use anonymous access by setting \f[C]anonymous\f[R] to
-\f[C]true\f[R].
-With unauthorized access you can\[aq]t write or create files but only
-read or list those buckets and objects that have public read access.
-.SS Application Default Credentials
-.PP
-If no other source of credentials is provided, rclone will fall back to
-Application Default
-Credentials (https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials)
-this is useful both when you already have configured authentication for
-your developer account, or in production when running on a google
-compute host.
-Note that if running in docker, you may need to run additional commands
-on your google compute machine - see this
-page (https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper).
-.PP
-Note that in the case application default credentials are used, there is
-no need to explicitly configure a project number.
-.SS --fast-list
-.PP
-This remote supports \f[C]--fast-list\f[R] which allows you to use fewer
-transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
-.SS Custom upload headers
-.PP
-You can set custom upload headers with the \f[C]--header-upload\f[R]
-flag.
-Google Cloud Storage supports the headers as described in the working
-with metadata
-documentation (https://cloud.google.com/storage/docs/gsutil/addlhelp/WorkingWithObjectMetadata)
-.IP \[bu] 2
-Cache-Control
-.IP \[bu] 2
-Content-Disposition
-.IP \[bu] 2
-Content-Encoding
-.IP \[bu] 2
-Content-Language
-.IP \[bu] 2
-Content-Type
-.IP \[bu] 2
-X-Goog-Storage-Class
-.IP \[bu] 2
-X-Goog-Meta-
-.PP
-Eg \f[C]--header-upload \[dq]Content-Type text/potato\[dq]\f[R]
-.PP
+
+### Anonymous Access
+
+For downloads of objects that permit public access you can configure rclone
+to use anonymous access by setting \[ga]anonymous\[ga] to \[ga]true\[ga].
+With unauthorized access you can\[aq]t write or create files but only read or list
+those buckets and objects that have public read access.
+
+### Application Default Credentials
+
+If no other source of credentials is provided, rclone will fall back
+to
+[Application Default Credentials](https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials)
+this is useful both when you already have configured authentication
+for your developer account, or in production when running on a google
+compute host. Note that if running in docker, you may need to run
+additional commands on your google compute machine -
+[see this page](https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper).
+
+Note that in the case application default credentials are used, there
+is no need to explicitly configure a project number.
+
+### --fast-list
+
+This remote supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Custom upload headers
+
+You can set custom upload headers with the \[ga]--header-upload\[ga]
+flag. Google Cloud Storage supports the headers as described in the
+[working with metadata documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WorkingWithObjectMetadata)
+
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+- X-Goog-Storage-Class
+- X-Goog-Meta-
+
+Eg \[ga]--header-upload \[dq]Content-Type text/potato\[dq]\[ga]
+
 Note that the last of these is for setting custom metadata in the form
-\f[C]--header-upload \[dq]x-goog-meta-key: value\[dq]\f[R]
-.SS Modification time
-.PP
+\[ga]--header-upload \[dq]x-goog-meta-key: value\[dq]\[ga]
+
+### Modification times
+
 Google Cloud Storage stores md5sum natively.
-Google\[aq]s gsutil (https://cloud.google.com/storage/docs/gsutil) tool
-stores modification time with one-second precision as
-\f[C]goog-reserved-file-mtime\f[R] in file metadata.
-.PP
-To ensure compatibility with gsutil, rclone stores modification time in
-2 separate metadata entries.
-\f[C]mtime\f[R] uses RFC3339 format with one-nanosecond precision.
-\f[C]goog-reserved-file-mtime\f[R] uses Unix timestamp format with
-one-second precision.
-To get modification time from object metadata, rclone reads the metadata
-in the following order: \f[C]mtime\f[R],
-\f[C]goog-reserved-file-mtime\f[R], object updated time.
-.PP
+Google\[aq]s [gsutil](https://cloud.google.com/storage/docs/gsutil) tool stores modification time
+with one-second precision as \[ga]goog-reserved-file-mtime\[ga] in file metadata.
+
+To ensure compatibility with gsutil, rclone stores modification time in 2 separate metadata entries.
+\[ga]mtime\[ga] uses RFC3339 format with one-nanosecond precision.
+\[ga]goog-reserved-file-mtime\[ga] uses Unix timestamp format with one-second precision.
+To get modification time from object metadata, rclone reads the metadata in the following order: \[ga]mtime\[ga], \[ga]goog-reserved-file-mtime\[ga], object updated time.
+
 Note that rclone\[aq]s default modify window is 1ns.
-Files uploaded by gsutil only contain timestamps with one-second
-precision.
-If you use rclone to sync files previously uploaded by gsutil, rclone
-will attempt to update modification time for all these files.
-To avoid these possibly unnecessary updates, use
-\f[C]--modify-window 1s\f[R].
-.SS Restricted filename characters
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-NUL
-T}@T{
-0x00
-T}@T{
-\[u2400]
-T}
-T{
-LF
-T}@T{
-0x0A
-T}@T{
-\[u240A]
-T}
-T{
-CR
-T}@T{
-0x0D
-T}@T{
-\[u240D]
-T}
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
-Here are the Standard options specific to google cloud storage (Google
-Cloud Storage (this is not Google Drive)).
-.SS --gcs-client-id
-.PP
+Files uploaded by gsutil only contain timestamps with one-second precision.
+If you use rclone to sync files previously uploaded by gsutil,
+rclone will attempt to update modification time for all these files.
+To avoid these possibly unnecessary updates, use \[ga]--modify-window 1s\[ga].
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | \[u2400]           |
+| LF        | 0x0A  | \[u240A]           |
+| CR        | 0x0D  | \[u240D]           |
+| /         | 0x2F  | \[uFF0F]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
+
+#### --gcs-client-id
+
 OAuth Client Id.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_GCS_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_GCS_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --gcs-client-secret
+
 OAuth Client Secret.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_GCS_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-project-number
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_GCS_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --gcs-project-number
+
 Project number.
-.PP
-Optional - needed only for list/create/delete buckets - see your
-developer console.
-.PP
+
+Optional - needed only for list/create/delete buckets - see your developer console.
+
 Properties:
-.IP \[bu] 2
-Config: project_number
-.IP \[bu] 2
-Env Var: RCLONE_GCS_PROJECT_NUMBER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-service-account-file
-.PP
+
+- Config:      project_number
+- Env Var:     RCLONE_GCS_PROJECT_NUMBER
+- Type:        string
+- Required:    false
+
+#### --gcs-user-project
+
+User project.
+
+Optional - needed only for requester pays.
+
+Properties:
+
+- Config:      user_project
+- Env Var:     RCLONE_GCS_USER_PROJECT
+- Type:        string
+- Required:    false
+
+#### --gcs-service-account-file
+
 Service Account Credentials JSON file path.
-.PP
+
 Leave blank normally.
 Needed only if you want use SA instead of interactive login.
-.PP
-Leading \f[C]\[ti]\f[R] will be expanded in the file name as will
-environment variables such as \f[C]${RCLONE_CONFIG_DIR}\f[R].
-.PP
+
+Leading \[ga]\[ti]\[ga] will be expanded in the file name as will environment variables such as \[ga]${RCLONE_CONFIG_DIR}\[ga].
+
 Properties:
-.IP \[bu] 2
-Config: service_account_file
-.IP \[bu] 2
-Env Var: RCLONE_GCS_SERVICE_ACCOUNT_FILE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-service-account-credentials
-.PP
+
+- Config:      service_account_file
+- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_FILE
+- Type:        string
+- Required:    false
+
+#### --gcs-service-account-credentials
+
 Service Account Credentials JSON blob.
-.PP
+
 Leave blank normally.
 Needed only if you want use SA instead of interactive login.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: service_account_credentials
-.IP \[bu] 2
-Env Var: RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-anonymous
-.PP
+
+- Config:      service_account_credentials
+- Env Var:     RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
+- Type:        string
+- Required:    false
+
+#### --gcs-anonymous
+
 Access public buckets and objects without credentials.
-.PP
-Set to \[aq]true\[aq] if you just want to download files and don\[aq]t
-configure credentials.
-.PP
+
+Set to \[aq]true\[aq] if you just want to download files and don\[aq]t configure credentials.
+
 Properties:
-.IP \[bu] 2
-Config: anonymous
-.IP \[bu] 2
-Env Var: RCLONE_GCS_ANONYMOUS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --gcs-object-acl
-.PP
+
+- Config:      anonymous
+- Env Var:     RCLONE_GCS_ANONYMOUS
+- Type:        bool
+- Default:     false
+
+#### --gcs-object-acl
+
 Access Control List for new objects.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: object_acl
-.IP \[bu] 2
-Env Var: RCLONE_GCS_OBJECT_ACL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]authenticatedRead\[dq]
-.RS 2
-.IP \[bu] 2
-Object owner gets OWNER access.
-.IP \[bu] 2
-All Authenticated Users get READER access.
-.RE
-.IP \[bu] 2
-\[dq]bucketOwnerFullControl\[dq]
-.RS 2
-.IP \[bu] 2
-Object owner gets OWNER access.
-.IP \[bu] 2
-Project team owners get OWNER access.
-.RE
-.IP \[bu] 2
-\[dq]bucketOwnerRead\[dq]
-.RS 2
-.IP \[bu] 2
-Object owner gets OWNER access.
-.IP \[bu] 2
-Project team owners get READER access.
-.RE
-.IP \[bu] 2
-\[dq]private\[dq]
-.RS 2
-.IP \[bu] 2
-Object owner gets OWNER access.
-.IP \[bu] 2
-Default if left blank.
-.RE
-.IP \[bu] 2
-\[dq]projectPrivate\[dq]
-.RS 2
-.IP \[bu] 2
-Object owner gets OWNER access.
-.IP \[bu] 2
-Project team members get access according to their roles.
-.RE
-.IP \[bu] 2
-\[dq]publicRead\[dq]
-.RS 2
-.IP \[bu] 2
-Object owner gets OWNER access.
-.IP \[bu] 2
-All Users get READER access.
-.RE
-.RE
-.SS --gcs-bucket-acl
-.PP
+
+- Config:      object_acl
+- Env Var:     RCLONE_GCS_OBJECT_ACL
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]authenticatedRead\[dq]
+        - Object owner gets OWNER access.
+        - All Authenticated Users get READER access.
+    - \[dq]bucketOwnerFullControl\[dq]
+        - Object owner gets OWNER access.
+        - Project team owners get OWNER access.
+    - \[dq]bucketOwnerRead\[dq]
+        - Object owner gets OWNER access.
+        - Project team owners get READER access.
+    - \[dq]private\[dq]
+        - Object owner gets OWNER access.
+        - Default if left blank.
+    - \[dq]projectPrivate\[dq]
+        - Object owner gets OWNER access.
+        - Project team members get access according to their roles.
+    - \[dq]publicRead\[dq]
+        - Object owner gets OWNER access.
+        - All Users get READER access.
+
+#### --gcs-bucket-acl
+
 Access Control List for new buckets.
-.PP
-Properties:
-.IP \[bu] 2
-Config: bucket_acl
-.IP \[bu] 2
-Env Var: RCLONE_GCS_BUCKET_ACL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]authenticatedRead\[dq]
-.RS 2
-.IP \[bu] 2
-Project team owners get OWNER access.
-.IP \[bu] 2
-All Authenticated Users get READER access.
-.RE
-.IP \[bu] 2
-\[dq]private\[dq]
-.RS 2
-.IP \[bu] 2
-Project team owners get OWNER access.
-.IP \[bu] 2
-Default if left blank.
-.RE
-.IP \[bu] 2
-\[dq]projectPrivate\[dq]
-.RS 2
-.IP \[bu] 2
-Project team members get access according to their roles.
-.RE
-.IP \[bu] 2
-\[dq]publicRead\[dq]
-.RS 2
-.IP \[bu] 2
-Project team owners get OWNER access.
-.IP \[bu] 2
-All Users get READER access.
-.RE
-.IP \[bu] 2
-\[dq]publicReadWrite\[dq]
-.RS 2
-.IP \[bu] 2
-Project team owners get OWNER access.
-.IP \[bu] 2
-All Users get WRITER access.
-.RE
-.RE
-.SS --gcs-bucket-policy-only
-.PP
-Access checks should use bucket-level IAM policies.
-.PP
-If you want to upload objects to a bucket with Bucket Policy Only set
-then you will need to set this.
-.PP
-When it is set, rclone:
-.IP \[bu] 2
-ignores ACLs set on buckets
-.IP \[bu] 2
-ignores ACLs set on objects
-.IP \[bu] 2
-creates buckets with Bucket Policy Only set
-.PP
-Docs: https://cloud.google.com/storage/docs/bucket-policy-only
-.PP
-Properties:
-.IP \[bu] 2
-Config: bucket_policy_only
-.IP \[bu] 2
-Env Var: RCLONE_GCS_BUCKET_POLICY_ONLY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --gcs-location
-.PP
-Location for the newly created buckets.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: location
-.IP \[bu] 2
-Env Var: RCLONE_GCS_LOCATION
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Empty for default location (US)
-.RE
-.IP \[bu] 2
-\[dq]asia\[dq]
-.RS 2
-.IP \[bu] 2
-Multi-regional location for Asia
-.RE
-.IP \[bu] 2
-\[dq]eu\[dq]
-.RS 2
-.IP \[bu] 2
-Multi-regional location for Europe
-.RE
-.IP \[bu] 2
-\[dq]us\[dq]
-.RS 2
-.IP \[bu] 2
-Multi-regional location for United States
-.RE
-.IP \[bu] 2
-\[dq]asia-east1\[dq]
-.RS 2
-.IP \[bu] 2
-Taiwan
-.RE
-.IP \[bu] 2
-\[dq]asia-east2\[dq]
-.RS 2
-.IP \[bu] 2
-Hong Kong
-.RE
-.IP \[bu] 2
-\[dq]asia-northeast1\[dq]
-.RS 2
-.IP \[bu] 2
-Tokyo
-.RE
-.IP \[bu] 2
-\[dq]asia-northeast2\[dq]
-.RS 2
-.IP \[bu] 2
-Osaka
-.RE
-.IP \[bu] 2
-\[dq]asia-northeast3\[dq]
-.RS 2
-.IP \[bu] 2
-Seoul
-.RE
-.IP \[bu] 2
-\[dq]asia-south1\[dq]
-.RS 2
-.IP \[bu] 2
-Mumbai
-.RE
-.IP \[bu] 2
-\[dq]asia-south2\[dq]
-.RS 2
-.IP \[bu] 2
-Delhi
-.RE
-.IP \[bu] 2
-\[dq]asia-southeast1\[dq]
-.RS 2
-.IP \[bu] 2
-Singapore
-.RE
-.IP \[bu] 2
-\[dq]asia-southeast2\[dq]
-.RS 2
-.IP \[bu] 2
-Jakarta
-.RE
-.IP \[bu] 2
-\[dq]australia-southeast1\[dq]
-.RS 2
-.IP \[bu] 2
-Sydney
-.RE
-.IP \[bu] 2
-\[dq]australia-southeast2\[dq]
-.RS 2
-.IP \[bu] 2
-Melbourne
-.RE
-.IP \[bu] 2
-\[dq]europe-north1\[dq]
-.RS 2
-.IP \[bu] 2
-Finland
-.RE
-.IP \[bu] 2
-\[dq]europe-west1\[dq]
-.RS 2
-.IP \[bu] 2
-Belgium
-.RE
-.IP \[bu] 2
-\[dq]europe-west2\[dq]
-.RS 2
-.IP \[bu] 2
-London
-.RE
-.IP \[bu] 2
-\[dq]europe-west3\[dq]
-.RS 2
-.IP \[bu] 2
-Frankfurt
-.RE
-.IP \[bu] 2
-\[dq]europe-west4\[dq]
-.RS 2
-.IP \[bu] 2
-Netherlands
-.RE
-.IP \[bu] 2
-\[dq]europe-west6\[dq]
-.RS 2
-.IP \[bu] 2
-Z\[:u]rich
-.RE
-.IP \[bu] 2
-\[dq]europe-central2\[dq]
-.RS 2
-.IP \[bu] 2
-Warsaw
-.RE
-.IP \[bu] 2
-\[dq]us-central1\[dq]
-.RS 2
-.IP \[bu] 2
-Iowa
-.RE
-.IP \[bu] 2
-\[dq]us-east1\[dq]
-.RS 2
-.IP \[bu] 2
-South Carolina
-.RE
-.IP \[bu] 2
-\[dq]us-east4\[dq]
-.RS 2
-.IP \[bu] 2
-Northern Virginia
-.RE
-.IP \[bu] 2
-\[dq]us-west1\[dq]
-.RS 2
-.IP \[bu] 2
-Oregon
-.RE
-.IP \[bu] 2
-\[dq]us-west2\[dq]
-.RS 2
-.IP \[bu] 2
-California
-.RE
-.IP \[bu] 2
-\[dq]us-west3\[dq]
-.RS 2
-.IP \[bu] 2
-Salt Lake City
-.RE
-.IP \[bu] 2
-\[dq]us-west4\[dq]
-.RS 2
-.IP \[bu] 2
-Las Vegas
-.RE
-.IP \[bu] 2
-\[dq]northamerica-northeast1\[dq]
-.RS 2
-.IP \[bu] 2
-Montr\['e]al
-.RE
-.IP \[bu] 2
-\[dq]northamerica-northeast2\[dq]
-.RS 2
-.IP \[bu] 2
-Toronto
-.RE
-.IP \[bu] 2
-\[dq]southamerica-east1\[dq]
-.RS 2
-.IP \[bu] 2
-S\[~a]o Paulo
-.RE
-.IP \[bu] 2
-\[dq]southamerica-west1\[dq]
-.RS 2
-.IP \[bu] 2
-Santiago
-.RE
-.IP \[bu] 2
-\[dq]asia1\[dq]
-.RS 2
-.IP \[bu] 2
-Dual region: asia-northeast1 and asia-northeast2.
-.RE
-.IP \[bu] 2
-\[dq]eur4\[dq]
-.RS 2
-.IP \[bu] 2
-Dual region: europe-north1 and europe-west4.
-.RE
-.IP \[bu] 2
-\[dq]nam4\[dq]
-.RS 2
-.IP \[bu] 2
-Dual region: us-central1 and us-east1.
-.RE
-.RE
-.SS --gcs-storage-class
-.PP
+
+- Config:      bucket_acl
+- Env Var:     RCLONE_GCS_BUCKET_ACL
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]authenticatedRead\[dq]
+        - Project team owners get OWNER access.
+        - All Authenticated Users get READER access.
+    - \[dq]private\[dq]
+        - Project team owners get OWNER access.
+        - Default if left blank.
+    - \[dq]projectPrivate\[dq]
+        - Project team members get access according to their roles.
+    - \[dq]publicRead\[dq]
+        - Project team owners get OWNER access.
+        - All Users get READER access.
+    - \[dq]publicReadWrite\[dq]
+        - Project team owners get OWNER access.
+        - All Users get WRITER access.
+
+#### --gcs-bucket-policy-only
+
+Access checks should use bucket-level IAM policies.
+
+If you want to upload objects to a bucket with Bucket Policy Only set
+then you will need to set this.
+
+When it is set, rclone:
+
+- ignores ACLs set on buckets
+- ignores ACLs set on objects
+- creates buckets with Bucket Policy Only set
+
+Docs: https://cloud.google.com/storage/docs/bucket-policy-only
+
+
+Properties:
+
+- Config:      bucket_policy_only
+- Env Var:     RCLONE_GCS_BUCKET_POLICY_ONLY
+- Type:        bool
+- Default:     false
+
+#### --gcs-location
+
+Location for the newly created buckets.
+
+Properties:
+
+- Config:      location
+- Env Var:     RCLONE_GCS_LOCATION
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - Empty for default location (US)
+    - \[dq]asia\[dq]
+        - Multi-regional location for Asia
+    - \[dq]eu\[dq]
+        - Multi-regional location for Europe
+    - \[dq]us\[dq]
+        - Multi-regional location for United States
+    - \[dq]asia-east1\[dq]
+        - Taiwan
+    - \[dq]asia-east2\[dq]
+        - Hong Kong
+    - \[dq]asia-northeast1\[dq]
+        - Tokyo
+    - \[dq]asia-northeast2\[dq]
+        - Osaka
+    - \[dq]asia-northeast3\[dq]
+        - Seoul
+    - \[dq]asia-south1\[dq]
+        - Mumbai
+    - \[dq]asia-south2\[dq]
+        - Delhi
+    - \[dq]asia-southeast1\[dq]
+        - Singapore
+    - \[dq]asia-southeast2\[dq]
+        - Jakarta
+    - \[dq]australia-southeast1\[dq]
+        - Sydney
+    - \[dq]australia-southeast2\[dq]
+        - Melbourne
+    - \[dq]europe-north1\[dq]
+        - Finland
+    - \[dq]europe-west1\[dq]
+        - Belgium
+    - \[dq]europe-west2\[dq]
+        - London
+    - \[dq]europe-west3\[dq]
+        - Frankfurt
+    - \[dq]europe-west4\[dq]
+        - Netherlands
+    - \[dq]europe-west6\[dq]
+        - Z\[:u]rich
+    - \[dq]europe-central2\[dq]
+        - Warsaw
+    - \[dq]us-central1\[dq]
+        - Iowa
+    - \[dq]us-east1\[dq]
+        - South Carolina
+    - \[dq]us-east4\[dq]
+        - Northern Virginia
+    - \[dq]us-west1\[dq]
+        - Oregon
+    - \[dq]us-west2\[dq]
+        - California
+    - \[dq]us-west3\[dq]
+        - Salt Lake City
+    - \[dq]us-west4\[dq]
+        - Las Vegas
+    - \[dq]northamerica-northeast1\[dq]
+        - Montr\['e]al
+    - \[dq]northamerica-northeast2\[dq]
+        - Toronto
+    - \[dq]southamerica-east1\[dq]
+        - S\[~a]o Paulo
+    - \[dq]southamerica-west1\[dq]
+        - Santiago
+    - \[dq]asia1\[dq]
+        - Dual region: asia-northeast1 and asia-northeast2.
+    - \[dq]eur4\[dq]
+        - Dual region: europe-north1 and europe-west4.
+    - \[dq]nam4\[dq]
+        - Dual region: us-central1 and us-east1.
+
+#### --gcs-storage-class
+
 The storage class to use when storing objects in Google Cloud Storage.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: storage_class
-.IP \[bu] 2
-Env Var: RCLONE_GCS_STORAGE_CLASS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Default
-.RE
-.IP \[bu] 2
-\[dq]MULTI_REGIONAL\[dq]
-.RS 2
-.IP \[bu] 2
-Multi-regional storage class
-.RE
-.IP \[bu] 2
-\[dq]REGIONAL\[dq]
-.RS 2
-.IP \[bu] 2
-Regional storage class
-.RE
-.IP \[bu] 2
-\[dq]NEARLINE\[dq]
-.RS 2
-.IP \[bu] 2
-Nearline storage class
-.RE
-.IP \[bu] 2
-\[dq]COLDLINE\[dq]
-.RS 2
-.IP \[bu] 2
-Coldline storage class
-.RE
-.IP \[bu] 2
-\[dq]ARCHIVE\[dq]
-.RS 2
-.IP \[bu] 2
-Archive storage class
-.RE
-.IP \[bu] 2
-\[dq]DURABLE_REDUCED_AVAILABILITY\[dq]
-.RS 2
-.IP \[bu] 2
-Durable reduced availability storage class
-.RE
-.RE
-.SS --gcs-env-auth
-.PP
-Get GCP IAM credentials from runtime (environment variables or instance
-meta data if no env vars).
-.PP
-Only applies if service_account_file and service_account_credentials is
-blank.
-.PP
+
+- Config:      storage_class
+- Env Var:     RCLONE_GCS_STORAGE_CLASS
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - Default
+    - \[dq]MULTI_REGIONAL\[dq]
+        - Multi-regional storage class
+    - \[dq]REGIONAL\[dq]
+        - Regional storage class
+    - \[dq]NEARLINE\[dq]
+        - Nearline storage class
+    - \[dq]COLDLINE\[dq]
+        - Coldline storage class
+    - \[dq]ARCHIVE\[dq]
+        - Archive storage class
+    - \[dq]DURABLE_REDUCED_AVAILABILITY\[dq]
+        - Durable reduced availability storage class
+
+#### --gcs-env-auth
+
+Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars).
+
+Only applies if service_account_file and service_account_credentials is blank.
+
 Properties:
-.IP \[bu] 2
-Config: env_auth
-.IP \[bu] 2
-Env Var: RCLONE_GCS_ENV_AUTH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Enter credentials in the next step.
-.RE
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Get GCP IAM credentials from the environment (env vars or IAM).
-.RE
-.RE
-.SS Advanced options
-.PP
-Here are the Advanced options specific to google cloud storage (Google
-Cloud Storage (this is not Google Drive)).
-.SS --gcs-token
-.PP
+
+- Config:      env_auth
+- Env Var:     RCLONE_GCS_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - \[dq]false\[dq]
+        - Enter credentials in the next step.
+    - \[dq]true\[dq]
+        - Get GCP IAM credentials from the environment (env vars or IAM).
+
+### Advanced options
+
+Here are the Advanced options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
+
+#### --gcs-token
+
 OAuth Access Token as a JSON blob.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_GCS_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-auth-url
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_GCS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --gcs-auth-url
+
 Auth server URL.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_GCS_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-token-url
-.PP
+
+- Config:      auth_url
+- Env Var:     RCLONE_GCS_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --gcs-token-url
+
 Token server url.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_GCS_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-no-check-bucket
-.PP
+
+- Config:      token_url
+- Env Var:     RCLONE_GCS_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --gcs-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option creates an empty
+object ending with \[dq]/\[dq], to persist the folder.
+
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_GCS_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
+#### --gcs-no-check-bucket
+
 If set, don\[aq]t attempt to check the bucket exists or create it.
-.PP
+
 This can be useful when trying to minimise the number of transactions
 rclone does if you know the bucket exists already.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: no_check_bucket
-.IP \[bu] 2
-Env Var: RCLONE_GCS_NO_CHECK_BUCKET
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --gcs-decompress
-.PP
+
+- Config:      no_check_bucket
+- Env Var:     RCLONE_GCS_NO_CHECK_BUCKET
+- Type:        bool
+- Default:     false
+
+#### --gcs-decompress
+
 If set this will decompress gzip encoded objects.
-.PP
-It is possible to upload objects to GCS with \[dq]Content-Encoding:
-gzip\[dq] set.
-Normally rclone will download these files as compressed objects.
-.PP
+
+It is possible to upload objects to GCS with \[dq]Content-Encoding: gzip\[dq]
+set. Normally rclone will download these files as compressed objects.
+
 If this flag is set then rclone will decompress these files with
-\[dq]Content-Encoding: gzip\[dq] as they are received.
-This means that rclone can\[aq]t check the size and hash but the file
-contents will be decompressed.
-.PP
+\[dq]Content-Encoding: gzip\[dq] as they are received. This means that rclone
+can\[aq]t check the size and hash but the file contents will be decompressed.
+
+
 Properties:
-.IP \[bu] 2
-Config: decompress
-.IP \[bu] 2
-Env Var: RCLONE_GCS_DECOMPRESS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --gcs-endpoint
-.PP
+
+- Config:      decompress
+- Env Var:     RCLONE_GCS_DECOMPRESS
+- Type:        bool
+- Default:     false
+
+#### --gcs-endpoint
+
 Endpoint for the service.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_GCS_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gcs-encoding
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_GCS_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --gcs-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_GCS_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,CrLf,InvalidUtf8,Dot
-.SS Limitations
-.PP
-\f[C]rclone about\f[R] is not supported by the Google Cloud Storage
-backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Google Drive
-.PP
-Paths are specified as \f[C]drive:path\f[R]
-.PP
-Drive paths may be as deep as required, e.g.
-\f[C]drive:directory/subdirectory\f[R].
-.SS Configuration
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_GCS_ENCODING
+- Type:        Encoding
+- Default:     Slash,CrLf,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+\[ga]rclone about\[ga] is not supported by the Google Cloud Storage backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Google Drive
+
+Paths are specified as \[ga]drive:path\[ga]
+
+Drive paths may be as deep as required, e.g. \[ga]drive:directory/subdirectory\[ga].
+
+## Configuration
+
 The initial setup for drive involves getting a token from Google drive
-which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
+which you need to do in your browser.  \[ga]rclone config\[ga] walks you
+through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
 This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Drive
-   \[rs] \[dq]drive\[dq]
-[snip]
-Storage> drive
-Google Application Client Id - leave blank normally.
-client_id>
-Google Application Client Secret - leave blank normally.
-client_secret>
-Scope that rclone should use when requesting access from drive.
-Choose a number from below, or type in your own value
- 1 / Full access all files, excluding Application Data Folder.
-   \[rs] \[dq]drive\[dq]
- 2 / Read-only access to file metadata and file contents.
-   \[rs] \[dq]drive.readonly\[dq]
-   / Access to files created by rclone only.
- 3 | These are visible in the drive website.
-   | File authorization is revoked when the user deauthorizes the app.
-   \[rs] \[dq]drive.file\[dq]
-   / Allows read and write access to the Application Data folder.
- 4 | This is not visible in the drive website.
-   \[rs] \[dq]drive.appfolder\[dq]
-   / Allows read-only access to file metadata but
- 5 | does not allow any access to read or download file content.
-   \[rs] \[dq]drive.metadata.readonly\[dq]
-scope> 1
-Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
-service_account_file>
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-Configure this as a Shared Drive (Team Drive)?
-y) Yes
-n) No
-y/n> n
---------------------
-[remote]
-client_id = 
-client_secret = 
-scope = drive
-root_folder_id = 
-service_account_file =
-token = {\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2014-03-16T13:57:58.955387075Z\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
 \f[R]
 .fi
 .PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
+No remotes found, make a new one?
+n) New remote r) Rename remote c) Copy remote s) Set configuration
+password q) Quit config n/r/c/s/q> n name> remote Type of storage to
+configure.
+Choose a number from below, or type in your own value [snip] XX / Google
+Drive \ \[dq]drive\[dq] [snip] Storage> drive Google Application Client
+Id - leave blank normally.
+client_id> Google Application Client Secret - leave blank normally.
+client_secret> Scope that rclone should use when requesting access from
+drive.
+Choose a number from below, or type in your own value 1 / Full access
+all files, excluding Application Data Folder.
+\ \[dq]drive\[dq] 2 / Read-only access to file metadata and file
+contents.
+\ \[dq]drive.readonly\[dq] / Access to files created by rclone only.
+3 | These are visible in the drive website.
+| File authorization is revoked when the user deauthorizes the app.
+\ \[dq]drive.file\[dq] / Allows read and write access to the Application
+Data folder.
+4 | This is not visible in the drive website.
+\ \[dq]drive.appfolder\[dq] / Allows read-only access to file metadata
+but 5 | does not allow any access to read or download file content.
+\ \[dq]drive.metadata.readonly\[dq] scope> 1 Service Account Credentials
+JSON file path - needed only if you want use SA instead of interactive
+login.
+service_account_file> Remote config Use web browser to automatically
+authenticate rclone with remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y) Yes n) No y/n> y If your browser doesn\[aq]t open automatically go to
+the following link: http://127.0.0.1:53682/auth Log in and authorize
+rclone for access Waiting for code...
+Got code Configure this as a Shared Drive (Team Drive)?
+y) Yes n) No y/n> n -------------------- [remote] client_id =
+client_secret = scope = drive root_folder_id = service_account_file =
+token =
+{\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2014-03-16T13:57:58.955387075Z\[dq]}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
+.IP
+.nf
+\f[C]
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
 Note that rclone runs a webserver on your local machine to collect the
-token as returned from Google if using web browser to automatically
-authenticate.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and it may require you to
-unblock it temporarily if you are running a host firewall, or use manual
-mode.
-.PP
+token as returned from Google if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on \[ga]http://127.0.0.1:53682/\[ga] and it
+may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
 You can then use it like this,
-.PP
+
 List directories in top level of your drive
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 List all the files in your drive
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to a drive directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Scopes
-.PP
+
+    rclone copy /home/source remote:backup
+
+### Scopes
+
 Rclone allows you to select which scope you would like for rclone to
-use.
-This changes what type of token is granted to rclone.
-The scopes are defined
-here (https://developers.google.com/drive/v3/web/about-auth).
-.PP
+use.  This changes what type of token is granted to rclone.  [The
+scopes are defined
+here](https://developers.google.com/drive/v3/web/about-auth).
+
+A comma-separated list is allowed e.g. \[ga]drive.readonly,drive.file\[ga].
+
 The scope are
-.SS drive
-.PP
+
+#### drive
+
 This is the default scope and allows full access to all files, except
 for the Application Data Folder (see below).
-.PP
+
 Choose this one if you aren\[aq]t sure.
-.SS drive.readonly
-.PP
-This allows read only access to all files.
-Files may be listed and downloaded but not uploaded, renamed or deleted.
-.SS drive.file
-.PP
-With this scope rclone can read/view/modify only those files and folders
-it creates.
-.PP
+
+#### drive.readonly
+
+This allows read only access to all files.  Files may be listed and
+downloaded but not uploaded, renamed or deleted.
+
+#### drive.file
+
+With this scope rclone can read/view/modify only those files and
+folders it creates.
+
 So if you uploaded files to drive via the web interface (or any other
 means) they will not be visible to rclone.
-.PP
+
 This can be useful if you are using rclone to backup data and you want
 to be sure confidential data on your drive is not visible to rclone.
-.PP
+
 Files created with this scope are visible in the web interface.
-.SS drive.appfolder
-.PP
-This gives rclone its own private area to store files.
-Rclone will not be able to see any other files on your drive and you
-won\[aq]t be able to see rclone\[aq]s files from the web interface
-either.
-.SS drive.metadata.readonly
-.PP
-This allows read only access to file names only.
-It does not allow rclone to download or upload data, or rename or delete
-files or directories.
-.SS Root folder ID
-.PP
-This option has been moved to the advanced section.
-You can set the \f[C]root_folder_id\f[R] for rclone.
-This is the directory (identified by its \f[C]Folder ID\f[R]) that
-rclone considers to be the root of your drive.
-.PP
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
-.PP
+
+#### drive.appfolder
+
+This gives rclone its own private area to store files.  Rclone will
+not be able to see any other files on your drive and you won\[aq]t be able
+to see rclone\[aq]s files from the web interface either.
+
+#### drive.metadata.readonly
+
+This allows read only access to file names only.  It does not allow
+rclone to download or upload data, or rename or delete files or
+directories.
+
+### Root folder ID
+
+This option has been moved to the advanced section. You can set the \[ga]root_folder_id\[ga] for rclone.  This is the directory
+(identified by its \[ga]Folder ID\[ga]) that rclone considers to be the root
+of your drive.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
 However you can set this to restrict rclone to a specific folder
-hierarchy or to access data within the \[dq]Computers\[dq] tab on the
-drive web interface (where files from Google\[aq]s Backup and Sync
-desktop program go).
-.PP
-In order to do this you will have to find the \f[C]Folder ID\f[R] of the
-directory you wish rclone to display.
-This will be the last segment of the URL when you open the relevant
-folder in the drive web interface.
-.PP
+hierarchy or to access data within the \[dq]Computers\[dq] tab on the drive
+web interface (where files from Google\[aq]s Backup and Sync desktop
+program go).
+
+In order to do this you will have to find the \[ga]Folder ID\[ga] of the
+directory you wish rclone to display.  This will be the last segment
+of the URL when you open the relevant folder in the drive web
+interface.
+
 So if the folder you want rclone to use has a URL which looks like
-\f[C]https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh\f[R]
-in the browser, then you use \f[C]1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh\f[R]
-as the \f[C]root_folder_id\f[R] in the config.
-.PP
-\f[B]NB\f[R] folders under the \[dq]Computers\[dq] tab seem to be read
-only (drive gives a 500 error) when using rclone.
-.PP
+\[ga]https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh\[ga]
+in the browser, then you use \[ga]1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh\[ga] as
+the \[ga]root_folder_id\[ga] in the config.
+
+**NB** folders under the \[dq]Computers\[dq] tab seem to be read only (drive
+gives a 500 error) when using rclone.
+
 There doesn\[aq]t appear to be an API to discover the folder IDs of the
 \[dq]Computers\[dq] tab - please contact us if you know otherwise!
-.PP
-Note also that rclone can\[aq]t access any data under the
-\[dq]Backups\[dq] tab on the google drive web interface yet.
-.SS Service Account support
-.PP
-You can set up rclone with Google Drive in an unattended mode, i.e.
-not tied to a specific end-user Google account.
-This is useful when you want to synchronise files onto machines that
-don\[aq]t have actively logged-in users, for example build machines.
-.PP
-To use a Service Account instead of OAuth2 token flow, enter the path to
-your Service Account credentials at the \f[C]service_account_file\f[R]
-prompt during \f[C]rclone config\f[R] and rclone won\[aq]t use the
-browser based authentication flow.
-If you\[aq]d rather stuff the contents of the credentials file into the
-rclone config file, you can set \f[C]service_account_credentials\f[R]
-with the actual contents of the file instead, or set the equivalent
-environment variable.
-.SS Use case - Google Apps/G-suite account and individual Drive
-.PP
+
+Note also that rclone can\[aq]t access any data under the \[dq]Backups\[dq] tab on
+the google drive web interface yet.
+
+### Service Account support
+
+You can set up rclone with Google Drive in an unattended mode,
+i.e. not tied to a specific end-user Google account. This is useful
+when you want to synchronise files onto machines that don\[aq]t have
+actively logged-in users, for example build machines.
+
+To use a Service Account instead of OAuth2 token flow, enter the path
+to your Service Account credentials at the \[ga]service_account_file\[ga]
+prompt during \[ga]rclone config\[ga] and rclone won\[aq]t use the browser based
+authentication flow. If you\[aq]d rather stuff the contents of the
+credentials file into the rclone config file, you can set
+\[ga]service_account_credentials\[ga] with the actual contents of the file
+instead, or set the equivalent environment variable.
+
+#### Use case - Google Apps/G-suite account and individual Drive
+
 Let\[aq]s say that you are the administrator of a Google Apps (old) or
 G-suite account.
-The goal is to store data on an individual\[aq]s Drive account, who IS a
-member of the domain.
-We\[aq]ll call the domain \f[B]example.com\f[R], and the user
-\f[B]foo\[at]example.com\f[R].
-.PP
+The goal is to store data on an individual\[aq]s Drive account, who IS
+a member of the domain.
+We\[aq]ll call the domain **example.com**, and the user
+**foo\[at]example.com**.
+
 There\[aq]s a few steps we need to go through to accomplish this:
-.SS 1. Create a service account for example.com
-.IP \[bu] 2
-To create a service account and obtain its credentials, go to the Google
-Developer Console (https://console.developers.google.com).
-.IP \[bu] 2
-You must have a project - create one if you don\[aq]t.
-.IP \[bu] 2
-Then go to \[dq]IAM & admin\[dq] -> \[dq]Service Accounts\[dq].
-.IP \[bu] 2
-Use the \[dq]Create Credentials\[dq] button.
-Fill in \[dq]Service account name\[dq] with something that identifies
-your client.
-\[dq]Role\[dq] can be empty.
-.IP \[bu] 2
-Tick \[dq]Furnish a new private key\[dq] - select \[dq]Key type
-JSON\[dq].
-.IP \[bu] 2
-Tick \[dq]Enable G Suite Domain-wide Delegation\[dq].
-This option makes \[dq]impersonation\[dq] possible, as documented here:
-Delegating domain-wide authority to the service
-account (https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority)
-.IP \[bu] 2
-These credentials are what rclone will use for authentication.
-If you ever need to remove access, press the \[dq]Delete service account
-key\[dq] button.
-.SS 2. Allowing API access to example.com Google Drive
-.IP \[bu] 2
-Go to example.com\[aq]s admin console
-.IP \[bu] 2
-Go into \[dq]Security\[dq] (or use the search bar)
-.IP \[bu] 2
-Select \[dq]Show more\[dq] and then \[dq]Advanced settings\[dq]
-.IP \[bu] 2
-Select \[dq]Manage API client access\[dq] in the
-\[dq]Authentication\[dq] section
-.IP \[bu] 2
-In the \[dq]Client Name\[dq] field enter the service account\[aq]s
+
+##### 1. Create a service account for example.com
+  - To create a service account and obtain its credentials, go to the
+[Google Developer Console](https://console.developers.google.com).
+  - You must have a project - create one if you don\[aq]t.
+  - Then go to \[dq]IAM & admin\[dq] -> \[dq]Service Accounts\[dq].
+  - Use the \[dq]Create Service Account\[dq] button. Fill in \[dq]Service account name\[dq]
+and \[dq]Service account ID\[dq] with something that identifies your client.
+  - Select \[dq]Create And Continue\[dq]. Step 2 and 3 are optional.
+  - These credentials are what rclone will use for authentication.
+If you ever need to remove access, press the \[dq]Delete service
+account key\[dq] button.
+
+##### 2. Allowing API access to example.com Google Drive
+  - Go to example.com\[aq]s admin console
+  - Go into \[dq]Security\[dq] (or use the search bar)
+  - Select \[dq]Show more\[dq] and then \[dq]Advanced settings\[dq]
+  - Select \[dq]Manage API client access\[dq] in the \[dq]Authentication\[dq] section
+  - In the \[dq]Client Name\[dq] field enter the service account\[aq]s
 \[dq]Client ID\[dq] - this can be found in the Developer Console under
-\[dq]IAM & Admin\[dq] -> \[dq]Service Accounts\[dq], then \[dq]View
-Client ID\[dq] for the newly created service account.
+\[dq]IAM & Admin\[dq] -> \[dq]Service Accounts\[dq], then \[dq]View Client ID\[dq] for
+the newly created service account.
 It is a \[ti]21 character numerical string.
-.IP \[bu] 2
-In the next field, \[dq]One or More API Scopes\[dq], enter
-\f[C]https://www.googleapis.com/auth/drive\f[R] to grant access to
-Google Drive specifically.
-.SS 3. Configure rclone, assuming a new install
-.IP
-.nf
-\f[C]
-rclone config
+  - In the next field, \[dq]One or More API Scopes\[dq], enter
+\[ga]https://www.googleapis.com/auth/drive\[ga]
+to grant access to Google Drive specifically.
 
-n/s/q> n         # New
-name>gdrive      # Gdrive is an example name
-Storage>         # Select the number shown for Google Drive
-client_id>       # Can be left blank
-client_secret>   # Can be left blank
-scope>           # Select your scope, 1 for example
-root_folder_id>  # Can be left blank
-service_account_file> /home/foo/myJSONfile.json # This is where the JSON file goes!
-y/n>             # Auto config, n
+##### 3. Configure rclone, assuming a new install
 \f[R]
 .fi
-.SS 4. Verify that it\[aq]s working
-.IP \[bu] 2
-\f[C]rclone -v --drive-impersonate foo\[at]example.com lsf gdrive:backup\f[R]
-.IP \[bu] 2
-The arguments do:
-.RS 2
-.IP \[bu] 2
-\f[C]-v\f[R] - verbose logging
-.IP \[bu] 2
-\f[C]--drive-impersonate foo\[at]example.com\f[R] - this is what does
-the magic, pretending to be user foo.
-.IP \[bu] 2
-\f[C]lsf\f[R] - list files in a parsing friendly way
-.IP \[bu] 2
-\f[C]gdrive:backup\f[R] - use the remote called gdrive, work in the
-folder named backup.
-.RE
-.PP
-Note: in case you configured a specific root folder on gdrive and rclone
-is unable to access the contents of that folder when using
-\f[C]--drive-impersonate\f[R], do this instead: - in the gdrive web
-interface, share your root folder with the user/email of the new Service
-Account you created/selected at step #1 - use rclone without specifying
-the \f[C]--drive-impersonate\f[R] option, like this:
-\f[C]rclone -v lsf gdrive:backup\f[R]
-.SS Shared drives (team drives)
-.PP
-If you want to configure the remote to point to a Google Shared Drive
-(previously known as Team Drives) then answer \f[C]y\f[R] to the
-question \f[C]Configure this as a Shared Drive (Team Drive)?\f[R].
 .PP
-This will fetch the list of Shared Drives from google and allow you to
-configure which one you want to use.
-You can also type in a Shared Drive ID if you prefer.
+rclone config
 .PP
-For example:
+n/s/q> n # New name>gdrive # Gdrive is an example name Storage> # Select
+the number shown for Google Drive client_id> # Can be left blank
+client_secret> # Can be left blank scope> # Select your scope, 1 for
+example root_folder_id> # Can be left blank service_account_file>
+/home/foo/myJSONfile.json # This is where the JSON file goes! y/n> #
+Auto config, n
 .IP
 .nf
 \f[C]
-Configure this as a Shared Drive (Team Drive)?
-y) Yes
-n) No
-y/n> y
-Fetching Shared Drive list...
-Choose a number from below, or type in your own value
- 1 / Rclone Test
-   \[rs] \[dq]xxxxxxxxxxxxxxxxxxxx\[dq]
- 2 / Rclone Test 2
-   \[rs] \[dq]yyyyyyyyyyyyyyyyyyyy\[dq]
- 3 / Rclone Test 3
-   \[rs] \[dq]zzzzzzzzzzzzzzzzzzzz\[dq]
-Enter a Shared Drive ID> 1
---------------------
-[remote]
-client_id =
-client_secret =
-token = {\[dq]AccessToken\[dq]:\[dq]xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]RefreshToken\[dq]:\[dq]1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]Expiry\[dq]:\[dq]2014-03-16T13:57:58.955387075Z\[dq],\[dq]Extra\[dq]:null}
-team_drive = xxxxxxxxxxxxxxxxxxxx
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+##### 4. Verify that it\[aq]s working
+  - \[ga]rclone -v --drive-impersonate foo\[at]example.com lsf gdrive:backup\[ga]
+  - The arguments do:
+    - \[ga]-v\[ga] - verbose logging
+    - \[ga]--drive-impersonate foo\[at]example.com\[ga] - this is what does
+the magic, pretending to be user foo.
+    - \[ga]lsf\[ga] - list files in a parsing friendly way
+    - \[ga]gdrive:backup\[ga] - use the remote called gdrive, work in
+the folder named backup.
+
+Note: in case you configured a specific root folder on gdrive and rclone is unable to access the contents of that folder when using \[ga]--drive-impersonate\[ga], do this instead:
+  - in the gdrive web interface, share your root folder with the user/email of the new Service Account you created/selected at step #1
+  - use rclone without specifying the \[ga]--drive-impersonate\[ga] option, like this:
+        \[ga]rclone -v lsf gdrive:backup\[ga]
+
+
+### Shared drives (team drives)
+
+If you want to configure the remote to point to a Google Shared Drive
+(previously known as Team Drives) then answer \[ga]y\[ga] to the question
+\[ga]Configure this as a Shared Drive (Team Drive)?\[ga].
+
+This will fetch the list of Shared Drives from google and allow you to
+configure which one you want to use. You can also type in a Shared
+Drive ID if you prefer.
+
+For example:
 \f[R]
 .fi
-.SS --fast-list
-.PP
-This remote supports \f[C]--fast-list\f[R] which allows you to use fewer
-transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
 .PP
-It does this by combining multiple \f[C]list\f[R] calls into a single
-API request.
-.PP
-This works by combining many \f[C]\[aq]%s\[aq] in parents\f[R] filters
-into one expression.
-To list the contents of directories a, b and c, the following requests
-will be send by the regular \f[C]List\f[R] function:
+Configure this as a Shared Drive (Team Drive)?
+y) Yes n) No y/n> y Fetching Shared Drive list...
+Choose a number from below, or type in your own value 1 / Rclone Test
+\ \[dq]xxxxxxxxxxxxxxxxxxxx\[dq] 2 / Rclone Test 2
+\ \[dq]yyyyyyyyyyyyyyyyyyyy\[dq] 3 / Rclone Test 3
+\ \[dq]zzzzzzzzzzzzzzzzzzzz\[dq] Enter a Shared Drive ID> 1
+-------------------- [remote] client_id = client_secret = token =
+{\[dq]AccessToken\[dq]:\[dq]xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]RefreshToken\[dq]:\[dq]1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]Expiry\[dq]:\[dq]2014-03-16T13:57:58.955387075Z\[dq],\[dq]Extra\[dq]:null}
+team_drive = xxxxxxxxxxxxxxxxxxxx -------------------- y) Yes this is OK
+e) Edit this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-trashed=false and \[aq]a\[aq] in parents
-trashed=false and \[aq]b\[aq] in parents
-trashed=false and \[aq]c\[aq] in parents
+### --fast-list
+
+This remote supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+It does this by combining multiple \[ga]list\[ga] calls into a single API request.
+
+This works by combining many \[ga]\[aq]%s\[aq] in parents\[ga] filters into one expression.
+To list the contents of directories a, b and c, the following requests will be send by the regular \[ga]List\[ga] function:
 \f[R]
 .fi
 .PP
-These can now be combined into a single request:
+trashed=false and \[aq]a\[aq] in parents trashed=false and \[aq]b\[aq]
+in parents trashed=false and \[aq]c\[aq] in parents
 .IP
 .nf
 \f[C]
-trashed=false and (\[aq]a\[aq] in parents or \[aq]b\[aq] in parents or \[aq]c\[aq] in parents)
+These can now be combined into a single request:
 \f[R]
 .fi
 .PP
-The implementation of \f[C]ListR\f[R] will put up to 50
-\f[C]parents\f[R] filters into one request.
-It will use the \f[C]--checkers\f[R] value to specify the number of
-requests to run in parallel.
-.PP
-In tests, these batch requests were up to 20x faster than the regular
-method.
-Running the following command against different sized folders gives:
+trashed=false and (\[aq]a\[aq] in parents or \[aq]b\[aq] in parents or
+\[aq]c\[aq] in parents)
 .IP
 .nf
 \f[C]
-rclone lsjson -vv -R --checkers=6 gdrive:folder
+The implementation of \[ga]ListR\[ga] will put up to 50 \[ga]parents\[ga] filters into one request.
+It will  use the \[ga]--checkers\[ga] value to specify the number of requests to run in parallel.
+
+In tests, these batch requests were up to 20x faster than the regular method.
+Running the following command against different sized folders gives:
 \f[R]
 .fi
 .PP
+rclone lsjson -vv -R --checkers=6 gdrive:folder
+.IP
+.nf
+\f[C]
 small folder (220 directories, 700 files):
-.IP \[bu] 2
-without \f[C]--fast-list\f[R]: 38s
-.IP \[bu] 2
-with \f[C]--fast-list\f[R]: 10s
-.PP
+
+- without \[ga]--fast-list\[ga]: 38s
+- with \[ga]--fast-list\[ga]: 10s
+
 large folder (10600 directories, 39000 files):
-.IP \[bu] 2
-without \f[C]--fast-list\f[R]: 22:05 min
-.IP \[bu] 2
-with \f[C]--fast-list\f[R]: 58s
-.SS Modified time
-.PP
+
+- without \[ga]--fast-list\[ga]: 22:05 min
+- with \[ga]--fast-list\[ga]: 58s
+
+### Modification times and hashes
+
 Google drive stores modification times accurate to 1 ms.
-.SS Restricted filename characters
-.PP
-Only Invalid UTF-8 bytes will be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.PP
-In contrast to other backends, \f[C]/\f[R] can also be used in names and
-\f[C].\f[R] or \f[C]..\f[R] are valid names.
-.SS Revisions
-.PP
-Google drive stores revisions of files.
-When you upload a change to an existing file to google drive using
-rclone it will create a new revision of that file.
-.PP
-Revisions follow the standard google policy which at time of writing was
-.IP \[bu] 2
-They are deleted after 30 days or 100 revisions (whatever comes first).
-.IP \[bu] 2
-They do not count towards a user storage quota.
-.SS Deleting files
-.PP
-By default rclone will send all files to the trash when deleting files.
-If deleting them permanently is required then use the
-\f[C]--drive-use-trash=false\f[R] flag, or set the equivalent
-environment variable.
-.SS Shortcuts
-.PP
+
+Hash algorithms MD5, SHA1 and SHA256 are supported. Note, however,
+that a small fraction of files uploaded may not have SHA1 or SHA256
+hashes especially if they were uploaded before 2018.
+
+### Restricted filename characters
+
+Only Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+In contrast to other backends, \[ga]/\[ga] can also be used in names and \[ga].\[ga]
+or \[ga]..\[ga] are valid names.
+
+### Revisions
+
+Google drive stores revisions of files.  When you upload a change to
+an existing file to google drive using rclone it will create a new
+revision of that file.
+
+Revisions follow the standard google policy which at time of writing
+was
+
+  * They are deleted after 30 days or 100 revisions (whatever comes first).
+  * They do not count towards a user storage quota.
+
+### Deleting files
+
+By default rclone will send all files to the trash when deleting
+files.  If deleting them permanently is required then use the
+\[ga]--drive-use-trash=false\[ga] flag, or set the equivalent environment
+variable.
+
+### Shortcuts
+
 In March 2020 Google introduced a new feature in Google Drive called
-drive shortcuts (https://support.google.com/drive/answer/9700156)
-(API (https://developers.google.com/drive/api/v3/shortcuts)).
-These will (by September 2020) replace the ability for files or folders
-to be in multiple folders at
-once (https://cloud.google.com/blog/products/g-suite/simplifying-google-drives-folder-structure-and-sharing-models).
-.PP
+[drive shortcuts](https://support.google.com/drive/answer/9700156)
+([API](https://developers.google.com/drive/api/v3/shortcuts)). These
+will (by September 2020) [replace the ability for files or folders to
+be in multiple folders at once](https://cloud.google.com/blog/products/g-suite/simplifying-google-drives-folder-structure-and-sharing-models).
+
 Shortcuts are files that link to other files on Google Drive somewhat
 like a symlink in unix, except they point to the underlying file data
-(e.g.
-the inode in unix terms) so they don\[aq]t break if the source is
+(e.g. the inode in unix terms) so they don\[aq]t break if the source is
 renamed or moved about.
-.PP
-Be default rclone treats these as follows.
-.PP
+
+By default rclone treats these as follows.
+
 For shortcuts pointing to files:
-.IP \[bu] 2
-When listing a file shortcut appears as the destination file.
-.IP \[bu] 2
-When downloading the contents of the destination file is downloaded.
-.IP \[bu] 2
-When updating shortcut file with a non shortcut file, the shortcut is
-removed then a new file is uploaded in place of the shortcut.
-.IP \[bu] 2
-When server-side moving (renaming) the shortcut is renamed, not the
-destination file.
-.IP \[bu] 2
-When server-side copying the shortcut is copied, not the contents of the
-shortcut.
-(unless \f[C]--drive-copy-shortcut-content\f[R] is in use in which case
-the contents of the shortcut gets copied).
-.IP \[bu] 2
-When deleting the shortcut is deleted not the linked file.
-.IP \[bu] 2
-When setting the modification time, the modification time of the linked
-file will be set.
-.PP
+
+- When listing a file shortcut appears as the destination file.
+- When downloading the contents of the destination file is downloaded.
+- When updating shortcut file with a non shortcut file, the shortcut is removed then a new file is uploaded in place of the shortcut.
+- When server-side moving (renaming) the shortcut is renamed, not the destination file.
+- When server-side copying the shortcut is copied, not the contents of the shortcut. (unless \[ga]--drive-copy-shortcut-content\[ga] is in use in which case the contents of the shortcut gets copied).
+- When deleting the shortcut is deleted not the linked file.
+- When setting the modification time, the modification time of the linked file will be set.
+
 For shortcuts pointing to folders:
-.IP \[bu] 2
-When listing the shortcut appears as a folder and that folder will
-contain the contents of the linked folder appear (including any sub
-folders)
-.IP \[bu] 2
-When downloading the contents of the linked folder and sub contents are
-downloaded
-.IP \[bu] 2
-When uploading to a shortcut folder the file will be placed in the
-linked folder
-.IP \[bu] 2
-When server-side moving (renaming) the shortcut is renamed, not the
-destination folder
-.IP \[bu] 2
-When server-side copying the contents of the linked folder is copied,
-not the shortcut.
-.IP \[bu] 2
-When deleting with \f[C]rclone rmdir\f[R] or \f[C]rclone purge\f[R] the
-shortcut is deleted not the linked folder.
-.IP \[bu] 2
-\f[B]NB\f[R] When deleting with \f[C]rclone remove\f[R] or
-\f[C]rclone mount\f[R] the contents of the linked folder will be
-deleted.
-.PP
-The rclone backend (https://rclone.org/commands/rclone_backend/) command
-can be used to create shortcuts.
-.PP
-Shortcuts can be completely ignored with the
-\f[C]--drive-skip-shortcuts\f[R] flag or the corresponding
-\f[C]skip_shortcuts\f[R] configuration setting.
-.SS Emptying trash
-.PP
-If you wish to empty your trash you can use the
-\f[C]rclone cleanup remote:\f[R] command which will permanently delete
-all your trashed files.
-This command does not take any path arguments.
-.PP
+
+- When listing the shortcut appears as a folder and that folder will contain the contents of the linked folder appear (including any sub folders)
+- When downloading the contents of the linked folder and sub contents are downloaded
+- When uploading to a shortcut folder the file will be placed in the linked folder
+- When server-side moving (renaming) the shortcut is renamed, not the destination folder
+- When server-side copying the contents of the linked folder is copied, not the shortcut.
+- When deleting with \[ga]rclone rmdir\[ga] or \[ga]rclone purge\[ga] the shortcut is deleted not the linked folder.
+- **NB** When deleting with \[ga]rclone remove\[ga] or \[ga]rclone mount\[ga] the contents of the linked folder will be deleted.
+
+The [rclone backend](https://rclone.org/commands/rclone_backend/) command can be used to create shortcuts.  
+
+Shortcuts can be completely ignored with the \[ga]--drive-skip-shortcuts\[ga] flag
+or the corresponding \[ga]skip_shortcuts\[ga] configuration setting.
+
+### Emptying trash
+
+If you wish to empty your trash you can use the \[ga]rclone cleanup remote:\[ga]
+command which will permanently delete all your trashed files. This command
+does not take any path arguments.
+
 Note that Google Drive takes some time (minutes to days) to empty the
-trash even though the command returns within a few seconds.
-No output is echoed, so there will be no confirmation even using -v or
--vv.
-.SS Quota information
-.PP
-To view your current quota you can use the
-\f[C]rclone about remote:\f[R] command which will display your usage
-limit (quota), the usage in Google Drive, the size of all files in the
-Trash and the space used by other Google services such as Gmail.
-This command does not take any path arguments.
-.SS Import/Export of google documents
-.PP
+trash even though the command returns within a few seconds.  No output
+is echoed, so there will be no confirmation even using -v or -vv.
+
+### Quota information
+
+To view your current quota you can use the \[ga]rclone about remote:\[ga]
+command which will display your usage limit (quota), the usage in Google
+Drive, the size of all files in the Trash and the space used by other
+Google services such as Gmail. This command does not take any path
+arguments.
+
+#### Import/Export of google documents
+
 Google documents can be exported from and uploaded to Google Drive.
-.PP
+
 When rclone downloads a Google doc it chooses a format to download
-depending upon the \f[C]--drive-export-formats\f[R] setting.
-By default the export formats are \f[C]docx,xlsx,pptx,svg\f[R] which are
-a sensible default for an editable document.
-.PP
-When choosing a format, rclone runs down the list provided in order and
-chooses the first file format the doc can be exported as from the list.
-If the file can\[aq]t be exported to a format on the formats list, then
-rclone will choose a format from the default list.
-.PP
-If you prefer an archive copy then you might use
-\f[C]--drive-export-formats pdf\f[R], or if you prefer
-openoffice/libreoffice formats you might use
-\f[C]--drive-export-formats ods,odt,odp\f[R].
-.PP
+depending upon the \[ga]--drive-export-formats\[ga] setting.
+By default the export formats are \[ga]docx,xlsx,pptx,svg\[ga] which are a
+sensible default for an editable document.
+
+When choosing a format, rclone runs down the list provided in order
+and chooses the first file format the doc can be exported as from the
+list. If the file can\[aq]t be exported to a format on the formats list,
+then rclone will choose a format from the default list.
+
+If you prefer an archive copy then you might use \[ga]--drive-export-formats
+pdf\[ga], or if you prefer openoffice/libreoffice formats you might use
+\[ga]--drive-export-formats ods,odt,odp\[ga].
+
 Note that rclone adds the extension to the google doc, so if it is
-called \f[C]My Spreadsheet\f[R] on google docs, it will be exported as
-\f[C]My Spreadsheet.xlsx\f[R] or \f[C]My Spreadsheet.pdf\f[R] etc.
-.PP
-When importing files into Google Drive, rclone will convert all files
-with an extension in \f[C]--drive-import-formats\f[R] to their
+called \[ga]My Spreadsheet\[ga] on google docs, it will be exported as \[ga]My
+Spreadsheet.xlsx\[ga] or \[ga]My Spreadsheet.pdf\[ga] etc.
+
+When importing files into Google Drive, rclone will convert all
+files with an extension in \[ga]--drive-import-formats\[ga] to their
 associated document type.
-rclone will not convert any files by default, since the conversion is
-lossy process.
-.PP
-The conversion must result in a file with the same extension when the
-\f[C]--drive-export-formats\f[R] rules are applied to the uploaded
-document.
-.PP
+rclone will not convert any files by default, since the conversion
+is lossy process.
+
+The conversion must result in a file with the same extension when
+the \[ga]--drive-export-formats\[ga] rules are applied to the uploaded document.
+
 Here are some examples for allowed and prohibited conversions.
-.PP
-.TS
-tab(@);
-l l l l l.
-T{
-export-formats
-T}@T{
-import-formats
-T}@T{
-Upload Ext
-T}@T{
-Document Ext
-T}@T{
-Allowed
-T}
-_
-T{
-odt
-T}@T{
-odt
-T}@T{
-odt
-T}@T{
-odt
-T}@T{
-Yes
-T}
-T{
-odt
-T}@T{
-docx,odt
-T}@T{
-odt
-T}@T{
-odt
-T}@T{
-Yes
-T}
-T{
-T}@T{
-docx
-T}@T{
-docx
-T}@T{
-docx
-T}@T{
-Yes
-T}
-T{
-T}@T{
-odt
-T}@T{
-odt
-T}@T{
-docx
-T}@T{
-No
-T}
-T{
-odt,docx
-T}@T{
-docx,odt
-T}@T{
-docx
-T}@T{
-odt
-T}@T{
-No
-T}
-T{
-docx,odt
-T}@T{
-docx,odt
-T}@T{
-docx
-T}@T{
-docx
-T}@T{
-Yes
-T}
-T{
-docx,odt
-T}@T{
-docx,odt
-T}@T{
-odt
-T}@T{
-docx
-T}@T{
-No
-T}
-.TE
-.PP
-This limitation can be disabled by specifying
-\f[C]--drive-allow-import-name-change\f[R].
+
+| export-formats | import-formats | Upload Ext | Document Ext | Allowed |
+| -------------- | -------------- | ---------- | ------------ | ------- |
+| odt | odt | odt | odt | Yes |
+| odt | docx,odt | odt | odt | Yes |
+|  | docx | docx | docx | Yes |
+|  | odt | odt | docx | No |
+| odt,docx | docx,odt | docx | odt | No |
+| docx,odt | docx,odt | docx | docx | Yes |
+| docx,odt | docx,odt | odt | docx | No |
+
+This limitation can be disabled by specifying \[ga]--drive-allow-import-name-change\[ga].
 When using this flag, rclone can convert multiple files types resulting
-in the same document type at once, e.g.
-with \f[C]--drive-import-formats docx,odt,txt\f[R], all files having
-these extension would result in a document represented as a docx file.
-This brings the additional risk of overwriting a document, if multiple
-files have the same stem.
-Many rclone operations will not handle this name change in any way.
-They assume an equal name when copying files and might copy the file
-again or delete them when the name changes.
-.PP
-Here are the possible export extensions with their corresponding mime
-types.
-Most of these can also be used for importing, but there more that are
-not listed here.
-Some of these additional ones might only be available when the operating
-system provides the correct MIME type entries.
-.PP
+in the same document type at once, e.g. with \[ga]--drive-import-formats docx,odt,txt\[ga],
+all files having these extension would result in a document represented as a docx file.
+This brings the additional risk of overwriting a document, if multiple files
+have the same stem. Many rclone operations will not handle this name change
+in any way. They assume an equal name when copying files and might copy the
+file again or delete them when the name changes. 
+
+Here are the possible export extensions with their corresponding mime types.
+Most of these can also be used for importing, but there more that are not
+listed here. Some of these additional ones might only be available when
+the operating system provides the correct MIME type entries.
+
 This list can be changed by Google Drive at any time and might not
 represent the currently available conversions.
-.PP
-.TS
-tab(@);
-lw(19.7n) lw(24.1n) lw(26.2n).
-T{
-Extension
-T}@T{
-Mime Type
-T}@T{
-Description
-T}
-_
-T{
-bmp
-T}@T{
-image/bmp
-T}@T{
-Windows Bitmap format
-T}
-T{
-csv
-T}@T{
-text/csv
-T}@T{
-Standard CSV format for Spreadsheets
-T}
-T{
-doc
-T}@T{
-application/msword
-T}@T{
-Classic Word file
-T}
-T{
-docx
-T}@T{
-application/vnd.openxmlformats-officedocument.wordprocessingml.document
-T}@T{
-Microsoft Office Document
-T}
-T{
-epub
-T}@T{
-application/epub+zip
-T}@T{
-E-book format
-T}
-T{
-html
-T}@T{
-text/html
-T}@T{
-An HTML Document
-T}
-T{
-jpg
-T}@T{
-image/jpeg
-T}@T{
-A JPEG Image File
-T}
-T{
-json
-T}@T{
-application/vnd.google-apps.script+json
-T}@T{
-JSON Text Format for Google Apps scripts
-T}
-T{
-odp
-T}@T{
-application/vnd.oasis.opendocument.presentation
-T}@T{
-Openoffice Presentation
-T}
-T{
-ods
-T}@T{
-application/vnd.oasis.opendocument.spreadsheet
-T}@T{
-Openoffice Spreadsheet
-T}
-T{
-ods
-T}@T{
-application/x-vnd.oasis.opendocument.spreadsheet
-T}@T{
-Openoffice Spreadsheet
-T}
-T{
-odt
-T}@T{
-application/vnd.oasis.opendocument.text
-T}@T{
-Openoffice Document
-T}
-T{
-pdf
-T}@T{
-application/pdf
-T}@T{
-Adobe PDF Format
-T}
-T{
-pjpeg
-T}@T{
-image/pjpeg
-T}@T{
-Progressive JPEG Image
-T}
-T{
-png
-T}@T{
-image/png
-T}@T{
-PNG Image Format
-T}
-T{
-pptx
-T}@T{
-application/vnd.openxmlformats-officedocument.presentationml.presentation
-T}@T{
-Microsoft Office Powerpoint
-T}
-T{
-rtf
-T}@T{
-application/rtf
-T}@T{
-Rich Text Format
-T}
-T{
-svg
-T}@T{
-image/svg+xml
-T}@T{
-Scalable Vector Graphics Format
-T}
-T{
-tsv
-T}@T{
-text/tab-separated-values
-T}@T{
-Standard TSV format for spreadsheets
-T}
-T{
-txt
-T}@T{
-text/plain
-T}@T{
-Plain Text
-T}
-T{
-wmf
-T}@T{
-application/x-msmetafile
-T}@T{
-Windows Meta File
-T}
-T{
-xls
-T}@T{
-application/vnd.ms-excel
-T}@T{
-Classic Excel file
-T}
-T{
-xlsx
-T}@T{
-application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-T}@T{
-Microsoft Office Spreadsheet
-T}
-T{
-zip
-T}@T{
-application/zip
-T}@T{
-A ZIP file of HTML, Images CSS
-T}
-.TE
-.PP
-Google documents can also be exported as link files.
-These files will open a browser window for the Google Docs website of
-that document when opened.
-The link file extension has to be specified as a
-\f[C]--drive-export-formats\f[R] parameter.
-They will match all available Google Documents.
-.PP
-.TS
-tab(@);
-l l l.
-T{
-Extension
-T}@T{
-Description
-T}@T{
-OS Support
-T}
-_
-T{
-desktop
-T}@T{
-freedesktop.org specified desktop entry
-T}@T{
-Linux
-T}
-T{
-link.html
-T}@T{
-An HTML Document with a redirect
-T}@T{
-All
-T}
-T{
-url
-T}@T{
-INI style link file
-T}@T{
-macOS, Windows
-T}
-T{
-webloc
-T}@T{
-macOS specific XML format
-T}@T{
-macOS
-T}
-.TE
-.SS Standard options
-.PP
+
+| Extension | Mime Type | Description |
+| --------- |-----------| ------------|
+| bmp  | image/bmp | Windows Bitmap format |
+| csv  | text/csv | Standard CSV format for Spreadsheets |
+| doc  | application/msword | Classic Word file |
+| docx | application/vnd.openxmlformats-officedocument.wordprocessingml.document | Microsoft Office Document |
+| epub | application/epub+zip | E-book format |
+| html | text/html | An HTML Document |
+| jpg  | image/jpeg | A JPEG Image File |
+| json | application/vnd.google-apps.script+json | JSON Text Format for Google Apps scripts |
+| odp  | application/vnd.oasis.opendocument.presentation | Openoffice Presentation |
+| ods  | application/vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+| ods  | application/x-vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
+| odt  | application/vnd.oasis.opendocument.text | Openoffice Document |
+| pdf  | application/pdf | Adobe PDF Format |
+| pjpeg | image/pjpeg | Progressive JPEG Image |
+| png  | image/png | PNG Image Format|
+| pptx | application/vnd.openxmlformats-officedocument.presentationml.presentation | Microsoft Office Powerpoint |
+| rtf  | application/rtf | Rich Text Format |
+| svg  | image/svg+xml | Scalable Vector Graphics Format |
+| tsv  | text/tab-separated-values | Standard TSV format for spreadsheets |
+| txt  | text/plain | Plain Text |
+| wmf  | application/x-msmetafile | Windows Meta File |
+| xls  | application/vnd.ms-excel | Classic Excel file |
+| xlsx | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | Microsoft Office Spreadsheet |
+| zip  | application/zip | A ZIP file of HTML, Images CSS |
+
+Google documents can also be exported as link files. These files will
+open a browser window for the Google Docs website of that document
+when opened. The link file extension has to be specified as a
+\[ga]--drive-export-formats\[ga] parameter. They will match all available
+Google Documents.
+
+| Extension | Description | OS Support |
+| --------- | ----------- | ---------- |
+| desktop | freedesktop.org specified desktop entry | Linux |
+| link.html | An HTML Document with a redirect | All |
+| url | INI style link file | macOS, Windows |
+| webloc | macOS specific XML format | macOS |
+
+
+### Standard options
+
 Here are the Standard options specific to drive (Google Drive).
-.SS --drive-client-id
-.PP
-Google Application Client Id Setting your own is recommended.
-See https://rclone.org/drive/#making-your-own-client-id for how to
-create your own.
-If you leave this blank, it will use an internal key which is low
-performance.
-.PP
+
+#### --drive-client-id
+
+Google Application Client Id
+Setting your own is recommended.
+See https://rclone.org/drive/#making-your-own-client-id for how to create your own.
+If you leave this blank, it will use an internal key which is low performance.
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_DRIVE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --drive-client-secret
+
 OAuth Client Secret.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-scope
-.PP
-Scope that rclone should use when requesting access from drive.
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_DRIVE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --drive-scope
+
+Comma separated list of scopes that rclone should use when requesting access from drive.
+
 Properties:
-.IP \[bu] 2
-Config: scope
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SCOPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]drive\[dq]
-.RS 2
-.IP \[bu] 2
-Full access all files, excluding Application Data Folder.
-.RE
-.IP \[bu] 2
-\[dq]drive.readonly\[dq]
-.RS 2
-.IP \[bu] 2
-Read-only access to file metadata and file contents.
-.RE
-.IP \[bu] 2
-\[dq]drive.file\[dq]
-.RS 2
-.IP \[bu] 2
-Access to files created by rclone only.
-.IP \[bu] 2
-These are visible in the drive website.
-.IP \[bu] 2
-File authorization is revoked when the user deauthorizes the app.
-.RE
-.IP \[bu] 2
-\[dq]drive.appfolder\[dq]
-.RS 2
-.IP \[bu] 2
-Allows read and write access to the Application Data folder.
-.IP \[bu] 2
-This is not visible in the drive website.
-.RE
-.IP \[bu] 2
-\[dq]drive.metadata.readonly\[dq]
-.RS 2
-.IP \[bu] 2
-Allows read-only access to file metadata but
-.IP \[bu] 2
-does not allow any access to read or download file content.
-.RE
-.RE
-.SS --drive-service-account-file
-.PP
+
+- Config:      scope
+- Env Var:     RCLONE_DRIVE_SCOPE
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]drive\[dq]
+        - Full access all files, excluding Application Data Folder.
+    - \[dq]drive.readonly\[dq]
+        - Read-only access to file metadata and file contents.
+    - \[dq]drive.file\[dq]
+        - Access to files created by rclone only.
+        - These are visible in the drive website.
+        - File authorization is revoked when the user deauthorizes the app.
+    - \[dq]drive.appfolder\[dq]
+        - Allows read and write access to the Application Data folder.
+        - This is not visible in the drive website.
+    - \[dq]drive.metadata.readonly\[dq]
+        - Allows read-only access to file metadata but
+        - does not allow any access to read or download file content.
+
+#### --drive-service-account-file
+
 Service Account Credentials JSON file path.
-.PP
+
 Leave blank normally.
 Needed only if you want use SA instead of interactive login.
-.PP
-Leading \f[C]\[ti]\f[R] will be expanded in the file name as will
-environment variables such as \f[C]${RCLONE_CONFIG_DIR}\f[R].
-.PP
+
+Leading \[ga]\[ti]\[ga] will be expanded in the file name as will environment variables such as \[ga]${RCLONE_CONFIG_DIR}\[ga].
+
 Properties:
-.IP \[bu] 2
-Config: service_account_file
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SERVICE_ACCOUNT_FILE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-alternate-export
-.PP
+
+- Config:      service_account_file
+- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_FILE
+- Type:        string
+- Required:    false
+
+#### --drive-alternate-export
+
 Deprecated: No longer needed.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: alternate_export
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_ALTERNATE_EXPORT
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS Advanced options
-.PP
+
+- Config:      alternate_export
+- Env Var:     RCLONE_DRIVE_ALTERNATE_EXPORT
+- Type:        bool
+- Default:     false
+
+### Advanced options
+
 Here are the Advanced options specific to drive (Google Drive).
-.SS --drive-token
-.PP
+
+#### --drive-token
+
 OAuth Access Token as a JSON blob.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-auth-url
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_DRIVE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --drive-auth-url
+
 Auth server URL.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-token-url
-.PP
+
+- Config:      auth_url
+- Env Var:     RCLONE_DRIVE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --drive-token-url
+
 Token server url.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-root-folder-id
-.PP
+
+- Config:      token_url
+- Env Var:     RCLONE_DRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --drive-root-folder-id
+
 ID of the root folder.
 Leave blank normally.
-.PP
-Fill in to access \[dq]Computers\[dq] folders (see docs), or for rclone
-to use a non root folder as its starting point.
-.PP
+
+Fill in to access \[dq]Computers\[dq] folders (see docs), or for rclone to use
+a non root folder as its starting point.
+
+
 Properties:
-.IP \[bu] 2
-Config: root_folder_id
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_ROOT_FOLDER_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-service-account-credentials
-.PP
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_DRIVE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --drive-service-account-credentials
+
 Service Account Credentials JSON blob.
-.PP
+
 Leave blank normally.
 Needed only if you want use SA instead of interactive login.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: service_account_credentials
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-team-drive
-.PP
+
+- Config:      service_account_credentials
+- Env Var:     RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS
+- Type:        string
+- Required:    false
+
+#### --drive-team-drive
+
 ID of the Shared Drive (Team Drive).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: team_drive
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_TEAM_DRIVE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-auth-owner-only
-.PP
+
+- Config:      team_drive
+- Env Var:     RCLONE_DRIVE_TEAM_DRIVE
+- Type:        string
+- Required:    false
+
+#### --drive-auth-owner-only
+
 Only consider files owned by the authenticated user.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_owner_only
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_AUTH_OWNER_ONLY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-use-trash
-.PP
+
+- Config:      auth_owner_only
+- Env Var:     RCLONE_DRIVE_AUTH_OWNER_ONLY
+- Type:        bool
+- Default:     false
+
+#### --drive-use-trash
+
 Send files to the trash instead of deleting permanently.
-.PP
+
 Defaults to true, namely sending files to the trash.
-Use \f[C]--drive-use-trash=false\f[R] to delete files permanently
-instead.
-.PP
+Use \[ga]--drive-use-trash=false\[ga] to delete files permanently instead.
+
 Properties:
-.IP \[bu] 2
-Config: use_trash
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_USE_TRASH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: true
-.SS --drive-copy-shortcut-content
-.PP
+
+- Config:      use_trash
+- Env Var:     RCLONE_DRIVE_USE_TRASH
+- Type:        bool
+- Default:     true
+
+#### --drive-copy-shortcut-content
+
 Server side copy contents of shortcuts instead of the shortcut.
-.PP
+
 When doing server side copies, normally rclone will copy shortcuts as
 shortcuts.
-.PP
-If this flag is used then rclone will copy the contents of shortcuts
-rather than shortcuts themselves when doing server side copies.
-.PP
-Properties:
-.IP \[bu] 2
-Config: copy_shortcut_content
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_COPY_SHORTCUT_CONTENT
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-skip-gdocs
-.PP
+
+If this flag is used then rclone will copy the contents of shortcuts
+rather than shortcuts themselves when doing server side copies.
+
+Properties:
+
+- Config:      copy_shortcut_content
+- Env Var:     RCLONE_DRIVE_COPY_SHORTCUT_CONTENT
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-gdocs
+
 Skip google documents in all listings.
-.PP
+
 If given, gdocs practically become invisible to rclone.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: skip_gdocs
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SKIP_GDOCS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-skip-checksum-gphotos
-.PP
-Skip MD5 checksum on Google photos and videos only.
-.PP
+
+- Config:      skip_gdocs
+- Env Var:     RCLONE_DRIVE_SKIP_GDOCS
+- Type:        bool
+- Default:     false
+
+#### --drive-show-all-gdocs
+
+Show all Google Docs including non-exportable ones in listings.
+
+If you try a server side copy on a Google Form without this flag, you
+will get this error:
+
+    No export formats found for \[dq]application/vnd.google-apps.form\[dq]
+
+However adding this flag will allow the form to be server side copied.
+
+Note that rclone doesn\[aq]t add extensions to the Google Docs file names
+in this mode.
+
+Do **not** use this flag when trying to download Google Docs - rclone
+will fail to download them.
+
+
+Properties:
+
+- Config:      show_all_gdocs
+- Env Var:     RCLONE_DRIVE_SHOW_ALL_GDOCS
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-checksum-gphotos
+
+Skip checksums on Google photos and videos only.
+
 Use this if you get checksum errors when transferring Google photos or
 videos.
-.PP
-Setting this flag will cause Google photos and videos to return a blank
-MD5 checksum.
-.PP
+
+Setting this flag will cause Google photos and videos to return a
+blank checksums.
+
 Google photos are identified by being in the \[dq]photos\[dq] space.
-.PP
+
 Corrupted checksums are caused by Google modifying the image/video but
 not updating the checksum.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: skip_checksum_gphotos
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-shared-with-me
-.PP
+
+- Config:      skip_checksum_gphotos
+- Env Var:     RCLONE_DRIVE_SKIP_CHECKSUM_GPHOTOS
+- Type:        bool
+- Default:     false
+
+#### --drive-shared-with-me
+
 Only show files that are shared with me.
-.PP
-Instructs rclone to operate on your \[dq]Shared with me\[dq] folder
-(where Google Drive lets you access the files and folders others have
-shared with you).
-.PP
-This works both with the \[dq]list\[dq] (lsd, lsl, etc.) and the
-\[dq]copy\[dq] commands (copy, sync, etc.), and with all other commands
-too.
-.PP
+
+Instructs rclone to operate on your \[dq]Shared with me\[dq] folder (where
+Google Drive lets you access the files and folders others have shared
+with you).
+
+This works both with the \[dq]list\[dq] (lsd, lsl, etc.) and the \[dq]copy\[dq]
+commands (copy, sync, etc.), and with all other commands too.
+
 Properties:
-.IP \[bu] 2
-Config: shared_with_me
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SHARED_WITH_ME
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-trashed-only
-.PP
+
+- Config:      shared_with_me
+- Env Var:     RCLONE_DRIVE_SHARED_WITH_ME
+- Type:        bool
+- Default:     false
+
+#### --drive-trashed-only
+
 Only show files that are in the trash.
-.PP
+
 This will show trashed files in their original directory structure.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: trashed_only
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_TRASHED_ONLY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-starred-only
-.PP
+
+- Config:      trashed_only
+- Env Var:     RCLONE_DRIVE_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --drive-starred-only
+
 Only show files that are starred.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: starred_only
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_STARRED_ONLY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-formats
-.PP
+
+- Config:      starred_only
+- Env Var:     RCLONE_DRIVE_STARRED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --drive-formats
+
 Deprecated: See export_formats.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: formats
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_FORMATS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-export-formats
-.PP
+
+- Config:      formats
+- Env Var:     RCLONE_DRIVE_FORMATS
+- Type:        string
+- Required:    false
+
+#### --drive-export-formats
+
 Comma separated list of preferred formats for downloading Google docs.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: export_formats
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_EXPORT_FORMATS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]docx,xlsx,pptx,svg\[dq]
-.SS --drive-import-formats
-.PP
+
+- Config:      export_formats
+- Env Var:     RCLONE_DRIVE_EXPORT_FORMATS
+- Type:        string
+- Default:     \[dq]docx,xlsx,pptx,svg\[dq]
+
+#### --drive-import-formats
+
 Comma separated list of preferred formats for uploading Google docs.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: import_formats
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_IMPORT_FORMATS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-allow-import-name-change
-.PP
+
+- Config:      import_formats
+- Env Var:     RCLONE_DRIVE_IMPORT_FORMATS
+- Type:        string
+- Required:    false
+
+#### --drive-allow-import-name-change
+
 Allow the filetype to change when uploading Google docs.
-.PP
-E.g.
-file.doc to file.docx.
-This will confuse sync and reupload every time.
-.PP
+
+E.g. file.doc to file.docx. This will confuse sync and reupload every time.
+
 Properties:
-.IP \[bu] 2
-Config: allow_import_name_change
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-use-created-date
-.PP
+
+- Config:      allow_import_name_change
+- Env Var:     RCLONE_DRIVE_ALLOW_IMPORT_NAME_CHANGE
+- Type:        bool
+- Default:     false
+
+#### --drive-use-created-date
+
 Use file created date instead of modified date.
-.PP
+
 Useful when downloading data and you want the creation date used in
 place of the last modified date.
-.PP
-\f[B]WARNING\f[R]: This flag may have some unexpected consequences.
-.PP
+
+**WARNING**: This flag may have some unexpected consequences.
+
 When uploading to your drive all files will be overwritten unless they
-haven\[aq]t been modified since their creation.
-And the inverse will occur while downloading.
-This side effect can be avoided by using the \[dq]--checksum\[dq] flag.
-.PP
+haven\[aq]t been modified since their creation. And the inverse will occur
+while downloading.  This side effect can be avoided by using the
+\[dq]--checksum\[dq] flag.
+
 This feature was implemented to retain photos capture date as recorded
-by google photos.
-You will first need to check the \[dq]Create a Google Photos folder\[dq]
-option in your google drive settings.
-You can then copy or move the photos locally and use the date the image
-was taken (created) set as the modification date.
-.PP
+by google photos. You will first need to check the \[dq]Create a Google
+Photos folder\[dq] option in your google drive settings. You can then copy
+or move the photos locally and use the date the image was taken
+(created) set as the modification date.
+
 Properties:
-.IP \[bu] 2
-Config: use_created_date
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_USE_CREATED_DATE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-use-shared-date
-.PP
+
+- Config:      use_created_date
+- Env Var:     RCLONE_DRIVE_USE_CREATED_DATE
+- Type:        bool
+- Default:     false
+
+#### --drive-use-shared-date
+
 Use date file was shared instead of modified date.
-.PP
-Note that, as with \[dq]--drive-use-created-date\[dq], this flag may
-have unexpected consequences when uploading/downloading files.
-.PP
-If both this flag and \[dq]--drive-use-created-date\[dq] are set, the
-created date is used.
-.PP
+
+Note that, as with \[dq]--drive-use-created-date\[dq], this flag may have
+unexpected consequences when uploading/downloading files.
+
+If both this flag and \[dq]--drive-use-created-date\[dq] are set, the created
+date is used.
+
 Properties:
-.IP \[bu] 2
-Config: use_shared_date
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_USE_SHARED_DATE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-list-chunk
-.PP
+
+- Config:      use_shared_date
+- Env Var:     RCLONE_DRIVE_USE_SHARED_DATE
+- Type:        bool
+- Default:     false
+
+#### --drive-list-chunk
+
 Size of listing chunk 100-1000, 0 to disable.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: list_chunk
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_LIST_CHUNK
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 1000
-.SS --drive-impersonate
-.PP
+
+- Config:      list_chunk
+- Env Var:     RCLONE_DRIVE_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --drive-impersonate
+
 Impersonate this user when using a service account.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: impersonate
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_IMPERSONATE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-upload-cutoff
-.PP
+
+- Config:      impersonate
+- Env Var:     RCLONE_DRIVE_IMPERSONATE
+- Type:        string
+- Required:    false
+
+#### --drive-upload-cutoff
+
 Cutoff for switching to chunked upload.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 8Mi
-.SS --drive-chunk-size
-.PP
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_DRIVE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     8Mi
+
+#### --drive-chunk-size
+
 Upload chunk size.
-.PP
+
 Must a power of 2 >= 256k.
-.PP
-Making this larger will improve performance, but note that each chunk is
-buffered in memory one per transfer.
-.PP
+
+Making this larger will improve performance, but note that each chunk
+is buffered in memory one per transfer.
+
 Reducing this will reduce memory usage but decrease performance.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 8Mi
-.SS --drive-acknowledge-abuse
-.PP
-Set to allow files which return cannotDownloadAbusiveFile to be
-downloaded.
-.PP
-If downloading a file returns the error \[dq]This file has been
-identified as malware or spam and cannot be downloaded\[dq] with the
-error code \[dq]cannotDownloadAbusiveFile\[dq] then supply this flag to
-rclone to indicate you acknowledge the risks of downloading the file and
-rclone will download it anyway.
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_DRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     8Mi
+
+#### --drive-acknowledge-abuse
+
+Set to allow files which return cannotDownloadAbusiveFile to be downloaded.
+
+If downloading a file returns the error \[dq]This file has been identified
+as malware or spam and cannot be downloaded\[dq] with the error code
+\[dq]cannotDownloadAbusiveFile\[dq] then supply this flag to rclone to
+indicate you acknowledge the risks of downloading the file and rclone
+will download it anyway.
+
 Note that if you are using service account it will need Manager
-permission (not Content Manager) to for this flag to work.
-If the SA does not have the right permission, Google will just ignore
-the flag.
-.PP
+permission (not Content Manager) to for this flag to work. If the SA
+does not have the right permission, Google will just ignore the flag.
+
 Properties:
-.IP \[bu] 2
-Config: acknowledge_abuse
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_ACKNOWLEDGE_ABUSE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-keep-revision-forever
-.PP
+
+- Config:      acknowledge_abuse
+- Env Var:     RCLONE_DRIVE_ACKNOWLEDGE_ABUSE
+- Type:        bool
+- Default:     false
+
+#### --drive-keep-revision-forever
+
 Keep new head revision of each file forever.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: keep_revision_forever
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_KEEP_REVISION_FOREVER
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-size-as-quota
-.PP
+
+- Config:      keep_revision_forever
+- Env Var:     RCLONE_DRIVE_KEEP_REVISION_FOREVER
+- Type:        bool
+- Default:     false
+
+#### --drive-size-as-quota
+
 Show sizes as storage quota usage, not actual size.
-.PP
-Show the size of a file as the storage quota used.
-This is the current version plus any older versions that have been set
-to keep forever.
-.PP
-\f[B]WARNING\f[R]: This flag may have some unexpected consequences.
-.PP
-It is not recommended to set this flag in your config - the recommended
-usage is using the flag form --drive-size-as-quota when doing rclone
-ls/lsl/lsf/lsjson/etc only.
-.PP
-If you do use this flag for syncing (not recommended) then you will need
-to use --ignore size also.
-.PP
+
+Show the size of a file as the storage quota used. This is the
+current version plus any older versions that have been set to keep
+forever.
+
+**WARNING**: This flag may have some unexpected consequences.
+
+It is not recommended to set this flag in your config - the
+recommended usage is using the flag form --drive-size-as-quota when
+doing rclone ls/lsl/lsf/lsjson/etc only.
+
+If you do use this flag for syncing (not recommended) then you will
+need to use --ignore size also.
+
 Properties:
-.IP \[bu] 2
-Config: size_as_quota
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SIZE_AS_QUOTA
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-v2-download-min-size
-.PP
+
+- Config:      size_as_quota
+- Env Var:     RCLONE_DRIVE_SIZE_AS_QUOTA
+- Type:        bool
+- Default:     false
+
+#### --drive-v2-download-min-size
+
 If Object\[aq]s are greater, use drive v2 API to download.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: v2_download_min_size
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: off
-.SS --drive-pacer-min-sleep
-.PP
+
+- Config:      v2_download_min_size
+- Env Var:     RCLONE_DRIVE_V2_DOWNLOAD_MIN_SIZE
+- Type:        SizeSuffix
+- Default:     off
+
+#### --drive-pacer-min-sleep
+
 Minimum time to sleep between API calls.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: pacer_min_sleep
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_PACER_MIN_SLEEP
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 100ms
-.SS --drive-pacer-burst
-.PP
+
+- Config:      pacer_min_sleep
+- Env Var:     RCLONE_DRIVE_PACER_MIN_SLEEP
+- Type:        Duration
+- Default:     100ms
+
+#### --drive-pacer-burst
+
 Number of API calls to allow without sleeping.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: pacer_burst
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_PACER_BURST
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 100
-.SS --drive-server-side-across-configs
-.PP
-Allow server-side operations (e.g.
-copy) to work across different drive configs.
-.PP
+
+- Config:      pacer_burst
+- Env Var:     RCLONE_DRIVE_PACER_BURST
+- Type:        int
+- Default:     100
+
+#### --drive-server-side-across-configs
+
+Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different drive configs.
+
 This can be useful if you wish to do a server-side copy between two
-different Google drives.
-Note that this isn\[aq]t enabled by default because it isn\[aq]t easy to
-tell if it will work between any two configurations.
-.PP
+different Google drives.  Note that this isn\[aq]t enabled by default
+because it isn\[aq]t easy to tell if it will work between any two
+configurations.
+
 Properties:
-.IP \[bu] 2
-Config: server_side_across_configs
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-disable-http2
-.PP
+
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_DRIVE_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
+
+#### --drive-disable-http2
+
 Disable drive using http2.
-.PP
+
 There is currently an unsolved issue with the google drive backend and
-HTTP/2.
-HTTP/2 is therefore disabled by default for the drive backend but can be
-re-enabled here.
-When the issue is solved this flag will be removed.
-.PP
+HTTP/2.  HTTP/2 is therefore disabled by default for the drive backend
+but can be re-enabled here.  When the issue is solved this flag will
+be removed.
+
 See: https://github.com/rclone/rclone/issues/3631
-.PP
+
+
+
 Properties:
-.IP \[bu] 2
-Config: disable_http2
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_DISABLE_HTTP2
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: true
-.SS --drive-stop-on-upload-limit
-.PP
+
+- Config:      disable_http2
+- Env Var:     RCLONE_DRIVE_DISABLE_HTTP2
+- Type:        bool
+- Default:     true
+
+#### --drive-stop-on-upload-limit
+
 Make upload limit errors be fatal.
-.PP
+
 At the time of writing it is only possible to upload 750 GiB of data to
-Google Drive a day (this is an undocumented limit).
-When this limit is reached Google Drive produces a slightly different
-error message.
-When this flag is set it causes these errors to be fatal.
-These will stop the in-progress sync.
-.PP
+Google Drive a day (this is an undocumented limit). When this limit is
+reached Google Drive produces a slightly different error message. When
+this flag is set it causes these errors to be fatal.  These will stop
+the in-progress sync.
+
 Note that this detection is relying on error message strings which
 Google don\[aq]t document so it may break in the future.
-.PP
+
 See: https://github.com/rclone/rclone/issues/3857
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: stop_on_upload_limit
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-stop-on-download-limit
-.PP
+
+- Config:      stop_on_upload_limit
+- Env Var:     RCLONE_DRIVE_STOP_ON_UPLOAD_LIMIT
+- Type:        bool
+- Default:     false
+
+#### --drive-stop-on-download-limit
+
 Make download limit errors be fatal.
-.PP
-At the time of writing it is only possible to download 10 TiB of data
-from Google Drive a day (this is an undocumented limit).
-When this limit is reached Google Drive produces a slightly different
-error message.
-When this flag is set it causes these errors to be fatal.
-These will stop the in-progress sync.
-.PP
+
+At the time of writing it is only possible to download 10 TiB of data from
+Google Drive a day (this is an undocumented limit). When this limit is
+reached Google Drive produces a slightly different error message. When
+this flag is set it causes these errors to be fatal.  These will stop
+the in-progress sync.
+
 Note that this detection is relying on error message strings which
 Google don\[aq]t document so it may break in the future.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: stop_on_download_limit
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-skip-shortcuts
-.PP
+
+- Config:      stop_on_download_limit
+- Env Var:     RCLONE_DRIVE_STOP_ON_DOWNLOAD_LIMIT
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-shortcuts
+
 If set skip shortcut files.
-.PP
+
 Normally rclone dereferences shortcut files making them appear as if
-they are the original file (see the shortcuts section).
+they are the original file (see [the shortcuts section](#shortcuts)).
 If this flag is set then rclone will ignore shortcut files completely.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: skip_shortcuts
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SKIP_SHORTCUTS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-skip-dangling-shortcuts
-.PP
+
+- Config:      skip_shortcuts
+- Env Var:     RCLONE_DRIVE_SKIP_SHORTCUTS
+- Type:        bool
+- Default:     false
+
+#### --drive-skip-dangling-shortcuts
+
 If set skip dangling shortcut files.
-.PP
-If this is set then rclone will not show any dangling shortcuts in
-listings.
-.PP
+
+If this is set then rclone will not show any dangling shortcuts in listings.
+
+
 Properties:
-.IP \[bu] 2
-Config: skip_dangling_shortcuts
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --drive-resource-key
-.PP
+
+- Config:      skip_dangling_shortcuts
+- Env Var:     RCLONE_DRIVE_SKIP_DANGLING_SHORTCUTS
+- Type:        bool
+- Default:     false
+
+#### --drive-resource-key
+
 Resource key for accessing a link-shared file.
-.PP
+
 If you need to access files shared with a link like this
-.IP
-.nf
-\f[C]
-https://drive.google.com/drive/folders/XXX?resourcekey=YYY&usp=sharing
-\f[R]
-.fi
-.PP
-Then you will need to use the first part \[dq]XXX\[dq] as the
-\[dq]root_folder_id\[dq] and the second part \[dq]YYY\[dq] as the
-\[dq]resource_key\[dq] otherwise you will get 404 not found errors when
-trying to access the directory.
-.PP
+
+    https://drive.google.com/drive/folders/XXX?resourcekey=YYY&usp=sharing
+
+Then you will need to use the first part \[dq]XXX\[dq] as the \[dq]root_folder_id\[dq]
+and the second part \[dq]YYY\[dq] as the \[dq]resource_key\[dq] otherwise you will get
+404 not found errors when trying to access the directory.
+
 See: https://developers.google.com/drive/api/guides/resource-keys
-.PP
+
 This resource key requirement only applies to a subset of old files.
-.PP
+
 Note also that opening the folder once in the web interface (with the
-user you\[aq]ve authenticated rclone with) seems to be enough so that
-the resource key is no needed.
-.PP
+user you\[aq]ve authenticated rclone with) seems to be enough so that the
+resource key is not needed.
+
+
 Properties:
-.IP \[bu] 2
-Config: resource_key
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_RESOURCE_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --drive-encoding
-.PP
+
+- Config:      resource_key
+- Env Var:     RCLONE_DRIVE_RESOURCE_KEY
+- Type:        string
+- Required:    false
+
+#### --drive-fast-list-bug-fix
+
+Work around a bug in Google Drive listing.
+
+Normally rclone will work around a bug in Google Drive when using
+--fast-list (ListR) where the search \[dq](A in parents) or (B in
+parents)\[dq] returns nothing sometimes. See #3114, #4289 and
+https://issuetracker.google.com/issues/149522397
+
+Rclone detects this by finding no items in more than one directory
+when listing and retries them as lists of individual directories.
+
+This means that if you have a lot of empty directories rclone will end
+up listing them all individually and this can take many more API
+calls.
+
+This flag allows the work-around to be disabled. This is **not**
+recommended in normal use - only if you have a particular case you are
+having trouble with like many empty directories.
+
+
+Properties:
+
+- Config:      fast_list_bug_fix
+- Env Var:     RCLONE_DRIVE_FAST_LIST_BUG_FIX
+- Type:        bool
+- Default:     true
+
+#### --drive-metadata-owner
+
+Control whether owner should be read or written in metadata.
+
+Owner is a standard part of the file metadata so is easy to read. But it
+isn\[aq]t always desirable to set the owner from the metadata.
+
+Note that you can\[aq]t set the owner on Shared Drives, and that setting
+ownership will generate an email to the new owner (this can\[aq]t be
+disabled), and you can\[aq]t transfer ownership to someone outside your
+organization.
+
+
+Properties:
+
+- Config:      metadata_owner
+- Env Var:     RCLONE_DRIVE_METADATA_OWNER
+- Type:        Bits
+- Default:     read
+- Examples:
+    - \[dq]off\[dq]
+        - Do not read or write the value
+    - \[dq]read\[dq]
+        - Read the value only
+    - \[dq]write\[dq]
+        - Write the value only
+    - \[dq]read,write\[dq]
+        - Read and Write the value.
+
+#### --drive-metadata-permissions
+
+Control whether permissions should be read or written in metadata.
+
+Reading permissions metadata from files can be done quickly, but it
+isn\[aq]t always desirable to set the permissions from the metadata.
+
+Note that rclone drops any inherited permissions on Shared Drives and
+any owner permission on My Drives as these are duplicated in the owner
+metadata.
+
+
+Properties:
+
+- Config:      metadata_permissions
+- Env Var:     RCLONE_DRIVE_METADATA_PERMISSIONS
+- Type:        Bits
+- Default:     off
+- Examples:
+    - \[dq]off\[dq]
+        - Do not read or write the value
+    - \[dq]read\[dq]
+        - Read the value only
+    - \[dq]write\[dq]
+        - Write the value only
+    - \[dq]read,write\[dq]
+        - Read and Write the value.
+
+#### --drive-metadata-labels
+
+Control whether labels should be read or written in metadata.
+
+Reading labels metadata from files takes an extra API transaction and
+will slow down listings. It isn\[aq]t always desirable to set the labels
+from the metadata.
+
+The format of labels is documented in the drive API documentation at
+https://developers.google.com/drive/api/reference/rest/v3/Label -
+rclone just provides a JSON dump of this format.
+
+When setting labels, the label and fields must already exist - rclone
+will not create them. This means that if you are transferring labels
+from two different accounts you will have to create the labels in
+advance and use the metadata mapper to translate the IDs between the
+two accounts.
+
+
+Properties:
+
+- Config:      metadata_labels
+- Env Var:     RCLONE_DRIVE_METADATA_LABELS
+- Type:        Bits
+- Default:     off
+- Examples:
+    - \[dq]off\[dq]
+        - Do not read or write the value
+    - \[dq]read\[dq]
+        - Read the value only
+    - \[dq]write\[dq]
+        - Write the value only
+    - \[dq]read,write\[dq]
+        - Read and Write the value.
+
+#### --drive-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_DRIVE_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: InvalidUtf8
-.SS Backend commands
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_DRIVE_ENCODING
+- Type:        Encoding
+- Default:     InvalidUtf8
+
+#### --drive-env-auth
+
+Get IAM credentials from runtime (environment variables or instance meta data if no env vars).
+
+Only applies if service_account_file and service_account_credentials is blank.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_DRIVE_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - \[dq]false\[dq]
+        - Enter credentials in the next step.
+    - \[dq]true\[dq]
+        - Get GCP IAM credentials from the environment (env vars or IAM).
+
+### Metadata
+
+User metadata is stored in the properties field of the drive object.
+
+Here are the possible system metadata items for the drive backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation) with mS accuracy. Note that this is only writable on fresh uploads - it can\[aq]t be written for updates. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| content-type | The MIME type of the file. | string | text/plain | N |
+| copy-requires-writer-permission | Whether the options to copy, print, or download this file, should be disabled for readers and commenters. | boolean | true | N |
+| description | A short description of the file. | string | Contract for signing | N |
+| folder-color-rgb | The color for a folder or a shortcut to a folder as an RGB hex string. | string | 881133 | N |
+| labels | Labels attached to this file in a JSON dump of Googled drive format. Enable with --drive-metadata-labels. | JSON | [] | N |
+| mtime | Time of last modification with mS accuracy. | RFC 3339 | 2006-01-02T15:04:05.999Z07:00 | N |
+| owner | The owner of the file. Usually an email address. Enable with --drive-metadata-owner. | string | user\[at]example.com | N |
+| permissions | Permissions in a JSON dump of Google drive format. On shared drives these will only be present if they aren\[aq]t inherited. Enable with --drive-metadata-permissions. | JSON | {} | N |
+| starred | Whether the user has starred the file. | boolean | false | N |
+| viewed-by-me | Whether the file has been viewed by this user. | boolean | true | **Y** |
+| writers-can-share | Whether users with only writer permission can modify the file\[aq]s permissions. Not populated for items in shared drives. | boolean | false | N |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+## Backend commands
+
 Here are the commands specific to the drive backend.
-.PP
+
 Run them with
-.IP
-.nf
-\f[C]
-rclone backend COMMAND remote:
-\f[R]
-.fi
-.PP
+
+    rclone backend COMMAND remote:
+
 The help below will explain what arguments each command takes.
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more info on how to pass options and arguments.
-.PP
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
 These can be run on a running backend using the rc command
-backend/command (https://rclone.org/rc/#backend-command).
-.SS get
-.PP
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### get
+
 Get command for fetching the drive config parameters
-.IP
-.nf
-\f[C]
-rclone backend get remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
-This is a get command which will be used to fetch the various drive
-config parameters
-.PP
+
+    rclone backend get remote: [options] [<arguments>+]
+
+This is a get command which will be used to fetch the various drive config parameters
+
 Usage Examples:
-.IP
-.nf
-\f[C]
-rclone backend get drive: [-o service_account_file] [-o chunk_size]
-rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
-\f[R]
-.fi
-.PP
+
+    rclone backend get drive: [-o service_account_file] [-o chunk_size]
+    rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
+
+
 Options:
-.IP \[bu] 2
-\[dq]chunk_size\[dq]: show the current upload chunk size
-.IP \[bu] 2
-\[dq]service_account_file\[dq]: show the current service account file
-.SS set
-.PP
+
+- \[dq]chunk_size\[dq]: show the current upload chunk size
+- \[dq]service_account_file\[dq]: show the current service account file
+
+### set
+
 Set command for updating the drive config parameters
-.IP
-.nf
-\f[C]
-rclone backend set remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
-This is a set command which will be used to update the various drive
-config parameters
-.PP
+
+    rclone backend set remote: [options] [<arguments>+]
+
+This is a set command which will be used to update the various drive config parameters
+
 Usage Examples:
-.IP
-.nf
-\f[C]
-rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
-rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
-\f[R]
-.fi
-.PP
+
+    rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+    rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
+
+
 Options:
-.IP \[bu] 2
-\[dq]chunk_size\[dq]: update the current upload chunk size
-.IP \[bu] 2
-\[dq]service_account_file\[dq]: update the current service account file
-.SS shortcut
-.PP
+
+- \[dq]chunk_size\[dq]: update the current upload chunk size
+- \[dq]service_account_file\[dq]: update the current service account file
+
+### shortcut
+
 Create shortcuts from files or directories
-.IP
-.nf
-\f[C]
-rclone backend shortcut remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend shortcut remote: [options] [<arguments>+]
+
 This command creates shortcuts from files or directories.
-.PP
+
 Usage:
-.IP
-.nf
-\f[C]
-rclone backend shortcut drive: source_item destination_shortcut
-rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
-\f[R]
-.fi
-.PP
-In the first example this creates a shortcut from the
-\[dq]source_item\[dq] which can be a file or a directory to the
-\[dq]destination_shortcut\[dq].
-The \[dq]source_item\[dq] and the \[dq]destination_shortcut\[dq] should
-be relative paths from \[dq]drive:\[dq]
-.PP
-In the second example this creates a shortcut from the
-\[dq]source_item\[dq] relative to \[dq]drive:\[dq] to the
-\[dq]destination_shortcut\[dq] relative to \[dq]drive2:\[dq].
-This may fail with a permission error if the user authenticated with
-\[dq]drive2:\[dq] can\[aq]t read files from \[dq]drive:\[dq].
-.PP
+
+    rclone backend shortcut drive: source_item destination_shortcut
+    rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
+
+In the first example this creates a shortcut from the \[dq]source_item\[dq]
+which can be a file or a directory to the \[dq]destination_shortcut\[dq]. The
+\[dq]source_item\[dq] and the \[dq]destination_shortcut\[dq] should be relative paths
+from \[dq]drive:\[dq]
+
+In the second example this creates a shortcut from the \[dq]source_item\[dq]
+relative to \[dq]drive:\[dq] to the \[dq]destination_shortcut\[dq] relative to
+\[dq]drive2:\[dq]. This may fail with a permission error if the user
+authenticated with \[dq]drive2:\[dq] can\[aq]t read files from \[dq]drive:\[dq].
+
+
 Options:
-.IP \[bu] 2
-\[dq]target\[dq]: optional target remote for the shortcut destination
-.SS drives
-.PP
+
+- \[dq]target\[dq]: optional target remote for the shortcut destination
+
+### drives
+
 List the Shared Drives available to this account
-.IP
-.nf
-\f[C]
-rclone backend drives remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend drives remote: [options] [<arguments>+]
+
 This command lists the Shared Drives (Team Drives) available to this
 account.
-.PP
+
 Usage:
-.IP
-.nf
-\f[C]
-rclone backend [-o config] drives drive:
-\f[R]
-.fi
-.PP
+
+    rclone backend [-o config] drives drive:
+
 This will return a JSON list of objects like this
-.IP
-.nf
-\f[C]
-[
-    {
-        \[dq]id\[dq]: \[dq]0ABCDEF-01234567890\[dq],
-        \[dq]kind\[dq]: \[dq]drive#teamDrive\[dq],
-        \[dq]name\[dq]: \[dq]My Drive\[dq]
-    },
-    {
-        \[dq]id\[dq]: \[dq]0ABCDEFabcdefghijkl\[dq],
-        \[dq]kind\[dq]: \[dq]drive#teamDrive\[dq],
-        \[dq]name\[dq]: \[dq]Test Drive\[dq]
-    }
-]
-\f[R]
-.fi
-.PP
+
+    [
+        {
+            \[dq]id\[dq]: \[dq]0ABCDEF-01234567890\[dq],
+            \[dq]kind\[dq]: \[dq]drive#teamDrive\[dq],
+            \[dq]name\[dq]: \[dq]My Drive\[dq]
+        },
+        {
+            \[dq]id\[dq]: \[dq]0ABCDEFabcdefghijkl\[dq],
+            \[dq]kind\[dq]: \[dq]drive#teamDrive\[dq],
+            \[dq]name\[dq]: \[dq]Test Drive\[dq]
+        }
+    ]
+
 With the -o config parameter it will output the list in a format
-suitable for adding to a config file to make aliases for all the drives
-found and a combined drive.
-.IP
-.nf
-\f[C]
-[My Drive]
-type = alias
-remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
+suitable for adding to a config file to make aliases for all the
+drives found and a combined drive.
 
-[Test Drive]
-type = alias
-remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+    [My Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEF-01234567890,root_folder_id=:
 
-[AllDrives]
-type = combine
-upstreams = \[dq]My Drive=My Drive:\[dq] \[dq]Test Drive=Test Drive:\[dq]
-\f[R]
-.fi
-.PP
-Adding this to the rclone config file will cause those team drives to be
-accessible with the aliases shown.
-Any illegal characters will be substituted with \[dq]_\[dq] and
-duplicate names will have numbers suffixed.
+    [Test Drive]
+    type = alias
+    remote = drive,team_drive=0ABCDEFabcdefghijkl,root_folder_id=:
+
+    [AllDrives]
+    type = combine
+    upstreams = \[dq]My Drive=My Drive:\[dq] \[dq]Test Drive=Test Drive:\[dq]
+
+Adding this to the rclone config file will cause those team drives to
+be accessible with the aliases shown. Any illegal characters will be
+substituted with \[dq]_\[dq] and duplicate names will have numbers suffixed.
 It will also add a remote called AllDrives which shows all the shared
 drives combined into one directory tree.
-.SS untrash
-.PP
+
+
+### untrash
+
 Untrash files and directories
-.IP
-.nf
-\f[C]
-rclone backend untrash remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend untrash remote: [options] [<arguments>+]
+
 This command untrashes all the files and directories in the directory
 passed in recursively.
-.PP
+
 Usage:
-.PP
-This takes an optional directory to trash which make this easier to use
-via the API.
-.IP
-.nf
-\f[C]
-rclone backend untrash drive:directory
-rclone backend --interactive untrash drive:directory subdir
-\f[R]
-.fi
-.PP
-Use the --interactive/-i or --dry-run flag to see what would be restored
-before restoring it.
-.PP
+
+This takes an optional directory to trash which make this easier to
+use via the API.
+
+    rclone backend untrash drive:directory
+    rclone backend --interactive untrash drive:directory subdir
+
+Use the --interactive/-i or --dry-run flag to see what would be restored before restoring it.
+
 Result:
-.IP
-.nf
-\f[C]
-{
-    \[dq]Untrashed\[dq]: 17,
-    \[dq]Errors\[dq]: 0
-}
-\f[R]
-.fi
-.SS copyid
-.PP
+
+    {
+        \[dq]Untrashed\[dq]: 17,
+        \[dq]Errors\[dq]: 0
+    }
+
+
+### copyid
+
 Copy files by ID
-.IP
-.nf
-\f[C]
-rclone backend copyid remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend copyid remote: [options] [<arguments>+]
+
 This command copies files by ID
-.PP
+
 Usage:
-.IP
-.nf
-\f[C]
-rclone backend copyid drive: ID path
-rclone backend copyid drive: ID1 path1 ID2 path2
-\f[R]
-.fi
-.PP
+
+    rclone backend copyid drive: ID path
+    rclone backend copyid drive: ID1 path1 ID2 path2
+
 It copies the drive file with ID given to the path (an rclone path which
-will be passed internally to rclone copyto).
-The ID and path pairs can be repeated.
-.PP
-The path should end with a / to indicate copy the file as named to this
-directory.
-If it doesn\[aq]t end with a / then the last path component will be used
-as the file name.
-.PP
+will be passed internally to rclone copyto). The ID and path pairs can be
+repeated.
+
+The path should end with a / to indicate copy the file as named to
+this directory. If it doesn\[aq]t end with a / then the last path
+component will be used as the file name.
+
 If the destination is a drive backend then server-side copying will be
 attempted if possible.
-.PP
-Use the --interactive/-i or --dry-run flag to see what would be copied
-before copying.
-.SS exportformats
-.PP
+
+Use the --interactive/-i or --dry-run flag to see what would be copied before copying.
+
+
+### exportformats
+
 Dump the export formats for debug purposes
-.IP
-.nf
-\f[C]
-rclone backend exportformats remote: [options] [<arguments>+]
-\f[R]
-.fi
-.SS importformats
-.PP
+
+    rclone backend exportformats remote: [options] [<arguments>+]
+
+### importformats
+
 Dump the import formats for debug purposes
-.IP
-.nf
-\f[C]
-rclone backend importformats remote: [options] [<arguments>+]
-\f[R]
-.fi
-.SS Limitations
-.PP
-Drive has quite a lot of rate limiting.
-This causes rclone to be limited to transferring about 2 files per
-second only.
-Individual files may be transferred much faster at 100s of MiB/s but
-lots of small files can take a long time.
-.PP
-Server side copies are also subject to a separate rate limit.
-If you see User rate limit exceeded errors, wait at least 24 hours and
-retry.
-You can disable server-side copies with \f[C]--disable copy\f[R] to
-download and upload the files if you prefer.
-.SS Limitations of Google Docs
-.PP
-Google docs will appear as size -1 in \f[C]rclone ls\f[R],
-\f[C]rclone ncdu\f[R] etc, and as size 0 in anything which uses the VFS
-layer, e.g.
-\f[C]rclone mount\f[R] and \f[C]rclone serve\f[R].
-When calculating directory totals, e.g.
-in \f[C]rclone size\f[R] and \f[C]rclone ncdu\f[R], they will be counted
-in as empty files.
-.PP
+
+    rclone backend importformats remote: [options] [<arguments>+]
+
+
+
+## Limitations
+
+Drive has quite a lot of rate limiting.  This causes rclone to be
+limited to transferring about 2 files per second only.  Individual
+files may be transferred much faster at 100s of MiB/s but lots of
+small files can take a long time.
+
+Server side copies are also subject to a separate rate limit. If you
+see User rate limit exceeded errors, wait at least 24 hours and retry.
+You can disable server-side copies with \[ga]--disable copy\[ga] to download
+and upload the files if you prefer.
+
+### Limitations of Google Docs
+
+Google docs will appear as size -1 in \[ga]rclone ls\[ga], \[ga]rclone ncdu\[ga] etc,
+and as size 0 in anything which uses the VFS layer, e.g. \[ga]rclone mount\[ga]
+and \[ga]rclone serve\[ga]. When calculating directory totals, e.g. in
+\[ga]rclone size\[ga] and \[ga]rclone ncdu\[ga], they will be counted in as empty
+files.
+
 This is because rclone can\[aq]t find out the size of the Google docs
 without downloading them.
-.PP
-Google docs will transfer correctly with \f[C]rclone sync\f[R],
-\f[C]rclone copy\f[R] etc as rclone knows to ignore the size when doing
-the transfer.
-.PP
+
+Google docs will transfer correctly with \[ga]rclone sync\[ga], \[ga]rclone copy\[ga]
+etc as rclone knows to ignore the size when doing the transfer.
+
 However an unfortunate consequence of this is that you may not be able
-to download Google docs using \f[C]rclone mount\f[R].
-If it doesn\[aq]t work you will get a 0 sized file.
-If you try again the doc may gain its correct size and be downloadable.
-Whether it will work on not depends on the application accessing the
-mount and the OS you are running - experiment to find out if it does
-work for you!
-.SS Duplicated files
-.PP
+to download Google docs using \[ga]rclone mount\[ga]. If it doesn\[aq]t work you
+will get a 0 sized file.  If you try again the doc may gain its
+correct size and be downloadable. Whether it will work on not depends
+on the application accessing the mount and the OS you are running -
+experiment to find out if it does work for you!
+
+### Duplicated files
+
 Sometimes, for no reason I\[aq]ve been able to track down, drive will
-duplicate a file that rclone uploads.
-Drive unlike all the other remotes can have duplicated files.
-.PP
+duplicate a file that rclone uploads.  Drive unlike all the other
+remotes can have duplicated files.
+
 Duplicated files cause problems with the syncing and you will see
 messages in the log about duplicates.
-.PP
-Use \f[C]rclone dedupe\f[R] to fix duplicated files.
-.PP
-Note that this isn\[aq]t just a problem with rclone, even Google Photos
-on Android duplicates files on drive sometimes.
-.SS Rclone appears to be re-copying files it shouldn\[aq]t
-.PP
+
+Use \[ga]rclone dedupe\[ga] to fix duplicated files.
+
+Note that this isn\[aq]t just a problem with rclone, even Google Photos on
+Android duplicates files on drive sometimes.
+
+### Rclone appears to be re-copying files it shouldn\[aq]t
+
 The most likely cause of this is the duplicated file issue above - run
-\f[C]rclone dedupe\f[R] and check your logs for duplicate object or
-directory messages.
-.PP
-This can also be caused by a delay/caching on google drive\[aq]s end
-when comparing directory listings.
-Specifically with team drives used in combination with --fast-list.
-Files that were uploaded recently may not appear on the directory list
-sent to rclone when using --fast-list.
-.PP
+\[ga]rclone dedupe\[ga] and check your logs for duplicate object or directory
+messages.
+
+This can also be caused by a delay/caching on google drive\[aq]s end when
+comparing directory listings. Specifically with team drives used in
+combination with --fast-list. Files that were uploaded recently may
+not appear on the directory list sent to rclone when using --fast-list.
+
 Waiting a moderate period of time between attempts (estimated to be
 approximately 1 hour) and/or not using --fast-list both seem to be
 effective in preventing the problem.
-.SS Making your own client_id
-.PP
+
+### SHA1 or SHA256 hashes may be missing
+
+All files have MD5 hashes, but a small fraction of files uploaded may
+not have SHA1 or SHA256 hashes especially if they were uploaded before 2018.
+
+## Making your own client_id
+
 When you use rclone with Google drive in its default configuration you
-are using rclone\[aq]s client_id.
-This is shared between all the rclone users.
-There is a global rate limit on the number of queries per second that
-each client_id can do set by Google.
-rclone already has a high quota and I will continue to make sure it is
-high enough by contacting Google.
-.PP
-It is strongly recommended to use your own client ID as the default
-rclone ID is heavily used.
-If you have multiple services running, it is recommended to use an API
-key for each service.
-The default Google quota is 10 transactions per second so it is
-recommended to stay under that number as if you use more than that, it
-will cause rclone to rate limit and make things slower.
-.PP
+are using rclone\[aq]s client_id.  This is shared between all the rclone
+users.  There is a global rate limit on the number of queries per
+second that each client_id can do set by Google.  rclone already has a
+high quota and I will continue to make sure it is high enough by
+contacting Google.
+
+It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.
+
 Here is how to create your own Google Drive client ID for rclone:
-.IP " 1." 4
-Log into the Google API Console (https://console.developers.google.com/)
-with your Google account.
-It doesn\[aq]t matter what Google account you use.
-(It need not be the same account as the Google Drive you want to access)
-.IP " 2." 4
-Select a project or create a new project.
-.IP " 3." 4
-Under \[dq]ENABLE APIS AND SERVICES\[dq] search for \[dq]Drive\[dq], and
-enable the \[dq]Google Drive API\[dq].
-.IP " 4." 4
-Click \[dq]Credentials\[dq] in the left-side panel (not \[dq]Create
-credentials\[dq], which opens the wizard), then \[dq]Create
-credentials\[dq]
-.IP " 5." 4
-If you already configured an \[dq]Oauth Consent Screen\[dq], then skip
-to the next step; if not, click on \[dq]CONFIGURE CONSENT SCREEN\[dq]
-button (near the top right corner of the right panel), then select
-\[dq]External\[dq] and click on \[dq]CREATE\[dq]; on the next screen,
-enter an \[dq]Application name\[dq] (\[dq]rclone\[dq] is OK); enter
-\[dq]User Support Email\[dq] (your own email is OK); enter
-\[dq]Developer Contact Email\[dq] (your own email is OK); then click on
-\[dq]Save\[dq] (all other data is optional).
-You will also have to add some scopes, including \f[C].../auth/docs\f[R]
-and \f[C].../auth/drive\f[R] in order to be able to edit, create and
-delete files with RClone.
-You may also want to include the
-\f[C]../auth/drive.metadata.readonly\f[R] scope.
-After adding scopes, click \[dq]Save and continue\[dq] to add test
-users.
-Be sure to add your own account to the test users.
-Once you\[aq]ve added yourself as a test user and saved the changes,
-click again on \[dq]Credentials\[dq] on the left panel to go back to the
-\[dq]Credentials\[dq] screen.
-.RS 4
-.PP
-(PS: if you are a GSuite user, you could also select \[dq]Internal\[dq]
-instead of \[dq]External\[dq] above, but this will restrict API use to
-Google Workspace users in your organisation).
-.RE
-.IP " 6." 4
-Click on the \[dq]+ CREATE CREDENTIALS\[dq] button at the top of the
-screen, then select \[dq]OAuth client ID\[dq].
-.IP " 7." 4
-Choose an application type of \[dq]Desktop app\[dq] and click
-\[dq]Create\[dq].
-(the default name is fine)
-.IP " 8." 4
-It will show you a client ID and client secret.
-Make a note of these.
-.RS 4
-.PP
-(If you selected \[dq]External\[dq] at Step 5 continue to Step 9.
-If you chose \[dq]Internal\[dq] you don\[aq]t need to publish and can
-skip straight to Step 10 but your destination drive must be part of the
-same Google Workspace.)
-.RE
-.IP " 9." 4
-Go to \[dq]Oauth consent screen\[dq] and then click \[dq]PUBLISH
-APP\[dq] button and confirm.
-You will also want to add yourself as a test user.
-.IP "10." 4
-Provide the noted client ID and client secret to rclone.
-.PP
-Be aware that, due to the \[dq]enhanced security\[dq] recently
-introduced by Google, you are theoretically expected to \[dq]submit your
-app for verification\[dq] and then wait a few weeks(!) for their
-response; in practice, you can go right ahead and use the client ID and
-client secret with rclone, the only issue will be a very scary
-confirmation screen shown when you connect via your browser for rclone
-to be able to get its token-id (but as this only happens during the
-remote configuration, it\[aq]s not such a big deal).
-Keeping the application in \[dq]Testing\[dq] will work as well, but the
-limitation is that any grants will expire after a week, which can be
-annoying to refresh constantly.
-If, for whatever reason, a short grant time is not a problem, then
-keeping the application in testing mode would also be sufficient.
-.PP
+
+1. Log into the [Google API
+Console](https://console.developers.google.com/) with your Google
+account. It doesn\[aq]t matter what Google account you use. (It need not
+be the same account as the Google Drive you want to access)
+
+2. Select a project or create a new project.
+
+3. Under \[dq]ENABLE APIS AND SERVICES\[dq] search for \[dq]Drive\[dq], and enable the
+\[dq]Google Drive API\[dq].
+
+4. Click \[dq]Credentials\[dq] in the left-side panel (not \[dq]Create
+credentials\[dq], which opens the wizard).
+
+5. If you already configured an \[dq]Oauth Consent Screen\[dq], then skip
+to the next step; if not, click on \[dq]CONFIGURE CONSENT SCREEN\[dq] button 
+(near the top right corner of the right panel), then select \[dq]External\[dq]
+and click on \[dq]CREATE\[dq]; on the next screen, enter an \[dq]Application name\[dq]
+(\[dq]rclone\[dq] is OK); enter \[dq]User Support Email\[dq] (your own email is OK); 
+enter \[dq]Developer Contact Email\[dq] (your own email is OK); then click on
+\[dq]Save\[dq] (all other data is optional). You will also have to add some scopes,
+including \[ga].../auth/docs\[ga] and \[ga].../auth/drive\[ga] in order to be able to edit,
+create and delete files with RClone. You may also want to include the
+\[ga]../auth/drive.metadata.readonly\[ga] scope. After adding scopes, click
+\[dq]Save and continue\[dq] to add test users. Be sure to add your own account to
+the test users. Once you\[aq]ve added yourself as a test user and saved the
+changes, click again on \[dq]Credentials\[dq] on the left panel to go back to
+the \[dq]Credentials\[dq] screen.
+
+   (PS: if you are a GSuite user, you could also select \[dq]Internal\[dq] instead
+of \[dq]External\[dq] above, but this will restrict API use to Google Workspace 
+users in your organisation). 
+
+6.  Click on the \[dq]+ CREATE CREDENTIALS\[dq] button at the top of the screen,
+then select \[dq]OAuth client ID\[dq].
+
+7. Choose an application type of \[dq]Desktop app\[dq] and click \[dq]Create\[dq]. (the default name is fine)
+
+8. It will show you a client ID and client secret. Make a note of these.
+   
+   (If you selected \[dq]External\[dq] at Step 5 continue to Step 9. 
+   If you chose \[dq]Internal\[dq] you don\[aq]t need to publish and can skip straight to
+   Step 10 but your destination drive must be part of the same Google Workspace.)
+
+9. Go to \[dq]Oauth consent screen\[dq] and then click \[dq]PUBLISH APP\[dq] button and confirm.
+   You will also want to add yourself as a test user.
+
+10. Provide the noted client ID and client secret to rclone.
+
+Be aware that, due to the \[dq]enhanced security\[dq] recently introduced by
+Google, you are theoretically expected to \[dq]submit your app for verification\[dq]
+and then wait a few weeks(!) for their response; in practice, you can go right
+ahead and use the client ID and client secret with rclone, the only issue will
+be a very scary confirmation screen shown when you connect via your browser 
+for rclone to be able to get its token-id (but as this only happens during 
+the remote configuration, it\[aq]s not such a big deal). Keeping the application in
+\[dq]Testing\[dq] will work as well, but the limitation is that any grants will expire
+after a week, which can be annoying to refresh constantly. If, for whatever
+reason, a short grant time is not a problem, then keeping the application in
+testing mode would also be sufficient.
+
 (Thanks to \[at]balazer on github for these instructions.)
-.PP
-Sometimes, creation of an OAuth consent in Google API Console fails due
-to an error message \[lq]The request failed because changes to one of
-the field of the resource is not supported\[rq].
-As a convenient workaround, the necessary Google Drive API key can be
-created on the Python
-Quickstart (https://developers.google.com/drive/api/v3/quickstart/python)
-page.
-Just push the Enable the Drive API button to receive the Client ID and
-Secret.
+
+Sometimes, creation of an OAuth consent in Google API Console fails due to an error message
+\[lq]The request failed because changes to one of the field of the resource is not supported\[rq].
+As a convenient workaround, the necessary Google Drive API key can be created on the
+[Python Quickstart](https://developers.google.com/drive/api/v3/quickstart/python) page.
+Just push the Enable the Drive API button to receive the Client ID and Secret.
 Note that it will automatically create a new project in the API Console.
-.SH Google Photos
-.PP
-The rclone backend for Google
-Photos (https://www.google.com/photos/about/) is a specialized backend
-for transferring photos and videos to and from Google Photos.
-.PP
-\f[B]NB\f[R] The Google Photos API which rclone uses has quite a few
-limitations, so please read the limitations section carefully to make
-sure it is suitable for your use.
-.SS Configuration
-.PP
-The initial setup for google cloud storage involves getting a token from
-Google Photos which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+
+#  Google Photos
+
+The rclone backend for [Google Photos](https://www.google.com/photos/about/) is
+a specialized backend for transferring photos and videos to and from
+Google Photos.
+
+**NB** The Google Photos API which rclone uses has quite a few
+limitations, so please read the [limitations section](#limitations)
+carefully to make sure it is suitable for your use.
+
+## Configuration
+
+The initial setup for google cloud storage involves getting a token from Google Photos
+which you need to do in your browser.  \[ga]rclone config\[ga] walks you
+through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Google Photos
-   \[rs] \[dq]google photos\[dq]
-[snip]
-Storage> google photos
-** See help for google photos backend at: https://rclone.org/googlephotos/ **
-
-Google Application Client Id
-Leave blank normally.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-client_id> 
-Google Application Client Secret
-Leave blank normally.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-client_secret> 
-Set to make the Google Photos backend read only.
-
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX / Google
+Photos \ \[dq]google photos\[dq] [snip] Storage> google photos ** See
+help for google photos backend at: https://rclone.org/googlephotos/ **
+.PP
+Google Application Client Id Leave blank normally.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+client_id> Google Application Client Secret Leave blank normally.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+client_secret> Set to make the Google Photos backend read only.
+.PP
 If you choose read only then rclone will only request read only access
 to your photos, otherwise rclone will request full access.
-Enter a boolean value (true or false). Press Enter for the default (\[dq]false\[dq]).
-read_only> 
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
+Enter a boolean value (true or false).
+Press Enter for the default (\[dq]false\[dq]).
+read_only> Edit advanced config?
+(y/n) y) Yes n) No y/n> n Remote config Use web browser to automatically
+authenticate rclone with remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y) Yes n) No y/n> y If your browser doesn\[aq]t open automatically go to
+the following link: http://127.0.0.1:53682/auth Log in and authorize
+rclone for access Waiting for code...
 Got code
-
-*** IMPORTANT: All media items uploaded to Google Photos with rclone
-*** are stored in full resolution at original quality.  These uploads
-*** will count towards storage in your Google Account.
-
---------------------
-[remote]
-type = google photos
-token = {\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2019-06-28T17:38:04.644930156+01:00\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
 .PP
+*** IMPORTANT: All media items uploaded to Google Photos with rclone ***
+are stored in full resolution at original quality.
+These uploads *** will count towards storage in your Google Account.
+.PP
+.TS
+tab(@);
+lw(20.4n).
+T{
+[remote] type = google photos token =
+{\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2019-06-28T17:38:04.644930156+01:00\[dq]}
+T}
+_
+T{
+y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y
+\[ga]\[ga]\[ga]
+T}
+T{
 See the remote setup docs (https://rclone.org/remote_setup/) for how to
 set it up on a machine with no Internet browser available.
-.PP
+T}
+T{
 Note that rclone runs a webserver on your local machine to collect the
 token as returned from Google if using web browser to automatically
 authenticate.
@@ -41717,46 +42666,43 @@ get back the verification code.
 This is on \f[C]http://127.0.0.1:53682/\f[R] and this may require you to
 unblock it temporarily if you are running a host firewall, or use manual
 mode.
-.PP
+T}
+T{
 This remote is called \f[C]remote\f[R] and can now be used like this
-.PP
+T}
+T{
 See all the albums in your photos
-.IP
-.nf
-\f[C]
+T}
+T{
 rclone lsd remote:album
-\f[R]
-.fi
-.PP
+T}
+T{
 Make a new album
-.IP
-.nf
-\f[C]
+T}
+T{
 rclone mkdir remote:album/newAlbum
-\f[R]
-.fi
-.PP
+T}
+T{
 List the contents of an album
-.IP
-.nf
-\f[C]
+T}
+T{
 rclone ls remote:album/newAlbum
-\f[R]
-.fi
-.PP
+T}
+T{
 Sync \f[C]/home/local/images\f[R] to the Google Photos, removing any
 excess files in the album.
-.IP
-.nf
-\f[C]
+T}
+T{
 rclone sync --interactive /home/local/image remote:album/newAlbum
-\f[R]
-.fi
-.SS Layout
-.PP
+T}
+T{
+### Layout
+T}
+T{
 As Google Photos is not a general purpose cloud storage system, the
 backend is laid out to help you navigate it.
-.PP
+T}
+T{
 The directories under \f[C]media\f[R] show different ways of
 categorizing the media.
 Each file will appear multiple times.
@@ -41764,65 +42710,20 @@ So if you want to make a backup of your google photos you might choose
 to backup \f[C]remote:media/by-month\f[R].
 (\f[B]NB\f[R] \f[C]remote:media/by-day\f[R] is rather slow at the moment
 so avoid for syncing.)
-.PP
+T}
+T{
 Note that all your photos and videos will appear somewhere under
 \f[C]media\f[R], but they may not appear under \f[C]album\f[R] unless
 you\[aq]ve put them into albums.
-.IP
-.nf
-\f[C]
-/
-- upload
-    - file1.jpg
-    - file2.jpg
-    - ...
-- media
-    - all
-        - file1.jpg
-        - file2.jpg
-        - ...
-    - by-year
-        - 2000
-            - file1.jpg
-            - ...
-        - 2001
-            - file2.jpg
-            - ...
-        - ...
-    - by-month
-        - 2000
-            - 2000-01
-                - file1.jpg
-                - ...
-            - 2000-02
-                - file2.jpg
-                - ...
-        - ...
-    - by-day
-        - 2000
-            - 2000-01-01
-                - file1.jpg
-                - ...
-            - 2000-01-02
-                - file2.jpg
-                - ...
-        - ...
-- album
-    - album name
-    - album name/sub
-- shared-album
-    - album name
-    - album name/sub
-- feature
-    - favorites
-        - file1.jpg
-        - file2.jpg
-\f[R]
-.fi
-.PP
+T}
+T{
+\f[C]/ - upload - file1.jpg - file2.jpg - ... - media - all - file1.jpg - file2.jpg - ... - by-year - 2000 - file1.jpg - ... - 2001 - file2.jpg - ... - ... - by-month - 2000 - 2000-01 - file1.jpg - ... - 2000-02 - file2.jpg - ... - ... - by-day - 2000 - 2000-01-01 - file1.jpg - ... - 2000-01-02 - file2.jpg - ... - ... - album - album name - album name/sub - shared-album - album name - album name/sub - feature - favorites - file1.jpg - file2.jpg\f[R]
+T}
+T{
 There are two writable parts of the tree, the \f[C]upload\f[R] directory
 and sub directories of the \f[C]album\f[R] directory.
-.PP
+T}
+T{
 The \f[C]upload\f[R] directory is for uploading files you don\[aq]t want
 to put into albums.
 This will be empty to start with and will contain the files you\[aq]ve
@@ -41831,279 +42732,392 @@ restart rclone.
 The use case for this would be if you have a load of files you just want
 to once off dump into Google Photos.
 For repeated syncing, uploading to \f[C]album\f[R] will work better.
-.PP
+T}
+T{
 Directories within the \f[C]album\f[R] directory are also writeable and
 you may create new directories (albums) under \f[C]album\f[R].
 If you copy files with a directory hierarchy in there then rclone will
 create albums with the \f[C]/\f[R] character in them.
 For example if you do
-.IP
-.nf
-\f[C]
+T}
+T{
 rclone copy /path/to/images remote:album/images
-\f[R]
-.fi
-.PP
+T}
+T{
 and the images directory contains
-.IP
-.nf
-\f[C]
-images
-    - file1.jpg
-    dir
-        file2.jpg
-    dir2
-        dir3
-            file3.jpg
-\f[R]
-.fi
-.PP
+T}
+T{
+\f[C]images - file1.jpg dir file2.jpg dir2 dir3 file3.jpg\f[R]
+T}
+T{
 Then rclone will create the following albums with the following files in
-.IP \[bu] 2
-images
-.RS 2
-.IP \[bu] 2
-file1.jpg
-.RE
-.IP \[bu] 2
-images/dir
-.RS 2
-.IP \[bu] 2
-file2.jpg
-.RE
-.IP \[bu] 2
-images/dir2/dir3
-.RS 2
-.IP \[bu] 2
+T}
+T{
+- images - file1.jpg - images/dir - file2.jpg - images/dir2/dir3 -
 file3.jpg
-.RE
-.PP
+T}
+T{
 This means that you can use the \f[C]album\f[R] path pretty much like a
 normal filesystem and it is a good target for repeated syncing.
-.PP
+T}
+T{
 The \f[C]shared-album\f[R] directory shows albums shared with you or by
 you.
 This is similar to the Sharing tab in the Google Photos web interface.
-.SS Standard options
-.PP
+T}
+T{
+### Standard options
+T}
+T{
 Here are the Standard options specific to google photos (Google Photos).
-.SS --gphotos-client-id
-.PP
+T}
+T{
+#### --gphotos-client-id
+T}
+T{
 OAuth Client Id.
-.PP
+T}
+T{
 Leave blank normally.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
+T}
+T{
+- Config: client_id - Env Var: RCLONE_GPHOTOS_CLIENT_ID - Type: string -
 Required: false
-.SS --gphotos-client-secret
-.PP
+T}
+T{
+#### --gphotos-client-secret
+T}
+T{
 OAuth Client Secret.
-.PP
+T}
+T{
 Leave blank normally.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --gphotos-read-only
-.PP
+T}
+T{
+- Config: client_secret - Env Var: RCLONE_GPHOTOS_CLIENT_SECRET - Type:
+string - Required: false
+T}
+T{
+#### --gphotos-read-only
+T}
+T{
 Set to make the Google Photos backend read only.
-.PP
+T}
+T{
 If you choose read only then rclone will only request read only access
 to your photos, otherwise rclone will request full access.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: read_only
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_READ_ONLY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
+T}
+T{
+- Config: read_only - Env Var: RCLONE_GPHOTOS_READ_ONLY - Type: bool -
 Default: false
-.SS Advanced options
-.PP
+T}
+T{
+### Advanced options
+T}
+T{
 Here are the Advanced options specific to google photos (Google Photos).
-.SS --gphotos-token
-.PP
+T}
+T{
+#### --gphotos-token
+T}
+T{
 OAuth Access Token as a JSON blob.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
+T}
+T{
+- Config: token - Env Var: RCLONE_GPHOTOS_TOKEN - Type: string -
 Required: false
-.SS --gphotos-auth-url
-.PP
+T}
+T{
+#### --gphotos-auth-url
+T}
+T{
 Auth server URL.
-.PP
+T}
+T{
 Leave blank to use the provider defaults.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
+T}
+T{
+- Config: auth_url - Env Var: RCLONE_GPHOTOS_AUTH_URL - Type: string -
 Required: false
-.SS --gphotos-token-url
-.PP
+T}
+T{
+#### --gphotos-token-url
+T}
+T{
 Token server url.
-.PP
+T}
+T{
 Leave blank to use the provider defaults.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
+T}
+T{
+- Config: token_url - Env Var: RCLONE_GPHOTOS_TOKEN_URL - Type: string -
 Required: false
-.SS --gphotos-read-size
-.PP
+T}
+T{
+#### --gphotos-read-size
+T}
+T{
 Set to read the size of media items.
-.PP
+T}
+T{
 Normally rclone does not read the size of media items since this takes
 another transaction.
 This isn\[aq]t necessary for syncing.
 However rclone mount needs to know the size of files in advance of
 reading them, so setting this flag when using rclone mount is
 recommended if you want to read the media.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: read_size
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_READ_SIZE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
+T}
+T{
+- Config: read_size - Env Var: RCLONE_GPHOTOS_READ_SIZE - Type: bool -
 Default: false
-.SS --gphotos-start-year
-.PP
+T}
+T{
+#### --gphotos-start-year
+T}
+T{
 Year limits the photos to be downloaded to those which are uploaded
 after the given year.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: start_year
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_START_YEAR
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
+T}
+T{
+- Config: start_year - Env Var: RCLONE_GPHOTOS_START_YEAR - Type: int -
 Default: 2000
-.SS --gphotos-include-archived
-.PP
+T}
+T{
+#### --gphotos-include-archived
+T}
+T{
 Also view and download archived media.
-.PP
+T}
+T{
 By default, rclone does not request archived media.
 Thus, when syncing, archived media is not visible in directory listings
 or transferred.
-.PP
+T}
+T{
 Note that media in albums is always visible and synced, no matter their
 archive status.
-.PP
+T}
+T{
 With this flag, archived media are always visible in directory listings
 and transferred.
-.PP
+T}
+T{
 Without this flag, archived media will not be visible in directory
 listings and won\[aq]t be transferred.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: include_archived
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_INCLUDE_ARCHIVED
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --gphotos-encoding
-.PP
+T}
+T{
+- Config: include_archived - Env Var: RCLONE_GPHOTOS_INCLUDE_ARCHIVED -
+Type: bool - Default: false
+T}
+T{
+#### --gphotos-encoding
+T}
+T{
 The encoding for the backend.
-.PP
+T}
+T{
 See the encoding section in the
 overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+T}
+T{
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_GPHOTOS_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
+T}
+T{
+- Config: encoding - Env Var: RCLONE_GPHOTOS_ENCODING - Type: Encoding -
 Default: Slash,CrLf,InvalidUtf8,Dot
-.SS Limitations
-.PP
+T}
+T{
+#### --gphotos-batch-mode
+T}
+T{
+Upload file batching sync|async|off.
+T}
+T{
+This sets the batch mode used by rclone.
+T}
+T{
+This has 3 possible values
+T}
+T{
+- off - no batching - sync - batch uploads and check completion
+(default) - async - batch upload and don\[aq]t check completion
+T}
+T{
+Rclone will close any outstanding batches when it exits which may make a
+delay on quit.
+T}
+T{
+Properties:
+T}
+T{
+- Config: batch_mode - Env Var: RCLONE_GPHOTOS_BATCH_MODE - Type: string
+- Default: \[dq]sync\[dq]
+T}
+T{
+#### --gphotos-batch-size
+T}
+T{
+Max number of files in upload batch.
+T}
+T{
+This sets the batch size of files to upload.
+It has to be less than 50.
+T}
+T{
+By default this is 0 which means rclone which calculate the batch size
+depending on the setting of batch_mode.
+T}
+T{
+- batch_mode: async - default batch_size is 50 - batch_mode: sync -
+default batch_size is the same as --transfers - batch_mode: off - not in
+use
+T}
+T{
+Rclone will close any outstanding batches when it exits which may make a
+delay on quit.
+T}
+T{
+Setting this is a great idea if you are uploading lots of small files as
+it will make them a lot quicker.
+You can use --transfers 32 to maximise throughput.
+T}
+T{
+Properties:
+T}
+T{
+- Config: batch_size - Env Var: RCLONE_GPHOTOS_BATCH_SIZE - Type: int -
+Default: 0
+T}
+T{
+#### --gphotos-batch-timeout
+T}
+T{
+Max time to allow an idle upload batch before uploading.
+T}
+T{
+If an upload batch is idle for more than this long then it will be
+uploaded.
+T}
+T{
+The default for this is 0 which means rclone will choose a sensible
+default based on the batch_mode in use.
+T}
+T{
+- batch_mode: async - default batch_timeout is 10s - batch_mode: sync -
+default batch_timeout is 1s - batch_mode: off - not in use
+T}
+T{
+Properties:
+T}
+T{
+- Config: batch_timeout - Env Var: RCLONE_GPHOTOS_BATCH_TIMEOUT - Type:
+Duration - Default: 0s
+T}
+T{
+#### --gphotos-batch-commit-timeout
+T}
+T{
+Max time to wait for a batch to finish committing
+T}
+T{
+Properties:
+T}
+T{
+- Config: batch_commit_timeout - Env Var:
+RCLONE_GPHOTOS_BATCH_COMMIT_TIMEOUT - Type: Duration - Default: 10m0s
+T}
+T{
+## Limitations
+T}
+T{
 Only images and videos can be uploaded.
 If you attempt to upload non videos or images or formats that Google
 Photos doesn\[aq]t understand, rclone will upload the file, then Google
 Photos will give an error when it is put turned into a media item.
-.PP
+T}
+T{
 Note that all media items uploaded to Google Photos through the API are
 stored in full resolution at \[dq]original quality\[dq] and
 \f[B]will\f[R] count towards your storage quota in your Google Account.
 The API does \f[B]not\f[R] offer a way to upload in \[dq]high
 quality\[dq] mode..
-.PP
+T}
+T{
 \f[C]rclone about\f[R] is not supported by the Google Photos backend.
 Backends without this capability cannot determine free space for an
 rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
 of an rclone union remote.
-.PP
+T}
+T{
 See List of backends that do not support rclone
 about (https://rclone.org/overview/#optional-features) See rclone
 about (https://rclone.org/commands/rclone_about/)
-.SS Downloading Images
-.PP
+T}
+T{
+### Downloading Images
+T}
+T{
 When Images are downloaded this strips EXIF location (according to the
 docs and my tests).
 This is a limitation of the Google Photos API and is covered by bug
 #112096115 (https://issuetracker.google.com/issues/112096115).
-.PP
+T}
+T{
 \f[B]The current google API does not allow photos to be downloaded at
 original resolution. This is very important if you are, for example,
 relying on \[dq]Google Photos\[dq] as a backup of your photos. You will
 not be able to use rclone to redownload original images. You could use
 \[aq]google takeout\[aq] to recover the original photos as a last
 resort\f[R]
-.SS Downloading Videos
-.PP
+T}
+T{
+### Downloading Videos
+T}
+T{
 When videos are downloaded they are downloaded in a really compressed
 version of the video compared to downloading it via the Google Photos
 web interface.
 This is covered by bug
 #113672044 (https://issuetracker.google.com/issues/113672044).
-.SS Duplicates
-.PP
+T}
+T{
+### Duplicates
+T}
+T{
 If a file name is duplicated in a directory then rclone will add the
 file ID into its name.
 So two files called \f[C]file.jpg\f[R] would then appear as
 \f[C]file {123456}.jpg\f[R] and \f[C]file {ABCDEF}.jpg\f[R] (the actual
 IDs are a lot longer alas!).
-.PP
+T}
+T{
 If you upload the same image (with the same binary data) twice then
 Google Photos will deduplicate it.
 However it will retain the filename from the first upload which may
@@ -42113,8427 +43127,7590 @@ the same image to \f[C]album/my_album\f[R] the filename of the image in
 \f[C]album/my_album\f[R] will be what it was uploaded with initially,
 not what you uploaded it with to \f[C]album\f[R].
 In practise this shouldn\[aq]t cause too many problems.
-.SS Modified time
-.PP
+T}
+T{
+### Modification times
+T}
+T{
 The date shown of media in Google Photos is the creation date as
 determined by the EXIF information, or the upload date if that is not
 known.
-.PP
+T}
+T{
 This is not changeable by rclone and is not the modification date of the
 media on local disk.
 This means that rclone cannot use the dates from Google Photos for
 syncing purposes.
-.SS Size
-.PP
+T}
+T{
+### Size
+T}
+T{
 The Google Photos API does not return the size of media.
 This means that when syncing to Google Photos, rclone can only do a file
 existence check.
-.PP
+T}
+T{
 It is possible to read the size of the media, but this needs an extra
 HTTP HEAD request per media item so is \f[B]very slow\f[R] and uses up a
 lot of transactions.
 This can be enabled with the \f[C]--gphotos-read-size\f[R] option or the
 \f[C]read_size = true\f[R] config parameter.
-.PP
+T}
+T{
 If you want to use the backend with \f[C]rclone mount\f[R] you may need
 to enable this flag (depending on your OS and application using the
-photos) otherwise you may not be able to read media off the mount.
-You\[aq]ll need to experiment to see if it works for you without the
-flag.
-.SS Albums
-.PP
-Rclone can only upload files to albums it created.
-This is a limitation of the Google Photos
-API (https://developers.google.com/photos/library/guides/manage-albums).
-.PP
-Rclone can remove files it uploaded from albums it created only.
-.SS Deleting files
-.PP
-Rclone can remove files from albums it created, but note that the Google
-Photos API does not allow media to be deleted permanently so this media
-will still remain.
-See bug #109759781 (https://issuetracker.google.com/issues/109759781).
-.PP
-Rclone cannot delete files anywhere except under \f[C]album\f[R].
-.SS Deleting albums
-.PP
-The Google Photos API does not support deleting albums - see bug
-#135714733 (https://issuetracker.google.com/issues/135714733).
-.SH Hasher
-.PP
-Hasher is a special overlay backend to create remotes which handle
-checksums for other remotes.
-It\[aq]s main functions include: - Emulate hash types unimplemented by
-backends - Cache checksums to help with slow hashing of large local or
-(S)FTP files - Warm up checksum cache from external SUM files
-.SS Getting started
-.PP
-To use Hasher, first set up the underlying remote following the
-configuration instructions for that remote.
-You can also use a local pathname instead of a remote.
-Check that your base remote is working.
-.PP
-Let\[aq]s call the base remote \f[C]myRemote:path\f[R] here.
-Note that anything inside \f[C]myRemote:path\f[R] will be handled by
-hasher and anything outside won\[aq]t.
-This means that if you are using a bucket based remote (S3, B2, Swift)
-then you should put the bucket in the remote \f[C]s3:bucket\f[R].
-.PP
-Now proceed to interactive or manual configuration.
-.SS Interactive configuration
-.PP
-Run \f[C]rclone config\f[R]:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> Hasher1
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Handle checksums for other remotes
-   \[rs] \[dq]hasher\[dq]
-[snip]
-Storage> hasher
-Remote to cache checksums for, like myremote:mypath.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-remote> myRemote:path
-Comma separated list of supported checksum types.
-Enter a string value. Press Enter for the default (\[dq]md5,sha1\[dq]).
-hashsums> md5
-Maximum time to keep checksums in cache. 0 = no cache, off = cache forever.
-max_age> off
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
---------------------
-[Hasher1]
-type = hasher
-remote = myRemote:path
-hashsums = md5
-max_age = off
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.SS Manual configuration
-.PP
-Run \f[C]rclone config path\f[R] to see the path of current active
-config file, usually \f[C]YOURHOME/.config/rclone/rclone.conf\f[R].
-Open it in your favorite text editor, find section for the base remote
-and create new section for hasher like in the following examples:
-.IP
-.nf
-\f[C]
-[Hasher1]
-type = hasher
-remote = myRemote:path
-hashes = md5
-max_age = off
-
-[Hasher2]
-type = hasher
-remote = /local/path
-hashes = dropbox,sha1
-max_age = 24h
-\f[R]
-.fi
-.PP
-Hasher takes basically the following parameters: - \f[C]remote\f[R] is
-required, - \f[C]hashes\f[R] is a comma separated list of supported
-checksums (by default \f[C]md5,sha1\f[R]), - \f[C]max_age\f[R] - maximum
-time to keep a checksum value in the cache, \f[C]0\f[R] will disable
-caching completely, \f[C]off\f[R] will cache \[dq]forever\[dq] (that is
-until the files get changed).
-.PP
-Make sure the \f[C]remote\f[R] has \f[C]:\f[R] (colon) in.
-If you specify the remote without a colon then rclone will use a local
-directory of that name.
-So if you use a remote of \f[C]/local/path\f[R] then rclone will handle
-hashes for that directory.
-If you use \f[C]remote = name\f[R] literally then rclone will put files
-\f[B]in a directory called \f[CB]name\f[B] located under current
-directory\f[R].
-.SS Usage
-.SS Basic operations
-.PP
-Now you can use it as \f[C]Hasher2:subdir/file\f[R] instead of base
-remote.
-Hasher will transparently update cache with new checksums when a file is
-fully read or overwritten, like:
-.IP
-.nf
-\f[C]
-rclone copy External:path/file Hasher:dest/path
-
-rclone cat Hasher:path/to/file > /dev/null
-\f[R]
-.fi
-.PP
-The way to refresh \f[B]all\f[R] cached checksums (even unsupported by
-the base backend) for a subtree is to \f[B]re-download\f[R] all files in
-the subtree.
-For example, use \f[C]hashsum --download\f[R] using \f[B]any\f[R]
-supported hashsum on the command line (we just care to re-read):
-.IP
-.nf
-\f[C]
-rclone hashsum MD5 --download Hasher:path/to/subtree > /dev/null
-
-rclone backend dump Hasher:path/to/subtree
-\f[R]
-.fi
-.PP
-You can print or drop hashsum cache using custom backend commands:
-.IP
-.nf
-\f[C]
-rclone backend dump Hasher:dir/subdir
-
-rclone backend drop Hasher:
-\f[R]
-.fi
-.SS Pre-Seed from a SUM File
-.PP
-Hasher supports two backend commands: generic SUM file \f[C]import\f[R]
-and faster but less consistent \f[C]stickyimport\f[R].
-.IP
-.nf
-\f[C]
-rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM [--checkers 4]
-\f[R]
-.fi
-.PP
-Instead of SHA1 it can be any hash supported by the remote.
-The last argument can point to either a local or an
-\f[C]other-remote:path\f[R] text file in SUM format.
-The command will parse the SUM file, then walk down the path given by
-the first argument, snapshot current fingerprints and fill in the cache
-entries correspondingly.
-- Paths in the SUM file are treated as relative to
-\f[C]hasher:dir/subdir\f[R].
-- The command will \f[B]not\f[R] check that supplied values are correct.
-You \f[B]must know\f[R] what you are doing.
-- This is a one-time action.
-The SUM file will not get \[dq]attached\[dq] to the remote.
-Cache entries can still be overwritten later, should the object\[aq]s
-fingerprint change.
-- The tree walk can take long depending on the tree size.
-You can increase \f[C]--checkers\f[R] to make it faster.
-Or use \f[C]stickyimport\f[R] if you don\[aq]t care about fingerprints
-and consistency.
-.IP
-.nf
-\f[C]
-rclone backend stickyimport hasher:path/to/data sha1 remote:/path/to/sum.sha1
-\f[R]
-.fi
-.PP
-\f[C]stickyimport\f[R] is similar to \f[C]import\f[R] but works much
-faster because it does not need to stat existing files and skips initial
-tree walk.
-Instead of binding cache entries to file fingerprints it creates
-\f[I]sticky\f[R] entries bound to the file name alone ignoring size,
-modification time etc.
-Such hash entries can be replaced only by \f[C]purge\f[R],
-\f[C]delete\f[R], \f[C]backend drop\f[R] or by full re-read/re-write of
-the files.
-.SS Configuration reference
-.SS Standard options
-.PP
-Here are the Standard options specific to hasher (Better checksums for
-other remotes).
-.SS --hasher-remote
-.PP
-Remote to cache checksums for (e.g.
-myRemote:path).
-.PP
-Properties:
-.IP \[bu] 2
-Config: remote
-.IP \[bu] 2
-Env Var: RCLONE_HASHER_REMOTE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --hasher-hashes
-.PP
-Comma separated list of supported checksum types.
-.PP
-Properties:
-.IP \[bu] 2
-Config: hashes
-.IP \[bu] 2
-Env Var: RCLONE_HASHER_HASHES
-.IP \[bu] 2
-Type: CommaSepList
-.IP \[bu] 2
-Default: md5,sha1
-.SS --hasher-max-age
-.PP
-Maximum time to keep checksums in cache (0 = no cache, off = cache
-forever).
-.PP
-Properties:
-.IP \[bu] 2
-Config: max_age
-.IP \[bu] 2
-Env Var: RCLONE_HASHER_MAX_AGE
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: off
-.SS Advanced options
-.PP
-Here are the Advanced options specific to hasher (Better checksums for
-other remotes).
-.SS --hasher-auto-size
-.PP
-Auto-update checksum for files smaller than this size (disabled by
-default).
-.PP
-Properties:
-.IP \[bu] 2
-Config: auto_size
-.IP \[bu] 2
-Env Var: RCLONE_HASHER_AUTO_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 0
-.SS Metadata
-.PP
-Any metadata supported by the underlying remote is read and written.
-.PP
-See the metadata (https://rclone.org/docs/#metadata) docs for more info.
-.SS Backend commands
-.PP
-Here are the commands specific to the hasher backend.
-.PP
-Run them with
-.IP
-.nf
-\f[C]
-rclone backend COMMAND remote:
-\f[R]
-.fi
-.PP
-The help below will explain what arguments each command takes.
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more info on how to pass options and arguments.
-.PP
-These can be run on a running backend using the rc command
-backend/command (https://rclone.org/rc/#backend-command).
-.SS drop
+photos) otherwise you may not be able to read media off the mount.
+You\[aq]ll need to experiment to see if it works for you without the
+flag.
+T}
+T{
+### Albums
+T}
+T{
+Rclone can only upload files to albums it created.
+This is a limitation of the Google Photos
+API (https://developers.google.com/photos/library/guides/manage-albums).
+T}
+T{
+Rclone can remove files it uploaded from albums it created only.
+T}
+T{
+### Deleting files
+T}
+T{
+Rclone can remove files from albums it created, but note that the Google
+Photos API does not allow media to be deleted permanently so this media
+will still remain.
+See bug #109759781 (https://issuetracker.google.com/issues/109759781).
+T}
+T{
+Rclone cannot delete files anywhere except under \f[C]album\f[R].
+T}
+T{
+### Deleting albums
+T}
+T{
+The Google Photos API does not support deleting albums - see bug
+#135714733 (https://issuetracker.google.com/issues/135714733).
+T}
+T{
+# Hasher
+T}
+T{
+Hasher is a special overlay backend to create remotes which handle
+checksums for other remotes.
+It\[aq]s main functions include: - Emulate hash types unimplemented by
+backends - Cache checksums to help with slow hashing of large local or
+(S)FTP files - Warm up checksum cache from external SUM files
+T}
+T{
+## Getting started
+T}
+T{
+To use Hasher, first set up the underlying remote following the
+configuration instructions for that remote.
+You can also use a local pathname instead of a remote.
+Check that your base remote is working.
+T}
+T{
+Let\[aq]s call the base remote \f[C]myRemote:path\f[R] here.
+Note that anything inside \f[C]myRemote:path\f[R] will be handled by
+hasher and anything outside won\[aq]t.
+This means that if you are using a bucket based remote (S3, B2, Swift)
+then you should put the bucket in the remote \f[C]s3:bucket\f[R].
+T}
+T{
+Now proceed to interactive or manual configuration.
+T}
+T{
+### Interactive configuration
+T}
+T{
+Run \f[C]rclone config\f[R]: \[ga]\[ga]\[ga] No remotes found, make a
+new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> Hasher1 Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / Handle
+checksums for other remotes \ \[dq]hasher\[dq] [snip] Storage> hasher
+Remote to cache checksums for, like myremote:mypath.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+remote> myRemote:path Comma separated list of supported checksum types.
+Enter a string value.
+Press Enter for the default (\[dq]md5,sha1\[dq]).
+hashsums> md5 Maximum time to keep checksums in cache.
+0 = no cache, off = cache forever.
+max_age> off Edit advanced config?
+(y/n) y) Yes n) No y/n> n Remote config
+T}
+.TE
 .PP
-Drop cache
+[Hasher1] type = hasher remote = myRemote:path hashsums = md5 max_age =
+off -------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone backend drop remote: [options] [<arguments>+]
+### Manual configuration
+
+Run \[ga]rclone config path\[ga] to see the path of current active config file,
+usually \[ga]YOURHOME/.config/rclone/rclone.conf\[ga].
+Open it in your favorite text editor, find section for the base remote
+and create new section for hasher like in the following examples:
 \f[R]
 .fi
 .PP
-Completely drop checksum cache.
-Usage Example: rclone backend drop hasher:
-.SS dump
+[Hasher1] type = hasher remote = myRemote:path hashes = md5 max_age =
+off
 .PP
-Dump the database
+[Hasher2] type = hasher remote = /local/path hashes = dropbox,sha1
+max_age = 24h
 .IP
 .nf
 \f[C]
-rclone backend dump remote: [options] [<arguments>+]
+Hasher takes basically the following parameters:
+- \[ga]remote\[ga] is required,
+- \[ga]hashes\[ga] is a comma separated list of supported checksums
+   (by default \[ga]md5,sha1\[ga]),
+- \[ga]max_age\[ga] - maximum time to keep a checksum value in the cache,
+   \[ga]0\[ga] will disable caching completely,
+   \[ga]off\[ga] will cache \[dq]forever\[dq] (that is until the files get changed).
+
+Make sure the \[ga]remote\[ga] has \[ga]:\[ga] (colon) in. If you specify the remote without
+a colon then rclone will use a local directory of that name. So if you use
+a remote of \[ga]/local/path\[ga] then rclone will handle hashes for that directory.
+If you use \[ga]remote = name\[ga] literally then rclone will put files
+**in a directory called \[ga]name\[ga] located under current directory**.
+
+## Usage
+
+### Basic operations
+
+Now you can use it as \[ga]Hasher2:subdir/file\[ga] instead of base remote.
+Hasher will transparently update cache with new checksums when a file
+is fully read or overwritten, like:
 \f[R]
 .fi
 .PP
-Dump cache records covered by the current remote
-.SS fulldump
+rclone copy External:path/file Hasher:dest/path
 .PP
-Full dump of the database
+rclone cat Hasher:path/to/file > /dev/null
 .IP
 .nf
 \f[C]
-rclone backend fulldump remote: [options] [<arguments>+]
+The way to refresh **all** cached checksums (even unsupported by the base backend)
+for a subtree is to **re-download** all files in the subtree. For example,
+use \[ga]hashsum --download\[ga] using **any** supported hashsum on the command line
+(we just care to re-read):
 \f[R]
 .fi
 .PP
-Dump all cache records in the database
-.SS import
+rclone hashsum MD5 --download Hasher:path/to/subtree > /dev/null
 .PP
-Import a SUM file
+rclone backend dump Hasher:path/to/subtree
 .IP
 .nf
 \f[C]
-rclone backend import remote: [options] [<arguments>+]
+You can print or drop hashsum cache using custom backend commands:
 \f[R]
 .fi
 .PP
-Amend hash cache from a SUM file and bind checksums to files by
-size/time.
-Usage Example: rclone backend import hasher:subdir md5 /path/to/sum.md5
-.SS stickyimport
+rclone backend dump Hasher:dir/subdir
 .PP
-Perform fast import of a SUM file
+rclone backend drop Hasher:
 .IP
 .nf
 \f[C]
-rclone backend stickyimport remote: [options] [<arguments>+]
+### Pre-Seed from a SUM File
+
+Hasher supports two backend commands: generic SUM file \[ga]import\[ga] and faster
+but less consistent \[ga]stickyimport\[ga].
 \f[R]
 .fi
 .PP
-Fill hash cache from a SUM file without verifying file fingerprints.
-Usage Example: rclone backend stickyimport hasher:subdir md5
-remote:path/to/sum.md5
-.SS Implementation details (advanced)
-.PP
-This section explains how various rclone operations work on a hasher
-remote.
-.PP
-\f[B]Disclaimer. This section describes current implementation which can
-change in future rclone versions!.\f[R]
-.SS Hashsum command
-.PP
-The \f[C]rclone hashsum\f[R] (or \f[C]md5sum\f[R] or \f[C]sha1sum\f[R])
-command will:
-.IP "1." 3
-if requested hash is supported by lower level, just pass it.
-.IP "2." 3
-if object size is below \f[C]auto_size\f[R] then download object and
-calculate \f[I]requested\f[R] hashes on the fly.
-.IP "3." 3
-if unsupported and the size is big enough, build object
-\f[C]fingerprint\f[R] (including size, modtime if supported, first-found
-\f[I]other\f[R] hash if any).
-.IP "4." 3
-if the strict match is found in cache for the requested remote, return
-the stored hash.
-.IP "5." 3
-if remote found but fingerprint mismatched, then purge the entry and
-proceed to step 6.
-.IP "6." 3
-if remote not found or had no requested hash type or after step 5:
-download object, calculate all \f[I]supported\f[R] hashes on the fly and
-store in cache; return requested hash.
-.SS Other operations
-.IP \[bu] 2
-whenever a file is uploaded or downloaded \f[B]in full\f[R], capture the
-stream to calculate all supported hashes on the fly and update database
-.IP \[bu] 2
-server-side \f[C]move\f[R] will update keys of existing cache entries
-.IP \[bu] 2
-\f[C]deletefile\f[R] will remove a single cache entry
-.IP \[bu] 2
-\f[C]purge\f[R] will remove all cache entries under the purged path
-.PP
-Note that setting \f[C]max_age = 0\f[R] will disable checksum caching
-completely.
-.PP
-If you set \f[C]max_age = off\f[R], checksums in cache will never age,
-unless you fully rewrite or delete the file.
-.SS Cache storage
-.PP
-Cached checksums are stored as \f[C]bolt\f[R] database files under
-rclone cache directory, usually \f[C]\[ti]/.cache/rclone/kv/\f[R].
-Databases are maintained one per \f[I]base\f[R] backend, named like
-\f[C]BaseRemote\[ti]hasher.bolt\f[R].
-Checksums for multiple \f[C]alias\f[R]-es into a single base backend
-will be stored in the single database.
-All local paths are treated as aliases into the \f[C]local\f[R] backend
-(unless crypted or chunked) and stored in
-\f[C]\[ti]/.cache/rclone/kv/local\[ti]hasher.bolt\f[R].
-Databases can be shared between multiple rclone processes.
-.SH HDFS
-.PP
-HDFS (https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html)
-is a distributed file-system, part of the Apache
-Hadoop (https://hadoop.apache.org/) framework.
-.PP
-Paths are specified as \f[C]remote:\f[R] or
-\f[C]remote:path/to/dir\f[R].
-.SS Configuration
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
+rclone backend import Hasher:dir/subdir SHA1 /path/to/SHA1SUM
+[--checkers 4]
 .IP
 .nf
 \f[C]
- rclone config
+Instead of SHA1 it can be any hash supported by the remote. The last argument
+can point to either a local or an \[ga]other-remote:path\[ga] text file in SUM format.
+The command will parse the SUM file, then walk down the path given by the
+first argument, snapshot current fingerprints and fill in the cache entries
+correspondingly.
+- Paths in the SUM file are treated as relative to \[ga]hasher:dir/subdir\[ga].
+- The command will **not** check that supplied values are correct.
+  You **must know** what you are doing.
+- This is a one-time action. The SUM file will not get \[dq]attached\[dq] to the
+  remote. Cache entries can still be overwritten later, should the object\[aq]s
+  fingerprint change.
+- The tree walk can take long depending on the tree size. You can increase
+  \[ga]--checkers\[ga] to make it faster. Or use \[ga]stickyimport\[ga] if you don\[aq]t care
+  about fingerprints and consistency.
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
+rclone backend stickyimport hasher:path/to/data sha1
+remote:/path/to/sum.sha1
 .IP
 .nf
 \f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[skip]
-XX / Hadoop distributed file system
-   \[rs] \[dq]hdfs\[dq]
-[skip]
-Storage> hdfs
-** See help for hdfs backend at: https://rclone.org/hdfs/ **
-
-hadoop name node and port
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / Connect to host namenode at port 8020
-   \[rs] \[dq]namenode:8020\[dq]
-namenode> namenode.hadoop:8020
-hadoop user name
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / Connect to hdfs as root
-   \[rs] \[dq]root\[dq]
-username> root
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
---------------------
-[remote]
-type = hdfs
-namenode = namenode.hadoop:8020
-username = root
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
+\[ga]stickyimport\[ga] is similar to \[ga]import\[ga] but works much faster because it
+does not need to stat existing files and skips initial tree walk.
+Instead of binding cache entries to file fingerprints it creates _sticky_
+entries bound to the file name alone ignoring size, modification time etc.
+Such hash entries can be replaced only by \[ga]purge\[ga], \[ga]delete\[ga], \[ga]backend drop\[ga]
+or by full re-read/re-write of the files.
 
-Name                 Type
-====                 ====
-hadoop               hdfs
+## Configuration reference
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
+
+### Standard options
+
+Here are the Standard options specific to hasher (Better checksums for other remotes).
+
+#### --hasher-remote
+
+Remote to cache checksums for (e.g. myRemote:path).
+
+Properties:
+
+- Config:      remote
+- Env Var:     RCLONE_HASHER_REMOTE
+- Type:        string
+- Required:    true
+
+#### --hasher-hashes
+
+Comma separated list of supported checksum types.
+
+Properties:
+
+- Config:      hashes
+- Env Var:     RCLONE_HASHER_HASHES
+- Type:        CommaSepList
+- Default:     md5,sha1
+
+#### --hasher-max-age
+
+Maximum time to keep checksums in cache (0 = no cache, off = cache forever).
+
+Properties:
+
+- Config:      max_age
+- Env Var:     RCLONE_HASHER_MAX_AGE
+- Type:        Duration
+- Default:     off
+
+### Advanced options
+
+Here are the Advanced options specific to hasher (Better checksums for other remotes).
+
+#### --hasher-auto-size
+
+Auto-update checksum for files smaller than this size (disabled by default).
+
+Properties:
+
+- Config:      auto_size
+- Env Var:     RCLONE_HASHER_AUTO_SIZE
+- Type:        SizeSuffix
+- Default:     0
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+## Backend commands
+
+Here are the commands specific to the hasher backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### drop
+
+Drop cache
+
+    rclone backend drop remote: [options] [<arguments>+]
+
+Completely drop checksum cache.
+Usage Example:
+    rclone backend drop hasher:
+
+
+### dump
+
+Dump the database
+
+    rclone backend dump remote: [options] [<arguments>+]
+
+Dump cache records covered by the current remote
+
+### fulldump
+
+Full dump of the database
+
+    rclone backend fulldump remote: [options] [<arguments>+]
+
+Dump all cache records in the database
+
+### import
+
+Import a SUM file
+
+    rclone backend import remote: [options] [<arguments>+]
+
+Amend hash cache from a SUM file and bind checksums to files by size/time.
+Usage Example:
+    rclone backend import hasher:subdir md5 /path/to/sum.md5
+
+
+### stickyimport
+
+Perform fast import of a SUM file
+
+    rclone backend stickyimport remote: [options] [<arguments>+]
+
+Fill hash cache from a SUM file without verifying file fingerprints.
+Usage Example:
+    rclone backend stickyimport hasher:subdir md5 remote:path/to/sum.md5
+
+
+
+
+## Implementation details (advanced)
+
+This section explains how various rclone operations work on a hasher remote.
+
+**Disclaimer. This section describes current implementation which can
+change in future rclone versions!.**
+
+### Hashsum command
+
+The \[ga]rclone hashsum\[ga] (or \[ga]md5sum\[ga] or \[ga]sha1sum\[ga]) command will:
+
+1. if requested hash is supported by lower level, just pass it.
+2. if object size is below \[ga]auto_size\[ga] then download object and calculate
+   _requested_ hashes on the fly.
+3. if unsupported and the size is big enough, build object \[ga]fingerprint\[ga]
+   (including size, modtime if supported, first-found _other_ hash if any).
+4. if the strict match is found in cache for the requested remote, return
+   the stored hash.
+5. if remote found but fingerprint mismatched, then purge the entry and
+   proceed to step 6.
+6. if remote not found or had no requested hash type or after step 5:
+   download object, calculate all _supported_ hashes on the fly and store
+   in cache; return requested hash.
+
+### Other operations
+
+- whenever a file is uploaded or downloaded **in full**, capture the stream
+  to calculate all supported hashes on the fly and update database
+- server-side \[ga]move\[ga]  will update keys of existing cache entries
+- \[ga]deletefile\[ga] will remove a single cache entry
+- \[ga]purge\[ga] will remove all cache entries under the purged path
+
+Note that setting \[ga]max_age = 0\[ga] will disable checksum caching completely.
+
+If you set \[ga]max_age = off\[ga], checksums in cache will never age, unless you
+fully rewrite or delete the file.
+
+### Cache storage
+
+Cached checksums are stored as \[ga]bolt\[ga] database files under rclone cache
+directory, usually \[ga]\[ti]/.cache/rclone/kv/\[ga]. Databases are maintained
+one per _base_ backend, named like \[ga]BaseRemote\[ti]hasher.bolt\[ga].
+Checksums for multiple \[ga]alias\[ga]-es into a single base backend
+will be stored in the single database. All local paths are treated as
+aliases into the \[ga]local\[ga] backend (unless encrypted or chunked) and stored
+in \[ga]\[ti]/.cache/rclone/kv/local\[ti]hasher.bolt\[ga].
+Databases can be shared between multiple rclone processes.
+
+#  HDFS
+
+[HDFS](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html) is a
+distributed file-system, part of the [Apache Hadoop](https://hadoop.apache.org/) framework.
+
+Paths are specified as \[ga]remote:\[ga] or \[ga]remote:path/to/dir\[ga].
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]remote\[ga]. First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This remote is called \f[C]remote\f[R] and can now be used like this
-.PP
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [skip] XX / Hadoop
+distributed file system \ \[dq]hdfs\[dq] [skip] Storage> hdfs ** See
+help for hdfs backend at: https://rclone.org/hdfs/ **
+.PP
+hadoop name node and port Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / Connect to
+host namenode at port 8020 \ \[dq]namenode:8020\[dq] namenode>
+namenode.hadoop:8020 hadoop user name Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / Connect to
+hdfs as root \ \[dq]root\[dq] username> root Edit advanced config?
+(y/n) y) Yes n) No (default) y/n> n Remote config --------------------
+[remote] type = hdfs namenode = namenode.hadoop:8020 username = root
+-------------------- y) Yes this is OK (default) e) Edit this remote d)
+Delete this remote y/e/d> y Current remotes:
+.PP
+Name Type ==== ==== hadoop hdfs
+.IP "e)" 3
+Edit existing remote
+.IP "f)" 3
+New remote
+.IP "g)" 3
+Delete remote
+.IP "h)" 3
+Rename remote
+.IP "i)" 3
+Copy remote
+.IP "j)" 3
+Set configuration password
+.IP "k)" 3
+Quit config e/n/d/r/c/s/q> q
+.IP
+.nf
+\f[C]
+This remote is called \[ga]remote\[ga] and can now be used like this
+
 See all the top level directories
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 List the contents of a directory
-.IP
-.nf
-\f[C]
-rclone ls remote:directory
-\f[R]
-.fi
-.PP
-Sync the remote \f[C]directory\f[R] to \f[C]/home/local/directory\f[R],
-deleting any excess files.
-.IP
-.nf
-\f[C]
-rclone sync --interactive remote:directory /home/local/directory
+
+    rclone ls remote:directory
+
+Sync the remote \[ga]directory\[ga] to \[ga]/home/local/directory\[ga], deleting any excess files.
+
+    rclone sync --interactive remote:directory /home/local/directory
+
+### Setting up your own HDFS instance for testing
+
+You may start with a [manual setup](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html)
+or use the docker image from the tests:
+
+If you want to build the docker image
 \f[R]
 .fi
-.SS Setting up your own HDFS instance for testing
 .PP
-You may start with a manual
-setup (https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html)
-or use the docker image from the tests:
-.PP
-If you want to build the docker image
+git clone https://github.com/rclone/rclone.git cd
+rclone/fstest/testserver/images/test-hdfs docker build --rm -t
+rclone/test-hdfs .
 .IP
 .nf
 \f[C]
-git clone https://github.com/rclone/rclone.git
-cd rclone/fstest/testserver/images/test-hdfs
-docker build --rm -t rclone/test-hdfs .
+Or you can just use the latest one pushed
 \f[R]
 .fi
 .PP
-Or you can just use the latest one pushed
+docker run --rm --name \[dq]rclone-hdfs\[dq] -p 127.0.0.1:9866:9866 -p
+127.0.0.1:8020:8020 --hostname \[dq]rclone-hdfs\[dq] rclone/test-hdfs
 .IP
 .nf
 \f[C]
-docker run --rm --name \[dq]rclone-hdfs\[dq] -p 127.0.0.1:9866:9866 -p 127.0.0.1:8020:8020 --hostname \[dq]rclone-hdfs\[dq] rclone/test-hdfs
+**NB** it need few seconds to startup.
+
+For this docker image the remote needs to be configured like this:
 \f[R]
 .fi
 .PP
-\f[B]NB\f[R] it need few seconds to startup.
-.PP
-For this docker image the remote needs to be configured like this:
+[remote] type = hdfs namenode = 127.0.0.1:8020 username = root
 .IP
 .nf
 \f[C]
-[remote]
-type = hdfs
-namenode = 127.0.0.1:8020
-username = root
-\f[R]
-.fi
-.PP
-You can stop this image with \f[C]docker kill rclone-hdfs\f[R]
-(\f[B]NB\f[R] it does not use volumes, so all data uploaded will be
-lost.)
-.SS Modified time
-.PP
+You can stop this image with \[ga]docker kill rclone-hdfs\[ga] (**NB** it does not use volumes, so all data
+uploaded will be lost.)
+
+### Modification times
+
 Time accurate to 1 second is stored.
-.SS Checksum
-.PP
+
+### Checksum
+
 No checksums are implemented.
-.SS Usage information
-.PP
-You can use the \f[C]rclone about remote:\f[R] command which will
-display filesystem size and current usage.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-:
-T}@T{
-0x3A
-T}@T{
-\[uFF1A]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8).
-.SS Standard options
-.PP
-Here are the Standard options specific to hdfs (Hadoop distributed file
-system).
-.SS --hdfs-namenode
-.PP
-Hadoop name node and port.
-.PP
-E.g.
-\[dq]namenode:8020\[dq] to connect to host namenode at port 8020.
-.PP
+
+### Usage information
+
+You can use the \[ga]rclone about remote:\[ga] command which will display filesystem size and current usage.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| :         | 0x3A  | \[uFF1A]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8).
+
+
+### Standard options
+
+Here are the Standard options specific to hdfs (Hadoop distributed file system).
+
+#### --hdfs-namenode
+
+Hadoop name nodes and ports.
+
+E.g. \[dq]namenode-1:8020,namenode-2:8020,...\[dq] to connect to host namenodes at port 8020.
+
 Properties:
-.IP \[bu] 2
-Config: namenode
-.IP \[bu] 2
-Env Var: RCLONE_HDFS_NAMENODE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --hdfs-username
-.PP
+
+- Config:      namenode
+- Env Var:     RCLONE_HDFS_NAMENODE
+- Type:        CommaSepList
+- Default:     
+
+#### --hdfs-username
+
 Hadoop user name.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: username
-.IP \[bu] 2
-Env Var: RCLONE_HDFS_USERNAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]root\[dq]
-.RS 2
-.IP \[bu] 2
-Connect to hdfs as root.
-.RE
-.RE
-.SS Advanced options
-.PP
-Here are the Advanced options specific to hdfs (Hadoop distributed file
-system).
-.SS --hdfs-service-principal-name
-.PP
+
+- Config:      username
+- Env Var:     RCLONE_HDFS_USERNAME
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]root\[dq]
+        - Connect to hdfs as root.
+
+### Advanced options
+
+Here are the Advanced options specific to hdfs (Hadoop distributed file system).
+
+#### --hdfs-service-principal-name
+
 Kerberos service principal name for the namenode.
-.PP
-Enables KERBEROS authentication.
-Specifies the Service Principal Name (SERVICE/FQDN) for the namenode.
-E.g.
-\[dq]hdfs/namenode.hadoop.docker\[dq] for namenode running as service
-\[aq]hdfs\[aq] with FQDN \[aq]namenode.hadoop.docker\[aq].
-.PP
+
+Enables KERBEROS authentication. Specifies the Service Principal Name
+(SERVICE/FQDN) for the namenode. E.g. \[rs]\[dq]hdfs/namenode.hadoop.docker\[rs]\[dq]
+for namenode running as service \[aq]hdfs\[aq] with FQDN \[aq]namenode.hadoop.docker\[aq].
+
 Properties:
-.IP \[bu] 2
-Config: service_principal_name
-.IP \[bu] 2
-Env Var: RCLONE_HDFS_SERVICE_PRINCIPAL_NAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --hdfs-data-transfer-protection
-.PP
+
+- Config:      service_principal_name
+- Env Var:     RCLONE_HDFS_SERVICE_PRINCIPAL_NAME
+- Type:        string
+- Required:    false
+
+#### --hdfs-data-transfer-protection
+
 Kerberos data transfer protection: authentication|integrity|privacy.
-.PP
+
 Specifies whether or not authentication, data signature integrity
-checks, and wire encryption is required when communicating the the
-datanodes.
-Possible values are \[aq]authentication\[aq], \[aq]integrity\[aq] and
-\[aq]privacy\[aq].
-Used only with KERBEROS enabled.
-.PP
+checks, and wire encryption are required when communicating with
+the datanodes. Possible values are \[aq]authentication\[aq], \[aq]integrity\[aq]
+and \[aq]privacy\[aq]. Used only with KERBEROS enabled.
+
 Properties:
-.IP \[bu] 2
-Config: data_transfer_protection
-.IP \[bu] 2
-Env Var: RCLONE_HDFS_DATA_TRANSFER_PROTECTION
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]privacy\[dq]
-.RS 2
-.IP \[bu] 2
-Ensure authentication, integrity and encryption enabled.
-.RE
-.RE
-.SS --hdfs-encoding
-.PP
+
+- Config:      data_transfer_protection
+- Env Var:     RCLONE_HDFS_DATA_TRANSFER_PROTECTION
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]privacy\[dq]
+        - Ensure authentication, integrity and encryption enabled.
+
+#### --hdfs-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_HDFS_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,Colon,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.IP \[bu] 2
-No server-side \f[C]Move\f[R] or \f[C]DirMove\f[R].
-.IP \[bu] 2
-Checksums not implemented.
-.SH HiDrive
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.PP
-The initial setup for hidrive involves getting a token from HiDrive
-which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.SS Configuration
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found - make a new one
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / HiDrive
-   \[rs] \[dq]hidrive\[dq]
-[snip]
-Storage> hidrive
-OAuth Client Id - Leave blank normally.
-client_id>
-OAuth Client Secret - Leave blank normally.
-client_secret>
-Access permissions that rclone should use when requesting access from HiDrive.
-Leave blank normally.
-scope_access>
-Edit advanced config?
-y/n> n
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = hidrive
-token = {\[dq]access_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxx\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]expiry\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxxxxx\[dq]}
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-\f[B]You should be aware that OAuth-tokens can be used to access your
-account and hence should not be shared with other persons.\f[R] See the
-below section for more information.
-.PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from HiDrive.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-The webserver runs on \f[C]http://127.0.0.1:53682/\f[R].
-If local port \f[C]53682\f[R] is protected by a firewall you may need to
-temporarily unblock the firewall to complete authorization.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your HiDrive root folder
-.IP
-.nf
-\f[C]
-rclone lsd remote:
+
+- Config:      encoding
+- Env Var:     RCLONE_HDFS_ENCODING
+- Type:        Encoding
+- Default:     Slash,Colon,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+- No server-side \[ga]Move\[ga] or \[ga]DirMove\[ga].
+- Checksums not implemented.
+
+#  HiDrive
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+The initial setup for hidrive involves getting a token from HiDrive
+which you need to do in your browser.
+\[ga]rclone config\[ga] walks you through it.
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
+No remotes found - make a new one n) New remote s) Set configuration
+password q) Quit config n/s/q> n name> remote Type of storage to
+configure.
+Choose a number from below, or type in your own value [snip] XX /
+HiDrive \ \[dq]hidrive\[dq] [snip] Storage> hidrive OAuth Client Id -
+Leave blank normally.
+client_id> OAuth Client Secret - Leave blank normally.
+client_secret> Access permissions that rclone should use when requesting
+access from HiDrive.
+Leave blank normally.
+scope_access> Edit advanced config?
+y/n> n Use web browser to automatically authenticate rclone with remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y/n> y If your browser doesn\[aq]t open automatically go to the
+following link: http://127.0.0.1:53682/auth?state=xxxxxxxxxxxxxxxxxxxxxx
+Log in and authorize rclone for access Waiting for code...
+Got code -------------------- [remote] type = hidrive token =
+{\[dq]access_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxx\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxxxxx\[dq],\[dq]expiry\[dq]:\[dq]xxxxxxxxxxxxxxxxxxxxxxx\[dq]}
+-------------------- y) Yes this is OK (default) e) Edit this remote d)
+Delete this remote y/e/d> y
+.IP
+.nf
+\f[C]
+**You should be aware that OAuth-tokens can be used to access your account
+and hence should not be shared with other persons.**
+See the [below section](#keeping-your-tokens-safe) for more information.
+
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from HiDrive. This only runs from the moment it opens
+your browser to the moment you get back the verification code.
+The webserver runs on \[ga]http://127.0.0.1:53682/\[ga].
+If local port \[ga]53682\[ga] is protected by a firewall you may need to temporarily
+unblock the firewall to complete authorization.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your HiDrive root folder
+
+    rclone lsd remote:
+
 List all the files in your HiDrive filesystem
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to a HiDrive directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Keeping your tokens safe
-.PP
-Any OAuth-tokens will be stored by rclone in the remote\[aq]s
-configuration file as unencrypted text.
-Anyone can use a valid refresh-token to access your HiDrive filesystem
-without knowing your password.
-Therefore you should make sure no one else can access your
-configuration.
-.PP
+
+    rclone copy /home/source remote:backup
+
+### Keeping your tokens safe
+
+Any OAuth-tokens will be stored by rclone in the remote\[aq]s configuration file as unencrypted text.
+Anyone can use a valid refresh-token to access your HiDrive filesystem without knowing your password.
+Therefore you should make sure no one else can access your configuration.
+
 It is possible to encrypt rclone\[aq]s configuration file.
-You can find information on securing your configuration file by viewing
-the configuration encryption
-docs (https://rclone.org/docs/#configuration-encryption).
-.SS Invalid refresh token
-.PP
-As can be verified here (https://developer.hidrive.com/basics-flows/),
-each \f[C]refresh_token\f[R] (for Native Applications) is valid for 60
-days.
+You can find information on securing your configuration file by viewing the [configuration encryption docs](https://rclone.org/docs/#configuration-encryption).
+
+### Invalid refresh token
+
+As can be verified [here](https://developer.hidrive.com/basics-flows/),
+each \[ga]refresh_token\[ga] (for Native Applications) is valid for 60 days.
 If used to access HiDrivei, its validity will be automatically extended.
-.PP
+
 This means that if you
-.IP \[bu] 2
-Don\[aq]t use the HiDrive remote for 60 days
-.PP
-then rclone will return an error which includes a text that implies the
-refresh token is \f[I]invalid\f[R] or \f[I]expired\f[R].
-.PP
-To fix this you will need to authorize rclone to access your HiDrive
-account again.
-.PP
+
+  * Don\[aq]t use the HiDrive remote for 60 days
+
+then rclone will return an error which includes a text
+that implies the refresh token is *invalid* or *expired*.
+
+To fix this you will need to authorize rclone to access your HiDrive account again.
+
 Using
-.IP
-.nf
-\f[C]
-rclone config reconnect remote:
-\f[R]
-.fi
-.PP
-the process is very similar to the process of initial setup exemplified
-before.
-.SS Modified time and hashes
-.PP
-HiDrive allows modification times to be set on objects accurate to 1
-second.
-.PP
-HiDrive supports its own hash type (https://static.hidrive.com/dev/0001)
-which is used to verify the integrity of file contents after successful
-transfers.
-.SS Restricted filename characters
-.PP
-HiDrive cannot store files or folders that include \f[C]/\f[R] (0x2F) or
-null-bytes (0x00) in their name.
+
+    rclone config reconnect remote:
+
+the process is very similar to the process of initial setup exemplified before.
+
+### Modification times and hashes
+
+HiDrive allows modification times to be set on objects accurate to 1 second.
+
+HiDrive supports [its own hash type](https://static.hidrive.com/dev/0001)
+which is used to verify the integrity of file contents after successful transfers.
+
+### Restricted filename characters
+
+HiDrive cannot store files or folders that include
+\[ga]/\[ga] (0x2F) or null-bytes (0x00) in their name.
 Any other characters can be used in the names of files or folders.
-Additionally, files or folders cannot be named either of the following:
-\f[C].\f[R] or \f[C]..\f[R]
-.PP
-Therefore rclone will automatically replace these characters, if files
-or folders are stored or accessed with such names.
-.PP
-You can read about how this filename encoding works in general here.
-.PP
-Keep in mind that HiDrive only supports file or folder names with a
-length of 255 characters or less.
-.SS Transfers
-.PP
+Additionally, files or folders cannot be named either of the following: \[ga].\[ga] or \[ga]..\[ga]
+
+Therefore rclone will automatically replace these characters,
+if files or folders are stored or accessed with such names.
+
+You can read about how this filename encoding works in general
+[here](overview/#restricted-filenames).
+
+Keep in mind that HiDrive only supports file or folder names
+with a length of 255 characters or less.
+
+### Transfers
+
 HiDrive limits file sizes per single request to a maximum of 2 GiB.
-To allow storage of larger files and allow for better upload
-performance, the hidrive backend will use a chunked transfer for files
-larger than 96 MiB.
+To allow storage of larger files and allow for better upload performance,
+the hidrive backend will use a chunked transfer for files larger than 96 MiB.
 Rclone will upload multiple parts/chunks of the file at the same time.
-Chunks in the process of being uploaded are buffered in memory, so you
-may want to restrict this behaviour on systems with limited resources.
-.PP
+Chunks in the process of being uploaded are buffered in memory,
+so you may want to restrict this behaviour on systems with limited resources.
+
 You can customize this behaviour using the following options:
-.IP \[bu] 2
-\f[C]chunk_size\f[R]: size of file parts
-.IP \[bu] 2
-\f[C]upload_cutoff\f[R]: files larger or equal to this in size will use
-a chunked transfer
-.IP \[bu] 2
-\f[C]upload_concurrency\f[R]: number of file-parts to upload at the same
-time
-.PP
+
+* \[ga]chunk_size\[ga]: size of file parts
+* \[ga]upload_cutoff\[ga]: files larger or equal to this in size will use a chunked transfer
+* \[ga]upload_concurrency\[ga]: number of file-parts to upload at the same time
+
 See the below section about configuration options for more details.
-.SS Root folder
-.PP
+
+### Root folder
+
 You can set the root folder for rclone.
-This is the directory that rclone considers to be the root of your
-HiDrive.
-.PP
-Usually, you will leave this blank, and rclone will use the root of the
-account.
-.PP
-However, you can set this to restrict rclone to a specific folder
-hierarchy.
-.PP
-This works by prepending the contents of the \f[C]root_prefix\f[R]
-option to any paths accessed by rclone.
-For example, the following two ways to access the home directory are
-equivalent:
-.IP
-.nf
-\f[C]
-rclone lsd --hidrive-root-prefix=\[dq]/users/test/\[dq] remote:path
+This is the directory that rclone considers to be the root of your HiDrive.
+
+Usually, you will leave this blank, and rclone will use the root of the account.
+
+However, you can set this to restrict rclone to a specific folder hierarchy.
+
+This works by prepending the contents of the \[ga]root_prefix\[ga] option
+to any paths accessed by rclone.
+For example, the following two ways to access the home directory are equivalent:
+
+    rclone lsd --hidrive-root-prefix=\[dq]/users/test/\[dq] remote:path
+
+    rclone lsd remote:/users/test/path
 
-rclone lsd remote:/users/test/path
-\f[R]
-.fi
-.PP
 See the below section about configuration options for more details.
-.SS Directory member count
-.PP
-By default, rclone will know the number of directory members contained
-in a directory.
-For example, \f[C]rclone lsd\f[R] uses this information.
-.PP
-The acquisition of this information will result in additional time costs
-for HiDrive\[aq]s API.
-When dealing with large directory structures, it may be desirable to
-circumvent this time cost, especially when this information is not
-explicitly needed.
-For this, the \f[C]disable_fetching_member_count\f[R] option can be
-used.
-.PP
+
+### Directory member count
+
+By default, rclone will know the number of directory members contained in a directory.
+For example, \[ga]rclone lsd\[ga] uses this information.
+
+The acquisition of this information will result in additional time costs for HiDrive\[aq]s API.
+When dealing with large directory structures, it may be desirable to circumvent this time cost,
+especially when this information is not explicitly needed.
+For this, the \[ga]disable_fetching_member_count\[ga] option can be used.
+
 See the below section about configuration options for more details.
-.SS Standard options
-.PP
+
+
+### Standard options
+
 Here are the Standard options specific to hidrive (HiDrive).
-.SS --hidrive-client-id
-.PP
+
+#### --hidrive-client-id
+
 OAuth Client Id.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --hidrive-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_HIDRIVE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --hidrive-client-secret
+
 OAuth Client Secret.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --hidrive-scope-access
-.PP
-Access permissions that rclone should use when requesting access from
-HiDrive.
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_HIDRIVE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --hidrive-scope-access
+
+Access permissions that rclone should use when requesting access from HiDrive.
+
 Properties:
-.IP \[bu] 2
-Config: scope_access
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_SCOPE_ACCESS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]rw\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]rw\[dq]
-.RS 2
-.IP \[bu] 2
-Read and write access to resources.
-.RE
-.IP \[bu] 2
-\[dq]ro\[dq]
-.RS 2
-.IP \[bu] 2
-Read-only access to resources.
-.RE
-.RE
-.SS Advanced options
-.PP
+
+- Config:      scope_access
+- Env Var:     RCLONE_HIDRIVE_SCOPE_ACCESS
+- Type:        string
+- Default:     \[dq]rw\[dq]
+- Examples:
+    - \[dq]rw\[dq]
+        - Read and write access to resources.
+    - \[dq]ro\[dq]
+        - Read-only access to resources.
+
+### Advanced options
+
 Here are the Advanced options specific to hidrive (HiDrive).
-.SS --hidrive-token
-.PP
+
+#### --hidrive-token
+
 OAuth Access Token as a JSON blob.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --hidrive-auth-url
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_HIDRIVE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --hidrive-auth-url
+
 Auth server URL.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --hidrive-token-url
-.PP
+
+- Config:      auth_url
+- Env Var:     RCLONE_HIDRIVE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --hidrive-token-url
+
 Token server url.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --hidrive-scope-role
-.PP
+
+- Config:      token_url
+- Env Var:     RCLONE_HIDRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --hidrive-scope-role
+
 User-level that rclone should use when requesting access from HiDrive.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: scope_role
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_SCOPE_ROLE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]user\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]user\[dq]
-.RS 2
-.IP \[bu] 2
-User-level access to management permissions.
-.IP \[bu] 2
-This will be sufficient in most cases.
-.RE
-.IP \[bu] 2
-\[dq]admin\[dq]
-.RS 2
-.IP \[bu] 2
-Extensive access to management permissions.
-.RE
-.IP \[bu] 2
-\[dq]owner\[dq]
-.RS 2
-.IP \[bu] 2
-Full access to management permissions.
-.RE
-.RE
-.SS --hidrive-root-prefix
-.PP
+
+- Config:      scope_role
+- Env Var:     RCLONE_HIDRIVE_SCOPE_ROLE
+- Type:        string
+- Default:     \[dq]user\[dq]
+- Examples:
+    - \[dq]user\[dq]
+        - User-level access to management permissions.
+        - This will be sufficient in most cases.
+    - \[dq]admin\[dq]
+        - Extensive access to management permissions.
+    - \[dq]owner\[dq]
+        - Full access to management permissions.
+
+#### --hidrive-root-prefix
+
 The root/parent folder for all paths.
-.PP
-Fill in to use the specified folder as the parent for all paths given to
-the remote.
+
+Fill in to use the specified folder as the parent for all paths given to the remote.
 This way rclone can use any folder as its starting point.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: root_prefix
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_ROOT_PREFIX
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]/\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]/\[dq]
-.RS 2
-.IP \[bu] 2
-The topmost directory accessible by rclone.
-.IP \[bu] 2
-This will be equivalent with \[dq]root\[dq] if rclone uses a regular
-HiDrive user account.
-.RE
-.IP \[bu] 2
-\[dq]root\[dq]
-.RS 2
-.IP \[bu] 2
-The topmost directory of the HiDrive user account
-.RE
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-This specifies that there is no root-prefix for your paths.
-.IP \[bu] 2
-When using this you will always need to specify paths to this remote
-with a valid parent e.g.
-\[dq]remote:/path/to/dir\[dq] or \[dq]remote:root/path/to/dir\[dq].
-.RE
-.RE
-.SS --hidrive-endpoint
-.PP
+
+- Config:      root_prefix
+- Env Var:     RCLONE_HIDRIVE_ROOT_PREFIX
+- Type:        string
+- Default:     \[dq]/\[dq]
+- Examples:
+    - \[dq]/\[dq]
+        - The topmost directory accessible by rclone.
+        - This will be equivalent with \[dq]root\[dq] if rclone uses a regular HiDrive user account.
+    - \[dq]root\[dq]
+        - The topmost directory of the HiDrive user account
+    - \[dq]\[dq]
+        - This specifies that there is no root-prefix for your paths.
+        - When using this you will always need to specify paths to this remote with a valid parent e.g. \[dq]remote:/path/to/dir\[dq] or \[dq]remote:root/path/to/dir\[dq].
+
+#### --hidrive-endpoint
+
 Endpoint for the service.
-.PP
+
 This is the URL that API-calls will be made to.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]https://api.hidrive.strato.com/2.1\[dq]
-.SS --hidrive-disable-fetching-member-count
-.PP
-Do not fetch number of objects in directories unless it is absolutely
-necessary.
-.PP
-Requests may be faster if the number of objects in subdirectories is not
-fetched.
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_HIDRIVE_ENDPOINT
+- Type:        string
+- Default:     \[dq]https://api.hidrive.strato.com/2.1\[dq]
+
+#### --hidrive-disable-fetching-member-count
+
+Do not fetch number of objects in directories unless it is absolutely necessary.
+
+Requests may be faster if the number of objects in subdirectories is not fetched.
+
 Properties:
-.IP \[bu] 2
-Config: disable_fetching_member_count
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --hidrive-chunk-size
-.PP
+
+- Config:      disable_fetching_member_count
+- Env Var:     RCLONE_HIDRIVE_DISABLE_FETCHING_MEMBER_COUNT
+- Type:        bool
+- Default:     false
+
+#### --hidrive-chunk-size
+
 Chunksize for chunked uploads.
-.PP
-Any files larger than the configured cutoff (or files of unknown size)
-will be uploaded in chunks of this size.
-.PP
+
+Any files larger than the configured cutoff (or files of unknown size) will be uploaded in chunks of this size.
+
 The upper limit for this is 2147483647 bytes (about 2.000Gi).
-That is the maximum amount of bytes a single upload-operation will
-support.
-Setting this above the upper limit or to a negative value will cause
-uploads to fail.
-.PP
-Setting this to larger values may increase the upload speed at the cost
-of using more memory.
+That is the maximum amount of bytes a single upload-operation will support.
+Setting this above the upper limit or to a negative value will cause uploads to fail.
+
+Setting this to larger values may increase the upload speed at the cost of using more memory.
 It can be set to smaller values smaller to save on memory.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 48Mi
-.SS --hidrive-upload-cutoff
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_HIDRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     48Mi
+
+#### --hidrive-upload-cutoff
+
 Cutoff/Threshold for chunked uploads.
-.PP
-Any files larger than this will be uploaded in chunks of the configured
-chunksize.
-.PP
+
+Any files larger than this will be uploaded in chunks of the configured chunksize.
+
 The upper limit for this is 2147483647 bytes (about 2.000Gi).
-That is the maximum amount of bytes a single upload-operation will
-support.
+That is the maximum amount of bytes a single upload-operation will support.
 Setting this above the upper limit will cause uploads to fail.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 96Mi
-.SS --hidrive-upload-concurrency
-.PP
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_HIDRIVE_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     96Mi
+
+#### --hidrive-upload-concurrency
+
 Concurrency for chunked uploads.
-.PP
-This is the upper limit for how many transfers for the same file are
-running concurrently.
-Setting this above to a value smaller than 1 will cause uploads to
-deadlock.
-.PP
+
+This is the upper limit for how many transfers for the same file are running concurrently.
+Setting this above to a value smaller than 1 will cause uploads to deadlock.
+
 If you are uploading small numbers of large files over high-speed links
 and these uploads do not fully utilize your bandwidth, then increasing
 this may help to speed up the transfers.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_concurrency
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_UPLOAD_CONCURRENCY
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 4
-.SS --hidrive-encoding
-.PP
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_HIDRIVE_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     4
+
+#### --hidrive-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_HIDRIVE_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,Dot
-.SS Limitations
-.SS Symbolic links
-.PP
-HiDrive is able to store symbolic links (\f[I]symlinks\f[R]) by design,
+
+- Config:      encoding
+- Env Var:     RCLONE_HIDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,Dot
+
+
+
+## Limitations
+
+### Symbolic links
+
+HiDrive is able to store symbolic links (*symlinks*) by design,
 for example, when unpacked from a zip archive.
-.PP
+
 There exists no direct mechanism to manage native symlinks in remotes.
-As such this implementation has chosen to ignore any native symlinks
-present in the remote.
-rclone will not be able to access or show any symlinks stored in the
-hidrive-remote.
+As such this implementation has chosen to ignore any native symlinks present in the remote.
+rclone will not be able to access or show any symlinks stored in the hidrive-remote.
 This means symlinks cannot be individually removed, copied, or moved,
 except when removing, copying, or moving the parent folder.
-.PP
-\f[I]This does not affect the \f[CI].rclonelink\f[I]-files that rclone
-uses to encode and store symbolic links.\f[R]
-.SS Sparse files
-.PP
+
+*This does not affect the \[ga].rclonelink\[ga]-files
+that rclone uses to encode and store symbolic links.*
+
+### Sparse files
+
 It is possible to store sparse files in HiDrive.
-.PP
-Note that copying a sparse file will expand the holes into null-byte
-(0x00) regions that will then consume disk space.
-Likewise, when downloading a sparse file, the resulting file will have
-null-byte regions in the place of file holes.
-.SH HTTP
-.PP
-The HTTP remote is a read only remote for reading files of a webserver.
-The webserver should provide file listings which rclone will read and
-turn into a remote.
-This has been tested with common webservers such as Apache/Nginx/Caddy
-and will likely work with file listings from most web servers.
-(If it doesn\[aq]t then please file an issue, or send a pull request!)
-.PP
-Paths are specified as \f[C]remote:\f[R] or \f[C]remote:path\f[R].
-.PP
-The \f[C]remote:\f[R] represents the configured url, and any path
-following it will be resolved relative to this url, according to the URL
-standard.
-This means with remote url \f[C]https://beta.rclone.org/branch\f[R] and
-path \f[C]fix\f[R], the resolved URL will be
-\f[C]https://beta.rclone.org/branch/fix\f[R], while with path
-\f[C]/fix\f[R] the resolved URL will be
-\f[C]https://beta.rclone.org/fix\f[R] as the absolute path is resolved
-from the root of the domain.
-.PP
-If the path following the \f[C]remote:\f[R] ends with \f[C]/\f[R] it
-will be assumed to point to a directory.
-If the path does not end with \f[C]/\f[R], then a HEAD request is sent
-and the response used to decide if it it is treated as a file or a
-directory (run with \f[C]-vv\f[R] to see details).
-When --http-no-head is specified, a path without ending \f[C]/\f[R] is
-always assumed to be a file.
-If rclone incorrectly assumes the path is a file, the solution is to
-specify the path with ending \f[C]/\f[R].
-When you know the path is a directory, ending it with \f[C]/\f[R] is
-always better as it avoids the initial HEAD request.
-.PP
+
+Note that copying a sparse file will expand the holes
+into null-byte (0x00) regions that will then consume disk space.
+Likewise, when downloading a sparse file,
+the resulting file will have null-byte regions in the place of file holes.
+
+#  HTTP
+
+The HTTP remote is a read only remote for reading files of a
+webserver.  The webserver should provide file listings which rclone
+will read and turn into a remote.  This has been tested with common
+webservers such as Apache/Nginx/Caddy and will likely work with file
+listings from most web servers.  (If it doesn\[aq]t then please file an
+issue, or send a pull request!)
+
+Paths are specified as \[ga]remote:\[ga] or \[ga]remote:path\[ga].
+
+The \[ga]remote:\[ga] represents the configured [url](#http-url), and any path following
+it will be resolved relative to this url, according to the URL standard. This
+means with remote url \[ga]https://beta.rclone.org/branch\[ga] and path \[ga]fix\[ga], the
+resolved URL will be \[ga]https://beta.rclone.org/branch/fix\[ga], while with path
+\[ga]/fix\[ga] the resolved URL will be \[ga]https://beta.rclone.org/fix\[ga] as the absolute
+path is resolved from the root of the domain.
+
+If the path following the \[ga]remote:\[ga] ends with \[ga]/\[ga] it will be assumed to point
+to a directory. If the path does not end with \[ga]/\[ga], then a HEAD request is sent
+and the response used to decide if it it is treated as a file or a directory
+(run with \[ga]-vv\[ga] to see details). When [--http-no-head](#http-no-head) is
+specified, a path without ending \[ga]/\[ga] is always assumed to be a file. If rclone
+incorrectly assumes the path is a file, the solution is to specify the path with
+ending \[ga]/\[ga]. When you know the path is a directory, ending it with \[ga]/\[ga] is always
+better as it avoids the initial HEAD request.
+
 To just download a single file it is easier to use
-copyurl (https://rclone.org/commands/rclone_copyurl/).
-.SS Configuration
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / HTTP
-   \[rs] \[dq]http\[dq]
-[snip]
-Storage> http
-URL of http host to connect to
-Choose a number from below, or type in your own value
- 1 / Connect to example.com
-   \[rs] \[dq]https://example.com\[dq]
-url> https://beta.rclone.org
-Remote config
---------------------
-[remote]
-url = https://beta.rclone.org
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
+[copyurl](https://rclone.org/commands/rclone_copyurl/).
 
-Name                 Type
-====                 ====
-remote               http
+## Configuration
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
+Here is an example of how to make a remote called \[ga]remote\[ga].  First
+run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This remote is called \f[C]remote\f[R] and can now be used like this
-.PP
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / HTTP
+\ \[dq]http\[dq] [snip] Storage> http URL of http host to connect to
+Choose a number from below, or type in your own value 1 / Connect to
+example.com \ \[dq]https://example.com\[dq] url> https://beta.rclone.org
+Remote config -------------------- [remote] url =
+https://beta.rclone.org -------------------- y) Yes this is OK e) Edit
+this remote d) Delete this remote y/e/d> y Current remotes:
+.PP
+Name Type ==== ==== remote http
+.IP "e)" 3
+Edit existing remote
+.IP "f)" 3
+New remote
+.IP "g)" 3
+Delete remote
+.IP "h)" 3
+Rename remote
+.IP "i)" 3
+Copy remote
+.IP "j)" 3
+Set configuration password
+.IP "k)" 3
+Quit config e/n/d/r/c/s/q> q
+.IP
+.nf
+\f[C]
+This remote is called \[ga]remote\[ga] and can now be used like this
+
 See all the top level directories
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 List the contents of a directory
-.IP
-.nf
-\f[C]
-rclone ls remote:directory
-\f[R]
-.fi
-.PP
-Sync the remote \f[C]directory\f[R] to \f[C]/home/local/directory\f[R],
-deleting any excess files.
-.IP
-.nf
-\f[C]
-rclone sync --interactive remote:directory /home/local/directory
-\f[R]
-.fi
-.SS Read only
-.PP
+
+    rclone ls remote:directory
+
+Sync the remote \[ga]directory\[ga] to \[ga]/home/local/directory\[ga], deleting any excess files.
+
+    rclone sync --interactive remote:directory /home/local/directory
+
+### Read only
+
 This remote is read only - you can\[aq]t upload files to an HTTP server.
-.SS Modified time
-.PP
+
+### Modification times
+
 Most HTTP servers store time accurate to 1 second.
-.SS Checksum
-.PP
+
+### Checksum
+
 No checksums are stored.
-.SS Usage without a config file
-.PP
+
+### Usage without a config file
+
 Since the http remote only has one config parameter it is easy to use
 without a config file:
-.IP
-.nf
-\f[C]
-rclone lsd --http-url https://beta.rclone.org :http:
-\f[R]
-.fi
-.PP
+
+    rclone lsd --http-url https://beta.rclone.org :http:
+
 or:
-.IP
-.nf
-\f[C]
-rclone lsd :http,url=\[aq]https://beta.rclone.org\[aq]:
-\f[R]
-.fi
-.SS Standard options
-.PP
+
+    rclone lsd :http,url=\[aq]https://beta.rclone.org\[aq]:
+
+
+### Standard options
+
 Here are the Standard options specific to http (HTTP).
-.SS --http-url
-.PP
+
+#### --http-url
+
 URL of HTTP host to connect to.
-.PP
-E.g.
-\[dq]https://example.com\[dq], or
-\[dq]https://user:pass\[at]example.com\[dq] to use a username and
-password.
-.PP
+
+E.g. \[dq]https://example.com\[dq], or \[dq]https://user:pass\[at]example.com\[dq] to use a username and password.
+
 Properties:
-.IP \[bu] 2
-Config: url
-.IP \[bu] 2
-Env Var: RCLONE_HTTP_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS Advanced options
-.PP
+
+- Config:      url
+- Env Var:     RCLONE_HTTP_URL
+- Type:        string
+- Required:    true
+
+### Advanced options
+
 Here are the Advanced options specific to http (HTTP).
-.SS --http-headers
-.PP
+
+#### --http-headers
+
 Set HTTP headers for all transactions.
-.PP
+
 Use this to set additional HTTP headers for all transactions.
-.PP
-The input format is comma separated list of key,value pairs.
-Standard CSV encoding (https://godoc.org/encoding/csv) may be used.
-.PP
-For example, to set a Cookie use \[aq]Cookie,name=value\[aq], or
-\[aq]\[dq]Cookie\[dq],\[dq]name=value\[dq]\[aq].
-.PP
-You can set multiple headers, e.g.
-\[aq]\[dq]Cookie\[dq],\[dq]name=value\[dq],\[dq]Authorization\[dq],\[dq]xxx\[dq]\[aq].
-.PP
+
+The input format is comma separated list of key,value pairs.  Standard
+[CSV encoding](https://godoc.org/encoding/csv) may be used.
+
+For example, to set a Cookie use \[aq]Cookie,name=value\[aq], or \[aq]\[dq]Cookie\[dq],\[dq]name=value\[dq]\[aq].
+
+You can set multiple headers, e.g. \[aq]\[dq]Cookie\[dq],\[dq]name=value\[dq],\[dq]Authorization\[dq],\[dq]xxx\[dq]\[aq].
+
 Properties:
-.IP \[bu] 2
-Config: headers
-.IP \[bu] 2
-Env Var: RCLONE_HTTP_HEADERS
-.IP \[bu] 2
-Type: CommaSepList
-.IP \[bu] 2
-Default:
-.SS --http-no-slash
-.PP
+
+- Config:      headers
+- Env Var:     RCLONE_HTTP_HEADERS
+- Type:        CommaSepList
+- Default:     
+
+#### --http-no-slash
+
 Set this if the site doesn\[aq]t end directories with /.
-.PP
+
 Use this if your target website does not use / on the end of
 directories.
-.PP
+
 A / on the end of a path is how rclone normally tells the difference
-between files and directories.
-If this flag is set, then rclone will treat all files with Content-Type:
-text/html as directories and read URLs from them rather than downloading
-them.
-.PP
+between files and directories.  If this flag is set, then rclone will
+treat all files with Content-Type: text/html as directories and read
+URLs from them rather than downloading them.
+
 Note that this may cause rclone to confuse genuine HTML files with
 directories.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: no_slash
-.IP \[bu] 2
-Env Var: RCLONE_HTTP_NO_SLASH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --http-no-head
-.PP
+
+- Config:      no_slash
+- Env Var:     RCLONE_HTTP_NO_SLASH
+- Type:        bool
+- Default:     false
+
+#### --http-no-head
+
 Don\[aq]t use HEAD requests.
-.PP
+
 HEAD requests are mainly used to find file sizes in dir listing.
 If your site is being very slow to load then you can try this option.
 Normally rclone does a HEAD request for each potential file in a
 directory listing to:
-.IP \[bu] 2
-find its size
-.IP \[bu] 2
-check it really exists
-.IP \[bu] 2
-check to see if it is a directory
-.PP
-If you set this option, rclone will not do the HEAD request.
-This will mean that directory listings are much quicker, but rclone
-won\[aq]t have the times or sizes of any files, and some files that
-don\[aq]t exist may be in the listing.
-.PP
+
+- find its size
+- check it really exists
+- check to see if it is a directory
+
+If you set this option, rclone will not do the HEAD request. This will mean
+that directory listings are much quicker, but rclone won\[aq]t have the times or
+sizes of any files, and some files that don\[aq]t exist may be in the listing.
+
 Properties:
-.IP \[bu] 2
-Config: no_head
-.IP \[bu] 2
-Env Var: RCLONE_HTTP_NO_HEAD
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS Limitations
-.PP
-\f[C]rclone about\f[R] is not supported by the HTTP backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Internet Archive
-.PP
-The Internet Archive backend utilizes Items on
-archive.org (https://archive.org/)
-.PP
-Refer to IAS3 API
-documentation (https://archive.org/services/docs/api/ias3.html) for the
-API this backend uses.
-.PP
-Paths are specified as \f[C]remote:bucket\f[R] (or \f[C]remote:\f[R] for
-the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:item/path/to/dir\f[R].
-.PP
-Unlike S3, listing up all items uploaded by you isn\[aq]t supported.
-.PP
-Once you have made a remote, you can use it like this:
-.PP
-Make a new item
-.IP
-.nf
-\f[C]
-rclone mkdir remote:item
-\f[R]
-.fi
-.PP
-List the contents of a item
-.IP
-.nf
-\f[C]
-rclone ls remote:item
+
+- Config:      no_head
+- Env Var:     RCLONE_HTTP_NO_HEAD
+- Type:        bool
+- Default:     false
+
+## Backend commands
+
+Here are the commands specific to the http backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### set
+
+Set command for updating the config parameters.
+
+    rclone backend set remote: [options] [<arguments>+]
+
+This set command can be used to update the config parameters
+for a running http backend.
+
+Usage Examples:
+
+    rclone backend set remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: [-o opt_name=opt_value] [-o opt_name2=opt_value2]
+    rclone rc backend/command command=set fs=remote: -o url=https://example.com
+
+The option keys are named as they are in the config file.
+
+This rebuilds the connection to the http backend when it is called with
+the new parameters. Only new parameters need be passed as the values
+will default to those currently in use.
+
+It doesn\[aq]t return anything.
+
+
+
+
+## Limitations
+
+\[ga]rclone about\[ga] is not supported by the HTTP backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  ImageKit
+This is a backend for the [ImageKit.io](https://imagekit.io/) storage service.
+
+#### About ImageKit
+[ImageKit.io](https://imagekit.io/)  provides real-time image and video optimizations, transformations, and CDN delivery. Over 1,000 businesses and 70,000 developers trust ImageKit with their images and videos on the web.
+
+
+#### Accounts & Pricing
+
+To use this backend, you need to [create an account](https://imagekit.io/registration/) on ImageKit. Start with a free plan with generous usage limits. Then, as your requirements grow, upgrade to a plan that best fits your needs. See [the pricing details](https://imagekit.io/plans).
+
+## Configuration
+
+Here is an example of making an imagekit configuration.
+
+Firstly create a [ImageKit.io](https://imagekit.io/) account and choose a plan.
+
+You will need to log in and get the \[ga]publicKey\[ga] and \[ga]privateKey\[ga] for your account from the developer section.
+
+Now run
 \f[R]
 .fi
 .PP
-Sync \f[C]/home/local/directory\f[R] to the remote item, deleting any
-excess files in the item.
+rclone config
 .IP
 .nf
 \f[C]
-rclone sync --interactive /home/local/directory remote:item
+This will guide you through an interactive setup process:
 \f[R]
 .fi
-.SS Notes
-.PP
-Because of Internet Archive\[aq]s architecture, it enqueues write
-operations (and extra post-processings) in a per-item queue.
-You can check item\[aq]s queue at
-https://catalogd.archive.org/history/item-name-here .
-Because of that, all uploads/deletes will not show up immediately and
-takes some time to be available.
-The per-item queue is enqueued to an another queue, Item Deriver Queue.
-You can check the status of Item Deriver Queue
-here. (https://catalogd.archive.org/catalog.php?whereami=1) This queue
-has a limit, and it may block you from uploading, or even deleting.
-You should avoid uploading a lot of small files for better behavior.
-.PP
-You can optionally wait for the server\[aq]s processing to finish, by
-setting non-zero value to \f[C]wait_archive\f[R] key.
-By making it wait, rclone can do normal file comparison.
-Make sure to set a large enough value (e.g.
-\f[C]30m0s\f[R] for smaller files) as it can take a long time depending
-on server\[aq]s queue.
-.SS About metadata
-.PP
-This backend supports setting, updating and reading metadata of each
-file.
-The metadata will appear as file metadata on Internet Archive.
-However, some fields are reserved by both Internet Archive and rclone.
 .PP
-The following are reserved by Internet Archive: - \f[C]name\f[R] -
-\f[C]source\f[R] - \f[C]size\f[R] - \f[C]md5\f[R] - \f[C]crc32\f[R] -
-\f[C]sha1\f[R] - \f[C]format\f[R] - \f[C]old_version\f[R] -
-\f[C]viruscheck\f[R] - \f[C]summation\f[R]
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
 .PP
-Trying to set values to these keys is ignored with a warning.
-Only setting \f[C]mtime\f[R] is an exception.
-Doing so make it the identical behavior as setting ModTime.
+Enter the name for the new remote.
+name> imagekit-media-library
 .PP
-rclone reserves all the keys starting with \f[C]rclone-\f[R].
-Setting value for these keys will give you warnings, but values are set
-according to request.
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+[snip] XX / ImageKit.io \ (imagekit) [snip] Storage> imagekit
 .PP
-If there are multiple values for a key, only the first one is returned.
-This is a limitation of rclone, that supports one value per one key.
-It can be triggered when you did a server-side copy.
+Option endpoint.
+You can find your ImageKit.io URL endpoint in your
+dashboard (https://imagekit.io/dashboard/developer/api-keys) Enter a
+value.
+endpoint> https://ik.imagekit.io/imagekit_id
+.PP
+Option public_key.
+You can find your ImageKit.io public key in your
+dashboard (https://imagekit.io/dashboard/developer/api-keys) Enter a
+value.
+public_key> public_****************************
+.PP
+Option private_key.
+You can find your ImageKit.io private key in your
+dashboard (https://imagekit.io/dashboard/developer/api-keys) Enter a
+value.
+private_key> private_****************************
 .PP
-Reading metadata will also provide custom (non-standard nor reserved)
-ones.
-.SS Filtering auto generated files
+Edit advanced config?
+y) Yes n) No (default) y/n> n
 .PP
-The Internet Archive automatically creates metadata files after upload.
-These can cause problems when doing an \f[C]rclone sync\f[R] as rclone
-will try, and fail, to delete them.
-These metadata files are not changeable, as they are created by the
-Internet Archive automatically.
+Configuration complete.
+Options: - type: imagekit - endpoint: https://ik.imagekit.io/imagekit_id
+- public_key: public_**************************** - private_key:
+private_****************************
 .PP
-These auto-created files can be excluded from the sync using metadata
-filtering (https://rclone.org/filtering/#metadata).
+Keep this \[dq]imagekit-media-library\[dq] remote?
+y) Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d> y
 .IP
 .nf
 \f[C]
-rclone sync ... --metadata-exclude \[dq]source=metadata\[dq] --metadata-exclude \[dq]format=Metadata\[dq]
+List directories in the top level of your Media Library
 \f[R]
 .fi
 .PP
-Which excludes from the sync any files which have the
-\f[C]source=metadata\f[R] or \f[C]format=Metadata\f[R] flags which are
-added to Internet Archive auto-created files.
-.SS Configuration
-.PP
-Here is an example of making an internetarchive configuration.
-Most applies to the other providers as well, any differences are
-described below.
-.PP
-First run
+rclone lsd imagekit-media-library:
 .IP
 .nf
 \f[C]
-rclone config
+Make a new directory.
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process.
+rclone mkdir imagekit-media-library:directory
 .IP
 .nf
 \f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Option Storage.
-Type of storage to configure.
-Choose a number from below, or type in your own value.
-XX / InternetArchive Items
-   \[rs] (internetarchive)
-Storage> internetarchive
-Option access_key_id.
-IAS3 Access Key.
-Leave blank for anonymous access.
-You can find one here: https://archive.org/account/s3.php
-Enter a value. Press Enter to leave empty.
-access_key_id> XXXX
-Option secret_access_key.
-IAS3 Secret Key (password).
-Leave blank for anonymous access.
-Enter a value. Press Enter to leave empty.
-secret_access_key> XXXX
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> y
-Option endpoint.
-IAS3 Endpoint.
-Leave blank for default value.
-Enter a string value. Press Enter for the default (https://s3.us.archive.org).
-endpoint> 
-Option front_endpoint.
-Host of InternetArchive Frontend.
-Leave blank for default value.
-Enter a string value. Press Enter for the default (https://archive.org).
-front_endpoint> 
-Option disable_checksum.
-Don\[aq]t store MD5 checksum with object metadata.
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can ask the server to check the object against checksum.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
-Enter a boolean value (true or false). Press Enter for the default (true).
-disable_checksum> true
-Option encoding.
-The encoding for the backend.
-See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
-Enter a encoder.MultiEncoder value. Press Enter for the default (Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot).
-encoding> 
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-[remote]
-type = internetarchive
-access_key_id = XXXX
-secret_access_key = XXXX
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+List the contents of a directory.
 \f[R]
 .fi
-.SS Standard options
-.PP
-Here are the Standard options specific to internetarchive (Internet
-Archive).
-.SS --internetarchive-access-key-id
-.PP
-IAS3 Access Key.
-.PP
-Leave blank for anonymous access.
-You can find one here: https://archive.org/account/s3.php
-.PP
-Properties:
-.IP \[bu] 2
-Config: access_key_id
-.IP \[bu] 2
-Env Var: RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --internetarchive-secret-access-key
-.PP
-IAS3 Secret Key (password).
-.PP
-Leave blank for anonymous access.
-.PP
-Properties:
-.IP \[bu] 2
-Config: secret_access_key
-.IP \[bu] 2
-Env Var: RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
-Here are the Advanced options specific to internetarchive (Internet
-Archive).
-.SS --internetarchive-endpoint
-.PP
-IAS3 Endpoint.
-.PP
-Leave blank for default value.
 .PP
+rclone ls imagekit-media-library:directory
+.IP
+.nf
+\f[C]
+###   Modified time and hashes
+
+ImageKit does not support modification times or hashes yet.
+
+### Checksums
+
+No checksums are supported.
+
+
+### Standard options
+
+Here are the Standard options specific to imagekit (ImageKit.io).
+
+#### --imagekit-endpoint
+
+You can find your ImageKit.io URL endpoint in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_INTERNETARCHIVE_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]https://s3.us.archive.org\[dq]
-.SS --internetarchive-front-endpoint
-.PP
-Host of InternetArchive Frontend.
-.PP
-Leave blank for default value.
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_IMAGEKIT_ENDPOINT
+- Type:        string
+- Required:    true
+
+#### --imagekit-public-key
+
+You can find your ImageKit.io public key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
 Properties:
-.IP \[bu] 2
-Config: front_endpoint
-.IP \[bu] 2
-Env Var: RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]https://archive.org\[dq]
-.SS --internetarchive-disable-checksum
-.PP
-Don\[aq]t ask the server to test against MD5 checksum calculated by
-rclone.
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can ask the server to check the object against
-checksum.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
-.PP
+
+- Config:      public_key
+- Env Var:     RCLONE_IMAGEKIT_PUBLIC_KEY
+- Type:        string
+- Required:    true
+
+#### --imagekit-private-key
+
+You can find your ImageKit.io private key in your [dashboard](https://imagekit.io/dashboard/developer/api-keys)
+
 Properties:
-.IP \[bu] 2
-Config: disable_checksum
-.IP \[bu] 2
-Env Var: RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: true
-.SS --internetarchive-wait-archive
-.PP
-Timeout for waiting the server\[aq]s processing tasks (specifically
-archive and book_op) to finish.
-Only enable if you need to be guaranteed to be reflected after write
-operations.
-0 to disable waiting.
-No errors to be thrown in case of timeout.
-.PP
+
+- Config:      private_key
+- Env Var:     RCLONE_IMAGEKIT_PRIVATE_KEY
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to imagekit (ImageKit.io).
+
+#### --imagekit-only-signed
+
+If you have configured \[ga]Restrict unsigned image URLs\[ga] in your dashboard settings, set this to true.
+
 Properties:
-.IP \[bu] 2
-Config: wait_archive
-.IP \[bu] 2
-Env Var: RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 0s
-.SS --internetarchive-encoding
-.PP
-The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+- Config:      only_signed
+- Env Var:     RCLONE_IMAGEKIT_ONLY_SIGNED
+- Type:        bool
+- Default:     false
+
+#### --imagekit-versions
+
+Include old versions in directory listings.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_INTERNETARCHIVE_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
-.SS Metadata
-.PP
-Metadata fields provided by Internet Archive.
-If there are multiple values for a key, only the first one is returned.
-This is a limitation of Rclone, that supports one value per one key.
-.PP
-Owner is able to add custom keys.
-Metadata feature grabs all the keys including them.
-.PP
-Here are the possible system metadata items for the internetarchive
-backend.
-.PP
-.TS
-tab(@);
-lw(11.1n) lw(11.1n) lw(11.1n) lw(16.6n) lw(20.3n).
-T{
-Name
-T}@T{
-Help
-T}@T{
-Type
-T}@T{
-Example
-T}@T{
-Read Only
-T}
-_
-T{
-crc32
-T}@T{
-CRC32 calculated by Internet Archive
-T}@T{
-string
-T}@T{
-01234567
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-format
-T}@T{
-Name of format identified by Internet Archive
-T}@T{
-string
-T}@T{
-Comma-Separated Values
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-md5
-T}@T{
-MD5 hash calculated by Internet Archive
-T}@T{
-string
-T}@T{
-01234567012345670123456701234567
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-mtime
-T}@T{
-Time of last modification, managed by Rclone
-T}@T{
-RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-name
-T}@T{
-Full file path, without the bucket part
-T}@T{
-filename
-T}@T{
-backend/internetarchive/internetarchive.go
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-old_version
-T}@T{
-Whether the file was replaced and moved by keep-old-version flag
-T}@T{
-boolean
-T}@T{
-true
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-rclone-ia-mtime
-T}@T{
-Time of last modification, managed by Internet Archive
-T}@T{
-RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z
-T}@T{
-N
-T}
-T{
-rclone-mtime
-T}@T{
-Time of last modification, managed by Rclone
-T}@T{
-RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z
-T}@T{
-N
-T}
-T{
-rclone-update-track
-T}@T{
-Random value used by Rclone for tracking changes inside Internet Archive
-T}@T{
-string
-T}@T{
-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-T}@T{
-N
-T}
-T{
-sha1
-T}@T{
-SHA1 hash calculated by Internet Archive
-T}@T{
-string
-T}@T{
-0123456701234567012345670123456701234567
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-size
-T}@T{
-File size in bytes
-T}@T{
-decimal number
-T}@T{
-123456
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-source
-T}@T{
-The source of the file
-T}@T{
-string
-T}@T{
-original
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-summation
-T}@T{
-Check https://forum.rclone.org/t/31922 for how it is used
-T}@T{
-string
-T}@T{
-md5
-T}@T{
-\f[B]Y\f[R]
-T}
-T{
-viruscheck
-T}@T{
-The last time viruscheck process was run for the file (?)
-T}@T{
-unixtime
-T}@T{
-1654191352
-T}@T{
-\f[B]Y\f[R]
-T}
-.TE
-.PP
-See the metadata (https://rclone.org/docs/#metadata) docs for more info.
-.SH Jottacloud
-.PP
-Jottacloud is a cloud storage service provider from a Norwegian company,
-using its own datacenters in Norway.
-In addition to the official service at
-jottacloud.com (https://www.jottacloud.com/), it also provides
-white-label solutions to different companies, such as: * Telia * Telia
-Cloud (cloud.telia.se) * Telia Sky (sky.telia.no) * Tele2 * Tele2 Cloud
-(mittcloud.tele2.se) * Elkj\[/o]p (with subsidiaries): * Elkj\[/o]p
-Cloud (cloud.elkjop.no) * Elgiganten Sweden (cloud.elgiganten.se) *
-Elgiganten Denmark (cloud.elgiganten.dk) * Giganti Cloud
-(cloud.gigantti.fi) * ELKO Cloud (cloud.elko.is)
-.PP
-Most of the white-label versions are supported by this backend, although
-may require different authentication setup - described below.
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Authentication types
-.PP
-Some of the whitelabel versions uses a different authentication method
-than the official service, and you have to choose the correct one when
-setting up the remote.
-.SS Standard authentication
-.PP
-The standard authentication method used by the official service
-(jottacloud.com), as well as some of the whitelabel services, requires
-you to generate a single-use personal login token from the account
-security settings in the service\[aq]s web interface.
-Log in to your account, go to \[dq]Settings\[dq] and then
-\[dq]Security\[dq], or use the direct link presented to you by rclone
-when configuring the remote: <https://www.jottacloud.com/web/secure>.
-Scroll down to the section \[dq]Personal login token\[dq], and click the
-\[dq]Generate\[dq] button.
-Note that if you are using a whitelabel service you probably can\[aq]t
-use the direct link, you need to find the same page in their dedicated
-web interface, and also it may be in a different location than described
-above.
-.PP
-To access your account from multiple instances of rclone, you need to
-configure each of them with a separate personal login token.
-E.g.
-you create a Jottacloud remote with rclone in one location, and copy the
-configuration file to a second location where you also want to run
-rclone and access the same remote.
-Then you need to replace the token for one of them, using the config
-reconnect (https://rclone.org/commands/rclone_config_reconnect/)
-command, which requires you to generate a new personal login token and
-supply as input.
-If you do not do this, the token may easily end up being invalidated,
-resulting in both instances failing with an error message something
-along the lines of:
-.IP
-.nf
-\f[C]
-oauth2: cannot fetch token: 400 Bad Request
-Response: {\[dq]error\[dq]:\[dq]invalid_grant\[dq],\[dq]error_description\[dq]:\[dq]Stale token\[dq]}
+
+- Config:      versions
+- Env Var:     RCLONE_IMAGEKIT_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --imagekit-upload-tags
+
+Tags to add to the uploaded files, e.g. \[dq]tag1,tag2\[dq].
+
+Properties:
+
+- Config:      upload_tags
+- Env Var:     RCLONE_IMAGEKIT_UPLOAD_TAGS
+- Type:        string
+- Required:    false
+
+#### --imagekit-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_IMAGEKIT_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Dollar,Question,Hash,Percent,BackSlash,Del,Ctl,InvalidUtf8,Dot,SquareBracket
+
+### Metadata
+
+Any metadata supported by the underlying remote is read and written.
+
+Here are the possible system metadata items for the imagekit backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| aws-tags | AI generated tags by AWS Rekognition associated with the image | string | tag1,tag2 | **Y** |
+| btime | Time of file birth (creation) read from Last-Modified header | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+| custom-coordinates | Custom coordinates of the file | string | 0,0,100,100 | **Y** |
+| file-type | Type of the file | string | image | **Y** |
+| google-tags | AI generated tags by Google Cloud Vision associated with the image | string | tag1,tag2 | **Y** |
+| has-alpha | Whether the image has alpha channel or not | bool |  | **Y** |
+| height | Height of the image or video in pixels | int |  | **Y** |
+| is-private-file | Whether the file is private or not | bool |  | **Y** |
+| size | Size of the object in bytes | int64 |  | **Y** |
+| tags | Tags associated with the file | string | tag1,tag2 | **Y** |
+| width | Width of the image or video in pixels | int |  | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Internet Archive
+
+The Internet Archive backend utilizes Items on [archive.org](https://archive.org/)
+
+Refer to [IAS3 API documentation](https://archive.org/services/docs/api/ias3.html) for the API this backend uses.
+
+Paths are specified as \[ga]remote:bucket\[ga] (or \[ga]remote:\[ga] for the \[ga]lsd\[ga]
+command.)  You may put subdirectories in too, e.g. \[ga]remote:item/path/to/dir\[ga].
+
+Unlike S3, listing up all items uploaded by you isn\[aq]t supported.
+
+Once you have made a remote, you can use it like this:
+
+Make a new item
+
+    rclone mkdir remote:item
+
+List the contents of a item
+
+    rclone ls remote:item
+
+Sync \[ga]/home/local/directory\[ga] to the remote item, deleting any excess
+files in the item.
+
+    rclone sync --interactive /home/local/directory remote:item
+
+## Notes
+Because of Internet Archive\[aq]s architecture, it enqueues write operations (and extra post-processings) in a per-item queue. You can check item\[aq]s queue at https://catalogd.archive.org/history/item-name-here . Because of that, all uploads/deletes will not show up immediately and takes some time to be available.
+The per-item queue is enqueued to an another queue, Item Deriver Queue. [You can check the status of Item Deriver Queue here.](https://catalogd.archive.org/catalog.php?whereami=1) This queue has a limit, and it may block you from uploading, or even deleting. You should avoid uploading a lot of small files for better behavior.
+
+You can optionally wait for the server\[aq]s processing to finish, by setting non-zero value to \[ga]wait_archive\[ga] key.
+By making it wait, rclone can do normal file comparison.
+Make sure to set a large enough value (e.g. \[ga]30m0s\[ga] for smaller files) as it can take a long time depending on server\[aq]s queue.
+
+## About metadata
+This backend supports setting, updating and reading metadata of each file.
+The metadata will appear as file metadata on Internet Archive.
+However, some fields are reserved by both Internet Archive and rclone.
+
+The following are reserved by Internet Archive:
+- \[ga]name\[ga]
+- \[ga]source\[ga]
+- \[ga]size\[ga]
+- \[ga]md5\[ga]
+- \[ga]crc32\[ga]
+- \[ga]sha1\[ga]
+- \[ga]format\[ga]
+- \[ga]old_version\[ga]
+- \[ga]viruscheck\[ga]
+- \[ga]summation\[ga]
+
+Trying to set values to these keys is ignored with a warning.
+Only setting \[ga]mtime\[ga] is an exception. Doing so make it the identical behavior as setting ModTime.
+
+rclone reserves all the keys starting with \[ga]rclone-\[ga]. Setting value for these keys will give you warnings, but values are set according to request.
+
+If there are multiple values for a key, only the first one is returned.
+This is a limitation of rclone, that supports one value per one key.
+It can be triggered when you did a server-side copy.
+
+Reading metadata will also provide custom (non-standard nor reserved) ones.
+
+## Filtering auto generated files
+
+The Internet Archive automatically creates metadata files after
+upload. These can cause problems when doing an \[ga]rclone sync\[ga] as rclone
+will try, and fail, to delete them. These metadata files are not
+changeable, as they are created by the Internet Archive automatically.
+
+These auto-created files can be excluded from the sync using [metadata
+filtering](https://rclone.org/filtering/#metadata).
+
+    rclone sync ... --metadata-exclude \[dq]source=metadata\[dq] --metadata-exclude \[dq]format=Metadata\[dq]
+
+Which excludes from the sync any files which have the
+\[ga]source=metadata\[ga] or \[ga]format=Metadata\[ga] flags which are added to
+Internet Archive auto-created files.
+
+## Configuration
+
+Here is an example of making an internetarchive configuration.
+Most applies to the other providers as well, any differences are described [below](#providers).
+
+First run
+
+    rclone config
+
+This will guide you through an interactive setup process.
 \f[R]
 .fi
 .PP
-When this happens, you need to replace the token as described above to
-be able to use your remote again.
-.PP
-All personal login tokens you have taken into use will be listed in the
-web interface under \[dq]My logged in devices\[dq], and from the right
-side of that list you can click the \[dq]X\[dq] button to revoke
-individual tokens.
-.SS Legacy authentication
-.PP
-If you are using one of the whitelabel versions (e.g.
-from Elkj\[/o]p) you may not have the option to generate a CLI token.
-In this case you\[aq]ll have to use the legacy authentication.
-To do this select yes when the setup asks for legacy authentication and
-enter your username and password.
-The rest of the setup is identical to the default setup.
-.SS Telia Cloud authentication
-.PP
-Similar to other whitelabel versions Telia Cloud doesn\[aq]t offer the
-option of creating a CLI token, and additionally uses a separate
-authentication flow where the username is generated internally.
-To setup rclone to use Telia Cloud, choose Telia Cloud authentication in
-the setup.
-The rest of the setup is identical to the default setup.
-.SS Tele2 Cloud authentication
-.PP
-As Tele2-Com Hem merger was completed this authentication can be used
-for former Com Hem Cloud and Tele2 Cloud customers as no support for
-creating a CLI token exists, and additionally uses a separate
-authentication flow where the username is generated internally.
-To setup rclone to use Tele2 Cloud, choose Tele2 Cloud authentication in
-the setup.
-The rest of the setup is identical to the default setup.
-.SS Configuration
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R] with
-the default setup.
-First run:
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+XX / InternetArchive Items \ (internetarchive) Storage> internetarchive
+Option access_key_id.
+IAS3 Access Key.
+Leave blank for anonymous access.
+You can find one here: https://archive.org/account/s3.php Enter a value.
+Press Enter to leave empty.
+access_key_id> XXXX Option secret_access_key.
+IAS3 Secret Key (password).
+Leave blank for anonymous access.
+Enter a value.
+Press Enter to leave empty.
+secret_access_key> XXXX Edit advanced config?
+y) Yes n) No (default) y/n> y Option endpoint.
+IAS3 Endpoint.
+Leave blank for default value.
+Enter a string value.
+Press Enter for the default (https://s3.us.archive.org).
+endpoint> Option front_endpoint.
+Host of InternetArchive Frontend.
+Leave blank for default value.
+Enter a string value.
+Press Enter for the default (https://archive.org).
+front_endpoint> Option disable_checksum.
+Don\[aq]t store MD5 checksum with object metadata.
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can ask the server to check the object against
+checksum.
+This is great for data integrity checking but can cause long delays for
+large files to start uploading.
+Enter a boolean value (true or false).
+Press Enter for the default (true).
+disable_checksum> true Option encoding.
+The encoding for the backend.
+See the encoding section in the
+overview (https://rclone.org/overview/#encoding) for more info.
+Enter a encoder.MultiEncoder value.
+Press Enter for the default
+(Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot).
+encoding> Edit advanced config?
+y) Yes n) No (default) y/n> n -------------------- [remote] type =
+internetarchive access_key_id = XXXX secret_access_key = XXXX
+-------------------- y) Yes this is OK (default) e) Edit this remote d)
+Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone config
+
+### Standard options
+
+Here are the Standard options specific to internetarchive (Internet Archive).
+
+#### --internetarchive-access-key-id
+
+IAS3 Access Key.
+
+Leave blank for anonymous access.
+You can find one here: https://archive.org/account/s3.php
+
+Properties:
+
+- Config:      access_key_id
+- Env Var:     RCLONE_INTERNETARCHIVE_ACCESS_KEY_ID
+- Type:        string
+- Required:    false
+
+#### --internetarchive-secret-access-key
+
+IAS3 Secret Key (password).
+
+Leave blank for anonymous access.
+
+Properties:
+
+- Config:      secret_access_key
+- Env Var:     RCLONE_INTERNETARCHIVE_SECRET_ACCESS_KEY
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to internetarchive (Internet Archive).
+
+#### --internetarchive-endpoint
+
+IAS3 Endpoint.
+
+Leave blank for default value.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_INTERNETARCHIVE_ENDPOINT
+- Type:        string
+- Default:     \[dq]https://s3.us.archive.org\[dq]
+
+#### --internetarchive-front-endpoint
+
+Host of InternetArchive Frontend.
+
+Leave blank for default value.
+
+Properties:
+
+- Config:      front_endpoint
+- Env Var:     RCLONE_INTERNETARCHIVE_FRONT_ENDPOINT
+- Type:        string
+- Default:     \[dq]https://archive.org\[dq]
+
+#### --internetarchive-disable-checksum
+
+Don\[aq]t ask the server to test against MD5 checksum calculated by rclone.
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can ask the server to check the object against checksum.
+This is great for data integrity checking but can cause long delays for
+large files to start uploading.
+
+Properties:
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_INTERNETARCHIVE_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     true
+
+#### --internetarchive-wait-archive
+
+Timeout for waiting the server\[aq]s processing tasks (specifically archive and book_op) to finish.
+Only enable if you need to be guaranteed to be reflected after write operations.
+0 to disable waiting. No errors to be thrown in case of timeout.
+
+Properties:
+
+- Config:      wait_archive
+- Env Var:     RCLONE_INTERNETARCHIVE_WAIT_ARCHIVE
+- Type:        Duration
+- Default:     0s
+
+#### --internetarchive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_INTERNETARCHIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,CrLf,Del,Ctl,InvalidUtf8,Dot
+
+### Metadata
+
+Metadata fields provided by Internet Archive.
+If there are multiple values for a key, only the first one is returned.
+This is a limitation of Rclone, that supports one value per one key.
+
+Owner is able to add custom keys. Metadata feature grabs all the keys including them.
+
+Here are the possible system metadata items for the internetarchive backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| crc32 | CRC32 calculated by Internet Archive | string | 01234567 | **Y** |
+| format | Name of format identified by Internet Archive | string | Comma-Separated Values | **Y** |
+| md5 | MD5 hash calculated by Internet Archive | string | 01234567012345670123456701234567 | **Y** |
+| mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | **Y** |
+| name | Full file path, without the bucket part | filename | backend/internetarchive/internetarchive.go | **Y** |
+| old_version | Whether the file was replaced and moved by keep-old-version flag | boolean | true | **Y** |
+| rclone-ia-mtime | Time of last modification, managed by Internet Archive | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+| rclone-mtime | Time of last modification, managed by Rclone | RFC 3339 | 2006-01-02T15:04:05.999999999Z | N |
+| rclone-update-track | Random value used by Rclone for tracking changes inside Internet Archive | string | aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | N |
+| sha1 | SHA1 hash calculated by Internet Archive | string | 0123456701234567012345670123456701234567 | **Y** |
+| size | File size in bytes | decimal number | 123456 | **Y** |
+| source | The source of the file | string | original | **Y** |
+| summation | Check https://forum.rclone.org/t/31922 for how it is used | string | md5 | **Y** |
+| viruscheck | The last time viruscheck process was run for the file (?) | unixtime | 1654191352 | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+#  Jottacloud
+
+Jottacloud is a cloud storage service provider from a Norwegian company, using its own datacenters
+in Norway. In addition to the official service at [jottacloud.com](https://www.jottacloud.com/),
+it also provides white-label solutions to different companies, such as:
+* Telia
+  * Telia Cloud (cloud.telia.se)
+  * Telia Sky (sky.telia.no)
+* Tele2
+  * Tele2 Cloud (mittcloud.tele2.se)
+* Onlime
+  * Onlime Cloud Storage (onlime.dk)
+* Elkj\[/o]p (with subsidiaries):
+  * Elkj\[/o]p Cloud (cloud.elkjop.no)
+  * Elgiganten Sweden (cloud.elgiganten.se)
+  * Elgiganten Denmark (cloud.elgiganten.dk)
+  * Giganti Cloud  (cloud.gigantti.fi)
+  * ELKO Cloud (cloud.elko.is)
+
+Most of the white-label versions are supported by this backend, although may require different
+authentication setup - described below.
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Authentication types
+
+Some of the whitelabel versions uses a different authentication method than the official service,
+and you have to choose the correct one when setting up the remote.
+
+### Standard authentication
+
+The standard authentication method used by the official service (jottacloud.com), as well as
+some of the whitelabel services, requires you to generate a single-use personal login token
+from the account security settings in the service\[aq]s web interface. Log in to your account,
+go to \[dq]Settings\[dq] and then \[dq]Security\[dq], or use the direct link presented to you by rclone when
+configuring the remote: <https://www.jottacloud.com/web/secure>. Scroll down to the section
+\[dq]Personal login token\[dq], and click the \[dq]Generate\[dq] button. Note that if you are using a
+whitelabel service you probably can\[aq]t use the direct link, you need to find the same page in
+their dedicated web interface, and also it may be in a different location than described above.
+
+To access your account from multiple instances of rclone, you need to configure each of them
+with a separate personal login token. E.g. you create a Jottacloud remote with rclone in one
+location, and copy the configuration file to a second location where you also want to run
+rclone and access the same remote. Then you need to replace the token for one of them, using
+the [config reconnect](https://rclone.org/commands/rclone_config_reconnect/) command, which
+requires you to generate a new personal login token and supply as input. If you do not
+do this, the token may easily end up being invalidated, resulting in both instances failing
+with an error message something along the lines of:
+
+    oauth2: cannot fetch token: 400 Bad Request
+    Response: {\[dq]error\[dq]:\[dq]invalid_grant\[dq],\[dq]error_description\[dq]:\[dq]Stale token\[dq]}
+
+When this happens, you need to replace the token as described above to be able to use your
+remote again.
+
+All personal login tokens you have taken into use will be listed in the web interface under
+\[dq]My logged in devices\[dq], and from the right side of that list you can click the \[dq]X\[dq] button to
+revoke individual tokens.
+
+### Legacy authentication
+
+If you are using one of the whitelabel versions (e.g. from Elkj\[/o]p) you may not have the option
+to generate a CLI token. In this case you\[aq]ll have to use the legacy authentication. To do this select
+yes when the setup asks for legacy authentication and enter your username and password.
+The rest of the setup is identical to the default setup.
+
+### Telia Cloud authentication
+
+Similar to other whitelabel versions Telia Cloud doesn\[aq]t offer the option of creating a CLI token, and
+additionally uses a separate authentication flow where the username is generated internally. To setup
+rclone to use Telia Cloud, choose Telia Cloud authentication in the setup. The rest of the setup is
+identical to the default setup.
+
+### Tele2 Cloud authentication
+
+As Tele2-Com Hem merger was completed this authentication can be used for former Com Hem Cloud and
+Tele2 Cloud customers as no support for creating a CLI token exists, and additionally uses a separate
+authentication flow where the username is generated internally. To setup rclone to use Tele2 Cloud,
+choose Tele2 Cloud authentication in the setup. The rest of the setup is identical to the default setup.
+
+### Onlime Cloud Storage authentication
+
+Onlime has sold access to Jottacloud proper, while providing localized support to Danish Customers, but
+have recently set up their own hosting, transferring their customers from Jottacloud servers to their
+own ones.
+
+This, of course, necessitates using their servers for authentication, but otherwise functionality and
+architecture seems equivalent to Jottacloud.
+
+To setup rclone to use Onlime Cloud Storage, choose Onlime Cloud authentication in the setup. The rest
+of the setup is identical to the default setup.
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]remote\[ga] with the default setup.  First run:
+
+    rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Option Storage.
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
-[snip]
-XX / Jottacloud
-   \[rs] (jottacloud)
-[snip]
-Storage> jottacloud
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
-Option config_type.
+[snip] XX / Jottacloud \ (jottacloud) [snip] Storage> jottacloud Edit
+advanced config?
+y) Yes n) No (default) y/n> n Option config_type.
 Select authentication type.
 Choose a number from below, or type in an existing string value.
 Press Enter for the default (standard).
-   / Standard authentication.
- 1 | Use this if you\[aq]re a normal Jottacloud user.
-   \[rs] (standard)
-   / Legacy authentication.
- 2 | This is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.
-   \[rs] (legacy)
-   / Telia Cloud authentication.
- 3 | Use this if you are using Telia Cloud.
-   \[rs] (telia)
-   / Tele2 Cloud authentication.
- 4 | Use this if you are using Tele2 Cloud.
-   \[rs] (tele2)
-config_type> 1
-Personal login token.
-Generate here: https://www.jottacloud.com/web/secure
-Login Token> <your token here>
-Use a non-standard device/mountpoint?
-Choosing no, the default, will let you access the storage used for the archive
-section of the official Jottacloud client. If you instead want to access the
-sync or the backup section, for example, you must choose yes.
-y) Yes
-n) No (default)
-y/n> y
-Option config_device.
-The device to use. In standard setup the built-in Jotta device is used,
-which contains predefined mountpoints for archive, sync etc. All other devices
-are treated as backup devices by the official Jottacloud client. You may create
-a new by entering a unique name.
+/ Standard authentication.
+1 | Use this if you\[aq]re a normal Jottacloud user.
+\ (standard) / Legacy authentication.
+2 | This is only required for certain whitelabel versions of Jottacloud
+and not recommended for normal users.
+\ (legacy) / Telia Cloud authentication.
+3 | Use this if you are using Telia Cloud.
+\ (telia) / Tele2 Cloud authentication.
+4 | Use this if you are using Tele2 Cloud.
+\ (tele2) / Onlime Cloud authentication.
+5 | Use this if you are using Onlime Cloud.
+\ (onlime) config_type> 1 Personal login token.
+Generate here: https://www.jottacloud.com/web/secure Login Token> Use a
+non-standard device/mountpoint?
+Choosing no, the default, will let you access the storage used for the
+archive section of the official Jottacloud client.
+If you instead want to access the sync or the backup section, for
+example, you must choose yes.
+y) Yes n) No (default) y/n> y Option config_device.
+The device to use.
+In standard setup the built-in Jotta device is used, which contains
+predefined mountpoints for archive, sync etc.
+All other devices are treated as backup devices by the official
+Jottacloud client.
+You may create a new by entering a unique name.
 Choose a number from below, or type in your own string value.
 Press Enter for the default (DESKTOP-3H31129).
- 1 > DESKTOP-3H31129
- 2 > Jotta
-config_device> 2
-Option config_mountpoint.
+1 > DESKTOP-3H31129 2 > Jotta config_device> 2 Option config_mountpoint.
 The mountpoint to use for the built-in device Jotta.
-The standard setup is to use the Archive mountpoint. Most other mountpoints
-have very limited support in rclone and should generally be avoided.
+The standard setup is to use the Archive mountpoint.
+Most other mountpoints have very limited support in rclone and should
+generally be avoided.
 Choose a number from below, or type in an existing string value.
 Press Enter for the default (Archive).
- 1 > Archive
- 2 > Shared
- 3 > Sync
-config_mountpoint> 1
---------------------
-[remote]
-type = jottacloud
-configVersion = 1
-client_id = jottacli
-client_secret =
-tokenURL = https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token
-token = {........}
-username = 2940e57271a93d987d6f8a21
-device = Jotta
-mountpoint = Archive
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your Jottacloud
+1 > Archive 2 > Shared 3 > Sync config_mountpoint> 1
+-------------------- [remote] type = jottacloud configVersion = 1
+client_id = jottacli client_secret = tokenURL =
+https://id.jottacloud.com/auth/realms/jottacloud/protocol/openid-connect/token
+token = {........} username = 2940e57271a93d987d6f8a21 device = Jotta
+mountpoint = Archive -------------------- y) Yes this is OK (default) e)
+Edit this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your Jottacloud
+
+    rclone lsd remote:
+
 List all the files in your Jottacloud
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to an Jottacloud directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Devices and Mountpoints
-.PP
-The official Jottacloud client registers a device for each computer you
-install it on, and shows them in the backup section of the user
-interface.
-For each folder you select for backup it will create a mountpoint within
-this device.
-A built-in device called Jotta is special, and contains mountpoints
-Archive, Sync and some others, used for corresponding features in
-official clients.
-.PP
-With rclone you\[aq]ll want to use the standard Jotta/Archive
-device/mountpoint in most cases.
-However, you may for example want to access files from the sync or
-backup functionality provided by the official clients, and rclone
-therefore provides the option to select other devices and mountpoints
-during config.
-.PP
-You are allowed to create new devices and mountpoints.
-All devices except the built-in Jotta device are treated as backup
-devices by official Jottacloud clients, and the mountpoints on them are
-individual backup sets.
-.PP
-With the built-in Jotta device, only existing, built-in, mountpoints can
-be selected.
-In addition to the mentioned Archive and Sync, it may contain several
-other mountpoints such as: Latest, Links, Shared and Trash.
-All of these are special mountpoints with a different internal
-representation than the \[dq]regular\[dq] mountpoints.
-Rclone will only to a very limited degree support them.
-Generally you should avoid these, unless you know what you are doing.
-.SS --fast-list
-.PP
-This remote supports \f[C]--fast-list\f[R] which allows you to use fewer
-transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
-.PP
-Note that the implementation in Jottacloud always uses only a single API
-request to get the entire list, so for large folders this could lead to
-long wait time before the first results are shown.
-.PP
-Note also that with rclone version 1.58 and newer information about MIME
-types (https://rclone.org/overview/#mime-type) are not available when
-using \f[C]--fast-list\f[R].
-.SS Modified time and hashes
-.PP
+
+    rclone copy /home/source remote:backup
+
+### Devices and Mountpoints
+
+The official Jottacloud client registers a device for each computer you install
+it on, and shows them in the backup section of the user interface. For each
+folder you select for backup it will create a mountpoint within this device.
+A built-in device called Jotta is special, and contains mountpoints Archive,
+Sync and some others, used for corresponding features in official clients.
+
+With rclone you\[aq]ll want to use the standard Jotta/Archive device/mountpoint in
+most cases. However, you may for example want to access files from the sync or
+backup functionality provided by the official clients, and rclone therefore
+provides the option to select other devices and mountpoints during config.
+
+You are allowed to create new devices and mountpoints. All devices except the
+built-in Jotta device are treated as backup devices by official Jottacloud
+clients, and the mountpoints on them are individual backup sets.
+
+With the built-in Jotta device, only existing, built-in, mountpoints can be
+selected. In addition to the mentioned Archive and Sync, it may contain
+several other mountpoints such as: Latest, Links, Shared and Trash. All of
+these are special mountpoints with a different internal representation than
+the \[dq]regular\[dq] mountpoints. Rclone will only to a very limited degree support
+them. Generally you should avoid these, unless you know what you are doing.
+
+### --fast-list
+
+This backend supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+Note that the implementation in Jottacloud always uses only a single
+API request to get the entire list, so for large folders this could
+lead to long wait time before the first results are shown.
+
+Note also that with rclone version 1.58 and newer, information about
+[MIME types](https://rclone.org/overview/#mime-type) and metadata item [utime](#metadata)
+are not available when using \[ga]--fast-list\[ga].
+
+### Modification times and hashes
+
 Jottacloud allows modification times to be set on objects accurate to 1
-second.
-These will be used to detect whether objects need syncing or not.
-.PP
-Jottacloud supports MD5 type hashes, so you can use the
-\f[C]--checksum\f[R] flag.
-.PP
+second. These will be used to detect whether objects need syncing or
+not.
+
+Jottacloud supports MD5 type hashes, so you can use the \[ga]--checksum\[ga]
+flag.
+
 Note that Jottacloud requires the MD5 hash before upload so if the
 source does not have an MD5 checksum then the file will be cached
 temporarily on disk (in location given by
---temp-dir (https://rclone.org/docs/#temp-dir-dir)) before it is
-uploaded.
+[--temp-dir](https://rclone.org/docs/#temp-dir-dir)) before it is uploaded.
 Small files will be cached in memory - see the
---jottacloud-md5-memory-limit flag.
+[--jottacloud-md5-memory-limit](#jottacloud-md5-memory-limit) flag.
 When uploading from local disk the source checksum is always available,
-so this does not apply.
-Starting with rclone version 1.52 the same is true for crypted remotes
-(in older versions the crypt backend would not calculate hashes for
-uploads from local disk, so the Jottacloud backend had to do it as
-described above).
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[dq]
-T}@T{
-0x22
-T}@T{
-\[uFF02]
-T}
-T{
-*
-T}@T{
-0x2A
-T}@T{
-\[uFF0A]
-T}
-T{
-:
-T}@T{
-0x3A
-T}@T{
-\[uFF1A]
-T}
-T{
-<
-T}@T{
-0x3C
-T}@T{
-\[uFF1C]
-T}
-T{
->
-T}@T{
-0x3E
-T}@T{
-\[uFF1E]
-T}
-T{
-?
-T}@T{
-0x3F
-T}@T{
-\[uFF1F]
-T}
-T{
-|
-T}@T{
-0x7C
-T}@T{
-\[uFF5C]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in XML strings.
-.SS Deleting files
-.PP
-By default, rclone will send all files to the trash when deleting files.
-They will be permanently deleted automatically after 30 days.
-You may bypass the trash and permanently delete files immediately by
-using the --jottacloud-hard-delete flag, or set the equivalent
-environment variable.
-Emptying the trash is supported by the
-cleanup (https://rclone.org/commands/rclone_cleanup/) command.
-.SS Versions
-.PP
-Jottacloud supports file versioning.
-When rclone uploads a new version of a file it creates a new version of
-it.
-Currently rclone only supports retrieving the current version but older
-versions can be accessed via the Jottacloud Website.
-.PP
-Versioning can be disabled by \f[C]--jottacloud-no-versions\f[R] option.
-This is achieved by deleting the remote file prior to uploading a new
-version.
-If the upload the fails no version of the file will be available in the
-remote.
-.SS Quota information
-.PP
-To view your current quota you can use the
-\f[C]rclone about remote:\f[R] command which will display your usage
-limit (unless it is unlimited) and the current usage.
-.SS Advanced options
-.PP
+so this does not apply. Starting with rclone version 1.52 the same is
+true for encrypted remotes (in older versions the crypt backend would not
+calculate hashes for uploads from local disk, so the Jottacloud
+backend had to do it as described above).
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[dq]         | 0x22  | \[uFF02]          |
+| *         | 0x2A  | \[uFF0A]          |
+| :         | 0x3A  | \[uFF1A]          |
+| <         | 0x3C  | \[uFF1C]          |
+| >         | 0x3E  | \[uFF1E]          |
+| ?         | 0x3F  | \[uFF1F]          |
+| \[rs]|        | 0x7C  | \[uFF5C]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in XML strings.
+
+### Deleting files
+
+By default, rclone will send all files to the trash when deleting files. They will be permanently
+deleted automatically after 30 days. You may bypass the trash and permanently delete files immediately
+by using the [--jottacloud-hard-delete](#jottacloud-hard-delete) flag, or set the equivalent environment variable.
+Emptying the trash is supported by the [cleanup](https://rclone.org/commands/rclone_cleanup/) command.
+
+### Versions
+
+Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it.
+Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.
+
+Versioning can be disabled by \[ga]--jottacloud-no-versions\[ga] option. This is achieved by deleting the remote file prior to uploading
+a new version. If the upload the fails no version of the file will be available in the remote.
+
+### Quota information
+
+To view your current quota you can use the \[ga]rclone about remote:\[ga]
+command which will display your usage limit (unless it is unlimited)
+and the current usage.
+
+
+### Standard options
+
+Here are the Standard options specific to jottacloud (Jottacloud).
+
+#### --jottacloud-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --jottacloud-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_JOTTACLOUD_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
 Here are the Advanced options specific to jottacloud (Jottacloud).
-.SS --jottacloud-md5-memory-limit
-.PP
-Files bigger than this will be cached on disk to calculate the MD5 if
-required.
-.PP
+
+#### --jottacloud-token
+
+OAuth Access Token as a JSON blob.
+
 Properties:
-.IP \[bu] 2
-Config: md5_memory_limit
-.IP \[bu] 2
-Env Var: RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 10Mi
-.SS --jottacloud-trashed-only
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN
+- Type:        string
+- Required:    false
+
+#### --jottacloud-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_JOTTACLOUD_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --jottacloud-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_JOTTACLOUD_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --jottacloud-md5-memory-limit
+
+Files bigger than this will be cached on disk to calculate the MD5 if required.
+
+Properties:
+
+- Config:      md5_memory_limit
+- Env Var:     RCLONE_JOTTACLOUD_MD5_MEMORY_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --jottacloud-trashed-only
+
 Only show files that are in the trash.
-.PP
+
 This will show trashed files in their original directory structure.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: trashed_only
-.IP \[bu] 2
-Env Var: RCLONE_JOTTACLOUD_TRASHED_ONLY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --jottacloud-hard-delete
-.PP
+
+- Config:      trashed_only
+- Env Var:     RCLONE_JOTTACLOUD_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --jottacloud-hard-delete
+
 Delete files permanently rather than putting them into the trash.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: hard_delete
-.IP \[bu] 2
-Env Var: RCLONE_JOTTACLOUD_HARD_DELETE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --jottacloud-upload-resume-limit
-.PP
+
+- Config:      hard_delete
+- Env Var:     RCLONE_JOTTACLOUD_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+#### --jottacloud-upload-resume-limit
+
 Files bigger than this can be resumed if the upload fail\[aq]s.
-.PP
-Properties:
-.IP \[bu] 2
-Config: upload_resume_limit
-.IP \[bu] 2
-Env Var: RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 10Mi
-.SS --jottacloud-no-versions
-.PP
-Avoid server side versioning by deleting files and recreating files
-instead of overwriting them.
-.PP
-Properties:
-.IP \[bu] 2
-Config: no_versions
-.IP \[bu] 2
-Env Var: RCLONE_JOTTACLOUD_NO_VERSIONS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --jottacloud-encoding
-.PP
-The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_JOTTACLOUD_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default:
-Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.PP
-Note that Jottacloud is case insensitive so you can\[aq]t have a file
-called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
-There are quite a few characters that can\[aq]t be in Jottacloud file
-names.
-Rclone will map these names to and from an identical looking unicode
-equivalent.
-For example if a file has a ?
-in it will be mapped to \[uFF1F] instead.
-.PP
+
+- Config:      upload_resume_limit
+- Env Var:     RCLONE_JOTTACLOUD_UPLOAD_RESUME_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --jottacloud-no-versions
+
+Avoid server side versioning by deleting files and recreating files instead of overwriting them.
+
+Properties:
+
+- Config:      no_versions
+- Env Var:     RCLONE_JOTTACLOUD_NO_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --jottacloud-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_JOTTACLOUD_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot
+
+### Metadata
+
+Jottacloud has limited support for metadata, currently an extended set of timestamps.
+
+Here are the possible system metadata items for the jottacloud backend.
+
+| Name | Help | Type | Example | Read Only |
+|------|------|------|---------|-----------|
+| btime | Time of file birth (creation), read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| content-type | MIME type, also known as media type | string | text/plain | **Y** |
+| mtime | Time of last modification, read from rclone metadata | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | N |
+| utime | Time of last upload, when current revision was created, generated by backend | RFC 3339 | 2006-01-02T15:04:05.999999999Z07:00 | **Y** |
+
+See the [metadata](https://rclone.org/docs/#metadata) docs for more info.
+
+
+
+## Limitations
+
+Note that Jottacloud is case insensitive so you can\[aq]t have a file called
+\[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
+
+There are quite a few characters that can\[aq]t be in Jottacloud file names. Rclone will map these names to and from an identical
+looking unicode equivalent. For example if a file has a ? in it will be mapped to \[uFF1F] instead.
+
 Jottacloud only supports filenames up to 255 characters in length.
-.SS Troubleshooting
-.PP
-Jottacloud exhibits some inconsistent behaviours regarding deleted files
-and folders which may cause Copy, Move and DirMove operations to
-previously deleted paths to fail.
-Emptying the trash should help in such cases.
-.SH Koofr
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
-The initial setup for Koofr involves creating an application password
-for rclone.
-You can do that by opening the Koofr web
-application (https://app.koofr.net/app/admin/preferences/password),
-giving the password a nice name like \f[C]rclone\f[R] and clicking on
-generate.
-.PP
-Here is an example of how to make a remote called \f[C]koofr\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+
+## Troubleshooting
+
+Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove
+operations to previously deleted paths to fail. Emptying the trash should help in such cases.
+
+#  Koofr
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
+The initial setup for Koofr involves creating an application password for
+rclone. You can do that by opening the Koofr
+[web application](https://app.koofr.net/app/admin/preferences/password),
+giving the password a nice name like \[ga]rclone\[ga] and clicking on generate.
+
+Here is an example of how to make a remote called \[ga]koofr\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> koofr
-Option Storage.
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> koofr Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \[rs] (koofr)
-[snip]
-Storage> koofr
-Option provider.
+[snip] 22 / Koofr, Digi Storage and other Koofr-compatible storage
+providers \ (koofr) [snip] Storage> koofr Option provider.
 Choose your storage provider.
 Choose a number from below, or type in your own value.
 Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \[rs] (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \[rs] (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \[rs] (other)
-provider> 1    
+1 / Koofr, https://app.koofr.net/ \ (koofr) 2 / Digi Storage,
+https://storage.rcs-rds.ro/ \ (digistorage) 3 / Any other Koofr API
+compatible storage service \ (other) provider> 1
+.PD 0
+.P
+.PD
 Option user.
 Your user name.
 Enter a value.
-user> USERNAME
-Option password.
-Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
+user> USERNAME Option password.
+Your password for rclone (generate one at
+https://app.koofr.net/app/admin/preferences/password).
 Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
-Remote config
---------------------
-[koofr]
-type = koofr
-provider = koofr
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-You can choose to edit advanced config in order to enter your own
-service URL if you use an on-premise or white label Koofr instance, or
-choose an alternative mount instead of your primary storage.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your Koofr
+y) Yes, type in my own password g) Generate random password y/g> y Enter
+the password: password: Confirm the password: password: Edit advanced
+config?
+y) Yes n) No (default) y/n> n Remote config -------------------- [koofr]
+type = koofr provider = koofr user = USERNAME password = *** ENCRYPTED
+*** -------------------- y) Yes this is OK (default) e) Edit this remote
+d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd koofr:
-\f[R]
-.fi
-.PP
+You can choose to edit advanced config in order to enter your own service URL
+if you use an on-premise or white label Koofr instance, or choose an alternative
+mount instead of your primary storage.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your Koofr
+
+    rclone lsd koofr:
+
 List all the files in your Koofr
-.IP
-.nf
-\f[C]
-rclone ls koofr:
-\f[R]
-.fi
-.PP
+
+    rclone ls koofr:
+
 To copy a local directory to an Koofr directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source koofr:backup
-\f[R]
-.fi
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in XML strings.
-.SS Standard options
-.PP
-Here are the Standard options specific to koofr (Koofr, Digi Storage and
-other Koofr-compatible storage providers).
-.SS --koofr-provider
-.PP
+
+    rclone copy /home/source koofr:backup
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[rs]         | 0x5C  | \[uFF3C]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in XML strings.
+
+
+### Standard options
+
+Here are the Standard options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+
+#### --koofr-provider
+
 Choose your storage provider.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: provider
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_PROVIDER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]koofr\[dq]
-.RS 2
-.IP \[bu] 2
-Koofr, https://app.koofr.net/
-.RE
-.IP \[bu] 2
-\[dq]digistorage\[dq]
-.RS 2
-.IP \[bu] 2
-Digi Storage, https://storage.rcs-rds.ro/
-.RE
-.IP \[bu] 2
-\[dq]other\[dq]
-.RS 2
-.IP \[bu] 2
-Any other Koofr API compatible storage service
-.RE
-.RE
-.SS --koofr-endpoint
-.PP
+
+- Config:      provider
+- Env Var:     RCLONE_KOOFR_PROVIDER
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]koofr\[dq]
+        - Koofr, https://app.koofr.net/
+    - \[dq]digistorage\[dq]
+        - Digi Storage, https://storage.rcs-rds.ro/
+    - \[dq]other\[dq]
+        - Any other Koofr API compatible storage service
+
+#### --koofr-endpoint
+
 The Koofr API endpoint to use.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_ENDPOINT
-.IP \[bu] 2
-Provider: other
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --koofr-user
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_KOOFR_ENDPOINT
+- Provider:    other
+- Type:        string
+- Required:    true
+
+#### --koofr-user
+
 Your user name.
-.PP
-Properties:
-.IP \[bu] 2
-Config: user
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_USER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --koofr-password
-.PP
-Your password for rclone (generate one at
-https://app.koofr.net/app/admin/preferences/password).
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
-Properties:
-.IP \[bu] 2
-Config: password
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_PASSWORD
-.IP \[bu] 2
-Provider: koofr
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --koofr-password
-.PP
-Your password for rclone (generate one at
-https://storage.rcs-rds.ro/app/admin/preferences/password).
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: password
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_PASSWORD
-.IP \[bu] 2
-Provider: digistorage
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --koofr-password
-.PP
-Your password for rclone (generate one at your service\[aq]s settings
-page).
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+- Config:      user
+- Env Var:     RCLONE_KOOFR_USER
+- Type:        string
+- Required:    true
+
+#### --koofr-password
+
+Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: password
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_PASSWORD
-.IP \[bu] 2
-Provider: other
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS Advanced options
-.PP
-Here are the Advanced options specific to koofr (Koofr, Digi Storage and
-other Koofr-compatible storage providers).
-.SS --koofr-mountid
-.PP
+
+- Config:      password
+- Env Var:     RCLONE_KOOFR_PASSWORD
+- Provider:    koofr
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to koofr (Koofr, Digi Storage and other Koofr-compatible storage providers).
+
+#### --koofr-mountid
+
 Mount ID of the mount to use.
-.PP
+
 If omitted, the primary mount is used.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: mountid
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_MOUNTID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --koofr-setmtime
-.PP
+
+- Config:      mountid
+- Env Var:     RCLONE_KOOFR_MOUNTID
+- Type:        string
+- Required:    false
+
+#### --koofr-setmtime
+
 Does the backend support setting modification time.
-.PP
-Set this to false if you use a mount ID that points to a Dropbox or
-Amazon Drive backend.
-.PP
+
+Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.
+
 Properties:
-.IP \[bu] 2
-Config: setmtime
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_SETMTIME
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: true
-.SS --koofr-encoding
-.PP
+
+- Config:      setmtime
+- Env Var:     RCLONE_KOOFR_SETMTIME
+- Type:        bool
+- Default:     true
+
+#### --koofr-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_KOOFR_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_KOOFR_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
 Note that Koofr is case insensitive so you can\[aq]t have a file called
 \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.SS Providers
-.SS Koofr
-.PP
-This is the original Koofr (https://koofr.eu) storage provider used as
-main example and described in the configuration section above.
-.SS Digi Storage
-.PP
-Digi Storage (https://www.digi.ro/servicii/online/digi-storage) is a
-cloud storage service run by Digi.ro (https://www.digi.ro/) that
+
+## Providers
+
+### Koofr
+
+This is the original [Koofr](https://koofr.eu) storage provider used as main example and described in the [configuration](#configuration) section above.
+
+### Digi Storage 
+
+[Digi Storage](https://www.digi.ro/servicii/online/digi-storage) is a cloud storage service run by [Digi.ro](https://www.digi.ro/) that
 provides a Koofr API.
-.PP
-Here is an example of how to make a remote called \f[C]ds\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+
+Here is an example of how to make a remote called \[ga]ds\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> ds
-Option Storage.
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> ds Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \[rs] (koofr)
-[snip]
-Storage> koofr
-Option provider.
+[snip] 22 / Koofr, Digi Storage and other Koofr-compatible storage
+providers \ (koofr) [snip] Storage> koofr Option provider.
 Choose your storage provider.
 Choose a number from below, or type in your own value.
 Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \[rs] (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \[rs] (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \[rs] (other)
-provider> 2
-Option user.
+1 / Koofr, https://app.koofr.net/ \ (koofr) 2 / Digi Storage,
+https://storage.rcs-rds.ro/ \ (digistorage) 3 / Any other Koofr API
+compatible storage service \ (other) provider> 2 Option user.
 Your user name.
 Enter a value.
-user> USERNAME
-Option password.
-Your password for rclone (generate one at https://storage.rcs-rds.ro/app/admin/preferences/password).
+user> USERNAME Option password.
+Your password for rclone (generate one at
+https://storage.rcs-rds.ro/app/admin/preferences/password).
 Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-[ds]
-type = koofr
-provider = digistorage
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.SS Other
-.PP
-You may also want to use another, public or private storage provider
-that runs a Koofr API compatible service, by simply providing the base
-URL to connect to.
-.PP
-Here is an example of how to make a remote called \f[C]other\f[R].
-First run:
+y) Yes, type in my own password g) Generate random password y/g> y Enter
+the password: password: Confirm the password: password: Edit advanced
+config?
+y) Yes n) No (default) y/n> n -------------------- [ds] type = koofr
+provider = digistorage user = USERNAME password = *** ENCRYPTED ***
+-------------------- y) Yes this is OK (default) e) Edit this remote d)
+Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
- rclone config
+### Other
+
+You may also want to use another, public or private storage provider that runs a Koofr API compatible service, by simply providing the base URL to connect to.
+
+Here is an example of how to make a remote called \[ga]other\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> other
-Option Storage.
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> other Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
-[snip]
-22 / Koofr, Digi Storage and other Koofr-compatible storage providers
-   \[rs] (koofr)
-[snip]
-Storage> koofr
-Option provider.
+[snip] 22 / Koofr, Digi Storage and other Koofr-compatible storage
+providers \ (koofr) [snip] Storage> koofr Option provider.
 Choose your storage provider.
 Choose a number from below, or type in your own value.
 Press Enter to leave empty.
- 1 / Koofr, https://app.koofr.net/
-   \[rs] (koofr)
- 2 / Digi Storage, https://storage.rcs-rds.ro/
-   \[rs] (digistorage)
- 3 / Any other Koofr API compatible storage service
-   \[rs] (other)
-provider> 3
-Option endpoint.
+1 / Koofr, https://app.koofr.net/ \ (koofr) 2 / Digi Storage,
+https://storage.rcs-rds.ro/ \ (digistorage) 3 / Any other Koofr API
+compatible storage service \ (other) provider> 3 Option endpoint.
 The Koofr API endpoint to use.
 Enter a value.
-endpoint> https://koofr.other.org
-Option user.
+endpoint> https://koofr.other.org Option user.
 Your user name.
 Enter a value.
-user> USERNAME
-Option password.
-Your password for rclone (generate one at your service\[aq]s settings page).
+user> USERNAME Option password.
+Your password for rclone (generate one at your service\[aq]s settings
+page).
 Choose an alternative below.
-y) Yes, type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-[other]
-type = koofr
-provider = other
-endpoint = https://koofr.other.org
-user = USERNAME
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.SH Mail.ru Cloud
-.PP
-Mail.ru Cloud (https://cloud.mail.ru/) is a cloud storage provided by a
-Russian internet company Mail.Ru Group (https://mail.ru).
-The official desktop client is Disk-O: (https://disk-o.cloud/en),
-available on Windows and Mac OS.
-.PP
-Currently it is recommended to disable 2FA on Mail.ru accounts intended
-for rclone until it gets eventually implemented.
-.SS Features highlights
-.IP \[bu] 2
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R]
-.IP \[bu] 2
-Files have a \f[C]last modified time\f[R] property, directories
-don\[aq]t
-.IP \[bu] 2
-Deleted files are by default moved to the trash
-.IP \[bu] 2
-Files and directories can be shared via public links
-.IP \[bu] 2
-Partial uploads or streaming are not supported, file size must be known
-before upload
-.IP \[bu] 2
-Maximum file size is limited to 2G for a free account, unlimited for
-paid accounts
-.IP \[bu] 2
-Storage keeps hash for all files and performs transparent deduplication,
-the hash algorithm is a modified SHA1
-.IP \[bu] 2
-If a particular file is already present in storage, one can quickly
-submit file hash instead of long file upload (this optimization is
-supported by rclone)
-.SS Configuration
-.PP
-Here is an example of making a mailru configuration.
-.PP
-First create a Mail.ru Cloud account and choose a tariff.
-.PP
-You will need to log in and create an app password for rclone.
-Rclone \f[B]will not work\f[R] with your normal username and password -
-it will give an error like
-\f[C]oauth2: server response missing access_token\f[R].
-.IP \[bu] 2
-Click on your user icon in the top right
-.IP \[bu] 2
-Go to Security / \[dq]\[u041F]\[u0430]\[u0440]\[u043E]\[u043B]\[u044C]
-\[u0438]
-\[u0431]\[u0435]\[u0437]\[u043E]\[u043F]\[u0430]\[u0441]\[u043D]\[u043E]\[u0441]\[u0442]\[u044C]\[dq]
-.IP \[bu] 2
-Click password for apps /
-\[dq]\[u041F]\[u0430]\[u0440]\[u043E]\[u043B]\[u0438]
-\[u0434]\[u043B]\[u044F]
-\[u0432]\[u043D]\[u0435]\[u0448]\[u043D]\[u0438]\[u0445]
-\[u043F]\[u0440]\[u0438]\[u043B]\[u043E]\[u0436]\[u0435]\[u043D]\[u0438]\[u0439]\[dq]
-.IP \[bu] 2
-Add the password - give it a name - eg \[dq]rclone\[dq]
-.IP \[bu] 2
-Copy the password and use this password below - your normal login
-password won\[aq]t work.
-.PP
-Now run
-.IP
-.nf
-\f[C]
-rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
+y) Yes, type in my own password g) Generate random password y/g> y Enter
+the password: password: Confirm the password: password: Edit advanced
+config?
+y) Yes n) No (default) y/n> n -------------------- [other] type = koofr
+provider = other endpoint = https://koofr.other.org user = USERNAME
+password = *** ENCRYPTED *** -------------------- y) Yes this is OK
+(default) e) Edit this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Mail.ru Cloud
-   \[rs] \[dq]mailru\[dq]
-[snip]
-Storage> mailru
-User name (usually email)
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-user> username\[at]mail.ru
-Password
+#  Linkbox
 
-This must be an app password - rclone will not work with your normal
-password. See the Configuration section in the docs for how to make an
-app password.
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Skip full upload if there is another file with same data hash.
-This feature is called \[dq]speedup\[dq] or \[dq]put by hash\[dq]. It is especially efficient
-in case of generally available files like popular books, video or audio clips
-[snip]
-Enter a boolean value (true or false). Press Enter for the default (\[dq]true\[dq]).
-Choose a number from below, or type in your own value
- 1 / Enable
-   \[rs] \[dq]true\[dq]
- 2 / Disable
-   \[rs] \[dq]false\[dq]
-speedup_enable> 1
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
---------------------
-[remote]
-type = mailru
-user = username\[at]mail.ru
-pass = *** ENCRYPTED ***
-speedup_enable = true
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+Linkbox is [a private cloud drive](https://linkbox.to/).
+
+## Configuration
+
+Here is an example of making a remote for Linkbox.
+
+First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-Configuration of this backend does not require a local web browser.
-You can use the configured backend as shown below:
-.PP
-See top level directories
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
 .PP
-Make a new directory
-.IP
-.nf
-\f[C]
-rclone mkdir remote:directory
-\f[R]
-.fi
+Enter name for new remote.
+name> remote
 .PP
-List the contents of a directory
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+XX / Linkbox \ (linkbox) Storage> XX
+.PP
+Option token.
+Token from https://www.linkbox.to/admin/account Enter a value.
+token> testFromCLToken
+.PP
+Configuration complete.
+Options: - type: linkbox - token: XXXXXXXXXXX Keep this
+\[dq]linkbox\[dq] remote?
+y) Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d> y
 .IP
 .nf
 \f[C]
-rclone ls remote:directory
+
+### Standard options
+
+Here are the Standard options specific to linkbox (Linkbox).
+
+#### --linkbox-token
+
+Token from https://www.linkbox.to/admin/account
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_LINKBOX_TOKEN
+- Type:        string
+- Required:    true
+
+
+
+## Limitations
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+#  Mail.ru Cloud
+
+[Mail.ru Cloud](https://cloud.mail.ru/) is a cloud storage provided by a Russian internet company [Mail.Ru Group](https://mail.ru). The official desktop client is [Disk-O:](https://disk-o.cloud/en), available on Windows and Mac OS.
+
+## Features highlights
+
+- Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga]
+- Files have a \[ga]last modified time\[ga] property, directories don\[aq]t
+- Deleted files are by default moved to the trash
+- Files and directories can be shared via public links
+- Partial uploads or streaming are not supported, file size must be known before upload
+- Maximum file size is limited to 2G for a free account, unlimited for paid accounts
+- Storage keeps hash for all files and performs transparent deduplication,
+  the hash algorithm is a modified SHA1
+- If a particular file is already present in storage, one can quickly submit file hash
+  instead of long file upload (this optimization is supported by rclone)
+
+## Configuration
+
+Here is an example of making a mailru configuration.
+
+First create a Mail.ru Cloud account and choose a tariff.
+
+You will need to log in and create an app password for rclone. Rclone
+**will not work** with your normal username and password - it will
+give an error like \[ga]oauth2: server response missing access_token\[ga].
+
+- Click on your user icon in the top right
+- Go to Security / \[dq]\[u041F]\[u0430]\[u0440]\[u043E]\[u043B]\[u044C] \[u0438] \[u0431]\[u0435]\[u0437]\[u043E]\[u043F]\[u0430]\[u0441]\[u043D]\[u043E]\[u0441]\[u0442]\[u044C]\[dq]
+- Click password for apps / \[dq]\[u041F]\[u0430]\[u0440]\[u043E]\[u043B]\[u0438] \[u0434]\[u043B]\[u044F] \[u0432]\[u043D]\[u0435]\[u0448]\[u043D]\[u0438]\[u0445] \[u043F]\[u0440]\[u0438]\[u043B]\[u043E]\[u0436]\[u0435]\[u043D]\[u0438]\[u0439]\[dq]
+- Add the password - give it a name - eg \[dq]rclone\[dq]
+- Copy the password and use this password below - your normal login password won\[aq]t work.
+
+Now run
+
+    rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-Sync \f[C]/home/local/directory\f[R] to the remote path, deleting any
-excess files in the path.
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX /
+Mail.ru Cloud \ \[dq]mailru\[dq] [snip] Storage> mailru User name
+(usually email) Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+user> username\[at]mail.ru Password
+.PP
+This must be an app password - rclone will not work with your normal
+password.
+See the Configuration section in the docs for how to make an app
+password.
+y) Yes type in my own password g) Generate random password y/g> y Enter
+the password: password: Confirm the password: password: Skip full upload
+if there is another file with same data hash.
+This feature is called \[dq]speedup\[dq] or \[dq]put by hash\[dq].
+It is especially efficient in case of generally available files like
+popular books, video or audio clips [snip] Enter a boolean value (true
+or false).
+Press Enter for the default (\[dq]true\[dq]).
+Choose a number from below, or type in your own value 1 / Enable
+\ \[dq]true\[dq] 2 / Disable \ \[dq]false\[dq] speedup_enable> 1 Edit
+advanced config?
+(y/n) y) Yes n) No y/n> n Remote config -------------------- [remote]
+type = mailru user = username\[at]mail.ru pass = *** ENCRYPTED ***
+speedup_enable = true -------------------- y) Yes this is OK e) Edit
+this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone sync --interactive /home/local/directory remote:directory
-\f[R]
-.fi
-.SS Modified time
-.PP
-Files support a modification time attribute with up to 1 second
-precision.
-Directories do not have a modification time, which is shown as \[dq]Jan
-1 1970\[dq].
-.SS Hash checksums
-.PP
-Hash sums use a custom Mail.ru algorithm based on SHA1.
+Configuration of this backend does not require a local web browser.
+You can use the configured backend as shown below:
+
+See top level directories
+
+    rclone lsd remote:
+
+Make a new directory
+
+    rclone mkdir remote:directory
+
+List the contents of a directory
+
+    rclone ls remote:directory
+
+Sync \[ga]/home/local/directory\[ga] to the remote path, deleting any
+excess files in the path.
+
+    rclone sync --interactive /home/local/directory remote:directory
+
+### Modification times and hashes
+
+Files support a modification time attribute with up to 1 second precision.
+Directories do not have a modification time, which is shown as \[dq]Jan 1 1970\[dq].
+
+File hashes are supported, with a custom Mail.ru algorithm based on SHA1.
 If file size is less than or equal to the SHA1 block size (20 bytes),
 its hash is simply its data right-padded with zero bytes.
-Hash sum of a larger file is computed as a SHA1 sum of the file data
+Hashes of a larger file is computed as a SHA1 of the file data
 bytes concatenated with a decimal representation of the data length.
-.SS Emptying Trash
-.PP
-Removing a file or directory actually moves it to the trash, which is
-not visible to rclone but can be seen in a web browser.
-The trashed file still occupies part of total quota.
-If you wish to empty your trash and free some quota, you can use the
-\f[C]rclone cleanup remote:\f[R] command, which will permanently delete
-all your trashed files.
+
+### Emptying Trash
+
+Removing a file or directory actually moves it to the trash, which is not
+visible to rclone but can be seen in a web browser. The trashed file
+still occupies part of total quota. If you wish to empty your trash
+and free some quota, you can use the \[ga]rclone cleanup remote:\[ga] command,
+which will permanently delete all your trashed files.
 This command does not take any path arguments.
-.SS Quota information
-.PP
-To view your current quota you can use the
-\f[C]rclone about remote:\f[R] command which will display your usage
-limit (quota) and the current usage.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[dq]
-T}@T{
-0x22
-T}@T{
-\[uFF02]
-T}
-T{
-*
-T}@T{
-0x2A
-T}@T{
-\[uFF0A]
-T}
-T{
-:
-T}@T{
-0x3A
-T}@T{
-\[uFF1A]
-T}
-T{
-<
-T}@T{
-0x3C
-T}@T{
-\[uFF1C]
-T}
-T{
->
-T}@T{
-0x3E
-T}@T{
-\[uFF1E]
-T}
-T{
-?
-T}@T{
-0x3F
-T}@T{
-\[uFF1F]
-T}
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-T{
-|
-T}@T{
-0x7C
-T}@T{
-\[uFF5C]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
+
+### Quota information
+
+To view your current quota you can use the \[ga]rclone about remote:\[ga]
+command which will display your usage limit (quota) and the current usage.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[dq]         | 0x22  | \[uFF02]          |
+| *         | 0x2A  | \[uFF0A]          |
+| :         | 0x3A  | \[uFF1A]          |
+| <         | 0x3C  | \[uFF1C]          |
+| >         | 0x3E  | \[uFF1E]          |
+| ?         | 0x3F  | \[uFF1F]          |
+| \[rs]         | 0x5C  | \[uFF3C]          |
+| \[rs]|        | 0x7C  | \[uFF5C]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
 Here are the Standard options specific to mailru (Mail.ru Cloud).
-.SS --mailru-user
-.PP
+
+#### --mailru-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_MAILRU_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --mailru-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_MAILRU_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --mailru-user
+
 User name (usually email).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: user
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_USER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --mailru-pass
-.PP
+
+- Config:      user
+- Env Var:     RCLONE_MAILRU_USER
+- Type:        string
+- Required:    true
+
+#### --mailru-pass
+
 Password.
-.PP
+
 This must be an app password - rclone will not work with your normal
-password.
-See the Configuration section in the docs for how to make an app
-password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+password. See the Configuration section in the docs for how to make an
+app password.
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: pass
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_PASS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --mailru-speedup-enable
-.PP
+
+- Config:      pass
+- Env Var:     RCLONE_MAILRU_PASS
+- Type:        string
+- Required:    true
+
+#### --mailru-speedup-enable
+
 Skip full upload if there is another file with same data hash.
-.PP
-This feature is called \[dq]speedup\[dq] or \[dq]put by hash\[dq].
-It is especially efficient in case of generally available files like
-popular books, video or audio clips, because files are searched by hash
-in all accounts of all mailru users.
+
+This feature is called \[dq]speedup\[dq] or \[dq]put by hash\[dq]. It is especially efficient
+in case of generally available files like popular books, video or audio clips,
+because files are searched by hash in all accounts of all mailru users.
 It is meaningless and ineffective if source file is unique or encrypted.
-Please note that rclone may need local memory and disk space to
-calculate content hash in advance and decide whether full upload is
-required.
-Also, if rclone does not know file size in advance (e.g.
-in case of streaming or partial uploads), it will not even try this
-optimization.
-.PP
+Please note that rclone may need local memory and disk space to calculate
+content hash in advance and decide whether full upload is required.
+Also, if rclone does not know file size in advance (e.g. in case of
+streaming or partial uploads), it will not even try this optimization.
+
 Properties:
-.IP \[bu] 2
-Config: speedup_enable
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_SPEEDUP_ENABLE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: true
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Enable
-.RE
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Disable
-.RE
-.RE
-.SS Advanced options
-.PP
+
+- Config:      speedup_enable
+- Env Var:     RCLONE_MAILRU_SPEEDUP_ENABLE
+- Type:        bool
+- Default:     true
+- Examples:
+    - \[dq]true\[dq]
+        - Enable
+    - \[dq]false\[dq]
+        - Disable
+
+### Advanced options
+
 Here are the Advanced options specific to mailru (Mail.ru Cloud).
-.SS --mailru-speedup-file-patterns
-.PP
-Comma separated list of file name patterns eligible for speedup (put by
-hash).
-.PP
-Patterns are case insensitive and can contain \[aq]*\[aq] or \[aq]?\[aq]
-meta characters.
-.PP
+
+#### --mailru-token
+
+OAuth Access Token as a JSON blob.
+
 Properties:
-.IP \[bu] 2
-Config: speedup_file_patterns
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default:
-\[dq]\f[I].mkv,\f[R].avi,\f[I].mp4,\f[R].mp3,\f[I].zip,\f[R].gz,\f[I].rar,\f[R].pdf\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Empty list completely disables speedup (put by hash).
-.RE
-.IP \[bu] 2
-\[dq]*\[dq]
-.RS 2
-.IP \[bu] 2
-All files will be attempted for speedup.
-.RE
-.IP \[bu] 2
-\[dq]\f[I].mkv,\f[R].avi,\f[I].mp4,\f[R].mp3\[dq]
-.RS 2
-.IP \[bu] 2
-Only common audio/video files will be tried for put by hash.
-.RE
-.IP \[bu] 2
-\[dq]\f[I].zip,\f[R].gz,\f[I].rar,\f[R].pdf\[dq]
-.RS 2
-.IP \[bu] 2
-Only common archives or PDF books will be tried for speedup.
-.RE
-.RE
-.SS --mailru-speedup-max-disk
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_MAILRU_TOKEN
+- Type:        string
+- Required:    false
+
+#### --mailru-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_MAILRU_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --mailru-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_MAILRU_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --mailru-speedup-file-patterns
+
+Comma separated list of file name patterns eligible for speedup (put by hash).
+
+Patterns are case insensitive and can contain \[aq]*\[aq] or \[aq]?\[aq] meta characters.
+
+Properties:
+
+- Config:      speedup_file_patterns
+- Env Var:     RCLONE_MAILRU_SPEEDUP_FILE_PATTERNS
+- Type:        string
+- Default:     \[dq]*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf\[dq]
+- Examples:
+    - \[dq]\[dq]
+        - Empty list completely disables speedup (put by hash).
+    - \[dq]*\[dq]
+        - All files will be attempted for speedup.
+    - \[dq]*.mkv,*.avi,*.mp4,*.mp3\[dq]
+        - Only common audio/video files will be tried for put by hash.
+    - \[dq]*.zip,*.gz,*.rar,*.pdf\[dq]
+        - Only common archives or PDF books will be tried for speedup.
+
+#### --mailru-speedup-max-disk
+
 This option allows you to disable speedup (put by hash) for large files.
-.PP
+
 Reason is that preliminary hashing can exhaust your RAM or disk space.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: speedup_max_disk
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_SPEEDUP_MAX_DISK
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 3Gi
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]0\[dq]
-.RS 2
-.IP \[bu] 2
-Completely disable speedup (put by hash).
-.RE
-.IP \[bu] 2
-\[dq]1G\[dq]
-.RS 2
-.IP \[bu] 2
-Files larger than 1Gb will be uploaded directly.
-.RE
-.IP \[bu] 2
-\[dq]3G\[dq]
-.RS 2
-.IP \[bu] 2
-Choose this option if you have less than 3Gb free on local disk.
-.RE
-.RE
-.SS --mailru-speedup-max-memory
-.PP
+
+- Config:      speedup_max_disk
+- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_DISK
+- Type:        SizeSuffix
+- Default:     3Gi
+- Examples:
+    - \[dq]0\[dq]
+        - Completely disable speedup (put by hash).
+    - \[dq]1G\[dq]
+        - Files larger than 1Gb will be uploaded directly.
+    - \[dq]3G\[dq]
+        - Choose this option if you have less than 3Gb free on local disk.
+
+#### --mailru-speedup-max-memory
+
 Files larger than the size given below will always be hashed on disk.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: speedup_max_memory
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_SPEEDUP_MAX_MEMORY
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 32Mi
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]0\[dq]
-.RS 2
-.IP \[bu] 2
-Preliminary hashing will always be done in a temporary disk location.
-.RE
-.IP \[bu] 2
-\[dq]32M\[dq]
-.RS 2
-.IP \[bu] 2
-Do not dedicate more than 32Mb RAM for preliminary hashing.
-.RE
-.IP \[bu] 2
-\[dq]256M\[dq]
-.RS 2
-.IP \[bu] 2
-You have at most 256Mb RAM free for hash calculations.
-.RE
-.RE
-.SS --mailru-check-hash
-.PP
+
+- Config:      speedup_max_memory
+- Env Var:     RCLONE_MAILRU_SPEEDUP_MAX_MEMORY
+- Type:        SizeSuffix
+- Default:     32Mi
+- Examples:
+    - \[dq]0\[dq]
+        - Preliminary hashing will always be done in a temporary disk location.
+    - \[dq]32M\[dq]
+        - Do not dedicate more than 32Mb RAM for preliminary hashing.
+    - \[dq]256M\[dq]
+        - You have at most 256Mb RAM free for hash calculations.
+
+#### --mailru-check-hash
+
 What should copy do if file checksum is mismatched or invalid.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: check_hash
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_CHECK_HASH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: true
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Fail with error.
-.RE
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Ignore and continue.
-.RE
-.RE
-.SS --mailru-user-agent
-.PP
+
+- Config:      check_hash
+- Env Var:     RCLONE_MAILRU_CHECK_HASH
+- Type:        bool
+- Default:     true
+- Examples:
+    - \[dq]true\[dq]
+        - Fail with error.
+    - \[dq]false\[dq]
+        - Ignore and continue.
+
+#### --mailru-user-agent
+
 HTTP user agent used internally by client.
-.PP
-Defaults to \[dq]rclone/VERSION\[dq] or \[dq]--user-agent\[dq] provided
-on command line.
-.PP
+
+Defaults to \[dq]rclone/VERSION\[dq] or \[dq]--user-agent\[dq] provided on command line.
+
 Properties:
-.IP \[bu] 2
-Config: user_agent
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_USER_AGENT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --mailru-quirks
-.PP
+
+- Config:      user_agent
+- Env Var:     RCLONE_MAILRU_USER_AGENT
+- Type:        string
+- Required:    false
+
+#### --mailru-quirks
+
 Comma separated list of internal maintenance flags.
-.PP
-This option must not be used by an ordinary user.
-It is intended only to facilitate remote troubleshooting of backend
-issues.
-Strict meaning of flags is not documented and not guaranteed to persist
-between releases.
+
+This option must not be used by an ordinary user. It is intended only to
+facilitate remote troubleshooting of backend issues. Strict meaning of
+flags is not documented and not guaranteed to persist between releases.
 Quirks will be removed when the backend grows stable.
 Supported quirks: atomicmkdir binlist unknowndirs
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: quirks
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_QUIRKS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --mailru-encoding
-.PP
+
+- Config:      quirks
+- Env Var:     RCLONE_MAILRU_QUIRKS
+- Type:        string
+- Required:    false
+
+#### --mailru-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_MAILRU_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default:
-Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.PP
-File size limits depend on your account.
-A single file size is limited by 2G for a free account and unlimited for
-paid tariffs.
-Please refer to the Mail.ru site for the total uploaded size limits.
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_MAILRU_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+File size limits depend on your account. A single file size is limited by 2G
+for a free account and unlimited for paid tariffs. Please refer to the Mail.ru
+site for the total uploaded size limits.
+
 Note that Mailru is case insensitive so you can\[aq]t have a file called
 \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.SH Mega
-.PP
-Mega (https://mega.nz/) is a cloud storage and file hosting service
+
+#  Mega
+
+[Mega](https://mega.nz/) is a cloud storage and file hosting service
 known for its security feature where all files are encrypted locally
-before they are uploaded.
-This prevents anyone (including employees of Mega) from accessing the
-files without knowledge of the key used for encryption.
-.PP
+before they are uploaded. This prevents anyone (including employees of
+Mega) from accessing the files without knowledge of the key used for
+encryption.
+
 This is an rclone backend for Mega which supports the file transfer
 features of Mega using the same client side encryption.
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
 This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Mega
-   \[rs] \[dq]mega\[dq]
-[snip]
-Storage> mega
-User name
-user> you\[at]example.com
-Password.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Remote config
---------------------
-[remote]
-type = mega
-user = you\[at]example.com
-pass = *** ENCRYPTED ***
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
 \f[R]
 .fi
 .PP
-\f[B]NOTE:\f[R] The encryption keys need to have been already generated
-after a regular login via the browser, otherwise attempting to use the
-credentials in \f[C]rclone\f[R] will fail.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / Mega
+\ \[dq]mega\[dq] [snip] Storage> mega User name user>
+you\[at]example.com Password.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank y/g/n> y Enter the password: password:
+Confirm the password: password: Remote config --------------------
+[remote] type = mega user = you\[at]example.com pass = *** ENCRYPTED ***
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
+.IP
+.nf
+\f[C]
+**NOTE:** The encryption keys need to have been already generated after a regular login
+via the browser, otherwise attempting to use the credentials in \[ga]rclone\[ga] will fail.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
 List directories in top level of your Mega
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 List all the files in your Mega
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to an Mega directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Modified time and hashes
-.PP
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
 Mega does not support modification times or hashes yet.
-.SS Restricted filename characters
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-NUL
-T}@T{
-0x00
-T}@T{
-\[u2400]
-T}
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Duplicated files
-.PP
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | \[u2400]           |
+| /         | 0x2F  | \[uFF0F]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Duplicated files
+
 Mega can have two files with exactly the same name and path (unlike a
 normal file system).
-.PP
+
 Duplicated files cause problems with the syncing and you will see
 messages in the log about duplicates.
+
+Use \[ga]rclone dedupe\[ga] to fix duplicated files.
+
+### Failure to log-in
+
+#### Object not found
+
+If you are connecting to your Mega remote for the first time, 
+to test access and synchronization, you may receive an error such as 
+\f[R]
+.fi
 .PP
-Use \f[C]rclone dedupe\f[R] to fix duplicated files.
-.SS Failure to log-in
-.SS Object not found
-.PP
-If you are connecting to your Mega remote for the first time, to test
-access and synchronization, you may receive an error such as
+Failed to create file system for \[dq]my-mega-remote:\[dq]: couldn\[aq]t
+login: Object (typically, node or user) not found
 .IP
 .nf
 \f[C]
-Failed to create file system for \[dq]my-mega-remote:\[dq]: 
-couldn\[aq]t login: Object (typically, node or user) not found
+The diagnostic steps often recommended in the [rclone forum](https://forum.rclone.org/search?q=mega)
+start with the **MEGAcmd** utility. Note that this refers to 
+the official C++ command from https://github.com/meganz/MEGAcmd 
+and not the go language built command from t3rm1n4l/megacmd 
+that is no longer maintained. 
+
+Follow the instructions for installing MEGAcmd and try accessing 
+your remote as they recommend. You can establish whether or not 
+you can log in using MEGAcmd, and obtain diagnostic information 
+to help you, and search or work with others in the forum. 
 \f[R]
 .fi
 .PP
-The diagnostic steps often recommended in the rclone
-forum (https://forum.rclone.org/search?q=mega) start with the
-\f[B]MEGAcmd\f[R] utility.
-Note that this refers to the official C++ command from
-https://github.com/meganz/MEGAcmd and not the go language built command
-from t3rm1n4l/megacmd that is no longer maintained.
-.PP
-Follow the instructions for installing MEGAcmd and try accessing your
-remote as they recommend.
-You can establish whether or not you can log in using MEGAcmd, and
-obtain diagnostic information to help you, and search or work with
-others in the forum.
+MEGA CMD> login me\[at]example.com Password: Fetching nodes ...
+Loading transfers from local cache Login complete as me\[at]example.com
+me\[at]example.com:/$
 .IP
 .nf
 \f[C]
-MEGA CMD> login me\[at]example.com
-Password:
-Fetching nodes ...
-Loading transfers from local cache
-Login complete as me\[at]example.com
-me\[at]example.com:/$ 
-\f[R]
-.fi
-.PP
-Note that some have found issues with passwords containing special
-characters.
-If you can not log on with rclone, but MEGAcmd logs on just fine, then
-consider changing your password temporarily to pure alphanumeric
-characters, in case that helps.
-.SS Repeated commands blocks access
-.PP
-Mega remotes seem to get blocked (reject logins) under \[dq]heavy
-use\[dq].
+Note that some have found issues with passwords containing special 
+characters. If you can not log on with rclone, but MEGAcmd logs on 
+just fine, then consider changing your password temporarily to 
+pure alphanumeric characters, in case that helps.
+
+
+#### Repeated commands blocks access
+
+Mega remotes seem to get blocked (reject logins) under \[dq]heavy use\[dq].
 We haven\[aq]t worked out the exact blocking rules but it seems to be
 related to fast paced, successive rclone commands.
-.PP
-For example, executing this command 90 times in a row
-\f[C]rclone link remote:file\f[R] will cause the remote to become
-\[dq]blocked\[dq].
-This is not an abnormal situation, for example if you wish to get the
-public links of a directory with hundred of files...
-After more or less a week, the remote will remote accept rclone logins
-normally again.
-.PP
-You can mitigate this issue by mounting the remote it with
-\f[C]rclone mount\f[R].
-This will log-in when mounting and a log-out when unmounting only.
-You can also run \f[C]rclone rcd\f[R] and then use \f[C]rclone rc\f[R]
-to run the commands over the API to avoid logging in each time.
-.PP
+
+For example, executing this command 90 times in a row \[ga]rclone link
+remote:file\[ga] will cause the remote to become \[dq]blocked\[dq]. This is not an
+abnormal situation, for example if you wish to get the public links of
+a directory with hundred of files...  After more or less a week, the
+remote will remote accept rclone logins normally again.
+
+You can mitigate this issue by mounting the remote it with \[ga]rclone
+mount\[ga]. This will log-in when mounting and a log-out when unmounting
+only. You can also run \[ga]rclone rcd\[ga] and then use \[ga]rclone rc\[ga] to run
+the commands over the API to avoid logging in each time.
+
 Rclone does not currently close mega sessions (you can see them in the
 web interface), however closing the sessions does not solve the issue.
-.PP
+
 If you space rclone commands by 3 seconds it will avoid blocking the
-remote.
-We haven\[aq]t identified the exact blocking rules, so perhaps one could
-execute the command 80 times without waiting and avoid blocking by
-waiting 3 seconds, then continuing...
-.PP
-Note that this has been observed by trial and error and might not be set
-in stone.
-.PP
+remote. We haven\[aq]t identified the exact blocking rules, so perhaps one
+could execute the command 80 times without waiting and avoid blocking
+by waiting 3 seconds, then continuing...
+
+Note that this has been observed by trial and error and might not be
+set in stone.
+
 Other tools seem not to produce this blocking effect, as they use a
 different working approach (state-based, using sessionIDs instead of
 log-in) which isn\[aq]t compatible with the current stateless rclone
 approach.
-.PP
-Note that once blocked, the use of other tools (such as megacmd) is not
-a sure workaround: following megacmd login times have been observed in
-succession for blocked remote: 7 minutes, 20 min, 30min, 30 min, 30min.
-Web access looks unaffected though.
-.PP
+
+Note that once blocked, the use of other tools (such as megacmd) is
+not a sure workaround: following megacmd login times have been
+observed in succession for blocked remote: 7 minutes, 20 min, 30min, 30
+min, 30min. Web access looks unaffected though.
+
 Investigation is continuing in relation to workarounds based on
 timeouts, pacers, retrials and tpslimits - if you discover something
 relevant, please post on the forum.
-.PP
+
 So, if rclone was working nicely and suddenly you are unable to log-in
-and you are sure the user and the password are correct, likely you have
-got the remote blocked for a while.
-.SS Standard options
-.PP
+and you are sure the user and the password are correct, likely you
+have got the remote blocked for a while.
+
+
+### Standard options
+
 Here are the Standard options specific to mega (Mega).
-.SS --mega-user
-.PP
+
+#### --mega-user
+
 User name.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: user
-.IP \[bu] 2
-Env Var: RCLONE_MEGA_USER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --mega-pass
-.PP
+
+- Config:      user
+- Env Var:     RCLONE_MEGA_USER
+- Type:        string
+- Required:    true
+
+#### --mega-pass
+
 Password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: pass
-.IP \[bu] 2
-Env Var: RCLONE_MEGA_PASS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS Advanced options
-.PP
+
+- Config:      pass
+- Env Var:     RCLONE_MEGA_PASS
+- Type:        string
+- Required:    true
+
+### Advanced options
+
 Here are the Advanced options specific to mega (Mega).
-.SS --mega-debug
-.PP
+
+#### --mega-debug
+
 Output more debug from Mega.
-.PP
+
 If this flag is set (along with -vv) it will print further debugging
 information from the mega backend.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: debug
-.IP \[bu] 2
-Env Var: RCLONE_MEGA_DEBUG
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --mega-hard-delete
-.PP
+
+- Config:      debug
+- Env Var:     RCLONE_MEGA_DEBUG
+- Type:        bool
+- Default:     false
+
+#### --mega-hard-delete
+
 Delete files permanently rather than putting them into the trash.
-.PP
+
 Normally the mega backend will put all deletions into the trash rather
-than permanently deleting them.
-If you specify this then rclone will permanently delete objects instead.
-.PP
+than permanently deleting them.  If you specify this then rclone will
+permanently delete objects instead.
+
 Properties:
-.IP \[bu] 2
-Config: hard_delete
-.IP \[bu] 2
-Env Var: RCLONE_MEGA_HARD_DELETE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --mega-use-https
-.PP
+
+- Config:      hard_delete
+- Env Var:     RCLONE_MEGA_HARD_DELETE
+- Type:        bool
+- Default:     false
+
+#### --mega-use-https
+
 Use HTTPS for transfers.
-.PP
+
 MEGA uses plain text HTTP connections by default.
-Some ISPs throttle HTTP connections, this causes transfers to become
-very slow.
+Some ISPs throttle HTTP connections, this causes transfers to become very slow.
 Enabling this will force MEGA to use HTTPS for all transfers.
-HTTPS is normally not necesary since all data is already encrypted
-anyway.
+HTTPS is normally not necessary since all data is already encrypted anyway.
 Enabling it will increase CPU usage and add network overhead.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: use_https
-.IP \[bu] 2
-Env Var: RCLONE_MEGA_USE_HTTPS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --mega-encoding
-.PP
+
+- Config:      use_https
+- Env Var:     RCLONE_MEGA_USE_HTTPS
+- Type:        bool
+- Default:     false
+
+#### --mega-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_MEGA_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,InvalidUtf8,Dot
-.SS Limitations
-.PP
-This backend uses the go-mega go
-library (https://github.com/t3rm1n4l/go-mega) which is an opensource go
-library implementing the Mega API.
-There doesn\[aq]t appear to be any documentation for the mega protocol
-beyond the mega C++ SDK (https://github.com/meganz/sdk) source code so
-there are likely quite a few errors still remaining in this library.
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_MEGA_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8,Dot
+
+
+
+### Process \[ga]killed\[ga]
+
+On accounts with large files or something else, memory usage can significantly increase when executing list/sync instructions. When running on cloud providers (like AWS with EC2), check if the instance type has sufficient memory/CPU to execute the commands. Use the resource monitoring tools to inspect after sending the commands. Look [at this issue](https://forum.rclone.org/t/rclone-with-mega-appears-to-work-only-in-some-accounts/40233/4).
+
+## Limitations
+
+This backend uses the [go-mega go library](https://github.com/t3rm1n4l/go-mega) which is an opensource
+go library implementing the Mega API. There doesn\[aq]t appear to be any
+documentation for the mega protocol beyond the [mega C++ SDK](https://github.com/meganz/sdk) source code
+so there are likely quite a few errors still remaining in this library.
+
 Mega allows duplicate files which may confuse rclone.
-.SH Memory
-.PP
-The memory backend is an in RAM backend.
-It does not persist its data - use the local backend for that.
-.PP
-The memory backend behaves like a bucket-based remote (e.g.
-like s3).
-Because it has no parameters you can just use it with the
-\f[C]:memory:\f[R] remote name.
-.SS Configuration
-.PP
-You can configure it as a remote like this with \f[C]rclone config\f[R]
-too if you want to:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Memory
-   \[rs] \[dq]memory\[dq]
-[snip]
-Storage> memory
-** See help for memory backend at: https://rclone.org/memory/ **
 
-Remote config
+#  Memory
 
---------------------
-[remote]
-type = memory
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-Because the memory backend isn\[aq]t persistent it is most useful for
-testing or with an rclone server or rclone mount, e.g.
-.IP
-.nf
-\f[C]
-rclone mount :memory: /mnt/tmp
-rclone serve webdav :memory:
-rclone serve sftp :memory:
+The memory backend is an in RAM backend. It does not persist its
+data - use the local backend for that.
+
+The memory backend behaves like a bucket-based remote (e.g. like
+s3). Because it has no parameters you can just use it with the
+\[ga]:memory:\[ga] remote name.
+
+## Configuration
+
+You can configure it as a remote like this with \[ga]rclone config\[ga] too if
+you want to:
 \f[R]
 .fi
-.SS Modified time and hashes
 .PP
-The memory backend supports MD5 hashes and modification times accurate
-to 1 nS.
-.SS Restricted filename characters
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX / Memory
+\ \[dq]memory\[dq] [snip] Storage> memory ** See help for memory backend
+at: https://rclone.org/memory/ **
 .PP
-The memory backend replaces the default restricted characters
-set (https://rclone.org/overview/#restricted-characters).
-.SH Akamai NetStorage
-.PP
-Paths are specified as \f[C]remote:\f[R] You may put subdirectories in
-too, e.g.
-\f[C]remote:/path/to/dir\f[R].
-If you have a CP code you can use that as the folder after the domain
-such as <domain>/<cpcode>/<internal directories within cpcode>.
-.PP
-For example, this is commonly configured with or without a CP code: *
-\f[B]With a CP code\f[R].
-\f[C][your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/\f[R] *
-\f[B]Without a CP code\f[R].
-\f[C][your-domain-prefix]-nsu.akamaihd.net\f[R]
-.PP
-See all buckets rclone lsd remote: The initial setup for Netstorage
-involves getting an account and secret.
-Use \f[C]rclone config\f[R] to walk you through the setup process.
-.SS Configuration
+Remote config
 .PP
-Here\[aq]s an example of how to make a remote called \f[C]ns1\f[R].
-.IP "1." 3
-To begin the interactive configuration process, enter this command:
-.IP
-.nf
-\f[C]
-rclone config
-\f[R]
-.fi
-.IP "2." 3
-Type \f[C]n\f[R] to create a new remote.
-.IP
-.nf
-\f[C]
-n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q> n
-\f[R]
-.fi
-.IP "3." 3
-For this example, enter \f[C]ns1\f[R] when you reach the name> prompt.
-.IP
-.nf
-\f[C]
-name> ns1
-\f[R]
-.fi
-.IP "4." 3
-Enter \f[C]netstorage\f[R] as the type of storage to configure.
-.IP
-.nf
-\f[C]
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-XX / NetStorage
-   \[rs] \[dq]netstorage\[dq]
-Storage> netstorage
-\f[R]
-.fi
-.IP "5." 3
-Select between the HTTP or HTTPS protocol.
-Most users should choose HTTPS, which is the default.
-HTTP is provided primarily for debugging purposes.
+.TS
+tab(@);
+l.
+T{
+[remote]
+T}
+T{
+type = memory
+T}
+.TE
+.IP "y)" 3
+Yes this is OK (default)
+.IP "z)" 3
+Edit this remote
+.IP "a)" 3
+Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / HTTP protocol
-   \[rs] \[dq]http\[dq]
- 2 / HTTPS protocol
-   \[rs] \[dq]https\[dq]
-protocol> 1
+Because the memory backend isn\[aq]t persistent it is most useful for
+testing or with an rclone server or rclone mount, e.g.
+
+    rclone mount :memory: /mnt/tmp
+    rclone serve webdav :memory:
+    rclone serve sftp :memory:
+
+### Modification times and hashes
+
+The memory backend supports MD5 hashes and modification times accurate to 1 nS.
+
+### Restricted filename characters
+
+The memory backend replaces the [default restricted characters
+set](https://rclone.org/overview/#restricted-characters).
+
+
+
+
+#  Akamai NetStorage
+
+Paths are specified as \[ga]remote:\[ga]
+You may put subdirectories in too, e.g. \[ga]remote:/path/to/dir\[ga].
+If you have a CP code you can use that as the folder after the domain such as \[rs]<domain>\[rs]/\[rs]<cpcode>\[rs]/\[rs]<internal directories within cpcode>.
+
+For example, this is commonly configured with or without a CP code:
+* **With a CP code**. \[ga][your-domain-prefix]-nsu.akamaihd.net/123456/subdirectory/\[ga]
+* **Without a CP code**. \[ga][your-domain-prefix]-nsu.akamaihd.net\[ga]
+
+
+See all buckets
+   rclone lsd remote:
+The initial setup for Netstorage involves getting an account and secret. Use \[ga]rclone config\[ga] to walk you through the setup process.
+
+## Configuration
+
+Here\[aq]s an example of how to make a remote called \[ga]ns1\[ga].
+
+1. To begin the interactive configuration process, enter this command:
 \f[R]
 .fi
-.IP "6." 3
-Specify your NetStorage host, CP code, and any necessary content paths
-using this format: \f[C]<domain>/<cpcode>/<content>/\f[R]
+.PP
+rclone config
 .IP
 .nf
 \f[C]
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-host> baseball-nsu.akamaihd.net/123456/content/
+2. Type \[ga]n\[ga] to create a new remote.
 \f[R]
 .fi
-.IP "7." 3
-Set the netstorage account name
+.IP "n)" 3
+New remote
+.IP "o)" 3
+Delete remote
+.IP "p)" 3
+Quit config e/n/d/q> n
 .IP
 .nf
 \f[C]
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-account> username
+3. For this example, enter \[ga]ns1\[ga] when you reach the name> prompt.
 \f[R]
 .fi
-.IP "8." 3
-Set the Netstorage account secret/G2O key which will be used for
-authentication purposes.
-Select the \f[C]y\f[R] option to set your own password then enter your
-secret.
-Note: The secret is stored in the \f[C]rclone.conf\f[R] file with
-hex-encoded encryption.
+.PP
+name> ns1
 .IP
 .nf
 \f[C]
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
+4. Enter \[ga]netstorage\[ga] as the type of storage to configure.
 \f[R]
 .fi
-.IP "9." 3
-View the summary and confirm your remote configuration.
+.PP
+Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value XX / NetStorage
+\ \[dq]netstorage\[dq] Storage> netstorage
 .IP
 .nf
 \f[C]
-[ns1]
-type = netstorage
-protocol = http
-host = baseball-nsu.akamaihd.net/123456/content/
-account = username
-secret = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+5. Select between the HTTP or HTTPS protocol. Most users should choose HTTPS, which is the default. HTTP is provided primarily for debugging purposes.
+
 \f[R]
 .fi
 .PP
-This remote is called \f[C]ns1\f[R] and can now be used.
-.SS Example operations
-.PP
-Get started with rclone and NetStorage with these examples.
-For additional rclone commands, visit https://rclone.org/commands/.
-.SS See contents of a directory in your project
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / HTTP protocol
+\ \[dq]http\[dq] 2 / HTTPS protocol \ \[dq]https\[dq] protocol> 1
 .IP
 .nf
 \f[C]
-rclone lsd ns1:/974012/testing/
+6. Specify your NetStorage host, CP code, and any necessary content paths using this format: \[ga]<domain>/<cpcode>/<content>/\[ga]
 \f[R]
 .fi
-.SS Sync the contents local with remote
+.PP
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+host> baseball-nsu.akamaihd.net/123456/content/
 .IP
 .nf
 \f[C]
-rclone sync . ns1:/974012/testing/
+7. Set the netstorage account name
 \f[R]
 .fi
-.SS Upload local content to remote
+.PP
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+account> username
 .IP
 .nf
 \f[C]
-rclone copy notes.txt ns1:/974012/testing/
+8. Set the Netstorage account secret/G2O key which will be used for authentication purposes. Select the \[ga]y\[ga] option to set your own password then enter your secret.
+Note: The secret is stored in the \[ga]rclone.conf\[ga] file with hex-encoded encryption.
 \f[R]
 .fi
-.SS Delete content on remote
+.IP "y)" 3
+Yes type in my own password
+.IP "z)" 3
+Generate random password y/g> y Enter the password: password: Confirm
+the password: password:
 .IP
 .nf
 \f[C]
-rclone delete ns1:/974012/testing/notes.txt
+9. View the summary and confirm your remote configuration.
 \f[R]
 .fi
-.SS Move or copy content between CP codes.
 .PP
-Your credentials must have access to two CP codes on the same remote.
-You can\[aq]t perform operations between different remotes.
+[ns1] type = netstorage protocol = http host =
+baseball-nsu.akamaihd.net/123456/content/ account = username secret =
+*** ENCRYPTED *** -------------------- y) Yes this is OK (default) e)
+Edit this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/
-\f[R]
-.fi
-.SS Features
-.SS Symlink Support
-.PP
-The Netstorage backend changes the rclone \f[C]--links, -l\f[R]
-behavior.
-When uploading, instead of creating the .rclonelink file, use the
-\[dq]symlink\[dq] API in order to create the corresponding symlink on
-the remote.
-The .rclonelink file will not be created, the upload will be intercepted
-and only the symlink file that matches the source file name with no
-suffix will be created on the remote.
-.PP
-This will effectively allow commands like copy/copyto, move/moveto and
-sync to upload from local to remote and download from remote to local
-directories with symlinks.
-Due to internal rclone limitations, it is not possible to upload an
-individual symlink file to any remote backend.
-You can always use the \[dq]backend symlink\[dq] command to create a
-symlink on the NetStorage server, refer to \[dq]symlink\[dq] section
-below.
-.PP
-Individual symlink files on the remote can be used with the commands
-like \[dq]cat\[dq] to print the destination name, or \[dq]delete\[dq] to
-delete symlink, or copy, copy/to and move/moveto to download from the
-remote to local.
-Note: individual symlink files on the remote should be specified
-including the suffix .rclonelink.
-.PP
-\f[B]Note\f[R]: No file with the suffix .rclonelink should ever exist on
-the server since it is not possible to actually upload/create a file
-with .rclonelink suffix with rclone, it can only exist if it is manually
-created through a non-rclone method on the remote.
-.SS Implicit vs. Explicit Directories
-.PP
+This remote is called \[ga]ns1\[ga] and can now be used.
+
+## Example operations
+
+Get started with rclone and NetStorage with these examples. For additional rclone commands, visit https://rclone.org/commands/.
+
+### See contents of a directory in your project
+
+    rclone lsd ns1:/974012/testing/
+
+### Sync the contents local with remote
+
+    rclone sync . ns1:/974012/testing/
+
+### Upload local content to remote
+    rclone copy notes.txt ns1:/974012/testing/
+
+### Delete content on remote
+    rclone delete ns1:/974012/testing/notes.txt
+
+### Move or copy content between CP codes.
+
+Your credentials must have access to two CP codes on the same remote. You can\[aq]t perform operations between different remotes.
+
+    rclone move ns1:/974012/testing/notes.txt ns1:/974450/testing2/
+
+## Features
+
+### Symlink Support
+
+The Netstorage backend changes the rclone \[ga]--links, -l\[ga] behavior. When uploading, instead of creating the .rclonelink file, use the \[dq]symlink\[dq] API in order to create the corresponding symlink on the remote. The .rclonelink file will not be created, the upload will be intercepted and only the symlink file that matches the source file name with no suffix will be created on the remote.
+
+This will effectively allow commands like copy/copyto, move/moveto and sync to upload from local to remote and download from remote to local directories with symlinks. Due to internal rclone limitations, it is not possible to upload an individual symlink file to any remote backend. You can always use the \[dq]backend symlink\[dq] command to create a symlink on the NetStorage server, refer to \[dq]symlink\[dq] section below.
+
+Individual symlink files on the remote can be used with the commands like \[dq]cat\[dq] to print the destination name, or \[dq]delete\[dq] to delete symlink, or copy, copy/to and move/moveto to download from the remote to local. Note: individual symlink files on the remote should be specified including the suffix .rclonelink.
+
+**Note**: No file with the suffix .rclonelink should ever exist on the server since it is not possible to actually upload/create a file with .rclonelink suffix with rclone, it can only exist if it is manually created through a non-rclone method on the remote.
+
+### Implicit vs. Explicit Directories
+
 With NetStorage, directories can exist in one of two forms:
-.IP "1." 3
-\f[B]Explicit Directory\f[R].
-This is an actual, physical directory that you have created in a storage
-group.
-.IP "2." 3
-\f[B]Implicit Directory\f[R].
-This refers to a directory within a path that has not been physically
-created.
-For example, during upload of a file, nonexistent subdirectories can be
-specified in the target path.
-NetStorage creates these as \[dq]implicit.\[dq] While the directories
-aren\[aq]t physically created, they exist implicitly and the noted path
-is connected with the uploaded file.
-.PP
-Rclone will intercept all file uploads and mkdir commands for the
-NetStorage remote and will explicitly issue the mkdir command for each
-directory in the uploading path.
-This will help with the interoperability with the other Akamai services
-such as SFTP and the Content Management Shell (CMShell).
-Rclone will not guarantee correctness of operations with implicit
-directories which might have been created as a result of using an upload
-API directly.
-.SS \f[C]--fast-list\f[R] / ListR support
-.PP
-NetStorage remote supports the ListR feature by using the \[dq]list\[dq]
-NetStorage API action to return a lexicographical list of all objects
-within the specified CP code, recursing into subdirectories as
-they\[aq]re encountered.
-.IP \[bu] 2
-\f[B]Rclone will use the ListR method for some commands by default\f[R].
-Commands such as \f[C]lsf -R\f[R] will use ListR by default.
-To disable this, include the \f[C]--disable listR\f[R] option to use the
-non-recursive method of listing objects.
-.IP \[bu] 2
-\f[B]Rclone will not use the ListR method for some commands\f[R].
-Commands such as \f[C]sync\f[R] don\[aq]t use ListR by default.
-To force using the ListR method, include the \f[C]--fast-list\f[R]
-option.
-.PP
-There are pros and cons of using the ListR method, refer to rclone
-documentation (https://rclone.org/docs/#fast-list).
-In general, the sync command over an existing deep tree on the remote
-will run faster with the \[dq]--fast-list\[dq] flag but with extra
-memory usage as a side effect.
-It might also result in higher CPU utilization but the whole task can be
-completed faster.
-.PP
-\f[B]Note\f[R]: There is a known limitation that \[dq]lsf -R\[dq] will
-display number of files in the directory and directory size as -1 when
-ListR method is used.
-The workaround is to pass \[dq]--disable listR\[dq] flag if these
-numbers are important in the output.
-.SS Purge
-.PP
-NetStorage remote supports the purge feature by using the
-\[dq]quick-delete\[dq] NetStorage API action.
-The quick-delete action is disabled by default for security reasons and
-can be enabled for the account through the Akamai portal.
-Rclone will first try to use quick-delete action for the purge command
-and if this functionality is disabled then will fall back to a standard
-delete method.
-.PP
-\f[B]Note\f[R]: Read the NetStorage Usage
-API (https://learn.akamai.com/en-us/webhelp/netstorage/netstorage-http-api-developer-guide/GUID-15836617-9F50-405A-833C-EA2556756A30.html)
-for considerations when using \[dq]quick-delete\[dq].
-In general, using quick-delete method will not delete the tree
-immediately and objects targeted for quick-delete may still be
-accessible.
-.SS Standard options
-.PP
-Here are the Standard options specific to netstorage (Akamai
-NetStorage).
-.SS --netstorage-host
-.PP
+
+1. **Explicit Directory**. This is an actual, physical directory that you have created in a storage group.
+2. **Implicit Directory**. This refers to a directory within a path that has not been physically created. For example, during upload of a file, nonexistent subdirectories can be specified in the target path. NetStorage creates these as \[dq]implicit.\[dq] While the directories aren\[aq]t physically created, they exist implicitly and the noted path is connected with the uploaded file.
+
+Rclone will intercept all file uploads and mkdir commands for the NetStorage remote and will explicitly issue the mkdir command for each directory in the uploading path. This will help with the interoperability with the other Akamai services such as SFTP and the Content Management Shell (CMShell). Rclone will not guarantee correctness of operations with implicit directories which might have been created as a result of using an upload API directly.
+
+### \[ga]--fast-list\[ga] / ListR support
+
+NetStorage remote supports the ListR feature by using the \[dq]list\[dq] NetStorage API action to return a lexicographical list of all objects within the specified CP code, recursing into subdirectories as they\[aq]re encountered.
+
+* **Rclone will use the ListR method for some commands by default**. Commands such as \[ga]lsf -R\[ga] will use ListR by default. To disable this, include the \[ga]--disable listR\[ga] option to use the non-recursive method of listing objects.
+
+* **Rclone will not use the ListR method for some commands**. Commands such as \[ga]sync\[ga] don\[aq]t use ListR by default. To force using the ListR method, include the  \[ga]--fast-list\[ga] option.
+
+There are pros and cons of using the ListR method, refer to [rclone documentation](https://rclone.org/docs/#fast-list). In general, the sync command over an existing deep tree on the remote will run faster with the \[dq]--fast-list\[dq] flag but with extra memory usage as a side effect. It might also result in higher CPU utilization but the whole task can be completed faster.
+
+**Note**: There is a known limitation that \[dq]lsf -R\[dq] will display number of files in the directory and directory size as -1 when ListR method is used. The workaround is to pass \[dq]--disable listR\[dq] flag if these numbers are important in the output.
+
+### Purge
+
+NetStorage remote supports the purge feature by using the \[dq]quick-delete\[dq] NetStorage API action. The quick-delete action is disabled by default for security reasons and can be enabled for the account through the Akamai portal. Rclone will first try to use quick-delete action for the purge command and if this functionality is disabled then will fall back to a standard delete method.
+
+**Note**: Read the [NetStorage Usage API](https://learn.akamai.com/en-us/webhelp/netstorage/netstorage-http-api-developer-guide/GUID-15836617-9F50-405A-833C-EA2556756A30.html) for considerations when using \[dq]quick-delete\[dq]. In general, using quick-delete method will not delete the tree immediately and objects targeted for quick-delete may still be accessible.
+
+
+### Standard options
+
+Here are the Standard options specific to netstorage (Akamai NetStorage).
+
+#### --netstorage-host
+
 Domain+path of NetStorage host to connect to.
-.PP
-Format should be \f[C]<domain>/<internal folders>\f[R]
-.PP
+
+Format should be \[ga]<domain>/<internal folders>\[ga]
+
 Properties:
-.IP \[bu] 2
-Config: host
-.IP \[bu] 2
-Env Var: RCLONE_NETSTORAGE_HOST
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --netstorage-account
-.PP
+
+- Config:      host
+- Env Var:     RCLONE_NETSTORAGE_HOST
+- Type:        string
+- Required:    true
+
+#### --netstorage-account
+
 Set the NetStorage account name
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: account
-.IP \[bu] 2
-Env Var: RCLONE_NETSTORAGE_ACCOUNT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --netstorage-secret
-.PP
+
+- Config:      account
+- Env Var:     RCLONE_NETSTORAGE_ACCOUNT
+- Type:        string
+- Required:    true
+
+#### --netstorage-secret
+
 Set the NetStorage account secret/G2O key for authentication.
-.PP
-Please choose the \[aq]y\[aq] option to set your own password then enter
-your secret.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+Please choose the \[aq]y\[aq] option to set your own password then enter your secret.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: secret
-.IP \[bu] 2
-Env Var: RCLONE_NETSTORAGE_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS Advanced options
-.PP
-Here are the Advanced options specific to netstorage (Akamai
-NetStorage).
-.SS --netstorage-protocol
-.PP
+
+- Config:      secret
+- Env Var:     RCLONE_NETSTORAGE_SECRET
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to netstorage (Akamai NetStorage).
+
+#### --netstorage-protocol
+
 Select between HTTP or HTTPS protocol.
-.PP
+
 Most users should choose HTTPS, which is the default.
 HTTP is provided primarily for debugging purposes.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: protocol
-.IP \[bu] 2
-Env Var: RCLONE_NETSTORAGE_PROTOCOL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]https\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]http\[dq]
-.RS 2
-.IP \[bu] 2
-HTTP protocol
-.RE
-.IP \[bu] 2
-\[dq]https\[dq]
-.RS 2
-.IP \[bu] 2
-HTTPS protocol
-.RE
-.RE
-.SS Backend commands
-.PP
+
+- Config:      protocol
+- Env Var:     RCLONE_NETSTORAGE_PROTOCOL
+- Type:        string
+- Default:     \[dq]https\[dq]
+- Examples:
+    - \[dq]http\[dq]
+        - HTTP protocol
+    - \[dq]https\[dq]
+        - HTTPS protocol
+
+## Backend commands
+
 Here are the commands specific to the netstorage backend.
-.PP
+
 Run them with
-.IP
-.nf
-\f[C]
-rclone backend COMMAND remote:
-\f[R]
-.fi
-.PP
+
+    rclone backend COMMAND remote:
+
 The help below will explain what arguments each command takes.
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more info on how to pass options and arguments.
-.PP
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
 These can be run on a running backend using the rc command
-backend/command (https://rclone.org/rc/#backend-command).
-.SS du
-.PP
-Return disk usage information for a specified directory
-.IP
-.nf
-\f[C]
-rclone backend du remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
-The usage information returned, includes the targeted directory as well
-as all files stored in any sub-directories that may exist.
-.SS symlink
-.PP
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### du
+
+Return disk usage information for a specified directory
+
+    rclone backend du remote: [options] [<arguments>+]
+
+The usage information returned, includes the targeted directory as well as all
+files stored in any sub-directories that may exist.
+
+### symlink
+
 You can create a symbolic link in ObjectStore with the symlink action.
-.IP
-.nf
-\f[C]
-rclone backend symlink remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
-The desired path location (including applicable sub-directories) ending
-in the object that will be the target of the symlink (for example,
-/links/mylink).
+
+    rclone backend symlink remote: [options] [<arguments>+]
+
+The desired path location (including applicable sub-directories) ending in
+the object that will be the target of the symlink (for example, /links/mylink).
 Include the file extension for the object, if applicable.
-\f[C]rclone backend symlink <src> <path>\f[R]
-.SH Microsoft Azure Blob Storage
-.PP
-Paths are specified as \f[C]remote:container\f[R] (or \f[C]remote:\f[R]
-for the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:container/path/to/dir\f[R].
-.SS Configuration
-.PP
+\[ga]rclone backend symlink <src> <path>\[ga]
+
+
+
+#  Microsoft Azure Blob Storage
+
+Paths are specified as \[ga]remote:container\[ga] (or \[ga]remote:\[ga] for the \[ga]lsd\[ga]
+command.)  You may put subdirectories in too, e.g.
+\[ga]remote:container/path/to/dir\[ga].
+
+## Configuration
+
 Here is an example of making a Microsoft Azure Blob Storage
-configuration.
-For a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
+configuration.  For a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
 This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Microsoft Azure Blob Storage
-   \[rs] \[dq]azureblob\[dq]
-[snip]
-Storage> azureblob
-Storage Account Name
-account> account_name
-Storage Account Key
-key> base64encodedkey==
-Endpoint for the service - leave blank normally.
-endpoint> 
-Remote config
---------------------
-[remote]
-account = account_name
-key = base64encodedkey==
-endpoint = 
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
 \f[R]
 .fi
 .PP
-See all containers
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+Microsoft Azure Blob Storage \ \[dq]azureblob\[dq] [snip] Storage>
+azureblob Storage Account Name account> account_name Storage Account Key
+key> base64encodedkey== Endpoint for the service - leave blank normally.
+endpoint> Remote config -------------------- [remote] account =
+account_name key = base64encodedkey== endpoint = -------------------- y)
+Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+See all containers
+
+    rclone lsd remote:
+
 Make a new container
-.IP
-.nf
-\f[C]
-rclone mkdir remote:container
-\f[R]
-.fi
-.PP
+
+    rclone mkdir remote:container
+
 List the contents of a container
-.IP
-.nf
-\f[C]
-rclone ls remote:container
-\f[R]
-.fi
-.PP
-Sync \f[C]/home/local/directory\f[R] to the remote container, deleting
-any excess files in the container.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory remote:container
-\f[R]
-.fi
-.SS --fast-list
-.PP
-This remote supports \f[C]--fast-list\f[R] which allows you to use fewer
-transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
-.SS Modified time
-.PP
-The modified time is stored as metadata on the object with the
-\f[C]mtime\f[R] key.
-It is stored using RFC3339 Format time with nanosecond precision.
-The metadata is supplied during directory listings so there is no
-performance overhead to using it.
-.PP
-If you wish to use the Azure standard \f[C]LastModified\f[R] time stored
-on the object as the modified time, then use the
-\f[C]--use-server-modtime\f[R] flag.
-Note that rclone can\[aq]t set \f[C]LastModified\f[R], so using the
-\f[C]--update\f[R] flag when syncing is recommended if using
-\f[C]--use-server-modtime\f[R].
-.SS Performance
-.PP
+
+    rclone ls remote:container
+
+Sync \[ga]/home/local/directory\[ga] to the remote container, deleting any excess
+files in the container.
+
+    rclone sync --interactive /home/local/directory remote:container
+
+### --fast-list
+
+This remote supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Modification times and hashes
+
+The modification time is stored as metadata on the object with the
+\[ga]mtime\[ga] key.  It is stored using RFC3339 Format time with nanosecond
+precision.  The metadata is supplied during directory listings so
+there is no performance overhead to using it.
+
+If you wish to use the Azure standard \[ga]LastModified\[ga] time stored on
+the object as the modified time, then use the \[ga]--use-server-modtime\[ga]
+flag. Note that rclone can\[aq]t set \[ga]LastModified\[ga], so using the
+\[ga]--update\[ga] flag when syncing is recommended if using
+\[ga]--use-server-modtime\[ga].
+
+MD5 hashes are stored with blobs. However blobs that were uploaded in
+chunks only have an MD5 if the source remote was capable of MD5
+hashes, e.g. the local disk.
+
+### Performance
+
 When uploading large files, increasing the value of
-\f[C]--azureblob-upload-concurrency\f[R] will increase performance at
-the cost of using more memory.
-The default of 16 is set quite conservatively to use less memory.
-It maybe be necessary raise it to 64 or higher to fully utilize a 1
-GBit/s link with a single file transfer.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
+\[ga]--azureblob-upload-concurrency\[ga] will increase performance at the cost
+of using more memory. The default of 16 is set quite conservatively to
+use less memory. It maybe be necessary raise it to 64 or higher to
+fully utilize a 1 GBit/s link with a single file transfer.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| /         | 0x2F  | \[uFF0F]           |
+| \[rs]         | 0x5C  | \[uFF3C]           |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| .         | 0x2E  | \[uFF0E]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Authentication {#authentication}
+
+There are a number of ways of supplying credentials for Azure Blob
+Storage. Rclone tries them in the order of the sections below.
+
+#### Env Auth
+
+If the \[ga]env_auth\[ga] config parameter is \[ga]true\[ga] then rclone will pull
+credentials from the environment or runtime.
+
+It tries these authentication methods in this order:
+
+1. Environment Variables
+2. Managed Service Identity Credentials
+3. Azure CLI credentials (as used by the az tool)
+
+These are described in the following sections
+
+##### Env Auth: 1. Environment Variables
+
+If \[ga]env_auth\[ga] is set and environment variables are present rclone
+authenticates a service principal with a secret or certificate, or a
+user with a password, depending on which environment variable are set.
+It reads configuration from these variables, in the following order:
+
+1. Service principal with client secret
+    - \[ga]AZURE_TENANT_ID\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+    - \[ga]AZURE_CLIENT_ID\[ga]: the service principal\[aq]s client ID
+    - \[ga]AZURE_CLIENT_SECRET\[ga]: one of the service principal\[aq]s client secrets
+2. Service principal with certificate
+    - \[ga]AZURE_TENANT_ID\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+    - \[ga]AZURE_CLIENT_ID\[ga]: the service principal\[aq]s client ID
+    - \[ga]AZURE_CLIENT_CERTIFICATE_PATH\[ga]: path to a PEM or PKCS12 certificate file including the private key.
+    - \[ga]AZURE_CLIENT_CERTIFICATE_PASSWORD\[ga]: (optional) password for the certificate file.
+    - \[ga]AZURE_CLIENT_SEND_CERTIFICATE_CHAIN\[ga]: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to \[dq]true\[dq] or \[dq]1\[dq], authentication requests include the x5c header.
+3. User with username and password
+    - \[ga]AZURE_TENANT_ID\[ga]: (optional) tenant to authenticate in. Defaults to \[dq]organizations\[dq].
+    - \[ga]AZURE_CLIENT_ID\[ga]: client ID of the application the user will authenticate to
+    - \[ga]AZURE_USERNAME\[ga]: a username (usually an email address)
+    - \[ga]AZURE_PASSWORD\[ga]: the user\[aq]s password
+4. Workload Identity
+    - \[ga]AZURE_TENANT_ID\[ga]: Tenant to authenticate in.
+    - \[ga]AZURE_CLIENT_ID\[ga]: Client ID of the application the user will authenticate to.
+    - \[ga]AZURE_FEDERATED_TOKEN_FILE\[ga]: Path to projected service account token file.
+    - \[ga]AZURE_AUTHORITY_HOST\[ga]: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
+
+##### Env Auth: 2. Managed Service Identity Credentials
+
+When using Managed Service Identity if the VM(SS) on which this
+program is running has a system-assigned identity, it will be used by
+default. If the resource has no system-assigned but exactly one
+user-assigned identity, the user-assigned identity will be used by
+default.
+
+If the resource has multiple user-assigned identities you will need to
+unset \[ga]env_auth\[ga] and set \[ga]use_msi\[ga] instead. See the [\[ga]use_msi\[ga]
+section](#use_msi).
+
+##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
+
+Credentials created with the \[ga]az\[ga] tool can be picked up using \[ga]env_auth\[ga].
+
+For example if you were to login with a service principal like this:
+
+    az login --service-principal -u XXX -p XXX --tenant XXX
+
+Then you could access rclone resources like this:
+
+    rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER
+
+Or
+
+    rclone lsf --azureblob-env-auth --azureblob-account=ACCOUNT :azureblob:CONTAINER
+
+Which is analogous to using the \[ga]az\[ga] tool:
+
+    az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login
+
+#### Account and Shared Key
+
+This is the most straight forward and least flexible way.  Just fill
+in the \[ga]account\[ga] and \[ga]key\[ga] lines and leave the rest blank.
+
+#### SAS URL
+
+This can be an account level SAS URL or container level SAS URL.
+
+To use it leave \[ga]account\[ga] and \[ga]key\[ga] blank and fill in \[ga]sas_url\[ga].
+
+An account level SAS URL or container level SAS URL can be obtained
+from the Azure portal or the Azure Storage Explorer.  To get a
+container level SAS URL right click on a container in the Azure Blob
+explorer in the Azure portal.
+
+If you use a container level SAS URL, rclone operations are permitted
+only on a particular container, e.g.
+
+    rclone ls azureblob:container
+
+You can also list the single container from the root. This will only
+show the container specified by the SAS URL.
+
+    $ rclone lsd azureblob:
+    container/
+
+Note that you can\[aq]t see or access any other containers - this will
+fail
+
+    rclone ls azureblob:othercontainer
+
+Container level SAS URLs are useful for temporarily allowing third
+parties access to a single container or putting credentials into an
+untrusted environment such as a CI build server.
+
+#### Service principal with client secret
+
+If these variables are set, rclone will authenticate with a service principal with a client secret.
+
+- \[ga]tenant\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+- \[ga]client_id\[ga]: the service principal\[aq]s client ID
+- \[ga]client_secret\[ga]: one of the service principal\[aq]s client secrets
+
+The credentials can also be placed in a file using the
+\[ga]service_principal_file\[ga] configuration option.
+
+#### Service principal with certificate
+
+If these variables are set, rclone will authenticate with a service principal with certificate.
+
+- \[ga]tenant\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+- \[ga]client_id\[ga]: the service principal\[aq]s client ID
+- \[ga]client_certificate_path\[ga]: path to a PEM or PKCS12 certificate file including the private key.
+- \[ga]client_certificate_password\[ga]: (optional) password for the certificate file.
+- \[ga]client_send_certificate_chain\[ga]: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to \[dq]true\[dq] or \[dq]1\[dq], authentication requests include the x5c header.
+
+**NB** \[ga]client_certificate_password\[ga] must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### User with username and password
+
+If these variables are set, rclone will authenticate with username and password.
+
+- \[ga]tenant\[ga]: (optional) tenant to authenticate in. Defaults to \[dq]organizations\[dq].
+- \[ga]client_id\[ga]: client ID of the application the user will authenticate to
+- \[ga]username\[ga]: a username (usually an email address)
+- \[ga]password\[ga]: the user\[aq]s password
+
+Microsoft doesn\[aq]t recommend this kind of authentication, because it\[aq]s
+less secure than other authentication flows. This method is not
+interactive, so it isn\[aq]t compatible with any form of multi-factor
+authentication, and the application must already have user or admin
+consent. This credential can only authenticate work and school
+accounts; it can\[aq]t authenticate Microsoft accounts.
+
+**NB** \[ga]password\[ga] must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### Managed Service Identity Credentials {#use_msi}
+
+If \[ga]use_msi\[ga] is set then managed service identity credentials are
+used. This authentication only works when running in an Azure service.
+\[ga]env_auth\[ga] needs to be unset to use this.
+
+However if you have multiple user identities to choose from these must
+be explicitly specified using exactly one of the \[ga]msi_object_id\[ga],
+\[ga]msi_client_id\[ga], or \[ga]msi_mi_res_id\[ga] parameters.
+
+If none of \[ga]msi_object_id\[ga], \[ga]msi_client_id\[ga], or \[ga]msi_mi_res_id\[ga] is
+set, this is is equivalent to using \[ga]env_auth\[ga].
+
+
+### Standard options
+
+Here are the Standard options specific to azureblob (Microsoft Azure Blob Storage).
+
+#### --azureblob-account
+
+Azure Storage Account Name.
+
+Set this to the Azure Storage Account Name in use.
+
+Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
+
+If this is blank and if env_auth is set it will be read from the
+environment variable \[ga]AZURE_STORAGE_ACCOUNT_NAME\[ga] if possible.
+
+
+Properties:
+
+- Config:      account
+- Env Var:     RCLONE_AZUREBLOB_ACCOUNT
+- Type:        string
+- Required:    false
+
+#### --azureblob-env-auth
+
+Read credentials from runtime (environment variables, CLI or MSI).
+
+See the [authentication docs](/azureblob#authentication) for full info.
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_AZUREBLOB_ENV_AUTH
+- Type:        bool
+- Default:     false
+
+#### --azureblob-key
+
+Storage Account Shared Key.
+
+Leave blank to use SAS URL or Emulator.
+
+Properties:
+
+- Config:      key
+- Env Var:     RCLONE_AZUREBLOB_KEY
+- Type:        string
+- Required:    false
+
+#### --azureblob-sas-url
+
+SAS URL for container level access only.
+
+Leave blank if using account/key or Emulator.
+
+Properties:
+
+- Config:      sas_url
+- Env Var:     RCLONE_AZUREBLOB_SAS_URL
+- Type:        string
+- Required:    false
+
+#### --azureblob-tenant
+
+ID of the service principal\[aq]s tenant. Also called its directory ID.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      tenant
+- Env Var:     RCLONE_AZUREBLOB_TENANT
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-id
+
+The ID of the client in use.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-secret
+
+One of the service principal\[aq]s client secrets
+
+Set this if using
+- Service principal with client secret
+
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-certificate-path
+
+Path to a PEM or PKCS12 certificate file including the private key.
+
+Set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_certificate_path
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH
+- Type:        string
+- Required:    false
+
+#### --azureblob-client-certificate-password
+
+Password for the certificate file (optional).
+
+Optionally set this if using
+- Service principal with certificate
+
+And the certificate has a password.
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      client_certificate_password
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to azureblob (Microsoft Azure Blob Storage).
+
+#### --azureblob-client-send-certificate-chain
+
+Send the certificate chain when using certificate auth.
+
+Specifies whether an authentication request will include an x5c header
+to support subject name / issuer based authentication. When set to
+true, authentication requests include the x5c header.
+
+Optionally set this if using
+- Service principal with certificate
+
+
+Properties:
+
+- Config:      client_send_certificate_chain
+- Env Var:     RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN
+- Type:        bool
+- Default:     false
+
+#### --azureblob-username
+
+User name (usually an email address)
+
+Set this if using
+- User with username and password
+
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_AZUREBLOB_USERNAME
+- Type:        string
+- Required:    false
+
+#### --azureblob-password
+
+The user\[aq]s password
+
+Set this if using
+- User with username and password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_AZUREBLOB_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --azureblob-service-principal-file
+
+Path to file containing credentials for use with a service principal.
+
+Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
+
+    $ az ad sp create-for-rbac --name \[dq]<name>\[dq] \[rs]
+      --role \[dq]Storage Blob Data Owner\[dq] \[rs]
+      --scopes \[dq]/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>\[dq] \[rs]
+      > azure-principal.json
+
+See [\[dq]Create an Azure service principal\[dq]](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and [\[dq]Assign an Azure role for access to blob data\[dq]](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+It may be more convenient to put the credentials directly into the
+rclone config file under the \[ga]client_id\[ga], \[ga]tenant\[ga] and \[ga]client_secret\[ga]
+keys instead of setting \[ga]service_principal_file\[ga].
+
+
+Properties:
+
+- Config:      service_principal_file
+- Env Var:     RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE
+- Type:        string
+- Required:    false
+
+#### --azureblob-use-msi
+
+Use a managed service identity to authenticate (only works in Azure).
+
+When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+to authenticate to Azure Storage instead of a SAS token or account key.
+
+If the VM(SS) on which this program is running has a system-assigned identity, it will
+be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+the user-assigned identity will be used by default. If the resource has multiple user-assigned
+identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+msi_client_id, or msi_mi_res_id parameters.
+
+Properties:
+
+- Config:      use_msi
+- Env Var:     RCLONE_AZUREBLOB_USE_MSI
+- Type:        bool
+- Default:     false
+
+#### --azureblob-msi-object-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_object_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_OBJECT_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-msi-client-id
+
+Object ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_object_id or msi_mi_res_id specified.
+
+Properties:
+
+- Config:      msi_client_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-msi-mi-res-id
+
+Azure resource ID of the user-assigned MSI to use, if any.
+
+Leave blank if msi_client_id or msi_object_id specified.
+
+Properties:
+
+- Config:      msi_mi_res_id
+- Env Var:     RCLONE_AZUREBLOB_MSI_MI_RES_ID
+- Type:        string
+- Required:    false
+
+#### --azureblob-use-emulator
+
+Uses local storage emulator if provided as \[aq]true\[aq].
+
+Leave blank if using real azure storage endpoint.
+
+Properties:
+
+- Config:      use_emulator
+- Env Var:     RCLONE_AZUREBLOB_USE_EMULATOR
+- Type:        bool
+- Default:     false
+
+#### --azureblob-endpoint
+
+Endpoint for the service.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      endpoint
+- Env Var:     RCLONE_AZUREBLOB_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --azureblob-upload-cutoff
+
+Cutoff for switching to chunked upload (<= 256 MiB) (deprecated).
+
+Properties:
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CUTOFF
+- Type:        string
+- Required:    false
+
+#### --azureblob-chunk-size
+
+Upload chunk size.
+
+Note that this is stored in memory and there may be up to
+\[dq]--transfers\[dq] * \[dq]--azureblob-upload-concurrency\[dq] chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_AZUREBLOB_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
+
+#### --azureblob-upload-concurrency
+
+Concurrency for multipart uploads.
+
+This is the number of chunks of the same file that are uploaded
+concurrently.
+
+If you are uploading small numbers of large files over high-speed
+links and these uploads do not fully utilize your bandwidth, then
+increasing this may help to speed up the transfers.
+
+In tests, upload speed increases almost linearly with upload
+concurrency. For example to fill a gigabit pipe it may be necessary to
+raise this to 64. Note that this will use more memory.
+
+Note that chunks are stored in memory and there may be up to
+\[dq]--transfers\[dq] * \[dq]--azureblob-upload-concurrency\[dq] chunks stored at once
+in memory.
+
+Properties:
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     16
+
+#### --azureblob-list-chunk
+
+Size of blob list.
+
+This sets the number of blobs requested in each listing chunk. Default
+is the maximum, 5000. \[dq]List blobs\[dq] requests are permitted 2 minutes
+per megabyte to complete. If an operation is taking longer than 2
+minutes per megabyte on average, it will time out (
+[source](https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval)
+). This can be used to limit the number of blobs items to return, to
+avoid the time out.
+
+Properties:
+
+- Config:      list_chunk
+- Env Var:     RCLONE_AZUREBLOB_LIST_CHUNK
+- Type:        int
+- Default:     5000
+
+#### --azureblob-access-tier
+
+Access tier of blob: hot, cool, cold or archive.
+
+Archived blobs can be restored by setting access tier to hot, cool or
+cold. Leave blank if you intend to use default access tier, which is
+set at account level
+
+If there is no \[dq]access tier\[dq] specified, rclone doesn\[aq]t apply any tier.
+rclone performs \[dq]Set Tier\[dq] operation on blobs while uploading, if objects
+are not modified, specifying \[dq]access tier\[dq] to new one will have no effect.
+If blobs are in \[dq]archive tier\[dq] at remote, trying to perform data transfer
+operations from remote will not be allowed. User should first restore by
+tiering blob to \[dq]Hot\[dq], \[dq]Cool\[dq] or \[dq]Cold\[dq].
+
+Properties:
+
+- Config:      access_tier
+- Env Var:     RCLONE_AZUREBLOB_ACCESS_TIER
+- Type:        string
+- Required:    false
+
+#### --azureblob-archive-tier-delete
+
+Delete archive tier blobs before overwriting.
+
+Archive tier blobs cannot be updated. So without this flag, if you
+attempt to update an archive tier blob, then rclone will produce the
+error:
+
+    can\[aq]t update archive tier blob without --azureblob-archive-tier-delete
+
+With this flag set then before rclone attempts to overwrite an archive
+tier blob, it will delete the existing blob before uploading its
+replacement.  This has the potential for data loss if the upload fails
+(unlike updating a normal blob) and also may cost more since deleting
+archive tier blobs early may be chargable.
+
+
+Properties:
+
+- Config:      archive_tier_delete
+- Env Var:     RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE
+- Type:        bool
+- Default:     false
+
+#### --azureblob-disable-checksum
+
+Don\[aq]t store MD5 checksum with object metadata.
+
+Normally rclone will calculate the MD5 checksum of the input before
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
+
+Properties:
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_AZUREBLOB_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
+
+#### --azureblob-memory-pool-flush-time
+
+How often internal memory buffer pools will be flushed. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_flush_time
+- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME
+- Type:        Duration
+- Default:     1m0s
+
+#### --azureblob-memory-pool-use-mmap
+
+Whether to use mmap buffers in internal memory pool. (no longer used)
+
+Properties:
+
+- Config:      memory_pool_use_mmap
+- Env Var:     RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP
+- Type:        bool
+- Default:     false
+
+#### --azureblob-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_AZUREBLOB_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
+
+#### --azureblob-public-access
+
+Public access level of a container: blob or container.
+
+Properties:
+
+- Config:      public_access
+- Env Var:     RCLONE_AZUREBLOB_PUBLIC_ACCESS
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - The container and its blobs can be accessed only with an authorized request.
+        - It\[aq]s a default value.
+    - \[dq]blob\[dq]
+        - Blob data within this container can be read via anonymous request.
+    - \[dq]container\[dq]
+        - Allow full public read access for container and blob data.
+
+#### --azureblob-directory-markers
+
+Upload an empty object with a trailing slash when a new directory is created
+
+Empty folders are unsupported for bucket based remotes, this option
+creates an empty object ending with \[dq]/\[dq], to persist the folder.
+
+This object also has the metadata \[dq]hdi_isfolder = true\[dq] to conform to
+the Microsoft standard.
+ 
+
+Properties:
+
+- Config:      directory_markers
+- Env Var:     RCLONE_AZUREBLOB_DIRECTORY_MARKERS
+- Type:        bool
+- Default:     false
+
+#### --azureblob-no-check-container
+
+If set, don\[aq]t attempt to check the container exists or create it.
+
+This can be useful when trying to minimise the number of transactions
+rclone does if you know the container exists already.
+
+
+Properties:
+
+- Config:      no_check_container
+- Env Var:     RCLONE_AZUREBLOB_NO_CHECK_CONTAINER
+- Type:        bool
+- Default:     false
+
+#### --azureblob-no-head-object
+
+If set, do not do HEAD before GET when getting objects.
+
+Properties:
+
+- Config:      no_head_object
+- Env Var:     RCLONE_AZUREBLOB_NO_HEAD_OBJECT
+- Type:        bool
+- Default:     false
+
+
+
+### Custom upload headers
+
+You can set custom upload headers with the \[ga]--header-upload\[ga] flag. 
+
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+
+Eg \[ga]--header-upload \[dq]Content-Type: text/potato\[dq]\[ga]
+
+## Limitations
+
+MD5 sums are only uploaded with chunked files if the source has an MD5
+sum.  This will always be the case for a local to azure copy.
+
+\[ga]rclone about\[ga] is not supported by the Microsoft Azure Blob storage backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+## Azure Storage Emulator Support
+
+You can run rclone with the storage emulator (usually _azurite_).
+
+To do this, just set up a new remote with \[ga]rclone config\[ga] following
+the instructions in the introduction and set \[ga]use_emulator\[ga] in the
+advanced settings as \[ga]true\[ga]. You do not need to provide a default
+account name nor an account key. But you can override them in the
+\[ga]account\[ga] and \[ga]key\[ga] options. (Prior to v1.61 they were hard coded to
+_azurite_\[aq]s \[ga]devstoreaccount1\[ga].)
+
+Also, if you want to access a storage emulator instance running on a
+different machine, you can override the \[ga]endpoint\[ga] parameter in the
+advanced settings, setting it to
+\[ga]http(s)://<host>:<port>/devstoreaccount1\[ga]
+(e.g. \[ga]http://10.254.2.5:10000/devstoreaccount1\[ga]).
+
+#  Microsoft Azure Files Storage
+
+Paths are specified as \[ga]remote:\[ga] You may put subdirectories in too,
+e.g. \[ga]remote:path/to/dir\[ga].
+
+## Configuration
+
+Here is an example of making a Microsoft Azure Files Storage
+configuration.  For a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+\f[R]
+.fi
 .PP
-File names can also not end with the following characters.
-These only get replaced if they are the last character in the name:
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+Microsoft Azure Files Storage \ \[dq]azurefiles\[dq] [snip]
 .PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\&.
-T}@T{
-0x2E
-T}@T{
-\[uFF0E]
-T}
-.TE
+Option account.
+Azure Storage Account Name.
+Set this to the Azure Storage Account Name in use.
+Leave blank to use SAS URL or connection string, otherwise it needs to
+be set.
+If this is blank and if env_auth is set it will be read from the
+environment variable \f[C]AZURE_STORAGE_ACCOUNT_NAME\f[R] if possible.
+Enter a value.
+Press Enter to leave empty.
+account> account_name
 .PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Hashes
+Option share_name.
+Azure Files Share Name.
+This is required and is the name of the share to access.
+Enter a value.
+Press Enter to leave empty.
+share_name> share_name
 .PP
-MD5 hashes are stored with blobs.
-However blobs that were uploaded in chunks only have an MD5 if the
-source remote was capable of MD5 hashes, e.g.
-the local disk.
-.SS Authentication
+Option env_auth.
+Read credentials from runtime (environment variables, CLI or MSI).
+See the authentication docs for full info.
+Enter a boolean value (true or false).
+Press Enter for the default (false).
+env_auth>
 .PP
-There are a number of ways of supplying credentials for Azure Blob
-Storage.
-Rclone tries them in the order of the sections below.
-.SS Env Auth
+Option key.
+Storage Account Shared Key.
+Leave blank to use SAS URL or connection string.
+Enter a value.
+Press Enter to leave empty.
+key> base64encodedkey==
 .PP
-If the \f[C]env_auth\f[R] config parameter is \f[C]true\f[R] then rclone
-will pull credentials from the environment or runtime.
+Option sas_url.
+SAS URL.
+Leave blank if using account/key or connection string.
+Enter a value.
+Press Enter to leave empty.
+sas_url>
 .PP
-It tries these authentication methods in this order:
-.IP "1." 3
-Environment Variables
-.IP "2." 3
-Managed Service Identity Credentials
-.IP "3." 3
-Azure CLI credentials (as used by the az tool)
+Option connection_string.
+Azure Files Connection String.
+Enter a value.
+Press Enter to leave empty.
+connection_string> [snip]
 .PP
+Configuration complete.
+Options: - type: azurefiles - account: account_name - share_name:
+share_name - key: base64encodedkey== Keep this \[dq]remote\[dq] remote?
+y) Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d>
+.IP
+.nf
+\f[C]
+Once configured you can use rclone.
+
+See all files in the top level:
+
+    rclone lsf remote:
+
+Make a new directory in the root:
+
+    rclone mkdir remote:dir
+
+Recursively List the contents:
+
+    rclone ls remote:
+
+Sync \[ga]/home/local/directory\[ga] to the remote directory, deleting any
+excess files in the directory.
+
+    rclone sync --interactive /home/local/directory remote:dir
+
+### Modified time
+
+The modified time is stored as Azure standard \[ga]LastModified\[ga] time on
+files
+
+### Performance
+
+When uploading large files, increasing the value of
+\[ga]--azurefiles-upload-concurrency\[ga] will increase performance at the cost
+of using more memory. The default of 16 is set quite conservatively to
+use less memory. It maybe be necessary raise it to 64 or higher to
+fully utilize a 1 GBit/s link with a single file transfer.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[dq]         | 0x22  | \[uFF02]          |
+| *         | 0x2A  | \[uFF0A]          |
+| :         | 0x3A  | \[uFF1A]          |
+| <         | 0x3C  | \[uFF1C]          |
+| >         | 0x3E  | \[uFF1E]          |
+| ?         | 0x3F  | \[uFF1F]          |
+| \[rs]         | 0x5C  | \[uFF3C]          |
+| \[rs]|        | 0x7C  | \[uFF5C]          |
+
+File names can also not end with the following characters.
+These only get replaced if they are the last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| .         | 0x2E  | \[uFF0E]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Hashes
+
+MD5 hashes are stored with files. Not all files will have MD5 hashes
+as these have to be uploaded with the file.
+
+### Authentication {#authentication}
+
+There are a number of ways of supplying credentials for Azure Files
+Storage. Rclone tries them in the order of the sections below.
+
+#### Env Auth
+
+If the \[ga]env_auth\[ga] config parameter is \[ga]true\[ga] then rclone will pull
+credentials from the environment or runtime.
+
+It tries these authentication methods in this order:
+
+1. Environment Variables
+2. Managed Service Identity Credentials
+3. Azure CLI credentials (as used by the az tool)
+
 These are described in the following sections
-.SS Env Auth: 1. Environment Variables
-.PP
-If \f[C]env_auth\f[R] is set and environment variables are present
-rclone authenticates a service principal with a secret or certificate,
-or a user with a password, depending on which environment variable are
-set.
+
+##### Env Auth: 1. Environment Variables
+
+If \[ga]env_auth\[ga] is set and environment variables are present rclone
+authenticates a service principal with a secret or certificate, or a
+user with a password, depending on which environment variable are set.
 It reads configuration from these variables, in the following order:
-.IP "1." 3
-Service principal with client secret
-.RS 4
-.IP \[bu] 2
-\f[C]AZURE_TENANT_ID\f[R]: ID of the service principal\[aq]s tenant.
-Also called its \[dq]directory\[dq] ID.
-.IP \[bu] 2
-\f[C]AZURE_CLIENT_ID\f[R]: the service principal\[aq]s client ID
-.IP \[bu] 2
-\f[C]AZURE_CLIENT_SECRET\f[R]: one of the service principal\[aq]s client
-secrets
-.RE
-.IP "2." 3
-Service principal with certificate
-.RS 4
-.IP \[bu] 2
-\f[C]AZURE_TENANT_ID\f[R]: ID of the service principal\[aq]s tenant.
-Also called its \[dq]directory\[dq] ID.
-.IP \[bu] 2
-\f[C]AZURE_CLIENT_ID\f[R]: the service principal\[aq]s client ID
-.IP \[bu] 2
-\f[C]AZURE_CLIENT_CERTIFICATE_PATH\f[R]: path to a PEM or PKCS12
-certificate file including the private key.
-.IP \[bu] 2
-\f[C]AZURE_CLIENT_CERTIFICATE_PASSWORD\f[R]: (optional) password for the
-certificate file.
-.IP \[bu] 2
-\f[C]AZURE_CLIENT_SEND_CERTIFICATE_CHAIN\f[R]: (optional) Specifies
-whether an authentication request will include an x5c header to support
-subject name / issuer based authentication.
-When set to \[dq]true\[dq] or \[dq]1\[dq], authentication requests
-include the x5c header.
-.RE
-.IP "3." 3
-User with username and password
-.RS 4
-.IP \[bu] 2
-\f[C]AZURE_TENANT_ID\f[R]: (optional) tenant to authenticate in.
-Defaults to \[dq]organizations\[dq].
-.IP \[bu] 2
-\f[C]AZURE_CLIENT_ID\f[R]: client ID of the application the user will
-authenticate to
-.IP \[bu] 2
-\f[C]AZURE_USERNAME\f[R]: a username (usually an email address)
-.IP \[bu] 2
-\f[C]AZURE_PASSWORD\f[R]: the user\[aq]s password
-.RE
-.SS Env Auth: 2. Managed Service Identity Credentials
-.PP
-When using Managed Service Identity if the VM(SS) on which this program
-is running has a system-assigned identity, it will be used by default.
-If the resource has no system-assigned but exactly one user-assigned
-identity, the user-assigned identity will be used by default.
-.PP
+
+1. Service principal with client secret
+    - \[ga]AZURE_TENANT_ID\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+    - \[ga]AZURE_CLIENT_ID\[ga]: the service principal\[aq]s client ID
+    - \[ga]AZURE_CLIENT_SECRET\[ga]: one of the service principal\[aq]s client secrets
+2. Service principal with certificate
+    - \[ga]AZURE_TENANT_ID\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+    - \[ga]AZURE_CLIENT_ID\[ga]: the service principal\[aq]s client ID
+    - \[ga]AZURE_CLIENT_CERTIFICATE_PATH\[ga]: path to a PEM or PKCS12 certificate file including the private key.
+    - \[ga]AZURE_CLIENT_CERTIFICATE_PASSWORD\[ga]: (optional) password for the certificate file.
+    - \[ga]AZURE_CLIENT_SEND_CERTIFICATE_CHAIN\[ga]: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to \[dq]true\[dq] or \[dq]1\[dq], authentication requests include the x5c header.
+3. User with username and password
+    - \[ga]AZURE_TENANT_ID\[ga]: (optional) tenant to authenticate in. Defaults to \[dq]organizations\[dq].
+    - \[ga]AZURE_CLIENT_ID\[ga]: client ID of the application the user will authenticate to
+    - \[ga]AZURE_USERNAME\[ga]: a username (usually an email address)
+    - \[ga]AZURE_PASSWORD\[ga]: the user\[aq]s password
+4. Workload Identity
+    - \[ga]AZURE_TENANT_ID\[ga]: Tenant to authenticate in.
+    - \[ga]AZURE_CLIENT_ID\[ga]: Client ID of the application the user will authenticate to.
+    - \[ga]AZURE_FEDERATED_TOKEN_FILE\[ga]: Path to projected service account token file.
+    - \[ga]AZURE_AUTHORITY_HOST\[ga]: Authority of an Azure Active Directory endpoint (default: login.microsoftonline.com).
+
+
+##### Env Auth: 2. Managed Service Identity Credentials
+
+When using Managed Service Identity if the VM(SS) on which this
+program is running has a system-assigned identity, it will be used by
+default. If the resource has no system-assigned but exactly one
+user-assigned identity, the user-assigned identity will be used by
+default.
+
 If the resource has multiple user-assigned identities you will need to
-unset \f[C]env_auth\f[R] and set \f[C]use_msi\f[R] instead.
-See the \f[C]use_msi\f[R] section.
-.SS Env Auth: 3. Azure CLI credentials (as used by the az tool)
-.PP
-Credentials created with the \f[C]az\f[R] tool can be picked up using
-\f[C]env_auth\f[R].
-.PP
+unset \[ga]env_auth\[ga] and set \[ga]use_msi\[ga] instead. See the [\[ga]use_msi\[ga]
+section](#use_msi).
+
+##### Env Auth: 3. Azure CLI credentials (as used by the az tool)
+
+Credentials created with the \[ga]az\[ga] tool can be picked up using \[ga]env_auth\[ga].
+
 For example if you were to login with a service principal like this:
-.IP
-.nf
-\f[C]
-az login --service-principal -u XXX -p XXX --tenant XXX
-\f[R]
-.fi
-.PP
+
+    az login --service-principal -u XXX -p XXX --tenant XXX
+
 Then you could access rclone resources like this:
-.IP
-.nf
-\f[C]
-rclone lsf :azureblob,env_auth,account=ACCOUNT:CONTAINER
-\f[R]
-.fi
-.PP
+
+    rclone lsf :azurefiles,env_auth,account=ACCOUNT:
+
 Or
-.IP
-.nf
-\f[C]
-rclone lsf --azureblob-env-auth --azureblob-acccount=ACCOUNT :azureblob:CONTAINER
-\f[R]
-.fi
-.PP
-Which is analogous to using the \f[C]az\f[R] tool:
-.IP
-.nf
-\f[C]
-az storage blob list --container-name CONTAINER --account-name ACCOUNT --auth-mode login
-\f[R]
-.fi
-.SS Account and Shared Key
-.PP
-This is the most straight forward and least flexible way.
-Just fill in the \f[C]account\f[R] and \f[C]key\f[R] lines and leave the
-rest blank.
-.SS SAS URL
-.PP
-This can be an account level SAS URL or container level SAS URL.
-.PP
-To use it leave \f[C]account\f[R] and \f[C]key\f[R] blank and fill in
-\f[C]sas_url\f[R].
-.PP
-An account level SAS URL or container level SAS URL can be obtained from
-the Azure portal or the Azure Storage Explorer.
-To get a container level SAS URL right click on a container in the Azure
-Blob explorer in the Azure portal.
-.PP
-If you use a container level SAS URL, rclone operations are permitted
-only on a particular container, e.g.
-.IP
-.nf
-\f[C]
-rclone ls azureblob:container
-\f[R]
-.fi
-.PP
-You can also list the single container from the root.
-This will only show the container specified by the SAS URL.
-.IP
-.nf
-\f[C]
-$ rclone lsd azureblob:
-container/
-\f[R]
-.fi
-.PP
-Note that you can\[aq]t see or access any other containers - this will
-fail
-.IP
-.nf
-\f[C]
-rclone ls azureblob:othercontainer
-\f[R]
-.fi
-.PP
-Container level SAS URLs are useful for temporarily allowing third
-parties access to a single container or putting credentials into an
-untrusted environment such as a CI build server.
-.SS Service principal with client secret
-.PP
-If these variables are set, rclone will authenticate with a service
-principal with a client secret.
-.IP \[bu] 2
-\f[C]tenant\f[R]: ID of the service principal\[aq]s tenant.
-Also called its \[dq]directory\[dq] ID.
-.IP \[bu] 2
-\f[C]client_id\f[R]: the service principal\[aq]s client ID
-.IP \[bu] 2
-\f[C]client_secret\f[R]: one of the service principal\[aq]s client
-secrets
-.PP
+
+    rclone lsf --azurefiles-env-auth --azurefiles-account=ACCOUNT :azurefiles:
+
+#### Account and Shared Key
+
+This is the most straight forward and least flexible way.  Just fill
+in the \[ga]account\[ga] and \[ga]key\[ga] lines and leave the rest blank.
+
+#### SAS URL
+
+To use it leave \[ga]account\[ga], \[ga]key\[ga] and \[ga]connection_string\[ga] blank and fill in \[ga]sas_url\[ga].
+
+#### Connection String
+
+To use it leave \[ga]account\[ga], \[ga]key\[ga] and \[dq]sas_url\[dq] blank and fill in \[ga]connection_string\[ga].
+
+#### Service principal with client secret
+
+If these variables are set, rclone will authenticate with a service principal with a client secret.
+
+- \[ga]tenant\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+- \[ga]client_id\[ga]: the service principal\[aq]s client ID
+- \[ga]client_secret\[ga]: one of the service principal\[aq]s client secrets
+
 The credentials can also be placed in a file using the
-\f[C]service_principal_file\f[R] configuration option.
-.SS Service principal with certificate
-.PP
-If these variables are set, rclone will authenticate with a service
-principal with certificate.
-.IP \[bu] 2
-\f[C]tenant\f[R]: ID of the service principal\[aq]s tenant.
-Also called its \[dq]directory\[dq] ID.
-.IP \[bu] 2
-\f[C]client_id\f[R]: the service principal\[aq]s client ID
-.IP \[bu] 2
-\f[C]client_certificate_path\f[R]: path to a PEM or PKCS12 certificate
-file including the private key.
-.IP \[bu] 2
-\f[C]client_certificate_password\f[R]: (optional) password for the
-certificate file.
-.IP \[bu] 2
-\f[C]client_send_certificate_chain\f[R]: (optional) Specifies whether an
-authentication request will include an x5c header to support subject
-name / issuer based authentication.
-When set to \[dq]true\[dq] or \[dq]1\[dq], authentication requests
-include the x5c header.
-.PP
-\f[B]NB\f[R] \f[C]client_certificate_password\f[R] must be obscured -
-see rclone obscure (https://rclone.org/commands/rclone_obscure/).
-.SS User with username and password
-.PP
-If these variables are set, rclone will authenticate with username and
-password.
-.IP \[bu] 2
-\f[C]tenant\f[R]: (optional) tenant to authenticate in.
-Defaults to \[dq]organizations\[dq].
-.IP \[bu] 2
-\f[C]client_id\f[R]: client ID of the application the user will
-authenticate to
-.IP \[bu] 2
-\f[C]username\f[R]: a username (usually an email address)
-.IP \[bu] 2
-\f[C]password\f[R]: the user\[aq]s password
-.PP
-Microsoft doesn\[aq]t recommend this kind of authentication, because
-it\[aq]s less secure than other authentication flows.
-This method is not interactive, so it isn\[aq]t compatible with any form
-of multi-factor authentication, and the application must already have
-user or admin consent.
-This credential can only authenticate work and school accounts; it
-can\[aq]t authenticate Microsoft accounts.
-.PP
-\f[B]NB\f[R] \f[C]password\f[R] must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.SS Managed Service Identity Credentials
-.PP
-If \f[C]use_msi\f[R] is set then managed service identity credentials
-are used.
-This authentication only works when running in an Azure service.
-\f[C]env_auth\f[R] needs to be unset to use this.
-.PP
+\[ga]service_principal_file\[ga] configuration option.
+
+#### Service principal with certificate
+
+If these variables are set, rclone will authenticate with a service principal with certificate.
+
+- \[ga]tenant\[ga]: ID of the service principal\[aq]s tenant. Also called its \[dq]directory\[dq] ID.
+- \[ga]client_id\[ga]: the service principal\[aq]s client ID
+- \[ga]client_certificate_path\[ga]: path to a PEM or PKCS12 certificate file including the private key.
+- \[ga]client_certificate_password\[ga]: (optional) password for the certificate file.
+- \[ga]client_send_certificate_chain\[ga]: (optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to \[dq]true\[dq] or \[dq]1\[dq], authentication requests include the x5c header.
+
+**NB** \[ga]client_certificate_password\[ga] must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### User with username and password
+
+If these variables are set, rclone will authenticate with username and password.
+
+- \[ga]tenant\[ga]: (optional) tenant to authenticate in. Defaults to \[dq]organizations\[dq].
+- \[ga]client_id\[ga]: client ID of the application the user will authenticate to
+- \[ga]username\[ga]: a username (usually an email address)
+- \[ga]password\[ga]: the user\[aq]s password
+
+Microsoft doesn\[aq]t recommend this kind of authentication, because it\[aq]s
+less secure than other authentication flows. This method is not
+interactive, so it isn\[aq]t compatible with any form of multi-factor
+authentication, and the application must already have user or admin
+consent. This credential can only authenticate work and school
+accounts; it can\[aq]t authenticate Microsoft accounts.
+
+**NB** \[ga]password\[ga] must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+#### Managed Service Identity Credentials {#use_msi}
+
+If \[ga]use_msi\[ga] is set then managed service identity credentials are
+used. This authentication only works when running in an Azure service.
+\[ga]env_auth\[ga] needs to be unset to use this.
+
 However if you have multiple user identities to choose from these must
-be explicitly specified using exactly one of the
-\f[C]msi_object_id\f[R], \f[C]msi_client_id\f[R], or
-\f[C]msi_mi_res_id\f[R] parameters.
-.PP
-If none of \f[C]msi_object_id\f[R], \f[C]msi_client_id\f[R], or
-\f[C]msi_mi_res_id\f[R] is set, this is is equivalent to using
-\f[C]env_auth\f[R].
-.SS Standard options
-.PP
-Here are the Standard options specific to azureblob (Microsoft Azure
-Blob Storage).
-.SS --azureblob-account
-.PP
+be explicitly specified using exactly one of the \[ga]msi_object_id\[ga],
+\[ga]msi_client_id\[ga], or \[ga]msi_mi_res_id\[ga] parameters.
+
+If none of \[ga]msi_object_id\[ga], \[ga]msi_client_id\[ga], or \[ga]msi_mi_res_id\[ga] is
+set, this is is equivalent to using \[ga]env_auth\[ga].
+
+
+### Standard options
+
+Here are the Standard options specific to azurefiles (Microsoft Azure Files).
+
+#### --azurefiles-account
+
 Azure Storage Account Name.
-.PP
+
 Set this to the Azure Storage Account Name in use.
-.PP
-Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
-.PP
+
+Leave blank to use SAS URL or connection string, otherwise it needs to be set.
+
 If this is blank and if env_auth is set it will be read from the
-environment variable \f[C]AZURE_STORAGE_ACCOUNT_NAME\f[R] if possible.
-.PP
+environment variable \[ga]AZURE_STORAGE_ACCOUNT_NAME\[ga] if possible.
+
+
 Properties:
-.IP \[bu] 2
-Config: account
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_ACCOUNT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-env-auth
-.PP
+
+- Config:      account
+- Env Var:     RCLONE_AZUREFILES_ACCOUNT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-share-name
+
+Azure Files Share Name.
+
+This is required and is the name of the share to access.
+
+
+Properties:
+
+- Config:      share_name
+- Env Var:     RCLONE_AZUREFILES_SHARE_NAME
+- Type:        string
+- Required:    false
+
+#### --azurefiles-env-auth
+
 Read credentials from runtime (environment variables, CLI or MSI).
-.PP
-See the authentication docs for full info.
-.PP
+
+See the [authentication docs](/azurefiles#authentication) for full info.
+
 Properties:
-.IP \[bu] 2
-Config: env_auth
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_ENV_AUTH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-key
-.PP
+
+- Config:      env_auth
+- Env Var:     RCLONE_AZUREFILES_ENV_AUTH
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-key
+
 Storage Account Shared Key.
-.PP
-Leave blank to use SAS URL or Emulator.
-.PP
+
+Leave blank to use SAS URL or connection string.
+
 Properties:
-.IP \[bu] 2
-Config: key
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-sas-url
-.PP
-SAS URL for container level access only.
-.PP
-Leave blank if using account/key or Emulator.
-.PP
+
+- Config:      key
+- Env Var:     RCLONE_AZUREFILES_KEY
+- Type:        string
+- Required:    false
+
+#### --azurefiles-sas-url
+
+SAS URL.
+
+Leave blank if using account/key or connection string.
+
 Properties:
-.IP \[bu] 2
-Config: sas_url
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_SAS_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-tenant
-.PP
-ID of the service principal\[aq]s tenant.
-Also called its directory ID.
-.PP
-Set this if using - Service principal with client secret - Service
-principal with certificate - User with username and password
-.PP
+
+- Config:      sas_url
+- Env Var:     RCLONE_AZUREFILES_SAS_URL
+- Type:        string
+- Required:    false
+
+#### --azurefiles-connection-string
+
+Azure Files Connection String.
+
 Properties:
-.IP \[bu] 2
-Config: tenant
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_TENANT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-client-id
-.PP
+
+- Config:      connection_string
+- Env Var:     RCLONE_AZUREFILES_CONNECTION_STRING
+- Type:        string
+- Required:    false
+
+#### --azurefiles-tenant
+
+ID of the service principal\[aq]s tenant. Also called its directory ID.
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
+Properties:
+
+- Config:      tenant
+- Env Var:     RCLONE_AZUREFILES_TENANT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-id
+
 The ID of the client in use.
-.PP
-Set this if using - Service principal with client secret - Service
-principal with certificate - User with username and password
-.PP
+
+Set this if using
+- Service principal with client secret
+- Service principal with certificate
+- User with username and password
+
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_AZUREFILES_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-secret
+
 One of the service principal\[aq]s client secrets
-.PP
-Set this if using - Service principal with client secret
-.PP
+
+Set this if using
+- Service principal with client secret
+
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-client-certificate-path
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-certificate-path
+
 Path to a PEM or PKCS12 certificate file including the private key.
-.PP
-Set this if using - Service principal with certificate
-.PP
+
+Set this if using
+- Service principal with certificate
+
+
 Properties:
-.IP \[bu] 2
-Config: client_certificate_path
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PATH
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-client-certificate-password
-.PP
+
+- Config:      client_certificate_path
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PATH
+- Type:        string
+- Required:    false
+
+#### --azurefiles-client-certificate-password
+
 Password for the certificate file (optional).
-.PP
-Optionally set this if using - Service principal with certificate
-.PP
+
+Optionally set this if using
+- Service principal with certificate
+
 And the certificate has a password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: client_certificate_password
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_CLIENT_CERTIFICATE_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
-Here are the Advanced options specific to azureblob (Microsoft Azure
-Blob Storage).
-.SS --azureblob-client-send-certificate-chain
-.PP
+
+- Config:      client_certificate_password
+- Env Var:     RCLONE_AZUREFILES_CLIENT_CERTIFICATE_PASSWORD
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to azurefiles (Microsoft Azure Files).
+
+#### --azurefiles-client-send-certificate-chain
+
 Send the certificate chain when using certificate auth.
-.PP
+
 Specifies whether an authentication request will include an x5c header
-to support subject name / issuer based authentication.
-When set to true, authentication requests include the x5c header.
-.PP
-Optionally set this if using - Service principal with certificate
-.PP
+to support subject name / issuer based authentication. When set to
+true, authentication requests include the x5c header.
+
+Optionally set this if using
+- Service principal with certificate
+
+
 Properties:
-.IP \[bu] 2
-Config: client_send_certificate_chain
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_CLIENT_SEND_CERTIFICATE_CHAIN
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-username
-.PP
+
+- Config:      client_send_certificate_chain
+- Env Var:     RCLONE_AZUREFILES_CLIENT_SEND_CERTIFICATE_CHAIN
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-username
+
 User name (usually an email address)
-.PP
-Set this if using - User with username and password
-.PP
+
+Set this if using
+- User with username and password
+
+
 Properties:
-.IP \[bu] 2
-Config: username
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_USERNAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-password
-.PP
+
+- Config:      username
+- Env Var:     RCLONE_AZUREFILES_USERNAME
+- Type:        string
+- Required:    false
+
+#### --azurefiles-password
+
 The user\[aq]s password
-.PP
-Set this if using - User with username and password
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+Set this if using
+- User with username and password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: password
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-service-principal-file
-.PP
+
+- Config:      password
+- Env Var:     RCLONE_AZUREFILES_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --azurefiles-service-principal-file
+
 Path to file containing credentials for use with a service principal.
-.PP
-Leave blank normally.
-Needed only if you want to use a service principal instead of
-interactive login.
-.IP
-.nf
-\f[C]
-$ az ad sp create-for-rbac --name \[dq]<name>\[dq] \[rs]
-  --role \[dq]Storage Blob Data Owner\[dq] \[rs]
-  --scopes \[dq]/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>\[dq] \[rs]
-  > azure-principal.json
-\f[R]
-.fi
-.PP
-See \[dq]Create an Azure service
-principal\[dq] (https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli)
-and \[dq]Assign an Azure role for access to blob
-data\[dq] (https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli)
-pages for more details.
-.PP
+
+Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
+
+    $ az ad sp create-for-rbac --name \[dq]<name>\[dq] \[rs]
+      --role \[dq]Storage Files Data Owner\[dq] \[rs]
+      --scopes \[dq]/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>\[dq] \[rs]
+      > azure-principal.json
+
+See [\[dq]Create an Azure service principal\[dq]](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli) and [\[dq]Assign an Azure role for access to files data\[dq]](https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli) pages for more details.
+
+**NB** this section needs updating for Azure Files - pull requests appreciated!
+
 It may be more convenient to put the credentials directly into the
-rclone config file under the \f[C]client_id\f[R], \f[C]tenant\f[R] and
-\f[C]client_secret\f[R] keys instead of setting
-\f[C]service_principal_file\f[R].
-.PP
+rclone config file under the \[ga]client_id\[ga], \[ga]tenant\[ga] and \[ga]client_secret\[ga]
+keys instead of setting \[ga]service_principal_file\[ga].
+
+
 Properties:
-.IP \[bu] 2
-Config: service_principal_file
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_SERVICE_PRINCIPAL_FILE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-use-msi
-.PP
+
+- Config:      service_principal_file
+- Env Var:     RCLONE_AZUREFILES_SERVICE_PRINCIPAL_FILE
+- Type:        string
+- Required:    false
+
+#### --azurefiles-use-msi
+
 Use a managed service identity to authenticate (only works in Azure).
-.PP
-When true, use a managed service
-identity (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
+
+When true, use a [managed service identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
 to authenticate to Azure Storage instead of a SAS token or account key.
-.PP
-If the VM(SS) on which this program is running has a system-assigned
-identity, it will be used by default.
-If the resource has no system-assigned but exactly one user-assigned
-identity, the user-assigned identity will be used by default.
-If the resource has multiple user-assigned identities, the identity to
-use must be explicitly specified using exactly one of the msi_object_id,
-msi_client_id, or msi_mi_res_id parameters.
-.PP
-Properties:
-.IP \[bu] 2
-Config: use_msi
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_USE_MSI
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-msi-object-id
-.PP
+
+If the VM(SS) on which this program is running has a system-assigned identity, it will
+be used by default. If the resource has no system-assigned but exactly one user-assigned identity,
+the user-assigned identity will be used by default. If the resource has multiple user-assigned
+identities, the identity to use must be explicitly specified using exactly one of the msi_object_id,
+msi_client_id, or msi_mi_res_id parameters.
+
+Properties:
+
+- Config:      use_msi
+- Env Var:     RCLONE_AZUREFILES_USE_MSI
+- Type:        bool
+- Default:     false
+
+#### --azurefiles-msi-object-id
+
 Object ID of the user-assigned MSI to use, if any.
-.PP
+
 Leave blank if msi_client_id or msi_mi_res_id specified.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: msi_object_id
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_MSI_OBJECT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-msi-client-id
-.PP
+
+- Config:      msi_object_id
+- Env Var:     RCLONE_AZUREFILES_MSI_OBJECT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-msi-client-id
+
 Object ID of the user-assigned MSI to use, if any.
-.PP
+
 Leave blank if msi_object_id or msi_mi_res_id specified.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: msi_client_id
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_MSI_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-msi-mi-res-id
-.PP
+
+- Config:      msi_client_id
+- Env Var:     RCLONE_AZUREFILES_MSI_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-msi-mi-res-id
+
 Azure resource ID of the user-assigned MSI to use, if any.
-.PP
+
 Leave blank if msi_client_id or msi_object_id specified.
-.PP
-Properties:
-.IP \[bu] 2
-Config: msi_mi_res_id
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_MSI_MI_RES_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-use-emulator
-.PP
-Uses local storage emulator if provided as \[aq]true\[aq].
-.PP
-Leave blank if using real azure storage endpoint.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: use_emulator
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_USE_EMULATOR
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-endpoint
-.PP
+
+- Config:      msi_mi_res_id
+- Env Var:     RCLONE_AZUREFILES_MSI_MI_RES_ID
+- Type:        string
+- Required:    false
+
+#### --azurefiles-endpoint
+
 Endpoint for the service.
-.PP
+
 Leave blank normally.
-.PP
-Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-upload-cutoff
-.PP
-Cutoff for switching to chunked upload (<= 256 MiB) (deprecated).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-chunk-size
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_AZUREFILES_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --azurefiles-chunk-size
+
 Upload chunk size.
-.PP
+
 Note that this is stored in memory and there may be up to
-\[dq]--transfers\[dq] * \[dq]--azureblob-upload-concurrency\[dq] chunks
-stored at once in memory.
-.PP
+\[dq]--transfers\[dq] * \[dq]--azurefile-upload-concurrency\[dq] chunks stored at once
+in memory.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 4Mi
-.SS --azureblob-upload-concurrency
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_AZUREFILES_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
+
+#### --azurefiles-upload-concurrency
+
 Concurrency for multipart uploads.
-.PP
+
 This is the number of chunks of the same file that are uploaded
 concurrently.
-.PP
-If you are uploading small numbers of large files over high-speed links
-and these uploads do not fully utilize your bandwidth, then increasing
-this may help to speed up the transfers.
-.PP
-In tests, upload speed increases almost linearly with upload
-concurrency.
-For example to fill a gigabit pipe it may be necessary to raise this to
-64.
-Note that this will use more memory.
-.PP
+
+If you are uploading small numbers of large files over high-speed
+links and these uploads do not fully utilize your bandwidth, then
+increasing this may help to speed up the transfers.
+
 Note that chunks are stored in memory and there may be up to
-\[dq]--transfers\[dq] * \[dq]--azureblob-upload-concurrency\[dq] chunks
-stored at once in memory.
-.PP
-Properties:
-.IP \[bu] 2
-Config: upload_concurrency
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_UPLOAD_CONCURRENCY
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 16
-.SS --azureblob-list-chunk
-.PP
-Size of blob list.
-.PP
-This sets the number of blobs requested in each listing chunk.
-Default is the maximum, 5000.
-\[dq]List blobs\[dq] requests are permitted 2 minutes per megabyte to
-complete.
-If an operation is taking longer than 2 minutes per megabyte on average,
-it will time out (
-source (https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval)
-).
-This can be used to limit the number of blobs items to return, to avoid
-the time out.
-.PP
-Properties:
-.IP \[bu] 2
-Config: list_chunk
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_LIST_CHUNK
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 5000
-.SS --azureblob-access-tier
-.PP
-Access tier of blob: hot, cool or archive.
-.PP
-Archived blobs can be restored by setting access tier to hot or cool.
-Leave blank if you intend to use default access tier, which is set at
-account level
-.PP
-If there is no \[dq]access tier\[dq] specified, rclone doesn\[aq]t apply
-any tier.
-rclone performs \[dq]Set Tier\[dq] operation on blobs while uploading,
-if objects are not modified, specifying \[dq]access tier\[dq] to new one
-will have no effect.
-If blobs are in \[dq]archive tier\[dq] at remote, trying to perform data
-transfer operations from remote will not be allowed.
-User should first restore by tiering blob to \[dq]Hot\[dq] or
-\[dq]Cool\[dq].
-.PP
-Properties:
-.IP \[bu] 2
-Config: access_tier
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_ACCESS_TIER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --azureblob-archive-tier-delete
-.PP
-Delete archive tier blobs before overwriting.
-.PP
-Archive tier blobs cannot be updated.
-So without this flag, if you attempt to update an archive tier blob,
-then rclone will produce the error:
-.IP
-.nf
-\f[C]
-can\[aq]t update archive tier blob without --azureblob-archive-tier-delete
-\f[R]
-.fi
-.PP
-With this flag set then before rclone attempts to overwrite an archive
-tier blob, it will delete the existing blob before uploading its
-replacement.
-This has the potential for data loss if the upload fails (unlike
-updating a normal blob) and also may cost more since deleting archive
-tier blobs early may be chargable.
-.PP
-Properties:
-.IP \[bu] 2
-Config: archive_tier_delete
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_ARCHIVE_TIER_DELETE
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-disable-checksum
-.PP
-Don\[aq]t store MD5 checksum with object metadata.
-.PP
-Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can add it to metadata on the object.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
-.PP
-Properties:
-.IP \[bu] 2
-Config: disable_checksum
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_DISABLE_CHECKSUM
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-memory-pool-flush-time
-.PP
-How often internal memory buffer pools will be flushed.
-.PP
-Uploads which requires additional buffers (f.e multipart) will use
-memory pool for allocations.
-This option controls how often unused buffers will be removed from the
-pool.
-.PP
+\[dq]--transfers\[dq] * \[dq]--azurefile-upload-concurrency\[dq] chunks stored at once
+in memory.
+
 Properties:
-.IP \[bu] 2
-Config: memory_pool_flush_time
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_MEMORY_POOL_FLUSH_TIME
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1m0s
-.SS --azureblob-memory-pool-use-mmap
-.PP
-Whether to use mmap buffers in internal memory pool.
-.PP
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_AZUREFILES_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     16
+
+#### --azurefiles-max-stream-size
+
+Max size for streamed files.
+
+Azure files needs to know in advance how big the file will be. When
+rclone doesn\[aq]t know it uses this value instead.
+
+This will be used when rclone is streaming data, the most common uses are:
+
+- Uploading files with \[ga]--vfs-cache-mode off\[ga] with \[ga]rclone mount\[ga]
+- Using \[ga]rclone rcat\[ga]
+- Copying files with unknown length
+
+You will need this much free space in the share as the file will be this size temporarily.
+
+
 Properties:
-.IP \[bu] 2
-Config: memory_pool_use_mmap
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_MEMORY_POOL_USE_MMAP
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-encoding
-.PP
+
+- Config:      max_stream_size
+- Env Var:     RCLONE_AZUREFILES_MAX_STREAM_SIZE
+- Type:        SizeSuffix
+- Default:     10Gi
+
+#### --azurefiles-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
-Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8
-.SS --azureblob-public-access
-.PP
-Public access level of a container: blob or container.
-.PP
-Properties:
-.IP \[bu] 2
-Config: public_access
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_PUBLIC_ACCESS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-The container and its blobs can be accessed only with an authorized
-request.
-.IP \[bu] 2
-It\[aq]s a default value.
-.RE
-.IP \[bu] 2
-\[dq]blob\[dq]
-.RS 2
-.IP \[bu] 2
-Blob data within this container can be read via anonymous request.
-.RE
-.IP \[bu] 2
-\[dq]container\[dq]
-.RS 2
-.IP \[bu] 2
-Allow full public read access for container and blob data.
-.RE
-.RE
-.SS --azureblob-no-check-container
-.PP
-If set, don\[aq]t attempt to check the container exists or create it.
-.PP
-This can be useful when trying to minimise the number of transactions
-rclone does if you know the container exists already.
-.PP
-Properties:
-.IP \[bu] 2
-Config: no_check_container
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_NO_CHECK_CONTAINER
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --azureblob-no-head-object
-.PP
-If set, do not do HEAD before GET when getting objects.
-.PP
-Properties:
-.IP \[bu] 2
-Config: no_head_object
-.IP \[bu] 2
-Env Var: RCLONE_AZUREBLOB_NO_HEAD_OBJECT
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS Custom upload headers
-.PP
-You can set custom upload headers with the \f[C]--header-upload\f[R]
-flag.
-.IP \[bu] 2
-Cache-Control
-.IP \[bu] 2
-Content-Disposition
-.IP \[bu] 2
-Content-Encoding
-.IP \[bu] 2
-Content-Language
-.IP \[bu] 2
-Content-Type
-.PP
-Eg \f[C]--header-upload \[dq]Content-Type: text/potato\[dq]\f[R]
-.SS Limitations
-.PP
-MD5 sums are only uploaded with chunked files if the source has an MD5
-sum.
-This will always be the case for a local to azure copy.
-.PP
-\f[C]rclone about\f[R] is not supported by the Microsoft Azure Blob
-storage backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SS Azure Storage Emulator Support
-.PP
-You can run rclone with the storage emulator (usually
-\f[I]azurite\f[R]).
-.PP
-To do this, just set up a new remote with \f[C]rclone config\f[R]
-following the instructions in the introduction and set
-\f[C]use_emulator\f[R] in the advanced settings as \f[C]true\f[R].
-You do not need to provide a default account name nor an account key.
-But you can override them in the \f[C]account\f[R] and \f[C]key\f[R]
-options.
-(Prior to v1.61 they were hard coded to \f[I]azurite\f[R]\[aq]s
-\f[C]devstoreaccount1\f[R].)
-.PP
-Also, if you want to access a storage emulator instance running on a
-different machine, you can override the \f[C]endpoint\f[R] parameter in
-the advanced settings, setting it to
-\f[C]http(s)://<host>:<port>/devstoreaccount1\f[R] (e.g.
-\f[C]http://10.254.2.5:10000/devstoreaccount1\f[R]).
-.SH Microsoft OneDrive
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
-The initial setup for OneDrive involves getting a token from Microsoft
-which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Microsoft OneDrive
-   \[rs] \[dq]onedrive\[dq]
-[snip]
-Storage> onedrive
-Microsoft App Client Id
-Leave blank normally.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-client_id>
-Microsoft App Client Secret
-Leave blank normally.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-client_secret>
-Edit advanced config? (y/n)
-y) Yes
-n) No
-y/n> n
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
-Choose a number from below, or type in an existing value
- 1 / OneDrive Personal or Business
-   \[rs] \[dq]onedrive\[dq]
- 2 / Sharepoint site
-   \[rs] \[dq]sharepoint\[dq]
- 3 / Type in driveID
-   \[rs] \[dq]driveid\[dq]
- 4 / Type in SiteID
-   \[rs] \[dq]siteid\[dq]
- 5 / Search a Sharepoint site
-   \[rs] \[dq]search\[dq]
-Your choice> 1
-Found 1 drives, please select the one you want to use:
-0: OneDrive (business) id=b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
-Chose drive to use:> 0
-Found drive \[aq]root\[aq] of type \[aq]business\[aq], URL: https://org-my.sharepoint.com/personal/you/Documents
-Is that okay?
-y) Yes
-n) No
-y/n> y
---------------------
-[remote]
-type = onedrive
-token = {\[dq]access_token\[dq]:\[dq]youraccesstoken\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]yourrefreshtoken\[dq],\[dq]expiry\[dq]:\[dq]2018-08-26T22:39:52.486512262+08:00\[dq]}
-drive_id = b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
-drive_type = business
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from Microsoft.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
-List directories in top level of your OneDrive
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
-List all the files in your OneDrive
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
-To copy a local directory to an OneDrive directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Getting your own Client ID and Key
-.PP
-rclone uses a default Client ID when talking to OneDrive, unless a
-custom \f[C]client_id\f[R] is specified in the config.
-The default Client ID and Key are shared by all rclone users when
-performing requests.
-.PP
-You may choose to create and use your own Client ID, in case the default
-one does not work well for you.
-For example, you might see throttling.
-.SS Creating Client ID for OneDrive Personal
-.PP
-To create your own Client ID, please follow these steps:
-.IP "1." 3
-Open
-https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
-and then click \f[C]New registration\f[R].
-.IP "2." 3
-Enter a name for your app, choose account type
-\f[C]Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)\f[R],
-select \f[C]Web\f[R] in \f[C]Redirect URI\f[R], then type (do not copy
-and paste) \f[C]http://localhost:53682/\f[R] and click Register.
-Copy and keep the \f[C]Application (client) ID\f[R] under the app name
-for later use.
-.IP "3." 3
-Under \f[C]manage\f[R] select \f[C]Certificates & secrets\f[R], click
-\f[C]New client secret\f[R].
-Enter a description (can be anything) and set \f[C]Expires\f[R] to 24
-months.
-Copy and keep that secret \f[I]Value\f[R] for later use (you
-\f[I]won\[aq]t\f[R] be able to see this value afterwards).
-.IP "4." 3
-Under \f[C]manage\f[R] select \f[C]API permissions\f[R], click
-\f[C]Add a permission\f[R] and select \f[C]Microsoft Graph\f[R] then
-select \f[C]delegated permissions\f[R].
-.IP "5." 3
-Search and select the following permissions: \f[C]Files.Read\f[R],
-\f[C]Files.ReadWrite\f[R], \f[C]Files.Read.All\f[R],
-\f[C]Files.ReadWrite.All\f[R], \f[C]offline_access\f[R],
-\f[C]User.Read\f[R] and \f[C]Sites.Read.All\f[R] (if custom access
-scopes are configured, select the permissions accordingly).
-Once selected click \f[C]Add permissions\f[R] at the bottom.
-.PP
-Now the application is complete.
-Run \f[C]rclone config\f[R] to create or edit a OneDrive remote.
-Supply the app ID and password as Client ID and Secret, respectively.
-rclone will walk you through the remaining steps.
-.PP
-The access_scopes option allows you to configure the permissions
-requested by rclone.
-See Microsoft
-Docs (https://docs.microsoft.com/en-us/graph/permissions-reference#files-permissions)
-for more information about the different scopes.
-.PP
-The \f[C]Sites.Read.All\f[R] permission is required if you need to
-search SharePoint sites when configuring the
-remote (https://github.com/rclone/rclone/pull/5883).
-However, if that permission is not assigned, you need to exclude
-\f[C]Sites.Read.All\f[R] from your access scopes or set
-\f[C]disable_site_permission\f[R] option to true in the advanced
-options.
-.SS Creating Client ID for OneDrive Business
-.PP
-The steps for OneDrive Personal may or may not work for OneDrive
-Business, depending on the security settings of the organization.
-A common error is that the publisher of the App is not verified.
-.PP
-You may try to verify you
-account (https://docs.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview),
-or try to limit the App to your organization only, as shown below.
-.IP "1." 3
-Make sure to create the App with your business account.
-.IP "2." 3
-Follow the steps above to create an App.
-However, we need a different account type here:
-\f[C]Accounts in this organizational directory only (*** - Single tenant)\f[R].
-Note that you can also change the account type after creating the App.
-.IP "3." 3
-Find the tenant
-ID (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant)
-of your organization.
-.IP "4." 3
-In the rclone config, set \f[C]auth_url\f[R] to
-\f[C]https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/authorize\f[R].
-.IP "5." 3
-In the rclone config, set \f[C]token_url\f[R] to
-\f[C]https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token\f[R].
-.PP
-Note: If you have a special region, you may need a different host in
-step 4 and 5.
-Here are some
-hints (https://github.com/rclone/rclone/blob/bc23bf11db1c78c6ebbf8ea538fbebf7058b4176/backend/onedrive/onedrive.go#L86).
-.SS Modification time and hashes
-.PP
-OneDrive allows modification times to be set on objects accurate to 1
-second.
-These will be used to detect whether objects need syncing or not.
-.PP
-OneDrive Personal, OneDrive for Business and Sharepoint Server support
-QuickXorHash (https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash).
-.PP
-Before rclone 1.62 the default hash for Onedrive Personal was
-\f[C]SHA1\f[R].
-For rclone 1.62 and above the default for all Onedrive backends is
-\f[C]QuickXorHash\f[R].
-.PP
-Starting from July 2023 \f[C]SHA1\f[R] support is being phased out in
-Onedrive Personal in favour of \f[C]QuickXorHash\f[R].
-If necessary the \f[C]--onedrive-hash-type\f[R] flag (or
-\f[C]hash_type\f[R] config option) can be used to select \f[C]SHA1\f[R]
-during the transition period if this is important your workflow.
-.PP
-For all types of OneDrive you can use the \f[C]--checksum\f[R] flag.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[dq]
-T}@T{
-0x22
-T}@T{
-\[uFF02]
-T}
-T{
-*
-T}@T{
-0x2A
-T}@T{
-\[uFF0A]
-T}
-T{
-:
-T}@T{
-0x3A
-T}@T{
-\[uFF1A]
-T}
-T{
-<
-T}@T{
-0x3C
-T}@T{
-\[uFF1C]
-T}
-T{
->
-T}@T{
-0x3E
-T}@T{
-\[uFF1E]
-T}
-T{
-?
-T}@T{
-0x3F
-T}@T{
-\[uFF1F]
-T}
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-T{
-|
-T}@T{
-0x7C
-T}@T{
-\[uFF5C]
-T}
-.TE
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_AZUREFILES_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8,Dot
+
+
+
+### Custom upload headers
+
+You can set custom upload headers with the \[ga]--header-upload\[ga] flag. 
+
+- Cache-Control
+- Content-Disposition
+- Content-Encoding
+- Content-Language
+- Content-Type
+
+Eg \[ga]--header-upload \[dq]Content-Type: text/potato\[dq]\[ga]
+
+## Limitations
+
+MD5 sums are only uploaded with chunked files if the source has an MD5
+sum.  This will always be the case for a local to azure copy.
+
+#  Microsoft OneDrive
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
+The initial setup for OneDrive involves getting a token from
+Microsoft which you need to do in your browser.  \[ga]rclone config\[ga] walks
+you through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+\f[R]
+.fi
+.IP "e)" 3
+Edit existing remote
+.IP "f)" 3
+New remote
+.IP "g)" 3
+Delete remote
+.IP "h)" 3
+Rename remote
+.IP "i)" 3
+Copy remote
+.IP "j)" 3
+Set configuration password
+.IP "k)" 3
+Quit config e/n/d/r/c/s/q> n name> remote Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX /
+Microsoft OneDrive \ \[dq]onedrive\[dq] [snip] Storage> onedrive
+Microsoft App Client Id Leave blank normally.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+client_id> Microsoft App Client Secret Leave blank normally.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+client_secret> Edit advanced config?
+(y/n)
+.IP "l)" 3
+Yes
+.IP "m)" 3
+No y/n> n Remote config Use web browser to automatically authenticate
+rclone with remote?
+.IP \[bu] 2
+Say Y if the machine running rclone has a web browser you can use
+.IP \[bu] 2
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+.IP "y)" 3
+Yes
+.IP "z)" 3
+No y/n> y If your browser doesn\[aq]t open automatically go to the
+following link: http://127.0.0.1:53682/auth Log in and authorize rclone
+for access Waiting for code...
+Got code Choose a number from below, or type in an existing value 1 /
+OneDrive Personal or Business \ \[dq]onedrive\[dq] 2 / Sharepoint site
+\ \[dq]sharepoint\[dq] 3 / Type in driveID \ \[dq]driveid\[dq] 4 / Type
+in SiteID \ \[dq]siteid\[dq] 5 / Search a Sharepoint site
+\ \[dq]search\[dq] Your choice> 1 Found 1 drives, please select the one
+you want to use: 0: OneDrive (business)
+id=b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk Chose
+drive to use:> 0 Found drive \[aq]root\[aq] of type \[aq]business\[aq],
+URL: https://org-my.sharepoint.com/personal/you/Documents Is that okay?
+.IP "a)" 3
+Yes
+.IP "b)" 3
+No y/n> y -------------------- [remote] type = onedrive token =
+{\[dq]access_token\[dq]:\[dq]youraccesstoken\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]yourrefreshtoken\[dq],\[dq]expiry\[dq]:\[dq]2018-08-26T22:39:52.486512262+08:00\[dq]}
+drive_id = b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
+drive_type = business --------------------
+.IP "c)" 3
+Yes this is OK
+.IP "d)" 3
+Edit this remote
+.IP "e)" 3
+Delete this remote y/e/d> y
+.IP
+.nf
+\f[C]
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from Microsoft. This only runs from the moment it
+opens your browser to the moment you get back the verification
+code.  This is on \[ga]http://127.0.0.1:53682/\[ga] and this it may require
+you to unblock it temporarily if you are running a host firewall.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your OneDrive
+
+    rclone lsd remote:
+
+List all the files in your OneDrive
+
+    rclone ls remote:
+
+To copy a local directory to an OneDrive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Getting your own Client ID and Key
+
+rclone uses a default Client ID when talking to OneDrive, unless a custom \[ga]client_id\[ga] is specified in the config.
+The default Client ID and Key are shared by all rclone users when performing requests.
+
+You may choose to create and use your own Client ID, in case the default one does not work well for you. 
+For example, you might see throttling.
+
+#### Creating Client ID for OneDrive Personal
+
+To create your own Client ID, please follow these steps:
+
+1. Open https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and then click \[ga]New registration\[ga].
+2. Enter a name for your app, choose account type \[ga]Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)\[ga], select \[ga]Web\[ga] in \[ga]Redirect URI\[ga], then type (do not copy and paste) \[ga]http://localhost:53682/\[ga] and click Register. Copy and keep the \[ga]Application (client) ID\[ga] under the app name for later use.
+3. Under \[ga]manage\[ga] select \[ga]Certificates & secrets\[ga], click \[ga]New client secret\[ga]. Enter a description (can be anything) and set \[ga]Expires\[ga] to 24 months. Copy and keep that secret _Value_ for later use (you _won\[aq]t_ be able to see this value afterwards).
+4. Under \[ga]manage\[ga] select \[ga]API permissions\[ga], click \[ga]Add a permission\[ga] and select \[ga]Microsoft Graph\[ga] then select \[ga]delegated permissions\[ga].
+5. Search and select the following permissions: \[ga]Files.Read\[ga], \[ga]Files.ReadWrite\[ga], \[ga]Files.Read.All\[ga], \[ga]Files.ReadWrite.All\[ga], \[ga]offline_access\[ga], \[ga]User.Read\[ga] and \[ga]Sites.Read.All\[ga] (if custom access scopes are configured, select the permissions accordingly). Once selected click \[ga]Add permissions\[ga] at the bottom.
+
+Now the application is complete. Run \[ga]rclone config\[ga] to create or edit a OneDrive remote.
+Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.
+
+The access_scopes option allows you to configure the permissions requested by rclone.
+See [Microsoft Docs](https://docs.microsoft.com/en-us/graph/permissions-reference#files-permissions) for more information about the different scopes.
+
+The \[ga]Sites.Read.All\[ga] permission is required if you need to [search SharePoint sites when configuring the remote](https://github.com/rclone/rclone/pull/5883). However, if that permission is not assigned, you need to exclude \[ga]Sites.Read.All\[ga] from your access scopes or set \[ga]disable_site_permission\[ga] option to true in the advanced options.
+
+#### Creating Client ID for OneDrive Business
+
+The steps for OneDrive Personal may or may not work for OneDrive Business, depending on the security settings of the organization.
+A common error is that the publisher of the App is not verified.
+
+You may try to [verify you account](https://docs.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview), or try to limit the App to your organization only, as shown below.
+
+1. Make sure to create the App with your business account.
+2. Follow the steps above to create an App. However, we need a different account type here: \[ga]Accounts in this organizational directory only (*** - Single tenant)\[ga]. Note that you can also change the account type after creating the App.
+3. Find the [tenant ID](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) of your organization.
+4. In the rclone config, set \[ga]auth_url\[ga] to \[ga]https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/authorize\[ga].
+5. In the rclone config, set \[ga]token_url\[ga] to \[ga]https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token\[ga].
+
+Note: If you have a special region, you may need a different host in step 4 and 5. Here are [some hints](https://github.com/rclone/rclone/blob/bc23bf11db1c78c6ebbf8ea538fbebf7058b4176/backend/onedrive/onedrive.go#L86).
+
+
+### Modification times and hashes
+
+OneDrive allows modification times to be set on objects accurate to 1
+second.  These will be used to detect whether objects need syncing or
+not.
+
+OneDrive Personal, OneDrive for Business and Sharepoint Server support
+[QuickXorHash](https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash).
+
+Before rclone 1.62 the default hash for Onedrive Personal was \[ga]SHA1\[ga].
+For rclone 1.62 and above the default for all Onedrive backends is
+\[ga]QuickXorHash\[ga].
+
+Starting from July 2023 \[ga]SHA1\[ga] support is being phased out in Onedrive
+Personal in favour of \[ga]QuickXorHash\[ga]. If necessary the
+\[ga]--onedrive-hash-type\[ga] flag (or \[ga]hash_type\[ga] config option) can be used
+to select \[ga]SHA1\[ga] during the transition period if this is important
+your workflow.
+
+For all types of OneDrive you can use the \[ga]--checksum\[ga] flag.
+
+### --fast-list
+
+This remote supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+This must be enabled with the \[ga]--onedrive-delta\[ga] flag (or \[ga]delta =
+true\[ga] in the config file) as it can cause performance degradation.
+
+It does this by using the delta listing facilities of OneDrive which
+returns all the files in the remote very efficiently. This is much
+more efficient than listing directories recursively and is Microsoft\[aq]s
+recommended way of reading all the file information from a drive.
+
+This can be useful with \[ga]rclone mount\[ga] and [rclone rc vfs/refresh
+recursive=true](https://rclone.org/rc/#vfs-refresh)) to very quickly fill the mount with
+information about all the files.
+
+The API used for the recursive listing (\[ga]ListR\[ga]) only supports listing
+from the root of the drive. This will become increasingly inefficient
+the further away you get from the root as rclone will have to discard
+files outside of the directory you are using.
+
+Some commands (like \[ga]rclone lsf -R\[ga]) will use \[ga]ListR\[ga] by default - you
+can turn this off with \[ga]--disable ListR\[ga] if you need to.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[dq]         | 0x22  | \[uFF02]          |
+| *         | 0x2A  | \[uFF0A]          |
+| :         | 0x3A  | \[uFF1A]          |
+| <         | 0x3C  | \[uFF1C]          |
+| >         | 0x3E  | \[uFF1E]          |
+| ?         | 0x3F  | \[uFF1F]          |
+| \[rs]         | 0x5C  | \[uFF3C]          |
+| \[rs]|        | 0x7C  | \[uFF5C]          |
+
 File names can also not end with the following characters.
 These only get replaced if they are the last character in the name:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-SP
-T}@T{
-0x20
-T}@T{
-\[u2420]
-T}
-T{
-\&.
-T}@T{
-0x2E
-T}@T{
-\[uFF0E]
-T}
-.TE
-.PP
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | \[u2420]           |
+| .         | 0x2E  | \[uFF0E]          |
+
 File names can also not begin with the following characters.
 These only get replaced if they are the first character in the name:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-SP
-T}@T{
-0x20
-T}@T{
-\[u2420]
-T}
-T{
-\[ti]
-T}@T{
-0x7E
-T}@T{
-\[uFF5E]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Deleting files
-.PP
-Any files you delete with rclone will end up in the trash.
-Microsoft doesn\[aq]t provide an API to permanently delete files, nor to
-empty the trash, so you will have to do that with one of Microsoft\[aq]s
-apps or via the OneDrive website.
-.SS Standard options
-.PP
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | \[u2420]           |
+| \[ti]         | 0x7E  | \[uFF5E]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Deleting files
+
+Any files you delete with rclone will end up in the trash.  Microsoft
+doesn\[aq]t provide an API to permanently delete files, nor to empty the
+trash, so you will have to do that with one of Microsoft\[aq]s apps or via
+the OneDrive website.
+
+
+### Standard options
+
 Here are the Standard options specific to onedrive (Microsoft OneDrive).
-.SS --onedrive-client-id
-.PP
+
+#### --onedrive-client-id
+
 OAuth Client Id.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_ONEDRIVE_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --onedrive-client-secret
+
 OAuth Client Secret.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-region
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_ONEDRIVE_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --onedrive-region
+
 Choose national cloud region for OneDrive.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_REGION
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]global\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]global\[dq]
-.RS 2
-.IP \[bu] 2
-Microsoft Cloud Global
-.RE
-.IP \[bu] 2
-\[dq]us\[dq]
-.RS 2
-.IP \[bu] 2
-Microsoft Cloud for US Government
-.RE
-.IP \[bu] 2
-\[dq]de\[dq]
-.RS 2
-.IP \[bu] 2
-Microsoft Cloud Germany
-.RE
-.IP \[bu] 2
-\[dq]cn\[dq]
-.RS 2
-.IP \[bu] 2
-Azure and Office 365 operated by Vnet Group in China
-.RE
-.RE
-.SS Advanced options
-.PP
+
+- Config:      region
+- Env Var:     RCLONE_ONEDRIVE_REGION
+- Type:        string
+- Default:     \[dq]global\[dq]
+- Examples:
+    - \[dq]global\[dq]
+        - Microsoft Cloud Global
+    - \[dq]us\[dq]
+        - Microsoft Cloud for US Government
+    - \[dq]de\[dq]
+        - Microsoft Cloud Germany
+    - \[dq]cn\[dq]
+        - Azure and Office 365 operated by Vnet Group in China
+
+### Advanced options
+
 Here are the Advanced options specific to onedrive (Microsoft OneDrive).
-.SS --onedrive-token
-.PP
+
+#### --onedrive-token
+
 OAuth Access Token as a JSON blob.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-auth-url
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_ONEDRIVE_TOKEN
+- Type:        string
+- Required:    false
+
+#### --onedrive-auth-url
+
 Auth server URL.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-token-url
-.PP
+
+- Config:      auth_url
+- Env Var:     RCLONE_ONEDRIVE_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --onedrive-token-url
+
 Token server url.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-chunk-size
-.PP
-Chunk size to upload files with - must be multiple of 320k (327,680
-bytes).
-.PP
-Above this size files will be chunked - must be multiple of 320k
-(327,680 bytes) and should not exceed 250M (262,144,000 bytes) else you
-may encounter
-\[dq]Microsoft.SharePoint.Client.InvalidClientQueryException: The
-request message is too big.\[dq] Note that the chunks will be buffered
-into memory.
-.PP
+
+- Config:      token_url
+- Env Var:     RCLONE_ONEDRIVE_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --onedrive-chunk-size
+
+Chunk size to upload files with - must be multiple of 320k (327,680 bytes).
+
+Above this size files will be chunked - must be multiple of 320k (327,680 bytes) and
+should not exceed 250M (262,144,000 bytes) else you may encounter \[rs]\[dq]Microsoft.SharePoint.Client.InvalidClientQueryException: The request message is too big.\[rs]\[dq]
+Note that the chunks will be buffered into memory.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 10Mi
-.SS --onedrive-drive-id
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_ONEDRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --onedrive-drive-id
+
 The ID of the drive to use.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: drive_id
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_DRIVE_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-drive-type
-.PP
+
+- Config:      drive_id
+- Env Var:     RCLONE_ONEDRIVE_DRIVE_ID
+- Type:        string
+- Required:    false
+
+#### --onedrive-drive-type
+
 The type of the drive (personal | business | documentLibrary).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: drive_type
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_DRIVE_TYPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-root-folder-id
-.PP
+
+- Config:      drive_type
+- Env Var:     RCLONE_ONEDRIVE_DRIVE_TYPE
+- Type:        string
+- Required:    false
+
+#### --onedrive-root-folder-id
+
 ID of the root folder.
-.PP
+
 This isn\[aq]t normally needed, but in special circumstances you might
-know the folder ID that you wish to access but not be able to get there
-through a path traversal.
-.PP
+know the folder ID that you wish to access but not be able to get
+there through a path traversal.
+
+
 Properties:
-.IP \[bu] 2
-Config: root_folder_id
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_ROOT_FOLDER_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-access-scopes
-.PP
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_ONEDRIVE_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --onedrive-access-scopes
+
 Set scopes to be requested by rclone.
-.PP
-Choose or manually enter a custom space separated list with all scopes,
-that rclone should request.
-.PP
+
+Choose or manually enter a custom space separated list with all scopes, that rclone should request.
+
+
 Properties:
-.IP \[bu] 2
-Config: access_scopes
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_ACCESS_SCOPES
-.IP \[bu] 2
-Type: SpaceSepList
-.IP \[bu] 2
-Default: Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All
-Sites.Read.All offline_access
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All
-Sites.Read.All offline_access\[dq]
-.RS 2
-.IP \[bu] 2
-Read and write access to all resources
-.RE
-.IP \[bu] 2
-\[dq]Files.Read Files.Read.All Sites.Read.All offline_access\[dq]
-.RS 2
-.IP \[bu] 2
-Read only access to all resources
-.RE
-.IP \[bu] 2
-\[dq]Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All
-offline_access\[dq]
-.RS 2
-.IP \[bu] 2
-Read and write access to all resources, without the ability to browse
-SharePoint sites.
-.IP \[bu] 2
-Same as if disable_site_permission was set to true
-.RE
-.RE
-.SS --onedrive-disable-site-permission
-.PP
+
+- Config:      access_scopes
+- Env Var:     RCLONE_ONEDRIVE_ACCESS_SCOPES
+- Type:        SpaceSepList
+- Default:     Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access
+- Examples:
+    - \[dq]Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All Sites.Read.All offline_access\[dq]
+        - Read and write access to all resources
+    - \[dq]Files.Read Files.Read.All Sites.Read.All offline_access\[dq]
+        - Read only access to all resources
+    - \[dq]Files.Read Files.ReadWrite Files.Read.All Files.ReadWrite.All offline_access\[dq]
+        - Read and write access to all resources, without the ability to browse SharePoint sites. 
+        - Same as if disable_site_permission was set to true
+
+#### --onedrive-disable-site-permission
+
 Disable the request for Sites.Read.All permission.
-.PP
-If set to true, you will no longer be able to search for a SharePoint
-site when configuring drive ID, because rclone will not request
-Sites.Read.All permission.
-Set it to true if your organization didn\[aq]t assign Sites.Read.All
-permission to the application, and your organization disallows users to
-consent app permission request on their own.
-.PP
+
+If set to true, you will no longer be able to search for a SharePoint site when
+configuring drive ID, because rclone will not request Sites.Read.All permission.
+Set it to true if your organization didn\[aq]t assign Sites.Read.All permission to the
+application, and your organization disallows users to consent app permission
+request on their own.
+
 Properties:
-.IP \[bu] 2
-Config: disable_site_permission
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_DISABLE_SITE_PERMISSION
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --onedrive-expose-onenote-files
-.PP
+
+- Config:      disable_site_permission
+- Env Var:     RCLONE_ONEDRIVE_DISABLE_SITE_PERMISSION
+- Type:        bool
+- Default:     false
+
+#### --onedrive-expose-onenote-files
+
 Set to make OneNote files show up in directory listings.
-.PP
+
 By default, rclone will hide OneNote files in directory listings because
-operations like \[dq]Open\[dq] and \[dq]Update\[dq] won\[aq]t work on
-them.
-But this behaviour may also prevent you from deleting them.
-If you want to delete OneNote files or otherwise want them to show up in
-directory listing, set this option.
-.PP
+operations like \[dq]Open\[dq] and \[dq]Update\[dq] won\[aq]t work on them.  But this
+behaviour may also prevent you from deleting them.  If you want to
+delete OneNote files or otherwise want them to show up in directory
+listing, set this option.
+
 Properties:
-.IP \[bu] 2
-Config: expose_onenote_files
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_EXPOSE_ONENOTE_FILES
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --onedrive-server-side-across-configs
-.PP
-Allow server-side operations (e.g.
-copy) to work across different onedrive configs.
-.PP
-This will only work if you are copying between two OneDrive
-\f[I]Personal\f[R] drives AND the files to copy are already shared
-between them.
-In other cases, rclone will fall back to normal copy (which will be
-slightly slower).
-.PP
+
+- Config:      expose_onenote_files
+- Env Var:     RCLONE_ONEDRIVE_EXPOSE_ONENOTE_FILES
+- Type:        bool
+- Default:     false
+
+#### --onedrive-server-side-across-configs
+
+Deprecated: use --server-side-across-configs instead.
+
+Allow server-side operations (e.g. copy) to work across different onedrive configs.
+
+This will only work if you are copying between two OneDrive *Personal* drives AND
+the files to copy are already shared between them.  In other cases, rclone will
+fall back to normal copy (which will be slightly slower).
+
 Properties:
-.IP \[bu] 2
-Config: server_side_across_configs
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_SERVER_SIDE_ACROSS_CONFIGS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --onedrive-list-chunk
-.PP
+
+- Config:      server_side_across_configs
+- Env Var:     RCLONE_ONEDRIVE_SERVER_SIDE_ACROSS_CONFIGS
+- Type:        bool
+- Default:     false
+
+#### --onedrive-list-chunk
+
 Size of listing chunk.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: list_chunk
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_LIST_CHUNK
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 1000
-.SS --onedrive-no-versions
-.PP
+
+- Config:      list_chunk
+- Env Var:     RCLONE_ONEDRIVE_LIST_CHUNK
+- Type:        int
+- Default:     1000
+
+#### --onedrive-no-versions
+
 Remove all versions on modifying operations.
-.PP
+
 Onedrive for business creates versions when rclone uploads new files
 overwriting an existing one and when it sets the modification time.
-.PP
+
 These versions take up space out of the quota.
-.PP
-This flag checks for versions after file upload and setting modification
-time and removes all but the last version.
-.PP
-\f[B]NB\f[R] Onedrive personal can\[aq]t currently delete versions so
-don\[aq]t use this flag there.
-.PP
+
+This flag checks for versions after file upload and setting
+modification time and removes all but the last version.
+
+**NB** Onedrive personal can\[aq]t currently delete versions so don\[aq]t use
+this flag there.
+
+
 Properties:
-.IP \[bu] 2
-Config: no_versions
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_NO_VERSIONS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --onedrive-link-scope
-.PP
+
+- Config:      no_versions
+- Env Var:     RCLONE_ONEDRIVE_NO_VERSIONS
+- Type:        bool
+- Default:     false
+
+#### --onedrive-link-scope
+
 Set the scope of the links created by the link command.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: link_scope
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_LINK_SCOPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]anonymous\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]anonymous\[dq]
-.RS 2
-.IP \[bu] 2
-Anyone with the link has access, without needing to sign in.
-.IP \[bu] 2
-This may include people outside of your organization.
-.IP \[bu] 2
-Anonymous link support may be disabled by an administrator.
-.RE
-.IP \[bu] 2
-\[dq]organization\[dq]
-.RS 2
-.IP \[bu] 2
-Anyone signed into your organization (tenant) can use the link to get
-access.
-.IP \[bu] 2
-Only available in OneDrive for Business and SharePoint.
-.RE
-.RE
-.SS --onedrive-link-type
-.PP
+
+- Config:      link_scope
+- Env Var:     RCLONE_ONEDRIVE_LINK_SCOPE
+- Type:        string
+- Default:     \[dq]anonymous\[dq]
+- Examples:
+    - \[dq]anonymous\[dq]
+        - Anyone with the link has access, without needing to sign in.
+        - This may include people outside of your organization.
+        - Anonymous link support may be disabled by an administrator.
+    - \[dq]organization\[dq]
+        - Anyone signed into your organization (tenant) can use the link to get access.
+        - Only available in OneDrive for Business and SharePoint.
+
+#### --onedrive-link-type
+
 Set the type of the links created by the link command.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: link_type
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_LINK_TYPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]view\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]view\[dq]
-.RS 2
-.IP \[bu] 2
-Creates a read-only link to the item.
-.RE
-.IP \[bu] 2
-\[dq]edit\[dq]
-.RS 2
-.IP \[bu] 2
-Creates a read-write link to the item.
-.RE
-.IP \[bu] 2
-\[dq]embed\[dq]
-.RS 2
-.IP \[bu] 2
-Creates an embeddable link to the item.
-.RE
-.RE
-.SS --onedrive-link-password
-.PP
+
+- Config:      link_type
+- Env Var:     RCLONE_ONEDRIVE_LINK_TYPE
+- Type:        string
+- Default:     \[dq]view\[dq]
+- Examples:
+    - \[dq]view\[dq]
+        - Creates a read-only link to the item.
+    - \[dq]edit\[dq]
+        - Creates a read-write link to the item.
+    - \[dq]embed\[dq]
+        - Creates an embeddable link to the item.
+
+#### --onedrive-link-password
+
 Set the password for links created by the link command.
-.PP
-At the time of writing this only works with OneDrive personal paid
-accounts.
-.PP
+
+At the time of writing this only works with OneDrive personal paid accounts.
+
+
 Properties:
-.IP \[bu] 2
-Config: link_password
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_LINK_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --onedrive-hash-type
-.PP
+
+- Config:      link_password
+- Env Var:     RCLONE_ONEDRIVE_LINK_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --onedrive-hash-type
+
 Specify the hash in use for the backend.
-.PP
-This specifies the hash type in use.
-If set to \[dq]auto\[dq] it will use the default hash which is is
-QuickXorHash.
-.PP
+
+This specifies the hash type in use. If set to \[dq]auto\[dq] it will use the
+default hash which is QuickXorHash.
+
 Before rclone 1.62 an SHA1 hash was used by default for Onedrive
-Personal.
-For 1.62 and later the default is to use a QuickXorHash for all onedrive
-types.
-If an SHA1 hash is desired then set this option accordingly.
-.PP
-From July 2023 QuickXorHash will be the only available hash for both
-OneDrive for Business and OneDriver Personal.
-.PP
+Personal. For 1.62 and later the default is to use a QuickXorHash for
+all onedrive types. If an SHA1 hash is desired then set this option
+accordingly.
+
+From July 2023 QuickXorHash will be the only available hash for
+both OneDrive for Business and OneDriver Personal.
+
 This can be set to \[dq]none\[dq] to not use any hashes.
-.PP
-If the hash requested does not exist on the object, it will be returned
-as an empty string which is treated as a missing hash by rclone.
-.PP
+
+If the hash requested does not exist on the object, it will be
+returned as an empty string which is treated as a missing hash by
+rclone.
+
+
+Properties:
+
+- Config:      hash_type
+- Env Var:     RCLONE_ONEDRIVE_HASH_TYPE
+- Type:        string
+- Default:     \[dq]auto\[dq]
+- Examples:
+    - \[dq]auto\[dq]
+        - Rclone chooses the best hash
+    - \[dq]quickxor\[dq]
+        - QuickXor
+    - \[dq]sha1\[dq]
+        - SHA1
+    - \[dq]sha256\[dq]
+        - SHA256
+    - \[dq]crc32\[dq]
+        - CRC32
+    - \[dq]none\[dq]
+        - None - don\[aq]t use any hashes
+
+#### --onedrive-av-override
+
+Allows download of files the server thinks has a virus.
+
+The onedrive/sharepoint server may check files uploaded with an Anti
+Virus checker. If it detects any potential viruses or malware it will
+block download of the file.
+
+In this case you will see a message like this
+
+    server reports this file is infected with a virus - use --onedrive-av-override to download anyway: Infected (name of virus): 403 Forbidden: 
+
+If you are 100% sure you want to download this file anyway then use
+the --onedrive-av-override flag, or av_override = true in the config
+file.
+
+
 Properties:
-.IP \[bu] 2
-Config: hash_type
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_HASH_TYPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]auto\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]auto\[dq]
-.RS 2
-.IP \[bu] 2
-Rclone chooses the best hash
-.RE
-.IP \[bu] 2
-\[dq]quickxor\[dq]
-.RS 2
-.IP \[bu] 2
-QuickXor
-.RE
-.IP \[bu] 2
-\[dq]sha1\[dq]
-.RS 2
-.IP \[bu] 2
-SHA1
-.RE
-.IP \[bu] 2
-\[dq]sha256\[dq]
-.RS 2
-.IP \[bu] 2
-SHA256
-.RE
-.IP \[bu] 2
-\[dq]crc32\[dq]
-.RS 2
-.IP \[bu] 2
-CRC32
-.RE
-.IP \[bu] 2
-\[dq]none\[dq]
-.RS 2
-.IP \[bu] 2
-None - don\[aq]t use any hashes
-.RE
-.RE
-.SS --onedrive-encoding
-.PP
+
+- Config:      av_override
+- Env Var:     RCLONE_ONEDRIVE_AV_OVERRIDE
+- Type:        bool
+- Default:     false
+
+#### --onedrive-delta
+
+If set rclone will use delta listing to implement recursive listings.
+
+If this flag is set the the onedrive backend will advertise \[ga]ListR\[ga]
+support for recursive listings.
+
+Setting this flag speeds up these things greatly:
+
+    rclone lsf -R onedrive:
+    rclone size onedrive:
+    rclone rc vfs/refresh recursive=true
+
+**However** the delta listing API **only** works at the root of the
+drive. If you use it not at the root then it recurses from the root
+and discards all the data that is not under the directory you asked
+for. So it will be correct but may not be very efficient.
+
+This is why this flag is not set as the default.
+
+As a rule of thumb if nearly all of your data is under rclone\[aq]s root
+directory (the \[ga]root/directory\[ga] in \[ga]onedrive:root/directory\[ga]) then
+using this flag will be be a big performance win. If your data is
+mostly not under the root then using this flag will be a big
+performance loss.
+
+It is recommended if you are mounting your onedrive at the root
+(or near the root when using crypt) and using rclone \[ga]rc vfs/refresh\[ga].
+
+
+Properties:
+
+- Config:      delta
+- Env Var:     RCLONE_ONEDRIVE_DELTA
+- Type:        bool
+- Default:     false
+
+#### --onedrive-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_ONEDRIVE_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default:
-Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot
-.SS Limitations
-.PP
-If you don\[aq]t use rclone for 90 days the refresh token will expire.
-This will result in authorization problems.
-This is easy to fix by running the
-\f[C]rclone config reconnect remote:\f[R] command to get a new token and
-refresh token.
-.SS Naming
-.PP
-Note that OneDrive is case insensitive so you can\[aq]t have a file
-called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_ONEDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+If you don\[aq]t use rclone for 90 days the refresh token will
+expire. This will result in authorization problems. This is easy to
+fix by running the \[ga]rclone config reconnect remote:\[ga] command to get a
+new token and refresh token.
+
+### Naming
+
+Note that OneDrive is case insensitive so you can\[aq]t have a
+file called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
+
 There are quite a few characters that can\[aq]t be in OneDrive file
-names.
-These can\[aq]t occur on Windows platforms, but on non-Windows platforms
-they are common.
-Rclone will map these names to and from an identical looking unicode
-equivalent.
-For example if a file has a \f[C]?\f[R] in it will be mapped to
-\f[C]\[uFF1F]\f[R] instead.
-.SS File sizes
-.PP
-The largest allowed file size is 250 GiB for both OneDrive Personal and
-OneDrive for Business (Updated 13 Jan
-2021) (https://support.microsoft.com/en-us/office/invalid-file-names-and-file-types-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa?ui=en-us&rs=en-us&ad=us#individualfilesize).
-.SS Path length
-.PP
-The entire path, including the file name, must contain fewer than 400
-characters for OneDrive, OneDrive for Business and SharePoint Online.
-If you are encrypting file and folder names with rclone, you may want to
-pay attention to this limitation because the encrypted names are
-typically longer than the original ones.
-.SS Number of files
-.PP
+names.  These can\[aq]t occur on Windows platforms, but on non-Windows
+platforms they are common.  Rclone will map these names to and from an
+identical looking unicode equivalent.  For example if a file has a \[ga]?\[ga]
+in it will be mapped to \[ga]\[uFF1F]\[ga] instead.
+
+### File sizes
+
+The largest allowed file size is 250 GiB for both OneDrive Personal and OneDrive for Business [(Updated 13 Jan 2021)](https://support.microsoft.com/en-us/office/invalid-file-names-and-file-types-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa?ui=en-us&rs=en-us&ad=us#individualfilesize).
+
+### Path length
+
+The entire path, including the file name, must contain fewer than 400 characters for OneDrive, OneDrive for Business and SharePoint Online. If you are encrypting file and folder names with rclone, you may want to pay attention to this limitation because the encrypted names are typically longer than the original ones.
+
+### Number of files
+
 OneDrive seems to be OK with at least 50,000 files in a folder, but at
-100,000 rclone will get errors listing the directory like
-\f[C]couldn\[cq]t list files: UnknownError:\f[R].
-See #2707 (https://github.com/rclone/rclone/issues/2707) for more info.
-.PP
-An official document about the limitations for different types of
-OneDrive can be found
-here (https://support.office.com/en-us/article/invalid-file-names-and-file-types-in-onedrive-onedrive-for-business-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa).
-.SS Versions
-.PP
+100,000 rclone will get errors listing the directory like \[ga]couldn\[cq]t
+list files: UnknownError:\[ga].  See
+[#2707](https://github.com/rclone/rclone/issues/2707) for more info.
+
+An official document about the limitations for different types of OneDrive can be found [here](https://support.office.com/en-us/article/invalid-file-names-and-file-types-in-onedrive-onedrive-for-business-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa).
+
+## Versions
+
 Every change in a file OneDrive causes the service to create a new
-version of the file.
-This counts against a users quota.
-For example changing the modification time of a file creates a second
+version of the file.  This counts against a users quota.  For
+example changing the modification time of a file creates a second
 version, so the file apparently uses twice the space.
-.PP
-For example the \f[C]copy\f[R] command is affected by this as rclone
-copies the file and then afterwards sets the modification time to match
-the source file which uses another version.
-.PP
-You can use the \f[C]rclone cleanup\f[R] command (see below) to remove
-all old versions.
-.PP
-Or you can set the \f[C]no_versions\f[R] parameter to \f[C]true\f[R] and
-rclone will remove versions after operations which create new versions.
-This takes extra transactions so only enable it if you need it.
-.PP
-\f[B]Note\f[R] At the time of writing Onedrive Personal creates versions
+
+For example the \[ga]copy\[ga] command is affected by this as rclone copies
+the file and then afterwards sets the modification time to match the
+source file which uses another version.
+
+You can use the \[ga]rclone cleanup\[ga] command (see below) to remove all old
+versions.
+
+Or you can set the \[ga]no_versions\[ga] parameter to \[ga]true\[ga] and rclone will
+remove versions after operations which create new versions. This takes
+extra transactions so only enable it if you need it.
+
+**Note** At the time of writing Onedrive Personal creates versions
 (but not for setting the modification time) but the API for removing
-them returns \[dq]API not found\[dq] so cleanup and
-\f[C]no_versions\f[R] should not be used on Onedrive Personal.
-.SS Disabling versioning
-.PP
-Starting October 2018, users will no longer be able to disable
-versioning by default.
-This is because Microsoft has brought an
-update (https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/New-Updates-to-OneDrive-and-SharePoint-Team-Site-Versioning/ba-p/204390)
-to the mechanism.
-To change this new default setting, a PowerShell command is required to
-be run by a SharePoint admin.
-If you are an admin, you can run these commands in PowerShell to change
-that setting:
-.IP "1." 3
-\f[C]Install-Module -Name Microsoft.Online.SharePoint.PowerShell\f[R]
-(in case you haven\[aq]t installed this already)
-.IP "2." 3
-\f[C]Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking\f[R]
-.IP "3." 3
-\f[C]Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU\[at]YOURSITE.COM\f[R]
-(replacing \f[C]YOURSITE\f[R], \f[C]YOU\f[R], \f[C]YOURSITE.COM\f[R]
-with the actual values; this will prompt for your credentials)
-.IP "4." 3
-\f[C]Set-SPOTenant -EnableMinimumVersionRequirement $False\f[R]
-.IP "5." 3
-\f[C]Disconnect-SPOService\f[R] (to disconnect from the server)
-.PP
-\f[I]Below are the steps for normal users to disable versioning. If you
-don\[aq]t see the \[dq]No Versioning\[dq] option, make sure the above
-requirements are met.\f[R]
-.PP
-User Weropol (https://github.com/Weropol) has found a method to disable
+them returns \[dq]API not found\[dq] so cleanup and \[ga]no_versions\[ga] should not
+be used on Onedrive Personal.
+
+### Disabling versioning
+
+Starting October 2018, users will no longer be able to
+disable versioning by default. This is because Microsoft has brought
+an
+[update](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/New-Updates-to-OneDrive-and-SharePoint-Team-Site-Versioning/ba-p/204390)
+to the mechanism. To change this new default setting, a PowerShell
+command is required to be run by a SharePoint admin. If you are an
+admin, you can run these commands in PowerShell to change that
+setting:
+
+1. \[ga]Install-Module -Name Microsoft.Online.SharePoint.PowerShell\[ga] (in case you haven\[aq]t installed this already)
+2. \[ga]Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking\[ga]
+3. \[ga]Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU\[at]YOURSITE.COM\[ga] (replacing \[ga]YOURSITE\[ga], \[ga]YOU\[ga], \[ga]YOURSITE.COM\[ga] with the actual values; this will prompt for your credentials)
+4. \[ga]Set-SPOTenant -EnableMinimumVersionRequirement $False\[ga]
+5. \[ga]Disconnect-SPOService\[ga] (to disconnect from the server)
+
+*Below are the steps for normal users to disable versioning. If you don\[aq]t see the \[dq]No Versioning\[dq] option, make sure the above requirements are met.*
+
+User [Weropol](https://github.com/Weropol) has found a method to disable
 versioning on OneDrive
-.IP "1." 3
-Open the settings menu by clicking on the gear symbol at the top of the
-OneDrive Business page.
-.IP "2." 3
-Click Site settings.
-.IP "3." 3
-Once on the Site settings page, navigate to Site Administration > Site
-libraries and lists.
-.IP "4." 3
-Click Customize \[dq]Documents\[dq].
-.IP "5." 3
-Click General Settings > Versioning Settings.
-.IP "6." 3
-Under Document Version History select the option No versioning.
-Note: This will disable the creation of new file versions, but will not
-remove any previous versions.
-Your documents are safe.
-.IP "7." 3
-Apply the changes by clicking OK.
-.IP "8." 3
-Use rclone to upload or modify files.
-(I also use the --no-update-modtime flag)
-.IP "9." 3
-Restore the versioning settings after using rclone.
-(Optional)
-.SS Cleanup
-.PP
-OneDrive supports \f[C]rclone cleanup\f[R] which causes rclone to look
-through every file under the path supplied and delete all version but
-the current version.
-Because this involves traversing all the files, then querying each file
-for versions it can be quite slow.
-Rclone does \f[C]--checkers\f[R] tests in parallel.
-The command also supports \f[C]--interactive\f[R]/\f[C]i\f[R] or
-\f[C]--dry-run\f[R] which is a great way to see what it would do.
-.IP
-.nf
-\f[C]
-rclone cleanup --interactive remote:path/subdir # interactively remove all old version for path/subdir
-rclone cleanup remote:path/subdir               # unconditionally remove all old version for path/subdir
-\f[R]
-.fi
-.PP
-\f[B]NB\f[R] Onedrive personal can\[aq]t currently delete versions
-.SS Troubleshooting
-.SS Excessive throttling or blocked on SharePoint
-.PP
-If you experience excessive throttling or is being blocked on SharePoint
-then it may help to set the user agent explicitly with a flag like this:
-\f[C]--user-agent \[dq]ISV|rclone.org|rclone/v1.55.1\[dq]\f[R]
-.PP
-The specific details can be found in the Microsoft document: Avoid
-getting throttled or blocked in SharePoint
-Online (https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic-to-avoid-throttling)
-.SS Unexpected file size/hash differences on Sharepoint
-.PP
-It is a
-known (https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631)
-issue that Sharepoint (not OneDrive or OneDrive for Business) silently
-modifies uploaded files, mainly Office files (.docx, .xlsx, etc.),
-causing file size and hash checks to fail.
-There are also other situations that will cause OneDrive to report
-inconsistent file sizes.
-To use rclone with such affected files on Sharepoint, you may disable
-these checks with the following command line arguments:
-.IP
-.nf
-\f[C]
---ignore-checksum --ignore-size
-\f[R]
-.fi
-.PP
-Alternatively, if you have write access to the OneDrive files, it may be
-possible to fix this problem for certain files, by attempting the steps
-below.
-Open the web interface for OneDrive (https://onedrive.live.com) and find
-the affected files (which will be in the error messages/log for rclone).
-Simply click on each of these files, causing OneDrive to open them on
-the web.
-This will cause each file to be converted in place to a format that is
-functionally equivalent but which will no longer trigger the size
-discrepancy.
-Once all problematic files are converted you will no longer need the
-ignore options above.
-.SS Replacing/deleting existing files on Sharepoint gets \[dq]item not found\[dq]
-.PP
+
+1. Open the settings menu by clicking on the gear symbol at the top of the OneDrive Business page.
+2. Click Site settings.
+3. Once on the Site settings page, navigate to Site Administration > Site libraries and lists.
+4. Click Customize \[dq]Documents\[dq].
+5. Click General Settings > Versioning Settings.
+6. Under Document Version History select the option No versioning.
+Note: This will disable the creation of new file versions, but will not remove any previous versions. Your documents are safe.
+7. Apply the changes by clicking OK.
+8. Use rclone to upload or modify files. (I also use the --no-update-modtime flag)
+9. Restore the versioning settings after using rclone. (Optional)
+
+## Cleanup
+
+OneDrive supports \[ga]rclone cleanup\[ga] which causes rclone to look through
+every file under the path supplied and delete all version but the
+current version. Because this involves traversing all the files, then
+querying each file for versions it can be quite slow. Rclone does
+\[ga]--checkers\[ga] tests in parallel. The command also supports \[ga]--interactive\[ga]/\[ga]i\[ga]
+or \[ga]--dry-run\[ga] which is a great way to see what it would do.
+
+    rclone cleanup --interactive remote:path/subdir # interactively remove all old version for path/subdir
+    rclone cleanup remote:path/subdir               # unconditionally remove all old version for path/subdir
+
+**NB** Onedrive personal can\[aq]t currently delete versions
+
+## Troubleshooting ##
+
+### Excessive throttling or blocked on SharePoint
+
+If you experience excessive throttling or is being blocked on SharePoint then it may help to set the user agent explicitly with a flag like this: \[ga]--user-agent \[dq]ISV|rclone.org|rclone/v1.55.1\[dq]\[ga]
+
+The specific details can be found in the Microsoft document: [Avoid getting throttled or blocked in SharePoint Online](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic-to-avoid-throttling)
+
+### Unexpected file size/hash differences on Sharepoint ####
+
 It is a
-known (https://github.com/OneDrive/onedrive-api-docs/issues/1068) issue
-that Sharepoint (not OneDrive or OneDrive for Business) may return
-\[dq]item not found\[dq] errors when users try to replace or delete
-uploaded files; this seems to mainly affect Office files (.docx, .xlsx,
-etc.) and web files (.html, .aspx, etc.).
-As a workaround, you may use the \f[C]--backup-dir <BACKUP_DIR>\f[R]
-command line argument so rclone moves the files to be replaced/deleted
-into a given backup directory (instead of directly replacing/deleting
-them).
-For example, to instruct rclone to move the files into the directory
-\f[C]rclone-backup-dir\f[R] on backend \f[C]mysharepoint\f[R], you may
-use:
-.IP
-.nf
-\f[C]
---backup-dir mysharepoint:rclone-backup-dir
-\f[R]
-.fi
-.SS access_denied (AADSTS65005)
-.IP
-.nf
-\f[C]
-Error: access_denied
-Code: AADSTS65005
-Description: Using application \[aq]rclone\[aq] is currently not supported for your organization [YOUR_ORGANIZATION] because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of [YOUR_ORGANIZATION] before the application rclone can be provisioned.
-\f[R]
-.fi
-.PP
-This means that rclone can\[aq]t use the OneDrive for Business API with
-your account.
-You can\[aq]t do much about it, maybe write an email to your admins.
-.PP
-However, there are other ways to interact with your OneDrive account.
-Have a look at the WebDAV backend: https://rclone.org/webdav/#sharepoint
-.SS invalid_grant (AADSTS50076)
-.IP
-.nf
-\f[C]
-Error: invalid_grant
-Code: AADSTS50076
-Description: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access \[aq]...\[aq].
-\f[R]
-.fi
-.PP
-If you see the error above after enabling multi-factor authentication
-for your account, you can fix it by refreshing your OAuth refresh token.
-To do that, run \f[C]rclone config\f[R], and choose to edit your
-OneDrive backend.
-Then, you don\[aq]t need to actually make any changes until you reach
-this question: \f[C]Already have a token - refresh?\f[R].
-For this question, answer \f[C]y\f[R] and go through the process to
-refresh your token, just like the first time the backend is configured.
-After this, rclone should work again for this backend.
-.SS Invalid request when making public links
-.PP
-On Sharepoint and OneDrive for Business, \f[C]rclone link\f[R] may
-return an \[dq]Invalid request\[dq] error.
-A possible cause is that the organisation admin didn\[aq]t allow public
-links to be made for the organisation/sharepoint library.
-To fix the permissions as an admin, take a look at the docs:
-1 (https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off),
-2 (https://support.microsoft.com/en-us/office/set-up-and-manage-access-requests-94b26e0b-2822-49d4-929a-8455698654b3).
-.SS Can not access \f[C]Shared\f[R] with me files
-.PP
-Shared with me files is not supported by rclone
-currently (https://github.com/rclone/rclone/issues/4062), but there is a
-workaround:
-.IP "1." 3
-Visit https://onedrive.live.com (https://onedrive.live.com/)
-.IP "2." 3
-Right click a item in \f[C]Shared\f[R], then click
-\f[C]Add shortcut to My files\f[R] in the context
-[IMAGE: make_shortcut (https://user-images.githubusercontent.com/60313789/206118040-7e762b3b-aa61-41a1-8649-cc18889f3572.png)]
-.IP "3." 3
-The shortcut will appear in \f[C]My files\f[R], you can access it with
-rclone, it behaves like a normal folder/file.
-[IMAGE: in_my_files (https://i.imgur.com/0S8H3li.png)]
-[IMAGE: rclone_mount (https://i.imgur.com/2Iq66sW.png)]
-.SS Live Photos uploaded from iOS (small video clips in .heic files)
-.PP
-The iOS OneDrive app introduced upload and
-storage (https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/live-photos-come-to-onedrive/ba-p/1953452)
-of Live Photos (https://support.apple.com/en-gb/HT207310) in 2020.
-The usage and download of these uploaded Live Photos is unfortunately
-still work-in-progress and this introduces several issues when copying,
-synchronising and mounting \[en] both in rclone and in the native
-OneDrive client on Windows.
-.PP
-The root cause can easily be seen if you locate one of your Live Photos
-in the OneDrive web interface.
-Then download the photo from the web interface.
-You will then see that the size of downloaded .heic file is smaller than
-the size displayed in the web interface.
-The downloaded file is smaller because it only contains a single frame
-(still photo) extracted from the Live Photo (movie) stored in OneDrive.
-.PP
-The different sizes will cause \f[C]rclone copy/sync\f[R] to repeatedly
-recopy unmodified photos something like this:
-.IP
-.nf
-\f[C]
-DEBUG : 20230203_123826234_iOS.heic: Sizes differ (src 4470314 vs dst 1298667)
-DEBUG : 20230203_123826234_iOS.heic: sha1 = fc2edde7863b7a7c93ca6771498ac797f8460750 OK
-INFO  : 20230203_123826234_iOS.heic: Copied (replaced existing)
+[known](https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631)
+issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies
+uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and
+hash checks to fail. There are also other situations that will cause OneDrive to
+report inconsistent file sizes. To use rclone with such
+affected files on Sharepoint, you
+may disable these checks with the following command line arguments:
 \f[R]
 .fi
 .PP
-These recopies can be worked around by adding \f[C]--ignore-size\f[R].
-Please note that this workaround only syncs the still-picture not the
-movie clip, and relies on modification dates being correctly updated on
-all files in all situations.
-.PP
-The different sizes will also cause \f[C]rclone check\f[R] to report
-size errors something like this:
+--ignore-checksum --ignore-size
 .IP
 .nf
 \f[C]
-ERROR : 20230203_123826234_iOS.heic: sizes differ
+Alternatively, if you have write access to the OneDrive files, it may be possible
+to fix this problem for certain files, by attempting the steps below.
+Open the web interface for [OneDrive](https://onedrive.live.com) and find the
+affected files (which will be in the error messages/log for rclone). Simply click on
+each of these files, causing OneDrive to open them on the web. This will cause each
+file to be converted in place to a format that is functionally equivalent
+but which will no longer trigger the size discrepancy. Once all problematic files
+are converted you will no longer need the ignore options above.
+
+### Replacing/deleting existing files on Sharepoint gets \[dq]item not found\[dq] ####
+
+It is a [known](https://github.com/OneDrive/onedrive-api-docs/issues/1068) issue
+that Sharepoint (not OneDrive or OneDrive for Business) may return \[dq]item not
+found\[dq] errors when users try to replace or delete uploaded files; this seems to
+mainly affect Office files (.docx, .xlsx, etc.) and web files (.html, .aspx, etc.). As a workaround, you may use
+the \[ga]--backup-dir <BACKUP_DIR>\[ga] command line argument so rclone moves the
+files to be replaced/deleted into a given backup directory (instead of directly
+replacing/deleting them). For example, to instruct rclone to move the files into
+the directory \[ga]rclone-backup-dir\[ga] on backend \[ga]mysharepoint\[ga], you may use:
 \f[R]
 .fi
 .PP
-These check errors can be suppressed by adding \f[C]--ignore-size\f[R].
-.PP
-The different sizes will also cause \f[C]rclone mount\f[R] to fail
-downloading with an error something like this:
+--backup-dir mysharepoint:rclone-backup-dir
 .IP
 .nf
 \f[C]
-ERROR : 20230203_123826234_iOS.heic: ReadFileHandle.Read error: low level retry 1/10: unexpected EOF
+### access\[rs]_denied (AADSTS65005) ####
 \f[R]
 .fi
 .PP
-or like this when using \f[C]--cache-mode=full\f[R]:
+Error: access_denied Code: AADSTS65005 Description: Using application
+\[aq]rclone\[aq] is currently not supported for your organization
+[YOUR_ORGANIZATION] because it is in an unmanaged state.
+An administrator needs to claim ownership of the company by DNS
+validation of [YOUR_ORGANIZATION] before the application rclone can be
+provisioned.
 .IP
 .nf
 \f[C]
-INFO  : 20230203_123826234_iOS.heic: vfs cache: downloader: error count now 1: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
-ERROR : 20230203_123826234_iOS.heic: vfs cache: failed to download: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
+This means that rclone can\[aq]t use the OneDrive for Business API with your account. You can\[aq]t do much about it, maybe write an email to your admins.
+
+However, there are other ways to interact with your OneDrive account. Have a look at the WebDAV backend: https://rclone.org/webdav/#sharepoint
+
+### invalid\[rs]_grant (AADSTS50076) ####
 \f[R]
 .fi
-.SH OpenDrive
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
 .PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
+Error: invalid_grant Code: AADSTS50076 Description: Due to a
+configuration change made by your administrator, or because you moved to
+a new location, you must use multi-factor authentication to access
+\[aq]...\[aq].
 .IP
 .nf
 \f[C]
- rclone config
-\f[R]
-.fi
-.PP
+If you see the error above after enabling multi-factor authentication for your account, you can fix it by refreshing your OAuth refresh token. To do that, run \[ga]rclone config\[ga], and choose to edit your OneDrive backend. Then, you don\[aq]t need to actually make any changes until you reach this question: \[ga]Already have a token - refresh?\[ga]. For this question, answer \[ga]y\[ga] and go through the process to refresh your token, just like the first time the backend is configured. After this, rclone should work again for this backend.
+
+### Invalid request when making public links ####
+
+On Sharepoint and OneDrive for Business, \[ga]rclone link\[ga] may return an \[dq]Invalid
+request\[dq] error. A possible cause is that the organisation admin didn\[aq]t allow
+public links to be made for the organisation/sharepoint library. To fix the
+permissions as an admin, take a look at the docs:
+[1](https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off),
+[2](https://support.microsoft.com/en-us/office/set-up-and-manage-access-requests-94b26e0b-2822-49d4-929a-8455698654b3).
+
+### Can not access \[ga]Shared\[ga] with me files
+
+Shared with me files is not supported by rclone [currently](https://github.com/rclone/rclone/issues/4062), but there is a workaround:
+
+1. Visit [https://onedrive.live.com](https://onedrive.live.com/)
+2. Right click a item in \[ga]Shared\[ga], then click \[ga]Add shortcut to My files\[ga] in the context
+    ![make_shortcut](https://user-images.githubusercontent.com/60313789/206118040-7e762b3b-aa61-41a1-8649-cc18889f3572.png \[dq]Screenshot (Shared with me)\[dq])
+3. The shortcut will appear in \[ga]My files\[ga], you can access it with rclone, it behaves like a normal folder/file.
+    ![in_my_files](https://i.imgur.com/0S8H3li.png \[dq]Screenshot (My Files)\[dq])
+    ![rclone_mount](https://i.imgur.com/2Iq66sW.png \[dq]Screenshot (rclone mount)\[dq])
+
+### Live Photos uploaded from iOS (small video clips in .heic files)
+
+The iOS OneDrive app introduced [upload and storage](https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/live-photos-come-to-onedrive/ba-p/1953452) 
+of [Live Photos](https://support.apple.com/en-gb/HT207310) in 2020. 
+The usage and download of these uploaded Live Photos is unfortunately still work-in-progress 
+and this introduces several issues when copying, synchronising and mounting \[en] both in rclone and in the native OneDrive client on Windows.
+
+The root cause can easily be seen if you locate one of your Live Photos in the OneDrive web interface. 
+Then download the photo from the web interface. You will then see that the size of downloaded .heic file is smaller than the size displayed in the web interface. 
+The downloaded file is smaller because it only contains a single frame (still photo) extracted from the Live Photo (movie) stored in OneDrive.
+
+The different sizes will cause \[ga]rclone copy/sync\[ga] to repeatedly recopy unmodified photos something like this:
+
+    DEBUG : 20230203_123826234_iOS.heic: Sizes differ (src 4470314 vs dst 1298667)
+    DEBUG : 20230203_123826234_iOS.heic: sha1 = fc2edde7863b7a7c93ca6771498ac797f8460750 OK
+    INFO  : 20230203_123826234_iOS.heic: Copied (replaced existing)
+
+These recopies can be worked around by adding \[ga]--ignore-size\[ga]. Please note that this workaround only syncs the still-picture not the movie clip, 
+and relies on modification dates being correctly updated on all files in all situations.
+
+The different sizes will also cause \[ga]rclone check\[ga] to report size errors something like this:
+
+    ERROR : 20230203_123826234_iOS.heic: sizes differ
+
+These check errors can be suppressed by adding \[ga]--ignore-size\[ga].
+
+The different sizes will also cause \[ga]rclone mount\[ga] to fail downloading with an error something like this:
+
+    ERROR : 20230203_123826234_iOS.heic: ReadFileHandle.Read error: low level retry 1/10: unexpected EOF
+
+or like this when using \[ga]--cache-mode=full\[ga]:
+
+    INFO  : 20230203_123826234_iOS.heic: vfs cache: downloader: error count now 1: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
+    ERROR : 20230203_123826234_iOS.heic: vfs cache: failed to download: vfs reader: failed to write to cache file: 416 Requested Range Not Satisfiable:
+
+#  OpenDrive
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
 This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-n) New remote
-d) Delete remote
-q) Quit config
-e/n/d/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / OpenDrive
-   \[rs] \[dq]opendrive\[dq]
-[snip]
-Storage> opendrive
-Username
-username>
-Password
-y) Yes type in my own password
-g) Generate random password
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
---------------------
-[remote]
-username =
-password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
 \f[R]
 .fi
-.PP
-List directories in top level of your OpenDrive
+.IP "n)" 3
+New remote
+.IP "o)" 3
+Delete remote
+.IP "p)" 3
+Quit config e/n/d/q> n name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+OpenDrive \ \[dq]opendrive\[dq] [snip] Storage> opendrive Username
+username> Password
+.IP "q)" 3
+Yes type in my own password
+.IP "r)" 3
+Generate random password y/g> y Enter the password: password: Confirm
+the password: password: -------------------- [remote] username =
+password = *** ENCRYPTED *** --------------------
+.IP "s)" 3
+Yes this is OK
+.IP "t)" 3
+Edit this remote
+.IP "u)" 3
+Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+List directories in top level of your OpenDrive
+
+    rclone lsd remote:
+
 List all the files in your OpenDrive
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to an OpenDrive directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Modified time and MD5SUMs
-.PP
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
 OpenDrive allows modification times to be set on objects accurate to 1
-second.
-These will be used to detect whether objects need syncing or not.
-.SS Restricted filename characters
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-NUL
-T}@T{
-0x00
-T}@T{
-\[u2400]
-T}
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-T{
-\[dq]
-T}@T{
-0x22
-T}@T{
-\[uFF02]
-T}
-T{
-*
-T}@T{
-0x2A
-T}@T{
-\[uFF0A]
-T}
-T{
-:
-T}@T{
-0x3A
-T}@T{
-\[uFF1A]
-T}
-T{
-<
-T}@T{
-0x3C
-T}@T{
-\[uFF1C]
-T}
-T{
->
-T}@T{
-0x3E
-T}@T{
-\[uFF1E]
-T}
-T{
-?
-T}@T{
-0x3F
-T}@T{
-\[uFF1F]
-T}
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-T{
-|
-T}@T{
-0x7C
-T}@T{
-\[uFF5C]
-T}
-.TE
-.PP
+second. These will be used to detect whether objects need syncing or
+not.
+
+The MD5 hash algorithm is supported.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | \[u2400]           |
+| /         | 0x2F  | \[uFF0F]          |
+| \[dq]         | 0x22  | \[uFF02]          |
+| *         | 0x2A  | \[uFF0A]          |
+| :         | 0x3A  | \[uFF1A]          |
+| <         | 0x3C  | \[uFF1C]          |
+| >         | 0x3E  | \[uFF1E]          |
+| ?         | 0x3F  | \[uFF1F]          |
+| \[rs]         | 0x5C  | \[uFF3C]          |
+| \[rs]|        | 0x7C  | \[uFF5C]          |
+
 File names can also not begin or end with the following characters.
-These only get replaced if they are the first or last character in the
-name:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-SP
-T}@T{
-0x20
-T}@T{
-\[u2420]
-T}
-T{
-HT
-T}@T{
-0x09
-T}@T{
-\[u2409]
-T}
-T{
-LF
-T}@T{
-0x0A
-T}@T{
-\[u240A]
-T}
-T{
-VT
-T}@T{
-0x0B
-T}@T{
-\[u240B]
-T}
-T{
-CR
-T}@T{
-0x0D
-T}@T{
-\[u240D]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
+These only get replaced if they are the first or last character in the name:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| SP        | 0x20  | \[u2420]           |
+| HT        | 0x09  | \[u2409]           |
+| LF        | 0x0A  | \[u240A]           |
+| VT        | 0x0B  | \[u240B]           |
+| CR        | 0x0D  | \[u240D]           |
+
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
 Here are the Standard options specific to opendrive (OpenDrive).
-.SS --opendrive-username
-.PP
+
+#### --opendrive-username
+
 Username.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: username
-.IP \[bu] 2
-Env Var: RCLONE_OPENDRIVE_USERNAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --opendrive-password
-.PP
+
+- Config:      username
+- Env Var:     RCLONE_OPENDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --opendrive-password
+
 Password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: password
-.IP \[bu] 2
-Env Var: RCLONE_OPENDRIVE_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS Advanced options
-.PP
+
+- Config:      password
+- Env Var:     RCLONE_OPENDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+### Advanced options
+
 Here are the Advanced options specific to opendrive (OpenDrive).
-.SS --opendrive-encoding
-.PP
+
+#### --opendrive-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_OPENDRIVE_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default:
-Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot
-.SS --opendrive-chunk-size
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_OPENDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot
+
+#### --opendrive-chunk-size
+
 Files will be uploaded in chunks this size.
-.PP
-Note that these chunks are buffered in memory so increasing them will
-increase memory use.
-.PP
-Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_OPENDRIVE_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 10Mi
-.SS Limitations
-.PP
-Note that OpenDrive is case insensitive so you can\[aq]t have a file
-called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
+
+Note that these chunks are buffered in memory so increasing them will
+increase memory use.
+
+Properties:
+
+- Config:      chunk_size
+- Env Var:     RCLONE_OPENDRIVE_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     10Mi
+
+
+
+## Limitations
+
+Note that OpenDrive is case insensitive so you can\[aq]t have a
+file called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
+
 There are quite a few characters that can\[aq]t be in OpenDrive file
-names.
-These can\[aq]t occur on Windows platforms, but on non-Windows platforms
-they are common.
-Rclone will map these names to and from an identical looking unicode
-equivalent.
-For example if a file has a \f[C]?\f[R] in it will be mapped to
-\f[C]\[uFF1F]\f[R] instead.
-.PP
-\f[C]rclone about\f[R] is not supported by the OpenDrive backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
-.PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Oracle Object Storage
-.PP
-Oracle Object Storage
-Overview (https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
-.PP
-Oracle Object Storage
-FAQ (https://www.oracle.com/cloud/storage/object-storage/faq/)
-.PP
-Paths are specified as \f[C]remote:bucket\f[R] (or \f[C]remote:\f[R] for
-the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:bucket/path/to/dir\f[R].
-.SS Configuration
-.PP
-Here is an example of making an oracle object storage configuration.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+names.  These can\[aq]t occur on Windows platforms, but on non-Windows
+platforms they are common.  Rclone will map these names to and from an
+identical looking unicode equivalent.  For example if a file has a \[ga]?\[ga]
+in it will be mapped to \[ga]\[uFF1F]\[ga] instead.
+
+\[ga]rclone about\[ga] is not supported by the OpenDrive backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Oracle Object Storage
+- [Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
+- [Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
+- [Oracle Object Storage Limits](https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/oci-object-storage-best-practices.pdf)
+
+Paths are specified as \[ga]remote:bucket\[ga] (or \[ga]remote:\[ga] for the \[ga]lsd\[ga] command.)  You may put subdirectories in 
+too, e.g. \[ga]remote:bucket/path/to/dir\[ga].
+
+Sample command to transfer local artifacts to remote:bucket in oracle object storage:
+
+\[ga]rclone -vvv  --progress --stats-one-line --max-stats-groups 10 --log-format date,time,UTC,longfile --fast-list --buffer-size 256Mi --oos-no-check-bucket --oos-upload-cutoff 10Mi --multi-thread-cutoff 16Mi --multi-thread-streams 3000 --transfers 3000 --checkers 64  --retries 2  --oos-chunk-size 10Mi --oos-upload-concurrency 10000  --oos-attempt-resume-upload --oos-leave-parts-on-error sync ./artifacts  remote:bucket -vv\[ga]
+
+## Configuration
+
+Here is an example of making an oracle object storage configuration. \[ga]rclone config\[ga] walks you 
+through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+
 \f[R]
 .fi
+.IP "n)" 3
+New remote
+.IP "o)" 3
+Delete remote
+.IP "p)" 3
+Rename remote
+.IP "q)" 3
+Copy remote
+.IP "r)" 3
+Set configuration password
+.IP "s)" 3
+Quit config e/n/d/r/c/s/q> n
 .PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> n
-
 Enter name for new remote.
 name> remote
-
+.PP
 Option Storage.
 Type of storage to configure.
 Choose a number from below, or type in your own value.
-[snip]
-XX / Oracle Cloud Infrastructure Object Storage
-   \[rs] (oracleobjectstorage)
-Storage> oracleobjectstorage
-
+[snip] XX / Oracle Cloud Infrastructure Object Storage
+\ (oracleobjectstorage) Storage> oracleobjectstorage
+.PP
 Option provider.
-Choose your Auth Provider
-Choose a number from below, or type in your own string value.
+Choose your Auth Provider Choose a number from below, or type in your
+own string value.
 Press Enter for the default (env_auth).
- 1 / automatically pickup the credentials from runtime(env), first one to provide auth wins
-   \[rs] (env_auth)
-   / use an OCI user and an API key for authentication.
- 2 | you\[cq]ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
-   | https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
-   \[rs] (user_principal_auth)
-   / use instance principals to authorize an instance to make API calls. 
- 3 | each instance has its own identity, and authenticates using the certificates that are read from instance metadata. 
-   | https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
-   \[rs] (instance_principal_auth)
- 4 / use resource principals to make API calls
-   \[rs] (resource_principal_auth)
- 5 / no credentials needed, this is typically for reading public buckets
-   \[rs] (no_auth)
-provider> 2
-
+1 / automatically pickup the credentials from runtime(env), first one to
+provide auth wins \ (env_auth) / use an OCI user and an API key for
+authentication.
+2 | you\[cq]ll need to put in a config file your tenancy OCID, user
+OCID, region, the path, fingerprint to an API key.
+| https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
+\ (user_principal_auth) / use instance principals to authorize an
+instance to make API calls.
+3 | each instance has its own identity, and authenticates using the
+certificates that are read from instance metadata.
+|
+https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
+\ (instance_principal_auth) 4 / use resource principals to make API
+calls \ (resource_principal_auth) 5 / no credentials needed, this is
+typically for reading public buckets \ (no_auth) provider> 2
+.PP
 Option namespace.
-Object storage namespace
-Enter a value.
+Object storage namespace Enter a value.
 namespace> idbamagbg734
-
+.PP
 Option compartment.
-Object storage compartment OCID
-Enter a value.
-compartment> ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
-
+Object storage compartment OCID Enter a value.
+compartment>
+ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
+.PP
 Option region.
-Object storage Region
-Enter a value.
+Object storage Region Enter a value.
 region> us-ashburn-1
-
+.PP
 Option endpoint.
 Endpoint for Object storage API.
 Leave blank to use the default endpoint for the region.
-Enter a value. Press Enter to leave empty.
-endpoint> 
-
+Enter a value.
+Press Enter to leave empty.
+endpoint>
+.PP
 Option config_file.
-Full Path to OCI config file
-Choose a number from below, or type in your own string value.
+Full Path to OCI config file Choose a number from below, or type in your
+own string value.
 Press Enter for the default (\[ti]/.oci/config).
- 1 / oci configuration file location
-   \[rs] (\[ti]/.oci/config)
-config_file> /etc/oci/dev.conf
-
+1 / oci configuration file location \ (\[ti]/.oci/config) config_file>
+/etc/oci/dev.conf
+.PP
 Option config_profile.
-Profile name inside OCI config file
-Choose a number from below, or type in your own string value.
+Profile name inside OCI config file Choose a number from below, or type
+in your own string value.
 Press Enter for the default (Default).
- 1 / Use the default profile
-   \[rs] (Default)
-config_profile> Test
-
+1 / Use the default profile \ (Default) config_profile> Test
+.PP
 Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
-
+y) Yes n) No (default) y/n> n
+.PP
 Configuration complete.
-Options:
-- type: oracleobjectstorage
-- namespace: idbamagbg734
-- compartment: ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
-- region: us-ashburn-1
-- provider: user_principal_auth
-- config_file: /etc/oci/dev.conf
-- config_profile: Test
-Keep this \[dq]remote\[dq] remote?
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
+Options: - type: oracleobjectstorage - namespace: idbamagbg734 -
+compartment:
+ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
+- region: us-ashburn-1 - provider: user_principal_auth - config_file:
+/etc/oci/dev.conf - config_profile: Test Keep this \[dq]remote\[dq]
+remote?
+y) Yes this is OK (default) e) Edit this remote d) Delete this remote
 y/e/d> y
-\f[R]
-.fi
-.PP
-See all buckets
 .IP
 .nf
 \f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+See all buckets
+
+    rclone lsd remote:
+
 Create a new bucket
-.IP
-.nf
-\f[C]
-rclone mkdir remote:bucket
-\f[R]
-.fi
-.PP
+
+    rclone mkdir remote:bucket
+
 List the contents of a bucket
-.IP
-.nf
-\f[C]
-rclone ls remote:bucket
-rclone ls remote:bucket --max-depth 1
-\f[R]
-.fi
-.SS OCI Authentication Provider
-.PP
-OCI has various authentication methods.
-To learn more about authentication methods please refer oci
-authentication
-methods (https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm)
+
+    rclone ls remote:bucket
+    rclone ls remote:bucket --max-depth 1
+
+## Authentication Providers 
+
+OCI has various authentication methods. To learn more about authentication methods please refer [oci authentication 
+methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm) 
 These choices can be specified in the rclone config file.
-.PP
+
 Rclone supports the following OCI authentication provider.
-.IP
-.nf
-\f[C]
-User Principal
-Instance Principal
-Resource Principal
-No authentication
-\f[R]
-.fi
-.SS Authentication provider choice: User Principal
-.PP
+
+    User Principal
+    Instance Principal
+    Resource Principal
+    No authentication
+
+### User Principal
+
 Sample rclone config file for Authentication Provider User Principal:
-.IP
-.nf
-\f[C]
-[oos]
-type = oracleobjectstorage
-namespace = id<redacted>34
-compartment = ocid1.compartment.oc1..aa<redacted>ba
-region = us-ashburn-1
-provider = user_principal_auth
-config_file = /home/opc/.oci/config
-config_profile = Default
-\f[R]
-.fi
-.PP
-Advantages: - One can use this method from any server within OCI or
-on-premises or from other cloud provider.
-.PP
-Considerations: - you need to configure user\[cq]s privileges / policy
-to allow access to object storage - Overhead of managing users and keys.
-- If the user is deleted, the config file will no longer work and may
-cause automation regressions that use the user\[aq]s credentials.
-.SS Authentication provider choice: Instance Principal
-.PP
-An OCI compute instance can be authorized to use rclone by using
-it\[aq]s identity and certificates as an instance principal.
+
+    [oos]
+    type = oracleobjectstorage
+    namespace = id<redacted>34
+    compartment = ocid1.compartment.oc1..aa<redacted>ba
+    region = us-ashburn-1
+    provider = user_principal_auth
+    config_file = /home/opc/.oci/config
+    config_profile = Default
+
+Advantages:
+- One can use this method from any server within OCI or on-premises or from other cloud provider.
+
+Considerations:
+- you need to configure user\[cq]s privileges / policy to allow access to object storage
+- Overhead of managing users and keys.
+- If the user is deleted, the config file will no longer work and may cause automation regressions that use the user\[aq]s credentials.
+
+###  Instance Principal
+
+An OCI compute instance can be authorized to use rclone by using it\[aq]s identity and certificates as an instance principal. 
 With this approach no credentials have to be stored and managed.
-.PP
-Sample rclone configuration file for Authentication Provider Instance
-Principal:
-.IP
-.nf
-\f[C]
-[opc\[at]rclone \[ti]]$ cat \[ti]/.config/rclone/rclone.conf
-[oos]
-type = oracleobjectstorage
-namespace = id<redacted>fn
-compartment = ocid1.compartment.oc1..aa<redacted>k7a
-region = us-ashburn-1
-provider = instance_principal_auth
-\f[R]
-.fi
-.PP
+
+Sample rclone configuration file for Authentication Provider Instance Principal:
+
+    [opc\[at]rclone \[ti]]$ cat \[ti]/.config/rclone/rclone.conf
+    [oos]
+    type = oracleobjectstorage
+    namespace = id<redacted>fn
+    compartment = ocid1.compartment.oc1..aa<redacted>k7a
+    region = us-ashburn-1
+    provider = instance_principal_auth
+
 Advantages:
-.IP \[bu] 2
-With instance principals, you don\[aq]t need to configure user
-credentials and transfer/ save it to disk in your compute instances or
-rotate the credentials.
-.IP \[bu] 2
-You don\[cq]t need to deal with users and keys.
-.IP \[bu] 2
-Greatly helps in automation as you don\[aq]t have to manage access keys,
-user private keys, storing them in vault, using kms etc.
-.PP
+
+- With instance principals, you don\[aq]t need to configure user credentials and transfer/ save it to disk in your compute 
+  instances or rotate the credentials.
+- You don\[cq]t need to deal with users and keys.
+- Greatly helps in automation as you don\[aq]t have to manage access keys, user private keys, storing them in vault, 
+  using kms etc.
+
 Considerations:
-.IP \[bu] 2
-You need to configure a dynamic group having this instance as member and
-add policy to read object storage to that dynamic group.
-.IP \[bu] 2
-Everyone who has access to this machine can execute the CLI commands.
-.IP \[bu] 2
-It is applicable for oci compute instances only.
-It cannot be used on external instance or resources.
-.SS Authentication provider choice: Resource Principal
-.PP
-Resource principal auth is very similar to instance principal auth but
-used for resources that are not compute instances such as serverless
-functions (https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm).
-To use resource principal ensure Rclone process is started with these
-environment variables set in its process.
-.IP
-.nf
-\f[C]
-export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
-export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
-export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
-export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token
-\f[R]
-.fi
-.PP
-Sample rclone configuration file for Authentication Provider Resource
-Principal:
-.IP
-.nf
-\f[C]
-[oos]
-type = oracleobjectstorage
-namespace = id<redacted>34
-compartment = ocid1.compartment.oc1..aa<redacted>ba
-region = us-ashburn-1
-provider = resource_principal_auth
-\f[R]
-.fi
-.SS Authentication provider choice: No authentication
-.PP
-Public buckets do not require any authentication mechanism to read
-objects.
+
+- You need to configure a dynamic group having this instance as member and add policy to read object storage to that 
+  dynamic group.
+- Everyone who has access to this machine can execute the CLI commands.
+- It is applicable for oci compute instances only. It cannot be used on external instance or resources.
+
+### Resource Principal
+
+Resource principal auth is very similar to instance principal auth but used for resources that are not 
+compute instances such as [serverless functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm). 
+To use resource principal ensure Rclone process is started with these environment variables set in its process.
+
+    export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
+    export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
+    export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
+    export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token
+
+Sample rclone configuration file for Authentication Provider Resource Principal:
+
+    [oos]
+    type = oracleobjectstorage
+    namespace = id<redacted>34
+    compartment = ocid1.compartment.oc1..aa<redacted>ba
+    region = us-ashburn-1
+    provider = resource_principal_auth
+
+### No authentication
+
+Public buckets do not require any authentication mechanism to read objects.
 Sample rclone configuration file for No authentication:
-.IP
-.nf
-\f[C]
-[oos]
-type = oracleobjectstorage
-namespace = id<redacted>34
-compartment = ocid1.compartment.oc1..aa<redacted>ba
-region = us-ashburn-1
-provider = no_auth
-\f[R]
-.fi
-.SS Options
-.SS Modified time
-.PP
-The modified time is stored as metadata on the object as
-\f[C]opc-meta-mtime\f[R] as floating point since the epoch, accurate to
-1 ns.
-.PP
-If the modification time needs to be updated rclone will attempt to
-perform a server side copy to update the modification if the object can
-be copied in a single part.
-In the case the object is larger than 5Gb, the object will be uploaded
-rather than copied.
-.PP
-Note that reading this from the object takes an additional
-\f[C]HEAD\f[R] request as the metadata isn\[aq]t returned in object
-listings.
-.SS Multipart uploads
-.PP
+    
+    [oos]
+    type = oracleobjectstorage
+    namespace = id<redacted>34
+    compartment = ocid1.compartment.oc1..aa<redacted>ba
+    region = us-ashburn-1
+    provider = no_auth
+
+### Modification times and hashes
+
+The modification time is stored as metadata on the object as
+\[ga]opc-meta-mtime\[ga] as floating point since the epoch, accurate to 1 ns.
+
+If the modification time needs to be updated rclone will attempt to perform a server
+side copy to update the modification if the object can be copied in a single part.
+In the case the object is larger than 5Gb, the object will be uploaded rather than copied.
+
+Note that reading this from the object takes an additional \[ga]HEAD\[ga] request as the metadata
+isn\[aq]t returned in object listings.
+
+The MD5 hash algorithm is supported.
+
+### Multipart uploads
+
 rclone supports multipart uploads with OOS which means that it can
 upload files bigger than 5 GiB.
-.PP
-Note that files uploaded \f[I]both\f[R] with multipart upload
-\f[I]and\f[R] through crypt remotes do not have MD5 sums.
-.PP
+
+Note that files uploaded *both* with multipart upload *and* through
+crypt remotes do not have MD5 sums.
+
 rclone switches from single part uploads to multipart uploads at the
-point specified by \f[C]--oos-upload-cutoff\f[R].
-This can be a maximum of 5 GiB and a minimum of 0 (ie always upload
-multipart files).
-.PP
+point specified by \[ga]--oos-upload-cutoff\[ga].  This can be a maximum of 5 GiB
+and a minimum of 0 (ie always upload multipart files).
+
 The chunk sizes used in the multipart upload are specified by
-\f[C]--oos-chunk-size\f[R] and the number of chunks uploaded
-concurrently is specified by \f[C]--oos-upload-concurrency\f[R].
-.PP
-Multipart uploads will use \f[C]--transfers\f[R] *
-\f[C]--oos-upload-concurrency\f[R] * \f[C]--oos-chunk-size\f[R] extra
+\[ga]--oos-chunk-size\[ga] and the number of chunks uploaded concurrently is
+specified by \[ga]--oos-upload-concurrency\[ga].
+
+Multipart uploads will use \[ga]--transfers\[ga] * \[ga]--oos-upload-concurrency\[ga] *
+\[ga]--oos-chunk-size\[ga] extra memory.  Single part uploads to not use extra
 memory.
-Single part uploads to not use extra memory.
-.PP
+
 Single part transfers can be faster than multipart transfers or slower
 depending on your latency from oos - the more latency, the more likely
 single part transfers will be faster.
-.PP
-Increasing \f[C]--oos-upload-concurrency\f[R] will increase throughput
-(8 would be a sensible value) and increasing \f[C]--oos-chunk-size\f[R]
-also increases throughput (16M would be sensible).
-Increasing either of these will use more memory.
-The default values are high enough to gain most of the possible
-performance without using too much memory.
-.SS Standard options
-.PP
-Here are the Standard options specific to oracleobjectstorage (Oracle
-Cloud Infrastructure Object Storage).
-.SS --oos-provider
-.PP
+
+Increasing \[ga]--oos-upload-concurrency\[ga] will increase throughput (8 would
+be a sensible value) and increasing \[ga]--oos-chunk-size\[ga] also increases
+throughput (16M would be sensible).  Increasing either of these will
+use more memory.  The default values are high enough to gain most of
+the possible performance without using too much memory.
+
+
+### Standard options
+
+Here are the Standard options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
+
+#### --oos-provider
+
 Choose your Auth Provider
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: provider
-.IP \[bu] 2
-Env Var: RCLONE_OOS_PROVIDER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]env_auth\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]env_auth\[dq]
-.RS 2
-.IP \[bu] 2
-automatically pickup the credentials from runtime(env), first one to
-provide auth wins
-.RE
-.IP \[bu] 2
-\[dq]user_principal_auth\[dq]
-.RS 2
-.IP \[bu] 2
-use an OCI user and an API key for authentication.
-.IP \[bu] 2
-you\[cq]ll need to put in a config file your tenancy OCID, user OCID,
-region, the path, fingerprint to an API key.
-.IP \[bu] 2
-https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
-.RE
-.IP \[bu] 2
-\[dq]instance_principal_auth\[dq]
-.RS 2
-.IP \[bu] 2
-use instance principals to authorize an instance to make API calls.
-.IP \[bu] 2
-each instance has its own identity, and authenticates using the
-certificates that are read from instance metadata.
-.IP \[bu] 2
-https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
-.RE
-.IP \[bu] 2
-\[dq]resource_principal_auth\[dq]
-.RS 2
-.IP \[bu] 2
-use resource principals to make API calls
-.RE
-.IP \[bu] 2
-\[dq]no_auth\[dq]
-.RS 2
-.IP \[bu] 2
-no credentials needed, this is typically for reading public buckets
-.RE
-.RE
-.SS --oos-namespace
-.PP
+
+- Config:      provider
+- Env Var:     RCLONE_OOS_PROVIDER
+- Type:        string
+- Default:     \[dq]env_auth\[dq]
+- Examples:
+    - \[dq]env_auth\[dq]
+        - automatically pickup the credentials from runtime(env), first one to provide auth wins
+    - \[dq]user_principal_auth\[dq]
+        - use an OCI user and an API key for authentication.
+        - you\[cq]ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
+        - https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
+    - \[dq]instance_principal_auth\[dq]
+        - use instance principals to authorize an instance to make API calls. 
+        - each instance has its own identity, and authenticates using the certificates that are read from instance metadata. 
+        - https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
+    - \[dq]resource_principal_auth\[dq]
+        - use resource principals to make API calls
+    - \[dq]no_auth\[dq]
+        - no credentials needed, this is typically for reading public buckets
+
+#### --oos-namespace
+
 Object storage namespace
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: namespace
-.IP \[bu] 2
-Env Var: RCLONE_OOS_NAMESPACE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --oos-compartment
-.PP
+
+- Config:      namespace
+- Env Var:     RCLONE_OOS_NAMESPACE
+- Type:        string
+- Required:    true
+
+#### --oos-compartment
+
 Object storage compartment OCID
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: compartment
-.IP \[bu] 2
-Env Var: RCLONE_OOS_COMPARTMENT
-.IP \[bu] 2
-Provider: !no_auth
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --oos-region
-.PP
+
+- Config:      compartment
+- Env Var:     RCLONE_OOS_COMPARTMENT
+- Provider:    !no_auth
+- Type:        string
+- Required:    true
+
+#### --oos-region
+
 Object storage Region
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_OOS_REGION
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --oos-endpoint
-.PP
+
+- Config:      region
+- Env Var:     RCLONE_OOS_REGION
+- Type:        string
+- Required:    true
+
+#### --oos-endpoint
+
 Endpoint for Object storage API.
-.PP
+
 Leave blank to use the default endpoint for the region.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_OOS_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --oos-config-file
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_OOS_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --oos-config-file
+
 Path to OCI config file
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: config_file
-.IP \[bu] 2
-Env Var: RCLONE_OOS_CONFIG_FILE
-.IP \[bu] 2
-Provider: user_principal_auth
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]\[ti]/.oci/config\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[ti]/.oci/config\[dq]
-.RS 2
-.IP \[bu] 2
-oci configuration file location
-.RE
-.RE
-.SS --oos-config-profile
-.PP
+
+- Config:      config_file
+- Env Var:     RCLONE_OOS_CONFIG_FILE
+- Provider:    user_principal_auth
+- Type:        string
+- Default:     \[dq]\[ti]/.oci/config\[dq]
+- Examples:
+    - \[dq]\[ti]/.oci/config\[dq]
+        - oci configuration file location
+
+#### --oos-config-profile
+
 Profile name inside the oci config file
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: config_profile
-.IP \[bu] 2
-Env Var: RCLONE_OOS_CONFIG_PROFILE
-.IP \[bu] 2
-Provider: user_principal_auth
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]Default\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]Default\[dq]
-.RS 2
-.IP \[bu] 2
-Use the default profile
-.RE
-.RE
-.SS Advanced options
-.PP
-Here are the Advanced options specific to oracleobjectstorage (Oracle
-Cloud Infrastructure Object Storage).
-.SS --oos-storage-tier
-.PP
-The storage class to use when storing new objects in storage.
-https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm
-.PP
+
+- Config:      config_profile
+- Env Var:     RCLONE_OOS_CONFIG_PROFILE
+- Provider:    user_principal_auth
+- Type:        string
+- Default:     \[dq]Default\[dq]
+- Examples:
+    - \[dq]Default\[dq]
+        - Use the default profile
+
+### Advanced options
+
+Here are the Advanced options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
+
+#### --oos-storage-tier
+
+The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm
+
 Properties:
-.IP \[bu] 2
-Config: storage_tier
-.IP \[bu] 2
-Env Var: RCLONE_OOS_STORAGE_TIER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]Standard\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]Standard\[dq]
-.RS 2
-.IP \[bu] 2
-Standard storage tier, this is the default tier
-.RE
-.IP \[bu] 2
-\[dq]InfrequentAccess\[dq]
-.RS 2
-.IP \[bu] 2
-InfrequentAccess storage tier
-.RE
-.IP \[bu] 2
-\[dq]Archive\[dq]
-.RS 2
-.IP \[bu] 2
-Archive storage tier
-.RE
-.RE
-.SS --oos-upload-cutoff
-.PP
+
+- Config:      storage_tier
+- Env Var:     RCLONE_OOS_STORAGE_TIER
+- Type:        string
+- Default:     \[dq]Standard\[dq]
+- Examples:
+    - \[dq]Standard\[dq]
+        - Standard storage tier, this is the default tier
+    - \[dq]InfrequentAccess\[dq]
+        - InfrequentAccess storage tier
+    - \[dq]Archive\[dq]
+        - Archive storage tier
+
+#### --oos-upload-cutoff
+
 Cutoff for switching to chunked upload.
-.PP
+
 Any files larger than this will be uploaded in chunks of chunk_size.
 The minimum is 0 and the maximum is 5 GiB.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_OOS_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 200Mi
-.SS --oos-chunk-size
-.PP
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_OOS_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
+
+#### --oos-chunk-size
+
 Chunk size to use for uploading.
-.PP
+
 When uploading files larger than upload_cutoff or files with unknown
-size (e.g.
-from \[dq]rclone rcat\[dq] or uploaded with \[dq]rclone mount\[dq] or
-google photos or google docs) they will be uploaded as multipart uploads
-using this chunk size.
-.PP
+size (e.g. from \[dq]rclone rcat\[dq] or uploaded with \[dq]rclone mount\[dq] they will be uploaded 
+as multipart uploads using this chunk size.
+
 Note that \[dq]upload_concurrency\[dq] chunks of this size are buffered
 in memory per transfer.
-.PP
+
 If you are transferring large files over high-speed links and you have
 enough memory, then increasing this will speed up the transfers.
-.PP
-Rclone will automatically increase the chunk size when uploading a large
-file of known size to stay below the 10,000 chunks limit.
-.PP
-Files of unknown size are uploaded with the configured chunk_size.
-Since the default chunk size is 5 MiB and there can be at most 10,000
-chunks, this means that by default the maximum size of a file you can
-stream upload is 48 GiB.
-If you wish to stream upload larger files then you will need to increase
-chunk_size.
-.PP
+
+Rclone will automatically increase the chunk size when uploading a
+large file of known size to stay below the 10,000 chunks limit.
+
+Files of unknown size are uploaded with the configured
+chunk_size. Since the default chunk size is 5 MiB and there can be at
+most 10,000 chunks, this means that by default the maximum size of
+a file you can stream upload is 48 GiB.  If you wish to stream upload
+larger files then you will need to increase chunk_size.
+
 Increasing the chunk size decreases the accuracy of the progress
 statistics displayed with \[dq]-P\[dq] flag.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_OOS_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 5Mi
-.SS --oos-upload-concurrency
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_OOS_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Mi
+
+#### --oos-max-upload-parts
+
+Maximum number of parts in a multipart upload.
+
+This option defines the maximum number of multipart chunks to use
+when doing a multipart upload.
+
+OCI has max parts limit of 10,000 chunks.
+
+Rclone will automatically increase the chunk size when uploading a
+large file of a known size to stay below this number of chunks limit.
+
+
+Properties:
+
+- Config:      max_upload_parts
+- Env Var:     RCLONE_OOS_MAX_UPLOAD_PARTS
+- Type:        int
+- Default:     10000
+
+#### --oos-upload-concurrency
+
 Concurrency for multipart uploads.
-.PP
+
 This is the number of chunks of the same file that are uploaded
 concurrently.
-.PP
+
 If you are uploading small numbers of large files over high-speed links
 and these uploads do not fully utilize your bandwidth, then increasing
 this may help to speed up the transfers.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_concurrency
-.IP \[bu] 2
-Env Var: RCLONE_OOS_UPLOAD_CONCURRENCY
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 10
-.SS --oos-copy-cutoff
-.PP
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_OOS_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     10
+
+#### --oos-copy-cutoff
+
 Cutoff for switching to multipart copy.
-.PP
+
 Any files larger than this that need to be server-side copied will be
 copied in chunks of this size.
-.PP
+
 The minimum is 0 and the maximum is 5 GiB.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: copy_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_OOS_COPY_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 4.656Gi
-.SS --oos-copy-timeout
-.PP
+
+- Config:      copy_cutoff
+- Env Var:     RCLONE_OOS_COPY_CUTOFF
+- Type:        SizeSuffix
+- Default:     4.656Gi
+
+#### --oos-copy-timeout
+
 Timeout for copy.
-.PP
-Copy is an asynchronous operation, specify timeout to wait for copy to
-succeed
-.PP
+
+Copy is an asynchronous operation, specify timeout to wait for copy to succeed
+
+
 Properties:
-.IP \[bu] 2
-Config: copy_timeout
-.IP \[bu] 2
-Env Var: RCLONE_OOS_COPY_TIMEOUT
-.IP \[bu] 2
-Type: Duration
-.IP \[bu] 2
-Default: 1m0s
-.SS --oos-disable-checksum
-.PP
+
+- Config:      copy_timeout
+- Env Var:     RCLONE_OOS_COPY_TIMEOUT
+- Type:        Duration
+- Default:     1m0s
+
+#### --oos-disable-checksum
+
 Don\[aq]t store MD5 checksum with object metadata.
-.PP
+
 Normally rclone will calculate the MD5 checksum of the input before
-uploading it so it can add it to metadata on the object.
-This is great for data integrity checking but can cause long delays for
-large files to start uploading.
-.PP
+uploading it so it can add it to metadata on the object. This is great
+for data integrity checking but can cause long delays for large files
+to start uploading.
+
 Properties:
-.IP \[bu] 2
-Config: disable_checksum
-.IP \[bu] 2
-Env Var: RCLONE_OOS_DISABLE_CHECKSUM
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --oos-encoding
-.PP
+
+- Config:      disable_checksum
+- Env Var:     RCLONE_OOS_DISABLE_CHECKSUM
+- Type:        bool
+- Default:     false
+
+#### --oos-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_OOS_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,InvalidUtf8,Dot
-.SS --oos-leave-parts-on-error
-.PP
-If true avoid calling abort upload on a failure, leaving all
-successfully uploaded parts on S3 for manual recovery.
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_OOS_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8,Dot
+
+#### --oos-leave-parts-on-error
+
+If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
+
 It should be set to true for resuming uploads across different sessions.
-.PP
-WARNING: Storing parts of an incomplete multipart upload counts towards
-space usage on object storage and will add additional costs if not
-cleaned up.
-.PP
+
+WARNING: Storing parts of an incomplete multipart upload counts towards space usage on object storage and will add
+additional costs if not cleaned up.
+
+
 Properties:
-.IP \[bu] 2
-Config: leave_parts_on_error
-.IP \[bu] 2
-Env Var: RCLONE_OOS_LEAVE_PARTS_ON_ERROR
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --oos-no-check-bucket
-.PP
+
+- Config:      leave_parts_on_error
+- Env Var:     RCLONE_OOS_LEAVE_PARTS_ON_ERROR
+- Type:        bool
+- Default:     false
+
+#### --oos-attempt-resume-upload
+
+If true attempt to resume previously started multipart upload for the object.
+This will be helpful to speed up multipart transfers by resuming uploads from past session.
+
+WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is 
+aborted and a new multipart upload is started with the new chunk size.
+
+The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
+
+
+Properties:
+
+- Config:      attempt_resume_upload
+- Env Var:     RCLONE_OOS_ATTEMPT_RESUME_UPLOAD
+- Type:        bool
+- Default:     false
+
+#### --oos-no-check-bucket
+
 If set, don\[aq]t attempt to check the bucket exists or create it.
-.PP
+
 This can be useful when trying to minimise the number of transactions
 rclone does if you know the bucket exists already.
-.PP
+
 It can also be needed if the user you are using does not have bucket
 creation permissions.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: no_check_bucket
-.IP \[bu] 2
-Env Var: RCLONE_OOS_NO_CHECK_BUCKET
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --oos-sse-customer-key-file
-.PP
-To use SSE-C, a file containing the base64-encoded string of the AES-256
-encryption key associated with the object.
-Please note only one of
-sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.\[aq]
-.PP
+
+- Config:      no_check_bucket
+- Env Var:     RCLONE_OOS_NO_CHECK_BUCKET
+- Type:        bool
+- Default:     false
+
+#### --oos-sse-customer-key-file
+
+To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
+with the object. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.\[aq]
+
 Properties:
-.IP \[bu] 2
-Config: sse_customer_key_file
-.IP \[bu] 2
-Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_FILE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-None
-.RE
-.RE
-.SS --oos-sse-customer-key
-.PP
-To use SSE-C, the optional header that specifies the base64-encoded
-256-bit encryption key to use to encrypt or decrypt the data.
-Please note only one of
-sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
-For more information, see Using Your Own Keys for Server-Side Encryption
+
+- Config:      sse_customer_key_file
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY_FILE
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - None
+
+#### --oos-sse-customer-key
+
+To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
+encrypt or  decrypt the data. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is
+needed. For more information, see Using Your Own Keys for Server-Side Encryption 
 (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm)
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: sse_customer_key
-.IP \[bu] 2
-Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-None
-.RE
-.RE
-.SS --oos-sse-customer-key-sha256
-.PP
-If using SSE-C, The optional header that specifies the base64-encoded
-SHA256 hash of the encryption key.
-This value is used to check the integrity of the encryption key.
-see Using Your Own Keys for Server-Side Encryption
-(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
-.PP
+
+- Config:      sse_customer_key
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - None
+
+#### --oos-sse-customer-key-sha256
+
+If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
+key. This value is used to check the integrity of the encryption key. see Using Your Own Keys for 
+Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
+
 Properties:
-.IP \[bu] 2
-Config: sse_customer_key_sha256
-.IP \[bu] 2
-Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-None
-.RE
-.RE
-.SS --oos-sse-kms-key-id
-.PP
-if using using your own master key in vault, this header specifies the
-OCID
-(https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm)
-of a master encryption key used to call the Key Management service to
-generate a data encryption key or to encrypt or decrypt a data
-encryption key.
-Please note only one of
-sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
-.PP
+
+- Config:      sse_customer_key_sha256
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - None
+
+#### --oos-sse-kms-key-id
+
+if using your own master key in vault, this header specifies the
+OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
+the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
+Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
+
 Properties:
-.IP \[bu] 2
-Config: sse_kms_key_id
-.IP \[bu] 2
-Env Var: RCLONE_OOS_SSE_KMS_KEY_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-None
-.RE
-.RE
-.SS --oos-sse-customer-algorithm
-.PP
-If using SSE-C, the optional header that specifies \[dq]AES256\[dq] as
-the encryption algorithm.
-Object Storage supports \[dq]AES256\[dq] as the encryption algorithm.
-For more information, see Using Your Own Keys for Server-Side Encryption
-(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
-.PP
+
+- Config:      sse_kms_key_id
+- Env Var:     RCLONE_OOS_SSE_KMS_KEY_ID
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - None
+
+#### --oos-sse-customer-algorithm
+
+If using SSE-C, the optional header that specifies \[dq]AES256\[dq] as the encryption algorithm.
+Object Storage supports \[dq]AES256\[dq] as the encryption algorithm. For more information, see
+Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
+
 Properties:
-.IP \[bu] 2
-Config: sse_customer_algorithm
-.IP \[bu] 2
-Env Var: RCLONE_OOS_SSE_CUSTOMER_ALGORITHM
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-None
-.RE
-.IP \[bu] 2
-\[dq]AES256\[dq]
-.RS 2
-.IP \[bu] 2
-AES256
-.RE
-.RE
-.SS Backend commands
-.PP
+
+- Config:      sse_customer_algorithm
+- Env Var:     RCLONE_OOS_SSE_CUSTOMER_ALGORITHM
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - None
+    - \[dq]AES256\[dq]
+        - AES256
+
+## Backend commands
+
 Here are the commands specific to the oracleobjectstorage backend.
-.PP
+
 Run them with
-.IP
-.nf
-\f[C]
-rclone backend COMMAND remote:
-\f[R]
-.fi
-.PP
+
+    rclone backend COMMAND remote:
+
 The help below will explain what arguments each command takes.
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more info on how to pass options and arguments.
-.PP
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
 These can be run on a running backend using the rc command
-backend/command (https://rclone.org/rc/#backend-command).
-.SS rename
-.PP
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### rename
+
 change the name of an object
-.IP
-.nf
-\f[C]
-rclone backend rename remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend rename remote: [options] [<arguments>+]
+
 This command can be used to rename a object.
-.PP
+
 Usage Examples:
-.IP
-.nf
-\f[C]
-rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name
-\f[R]
-.fi
-.SS list-multipart-uploads
-.PP
+
+    rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name
+
+
+### list-multipart-uploads
+
 List the unfinished multipart uploads
-.IP
-.nf
-\f[C]
-rclone backend list-multipart-uploads remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend list-multipart-uploads remote: [options] [<arguments>+]
+
 This command lists the unfinished multipart uploads in JSON format.
-.IP
-.nf
-\f[C]
-rclone backend list-multipart-uploads oos:bucket/path/to/object
-\f[R]
-.fi
-.PP
+
+    rclone backend list-multipart-uploads oos:bucket/path/to/object
+
 It returns a dictionary of buckets with values as lists of unfinished
 multipart uploads.
-.PP
-You can call it with no bucket in which case it lists all bucket, with a
-bucket or with a bucket and path.
-.IP
-.nf
-\f[C]
-{
-  \[dq]test-bucket\[dq]: [
-            {
-                    \[dq]namespace\[dq]: \[dq]test-namespace\[dq],
-                    \[dq]bucket\[dq]: \[dq]test-bucket\[dq],
-                    \[dq]object\[dq]: \[dq]600m.bin\[dq],
-                    \[dq]uploadId\[dq]: \[dq]51dd8114-52a4-b2f2-c42f-5291f05eb3c8\[dq],
-                    \[dq]timeCreated\[dq]: \[dq]2022-07-29T06:21:16.595Z\[dq],
-                    \[dq]storageTier\[dq]: \[dq]Standard\[dq]
-            }
-    ]
-\f[R]
-.fi
-.SS cleanup
-.PP
+
+You can call it with no bucket in which case it lists all bucket, with
+a bucket or with a bucket and path.
+
+    {
+      \[dq]test-bucket\[dq]: [
+                {
+                        \[dq]namespace\[dq]: \[dq]test-namespace\[dq],
+                        \[dq]bucket\[dq]: \[dq]test-bucket\[dq],
+                        \[dq]object\[dq]: \[dq]600m.bin\[dq],
+                        \[dq]uploadId\[dq]: \[dq]51dd8114-52a4-b2f2-c42f-5291f05eb3c8\[dq],
+                        \[dq]timeCreated\[dq]: \[dq]2022-07-29T06:21:16.595Z\[dq],
+                        \[dq]storageTier\[dq]: \[dq]Standard\[dq]
+                }
+        ]
+
+
+### cleanup
+
 Remove unfinished multipart uploads.
-.IP
-.nf
-\f[C]
-rclone backend cleanup remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
+
+    rclone backend cleanup remote: [options] [<arguments>+]
+
 This command removes unfinished multipart uploads of age greater than
 max-age which defaults to 24 hours.
-.PP
-Note that you can use --interactive/-i or --dry-run with this command to
-see what it would do.
-.IP
-.nf
-\f[C]
-rclone backend cleanup oos:bucket/path/to/object
-rclone backend cleanup -o max-age=7w oos:bucket/path/to/object
-\f[R]
-.fi
-.PP
+
+Note that you can use --interactive/-i or --dry-run with this command to see what
+it would do.
+
+    rclone backend cleanup oos:bucket/path/to/object
+    rclone backend cleanup -o max-age=7w oos:bucket/path/to/object
+
 Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
-.PP
+
+
 Options:
-.IP \[bu] 2
-\[dq]max-age\[dq]: Max age of upload to delete
-.SH QingStor
-.PP
-Paths are specified as \f[C]remote:bucket\f[R] (or \f[C]remote:\f[R] for
-the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:bucket/path/to/dir\f[R].
-.SS Configuration
-.PP
-Here is an example of making an QingStor configuration.
-First run
-.IP
-.nf
-\f[C]
-rclone config
+
+- \[dq]max-age\[dq]: Max age of upload to delete
+
+
+
+## Tutorials
+### [Mounting Buckets](https://rclone.org/oracleobjectstorage/tutorial_mount/)
+
+#  QingStor
+
+Paths are specified as \[ga]remote:bucket\[ga] (or \[ga]remote:\[ga] for the \[ga]lsd\[ga]
+command.)  You may put subdirectories in too, e.g. \[ga]remote:bucket/path/to/dir\[ga].
+
+## Configuration
+
+Here is an example of making an QingStor configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process.
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-n/r/c/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / QingStor Object Storage
-   \[rs] \[dq]qingstor\[dq]
-[snip]
-Storage> qingstor
-Get QingStor credentials from runtime. Only applies if access_key_id and secret_access_key is blank.
-Choose a number from below, or type in your own value
- 1 / Enter QingStor credentials in the next step
-   \[rs] \[dq]false\[dq]
- 2 / Get QingStor credentials from the environment (env vars or IAM)
-   \[rs] \[dq]true\[dq]
-env_auth> 1
-QingStor Access Key ID - leave blank for anonymous access or runtime credentials.
-access_key_id> access_key
-QingStor Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
-secret_access_key> secret_key
-Enter an endpoint URL to connection QingStor API.
-Leave blank will use the default value \[dq]https://qingstor.com:443\[dq]
-endpoint>
-Zone connect to. Default is \[dq]pek3a\[dq].
-Choose a number from below, or type in your own value
-   / The Beijing (China) Three Zone
- 1 | Needs location constraint pek3a.
-   \[rs] \[dq]pek3a\[dq]
-   / The Shanghai (China) First Zone
- 2 | Needs location constraint sh1a.
-   \[rs] \[dq]sh1a\[dq]
-zone> 1
-Number of connection retry.
+n) New remote r) Rename remote c) Copy remote s) Set configuration
+password q) Quit config n/r/c/s/q> n name> remote Type of storage to
+configure.
+Choose a number from below, or type in your own value [snip] XX /
+QingStor Object Storage \ \[dq]qingstor\[dq] [snip] Storage> qingstor
+Get QingStor credentials from runtime.
+Only applies if access_key_id and secret_access_key is blank.
+Choose a number from below, or type in your own value 1 / Enter QingStor
+credentials in the next step \ \[dq]false\[dq] 2 / Get QingStor
+credentials from the environment (env vars or IAM) \ \[dq]true\[dq]
+env_auth> 1 QingStor Access Key ID - leave blank for anonymous access or
+runtime credentials.
+access_key_id> access_key QingStor Secret Access Key (password) - leave
+blank for anonymous access or runtime credentials.
+secret_access_key> secret_key Enter an endpoint URL to connection
+QingStor API.
+Leave blank will use the default value
+\[dq]https://qingstor.com:443\[dq] endpoint> Zone connect to.
+Default is \[dq]pek3a\[dq].
+Choose a number from below, or type in your own value / The Beijing
+(China) Three Zone 1 | Needs location constraint pek3a.
+\ \[dq]pek3a\[dq] / The Shanghai (China) First Zone 2 | Needs location
+constraint sh1a.
+\ \[dq]sh1a\[dq] zone> 1 Number of connection retry.
 Leave blank will use the default value \[dq]3\[dq].
-connection_retries>
-Remote config
---------------------
-[remote]
-env_auth = false
-access_key_id = access_key
-secret_access_key = secret_key
-endpoint =
-zone = pek3a
-connection_retries =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-This remote is called \f[C]remote\f[R] and can now be used like this
-.PP
-See all buckets
+connection_retries> Remote config -------------------- [remote] env_auth
+= false access_key_id = access_key secret_access_key = secret_key
+endpoint = zone = pek3a connection_retries = -------------------- y) Yes
+this is OK e) Edit this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+This remote is called \[ga]remote\[ga] and can now be used like this
+
+See all buckets
+
+    rclone lsd remote:
+
 Make a new bucket
-.IP
-.nf
-\f[C]
-rclone mkdir remote:bucket
-\f[R]
-.fi
-.PP
+
+    rclone mkdir remote:bucket
+
 List the contents of a bucket
-.IP
-.nf
-\f[C]
-rclone ls remote:bucket
-\f[R]
-.fi
-.PP
-Sync \f[C]/home/local/directory\f[R] to the remote bucket, deleting any
-excess files in the bucket.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory remote:bucket
-\f[R]
-.fi
-.SS --fast-list
-.PP
-This remote supports \f[C]--fast-list\f[R] which allows you to use fewer
-transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
-.SS Multipart uploads
-.PP
+
+    rclone ls remote:bucket
+
+Sync \[ga]/home/local/directory\[ga] to the remote bucket, deleting any excess
+files in the bucket.
+
+    rclone sync --interactive /home/local/directory remote:bucket
+
+### --fast-list
+
+This remote supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### Multipart uploads
+
 rclone supports multipart uploads with QingStor which means that it can
-upload files bigger than 5 GiB.
-Note that files uploaded with multipart upload don\[aq]t have an MD5SUM.
-.PP
+upload files bigger than 5 GiB. Note that files uploaded with multipart
+upload don\[aq]t have an MD5SUM.
+
 Note that incomplete multipart uploads older than 24 hours can be
-removed with \f[C]rclone cleanup remote:bucket\f[R] just for one bucket
-\f[C]rclone cleanup remote:\f[R] for all buckets.
-QingStor does not ever remove incomplete multipart uploads so it may be
-necessary to run this from time to time.
-.SS Buckets and Zone
-.PP
-With QingStor you can list buckets (\f[C]rclone lsd\f[R]) using any
-zone, but you can only access the content of a bucket from the zone it
-was created in.
-If you attempt to access a bucket from the wrong zone, you will get an
-error,
-\f[C]incorrect zone, the bucket is not in \[aq]XXX\[aq] zone\f[R].
-.SS Authentication
-.PP
-There are two ways to supply \f[C]rclone\f[R] with a set of QingStor
-credentials.
-In order of precedence:
-.IP \[bu] 2
-Directly in the rclone configuration file (as configured by
-\f[C]rclone config\f[R])
-.RS 2
-.IP \[bu] 2
-set \f[C]access_key_id\f[R] and \f[C]secret_access_key\f[R]
-.RE
-.IP \[bu] 2
-Runtime configuration:
-.RS 2
-.IP \[bu] 2
-set \f[C]env_auth\f[R] to \f[C]true\f[R] in the config file
-.IP \[bu] 2
-Exporting the following environment variables before running
-\f[C]rclone\f[R]
-.RS 2
-.IP \[bu] 2
-Access Key ID: \f[C]QS_ACCESS_KEY_ID\f[R] or \f[C]QS_ACCESS_KEY\f[R]
-.IP \[bu] 2
-Secret Access Key: \f[C]QS_SECRET_ACCESS_KEY\f[R] or
-\f[C]QS_SECRET_KEY\f[R]
-.RE
-.RE
-.SS Restricted filename characters
-.PP
-The control characters 0x00-0x1F and / are replaced as in the default
-restricted characters
-set (https://rclone.org/overview/#restricted-characters).
-Note that 0x7F is not replaced.
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
-Here are the Standard options specific to qingstor (QingCloud Object
-Storage).
-.SS --qingstor-env-auth
-.PP
+removed with \[ga]rclone cleanup remote:bucket\[ga] just for one bucket
+\[ga]rclone cleanup remote:\[ga] for all buckets. QingStor does not ever
+remove incomplete multipart uploads so it may be necessary to run this
+from time to time.
+
+### Buckets and Zone
+
+With QingStor you can list buckets (\[ga]rclone lsd\[ga]) using any zone,
+but you can only access the content of a bucket from the zone it was
+created in.  If you attempt to access a bucket from the wrong zone,
+you will get an error, \[ga]incorrect zone, the bucket is not in \[aq]XXX\[aq]
+zone\[ga].
+
+### Authentication
+
+There are two ways to supply \[ga]rclone\[ga] with a set of QingStor
+credentials. In order of precedence:
+
+ - Directly in the rclone configuration file (as configured by \[ga]rclone config\[ga])
+   - set \[ga]access_key_id\[ga] and \[ga]secret_access_key\[ga]
+ - Runtime configuration:
+   - set \[ga]env_auth\[ga] to \[ga]true\[ga] in the config file
+   - Exporting the following environment variables before running \[ga]rclone\[ga]
+     - Access Key ID: \[ga]QS_ACCESS_KEY_ID\[ga] or \[ga]QS_ACCESS_KEY\[ga]
+     - Secret Access Key: \[ga]QS_SECRET_ACCESS_KEY\[ga] or \[ga]QS_SECRET_KEY\[ga]
+
+### Restricted filename characters
+
+The control characters 0x00-0x1F and / are replaced as in the [default
+restricted characters set](https://rclone.org/overview/#restricted-characters).  Note
+that 0x7F is not replaced.
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to qingstor (QingCloud Object Storage).
+
+#### --qingstor-env-auth
+
 Get QingStor credentials from runtime.
-.PP
+
 Only applies if access_key_id and secret_access_key is blank.
-.PP
-Properties:
-.IP \[bu] 2
-Config: env_auth
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_ENV_AUTH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Enter QingStor credentials in the next step.
-.RE
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Get QingStor credentials from the environment (env vars or IAM).
-.RE
-.RE
-.SS --qingstor-access-key-id
-.PP
+
+Properties:
+
+- Config:      env_auth
+- Env Var:     RCLONE_QINGSTOR_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - \[dq]false\[dq]
+        - Enter QingStor credentials in the next step.
+    - \[dq]true\[dq]
+        - Get QingStor credentials from the environment (env vars or IAM).
+
+#### --qingstor-access-key-id
+
 QingStor Access Key ID.
-.PP
+
 Leave blank for anonymous access or runtime credentials.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: access_key_id
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_ACCESS_KEY_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --qingstor-secret-access-key
-.PP
+
+- Config:      access_key_id
+- Env Var:     RCLONE_QINGSTOR_ACCESS_KEY_ID
+- Type:        string
+- Required:    false
+
+#### --qingstor-secret-access-key
+
 QingStor Secret Access Key (password).
-.PP
+
 Leave blank for anonymous access or runtime credentials.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: secret_access_key
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_SECRET_ACCESS_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --qingstor-endpoint
-.PP
+
+- Config:      secret_access_key
+- Env Var:     RCLONE_QINGSTOR_SECRET_ACCESS_KEY
+- Type:        string
+- Required:    false
+
+#### --qingstor-endpoint
+
 Enter an endpoint URL to connection QingStor API.
-.PP
-Leave blank will use the default value
-\[dq]https://qingstor.com:443\[dq].
-.PP
+
+Leave blank will use the default value \[dq]https://qingstor.com:443\[dq].
+
 Properties:
-.IP \[bu] 2
-Config: endpoint
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_ENDPOINT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --qingstor-zone
-.PP
+
+- Config:      endpoint
+- Env Var:     RCLONE_QINGSTOR_ENDPOINT
+- Type:        string
+- Required:    false
+
+#### --qingstor-zone
+
 Zone to connect to.
-.PP
+
 Default is \[dq]pek3a\[dq].
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: zone
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_ZONE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]pek3a\[dq]
-.RS 2
-.IP \[bu] 2
-The Beijing (China) Three Zone.
-.IP \[bu] 2
-Needs location constraint pek3a.
-.RE
-.IP \[bu] 2
-\[dq]sh1a\[dq]
-.RS 2
-.IP \[bu] 2
-The Shanghai (China) First Zone.
-.IP \[bu] 2
-Needs location constraint sh1a.
-.RE
-.IP \[bu] 2
-\[dq]gd2a\[dq]
-.RS 2
-.IP \[bu] 2
-The Guangdong (China) Second Zone.
-.IP \[bu] 2
-Needs location constraint gd2a.
-.RE
-.RE
-.SS Advanced options
-.PP
-Here are the Advanced options specific to qingstor (QingCloud Object
-Storage).
-.SS --qingstor-connection-retries
-.PP
+
+- Config:      zone
+- Env Var:     RCLONE_QINGSTOR_ZONE
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]pek3a\[dq]
+        - The Beijing (China) Three Zone.
+        - Needs location constraint pek3a.
+    - \[dq]sh1a\[dq]
+        - The Shanghai (China) First Zone.
+        - Needs location constraint sh1a.
+    - \[dq]gd2a\[dq]
+        - The Guangdong (China) Second Zone.
+        - Needs location constraint gd2a.
+
+### Advanced options
+
+Here are the Advanced options specific to qingstor (QingCloud Object Storage).
+
+#### --qingstor-connection-retries
+
 Number of connection retries.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: connection_retries
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_CONNECTION_RETRIES
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 3
-.SS --qingstor-upload-cutoff
-.PP
+
+- Config:      connection_retries
+- Env Var:     RCLONE_QINGSTOR_CONNECTION_RETRIES
+- Type:        int
+- Default:     3
+
+#### --qingstor-upload-cutoff
+
 Cutoff for switching to chunked upload.
-.PP
+
 Any files larger than this will be uploaded in chunks of chunk_size.
 The minimum is 0 and the maximum is 5 GiB.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_cutoff
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_UPLOAD_CUTOFF
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 200Mi
-.SS --qingstor-chunk-size
-.PP
+
+- Config:      upload_cutoff
+- Env Var:     RCLONE_QINGSTOR_UPLOAD_CUTOFF
+- Type:        SizeSuffix
+- Default:     200Mi
+
+#### --qingstor-chunk-size
+
 Chunk size to use for uploading.
-.PP
-When uploading files larger than upload_cutoff they will be uploaded as
-multipart uploads using this chunk size.
-.PP
-Note that \[dq]--qingstor-upload-concurrency\[dq] chunks of this size
-are buffered in memory per transfer.
-.PP
+
+When uploading files larger than upload_cutoff they will be uploaded
+as multipart uploads using this chunk size.
+
+Note that \[dq]--qingstor-upload-concurrency\[dq] chunks of this size are buffered
+in memory per transfer.
+
 If you are transferring large files over high-speed links and you have
 enough memory, then increasing this will speed up the transfers.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 4Mi
-.SS --qingstor-upload-concurrency
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_QINGSTOR_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     4Mi
+
+#### --qingstor-upload-concurrency
+
 Concurrency for multipart uploads.
-.PP
+
 This is the number of chunks of the same file that are uploaded
 concurrently.
-.PP
-NB if you set this to > 1 then the checksums of multipart uploads become
-corrupted (the uploads themselves are not corrupted though).
-.PP
+
+NB if you set this to > 1 then the checksums of multipart uploads
+become corrupted (the uploads themselves are not corrupted though).
+
 If you are uploading small numbers of large files over high-speed links
 and these uploads do not fully utilize your bandwidth, then increasing
 this may help to speed up the transfers.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: upload_concurrency
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_UPLOAD_CONCURRENCY
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 1
-.SS --qingstor-encoding
-.PP
+
+- Config:      upload_concurrency
+- Env Var:     RCLONE_QINGSTOR_UPLOAD_CONCURRENCY
+- Type:        int
+- Default:     1
+
+#### --qingstor-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_QINGSTOR_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,Ctl,InvalidUtf8
-.SS Limitations
+
+- Config:      encoding
+- Env Var:     RCLONE_QINGSTOR_ENCODING
+- Type:        Encoding
+- Default:     Slash,Ctl,InvalidUtf8
+
+
+
+## Limitations
+
+\[ga]rclone about\[ga] is not supported by the qingstor backend. Backends without
+this capability cannot determine free space for an rclone mount or
+use policy \[ga]mfs\[ga] (most free space) as a member of an rclone union
+remote.
+
+See [List of backends that do not support rclone about](https://rclone.org/overview/#optional-features) and [rclone about](https://rclone.org/commands/rclone_about/)
+
+#  Quatrix
+
+Quatrix by Maytech is [Quatrix Secure Compliant File Sharing | Maytech](https://www.maytech.net/products/quatrix-business).
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g., \[ga]remote:directory/subdirectory\[ga].
+
+The initial setup for Quatrix involves getting an API Key from Quatrix. You can get the API key in the user\[aq]s profile at \[ga]https://<account>/profile/api-keys\[ga]
+or with the help of the API - https://docs.maytech.net/quatrix/quatrix-api/api-explorer#/API-Key/post_api_key_create.
+
+See complete Swagger documentation for Quatrix - https://docs.maytech.net/quatrix/quatrix-api/api-explorer
+
+## Configuration
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
+\f[R]
+.fi
 .PP
-\f[C]rclone about\f[R] is not supported by the qingstor backend.
-Backends without this capability cannot determine free space for an
-rclone mount or use policy \f[C]mfs\f[R] (most free space) as a member
-of an rclone union remote.
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+Quatrix by Maytech \ \[dq]quatrix\[dq] [snip] Storage> quatrix API key
+for accessing Quatrix account.
+api_key> your_api_key Host name of Quatrix account.
+host> example.quatrix.it
 .PP
-See List of backends that do not support rclone
-about (https://rclone.org/overview/#optional-features) and rclone
-about (https://rclone.org/commands/rclone_about/)
-.SH Sia
+.TS
+tab(@);
+lw(20.4n).
+T{
+[remote] api_key = your_api_key host = example.quatrix.it
+T}
+_
+T{
+y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y
+\[ga]\[ga]\[ga]
+T}
+T{
+Once configured you can then use \f[C]rclone\f[R] like this,
+T}
+T{
+List directories in top level of your Quatrix
+T}
+T{
+rclone lsd remote:
+T}
+T{
+List all the files in your Quatrix
+T}
+T{
+rclone ls remote:
+T}
+T{
+To copy a local directory to an Quatrix directory called backup
+T}
+T{
+rclone copy /home/source remote:backup
+T}
+T{
+### API key validity
+T}
+T{
+API Key is created with no expiration date.
+It will be valid until you delete or deactivate it in your account.
+After disabling, the API Key can be enabled back.
+If the API Key was deleted and a new key was created, you can update it
+in rclone config.
+The same happens if the hostname was changed.
+T}
+T{
+\[ga]\[ga]\[ga] $ rclone config Current remotes:
+T}
+T{
+Name Type ==== ==== remote quatrix
+T}
+T{
+e) Edit existing remote n) New remote d) Delete remote r) Rename remote
+c) Copy remote s) Set configuration password q) Quit config
+e/n/d/r/c/s/q> e Choose a number from below, or type in an existing
+value 1 > remote remote> remote
+T}
+.TE
+.PP
+[remote] type = quatrix host = some_host.quatrix.it api_key =
+your_api_key -------------------- Edit remote Option api_key.
+API key for accessing Quatrix account Enter a string value.
+Press Enter for the default (your_api_key) api_key> Option host.
+Host name of Quatrix account Enter a string value.
+Press Enter for the default (some_host.quatrix.it).
 .PP
+.TS
+tab(@);
+lw(20.4n).
+T{
+[remote] type = quatrix host = some_host.quatrix.it api_key =
+your_api_key
+T}
+_
+T{
+y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y
+\[ga]\[ga]\[ga]
+T}
+T{
+### Modification times and hashes
+T}
+T{
+Quatrix allows modification times to be set on objects accurate to 1
+microsecond.
+These will be used to detect whether objects need syncing or not.
+T}
+T{
+Quatrix does not support hashes, so you cannot use the
+\f[C]--checksum\f[R] flag.
+T}
+T{
+### Restricted filename characters
+T}
+T{
+File names in Quatrix are case sensitive and have limitations like the
+maximum length of a filename is 255, and the minimum length is 1.
+A file name cannot be equal to \f[C].\f[R] or \f[C]..\f[R] nor contain
+\f[C]/\f[R] , \f[C]\[rs]\f[R] or non-printable ascii.
+T}
+T{
+### Transfers
+T}
+T{
+For files above 50 MiB rclone will use a chunked transfer.
+Rclone will upload up to \f[C]--transfers\f[R] chunks at the same time
+(shared among all multipart uploads).
+Chunks are buffered in memory, and the minimal chunk size is 10_000_000
+bytes by default, and it can be changed in the advanced configuration,
+so increasing \f[C]--transfers\f[R] will increase the memory use.
+The chunk size has a maximum size limit, which is set to 100_000_000
+bytes by default and can be changed in the advanced configuration.
+The size of the uploaded chunk will dynamically change depending on the
+upload speed.
+The total memory use equals the number of transfers multiplied by the
+minimal chunk size.
+In case there\[aq]s free memory allocated for the upload (which equals
+the difference of \f[C]maximal_summary_chunk_size\f[R] and
+\f[C]minimal_chunk_size\f[R] * \f[C]transfers\f[R]), the chunk size may
+increase in case of high upload speed.
+As well as it can decrease in case of upload speed problems.
+If no free memory is available, all chunks will equal
+\f[C]minimal_chunk_size\f[R].
+T}
+T{
+### Deleting files
+T}
+T{
+Files you delete with rclone will end up in Trash and be stored there
+for 30 days.
+Quatrix also provides an API to permanently delete files and an API to
+empty the Trash so that you can remove files permanently from your
+account.
+T}
+T{
+### Standard options
+T}
+T{
+Here are the Standard options specific to quatrix (Quatrix by Maytech).
+T}
+T{
+#### --quatrix-api-key
+T}
+T{
+API key for accessing Quatrix account
+T}
+T{
+Properties:
+T}
+T{
+- Config: api_key - Env Var: RCLONE_QUATRIX_API_KEY - Type: string -
+Required: true
+T}
+T{
+#### --quatrix-host
+T}
+T{
+Host name of Quatrix account
+T}
+T{
+Properties:
+T}
+T{
+- Config: host - Env Var: RCLONE_QUATRIX_HOST - Type: string - Required:
+true
+T}
+T{
+### Advanced options
+T}
+T{
+Here are the Advanced options specific to quatrix (Quatrix by Maytech).
+T}
+T{
+#### --quatrix-encoding
+T}
+T{
+The encoding for the backend.
+T}
+T{
+See the encoding section in the
+overview (https://rclone.org/overview/#encoding) for more info.
+T}
+T{
+Properties:
+T}
+T{
+- Config: encoding - Env Var: RCLONE_QUATRIX_ENCODING - Type: Encoding -
+Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+T}
+T{
+#### --quatrix-effective-upload-time
+T}
+T{
+Wanted upload time for one chunk
+T}
+T{
+Properties:
+T}
+T{
+- Config: effective_upload_time - Env Var:
+RCLONE_QUATRIX_EFFECTIVE_UPLOAD_TIME - Type: string - Default:
+\[dq]4s\[dq]
+T}
+T{
+#### --quatrix-minimal-chunk-size
+T}
+T{
+The minimal size for one chunk
+T}
+T{
+Properties:
+T}
+T{
+- Config: minimal_chunk_size - Env Var:
+RCLONE_QUATRIX_MINIMAL_CHUNK_SIZE - Type: SizeSuffix - Default: 9.537Mi
+T}
+T{
+#### --quatrix-maximal-summary-chunk-size
+T}
+T{
+The maximal summary for all chunks.
+It should not be less than
+\[aq]transfers\[aq]*\[aq]minimal_chunk_size\[aq]
+T}
+T{
+Properties:
+T}
+T{
+- Config: maximal_summary_chunk_size - Env Var:
+RCLONE_QUATRIX_MAXIMAL_SUMMARY_CHUNK_SIZE - Type: SizeSuffix - Default:
+95.367Mi
+T}
+T{
+#### --quatrix-hard-delete
+T}
+T{
+Delete files permanently rather than putting them into the trash.
+T}
+T{
+Properties:
+T}
+T{
+- Config: hard_delete - Env Var: RCLONE_QUATRIX_HARD_DELETE - Type: bool
+- Default: false
+T}
+T{
+## Storage usage
+T}
+T{
+The storage usage in Quatrix is restricted to the account during the
+purchase.
+You can restrict any user with a smaller storage limit.
+The account limit is applied if the user has no custom storage limit.
+Once you\[aq]ve reached the limit, the upload of files will fail.
+This can be fixed by freeing up the space or increasing the quota.
+T}
+T{
+## Server-side operations
+T}
+T{
+Quatrix supports server-side operations (copy and move).
+In case of conflict, files are overwritten during server-side operation.
+T}
+T{
+# Sia
+T}
+T{
 Sia (sia.tech (https://sia.tech/)) is a decentralized cloud storage
 platform based on the blockchain (https://wikipedia.org/wiki/Blockchain)
 technology.
@@ -50544,22 +50721,27 @@ Siacoins and Wallet, Blockchain and Consensus, Renting and Hosting, and
 so on.
 If you are new to it, you\[aq]d better first familiarize yourself using
 their excellent support documentation (https://support.sia.tech/).
-.SS Introduction
-.PP
+T}
+T{
+## Introduction
+T}
+T{
 Before you can use rclone with Sia, you will need to have a running copy
 of \f[C]Sia-UI\f[R] or \f[C]siad\f[R] (the Sia daemon) locally on your
 computer or on local network (e.g.
 a NAS).
 Please follow the Get started (https://sia.tech/get-started) guide and
 install one.
-.PP
+T}
+T{
 rclone interacts with Sia network by talking to the Sia daemon via HTTP
 API (https://sia.tech/docs/) which is usually available on port
 \f[I]9980\f[R].
 By default you will run the daemon locally on the same computer so
 it\[aq]s safe to leave the API password blank (the API URL will be
 \f[C]http://127.0.0.1:9980\f[R] making external access impossible).
-.PP
+T}
+T{
 However, if you want to access Sia daemon running on another node, for
 example due to memory constraints or because you want to share single
 daemon between several rclone and Sia-UI instances, you\[aq]ll need to
@@ -50575,7 +50757,8 @@ variable \f[C]SIA_API_PASSWORD\f[R] or text file named
 \f[C]apipassword\f[R] in the daemon directory.
 - Set rclone backend option \f[C]api_password\f[R] taking it from above
 locations.
-.PP
+T}
+T{
 Notes: 1.
 If your wallet is locked, rclone cannot unlock it automatically.
 You should either unlock it in advance by using Sia-UI or via command
@@ -50597,2439 +50780,2853 @@ The only way to use \f[C]siad\f[R] without API password is to run it
 \f[B]on localhost\f[R] with command line argument
 \f[C]--authorize-api=false\f[R], but this is insecure and \f[B]strongly
 discouraged\f[R].
-.SS Configuration
-.PP
+T}
+T{
+## Configuration
+T}
+T{
 Here is an example of how to make a \f[C]sia\f[R] remote called
 \f[C]mySia\f[R].
 First, run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> mySia
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-\&...
-29 / Sia Decentralized Cloud
-   \[rs] \[dq]sia\[dq]
-\&...
-Storage> sia
-Sia daemon API URL, like http://sia.daemon.host:9980.
-Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
-Keep default if Sia daemon runs on localhost.
-Enter a string value. Press Enter for the default (\[dq]http://127.0.0.1:9980\[dq]).
-api_url> http://127.0.0.1:9980
-Sia Daemon API Password.
-Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Edit advanced config?
-y) Yes
-n) No (default)
-y/n> n
---------------------
-[mySia]
-type = sia
-api_url = http://127.0.0.1:9980
-api_password = *** ENCRYPTED ***
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-Once configured, you can then use \f[C]rclone\f[R] like this:
-.IP \[bu] 2
-List directories in top level of your Sia storage
-.IP
-.nf
-\f[C]
-rclone lsd mySia:
-\f[R]
-.fi
-.IP \[bu] 2
-List all the files in your Sia storage
-.IP
-.nf
-\f[C]
-rclone ls mySia:
-\f[R]
-.fi
-.IP \[bu] 2
-Upload a local directory to the Sia directory called \f[I]backup\f[R]
-.IP
-.nf
-\f[C]
-rclone copy /home/source mySia:backup
-\f[R]
-.fi
-.SS Standard options
-.PP
-Here are the Standard options specific to sia (Sia Decentralized Cloud).
-.SS --sia-api-url
-.PP
-Sia daemon API URL, like http://sia.daemon.host:9980.
-.PP
-Note that siad must run with --disable-api-security to open API port for
-other hosts (not recommended).
-Keep default if Sia daemon runs on localhost.
-.PP
-Properties:
-.IP \[bu] 2
-Config: api_url
-.IP \[bu] 2
-Env Var: RCLONE_SIA_API_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]http://127.0.0.1:9980\[dq]
-.SS --sia-api-password
-.PP
-Sia Daemon API Password.
-.PP
-Can be found in the apipassword file located in HOME/.sia/ or in the
-daemon directory.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
-Properties:
-.IP \[bu] 2
-Config: api_password
-.IP \[bu] 2
-Env Var: RCLONE_SIA_API_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
-Here are the Advanced options specific to sia (Sia Decentralized Cloud).
-.SS --sia-user-agent
-.PP
-Siad User Agent
-.PP
-Sia daemon requires the \[aq]Sia-Agent\[aq] user agent by default for
-security
-.PP
-Properties:
-.IP \[bu] 2
-Config: user_agent
-.IP \[bu] 2
-Env Var: RCLONE_SIA_USER_AGENT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]Sia-Agent\[dq]
-.SS --sia-encoding
-.PP
-The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
-Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_SIA_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.IP \[bu] 2
-Modification times not supported
-.IP \[bu] 2
-Checksums not supported
-.IP \[bu] 2
-\f[C]rclone about\f[R] not supported
-.IP \[bu] 2
-rclone can work only with \f[I]Siad\f[R] or \f[I]Sia-UI\f[R] at the
-moment, the \f[B]SkyNet daemon is not supported yet.\f[R]
-.IP \[bu] 2
-Sia does not allow control characters or symbols like question and pound
-signs in file names.
-rclone will transparently encode (https://rclone.org/overview/#encoding)
-them for you, but you\[aq]d better be aware
-.SH Swift
-.PP
-Swift refers to OpenStack Object
-Storage (https://docs.openstack.org/swift/latest/).
-Commercial implementations of that being:
-.IP \[bu] 2
-Rackspace Cloud Files (https://www.rackspace.com/cloud/files/)
-.IP \[bu] 2
-Memset Memstore (https://www.memset.com/cloud/storage/)
-.IP \[bu] 2
-OVH Object
-Storage (https://www.ovh.co.uk/public-cloud/storage/object-storage/)
-.IP \[bu] 2
-Oracle Cloud
-Storage (https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html)
-.IP \[bu] 2
-IBM Bluemix Cloud ObjectStorage
-Swift (https://console.bluemix.net/docs/infrastructure/objectstorage-swift/index.html)
-.PP
-Paths are specified as \f[C]remote:container\f[R] (or \f[C]remote:\f[R]
-for the \f[C]lsd\f[R] command.) You may put subdirectories in too, e.g.
-\f[C]remote:container/path/to/dir\f[R].
-.SS Configuration
-.PP
-Here is an example of making a swift configuration.
-First run
-.IP
-.nf
-\f[C]
+T}
+T{
 rclone config
-\f[R]
-.fi
+T}
+T{
+This will guide you through an interactive setup process:
+T}
+T{
+\[ga]\[ga]\[ga] No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> mySia Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value ...
+29 / Sia Decentralized Cloud \ \[dq]sia\[dq] ...
+Storage> sia Sia daemon API URL, like http://sia.daemon.host:9980.
+Note that siad must run with --disable-api-security to open API port for
+other hosts (not recommended).
+Keep default if Sia daemon runs on localhost.
+Enter a string value.
+Press Enter for the default (\[dq]http://127.0.0.1:9980\[dq]).
+api_url> http://127.0.0.1:9980 Sia Daemon API Password.
+Can be found in the apipassword file located in HOME/.sia/ or in the
+daemon directory.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank (default) y/g/n> y Enter the password:
+password: Confirm the password: password: Edit advanced config?
+y) Yes n) No (default) y/n> n
+T}
+.TE
 .PP
-This will guide you through an interactive setup process.
+[mySia] type = sia api_url = http://127.0.0.1:9980 api_password = ***
+ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit
+this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
-   \[rs] \[dq]swift\[dq]
-[snip]
-Storage> swift
-Get swift credentials from environment variables in standard OpenStack form.
-Choose a number from below, or type in your own value
- 1 / Enter swift credentials in the next step
-   \[rs] \[dq]false\[dq]
- 2 / Get swift credentials from environment vars. Leave other fields blank if using this.
-   \[rs] \[dq]true\[dq]
-env_auth> true
-User name to log in (OS_USERNAME).
-user> 
-API key or password (OS_PASSWORD).
-key> 
-Authentication URL for server (OS_AUTH_URL).
-Choose a number from below, or type in your own value
- 1 / Rackspace US
-   \[rs] \[dq]https://auth.api.rackspacecloud.com/v1.0\[dq]
- 2 / Rackspace UK
-   \[rs] \[dq]https://lon.auth.api.rackspacecloud.com/v1.0\[dq]
- 3 / Rackspace v2
-   \[rs] \[dq]https://identity.api.rackspacecloud.com/v2.0\[dq]
- 4 / Memset Memstore UK
-   \[rs] \[dq]https://auth.storage.memset.com/v1.0\[dq]
- 5 / Memset Memstore UK v2
-   \[rs] \[dq]https://auth.storage.memset.com/v2.0\[dq]
- 6 / OVH
-   \[rs] \[dq]https://auth.cloud.ovh.net/v3\[dq]
-auth> 
-User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
-user_id> 
-User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-domain> 
-Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
-tenant> 
-Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
-tenant_id> 
-Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
-tenant_domain> 
-Region name - optional (OS_REGION_NAME)
-region> 
-Storage URL - optional (OS_STORAGE_URL)
-storage_url> 
-Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
-auth_token> 
-AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
-auth_version> 
-Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE)
-Choose a number from below, or type in your own value
- 1 / Public (default, choose this if not sure)
-   \[rs] \[dq]public\[dq]
- 2 / Internal (use internal service net)
-   \[rs] \[dq]internal\[dq]
- 3 / Admin
-   \[rs] \[dq]admin\[dq]
-endpoint_type> 
-Remote config
---------------------
-[test]
-env_auth = true
-user = 
-key = 
-auth = 
-user_id = 
-domain = 
-tenant = 
-tenant_id = 
-tenant_domain = 
-region = 
-storage_url = 
-auth_token = 
-auth_version = 
-endpoint_type = 
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
+Once configured, you can then use \[ga]rclone\[ga] like this:
+
+- List directories in top level of your Sia storage
 \f[R]
 .fi
 .PP
-This remote is called \f[C]remote\f[R] and can now be used like this
-.PP
-See all containers
+rclone lsd mySia:
 .IP
 .nf
 \f[C]
-rclone lsd remote:
+- List all the files in your Sia storage
 \f[R]
 .fi
 .PP
-Make a new container
+rclone ls mySia:
 .IP
 .nf
 \f[C]
-rclone mkdir remote:container
+- Upload a local directory to the Sia directory called _backup_
 \f[R]
 .fi
 .PP
-List the contents of a container
+rclone copy /home/source mySia:backup
 .IP
 .nf
 \f[C]
-rclone ls remote:container
+
+### Standard options
+
+Here are the Standard options specific to sia (Sia Decentralized Cloud).
+
+#### --sia-api-url
+
+Sia daemon API URL, like http://sia.daemon.host:9980.
+
+Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
+Keep default if Sia daemon runs on localhost.
+
+Properties:
+
+- Config:      api_url
+- Env Var:     RCLONE_SIA_API_URL
+- Type:        string
+- Default:     \[dq]http://127.0.0.1:9980\[dq]
+
+#### --sia-api-password
+
+Sia Daemon API Password.
+
+Can be found in the apipassword file located in HOME/.sia/ or in the daemon directory.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      api_password
+- Env Var:     RCLONE_SIA_API_PASSWORD
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to sia (Sia Decentralized Cloud).
+
+#### --sia-user-agent
+
+Siad User Agent
+
+Sia daemon requires the \[aq]Sia-Agent\[aq] user agent by default for security
+
+Properties:
+
+- Config:      user_agent
+- Env Var:     RCLONE_SIA_USER_AGENT
+- Type:        string
+- Default:     \[dq]Sia-Agent\[dq]
+
+#### --sia-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_SIA_ENCODING
+- Type:        Encoding
+- Default:     Slash,Question,Hash,Percent,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+- Modification times not supported
+- Checksums not supported
+- \[ga]rclone about\[ga] not supported
+- rclone can work only with _Siad_ or _Sia-UI_ at the moment,
+  the **SkyNet daemon is not supported yet.**
+- Sia does not allow control characters or symbols like question and pound
+  signs in file names. rclone will transparently [encode](https://rclone.org/overview/#encoding)
+  them for you, but you\[aq]d better be aware
+
+#  Swift
+
+Swift refers to [OpenStack Object Storage](https://docs.openstack.org/swift/latest/).
+Commercial implementations of that being:
+
+  * [Rackspace Cloud Files](https://www.rackspace.com/cloud/files/)
+  * [Memset Memstore](https://www.memset.com/cloud/storage/)
+  * [OVH Object Storage](https://www.ovh.co.uk/public-cloud/storage/object-storage/)
+  * [Oracle Cloud Storage](https://docs.oracle.com/en-us/iaas/integration/doc/configure-object-storage.html)
+  * [Blomp Cloud Storage](https://www.blomp.com/cloud-storage/)
+  * [IBM Bluemix Cloud ObjectStorage Swift](https://console.bluemix.net/docs/infrastructure/objectstorage-swift/index.html)
+
+Paths are specified as \[ga]remote:container\[ga] (or \[ga]remote:\[ga] for the \[ga]lsd\[ga]
+command.)  You may put subdirectories in too, e.g. \[ga]remote:container/path/to/dir\[ga].
+
+## Configuration
+
+Here is an example of making a swift configuration.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process.
 \f[R]
 .fi
 .PP
-Sync \f[C]/home/local/directory\f[R] to the remote container, deleting
-any excess files in the container.
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset
+Memstore, OVH) \ \[dq]swift\[dq] [snip] Storage> swift Get swift
+credentials from environment variables in standard OpenStack form.
+Choose a number from below, or type in your own value 1 / Enter swift
+credentials in the next step \ \[dq]false\[dq] 2 / Get swift credentials
+from environment vars.
+Leave other fields blank if using this.
+\ \[dq]true\[dq] env_auth> true User name to log in (OS_USERNAME).
+user> API key or password (OS_PASSWORD).
+key> Authentication URL for server (OS_AUTH_URL).
+Choose a number from below, or type in your own value 1 / Rackspace US
+\ \[dq]https://auth.api.rackspacecloud.com/v1.0\[dq] 2 / Rackspace UK
+\ \[dq]https://lon.auth.api.rackspacecloud.com/v1.0\[dq] 3 / Rackspace
+v2 \ \[dq]https://identity.api.rackspacecloud.com/v2.0\[dq] 4 / Memset
+Memstore UK \ \[dq]https://auth.storage.memset.com/v1.0\[dq] 5 / Memset
+Memstore UK v2 \ \[dq]https://auth.storage.memset.com/v2.0\[dq] 6 / OVH
+\ \[dq]https://auth.cloud.ovh.net/v3\[dq] 7 / Blomp Cloud Storage
+\ \[dq]https://authenticate.ain.net\[dq] auth> User ID to log in -
+optional - most swift systems use user and leave this blank (v3 auth)
+(OS_USER_ID).
+user_id> User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME) domain>
+Tenant name - optional for v1 auth, this or tenant_id required otherwise
+(OS_TENANT_NAME or OS_PROJECT_NAME) tenant> Tenant ID - optional for v1
+auth, this or tenant required otherwise (OS_TENANT_ID) tenant_id> Tenant
+domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME) tenant_domain>
+Region name - optional (OS_REGION_NAME) region> Storage URL - optional
+(OS_STORAGE_URL) storage_url> Auth Token from alternate authentication -
+optional (OS_AUTH_TOKEN) auth_token> AuthVersion - optional - set to
+(1,2,3) if your auth URL has no version (ST_AUTH_VERSION) auth_version>
+Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE)
+Choose a number from below, or type in your own value 1 / Public
+(default, choose this if not sure) \ \[dq]public\[dq] 2 / Internal (use
+internal service net) \ \[dq]internal\[dq] 3 / Admin \ \[dq]admin\[dq]
+endpoint_type> Remote config -------------------- [test] env_auth = true
+user = key = auth = user_id = domain = tenant = tenant_id =
+tenant_domain = region = storage_url = auth_token = auth_version =
+endpoint_type = -------------------- y) Yes this is OK e) Edit this
+remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone sync --interactive /home/local/directory remote:container
+This remote is called \[ga]remote\[ga] and can now be used like this
+
+See all containers
+
+    rclone lsd remote:
+
+Make a new container
+
+    rclone mkdir remote:container
+
+List the contents of a container
+
+    rclone ls remote:container
+
+Sync \[ga]/home/local/directory\[ga] to the remote container, deleting any
+excess files in the container.
+
+    rclone sync --interactive /home/local/directory remote:container
+
+### Configuration from an OpenStack credentials file
+
+An OpenStack credentials file typically looks something something
+like this (without the comments)
 \f[R]
 .fi
-.SS Configuration from an OpenStack credentials file
 .PP
-An OpenStack credentials file typically looks something something like
-this (without the comments)
+export OS_AUTH_URL=https://a.provider.net/v2.0 export
+OS_TENANT_ID=ffffffffffffffffffffffffffffffff export
+OS_TENANT_NAME=\[dq]1234567890123456\[dq] export
+OS_USERNAME=\[dq]123abc567xy\[dq] echo \[dq]Please enter your OpenStack
+Password: \[dq] read -sr OS_PASSWORD_INPUT export
+OS_PASSWORD=$OS_PASSWORD_INPUT export OS_REGION_NAME=\[dq]SBG1\[dq] if [ -z \[dq]$OS_REGION_NAME\[dq]
+]; then unset OS_REGION_NAME; fi
 .IP
 .nf
 \f[C]
-export OS_AUTH_URL=https://a.provider.net/v2.0
-export OS_TENANT_ID=ffffffffffffffffffffffffffffffff
-export OS_TENANT_NAME=\[dq]1234567890123456\[dq]
-export OS_USERNAME=\[dq]123abc567xy\[dq]
-echo \[dq]Please enter your OpenStack Password: \[dq]
-read -sr OS_PASSWORD_INPUT
-export OS_PASSWORD=$OS_PASSWORD_INPUT
-export OS_REGION_NAME=\[dq]SBG1\[dq]
-if [ -z \[dq]$OS_REGION_NAME\[dq] ]; then unset OS_REGION_NAME; fi
+The config file needs to look something like this where \[ga]$OS_USERNAME\[ga]
+represents the value of the \[ga]OS_USERNAME\[ga] variable - \[ga]123abc567xy\[ga] in
+the example above.
 \f[R]
 .fi
 .PP
-The config file needs to look something like this where
-\f[C]$OS_USERNAME\f[R] represents the value of the \f[C]OS_USERNAME\f[R]
-variable - \f[C]123abc567xy\f[R] in the example above.
+[remote] type = swift user = $OS_USERNAME key = $OS_PASSWORD auth =
+$OS_AUTH_URL tenant = $OS_TENANT_NAME
 .IP
 .nf
 \f[C]
-[remote]
-type = swift
-user = $OS_USERNAME
-key = $OS_PASSWORD
-auth = $OS_AUTH_URL
-tenant = $OS_TENANT_NAME
-\f[R]
-.fi
-.PP
-Note that you may (or may not) need to set \f[C]region\f[R] too - try
-without first.
-.SS Configuration from the environment
-.PP
-If you prefer you can configure rclone to use swift using a standard set
-of OpenStack environment variables.
-.PP
-When you run through the config, make sure you choose \f[C]true\f[R] for
-\f[C]env_auth\f[R] and leave everything else blank.
-.PP
+Note that you may (or may not) need to set \[ga]region\[ga] too - try without first.
+
+### Configuration from the environment
+
+If you prefer you can configure rclone to use swift using a standard
+set of OpenStack environment variables.
+
+When you run through the config, make sure you choose \[ga]true\[ga] for
+\[ga]env_auth\[ga] and leave everything else blank.
+
 rclone will then set any empty config parameters from the environment
-using standard OpenStack environment variables.
-There is a list of the
-variables (https://godoc.org/github.com/ncw/swift#Connection.ApplyEnvironment)
+using standard OpenStack environment variables.  There is [a list of
+the
+variables](https://godoc.org/github.com/ncw/swift#Connection.ApplyEnvironment)
 in the docs for the swift library.
-.SS Using an alternate authentication method
-.PP
+
+### Using an alternate authentication method
+
 If your OpenStack installation uses a non-standard authentication method
-that might not be yet supported by rclone or the underlying swift
-library, you can authenticate externally (e.g.
-calling manually the \f[C]openstack\f[R] commands to get a token).
-Then, you just need to pass the two configuration variables
-\f[C]auth_token\f[R] and \f[C]storage_url\f[R].
-If they are both provided, the other variables are ignored.
-rclone will not try to authenticate but instead assume it is already
-authenticated and use these two variables to access the OpenStack
-installation.
-.SS Using rclone without a config file
-.PP
+that might not be yet supported by rclone or the underlying swift library, 
+you can authenticate externally (e.g. calling manually the \[ga]openstack\[ga] 
+commands to get a token). Then, you just need to pass the two 
+configuration variables \[ga]\[ga]auth_token\[ga]\[ga] and \[ga]\[ga]storage_url\[ga]\[ga]. 
+If they are both provided, the other variables are ignored. rclone will 
+not try to authenticate but instead assume it is already authenticated 
+and use these two variables to access the OpenStack installation.
+
+#### Using rclone without a config file
+
 You can use rclone with swift without a config file, if desired, like
 this:
-.IP
-.nf
-\f[C]
-source openstack-credentials-file
-export RCLONE_CONFIG_MYREMOTE_TYPE=swift
-export RCLONE_CONFIG_MYREMOTE_ENV_AUTH=true
-rclone lsd myremote:
 \f[R]
 .fi
-.SS --fast-list
-.PP
-This remote supports \f[C]--fast-list\f[R] which allows you to use fewer
-transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
-.SS --update and --use-server-modtime
 .PP
-As noted below, the modified time is stored on metadata on the object.
-It is used by default for all operations that require checking the time
-a file was last updated.
-It allows rclone to treat the remote more like a true filesystem, but it
-is inefficient because it requires an extra API call to retrieve the
+source openstack-credentials-file export
+RCLONE_CONFIG_MYREMOTE_TYPE=swift export
+RCLONE_CONFIG_MYREMOTE_ENV_AUTH=true rclone lsd myremote:
+.IP
+.nf
+\f[C]
+### --fast-list
+
+This remote supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
+
+### --update and --use-server-modtime
+
+As noted below, the modified time is stored on metadata on the object. It is
+used by default for all operations that require checking the time a file was
+last updated. It allows rclone to treat the remote more like a true filesystem,
+but it is inefficient because it requires an extra API call to retrieve the
 metadata.
-.PP
-For many operations, the time the object was last uploaded to the remote
-is sufficient to determine if it is \[dq]dirty\[dq].
-By using \f[C]--update\f[R] along with \f[C]--use-server-modtime\f[R],
-you can avoid the extra API call and simply upload files whose local
-modtime is newer than the time it was last uploaded.
-.SS Modified time
-.PP
+
+For many operations, the time the object was last uploaded to the remote is
+sufficient to determine if it is \[dq]dirty\[dq]. By using \[ga]--update\[ga] along with
+\[ga]--use-server-modtime\[ga], you can avoid the extra API call and simply upload
+files whose local modtime is newer than the time it was last uploaded.
+
+### Modification times and hashes
+
 The modified time is stored as metadata on the object as
-\f[C]X-Object-Meta-Mtime\f[R] as floating point since the epoch accurate
-to 1 ns.
-.PP
+\[ga]X-Object-Meta-Mtime\[ga] as floating point since the epoch accurate to 1
+ns.
+
 This is a de facto standard (used in the official python-swiftclient
 amongst others) for storing the modification time for an object.
-.SS Restricted filename characters
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-NUL
-T}@T{
-0x00
-T}@T{
-\[u2400]
-T}
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
-Here are the Standard options specific to swift (OpenStack Swift
-(Rackspace Cloud Files, Memset Memstore, OVH)).
-.SS --swift-env-auth
-.PP
-Get swift credentials from environment variables in standard OpenStack
-form.
-.PP
+
+The MD5 hash algorithm is supported.
+
+### Restricted filename characters
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| NUL       | 0x00  | \[u2400]           |
+| /         | 0x2F  | \[uFF0F]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
+
+#### --swift-env-auth
+
+Get swift credentials from environment variables in standard OpenStack form.
+
 Properties:
-.IP \[bu] 2
-Config: env_auth
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_ENV_AUTH
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]false\[dq]
-.RS 2
-.IP \[bu] 2
-Enter swift credentials in the next step.
-.RE
-.IP \[bu] 2
-\[dq]true\[dq]
-.RS 2
-.IP \[bu] 2
-Get swift credentials from environment vars.
-.IP \[bu] 2
-Leave other fields blank if using this.
-.RE
-.RE
-.SS --swift-user
-.PP
+
+- Config:      env_auth
+- Env Var:     RCLONE_SWIFT_ENV_AUTH
+- Type:        bool
+- Default:     false
+- Examples:
+    - \[dq]false\[dq]
+        - Enter swift credentials in the next step.
+    - \[dq]true\[dq]
+        - Get swift credentials from environment vars.
+        - Leave other fields blank if using this.
+
+#### --swift-user
+
 User name to log in (OS_USERNAME).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: user
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_USER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-key
-.PP
+
+- Config:      user
+- Env Var:     RCLONE_SWIFT_USER
+- Type:        string
+- Required:    false
+
+#### --swift-key
+
 API key or password (OS_PASSWORD).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: key
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-auth
-.PP
+
+- Config:      key
+- Env Var:     RCLONE_SWIFT_KEY
+- Type:        string
+- Required:    false
+
+#### --swift-auth
+
 Authentication URL for server (OS_AUTH_URL).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_AUTH
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]https://auth.api.rackspacecloud.com/v1.0\[dq]
-.RS 2
-.IP \[bu] 2
-Rackspace US
-.RE
-.IP \[bu] 2
-\[dq]https://lon.auth.api.rackspacecloud.com/v1.0\[dq]
-.RS 2
-.IP \[bu] 2
-Rackspace UK
-.RE
-.IP \[bu] 2
-\[dq]https://identity.api.rackspacecloud.com/v2.0\[dq]
-.RS 2
-.IP \[bu] 2
-Rackspace v2
-.RE
-.IP \[bu] 2
-\[dq]https://auth.storage.memset.com/v1.0\[dq]
-.RS 2
-.IP \[bu] 2
-Memset Memstore UK
-.RE
-.IP \[bu] 2
-\[dq]https://auth.storage.memset.com/v2.0\[dq]
-.RS 2
-.IP \[bu] 2
-Memset Memstore UK v2
-.RE
-.IP \[bu] 2
-\[dq]https://auth.cloud.ovh.net/v3\[dq]
-.RS 2
-.IP \[bu] 2
-OVH
-.RE
-.RE
-.SS --swift-user-id
-.PP
-User ID to log in - optional - most swift systems use user and leave
-this blank (v3 auth) (OS_USER_ID).
-.PP
+
+- Config:      auth
+- Env Var:     RCLONE_SWIFT_AUTH
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]https://auth.api.rackspacecloud.com/v1.0\[dq]
+        - Rackspace US
+    - \[dq]https://lon.auth.api.rackspacecloud.com/v1.0\[dq]
+        - Rackspace UK
+    - \[dq]https://identity.api.rackspacecloud.com/v2.0\[dq]
+        - Rackspace v2
+    - \[dq]https://auth.storage.memset.com/v1.0\[dq]
+        - Memset Memstore UK
+    - \[dq]https://auth.storage.memset.com/v2.0\[dq]
+        - Memset Memstore UK v2
+    - \[dq]https://auth.cloud.ovh.net/v3\[dq]
+        - OVH
+    - \[dq]https://authenticate.ain.net\[dq]
+        - Blomp Cloud Storage
+
+#### --swift-user-id
+
+User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
+
 Properties:
-.IP \[bu] 2
-Config: user_id
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_USER_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-domain
-.PP
+
+- Config:      user_id
+- Env Var:     RCLONE_SWIFT_USER_ID
+- Type:        string
+- Required:    false
+
+#### --swift-domain
+
 User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: domain
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_DOMAIN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-tenant
-.PP
-Tenant name - optional for v1 auth, this or tenant_id required otherwise
-(OS_TENANT_NAME or OS_PROJECT_NAME).
-.PP
+
+- Config:      domain
+- Env Var:     RCLONE_SWIFT_DOMAIN
+- Type:        string
+- Required:    false
+
+#### --swift-tenant
+
+Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).
+
 Properties:
-.IP \[bu] 2
-Config: tenant
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_TENANT
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-tenant-id
-.PP
-Tenant ID - optional for v1 auth, this or tenant required otherwise
-(OS_TENANT_ID).
-.PP
+
+- Config:      tenant
+- Env Var:     RCLONE_SWIFT_TENANT
+- Type:        string
+- Required:    false
+
+#### --swift-tenant-id
+
+Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).
+
 Properties:
-.IP \[bu] 2
-Config: tenant_id
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_TENANT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-tenant-domain
-.PP
+
+- Config:      tenant_id
+- Env Var:     RCLONE_SWIFT_TENANT_ID
+- Type:        string
+- Required:    false
+
+#### --swift-tenant-domain
+
 Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: tenant_domain
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_TENANT_DOMAIN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-region
-.PP
+
+- Config:      tenant_domain
+- Env Var:     RCLONE_SWIFT_TENANT_DOMAIN
+- Type:        string
+- Required:    false
+
+#### --swift-region
+
 Region name - optional (OS_REGION_NAME).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: region
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_REGION
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-storage-url
-.PP
+
+- Config:      region
+- Env Var:     RCLONE_SWIFT_REGION
+- Type:        string
+- Required:    false
+
+#### --swift-storage-url
+
 Storage URL - optional (OS_STORAGE_URL).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: storage_url
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_STORAGE_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-auth-token
-.PP
+
+- Config:      storage_url
+- Env Var:     RCLONE_SWIFT_STORAGE_URL
+- Type:        string
+- Required:    false
+
+#### --swift-auth-token
+
 Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_token
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_AUTH_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-application-credential-id
-.PP
+
+- Config:      auth_token
+- Env Var:     RCLONE_SWIFT_AUTH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --swift-application-credential-id
+
 Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: application_credential_id
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-application-credential-name
-.PP
+
+- Config:      application_credential_id
+- Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_ID
+- Type:        string
+- Required:    false
+
+#### --swift-application-credential-name
+
 Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: application_credential_name
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_NAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-application-credential-secret
-.PP
+
+- Config:      application_credential_name
+- Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_NAME
+- Type:        string
+- Required:    false
+
+#### --swift-application-credential-secret
+
 Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).
-.PP
-Properties:
-.IP \[bu] 2
-Config: application_credential_secret
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --swift-auth-version
-.PP
-AuthVersion - optional - set to (1,2,3) if your auth URL has no version
-(ST_AUTH_VERSION).
-.PP
-Properties:
-.IP \[bu] 2
-Config: auth_version
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_AUTH_VERSION
-.IP \[bu] 2
-Type: int
-.IP \[bu] 2
-Default: 0
-.SS --swift-endpoint-type
-.PP
-Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: endpoint_type
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_ENDPOINT_TYPE
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]public\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]public\[dq]
-.RS 2
-.IP \[bu] 2
-Public (default, choose this if not sure)
-.RE
-.IP \[bu] 2
-\[dq]internal\[dq]
-.RS 2
-.IP \[bu] 2
-Internal (use internal service net)
-.RE
-.IP \[bu] 2
-\[dq]admin\[dq]
-.RS 2
-.IP \[bu] 2
-Admin
-.RE
-.RE
-.SS --swift-storage-policy
-.PP
-The storage policy to use when creating a new container.
-.PP
-This applies the specified storage policy when creating a new container.
-The policy cannot be changed afterwards.
-The allowed configuration values and their meaning depend on your Swift
-storage provider.
-.PP
+
+- Config:      application_credential_secret
+- Env Var:     RCLONE_SWIFT_APPLICATION_CREDENTIAL_SECRET
+- Type:        string
+- Required:    false
+
+#### --swift-auth-version
+
+AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION).
+
 Properties:
-.IP \[bu] 2
-Config: storage_policy
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_STORAGE_POLICY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]\[dq]
-.RS 2
-.IP \[bu] 2
-Default
-.RE
-.IP \[bu] 2
-\[dq]pcs\[dq]
-.RS 2
-.IP \[bu] 2
-OVH Public Cloud Storage
-.RE
-.IP \[bu] 2
-\[dq]pca\[dq]
-.RS 2
-.IP \[bu] 2
-OVH Public Cloud Archive
-.RE
-.RE
-.SS Advanced options
-.PP
-Here are the Advanced options specific to swift (OpenStack Swift
-(Rackspace Cloud Files, Memset Memstore, OVH)).
-.SS --swift-leave-parts-on-error
-.PP
+
+- Config:      auth_version
+- Env Var:     RCLONE_SWIFT_AUTH_VERSION
+- Type:        int
+- Default:     0
+
+#### --swift-endpoint-type
+
+Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE).
+
+Properties:
+
+- Config:      endpoint_type
+- Env Var:     RCLONE_SWIFT_ENDPOINT_TYPE
+- Type:        string
+- Default:     \[dq]public\[dq]
+- Examples:
+    - \[dq]public\[dq]
+        - Public (default, choose this if not sure)
+    - \[dq]internal\[dq]
+        - Internal (use internal service net)
+    - \[dq]admin\[dq]
+        - Admin
+
+#### --swift-storage-policy
+
+The storage policy to use when creating a new container.
+
+This applies the specified storage policy when creating a new
+container. The policy cannot be changed afterwards. The allowed
+configuration values and their meaning depend on your Swift storage
+provider.
+
+Properties:
+
+- Config:      storage_policy
+- Env Var:     RCLONE_SWIFT_STORAGE_POLICY
+- Type:        string
+- Required:    false
+- Examples:
+    - \[dq]\[dq]
+        - Default
+    - \[dq]pcs\[dq]
+        - OVH Public Cloud Storage
+    - \[dq]pca\[dq]
+        - OVH Public Cloud Archive
+
+### Advanced options
+
+Here are the Advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)).
+
+#### --swift-leave-parts-on-error
+
 If true avoid calling abort upload on a failure.
-.PP
+
 It should be set to true for resuming uploads across different sessions.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: leave_parts_on_error
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_LEAVE_PARTS_ON_ERROR
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --swift-chunk-size
-.PP
-Above this size files will be chunked into a _segments container.
-.PP
+
+- Config:      leave_parts_on_error
+- Env Var:     RCLONE_SWIFT_LEAVE_PARTS_ON_ERROR
+- Type:        bool
+- Default:     false
+
+#### --swift-chunk-size
+
 Above this size files will be chunked into a _segments container.
-The default for this is 5 GiB which is its maximum value.
-.PP
+
+Above this size files will be chunked into a _segments container.  The
+default for this is 5 GiB which is its maximum value.
+
 Properties:
-.IP \[bu] 2
-Config: chunk_size
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_CHUNK_SIZE
-.IP \[bu] 2
-Type: SizeSuffix
-.IP \[bu] 2
-Default: 5Gi
-.SS --swift-no-chunk
-.PP
+
+- Config:      chunk_size
+- Env Var:     RCLONE_SWIFT_CHUNK_SIZE
+- Type:        SizeSuffix
+- Default:     5Gi
+
+#### --swift-no-chunk
+
 Don\[aq]t chunk files during streaming upload.
-.PP
-When doing streaming uploads (e.g.
-using rcat or mount) setting this flag will cause the swift backend to
-not upload chunked files.
-.PP
-This will limit the maximum upload size to 5 GiB.
-However non chunked files are easier to deal with and have an MD5SUM.
-.PP
+
+When doing streaming uploads (e.g. using rcat or mount) setting this
+flag will cause the swift backend to not upload chunked files.
+
+This will limit the maximum upload size to 5 GiB. However non chunked
+files are easier to deal with and have an MD5SUM.
+
 Rclone will still chunk files bigger than chunk_size when doing normal
 copy operations.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: no_chunk
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_NO_CHUNK
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --swift-no-large-objects
-.PP
+
+- Config:      no_chunk
+- Env Var:     RCLONE_SWIFT_NO_CHUNK
+- Type:        bool
+- Default:     false
+
+#### --swift-no-large-objects
+
 Disable support for static and dynamic large objects
-.PP
-Swift cannot transparently store files bigger than 5 GiB.
-There are two schemes for doing that, static or dynamic large objects,
-and the API does not allow rclone to determine whether a file is a
-static or dynamic large object without doing a HEAD on the object.
-Since these need to be treated differently, this means rclone has to
-issue HEAD requests for objects for example when reading checksums.
-.PP
-When \f[C]no_large_objects\f[R] is set, rclone will assume that there
-are no static or dynamic large objects stored.
-This means it can stop doing the extra HEAD calls which in turn
-increases performance greatly especially when doing a swift to swift
-transfer with \f[C]--checksum\f[R] set.
-.PP
-Setting this option implies \f[C]no_chunk\f[R] and also that no files
-will be uploaded in chunks, so files bigger than 5 GiB will just fail on
+
+Swift cannot transparently store files bigger than 5 GiB. There are
+two schemes for doing that, static or dynamic large objects, and the
+API does not allow rclone to determine whether a file is a static or
+dynamic large object without doing a HEAD on the object. Since these
+need to be treated differently, this means rclone has to issue HEAD
+requests for objects for example when reading checksums.
+
+When \[ga]no_large_objects\[ga] is set, rclone will assume that there are no
+static or dynamic large objects stored. This means it can stop doing
+the extra HEAD calls which in turn increases performance greatly
+especially when doing a swift to swift transfer with \[ga]--checksum\[ga] set.
+
+Setting this option implies \[ga]no_chunk\[ga] and also that no files will be
+uploaded in chunks, so files bigger than 5 GiB will just fail on
 upload.
-.PP
-If you set this option and there \f[I]are\f[R] static or dynamic large
-objects, then this will give incorrect hashes for them.
-Downloads will succeed, but other operations such as Remove and Copy
-will fail.
-.PP
+
+If you set this option and there *are* static or dynamic large objects,
+then this will give incorrect hashes for them. Downloads will succeed,
+but other operations such as Remove and Copy will fail.
+
+
 Properties:
-.IP \[bu] 2
-Config: no_large_objects
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_NO_LARGE_OBJECTS
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --swift-encoding
-.PP
+
+- Config:      no_large_objects
+- Env Var:     RCLONE_SWIFT_NO_LARGE_OBJECTS
+- Type:        bool
+- Default:     false
+
+#### --swift-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_SWIFT_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,InvalidUtf8
-.SS Limitations
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_SWIFT_ENCODING
+- Type:        Encoding
+- Default:     Slash,InvalidUtf8
+
+
+
+## Limitations
+
 The Swift API doesn\[aq]t return a correct MD5SUM for segmented files
 (Dynamic or Static Large Objects) so rclone won\[aq]t check or use the
 MD5SUM for these.
-.SS Troubleshooting
-.SS Rclone gives Failed to create file system for \[dq]remote:\[dq]: Bad Request
-.PP
+
+## Troubleshooting
+
+### Rclone gives Failed to create file system for \[dq]remote:\[dq]: Bad Request
+
 Due to an oddity of the underlying swift library, it gives a \[dq]Bad
 Request\[dq] error rather than a more sensible error when the
 authentication fails for Swift.
-.PP
-So this most likely means your username / password is wrong.
-You can investigate further with the \f[C]--dump-bodies\f[R] flag.
-.PP
+
+So this most likely means your username / password is wrong.  You can
+investigate further with the \[ga]--dump-bodies\[ga] flag.
+
 This may also be caused by specifying the region when you shouldn\[aq]t
-have (e.g.
-OVH).
-.SS Rclone gives Failed to create file system: Response didn\[aq]t have storage url and auth token
-.PP
+have (e.g. OVH).
+
+### Rclone gives Failed to create file system: Response didn\[aq]t have storage url and auth token
+
 This is most likely caused by forgetting to specify your tenant when
 setting up a swift remote.
-.SS OVH Cloud Archive
-.PP
-To use rclone with OVH cloud archive, first use \f[C]rclone config\f[R]
-to set up a \f[C]swift\f[R] backend with OVH, choosing \f[C]pca\f[R] as
-the \f[C]storage_policy\f[R].
-.SS Uploading Objects
-.PP
-Uploading objects to OVH cloud archive is no different to object
-storage, you just simply run the command you like (move, copy or sync)
-to upload the objects.
-Once uploaded the objects will show in a \[dq]Frozen\[dq] state within
-the OVH control panel.
-.SS Retrieving Objects
-.PP
-To retrieve objects use \f[C]rclone copy\f[R] as normal.
-If the objects are in a frozen state then rclone will ask for them all
-to be unfrozen and it will wait at the end of the output with a message
-like the following:
-.PP
-\f[C]2019/03/23 13:06:33 NOTICE: Received retry after error - sleeping until 2019-03-23T13:16:33.481657164+01:00 (9m59.99985121s)\f[R]
-.PP
+
+## OVH Cloud Archive
+
+To use rclone with OVH cloud archive, first use \[ga]rclone config\[ga] to set up a \[ga]swift\[ga] backend with OVH, choosing \[ga]pca\[ga] as the \[ga]storage_policy\[ga].
+
+### Uploading Objects
+
+Uploading objects to OVH cloud archive is no different to object storage, you just simply run the command you like (move, copy or sync) to upload the objects. Once uploaded the objects will show in a \[dq]Frozen\[dq] state within the OVH control panel.
+
+### Retrieving Objects
+
+To retrieve objects use \[ga]rclone copy\[ga] as normal. If the objects are in a frozen state then rclone will ask for them all to be unfrozen and it will wait at the end of the output with a message like the following:
+
+\[ga]2019/03/23 13:06:33 NOTICE: Received retry after error - sleeping until 2019-03-23T13:16:33.481657164+01:00 (9m59.99985121s)\[ga]
+
 Rclone will wait for the time specified then retry the copy.
-.SH pCloud
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
-The initial setup for pCloud involves getting a token from pCloud which
-you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
+
+#  pCloud
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
+The initial setup for pCloud involves getting a token from pCloud which you
+need to do in your browser.  \[ga]rclone config\[ga] walks you through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
 This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / Pcloud
-   \[rs] \[dq]pcloud\[dq]
-[snip]
-Storage> pcloud
-Pcloud App Client Id - leave blank normally.
-client_id> 
-Pcloud App Client Secret - leave blank normally.
-client_secret> 
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-client_id = 
-client_secret = 
-token = {\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]expiry\[dq]:\[dq]0001-01-01T00:00:00Z\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
 \f[R]
 .fi
 .PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / Pcloud
+\ \[dq]pcloud\[dq] [snip] Storage> pcloud Pcloud App Client Id - leave
+blank normally.
+client_id> Pcloud App Client Secret - leave blank normally.
+client_secret> Remote config Use web browser to automatically
+authenticate rclone with remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y) Yes n) No y/n> y If your browser doesn\[aq]t open automatically go to
+the following link: http://127.0.0.1:53682/auth Log in and authorize
+rclone for access Waiting for code...
+Got code -------------------- [remote] client_id = client_secret = token
+=
+{\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]bearer\[dq],\[dq]expiry\[dq]:\[dq]0001-01-01T00:00:00Z\[dq]}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
+.IP
+.nf
+\f[C]
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
 Note that rclone runs a webserver on your local machine to collect the
-token as returned from pCloud.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall.
-.PP
-Once configured you can then use \f[C]rclone\f[R] like this,
-.PP
+token as returned from pCloud. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on \[ga]http://127.0.0.1:53682/\[ga] and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
 List directories in top level of your pCloud
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 List all the files in your pCloud
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
-.PP
+
+    rclone ls remote:
+
 To copy a local directory to a pCloud directory called backup
-.IP
-.nf
-\f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Modified time and hashes
-.PP
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
 pCloud allows modification times to be set on objects accurate to 1
-second.
-These will be used to detect whether objects need syncing or not.
-In order to set a Modification time pCloud requires the object be
-re-uploaded.
-.PP
-pCloud supports MD5 and SHA1 hashes in the US region, and SHA1 and
-SHA256 hashes in the EU region, so you can use the \f[C]--checksum\f[R]
-flag.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Deleting files
-.PP
-Deleted files will be moved to the trash.
-Your subscription level will determine how long items stay in the trash.
-\f[C]rclone cleanup\f[R] can be used to empty the trash.
-.SS Emptying the trash
-.PP
-Due to an API limitation, the \f[C]rclone cleanup\f[R] command will only
-work if you set your username and password in the advanced options for
-this backend.
-Since we generally want to avoid storing user passwords in the rclone
-config file, we advise you to only set this up if you need the
-\f[C]rclone cleanup\f[R] command to work.
-.SS Root folder ID
-.PP
-You can set the \f[C]root_folder_id\f[R] for rclone.
-This is the directory (identified by its \f[C]Folder ID\f[R]) that
-rclone considers to be the root of your pCloud drive.
-.PP
-Normally you will leave this blank and rclone will determine the correct
-root to use itself.
-.PP
+second.  These will be used to detect whether objects need syncing or
+not.  In order to set a Modification time pCloud requires the object
+be re-uploaded.
+
+pCloud supports MD5 and SHA1 hashes in the US region, and SHA1 and SHA256
+hashes in the EU region, so you can use the \[ga]--checksum\[ga] flag.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[rs]         | 0x5C  | \[uFF3C]          |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Deleting files
+
+Deleted files will be moved to the trash.  Your subscription level
+will determine how long items stay in the trash.  \[ga]rclone cleanup\[ga] can
+be used to empty the trash.
+
+### Emptying the trash
+
+Due to an API limitation, the \[ga]rclone cleanup\[ga] command will only work if you 
+set your username and password in the advanced options for this backend. 
+Since we generally want to avoid storing user passwords in the rclone config
+file, we advise you to only set this up if you need the \[ga]rclone cleanup\[ga] command to work.
+
+### Root folder ID
+
+You can set the \[ga]root_folder_id\[ga] for rclone.  This is the directory
+(identified by its \[ga]Folder ID\[ga]) that rclone considers to be the root
+of your pCloud drive.
+
+Normally you will leave this blank and rclone will determine the
+correct root to use itself.
+
 However you can set this to restrict rclone to a specific folder
 hierarchy.
-.PP
-In order to do this you will have to find the \f[C]Folder ID\f[R] of the
-directory you wish rclone to display.
-This will be the \f[C]folder\f[R] field of the URL when you open the
-relevant folder in the pCloud web interface.
-.PP
+
+In order to do this you will have to find the \[ga]Folder ID\[ga] of the
+directory you wish rclone to display.  This will be the \[ga]folder\[ga] field
+of the URL when you open the relevant folder in the pCloud web
+interface.
+
 So if the folder you want rclone to use has a URL which looks like
-\f[C]https://my.pcloud.com/#page=filemanager&folder=5xxxxxxxx8&tpl=foldergrid\f[R]
-in the browser, then you use \f[C]5xxxxxxxx8\f[R] as the
-\f[C]root_folder_id\f[R] in the config.
-.SS Standard options
-.PP
+\[ga]https://my.pcloud.com/#page=filemanager&folder=5xxxxxxxx8&tpl=foldergrid\[ga]
+in the browser, then you use \[ga]5xxxxxxxx8\[ga] as
+the \[ga]root_folder_id\[ga] in the config.
+
+
+### Standard options
+
 Here are the Standard options specific to pcloud (Pcloud).
-.SS --pcloud-client-id
-.PP
+
+#### --pcloud-client-id
+
 OAuth Client Id.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_id
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_CLIENT_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --pcloud-client-secret
-.PP
+
+- Config:      client_id
+- Env Var:     RCLONE_PCLOUD_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --pcloud-client-secret
+
 OAuth Client Secret.
-.PP
+
 Leave blank normally.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: client_secret
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_CLIENT_SECRET
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
+
+- Config:      client_secret
+- Env Var:     RCLONE_PCLOUD_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
 Here are the Advanced options specific to pcloud (Pcloud).
-.SS --pcloud-token
-.PP
+
+#### --pcloud-token
+
 OAuth Access Token as a JSON blob.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --pcloud-auth-url
-.PP
+
+- Config:      token
+- Env Var:     RCLONE_PCLOUD_TOKEN
+- Type:        string
+- Required:    false
+
+#### --pcloud-auth-url
+
 Auth server URL.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_url
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_AUTH_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --pcloud-token-url
-.PP
+
+- Config:      auth_url
+- Env Var:     RCLONE_PCLOUD_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --pcloud-token-url
+
 Token server url.
-.PP
+
 Leave blank to use the provider defaults.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: token_url
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_TOKEN_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --pcloud-encoding
-.PP
+
+- Config:      token_url
+- Env Var:     RCLONE_PCLOUD_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --pcloud-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
-.SS --pcloud-root-folder-id
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_PCLOUD_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+#### --pcloud-root-folder-id
+
 Fill in for rclone to use a non root folder as its starting point.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: root_folder_id
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_ROOT_FOLDER_ID
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]d0\[dq]
-.SS --pcloud-hostname
-.PP
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_PCLOUD_ROOT_FOLDER_ID
+- Type:        string
+- Default:     \[dq]d0\[dq]
+
+#### --pcloud-hostname
+
 Hostname to connect to.
-.PP
+
 This is normally set when rclone initially does the oauth connection,
 however you will need to set it by hand if you are using remote config
 with rclone authorize.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: hostname
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_HOSTNAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Default: \[dq]api.pcloud.com\[dq]
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]api.pcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-Original/US region
-.RE
-.IP \[bu] 2
-\[dq]eapi.pcloud.com\[dq]
-.RS 2
-.IP \[bu] 2
-EU region
-.RE
-.RE
-.SS --pcloud-username
-.PP
+
+- Config:      hostname
+- Env Var:     RCLONE_PCLOUD_HOSTNAME
+- Type:        string
+- Default:     \[dq]api.pcloud.com\[dq]
+- Examples:
+    - \[dq]api.pcloud.com\[dq]
+        - Original/US region
+    - \[dq]eapi.pcloud.com\[dq]
+        - EU region
+
+#### --pcloud-username
+
 Your pcloud username.
-.PP
-This is only required when you want to use the cleanup command.
-Due to a bug in the pcloud API the required API does not support OAuth
-authentication so we have to rely on user password authentication for
-it.
-.PP
+            
+This is only required when you want to use the cleanup command. Due to a bug
+in the pcloud API the required API does not support OAuth authentication so
+we have to rely on user password authentication for it.
+
 Properties:
-.IP \[bu] 2
-Config: username
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_USERNAME
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --pcloud-password
-.PP
+
+- Config:      username
+- Env Var:     RCLONE_PCLOUD_USERNAME
+- Type:        string
+- Required:    false
+
+#### --pcloud-password
+
 Your pcloud password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: password
-.IP \[bu] 2
-Env Var: RCLONE_PCLOUD_PASSWORD
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SH premiumize.me
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-Paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
-The initial setup for premiumize.me (https://premiumize.me/) involves
-getting a token from premiumize.me which you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
-\f[R]
-.fi
-.PP
-This will guide you through an interactive setup process:
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / premiumize.me
-   \[rs] \[dq]premiumizeme\[dq]
-[snip]
-Storage> premiumizeme
-** See help for premiumizeme backend at: https://rclone.org/premiumizeme/ **
 
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[remote]
-type = premiumizeme
-token = {\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2029-08-07T18:44:15.548915378+01:00\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> 
+- Config:      password
+- Env Var:     RCLONE_PCLOUD_PASSWORD
+- Type:        string
+- Required:    false
+
+
+
+#  PikPak
+
+PikPak is [a private cloud drive](https://mypikpak.com/).
+
+Paths are specified as \[ga]remote:path\[ga], and may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
+Here is an example of making a remote for PikPak.
+
+First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
 .PP
-Note that rclone runs a webserver on your local machine to collect the
-token as returned from premiumize.me.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall.
+Enter name for new remote.
+name> remote
 .PP
-Once configured you can then use \f[C]rclone\f[R] like this,
+Option Storage.
+Type of storage to configure.
+Choose a number from below, or type in your own value.
+XX / PikPak \ (pikpak) Storage> XX
 .PP
-List directories in top level of your premiumize.me
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
+Option user.
+Pikpak username.
+Enter a value.
+user> USERNAME
 .PP
-List all the files in your premiumize.me
-.IP
-.nf
-\f[C]
-rclone ls remote:
-\f[R]
-.fi
+Option pass.
+Pikpak password.
+Choose an alternative below.
+y) Yes, type in my own password g) Generate random password y/g> y Enter
+the password: password: Confirm the password: password:
 .PP
-To copy a local directory to an premiumize.me directory called backup
+Edit advanced config?
+y) Yes n) No (default) y/n>
+.PP
+Configuration complete.
+Options: - type: pikpak - user: USERNAME - pass: *** ENCRYPTED *** -
+token:
+{\[dq]access_token\[dq]:\[dq]eyJ...\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]os...\[dq],\[dq]expiry\[dq]:\[dq]2023-01-26T18:54:32.170582647+09:00\[dq]}
+Keep this \[dq]remote\[dq] remote?
+y) Yes this is OK (default) e) Edit this remote d) Delete this remote
+y/e/d> y
 .IP
 .nf
 \f[C]
-rclone copy /home/source remote:backup
+### Modification times and hashes
+
+PikPak keeps modification times on objects, and updates them when uploading objects,
+but it does not support changing only the modification time
+
+The MD5 hash algorithm is supported.
+
+
+### Standard options
+
+Here are the Standard options specific to pikpak (PikPak).
+
+#### --pikpak-user
+
+Pikpak username.
+
+Properties:
+
+- Config:      user
+- Env Var:     RCLONE_PIKPAK_USER
+- Type:        string
+- Required:    true
+
+#### --pikpak-pass
+
+Pikpak password.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      pass
+- Env Var:     RCLONE_PIKPAK_PASS
+- Type:        string
+- Required:    true
+
+### Advanced options
+
+Here are the Advanced options specific to pikpak (PikPak).
+
+#### --pikpak-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PIKPAK_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PIKPAK_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --pikpak-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PIKPAK_TOKEN
+- Type:        string
+- Required:    false
+
+#### --pikpak-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PIKPAK_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PIKPAK_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --pikpak-root-folder-id
+
+ID of the root folder.
+Leave blank normally.
+
+Fill in for rclone to use a non root folder as its starting point.
+
+
+Properties:
+
+- Config:      root_folder_id
+- Env Var:     RCLONE_PIKPAK_ROOT_FOLDER_ID
+- Type:        string
+- Required:    false
+
+#### --pikpak-use-trash
+
+Send files to the trash instead of deleting permanently.
+
+Defaults to true, namely sending files to the trash.
+Use \[ga]--pikpak-use-trash=false\[ga] to delete files permanently instead.
+
+Properties:
+
+- Config:      use_trash
+- Env Var:     RCLONE_PIKPAK_USE_TRASH
+- Type:        bool
+- Default:     true
+
+#### --pikpak-trashed-only
+
+Only show files that are in the trash.
+
+This will show trashed files in their original directory structure.
+
+Properties:
+
+- Config:      trashed_only
+- Env Var:     RCLONE_PIKPAK_TRASHED_ONLY
+- Type:        bool
+- Default:     false
+
+#### --pikpak-hash-memory-limit
+
+Files bigger than this will be cached on disk to calculate hash if required.
+
+Properties:
+
+- Config:      hash_memory_limit
+- Env Var:     RCLONE_PIKPAK_HASH_MEMORY_LIMIT
+- Type:        SizeSuffix
+- Default:     10Mi
+
+#### --pikpak-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PIKPAK_ENCODING
+- Type:        Encoding
+- Default:     Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,RightSpace,RightPeriod,InvalidUtf8,Dot
+
+## Backend commands
+
+Here are the commands specific to the pikpak backend.
+
+Run them with
+
+    rclone backend COMMAND remote:
+
+The help below will explain what arguments each command takes.
+
+See the [backend](https://rclone.org/commands/rclone_backend/) command for more
+info on how to pass options and arguments.
+
+These can be run on a running backend using the rc command
+[backend/command](https://rclone.org/rc/#backend-command).
+
+### addurl
+
+Add offline download task for url
+
+    rclone backend addurl remote: [options] [<arguments>+]
+
+This command adds offline download task for url.
+
+Usage:
+
+    rclone backend addurl pikpak:dirpath url
+
+Downloads will be stored in \[aq]dirpath\[aq]. If \[aq]dirpath\[aq] is invalid, 
+download will fallback to default \[aq]My Pack\[aq] folder.
+
+
+### decompress
+
+Request decompress of a file/files in a folder
+
+    rclone backend decompress remote: [options] [<arguments>+]
+
+This command requests decompress of file/files in a folder.
+
+Usage:
+
+    rclone backend decompress pikpak:dirpath {filename} -o password=password
+    rclone backend decompress pikpak:dirpath {filename} -o delete-src-file
+
+An optional argument \[aq]filename\[aq] can be specified for a file located in 
+\[aq]pikpak:dirpath\[aq]. You may want to pass \[aq]-o password=password\[aq] for a 
+password-protected files. Also, pass \[aq]-o delete-src-file\[aq] to delete 
+source files after decompression finished.
+
+Result:
+
+    {
+        \[dq]Decompressed\[dq]: 17,
+        \[dq]SourceDeleted\[dq]: 0,
+        \[dq]Errors\[dq]: 0
+    }
+
+
+
+
+## Limitations
+
+### Hashes may be empty
+
+PikPak supports MD5 hash, but sometimes given empty especially for user-uploaded files.
+
+### Deleted files still visible with trashed-only
+
+Deleted files will still be visible with \[ga]--pikpak-trashed-only\[ga] even after the
+trash emptied. This goes away after few days.
+
+#  premiumize.me
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configuration
+
+The initial setup for [premiumize.me](https://premiumize.me/) involves getting a token from premiumize.me which you
+need to do in your browser.  \[ga]rclone config\[ga] walks you through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
-.SS Modified time and hashes
 .PP
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX /
+premiumize.me \ \[dq]premiumizeme\[dq] [snip] Storage> premiumizeme **
+See help for premiumizeme backend at: https://rclone.org/premiumizeme/
+**
+.PP
+Remote config Use web browser to automatically authenticate rclone with
+remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y) Yes n) No y/n> y If your browser doesn\[aq]t open automatically go to
+the following link: http://127.0.0.1:53682/auth Log in and authorize
+rclone for access Waiting for code...
+Got code -------------------- [remote] type = premiumizeme token =
+{\[dq]access_token\[dq]:\[dq]XXX\[dq],\[dq]token_type\[dq]:\[dq]Bearer\[dq],\[dq]refresh_token\[dq]:\[dq]XXX\[dq],\[dq]expiry\[dq]:\[dq]2029-08-07T18:44:15.548915378+01:00\[dq]}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d>
+.IP
+.nf
+\f[C]
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
+Note that rclone runs a webserver on your local machine to collect the
+token as returned from premiumize.me. This only runs from the moment it opens
+your browser to the moment you get back the verification code.  This
+is on \[ga]http://127.0.0.1:53682/\[ga] and this it may require you to unblock
+it temporarily if you are running a host firewall.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your premiumize.me
+
+    rclone lsd remote:
+
+List all the files in your premiumize.me
+
+    rclone ls remote:
+
+To copy a local directory to an premiumize.me directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
 premiumize.me does not support modification times or hashes, therefore
-syncing will default to \f[C]--size-only\f[R] checking.
-Note that using \f[C]--update\f[R] will work.
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-T{
-\[dq]
-T}@T{
-0x22
-T}@T{
-\[uFF02]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Standard options
-.PP
+syncing will default to \[ga]--size-only\[ga] checking.  Note that using
+\[ga]--update\[ga] will work.
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[rs]         | 0x5C  | \[uFF3C]           |
+| \[dq]         | 0x22  | \[uFF02]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
 Here are the Standard options specific to premiumizeme (premiumize.me).
-.SS --premiumizeme-api-key
-.PP
+
+#### --premiumizeme-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PREMIUMIZEME_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-api-key
+
 API Key.
-.PP
+
 This is not normally used - use oauth instead.
-.PP
+
+
 Properties:
-.IP \[bu] 2
-Config: api_key
-.IP \[bu] 2
-Env Var: RCLONE_PREMIUMIZEME_API_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
+
+- Config:      api_key
+- Env Var:     RCLONE_PREMIUMIZEME_API_KEY
+- Type:        string
+- Required:    false
+
+### Advanced options
+
 Here are the Advanced options specific to premiumizeme (premiumize.me).
-.SS --premiumizeme-encoding
-.PP
+
+#### --premiumizeme-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PREMIUMIZEME_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PREMIUMIZEME_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --premiumizeme-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_PREMIUMIZEME_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.PP
-Note that premiumize.me is case insensitive so you can\[aq]t have a file
-called \[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
-.PP
-premiumize.me file names can\[aq]t have the \f[C]\[rs]\f[R] or
-\f[C]\[dq]\f[R] characters in.
+
+- Config:      encoding
+- Env Var:     RCLONE_PREMIUMIZEME_ENCODING
+- Type:        Encoding
+- Default:     Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+Note that premiumize.me is case insensitive so you can\[aq]t have a file called
+\[dq]Hello.doc\[dq] and one called \[dq]hello.doc\[dq].
+
+premiumize.me file names can\[aq]t have the \[ga]\[rs]\[ga] or \[ga]\[dq]\[ga] characters in.
 rclone maps these to and from an identical looking unicode equivalents
-\f[C]\[uFF3C]\f[R] and \f[C]\[uFF02]\f[R]
-.PP
+\[ga]\[uFF3C]\[ga] and \[ga]\[uFF02]\[ga]
+
 premiumize.me only supports filenames up to 255 characters in length.
-.SH put.io
-.PP
-Paths are specified as \f[C]remote:path\f[R]
-.PP
-put.io paths may be as deep as required, e.g.
-\f[C]remote:directory/subdirectory\f[R].
-.SS Configuration
-.PP
-The initial setup for put.io involves getting a token from put.io which
-you need to do in your browser.
-\f[C]rclone config\f[R] walks you through it.
-.PP
-Here is an example of how to make a remote called \f[C]remote\f[R].
-First run:
-.IP
-.nf
-\f[C]
- rclone config
+
+#  Proton Drive
+
+[Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+ for your files that protects your data.
+
+This is an rclone backend for Proton Drive which supports the file transfer
+features of Proton Drive using the same client-side encryption.
+
+Due to the fact that Proton Drive doesn\[aq]t publish its API documentation, this 
+backend is implemented with best efforts by reading the open-sourced client 
+source code and observing the Proton Drive traffic in the browser.
+
+**NB** This backend is currently in Beta. It is believed to be correct
+and all the integration tests pass. However the Proton Drive protocol
+has evolved over time there may be accounts it is not compatible
+with. Please [post on the rclone forum](https://forum.rclone.org/) if
+you find an incompatibility.
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configurations
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process:
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / Proton
+Drive \ \[dq]Proton Drive\[dq] [snip] Storage> protondrive User name
+user> you\[at]protonmail.com Password.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank y/g/n> y Enter the password: password:
+Confirm the password: password: Option 2fa.
+2FA code (if the account requires one) Enter a value.
+Press Enter to leave empty.
+2fa> 123456 Remote config -------------------- [remote] type =
+protondrive user = you\[at]protonmail.com pass = *** ENCRYPTED ***
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 .IP
 .nf
 \f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> putio
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Put.io
-   \[rs] \[dq]putio\[dq]
-[snip]
-Storage> putio
-** See help for putio backend at: https://rclone.org/putio/ **
+**NOTE:** The Proton Drive encryption keys need to have been already generated 
+after a regular login via the browser, otherwise attempting to use the 
+credentials in \[ga]rclone\[ga] will fail.
 
-Remote config
-Use web browser to automatically authenticate rclone with remote?
- * Say Y if the machine running rclone has a web browser you can use
- * Say N if running rclone on a (remote) machine without web browser access
-If not sure try Y. If Y failed, try N.
-y) Yes
-n) No
-y/n> y
-If your browser doesn\[aq]t open automatically go to the following link: http://127.0.0.1:53682/auth
-Log in and authorize rclone for access
-Waiting for code...
-Got code
---------------------
-[putio]
-type = putio
-token = {\[dq]access_token\[dq]:\[dq]XXXXXXXX\[dq],\[dq]expiry\[dq]:\[dq]0001-01-01T00:00:00Z\[dq]}
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-Current remotes:
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your Proton Drive
+
+    rclone lsd remote:
+
+List all the files in your Proton Drive
+
+    rclone ls remote:
+
+To copy a local directory to an Proton Drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Proton Drive Bridge does not support updating modification times yet.
+
+The SHA1 hash algorithm is supported.
+
+### Restricted filename characters
+
+Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
+
+### Duplicated files
+
+Proton Drive can not have two files with exactly the same name and path. If the 
+conflict occurs, depending on the advanced config, the file might or might not 
+be overwritten.
+
+### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
+
+Please set your mailbox password in the advanced config section.
+
+### Caching
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won\[cq]t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+
+### Standard options
+
+Here are the Standard options specific to protondrive (Proton Drive).
+
+#### --protondrive-username
+
+The username of your proton account
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PROTONDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --protondrive-password
+
+The password of your proton account.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --protondrive-2fa
+
+The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_PROTONDRIVE_2FA
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to protondrive (Proton Drive).
+
+#### --protondrive-mailbox-password
+
+The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      mailbox_password
+- Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-uid
+
+Client uid key (internal use only)
+
+Properties:
+
+- Config:      client_uid
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-access-token
+
+Client access token key (internal use only)
+
+Properties:
+
+- Config:      client_access_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-refresh-token
+
+Client refresh token key (internal use only)
+
+Properties:
+
+- Config:      client_refresh_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-salted-key-pass
+
+Client salted key pass key (internal use only)
+
+Properties:
+
+- Config:      client_salted_key_pass
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+- Type:        string
+- Required:    false
+
+#### --protondrive-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PROTONDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
+
+#### --protondrive-original-file-size
+
+Return the file size before encryption
+            
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly
+
+Properties:
+
+- Config:      original_file_size
+- Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+- Type:        bool
+- Default:     true
+
+#### --protondrive-app-version
+
+The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.
+
+Properties:
+
+- Config:      app_version
+- Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+- Type:        string
+- Default:     \[dq]macos-drive\[at]1.0.0-alpha.1+rclone\[dq]
+
+#### --protondrive-replace-existing-draft
+
+Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error \[dq]a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt\[dq] 
+will be returned, and no upload will happen.
+
+Properties:
+
+- Config:      replace_existing_draft
+- Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+- Type:        bool
+- Default:     false
+
+#### --protondrive-enable-caching
+
+Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn\[aq]t update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won\[cq]t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+Properties:
+
+- Config:      enable_caching
+- Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+- Type:        bool
+- Default:     true
+
+
+
+## Limitations
+
+This backend uses the 
+[Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
+
+There is no official API documentation available from Proton Drive. But, thanks 
+to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+and the web, iOS, and Android client codebases, we don\[aq]t need to completely 
+reverse engineer the APIs by observing the web client traffic! 
+
+[proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+building blocks of API calls and error handling, such as 429 exponential 
+back-off, but it is pretty much just a barebone interface to the Proton API. 
+For example, the encryption and decryption of the Proton Drive file are not 
+provided in this library. 
+
+The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+top of this quickly. This codebase handles the intricate tasks before and after 
+calling Proton APIs, particularly the complex encryption scheme, allowing 
+developers to implement features for other software on top of this codebase. 
+There are likely quite a few errors in this library, as there isn\[aq]t official 
+documentation available.
+
+#  put.io
+
+Paths are specified as \[ga]remote:path\[ga]
+
+put.io paths may be as deep as required, e.g.
+\[ga]remote:directory/subdirectory\[ga].
 
-Name                 Type
-====                 ====
-putio                putio
+## Configuration
 
-e) Edit existing remote
-n) New remote
-d) Delete remote
-r) Rename remote
-c) Copy remote
-s) Set configuration password
-q) Quit config
-e/n/d/r/c/s/q> q
+The initial setup for put.io involves getting a token from put.io
+which you need to do in your browser.  \[ga]rclone config\[ga] walks you
+through it.
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-See the remote setup docs (https://rclone.org/remote_setup/) for how to
-set it up on a machine with no Internet browser available.
-.PP
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> putio Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX / Put.io
+\ \[dq]putio\[dq] [snip] Storage> putio ** See help for putio backend
+at: https://rclone.org/putio/ **
+.PP
+Remote config Use web browser to automatically authenticate rclone with
+remote?
+* Say Y if the machine running rclone has a web browser you can use *
+Say N if running rclone on a (remote) machine without web browser access
+If not sure try Y.
+If Y failed, try N.
+y) Yes n) No y/n> y If your browser doesn\[aq]t open automatically go to
+the following link: http://127.0.0.1:53682/auth Log in and authorize
+rclone for access Waiting for code...
+Got code -------------------- [putio] type = putio token =
+{\[dq]access_token\[dq]:\[dq]XXXXXXXX\[dq],\[dq]expiry\[dq]:\[dq]0001-01-01T00:00:00Z\[dq]}
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y Current remotes:
+.PP
+Name Type ==== ==== putio putio
+.IP "e)" 3
+Edit existing remote
+.IP "f)" 3
+New remote
+.IP "g)" 3
+Delete remote
+.IP "h)" 3
+Rename remote
+.IP "i)" 3
+Copy remote
+.IP "j)" 3
+Set configuration password
+.IP "k)" 3
+Quit config e/n/d/r/c/s/q> q
+.IP
+.nf
+\f[C]
+See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
+machine with no Internet browser available.
+
 Note that rclone runs a webserver on your local machine to collect the
-token as returned from put.io if using web browser to automatically
-authenticate.
-This only runs from the moment it opens your browser to the moment you
-get back the verification code.
-This is on \f[C]http://127.0.0.1:53682/\f[R] and this it may require you
-to unblock it temporarily if you are running a host firewall, or use
-manual mode.
-.PP
+token as returned from put.io  if using web browser to automatically 
+authenticate. This only
+runs from the moment it opens your browser to the moment you get back
+the verification code.  This is on \[ga]http://127.0.0.1:53682/\[ga] and this
+it may require you to unblock it temporarily if you are running a host
+firewall, or use manual mode.
+
 You can then use it like this,
-.PP
+
 List directories in top level of your put.io
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 List all the files in your put.io
-.IP
-.nf
-\f[C]
-rclone ls remote:
+
+    rclone ls remote:
+
+To copy a local directory to a put.io directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| \[rs]         | 0x5C  | \[uFF3C]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+
+### Standard options
+
+Here are the Standard options specific to putio (Put.io).
+
+#### --putio-client-id
+
+OAuth Client Id.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_id
+- Env Var:     RCLONE_PUTIO_CLIENT_ID
+- Type:        string
+- Required:    false
+
+#### --putio-client-secret
+
+OAuth Client Secret.
+
+Leave blank normally.
+
+Properties:
+
+- Config:      client_secret
+- Env Var:     RCLONE_PUTIO_CLIENT_SECRET
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to putio (Put.io).
+
+#### --putio-token
+
+OAuth Access Token as a JSON blob.
+
+Properties:
+
+- Config:      token
+- Env Var:     RCLONE_PUTIO_TOKEN
+- Type:        string
+- Required:    false
+
+#### --putio-auth-url
+
+Auth server URL.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      auth_url
+- Env Var:     RCLONE_PUTIO_AUTH_URL
+- Type:        string
+- Required:    false
+
+#### --putio-token-url
+
+Token server url.
+
+Leave blank to use the provider defaults.
+
+Properties:
+
+- Config:      token_url
+- Env Var:     RCLONE_PUTIO_TOKEN_URL
+- Type:        string
+- Required:    false
+
+#### --putio-encoding
+
+The encoding for the backend.
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
+Properties:
+
+- Config:      encoding
+- Env Var:     RCLONE_PUTIO_ENCODING
+- Type:        Encoding
+- Default:     Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
+
+
+
+## Limitations
+
+put.io has rate limiting. When you hit a limit, rclone automatically
+retries after waiting the amount of time requested by the server.
+
+If you want to avoid ever hitting these limits, you may use the
+\[ga]--tpslimit\[ga] flag with a low number. Note that the imposed limits
+may be different for different operations, and may change over time.
+
+#  Proton Drive
+
+[Proton Drive](https://proton.me/drive) is an end-to-end encrypted Swiss vault
+ for your files that protects your data.
+
+This is an rclone backend for Proton Drive which supports the file transfer
+features of Proton Drive using the same client-side encryption.
+
+Due to the fact that Proton Drive doesn\[aq]t publish its API documentation, this 
+backend is implemented with best efforts by reading the open-sourced client 
+source code and observing the Proton Drive traffic in the browser.
+
+**NB** This backend is currently in Beta. It is believed to be correct
+and all the integration tests pass. However the Proton Drive protocol
+has evolved over time there may be accounts it is not compatible
+with. Please [post on the rclone forum](https://forum.rclone.org/) if
+you find an incompatibility.
+
+Paths are specified as \[ga]remote:path\[ga]
+
+Paths may be as deep as required, e.g. \[ga]remote:directory/subdirectory\[ga].
+
+## Configurations
+
+Here is an example of how to make a remote called \[ga]remote\[ga].  First run:
+
+     rclone config
+
+This will guide you through an interactive setup process:
 \f[R]
 .fi
 .PP
-To copy a local directory to a put.io directory called backup
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX / Proton
+Drive \ \[dq]Proton Drive\[dq] [snip] Storage> protondrive User name
+user> you\[at]protonmail.com Password.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank y/g/n> y Enter the password: password:
+Confirm the password: password: Option 2fa.
+2FA code (if the account requires one) Enter a value.
+Press Enter to leave empty.
+2fa> 123456 Remote config -------------------- [remote] type =
+protondrive user = you\[at]protonmail.com pass = *** ENCRYPTED ***
+-------------------- y) Yes this is OK e) Edit this remote d) Delete
+this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone copy /home/source remote:backup
-\f[R]
-.fi
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Advanced options
-.PP
-Here are the Advanced options specific to putio (Put.io).
-.SS --putio-encoding
-.PP
+**NOTE:** The Proton Drive encryption keys need to have been already generated 
+after a regular login via the browser, otherwise attempting to use the 
+credentials in \[ga]rclone\[ga] will fail.
+
+Once configured you can then use \[ga]rclone\[ga] like this,
+
+List directories in top level of your Proton Drive
+
+    rclone lsd remote:
+
+List all the files in your Proton Drive
+
+    rclone ls remote:
+
+To copy a local directory to an Proton Drive directory called backup
+
+    rclone copy /home/source remote:backup
+
+### Modification times and hashes
+
+Proton Drive Bridge does not support updating modification times yet.
+
+The SHA1 hash algorithm is supported.
+
+### Restricted filename characters
+
+Invalid UTF-8 bytes will be [replaced](https://rclone.org/overview/#invalid-utf8), also left and 
+right spaces will be removed ([code reference](https://github.com/ProtonMail/WebClients/blob/b4eba99d241af4fdae06ff7138bd651a40ef5d3c/applications/drive/src/app/store/_links/validation.ts#L51))
+
+### Duplicated files
+
+Proton Drive can not have two files with exactly the same name and path. If the 
+conflict occurs, depending on the advanced config, the file might or might not 
+be overwritten.
+
+### [Mailbox password](https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password)
+
+Please set your mailbox password in the advanced config section.
+
+### Caching
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won\[cq]t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+
+### Standard options
+
+Here are the Standard options specific to protondrive (Proton Drive).
+
+#### --protondrive-username
+
+The username of your proton account
+
+Properties:
+
+- Config:      username
+- Env Var:     RCLONE_PROTONDRIVE_USERNAME
+- Type:        string
+- Required:    true
+
+#### --protondrive-password
+
+The password of your proton account.
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      password
+- Env Var:     RCLONE_PROTONDRIVE_PASSWORD
+- Type:        string
+- Required:    true
+
+#### --protondrive-2fa
+
+The 2FA code
+
+The value can also be provided with --protondrive-2fa=000000
+
+The 2FA code of your proton drive account if the account is set up with 
+two-factor authentication
+
+Properties:
+
+- Config:      2fa
+- Env Var:     RCLONE_PROTONDRIVE_2FA
+- Type:        string
+- Required:    false
+
+### Advanced options
+
+Here are the Advanced options specific to protondrive (Proton Drive).
+
+#### --protondrive-mailbox-password
+
+The mailbox password of your two-password proton account.
+
+For more information regarding the mailbox password, please check the 
+following official knowledge base article: 
+https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
+
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
+Properties:
+
+- Config:      mailbox_password
+- Env Var:     RCLONE_PROTONDRIVE_MAILBOX_PASSWORD
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-uid
+
+Client uid key (internal use only)
+
+Properties:
+
+- Config:      client_uid
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_UID
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-access-token
+
+Client access token key (internal use only)
+
+Properties:
+
+- Config:      client_access_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-refresh-token
+
+Client refresh token key (internal use only)
+
+Properties:
+
+- Config:      client_refresh_token
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_REFRESH_TOKEN
+- Type:        string
+- Required:    false
+
+#### --protondrive-client-salted-key-pass
+
+Client salted key pass key (internal use only)
+
+Properties:
+
+- Config:      client_salted_key_pass
+- Env Var:     RCLONE_PROTONDRIVE_CLIENT_SALTED_KEY_PASS
+- Type:        string
+- Required:    false
+
+#### --protondrive-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_PUTIO_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot
-.SS Limitations
-.PP
-put.io has rate limiting.
-When you hit a limit, rclone automatically retries after waiting the
-amount of time requested by the server.
-.PP
-If you want to avoid ever hitting these limits, you may use the
-\f[C]--tpslimit\f[R] flag with a low number.
-Note that the imposed limits may be different for different operations,
-and may change over time.
-.SH Seafile
-.PP
-This is a backend for the Seafile (https://www.seafile.com/) storage
-service: - It works with both the free community edition or the
-professional edition.
+
+- Config:      encoding
+- Env Var:     RCLONE_PROTONDRIVE_ENCODING
+- Type:        Encoding
+- Default:     Slash,LeftSpace,RightSpace,InvalidUtf8,Dot
+
+#### --protondrive-original-file-size
+
+Return the file size before encryption
+            
+The size of the encrypted file will be different from (bigger than) the 
+original file size. Unless there is a reason to return the file size 
+after encryption is performed, otherwise, set this option to true, as 
+features like Open() which will need to be supplied with original content 
+size, will fail to operate properly
+
+Properties:
+
+- Config:      original_file_size
+- Env Var:     RCLONE_PROTONDRIVE_ORIGINAL_FILE_SIZE
+- Type:        bool
+- Default:     true
+
+#### --protondrive-app-version
+
+The app version string 
+
+The app version string indicates the client that is currently performing 
+the API request. This information is required and will be sent with every 
+API request.
+
+Properties:
+
+- Config:      app_version
+- Env Var:     RCLONE_PROTONDRIVE_APP_VERSION
+- Type:        string
+- Default:     \[dq]macos-drive\[at]1.0.0-alpha.1+rclone\[dq]
+
+#### --protondrive-replace-existing-draft
+
+Create a new revision when filename conflict is detected
+
+When a file upload is cancelled or failed before completion, a draft will be 
+created and the subsequent upload of the same file to the same location will be 
+reported as a conflict.
+
+The value can also be set by --protondrive-replace-existing-draft=true
+
+If the option is set to true, the draft will be replaced and then the upload 
+operation will restart. If there are other clients also uploading at the same 
+file location at the same time, the behavior is currently unknown. Need to set 
+to true for integration tests.
+If the option is set to false, an error \[dq]a draft exist - usually this means a 
+file is being uploaded at another client, or, there was a failed upload attempt\[dq] 
+will be returned, and no upload will happen.
+
+Properties:
+
+- Config:      replace_existing_draft
+- Env Var:     RCLONE_PROTONDRIVE_REPLACE_EXISTING_DRAFT
+- Type:        bool
+- Default:     false
+
+#### --protondrive-enable-caching
+
+Caches the files and folders metadata to reduce API calls
+
+Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, 
+as the current implementation doesn\[aq]t update or clear the cache when there are 
+external changes. 
+
+The files and folders on ProtonDrive are represented as links with keyrings, 
+which can be cached to improve performance and be friendly to the API server.
+
+The cache is currently built for the case when the rclone is the only instance 
+performing operations to the mount point. The event system, which is the proton
+API system that provides visibility of what has changed on the drive, is yet 
+to be implemented, so updates from other clients won\[cq]t be reflected in the 
+cache. Thus, if there are concurrent clients accessing the same mount point, 
+then we might have a problem with caching the stale data.
+
+Properties:
+
+- Config:      enable_caching
+- Env Var:     RCLONE_PROTONDRIVE_ENABLE_CACHING
+- Type:        bool
+- Default:     true
+
+
+
+## Limitations
+
+This backend uses the 
+[Proton-API-Bridge](https://github.com/henrybear327/Proton-API-Bridge), which 
+is based on [go-proton-api](https://github.com/henrybear327/go-proton-api), a 
+fork of the [official repo](https://github.com/ProtonMail/go-proton-api).
+
+There is no official API documentation available from Proton Drive. But, thanks 
+to Proton open sourcing [proton-go-api](https://github.com/ProtonMail/go-proton-api) 
+and the web, iOS, and Android client codebases, we don\[aq]t need to completely 
+reverse engineer the APIs by observing the web client traffic! 
+
+[proton-go-api](https://github.com/ProtonMail/go-proton-api) provides the basic 
+building blocks of API calls and error handling, such as 429 exponential 
+back-off, but it is pretty much just a barebone interface to the Proton API. 
+For example, the encryption and decryption of the Proton Drive file are not 
+provided in this library. 
+
+The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on 
+top of this quickly. This codebase handles the intricate tasks before and after 
+calling Proton APIs, particularly the complex encryption scheme, allowing 
+developers to implement features for other software on top of this codebase. 
+There are likely quite a few errors in this library, as there isn\[aq]t official 
+documentation available.
+
+#  Seafile
+
+This is a backend for the [Seafile](https://www.seafile.com/) storage service:
+- It works with both the free community edition or the professional edition.
 - Seafile versions 6.x, 7.x, 8.x and 9.x are all supported.
 - Encrypted libraries are also supported.
-- It supports 2FA enabled users - Using a Library API Token is
-\f[B]not\f[R] supported
-.SS Configuration
-.PP
-There are two distinct modes you can setup your remote: - you point your
-remote to the \f[B]root of the server\f[R], meaning you don\[aq]t
-specify a library during the configuration: Paths are specified as
-\f[C]remote:library\f[R].
-You may put subdirectories in too, e.g.
-\f[C]remote:library/path/to/dir\f[R].
+- It supports 2FA enabled users
+- Using a Library API Token is **not** supported
+
+## Configuration
+
+There are two distinct modes you can setup your remote:
+- you point your remote to the **root of the server**, meaning you don\[aq]t specify a library during the configuration:
+Paths are specified as \[ga]remote:library\[ga]. You may put subdirectories in too, e.g. \[ga]remote:library/path/to/dir\[ga].
 - you point your remote to a specific library during the configuration:
-Paths are specified as \f[C]remote:path/to/dir\f[R].
-\f[B]This is the recommended mode when using encrypted libraries\f[R].
-(\f[I]This mode is possibly slightly faster than the root mode\f[R])
-.SS Configuration in root mode
-.PP
-Here is an example of making a seafile configuration for a user with
-\f[B]no\f[R] two-factor authentication.
-First run
-.IP
-.nf
-\f[C]
-rclone config
+Paths are specified as \[ga]remote:path/to/dir\[ga]. **This is the recommended mode when using encrypted libraries**. (_This mode is possibly slightly faster than the root mode_)
+
+### Configuration in root mode
+
+Here is an example of making a seafile configuration for a user with **no** two-factor authentication.  First run
+
+    rclone config
+
+This will guide you through an interactive setup process. To authenticate
+you will need the URL of your server, your email (or username) and your password.
 \f[R]
 .fi
 .PP
-This will guide you through an interactive setup process.
-To authenticate you will need the URL of your server, your email (or
-username) and your password.
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> seafile Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX /
+Seafile \ \[dq]seafile\[dq] [snip] Storage> seafile ** See help for
+seafile backend at: https://rclone.org/seafile/ **
+.PP
+URL of seafile host to connect to Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / Connect to
+cloud.seafile.com \ \[dq]https://cloud.seafile.com/\[dq] url>
+http://my.seafile.server/ User name (usually email address) Enter a
+string value.
+Press Enter for the default (\[dq]\[dq]).
+user> me\[at]example.com Password y) Yes type in my own password g)
+Generate random password n) No leave this optional password blank
+(default) y/g> y Enter the password: password: Confirm the password:
+password: Two-factor authentication (\[aq]true\[aq] if the account has
+2FA enabled) Enter a boolean value (true or false).
+Press Enter for the default (\[dq]false\[dq]).
+2fa> false Name of the library.
+Leave blank to access all non-encrypted libraries.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+library> Library password (for encrypted libraries only).
+Leave blank if you pass it through the command line.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank (default) y/g/n> n Edit advanced config?
+(y/n) y) Yes n) No (default) y/n> n Remote config Two-factor
+authentication is not enabled on this account.
+-------------------- [seafile] type = seafile url =
+http://my.seafile.server/ user = me\[at]example.com pass = *** ENCRYPTED
+*** 2fa = false -------------------- y) Yes this is OK (default) e) Edit
+this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> seafile
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Seafile
-   \[rs] \[dq]seafile\[dq]
-[snip]
-Storage> seafile
-** See help for seafile backend at: https://rclone.org/seafile/ **
+This remote is called \[ga]seafile\[ga]. It\[aq]s pointing to the root of your seafile server and can now be used like this:
 
-URL of seafile host to connect to
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / Connect to cloud.seafile.com
-   \[rs] \[dq]https://cloud.seafile.com/\[dq]
-url> http://my.seafile.server/
-User name (usually email address)
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-user> me\[at]example.com
-Password
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Two-factor authentication (\[aq]true\[aq] if the account has 2FA enabled)
-Enter a boolean value (true or false). Press Enter for the default (\[dq]false\[dq]).
-2fa> false
-Name of the library. Leave blank to access all non-encrypted libraries.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-library>
-Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n> n
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
-Two-factor authentication is not enabled on this account.
---------------------
-[seafile]
-type = seafile
-url = http://my.seafile.server/
-user = me\[at]example.com
-pass = *** ENCRYPTED ***
-2fa = false
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-This remote is called \f[C]seafile\f[R].
-It\[aq]s pointing to the root of your seafile server and can now be used
-like this:
-.PP
 See all libraries
-.IP
-.nf
-\f[C]
-rclone lsd seafile:
-\f[R]
-.fi
-.PP
+
+    rclone lsd seafile:
+
 Create a new library
-.IP
-.nf
-\f[C]
-rclone mkdir seafile:library
-\f[R]
-.fi
-.PP
+
+    rclone mkdir seafile:library
+
 List the contents of a library
-.IP
-.nf
-\f[C]
-rclone ls seafile:library
-\f[R]
-.fi
-.PP
-Sync \f[C]/home/local/directory\f[R] to the remote library, deleting any
+
+    rclone ls seafile:library
+
+Sync \[ga]/home/local/directory\[ga] to the remote library, deleting any
 excess files in the library.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory seafile:library
+
+    rclone sync --interactive /home/local/directory seafile:library
+
+### Configuration in library mode
+
+Here\[aq]s an example of a configuration in library mode with a user that has the two-factor authentication enabled. Your 2FA code will be asked at the end of the configuration, and will attempt to authenticate you:
 \f[R]
 .fi
-.SS Configuration in library mode
 .PP
-Here\[aq]s an example of a configuration in library mode with a user
-that has the two-factor authentication enabled.
-Your 2FA code will be asked at the end of the configuration, and will
-attempt to authenticate you:
-.IP
-.nf
-\f[C]
 No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> seafile
-Type of storage to configure.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
-[snip]
-XX / Seafile
-   \[rs] \[dq]seafile\[dq]
-[snip]
-Storage> seafile
-** See help for seafile backend at: https://rclone.org/seafile/ **
-
-URL of seafile host to connect to
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-Choose a number from below, or type in your own value
- 1 / Connect to cloud.seafile.com
-   \[rs] \[dq]https://cloud.seafile.com/\[dq]
-url> http://my.seafile.server/
-User name (usually email address)
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-user> me\[at]example.com
-Password
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g> y
-Enter the password:
-password:
-Confirm the password:
-password:
-Two-factor authentication (\[aq]true\[aq] if the account has 2FA enabled)
-Enter a boolean value (true or false). Press Enter for the default (\[dq]false\[dq]).
-2fa> true
-Name of the library. Leave blank to access all non-encrypted libraries.
-Enter a string value. Press Enter for the default (\[dq]\[dq]).
-library> My Library
-Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank (default)
-y/g/n> n
-Edit advanced config? (y/n)
-y) Yes
-n) No (default)
-y/n> n
-Remote config
-Two-factor authentication: please enter your 2FA code
-2fa code> 123456
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> seafile Type of storage to configure.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value [snip] XX /
+Seafile \ \[dq]seafile\[dq] [snip] Storage> seafile ** See help for
+seafile backend at: https://rclone.org/seafile/ **
+.PP
+URL of seafile host to connect to Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+Choose a number from below, or type in your own value 1 / Connect to
+cloud.seafile.com \ \[dq]https://cloud.seafile.com/\[dq] url>
+http://my.seafile.server/ User name (usually email address) Enter a
+string value.
+Press Enter for the default (\[dq]\[dq]).
+user> me\[at]example.com Password y) Yes type in my own password g)
+Generate random password n) No leave this optional password blank
+(default) y/g> y Enter the password: password: Confirm the password:
+password: Two-factor authentication (\[aq]true\[aq] if the account has
+2FA enabled) Enter a boolean value (true or false).
+Press Enter for the default (\[dq]false\[dq]).
+2fa> true Name of the library.
+Leave blank to access all non-encrypted libraries.
+Enter a string value.
+Press Enter for the default (\[dq]\[dq]).
+library> My Library Library password (for encrypted libraries only).
+Leave blank if you pass it through the command line.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank (default) y/g/n> n Edit advanced config?
+(y/n) y) Yes n) No (default) y/n> n Remote config Two-factor
+authentication: please enter your 2FA code 2fa code> 123456
 Authenticating...
-Success!
---------------------
-[seafile]
-type = seafile
-url = http://my.seafile.server/
-user = me\[at]example.com
-pass = 
-2fa = true
-library = My Library
---------------------
-y) Yes this is OK (default)
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
-\f[R]
-.fi
-.PP
-You\[aq]ll notice your password is blank in the configuration.
-It\[aq]s because we only need the password to authenticate you once.
-.PP
-You specified \f[C]My Library\f[R] during the configuration.
-The root of the remote is pointing at the root of the library
-\f[C]My Library\f[R]:
-.PP
-See all files in the library:
+Success! -------------------- [seafile] type = seafile url =
+http://my.seafile.server/ user = me\[at]example.com pass = 2fa = true
+library = My Library -------------------- y) Yes this is OK (default) e)
+Edit this remote d) Delete this remote y/e/d> y
 .IP
 .nf
 \f[C]
-rclone lsd seafile:
-\f[R]
-.fi
-.PP
+You\[aq]ll notice your password is blank in the configuration. It\[aq]s because we only need the password to authenticate you once.
+
+You specified \[ga]My Library\[ga] during the configuration. The root of the remote is pointing at the
+root of the library \[ga]My Library\[ga]:
+
+See all files in the library:
+
+    rclone lsd seafile:
+
 Create a new directory inside the library
-.IP
-.nf
-\f[C]
-rclone mkdir seafile:directory
-\f[R]
-.fi
-.PP
+
+    rclone mkdir seafile:directory
+
 List the contents of a directory
-.IP
-.nf
-\f[C]
-rclone ls seafile:directory
-\f[R]
-.fi
-.PP
-Sync \f[C]/home/local/directory\f[R] to the remote library, deleting any
+
+    rclone ls seafile:directory
+
+Sync \[ga]/home/local/directory\[ga] to the remote library, deleting any
 excess files in the library.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory seafile:
-\f[R]
-.fi
-.SS --fast-list
-.PP
-Seafile version 7+ supports \f[C]--fast-list\f[R] which allows you to
-use fewer transactions in exchange for more memory.
-See the rclone docs (https://rclone.org/docs/#fast-list) for more
-details.
+
+    rclone sync --interactive /home/local/directory seafile:
+
+
+### --fast-list
+
+Seafile version 7+ supports \[ga]--fast-list\[ga] which allows you to use fewer
+transactions in exchange for more memory. See the [rclone
+docs](https://rclone.org/docs/#fast-list) for more details.
 Please note this is not supported on seafile server version 6.x
-.SS Restricted filename characters
-.PP
-In addition to the default restricted characters
-set (https://rclone.org/overview/#restricted-characters) the following
-characters are also replaced:
-.PP
-.TS
-tab(@);
-l c c.
-T{
-Character
-T}@T{
-Value
-T}@T{
-Replacement
-T}
-_
-T{
-/
-T}@T{
-0x2F
-T}@T{
-\[uFF0F]
-T}
-T{
-\[dq]
-T}@T{
-0x22
-T}@T{
-\[uFF02]
-T}
-T{
-\[rs]
-T}@T{
-0x5C
-T}@T{
-\[uFF3C]
-T}
-.TE
-.PP
-Invalid UTF-8 bytes will also be
-replaced (https://rclone.org/overview/#invalid-utf8), as they can\[aq]t
-be used in JSON strings.
-.SS Seafile and rclone link
-.PP
-Rclone supports generating share links for non-encrypted libraries only.
-They can either be for a file or a directory:
-.IP
-.nf
-\f[C]
-rclone link seafile:seafile-tutorial.doc
-http://my.seafile.server/f/fdcd8a2f93f84b8b90f4/
+
+
+### Restricted filename characters
+
+In addition to the [default restricted characters set](https://rclone.org/overview/#restricted-characters)
+the following characters are also replaced:
+
+| Character | Value | Replacement |
+| --------- |:-----:|:-----------:|
+| /         | 0x2F  | \[uFF0F]          |
+| \[dq]         | 0x22  | \[uFF02]          |
+| \[rs]         | 0x5C  | \[uFF3C]           |
+
+Invalid UTF-8 bytes will also be [replaced](https://rclone.org/overview/#invalid-utf8),
+as they can\[aq]t be used in JSON strings.
+
+### Seafile and rclone link
+
+Rclone supports generating share links for non-encrypted libraries only.
+They can either be for a file or a directory:
 \f[R]
 .fi
 .PP
-or if run on a directory you will get:
+rclone link seafile:seafile-tutorial.doc
+http://my.seafile.server/f/fdcd8a2f93f84b8b90f4/
 .IP
 .nf
 \f[C]
-rclone link seafile:dir
-http://my.seafile.server/d/9ea2455f6f55478bbb0d/
+or if run on a directory you will get:
 \f[R]
 .fi
 .PP
-Please note a share link is unique for each file or directory.
-If you run a link command on a file/dir that has already been shared,
-you will get the exact same link.
-.SS Compatibility
-.PP
-It has been actively developed using the seafile docker
-image (https://github.com/haiwen/seafile-docker) of these versions: -
-6.3.4 community edition - 7.0.5 community edition - 7.1.3 community
-edition - 9.0.10 community edition
-.PP
+rclone link seafile:dir http://my.seafile.server/d/9ea2455f6f55478bbb0d/
+.IP
+.nf
+\f[C]
+Please note a share link is unique for each file or directory. If you run a link command on a file/dir
+that has already been shared, you will get the exact same link.
+
+### Compatibility
+
+It has been actively developed using the [seafile docker image](https://github.com/haiwen/seafile-docker) of these versions:
+- 6.3.4 community edition
+- 7.0.5 community edition
+- 7.1.3 community edition
+- 9.0.10 community edition
+
 Versions below 6.0 are not supported.
-Versions between 6.0 and 6.3 haven\[aq]t been tested and might not work
-properly.
-.PP
-Each new version of \f[C]rclone\f[R] is automatically tested against the
-latest docker image (https://hub.docker.com/r/seafileltd/seafile-mc/) of
-the seafile community server.
-.SS Standard options
-.PP
+Versions between 6.0 and 6.3 haven\[aq]t been tested and might not work properly.
+
+Each new version of \[ga]rclone\[ga] is automatically tested against the [latest docker image](https://hub.docker.com/r/seafileltd/seafile-mc/) of the seafile community server.
+
+
+### Standard options
+
 Here are the Standard options specific to seafile (seafile).
-.SS --seafile-url
-.PP
+
+#### --seafile-url
+
 URL of seafile host to connect to.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: url
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_URL
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.IP \[bu] 2
-Examples:
-.RS 2
-.IP \[bu] 2
-\[dq]https://cloud.seafile.com/\[dq]
-.RS 2
-.IP \[bu] 2
-Connect to cloud.seafile.com.
-.RE
-.RE
-.SS --seafile-user
-.PP
+
+- Config:      url
+- Env Var:     RCLONE_SEAFILE_URL
+- Type:        string
+- Required:    true
+- Examples:
+    - \[dq]https://cloud.seafile.com/\[dq]
+        - Connect to cloud.seafile.com.
+
+#### --seafile-user
+
 User name (usually email address).
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: user
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_USER
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: true
-.SS --seafile-pass
-.PP
+
+- Config:      user
+- Env Var:     RCLONE_SEAFILE_USER
+- Type:        string
+- Required:    true
+
+#### --seafile-pass
+
 Password.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: pass
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_PASS
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --seafile-2fa
-.PP
-Two-factor authentication (\[aq]true\[aq] if the account has 2FA
-enabled).
-.PP
+
+- Config:      pass
+- Env Var:     RCLONE_SEAFILE_PASS
+- Type:        string
+- Required:    false
+
+#### --seafile-2fa
+
+Two-factor authentication (\[aq]true\[aq] if the account has 2FA enabled).
+
 Properties:
-.IP \[bu] 2
-Config: 2fa
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_2FA
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --seafile-library
-.PP
+
+- Config:      2fa
+- Env Var:     RCLONE_SEAFILE_2FA
+- Type:        bool
+- Default:     false
+
+#### --seafile-library
+
 Name of the library.
-.PP
+
 Leave blank to access all non-encrypted libraries.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: library
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_LIBRARY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --seafile-library-key
-.PP
+
+- Config:      library
+- Env Var:     RCLONE_SEAFILE_LIBRARY
+- Type:        string
+- Required:    false
+
+#### --seafile-library-key
+
 Library password (for encrypted libraries only).
-.PP
+
 Leave blank if you pass it through the command line.
-.PP
-\f[B]NB\f[R] Input to this must be obscured - see rclone
-obscure (https://rclone.org/commands/rclone_obscure/).
-.PP
+
+**NB** Input to this must be obscured - see [rclone obscure](https://rclone.org/commands/rclone_obscure/).
+
 Properties:
-.IP \[bu] 2
-Config: library_key
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_LIBRARY_KEY
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS --seafile-auth-token
-.PP
+
+- Config:      library_key
+- Env Var:     RCLONE_SEAFILE_LIBRARY_KEY
+- Type:        string
+- Required:    false
+
+#### --seafile-auth-token
+
 Authentication token.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: auth_token
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_AUTH_TOKEN
-.IP \[bu] 2
-Type: string
-.IP \[bu] 2
-Required: false
-.SS Advanced options
-.PP
+
+- Config:      auth_token
+- Env Var:     RCLONE_SEAFILE_AUTH_TOKEN
+- Type:        string
+- Required:    false
+
+### Advanced options
+
 Here are the Advanced options specific to seafile (seafile).
-.SS --seafile-create-library
-.PP
+
+#### --seafile-create-library
+
 Should rclone create a library if it doesn\[aq]t exist.
-.PP
+
 Properties:
-.IP \[bu] 2
-Config: create_library
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_CREATE_LIBRARY
-.IP \[bu] 2
-Type: bool
-.IP \[bu] 2
-Default: false
-.SS --seafile-encoding
-.PP
+
+- Config:      create_library
+- Env Var:     RCLONE_SEAFILE_CREATE_LIBRARY
+- Type:        bool
+- Default:     false
+
+#### --seafile-encoding
+
 The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
-.PP
+
+See the [encoding section in the overview](https://rclone.org/overview/#encoding) for more info.
+
 Properties:
-.IP \[bu] 2
-Config: encoding
-.IP \[bu] 2
-Env Var: RCLONE_SEAFILE_ENCODING
-.IP \[bu] 2
-Type: MultiEncoder
-.IP \[bu] 2
-Default: Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8
-.SH SFTP
-.PP
-SFTP is the Secure (or SSH) File Transfer
-Protocol (https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol).
-.PP
+
+- Config:      encoding
+- Env Var:     RCLONE_SEAFILE_ENCODING
+- Type:        Encoding
+- Default:     Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8
+
+
+
+#  SFTP
+
+SFTP is the [Secure (or SSH) File Transfer
+Protocol](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol).
+
 The SFTP backend can be used with a number of different providers:
-.IP \[bu] 2
-Hetzner Storage Box
-.IP \[bu] 2
-rsync.net
-.PP
-SFTP runs over SSH v2 and is installed as standard with most modern SSH
-installations.
-.PP
-Paths are specified as \f[C]remote:path\f[R].
-If the path does not begin with a \f[C]/\f[R] it is relative to the home
-directory of the user.
-An empty path \f[C]remote:\f[R] refers to the user\[aq]s home directory.
-For example, \f[C]rclone lsd remote:\f[R] would list the home directory
-of the user configured in the rclone remote config
-(\f[C]i.e /home/sftpuser\f[R]).
-However, \f[C]rclone lsd remote:/\f[R] would list the root directory for
-remote machine (i.e.
-\f[C]/\f[R])
-.PP
-Note that some SFTP servers will need the leading / - Synology is a good
-example of this.
-rsync.net and Hetzner, on the other hand, requires users to OMIT the
-leading /.
-.PP
-Note that by default rclone will try to execute shell commands on the
-server, see shell access considerations.
-.SS Configuration
-.PP
-Here is an example of making an SFTP configuration.
-First run
-.IP
-.nf
-\f[C]
-rclone config
-\f[R]
-.fi
-.PP
+
+
+- Hetzner Storage Box
+- rsync.net
+
+
+SFTP runs over SSH v2 and is installed as standard with most modern
+SSH installations.
+
+Paths are specified as \[ga]remote:path\[ga]. If the path does not begin with
+a \[ga]/\[ga] it is relative to the home directory of the user.  An empty path
+\[ga]remote:\[ga] refers to the user\[aq]s home directory. For example, \[ga]rclone lsd remote:\[ga] 
+would list the home directory of the user configured in the rclone remote config 
+(\[ga]i.e /home/sftpuser\[ga]). However, \[ga]rclone lsd remote:/\[ga] would list the root 
+directory for remote machine (i.e. \[ga]/\[ga])
+
+Note that some SFTP servers will need the leading / - Synology is a
+good example of this. rsync.net and Hetzner, on the other hand, requires users to
+OMIT the leading /.
+
+Note that by default rclone will try to execute shell commands on
+the server, see [shell access considerations](#shell-access-considerations).
+
+## Configuration
+
+Here is an example of making an SFTP configuration.  First run
+
+    rclone config
+
 This will guide you through an interactive setup process.
-.IP
-.nf
-\f[C]
-No remotes found, make a new one?
-n) New remote
-s) Set configuration password
-q) Quit config
-n/s/q> n
-name> remote
-Type of storage to configure.
-Choose a number from below, or type in your own value
-[snip]
-XX / SSH/SFTP
-   \[rs] \[dq]sftp\[dq]
-[snip]
-Storage> sftp
-SSH host to connect to
-Choose a number from below, or type in your own value
- 1 / Connect to example.com
-   \[rs] \[dq]example.com\[dq]
-host> example.com
-SSH username
-Enter a string value. Press Enter for the default (\[dq]$USER\[dq]).
-user> sftpuser
-SSH port number
-Enter a signed integer. Press Enter for the default (22).
-port>
-SSH password, leave blank to use ssh-agent.
-y) Yes type in my own password
-g) Generate random password
-n) No leave this optional password blank
-y/g/n> n
-Path to unencrypted PEM-encoded private key file, leave blank to use ssh-agent.
-key_file>
-Remote config
---------------------
-[remote]
-host = example.com
-user = sftpuser
-port =
-pass =
-key_file =
---------------------
-y) Yes this is OK
-e) Edit this remote
-d) Delete this remote
-y/e/d> y
 \f[R]
 .fi
 .PP
-This remote is called \f[C]remote\f[R] and can now be used like this:
-.PP
+No remotes found, make a new one?
+n) New remote s) Set configuration password q) Quit config n/s/q> n
+name> remote Type of storage to configure.
+Choose a number from below, or type in your own value [snip] XX /
+SSH/SFTP \ \[dq]sftp\[dq] [snip] Storage> sftp SSH host to connect to
+Choose a number from below, or type in your own value 1 / Connect to
+example.com \ \[dq]example.com\[dq] host> example.com SSH username Enter
+a string value.
+Press Enter for the default (\[dq]$USER\[dq]).
+user> sftpuser SSH port number Enter a signed integer.
+Press Enter for the default (22).
+port> SSH password, leave blank to use ssh-agent.
+y) Yes type in my own password g) Generate random password n) No leave
+this optional password blank y/g/n> n Path to unencrypted PEM-encoded
+private key file, leave blank to use ssh-agent.
+key_file> Remote config -------------------- [remote] host = example.com
+user = sftpuser port = pass = key_file = -------------------- y) Yes
+this is OK e) Edit this remote d) Delete this remote y/e/d> y
+.IP
+.nf
+\f[C]
+This remote is called \[ga]remote\[ga] and can now be used like this:
+
 See all directories in the home directory
-.IP
-.nf
-\f[C]
-rclone lsd remote:
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:
+
 See all directories in the root directory
-.IP
-.nf
-\f[C]
-rclone lsd remote:/
-\f[R]
-.fi
-.PP
+
+    rclone lsd remote:/
+
 Make a new directory
-.IP
-.nf
-\f[C]
-rclone mkdir remote:path/to/directory
-\f[R]
-.fi
-.PP
+
+    rclone mkdir remote:path/to/directory
+
 List the contents of a directory
-.IP
-.nf
-\f[C]
-rclone ls remote:path/to/directory
-\f[R]
-.fi
-.PP
-Sync \f[C]/home/local/directory\f[R] to the remote directory, deleting
-any excess files in the directory.
-.IP
-.nf
-\f[C]
-rclone sync --interactive /home/local/directory remote:directory
-\f[R]
-.fi
-.PP
-Mount the remote path \f[C]/srv/www-data/\f[R] to the local path
-\f[C]/mnt/www-data\f[R]
-.IP
-.nf
-\f[C]
-rclone mount remote:/srv/www-data/ /mnt/www-data
-\f[R]
-.fi
-.SS SSH Authentication
-.PP
+
+    rclone ls remote:path/to/directory
+
+Sync \[ga]/home/local/directory\[ga] to the remote directory, deleting any
+excess files in the directory.
+
+    rclone sync --interactive /home/local/directory remote:directory
+
+Mount the remote path \[ga]/srv/www-data/\[ga] to the local path
+\[ga]/mnt/www-data\[ga]
+
+    rclone mount remote:/srv/www-data/ /mnt/www-data
+
+### SSH Authentication
+
 The SFTP remote supports three authentication methods:
-.IP \[bu] 2
-Password
-.IP \[bu] 2
-Key file, including certificate signed keys
-.IP \[bu] 2
-ssh-agent
-.PP
-Key files should be PEM-encoded private key files.
-For instance \f[C]/home/$USER/.ssh/id_rsa\f[R].
+
+  * Password
+  * Key file, including certificate signed keys
+  * ssh-agent
+
+Key files should be PEM-encoded private key files. For instance \[ga]/home/$USER/.ssh/id_rsa\[ga].
 Only unencrypted OpenSSH or PEM encrypted files are supported.
-.PP
-The key file can be specified in either an external file (key_file) or
-contained within the rclone config file (key_pem).
-If using key_pem in the config file, the entry should be on a single
-line with new line (\[aq]\[aq] or \[aq]\[aq]) separating lines.
-i.e.
-.IP
-.nf
-\f[C]
-key_pem = -----BEGIN RSA PRIVATE KEY-----\[rs]nMaMbaIXtE\[rs]n0gAMbMbaSsd\[rs]nMbaass\[rs]n-----END RSA PRIVATE KEY-----
-\f[R]
-.fi
-.PP
+
+The key file can be specified in either an external file (key_file) or contained within the 
+rclone config file (key_pem).  If using key_pem in the config file, the entry should be on a
+single line with new line (\[aq]\[rs]n\[aq] or \[aq]\[rs]r\[rs]n\[aq]) separating lines.  i.e.
+
+    key_pem = -----BEGIN RSA PRIVATE KEY-----\[rs]nMaMbaIXtE\[rs]n0gAMbMbaSsd\[rs]nMbaass\[rs]n-----END RSA PRIVATE KEY-----
+
 This will generate it correctly for key_pem for use in the config:
-.IP
-.nf
-\f[C]
-awk \[aq]{printf \[dq]%s\[rs]\[rs]n\[dq], $0}\[aq] < \[ti]/.ssh/id_rsa
+
+    awk \[aq]{printf \[dq]%s\[rs]\[rs]n\[dq], $0}\[aq] < \[ti]/.ssh/id_rsa
+
+If you don\[aq]t specify \[ga]pass\[ga], \[ga]key_file\[ga], or \[ga]key_pem\[ga] or \[ga]ask_password\[ga] then
+rclone will attempt to contact an ssh-agent. You can also specify \[ga]key_use_agent\[ga]
+to force the usage of an ssh-agent. In this case \[ga]key_file\[ga] or \[ga]key_pem\[ga] can
+also be specified to force the usage of a specific key in the ssh-agent.
+
+Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.
+
+If you set the \[ga]ask_password\[ga] option, rclone will prompt for a password when
+needed and no password has been configured.
+
+#### Certificate-signed keys
+
+With traditional key-based authentication, you configure your private key only,
+and the public key built into it will be used during the authentication process.
+
+If you have a certificate you may use it to sign your public key, creating a
+separate SSH user certificate that should be used instead of the plain public key
+extracted from the private key. Then you must provide the path to the
+user certificate public key file in \[ga]pubkey_file\[ga].
+
+Note: This is not the traditional public key paired with your private key,
+typically saved as \[ga]/home/$USER/.ssh/id_rsa.pub\[ga]. Setting this path in
+\[ga]pubkey_file\[ga] will not work.
+
+Example:
 \f[R]
 .fi
 .PP
-If you don\[aq]t specify \f[C]pass\f[R], \f[C]key_file\f[R], or
-\f[C]key_pem\f[R] or \f[C]ask_password\f[R] then rclone will attempt to
-contact an ssh-agent.
-You can also specify \f[C]key_use_agent\f[R] to force the usage of an
-ssh-agent.
-In this case \f[C]key_file\f[R] or \f[C]key_pem\f[R] can also be
-specified to force the usage of a specific key in the ssh-agent.
-.PP
-Using an ssh-agent is the only way to load encrypted OpenSSH keys at the
-moment.
-.PP
-If you set the \f[C]ask_password\f[R] option, rclone will prompt for a
-password when needed and no password has been configured.
-.SS Certificate-signed keys
-.PP
-With traditional key-based authentication, you configure your private
-key only, and the public key built into it will be used during the
-authentication process.
-.PP
-If you have a certificate you may use it to sign your public key,
-creating a separate SSH user certificate that should be used instead of
-the plain public key extracted from the private key.
-Then you must provide the path to the user certificate public key file
-in \f[C]pubkey_file\f[R].
-.PP
-Note: This is not the traditional public key paired with your private
-key, typically saved as \f[C]/home/$USER/.ssh/id_rsa.pub\f[R].
-Setting this path in \f[C]pubkey_file\f[R] will not work.
-.PP
-Example:
+[remote] type = sftp host = example.com user = sftpuser key_file =
+\[ti]/id_rsa pubkey_file = \[ti]/id_rsa-cert.pub
 .IP
 .nf
 \f[C]
-[remote]
-type = sftp
-host = example.com
-user = sftpuser
-key_file = \[ti]/id_rsa
-pubkey_file = \[ti]/id_rsa-cert.pub
-\f[R]
-.fi
-.PP
 If you concatenate a cert with a private key then you can specify the
 merged file in both places.
-.PP
-Note: the cert must come first in the file.
-e.g.
-.IP
-.nf
-\f[C]
+
+Note: the cert must come first in the file.  e.g.
+
+\[ga]\[ga]\[ga]
 cat id_rsa-cert.pub id_rsa > merged_key
-\f[R]
-.fi
-.SS Host key validation
-.PP
-By default rclone will not check the server\[aq]s host key for
-validation.
-This can allow an attacker to replace a server with their own and if you
-use password authentication then this can lead to that password being
-exposed.
-.PP
-Host key matching, using standard \f[C]known_hosts\f[R] files can be
-turned on by enabling the \f[C]known_hosts_file\f[R] option.
-This can point to the file maintained by \f[C]OpenSSH\f[R] or can point
-to a unique file.
-.PP
-e.g.
-using the OpenSSH \f[C]known_hosts\f[R] file:
-.IP
-.nf
-\f[C]
+\[ga]\[ga]\[ga]
+
+### Host key validation
+
+By default rclone will not check the server\[aq]s host key for validation.  This
+can allow an attacker to replace a server with their own and if you use
+password authentication then this can lead to that password being exposed.
+
+Host key matching, using standard \[ga]known_hosts\[ga] files can be turned on by
+enabling the \[ga]known_hosts_file\[ga] option.  This can point to the file maintained
+by \[ga]OpenSSH\[ga] or can point to a unique file.
+
+e.g. using the OpenSSH \[ga]known_hosts\[ga] file:
+
+\[ga]\[ga]\[ga]
 [remote]
 type = sftp
 host = example.com
@@ -53243,7 +53840,7 @@ Set the configuration option \f[C]disable_hashcheck\f[R] to
 \f[C]true\f[R] to disable checksumming entirely, or set
 \f[C]shell_type\f[R] to \f[C]none\f[R] to disable all functionality
 based on remote shell command execution.
-.SS Modified time
+.SS Modification times and hashes
 .PP
 Modified times are stored on the server to 1 second precision.
 .PP
@@ -53493,6 +54090,50 @@ Env Var: RCLONE_SFTP_DISABLE_HASHCHECK
 Type: bool
 .IP \[bu] 2
 Default: false
+.SS --sftp-ssh
+.PP
+Path and arguments to external ssh binary.
+.PP
+Normally rclone will use its internal ssh library to connect to the SFTP
+server.
+However it does not implement all possible ssh options so it may be
+desirable to use an external ssh binary.
+.PP
+Rclone ignores all the internal config if you use this option and
+expects you to configure the ssh binary with the user/host/port and any
+other options you need.
+.PP
+\f[B]Important\f[R] The ssh command must log in without asking for a
+password so needs to be configured with keys or certificates.
+.PP
+Rclone will run the command supplied either with the additional
+arguments \[dq]-s sftp\[dq] to access the SFTP subsystem or with
+commands such as \[dq]md5sum /path/to/file\[dq] appended to read
+checksums.
+.PP
+Any arguments with spaces in should be surrounded by \[dq]double
+quotes\[dq].
+.PP
+An example setting might be:
+.IP
+.nf
+\f[C]
+ssh -o ServerAliveInterval=20 user\[at]example.com
+\f[R]
+.fi
+.PP
+Note that when using an external ssh binary rclone makes a new ssh
+connection for every hash it calculates.
+.PP
+Properties:
+.IP \[bu] 2
+Config: ssh
+.IP \[bu] 2
+Env Var: RCLONE_SFTP_SSH
+.IP \[bu] 2
+Type: SpaceSepList
+.IP \[bu] 2
+Default:
 .SS Advanced options
 .PP
 Here are the Advanced options specific to sftp (SSH/SFTP).
@@ -53565,6 +54206,33 @@ rclone sync /home/local/directory remote:/home/directory --sftp-path-override /v
 \f[R]
 .fi
 .PP
+To specify only the path to the SFTP remote\[aq]s root, and allow rclone
+to add any relative subpaths automatically (including
+unwrapping/decrypting remotes as necessary), add the \[aq]\[at]\[aq]
+character to the beginning of the path.
+.PP
+E.g.
+the first example above could be rewritten as:
+.IP
+.nf
+\f[C]
+rclone sync /home/local/directory remote:/directory --sftp-path-override \[at]/volume2
+\f[R]
+.fi
+.PP
+Note that when using this method with Synology \[dq]home\[dq] folders,
+the full \[dq]/homes/USER\[dq] path should be specified instead of
+\[dq]/home\[dq].
+.PP
+E.g.
+the second example above should be rewritten as:
+.IP
+.nf
+\f[C]
+rclone sync /home/local/directory remote:/homes/USER/directory --sftp-path-override \[at]/volume1
+\f[R]
+.fi
+.PP
 Properties:
 .IP \[bu] 2
 Config: path_override
@@ -53692,6 +54360,19 @@ Specifies the path or command to run a sftp server on the remote host.
 .PP
 The subsystem option is ignored when server_command is defined.
 .PP
+If adding server_command to the configuration file please note that it
+should not be enclosed in quotes, since that will make rclone fail.
+.PP
+A working example is:
+.IP
+.nf
+\f[C]
+[remote_name]
+type = sftp
+server_command = sudo /usr/libexec/openssh/sftp-server
+\f[R]
+.fi
+.PP
 Properties:
 .IP \[bu] 2
 Config: server_command
@@ -53861,7 +54542,7 @@ VAR1=value VAR2=value
 \f[R]
 .fi
 .PP
-and pass variables with spaces in in quotes, eg
+and pass variables with spaces in quotes, eg
 .IP
 .nf
 \f[C]
@@ -53956,6 +54637,85 @@ Env Var: RCLONE_SFTP_MACS
 Type: SpaceSepList
 .IP \[bu] 2
 Default:
+.SS --sftp-host-key-algorithms
+.PP
+Space separated list of host key algorithms, ordered by preference.
+.PP
+At least one must match with server configuration.
+This can be checked for example using ssh -Q HostKeyAlgorithms.
+.PP
+Note: This can affect the outcome of key negotiation with the server
+even if server host key validation is not enabled.
+.PP
+Example:
+.IP
+.nf
+\f[C]
+ssh-ed25519 ssh-rsa ssh-dss
+\f[R]
+.fi
+.PP
+Properties:
+.IP \[bu] 2
+Config: host_key_algorithms
+.IP \[bu] 2
+Env Var: RCLONE_SFTP_HOST_KEY_ALGORITHMS
+.IP \[bu] 2
+Type: SpaceSepList
+.IP \[bu] 2
+Default:
+.SS --sftp-socks-proxy
+.PP
+Socks 5 proxy host.
+.PP
+Supports the format user:pass\[at]host:port, user\[at]host:port,
+host:port.
+.PP
+Example:
+.IP
+.nf
+\f[C]
+myUser:myPass\[at]localhost:9005
+\f[R]
+.fi
+.PP
+Properties:
+.IP \[bu] 2
+Config: socks_proxy
+.IP \[bu] 2
+Env Var: RCLONE_SFTP_SOCKS_PROXY
+.IP \[bu] 2
+Type: string
+.IP \[bu] 2
+Required: false
+.SS --sftp-copy-is-hardlink
+.PP
+Set to enable server side copies using hardlinks.
+.PP
+The SFTP protocol does not define a copy command so normally server side
+copies are not allowed with the sftp backend.
+.PP
+However the SFTP protocol does support hardlinking, and if you enable
+this flag then the sftp backend will support server side copies.
+These will be implemented by doing a hardlink from the source to the
+destination.
+.PP
+Not all sftp servers support this.
+.PP
+Note that hardlinking two files together will use no additional space as
+the source and the destination will be the same file.
+.PP
+This feature may be useful backups made with --copy-dest.
+.PP
+Properties:
+.IP \[bu] 2
+Config: copy_is_hardlink
+.IP \[bu] 2
+Env Var: RCLONE_SFTP_COPY_IS_HARDLINK
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
 .SS Limitations
 .PP
 On some SFTP servers (e.g.
@@ -54012,7 +54772,7 @@ The first path segment must be the name of the share, which you entered
 when you started to share on Windows.
 On smbd, it\[aq]s the section title in \f[C]smb.conf\f[R] (usually in
 \f[C]/etc/samba/\f[R]) file.
-You can find shares by quering the root if you\[aq]re unsure (e.g.
+You can find shares by querying the root if you\[aq]re unsure (e.g.
 \f[C]rclone lsd remote:\f[R]).
 .PP
 You can\[aq]t access to the shared printers from rclone, obviously.
@@ -54277,7 +55037,7 @@ Config: encoding
 .IP \[bu] 2
 Env Var: RCLONE_SMB_ENCODING
 .IP \[bu] 2
-Type: MultiEncoder
+Type: Encoding
 .IP \[bu] 2
 Default:
 Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
@@ -55005,7 +55765,7 @@ Paths may be as deep as required, e.g.
 \f[B]NB\f[R] you can\[aq]t create files in the top level folder you have
 to create a folder, which rclone will create as a \[dq]Sync Folder\[dq]
 with SugarSync.
-.SS Modified time and hashes
+.SS Modification times and hashes
 .PP
 SugarSync does not support modification times or hashes, therefore
 syncing will default to \f[C]--size-only\f[R] checking.
@@ -55195,7 +55955,7 @@ Config: encoding
 .IP \[bu] 2
 Env Var: RCLONE_SUGARSYNC_ENCODING
 .IP \[bu] 2
-Type: MultiEncoder
+Type: Encoding
 .IP \[bu] 2
 Default: Slash,Ctl,InvalidUtf8,Dot
 .SS Limitations
@@ -55313,9 +56073,10 @@ To copy a local directory to an Uptobox directory called backup
 rclone copy /home/source remote:backup
 \f[R]
 .fi
-.SS Modified time and hashes
+.SS Modification times and hashes
 .PP
 Uptobox supports neither modified times nor checksums.
+All timestamps will read as that set by \f[C]--default-time\f[R].
 .SS Restricted filename characters
 .PP
 In addition to the default restricted characters
@@ -55373,6 +56134,19 @@ Required: false
 .SS Advanced options
 .PP
 Here are the Advanced options specific to uptobox (Uptobox).
+.SS --uptobox-private
+.PP
+Set to make uploaded files private
+.PP
+Properties:
+.IP \[bu] 2
+Config: private
+.IP \[bu] 2
+Env Var: RCLONE_UPTOBOX_PRIVATE
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
 .SS --uptobox-encoding
 .PP
 The encoding for the backend.
@@ -55386,7 +56160,7 @@ Config: encoding
 .IP \[bu] 2
 Env Var: RCLONE_UPTOBOX_ENCODING
 .IP \[bu] 2
-Type: MultiEncoder
+Type: Encoding
 .IP \[bu] 2
 Default:
 Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot
@@ -55399,22 +56173,26 @@ days.
 used space can however been seen in the uptobox web interface.
 .SH Union
 .PP
-The \f[C]union\f[R] remote provides a unification similar to UnionFS
-using other remotes.
-.PP
-Paths may be as deep as required or a local path, e.g.
-\f[C]remote:directory/subdirectory\f[R] or
-\f[C]/directory/subdirectory\f[R].
+The \f[C]union\f[R] backend joins several remotes together to make a
+single unified view of them.
 .PP
 During the initial setup with \f[C]rclone config\f[R] you will specify
 the upstream remotes as a space separated list.
 The upstream remotes can either be a local paths or other remotes.
 .PP
-Attribute \f[C]:ro\f[R] and \f[C]:nc\f[R] can be attach to the end of
-path to tag the remote as \f[B]read only\f[R] or \f[B]no create\f[R],
-e.g.
+The attributes \f[C]:ro\f[R], \f[C]:nc\f[R] and \f[C]:writeback\f[R] can
+be attached to the end of the remote to tag the remote as \f[B]read
+only\f[R], \f[B]no create\f[R] or \f[B]writeback\f[R], e.g.
 \f[C]remote:directory/subdirectory:ro\f[R] or
 \f[C]remote:directory/subdirectory:nc\f[R].
+.IP \[bu] 2
+\f[C]:ro\f[R] means files will only be read from here and never written
+.IP \[bu] 2
+\f[C]:nc\f[R] means new files or directories won\[aq]t be created here
+.IP \[bu] 2
+\f[C]:writeback\f[R] means files found in different remotes will be
+written back here.
+See the writeback section for more info.
 .PP
 Subfolders can be used in upstream remotes.
 Assume a union remote named \f[C]backup\f[R] with the remotes
@@ -55422,8 +56200,7 @@ Assume a union remote named \f[C]backup\f[R] with the remotes
 Invoking \f[C]rclone mkdir backup:desktop\f[R] is exactly the same as
 invoking \f[C]rclone mkdir mydrive:private/backup/desktop\f[R].
 .PP
-There will be no special handling of paths containing \f[C]..\f[R]
-segments.
+There is no special handling of paths containing \f[C]..\f[R] segments.
 Invoking \f[C]rclone mkdir backup:../desktop\f[R] is exactly the same as
 invoking \f[C]rclone mkdir mydrive:private/backup/../desktop\f[R].
 .SS Configuration
@@ -55768,6 +56545,40 @@ Calls \f[B]all\f[R] and then randomizes.
 Returns only one upstream.
 T}
 .TE
+.SS Writeback
+.PP
+The tag \f[C]:writeback\f[R] on an upstream remote can be used to make a
+simple cache system like this:
+.IP
+.nf
+\f[C]
+[union]
+type = union
+action_policy = all
+create_policy = all
+search_policy = ff
+upstreams = /local:writeback remote:dir
+\f[R]
+.fi
+.PP
+When files are opened for read, if the file is in \f[C]remote:dir\f[R]
+but not \f[C]/local\f[R] then rclone will copy the file entirely into
+\f[C]/local\f[R] before returning a reference to the file in
+\f[C]/local\f[R].
+The copy will be done with the equivalent of \f[C]rclone copy\f[R] so
+will use \f[C]--multi-thread-streams\f[R] if configured.
+Any copies will be logged with an INFO log.
+.PP
+When files are written, they will be written to both
+\f[C]remote:dir\f[R] and \f[C]/local\f[R].
+.PP
+As many remotes as desired can be added to \f[C]upstreams\f[R] but there
+should only be one \f[C]:writeback\f[R] tag.
+.PP
+Rclone does not manage the \f[C]:writeback\f[R] remote in any way other
+than writing files back to it.
+So if you need to expire old files or manage the size then you will have
+to do this yourself.
 .SS Standard options
 .PP
 Here are the Standard options specific to union (Union merges the
@@ -55913,17 +56724,21 @@ Choose a number from below, or type in your own value
 url> https://example.com/remote.php/webdav/
 Name of the WebDAV site/service/software you are using
 Choose a number from below, or type in your own value
- 1 / Nextcloud
-   \[rs] \[dq]nextcloud\[dq]
- 2 / Owncloud
-   \[rs] \[dq]owncloud\[dq]
- 3 / Sharepoint Online, authenticated by Microsoft account.
-   \[rs] \[dq]sharepoint\[dq]
- 4 / Sharepoint with NTLM authentication. Usually self-hosted or on-premises.
-   \[rs] \[dq]sharepoint-ntlm\[dq]
- 5 / Other site/service or software
-   \[rs] \[dq]other\[dq]
-vendor> 1
+ 1 / Fastmail Files
+   \[rs] (fastmail)
+ 2 / Nextcloud
+   \[rs] (nextcloud)
+ 3 / Owncloud
+   \[rs] (owncloud)
+ 4 / Sharepoint Online, authenticated by Microsoft account
+   \[rs] (sharepoint)
+ 5 / Sharepoint with NTLM authentication, usually self-hosted or on-premises
+   \[rs] (sharepoint-ntlm)
+ 6 / rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
+   \[rs] (rclone)
+ 7 / Other site/service or software
+   \[rs] (other)
+vendor> 2
 User name
 user> user
 Password.
@@ -55979,14 +56794,15 @@ To copy a local directory to an WebDAV directory called backup
 rclone copy /home/source remote:backup
 \f[R]
 .fi
-.SS Modified time and hashes
+.SS Modification times and hashes
 .PP
 Plain WebDAV does not support modified times.
-However when used with Owncloud or Nextcloud rclone will support
-modified times.
+However when used with Fastmail Files, Owncloud or Nextcloud rclone will
+support modified times.
 .PP
 Likewise plain WebDAV does not support hashes, however when used with
-Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes.
+Fastmail Files, Owncloud or Nextcloud rclone will support SHA1 and MD5
+hashes.
 Depending on the exact version of Owncloud or Nextcloud hashes may
 appear on all objects, or only on objects which had a hash uploaded with
 them.
@@ -56026,6 +56842,12 @@ Required: false
 Examples:
 .RS 2
 .IP \[bu] 2
+\[dq]fastmail\[dq]
+.RS 2
+.IP \[bu] 2
+Fastmail Files
+.RE
+.IP \[bu] 2
 \[dq]nextcloud\[dq]
 .RS 2
 .IP \[bu] 2
@@ -56050,6 +56872,12 @@ Sharepoint Online, authenticated by Microsoft account
 Sharepoint with NTLM authentication, usually self-hosted or on-premises
 .RE
 .IP \[bu] 2
+\[dq]rclone\[dq]
+.RS 2
+.IP \[bu] 2
+rclone WebDAV server to serve a remote over HTTP via the WebDAV protocol
+.RE
+.IP \[bu] 2
 \[dq]other\[dq]
 .RS 2
 .IP \[bu] 2
@@ -56162,9 +56990,53 @@ Env Var: RCLONE_WEBDAV_HEADERS
 Type: CommaSepList
 .IP \[bu] 2
 Default:
+.SS --webdav-pacer-min-sleep
+.PP
+Minimum time to sleep between API calls.
+.PP
+Properties:
+.IP \[bu] 2
+Config: pacer_min_sleep
+.IP \[bu] 2
+Env Var: RCLONE_WEBDAV_PACER_MIN_SLEEP
+.IP \[bu] 2
+Type: Duration
+.IP \[bu] 2
+Default: 10ms
+.SS --webdav-nextcloud-chunk-size
+.PP
+Nextcloud upload chunk size.
+.PP
+We recommend configuring your NextCloud instance to increase the max
+chunk size to 1 GB for better upload performances.
+See
+https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#adjust-chunk-size-on-nextcloud-side
+.PP
+Set to 0 to disable chunked uploading.
+.PP
+Properties:
+.IP \[bu] 2
+Config: nextcloud_chunk_size
+.IP \[bu] 2
+Env Var: RCLONE_WEBDAV_NEXTCLOUD_CHUNK_SIZE
+.IP \[bu] 2
+Type: SizeSuffix
+.IP \[bu] 2
+Default: 10Mi
 .SS Provider notes
 .PP
 See below for notes on specific providers.
+.SS Fastmail Files
+.PP
+Use \f[C]https://webdav.fastmail.com/\f[R] or a subdirectory as the URL,
+and your Fastmail email \f[C]username\[at]domain.tld\f[R] as the
+username.
+Follow this
+documentation (https://www.fastmail.help/hc/en-us/articles/360058752854-App-passwords)
+to create an app password with access to \f[C]Files (WebDAV)\f[R] and
+use this as the password.
+.PP
+Fastmail supports modified times using the \f[C]X-OC-Mtime\f[R] header.
 .SS Owncloud
 .PP
 Click on the settings cog in the bottom right of the page and this will
@@ -56275,6 +57147,14 @@ datetime property to compare your documents:
 --ignore-size --ignore-checksum --update
 \f[R]
 .fi
+.SS Rclone
+.PP
+Use this option if you are hosting remotes over WebDAV provided by
+rclone.
+Read rclone serve webdav for more details.
+.PP
+rclone serve supports modified times using the \f[C]X-OC-Mtime\f[R]
+header.
 .SS dCache
 .PP
 dCache is a storage system that supports many protocols and
@@ -56470,14 +57350,13 @@ rclone sync --interactive /home/local/directory remote:directory
 .PP
 Yandex paths may be as deep as required, e.g.
 \f[C]remote:directory/subdirectory\f[R].
-.SS Modified time
+.SS Modification times and hashes
 .PP
 Modified times are supported and are stored accurate to 1 ns in custom
 metadata called \f[C]rclone_modified\f[R] in RFC3339 with nanoseconds
 format.
-.SS MD5 checksums
 .PP
-MD5 checksums are natively supported by Yandex Disk.
+The MD5 hash algorithm is natively supported by Yandex Disk.
 .SS Emptying Trash
 .PP
 If you wish to empty your trash you can use the
@@ -56602,7 +57481,7 @@ Config: encoding
 .IP \[bu] 2
 Env Var: RCLONE_YANDEX_ENCODING
 .IP \[bu] 2
-Type: MultiEncoder
+Type: Encoding
 .IP \[bu] 2
 Default: Slash,Del,Ctl,InvalidUtf8,Dot
 .SS Limitations
@@ -56757,12 +57636,11 @@ rclone sync --interactive /home/local/directory remote:directory
 .PP
 Zoho paths may be as deep as required, eg
 \f[C]remote:directory/subdirectory\f[R].
-.SS Modified time
+.SS Modification times and hashes
 .PP
 Modified times are currently not supported for Zoho Workdrive
-.SS Checksums
 .PP
-No checksums are supported.
+No hash algorithms are supported.
 .SS Usage information
 .PP
 To view your current quota you can use the
@@ -56922,7 +57800,7 @@ Config: encoding
 .IP \[bu] 2
 Env Var: RCLONE_ZOHO_ENCODING
 .IP \[bu] 2
-Type: MultiEncoder
+Type: Encoding
 .IP \[bu] 2
 Default: Del,Ctl,InvalidUtf8
 .SS Setting up your own client_id
@@ -56958,10 +57836,10 @@ For consistencies sake one can also configure a remote of type
 \f[C]local\f[R] in the config file, and access the local filesystem
 using rclone remote paths, e.g.
 \f[C]remote:path/to/wherever\f[R], but it is probably easier not to.
-.SS Modified time
+.SS Modification times
 .PP
-Rclone reads and writes the modified time using an accuracy determined
-by the OS.
+Rclone reads and writes the modification times using an accuracy
+determined by the OS.
 Typically this is 1ns on Linux, 10 ns on Windows and 1 Second on OS X.
 .SS Filenames
 .PP
@@ -57495,557 +58373,1922 @@ local storage, and store them as text files, with a
 The text file will contain the target of the symbolic link (see
 example).
 .PP
-This flag applies to all commands.
+This flag applies to all commands.
+.PP
+For example, supposing you have a directory structure like this
+.IP
+.nf
+\f[C]
+$ tree /tmp/a
+/tmp/a
+\[u251C]\[u2500]\[u2500] file1 -> ./file4
+\[u2514]\[u2500]\[u2500] file2 -> /home/user/file3
+\f[R]
+.fi
+.PP
+Copying the entire directory with \[aq]-l\[aq]
+.IP
+.nf
+\f[C]
+$ rclone copyto -l /tmp/a/file1 remote:/tmp/a/
+\f[R]
+.fi
+.PP
+The remote files are created with a \[aq].rclonelink\[aq] suffix
+.IP
+.nf
+\f[C]
+$ rclone ls remote:/tmp/a
+       5 file1.rclonelink
+      14 file2.rclonelink
+\f[R]
+.fi
+.PP
+The remote files will contain the target of the symbolic links
+.IP
+.nf
+\f[C]
+$ rclone cat remote:/tmp/a/file1.rclonelink
+\&./file4
+
+$ rclone cat remote:/tmp/a/file2.rclonelink
+/home/user/file3
+\f[R]
+.fi
+.PP
+Copying them back with \[aq]-l\[aq]
+.IP
+.nf
+\f[C]
+$ rclone copyto -l remote:/tmp/a/ /tmp/b/
+
+$ tree /tmp/b
+/tmp/b
+\[u251C]\[u2500]\[u2500] file1 -> ./file4
+\[u2514]\[u2500]\[u2500] file2 -> /home/user/file3
+\f[R]
+.fi
+.PP
+However, if copied back without \[aq]-l\[aq]
+.IP
+.nf
+\f[C]
+$ rclone copyto remote:/tmp/a/ /tmp/b/
+
+$ tree /tmp/b
+/tmp/b
+\[u251C]\[u2500]\[u2500] file1.rclonelink
+\[u2514]\[u2500]\[u2500] file2.rclonelink
+\f[R]
+.fi
+.PP
+Note that this flag is incompatible with \f[C]-copy-links\f[R] /
+\f[C]-L\f[R].
+.SS Restricting filesystems with --one-file-system
+.PP
+Normally rclone will recurse through filesystems as mounted.
+.PP
+However if you set \f[C]--one-file-system\f[R] or \f[C]-x\f[R] this
+tells rclone to stay in the filesystem specified by the root and not to
+recurse into different file systems.
+.PP
+For example if you have a directory hierarchy like this
+.IP
+.nf
+\f[C]
+root
+\[u251C]\[u2500]\[u2500] disk1     - disk1 mounted on the root
+\[br]\ \  \[u2514]\[u2500]\[u2500] file3 - stored on disk1
+\[u251C]\[u2500]\[u2500] disk2     - disk2 mounted on the root
+\[br]\ \  \[u2514]\[u2500]\[u2500] file4 - stored on disk12
+\[u251C]\[u2500]\[u2500] file1     - stored on the root disk
+\[u2514]\[u2500]\[u2500] file2     - stored on the root disk
+\f[R]
+.fi
+.PP
+Using \f[C]rclone --one-file-system copy root remote:\f[R] will only
+copy \f[C]file1\f[R] and \f[C]file2\f[R].
+Eg
+.IP
+.nf
+\f[C]
+$ rclone -q --one-file-system ls root
+        0 file1
+        0 file2
+\f[R]
+.fi
+.IP
+.nf
+\f[C]
+$ rclone -q ls root
+        0 disk1/file3
+        0 disk2/file4
+        0 file1
+        0 file2
+\f[R]
+.fi
+.PP
+\f[B]NB\f[R] Rclone (like most unix tools such as \f[C]du\f[R],
+\f[C]rsync\f[R] and \f[C]tar\f[R]) treats a bind mount to the same
+device as being on the same filesystem.
+.PP
+\f[B]NB\f[R] This flag is only available on Unix based systems.
+On systems where it isn\[aq]t supported (e.g.
+Windows) it will be ignored.
+.SS Advanced options
+.PP
+Here are the Advanced options specific to local (Local Disk).
+.SS --local-nounc
+.PP
+Disable UNC (long path names) conversion on Windows.
+.PP
+Properties:
+.IP \[bu] 2
+Config: nounc
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_NOUNC
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.IP \[bu] 2
+Examples:
+.RS 2
+.IP \[bu] 2
+\[dq]true\[dq]
+.RS 2
+.IP \[bu] 2
+Disables long file names.
+.RE
+.RE
+.SS --copy-links / -L
+.PP
+Follow symlinks and copy the pointed to item.
+.PP
+Properties:
+.IP \[bu] 2
+Config: copy_links
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_COPY_LINKS
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --links / -l
+.PP
+Translate symlinks to/from regular files with a \[aq].rclonelink\[aq]
+extension.
+.PP
+Properties:
+.IP \[bu] 2
+Config: links
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_LINKS
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --skip-links
+.PP
+Don\[aq]t warn about skipped symlinks.
+.PP
+This flag disables warning messages on skipped symlinks or junction
+points, as you explicitly acknowledge that they should be skipped.
+.PP
+Properties:
+.IP \[bu] 2
+Config: skip_links
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_SKIP_LINKS
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-zero-size-links
+.PP
+Assume the Stat size of links is zero (and read them instead)
+(deprecated).
+.PP
+Rclone used to use the Stat size of links as the link size, but this
+fails in quite a few places:
+.IP \[bu] 2
+Windows
+.IP \[bu] 2
+On some virtual filesystems (such ash LucidLink)
+.IP \[bu] 2
+Android
+.PP
+So rclone now always reads the link.
+.PP
+Properties:
+.IP \[bu] 2
+Config: zero_size_links
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_ZERO_SIZE_LINKS
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-unicode-normalization
+.PP
+Apply unicode NFC normalization to paths and filenames.
+.PP
+This flag can be used to normalize file names into unicode NFC form that
+are read from the local filesystem.
+.PP
+Rclone does not normally touch the encoding of file names it reads from
+the file system.
+.PP
+This can be useful when using macOS as it normally provides decomposed
+(NFD) unicode which in some language (eg Korean) doesn\[aq]t display
+properly on some OSes.
+.PP
+Note that rclone compares filenames with unicode normalization in the
+sync routine so this flag shouldn\[aq]t normally be used.
+.PP
+Properties:
+.IP \[bu] 2
+Config: unicode_normalization
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_UNICODE_NORMALIZATION
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-no-check-updated
+.PP
+Don\[aq]t check to see if the files change during upload.
+.PP
+Normally rclone checks the size and modification time of files as they
+are being uploaded and aborts with a message which starts \[dq]can\[aq]t
+copy - source file is being updated\[dq] if the file changes during
+upload.
+.PP
+However on some file systems this modification time check may fail (e.g.
+Glusterfs #2206 (https://github.com/rclone/rclone/issues/2206)) so this
+check can be disabled with this flag.
+.PP
+If this flag is set, rclone will use its best efforts to transfer a file
+which is being updated.
+If the file is only having things appended to it (e.g.
+a log) then rclone will transfer the log file with the size it had the
+first time rclone saw it.
+.PP
+If the file is being modified throughout (not just appended to) then the
+transfer may fail with a hash check failure.
+.PP
+In detail, once the file has had stat() called on it for the first time
+we:
+.IP \[bu] 2
+Only transfer the size that stat gave
+.IP \[bu] 2
+Only checksum the size that stat gave
+.IP \[bu] 2
+Don\[aq]t update the stat info for the file
+.PP
+\f[B]NB\f[R] do not use this flag on a Windows Volume Shadow (VSS).
+For some unknown reason, files in a VSS sometimes show different sizes
+from the directory listing (where the initial stat value comes from on
+Windows) and when stat is called on them directly.
+Other copy tools always use the direct stat value and setting this flag
+will disable that.
+.PP
+Properties:
+.IP \[bu] 2
+Config: no_check_updated
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_NO_CHECK_UPDATED
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --one-file-system / -x
+.PP
+Don\[aq]t cross filesystem boundaries (unix/macOS only).
+.PP
+Properties:
+.IP \[bu] 2
+Config: one_file_system
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_ONE_FILE_SYSTEM
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-case-sensitive
+.PP
+Force the filesystem to report itself as case sensitive.
+.PP
+Normally the local backend declares itself as case insensitive on
+Windows/macOS and case sensitive for everything else.
+Use this flag to override the default choice.
+.PP
+Properties:
+.IP \[bu] 2
+Config: case_sensitive
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_CASE_SENSITIVE
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-case-insensitive
+.PP
+Force the filesystem to report itself as case insensitive.
+.PP
+Normally the local backend declares itself as case insensitive on
+Windows/macOS and case sensitive for everything else.
+Use this flag to override the default choice.
+.PP
+Properties:
+.IP \[bu] 2
+Config: case_insensitive
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_CASE_INSENSITIVE
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-no-preallocate
+.PP
+Disable preallocation of disk space for transferred files.
+.PP
+Preallocation of disk space helps prevent filesystem fragmentation.
+However, some virtual filesystem layers (such as Google Drive File
+Stream) may incorrectly set the actual file size equal to the
+preallocated space, causing checksum and file size checks to fail.
+Use this flag to disable preallocation.
+.PP
+Properties:
+.IP \[bu] 2
+Config: no_preallocate
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_NO_PREALLOCATE
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-no-sparse
+.PP
+Disable sparse files for multi-thread downloads.
+.PP
+On Windows platforms rclone will make sparse files when doing
+multi-thread downloads.
+This avoids long pauses on large files where the OS zeros the file.
+However sparse files may be undesirable as they cause disk fragmentation
+and can be slow to work with.
+.PP
+Properties:
+.IP \[bu] 2
+Config: no_sparse
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_NO_SPARSE
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-no-set-modtime
+.PP
+Disable setting modtime.
+.PP
+Normally rclone updates modification time of files after they are done
+uploading.
+This can cause permissions issues on Linux platforms when the user
+rclone is running as does not own the file uploaded, such as when
+copying to a CIFS mount owned by another user.
+If this option is enabled, rclone will no longer update the modtime
+after copying a file.
+.PP
+Properties:
+.IP \[bu] 2
+Config: no_set_modtime
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_NO_SET_MODTIME
+.IP \[bu] 2
+Type: bool
+.IP \[bu] 2
+Default: false
+.SS --local-encoding
+.PP
+The encoding for the backend.
+.PP
+See the encoding section in the
+overview (https://rclone.org/overview/#encoding) for more info.
+.PP
+Properties:
+.IP \[bu] 2
+Config: encoding
+.IP \[bu] 2
+Env Var: RCLONE_LOCAL_ENCODING
+.IP \[bu] 2
+Type: Encoding
+.IP \[bu] 2
+Default: Slash,Dot
+.SS Metadata
+.PP
+Depending on which OS is in use the local backend may return only some
+of the system metadata.
+Setting system metadata is supported on all OSes but setting user
+metadata is only supported on linux, freebsd, netbsd, macOS and Solaris.
+It is \f[B]not\f[R] supported on Windows yet (see
+pkg/attrs#47 (https://github.com/pkg/xattr/issues/47)).
 .PP
-For example, supposing you have a directory structure like this
-.IP
-.nf
-\f[C]
-$ tree /tmp/a
-/tmp/a
-\[u251C]\[u2500]\[u2500] file1 -> ./file4
-\[u2514]\[u2500]\[u2500] file2 -> /home/user/file3
-\f[R]
-.fi
+User metadata is stored as extended attributes (which may not be
+supported by all file systems) under the \[dq]user.*\[dq] prefix.
 .PP
-Copying the entire directory with \[aq]-l\[aq]
-.IP
-.nf
-\f[C]
-$ rclone copyto -l /tmp/a/file1 remote:/tmp/a/
-\f[R]
-.fi
+Here are the possible system metadata items for the local backend.
 .PP
-The remote files are created with a \[aq].rclonelink\[aq] suffix
-.IP
-.nf
-\f[C]
-$ rclone ls remote:/tmp/a
-       5 file1.rclonelink
-      14 file2.rclonelink
-\f[R]
-.fi
+.TS
+tab(@);
+lw(11.1n) lw(11.1n) lw(11.1n) lw(16.6n) lw(20.3n).
+T{
+Name
+T}@T{
+Help
+T}@T{
+Type
+T}@T{
+Example
+T}@T{
+Read Only
+T}
+_
+T{
+atime
+T}@T{
+Time of last access
+T}@T{
+RFC 3339
+T}@T{
+2006-01-02T15:04:05.999999999Z07:00
+T}@T{
+N
+T}
+T{
+btime
+T}@T{
+Time of file birth (creation)
+T}@T{
+RFC 3339
+T}@T{
+2006-01-02T15:04:05.999999999Z07:00
+T}@T{
+N
+T}
+T{
+gid
+T}@T{
+Group ID of owner
+T}@T{
+decimal number
+T}@T{
+500
+T}@T{
+N
+T}
+T{
+mode
+T}@T{
+File type and mode
+T}@T{
+octal, unix style
+T}@T{
+0100664
+T}@T{
+N
+T}
+T{
+mtime
+T}@T{
+Time of last modification
+T}@T{
+RFC 3339
+T}@T{
+2006-01-02T15:04:05.999999999Z07:00
+T}@T{
+N
+T}
+T{
+rdev
+T}@T{
+Device ID (if special file)
+T}@T{
+hexadecimal
+T}@T{
+1abc
+T}@T{
+N
+T}
+T{
+uid
+T}@T{
+User ID of owner
+T}@T{
+decimal number
+T}@T{
+500
+T}@T{
+N
+T}
+.TE
 .PP
-The remote files will contain the target of the symbolic links
-.IP
-.nf
-\f[C]
-$ rclone cat remote:/tmp/a/file1.rclonelink
-\&./file4
-
-$ rclone cat remote:/tmp/a/file2.rclonelink
-/home/user/file3
-\f[R]
-.fi
+See the metadata (https://rclone.org/docs/#metadata) docs for more info.
+.SS Backend commands
 .PP
-Copying them back with \[aq]-l\[aq]
-.IP
-.nf
-\f[C]
-$ rclone copyto -l remote:/tmp/a/ /tmp/b/
-
-$ tree /tmp/b
-/tmp/b
-\[u251C]\[u2500]\[u2500] file1 -> ./file4
-\[u2514]\[u2500]\[u2500] file2 -> /home/user/file3
-\f[R]
-.fi
+Here are the commands specific to the local backend.
 .PP
-However, if copied back without \[aq]-l\[aq]
+Run them with
 .IP
 .nf
 \f[C]
-$ rclone copyto remote:/tmp/a/ /tmp/b/
-
-$ tree /tmp/b
-/tmp/b
-\[u251C]\[u2500]\[u2500] file1.rclonelink
-\[u2514]\[u2500]\[u2500] file2.rclonelink
+rclone backend COMMAND remote:
 \f[R]
 .fi
 .PP
-Note that this flag is incompatible with \f[C]-copy-links\f[R] /
-\f[C]-L\f[R].
-.SS Restricting filesystems with --one-file-system
+The help below will explain what arguments each command takes.
 .PP
-Normally rclone will recurse through filesystems as mounted.
+See the backend (https://rclone.org/commands/rclone_backend/) command
+for more info on how to pass options and arguments.
 .PP
-However if you set \f[C]--one-file-system\f[R] or \f[C]-x\f[R] this
-tells rclone to stay in the filesystem specified by the root and not to
-recurse into different file systems.
+These can be run on a running backend using the rc command
+backend/command (https://rclone.org/rc/#backend-command).
+.SS noop
 .PP
-For example if you have a directory hierarchy like this
+A null operation for testing backend commands
 .IP
 .nf
 \f[C]
-root
-\[u251C]\[u2500]\[u2500] disk1     - disk1 mounted on the root
-\[br]\ \  \[u2514]\[u2500]\[u2500] file3 - stored on disk1
-\[u251C]\[u2500]\[u2500] disk2     - disk2 mounted on the root
-\[br]\ \  \[u2514]\[u2500]\[u2500] file4 - stored on disk12
-\[u251C]\[u2500]\[u2500] file1     - stored on the root disk
-\[u2514]\[u2500]\[u2500] file2     - stored on the root disk
+rclone backend noop remote: [options] [<arguments>+]
 \f[R]
 .fi
 .PP
-Using \f[C]rclone --one-file-system copy root remote:\f[R] will only
-copy \f[C]file1\f[R] and \f[C]file2\f[R].
-Eg
-.IP
-.nf
-\f[C]
-$ rclone -q --one-file-system ls root
-        0 file1
-        0 file2
-\f[R]
-.fi
-.IP
-.nf
-\f[C]
-$ rclone -q ls root
-        0 disk1/file3
-        0 disk2/file4
-        0 file1
-        0 file2
-\f[R]
-.fi
+This is a test command which has some options you can try to change the
+output.
 .PP
-\f[B]NB\f[R] Rclone (like most unix tools such as \f[C]du\f[R],
-\f[C]rsync\f[R] and \f[C]tar\f[R]) treats a bind mount to the same
-device as being on the same filesystem.
+Options:
+.IP \[bu] 2
+\[dq]echo\[dq]: echo the input arguments
+.IP \[bu] 2
+\[dq]error\[dq]: return an error based on option value
+.SH Changelog
+.SS v1.65.0 - 2023-11-26
 .PP
-\f[B]NB\f[R] This flag is only available on Unix based systems.
-On systems where it isn\[aq]t supported (e.g.
-Windows) it will be ignored.
-.SS Advanced options
+See commits (https://github.com/rclone/rclone/compare/v1.64.0...v1.65.0)
+.IP \[bu] 2
+New backends
+.RS 2
+.IP \[bu] 2
+Azure Files (karan, moongdal, Nick Craig-Wood)
+.IP \[bu] 2
+ImageKit (Abhinav Dhiman)
+.IP \[bu] 2
+Linkbox (viktor, Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+New commands
+.RS 2
+.IP \[bu] 2
+\f[C]serve s3\f[R]: Let rclone act as an S3 compatible server (Mikubill,
+Artur Neumann, Saw-jan, Nick Craig-Wood)
+.IP \[bu] 2
+\f[C]nfsmount\f[R]: mount command to provide mount mechanism on macOS
+without FUSE (Saleh Dindar)
+.IP \[bu] 2
+\f[C]serve nfs\f[R]: to serve a remote for use by \f[C]nfsmount\f[R]
+(Saleh Dindar)
+.RE
+.IP \[bu] 2
+New Features
+.RS 2
+.IP \[bu] 2
+install.sh: Clean up temp files in install script (Jacob Hands)
+.IP \[bu] 2
+build
+.RS 2
+.IP \[bu] 2
+Update all dependencies (Nick Craig-Wood)
+.IP \[bu] 2
+Refactor version info and icon resource handling on windows (albertony)
+.RE
+.IP \[bu] 2
+doc updates (albertony, alfish2000, asdffdsazqqq, Dimitri Papadopoulos,
+Herby Gillot, Joda St\[:o]\[ss]er, Manoj Ghosh, Nick Craig-Wood)
+.IP \[bu] 2
+Implement \f[C]--metadata-mapper\f[R] to transform metatadata with a
+user supplied program (Nick Craig-Wood)
+.IP \[bu] 2
+Add \f[C]ChunkWriterDoesntSeek\f[R] feature flag and set it for b2 (Nick
+Craig-Wood)
+.IP \[bu] 2
+lib/http: Export basic go string functions for use in
+\f[C]--template\f[R] (Gabriel Espinoza)
+.IP \[bu] 2
+makefile: Use POSIX compatible install arguments (Mina Gali\['c])
+.IP \[bu] 2
+operations
+.RS 2
+.IP \[bu] 2
+Use less memory when doing multithread uploads (Nick Craig-Wood)
+.IP \[bu] 2
+Implement \f[C]--partial-suffix\f[R] to control extension of temporary
+file names (Volodymyr)
+.RE
+.IP \[bu] 2
+rc
+.RS 2
+.IP \[bu] 2
+Add \f[C]operations/check\f[R] to the rc API (Nick Craig-Wood)
+.IP \[bu] 2
+Always report an error as JSON (Nick Craig-Wood)
+.IP \[bu] 2
+Set \f[C]Last-Modified\f[R] header for files served by
+\f[C]--rc-serve\f[R] (Nikita Shoshin)
+.RE
+.IP \[bu] 2
+size: Dont show duplicate object count when less than 1k (albertony)
+.RE
+.IP \[bu] 2
+Bug Fixes
+.RS 2
+.IP \[bu] 2
+fshttp: Fix \f[C]--contimeout\f[R] being ignored
+(\[u4F60]\[u77E5]\[u9053]\[u672A]\[u6765]\[u5417])
+.IP \[bu] 2
+march: Fix excessive parallelism when using \f[C]--no-traverse\f[R]
+(Nick Craig-Wood)
+.IP \[bu] 2
+ncdu: Fix crash when re-entering changed directory after rescan (Nick
+Craig-Wood)
+.IP \[bu] 2
+operations
+.RS 2
+.IP \[bu] 2
+Fix overwrite of destination when multi-thread transfer fails (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix invalid UTF-8 when truncating file names when not using
+\f[C]--inplace\f[R] (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+serve dnla: Fix crash on graceful exit (wuxingzhong)
+.RE
+.IP \[bu] 2
+Mount
+.RS 2
+.IP \[bu] 2
+Disable mount for freebsd and alias cmount as mount on that platform
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+VFS
+.RS 2
+.IP \[bu] 2
+Add \f[C]--vfs-refresh\f[R] flag to read all the directories on start
+(Beyond Meat)
+.IP \[bu] 2
+Implement Name() method in WriteFileHandle and ReadFileHandle (Saleh
+Dindar)
+.IP \[bu] 2
+Add go-billy dependency and make sure vfs.Handle implements billy.File
+(Saleh Dindar)
+.IP \[bu] 2
+Error out early if can\[aq]t upload 0 length file (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Local
+.RS 2
+.IP \[bu] 2
+Fix copying from Windows Volume Shadows (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Azure Blob
+.RS 2
+.IP \[bu] 2
+Add support for cold tier (Ivan Yanitra)
+.RE
+.IP \[bu] 2
+B2
+.RS 2
+.IP \[bu] 2
+Implement \[dq]rclone backend lifecycle\[dq] to read and set bucket
+lifecycles (Nick Craig-Wood)
+.IP \[bu] 2
+Implement \f[C]--b2-lifecycle\f[R] to control lifecycle when creating
+buckets (Nick Craig-Wood)
+.IP \[bu] 2
+Fix listing all buckets when not needed (Nick Craig-Wood)
+.IP \[bu] 2
+Fix multi-thread upload with copyto going to wrong name (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix server side chunked copy when file size was exactly
+\f[C]--b2-copy-cutoff\f[R] (Nick Craig-Wood)
+.IP \[bu] 2
+Fix streaming chunked files an exact multiple of chunk size (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+Box
+.RS 2
+.IP \[bu] 2
+Filter more EventIDs when polling (David Sze)
+.IP \[bu] 2
+Add more logging for polling (David Sze)
+.IP \[bu] 2
+Fix performance problem reading metadata for single files (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+Drive
+.RS 2
+.IP \[bu] 2
+Add read/write metadata support (Nick Craig-Wood)
+.IP \[bu] 2
+Add support for SHA-1 and SHA-256 checksums (rinsuki)
+.IP \[bu] 2
+Add \f[C]--drive-show-all-gdocs\f[R] to allow unexportable gdocs to be
+server side copied (Nick Craig-Wood)
+.IP \[bu] 2
+Add a note that \f[C]--drive-scope\f[R] accepts comma-separated list of
+scopes (Keigo Imai)
+.IP \[bu] 2
+Fix error updating created time metadata on existing object (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix integration tests by enabling metadata support from the context
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Dropbox
+.RS 2
+.IP \[bu] 2
+Factor batcher into lib/batcher (Nick Craig-Wood)
+.IP \[bu] 2
+Fix missing encoding for rclone purge (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Google Cloud Storage
+.RS 2
+.IP \[bu] 2
+Fix 400 Bad request errors when using multi-thread copy (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+Googlephotos
+.RS 2
+.IP \[bu] 2
+Implement batcher for uploads (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Hdfs
+.RS 2
+.IP \[bu] 2
+Added support for list of namenodes in hdfs remote config
+(Tayo-pasedaRJ)
+.RE
+.IP \[bu] 2
+HTTP
+.RS 2
+.IP \[bu] 2
+Implement set backend command to update running backend (Nick
+Craig-Wood)
+.IP \[bu] 2
+Enable methods used with WebDAV (Alen \[vS]iljak)
+.RE
+.IP \[bu] 2
+Jottacloud
+.RS 2
+.IP \[bu] 2
+Add support for reading and writing metadata (albertony)
+.RE
+.IP \[bu] 2
+Onedrive
+.RS 2
+.IP \[bu] 2
+Implement ListR method which gives \f[C]--fast-list\f[R] support (Nick
+Craig-Wood)
+.RS 2
+.IP \[bu] 2
+This must be enabled with the \f[C]--onedrive-delta\f[R] flag
+.RE
+.RE
+.IP \[bu] 2
+Quatrix
+.RS 2
+.IP \[bu] 2
+Add partial upload support (Oksana Zhykina)
+.IP \[bu] 2
+Overwrite files on conflict during server-side move (Oksana Zhykina)
+.RE
+.IP \[bu] 2
+S3
+.RS 2
+.IP \[bu] 2
+Add Linode provider (Nick Craig-Wood)
+.IP \[bu] 2
+Add docs on how to add a new provider (Nick Craig-Wood)
+.IP \[bu] 2
+Fix no error being returned when creating a bucket we don\[aq]t own
+(Nick Craig-Wood)
+.IP \[bu] 2
+Emit a debug message if anonymous credentials are in use (Nick
+Craig-Wood)
+.IP \[bu] 2
+Add \f[C]--s3-disable-multipart-uploads\f[R] flag (Nick Craig-Wood)
+.IP \[bu] 2
+Detect looping when using gcs and versions (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+SFTP
+.RS 2
+.IP \[bu] 2
+Implement \f[C]--sftp-copy-is-hardlink\f[R] to server side copy as
+hardlink (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Smb
+.RS 2
+.IP \[bu] 2
+Fix incorrect \f[C]about\f[R] size by switching to
+\f[C]github.com/cloudsoda/go-smb2\f[R] fork (Nick Craig-Wood)
+.IP \[bu] 2
+Fix modtime of multithread uploads by setting PartialUploads (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+WebDAV
+.RS 2
+.IP \[bu] 2
+Added an rclone vendor to work with \f[C]rclone serve webdav\f[R]
+(Adithya Kumar)
+.RE
+.SS v1.64.2 - 2023-10-19
 .PP
-Here are the Advanced options specific to local (Local Disk).
-.SS --local-nounc
+See commits (https://github.com/rclone/rclone/compare/v1.64.1...v1.64.2)
+.IP \[bu] 2
+Bug Fixes
+.RS 2
+.IP \[bu] 2
+selfupdate: Fix \[dq]invalid hashsum signature\[dq] error (Nick
+Craig-Wood)
+.IP \[bu] 2
+build: Fix docker build running out of space (Nick Craig-Wood)
+.RE
+.SS v1.64.1 - 2023-10-17
 .PP
-Disable UNC (long path names) conversion on Windows.
+See commits (https://github.com/rclone/rclone/compare/v1.64.0...v1.64.1)
+.IP \[bu] 2
+Bug Fixes
+.RS 2
+.IP \[bu] 2
+cmd: Make \f[C]--progress\f[R] output logs in the same format as without
+(Nick Craig-Wood)
+.IP \[bu] 2
+docs fixes (Dimitri Papadopoulos Orfanos, Herby Gillot, Manoj Ghosh,
+Nick Craig-Wood)
+.IP \[bu] 2
+lsjson: Make sure we set the global metadata flag too (Nick Craig-Wood)
+.IP \[bu] 2
+operations
+.RS 2
+.IP \[bu] 2
+Ensure concurrency is no greater than the number of chunks (Pat
+Patterson)
+.IP \[bu] 2
+Fix OpenOptions ignored in copy if operation was a multiThreadCopy
+(Vitor Gomes)
+.IP \[bu] 2
+Fix error message on delete to have file name (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+serve sftp: Return not supported error for not supported commands (Nick
+Craig-Wood)
+.IP \[bu] 2
+build: Upgrade golang.org/x/net to v0.17.0 to fix HTTP/2 rapid reset
+(Nick Craig-Wood)
+.IP \[bu] 2
+pacer: Fix b2 deadlock by defaulting max connections to unlimited (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+Mount
+.RS 2
+.IP \[bu] 2
+Fix automount not detecting drive is ready (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+VFS
+.RS 2
+.IP \[bu] 2
+Fix update dir modification time (Saleh Dindar)
+.RE
+.IP \[bu] 2
+Azure Blob
+.RS 2
+.IP \[bu] 2
+Fix \[dq]fatal error: concurrent map writes\[dq] (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+B2
+.RS 2
+.IP \[bu] 2
+Fix multipart upload: corrupted on transfer: sizes differ XXX vs 0 (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix locking window when getting mutipart upload URL (Nick Craig-Wood)
+.IP \[bu] 2
+Fix server side copies greater than 4GB (Nick Craig-Wood)
+.IP \[bu] 2
+Fix chunked streaming uploads (Nick Craig-Wood)
+.IP \[bu] 2
+Reduce default \f[C]--b2-upload-concurrency\f[R] to 4 to reduce memory
+usage (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Onedrive
+.RS 2
+.IP \[bu] 2
+Fix the configurator to allow \f[C]/teams/ID\f[R] in the config (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+Oracleobjectstorage
+.RS 2
+.IP \[bu] 2
+Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+S3
+.RS 2
+.IP \[bu] 2
+Fix slice bounds out of range error when listing (Nick Craig-Wood)
+.IP \[bu] 2
+Fix OpenOptions being ignored in uploadMultipart with chunkWriter (Vitor
+Gomes)
+.RE
+.IP \[bu] 2
+Storj
+.RS 2
+.IP \[bu] 2
+Update storj.io/uplink to v1.12.0 (Kaloyan Raev)
+.RE
+.SS v1.64.0 - 2023-09-11
 .PP
-Properties:
+See commits (https://github.com/rclone/rclone/compare/v1.63.0...v1.64.0)
+.IP \[bu] 2
+New backends
+.RS 2
+.IP \[bu] 2
+Proton Drive (https://rclone.org/protondrive/) (Chun-Hung Tseng)
+.IP \[bu] 2
+Quatrix (https://rclone.org/quatrix/) (Oksana, Volodymyr Kit)
+.IP \[bu] 2
+New S3 providers
+.RS 2
+.IP \[bu] 2
+Synology C2 (https://rclone.org/s3/#synology-c2) (BakaWang)
+.IP \[bu] 2
+Leviia (https://rclone.org/s3/#leviia) (Benjamin)
+.RE
 .IP \[bu] 2
-Config: nounc
+New Jottacloud providers
+.RS 2
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_NOUNC
+Onlime (https://rclone.org/jottacloud/) (Fjodor42)
 .IP \[bu] 2
-Type: bool
+Telia Sky (https://rclone.org/jottacloud/) (NoLooseEnds)
+.RE
+.RE
 .IP \[bu] 2
-Default: false
+Major changes
+.RS 2
 .IP \[bu] 2
-Examples:
+Multi-thread transfers (Vitor Gomes, Nick Craig-Wood, Manoj Ghosh, Edwin
+Mackenzie-Owen)
 .RS 2
 .IP \[bu] 2
-\[dq]true\[dq]
+Multi-thread transfers are now available when transferring to:
 .RS 2
 .IP \[bu] 2
-Disables long file names.
+\f[C]local\f[R], \f[C]s3\f[R], \f[C]azureblob\f[R], \f[C]b2\f[R],
+\f[C]oracleobjectstorage\f[R] and \f[C]smb\f[R]
+.RE
+.IP \[bu] 2
+This greatly improves transfer speed between two network sources.
+.IP \[bu] 2
+In memory buffering has been unified between all backends and should
+share memory better.
+.IP \[bu] 2
+See --multi-thread docs (https://rclone.org/docs/#multi-thread-cutoff)
+for more info
 .RE
 .RE
-.SS --copy-links / -L
-.PP
-Follow symlinks and copy the pointed to item.
-.PP
-Properties:
 .IP \[bu] 2
-Config: copy_links
+New commands
+.RS 2
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_COPY_LINKS
+\f[C]rclone config redacted\f[R] support mechanism for showing redacted
+config (Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Type: bool
+New Features
+.RS 2
 .IP \[bu] 2
-Default: false
-.SS --links / -l
+accounting
+.RS 2
+.IP \[bu] 2
+Show server side stats in own lines and not as bytes transferred (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+bisync
+.RS 2
+.IP \[bu] 2
+Add new \f[C]--ignore-listing-checksum\f[R] flag to distinguish from
+\f[C]--ignore-checksum\f[R] (nielash)
+.IP \[bu] 2
+Add experimental \f[C]--resilient\f[R] mode to allow recovery from
+self-correctable errors (nielash)
+.IP \[bu] 2
+Add support for \f[C]--create-empty-src-dirs\f[R] (nielash)
+.IP \[bu] 2
+Dry runs no longer commit filter changes (nielash)
+.IP \[bu] 2
+Enforce \f[C]--check-access\f[R] during \f[C]--resync\f[R] (nielash)
+.IP \[bu] 2
+Apply filters correctly during deletes (nielash)
+.IP \[bu] 2
+Equality check before renaming (leave identical files alone) (nielash)
+.IP \[bu] 2
+Fix \f[C]dryRun\f[R] rc parameter being ignored (nielash)
+.RE
+.IP \[bu] 2
+build
+.RS 2
+.IP \[bu] 2
+Update to \f[C]go1.21\f[R] and make \f[C]go1.19\f[R] the minimum
+required version (Anagh Kumar Baranwal, Nick Craig-Wood)
+.IP \[bu] 2
+Update dependencies (Nick Craig-Wood)
+.IP \[bu] 2
+Add snap installation (hideo aoyama)
+.IP \[bu] 2
+Change Winget Releaser job to \f[C]ubuntu-latest\f[R] (sitiom)
+.RE
+.IP \[bu] 2
+cmd: Refactor and use sysdnotify in more commands (eNV25)
+.IP \[bu] 2
+config: Add \f[C]--multi-thread-chunk-size\f[R] flag (Vitor Gomes)
+.IP \[bu] 2
+doc updates (antoinetran, Benjamin, Bj\[/o]rn Smith, Dean Attali,
+gabriel-suela, James Braza, Justin Hellings, kapitainsky, Mahad,
+Masamune3210, Nick Craig-Wood, Nihaal Sangha, Niklas Hamb\[:u]chen,
+Raymond Berger, r-ricci, Sawada Tsunayoshi, Tiago Boeing, Vladislav
+Vorobev)
+.IP \[bu] 2
+fs
+.RS 2
+.IP \[bu] 2
+Use atomic types everywhere (Roberto Ricci)
+.IP \[bu] 2
+When \f[C]--max-transfer\f[R] limit is reached exit with code (10)
+(kapitainsky)
+.IP \[bu] 2
+Add rclone completion powershell - basic implementation only (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+http servers: Allow CORS to be set with \f[C]--allow-origin\f[R] flag
+(yuudi)
+.IP \[bu] 2
+lib/rest: Remove unnecessary \f[C]nil\f[R] check (Eng Zer Jun)
+.IP \[bu] 2
+ncdu: Add keybinding to rescan filesystem (eNV25)
+.IP \[bu] 2
+rc
+.RS 2
+.IP \[bu] 2
+Add \f[C]executeId\f[R] to job listings (yuudi)
+.IP \[bu] 2
+Add \f[C]core/du\f[R] to measure local disk usage (Nick Craig-Wood)
+.IP \[bu] 2
+Add \f[C]operations/settier\f[R] to API (Drew Stinnett)
+.RE
+.IP \[bu] 2
+rclone test info: Add \f[C]--check-base32768\f[R] flag to check can
+store all base32768 characters (Nick Craig-Wood)
+.IP \[bu] 2
+rmdirs: Remove directories concurrently controlled by
+\f[C]--checkers\f[R] (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Bug Fixes
+.RS 2
+.IP \[bu] 2
+accounting: Don\[aq]t stop calculating average transfer speed until the
+operation is complete (Jacob Hands)
+.IP \[bu] 2
+fs: Fix \f[C]transferTime\f[R] not being set in JSON logs (Jacob Hands)
+.IP \[bu] 2
+fshttp: Fix \f[C]--bind 0.0.0.0\f[R] allowing IPv6 and
+\f[C]--bind ::0\f[R] allowing IPv4 (Nick Craig-Wood)
+.IP \[bu] 2
+operations: Fix overlapping check on case insensitive file systems (Nick
+Craig-Wood)
+.IP \[bu] 2
+serve dlna: Fix MIME type if backend can\[aq]t identify it (Nick
+Craig-Wood)
+.IP \[bu] 2
+serve ftp: Fix race condition when using the auth proxy (Nick
+Craig-Wood)
+.IP \[bu] 2
+serve sftp: Fix hash calculations with \f[C]--vfs-cache-mode full\f[R]
+(Nick Craig-Wood)
+.IP \[bu] 2
+serve webdav: Fix error: Expecting fs.Object or fs.Directory, got
+\f[C]nil\f[R] (Nick Craig-Wood)
+.IP \[bu] 2
+sync: Fix lockup with \f[C]--cutoff-mode=soft\f[R] and
+\f[C]--max-duration\f[R] (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Mount
+.RS 2
+.IP \[bu] 2
+fix: Mount parsing for linux (Anagh Kumar Baranwal)
+.RE
+.IP \[bu] 2
+VFS
+.RS 2
+.IP \[bu] 2
+Add \f[C]--vfs-cache-min-free-space\f[R] to control minimum free space
+on the disk containing the cache (Nick Craig-Wood)
+.IP \[bu] 2
+Added cache cleaner for directories to reduce memory usage (Anagh Kumar
+Baranwal)
+.IP \[bu] 2
+Update parent directory modtimes on vfs actions (David Pedersen)
+.IP \[bu] 2
+Keep virtual directory status accurate and reduce deadlock potential
+(Anagh Kumar Baranwal)
+.IP \[bu] 2
+Make sure struct field is aligned for atomic access (Roberto Ricci)
+.RE
+.IP \[bu] 2
+Local
+.RS 2
+.IP \[bu] 2
+Rmdir return an error if the path is not a dir (zjx20)
+.RE
+.IP \[bu] 2
+Azure Blob
+.RS 2
+.IP \[bu] 2
+Implement \f[C]OpenChunkWriter\f[R] and multi-thread uploads (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix creation of directory markers (Nick Craig-Wood)
+.IP \[bu] 2
+Fix purging with directory markers (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+B2
+.RS 2
+.IP \[bu] 2
+Implement \f[C]OpenChunkWriter\f[R] and multi-thread uploads (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix rclone link when object path contains special characters (Alishan
+Ladhani)
+.RE
+.IP \[bu] 2
+Box
+.RS 2
+.IP \[bu] 2
+Add polling support (David Sze)
+.IP \[bu] 2
+Add \f[C]--box-impersonate\f[R] to impersonate a user ID (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix unhelpful decoding of error messages into decimal numbers (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+Chunker
+.RS 2
+.IP \[bu] 2
+Update documentation to mention issue with small files (Ricardo D\[aq]O.
+Albanus)
+.RE
+.IP \[bu] 2
+Compress
+.RS 2
+.IP \[bu] 2
+Fix ChangeNotify (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Drive
+.RS 2
+.IP \[bu] 2
+Add \f[C]--drive-fast-list-bug-fix\f[R] to control ListR bug workaround
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Fichier
+.RS 2
+.IP \[bu] 2
+Implement \f[C]DirMove\f[R] (Nick Craig-Wood)
+.IP \[bu] 2
+Fix error code parsing (alexia)
+.RE
+.IP \[bu] 2
+FTP
+.RS 2
+.IP \[bu] 2
+Add socks_proxy support for SOCKS5 proxies (Zach)
+.IP \[bu] 2
+Fix 425 \[dq]TLS session of data connection not resumed\[dq] errors
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Hdfs
+.RS 2
+.IP \[bu] 2
+Retry \[dq]replication in progress\[dq] errors when uploading (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix uploading to the wrong object on Update with overridden remote name
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+HTTP
+.RS 2
+.IP \[bu] 2
+CORS should not be sent if not set (yuudi)
+.IP \[bu] 2
+Fix webdav OPTIONS response (yuudi)
+.RE
+.IP \[bu] 2
+Opendrive
+.RS 2
+.IP \[bu] 2
+Fix List on a just deleted and remade directory (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Oracleobjectstorage
+.RS 2
+.IP \[bu] 2
+Use rclone\[aq]s rate limiter in multipart transfers (Manoj Ghosh)
+.IP \[bu] 2
+Implement \f[C]OpenChunkWriter\f[R] and multi-thread uploads (Manoj
+Ghosh)
+.RE
+.IP \[bu] 2
+S3
+.RS 2
+.IP \[bu] 2
+Refactor multipart upload to use \f[C]OpenChunkWriter\f[R] and
+\f[C]ChunkWriter\f[R] (Vitor Gomes)
+.IP \[bu] 2
+Factor generic multipart upload into \f[C]lib/multipart\f[R] (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix purging of root directory with \f[C]--s3-directory-markers\f[R]
+(Nick Craig-Wood)
+.IP \[bu] 2
+Add \f[C]rclone backend set\f[R] command to update the running config
+(Nick Craig-Wood)
+.IP \[bu] 2
+Add \f[C]rclone backend restore-status\f[R] command (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+SFTP
+.RS 2
+.IP \[bu] 2
+Stop uploads re-using the same ssh connection to improve performance
+(Nick Craig-Wood)
+.IP \[bu] 2
+Add \f[C]--sftp-ssh\f[R] to specify an external ssh binary to use (Nick
+Craig-Wood)
+.IP \[bu] 2
+Add socks_proxy support for SOCKS5 proxies (Zach)
+.IP \[bu] 2
+Support dynamic \f[C]--sftp-path-override\f[R] (nielash)
+.IP \[bu] 2
+Fix spurious warning when using \f[C]--sftp-ssh\f[R] (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Smb
+.RS 2
+.IP \[bu] 2
+Implement multi-threaded writes for copies to smb (Edwin Mackenzie-Owen)
+.RE
+.IP \[bu] 2
+Storj
+.RS 2
+.IP \[bu] 2
+Performance improvement for large file uploads (Kaloyan Raev)
+.RE
+.IP \[bu] 2
+Swift
+.RS 2
+.IP \[bu] 2
+Fix HEADing 0-length objects when \f[C]--swift-no-large-objects\f[R] set
+(Julian Lepinski)
+.RE
+.IP \[bu] 2
+Union
+.RS 2
+.IP \[bu] 2
+Add \f[C]:writback\f[R] to act as a simple cache (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+WebDAV
+.RS 2
+.IP \[bu] 2
+Nextcloud: fix segment violation in low-level retry (Paul)
+.RE
+.IP \[bu] 2
+Zoho
+.RS 2
+.IP \[bu] 2
+Remove Range requests workarounds to fix integration tests (Nick
+Craig-Wood)
+.RE
+.SS v1.63.1 - 2023-07-17
 .PP
-Translate symlinks to/from regular files with a \[aq].rclonelink\[aq]
-extension.
+See commits (https://github.com/rclone/rclone/compare/v1.63.0...v1.63.1)
+.IP \[bu] 2
+Bug Fixes
+.RS 2
+.IP \[bu] 2
+build: Fix macos builds for versions < 12 (Anagh Kumar Baranwal)
+.IP \[bu] 2
+dirtree: Fix performance with large directories of directories and
+\f[C]--fast-list\f[R] (Nick Craig-Wood)
+.IP \[bu] 2
+operations
+.RS 2
+.IP \[bu] 2
+Fix deadlock when using \f[C]lsd\f[R]/\f[C]ls\f[R] with
+\f[C]--progress\f[R] (Nick Craig-Wood)
+.IP \[bu] 2
+Fix \f[C].rclonelink\f[R] files not being converted back to symlinks
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+doc fixes (Dean Attali, Mahad, Nick Craig-Wood, Sawada Tsunayoshi,
+Vladislav Vorobev)
+.RE
+.IP \[bu] 2
+Local
+.RS 2
+.IP \[bu] 2
+Fix partial directory read for corrupted filesystem (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Box
+.RS 2
+.IP \[bu] 2
+Fix reconnect failing with HTTP 400 Bad Request (albertony)
+.RE
+.IP \[bu] 2
+Smb
+.RS 2
+.IP \[bu] 2
+Fix \[dq]Statfs failed: bucket or container name is needed\[dq] when
+mounting (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+WebDAV
+.RS 2
+.IP \[bu] 2
+Nextcloud: fix must use /dav/files/USER endpoint not /webdav error
+(Paul)
+.IP \[bu] 2
+Nextcloud chunking: add more guidance for the user to check the config
+(darix)
+.RE
+.SS v1.63.0 - 2023-06-30
 .PP
-Properties:
+See commits (https://github.com/rclone/rclone/compare/v1.62.0...v1.63.0)
 .IP \[bu] 2
-Config: links
+New backends
+.RS 2
+.IP \[bu] 2
+Pikpak (https://rclone.org/pikpak/) (wiserain)
+.IP \[bu] 2
+New S3 providers
+.RS 2
+.IP \[bu] 2
+petabox.io (https://rclone.org/s3/#petabox) (Andrei Smirnov)
+.IP \[bu] 2
+Google Cloud Storage (https://rclone.org/s3/#google-cloud-storage)
+(Anthony Pessy)
+.RE
+.IP \[bu] 2
+New WebDAV providers
+.RS 2
+.IP \[bu] 2
+Fastmail (https://rclone.org/webdav/#fastmail-files) (Arnavion)
+.RE
+.RE
+.IP \[bu] 2
+Major changes
+.RS 2
+.IP \[bu] 2
+Files will be copied to a temporary name ending in \f[C].partial\f[R]
+when copying to \f[C]local\f[R],\f[C]ftp\f[R],\f[C]sftp\f[R] then
+renamed at the end of the transfer.
+(Janne Hellsten, Nick Craig-Wood)
+.RS 2
+.IP \[bu] 2
+This helps with data integrity as we don\[aq]t delete the existing file
+until the new one is complete.
+.IP \[bu] 2
+It can be disabled with the --inplace (https://rclone.org/docs/#inplace)
+flag.
+.IP \[bu] 2
+This behaviour will also happen if the backend is wrapped, for example
+\f[C]sftp\f[R] wrapped with \f[C]crypt\f[R].
+.RE
+.IP \[bu] 2
+The s3 (https://rclone.org/s3/#s3-directory-markers), azureblob and gcs
+backends now support directory markers so empty directories are
+supported (J\[u0101]nis Bebr\[u012B]tis, Nick Craig-Wood)
+.IP \[bu] 2
+The --default-time (https://rclone.org/docs/#default-time-time) flag now
+controls the unknown modification time of files/dirs (Nick Craig-Wood)
+.RS 2
+.IP \[bu] 2
+If a file or directory does not have a modification time rclone can read
+then rclone will display this fixed time instead.
+.IP \[bu] 2
+For the old behaviour use \f[C]--default-time 0s\f[R] which will set
+this time to the time rclone started up.
+.RE
+.RE
+.IP \[bu] 2
+New Features
+.RS 2
+.IP \[bu] 2
+build
+.RS 2
+.IP \[bu] 2
+Modernise linters in use and fixup all affected code (albertony)
+.IP \[bu] 2
+Push docker beta to GHCR (GitHub container registry) (Richard Tweed)
+.RE
+.IP \[bu] 2
+cat: Add \f[C]--separator\f[R] option to cat command (Loren Gordon)
+.IP \[bu] 2
+config
+.RS 2
+.IP \[bu] 2
+Do not remove/overwrite other files during config file save (albertony)
+.IP \[bu] 2
+Do not overwrite config file symbolic link (albertony)
+.IP \[bu] 2
+Stop \f[C]config create\f[R] making invalid config files (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+doc updates (Adam K, Aditya Basu, albertony, asdffdsazqqq, Damo,
+danielkrajnik, Dimitri Papadopoulos, dlitster, Drew Parsons, jumbi77,
+kapitainsky, mac-15, Mariusz Suchodolski, Nick Craig-Wood, NickIAm,
+Rintze Zelle, Stanislav Gromov, Tareq Sharafy, URenko, yuudi, Zach Kipp)
+.IP \[bu] 2
+fs
+.RS 2
+.IP \[bu] 2
+Add \f[C]size\f[R] to JSON logs when moving or copying an object (Nick
+Craig-Wood)
+.IP \[bu] 2
+Allow boolean features to be enabled with \f[C]--disable !Feature\f[R]
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+genautocomplete: Rename to \f[C]completion\f[R] with alias to the old
+name (Nick Craig-Wood)
+.IP \[bu] 2
+librclone: Added example on using \f[C]librclone\f[R] with Go (alankrit)
+.IP \[bu] 2
+lsjson: Make \f[C]--stat\f[R] more efficient (Nick Craig-Wood)
+.IP \[bu] 2
+operations
+.RS 2
+.IP \[bu] 2
+Implement \f[C]--multi-thread-write-buffer-size\f[R] for speed
+improvements on downloads (Paulo Schreiner)
+.IP \[bu] 2
+Reopen downloads on error when using \f[C]check --download\f[R] and
+\f[C]cat\f[R] (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+rc: \f[C]config/listremotes\f[R] includes remotes defined with
+environment variables (kapitainsky)
+.IP \[bu] 2
+selfupdate: Obey \f[C]--no-check-certificate\f[R] flag (Nick Craig-Wood)
+.IP \[bu] 2
+serve restic: Trigger systemd notify (Shyim)
+.IP \[bu] 2
+serve webdav: Implement owncloud checksum and modtime extensions
+(WeidiDeng)
+.IP \[bu] 2
+sync: \f[C]--suffix-keep-extension\f[R] preserve 2 part extensions like
+\&.tar.gz (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Bug Fixes
+.RS 2
+.IP \[bu] 2
+accounting
+.RS 2
+.IP \[bu] 2
+Fix Prometheus metrics to be the same as \f[C]core/stats\f[R] (Nick
+Craig-Wood)
+.IP \[bu] 2
+Bwlimit signal handler should always start (Sam Lai)
+.RE
+.IP \[bu] 2
+bisync: Fix \f[C]maxDelete\f[R] parameter being ignored via the rc (Nick
+Craig-Wood)
+.IP \[bu] 2
+cmd/ncdu: Fix screen corruption when logging (eNV25)
+.IP \[bu] 2
+filter: Fix deadlock with errors on \f[C]--files-from\f[R] (douchen)
+.IP \[bu] 2
+fs
+.RS 2
+.IP \[bu] 2
+Fix interaction between \f[C]--progress\f[R] and \f[C]--interactive\f[R]
+(Nick Craig-Wood)
+.IP \[bu] 2
+Fix infinite recursive call in pacer ModifyCalculator (fixes issue
+reported by the staticcheck linter) (albertony)
+.RE
+.IP \[bu] 2
+lib/atexit: Ensure OnError only calls cancel function once (Nick
+Craig-Wood)
+.IP \[bu] 2
+lib/rest: Fix problems re-using HTTP connections (Nick Craig-Wood)
+.IP \[bu] 2
+rc
+.RS 2
+.IP \[bu] 2
+Fix \f[C]operations/stat\f[R] with trailing \f[C]/\f[R] (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix missing \f[C]--rc\f[R] flags (Nick Craig-Wood)
+.IP \[bu] 2
+Fix output of Time values in \f[C]options/get\f[R] (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+serve dlna: Fix potential data race (Nick Craig-Wood)
+.IP \[bu] 2
+version: Fix reported os/kernel version for windows (albertony)
+.RE
+.IP \[bu] 2
+Mount
+.RS 2
+.IP \[bu] 2
+Add \f[C]--mount-case-insensitive\f[R] to force the mount to be case
+insensitive (Nick Craig-Wood)
+.IP \[bu] 2
+Removed unnecessary byte slice allocation for reads (Anagh Kumar
+Baranwal)
+.IP \[bu] 2
+Clarify rclone mount error when installed via homebrew (Nick Craig-Wood)
+.IP \[bu] 2
+Added _netdev to the example mount so it gets treated as a remote-fs
+rather than local-fs (Anagh Kumar Baranwal)
+.RE
+.IP \[bu] 2
+Mount2
+.RS 2
+.IP \[bu] 2
+Updated go-fuse version (Anagh Kumar Baranwal)
+.IP \[bu] 2
+Fixed statfs (Anagh Kumar Baranwal)
+.IP \[bu] 2
+Disable xattrs (Anagh Kumar Baranwal)
+.RE
+.IP \[bu] 2
+VFS
+.RS 2
+.IP \[bu] 2
+Add MkdirAll function to make a directory and all beneath (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix reload: failed to add virtual dir entry: file does not exist (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix writing to a read only directory creating spurious directory entries
+(WeidiDeng)
+.IP \[bu] 2
+Fix potential data race (Nick Craig-Wood)
+.IP \[bu] 2
+Fix backends being Shutdown too early when startup takes a long time
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Local
+.RS 2
+.IP \[bu] 2
+Fix filtering of symlinks with \f[C]-l\f[R]/\f[C]--links\f[R] flag (Nick
+Craig-Wood)
+.IP \[bu] 2
+Fix /path/to/file.rclonelink when \f[C]-l\f[R]/\f[C]--links\f[R] is in
+use (Nick Craig-Wood)
+.IP \[bu] 2
+Fix crash with \f[C]--metadata\f[R] on Android (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Cache
+.RS 2
+.IP \[bu] 2
+Fix backends shutting down when in use when used via the rc (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+Crypt
+.RS 2
+.IP \[bu] 2
+Add \f[C]--crypt-suffix\f[R] option to set a custom suffix for encrypted
+files (jladbrook)
+.IP \[bu] 2
+Add \f[C]--crypt-pass-bad-blocks\f[R] to allow corrupted file output
+(Nick Craig-Wood)
+.IP \[bu] 2
+Fix reading 0 length files (Nick Craig-Wood)
+.IP \[bu] 2
+Try not to return \[dq]unexpected EOF\[dq] error (Nick Craig-Wood)
+.IP \[bu] 2
+Reduce allocations (albertony)
+.IP \[bu] 2
+Recommend Dropbox for \f[C]base32768\f[R] encoding (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Azure Blob
+.RS 2
+.IP \[bu] 2
+Empty directory markers (Nick Craig-Wood)
+.IP \[bu] 2
+Support azure workload identities (Tareq Sharafy)
+.IP \[bu] 2
+Fix azure blob uploads with multiple bits of metadata (Nick Craig-Wood)
+.IP \[bu] 2
+Fix azurite compatibility by sending nil tier if set to empty string
+(Roel Arents)
+.RE
+.IP \[bu] 2
+Combine
+.RS 2
+.IP \[bu] 2
+Implement missing methods (Nick Craig-Wood)
+.IP \[bu] 2
+Fix goroutine stack overflow on bad object (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Drive
+.RS 2
+.IP \[bu] 2
+Add \f[C]--drive-env-auth\f[R] to get IAM credentials from runtime
+(Peter Brunner)
+.IP \[bu] 2
+Update drive service account guide (Juang, Yi-Lin)
+.IP \[bu] 2
+Fix change notify picking up files outside the root (Nick Craig-Wood)
+.IP \[bu] 2
+Fix trailing slash mis-identificaton of folder as file (Nick Craig-Wood)
+.IP \[bu] 2
+Fix incorrect remote after Update on object (Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Dropbox
+.RS 2
+.IP \[bu] 2
+Implement \f[C]--dropbox-pacer-min-sleep\f[R] flag (Nick Craig-Wood)
+.IP \[bu] 2
+Fix the dropbox batcher stalling (Misty)
+.RE
+.IP \[bu] 2
+Fichier
+.RS 2
+.IP \[bu] 2
+Add \f[C]--ficicher-cdn\f[R] option to use the CDN for download (Nick
+Craig-Wood)
+.RE
+.IP \[bu] 2
+FTP
+.RS 2
+.IP \[bu] 2
+Lower log message priority when \f[C]SetModTime\f[R] is not supported to
+debug (Tobias Gion)
+.IP \[bu] 2
+Fix \[dq]unsupported LIST line\[dq] errors on startup (Nick Craig-Wood)
+.IP \[bu] 2
+Fix \[dq]501 Not a valid pathname.\[dq] errors when creating directories
+(Nick Craig-Wood)
+.RE
+.IP \[bu] 2
+Google Cloud Storage
+.RS 2
+.IP \[bu] 2
+Empty directory markers (J\[u0101]nis Bebr\[u012B]tis, Nick Craig-Wood)
+.IP \[bu] 2
+Added \f[C]--gcs-user-project\f[R] needed for requester pays
+(Christopher Merry)
+.RE
+.IP \[bu] 2
+HTTP
+.RS 2
+.IP \[bu] 2
+Add client certificate user auth middleware.
+This can auth \f[C]serve restic\f[R] from the username in the client
+cert.
+(Peter Fern)
+.RE
+.IP \[bu] 2
+Jottacloud
+.RS 2
+.IP \[bu] 2
+Fix vfs writeback stuck in a failed upload loop with file versioning
+disabled (albertony)
+.RE
+.IP \[bu] 2
+Onedrive
+.RS 2
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_LINKS
+Add \f[C]--onedrive-av-override\f[R] flag to download files flagged as
+virus (Nick Craig-Wood)
 .IP \[bu] 2
-Type: bool
+Fix quickxorhash on 32 bit architectures (Nick Craig-Wood)
 .IP \[bu] 2
-Default: false
-.SS --skip-links
-.PP
-Don\[aq]t warn about skipped symlinks.
-.PP
-This flag disables warning messages on skipped symlinks or junction
-points, as you explicitly acknowledge that they should be skipped.
-.PP
-Properties:
+Report any list errors during \f[C]rclone cleanup\f[R] (albertony)
+.RE
 .IP \[bu] 2
-Config: skip_links
+Putio
+.RS 2
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_SKIP_LINKS
+Fix uploading to the wrong object on Update with overridden remote name
+(Nick Craig-Wood)
 .IP \[bu] 2
-Type: bool
+Fix modification times not being preserved for server side copy and move
+(Nick Craig-Wood)
 .IP \[bu] 2
-Default: false
-.SS --local-zero-size-links
-.PP
-Assume the Stat size of links is zero (and read them instead)
-(deprecated).
-.PP
-Rclone used to use the Stat size of links as the link size, but this
-fails in quite a few places:
+Fix server side copy failures (400 errors) (Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Windows
+S3
+.RS 2
 .IP \[bu] 2
-On some virtual filesystems (such ash LucidLink)
+Empty directory markers (J\[u0101]nis Bebr\[u012B]tis, Nick Craig-Wood)
 .IP \[bu] 2
-Android
-.PP
-So rclone now always reads the link.
-.PP
-Properties:
+Update Scaleway storage classes (Brian Starkey)
 .IP \[bu] 2
-Config: zero_size_links
+Fix \f[C]--s3-versions\f[R] on individual objects (Nick Craig-Wood)
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_ZERO_SIZE_LINKS
+Fix hang on aborting multipart upload with iDrive e2 (Nick Craig-Wood)
 .IP \[bu] 2
-Type: bool
+Fix missing \[dq]tier\[dq] metadata (Nick Craig-Wood)
 .IP \[bu] 2
-Default: false
-.SS --local-unicode-normalization
-.PP
-Apply unicode NFC normalization to paths and filenames.
-.PP
-This flag can be used to normalize file names into unicode NFC form that
-are read from the local filesystem.
-.PP
-Rclone does not normally touch the encoding of file names it reads from
-the file system.
-.PP
-This can be useful when using macOS as it normally provides decomposed
-(NFD) unicode which in some language (eg Korean) doesn\[aq]t display
-properly on some OSes.
-.PP
-Note that rclone compares filenames with unicode normalization in the
-sync routine so this flag shouldn\[aq]t normally be used.
-.PP
-Properties:
+Fix V3sign: add missing subresource delete (cc)
 .IP \[bu] 2
-Config: unicode_normalization
+Fix Arvancloud Domain and region changes and alphabetise the provider
+(Ehsan Tadayon)
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_UNICODE_NORMALIZATION
+Fix Qiniu KODO quirks virtualHostStyle is false (zzq)
+.RE
 .IP \[bu] 2
-Type: bool
+SFTP
+.RS 2
 .IP \[bu] 2
-Default: false
-.SS --local-no-check-updated
-.PP
-Don\[aq]t check to see if the files change during upload.
-.PP
-Normally rclone checks the size and modification time of files as they
-are being uploaded and aborts with a message which starts \[dq]can\[aq]t
-copy - source file is being updated\[dq] if the file changes during
-upload.
-.PP
-However on some file systems this modification time check may fail (e.g.
-Glusterfs #2206 (https://github.com/rclone/rclone/issues/2206)) so this
-check can be disabled with this flag.
-.PP
-If this flag is set, rclone will use its best efforts to transfer a file
-which is being updated.
-If the file is only having things appended to it (e.g.
-a log) then rclone will transfer the log file with the size it had the
-first time rclone saw it.
-.PP
-If the file is being modified throughout (not just appended to) then the
-transfer may fail with a hash check failure.
-.PP
-In detail, once the file has had stat() called on it for the first time
-we:
+Add \f[C]--sftp-host-key-algorithms\f[R] to allow specifying SSH host
+key algorithms (Joel)
 .IP \[bu] 2
-Only transfer the size that stat gave
+Fix using \f[C]--sftp-key-use-agent\f[R] and \f[C]--sftp-key-file\f[R]
+together needing private key file (Arnav Singh)
 .IP \[bu] 2
-Only checksum the size that stat gave
+Fix move to allow overwriting existing files (Nick Craig-Wood)
 .IP \[bu] 2
-Don\[aq]t update the stat info for the file
-.PP
-Properties:
+Don\[aq]t stat directories before listing them (Nick Craig-Wood)
 .IP \[bu] 2
-Config: no_check_updated
+Don\[aq]t check remote points to a file if it ends with / (Nick
+Craig-Wood)
+.RE
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_NO_CHECK_UPDATED
+Sharefile
+.RS 2
 .IP \[bu] 2
-Type: bool
+Disable streamed transfers as they no longer work (Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Default: false
-.SS --one-file-system / -x
-.PP
-Don\[aq]t cross filesystem boundaries (unix/macOS only).
-.PP
-Properties:
+Smb
+.RS 2
 .IP \[bu] 2
-Config: one_file_system
+Code cleanup to avoid overwriting ctx before first use (fixes issue
+reported by the staticcheck linter) (albertony)
+.RE
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_ONE_FILE_SYSTEM
+Storj
+.RS 2
 .IP \[bu] 2
-Type: bool
+Fix \[dq]uplink: too many requests\[dq] errors when uploading to the
+same file (Nick Craig-Wood)
 .IP \[bu] 2
-Default: false
-.SS --local-case-sensitive
-.PP
-Force the filesystem to report itself as case sensitive.
-.PP
-Normally the local backend declares itself as case insensitive on
-Windows/macOS and case sensitive for everything else.
-Use this flag to override the default choice.
-.PP
-Properties:
+Fix uploading to the wrong object on Update with overridden remote name
+(Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Config: case_sensitive
+Swift
+.RS 2
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_CASE_SENSITIVE
+Ignore 404 error when deleting an object (Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Type: bool
+Union
+.RS 2
 .IP \[bu] 2
-Default: false
-.SS --local-case-insensitive
-.PP
-Force the filesystem to report itself as case insensitive.
-.PP
-Normally the local backend declares itself as case insensitive on
-Windows/macOS and case sensitive for everything else.
-Use this flag to override the default choice.
-.PP
-Properties:
+Implement missing methods (Nick Craig-Wood)
 .IP \[bu] 2
-Config: case_insensitive
+Allow errors to be unwrapped for inspection (Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_CASE_INSENSITIVE
+Uptobox
+.RS 2
 .IP \[bu] 2
-Type: bool
+Add \f[C]--uptobox-private\f[R] flag to make all uploaded files private
+(Nick Craig-Wood)
 .IP \[bu] 2
-Default: false
-.SS --local-no-preallocate
-.PP
-Disable preallocation of disk space for transferred files.
-.PP
-Preallocation of disk space helps prevent filesystem fragmentation.
-However, some virtual filesystem layers (such as Google Drive File
-Stream) may incorrectly set the actual file size equal to the
-preallocated space, causing checksum and file size checks to fail.
-Use this flag to disable preallocation.
-.PP
-Properties:
+Fix improper regex (Aaron Gokaslan)
 .IP \[bu] 2
-Config: no_preallocate
+Fix Update returning the wrong object (Nick Craig-Wood)
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_NO_PREALLOCATE
+Fix rmdir declaring that directories weren\[aq]t empty (Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Type: bool
+WebDAV
+.RS 2
 .IP \[bu] 2
-Default: false
-.SS --local-no-sparse
-.PP
-Disable sparse files for multi-thread downloads.
-.PP
-On Windows platforms rclone will make sparse files when doing
-multi-thread downloads.
-This avoids long pauses on large files where the OS zeros the file.
-However sparse files may be undesirable as they cause disk fragmentation
-and can be slow to work with.
-.PP
-Properties:
+nextcloud: Add support for chunked uploads (Paul)
 .IP \[bu] 2
-Config: no_sparse
+Set modtime using propset for owncloud and nextcloud (WeidiDeng)
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_NO_SPARSE
+Make pacer minSleep configurable with \f[C]--webdav-pacer-min-sleep\f[R]
+(ed)
 .IP \[bu] 2
-Type: bool
+Fix server side copy/move not overwriting (WeidiDeng)
 .IP \[bu] 2
-Default: false
-.SS --local-no-set-modtime
-.PP
-Disable setting modtime.
-.PP
-Normally rclone updates modification time of files after they are done
-uploading.
-This can cause permissions issues on Linux platforms when the user
-rclone is running as does not own the file uploaded, such as when
-copying to a CIFS mount owned by another user.
-If this option is enabled, rclone will no longer update the modtime
-after copying a file.
-.PP
-Properties:
+Fix modtime on server side copy for owncloud and nextcloud (Nick
+Craig-Wood)
+.RE
 .IP \[bu] 2
-Config: no_set_modtime
+Yandex
+.RS 2
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_NO_SET_MODTIME
+Fix 400 Bad Request on transfer failure (Nick Craig-Wood)
+.RE
 .IP \[bu] 2
-Type: bool
+Zoho
+.RS 2
 .IP \[bu] 2
-Default: false
-.SS --local-encoding
-.PP
-The encoding for the backend.
-.PP
-See the encoding section in the
-overview (https://rclone.org/overview/#encoding) for more info.
+Fix downloads with \f[C]Range:\f[R] header returning the wrong data
+(Nick Craig-Wood)
+.RE
+.SS v1.62.2 - 2023-03-16
 .PP
-Properties:
+See commits (https://github.com/rclone/rclone/compare/v1.62.1...v1.62.2)
 .IP \[bu] 2
-Config: encoding
+Bug Fixes
+.RS 2
 .IP \[bu] 2
-Env Var: RCLONE_LOCAL_ENCODING
+docker volume plugin: Add missing fuse3 dependency (Nick Craig-Wood)
 .IP \[bu] 2
-Type: MultiEncoder
+docs: Fix size documentation (asdffdsazqqq)
+.RE
 .IP \[bu] 2
-Default: Slash,Dot
-.SS Metadata
-.PP
-Depending on which OS is in use the local backend may return only some
-of the system metadata.
-Setting system metadata is supported on all OSes but setting user
-metadata is only supported on linux, freebsd, netbsd, macOS and Solaris.
-It is \f[B]not\f[R] supported on Windows yet (see
-pkg/attrs#47 (https://github.com/pkg/xattr/issues/47)).
-.PP
-User metadata is stored as extended attributes (which may not be
-supported by all file systems) under the \[dq]user.*\[dq] prefix.
-.PP
-Here are the possible system metadata items for the local backend.
-.PP
-.TS
-tab(@);
-lw(11.1n) lw(11.1n) lw(11.1n) lw(16.6n) lw(20.3n).
-T{
-Name
-T}@T{
-Help
-T}@T{
-Type
-T}@T{
-Example
-T}@T{
-Read Only
-T}
-_
-T{
-atime
-T}@T{
-Time of last access
-T}@T{
-RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z07:00
-T}@T{
-N
-T}
-T{
-btime
-T}@T{
-Time of file birth (creation)
-T}@T{
-RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z07:00
-T}@T{
-N
-T}
-T{
-gid
-T}@T{
-Group ID of owner
-T}@T{
-decimal number
-T}@T{
-500
-T}@T{
-N
-T}
-T{
-mode
-T}@T{
-File type and mode
-T}@T{
-octal, unix style
-T}@T{
-0100664
-T}@T{
-N
-T}
-T{
-mtime
-T}@T{
-Time of last modification
-T}@T{
-RFC 3339
-T}@T{
-2006-01-02T15:04:05.999999999Z07:00
-T}@T{
-N
-T}
-T{
-rdev
-T}@T{
-Device ID (if special file)
-T}@T{
-hexadecimal
-T}@T{
-1abc
-T}@T{
-N
-T}
-T{
-uid
-T}@T{
-User ID of owner
-T}@T{
-decimal number
-T}@T{
-500
-T}@T{
-N
-T}
-.TE
-.PP
-See the metadata (https://rclone.org/docs/#metadata) docs for more info.
-.SS Backend commands
-.PP
-Here are the commands specific to the local backend.
-.PP
-Run them with
-.IP
-.nf
-\f[C]
-rclone backend COMMAND remote:
-\f[R]
-.fi
-.PP
-The help below will explain what arguments each command takes.
-.PP
-See the backend (https://rclone.org/commands/rclone_backend/) command
-for more info on how to pass options and arguments.
-.PP
-These can be run on a running backend using the rc command
-backend/command (https://rclone.org/rc/#backend-command).
-.SS noop
-.PP
-A null operation for testing backend commands
-.IP
-.nf
-\f[C]
-rclone backend noop remote: [options] [<arguments>+]
-\f[R]
-.fi
-.PP
-This is a test command which has some options you can try to change the
-output.
+FTP
+.RS 2
+.IP \[bu] 2
+Fix 426 errors on downloads with vsftpd (Lesmiscore)
+.RE
+.SS v1.62.1 - 2023-03-15
 .PP
-Options:
+See commits (https://github.com/rclone/rclone/compare/v1.62.0...v1.62.1)
 .IP \[bu] 2
-\[dq]echo\[dq]: echo the input arguments
+Bug Fixes
+.RS 2
 .IP \[bu] 2
-\[dq]error\[dq]: return an error based on option value
-.SH Changelog
+docker: Add missing fuse3 dependency (cycneuramus)
+.IP \[bu] 2
+build: Update release docs to be more careful with the tag (Nick
+Craig-Wood)
+.IP \[bu] 2
+build: Set Github release to draft while uploading binaries (Nick
+Craig-Wood)
+.RE
 .SS v1.62.0 - 2023-03-14
 .PP
 See commits (https://github.com/rclone/rclone/compare/v1.61.0...v1.62.0)
@@ -63476,9 +65719,9 @@ Crypt
 Calculate hashes for uploads from local disk (Nick Craig-Wood)
 .RS 2
 .IP \[bu] 2
-This allows crypted Jottacloud uploads without using local disk
+This allows encrypted Jottacloud uploads without using local disk
 .IP \[bu] 2
-This means crypted s3/b2 uploads will now have hashes
+This means encrypted s3/b2 uploads will now have hashes
 .RE
 .IP \[bu] 2
 Added \f[C]rclone backend decode\f[R]/\f[C]encode\f[R] commands to
@@ -66766,7 +69009,7 @@ Fix root folder caching (Remus Bunduc)
 Crypt
 .RS 2
 .IP \[bu] 2
-Check the crypted hash of files when uploading for extra data security
+Check the encrypted hash of files when uploading for extra data security
 .RE
 .IP \[bu] 2
 Dropbox
@@ -67704,7 +69947,7 @@ New commands
 .IP \[bu] 2
 \f[C]tree\f[R] - shows a nicely formatted recursive listing
 .IP \[bu] 2
-\f[C]cryptdecode\f[R] - decode crypted file names (thanks ishuah)
+\f[C]cryptdecode\f[R] - decode encrypted file names (thanks ishuah)
 .IP \[bu] 2
 \f[C]config show\f[R] - print the config file
 .IP \[bu] 2
@@ -67771,7 +70014,7 @@ Wang)
 Mount
 .RS 2
 .IP \[bu] 2
-Re-use \f[C]rcat\f[R] internals to support uploads from all remotes
+Reuse \f[C]rcat\f[R] internals to support uploads from all remotes
 .RE
 .IP \[bu] 2
 Dropbox
@@ -68464,7 +70707,7 @@ Delete src files which already existed in dst
 Fix deletion of src file when dst file older
 .RE
 .IP \[bu] 2
-Fix \f[C]rclone check\f[R] on crypted file systems
+Fix \f[C]rclone check\f[R] on encrypted file systems
 .IP \[bu] 2
 Make failed uploads not count as \[dq]Transferred\[dq]
 .IP \[bu] 2
@@ -69884,11 +72127,37 @@ ensure it is at version 233 or higher.
 Previous releases contain a bug which causes not all domains to be
 resolved properly.
 .PP
-Additionally with the \f[C]GODEBUG=netdns=\f[R] environment variable the
-Go resolver decision can be influenced.
+The Go resolver decision can be influenced with the
+\f[C]GODEBUG=netdns=...\f[R] environment variable.
 This also allows to resolve certain issues with DNS resolution.
+On Windows or MacOS systems, try forcing use of the internal Go resolver
+by setting \f[C]GODEBUG=netdns=go\f[R] at runtime.
+On other systems (Linux, *BSD, etc) try forcing use of the system name
+resolver by setting \f[C]GODEBUG=netdns=cgo\f[R] (and recompile rclone
+from source with CGO enabled if necessary).
 See the name resolution section in the go
 docs (https://golang.org/pkg/net/#hdr-Name_Resolution).
+.SS Failed to start auth webserver on Windows
+.IP
+.nf
+\f[C]
+Error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+\&...
+yyyy/mm/dd hh:mm:ss Fatal error: config failed to refresh token: failed to start auth webserver: listen tcp 127.0.0.1:53682: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
+\f[R]
+.fi
+.PP
+This is sometimes caused by the Host Network Service causing issues with
+opening the port on the host.
+.PP
+A simple solution may be restarting the Host Network Service with eg.
+Powershell
+.IP
+.nf
+\f[C]
+Restart-Service hns
+\f[R]
+.fi
 .SS The total size reported in the stats for a sync is wrong and keeps changing
 .PP
 It is likely you have more than 10,000 files that need to be synced.
@@ -69968,7 +72237,7 @@ Nick Craig-Wood <nick@craig-wood.com>
 .SS Contributors
 .PP
 {{< rem
-\f[C]email addresses removed from here need to be addeed to bin/.ignore-emails to make sure update-authors.py doesn\[aq]t immediately put them back in again.\f[R]
+\f[C]email addresses removed from here need to be added to bin/.ignore-emails to make sure update-authors.py doesn\[aq]t immediately put them back in again.\f[R]
 >}}
 .IP \[bu] 2
 Alex Couper <amcouper@gmail.com>
@@ -71005,7 +73274,7 @@ Jonta <359397+Jonta@users.noreply.github.com>
 .IP \[bu] 2
 YenForYang <YenForYang@users.noreply.github.com>
 .IP \[bu] 2
-Joda St\[:o]\[ss]er <stoesser@yay-digital.de> <services+github@simjo.st>
+SimJoSt / Joda St\[:o]\[ss]er <git@simjo.st>
 .IP \[bu] 2
 Logeshwaran <waranlogesh@gmail.com>
 .IP \[bu] 2
@@ -71035,8 +73304,6 @@ Felix Bu\[u0308]nemann <felix.buenemann@gmail.com>
 .IP \[bu] 2
 At\['i]lio Ant\[^o]nio <atiliodadalto@hotmail.com>
 .IP \[bu] 2
-Roberto Ricci <ricci@disroot.org>
-.IP \[bu] 2
 Carlo Mion <mion00@gmail.com>
 .IP \[bu] 2
 Chris Lu <chris.lu@gmail.com>
@@ -71127,7 +73394,7 @@ Zsolt Ero <zsolt.ero@gmail.com>
 .IP \[bu] 2
 Lesmiscore <nao20010128@gmail.com>
 .IP \[bu] 2
-ehsantdy <ehsan.tadayon@arvancloud.com>
+ehsantdy <ehsan.tadayon@arvancloud.com> <ehsantadayon85@gmail.com>
 .IP \[bu] 2
 SwazRGB <65694696+swazrgb@users.noreply.github.com>
 .IP \[bu] 2
@@ -71147,6 +73414,8 @@ Erik van Velzen <erik@evanv.nl>
 .IP \[bu] 2
 Derek Battams <derek@battams.ca>
 .IP \[bu] 2
+Paul <devnoname120@gmail.com>
+.IP \[bu] 2
 SimonLiu <simonliu009@users.noreply.github.com>
 .IP \[bu] 2
 Hugo Laloge <hla@lescompanions.com>
@@ -71345,12 +73614,240 @@ Peter Brunner <peter@psykhe.com>
 Leandro Sacchet <leandro.sacchet@animati.com.br>
 .IP \[bu] 2
 dependabot[bot] <49699333+dependabot[bot]\[at]users.noreply.github.com>
+.IP \[bu] 2
+cycneuramus <56681631+cycneuramus@users.noreply.github.com>
+.IP \[bu] 2
+Arnavion <me@arnavion.dev>
+.IP \[bu] 2
+Christopher Merry <christopher.merry@mlb.com>
+.IP \[bu] 2
+Thibault Coupin <thibault.coupin@gmail.com>
+.IP \[bu] 2
+Richard Tweed <RichardoC@users.noreply.github.com>
+.IP \[bu] 2
+Zach Kipp <Zacho2@users.noreply.github.com>
+.IP \[bu] 2
+yuudi <26199752+yuudi@users.noreply.github.com>
+.IP \[bu] 2
+NickIAm <NickIAm@users.noreply.github.com>
+.IP \[bu] 2
+Juang, Yi-Lin <frankyjuang@gmail.com>
+.IP \[bu] 2
+jumbi77 <jumbi77@users.noreply.github.com>
+.IP \[bu] 2
+Aditya Basu <ab.aditya.basu@gmail.com>
+.IP \[bu] 2
+ed <s@ocv.me>
+.IP \[bu] 2
+Drew Parsons <dparsons@emerall.com>
+.IP \[bu] 2
+Joel <joelnb@users.noreply.github.com>
+.IP \[bu] 2
+wiserain <mail275@gmail.com>
+.IP \[bu] 2
+Roel Arents <roel.arents@kadaster.nl>
+.IP \[bu] 2
+Shyim <github@shyim.de>
+.IP \[bu] 2
+Rintze Zelle <78232505+rzelle-lallemand@users.noreply.github.com>
+.IP \[bu] 2
+Damo <damoclark@users.noreply.github.com>
+.IP \[bu] 2
+WeidiDeng <weidi_deng@icloud.com>
+.IP \[bu] 2
+Brian Starkey <stark3y@gmail.com>
+.IP \[bu] 2
+jladbrook <jhladbrook@gmail.com>
+.IP \[bu] 2
+Loren Gordon <lorengordon@users.noreply.github.com>
+.IP \[bu] 2
+dlitster <davidlitster@gmail.com>
+.IP \[bu] 2
+Tobias Gion <tobias@gion.io>
+.IP \[bu] 2
+J\[u0101]nis Bebr\[u012B]tis <janis.bebritis@wunder.io>
+.IP \[bu] 2
+Adam K <github.com@ak.tidy.email>
+.IP \[bu] 2
+Andrei Smirnov <smirnov.captain@gmail.com>
+.IP \[bu] 2
+Janne Hellsten <jjhellst@gmail.com>
+.IP \[bu] 2
+cc <12904584+shvc@users.noreply.github.com>
+.IP \[bu] 2
+Tareq Sharafy <tareq.sha@gmail.com>
+.IP \[bu] 2
+kapitainsky <dariuszb@me.com>
+.IP \[bu] 2
+douchen <playgoobug@gmail.com>
+.IP \[bu] 2
+Sam Lai <70988+slai@users.noreply.github.com>
+.IP \[bu] 2
+URenko <18209292+URenko@users.noreply.github.com>
+.IP \[bu] 2
+Stanislav Gromov <kullfar@gmail.com>
+.IP \[bu] 2
+Paulo Schreiner <paulo.schreiner@delivion.de>
+.IP \[bu] 2
+Mariusz Suchodolski <mariusz@suchodol.ski>
+.IP \[bu] 2
+danielkrajnik <dan94kra@gmail.com>
+.IP \[bu] 2
+Peter Fern <github@0xc0dedbad.com>
+.IP \[bu] 2
+zzq <i@zhangzqs.cn>
+.IP \[bu] 2
+mac-15 <usman.ilamdin@phpstudios.com>
+.IP \[bu] 2
+Sawada Tsunayoshi <34431649+TsunayoshiSawada@users.noreply.github.com>
+.IP \[bu] 2
+Dean Attali <daattali@gmail.com>
+.IP \[bu] 2
+Fjodor42 <molgaard@gmail.com>
+.IP \[bu] 2
+BakaWang <wa11579@hotmail.com>
+.IP \[bu] 2
+Mahad <56235065+Mahad-lab@users.noreply.github.com>
+.IP \[bu] 2
+Vladislav Vorobev <x.miere@gmail.com>
+.IP \[bu] 2
+darix <darix@users.noreply.github.com>
+.IP \[bu] 2
+Benjamin <36415086+bbenjamin-sys@users.noreply.github.com>
+.IP \[bu] 2
+Chun-Hung Tseng <henrybear327@users.noreply.github.com>
+.IP \[bu] 2
+Ricardo D\[aq]O.
+Albanus <rdalbanus@users.noreply.github.com>
+.IP \[bu] 2
+gabriel-suela <gscsuela@gmail.com>
+.IP \[bu] 2
+Tiago Boeing <contato@tiagoboeing.com>
+.IP \[bu] 2
+Edwin Mackenzie-Owen <edwin.mowen@gmail.com>
+.IP \[bu] 2
+Niklas Hamb\[:u]chen <mail@nh2.me>
+.IP \[bu] 2
+yuudi <yuudi@users.noreply.github.com>
+.IP \[bu] 2
+Zach <github@prozach.org>
+.IP \[bu] 2
+nielash <31582349+nielash@users.noreply.github.com>
+.IP \[bu] 2
+Julian Lepinski <lepinsk@users.noreply.github.com>
+.IP \[bu] 2
+Raymond Berger <RayBB@users.noreply.github.com>
+.IP \[bu] 2
+Nihaal Sangha <nihaal.git@gmail.com>
+.IP \[bu] 2
+Masamune3210 <1053504+Masamune3210@users.noreply.github.com>
+.IP \[bu] 2
+James Braza <jamesbraza@gmail.com>
+.IP \[bu] 2
+antoinetran <antoinetran@users.noreply.github.com>
+.IP \[bu] 2
+alexia <me@alexia.lol>
+.IP \[bu] 2
+nielash <nielronash@gmail.com>
+.IP \[bu] 2
+Vitor Gomes <vitor.gomes@delivion.de> <mail@vitorgomes.com>
+.IP \[bu] 2
+Jacob Hands <jacob@gogit.io>
+.IP \[bu] 2
+hideo aoyama <100831251+boukendesho@users.noreply.github.com>
+.IP \[bu] 2
+Roberto Ricci <io@r-ricci.it>
+.IP \[bu] 2
+Bj\[/o]rn Smith <bjornsmith@gmail.com>
+.IP \[bu] 2
+Alishan Ladhani <8869764+aladh@users.noreply.github.com>
+.IP \[bu] 2
+zjx20 <zhoujianxiong2@gmail.com>
+.IP \[bu] 2
+Oksana <142890647+oks-maytech@users.noreply.github.com>
+.IP \[bu] 2
+Volodymyr Kit <v.kit@maytech.net>
+.IP \[bu] 2
+David Pedersen <limero@me.com>
+.IP \[bu] 2
+Drew Stinnett <drew@drewlink.com>
+.IP \[bu] 2
+Pat Patterson <pat@backblaze.com>
+.IP \[bu] 2
+Herby Gillot <herby.gillot@gmail.com>
+.IP \[bu] 2
+Nikita Shoshin <shoshin_nikita@fastmail.com>
+.IP \[bu] 2
+rinsuki <428rinsuki+git@gmail.com>
+.IP \[bu] 2
+Beyond Meat <51850644+beyondmeat@users.noreply.github.com>
+.IP \[bu] 2
+Saleh Dindar <salh@fb.com>
+.IP \[bu] 2
+Volodymyr <142890760+vkit-maytech@users.noreply.github.com>
+.IP \[bu] 2
+Gabriel Espinoza <31670639+gspinoza@users.noreply.github.com>
+.IP \[bu] 2
+Keigo Imai <keigo.imai@gmail.com>
+.IP \[bu] 2
+Ivan Yanitra <iyanitra@tesla-consulting.com>
+.IP \[bu] 2
+alfish2000 <alfish2000@gmail.com>
+.IP \[bu] 2
+wuxingzhong <qq330332812@gmail.com>
+.IP \[bu] 2
+Adithya Kumar <akumar42@protonmail.com>
+.IP \[bu] 2
+Tayo-pasedaRJ <138471223+Tayo-pasedaRJ@users.noreply.github.com>
+.IP \[bu] 2
+Peter Kreuser <logo@kreuser.name>
+.IP \[bu] 2
+Piyush
+.IP \[bu] 2
+fotile96 <fotile96@users.noreply.github.com>
+.IP \[bu] 2
+Luc Ritchie <luc.ritchie@gmail.com>
+.IP \[bu] 2
+cynful <cynful@users.noreply.github.com>
+.IP \[bu] 2
+wjielai <wjielai@tencent.com>
+.IP \[bu] 2
+Jack Deng <jackdeng@gmail.com>
+.IP \[bu] 2
+Mikubill <31246794+Mikubill@users.noreply.github.com>
+.IP \[bu] 2
+Artur Neumann <artur@jankaritech.com>
+.IP \[bu] 2
+Saw-jan <saw.jan.grg3e@gmail.com>
+.IP \[bu] 2
+Oksana Zhykina <o.zhykina@maytech.net>
+.IP \[bu] 2
+karan <karan.gupta92@gmail.com>
+.IP \[bu] 2
+viktor <viktor@yakovchuk.net>
+.IP \[bu] 2
+moongdal <moongdal@tutanota.com>
+.IP \[bu] 2
+Mina Gali\['c] <freebsd@igalic.co>
+.IP \[bu] 2
+Alen \[vS]iljak <dev@alensiljak.eu.org>
+.IP \[bu] 2
+\[u4F60]\[u77E5]\[u9053]\[u672A]\[u6765]\[u5417] <rkonfj@gmail.com>
+.IP \[bu] 2
+Abhinav Dhiman <8640877+ahnv@users.noreply.github.com>
 .SH Contact the rclone project
 .SS Forum
 .PP
 Forum for questions and general discussion:
 .IP \[bu] 2
 https://forum.rclone.org
+.SS Business support
+.PP
+For business support or sponsorship enquiries please see:
+.IP \[bu] 2
+https://rclone.com/
+.IP \[bu] 2
+sponsorship\[at]rclone.com
 .SS GitHub repository
 .PP
 The project\[aq]s repository is located at:
@@ -71360,15 +73857,18 @@ https://github.com/rclone/rclone
 There you can file bug reports or contribute with pull requests.
 .SS Twitter
 .PP
-You can also follow me on twitter for rclone announcements:
+You can also follow Nick on twitter for rclone announcements:
 .IP \[bu] 2
 [\[at]njcw](https://twitter.com/njcw)
 .SS Email
 .PP
 Or if all else fails or you want to ask something private or
-confidential email Nick Craig-Wood (mailto:nick@craig-wood.com).
-Please don\[aq]t email me requests for help - those are better directed
-to the forum.
-Thanks!
+confidential
+.IP \[bu] 2
+info\[at]rclone.com
+.PP
+Please don\[aq]t email requests for help to this address - those are
+better directed to the forum unless you\[aq]d like to sign up for
+business support.
 .SH AUTHORS
 Nick Craig-Wood.
diff --git a/vfs/dir.go b/vfs/dir.go
index 2087dc638adec..5044ee855d2fb 100644
--- a/vfs/dir.go
+++ b/vfs/dir.go
@@ -22,9 +22,10 @@ import (
 
 // Dir represents a directory entry
 type Dir struct {
-	vfs   *VFS   // read only
-	inode uint64 // read only: inode number
-	f     fs.Fs  // read only
+	vfs          *VFS        // read only
+	inode        uint64      // read only: inode number
+	f            fs.Fs       // read only
+	cleanupTimer *time.Timer // read only: timer to call cacheCleanup
 
 	mu      sync.RWMutex // protects the following
 	parent  *Dir         // parent, nil for root
@@ -37,6 +38,8 @@ type Dir struct {
 
 	modTimeMu sync.Mutex // protects the following
 	modTime   time.Time
+
+	_hasVirtual atomic.Bool // shows if the directory has virtual entries
 }
 
 //go:generate stringer -type=vState
@@ -52,7 +55,7 @@ const (
 )
 
 func newDir(vfs *VFS, f fs.Fs, parent *Dir, fsDir fs.Directory) *Dir {
-	return &Dir{
+	d := &Dir{
 		vfs:     vfs,
 		f:       f,
 		parent:  parent,
@@ -62,6 +65,26 @@ func newDir(vfs *VFS, f fs.Fs, parent *Dir, fsDir fs.Directory) *Dir {
 		inode:   newInode(),
 		items:   make(map[string]Node),
 	}
+	d.cleanupTimer = time.AfterFunc(vfs.Opt.DirCacheTime*2, d.cacheCleanup)
+	d.setHasVirtual(false)
+	return d
+}
+
+func (d *Dir) cacheCleanup() {
+	defer func() {
+		// We should never panic here
+		_ = recover()
+	}()
+
+	when := time.Now()
+
+	d.mu.Lock()
+	_, stale := d._age(when)
+	d.mu.Unlock()
+
+	if stale {
+		d.ForgetAll()
+	}
 }
 
 // String converts it to printable
@@ -75,6 +98,9 @@ func (d *Dir) String() string {
 }
 
 // Dumps the directory tree to the string builder with the given indent
+//
+//lint:ignore U1000 false positive when running staticcheck,
+//nolint:unused // Don't include unused when running golangci-lint
 func (d *Dir) dumpIndent(out *strings.Builder, indent string) {
 	if d == nil {
 		fmt.Fprintf(out, "%s<nil *Dir>\n", indent)
@@ -109,6 +135,9 @@ func (d *Dir) dumpIndent(out *strings.Builder, indent string) {
 }
 
 // Dumps a nicely formatted directory tree to a string
+//
+//lint:ignore U1000 false positive when running staticcheck,
+//nolint:unused // Don't include unused when running golangci-lint
 func (d *Dir) dump() string {
 	var out strings.Builder
 	d.dumpIndent(&out, "")
@@ -168,6 +197,16 @@ func (d *Dir) Node() Node {
 	return d
 }
 
+// hasVirtual returns whether the directory has virtual entries
+func (d *Dir) hasVirtual() bool {
+	return d._hasVirtual.Load()
+}
+
+// setHasVirtual sets the hasVirtual flag for the directory
+func (d *Dir) setHasVirtual(hasVirtual bool) {
+	d._hasVirtual.Store(hasVirtual)
+}
+
 // ForgetAll forgets directory entries for this directory and any children.
 //
 // It does not invalidate or clear the cache of the parent directory.
@@ -176,30 +215,40 @@ func (d *Dir) Node() Node {
 // so could not be forgotten. Children which didn't have virtual entries and
 // children with virtual entries will be forgotten even if true is returned.
 func (d *Dir) ForgetAll() (hasVirtual bool) {
-	d.mu.Lock()
-	defer d.mu.Unlock()
+	d.mu.RLock()
+
 	fs.Debugf(d.path, "forgetting directory cache")
 	for _, node := range d.items {
 		if dir, ok := node.(*Dir); ok {
 			if dir.ForgetAll() {
-				hasVirtual = true
+				d.setHasVirtual(true)
 			}
 		}
 	}
+
+	d.mu.RUnlock()
+
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
 	// Purge any unnecessary virtual entries
 	d._purgeVirtual()
 
 	d.read = time.Time{}
+
 	// Check if this dir has virtual entries
 	if len(d.virtual) != 0 {
-		hasVirtual = true
+		d.setHasVirtual(true)
 	}
+
 	// Don't clear directory entries if there are virtual entries in this
 	// directory or any children
-	if !hasVirtual {
+	if !d.hasVirtual() {
 		d.items = make(map[string]Node)
+		d.cleanupTimer.Stop()
 	}
-	return hasVirtual
+
+	return d.hasVirtual()
 }
 
 // forgetDirPath clears the cache for itself and all subdirectories if
@@ -386,6 +435,7 @@ func (d *Dir) addObject(node Node) {
 		vAdd = vAddDir
 	}
 	d.virtual[leaf] = vAdd
+	d.setHasVirtual(true)
 	fs.Debugf(d.path, "Added virtual directory entry %v: %q", vAdd, leaf)
 	d.mu.Unlock()
 }
@@ -430,6 +480,7 @@ func (d *Dir) delObject(leaf string) {
 		d.virtual = make(map[string]vState)
 	}
 	d.virtual[leaf] = vDel
+	d.setHasVirtual(true)
 	fs.Debugf(d.path, "Added virtual directory entry %v: %q", vDel, leaf)
 	d.mu.Unlock()
 }
@@ -469,6 +520,8 @@ func (d *Dir) _readDir() error {
 	}
 
 	d.read = when
+	d.cleanupTimer.Reset(d.vfs.Opt.DirCacheTime * 2)
+
 	return nil
 }
 
@@ -487,6 +540,7 @@ func (d *Dir) _deleteVirtual(name string) {
 	delete(d.virtual, name)
 	if len(d.virtual) == 0 {
 		d.virtual = nil
+		d.setHasVirtual(false)
 	}
 	fs.Debugf(d.path, "Removed virtual directory entry %v: %q", virtualState, name)
 }
@@ -640,20 +694,22 @@ func (d *Dir) _readDirFromEntries(entries fs.DirEntries, dirTree dirtree.DirTree
 			if node == nil || !node.IsDir() {
 				node = newDir(d.vfs, d.f, d, item)
 			}
+			dir := node.(*Dir)
+			dir.mu.Lock()
+			dir.modTime = item.ModTime(context.TODO())
 			if dirTree != nil {
-				dir := node.(*Dir)
-				dir.mu.Lock()
 				err = dir._readDirFromDirTree(dirTree, when)
 				if err != nil {
 					dir.read = time.Time{}
 				} else {
 					dir.read = when
-				}
-				dir.mu.Unlock()
-				if err != nil {
-					return err
+					dir.cleanupTimer.Reset(d.vfs.Opt.DirCacheTime * 2)
 				}
 			}
+			dir.mu.Unlock()
+			if err != nil {
+				return err
+			}
 		default:
 			err = fmt.Errorf("unknown type %T", item)
 			fs.Errorf(d, "readDir error: %v", err)
@@ -685,6 +741,7 @@ func (d *Dir) readDirTree() error {
 	}
 	fs.Debugf(d.path, "Reading directory tree done in %s", time.Since(when))
 	d.read = when
+	d.cleanupTimer.Reset(d.vfs.Opt.DirCacheTime * 2)
 	return nil
 }
 
@@ -867,6 +924,10 @@ func (d *Dir) Create(name string, flags int) (*File, error) {
 	if d.vfs.Opt.ReadOnly {
 		return nil, EROFS
 	}
+	if err = d.SetModTime(time.Now()); err != nil {
+		fs.Errorf(d, "Dir.Create failed to set modtime on parent dir: %v", err)
+		return nil, err
+	}
 	// This gets added to the directory when the file is opened for write
 	return newFile(d, d.Path(), nil, name), nil
 }
@@ -901,6 +962,10 @@ func (d *Dir) Mkdir(name string) (*Dir, error) {
 	fsDir := fs.NewDir(path, time.Now())
 	dir := newDir(d.vfs, d.f, d, fsDir)
 	d.addObject(dir)
+	if err = d.SetModTime(time.Now()); err != nil {
+		fs.Errorf(d, "Dir.Mkdir failed to set modtime on parent dir: %v", err)
+		return nil, err
+	}
 	// fs.Debugf(path, "Dir.Mkdir OK")
 	return dir, nil
 }
@@ -972,6 +1037,10 @@ func (d *Dir) RemoveName(name string) error {
 		fs.Errorf(d, "Dir.Remove error: %v", err)
 		return err
 	}
+	if err = d.SetModTime(time.Now()); err != nil {
+		fs.Errorf(d, "Dir.Remove failed to set modtime on parent dir: %v", err)
+		return err
+	}
 	return node.Remove()
 }
 
@@ -1042,6 +1111,10 @@ func (d *Dir) Rename(oldName, newName string, destDir *Dir) error {
 	// Show moved - delete from old dir and add to new
 	d.delObject(oldName)
 	destDir.addObject(oldNode)
+	if err = d.SetModTime(time.Now()); err != nil {
+		fs.Errorf(d, "Dir.Rename failed to set modtime on parent dir: %v", err)
+		return err
+	}
 
 	// fs.Debugf(newPath, "Dir.Rename renamed from %q", oldPath)
 	// fs.Debugf(d, "AFTER\n%s", d.dump())
diff --git a/vfs/dir_test.go b/vfs/dir_test.go
index c04144e869fa8..ff70b74087905 100644
--- a/vfs/dir_test.go
+++ b/vfs/dir_test.go
@@ -343,9 +343,12 @@ func TestDirOpen(t *testing.T) {
 func TestDirCreate(t *testing.T) {
 	_, vfs, dir, _ := dirCreate(t)
 
+	origModTime := dir.ModTime()
+	time.Sleep(100 * time.Millisecond) // for low rez Windows timers
 	file, err := dir.Create("potato", os.O_WRONLY|os.O_CREATE)
 	require.NoError(t, err)
 	assert.Equal(t, int64(0), file.Size())
+	assert.True(t, dir.ModTime().After(origModTime))
 
 	fd, err := file.Open(os.O_WRONLY | os.O_CREATE)
 	require.NoError(t, err)
@@ -385,8 +388,11 @@ func TestDirMkdir(t *testing.T) {
 	_, err := dir.Mkdir("file1")
 	assert.Error(t, err)
 
+	origModTime := dir.ModTime()
+	time.Sleep(100 * time.Millisecond) // for low rez Windows timers
 	sub, err := dir.Mkdir("sub")
 	assert.NoError(t, err)
+	assert.True(t, dir.ModTime().After(origModTime))
 
 	// check the vfs
 	checkListing(t, dir, []string{"file1,14,false", "sub,0,true"})
@@ -488,8 +494,11 @@ func TestDirRemoveAll(t *testing.T) {
 func TestDirRemoveName(t *testing.T) {
 	r, vfs, dir, _ := dirCreate(t)
 
+	origModTime := dir.ModTime()
+	time.Sleep(100 * time.Millisecond) // for low rez Windows timers
 	err := dir.RemoveName("file1")
 	require.NoError(t, err)
+	assert.True(t, dir.ModTime().After(origModTime))
 	checkListing(t, dir, []string(nil))
 	root, err := vfs.Root()
 	require.NoError(t, err)
@@ -538,8 +547,11 @@ func TestDirRename(t *testing.T) {
 	dir = node.(*Dir)
 
 	// Rename a file
+	origModTime := dir.ModTime()
+	time.Sleep(100 * time.Millisecond) // for low rez Windows timers
 	err = dir.Rename("file1", "file2", root)
 	assert.NoError(t, err)
+	assert.True(t, dir.ModTime().After(origModTime))
 	checkListing(t, root, []string{"dir2,0,true", "file2,14,false"})
 	checkListing(t, dir, []string{"file3,15,false"})
 
diff --git a/vfs/file.go b/vfs/file.go
index 09b8a85d8255e..4b970f21b53a7 100644
--- a/vfs/file.go
+++ b/vfs/file.go
@@ -36,8 +36,8 @@ import (
 
 // File represents a file
 type File struct {
-	inode uint64 // inode number - read only
-	size  int64  // size of file - read and written with atomic int64 - must be 64 bit aligned
+	inode uint64       // inode number - read only
+	size  atomic.Int64 // size of file
 
 	muRW sync.Mutex // synchronize RWFileHandle.openPending(), RWFileHandle.close() and File.Remove
 
@@ -51,7 +51,7 @@ type File struct {
 	pendingModTime   time.Time                       // will be applied once o becomes available, i.e. after file was written
 	pendingRenameFun func(ctx context.Context) error // will be run/renamed after all writers close
 	sys              atomic.Value                    // user defined info to be attached here
-	nwriters         int32                           // len(writers) which is read/updated with atomic
+	nwriters         atomic.Int32                    // len(writers)
 	appendMode       bool                            // file was opened with O_APPEND
 }
 
@@ -67,7 +67,7 @@ func newFile(d *Dir, dPath string, o fs.Object, leaf string) *File {
 		inode: newInode(),
 	}
 	if o != nil {
-		f.size = o.Size()
+		f.size.Store(o.Size())
 	}
 	return f
 }
@@ -266,7 +266,7 @@ func (f *File) rename(ctx context.Context, destDir *Dir, newName string) error {
 func (f *File) addWriter(h Handle) {
 	f.mu.Lock()
 	f.writers = append(f.writers, h)
-	atomic.AddInt32(&f.nwriters, 1)
+	f.nwriters.Add(1)
 	f.mu.Unlock()
 }
 
@@ -284,7 +284,7 @@ func (f *File) delWriter(h Handle) {
 	}
 	if found >= 0 {
 		f.writers = append(f.writers[:found], f.writers[found+1:]...)
-		atomic.AddInt32(&f.nwriters, -1)
+		f.nwriters.Add(-1)
 	} else {
 		fs.Debugf(f._path(), "File.delWriter couldn't find handle")
 	}
@@ -295,7 +295,7 @@ func (f *File) delWriter(h Handle) {
 // Note that we don't take the mutex here.  If we do then we can get a
 // deadlock.
 func (f *File) activeWriters() int {
-	return int(atomic.LoadInt32(&f.nwriters))
+	return int(f.nwriters.Load())
 }
 
 // _roundModTime rounds the time passed in to the Precision of the
@@ -383,7 +383,7 @@ func (f *File) Size() int64 {
 
 	// if o is nil it isn't valid yet or there are writers, so return the size so far
 	if f._writingInProgress() {
-		return atomic.LoadInt64(&f.size)
+		return f.size.Load()
 	}
 	return nonNegative(f.o.Size())
 }
@@ -473,7 +473,7 @@ func (f *File) writingInProgress() bool {
 
 // Update the size while writing
 func (f *File) setSize(n int64) {
-	atomic.StoreInt64(&f.size, n)
+	f.size.Store(n)
 }
 
 // Update the object when written and add it to the directory
@@ -615,10 +615,6 @@ func (f *File) Remove() (err error) {
 		wasWriting = d.vfs.cache.Remove(f.Path())
 	}
 
-	// Remove the item from the directory listing
-	// called with File.mu released
-	d.delObject(f.Name())
-
 	f.muRW.Lock() // muRW must be locked before mu to avoid
 	f.mu.Lock()   // deadlock in RWFileHandle.openPending and .close
 	if f.o != nil {
@@ -635,6 +631,12 @@ func (f *File) Remove() (err error) {
 			fs.Debugf(f._path(), "File.Remove file error: %v", err)
 		}
 	}
+
+	// Remove the item from the directory listing
+	// called with File.mu released when there is no error removing the underlying file
+	if err == nil {
+		d.delObject(f.Name())
+	}
 	return err
 }
 
diff --git a/vfs/file_test.go b/vfs/file_test.go
index 728d8c6990fa7..6688749d2f1c3 100644
--- a/vfs/file_test.go
+++ b/vfs/file_test.go
@@ -193,7 +193,9 @@ func TestFileOpenReadUnknownSize(t *testing.T) {
 	assert.Equal(t, int64(-1), o.Size())
 
 	// add it to a mock fs
-	f := mockfs.NewFs(context.Background(), "test", "root")
+	fMock, err := mockfs.NewFs(context.Background(), "test", "root", nil)
+	require.NoError(t, err)
+	f := fMock.(*mockfs.Fs)
 	f.AddObject(o)
 	testObj, err := f.NewObject(ctx, remote)
 	require.NoError(t, err)
diff --git a/vfs/read.go b/vfs/read.go
index 53d621a3c2529..8bedeae912ad0 100644
--- a/vfs/read.go
+++ b/vfs/read.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"os"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/rclone/rclone/fs"
@@ -222,7 +223,7 @@ func waitSequential(what string, remote string, cond *sync.Cond, maxWait time.Du
 	var (
 		timeout = time.NewTimer(maxWait)
 		done    = make(chan struct{})
-		abort   = false
+		abort   atomic.Int32
 	)
 	go func() {
 		select {
@@ -231,14 +232,14 @@ func waitSequential(what string, remote string, cond *sync.Cond, maxWait time.Du
 			// cond.Broadcast. NB cond.L == mu
 			cond.L.Lock()
 			// set abort flag and give all the waiting goroutines a kick on timeout
-			abort = true
+			abort.Store(1)
 			fs.Debugf(remote, "aborting in-sequence %s wait, off=%d", what, off)
 			cond.Broadcast()
 			cond.L.Unlock()
 		case <-done:
 		}
 	}()
-	for *poff != off && !abort {
+	for *poff != off && abort.Load() == 0 {
 		fs.Debugf(remote, "waiting for in-sequence %s to %d for %v", what, off, maxWait)
 		cond.Wait()
 	}
@@ -483,6 +484,11 @@ func (fh *ReadFileHandle) Release() error {
 	return err
 }
 
+// Name returns the name of the file from the underlying Object.
+func (fh *ReadFileHandle) Name() string {
+	return fh.file.String()
+}
+
 // Size returns the size of the underlying file
 func (fh *ReadFileHandle) Size() int64 {
 	fh.mu.Lock()
diff --git a/vfs/read_test.go b/vfs/read_test.go
index db8d0f8417808..6b7d55c4ee75e 100644
--- a/vfs/read_test.go
+++ b/vfs/read_test.go
@@ -44,6 +44,9 @@ func TestReadFileHandleMethods(t *testing.T) {
 	assert.Equal(t, "<nil *ReadFileHandle>", (*ReadFileHandle)(nil).String())
 	assert.Equal(t, "<nil *ReadFileHandle.file>", new(ReadFileHandle).String())
 
+	// Name
+	assert.Equal(t, "dir/file1", fh.Name())
+
 	// Node
 	node := fh.Node()
 	assert.Equal(t, "file1", node.Name())
diff --git a/vfs/read_write.go b/vfs/read_write.go
index ead0f6b23ba43..4130e68b0bc76 100644
--- a/vfs/read_write.go
+++ b/vfs/read_write.go
@@ -30,6 +30,16 @@ type RWFileHandle struct {
 	writeCalled bool // if any Write() methods have been called
 }
 
+// Lock performs Unix locking, not supported
+func (fh *RWFileHandle) Lock() error {
+	return os.ErrInvalid
+}
+
+// Unlock performs Unix unlocking, not supported
+func (fh *RWFileHandle) Unlock() error {
+	return os.ErrInvalid
+}
+
 func newRWFileHandle(d *Dir, f *File, flags int) (fh *RWFileHandle, err error) {
 	defer log.Trace(f.Path(), "")("err=%v", &err)
 	// get an item to represent this from the cache
diff --git a/vfs/read_write_test.go b/vfs/read_write_test.go
index 75b930f73f4a9..7a49c9ab517b2 100644
--- a/vfs/read_write_test.go
+++ b/vfs/read_write_test.go
@@ -346,6 +346,9 @@ func TestRWFileHandleWriteAt(t *testing.T) {
 		return n
 	}
 
+	// Name
+	assert.Equal(t, "file1", fh.Name())
+
 	// Preconditions
 	assert.Equal(t, int64(0), offset())
 	assert.True(t, fh.opened)
diff --git a/vfs/test_vfs/test_vfs.go b/vfs/test_vfs/test_vfs.go
index 955362357a8f8..53a8208f115e7 100644
--- a/vfs/test_vfs/test_vfs.go
+++ b/vfs/test_vfs/test_vfs.go
@@ -26,7 +26,7 @@ var (
 	number     = flag.Int("n", 4, "Number of tests to run simultaneously")
 	iterations = flag.Int("i", 100, "Iterations of the test")
 	timeout    = flag.Duration("timeout", 10*time.Second, "Inactivity time to detect a deadlock")
-	testNumber int32
+	testNumber atomic.Int32
 )
 
 // Seed the random number generator
@@ -55,7 +55,7 @@ func NewTest(Dir string) *Test {
 		dir:    Dir,
 		name:   random.String(*nameLength),
 		isDir:  rand.Intn(2) == 0,
-		number: atomic.AddInt32(&testNumber, 1),
+		number: testNumber.Add(1),
 		timer:  time.NewTimer(*timeout),
 	}
 	width := int(math.Floor(math.Log10(float64(*number)))) + 1
diff --git a/vfs/vfs.go b/vfs/vfs.go
index 7e9b0043f4363..2e35dc81045bd 100644
--- a/vfs/vfs.go
+++ b/vfs/vfs.go
@@ -13,7 +13,7 @@
 // # It also includes directory caching
 //
 // The vfs package returns Error values to signal precisely which
-// error conditions have ocurred.  It may also return general errors
+// error conditions have occurred.  It may also return general errors
 // it receives.  It tries to use os Error values (e.g. os.ErrExist)
 // where possible.
 //
@@ -22,6 +22,7 @@ package vfs
 
 import (
 	"context"
+	_ "embed"
 	"fmt"
 	"io"
 	"os"
@@ -32,6 +33,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/go-git/go-billy/v5"
 	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/cache"
 	"github.com/rclone/rclone/fs/log"
@@ -41,6 +43,11 @@ import (
 	"github.com/rclone/rclone/vfs/vfscommon"
 )
 
+// Help for the VFS.
+//
+//go:embed vfs.md
+var Help string
+
 // Node represents either a directory (*Dir) or a file (*File)
 type Node interface {
 	os.FileInfo
@@ -119,6 +126,8 @@ type Handle interface {
 	Release() error
 	Node() Node
 	//	Size() int64
+	Lock() error
+	Unlock() error
 }
 
 // baseHandle implements all the missing methods
@@ -144,16 +153,19 @@ func (h baseHandle) WriteString(s string) (n int, err error)              { retu
 func (h baseHandle) Flush() (err error)                                   { return ENOSYS }
 func (h baseHandle) Release() (err error)                                 { return ENOSYS }
 func (h baseHandle) Node() Node                                           { return nil }
+func (h baseHandle) Unlock() error                                        { return os.ErrInvalid }
+func (h baseHandle) Lock() error                                          { return os.ErrInvalid }
 
 //func (h baseHandle) Size() int64                                          { return 0 }
 
 // Check interfaces
 var (
-	_ OsFiler = (*os.File)(nil)
-	_ Handle  = (*baseHandle)(nil)
-	_ Handle  = (*ReadFileHandle)(nil)
-	_ Handle  = (*WriteFileHandle)(nil)
-	_ Handle  = (*DirHandle)(nil)
+	_ OsFiler    = (*os.File)(nil)
+	_ Handle     = (*baseHandle)(nil)
+	_ Handle     = (*ReadFileHandle)(nil)
+	_ Handle     = (*WriteFileHandle)(nil)
+	_ Handle     = (*DirHandle)(nil)
+	_ billy.File = (Handle)(nil)
 )
 
 // VFS represents the top level filing system
@@ -167,7 +179,7 @@ type VFS struct {
 	usageTime   time.Time
 	usage       *fs.Usage
 	pollChan    chan time.Duration
-	inUse       int32 // count of number of opens accessed with atomic
+	inUse       atomic.Int32 // count of number of opens
 }
 
 // Keep track of active VFS keyed on fs.ConfigString(f)
@@ -181,9 +193,9 @@ var (
 func New(f fs.Fs, opt *vfscommon.Options) *VFS {
 	fsDir := fs.NewDir("", time.Now())
 	vfs := &VFS{
-		f:     f,
-		inUse: int32(1),
+		f: f,
 	}
+	vfs.inUse.Store(1)
 
 	// Make a copy of the options
 	if opt != nil {
@@ -202,7 +214,7 @@ func New(f fs.Fs, opt *vfscommon.Options) *VFS {
 	for _, activeVFS := range active[configName] {
 		if vfs.Opt == activeVFS.Opt {
 			fs.Debugf(f, "Re-using VFS from active cache")
-			atomic.AddInt32(&activeVFS.inUse, 1)
+			activeVFS.inUse.Add(1)
 			return activeVFS
 		}
 	}
@@ -227,22 +239,37 @@ func New(f fs.Fs, opt *vfscommon.Options) *VFS {
 		fs.Logf(f, "--vfs-cache-mode writes or full is recommended for this remote as it can't stream")
 	}
 
-	vfs.SetCacheMode(vfs.Opt.CacheMode)
-
 	// Pin the Fs into the cache so that when we use cache.NewFs
 	// with the same remote string we get this one. The Pin is
 	// removed when the vfs is finalized
 	cache.PinUntilFinalized(f, vfs)
 
+	// Refresh the dircache if required
+	if vfs.Opt.Refresh {
+		go vfs.refresh()
+	}
+
+	// This can take some time so do it after the Pin
+	vfs.SetCacheMode(vfs.Opt.CacheMode)
+
 	return vfs
 }
 
+// refresh the directory cache for all directories
+func (vfs *VFS) refresh() {
+	fs.Debugf(vfs.f, "Refreshing VFS directory cache")
+	err := vfs.root.readDirTree()
+	if err != nil {
+		fs.Errorf(vfs.f, "Error refreshing VFS directory cache: %v", err)
+	}
+}
+
 // Stats returns info about the VFS
 func (vfs *VFS) Stats() (out rc.Params) {
 	out = make(rc.Params)
 	out["fs"] = fs.ConfigString(vfs.f)
 	out["opt"] = vfs.Opt
-	out["inUse"] = atomic.LoadInt32(&vfs.inUse)
+	out["inUse"] = vfs.inUse.Load()
 
 	var (
 		dirs  int
@@ -312,7 +339,7 @@ func (vfs *VFS) shutdownCache() {
 // Shutdown stops any background go-routines and removes the VFS from
 // the active ache.
 func (vfs *VFS) Shutdown() {
-	if atomic.AddInt32(&vfs.inUse, -1) > 0 {
+	if vfs.inUse.Add(-1) > 0 {
 		return
 	}
 
@@ -385,11 +412,11 @@ func (vfs *VFS) Root() (*Dir, error) {
 	return vfs.root, nil
 }
 
-var inodeCount uint64
+var inodeCount atomic.Uint64
 
 // newInode creates a new unique inode number
 func newInode() (inode uint64) {
-	return atomic.AddUint64(&inodeCount, 1)
+	return inodeCount.Add(1)
 }
 
 // Stat finds the Node by path starting from the root
@@ -654,18 +681,54 @@ func (vfs *VFS) Chtimes(name string, atime time.Time, mtime time.Time) error {
 	return nil
 }
 
+// mkdir creates a new directory with the specified name and permission bits
+// (before umask) returning the new directory node.
+func (vfs *VFS) mkdir(name string, perm os.FileMode) (*Dir, error) {
+	dir, leaf, err := vfs.StatParent(name)
+	if err != nil {
+		return nil, err
+	}
+	return dir.Mkdir(leaf)
+}
+
 // Mkdir creates a new directory with the specified name and permission bits
 // (before umask).
 func (vfs *VFS) Mkdir(name string, perm os.FileMode) error {
-	dir, leaf, err := vfs.StatParent(name)
+	_, err := vfs.mkdir(name, perm)
+	return err
+}
+
+// mkdirAll creates a new directory with the specified name and
+// permission bits (before umask) and all of its parent directories up
+// to the root.
+func (vfs *VFS) mkdirAll(name string, perm os.FileMode) (dir *Dir, err error) {
+	name = strings.Trim(name, "/")
+	// the root directory node already exists even if the directory isn't created yet
+	if name == "" {
+		return vfs.root, nil
+	}
+	var parent, leaf string
+	dir, leaf, err = vfs.StatParent(name)
+	if err == ENOENT {
+		parent, leaf = path.Split(name)
+		dir, err = vfs.mkdirAll(parent, perm)
+	}
 	if err != nil {
-		return err
+		return nil, err
 	}
-	_, err = dir.Mkdir(leaf)
+	dir, err = dir.Mkdir(leaf)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	return nil
+	return dir, nil
+}
+
+// MkdirAll creates a new directory with the specified name and
+// permission bits (before umask) and all of its parent directories up
+// to the root.
+func (vfs *VFS) MkdirAll(name string, perm os.FileMode) error {
+	_, err := vfs.mkdirAll(name, perm)
+	return err
 }
 
 // ReadDir reads the directory named by dirname and returns
@@ -701,8 +764,17 @@ func (vfs *VFS) ReadFile(filename string) (b []byte, err error) {
 }
 
 // AddVirtual adds the object (file or dir) to the directory cache
-func (vfs *VFS) AddVirtual(remote string, size int64, isDir bool) error {
-	dir, leaf, err := vfs.StatParent(remote)
+func (vfs *VFS) AddVirtual(remote string, size int64, isDir bool) (err error) {
+	remote = strings.TrimRight(remote, "/")
+	var dir *Dir
+	var parent, leaf string
+	if vfs.f.Features().CanHaveEmptyDirectories {
+		dir, leaf, err = vfs.StatParent(remote)
+	} else {
+		// Create parent of virtual directory since backend can't have empty directories
+		parent, leaf = path.Split(remote)
+		dir, err = vfs.mkdirAll(parent, vfs.Opt.DirPerms)
+	}
 	if err != nil {
 		return err
 	}
diff --git a/vfs/help.go b/vfs/vfs.md
similarity index 72%
rename from vfs/help.go
rename to vfs/vfs.md
index 84ad2dc9d7afb..dba7afa0a0d40 100644
--- a/vfs/help.go
+++ b/vfs/vfs.md
@@ -1,15 +1,3 @@
-package vfs
-
-import (
-	"strings"
-)
-
-// Help contains text describing file and directory caching to add to
-// the command help.
-// Warning: "!" (sic) will be replaced by backticks below,
-//
-//	but the pipe character "|" can be used as is.
-var Help = strings.ReplaceAll(`
 ### VFS - Virtual File System
 
 This command uses the VFS layer. This adapts the cloud storage objects
@@ -26,7 +14,7 @@ about files and directories (but not the data) in memory.
 
 ### VFS Directory Cache
 
-Using the !--dir-cache-time! flag, you can control how long a
+Using the `--dir-cache-time` flag, you can control how long a
 directory should be considered up to date and not refreshed from the
 backend. Changes made through the VFS will appear immediately or
 invalidate the cache.
@@ -40,7 +28,7 @@ the directory cache expires if the backend configured does not support
 polling for changes. If the backend supports polling, changes will be
 picked up within the polling interval.
 
-You can send a !SIGHUP! signal to rclone for it to flush all
+You can send a `SIGHUP` signal to rclone for it to flush all
 directory caches, regardless of how old they are.  Assuming only one
 rclone instance is running, you can reset the cache like this:
 
@@ -57,7 +45,7 @@ Or individual files or directories:
 
 ### VFS File Buffering
 
-The !--buffer-size! flag determines the amount of memory,
+The `--buffer-size` flag determines the amount of memory,
 that will be used to buffer data in advance.
 
 Each open file will try to keep the specified amount of data in memory
@@ -70,7 +58,7 @@ yet read. If the buffer is empty, only a small amount of memory will
 be used.
 
 The maximum memory used by rclone for buffering can be up to
-!--buffer-size * open files!.
+`--buffer-size * open files`.
 
 ### VFS File Caching
 
@@ -84,38 +72,51 @@ write simultaneously to a file.  See below for more details.
 Note that the VFS cache is separate from the cache backend and you may
 find that you need one or the other or both.
 
-    --cache-dir string                   Directory rclone will use for caching.
-    --vfs-cache-mode CacheMode           Cache mode off|minimal|writes|full (default off)
-    --vfs-cache-max-age duration         Max age of objects in the cache (default 1h0m0s)
-    --vfs-cache-max-size SizeSuffix      Max total size of objects in the cache (default off)
-    --vfs-cache-poll-interval duration   Interval to poll the cache for stale objects (default 1m0s)
-    --vfs-write-back duration            Time to writeback files after last use when using cache (default 5s)
+    --cache-dir string                     Directory rclone will use for caching.
+    --vfs-cache-mode CacheMode             Cache mode off|minimal|writes|full (default off)
+    --vfs-cache-max-age duration           Max time since last access of objects in the cache (default 1h0m0s)
+    --vfs-cache-max-size SizeSuffix        Max total size of objects in the cache (default off)
+    --vfs-cache-min-free-space SizeSuffix  Target minimum free space on the disk containing the cache (default off)
+    --vfs-cache-poll-interval duration     Interval to poll the cache for stale objects (default 1m0s)
+    --vfs-write-back duration              Time to writeback files after last use when using cache (default 5s)
 
-If run with !-vv! rclone will print the location of the file cache.  The
+If run with `-vv` rclone will print the location of the file cache.  The
 files are stored in the user cache file area which is OS dependent but
-can be controlled with !--cache-dir! or setting the appropriate
+can be controlled with `--cache-dir` or setting the appropriate
 environment variable.
 
-The cache has 4 different modes selected by !--vfs-cache-mode!.
+The cache has 4 different modes selected by `--vfs-cache-mode`.
 The higher the cache mode the more compatible rclone becomes at the
 cost of using disk space.
 
 Note that files are written back to the remote only when they are
-closed and if they haven't been accessed for !--vfs-write-back!
+closed and if they haven't been accessed for `--vfs-write-back`
 seconds. If rclone is quit or dies with files that haven't been
 uploaded, these will be uploaded next time rclone is run with the same
 flags.
 
-If using !--vfs-cache-max-size! note that the cache may exceed this size
-for two reasons.  Firstly because it is only checked every
-!--vfs-cache-poll-interval!.  Secondly because open files cannot be
-evicted from the cache.
+If using `--vfs-cache-max-size` or `--vfs-cache-min-free-size` note
+that the cache may exceed these quotas for two reasons. Firstly
+because it is only checked every `--vfs-cache-poll-interval`. Secondly
+because open files cannot be evicted from the cache. When
+`--vfs-cache-max-size` or `--vfs-cache-min-free-size` is exceeded,
+rclone will attempt to evict the least accessed files from the cache
+first. rclone will start with files that haven't been accessed for the
+longest. This cache flushing strategy is efficient and more relevant
+files are likely to remain cached.
+
+The `--vfs-cache-max-age` will evict files from the cache
+after the set time since last access has passed. The default value of
+1 hour will start evicting files from cache that haven't been accessed
+for 1 hour. When a cached file is accessed the 1 hour timer is reset to 0
+and will wait for 1 more hour before evicting. Specify the time with
+standard notation, s, m, h, d, w .
 
 You **should not** run two copies of rclone using the same VFS cache
-with the same or overlapping remotes if using !--vfs-cache-mode > off!.
+with the same or overlapping remotes if using `--vfs-cache-mode > off`.
 This can potentially cause data corruption if you do. You can work
 around this by giving each rclone its own cache hierarchy with
-!--cache-dir!. You don't need to worry about this if the remotes in
+`--cache-dir`. You don't need to worry about this if the remotes in
 use don't overlap.
 
 #### --vfs-cache-mode off
@@ -171,14 +172,14 @@ their full size in the cache, but they will be sparse files with only
 the data that has been downloaded present in them.
 
 This mode should support all normal file system operations and is
-otherwise identical to !--vfs-cache-mode! writes.
+otherwise identical to `--vfs-cache-mode` writes.
 
-When reading a file rclone will read !--buffer-size! plus
-!--vfs-read-ahead! bytes ahead.  The !--buffer-size! is buffered in memory
-whereas the !--vfs-read-ahead! is buffered on disk.
+When reading a file rclone will read `--buffer-size` plus
+`--vfs-read-ahead` bytes ahead.  The `--buffer-size` is buffered in memory
+whereas the `--vfs-read-ahead` is buffered on disk.
 
-When using this mode it is recommended that !--buffer-size! is not set
-too large and !--vfs-read-ahead! is set large if required.
+When using this mode it is recommended that `--buffer-size` is not set
+too large and `--vfs-read-ahead` is set large if required.
 
 **IMPORTANT** not all file systems support sparse files. In particular
 FAT/exFAT do not. Rclone will perform very badly if the cache
@@ -200,17 +201,17 @@ where available on an object.
 On some backends some of these attributes are slow to read (they take
 an extra API call per object, or extra work per object).
 
-For example !hash! is slow with the !local! and !sftp! backends as
-they have to read the entire file and hash it, and !modtime! is slow
-with the !s3!, !swift!, !ftp! and !qinqstor! backends because they
+For example `hash` is slow with the `local` and `sftp` backends as
+they have to read the entire file and hash it, and `modtime` is slow
+with the `s3`, `swift`, `ftp` and `qinqstor` backends because they
 need to do an extra API call to fetch it.
 
-If you use the !--vfs-fast-fingerprint! flag then rclone will not
+If you use the `--vfs-fast-fingerprint` flag then rclone will not
 include the slow operations in the fingerprint. This makes the
 fingerprinting less accurate but much faster and will improve the
 opening time of cached files.
 
-If you are running a vfs cache over !local!, !s3! or !swift! backends
+If you are running a vfs cache over `local`, `s3` or `swift` backends
 then using this flag is recommended.
 
 Note that if you change the value of this flag, the fingerprints of
@@ -230,19 +231,19 @@ These flags control the chunking:
     --vfs-read-chunk-size SizeSuffix        Read the source objects in chunks (default 128M)
     --vfs-read-chunk-size-limit SizeSuffix  Max chunk doubling size (default off)
 
-Rclone will start reading a chunk of size !--vfs-read-chunk-size!,
-and then double the size for each read. When !--vfs-read-chunk-size-limit! is
-specified, and greater than !--vfs-read-chunk-size!, the chunk size for each
+Rclone will start reading a chunk of size `--vfs-read-chunk-size`,
+and then double the size for each read. When `--vfs-read-chunk-size-limit` is
+specified, and greater than `--vfs-read-chunk-size`, the chunk size for each
 open file will get doubled only until the specified value is reached. If the
 value is "off", which is the default, the limit is disabled and the chunk size
 will grow indefinitely.
 
-With !--vfs-read-chunk-size 100M! and !--vfs-read-chunk-size-limit 0!
+With `--vfs-read-chunk-size 100M` and `--vfs-read-chunk-size-limit 0`
 the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on.
-When !--vfs-read-chunk-size-limit 500M! is specified, the result would be
+When `--vfs-read-chunk-size-limit 500M` is specified, the result would be
 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.
 
-Setting !--vfs-read-chunk-size! to !0! or "off" disables chunked reading.
+Setting `--vfs-read-chunk-size` to `0` or "off" disables chunked reading.
 
 ### VFS Performance
 
@@ -250,8 +251,8 @@ These flags may be used to enable/disable features of the VFS for
 performance or other reasons. See also the [chunked reading](#vfs-chunked-reading)
 feature.
 
-In particular S3 and Swift benefit hugely from the !--no-modtime! flag
-(or use !--use-server-modtime! for a slightly different effect) as each
+In particular S3 and Swift benefit hugely from the `--no-modtime` flag
+(or use `--use-server-modtime` for a slightly different effect) as each
 read of the modification time takes a transaction.
 
     --no-checksum     Don't compare checksums on up/download.
@@ -267,9 +268,9 @@ on disk cache file.
     --vfs-read-wait duration   Time to wait for in-sequence read before seeking (default 20ms)
     --vfs-write-wait duration  Time to wait for in-sequence write before giving error (default 1s)
 
-When using VFS write caching (!--vfs-cache-mode! with value writes or full),
-the global flag !--transfers! can be set to adjust the number of parallel uploads of
-modified files from the cache (the related global flag !--checkers! has no effect on the VFS).
+When using VFS write caching (`--vfs-cache-mode` with value writes or full),
+the global flag `--transfers` can be set to adjust the number of parallel uploads of
+modified files from the cache (the related global flag `--checkers` has no effect on the VFS).
 
     --transfers int  Number of file transfers to run in parallel (default 4)
 
@@ -286,7 +287,7 @@ It is not allowed for two files in the same directory to differ only by case.
 Usually file systems on macOS are case-insensitive. It is possible to make macOS
 file systems case-sensitive but that is not the default.
 
-The !--vfs-case-insensitive! VFS flag controls how rclone handles these
+The `--vfs-case-insensitive` VFS flag controls how rclone handles these
 two cases. If its value is "false", rclone passes file names to the remote
 as-is. If the flag is "true" (or appears without a value on the
 command line), rclone may perform a "fixup" as explained below.
@@ -318,13 +319,12 @@ It can be useful when those statistics cannot be read correctly automatically.
 ### Alternate report of used bytes
 
 Some backends, most notably S3, do not report the amount of bytes used.
-If you need this information to be available when running !df! on the
-filesystem, then pass the flag !--vfs-used-is-size! to rclone.
+If you need this information to be available when running `df` on the
+filesystem, then pass the flag `--vfs-used-is-size` to rclone.
 With this flag set, instead of relying on the backend to report this
-information, rclone will scan the whole remote similar to !rclone size!
+information, rclone will scan the whole remote similar to `rclone size`
 and compute the total used space itself.
 
-_WARNING._ Contrary to !rclone size!, this flag ignores filters so that the
+_WARNING._ Contrary to `rclone size`, this flag ignores filters so that the
 result is accurate. However, this is very inefficient and may cost lots of API
 calls resulting in extra charges. Use it as a last resort and only with caching.
-`, "!", "`")
diff --git a/vfs/vfs_test.go b/vfs/vfs_test.go
index e262e7d2aed4d..d0914ddb3e4db 100644
--- a/vfs/vfs_test.go
+++ b/vfs/vfs_test.go
@@ -364,6 +364,84 @@ func TestVFSStatfs(t *testing.T) {
 	assert.Equal(t, oldTime, vfs.usageTime)
 }
 
+func TestVFSMkdir(t *testing.T) {
+	r, vfs := newTestVFS(t)
+
+	if !r.Fremote.Features().CanHaveEmptyDirectories {
+		return // can't test if can't have empty directories
+	}
+
+	r.CheckRemoteListing(t, nil, []string{})
+
+	// Try making the root
+	err := vfs.Mkdir("", 0777)
+	require.NoError(t, err)
+	r.CheckRemoteListing(t, nil, []string{})
+
+	// Try making a sub directory
+	err = vfs.Mkdir("a", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a"})
+
+	// Try making an existing directory
+	err = vfs.Mkdir("a", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a"})
+
+	// Try making a new directory
+	err = vfs.Mkdir("b/", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a", "b"})
+
+	// Try making a new directory
+	err = vfs.Mkdir("/c", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a", "b", "c"})
+
+	// Try making a new directory
+	err = vfs.Mkdir("/d/", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a", "b", "c", "d"})
+}
+
+func TestVFSMkdirAll(t *testing.T) {
+	r, vfs := newTestVFS(t)
+
+	if !r.Fremote.Features().CanHaveEmptyDirectories {
+		return // can't test if can't have empty directories
+	}
+
+	r.CheckRemoteListing(t, nil, []string{})
+
+	// Try making the root
+	err := vfs.MkdirAll("", 0777)
+	require.NoError(t, err)
+	r.CheckRemoteListing(t, nil, []string{})
+
+	// Try making a sub directory
+	err = vfs.MkdirAll("a/b/c/d", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a", "a/b", "a/b/c", "a/b/c/d"})
+
+	// Try making an existing directory
+	err = vfs.MkdirAll("a/b/c", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a", "a/b", "a/b/c", "a/b/c/d"})
+
+	// Try making an existing directory
+	err = vfs.MkdirAll("/a/b/c/", 0777)
+	require.NoError(t, err)
+
+	r.CheckRemoteListing(t, nil, []string{"a", "a/b", "a/b/c", "a/b/c/d"})
+}
+
 func TestFillInMissingSizes(t *testing.T) {
 	const unknownFree = 10
 	for _, test := range []struct {
diff --git a/vfs/vfscache/cache.go b/vfs/vfscache/cache.go
index 1649503881366..e5bb19c79ef5c 100644
--- a/vfs/vfscache/cache.go
+++ b/vfs/vfscache/cache.go
@@ -22,6 +22,7 @@ import (
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/fs/operations"
 	"github.com/rclone/rclone/fs/rc"
+	"github.com/rclone/rclone/lib/diskusage"
 	"github.com/rclone/rclone/lib/encoder"
 	"github.com/rclone/rclone/lib/file"
 	"github.com/rclone/rclone/vfs/vfscache/writeback"
@@ -607,16 +608,17 @@ func (c *Cache) retryFailedResets() {
 	}
 }
 
-func (c *Cache) purgeClean(quota int64) {
+// Remove cache files that are not dirty until the quota is satisfied
+func (c *Cache) purgeClean() {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
-	var items Items
-
-	if quota <= 0 || c.used < quota {
+	if c.quotasOK() {
 		return
 	}
 
+	var items Items
+
 	// Make a slice of clean cache files
 	for _, item := range c.item {
 		if !item.IsDirty() {
@@ -628,7 +630,7 @@ func (c *Cache) purgeClean(quota int64) {
 
 	// Reset items until the quota is OK
 	for _, item := range items {
-		if c.used < quota {
+		if c.quotasOK() {
 			break
 		}
 		resetResult, spaceFreed, err := item.Reset()
@@ -645,7 +647,7 @@ func (c *Cache) purgeClean(quota int64) {
 		}
 	}
 
-	// Resest outOfSpace without checking whether we have reduced cache space below the quota.
+	// Reset outOfSpace without checking whether we have reduced cache space below the quota.
 	// This allows some files to reduce their pendingAccesses count to allow them to be reset
 	// in the next iteration of the purge cleaner loop.
 
@@ -661,7 +663,7 @@ func (c *Cache) purgeOld(maxAge time.Duration) {
 	for _, item := range c.item {
 		c.removeNotInUse(item, maxAge, false)
 	}
-	if c.used < int64(c.opt.CacheMaxSize) {
+	if c.quotasOK() {
 		c.outOfSpace = false
 		c.cond.Broadcast()
 	}
@@ -693,16 +695,53 @@ func (c *Cache) updateUsed() (used int64) {
 	return newUsed
 }
 
+// Check the available space for a disk is in limits.
+func (c *Cache) minFreeSpaceQuotaOK() bool {
+	if c.opt.CacheMinFreeSpace <= 0 {
+		return true
+	}
+	du, err := diskusage.New(config.GetCacheDir())
+	if err == diskusage.ErrUnsupported {
+		return true
+	}
+	if err != nil {
+		fs.Errorf(nil, "disk usage returned error: %v", err)
+		return true
+	}
+	return du.Available >= uint64(c.opt.CacheMinFreeSpace)
+}
+
+// Check the available quota for a disk is in limits.
+//
+// must be called with mu held.
+func (c *Cache) maxSizeQuotaOK() bool {
+	if c.opt.CacheMaxSize <= 0 {
+		return true
+	}
+	return c.used <= int64(c.opt.CacheMaxSize)
+}
+
+// Check the available quotas for a disk is in limits.
+//
+// must be called with mu held.
+func (c *Cache) quotasOK() bool {
+	return c.maxSizeQuotaOK() && c.minFreeSpaceQuotaOK()
+}
+
+// Return true if any quotas set
+func (c *Cache) haveQuotas() bool {
+	return c.opt.CacheMaxSize > 0 || c.opt.CacheMinFreeSpace > 0
+}
+
 // Remove clean cache files that are not open until the total space
 // is reduced below quota starting from the oldest first
-func (c *Cache) purgeOverQuota(quota int64) {
+func (c *Cache) purgeOverQuota() {
 	c.updateUsed()
 
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
-	if quota <= 0 || c.used < quota {
-
+	if c.quotasOK() {
 		return
 	}
 
@@ -719,9 +758,9 @@ func (c *Cache) purgeOverQuota(quota int64) {
 
 	// Remove items until the quota is OK
 	for _, item := range items {
-		c.removeNotInUse(item, 0, c.used <= quota)
+		c.removeNotInUse(item, 0, c.quotasOK())
 	}
-	if c.used < quota {
+	if c.quotasOK() {
 		c.outOfSpace = false
 		c.cond.Broadcast()
 	}
@@ -743,19 +782,19 @@ func (c *Cache) clean(kicked bool) {
 	c.purgeOld(c.opt.CacheMaxAge)
 
 	// If have a maximum cache size...
-	if int64(c.opt.CacheMaxSize) > 0 {
+	if c.haveQuotas() {
 		// Remove files not in use until cache size is below quota starting from the oldest first
-		c.purgeOverQuota(int64(c.opt.CacheMaxSize))
+		c.purgeOverQuota()
 
 		// Remove cache files that are not dirty if we are still above the max cache size
-		c.purgeClean(int64(c.opt.CacheMaxSize))
+		c.purgeClean()
 		c.retryFailedResets()
 	}
 
 	// Was kicked?
 	if kicked {
 		c.kickerMu.Lock() // Make sure this is called with cache mutex unlocked
-		// Reenable io threads to kick me
+		// Re-enable io threads to kick me
 		c.cleanerKicked = false
 		c.kickerMu.Unlock()
 	}
diff --git a/vfs/vfscache/cache_test.go b/vfs/vfscache/cache_test.go
index 5ed346a13cee8..a76d99c2c3213 100644
--- a/vfs/vfscache/cache_test.go
+++ b/vfs/vfscache/cache_test.go
@@ -10,7 +10,10 @@ import (
 	"time"
 
 	_ "github.com/rclone/rclone/backend/local" // import the local backend
+	"github.com/rclone/rclone/fs"
+	"github.com/rclone/rclone/fs/config"
 	"github.com/rclone/rclone/fstest"
+	"github.com/rclone/rclone/lib/diskusage"
 	"github.com/rclone/rclone/vfs/vfscommon"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -354,7 +357,8 @@ func TestCachePurgeOverQuota(t *testing.T) {
 	}, itemAsString(c))
 
 	// Check nothing removed
-	c.purgeOverQuota(1)
+	c.opt.CacheMaxSize = 1
+	c.purgeOverQuota()
 
 	// Close the files
 	require.NoError(t, potato.Close(nil))
@@ -373,7 +377,8 @@ func TestCachePurgeOverQuota(t *testing.T) {
 	potato2.info.ATime = t1
 
 	// Check only potato removed to get below quota
-	c.purgeOverQuota(10)
+	c.opt.CacheMaxSize = 10
+	c.purgeOverQuota()
 	assert.Equal(t, int64(6), c.used)
 
 	assert.Equal(t, []string{
@@ -399,7 +404,8 @@ func TestCachePurgeOverQuota(t *testing.T) {
 	potato.info.ATime = t2
 
 	// Check only potato2 removed to get below quota
-	c.purgeOverQuota(10)
+	c.opt.CacheMaxSize = 10
+	c.purgeOverQuota()
 	assert.Equal(t, int64(5), c.used)
 	c.purgeEmptyDirs("", true)
 
@@ -408,7 +414,8 @@ func TestCachePurgeOverQuota(t *testing.T) {
 	}, itemAsString(c))
 
 	// Now purge everything
-	c.purgeOverQuota(1)
+	c.opt.CacheMaxSize = 1
+	c.purgeOverQuota()
 	assert.Equal(t, int64(0), c.used)
 	c.purgeEmptyDirs("", true)
 
@@ -420,6 +427,26 @@ func TestCachePurgeOverQuota(t *testing.T) {
 	assert.Equal(t, []string(nil), itemAsString(c))
 }
 
+func TestCachePurgeMinFreeSpace(t *testing.T) {
+	du, err := diskusage.New(config.GetCacheDir())
+	if err == diskusage.ErrUnsupported {
+		t.Skip(err)
+	}
+	// We've tested the quota mechanism already, so just test the
+	// min free space quota is working.
+	_, c := newTestCache(t)
+
+	// First set free space quota very small and check it is OK
+	c.opt.CacheMinFreeSpace = 1
+	assert.True(t, c.minFreeSpaceQuotaOK())
+	assert.True(t, c.quotasOK())
+
+	// Now set it a bit larger than the current disk available and check it is BAD
+	c.opt.CacheMinFreeSpace = fs.SizeSuffix(du.Available) + fs.Gibi
+	assert.False(t, c.minFreeSpaceQuotaOK())
+	assert.False(t, c.quotasOK())
+}
+
 // test reset clean files
 func TestCachePurgeClean(t *testing.T) {
 	r, c := newItemTestCache(t)
@@ -453,7 +480,8 @@ func TestCachePurgeClean(t *testing.T) {
 	require.NoError(t, potato3.Truncate(6))
 
 	c.updateUsed()
-	c.purgeClean(1)
+	c.opt.CacheMaxSize = 1
+	c.purgeClean()
 	assert.Equal(t, []string{
 		`name="existing" opens=2 size=100 space=0`,
 		`name="sub/dir/potato2" opens=1 size=5 space=5`,
@@ -462,7 +490,8 @@ func TestCachePurgeClean(t *testing.T) {
 	assert.Equal(t, int64(11), c.used)
 
 	require.NoError(t, potato2.Close(nil))
-	c.purgeClean(1)
+	c.opt.CacheMaxSize = 1
+	c.purgeClean()
 	assert.Equal(t, []string{
 		`name="existing" opens=2 size=100 space=0`,
 		`name="sub/dir/potato3" opens=1 size=6 space=6`,
@@ -476,7 +505,8 @@ func TestCachePurgeClean(t *testing.T) {
 	// Remove all files now.  The are all not in use.
 	// purgeClean does not remove empty cache files. purgeOverQuota does.
 	// So we use purgeOverQuota here for the cleanup.
-	c.purgeOverQuota(1)
+	c.opt.CacheMaxSize = 1
+	c.purgeOverQuota()
 
 	c.purgeEmptyDirs("", true)
 
diff --git a/vfs/vfscache/downloaders/downloaders.go b/vfs/vfscache/downloaders/downloaders.go
index 8d6e90fb2d7f2..b12c107b51fa4 100644
--- a/vfs/vfscache/downloaders/downloaders.go
+++ b/vfs/vfscache/downloaders/downloaders.go
@@ -345,7 +345,7 @@ func (dls *Downloaders) _ensureDownloader(r ranges.Range) (err error) {
 		start, offset := dl.getRange()
 
 		// The downloader's offset to offset+window is the gap
-		// in which we would like to re-use this
+		// in which we would like to reuse this
 		// downloader. The downloader will never reach before
 		// start and offset+windows is too far away - we'd
 		// rather start another downloader.
diff --git a/vfs/vfscache/item.go b/vfs/vfscache/item.go
index e1575eca3b37b..06a7454a5e0e0 100644
--- a/vfs/vfscache/item.go
+++ b/vfs/vfscache/item.go
@@ -172,13 +172,6 @@ func (item *Item) inUse() bool {
 	return item.opens != 0 || item.info.Dirty
 }
 
-// getATime returns the ATime of the item
-func (item *Item) getATime() time.Time {
-	item.mu.Lock()
-	defer item.mu.Unlock()
-	return item.info.ATime
-}
-
 // getDiskSize returns the size on disk (approximately) of the item
 //
 // We return the sizes of the chunks we have fetched, however there is
@@ -600,6 +593,10 @@ func (item *Item) _store(ctx context.Context, storeFn StoreFn) (err error) {
 		o, err := operations.Copy(ctx, item.c.fremote, o, name, cacheObj)
 		item.mu.Lock()
 		if err != nil {
+			if errors.Is(err, fs.ErrorCantUploadEmptyFiles) {
+				fs.Errorf(name, "Writeback failed: %v", err)
+				return nil
+			}
 			return fmt.Errorf("vfs cache: failed to transfer file from cache to remote: %w", err)
 		}
 		item.o = o
@@ -618,7 +615,7 @@ func (item *Item) _store(ctx context.Context, storeFn StoreFn) (err error) {
 		item.mu.Lock()
 	}
 
-	// Show item is clean and is elegible for cache removal
+	// Show item is clean and is eligible for cache removal
 	item.info.Dirty = false
 	err = item._save()
 	if err != nil {
@@ -966,7 +963,7 @@ func (item *Item) Reset() (rr ResetResult, spaceFreed int64, err error) {
 	}
 
 	/* Do not need to reset an empty cache file unless it was being reset and the reset failed.
-	   Some thread(s) may be waiting on the reset's succesful completion in that case. */
+	   Some thread(s) may be waiting on the reset's successful completion in that case. */
 	if item.info.Rs.Size() == 0 && !item.beingReset {
 		return SkippedEmpty, 0, nil
 	}
diff --git a/vfs/vfscache/writeback/writeback.go b/vfs/vfscache/writeback/writeback.go
index b4ab6d39acf52..8290dd2453832 100644
--- a/vfs/vfscache/writeback/writeback.go
+++ b/vfs/vfscache/writeback/writeback.go
@@ -26,6 +26,9 @@ type Handle uint64
 
 // WriteBack keeps track of the items which need to be written back to the disk at some point
 type WriteBack struct {
+	// read and written with atomic, must be 64-bit aligned
+	id Handle // id of the last writeBackItem created
+
 	ctx     context.Context
 	mu      sync.Mutex
 	items   writeBackItems            // priority queue of *writeBackItem - writeBackItems are in here while awaiting transfer only
@@ -34,9 +37,6 @@ type WriteBack struct {
 	timer   *time.Timer               // next scheduled time for the uploader
 	expiry  time.Time                 // time the next item expires or IsZero
 	uploads int                       // number of uploads in progress
-
-	// read and written with atomic
-	id Handle // id of the last writeBackItem created
 }
 
 // New make a new WriteBack
diff --git a/vfs/vfscommon/cachemode.go b/vfs/vfscommon/cachemode.go
index c82f3bc98808e..ab1ccb3dcaf3f 100644
--- a/vfs/vfscommon/cachemode.go
+++ b/vfs/vfscommon/cachemode.go
@@ -2,13 +2,22 @@
 package vfscommon
 
 import (
-	"fmt"
-
 	"github.com/rclone/rclone/fs"
 )
 
+type cacheModeChoices struct{}
+
+func (cacheModeChoices) Choices() []string {
+	return []string{
+		CacheModeOff:     "off",
+		CacheModeMinimal: "minimal",
+		CacheModeWrites:  "writes",
+		CacheModeFull:    "full",
+	}
+}
+
 // CacheMode controls the functionality of the cache
-type CacheMode byte
+type CacheMode = fs.Enum[cacheModeChoices]
 
 // CacheMode options
 const (
@@ -18,44 +27,7 @@ const (
 	CacheModeFull                     // cache all files opened in any mode
 )
 
-var cacheModeToString = []string{
-	CacheModeOff:     "off",
-	CacheModeMinimal: "minimal",
-	CacheModeWrites:  "writes",
-	CacheModeFull:    "full",
-}
-
-// String turns a CacheMode into a string
-func (l CacheMode) String() string {
-	if l >= CacheMode(len(cacheModeToString)) {
-		return fmt.Sprintf("CacheMode(%d)", l)
-	}
-	return cacheModeToString[l]
-}
-
-// Set a CacheMode
-func (l *CacheMode) Set(s string) error {
-	for n, name := range cacheModeToString {
-		if s != "" && name == s {
-			*l = CacheMode(n)
-			return nil
-		}
-	}
-	return fmt.Errorf("unknown cache mode level %q", s)
-}
-
 // Type of the value
-func (l *CacheMode) Type() string {
+func (cacheModeChoices) Type() string {
 	return "CacheMode"
 }
-
-// UnmarshalJSON makes sure the value can be parsed as a string or integer in JSON
-func (l *CacheMode) UnmarshalJSON(in []byte) error {
-	return fs.UnmarshalJSONFlag(in, l, func(i int64) error {
-		if i < 0 || i >= int64(len(cacheModeToString)) {
-			return fmt.Errorf("unknown cache mode level %d", i)
-		}
-		*l = CacheMode(i)
-		return nil
-	})
-}
diff --git a/vfs/vfscommon/cachemode_test.go b/vfs/vfscommon/cachemode_test.go
index f36c9ad2e4535..fb8f867349510 100644
--- a/vfs/vfscommon/cachemode_test.go
+++ b/vfs/vfscommon/cachemode_test.go
@@ -18,7 +18,7 @@ var _ json.Unmarshaler = (*CacheMode)(nil)
 func TestCacheModeString(t *testing.T) {
 	assert.Equal(t, "off", CacheModeOff.String())
 	assert.Equal(t, "full", CacheModeFull.String())
-	assert.Equal(t, "CacheMode(17)", CacheMode(17).String())
+	assert.Equal(t, "Unknown(17)", CacheMode(17).String())
 }
 
 func TestCacheModeSet(t *testing.T) {
diff --git a/vfs/vfscommon/options.go b/vfs/vfscommon/options.go
index c3631859ad0ae..bb5f3313a4aec 100644
--- a/vfs/vfscommon/options.go
+++ b/vfs/vfscommon/options.go
@@ -15,6 +15,7 @@ type Options struct {
 	ReadOnly           bool          // if set VFS is read only
 	NoModTime          bool          // don't read mod times for files
 	DirCacheTime       time.Duration // how long to consider directory listing cache valid
+	Refresh            bool          // refreshes the directory listing recursively on start
 	PollInterval       time.Duration
 	Umask              int
 	UID                uint32
@@ -26,6 +27,7 @@ type Options struct {
 	CacheMode          CacheMode
 	CacheMaxAge        time.Duration
 	CacheMaxSize       fs.SizeSuffix
+	CacheMinFreeSpace  fs.SizeSuffix
 	CachePollInterval  time.Duration
 	CaseInsensitive    bool
 	WriteWait          time.Duration // time to wait for in-sequence write
@@ -43,6 +45,7 @@ var DefaultOpt = Options{
 	NoChecksum:         false,
 	NoSeek:             false,
 	DirCacheTime:       5 * 60 * time.Second,
+	Refresh:            false,
 	PollInterval:       time.Minute,
 	ReadOnly:           false,
 	Umask:              0,
@@ -56,6 +59,7 @@ var DefaultOpt = Options{
 	ChunkSize:          128 * fs.Mebi,
 	ChunkSizeLimit:     -1,
 	CacheMaxSize:       -1,
+	CacheMinFreeSpace:  -1,
 	CaseInsensitive:    runtime.GOOS == "windows" || runtime.GOOS == "darwin", // default to true on Windows and Mac, false otherwise
 	WriteWait:          1000 * time.Millisecond,
 	ReadWait:           20 * time.Millisecond,
@@ -65,7 +69,7 @@ var DefaultOpt = Options{
 	DiskSpaceTotalSize: -1,
 }
 
-// Init the options, making sure everything is withing range
+// Init the options, making sure everything is within range
 func (opt *Options) Init() {
 	// Mask the permissions with the umask
 	opt.DirPerms &= ^os.FileMode(opt.Umask)
diff --git a/vfs/vfsflags/vfsflags.go b/vfs/vfsflags/vfsflags.go
index ccdcb17db7162..2f1adafdee7c8 100644
--- a/vfs/vfsflags/vfsflags.go
+++ b/vfs/vfsflags/vfsflags.go
@@ -18,27 +18,29 @@ var (
 // AddFlags adds the non filing system specific flags to the command
 func AddFlags(flagSet *pflag.FlagSet) {
 	rc.AddOption("vfs", &Opt)
-	flags.BoolVarP(flagSet, &Opt.NoModTime, "no-modtime", "", Opt.NoModTime, "Don't read/write the modification time (can speed things up)")
-	flags.BoolVarP(flagSet, &Opt.NoChecksum, "no-checksum", "", Opt.NoChecksum, "Don't compare checksums on up/download")
-	flags.BoolVarP(flagSet, &Opt.NoSeek, "no-seek", "", Opt.NoSeek, "Don't allow seeking in files")
-	flags.DurationVarP(flagSet, &Opt.DirCacheTime, "dir-cache-time", "", Opt.DirCacheTime, "Time to cache directory entries for")
-	flags.DurationVarP(flagSet, &Opt.PollInterval, "poll-interval", "", Opt.PollInterval, "Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable)")
-	flags.BoolVarP(flagSet, &Opt.ReadOnly, "read-only", "", Opt.ReadOnly, "Only allow read-only access")
-	flags.FVarP(flagSet, &Opt.CacheMode, "vfs-cache-mode", "", "Cache mode off|minimal|writes|full")
-	flags.DurationVarP(flagSet, &Opt.CachePollInterval, "vfs-cache-poll-interval", "", Opt.CachePollInterval, "Interval to poll the cache for stale objects")
-	flags.DurationVarP(flagSet, &Opt.CacheMaxAge, "vfs-cache-max-age", "", Opt.CacheMaxAge, "Max age of objects in the cache")
-	flags.FVarP(flagSet, &Opt.CacheMaxSize, "vfs-cache-max-size", "", "Max total size of objects in the cache")
-	flags.FVarP(flagSet, &Opt.ChunkSize, "vfs-read-chunk-size", "", "Read the source objects in chunks")
-	flags.FVarP(flagSet, &Opt.ChunkSizeLimit, "vfs-read-chunk-size-limit", "", "If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited)")
-	flags.FVarP(flagSet, DirPerms, "dir-perms", "", "Directory permissions")
-	flags.FVarP(flagSet, FilePerms, "file-perms", "", "File permissions")
-	flags.BoolVarP(flagSet, &Opt.CaseInsensitive, "vfs-case-insensitive", "", Opt.CaseInsensitive, "If a file name not found, find a case insensitive match")
-	flags.DurationVarP(flagSet, &Opt.WriteWait, "vfs-write-wait", "", Opt.WriteWait, "Time to wait for in-sequence write before giving error")
-	flags.DurationVarP(flagSet, &Opt.ReadWait, "vfs-read-wait", "", Opt.ReadWait, "Time to wait for in-sequence read before seeking")
-	flags.DurationVarP(flagSet, &Opt.WriteBack, "vfs-write-back", "", Opt.WriteBack, "Time to writeback files after last use when using cache")
-	flags.FVarP(flagSet, &Opt.ReadAhead, "vfs-read-ahead", "", "Extra read ahead over --buffer-size when using cache-mode full")
-	flags.BoolVarP(flagSet, &Opt.UsedIsSize, "vfs-used-is-size", "", Opt.UsedIsSize, "Use the `rclone size` algorithm for Used size")
-	flags.BoolVarP(flagSet, &Opt.FastFingerprint, "vfs-fast-fingerprint", "", Opt.FastFingerprint, "Use fast (less accurate) fingerprints for change detection")
-	flags.FVarP(flagSet, &Opt.DiskSpaceTotalSize, "vfs-disk-space-total-size", "", "Specify the total space of disk")
+	flags.BoolVarP(flagSet, &Opt.NoModTime, "no-modtime", "", Opt.NoModTime, "Don't read/write the modification time (can speed things up)", "VFS")
+	flags.BoolVarP(flagSet, &Opt.NoChecksum, "no-checksum", "", Opt.NoChecksum, "Don't compare checksums on up/download", "VFS")
+	flags.BoolVarP(flagSet, &Opt.NoSeek, "no-seek", "", Opt.NoSeek, "Don't allow seeking in files", "VFS")
+	flags.DurationVarP(flagSet, &Opt.DirCacheTime, "dir-cache-time", "", Opt.DirCacheTime, "Time to cache directory entries for", "VFS")
+	flags.BoolVarP(flagSet, &Opt.Refresh, "vfs-refresh", "", Opt.Refresh, "Refreshes the directory cache recursively on start", "VFS")
+	flags.DurationVarP(flagSet, &Opt.PollInterval, "poll-interval", "", Opt.PollInterval, "Time to wait between polling for changes, must be smaller than dir-cache-time and only on supported remotes (set 0 to disable)", "VFS")
+	flags.BoolVarP(flagSet, &Opt.ReadOnly, "read-only", "", Opt.ReadOnly, "Only allow read-only access", "VFS")
+	flags.FVarP(flagSet, &Opt.CacheMode, "vfs-cache-mode", "", "Cache mode off|minimal|writes|full", "VFS")
+	flags.DurationVarP(flagSet, &Opt.CachePollInterval, "vfs-cache-poll-interval", "", Opt.CachePollInterval, "Interval to poll the cache for stale objects", "VFS")
+	flags.DurationVarP(flagSet, &Opt.CacheMaxAge, "vfs-cache-max-age", "", Opt.CacheMaxAge, "Max time since last access of objects in the cache", "VFS")
+	flags.FVarP(flagSet, &Opt.CacheMaxSize, "vfs-cache-max-size", "", "Max total size of objects in the cache", "VFS")
+	flags.FVarP(flagSet, &Opt.CacheMinFreeSpace, "vfs-cache-min-free-space", "", "Target minimum free space on the disk containing the cache", "VFS")
+	flags.FVarP(flagSet, &Opt.ChunkSize, "vfs-read-chunk-size", "", "Read the source objects in chunks", "VFS")
+	flags.FVarP(flagSet, &Opt.ChunkSizeLimit, "vfs-read-chunk-size-limit", "", "If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached ('off' is unlimited)", "VFS")
+	flags.FVarP(flagSet, DirPerms, "dir-perms", "", "Directory permissions", "VFS")
+	flags.FVarP(flagSet, FilePerms, "file-perms", "", "File permissions", "VFS")
+	flags.BoolVarP(flagSet, &Opt.CaseInsensitive, "vfs-case-insensitive", "", Opt.CaseInsensitive, "If a file name not found, find a case insensitive match", "VFS")
+	flags.DurationVarP(flagSet, &Opt.WriteWait, "vfs-write-wait", "", Opt.WriteWait, "Time to wait for in-sequence write before giving error", "VFS")
+	flags.DurationVarP(flagSet, &Opt.ReadWait, "vfs-read-wait", "", Opt.ReadWait, "Time to wait for in-sequence read before seeking", "VFS")
+	flags.DurationVarP(flagSet, &Opt.WriteBack, "vfs-write-back", "", Opt.WriteBack, "Time to writeback files after last use when using cache", "VFS")
+	flags.FVarP(flagSet, &Opt.ReadAhead, "vfs-read-ahead", "", "Extra read ahead over --buffer-size when using cache-mode full", "VFS")
+	flags.BoolVarP(flagSet, &Opt.UsedIsSize, "vfs-used-is-size", "", Opt.UsedIsSize, "Use the `rclone size` algorithm for Used size", "VFS")
+	flags.BoolVarP(flagSet, &Opt.FastFingerprint, "vfs-fast-fingerprint", "", Opt.FastFingerprint, "Use fast (less accurate) fingerprints for change detection", "VFS")
+	flags.FVarP(flagSet, &Opt.DiskSpaceTotalSize, "vfs-disk-space-total-size", "", "Specify the total space of disk", "VFS")
 	platformFlags(flagSet)
 }
diff --git a/vfs/vfsflags/vfsflags_unix.go b/vfs/vfsflags/vfsflags_unix.go
index 0ec37991d2f24..cfffad6fb07fb 100644
--- a/vfs/vfsflags/vfsflags_unix.go
+++ b/vfs/vfsflags/vfsflags_unix.go
@@ -13,9 +13,9 @@ import (
 func platformFlags(flagSet *pflag.FlagSet) {
 	Opt.Umask = unix.Umask(0) // read the umask
 	unix.Umask(Opt.Umask)     // set it back to what it was
-	flags.IntVarP(flagSet, &Opt.Umask, "umask", "", Opt.Umask, "Override the permission bits set by the filesystem (not supported on Windows)")
+	flags.IntVarP(flagSet, &Opt.Umask, "umask", "", Opt.Umask, "Override the permission bits set by the filesystem (not supported on Windows)", "VFS")
 	Opt.UID = uint32(unix.Geteuid())
 	Opt.GID = uint32(unix.Getegid())
-	flags.Uint32VarP(flagSet, &Opt.UID, "uid", "", Opt.UID, "Override the uid field set by the filesystem (not supported on Windows)")
-	flags.Uint32VarP(flagSet, &Opt.GID, "gid", "", Opt.GID, "Override the gid field set by the filesystem (not supported on Windows)")
+	flags.Uint32VarP(flagSet, &Opt.UID, "uid", "", Opt.UID, "Override the uid field set by the filesystem (not supported on Windows)", "VFS")
+	flags.Uint32VarP(flagSet, &Opt.GID, "gid", "", Opt.GID, "Override the gid field set by the filesystem (not supported on Windows)", "VFS")
 }
diff --git a/vfs/vfstest/fs.go b/vfs/vfstest/fs.go
index 6781fbe312596..d895a7eaa10d7 100644
--- a/vfs/vfstest/fs.go
+++ b/vfs/vfstest/fs.go
@@ -42,7 +42,7 @@ const (
 //
 // If useVFS is not set then it runs the mount in a subprocess in
 // order to avoid kernel deadlocks.
-func RunTests(t *testing.T, useVFS bool, mountFn mountlib.MountFn) {
+func RunTests(t *testing.T, useVFS bool, minimumRequiredCacheMode vfscommon.CacheMode, enableCacheTests bool, mountFn mountlib.MountFn) {
 	flag.Parse()
 	if isSubProcess() {
 		startMount(mountFn, useVFS, *runMount)
@@ -59,6 +59,9 @@ func RunTests(t *testing.T, useVFS bool, mountFn mountlib.MountFn) {
 		{cacheMode: vfscommon.CacheModeFull, writeBack: 100 * time.Millisecond},
 	}
 	for _, test := range tests {
+		if test.cacheMode < minimumRequiredCacheMode {
+			continue
+		}
 		vfsOpt := vfsflags.Opt
 		vfsOpt.CacheMode = test.cacheMode
 		vfsOpt.WriteBack = test.writeBack
@@ -78,7 +81,9 @@ func RunTests(t *testing.T, useVFS bool, mountFn mountlib.MountFn) {
 			t.Run("TestDirRenameEmptyDir", TestDirRenameEmptyDir)
 			t.Run("TestDirRenameFullDir", TestDirRenameFullDir)
 			t.Run("TestDirModTime", TestDirModTime)
-			t.Run("TestDirCacheFlush", TestDirCacheFlush)
+			if enableCacheTests {
+				t.Run("TestDirCacheFlush", TestDirCacheFlush)
+			}
 			t.Run("TestDirCacheFlushOnDirRename", TestDirCacheFlushOnDirRename)
 			t.Run("TestFileModTime", TestFileModTime)
 			t.Run("TestFileModTimeWithOpenWriters", TestFileModTimeWithOpenWriters)
@@ -310,7 +315,7 @@ func writeFile(filename string, data []byte, perm os.FileMode) error {
 
 func (r *Run) createFile(t *testing.T, filepath string, contents string) {
 	filepath = r.path(filepath)
-	err := writeFile(filepath, []byte(contents), 0600)
+	err := writeFile(filepath, []byte(contents), 0644)
 	require.NoError(t, err)
 	r.waitForWriters()
 }
@@ -324,7 +329,7 @@ func (r *Run) readFile(t *testing.T, filepath string) string {
 
 func (r *Run) mkdir(t *testing.T, filepath string) {
 	filepath = r.path(filepath)
-	err := r.os.Mkdir(filepath, 0700)
+	err := r.os.Mkdir(filepath, 0755)
 	require.NoError(t, err)
 }
 
diff --git a/vfs/vfstest/os.go b/vfs/vfstest/os.go
index d12f55ddb6b0a..6e7a1b6405278 100644
--- a/vfs/vfstest/os.go
+++ b/vfs/vfstest/os.go
@@ -48,6 +48,14 @@ func (f realOsFile) Node() vfs.Node {
 	return nil
 }
 
+func (f realOsFile) Lock() error {
+	return os.ErrInvalid
+}
+
+func (f realOsFile) Unlock() error {
+	return os.ErrInvalid
+}
+
 // Chtimes
 func (r realOs) Chtimes(name string, atime time.Time, mtime time.Time) error {
 	return os.Chtimes(name, atime, mtime)
diff --git a/vfs/vfstest_test.go b/vfs/vfstest_test.go
index babcdb4ffe84a..df8fec6859b09 100644
--- a/vfs/vfstest_test.go
+++ b/vfs/vfstest_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/rclone/rclone/cmd/mountlib"
 	"github.com/rclone/rclone/fstest"
 	"github.com/rclone/rclone/vfs"
+	"github.com/rclone/rclone/vfs/vfscommon"
 	"github.com/rclone/rclone/vfs/vfstest"
 )
 
@@ -18,7 +19,7 @@ func TestFunctional(t *testing.T) {
 	if *fstest.RemoteName != "" {
 		t.Skip("Skip on non local")
 	}
-	vfstest.RunTests(t, true, func(VFS *vfs.VFS, mountpoint string, opt *mountlib.Options) (unmountResult <-chan error, unmount func() error, err error) {
+	vfstest.RunTests(t, true, vfscommon.CacheModeOff, true, func(VFS *vfs.VFS, mountpoint string, opt *mountlib.Options) (unmountResult <-chan error, unmount func() error, err error) {
 		unmountResultChan := make(chan (error), 1)
 		unmount = func() error {
 			unmountResultChan <- nil
diff --git a/vfs/write.go b/vfs/write.go
index e18f1d001012a..2a263af67922c 100644
--- a/vfs/write.go
+++ b/vfs/write.go
@@ -203,6 +203,11 @@ func (fh *WriteFileHandle) close() (err error) {
 	if err == nil {
 		fh.file.setObject(fh.o)
 		err = writeCloseErr
+	} else {
+		// Remove vfs file entry when no object is present
+		if fh.file.getObject() == nil {
+			_ = fh.file.Remove()
+		}
 	}
 	return err
 }
@@ -317,3 +322,8 @@ func (fh *WriteFileHandle) ReadAt(p []byte, off int64) (n int, err error) {
 func (fh *WriteFileHandle) Sync() error {
 	return nil
 }
+
+// Name returns the name of the file from the underlying Object.
+func (fh *WriteFileHandle) Name() string {
+	return fh.file.String()
+}
diff --git a/vfs/write_test.go b/vfs/write_test.go
index b059cdad16eb2..77173bdf5bf50 100644
--- a/vfs/write_test.go
+++ b/vfs/write_test.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"io"
 	"os"
+	"runtime"
 	"sync"
 	"testing"
 	"time"
@@ -28,6 +29,66 @@ func writeHandleCreate(t *testing.T) (r *fstest.Run, vfs *VFS, fh *WriteFileHand
 	return r, vfs, fh
 }
 
+// Test write when underlying storage is readonly, must be run as non-root
+func TestWriteFileHandleReadonly(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skipf("Skipping test on %s", runtime.GOOS)
+	}
+	if *fstest.RemoteName != "" {
+		t.Skip("Skipping test on non local remote")
+	}
+	r, vfs, fh := writeHandleCreate(t)
+
+	// Name
+	assert.Equal(t, "file1", fh.Name())
+
+	// Write a file, so underlying remote will be created
+	_, err := fh.Write([]byte("hello"))
+	assert.NoError(t, err)
+
+	err = fh.Close()
+	assert.NoError(t, err)
+
+	var info os.FileInfo
+	info, err = os.Stat(r.FremoteName)
+	assert.NoError(t, err)
+
+	// Remove write permission
+	oldMode := info.Mode()
+	err = os.Chmod(r.FremoteName, oldMode^(oldMode&0222))
+	assert.NoError(t, err)
+
+	var h Handle
+	h, err = vfs.OpenFile("file2", os.O_WRONLY|os.O_CREATE, 0777)
+	require.NoError(t, err)
+
+	var ok bool
+	fh, ok = h.(*WriteFileHandle)
+	require.True(t, ok)
+
+	// error is propagated to Close()
+	_, err = fh.Write([]byte("hello"))
+	assert.NoError(t, err)
+
+	err = fh.Close()
+	assert.NotNil(t, err)
+
+	// Remove should fail
+	err = vfs.Remove("file1")
+	assert.NotNil(t, err)
+
+	// Only file1 should exist
+	_, err = vfs.Stat("file1")
+	assert.NoError(t, err)
+
+	_, err = vfs.Stat("file2")
+	assert.Equal(t, true, errors.Is(err, os.ErrNotExist))
+
+	// Restore old permission
+	err = os.Chmod(r.FremoteName, oldMode)
+	assert.NoError(t, err)
+}
+
 func TestWriteFileHandleMethods(t *testing.T) {
 	r, vfs, fh := writeHandleCreate(t)